feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

miscellaneous buildability fixes:

Browse Source 
configure.ac: fix ed25519/sha512 dependency test to not misfire when ENABLED_32BIT;

wolfssl/wolfcrypt/curve{25519,448}.h: fix redundant typedefs of curve{25519,448}_key (fixes -Wpedantic warnings);

configure.ac: fix for "ISO C forbids an empty translation unit [-Werror=pedantic]", re wolfcrypt/src/sp_c{32,64}.c;

configure.ac: fixes for --enable-32bit versus pedantic "ISO C forbids an empty translation unit", including explicit exclusion of 32bit-incompatible algorithms from enable-all and enable-all-crypto sets;

tests/api.c: fixes for a couple inadequately gated SHA2 dependencies;

tests/api.c:test_wolfSSL_set_alpn_protos(): fix prototype missing (void);

wolfcrypt/src/misc.c and wolfssl/wolfcrypt/misc.h: fix ForceZero() definition and NO_INLINE prototype to not counterfactually constify the mem ptr, to avoid -Wmaybe-uninitialized from gcc11;

wolfcrypt/src/des3.c: drop obsolete register qualifier from declaration in DesSetKey(), for c++17 compatibility;

src/ssl.c:wolfSSL_BN_mod_word(): fix cast of arg2 to mp_mod_d().
This commit is contained in:
Daniel Pouzzner
2021-09-20 13:38:52 -05:00
parent 83e0e19e03
commit ec21dd6d13
8 changed files with 91 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

