diff --git a/IDE/ROWLEY-CROSSWORKS-ARM/kinetis_hw.c b/IDE/ROWLEY-CROSSWORKS-ARM/kinetis_hw.c
index ae5802316..bdbce0bda 100644
--- a/IDE/ROWLEY-CROSSWORKS-ARM/kinetis_hw.c
+++ b/IDE/ROWLEY-CROSSWORKS-ARM/kinetis_hw.c
@@ -64,10 +64,10 @@
// UART TX Port, Pin, Mux and Baud
#ifdef FREESCALE_KSDK_BM
- #define UART_PORT LPUART0 /* UART Port */
- #define UART_TX_PORT PORTA /* UART TX Port */
- #define UART_TX_PIN 2U /* UART TX Pin */
- #define UART_TX_MUX kPORT_MuxAlt2 /* Kinetis UART pin mux */
+ #define UART_PORT LPUART4 /* UART Port */
+ #define UART_TX_PORT PORTC /* UART TX Port */
+ #define UART_TX_PIN 15U /* UART TX Pin */
+ #define UART_TX_MUX kPORT_MuxAlt3 /* Kinetis UART pin mux */
#elif defined (WOLFSSL_FRDM_K64)
#define UART_PORT UART0 /* UART Port */
#define UART_TX_PORT PORTB /* UART TX Port */
@@ -91,7 +91,7 @@
/* Note: TWR-K60 is UART3, PTC17 */
/* Note: FRDM-K64 is UART4, PTE24 or UART0 PTB17 for OpenOCD (SIM_SCGC4_UART0_MASK)*/
/* Note: TWR-K64 is UART5, PTE8 */
-/* Note: FRDM-K82F is LPUART0 A2, LPUART4 PTC15 */
+/* Note: FRDM-K82F is LPUART4 PTC15 Alt3 (OpenOCD UART) */
/***********************************************/
diff --git a/IDE/ROWLEY-CROSSWORKS-ARM/wolfssl_ltc.hzp b/IDE/ROWLEY-CROSSWORKS-ARM/wolfssl_ltc.hzp
index 5a474b301..2cd93b21f 100644
--- a/IDE/ROWLEY-CROSSWORKS-ARM/wolfssl_ltc.hzp
+++ b/IDE/ROWLEY-CROSSWORKS-ARM/wolfssl_ltc.hzp
@@ -159,7 +159,6 @@
-
@@ -223,8 +222,6 @@
-
-
diff --git a/scripts/openssl.test b/scripts/openssl.test
index 605946b46..55cdfaa6a 100755
--- a/scripts/openssl.test
+++ b/scripts/openssl.test
@@ -2,6 +2,10 @@
#openssl.test
+# Enviornment variables used:
+# OPENSSL (openssl app to use)
+# OPENSSL_ENGINE_ID (engine id if any i.e. "wolfengine")
+
CERT_DIR="$PWD/$(dirname "$0")/../certs"
if ! test -n "$WOLFSSL_OPENSSL_TEST"; then
@@ -129,17 +133,39 @@ start_openssl_server() {
server_port=$port
found_free_port=0
counter=0
+
+ # If OPENSSL_ENGINE_ID has been set then check that the desired engine can
+ # be loaded successfully and error out if not. Otherwise the OpenSSL app
+ # will fall back to default engine.
+ if [ ! -z "${OPENSSL_ENGINE_ID}" ]; then
+ OUTPUT=`$OPENSSL engine -tt $OPENSSL_ENGINE_ID`
+ if [ $? != 0 ]; then
+ printf "not able to load engine\n"
+ printf "$OPENSSL engine -tt $OPENSSL_ENGINE_ID\n"
+ do_cleanup
+ exit 1
+ else
+ echo $OUTPUT | grep "available"
+ if [ $? != 0 ]; then
+ printf "engine not available\n"
+ do_cleanup
+ exit 1
+ fi
+ fi
+ OPENSSL_ENGINE_ID="-engine ${OPENSSL_ENGINE_ID}"
+ fi
+
while [ "$counter" -lt 20 ]; do
echo -e "\n# Trying to start $openssl_suite OpenSSL server on port $server_port..."
echo "#"
if [ "$cert_file" != "" ]
then
- echo "# " $OPENSSL s_server -accept $server_port -cert $cert_file -key $key_file -quiet -CAfile $ca_file -www -dhparam ${CERT_DIR}/dh2048.pem -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe
- $OPENSSL s_server -accept $server_port -cert $cert_file -key $key_file -quiet -CAfile $ca_file -www -dhparam ${CERT_DIR}/dh2048.pem -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe &
+ echo "# " $OPENSSL s_server -accept $server_port $OPENSSL_ENGINE_ID -cert $cert_file -key $key_file -quiet -CAfile $ca_file -www -dhparam ${CERT_DIR}/dh2048.pem -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe
+ $OPENSSL s_server -accept $server_port $OPENSSL_ENGINE_ID -cert $cert_file -key $key_file -quiet -CAfile $ca_file -www -dhparam ${CERT_DIR}/dh2048.pem -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe &
else
- echo "# " $OPENSSL s_server -accept $server_port -quiet -nocert -www -dhparam ${CERT_DIR}/dh2048.pem -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe
- $OPENSSL s_server -accept $server_port -quiet -nocert -www -dhparam ${CERT_DIR}/dh2048.pem -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe &
+ echo "# " $OPENSSL s_server -accept $server_port $OPENSSL_ENGINE_ID -quiet -nocert -www -dhparam ${CERT_DIR}/dh2048.pem -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe
+ $OPENSSL s_server -accept $server_port $OPENSSL_ENGINE_ID -quiet -nocert -www -dhparam ${CERT_DIR}/dh2048.pem -verify 10 -verify_return_error -psk $psk_hex -cipher "ALL:eNULL" $openssl_nodhe &
fi
server_pid=$!
