From 71cc5381adf4839f52b63020a6e4161ab9ed35c2 Mon Sep 17 00:00:00 2001 From: David Garske Date: Fri, 3 Apr 2020 10:58:16 -0700 Subject: [PATCH 1/3] Added new `examples/config` area with template user_settings.h files and instructions for using. --- examples/configs/README.md | 8 + examples/configs/include.am | 6 + examples/configs/user_settings_all.h | 218 +++++++++++++++++++++++ examples/configs/user_settings_min_ecc.h | 113 ++++++++++++ examples/include.am | 1 + 5 files changed, 346 insertions(+) create mode 100644 examples/configs/README.md create mode 100644 examples/configs/include.am create mode 100644 examples/configs/user_settings_all.h create mode 100644 examples/configs/user_settings_min_ecc.h diff --git a/examples/configs/README.md b/examples/configs/README.md new file mode 100644 index 000000000..fe8b2fcdd --- /dev/null +++ b/examples/configs/README.md @@ -0,0 +1,8 @@ +# Example build configurations + +These are meant to be copied to your local project and renamed to `user_settings.h`. + +## Files + +* `user_settings_all.h`: This is wolfSSL with all features enabled. Equivelent to `./configure --enable-all`. +* `user_settings_min_ecc.h`: This is ECC and SHA-256 only. For ECC verify only add `BUILD_VERIFY_ONLY`. diff --git a/examples/configs/include.am b/examples/configs/include.am new file mode 100644 index 000000000..791cbcae2 --- /dev/null +++ b/examples/configs/include.am @@ -0,0 +1,6 @@ +# vim:ft=automake +# All paths should be given relative to the root + +EXTRA_DIST += examples/configs/README.md +EXTRA_DIST += examples/configs/user_settings_all.h +EXTRA_DIST += examples/configs/user_settings_min_ecc.h diff --git a/examples/configs/user_settings_all.h b/examples/configs/user_settings_all.h new file mode 100644 index 000000000..d18005f54 --- /dev/null +++ b/examples/configs/user_settings_all.h @@ -0,0 +1,218 @@ +/* user_settings_all.h + * + * Copyright (C) 2006-2020 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +/* should be renamed to user_settings.h for customer use + * generated from configure options ./configure --enable-all + * + * Cleaned up by David Garske + */ + +#ifndef WOLFSSL_USER_SETTINGS_H +#define WOLFSSL_USER_SETTINGS_H + + +#ifdef __cplusplus +extern "C" { +#endif + +/* Features */ +#define WOLFSSL_PUBLIC_MP /* Make math API's pbulic */ +#define KEEP_PEER_CERT /* Retain peer's certificate */ +#define KEEP_OUR_CERT /* Keep our certificate */ +#define WOLFSSL_ALWAYS_VERIFY_CB /* Always call verify callback (configured via wolfSSL_CTX_set_verify API) */ +#define WOLFSSL_VERIFY_CB_ALL_CERTS /* Call verify callback for all intermediate certs */ +#define WOLFSSL_ALWAYS_KEEP_SNI +#define WOLFSSL_EXTRA_ALERTS /* Allow sending other TLS alerts */ +#define HAVE_EX_DATA /* Enable "extra" EX data API's for user information in CTX/WOLFSSL */ +#define HAVE_EXT_CACHE +#define ATOMIC_USER /* Enable Atomic Record Layer callbacks */ +#define HAVE_PK_CALLBACKS /* Enable public key callbacks */ +#define WOLFSSL_ALT_NAMES /* Allow alternate cert chain validation to any trusted cert (not entire chain presented by peer) */ +#define HAVE_NULL_CIPHER /* Enable use of TLS cipher suites without cipher (clear text / no encryption) */ +#define WOLFSSL_HAVE_CERT_SERVICE +#define WOLFSSL_JNI +#define WOLFSSL_SEP +#define WOLFCRYPT_HAVE_SRP +#define WOLFSSL_HAVE_WOLFSCEP +#define WOLFSSL_ENCRYPTED_KEYS /* Support for encrypted keys PKCS8 */ +#define HAVE_PKCS7 +#define WOLFSSL_MULTI_ATTRIB +#define WOLFSSL_DER_LOAD +#define ASN_BER_TO_DER /* BER to DER support */ +#define WOLFSSL_SIGNER_DER_CERT +//#define HAVE_THREAD_LS /* DG Commented: Thread local storage - may not be portable */ + +/* TLS Features */ +#define WOLFSSL_DTLS +#define WOLFSSL_TLS13 +#define WOLFSSL_EITHER_SIDE /* allow generic server/client method for WOLFSSL_CTX new */ + +/* DG Disabled SSLv3 and TLSv1.0 - should avoid using */ +//#define WOLFSSL_ALLOW_SSLV3 +//#define WOLFSSL_ALLOW_TLSV10 + +/* TLS Extensions */ +#define HAVE_TLS_EXTENSIONS +#define HAVE_SUPPORTED_CURVES +#define HAVE_ONE_TIME_AUTH +#define HAVE_SNI +#define HAVE_ALPN +#define HAVE_MAX_FRAGMENT +#define HAVE_TRUNCATED_HMAC +#define HAVE_SESSION_TICKET +#define HAVE_EXTENDED_MASTER +#define HAVE_TRUSTED_CA +#define HAVE_ENCRYPT_THEN_MAC + +/* TLS Session Cache */ +#define SESSION_CERTS +#define PERSIST_SESSION_CACHE +#define PERSIST_CERT_CACHE + +/* Key and Certificate Generation */ +#define WOLFSSL_KEY_GEN +#define WOLFSSL_CERT_GEN +#define WOLFSSL_CERT_REQ +#define WOLFSSL_CERT_EXT + +/* Certificate Revocation */ +#define HAVE_OCSP +#define HAVE_CERTIFICATE_STATUS_REQUEST +#define HAVE_CERTIFICATE_STATUS_REQUEST_V2 +#define HAVE_CRL +#define HAVE_CRL_IO +#define HAVE_IO_TIMEOUT +//#define HAVE_CRL_MONITOR /* DG Disabled (Monitors CRL files on filesystem) - not portable feature */ + + +/* Fast math key size 4096-bit max */ +#define USE_FAST_MATH +#define FP_MAX_BITS 8192 +//#define HAVE___UINT128_T 1 /* DG commented: May not be portable */ + +/* Timing Resistence */ +#define TFM_TIMING_RESISTANT +#define ECC_TIMING_RESISTANT +#define WC_RSA_BLINDING + +/* DH Key Sizes */ +#define HAVE_FFDHE_2048 +#define HAVE_FFDHE_3072 + +/* ECC Features */ +#define HAVE_ECC +#define TFM_ECC256 +#define ECC_SHAMIR +#define WOLFSSL_CUSTOM_CURVES /* enable other curves (not just prime) */ +#define HAVE_ECC_SECPR2 +#define HAVE_ECC_SECPR3 +#define HAVE_ECC_BRAINPOOL +#define HAVE_ECC_KOBLITZ +#define HAVE_ECC_CDH /* Cofactor */ +#define HAVE_COMP_KEY /* Compressed key support */ +#define FP_ECC /* Fixed point caching - speed repeated operations against same key */ +#define HAVE_ECC_ENCRYPT + +/* RSA */ +#define WC_RSA_PSS + +/* AES */ +#define HAVE_AES_DECRYPT +#define HAVE_AES_ECB +#define WOLFSSL_AES_DIRECT +#define WOLFSSL_AES_COUNTER +#define HAVE_AESGCM +#define HAVE_AESCCM +#define WOLFSSL_AES_OFB +#define WOLFSSL_AES_CFB +#define WOLFSSL_AES_XTS +#define HAVE_AES_KEYWRAP + +/* Hashing */ +#define WOLFSSL_SHA224 +#define WOLFSSL_SHA512 +#define WOLFSSL_SHA384 +#define WOLFSSL_SHAKE256 +#define WOLFSSL_SHA3 +#define WOLFSSL_HASH_FLAGS /* enable hash flag API's */ + +/* Additional Algorithms */ +#define HAVE_HASHDRBG +#define HAVE_CURVE25519 +#define HAVE_ED25519 +#define HAVE_CURVE448 +#define HAVE_POLY1305 +#define HAVE_CHACHA +#define HAVE_HKDF +#define HAVE_X963_KDF +#define WOLFSSL_CMAC +#define WOLFSSL_DES_ECB + +/* Non-Standard Algorithms (DG disabled) */ +//#define HAVE_HC128 +//#define HAVE_RABBIT +//#define HAVE_IDEA +//#define HAVE_CAMELLIA +//#define WOLFSSL_RIPEMD +//#define HAVE_SCRYPT + +/* Encoding */ +#define WOLFSSL_BASE16 +#define WOLFSSL_BASE64_ENCODE + +/* Openssl compatibility */ +#if 0 /* DG Disabled */ + /* Openssl compatibility API's */ + #define OPENSSL_EXTRA + #define OPENSSL_ALL + #define HAVE_OPENSSL_CMD + #define SSL_TXT_TLSV1_2 + #define SSL_TXT_TLSV1_1 + #define OPENSSL_NO_SSL2 + #define OPENSSL_NO_SSL3 + #define NO_OLD_RNGNAME + #define NO_OLD_WC_NAMES + #define NO_OLD_SSL_NAMES + #define NO_OLD_SHA_NAMES + + /* Openssl compatibility application specific */ + #define WOLFSSL_LIBWEBSOCKETS + #define WOLFSSL_OPENSSH + #define WOLFSSL_QT + #define FORTRESS + #define HAVE_WEBSERVER + #define HAVE_LIGHTY + #define WOLFSSL_NGINX + #define WOLFSSL_HAPROXY + #define HAVE_STUNNEL + #define WOLFSSL_ASIO + #define ASIO_USE_WOLFSSL + #define BOOST_ASIO_USE_WOLFSSL +#endif + + +#ifdef __cplusplus +} +#endif + + +#endif /* WOLFSSL_USER_SETTINGS_H */ diff --git a/examples/configs/user_settings_min_ecc.h b/examples/configs/user_settings_min_ecc.h new file mode 100644 index 000000000..0a6bb90b6 --- /dev/null +++ b/examples/configs/user_settings_min_ecc.h @@ -0,0 +1,113 @@ +/* user_settings_min_ecc.h + * + * Copyright (C) 2006-2020 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* should be renamed to user_settings.h for customer use + * generated from configure options: + * ./configure --prefix=/usr/local \ + --enable-cryptonly --enable-ecc --enable-sp \ + --disable-rsa --disable-dh --disable-sha3 --disable-sha224 --disable-md5 \ + --disable-sha --disable-pkcs12 --disable-memory \ + --disable-chacha --disable-poly1305 --disable-sha512 --disable-sha384 \ + --disable-aesgcm --disable-aescbc --disable-aes --disable-rng \ + CFLAGS="-DNO_SIG_WRAPPER -DWOLFSSL_PUBLIC_MP -DECC_USER_CURVES \ + -DNO_ECC_SIGN -DNO_ECC_DHE -DNO_ECC_KEY_EXPORT" + * + * Cleaned up by David Garske + */ + + +#ifndef WOLFSSL_USER_SETTINGS_H +#define WOLFSSL_USER_SETTINGS_H + + +#ifdef __cplusplus +extern "C" { +#endif + +/* WolfCrypt Only (no TLS) */ +#define WOLFCRYPT_ONLY + +/* Endianness - defaults to little endian */ +#ifdef __BIG_ENDIAN__ + #define BIG_ENDIAN_ORDER +#endif + +/* Expose the math mp_ API's */ +#define WOLFSSL_PUBLIC_MP + +/* Use single precision math only */ +#define WOLFSSL_SP +#define WOLFSSL_SP_MATH +#define WOLFSSL_HAVE_SP_ECC + +/* Enable Timing