diff --git a/IDE/XilinxSDK/bench.sh b/IDE/XilinxSDK/bench.sh index 2c9fce7d9..850acc63f 100755 --- a/IDE/XilinxSDK/bench.sh +++ b/IDE/XilinxSDK/bench.sh @@ -16,7 +16,8 @@ # Preamble ### -readonly my_path=$(dirname $(readlink -f $0)) +my_path=$(dirname $(readlink -f $0)) || exit $? +readonly my_path readonly csv_path_suffix="$1" readonly common_opts="-blocks 128" diff --git a/IDE/XilinxSDK/combine.sh b/IDE/XilinxSDK/combine.sh index fc697a6b4..4cf2d26db 100755 --- a/IDE/XilinxSDK/combine.sh +++ b/IDE/XilinxSDK/combine.sh @@ -9,7 +9,8 @@ # Preamble ### -readonly my_path="$(dirname $(readlink -f $0))" +my_path="$(dirname $(readlink -f $0))" || exit $? +readonly my_path readonly csv_path="$my_path/data" function cleanup() { @@ -32,7 +33,8 @@ trap error_out INT TERM # Implementation ### -readonly configs=$(find $csv_path -maxdepth 1 -type d -name '*results_*' | sed 's@.*results_@@g') +configs=$(find $csv_path -maxdepth 1 -type d -name '*results_*' | sed 's@.*results_@@g') || exit $? +readonly configs declare -A algos algos["asym"]="ecc rsa" @@ -57,7 +59,7 @@ filters["cmac"]="-e s/\(128\|256\)-CMAC/CMAC,\1/g" filters["ecc"]='-e 1!{/SECP384R1\|SECP521R1/!d}' filters["sha2"]="-e s/SHA-/SHA2-/g" -for t in ${!algos[@]} +for t in "${!algos[@]}" do for algo in ${algos[$t]} do diff --git a/IDE/XilinxSDK/graph.sh b/IDE/XilinxSDK/graph.sh index d66cbdf63..944e4ca7f 100755 --- a/IDE/XilinxSDK/graph.sh +++ b/IDE/XilinxSDK/graph.sh @@ -1,4 +1,5 @@ #!/usr/bin/env bash +# shellcheck disable=SC2043 # noise. fine for a loop to run only once. # # SPDX-License-Identifier: GPL-2.0-or-later # @@ -9,7 +10,8 @@ # Preamble ### -readonly my_path="$(dirname $(readlink -f $0))" +my_path="$(dirname $(readlink -f $0))" || exit $? +readonly my_path readonly csv_path="$my_path/data" readonly log_path="$csv_path/logs" readonly img_path="$csv_path/images" @@ -45,7 +47,8 @@ readonly desc_block_ciphers="Benchmarks were done with growing sample size and a readonly desc_asymmetric="Benchmarks were done with averaging over\nas many repetitions possible of the benchmarked operation in 1s" readonly desc_others="Benchmarks were done with 1MiB block size and averaging over\nas many repetitions possible of processing 5MiB data in 1s" -readonly configs=$(find $csv_path -type d -name '*results*' | sed 's@.*results_@@g') +configs=$(find $csv_path -type d -name '*results*' | sed 's@.*results_@@g') || exit $? +readonly configs ### # Symmetric crypto @@ -71,7 +74,7 @@ gcm_yrange="${gcm_yrange:=500}" for mode in $sym do infile="$csv_path/combined_${mode}.csv" - for dir in ${!directions[@]} + for dir in "${!directions[@]}" do plotstring= more_style= @@ -85,18 +88,18 @@ do if [ "$val" != "" ]; then echo "$val" > $outfile [ -z "$plotstring" ] && plotstring="plot" || plotstring="${plotstring}," - plotstring="${plotstring} '"$outfile"' smooth bezier title \"$cfg AES$bsize\"" + plotstring="${plotstring} '$outfile' smooth bezier title \"$cfg AES$bsize\"" fi [ "$mode" == "cbc" -a "$cbc_yrange" != "" ] && more_style="set yrange [ 0 : $cbc_yrange ]" else - for aad in ${!aad_sizes[@]} + for aad in "${!aad_sizes[@]}" do