WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #7991 from douzzer/20240917-fixes 

20240917-fixes
pull/8000/head
Sean Parkinson 2024-09-20 15:20:51 +10:00 committed by GitHub
parent b9908409d4 5be198fa0e
commit 8768c55579
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
14 changed files with 231 additions and 107 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
.github/workflows/packaging.yml vendored
View File

@ -37,8 +37,9 @@ jobs:
- name: Build wolfSSL .deb
run: make deb-docker
- name: Build wolfSSL .rpm
run: make rpm-docker
# disabled 20240919 -- broken target.
# - name: Build wolfSSL .rpm
# run: make rpm-docker
- name: Confirm packages built
run: |
@ -47,8 +48,9 @@ jobs:
echo Did not find exactly two deb packages!!!
exit 1
fi
RPM_COUNT=$(find -name 'wolfssl*.rpm' | wc -l)
if [ "$RPM_COUNT" != "4" ]; then
echo Did not find exactly four rpm packages!!!
exit 1
fi
# disabled 20240919 -- broken target.
# RPM_COUNT=$(find -name 'wolfssl*.rpm' | wc -l)
# if [ "$RPM_COUNT" != "4" ]; then
# echo Did not find exactly four rpm packages!!!
# exit 1
# fi

10
m4/ax_atomic.m4
View File

@ -9,18 +9,20 @@ AC_DEFUN([AC_C___ATOMIC],
[[int
main (int argc, char **argv)
{
volatile unsigned long ul1 = 1, ul2 = 0, ul3 = 2;
volatile unsigned long ul1 = 1;
unsigned long ul2 = 0, ul3 = 2;
__atomic_load_n(&ul1, __ATOMIC_SEQ_CST);
__atomic_compare_exchange(&ul1, &ul2, &ul3, 1, __ATOMIC_SEQ_CST, __ATOMIC_SEQ_CST);
__atomic_fetch_add(&ul1, 1, __ATOMIC_SEQ_CST);
__atomic_fetch_sub(&ul3, 1, __ATOMIC_SEQ_CST);
__atomic_fetch_sub(&ul1, 1, __ATOMIC_SEQ_CST);
__atomic_or_fetch(&ul1, ul2, __ATOMIC_SEQ_CST);
__atomic_and_fetch(&ul1, ul2, __ATOMIC_SEQ_CST);
volatile unsigned long long ull1 = 1, ull2 = 0, ull3 = 2;
volatile unsigned long long ull1 = 1;
unsigned long long ull2 = 0, ull3 = 2;
__atomic_load_n(&ull1, __ATOMIC_SEQ_CST);
__atomic_compare_exchange(&ull1, &ull2, &ull3, 1, __ATOMIC_SEQ_CST, __ATOMIC_SEQ_CST);
__atomic_fetch_add(&ull1, 1, __ATOMIC_SEQ_CST);
__atomic_fetch_sub(&ull3, 1, __ATOMIC_SEQ_CST);
__atomic_fetch_sub(&ull1, 1, __ATOMIC_SEQ_CST);
__atomic_or_fetch(&ull1, ull2, __ATOMIC_SEQ_CST);
__atomic_and_fetch(&ull1, ull2, __ATOMIC_SEQ_CST);
return 0;

2
src/dtls13.c
View File

@ -71,6 +71,8 @@ typedef struct Dtls13HandshakeHeader {
byte fragmentLength[3];
} Dtls13HandshakeHeader;
static_assert(sizeof(Dtls13HandshakeHeader) == DTLS13_HANDSHAKE_HEADER_SZ);
/**
* struct Dtls13Recordplaintextheader: represent header of unprotected DTLSv1.3
* record

4
src/tls13.c
View File

@ -4165,7 +4165,11 @@ static int EchHashHelloInner(WOLFSSL* ssl, WOLFSSL_ECH* ech)
{
int ret;
HS_Hashes* tmpHashes;
#ifdef WOLFSSL_DTLS13
byte falseHeader[DTLS13_HANDSHAKE_HEADER_SZ];
#else
byte falseHeader[HANDSHAKE_HEADER_SZ];
#endif
if (ssl == NULL || ech == NULL)
return BAD_FUNC_ARG;