125
configure.ac
View File

@@ -180,6 +180,42 @@ AS_IF([test "$ax_enable_debug" = "yes"],
ENABLED_CERTS="no"
# Support for forcing 32-bit mode
# To force 32-bit instructions use:
# ./configure CFLAGS="-m32" LDFLAGS="-m32" && make
# The checks for sizeof long and long/long are run at the top of configure and require "-m32" to be set directly in the ./configure statement.
AC_ARG_ENABLE([32bit],
[AS_HELP_STRING([--enable-32bit],[Enables 32-bit support (default: disabled)])],
[ ENABLED_32BIT=$enableval ],
[ ENABLED_32BIT=no ]
)
# 16-bit compiler support
AC_ARG_ENABLE([16bit],
[AS_HELP_STRING([--enable-16bit],[Enables 16-bit support (default: disabled)])],
[ ENABLED_16BIT=$enableval ],
[ ENABLED_16BIT=no ]
)
if test "$ENABLED_16BIT" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWC_16BIT_CPU"
fi
# Support for disabling all ASM
AC_ARG_ENABLE([asm],
[AS_HELP_STRING([--enable-asm],[Enables option for assembly (default: enabled)])],
[ ENABLED_ASM=$enableval ],
[ ENABLED_ASM=yes ]
)
if test "$ENABLED_ASM" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DTFM_NO_ASM -DWOLFSSL_NO_ASM"
fi
AC_SUBST([ENABLED_ASM])
# FIPS
AC_ARG_ENABLE([fips],
@@ -373,9 +409,7 @@ then
test "$enable_aescbc_length_checks" = "" && enable_aescbc_length_checks=yes
test "$enable_camellia" = "" && enable_camellia=yes
test "$enable_ripemd" = "" && enable_ripemd=yes
test "$enable_sha512" = "" && enable_sha512=yes
test "$enable_sha224" = "" && enable_sha224=yes
test "$enable_sha3" = "" && enable_sha3=yes
test "$enable_sessioncerts" = "" && enable_sessioncerts=yes
test "$enable_keygen" = "" && enable_keygen=yes
test "$enable_certgen" = "" && enable_certgen=yes
@@ -431,6 +465,12 @@ then
test "$enable_anon" = "" && enable_anon=yes
test "$enable_mcast" = "" && enable_mcast=yes
if test "$ENABLED_32BIT" != "yes"
then
test "$enable_sha512" = "" && enable_sha512=yes
test "$enable_sha3" = "" && enable_sha3=yes
fi
if test "$ENABLED_LINUXKM_DEFAULTS" != "yes"
then
test "$enable_compkey" = "" && enable_compkey=yes
@@ -448,7 +488,10 @@ then
then
if test "$ENABLED_FIPS" = "no"
then
test "$enable_openssh" = "" && enable_openssh=yes
if test "$ENABLED_32BIT" != "yes"
then
test "$enable_openssh" = "" && enable_openssh=yes
fi
# S/MIME support requires PKCS7, which requires no FIPS.
test "$enable_smime" = "" && enable_smime=yes
fi
@@ -474,10 +517,13 @@ then
test "$enable_xchacha" = "" && enable_xchacha=yes
test "$enable_scep" = "" && enable_scep=yes
test "$enable_pkcs7" = "" && enable_pkcs7=yes
test "$enable_ed25519" = "" && enable_ed25519=yes
test "$enable_ed25519_stream" = "" && enable_ed25519_stream=yes
test "$enable_ed448" = "" && enable_ed448=yes
test "$enable_ed448_stream" = "" && enable_ed448_stream=yes
if test "$ENABLED_32BIT" != "yes"
then
test "$enable_ed25519" = "" && enable_ed25519=yes
test "$enable_ed25519_stream" = "" && enable_ed25519_stream=yes
test "$enable_ed448" = "" && enable_ed448=yes
test "$enable_ed448_stream" = "" && enable_ed448_stream=yes
fi
if test "$ENABLED_LINUXKM_DEFAULTS" != "yes"
then
@@ -525,9 +571,7 @@ then
test "$enable_aescfb" = "" && enable_aescfb=yes
test "$enable_camellia" = "" && enable_camellia=yes
test "$enable_ripemd" = "" && enable_ripemd=yes
test "$enable_sha512" = "" && enable_sha512=yes
test "$enable_sha224" = "" && enable_sha224=yes
test "$enable_sha3" = "" && enable_sha3=yes
test "$enable_sessioncerts" = "" && enable_sessioncerts=yes
test "$enable_keygen" = "" && enable_keygen=yes
test "$enable_certgen" = "" && enable_certgen=yes
@@ -569,6 +613,12 @@ then
test "$enable_cryptocb" = "" && enable_cryptocb=yes
test "$enable_anon" = "" && enable_anon=yes
if test "$ENABLED_32BIT" != "yes"
then
test "$enable_sha512" = "" && enable_sha512=yes
