feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #5654 from douzzer/20220930-fixes-smallstack-shellcheck-etc

Browse Source 
20220930-fixes-smallstack-shellcheck-etc
This commit is contained in:
David Garske
2022-09-30 12:13:00 -07:00
committed by GitHub
parent 5070994ae2 acb35029a0
commit 6506c45918
7 changed files with 219 additions and 92 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
IDE/XilinxSDK/bench.sh
View File

@@ -16,7 +16,8 @@
# Preamble # Preamble
### ###
readonly my_path=$(dirname $(readlink -f $0)) my_path=$(dirname $(readlink -f $0)) || exit $?
readonly my_path
readonly csv_path_suffix="$1" readonly csv_path_suffix="$1"
readonly common_opts="-blocks 128" readonly common_opts="-blocks 128"

8
IDE/XilinxSDK/combine.sh
View File

@@ -9,7 +9,8 @@
# Preamble # Preamble
### ###
readonly my_path="$(dirname $(readlink -f $0))" my_path="$(dirname $(readlink -f $0))" || exit $?
readonly my_path
readonly csv_path="$my_path/data" readonly csv_path="$my_path/data"
function cleanup() { function cleanup() {
@@ -32,7 +33,8 @@ trap error_out INT TERM
# Implementation # Implementation
### ###
readonly configs=$(find $csv_path -maxdepth 1 -type d -name '*results_*' | sed 's@.*results_@@g') configs=$(find $csv_path -maxdepth 1 -type d -name '*results_*' | sed 's@.*results_@@g') || exit $?
readonly configs
declare -A algos declare -A algos
algos["asym"]="ecc rsa" algos["asym"]="ecc rsa"
@@ -57,7 +59,7 @@ filters["cmac"]="-e s/\(128\|256\)-CMAC/CMAC,\1/g"
filters["ecc"]='-e 1!{/SECP384R1\|SECP521R1/!d}' filters["ecc"]='-e 1!{/SECP384R1\|SECP521R1/!d}'
filters["sha2"]="-e s/SHA-/SHA2-/g" filters["sha2"]="-e s/SHA-/SHA2-/g"
for t in ${!algos[@]} for t in "${!algos[@]}"
do do
for algo in ${algos[$t]} for algo in ${algos[$t]}
do do

27
IDE/XilinxSDK/graph.sh
View File

@@ -1,4 +1,5 @@
#!/usr/bin/env bash #!/usr/bin/env bash
# shellcheck disable=SC2043 # noise. fine for a loop to run only once.
# #
# SPDX-License-Identifier: GPL-2.0-or-later # SPDX-License-Identifier: GPL-2.0-or-later
# #
@@ -9,7 +10,8 @@
# Preamble # Preamble
### ###
readonly my_path="$(dirname $(readlink -f $0))" my_path="$(dirname $(readlink -f $0))" || exit $?
readonly my_path
readonly csv_path="$my_path/data" readonly csv_path="$my_path/data"
readonly log_path="$csv_path/logs" readonly log_path="$csv_path/logs"
readonly img_path="$csv_path/images" readonly img_path="$csv_path/images"
@@ -45,7 +47,8 @@ readonly desc_block_ciphers="Benchmarks were done with growing sample size and a
readonly desc_asymmetric="Benchmarks were done with averaging over\nas many repetitions possible of the benchmarked operation in 1s" readonly desc_asymmetric="Benchmarks were done with averaging over\nas many repetitions possible of the benchmarked operation in 1s"
readonly desc_others="Benchmarks were done with 1MiB block size and averaging over\nas many repetitions possible of processing 5MiB data in 1s" readonly desc_others="Benchmarks were done with 1MiB block size and averaging over\nas many repetitions possible of processing 5MiB data in 1s"
readonly configs=$(find $csv_path -type d -name '*results*' | sed 's@.*results_@@g') configs=$(find $csv_path -type d -name '*results*' | sed 's@.*results_@@g') || exit $?
