feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Added ability to force 32-bit mode using --enable-32bit. Added ability to disable all inline asembly using --disable-asm. Added check for __EMSCRIPTEN__ define in types.h to properly setup 64-bit type. Fixes for build combinations with SHA512 and CHACHA20.

Browse Source
This commit is contained in:
David Garske
2017-11-06 14:37:34 -08:00
parent 94c1aab67e
commit b8cc132e99
10 changed files with 104 additions and 71 deletions
Download Patch File Download Diff File Expand all files Collapse all files

113
configure.ac
View File

@@ -222,6 +222,33 @@ fi
AM_CONDITIONAL([BUILD_ALL], [test "x$ENABLED_ALL" = "xyes"]) AM_CONDITIONAL([BUILD_ALL], [test "x$ENABLED_ALL" = "xyes"])
# Support for forcing 32-bit mode
AC_ARG_ENABLE([32bit],
[AS_HELP_STRING([--enable-32bit],[Enables 32-bit support (default: disabled)])],
[ ENABLED_32BIT=$enableval ],
[ ENABLED_32BIT=no ]
)
if test "$ENABLED_32BIT" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DNO_64BIT -DNO_CURVED25519_128BIT -m32"
AM_LDFLAGS="$AM_LDFLAGS -m32"
fi
# Support for disabling all ASM
AC_ARG_ENABLE([asm],
[AS_HELP_STRING([--enable-asm],[Enables option for assembly (default: enabled)])],
[ ENABLED_ASM=$enableval ],
[ ENABLED_ASM=yes ]
)
if test "$ENABLED_ASM" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DTFM_NO_ASM -DWOLFSSL_NO_ASM"
fi
# SINGLE THREADED # SINGLE THREADED
AC_ARG_ENABLE([singlethreaded], AC_ARG_ENABLE([singlethreaded],
[AS_HELP_STRING([--enable-singlethreaded],[Enable wolfSSL single threaded (default: disabled)])], [AS_HELP_STRING([--enable-singlethreaded],[Enable wolfSSL single threaded (default: disabled)])],
@@ -485,7 +512,7 @@ then
AM_CFLAGS="$AM_CFLAGS -DHAVE_EXT_CACHE" AM_CFLAGS="$AM_CFLAGS -DHAVE_EXT_CACHE"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_VERIFY_CB -DOPENSSL_EXTRA" AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALWAYS_VERIFY_CB -DOPENSSL_EXTRA"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT -DWOLFSSL_DER_LOAD" AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT -DWOLFSSL_DER_LOAD"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384 -DWOLFSSL_KEY_GEN" AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WPAS" AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WPAS"
fi fi
@@ -504,7 +531,7 @@ fi
if test "$ENABLED_FORTRESS" = "yes" if test "$ENABLED_FORTRESS" = "yes"
then then
AM_CFLAGS="$AM_CFLAGS -DFORTRESS -DWOLFSSL_ALWAYS_VERIFY_CB -DOPENSSL_EXTRA -DWOLFSSL_AES_COUNTER -DWOLFSSL_AES_DIRECT -DWOLFSSL_DER_LOAD -DWOLFSSL_SHA512 -DWOLFSSL_SHA384 -DWOLFSSL_KEY_GEN" AM_CFLAGS="$AM_CFLAGS -DFORTRESS -DWOLFSSL_ALWAYS_VERIFY_CB -DOPENSSL_EXTRA -DWOLFSSL_AES_COUNTER -DWOLFSSL_AES_DIRECT -DWOLFSSL_DER_LOAD -DWOLFSSL_KEY_GEN"
fi fi
@@ -764,7 +791,7 @@ AC_ARG_ENABLE([armasm],
[ ENABLED_ARMASM=$enableval ], [ ENABLED_ARMASM=$enableval ],
[ ENABLED_ARMASM=no ] [ ENABLED_ARMASM=no ]
) )
if test "$ENABLED_ARMASM" = "yes" if test "$ENABLED_ARMASM" = "yes" && test "$ENABLED_ASM" = "yes"
then then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ARMASM" AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ARMASM"
#Check if mcpu and mfpu values already set if not use default #Check if mcpu and mfpu values already set if not use default
@@ -813,31 +840,34 @@ AC_ARG_ENABLE([intelasm],
[ ENABLED_INTELASM=no ] [ ENABLED_INTELASM=no ]
) )
if test "$ENABLED_AESNI" = "small" if test "$ENABLED_ASM" = "yes"
then then
AM_CFLAGS="$AM_CFLAGS -DAES_GCM_AESNI_NO_UNROLL" if test "$ENABLED_AESNI" = "small"
ENABLED_AESNI=yes
fi
if test "$ENABLED_AESNI" = "yes" || test "$ENABLED_INTELASM" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AESNI"
if test "$GCC" = "yes"
then then
# GCC needs these flags, icc doesn't AM_CFLAGS="$AM_CFLAGS -DAES_GCM_AESNI_NO_UNROLL"
# opt levels greater than 2 may cause problems on systems w/o aesni ENABLED_AESNI=yes
if test "$CC" != "icc"
then
AM_CFLAGS="$AM_CFLAGS -maes -msse4 -mpclmul"
fi
fi fi
AS_IF([test "x$ENABLED_AESGCM" != "xno"],[AM_CCASFLAGS="$AM_CCASFLAGS -DHAVE_AESGCM"])
fi
if test "$ENABLED_INTELASM" = "yes" if test "$ENABLED_AESNI" = "yes" || test "$ENABLED_INTELASM" = "yes"
then then
AM_CFLAGS="$AM_CFLAGS -DHAVE_INTEL_RDSEED -DUSE_INTEL_SPEEDUP" AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AESNI"
ENABLED_AESNI=yes if test "$GCC" = "yes"
then