# wait to see if s_server successfully starts before continuing
diff --git a/src/ssl.c b/src/ssl.c
index 2f7f7806e..7ae20698e 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -10130,13 +10130,6 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c,
goto err;
}
}
- else if (gn) {
- if (wolfSSL_sk_GENERAL_NAME_push(sk, gn) != WOLFSSL_SUCCESS) {
- WOLFSSL_MSG("Error pushing GENERAL_NAME object onto "
- "stack.");
- goto err;
- }
- }
ret = sk;
@@ -25313,7 +25306,7 @@ WOLFSSL_X509* wolfSSL_d2i_X509_REQ_bio(WOLFSSL_BIO* bio, WOLFSSL_X509** x509)
#endif
#if !defined(NO_ASN) && !defined(NO_PWDBASED)
-#ifndef NO_BIO
+#if !defined(NO_BIO) && defined(HAVE_PKCS12)
WC_PKCS12* wolfSSL_d2i_PKCS12_bio(WOLFSSL_BIO* bio, WC_PKCS12** pkcs12)
{
WC_PKCS12* localPkcs12 = NULL;
@@ -25393,7 +25386,7 @@ int wolfSSL_i2d_PKCS12_bio(WOLFSSL_BIO *bio, WC_PKCS12 *pkcs12)
return ret;
}
-#endif /* !NO_BIO */
+#endif /* !NO_BIO && HAVE_PKCS12 */
/* Copies unencrypted DER key buffer into "der". If "der" is null then the size
* of buffer needed is returned. If *der == NULL then it allocates a buffer.
@@ -25406,6 +25399,7 @@ int wolfSSL_i2d_PrivateKey(const WOLFSSL_EVP_PKEY* key, unsigned char** der)
return wolfSSL_EVP_PKEY_get_der(key, der);
}
+#ifdef HAVE_PKCS12
/* Creates a new WC_PKCS12 structure
*
* pass password to use
@@ -25793,6 +25787,7 @@ int wolfSSL_PKCS12_verify_mac(WC_PKCS12 *pkcs12, const char *psw,
return wc_PKCS12_verify_ex(pkcs12, (const byte*)psw, pswLen) == 0 ?
WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
}
+#endif /* HAVE_PKCS12 */
#endif /* !NO_ASN && !NO_PWDBASED */
@@ -26019,7 +26014,47 @@ void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store)
XFREE(store, NULL, DYNAMIC_TYPE_X509_STORE);
}
}
-
+/**
+ * Get ex_data in WOLFSSL_STORE at given index
+ * @param store a pointer to WOLFSSL_X509_STORE structure
+ * @param idx Index of ex_data to get data from
+ * @return void pointer to ex_data on success or NULL on failure
+ */
+void* wolfSSL_X509_STORE_get_ex_data(WOLFSSL_X509_STORE* store, int idx)
+{
+ WOLFSSL_ENTER("wolfSSL_X509_STORE_get_ex_data");
+#ifdef HAVE_EX_DATA
+ if (store != NULL && idx < MAX_EX_DATA && idx >= 0) {
+ return wolfSSL_CRYPTO_get_ex_data(&store->ex_data, idx);
+ }
+#else
+ (void)store;
+ (void)idx;
+#endif
+ return NULL;
+}
+/**
+ * Set ex_data for WOLFSSL_STORE
+ * @param store a pointer to WOLFSSL_X509_STORE structure
+ * @param idx Index of ex data to set
+ * @param data Data to set in ex data
+ * @return WOLFSSL_SUCCESS on success or WOLFSSL_FAILURE on failure
+ */
+int wolfSSL_X509_STORE_set_ex_data(WOLFSSL_X509_STORE* store, int idx,
+ void *data)
+{
+ WOLFSSL_ENTER("wolfSSL_X509_STORE_set_ex_data");
+#ifdef HAVE_EX_DATA
+ if (store != NULL && idx < MAX_EX_DATA) {
+ return wolfSSL_CRYPTO_set_ex_data(&store->ex_data, idx, data);
+ }
+#else
+ (void)store;
+ (void)idx;
+ (void)data;
+#endif
+ return WOLFSSL_FAILURE;
+}
#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
#ifdef OPENSSL_EXTRA
@@ -26379,7 +26414,7 @@ static void *wolfSSL_d2i_X509_fp_ex(XFILE file, void **x509, int type)
newx509 = (void *)wolfSSL_d2i_X509_CRL(NULL, fileBuffer, (int)sz);
}
#endif
- #if !defined(NO_ASN) && !defined(NO_PWDBASED)
+ #if !defined(NO_ASN) && !defined(NO_PWDBASED) && defined(HAVE_PKCS12)
else if (type == PKCS12_TYPE) {
if ((newx509 = wc_PKCS12_new()) == NULL) {
goto err_exit;
@@ -26404,7 +26439,7 @@ static void *wolfSSL_d2i_X509_fp_ex(XFILE file, void **x509, int type)
goto _exit;
err_exit:
-#if !defined(NO_ASN) && !defined(NO_PWDBASED)
+#if !defined(NO_ASN) && !defined(NO_PWDBASED) && defined(HAVE_PKCS12)
if ((newx509 != NULL) && (type == PKCS12_TYPE)) {
wc_PKCS12_free((WC_PKCS12*)newx509);
newx509 = NULL;
@@ -32297,7 +32332,11 @@ int wolfSSL_RAND_bytes(unsigned char* buf, int num)
#endif
WOLFSSL_ENTER("wolfSSL_RAND_bytes");
-
+ /* sanity check */
+ if (buf == NULL || num < 0)
+ /* return code compliant with OpenSSL */
+ return 0;
+
/* if a RAND callback has been set try and use it */
#ifndef WOLFSSL_NO_OPENSSL_RAND_CB
if (wolfSSL_RAND_InitMutex() == 0 && wc_LockMutex(&gRandMethodMutex) == 0) {
diff --git a/src/tls13.c b/src/tls13.c
index 2fd6e18ba..1097cf385 100644