readonly configs
### ###
# Symmetric crypto # Symmetric crypto
@@ -71,7 +74,7 @@ gcm_yrange="${gcm_yrange:=500}"
for mode in $sym for mode in $sym
do do
infile="$csv_path/combined_${mode}.csv" infile="$csv_path/combined_${mode}.csv"
for dir in ${!directions[@]} for dir in "${!directions[@]}"
do do
plotstring= plotstring=
more_style= more_style=
@@ -85,18 +88,18 @@ do
if [ "$val" != "" ]; then if [ "$val" != "" ]; then
echo "$val" > $outfile echo "$val" > $outfile
[ -z "$plotstring" ] && plotstring="plot" || plotstring="${plotstring}," [ -z "$plotstring" ] && plotstring="plot" || plotstring="${plotstring},"
plotstring="${plotstring} '"$outfile"' smooth bezier title \"$cfg AES$bsize\"" plotstring="${plotstring} '$outfile' smooth bezier title \"$cfg AES$bsize\""
fi fi
[ "$mode" == "cbc" -a "$cbc_yrange" != "" ] && more_style="set yrange [ 0 : $cbc_yrange ]" [ "$mode" == "cbc" -a "$cbc_yrange" != "" ] && more_style="set yrange [ 0 : $cbc_yrange ]"
else else
for aad in ${!aad_sizes[@]} for aad in "${!aad_sizes[@]}"
do do
outfile=$log_path/${mode}${bsize}_${cfg}_${dir}_${aad}.log outfile=$log_path/${mode}${bsize}_${cfg}_${dir}_${aad}.log
val="$(cg config $cfg $infile | cg blocksize $bsize | cg direction $dir | cg AAD $aad | csvcut -c chunksize,MiB/s | tail -n +2 | tr ',' ' ')" val="$(cg config $cfg $infile | cg blocksize $bsize | cg direction $dir | cg AAD $aad | csvcut -c chunksize,MiB/s | tail -n +2 | tr ',' ' ')"
if [ "$val" != "" ]; then if [ "$val" != "" ]; then
echo "$val" > $outfile echo "$val" > $outfile
[ -z "$plotstring" ] && plotstring="plot" || plotstring="${plotstring}," [ -z "$plotstring" ] && plotstring="plot" || plotstring="${plotstring},"
plotstring="${plotstring} '"$outfile"' smooth bezier title \"$cfg AES$bsize ${aad_sizes[$aad]} AAD\"" plotstring="${plotstring} '$outfile' smooth bezier title \"$cfg AES$bsize ${aad_sizes[$aad]} AAD\""
fi fi
done done
[ "$mode" == "gcm" -a "$gcm_yrange" != "" ] && more_style="set yrange [ 0 : $gcm_yrange ]" [ "$mode" == "gcm" -a "$gcm_yrange" != "" ] && more_style="set yrange [ 0 : $gcm_yrange ]"
@@ -125,7 +128,7 @@ done
for mode in gcm for mode in gcm
do do
infile="$csv_path/combined_${mode}.csv" infile="$csv_path/combined_${mode}.csv"
for dir in ${!directions[@]} for dir in "${!directions[@]}"
do do
for bsize in $(csvcut -c blocksize $infile | tail -n +2 | sort -u) for bsize in $(csvcut -c blocksize $infile | tail -n +2 | sort -u)
do do
@@ -133,14 +136,14 @@ do
more_style="set yrange [ 0 : $gcm_yrange ]" more_style="set yrange [ 0 : $gcm_yrange ]"
for cfg in $configs for cfg in $configs
do do
for aad in ${!aad_sizes[@]} for aad in "${!aad_sizes[@]}"
do do
outfile=$log_path/${mode}${bsize}_${cfg}_${dir}_${aad}.log outfile=$log_path/${mode}${bsize}_${cfg}_${dir}_${aad}.log
val="$(cg config $cfg $infile | cg blocksize $bsize | cg direction $dir | cg AAD $aad | csvcut -c chunksize,MiB/s | tail -n +2 | tr ',' ' ')" val="$(cg config $cfg $infile | cg blocksize $bsize | cg direction $dir | cg AAD $aad | csvcut -c chunksize,MiB/s | tail -n +2 | tr ',' ' ')"
if [ "$val" != "" ]; then if [ "$val" != "" ]; then
echo "$val" > $outfile echo "$val" > $outfile
[ -z "$plotstring" ] && plotstring="plot" || plotstring="${plotstring}," [ -z "$plotstring" ] && plotstring="plot" || plotstring="${plotstring},"
plotstring="${plotstring} '"$outfile"' smooth bezier title \"$cfg AES$bsize ${aad_sizes[$aad]} AAD\"" plotstring="${plotstring} '$outfile' smooth bezier title \"$cfg AES$bsize ${aad_sizes[$aad]} AAD\""
fi fi
done done
done done
@@ -168,7 +171,7 @@ declare -A asym_operations
