feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Fixes for small stack in TLS v1.3, HKDF and SHA2. Add new WC_ASN_HASH_SHA256 build option to allow forcing SHA2-256 for the internal certificate calculations. Fixes for integer.c with small stack (allocate only the size needed, not the max).

Browse Source
This commit is contained in:
David Garske
2022-10-03 12:52:11 -07:00
parent f9506dc05a
commit 09f4a94b24
10 changed files with 233 additions and 110 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
src/tls13.c
View File

@@ -1106,7 +1106,11 @@ int DeriveResumptionPSK(WOLFSSL* ssl, byte* nonce, byte nonceLen, byte* secret)
static int BuildTls13HandshakeHmac(WOLFSSL* ssl, byte* key, byte* hash,
word32* pHashSz)
{
Hmac verifyHmac;
#ifdef WOLFSSL_SMALL_STACK
Hmac* verifyHmac;
#else
Hmac verifyHmac[1];
#endif
int hashType = WC_SHA256;
int hashSz = WC_SHA256_DIGEST_SIZE;
int ret = BAD_FUNC_ARG;
@@ -1151,16 +1155,27 @@ static int BuildTls13HandshakeHmac(WOLFSSL* ssl, byte* key, byte* hash,
WOLFSSL_BUFFER(hash, hashSz);
#endif
/* Calculate the verify data. */
ret = wc_HmacInit(&verifyHmac, ssl->heap, ssl->devId);
if (ret == 0) {
ret = wc_HmacSetKey(&verifyHmac, hashType, key, ssl->specs.hash_size);
if (ret == 0)
ret = wc_HmacUpdate(&verifyHmac, hash, hashSz);
if (ret == 0)
ret = wc_HmacFinal(&verifyHmac, hash);
wc_HmacFree(&verifyHmac);
#ifdef WOLFSSL_SMALL_STACK
verifyHmac = (Hmac*)XMALLOC(sizeof(Hmac), NULL, DYNAMIC_TYPE_HMAC);
if (verifyHmac == NULL) {
return MEMORY_E;
}
#endif
/* Calculate the verify data. */
ret = wc_HmacInit(verifyHmac, ssl->heap, ssl->devId);
if (ret == 0) {
ret = wc_HmacSetKey(verifyHmac, hashType, key, ssl->specs.hash_size);
if (ret == 0)
ret = wc_HmacUpdate(verifyHmac, hash, hashSz);
if (ret == 0)
ret = wc_HmacFinal(verifyHmac, hash);
wc_HmacFree(verifyHmac);
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(verifyHmac, NULL, DYNAMIC_TYPE_HMAC);
#endif
#ifdef WOLFSSL_DEBUG_TLS
WOLFSSL_MSG(" Hash");

10
wolfcrypt/src/asn.c
View File

@@ -87,6 +87,7 @@ ASN Options:
* WOLFSSL_CERT_NAME_ALL: Adds more certificate name capability at the
cost of taking up more memory. Adds initials, givenname, dnQualifer for
example.
* WC_ASN_HASH_SHA256: Force use of SHA2-256 for the internal hash ID calcs.
*/
#ifndef NO_ASN
@@ -12014,7 +12015,7 @@ int CalcHashId(const byte* data, word32 len, byte* hash)
{
int ret;
#if defined(NO_SHA) && !defined(NO_SHA256)
#if defined(NO_SHA) || (!defined(NO_SHA256) && defined(WC_ASN_HASH_SHA256))
ret = wc_Sha256Hash(data, len, hash);
#elif !defined(NO_SHA)
ret = wc_ShaHash(data, len, hash);
@@ -23530,7 +23531,7 @@ int wc_PemToDer(const unsigned char* buff, long longSz, int type,
return ret;
}
#ifdef WOLFSSL_ENCRYPTED_KEYS
/* our KeyPemToDer password callback, password in userData */
static int KeyPemToDerPassCb(char* passwd, int sz, int rw, void* userdata)
{
@@ -23542,6 +23543,7 @@ static int KeyPemToDerPassCb(char* passwd, int sz, int rw, void* userdata)
XSTRNCPY(passwd, (char*)userdata, sz);
return min((word32)sz, (word32)XSTRLEN((char*)userdata));
}
#endif
/* Return bytes written to buff or < 0 for error */
int wc_KeyPemToDer(const unsigned char* pem, int pemSz,
@@ -23570,8 +23572,12 @@ int wc_KeyPemToDer(const unsigned char* pem, int pemSz,
#endif
XMEMSET(info, 0, sizeof(EncryptedInfo));
#ifdef WOLFSSL_ENCRYPTED_KEYS
info->passwd_cb = KeyPemToDerPassCb;
info->passwd_userdata = (void*)pass;
#else
(void)pass;
#endif
ret = PemToDer(pem, pemSz, PRIVATEKEY_TYPE, &der, NULL, info, NULL);

