feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Fixed compile errors in signature.c if ECC on but ECC sign/verify disabled. Added new NO_ASN_TIME option to reduce ASN size for space constrained or missing RTC. Added check to make sure ASN is enabled if ECC sign/verify is enabled.

Browse Source
This commit is contained in:
David Garske
2016-02-12 13:16:39 -08:00
parent 4872f2bc33
commit aeaac15682
4 changed files with 31 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
wolfcrypt/src/asn.c
View File

@ -25,6 +25,13 @@
#include <wolfssl/wolfcrypt/settings.h> #include <wolfssl/wolfcrypt/settings.h>
/*
ASN Options:
* NO_ASN_TIME: Disables time parts of the ASN code for systems without an RTC
or wishing to save space.
* IGNORE_NAME_CONSTRAINTS: Skip ASN name checks.
*/
#ifndef NO_ASN #ifndef NO_ASN
#ifdef HAVE_RTP_SYS #ifdef HAVE_RTP_SYS
@ -94,7 +101,7 @@
#define FALSE 0 #define FALSE 0
#endif #endif
#ifndef NO_ASN_TIME
#if defined(HAVE_RTP_SYS) #if defined(HAVE_RTP_SYS)
/* uses parital <time.h> structures */ /* uses parital <time.h> structures */
#define XTIME(tl) (0) #define XTIME(tl) (0)
@ -491,6 +498,7 @@ time_t idirect_time(time_t * timer)
#endif /* IDIRECT_DEV_TIME */ #endif /* IDIRECT_DEV_TIME */
#endif /* !NO_ASN_TIME */
WOLFSSL_LOCAL int GetLength(const byte* input, word32* inOutIdx, int* len, WOLFSSL_LOCAL int GetLength(const byte* input, word32* inOutIdx, int* len,
word32 maxIdx) word32 maxIdx)
@ -617,7 +625,7 @@ static int GetShortInt(const byte* input, word32* inOutIdx, int* number)
} }
#endif /* !NO_PWDBASED */ #endif /* !NO_PWDBASED */
#ifndef NO_ASN_TIME
/* May not have one, not an error */ /* May not have one, not an error */
static int GetExplicitVersion(const byte* input, word32* inOutIdx, int* version) static int GetExplicitVersion(const byte* input, word32* inOutIdx, int* version)
{ {
@ -634,7 +642,7 @@ static int GetExplicitVersion(const byte* input, word32* inOutIdx, int* version)
return 0; return 0;
} }
#endif /* !NO_ASN_TIME */
WOLFSSL_LOCAL int GetInt(mp_int* mpi, const byte* input, word32* inOutIdx, WOLFSSL_LOCAL int GetInt(mp_int* mpi, const byte* input, word32* inOutIdx,
word32 maxIdx) word32 maxIdx)
@ -2212,7 +2220,7 @@ void FreeDecodedCert(DecodedCert* cert)
#endif /* OPENSSL_EXTRA */ #endif /* OPENSSL_EXTRA */
} }
#ifndef NO_ASN_TIME
static int GetCertHeader(DecodedCert* cert) static int GetCertHeader(DecodedCert* cert)
{ {
int ret = 0, len; int ret = 0, len;
@ -2264,6 +2272,7 @@ static int GetCertHeader(DecodedCert* cert)
return ret; return ret;
} }
#endif /* !NO_ASN_TIME */
#if !defined(NO_RSA) #if !defined(NO_RSA)
/* Store Rsa Key, may save later, Dsa could use in future */ /* Store Rsa Key, may save later, Dsa could use in future */
@ -2327,7 +2336,7 @@ static int StoreRsaKey(DecodedCert* cert)
#endif /* HAVE_ECC */ #endif /* HAVE_ECC */
#ifndef NO_ASN_TIME
static int GetKey(DecodedCert* cert) static int GetKey(DecodedCert* cert)
{ {
int length; int length;
@ -3184,7 +3193,7 @@ static int GetSignature(DecodedCert* cert)
return 0; return 0;
} }
#endif /* !NO_ASN_TIME */
static word32 SetDigest(const byte* digest, word32 digSz, byte* output) static word32 SetDigest(const byte* digest, word32 digSz, byte* output)
{ {
@ -3444,7 +3453,7 @@ int wc_GetCTC_HashOID(int type)
}; };
} }
#ifndef NO_ASN_TIME
/* return true (1) or false (0) for Confirmation */ /* return true (1) or false (0) for Confirmation */
static int ConfirmSignature(const byte* buf, word32 bufSz, static int ConfirmSignature(const byte* buf, word32 bufSz,
const byte* key, word32 keySz, word32 keyOID, const byte* key, word32 keySz, word32 keyOID,
@ -4494,6 +4503,7 @@ static int DecodeNameConstraints(byte* input, int sz, DecodedCert* cert)
return 0; return 0;
} }
#endif /* IGNORE_NAME_CONSTRAINTS */ #endif /* IGNORE_NAME_CONSTRAINTS */
#endif /* NO_ASN_TIME */
#if defined(WOLFSSL_CERT_EXT) && !defined(WOLFSSL_SEP) #if defined(WOLFSSL_CERT_EXT) && !defined(WOLFSSL_SEP)
@ -4670,7 +4680,7 @@ static int DecodePolicyOID(char *out, word32 outSz, byte *in, word32 inSz)
} }
#endif /* WOLFSSL_SEP */ #endif /* WOLFSSL_SEP */
#ifndef NO_ASN_TIME
static int DecodeCertExtensions(DecodedCert* cert) static int DecodeCertExtensions(DecodedCert* cert)
/* /*
* Processing the Certificate Extensions. This does not modify the current * Processing the Certificate Extensions. This does not modify the current
@ -4884,6 +4894,7 @@ int ParseCert(DecodedCert* cert, int type, int verify, void* cm)
return ret; return ret;
} }
#endif /* !NO_ASN_TIME */
/* from SSL proper, for locking can't do find here anymore */ /* from SSL proper, for locking can't do find here anymore */
@ -4920,7 +4931,7 @@ Signer* GetCAByName(void* signers, byte* hash)
#endif /* WOLFCRYPT_ONLY */ #endif /* WOLFCRYPT_ONLY */
#ifndef NO_ASN_TIME
int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
{ {
word32 confirmOID; word32 confirmOID;
@ -5043,7 +5054,7 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
return 0; return 0;
} }
#endif /* !NO_ASN_TIME */
/* Create and init an new signer */ /* Create and init an new signer */
Signer* MakeSigner(void* heap) Signer* MakeSigner(void* heap)

