feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #6013 from douzzer/20230125-various-fixes

Browse Source 
20230125-various-fixes
This commit is contained in:
David Garske
2023-01-26 15:10:18 -08:00
committed by GitHub
parent 58c2fe1c40 f776371874
commit 06509021ff
7 changed files with 119 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
Makefile.am
View File

@ -26,7 +26,10 @@ SUBDIRS_OPT =
DIST_SUBDIRS_OPT =
# allow supplementary or override flags to be passed at make time:
AM_CPPFLAGS += $(EXTRA_CPPFLAGS)
AM_CFLAGS += $(EXTRA_CFLAGS)
AM_CCASFLAGS += $(EXTRA_CCASFLAGS)
AM_LDFLAGS += $(EXTRA_LDFLAGS)
#includes additional rules from aminclude.am
@INC_AMINCLUDE@
@ -201,13 +204,15 @@ include scripts/include.am
if BUILD_LINUXKM
# rather than setting $SUBDIRS here directly, we set an auxiliary variable.
# autotools see the SUBDIRS assignment here even if BUILD_LINUXKM is false,
# autotools sees the SUBDIRS assignment here even if BUILD_LINUXKM is false,
# at least for purposes of recursing for "make distdir", which we don't want to happen.
SUBDIRS_OPT += linuxkm
DIST_SUBDIRS_OPT += linuxkm
export KERNEL_ROOT KERNEL_ARCH KERNEL_EXTRA_CFLAGS AM_CPPFLAGS CPPFLAGS \
AM_CFLAGS CFLAGS AM_CCASFLAGS CCASFLAGS \
export KERNEL_ROOT KERNEL_ARCH KERNEL_EXTRA_CFLAGS \
EXTRA_CFLAGS EXTRA_CPPFLAGS EXTRA_CCASFLAGS EXTRA_LDFLAGS \
AM_CPPFLAGS CPPFLAGS AM_CFLAGS CFLAGS \
AM_CCASFLAGS CCASFLAGS \
src_libwolfssl_la_OBJECTS ENABLED_CRYPT_TESTS ENABLED_LINUXKM_PIE ENABLED_ASM \
CFLAGS_FPU_DISABLE CFLAGS_FPU_ENABLE CFLAGS_SIMD_DISABLE CFLAGS_SIMD_ENABLE \
CFLAGS_AUTO_VECTORIZE_DISABLE CFLAGS_AUTO_VECTORIZE_ENABLE \