71
wolfcrypt/src/hmac.c
View File

@@ -1184,14 +1184,26 @@ int wolfSSL_GetHmacMaxSize(void)
const byte* inKey, word32 inKeySz, byte* out)
{
byte tmp[WC_MAX_DIGEST_SIZE]; /* localSalt helper */
Hmac myHmac;
#ifdef WOLFSSL_SMALL_STACK
Hmac* myHmac;
#else
Hmac myHmac[1];
#endif
int ret;
const byte* localSalt; /* either points to user input or tmp */
int hashSz;
ret = wc_HmacSizeByType(type);
if (ret < 0)
if (ret < 0) {
return ret;
}
#ifdef WOLFSSL_SMALL_STACK
myHmac = (Hmac*)XMALLOC(sizeof(Hmac), NULL, DYNAMIC_TYPE_HMAC);
if (myHmac == NULL) {
return MEMORY_E;
}
#endif
hashSz = ret;
localSalt = salt;
@@ -1201,15 +1213,18 @@ int wolfSSL_GetHmacMaxSize(void)
saltSz = hashSz;
}
ret = wc_HmacInit(&myHmac, NULL, INVALID_DEVID);
ret = wc_HmacInit(myHmac, NULL, INVALID_DEVID);
if (ret == 0) {
ret = wc_HmacSetKey(&myHmac, type, localSalt, saltSz);
ret = wc_HmacSetKey(myHmac, type, localSalt, saltSz);
if (ret == 0)
ret = wc_HmacUpdate(&myHmac, inKey, inKeySz);
ret = wc_HmacUpdate(myHmac, inKey, inKeySz);
if (ret == 0)
ret = wc_HmacFinal(&myHmac, out);
wc_HmacFree(&myHmac);
ret = wc_HmacFinal(myHmac, out);
wc_HmacFree(myHmac);
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(myHmac, NULL, DYNAMIC_TYPE_HMAC);
#endif
return ret;
}
@@ -1229,40 +1244,55 @@ int wolfSSL_GetHmacMaxSize(void)
const byte* info, word32 infoSz, byte* out, word32 outSz)
{
byte tmp[WC_MAX_DIGEST_SIZE];
Hmac myHmac;
#ifdef WOLFSSL_SMALL_STACK
Hmac* myHmac;
#else
Hmac myHmac[1];
#endif
int ret = 0;
word32 outIdx = 0;
word32 hashSz = wc_HmacSizeByType(type);
byte n = 0x1;
/* RFC 5869 states that the length of output keying material in
octets must be L <= 255*HashLen or N = ceil(L/HashLen) */
* octets must be L <= 255*HashLen or N = ceil(L/HashLen) */
if (out == NULL || ((outSz/hashSz) + ((outSz % hashSz) != 0)) > 255)
if (out == NULL || ((outSz/hashSz) + ((outSz % hashSz) != 0)) > 255) {
return BAD_FUNC_ARG;
}
ret = wc_HmacInit(&myHmac, NULL, INVALID_DEVID);
if (ret != 0)
#ifdef WOLFSSL_SMALL_STACK
myHmac = (Hmac*)XMALLOC(sizeof(Hmac), NULL, DYNAMIC_TYPE_HMAC);
if (myHmac == NULL) {
return MEMORY_E;
}
#endif
ret = wc_HmacInit(myHmac, NULL, INVALID_DEVID);
if (ret != 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(myHmac, NULL, DYNAMIC_TYPE_HMAC);
#endif
return ret;
}
while (outIdx < outSz) {
int tmpSz = (n == 1) ? 0 : hashSz;
word32 left = outSz - outIdx;
ret = wc_HmacSetKey(&myHmac, type, inKey, inKeySz);
ret = wc_HmacSetKey(myHmac, type, inKey, inKeySz);
if (ret != 0)
break;
ret = wc_HmacUpdate(&myHmac, tmp, tmpSz);
ret = wc_HmacUpdate(myHmac, tmp, tmpSz);
if (ret != 0)
break;
ret = wc_HmacUpdate(&myHmac, info, infoSz);
ret = wc_HmacUpdate(myHmac, info, infoSz);
if (ret != 0)
break;
ret = wc_HmacUpdate(&myHmac, &n, 1);
ret = wc_HmacUpdate(myHmac, &n, 1);
if (ret != 0)
break;
ret = wc_HmacFinal(&myHmac, tmp);
ret = wc_HmacFinal(myHmac, tmp);
if (ret != 0)
break;
@@ -1273,7 +1303,10 @@ int wolfSSL_GetHmacMaxSize(void)
n++;
}
wc_HmacFree(&myHmac);
wc_HmacFree(myHmac);
#ifdef WOLFSSL_SMALL_STACK
XFREE(myHmac, NULL, DYNAMIC_TYPE_HMAC);
#endif
return ret;
}