99
tests/api.c
View File

@ -532,15 +532,6 @@ int tmpDirNameSet = 0;
| Constants
*----------------------------------------------------------------------------*/
/* Test result constants and macros. */
/* Test succeeded. */
#define TEST_SUCCESS (1)
/* Test failed. */
#define TEST_FAIL (0)
/* Test skipped - not run. */
#define TEST_SKIPPED (-7777)
/* Returns the result based on whether check is true.
*
* @param [in] check Condition for success.
@ -7291,7 +7282,7 @@ static WC_INLINE int test_ssl_memio_read_cb(WOLFSSL *ssl, char *data, int sz,
static WC_INLINE int test_ssl_memio_setup(test_ssl_memio_ctx *ctx)
{
EXPECT_DECLS;
EXPECT_DECLS_NO_MSGS(-2000);
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
int c_sharedCtx = 0;
int s_sharedCtx = 0;
@ -7564,7 +7555,7 @@ static int test_ssl_memio_do_handshake(test_ssl_memio_ctx* ctx, int max_rounds,
static int test_ssl_memio_read_write(test_ssl_memio_ctx* ctx)
{
EXPECT_DECLS;
EXPECT_DECLS_NO_MSGS(-3000);
char input[1024];
int idx = 0;
const char* msg_c = "hello wolfssl!";
@ -7653,7 +7644,14 @@ static void test_ssl_memio_cleanup(test_ssl_memio_ctx* ctx)
int test_wolfSSL_client_server_nofail_memio(test_ssl_cbf* client_cb,
test_ssl_cbf* server_cb, cbType client_on_handshake)
{
EXPECT_DECLS;
/* We use EXPECT_DECLS_NO_MSGS() here because this helper routine is used
* for numerous but varied expected-to-fail scenarios that should not emit
* error messages on the expected failures. Instead, we return a distinct
* code for each failure point, allowing the caller to assert on a
* particular mode of expected failure. On success, the usual TEST_SUCCESS
* is returned.
*/
EXPECT_DECLS_NO_MSGS(-1000);
struct test_ssl_memio_ctx test_ctx;
#ifdef WOLFSSL_HAVE_TLS_UNIQUE
size_t msg_len;
@ -7665,8 +7663,8 @@ int test_wolfSSL_client_server_nofail_memio(test_ssl_cbf* client_cb,
test_ctx.c_ctx = client_cb->ctx;
test_ctx.s_ctx = server_cb->ctx;
test_ctx.c_cb.return_code = TEST_FAIL;
test_ctx.s_cb.return_code = TEST_FAIL;
test_ctx.c_cb.return_code = EXPECT_FAILURE_CODEPOINT_ID;
test_ctx.s_cb.return_code = EXPECT_FAILURE_CODEPOINT_ID;
ExpectIntEQ(test_ssl_memio_setup(&test_ctx), TEST_SUCCESS);
ExpectIntEQ(test_ssl_memio_do_handshake(&test_ctx, 10, NULL), TEST_SUCCESS);
@ -9575,10 +9573,10 @@ static int test_wolfSSL_CTX_verifyDepth_ServerClient_3(void)
* therefore, handshake becomes failure.
*/
ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbf,
&server_cbf, NULL), TEST_FAIL);
&server_cbf, NULL), -1001);
ExpectIntEQ(client_cbf.return_code, TEST_FAIL);
ExpectIntEQ(server_cbf.return_code, TEST_FAIL);
ExpectIntEQ(client_cbf.return_code, -1000);
ExpectIntEQ(server_cbf.return_code, -1000);
ExpectIntEQ(client_cbf.last_err, WC_NO_ERR_TRACE(MAX_CHAIN_ERROR));
ExpectIntEQ(server_cbf.last_err, WC_NO_ERR_TRACE(FATAL_ERROR));
#endif /* OPENSSL_EXTRA && HAVE_SSL_MEMIO_TESTS_DEPENDENCIES */
@ -14120,7 +14118,7 @@ static int test_wolfSSL_X509_TLS_version_test_1(void)
#ifndef OPENSSL_COMPATIBLE_DEFAULTS
ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client,
