diff --git a/src/pk.c b/src/pk.c index 018f0f2ef..965502002 100644 --- a/src/pk.c +++ b/src/pk.c @@ -35,6 +35,16 @@ #include #endif +#if defined(OPENSSL_EXTRA) && !defined(NO_BIO) && defined(WOLFSSL_KEY_GEN) && \ + (!defined(HAVE_USER_RSA) || defined(HAVE_ECC) || \ + (!defined(NO_DSA) && !defined(HAVE_SELFTEST))) +/* Forward declaration for wolfSSL_PEM_write_bio_RSA_PUBKEY, + * wolfSSL_PEM_write_bio_DSA_PUBKEY and wolfSSL_PEM_write_bio_EC_PUBKEY. + * Implementation in ssl.c. + */ +static int pem_write_bio_pubkey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key); +#endif + /******************************************************************************* * COMMON FUNCTIONS ******************************************************************************/ @@ -1429,11 +1439,6 @@ int wolfSSL_PEM_write_bio_RSAPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa, } #if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA) -/* Forward declaration for wolfSSL_PEM_write_bio_RSA_PUBKEY. - * Implementation in ssl.c. - */ -static int pem_write_bio_pubkey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key); - /* Writes PEM encoding of an RSA public key to a BIO. * * @param [in] bio BIO object to write to. diff --git a/tests/api.c b/tests/api.c index a8c2565bf..132d92331 100644 --- a/tests/api.c +++ b/tests/api.c @@ -962,7 +962,7 @@ static int test_wolfSSL_CTX_use_PrivateKey_file(void) static int test_wolfSSL_CTX_trust_peer_cert(void) { #if !defined(NO_CERTS) && defined(WOLFSSL_TRUST_PEER_CERT) && \ - !defined(NO_WOLFSSL_CLIENT) + !defined(NO_WOLFSSL_CLIENT) && !defined(NO_RSA) WOLFSSL_CTX *ctx; WOLFSSL* ssl; @@ -2334,7 +2334,7 @@ static int test_wolfSSL_CertManagerNameConstraint5(void) static int test_wolfSSL_FPKI(void) { -#if defined(WOLFSSL_FPKI) && !defined(NO_FILESYSTEM) +#if defined(WOLFSSL_FPKI) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) XFILE f; const char* fpkiCert = "./certs/fpki-cert.der"; DecodedCert cert; @@ -27552,8 +27552,8 @@ static int test_wc_PKCS7_InitWithCert (void) #ifdef HAVE_ECC AssertIntLT(wc_PKCS7_InitWithCert(pkcs7, certWithInvalidEccKey, sizeof(certWithInvalidEccKey)), 0); -#endif } +#endif printf(resultFmt, passed); @@ -28737,7 +28737,7 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData (void) wc_FreeRng(&rng); #endif -#if defined(USE_CERT_BUFFERS_2048) && !defined(NO_DES3) +#if defined(USE_CERT_BUFFERS_2048) && !defined(NO_DES3) && !defined(NO_RSA) { byte out[7]; byte *cms; @@ -39266,7 +39266,7 @@ static int test_wolfSSL_PEM_write_bio_X509(void) { #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_AKID_NAME) && \ defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) && \ - !defined(NO_BIO) + !defined(NO_BIO) && !defined(NO_RSA) /* This test contains the hard coded expected * lengths. Update if necessary */ @@ -47903,7 +47903,7 @@ static int test_wc_SetIssueBuffer(void) static int test_wc_SetSubjectKeyId(void) { #if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \ - defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT) + defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT) && defined(HAVE_ECC) Cert cert; const char* file = "certs/ecc-client-keyPub.pem"; @@ -47927,7 +47927,7 @@ static int