26
wolfcrypt/src/integer.c
View File

@@ -2306,11 +2306,7 @@ int mp_exptmod_base_2(mp_int * X, mp_int * P, mp_int * Y)
{
mp_digit buf, mp;
int err = MP_OKAY, bitbuf, bitcpy, bitcnt, digidx, x, y;
#ifdef WOLFSSL_SMALL_STACK
mp_int *res = NULL;
#else
mp_int res[1];
#endif
int (*redux)(mp_int*,mp_int*,mp_digit) = NULL;
/* automatically pick the comba one if available (saves quite a few
@@ -2332,13 +2328,6 @@ int mp_exptmod_base_2(mp_int * X, mp_int * P, mp_int * Y)
return MP_VAL;
}
#ifdef WOLFSSL_SMALL_STACK
res = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (res == NULL) {
return MP_MEM;
}
#endif
/* now setup montgomery */
if ((err = mp_montgomery_setup(P, &mp)) != MP_OKAY) {
goto LBL_M;
@@ -2449,9 +2438,6 @@ int mp_exptmod_base_2(mp_int * X, mp_int * P, mp_int * Y)
LBL_RES:mp_clear (res);
LBL_M:
#ifdef WOLFSSL_SMALL_STACK
XFREE(res, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return err;
}
@@ -2526,12 +2512,13 @@ int fast_mp_montgomery_reduce (mp_int * x, mp_int * n, mp_digit rho)
}
#ifdef WOLFSSL_SMALL_STACK
W = (mp_word*)XMALLOC(sizeof(mp_word) * MP_WARRAY, NULL, DYNAMIC_TYPE_BIGINT);
W = (mp_word*)XMALLOC(sizeof(mp_word) * (n->used * 2 + 1), NULL,
DYNAMIC_TYPE_BIGINT);
if (W == NULL)
return MP_MEM;
#endif
XMEMSET(W, 0, (n->used * 2 + 1) * sizeof(mp_word));
XMEMSET(W, 0, sizeof(mp_word) * (n->used * 2 + 1));
/* first we have to get the digits of the input into
* an array of double precision words W[...]
@@ -3349,7 +3336,7 @@ int fast_s_mp_sqr (mp_int * a, mp_int * b)
return MP_RANGE; /* TAO range check */
#ifdef WOLFSSL_SMALL_STACK
W = (mp_digit*)XMALLOC(sizeof(mp_digit) * MP_WARRAY, NULL, DYNAMIC_TYPE_BIGINT);
W = (mp_digit*)XMALLOC(sizeof(mp_digit) * pa, NULL, DYNAMIC_TYPE_BIGINT);
if (W == NULL)
return MP_MEM;
#endif
@@ -3468,7 +3455,7 @@ int fast_s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
return MP_RANGE; /* TAO range check */
#ifdef WOLFSSL_SMALL_STACK
W = (mp_digit*)XMALLOC(sizeof(mp_digit) * MP_WARRAY, NULL, DYNAMIC_TYPE_BIGINT);
W = (mp_digit*)XMALLOC(sizeof(mp_digit) * pa, NULL, DYNAMIC_TYPE_BIGINT);
if (W == NULL)
return MP_MEM;
#endif
@@ -4203,13 +4190,12 @@ int fast_s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs)
return MP_RANGE; /* TAO range check */
#ifdef WOLFSSL_SMALL_STACK
W = (mp_digit*)XMALLOC(sizeof(mp_digit) * MP_WARRAY, NULL, DYNAMIC_TYPE_BIGINT);
W = (mp_digit*)XMALLOC(sizeof(mp_digit) * pa, NULL, DYNAMIC_TYPE_BIGINT);
if (W == NULL)
return MP_MEM;
#endif
/* number of output digits to produce */
pa = a->used + b->used;
_W = 0;
for (ix = digs; ix < pa; ix++) { /* JRB, have a->dp check at top of function*/
int tx, ty, iy;

