diff --git a/IDE/GCC-ARM/Makefile b/IDE/GCC-ARM/Makefile index ba4010c42..e24939b9b 100644 --- a/IDE/GCC-ARM/Makefile +++ b/IDE/GCC-ARM/Makefile @@ -1,6 +1,6 @@ BUILD_DIR = ./Build -all: WolfSSLStaticLib WolfCryptTest WolfCryptBench WolfSSLClient +all: WolfSSLStaticLib WolfCryptTest WolfCryptBench WolfSSLClient WolfSSLServer WolfCryptTest: $(MAKE) -f Makefile.test @@ -8,6 +8,8 @@ WolfCryptBench: $(MAKE) -f Makefile.bench WolfSSLClient: $(MAKE) -f Makefile.client +WolfSSLServer: + $(MAKE) -f Makefile.server WolfSSLStaticLib: $(MAKE) -f Makefile.static diff --git a/IDE/GCC-ARM/Makefile.server b/IDE/GCC-ARM/Makefile.server new file mode 100644 index 000000000..7eaac91ee --- /dev/null +++ b/IDE/GCC-ARM/Makefile.server @@ -0,0 +1,7 @@ +# Project name +BIN = WolfSSLServer +SRC_C = ./Source/tls_server.c + +all: build_hex + +include Makefile.common diff --git a/IDE/GCC-ARM/Source/armtarget.c b/IDE/GCC-ARM/Source/armtarget.c index c718c6ba5..5f659a6cb 100644 --- a/IDE/GCC-ARM/Source/armtarget.c +++ b/IDE/GCC-ARM/Source/armtarget.c @@ -71,7 +71,7 @@ void reset_handler(void) /* Init heap */ __heap_start__[0] = 0; - __heap_start__[1] = ((uint32_t)__heap_end__ - (uint32_t)__heap_start__); + __heap_start__[1] = ((uintptr_t)__heap_end__ - (uintptr_t)__heap_start__); #endif /* USE_WOLF_ARM_STARTUP */ /* Start main */ diff --git a/IDE/GCC-ARM/Source/tls_client.c b/IDE/GCC-ARM/Source/tls_client.c index 66ea21626..fb04f8e17 100644 --- a/IDE/GCC-ARM/Source/tls_client.c +++ b/IDE/GCC-ARM/Source/tls_client.c @@ -23,7 +23,7 @@ #include #include -#ifndef WOLFCRYPT_ONLY +#if !defined(WOLFCRYPT_ONLY) && !defined(NO_WOLFSSL_CLIENT) #include #include @@ -100,11 +100,11 @@ static int tls_client(void) /*---------------------*/ /* for no peer auth: */ /*---------------------*/ - wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0); + wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, 0); /*---------------------*/ /* end peer auth option*/ /*---------------------*/ - if ((ret = wolfSSL_CTX_set_cipher_list(ctx, "ECDHE-ECDSA-AES128-SHA256")) != SSL_SUCCESS) { + if ((ret = wolfSSL_CTX_set_cipher_list(ctx, "ECDHE-ECDSA-AES128-SHA256")) != WOLFSSL_SUCCESS) { wolfSSL_CTX_free(ctx); printf("CTXset_cipher_list failed, error: %d\n", ret); goto fail; @@ -123,14 +123,14 @@ static int tls_client(void) } /* non blocking accept and connect */ - ret = SSL_FAILURE; + ret = WOLFSSL_FAILURE; - while (ret != SSL_SUCCESS) { + while (ret != WOLFSSL_SUCCESS) { /* client connect */ ret = wolfSSL_connect(ssl); error = wolfSSL_get_error(ssl, 0); - if (ret != SSL_SUCCESS) { - if (error != SSL_ERROR_WANT_READ && error != SSL_ERROR_WANT_WRITE) { + if (ret != WOLFSSL_SUCCESS) { + if (error != WOLFSSL_ERROR_WANT_READ && error != WOLFSSL_ERROR_WANT_WRITE) { /* Fail */ printf("wolfSSL connect failed with return code %d\n", error); goto fail; @@ -146,7 +146,7 @@ static int tls_client(void) ret = wolfSSL_write(ssl, msg, msgSz); error = wolfSSL_get_error(ssl, 0); if (ret != msgSz) { - if (error != SSL_ERROR_WANT_READ && error != SSL_ERROR_WANT_WRITE) { + if (error != WOLFSSL_ERROR_WANT_READ && error != WOLFSSL_ERROR_WANT_WRITE) { /* Write failed */ goto fail; } @@ -159,7 +159,7 @@ static int tls_client(void) ret = wolfSSL_read(ssl, reply, sizeof(reply) - 1); error = wolfSSL_get_error(ssl, 0); if (ret < 0) { - if (error != SSL_ERROR_WANT_READ && error != SSL_ERROR_WANT_WRITE) { + if (error != WOLFSSL_ERROR_WANT_READ && error != WOLFSSL_ERROR_WANT_WRITE) { /* Can put print here, the server enters a loop waiting to read * a confirmation message at this point */ // printf("client read failed\n"); @@ -186,14 +186,14 @@ fail: return -1; } -#endif +#endif /* !WOLFCRYPT_ONLY && !NO_WOLFSSL_CLIENT */ int main(void) { int ret; -#ifndef WOLFCRYPT_ONLY +#if !defined(WOLFCRYPT_ONLY) && !defined(NO_WOLFSSL_CLIENT) wolfSSL_Init(); ret = tls_client(); diff --git a/IDE/GCC-ARM/Source/tls_server.c b/IDE/GCC-ARM/Source/tls_server.c new file mode 100644 index 000000000..b0628f723 --- /dev/null +++ b/IDE/GCC-ARM/Source/tls_server.c @@ -0,0 +1,206 @@ +/* tls_server.c + * + * Copyright (C) 2006-2021 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +#include +#include + +#if !defined(WOLFCRYPT_ONLY) && !defined(NO_WOLFSSL_SERVER) + +#include +#include +#include + +#define MAXSZ 1024 + +/*------------------------------------------------------------------------*/ +/* TLS SERVER */ +/*------------------------------------------------------------------------*/ +static int CbIORecv(WOLFSSL *ssl, char *buf, int sz, void *ctx) +{ + int ret = WOLFSSL_CBIO_ERR_GENERAL; + + (void)ssl; + (void)ctx; + + /* TODO: Exchange data over your own transport */ + #warning TODO: Implement your own recv data transport +#if 0 + ret = usart_read_buffer_wait(&cdc_uart_module, buf, sz); + if (ret == STATUS_ERR_TIMEOUT) + return WOLFSSL_CBIO_ERR_WANT_READ; + + return (ret == STATUS_OK) ? sz : WOLFSSL_CBIO_ERR_GENERAL; +#else + return ret; +#endif +} + +static int CbIOSend(WOLFSSL *ssl, char *buf, int sz, void *ctx) +{ + int ret = WOLFSSL_CBIO_ERR_GENERAL; + + (void)ssl; + (void)ctx; + + /* TODO: Exchange data over your own transport */ + #warning TODO: Implement your own send data transport +#if 0 + ret = usart_write_buffer_wait(&cdc_uart_module, buf, sz); + if (ret == STATUS_ERR_TIMEOUT) + return WOLFSSL_CBIO_ERR_WANT_WRITE; + + return (ret == STATUS_OK) ? sz : WOLFSSL_CBIO_ERR_GENERAL; +#else + return ret; +#endif +} + +static int tls_server(void) +{ + char reply[MAXSZ]; + int ret, error; + WOLFSSL* ssl = NULL; + WOLFSSL_CTX* ctx = NULL; + + if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method())) == NULL) { + printf("CTXnew failed.\n"); + goto fail; + } + + /*------------------------------------------------------------------------*/ + /* ECDHE-ECDSA */ + /*------------------------------------------------------------------------*/ + /*--------------------*/ + /* for peer auth use: */ + /*--------------------*/ + // wolfSSL_CTX_load_verify_buffer(ctx, rsa_key_der_1024, + // sizeof_rsa_key_der_1024, SSL_FILETYPE_ASN1); + // wolfSSL_CTX_load_verify_buffer(ctx, server_cert_der_1024, + // sizeof_server_cert_der_1024, SSL_FILETYPE_ASN1); + /*---------------------*/ + /* for no peer auth: */ + /*---------------------*/ + wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, 0); + /*---------------------*/ + /* end peer auth option*/ + /*---------------------*/ + if ((ret = wolfSSL_CTX_set_cipher_list(ctx, "ECDHE-ECDSA-AES128-SHA256")) != WOLFSSL_SUCCESS) { + wolfSSL_CTX_free(ctx); + printf("CTXset_cipher_list failed, error: %d\n", ret); + goto fail; + } + /*------------------------------------------------------------------------*/ + /* END CIPHER SUITE OPTIONS */ + /*------------------------------------------------------------------------*/ + wolfSSL_CTX_SetIORecv(ctx, CbIORecv); + wolfSSL_CTX_SetIOSend(ctx, CbIOSend); + + if ((ssl = wolfSSL_new(ctx)) == NULL) { + error = wolfSSL_get_error(ssl, 0); + printf("wolfSSL_new failed %d\n", error); + wolfSSL_CTX_free(ctx); + return -1; + } + + /* non blocking accept and connect */ + ret = WOLFSSL_FAILURE; + + while (ret != WOLFSSL_SUCCESS) { + /* server accept */ + ret = wolfSSL_accept(ssl); + error = wolfSSL_get_error(ssl, 0); + if (ret != WOLFSSL_SUCCESS) { + if (error != WOLFSSL_ERROR_WANT_READ && error != WOLFSSL_ERROR_WANT_WRITE) { + /* Fail */ + printf("wolfSSL accept failed with return code %d\n", error); + goto fail; + } + } + /* Success */ + } + + /* read and write */ + while (1) { + /* server read */ + ret = wolfSSL_read(ssl, reply, sizeof(reply) - 1); + error = wolfSSL_get_error(ssl, 0); + if (ret < 0) { + if (error != WOLFSSL_ERROR_WANT_READ && error != WOLFSSL_ERROR_WANT_WRITE) { + /* Can put print here, the server enters a loop waiting to read + * a confirmation message at this point */ + // printf("server read failed\n"); + goto fail; + } + continue; + } + else { + /* Can put print here, the server enters a loop waiting to read + * a confirmation message at this point */ + reply[ret] = '\0'; + // printf("Server Received Reply: %s\n", reply); + break; + } + + } + + while (1) { + /* server write / echo */ + ret = wolfSSL_write(ssl, reply, XSTRLEN(reply)); + error = wolfSSL_get_error(ssl, 0); + if (ret != XSTRLEN(reply)) { + if (error != WOLFSSL_ERROR_WANT_READ && error != WOLFSSL_ERROR_WANT_WRITE) { + /* Write failed */ + goto fail; + } + } + /* Write succeeded */ + break; + } + + return 0; + +fail: + wolfSSL_shutdown(ssl); + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); + + return -1; +} +#endif /* !WOLFCRYPT_ONLY && !NO_WOLFSSL_SERVER */ + + +int main(void) +{ + int ret; + +#if !defined(WOLFCRYPT_ONLY) && !defined(NO_WOLFSSL_SERVER) + wolfSSL_Init(); + + ret = tls_server(); + + wolfSSL_Cleanup(); +#else + ret = NOT_COMPILED_IN; +#endif + + return