feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Fix for FIPS 140-2 and older ACVP math selection. Fix for building with "--disable-sp-math-all --disable-fastmath". Fix for building SAKKE with HAVE_WOLF_BIGINT.

Browse Source
This commit is contained in:
David Garske
2022-06-23 09:45:13 -07:00
parent ee12c12e98
commit 78d3284c3c
4 changed files with 20 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
configure.ac
View File

@@ -5839,7 +5839,7 @@ AC_ARG_ENABLE([heapmath],
[ ENABLED_HEAPMATH=$enableval ], [ ENABLED_HEAPMATH=$enableval ],
[ ENABLED_HEAPMATH=no] [ ENABLED_HEAPMATH=no]
) )
if test "x$ENABLED_HEAPMATH" = "xyes" if test "x$ENABLED_HEAPMATH" = "xyes" || (test "x$ENABLED_SP_MATH_ALL" = "xno" && test "x$ENABLED_FASTMATH" = "xno")
then then
AM_CFLAGS="$AM_CFLAGS -DUSE_INTEGER_HEAP_MATH" AM_CFLAGS="$AM_CFLAGS -DUSE_INTEGER_HEAP_MATH"
ENABLED_HEAPMATH=yes ENABLED_HEAPMATH=yes

3
wolfcrypt/src/wolfmath.c
View File

@@ -361,8 +361,7 @@ int wc_mp_to_bigint_sz(mp_int* src, WC_BIGINT* dst, word32 sz)
/* make sure destination is allocated and large enough */ /* make sure destination is allocated and large enough */
err = wc_bigint_alloc(dst, sz); err = wc_bigint_alloc(dst, sz);
if (err == MP_OKAY) { if (err == MP_OKAY && sz > 0) {
/* leading zero pad */ /* leading zero pad */
y = sz - x; y = sz - x;
XMEMSET(dst->buf, 0, y); XMEMSET(dst->buf, 0, y);