test_wc_SetSubjectKeyId(void) static int test_wc_SetSubject(void) { #if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \ - defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT) + defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT) && defined(HAVE_ECC) Cert cert; const char* file = "./certs/ca-ecc-cert.pem"; @@ -48838,7 +48838,9 @@ static int test_X509_REQ(void) #if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \ defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && !defined(NO_BIO) X509_NAME* name; +#ifndef NO_RSA X509_NAME* subject; +#endif #if !defined(NO_RSA) || defined(HAVE_ECC) X509_REQ* req; EVP_PKEY* priv; @@ -51069,7 +51071,8 @@ static int test_wolfSSL_X509_load_crl_file(void) static int test_wolfSSL_d2i_X509_REQ(void) { #if defined(WOLFSSL_CERT_REQ) && !defined(NO_RSA) && !defined(NO_BIO) && \ - (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)) + (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)) && \ + !defined(WOLFSSL_SP_MATH) /* ./certs/csr.signed.der, ./certs/csr.ext.der, and ./certs/csr.attr.der were * generated by libest * ./certs/csr.attr.der contains sample attributes @@ -54344,7 +54347,7 @@ static int test_ENGINE_cleanup(void) static int test_wolfSSL_CTX_LoadCRL(void) { -#ifdef HAVE_CRL +#if defined(HAVE_CRL) && !defined(NO_RSA) WOLFSSL_CTX* ctx = NULL; WOLFSSL* ssl = NULL; const char* badPath = "dummypath"; diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index 9406bfac4..5c6425da3 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -4221,7 +4221,7 @@ int wc_RsaExportKey(RsaKey* key, #ifdef WOLFSSL_KEY_GEN /* Check that |p-q| > 2^((size/2)-100) */ -static int wc_CompareDiffPQ(mp_int* p, mp_int* q, int size) +static int wc_CompareDiffPQ(mp_int* p, mp_int* q, int size, int* valid) { #ifdef WOLFSSL_SMALL_STACK mp_int *c = NULL, *d = NULL; @@ -4265,10 +4265,7 @@ static int wc_CompareDiffPQ(mp_int* p, mp_int* q, int size) /* compare */ if (ret == 0) - ret = mp_cmp(d, c); - - if (ret == MP_GT) - ret = MP_OKAY; + *valid = (mp_cmp(d, c) == MP_GT); #ifdef WOLFSSL_SMALL_STACK if (d != NULL) { @@ -4380,9 +4377,10 @@ static int _CheckProbablePrime(mp_int* p, mp_int* q, mp_int* e, int nlen, *isPrime = MP_NO; if (q != NULL) { + int valid = 0; /* 5.4 - check that |p-q| <= (2^(1/2))(2^((nlen/2)-1)) */ - ret = wc_CompareDiffPQ(p, q, nlen); - if (ret != MP_OKAY) goto notOkay; + ret = wc_CompareDiffPQ(p, q, nlen, &valid); + if ((ret != MP_OKAY) || (!valid)) goto notOkay; prime = q; } else diff --git a/wolfcrypt/src/sp_int.c b/wolfcrypt/src/sp_int.c index ad74b1dc2..7c0b77b00 100644 --- a/wolfcrypt/src/sp_int.c +++ b/wolfcrypt/src/sp_int.c @@ -5144,7 +5144,7 @@ int sp_set(sp_int* a, sp_int_digit d) return err; } -#if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_RSA) +#if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_RSA) || defined(OPENSSL_EXTRA) /* Set a number into the multi-precision number. * * Number may be larger than the size of a digit. @@ -5579,7 +5579,7 @@ int sp_mul_d(sp_int* a, sp_int_digit d, sp_int* r) /* Predefine complicated rules of when to compile in sp_div_d and sp_mod_d. */ #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) || \ - defined(WC_MP_TO_RADIX) + defined(OPENSSL_EXTRA) || defined(WC_MP_TO_RADIX) #define