diff --git a/configure.ac b/configure.ac index 382a80e0d..46d8dd5f5 100644 --- a/configure.ac +++ b/configure.ac @@ -3260,10 +3260,10 @@ fi if test "$ENABLED_CHACHA" = "noasm" || test "$ENABLED_ASM" = "no" then - AM_CFLAGS="$AM_CFLAGS -DHAVE_CHACHA -DNO_CHACHA_ASM" + AM_CFLAGS="$AM_CFLAGS -DNO_CHACHA_ASM" fi -if test "$ENABLED_CHACHA" = "yes" +if test "$ENABLED_CHACHA" != "no" then AM_CFLAGS="$AM_CFLAGS -DHAVE_CHACHA" fi diff --git a/examples/server/server.c b/examples/server/server.c index a1956f395..c0ba215c3 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -1259,7 +1259,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) WOLFSSL_MEM_STATS mem_stats; #endif #endif -#if defined(WOLFSSL_TLS13) +#if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES) int onlyKeyShare = 0; #endif #if defined(HAVE_SESSION_TICKET) @@ -1643,13 +1643,15 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) break; case 'y' : - #if defined(WOLFSSL_TLS13) && !defined(NO_DH) + #if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES) \ + && !defined(NO_DH) onlyKeyShare = 1; #endif break; case 'Y' : - #if defined(WOLFSSL_TLS13) && defined(HAVE_ECC) + #if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES) \ + && defined(HAVE_ECC) onlyKeyShare = 2; #endif break; @@ -1657,7 +1659,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) case 't' : #ifdef HAVE_CURVE25519 useX25519 = 1; - #if defined(WOLFSSL_TLS13) && defined(HAVE_ECC) + #if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES) onlyKeyShare = 2; #endif #endif @@ -1786,7 +1788,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) case '8' : #ifdef HAVE_CURVE448 useX448 = 1; - #if defined(WOLFSSL_TLS13) && defined(HAVE_ECC) + #if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES) onlyKeyShare = 2; #endif #endif @@ -2558,7 +2560,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) SetupPkCallbackContexts(ssl, &pkCbInfo); #endif - #ifdef WOLFSSL_TLS13 + #if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES) if (version >= 4) { SetKeyShare(ssl, onlyKeyShare, useX25519, useX448); } diff --git a/src/internal.c b/src/internal.c index a0a2e1500..93d10d3b0 100644 --- a/src/internal.c +++ b/src/internal.c @@ -14240,7 +14240,7 @@ static WC_INLINE void AeadIncrementExpIV(WOLFSSL* ssl) #endif -#if defined(HAVE_POLY1305) && defined(HAVE_CHACHA) +#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_CHAPOL_AEAD) /* Used for the older version of creating AEAD tags with Poly1305 */ static int Poly1305TagOld(WOLFSSL* ssl, byte* additional, const byte* out, byte* cipher, word16 sz, byte* tag) @@ -14630,7 +14630,7 @@ static int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input, return ret; } -#endif /* HAVE_CHACHA && HAVE_POLY1305 */ +#endif /* HAVE_CHACHA && HAVE_POLY1305 && !NO_CHAPOL_AEAD*/ #endif /* HAVE_AEAD */ @@ -14814,7 +14814,8 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input, break; #endif - #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) + #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && \ + !defined(NO_CHAPOL_AEAD) case wolfssl_chacha: ret = ChachaAEADEncrypt(ssl, out, input, sz); break; @@ -15085,7 +15086,8 @@ static WC_INLINE int DecryptDo(WOLFSSL* ssl, byte* plain, const byte* input, break; #endif - #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) + #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && \ + !defined(NO_CHAPOL_AEAD) case wolfssl_chacha: ret = ChachaAEADDecrypt(ssl, plain, input, sz); break; @@ -20451,9 +20453,14 @@ int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list) int i; word32 length; - next = XSTRSTR(next, ":"); - length = min(sizeof(name), !next ? (word32)XSTRLEN(current) /* last */ - : (word32)(next - current)); + next = XSTRSTR(next, ":"); + length = MAX_SUITE_NAME + 1; + if (next != NULL) { + word32 currLen = (word32)(next - current); + if (length > currLen) { + length = currLen; + } + } XSTRNCPY(name, current, length); name[(length == sizeof(name)) ? length - 1 : length] = 0; @@ -26572,8 +26579,10 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, case ecdhe_psk_kea: /* Fall through to create temp ECC key */ #endif /* (HAVE_ECC || CURVE25519 || CURVE448) && !NO_PSK */ - #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \ - defined(HAVE_CURVE448) + #if defined(HAVE_ECC) || \ + ((defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)) && \ + (defined(HAVE_ED25519) || defined(HAVE_ED448) || \ + !defined(NO_RSA))) case ecc_diffie_hellman_kea: { #ifdef HAVE_CURVE25519 @@ -26661,7 +26670,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, case TLS_ASYNC_BUILD: { #if (!defined(NO_DH) && !defined(NO_RSA)) || (defined(HAVE_ECC) || \ - defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)) + (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \ + (defined(HAVE_CURVE448) && defined(HAVE_ED448))) word32 preSigSz, preSigIdx; #endif @@ -26918,8 +26928,10 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, break; } #endif /* (HAVE_ECC || CURVE25519 || CURVE448) && !NO_PSK */ - #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \ - defined(HAVE_CURVE448) + #if defined(HAVE_ECC) || \ + ((defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)) && \ + (defined(HAVE_ED25519) || defined(HAVE_ED448) || \ + !defined(NO_RSA))) case ecc_diffie_hellman_kea: { enum wc_HashType hashType; @@ -26963,7 +26975,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, args->exportBuf, &args->exportSz) != 0) { ERROR_OUT(ECC_EXPORT_ERROR, exit_sske); } - #endif + #endif } args->length += args->exportSz; diff --git a/src/keys.c b/src/keys.c index 67e65feea..2da340541 100644 --- a/src/keys.c +++ b/src/keys.c @@ -2273,7 +2273,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, #endif /* BUILD_ARC4 */ -#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) +#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_CHAPOL_AEAD) /* Check that the max implicit iv size is suffecient */ #if (AEAD_MAX_IMP_SZ < 12) /* CHACHA20_IMP_IV_SZ */ #error AEAD_MAX_IMP_SZ is too small for ChaCha20 diff --git a/src/ssl.c b/src/ssl.c index 0fb12ba33..f877ca5cf 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -6762,8 +6762,10 @@ int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format, int type, long sz = 0; XFILE file; void* heapHint = wolfSSL_CTX_GetHeap(ctx, ssl); +#ifndef NO_CODING const char* header = NULL; const char* footer = NULL; +#endif (void)crl; (void)heapHint; @@ -6800,6 +6802,7 @@ int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format, int type, else { /* Try to detect type by parsing cert header and footer */ if (type == DETECT_CERT_TYPE) { +#ifndef NO_CODING if (wc_PemGetHeaderFooter(CA_TYPE, &header, &footer) == 0 && (XSTRNSTR((char*)myBuffer, header, (int)sz) != NULL)) { type = CA_TYPE; @@ -6814,7 +6817,9 @@ int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format, int type, (XSTRNSTR((char*)myBuffer, header, (int)sz) != NULL)) { type = CERT_TYPE; } - else { + else +#endif + { WOLFSSL_MSG("Failed to detect certificate type"); if (dynamic) XFREE(myBuffer, heapHint, DYNAMIC_TYPE_FILE); diff --git a/src/tls.c b/src/tls.c index 4829fd294..b4e0bd7d4 100644 --- a/src/tls.c +++ b/src/tls.c @@ -10244,10 +10244,11 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer) #if defined(WOLFSSL_TLS13) && (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)) int usingPSK = 0; #endif -#if defined(HAVE_SUPPORTED_CURVES) || defined(HAVE_QSH) +#if (defined(HAVE_SUPPORTED_CURVES) && defined(WOLFSSL_TLS13)) || \ + defined(HAVE_QSH) TLSX* extension = NULL; #endif -#if defined(HAVE_SUPPORTED_CURVES) +#if defined(HAVE_SUPPORTED_CURVES) && defined(WOLFSSL_TLS13) word16 namedGroup = 0; #endif #ifdef HAVE_QSH @@ -10623,8 +10624,6 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer) (void)public_key; (void)public_key_len; (void)ssl; - (void)extension; - (void)namedGroup; return ret; } diff --git a/tests/api.c b/tests/api.c index 0b7340920..63407bc91 100644 --- a/tests/api.c +++ b/tests/api.c @@ -1131,7 +1131,7 @@ static int test_cm_load_ca_file(const char* ca_cert_file) static void test_wolfSSL_CertManagerCheckOCSPResponse(void) { -#ifdef HAVE_OCSP +#if defined(HAVE_OCSP) && !defined(NO_RSA) /* Need one of these for wolfSSL_OCSP_REQUEST_new. */ #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \ defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_APACHE_HTTPD) || \ @@ -5744,7 +5744,8 @@ static void test_wolfSSL_UseSNI(void) static void test_wolfSSL_UseTrustedCA(void) { -#if defined(HAVE_TRUSTED_CA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) +#if defined(HAVE_TRUSTED_CA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \ + && !defined(NO_RSA) WOLFSSL_CTX *ctx; WOLFSSL *ssl; byte id[20]; @@ -5791,7 +5792,8 @@ static void test_wolfSSL_UseTrustedCA(void) static void test_wolfSSL_UseMaxFragment(void) { -#if defined(HAVE_MAX_FRAGMENT) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) +#if defined(HAVE_MAX_FRAGMENT) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) #ifndef NO_WOLFSSL_SERVER WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()); AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM)); @@ -5833,7 +5835,8 @@ static void test_wolfSSL_UseMaxFragment(void) static void test_wolfSSL_UseTruncatedHMAC(void) { -#if defined(HAVE_TRUNCATED_HMAC) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) +#if defined(HAVE_TRUNCATED_HMAC) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) #ifndef NO_WOLFSSL_SERVER WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()); AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM)); @@ -6721,7 +6724,7 @@ static void test_wolfSSL_PKCS8(void) XFILE f; int bytes; WOLFSSL_CTX* ctx; -#ifdef HAVE_ECC +#if defined(HAVE_ECC) && !defined(NO_CODING) int ret; ecc_key key; word32 x = 0; @@ -6738,6 +6741,8 @@ static void test_wolfSSL_PKCS8(void) int flag; #endif + (void)der; + printf(testingFmt, "wolfSSL_PKCS8()"); #ifndef NO_WOLFSSL_CLIENT @@ -6867,6 +6872,7 @@ static void test_wolfSSL_PKCS8(void) AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); +#ifndef NO_CODING /* decrypt PKCS8 PEM to key in DER format */ AssertIntGT((bytes = wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der), NULL)), 0); @@ -6876,6 +6882,7 @@ static void test_wolfSSL_PKCS8(void) wc_ecc_free(&key); } AssertIntEQ(ret, 0); +#endif /* Test PKCS8 DER ECC key no crypt */ f = XFOPEN(eccPkcs8PrivKeyDerFile, "rb"); @@ -27182,7 +27189,7 @@ static void test_wolfSSL_X509_NAME(void) #ifndef NO_BIO static void test_wolfSSL_X509_INFO(void) { -#if defined(OPENSSL_ALL) +#if defined(OPENSSL_ALL) && !defined(NO_RSA) STACK_OF(X509_INFO) *info_stack; X509_INFO *info; BIO *cert; @@ -27289,7 +27296,7 @@ static void test_wolfSSL_X509_check_host(void) static void test_wolfSSL_X509_check_email(void) { -#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) +#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && !defined(NO_RSA) X509* x509; const char goodEmail[] = "info@wolfssl.com"; const char badEmail[] = "disinfo@wolfssl.com"; @@ -29548,7 +29555,7 @@ static void test_wolfSSL_X509_Name_canon(void) #if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && !defined(NO_SHA) && \ defined(WOLFSSL_CERT_GEN) && \ - (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) + (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && !defined(NO_RSA) const long ex_hash1 = 0x0fdb2da4; const long ex_hash2 = 0x9f3e8c9e; @@ -30546,8 +30553,8 @@ static void test_wolfSSL_X509_STORE(void) static void test_wolfSSL_X509_STORE_load_locations(void) { -#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && !defined(NO_FILESYSTEM)\ - && !defined(NO_WOLFSSL_DIR) +#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && \ + !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) && !defined(NO_RSA) SSL_CTX *ctx; X509_STORE *store; @@ -31951,7 +31958,8 @@ static void test_wolfSSL_X509(void) static void test_wolfSSL_X509_get_ext_count(void) { -#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) +#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \ + !defined(NO_RSA) int ret = 0; WOLFSSL_X509* x509; const char ocspRootCaFile[] = "./certs/ocsp/root-ca-cert.pem"; @@ -31992,7 +32000,7 @@ static void test_wolfSSL_X509_get_ext_count(void) static void test_wolfSSL_X509_sign2(void) { -#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_CERTS) && \ defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_ALT_NAMES) && \ defined(WOLFSSL_CERT_EXT) && \ (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME)) @@ -32189,7 +32197,7 @@ static void test_wolfSSL_X509_sign2(void) static void test_wolfSSL_X509_sign(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ - defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) + defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && !defined(NO_RSA) int ret; char *caSubject; X509_NAME *name; @@ -32382,7 +32390,8 @@ static void test_wolfSSL_X509_get0_tbs_sigalg(void) static void test_wolfSSL_X509_ALGOR_get0(void) { -#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && !defined(NO_SHA256) +#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && \ + !defined(NO_SHA256) && !defined(NO_RSA) X509* x509 = NULL; const ASN1_OBJECT* obj = NULL; const X509_ALGOR* alg; @@ -32571,7 +32580,8 @@ static void test_wolfSSL_X509_get_X509_PUBKEY(void) static void test_wolfSSL_X509_PUBKEY(void) { -#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && !defined(NO_SHA256) +#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && \ + !defined(NO_SHA256) && !defined(NO_RSA) X509* x509 = NULL; ASN1_OBJECT* obj = NULL; X509_PUBKEY* pubKey; @@ -35215,7 +35225,7 @@ static void test_wolfSSL_RSA_meth(void) static void test_wolfSSL_verify_mode(void) { -#if defined(OPENSSL_ALL) +#if defined(OPENSSL_ALL) && !defined(NO_RSA) WOLFSSL* ssl; WOLFSSL_CTX* ctx; @@ -36894,6 +36904,7 @@ static void test_wolfSSL_AES_cbc_encrypt(void) #if !defined(NO_ASN) static void test_wolfSSL_ASN1_STRING_to_UTF8(void) { +#if !defined(NO_RSA) WOLFSSL_X509* x509; WOLFSSL_X509_NAME* subject; WOLFSSL_X509_NAME_ENTRY* e; @@ -36937,6 +36948,7 @@ static void test_wolfSSL_ASN1_STRING_to_UTF8(void) wolfSSL_X509_free(x509); XFREE(actual_output, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif } static void test_wolfSSL_ASN1_UNIVERSALSTRING_to_string(void) @@ -36972,6 +36984,7 @@ static void test_wolfSSL_ASN1_UNIVERSALSTRING_to_string(void) static void test_wolfSSL_sk_CIPHER_description(void) { +#if !defined(NO_RSA) const long flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_COMPRESSION; int i,j,k; int numCiphers = 0; @@ -37033,10 +37046,12 @@ static void test_wolfSSL_sk_CIPHER_description(void) SSL_CTX_free(ctx); printf(resultFmt, passed); +#endif } static void test_wolfSSL_get_ciphers_compat(void) { +#if !defined(NO_RSA) const SSL_METHOD *method = NULL; const char certPath[] = "./certs/client-cert.pem"; STACK_OF(SSL_CIPHER) *supportedCiphers = NULL; @@ -37070,6 +37085,7 @@ static void test_wolfSSL_get_ciphers_compat(void) SSL_CTX_free(ctx); printf(resultFmt, passed); +#endif } static void test_wolfSSL_X509_PUBKEY_get(void) @@ -38870,7 +38886,7 @@ static void test_wolfSSL_EC_KEY_set_group(void) } static void test_wolfSSL_X509V3_EXT_get(void) { -#if !defined(NO_FILESYSTEM) && defined (OPENSSL_ALL) +#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA) FILE* f; int numOfExt =0; int extNid = 0; @@ -38902,7 +38918,7 @@ static void test_wolfSSL_X509V3_EXT_get(void) { } static void test_wolfSSL_X509V3_EXT(void) { -#if !defined(NO_FILESYSTEM) && defined (OPENSSL_ALL) +#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA) FILE* f; int numOfExt = 0, nid = 0, i = 0, expected, actual; char* str; @@ -39046,7 +39062,7 @@ static void test_wolfSSL_X509V3_EXT(void) { } static void test_wolfSSL_X509_get_ext(void){ -#if !defined(NO_FILESYSTEM) && defined (OPENSSL_ALL) +#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA) int ret = 0; FILE* f; WOLFSSL_X509* x509; @@ -39081,7 +39097,7 @@ static void test_wolfSSL_X509_get_ext(void){ static void test_wolfSSL_X509_get_ext_by_NID(void) { -#if defined(OPENSSL_ALL) +#if defined(OPENSSL_ALL) && !defined(NO_RSA) int rc; FILE* f; WOLFSSL_X509* x509; @@ -39127,7 +39143,7 @@ static void test_wolfSSL_X509_EXTENSION_new(void) static void test_wolfSSL_X509_EXTENSION_get_object(void) { -#if !defined(NO_FILESYSTEM) && defined (OPENSSL_ALL) +#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA) WOLFSSL_X509* x509; WOLFSSL_X509_EXTENSION* ext; WOLFSSL_ASN1_OBJECT* o; @@ -39155,7 +39171,7 @@ static void test_wolfSSL_X509_EXTENSION_get_object(void) static void test_wolfSSL_X509_EXTENSION_get_data(void) { -#if !defined(NO_FILESYSTEM) && defined (OPENSSL_ALL) +#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA) WOLFSSL_X509* x509; WOLFSSL_X509_EXTENSION* ext; WOLFSSL_ASN1_STRING* str; @@ -39177,7 +39193,7 @@ static void test_wolfSSL_X509_EXTENSION_get_data(void) static void test_wolfSSL_X509_EXTENSION_get_critical(void) { -#if !defined(NO_FILESYSTEM) && defined (OPENSSL_ALL) +#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA) WOLFSSL_X509* x509; WOLFSSL_X509_EXTENSION* ext; FILE* file; @@ -39200,7 +39216,8 @@ static void test_wolfSSL_X509_EXTENSION_get_critical(void) static void test_wolfSSL_X509V3_EXT_print(void) { -#if !defined(NO_FILESYSTEM) && defined (OPENSSL_ALL) && !defined(NO_BIO) +#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_BIO) && \ + !defined(NO_RSA) printf(testingFmt, "wolfSSL_X509V3_EXT_print"); { @@ -39275,7 +39292,7 @@ static void test_wolfSSL_X509V3_EXT_print(void) static void test_wolfSSL_X509_cmp(void) { -#if defined(OPENSSL_ALL) +#if defined(OPENSSL_ALL) && !defined(NO_RSA) FILE* file1; FILE* file2; WOLFSSL_X509* cert1; @@ -39387,7 +39404,8 @@ static void test_wolfSSL_i2d_PrivateKey(void) static void test_wolfSSL_OCSP_id_get0_info(void) { -#if defined(OPENSSL_ALL) && defined(HAVE_OCSP) && !defined(NO_FILESYSTEM) +#if defined(OPENSSL_ALL) && defined(HAVE_OCSP) && !defined(NO_FILESYSTEM) && \ + !defined(NO_RSA) X509* cert; X509* issuer; OCSP_CERTID* id; @@ -40889,7 +40907,8 @@ static void test_wolfSSL_PEM_write_bio_PKCS7(void) #ifdef HAVE_SMIME static void test_wolfSSL_SMIME_read_PKCS7(void) { -#if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) +#if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && \ + !defined(NO_RSA) PKCS7* pkcs7 = NULL; BIO* bio = NULL; BIO* bcont = NULL; @@ -42193,7 +42212,8 @@ static void test_wolfSSL_X509_CRL(void) static void test_wolfSSL_X509_load_crl_file(void) { -#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && !defined(NO_FILESYSTEM) +#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && !defined(NO_FILESYSTEM) && \ + !defined(NO_RSA) int i; char pem[][100] = { "./certs/crl/crl.pem", @@ -42282,7 +42302,8 @@ static void test_wolfSSL_X509_load_crl_file(void) static void test_wolfSSL_d2i_X509_REQ(void) { -#if defined(WOLFSSL_CERT_REQ) && (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)) +#if defined(WOLFSSL_CERT_REQ) && !defined(NO_RSA) && \ + (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)) /* ./certs/csr.signed.der, ./certs/csr.ext.der, and ./certs/csr.attr.der were * generated by libest * ./certs/csr.attr.der contains sample attributes @@ -42844,7 +42865,7 @@ static void test_wolfssl_EVP_aes_gcm(void) #ifndef NO_BIO static void test_wolfSSL_PEM_X509_INFO_read_bio(void) { -#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) +#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) BIO* bio; X509_INFO* info; STACK_OF(X509_INFO)* sk; @@ -42995,7 +43016,7 @@ static void test_wolfSSL_ASN1_INTEGER_set(void) static void test_wolfSSL_X509_STORE_get1_certs(void) { #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SIGNER_DER_CERT) && \ - !defined(NO_FILESYSTEM) + !defined(NO_FILESYSTEM) && !defined(NO_RSA) X509_STORE_CTX *storeCtx; X509_STORE *store; X509 *caX509; @@ -44098,7 +44119,7 @@ static int test_various_pathlen_chains(void) } #endif /* !NO_RSA && !NO_SHA && !NO_FILESYSTEM && !NO_CERTS */ -#ifdef HAVE_KEYING_MATERIAL +#if defined(HAVE_KEYING_MATERIAL) && defined(HAVE_IO_TESTS_DEPENDENCIES) static int test_export_keying_material_cb(WOLFSSL_CTX *ctx, WOLFSSL *ssl) { byte ekm[100] = {0}; @@ -44665,7 +44686,7 @@ static void test_CONF_CTX_CMDLINE(void) /* cmd Certificate and Private Key*/ { - #ifndef NO_CERTS + #if !defined(NO_CERTS) && !defined(NO_RSA) const char* ourCert = svrCertFile; const char* ourKey = svrKeyFile; @@ -44701,7 +44722,7 @@ static void test_CONF_CTX_CMDLINE(void) /* cmd DH parameter */ { #if !defined(NO_DH) && !defined(NO_BIO) - const char* ourdhcert = "./certs/dh4096.pem"; + const char* ourdhcert = "./certs/dh2048.pem"; AssertIntEQ(SSL_CONF_cmd(cctx, "-dhparam", NULL), -3); @@ -44745,7 +44766,7 @@ static void test_CONF_CTX_FILE(void) /* cmd Certificate and Private Key*/ { - #ifndef NO_CERTS + #if !defined(NO_CERTS) && !defined(NO_RSA) const char* ourCert = svrCertFile; const char* ourKey = svrKeyFile; @@ -45449,7 +45470,7 @@ void ApiTest(void) #endif -#ifdef HAVE_KEYING_MATERIAL +#if defined(HAVE_KEYING_MATERIAL) && defined(HAVE_IO_TESTS_DEPENDENCIES) test_export_keying_material(); #endif /* HAVE_KEYING_MATERIAL */ diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index c93836e92..c2dd1ffcb 100644 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -783,7 +783,9 @@ static const char* bench_desc_words[][14] = { #endif #if defined(BENCH_ASYM) -#if defined(HAVE_ECC) || !defined(NO_RSA) || !defined(NO_DH) +#if defined(HAVE_ECC) || !defined(NO_RSA) || !defined(NO_DH) || \ + defined(HAVE_CURVE25519) || defined(HAVE_ED25519) || \ + defined(HAVE_CURVE448) || defined(HAVE_ED448) static const char* bench_result_words2[][5] = { { "ops took", "sec" , "avg" , "ops/sec", NULL }, /* 0 English */ #ifndef NO_MULTIBYTE_PRINT @@ -1325,7 +1327,9 @@ static void bench_stats_sym_finish(const char* desc, int doAsync, int count, } #ifdef BENCH_ASYM -#if defined(HAVE_ECC) || !defined(NO_RSA) || !defined(NO_DH) +#if defined(HAVE_ECC) || !defined(NO_RSA) || !defined(NO_DH) || \ + defined(HAVE_CURVE25519) || defined(HAVE_ED25519) || \ + defined(HAVE_CURVE448) || defined(HAVE_ED448) static void bench_stats_asym_finish(const char* algo, int strength, const char* desc, int doAsync, int count, double start, int ret) { diff --git a/wolfcrypt/src/sp_int.c b/wolfcrypt/src/sp_int.c index 1458a106b..14d985ae2 100644 --- a/wolfcrypt/src/sp_int.c +++ b/wolfcrypt/src/sp_int.c @@ -3007,10 +3007,34 @@ int sp_cmp_d(sp_int* a, sp_int_digit d) } #endif -#if defined(WOLFSSL_SP_INT_NEGATIVE) || !defined(NO_PWDBASED) || \ - defined(WOLFSSL_KEY_GEN) || !defined(NO_DH) || \ - ((defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_RSA)) && \ - !defined(WOLFSSL_RSA_VERIFY_ONLY)) +#if !defined(NO_PWDBASED) || defined(WOLFSSL_KEY_GEN) || !defined(NO_DH) || \ + !defined(NO_DSA) || (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) +#define WOLFSSL_SP_ADD_D +#endif +#if (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ + !defined(NO_DH) || defined(HAVE_ECC) || !defined(NO_DSA) +#define WOLFSSL_SP_SUB_D +#endif +#if defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && \ + !defined(WOLFSSL_RSA_VERIFY_ONLY) +#define WOLFSSL_SP_READ_RADIX_10 +#endif +#if defined(HAVE_ECC) || !defined(NO_DSA) || defined(OPENSSL_EXTRA) || \ + (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \ + !defined(WOLFSSL_RSA_PUBLIC_ONLY)) +#define WOLFSSL_SP_INVMOD +#endif +#if defined(WOLFSSL_SP_MATH_ALL) && defined(HAVE_ECC) +#define WOLFSSL_SP_INVMOD_MONT_CT +#endif +#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \ + !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || defined(WOLFSSL_HAVE_SP_DH) || \ + (!defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)) +#define WOLFSSL_SP_PRIME_GEN +#endif + +#if defined(WOLFSSL_SP_ADD_D) || (defined(WOLFSSL_SP_INT_NEGATIVE) && \ + defined(WOFLSSL_SP_SUB_D)) || defined(WOLFSSL_SP_READ_RADIX_10) /* Add a one digit number to the multi-precision number. * * @param [in] a SP integer be added to. @@ -3057,13 +3081,12 @@ static int _sp_add_d(sp_int* a, sp_int_digit d, sp_int* r) return err; } -#endif /* WOLFSSL_SP_INT_NEGATIVE || !NO_PWDBASED || WOLFSSL_KEY_GEN || - * !NO_DH || !NO_RSA && !WOLFSSL_RSA_VERIFY_ONLY) */ +#endif /* WOLFSSL_SP_ADD_D || (WOLFSSL_SP_INT_NEGATIVE && WOFLSSL_SP_SUB_D) || + * defined(WOLFSSL_SP_READ_RADIX_10) */ -#if defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY) || \ - defined(WOLFSSL_SP_INT_NEGATIVE) || \ - !defined(NO_DH) || !defined(NO_DSA) || defined(HAVE_ECC) || \ - (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) +#if (defined(WOLFSSL_SP_INT_NEGATIVE) && defined(WOLFSSL_SP_ADD_D)) || \ + defined(WOLFSSL_SP_SUB_D) || defined(WOLFSSL_SP_INVMOD) || \ + defined(WOLFSSL_SP_INVMOD_MONT_CT) || defined(WOLFSSL_SP_PRIME_GEN) /* Sub a one digit number from the multi-precision number. * * returns MP_OKAY always. @@ -3099,11 +3122,11 @@ static void _sp_sub_d(sp_int* a, sp_int_digit d, sp_int* r) sp_clamp(r); } } -#endif /* WOLFSSL_SP_MATH_ALL || WOLFSSL_SP_INT_NEGATIVE || !NO_DH || !NO_DSA || - * HAVE_ECC || (!NO_RSA && !WOLFSSL_RSA_VERIFY_ONLY) */ +#endif /* (WOLFSSL_SP_INT_NEGATIVE && WOLFSSL_SP_ADD_D) || WOLFSSL_SP_SUB_D + * WOLFSSL_SP_INVMOD || WOLFSSL_SP_INVMOD_MONT_CT || + * WOLFSSL_SP_PRIME_GEN */ -#if !defined(NO_PWDBASED) || defined(WOLFSSL_KEY_GEN) || !defined(NO_DH) || \ - !defined(NO_DSA) || (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) +#ifdef WOLFSSL_SP_ADD_D /* Add a one digit number to the multi-precision number. * * @param [in] a SP integer be added to. @@ -3150,10 +3173,9 @@ int sp_add_d(sp_int* a, sp_int_digit d, sp_int* r) return err; } -#endif /* !NO_PWDBASED || WOLFSSL_KEY_GEN || !NO_DH || !NO_DSA || !NO_RSA */ +#endif /* WOLFSSL_SP_ADD_D */ -#if (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ - !defined(NO_DH) || defined(HAVE_ECC) || !defined(NO_DSA) +#ifdef WOLFSSL_SP_SUB_D /* Sub a one digit number from the multi-precision number. * * @param [in] a SP integer be subtracted from. @@ -3199,8 +3221,7 @@ int sp_sub_d(sp_int* a, sp_int_digit d, sp_int* r) return err; } -#endif /* (!NO_RSA && !WOLFSSL_RSA_VERIFY_ONLY) || !NO_DH || HAVE_ECC || - * !NO_DSA */ +#endif /* WOLFSSL_SP_SUB_D */ #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ defined(WOLFSSL_SP_SMALL) && (defined(WOLFSSL_SP_MATH_ALL) || \ @@ -3346,10 +3367,20 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo, #endif /* WOLFSSL_SP_MATH_ALL || !NO_DH || HAVE_ECC || * (!NO_RSA && !WOLFSSL_RSA_VERIFY_ONLY) */ -#if !defined(WOLFSSL_SP_SMALL) && ((defined(WOLFSSL_SP_MATH_ALL) && \ - !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ - defined(WOLFSSL_HAVE_SP_DH) || (defined(HAVE_ECC) && (defined(FP_ECC) || \ - defined(HAVE_COMP_KEY)))) +/* Predefine complicated rules of when to compile in sp_div_d and sp_mod_d. */ +#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ + defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) +#define WOLFSSL_SP_DIV_D +#endif +#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ + defined(WOLFSSL_HAVE_SP_DH) || \ + (defined(HAVE_ECC) && (defined(FP_ECC) || defined(HAVE_COMP_KEY))) || \ + (!defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)) +#define WOLFSSL_SP_MOD_D +#endif + +#if (defined(WOLFSSL_SP_DIV_D) || defined(WOLFSSL_SP_MOD_D)) && \ + !defined(WOLFSSL_SP_SMALL) /* Divide by 3: r = a / 3 and rem = a % 3 * * @param [in] a SP integer to be divided. @@ -3461,14 +3492,9 @@ static void _sp_div_10(sp_int* a, sp_int* r, sp_int_digit* rem) } } } -#endif /* !WOLFSSL_SP_SMALL && ((WOLFSSL_SP_MATH_ALL && - * !WOLFSSL_RSA_VERIFY_ONLY) || WOLFSSL_HAVE_SP_DH || - * (HAVE_ECC && FP_ECC)) */ +#endif /* (WOLFSSL_SP_DIV_D || WOLFSSL_SP_MOD_D) && !WOLFSSL_SP_SMALL */ -#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ - defined(WOLFSSL_HAVE_SP_DH) || \ - (defined(HAVE_ECC) && (defined(FP_ECC) || defined(HAVE_COMP_KEY))) || \ - (!defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)) +#if defined(WOLFSSL_SP_DIV_D) || defined(WOLFSSL_SP_MOD_D) /* Divide by small number: r = a / d and rem = a % d * * @param [in] a SP integer to be divided. @@ -3514,8 +3540,7 @@ static void _sp_div_small(sp_int* a, sp_int_digit d, sp_int* r, } #endif -#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ - defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) +#ifdef WOLFSSL_SP_DIV_D /* Divide a multi-precision number by a digit size number and calculate * remainder. * r = a / d; rem = a % d @@ -3582,12 +3607,9 @@ int sp_div_d(sp_int* a, sp_int_digit d, sp_int* r, sp_int_digit* rem) return err; } -#endif +#endif /* WOLFSSL_SP_DIV_D */ -#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ - defined(WOLFSSL_HAVE_SP_DH) || \ - (defined(HAVE_ECC) && (defined(FP_ECC) || defined(HAVE_COMP_KEY))) || \ - (!defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)) +#ifdef WOLFSSL_SP_MOD_D /* Calculate a modulo the digit d into r: r = a mod d * * @param [in] a SP integer to reduce. @@ -3662,8 +3684,7 @@ int sp_mod_d(sp_int* a, const sp_int_digit d, sp_int_digit* r) return err; } -#endif /* (WOLFSSL_SP_MATH_ALL && !WOLFSSL_RSA_VERFIY_ONLY) || \ - * WOLFSSL_HAVE_SP_DH || (HAVE_ECC && (FP_ECC || HAVE_COMP_KEY)) */ +#endif /* WOLFSSL_SP_MOD_D */ #if defined(WOLFSSL_SP_MATH_ALL) && defined(HAVE_ECC) /* Divides a by 2 mod m and stores in r: r = (a / 2) mod m @@ -7762,9 +7783,7 @@ int sp_mulmod(sp_int* a, sp_int* b, sp_int* m, sp_int* r) } #endif -#if defined(HAVE_ECC) || !defined(NO_DSA) || defined(OPENSSL_EXTRA) || \ - (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \ - !defined(WOLFSSL_RSA_PUBLIC_ONLY)) +#ifdef WOLFSSL_SP_INVMOD /* Calculates the multiplicative inverse in the field. * * @param [in] a SP integer to find inverse of. @@ -7901,10 +7920,9 @@ int sp_invmod(sp_int* a, sp_int* m, sp_int* r) FREE_SP_INT_ARRAY(t, NULL); return err; } -#endif /* HAVE_ECC || !NO_DSA || OPENSSL_EXTRA || \ - * (!NO_RSA && !WOLFSSL_RSA_VERIFY_ONLY) */ +#endif /* WOLFSSL_SP_INVMOD */ -#if defined(WOLFSSL_SP_MATH_ALL) && defined(HAVE_ECC) +#ifdef WOLFSSL_SP_INVMOD_MONT_CT #define CT_INV_MOD_PRE_CNT 8 @@ -8008,7 +8026,7 @@ int sp_invmod_mont_ct(sp_int* a, sp_int* m, sp_int* r, sp_int_digit mp) return err; } -#endif /* WOLFSSL_SP_MATH_ALL && HAVE_ECC */ +#endif /* WOLFSSL_SP_INVMOD_MONT_CT */ /************************** @@ -12407,7 +12425,7 @@ static int _sp_read_radix_16(sp_int* a, const char* in) } #endif /* (WOLFSSL_SP_MATH_ALL && !NO_RSA && !WOLFSSL_RSA_VERIFY_ONLY) || HAVE_ECC */ -#if defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) +#ifdef WOLFSSL_SP_READ_RADIX_10 /* Convert decimal number as string in big-endian format to a multi-precision * number. * @@ -12464,10 +12482,10 @@ static int _sp_read_radix_10(sp_int* a, const char* in) return err; } -#endif /* WOLFSSL_SP_MATH_ALL && !NO_RSA && !WOLFSSL_RSA_VERIFY_ONLY */ +#endif /* WOLFSSL_SP_READ_RADIX_10 */ -#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ - defined(HAVE_ECC) || !defined(NO_DSA) +#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && \ + !defined(WOLFSSL_RSA_VERIFY_ONLY)) || defined(HAVE_ECC) || !defined(NO_DSA) /* Convert a number as string in big-endian format to a big number. * Only supports base-16 (hexadecimal) and base-10 (decimal). * @@ -12499,7 +12517,7 @@ int sp_read_radix(sp_int* a, const char* in, int radix) if (radix == 16) { err = _sp_read_radix_16(a, in); } - #if defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) + #ifdef WOLFSSL_SP_READ_RADIX_10 else if (radix == 10) { err = _sp_read_radix_10(a, in); } @@ -12907,9 +12925,7 @@ int sp_rand_prime(sp_int* r, int len, WC_RNG* rng, void* heap) } #endif /* WOLFSSL_KEY_GEN && (!NO_DH || !NO_DSA) && !WC_NO_RNG */ -#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \ - !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || defined(WOLFSSL_HAVE_SP_DH) || \ - (!defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)) +#ifdef WOLFSSL_SP_PRIME_GEN /* Miller-Rabin test of "a" to the base of "b" as described in * HAC pp. 139 Algorithm 4.24 * @@ -13302,7 +13318,7 @@ int sp_prime_is_prime_ex(sp_int* a, int t, int* result, WC_RNG* rng) } return err; } -#endif /* WOLFSSL_SP_MATH_ALL || WOLFSSL_HAVE_SP_DH */ +#endif /* WOLFSSL_SP_PRIME_GEN */ #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) @@ -13415,7 +13431,7 @@ int sp_gcd(sp_int* a, sp_int* b, sp_int* r) #endif /* WOLFSSL_SP_MATH_ALL && !NO_RSA && WOLFSSL_KEY_GEN */ -#if defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) +#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(WC_RSA_BLINDING) /* Calculates the Lowest Common Multiple (LCM) of a and b and stores in r. * diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 5deaf426d..67aaf0f1b 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -15894,6 +15894,7 @@ exit_rsa: (void)res; (void)bytes; + (void)idx; (void)in; (void)out; (void)plain; @@ -33480,6 +33481,8 @@ static int mp_test_div_3(mp_int* a, mp_int* r, WC_RNG* rng) mp_digit rem; mp_digit rem2; +#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ + defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) for (i = 0; i < 10; i++) { for (j = 1; j < 10; j++) { if (randNum(a, j, rng, NULL) != 0) @@ -33501,6 +33504,7 @@ static int mp_test_div_3(mp_int* a, mp_int* r, WC_RNG* rng) return -12626; if (mp_cmp(r, a) != MP_EQ) return -12627; +#endif #if defined(WOLFSSL_SP_MATH_ALL) if (mp_div_d(a, 10, r, &rem) != 0) @@ -33527,10 +33531,16 @@ static int mp_test_div_3(mp_int* a, mp_int* r, WC_RNG* rng) return -12637; if (rem != rem2) return -12638; -#else - (void)rem2; #endif + (void)a; + (void)r; + (void)rng; + (void)i; + (void)j; + (void)rem; + (void)rem2; + return 0; } #endif /* WOLFSSL_SP_MATH || !USE_FAST_MATH */ @@ -33602,7 +33612,8 @@ static int mp_test_radix_10(mp_int* a, mp_int* r, WC_RNG* rng) } #endif -#if defined(WOLFSSL_SP_MATH_ALL) || defined(HAVE_ECC) +#if defined(WOLFSSL_SP_MATH_ALL) || (!defined WOLFSSL_SP_MATH && \ + defined(HAVE_ECC)) static int mp_test_radix_16(mp_int* a, mp_int* r, WC_RNG* rng) { int ret; @@ -33698,6 +33709,7 @@ static int mp_test_shift(mp_int* a, mp_int* r1, WC_RNG* rng) if (mp_cmp(a, r1) != MP_EQ) return -12682; } +#ifndef WOLFSSL_SP_MATH for (i = 0; i < DIGIT_BIT+1; i++) { if (mp_mul_2d(a, i, r1) != MP_OKAY) return -12683; @@ -33705,6 +33717,7 @@ static int mp_test_shift(mp_int* a, mp_int* r1, WC_RNG* rng) if (mp_cmp(a, r1) != MP_EQ) return -12684; } +#endif return 0; } @@ -33740,21 +33753,6 @@ static int mp_test_add_sub_d(mp_int* a, mp_int* r1) if (r1->used != 0) return -12697; -#ifdef WOLFSSL_SP_MATH - if (mp_set(r1, 1) != MP_OKAY) - return -12698; - if (mp_mul_2d(r1, SP_INT_MAX_BITS - 1, r1) != MP_OKAY) - return -12699; - if (mp_sub_d(r1, 1, r1) != MP_OKAY) - return -12700; - if (mp_mul_2d(r1, 1, r1) != MP_OKAY) - return -12701; - if (mp_add_d(r1, 1, r1) != MP_OKAY) - return -12702; - if (mp_add_d(r1, 1, r1) == MP_OKAY) - return -12703; -#endif - return 0; } @@ -34303,8 +34301,8 @@ static int mp_test_param(mp_int* a, mp_int* b, mp_int* r, WC_RNG* rng) return -12821; #endif -#if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \ - (defined(HAVE_ECC) && defined(FP_ECC)) +#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ + defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) ret = mp_div_d(NULL, 0, NULL, NULL); if (ret != MP_VAL) return -12822; @@ -34353,7 +34351,7 @@ static int mp_test_param(mp_int* a, mp_int* b, mp_int* r, WC_RNG* rng) return -12834; #endif -#ifdef HAVE_ECC +#if !defined(WOLFSSL_SP_MATH) && defined(HAVE_ECC) ret = mp_div_2_mod_ct(NULL, NULL, NULL); if (ret != MP_VAL) return -12835; @@ -34412,7 +34410,7 @@ static int mp_test_param(mp_int* a, mp_int* b, mp_int* r, WC_RNG* rng) return -12851; #endif -#ifdef HAVE_ECC +#if !defined(WOLFSSL_SP_MATH) && defined(HAVE_ECC) ret = mp_invmod_mont_ct(NULL, NULL, NULL, 1); if (ret != MP_VAL) return -12852; @@ -34436,7 +34434,7 @@ static int mp_test_param(mp_int* a, mp_int* b, mp_int* r, WC_RNG* rng) return -12858; #endif -#if defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) +#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(WC_RSA_BLINDING) ret = mp_lcm(NULL, NULL, NULL); if (ret != MP_VAL) return -12859; @@ -35022,6 +35020,7 @@ static int mp_test_shbd(mp_int* a, mp_int* b, WC_RNG* rng) int ret; int i, j, k; +#ifndef WOLFSSL_SP_MATH for (i = 0; i < 10; i++) { for (j = 1; j < (DIGIT_BIT + 7) / 8 * 3; j++) { ret = randNum(a, j, rng, NULL); @@ -35038,6 +35037,7 @@ static int mp_test_shbd(mp_int* a, mp_int* b, WC_RNG* rng) } } } +#endif for (i = 0; i < 10; i++) { for (j = 1; j < (DIGIT_BIT + 7) / 8 * 3; j++) { @@ -35075,6 +35075,7 @@ static int mp_test_shbd(mp_int* a, mp_int* b, WC_RNG* rng) } #endif +#ifndef WOLFSSL_SP_MATH static int mp_test_div(mp_int* a, mp_int* d, mp_int* r, mp_int* rem, WC_RNG* rng) { @@ -35192,6 +35193,7 @@ static int mp_test_div(mp_int* a, mp_int* d, mp_int* r, mp_int* rem, return 0; } +#endif #if defined(WOLFSSL_KEY_GEN) && (!defined(NO_DH) || !defined(NO_DSA)) && \ !defined(WC_NO_RNG) @@ -35201,20 +35203,28 @@ static int mp_test_prime(mp_int* a, WC_RNG* rng) int res; ret = mp_rand_prime(a, 1, rng, NULL); -#if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL) +#if defined(WOLFSSL_SP_MATH_ALL) if (ret != 0) + return -13060; #else if (ret != MP_VAL) -#endif return -13060; +#endif +#ifndef WOLFSSL_SP_MATH ret = mp_rand_prime(a, -5, rng, NULL); if (ret != 0) return -13061; +#endif ret = mp_prime_is_prime(a, 1, &res); if (ret != MP_OKAY) return -13062; +#ifndef WOLFSSL_SP_MATH if (res != MP_YES) return -13063; +#else + if (res != MP_NO) + return -13063; +#endif ret = mp_prime_is_prime(a, 0, &res); if (ret != MP_VAL) @@ -35290,8 +35300,7 @@ static int mp_test_prime(mp_int* a, WC_RNG* rng) } #endif -#if defined(WOLFSSL_KEY_GEN) && (!defined(WOLFSSL_SP_MATH_ALL) || \ - !defined(NO_RSA)) +#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(WC_RSA_BLINDING) static int mp_test_lcm_gcd(mp_int* a, mp_int* b, mp_int* r, mp_int* exp, WC_RNG* rng) { @@ -35490,7 +35499,7 @@ static int mp_test_mul_sqr(mp_int* a, mp_int* b, mp_int* r1, mp_int* r2, if (!mp_iszero(r1)) return -13148; -#ifdef WOLFSSL_SP_MATH +#ifdef WOLFSSL_SP_MATH_ALL ret = mp_set(a, 1); if (ret != MP_OKAY) return -13149; @@ -35535,7 +35544,7 @@ static int mp_test_mul_sqr(mp_int* a, mp_int* b, mp_int* r1, mp_int* r2, return -13160; #endif /* HAVE_ECC && (ECC_SHAMIR || FP_ECC) */ #endif /* WOLFSSL_SP_MATH_ALL || WOLFSSL_HAVE_SP_DH || (HAVE_ECC && FP_ECC) */ -#endif /* WOLFSSL_SP_MATH */ +#endif /* WOLFSSL_SP_MATH_ALL */ return 0; } @@ -35586,8 +35595,7 @@ static int mp_test_invmod(mp_int* a, mp_int* m, mp_int* r) return -13177; #endif -#if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL) -#ifdef HAVE_ECC +#if defined(WOLFSSL_SP_MATH_ALL) && defined(HAVE_ECC) mp_set(a, 0); mp_set(m, 3); ret = mp_invmod_mont_ct(a, m, r, 1); @@ -35614,7 +35622,6 @@ static int mp_test_invmod(mp_int* a, mp_int* m, mp_int* r) ret = mp_invmod_mont_ct(a, m, r, 1); if (ret != MP_OKAY) return -13182; -#endif #endif return 0; @@ -35704,6 +35711,7 @@ static int mp_test_exptmod(mp_int* b, mp_int* e, mp_int* m, mp_int* r) if (!mp_iszero(r)) return -13209; +#ifndef WOLFSSL_SP_MATH mp_set(b, 0x01); mp_mul_2d(b, DIGIT_BIT, b); mp_add_d(b, 1, b); @@ -35719,6 +35727,7 @@ static int mp_test_exptmod(mp_int* b, mp_int* e, mp_int* m, mp_int* r) return -13212; if (!mp_iszero(r)) return -13213; +#endif mp_set(b, 0x2); mp_set(e, 0x3); @@ -35730,7 +35739,7 @@ static int mp_test_exptmod(mp_int* b, mp_int* e, mp_int* m, mp_int* r) if (ret != MP_OKAY) return -13215; -#ifdef WOLFSSL_SP_MATH +#ifdef WOLFSSL_SP_MATH_ALL mp_set(b, 0x2); mp_set(e, 0x3); mp_set(m, 0x01); @@ -35829,7 +35838,10 @@ WOLFSSL_TEST_SUBROUTINE int mp_test(void) WC_RNG rng; int ret; #if defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN) - int i, j, k; + int i, j; +#ifndef WOLFSSL_SP_MATH + int k; +#endif mp_digit d; #endif mp_int a, b, r1, r2, p; @@ -35889,6 +35901,7 @@ WOLFSSL_TEST_SUBROUTINE int mp_test(void) return -13309; #endif + #if defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY) #if defined(WOLFSSL_SP_MATH) || (defined(WOLFSSL_SP_MATH_ALL) && \ !defined(WOLFSSL_SP_INT_NEGATIVE)) ret = mp_addmod(&a, &b, &p, &r1); @@ -35914,6 +35927,7 @@ WOLFSSL_TEST_SUBROUTINE int mp_test(void) if (mp_cmp(&r1, &r2) != 0) return -13316; #endif + #endif /* Ensure add digit produce same result as sub digit. */ ret = mp_add_d(&a, d, &r1); @@ -35933,6 +35947,7 @@ WOLFSSL_TEST_SUBROUTINE int mp_test(void) return -13320; ret = 0; + #ifndef WOLFSSL_SP_MATH /* Shift up and down number all bits in a digit. */ for (k = 0; k < DIGIT_BIT; k++) { mp_mul_2d(&a, k, &r1); @@ -35945,6 +35960,7 @@ WOLFSSL_TEST_SUBROUTINE int mp_test(void) if (mp_cmp(&a, &r1) != 0) return -13323; } + #endif } } @@ -35990,7 +36006,8 @@ WOLFSSL_TEST_SUBROUTINE int mp_test(void) if ((ret = mp_test_radix_10(&a, &r1, &rng)) != 0) return ret; #endif -#if defined(WOLFSSL_SP_MATH_ALL) || defined(HAVE_ECC) +#if defined(WOLFSSL_SP_MATH_ALL) || (!defined WOLFSSL_SP_MATH && \ + defined(HAVE_ECC)) if ((ret = mp_test_radix_16(&a, &r1, &rng)) != 0) return ret; #endif @@ -36015,15 +36032,16 @@ WOLFSSL_TEST_SUBROUTINE int mp_test(void) if ((ret = mp_test_set_is_bit(&a)) != 0) return ret; #endif +#ifdef WOLFSSL_SP_MATH_ALL if ((ret = mp_test_div(&a, &b, &r1, &r2, &rng)) != 0) return ret; +#endif #if defined(WOLFSSL_KEY_GEN) && (!defined(NO_DH) || !defined(NO_DSA)) && \ !defined(WC_NO_RNG) if ((ret = mp_test_prime(&a, &rng)) != 0) return ret; #endif -#if defined(WOLFSSL_KEY_GEN) && (!defined(WOLFSSL_SP_MATH_ALL) || \ - !defined(NO_RSA)) +#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(WC_RSA_BLINDING) if ((ret = mp_test_lcm_gcd(&a, &b, &r1, &r2, &rng)) != 0) return ret; #endif diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 2abd53ecf..4f07d53a9 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -861,6 +861,13 @@ #endif #endif +#if !defined(WOLFCRYPT_ONLY) && defined(NO_PSK) && \ + (defined(NO_DH) || !defined(HAVE_ANON)) && \ + defined(NO_RSA) && !defined(HAVE_ECC) && \ + !defined(HAVE_ED25519) && !defined(HAVE_ED448) + #error "No cipher suites avaialble with this build" +#endif + #ifdef WOLFSSL_MULTICAST #if defined(HAVE_NULL_CIPHER) && !defined(NO_SHA256) #define BUILD_WDM_WITH_NULL_SHA256 diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 76557b69c..8ea29ad77 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -2322,7 +2322,7 @@ extern void uITRON4_free(void *p) ; #endif /* support for disabling PEM to DER */ -#if !defined(WOLFSSL_NO_PEM) +#if !defined(WOLFSSL_NO_PEM) && !defined(NO_CODING) #undef WOLFSSL_PEM_TO_DER #define WOLFSSL_PEM_TO_DER #endif diff --git a/wolfssl/wolfcrypt/sp_int.h b/wolfssl/wolfcrypt/sp_int.h index 8e5164d05..7e9710161 100644 --- a/wolfssl/wolfcrypt/sp_int.h +++ b/wolfssl/wolfcrypt/sp_int.h @@ -802,7 +802,10 @@ MP_API int sp_cmp_d(sp_int* a, sp_int_digit d); MP_API int sp_add_d(sp_int* a, sp_int_digit d, sp_int* r); MP_API int sp_sub_d(sp_int* a, sp_int_digit d, sp_int* r); MP_API int sp_mul_d(sp_int* a, sp_int_digit d, sp_int* r); +#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ + defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) MP_API int sp_div_d(sp_int* a, sp_int_digit d, sp_int* r, sp_int_digit* rem); +#endif #if defined(WOLFSSL_SP_MATH_ALL) || (defined(HAVE_ECC) && \ defined(HAVE_COMP_KEY)) MP_API int sp_mod_d(sp_int* a, const sp_int_digit d, sp_int_digit* r); @@ -883,8 +886,12 @@ MP_API int sp_radix_size(mp_int* a, int radix, int* size); MP_API int sp_rand_prime(sp_int* r, int len, WC_RNG* rng, void* heap); MP_API int sp_prime_is_prime(mp_int* a, int t, int* result); MP_API int sp_prime_is_prime_ex(mp_int* a, int t, int* result, WC_RNG* rng); +#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) MP_API int sp_gcd(sp_int* a, sp_int* b, sp_int* r); +#endif +#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(WC_RSA_BLINDING) MP_API int sp_lcm(sp_int* a, sp_int* b, sp_int* r); +#endif WOLFSSL_API word32 CheckRunTimeFastMath(void);