From 26a0142f51a161caa2f6af12f8e99bdf36e4999a Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Wed, 12 Apr 2023 15:33:59 -0700 Subject: [PATCH 1/4] add nomath option for builds without a math library --- configure.ac | 21 ++++++++++++++++++++- wolfssl/wolfcrypt/settings.h | 5 +++++ 2 files changed, 25 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 1e5b54317..c29e558b0 100644 --- a/configure.ac +++ b/configure.ac @@ -536,6 +536,25 @@ fi # MATH LIBRARY SELECTION + +# no math library +AC_ARG_ENABLE([nomath], + [AS_HELP_STRING([--enable-nomath],[Enable no math library (default: disabled)])], + [ ENABLED_NOMATH=$enableval ], + [ ENABLED_NOMATH="no" ] + ) + +if test "$ENABLED_NOMATH" = "yes" +then + DEF_SP_MATH="no" + DEF_FAST_MATH="no" + ENABLED_SP_MATH_DEFAULT=no + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_MATH" + ENABLED_HEAPMATH="no" + ENABLED_SP="no" + ENABLED_SP_MATH_ALL="no" +fi + # Single Precision maths implementation AC_ARG_ENABLE([sp], [AS_HELP_STRING([--enable-sp],[Enable Single Precision maths implementation (default: disabled)])], @@ -671,7 +690,7 @@ AC_ARG_ENABLE([heapmath], [ ENABLED_HEAPMATH=$enableval ], [ ENABLED_HEAPMATH=no] ) -if test "x$ENABLED_HEAPMATH" = "xyes" || (test "x$ENABLED_SP_MATH_ALL" = "xno" && test "x$ENABLED_FASTMATH" = "xno" && test "x$ENABLED_SP_MATH" = "xno") +if test "x$ENABLED_HEAPMATH" = "xyes" || (test "x$ENABLED_NOMATH" = "xno" && test "x$ENABLED_SP_MATH_ALL" = "xno" && test "x$ENABLED_FASTMATH" = "xno" && test "x$ENABLED_SP_MATH" = "xno") then AM_CFLAGS="$AM_CFLAGS -DUSE_INTEGER_HEAP_MATH" ENABLED_HEAPMATH="yes" diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index e4675552e..2f74210fc 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -2036,6 +2036,11 @@ extern void uITRON4_free(void *p) ; * Constant time: Not supported * Enable: USE_INTEGER_HEAP_MATH */ + #elif defined(WOLFSSL_NO_MATH) + /* 5) No math library compiled in + * Does not support any public key operations or algorithms that + * require the math library. + */ #else /* default is SP Math. */ #define WOLFSSL_SP_MATH_ALL From 04ee2473899efcc3ce9e0b7b409c35cd1a29c3c7 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Thu, 13 Apr 2023 14:38:35 -0700 Subject: [PATCH 2/4] do not default to heapmath if no other math libraries found, add NO_BIG_INT as a math option in settings.h --- configure.ac | 24 +++++------------------- wolfssl/wolfcrypt/settings.h | 6 ++---- 2 files changed, 7 insertions(+), 23 deletions(-) diff --git a/configure.ac b/configure.ac index c29e558b0..3293268c1 100644 --- a/configure.ac +++ b/configure.ac @@ -537,24 +537,6 @@ fi # MATH LIBRARY SELECTION -# no math library -AC_ARG_ENABLE([nomath], - [AS_HELP_STRING([--enable-nomath],[Enable no math library (default: disabled)])], - [ ENABLED_NOMATH=$enableval ], - [ ENABLED_NOMATH="no" ] - ) - -if test "$ENABLED_NOMATH" = "yes" -then - DEF_SP_MATH="no" - DEF_FAST_MATH="no" - ENABLED_SP_MATH_DEFAULT=no - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_NO_MATH" - ENABLED_HEAPMATH="no" - ENABLED_SP="no" - ENABLED_SP_MATH_ALL="no" -fi - # Single Precision maths implementation AC_ARG_ENABLE([sp], [AS_HELP_STRING([--enable-sp],[Enable Single Precision maths implementation (default: disabled)])], @@ -690,7 +672,7 @@ AC_ARG_ENABLE([heapmath], [ ENABLED_HEAPMATH=$enableval ], [ ENABLED_HEAPMATH=no] ) -if test "x$ENABLED_HEAPMATH" = "xyes" || (test "x$ENABLED_NOMATH" = "xno" && test "x$ENABLED_SP_MATH_ALL" = "xno" && test "x$ENABLED_FASTMATH" = "xno" && test "x$ENABLED_SP_MATH" = "xno") +if test "x$ENABLED_HEAPMATH" = "xyes" then