asym_operations["ecc"]="keygen agree sign verify" asym_operations["ecc"]="keygen agree sign verify"
asym_operations["rsa"]="keygen public private" asym_operations["rsa"]="keygen public private"
for algo in ${!asym_operations[@]} for algo in "${!asym_operations[@]}"
do do
infile="$csv_path/combined_${algo}.csv" infile="$csv_path/combined_${algo}.csv"
for op in ${asym_operations[$algo]} for op in ${asym_operations[$algo]}
@@ -214,7 +217,7 @@ hash_sizes["sha3"]="384"
plotstring= plotstring=
outfile=$log_path/sha.log outfile=$log_path/sha.log
echo -n "" > $outfile echo -n "" > $outfile
for algo in ${!hash_sizes[@]} for algo in "${!hash_sizes[@]}"
do do
infile="$csv_path/combined_${algo}.csv" infile="$csv_path/combined_${algo}.csv"
for hsize in ${hash_sizes[$algo]} for hsize in ${hash_sizes[$algo]}
@@ -255,7 +258,7 @@ macs["cmac"]="128 256"
plotstring= plotstring=
outfile=$log_path/mac.log outfile=$log_path/mac.log
echo -n "" > $outfile echo -n "" > $outfile
for algo in ${!macs[@]} for algo in "${!macs[@]}"
do do
infile="$csv_path/combined_${algo}.csv" infile="$csv_path/combined_${algo}.csv"
for hsize in ${macs[$algo]} for hsize in ${macs[$algo]}

25
scripts/bench/bench_functions.sh
View File

@@ -15,15 +15,16 @@
if (return 0 2>/dev/null); then if (return 0 2>/dev/null); then
[ "$my_path" != "" ] || { echo "\$my_path must not be empty"; return 1; } [[ -v my_path ]] || { echo "\$my_path must not be empty"; return 1; }
else else
echo "This script shall only be sourced" echo "This script shall only be sourced"
exit 1 exit 1
fi fi
readonly tty="${WC_TTY:-/dev/ttyUSB2}" readonly tty="${WC_TTY:-/dev/ttyUSB2}"
readonly fifo="$(mktemp -u)" fifo="$(mktemp -u)" || exit $?
readonly csv_path="${my_path}/data/results${csv_path_suffix}" readonly fifo
readonly csv_path="${my_path}/data/results${csv_path_suffix:-}"
function status_echo() { function status_echo() {
[ "$VERBOSE" = "0" ] || echo "$*" [ "$VERBOSE" = "0" ] || echo "$*"
@@ -83,7 +84,7 @@ function process_csv() {
[ "$VERBOSE" = "1" ] && echo "$1" [ "$VERBOSE" = "1" ] && echo "$1"
else else
echo "finished" > $fifo echo "finished" > $fifo
read_tty_ret=return read_tty_ret='return'
fi fi
;; ;;
esac esac
@@ -107,6 +108,10 @@ function bench() {
### ###
function small_block() { function small_block() {
if [[ ! -v small_block_sizes ]]; then
echo '$small_block_sizes is unset.' 1>&2
return 1
fi
for blocksize in $small_block_sizes for blocksize in $small_block_sizes
do do
status_echo "Benchmark with $blocksize bytes sized blocks" status_echo "Benchmark with $blocksize bytes sized blocks"
@@ -119,6 +124,18 @@ function small_block() {
} }
function large_block() { function large_block() {
if [[ ! -v large_block_ciphers ]]; then
echo '$large_block_ciphers is unset.' 1>&2
return 1
fi
if [[ ! -v large_max_blocksize ]]; then
echo '$large_max_blocksize is unset.' 1>&2
return 1
fi
if [[ ! -v large_num_bytes ]]; then
echo '$large_num_bytes is unset.' 1>&2
return 1
fi
# 1 MiB # 1 MiB
local blocksize=$((1024 * 1024)) local blocksize=$((1024 * 1024))
while [ $blocksize -lt $large_max_blocksize ] while [ $blocksize -lt $large_max_blocksize ]

14
wolfcrypt/benchmark/benchmark.c
View File

@@ -909,8 +909,11 @@ static const char* bench_Usage_msg1[][21] = {
"-base10 Display bytes as power of 10 (eg 1 kB = 1000 Bytes)\n", "-base10 Display bytes as power of 10 (eg 1 kB = 1000 Bytes)\n",
"-no_aad No additional authentication data passed.\n", "-no_aad No additional authentication data passed.\n",
"-aad_size <num> With <num> bytes of AAD.\n", "-aad_size <num> With <num> bytes of AAD.\n",