&func_cb_server, NULL), TEST_FAIL);
&func_cb_server, NULL), -1001);
#else
ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client,
&func_cb_server, NULL), TEST_SUCCESS);
@ -15009,14 +15007,20 @@ static int test_Sha512_Family_Final(int type, int isRaw)
hash_test[2] = hash3;
times = sizeof(hash_test) / sizeof(byte *);
/* Good test args. */
for (i = 0; i < times; i++) {
ExpectIntEQ(finalFp(&sha512, hash_test[i]), 0);
#if defined(HAVE_FIPS) || defined(HAVE_SELFTEST) || \
defined(WOLFSSL_NO_HASH_RAW)
if (finalFp != NULL)
#endif
{
/* Good test args. */
for (i = 0; i < times; i++) {
ExpectIntEQ(finalFp(&sha512, hash_test[i]), 0);
}
/* Test bad args. */
ExpectIntEQ(finalFp(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
ExpectIntEQ(finalFp(NULL, hash1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
ExpectIntEQ(finalFp(&sha512, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
}
/* Test bad args. */
ExpectIntEQ(finalFp(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
ExpectIntEQ(finalFp(NULL, hash1), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
ExpectIntEQ(finalFp(&sha512, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
freeFp(&sha512);
@ -61861,7 +61865,7 @@ static int test_wolfSSL_curves_mismatch(void)
func_cb_server.method = test_params[i].server_meth;
ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client,
&func_cb_server, NULL), TEST_FAIL);
&func_cb_server, NULL), -1001);
ExpectIntEQ(func_cb_client.last_err, test_params[i].client_last_err);
ExpectIntEQ(func_cb_server.last_err, test_params[i].server_last_err);
@ -69656,10 +69660,16 @@ static int test_wolfSSL_SESSION_expire_downgrade(void)
#if defined(OPENSSL_EXTRA) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \
defined(HAVE_EX_DATA) && !defined(NO_SESSION_CACHE)
static int clientSessRemCountMalloc = 0;
static int serverSessRemCountMalloc = 0;
static int clientSessRemCountFree = 0;
static int serverSessRemCountFree = 0;
#ifdef WOLFSSL_ATOMIC_OPS
typedef wolfSSL_Atomic_Int SessRemCounter_t;
#else
typedef int SessRemCounter_t;
#endif
static SessRemCounter_t clientSessRemCountMalloc;
static SessRemCounter_t serverSessRemCountMalloc;
static SessRemCounter_t clientSessRemCountFree;
static SessRemCounter_t serverSessRemCountFree;
static WOLFSSL_CTX* serverSessCtx = NULL;
static WOLFSSL_SESSION* serverSess = NULL;
#if (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)) || \
@ -69680,9 +69690,9 @@ static void SessRemCtxCb(WOLFSSL_CTX *ctx, WOLFSSL_SESSION *sess)
side = (int*)SSL_SESSION_get_ex_data(sess, serverSessRemIdx);
if (side != NULL) {
if (*side == WOLFSSL_CLIENT_END)
clientSessRemCountFree++;
(void)wolfSSL_Atomic_Int_FetchAdd(&clientSessRemCountFree, 1);
else
serverSessRemCountFree++;
(void)wolfSSL_Atomic_Int_FetchAdd(&serverSessRemCountFree, 1);
SSL_SESSION_set_ex_data(sess, serverSessRemIdx, NULL);
}
@ -69719,14 +69729,14 @@ static int SessRemSslSetupCb(WOLFSSL* ssl)
if (SSL_is_server(ssl)) {
side = &sessRemCtx_Server;
serverSessRemCountMalloc++;
