diff --git a/src/internal.c b/src/internal.c index 92093fa6b..d56d63e86 100644 --- a/src/internal.c +++ b/src/internal.c @@ -8682,8 +8682,10 @@ static int DoVerifyCallback(WOLFSSL* ssl, int ret, ProcPeerCertArgs* args) #endif /* non-zero return code indicates failure override */ if (ssl->verifyCallback(verify_ok, store)) { - WOLFSSL_MSG("Verify callback overriding error!"); - ret = 0; + if (ret != 0) { + WOLFSSL_MSG("Verify callback overriding error!"); + ret = 0; + } } else { /* induce error if one not present */ @@ -10909,6 +10911,11 @@ static int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, } #endif } + + /* make sure async error is cleared */ + if (ret == 0 && (ssl->error == WC_PENDING_E || ssl->error == OCSP_WANT_READ)) { + ssl->error = 0; + } #endif /* WOLFSSL_ASYNC_CRYPT || WOLFSSL_NONBLOCK_OCSP */ WOLFSSL_LEAVE("DoHandShakeMsgType()", ret); diff --git a/src/tls.c b/src/tls.c index 39a67af16..fdda2bba3 100644 --- a/src/tls.c +++ b/src/tls.c @@ -99,6 +99,12 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions); #endif #endif +/* Optional Pre-Master-Secret logging for Wireshark */ +#if !defined(NO_FILESYSTEM) && defined(WOLFSSL_SSLKEYLOGFILE) +#ifndef WOLFSSL_SSLKEYLOGFILE_OUTPUT + #define WOLFSSL_SSLKEYLOGFILE_OUTPUT "sslkeylog.log" +#endif +#endif #ifndef WOLFSSL_NO_TLS12 @@ -269,14 +275,23 @@ static int doPRF(byte* digest, word32 digLen, const byte* secret,word32 secLen, byte md5_result[MAX_PRF_DIG]; /* digLen is real size */ byte sha_result[MAX_PRF_DIG]; /* digLen is real size */ #endif +#if defined(WOLFSSL_ASYNC_CRYPT) && !defined(WC_ASYNC_NO_HASH) DECLARE_VAR(labelSeed, byte, MAX_PRF_LABSEED, heap); + if (labelSeed == NULL) + return MEMORY_E; +#else + byte labelSeed[MAX_PRF_LABSEED]; +#endif - if (half > MAX_PRF_HALF) - return BUFFER_E; - if (labLen + seedLen > MAX_PRF_LABSEED) - return BUFFER_E; - if (digLen > MAX_PRF_DIG) + if (half > MAX_PRF_HALF || + labLen + seedLen > MAX_PRF_LABSEED || + digLen > MAX_PRF_DIG) + { + #if defined(WOLFSSL_ASYNC_CRYPT) && !defined(WC_ASYNC_NO_HASH) + FREE_VAR(labelSeed, heap); + #endif return BUFFER_E; + } #ifdef WOLFSSL_SMALL_STACK md5_half = (byte*)XMALLOC(MAX_PRF_HALF, heap, DYNAMIC_TYPE_DIGEST); @@ -290,7 +305,9 @@ static int doPRF(byte* digest, word32 digLen, const byte* secret,word32 secLen, if (sha_half) XFREE(sha_half, heap, DYNAMIC_TYPE_DIGEST); if (md5_result) XFREE(md5_result, heap, DYNAMIC_TYPE_DIGEST); if (sha_result) XFREE(sha_result, heap, DYNAMIC_TYPE_DIGEST); + #if defined(WOLFSSL_ASYNC_CRYPT) && !defined(WC_ASYNC_NO_HASH) FREE_VAR(labelSeed, heap); + #endif return MEMORY_E; } @@ -320,7 +337,9 @@ static int doPRF(byte* digest, word32 digLen, const byte* secret,word32 secLen, XFREE(sha_result, heap, DYNAMIC_TYPE_DIGEST); #endif +#if defined(WOLFSSL_ASYNC_CRYPT) && !defined(WC_ASYNC_NO_HASH) FREE_VAR(labelSeed, heap); +#endif return ret; } @@ -339,8 +358,10 @@ static int PRF(byte* digest, word32 digLen, const byte* secret, word32 secLen, int ret = 0; if (useAtLeastSha256) { - #ifndef WC_ASYNC_NO_HASH + #if defined(WOLFSSL_ASYNC_CRYPT) && !defined(WC_ASYNC_NO_HASH) DECLARE_VAR(labelSeed, byte, MAX_PRF_LABSEED, heap); + if (labelSeed == NULL) + return MEMORY_E; #else byte labelSeed[MAX_PRF_LABSEED]; #endif @@ -358,7 +379,7 @@ static int PRF(byte* digest, word32 digLen, const