60
configure.ac
View File

@ -35,7 +35,10 @@ AC_CONFIG_HEADERS([config.h:config.in])
LT_PREREQ([2.4.2])
LT_INIT([disable-static win32-dll])
AC_ARG_VAR(EXTRA_CFLAGS, [Extra CFLAGS to add to autoconf-computed arg list. Can also supply directly to make.])
AC_ARG_VAR(EXTRA_CPPFLAGS, [Extra CPPFLAGS to add to end of autoconf-computed arg list. Can also supply directly to make.])
AC_ARG_VAR(EXTRA_CFLAGS, [Extra CFLAGS to add to end of autoconf-computed arg list. Can also supply directly to make.])
AC_ARG_VAR(EXTRA_CCASFLAGS, [Extra CCASFLAGS to add to end of autoconf-computed arg list. Can also supply directly to make.])
AC_ARG_VAR(EXTRA_LDFLAGS, [Extra LDFLAGS to add to end of autoconf-computed arg list. Can also supply directly to make.])
WOLFSSL_CONFIG_ARGS=$ac_configure_args
AC_SUBST([WOLFSSL_CONFIG_ARGS])
@ -65,7 +68,7 @@ AC_SUBST([WOLFSSL_LIBRARY_VERSION])
gl_VISIBILITY
AS_IF([ test -n "$CFLAG_VISIBILITY" ], [
AM_CFLAGS="$AM_CPPFLAGS $CFLAG_VISIBILITY"
AM_CFLAGS="$AM_CFLAGS $CFLAG_VISIBILITY"
])
@ -981,7 +984,6 @@ AC_ARG_WITH([liboqs],
[AS_HELP_STRING([--with-liboqs=PATH],[Path to liboqs install (default /usr/local) EXPERIMENTAL!])],
[
AC_MSG_CHECKING([for liboqs])
CPPFLAGS="$CPPFLAGS -DHAVE_LIBOQS -DHAVE_TLS_EXTENSIONS"
LIBS="$LIBS -loqs"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <oqs/common.h>]], [[ OQS_init(); ]])], [ liboqs_linked=yes ],[ liboqs_linked=no ])
@ -994,8 +996,8 @@ AC_ARG_WITH([liboqs],
tryliboqsdir="/usr/local"
fi
CPPFLAGS="$AM_CPPFLAGS -DHAVE_LIBOQS -DHAVE_TLS_EXTENSIONS -I$tryliboqsdir/include"
LDFLAGS="$AM_LDFLAGS $LDFLAGS -L$tryliboqsdir/lib"
CPPFLAGS="$CPPFLAGS -I$tryliboqsdir/include"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <oqs/common.h>]], [[ OQS_init(); ]])], [ liboqs_linked=yes ],[ liboqs_linked=no ])
@ -1004,6 +1006,7 @@ AC_ARG_WITH([liboqs],
If it's already installed, specify its path using --with-liboqs=/dir/])
fi
AC_MSG_RESULT([yes])
AM_CPPFLAGS="$CPPFLAGS"
AM_LDFLAGS="$AM_LDFLAGS -L$tryliboqsdir/lib"
else
AC_MSG_RESULT([yes])
@ -4840,7 +4843,6 @@ AC_ARG_WITH([wnr],
[AS_HELP_STRING([--with-wnr=PATH],[Path to Whitewood netRandom install (default /usr/local)])],
[
AC_MSG_CHECKING([for Whitewood netRandom])
CPPFLAGS="$CPPFLAGS -DHAVE_WNR"
LIBS="$LIBS -lwnr"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <wnr.h>]], [[ wnr_setup(0, 0); ]])], [ wnr_linked=yes ],[ wnr_linked=no ])
@ -4853,8 +4855,8 @@ AC_ARG_WITH([wnr],
trywnrdir="/usr/local"
fi
CPPFLAGS="$AM_CPPFLAGS -DHAVE_WNR -I$trywnrdir/include"
LDFLAGS="$AM_LDFLAGS $LDFLAGS -L$trywnrdir/lib"
CPPFLAGS="$CPPFLAGS -I$trywnrdir/include"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include <wnr.h>]], [[ wnr_setup(0, 0); ]])], [ wnr_linked=yes ],[ wnr_linked=no ])
@ -4863,6 +4865,7 @@ AC_ARG_WITH([wnr],
If it's already installed, specify its path using --with-wnr=/dir/])
fi
AC_MSG_RESULT([yes])
AM_CPPFLAGS="$CPPFLAGS"
AM_LDFLAGS="$AM_LDFLAGS -L$trywnrdir/lib"
else
AC_MSG_RESULT([yes])
@ -6423,7 +6426,6 @@ AC_ARG_WITH([cavium],
[ --with-cavium=PATH PATH to cavium/software dir ],
[
AC_MSG_CHECKING([for cavium])
CPPFLAGS="$CPPFLAGS -DHAVE_CAVIUM"
LIB_ADD="-lrt $LIB_ADD"
if test "x$withval" = "xyes" ; then
@ -6433,8 +6435,8 @@ AC_ARG_WITH([cavium],
trycaviumdir=$withval
fi
CPPFLAGS="$AM_CPPFLAGS -DHAVE_CAVIUM -I$trycaviumdir/include"
LDFLAGS="$AM_LDFLAGS $trycaviumdir/api/cavium_common.o"
CPPFLAGS="$CPPFLAGS -I$trycaviumdir/include"
AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include "cavium_common.h"]], [[ CspShutdown(CAVIUM_DEV_ID); ]])],[ cavium_linked=yes ],[ cavium_linked=no ])