(void)wolfSSL_Atomic_Int_FetchAdd(&serverSessRemCountMalloc, 1);
ExpectNotNull(serverSess = SSL_get1_session(ssl));
ExpectIntEQ(SSL_CTX_up_ref(serverSessCtx = SSL_get_SSL_CTX(ssl)),
SSL_SUCCESS);
}
else {
side = &sessRemCtx_Client;
clientSessRemCountMalloc++;
(void)wolfSSL_Atomic_Int_FetchAdd(&clientSessRemCountMalloc, 1);
#if (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)) || \
!defined(NO_SESSION_CACHE_REF)
ExpectNotNull(clientSess = SSL_get1_session(ssl));
@ -69750,6 +69760,11 @@ static int test_wolfSSL_CTX_sess_set_remove_cb(void)
* session object */
test_ssl_cbf func_cb;
wolfSSL_Atomic_Int_Init(&clientSessRemCountMalloc, 0);
wolfSSL_Atomic_Int_Init(&serverSessRemCountMalloc, 0);
wolfSSL_Atomic_Int_Init(&clientSessRemCountFree, 0);
wolfSSL_Atomic_Int_Init(&serverSessRemCountFree, 0);
XMEMSET(&func_cb, 0, sizeof(func_cb));
func_cb.ctx_ready = SessRemCtxSetupCb;
func_cb.on_result = SessRemSslSetupCb;
@ -78615,7 +78630,7 @@ static int test_DhCallbacks(void)
func_cb_server.method = wolfTLSv1_2_server_method;
ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client,
&func_cb_server, NULL), TEST_FAIL);
&func_cb_server, NULL), -1001);
#endif
return EXPECT_RESULT();
}
@ -85792,7 +85807,7 @@ static int test_multiple_crls_same_issuer(void)
client_cbs.ctx_ready = test_multiple_crls_same_issuer_ctx_ready;
ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbs,
&server_cbs, NULL), TEST_FAIL);
&server_cbs, NULL), -1001);
}
#endif
return EXPECT_RESULT();
@ -90339,7 +90354,7 @@ static int test_wolfSSL_CRL_CERT_REVOKED_alert(void)
server_cbs.on_cleanup = test_wolfSSL_CRL_CERT_REVOKED_alert_on_cleanup;
ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbs,
&server_cbs, NULL), TEST_FAIL);
&server_cbs, NULL), -1001);
return EXPECT_RESULT();
}
@ -91146,7 +91161,7 @@ static int test_override_alt_cert_chain(void)
{test_override_alt_cert_chain_client_ctx_ready,
test_override_alt_cert_chain_server_ctx_ready, TEST_SUCCESS},
{test_override_alt_cert_chain_client_ctx_ready2,
test_override_alt_cert_chain_server_ctx_ready, TEST_FAIL},
test_override_alt_cert_chain_server_ctx_ready, -1001},
};
for (i = 0; i < sizeof(params)/sizeof(*params); i++) {
@ -91162,8 +91177,10 @@ static int test_override_alt_cert_chain(void)
ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbs,
&server_cbs, NULL), params[i].result);
ExpectIntEQ(client_cbs.return_code, params[i].result);
ExpectIntEQ(server_cbs.return_code, params[i].result);
ExpectIntEQ(client_cbs.return_code,
params[i].result <= 0 ? -1000 : TEST_SUCCESS);
ExpectIntEQ(server_cbs.return_code,
params[i].result <= 0 ? -1000 : TEST_SUCCESS);
}
return EXPECT_RESULT();
@ -93766,7 +93783,7 @@ static int test_revoked_loaded_int_cert(void)
client_cbf.ctx_ready = test_params[i].client_ctx_ready;
ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbf,
&server_cbf, NULL), TEST_FAIL);
&server_cbf, NULL), -1001);
ExpectIntEQ(client_cbf.last_err, WC_NO_ERR_TRACE(CRL_CERT_REVOKED));
ExpectIntEQ(server_cbf.last_err, WC_NO_ERR_TRACE(FATAL_ERROR));