byte* secret, word32 secLen, ret = p_hash(digest, digLen, secret, secLen, labelSeed, labLen + seedLen, hash_type, heap, devId); - #ifndef WC_ASYNC_NO_HASH + #if defined(WOLFSSL_ASYNC_CRYPT) && !defined(WC_ASYNC_NO_HASH) FREE_VAR(labelSeed, heap); #endif } @@ -381,35 +402,29 @@ static int PRF(byte* digest, word32 digLen, const byte* secret, word32 secLen, int BuildTlsHandshakeHash(WOLFSSL* ssl, byte* hash, word32* hashLen) { + int ret = 0; word32 hashSz = FINISHED_SZ; if (ssl == NULL || hash == NULL || hashLen == NULL || *hashLen < HSHASH_SZ) return BAD_FUNC_ARG; + /* for constant timing perform these even if error */ #ifndef NO_OLD_TLS - wc_Md5GetHash(&ssl->hsHashes->hashMd5, hash); - wc_ShaGetHash(&ssl->hsHashes->hashSha, &hash[WC_MD5_DIGEST_SIZE]); + ret |= wc_Md5GetHash(&ssl->hsHashes->hashMd5, hash); + ret |= wc_ShaGetHash(&ssl->hsHashes->hashSha, &hash[WC_MD5_DIGEST_SIZE]); #endif if (IsAtLeastTLSv1_2(ssl)) { #ifndef NO_SHA256 if (ssl->specs.mac_algorithm <= sha256_mac || ssl->specs.mac_algorithm == blake2b_mac) { - int ret = wc_Sha256GetHash(&ssl->hsHashes->hashSha256, hash); - - if (ret != 0) - return ret; - + ret |= wc_Sha256GetHash(&ssl->hsHashes->hashSha256, hash); hashSz = WC_SHA256_DIGEST_SIZE; } #endif #ifdef WOLFSSL_SHA384 if (ssl->specs.mac_algorithm == sha384_mac) { - int ret = wc_Sha384GetHash(&ssl->hsHashes->hashSha384, hash); - - if (ret != 0) - return ret; - + ret |= wc_Sha384GetHash(&ssl->hsHashes->hashSha384, hash); hashSz = WC_SHA384_DIGEST_SIZE; } #endif @@ -417,25 +432,29 @@ int BuildTlsHandshakeHash(WOLFSSL* ssl, byte* hash, word32* hashLen) *hashLen = hashSz; - return 0; + if (ret != 0) + ret = BUILD_MSG_ERROR; + + return ret; } int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) { - int ret; + int ret; const byte* side; - byte* handshake_hash; - word32 hashSz = HSHASH_SZ; - - /* using allocate here to allow async hardware to use buffer directly */ - handshake_hash = (byte*)XMALLOC(hashSz, ssl->heap, DYNAMIC_TYPE_DIGEST); + word32 hashSz = HSHASH_SZ; +#if defined(WOLFSSL_ASYNC_CRYPT) && !defined(WC_ASYNC_NO_HASH) + DECLARE_VAR(handshake_hash, byte, HSHASH_SZ, ssl->heap); if (handshake_hash == NULL) return MEMORY_E; +#else + byte handshake_hash[HSHASH_SZ]; +#endif ret = BuildTlsHandshakeHash(ssl, handshake_hash, &hashSz); if (ret == 0) { - if ( XSTRNCMP((const char*)sender, (const char*)client, SIZEOF_SENDER) == 0) + if (XSTRNCMP((const char*)sender, (const char*)client, SIZEOF_SENDER) == 0) side = tls_client; else side = tls_server; @@ -446,7 +465,9 @@ int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) ssl->heap, ssl->devId); } - XFREE(handshake_hash, ssl->heap, DYNAMIC_TYPE_DIGEST); +#if defined(WOLFSSL_ASYNC_CRYPT) && !defined(WC_ASYNC_NO_HASH) + FREE_VAR(handshake_hash, ssl->heap); +#endif return ret; } @@ -523,8 +544,10 @@ static int _DeriveTlsKeys(byte* key_dig, word32 key_dig_len, void* heap, int devId) { int ret; -#ifndef WC_ASYNC_NO_HASH +#if defined(WOLFSSL_ASYNC_CRYPT) && !defined(WC_ASYNC_NO_HASH) DECLARE_VAR(seed, byte, SEED_LEN, heap); + if (seed == NULL) + return MEMORY_E; #else byte seed[SEED_LEN]; #endif @@ -535,7 +558,7 @@ static int _DeriveTlsKeys(byte* key_dig, word32 key_dig_len, ret = PRF(key_dig, key_dig_len, ms, msLen, key_label, KEY_LABEL_SZ, seed, SEED_LEN, tls1_2, hash_type, heap, devId); -#ifndef