WOLFSSL_SP_DIV_D #endif #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ @@ -5951,7 +5951,7 @@ int sp_div_d(sp_int* a, sp_int_digit d, sp_int* r, sp_int_digit* rem) * @return MP_VAL when a is NULL or d is 0. */ #if !defined(WOLFSSL_SP_MATH_ALL) && (!defined(HAVE_ECC) || \ - !defined(HAVE_COMP_KEY)) + !defined(HAVE_COMP_KEY)) && !defined(OPENSSL_EXTRA) static #endif /* !WOLFSSL_SP_MATH_ALL && (!HAVE_ECC || !HAVE_COMP_KEY) */ int sp_mod_d(sp_int* a, const sp_int_digit d, sp_int_digit* r) diff --git a/wolfssl/internal.h b/wolfssl/internal.h index af187e9f5..b526dc074 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -1159,9 +1159,14 @@ enum { #endif #ifndef WOLFSSL_MAX_RSA_BITS - #if (defined(USE_FAST_MATH) && defined(FP_MAX_BITS) && FP_MAX_BITS >= 16384) - #define WOLFSSL_MAX_RSA_BITS (FP_MAX_BITS / 2) + #ifdef USE_FAST_MATH + /* FP implementation support numbers up to FP_MAX_BITS / 2 bits. */ + #define WOLFSSL_MAX_RSA_BITS (FP_MAX_BITS / 2) + #elif defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_MATH) + /* SP implementation supports numbers of SP_INT_BITS bits. */ + #define WOLFSSL_MAX_RSA_BITS ((SP_INT_BITS + 7) / 8) * 8 #else + /* Integer maths is dynamic but we only go up to 4096 bits. */ #define WOLFSSL_MAX_RSA_BITS 4096 #endif #endif @@ -1171,26 +1176,59 @@ enum { /* MySQL wants to be able to use 8192-bit numbers. */ -#if defined(WOLFSSL_MYSQL_COMPATIBLE) || \ - (defined(USE_FAST_MATH) && defined(FP_MAX_BITS) && \ - FP_MAX_BITS >= 16384) || \ - ((defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_MATH)) && \ - SP_INT_MAX_BITS >= 16384) - /* Maximum supported number length is 8192-bit. */ - #define ENCRYPT_BASE_BITS 8192 -#elif defined(USE_FAST_MATH) && defined(FP_MAX_BITS) - /* Use the FP size down to a min of 1024-bit. */ - #if FP_MAX_BITS > 2048 - #define ENCRYPT_BASE_BITS (FP_MAX_BITS / 2) - #else - #define ENCRYPT_BASE_BITS 1024 - #endif -#elif defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_MATH) - /* Use the SP math size down to a min of 1024-bit. */ - #if SP_INT_MAX_BITS > 2048 - #define ENCRYPT_BASE_BITS (SP_INT_MAX_BITS / 2) +#if defined(USE_FAST_MATH) && defined(FP_MAX_BITS) + /* Use the FP size up to 8192-bit and down to a min of 1024-bit. */ + #if FP_MAX_BITS >= 16384 + #define ENCRYPT_BASE_BITS 8192 + #elif defined(HAVE_ECC) + #if FP_MAX_BITS > 2224 + #define ENCRYPT_BASE_BITS (FP_MAX_BITS / 2) + #else + /* 521-bit ASN.1 signature - 3 + 2 * (2 + 66) bytes. */ + #define ENCRYPT_BASE_BITS 1112 + #endif #else - #define ENCRYPT_BASE_BITS 1024 + #if FP_MAX_BITS > 2048 + #define ENCRYPT_BASE_BITS (FP_MAX_BITS / 2) + #else + #define ENCRYPT_BASE_BITS 1024 + #endif + #endif + + /* Check MySQL size requirements met. */ + #if defined(WOLFSSL_MYSQL_COMPATIBLE) && ENCRYPT_BASE_BITS < 8192 + #error "MySQL needs FP_MAX_BITS at least at 16384" + #endif + + #if WOLFSSL_MAX_RSA_BITS > ENCRYPT_BASE_BITS + #error "FP_MAX_BITS too small for WOLFSSL_MAX_RSA_BITS" + #endif +#elif defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_MATH) + /* Use the SP size up to 8192-bit and down to a min of 1024-bit. */ + #if SP_INT_BITS >= 8192 + #define ENCRYPT_BASE_BITS 8192 + #elif defined(HAVE_ECC) + #if