ret; +} diff --git a/IDE/GCC-ARM/include.am b/IDE/GCC-ARM/include.am index 3731bfdfc..ca12aca5c 100644 --- a/IDE/GCC-ARM/include.am +++ b/IDE/GCC-ARM/include.am @@ -8,11 +8,13 @@ EXTRA_DIST+= IDE/GCC-ARM/Source/wolf_main.c EXTRA_DIST+= IDE/GCC-ARM/Source/benchmark_main.c EXTRA_DIST+= IDE/GCC-ARM/Source/test_main.c EXTRA_DIST+= IDE/GCC-ARM/Source/tls_client.c +EXTRA_DIST+= IDE/GCC-ARM/Source/tls_server.c EXTRA_DIST+= IDE/GCC-ARM/linker.ld EXTRA_DIST+= IDE/GCC-ARM/linker_fips.ld EXTRA_DIST+= IDE/GCC-ARM/Makefile EXTRA_DIST+= IDE/GCC-ARM/Makefile.bench EXTRA_DIST+= IDE/GCC-ARM/Makefile.client +EXTRA_DIST+= IDE/GCC-ARM/Makefile.server EXTRA_DIST+= IDE/GCC-ARM/Makefile.common EXTRA_DIST+= IDE/GCC-ARM/Makefile.test EXTRA_DIST+= IDE/GCC-ARM/Makefile.static diff --git a/src/ssl.c b/src/ssl.c index 322a9afd6..74ba37b19 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -33841,7 +33841,8 @@ const WOLFSSL_EVP_MD *wolfSSL_HMAC_CTX_get_md(const WOLFSSL_HMAC_CTX *ctx) return wolfSSL_macType2EVP_md((enum wc_HashType)ctx->type); } -#if defined(WOLFSSL_CMAC) && defined(OPENSSL_EXTRA) +#if defined(WOLFSSL_CMAC) && defined(OPENSSL_EXTRA) && \ + defined(WOLFSSL_AES_DIRECT) WOLFSSL_CMAC_CTX* wolfSSL_CMAC_CTX_new(void) { WOLFSSL_CMAC_CTX* ctx = NULL; @@ -33900,8 +33901,10 @@ int wolfSSL_CMAC_Init(WOLFSSL_CMAC_CTX* ctx, const void *key, size_t keyLen, WOLFSSL_ENTER("wolfSSL_CMAC_Init"); - if (ctx == NULL || cipher == NULL || (cipher != EVP_AES_128_CBC && - cipher != EVP_AES_192_CBC && cipher != EVP_AES_256_CBC)) { + if (ctx == NULL || cipher == NULL || ( + cipher != EVP_AES_128_CBC && + cipher != EVP_AES_192_CBC && + cipher != EVP_AES_256_CBC)) { ret = WOLFSSL_FAILURE; } @@ -33987,7 +33990,7 @@ int wolfSSL_CMAC_Final(WOLFSSL_CMAC_CTX* ctx, unsigned char* out, return ret; } -#endif /* WOLFSSL_CMAC && OPENSSL_EXTRA */ +#endif /* WOLFSSL_CMAC && OPENSSL_EXTRA && WOLFSSL_AES_DIRECT */ /* Free the dynamically allocated data. * @@ -57288,9 +57291,8 @@ int wolfSSL_RAND_poll(void) } switch (ctx->cipherType) { - #ifndef NO_AES -#ifdef HAVE_AES_CBC +#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) case AES_128_CBC_TYPE : case AES_192_CBC_TYPE : case AES_256_CBC_TYPE : @@ -57411,7 +57413,7 @@ int wolfSSL_RAND_poll(void) switch (ctx->cipherType) { #ifndef NO_AES -#ifdef HAVE_AES_CBC +#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) case AES_128_CBC_TYPE : case AES_192_CBC_TYPE : case AES_256_CBC_TYPE : diff --git a/tests/api.c b/tests/api.c index f14d4d358..8c7c0be21 100644 --- a/tests/api.c +++ b/tests/api.c @@ -3508,7 +3508,8 @@ static void test_wolfSSL_EVP_get_cipherbynid(void) const WOLFSSL_EVP_CIPHER* c; c = wolfSSL_EVP_get_cipherbynid(419); - #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) + #if (defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)) && \ + defined(WOLFSSL_AES_128) AssertNotNull(c); AssertNotNull(strcmp("EVP_AES_128_CBC", c)); #else @@ -3516,7 +3517,8 @@ static void test_wolfSSL_EVP_get_cipherbynid(void) #endif c = wolfSSL_EVP_get_cipherbynid(423); - #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_192) + #if (defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)) && \ + defined(WOLFSSL_AES_192) AssertNotNull(c); AssertNotNull(strcmp("EVP_AES_192_CBC", c)); #else @@ -3524,7 +3526,8 @@ static void test_wolfSSL_EVP_get_cipherbynid(void) #endif c = wolfSSL_EVP_get_cipherbynid(427); - #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256) + #if (defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)) && \ + defined(WOLFSSL_AES_256) AssertNotNull(c); AssertNotNull(strcmp("EVP_AES_256_CBC", c)); #else @@ -3733,9 +3736,8 @@ static int nonblocking_accept_read(void* args, WOLFSSL* ssl, SOCKET_T* sockfd) #endif /* WOLFSSL_SESSION_EXPORT */ /* TODO: Expand and enable this when EVP_chacha20_poly1305 is supported */ -#if defined(HAVE_SESSION_TICKET) && \ - defined(HAVE_AESGCM) && \ - defined(OPENSSL_EXTRA) +#if defined(HAVE_SESSION_TICKET) && defined(OPENSSL_EXTRA) && \ + defined(HAVE_AES_CBC) typedef struct openssl_key_ctx { byte name[WOLFSSL_TICKET_NAME_SZ]; /* server name */ @@ -3847,7 +3849,7 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args) #if defined(HAVE_SESSION_TICKET) && \ ((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || defined(HAVE_AESGCM)) -#if defined(OPENSSL_EXTRA) && defined(HAVE_AESGCM) +#if defined(OPENSSL_EXTRA) && defined(HAVE_AES_CBC) OpenSSLTicketInit(); wolfSSL_CTX_set_tlsext_ticket_key_cb(ctx, myTicketEncCbOpenSSL); #elif defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) @@ -4039,7 +4041,7 @@ done: #if defined(HAVE_SESSION_TICKET) && \ ((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || defined(HAVE_AESGCM)) -#if defined(OPENSSL_EXTRA) && defined(HAVE_AESGCM) +#if defined(OPENSSL_EXTRA) && defined(HAVE_AES_CBC) OpenSSLTicketCleanup(); #elif defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) TicketCleanup(); @@ -6994,7 +6996,7 @@ static void test_wolfSSL_PKCS8(void) static void test_wolfSSL_PKCS8_ED25519(void) { -#if !defined(NO_ASN) && defined(HAVE_PKCS8) && \ +#if !defined(NO_ASN) && defined(HAVE_PKCS8) && defined(HAVE_AES_CBC) && \ defined(WOLFSSL_ENCRYPTED_KEYS) && defined(HAVE_ED25519) && \ defined(HAVE_ED25519_KEY_IMPORT) const byte encPrivKey[] = \ @@ -7026,7 +7028,7 @@ static void test_wolfSSL_PKCS8_ED25519(void) static void test_wolfSSL_PKCS8_ED448(void) { -#if !defined(NO_ASN) && defined(HAVE_PKCS8) && \ +#if !defined(NO_ASN) && defined(HAVE_PKCS8) && defined(HAVE_AES_CBC) && \ defined(WOLFSSL_ENCRYPTED_KEYS) && defined(HAVE_ED448) && \ defined(HAVE_ED448_KEY_IMPORT) const byte encPrivKey[] = \ @@ -23169,8 +23171,8 @@ static int test_wc_ecc_encryptDecrypt (void) { int ret = 0; -#if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && defined(WOLFSSL_AES_128) \ - && !defined(WC_NO_RNG) +#if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG) && \ + defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) ecc_key srvKey, cliKey, tmpKey; WC_RNG rng; const char* msg = "EccBlock Size 16"; @@ -25535,7 +25537,8 @@ static void test_wc_PKCS7_VerifySignedData(void) } /* END test_wc_PKCS7_VerifySignedData() */ -#if defined(HAVE_PKCS7) && !defined(NO_AES) && !defined(NO_AES_256) +#if defined(HAVE_PKCS7) && !defined(NO_AES) && defined(HAVE_AES_CBC) && \ + !defined(NO_AES_256) static const byte defKey[] = { 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, @@ -25634,7 +25637,7 @@ static int myCEKwrapFunc(PKCS7* pkcs7, byte* cek, word32 cekSz, byte* keyId, (void)orginKeySz; return ret; } -#endif /* HAVE_PKCS7 && !NO_AES && !NO_AES_256 */ +#endif /* HAVE_PKCS7 && !NO_AES && HAVE_AES_CBC && !NO_AES_256 */ /* @@ -25777,7 +25780,7 @@ static void test_wc_PKCS7_EncodeDecodeEnvelopedData (void) {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, DES3b, 0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz}, #endif /* NO_DES3 */ - #ifndef NO_AES + #if !defined(NO_AES) && defined(HAVE_AES_CBC) #ifndef NO_AES_128 {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES128CBCb, 0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz}, @@ -25790,11 +25793,11 @@ static void test_wc_PKCS7_EncodeDecodeEnvelopedData (void) {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES256CBCb, 0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz}, #endif - #endif /* NO_AES */ + #endif /* NO_AES && HAVE_AES_CBC */ #endif /* NO_RSA */ #if defined(HAVE_ECC) - #ifndef NO_AES + #if !defined(NO_AES) && defined(HAVE_AES_CBC) #if !defined(NO_SHA) && !defined(NO_AES_128) {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES128CBCb, AES128_WRAP, dhSinglePass_stdDH_sha1kdf_scheme, eccCert, @@ -25810,7 +25813,7 @@ static void test_wc_PKCS7_EncodeDecodeEnvelopedData (void) AES256_WRAP, dhSinglePass_stdDH_sha512kdf_scheme, eccCert, eccCertSz, eccPrivKey, eccPrivKeySz}, #endif - #endif /* NO_AES */ + #endif /* NO_AES && HAVE_AES_CBC*/ #endif /* END HAVE_ECC */ }; /* END pkcs7EnvelopedVector */ @@ -25877,7 +25880,7 @@ static void test_wc_PKCS7_EncodeDecodeEnvelopedData (void) AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output, 0, decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG); /* Should get a return of BAD_FUNC_ARG with structure data. Order matters.