"-all_aad With AAD length of 0, " WC_STRINGIFY(AES_AUTH_ADD_SZ) " and\n" ("-all_aad With AAD length of 0, "
" (if set via -aad_size) <aad_size> bytes.\n", WC_STRINGIFY(AES_AUTH_ADD_SZ)
" and\n"
" (if set via -aad_size) <aad_size> bytes.\n"
),
"-dgst_full Full digest operation performed.\n", "-dgst_full Full digest operation performed.\n",
"-rsa_sign Measure RSA sign/verify instead of encrypt/decrypt.\n", "-rsa_sign Measure RSA sign/verify instead of encrypt/decrypt.\n",
"<keySz> -rsa-sz\n Measure RSA <key size> performance.\n", "<keySz> -rsa-sz\n Measure RSA <key size> performance.\n",
@@ -923,9 +926,10 @@ static const char* bench_Usage_msg1[][21] = {
"-<alg> Algorithm to benchmark. Available algorithms include:\n", "-<alg> Algorithm to benchmark. Available algorithms include:\n",
"-lng <num> Display benchmark result by specified language.\n 0: English, 1: Japanese\n", "-lng <num> Display benchmark result by specified language.\n 0: English, 1: Japanese\n",
"<num> Size of block in bytes\n", "<num> Size of block in bytes\n",
"-blocks <num> Number of blocks. Can be used together with the 'Size of block'\n" ("-blocks <num> Number of blocks. Can be used together with the 'Size of block'\n"
" option, but must be used after that one.\n" " option, but must be used after that one.\n"
"-threads <num> Number of threads to run\n", "-threads <num> Number of threads to run\n"
),
"-print Show benchmark stats summary\n" "-print Show benchmark stats summary\n"
}, },
#ifndef NO_MULTIBYTE_PRINT #ifndef NO_MULTIBYTE_PRINT
@@ -1297,7 +1301,7 @@ static const char* bench_result_words2[][5] = {
#define AES_AAD_OPTIONS_DEFAULT 0x3U #define AES_AAD_OPTIONS_DEFAULT 0x3U
#endif #endif
#endif #endif
#define AES_AAD_STRING(s) (aesAuthAddSz == 0 ? s "-no_AAD" : (aesAuthAddSz == AES_AUTH_ADD_SZ ? s : s "-custom")) #define AES_AAD_STRING(s) (aesAuthAddSz == 0 ? (s "-no_AAD") : (aesAuthAddSz == AES_AUTH_ADD_SZ ? (s) : (s "-custom")))
enum en_aad_options { enum en_aad_options {
AAD_SIZE_DEFAULT = 0x1U, AAD_SIZE_DEFAULT = 0x1U,
AAD_SIZE_ZERO = 0x2U, AAD_SIZE_ZERO = 0x2U,

231
wolfcrypt/test/test.c
View File

@@ -22721,23 +22721,30 @@ static int ecc_test_vector(int keySize)
} }
#endif /* WOLF_CRYPTO_CB_ONLY_ECC */ #endif /* WOLF_CRYPTO_CB_ONLY_ECC */
#if defined(HAVE_ECC_SIGN) && defined(HAVE_ECC_DETERMINISTIC_K) #if defined(HAVE_ECC_SIGN) && (defined(WOLFSSL_ECDSA_DETERMINISTIC_K) || \
defined(WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT)) \
&& (!defined(FIPS_VERSION_GE) || FIPS_VERSION_GE(5,3))
#if defined(HAVE_ECC256) #if defined(HAVE_ECC256)
static int ecc_test_deterministic_k(WC_RNG* rng) static int ecc_test_deterministic_k(WC_RNG* rng)
{ {
int ret; int ret;
ecc_key key; #ifdef WOLFSSL_SMALL_STACK
ecc_key *key = NULL;
#else
ecc_key key[1];
#endif
int key_inited = 0;
byte sig[72]; byte sig[72];
word32 sigSz; word32 sigSz;
unsigned char msg[] = "sample"; WOLFSSL_SMALL_STACK_STATIC const unsigned char msg[] = "sample";
unsigned char hash[32]; unsigned char hash[32];
const char* dIUT = WOLFSSL_SMALL_STACK_STATIC const char* dIUT =
"C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721"; "C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721";
const char* QIUTx = WOLFSSL_SMALL_STACK_STATIC const char* QIUTx =
"60FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB6"; "60FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB6";
const char* QIUTy = WOLFSSL_SMALL_STACK_STATIC const char* QIUTy =
"7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299"; "7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299";
