diff --git a/scripts/external.test b/scripts/external.test index 9557a0b43..95422242e 100755 --- a/scripts/external.test +++ b/scripts/external.test @@ -13,6 +13,18 @@ if [ $? -ne 0 ]; then # cloudflare seems to change CAs quickly, disabled by default if test -n "$WOLFSSL_EXTERNAL_TEST"; then + + BUILD_FLAGS="$(./examples/client/client '-#')" + if echo "$BUILD_FLAGS" | fgrep -q -e ' -DWOLFSSL_SNIFFER '; then + echo 'skipping WOLFSSL_EXTERNAL_TEST because -DWOLFSSL_SNIFFER configuration of build is incompatible.' + exit 0 + fi + + if echo "$BUILD_FLAGS" | fgrep -v -q -e ' -DHAVE_ECC '; then + echo 'skipping WOLFSSL_EXTERNAL_TEST because -UHAVE_ECC configuration of build is incompatible.' + exit 0 + fi + echo "WOLFSSL_EXTERNAL_TEST set, running test..." else echo "WOLFSSL_EXTERNAL_TEST NOT set, won't run" diff --git a/src/sniffer.c b/src/sniffer.c index 826adf232..bec413fa3 100644 --- a/src/sniffer.c +++ b/src/sniffer.c @@ -992,7 +992,10 @@ static void TraceSetNamedServer(const char* name, if (TraceOn) { fprintf(TraceFile, "\tTrying to install a new Sniffer Server with\n"); fprintf(TraceFile, "\tname: %s, server: %s, port: %d, keyFile: %s\n", - name, srv, port, keyFile); + name ? name : "", + srv ? srv : "", + port, + keyFile ? keyFile : ""); } } diff --git a/src/ssl.c b/src/ssl.c index 9ac0fee7e..b8f3d755b 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -30218,6 +30218,63 @@ int SetDsaInternal(WOLFSSL_DSA* dsa) #ifdef OPENSSL_EXTRA #if !defined(NO_RSA) + +/* return wolfSSL native error codes. */ +static int wolfSSL_RSA_generate_key_native(WOLFSSL_RSA* rsa, int bits, WOLFSSL_BIGNUM* bn, + void* cb) +{ + int ret; + + (void)cb; + (void)bn; + (void)bits; + + WOLFSSL_ENTER("wolfSSL_RSA_generate_key_native"); + + if (rsa == NULL || rsa->internal == NULL) { + /* bit size checked during make key call */ + WOLFSSL_MSG("bad arguments"); + return BAD_FUNC_ARG; + } + +#ifdef WOLFSSL_KEY_GEN + { + #ifdef WOLFSSL_SMALL_STACK + WC_RNG* rng; + #else + WC_RNG rng[1]; + #endif + + #ifdef WOLFSSL_SMALL_STACK + rng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG); + if (rng == NULL) + return MEMORY_E; + #endif + + if ((ret = wc_InitRng(rng)) < 0) + WOLFSSL_MSG("RNG init failed"); + else if ((ret = wc_MakeRsaKey((RsaKey*)rsa->internal, bits, + wolfSSL_BN_get_word(bn), rng)) != MP_OKAY) + WOLFSSL_MSG("wc_MakeRsaKey failed"); + else if ((ret = SetRsaExternal(rsa)) != WOLFSSL_SUCCESS) + WOLFSSL_MSG("SetRsaExternal failed"); + else { + rsa->inSet = 1; + ret = WOLFSSL_ERROR_NONE; + } + + wc_FreeRng(rng); + #ifdef WOLFSSL_SMALL_STACK + XFREE(rng, NULL, DYNAMIC_TYPE_RNG); + #endif + } +#else + WOLFSSL_MSG("No Key Gen built in"); + ret = NOT_COMPILED_IN; +#endif + return ret; +} + /* Generates a RSA key of length len * * len length of RSA key i.e. 2048 @@ -30263,9 +30320,19 @@ WOLFSSL_RSA* wolfSSL_RSA_generate_key(int len, unsigned long e, WOLFSSL_MSG("memory error"); } else { - if (wolfSSL_RSA_generate_key_ex(rsa, len, bn, NULL) != SSL_SUCCESS){ - wolfSSL_RSA_free(rsa); - rsa = NULL; + for (;;) { + int gen_ret = wolfSSL_RSA_generate_key_native(rsa, len, bn, NULL); + if (gen_ret == WOLFSSL_ERROR_NONE) + break; +#ifdef HAVE_FIPS + else if (gen_ret == PRIME_GEN_E) + continue; +#endif + else { + wolfSSL_RSA_free(rsa); + rsa = NULL; + break; + } } } wolfSSL_BN_free(bn); @@ -30273,62 +30340,23 @@ WOLFSSL_RSA* wolfSSL_RSA_generate_key(int len, unsigned long e, return rsa; } - /* return compliant with OpenSSL * 1 if success, 0 if error */ int wolfSSL_RSA_generate_key_ex(WOLFSSL_RSA* rsa, int bits, WOLFSSL_BIGNUM* bn, void* cb) { - int ret = WOLFSSL_FAILURE; - - (void)cb; - (void)bn; - (void)bits; - - WOLFSSL_ENTER("wolfSSL_RSA_generate_key_ex"); - - if (rsa == NULL || rsa->internal == NULL) { - /* bit size checked during make key call */ - WOLFSSL_MSG("bad arguments"); - return WOLFSSL_FAILURE; - } - -#ifdef WOLFSSL_KEY_GEN - { - #ifdef WOLFSSL_SMALL_STACK - WC_RNG* rng; - #else - WC_RNG rng[1]; - #endif - - #ifdef WOLFSSL_SMALL_STACK - rng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG); - if (rng == NULL) - return WOLFSSL_FAILURE; - #endif - - if (wc_InitRng(rng) < 0) - WOLFSSL_MSG("RNG init failed"); - else if (wc_MakeRsaKey((RsaKey*)rsa->internal, bits, - wolfSSL_BN_get_word(bn), rng) != MP_OKAY) - WOLFSSL_MSG("wc_MakeRsaKey failed"); - else if (SetRsaExternal(rsa) != WOLFSSL_SUCCESS) - WOLFSSL_MSG("SetRsaExternal failed"); - else { - rsa->inSet = 1; - ret = WOLFSSL_SUCCESS; - } - - wc_FreeRng(rng); - #ifdef WOLFSSL_SMALL_STACK - XFREE(rng, NULL, DYNAMIC_TYPE_RNG); - #endif - } -#else - WOLFSSL_MSG("No Key Gen built in"); + for (;;) { + int gen_ret = wolfSSL_RSA_generate_key_native(rsa, bits, bn, cb); + if (gen_ret == WOLFSSL_ERROR_NONE) + return WOLFSSL_SUCCESS; +#ifdef HAVE_FIPS + else if (gen_ret == PRIME_GEN_E) + continue; #endif - return ret; + else + return WOLFSSL_FAILURE; + } } #endif /* NO_RSA */ diff --git a/tests/api.c b/tests/api.c index 6da9dc22d..a9c98a41a 100644 --- a/tests/api.c +++ b/tests/api.c @@ -23217,7 +23217,9 @@ static void test_wc_PKCS7_EncodeDecodeEnvelopedData (void) { #if defined(HAVE_PKCS7) PKCS7* pkcs7; +#ifdef ECC_TIMING_RESISTANT WC_RNG rng; +#endif word32 tempWrd32 = 0; byte* tmpBytePtr = NULL; const char input[] = "Test data to encode."; diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 0966a4d41..566c3adc2 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -26224,7 +26224,9 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, byte *enveloped; byte *decoded; PKCS7* pkcs7; +#ifdef ECC_TIMING_RESISTANT WC_RNG rng; +#endif #ifdef PKCS7_OUTPUT_TEST_BUNDLES XFILE pkcs7File; #endif