feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #6973 from douzzer/20231115-misc-fixits

Browse Source 
20231115-misc-fixits
This commit is contained in:
JacobBarthelmeh
2023-11-15 15:27:25 -07:00
committed by GitHub
parent 3576db8976 263973bde9
commit bb73c233fc
8 changed files with 86 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
configure.ac
View File

@ -720,7 +720,7 @@ then
# this set is also enabled by enable-all-crypto:
test "$enable_atomicuser" = "" && enable_atomicuser=yes
test "$enable_aesgcm" = "" && enable_aesgcm=yes
test "$enable_aesgcm_stream" = "" && enable_aesgcm_stream=yes
test "$enable_aesgcm_stream" = "" && test "$enable_aesgcm" = "yes" && enable_aesgcm_stream=yes
test "$enable_aesccm" = "" && enable_aesccm=yes
test "$enable_aesctr" = "" && enable_aesctr=yes
test "$enable_aeseax" = "" && enable_aeseax=yes
@ -788,7 +788,6 @@ then
test "$enable_session_ticket" = "" && enable_session_ticket=yes
test "$enable_earlydata" = "" && enable_earlydata=yes
test "$enable_ech" = "" && enable_ech=yes
test "$enable_quic" = "" && enable_quic=yes
if test "$ENABLED_32BIT" != "yes"
then
@ -799,13 +798,14 @@ then
if test "$ENABLED_LINUXKM_DEFAULTS" != "yes"
then
test "$enable_compkey" = "" && enable_compkey=yes
test "$enable_quic" = "" && enable_quic=yes
AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL_IO -DHAVE_IO_TIMEOUT"
fi
# sp-math is incompatible with opensslextra, ECC custom curves, and DSA.
if test "$ENABLED_SP_MATH" = "no"
then
test "$enable_dsa" = "" && enable_dsa=yes
test "$enable_dsa" = "" && test "$enable_sha" != "no" && enable_dsa=yes
test "$enable_ecccustcurves" = "" && enable_ecccustcurves=yes
test "$enable_brainpool" = "" && enable_brainpool=yes
test "$enable_srp" = "" && enable_srp=yes
@ -908,7 +908,7 @@ if test "$ENABLED_ALL_CRYPT" = "yes"
then
test "$enable_atomicuser" = "" && enable_atomicuser=yes
test "$enable_aesgcm" = "" && enable_aesgcm=yes
test "$enable_aesgcm_stream" = "" && enable_aesgcm_stream=yes
test "$enable_aesgcm_stream" = "" && test "$enable_aesgcm" = "yes" && enable_aesgcm_stream=yes
test "$enable_aesccm" = "" && enable_aesccm=yes
test "$enable_aesctr" = "" && enable_aesctr=yes
test "$enable_aeseax" = "" && enable_aeseax=yes
@ -974,7 +974,7 @@ then
if test "$ENABLED_SP_MATH" = "no"
then
test "$enable_dsa" = "" && enable_dsa=yes
test "$enable_dsa" = "" && test "$enable_sha" != "no" && enable_dsa=yes
test "$enable_ecccustcurves" = "" && enable_ecccustcurves=yes
test "$enable_brainpool" = "" && enable_brainpool=yes
test "$enable_srp" = "" && enable_srp=yes
@ -1476,6 +1476,10 @@ then
then
AC_MSG_ERROR([TLS 1.3 is disabled - necessary for QUIC])
fi
if test "$enable_aesgcm" = "no"
then
AC_MSG_ERROR([AES-GCM is disabled - necessary for QUIC])
fi
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_QUIC"
# QUIC proto handlers need app_data at WOLFSSL*
AM_CFLAGS="$AM_CFLAGS -DHAVE_EX_DATA"
@ -3581,7 +3585,7 @@ AC_ARG_ENABLE([dsa],
[ ENABLED_DSA=no ]
)
if test "$enable_dsa" = ""
if test "$enable_dsa" = "" && test "$enable_sha" != "no"
then
if (test "$ENABLED_OPENSSH" = "yes" && test "x$ENABLED_FIPS" = "xno") || test "$ENABLED_OPENVPN" = "yes" || test "$ENABLED_NGINX" = "yes" || test "$ENABLED_WPAS" = "yes" || test "$ENABLED_QT" = "yes" || test "$ENABLED_BIND" = "yes" || test "$ENABLED_LIBSSH2" = "yes" || test "$ENABLED_NTP" = "yes"
then
@ -9721,8 +9725,11 @@ echo " * Secure Renegotiation: $ENABLED_SECURE_RENEGOTIATION"
echo " * Fallback SCSV: $ENABLED_FALLBACK_SCSV"
echo " * Keying Material Exporter: $ENABLED_KEYING_MATERIAL"
echo " * All TLS Extensions: $ENABLED_TLSX"
echo " * PKCS#7: $ENABLED_PKCS7"
echo " * S/MIME: $ENABLED_SMIME"
echo " * PKCS#7: $ENABLED_PKCS7"
echo " * PKCS#8: $ENABLED_PKCS8"
echo " * PKCS#11: $ENABLED_PKCS11"
echo " * PKCS#12: $ENABLED_PKCS12"
echo " * wolfSSH: $ENABLED_WOLFSSH"
echo " * wolfEngine: $ENABLED_WOLFENGINE"
echo " * wolfTPM: $ENABLED_WOLFTPM"
@ -9741,9 +9748,6 @@ echo " * User Crypto: $ENABLED_USER_CRYPTO"
echo " * Fast RSA: $ENABLED_FAST_RSA"
echo " * Asynchronous Crypto: $ENABLED_ASYNCCRYPT"
echo " * Asynchronous Crypto (sim): $ENABLED_ASYNCCRYPT_SW"
echo " * PKCS#8: $ENABLED_PKCS8"
echo " * PKCS#11: $ENABLED_PKCS11"
echo " * PKCS#12: $ENABLED_PKCS12"
echo " * Cavium Nitrox: $ENABLED_CAVIUM"
echo " * Cavium Octeon (Sync): $ENABLED_OCTEON_SYNC"
echo " * Intel Quick Assist: $ENABLED_INTEL_QA"

