diff --git a/src/ssl.c b/src/ssl.c index 7b612ffa1..c6bfd79ee 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -33894,8 +33894,13 @@ int wolfSSL_CMAC_Init(WOLFSSL_CMAC_CTX* ctx, const void *key, size_t keyLen, WOLFSSL_ENTER("wolfSSL_CMAC_Init"); - if (ctx == NULL || cipher == NULL || (cipher != EVP_AES_128_CBC && - cipher != EVP_AES_192_CBC && cipher != EVP_AES_256_CBC)) { + if (ctx == NULL || cipher == NULL + #ifdef HAVE_AES_CBC + || (cipher != EVP_AES_128_CBC && + cipher != EVP_AES_192_CBC && + cipher != EVP_AES_256_CBC) + #endif + ) { ret = WOLFSSL_FAILURE; } diff --git a/tests/api.c b/tests/api.c index 8b71312a8..837a68e94 100644 --- a/tests/api.c +++ b/tests/api.c @@ -3733,9 +3733,8 @@ static int nonblocking_accept_read(void* args, WOLFSSL* ssl, SOCKET_T* sockfd) #endif /* WOLFSSL_SESSION_EXPORT */ /* TODO: Expand and enable this when EVP_chacha20_poly1305 is supported */ -#if defined(HAVE_SESSION_TICKET) && \ - defined(HAVE_AESGCM) && \ - defined(OPENSSL_EXTRA) +#if defined(HAVE_SESSION_TICKET) && defined(OPENSSL_EXTRA) && \ + defined(HAVE_AES_CBC) typedef struct openssl_key_ctx { byte name[WOLFSSL_TICKET_NAME_SZ]; /* server name */ @@ -3847,7 +3846,7 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args) #if defined(HAVE_SESSION_TICKET) && \ ((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || defined(HAVE_AESGCM)) -#if defined(OPENSSL_EXTRA) && defined(HAVE_AESGCM) +#if defined(OPENSSL_EXTRA) && defined(HAVE_AES_CBC) OpenSSLTicketInit(); wolfSSL_CTX_set_tlsext_ticket_key_cb(ctx, myTicketEncCbOpenSSL); #elif defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) @@ -4039,7 +4038,7 @@ done: #if defined(HAVE_SESSION_TICKET) && \ ((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || defined(HAVE_AESGCM)) -#if defined(OPENSSL_EXTRA) && defined(HAVE_AESGCM) +#if defined(OPENSSL_EXTRA) && defined(HAVE_AES_CBC) OpenSSLTicketCleanup(); #elif defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) TicketCleanup(); @@ -25535,7 +25534,8 @@ static void test_wc_PKCS7_VerifySignedData(void) } /* END test_wc_PKCS7_VerifySignedData() */ -#if defined(HAVE_PKCS7) && !defined(NO_AES) && !defined(NO_AES_256) +#if defined(HAVE_PKCS7) && !defined(NO_AES) && defined(HAVE_AES_CBC) && \ + !defined(NO_AES_256) static const byte defKey[] = { 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, @@ -25634,7 +25634,7 @@ static int myCEKwrapFunc(PKCS7* pkcs7, byte* cek, word32 cekSz, byte* keyId, (void)orginKeySz; return ret; } -#endif /* HAVE_PKCS7 && !NO_AES && !NO_AES_256 */ +#endif /* HAVE_PKCS7 && !NO_AES && HAVE_AES_CBC && !NO_AES_256 */ /* @@ -25777,7 +25777,7 @@ static void test_wc_PKCS7_EncodeDecodeEnvelopedData (void) {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, DES3b, 0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz}, #endif /* NO_DES3 */ - #ifndef NO_AES + #if !defined(NO_AES) && defined(HAVE_AES_CBC) #ifndef NO_AES_128 {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES128CBCb, 0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz}, @@ -25790,11 +25790,11 @@ static void test_wc_PKCS7_EncodeDecodeEnvelopedData (void) {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES256CBCb, 0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz}, #endif - #endif /* NO_AES */ + #endif /* NO_AES && HAVE_AES_CBC */ #endif /* NO_RSA */ #if defined(HAVE_ECC) - #ifndef NO_AES + #if !defined(NO_AES) && defined(HAVE_AES_CBC) #if !defined(NO_SHA) && !defined(NO_AES_128) {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES128CBCb, AES128_WRAP, dhSinglePass_stdDH_sha1kdf_scheme, eccCert, @@ -25810,7 +25810,7 @@ static void test_wc_PKCS7_EncodeDecodeEnvelopedData (void) AES256_WRAP, dhSinglePass_stdDH_sha512kdf_scheme, eccCert, eccCertSz, eccPrivKey, eccPrivKeySz}, #endif - #endif /* NO_AES */ + #endif /* NO_AES && HAVE_AES_CBC*/ #endif /* END HAVE_ECC */ }; /* END pkcs7EnvelopedVector */ @@ -25877,7 +25877,7 @@ static void test_wc_PKCS7_EncodeDecodeEnvelopedData (void) AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output, 0, decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG); /* Should get a return of BAD_FUNC_ARG with structure data. Order matters.*/ -#if defined(HAVE_ECC) && !defined(NO_AES) +#if defined(HAVE_ECC) && !defined(NO_AES) && defined(HAVE_AES_CBC) /* only a failure for KARI test cases */ tempWrd32 = pkcs7->singleCertSz; pkcs7->singleCertSz = 0; @@ -25894,17 +25894,29 @@ static void test_wc_PKCS7_EncodeDecodeEnvelopedData (void) tempWrd32 = pkcs7->privateKeySz; pkcs7->privateKeySz = 0; AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output, - (word32)sizeof(output), decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG); + (word32)sizeof(output), decoded, (word32)sizeof(decoded)), + #ifndef HAVE_AES_CBC + ASN_PARSE_E + #else + BAD_FUNC_ARG + #endif + ); pkcs7->privateKeySz = tempWrd32; tmpBytePtr = pkcs7->privateKey; pkcs7->privateKey = NULL; AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output, - (word32)sizeof(output), decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG); + (word32)sizeof(output), decoded, (word32)sizeof(decoded)), + #ifndef HAVE_AES_CBC + ASN_PARSE_E + #else + BAD_FUNC_ARG + #endif + ); pkcs7->privateKey = tmpBytePtr; wc_PKCS7_Free(pkcs7); -#if !defined(NO_AES) && !defined(NO_AES_256) +#if !defined(NO_AES) && defined(HAVE_AES_CBC) && !defined(NO_AES_256) /* test of decrypt callback with KEKRI enveloped data */ { int envelopedSz; @@ -26021,7 +26033,7 @@ static void test_wc_PKCS7_EncodeEncryptedData (void) }; #endif - #ifndef NO_AES + #if !defined(NO_AES) && defined(HAVE_AES_CBC) #ifndef NO_AES_128 byte aes128Key[] = { 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, @@ -26043,15 +26055,15 @@ static void test_wc_PKCS7_EncodeEncryptedData (void) 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08 }; #endif - #endif + #endif /* !NO_AES && HAVE_AES_CBC */ const pkcs7EncryptedVector testVectors[] = { #ifndef NO_DES3 {data, (word32)sizeof(data), DATA, DES3b, des3Key, sizeof(des3Key)}, {data, (word32)sizeof(data), DATA, DESb, desKey, sizeof(desKey)}, - #endif /* NO_DES3 */ - #ifndef NO_AES + #endif /* !NO_DES3 */ + #if !defined(NO_AES) && defined(HAVE_AES_CBC) #ifndef NO_AES_128 {data, (word32)sizeof(data), DATA, AES128CBCb, aes128Key, sizeof(aes128Key)}, @@ -26067,7 +26079,7 @@ static void test_wc_PKCS7_EncodeEncryptedData (void) sizeof(aes256Key)}, #endif - #endif /* NO_AES */ + #endif /* !NO_AES && HAVE_AES_CBC */ }; testSz = sizeof(testVectors) / sizeof(pkcs7EncryptedVector); @@ -26088,7 +26100,7 @@ static void test_wc_PKCS7_EncodeEncryptedData (void) sizeof(encrypted)); AssertIntGT(encryptedSz, 