SP_INT_BITS > 1112 + #define ENCRYPT_BASE_BITS SP_INT_BITS + #else + /* 521-bit ASN.1 signature - 3 + 2 * (2 + 66) bytes. */ + #define ENCRYPT_BASE_BITS 1112 + #endif + #else + #if SP_INT_BITS > 1024 + #define ENCRYPT_BASE_BITS SP_INT_BITS + #else + #define ENCRYPT_BASE_BITS 1024 + #endif + #endif + + /* Check MySQL size requirements met. */ + #if defined(WOLFSSL_MYSQL_COMPATIBLE) && ENCRYPT_BASE_BITS < 8192 + #error "MySQL needs SP_INT_BITS at least at 8192" + #endif + + #if WOLFSSL_MAX_RSA_BITS > ENCRYPT_BASE_BITS + #error "SP_INT_BITS too small for WOLFSSL_MAX_RSA_BITS" #endif #else /* Integer/heap maths - support 4096-bit. */ diff --git a/wolfssl/wolfcrypt/rsa.h b/wolfssl/wolfcrypt/rsa.h index 46d23e9c0..17f182096 100644 --- a/wolfssl/wolfcrypt/rsa.h +++ b/wolfssl/wolfcrypt/rsa.h @@ -107,7 +107,27 @@ RSA keys can be used to encrypt, decrypt, sign and verify data. #endif #ifndef RSA_MAX_SIZE -#define RSA_MAX_SIZE 4096 + #ifdef USE_FAST_MATH + /* FP implementation support numbers up to FP_MAX_BITS / 2 bits. */ + #define RSA_MAX_SIZE (FP_MAX_BITS / 2) + #if defined(WOLFSSL_MYSQL_COMPATIBLE) && RSA_MAX_SIZE < 8192 + #error "MySQL needs FP_MAX_BITS at least at 16384" + #endif + #elif defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_MATH) + /* SP implementation supports numbers of SP_INT_BITS bits. */ + #define RSA_MAX_SIZE (((SP_INT_BITS + 7) / 8) * 8) + #if defined(WOLFSSL_MYSQL_COMPATIBLE) && RSA_MAX_SIZE < 8192 + #error "MySQL needs SP_INT_BITS at least at 8192" + #endif + #else + #ifdef WOLFSSL_MYSQL_COMPATIBLE + /* Integer maths is dynamic but we only go up to 8192 bits. */ + #define RSA_MAX_SIZE 8192 + #else + /* Integer maths is dynamic but we only go up to 4096 bits. */ + #define RSA_MAX_SIZE 4096 + #endif + #endif #endif /* avoid redefinition of structs */ diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 2564b4770..a22dd4806 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -2139,25 +2139,26 @@ extern void uITRON4_free(void *p) ; #endif #endif #if defined(HAVE_FFDHE_8192) - #define MIN_FFDHE_FP_MAX_BITS 16384 + #define MIN_FFDHE_BITS 8192 #elif defined(HAVE_FFDHE_6144) - #define MIN_FFDHE_FP_MAX_BITS 12288 + #define MIN_FFDHE_BITS 6144 #elif defined(HAVE_FFDHE_4096) - #define MIN_FFDHE_FP_MAX_BITS 8192 + #define MIN_FFDHE_BITS 4096 #elif defined(HAVE_FFDHE_3072) - #define MIN_FFDHE_FP_MAX_BITS 6144 + #define MIN_FFDHE_BITS 3072 #elif defined(HAVE_FFDHE_2048) - #define MIN_FFDHE_FP_MAX_BITS 4096 + #define MIN_FFDHE_BITS 2048 #else - #define MIN_FFDHE_FP_MAX_BITS 0 + #define MIN_FFDHE_BITS 0 #endif +#define MIN_FFDHE_FP_MAX_BITS (MIN_FFDHE_BITS * 2) #if defined(HAVE_FFDHE) && defined(FP_MAX_BITS) #if MIN_FFDHE_FP_MAX_BITS > FP_MAX_BITS #error "FFDHE parameters are too large for FP_MAX_BIT as set" #endif #endif #if defined(HAVE_FFDHE) && defined(SP_INT_BITS) - #if MIN_FFDHE_FP_MAX_BITS > SP_INT_BITS * 2 + #if MIN_FFDHE_BITS > SP_INT_BITS #error "FFDHE parameters are too large for SP_INT_BIT as set" #endif #endif @@ -2166,16 +2167,18 @@ extern void uITRON4_free(void *p) ; #if defined(WOLFSSL_X86_64_BUILD) || defined(WOLFSSL_AARCH64_BUILD) #if defined(USE_FAST_MATH) && !defined(FP_MAX_BITS) #if MIN_FFDHE_FP_MAX_BITS <= 8192 - #define FP_MAX_BITS 8192 + #define FP_MAX_BITS 8192 #else - #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS + #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS #endif #endif #if defined(WOLFSSL_SP_MATH_ALL) && !defined(SP_INT_BITS) - #if MIN_FFDHE_FP_MAX_BITS <= 8192 - #define SP_INT_BITS 4096 + #ifdef WOLFSSL_MYSQL_COMPATIBLE + #define SP_INT_BITS 8192 + #elif MIN_FFDHE_BITS <= 4096 + #define SP_INT_BITS 4096 #else - #define PS_INT_BITS MIN_FFDHE_FP_MAX_BITS / 2 + #define SP_INT_BITS MIN_FFDHE_BITS #endif #endif #endif diff --git a/wolfssl/wolfcrypt/sp_int.h b/wolfssl/wolfcrypt/sp_int.h index f965f9f3e..f030eecb9 100644 --- a/wolfssl/wolfcrypt/sp_int.h +++ b/wolfssl/wolfcrypt/sp_int.h @@ -358,78 +358,76 @@ typedef struct sp_ecc_ctx { #if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL) #include -#ifdef SP_INT_BITS - /* Calculate number of digits to have in an sp_int based maximum size of +#ifndef SP_INT_BITS + #ifdef SP_INT_DIGITS + #define SP_INT_BITS (((SP_INT_DIGITS - 1) * SP_WORD_SIZE) / 2) + #else + /* Calculate number of bits to have in an sp_int based on features + * compiled in. + */ + #ifdef WOLFSSL_MYSQL_COMPATIBLE + /* MySQL wants to be able to use 8192-bit numbers. */ + #define SP_INT_BITS 8192 + #elif !defined(WOLFSSL_HAVE_SP_RSA) && !defined(WOLFSSL_HAVE_SP_DH) && \ + !defined(WOLFSSL_HAVE_SP_ECC) + /* Not using SP - must be SP math all. */ + #if !defined(NO_RSA) || !defined(NO_DH) || !defined(NO_DSA) + /* Support max size FFHDE parameters compiled in. */ + #if !defined(NO_DH) && defined(HAVE_FFDHE_8192) + #define SP_INT_BITS 8192 + #elif !defined(NO_DH) && defined(HAVE_FFDHE_6144) + #define SP_INT_BITS 6144 + #elif !defined(NO_DH) && defined(HAVE_FFDHE_4096) + #define SP_INT_BITS 4096 + #else + /* Default to max 3072 for general RSA and DH. */ + #define SP_INT_BITS 3072 + #endif + #elif defined(WOLFCRYPT_HAVE_SAKKE) + #define SP_INT_BITS 1024 + #elif defined(HAVE_ECC) + /* P521 is the largest supported ECC algorithm curve. */ + #define SP_INT_BITS 521 + #elif !defined(NO_PWDBASED) && defined(HAVE_PKCS12) + /* wc_PKCS12_PBKDF_ex() */ + #define SP_INT_BITS WC_MAX_DIGEST_SIZE * 8 + #else + #define SP_INT_BITS 128 + #endif + #elif !defined(WOLFSSL_HAVE_SP_RSA) && !defined(WOLFSSL_HAVE_SP_DH) + /* Not use SP_RSA or DH but are using SP ECC. */ + #if defined(WOLFCRYPT_HAVE_SAKKE) + #define SP_INT_BITS 1024 + #elif defined(WOLFSSL_SP_521) || defined(WOLFSSL_SP_MATH_ALL) + /* P521 is the largest supported ECC algorithm curve. */ + #define SP_INT_BITS 521 + #elif defined(WOLFSSL_SP_384) + /* No generic support - largest curve P384. */ + #define SP_INT_BITS 384 + #else + /* No generic support - largest curve P256. */ + #define SP_INT_BITS 256 + #endif + /* SP RSA and DH supported so base on max size of RSA/DH in SP. */ + #elif defined(WOLFSSL_SP_4096) + #define SP_INT_BITS 4096 + #elif !defined(WOLFSSL_SP_NO_3072) || defined(WOLFSSL_SP_MATH_ALL) + #define SP_INT_BITS 3072 + #else + #define SP_INT_BITS 2048 + #endif + #endif +#endif + +#ifndef SP_INT_DIGITS + /* Calculate number of digits to have in an sp_int based on maximum size of * numbers in bits that will be used. * Double the size to hold multiplication result. * Add one to