17
wolfcrypt/src/kdf.c
View File

@@ -435,13 +435,25 @@ int wc_PRF_TLS(byte* digest, word32 digLen, const byte* secret, word32 secLen,
{
int ret = 0;
int idx = 0;
#ifdef WOLFSSL_SMALL_STACK
byte* data;
#else
byte data[MAX_TLS13_HKDF_LABEL_SZ];
#endif
/* okmLen (2) + protocol|label len (1) + info len(1) + protocollen +
* labellen + infolen */
idx = 4 + protocolLen + labelLen + infoLen;
if (idx > MAX_TLS13_HKDF_LABEL_SZ)
if (idx > MAX_TLS13_HKDF_LABEL_SZ) {
return BUFFER_E;
}
#ifdef WOLFSSL_SMALL_STACK
data = (byte*)XMALLOC(idx, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (data == NULL) {
return MEMORY_E;
}
#endif
idx = 0;
/* Output length. */
@@ -484,6 +496,9 @@ int wc_PRF_TLS(byte* digest, word32 digLen, const byte* secret, word32 secLen,
#ifdef WOLFSSL_CHECK_MEM_ZERO
wc_MemZero_Check(data, MAX_TLS13_HKDF_LABEL_SZ);
#endif
#ifdef WOLFSSL_SMALL_STACK
XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}

75
wolfcrypt/src/sha256.c
View File

@@ -1793,19 +1793,36 @@ int wc_Sha224_Grow(wc_Sha224* sha224, const byte* in, int inSz)
int wc_Sha224GetHash(wc_Sha224* sha224, byte* hash)
{
int ret;
wc_Sha224 tmpSha224;
#ifdef WOLFSSL_SMALL_STACK
wc_Sha224* tmpSha224;
#else
wc_Sha224 tmpSha224[1];
#endif
wc_InitSha224(&tmpSha224);
if (sha224 == NULL || hash == NULL)
if (sha224 == NULL || hash == NULL) {
return BAD_FUNC_ARG;
ret = wc_Sha224Copy(sha224, &tmpSha224);
if (ret == 0) {
ret = wc_Sha224Final(&tmpSha224, hash);
wc_Sha224Free(&tmpSha224);
}
#ifdef WOLFSSL_SMALL_STACK
tmpSha224 = (wc_Sha224*)XMALLOC(sizeof(wc_Sha224), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
if (tmpSha224 == NULL) {
return MEMORY_E;
}
#endif
ret = wc_Sha224Copy(sha224, tmpSha224);
if (ret == 0) {
ret = wc_Sha224Final(tmpSha224, hash);
wc_Sha224Free(tmpSha224);
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(tmpSha224, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
int wc_Sha224Copy(wc_Sha224* src, wc_Sha224* dst)
{
int ret = 0;
@@ -1894,44 +1911,54 @@ int wc_Sha224_Grow(wc_Sha224* sha224, const byte* in, int inSz)
int wc_Sha256GetHash(wc_Sha256* sha256, byte* hash)
{
int ret;
wc_Sha256 tmpSha256;
#ifdef WOLFSSL_SMALL_STACK
wc_Sha256* tmpSha256;
#else
wc_Sha256 tmpSha256[1];
#endif
if (sha256 == NULL || hash == NULL)
if (sha256 == NULL || hash == NULL) {
return BAD_FUNC_ARG;
}
#ifdef WOLFSSL_SMALL_STACK
tmpSha256 = (wc_Sha256*)XMALLOC(sizeof(wc_Sha256), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
if (tmpSha256 == NULL) {
return MEMORY_E;
}
#endif
#if defined(WOLFSSL_USE_ESP32WROOM32_CRYPT_HASH_HW)
/* ESP32 hardware can only handle only 1 active hardware hashing
* at a time. If the mutex lock is acquired the first time then
* that Sha256 instance has exclusive access to hardware. The
* final or free needs to release the mutex. Operations that
* do not get the lock fallback to software based Sha256 */
if(sha256->ctx.mode == ESP32_SHA_INIT){
if (sha256->ctx.mode == ESP32_SHA_INIT) {
esp_sha_try_hw_lock(&sha256->ctx);
}
if(sha256->ctx.mode == ESP32_SHA_HW)
{
if (sha256->ctx.mode == ESP32_SHA_HW) {
esp_sha256_digest_process(sha256, 0);
}
#endif
ret = wc_Sha256Copy(sha256, &tmpSha256);
ret = wc_Sha256Copy(sha256, tmpSha256);
if (ret == 0) {
ret = wc_Sha256Final(&tmpSha256, hash);
ret = wc_Sha256Final(tmpSha256, hash);
#if defined(WOLFSSL_USE_ESP32WROOM32_CRYPT_HASH_HW)
{
#if defined(WOLFSSL_USE_ESP32WROOM32_CRYPT_HASH_HW)
sha256->ctx.mode = ESP32_SHA_SW;
}
#endif
#endif
wc_Sha256Free(&tmpSha256);
wc_Sha256Free(tmpSha256);
}
#if defined(WOLFSSL_USE_ESP32WROOM32_CRYPT_HASH_HW)
/* TODO: Make sure the ESP32 crypto mutex is released (in case final is not
* called */
#ifdef WOLFSSL_SMALL_STACK
XFREE(tmpSha256, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst)