0); - /* Decode encryptedData */ + /* Decode encryptedData */ decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz, decoded, sizeof(decoded)); @@ -26477,11 +26489,13 @@ static void test_wc_PKCS7_BER(void) static void test_PKCS7_signed_enveloped(void) { -#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) \ - && !defined(NO_AES) +#if defined(HAVE_PKCS7) && !defined(NO_RSA) && !defined(NO_AES) && \ + !defined(NO_FILESYSTEM) XFILE f; PKCS7* pkcs7; +#ifdef HAVE_AES_CBC PKCS7* inner; +#endif void* pt; WC_RNG rng; unsigned char key[FOURK_BUF/2]; @@ -26493,8 +26507,10 @@ static void test_PKCS7_signed_enveloped(void) unsigned char sig[FOURK_BUF * 2]; int sigSz = FOURK_BUF * 2; +#ifdef HAVE_AES_CBC unsigned char decoded[FOURK_BUF]; int decodedSz = FOURK_BUF; +#endif printf(testingFmt, "PKCS7_signed_enveloped"); @@ -26525,6 +26541,7 @@ static void test_PKCS7_signed_enveloped(void) wc_PKCS7_Free(pkcs7); wc_FreeRng(&rng); +#ifdef HAVE_AES_CBC /* create envelope */ AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0)); AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0); @@ -26536,6 +26553,7 @@ static void test_PKCS7_signed_enveloped(void) pkcs7->privateKeySz = keySz; AssertIntGT((envSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, env, envSz)), 0); wc_PKCS7_Free(pkcs7); +#endif /* create bad signed enveloped data */ sigSz = FOURK_BUF * 2; @@ -26614,6 +26632,7 @@ static void test_PKCS7_signed_enveloped(void) AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, sigSz), 0); AssertNotNull(pkcs7->content); +#ifdef HAVE_AES_CBC /* check decode */ AssertNotNull(inner = wc_PKCS7_New(NULL, 0)); AssertIntEQ(wc_PKCS7_InitWithCert(inner, cert, certSz), 0); @@ -26622,8 +26641,10 @@ static void test_PKCS7_signed_enveloped(void) AssertIntGT((decodedSz = wc_PKCS7_DecodeEnvelopedData(inner, pkcs7->content, pkcs7->contentSz, decoded, decodedSz)), 0); wc_PKCS7_Free(inner); +#endif wc_PKCS7_Free(pkcs7); +#ifdef HAVE_AES_CBC /* check cert set */ AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0)); AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); @@ -26631,10 +26652,11 @@ static void test_PKCS7_signed_enveloped(void) AssertNotNull(pkcs7->singleCert); AssertIntNE(pkcs7->singleCertSz, 0); wc_PKCS7_Free(pkcs7); +#endif printf(resultFmt, passed); -#endif +#endif /* HAVE_PKCS7 && !NO_RSA && !NO_AES */ } static void test_wc_PKCS7_NoDefaultSignedAttribs (void) { @@ -34156,7 +34178,8 @@ static void test_wolfSSL_PKCS8_d2i(void) file)), 0); XFCLOSE(file); #if defined(OPENSSL_ALL) && \ - !defined(NO_BIO) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8) + !defined(NO_BIO) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8) && \ + defined(HAVE_AES_CBC) AssertNotNull(bio = BIO_new(BIO_s_mem())); /* Write PKCS#8 PEM to BIO. */ AssertIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL, @@ -34174,7 +34197,7 @@ static void test_wolfSSL_PKCS8_d2i(void) (void*)"yassl123")); EVP_PKEY_free(evpPkey); BIO_free(bio); -#endif /* OPENSSL_ALL && !NO_BIO && !NO_PWDBASED && HAVE_PKCS8 */ +#endif /* OPENSSL_ALL && !NO_BIO && !NO_PWDBASED && HAVE_PKCS8 && HAVE_AES_CBC */ EVP_PKEY_free(pkey); /* PKCS#8 encrypted EC key */ @@ -34580,9 +34603,8 @@ static void test_wolfSSL_HMAC(void) static void test_wolfSSL_CMAC(void) { -#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_CMAC) - - int