test "$enable_sha3" = "" && enable_sha3=yes
fi
if test "$ENABLED_LINUXKM_DEFAULTS" != "yes"
then
test "$enable_compkey" = "" && enable_compkey=yes
@@ -586,11 +636,14 @@ then
if test "$ENABLED_FIPS" = "no"
then
test "$enable_xchacha" = "" && enable_xchacha=yes
test "$enable_ed25519" = "" && enable_ed25519=yes
test "$enable_ed25519_stream" = "" && enable_ed25519_stream=yes
test "$enable_ed448" = "" && enable_ed448=yes
test "$enable_ed448_stream" = "" && enable_ed448_stream=yes
test "$enable_pkcs7" = "" && enable_pkcs7=yes
if test "$ENABLED_32BIT" != "yes"
then
test "$enable_ed25519" = "" && enable_ed25519=yes
test "$enable_ed25519_stream" = "" && enable_ed25519_stream=yes
test "$enable_ed448" = "" && enable_ed448=yes
test "$enable_ed448_stream" = "" && enable_ed448_stream=yes
fi
if test "$ENABLED_LINUXKM_DEFAULTS" != "yes"
then
@@ -615,43 +668,6 @@ then
fi
# Support for forcing 32-bit mode
# To force 32-bit instructions use:
# ./configure CFLAGS="-m32" LDFLAGS="-m32" && make
# The checks for sizeof long and long/long are run at the top of configure and require "-m32" to be set directly in the ./configure statement.
AC_ARG_ENABLE([32bit],
[AS_HELP_STRING([--enable-32bit],[Enables 32-bit support (default: disabled)])],
[ ENABLED_32BIT=$enableval ],
[ ENABLED_32BIT=no ]
)
# 16-bit compiler support
AC_ARG_ENABLE([16bit],
[AS_HELP_STRING([--enable-16bit],[Enables 16-bit support (default: disabled)])],
[ ENABLED_16BIT=$enableval ],
[ ENABLED_16BIT=no ]
)
if test "$ENABLED_16BIT" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWC_16BIT_CPU"
fi
# Support for disabling all ASM
AC_ARG_ENABLE([asm],
[AS_HELP_STRING([--enable-asm],[Enables option for assembly (default: enabled)])],
[ ENABLED_ASM=$enableval ],
[ ENABLED_ASM=yes ]
)
if test "$ENABLED_ASM" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DTFM_NO_ASM -DWOLFSSL_NO_ASM"
fi
AC_SUBST([ENABLED_ASM])
# SINGLE THREADED
AC_ARG_ENABLE([singlethreaded],
[AS_HELP_STRING([--enable-singlethreaded],[Enable wolfSSL single threaded (default: disabled)])],
@@ -1837,7 +1853,7 @@ fi
# set sha3 default
SHA3_DEFAULT=no
if test "$host_cpu" = "x86_64" || test "$host_cpu" = "aarch64"
if (test "$host_cpu" = "x86_64" || test "$host_cpu" = "aarch64") && test "$ENABLED_32BIT" = "no"
then
if test "x$ENABLED_FIPS" = "xno" || test "x$FIPS_VERSION" = "xv2"
then
@@ -6451,7 +6467,8 @@ AS_IF([test "x$ENABLED_CERT_REQ" = "xyes" && \
# ed25519 requires sha512
AS_IF([test "x$ENABLED_ED25519" = "xyes" && \
test "x$ENABLED_SHA512" = "xno"],
test "x$ENABLED_SHA512" = "xno" && \
test "x$ENABLED_32BIT" = "xno"],
[AC_MSG_ERROR([cannot enable ed25519 without enabling sha512.])])
# ed25519 stream requires ed25519
@@ -6942,7 +6959,9 @@ AM_CONDITIONAL([BUILD_OCTEON_SYNC],[test "x$ENABLED_OCTEON_SYNC" = "xyes"])
AM_CONDITIONAL([BUILD_INTEL_QA],[test "x$ENABLED_INTEL_QA" = "xyes"])
AM_CONDITIONAL([BUILD_INTEL_QA_SYNC],[test "x$ENABLED_INTEL_QA_SYNC" = "xyes"])
AM_CONDITIONAL([BUILD_SP],[test "x$ENABLED_SP" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_SP_C],[(test "x$ENABLED_SP" = "xyes" && test "x$ENABLED_SP_ASM" = "xno") || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_SP_C],[((test "$ENABLED_SP_RSA" = "yes" || test "$ENABLED_SP_DH" = "yes" \
|| test "$ENABLED_SP_ECC" = "yes") && test "x$ENABLED_SP_ASM" = "xno") \
|| test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_SP_ARM64],[test "x$ENABLED_SP_ARM64_ASM" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_SP_ARM32],[test "x$ENABLED_SP_ARM32_ASM" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])
AM_CONDITIONAL([BUILD_SP_ARM_THUMB],[test "x$ENABLED_SP_ARM_THUMB_ASM" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"])