*/ -#if defined(HAVE_ECC) && !defined(NO_AES) +#if defined(HAVE_ECC) && !defined(NO_AES) && defined(HAVE_AES_CBC) /* only a failure for KARI test cases */ tempWrd32 = pkcs7->singleCertSz; pkcs7->singleCertSz = 0; @@ -25893,6 +25896,7 @@ static void test_wc_PKCS7_EncodeDecodeEnvelopedData (void) #endif tempWrd32 = pkcs7->privateKeySz; pkcs7->privateKeySz = 0; + AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output, (word32)sizeof(output), decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG); pkcs7->privateKeySz = tempWrd32; @@ -25902,9 +25906,10 @@ static void test_wc_PKCS7_EncodeDecodeEnvelopedData (void) AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output, (word32)sizeof(output), decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG); pkcs7->privateKey = tmpBytePtr; + wc_PKCS7_Free(pkcs7); -#if !defined(NO_AES) && !defined(NO_AES_256) +#if !defined(NO_AES) && defined(HAVE_AES_CBC) && !defined(NO_AES_256) /* test of decrypt callback with KEKRI enveloped data */ { int envelopedSz; @@ -26021,7 +26026,7 @@ static void test_wc_PKCS7_EncodeEncryptedData (void) }; #endif - #ifndef NO_AES + #if !defined(NO_AES) && defined(HAVE_AES_CBC) #ifndef NO_AES_128 byte aes128Key[] = { 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, @@ -26043,15 +26048,15 @@ static void test_wc_PKCS7_EncodeEncryptedData (void) 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08 }; #endif - #endif + #endif /* !NO_AES && HAVE_AES_CBC */ const pkcs7EncryptedVector testVectors[] = { #ifndef NO_DES3 {data, (word32)sizeof(data), DATA, DES3b, des3Key, sizeof(des3Key)}, {data, (word32)sizeof(data), DATA, DESb, desKey, sizeof(desKey)}, - #endif /* NO_DES3 */ - #ifndef NO_AES + #endif /* !NO_DES3 */ + #if !defined(NO_AES) && defined(HAVE_AES_CBC) #ifndef NO_AES_128 {data, (word32)sizeof(data), DATA, AES128CBCb, aes128Key, sizeof(aes128Key)}, @@ -26067,7 +26072,7 @@ static void test_wc_PKCS7_EncodeEncryptedData (void) sizeof(aes256Key)}, #endif - #endif /* NO_AES */ + #endif /* !NO_AES && HAVE_AES_CBC */ }; testSz = sizeof(testVectors) / sizeof(pkcs7EncryptedVector); @@ -26088,7 +26093,7 @@ static void test_wc_PKCS7_EncodeEncryptedData (void) sizeof(encrypted)); AssertIntGT(encryptedSz, 0); - /* Decode encryptedData */ + /* Decode encryptedData */ decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz, decoded, sizeof(decoded)); @@ -26098,6 +26103,10 @@ static void test_wc_PKCS7_EncodeEncryptedData (void) wc_PKCS7_Free(pkcs7); } } + if (pkcs7 == NULL || testSz == 0) { + AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId)); + AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, devId), 0); + } printf(testingFmt, "wc_PKCS7_EncodeEncryptedData()"); AssertIntEQ(wc_PKCS7_EncodeEncryptedData(NULL, encrypted, @@ -26473,11 +26482,13 @@ static void test_wc_PKCS7_BER(void) static void test_PKCS7_signed_enveloped(void) { -#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) \ - && !defined(NO_AES) +#if defined(HAVE_PKCS7) && !defined(NO_RSA) && !defined(NO_AES) && \ + !defined(NO_FILESYSTEM) XFILE f; PKCS7* pkcs7; +#ifdef HAVE_AES_CBC PKCS7* inner; +#endif void* pt; WC_RNG rng; unsigned char key[FOURK_BUF/2]; @@ -26489,8 +26500,10 @@ static void test_PKCS7_signed_enveloped(void) unsigned char sig[FOURK_BUF * 2]; int sigSz = FOURK_BUF * 2; +#ifdef HAVE_AES_CBC unsigned char decoded[FOURK_BUF]; int decodedSz = FOURK_BUF; +#endif printf(testingFmt, "PKCS7_signed_enveloped"); @@ -26521,6 +26534,7 @@ static void test_PKCS7_signed_enveloped(void) wc_PKCS7_Free(pkcs7); wc_FreeRng(&rng); +#ifdef HAVE_AES_CBC /* create envelope */ AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0)); AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0); @@ -26532,6 +26546,7 @@ static void test_PKCS7_signed_enveloped(void) pkcs7->privateKeySz = keySz; AssertIntGT((envSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, env, envSz)), 0); wc_PKCS7_Free(pkcs7); +#endif /* create bad signed enveloped data */ sigSz = FOURK_BUF * 2; @@ -26610,6 +26625,7 @@ static void test_PKCS7_signed_enveloped(void) AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, sigSz), 0); AssertNotNull(pkcs7->content); +#ifdef HAVE_AES_CBC /* check decode */ AssertNotNull(inner = wc_PKCS7_New(NULL, 0)); AssertIntEQ(wc_PKCS7_InitWithCert(inner, cert, certSz), 0); @@ -26618,8 +26634,10 @@ static void test_PKCS7_signed_enveloped(void) AssertIntGT((decodedSz = wc_PKCS7_DecodeEnvelopedData(inner, pkcs7->content, pkcs7->contentSz, decoded, decodedSz)), 0); wc_PKCS7_Free(inner); +#endif wc_PKCS7_Free(pkcs7); +#ifdef HAVE_AES_CBC /* check cert set */ AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0)); AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); @@ -26627,10 +26645,11 @@ static void test_PKCS7_signed_enveloped(void) AssertNotNull(pkcs7->singleCert); AssertIntNE(pkcs7->singleCertSz, 0); wc_PKCS7_Free(pkcs7); +#endif printf(resultFmt, passed); -#endif +#endif /* HAVE_PKCS7 && !NO_RSA && !NO_AES */ } static void test_wc_PKCS7_NoDefaultSignedAttribs (void) { @@ -34152,7 +34171,8 @@ static void test_wolfSSL_PKCS8_d2i(void) file)), 0); XFCLOSE(file); #if defined(OPENSSL_ALL) && \ - !defined(NO_BIO) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8) + !defined(NO_BIO) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8) && \ + defined(HAVE_AES_CBC) AssertNotNull(bio = BIO_new(BIO_s_mem())); /* Write PKCS#8 PEM to BIO. */ AssertIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL, @@ -34170,7 +34190,7 @@ static void test_wolfSSL_PKCS8_d2i(void) (void*)"yassl123")); EVP_PKEY_free(evpPkey); BIO_free(bio); -#endif /* OPENSSL_ALL && !NO_BIO && !NO_PWDBASED && HAVE_PKCS8 */ +#endif /* OPENSSL_ALL && !NO_BIO && !NO_PWDBASED && HAVE_PKCS8 && HAVE_AES_CBC */ EVP_PKEY_free(pkey); /* PKCS#8 encrypted EC key */ @@ -34576,9 +34596,9 @@ static void test_wolfSSL_HMAC(void) static void test_wolfSSL_CMAC(void) { -#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_CMAC) - - int i = 0; +#if defined(WOLFSSL_CMAC) && defined(OPENSSL_EXTRA) && \ + defined(WOLFSSL_AES_DIRECT) + int i; byte key[AES_128_KEY_SIZE]; CMAC_CTX* cmacCtx = NULL; byte out[AES_BLOCK_SIZE]; @@ -34586,7 +34606,7 @@ static void test_wolfSSL_CMAC(void) printf(testingFmt, "test_wolfSSL_CMAC()"); - for (; i < AES_128_KEY_SIZE; ++i) { + for (i=0; i < AES_128_KEY_SIZE; ++i) { key[i] = i; } AssertNotNull(cmacCtx = CMAC_CTX_new()); @@ -34602,7 +34622,7 @@ static void test_wolfSSL_CMAC(void) CMAC_CTX_free(cmacCtx); printf(resultFmt, passed); -#endif /* OPENSSL_EXTRA && WOLFSSL_CMAC */ +#endif /* WOLFSSL_CMAC && OPENSSL_EXTRA && WOLFSSL_AES_DIRECT */ } @@ -40281,9 +40301,9 @@ static void test_wolfSSL_EVP_CIPHER_iv_length(void) int enumArray[] = { - - #ifdef HAVE_AES_CBC - NID_aes_128_cbc, + #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) + #ifdef WOLFSSL_AES_128 + NID_aes_128_cbc, #endif #ifdef WOLFSSL_AES_192 NID_aes_192_cbc, @@ -40291,6 +40311,7 @@ static void test_wolfSSL_EVP_CIPHER_iv_length(void) #ifdef WOLFSSL_AES_256 NID_aes_256_cbc, #endif + #endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */ #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) #ifdef HAVE_AESGCM @@ -40324,8 +40345,10 @@ static void test_wolfSSL_EVP_CIPHER_iv_length(void) NID_idea_cbc, #endif }; + int iv_lengths[] = { - #ifdef HAVE_AES_CBC + #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) + #ifdef WOLFSSL_AES_128 AES_BLOCK_SIZE, #endif #ifdef WOLFSSL_AES_192 @@ -40334,6 +40357,7 @@ static void test_wolfSSL_EVP_CIPHER_iv_length(void) #ifdef WOLFSSL_AES_256 AES_BLOCK_SIZE, #endif + #endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */ #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) #ifdef HAVE_AESGCM @@ -40372,8 +40396,8 @@ static void test_wolfSSL_EVP_CIPHER_iv_length(void) enumlen = (sizeof(enumArray)/sizeof(int)); for(i = 0; i < enumlen; i++) { - const EVP_CIPHER *c = wolfSSL_EVP_get_cipherbynid(enumArray[i]); - AssertIntEQ(wolfSSL_EVP_CIPHER_iv_length(c), iv_lengths[i]); + const EVP_CIPHER *c = EVP_get_cipherbynid(enumArray[i]); + AssertIntEQ(EVP_CIPHER_iv_length(c), iv_lengths[i]); } printf(resultFmt, passed); @@ -40553,7 +40577,7 @@ static void test_wolfSSL_EVP_PKEY_param_check(void) } static void test_wolfSSL_EVP_BytesToKey(void) { -#if defined(OPENSSL_ALL) && !defined(NO_DES3) +#if defined(OPENSSL_ALL) && !defined(NO_AES) && defined(HAVE_AES_CBC) byte key[AES_BLOCK_SIZE] = {0}; byte iv[AES_BLOCK_SIZE] = {0}; int sz = 5; @@ -40569,20 +40593,20 @@ static void test_wolfSSL_EVP_BytesToKey(void) type = wolfSSL_EVP_get_cipherbynid(NID_aes_128_cbc); - printf(testingFmt, "wolfSSL_EVP_BytesToKey"); + printf(testingFmt, "EVP_BytesToKey"); /* Bad cases */ - AssertIntEQ(wolfSSL_EVP_BytesToKey(NULL, md, salt, data, sz, count, key, iv), + AssertIntEQ(EVP_BytesToKey(NULL, md, salt, data, sz, count, key, iv), 0); - AssertIntEQ(wolfSSL_EVP_BytesToKey(type, md, salt, NULL, sz, count, key, iv), + AssertIntEQ(EVP_BytesToKey(type, md, salt, NULL, sz, count, key, iv), 16); md = "2"; - AssertIntEQ(wolfSSL_EVP_BytesToKey(type, md, salt, data, sz, count, key, iv), + AssertIntEQ(EVP_BytesToKey(type, md, salt, data, sz, count, key, iv), WOLFSSL_FAILURE); /* Good case */ md = "SHA256"; - AssertIntEQ(wolfSSL_EVP_BytesToKey(type, md, salt, data, sz, count, key, iv), + AssertIntEQ(EVP_BytesToKey(type, md, salt, data, sz, count, key, iv), 16); printf(resultFmt, passed); @@ -43669,7 +43693,8 @@ static int