--- a/src/tls13.c
+++ b/src/tls13.c
@@ -5034,6 +5034,11 @@ static int SendTls13Certificate(WOLFSSL* ssl)
byte certReqCtxLen = 0;
byte* certReqCtx = NULL;
+#ifdef OPENSSL_EXTRA
+ WOLFSSL_X509* x509 = NULL;
+ WOLFSSL_EVP_PKEY* pkey = NULL;
+#endif
+
WOLFSSL_START(WC_FUNC_CERTIFICATE_SEND);
WOLFSSL_ENTER("SendTls13Certificate");
@@ -5044,6 +5049,22 @@ static int SendTls13Certificate(WOLFSSL* ssl)
}
#endif
+#ifdef OPENSSL_EXTRA
+ /* call client cert callback if no cert has been loaded */
+ if ((ssl->ctx->CBClientCert != NULL) &&
+ (!ssl->buffers.certificate || !ssl->buffers.certificate->buffer)) {
+ ret = ssl->ctx->CBClientCert(ssl, &x509, &pkey);
+ if (ret == 1) {
+ if ((wolfSSL_CTX_use_certificate(ssl->ctx, x509) == WOLFSSL_SUCCESS) &&
+ (wolfSSL_CTX_use_PrivateKey(ssl->ctx, pkey) == WOLFSSL_SUCCESS)) {
+ ssl->options.sendVerify = SEND_CERT;
+ }
+ wolfSSL_X509_free(x509);
+ wolfSSL_EVP_PKEY_free(pkey);
+ }
+ }
+#endif
+
if (ssl->options.sendVerify == SEND_BLANK_CERT) {
certSz = 0;
certChainSz = 0;
diff --git a/tests/api.c b/tests/api.c
index 7e8ef59fa..85ca164b0 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -5061,7 +5061,7 @@ static void test_wolfSSL_PKCS12(void)
*/
#if defined(OPENSSL_EXTRA) && !defined(NO_DES3) && !defined(NO_FILESYSTEM) && \
!defined(NO_ASN) && !defined(NO_PWDBASED) && !defined(NO_RSA) && \
- !defined(NO_SHA)
+ !defined(NO_SHA) && defined(HAVE_PKCS12)
byte buffer[6000];
char file[] = "./certs/test-servercert.p12";
char order[] = "./certs/ecc-rsa-server.p12";
@@ -28476,6 +28476,28 @@ static void test_wolfSSL_X509_STORE_CTX(void)
X509_STORE_CTX_free(ctx);
}
+ /* test X509_STORE_get/set_ex_data */
+ {
+ int i = 0, tmpData = 99;
+ void* tmpDataRet;
+ AssertNotNull(str = X509_STORE_new());
+ #if defined(HAVE_EX_DATA)
+ for (i = 0; i < MAX_EX_DATA; i++) {
+ AssertIntEQ(X509_STORE_set_ex_data(str, i, &tmpData),
+ WOLFSSL_SUCCESS);
+ tmpDataRet = (int*)X509_STORE_get_ex_data(str, i);
+ AssertNotNull(tmpDataRet);
+ AssertIntEQ(tmpData, *(int*)tmpDataRet);
+ }
+ #else
+ AssertIntEQ(X509_STORE_set_ex_data(str, i, &tmpData),
+ WOLFSSL_FAILURE);
+ tmpDataRet = (int*)X509_STORE_get_ex_data(str, i);
+ AssertNull(tmpDataRet);
+ #endif
+ X509_STORE_free(str);
+ }
+
printf(resultFmt, passed);
#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA) */
@@ -31038,7 +31060,10 @@ static void test_wolfSSL_RAND_set_rand_method(void)
printf(testingFmt, "wolfSSL_RAND_set_rand_method()");
- AssertIntNE(RAND_status(), 5432);
+ buf = (byte*)XMALLOC(32 * sizeof(byte), NULL,
+ DYNAMIC_TYPE_TMP_BUFFER);
+
+ AssertIntNE(wolfSSL_RAND_status(), 5432);
AssertIntEQ(*was_cleanup_called, 0);
RAND_cleanup();
AssertIntEQ(*was_cleanup_called, 0);
@@ -31074,6 +31099,8 @@ static void test_wolfSSL_RAND_set_rand_method(void)
RAND_cleanup();
AssertIntEQ(*was_cleanup_called, 0);
+ XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && !WOLFSSL_NO_OPENSSL_RAND_CB */
}
@@ -31089,17 +31116,24 @@ static void test_wolfSSL_RAND_bytes(void)
byte *my_buf;
printf(testingFmt, "test_wolfSSL_RAND_bytes()");
-
+ /* sanity check */
+ AssertIntEQ(RAND_bytes(NULL, 16), 0);
+ AssertIntEQ(RAND_bytes(NULL, 0), 0);
+
max_bufsize = size4;
my_buf = (byte*)XMALLOC(max_bufsize * sizeof(byte), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
+
+ AssertIntEQ(RAND_bytes(my_buf, 0), 1);
+ AssertIntEQ(RAND_bytes(my_buf, -1), 0);
+
AssertNotNull(my_buf);
XMEMSET(my_buf, 0, max_bufsize);
- AssertIntEQ(wolfSSL_RAND_bytes(my_buf, size1), 1);
- AssertIntEQ(wolfSSL_RAND_bytes(my_buf, size2), 1);
- AssertIntEQ(wolfSSL_RAND_bytes(my_buf, size3), 1);
- AssertIntEQ(wolfSSL_RAND_bytes(my_buf, size4), 1);
+ AssertIntEQ(RAND_bytes(my_buf, size1), 1);
+ AssertIntEQ(RAND_bytes(my_buf, size2), 1);
+ AssertIntEQ(RAND_bytes(my_buf, size3), 1);
+ AssertIntEQ(RAND_bytes(my_buf, size4), 1);
XFREE(my_buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -31784,15 +31818,6 @@ static void test_wolfSSL_OBJ(void)
ASN1_STRING *asn1 = NULL;
unsigned char *buf_dyn = NULL;
- PKCS12 *p12;
- int boolRet;
- EVP_PKEY *pkey = NULL;
- const char *p12_f[] = {
- #if !defined(NO_DES3) && !defined(NO_RSA)
- "./certs/test-servercert.p12",
- #endif
- NULL};
-
