From 6e15746cf5866d697a6af7c24e0cb51f5bf649d8 Mon Sep 17 00:00:00 2001 From: gojimmypi Date: Sat, 23 Nov 2024 12:44:28 -0800 Subject: [PATCH] wolfssl 5.7.4 Release for Arduino --- ChangeLog.md | 226 +- README | 264 +- README.md | 276 +- examples/wolfssl_client/wolfssl_client.ino | 2 +- examples/wolfssl_server/README.md | 4 +- examples/wolfssl_server/wolfssl_server.ino | 2 +- library.json.pio | 4 +- library.properties | 2 +- library.properties.pio | 2 +- src/src/bio.c | 551 ++- src/src/conf.c | 32 +- src/src/crl.c | 66 +- src/src/dtls.c | 120 +- src/src/dtls13.c | 240 +- src/src/internal.c | 2869 +++++++----- src/src/keys.c | 30 +- src/src/ocsp.c | 425 +- src/src/pk.c | 806 +++- src/src/quic.c | 12 +- src/src/sniffer.c | 273 +- src/src/ssl.c | 1064 +++-- src/src/ssl_asn1.c | 1247 +++-- src/src/ssl_bn.c | 126 +- src/src/ssl_certman.c | 59 +- src/src/ssl_crypto.c | 49 +- src/src/ssl_load.c | 200 +- src/src/ssl_misc.c | 12 +- src/src/ssl_p7p12.c | 123 +- src/src/ssl_sess.c | 66 +- src/src/tls.c | 780 ++-- src/src/tls13.c | 388 +- src/src/wolfio.c | 469 +- src/src/x509.c | 2054 ++++++--- src/src/x509_str.c | 778 +++- src/user_settings.h | 4 +- src/wolfcrypt/src/aes.c | 516 ++- src/wolfcrypt/src/arc4.c | 2 +- src/wolfcrypt/src/asm.c | 52 +- src/wolfcrypt/src/asn.c | 3154 +++++++++---- src/wolfcrypt/src/bio.c | 551 ++- src/wolfcrypt/src/blake2b.c | 2 +- src/wolfcrypt/src/blake2s.c | 2 +- src/wolfcrypt/src/camellia.c | 2 +- src/wolfcrypt/src/chacha.c | 245 +- src/wolfcrypt/src/chacha20_poly1305.c | 2 +- src/wolfcrypt/src/cmac.c | 211 +- src/wolfcrypt/src/coding.c | 4 +- src/wolfcrypt/src/compress.c | 8 +- src/wolfcrypt/src/cpuid.c | 2 +- src/wolfcrypt/src/cryptocb.c | 91 +- src/wolfcrypt/src/curve25519.c | 43 +- src/wolfcrypt/src/curve448.c | 2 +- src/wolfcrypt/src/des3.c | 165 +- src/wolfcrypt/src/dh.c | 123 +- src/wolfcrypt/src/dilithium.c | 2901 ++++++++++-- src/wolfcrypt/src/dsa.c | 6 +- src/wolfcrypt/src/ecc.c | 395 +- src/wolfcrypt/src/eccsi.c | 14 +- src/wolfcrypt/src/ed25519.c | 35 +- src/wolfcrypt/src/ed448.c | 2 +- src/wolfcrypt/src/error.c | 24 +- src/wolfcrypt/src/evp.c | 331 +- src/wolfcrypt/src/ext_kyber.c | 54 +- src/wolfcrypt/src/ext_lms.c | 7 +- src/wolfcrypt/src/ext_xmss.c | 7 +- src/wolfcrypt/src/falcon.c | 2 +- src/wolfcrypt/src/fe_448.c | 2 +- src/wolfcrypt/src/fe_low_mem.c | 2 +- src/wolfcrypt/src/fe_operations.c | 2 +- src/wolfcrypt/src/ge_448.c | 18 +- src/wolfcrypt/src/ge_low_mem.c | 2 +- src/wolfcrypt/src/ge_operations.c | 20 +- src/wolfcrypt/src/hash.c | 206 +- src/wolfcrypt/src/hmac.c | 2 +- src/wolfcrypt/src/hpke.c | 2 +- src/wolfcrypt/src/integer.c | 2 +- src/wolfcrypt/src/kdf.c | 61 +- src/wolfcrypt/src/logging.c | 211 +- src/wolfcrypt/src/md2.c | 4 +- src/wolfcrypt/src/md4.c | 2 +- src/wolfcrypt/src/md5.c | 2 +- src/wolfcrypt/src/memory.c | 10 +- src/wolfcrypt/src/misc.c | 117 +- src/wolfcrypt/src/pkcs12.c | 59 +- src/wolfcrypt/src/pkcs7.c | 1292 +++--- src/wolfcrypt/src/poly1305.c | 122 +- src/wolfcrypt/src/port/Espressif/esp32_aes.c | 2 +- src/wolfcrypt/src/port/Espressif/esp32_mp.c | 340 +- src/wolfcrypt/src/port/Espressif/esp32_sha.c | 16 +- src/wolfcrypt/src/port/Espressif/esp32_util.c | 149 +- .../src/port/Espressif/esp_sdk_mem_lib.c | 51 +- .../src/port/Espressif/esp_sdk_time_lib.c | 62 +- .../src/port/Espressif/esp_sdk_wifi_lib.c | 15 +- src/wolfcrypt/src/port/atmel/atmel.c | 2 +- src/wolfcrypt/src/pwdbased.c | 28 +- src/wolfcrypt/src/random.c | 55 +- src/wolfcrypt/src/rc2.c | 2 +- src/wolfcrypt/src/ripemd.c | 2 +- src/wolfcrypt/src/rsa.c | 156 +- src/wolfcrypt/src/sakke.c | 18 +- src/wolfcrypt/src/sha.c | 37 +- src/wolfcrypt/src/sha256.c | 60 +- src/wolfcrypt/src/sha3.c | 11 +- src/wolfcrypt/src/sha512.c | 76 +- src/wolfcrypt/src/signature.c | 4 +- src/wolfcrypt/src/siphash.c | 36 +- src/wolfcrypt/src/sm2.c | 2 +- src/wolfcrypt/src/sm3.c | 2 +- src/wolfcrypt/src/sm4.c | 2 +- src/wolfcrypt/src/sp_arm32.c | 1497 +++--- src/wolfcrypt/src/sp_arm64.c | 666 ++- src/wolfcrypt/src/sp_armthumb.c | 670 ++- src/wolfcrypt/src/sp_c32.c | 3437 +++++++------- src/wolfcrypt/src/sp_c64.c | 2622 +++++------ src/wolfcrypt/src/sp_cortexm.c | 4024 +++++++++++------ src/wolfcrypt/src/sp_dsp32.c | 37 +- src/wolfcrypt/src/sp_int.c | 712 ++- src/wolfcrypt/src/sp_sm2_arm32.c | 2 +- src/wolfcrypt/src/sp_sm2_arm64.c | 2 +- src/wolfcrypt/src/sp_sm2_armthumb.c | 2 +- src/wolfcrypt/src/sp_sm2_c32.c | 2 +- src/wolfcrypt/src/sp_sm2_c64.c | 2 +- src/wolfcrypt/src/sp_sm2_cortexm.c | 2 +- src/wolfcrypt/src/sp_sm2_x86_64.c | 2 +- src/wolfcrypt/src/sp_x86_64.c | 1514 ++++--- src/wolfcrypt/src/sphincs.c | 2 +- src/wolfcrypt/src/srp.c | 10 +- src/wolfcrypt/src/tfm.c | 20 +- src/wolfcrypt/src/wc_dsp.c | 2 +- src/wolfcrypt/src/wc_encrypt.c | 2 +- src/wolfcrypt/src/wc_kyber.c | 103 +- src/wolfcrypt/src/wc_kyber_poly.c | 937 +++- src/wolfcrypt/src/wc_lms.c | 251 +- src/wolfcrypt/src/wc_lms_impl.c | 1153 +++-- src/wolfcrypt/src/wc_pkcs11.c | 303 +- src/wolfcrypt/src/wc_port.c | 383 +- src/wolfcrypt/src/wc_xmss.c | 2 +- src/wolfcrypt/src/wc_xmss_impl.c | 2 +- src/wolfcrypt/src/wolfevent.c | 2 +- src/wolfcrypt/src/wolfmath.c | 12 +- src/wolfssl/bio.c | 551 ++- src/wolfssl/callbacks.h | 2 +- src/wolfssl/crl.h | 2 +- src/wolfssl/error-ssl.h | 53 +- src/wolfssl/evp.c | 331 +- src/wolfssl/internal.h | 371 +- src/wolfssl/ocsp.h | 43 +- src/wolfssl/openssl/aes.h | 2 +- src/wolfssl/openssl/asn1.h | 189 +- src/wolfssl/openssl/asn1t.h | 2 +- src/wolfssl/openssl/bio.h | 8 +- src/wolfssl/openssl/bn.h | 4 +- src/wolfssl/openssl/buffer.h | 2 +- src/wolfssl/openssl/camellia.h | 2 +- src/wolfssl/openssl/cmac.h | 2 +- src/wolfssl/openssl/cms.h | 2 +- src/wolfssl/openssl/compat_types.h | 4 +- src/wolfssl/openssl/conf.h | 2 +- src/wolfssl/openssl/crypto.h | 2 +- src/wolfssl/openssl/des.h | 2 +- src/wolfssl/openssl/dh.h | 9 +- src/wolfssl/openssl/dsa.h | 5 +- src/wolfssl/openssl/ec.h | 11 +- src/wolfssl/openssl/ec25519.h | 2 +- src/wolfssl/openssl/ec448.h | 2 +- src/wolfssl/openssl/ecdh.h | 2 +- src/wolfssl/openssl/ecdsa.h | 2 +- src/wolfssl/openssl/ed25519.h | 2 +- src/wolfssl/openssl/ed448.h | 2 +- src/wolfssl/openssl/err.h | 2 +- src/wolfssl/openssl/evp.h | 5 +- src/wolfssl/openssl/fips_rand.h | 2 +- src/wolfssl/openssl/hmac.h | 2 +- src/wolfssl/openssl/include.am | 1 + src/wolfssl/openssl/kdf.h | 2 +- src/wolfssl/openssl/lhash.h | 2 +- src/wolfssl/openssl/md4.h | 2 +- src/wolfssl/openssl/md5.h | 2 +- src/wolfssl/openssl/modes.h | 2 +- src/wolfssl/openssl/obj_mac.h | 2 +- src/wolfssl/openssl/objects.h | 2 +- src/wolfssl/openssl/ocsp.h | 27 +- src/wolfssl/openssl/opensslv.h | 37 +- src/wolfssl/openssl/ossl_typ.h | 2 +- src/wolfssl/openssl/pem.h | 21 +- src/wolfssl/openssl/pkcs12.h | 2 +- src/wolfssl/openssl/pkcs7.h | 2 +- src/wolfssl/openssl/rand.h | 2 +- src/wolfssl/openssl/rc4.h | 2 +- src/wolfssl/openssl/ripemd.h | 2 +- src/wolfssl/openssl/rsa.h | 9 +- src/wolfssl/openssl/safestack.h | 40 + src/wolfssl/openssl/sha.h | 2 +- src/wolfssl/openssl/sha3.h | 2 +- src/wolfssl/openssl/srp.h | 2 +- src/wolfssl/openssl/ssl.h | 95 +- src/wolfssl/openssl/stack.h | 2 +- src/wolfssl/openssl/tls1.h | 2 +- src/wolfssl/openssl/txt_db.h | 2 +- src/wolfssl/openssl/x509.h | 2 +- src/wolfssl/openssl/x509_vfy.h | 5 +- src/wolfssl/openssl/x509v3.h | 20 +- src/wolfssl/quic.h | 2 +- src/wolfssl/sniffer.h | 2 +- src/wolfssl/sniffer_error.h | 2 +- src/wolfssl/ssl.h | 353 +- src/wolfssl/test.h | 76 +- src/wolfssl/version.h | 6 +- src/wolfssl/wolfcrypt/aes.h | 29 +- src/wolfssl/wolfcrypt/arc4.h | 2 +- src/wolfssl/wolfcrypt/asn.h | 330 +- src/wolfssl/wolfcrypt/asn_public.h | 59 +- src/wolfssl/wolfcrypt/blake2-impl.h | 2 +- src/wolfssl/wolfcrypt/blake2-int.h | 2 +- src/wolfssl/wolfcrypt/blake2.h | 2 +- src/wolfssl/wolfcrypt/camellia.h | 2 +- src/wolfssl/wolfcrypt/chacha.h | 25 +- src/wolfssl/wolfcrypt/chacha20_poly1305.h | 4 +- src/wolfssl/wolfcrypt/cmac.h | 31 +- src/wolfssl/wolfcrypt/coding.h | 2 +- src/wolfssl/wolfcrypt/compress.h | 2 +- src/wolfssl/wolfcrypt/cpuid.h | 2 +- src/wolfssl/wolfcrypt/cryptocb.h | 12 +- src/wolfssl/wolfcrypt/curve25519.h | 15 +- src/wolfssl/wolfcrypt/curve448.h | 6 +- src/wolfssl/wolfcrypt/des3.h | 9 +- src/wolfssl/wolfcrypt/dh.h | 5 +- src/wolfssl/wolfcrypt/dilithium.h | 134 +- src/wolfssl/wolfcrypt/dsa.h | 2 +- src/wolfssl/wolfcrypt/ecc.h | 29 +- src/wolfssl/wolfcrypt/eccsi.h | 14 +- src/wolfssl/wolfcrypt/ed25519.h | 17 +- src/wolfssl/wolfcrypt/ed448.h | 8 +- src/wolfssl/wolfcrypt/error-crypt.h | 55 +- src/wolfssl/wolfcrypt/ext_kyber.h | 15 +- src/wolfssl/wolfcrypt/ext_lms.h | 9 +- src/wolfssl/wolfcrypt/ext_xmss.h | 9 +- src/wolfssl/wolfcrypt/falcon.h | 2 +- src/wolfssl/wolfcrypt/fe_448.h | 2 +- src/wolfssl/wolfcrypt/fe_operations.h | 2 +- src/wolfssl/wolfcrypt/fips_test.h | 9 +- src/wolfssl/wolfcrypt/ge_448.h | 2 +- src/wolfssl/wolfcrypt/ge_operations.h | 4 +- src/wolfssl/wolfcrypt/hash.h | 68 +- src/wolfssl/wolfcrypt/hmac.h | 31 +- src/wolfssl/wolfcrypt/hpke.h | 2 +- src/wolfssl/wolfcrypt/integer.h | 10 +- src/wolfssl/wolfcrypt/kdf.h | 4 +- src/wolfssl/wolfcrypt/kyber.h | 54 +- src/wolfssl/wolfcrypt/lms.h | 24 +- src/wolfssl/wolfcrypt/logging.h | 2 +- src/wolfssl/wolfcrypt/md2.h | 2 +- src/wolfssl/wolfcrypt/md4.h | 2 +- src/wolfssl/wolfcrypt/md5.h | 2 +- src/wolfssl/wolfcrypt/mem_track.h | 2 +- src/wolfssl/wolfcrypt/memory.h | 2 +- src/wolfssl/wolfcrypt/misc.h | 12 +- src/wolfssl/wolfcrypt/mpi_class.h | 2 +- src/wolfssl/wolfcrypt/mpi_superclass.h | 2 +- src/wolfssl/wolfcrypt/pkcs11.h | 47 +- src/wolfssl/wolfcrypt/pkcs12.h | 2 +- src/wolfssl/wolfcrypt/pkcs7.h | 35 +- src/wolfssl/wolfcrypt/poly1305.h | 73 +- .../wolfcrypt/port/Espressif/esp-sdk-lib.h | 12 +- .../wolfcrypt/port/Espressif/esp32-crypt.h | 135 +- .../wolfcrypt/port/Espressif/esp_crt_bundle.h | 242 + src/wolfssl/wolfcrypt/port/atmel/atmel.h | 2 +- src/wolfssl/wolfcrypt/pwdbased.h | 2 +- src/wolfssl/wolfcrypt/random.h | 2 +- src/wolfssl/wolfcrypt/rc2.h | 2 +- src/wolfssl/wolfcrypt/ripemd.h | 2 +- src/wolfssl/wolfcrypt/rsa.h | 27 +- src/wolfssl/wolfcrypt/sakke.h | 18 +- src/wolfssl/wolfcrypt/selftest.h | 2 +- src/wolfssl/wolfcrypt/settings.h | 745 ++- src/wolfssl/wolfcrypt/sha.h | 10 +- src/wolfssl/wolfcrypt/sha256.h | 11 +- src/wolfssl/wolfcrypt/sha3.h | 5 +- src/wolfssl/wolfcrypt/sha512.h | 9 +- src/wolfssl/wolfcrypt/signature.h | 2 +- src/wolfssl/wolfcrypt/siphash.h | 2 +- src/wolfssl/wolfcrypt/sm2.h | 2 +- src/wolfssl/wolfcrypt/sm3.h | 2 +- src/wolfssl/wolfcrypt/sm4.h | 2 +- src/wolfssl/wolfcrypt/sp.h | 2 +- src/wolfssl/wolfcrypt/sp_int.h | 95 +- src/wolfssl/wolfcrypt/sphincs.h | 2 +- src/wolfssl/wolfcrypt/srp.h | 2 +- src/wolfssl/wolfcrypt/tfm.h | 18 +- src/wolfssl/wolfcrypt/types.h | 178 +- src/wolfssl/wolfcrypt/visibility.h | 2 +- src/wolfssl/wolfcrypt/wc_encrypt.h | 2 +- src/wolfssl/wolfcrypt/wc_kyber.h | 73 +- src/wolfssl/wolfcrypt/wc_lms.h | 148 +- src/wolfssl/wolfcrypt/wc_pkcs11.h | 6 +- src/wolfssl/wolfcrypt/wc_port.h | 166 +- src/wolfssl/wolfcrypt/wc_xmss.h | 2 +- src/wolfssl/wolfcrypt/wolfevent.h | 2 +- src/wolfssl/wolfcrypt/wolfmath.h | 28 +- src/wolfssl/wolfcrypt/xmss.h | 2 +- src/wolfssl/wolfio.h | 99 +- 301 files changed, 33650 insertions(+), 16228 deletions(-) create mode 100644 src/wolfssl/openssl/safestack.h create mode 100644 src/wolfssl/wolfcrypt/port/Espressif/esp_crt_bundle.h diff --git a/ChangeLog.md b/ChangeLog.md index 01fca46..a0585b3 100644 --- a/ChangeLog.md +++ b/ChangeLog.md @@ -1,3 +1,196 @@ +# wolfSSL Release 5.7.4 (Oct 24, 2024) + +Release 5.7.4 has been developed according to wolfSSL's development and QA +process (see link below) and successfully passed the quality criteria. +https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance + +NOTE: * --enable-heapmath is being deprecated and will be removed by end of 2024 + +PR stands for Pull Request, and PR references a GitHub pull request + number where the code change was added. + + +## Vulnerabilities +* [Low] When the OpenSSL compatibility layer is enabled, certificate + verification behaved differently in wolfSSL than OpenSSL, in the + X509_STORE_add_cert() and X509_STORE_load_locations() implementations. + Previously, in cases where an application explicitly loaded an intermediate + certificate, wolfSSL was verifying only up to that intermediate certificate, + rather than verifying up to the root CA. This only affects use cases where the + API is called directly, and does not affect TLS connections. Users that call + the API X509_STORE_add_cert() or X509_STORE_load_locations() directly in their + applications are recommended to update the version of wolfSSL used or to have + additional sanity checks on certificates loaded into the X509_STORE when + verifying a certificate. (https://github.com/wolfSSL/wolfssl/pull/8087) + + +## PQC TLS Experimental Build Fix +* When using TLS with post quantum algorithms enabled, the connection uses a + smaller EC curve than agreed on. Users building with --enable-experimental and + enabling PQC cipher suites with TLS connections are recommended to update the + version of wolfSSL used. Thanks to Daniel Correa for the report. + (https://github.com/wolfSSL/wolfssl/pull/8084) + + +## New Feature Additions +* RISC-V 64 new assembly optimizations added for SHA-256, SHA-512, ChaCha20, + Poly1305, and SHA-3 (PR 7758,7833,7818,7873,7916) +* Implement support for Connection ID (CID) with DTLS 1.2 (PR 7995) +* Add support for (DevkitPro)libnds (PR 7990) +* Add port for Mosquitto OSP (Open Source Project) (PR 6460) +* Add port for init sssd (PR 7781) +* Add port for eXosip2 (PR 7648) +* Add support for STM32G4 (PR 7997) +* Add support for MAX32665 and MAX32666 TPU HW and ARM ASM Crypto Callback + Support (PR 7777) +* Add support for building wolfSSL to be used in libspdm (PR 7869) +* Add port for use with Nucleus Plus 2.3 (PR 7732) +* Initial support for RFC5755 x509 attribute certificates (acerts). Enabled with + --enable-acert (PR 7926) +* PKCS#11 RSA Padding offload allows tokens to perform CKM_RSA_PKCS + (sign/encrypt), CKM_RSA_PKCS_PSS (sign), and CKM_RSA_PKCS_OAEP (encrypt). + (PR 7750) +* Added “new” and “delete” style functions for heap/pool allocation and freeing + of low level crypto structures (PR 3166 and 8089) + + +## Enhancements and Optimizations +* Increase default max alt. names from 128 to 1024 (PR 7762) +* Added new constant time DH agree function wc_DhAgree_ct (PR 7802) +* Expanded compatibility layer with the API EVP_PKEY_is_a (PR 7804) +* Add option to disable cryptocb test software test using + --disable-cryptocb-sw-test (PR 7862) +* Add a call to certificate verify callback before checking certificate dates + (PR 7895) +* Expanded algorithms supported with the wolfCrypt CSharp wrapper. Adding + support for RNG, ECC(ECIES and ECDHE), RSA, ED25519/Curve25519, AES-GCM, and + Hashing (PR 3166) +* Expand MMCAU support for use with DES ECB (PR 7960) +* Update AES SIV to handle multiple associated data inputs (PR 7911) +* Remove HAVE_NULL_CIPHER from --enable-openssh (PR 7811) +* Removed duplicate if(NULL) checks when calling XFREE (macro does) (PR 7839) +* Set RSA_MIN_SIZE default to 2048 bits (PR 7923) +* Added support for wolfSSL to be used as the default TLS in the zephyr kernel + (PR 7731) +* Add enable provider build using --enable-wolfprovider with autotools (PR 7550) +* Renesas RX TSIP ECDSA support (PR 7685) +* Support DTLS1.3 downgrade when the server supports CID (PR 7841) +* Server-side checks OCSP even if it uses v2 multi (PR 7828) +* Add handling of absent hash params in PKCS7 bundle parsing and creation + (PR 7845) +* Add the use of w64wrapper for Poly1305, enabling Poly1305 to be used in + environments that do not have a word64 type (PR 7759) +* Update to the maxq10xx support (PR 7824) +* Add support for parsing over optional PKCS8 attributes (PR 7944) +* Add support for either side method with DTLS 1.3 (PR 8012) +* Added PKCS7 PEM support for parsing PEM data with BEGIN/END PKCS7 (PR 7704) +* Add CMake support for WOLFSSL_CUSTOM_CURVES (PR 7962) +* Add left-most wildcard matching support to