@ -6442,7 +6444,8 @@ AC_ARG_WITH([cavium],
AC_MSG_ERROR([cavium isn't found.
If it's already installed, specify its path using --with-cavium=/dir/])
else
AM_CFLAGS="$AM_CFLAGS -DHAVE_CAVIUM"
AM_CPPFLAGS="$CPPFLAGS"
AM_LDFLAGS="$LDFLAGS"
fi
AC_MSG_RESULT([yes])
enable_shared=no
@ -8508,6 +8511,10 @@ then
AM_CFLAGS="$AM_CFLAGS -include ${output_objdir}/.build_params"
fi
AM_CPPFLAGS="$AM_CPPFLAGS $EXTRA_CPPFLAGS"
AM_CFLAGS="$AM_CFLAGS $EXTRA_CFLAGS"
AM_CCASFLAGS="$AM_CCASFLAGS $EXTRA_CCASFLAGS"
AM_LDFLAGS="$AM_LDFLAGS $EXTRA_LDFLAGS"
CREATE_HEX_VERSION
AC_SUBST([AM_CPPFLAGS])
@ -8564,9 +8571,11 @@ fi
if test "$ENABLED_REPRODUCIBLE_BUILD" != "yes"
then
echo "#define LIBWOLFSSL_CONFIGURE_ARGS \"$ac_configure_args\"" > ${output_objdir}/.build_params &&
echo "#define LIBWOLFSSL_GLOBAL_CFLAGS \"$CPPFLAGS $AM_CPPFLAGS $CFLAGS $AM_CFLAGS\" LIBWOLFSSL_GLOBAL_EXTRA_CFLAGS" >> ${output_objdir}/.build_params ||
echo "#define LIBWOLFSSL_CONFIGURE_ARGS \"$ac_configure_args\"" > "${output_objdir}/.build_params" &&
echo "#define LIBWOLFSSL_GLOBAL_CFLAGS \"$CPPFLAGS $AM_CPPFLAGS $CFLAGS $AM_CFLAGS\" LIBWOLFSSL_GLOBAL_EXTRA_CFLAGS" >> "${output_objdir}/.build_params" ||
AC_MSG_ERROR([Couldn't create ${output_objdir}/.build_params.])
else
rm -f "${output_objdir}/.build_params"
fi
# generate user options header
@ -8579,7 +8588,7 @@ rm -f $OPTION_FILE
echo "/* wolfssl options.h" > $OPTION_FILE
echo " * generated from configure options" >> $OPTION_FILE
echo " *" >> $OPTION_FILE
echo " * Copyright (C) 2006-2022 wolfSSL Inc." >> $OPTION_FILE
echo " * Copyright (C) 2006-2023 wolfSSL Inc." >> $OPTION_FILE
echo " *" >> $OPTION_FILE
echo " * This file is part of wolfSSL. (formerly known as CyaSSL)" >> $OPTION_FILE
echo " *" >> $OPTION_FILE
@ -8595,11 +8604,12 @@ echo "extern \"C\" {" >> $OPTION_FILE
echo "#endif" >> $OPTION_FILE
echo "" >> $OPTION_FILE
for option in $CPPFLAGS $AM_CPPFLAGS $CFLAGS $AM_CFLAGS $EXTRA_CFLAGS; do
defonly=`echo $option | sed 's/^-D//'`
if test "$defonly" != "$option"
then
noequalsign=`echo $defonly | sed 's/=/ /'`
for option in $CPPFLAGS $AM_CPPFLAGS $CFLAGS $AM_CFLAGS; do
opt_type=$(echo $option | colrm 3)
case "$opt_type" in
-D)
RHS_only=$(echo $option | sed 's/^-D//')
noequalsign=$(echo $RHS_only | sed 's/=/ /')
if test "$noequalsign" = "NDEBUG" || test "$noequalsign" = "DEBUG"
then
if test "$verbose" = "yes"; then
@ -8615,7 +8625,7 @@ for option in $CPPFLAGS $AM_CPPFLAGS $CFLAGS $AM_CFLAGS $EXTRA_CFLAGS; do
echo "#ifndef WOLFSSL_OPTIONS_IGNORE_SYS" >> $OPTION_FILE
fi
noarg=`echo $defonly | sed 's/=.*//'`
noarg=$(echo "$RHS_only" | sed 's/=.*//')
echo "#undef $noarg" >> $OPTION_FILE
echo "#define $noequalsign" >> $OPTION_FILE
@ -8625,11 +8635,18 @@ for option in $CPPFLAGS $AM_CPPFLAGS $CFLAGS $AM_CFLAGS $EXTRA_CFLAGS; do
fi
echo "" >> $OPTION_FILE
else
;;
-U)
RHS_only=$(echo $option | sed 's/^-U//')
echo "#undef $RHS_only" >> $OPTION_FILE
echo "" >> $OPTION_FILE
;;
*)
if test "$verbose" = "yes"; then
AC_MSG_NOTICE([option w/o begin -D is $option, not saving to $OPTION_FILE])
AC_MSG_NOTICE([option "$option" is not a preprocessor directive -- not saving to $OPTION_FILE])
fi
fi
;;
esac
done
echo "" >> $OPTION_FILE
@ -8678,6 +8695,7 @@ echo " * C++ Compiler: $CXX"
echo " * C++ Flags: $CXXFLAGS"
echo " * CPP Flags: $CPPFLAGS"
echo " * CCAS Flags: $CCASFLAGS"
echo " * LD Flags: $LDFLAGS"
echo " * LIB Flags: $LIB"
echo " * Library Suffix: $LIBSUFFIX"