2
src/ssl.c
View File

@@ -52105,7 +52105,7 @@ WOLFSSL_BN_ULONG wolfSSL_BN_mod_word(const WOLFSSL_BIGNUM *bn,
if (w <= MP_MASK) {
mp_digit bn_ret;
if (mp_mod_d((mp_int*)bn->internal, (WOLFSSL_BN_ULONG)w, &bn_ret) != MP_OKAY) {
if (mp_mod_d((mp_int*)bn->internal, (mp_digit)w, &bn_ret) != MP_OKAY) {
WOLFSSL_MSG("mp_add_d error");
return (WOLFSSL_BN_ULONG)WOLFSSL_FATAL_ERROR;
}

14
tests/api.c
View File

@@ -3804,7 +3804,11 @@ static int nonblocking_accept_read(void* args, WOLFSSL* ssl, SOCKET_T* sockfd)
#endif
#if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_WPAS)
#define MD_MAX_SIZE WC_SHA512_DIGEST_SIZE
#ifdef WC_SHA512_DIGEST_SIZE
#define MD_MAX_SIZE WC_SHA512_DIGEST_SIZE
#else
#define MD_MAX_SIZE WC_SHA256_DIGEST_SIZE
#endif
byte server_side_msg1[MD_MAX_SIZE] = {0};/* msg sent by server */
byte server_side_msg2[MD_MAX_SIZE] = {0};/* msg received from client */
byte client_side_msg1[MD_MAX_SIZE] = {0};/* msg sent by client */
@@ -6525,7 +6529,7 @@ static void verify_alpn_matching_http1(WOLFSSL* ssl)
AssertIntEQ(0, XMEMCMP(nego_proto, proto, protoSz));
}
static void test_wolfSSL_set_alpn_protos()
static void test_wolfSSL_set_alpn_protos(void)
{
unsigned long i;
callback_functions callbacks[] = {
@@ -44450,7 +44454,11 @@ static void test_wolfSSL_SMIME_read_PKCS7(void)
#ifdef WOLFSSL_TLS13
#if defined(WOLFSSL_SEND_HRR_COOKIE) && !defined(NO_WOLFSSL_SERVER)
static byte fixedKey[WC_SHA384_DIGEST_SIZE] = { 0, };
#ifdef WC_SHA384_DIGEST_SIZE
static byte fixedKey[WC_SHA384_DIGEST_SIZE] = { 0, };
#else
static byte fixedKey[WC_SHA256_DIGEST_SIZE] = { 0, };
#endif
#endif
#ifdef WOLFSSL_EARLY_DATA
static const char earlyData[] = "Early Data";

2
wolfcrypt/src/des3.c
View File

@@ -1422,7 +1422,7 @@
byte* const pc1m = buffer; /* place to modify pc1 into */
byte* const pcr = pc1m + 56; /* place to rotate pc1 into */
byte* const ks = pcr + 56;
register int i, j, l;
int i, j, l;
int m;
for (j = 0; j < 56; j++) { /* convert pc1 to bits of key */

2
wolfcrypt/src/misc.c
View File

@@ -299,7 +299,7 @@ WC_STATIC WC_INLINE void xorbuf(void* buf, const void* mask, word32 count)
#ifndef WOLFSSL_NO_FORCE_ZERO
/* This routine fills the first len bytes of the memory area pointed by mem
with zeros. It ensures compiler optimizations doesn't skip it */
WC_STATIC WC_INLINE void ForceZero(const void* mem, word32 len)
WC_STATIC WC_INLINE void ForceZero(void* mem, word32 len)
{
volatile byte* z = (volatile byte*)mem;

4
wolfssl/wolfcrypt/curve25519.h
View File

@@ -73,7 +73,7 @@ typedef struct {
#endif
/* A CURVE25519 Key */
typedef struct curve25519_key {
struct curve25519_key {
int idx; /* Index into the ecc_sets[] for the parameters of
this curve if -1, this key is using user supplied
curve in dp */
@@ -92,7 +92,7 @@ typedef struct curve25519_key {
/* bit fields */
byte pubSet:1;
byte privSet:1;
} curve25519_key;
};
enum {
EC25519_LITTLE_ENDIAN=0,

4
wolfssl/wolfcrypt/curve448.h
View File

@@ -49,7 +49,7 @@
#endif
/* A CURVE448 Key */
typedef struct curve448_key {
struct curve448_key {
byte p[CURVE448_PUB_KEY_SIZE]; /* public key */
byte k[CURVE448_KEY_SIZE]; /* private key */
@@ -60,7 +60,7 @@ typedef struct curve448_key {
/* bit fields */
byte pubSet:1;
byte privSet:1;
} curve448_key;
};
enum {
EC448_LITTLE_ENDIAN = 0,

2
wolfssl/wolfcrypt/misc.h
View File

@@ -66,7 +66,7 @@ WOLFSSL_LOCAL
void xorbuf(void*, const void*, word32);
WOLFSSL_LOCAL
void ForceZero(const void*, word32);
void ForceZero(void*, word32);
WOLFSSL_LOCAL
int ConstantCompare(const byte*, const byte*, int);