12
wolfcrypt/test/test.c
View File

@@ -30392,7 +30392,7 @@ static int sakke_api_test(WC_RNG* rng, SakkeKey* key, ecc_point* rsk)
static int sakke_kat_derive_test(SakkeKey* key, ecc_point* rsk) static int sakke_kat_derive_test(SakkeKey* key, ecc_point* rsk)
{ {
static const byte pubData[] = { WOLFSSL_SMALL_STACK_STATIC const byte pubData[] = {
0x59, 0x58, 0xEF, 0x1B, 0x16, 0x79, 0xBF, 0x09, 0x59, 0x58, 0xEF, 0x1B, 0x16, 0x79, 0xBF, 0x09,
0x9B, 0x3A, 0x03, 0x0D, 0xF2, 0x55, 0xAA, 0x6A, 0x9B, 0x3A, 0x03, 0x0D, 0xF2, 0x55, 0xAA, 0x6A,
0x23, 0xC1, 0xD8, 0xF1, 0x43, 0xD4, 0xD2, 0x3F, 0x23, 0xC1, 0xD8, 0xF1, 0x43, 0xD4, 0xD2, 0x3F,
@@ -30426,7 +30426,7 @@ static int sakke_kat_derive_test(SakkeKey* key, ecc_point* rsk)
0xB5, 0x8B, 0x7C, 0xC7, 0x96, 0xE2, 0x4E, 0x9A, 0xB5, 0x8B, 0x7C, 0xC7, 0x96, 0xE2, 0x4E, 0x9A,
0x39, 0x40, 0x95, 0x75, 0x4F, 0x5F, 0x8B, 0xAE 0x39, 0x40, 0x95, 0x75, 0x4F, 0x5F, 0x8B, 0xAE
}; };
static const byte rskData[] = { WOLFSSL_SMALL_STACK_STATIC const byte rskData[] = {
0x93, 0xAF, 0x67, 0xE5, 0x00, 0x7B, 0xA6, 0xE6, 0x93, 0xAF, 0x67, 0xE5, 0x00, 0x7B, 0xA6, 0xE6,
0xA8, 0x0D, 0xA7, 0x93, 0xDA, 0x30, 0x0F, 0xA4, 0xA8, 0x0D, 0xA7, 0x93, 0xDA, 0x30, 0x0F, 0xA4,
0xB5, 0x2D, 0x0A, 0x74, 0xE2, 0x5E, 0x6E, 0x7B, 0xB5, 0x2D, 0x0A, 0x74, 0xE2, 0x5E, 0x6E, 0x7B,
@@ -30461,17 +30461,17 @@ static int sakke_kat_derive_test(SakkeKey* key, ecc_point* rsk)
0x33, 0x21, 0x51, 0x23, 0x5D, 0xEC, 0xB0, 0xF5 0x33, 0x21, 0x51, 0x23, 0x5D, 0xEC, 0xB0, 0xF5
}; };
static const byte id[] = { WOLFSSL_SMALL_STACK_STATIC const byte id[] = {
0x32, 0x30, 0x31, 0x31, 0x2D, 0x30, 0x32, 0x00, 0x32, 0x30, 0x31, 0x31, 0x2D, 0x30, 0x32, 0x00,
0x74, 0x65, 0x6C, 0x3A, 0x2B, 0x34, 0x34, 0x37, 0x74, 0x65, 0x6C, 0x3A, 0x2B, 0x34, 0x34, 0x37,
0x37, 0x30, 0x30, 0x39, 0x30, 0x30, 0x31, 0x32, 0x37, 0x30, 0x30, 0x39, 0x30, 0x30, 0x31, 0x32,
0x33, 0x00 0x33, 0x00
}; };
static const byte ssv[] = { WOLFSSL_SMALL_STACK_STATIC const byte ssv[] = {
0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0, 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0,
0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0
}; };
static const byte auth[] = { WOLFSSL_SMALL_STACK_STATIC const byte auth[] = {
0x04, 0x04,
0x44, 0xE8, 0xAD, 0x44, 0xAB, 0x85, 0x92, 0xA6, 0x44, 0xE8, 0xAD, 0x44, 0xAB, 0x85, 0x92, 0xA6,
0xA5, 0xA3, 0xDD, 0xCA, 0x5C, 0xF8, 0x96, 0xC7, 0xA5, 0xA3, 0xDD, 0xCA, 0x5C, 0xF8, 0x96, 0xC7,
@@ -30506,7 +30506,7 @@ static int sakke_kat_derive_test(SakkeKey* key, ecc_point* rsk)
0xC5, 0xE2, 0x75, 0x74, 0xB0, 0x77, 0x39, 0xB3, 0xC5, 0xE2, 0x75, 0x74, 0xB0, 0x77, 0x39, 0xB3,
0x4B, 0xE7, 0x4A, 0x53, 0x2F, 0x74, 0x7B, 0x86 0x4B, 0xE7, 0x4A, 0x53, 0x2F, 0x74, 0x7B, 0x86
}; };
byte encSsv[] = { WOLFSSL_SMALL_STACK_STATIC const byte encSsv[] = {
0x89, 0xE0, 0xBC, 0x66, 0x1A, 0xA1, 0xE9, 0x16, 0x89, 0xE0, 0xBC, 0x66, 0x1A, 0xA1, 0xE9, 0x16,
0x38, 0xE6, 0xAC, 0xC8, 0x4E, 0x49, 0x65, 0x07 0x38, 0xE6, 0xAC, 0xC8, 0x4E, 0x49, 0x65, 0x07
}; };

15
wolfssl/wolfcrypt/settings.h
View File

@@ -1886,8 +1886,9 @@ extern void uITRON4_free(void *p) ;
/* --------------------------------------------------------------------------- /* ---------------------------------------------------------------------------
* Math Library Selection (in order of preference) * Math Library Selection (in order of preference)
* ---------------------------------------------------------------------------*/ * ---------------------------------------------------------------------------*/
/* Only evaluate this if it is A) not fips or B) only 140-3 FIPS /* Only evaluate this if:
* (v5 or greater) */ * A) Not fips
* B) FIPS 140-3 (v5 or greater) */
#if !defined(HAVE_FIPS_VERSION) || \ #if !defined(HAVE_FIPS_VERSION) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 5)) (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 5))
/* 1) SP Math: wolfSSL proprietary math implementation (sp_int.c). /* 1) SP Math: wolfSSL proprietary math implementation (sp_int.c).
@@ -1911,7 +1912,15 @@ extern void uITRON4_free(void *p) ;
#elif defined(USE_FAST_MATH) #elif defined(USE_FAST_MATH)
/* 2) Using fast math (tfm.c) - USE_FAST_MATH */ /* 2) Using fast math (tfm.c) - USE_FAST_MATH */
#else #else
/* 3) Using heap based (integer.c) math - USE_INTEGER_HEAP_MATH */ /* 3) Using heap math (integer.c) - USE_INTEGER_HEAP_MATH */
#endif
#else
/* FIPS 140-2 or older */
/* Default to fast math (tfm.c), but allow heap math (integer.c) */
#if !defined(USE_INTEGER_HEAP_MATH)
#undef USE_FAST_MATH
#define USE_FAST_MATH
#define FP_MAX_BITS 8192
#endif #endif
#endif #endif
/*----------------------------------------------------------------------------*/ /*----------------------------------------------------------------------------*/