printf(testingFmt, "wolfSSL_OBJ()");
AssertIntEQ(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1), SSL_FAILURE);
@@ -31850,27 +31875,42 @@ static void test_wolfSSL_OBJ(void)
}
- for (i = 0; p12_f[i] != NULL; i++)
+#ifdef HAVE_PKCS12
{
- AssertTrue((fp = XFOPEN(p12_f[i], "rb")) != XBADFILE);
- AssertNotNull(p12 = d2i_PKCS12_fp(fp, NULL));
- XFCLOSE(fp);
- AssertTrue((boolRet = PKCS12_parse(p12, "wolfSSL test", &pkey, &x509, NULL)) > 0);
- wc_PKCS12_free(p12);
- EVP_PKEY_free(pkey);
- x509Name = X509_get_issuer_name(x509);
- AssertNotNull(x509Name);
- AssertIntNE((numNames = X509_NAME_entry_count(x509Name)), 0);
- AssertTrue((bio = BIO_new(BIO_s_mem())) != NULL);
- for (j = 0; j < numNames; j++)
+ PKCS12 *p12;
+ int boolRet;
+ EVP_PKEY *pkey = NULL;
+ const char *p12_f[] = {
+ #if !defined(NO_DES3) && !defined(NO_RSA)
+ "./certs/test-servercert.p12",
+ #endif
+ NULL};
+
+ for (i = 0; p12_f[i] != NULL; i++)
{
- AssertNotNull(x509NameEntry = X509_NAME_get_entry(x509Name, j));
- AssertNotNull(asn1Name = X509_NAME_ENTRY_get_object(x509NameEntry));
- AssertTrue((nid = OBJ_obj2nid(asn1Name)) > 0);
+ AssertTrue((fp = XFOPEN(p12_f[i], "rb")) != XBADFILE);
+ AssertNotNull(p12 = d2i_PKCS12_fp(fp, NULL));
+ XFCLOSE(fp);
+ AssertTrue((boolRet = PKCS12_parse(p12, "wolfSSL test",
+ &pkey, &x509, NULL)) > 0);
+ wc_PKCS12_free(p12);
+ EVP_PKEY_free(pkey);
+ x509Name = X509_get_issuer_name(x509);
+ AssertNotNull(x509Name);
+ AssertIntNE((numNames = X509_NAME_entry_count(x509Name)), 0);
+ AssertTrue((bio = BIO_new(BIO_s_mem())) != NULL);
+ for (j = 0; j < numNames; j++)
+ {
+ AssertNotNull(x509NameEntry = X509_NAME_get_entry(x509Name, j));
+ AssertNotNull(asn1Name =
+ X509_NAME_ENTRY_get_object(x509NameEntry));
+ AssertTrue((nid = OBJ_obj2nid(asn1Name)) > 0);
+ }
+ BIO_free(bio);
+ X509_free(x509);
}
- BIO_free(bio);
- X509_free(x509);
}
+#endif /* HAVE_PKCS12 */
printf(resultFmt, passed);
#endif
diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c
index dbeee2e32..69bcb2d18 100644
--- a/wolfcrypt/src/ecc.c
+++ b/wolfcrypt/src/ecc.c
@@ -2882,7 +2882,7 @@ static int ecc_mulmod(const mp_int* k, ecc_point* P, ecc_point* Q,
#endif
-/* Convert the point to montogmery form.
+/* Convert the point to montgomery form.
*
* @param [in] p Point to convert.
* @param [out] r Point in montgomery form.
@@ -4459,10 +4459,14 @@ static int ecc_make_pub_ex(ecc_key* key, ecc_curve_spec* curveIn,
err = MEMORY_E;
}
}
+#ifndef FREESCALE_LTC_ECC /* this is done in hardware */
if (err == MP_OKAY) {
/* Use constant time map if compiled in */
err = ecc_map_ex(pub, curve->prime, mp, 1);
}
+#else
+ (void)mp;
+#endif
wc_ecc_del_point_ex(base, key->heap);
}
diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c
index 0073e895e..a1d0a3f32 100644
--- a/wolfcrypt/src/pkcs7.c
+++ b/wolfcrypt/src/pkcs7.c
@@ -8336,18 +8336,14 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz,
case WC_PKCS7_DECRYPT_KTRI_2:
#ifndef NO_PKCS7_STREAM
- if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz, pkcs7->stream->expected,
- &pkiMsg, idx)) != 0) {
+ if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz,
+ pkcs7->stream->expected, &pkiMsg, idx)) != 0) {
return ret;
}
- rc = wc_PKCS7_GetMaxStream(pkcs7, PKCS7_DEFAULT_PEEK,
- in, inSz);
- if (rc < 0) {
- ret = (int)rc;
- break;
+ if (in != pkiMsg) {
+ pkiMsgSz = pkcs7->stream->length;
}
- pkiMsgSz = (word32)rc;
wc_PKCS7_StreamGetVar(pkcs7, NULL, &sidType, &version);
diff --git a/wolfcrypt/src/port/nxp/ksdk_port.c b/wolfcrypt/src/port/nxp/ksdk_port.c
index 6d601a407..be8cbe1de 100644
--- a/wolfcrypt/src/port/nxp/ksdk_port.c
+++ b/wolfcrypt/src/port/nxp/ksdk_port.c
@@ -129,9 +129,9 @@ int mp_mul(mp_int *A, mp_int *B, mp_int *C)
#endif
/* unsigned multiply */
- uint8_t *ptrA = (uint8_t *)XMALLOC(LTC_MAX_INT_BYTES, 0, DYNAMIC_TYPE_BIGINT);
- uint8_t *ptrB = (uint8_t *)XMALLOC(LTC_MAX_INT_BYTES, 0, DYNAMIC_TYPE_BIGINT);
- uint8_t *ptrC = (uint8_t *)XMALLOC(LTC_MAX_INT_BYTES, 0, DYNAMIC_TYPE_BIGINT);
+ uint8_t *ptrA = (uint8_t *)XMALLOC(LTC_MAX_INT_BYTES, NULL, DYNAMIC_TYPE_BIGINT);
+ uint8_t *ptrB = (uint8_t *)XMALLOC(LTC_MAX_INT_BYTES, NULL, DYNAMIC_TYPE_BIGINT);
+ uint8_t *ptrC = (uint8_t *)XMALLOC(LTC_MAX_INT_BYTES, NULL, DYNAMIC_TYPE_BIGINT);