70
tests/unit.h
View File

@ -20,8 +20,8 @@
*/
#ifndef CyaSSL_UNIT_H
#define CyaSSL_UNIT_H
#ifndef TESTS_UNIT_H
#define TESTS_UNIT_H
#include <wolfssl/ssl.h>
#include <wolfssl/test.h> /* thread and tcp stuff */
@ -121,27 +121,55 @@
#define AssertPtrGE(x, y) AssertPtr(x, y, >=, <)
#define AssertPtrLE(x, y) AssertPtr(x, y, <=, >)
#define TEST_FAIL 0
#define TEST_SUCCESS 1
#define TEST_SUCCESS_NO_MSGS 2
#define TEST_SKIPPED 3 /* Test skipped - not run. */
#define TEST_SKIPPED_NO_MSGS 4 /* Test skipped - not run. */
#define EXPECT_DECLS \
int _ret = TEST_SKIPPED
int _ret = TEST_SKIPPED, _fail_codepoint_id = TEST_FAIL
#define EXPECT_DECLS_NO_MSGS(fail_codepoint_offset) \
int _ret = TEST_SKIPPED_NO_MSGS, \
_fail_codepoint_id = (fail_codepoint_offset)
#define EXPECT_FAILURE_CODEPOINT_ID _fail_codepoint_id
#define EXPECT_RESULT() \
_ret
((void)_fail_codepoint_id, \
_ret == TEST_SUCCESS_NO_MSGS ? TEST_SUCCESS : \
_ret == TEST_SKIPPED_NO_MSGS ? TEST_SKIPPED : \
_ret)
#define EXPECT_SUCCESS() \
((_ret == TEST_SUCCESS) || (_ret == TEST_SKIPPED))
((_ret == TEST_SUCCESS) || \
(_ret == TEST_SKIPPED) || \
(_ret == TEST_SUCCESS_NO_MSGS) || \
(_ret == TEST_SKIPPED_NO_MSGS))
#define EXPECT_FAIL() \
(_ret == TEST_FAIL)
(! EXPECT_SUCCESS())
#define ExpFail(description, result) do { \
printf("\nERROR - %s line %d failed with:", __FILE__, __LINE__); \
fputs("\n expected: ", stdout); printf description; \
fputs("\n result: ", stdout); printf result; fputs("\n\n", stdout); \
fflush(stdout); \
_ret = TEST_FAIL; \
#define ExpFail(description, result) do { \
if ((_ret == TEST_SUCCESS_NO_MSGS) || (_ret == TEST_SKIPPED_NO_MSGS)) \
_ret = _fail_codepoint_id; \
else { \
printf("\nERROR - %s line %d failed with:", __FILE__, __LINE__); \
fputs("\n expected: ", stdout); printf description; \
fputs("\n result: ", stdout); printf result; \
fputs("\n\n", stdout); \
fflush(stdout); \
_ret = TEST_FAIL; \
} \
} while (0)
#define Expect(test, description, result) do { \
if (_ret != TEST_FAIL) { if (!(test)) ExpFail(description, result); \
else _ret = TEST_SUCCESS; } \
#define Expect(test, description, result) do { \
if (EXPECT_SUCCESS()) { \
if (!(test)) \
ExpFail(description, result); \
else if (_ret == TEST_SKIPPED_NO_MSGS) \
_ret = TEST_SUCCESS_NO_MSGS; \
else \
_ret = TEST_SUCCESS; \
} \
if (_ret == TEST_SUCCESS_NO_MSGS) \
--_fail_codepoint_id; \
} while (0)
#define ExpectTrue(x) Expect( (x), ("%s is true", #x), (#x " => FALSE"))
@ -149,14 +177,14 @@
#define ExpectNotNull(x) Expect( (x), ("%s is not null", #x), (#x " => NULL"))
#define ExpectNull(x) do { \
if (_ret != TEST_FAIL) { \
if (EXPECT_SUCCESS()) { \
PEDANTIC_EXTENSION void* _x = (void*)(x); \
Expect(!_x, ("%s is null", #x), (#x " => %p", _x)); \
} \
} while(0)
#define ExpectInt(x, y, op, er) do { \
if (_ret != TEST_FAIL) { \
if (EXPECT_SUCCESS()) { \
int _x = (int)(x); \
int _y = (int)(y); \
Expect(_x op _y, ("%s " #op " %s", #x, #y), ("%d " #er " %d", _x, _y));\
@ -171,7 +199,7 @@
#define ExpectIntLE(x, y) ExpectInt(x, y, <=, >)
#define ExpectStr(x, y, op, er) do { \
if (_ret != TEST_FAIL) { \
if (EXPECT_SUCCESS()) { \
const char* _x = (const char*)(x); \
const char* _y = (const char*)(y); \
int _z = (_x && _y) ? XSTRCMP(_x, _y) : -1; \
@ -188,7 +216,7 @@
#define ExpectStrLE(x, y) ExpectStr(x, y, <=, >)
#define ExpectPtr(x, y, op, er) do { \
if (_ret != TEST_FAIL) { \
if (EXPECT_SUCCESS()) { \
PRAGMA_DIAG_PUSH \
/* remarkably, without this inhibition, */ \
/* the _Pragma()s make the declarations warn. */ \
@ -211,7 +239,7 @@
#define ExpectPtrLE(x, y) ExpectPtr(x, y, <=, >)
#define ExpectBuf(x, y, z, op, er) do { \
if (_ret != TEST_FAIL) { \
if (EXPECT_SUCCESS()) { \
const byte* _x = (const byte*)(x); \
const byte* _y = (const byte*)(y); \
int _z = (int)(z); \
@ -306,4 +334,4 @@ int w64wrapper_test(void);
int QuicTest(void);
#endif /* CyaSSL_UNIT_H */
#endif /* TESTS_UNIT_H */

