diff --git a/configure.ac b/configure.ac index 5668b07c7..73eba3b05 100644 --- a/configure.ac +++ b/configure.ac @@ -180,6 +180,42 @@ AS_IF([test "$ax_enable_debug" = "yes"], ENABLED_CERTS="no" +# Support for forcing 32-bit mode +# To force 32-bit instructions use: +# ./configure CFLAGS="-m32" LDFLAGS="-m32" && make +# The checks for sizeof long and long/long are run at the top of configure and require "-m32" to be set directly in the ./configure statement. +AC_ARG_ENABLE([32bit], + [AS_HELP_STRING([--enable-32bit],[Enables 32-bit support (default: disabled)])], + [ ENABLED_32BIT=$enableval ], + [ ENABLED_32BIT=no ] + ) + +# 16-bit compiler support +AC_ARG_ENABLE([16bit], + [AS_HELP_STRING([--enable-16bit],[Enables 16-bit support (default: disabled)])], + [ ENABLED_16BIT=$enableval ], + [ ENABLED_16BIT=no ] + ) +if test "$ENABLED_16BIT" = "yes" +then + AM_CFLAGS="$AM_CFLAGS -DWC_16BIT_CPU" +fi + + + +# Support for disabling all ASM +AC_ARG_ENABLE([asm], + [AS_HELP_STRING([--enable-asm],[Enables option for assembly (default: enabled)])], + [ ENABLED_ASM=$enableval ], + [ ENABLED_ASM=yes ] + ) + +if test "$ENABLED_ASM" = "no" +then + AM_CFLAGS="$AM_CFLAGS -DTFM_NO_ASM -DWOLFSSL_NO_ASM" +fi +AC_SUBST([ENABLED_ASM]) + # FIPS AC_ARG_ENABLE([fips], @@ -373,9 +409,7 @@ then test "$enable_aescbc_length_checks" = "" && enable_aescbc_length_checks=yes test "$enable_camellia" = "" && enable_camellia=yes test "$enable_ripemd" = "" && enable_ripemd=yes - test "$enable_sha512" = "" && enable_sha512=yes test "$enable_sha224" = "" && enable_sha224=yes - test "$enable_sha3" = "" && enable_sha3=yes test "$enable_sessioncerts" = "" && enable_sessioncerts=yes test "$enable_keygen" = "" && enable_keygen=yes test "$enable_certgen" = "" && enable_certgen=yes @@ -431,6 +465,12 @@ then test "$enable_anon" = "" && enable_anon=yes test "$enable_mcast" = "" && enable_mcast=yes + if test "$ENABLED_32BIT" != "yes" + then + test "$enable_sha512" = "" && enable_sha512=yes + test "$enable_sha3" = "" && enable_sha3=yes + fi + if test "$ENABLED_LINUXKM_DEFAULTS" != "yes" then test "$enable_compkey" = "" && enable_compkey=yes @@ -448,7 +488,10 @@ then then if test "$ENABLED_FIPS" = "no" then - test "$enable_openssh" = "" && enable_openssh=yes + if test "$ENABLED_32BIT" != "yes" + then + test "$enable_openssh" = "" && enable_openssh=yes + fi # S/MIME support requires PKCS7, which requires no FIPS. test "$enable_smime" = "" && enable_smime=yes fi @@ -474,10 +517,13 @@ then test "$enable_xchacha" = "" && enable_xchacha=yes test "$enable_scep" = "" && enable_scep=yes test "$enable_pkcs7" = "" && enable_pkcs7=yes - test "$enable_ed25519" = "" && enable_ed25519=yes - test "$enable_ed25519_stream" = "" && enable_ed25519_stream=yes - test "$enable_ed448" = "" && enable_ed448=yes - test "$enable_ed448_stream" = "" && enable_ed448_stream=yes + if test "$ENABLED_32BIT" != "yes" + then + test "$enable_ed25519" = "" && enable_ed25519=yes + test "$enable_ed25519_stream" = "" && enable_ed25519_stream=yes + test "$enable_ed448" = "" && enable_ed448=yes + test "$enable_ed448_stream" = "" && enable_ed448_stream=yes + fi if test "$ENABLED_LINUXKM_DEFAULTS" != "yes" then @@ -525,9 +571,7 @@ then test "$enable_aescfb" = "" && enable_aescfb=yes test "$enable_camellia" = "" && enable_camellia=yes test "$enable_ripemd" = "" && enable_ripemd=yes - test "$enable_sha512" = "" && enable_sha512=yes test "$enable_sha224" = "" && enable_sha224=yes - test "$enable_sha3" = "" && enable_sha3=yes test "$enable_sessioncerts" = "" && enable_sessioncerts=yes test "$enable_keygen" = "" && enable_keygen=yes test "$enable_certgen" = "" && enable_certgen=yes @@ -569,6 +613,12 @@ then test "$enable_cryptocb" = "" && enable_cryptocb=yes test "$enable_anon" = "" && enable_anon=yes + if test "$ENABLED_32BIT" != "yes" + then + test "$enable_sha512" = "" && enable_sha512=yes + test "$enable_sha3" = "" && enable_sha3=yes + fi + if test "$ENABLED_LINUXKM_DEFAULTS" != "yes" then test "$enable_compkey" = "" && enable_compkey=yes @@ -586,11 +636,14 @@ then if test "$ENABLED_FIPS" = "no" then test "$enable_xchacha" = "" && enable_xchacha=yes - test "$enable_ed25519" = "" && enable_ed25519=yes - test "$enable_ed25519_stream" = "" && enable_ed25519_stream=yes - test "$enable_ed448" = "" && enable_ed448=yes - test "$enable_ed448_stream" = "" && enable_ed448_stream=yes test "$enable_pkcs7" = "" && enable_pkcs7=yes + if test "$ENABLED_32BIT" != "yes" + then + test "$enable_ed25519" = "" && enable_ed25519=yes + test "$enable_ed25519_stream" = "" && enable_ed25519_stream=yes + test "$enable_ed448" = "" && enable_ed448=yes + test "$enable_ed448_stream" = "" && enable_ed448_stream=yes + fi if test "$ENABLED_LINUXKM_DEFAULTS" != "yes" then @@ -615,43 +668,6 @@ then fi -# Support for forcing 32-bit mode -# To force 32-bit instructions use: -# ./configure CFLAGS="-m32" LDFLAGS="-m32" && make -# The checks for sizeof long and long/long are run at the top of configure and require "-m32" to be set directly in the ./configure statement. -AC_ARG_ENABLE([32bit], - [AS_HELP_STRING([--enable-32bit],[Enables 32-bit support (default: disabled)])], - [ ENABLED_32BIT=$enableval ], - [ ENABLED_32BIT=no ] - ) - -# 16-bit compiler support -AC_ARG_ENABLE([16bit], - [AS_HELP_STRING([--enable-16bit],[Enables 16-bit support (default: disabled)])], - [ ENABLED_16BIT=$enableval ], - [ ENABLED_16BIT=no ] - ) -if test "$ENABLED_16BIT" = "yes" -then - AM_CFLAGS="$AM_CFLAGS -DWC_16BIT_CPU" -fi - - - -# Support for disabling all ASM -AC_ARG_ENABLE([asm], - [AS_HELP_STRING([--enable-asm],[Enables option for assembly (default: enabled)])], - [ ENABLED_ASM=$enableval ], - [ ENABLED_ASM=yes ] - ) - -if test "$ENABLED_ASM" = "no" -then - AM_CFLAGS="$AM_CFLAGS -DTFM_NO_ASM -DWOLFSSL_NO_ASM" -fi -AC_SUBST([ENABLED_ASM]) - - # SINGLE THREADED AC_ARG_ENABLE([singlethreaded], [AS_HELP_STRING([--enable-singlethreaded],[Enable wolfSSL single threaded (default: disabled)])], @@ -1837,7 +1853,7 @@ fi # set