if (ptrA && ptrB && ptrC) {
uint16_t sizeA, sizeB;
@@ -179,17 +179,15 @@ int mp_mul(mp_int *A, mp_int *B, mp_int *C)
int mp_mod(mp_int *a, mp_int *b, mp_int *c)
{
int res = MP_OKAY;
-#if defined(FREESCALE_LTC_TFM_RSA_4096_ENABLE)
int szA, szB;
szA = mp_unsigned_bin_size(a);
szB = mp_unsigned_bin_size(b);
if ((szA <= LTC_MAX_INT_BYTES) && (szB <= LTC_MAX_INT_BYTES))
{
-#endif /* FREESCALE_LTC_TFM_RSA_4096_ENABLE */
int neg = 0;
- uint8_t *ptrA = (uint8_t *)XMALLOC(LTC_MAX_INT_BYTES, 0, DYNAMIC_TYPE_BIGINT);
- uint8_t *ptrB = (uint8_t *)XMALLOC(LTC_MAX_INT_BYTES, 0, DYNAMIC_TYPE_BIGINT);
- uint8_t *ptrC = (uint8_t *)XMALLOC(LTC_MAX_INT_BYTES, 0, DYNAMIC_TYPE_BIGINT);
+ uint8_t *ptrA = (uint8_t *)XMALLOC(LTC_MAX_INT_BYTES, NULL, DYNAMIC_TYPE_BIGINT);
+ uint8_t *ptrB = (uint8_t *)XMALLOC(LTC_MAX_INT_BYTES, NULL, DYNAMIC_TYPE_BIGINT);
+ uint8_t *ptrC = (uint8_t *)XMALLOC(LTC_MAX_INT_BYTES, NULL, DYNAMIC_TYPE_BIGINT);
#ifndef WOLFSSL_SP_MATH
/* get sign for the result */
@@ -233,12 +231,15 @@ int mp_mod(mp_int *a, mp_int *b, mp_int *c)
if (ptrC) {
XFREE(ptrC, NULL, DYNAMIC_TYPE_BIGINT);
}
-#if defined(FREESCALE_LTC_TFM_RSA_4096_ENABLE)
}
else {
+#if defined(FREESCALE_LTC_TFM_RSA_4096_ENABLE)
res = wolfcrypt_mp_mod(a, b, c);
+#else
+ res = NOT_COMPILED_IN;
+#endif
}
-#endif /* FREESCALE_LTC_TFM_RSA_4096_ENABLE */
+
return res;
}
@@ -246,15 +247,13 @@ int mp_mod(mp_int *a, mp_int *b, mp_int *c)
int mp_invmod(mp_int *a, mp_int *b, mp_int *c)
{
int res = MP_OKAY;
-#if defined(FREESCALE_LTC_TFM_RSA_4096_ENABLE)
int szA, szB;
szA = mp_unsigned_bin_size(a);
szB = mp_unsigned_bin_size(b);
if ((szA <= LTC_MAX_INT_BYTES) && (szB <= LTC_MAX_INT_BYTES)) {
-#endif
- uint8_t *ptrA = (uint8_t *)XMALLOC(LTC_MAX_INT_BYTES, 0, DYNAMIC_TYPE_BIGINT);
- uint8_t *ptrB = (uint8_t *)XMALLOC(LTC_MAX_INT_BYTES, 0, DYNAMIC_TYPE_BIGINT);
- uint8_t *ptrC = (uint8_t *)XMALLOC(LTC_MAX_INT_BYTES, 0, DYNAMIC_TYPE_BIGINT);
+ uint8_t *ptrA = (uint8_t *)XMALLOC(LTC_MAX_INT_BYTES, NULL, DYNAMIC_TYPE_BIGINT);
+ uint8_t *ptrB = (uint8_t *)XMALLOC(LTC_MAX_INT_BYTES, NULL, DYNAMIC_TYPE_BIGINT);
+ uint8_t *ptrC = (uint8_t *)XMALLOC(LTC_MAX_INT_BYTES, NULL, DYNAMIC_TYPE_BIGINT);
if (ptrA && ptrB && ptrC) {
uint16_t sizeA, sizeB, sizeC;
@@ -290,12 +289,14 @@ int mp_invmod(mp_int *a, mp_int *b, mp_int *c)
if (ptrC) {
XFREE(ptrC, NULL, DYNAMIC_TYPE_BIGINT);
}
-#if defined(FREESCALE_LTC_TFM_RSA_4096_ENABLE)
}
else {
+#if defined(FREESCALE_LTC_TFM_RSA_4096_ENABLE)
res = wolfcrypt_mp_invmod(a, b, c);
+#else
+ res = NOT_COMPILED_IN;
+#endif
}
-#endif /* FREESCALE_LTC_TFM_RSA_4096_ENABLE */
return res;
}
@@ -303,13 +304,11 @@ int mp_invmod(mp_int *a, mp_int *b, mp_int *c)
int mp_mulmod(mp_int *a, mp_int *b, mp_int *c, mp_int *d)
{
int res = MP_OKAY;
-#if defined(FREESCALE_LTC_TFM_RSA_4096_ENABLE)
int szA, szB, szC;
szA = mp_unsigned_bin_size(a);
szB = mp_unsigned_bin_size(b);
szC = mp_unsigned_bin_size(c);
if ((szA <= LTC_MAX_INT_BYTES) && (szB <= LTC_MAX_INT_BYTES) && (szC <= LTC_MAX_INT_BYTES)) {
-#endif /* FREESCALE_LTC_TFM_RSA_4096_ENABLE */
mp_int t;
uint8_t *ptrA = (uint8_t *)XMALLOC(LTC_MAX_INT_BYTES, NULL, DYNAMIC_TYPE_BIGINT);
@@ -317,8 +316,8 @@ int mp_mulmod(mp_int *a, mp_int *b, mp_int *c, mp_int *d)
uint8_t *ptrC = (uint8_t *)XMALLOC(LTC_MAX_INT_BYTES, NULL, DYNAMIC_TYPE_BIGINT);
uint8_t *ptrD = (uint8_t *)XMALLOC(LTC_MAX_INT_BYTES, NULL, DYNAMIC_TYPE_BIGINT);
- /* if A or B is negative, subtract abs(A) or abs(B) from modulus to get positive integer representation of the
- * same number */
+ /* if A or B is negative, subtract abs(A) or abs(B) from modulus to get
+ * positive integer representation of the same number */
res = mp_init(&t);
#ifndef WOLFSSL_SP_MATH
if (a->sign) {
@@ -347,7 +346,8 @@ int mp_mulmod(mp_int *a, mp_int *b, mp_int *c, mp_int *d)
/* (A*B)mod C = ((A mod C) * (B mod C)) mod C */
if (res == MP_OKAY && LTC_PKHA_CompareBigNum(ptrA, sizeA, ptrC, sizeC) >= 0) {
if (kStatus_Success !=
- LTC_PKHA_ModRed(LTC_BASE, ptrA, sizeA, ptrC, sizeC, ptrA, &sizeA, kLTC_PKHA_IntegerArith))
+ LTC_PKHA_ModRed(LTC_BASE, ptrA, sizeA, ptrC, sizeC, ptrA,
+ &sizeA, kLTC_PKHA_IntegerArith))
{