X509_check_host() (PR 7966) +* Add option to set custom SKID with PKCS7 bundle creation (PR 7954) +* Building wolfSSL as a library with Ada and corrections to Alire manifest + (PR 7303,7940) +* Renesas RX72N support updated (PR 7849) +* New option WOLFSSL_COPY_KEY added to always copy the key to the SSL object + (PR 8005) +* Add the new option WOLFSSL_COPY_CERT to always copy the cert buffer for each + SSL object (PR 7867) +* Add an option to use AES-CBC with HMAC for default session ticket enc/dec. + Defaults to AES-128-CBC with HMAC-SHA256 (PR 7703) +* Memory usage improvements in wc_PRF, sha256 (for small code when many + registers are available) and sp_int objects (PR 7901) +* Change in the configure script to work around ">>" with no command. In older + /bin/sh it can be ambiguous, as used in OS’s such as FreeBSD 9.2 (PR 7876) +* Don't attempt to include system headers when not required (PR 7813) +* Certificates: DER encoding of ECC signature algorithm parameter is now + allowed to be NULL with a define (PR 7903) +* SP x86_64 asm: check for AVX2 support for VMs (PR 7979) +* Update rx64n support on gr-rose (PR 7889) +* Update FSP version to v5.4.0 for RA6M4 (PR 7994) +* Update TSIP driver version to v1.21 for RX65N RSK (PR 7993) +* Add a new crypto callback for RSA with padding (PR 7907) +* Replaced the use of pqm4 with wolfSSL implementations of Kyber/MLDSA + (PR 7924) +* Modernized memory fence support for C11 and clang (PR 7938) +* Add a CRL error override callback (PR 7986) +* Extend the X509 unknown extension callback for use with a user context + (PR 7730) +* Additional debug error tracing added with TLS (PR 7917) +* Added runtime support for library call stack traces with + –enable-debug-trace-errcodes=backtrace, using libbacktrace (PR 7846) +* Expanded C89 conformance (PR 8077) +* Expanded support for WOLFSSL_NO_MALLOC (PR 8065) +* Added support for cross-compilation of Linux kernel module (PR 7746) +* Updated Linux kernel module with support for kernel 6.11 and 6.12 (PR 7826) +* Introduce WOLFSSL_ASN_ALLOW_0_SERIAL to allow parsing of certificates with a + serial number of 0 (PR 7893) +* Add conditional repository_owner to all wolfSSL GitHub workflows (PR 7871) + +### Espressif / Arduino Updates +* Update wolfcrypt settings.h for Espressif ESP-IDF, template update (PR 7953) +* Update Espressif sha, util, mem, time helpers (PR 7955) +* Espressif _thread_local_start and _thread_local_end fix (PR 8030) +* Improve benchmark for Espressif devices (PR 8037) +* Introduce Espressif common CONFIG_WOLFSSL_EXAMPLE_NAME, Kconfig (PR 7866) +* Add wolfSSL esp-tls and Certificate Bundle Support for Espressif ESP-IDF + (PR 7936) +* Update wolfssl Release for Arduino (PR 7775) + +### Post Quantum Crypto Updates +* Dilithium: support fixed size arrays in dilithium_key (PR 7727) +* Dilithium: add option to use precalc with small sign (PR 7744) +* Allow Kyber to be built with FIPS (PR 7788) +* Allow Kyber asm to be used in the Linux kernel module (PR 7872) +* Dilithium, Kyber: Update to final specification (PR 7877) +* Dilithium: Support FIPS 204 Draft and Final Draft (PR 7909,8016) + +### ARM Assembly Optimizations +* ARM32 assembly optimizations added for ChaCha20 and Poly1305 (PR 8020) +* Poly1305 assembly optimizations improvements for Aarch64 (PR 7859) +* Poly1305 assembly optimizations added for Thumb-2 (PR 7939) +* Adding ARM ASM build option to STM32CubePack (PR 7747) +* Add ARM64 to Visual Studio Project (PR 8010) +* Kyber assembly optimizations for ARM32 and Aarch64 (PR 8040,7998) +* Kyber assembly optimizations for ARMv7E-M/ARMv7-M (PR 7706) + + +## Fixes +* ECC key load: fixes for certificates with parameters that are not default for + size (PR 7751) +* Fixes for building x86 in Visual Studio for non-windows OS (PR 7884) +* Fix for TLS v1.2 secret callback, incorrectly detecting bad master secret + (PR 7812) +* Fixes for PowerPC assembly use with Darwin and SP math all (PR 7931) +* Fix for detecting older versions of Mac OS when trying to link with + libdispatch (PR 7932) +* Fix for DTLS1.3 downgrade to DTLS1.2 when the server sends multiple handshake + packets combined into a single transmission. (PR 7840) +* Fix for OCSP to save the request if it was stored in ssl->ctx->certOcspRequest + (PR 7779) +* Fix to OCSP for searching for CA by key hash instead of ext. key id (PR 7934) +* Fix for staticmemory and singlethreaded build (PR 7737) +* Fix to not allow Shake128/256 with Xilinx AFALG (PR 7708) +* Fix to support PKCS11 without RSA key generation (PR 7738) +* Fix not calling the signing callback when using PK callbacks + TLS 1.3 + (PR 7761) +* Cortex-M/Thumb2 ASM fix label for IAR compiler (PR 7753) +* Fix with PKCS11 to iterate correctly over slotId (PR 7736) +* Stop stripping out the sequence header on the AltSigAlg extension (PR 7710) +* Fix ParseCRL_AuthKeyIdExt with ASN template to set extAuthKeyIdSet value + (PR 7742) +* Use max key length for PSK encrypt buffer size (PR 7707) +* DTLS 1.3 fix for size check to include headers and CID fixes (PR 7912,7951) +* Fix STM32 Hash FIFO and add support for STM32U5A9xx (PR 7787) +* Fix CMake build error for curl builds (PR 8021) +* SP Maths: PowerPC ASM fix to use XOR instead of LI (PR 8038) +* SSL loading of keys/certs: testing and fixes (PR 7789) +* Misc. fixes for Dilithium and Kyber (PR 7721,7765,7803,8027,7904) +* Fixes for building wolfBoot sources for PQ LMS/XMSS (PR 7868) +* Fixes for building with Kyber enabled using CMake and zephyr port (PR 7773) +* Fix for edge cases with session resumption with TLS 1.2 (PR 8097) +* Fix issue with ARM ASM with AES CFB/OFB not initializing the "left" member + (PR 8099) + + # wolfSSL Release 5.7.2 (July 08, 2024) Release 5.7.2 has been developed according to wolfSSL's development and QA @@ -89,6 +282,7 @@ Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7702 * Expanded OpenSSL compatibility layer and added EC_POINT_hex2point (PR 7191) ## Fixes +* Fixed Kyber control-flow timing leak. Thanks to Antoon Purnal from PQShield for the report * Fixed the NXP MMCAU HW acceleration for SHA-256 (PR 7389) * Fixed AES-CFB1 encrypt/decrypt on size (8*x-1) bits (PR 7431) * Fixed use of %rip with SHA-256 x64 assembly (PR 7409) @@ -219,7 +413,7 @@ fixed this omission in several PRs for this release. * [Low] CVE-2023-6936: A potential heap overflow read is possible in servers connecting over TLS 1.3 when the optional `WOLFSSL_CALLBACKS` has been defined. The out of bounds read can occur when a server receives a malicious malformed ClientHello. Users should either discontinue use of `WOLFSSL_CALLBACKS` on the server side or update versions of wolfSSL to 5.6.6. Thanks to the tlspuffin fuzzer team for the report which was designed and developed by; Lucca Hirschi (Inria, LORIA), Steve Kremer (Inria, LORIA), and Max Ammann (Trail of Bits). The fix for this issue is located in the following GitHub Pull Request: https://github.com/wolfSSL/wolfssl/pull/6949. -* [Low] A side channel vulnerability with AES T-Tables is possible in a very controlled environment where precision sub-cache-line inspection can happen, such as inside an Intel SGX enclave. This can lead to recovery of the AES key. To prevent this type of attack, wolfSSL added an AES bitsliced implementation which can be enabled with the “`--enable-aes-bitsliced`” configure option. Thanks to Florian Sieck, Zhiyuan Zhang, Sebastian Berndt, Chitchanok Chuengsatiansup, Thomas Eisenbarth, and Yuval Yarom for the report (Universities of Lübeck, Melbourne, Adelaide and Bochum). The fix for this issue is located in the following GitHub Pull Request: https://github.com/wolfSSL/wolfssl/pull/6854. +* [Low] CVE-2024-1543: A side channel vulnerability with AES T-Tables is possible in a very controlled environment where precision sub-cache-line inspection can happen, such as inside an Intel SGX enclave. This can lead to recovery of the AES key. To prevent this type of attack, wolfSSL added an AES bitsliced implementation which can be enabled with the “`--enable-aes-bitsliced`” configure option. Thanks to Florian Sieck, Zhiyuan Zhang, Sebastian Berndt, Chitchanok Chuengsatiansup, Thomas Eisenbarth, and Yuval Yarom for the report (Universities of Lübeck, Melbourne, Adelaide and Bochum). The fix for this issue is located in the following GitHub Pull Request: https://github.com/wolfSSL/wolfssl/pull/6854. * [Low] CVE-2023-6937: wolfSSL prior to 5.6.6 did not check that messages in a single (D)TLS record do not span key boundaries. As a result, it was possible to combine (D)TLS messages using different keys into one (D)TLS record. The most extreme edge case is that, in (D)TLS 1.3, it was possible that an unencrypted (D)TLS 1.3 record from the server containing first a ServerHello message and then the rest of the first server flight would be accepted by a wolfSSL client. In (D)TLS 1.3 the handshake is encrypted after the ServerHello but a wolfSSL client would accept an unencrypted flight from the server. This does not compromise key negotiation and authentication so it is assigned a low severity rating. Thanks to Johannes Wilson for the report (Sectra Communications and Linköping University). The fix for this issue is located in the following GitHub Pull Request: https://github.com/wolfSSL/wolfssl/pull/7029. @@ -873,9 +1067,9 @@ Release 5.5.1 of wolfSSL embedded TLS has bug fixes and new features including: ## Enhancements * DTLSv1.3: Do HRR Cookie exchange by default -* Add wolfSSL_EVP_PKEY_new_CMAC_key to OpenSSL compatible API -* Update ide win10 build files to add missing sp source files -* Improve Workbench docs +* Add wolfSSL_EVP_PKEY_new_CMAC_key to OpenSSL compatible API +* Update ide win10 build files to add missing sp source files +* Improve Workbench docs * Improve EVP support for CHACHA20_POLY1305 * Improve `wc_SetCustomExtension` documentation * RSA-PSS with OCSP and add simple OCSP response DER verify test case @@ -883,23 +1077,23 @@ Release 5.5.1 of wolfSSL embedded TLS has bug fixes and new features including: * Don't over-allocate memory for DTLS fragments * Add WOLFSSL_ATECC_TFLXTLS for Atmel port * SHA-3 performance improvements with x86_64 assembly -* Add code to fallback to S/W if TSIP cannot handle +* Add code to fallback to S/W if TSIP cannot handle * Improves entropy with VxWorks * Make time in milliseconds 64-bits for longer session ticket lives * Support for setting cipher list with bytes * wolfSSL_set1_curves_list(), wolfSSL_CTX_set1_curves_list() improvements * Add to RSAES-OAEP key parsing for pkcs7 * Add missing DN nid to work with PrintName() -* SP int: default to 16 bit word size when NO_64BIT defined +* SP int: default to 16 bit word size when NO_64BIT defined * Limit the amount of fragments we store per a DTLS connection and error out when max limit is reached * Detect when certificate's RSA public key size is too big and fail on loading of certificate ## Fixes * Fix for async with OCSP non-blocking in `ProcessPeerCerts` * Fixes for building with 32-bit and socket size sign/unsigned mismatch -* Fix Windows CMakeList compiler options -* TLS 1.3 Middle-Box compat: fix missing brace -* Configuration consistency fixes for RSA keys and way to force disable of private keys +* Fix Windows CMakeList compiler options +* TLS 1.3 Middle-Box compat: fix missing brace +* Configuration consistency fixes for RSA keys and way to force disable of private keys * Fix for Aarch64 Mac M1 SP use * Fix build errors and warnings for MSVC with DTLS 1.3 * Fix HMAC compat layer function for SHA-1 @@ -907,9 +1101,9 @@ Release 5.5.1 of wolfSSL embedded TLS has bug fixes and new features including: * Check return from call to wc_Time * SP math: fix build configuration with opensslall * Fix for async session tickets -* SP int mp_init_size fixes when SP_WORD_SIZE == 8 +* SP int mp_init_size fixes when SP_WORD_SIZE == 8 * Ed. function to make public key now checks for if the private key flag is set -* Fix HashRaw WC_SHA256_DIGEST_SIZE for wc_Sha256GetHash +* Fix HashRaw WC_SHA256_DIGEST_SIZE for wc_Sha256GetHash * Fix for building with PSK only * Set correct types in wolfSSL_sk_*_new functions * Sanity check that size passed to mp_init_size() is no more than SP_INT_DIGITS @@ -1023,7 +1217,7 @@ CVE-2020-12966 https://www.amd.com/en/corporate/product-security/bulletin/amd-sb * Update SP math all to not use sp_int_word when SQR_MUL_ASM is available ### SP Math Fixes * Fixes for constant time with div function -* Fix casting warnings for Windows builds and assembly changes to support XMM6-15 being non-volatile +* Fix casting warnings for Windows builds and assembly changes to support XMM6-15 being non-volatile * Fix for div_word when not using div function * Fixes for user settings with SP ASM and ED/Curve25519 small * Additional Wycheproof tests ran and fixes @@ -1203,7 +1397,7 @@ Release 5.3.0 of wolfSSL embedded TLS has bug fixes and new features including: ### Math Library Fixes * Sanity check with SP math that ECC points ordinates are not greater than modulus length * Additional sanity checks that _sp_add_d does not error due to overflow -* Wycheproof fixes, testing integration, and fixes for AVX / AArch64 ASM edge case tests +* Wycheproof fixes, testing integration, and fixes for AVX / AArch64 ASM edge case tests * TFM fp_div_2_ct rework to avoid potential overflow ### Misc. @@ -1444,7 +1638,7 @@ Release 5.1.0 of wolfSSL embedded TLS has bug fixes and new features including: ###### PORT Fixes * Building with Android wpa_supplicant and KeyStore * Setting initial value of CA certificate with TSIP enabled -* Cryptocell ECC build fix and fix with RSA disabled +* Cryptocell ECC build fix and fix with RSA disabled * IoT-SAFE improvement for Key/File slot ID size, fix for C++ compile, and fixes for retrieving the public key after key generation ###### Math Library Fixes @@ -1583,7 +1777,7 @@ Release 5.0.0 of wolfSSL embedded TLS has bug fixes and new features including: - SSL_SESSION_has_ticket() - SSL_SESSION_get_ticket_lifetime_hint() - DIST_POINT_new - - DIST_POINT_free + - DIST_POINT_free - DIST_POINTS_free - CRL_DIST_POINTS_free - sk_DIST_POINT_push @@ -1746,7 +1940,7 @@ Release 4.8.0 of wolfSSL embedded TLS has bug fixes and new features including: ### Vulnerabilities * [Low] CVE-2021-37155: OCSP request/response verification issue. In the case that the serial number in the OCSP request differs from the serial number in the OCSP response the error from the comparison was not resulting in a failed verification. We recommend users that have wolfSSL version 4.6.0 and 4.7.0 with OCSP enabled update their version of wolfSSL. Version 4.5.0 and earlier are not affected by this report. Thanks to Rainer Mueller-Amersdorffer, Roee Yankelevsky, Barak Gutman, Hila Cohen and Shoshi Berko (from CYMOTIVE Technologies and CARIAD) for the report. -* [Low] CVE-2021-24116: Side-Channel cache look up vulnerability in base64 PEM decoding for versions of wolfSSL 4.5.0 and earlier. Versions 4.6.0 and up contain a fix and do not need to be updated for this report. If decoding a PEM format private key using version 4.5.0 and older of wolfSSL then we recommend updating the version of wolfSSL used. Thanks to Florian Sieck, Jan Wichelmann, Sebastian Berndt and Thomas Eisenbarth for the report. +* [Low] CVE-2021-24116: Side-Channel cache look up vulnerability in base64 PEM decoding for versions of wolfSSL 4.5.0 and earlier. Versions 4.6.0 and up contain a fix and do not need to be updated for this report. If decoding a PEM format private key using version 4.5.0 and older of wolfSSL then we recommend updating the version of wolfSSL used. Thanks to Florian Sieck, Jan Wichelmann, Sebastian Berndt and Thomas Eisenbarth for the report. ### New Feature Additions ###### New Product diff --git a/README b/README index 3fa99a5..2b462bc 100644 --- a/README +++ b/README @@ -70,111 +70,197 @@ should be used for the enum name. *** end Notes *** -# wolfSSL Release 5.7.2 (July 08, 2024) +# wolfSSL Release 