test_tls13_apis(void) #if defined(HAVE_PK_CALLBACKS) && (!defined(WOLFSSL_NO_TLS12) || \ !defined(NO_OLD_TLS)) #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \ - !defined(NO_WOLFSSL_CLIENT) && !defined(NO_DH) && !defined(NO_AES) && \ + !defined(NO_WOLFSSL_CLIENT) && !defined(NO_DH) && \ + !defined(NO_AES) && defined(HAVE_AES_CBC) && \ defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(SINGLE_THREADED) static int my_DhCallback(WOLFSSL* ssl, struct DhKey* key, const unsigned char* priv, unsigned int privSz, @@ -43689,11 +43714,11 @@ static int my_DhCallback(WOLFSSL* ssl, struct DhKey* key, static void test_dh_ctx_setup(WOLFSSL_CTX* ctx) { wolfSSL_CTX_SetDhAgreeCb(ctx, my_DhCallback); -#ifdef WOLFSSL_AES_128 +#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) AssertIntEQ(wolfSSL_CTX_set_cipher_list(ctx, "DHE-RSA-AES128-SHA256"), WOLFSSL_SUCCESS); #endif -#ifdef WOLFSSL_AES_256 +#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256) AssertIntEQ(wolfSSL_CTX_set_cipher_list(ctx, "DHE-RSA-AES256-SHA256"), WOLFSSL_SUCCESS); #endif @@ -43728,7 +43753,8 @@ static void test_dh_ssl_setup_fail(WOLFSSL* ssl) static void test_DhCallbacks(void) { #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \ - !defined(NO_WOLFSSL_CLIENT) && !defined(NO_DH) && !defined(NO_AES) && \ + !defined(NO_WOLFSSL_CLIENT) && !defined(NO_DH) && \ + !defined(NO_AES) && defined(HAVE_AES_CBC) && \ defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(SINGLE_THREADED) WOLFSSL_CTX *ctx; WOLFSSL *ssl; diff --git a/wolfcrypt/src/cmac.c b/wolfcrypt/src/cmac.c index 93486eda6..ec782ffb2 100644 --- a/wolfcrypt/src/cmac.c +++ b/wolfcrypt/src/cmac.c @@ -88,10 +88,10 @@ int wc_InitCmac_ex(Cmac* cmac, const byte* key, word32 keySz, (void)unused; (void)heap; - (void)devId; - if (cmac == NULL || keySz == 0 || type != WC_CMAC_AES) + if (cmac == NULL || keySz == 0 || type != WC_CMAC_AES) { return BAD_FUNC_ARG; + } XMEMSET(cmac, 0, sizeof(Cmac)); @@ -106,10 +106,13 @@ int wc_InitCmac_ex(Cmac* cmac, const byte* key, word32 keySz, return ret; /* fall-through when unavailable */ } +#else + (void)devId; #endif - if (key == NULL) + if (key == NULL) { return BAD_FUNC_ARG; + } ret = wc_AesSetKey(&cmac->aes, key, keySz, NULL, AES_ENCRYPTION); if (ret == 0) { @@ -129,23 +132,22 @@ int wc_InitCmac(Cmac* cmac, const byte* key, word32 keySz, int type, void* unused) { #ifdef WOLFSSL_QNX_CAAM - return wc_InitCmac_ex(cmac, key, keySz, type, unused, NULL, - WOLFSSL_CAAM_DEVID); + int devId = WOLFSSL_CAAM_DEVID; #else - return wc_InitCmac_ex(cmac, key, keySz, type, unused, NULL, INVALID_DEVID); -#endif + int devId = INVALID_DEVID; +#endif + return wc_InitCmac_ex(cmac, key, keySz, type, unused, NULL, devId); } int wc_CmacUpdate(Cmac* cmac, const byte* in, word32 inSz) { -#ifdef WOLF_CRYPTO_CB - int ret; -#endif + int ret = 0; - if ((cmac == NULL) || (in == NULL && inSz != 0)) + if ((cmac == NULL) || (in == NULL && inSz != 0)) { return BAD_FUNC_ARG; + } #ifdef WOLF_CRYPTO_CB if (cmac->devId != INVALID_DEVID) { @@ -154,8 +156,10 @@ int wc_CmacUpdate(Cmac* cmac, const byte* in, word32 inSz) if (ret != CRYPTOCB_UNAVAILABLE) return ret; /* fall-through when unavailable */ + ret = 0; /* reset error code */ } #endif + while (inSz != 0) { word32 add = min(inSz, AES_BLOCK_SIZE - cmac->bufferSz); XMEMCPY(&cmac->buffer[cmac->bufferSz], in, add); @@ -165,32 +169,30 @@ int wc_CmacUpdate(Cmac* cmac, const byte* in, word32 inSz) inSz -= add; if (cmac->bufferSz == AES_BLOCK_SIZE && inSz != 0) { - if (cmac->totalSz != 0) + if (cmac->totalSz != 0) { xorbuf(cmac->buffer, cmac->digest, AES_BLOCK_SIZE); - wc_AesEncryptDirect(&cmac->aes, - cmac->digest, - cmac->buffer); + } + wc_AesEncryptDirect(&cmac->aes, cmac->digest, cmac->buffer); cmac->totalSz += AES_BLOCK_SIZE; cmac->bufferSz = 0; } } - return 0; + return ret; } int wc_CmacFinal(Cmac* cmac, byte* out, word32* outSz) { -#ifdef WOLF_CRYPTO_CB - int ret; -#endif + int ret = 0; const byte* subKey; - if (cmac == NULL || out == NULL || outSz == NULL) + if (cmac == NULL || out == NULL || outSz == NULL) { return BAD_FUNC_ARG; - - if (*outSz < WC_CMAC_TAG_MIN_SZ || *outSz > WC_CMAC_TAG_MAX_SZ) + } + if (*outSz < WC_CMAC_TAG_MIN_SZ || *outSz > WC_CMAC_TAG_MAX_SZ) { return BUFFER_E; + } #ifdef WOLF_CRYPTO_CB if (cmac->devId != INVALID_DEVID) { @@ -198,6 +200,7 @@ int wc_CmacFinal(Cmac* cmac, byte* out, word32* outSz) if (ret != CRYPTOCB_UNAVAILABLE) return ret; /* fall-through when unavailable */ + ret = 0; /* reset error code */ } #endif @@ -207,11 +210,12 @@ int wc_CmacFinal(Cmac* cmac, byte* out, word32* outSz) else { word32 remainder = AES_BLOCK_SIZE - cmac->bufferSz; - if (remainder == 0) + if (remainder == 0) { remainder = AES_BLOCK_SIZE; - - if (remainder > 1) + } + if (remainder > 1) { XMEMSET(cmac->buffer + AES_BLOCK_SIZE - remainder, 0, remainder); + } cmac->buffer[AES_BLOCK_SIZE - remainder] = 0x80; subKey = cmac->k2; } @@ -223,7 +227,7 @@ int wc_CmacFinal(Cmac* cmac, byte* out, word32* outSz) ForceZero(cmac, sizeof(Cmac)); - return 0; + return ret; } @@ -231,39 +235,36 @@ int wc_AesCmacGenerate(byte* out, word32* outSz, const byte* in, word32 inSz, const byte* key, word32 keySz) { + int ret; #ifdef WOLFSSL_SMALL_STACK Cmac *cmac; #else Cmac cmac[1]; #endif - int ret; - if (out == NULL || (in == NULL && inSz > 0) || key == NULL || keySz == 0) + if (out == NULL || (in == NULL && inSz > 0) || key == NULL || keySz == 0) { return BAD_FUNC_ARG; + } #ifdef WOLFSSL_SMALL_STACK if ((cmac = (Cmac *)XMALLOC(sizeof *cmac, NULL, - DYNAMIC_TYPE_CMAC)) == NULL) + DYNAMIC_TYPE_CMAC)) == NULL) { return MEMORY_E; + } #endif ret = wc_InitCmac(cmac, key, keySz, WC_CMAC_AES, NULL); - if (ret != 0) - goto out; - - ret = wc_CmacUpdate(cmac, in, inSz); - if (ret != 0) - goto out; - - ret = wc_CmacFinal(cmac, out, outSz); - if (ret != 0) - goto out; - - out: + if (ret == 0) { + ret = wc_CmacUpdate(cmac, in, inSz); + } + if (ret == 0) { + ret = wc_CmacFinal(cmac, out, outSz); + } #ifdef WOLFSSL_SMALL_STACK - if (cmac) + if (cmac) { XFREE(cmac, NULL, DYNAMIC_TYPE_CMAC); + } #endif return ret; @@ -274,24 +275,24 @@ int wc_AesCmacVerify(const byte* check, word32 checkSz, const byte* in, word32 inSz, const byte* key, word32 keySz) { + int ret; byte a[AES_BLOCK_SIZE]; word32 aSz = sizeof(a); - int result; int compareRet; if (check == NULL || checkSz == 0 || (in == NULL && inSz != 0) || - key == NULL || keySz == 0) - + key == NULL || keySz == 0) { return BAD_FUNC_ARG; + } XMEMSET(a, 0, aSz); - result = wc_AesCmacGenerate(a, &aSz, in, inSz, key, keySz); + ret = wc_AesCmacGenerate(a, &aSz, in, inSz, key, keySz); compareRet = ConstantCompare(check, a, min(checkSz, aSz)); - if (result == 0) - result = compareRet ? 1 : 0; + if (ret == 0) + ret = compareRet ? 1 : 0; - return result; + return ret; } diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index c5be45d08..4efc13825 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -11414,39 +11414,40 @@ int wc_ecc_encrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg, #endif switch (ctx->encAlgo) { - case ecAES_128_CBC: - { -#ifdef WOLFSSL_SMALL_STACK - Aes *aes = (Aes *)XMALLOC(sizeof *aes, ctx->heap, - DYNAMIC_TYPE_AES); - if (aes == NULL) { - ret = MEMORY_E; - break; - } + case ecAES_128_CBC: + { +#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) + #ifdef WOLFSSL_SMALL_STACK + Aes *aes = (Aes *)XMALLOC(sizeof *aes, ctx->heap, + DYNAMIC_TYPE_AES); + if (aes == NULL) { + ret = MEMORY_E; + break; + } + #else + Aes aes[1]; + #endif + ret = wc_AesInit(aes, NULL, INVALID_DEVID); + if (ret == 0) { + ret = wc_AesSetKey(aes, encKey, KEY_SIZE_128, encIv, + AES_ENCRYPTION); + if (ret == 0) { + ret = wc_AesCbcEncrypt(aes, out, msg, msgSz); + #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_AES) + ret = wc_AsyncWait(ret, &aes->asyncDev, + WC_ASYNC_FLAG_NONE); + #endif + } + wc_AesFree(aes); + } + #ifdef WOLFSSL_SMALL_STACK + XFREE(aes, ctx->heap, DYNAMIC_TYPE_AES); + #endif #else - Aes aes[1]; + ret = NOT_COMPILED_IN; #endif - ret = wc_AesInit(aes, NULL, INVALID_DEVID); - if (ret == 0) { - ret = wc_AesSetKey(aes, encKey, KEY_SIZE_128, encIv, - AES_ENCRYPTION); - if (ret == 0) { - ret = wc_AesCbcEncrypt(aes, out, msg, msgSz); - #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_AES) - ret = wc_AsyncWait(ret, &aes->asyncDev, - WC_ASYNC_FLAG_NONE); - #endif - } - wc_AesFree(aes); - } -#ifdef WOLFSSL_SMALL_STACK - XFREE(aes, ctx->heap, DYNAMIC_TYPE_AES); -#endif - if (ret != 0) - break; - } - break; - + break; + } default: ret = BAD_FUNC_ARG; break; diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 715124b92..9f1db41f4 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -47,7 +47,7 @@ #include #ifndef NO_AES - #ifdef HAVE_AES_CBC + #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) #ifdef WOLFSSL_AES_128 static