94
wolfcrypt/src/sha512.c
View File

@@ -1502,29 +1502,49 @@ static int Sha512_Family_GetHash(wc_Sha512* sha512, byte* hash,
int (*finalfp)(wc_Sha512*, byte*))
{
int ret;
wc_Sha512 tmpSha512;
if (sha512 == NULL || hash == NULL)
return BAD_FUNC_ARG;
#if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \
!defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
if(sha512->ctx.mode == ESP32_SHA_INIT) {
esp_sha_try_hw_lock(&sha512->ctx);
}
if(sha512->ctx.mode != ESP32_SHA_SW)
esp_sha512_digest_process(sha512, 0);
#ifdef WOLFSSL_SMALL_STACK
wc_Sha512* tmpSha512;
#else
wc_Sha512 tmpSha512[1];
#endif
ret = wc_Sha512Copy(sha512, &tmpSha512);
if (sha512 == NULL || hash == NULL) {
return BAD_FUNC_ARG;
}
#ifdef WOLFSSL_SMALL_STACK
tmpSha512 = (wc_Sha512*)XMALLOC(sizeof(wc_Sha512), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
if (tmpSha512 == NULL) {
return MEMORY_E;
}
#endif
#if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \
!defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
if (sha512->ctx.mode == ESP32_SHA_INIT) {
esp_sha_try_hw_lock(&sha512->ctx);
}
if (sha512->ctx.mode != ESP32_SHA_SW) {
esp_sha512_digest_process(sha512, 0);
}
#endif
ret = wc_Sha512Copy(sha512, tmpSha512);
if (ret == 0) {
ret = finalfp(&tmpSha512, hash);
#if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \
ret = finalfp(tmpSha512, hash);
#if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \
!defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
sha512->ctx.mode = ESP32_SHA_SW;;
#endif
wc_Sha512Free(&tmpSha512);
wc_Sha512Free(tmpSha512);
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(tmpSha512, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
@@ -1735,36 +1755,58 @@ int wc_Sha512_256Transform(wc_Sha512* sha, const unsigned char* data)
int wc_Sha384GetHash(wc_Sha384* sha384, byte* hash)
{
int ret;
wc_Sha384 tmpSha384;
#ifdef WOLFSSL_SMALL_STACK
wc_Sha384* tmpSha384;
#else
wc_Sha384 tmpSha384[1];
#endif
if (sha384 == NULL || hash == NULL)
if (sha384 == NULL || hash == NULL) {
return BAD_FUNC_ARG;
#if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \
}
#ifdef WOLFSSL_SMALL_STACK
tmpSha384 = (wc_Sha384*)XMALLOC(sizeof(wc_Sha384), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
if (tmpSha384 == NULL) {
return MEMORY_E;
}
#endif
#if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \
!defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
if(sha384->ctx.mode == ESP32_SHA_INIT) {
if (sha384->ctx.mode == ESP32_SHA_INIT) {
esp_sha_try_hw_lock(&sha384->ctx);
}
if(sha384->ctx.mode != ESP32_SHA_SW) {
if (sha384->ctx.mode != ESP32_SHA_SW) {
esp_sha512_digest_process(sha384, 0);
}
#endif
ret = wc_Sha384Copy(sha384, &tmpSha384);
ret = wc_Sha384Copy(sha384, tmpSha384);
if (ret == 0) {
ret = wc_Sha384Final(&tmpSha384, hash);
#if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \
ret = wc_Sha384Final(tmpSha384, hash);
#if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \
!defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
sha384->ctx.mode = ESP32_SHA_SW;
#endif
wc_Sha384Free(&tmpSha384);
wc_Sha384Free(tmpSha384);
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(tmpSha384, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
int wc_Sha384Copy(wc_Sha384* src, wc_Sha384* dst)
{
int ret = 0;
if (src == NULL || dst == NULL)
if (src == NULL || dst == NULL) {
return BAD_FUNC_ARG;
}
XMEMCPY(dst, src, sizeof(wc_Sha384));
#ifdef WOLFSSL_SMALL_STACK_CACHE