5.7.4 (Oct 24, 2024) -Release 5.7.2 has been developed according to wolfSSL's development and QA +Release 5.7.4 has been developed according to wolfSSL's development and QA process (see link below) and successfully passed the quality criteria. https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance NOTE: * --enable-heapmath is being deprecated and will be removed by end of 2024 -## Vulnerabilities -* [Medium] CVE-2024-1544 -Potential ECDSA nonce side channel attack in versions of wolfSSL before 5.6.6 with wc_ecc_sign_hash calls. Generating the ECDSA nonce k samples a random number r and then truncates this randomness with a modular reduction mod n where n is the order of the elliptic curve. Analyzing the division through a control-flow revealing side-channel reveals a bias in the most significant bits of k. Depending on the curve this is either a negligible bias or a significant bias large enough to reconstruct k with lattice reduction methods. Thanks to Luca Wilke, Florian Sieck and Thomas Eisenbarth (University of Lübeck) for reporting the vulnerability. Details will appear in the proceedings of CCS 24. -Fixed https://github.com/wolfSSL/wolfssl/pull/7020 - - -* [Medium] CVE-2024-5288 -A private key blinding operation, enabled by defining the macro WOLFSSL_BLIND_PRIVATE_KEY, was added to mitigate a potential row hammer attack on ECC operations. If performing ECC private key operations in an environment where a malicious user could gain fine control over the device and perform row hammer style attacks it is recommended to update the version of wolfSSL used and to build with WOLFSSL_BLIND_PRIVATE_KEY defined. Thanks to Kemal Derya, M. Caner Tol, Berk Sunar for the report (Vernam Applied Cryptography and Cybersecurity Lab at Worcester Polytechnic Institute) -Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7416 - - -* [Low] When parsing a provided maliciously crafted certificate directly using wolfSSL API, outside of a TLS connection, a certificate with an excessively large number of extensions could lead to a potential DoS. There are existing sanity checks during a TLS handshake with wolfSSL which mitigate this issue. Thanks to Bing Shi for the report. -Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7597 +PR stands for Pull Request, and PR references a GitHub pull request + number where the code change was added. -* [Low] CVE-2024-5991 -In the function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the Openssl compatibility function X509_check_host() takes in a pointer and length to check against, with no requirements that it be NULL terminated. While calling without a NULL terminated string is very uncommon, it is still technically allowed. If a caller was attempting to do a name check on a non*NULL terminated buffer, the code would read beyond the bounds of the input array until it found a NULL terminator. -Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7604 -* [Medium] CVE-2024-5814 -A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a ciphersuite that it did not agree to and achieve a successful connection. This is because, aside from the extensions, the client was skipping fully parsing the server hello when downgrading from TLS 1.3. -Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7619 - -* [Medium] OCSP stapling version 2 response verification bypass issue when a crafted response of length 0 is received. Found with internal testing. -Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7702 - -* [Medium] OCSP stapling version 2 revocation bypass with a retry of a TLS connection attempt. A revoked CA certificate could incorrectly be loaded into the trusted signers list and used in a repeat connection attempt. Found with internal testing. -Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7702 +## Vulnerabilities +* [Low] When the OpenSSL compatibility layer is enabled, certificate + verification behaved differently in wolfSSL than OpenSSL, in the + X509_STORE_add_cert() and X509_STORE_load_locations() implementations. + Previously, in cases where an application explicitly loaded an intermediate + certificate, wolfSSL was verifying only up to that intermediate certificate, + rather than verifying up to the root CA. This only affects use cases where the + API is called directly, and does not affect TLS connections. Users that call + the API X509_STORE_add_cert() or X509_STORE_load_locations() directly in their + applications are recommended to update the version of wolfSSL used or to have + additional sanity checks on certificates loaded into the X509_STORE when + verifying a certificate. (https://github.com/wolfSSL/wolfssl/pull/8087) + + +## PQC TLS Experimental Build Fix +* When using TLS with post quantum algorithms enabled, the connection uses a + smaller EC curve than agreed on. Users building with --enable-experimental and + enabling PQC cipher suites with TLS connections are recommended to update the + version of wolfSSL used. Thanks to Daniel Correa for the report. + (https://github.com/wolfSSL/wolfssl/pull/8084) ## New Feature Additions -* Added Dilithium/ML-DSA: Implementation of ML-DSA-44/65/87 (PR 7622) -* AES RISC-V 64-bit ASM: ECB/CBC/CTR/GCM/CCM (PR 7569) -* Added CUDA support for AES encryption (PR 7436) -* Added support for gRPC (PR 7445) -* Added function wc_RsaPrivateKeyDecodeRaw to import raw RSA private keys (PR 7608) -* Added crypto callback for SHA-3 (PR 7670) -* Support for Infineon Modus Toolbox with wolfSSL (PR 7369) -* Allow user to send a user_canceled alert by calling wolfSSL_SendUserCanceled (PR 7590) -* C# wrapper SNI support added (PR 7610) -* Quantum-safe algorithm support added to the Linux kernel module (PR 7574) -* Support for NIST 800-56C Option 1 KDF, using the macro WC_KDF_NIST_SP_800_56C added (PR 7589) -* AES-XTS streaming mode added, along with hardware acceleration and kernel module use (PR 7522, 7560, 7424) -* PlatformIO FreeRTOS with ESP build and addition of benchmark and test example applications (PR 7528, 7413, 7559, 7542) +* RISC-V 64 new assembly optimizations added for SHA-256, SHA-512, ChaCha20, + Poly1305, and SHA-3 (PR 7758,7833,7818,7873,7916) +* Implement support for Connection ID (CID) with DTLS 1.2 (PR 7995) +* Add support for (DevkitPro)libnds (PR 7990) +* Add port for Mosquitto OSP (Open Source Project) (PR 6460) +* Add port for init sssd (PR 7781) +* Add port for eXosip2 (PR 7648) +* Add support for STM32G4 (PR 7997) +* Add support for MAX32665 and MAX32666 TPU HW and ARM ASM Crypto Callback + Support (PR 7777) +* Add support for building wolfSSL to be used in libspdm (PR 7869) +* Add port for use with Nucleus Plus 2.3 (PR 7732) +* Initial support for RFC5755 x509 attribute certificates (acerts). Enabled with + --enable-acert (PR 7926) +* PKCS#11 RSA Padding offload allows tokens to perform CKM_RSA_PKCS + (sign/encrypt), CKM_RSA_PKCS_PSS (sign), and CKM_RSA_PKCS_OAEP (encrypt). + (PR 7750) +* Added “new” and “delete” style functions for heap/pool allocation and freeing + of low level crypto structures (PR 3166 and 8089) ## Enhancements and Optimizations -* Expanded STM32 AES hardware acceleration support for use with STM32H5 (PR 7578) -* Adjusted wc_xmss and wc_lms settings to support use with wolfBoot (PR 7393) -* Added the --enable-rpk option to autotools build for using raw public key support (PR 7379) -* SHA-3 Thumb2, ARM32 assembly implementation added (PR 7667) -* Improvements to RSA padding to expose Pad/Unpad APIs (PR 7612) -* Updates and API additions for supporting socat version 1.8.0.0 (PR 7594) -* cmake build improvements, expanding build options with SINGLE_THREADED and post-quantum algorithms, adjusting the generation of options.h file and using “yes;no” boolean instead of strings (PR 7611, 7546, 7479, 7480, 7380) -* Improvements for Renesas RZ support (PR 7474) -* Improvements to dual algorithm certificates for post-quantum keys (PR 7286) -* Added wolfSSL_SessionIsSetup so the user can check if a session ticket has been sent by the server (PR 7430) -* hostap updates: Implement PACs for EAP-FAST and filter cipher list on TLS version change (PR 7446) -* Changed subject name comparison to match different upper and lower cases (PR 7420) -* Support for DTLS 1.3 downgrade when using PSK (PR 7367) -* Update to static memory build for more generic memory pools used (PR 7418) -* Improved performance of Kyber C implementation (PR 7654) -* Support for ECC_CACHE_CURVE with no malloc (PR 7490) -* Added the configure option --enable-debug-trace-errcodes (macro WOLFSSL_DEBUG_TRACE_ERROR_CODES) which enables more debug tracking of error code values (PR 7634) -* Enhanced wc_MakeRsaKey and wc_RsaKeyToDer to work with WOLFSSL_NO_MALLOC (PR 7362) -* Improvements to assembly implementations of ChaCha20 and Poly1305 ASM for use with MSVC (PR 7319) -* Cortex-M inline assembly labels with unique number appended (PR 7649) -* Added secret logging callback to TLS <= 1.2, enabled with the macro HAVE_SECRET_CALLBACK (PR 7372) -* Made wc_RNG_DRBG_Reseed() a public wolfCrypt API (PR 7386) -* Enabled DES3 support without the DES3 ciphers. To re-enable DES3 cipher suites, use the configure flag --enable-des3-tls-suites (PR 7315) -* Added stubs required for latest nginx (1.25.5) (PR 7449) -* Added option for using a custom salt with the function wc_ecc_ctx_set_own_salt (PR 7552) -* Added PQ files for Windows (PR 7419) -* Enhancements to static memory feature, adding the option for a global heap hint (PR 7478) and build options for a lean or debug setting, enabled with --enable-staticmemory=small or --enable-staticmemory=debug (PR 7597) -* Updated --enable-jni to define SESSION_CERTS for wolfJSSE (PR 7557) -* Exposed DTLS in Ada wrapper and updated examples (PR 7397) -* Added additional minimum TLS extension size sanity checks (PR 7602) -* ESP improvements: updating the examples and libraries, updates for Apple HomeKit SHA/SRP, and fix for endianness with SHA512 software fallback (PR 7607, 7392, 7505, 7535) -* Made the wc_CheckCertSigPubKey API publicly available with the define of the macro WOLFSSL_SMALL_CERT_VERIFY (PR 7599) -* Added an alpha/preview of additional FIPS 140-3 full submission, bringing additional algorithms such as SRTP-KDF, AES-XTS, GCM streaming, AES-CFB, ED25519, and ED448 into the FIPS module boundary (PR 7295) -* XCODE support for v5.2.3 of the FIPS module (PR 7140) -* Expanded OpenSSL compatibility layer and added EC_POINT_hex2point (PR 7191) +* Increase default max alt. names from 128 to 1024 (PR 7762) +* Added new constant time DH agree function wc_DhAgree_ct (PR 7802) +* Expanded compatibility layer with the API EVP_PKEY_is_a (PR 7804) +* Add option to disable cryptocb test software test using + --disable-cryptocb-sw-test (PR 7862) +* Add a call to certificate verify callback before checking certificate dates + (PR 7895) +* Expanded algorithms supported with the wolfCrypt CSharp wrapper. Adding + support for RNG, ECC(ECIES and ECDHE), RSA, ED25519/Curve25519, AES-GCM, and + Hashing (PR 3166) +* Expand MMCAU support for use with DES ECB (PR 7960) +* Update AES SIV to handle multiple associated data inputs (PR 7911) +* Remove HAVE_NULL_CIPHER from --enable-openssh (PR 7811) +* Removed duplicate if(NULL) checks when calling XFREE (macro does) (PR 7839) +* Set RSA_MIN_SIZE default to 2048 bits (PR 7923) +* Added support for wolfSSL to be used as the default TLS in the zephyr kernel + (PR 7731) +* Add enable provider build using --enable-wolfprovider with autotools (PR 7550) +* Renesas RX TSIP ECDSA support (PR 7685) +* Support DTLS1.3 downgrade when the server supports CID (PR 7841) +* Server-side checks OCSP even if it uses v2 multi (PR 7828) +* Add handling of absent hash params in PKCS7 bundle parsing and creation + (PR 7845) +* Add the use of w64wrapper for Poly1305, enabling Poly1305 to be used in + environments that do not have a word64 type (PR 7759) +* Update to the maxq10xx support (PR 7824) +* Add support for parsing over optional PKCS8 attributes (PR 7944) +* Add support for either side method with DTLS 1.3 (PR 8012) +* Added PKCS7 PEM support for parsing PEM data with BEGIN/END PKCS7 (PR 7704) +* Add CMake support for WOLFSSL_CUSTOM_CURVES (PR 7962) +* Add left-most wildcard matching support to X509_check_host() (PR 7966) +* Add option to set custom SKID with PKCS7 bundle creation (PR 7954) +* Building wolfSSL as a library with Ada and corrections to Alire manifest + (PR 7303,7940) +* Renesas RX72N support updated (PR 7849) +* New option WOLFSSL_COPY_KEY added to always copy the key to the SSL object + (PR 8005) +* Add the new option WOLFSSL_COPY_CERT to always copy the cert buffer for each + SSL object (PR 7867) +* Add an option to use AES-CBC with HMAC for default session ticket enc/dec. + Defaults to AES-128-CBC with HMAC-SHA256 (PR 7703) +* Memory usage improvements in wc_PRF, sha256 (for small code when many + registers are available) and sp_int objects (PR 7901) +* Change in the configure script to work around ">>" with no command. In older + /bin/sh it can be ambiguous, as used in OS’s such as FreeBSD 9.2 (PR 7876) +* Don't attempt to include system headers when not required (PR 7813) +* Certificates: DER encoding of ECC signature algorithm parameter is now + allowed to be NULL with a define (PR 7903) +* SP x86_64 asm: check for AVX2 support for VMs (PR 7979) +* Update rx64n support on gr-rose (PR 7889) +* Update FSP version to v5.4.0 for RA6M4 (PR 7994) +* Update TSIP driver version to v1.21 for RX65N RSK (PR 7993) +* Add a new crypto callback for RSA with padding (PR 7907) +* Replaced the use of pqm4 with wolfSSL implementations of Kyber/MLDSA + (PR 7924) +* Modernized memory fence support for C11 and clang (PR 7938) +* Add a CRL error override callback (PR 7986) +* Extend the X509 unknown extension callback for use with a user context + (PR 7730) +* Additional debug error tracing added with TLS (PR 7917) +* Added runtime support for library call stack traces with + –enable-debug-trace-errcodes=backtrace, using libbacktrace (PR 7846) +* Expanded C89 conformance (PR 8077) +* Expanded support for WOLFSSL_NO_MALLOC (PR 8065) +* Added support for cross-compilation of Linux kernel module (PR 7746) +* Updated Linux kernel module with support for kernel 6.11 and 6.12 (PR 7826) +* Introduce WOLFSSL_ASN_ALLOW_0_SERIAL to allow parsing of certificates with a + serial number of 0 (PR 7893) +* Add conditional repository_owner to all wolfSSL GitHub workflows (PR 7871) + +### Espressif / Arduino Updates +* Update wolfcrypt settings.h for Espressif ESP-IDF, template update (PR 7953) +* Update Espressif sha, util, mem, time helpers (PR 7955) +* Espressif _thread_local_start and _thread_local_end fix (PR 8030) +* Improve benchmark for Espressif devices (PR 8037) +* Introduce Espressif common CONFIG_WOLFSSL_EXAMPLE_NAME, Kconfig (PR 7866) +* Add wolfSSL esp-tls and Certificate Bundle Support for Espressif ESP-IDF + (PR 7936) +* Update wolfssl Release for Arduino (PR 7775) + +### Post Quantum Crypto Updates +* Dilithium: support fixed size arrays in dilithium_key (PR 7727) +* Dilithium: add option to use precalc with small sign (PR 7744) +* Allow Kyber to be built with FIPS (PR 7788) +* Allow Kyber asm to be used in the Linux kernel module (PR 7872) +* Dilithium, Kyber: Update to final specification (PR 7877) +* Dilithium: Support FIPS 204 Draft and Final Draft (PR 7909,8016) + +### ARM Assembly Optimizations +* ARM32 assembly optimizations added for ChaCha20 and Poly1305 (PR 8020) +* Poly1305 assembly optimizations improvements for Aarch64 (PR 7859) +* Poly1305 assembly optimizations added for Thumb-2 (PR 7939) +* Adding ARM ASM build option to STM32CubePack (PR 7747) +* Add ARM64 to Visual Studio Project (PR 8010) +* Kyber assembly optimizations for ARM32 and Aarch64 (PR 8040,7998) +* Kyber assembly optimizations for ARMv7E-M/ARMv7-M (PR 7706) + ## Fixes -* Fixed the NXP MMCAU HW acceleration for SHA-256 (PR 7389) -* Fixed AES-CFB1 encrypt/decrypt on size (8*x-1) bits (PR 7431) -* Fixed use of %rip with SHA-256 x64 assembly (PR 7409) -* Fixed OCSP response message build for DTLS (PR 7671) -* Handled edge case in wc_ecc_mulmod() with zero (PR 7532) -* Fixed RPK (Raw Public Key) to follow certificate use correctly (PR 7375) -* Added sanity check on record header with QUIC use (PR 7638) -* Added sanity check for empty directory strings in X.509 when parsing (PR 7669) -* Added sanity check on non-conforming serial number of 0 in certificates being parsed (PR 7625) -* Fixed wolfSSL_CTX_set1_sigalgs_list() to make the TLS connection conform to the selected sig hash algorithm (PR 7693) -* Various fixes for dual algorithm certificates including small stack use and support for Certificate Signing Requests (PR 7577) -* Added sanity check for critical policy extension when wolfSSL is built without policy extension support enabled (PR 7388) -* Added sanity check that the ed25519 signature is smaller than the order (PR 7513) -* Fixed Segger emNet to handle non-blocking want read/want write (PR 7581) +* ECC key load: fixes for certificates with parameters that are not default for + size (PR 7751) +* Fixes for building x86 in Visual Studio for non-windows OS (PR 7884) +* Fix for TLS v1.2 secret callback, incorrectly detecting bad master secret + (PR 7812) +* Fixes for PowerPC assembly use with Darwin and SP math all (PR 7931) +* Fix for detecting older versions of Mac OS when trying to link with + libdispatch (PR 7932) +* Fix for DTLS1.3 downgrade to DTLS1.2 when the server sends multiple handshake + packets combined into a single transmission. (PR 7840) +* Fix for OCSP to save the request if it was stored in ssl->ctx->certOcspRequest + (PR 7779) +* Fix to OCSP for searching for CA by key hash instead of ext. key id (PR 7934) +* Fix for staticmemory and singlethreaded build (PR 7737) +* Fix to not allow Shake128/256 with Xilinx AFALG (PR 7708) +* Fix to support PKCS11 without RSA key generation (PR 7738) +* Fix not calling the signing callback when using PK callbacks + TLS 1.3 + (PR 7761) +* Cortex-M/Thumb2 ASM fix label for IAR compiler (PR 7753) +* Fix with PKCS11 to iterate correctly over slotId (PR 7736) +* Stop stripping out the sequence header on the AltSigAlg extension (PR 7710) +* Fix ParseCRL_AuthKeyIdExt with ASN template to set extAuthKeyIdSet value + (PR 7742) +* Use max key length for PSK encrypt buffer size (PR 7707) +* DTLS 1.3 fix for size check to include headers and CID fixes (PR 7912,7951) +* Fix STM32 Hash FIFO and add support for STM32U5A9xx (PR 7787) +* Fix CMake build error for curl builds (PR 8021) +* SP Maths: PowerPC ASM fix to use XOR instead of LI (PR 8038) +* SSL loading of keys/certs: testing and fixes (PR 7789) +* Misc. fixes for Dilithium and Kyber (PR 7721,7765,7803,8027,7904) +* Fixes for building wolfBoot sources for PQ LMS/XMSS (PR 7868) +* Fixes for building with Kyber enabled using CMake and zephyr port (PR 7773) +* Fix for edge cases with session resumption with TLS 1.2 (PR 8097) +* Fix issue with ARM ASM with AES CFB/OFB not initializing the "left" member + (PR 8099) diff --git a/README.md b/README.md index f6b00c3..2deaa8c 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # Arduino wolfSSL Library -This library is restructured from [wolfSSL](https://github.com/wolfSSL/wolfssl/) Release 5.7.2 for the Arduino platform. +This library is restructured from [wolfSSL](https://github.com/wolfSSL/wolfssl/) Release 5.7.4 for the Arduino platform. The Official wolfSSL Arduino Library is found in [The Library Manager index](http://downloads.arduino.cc/libraries/library_index.json). @@ -8,14 +8,18 @@ See the [Arduino-wolfSSL logs](https://downloads.arduino.cc/libraries/logs/githu ## Arduino Releases -The first Official wolfSSL Arduino Library is `5.6.6-Arduino.1`: a slightly modified, post [release 5.6.6](https://github.com/wolfSSL/wolfssl/releases/tag/v5.6.6-stable) version update. +This release of wolfSSL is version [5.7.4](https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.4-stable). -The next Official wolfSSL Arduino Library is [5.7.0](https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.0-stable) +Version [5.7.2](https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.2-stable) of the Arduino wolfSSL was published August 3, 2024. + +The next Official wolfSSL Arduino Library was [5.7.0](https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.0-stable) + +The first Official wolfSSL Arduino Library was `5.6.6-Arduino.1`: a slightly modified, post [release 5.6.6](https://github.com/wolfSSL/wolfssl/releases/tag/v5.6.6-stable) version update. See other [wolfSSL releases versions](https://github.com/wolfSSL/wolfssl/releases). The `./wolfssl-arduino.sh INSTALL` [script](https://github.com/wolfSSL/wolfssl/tree/master/IDE/ARDUINO) can be used to install specific GitHub versions as needed. # wolfSSL Embedded SSL/TLS Library -The [wolfSSL embedded SSL library](https://www.wolfssl.com/products/wolfssl/) +The [wolfSSL embedded SSL library](https://www.wolfssl.com/products/wolfssl/) (formerly CyaSSL) is a lightweight SSL/TLS library written in ANSI C and targeted for embedded, RTOS, and resource-constrained environments - primarily because of its small size, speed, and feature set. It is commonly used in @@ -90,111 +94,197 @@ single call hash function. Instead the name `WC_SHA`, `WC_SHA256`, `WC_SHA384` a `WC_SHA512` should be used for the enum name. -# wolfSSL Release 5.7.2 (July 08, 2024) +# wolfSSL Release 5.7.4 (Oct 24, 2024) -Release 5.7.2 has been developed according to wolfSSL's development and QA +Release 5.7.4 has been developed according to wolfSSL's development and QA process (see link below) and successfully passed the quality criteria. https://www.wolfssl.com/about/wolfssl-software-development-process-quality-assurance NOTE: * --enable-heapmath is being deprecated and will be removed by end of 2024 -## Vulnerabilities -* [Medium] CVE-2024-1544 -Potential ECDSA nonce side channel attack in versions of wolfSSL before 5.6.6 with wc_ecc_sign_hash calls. Generating the ECDSA nonce k samples a random number r and then truncates this randomness with a modular reduction mod n where n is the order of the elliptic curve. Analyzing the division through a control-flow revealing side-channel reveals a bias in the most significant bits of k. Depending on the curve this is either a negligible bias or a significant bias large enough to reconstruct k with lattice reduction methods. Thanks to Luca Wilke, Florian Sieck and Thomas Eisenbarth (University of Lübeck) for reporting the vulnerability. Details will appear in the proceedings of CCS 24. -Fixed https://github.com/wolfSSL/wolfssl/pull/7020 - - -* [Medium] CVE-2024-5288 -A private key blinding operation, enabled by defining the macro WOLFSSL_BLIND_PRIVATE_KEY, was added to mitigate a potential row hammer attack on ECC operations. If performing ECC private key operations in an environment where a malicious user could gain fine control over the device and perform row hammer style attacks it is recommended to update the version of wolfSSL used and to build with WOLFSSL_BLIND_PRIVATE_KEY defined. Thanks to Kemal Derya, M. Caner Tol, Berk Sunar for the report (Vernam Applied Cryptography and Cybersecurity Lab at Worcester Polytechnic Institute) -Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7416 - +PR stands for Pull Request, and PR references a GitHub pull request + number where the code change was added. -* [Low] When parsing a provided maliciously crafted certificate directly using wolfSSL API, outside of a TLS connection, a certificate with an excessively large number of extensions could lead to a potential DoS. There are existing sanity checks during a TLS handshake with wolfSSL which mitigate this issue. Thanks to Bing Shi for the report. -Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7597 -* [Low] CVE-2024-5991 -In the function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the Openssl compatibility function X509_check_host() takes in a pointer and length to check against, with no requirements that it be NULL terminated. While calling without a NULL terminated string is very uncommon, it is still technically allowed. If a caller was attempting to do a name check on a non*NULL terminated buffer, the code would read beyond the bounds of the input array until it found a NULL terminator. -Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7604 - -* [Medium] CVE-2024-5814 -A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a ciphersuite that it did not agree to and achieve a successful connection. This is because, aside from the extensions, the client was skipping fully parsing the server hello when downgrading from TLS 1.3. -Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7619 - -* [Medium] OCSP stapling version 2 response verification bypass issue when a crafted response of length 0 is received. Found with internal testing. -Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7702 - -* [Medium] OCSP stapling version 2 revocation bypass with a retry of a TLS connection attempt. A revoked CA certificate could incorrectly be loaded into the trusted signers list and used in a repeat connection attempt. Found with internal testing. -Fixed in github pull request https://github.com/wolfSSL/wolfssl/pull/7702 +## Vulnerabilities +* [Low] When the OpenSSL compatibility layer is enabled, certificate + verification behaved differently in wolfSSL than OpenSSL, in the + X509_STORE_add_cert() and X509_STORE_load_locations() implementations. + Previously, in cases where an application explicitly loaded an intermediate + certificate, wolfSSL was verifying only up to that intermediate certificate, + rather than verifying up to the root CA. This only affects use cases where the + API is called directly, and does not affect TLS connections. Users that call + the API X509_STORE_add_cert() or X509_STORE_load_locations() directly in their + applications are recommended to update the version of wolfSSL used or to have + additional sanity checks on certificates loaded into the X509_STORE when + verifying a certificate. (https://github.com/wolfSSL/wolfssl/pull/8087) + + +## PQC TLS Experimental Build Fix +* When using TLS with post quantum algorithms enabled, the connection uses a + smaller EC curve than agreed on. Users building with --enable-experimental and + enabling PQC cipher suites with TLS connections are recommended to update the + version of wolfSSL used. Thanks to Daniel Correa for the report. + (https://github.com/wolfSSL/wolfssl/pull/8084) ## New Feature Additions -* Added Dilithium/ML-DSA: Implementation of ML-DSA-44/65/87 (PR 7622) -* AES RISC-V 64-bit ASM: ECB/CBC/CTR/GCM/CCM (PR 7569) -* Added CUDA support for AES encryption (PR 7436) -* Added support for gRPC (PR 7445) -* Added function wc_RsaPrivateKeyDecodeRaw to import raw RSA private keys (PR 7608) -* Added crypto callback for SHA-3 (PR 7670) -* Support for Infineon Modus Toolbox with wolfSSL (PR 7369) -* Allow user to send a user_canceled alert by calling wolfSSL_SendUserCanceled (PR 7590) -* C# wrapper SNI support added (PR 7610) -* Quantum-safe algorithm support added to the Linux kernel module (PR 7574) -* Support for NIST 800-56C Option 1 KDF, using the macro WC_KDF_NIST_SP_800_56C added (PR 7589) -* AES-XTS streaming mode added, along with hardware acceleration and kernel module use (PR 7522, 7560, 7424) -* PlatformIO FreeRTOS with ESP build and addition of benchmark and test example applications (PR 7528, 7413, 7559, 7542) +* RISC-V 64 new assembly optimizations added for SHA-256, SHA-512, ChaCha20, + Poly1305, and SHA-3 (PR 7758,7833,7818,7873,7916) +* Implement support for Connection ID (CID) with DTLS 1.2 (PR 7995) +* Add support for (DevkitPro)libnds (PR 7990) +* Add port for Mosquitto OSP (Open Source Project) (PR 6460) +* Add port for init sssd (PR 7781) +* Add port for eXosip2 (PR 7648) +* Add support for STM32G4 (PR 7997) +* Add support for MAX32665 and MAX32666 TPU HW and ARM ASM Crypto Callback + Support (PR 7777) +* Add support for building wolfSSL to be used in libspdm (PR 7869) +* Add port for use with Nucleus Plus 2.3 (PR 7732) +* Initial support for RFC5755 x509 attribute certificates (acerts). Enabled with + --enable-acert (PR 7926) +* PKCS#11 RSA Padding offload allows tokens to perform CKM_RSA_PKCS + (sign/encrypt), CKM_RSA_PKCS_PSS (sign), and CKM_RSA_PKCS_OAEP (encrypt). + (PR 7750) +* Added “new” and “delete” style functions for heap/pool allocation and freeing + of low level crypto structures (PR 3166 and 8089) ## Enhancements and Optimizations -* Expanded STM32 AES hardware acceleration support for use with STM32H5 (PR 7578) -* Adjusted wc_xmss and wc_lms settings to support use with wolfBoot (PR 7393) -* Added the --enable-rpk option to autotools build for using raw public key support (PR 7379) -* SHA-3 Thumb2, ARM32 assembly implementation added (PR 7667) -* Improvements to RSA padding to expose Pad/Unpad APIs (PR 7612) -* Updates and API additions for supporting socat version 1.8.0.0 (PR 7594) -* cmake build improvements, expanding build options with SINGLE_THREADED and post-quantum algorithms, adjusting the generation of options.h file and using “yes;no” boolean instead of strings (PR 7611, 7546, 7479, 7480, 7380) -* Improvements for Renesas RZ support (PR 7474) -* Improvements to dual algorithm certificates for post-quantum keys (PR 7286) -* Added wolfSSL_SessionIsSetup so the user can check if a session ticket has been sent by the server (PR 7430) -* hostap updates: Implement PACs for EAP-FAST and filter cipher list on TLS version change (PR 7446) -* Changed subject name comparison to match different upper and lower cases (PR 7420) -* Support for DTLS 1.3 downgrade when using PSK (PR 7367) -* Update to static memory build for more generic memory pools used (PR 7418) -* Improved performance of Kyber C implementation (PR 7654) -* Support for ECC_CACHE_CURVE with no malloc (PR 7490) -* Added the configure option --enable-debug-trace-errcodes (macro WOLFSSL_DEBUG_TRACE_ERROR_CODES) which enables more debug tracking of error code values (PR 7634) -* Enhanced wc_MakeRsaKey and wc_RsaKeyToDer to work with WOLFSSL_NO_MALLOC (PR 7362) -* Improvements to assembly implementations of ChaCha20 and Poly1305 ASM for use with MSVC (PR 7319) -* Cortex-M inline assembly labels with unique number appended (PR 7649) -* Added secret logging callback to TLS <= 1.2, enabled with the macro HAVE_SECRET_CALLBACK (PR 7372) -* Made wc_RNG_DRBG_Reseed() a public wolfCrypt API (PR 7386) -* Enabled DES3 support without the DES3 ciphers. To re-enable DES3 cipher suites, use the configure flag --enable-des3-tls-suites (PR 7315) -* Added stubs required for latest nginx (1.25.5) (PR 7449) -* Added option for using a custom salt with the function wc_ecc_ctx_set_own_salt (PR 7552) -* Added PQ files for Windows (PR 7419) -* Enhancements to static memory feature, adding the option for a global heap hint (PR 7478) and build options for a lean or debug setting, enabled with --enable-staticmemory=small or --enable-staticmemory=debug (PR 7597) -* Updated --enable-jni to define SESSION_CERTS for wolfJSSE (PR 7557) -* Exposed DTLS in Ada wrapper and updated examples (PR 7397) -* Added additional minimum TLS extension size sanity checks (PR 7602) -* ESP improvements: updating the examples and libraries, updates for Apple HomeKit SHA/SRP, and fix for endianness with SHA512 software fallback (PR 7607, 7392, 7505, 7535) -* Made the wc_CheckCertSigPubKey API publicly available with the define of the macro WOLFSSL_SMALL_CERT_VERIFY (PR 7599) -* Added an alpha/preview of additional FIPS 140-3 full submission, bringing additional algorithms such as SRTP-KDF, AES-XTS, GCM streaming, AES-CFB, ED25519, and ED448 into the FIPS module boundary (PR 7295) -* XCODE support for v5.2.3 of the FIPS module (PR 7140) -* Expanded OpenSSL compatibility layer and added EC_POINT_hex2point (PR 7191) +* Increase default