outfile=$log_path/${mode}${bsize}_${cfg}_${dir}_${aad}.log val="$(cg config $cfg $infile | cg blocksize $bsize | cg direction $dir | cg AAD $aad | csvcut -c chunksize,MiB/s | tail -n +2 | tr ',' ' ')" if [ "$val" != "" ]; then echo "$val" > $outfile [ -z "$plotstring" ] && plotstring="plot" || plotstring="${plotstring}," - plotstring="${plotstring} '"$outfile"' smooth bezier title \"$cfg AES$bsize ${aad_sizes[$aad]} AAD\"" + plotstring="${plotstring} '$outfile' smooth bezier title \"$cfg AES$bsize ${aad_sizes[$aad]} AAD\"" fi done [ "$mode" == "gcm" -a "$gcm_yrange" != "" ] && more_style="set yrange [ 0 : $gcm_yrange ]" @@ -125,7 +128,7 @@ done for mode in gcm do infile="$csv_path/combined_${mode}.csv" - for dir in ${!directions[@]} + for dir in "${!directions[@]}" do for bsize in $(csvcut -c blocksize $infile | tail -n +2 | sort -u) do @@ -133,14 +136,14 @@ do more_style="set yrange [ 0 : $gcm_yrange ]" for cfg in $configs do - for aad in ${!aad_sizes[@]} + for aad in "${!aad_sizes[@]}" do outfile=$log_path/${mode}${bsize}_${cfg}_${dir}_${aad}.log val="$(cg config $cfg $infile | cg blocksize $bsize | cg direction $dir | cg AAD $aad | csvcut -c chunksize,MiB/s | tail -n +2 | tr ',' ' ')" if [ "$val" != "" ]; then echo "$val" > $outfile [ -z "$plotstring" ] && plotstring="plot" || plotstring="${plotstring}," - plotstring="${plotstring} '"$outfile"' smooth bezier title \"$cfg AES$bsize ${aad_sizes[$aad]} AAD\"" + plotstring="${plotstring} '$outfile' smooth bezier title \"$cfg AES$bsize ${aad_sizes[$aad]} AAD\"" fi done done @@ -168,7 +171,7 @@ declare -A asym_operations asym_operations["ecc"]="keygen agree sign verify" asym_operations["rsa"]="keygen public private" -for algo in ${!asym_operations[@]} +for algo in "${!asym_operations[@]}" do infile="$csv_path/combined_${algo}.csv" for op in ${asym_operations[$algo]} @@ -214,7 +217,7 @@ hash_sizes["sha3"]="384" plotstring= outfile=$log_path/sha.log echo -n "" > $outfile -for algo in ${!hash_sizes[@]} +for algo in "${!hash_sizes[@]}" do infile="$csv_path/combined_${algo}.csv" for hsize in ${hash_sizes[$algo]} @@ -255,7 +258,7 @@ macs["cmac"]="128 256" plotstring= outfile=$log_path/mac.log echo -n "" > $outfile -for algo in ${!macs[@]} +for algo in "${!macs[@]}" do infile="$csv_path/combined_${algo}.csv" for hsize in ${macs[$algo]} diff --git a/scripts/bench/bench_functions.sh b/scripts/bench/bench_functions.sh index 395ac80a9..36b971cef 100755 --- a/scripts/bench/bench_functions.sh +++ b/scripts/bench/bench_functions.sh @@ -15,15 +15,16 @@ if (return 0 2>/dev/null); then - [ "$my_path" != "" ] || { echo "\$my_path must not be empty"; return 1; } + [[ -v my_path ]] || { echo "\$my_path must not be empty"; return 1; } else echo "This script shall only be sourced" exit 1 fi readonly tty="${WC_TTY:-/dev/ttyUSB2}" -readonly fifo="$(mktemp -u)" -readonly csv_path="${my_path}/data/results${csv_path_suffix}" +fifo="$(mktemp -u)" || exit $? +readonly fifo +readonly csv_path="${my_path}/data/results${csv_path_suffix:-}" function status_echo() { [ "$VERBOSE" = "0" ] || echo "$*" @@ -83,7 +84,7 @@ function process_csv() { [ "$VERBOSE" = "1" ] && echo "$1" else echo "finished" > $fifo - read_tty_ret=return + read_tty_ret='return' fi ;; esac @@ -107,6 +108,10 @@ function bench() { ### function small_block() { + if [[ ! -v small_block_sizes ]]; then + echo '$small_block_sizes is unset.' 