diff --git a/src/tls13.c b/src/tls13.c index 24578d2c9..6a6bd4042 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -1106,7 +1106,11 @@ int DeriveResumptionPSK(WOLFSSL* ssl, byte* nonce, byte nonceLen, byte* secret) static int BuildTls13HandshakeHmac(WOLFSSL* ssl, byte* key, byte* hash, word32* pHashSz) { - Hmac verifyHmac; +#ifdef WOLFSSL_SMALL_STACK + Hmac* verifyHmac; +#else + Hmac verifyHmac[1]; +#endif int hashType = WC_SHA256; int hashSz = WC_SHA256_DIGEST_SIZE; int ret = BAD_FUNC_ARG; @@ -1151,16 +1155,27 @@ static int BuildTls13HandshakeHmac(WOLFSSL* ssl, byte* key, byte* hash, WOLFSSL_BUFFER(hash, hashSz); #endif - /* Calculate the verify data. */ - ret = wc_HmacInit(&verifyHmac, ssl->heap, ssl->devId); - if (ret == 0) { - ret = wc_HmacSetKey(&verifyHmac, hashType, key, ssl->specs.hash_size); - if (ret == 0) - ret = wc_HmacUpdate(&verifyHmac, hash, hashSz); - if (ret == 0) - ret = wc_HmacFinal(&verifyHmac, hash); - wc_HmacFree(&verifyHmac); +#ifdef WOLFSSL_SMALL_STACK + verifyHmac = (Hmac*)XMALLOC(sizeof(Hmac), NULL, DYNAMIC_TYPE_HMAC); + if (verifyHmac == NULL) { + return MEMORY_E; } +#endif + + /* Calculate the verify data. */ + ret = wc_HmacInit(verifyHmac, ssl->heap, ssl->devId); + if (ret == 0) { + ret = wc_HmacSetKey(verifyHmac, hashType, key, ssl->specs.hash_size); + if (ret == 0) + ret = wc_HmacUpdate(verifyHmac, hash, hashSz); + if (ret == 0) + ret = wc_HmacFinal(verifyHmac, hash); + wc_HmacFree(verifyHmac); + } + +#ifdef WOLFSSL_SMALL_STACK + XFREE(verifyHmac, NULL, DYNAMIC_TYPE_HMAC); +#endif #ifdef WOLFSSL_DEBUG_TLS WOLFSSL_MSG(" Hash"); diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 53c540e49..169510a9f 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -87,6 +87,7 @@ ASN Options: * WOLFSSL_CERT_NAME_ALL: Adds more certificate name capability at the cost of taking up more memory. Adds initials, givenname, dnQualifer for example. + * WC_ASN_HASH_SHA256: Force use of SHA2-256 for the internal hash ID calcs. */ #ifndef NO_ASN @@ -12014,7 +12015,7 @@ int CalcHashId(const byte* data, word32 len, byte* hash) { int ret; -#if defined(NO_SHA) && !defined(NO_SHA256) +#if defined(NO_SHA) || (!defined(NO_SHA256) && defined(WC_ASN_HASH_SHA256)) ret = wc_Sha256Hash(data, len, hash); #elif !defined(NO_SHA) ret = wc_ShaHash(data, len, hash); @@ -23530,7 +23531,7 @@ int wc_PemToDer(const unsigned char* buff, long longSz, int type, return ret; } - +#ifdef WOLFSSL_ENCRYPTED_KEYS /* our KeyPemToDer password callback, password in userData */ static int KeyPemToDerPassCb(char* passwd, int sz, int rw, void* userdata) { @@ -23542,6 +23543,7 @@ static int KeyPemToDerPassCb(char* passwd, int sz, int rw, void* userdata) XSTRNCPY(passwd, (char*)userdata, sz); return min((word32)sz, (word32)XSTRLEN((char*)userdata)); } +#endif /* Return bytes written to buff or < 0 for error */ int wc_KeyPemToDer(const unsigned char* pem, int pemSz, @@ -23570,8 +23572,12 @@ int wc_KeyPemToDer(const unsigned char* pem, int pemSz, #endif XMEMSET(info, 0, sizeof(EncryptedInfo)); +#ifdef WOLFSSL_ENCRYPTED_KEYS info->passwd_cb = KeyPemToDerPassCb; info->passwd_userdata = (void*)pass; +#else + (void)pass; +#endif ret = PemToDer(pem, pemSz, PRIVATEKEY_TYPE, &der, NULL, info, NULL); diff --git a/wolfcrypt/src/hmac.c b/wolfcrypt/src/hmac.c index 2fb143a06..8f26aadc6 100644 --- a/wolfcrypt/src/hmac.c +++ b/wolfcrypt/src/hmac.c @@ -1184,14 +1184,26 @@ int wolfSSL_GetHmacMaxSize(void) const byte* inKey, word32 inKeySz, byte* out) { byte tmp[WC_MAX_DIGEST_SIZE]; /* localSalt helper */ - Hmac myHmac; + #ifdef WOLFSSL_SMALL_STACK + Hmac* myHmac; + #else + Hmac myHmac[1]; + #endif int ret; const byte* localSalt; /* either points to user input or tmp */ int hashSz; ret = wc_HmacSizeByType(type); - if (ret < 0) + if (ret < 0) { return ret; + } + + #ifdef WOLFSSL_SMALL_STACK + myHmac = (Hmac*)XMALLOC(sizeof(Hmac), NULL, DYNAMIC_TYPE_HMAC); + if (myHmac == NULL) { + return MEMORY_E; + } + #endif hashSz = ret; localSalt = salt; @@ -1201,15 +1213,18 @@ int wolfSSL_GetHmacMaxSize(void) saltSz = hashSz; } - ret = wc_HmacInit(&myHmac, NULL, INVALID_DEVID); + ret = wc_HmacInit(myHmac, NULL, INVALID_DEVID); if (ret == 0) { - ret = wc_HmacSetKey(&myHmac, type, localSalt, saltSz); + ret = wc_HmacSetKey(myHmac, type, localSalt, saltSz); if (ret == 0) - ret = wc_HmacUpdate(&myHmac, inKey, inKeySz); + ret = wc_HmacUpdate(myHmac, inKey, inKeySz); if (ret == 0) - ret = wc_HmacFinal(&myHmac, out); - wc_HmacFree(&myHmac); + ret = wc_HmacFinal(myHmac, out); + wc_HmacFree(myHmac); } + #ifdef WOLFSSL_SMALL_STACK + XFREE(myHmac, NULL, DYNAMIC_TYPE_HMAC); + #endif return ret; } @@ -1229,40 +1244,55 @@ int wolfSSL_GetHmacMaxSize(void) const byte* info, word32 infoSz, byte* out, word32 outSz) { byte tmp[WC_MAX_DIGEST_SIZE]; - Hmac myHmac; + #ifdef WOLFSSL_SMALL_STACK + Hmac* myHmac; + #else + Hmac myHmac[1]; + #endif int ret = 0; word32 outIdx = 0; word32 hashSz = wc_HmacSizeByType(type); byte n = 0x1; /* RFC 5869 states that the length of output keying material in - octets must be L <= 255*HashLen or N = ceil(L/HashLen) */ + * octets must be L <= 255*HashLen or N = ceil(L/HashLen) */ - if (out == NULL || ((outSz/hashSz) + ((outSz % hashSz) != 0)) > 255) + if (out == NULL || ((outSz/hashSz) + ((outSz % hashSz) != 0)) > 255) { return BAD_FUNC_ARG; + } - ret = wc_HmacInit(&myHmac, NULL, INVALID_DEVID); - if (ret != 0) + #ifdef WOLFSSL_SMALL_STACK + myHmac = (Hmac*)XMALLOC(sizeof(Hmac), NULL, DYNAMIC_TYPE_HMAC); + if (myHmac == NULL) { + return MEMORY_E; + } + #endif + + ret = wc_HmacInit(myHmac, NULL, INVALID_DEVID); + if (ret != 0) { + #ifdef WOLFSSL_SMALL_STACK + XFREE(myHmac, NULL, DYNAMIC_TYPE_HMAC); + #endif return ret; - + } while (outIdx < outSz) { int tmpSz = (n == 1) ? 0 : hashSz; word32 left = outSz - outIdx; - ret = wc_HmacSetKey(&myHmac, type, inKey, inKeySz); + ret = wc_HmacSetKey(myHmac, type, inKey, inKeySz); if (ret != 0) break; - ret = wc_HmacUpdate(&myHmac, tmp, tmpSz); + ret = wc_HmacUpdate(myHmac, tmp, tmpSz); if (ret != 0) break; - ret = wc_HmacUpdate(&myHmac, info, infoSz); + ret = wc_HmacUpdate(myHmac, info, infoSz); if (ret != 0) break; - ret = wc_HmacUpdate(&myHmac, &n, 1); + ret = wc_HmacUpdate(myHmac, &n, 1); if (ret != 0) break; - ret = wc_HmacFinal(&myHmac, tmp); + ret = wc_HmacFinal(myHmac, tmp); if (ret != 0) break; @@ -1273,7 +1303,10 @@ int wolfSSL_GetHmacMaxSize(void) n++; } - wc_HmacFree(&myHmac); + wc_HmacFree(myHmac); + #ifdef