max alt. names from 128 to 1024 (PR 7762) +* Added new constant time DH agree function wc_DhAgree_ct (PR 7802) +* Expanded compatibility layer with the API EVP_PKEY_is_a (PR 7804) +* Add option to disable cryptocb test software test using + --disable-cryptocb-sw-test (PR 7862) +* Add a call to certificate verify callback before checking certificate dates + (PR 7895) +* Expanded algorithms supported with the wolfCrypt CSharp wrapper. Adding + support for RNG, ECC(ECIES and ECDHE), RSA, ED25519/Curve25519, AES-GCM, and + Hashing (PR 3166) +* Expand MMCAU support for use with DES ECB (PR 7960) +* Update AES SIV to handle multiple associated data inputs (PR 7911) +* Remove HAVE_NULL_CIPHER from --enable-openssh (PR 7811) +* Removed duplicate if(NULL) checks when calling XFREE (macro does) (PR 7839) +* Set RSA_MIN_SIZE default to 2048 bits (PR 7923) +* Added support for wolfSSL to be used as the default TLS in the zephyr kernel + (PR 7731) +* Add enable provider build using --enable-wolfprovider with autotools (PR 7550) +* Renesas RX TSIP ECDSA support (PR 7685) +* Support DTLS1.3 downgrade when the server supports CID (PR 7841) +* Server-side checks OCSP even if it uses v2 multi (PR 7828) +* Add handling of absent hash params in PKCS7 bundle parsing and creation + (PR 7845) +* Add the use of w64wrapper for Poly1305, enabling Poly1305 to be used in + environments that do not have a word64 type (PR 7759) +* Update to the maxq10xx support (PR 7824) +* Add support for parsing over optional PKCS8 attributes (PR 7944) +* Add support for either side method with DTLS 1.3 (PR 8012) +* Added PKCS7 PEM support for parsing PEM data with BEGIN/END PKCS7 (PR 7704) +* Add CMake support for WOLFSSL_CUSTOM_CURVES (PR 7962) +* Add left-most wildcard matching support to X509_check_host() (PR 7966) +* Add option to set custom SKID with PKCS7 bundle creation (PR 7954) +* Building wolfSSL as a library with Ada and corrections to Alire manifest + (PR 7303,7940) +* Renesas RX72N support updated (PR 7849) +* New option WOLFSSL_COPY_KEY added to always copy the key to the SSL object + (PR 8005) +* Add the new option WOLFSSL_COPY_CERT to always copy the cert buffer for each + SSL object (PR 7867) +* Add an option to use AES-CBC with HMAC for default session ticket enc/dec. + Defaults to AES-128-CBC with HMAC-SHA256 (PR 7703) +* Memory usage improvements in wc_PRF, sha256 (for small code when many + registers are available) and sp_int objects (PR 7901) +* Change in the configure script to work around ">>" with no command. In older + /bin/sh it can be ambiguous, as used in OS’s such as FreeBSD 9.2 (PR 7876) +* Don't attempt to include system headers when not required (PR 7813) +* Certificates: DER encoding of ECC signature algorithm parameter is now + allowed to be NULL with a define (PR 7903) +* SP x86_64 asm: check for AVX2 support for VMs (PR 7979) +* Update rx64n support on gr-rose (PR 7889) +* Update FSP version to v5.4.0 for RA6M4 (PR 7994) +* Update TSIP driver version to v1.21 for RX65N RSK (PR 7993) +* Add a new crypto callback for RSA with padding (PR 7907) +* Replaced the use of pqm4 with wolfSSL implementations of Kyber/MLDSA + (PR 7924) +* Modernized memory fence support for C11 and clang (PR 7938) +* Add a CRL error override callback (PR 7986) +* Extend the X509 unknown extension callback for use with a user context + (PR 7730) +* Additional debug error tracing added with TLS (PR 7917) +* Added runtime support for library call stack traces with + –enable-debug-trace-errcodes=backtrace, using libbacktrace (PR 7846) +* Expanded C89 conformance (PR 8077) +* Expanded support for WOLFSSL_NO_MALLOC (PR 8065) +* Added support for cross-compilation of Linux kernel module (PR 7746) +* Updated Linux kernel module with support for kernel 6.11 and 6.12 (PR 7826) +* Introduce WOLFSSL_ASN_ALLOW_0_SERIAL to allow parsing of certificates with a + serial number of 0 (PR 7893) +* Add conditional repository_owner to all wolfSSL GitHub workflows (PR 7871) + +### Espressif / Arduino Updates +* Update wolfcrypt settings.h for Espressif ESP-IDF, template update (PR 7953) +* Update Espressif sha, util, mem, time helpers (PR 7955) +* Espressif _thread_local_start and _thread_local_end fix (PR 8030) +* Improve benchmark for Espressif devices (PR 8037) +* Introduce Espressif common CONFIG_WOLFSSL_EXAMPLE_NAME, Kconfig (PR 7866) +* Add wolfSSL esp-tls and Certificate Bundle Support for Espressif ESP-IDF + (PR 7936) +* Update wolfssl Release for Arduino (PR 7775) + +### Post Quantum Crypto Updates +* Dilithium: support fixed size arrays in dilithium_key (PR 7727) +* Dilithium: add option to use precalc with small sign (PR 7744) +* Allow Kyber to be built with FIPS (PR 7788) +* Allow Kyber asm to be used in the Linux kernel module (PR 7872) +* Dilithium, Kyber: Update to final specification (PR 7877) +* Dilithium: Support FIPS 204 Draft and Final Draft (PR 7909,8016) + +### ARM Assembly Optimizations +* ARM32 assembly optimizations added for ChaCha20 and Poly1305 (PR 8020) +* Poly1305 assembly optimizations improvements for Aarch64 (PR 7859) +* Poly1305 assembly optimizations added for Thumb-2 (PR 7939) +* Adding ARM ASM build option to STM32CubePack (PR 7747) +* Add ARM64 to Visual Studio Project (PR 8010) +* Kyber assembly optimizations for ARM32 and Aarch64 (PR 8040,7998) +* Kyber assembly optimizations for ARMv7E-M/ARMv7-M (PR 7706) + ## Fixes -* Fixed the NXP MMCAU HW acceleration for SHA-256 (PR 7389) -* Fixed AES-CFB1 encrypt/decrypt on size (8*x-1) bits (PR 7431) -* Fixed use of %rip with SHA-256 x64 assembly (PR 7409) -* Fixed OCSP response message build for DTLS (PR 7671) -* Handled edge case in wc_ecc_mulmod() with zero (PR 7532) -* Fixed RPK (Raw Public Key) to follow certificate use correctly (PR 7375) -* Added sanity check on record header with QUIC use (PR 7638) -* Added sanity check for empty directory strings in X.509 when parsing (PR 7669) -* Added sanity check on non-conforming serial number of 0 in certificates being parsed (PR 7625) -* Fixed wolfSSL_CTX_set1_sigalgs_list() to make the TLS connection conform to the selected sig hash algorithm (PR 7693) -* Various fixes for dual algorithm certificates including small stack use and support for Certificate Signing Requests (PR 7577) -* Added sanity check for critical policy extension when wolfSSL is built without policy extension support enabled (PR 7388) -* Added sanity check that the ed25519 signature is smaller than the order (PR 7513) -* Fixed Segger emNet to handle non-blocking want read/want write (PR 7581) +* ECC key load: fixes for certificates with parameters that are not default for + size (PR 7751) +* Fixes for building x86 in Visual Studio for non-windows OS (PR 7884) +* Fix for TLS v1.2 secret callback, incorrectly detecting bad master secret + (PR 7812) +* Fixes for PowerPC assembly use with Darwin and SP math all (PR 7931) +* Fix for detecting older versions of Mac OS when trying to link with + libdispatch (PR 7932) +* Fix for DTLS1.3 downgrade to DTLS1.2 when the server sends multiple handshake + packets combined into a single transmission. (PR 7840) +* Fix for OCSP to save the request if it was stored in ssl->ctx->certOcspRequest + (PR 7779) +* Fix to OCSP for searching for CA by key hash instead of ext. key id (PR 7934) +* Fix for staticmemory and singlethreaded build (PR 7737) +* Fix to not allow Shake128/256 with Xilinx AFALG (PR 7708) +* Fix to support PKCS11 without RSA key generation (PR 7738) +* Fix not calling the signing callback when using PK callbacks + TLS 1.3 + (PR 7761) +* Cortex-M/Thumb2 ASM fix label for IAR compiler (PR 7753) +* Fix with PKCS11 to iterate correctly over slotId (PR 7736) +* Stop stripping out the sequence header on the AltSigAlg extension (PR 7710) +* Fix ParseCRL_AuthKeyIdExt with ASN template to set extAuthKeyIdSet value + (PR 7742) +* Use max key length for PSK encrypt buffer size (PR 7707) +* DTLS 1.3 fix for size check to include headers and CID fixes (PR 7912,7951) +* Fix STM32 Hash FIFO and add support for STM32U5A9xx (PR 7787) +* Fix CMake build error for curl builds (PR 8021) +* SP Maths: PowerPC ASM fix to use XOR instead of LI (PR 8038) +* SSL loading of keys/certs: testing and fixes (PR 7789) +* Misc. fixes for Dilithium and Kyber (PR 7721,7765,7803,8027,7904) +* Fixes for building wolfBoot sources for PQ LMS/XMSS (PR 7868) +* Fixes for building with Kyber enabled using CMake and zephyr port (PR 7773) +* Fix for edge cases with session resumption with TLS 1.2 (PR 8097) +* Fix issue with ARM ASM with AES CFB/OFB not initializing the "left" member + (PR 8099) For additional vulnerability information visit the vulnerability page at: https://www.wolfssl.com/docs/security-vulnerabilities/ diff --git a/examples/wolfssl_client/wolfssl_client.ino b/examples/wolfssl_client/wolfssl_client.ino index 21a84de..e4727dc 100644 --- a/examples/wolfssl_client/wolfssl_client.ino +++ b/examples/wolfssl_client/wolfssl_client.ino @@ -1,6 +1,6 @@ /* wolfssl_client.ino * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/examples/wolfssl_server/README.md b/examples/wolfssl_server/README.md index 523eb08..a707357 100644 --- a/examples/wolfssl_server/README.md +++ b/examples/wolfssl_server/README.md @@ -13,7 +13,7 @@ Additional examples can be found on [wolfSSL/wolfssl-examples](https://github.co ## Connect with an Arduino Sketch -See the companion [Arduino Sketch Client](../wolfssl_client/wolfssl_client.ino). +See the companion [Arduino Sketch Client](../wolfssl_client/wolfssl_client.ino). ## Connect with Linux Client @@ -35,7 +35,7 @@ press the reset button or power cycle the Arduino before making a connection. Here's one possible script to test the server from a command-line client: ```bash -#!/bin/bash +#!/usr/bin/env bash echo "client log " > client_log.txt counter=1 THIS_ERR=0 diff --git a/examples/wolfssl_server/wolfssl_server.ino b/examples/wolfssl_server/wolfssl_server.ino index 3a89432..387052c 100644 --- a/examples/wolfssl_server/wolfssl_server.ino +++ b/examples/wolfssl_server/wolfssl_server.ino @@ -1,6 +1,6 @@ /* wolfssl_server.ino * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/library.json.pio b/library.json.pio index b5f5981..220b438 100644 --- a/library.json.pio +++ b/library.json.pio @@ -1,7 +1,7 @@ { "name": "Arduino-wolfSSL", - "version": "5.7.2", - "description": "5.7.2 (Arduino-wolfSSL for PlatformIO) A lightweight SSL/TLS library written in ANSI C and targeted for embedded, RTOS, and resource-constrained environments.", + "version": "5.7.4", + "description": "5.7.4 (Arduino-wolfSSL for PlatformIO) A lightweight SSL/TLS library written in ANSI C and targeted for embedded, RTOS, and resource-constrained environments.", "keywords": "FIPS, DO-178, TLS, DTLS, DSA, PSK, X.509, RSA, ECC, AES, GCM, PQ, SHA, SHA256, 3DES, SHA512, MD5, ASN, CMAC, Blake, camellia, ChaCha, ChaCha20, DH, OCSP, ALPN, SNI, CRL, dilithium, ed25519, ed448, kdf, pkcs7, pkcs12, poly1305, Curve25519, sakke, SM, SM2, SM3, SM4, TFM, PKI, SRP, wolfcrypt, wolfssl, Post-quantum cryptography, Certificate management, SSL-TLS handshake, Session caching, Hash, Secure hashing, Public key infrastructure, Cryptanalysis, Lightweight cryptography, Hardware-based security", "repository": { "type": "git", diff --git a/library.properties b/library.properties index 5f7d802..d90b539 100644 --- a/library.properties +++ b/library.properties @@ -1,5 +1,5 @@ name=wolfssl -version=5.7.2 +version=5.7.4 author=wolfSSL Inc. maintainer=wolfSSL inc sentence=A lightweight SSL/TLS library written in ANSI C and targeted for embedded, RTOS, and resource-constrained environments. diff --git a/library.properties.pio b/library.properties.pio index 9d1ac56..f772f1f 100644 --- a/library.properties.pio +++ b/library.properties.pio @@ -1,5 +1,5 @@ name=Arduino-wolfSSL -version=5.7.2 +version=5.7.4 author=wolfSSL Inc. maintainer=wolfSSL inc sentence=A lightweight SSL/TLS library written in ANSI C and targeted for embedded, RTOS, and resource-constrained environments. diff --git a/src/src/bio.c b/src/src/bio.c index 340cbfd..ac4eb03 100644 --- a/src/src/bio.c +++ b/src/src/bio.c @@ -1,6 +1,6 @@ /* bio.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -24,10 +24,9 @@ #endif #include -#if defined(OPENSSL_EXTRA) && !defined(_WIN32) +#if defined(OPENSSL_EXTRA) && !defined(_WIN32) && !defined(_GNU_SOURCE) /* turn on GNU extensions for XVASPRINTF with wolfSSL_BIO_printf */ - #undef _GNU_SOURCE - #define _GNU_SOURCE + #define _GNU_SOURCE 1 #endif #if !defined(WOLFSSL_BIO_INCLUDED) @@ -161,7 +160,7 @@ static int wolfSSL_BIO_MEMORY_read(WOLFSSL_BIO* bio, void* buf, int len) bio->wrSz = 0; bio->mem_buf->length = 0; } - bio->ptr = bio->mem_buf->data; + bio->ptr.mem_buf_data = (byte *)bio->mem_buf->data; } else if (bio->rdIdx >= WOLFSSL_BIO_RESIZE_THRESHOLD && !(bio->flags & BIO_FLAGS_MEM_RDONLY)) { @@ -180,7 +179,7 @@ static int wolfSSL_BIO_MEMORY_read(WOLFSSL_BIO* bio, void* buf, int len) return WOLFSSL_BIO_ERROR; } bio->mem_buf->length = (size_t)bio->wrSz; - bio->ptr = bio->mem_buf->data; + bio->ptr.mem_buf_data = (byte *)bio->mem_buf->data; } } else { @@ -217,11 +216,11 @@ static int wolfSSL_BIO_SSL_read(WOLFSSL_BIO* bio, void* buf, return WOLFSSL_FATAL_ERROR; bio->flags &= ~(WOLFSSL_BIO_FLAG_RETRY); /* default no retry */ - ret = wolfSSL_read((WOLFSSL*)bio->ptr, buf, len); + ret = wolfSSL_read(bio->ptr.ssl, buf, len); if (ret == 0) front->eof = 1; else if (ret < 0) { - int err = wolfSSL_get_error((WOLFSSL*)bio->ptr, 0); + int err = wolfSSL_get_error(bio->ptr.ssl, 0); if ( !(err == WOLFSSL_ERROR_WANT_READ || err == WOLFSSL_ERROR_WANT_WRITE) ) { front->eof = 1; } @@ -235,15 +234,15 @@ static int wolfSSL_BIO_SSL_read(WOLFSSL_BIO* bio, void* buf, static int wolfSSL_BIO_MD_read(WOLFSSL_BIO* bio, void* buf, int sz) { - if (wolfSSL_EVP_MD_CTX_type((WOLFSSL_EVP_MD_CTX*)bio->ptr) == NID_hmac) { - if (wolfSSL_EVP_DigestSignUpdate((WOLFSSL_EVP_MD_CTX*)bio->ptr, buf, + if (wolfSSL_EVP_MD_CTX_type(bio->ptr.md_ctx) == NID_hmac) { + if (wolfSSL_EVP_DigestSignUpdate(bio->ptr.md_ctx, buf, (unsigned int)sz) != WOLFSSL_SUCCESS) { return WOLFSSL_FATAL_ERROR; } } else { - if (wolfSSL_EVP_DigestUpdate((WOLFSSL_EVP_MD_CTX*)bio->ptr, buf, (size_t)sz) + if (wolfSSL_EVP_DigestUpdate(bio->ptr.md_ctx, buf, (size_t)sz) != WOLFSSL_SUCCESS) { return WOLFSSL_FATAL_ERROR; } @@ -290,6 +289,9 @@ int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len) } while (bio != NULL && ret >= 0) { +#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS + int inhibit_flow_increment = 0; +#endif /* check for custom read */ if (bio->method && bio->method->readCb) { ret = bio->method->readCb(bio, (char*)buf, len); @@ -302,19 +304,22 @@ int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len) break; case WOLFSSL_BIO_BIO: /* read BIOs */ ret = wolfSSL_BIO_BIO_read(bio, buf, len); +#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS + inhibit_flow_increment = 1; +#endif break; case WOLFSSL_BIO_MEMORY: ret = wolfSSL_BIO_MEMORY_read(bio, buf, len); break; case WOLFSSL_BIO_FILE: #ifndef NO_FILESYSTEM - if (bio->ptr) { - ret = (int)XFREAD(buf, 1, (size_t)len, (XFILE)bio->ptr); + if (bio->ptr.fh) { + ret = (int)XFREAD(buf, 1, (size_t)len, bio->ptr.fh); } else { #if defined(XREAD) && !defined(NO_WOLFSSL_DIR) && \ !defined(WOLFSSL_NUCLEUS) && !defined(WOLFSSL_NUCLEUS_1_2) - ret = (int)XREAD(bio->num, buf, (size_t)len); + ret = (int)XREAD(bio->num.fd, buf, (size_t)len); #else WOLFSSL_MSG("No file pointer and XREAD not enabled"); ret = NOT_COMPILED_IN; @@ -345,14 +350,52 @@ int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len) #ifdef USE_WOLFSSL_IO /* BIO requires built-in socket support * (cannot be used with WOLFSSL_USER_IO) */ - ret = wolfIO_Recv(bio->num, (char*)buf, len, 0); + bio->flags &= ~WOLFSSL_BIO_FLAG_RETRY; + ret = wolfIO_Recv(bio->num.fd, (char*)buf, len, 0); + if (ret == WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_WANT_READ)) { + bio->flags |= WOLFSSL_BIO_FLAG_RETRY; + } + if (ret < 0) { + ret = WOLFSSL_BIO_ERROR; + } #else ret = NOT_COMPILED_IN; #endif break; + + case WOLFSSL_BIO_DGRAM: + #if defined(WOLFSSL_HAVE_BIO_ADDR) && defined(WOLFSSL_DTLS) && \ + defined(USE_WOLFSSL_IO) + /* BIO requires built-in socket support + * (cannot be used with WOLFSSL_USER_IO) */ + bio->flags &= ~WOLFSSL_BIO_FLAG_RETRY; + if (bio->connected) + ret = wolfIO_Recv(bio->num.fd, (char*)buf, len, 0); + else { + wolfSSL_BIO_ADDR_clear(&bio->peer_addr); + ret = wolfIO_RecvFrom(bio->num.fd, &bio->peer_addr, + (char*)buf, len, 0); + } + if (ret == WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_WANT_READ)) { + bio->flags |= WOLFSSL_BIO_FLAG_RETRY; + } + if (ret < 0) { + ret = WOLFSSL_BIO_ERROR; + } + #else + ret = NOT_COMPILED_IN; + #endif + break; + } /* switch */ } +#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS + if ((ret > 0) && (!inhibit_flow_increment)) { + bio->bytes_read += (word32)ret; + } +#endif + /* case where front of list is done */ if (bio == front) { break; /* at front of list so be done */ @@ -409,8 +452,9 @@ static int wolfSSL_BIO_BASE64_write(WOLFSSL_BIO* bio, const void* data, } } else { - if (Base64_Encode((const byte*)data, inLen, NULL, &sz) != - LENGTH_ONLY_E) { + if (Base64_Encode((const byte*)data, inLen, NULL, &sz) + != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) + { WOLFSSL_MSG("Error with base64 get length"); return WOLFSSL_FATAL_ERROR; } @@ -468,16 +512,16 @@ static int wolfSSL_BIO_SSL_write(WOLFSSL_BIO* bio, const void* data, WOLFSSL_ENTER("wolfSSL_BIO_SSL_write"); - if (bio->ptr == NULL) { + if (bio->ptr.ssl == NULL) { return BAD_FUNC_ARG; } bio->flags &= ~(WOLFSSL_BIO_FLAG_RETRY); /* default no retry */ - ret = wolfSSL_write((WOLFSSL*)bio->ptr, data, len); + ret = wolfSSL_write(bio->ptr.ssl, data, len); if (ret == 0) front->eof = 1; else if (ret < 0) { - int err = wolfSSL_get_error((WOLFSSL*)bio->ptr, 0); + int err = wolfSSL_get_error(bio->ptr.ssl, 0); if ( !(err == WOLFSSL_ERROR_WANT_READ || err == WOLFSSL_ERROR_WANT_WRITE) ) { front->eof = 1; } @@ -576,8 +620,8 @@ static int wolfSSL_BIO_MEMORY_write(WOLFSSL_BIO* bio, const void* data, } XMEMCPY(bio->mem_buf->data + bio->wrSz, data, len); - bio->ptr = bio->mem_buf->data; - bio->num = (int)bio->mem_buf->max; + bio->ptr.mem_buf_data = (byte *)bio->mem_buf->data; + bio->num.length = bio->mem_buf->max; bio->wrSz += len; bio->wrIdx += len; @@ -598,14 +642,14 @@ static int wolfSSL_BIO_MD_write(WOLFSSL_BIO* bio, const void* data, int len) return BAD_FUNC_ARG; } - if (wolfSSL_EVP_MD_CTX_type((WOLFSSL_EVP_MD_CTX*)bio->ptr) == NID_hmac) { - if (wolfSSL_EVP_DigestSignUpdate((WOLFSSL_EVP_MD_CTX*)bio->ptr, data, + if (wolfSSL_EVP_MD_CTX_type(bio->ptr.md_ctx) == NID_hmac) { + if (wolfSSL_EVP_DigestSignUpdate(bio->ptr.md_ctx, data, (unsigned int)len) != WOLFSSL_SUCCESS) { ret = WOLFSSL_BIO_ERROR; } } else { - if (wolfSSL_EVP_DigestUpdate((WOLFSSL_EVP_MD_CTX*)bio->ptr, data, (size_t)len) + if (wolfSSL_EVP_DigestUpdate(bio->ptr.md_ctx, data, (size_t)len) != WOLFSSL_SUCCESS) { ret = WOLFSSL_BIO_ERROR; } @@ -647,6 +691,9 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len) } while (bio != NULL && ret >= 0) { +#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS + int inhibit_flow_increment = 0; +#endif /* check for custom write */ if (bio->method && bio->method->writeCb) { ret = bio->method->writeCb(bio, (const char*)data, len); @@ -672,19 +719,22 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len) } case WOLFSSL_BIO_BIO: /* write bios */ ret = wolfSSL_BIO_BIO_write(bio, data, len); +#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS + inhibit_flow_increment = 1; +#endif break; case WOLFSSL_BIO_MEMORY: ret = wolfSSL_BIO_MEMORY_write(bio, data, len); break; case WOLFSSL_BIO_FILE: #ifndef NO_FILESYSTEM - if (bio->ptr) { - ret = (int)XFWRITE(data, 1, (size_t)len, (XFILE)bio->ptr); + if (bio->ptr.fh) { + ret = (int)XFWRITE(data, 1, (size_t)len, bio->ptr.fh); } else { #if defined(XWRITE) && !defined(NO_WOLFSSL_DIR) && \ !defined(WOLFSSL_NUCLEUS) && !defined(WOLFSSL_NUCLEUS_1_2) - ret = (int)XWRITE(bio->num, data, (size_t)len); + ret = (int)XWRITE(bio->num.fd, data, (size_t)len); #else WOLFSSL_MSG("No file pointer and XWRITE not enabled"); ret = NOT_COMPILED_IN; @@ -725,14 +775,50 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len) #ifdef USE_WOLFSSL_IO /* BIO requires built-in socket support * (cannot be used with WOLFSSL_USER_IO) */ - ret = wolfIO_Send(bio->num, (char*)data, len, 0); + bio->flags &= ~WOLFSSL_BIO_FLAG_RETRY; + ret = wolfIO_Send(bio->num.fd, (char*)data, len, 0); + if (ret == WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_WANT_WRITE)) { + bio->flags |= WOLFSSL_BIO_FLAG_RETRY; + } + if (ret < 0) { + ret = WOLFSSL_BIO_ERROR; + } #else ret = NOT_COMPILED_IN; #endif break; + + case WOLFSSL_BIO_DGRAM: + #if defined(WOLFSSL_HAVE_BIO_ADDR) && defined(WOLFSSL_DTLS) && \ + defined(USE_WOLFSSL_IO) + /* BIO requires built-in socket support + * (cannot be used with WOLFSSL_USER_IO) */ + bio->flags &= ~WOLFSSL_BIO_FLAG_RETRY; + if (bio->connected) + ret = wolfIO_Send(bio->num.fd, (char*)data, len, 0); + else if (bio->peer_addr.sa.sa_family == AF_UNSPEC) + ret = SOCKET_ERROR_E; + else + ret = wolfIO_SendTo(bio->num.fd, &bio->peer_addr, (char*)data, len, 0); + if (ret == WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_WANT_WRITE)) { + bio->flags |= WOLFSSL_BIO_FLAG_RETRY; + } + if (ret < 0) { + ret = WOLFSSL_BIO_ERROR; + } + #else + ret = NOT_COMPILED_IN; + #endif + break; + } /* switch */ } +#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS + if ((ret > 0) && (! inhibit_flow_increment)) + bio->bytes_written += (word32)ret; +#endif + /* advance to the next bio in list */ bio = bio->next; } @@ -748,7 +834,7 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len) (const char*)data, len, 0, ret); } - if (frmt != NULL) { + if (front != NULL) { XFREE(frmt, front->heap, DYNAMIC_TYPE_TMP_BUFFER); } @@ -793,6 +879,49 @@ long wolfSSL_BIO_ctrl(WOLFSSL_BIO *bio, int cmd, long larg, void *parg) case BIO_CTRL_RESET: ret = (long)wolfSSL_BIO_reset(bio); break; + +#ifdef WOLFSSL_HAVE_BIO_ADDR + case BIO_CTRL_DGRAM_CONNECT: + case BIO_CTRL_DGRAM_SET_PEER: + { + socklen_t addr_size; + if (parg == NULL) { + ret = WOLFSSL_FAILURE; + break; + } + addr_size = wolfSSL_BIO_ADDR_size((WOLFSSL_BIO_ADDR *)parg); + if (addr_size == 0) { + ret = WOLFSSL_FAILURE; + break; + } + XMEMCPY(&bio->peer_addr, parg, addr_size); + ret = WOLFSSL_SUCCESS; + break; + } + + case BIO_CTRL_DGRAM_SET_CONNECTED: + if (parg == NULL) { + wolfSSL_BIO_ADDR_clear(&bio->peer_addr); + bio->connected = 0; + } + else { + socklen_t addr_size = wolfSSL_BIO_ADDR_size((WOLFSSL_BIO_ADDR *)parg); + if (addr_size == 0) { + ret = WOLFSSL_FAILURE; + break; + } + XMEMCPY(&bio->peer_addr, parg, addr_size); + bio->connected = 1; + } + ret = WOLFSSL_SUCCESS; + break; + + case BIO_CTRL_DGRAM_QUERY_MTU: + ret = 0; /* not implemented */ + break; + +#endif /* WOLFSSL_HAVE_BIO_ADDR */ + default: WOLFSSL_MSG("CMD not yet implemented"); ret = WOLFSSL_FAILURE; @@ -826,8 +955,51 @@ int wolfSSL_BIO_up_ref(WOLFSSL_BIO* bio) return WOLFSSL_FAILURE; } + +#ifdef WOLFSSL_HAVE_BIO_ADDR +WOLFSSL_BIO_ADDR *wolfSSL_BIO_ADDR_new(void) { + WOLFSSL_BIO_ADDR *addr = + (WOLFSSL_BIO_ADDR *)XMALLOC(sizeof(*addr), NULL, DYNAMIC_TYPE_BIO); + if (addr) + addr->sa.sa_family = AF_UNSPEC; + return addr; +} + +void wolfSSL_BIO_ADDR_free(WOLFSSL_BIO_ADDR *addr) { + XFREE(addr, NULL, DYNAMIC_TYPE_BIO); +} + +void wolfSSL_BIO_ADDR_clear(WOLFSSL_BIO_ADDR *addr) { + if (addr == NULL) + return; + XMEMSET(addr, 0, sizeof(*addr)); + addr->sa.sa_family = AF_UNSPEC; +} + +socklen_t wolfSSL_BIO_ADDR_size(const WOLFSSL_BIO_ADDR *addr) { + switch (addr->sa.sa_family) { +#ifndef WOLFSSL_NO_BIO_ADDR_IN + case AF_INET: + return sizeof(addr->sa_in); +#endif +#ifdef WOLFSSL_IPV6 + case AF_INET6: + return sizeof(addr->sa_in6); #endif +#if defined(HAVE_SYS_UN_H) && !defined(WOLFSSL_NO_SOCKADDR_UN) + case AF_UNIX: + return sizeof(addr->sa_un); +#endif + default: + /* must return zero if length can't be determined, to avoid buffer + * overruns in callers. + */ + return 0; + } +} +#endif /* WOLFSSL_HAVE_BIO_ADDR */ +#endif /* OPENSSL_ALL || OPENSSL_EXTRA */ /* helper function for wolfSSL_BIO_gets * size till a newline is hit @@ -888,15 +1060,15 @@ int wolfSSL_BIO_gets(WOLFSSL_BIO* bio, char* buf, int sz) switch (bio->type) { #ifndef NO_FILESYSTEM case WOLFSSL_BIO_FILE: - if (((XFILE)bio->ptr) == XBADFILE) { + if (bio->ptr.fh == XBADFILE) { return WOLFSSL_BIO_ERROR; } #if defined(MICRIUM) || defined(LSR_FS) || defined(EBSNET) WOLFSSL_MSG("XFGETS not ported for this system yet"); - ret = XFGETS(buf, sz, (XFILE)bio->ptr); + ret = XFGETS(buf, sz, bio->ptr.fh); #else - if (XFGETS(buf, sz, (XFILE)bio->ptr) != NULL) { + if (XFGETS(buf, sz, bio->ptr.fh) != NULL) { ret = (int)XSTRLEN(buf); } else { @@ -972,13 +1144,13 @@ int wolfSSL_BIO_gets(WOLFSSL_BIO* bio, char* buf, int sz) #ifndef WOLFCRYPT_ONLY /* call final on hash */ case WOLFSSL_BIO_MD: - if (wolfSSL_EVP_MD_CTX_size((WOLFSSL_EVP_MD_CTX*)bio->ptr) > sz) { + if (wolfSSL_EVP_MD_CTX_size(bio->ptr.md_ctx) > sz) { WOLFSSL_MSG("Output buffer was too small for digest"); ret = WOLFSSL_FAILURE; } else { unsigned int szOut = 0; - ret = wolfSSL_EVP_DigestFinal((WOLFSSL_EVP_MD_CTX*)bio->ptr, + ret = wolfSSL_EVP_DigestFinal(bio->ptr.md_ctx, (unsigned char*)buf, &szOut); if (ret == WOLFSSL_SUCCESS) { ret = (int)szOut; @@ -1133,8 +1305,8 @@ size_t wolfSSL_BIO_ctrl_pending(WOLFSSL_BIO *bio) } #ifndef WOLFCRYPT_ONLY - if (bio->type == WOLFSSL_BIO_SSL && bio->ptr != NULL) { - return (long)wolfSSL_pending((WOLFSSL*)bio->ptr); + if (bio->type == WOLFSSL_BIO_SSL && bio->ptr.ssl != NULL) { + return (long)wolfSSL_pending(bio->ptr.ssl); } #endif @@ -1162,7 +1334,7 @@ size_t wolfSSL_BIO_ctrl_pending(WOLFSSL_BIO *bio) long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *bio, WOLFSSL_BUF_MEM **ptr) { WOLFSSL_BIO* front = bio; - long ret = WOLFSSL_FAILURE; + long ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); WOLFSSL_ENTER("wolfSSL_BIO_get_mem_ptr"); @@ -1188,7 +1360,10 @@ long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *bio, WOLFSSL_BUF_MEM **ptr) bio = bio->prev; } - return ret; + if (ret == WOLFSSL_SUCCESS) + return ret; + else + return WOLFSSL_FAILURE; } #ifdef OPENSSL_ALL @@ -1208,8 +1383,8 @@ long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *bio, WOLFSSL_BUF_MEM **ptr) bio->wrSz = (int)bio->mem_buf->length; bio->wrSzReset = bio->wrSz; - bio->num = (int)bio->mem_buf->max; - bio->ptr = bio->mem_buf->data; + bio->num.length = bio->mem_buf->max; + bio->ptr.mem_buf_data = (byte *)bio->mem_buf->data; bio->wrIdx = 0; bio->rdIdx = 0; @@ -1242,15 +1417,16 @@ int wolfSSL_BIO_set_write_buf_size(WOLFSSL_BIO *bio, long size) return WOLFSSL_FAILURE; } - if (bio->ptr != NULL) { - XFREE(bio->ptr, bio->heap, DYNAMIC_TYPE_OPENSSL); + if (bio->ptr.mem_buf_data != NULL) { + XFREE(bio->ptr.mem_buf_data, bio->heap, DYNAMIC_TYPE_OPENSSL); } - bio->ptr = (byte*)XMALLOC(size, bio->heap, DYNAMIC_TYPE_OPENSSL); - if (bio->ptr == NULL) { + bio->ptr.mem_buf_data = (byte*)XMALLOC(size, bio->heap, + DYNAMIC_TYPE_OPENSSL); + if (bio->ptr.mem_buf_data == NULL) { WOLFSSL_MSG("Memory allocation error"); bio->wrSz = 0; - bio->num = 0; + bio->num.length = 0; bio->wrIdx = 0; bio->rdIdx = 0; if (bio->mem_buf != NULL) { @@ -1261,13 +1437,13 @@ int wolfSSL_BIO_set_write_buf_size(WOLFSSL_BIO *bio, long size) return WOLFSSL_FAILURE; } bio->wrSz = (int)size; - bio->num = (int)size; + bio->num.length = size; bio->wrIdx = 0; bio->rdIdx = 0; if (bio->mem_buf != NULL) { - bio->mem_buf->data = (char*)bio->ptr; - bio->mem_buf->length = (size_t)bio->num; - bio->mem_buf->max = (size_t)bio->num; + bio->mem_buf->data = (char*)bio->ptr.mem_buf_data; + bio->mem_buf->length = bio->num.length; + bio->mem_buf->max = bio->num.length; } return WOLFSSL_SUCCESS; @@ -1295,12 +1471,12 @@ int wolfSSL_BIO_make_bio_pair(WOLFSSL_BIO *b1, WOLFSSL_BIO *b2) } /* set default write size if not already set */ - if (b1->ptr == NULL && wolfSSL_BIO_set_write_buf_size(b1, + if (b1->ptr.mem_buf_data == NULL && wolfSSL_BIO_set_write_buf_size(b1, WOLFSSL_BIO_SIZE) != WOLFSSL_SUCCESS) { return WOLFSSL_FAILURE; } - if (b2->ptr == NULL && wolfSSL_BIO_set_write_buf_size(b2, + if (b2->ptr.mem_buf_data == NULL && wolfSSL_BIO_set_write_buf_size(b2, WOLFSSL_BIO_SIZE) != WOLFSSL_SUCCESS) { return WOLFSSL_FAILURE; } @@ -1341,7 +1517,7 @@ int wolfSSL_BIO_nread0(WOLFSSL_BIO *bio, char **buf) WOLFSSL_BIO* pair = bio->pair; /* case where have wrapped around write buffer */ - *buf = (char*)pair->ptr + pair->rdIdx; + *buf = (char*)pair->ptr.mem_buf_data + pair->rdIdx; if (pair->wrIdx > 0 && pair->rdIdx >= pair->wrIdx) { return pair->wrSz - pair->rdIdx; } @@ -1373,7 +1549,7 @@ int wolfSSL_BIO_nread(WOLFSSL_BIO *bio, char **buf, int num) if (bio->pair != NULL) { /* special case if asking to read 0 bytes */ if (num == 0) { - *buf = (char*)bio->pair->ptr + bio->pair->rdIdx; + *buf = (char*)bio->pair->ptr.mem_buf_data + bio->pair->rdIdx; return 0; } @@ -1387,6 +1563,9 @@ int wolfSSL_BIO_nread(WOLFSSL_BIO *bio, char **buf, int num) sz = num; } bio->pair->rdIdx += sz; +#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS + bio->pair->bytes_read += (word32)sz; +#endif /* check if have read to the end of the buffer and need to reset */ if (bio->pair->rdIdx == bio->pair->wrSz) { @@ -1424,7 +1603,7 @@ int wolfSSL_BIO_nwrite(WOLFSSL_BIO *bio, char **buf, int num) if (bio->pair != NULL) { if (num == 0) { - *buf = (char*)bio->ptr + bio->wrIdx; + *buf = (char*)bio->ptr.mem_buf_data + bio->wrIdx; return 0; } @@ -1463,8 +1642,11 @@ int wolfSSL_BIO_nwrite(WOLFSSL_BIO *bio, char **buf, int num) if (num < sz) { sz = num; } - *buf = (char*)bio->ptr + bio->wrIdx; + *buf = (char*)bio->ptr.mem_buf_data + bio->wrIdx; bio->wrIdx += sz; +#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS + bio->bytes_written += (word32)sz; +#endif /* if at the end of the buffer and space for wrap around then set * write index back to 0 */ @@ -1476,6 +1658,37 @@ int wolfSSL_BIO_nwrite(WOLFSSL_BIO *bio, char **buf, int num) return sz; } +#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS +word64 wolfSSL_BIO_number_read(WOLFSSL_BIO *bio) +{ + word64 ret = 0; + if (bio == NULL) { + WOLFSSL_MSG("NULL argument passed in"); + return 0; + } + while (bio) { + ret += bio->bytes_read; + bio = bio->next; + } + + return ret; +} + +word64 wolfSSL_BIO_number_written(WOLFSSL_BIO *bio) +{ + word64 ret = 0; + if (bio == NULL) { + WOLFSSL_MSG("NULL argument passed in"); + return 0; + } + while (bio) { + ret += bio->bytes_written; + bio = bio->next; + } + + return ret; +} +#endif /* WOLFSSL_BIO_HAVE_FLOW_STATS */ /* Reset BIO to initial state */ int wolfSSL_BIO_reset(WOLFSSL_BIO *bio) @@ -1491,16 +1704,16 @@ int wolfSSL_BIO_reset(WOLFSSL_BIO *bio) switch (bio->type) { #ifndef NO_FILESYSTEM case WOLFSSL_BIO_FILE: - if (XFSEEK((XFILE)bio->ptr, 0, XSEEK_SET) != 0) + if (XFSEEK(bio->ptr.fh, 0, XSEEK_SET) != 0) return WOLFSSL_BIO_ERROR; else - return 0; + return WOLFSSL_SUCCESS; #endif case WOLFSSL_BIO_BIO: bio->rdIdx = 0; bio->wrIdx = 0; - return 0; + return WOLFSSL_SUCCESS; case WOLFSSL_BIO_MEMORY: bio->rdIdx = 0; @@ -1510,27 +1723,27 @@ int wolfSSL_BIO_reset(WOLFSSL_BIO *bio) } else { bio->wrSz = 0; - XFREE(bio->ptr, bio->heap, DYNAMIC_TYPE_OPENSSL); - bio->ptr = NULL; - bio->num = 0; + XFREE(bio->ptr.mem_buf_data, bio->heap, DYNAMIC_TYPE_OPENSSL); + bio->ptr.mem_buf_data = NULL; + bio->num.length = 0; if (bio->mem_buf != NULL) { bio->mem_buf->data = NULL; bio->mem_buf->length = 0; bio->mem_buf->max = 0; } } - return 0; + return WOLFSSL_SUCCESS; #ifndef WOLFCRYPT_ONLY case WOLFSSL_BIO_MD: - if (bio->ptr != NULL) { + if (bio->ptr.md_ctx != NULL) { const WOLFSSL_EVP_MD* md = - wolfSSL_EVP_MD_CTX_md((WOLFSSL_EVP_MD_CTX*)bio->ptr); - wolfSSL_EVP_MD_CTX_cleanup((WOLFSSL_EVP_MD_CTX*)bio->ptr); - wolfSSL_EVP_MD_CTX_init((WOLFSSL_EVP_MD_CTX*)bio->ptr); - wolfSSL_EVP_DigestInit((WOLFSSL_EVP_MD_CTX*)bio->ptr, md); + wolfSSL_EVP_MD_CTX_md(bio->ptr.md_ctx); + wolfSSL_EVP_MD_CTX_cleanup(bio->ptr.md_ctx); + wolfSSL_EVP_MD_CTX_init(bio->ptr.md_ctx); + wolfSSL_EVP_DigestInit(bio->ptr.md_ctx, md); } - return 0; + return WOLFSSL_SUCCESS; #endif /* WOLFCRYPT_ONLY */ default: @@ -1580,7 +1793,7 @@ long wolfSSL_BIO_set_fp(WOLFSSL_BIO *bio, XFILE fp, int c) } bio->shutdown = (byte)c; - bio->ptr = (XFILE)fp; + bio->ptr.fh = fp; return WOLFSSL_SUCCESS; } @@ -1598,7 +1811,7 @@ long wolfSSL_BIO_get_fp(WOLFSSL_BIO *bio, XFILE* fp) return WOLFSSL_FAILURE; } - *fp = (XFILE)bio->ptr; + *fp = bio->ptr.fh; return WOLFSSL_SUCCESS; } @@ -1613,8 +1826,8 @@ int wolfSSL_BIO_write_filename(WOLFSSL_BIO *bio, char *name) } if (bio->type == WOLFSSL_BIO_FILE) { - if (((XFILE)bio->ptr) != XBADFILE && bio->shutdown == BIO_CLOSE) { - XFCLOSE((XFILE)bio->ptr); + if (bio->ptr.fh != XBADFILE && bio->shutdown == BIO_CLOSE) { + XFCLOSE(bio->ptr.fh); } /* 'b' flag is ignored on POSIX targets, but on Windows it assures @@ -1622,8 +1835,8 @@ int wolfSSL_BIO_write_filename(WOLFSSL_BIO *bio, char *name) * between the size and contents of the representation in memory and on * disk. */ - bio->ptr = XFOPEN(name, "wb"); - if (((XFILE)bio->ptr) == XBADFILE) { + bio->ptr.fh = XFOPEN(name, "wb"); + if (bio->ptr.fh == XBADFILE) { return WOLFSSL_FAILURE; } bio->shutdown = BIO_CLOSE; @@ -1640,13 +1853,13 @@ int wolfSSL_BIO_seek(WOLFSSL_BIO *bio, int ofs) WOLFSSL_ENTER("wolfSSL_BIO_seek"); if (bio == NULL) { - return -1; + return WOLFSSL_FATAL_ERROR; } /* offset ofs from beginning of file */ if (bio->type == WOLFSSL_BIO_FILE && - XFSEEK((XFILE)bio->ptr, ofs, SEEK_SET) < 0) { - return -1; + XFSEEK(bio->ptr.fh, ofs, SEEK_SET) < 0) { + return WOLFSSL_FATAL_ERROR; } return 0; @@ -1663,16 +1876,16 @@ int wolfSSL_BIO_tell(WOLFSSL_BIO* bio) WOLFSSL_ENTER("wolfSSL_BIO_tell"); if (bio == NULL) { - return -1; + return WOLFSSL_FATAL_ERROR; } if (bio->type != WOLFSSL_BIO_FILE) { return 0; } - pos = (int)XFTELL((XFILE)bio->ptr); + pos = (int)XFTELL(bio->ptr.fh); if (pos < 0) - return -1; + return WOLFSSL_FATAL_ERROR; else return pos; } @@ -1799,15 +2012,16 @@ long wolfSSL_BIO_set_nbio(WOLFSSL_BIO* bio, long on) if (bio) { switch (bio->type) { case WOLFSSL_BIO_SOCKET: + case WOLFSSL_BIO_DGRAM: #ifdef XFCNTL { int ret; - int flag = XFCNTL(bio->num, F_GETFL, 0); + int flag = XFCNTL(bio->num.fd, F_GETFL, 0); if (on) { - ret = XFCNTL(bio->num, F_SETFL, flag | O_NONBLOCK); + ret = XFCNTL(bio->num.fd, F_SETFL, flag | O_NONBLOCK); } else { - ret = XFCNTL(bio->num, F_SETFL, flag & ~O_NONBLOCK); + ret = XFCNTL(bio->num.fd, F_SETFL, flag & ~O_NONBLOCK); } if (ret == -1) { @@ -1818,7 +2032,7 @@ long wolfSSL_BIO_set_nbio(WOLFSSL_BIO* bio, long on) break; case WOLFSSL_BIO_SSL: #ifdef WOLFSSL_DTLS - wolfSSL_dtls_set_using_nonblock((WOLFSSL*)bio->ptr, (int)on); + wolfSSL_dtls_set_using_nonblock(bio->ptr.ssl, (int)on); #endif break; @@ -1966,7 +2180,7 @@ int wolfSSL_BIO_get_mem_data(WOLFSSL_BIO* bio, void* p) } if (p) { - *(byte**)p = (byte*)mem_bio->ptr + mem_bio->rdIdx; + *(byte**)p = mem_bio->ptr.mem_buf_data + mem_bio->rdIdx; } return mem_bio->wrSz - mem_bio->rdIdx; @@ -1991,7 +2205,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) } else if (bio->type == WOLFSSL_BIO_FILE) { #if !defined(NO_FILESYSTEM) && defined(XFFLUSH) - if (XFFLUSH((FILE *)bio->ptr) != 0) + if (XFFLUSH(bio->ptr.fh) != 0) return WOLFSSL_FAILURE; #endif /* !NO_FILESYSTEM && XFFLUSH */ @@ -2015,14 +2229,17 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) /* return the context and initialize the BIO state */ int wolfSSL_BIO_get_md_ctx(WOLFSSL_BIO *bio, WOLFSSL_EVP_MD_CTX **mdcp) { - int ret = WOLFSSL_FAILURE; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); if ((bio != NULL) && (mdcp != NULL)) { - *mdcp = (WOLFSSL_EVP_MD_CTX*)bio->ptr; + *mdcp = bio->ptr.md_ctx; ret = WOLFSSL_SUCCESS; } - return ret; + if (ret == WOLFSSL_SUCCESS) + return ret; + else + return WOLFSSL_FAILURE; } WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_buffer(void) @@ -2110,11 +2327,39 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) if (bio) { bio->type = WOLFSSL_BIO_SOCKET; bio->shutdown = (byte)closeF; - bio->num = sfd; + bio->num.fd = (SOCKET_T)sfd; } return bio; } + +#if defined(WOLFSSL_HAVE_BIO_ADDR) && defined(WOLFSSL_DTLS) + WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_datagram(void) + { + static WOLFSSL_BIO_METHOD meth = + WOLFSSL_BIO_METHOD_INIT(WOLFSSL_BIO_DGRAM); + + WOLFSSL_ENTER("wolfSSL_BIO_s_datagram"); + + return &meth; + } + + + WOLFSSL_BIO* wolfSSL_BIO_new_dgram(int fd, int closeF) + { + WOLFSSL_BIO* bio = wolfSSL_BIO_new(wolfSSL_BIO_s_datagram()); + + WOLFSSL_ENTER("wolfSSL_BIO_new_dgram"); + if (bio) { + bio->type = WOLFSSL_BIO_DGRAM; + bio->shutdown = (byte)closeF; + bio->num.fd = (SOCKET_T)fd; + } + return bio; + } +#endif + + /** * Create new socket BIO object. This is a pure TCP connection with * no SSL or TLS protection. @@ -2231,7 +2476,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) return WOLFSSL_FAILURE; } - b->num = (int)sfd; + b->num.fd = sfd; b->shutdown = BIO_CLOSE; return WOLFSSL_SUCCESS; } @@ -2255,17 +2500,17 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) return WOLFSSL_FAILURE; } - if (b->num == WOLFSSL_BIO_ERROR) { + if (b->num.fd == SOCKET_INVALID) { if (wolfIO_TcpBind(&sfd, b->port) < 0) { WOLFSSL_MSG("wolfIO_TcpBind error"); return WOLFSSL_FAILURE; } - b->num = (int)sfd; + b->num.fd = sfd; b->shutdown = BIO_CLOSE; } else { WOLFSSL_BIO* new_bio; - int newfd = wolfIO_TcpAccept(b->num, NULL, NULL); + int newfd = wolfIO_TcpAccept(b->num.fd, NULL, NULL); if (newfd < 0) { WOLFSSL_MSG("wolfIO_TcpBind error"); return WOLFSSL_FAILURE; @@ -2322,8 +2567,8 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) WOLFSSL_MSG("Bad parameter"); return WOLFSSL_FAILURE; } - if (b->type == WOLFSSL_BIO_SSL && b->ptr != NULL) { - return wolfSSL_negotiate((WOLFSSL*)b->ptr); + if (b->type == WOLFSSL_BIO_SSL && b->ptr.ssl != NULL) { + return wolfSSL_negotiate(b->ptr.ssl); } else { WOLFSSL_MSG("Not SSL BIO or no SSL object set"); @@ -2348,12 +2593,12 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) return; } - if (b->ptr != NULL) { - int rc = wolfSSL_shutdown((WOLFSSL*)b->ptr); + if (b->ptr.ssl != NULL) { + int rc = wolfSSL_shutdown(b->ptr.ssl); if (rc == SSL_SHUTDOWN_NOT_DONE) { /* In this case, call again to give us a chance to read the * close notify alert from the other end. */ - wolfSSL_shutdown((WOLFSSL*)b->ptr); + wolfSSL_shutdown(b->ptr.ssl); } } else { @@ -2363,12 +2608,12 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) long wolfSSL_BIO_set_ssl(WOLFSSL_BIO* b, WOLFSSL* ssl, int closeF) { - long ret = WOLFSSL_FAILURE; + long ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); WOLFSSL_ENTER("wolfSSL_BIO_set_ssl"); if (b != NULL) { - b->ptr = ssl; + b->ptr.ssl = ssl; b->shutdown = (byte)closeF; if (b->next != NULL) wolfSSL_set_bio(ssl, b->next, b->next); @@ -2376,7 +2621,10 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) ret = WOLFSSL_SUCCESS; } - return ret; + if (ret == WOLFSSL_SUCCESS) + return ret; + else + return WOLFSSL_FAILURE; } long wolfSSL_BIO_get_ssl(WOLFSSL_BIO* bio, WOLFSSL** ssl) @@ -2396,7 +2644,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) return WOLFSSL_FAILURE; } - *ssl = (WOLFSSL*)bio->ptr; + *ssl = bio->ptr.ssl; return WOLFSSL_SUCCESS; } @@ -2540,7 +2788,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) WOLFSSL_ENTER("wolfSSL_BIO_set_fd"); if (b != NULL) { - b->num = fd; + b->num.fd = (SOCKET_T)fd; b->shutdown = (byte)closeF; } @@ -2584,7 +2832,14 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) bio->method = method; #endif bio->shutdown = BIO_CLOSE; /* default to close things */ - bio->num = WOLFSSL_BIO_ERROR; + + if ((bio->type == WOLFSSL_BIO_SOCKET) || + (bio->type == WOLFSSL_BIO_DGRAM)) + { + bio->num.fd = SOCKET_INVALID; + } else { + bio->num.length = 0; + } bio->init = 1; #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) @@ -2616,8 +2871,8 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) } if (method->type == WOLFSSL_BIO_MD) { - bio->ptr = wolfSSL_EVP_MD_CTX_new(); - if (bio->ptr == NULL) { + bio->ptr.md_ctx = wolfSSL_EVP_MD_CTX_new(); + if (bio->ptr.md_ctx == NULL) { WOLFSSL_MSG("Memory error"); wolfSSL_BIO_free(bio); return NULL; @@ -2656,11 +2911,11 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) return NULL; } - bio->num = (int)bio->mem_buf->max; + bio->num.length = bio->mem_buf->max; bio->wrSz = len; - bio->ptr = bio->mem_buf->data; - if (len > 0 && bio->ptr != NULL) { - XMEMCPY(bio->ptr, buf, len); + bio->ptr.mem_buf_data = (byte *)bio->mem_buf->data; + if (len > 0 && bio->ptr.mem_buf_data != NULL) { + XMEMCPY(bio->ptr.mem_buf_data, buf, len); bio->flags |= BIO_FLAGS_MEM_RDONLY; bio->wrSzReset = bio->wrSz; } @@ -2723,44 +2978,51 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) bio->pair->pair = NULL; } - if (bio->ip != NULL) { - XFREE(bio->ip, bio->heap, DYNAMIC_TYPE_OPENSSL); - } + XFREE(bio->ip, bio->heap, DYNAMIC_TYPE_OPENSSL); if (bio->shutdown) { - if (bio->type == WOLFSSL_BIO_SSL && bio->ptr) - wolfSSL_free((WOLFSSL*)bio->ptr); + if (bio->type == WOLFSSL_BIO_SSL && bio->ptr.ssl) + wolfSSL_free(bio->ptr.ssl); #ifdef CloseSocket - if ((bio->type == WOLFSSL_BIO_SOCKET) && (bio->num > 0)) - CloseSocket(bio->num); + if (((bio->type == WOLFSSL_BIO_SOCKET) || + (bio->type == WOLFSSL_BIO_DGRAM)) && + (bio->num.fd != SOCKET_INVALID)) + { + CloseSocket(bio->num.fd); + } #endif } #ifndef NO_FILESYSTEM if (bio->type == WOLFSSL_BIO_FILE && bio->shutdown == BIO_CLOSE) { - if (bio->ptr) { - XFCLOSE((XFILE)bio->ptr); + if (bio->ptr.fh) { + XFCLOSE(bio->ptr.fh); } #if !defined(USE_WINDOWS_API) && !defined(NO_WOLFSSL_DIR)\ && !defined(WOLFSSL_NUCLEUS) && !defined(WOLFSSL_NUCLEUS_1_2) - else if (bio->num != WOLFSSL_BIO_ERROR) { - XCLOSE(bio->num); + else if (bio->num.fd != SOCKET_INVALID) { + XCLOSE(bio->num.fd); } #endif } #endif if (bio->shutdown != BIO_NOCLOSE) { - if (bio->type == WOLFSSL_BIO_MEMORY && bio->ptr != NULL) { + if (bio->type == WOLFSSL_BIO_MEMORY && + bio->ptr.mem_buf_data != NULL) + { if (bio->mem_buf != NULL) { - if (bio->mem_buf->data != (char*)bio->ptr) { - XFREE(bio->ptr, bio->heap, DYNAMIC_TYPE_OPENSSL); - bio->ptr = NULL; + if ((byte *)bio->mem_buf->data != bio->ptr.mem_buf_data) + { + XFREE(bio->ptr.mem_buf_data, bio->heap, + DYNAMIC_TYPE_OPENSSL); + bio->ptr.mem_buf_data = NULL; } } else { - XFREE(bio->ptr, bio->heap, DYNAMIC_TYPE_OPENSSL); - bio->ptr = NULL; + XFREE(bio->ptr.mem_buf_data, bio->heap, + DYNAMIC_TYPE_OPENSSL); + bio->ptr.mem_buf_data = NULL; } } if (bio->mem_buf != NULL) { @@ -2770,7 +3032,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) } if (bio->type == WOLFSSL_BIO_MD) { - wolfSSL_EVP_MD_CTX_free((WOLFSSL_EVP_MD_CTX*)bio->ptr); + wolfSSL_EVP_MD_CTX_free(bio->ptr.md_ctx); } XFREE(bio, 0, DYNAMIC_TYPE_OPENSSL); @@ -2809,8 +3071,8 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) } /* SSL BIO's should use the next object in the chain for IO */ - if (top->type == WOLFSSL_BIO_SSL && top->ptr) - wolfSSL_set_bio((WOLFSSL*)top->ptr, append, append); + if (top->type == WOLFSSL_BIO_SSL && top->ptr.ssl) + wolfSSL_set_bio(top->ptr.ssl, append, append); return top; } @@ -2914,9 +3176,11 @@ int wolfSSL_BIO_get_fd(WOLFSSL_BIO *bio, int* fd) WOLFSSL_ENTER("wolfSSL_BIO_get_fd"); if (bio != NULL) { + if (bio->num.fd == SOCKET_INVALID) + return WOLFSSL_BIO_ERROR; if (fd != NULL) - *fd = bio->num; - return bio->num; + *fd = (int)bio->num.fd; + return (int)bio->num.fd; } return WOLFSSL_BIO_ERROR; @@ -2991,10 +3255,10 @@ int wolfSSL_BIO_vprintf(WOLFSSL_BIO* bio, const char* format, va_list args) switch (bio->type) { #if !defined(NO_FILESYSTEM) case WOLFSSL_BIO_FILE: - if (bio->ptr == NULL) { - return -1; + if (bio->ptr.fh == XBADFILE) { + return WOLFSSL_FATAL_ERROR; } - ret = XVFPRINTF((XFILE)bio->ptr, format, args); + ret = XVFPRINTF(bio->ptr.fh, format, args); break; #endif @@ -3088,21 +3352,22 @@ int wolfSSL_BIO_dump(WOLFSSL_BIO *bio, const char *buf, int length) return wolfSSL_BIO_write(bio, "\tNULL", 5); } - XSPRINTF(line, "%04x - ", lineOffset); + (void)XSNPRINTF(line, sizeof(line), "%04x - ", lineOffset); o = 7; for (i = 0; i < BIO_DUMP_LINE_LEN; i++) { if (i < length) - XSPRINTF(line + o,"%02x ", (unsigned char)buf[i]); + (void)XSNPRINTF(line + o, (int)sizeof(line) - o, + "%02x ", (unsigned char)buf[i]); else - XSPRINTF(line + o, " "); + (void)XSNPRINTF(line + o, (int)sizeof(line) - o, " "); if (i == 7) - XSPRINTF(line + o + 2, "-"); + (void)XSNPRINTF(line + o + 2, (int)sizeof(line) - (o + 2), "-"); o += 3; } - XSPRINTF(line + o, " "); + (void)XSNPRINTF(line + o, (int)sizeof(line) - o, " "); o += 2; for (i = 0; (i < BIO_DUMP_LINE_LEN) && (i < length); i++) { - XSPRINTF(line + o, "%c", + (void)XSNPRINTF(line + o, (int)sizeof(line) - o, "%c", ((31 < buf[i]) && (buf[i] < 127)) ? buf[i] : '.'); o++; } diff --git a/src/src/conf.c b/src/src/conf.c index d177da5..c9a35c1 100644 --- a/src/src/conf.c +++ b/src/src/conf.c @@ -1,6 +1,6 @@ /* conf.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -133,7 +133,7 @@ WOLFSSL_TXT_DB *wolfSSL_TXT_DB_read(WOLFSSL_BIO *in, int num) XFREE(strBuf, NULL, DYNAMIC_TYPE_OPENSSL); goto error; } - if (wolfSSL_sk_push(ret->data, strBuf) != WOLFSSL_SUCCESS) { + if (wolfSSL_sk_push(ret->data, strBuf) <= 0) { WOLFSSL_MSG("wolfSSL_sk_push error"); XFREE(strBuf, NULL, DYNAMIC_TYPE_OPENSSL); goto error; @@ -146,9 +146,7 @@ WOLFSSL_TXT_DB *wolfSSL_TXT_DB_read(WOLFSSL_BIO *in, int num) wolfSSL_TXT_DB_free(ret); ret = NULL; } - if (buf) { - XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); return ret; } @@ -228,7 +226,7 @@ int wolfSSL_TXT_DB_insert(WOLFSSL_TXT_DB *db, WOLFSSL_STRING *row) return WOLFSSL_FAILURE; } - if (wolfSSL_sk_push(db->data, row) != WOLFSSL_SUCCESS) { + if (wolfSSL_sk_push(db->data, row) <= 0) { WOLFSSL_MSG("wolfSSL_sk_push error"); return WOLFSSL_FAILURE; } @@ -452,11 +450,11 @@ int wolfSSL_CONF_add_string(WOLFSSL_CONF *conf, sk = (WOLF_STACK_OF(WOLFSSL_CONF_VALUE) *)section->value; value->section = section->section; - if (wolfSSL_sk_CONF_VALUE_push(sk, value) != WOLFSSL_SUCCESS) { + if (wolfSSL_sk_CONF_VALUE_push(sk, value) <= 0) { WOLFSSL_MSG("wolfSSL_sk_CONF_VALUE_push error"); return WOLFSSL_FAILURE; } - if (wolfSSL_sk_CONF_VALUE_push(conf->data, value) != WOLFSSL_SUCCESS) { + if (wolfSSL_sk_CONF_VALUE_push(conf->data, value) <= 0) { WOLFSSL_MSG("wolfSSL_sk_CONF_VALUE_push error"); wolfssl_sk_pop_type(sk, STACK_TYPE_CONF_VALUE); return WOLFSSL_FAILURE; @@ -499,7 +497,7 @@ WOLFSSL_CONF_VALUE *wolfSSL_CONF_new_section(WOLFSSL_CONF *conf, ret->value = (char*)sk; - if (wolfSSL_sk_CONF_VALUE_push(conf->data, ret) != WOLFSSL_SUCCESS) { + if (wolfSSL_sk_CONF_VALUE_push(conf->data, ret) <= 0) { WOLFSSL_MSG("wolfSSL_sk_CONF_VALUE_push error"); goto error; } @@ -793,8 +791,7 @@ static char* expandValue(WOLFSSL_CONF *conf, const char* section, return ret ? ret : str; expand_cleanup: - if (ret) - XFREE(ret, NULL, DYNAMIC_TYPE_OPENSSL); + XFREE(ret, NULL, DYNAMIC_TYPE_OPENSSL); return NULL; } @@ -803,7 +800,7 @@ static char* expandValue(WOLFSSL_CONF *conf, const char* section, {(idx)++;} int wolfSSL_NCONF_load(WOLFSSL_CONF *conf, const char *file, long *eline) { - int ret = WOLFSSL_FAILURE; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); WOLFSSL_BIO *in = NULL; char* buf = NULL; char* idx = NULL; @@ -961,8 +958,7 @@ int wolfSSL_NCONF_load(WOLFSSL_CONF *conf, const char *file, long *eline) cleanup: if (in) wolfSSL_BIO_free(in); - if (buf) - XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (eline) *eline = line; return ret; @@ -986,13 +982,11 @@ void wolfSSL_X509V3_conf_free(WOLFSSL_CONF_VALUE *val) if (val->name) { /* Not a section. Don't free section as it is a shared pointer. */ XFREE(val->name, NULL, DYNAMIC_TYPE_OPENSSL); - if (val->value) - XFREE(val->value, NULL, DYNAMIC_TYPE_OPENSSL); + XFREE(val->value, NULL, DYNAMIC_TYPE_OPENSSL); } else { /* Section so val->value is a stack */ - if (val->section) - XFREE(val->section, NULL, DYNAMIC_TYPE_OPENSSL); + XFREE(val->section, NULL, DYNAMIC_TYPE_OPENSSL); /* Only free the stack structures. The contained conf values * will be freed in wolfSSL_NCONF_free */ sk = (WOLF_STACK_OF(WOLFSSL_CONF_VALUE)*)val->value; @@ -1545,7 +1539,7 @@ static const conf_cmd_tbl* wolfssl_conf_find_cmd(WOLFSSL_CONF_CTX* cctx, */ int wolfSSL_CONF_cmd(WOLFSSL_CONF_CTX* cctx, const char* cmd, const char* value) { - int ret = WOLFSSL_FAILURE; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); const conf_cmd_tbl* confcmd = NULL; WOLFSSL_ENTER("wolfSSL_CONF_cmd"); diff --git a/src/src/crl.c b/src/src/crl.c index 706c1f6..5e359c7 100644 --- a/src/src/crl.c +++ b/src/src/crl.c @@ -1,6 +1,6 @@ /* crl.