res = MP_VAL;
}
@@ -355,16 +355,18 @@ int mp_mulmod(mp_int *a, mp_int *b, mp_int *c, mp_int *d)
if (res == MP_OKAY && (LTC_PKHA_CompareBigNum(ptrB, sizeB, ptrC, sizeC) >= 0))
{
if (kStatus_Success !=
- LTC_PKHA_ModRed(LTC_BASE, ptrB, sizeB, ptrC, sizeC, ptrB, &sizeB, kLTC_PKHA_IntegerArith))
+ LTC_PKHA_ModRed(LTC_BASE, ptrB, sizeB, ptrC, sizeC, ptrB,
+ &sizeB, kLTC_PKHA_IntegerArith))
{
res = MP_VAL;
}
}
if (res == MP_OKAY) {
- if (kStatus_Success != LTC_PKHA_ModMul(LTC_BASE, ptrA, sizeA, ptrB, sizeB, ptrC, sizeC, ptrD, &sizeD,
- kLTC_PKHA_IntegerArith, kLTC_PKHA_NormalValue,
- kLTC_PKHA_NormalValue, kLTC_PKHA_TimingEqualized))
+ if (kStatus_Success != LTC_PKHA_ModMul(LTC_BASE, ptrA, sizeA,
+ ptrB, sizeB, ptrC, sizeC, ptrD, &sizeD,
+ kLTC_PKHA_IntegerArith, kLTC_PKHA_NormalValue,
+ kLTC_PKHA_NormalValue, kLTC_PKHA_TimingEqualized))
{
res = MP_VAL;
}
@@ -394,12 +396,15 @@ int mp_mulmod(mp_int *a, mp_int *b, mp_int *c, mp_int *d)
#ifndef USE_FAST_MATH
mp_clear(&t);
#endif
-#if defined(FREESCALE_LTC_TFM_RSA_4096_ENABLE)
}
else {
+#if defined(FREESCALE_LTC_TFM_RSA_4096_ENABLE)
res = wolfcrypt_mp_mulmod(a, b, c, d);
+#else
+ res = NOT_COMPILED_IN;
+#endif
}
-#endif /* FREESCALE_LTC_TFM_RSA_4096_ENABLE */
+
return res;
}
@@ -407,12 +412,12 @@ int mp_mulmod(mp_int *a, mp_int *b, mp_int *c, mp_int *d)
int mp_exptmod(mp_int *G, mp_int *X, mp_int *P, mp_int *Y)
{
int res = MP_OKAY;
-#if defined(FREESCALE_LTC_TFM_RSA_4096_ENABLE)
int szA, szB, szC;
mp_int tmp;
/* if G cannot fit into LTC_PKHA, reduce it */
szA = mp_unsigned_bin_size(G);
+#if defined(FREESCALE_LTC_TFM_RSA_4096_ENABLE)
if (szA > LTC_MAX_INT_BYTES) {
res = mp_init(&tmp);
if (res != MP_OKAY)
@@ -423,18 +428,19 @@ int mp_exptmod(mp_int *G, mp_int *X, mp_int *P, mp_int *Y)
G = &tmp;
szA = mp_unsigned_bin_size(G);
}
-
+#endif
szB = mp_unsigned_bin_size(X);
szC = mp_unsigned_bin_size(P);
- if ((szA <= LTC_MAX_INT_BYTES) && (szB <= LTC_MAX_INT_BYTES) && (szC <= LTC_MAX_INT_BYTES)) {
-#endif /* FREESCALE_LTC_TFM_RSA_4096_ENABLE */
+ if ((szA <= LTC_MAX_INT_BYTES) && (szB <= LTC_MAX_INT_BYTES) &&
+ (szC <= LTC_MAX_INT_BYTES))
+ {
mp_int t;
uint16_t sizeG, sizeX, sizeP;
- uint8_t *ptrG = (uint8_t *)XMALLOC(LTC_MAX_INT_BYTES, 0, DYNAMIC_TYPE_BIGINT);
- uint8_t *ptrX = (uint8_t *)XMALLOC(LTC_MAX_INT_BYTES, 0, DYNAMIC_TYPE_BIGINT);
- uint8_t *ptrP = (uint8_t *)XMALLOC(LTC_MAX_INT_BYTES, 0, DYNAMIC_TYPE_BIGINT);
+ uint8_t *ptrG = (uint8_t *)XMALLOC(LTC_MAX_INT_BYTES, NULL, DYNAMIC_TYPE_BIGINT);
+ uint8_t *ptrX = (uint8_t *)XMALLOC(LTC_MAX_INT_BYTES, NULL, DYNAMIC_TYPE_BIGINT);
+ uint8_t *ptrP = (uint8_t *)XMALLOC(LTC_MAX_INT_BYTES, NULL, DYNAMIC_TYPE_BIGINT);
/* if G is negative, add modulus to convert to positive number for LTC */
res = mp_init(&t);
@@ -454,7 +460,8 @@ int mp_exptmod(mp_int *G, mp_int *X, mp_int *P, mp_int *Y)
if (res == MP_OKAY)
res = ltc_get_lsb_bin_from_mp_int(ptrP, P, &sizeP);
- /* if number if greater that modulo, we must first reduce due to LTC requirement on modular exponentiaton */
+ /* if number if greater that modulo, we must first reduce due to
+ LTC requirement on modular exponentiation */
/* it needs number less than modulus. */
/* we can take advantage of modular arithmetic rule that: A^B mod C = ( (A mod C)^B ) mod C
and so we do first (A mod N) : LTC does not give size requirement on A versus N,
@@ -462,7 +469,8 @@ int mp_exptmod(mp_int *G, mp_int *X, mp_int *P, mp_int *Y)
*/
/* if G >= P then */
if (res == MP_OKAY && LTC_PKHA_CompareBigNum(ptrG, sizeG, ptrP, sizeP) >= 0) {
- res = (int)LTC_PKHA_ModRed(LTC_BASE, ptrG, sizeG, ptrP, sizeP, ptrG, &sizeG, kLTC_PKHA_IntegerArith);
+ res = (int)LTC_PKHA_ModRed(LTC_BASE, ptrG, sizeG, ptrP, sizeP,
+ ptrG, &sizeG, kLTC_PKHA_IntegerArith);
if (res != kStatus_Success) {
res = MP_VAL;
@@ -470,8 +478,9 @@ int mp_exptmod(mp_int *G, mp_int *X, mp_int *P, mp_int *Y)
}
if (res == MP_OKAY) {
- res = (int)LTC_PKHA_ModExp(LTC_BASE, ptrG, sizeG, ptrP, sizeP, ptrX, sizeX, ptrP, &sizeP,
- kLTC_PKHA_IntegerArith, kLTC_PKHA_NormalValue, kLTC_PKHA_TimingEqualized);
+ res = (int)LTC_PKHA_ModExp(LTC_BASE, ptrG, sizeG, ptrP, sizeP,
+ ptrX, sizeX, ptrP, &sizeP, kLTC_PKHA_IntegerArith,