const byte expSig[] = { WOLFSSL_SMALL_STACK_STATIC const byte expSig[] = {
0x30, 0x46, 0x02, 0x21, 0x00, 0xEF, 0xD4, 0x8B, 0x30, 0x46, 0x02, 0x21, 0x00, 0xEF, 0xD4, 0x8B,
0x2A, 0xAC, 0xB6, 0xA8, 0xFD, 0x11, 0x40, 0xDD, 0x2A, 0xAC, 0xB6, 0xA8, 0xFD, 0x11, 0x40, 0xDD,
0x9C, 0xD4, 0x5E, 0x81, 0xD6, 0x9D, 0x2C, 0x87, 0x9C, 0xD4, 0x5E, 0x81, 0xD6, 0x9D, 0x2C, 0x87,
@@ -22749,11 +22756,18 @@ static int ecc_test_deterministic_k(WC_RNG* rng)
0x4D, 0xC4, 0xAB, 0x2F, 0x84, 0x3A, 0xCD, 0xA8 0x4D, 0xC4, 0xAB, 0x2F, 0x84, 0x3A, 0xCD, 0xA8
}; };
ret = wc_ecc_init_ex(&key, HEAP_HINT, devId); #ifdef WOLFSSL_SMALL_STACK
key = (ecc_key *)XMALLOC(sizeof(*key), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (key == NULL)
return MEMORY_E;
#endif
ret = wc_ecc_init_ex(key, HEAP_HINT, devId);
if (ret != 0) { if (ret != 0) {
return ret; goto done;
} }
ret = wc_ecc_import_raw(&key, QIUTx, QIUTy, dIUT, "SECP256R1"); key_inited = 1;
ret = wc_ecc_import_raw(key, QIUTx, QIUTy, dIUT, "SECP256R1");
if (ret != 0) { if (ret != 0) {
goto done; goto done;
} }
@@ -22764,7 +22778,7 @@ static int ecc_test_deterministic_k(WC_RNG* rng)
goto done; goto done;
} }
ret = wc_ecc_set_deterministic(&key, 1); ret = wc_ecc_set_deterministic(key, 1);
if (ret != 0) { if (ret != 0) {
goto done; goto done;
} }
@@ -22772,10 +22786,10 @@ static int ecc_test_deterministic_k(WC_RNG* rng)
sigSz = sizeof(sig); sigSz = sizeof(sig);
do { do {
#if defined(WOLFSSL_ASYNC_CRYPT) #if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); ret = wc_AsyncWait(ret, key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
#endif #endif
if (ret == 0) if (ret == 0)
ret = wc_ecc_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, &key); ret = wc_ecc_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, key);
} while (ret == WC_PENDING_E); } while (ret == WC_PENDING_E);
if (ret != 0) { if (ret != 0) {
goto done; goto done;
@@ -22794,10 +22808,10 @@ static int ecc_test_deterministic_k(WC_RNG* rng)
sigSz = sizeof(sig); sigSz = sizeof(sig);
do { do {
#if defined(WOLFSSL_ASYNC_CRYPT) #if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); ret = wc_AsyncWait(ret, key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
#endif #endif
if (ret == 0) if (ret == 0)
ret = wc_ecc_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, &key); ret = wc_ecc_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, key);
} while (ret == WC_PENDING_E); } while (ret == WC_PENDING_E);
if (ret != 0) { if (ret != 0) {
goto done; goto done;
@@ -22805,8 +22819,12 @@ static int ecc_test_deterministic_k(WC_RNG* rng)
TEST_SLEEP(); TEST_SLEEP();
done: done:
wc_ecc_free(&key); if (key_inited)
return ret; wc_ecc_free(key);
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
} }
#endif #endif
@@ -22816,34 +22834,61 @@ done:
static int ecc384_test_deterministic_k(WC_RNG* rng) static int ecc384_test_deterministic_k(WC_RNG* rng)
{ {
int ret; int ret;
ecc_key key; #ifdef WOLFSSL_SMALL_STACK
byte sig[72]; ecc_key *key;
word32 sigSz; mp_int *r, *s, *expR, *expS;
unsigned char msg[] = "sample"; #else
ecc_key key[1];
mp_int r[1], s[1], expR[1], expS[1];
#endif
int key_inited = 0;
WOLFSSL_SMALL_STACK_STATIC const unsigned char msg[] = "sample";
unsigned char hash[32]; unsigned char hash[32];
const char* dIUT = WOLFSSL_SMALL_STACK_STATIC const char* dIUT =
"6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D8" "6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D8"
"96D5724E4C70A825F872C9EA60D2EDF5"; "96D5724E4C70A825F872C9EA60D2EDF5";