const char EVP_AES_128_CBC[] = "AES-128-CBC"; #endif @@ -57,7 +57,7 @@ #ifdef WOLFSSL_AES_256 static const char EVP_AES_256_CBC[] = "AES-256-CBC"; #endif - #endif /* HAVE_AES_CBC */ + #endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */ #ifdef WOLFSSL_AES_OFB #ifdef WOLFSSL_AES_128 @@ -202,7 +202,7 @@ int wolfSSL_EVP_Cipher_key_length(const WOLFSSL_EVP_CIPHER* c) switch (cipherType(c)) { #if !defined(NO_AES) - #if defined(HAVE_AES_CBC) + #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) case AES_128_CBC_TYPE: return 16; case AES_192_CBC_TYPE: return 24; case AES_256_CBC_TYPE: return 32; @@ -985,7 +985,7 @@ int wolfSSL_EVP_CIPHER_CTX_block_size(const WOLFSSL_EVP_CIPHER_CTX *ctx) switch (ctx->cipherType) { #if !defined(NO_AES) || !defined(NO_DES3) #if !defined(NO_AES) -#if defined(HAVE_AES_CBC) +#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) case AES_128_CBC_TYPE: case AES_192_CBC_TYPE: case AES_256_CBC_TYPE: @@ -1054,7 +1054,7 @@ static unsigned int cipherType(const WOLFSSL_EVP_CIPHER *cipher) #endif /* NO_DES3 && HAVE_AES_ECB */ #endif #if !defined(NO_AES) -#if defined(HAVE_AES_CBC) +#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) #ifdef WOLFSSL_AES_128 else if (XSTRNCMP(cipher, EVP_AES_128_CBC, EVP_AES_SIZE) == 0) return AES_128_CBC_TYPE; @@ -1067,7 +1067,7 @@ static unsigned int cipherType(const WOLFSSL_EVP_CIPHER *cipher) else if (XSTRNCMP(cipher, EVP_AES_256_CBC, EVP_AES_SIZE) == 0) return AES_256_CBC_TYPE; #endif -#endif /* HAVE_AES_CBC */ +#endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */ #if defined(HAVE_AESGCM) #ifdef WOLFSSL_AES_128 else if (XSTRNCMP(cipher, EVP_AES_128_GCM, EVP_AES_SIZE) == 0) @@ -1186,7 +1186,7 @@ int wolfSSL_EVP_CIPHER_block_size(const WOLFSSL_EVP_CIPHER *cipher) if (cipher == NULL) return BAD_FUNC_ARG; switch (cipherType(cipher)) { #if !defined(NO_AES) - #if defined(HAVE_AES_CBC) + #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) case AES_128_CBC_TYPE: case AES_192_CBC_TYPE: case AES_256_CBC_TYPE: @@ -1255,7 +1255,7 @@ unsigned long WOLFSSL_CIPHER_mode(const WOLFSSL_EVP_CIPHER *cipher) { switch (cipherType(cipher)) { #if !defined(NO_AES) - #if defined(HAVE_AES_CBC) + #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) case AES_128_CBC_TYPE: case AES_192_CBC_TYPE: case AES_256_CBC_TYPE: @@ -1301,7 +1301,7 @@ unsigned long WOLFSSL_CIPHER_mode(const WOLFSSL_EVP_CIPHER *cipher) case AES_192_ECB_TYPE: case AES_256_ECB_TYPE: return WOLFSSL_EVP_CIPH_ECB_MODE; -#endif /* NO_AES */ +#endif /* !NO_AES */ #ifndef NO_DES3 case DES_CBC_TYPE: case DES_EDE3_CBC_TYPE: @@ -3215,7 +3215,7 @@ static const struct cipher{ } cipher_tbl[] = { #ifndef NO_AES - #ifdef HAVE_AES_CBC + #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) #ifdef WOLFSSL_AES_128 {AES_128_CBC_TYPE, EVP_AES_128_CBC, NID_aes_128_cbc}, #endif @@ -3479,7 +3479,7 @@ const WOLFSSL_EVP_CIPHER *wolfSSL_EVP_get_cipherbynid(int id) switch(id) { #ifndef NO_AES - #ifdef HAVE_AES_CBC + #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) #ifdef WOLFSSL_AES_128 case NID_aes_128_cbc: return wolfSSL_EVP_aes_128_cbc(); @@ -4130,7 +4130,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) #ifndef NO_AES - #ifdef HAVE_AES_CBC + #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) #ifdef WOLFSSL_AES_128 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cbc(void) { @@ -4818,7 +4818,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) #endif #ifndef NO_AES - #ifdef HAVE_AES_CBC + #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) #ifdef WOLFSSL_AES_128 if (ctx->cipherType == AES_128_CBC_TYPE || (type && XSTRNCMP(type, EVP_AES_128_CBC, EVP_AES_SIZE) == 0)) { @@ -4898,7 +4898,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) } } #endif /* WOLFSSL_AES_256 */ - #endif /* HAVE_AES_CBC */ + #endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */ #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) #ifdef HAVE_AESGCM @@ -7152,7 +7152,7 @@ int wolfSSL_EVP_CIPHER_CTX_iv_length(const WOLFSSL_EVP_CIPHER_CTX* ctx) switch (ctx->cipherType) { -#ifdef HAVE_AES_CBC +#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) case AES_128_CBC_TYPE : case AES_192_CBC_TYPE : case AES_256_CBC_TYPE : @@ -7245,7 +7245,7 @@ int wolfSSL_EVP_CIPHER_iv_length(const WOLFSSL_EVP_CIPHER* cipher) WOLFSSL_MSG("wolfSSL_EVP_CIPHER_iv_length"); #ifndef NO_AES -#ifdef HAVE_AES_CBC +#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) #ifdef WOLFSSL_AES_128 if (XSTRNCMP(name, EVP_AES_128_CBC, XSTRLEN(EVP_AES_128_CBC)) == 0) return AES_BLOCK_SIZE; @@ -7258,7 +7258,7 @@ int wolfSSL_EVP_CIPHER_iv_length(const WOLFSSL_EVP_CIPHER* cipher) if (XSTRNCMP(name, EVP_AES_256_CBC, XSTRLEN(EVP_AES_256_CBC)) == 0) return AES_BLOCK_SIZE; #endif -#endif /* HAVE_AES_CBC */ +#endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */ #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) #ifdef HAVE_AESGCM diff --git a/wolfcrypt/src/hmac.c b/wolfcrypt/src/hmac.c index 4344fb962..d80630aa6 100644 --- a/wolfcrypt/src/hmac.c +++ b/wolfcrypt/src/hmac.c @@ -271,7 +271,7 @@ int _InitHmac(Hmac* hmac, int type, void* heap) /* default to NULL heap hint or test value */ #ifdef WOLFSSL_HEAP_TEST - hmac->heap = (void)WOLFSSL_HEAP_TEST; + hmac->heap = (void*)WOLFSSL_HEAP_TEST; #else hmac->heap = heap; #endif /* WOLFSSL_HEAP_TEST */ diff --git a/wolfcrypt/src/memory.c b/wolfcrypt/src/memory.c index c01a8c86e..be1183e99 100644 --- a/wolfcrypt/src/memory.c +++ b/wolfcrypt/src/memory.c @@ -670,7 +670,7 @@ void* wolfSSL_Malloc(size_t size, void* heap, int type) /* general static memory */ if (pt == NULL) { for (i = 0; i < WOLFMEM_MAX_BUCKETS; i++) { - if ((word32)size < mem->sizeList[i]) { + if ((word32)size <= mem->sizeList[i]) { if (mem->ava[i] != NULL) { pt = mem->ava[i]; mem->ava[i] = pt->next; @@ -905,7 +905,7 @@ void* wolfSSL_Realloc(void *ptr, size_t size, void* heap, int type) else { /* general memory */ for (i = 0; i < WOLFMEM_MAX_BUCKETS; i++) { - if ((word32)size < mem->sizeList[i]) { + if ((word32)size <= mem->sizeList[i]) { if (mem->ava[i] != NULL) { pt = mem->ava[i]; mem->ava[i] = pt->next; diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 9816d6093..094a3e38e 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -643,23 +643,42 @@ static int wc_PKCS7_GetOIDBlockSize(int oid) switch (oid) { #ifndef NO_AES #ifdef WOLFSSL_AES_128 + #ifdef HAVE_AES_CBC case AES128CBCb: + #endif + #ifdef HAVE_AESGCM case AES128GCMb: + #endif + #ifdef HAVE_AESCCM case AES128CCMb: + #endif #endif #ifdef WOLFSSL_AES_192 + #ifdef HAVE_AES_CBC case AES192CBCb: + #endif + #ifdef HAVE_AESGCM case AES192GCMb: + #endif + #ifdef HAVE_AESCCM case AES192CCMb: + #endif #endif #ifdef WOLFSSL_AES_256 + #ifdef HAVE_AES_CBC case AES256CBCb: + #endif + #ifdef HAVE_AESGCM case AES256GCMb: + #endif + #ifdef HAVE_AESCCM case AES256CCMb: + #endif #endif blockSz = AES_BLOCK_SIZE; break; -#endif +#endif /* !NO_AES */ + #ifndef NO_DES3 case DESb: case DES3b: @@ -683,35 +702,53 @@ static int wc_PKCS7_GetOIDKeySize(int oid) switch (oid) { #ifndef NO_AES #ifdef WOLFSSL_AES_128 + #ifdef HAVE_AES_CBC case AES128CBCb: + #endif + #ifdef HAVE_AESGCM case AES128GCMb: + #endif + #ifdef HAVE_AESCCM case AES128CCMb: + #endif case AES128_WRAP: blockKeySz = 16; break; #endif #ifdef WOLFSSL_AES_192 + #ifdef HAVE_AES_CBC case AES192CBCb: + #endif + #ifdef HAVE_AESGCM case AES192GCMb: + #endif + #ifdef HAVE_AESCCM case AES192CCMb: + #endif case AES192_WRAP: blockKeySz = 24; break; #endif #ifdef WOLFSSL_AES_256 + #ifdef HAVE_AES_CBC case AES256CBCb: + #endif + #ifdef HAVE_AESGCM case AES256GCMb: + #endif + #ifdef HAVE_AESCCM case AES256CCMb: + #endif case AES256_WRAP: blockKeySz = 32; break; #endif -#endif +#endif /* !NO_AES */ + #ifndef NO_DES3 case DESb: blockKeySz = DES_KEYLEN; break; - case DES3b: blockKeySz = DES3_KEYLEN; break; @@ -6707,7 +6744,7 @@ static int wc_PKCS7_EncryptContent(int encryptOID, byte* key, int keySz, int ret; #ifndef NO_AES #ifdef WOLFSSL_SMALL_STACK - Aes *aes; + Aes* aes; #else Aes aes[1]; #endif @@ -6722,6 +6759,7 @@ static int wc_PKCS7_EncryptContent(int encryptOID, byte* key, int keySz, switch (encryptOID) { #ifndef NO_AES + #ifdef HAVE_AES_CBC #ifdef WOLFSSL_AES_128 case AES128CBCb: #endif @@ -6760,6 +6798,7 @@ static int wc_PKCS7_EncryptContent(int encryptOID, byte* key, int keySz, XFREE(aes, NULL, DYNAMIC_TYPE_AES); #endif break; + #endif /* HAVE_AES_CBC */ #ifdef HAVE_AESGCM #ifdef WOLFSSL_AES_128 case AES128GCMb: @@ -6828,7 +6867,7 @@ static int wc_PKCS7_EncryptContent(int encryptOID, byte* key, int keySz, break; #endif #endif /* HAVE_AESCCM */ -#endif /* NO_AES */ +#endif /* !NO_AES */ #ifndef NO_DES3 case DESb: if (keySz != DES_KEYLEN || ivSz != DES_BLOCK_SIZE) @@ -6852,7 +6891,7 @@ static int wc_PKCS7_EncryptContent(int encryptOID, byte* key, int