+ kLTC_PKHA_NormalValue, kLTC_PKHA_TimingEqualized);
if (res != kStatus_Success) {
res = MP_VAL;
@@ -498,17 +507,20 @@ int mp_exptmod(mp_int *G, mp_int *X, mp_int *P, mp_int *Y)
#ifndef USE_FAST_MATH
mp_clear(&t);
#endif
-#if defined(FREESCALE_LTC_TFM_RSA_4096_ENABLE)
}
else {
+#if defined(FREESCALE_LTC_TFM_RSA_4096_ENABLE)
res = wolfcrypt_mp_exptmod(G, X, P, Y);
+#else
+ res = NOT_COMPILED_IN;
+#endif
}
#ifndef USE_FAST_MATH
if (szA > LTC_MAX_INT_BYTES)
mp_clear(&tmp);
#endif
-#endif /* FREESCALE_LTC_TFM_RSA_4096_ENABLE */
+
return res;
}
@@ -575,7 +587,7 @@ static const uint8_t ltc_ecc256_modulus[32] = {
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF};
-static const uint8_t ltc_ecc256_r2modn[32] = {
+static const uint8_t ltc_ecc256_r2modn[32] = { /* R^2 mod N */
0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF,
0xFF, 0xFB, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xFF, 0xFF, 0xFD, 0xFF, 0xFF, 0xFF, 0x04, 0x00, 0x00, 0x00};
@@ -696,7 +708,7 @@ static int ltc_get_ecc_specs(const uint8_t **modulus, const uint8_t **r2modn,
(1==map, 0 == leave in projective)
return MP_OKAY on success
*/
-int wc_ecc_mulmod_ex(mp_int *k, ecc_point *G, ecc_point *R, mp_int* a,
+int wc_ecc_mulmod_ex(const mp_int *k, ecc_point *G, ecc_point *R, mp_int* a,
mp_int *modulus, int map, void* heap)
{
ltc_pkha_ecc_point_t B;
@@ -707,9 +719,6 @@ int wc_ecc_mulmod_ex(mp_int *k, ecc_point *G, ecc_point *R, mp_int* a,
status_t status;
int res;
- (void)a;
- (void)heap;
-
uint8_t Gxbin[LTC_MAX_ECC_BITS / 8];
uint8_t Gybin[LTC_MAX_ECC_BITS / 8];
uint8_t kbin[LTC_MAX_INT_BYTES];
@@ -719,6 +728,9 @@ int wc_ecc_mulmod_ex(mp_int *k, ecc_point *G, ecc_point *R, mp_int* a,
const uint8_t *bCurveParam;
const uint8_t *r2modn;
+ (void)a;
+ (void)heap;
+
if (k == NULL || G == NULL || R == NULL || modulus == NULL) {
return ECC_BAD_ARG_E;
}
@@ -726,26 +738,32 @@ int wc_ecc_mulmod_ex(mp_int *k, ecc_point *G, ecc_point *R, mp_int* a,
szModulus = mp_unsigned_bin_size(modulus);
szkbin = mp_unsigned_bin_size(k);
- res = ltc_get_from_mp_int(kbin, k, szkbin);
+ /* make sure LTC big number variable is large enough */
+ if (szModulus > LTC_MAX_INT_BYTES / 2) {
+ return MP_MEM;
+ }
+
+ res = ltc_get_from_mp_int(kbin, (mp_int*)k, szkbin);
if (res == MP_OKAY)
res = ltc_get_from_mp_int(Gxbin, G->x, szModulus);
if (res == MP_OKAY)
res = ltc_get_from_mp_int(Gybin, G->y, szModulus);
-
if (res != MP_OKAY)
return res;
size = szModulus;
+
/* find LTC friendly parameters for the selected curve */
- if (0 != ltc_get_ecc_specs(&modbin, &r2modn, &aCurveParam, &bCurveParam, size)) {
+ if (ltc_get_ecc_specs(&modbin, &r2modn, &aCurveParam, &bCurveParam, size) != 0) {
return ECC_BAD_ARG_E;
}
B.X = &Gxbin[0];
B.Y = &Gybin[0];
- status = LTC_PKHA_ECC_PointMul(LTC_BASE, &B, kbin, szkbin, modbin, r2modn, aCurveParam, bCurveParam, size,
- kLTC_PKHA_TimingEqualized, kLTC_PKHA_IntegerArith, &B, &point_of_infinity);
+ status = LTC_PKHA_ECC_PointMul(LTC_BASE, &B, kbin, szkbin, modbin, r2modn,
+ aCurveParam, bCurveParam, size, kLTC_PKHA_TimingEqualized,
+ kLTC_PKHA_IntegerArith, &B, &point_of_infinity);
if (status != kStatus_Success) {
return MP_VAL;
}
@@ -768,7 +786,7 @@ int wc_ecc_mulmod_ex(mp_int *k, ecc_point *G, ecc_point *R, mp_int* a,
return res;
}
-int wc_ecc_mulmod_ex2(mp_int* k, ecc_point *G, ecc_point *R, mp_int* a,
+int wc_ecc_mulmod_ex2(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a,
mp_int* modulus, mp_int* order, WC_RNG* rng, int map,
void* heap)
{
@@ -817,8 +835,8 @@ int wc_ecc_point_add(ecc_point *mG, ecc_point *mQ, ecc_point *mR, mp_int *m)
B.X = Qxbin;
B.Y = Qybin;
- status = LTC_PKHA_ECC_PointAdd(LTC_BASE, &A, &B, modbin, r2modn, aCurveParam, bCurveParam, size,
- kLTC_PKHA_IntegerArith, &A);
+ status = LTC_PKHA_ECC_PointAdd(LTC_BASE, &A, &B, modbin, r2modn,
+ aCurveParam, bCurveParam, size, kLTC_PKHA_IntegerArith, &A);
if (status != kStatus_Success) {
res = MP_VAL;
}
@@ -1131,7 +1149,8 @@ status_t LTC_PKHA_Curve25519ComputeY(ltc_pkha_ecc_point_t *ltcPoint)
/* if type is set, the input point p is in Montgomery curve coordinates,
so there is a map to Weierstrass curve */
/* q output point is always in Montgomery curve coordinates */