const char* QIUTx = WOLFSSL_SMALL_STACK_STATIC const char* QIUTx =
"EC3A4E415B4E19A4568618029F427FA5DA9A8BC4AE92E02E06AAE5286B300C64" "EC3A4E415B4E19A4568618029F427FA5DA9A8BC4AE92E02E06AAE5286B300C64"
"DEF8F0EA9055866064A254515480BC13"; "DEF8F0EA9055866064A254515480BC13";
const char* QIUTy = WOLFSSL_SMALL_STACK_STATIC const char* QIUTy =
"8015D9B72D7D57244EA8EF9AC0C621896708A59367F9DFB9F54CA84B3F1C9DB1" "8015D9B72D7D57244EA8EF9AC0C621896708A59367F9DFB9F54CA84B3F1C9DB1"
"288B231C3AE0D4FE7344FD2533264720"; "288B231C3AE0D4FE7344FD2533264720";
const char* expRstr = WOLFSSL_SMALL_STACK_STATIC const char* expRstr =
"21B13D1E013C7FA1392D03C5F99AF8B30C570C6F98D4EA8E354B63A21D3DAA33" "21B13D1E013C7FA1392D03C5F99AF8B30C570C6F98D4EA8E354B63A21D3DAA33"
"BDE1E888E63355D92FA2B3C36D8FB2CD"; "BDE1E888E63355D92FA2B3C36D8FB2CD";
const char* expSstr = WOLFSSL_SMALL_STACK_STATIC const char* expSstr =
"F3AA443FB107745BF4BD77CB3891674632068A10CA67E3D45DB2266FA7D1FEEB" "F3AA443FB107745BF4BD77CB3891674632068A10CA67E3D45DB2266FA7D1FEEB"
"EFDC63ECCD1AC42EC0CB8668A4FA0AB0"; "EFDC63ECCD1AC42EC0CB8668A4FA0AB0";
mp_int r,s, expR, expS;
mp_init_multi(&r, &s, &expR, &expS, NULL, NULL); #ifdef WOLFSSL_SMALL_STACK
ret = wc_ecc_init_ex(&key, HEAP_HINT, devId); key = (ecc_key *)XMALLOC(sizeof(*key), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (ret != 0) { r = (mp_int *)XMALLOC(sizeof(*r), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return ret; s = (mp_int *)XMALLOC(sizeof(*s), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
expR = (mp_int *)XMALLOC(sizeof(*expR), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
expS = (mp_int *)XMALLOC(sizeof(*expS), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if ((key == NULL) ||
(r == NULL) ||
(s == NULL) ||
(expR == NULL) ||
(expS == NULL))
{
ret = MEMORY_E;
goto done;
} }
ret = wc_ecc_import_raw(&key, QIUTx, QIUTy, dIUT, "SECP384R1"); #endif
ret = mp_init_multi(r, s, expR, expS, NULL, NULL);
if (ret != MP_OKAY) {
goto done;
}
ret = wc_ecc_init_ex(key, HEAP_HINT, devId);
if (ret != 0) {
goto done;
}
key_inited = 1;
ret = wc_ecc_import_raw(key, QIUTx, QIUTy, dIUT, "SECP384R1");
if (ret != 0) { if (ret != 0) {
goto done; goto done;
} }
@@ -22854,32 +22899,45 @@ static int ecc384_test_deterministic_k(WC_RNG* rng)
goto done; goto done;
} }
ret = wc_ecc_set_deterministic(&key, 1); ret = wc_ecc_set_deterministic(key, 1);
if (ret != 0) { if (ret != 0) {
goto done; goto done;
} }
sigSz = sizeof(sig);
do { do {
#if defined(WOLFSSL_ASYNC_CRYPT) #if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); ret = wc_AsyncWait(ret, key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
#endif #endif
if (ret == 0) if (ret == 0)
ret = wc_ecc_sign_hash_ex(hash, sizeof(hash), rng, &key, &r, &s); ret = wc_ecc_sign_hash_ex(hash, sizeof(hash), rng, key, r, s);
} while (ret == WC_PENDING_E); } while (ret == WC_PENDING_E);
if (ret != 0) { if (ret != 0) {
goto done; goto done;
} }
TEST_SLEEP(); TEST_SLEEP();
mp_read_radix(&expR, expRstr, MP_RADIX_HEX); mp_read_radix(expR, expRstr, MP_RADIX_HEX);
mp_read_radix(&expS, expSstr, MP_RADIX_HEX); mp_read_radix(expS, expSstr, MP_RADIX_HEX);
if (mp_cmp(&r, &expR) != MP_EQ) { if (mp_cmp(r, expR) != MP_EQ) {
ret = -1; ret = -1;
} }
done: done:
wc_ecc_free(&key); if (key_inited)
wc_ecc_free(key);
#ifdef WOLFSSL_SMALL_STACK
if (key != NULL)
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (r != NULL)
XFREE(r, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (s != NULL)
XFREE(s, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (expR != NULL)