sha3 default SHA3_DEFAULT=no -if test "$host_cpu" = "x86_64" || test "$host_cpu" = "aarch64" +if (test "$host_cpu" = "x86_64" || test "$host_cpu" = "aarch64") && test "$ENABLED_32BIT" = "no" then if test "x$ENABLED_FIPS" = "xno" || test "x$FIPS_VERSION" = "xv2" then @@ -6451,7 +6467,8 @@ AS_IF([test "x$ENABLED_CERT_REQ" = "xyes" && \ # ed25519 requires sha512 AS_IF([test "x$ENABLED_ED25519" = "xyes" && \ - test "x$ENABLED_SHA512" = "xno"], + test "x$ENABLED_SHA512" = "xno" && \ + test "x$ENABLED_32BIT" = "xno"], [AC_MSG_ERROR([cannot enable ed25519 without enabling sha512.])]) # ed25519 stream requires ed25519 @@ -6942,7 +6959,9 @@ AM_CONDITIONAL([BUILD_OCTEON_SYNC],[test "x$ENABLED_OCTEON_SYNC" = "xyes"]) AM_CONDITIONAL([BUILD_INTEL_QA],[test "x$ENABLED_INTEL_QA" = "xyes"]) AM_CONDITIONAL([BUILD_INTEL_QA_SYNC],[test "x$ENABLED_INTEL_QA_SYNC" = "xyes"]) AM_CONDITIONAL([BUILD_SP],[test "x$ENABLED_SP" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) -AM_CONDITIONAL([BUILD_SP_C],[(test "x$ENABLED_SP" = "xyes" && test "x$ENABLED_SP_ASM" = "xno") || test "x$ENABLED_USERSETTINGS" = "xyes"]) +AM_CONDITIONAL([BUILD_SP_C],[((test "$ENABLED_SP_RSA" = "yes" || test "$ENABLED_SP_DH" = "yes" \ + || test "$ENABLED_SP_ECC" = "yes") && test "x$ENABLED_SP_ASM" = "xno") \ + || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_SP_ARM64],[test "x$ENABLED_SP_ARM64_ASM" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_SP_ARM32],[test "x$ENABLED_SP_ARM32_ASM" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_SP_ARM_THUMB],[test "x$ENABLED_SP_ARM_THUMB_ASM" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) diff --git a/src/ssl.c b/src/ssl.c index 5938d669f..84f65c7d3 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -52105,7 +52105,7 @@ WOLFSSL_BN_ULONG wolfSSL_BN_mod_word(const WOLFSSL_BIGNUM *bn, if (w <= MP_MASK) { mp_digit bn_ret; - if (mp_mod_d((mp_int*)bn->internal, (WOLFSSL_BN_ULONG)w, &bn_ret) != MP_OKAY) { + if (mp_mod_d((mp_int*)bn->internal, (mp_digit)w, &bn_ret) != MP_OKAY) { WOLFSSL_MSG("mp_add_d error"); return (WOLFSSL_BN_ULONG)WOLFSSL_FATAL_ERROR; } diff --git a/tests/api.c b/tests/api.c index 5833ec8f2..84fcfd207 100644 --- a/tests/api.c +++ b/tests/api.c @@ -3804,7 +3804,11 @@ static int nonblocking_accept_read(void* args, WOLFSSL* ssl, SOCKET_T* sockfd) #endif #if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_WPAS) - #define MD_MAX_SIZE WC_SHA512_DIGEST_SIZE + #ifdef WC_SHA512_DIGEST_SIZE + #define MD_MAX_SIZE WC_SHA512_DIGEST_SIZE + #else + #define MD_MAX_SIZE WC_SHA256_DIGEST_SIZE + #endif byte server_side_msg1[MD_MAX_SIZE] = {0};/* msg sent by server */ byte server_side_msg2[MD_MAX_SIZE] = {0};/* msg received from client */ byte client_side_msg1[MD_MAX_SIZE] = {0};/* msg sent by client */ @@ -6525,7 +6529,7 @@ static void verify_alpn_matching_http1(WOLFSSL* ssl) AssertIntEQ(0, XMEMCMP(nego_proto, proto, protoSz)); } -static void test_wolfSSL_set_alpn_protos() +static void test_wolfSSL_set_alpn_protos(void) { unsigned