From 87a2cdea31c10e3ab424b1d95336721b4d550124 Mon Sep 17 00:00:00 2001 From: kaleb-himes Date: Tue, 13 Apr 2021 12:12:58 -0600 Subject: [PATCH 1/3] const poisoning - gcc 4.x prefers consistency in prototypes and implementations --- wolfssl/wolfcrypt/sp.h | 32 ++++++++++++++++++++++++-------- 1 file changed, 24 insertions(+), 8 deletions(-) diff --git a/wolfssl/wolfcrypt/sp.h b/wolfssl/wolfcrypt/sp.h index dc9307a40..0a86f2621 100644 --- a/wolfssl/wolfcrypt/sp.h +++ b/wolfssl/wolfcrypt/sp.h @@ -62,7 +62,11 @@ #ifdef WOLFSSL_HAVE_SP_RSA -#if defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION == 2 +/* NOTE: GCC 4.x disapproves of inconsistencies between prototypes and + * Implementation, when FIPSv2 is being used, if gcc version is 4.x use + * the non-const prototypes */ +#if defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION == 2 \ + && (!defined(__GNUC__) || (defined(__GNUC__) && !(__GNUC__ == 4))) WOLFSSL_LOCAL int sp_RsaPublic_2048(const byte* in, word32 inLen, mp_int* em, mp_int* mm, byte* out, word32* outLen); @@ -105,13 +109,17 @@ WOLFSSL_LOCAL int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dqm, const mp_int* qim, const mp_int* mm, byte* out, word32* outLen); -#endif /* HAVE_FIPS_VERSION && HAVE_FIPS_VERSION == 2 */ +#endif /* HAVE_FIPS_VERSION && HAVE_FIPS_VERSION == 2 && !gcc 4.x */ #endif /* WOLFSSL_HAVE_SP_RSA */ #if defined(WOLFSSL_HAVE_SP_DH) || defined(WOLFSSL_HAVE_SP_RSA) -#if defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION == 2 +/* NOTE: GCC 4.x disapproves of inconsistencies between prototypes and + * Implementation, when FIPSv2 is being used, if gcc version is 4.x use + * the non-const prototypes */ +#if defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION == 2 \ + && (!defined(__GNUC__) || (defined(__GNUC__) && !(__GNUC__ == 4))) WOLFSSL_LOCAL int sp_ModExp_1024(mp_int* base, mp_int* exp, mp_int* mod, mp_int* res); @@ -137,13 +145,17 @@ WOLFSSL_LOCAL int sp_ModExp_3072(const mp_int* base, const mp_int* exp, WOLFSSL_LOCAL int sp_ModExp_4096(const mp_int* base, const mp_int* exp, const mp_int* mod, mp_int* res); -#endif /* HAVE_FIPS_VERSION && HAVE_FIPS_VERSION == 2 */ +#endif /* HAVE_FIPS_VERSION && HAVE_FIPS_VERSION == 2 && !gcc 4.x */ #endif #ifdef WOLFSSL_HAVE_SP_DH -#if defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION == 2 +/* NOTE: GCC 4.x disapproves of inconsistencies between prototypes and + * Implementation, when FIPSv2 is being used, if gcc version is 4.x use + * the non-const prototypes */ +#if defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION == 2 \ + && (!defined(__GNUC__) || (defined(__GNUC__) && !