XFREE(expR, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (expS != NULL)
XFREE(expS, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret; return ret;
} }
#endif /* HAVE_ECC384 */ #endif /* HAVE_ECC384 */
@@ -22889,40 +22947,67 @@ done:
static int ecc521_test_deterministic_k(WC_RNG* rng) static int ecc521_test_deterministic_k(WC_RNG* rng)
{ {
int ret; int ret;
ecc_key key; #ifdef WOLFSSL_SMALL_STACK
byte sig[ECC_MAX_SIG_SIZE]; ecc_key *key;
word32 sigSz; mp_int *r, *s, *expR, *expS;
unsigned char msg[] = "sample"; #else
ecc_key key[1];
mp_int r[1], s[1], expR[1], expS[1];
#endif
int key_inited = 0;
WOLFSSL_SMALL_STACK_STATIC const unsigned char msg[] = "sample";
unsigned char hash[32]; unsigned char hash[32];
const char* dIUT = WOLFSSL_SMALL_STACK_STATIC const char* dIUT =
"0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75C" "0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75C"
"AA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83" "AA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83"
"538"; "538";
const char* QIUTx = WOLFSSL_SMALL_STACK_STATIC const char* QIUTx =
"1894550D0785932E00EAA23B694F213F8C3121F86DC97A04E5A7167DB4E5BCD3" "1894550D0785932E00EAA23B694F213F8C3121F86DC97A04E5A7167DB4E5BCD3"
"71123D46E45DB6B5D5370A7F20FB633155D38FFA16D2BD761DCAC474B9A2F502" "71123D46E45DB6B5D5370A7F20FB633155D38FFA16D2BD761DCAC474B9A2F502"
"3A4"; "3A4";
const char* QIUTy = WOLFSSL_SMALL_STACK_STATIC const char* QIUTy =
"0493101C962CD4D2FDDF782285E64584139C2F91B47F87FF82354D6630F746A2" "0493101C962CD4D2FDDF782285E64584139C2F91B47F87FF82354D6630F746A2"
"8A0DB25741B5B34A828008B22ACC23F924FAAFBD4D33F81EA66956DFEAA2BFDF" "8A0DB25741B5B34A828008B22ACC23F924FAAFBD4D33F81EA66956DFEAA2BFDF"
"CF5"; "CF5";
const char* expRstr = WOLFSSL_SMALL_STACK_STATIC const char* expRstr =
"1511BB4D675114FE266FC4372B87682BAECC01D3CC62CF2303C92B3526012659" "1511BB4D675114FE266FC4372B87682BAECC01D3CC62CF2303C92B3526012659"
"D16876E25C7C1E57648F23B73564D67F61C6F14D527D54972810421E7D87589E" "D16876E25C7C1E57648F23B73564D67F61C6F14D527D54972810421E7D87589E"
"1A7"; "1A7";
const char* expSstr = WOLFSSL_SMALL_STACK_STATIC const char* expSstr =
"04A171143A83163D6DF460AAF61522695F207A58B95C0644D87E52AA1A347916" "04A171143A83163D6DF460AAF61522695F207A58B95C0644D87E52AA1A347916"
"E4F7A72930B1BC06DBE22CE3F58264AFD23704CBB63B29B931F7DE6C9D949A7E" "E4F7A72930B1BC06DBE22CE3F58264AFD23704CBB63B29B931F7DE6C9D949A7E"
"CFC"; "CFC";
mp_int r,s, expR, expS;
mp_init_multi(&r, &s, &expR, &expS, NULL, NULL); #ifdef WOLFSSL_SMALL_STACK
ret = wc_ecc_init_ex(&key, HEAP_HINT, devId); key = (ecc_key *)XMALLOC(sizeof(*key), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
r = (mp_int *)XMALLOC(sizeof(*r), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
s = (mp_int *)XMALLOC(sizeof(*s), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
expR = (mp_int *)XMALLOC(sizeof(*expR), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
expS = (mp_int *)XMALLOC(sizeof(*expS), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if ((key == NULL) ||
(r == NULL) ||
(s == NULL) ||
(expR == NULL) ||
(expS == NULL))
{
ret = MEMORY_E;
goto done;
}
#endif
ret = mp_init_multi(r, s, expR, expS, NULL, NULL);
if (ret != MP_OKAY) {
goto done;
}
ret = wc_ecc_init_ex(key, HEAP_HINT, devId);
if (ret != 0) { if (ret != 0) {
return ret; return ret;
} }
ret = wc_ecc_import_raw(&key, QIUTx, QIUTy, dIUT, "SECP521R1"); key_inited = 1;
ret = wc_ecc_import_raw(key, QIUTx, QIUTy, dIUT, "SECP521R1");
if (ret != 0) { if (ret != 0) {
goto done; goto done;
} }