keySz, wc_Des3Free(&des3); } break; -#endif +#endif /* !NO_DES3 */ default: WOLFSSL_MSG("Unsupported content cipher type"); return ALGO_ID_E; @@ -6901,6 +6940,7 @@ static int wc_PKCS7_DecryptContent(PKCS7* pkcs7, int encryptOID, byte* key, switch (encryptOID) { #ifndef NO_AES + #ifdef HAVE_AES_CBC #ifdef WOLFSSL_AES_128 case AES128CBCb: #endif @@ -6938,6 +6978,7 @@ static int wc_PKCS7_DecryptContent(PKCS7* pkcs7, int encryptOID, byte* key, XFREE(aes, NULL, DYNAMIC_TYPE_AES); #endif break; + #endif /* HAVE_AES_CBC */ #ifdef HAVE_AESGCM #ifdef WOLFSSL_AES_128 case AES128GCMb: @@ -7006,7 +7047,7 @@ static int wc_PKCS7_DecryptContent(PKCS7* pkcs7, int encryptOID, byte* key, break; #endif #endif /* HAVE_AESCCM */ -#endif /* NO_AES */ +#endif /* !NO_AES */ #ifndef NO_DES3 case DESb: if (keySz != DES_KEYLEN || ivSz != DES_BLOCK_SIZE) @@ -7030,7 +7071,7 @@ static int wc_PKCS7_DecryptContent(PKCS7* pkcs7, int encryptOID, byte* key, } break; -#endif +#endif /* !NO_DES3 */ default: WOLFSSL_MSG("Unsupported content cipher type"); return ALGO_ID_E; @@ -7509,7 +7550,7 @@ int wc_PKCS7_AddRecipient_PWRI(PKCS7* pkcs7, byte* passwd, word32 pLen, word32 kdfAlgoIdSeqSz, kdfAlgoIdSz; word32 kdfParamsSeqSz, kdfSaltOctetStrSz, kdfIterationsSz; /* OPTIONAL: keyLength, not supported yet */ - /* OPTIONAL: prf AlgorithIdentifier, not supported yet */ + /* OPTIONAL: prf AlgorithmIdentifier, not supported yet */ /* KeyEncryptionAlgorithmIdentifier */ byte keyEncAlgoIdSeq[MAX_SEQ_SZ]; diff --git a/wolfcrypt/src/srp.c b/wolfcrypt/src/srp.c index 95d927b75..afa7f0274 100644 --- a/wolfcrypt/src/srp.c +++ b/wolfcrypt/src/srp.c @@ -42,35 +42,35 @@ /** Computes the session key using the Mask Generation Function 1. */ static int wc_SrpSetKey(Srp* srp, byte* secret, word32 size); -static int SrpHashInit(SrpHash* hash, SrpType type) +static int SrpHashInit(SrpHash* hash, SrpType type, void* heap) { hash->type = type; switch (type) { case SRP_TYPE_SHA: #ifndef NO_SHA - return wc_InitSha(&hash->data.sha); + return wc_InitSha_ex(&hash->data.sha, heap, INVALID_DEVID); #else return BAD_FUNC_ARG; #endif case SRP_TYPE_SHA256: #ifndef NO_SHA256 - return wc_InitSha256(&hash->data.sha256); + return wc_InitSha256_ex(&hash->data.sha256, heap, INVALID_DEVID); #else return BAD_FUNC_ARG; #endif case SRP_TYPE_SHA384: #ifdef WOLFSSL_SHA384 - return wc_InitSha384(&hash->data.sha384); + return wc_InitSha384_ex(&hash->data.sha384, heap, INVALID_DEVID); #else return BAD_FUNC_ARG; #endif case SRP_TYPE_SHA512: #ifdef WOLFSSL_SHA512 - return wc_InitSha512(&hash->data.sha512); + return wc_InitSha512_ex(&hash->data.sha512, heap, INVALID_DEVID); #else return BAD_FUNC_ARG; #endif @@ -217,7 +217,7 @@ static void SrpHashFree(SrpHash* hash) } -int wc_SrpInit(Srp* srp, SrpType type, SrpSide side) +int wc_SrpInit_ex(Srp* srp, SrpType type, SrpSide side, void* heap, int devId) { int r; @@ -265,10 +265,10 @@ int wc_SrpInit(Srp* srp, SrpType type, SrpSide side) /* initializing variables */ XMEMSET(srp, 0, sizeof(Srp)); - if ((r = SrpHashInit(&srp->client_proof, type)) != 0) + if ((r = SrpHashInit(&srp->client_proof, type, srp->heap)) != 0) return r; - if ((r = SrpHashInit(&srp->server_proof, type)) != 0) { + if ((r = SrpHashInit(&srp->server_proof, type, srp->heap)) != 0) { SrpHashFree(&srp->client_proof); return r; } @@ -290,12 +290,19 @@ int wc_SrpInit(Srp* srp, SrpType type, SrpSide side) #ifdef WOLFSSL_HEAP_TEST srp->heap = (void*)WOLFSSL_HEAP_TEST; #else - srp->heap = NULL; -#endif + srp->heap = heap; +#endif /* WOLFSSL_HEAP_TEST */ + + (void)devId; /* future */ return 0; } +int wc_SrpInit(Srp* srp, SrpType type, SrpSide side) +{ + return wc_SrpInit_ex(srp, type, side, NULL, INVALID_DEVID); +} + void wc_SrpTerm(Srp* srp) { if (srp) { @@ -382,7 +389,7 @@ int wc_SrpSetParams(Srp* srp, const byte* N, word32 nSz, srp->saltSz = saltSz; /* Set k = H(N, g) */ - r = SrpHashInit(&hash, srp->type); + r = SrpHashInit(&hash, srp->type, srp->heap); if (!r) r = SrpHashUpdate(&hash, (byte*) N, nSz); for (i = 0; (word32)i < nSz - gSz; i++) { if (!r) r = SrpHashUpdate(&hash, &pad, 1); @@ -394,13 +401,13 @@ int wc_SrpSetParams(Srp* srp, const byte* N, word32 nSz, /* update client proof */ /* digest1 = H(N) */ - if (!r) r = SrpHashInit(&hash, srp->type); + if (!r) r = SrpHashInit(&hash, srp->type, srp->heap); if (!r) r = SrpHashUpdate(&hash, (byte*) N, nSz); if (!r) r = SrpHashFinal(&hash, digest1); SrpHashFree(&hash); /* digest2 = H(g) */ - if (!r) r = SrpHashInit(&hash, srp->type); + if (!r) r = SrpHashInit(&hash, srp->type, srp->heap); if (!r) r = SrpHashUpdate(&hash, (byte*) g, gSz); if (!r) r = SrpHashFinal(&hash, digest2); SrpHashFree(&hash); @@ -412,7 +419,7 @@ int wc_SrpSetParams(Srp* srp, const byte* N, word32 nSz, } /* digest2 = H(user) */ - if (!r) r = SrpHashInit(&hash, srp->type); + if (!r) r = SrpHashInit(&hash, srp->type, srp->heap); if (!r) r = SrpHashUpdate(&hash, srp->user, srp->userSz); if (!r) r = SrpHashFinal(&hash, digest2); SrpHashFree(&hash); @@ -441,7 +448,7 @@ int wc_SrpSetPassword(Srp* srp, const byte* password, word32 size) digestSz = SrpHashSize(srp->type); /* digest = H(username | ':' | password) */ - r = SrpHashInit(&hash, srp->type); + r = SrpHashInit(&hash, srp->type, srp->heap); if (!r) r = SrpHashUpdate(&hash, srp->user, srp->userSz); if (!r) r = SrpHashUpdate(&hash, (const byte*) ":", 1); if (!r) r = SrpHashUpdate(&hash, password, size); @@ -449,7 +456,7 @@ int wc_SrpSetPassword(Srp* srp, const byte* password, word32 size) SrpHashFree(&hash); /* digest = H(salt | H(username | ':' | password)) */ - if (!r) r = SrpHashInit(&hash, srp->type); + if (!r) r = SrpHashInit(&hash, srp->type, srp->heap); if (!r) r = SrpHashUpdate(&hash, srp->salt, srp->saltSz); if (!r) r = SrpHashUpdate(&hash, digest, digestSz); if (!r) r = SrpHashFinal(&hash, digest); @@ -524,7 +531,7 @@ int wc_SrpSetPrivate(Srp* srp, const byte* priv, word32 size) static int wc_SrpGenPrivate(Srp* srp, byte* priv, word32 size) { WC_RNG rng; - int r = wc_InitRng(&rng); + int r = wc_InitRng_ex(&rng, srp->heap, INVALID_DEVID); if (!r) r = wc_RNG_GenerateBlock(&rng, priv, size); if (!r) r = wc_SrpSetPrivate(srp, priv, size); @@ -608,7 +615,7 @@ static int wc_SrpSetKey(Srp* srp, byte* secret, word32 size) counter[2] = (i >> 8) & 0xFF; counter[3] = i & 0xFF; - r = SrpHashInit(&hash, srp->type); + r = SrpHashInit(&hash, srp->type, srp->heap); if (!r) r = SrpHashUpdate(&hash, secret, size); if (!r) r = SrpHashUpdate(&hash, counter, 4); @@ -688,7 +695,7 @@ int wc_SrpComputeKey(Srp* srp, byte* clientPubKey, word32 clientPubKeySz, /* initializing variables */ - if ((r = SrpHashInit(hash, srp->type)) != 0) + if ((r = SrpHashInit(hash, srp->type, srp->heap)) != 0) goto out; digestSz = SrpHashSize(srp->type); diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 7823d6c5d..a3da72026 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -454,7 +454,8 @@ WOLFSSL_TEST_SUBROUTINE int pbkdf2_test(void); WOLFSSL_TEST_SUBROUTINE int scrypt_test(void); #ifdef HAVE_ECC WOLFSSL_TEST_SUBROUTINE int ecc_test(void); - #ifdef HAVE_ECC_ENCRYPT + #if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_AES_CBC) && \ + defined(WOLFSSL_AES_128) WOLFSSL_TEST_SUBROUTINE int ecc_encrypt_test(void); #endif #if defined(USE_CERT_BUFFERS_256) && !defined(WOLFSSL_ATECC508A) && \ @@ -503,7 +504,7 @@ WOLFSSL_TEST_SUBROUTINE int scrypt_test(void); #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) WOLFSSL_TEST_SUBROUTINE int pkcs7authenveloped_test(void); #endif - #ifndef NO_AES + #if !defined(NO_AES) && defined(HAVE_AES_CBC) WOLFSSL_TEST_SUBROUTINE int pkcs7callback_test(byte* cert, word32 certSz, byte* key, word32 keySz); #endif @@ -1215,7 +1216,8 @@ initDefaultName(); return err_sys("ECC test failed!\n", ret); else test_pass("ECC test passed!\n"); - #if defined(HAVE_ECC_ENCRYPT) && defined(WOLFSSL_AES_128) + #if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_AES_CBC) && \ + defined(WOLFSSL_AES_128) if ( (ret = ecc_encrypt_test()) != 0) return err_sys("ECC Enc test failed!