4
src/internal.c
View File

@ -13219,7 +13219,9 @@ int LoadCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type)
len = wolfSSL_i2d_X509_NAME_canon(issuer, &pbuf);
if (len > 0) {
#ifndef NO_SHA
#if defined(NO_SHA) && !defined(NO_SHA256)
retHash = wc_Sha256Hash((const byte*)pbuf, len, dgt);
#elif !defined(NO_SHA)
retHash = wc_ShaHash((const byte*)pbuf, len, dgt);
#endif
if (retHash == 0) {

51
src/wolfio.c
View File

@ -2489,11 +2489,18 @@ int MicriumSendTo(WOLFSSL* ssl, char *buf, int sz, void *ctx)
/* Micrium DTLS Generate Cookie callback
* return : number of bytes copied into buf, or error
*/
#if defined(NO_SHA) && !defined(NO_SHA256)
#define MICRIUM_COOKIE_DIGEST_SIZE WC_SHA256_DIGEST_SIZE
#elif !defined(NO_SHA)
#define MICRIUM_COOKIE_DIGEST_SIZE WC_SHA_DIGEST_SIZE
#else
#error Must enable either SHA-1 or SHA256 (or both) for Micrium.
#endif
int MicriumGenerateCookie(WOLFSSL* ssl, byte *buf, int sz, void *ctx)
{
NET_SOCK_ADDR peer;
NET_SOCK_ADDR_LEN peerSz = sizeof(peer);
byte digest[WC_SHA_DIGEST_SIZE];
byte digest[MICRIUM_COOKIE_DIGEST_SIZE];
int ret = 0;
(void)ctx;
@ -2505,12 +2512,16 @@ int MicriumGenerateCookie(WOLFSSL* ssl, byte *buf, int sz, void *ctx)
return GEN_COOKIE_E;
}
#if defined(NO_SHA) && !defined(NO_SHA256)
ret = wc_Sha256Hash((byte*)&peer, peerSz, digest);
#else
ret = wc_ShaHash((byte*)&peer, peerSz, digest);
#endif
if (ret != 0)
return ret;
if (sz > WC_SHA_DIGEST_SIZE)
sz = WC_SHA_DIGEST_SIZE;
if (sz > MICRIUM_COOKIE_DIGEST_SIZE)
sz = MICRIUM_COOKIE_DIGEST_SIZE;
XMEMCPY(buf, digest, sz);
return sz;
@ -2804,20 +2815,31 @@ int uIPReceive(WOLFSSL *ssl, char *buf, int sz, void *_ctx)
/* uIP DTLS Generate Cookie callback
* return : number of bytes copied into buf, or error
*/
#if defined(NO_SHA) && !defined(NO_SHA256)
#define UIP_COOKIE_DIGEST_SIZE WC_SHA256_DIGEST_SIZE
#elif !defined(NO_SHA)
#define UIP_COOKIE_DIGEST_SIZE WC_SHA_DIGEST_SIZE
#else
#error Must enable either SHA-1 or SHA256 (or both) for uIP.
#endif
int uIPGenerateCookie(WOLFSSL* ssl, byte *buf, int sz, void *_ctx)
{
uip_wolfssl_ctx *ctx = (uip_wolfssl_ctx *)_ctx;
byte token[32];
byte digest[WC_SHA_DIGEST_SIZE];
byte digest[UIP_COOKIE_DIGEST_SIZE];
int ret = 0;
XMEMSET(token, 0, sizeof(token));
XMEMCPY(token, &ctx->peer_addr, sizeof(uip_ipaddr_t));
XMEMCPY(token + sizeof(uip_ipaddr_t), &ctx->peer_port, sizeof(word16));
#if defined(NO_SHA) && !defined(NO_SHA256)
ret = wc_Sha256Hash(token, sizeof(uip_ipaddr_t) + sizeof(word16), digest);