1>&2 + return 1 + fi for blocksize in $small_block_sizes do status_echo "Benchmark with $blocksize bytes sized blocks" @@ -119,6 +124,18 @@ function small_block() { } function large_block() { + if [[ ! -v large_block_ciphers ]]; then + echo '$large_block_ciphers is unset.' 1>&2 + return 1 + fi + if [[ ! -v large_max_blocksize ]]; then + echo '$large_max_blocksize is unset.' 1>&2 + return 1 + fi + if [[ ! -v large_num_bytes ]]; then + echo '$large_num_bytes is unset.' 1>&2 + return 1 + fi # 1 MiB local blocksize=$((1024 * 1024)) while [ $blocksize -lt $large_max_blocksize ] diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index 366cebeeb..ed91473f0 100644 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -909,8 +909,11 @@ static const char* bench_Usage_msg1[][21] = { "-base10 Display bytes as power of 10 (eg 1 kB = 1000 Bytes)\n", "-no_aad No additional authentication data passed.\n", "-aad_size With bytes of AAD.\n", - "-all_aad With AAD length of 0, " WC_STRINGIFY(AES_AUTH_ADD_SZ) " and\n" - " (if set via -aad_size) bytes.\n", + ("-all_aad With AAD length of 0, " + WC_STRINGIFY(AES_AUTH_ADD_SZ) + " and\n" + " (if set via -aad_size) bytes.\n" + ), "-dgst_full Full digest operation performed.\n", "-rsa_sign Measure RSA sign/verify instead of encrypt/decrypt.\n", " -rsa-sz\n Measure RSA performance.\n", @@ -923,9 +926,10 @@ static const char* bench_Usage_msg1[][21] = { "- Algorithm to benchmark. Available algorithms include:\n", "-lng Display benchmark result by specified language.\n 0: English, 1: Japanese\n", " Size of block in bytes\n", - "-blocks Number of blocks. Can be used together with the 'Size of block'\n" + ("-blocks Number of blocks. Can be used together with the 'Size of block'\n" " option, but must be used after that one.\n" - "-threads Number of threads to run\n", + "-threads Number of threads to run\n" + ), "-print Show benchmark stats summary\n" }, #ifndef NO_MULTIBYTE_PRINT @@ -1297,7 +1301,7 @@ static const char* bench_result_words2[][5] = { #define AES_AAD_OPTIONS_DEFAULT 0x3U #endif #endif - #define AES_AAD_STRING(s) (aesAuthAddSz == 0 ? s "-no_AAD" : (aesAuthAddSz == AES_AUTH_ADD_SZ ? s : s "-custom")) + #define AES_AAD_STRING(s) (aesAuthAddSz == 0 ? (s "-no_AAD") : (aesAuthAddSz == AES_AUTH_ADD_SZ ? (s) : (s "-custom"))) enum en_aad_options { AAD_SIZE_DEFAULT = 0x1U, AAD_SIZE_ZERO = 0x2U, diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index b06937849..12642bc65 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -22721,23 +22721,30 @@ static int ecc_test_vector(int keySize) } #endif /* WOLF_CRYPTO_CB_ONLY_ECC */ -#if defined(HAVE_ECC_SIGN) && defined(HAVE_ECC_DETERMINISTIC_K) +#if defined(HAVE_ECC_SIGN) && (defined(WOLFSSL_ECDSA_DETERMINISTIC_K) || \ + defined(WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT)) \ + && (!defined(FIPS_VERSION_GE) || FIPS_VERSION_GE(5,3)) #if defined(HAVE_ECC256) static int ecc_test_deterministic_k(WC_RNG* rng) { int ret; - ecc_key key; +#ifdef WOLFSSL_SMALL_STACK + ecc_key *key = NULL; +#else + ecc_key key[1]; +#endif + int key_inited = 0; byte sig[72]; word32 sigSz; - unsigned char msg[] = "sample"; + WOLFSSL_SMALL_STACK_STATIC const unsigned char msg[] = "sample"; unsigned char hash[32]; - const char* dIUT = + WOLFSSL_SMALL_STACK_STATIC const char* dIUT = "C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721"; - const char* QIUTx = + WOLFSSL_SMALL_STACK_STATIC const char* QIUTx = "60FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB6"; - const char* QIUTy = + WOLFSSL_SMALL_STACK_STATIC const char* QIUTy = "7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299"; - const byte expSig[] = { + WOLFSSL_SMALL_STACK_STATIC const byte expSig[] = { 0x30, 0x46, 0x02, 0x21, 0x00, 0xEF, 0xD4, 0x8B, 0x2A, 0xAC, 0xB6, 0xA8, 0xFD, 0x11, 0x40, 0xDD, 0x9C, 0xD4, 0x5E, 0x81, 0xD6, 0x9D, 0x2C, 0x87, @@ -22749,11 +22756,18 @@ static int ecc_test_deterministic_k(WC_RNG* rng) 0x4D, 0xC4, 0xAB, 0x2F, 0x84, 0x3A, 0xCD, 0xA8 }; - ret = wc_ecc_init_ex(&key, HEAP_HINT, devId); +#ifdef WOLFSSL_SMALL_STACK + key = (ecc_key *)XMALLOC(sizeof(*key), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (key == NULL) + return MEMORY_E; +#endif + + ret = wc_ecc_init_ex(key, HEAP_HINT, devId); if (ret != 0) { - return ret; + goto done; } - ret = wc_ecc_import_raw(&key, QIUTx, QIUTy, dIUT, "SECP256R1"); + key_inited = 1; + ret = wc_ecc_import_raw(key, QIUTx, QIUTy, dIUT, "SECP256R1"); if (ret != 0) { goto done; } @@ -22764,7 +22778,7 @@ static int ecc_test_deterministic_k(WC_RNG* rng) goto done; } - ret = wc_ecc_set_deterministic(&key, 1); + ret = wc_ecc_set_deterministic(key, 1); if (ret != 0) { goto done; } @@ -22772,10 +22786,10 @@ static int ecc_test_deterministic_k(WC_RNG* rng) sigSz = sizeof(sig); do { #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + ret = wc_AsyncWait(ret, key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); #endif if (ret == 0) - ret = wc_ecc_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, &key); + ret = wc_ecc_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, key); } while (ret == WC_PENDING_E); if (ret != 0) { goto done; @@ -22794,10 +22808,10 @@ static int ecc_test_deterministic_k(WC_RNG* rng) sigSz = sizeof(sig); do { #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + ret = wc_AsyncWait(ret, key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); #endif if (ret == 0) - ret = wc_ecc_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, &key); + ret = wc_ecc_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, key); } while (ret == WC_PENDING_E); if (ret != 0) { goto done; @@ -22805,8 +22819,12 @@ static int ecc_test_deterministic_k(WC_RNG* rng) TEST_SLEEP(); done: - wc_ecc_free(&key); - return ret; + if (key_inited) + wc_ecc_free(key); + #ifdef WOLFSSL_SMALL_STACK + XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return ret; } #endif @@ -22816,34 +22834,61 @@ done: static int ecc384_test_deterministic_k(WC_RNG* rng) { int