WC_ASYNC_NO_HASH +#if defined(WOLFSSL_ASYNC_CRYPT) && !defined(WC_ASYNC_NO_HASH) FREE_VAR(seed, heap); #endif @@ -593,13 +616,26 @@ static int _MakeTlsMasterSecret(byte* ms, word32 msLen, int tls1_2, int hash_type, void* heap, int devId) { - byte seed[SEED_LEN]; + int ret; +#if defined(WOLFSSL_ASYNC_CRYPT) && !defined(WC_ASYNC_NO_HASH) + DECLARE_VAR(seed, byte, SEED_LEN, heap); + if (seed == NULL) + return MEMORY_E; +#else + byte seed[SEED_LEN]; +#endif XMEMCPY(seed, cr, RAN_LEN); XMEMCPY(seed + RAN_LEN, sr, RAN_LEN); - return PRF(ms, msLen, pms, pmsLen, master_label, MASTER_LABEL_SZ, + ret = PRF(ms, msLen, pms, pmsLen, master_label, MASTER_LABEL_SZ, seed, SEED_LEN, tls1_2, hash_type, heap, devId); + +#if defined(WOLFSSL_ASYNC_CRYPT) && !defined(WC_ASYNC_NO_HASH) + FREE_VAR(seed, heap); +#endif + + return ret; } /* External facing wrapper so user can call as well, 0 on success */ @@ -640,48 +676,83 @@ int wolfSSL_MakeTlsExtendedMasterSecret(byte* ms, word32 msLen, int MakeTlsMasterSecret(WOLFSSL* ssl) { - int ret; + int ret; + #ifdef HAVE_EXTENDED_MASTER if (ssl->options.haveEMS) { - byte* handshake_hash; word32 hashSz = HSHASH_SZ; - - handshake_hash = (byte*)XMALLOC(HSHASH_SZ, ssl->heap, - DYNAMIC_TYPE_DIGEST); + #ifdef WOLFSSL_SMALL_STACK + byte* handshake_hash = (byte*)XMALLOC(HSHASH_SZ, ssl->heap, + DYNAMIC_TYPE_DIGEST); if (handshake_hash == NULL) return MEMORY_E; + #else + byte handshake_hash[HSHASH_SZ]; + #endif ret = BuildTlsHandshakeHash(ssl, handshake_hash, &hashSz); - if (ret < 0) { - XFREE(handshake_hash, ssl->heap, DYNAMIC_TYPE_DIGEST); - return ret; - } - - ret = _MakeTlsExtendedMasterSecret( + if (ret == 0) { + ret = _MakeTlsExtendedMasterSecret( ssl->arrays->masterSecret, SECRET_LEN, ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz, handshake_hash, hashSz, IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm, ssl->heap, ssl->devId); + } + #ifdef WOLFSSL_SMALL_STACK XFREE(handshake_hash, ssl->heap, DYNAMIC_TYPE_DIGEST); - } else -#endif - ret = _MakeTlsMasterSecret(ssl->arrays->masterSecret, SECRET_LEN, + #endif + } + else +#endif /* HAVE_EXTENDED_MASTER */ + { + ret = _MakeTlsMasterSecret(ssl->arrays->masterSecret, SECRET_LEN, ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz, ssl->arrays->clientRandom, ssl->arrays->serverRandom, IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm, ssl->heap, ssl->devId); - + } if (ret == 0) { #ifdef SHOW_SECRETS - int i; + /* Wireshark Pre-Master-Secret Format: + * CLIENT_RANDOM + */ + const char* CLIENT_RANDOM_LABEL = "CLIENT_RANDOM"; + int i, pmsPos = 0; + char pmsBuf[13 + 1 + 64 + 1 + 96 + 1 + 1]; - printf("master secret: "); - for (i = 0; i < SECRET_LEN; i++) - printf("%02x", ssl->arrays->masterSecret[i]); - printf("\n"); - #endif + XSNPRINTF(&pmsBuf[pmsPos], sizeof(pmsBuf) - pmsPos, "%s ", + CLIENT_RANDOM_LABEL); + pmsPos += XSTRLEN(CLIENT_RANDOM_LABEL) + 1; + for (i = 0; i < RAN_LEN; i++) { + XSNPRINTF(&pmsBuf[pmsPos], sizeof(pmsBuf) - pmsPos, "%02x", + ssl->arrays->clientRandom[i]); + pmsPos += 2; + } + XSNPRINTF(&pmsBuf[pmsPos], sizeof(pmsBuf) - pmsPos, " "); + pmsPos += 1; + for (i = 0; i < SECRET_LEN; i++) { + XSNPRINTF(&pmsBuf[pmsPos], sizeof(pmsBuf) - pmsPos, "%02x", + ssl->arrays->masterSecret[i]); + pmsPos += 