#else
ret = wc_ShaHash(token, sizeof(uip_ipaddr_t) + sizeof(word16), digest);
#endif
if (ret != 0)
return ret;
if (sz > WC_SHA_DIGEST_SIZE)
sz = WC_SHA_DIGEST_SIZE;
if (sz > UIP_COOKIE_DIGEST_SIZE)
sz = UIP_COOKIE_DIGEST_SIZE;
XMEMCPY(buf, digest, sz);
return sz;
}
@ -2881,13 +2903,20 @@ int GNRC_ReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *_ctx)
* return : number of bytes copied into buf, or error
*/
#define GNRC_MAX_TOKEN_SIZE (32)
#if defined(NO_SHA) && !defined(NO_SHA256)
#define GNRC_COOKIE_DIGEST_SIZE WC_SHA256_DIGEST_SIZE
#elif !defined(NO_SHA)
#define GNRC_COOKIE_DIGEST_SIZE WC_SHA_DIGEST_SIZE
#else
#error Must enable either SHA-1 or SHA256 (or both) for GNRC.
#endif
int GNRC_GenerateCookie(WOLFSSL* ssl, byte *buf, int sz, void *_ctx)
{
sock_tls_t *ctx = (sock_tls_t *)_ctx;
if (!ctx)
return WOLFSSL_CBIO_ERR_GENERAL;
byte token[GNRC_MAX_TOKEN_SIZE];
byte digest[WC_SHA_DIGEST_SIZE];
byte digest[GNRC_COOKIE_DIGEST_SIZE];
int ret = 0;
size_t token_size = sizeof(sock_udp_ep_t);
(void)ssl;
@ -2895,11 +2924,15 @@ int GNRC_GenerateCookie(WOLFSSL* ssl, byte *buf, int sz, void *_ctx)
token_size = GNRC_MAX_TOKEN_SIZE;
XMEMSET(token, 0, GNRC_MAX_TOKEN_SIZE);
XMEMCPY(token, &ctx->peer_addr, token_size);
#if defined(NO_SHA) && !defined(NO_SHA256)
ret = wc_Sha256Hash(token, token_size, digest);
#else
ret = wc_ShaHash(token, token_size, digest);
#endif
if (ret != 0)
return ret;
if (sz > WC_SHA_DIGEST_SIZE)
sz = WC_SHA_DIGEST_SIZE;
if (sz > GNRC_COOKIE_DIGEST_SIZE)
sz = GNRC_COOKIE_DIGEST_SIZE;
XMEMCPY(buf, digest, sz);
return sz;
}

5
tests/api.c
View File

@ -3196,7 +3196,7 @@ static int test_wolfSSL_CertManagerCRL(void)
static int test_wolfSSL_CertManagerCheckOCSPResponse(void)
{
EXPECT_DECLS;
#if defined(HAVE_OCSP) && !defined(NO_RSA)
#if defined(HAVE_OCSP) && !defined(NO_RSA) && !defined(NO_SHA)
/* Need one of these for wolfSSL_OCSP_REQUEST_new. */
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_APACHE_HTTPD) || \
@ -3516,7 +3516,8 @@ static int test_wolfSSL_CertManagerCheckOCSPResponse(void)
static int test_wolfSSL_CheckOCSPResponse(void)
{
EXPECT_DECLS;
#if defined(HAVE_OCSP) && !defined(NO_RSA) && defined(OPENSSL_ALL)
#if defined(HAVE_OCSP) && !defined(NO_RSA) && !defined(NO_SHA) && \
defined(OPENSSL_ALL)
const char* responseFile = "./certs/ocsp/test-response.der";
const char* responseMultiFile = "./certs/ocsp/test-multi-response.der";
const char* responseNoInternFile =