AM_CFLAGS="$AM_CFLAGS -DUSE_INTEGER_HEAP_MATH" ENABLED_HEAPMATH="yes" @@ -7946,6 +7928,10 @@ AS_IF([test "x$ENABLED_16BIT" = "xyes" && \ ################################################################################ # Update CFLAGS based on options # ################################################################################ +AS_IF([test "x$ENABLED_SP_MATH_ALL" = "xno" && test "x$ENABLED_FASTMATH" = "xno" && + test "x$ENABLED_HEAPMATH" = "xno"], + [AM_CFLAGS="$AM_CFLAGS -DNO_BIG_INT"]) + AS_IF([test "x$ENABLED_CERTS" = "xno"], [AM_CFLAGS="$AM_CFLAGS -DNO_CERTS"]) diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 2f74210fc..5fbf218bb 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -2036,10 +2036,8 @@ extern void uITRON4_free(void *p) ; * Constant time: Not supported * Enable: USE_INTEGER_HEAP_MATH */ - #elif defined(WOLFSSL_NO_MATH) - /* 5) No math library compiled in - * Does not support any public key operations or algorithms that - * require the math library. + #elif defined(NO_BIG_INT) + /* 5) No big integer math libraries */ #else /* default is SP Math. */ From 36a9b9944c2bb06e28159c2196d5091041af2aa6 Mon Sep 17 00:00:00 2001 From: JacobBarthelmeh Date: Thu, 13 Apr 2023 16:12:08 -0700 Subject: [PATCH 3/4] fix guard on ECC export --- tests/api.c | 1 + wolfssl/wolfcrypt/settings.h | 5 +++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/tests/api.c b/tests/api.c index 3d948e823..1e31ed641 100644 --- a/tests/api.c +++ b/tests/api.c @@ -53065,6 +53065,7 @@ static int test_tls13_apis(void) wolfSSL_CTX_use_PrivateKey_file(serverCtx, ourKey, WOLFSSL_FILETYPE_PEM); #endif serverSsl = wolfSSL_new(serverCtx); + AssertNotNull(serverSsl); #endif #ifdef WOLFSSL_SEND_HRR_COOKIE diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 5fbf218bb..e2a9bab69 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -2142,8 +2142,9 @@ extern void uITRON4_free(void *p) ; #undef HAVE_ECC_KEY_IMPORT #define HAVE_ECC_KEY_IMPORT #endif - /* The ECC key export requires mp_int */ - #if !defined(NO_ECC_KEY_EXPORT) && !defined(NO_BIG_INT) + /* The ECC key export requires mp_int or SP */ + #if (!defined(NO_ECC_KEY_EXPORT) && defined(WOLFSSL_SP_MATH)) || \ + (!defined(NO_ECC_KEY_EXPORT) && !defined(NO_BIG_INT)) #undef HAVE_ECC_KEY_EXPORT #define HAVE_ECC_KEY_EXPORT #endif From cb9a121bd75c1e3d347228fec496e53ae9e603f2 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Fri, 14 Apr 2023 14:52:05 -0600 Subject: [PATCH 4/4] fix configure, compatibility layer needed big int. for BN use --- configure.ac | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/configure.ac b/configure.ac index 3293268c1..8a8d9a3ee 100644 --- a/configure.ac +++ b/configure.ac @@ -3960,11 +3960,6 @@ if test "$ENABLED_ASN" = "no" then AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_ASN_CRYPT" enable_pwdbased=no - if test "$ENABLED_DH" = "no" && test "$ENABLED_ECC" = "no" - then - # DH and ECC need bigint - AM_CFLAGS="$AM_CFLAGS -DNO_BIG_INT" - fi else if test "$ENABLED_ASN" = "template"; then ENABLED_ASN="yes" @@ -4007,10 +4002,11 @@ then AC_MSG_ERROR([please disable ecc if disabling asn.]) fi -# No Big Int (ASN, DSA, RSA, DH and ECC need bigint) +# No Big Int (ASN, DSA, RSA, DH, ECC and compatibility layer need bigint) if test "$ENABLED_ASN" = "no" && test "$ENABLED_DSA" = "no" && \ test "$ENABLED_DH" = "no" && test "$ENABLED_ECC" = "no" && \ - test "$ENABLED_RSA" = "no" + test "$ENABLED_RSA" = "no" && test "$ENABLED_OPENSSLEXTRA" = "no" && \ + test "$ENABLED_OPENSSLALL" ="yes" then ENABLED_SP_MATH_ALL="no" ENABLED_FASTMATH="no"