4
wolfcrypt/src/ecc.c
View File

@ -57,6 +57,10 @@ ECC Curves:
#ifdef HAVE_ECC #ifdef HAVE_ECC
#if (defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)) && defined(NO_ASN)
#error ASN must be enabled for ECC sign/verify
#endif
#include <wolfssl/wolfcrypt/ecc.h> #include <wolfssl/wolfcrypt/ecc.h>
#include <wolfssl/openssl/ec.h> #include <wolfssl/openssl/ec.h>
#include <wolfssl/wolfcrypt/asn.h> #include <wolfssl/wolfcrypt/asn.h>

7
wolfcrypt/src/signature.c
View File

@ -38,7 +38,8 @@
#endif #endif
/* If ECC and RSA are disabled then disable signature wrapper */ /* If ECC and RSA are disabled then disable signature wrapper */
#if (!defined(HAVE_ECC) || (defined(HAVE_ECC) && !defined(NO_ASN))) && defined(NO_RSA) #if (!defined(HAVE_ECC) || (defined(HAVE_ECC) && !defined(HAVE_ECC_SIGN) \
&& !defined(HAVE_ECC_VERIFY))) && defined(NO_RSA)
#undef NO_SIG_WRAPPER #undef NO_SIG_WRAPPER
#define NO_SIG_WRAPPER #define NO_SIG_WRAPPER
#endif #endif
@ -169,7 +170,7 @@ int wc_SignatureVerify(
switch(sig_type) { switch(sig_type) {
case WC_SIGNATURE_TYPE_ECC: case WC_SIGNATURE_TYPE_ECC:
{ {
#ifdef HAVE_ECC #if defined(HAVE_ECC) && defined(HAVE_ECC_VERIFY)
int is_valid_sig = 0; int is_valid_sig = 0;
/* Perform verification of signature using provided ECC key */ /* Perform verification of signature using provided ECC key */
@ -292,7 +293,7 @@ int wc_SignatureGenerate(
/* Create signature using hash as data */ /* Create signature using hash as data */
switch(sig_type) { switch(sig_type) {
case WC_SIGNATURE_TYPE_ECC: case WC_SIGNATURE_TYPE_ECC:
#ifdef HAVE_ECC #if defined(HAVE_ECC) && defined(HAVE_ECC_SIGN)
/* Create signature using provided ECC key */ /* Create signature using provided ECC key */
ret = wc_ecc_sign_hash(hash_data, hash_len, sig, sig_len, rng, (ecc_key*)key); ret = wc_ecc_sign_hash(hash_data, hash_len, sig, sig_len, rng, (ecc_key*)key);
#else #else

4
wolfcrypt/test/test.c
View File

@ -6172,8 +6172,8 @@ int ecc_test(void)
WC_RNG rng; WC_RNG rng;
byte sharedA[1024]; byte sharedA[1024];
byte sharedB[1024]; byte sharedB[1024];
#if !defined(NO_ASN) || (!defined(NO_SHA) && \ #if !defined(NO_SHA) && \
((defined(HAVE_ECC192) && defined(HAVE_ECC224)) || defined(HAVE_ALL_CURVES))) ((defined(HAVE_ECC192) && defined(HAVE_ECC224)) || defined(HAVE_ALL_CURVES))
byte sig[1024]; byte sig[1024];
int verify; int verify;
#endif #endif