8
wolfcrypt/src/aes.c
View File

@ -859,11 +859,11 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits
#endif
#elif defined(WOLFSSL_KCAPI_AES)
/* Only CBC and GCM that are in wolfcrypt/src/port/kcapi/kcapi_aes.c */
/* Only CBC and GCM are in wolfcrypt/src/port/kcapi/kcapi_aes.c */
#if defined(WOLFSSL_AES_COUNTER) || defined(HAVE_AESCCM) || \
defined(WOLFSSL_CMAC) || defined(WOLFSSL_AES_OFB) || \
defined(WOLFSSL_AES_CFB) || defined(HAVE_AES_ECB) || \
defined(WOLFSSL_AES_DIRECT) || \
defined(WOLFSSL_AES_DIRECT) || defined(WOLFSSL_AES_XTS) || \
(defined(HAVE_AES_CBC) && defined(WOLFSSL_NO_KCAPI_AES_CBC))
#define NEED_AES_TABLES
@ -5460,8 +5460,12 @@ int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
#else
while (blocks--) {
int ret;
#ifdef WOLFSSL_AESNI
ret = wc_AesDecrypt(aes, in, out);
#else
XMEMCPY(aes->tmp, in, AES_BLOCK_SIZE);
ret = wc_AesDecrypt(aes, (byte*)aes->tmp, out);
#endif
if (ret != 0)
return ret;
xorbuf(out, (byte*)aes->reg, AES_BLOCK_SIZE);

10
wolfcrypt/src/wc_port.c
View File

@ -2922,7 +2922,7 @@ time_t mynewt_time(time_t* timer)
#endif /* WOLFSSL_APACHE_MYNEWT */
#if defined(WOLFSSL_GMTIME)
struct tm* gmtime(const time_t* timer)
struct tm* gmtime_r(const time_t* timer, struct tm *ret)
{
#define YEAR0 1900
#define EPOCH_YEAR 1970
@ -2936,8 +2936,6 @@ struct tm* gmtime(const time_t* timer)
{31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31}
};
static struct tm st_time;
struct tm* ret = &st_time;
time_t secs = *timer;
unsigned long dayclock, dayno;
int year = EPOCH_YEAR;
@ -2971,6 +2969,12 @@ struct tm* gmtime(const time_t* timer)
return ret;
}
struct tm* gmtime(const time_t* timer) {
static struct tm st_time;
return gmtime_r(timer, &st_time);
}
#endif /* WOLFSSL_GMTIME */

5
wolfcrypt/test/test.c
View File

@ -58,9 +58,10 @@
#ifdef HAVE_STACK_SIZE_VERBOSE
#ifdef WOLFSSL_TEST_MAX_RELATIVE_STACK_BYTES
static ssize_t max_relative_stack = WOLFSSL_TEST_MAX_RELATIVE_STACK_BYTES;
static WC_MAYBE_UNUSED ssize_t max_relative_stack =
WOLFSSL_TEST_MAX_RELATIVE_STACK_BYTES;
#else
static ssize_t max_relative_stack = -1;
static WC_MAYBE_UNUSED ssize_t max_relative_stack = -1;
#endif
#endif

8
wolfssl/wolfcrypt/wc_port.h
View File

@ -1063,6 +1063,11 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void);
#define XTIME(tl) time((tl))
#endif
#endif
#if defined(WOLFSSL_GMTIME) && !defined(HAVE_GMTIME_R)
#define HAVE_GMTIME_R
#endif
#if !defined(XGMTIME) && !defined(TIME_OVERRIDES)
/* Always use gmtime_r if available. */
#if defined(HAVE_GMTIME_S)
@ -1128,8 +1133,9 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void);
extern struct tm* XGMTIME(const time_t* timer, struct tm* tmp);
#elif defined(WOLFSSL_GMTIME)
struct tm* gmtime(const time_t* timer);
struct tm* gmtime_r(const time_t* timer, struct tm *ret);
#endif
#endif /* NO_ASN_TIME */
#endif /* !NO_ASN_TIME */
#ifndef WOLFSSL_LEANPSK