34
wolfcrypt/benchmark/benchmark.c
View File

@ -8433,11 +8433,37 @@ exit:
void bench_rsaKeyGen(int useDeviceID)
{
int k;
#if !defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL) && \
(RSA_MIN_SIZE <= 1024)
static const word32 keySizes[2] = {1024, 2048};
#if !defined(RSA_MAX_SIZE) || !defined(RSA_MIN_SIZE)
static const word32 keySizes[2] = {1024, 2048 };
#elif RSA_MAX_SIZE >= 4096
#if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
(RSA_MIN_SIZE <= 1024)
static const word32 keySizes[4] = {1024, 2048, 3072, 4096 };
#else
static const word32 keySizes[3] = {2048, 3072, 4096};
#endif
#elif RSA_MAX_SIZE >= 3072
#if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
(RSA_MIN_SIZE <= 1024)
static const word32 keySizes[3] = {1024, 2048, 3072 };
#else
static const word32 keySizes[2] = {2048, 3072 };
#endif
#elif RSA_MAX_SIZE >= 2048
#if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
(RSA_MIN_SIZE <= 1024)
static const word32 keySizes[2] = {1024, 2048 };
#else
static const word32 keySizes[1] = {2048};
#endif
#else
static const word32 keySizes[1] = {2048};
#if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \
(RSA_MIN_SIZE <= 1024)
static const word32 keySizes[1] = {1024 };
#else
#error No candidate RSA key sizes to benchmark.
#endif
#endif
for (k = 0; k < (int)(sizeof(keySizes)/sizeof(int)); k++) {