# GCC needs these flags, icc doesn't
# opt levels greater than 2 may cause problems on systems w/o aesni
if test "$CC" != "icc"
then
AM_CFLAGS="$AM_CFLAGS -maes -msse4 -mpclmul"
fi
fi
AS_IF([test "x$ENABLED_AESGCM" != "xno"],[AM_CCASFLAGS="$AM_CCASFLAGS -DHAVE_AESGCM"])
fi
if test "$ENABLED_INTELASM" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DHAVE_INTEL_RDSEED -DUSE_INTEL_SPEEDUP"
ENABLED_AESNI=yes
fi
fi fi
# INTEL RDRAND # INTEL RDRAND
@@ -956,28 +986,23 @@ AC_ARG_ENABLE([sha512],
[ ENABLED_SHA512=$SHA512_DEFAULT ] [ ENABLED_SHA512=$SHA512_DEFAULT ]
) )
# leanpsk and leantls don't need sha512 # options that don't require sha512
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes" if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
then then
ENABLED_SHA512=no ENABLED_SHA512=no
fi fi
if test "$ENABLED_OPENSSH" = "yes" # options that require sha512
if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_WPAS" = "yes" || test "$ENABLED_FORTRESS" = "yes"
then then
ENABLED_SHA512="yes" ENABLED_SHA512="yes"
fi fi
if test "$ENABLED_SHA512" = "yes" if test "$ENABLED_SHA512" = "yes" && test "$ENABLED_32BIT" = "no"
then then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384" AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA512 -DWOLFSSL_SHA384"
fi fi
if test "$ENABLED_FORTRESS" = "yes"
then
ENABLED_SHA512="yes"
fi
AM_CONDITIONAL([BUILD_SHA512], [test "x$ENABLED_SHA512" = "xyes"]) AM_CONDITIONAL([BUILD_SHA512], [test "x$ENABLED_SHA512" = "xyes"])
@@ -1264,7 +1289,7 @@ then
ENABLED_ED25519=yes ENABLED_ED25519=yes
fi fi
if test "$ENABLED_ED25519" = "yes" if test "$ENABLED_ED25519" = "yes" && test "$ENABLED_32BIT" = "no"
then then
if test "$ENABLED_SHA512" = "no" if test "$ENABLED_SHA512" = "no"
then then
@@ -1922,7 +1947,7 @@ then
ENABLED_SHA3="yes" ENABLED_SHA3="yes"
fi fi
if test "$ENABLED_SHA3" = "yes" if test "$ENABLED_SHA3" = "yes" && test "$ENABLED_32BIT" = "no"
then then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA3" AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA3"
fi fi
@@ -1951,7 +1976,7 @@ then
ENABLED_POLY1305=no ENABLED_POLY1305=no
fi fi
if test "$ENABLED_POLY1305" = "yes" if test "$ENABLED_POLY1305" = "yes" && test "$ENABLED_32BIT" = "no"
then then
AM_CFLAGS="$AM_CFLAGS -DHAVE_POLY1305 -DHAVE_ONE_TIME_AUTH" AM_CFLAGS="$AM_CFLAGS -DHAVE_POLY1305 -DHAVE_ONE_TIME_AUTH"
fi fi
@@ -1969,24 +1994,22 @@ fi
# CHACHA # CHACHA
AC_ARG_ENABLE([chacha], AC_ARG_ENABLE([chacha],
[AS_HELP_STRING([--enable-chacha],[Enable CHACHA (default: enabled). Use `=noasm` to disable Intel AVX/AVX2 speedups])], [AS_HELP_STRING([--enable-chacha],[Enable CHACHA (default: enabled). Use `=noasm` to disable ASM AVX/AVX2 speedups])],
[ ENABLED_CHACHA=$enableval ], [ ENABLED_CHACHA=$enableval ],
[ ENABLED_CHACHA=$CHACHA_DEFAULT] [ ENABLED_CHACHA=$CHACHA_DEFAULT]
) )
if test "$ENABLED_AESNI" = "noasm"
then
AM_CFLAGS="$AM_CFLAGS -DNO_CHACHA_ASM"
ENABLED_AESNI=yes
fi
# leanpsk and leantls don't need chacha # leanpsk and leantls don't need chacha
if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes" if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes"
then then
ENABLED_CHACHA=no ENABLED_CHACHA=no
fi fi
if test "$ENABLED_CHACHA" = "noasm" || test "$ENABLED_ASM" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_CHACHA_ASM"
fi
if test "$ENABLED_CHACHA" = "yes" if test "$ENABLED_CHACHA" = "yes"
then then
AM_CFLAGS="$AM_CFLAGS -DHAVE_CHACHA" AM_CFLAGS="$AM_CFLAGS -DHAVE_CHACHA"
@@ -3600,7 +3623,6 @@ then
fi fi
# check if PSK was enabled for conditionally running psk.test script # check if PSK was enabled for conditionally running psk.test script
AM_CONDITIONAL([BUILD_PSK], [test "x$ENABLED_PSK" = "xyes"]) AM_CONDITIONAL([BUILD_PSK], [test "x$ENABLED_PSK" = "xyes"])
@@ -4016,6 +4038,7 @@ echo " * Old Names: $ENABLED_OLDNAMES"
echo " * Max Strength Build: $ENABLED_MAXSTRENGTH" echo " * Max Strength Build: $ENABLED_MAXSTRENGTH"
echo " * Distro Build: $ENABLED_DISTRO" echo " * Distro Build: $ENABLED_DISTRO"
echo " * fastmath: $ENABLED_FASTMATH" echo " * fastmath: $ENABLED_FASTMATH"
echo " * Assembly Allowed: $ENABLED_ASM"
echo " * sniffer: $ENABLED_SNIFFER" echo " * sniffer: $ENABLED_SNIFFER"
echo " * snifftest: $ENABLED_SNIFFTEST" echo " * snifftest: $ENABLED_SNIFFTEST"
echo " * ARC4: $ENABLED_ARC4" echo " * ARC4: $ENABLED_ARC4"