i = 0; +#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_CMAC) && defined(HAVE_AES_CBC) + int i; byte key[AES_128_KEY_SIZE]; CMAC_CTX* cmacCtx = NULL; byte out[AES_BLOCK_SIZE]; @@ -34590,7 +34612,7 @@ static void test_wolfSSL_CMAC(void) printf(testingFmt, "test_wolfSSL_CMAC()"); - for (; i < AES_128_KEY_SIZE; ++i) { + for (i=0; i < AES_128_KEY_SIZE; ++i) { key[i] = i; } AssertNotNull(cmacCtx = CMAC_CTX_new()); @@ -34606,7 +34628,7 @@ static void test_wolfSSL_CMAC(void) CMAC_CTX_free(cmacCtx); printf(resultFmt, passed); -#endif /* OPENSSL_EXTRA && WOLFSSL_CMAC */ +#endif /* OPENSSL_EXTRA && WOLFSSL_CMAC && HAVE_AES_CBC */ } diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index c5be45d08..4efc13825 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -11414,39 +11414,40 @@ int wc_ecc_encrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg, #endif switch (ctx->encAlgo) { - case ecAES_128_CBC: - { -#ifdef WOLFSSL_SMALL_STACK - Aes *aes = (Aes *)XMALLOC(sizeof *aes, ctx->heap, - DYNAMIC_TYPE_AES); - if (aes == NULL) { - ret = MEMORY_E; - break; - } + case ecAES_128_CBC: + { +#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) + #ifdef WOLFSSL_SMALL_STACK + Aes *aes = (Aes *)XMALLOC(sizeof *aes, ctx->heap, + DYNAMIC_TYPE_AES); + if (aes == NULL) { + ret = MEMORY_E; + break; + } + #else + Aes aes[1]; + #endif + ret = wc_AesInit(aes, NULL, INVALID_DEVID); + if (ret == 0) { + ret = wc_AesSetKey(aes, encKey, KEY_SIZE_128, encIv, + AES_ENCRYPTION); + if (ret == 0) { + ret = wc_AesCbcEncrypt(aes, out, msg, msgSz); + #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_AES) + ret = wc_AsyncWait(ret, &aes->asyncDev, + WC_ASYNC_FLAG_NONE); + #endif + } + wc_AesFree(aes); + } + #ifdef WOLFSSL_SMALL_STACK + XFREE(aes, ctx->heap, DYNAMIC_TYPE_AES); + #endif #else - Aes aes[1]; + ret = NOT_COMPILED_IN; #endif - ret = wc_AesInit(aes, NULL, INVALID_DEVID); - if (ret == 0) { - ret = wc_AesSetKey(aes, encKey, KEY_SIZE_128, encIv, - AES_ENCRYPTION); - if (ret == 0) { - ret = wc_AesCbcEncrypt(aes, out, msg, msgSz); - #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_AES) - ret = wc_AsyncWait(ret, &aes->asyncDev, - WC_ASYNC_FLAG_NONE); - #endif - } - wc_AesFree(aes); - } -#ifdef WOLFSSL_SMALL_STACK - XFREE(aes, ctx->heap, DYNAMIC_TYPE_AES); -#endif - if (ret != 0) - break; - } - break; - + break; + } default: ret = BAD_FUNC_ARG; break; diff --git a/wolfcrypt/src/hmac.c b/wolfcrypt/src/hmac.c index 4344fb962..d80630aa6 100644 --- a/wolfcrypt/src/hmac.c +++ b/wolfcrypt/src/hmac.c @@ -271,7 +271,7 @@ int _InitHmac(Hmac* hmac, int type, void* heap) /* default to NULL heap hint or test value */ #ifdef WOLFSSL_HEAP_TEST - hmac->heap = (void)WOLFSSL_HEAP_TEST; + hmac->heap = (void*)WOLFSSL_HEAP_TEST; #else hmac->heap = heap; #endif /* WOLFSSL_HEAP_TEST */ diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 9816d6093..2033f62c9 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -6707,7 +6707,7 @@ static int wc_PKCS7_EncryptContent(int encryptOID, byte* key, int keySz, int ret; #ifndef NO_AES #ifdef WOLFSSL_SMALL_STACK - Aes *aes; + Aes* aes; #else Aes aes[1]; #endif @@ -6722,6 +6722,7 @@ static int wc_PKCS7_EncryptContent(int encryptOID, byte* key, int keySz, switch (encryptOID) { #ifndef NO_AES + #ifdef