\n", ret); else @@ -7878,6 +7880,7 @@ static int aes_key_size_test(void) ERROR_OUT(-5314, out); #endif #endif /* !WOLFSSL_CRYPTOCELL */ + ret = 0; /* success */ out: #ifdef WOLFSSL_SMALL_STACK @@ -8555,15 +8558,15 @@ WOLFSSL_TEST_SUBROUTINE int aes_test(void) Aes enc[1]; #endif byte cipher[AES_BLOCK_SIZE * 4]; -#if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_DIRECT) +#ifdef HAVE_AES_DECRYPT #ifdef WOLFSSL_SMALL_STACK Aes *dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES); #else Aes dec[1]; #endif byte plain [AES_BLOCK_SIZE * 4]; -#endif -#endif /* HAVE_AES_CBC || WOLFSSL_AES_COUNTER */ +#endif /* HAVE_AES_DECRYPT */ +#endif /* HAVE_AES_CBC || WOLFSSL_AES_COUNTER || WOLFSSL_AES_DIRECT */ int ret = 0; #ifdef HAVE_AES_CBC @@ -9138,7 +9141,7 @@ WOLFSSL_TEST_SUBROUTINE int aes_test(void) out: -#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER) +#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_DIRECT) #ifdef WOLFSSL_SMALL_STACK if (enc) { if (ret != -5900) /* note this must match ERRROR_OUT() code @@ -9152,7 +9155,7 @@ WOLFSSL_TEST_SUBROUTINE int aes_test(void) wc_AesFree(enc); #endif (void)cipher; -#if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER) +#ifdef HAVE_AES_DECRYPT #ifdef WOLFSSL_SMALL_STACK if (dec) { if ((ret != -5900) && (ret != -5901)) @@ -9167,8 +9170,8 @@ WOLFSSL_TEST_SUBROUTINE int aes_test(void) wc_AesFree(dec); #endif (void)plain; -#endif -#endif +#endif /* HAVE_AES_DECRYPT */ +#endif /* HAVE_AES_CBC || WOLFSSL_AES_COUNTER || WOLFSSL_AES_DIRECT */ return ret; } @@ -17262,7 +17265,7 @@ static int srp_test_digest(int dgstType) /* client knows username and password. */ /* server knows N, g, salt and verifier. */ - if (!r) r = wc_SrpInit(cli, dgstType, SRP_CLIENT_SIDE); + if (!r) r = wc_SrpInit_ex(cli, dgstType, SRP_CLIENT_SIDE, HEAP_HINT, devId); if (!r) r = wc_SrpSetUsername(cli, username, usernameSz); /* loading N, g and salt in advance to generate the verifier. */ @@ -17275,7 +17278,7 @@ static int srp_test_digest(int dgstType) /* client sends username to server */ - if (!r) r = wc_SrpInit(srv, dgstType, SRP_SERVER_SIDE); + if (!r) r = wc_SrpInit_ex(srv, dgstType, SRP_SERVER_SIDE, HEAP_HINT, devId); if (!r) r = wc_SrpSetUsername(srv, username, usernameSz); if (!r) r = wc_SrpSetParams(srv, N, sizeof(N), g, sizeof(g), @@ -17330,17 +17333,17 @@ WOLFSSL_TEST_SUBROUTINE int srp_test(void) return ret; #endif #ifndef NO_SHA256 - srp_test_digest(SRP_TYPE_SHA256); + ret = srp_test_digest(SRP_TYPE_SHA256); if (ret != 0) return ret; #endif #ifdef WOLFSSL_SHA384 - srp_test_digest(SRP_TYPE_SHA384); + ret = srp_test_digest(SRP_TYPE_SHA384); if (ret != 0) return ret; #endif #ifdef WOLFSSL_SHA512 - srp_test_digest(SRP_TYPE_SHA512); + ret = srp_test_digest(SRP_TYPE_SHA512); if (ret != 0) return ret; #endif @@ -23103,16 +23106,16 @@ static int ecc_test_cert_gen(WC_RNG* rng) int ret; #ifdef WOLFSSL_SMALL_STACK Cert *myCert = (Cert *)XMALLOC(sizeof *myCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); -#ifdef WOLFSSL_TEST_CERT + #ifdef WOLFSSL_TEST_CERT DecodedCert *decode = (DecodedCert *)XMALLOC(sizeof *decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); -#endif + #endif ecc_key *caEccKey = (ecc_key *)XMALLOC(sizeof *caEccKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); ecc_key *certPubKey = (ecc_key *)XMALLOC(sizeof *certPubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); #else Cert myCert[1]; -#ifdef WOLFSSL_TEST_CERT + #ifdef WOLFSSL_TEST_CERT DecodedCert decode[1]; -#endif + #endif ecc_key caEccKey[1]; ecc_key certPubKey[1]; #endif @@ -23130,9 +23133,9 @@ static int ecc_test_cert_gen(WC_RNG* rng) #ifdef WOLFSSL_SMALL_STACK if ((myCert == NULL) -#ifdef WOLFSSL_TEST_CERT + #ifdef WOLFSSL_TEST_CERT || (decode == NULL) -#endif + #endif || (caEccKey == NULL) || (certPubKey == NULL)) ERROR_OUT(MEMORY_E, exit); #endif @@ -23242,7 +23245,7 @@ static int ecc_test_cert_gen(WC_RNG* rng) #endif /* WOLFSSL_CERT_EXT */ #ifdef ENABLE_ECC384_CERT_GEN_TEST - #if defined(USE_CERT_BUFFERS_256) +#if defined(USE_CERT_BUFFERS_256) ret = wc_SetIssuerBuffer(myCert, ca_ecc_cert_der_384, sizeof_ca_ecc_cert_der_384); #else @@ -23255,9 +23258,9 @@ static int ecc_test_cert_gen(WC_RNG* rng) sizeof_ca_ecc_cert_der_256); #else ret = wc_SetIssuer(myCert, eccCaCertFile); -#ifdef ENABLE_ECC384_CERT_GEN_TEST + #ifdef ENABLE_ECC384_CERT_GEN_TEST (void)eccCaCert384File; -#endif + #endif #endif #endif /* ENABLE_ECC384_CERT_GEN_TEST */ if (ret < 0) { @@ -23943,7 +23946,7 @@ WOLFSSL_TEST_SUBROUTINE int ecc_test(void) goto done; } #elif defined(HAVE_ECC_KEY_IMPORT) - (void) ecc_test_make_pub;/* for compiler warning */ + (void)ecc_test_make_pub; /* for compiler warning */ #endif #ifdef WOLFSSL_CERT_GEN ret = ecc_test_cert_gen(&rng); @@ -23975,7 +23978,8 @@ done: return ret; } -#if defined(HAVE_ECC_ENCRYPT) && defined(WOLFSSL_AES_128) +#if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_AES_CBC) && \ + defined(WOLFSSL_AES_128) #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256 static int ecc_encrypt_kat(WC_RNG *rng) @@ -24430,7 +24434,7 @@ done: return ret; } -#endif /* HAVE_ECC_ENCRYPT */ +#endif /* HAVE_ECC_ENCRYPT && HAVE_AES_CBC && WOLFSSL_AES_128 */ #if defined(USE_CERT_BUFFERS_256) && !defined(WOLFSSL_ATECC508A) && \ !defined(WOLFSSL_ATECC608A) && !defined(NO_ECC256) && \ @@ -24512,7 +24516,8 @@ WOLFSSL_TEST_SUBROUTINE int ecc_test_buffers(void) #endif #endif /* !WC_NO_RNG */ -#if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_HKDF) +#if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_HKDF) && \ + defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) { word32 y; /* test encrypt and decrypt if they're available */ @@ -30545,7 +30550,7 @@ static int myOriDecryptCb(PKCS7* pkcs7, byte* oriType, word32 oriTypeSz, } -#ifndef NO_AES +#if !defined(NO_AES) && defined(HAVE_AES_CBC) /* returns 0 on success */ static int myDecryptionFunc(PKCS7* pkcs7, int encryptOID, byte* iv, int ivSz, byte* aad, word32 aadSz, byte* authTag, word32 authTagSz, @@ -30641,15 +30646,18 @@ static int myDecryptionFunc(PKCS7* pkcs7, int encryptOID, byte* iv, int ivSz, } switch (encryptOID) { + #ifdef WOLFSSL_AES_256 case AES256CBCb: if ((keySz != 32 ) || (ivSz != AES_BLOCK_SIZE)) ERROR_OUT(BAD_FUNC_ARG, out); break; - + #endif + #ifdef WOLFSSL_AES_128 case AES128CBCb: if ((keySz != 16 ) || (ivSz != AES_BLOCK_SIZE)) ERROR_OUT(BAD_FUNC_ARG, out); break; + #endif default: printf("Unsupported content cipher type for example"); @@ -30676,7 +30684,7 @@ static int myDecryptionFunc(PKCS7* pkcs7, int encryptOID, byte* iv, int ivSz, (void)authTagSz; return ret; } -#endif /* NO_AES */ +#endif /* !NO_AES && HAVE_AES_CBC */ #define PKCS7_BUF_SIZE 2048 @@ -30704,14 +30712,15 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, 0x72,0x6c,0x64 }; -#if !defined(NO_AES) && defined(WOLFSSL_AES_256) && defined(HAVE_ECC) && \ - defined(WOLFSSL_SHA512) +#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256) && \ + defined(HAVE_ECC) && defined(WOLFSSL_SHA512) byte optionalUkm[] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 }; #endif /* NO_AES */ -#if !defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128) +#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) && \ + !defined(NO_SHA) /* encryption key for kekri recipient types */ byte secretKey[] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, @@ -30724,8 +30733,8 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, }; #endif -#if !defined(NO_PWDBASED) && !defined(NO_AES) && \ - !defined(NO_SHA) && defined(WOLFSSL_AES_128) +#if !defined(NO_PWDBASED) && !defined(NO_SHA) && \ + !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) #ifndef HAVE_FIPS char password[] = "password"; /* NOTE: Password is too short for FIPS */ @@ -30749,7 +30758,7 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, "pkcs7envelopedDataDES3.der"}, #endif - #ifndef NO_AES + #if !defined(NO_AES) && defined(HAVE_AES_CBC) #ifdef WOLFSSL_AES_128 {data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, @@ -30780,12 +30789,12 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, "pkcs7envelopedDataAES256CBC_IANDS.der"}, #endif - #endif /* NO_AES */ + #endif /* !NO_AES && HAVE_AES_CBC */ #endif /* key agreement key encryption technique*/ #ifdef HAVE_ECC - #ifndef NO_AES + #if !defined(NO_AES) && defined(HAVE_AES_CBC) #if !defined(NO_SHA) && defined(WOLFSSL_AES_128) {data, (word32)sizeof(data), DATA, AES128CBCb, AES128_WRAP, dhSinglePass_stdDH_sha1kdf_scheme, eccCert, eccCertSz, eccPrivKey, @@ -30816,11 +30825,11 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, "pkcs7envelopedDataAES256CBC_ECDH_SHA512KDF_ukm.der"}, #endif /* WOLFSSL_SHA512 && WOLFSSL_AES_256 */ - #endif /* NO_AES */ + #endif /* !NO_AES && HAVE_AES_CBC */ #endif /* kekri (KEKRecipientInfo) recipient types */ -#ifndef NO_AES +#if !defined(NO_AES) && defined(HAVE_AES_CBC) #if !defined(NO_SHA) && defined(WOLFSSL_AES_128) {data, (word32)sizeof(data), DATA, AES128CBCb, AES128_WRAP, 0, NULL, 0, NULL, 0, NULL, 0, 0, 0, secretKey, sizeof(secretKey), @@ -30828,10 +30837,10 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, "pkcs7envelopedDataAES128CBC_KEKRI.der"}, #endif -#endif +#endif /* !NO_AES && HAVE_AES_CBC */ /* pwri (PasswordRecipientInfo) recipient types */ -#if !defined(NO_PWDBASED) && !defined(NO_AES) +#if !defined(NO_PWDBASED) && !defined(NO_AES) && defined(HAVE_AES_CBC) #if !defined(NO_SHA) && defined(WOLFSSL_AES_128) {data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, @@ -30841,7 +30850,7 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, #endif #endif -#if !defined(NO_AES) && !defined(NO_AES_128) +#if !defined(NO_AES) && defined(HAVE_AES_CBC) && !defined(NO_AES_128) /* ori (OtherRecipientInfo) recipient types */ {data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, @@ -31287,6 +31296,8 @@ static int pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, }; byte senderNonce[PKCS7_NONCE_SZ + 2]; #ifdef HAVE_ECC + #if !defined(NO_AES) && defined(HAVE_AESGCM) + #if !defined(NO_SHA256) && defined(WOLFSSL_AES_256) WOLFSSL_SMALL_STACK_STATIC const byte senderNonceOid[] = { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, 0x09, 0x05 }; @@ -31296,6 +31307,8 @@ static int pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, { senderNonceOid, sizeof(senderNonceOid), senderNonce, sizeof(senderNonce) } }; + #endif + #endif #endif #if !defined(NO_AES) && defined(WOLFSSL_AES_256) && defined(HAVE_ECC) && \ @@ -31319,7 +31332,7 @@ static int pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, #endif #if !defined(NO_PWDBASED) && !defined(NO_AES) && defined(HAVE_AESGCM) && \ - !defined(NO_SHA) && defined(WOLFSSL_AES_128) + !defined(NO_SHA) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) #ifndef HAVE_FIPS WOLFSSL_SMALL_STACK_STATIC const char password[] = "password"; @@ -31492,7 +31505,7 @@ static int pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, /* pwri (PasswordRecipientInfo) recipient types */ #if !defined(NO_PWDBASED) && !defined(NO_AES) && defined(HAVE_AESGCM) - #if !defined(NO_SHA) && defined(WOLFSSL_AES_128) + #if !defined(NO_SHA) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) ADD_PKCS7_TEST_VEC( {data, (word32)sizeof(data), DATA, AES128GCMb, 0, 0, NULL, 0, NULL, 0, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, @@ -31783,11 +31796,11 @@ static int pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, wc_FreeRng(&rng); -#if !defined(HAVE_ECC) || defined(NO_AES) (void)eccCert; (void)eccCertSz; (void)eccPrivKey; (void)eccPrivKeySz; +#if !defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128) (void)secretKey; (void)secretKeyId; #endif @@ -31898,7 +31911,8 @@ WOLFSSL_TEST_SUBROUTINE int pkcs7authenveloped_test(void) } #endif /* HAVE_AESGCM || HAVE_AESCCM */ -#ifndef NO_AES + +#if !defined(NO_AES) && defined(HAVE_AES_CBC) static const byte p7DefKey[] = { 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, @@ -32314,7 +32328,7 @@ WOLFSSL_TEST_SUBROUTINE int pkcs7callback_test(byte* cert, word32 certSz, byte* return ret; } -#endif /* NO_AES */ +#endif /* !NO_AES && HAVE_AES_CBC */ #ifndef NO_PKCS7_ENCRYPTED_DATA @@ -32362,7 +32376,7 @@ WOLFSSL_TEST_SUBROUTINE int pkcs7encrypted_test(void) }; #endif -#ifndef NO_AES +#if !defined(NO_AES) && defined(HAVE_AES_CBC) #ifdef WOLFSSL_AES_128 byte aes128Key[] = { 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, @@ -32430,7 +32444,7 @@ WOLFSSL_TEST_SUBROUTINE int pkcs7encrypted_test(void) NULL, 0, "pkcs7encryptedDataDES.der"}, #endif /* NO_DES3 */ -#ifndef NO_AES +#if !defined(NO_AES) && defined(HAVE_AES_CBC) #ifdef WOLFSSL_AES_128 {data, (word32)sizeof(data), DATA, AES128CBCb, aes128Key, sizeof(aes128Key), NULL, 0, "pkcs7encryptedDataAES128CBC.der"}, @@ -32459,7 +32473,7 @@ WOLFSSL_TEST_SUBROUTINE int pkcs7encrypted_test(void) sizeof(aes256Key), NULL, 0, "pkcs7encryptedDataAES256CBC_firmwarePkgData.der"}, #endif -#endif /* NO_AES */ +#endif /* !NO_AES && HAVE_AES_CBC */ }; encrypted = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); @@ -33267,7 +33281,8 @@ static int pkcs7signed_run_SingleShotVectors( 0x72,0x6c,0x64 }; -#if defined(WOLFSSL_AES_256) && !defined(NO_PKCS7_ENCRYPTED_DATA) +#if !defined(NO_PKCS7_ENCRYPTED_DATA) && \ + defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256) static byte aes256Key[] = { 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, @@ -33320,7 +33335,8 @@ static int pkcs7signed_run_SingleShotVectors( "pkcs7signedFirmwarePkgData_RSA_SHA256_with_ca_cert.der", 0, NULL, 0, 0, 0, 0, NULL, 0, NULL, 0, 0}, - #if defined(WOLFSSL_AES_256) && !defined(NO_PKCS7_ENCRYPTED_DATA) + #if !defined(NO_PKCS7_ENCRYPTED_DATA) && \ + defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256) /* Signed Encrypted FirmwarePkgData, RSA, SHA256, no attribs */ {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf, rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, @@ -33400,7 +33416,8 @@ static int pkcs7signed_run_SingleShotVectors( "pkcs7signedFirmwarePkgData_ECDSA_SHA256_SKID.der", 0, NULL, 0, CMS_SKID, 0, 0, NULL, 0, NULL, 0, 0}, - #if defined(WOLFSSL_AES_256) && !defined(NO_PKCS7_ENCRYPTED_DATA) + #if !defined(NO_PKCS7_ENCRYPTED_DATA) && \ + defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256) /* Signed Encrypted FirmwarePkgData, ECDSA, SHA256, no attribs */ {data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf, eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, @@ -33917,7 +33934,7 @@ WOLFSSL_TEST_SUBROUTINE int pkcs7signed_test(void) eccClientCertBuf, (word32)eccClientCertBufSz, eccClientPrivKeyBuf, (word32)eccClientPrivKeyBufSz); -#ifndef NO_AES +#if !defined(NO_AES) && defined(HAVE_AES_CBC) if (ret >= 0) ret = pkcs7callback_test( rsaClientCertBuf, (word32)rsaClientCertBufSz, diff --git a/wolfssl/openssl/aes.h b/wolfssl/openssl/aes.h index 0899943d5..c8b8c587c 100644 --- a/wolfssl/openssl/aes.h +++ b/wolfssl/openssl/aes.h @@ -82,7 +82,7 @@ WOLFSSL_API void wolfSSL_AES_decrypt #define AES_encrypt wolfSSL_AES_encrypt #define AES_decrypt wolfSSL_AES_decrypt -#endif /* HAVE_AES_DIRECT */ +#endif /* WOLFSSL_AES_DIRECT */ #ifndef AES_ENCRYPT #define AES_ENCRYPT AES_ENCRYPTION diff --git a/wolfssl/openssl/evp.h b/wolfssl/openssl/evp.h index 213a162a5..a37391521 100644 --- a/wolfssl/openssl/evp.h +++ b/wolfssl/openssl/evp.h @@ -105,7 +105,7 @@ WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_ecb(void); WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_ecb(void); WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_ecb(void); WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cbc(void); -#if !defined(NO_AES) && defined(HAVE_AES_CBC) +#if !defined(NO_AES) && (defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)) WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_cbc(void); WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_cbc(void); #endif diff --git a/wolfssl/test.h b/wolfssl/test.h index d897a11e3..f885972bc 100644 --- a/wolfssl/test.h +++ b/wolfssl/test.h @@ -3053,7 +3053,7 @@ typedef struct AtomicDecCtx { Aes aes; /* for aes example */ } AtomicDecCtx; - +#if !defined(NO_HMAC) && !defined(NO_AES) && defined(HAVE_AES_CBC) static WC_INLINE int myMacEncryptCb(WOLFSSL* ssl, unsigned char* macOut, const unsigned char* macIn, unsigned int macInSz, int macContent, int macVerify, unsigned char* encOut, const unsigned char* encIn, @@ -3124,7 +3124,6 @@ static WC_INLINE int myMacEncryptCb(WOLFSSL* ssl, unsigned char* macOut, return wc_AesCbcEncrypt(&encCtx->aes, encOut, encIn, encSz); } - static WC_INLINE int myDecryptVerifyCb(WOLFSSL* ssl, unsigned char* decOut, const unsigned char* decIn, unsigned int decSz, int macContent, int macVerify, @@ -3225,7 +3224,7 @@ static WC_INLINE int myDecryptVerifyCb(WOLFSSL* ssl, return ret; } -#if defined(HAVE_ENCRYPT_THEN_MAC) +#ifdef HAVE_ENCRYPT_THEN_MAC static WC_INLINE int myEncryptMacCb(WOLFSSL* ssl, unsigned char* macOut, int content, int macVerify, unsigned char* encOut, @@ -3379,7 +3378,8 @@ static WC_INLINE int myVerifyDecryptCb(WOLFSSL* ssl, return 0; } -#endif +#endif /* HAVE_ENCRYPT_THEN_MAC */ +#endif /* !NO_HMAC && !NO_AES && HAVE_AES_CBC */ static WC_INLINE void SetupAtomicUser(WOLFSSL_CTX* ctx, WOLFSSL* ssl) @@ -3399,18 +3399,23 @@ static WC_INLINE void SetupAtomicUser(WOLFSSL_CTX* ctx, WOLFSSL* ssl) } XMEMSET(decCtx, 0, sizeof(AtomicDecCtx)); +#if !defined(NO_HMAC) && !defined(NO_AES) && defined(HAVE_AES_CBC) wolfSSL_CTX_SetMacEncryptCb(ctx, myMacEncryptCb); wolfSSL_SetMacEncryptCtx(ssl, encCtx); wolfSSL_CTX_SetDecryptVerifyCb(ctx, myDecryptVerifyCb); wolfSSL_SetDecryptVerifyCtx(ssl, decCtx); -#if defined(HAVE_ENCRYPT_THEN_MAC) + #ifdef HAVE_ENCRYPT_THEN_MAC wolfSSL_CTX_SetEncryptMacCb(ctx, myEncryptMacCb); wolfSSL_SetEncryptMacCtx(ssl, encCtx); wolfSSL_CTX_SetVerifyDecryptCb(ctx, myVerifyDecryptCb); wolfSSL_SetVerifyDecryptCtx(ssl, decCtx); + #endif +#else + (void)ctx; + (void)ssl; #endif } diff --git a/wolfssl/wolfcrypt/srp.h b/wolfssl/wolfcrypt/srp.h index fcf1f4a84..b06fb8a87 100644 --- a/wolfssl/wolfcrypt/srp.h +++ b/wolfssl/wolfcrypt/srp.h @@ -137,6 +137,8 @@ typedef struct Srp { * @return 0 on success, {@literal <} 0 on error. @see error-crypt.h */ WOLFSSL_API int wc_SrpInit(Srp* srp, SrpType type, SrpSide side); +WOLFSSL_API int wc_SrpInit_ex(Srp* srp, SrpType type, SrpSide side, + void* heap, int devId); /** * Releases the Srp struct resources after usage.