4
src/tls.c
View File

@@ -6461,11 +6461,11 @@ static INLINE byte GetHmacLength(int hmac)
case sha256_mac: case sha256_mac:
return WC_SHA256_DIGEST_SIZE; return WC_SHA256_DIGEST_SIZE;
#endif #endif
#ifndef NO_SHA384 #ifdef WOLFSSL_SHA384
case sha384_mac: case sha384_mac:
return WC_SHA384_DIGEST_SIZE; return WC_SHA384_DIGEST_SIZE;
#endif #endif
#ifndef NO_SHA512 #ifdef WOLFSSL_SHA512
case sha512_mac: case sha512_mac:
return WC_SHA512_DIGEST_SIZE; return WC_SHA512_DIGEST_SIZE;
#endif #endif

4
src/tls13.c
View File

@@ -1430,7 +1430,7 @@ static INLINE void BuildTls13Nonce(WOLFSSL* ssl, byte* nonce, const byte* iv,
nonce[i] ^= iv[i]; nonce[i] ^= iv[i];
} }
#ifdef HAVE_CHACHA #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
/* Encrypt with ChaCha20 and create authenication tag with Poly1305. /* Encrypt with ChaCha20 and create authenication tag with Poly1305.
* *
* ssl The SSL/TLS object. * ssl The SSL/TLS object.
@@ -1630,7 +1630,7 @@ static int EncryptTls13(WOLFSSL* ssl, byte* output, const byte* input,
return ret; return ret;
} }
#ifdef HAVE_CHACHA #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
/* Decrypt with ChaCha20 and check authenication tag with Poly1305. /* Decrypt with ChaCha20 and check authenication tag with Poly1305.
* *
* ssl The SSL/TLS object. * ssl The SSL/TLS object.