3
linuxkm/module_exports.c.template
View File

@ -88,6 +88,9 @@
#ifdef HAVE_ECC
#include <wolfssl/wolfcrypt/ecc.h>
#endif
#ifdef HAVE_HPKE
#include <wolfssl/wolfcrypt/hpke.h>
#endif
#ifdef HAVE_CURVE25519
#include <wolfssl/wolfcrypt/curve25519.h>
#endif

12
tests/api.c
View File

@ -50957,7 +50957,11 @@ static int test_tls13_apis(void)
#endif
#endif
#ifndef OPENSSL_EXTRA
#ifdef WOLFSSL_ERROR_CODE_OPENSSL
AssertIntEQ(wolfSSL_CTX_set_max_early_data(serverCtx, 32), WOLFSSL_SUCCESS);
#else
AssertIntEQ(wolfSSL_CTX_set_max_early_data(serverCtx, 32), 0);
#endif
AssertIntEQ(wolfSSL_CTX_get_max_early_data(serverCtx), 32);
#else
AssertIntEQ(SSL_CTX_set_max_early_data(serverCtx, 32), 1);
@ -50974,7 +50978,11 @@ static int test_tls13_apis(void)
#endif
#ifndef NO_WOLFSSL_CLIENT
#ifndef OPENSSL_EXTRA
#ifdef WOLFSSL_ERROR_CODE_OPENSSL
AssertIntEQ(wolfSSL_set_max_early_data(clientSsl, 17), WOLFSSL_SUCCESS);
#else
AssertIntEQ(wolfSSL_set_max_early_data(clientSsl, 17), 0);
#endif
AssertIntEQ(wolfSSL_get_max_early_data(clientSsl), 17);
#else
AssertIntEQ(SSL_set_max_early_data(clientSsl, 17), WOLFSSL_SUCCESS);
@ -50992,7 +51000,11 @@ static int test_tls13_apis(void)
#endif
#endif
#ifndef OPENSSL_EXTRA
#ifdef WOLFSSL_ERROR_CODE_OPENSSL
AssertIntEQ(wolfSSL_set_max_early_data(serverSsl, 16), WOLFSSL_SUCCESS);
#else
AssertIntEQ(wolfSSL_set_max_early_data(serverSsl, 16), 0);
#endif
AssertIntEQ(wolfSSL_get_max_early_data(serverSsl), 16);
#else
AssertIntEQ(SSL_set_max_early_data(serverSsl, 16), 1);

11
wolfcrypt/src/hpke.c
View File

@ -942,14 +942,19 @@ int wc_HpkeSealBase(Hpke* hpke, void* ephemeralKey, void* receiverKey,
}
#endif
PRIVATE_KEY_UNLOCK();
/* setup the context and pubKey */
ret = wc_HpkeSetupBaseSender(hpke, context, ephemeralKey, receiverKey, info,
infoSz);
/* run seal using the context */
if (ret == 0)
if (ret == 0) {
ret = wc_HpkeContextSealBase(hpke, context, aad, aadSz, plaintext,
ptSz, ciphertext);
}
PRIVATE_KEY_LOCK();
#ifdef WOLFSSL_SMALL_STACK
XFREE(context, hpke->heap, DYNAMIC_TYPE_TMP_BUFFER);
@ -1174,6 +1179,8 @@ int wc_HpkeOpenBase(Hpke* hpke, void* receiverKey, const byte* pubKey,
}
#endif
PRIVATE_KEY_UNLOCK();
/* setup receiver */
ret = wc_HpkeSetupBaseReceiver(hpke, context, receiverKey, pubKey,
pubKeySz, info, infoSz);
@ -1184,6 +1191,8 @@ int wc_HpkeOpenBase(Hpke* hpke, void* receiverKey, const byte* pubKey,
ctSz, plaintext);
}
PRIVATE_KEY_LOCK();
#ifdef WOLFSSL_SMALL_STACK
XFREE(context, hpke->heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif

28
wolfcrypt/src/port/af_alg/afalg_aes.c
View File

@ -156,8 +156,14 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen,
return BAD_FUNC_ARG;
}
#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
if (sz % AES_BLOCK_SIZE) {
return BAD_LENGTH_E;
}
#endif
if (aes->rdFd == WC_SOCK_NOTSET) {
if ((ret = wc_AesSetup(aes, WC_TYPE_SYMKEY, WC_NAME_AESCBC,
if ((ret = wc_AesSetup(aes, WC_TYPE_SYMKEY, WC_NAME_AESCBC,
AES_IV_SIZE, 0)) != 0) {
WOLFSSL_MSG("Error with first time setup of AF_ALG socket");
return ret;
@ -205,11 +211,18 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen,
struct iovec iov;
int ret;
if (aes == NULL || out == NULL || in == NULL
|| sz % AES_BLOCK_SIZE != 0) {
if (aes == NULL || out == NULL || in == NULL) {
return BAD_FUNC_ARG;
}
if (sz % AES_BLOCK_SIZE) {
#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
return BAD_LENGTH_E;
#else
return BAD_FUNC_ARG;
#endif
}
if (aes->rdFd == WC_SOCK_NOTSET) {
if ((ret = wc_AesSetup(aes, WC_TYPE_SYMKEY, WC_NAME_AESCBC,
AES_IV_SIZE, 0)) != 0) {
@ -534,6 +547,9 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
return BAD_FUNC_ARG;
}
if (ivSz > WC_SYSTEM_AESGCM_IV)
ivSz = WC_SYSTEM_AESGCM_IV;
if (ivSz != WC_SYSTEM_AESGCM_IV) {
WOLFSSL_MSG("IV size not supported on system");
return BAD_FUNC_ARG;
@ -636,8 +652,9 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
initalCounter[AES_BLOCK_SIZE - 1] = 1;
GHASH(aes, authIn, authInSz, out, sz, authTag, authTagSz);
ret = wc_AesEncryptDirect(aes, scratch, initalCounter);
if (ret < 0)
if (ret < 0) {
return ret;
}
xorbuf(authTag, scratch, authTagSz);
}
#else
@ -724,6 +741,9 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
return BAD_FUNC_ARG;
}
if (ivSz > WC_SYSTEM_AESGCM_IV)
ivSz = WC_SYSTEM_AESGCM_IV;
if (ivSz != WC_SYSTEM_AESGCM_IV) {
WOLFSSL_MSG("IV size not supported on system");
return BAD_FUNC_ARG;

25
wolfcrypt/test/test.c
View File

@ -22582,14 +22582,28 @@ static int hpke_test_single(Hpke* hpke)
byte plaintext[MAX_HPKE_LABEL_SZ];
void* receiverKey = NULL;
void* ephemeralKey = NULL;
#ifdef WOLFSSL_SMALL_STACK
uint8_t *pubKey = NULL; /* public key */
word16 pubKeySz = (word16)HPKE_Npk_MAX;
#else
uint8_t pubKey[HPKE_Npk_MAX]; /* public key */
word16 pubKeySz = (word16)sizeof(pubKey);
#endif
rngRet = ret = wc_InitRng(rng);
if (ret != 0)
return ret;
#ifdef WOLFSSL_SMALL_STACK
if (ret == 0) {
pubKey = (uint8_t *)XMALLOC(pubKeySz, HEAP_HINT,
DYNAMIC_TYPE_TMP_BUFFER);
if (pubKey == NULL)
ret = MEMORY_E;
}
#endif
/* generate the keys */
if (ret == 0)
ret = wc_HpkeGenerateKeyPair(hpke, &ephemeralKey, rng);
@ -22598,24 +22612,26 @@ static int hpke_test_single(Hpke* hpke)
ret = wc_HpkeGenerateKeyPair(hpke, &receiverKey, rng);
/* seal */
if (ret == 0)
if (ret == 0) {
ret = wc_HpkeSealBase(hpke, ephemeralKey, receiverKey,
(byte*)info_text, (word32)XSTRLEN(info_text),
(byte*)aad_text, (word32)XSTRLEN(aad_text),
(byte*)start_text, (word32)XSTRLEN(start_text),
ciphertext);
}
/* export ephemeral key */
if (ret == 0)
ret = wc_HpkeSerializePublicKey(hpke, ephemeralKey, pubKey, &pubKeySz);
/* open with exported ephemeral key */
if (ret == 0)
if (ret == 0) {
ret = wc_HpkeOpenBase(hpke, receiverKey, pubKey, pubKeySz,
(byte*)info_text, (word32)XSTRLEN(info_text),
(byte*)aad_text, (word32)XSTRLEN(aad_text),
ciphertext, (word32)XSTRLEN(start_text),
plaintext);
}
if (ret == 0)
ret = XMEMCMP(plaintext, start_text, XSTRLEN(start_text));
@ -22626,6 +22642,11 @@ static int hpke_test_single(Hpke* hpke)
if (receiverKey != NULL)
wc_HpkeFreeKey(hpke, hpke->kem, receiverKey, hpke->heap);
#ifdef WOLFSSL_SMALL_STACK
if (pubKey != NULL)
XFREE(pubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
if (rngRet == 0)
wc_FreeRng(rng);