3
wolfcrypt/src/dh.c
View File

@ -2323,7 +2323,6 @@ int wc_DhAgree_ct(DhKey* key, byte* agree, word32 *agreeSz, const byte* priv,
return MEMORY_E;
#endif
XMEMSET(agree, 0, requested_agreeSz);
XMEMSET(agree_buffer, 0, requested_agreeSz);
ret = wc_DhAgree_Sync(key, agree_buffer, agreeSz, priv, privSz, otherPub,
@ -2340,7 +2339,7 @@ int wc_DhAgree_ct(DhKey* key, byte* agree, word32 *agreeSz, const byte* priv,
byte *agree_src = agree_buffer + *agreeSz - 1,
*agree_dst = agree + requested_agreeSz - 1;
while (agree_dst >= agree) {
word32 mask = (agree_src >= agree_buffer) - 1U;;
word32 mask = (agree_src >= agree_buffer) - 1U;
agree_src += (mask & requested_agreeSz);
*agree_dst-- = *agree_src--;
}

17
wolfcrypt/src/ecc.c
View File

@ -856,6 +856,14 @@ enum {
/* This holds the key settings.
***MUST*** be organized by size from smallest to largest. */
#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)
#undef ecc_sets
#undef ecc_sets_count
#endif
#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)
static
#endif
const ecc_set_type ecc_sets[] = {
#ifdef ECC112
#ifndef NO_ECC_SECP
@ -1399,8 +1407,17 @@ const ecc_set_type ecc_sets[] = {
}
};
#define ECC_SET_COUNT (sizeof(ecc_sets)/sizeof(ecc_set_type))
#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)
static
#endif
const size_t ecc_sets_count = ECC_SET_COUNT - 1;
const ecc_set_type *wc_ecc_get_sets(void) {
return ecc_sets;
}
size_t wc_ecc_get_sets_count(void) {
return ecc_sets_count;
}
#ifdef HAVE_OID_ENCODING
/* encoded OID cache */

2
wolfcrypt/test/test.c
View File

@ -34481,7 +34481,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test_buffers(void)
} while (ret == WC_NO_ERR_TRACE(WC_PENDING_E));
if (ret < 0)
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done);
TEST_SLEEP();
TEST_SLEEP();
XMEMSET(plain, 0, sizeof(plain));

1
wolfssl/internal.h
View File

@ -1637,6 +1637,7 @@ enum Misc {
#endif
HANDSHAKE_HEADER_SZ = 4, /* type + length(3) */
DTLS13_HANDSHAKE_HEADER_SZ = 12, /* sizeof(Dtls13HandshakeHeader) */
RECORD_HEADER_SZ = 5, /* type + version + len(2) */
CERT_HEADER_SZ = 3, /* always 3 bytes */
REQ_HEADER_SZ = 2, /* cert request header sz */

13
wolfssl/wolfcrypt/ecc.h
View File

@ -641,8 +641,15 @@ WOLFSSL_ABI WOLFSSL_API void wc_ecc_key_free(ecc_key* key);
/* ECC predefined curve sets */
extern const ecc_set_type ecc_sets[];
extern const size_t ecc_sets_count;
#if defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0)
extern const ecc_set_type ecc_sets[];
extern const size_t ecc_sets_count;
#else
WOLFSSL_API const ecc_set_type *wc_ecc_get_sets(void);
WOLFSSL_API size_t wc_ecc_get_sets_count(void);
#define ecc_sets wc_ecc_get_sets()
#define ecc_sets_count wc_ecc_get_sets_count()
#endif
WOLFSSL_API
const char* wc_ecc_get_name(int curve_id);
@ -763,7 +770,7 @@ WOLFSSL_API
int wc_ecc_set_flags(ecc_key* key, word32 flags);
WOLFSSL_ABI WOLFSSL_API
void wc_ecc_fp_free(void);
WOLFSSL_LOCAL
WOLFSSL_API
void wc_ecc_fp_init(void);
WOLFSSL_API
int wc_ecc_set_rng(ecc_key* key, WC_RNG* rng);