WOLFSSL_SMALL_STACK + XFREE(myHmac, NULL, DYNAMIC_TYPE_HMAC); + #endif return ret; } diff --git a/wolfcrypt/src/integer.c b/wolfcrypt/src/integer.c index cb05fa4bf..d6780e6ba 100644 --- a/wolfcrypt/src/integer.c +++ b/wolfcrypt/src/integer.c @@ -2306,11 +2306,7 @@ int mp_exptmod_base_2(mp_int * X, mp_int * P, mp_int * Y) { mp_digit buf, mp; int err = MP_OKAY, bitbuf, bitcpy, bitcnt, digidx, x, y; -#ifdef WOLFSSL_SMALL_STACK - mp_int *res = NULL; -#else mp_int res[1]; -#endif int (*redux)(mp_int*,mp_int*,mp_digit) = NULL; /* automatically pick the comba one if available (saves quite a few @@ -2332,13 +2328,6 @@ int mp_exptmod_base_2(mp_int * X, mp_int * P, mp_int * Y) return MP_VAL; } -#ifdef WOLFSSL_SMALL_STACK - res = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (res == NULL) { - return MP_MEM; - } -#endif - /* now setup montgomery */ if ((err = mp_montgomery_setup(P, &mp)) != MP_OKAY) { goto LBL_M; @@ -2449,9 +2438,6 @@ int mp_exptmod_base_2(mp_int * X, mp_int * P, mp_int * Y) LBL_RES:mp_clear (res); LBL_M: -#ifdef WOLFSSL_SMALL_STACK - XFREE(res, NULL, DYNAMIC_TYPE_TMP_BUFFER); -#endif return err; } @@ -2526,12 +2512,13 @@ int fast_mp_montgomery_reduce (mp_int * x, mp_int * n, mp_digit rho) } #ifdef WOLFSSL_SMALL_STACK - W = (mp_word*)XMALLOC(sizeof(mp_word) * MP_WARRAY, NULL, DYNAMIC_TYPE_BIGINT); + W = (mp_word*)XMALLOC(sizeof(mp_word) * (n->used * 2 + 1), NULL, + DYNAMIC_TYPE_BIGINT); if (W == NULL) return MP_MEM; #endif - XMEMSET(W, 0, (n->used * 2 + 1) * sizeof(mp_word)); + XMEMSET(W, 0, sizeof(mp_word) * (n->used * 2 + 1)); /* first we have to get the digits of the input into * an array of double precision words W[...] @@ -3349,7 +3336,7 @@ int fast_s_mp_sqr (mp_int * a, mp_int * b) return MP_RANGE; /* TAO range check */ #ifdef WOLFSSL_SMALL_STACK - W = (mp_digit*)XMALLOC(sizeof(mp_digit) * MP_WARRAY, NULL, DYNAMIC_TYPE_BIGINT); + W = (mp_digit*)XMALLOC(sizeof(mp_digit) * pa, NULL, DYNAMIC_TYPE_BIGINT); if (W == NULL) return MP_MEM; #endif @@ -3468,7 +3455,7 @@ int fast_s_mp_mul_digs (mp_int * a, mp_int * b, mp_int * c, int digs) return MP_RANGE; /* TAO range check */ #ifdef WOLFSSL_SMALL_STACK - W = (mp_digit*)XMALLOC(sizeof(mp_digit) * MP_WARRAY, NULL, DYNAMIC_TYPE_BIGINT); + W = (mp_digit*)XMALLOC(sizeof(mp_digit) * pa, NULL, DYNAMIC_TYPE_BIGINT); if (W == NULL) return MP_MEM; #endif @@ -4203,13 +4190,12 @@ int fast_s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs) return MP_RANGE; /* TAO range check */ #ifdef WOLFSSL_SMALL_STACK - W = (mp_digit*)XMALLOC(sizeof(mp_digit) * MP_WARRAY, NULL, DYNAMIC_TYPE_BIGINT); + W = (mp_digit*)XMALLOC(sizeof(mp_digit) * pa, NULL, DYNAMIC_TYPE_BIGINT); if (W == NULL) return MP_MEM; #endif /* number of output digits to produce */ - pa = a->used + b->used; _W = 0; for (ix = digs; ix < pa; ix++) { /* JRB, have a->dp check at top of function*/ int tx, ty, iy; diff --git a/wolfcrypt/src/kdf.c b/wolfcrypt/src/kdf.c index 7c144ab89..c7f6e0f95 100644 --- a/wolfcrypt/src/kdf.c +++ b/wolfcrypt/src/kdf.c @@ -435,13 +435,25 @@ int wc_PRF_TLS(byte* digest, word32 digLen, const byte* secret, word32 secLen, { int ret = 0; int idx = 0; + #ifdef