accommodate extra digit used by sp_mul(), sp_mulmod(), * sp_sqr(), and sp_sqrmod(). */ #define SP_INT_DIGITS \ - ((((SP_INT_BITS + (SP_WORD_SIZE - 1)) * 2 + SP_WORD_SIZE) / SP_WORD_SIZE) + 1) -#endif - -#ifndef SP_INT_DIGITS - /* Calculate number of digits to have in an sp_int based on features - * compiled in. - */ - #if !defined(WOLFSSL_HAVE_SP_RSA) && !defined(WOLFSSL_HAVE_SP_DH) && \ - !defined(WOLFSSL_HAVE_SP_ECC) - #if !defined(NO_RSA) || !defined(NO_DH) || !defined(NO_DSA) - /* large SP math requires 2048-bits + */ - #if !defined(NO_DH) && defined(HAVE_FFDHE_8192) - #define SP_INT_DIGITS (((16384 + SP_WORD_SIZE) / SP_WORD_SIZE) + 1) - #elif !defined(NO_DH) && defined(HAVE_FFDHE_6144) - #define SP_INT_DIGITS (((12288 + SP_WORD_SIZE) / SP_WORD_SIZE) + 1) - #elif !defined(NO_DH) && defined(HAVE_FFDHE_4096) - #define SP_INT_DIGITS (((8192 + SP_WORD_SIZE) / SP_WORD_SIZE) + 1) - #else - /* all else */ - #define SP_INT_DIGITS (((6144 + SP_WORD_SIZE) / SP_WORD_SIZE) + 1) - #endif - #elif defined(WOLFCRYPT_HAVE_SAKKE) - #define SP_INT_DIGITS \ - (((2 * (1024 + SP_WORD_SIZE) + SP_WORD_SIZE) / SP_WORD_SIZE) + 1) - #elif defined(HAVE_ECC) - #define SP_INT_DIGITS \ - (((2 * ( 521 + SP_WORD_SIZE) + SP_WORD_SIZE) / SP_WORD_SIZE) + 1) - #elif !defined(NO_PWDBASED) && defined(WOLFSSL_SHA512) - #define SP_INT_DIGITS ((( 512 + SP_WORD_SIZE) / SP_WORD_SIZE) + 1) - #else - #define SP_INT_DIGITS ((( 256 + SP_WORD_SIZE) / SP_WORD_SIZE) + 1) - #endif - #elif !defined(WOLFSSL_HAVE_SP_RSA) && !defined(WOLFSSL_HAVE_SP_DH) - #if defined(WOLFCRYPT_HAVE_SAKKE) - #define SP_INT_DIGITS \ - (((2 * (1024 + SP_WORD_SIZE) + SP_WORD_SIZE) / SP_WORD_SIZE) + 1) - #elif defined(WOLFSSL_SP_MATH_ALL) - #define SP_INT_DIGITS \ - (((2 * ( 521 + SP_WORD_SIZE) + SP_WORD_SIZE) / SP_WORD_SIZE) + 1) - #elif defined(WOLFSSL_SP_384) - #define SP_INT_DIGITS ((( 768 + SP_WORD_SIZE) / SP_WORD_SIZE) + 1) - #else - #define SP_INT_DIGITS ((( 512 + SP_WORD_SIZE) / SP_WORD_SIZE) + 1) - #endif - #elif defined(WOLFSSL_SP_4096) - #if defined(WOLFSSL_HAVE_SP_DH) - #define SP_INT_DIGITS (((8192 + SP_WORD_SIZE) / SP_WORD_SIZE) + 1) - #else - #define SP_INT_DIGITS (((4096 + SP_WORD_SIZE) / SP_WORD_SIZE) + 1) - #endif - #elif !defined(WOLFSSL_SP_NO_3072) - #if defined(WOLFSSL_HAVE_SP_DH) - #define SP_INT_DIGITS (((6144 + SP_WORD_SIZE) / SP_WORD_SIZE) + 1) - #else - #define SP_INT_DIGITS (((3072 + SP_WORD_SIZE) / SP_WORD_SIZE) + 1) - #endif - #else - #if defined(WOLFSSL_HAVE_SP_DH) || \ - (defined(WOLFSSL_HAVE_SP_RSA) && defined(WOLFSSL_KEY_GEN)) - #define SP_INT_DIGITS (((4096 + SP_WORD_SIZE) / SP_WORD_SIZE) + 1) - #else - #define SP_INT_DIGITS (((2048 + SP_WORD_SIZE) / SP_WORD_SIZE) + 1) - #endif - #endif + (((SP_INT_BITS * 2 + SP_WORD_SIZE - 1) / SP_WORD_SIZE) + 1) #endif #ifndef SP_INT_MAX_BITS @@ -837,7 +835,7 @@ MP_API int sp_mul_d(sp_int* a, sp_int_digit d, sp_int* r); MP_API int sp_div_d(sp_int* a, sp_int_digit d, sp_int* r, sp_int_digit* rem); #endif #if defined(WOLFSSL_SP_MATH_ALL) || (defined(HAVE_ECC) && \ - defined(HAVE_COMP_KEY)) + defined(HAVE_COMP_KEY)) || defined(OPENSSL_EXTRA) MP_API int sp_mod_d(sp_int* a, sp_int_digit d, sp_int_digit* r); #endif #if defined(WOLFSSL_SP_MATH_ALL) && defined(HAVE_ECC)