(__GNUC__ == 4))) WOLFSSL_LOCAL int sp_DhExp_2048(mp_int* base, const byte* exp, word32 expLen, mp_int* mod, byte* out, word32* outLen); @@ -161,13 +173,17 @@ WOLFSSL_LOCAL int sp_DhExp_3072(const mp_int* base, const byte* exp, WOLFSSL_LOCAL int sp_DhExp_4096(const mp_int* base, const byte* exp, word32 expLen, const mp_int* mod, byte* out, word32* outLen); -#endif /* HAVE_FIPS_VERSION && HAVE_FIPS_VERSION == 2 */ +#endif /* HAVE_FIPS_VERSION && HAVE_FIPS_VERSION == 2 && !gcc 4.x */ #endif /* WOLFSSL_HAVE_SP_DH */ #ifdef WOLFSSL_HAVE_SP_ECC -#if defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION == 2 +/* NOTE: GCC 4.x disapproves of inconsistencies between prototypes and + * Implementation, when FIPSv2 is being used, if gcc version is 4.x use + * the non-const prototypes */ +#if defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION == 2 \ + && (!defined(__GNUC__) || (defined(__GNUC__) && !(__GNUC__ == 4))) int sp_ecc_mulmod_256(mp_int* km, ecc_point* gm, ecc_point* rm, int map, void* heap); @@ -287,7 +303,7 @@ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY); int sp_ecc_check_key_1024(const mp_int* pX, const mp_int* pY, const mp_int* privm, void* heap); -#endif /* HAVE_FIPS_VERSION && HAVE_FIPS_VERSION == 2 */ +#endif /* HAVE_FIPS_VERSION && HAVE_FIPS_VERSION == 2 && !gcc 4.x */ #ifdef WOLFSSL_SP_NONBLOCK int sp_ecc_sign_256_nb(sp_ecc_ctx_t* ctx, const byte* hash, word32 hashLen, From 88aed28a3f05dbfb5d0dd85b341adc25e16bbb91 Mon Sep 17 00:00:00 2001 From: kaleb-himes Date: Tue, 13 Apr 2021 17:28:43 -0600 Subject: [PATCH 2/3] Refactor following peer review --- wolfssl/wolfcrypt/sp.h | 24 ++++++++---------------- 1 file changed, 8 insertions(+), 16 deletions(-) diff --git a/wolfssl/wolfcrypt/sp.h b/wolfssl/wolfcrypt/sp.h index 0a86f2621..faf04cbfe 100644 --- a/wolfssl/wolfcrypt/sp.h +++ b/wolfssl/wolfcrypt/sp.h @@ -62,11 +62,9 @@ #ifdef WOLFSSL_HAVE_SP_RSA -/* NOTE: GCC 4.x disapproves of inconsistencies between prototypes and - * Implementation, when FIPSv2 is being used, if gcc version is 4.x use - * the non-const prototypes */ +/* non-const versions only needed for inlined ARM assembly */ #if defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION == 2 \ - && (!defined(__GNUC__) || (defined(__GNUC__) && !(__GNUC__ == 4))) + && ( defined(WOLFSSL_SP_ARM32_ASM) || defined(WOLFSSL_SP_ARM64_ASM) ) WOLFSSL_LOCAL int sp_RsaPublic_2048(const byte* in, word32 inLen, mp_int* em, mp_int* mm, byte* out, word32* outLen); @@ -115,11 +113,9 @@ WOLFSSL_LOCAL int sp_RsaPrivate_4096(const byte* in, word32 inLen, #if defined(WOLFSSL_HAVE_SP_DH) || defined(WOLFSSL_HAVE_SP_RSA) -/* NOTE: GCC 4.x disapproves of inconsistencies between prototypes and - * Implementation, when FIPSv2 is being used, if gcc version is 4.x use - * the non-const prototypes */ +/* non-const versions only needed for inlined ARM assembly */ #if defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION == 2 \ - && (!defined(__GNUC__) || (defined(__GNUC__) && !(__GNUC__ == 4))) + && ( defined(WOLFSSL_SP_ARM32_ASM) || defined(WOLFSSL_SP_ARM64_ASM) ) WOLFSSL_LOCAL int sp_ModExp_1024(mp_int* base, mp_int* exp, mp_int* mod, mp_int* res); @@ -151,11 +147,9 @@ WOLFSSL_LOCAL int sp_ModExp_4096(const mp_int* base, const mp_int* exp, #ifdef WOLFSSL_HAVE_SP_DH -/* NOTE: GCC 4.x disapproves of inconsistencies between prototypes and - * Implementation, when FIPSv2 is being used, if gcc version is 4.x use - * the non-const prototypes */ +/* non-const versions only needed for inlined ARM assembly */ #if defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION == 2 \ - && (!defined(__GNUC__) || (defined(__GNUC__) && !