WOLFSSL_SMALL_STACK + byte* data; + #else byte data[MAX_TLS13_HKDF_LABEL_SZ]; + #endif /* okmLen (2) + protocol|label len (1) + info len(1) + protocollen + * labellen + infolen */ idx = 4 + protocolLen + labelLen + infoLen; - if (idx > MAX_TLS13_HKDF_LABEL_SZ) + if (idx > MAX_TLS13_HKDF_LABEL_SZ) { return BUFFER_E; + } + + #ifdef WOLFSSL_SMALL_STACK + data = (byte*)XMALLOC(idx, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (data == NULL) { + return MEMORY_E; + } + #endif idx = 0; /* Output length. */ @@ -484,6 +496,9 @@ int wc_PRF_TLS(byte* digest, word32 digLen, const byte* secret, word32 secLen, #ifdef WOLFSSL_CHECK_MEM_ZERO wc_MemZero_Check(data, MAX_TLS13_HKDF_LABEL_SZ); + #endif + #ifdef WOLFSSL_SMALL_STACK + XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return ret; } diff --git a/wolfcrypt/src/sha256.c b/wolfcrypt/src/sha256.c index fda36af7b..3be80672b 100644 --- a/wolfcrypt/src/sha256.c +++ b/wolfcrypt/src/sha256.c @@ -1793,19 +1793,36 @@ int wc_Sha224_Grow(wc_Sha224* sha224, const byte* in, int inSz) int wc_Sha224GetHash(wc_Sha224* sha224, byte* hash) { int ret; - wc_Sha224 tmpSha224; + #ifdef WOLFSSL_SMALL_STACK + wc_Sha224* tmpSha224; + #else + wc_Sha224 tmpSha224[1]; + #endif - wc_InitSha224(&tmpSha224); - if (sha224 == NULL || hash == NULL) + if (sha224 == NULL || hash == NULL) { return BAD_FUNC_ARG; - - ret = wc_Sha224Copy(sha224, &tmpSha224); - if (ret == 0) { - ret = wc_Sha224Final(&tmpSha224, hash); - wc_Sha224Free(&tmpSha224); } + + #ifdef WOLFSSL_SMALL_STACK + tmpSha224 = (wc_Sha224*)XMALLOC(sizeof(wc_Sha224), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (tmpSha224 == NULL) { + return MEMORY_E; + } + #endif + + ret = wc_Sha224Copy(sha224, tmpSha224); + if (ret == 0) { + ret = wc_Sha224Final(tmpSha224, hash); + wc_Sha224Free(tmpSha224); + } + + #ifdef WOLFSSL_SMALL_STACK + XFREE(tmpSha224, NULL, DYNAMIC_TYPE_TMP_BUFFER); + #endif return ret; } + int wc_Sha224Copy(wc_Sha224* src, wc_Sha224* dst) { int ret = 0; @@ -1894,44 +1911,54 @@ int wc_Sha224_Grow(wc_Sha224* sha224, const byte* in, int inSz) int wc_Sha256GetHash(wc_Sha256* sha256, byte* hash) { int ret; - wc_Sha256 tmpSha256; +#ifdef WOLFSSL_SMALL_STACK + wc_Sha256* tmpSha256; +#else + wc_Sha256 tmpSha256[1]; +#endif - if (sha256 == NULL || hash == NULL) + if (sha256 == NULL || hash == NULL) { return BAD_FUNC_ARG; + } + +#ifdef WOLFSSL_SMALL_STACK + tmpSha256 = (wc_Sha256*)XMALLOC(sizeof(wc_Sha256), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (tmpSha256 == NULL) { + return MEMORY_E; + } +#endif #if defined(WOLFSSL_USE_ESP32WROOM32_CRYPT_HASH_HW) - /* ESP32 hardware can only handle only 1 active hardware hashing * at a time. If the mutex lock is acquired the first time then * that Sha256 instance has exclusive access to hardware. The * final or free needs to release the mutex. Operations that * do not get the lock fallback to software based Sha256 */ - if(sha256->ctx.mode == ESP32_SHA_INIT){ + if (sha256->ctx.mode == ESP32_SHA_INIT) { esp_sha_try_hw_lock(&sha256->ctx); } - if(sha256->ctx.mode == ESP32_SHA_HW) - { + if (sha256->ctx.mode == ESP32_SHA_HW) { esp_sha256_digest_process(sha256, 0); } #endif - ret = wc_Sha256Copy(sha256, &tmpSha256); + + ret = wc_Sha256Copy(sha256, tmpSha256); if (ret == 0) { - ret = wc_Sha256Final(&tmpSha256, hash); + ret = wc_Sha256Final(tmpSha256, hash); -#if defined(WOLFSSL_USE_ESP32WROOM32_CRYPT_HASH_HW) - { + #if defined(WOLFSSL_USE_ESP32WROOM32_CRYPT_HASH_HW) sha256->ctx.mode = ESP32_SHA_SW; - } -#endif + #endif - wc_Sha256Free(&tmpSha256); + wc_Sha256Free(tmpSha256); } -#if defined(WOLFSSL_USE_ESP32WROOM32_CRYPT_HASH_HW) - /* TODO: Make sure the ESP32 crypto mutex is released (in case final is not - * called */ +#ifdef WOLFSSL_SMALL_STACK + XFREE(tmpSha256, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif + return ret; } int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst) diff --git a/wolfcrypt/src/sha512.c b/wolfcrypt/src/sha512.c index a0cf26e28..d42806976 100644 --- a/wolfcrypt/src/sha512.c +++ b/wolfcrypt/src/sha512.c @@ -1502,29 +1502,49 @@ static int Sha512_Family_GetHash(wc_Sha512* sha512, byte* hash, int (*finalfp)(wc_Sha512*, byte*)) { int ret; - wc_Sha512 tmpSha512; - - if (sha512 == NULL || hash == NULL) - return BAD_FUNC_ARG; - -#if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \ - !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH) - if(sha512->ctx.mode == ESP32_SHA_INIT) { - esp_sha_try_hw_lock(&sha512->ctx); - } - if(sha512->ctx.mode != ESP32_SHA_SW) - esp_sha512_digest_process(sha512, 0); +#ifdef WOLFSSL_SMALL_STACK + wc_Sha512* tmpSha512; +#else + wc_Sha512 tmpSha512[1]; #endif - ret = wc_Sha512Copy(sha512, &tmpSha512); + if (sha512 == NULL || hash == NULL) { + return BAD_FUNC_ARG; + } + +#ifdef WOLFSSL_SMALL_STACK + tmpSha512 = (wc_Sha512*)XMALLOC(sizeof(wc_Sha512), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (tmpSha512 == NULL) { + return MEMORY_E; + } +#endif + +#if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \ + !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH) + if (sha512->ctx.mode == ESP32_SHA_INIT) { + esp_sha_try_hw_lock(&sha512->ctx); + } + if (sha512->ctx.mode != ESP32_SHA_SW) { + esp_sha512_digest_process(sha512, 0); + } +#endif + + ret = wc_Sha512Copy(sha512, tmpSha512); if (ret == 0) { - ret = finalfp(&tmpSha512, hash); -#if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \ + ret = finalfp(tmpSha512, hash); + +#if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \ !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH) sha512->ctx.mode = ESP32_SHA_SW;; #endif - wc_Sha512Free(&tmpSha512); + wc_Sha512Free(tmpSha512); } + +#ifdef WOLFSSL_SMALL_STACK + XFREE(tmpSha512, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return ret; } @@ -1735,36 +1755,58 @@ int wc_Sha512_256Transform(wc_Sha512* sha, const unsigned char* data) int wc_Sha384GetHash(wc_Sha384* sha384, byte* hash) { int ret; - wc_Sha384 tmpSha384; +#ifdef WOLFSSL_SMALL_STACK + wc_Sha384* tmpSha384; +#else + wc_Sha384 tmpSha384[1]; +#endif - if (sha384 == NULL || hash == NULL) + if (sha384 == NULL || hash == NULL) { return BAD_FUNC_ARG; -#if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \ + } + +#ifdef WOLFSSL_SMALL_STACK + tmpSha384 = (wc_Sha384*)XMALLOC(sizeof(wc_Sha384), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (tmpSha384 == NULL) { + return MEMORY_E; + } +#endif + +#if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \ !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH) - if(sha384->ctx.mode == ESP32_SHA_INIT) { + if (sha384->ctx.mode == ESP32_SHA_INIT) { esp_sha_try_hw_lock(&sha384->ctx); } - if(sha384->ctx.mode != ESP32_SHA_SW) { + if (sha384->ctx.mode != ESP32_SHA_SW) { esp_sha512_digest_process(sha384, 0); } #endif - ret = wc_Sha384Copy(sha384, &tmpSha384); + ret = wc_Sha384Copy(sha384, tmpSha384); if (ret == 0) { - ret = wc_Sha384Final(&tmpSha384, hash); -#if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \ + ret = wc_Sha384Final(tmpSha384, hash); + +#if defined(WOLFSSL_ESP32WROOM32_CRYPT) && \ !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH) sha384->ctx.mode = ESP32_SHA_SW; #endif - wc_Sha384Free(&tmpSha384); + wc_Sha384Free(tmpSha384); } + +#ifdef WOLFSSL_SMALL_STACK + XFREE(tmpSha384, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return ret; } + int wc_Sha384Copy(wc_Sha384* src, wc_Sha384* dst) { int ret = 0; - if (src == NULL || dst == NULL) + if (src == NULL || dst == NULL) { return BAD_FUNC_ARG; + } XMEMCPY(dst, src, sizeof(wc_Sha384)); #ifdef WOLFSSL_SMALL_STACK_CACHE diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index a2cce5529..5f23f89a1 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -872,7 +872,7 @@ enum Misc_ASN { ASN_BOOL_SIZE = 2, /* including type */ ASN_ECC_HEADER_SZ = 2, /* String type + 1 byte len */ ASN_ECC_CONTEXT_SZ = 2, /* Content specific type + 1 byte len */ -#ifdef NO_SHA +#if defined(NO_SHA) || (!defined(NO_SHA256) && defined(WC_ASN_HASH_SHA256)) KEYID_SIZE = WC_SHA256_DIGEST_SIZE, #else KEYID_SIZE = WC_SHA_DIGEST_SIZE, @@ -1591,7 +1591,7 @@ struct DecodedCert { byte issuerHash[KEYID_SIZE]; /* hash of all Names */ #ifdef HAVE_OCSP byte subjectKeyHash[KEYID_SIZE]; /* hash of the public Key */ - byte issuerKeyHash[KEYID_SIZE]; /* hash of the public Key */ + byte issuerKeyHash[KEYID_SIZE]; /* hash of the public Key */ #endif /* HAVE_OCSP */ const byte* signature; /* not owned, points into raw cert */ char* subjectCN; /* CommonName */ diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h index 0f212b5fd..b46b16e0b 100644 --- a/wolfssl/wolfcrypt/asn_public.h +++ b/wolfssl/wolfcrypt/asn_public.h @@ -285,11 +285,12 @@ typedef int (wc_pem_password_cb)(char* passwd, int sz, int rw, void* userdata); #endif typedef struct EncryptedInfo { - wc_pem_password_cb* passwd_cb; - void* passwd_userdata; - long consumed; /* tracks PEM bytes consumed */ +#ifdef WOLFSSL_ENCRYPTED_KEYS + wc_pem_password_cb* passwd_cb; + void* passwd_userdata; + int cipherType; word32 keySz; word32 ivSz; /* salt or encrypted IV size */ @@ -298,6 +299,7 @@ typedef struct EncryptedInfo { byte iv[IV_SZ]; /* salt or encrypted IV */ word16 set:1; /* if encryption set */ +#endif } EncryptedInfo; diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 1f2537187..dbf000605 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -2377,9 +2377,6 @@ extern void uITRON4_free(void *p) ; #ifndef USE_WOLF_STRTOK #define USE_WOLF_STRTOK #endif - #ifndef WOLFSSL_SP_DIV_WORD_HALF - #define WOLFSSL_SP_DIV_WORD_HALF - #endif #ifndef WOLFSSL_OLD_PRIME_CHECK #define WOLFSSL_OLD_PRIME_CHECK #endif