ret; - ecc_key key; - byte sig[72]; - word32 sigSz; - unsigned char msg[] = "sample"; +#ifdef WOLFSSL_SMALL_STACK + ecc_key *key; + mp_int *r, *s, *expR, *expS; +#else + ecc_key key[1]; + mp_int r[1], s[1], expR[1], expS[1]; +#endif + int key_inited = 0; + WOLFSSL_SMALL_STACK_STATIC const unsigned char msg[] = "sample"; unsigned char hash[32]; - const char* dIUT = + WOLFSSL_SMALL_STACK_STATIC const char* dIUT = "6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D8" "96D5724E4C70A825F872C9EA60D2EDF5"; - const char* QIUTx = + WOLFSSL_SMALL_STACK_STATIC const char* QIUTx = "EC3A4E415B4E19A4568618029F427FA5DA9A8BC4AE92E02E06AAE5286B300C64" "DEF8F0EA9055866064A254515480BC13"; - const char* QIUTy = + WOLFSSL_SMALL_STACK_STATIC const char* QIUTy = "8015D9B72D7D57244EA8EF9AC0C621896708A59367F9DFB9F54CA84B3F1C9DB1" "288B231C3AE0D4FE7344FD2533264720"; - const char* expRstr = + WOLFSSL_SMALL_STACK_STATIC const char* expRstr = "21B13D1E013C7FA1392D03C5F99AF8B30C570C6F98D4EA8E354B63A21D3DAA33" "BDE1E888E63355D92FA2B3C36D8FB2CD"; - const char* expSstr = + WOLFSSL_SMALL_STACK_STATIC const char* expSstr = "F3AA443FB107745BF4BD77CB3891674632068A10CA67E3D45DB2266FA7D1FEEB" "EFDC63ECCD1AC42EC0CB8668A4FA0AB0"; - mp_int r,s, expR, expS; - mp_init_multi(&r, &s, &expR, &expS, NULL, NULL); - ret = wc_ecc_init_ex(&key, HEAP_HINT, devId); - if (ret != 0) { - return ret; +#ifdef WOLFSSL_SMALL_STACK + key = (ecc_key *)XMALLOC(sizeof(*key), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + r = (mp_int *)XMALLOC(sizeof(*r), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + s = (mp_int *)XMALLOC(sizeof(*s), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + expR = (mp_int *)XMALLOC(sizeof(*expR), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + expS = (mp_int *)XMALLOC(sizeof(*expS), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + + if ((key == NULL) || + (r == NULL) || + (s == NULL) || + (expR == NULL) || + (expS == NULL)) + { + ret = MEMORY_E; + goto done; } - ret = wc_ecc_import_raw(&key, QIUTx, QIUTy, dIUT, "SECP384R1"); +#endif + + ret = mp_init_multi(r, s, expR, expS, NULL, NULL); + if (ret != MP_OKAY) { + goto done; + } + ret = wc_ecc_init_ex(key, HEAP_HINT, devId); + if (ret != 0) { + goto done; + } + key_inited = 1; + + ret = wc_ecc_import_raw(key, QIUTx, QIUTy, dIUT, "SECP384R1"); if (ret != 0) { goto done; } @@ -22854,32 +22899,45 @@ static int ecc384_test_deterministic_k(WC_RNG* rng) goto done; } - ret = wc_ecc_set_deterministic(&key, 1); + ret = wc_ecc_set_deterministic(key, 1); if (ret != 0) { goto done; } - sigSz = sizeof(sig); do { #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + ret = wc_AsyncWait(ret, key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); #endif if (ret == 0) - ret = wc_ecc_sign_hash_ex(hash, sizeof(hash), rng, &key, &r, &s); + ret = wc_ecc_sign_hash_ex(hash, sizeof(hash), rng, key, r, s); } while (ret == WC_PENDING_E); if (ret != 0) { goto done; } TEST_SLEEP(); - mp_read_radix(&expR, expRstr, MP_RADIX_HEX); - mp_read_radix(&expS, expSstr, MP_RADIX_HEX); - if (mp_cmp(&r, &expR) != MP_EQ) { + mp_read_radix(expR, expRstr, MP_RADIX_HEX); + mp_read_radix(expS, expSstr, MP_RADIX_HEX); + if (mp_cmp(r, expR) != MP_EQ) { ret = -1; } done: - wc_ecc_free(&key); + if (key_inited) + wc_ecc_free(key); +#ifdef WOLFSSL_SMALL_STACK + if (key != NULL) + XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (r != NULL) + XFREE(r, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (s != NULL) + XFREE(s, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (expR != NULL) + XFREE(expR, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (expS != NULL) + XFREE(expS, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return ret; } #endif /* HAVE_ECC384 */ @@ -22889,40 +22947,67 @@ done: static int ecc521_test_deterministic_k(WC_RNG* rng) { int ret; - ecc_key key; - byte sig[ECC_MAX_SIG_SIZE]; - word32 sigSz; - unsigned char msg[] = "sample"; +#ifdef WOLFSSL_SMALL_STACK + ecc_key *key; + mp_int *r, *s, *expR, *expS; +#else + ecc_key key[1]; + mp_int r[1], s[1], expR[1], expS[1]; +#endif + int key_inited = 0; + WOLFSSL_SMALL_STACK_STATIC const unsigned char msg[] = "sample"; unsigned char hash[32]; - const char* dIUT = + WOLFSSL_SMALL_STACK_STATIC const char* dIUT = "0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75C" "AA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83" "538"; - const char* QIUTx = + WOLFSSL_SMALL_STACK_STATIC const char* QIUTx = "1894550D0785932E00EAA23B694F213F8C3121F86DC97A04E5A7167DB4E5BCD3" "71123D46E45DB6B5D5370A7F20FB633155D38FFA16D2BD761DCAC474B9A2F502" "3A4"; - const char* QIUTy = + WOLFSSL_SMALL_STACK_STATIC const char* QIUTy = "0493101C962CD4D2FDDF782285E64584139C2F91B47F87FF82354D6630F746A2" "8A0DB25741B5B34A828008B22ACC23F924FAAFBD4D33F81EA66956DFEAA2BFDF" "CF5"; - const char* expRstr = + WOLFSSL_SMALL_STACK_STATIC const char* expRstr = "1511BB4D675114FE266FC4372B87682BAECC01D3CC62CF2303C92B3526012659" "D16876E25C7C1E57648F23B73564D67F61C6F14D527D54972810421E7D87589E" "1A7"; - const char* expSstr = + WOLFSSL_SMALL_STACK_STATIC const char* expSstr = "04A171143A83163D6DF460AAF61522695F207A58B95C0644D87E52AA1A347916" "E4F7A72930B1BC06DBE22CE3F58264AFD23704CBB63B29B931F7DE6C9D949A7E" "CFC"; - mp_int r,s, expR, expS; - mp_init_multi(&r, &s, &expR, &expS, NULL, NULL); - ret = wc_ecc_init_ex(&key, HEAP_HINT, devId); +#ifdef WOLFSSL_SMALL_STACK + key = (ecc_key *)XMALLOC(sizeof(*key), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + r = (mp_int *)XMALLOC(sizeof(*r), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + s = (mp_int *)XMALLOC(sizeof(*s), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + expR = (mp_int *)XMALLOC(sizeof(*expR), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + expS = (mp_int *)XMALLOC(sizeof(*expS), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + + if ((key == NULL) || + (r == NULL) || + (s == NULL) || + (expR == NULL) || + (expS == NULL)) + { + ret = MEMORY_E; + goto done; + } +#endif + + ret = mp_init_multi(r, s, expR, expS, NULL, NULL); + if (ret != MP_OKAY) { + goto done; + } + ret = wc_ecc_init_ex(key, HEAP_HINT, devId); if (ret != 0) { return ret; } - ret = wc_ecc_import_raw(&key, QIUTx, QIUTy, dIUT, "SECP521R1"); + key_inited = 1; + + ret = wc_ecc_import_raw(key, QIUTx, QIUTy, dIUT, "SECP521R1"); if (ret != 0) { goto done; } @@ -22933,37 +23018,52 @@ static int ecc521_test_deterministic_k(WC_RNG* rng) goto done; } - ret = wc_ecc_set_deterministic(&key, 1); + ret = wc_ecc_set_deterministic(key, 1); if (ret != 0) { goto done; } - sigSz = sizeof(sig); do { #if defined(WOLFSSL_ASYNC_CRYPT) - ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + ret = wc_AsyncWait(ret, key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); #endif if (ret == 0) - ret = wc_ecc_sign_hash_ex(hash, sizeof(hash), rng, &key, &r, &s); + ret = wc_ecc_sign_hash_ex(hash, sizeof(hash), rng, key, r, s); } while (ret == WC_PENDING_E); if (ret != 0) { goto done; } TEST_SLEEP(); - mp_read_radix(&expR, expRstr, MP_RADIX_HEX); - mp_read_radix(&expS, expSstr, MP_RADIX_HEX); - if (mp_cmp(&r, &expR) != MP_EQ) { + mp_read_radix(expR, expRstr, MP_RADIX_HEX); + mp_read_radix(expS, expSstr, MP_RADIX_HEX); + if (mp_cmp(r, expR) != MP_EQ) { ret = -1; } done: - wc_ecc_free(&key); + if (key_inited) + wc_ecc_free(key); +#ifdef WOLFSSL_SMALL_STACK + if (key != NULL) + XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (r != NULL) + XFREE(r, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (s != NULL) + XFREE(s, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (expR != NULL) + XFREE(expR, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (expS != NULL) + XFREE(expS, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return ret; } #endif /* HAVE_ECC521 */ #endif /* WOLFSSL_PUBLIC_MP */ -#endif +#endif /* HAVE_ECC_SIGN && (WOLFSSL_ECDSA_DETERMINISTIC_K || + WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT) + && (!FIPS_VERSION_GE || FIPS_VERSION_GE(5,3)) */ #if defined(HAVE_ECC_SIGN) && defined(WOLFSSL_ECDSA_SET_K) && \ @@ -25952,13 +26052,16 @@ WOLFSSL_TEST_SUBROUTINE int ecc_test(void) } #endif -#if defined(HAVE_ECC_SIGN) && defined(HAVE_ECC256) \ - && defined(HAVE_ECC_DETERMINISTIC_K) +#if defined(HAVE_ECC_SIGN) && (defined(WOLFSSL_ECDSA_DETERMINISTIC_K) || \ + defined(WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT)) \ + && (!defined(FIPS_VERSION_GE) || FIPS_VERSION_GE(5,3)) + #ifdef HAVE_ECC256 ret = ecc_test_deterministic_k(&rng); if (ret != 0) { printf("ecc_test_deterministic_k failed! %d\n", ret); goto done; } + #endif #ifdef WOLFSSL_PUBLIC_MP #if defined(HAVE_ECC384) ret = ecc384_test_deterministic_k(&rng); diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 179feb13d..5a9080e54 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1079,9 +1079,6 @@ WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_load_verify_locations( WOLFSSL_API const char** wolfSSL_get_system_CA_dirs(word32* num); #endif /* !_WIN32 */ WOLFSSL_API int wolfSSL_CTX_load_system_CA_certs(WOLFSSL_CTX* ctx); -#ifdef OPENSSL_EXTRA -WOLFSSL_API int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX* ctx); -#endif /* OPENSSL_EXTRA */ #ifdef WOLFSSL_TRUST_PEER_CERT WOLFSSL_API int wolfSSL_CTX_trust_peer_cert( WOLFSSL_CTX* ctx, const char* file, int type);