diff --git a/src/ssl.c b/src/ssl.c index a7002b291a..675f66859b 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -3303,13 +3303,17 @@ const WOLFSSL_EVP_CIPHER *wolfSSL_EVP_get_cipherbynid(int id) #ifndef NO_DES3 static char *EVP_DES_CBC; static char *EVP_DES_ECB; -static const int EVP_DES_SIZE = 7; static char *EVP_DES_EDE3_CBC; static char *EVP_DES_EDE3_ECB; + +#ifdef OPENSSL_EXTRA +static const int EVP_DES_SIZE = 7; static const int EVP_DES_EDE3_SIZE = 12; #endif +#endif + #ifdef HAVE_IDEA static char *EVP_IDEA_CBC; #if defined(OPENSSL_EXTRA) @@ -11881,7 +11885,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, XMEMCPY(out, ssl->arrays->clientRandom, size); return size; } -#endif /* !defined(NO_WOLFSSL_CLIENT) */ +#endif /* !NO_WOLFSSL_CLIENT */ unsigned long wolfSSLeay(void) @@ -11945,7 +11949,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, return 0; } -#endif /* NO_MD5 */ +#endif /* !NO_MD5 */ #ifndef NO_SHA @@ -12018,9 +12022,9 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, WOLFSSL_ENTER("SHA1_Final"); return SHA_Final(input, sha); } -#endif /* NO_SHA */ +#endif /* !NO_SHA */ - #ifdef WOLFSSL_SHA224 +#ifdef WOLFSSL_SHA224 int wolfSSL_SHA224_Init(WOLFSSL_SHA224_CTX* sha) { @@ -12070,7 +12074,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, return 0; } - #endif /* WOLFSSL_SHA224 */ +#endif /* WOLFSSL_SHA224 */ int wolfSSL_SHA256_Init(WOLFSSL_SHA256_CTX* sha256) @@ -12122,7 +12126,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, } - #ifdef WOLFSSL_SHA384 +#ifdef WOLFSSL_SHA384 int wolfSSL_SHA384_Init(WOLFSSL_SHA384_CTX* sha) { @@ -12172,10 +12176,10 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, return 0; } - #endif /* WOLFSSL_SHA384 */ +#endif /* WOLFSSL_SHA384 */ - #ifdef WOLFSSL_SHA512 +#ifdef WOLFSSL_SHA512 int wolfSSL_SHA512_Init(WOLFSSL_SHA512_CTX* sha) { @@ -12225,7 +12229,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, return 0; } - #endif /* WOLFSSL_SHA512 */ +#endif /* WOLFSSL_SHA512 */ static const struct s_ent { const unsigned char macType; @@ -12314,7 +12318,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) } - #ifndef NO_MD4 +#ifndef NO_MD4 /* return a pointer to MD4 EVP type */ const WOLFSSL_EVP_MD* wolfSSL_EVP_md4(void) @@ -12323,10 +12327,10 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) return EVP_get_digestbyname("MD4"); } - #endif /* NO_MD4 */ +#endif /* !NO_MD4 */ - #ifndef NO_MD5 +#ifndef NO_MD5 const WOLFSSL_EVP_MD* wolfSSL_EVP_md5(void) { @@ -12334,7 +12338,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) return EVP_get_digestbyname("MD5"); } - #endif /* NO_MD5 */ +#endif /* !NO_MD5 */ #ifndef NO_SHA @@ -12345,7 +12349,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) } #endif /* NO_SHA */ - #ifdef WOLFSSL_SHA224 +#ifdef WOLFSSL_SHA224 const WOLFSSL_EVP_MD* wolfSSL_EVP_sha224(void) { @@ -12353,7 +12357,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) return EVP_get_digestbyname("SHA224"); } - #endif /* WOLFSSL_SHA224 */ +#endif /* WOLFSSL_SHA224 */ const WOLFSSL_EVP_MD* wolfSSL_EVP_sha256(void) @@ -12362,7 +12366,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) return EVP_get_digestbyname("SHA256"); } - #ifdef WOLFSSL_SHA384 +#ifdef WOLFSSL_SHA384 const WOLFSSL_EVP_MD* wolfSSL_EVP_sha384(void) { @@ -12370,9 +12374,9 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) return EVP_get_digestbyname("SHA384"); } - #endif /* WOLFSSL_SHA384 */ +#endif /* WOLFSSL_SHA384 */ - #ifdef WOLFSSL_SHA512 +#ifdef WOLFSSL_SHA512 const WOLFSSL_EVP_MD* wolfSSL_EVP_sha512(void) { @@ -12380,7 +12384,8 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) return EVP_get_digestbyname("SHA512"); } - #endif /* WOLFSSL_SHA512 */ +#endif /* WOLFSSL_SHA512 */ + WOLFSSL_EVP_MD_CTX *wolfSSL_EVP_MD_CTX_new(void) { @@ -13529,7 +13534,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) { return NULL; } - + #ifdef WOLFSSL_SMALL_STACK hmac = (Hmac*)XMALLOC(sizeof(Hmac), heap, DYNAMIC_TYPE_HMAC); if (hmac == NULL) diff --git a/src/tls.c b/src/tls.c index 05deb6b110..d2f638c962 100755 --- a/src/tls.c +++ b/src/tls.c @@ -5816,22 +5816,24 @@ static int TLSX_KeyShare_ProcessX25519(WOLFSSL* ssl, #ifdef HAVE_CURVE25519 curve25519_key* key = (curve25519_key*)keyShareEntry->key; - curve25519_key* peerEccKey; + curve25519_key* peerX25519Key; +#ifdef HAVE_ECC if (ssl->peerEccKey != NULL) { wc_ecc_free(ssl->peerEccKey); ssl->peerEccKey = NULL; } +#endif - peerEccKey = (curve25519_key*)XMALLOC(sizeof(curve25519_key), ssl->heap, + peerX25519Key = (curve25519_key*)XMALLOC(sizeof(curve25519_key), ssl->heap, DYNAMIC_TYPE_TLSX); - if (peerEccKey == NULL) { + if (peerX25519Key == NULL) { WOLFSSL_MSG("PeerEccKey Memory error"); return MEMORY_ERROR; } - ret = wc_curve25519_init(peerEccKey); + ret = wc_curve25519_init(peerX25519Key); if (ret != 0) { - XFREE(peerEccKey, ssl->heap, DYNAMIC_TYPE_TLSX); + XFREE(peerX25519Key, ssl->heap, DYNAMIC_TYPE_TLSX); return ret; } #ifdef WOLFSSL_DEBUG_TLS @@ -5841,7 +5843,7 @@ static int TLSX_KeyShare_ProcessX25519(WOLFSSL* ssl, /* Point is validated by import function. */ if (wc_curve25519_import_public_ex(keyShareEntry->ke, keyShareEntry->keLen, - peerEccKey, + peerX25519Key, EC25519_LITTLE_ENDIAN) != 0) { ret = ECC_PEERKEY_ERROR; } @@ -5850,14 +5852,13 @@ static int TLSX_KeyShare_ProcessX25519(WOLFSSL* ssl, ssl->arrays->preMasterSz = ENCRYPT_LEN; ssl->ecdhCurveOID = ECC_X25519_OID; - /* TODO: Switch to support async */ - ret = wc_curve25519_shared_secret_ex(key, peerEccKey, + ret = wc_curve25519_shared_secret_ex(key, peerX25519Key, ssl->arrays->preMasterSecret, &ssl->arrays->preMasterSz, EC25519_LITTLE_ENDIAN); } - wc_curve25519_free(peerEccKey); - XFREE(peerEccKey, ssl->heap, DYNAMIC_TYPE_TLSX); + wc_curve25519_free(peerX25519Key); + XFREE(peerX25519Key, ssl->heap, DYNAMIC_TYPE_TLSX); #else (void)ssl; (void)keyShareEntry; diff --git a/tests/api.c b/tests/api.c index 97a8d4dff2..11bcbded35 100644 --- a/tests/api.c +++ b/tests/api.c @@ -18187,7 +18187,7 @@ static int test_tls13_apis(void) #elif defined(HAVE_CURVE25519) AssertIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_X25519), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_UseKeyShare(serverSsl, WOLFSSL_ECC_X25519), - SIDE_ERROR); + WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_X25519), WOLFSSL_SUCCESS); AssertIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_X25519), diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index 0f380e36b6..8da6f8038c 100755 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -332,7 +332,8 @@ #elif defined(USE_WINDOWS_API) #define XSTRNCASECMP(s1,s2,n) _strnicmp((s1),(s2),(n)) #else - #if defined(HAVE_STRINGS_H) || defined(WOLF_C99) + #if (defined(HAVE_STRINGS_H) || defined(WOLF_C99)) && \ + !defined(WOLFSSL_SGX) #include #endif #define XSTRNCASECMP(s1,s2,n) strncasecmp((s1),(s2),(n))