long i; callback_functions callbacks[] = { @@ -44450,7 +44454,11 @@ static void test_wolfSSL_SMIME_read_PKCS7(void) #ifdef WOLFSSL_TLS13 #if defined(WOLFSSL_SEND_HRR_COOKIE) && !defined(NO_WOLFSSL_SERVER) -static byte fixedKey[WC_SHA384_DIGEST_SIZE] = { 0, }; +#ifdef WC_SHA384_DIGEST_SIZE + static byte fixedKey[WC_SHA384_DIGEST_SIZE] = { 0, }; +#else + static byte fixedKey[WC_SHA256_DIGEST_SIZE] = { 0, }; +#endif #endif #ifdef WOLFSSL_EARLY_DATA static const char earlyData[] = "Early Data"; diff --git a/wolfcrypt/src/des3.c b/wolfcrypt/src/des3.c index f09a8ad8c..2e0df4866 100644 --- a/wolfcrypt/src/des3.c +++ b/wolfcrypt/src/des3.c @@ -1422,7 +1422,7 @@ byte* const pc1m = buffer; /* place to modify pc1 into */ byte* const pcr = pc1m + 56; /* place to rotate pc1 into */ byte* const ks = pcr + 56; - register int i, j, l; + int i, j, l; int m; for (j = 0; j < 56; j++) { /* convert pc1 to bits of key */ diff --git a/wolfcrypt/src/misc.c b/wolfcrypt/src/misc.c index 3d276b576..27c75536f 100644 --- a/wolfcrypt/src/misc.c +++ b/wolfcrypt/src/misc.c @@ -299,7 +299,7 @@ WC_STATIC WC_INLINE void xorbuf(void* buf, const void* mask, word32 count) #ifndef WOLFSSL_NO_FORCE_ZERO /* This routine fills the first len bytes of the memory area pointed by mem with zeros. It ensures compiler optimizations doesn't skip it */ -WC_STATIC WC_INLINE void ForceZero(const void* mem, word32 len) +WC_STATIC WC_INLINE void ForceZero(void* mem, word32 len) { volatile byte* z = (volatile byte*)mem; diff --git a/wolfssl/wolfcrypt/curve25519.h b/wolfssl/wolfcrypt/curve25519.h index b3e5b13a1..c0626bcae 100644 --- a/wolfssl/wolfcrypt/curve25519.h +++ b/wolfssl/wolfcrypt/curve25519.h @@ -73,7 +73,7 @@ typedef struct { #endif /* A CURVE25519 Key */ -typedef struct curve25519_key { +struct curve25519_key { int idx; /* Index into the ecc_sets[] for the parameters of this curve if -1, this key is using user supplied curve in dp */ @@ -92,7 +92,7 @@ typedef struct curve25519_key { /* bit fields */ byte pubSet:1; byte privSet:1; -} curve25519_key; +}; enum { EC25519_LITTLE_ENDIAN=0, diff --git a/wolfssl/wolfcrypt/curve448.h b/wolfssl/wolfcrypt/curve448.h index 83986fbe3..86fa8ea58 100644 --- a/wolfssl/wolfcrypt/curve448.h +++ b/wolfssl/wolfcrypt/curve448.h @@ -49,7 +49,7 @@ #endif /* A CURVE448 Key */ -typedef struct curve448_key { +struct curve448_key { byte p[CURVE448_PUB_KEY_SIZE]; /* public key */ byte k[CURVE448_KEY_SIZE]; /* private key */ @@ -60,7 +60,7 @@ typedef struct curve448_key { /* bit fields */ byte pubSet:1; byte privSet:1; -} curve448_key; +}; enum { EC448_LITTLE_ENDIAN = 0, diff --git a/wolfssl/wolfcrypt/misc.h b/wolfssl/wolfcrypt/misc.h index 2b0bc06e3..263e793c4 100644 --- a/wolfssl/wolfcrypt/misc.h +++ b/wolfssl/wolfcrypt/misc.h @@ -66,7 +66,7 @@ WOLFSSL_LOCAL void xorbuf(void*, const void*, word32); WOLFSSL_LOCAL -void ForceZero(const void*, word32); +void ForceZero(void*, word32); WOLFSSL_LOCAL int ConstantCompare(const byte*, const byte*, int);