Resistanace */ +#define TFM_TIMING_RESISTANT +#define ECC_TIMING_RESISTANT + +/* Enable ECC */ +#define HAVE_ECC +#define ECC_USER_CURVES /* Only 256-Bit Curves */ +#define ECC_SHAMIR + +/* Reduce ECC build size */ +#define NO_SIG_WRAPPER +#define NO_ECC_DHE +#define NO_ECC_KEY_EXPORT +#ifdef BUILD_VERIFY_ONLY + /* Disable Sign */ + #define NO_ECC_SIGN + + /* Disable RNG */ + #define WC_NO_RNG +#endif + +/* Disable Algorithms */ +#define NO_AES +#define NO_AES_CBC +#define NO_DES3 +#define NO_DSA +#define NO_RSA +#define NO_DH +#define NO_RC4 +#define NO_MD4 +#define NO_MD5 +#define NO_SHA +#define NO_HC128 +#define NO_RABBIT +#define NO_PWDBASED +#define NO_PKCS12 +#define NO_PSK + +/* Disable Features */ +#define NO_ASN +#define NO_WOLFSSL_MEMORY +#define WOLFSSL_NO_PEM +#define NO_CODING +#ifndef DEBUG + #define DEBGUG_WOLFSSL + #define NO_ERROR_STRINGS +#endif + +#ifdef __cplusplus +} +#endif + +#endif /* WOLFSSL_USER_SETTINGS_H */ diff --git a/examples/include.am b/examples/include.am index 03c06eb6b..6ebc84aa1 100644 --- a/examples/include.am +++ b/examples/include.am @@ -7,3 +7,4 @@ include examples/echoclient/include.am include examples/echoserver/include.am include examples/server/include.am include examples/sctp/include.am +include examples/configs/include.am From 776b1a2d17ebac1ccca6280d01a08703496fcb8f Mon Sep 17 00:00:00 2001 From: David Garske Date: Fri, 31 Jul 2020 11:41:40 -0700 Subject: [PATCH 2/3] Fix for ED25519 with user_settings.h. Fixes for build warnings. Fix spelling error. Added template for wolfBoot key/sign tools. --- configure.ac | 2 +- examples/configs/README.md | 18 ++- examples/configs/include.am | 1 + examples/configs/user_settings_min_ecc.h | 29 +++-- .../configs/user_settings_wolfboot_keytools.h | 97 +++++++++++++++ tests/api.c | 2 +- wolfcrypt/src/sp_arm32.c | 6 +- wolfcrypt/src/sp_arm64.c | 6 +- wolfcrypt/src/sp_armthumb.c | 6 +- wolfcrypt/src/sp_c32.c | 114 +++++++++--------- wolfcrypt/src/sp_c64.c | 114 +++++++++--------- wolfcrypt/src/sp_cortexm.c | 6 +- wolfcrypt/src/sp_x86_64.c | 6 +- wolfcrypt/test/test.c | 2 + 14 files changed, 254 insertions(+), 155 deletions(-) create mode 100644 examples/configs/user_settings_wolfboot_keytools.h diff --git a/configure.ac b/configure.ac index 11f8dd89c..6c7395939 100644 --- a/configure.ac +++ b/configure.ac @@ -5238,7 +5238,7 @@ AM_CONDITIONAL([BUILD_SHA512],[test "x$ENABLED_SHA512" = "xyes" || test "x$ENABL AM_CONDITIONAL([BUILD_DSA],[test "x$ENABLED_DSA" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_ECC],[test "x$ENABLED_ECC" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_ED25519],[test "x$ENABLED_ED25519" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) -AM_CONDITIONAL([BUILD_ED25519_SMALL],[test "x$ENABLED_ED25519_SMALL" = "xyes"]) +AM_CONDITIONAL([BUILD_ED25519_SMALL],[test "x$ENABLED_ED25519_SMALL" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_FEMATH], [test "x$ENABLED_FEMATH" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_GEMATH], [test "x$ENABLED_GEMATH" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_CURVE25519],[test "x$ENABLED_CURVE25519" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) diff --git a/examples/configs/README.md b/examples/configs/README.md index fe8b2fcdd..b7ad705c3 100644 --- a/examples/configs/README.md +++ b/examples/configs/README.md @@ -1,8 +1,22 @@ # Example build configurations -These are meant to be copied to your local project and renamed to `user_settings.h`. +Example wolfSSL configuration file templates for use when autoconf is not available, such as building with a custom IDE. ## Files -* `user_settings_all.h`: This is wolfSSL with all features enabled. Equivelent to `./configure --enable-all`. +* `user_settings_all.h`: This is wolfSSL with all features enabled. Equivalent to `./configure --enable-all`. * `user_settings_min_ecc.h`: This is ECC and SHA-256 only. For ECC verify only add `BUILD_VERIFY_ONLY`. +* `user_settings_wolfboot_keytools.h`: This from wolfBoot tools/keytools and is ECC, RSA, ED25519 and ChaCha20. + +## Usage + +1. Copy to your local project and rename to `user_settings.h`. +2. Add pre-processor macro `WOLFSSL_USER_SETTINGS` to your project. +3. Make sure and include `#include ` prior to any other wolfSSL headers in your application. + +## Testing with Autoconf + +To use these with autoconf: + +1. Copy file to root as `user_settings.h`. +2. Run `./configure --enable-usersettings --disable-examples && make` diff --git a/examples/configs/include.am b/examples/configs/include.am index 791cbcae2..1096eee79 100644 --- a/examples/configs/include.am +++ b/examples/configs/include.am @@ -4,3 +4,4 @@ EXTRA_DIST += examples/configs/README.md EXTRA_DIST += examples/configs/user_settings_all.h EXTRA_DIST += examples/configs/user_settings_min_ecc.h +EXTRA_DIST += examples/configs/user_settings_wolfboot_keytools.h diff --git a/examples/configs/user_settings_min_ecc.h b/examples/configs/user_settings_min_ecc.h index 0a6bb90b6..2dcdce2b4 100644 --- a/examples/configs/user_settings_min_ecc.h +++ b/examples/configs/user_settings_min_ecc.h @@ -21,7 +21,7 @@ /* should be renamed to user_settings.h for customer use * generated from configure options: - * ./configure --prefix=/usr/local \ + * ./configure \ --enable-cryptonly --enable-ecc --enable-sp \ --disable-rsa --disable-dh --disable-sha3 --disable-sha224 --disable-md5 \ --disable-sha --disable-pkcs12 --disable-memory \ @@ -55,6 +55,7 @@ extern "C" { /* Use single precision math only */ #define WOLFSSL_SP +#define WOLFSSL_SP_SMALL #define WOLFSSL_SP_MATH #define WOLFSSL_HAVE_SP_ECC @@ -65,19 +66,14 @@ extern "C" { /* Enable ECC */ #define HAVE_ECC #define ECC_USER_CURVES /* Only 256-Bit Curves */ -#define ECC_SHAMIR +//#define ECC_SHAMIR -/* Reduce ECC build size */ +/* Optional Feature Disables */ #define NO_SIG_WRAPPER -#define NO_ECC_DHE -#define NO_ECC_KEY_EXPORT -#ifdef BUILD_VERIFY_ONLY - /* Disable Sign */ - #define NO_ECC_SIGN - - /* Disable RNG */ - #define WC_NO_RNG -#endif +//#define NO_ECC_KEY_EXPORT +//#define NO_ECC_DHE +//#define NO_ECC_SIGN +//#define NO_ECC_VERIFY /* Disable Algorithms */ #define NO_AES @@ -94,13 +90,16 @@ extern "C" { #define NO_RABBIT #define NO_PWDBASED #define NO_PKCS12 -#define NO_PSK +#define NO_PKCS8 +//#define WC_NO_RNG /* Disable Features */ -#define NO_ASN +//#define NO_ASN +//#define NO_CERTS #define NO_WOLFSSL_MEMORY #define WOLFSSL_NO_PEM -#define NO_CODING +//#define NO_CODING +#define NO_PSK #ifndef DEBUG #define DEBGUG_WOLFSSL #define NO_ERROR_STRINGS diff --git a/examples/configs/user_settings_wolfboot_keytools.h b/examples/configs/user_settings_wolfboot_keytools.h new file mode 100644 index 000000000..4634c9d2c --- /dev/null +++ b/examples/configs/user_settings_wolfboot_keytools.h @@ -0,0 +1,97 @@ +/* user_settings_wolfboot_keytools.h + * + * wolfCrypt build settings for wolfBoot keygen and signing tool + * Enabled via WOLFSSL_USER_SETTINGS. + * + * + * Copyright (C) 2020 wolfSSL Inc. + * + * This file is part of wolfBoot. + * + * wolfBoot is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfBoot is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef H_USER_SETTINGS_ +#define H_USER_SETTINGS_ + +#include + +/* System */ +#define WOLFSSL_GENERAL_ALIGNMENT 4 +#define SINGLE_THREADED +#define WOLFCRYPT_ONLY +#define SIZEOF_LONG_LONG 8 + +/* Math */ +#define WOLFSSL_SP +#define WOLFSSL_SP_NO_3072 +#define USE_FAST_MATH +#define FP_MAX_BITS (4096 * 2) +#define TFM_TIMING_RESISTANT + +/* ECC */ +#define HAVE_ECC +#define WOLFSSL_HAVE_SP_ECC +#define ECC_TIMING_RESISTANT + +/* ED25519 */ +#define HAVE_ED25519 +#define CURVED25519_SMALL + +/* RSA */ +#define HAVE_RSA +#define WOLFSSL_HAVE_SP_RSA +#define WC_RSA_BLINDING +#define WOLFSSL_KEY_GEN + +/* Hashing */ +#define WOLFSSL_SHA512 /* Required for ED25519 */ +#define WOLFSSL_SHA3 +#undef NO_SHA256 + +/* Chacha stream cipher */ +#define HAVE_CHACHA + +/* Disables */ +#define NO_AES +#define NO_CMAC +#define NO_HMAC +#define NO_RC4 +#define NO_SHA +#define NO_DH +#define NO_DSA +#define NO_MD4 +#define NO_RABBIT +#define NO_MD5 +#define NO_SIG_WRAPPER +#define NO_CERT +#define NO_SESSION_CACHE +#define NO_HC128 +#define NO_DES3 +#define NO_PWDBASED +#define NO_WRITEV +#define NO_FILESYSTEM +//#define NO_MAIN_DRIVER +#define NO_OLD_RNGNAME +#define NO_WOLFSSL_DIR +#define WOLFSSL_NO_SOCK +#define WOLFSSL_IGNORE_FILE_WARN +#define NO_ERROR_STRINGS + +#define BENCH_EMBEDDED +#define NO_CRYPT_TEST +#define NO_CRYPT_BENCHMARK + +#endif /* !H_USER_SETTINGS_ */ diff --git a/tests/api.c b/tests/api.c index 8bd8b5267..88e8c21ce 100644 --- a/tests/api.c +++ b/tests/api.c @@ -253,7 +253,7 @@ #endif #if defined(WOLFSSL_SHA3) || defined(HAVE_PKCS7) || (!defined(NO_RSA) && \ - !defined(NO_SIG_WRAPPER)) + !defined(NO_SIG_WRAPPER)) || !defined(WC_NO_RNG) static int devId = INVALID_DEVID; #endif #ifndef NO_DSA diff --git a/wolfcrypt/src/sp_arm32.c b/wolfcrypt/src/sp_arm32.c index 085d8c069..a3a95be01 100644 --- a/wolfcrypt/src/sp_arm32.c +++ b/wolfcrypt/src/sp_arm32.c @@ -36866,14 +36866,13 @@ static int sp_256_ecc_is_point_8(sp_point_256* point, void* heap) err = MEMORY_E; } #endif + (void)heap; if (err == MP_OKAY) { #if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) t1 = d + 0 * 8; t2 = d + 2 * 8; #else - (void)heap; - t1 = t1d; t2 = t2d; #endif @@ -45293,14 +45292,13 @@ static int sp_384_ecc_is_point_12(sp_point_384* point, void* heap) err = MEMORY_E; } #endif + (void)heap; if (err == MP_OKAY) { #if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) t1 = d + 0 * 12; t2 = d + 2 * 12; #else - (void)heap; - t1 = t1d; t2 = t2d; #endif diff --git a/wolfcrypt/src/sp_arm64.c b/wolfcrypt/src/sp_arm64.c index 067b4a126..c5febcb4a 100644 --- a/wolfcrypt/src/sp_arm64.c +++ b/wolfcrypt/src/sp_arm64.c @@ -36633,14 +36633,13 @@ static int sp_256_ecc_is_point_4(sp_point_256* point, void* heap) err = MEMORY_E; } #endif + (void)heap; if (err == MP_OKAY) { #if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) t1 = d + 0 * 4; t2 = d + 2 * 4; #else - (void)heap; - t1 = t1d; t2 = t2d; #endif @@ -42928,14 +42927,13 @@ static int sp_384_ecc_is_point_6(sp_point_384* point, void* heap) err = MEMORY_E; } #endif + (void)heap; if (err == MP_OKAY) { #if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) t1 = d + 0 * 6; t2 = d + 2 * 6; #else - (void)heap; - t1 = t1d; t2 = t2d; #endif diff --git a/wolfcrypt/src/sp_armthumb.c b/wolfcrypt/src/sp_armthumb.c index 91a4bc367..64c9ca146 100644 --- a/wolfcrypt/src/sp_armthumb.c +++ b/wolfcrypt/src/sp_armthumb.c @@ -21639,14 +21639,13 @@ static int sp_256_ecc_is_point_8(sp_point_256* point, void* heap) err = MEMORY_E; } #endif + (void)heap; if (err == MP_OKAY) { #if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) t1 = d + 0 * 8; t2 = d + 2 * 8; #else - (void)heap; - t1 = t1d; t2 = t2d; #endif @@ -28135,14 +28134,13 @@ static int sp_384_ecc_is_point_12(sp_point_384* point, void* heap) err = MEMORY_E; } #endif + (void)heap; if (err == MP_OKAY) { #if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) t1 = d + 0 * 12; t2 = d + 2 * 12; #else - (void)heap; - t1 = t1d; t2 = t2d; #endif diff --git a/wolfcrypt/src/sp_c32.c b/wolfcrypt/src/sp_c32.c index 4dec2d99c..779e2831b 100644 --- a/wolfcrypt/src/sp_c32.c +++ b/wolfcrypt/src/sp_c32.c @@ -2087,7 +2087,7 @@ static int sp_2048_mod_exp_45(sp_digit* r, const sp_digit* a, const sp_digit* e, sp_digit td[(32 * 90) + 90]; #endif sp_digit* t[32]; - sp_digit* rt = NULL; + sp_digit* rt; sp_digit* norm; sp_digit mp = 1; sp_digit n; @@ -3040,7 +3040,7 @@ static int sp_2048_mod_exp_90(sp_digit* r, const sp_digit* a, const sp_digit* e, sp_digit td[(32 * 180) + 180]; #endif sp_digit* t[32]; - sp_digit* rt = NULL; + sp_digit* rt; sp_digit* norm; sp_digit mp = 1; sp_digit n; @@ -3192,10 +3192,10 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, mp_int* em, mp_int* mm, { #ifdef WOLFSSL_SP_SMALL sp_digit* d = NULL; - sp_digit* a = NULL; - sp_digit* m = NULL; - sp_digit* r = NULL; - sp_digit* norm = NULL; + sp_digit* a; + sp_digit* m; + sp_digit* r; + sp_digit* norm; sp_digit e[1] = {0}; sp_digit mp; int i; @@ -3289,9 +3289,9 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, mp_int* em, mp_int* mm, #else sp_digit* d = NULL; #endif - sp_digit* a = NULL; - sp_digit* m = NULL; - sp_digit* r = NULL; + sp_digit* a; + sp_digit* m; + sp_digit* r; sp_digit e[1] = {0}; int err = MP_OKAY; @@ -3530,15 +3530,15 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, mp_int* dm, #else #if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* t = NULL; - sp_digit* a = NULL; - sp_digit* p = NULL; - sp_digit* q = NULL; - sp_digit* dp = NULL; - sp_digit* dq = NULL; - sp_digit* qi = NULL; - sp_digit* tmpa = NULL; - sp_digit* tmpb = NULL; - sp_digit* r = NULL; + sp_digit* a; + sp_digit* p; + sp_digit* q; + sp_digit* dp; + sp_digit* dq; + sp_digit* qi; + sp_digit* tmpa; + sp_digit* tmpb; + sp_digit* r; int err = MP_OKAY; (void)dm; @@ -5928,7 +5928,7 @@ static int sp_3072_mod_exp_67(sp_digit* r, const sp_digit* a, const sp_digit* e, sp_digit td[(32 * 134) + 134]; #endif sp_digit* t[32]; - sp_digit* rt = NULL; + sp_digit* rt; sp_digit* norm; sp_digit mp = 1; sp_digit n; @@ -6917,7 +6917,7 @@ static int sp_3072_mod_exp_134(sp_digit* r, const sp_digit* a, const sp_digit* e sp_digit td[(32 * 268) + 268]; #endif sp_digit* t[32]; - sp_digit* rt = NULL; + sp_digit* rt; sp_digit* norm; sp_digit mp = 1; sp_digit n; @@ -7069,10 +7069,10 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, mp_int* em, mp_int* mm, { #ifdef WOLFSSL_SP_SMALL sp_digit* d = NULL; - sp_digit* a = NULL; - sp_digit* m = NULL; - sp_digit* r = NULL; - sp_digit* norm = NULL; + sp_digit* a; + sp_digit* m; + sp_digit* r; + sp_digit* norm; sp_digit e[1] = {0}; sp_digit mp; int i; @@ -7166,9 +7166,9 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, mp_int* em, mp_int* mm, #else sp_digit* d = NULL; #endif - sp_digit* a = NULL; - sp_digit* m = NULL; - sp_digit* r = NULL; + sp_digit* a; + sp_digit* m; + sp_digit* r; sp_digit e[1] = {0}; int err = MP_OKAY; @@ -7407,15 +7407,15 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, mp_int* dm, #else #if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* t = NULL; - sp_digit* a = NULL; - sp_digit* p = NULL; - sp_digit* q = NULL; - sp_digit* dp = NULL; - sp_digit* dq = NULL; - sp_digit* qi = NULL; - sp_digit* tmpa = NULL; - sp_digit* tmpb = NULL; - sp_digit* r = NULL; + sp_digit* a; + sp_digit* p; + sp_digit* q; + sp_digit* dp; + sp_digit* dq; + sp_digit* qi; + sp_digit* tmpa; + sp_digit* tmpb; + sp_digit* r; int err = MP_OKAY; (void)dm; @@ -9992,7 +9992,7 @@ static int sp_4096_mod_exp_98(sp_digit* r, const sp_digit* a, const sp_digit* e, sp_digit td[(32 * 196) + 196]; #endif sp_digit* t[32]; - sp_digit* rt = NULL; + sp_digit* rt; sp_digit* norm; sp_digit mp = 1; sp_digit n; @@ -10958,7 +10958,7 @@ static int sp_4096_mod_exp_196(sp_digit* r, const sp_digit* a, const sp_digit* e sp_digit td[(32 * 392) + 392]; #endif sp_digit* t[32]; - sp_digit* rt = NULL; + sp_digit* rt; sp_digit* norm; sp_digit mp = 1; sp_digit n; @@ -11110,10 +11110,10 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, mp_int* em, mp_int* mm, { #ifdef WOLFSSL_SP_SMALL sp_digit* d = NULL; - sp_digit* a = NULL; - sp_digit* m = NULL; - sp_digit* r = NULL; - sp_digit* norm = NULL; + sp_digit* a; + sp_digit* m; + sp_digit* r; + sp_digit* norm; sp_digit e[1] = {0}; sp_digit mp; int i; @@ -11207,9 +11207,9 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, mp_int* em, mp_int* mm, #else sp_digit* d = NULL; #endif - sp_digit* a = NULL; - sp_digit* m = NULL; - sp_digit* r = NULL; + sp_digit* a; + sp_digit* m; + sp_digit* r; sp_digit e[1] = {0}; int err = MP_OKAY; @@ -11448,15 +11448,15 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, mp_int* dm, #else #if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* t = NULL; - sp_digit* a = NULL; - sp_digit* p = NULL; - sp_digit* q = NULL; - sp_digit* dp = NULL; - sp_digit* dq = NULL; - sp_digit* qi = NULL; - sp_digit* tmpa = NULL; - sp_digit* tmpb = NULL; - sp_digit* r = NULL; + sp_digit* a; + sp_digit* p; + sp_digit* q; + sp_digit* dp; + sp_digit* dq; + sp_digit* qi; + sp_digit* tmpa; + sp_digit* tmpb; + sp_digit* r; int err = MP_OKAY; (void)dm; @@ -18104,14 +18104,13 @@ static int sp_256_ecc_is_point_10(sp_point_256* point, void* heap) err = MEMORY_E; } #endif + (void)heap; if (err == MP_OKAY) { #if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) t1 = d + 0 * 10; t2 = d + 2 * 10; #else - (void)heap; - t1 = t1d; t2 = t2d; #endif @@ -25039,14 +25038,13 @@ static int sp_384_ecc_is_point_15(sp_point_384* point, void* heap) err = MEMORY_E; } #endif + (void)heap; if (err == MP_OKAY) { #if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) t1 = d + 0 * 15; t2 = d + 2 * 15; #else - (void)heap; - t1 = t1d; t2 = t2d; #endif diff --git a/wolfcrypt/src/sp_c64.c b/wolfcrypt/src/sp_c64.c index cec1f2eb2..b37a1c991 100644 --- a/wolfcrypt/src/sp_c64.c +++ b/wolfcrypt/src/sp_c64.c @@ -1735,7 +1735,7 @@ static int sp_2048_mod_exp_18(sp_digit* r, const sp_digit* a, const sp_digit* e, sp_digit td[(32 * 36) + 36]; #endif sp_digit* t[32]; - sp_digit* rt = NULL; + sp_digit* rt; sp_digit* norm; sp_digit mp = 1; sp_digit n; @@ -2680,7 +2680,7 @@ static int sp_2048_mod_exp_36(sp_digit* r, const sp_digit* a, const sp_digit* e, sp_digit td[(32 * 72) + 72]; #endif sp_digit* t[32]; - sp_digit* rt = NULL; + sp_digit* rt; sp_digit* norm; sp_digit mp = 1; sp_digit n; @@ -2832,10 +2832,10 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, mp_int* em, mp_int* mm, { #ifdef WOLFSSL_SP_SMALL sp_digit* d = NULL; - sp_digit* a = NULL; - sp_digit* m = NULL; - sp_digit* r = NULL; - sp_digit* norm = NULL; + sp_digit* a; + sp_digit* m; + sp_digit* r; + sp_digit* norm; sp_digit e[1] = {0}; sp_digit mp; int i; @@ -2929,9 +2929,9 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, mp_int* em, mp_int* mm, #else sp_digit* d = NULL; #endif - sp_digit* a = NULL; - sp_digit* m = NULL; - sp_digit* r = NULL; + sp_digit* a; + sp_digit* m; + sp_digit* r; sp_digit e[1] = {0}; int err = MP_OKAY; @@ -3170,15 +3170,15 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, mp_int* dm, #else #if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* t = NULL; - sp_digit* a = NULL; - sp_digit* p = NULL; - sp_digit* q = NULL; - sp_digit* dp = NULL; - sp_digit* dq = NULL; - sp_digit* qi = NULL; - sp_digit* tmpa = NULL; - sp_digit* tmpb = NULL; - sp_digit* r = NULL; + sp_digit* a; + sp_digit* p; + sp_digit* q; + sp_digit* dp; + sp_digit* dq; + sp_digit* qi; + sp_digit* tmpa; + sp_digit* tmpb; + sp_digit* r; int err = MP_OKAY; (void)dm; @@ -5916,7 +5916,7 @@ static int sp_3072_mod_exp_27(sp_digit* r, const sp_digit* a, const sp_digit* e, sp_digit td[(32 * 54) + 54]; #endif sp_digit* t[32]; - sp_digit* rt = NULL; + sp_digit* rt; sp_digit* norm; sp_digit mp = 1; sp_digit n; @@ -6831,7 +6831,7 @@ static int sp_3072_mod_exp_54(sp_digit* r, const sp_digit* a, const sp_digit* e, sp_digit td[(32 * 108) + 108]; #endif sp_digit* t[32]; - sp_digit* rt = NULL; + sp_digit* rt; sp_digit* norm; sp_digit mp = 1; sp_digit n; @@ -6983,10 +6983,10 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, mp_int* em, mp_int* mm, { #ifdef WOLFSSL_SP_SMALL sp_digit* d = NULL; - sp_digit* a = NULL; - sp_digit* m = NULL; - sp_digit* r = NULL; - sp_digit* norm = NULL; + sp_digit* a; + sp_digit* m; + sp_digit* r; + sp_digit* norm; sp_digit e[1] = {0}; sp_digit mp; int i; @@ -7080,9 +7080,9 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, mp_int* em, mp_int* mm, #else sp_digit* d = NULL; #endif - sp_digit* a = NULL; - sp_digit* m = NULL; - sp_digit* r = NULL; + sp_digit* a; + sp_digit* m; + sp_digit* r; sp_digit e[1] = {0}; int err = MP_OKAY; @@ -7321,15 +7321,15 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, mp_int* dm, #else #if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* t = NULL; - sp_digit* a = NULL; - sp_digit* p = NULL; - sp_digit* q = NULL; - sp_digit* dp = NULL; - sp_digit* dq = NULL; - sp_digit* qi = NULL; - sp_digit* tmpa = NULL; - sp_digit* tmpb = NULL; - sp_digit* r = NULL; + sp_digit* a; + sp_digit* p; + sp_digit* q; + sp_digit* dp; + sp_digit* dq; + sp_digit* qi; + sp_digit* tmpa; + sp_digit* tmpb; + sp_digit* r; int err = MP_OKAY; (void)dm; @@ -10213,7 +10213,7 @@ static int sp_4096_mod_exp_39(sp_digit* r, const sp_digit* a, const sp_digit* e, sp_digit td[(32 * 78) + 78]; #endif sp_digit* t[32]; - sp_digit* rt = NULL; + sp_digit* rt; sp_digit* norm; sp_digit mp = 1; sp_digit n; @@ -11227,7 +11227,7 @@ static int sp_4096_mod_exp_78(sp_digit* r, const sp_digit* a, const sp_digit* e, sp_digit td[(32 * 156) + 156]; #endif sp_digit* t[32]; - sp_digit* rt = NULL; + sp_digit* rt; sp_digit* norm; sp_digit mp = 1; sp_digit n; @@ -11379,10 +11379,10 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, mp_int* em, mp_int* mm, { #ifdef WOLFSSL_SP_SMALL sp_digit* d = NULL; - sp_digit* a = NULL; - sp_digit* m = NULL; - sp_digit* r = NULL; - sp_digit* norm = NULL; + sp_digit* a; + sp_digit* m; + sp_digit* r; + sp_digit* norm; sp_digit e[1] = {0}; sp_digit mp; int i; @@ -11476,9 +11476,9 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, mp_int* em, mp_int* mm, #else sp_digit* d = NULL; #endif - sp_digit* a = NULL; - sp_digit* m = NULL; - sp_digit* r = NULL; + sp_digit* a; + sp_digit* m; + sp_digit* r; sp_digit e[1] = {0}; int err = MP_OKAY; @@ -11717,15 +11717,15 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, mp_int* dm, #else #if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) sp_digit* t = NULL; - sp_digit* a = NULL; - sp_digit* p = NULL; - sp_digit* q = NULL; - sp_digit* dp = NULL; - sp_digit* dq = NULL; - sp_digit* qi = NULL; - sp_digit* tmpa = NULL; - sp_digit* tmpb = NULL; - sp_digit* r = NULL; + sp_digit* a; + sp_digit* p; + sp_digit* q; + sp_digit* dp; + sp_digit* dq; + sp_digit* qi; + sp_digit* tmpa; + sp_digit* tmpb; + sp_digit* r; int err = MP_OKAY; (void)dm; @@ -17900,14 +17900,13 @@ static int sp_256_ecc_is_point_5(sp_point_256* point, void* heap) err = MEMORY_E; } #endif + (void)heap; if (err == MP_OKAY) { #if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) t1 = d + 0 * 5; t2 = d + 2 * 5; #else - (void)heap; - t1 = t1d; t2 = t2d; #endif @@ -24402,14 +24401,13 @@ static int sp_384_ecc_is_point_7(sp_point_384* point, void* heap) err = MEMORY_E; } #endif + (void)heap; if (err == MP_OKAY) { #if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) t1 = d + 0 * 7; t2 = d + 2 * 7; #else - (void)heap; - t1 = t1d; t2 = t2d; #endif diff --git a/wolfcrypt/src/sp_cortexm.c b/wolfcrypt/src/sp_cortexm.c index e930b34bb..8a338a7e2 100644 --- a/wolfcrypt/src/sp_cortexm.c +++ b/wolfcrypt/src/sp_cortexm.c @@ -21207,14 +21207,13 @@ static int sp_256_ecc_is_point_8(sp_point_256* point, void* heap) err = MEMORY_E; } #endif + (void)heap; if (err == MP_OKAY) { #if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) t1 = d + 0 * 8; t2 = d + 2 * 8; #else - (void)heap; - t1 = t1d; t2 = t2d; #endif @@ -27416,14 +27415,13 @@ static int sp_384_ecc_is_point_12(sp_point_384* point, void* heap) err = MEMORY_E; } #endif + (void)heap; if (err == MP_OKAY) { #if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) t1 = d + 0 * 12; t2 = d + 2 * 12; #else - (void)heap; - t1 = t1d; t2 = t2d; #endif diff --git a/wolfcrypt/src/sp_x86_64.c b/wolfcrypt/src/sp_x86_64.c index 67eadecff..9daeb5e48 100644 --- a/wolfcrypt/src/sp_x86_64.c +++ b/wolfcrypt/src/sp_x86_64.c @@ -24381,14 +24381,13 @@ static int sp_256_ecc_is_point_4(sp_point_256* point, void* heap) err = MEMORY_E; } #endif + (void)heap; if (err == MP_OKAY) { #if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) t1 = d + 0 * 4; t2 = d + 2 * 4; #else - (void)heap; - t1 = t1d; t2 = t2d; #endif @@ -31258,14 +31257,13 @@ static int sp_384_ecc_is_point_6(sp_point_384* point, void* heap) err = MEMORY_E; } #endif + (void)heap; if (err == MP_OKAY) { #if (defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK)) && !defined(WOLFSSL_SP_NO_MALLOC) t1 = d + 0 * 6; t2 = d + 2 * 6; #else - (void)heap; - t1 = t1d; t2 = t2d; #endif diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index d9e653a30..a16df93ad 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -10450,7 +10450,9 @@ byte GetEntropy(ENTROPY_CMD cmd, byte* out) static const char* eccCaKeyPemFile = CERT_PREFIX "ecc-key.pem"; static const char* eccPubKeyDerFile = CERT_PREFIX "ecc-public-key.der"; static const char* eccCaKeyTempFile = CERT_PREFIX "ecc-key.der"; + #ifdef HAVE_PKCS8 static const char* eccPkcs8KeyDerFile = CERT_PREFIX "ecc-key-pkcs8.der"; + #endif #if defined(WOLFSSL_CERT_GEN) || \ (defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT)) static const char* certEccDerFile = CERT_PREFIX "certecc.der"; From 4f91d60d22e3909429a5f65b18e31b15e1a6a610 Mon Sep 17 00:00:00 2001 From: David Garske Date: Fri, 31 Jul 2020 15:25:58 -0700 Subject: [PATCH 3/3] Fixes for build issues without `OPENSSL_EXTRA` defined. --- examples/configs/user_settings_all.h | 1 + src/internal.c | 3 ++- src/ssl.c | 2 ++ 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/examples/configs/user_settings_all.h b/examples/configs/user_settings_all.h index d18005f54..905989d85 100644 --- a/examples/configs/user_settings_all.h +++ b/examples/configs/user_settings_all.h @@ -159,6 +159,7 @@ extern "C" { #define HAVE_HASHDRBG #define HAVE_CURVE25519 #define HAVE_ED25519 +#define CURVED25519_SMALL #define HAVE_CURVE448 #define HAVE_POLY1305 #define HAVE_CHACHA diff --git a/src/internal.c b/src/internal.c index 5c8ab15c8..e9a888bb1 100644 --- a/src/internal.c +++ b/src/internal.c @@ -10077,7 +10077,8 @@ int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl, int ret, store->userCtx = (ssl != NULL) ? ssl->verifyCbCtx : cm; store->certs = args->certs; store->totalCerts = args->totalCerts; - #if defined(HAVE_EX_DATA) || defined(FORTRESS) + #if (defined(HAVE_EX_DATA) || defined(FORTRESS)) && \ + (defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)) if (wolfSSL_CRYPTO_set_ex_data(&store->ex_data, 0, ssl) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("Failed to store ssl context in WOLFSSL_X509_STORE_CTX"); diff --git a/src/ssl.c b/src/ssl.c index 9d1f69c1d..caa2b0b15 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -19331,11 +19331,13 @@ int wolfSSL_SESSION_up_ref(WOLFSSL_SESSION* session) if (session == NULL) return WOLFSSL_FAILURE; +#ifdef OPENSSL_EXTRA if (wc_LockMutex(&session->refMutex) != 0) { WOLFSSL_MSG("Failed to lock session mutex"); } session->refCount++; wc_UnLockMutex(&session->refMutex); +#endif return WOLFSSL_SUCCESS; }