diff --git a/src/ssl.c b/src/ssl.c index e4aeb2b95..d90d30ef4 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -48359,12 +48359,15 @@ int wolfSSL_PEM_write_bio_PKCS8PrivateKey(WOLFSSL_BIO* bio, } if (ret == 0 && enc == NULL) { type = PKCS8_PRIVATEKEY_TYPE; + #ifdef HAVE_ECC if (pkey->type == EVP_PKEY_EC) { algId = ECDSAk; ret = wc_ecc_get_oid(pkey->ecc->group->curve_oid, &curveOid, &oidSz); } - else { + else + #endif + { algId = RSAk; curveOid = NULL; oidSz = 0; diff --git a/tests/api.c b/tests/api.c index bd7bf1bfe..be3d7f0aa 100644 --- a/tests/api.c +++ b/tests/api.c @@ -22146,7 +22146,9 @@ static int test_wc_SetSubjectKeyIdFromPublicKey_ex (void) RsaKey rsaKey; int bits = 2048; #endif +#if defined(HAVE_ECC) ecc_key eccKey; +#endif #if defined(HAVE_ED448) ed448_key ed448Key; #endif @@ -22185,6 +22187,7 @@ static int test_wc_SetSubjectKeyIdFromPublicKey_ex (void) wc_FreeRsaKey(&rsaKey); } #endif +#if defined(HAVE_ECC) if (ret == 0) { /*ECC*/ ret = wc_ecc_init(&eccKey); if (ret == 0) { @@ -22195,6 +22198,7 @@ static int test_wc_SetSubjectKeyIdFromPublicKey_ex (void) } wc_ecc_free(&eccKey); } +#endif #if defined(HAVE_ED448) && (defined(WOLFSSL_CERT_GEN) || \ defined(WOLFSSL_KEY_GEN)) @@ -22233,7 +22237,9 @@ static int test_wc_SetAuthKeyIdFromPublicKey_ex (void) RsaKey rsaKey; int bits = 2048; #endif +#if defined(HAVE_ECC) ecc_key eccKey; +#endif #if defined(HAVE_ED448) ed448_key ed448Key; #endif @@ -22272,6 +22278,7 @@ static int test_wc_SetAuthKeyIdFromPublicKey_ex (void) wc_FreeRsaKey(&rsaKey); } #endif +#if defined(HAVE_ECC) if (ret == 0) { /*ECC*/ ret = wc_ecc_init(&eccKey); if (ret == 0) { @@ -22282,6 +22289,7 @@ static int test_wc_SetAuthKeyIdFromPublicKey_ex (void) } wc_ecc_free(&eccKey); } +#endif #if defined(HAVE_ED448) && (defined(WOLFSSL_CERT_GEN) || \ defined(WOLFSSL_KEY_GEN)) @@ -29249,7 +29257,9 @@ static void test_wolfSSL_PKCS8_d2i(void) XFILE file; #ifndef NO_BIO BIO* bio; + #if defined(HAVE_ECC) WOLFSSL_EVP_PKEY* evpPkey = NULL; + #endif #endif #endif #ifndef NO_RSA @@ -34759,6 +34769,7 @@ static void test_wolfSSL_EVP_PKEY_derive(void) EVP_PKEY *pkey, *peerkey; const unsigned char* key; +#ifndef NO_DH /* DH */ key = dh_key_der_2048; AssertNotNull((pkey = d2i_PrivateKey(EVP_PKEY_DH, NULL, &key, @@ -34779,6 +34790,7 @@ static void test_wolfSSL_EVP_PKEY_derive(void) EVP_PKEY_free(peerkey); EVP_PKEY_free(pkey); XFREE(skey, NULL, DYNAMIC_TYPE_OPENSSL); +#endif #ifdef HAVE_ECC /* ECDH */ diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 83a24b420..bdd6bd1e4 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -16044,10 +16044,16 @@ static int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 inLen, byte curve[MAX_ALGO_SZ+2]; byte ver[MAX_VERSION_SZ]; byte seq[MAX_SEQ_SZ]; - byte *prv = NULL, *pub = NULL; int ret, totalSz, curveSz, verSz; int privHdrSz = ASN_ECC_HEADER_SZ; int pubHdrSz = ASN_ECC_CONTEXT_SZ + ASN_ECC_HEADER_SZ; +#ifdef WOLFSSL_NO_MALLOC + byte prv[MAX_ECC_BYTES + ASN_ECC_HEADER_SZ + MAX_SEQ_SZ]; + byte pub[(MAX_ECC_BYTES * 2) + 1 + ASN_ECC_CONTEXT_SZ + + ASN_ECC_HEADER_SZ + MAX_SEQ_SZ]; +#else + byte *prv = NULL, *pub = NULL; +#endif word32 idx = 0, prvidx = 0, pubidx = 0, curveidx = 0; word32 seqSz, privSz, pubSz = ECC_BUFSIZE; @@ -16067,15 +16073,23 @@ static int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 inLen, /* private */ privSz = key->dp->size; +#ifndef WOLFSSL_NO_MALLOC prv = (byte*)XMALLOC(privSz + privHdrSz + MAX_SEQ_SZ, key->heap, DYNAMIC_TYPE_TMP_BUFFER); if (prv == NULL) { return MEMORY_E; } +#else + if (sizeof(prv) < privSz + privHdrSz + MAX_SEQ_SZ) { + return BUFFER_E; + } +#endif prvidx += SetOctetString8Bit(key->dp->size, &prv[prvidx]); ret = wc_ecc_export_private_only(key, prv + prvidx, &privSz); if (ret < 0) { + #ifndef WOLFSSL_NO_MALLOC XFREE(prv, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + #endif return ret; } prvidx += privSz; @@ -16084,16 +16098,24 @@ static int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 inLen, if (pubIn) { ret = wc_ecc_export_x963(key, NULL, &pubSz); if (ret != LENGTH_ONLY_E) { + #ifndef WOLFSSL_NO_MALLOC XFREE(prv, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + #endif return ret; } + #ifndef WOLFSSL_NO_MALLOC pub = (byte*)XMALLOC(pubSz + pubHdrSz + MAX_SEQ_SZ, key->heap, DYNAMIC_TYPE_TMP_BUFFER); if (pub == NULL) { XFREE(prv, key->heap, DYNAMIC_TYPE_TMP_BUFFER); return MEMORY_E; } + #else + if (sizeof(pub) < pubSz + pubHdrSz + MAX_SEQ_SZ) { + return BUFFER_E; + } + #endif pub[pubidx++] = ECC_PREFIX_1; if (pubSz > 128) /* leading zero + extra size byte */ @@ -16105,8 +16127,10 @@ static int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 inLen, pubidx += SetBitString(pubSz, 0, pub + pubidx); ret = wc_ecc_export_x963(key, pub + pubidx, &pubSz); if (ret != 0) { + #ifndef WOLFSSL_NO_MALLOC XFREE(prv, key->heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(pub, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + #endif return ret; } pubidx += pubSz; @@ -16120,7 +16144,9 @@ static int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 inLen, if (totalSz > (int)inLen) { XFREE(prv, key->heap, DYNAMIC_TYPE_TMP_BUFFER); if (pubIn) { + #ifndef WOLFSSL_NO_MALLOC XFREE(pub, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + #endif } return BAD_FUNC_ARG; } @@ -16137,7 +16163,9 @@ static int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 inLen, /* private */ XMEMCPY(output + idx, prv, prvidx); idx += prvidx; +#ifndef WOLFSSL_NO_MALLOC XFREE(prv, key->heap, DYNAMIC_TYPE_TMP_BUFFER); +#endif /* curve */ XMEMCPY(output + idx, curve, curveidx); @@ -16147,7 +16175,9 @@ static int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 inLen, if (pubIn) { XMEMCPY(output + idx, pub, pubidx); /* idx += pubidx; not used after write, if more data remove comment */ + #ifndef WOLFSSL_NO_MALLOC XFREE(pub, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + #endif } return totalSz; @@ -16182,7 +16212,11 @@ int wc_EccPrivateKeyToPKCS8(ecc_key* key, byte* output, word32* outLen) word32 oidSz = 0; word32 pkcs8Sz = 0; const byte* curveOID = NULL; +#ifdef WOLFSSL_NO_MALLOC + byte tmpDer[ECC_BUFSIZE]; +#else byte* tmpDer = NULL; +#endif if (key == NULL || outLen == NULL) return BAD_FUNC_ARG; @@ -16193,16 +16227,19 @@ int wc_EccPrivateKeyToPKCS8(ecc_key* key, byte* output, word32* outLen) if (ret < 0) return ret; +#ifndef WOLFSSL_NO_MALLOC /* temp buffer for plain DER key */ tmpDer = (byte*)XMALLOC(ECC_BUFSIZE, key->heap, DYNAMIC_TYPE_TMP_BUFFER); if (tmpDer == NULL) return MEMORY_E; - +#endif XMEMSET(tmpDer, 0, ECC_BUFSIZE); tmpDerSz = wc_BuildEccKeyDer(key, tmpDer, ECC_BUFSIZE, 0); if (tmpDerSz < 0) { + #ifndef WOLFSSL_NO_MALLOC XFREE(tmpDer, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + #endif return tmpDerSz; } @@ -16210,17 +16247,24 @@ int wc_EccPrivateKeyToPKCS8(ecc_key* key, byte* output, word32* outLen) ret = wc_CreatePKCS8Key(NULL, &pkcs8Sz, tmpDer, tmpDerSz, algoID, curveOID, oidSz); if (ret != LENGTH_ONLY_E) { + #ifndef WOLFSSL_NO_MALLOC XFREE(tmpDer, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + #endif return ret; } if (output == NULL) { + #ifndef WOLFSSL_NO_MALLOC XFREE(tmpDer, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + #endif *outLen = pkcs8Sz; return LENGTH_ONLY_E; - } else if (*outLen < pkcs8Sz) { + } + else if (*outLen < pkcs8Sz) { + #ifndef WOLFSSL_NO_MALLOC XFREE(tmpDer, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + #endif WOLFSSL_MSG("Input