4
wolfssl/wolfcrypt/asn.h
View File

@@ -872,7 +872,7 @@ enum Misc_ASN {
ASN_BOOL_SIZE = 2, /* including type */
ASN_ECC_HEADER_SZ = 2, /* String type + 1 byte len */
ASN_ECC_CONTEXT_SZ = 2, /* Content specific type + 1 byte len */
#ifdef NO_SHA
#if defined(NO_SHA) || (!defined(NO_SHA256) && defined(WC_ASN_HASH_SHA256))
KEYID_SIZE = WC_SHA256_DIGEST_SIZE,
#else
KEYID_SIZE = WC_SHA_DIGEST_SIZE,
@@ -1591,7 +1591,7 @@ struct DecodedCert {
byte issuerHash[KEYID_SIZE]; /* hash of all Names */
#ifdef HAVE_OCSP
byte subjectKeyHash[KEYID_SIZE]; /* hash of the public Key */
byte issuerKeyHash[KEYID_SIZE]; /* hash of the public Key */
byte issuerKeyHash[KEYID_SIZE]; /* hash of the public Key */
#endif /* HAVE_OCSP */
const byte* signature; /* not owned, points into raw cert */
char* subjectCN; /* CommonName */

8
wolfssl/wolfcrypt/asn_public.h
View File

@@ -285,11 +285,12 @@ typedef int (wc_pem_password_cb)(char* passwd, int sz, int rw, void* userdata);
#endif
typedef struct EncryptedInfo {
wc_pem_password_cb* passwd_cb;
void* passwd_userdata;
long consumed; /* tracks PEM bytes consumed */
#ifdef WOLFSSL_ENCRYPTED_KEYS
wc_pem_password_cb* passwd_cb;
void* passwd_userdata;
int cipherType;
word32 keySz;
word32 ivSz; /* salt or encrypted IV size */
@@ -298,6 +299,7 @@ typedef struct EncryptedInfo {
byte iv[IV_SZ]; /* salt or encrypted IV */
word16 set:1; /* if encryption set */
#endif
} EncryptedInfo;

3
wolfssl/wolfcrypt/settings.h
View File

@@ -2377,9 +2377,6 @@ extern void uITRON4_free(void *p) ;
#ifndef USE_WOLF_STRTOK
#define USE_WOLF_STRTOK
#endif
#ifndef WOLFSSL_SP_DIV_WORD_HALF
#define WOLFSSL_SP_DIV_WORD_HALF
#endif
#ifndef WOLFSSL_OLD_PRIME_CHECK
#define WOLFSSL_OLD_PRIME_CHECK
#endif