(__GNUC__ == 4))) + && ( defined(WOLFSSL_SP_ARM32_ASM) || defined(WOLFSSL_SP_ARM64_ASM) ) WOLFSSL_LOCAL int sp_DhExp_2048(mp_int* base, const byte* exp, word32 expLen, mp_int* mod, byte* out, word32* outLen); @@ -179,11 +173,9 @@ WOLFSSL_LOCAL int sp_DhExp_4096(const mp_int* base, const byte* exp, #ifdef WOLFSSL_HAVE_SP_ECC -/* NOTE: GCC 4.x disapproves of inconsistencies between prototypes and - * Implementation, when FIPSv2 is being used, if gcc version is 4.x use - * the non-const prototypes */ +/* non-const versions only needed for inlined ARM assembly */ #if defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION == 2 \ - && (!defined(__GNUC__) || (defined(__GNUC__) && !(__GNUC__ == 4))) + && ( defined(WOLFSSL_SP_ARM32_ASM) || defined(WOLFSSL_SP_ARM64_ASM) ) int sp_ecc_mulmod_256(mp_int* km, ecc_point* gm, ecc_point* rm, int map, void* heap); From 3da32e75ad234313a5532f9c188150663f34c4c9 Mon Sep 17 00:00:00 2001 From: Kaleb Himes Date: Fri, 16 Apr 2021 15:12:35 -0600 Subject: [PATCH 3/3] Correct commentary based on peer feedback --- wolfssl/wolfcrypt/sp.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/wolfssl/wolfcrypt/sp.h b/wolfssl/wolfcrypt/sp.h index faf04cbfe..d6728d02e 100644 --- a/wolfssl/wolfcrypt/sp.h +++ b/wolfssl/wolfcrypt/sp.h @@ -107,7 +107,7 @@ WOLFSSL_LOCAL int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dqm, const mp_int* qim, const mp_int* mm, byte* out, word32* outLen); -#endif /* HAVE_FIPS_VERSION && HAVE_FIPS_VERSION == 2 && !gcc 4.x */ +#endif /* HAVE_FIPS_VERSION && HAVE_FIPS_VERSION == 2 && !WOLFSSL_SP_ARM[32|64]_ASM */ #endif /* WOLFSSL_HAVE_SP_RSA */ @@ -141,7 +141,7 @@ WOLFSSL_LOCAL int sp_ModExp_3072(const mp_int* base, const mp_int* exp, WOLFSSL_LOCAL int sp_ModExp_4096(const mp_int* base, const mp_int* exp, const mp_int* mod, mp_int* res); -#endif /* HAVE_FIPS_VERSION && HAVE_FIPS_VERSION == 2 && !gcc 4.x */ +#endif /* HAVE_FIPS_VERSION && HAVE_FIPS_VERSION == 2 && !WOLFSSL_SP_ARM[32|64]_ASM */ #endif @@ -167,7 +167,7 @@ WOLFSSL_LOCAL int sp_DhExp_3072(const mp_int* base, const byte* exp, WOLFSSL_LOCAL int sp_DhExp_4096(const mp_int* base, const byte* exp, word32 expLen, const mp_int* mod, byte* out, word32* outLen); -#endif /* HAVE_FIPS_VERSION && HAVE_FIPS_VERSION == 2 && !gcc 4.x */ +#endif /* HAVE_FIPS_VERSION && HAVE_FIPS_VERSION == 2 && !WOLFSSL_SP_ARM[32|64]_ASM */ #endif /* WOLFSSL_HAVE_SP_DH */ @@ -295,7 +295,7 @@ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY); int sp_ecc_check_key_1024(const mp_int* pX, const mp_int* pY, const mp_int* privm, void* heap); -#endif /* HAVE_FIPS_VERSION && HAVE_FIPS_VERSION == 2 && !gcc 4.x */ +#endif /* HAVE_FIPS_VERSION && HAVE_FIPS_VERSION == 2 && !WOLFSSL_SP_ARM[32|64]_ASM */ #ifdef WOLFSSL_SP_NONBLOCK int sp_ecc_sign_256_nb(sp_ecc_ctx_t* ctx, const byte* hash, word32 hashLen,