4
wolfcrypt/src/cpuid.c
View File

@@ -28,8 +28,8 @@
#include <wolfssl/wolfcrypt/cpuid.h> #include <wolfssl/wolfcrypt/cpuid.h>
#if defined(WOLFSSL_X86_64_BUILD) || defined(USE_INTEL_SPEEDUP) || \ #if (defined(WOLFSSL_X86_64_BUILD) || defined(USE_INTEL_SPEEDUP) || \
defined(WOLFSSL_AESNI) defined(WOLFSSL_AESNI)) && !defined(WOLFSSL_NO_ASM)
/* Each platform needs to query info type 1 from cpuid to see if aesni is /* Each platform needs to query info type 1 from cpuid to see if aesni is
* supported. Also, let's setup a macro for proper linkage w/o ABI conflicts * supported. Also, let's setup a macro for proper linkage w/o ABI conflicts
*/ */

6
wolfcrypt/src/misc.c
View File

@@ -140,8 +140,8 @@ STATIC INLINE word64 rotrFixed64(word64 x, word64 y)
STATIC INLINE word64 ByteReverseWord64(word64 value) STATIC INLINE word64 ByteReverseWord64(word64 value)
{ {
#if defined(WOLFCRYPT_SLOW_WORD64) #if defined(WOLFCRYPT_SLOW_WORD64)
return (word64)(ByteReverseWord32((word32)value)) << 32 | return (word64)((word64)ByteReverseWord32((word32) value)) << 32 |
ByteReverseWord32((word32)(value>>32)); (word64)ByteReverseWord32((word32)(value >> 32));
#else #else
value = ((value & W64LIT(0xFF00FF00FF00FF00)) >> 8) | value = ((value & W64LIT(0xFF00FF00FF00FF00)) >> 8) |
((value & W64LIT(0x00FF00FF00FF00FF)) << 8); ((value & W64LIT(0x00FF00FF00FF00FF)) << 8);
@@ -192,7 +192,7 @@ STATIC INLINE void xorbuf(void* buf, const void* mask, word32 count)
STATIC INLINE void ForceZero(const void* mem, word32 len) STATIC INLINE void ForceZero(const void* mem, word32 len)
{ {
volatile byte* z = (volatile byte*)mem; volatile byte* z = (volatile byte*)mem;
#ifdef WOLFSSL_X86_64_BUILD #if defined(WOLFSSL_X86_64_BUILD) && defined(WORD64_AVAILABLE)
volatile word64* w; volatile word64* w;
for (w = (volatile word64*)z; len >= sizeof(*w); len -= sizeof(*w)) for (w = (volatile word64*)z; len >= sizeof(*w); len -= sizeof(*w))

4
wolfcrypt/src/sha3.c
View File

@@ -327,7 +327,7 @@ do \
} \ } \
} \ } \
while (0) while (0)
#endif #endif /* SHA3_BY_SPEC */
/* The block operation performed on the state. /* The block operation performed on the state.
* *
@@ -376,7 +376,7 @@ static void BlockSha3(word64 *s)
} }
#else #else
#include "sha3_long.i" #include "sha3_long.i"
#endif #endif /* WOLFSSL_SHA3_SMALL */
/* Convert the array of bytes, in little-endian order, to a 64-bit integer. /* Convert the array of bytes, in little-endian order, to a 64-bit integer.
* *

2
wolfcrypt/test/test.c
View File

@@ -14073,7 +14073,7 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
0x72,0x6c,0x64 0x72,0x6c,0x64
}; };
#if !defined(NO_AES) && defined(HAVE_ECC) #if !defined(NO_AES) && defined(HAVE_ECC) && defined(WOLFSSL_SHA512)
byte optionalUkm[] = { byte optionalUkm[] = {
0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
}; };

2
wolfssl/internal.h
View File

@@ -646,7 +646,7 @@
#endif #endif
#endif #endif
#ifdef HAVE_CHACHA #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
#ifndef NO_SHA256 #ifndef NO_SHA256
#define BUILD_TLS_CHACHA20_POLY1305_SHA256 #define BUILD_TLS_CHACHA20_POLY1305_SHA256
#endif #endif