30
wolfssl/wolfcrypt/types.h
View File

@ -1694,6 +1694,36 @@ typedef struct w64wrapper {
#define PRAGMA_DIAG_POP /* null expansion */
#endif
#define WC_CPP_CAT_(a, b) a ## b
#define WC_CPP_CAT(a, b) WC_CPP_CAT_(a, b)
#if defined(__cplusplus) && (__cplusplus >= 201103L)
#ifndef static_assert2
#define static_assert2 static_assert
#endif
#elif !defined(static_assert)
#if !defined(__cplusplus) && \
!defined(__STRICT_ANSI__) && \
!defined(WOLF_C89) && \
defined(__STDC_VERSION__) && \
(__STDC_VERSION__ >= 201112L) && \
((defined(__GNUC__) && \
(__GNUC__ >= 5)) || \
defined(__clang__))
#define static_assert(expr) _Static_assert(expr, #expr)
#ifndef static_assert2
#define static_assert2(expr, msg) _Static_assert(expr, msg)
#endif
#else
#define static_assert(expr) \
struct WC_CPP_CAT(wc_dummy_struct_L, __LINE__)
#ifndef static_assert2
#define static_assert2(expr, msg) static_assert(expr)
#endif
#endif
#elif !defined(static_assert2)
#define static_assert2(expr, msg) static_assert(expr)
#endif
#ifndef SAVE_VECTOR_REGISTERS
#define SAVE_VECTOR_REGISTERS(...) WC_DO_NOTHING
#endif

37
wolfssl/wolfcrypt/wc_port.h
View File

@ -355,11 +355,20 @@
#endif /* WOLFSSL_NO_ATOMICS */
#ifdef WOLFSSL_ATOMIC_OPS
WOLFSSL_LOCAL void wolfSSL_Atomic_Int_Init(wolfSSL_Atomic_Int* c, int i);
WOLFSSL_API void wolfSSL_Atomic_Int_Init(wolfSSL_Atomic_Int* c, int i);
/* Fetch* functions return the value of the counter immediately preceding
* the effects of the function. */
WOLFSSL_LOCAL int wolfSSL_Atomic_Int_FetchAdd(wolfSSL_Atomic_Int* c, int i);
WOLFSSL_LOCAL int wolfSSL_Atomic_Int_FetchSub(wolfSSL_Atomic_Int* c, int i);
WOLFSSL_API int wolfSSL_Atomic_Int_FetchAdd(wolfSSL_Atomic_Int* c, int i);
WOLFSSL_API int wolfSSL_Atomic_Int_FetchSub(wolfSSL_Atomic_Int* c, int i);
#else
/* Code using these fallback macros needs to arrange its own fallback for
* wolfSSL_Atomic_Int, which is never defined if
* !defined(WOLFSSL_ATOMIC_OPS). This forces local awareness of
* thread-unsafe semantics.
*/
#define wolfSSL_Atomic_Int_Init(c, i) (*(c) = (i))
#define wolfSSL_Atomic_Int_FetchAdd(c, i) (*(c) += (i), *(c) - (i))
#define wolfSSL_Atomic_Int_FetchSub(c, i) (*(c) -= (i), *(c) + (i))
#endif
/* Reference counting. */
@ -374,27 +383,7 @@ typedef struct wolfSSL_Ref {
#endif
} wolfSSL_Ref;
#ifdef SINGLE_THREADED
#define wolfSSL_RefInit(ref, err) \
do { \
(ref)->count = 1; \
*(err) = 0; \
} while(0)
#define wolfSSL_RefFree(ref) WC_DO_NOTHING
#define wolfSSL_RefInc(ref, err) \
do { \
(ref)->count++; \
*(err) = 0; \
} while(0)
#define wolfSSL_RefDec(ref, isZero, err) \
do { \
(ref)->count--; \
*(isZero) = ((ref)->count == 0); \
*(err) = 0; \
} while(0)
#elif defined(WOLFSSL_ATOMIC_OPS)
#if defined(SINGLE_THREADED) || defined(WOLFSSL_ATOMIC_OPS)
#define wolfSSL_RefInit(ref, err) \
do { \