HAVE_AES_CBC #ifdef WOLFSSL_AES_128 case AES128CBCb: #endif @@ -6760,6 +6761,7 @@ static int wc_PKCS7_EncryptContent(int encryptOID, byte* key, int keySz, XFREE(aes, NULL, DYNAMIC_TYPE_AES); #endif break; + #endif /* HAVE_AES_CBC */ #ifdef HAVE_AESGCM #ifdef WOLFSSL_AES_128 case AES128GCMb: @@ -6828,7 +6830,7 @@ static int wc_PKCS7_EncryptContent(int encryptOID, byte* key, int keySz, break; #endif #endif /* HAVE_AESCCM */ -#endif /* NO_AES */ +#endif /* !NO_AES */ #ifndef NO_DES3 case DESb: if (keySz != DES_KEYLEN || ivSz != DES_BLOCK_SIZE) @@ -6852,7 +6854,7 @@ static int wc_PKCS7_EncryptContent(int encryptOID, byte* key, int keySz, wc_Des3Free(&des3); } break; -#endif +#endif /* !NO_DES3 */ default: WOLFSSL_MSG("Unsupported content cipher type"); return ALGO_ID_E; @@ -6901,6 +6903,7 @@ static int wc_PKCS7_DecryptContent(PKCS7* pkcs7, int encryptOID, byte* key, switch (encryptOID) { #ifndef NO_AES + #ifdef HAVE_AES_CBC #ifdef WOLFSSL_AES_128 case AES128CBCb: #endif @@ -6938,6 +6941,7 @@ static int wc_PKCS7_DecryptContent(PKCS7* pkcs7, int encryptOID, byte* key, XFREE(aes, NULL, DYNAMIC_TYPE_AES); #endif break; + #endif /* HAVE_AES_CBC */ #ifdef HAVE_AESGCM #ifdef WOLFSSL_AES_128 case AES128GCMb: @@ -7006,7 +7010,7 @@ static int wc_PKCS7_DecryptContent(PKCS7* pkcs7, int encryptOID, byte* key, break; #endif #endif /* HAVE_AESCCM */ -#endif /* NO_AES */ +#endif /* !NO_AES */ #ifndef NO_DES3 case DESb: if (keySz != DES_KEYLEN || ivSz != DES_BLOCK_SIZE) @@ -7030,7 +7034,7 @@ static int wc_PKCS7_DecryptContent(PKCS7* pkcs7, int encryptOID, byte* key, } break; -#endif +#endif /* !NO_DES3 */ default: WOLFSSL_MSG("Unsupported content cipher type"); return ALGO_ID_E; diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 34a29b680..7b24f2ffd 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -503,7 +503,7 @@ WOLFSSL_TEST_SUBROUTINE int scrypt_test(void); #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) WOLFSSL_TEST_SUBROUTINE int pkcs7authenveloped_test(void); #endif - #ifndef NO_AES + #if !defined(NO_AES) && defined(HAVE_AES_CBC) WOLFSSL_TEST_SUBROUTINE int pkcs7callback_test(byte* cert, word32 certSz, byte* key, word32 keySz); #endif @@ -7878,6 +7878,7 @@ static int aes_key_size_test(void) ERROR_OUT(-5314, out); #endif #endif /* !WOLFSSL_CRYPTOCELL */ + ret = 0; /* success */ out: #ifdef WOLFSSL_SMALL_STACK @@ -8555,15 +8556,15 @@ WOLFSSL_TEST_SUBROUTINE int aes_test(void) Aes enc[1]; #endif byte cipher[AES_BLOCK_SIZE * 4]; -#if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_DIRECT) +#ifdef HAVE_AES_DECRYPT #ifdef WOLFSSL_SMALL_STACK Aes *dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES); #else Aes dec[1]; #endif byte plain [AES_BLOCK_SIZE * 4]; -#endif -#endif /* HAVE_AES_CBC || WOLFSSL_AES_COUNTER */ +#endif /* HAVE_AES_DECRYPT */ +#endif /* HAVE_AES_CBC || WOLFSSL_AES_COUNTER || WOLFSSL_AES_DIRECT */ int ret = 0; #ifdef HAVE_AES_CBC @@ -9138,7 +9139,7 @@ WOLFSSL_TEST_SUBROUTINE int aes_test(void) out: -#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER) +#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_DIRECT) #ifdef WOLFSSL_SMALL_STACK if (enc) { if (ret != -5900) /* note this must match ERRROR_OUT() code @@ -9152,7 +9153,7 @@ WOLFSSL_TEST_SUBROUTINE int aes_test(void) wc_AesFree(enc); #endif (void)cipher; -#if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER) +#ifdef HAVE_AES_DECRYPT #ifdef WOLFSSL_SMALL_STACK if (dec) { if ((ret != -5900) && (ret != -5901)) @@ -9167,8 +9168,8 @@ WOLFSSL_TEST_SUBROUTINE int aes_test(void) wc_AesFree(dec); #endif (void)plain; -#endif -#endif +#endif /* HAVE_AES_DECRYPT */ +#endif /* HAVE_AES_CBC || WOLFSSL_AES_COUNTER || WOLFSSL_AES_DIRECT */ return ret; } @@ -23103,16 +23104,16 @@ static int ecc_test_cert_gen(WC_RNG* rng) int ret; #ifdef WOLFSSL_SMALL_STACK Cert *myCert = (Cert *)XMALLOC(sizeof *myCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); -#ifdef WOLFSSL_TEST_CERT + #ifdef WOLFSSL_TEST_CERT DecodedCert *decode = (DecodedCert *)XMALLOC(sizeof *decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); -#endif + #endif ecc_key *caEccKey = (ecc_key *)XMALLOC(sizeof *caEccKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); ecc_key *certPubKey = (ecc_key *)XMALLOC(sizeof *certPubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); #else Cert myCert[1]; -#ifdef WOLFSSL_TEST_CERT + #ifdef WOLFSSL_TEST_CERT DecodedCert decode[1]; -#endif + #endif ecc_key caEccKey[1]; ecc_key certPubKey[1]; #endif @@ -23130,9 +23131,9 @@ static int ecc_test_cert_gen(WC_RNG* rng) #ifdef WOLFSSL_SMALL_STACK if ((myCert == NULL) -#ifdef WOLFSSL_TEST_CERT + #ifdef WOLFSSL_TEST_CERT || (decode == NULL) -#endif + #endif || (caEccKey == NULL) || (certPubKey == NULL)) ERROR_OUT(MEMORY_E, exit); #endif @@ -23242,7 +23243,7 @@ static int ecc_test_cert_gen(WC_RNG* rng) #endif /* WOLFSSL_CERT_EXT */ #ifdef ENABLE_ECC384_CERT_GEN_TEST - #if defined(USE_CERT_BUFFERS_256) +#if defined(USE_CERT_BUFFERS_256) ret = wc_SetIssuerBuffer(myCert, ca_ecc_cert_der_384, sizeof_ca_ecc_cert_der_384); #else @@ -23255,9 +23256,9 @@ static int ecc_test_cert_gen(WC_RNG* rng) sizeof_ca_ecc_cert_der_256); #else ret = wc_SetIssuer(myCert, eccCaCertFile); -#ifdef ENABLE_ECC384_CERT_GEN_TEST + #ifdef ENABLE_ECC384_CERT_GEN_TEST (void)eccCaCert384File; -#endif + #endif #endif #endif /* ENABLE_ECC384_CERT_GEN_TEST */ if (ret < 0) { @@ -23943,7 +23944,7 @@ WOLFSSL_TEST_SUBROUTINE int ecc_test(void) goto done; } #elif defined(HAVE_ECC_KEY_IMPORT) - (void) ecc_test_make_pub;/* for compiler warning */ + (void)ecc_test_make_pub; /* for compiler warning */ #endif #ifdef WOLFSSL_CERT_GEN ret = ecc_test_cert_gen(&rng); @@ -30545,7 +30546,7 @@ static int myOriDecryptCb(PKCS7* pkcs7, byte* oriType, word32 oriTypeSz, } -#ifndef NO_AES +#if !defined(NO_AES) && defined(HAVE_AES_CBC) /* returns 0 on success */ static int myDecryptionFunc(PKCS7* pkcs7, int encryptOID, byte* iv, int ivSz, byte* aad, word32 aadSz, byte* authTag, word32 authTagSz, @@ -30641,15 +30642,18 @@ static int myDecryptionFunc(PKCS7* pkcs7, int encryptOID, byte* iv, int ivSz, } switch (encryptOID) { + #ifdef WOLFSSL_AES_256 case AES256CBCb: if ((keySz != 32 ) || (ivSz != AES_BLOCK_SIZE)) ERROR_OUT(BAD_FUNC_ARG, out); break; - + #endif + #ifdef WOLFSSL_AES_128 case AES128CBCb: if ((keySz != 16 ) || (ivSz != AES_BLOCK_SIZE)) ERROR_OUT(BAD_FUNC_ARG, out); break; + #endif default: printf("Unsupported content cipher type for example"); @@ -30676,7 +30680,7 @@ static int myDecryptionFunc(PKCS7* pkcs7, int encryptOID, byte* iv, int ivSz, (void)authTagSz; return ret; } -#endif /* NO_AES */ +#endif /* !NO_AES && HAVE_AES_CBC */ #define PKCS7_BUF_SIZE 2048 @@ -30704,14 +30708,15 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, 0x72,0x6c,0x64 }; -#if !defined(NO_AES) && defined(WOLFSSL_AES_256) && defined(HAVE_ECC) && \ - defined(WOLFSSL_SHA512) +#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256) && \ + defined(HAVE_ECC) && defined(WOLFSSL_SHA512) byte optionalUkm[] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 }; #endif /* NO_AES */ -#if !defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128) +#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) && \ + !defined(NO_SHA) /* encryption key for kekri recipient types */ byte secretKey[] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, @@ -30724,8 +30729,8 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, }; #endif -#if !defined(NO_PWDBASED) && !defined(NO_AES) && \ - !defined(NO_SHA) && defined(WOLFSSL_AES_128) +#if !defined(NO_PWDBASED) && !defined(NO_SHA) && \ + !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) #ifndef HAVE_FIPS char password[] = "password"; /* NOTE: Password is too short for FIPS */ @@ -30785,7 +30790,7 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, /* key agreement key encryption technique*/ #ifdef HAVE_ECC - #ifndef NO_AES + #if !defined(NO_AES) && defined(HAVE_AES_CBC) #if !defined(NO_SHA) && defined(WOLFSSL_AES_128) {data, (word32)sizeof(data), DATA, AES128CBCb, AES128_WRAP, dhSinglePass_stdDH_sha1kdf_scheme, eccCert, eccCertSz, eccPrivKey, @@ -30816,11 +30821,11 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, "pkcs7envelopedDataAES256CBC_ECDH_SHA512KDF_ukm.der"}, #endif /* WOLFSSL_SHA512 && WOLFSSL_AES_256 */ - #endif /* NO_AES */ + #endif /* !NO_AES && HAVE_AES_CBC */ #endif /* kekri (KEKRecipientInfo) recipient types */ -#ifndef NO_AES +#if !defined(NO_AES) && defined(HAVE_AES_CBC) #if !defined(NO_SHA) && defined(WOLFSSL_AES_128) {data, (word32)sizeof(data), DATA, AES128CBCb, AES128_WRAP, 0, NULL, 0, NULL, 0, NULL, 0, 0, 0, secretKey, sizeof(secretKey), @@ -30828,10 +30833,10 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, "pkcs7envelopedDataAES128CBC_KEKRI.der"}, #endif -#endif +#endif /* !NO_AES && HAVE_AES_CBC */ /* pwri (PasswordRecipientInfo) recipient types */ -#if !defined(NO_PWDBASED) && !defined(NO_AES) +#if !defined(NO_PWDBASED) && !defined(NO_AES) && defined(HAVE_AES_CBC) #if !defined(NO_SHA) && defined(WOLFSSL_AES_128) {data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, @@ -30841,7 +30846,7 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, #endif #endif -#if !defined(NO_AES) && !defined(NO_AES_128) +#if !defined(NO_AES) && defined(HAVE_AES_CBC) && !defined(NO_AES_128) /* ori (OtherRecipientInfo) recipient types */ {data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, @@ -31287,6 +31292,8 @@ static int pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, }; byte senderNonce[PKCS7_NONCE_SZ + 2]; #ifdef HAVE_ECC + #if !defined(NO_AES) && defined(HAVE_AESGCM) + #if !defined(NO_SHA256) && defined(WOLFSSL_AES_256) WOLFSSL_SMALL_STACK_STATIC const byte senderNonceOid[] = { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, 0x09, 0x05 }; @@ -31296,6 +31303,8 @@ static int pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, { senderNonceOid, sizeof(senderNonceOid), senderNonce, sizeof(senderNonce) } }; + #endif + #endif #endif #if !defined(NO_AES) && defined(WOLFSSL_AES_256) && defined(HAVE_ECC) && \ @@ -31783,11 +31792,11 @@ static int pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, wc_FreeRng(&rng); -#if !defined(HAVE_ECC) || defined(NO_AES) (void)eccCert; (void)eccCertSz; (void)eccPrivKey; (void)eccPrivKeySz; +#if !defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128) (void)secretKey; (void)secretKeyId; #endif @@ -31898,7 +31907,8 @@ WOLFSSL_TEST_SUBROUTINE int pkcs7authenveloped_test(void) } #endif /* HAVE_AESGCM || HAVE_AESCCM */ -#ifndef NO_AES + +#if !defined(NO_AES) && defined(HAVE_AES_CBC) static const byte p7DefKey[] = { 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, @@ -32314,7 +32324,7 @@ WOLFSSL_TEST_SUBROUTINE int pkcs7callback_test(byte* cert, word32 certSz, byte* return ret; } -#endif /* NO_AES */ +#endif /* !NO_AES && HAVE_AES_CBC */ #ifndef NO_PKCS7_ENCRYPTED_DATA @@ -33917,7 +33927,7 @@ WOLFSSL_TEST_SUBROUTINE int pkcs7signed_test(void) eccClientCertBuf, (word32)eccClientCertBufSz, eccClientPrivKeyBuf, (word32)eccClientPrivKeyBufSz); -#ifndef NO_AES +#if !defined(NO_AES) && defined(HAVE_AES_CBC) if (ret >= 0) ret = pkcs7callback_test( rsaClientCertBuf, (word32)rsaClientCertBufSz, diff --git a/wolfssl/test.h b/wolfssl/test.h index d897a11e3..f885972bc 100644 --- a/wolfssl/test.h +++ b/wolfssl/test.h @@ -3053,7 +3053,7 @@ typedef struct AtomicDecCtx { Aes aes; /* for aes example */ } AtomicDecCtx; - +#if !defined(NO_HMAC) && !defined(NO_AES) && defined(HAVE_AES_CBC) static WC_INLINE int myMacEncryptCb(WOLFSSL* ssl, unsigned char* macOut, const unsigned char* macIn, unsigned int macInSz, int macContent, int macVerify, unsigned char* encOut, const unsigned char* encIn, @@ -3124,7 +3124,6 @@ static WC_INLINE int myMacEncryptCb(WOLFSSL* ssl, unsigned char* macOut, return wc_AesCbcEncrypt(&encCtx->aes, encOut, encIn, encSz); } - static WC_INLINE int myDecryptVerifyCb(WOLFSSL* ssl, unsigned char* decOut, const unsigned char* decIn, unsigned int decSz, int macContent, int macVerify, @@ -3225,7 +3224,7 @@ static WC_INLINE int myDecryptVerifyCb(WOLFSSL* ssl, return ret; } -#if defined(HAVE_ENCRYPT_THEN_MAC) +#ifdef HAVE_ENCRYPT_THEN_MAC static WC_INLINE int myEncryptMacCb(WOLFSSL* ssl, unsigned char* macOut, int content, int macVerify, unsigned char* encOut, @@ -3379,7 +3378,8 @@ static WC_INLINE int myVerifyDecryptCb(WOLFSSL* ssl, return 0; } -#endif +#endif /* HAVE_ENCRYPT_THEN_MAC */ +#endif /* !NO_HMAC && !NO_AES && HAVE_AES_CBC */ static WC_INLINE void SetupAtomicUser(WOLFSSL_CTX* ctx, WOLFSSL* ssl) @@ -3399,18 +3399,23 @@ static WC_INLINE void SetupAtomicUser(WOLFSSL_CTX* ctx, WOLFSSL* ssl) } XMEMSET(decCtx, 0, sizeof(AtomicDecCtx)); +#if !defined(NO_HMAC) && !defined(NO_AES) && defined(HAVE_AES_CBC) wolfSSL_CTX_SetMacEncryptCb(ctx, myMacEncryptCb); wolfSSL_SetMacEncryptCtx(ssl, encCtx); wolfSSL_CTX_SetDecryptVerifyCb(ctx, myDecryptVerifyCb); wolfSSL_SetDecryptVerifyCtx(ssl, decCtx); -#if defined(HAVE_ENCRYPT_THEN_MAC) + #ifdef HAVE_ENCRYPT_THEN_MAC wolfSSL_CTX_SetEncryptMacCb(ctx, myEncryptMacCb); wolfSSL_SetEncryptMacCtx(ssl, encCtx); wolfSSL_CTX_SetVerifyDecryptCb(ctx, myVerifyDecryptCb); wolfSSL_SetVerifyDecryptCtx(ssl, decCtx); + #endif +#else + (void)ctx; + (void)ssl; #endif }