From 659d33fdafe022ee29af3456bac5db0b1bec0b2e Mon Sep 17 00:00:00 2001 From: David Garske Date: Fri, 8 Apr 2022 15:22:16 -0700 Subject: [PATCH] Fixes for minor sniffer and async issues: * Sniffer: Remove old restrictions for max strength, encrypt-then-mac and forcing openssl-extra. * Fix bound warning with strncpy in sniffer.c. * Fix for async DH issue. * Fix for SP math all not initializing raw big int. * Fix for array bounds warning with "-O3" on SetEccPublicKey. * Fix a sniffer async edge case with TLS v1.2 static RSA and extended master. * Improved the sniffer test script detection of features. * Disable ECC custom curve test with Intel QuickAssist. --- configure.ac | 10 +- scripts/include.am | 4 +- .../{sniffer-tls13-gen.sh => sniffer-gen.sh} | 0 ...testsuite.pcap => sniffer-static-rsa.pcap} | Bin scripts/sniffer-testsuite.test | 182 ++++++++++-------- src/sniffer.c | 46 +++-- sslSniffer/sslSnifferTest/snifftest.c | 9 + wolfcrypt/src/asn.c | 14 +- wolfcrypt/src/sp_int.c | 18 ++ wolfcrypt/test/test.c | 14 +- wolfssl/wolfcrypt/types.h | 4 +- 11 files changed, 181 insertions(+), 120 deletions(-) rename scripts/{sniffer-tls13-gen.sh => sniffer-gen.sh} (100%) rename scripts/{testsuite.pcap => sniffer-static-rsa.pcap} (100%) diff --git a/configure.ac b/configure.ac index 9f5198f25..5cb1be417 100644 --- a/configure.ac +++ b/configure.ac @@ -1679,12 +1679,6 @@ AC_ARG_WITH([se050], ] ) -# sniffer doesn't work in maxstrength mode -if test "$ENABLED_SNIFFER" = "yes" && test "$ENABLED_MAXSTRENGTH" = "yes" -then - AC_MSG_ERROR([cannot enable maxstrength in sniffer mode.]) -fi - ENABLED_SNIFFTEST=no AS_IF([ test "x$ENABLED_SNIFFER" = "xyes" ], [ @@ -5245,8 +5239,6 @@ then ENABLED_ENCRYPT_THEN_MAC=yes fi -AS_IF([test "x$ENABLED_SNIFFER" = "xyes"],[ENABLED_ENCRYPT_THEN_MAC="no"]) - if test "x$ENABLED_ENCRYPT_THEN_MAC" = "xyes" then AM_CFLAGS="$AM_CFLAGS -DHAVE_ENCRYPT_THEN_MAC" @@ -7099,7 +7091,7 @@ AS_IF([test "x$ENABLED_MCAPI" = "xyes"], if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_NGINX" = "yes" || \ test "$ENABLED_SIGNAL" = "yes" || test "$ENABLED_WPAS" = "yes" || \ test "$ENABLED_FORTRESS" = "yes" || test "$ENABLED_BUMP" = "yes" || \ - test "$ENABLED_SNIFFER" = "yes" || test "$ENABLED_OPENSSLALL" = "yes" || \ + test "$ENABLED_OPENSSLALL" = "yes" || \ test "$ENABLED_LIBWEBSOCKETS" = "yes" || \ test "x$ENABLED_LIGHTY" = "xyes" || test "$ENABLED_LIBSSH2" = "yes" || \ test "x$ENABLED_NTP" = "xyes" || test "$ENABLED_RSYSLOG" = "yes" diff --git a/scripts/include.am b/scripts/include.am index 5e26f4a91..683e71cf7 100644 --- a/scripts/include.am +++ b/scripts/include.am @@ -87,7 +87,7 @@ noinst_SCRIPTS+= scripts/unit.test.in endif endif -EXTRA_DIST += scripts/testsuite.pcap \ +EXTRA_DIST += scripts/sniffer-static-rsa.pcap \ scripts/sniffer-ipv6.pcap \ scripts/sniffer-tls13-dh.pcap \ scripts/sniffer-tls13-dh-resume.pcap \ @@ -95,8 +95,8 @@ EXTRA_DIST += scripts/testsuite.pcap \ scripts/sniffer-tls13-ecc-resume.pcap \ scripts/sniffer-tls13-x25519.pcap \ scripts/sniffer-tls13-x25519-resume.pcap \ - scripts/sniffer-tls13-gen.sh \ scripts/sniffer-tls13-hrr.pcap \ + scripts/sniffer-gen.sh \ scripts/ping.test \ scripts/benchmark.test \ scripts/memtest.sh \ diff --git a/scripts/sniffer-tls13-gen.sh b/scripts/sniffer-gen.sh similarity index 100% rename from scripts/sniffer-tls13-gen.sh rename to scripts/sniffer-gen.sh diff --git a/scripts/testsuite.pcap b/scripts/sniffer-static-rsa.pcap similarity index 100% rename from scripts/testsuite.pcap rename to scripts/sniffer-static-rsa.pcap diff --git a/scripts/sniffer-testsuite.test b/scripts/sniffer-testsuite.test index 3388be5ac..80dfb8ad3 100755 --- a/scripts/sniffer-testsuite.test +++ b/scripts/sniffer-testsuite.test @@ -12,6 +12,36 @@ if [ "${AM_BWRAPPED-}" != "yes" ]; then unset AM_BWRAPPED fi +has_tlsv13=no +./sslSniffer/sslSnifferTest/snifftest -? 2>&1 | grep -- 'tls_v13 ' +if [ $? -eq 0 ]; then + has_tlsv13=yes +fi +has_tlsv12=no +./sslSniffer/sslSnifferTest/snifftest -? 2>&1 | grep -- 'tls_v12 ' +if [ $? -eq 0 ]; then + has_tlsv12=yes +fi +has_rsa=no +./sslSniffer/sslSnifferTest/snifftest -? 2>&1 | grep -- 'rsa ' +if [ $? -eq 0 ]; then + has_rsa=yes +fi +has_ecc=no +./sslSniffer/sslSnifferTest/snifftest -? 2>&1 | grep -- 'ecc ' +if [ $? -eq 0 ]; then + has_ecc=yes +fi +has_x22519=no +./sslSniffer/sslSnifferTest/snifftest -? 2>&1 | grep -- 'x22519 ' +if [ $? -eq 0 ]; then + has_x22519=yes +fi +has_dh=no +./sslSniffer/sslSnifferTest/snifftest -? 2>&1 | grep -- 'dh ' +if [ $? -eq 0 ]; then + has_dh=yes +fi # ./configure --enable-sniffer [--enable-session-ticket] # Resumption tests require "--enable-session-ticket" session_ticket=no @@ -19,94 +49,27 @@ session_ticket=no if [ $? -eq 0 ]; then session_ticket=yes fi -has_rsa=no -./sslSniffer/sslSnifferTest/snifftest -? 2>&1 | grep -- 'rsa ' +has_static_rsa=no +./sslSniffer/sslSnifferTest/snifftest -? 2>&1 | grep -- 'rsa_static ' if [ $? -eq 0 ]; then - has_rsa=yes + has_static_rsa=yes fi + + RESULT=0 -if test $session_ticket == yes +# TLS v1.2 Static RSA Test +if test $RESULT -eq 0 && test $has_rsa == yes && test $has_tlsv12 == yes && test $has_static_rsa == yes then - # TLS v1.2 Static RSA Test echo -e "\nStaring snifftest on testsuite.pcap...\n" - ./sslSniffer/sslSnifferTest/snifftest ./scripts/testsuite.pcap ./certs/server-key.pem 127.0.0.1 11111 + ./sslSniffer/sslSnifferTest/snifftest ./scripts/sniffer-static-rsa.pcap ./certs/server-key.pem 127.0.0.1 11111 RESULT=$? - [ $RESULT -ne 0 ] && echo -e "\nsnifftest failed\n" && exit 1 + [ $RESULT -ne 0 ] && echo -e "\nsnifftest static RSA failed\n" && exit 1 fi -# TLS v1.3 sniffer test ECC -if test $RESULT -eq 0 -then - ./sslSniffer/sslSnifferTest/snifftest ./scripts/sniffer-tls13-ecc.pcap ./certs/statickeys/ecc-secp256r1.pem 127.0.0.1 11111 - - RESULT=$? - [ $RESULT -ne 0 ] && echo -e "\nsnifftest TLS v1.3 ECC failed\n" && exit 1 -fi - -# TLS v1.3 sniffer test DH -if test $RESULT -eq 0 -then - ./sslSniffer/sslSnifferTest/snifftest ./scripts/sniffer-tls13-dh.pcap ./certs/statickeys/dh-ffdhe2048.pem 127.0.0.1 11111 - - RESULT=$? - [ $RESULT -ne 0 ] && echo -e "\nsnifftest TLS v1.3 DH failed\n" && exit 1 -fi - -# TLS v1.3 sniffer test X25519 -if test $RESULT -eq 0 -then - ./sslSniffer/sslSnifferTest/snifftest ./scripts/sniffer-tls13-x25519.pcap ./certs/statickeys/x25519.pem 127.0.0.1 11111 - - RESULT=$? - [ $RESULT -ne 0 ] && echo -e "\nsnifftest TLS v1.3 X25519 failed\n" && exit 1 -fi - -# TLS v1.3 Resumption Tests -if test $session_ticket == yes -then - # TLS v1.3 sniffer test ECC resumption - if test $RESULT -eq 0 - then - ./sslSniffer/sslSnifferTest/snifftest ./scripts/sniffer-tls13-ecc-resume.pcap ./certs/statickeys/ecc-secp256r1.pem 127.0.0.1 11111 - - RESULT=$? - [ $RESULT -ne 0 ] && echo -e "\nsnifftest TLS v1.3 ECC failed\n" && exit 1 - fi - - # TLS v1.3 sniffer test DH - if test $RESULT -eq 0 - then - ./sslSniffer/sslSnifferTest/snifftest ./scripts/sniffer-tls13-dh-resume.pcap ./certs/statickeys/dh-ffdhe2048.pem 127.0.0.1 11111 - - RESULT=$? - [ $RESULT -ne 0 ] && echo -e "\nsnifftest TLS v1.3 DH failed\n" && exit 1 - fi - - # TLS v1.3 sniffer test X25519 - if test $RESULT -eq 0 - then - ./sslSniffer/sslSnifferTest/snifftest ./scripts/sniffer-tls13-x25519-resume.pcap ./certs/statickeys/x25519.pem 127.0.0.1 11111 - - RESULT=$? - [ $RESULT -ne 0 ] && echo -e "\nsnifftest TLS v1.3 X25519 failed\n" && exit 1 - fi -fi - - -# TLS v1.3 sniffer test hello_retry_request (HRR) with ECDHE -if test $RESULT -eq 0 -then - ./sslSniffer/sslSnifferTest/snifftest ./scripts/sniffer-tls13-hrr.pcap ./certs/statickeys/ecc-secp256r1.pem 127.0.0.1 11111 - - RESULT=$? - [ $RESULT -ne 0 ] && echo -e "\nsnifftest TLS v1.3 HRR failed\n" && exit 1 -fi - - -# IPv6 -if test $RESULT -eq 0 && test "x$1" = "x-6"; +# TLS v1.2 Static RSA Test (IPv6) +if test $RESULT -eq 0 && test $has_rsa == yes && test $has_tlsv12 == yes && test $has_static_rsa == yes then echo -e "\nStaring snifftest on sniffer-ipv6.pcap...\n" ./sslSniffer/sslSnifferTest/snifftest ./scripts/sniffer-ipv6.pcap ./certs/server-key.pem ::1 11111 @@ -115,6 +78,69 @@ then [ $RESULT -ne 0 ] && echo -e "\nsnifftest (ipv6) failed\n" && exit 1 fi +# TLS v1.3 sniffer test ECC +if test $RESULT -eq 0 && test $has_tlsv13 == yes && test $has_ecc == yes +then + ./sslSniffer/sslSnifferTest/snifftest ./scripts/sniffer-tls13-ecc.pcap ./certs/statickeys/ecc-secp256r1.pem 127.0.0.1 11111 + + RESULT=$? + [ $RESULT -ne 0 ] && echo -e "\nsnifftest TLS v1.3 ECC failed\n" && exit 1 +fi + +# TLS v1.3 sniffer test DH +if test $RESULT -eq 0 && test $has_tlsv13 == yes && test $has_dh == yes +then + ./sslSniffer/sslSnifferTest/snifftest ./scripts/sniffer-tls13-dh.pcap ./certs/statickeys/dh-ffdhe2048.pem 127.0.0.1 11111 + + RESULT=$? + [ $RESULT -ne 0 ] && echo -e "\nsnifftest TLS v1.3 DH failed\n" && exit 1 +fi + +# TLS v1.3 sniffer test X25519 +if test $RESULT -eq 0 && test $has_tlsv13 == yes && test $has_x22519 == yes +then + ./sslSniffer/sslSnifferTest/snifftest ./scripts/sniffer-tls13-x25519.pcap ./certs/statickeys/x25519.pem 127.0.0.1 11111 + + RESULT=$? + [ $RESULT -ne 0 ] && echo -e "\nsnifftest TLS v1.3 X25519 failed\n" && exit 1 +fi + +# TLS v1.3 sniffer test ECC resumption +if test $RESULT -eq 0 && test $has_tlsv13 == yes && test $has_ecc == yes && test $session_ticket == yes +then + ./sslSniffer/sslSnifferTest/snifftest ./scripts/sniffer-tls13-ecc-resume.pcap ./certs/statickeys/ecc-secp256r1.pem 127.0.0.1 11111 + + RESULT=$? + [ $RESULT -ne 0 ] && echo -e "\nsnifftest TLS v1.3 ECC failed\n" && exit 1 +fi + +# TLS v1.3 sniffer test DH +if test $RESULT -eq 0 && test $has_tlsv13 == yes && test $has_dh == yes && test $session_ticket == yes +then + ./sslSniffer/sslSnifferTest/snifftest ./scripts/sniffer-tls13-dh-resume.pcap ./certs/statickeys/dh-ffdhe2048.pem 127.0.0.1 11111 + + RESULT=$? + [ $RESULT -ne 0 ] && echo -e "\nsnifftest TLS v1.3 DH failed\n" && exit 1 +fi + +# TLS v1.3 sniffer test X25519 +if test $RESULT -eq 0 && test $has_tlsv13 == yes && test $has_x25519 == yes && test $session_ticket == yes +then + ./sslSniffer/sslSnifferTest/snifftest ./scripts/sniffer-tls13-x25519-resume.pcap ./certs/statickeys/x25519.pem 127.0.0.1 11111 + + RESULT=$? + [ $RESULT -ne 0 ] && echo -e "\nsnifftest TLS v1.3 X25519 failed\n" && exit 1 +fi + +# TLS v1.3 sniffer test hello_retry_request (HRR) with ECDHE +if test $RESULT -eq 0 && test $has_tlsv13 == yes && test $has_ecc == yes +then + ./sslSniffer/sslSnifferTest/snifftest ./scripts/sniffer-tls13-hrr.pcap ./certs/statickeys/ecc-secp256r1.pem 127.0.0.1 11111 + + RESULT=$? + [ $RESULT -ne 0 ] && echo -e "\nsnifftest TLS v1.3 HRR failed\n" && exit 1 +fi + echo -e "\nSuccess!\n" exit 0 diff --git a/src/sniffer.c b/src/sniffer.c index 3d8e9b876..4061543e3 100644 --- a/src/sniffer.c +++ b/src/sniffer.c @@ -973,6 +973,7 @@ typedef struct TcpPseudoHdr { } TcpPseudoHdr; +#ifdef WOLFSSL_ENCRYPTED_KEYS /* Password Setting Callback */ static int SetPassword(char* passwd, int sz, int rw, void* userdata) { @@ -980,7 +981,7 @@ static int SetPassword(char* passwd, int sz, int rw, void* userdata) XSTRNCPY(passwd, (const char*)userdata, sz); return (int)XSTRLEN((const char*)userdata); } - +#endif /* Ethernet Header */ typedef struct EthernetHdr { @@ -2140,7 +2141,7 @@ static void CopySessionInfo(SnifferSession* session, SSLInfo* sslInfo) pCipher = wolfSSL_get_cipher(session->sslServer); if (NULL != pCipher) { XSTRNCPY((char*)sslInfo->serverCipherSuiteName, pCipher, - sizeof(sslInfo->serverCipherSuiteName)); + sizeof(sslInfo->serverCipherSuiteName) - 1); sslInfo->serverCipherSuiteName [sizeof(sslInfo->serverCipherSuiteName) - 1] = '\0'; } @@ -2148,7 +2149,7 @@ static void CopySessionInfo(SnifferSession* session, SSLInfo* sslInfo) #ifdef HAVE_SNI if (NULL != session->sni) { XSTRNCPY((char*)sslInfo->serverNameIndication, - session->sni, sizeof(sslInfo->serverNameIndication)); + session->sni, sizeof(sslInfo->serverNameIndication) - 1); sslInfo->serverNameIndication [sizeof(sslInfo->serverNameIndication) - 1] = '\0'; } @@ -4445,27 +4446,32 @@ static int DoHandShake(const byte* input, int* sslBytes, case client_key_exchange: Trace(GOT_CLIENT_KEY_EX_STR); #ifdef HAVE_EXTENDED_MASTER - if (session->flags.expectEms && session->hash != NULL) { - if (HashCopy(session->sslServer->hsHashes, - session->hash) == 0 && - HashCopy(session->sslClient->hsHashes, - session->hash) == 0) { + #ifdef WOLFSSL_ASYNC_CRYPT + if (session->sslServer->error != WC_PENDING_E) + #endif + { + if (session->flags.expectEms && session->hash != NULL) { + if (HashCopy(session->sslServer->hsHashes, + session->hash) == 0 && + HashCopy(session->sslClient->hsHashes, + session->hash) == 0) { - session->sslServer->options.haveEMS = 1; - session->sslClient->options.haveEMS = 1; + session->sslServer->options.haveEMS = 1; + session->sslClient->options.haveEMS = 1; + } + else { + SetError(EXTENDED_MASTER_HASH_STR, error, + session, FATAL_ERROR_STATE); + ret = -1; + } + XMEMSET(session->hash, 0, sizeof(HsHashes)); + XFREE(session->hash, NULL, DYNAMIC_TYPE_HASHES); + session->hash = NULL; } else { - SetError(EXTENDED_MASTER_HASH_STR, error, - session, FATAL_ERROR_STATE); - ret = -1; + session->sslServer->options.haveEMS = 0; + session->sslClient->options.haveEMS = 0; } - XMEMSET(session->hash, 0, sizeof(HsHashes)); - XFREE(session->hash, NULL, DYNAMIC_TYPE_HASHES); - session->hash = NULL; - } - else { - session->sslServer->options.haveEMS = 0; - session->sslClient->options.haveEMS = 0; } #endif if (ret == 0) { diff --git a/sslSniffer/sslSnifferTest/snifftest.c b/sslSniffer/sslSnifferTest/snifftest.c index dccd177c4..a0b922625 100644 --- a/sslSniffer/sslSnifferTest/snifftest.c +++ b/sslSniffer/sslSnifferTest/snifftest.c @@ -411,6 +411,9 @@ static void show_appinfo(void) #ifdef WOLFSSL_TLS13 "tls_v13 " #endif + #ifndef WOLFSSL_NO_TLS12 + "tls_v12 " + #endif #ifdef HAVE_SESSION_TICKET "session_ticket " #endif @@ -447,6 +450,12 @@ static void show_appinfo(void) #ifdef HAVE_CURVE22519 "x22519 " #endif + #ifdef WOLFSSL_STATIC_RSA + "rsa_static " + #endif + #ifdef WOLFSSL_STATIC_DH + "dh_static " + #endif "\n\n" ); } diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index c483eb338..500b06d72 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -12968,7 +12968,7 @@ static int SetCurve(ecc_key* key, byte* output) #ifdef HAVE_OID_ENCODING int ret; #endif - int idx = 0; + int idx; word32 oidSz = 0; /* validate key */ @@ -12985,7 +12985,12 @@ static int SetCurve(ecc_key* key, byte* output) oidSz = key->dp->oidSz; #endif - idx += SetObjectId(oidSz, output); + idx = SetObjectId(oidSz, output); + + /* length only */ + if (output == NULL) { + return idx + oidSz; + } #ifdef HAVE_OID_ENCODING ret = EncodeObjectId(key->dp->oid, key->dp->oidSz, output+idx, &oidSz); @@ -21206,7 +21211,6 @@ static int SetEccPublicKey(byte* output, ecc_key* key, int outLen, word32 pubSz; byte bitString[1 + MAX_LENGTH_SZ + 1]; /* 6 */ byte algo[MAX_ALGO_SZ]; /* 20 */ - byte curve[MAX_ALGO_SZ]; /* 20 */ /* public size */ pubSz = key->dp ? key->dp->size : MAX_ECC_BYTES; @@ -21219,7 +21223,7 @@ static int SetEccPublicKey(byte* output, ecc_key* key, int outLen, /* headers */ if (with_header) { - curveSz = SetCurve(key, curve); + curveSz = SetCurve(key, NULL); if (curveSz <= 0) { return curveSz; } @@ -21242,7 +21246,7 @@ static int SetEccPublicKey(byte* output, ecc_key* key, int outLen, idx += algoSz; /* curve */ if (output) - XMEMCPY(output + idx, curve, curveSz); + (void)SetCurve(key, output + idx); idx += curveSz; /* bit string */ if (output) diff --git a/wolfcrypt/src/sp_int.c b/wolfcrypt/src/sp_int.c index 284b6bc6a..4a5caeb2e 100644 --- a/wolfcrypt/src/sp_int.c +++ b/wolfcrypt/src/sp_int.c @@ -4385,31 +4385,49 @@ int sp_init_multi(sp_int* n1, sp_int* n2, sp_int* n3, sp_int* n4, sp_int* n5, _sp_zero(n1); n1->dp[0] = 0; n1->size = SP_INT_DIGITS; + #ifdef HAVE_WOLF_BIGINT + wc_bigint_init(&n1->raw); + #endif } if (n2 != NULL) { _sp_zero(n2); n2->dp[0] = 0; n2->size = SP_INT_DIGITS; + #ifdef HAVE_WOLF_BIGINT + wc_bigint_init(&n2->raw); + #endif } if (n3 != NULL) { _sp_zero(n3); n3->dp[0] = 0; n3->size = SP_INT_DIGITS; + #ifdef HAVE_WOLF_BIGINT + wc_bigint_init(&n3->raw); + #endif } if (n4 != NULL) { _sp_zero(n4); n4->dp[0] = 0; n4->size = SP_INT_DIGITS; + #ifdef HAVE_WOLF_BIGINT + wc_bigint_init(&n4->raw); + #endif } if (n5 != NULL) { _sp_zero(n5); n5->dp[0] = 0; n5->size = SP_INT_DIGITS; + #ifdef HAVE_WOLF_BIGINT + wc_bigint_init(&n5->raw); + #endif } if (n6 != NULL) { _sp_zero(n6); n6->dp[0] = 0; n6->size = SP_INT_DIGITS; + #ifdef HAVE_WOLF_BIGINT + wc_bigint_init(&n6->raw); + #endif } return MP_OKAY; diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 9fb993b3b..10e40700c 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -16260,17 +16260,23 @@ static int dh_ffdhe_test(WC_RNG *rng, int name) } ret = wc_DhGenerateKeyPair(key, rng, priv, &privSz, pub, &pubSz); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE); +#endif if (ret != MP_VAL && ret != MP_EXPTMOD_E) { ERROR_OUT(-8058, done); } ret = wc_DhAgree(key, agree, &agreeSz, priv, privSz, pub2, pubSz2); - if (ret != MP_VAL && ret != MP_EXPTMOD_E) { +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != MP_VAL && ret != MP_EXPTMOD_E && ret != ASYNC_OP_E) { ERROR_OUT(-8057, done); } ret = wc_DhCheckKeyPair(key, pub, pubSz, priv, privSz); - if (ret != MP_VAL && ret != MP_EXPTMOD_E) { + if (ret != MP_VAL && ret != MP_EXPTMOD_E && ret != ASYNC_OP_E) { ERROR_OUT(-8057, done); } @@ -23925,7 +23931,7 @@ static int ecc_test_custom_curves(WC_RNG* rng) #endif /* test use of custom curve - using BRAINPOOLP256R1 for test */ -#ifdef HAVE_ECC_BRAINPOOL +#if defined(HAVE_ECC_BRAINPOOL) && !defined(HAVE_INTEL_QA) #ifndef WOLFSSL_ECC_CURVE_STATIC WOLFSSL_SMALL_STACK_STATIC const ecc_oid_t ecc_oid_brainpoolp256r1[] = { 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x07 @@ -23966,7 +23972,7 @@ static int ecc_test_custom_curves(WC_RNG* rng) XMEMSET(key, 0, sizeof *key); -#ifdef HAVE_ECC_BRAINPOOL +#if defined(HAVE_ECC_BRAINPOOL) && !defined(HAVE_INTEL_QA) ret = ecc_test_curve_size(rng, 0, ECC_TEST_VERIFY_COUNT, ECC_CURVE_DEF, &ecc_dp_brainpool256r1); if (ret != 0) { diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index aec28a8db..5fad9b113 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -728,8 +728,8 @@ decouple library dependencies with standard string, memory and so on. #endif /* _MSC_VER */ #endif /* USE_WINDOWS_API */ - #if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) \ - || defined(HAVE_ALPN) + #if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) || \ + defined(HAVE_ALPN) || defined(WOLFSSL_SNIFFER) /* use only Thread Safe version of strtok */ #if defined(USE_WOLF_STRTOK) #define XSTRTOK(s1,d,ptr) wc_strtok((s1),(d),(ptr))