buffer too small for ECC PKCS#8 key"); return BUFFER_E; } @@ -16228,11 +16272,15 @@ int wc_EccPrivateKeyToPKCS8(ecc_key* key, byte* output, word32* outLen) ret = wc_CreatePKCS8Key(output, &pkcs8Sz, tmpDer, tmpDerSz, algoID, curveOID, oidSz); if (ret < 0) { + #ifndef WOLFSSL_NO_MALLOC XFREE(tmpDer, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + #endif return ret; } +#ifndef WOLFSSL_NO_MALLOC XFREE(tmpDer, key->heap, DYNAMIC_TYPE_TMP_BUFFER); +#endif *outLen = ret; return ret; diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index 3319c3914..332b89c4d 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -6359,6 +6359,7 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash, /* perform blocking call to non-blocking function */ ecc_nb_ctx_t nb_ctx; XMEMSET(&nb_ctx, 0, sizeof(nb_ctx)); + err = NOT_COMPILED_IN; /* set default error */ #endif #ifndef WOLFSSL_SP_NO_256 if (ecc_sets[key->idx].id == ECC_SECP256R1) { @@ -7875,6 +7876,7 @@ int wc_ecc_import_private_key_ex(const byte* priv, word32 privSz, ret = wc_EccPublicKeyDecode(pub, &idx, key, pubSz); key->type = ECC_PRIVATEKEY; #else + (void)pubSz; ret = NOT_COMPILED_IN; #endif } diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index e84ccf3f9..ac1418068 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -1432,7 +1432,7 @@ int wolfSSL_EVP_PKEY_derive_set_peer(WOLFSSL_EVP_PKEY_CTX *ctx, WOLFSSL_EVP_PKEY return WOLFSSL_SUCCESS; } -#if !defined(NO_DH) && defined(HAVE_ECC) +#if !defined(NO_DH) || defined(HAVE_ECC) #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION!=2)) int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen) { @@ -1542,7 +1542,7 @@ int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_ return WOLFSSL_SUCCESS; } #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ -#endif +#endif /* !NO_DH || HAVE_ECC */ /* Uses the WOLFSSL_EVP_PKEY_CTX to decrypt a buffer. * diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 54846351a..e00797e2e 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -10663,7 +10663,7 @@ static int random_rng_test(void) if (ret != 0) return ret; -#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) +#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && !defined(WOLFSSL_NO_MALLOC) { byte nonce[8] = { 0 }; /* Test dynamic RNG. */ @@ -10834,7 +10834,7 @@ static int simple_mem_test(int sz) static int memory_test(void) { int ret = 0; -#ifndef USE_FAST_MATH +#if !defined(USE_FAST_MATH) && !defined(WOLFSSL_NO_MALLOC) byte* b = NULL; #endif #if defined(COMPLEX_MEM_TEST) || defined(WOLFSSL_STATIC_MEMORY) @@ -10951,7 +10951,7 @@ static int memory_test(void) } #endif -#ifndef USE_FAST_MATH +#if !defined(USE_FAST_MATH) && !defined(WOLFSSL_NO_MALLOC) /* realloc test */ b = (byte*)XMALLOC(MEM_TEST_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (b) { @@ -19349,7 +19349,7 @@ done: /* returns 0 on success */ static int ecc_test_make_pub(WC_RNG* rng) { -#ifdef WOLFSSL_SMALL_STACK +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) ecc_key *key = (ecc_key *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); #if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT) ecc_key *pub = (ecc_key *)XMALLOC(sizeof *pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); @@ -19372,7 +19372,7 @@ static int ecc_test_make_pub(WC_RNG* rng) int verify = 0; #endif -#ifdef WOLFSSL_SMALL_STACK +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) if ((key == NULL) || #if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT) (pub == NULL) || @@ -19451,6 +19451,7 @@ static int ecc_test_make_pub(WC_RNG* rng) } TEST_SLEEP(); +#ifndef WOLFSSL_NO_MALLOC pubPoint = wc_ecc_new_point_h(HEAP_HINT); if (pubPoint == NULL) { ERROR_OUT(-9625, done); @@ -19471,6 +19472,7 @@ static int ecc_test_make_pub(WC_RNG* rng) ERROR_OUT(-9627, done); } #endif /* HAVE_ECC_KEY_EXPORT */ +#endif /* !WOLFSSL_NO_MALLOC */ #endif /* !NO_ECC256 */ /* create a new key since above test for loading key is not supported */ @@ -19590,7 +19592,7 @@ done: wc_ecc_del_point_h(pubPoint, HEAP_HINT); -#ifdef WOLFSSL_SMALL_STACK +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) if (key != NULL) { wc_ecc_free(key); XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); @@ -19610,6 +19612,7 @@ done: return ret; } +#if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT) static int ecc_test_key_decode(WC_RNG* rng, int keySize) { int ret; @@ -19687,8 +19690,10 @@ static int ecc_test_key_decode(WC_RNG* rng, int keySize) return ret; } +#endif /* HAVE_ECC_KEY_EXPORT && !NO_ASN_CRYPT */ #endif /* HAVE_ECC_KEY_IMPORT */ +#if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT) static int ecc_test_key_gen(WC_RNG* rng, int keySize) { int ret = 0; @@ -19784,6 +19789,7 @@ done: return ret; } +#endif /* HAVE_ECC_KEY_EXPORT && !NO_ASN_CRYPT */ static int ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount, int curve_id, const ecc_set_type* dp) @@ -20222,6 +20228,8 @@ static int ecc_test_curve(WC_RNG* rng, int keySize) } #endif +#if defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \ + !defined(NO_ASN_CRYPT) ret = ecc_test_key_decode(rng, keySize); if (ret < 0) { if (ret == ECC_CURVE_OID_E) { @@ -20232,7 +20240,9 @@ static int ecc_test_curve(WC_RNG* rng, int keySize) return ret; } } +#endif +#if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT) ret = ecc_test_key_gen(rng, keySize); if (ret < 0) { if (ret == ECC_CURVE_OID_E) { @@ -20243,13 +20253,15 @@ static int ecc_test_curve(WC_RNG* rng, int keySize) return ret; } } +#endif return 0; } -#if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES) +#if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256 #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ - defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) + defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \ + !defined(WOLFSSL_NO_MALLOC) static int ecc_point_test(void) { int ret; @@ -21384,7 +21396,7 @@ exit: } #endif /* WOLFSSL_CERT_GEN */ -#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) +#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && !defined(WOLFSSL_NO_MALLOC) /* Test for the wc_ecc_key_new() and wc_ecc_key_free() functions. */ static int ecc_test_allocator(WC_RNG* rng) { @@ -21910,7 +21922,8 @@ static int ecc_test(void) goto done; } #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ - defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) + defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \ + !defined(WOLFSSL_NO_MALLOC) ret = ecc_point_test(); if (ret < 0) { goto done; @@ -21984,10 +21997,11 @@ static int ecc_test(void) goto done; } #endif -#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) +#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && !defined(WOLFSSL_NO_MALLOC) ret = ecc_test_allocator(&rng); if (ret != 0) { printf("ecc_test_allocator failed!: %d\n", ret); + goto done; } #endif @@ -21996,6 +22010,7 @@ static int ecc_test(void) ret = ecc_test_nonblock(&rng); if (ret != 0) { printf("ecc_test_nonblock failed!: %d\n", ret); + goto done; } #endif @@ -22208,7 +22223,8 @@ done: #if defined(USE_CERT_BUFFERS_256) && !defined(WOLFSSL_ATECC508A) && \ !defined(WOLFSSL_ATECC608A) && !defined(NO_ECC256) && \ defined(HAVE_ECC_VERIFY) && defined(HAVE_ECC_SIGN) -static int ecc_test_buffers(void) { +static int ecc_test_buffers(void) +{ size_t bytes; #ifdef WOLFSSL_SMALL_STACK ecc_key *cliKey = (ecc_key *)XMALLOC(sizeof *cliKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);