@@ -22933,37 +23018,52 @@ static int ecc521_test_deterministic_k(WC_RNG* rng)
goto done; goto done;
} }
ret = wc_ecc_set_deterministic(&key, 1); ret = wc_ecc_set_deterministic(key, 1);
if (ret != 0) { if (ret != 0) {
goto done; goto done;
} }
sigSz = sizeof(sig);
do { do {
#if defined(WOLFSSL_ASYNC_CRYPT) #if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); ret = wc_AsyncWait(ret, key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
#endif #endif
if (ret == 0) if (ret == 0)
ret = wc_ecc_sign_hash_ex(hash, sizeof(hash), rng, &key, &r, &s); ret = wc_ecc_sign_hash_ex(hash, sizeof(hash), rng, key, r, s);
} while (ret == WC_PENDING_E); } while (ret == WC_PENDING_E);
if (ret != 0) { if (ret != 0) {
goto done; goto done;
} }
TEST_SLEEP(); TEST_SLEEP();
mp_read_radix(&expR, expRstr, MP_RADIX_HEX); mp_read_radix(expR, expRstr, MP_RADIX_HEX);
mp_read_radix(&expS, expSstr, MP_RADIX_HEX); mp_read_radix(expS, expSstr, MP_RADIX_HEX);
if (mp_cmp(&r, &expR) != MP_EQ) { if (mp_cmp(r, expR) != MP_EQ) {
ret = -1; ret = -1;
} }
done: done:
wc_ecc_free(&key); if (key_inited)
wc_ecc_free(key);
#ifdef WOLFSSL_SMALL_STACK
if (key != NULL)
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (r != NULL)
XFREE(r, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (s != NULL)
XFREE(s, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (expR != NULL)
XFREE(expR, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (expS != NULL)
XFREE(expS, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret; return ret;
} }
#endif /* HAVE_ECC521 */ #endif /* HAVE_ECC521 */
#endif /* WOLFSSL_PUBLIC_MP */ #endif /* WOLFSSL_PUBLIC_MP */
#endif #endif /* HAVE_ECC_SIGN && (WOLFSSL_ECDSA_DETERMINISTIC_K ||
WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT)
&& (!FIPS_VERSION_GE || FIPS_VERSION_GE(5,3)) */
#if defined(HAVE_ECC_SIGN) && defined(WOLFSSL_ECDSA_SET_K) && \ #if defined(HAVE_ECC_SIGN) && defined(WOLFSSL_ECDSA_SET_K) && \
@@ -25952,13 +26052,16 @@ WOLFSSL_TEST_SUBROUTINE int ecc_test(void)
} }
#endif #endif
#if defined(HAVE_ECC_SIGN) && defined(HAVE_ECC256) \ #if defined(HAVE_ECC_SIGN) && (defined(WOLFSSL_ECDSA_DETERMINISTIC_K) || \
&& defined(HAVE_ECC_DETERMINISTIC_K) defined(WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT)) \
&& (!defined(FIPS_VERSION_GE) || FIPS_VERSION_GE(5,3))
#ifdef HAVE_ECC256
ret = ecc_test_deterministic_k(&rng); ret = ecc_test_deterministic_k(&rng);
if (ret != 0) { if (ret != 0) {
printf("ecc_test_deterministic_k failed! %d\n", ret); printf("ecc_test_deterministic_k failed! %d\n", ret);
goto done; goto done;
} }
#endif
#ifdef WOLFSSL_PUBLIC_MP #ifdef WOLFSSL_PUBLIC_MP
#if defined(HAVE_ECC384) #if defined(HAVE_ECC384)
ret = ecc384_test_deterministic_k(&rng); ret = ecc384_test_deterministic_k(&rng);

3
wolfssl/ssl.h
View File

@@ -1079,9 +1079,6 @@ WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_load_verify_locations(
WOLFSSL_API const char** wolfSSL_get_system_CA_dirs(word32* num); WOLFSSL_API const char** wolfSSL_get_system_CA_dirs(word32* num);
#endif /* !_WIN32 */ #endif /* !_WIN32 */
WOLFSSL_API int wolfSSL_CTX_load_system_CA_certs(WOLFSSL_CTX* ctx); WOLFSSL_API int wolfSSL_CTX_load_system_CA_certs(WOLFSSL_CTX* ctx);
#ifdef OPENSSL_EXTRA
WOLFSSL_API int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX* ctx);
#endif /* OPENSSL_EXTRA */
#ifdef WOLFSSL_TRUST_PEER_CERT #ifdef WOLFSSL_TRUST_PEER_CERT
WOLFSSL_API int wolfSSL_CTX_trust_peer_cert( WOLFSSL_API int wolfSSL_CTX_trust_peer_cert(
WOLFSSL_CTX* ctx, const char* file, int type); WOLFSSL_CTX* ctx, const char* file, int type);