2; + } + XSNPRINTF(&pmsBuf[pmsPos], sizeof(pmsBuf) - pmsPos, "\n"); + pmsPos += 1; + + /* print master secret */ + puts(pmsBuf); + + #if !defined(NO_FILESYSTEM) && defined(WOLFSSL_SSLKEYLOGFILE) + { + FILE* f = XFOPEN(WOLFSSL_SSLKEYLOGFILE_OUTPUT, "a"); + if (f != XBADFILE) { + XFWRITE(pmsBuf, 1, pmsPos, f); + XFCLOSE(f); + } + } + #endif + #endif /* SHOW_SECRETS */ ret = DeriveTlsKeys(ssl); } diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 28e579253..de0a87bef 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -29,6 +29,8 @@ #if !defined(NO_AES) +/* Tip: Locate the software cipher modes by searching for "Software AES" */ + #if defined(HAVE_FIPS) && \ defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) @@ -737,7 +739,7 @@ #else - /* using wolfCrypt software AES implementation */ + /* using wolfCrypt software implementation */ #define NEED_AES_TABLES #endif @@ -1360,7 +1362,7 @@ static WC_INLINE word32 PreFetchTe(void) return x; } - +/* Software AES - ECB Encrypt */ static void wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock) { word32 s0, s1, s2, s3; @@ -1370,7 +1372,7 @@ static void wc_AesEncrypt(Aes* aes, const byte* inBlock, byte* outBlock) if (r > 7 || r == 0) { WOLFSSL_MSG("AesEncrypt encountered improper key, set it up"); - return; /* stop instead of segfaulting, set up your keys! */ + return; /* stop instead of seg-faulting, set up your keys! */ } #ifdef WOLFSSL_AESNI @@ -1579,6 +1581,7 @@ static WC_INLINE word32 PreFetchTd4(void) return x; } +/* Software AES - ECB Decrypt */ static void wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock) { word32 s0, s1, s2, s3; @@ -1588,7 +1591,7 @@ static void wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock) const word32* rk = aes->key; if (r > 7 || r == 0) { WOLFSSL_MSG("AesDecrypt encountered improper key, set it up"); - return; /* stop instead of segfaulting, set up your keys! */ + return; /* stop instead of seg-faulting, set up your keys! */ } #ifdef WOLFSSL_AESNI if (haveAESNI && aes->use_aesni) { @@ -1955,6 +1958,8 @@ static void wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock) /* implemented in wolfcrypt/src/port/devcrypto/devcrypto_aes.c */ #else + + /* Software AES - SetKey */ static int wc_AesSetKeyLocal(Aes* aes, const byte* userKey, word32 keylen, const byte* iv, int dir) { @@ -2828,6 +2833,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv) #else + /* Software AES - CBC Encrypt */ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) { word32 blocks = (sz / AES_BLOCK_SIZE); @@ -2917,6 +2923,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv) } #ifdef HAVE_AES_DECRYPT + /* Software AES - CBC Decrypt */ int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) { word32 blocks; @@ -3171,6 +3178,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv) } } + /* Software AES - CTR Encrypt */ int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) { byte* tmp; @@ -3348,7 +3356,7 @@ static void GenerateM0(Aes* aes) #endif /* GCM_TABLE */ - +/* Software AES - GCM SetKey */ int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len) { int ret; @@ -8367,6 +8375,7 @@ int AES_GCM_encrypt_C(Aes* aes, byte* out, const byte* in, word32 sz, return ret; } +/* Software AES - GCM Encrypt */ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz, const byte* iv, word32 ivSz, byte* authTag, word32 