4
wolfssl/wolfcrypt/tfm.h
View File

@@ -64,6 +64,10 @@
#define MAX(x,y) ((x)>(y)?(x):(y)) #define MAX(x,y) ((x)>(y)?(x):(y))
#endif #endif
#ifdef WOLFSSL_NO_ASM
#undef TFM_NO_ASM
#define TFM_NO_ASM
#endif
#ifndef NO_64BIT #ifndef NO_64BIT
/* autodetect x86-64 and make sure we are using 64-bit digits with x86-64 asm */ /* autodetect x86-64 and make sure we are using 64-bit digits with x86-64 asm */

32
wolfssl/wolfcrypt/types.h
View File

@@ -51,26 +51,30 @@
/* try to set SIZEOF_LONG or LONG_LONG if user didn't */ /* try to set SIZEOF_LONG or LONG_LONG if user didn't */
#if !defined(_MSC_VER) && !defined(__BCPLUSPLUS__) #if !defined(_MSC_VER) && !defined(__BCPLUSPLUS__) && !defined(__EMSCRIPTEN__)
#if !defined(SIZEOF_LONG_LONG) && !defined(SIZEOF_LONG) #if !defined(SIZEOF_LONG_LONG) && !defined(SIZEOF_LONG)
#if (defined(__alpha__) || defined(__ia64__) || defined(_ARCH_PPC64) \ #if (defined(__alpha__) || defined(__ia64__) || \
|| defined(__mips64) || defined(__x86_64__) || \ defined(_ARCH_PPC64) || defined(__mips64) || \
((defined(sun) || defined(__sun)) && \ defined(__x86_64__) || \
((defined(sun) || defined(__sun)) && \
(defined(LP64) || defined(_LP64)))) (defined(LP64) || defined(_LP64))))
/* long should be 64bit */ /* long should be 64bit */
#define SIZEOF_LONG 8 #define SIZEOF_LONG 8
#elif defined(__i386__) || defined(__CORTEX_M3__) #elif (defined(__i386__) || defined(__CORTEX_M3__)
/* long long should be 64bit */ /* long long should be 64bit */
#define SIZEOF_LONG_LONG 8 #define SIZEOF_LONG_LONG 8
#endif #endif
#endif #endif
#endif #endif
#if defined(_MSC_VER) || defined(__BCPLUSPLUS__) #if defined(_MSC_VER) || defined(__BCPLUSPLUS__)
#define WORD64_AVAILABLE #define WORD64_AVAILABLE
#define W64LIT(x) x##ui64 #define W64LIT(x) x##ui64
typedef unsigned __int64 word64; typedef unsigned __int64 word64;
#elif defined(__EMSCRIPTEN__)
#define WORD64_AVAILABLE
#define W64LIT(x) x##ull
typedef unsigned long long word64;
#elif defined(SIZEOF_LONG) && SIZEOF_LONG == 8 #elif defined(SIZEOF_LONG) && SIZEOF_LONG == 8
#define WORD64_AVAILABLE #define WORD64_AVAILABLE
#define W64LIT(x) x##LL #define W64LIT(x) x##LL
@@ -83,12 +87,9 @@
#define WORD64_AVAILABLE #define WORD64_AVAILABLE
#define W64LIT(x) x##LL #define W64LIT(x) x##LL
typedef unsigned long long word64; typedef unsigned long long word64;
#else
#define MP_16BIT /* for mp_int, mp_word needs to be twice as big as
mp_digit, no 64 bit type so make mp_digit 16 bit */
#endif #endif
#if !defined(NO_64BIT) && defined(WORD64_AVAILABLE)
/* These platforms have 64-bit CPU registers. */ /* These platforms have 64-bit CPU registers. */
#if (defined(__alpha__) || defined(__ia64__) || defined(_ARCH_PPC64) || \ #if (defined(__alpha__) || defined(__ia64__) || defined(_ARCH_PPC64) || \
defined(__mips64) || defined(__x86_64__) || defined(_M_X64)) || \ defined(__mips64) || defined(__x86_64__) || defined(_M_X64)) || \
@@ -109,7 +110,12 @@
#define WOLFCRYPT_SLOW_WORD64 #define WOLFCRYPT_SLOW_WORD64
#endif #endif
#endif #endif
#else
#undef WORD64_AVAILABLE
typedef word32 wolfssl_word;
#define MP_16BIT /* for mp_int, mp_word needs to be twice as big as
mp_digit, no 64 bit type so make mp_digit 16 bit */
#endif
enum { enum {
WOLFSSL_WORD_SIZE = sizeof(wolfssl_word), WOLFSSL_WORD_SIZE = sizeof(wolfssl_word),