-int nxp_ltc_curve25519(ECPoint *q, const byte *n, const ECPoint *p, fsl_ltc_ecc_coordinate_system_t type)
+int nxp_ltc_curve25519(ECPoint *q, const byte *n, const ECPoint *p,
+ fsl_ltc_ecc_coordinate_system_t type)
{
status_t status;
ltc_pkha_ecc_point_t ltcPoint;
diff --git a/wolfcrypt/src/port/st/stm32.c b/wolfcrypt/src/port/st/stm32.c
index 2c23ed48c..dd19797a8 100644
--- a/wolfcrypt/src/port/st/stm32.c
+++ b/wolfcrypt/src/port/st/stm32.c
@@ -646,7 +646,7 @@ static int stm32_get_ecc_specs(const uint8_t **prime, const uint8_t **coef,
(1==map, 0 == leave in projective)
return MP_OKAY on success
*/
-int wc_ecc_mulmod_ex(mp_int *k, ecc_point *G, ecc_point *R, mp_int* a,
+int wc_ecc_mulmod_ex(const mp_int *k, ecc_point *G, ecc_point *R, mp_int* a,
mp_int *modulus, int map, void* heap)
{
PKA_ECCMulInTypeDef pka_mul;
@@ -725,7 +725,7 @@ int wc_ecc_mulmod_ex(mp_int *k, ecc_point *G, ecc_point *R, mp_int* a,
return res;
}
-int wc_ecc_mulmod_ex2(mp_int* k, ecc_point *G, ecc_point *R, mp_int* a,
+int wc_ecc_mulmod_ex2(const mp_int* k, ecc_point *G, ecc_point *R, mp_int* a,
mp_int* modulus, mp_int* order, WC_RNG* rng, int map,
void* heap)
{
diff --git a/wolfcrypt/src/sp_int.c b/wolfcrypt/src/sp_int.c
index fc0b74bf6..642fd908e 100644
--- a/wolfcrypt/src/sp_int.c
+++ b/wolfcrypt/src/sp_int.c
@@ -8874,7 +8874,7 @@ static int _sp_exptmod_nct(sp_int* b, sp_int* e, sp_int* m, sp_int* r)
/* Sqaure until we find bit that is 1 or there's less than a
* window of bits left.
*/
- while ((i >= 0) || (c >= winBits)) {
+ while (err == MP_OKAY && ((i >= 0) || (c >= winBits))) {
sp_digit n2 = n;
int c2 = c;
int i2 = i;
diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h
index 70a79aaa0..bdbd9df91 100644
--- a/wolfssl/openssl/ssl.h
+++ b/wolfssl/openssl/ssl.h
@@ -602,6 +602,8 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define X509_STORE_set_flags wolfSSL_X509_STORE_set_flags
#define X509_STORE_get1_certs wolfSSL_X509_STORE_get1_certs
#define X509_STORE_get_by_subject wolfSSL_X509_STORE_get_by_subject
+#define X509_STORE_set_ex_data wolfSSL_X509_STORE_set_ex_data
+#define X509_STORE_get_ex_data wolfSSL_X509_STORE_get_ex_data
#define X509_STORE_CTX_get1_issuer wolfSSL_X509_STORE_CTX_get1_issuer
#define X509_STORE_CTX_set_time wolfSSL_X509_STORE_CTX_set_time
#define X509_VERIFY_PARAM_new wolfSSL_X509_VERIFY_PARAM_new
diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h
index de42e4c78..6c608cd0d 100644
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -1667,6 +1667,10 @@ WOLFSSL_API void* wolfSSL_X509_STORE_CTX_get_ex_data(
WOLFSSL_X509_STORE_CTX* ctx, int idx);
WOLFSSL_API int wolfSSL_X509_STORE_CTX_set_ex_data(WOLFSSL_X509_STORE_CTX* ctx,
int idx, void *data);
+WOLFSSL_API void* wolfSSL_X509_STORE_get_ex_data(
+ WOLFSSL_X509_STORE* store, int idx);
+WOLFSSL_API int wolfSSL_X509_STORE_set_ex_data(WOLFSSL_X509_STORE* store,
+ int idx, void *data);
WOLFSSL_API void wolfSSL_X509_STORE_CTX_set_depth(WOLFSSL_X509_STORE_CTX* ctx,
int depth);
WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_STORE_CTX_get0_current_issuer(
diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h
index be15856f9..a882dff66 100644
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@@ -1178,8 +1178,11 @@ extern void uITRON4_free(void *p) ;
/* the LTC PKHA hardware limit is 2048 bits (256 bytes) for integer arithmetic.
the LTC_MAX_INT_BYTES defines the size of local variables that hold big integers. */
- #ifndef LTC_MAX_INT_BYTES
- #define LTC_MAX_INT_BYTES (256)
+ /* size is multiplication of 2 big ints */
+ #if !defined(NO_RSA) || !defined(NO_DH)
+ #define LTC_MAX_INT_BYTES (256*2)
+ #else
+ #define LTC_MAX_INT_BYTES (48*2)
#endif
/* This FREESCALE_LTC_TFM_RSA_4096_ENABLE macro can be defined.
diff --git a/wolfssl/wolfcrypt/tfm.h b/wolfssl/wolfcrypt/tfm.h
index c7fae484e..ba5f9db05 100644
--- a/wolfssl/wolfcrypt/tfm.h
+++ b/wolfssl/wolfcrypt/tfm.h
@@ -70,6 +70,11 @@
#define TFM_X86_64
#endif
#endif
+#if defined(__aarch64__) && defined(__APPLE__)
+ #if !defined(TFM_AARCH_64) && !defined(TFM_NO_ASM)
+ #define TFM_AARCH_64
+ #endif
+#endif
#if defined(TFM_X86_64) || defined(TFM_AARCH_64)
#if !defined(FP_64BIT)
#define FP_64BIT