authTagSz, @@ -8452,8 +8461,6 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz, } #endif /* WOLFSSL_ASYNC_CRYPT */ - /* Software AES-GCM */ - #ifdef WOLFSSL_AESNI #ifdef HAVE_INTEL_AVX2 if (IS_INTEL_AVX2(intel_flags)) { @@ -8765,6 +8772,7 @@ int AES_GCM_decrypt_C(Aes* aes, byte* out, const byte* in, word32 sz, return ret; } +/* Software AES - GCM Decrypt */ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, const byte* iv, word32 ivSz, const byte* authTag, word32 authTagSz, @@ -8852,8 +8860,6 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, } #endif /* WOLFSSL_ASYNC_CRYPT */ - /* software AES GCM */ - #ifdef WOLFSSL_AESNI #ifdef HAVE_INTEL_AVX2 if (IS_INTEL_AVX2(intel_flags)) { @@ -9155,10 +9161,9 @@ int wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz, } #endif /* HAVE_AES_DECRYPT */ - -/* software AES CCM */ #else +/* Software CCM */ static void roll_x(Aes* aes, const byte* in, word32 inSz, byte* out) { /* process the bulk of the data */ @@ -9231,6 +9236,7 @@ static WC_INLINE void AesCcmCtrInc(byte* B, word32 lenSz) } } +/* Software AES - CCM Encrypt */ /* return 0 on success */ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz, const byte* nonce, word32 nonceSz, @@ -9299,6 +9305,7 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz, } #ifdef HAVE_AES_DECRYPT +/* Software AES - CCM Decrypt */ int wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz, const byte* nonce, word32 nonceSz, const byte* authTag, word32 authTagSz, @@ -9390,7 +9397,7 @@ int wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz, } #endif /* HAVE_AES_DECRYPT */ -#endif /* software AES CCM */ +#endif /* software CCM */ /* abstract functions that call lower level AESCCM functions */ #ifndef WC_NO_RNG @@ -9584,7 +9591,7 @@ int wc_AesGetKeySize(Aes* aes, word32* keySize) #else -/* software implementation */ +/* Software AES - ECB */ int wc_AesEcbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) { word32 blocks = sz / AES_BLOCK_SIZE; @@ -9631,6 +9638,7 @@ int wc_AesEcbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) * * returns 0 on success and negative error values on failure */ +/* Software AES - CFB Encrypt */ int wc_AesCfbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) { byte* tmp = NULL; @@ -9692,6 +9700,7 @@ int wc_AesCfbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) * * returns 0 on success and negative error values on failure */ +/* Software AES - CFB Decrypt */ int wc_AesCfbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) { byte* tmp; @@ -10070,7 +10079,7 @@ static int _AesXtsHelper(Aes* aes, byte* out, const byte* in, word32 sz, int dir word32 j; byte carry = 0; - /* multiply by shift left and propogate carry */ + /* multiply by shift left and propagate carry */ for (j = 0; j < AES_BLOCK_SIZE && outSz > 0; j++, outSz--) { byte tmpC; @@ -10108,6 +10117,7 @@ static int _AesXtsHelper(Aes* aes, byte* out, const byte* in, word32 sz, int dir * * returns 0 on success */ +/* Software AES - XTS Encrypt */ int wc_AesXtsEncrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz, const byte* i, word32 iSz) { @@ -10160,7 +10170,7 @@ int wc_AesXtsEncrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz, #endif xorbuf(out, tmp, AES_BLOCK_SIZE); - /* multiply by shift left and propogate carry */ + /* multiply by shift left and propagate carry */ for (j = 0; j < AES_BLOCK_SIZE; j++) { byte tmpC; @@ -10215,6 +10225,7 @@ int wc_AesXtsEncrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz, * * returns 0 on success */ +/* Software AES - XTS Decrypt */ int wc_AesXtsDecrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz, const byte* i, word32 iSz) { @@ -10274,7 +10285,7 @@ int wc_AesXtsDecrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz, #endif xorbuf(out, tmp, AES_BLOCK_SIZE); - /* multiply by shift left and propogate carry */ + /* multiply by shift left and propagate carry */ for (j = 0; j < AES_BLOCK_SIZE; j++) { byte tmpC; @@ -10298,7 +10309,7 @@ int wc_AesXtsDecrypt(XtsAes* xaes, byte* out, const byte* in, word32 sz, byte buf[AES_BLOCK_SIZE]; byte tmp2[AES_BLOCK_SIZE]; - /* multiply by shift left and propogate carry */ + /* multiply by shift left and propagate carry */ for (j = 0; j < AES_BLOCK_SIZE; j++) { byte tmpC; diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index b2db1674c..00637c288 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -3680,7 +3680,11 @@ static int wc_ecc_gen_k(WC_RNG* rng, int size, mp_int* k, mp_int* order) { #ifndef WC_NO_RNG int err; +#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC) DECLARE_VAR(buf, byte, ECC_MAXSIZE_GEN, rng->heap); +#else + byte buf[ECC_MAXSIZE_GEN]; +#endif /*generate 8 extra bytes to mitigate bias from the modulo operation below*/ /*see section A.1.2 in 'Suite B Implementor's Guide to FIPS 186-3 (ECDSA)'*/ @@ -3707,7 +3711,9 @@ static int wc_ecc_gen_k(WC_RNG* rng, int size, mp_int* k, mp_int* order) } ForceZero(buf, ECC_MAXSIZE); +#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC) FREE_VAR(buf, rng->heap); +#endif return err; #else diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index e4a18c486..a6a2a77e0 100755 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -308,7 +308,7 @@ static int Hash_df(DRBG* drbg, byte* out, word32 outSz, byte type, #endif (void)drbg; -#ifdef WOLFSSL_ASYNC_CRYPT +#ifdef WC_ASYNC_ENABLE_SHA256 if (digest == NULL) return DRBG_FAILURE; #endif diff --git a/wolfssl/test.h b/wolfssl/test.h index d9127ca06..252f2c8ea 100644 --- a/wolfssl/test.h +++ b/wolfssl/test.h @@ -1507,6 +1507,7 @@ static WC_INLINE int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store) /* Verify Callback Arguments: * preverify: 1=Verify Okay, 0=Failure + * store->error: Failure error code (0 indicates no failure) * store->current_cert: Current WOLFSSL_X509 object (only with OPENSSL_EXTRA) * store->error_depth: Current Index * store->domain: Subject CN as string (null term) @@ -1549,12 +1550,18 @@ static WC_INLINE int myVerify(int preverify, WOLFSSL_X509_STORE_CTX* store) printf("\tSubject's domain name at %d is %s\n", store->error_depth, store->domain); - printf("\tAllowing to continue anyway (shouldn't do this)\n"); + /* Testing forced fail case by return zero */ + if (myVerifyFail) { + return 0; /* test failure case */ + } + + /* If error indicate we are overriding it for testing purposes */ + if (store->error != 0) { + printf("\tAllowing failed certificate check, testing only " + "(shouldn't do this in production)\n"); + } /* A non-zero return code indicates failure override */ - if (myVerifyFail) - return 0; /* test failure case */ - return 1; }