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -121,7 +121,7 @@ static int InitCRL_Entry(CRL_Entry* crle, DecodedCRL* dcrl, const byte* buff, wolfSSL_d2i_X509_NAME(&crle->issuer, (unsigned char**)&dcrl->issuer, dcrl->issuerSz); if (crle->issuer == NULL) { - return -1; + return WOLFSSL_FATAL_ERROR; } #endif #ifdef CRL_STATIC_REVOKED_LIST @@ -141,13 +141,13 @@ static int InitCRL_Entry(CRL_Entry* crle, DecodedCRL* dcrl, const byte* buff, crle->toBeSigned = (byte*)XMALLOC(crle->tbsSz, heap, DYNAMIC_TYPE_CRL_ENTRY); if (crle->toBeSigned == NULL) - return -1; + return WOLFSSL_FATAL_ERROR; crle->signature = (byte*)XMALLOC(crle->signatureSz, heap, DYNAMIC_TYPE_CRL_ENTRY); if (crle->signature == NULL) { XFREE(crle->toBeSigned, heap, DYNAMIC_TYPE_CRL_ENTRY); crle->toBeSigned = NULL; - return -1; + return WOLFSSL_FATAL_ERROR; } #ifdef WC_RSA_PSS @@ -160,7 +160,7 @@ static int InitCRL_Entry(CRL_Entry* crle, DecodedCRL* dcrl, const byte* buff, crle->toBeSigned = NULL; XFREE(crle->signature, heap, DYNAMIC_TYPE_CRL_ENTRY); crle->signature = NULL; - return -1; + return WOLFSSL_FATAL_ERROR; } XMEMCPY(crle->sigParams, buff + dcrl->sigParamsIndex, crle->sigParamsSz); @@ -219,13 +219,10 @@ static void CRL_Entry_free(CRL_Entry* crle, void* heap) tmp = next; } #endif - if (crle->signature != NULL) - XFREE(crle->signature, heap, DYNAMIC_TYPE_CRL_ENTRY); - if (crle->toBeSigned != NULL) - XFREE(crle->toBeSigned, heap, DYNAMIC_TYPE_CRL_ENTRY); + XFREE(crle->signature, heap, DYNAMIC_TYPE_CRL_ENTRY); + XFREE(crle->toBeSigned, heap, DYNAMIC_TYPE_CRL_ENTRY); #ifdef WC_RSA_PSS - if (crle->sigParams != NULL) - XFREE(crle->sigParams, heap, DYNAMIC_TYPE_CRL_ENTRY); + XFREE(crle->sigParams, heap, DYNAMIC_TYPE_CRL_ENTRY); #endif #if defined(OPENSSL_EXTRA) if (crle->issuer != NULL) { @@ -426,7 +423,7 @@ static int CheckCertCRLList(WOLFSSL_CRL* crl, byte* issuerHash, byte* serial, #endif { #if !defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_CRL_DATE_CHECK) - if (!XVALIDATE_DATE(crle->nextDate,crle->nextDateFormat, AFTER)) { + if (!XVALIDATE_DATE(crle->nextDate,crle->nextDateFormat, ASN_AFTER)) { WOLFSSL_MSG("CRL next date is no longer valid"); nextDateValid = 0; } @@ -440,7 +437,7 @@ static int CheckCertCRLList(WOLFSSL_CRL* crl, byte* issuerHash, byte* serial, break; } else if (foundEntry == 0) { - ret = ASN_AFTER_DATE_E; + ret = CRL_CERT_DATE_ERR; } } } @@ -481,8 +478,9 @@ int CheckCertCRL_ex(WOLFSSL_CRL* crl, byte* issuerHash, byte* serial, if (foundEntry == 0) { /* perform embedded lookup */ if (crl->crlIOCb) { - ret = crl->crlIOCb(crl, (const char*)extCrlInfo, extCrlInfoSz); - if (ret == WOLFSSL_CBIO_ERR_WANT_READ) { + int cbRet = crl->crlIOCb(crl, (const char*)extCrlInfo, + extCrlInfoSz); + if (cbRet == WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_WANT_READ)) { ret = OCSP_WANT_READ; } else if (ret >= 0) { @@ -505,9 +503,9 @@ int CheckCertCRL_ex(WOLFSSL_CRL* crl, byte* issuerHash, byte* serial, /* When not set the folder or not use hash_dir, do nothing. */ if ((foundEntry == 0) && (ret != WC_NO_ERR_TRACE(OCSP_WANT_READ))) { if (crl->cm != NULL && crl->cm->x509_store_p != NULL) { - ret = LoadCertByIssuer(crl->cm->x509_store_p, + int loadRet = LoadCertByIssuer(crl->cm->x509_store_p, (WOLFSSL_X509_NAME*)issuerName, X509_LU_CRL); - if (ret == WOLFSSL_SUCCESS) { + if (loadRet == WOLFSSL_SUCCESS) { /* try again */ ret = CheckCertCRLList(crl, issuerHash, serial, serialSz, serialHash, &foundEntry); @@ -538,6 +536,13 @@ int CheckCertCRL_ex(WOLFSSL_CRL* crl, byte* issuerHash, byte* serial, crl->cm->cbMissingCRL(url); } + + if (crl->cm != NULL && crl->cm->crlCb && + crl->cm->crlCb(ret, crl, crl->cm, crl->cm->crlCbCtx)) { + if (ret != 0) + WOLFSSL_MSG("Overriding CRL error"); + ret = 0; + } } return ret; @@ -565,7 +570,7 @@ static int AddCRL(WOLFSSL_CRL* crl, DecodedCRL* dcrl, const byte* buff, WOLFSSL_ENTER("AddCRL"); if (crl == NULL) - return -1; + return WOLFSSL_FATAL_ERROR; crle = crl->currentEntry; @@ -580,7 +585,7 @@ static int AddCRL(WOLFSSL_CRL* crl, DecodedCRL* dcrl, const byte* buff, if (InitCRL_Entry(crle, dcrl, buff, verified, crl->heap) < 0) { WOLFSSL_MSG("Init CRL Entry failed"); CRL_Entry_free(crle, crl->heap); - return -1; + return WOLFSSL_FATAL_ERROR; } if (wc_LockRwLock_Wr(&crl->crlLock) != 0) { @@ -627,7 +632,7 @@ int BufferLoadCRL(WOLFSSL_CRL* crl, const byte* buff, long sz, int type, else { WOLFSSL_MSG("Pem to Der failed"); FreeDer(&der); - return -1; + return WOLFSSL_FATAL_ERROR; } #else ret = NOT_COMPILED_IN; @@ -779,7 +784,8 @@ static CRL_Entry* DupCRL_Entry(const CRL_Entry* ent, void* heap) #endif if (dupl->toBeSigned == NULL || dupl->signature == NULL #ifdef WC_RSA_PSS - || dupl->sigParams == NULL + /* allow sigParamsSz is zero and malloc(0) to return NULL */ + || (dupl->sigParams == NULL && dupl->sigParamsSz != 0) #endif ) { CRL_Entry_free(dupl, heap); @@ -1020,7 +1026,7 @@ static int SwapLists(WOLFSSL_CRL* crl) #ifdef WOLFSSL_SMALL_STACK XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif - return -1; + return WOLFSSL_FATAL_ERROR; } if (crl->monitors[0].path) { @@ -1031,7 +1037,7 @@ static int SwapLists(WOLFSSL_CRL* crl) #ifdef WOLFSSL_SMALL_STACK XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif - return -1; + return WOLFSSL_FATAL_ERROR; } } @@ -1043,7 +1049,7 @@ static int SwapLists(WOLFSSL_CRL* crl) #ifdef WOLFSSL_SMALL_STACK XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif - return -1; + return WOLFSSL_FATAL_ERROR; } } @@ -1053,7 +1059,7 @@ static int SwapLists(WOLFSSL_CRL* crl) #ifdef WOLFSSL_SMALL_STACK XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif - return -1; + return WOLFSSL_FATAL_ERROR; } newList = tmp->crlList; @@ -1102,10 +1108,14 @@ static int StopMonitor(wolfSSL_CRL_mfd_t mfd) struct kevent change; /* trigger custom shutdown */ +#if defined(NOTE_TRIGGER) EV_SET(&change, CRL_CUSTOM_FD, EVFILT_USER, 0, NOTE_TRIGGER, 0, NULL); +#elif defined(EV_TRIGGER) + EV_SET(&change, CRL_CUSTOM_FD, EVFILT_USER, EV_TRIGGER, 0, 0, NULL); +#endif if (kevent(mfd, &change, 1, NULL, 0, NULL) < 0) { WOLFSSL_MSG("kevent trigger customer event failed"); - return -1; + return WOLFSSL_FATAL_ERROR; } return 0; @@ -1237,7 +1247,7 @@ static int StopMonitor(wolfSSL_CRL_mfd_t mfd) /* write to our custom event */ if (write(mfd, &w64, sizeof(w64)) < 0) { WOLFSSL_MSG("StopMonitor write failed"); - return -1; + return WOLFSSL_FATAL_ERROR; } return 0; @@ -1380,7 +1390,7 @@ static int StopMonitor(wolfSSL_CRL_mfd_t mfd) { if (SetEvent(mfd) == 0) { WOLFSSL_MSG("SetEvent custom event trigger failed"); - return -1; + return WOLFSSL_FATAL_ERROR; } return 0; } diff --git a/src/src/dtls.c b/src/src/dtls.c index 52ace7e..5b2356a 100644 --- a/src/src/dtls.c +++ b/src/src/dtls.c @@ -1,6 +1,6 @@ /* dtls.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -953,8 +953,13 @@ int DoClientHelloStateless(WOLFSSL* ssl, const byte* input, word32 helloSz, int tlsxFound; ret = FindExtByType(&ch.cookieExt, TLSX_COOKIE, ch.extension, &tlsxFound); - if (ret != 0) + if (ret != 0) { + if (isFirstCHFrag) { + WOLFSSL_MSG("\t\tCookie probably missing from first " + "fragment. Dropping."); + } return ret; + } } } #endif @@ -1033,22 +1038,6 @@ int DoClientHelloStateless(WOLFSSL* ssl, const byte* input, word32 helloSz, #if defined(WOLFSSL_DTLS_CID) -typedef struct ConnectionID { - byte length; -/* Ignore "nonstandard extension used : zero-sized array in struct/union" - * MSVC warning */ -#ifdef _MSC_VER -#pragma warning(disable: 4200) -#endif - byte id[]; -} ConnectionID; - -typedef struct CIDInfo { - ConnectionID* tx; - ConnectionID* rx; - byte negotiated : 1; -} CIDInfo; - static ConnectionID* DtlsCidNew(const byte* cid, byte size, void* heap) { ConnectionID* ret; @@ -1150,10 +1139,8 @@ void TLSX_ConnectionID_Free(byte* ext, void* heap) info = DtlsCidGetInfoFromExt(ext); if (info == NULL) return; - if (info->rx != NULL) - XFREE(info->rx, heap, DYNAMIC_TYPE_TLSX); - if (info->tx != NULL) - XFREE(info->tx, heap, DYNAMIC_TYPE_TLSX); + XFREE(info->rx, heap, DYNAMIC_TYPE_TLSX); + XFREE(info->tx, heap, DYNAMIC_TYPE_TLSX); XFREE(info, heap, DYNAMIC_TYPE_TLSX); DtlsCidUnsetInfoFromExt(ext); XFREE(ext, heap, DYNAMIC_TYPE_TLSX); @@ -1228,9 +1215,8 @@ int TLSX_ConnectionID_Use(WOLFSSL* ssl) int TLSX_ConnectionID_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte isRequest) { - ConnectionID* id; CIDInfo* info; - byte cidSize; + byte cidSz; TLSX* ext; ext = TLSX_Find(ssl->extensions, TLSX_CONNECTION_ID); @@ -1246,35 +1232,41 @@ int TLSX_ConnectionID_Parse(WOLFSSL* ssl, const byte* input, word16 length, } } + if (length < OPAQUE8_LEN) + return BUFFER_ERROR; + + cidSz = *input; + if (cidSz + OPAQUE8_LEN > length) + return BUFFER_ERROR; + info = DtlsCidGetInfo(ssl); if (info == NULL) return BAD_STATE_E; /* it may happen if we process two ClientHello because the server sent an - * HRR request */ - if (info->tx != NULL) { + * HRR/HVR request */ + if (info->tx != NULL || info->negotiated) { if (ssl->options.side != WOLFSSL_SERVER_END && - ssl->options.serverState != SERVER_HELLO_RETRY_REQUEST_COMPLETE) + ssl->options.serverState != SERVER_HELLO_RETRY_REQUEST_COMPLETE && + !IsSCR(ssl)) return BAD_STATE_E; - XFREE(info->tx, ssl->heap, DYNAMIC_TYPE_TLSX); - info->tx = NULL; - } - - if (length < OPAQUE8_LEN) - return BUFFER_ERROR; - - cidSize = *input; - if (cidSize + OPAQUE8_LEN > length) - return BUFFER_ERROR; + /* Should not be null if negotiated */ + if (info->tx == NULL) + return BAD_STATE_E; - if (cidSize > 0) { - id = (ConnectionID*)XMALLOC(sizeof(*id) + cidSize, ssl->heap, - DYNAMIC_TYPE_TLSX); + /* For now we don't support changing the CID on a rehandshake */ + if (cidSz != info->tx->length || + XMEMCMP(info->tx->id, input + OPAQUE8_LEN, cidSz) != 0) + return DTLS_CID_ERROR; + } + else if (cidSz > 0) { + ConnectionID* id = (ConnectionID*)XMALLOC(sizeof(*id) + cidSz, + ssl->heap, DYNAMIC_TYPE_TLSX); if (id == NULL) return MEMORY_ERROR; - XMEMCPY(id->id, input + OPAQUE8_LEN, cidSize); - id->length = cidSize; + XMEMCPY(id->id, input + OPAQUE8_LEN, cidSz); + id->length = cidSz; info->tx = id; } @@ -1314,10 +1306,6 @@ int wolfSSL_dtls_cid_use(WOLFSSL* ssl) { int ret; - /* CID is supported on DTLSv1.3 only */ - if (!IsAtLeastTLSv1_3(ssl->version)) - return WOLFSSL_FAILURE; - ssl->options.useDtlsCID = 1; ret = TLSX_ConnectionID_Use(ssl); if (ret != 0) @@ -1343,8 +1331,9 @@ int wolfSSL_dtls_cid_set(WOLFSSL* ssl, unsigned char* cid, unsigned int size) return WOLFSSL_FAILURE; if (cidInfo->rx != NULL) { - XFREE(cidInfo->rx, ssl->heap, DYNAMIC_TYPE_TLSX); - cidInfo->rx = NULL; + WOLFSSL_MSG("wolfSSL doesn't support changing the CID during a " + "connection"); + return WOLFSSL_FAILURE; } /* empty CID */ @@ -1383,7 +1372,42 @@ int wolfSSL_dtls_cid_get_tx(WOLFSSL* ssl, unsigned char* buf, return DtlsCidGet(ssl, buf, bufferSz, 0); } +int wolfSSL_dtls_cid_max_size(void) +{ + return DTLS_CID_MAX_SIZE; +} #endif /* WOLFSSL_DTLS_CID */ + +byte DtlsGetCidTxSize(WOLFSSL* ssl) +{ +#ifdef WOLFSSL_DTLS_CID + unsigned int cidSz; + int ret; + ret = wolfSSL_dtls_cid_get_tx_size(ssl, &cidSz); + if (ret != WOLFSSL_SUCCESS) + return 0; + return (byte)cidSz; +#else + (void)ssl; + return 0; +#endif +} + +byte DtlsGetCidRxSize(WOLFSSL* ssl) +{ +#ifdef WOLFSSL_DTLS_CID + unsigned int cidSz; + int ret; + ret = wolfSSL_dtls_cid_get_rx_size(ssl, &cidSz); + if (ret != WOLFSSL_SUCCESS) + return 0; + return (byte)cidSz; +#else + (void)ssl; + return 0; +#endif +} + #endif /* WOLFSSL_DTLS */ #endif /* WOLFCRYPT_ONLY */ diff --git a/src/src/dtls13.c b/src/src/dtls13.c index 0284ffe..6f2f014 100644 --- a/src/src/dtls13.c +++ b/src/src/dtls13.c @@ -1,6 +1,6 @@ /* dtls13.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -71,6 +71,8 @@ typedef struct Dtls13HandshakeHeader { byte fragmentLength[3]; } Dtls13HandshakeHeader; +wc_static_assert(sizeof(Dtls13HandshakeHeader) == DTLS13_HANDSHAKE_HEADER_SZ); + /** * struct Dtls13Recordplaintextheader: represent header of unprotected DTLSv1.3 * record @@ -339,9 +341,17 @@ static void Dtls13MsgWasProcessed(WOLFSSL* ssl, enum HandShakeType hs) if (ssl->options.dtlsStateful) ssl->keys.dtls_expected_peer_handshake_number++; - /* we need to send ACKs on the last message of a flight that needs explicit - acknowledgment */ - ssl->dtls13Rtx.sendAcks = Dtls13RtxMsgNeedsAck(ssl, hs); +#ifdef WOLFSSL_RW_THREADED + if (wc_LockMutex(&ssl->dtls13Rtx.mutex) == 0) +#endif + { + /* we need to send ACKs on the last message of a flight that needs + * explicit acknowledgment */ + ssl->dtls13Rtx.sendAcks = Dtls13RtxMsgNeedsAck(ssl, hs); + #ifdef WOLFSSL_RW_THREADED + wc_UnLockMutex(&ssl->dtls13Rtx.mutex); + #endif + } } int Dtls13ProcessBufferedMessages(WOLFSSL* ssl) @@ -395,7 +405,8 @@ int Dtls13ProcessBufferedMessages(WOLFSSL* ssl) * from there, the message can be considered processed successfully. * WANT_WRITE means that we are done with processing the msg and we are * waiting to flush the output buffer. */ - if ((ret == 0 || ret == WANT_WRITE) || (msg->type == certificate_request && + if ((ret == 0 || ret == WC_NO_ERR_TRACE(WANT_WRITE)) || + (msg->type == certificate_request && ssl->options.handShakeDone && ret == WC_NO_ERR_TRACE(WC_PENDING_E))) { if (IsAtLeastTLSv1_3(ssl->version)) @@ -484,22 +495,25 @@ int Dtls13HashClientHello(const WOLFSSL* ssl, byte* hash, int* hashSz, wc_HashAlg hashCtx; int type = wolfSSL_GetHmacType_ex(specs); + if (type < 0) + return type; + header[0] = (byte)client_hello; c32to24(length, header + 1); - ret = wc_HashInit_ex(&hashCtx, type, ssl->heap, ssl->devId); + ret = wc_HashInit_ex(&hashCtx, (enum wc_HashType)type, ssl->heap, ssl->devId); if (ret == 0) { - ret = wc_HashUpdate(&hashCtx, type, header, OPAQUE32_LEN); + ret = wc_HashUpdate(&hashCtx, (enum wc_HashType)type, header, OPAQUE32_LEN); if (ret == 0) - ret = wc_HashUpdate(&hashCtx, type, body, length); + ret = wc_HashUpdate(&hashCtx, (enum wc_HashType)type, body, length); if (ret == 0) - ret = wc_HashFinal(&hashCtx, type, hash); + ret = wc_HashFinal(&hashCtx, (enum wc_HashType)type, hash); if (ret == 0) { - *hashSz = wc_HashGetDigestSize(type); + *hashSz = wc_HashGetDigestSize((enum wc_HashType)type); if (*hashSz < 0) ret = *hashSz; } - wc_HashFree(&hashCtx, type); + wc_HashFree(&hashCtx, (enum wc_HashType)type); } return ret; } @@ -557,9 +571,6 @@ static int Dtls13SendFragment(WOLFSSL* ssl, byte* output, word16 output_size, else { msg = output + recordHeaderLength; - if (length <= recordHeaderLength) - return BUFFER_ERROR; - if (hashOutput) { ret = Dtls13HashHandshake(ssl, msg, recordLength); if (ret != 0) @@ -651,8 +662,17 @@ static void Dtls13RtxRecordUnlink(WOLFSSL* ssl, Dtls13RtxRecord** prevNext, Dtls13RtxRecord* r) { /* if r was at the tail of the list, update the tail pointer */ - if (r->next == NULL) - ssl->dtls13Rtx.rtxRecordTailPtr = prevNext; + if (r->next == NULL) { + #ifdef WOLFSSL_RW_THREADED + if (wc_LockMutex(&ssl->dtls13Rtx.mutex) == 0) + #endif + { + ssl->dtls13Rtx.rtxRecordTailPtr = prevNext; + #ifdef WOLFSSL_RW_THREADED + wc_UnLockMutex(&ssl->dtls13Rtx.mutex); + #endif + } + } /* unlink */ *prevNext = r->next; @@ -709,12 +729,20 @@ static int Dtls13RtxAddAck(WOLFSSL* ssl, w64wrapper epoch, w64wrapper seq) WOLFSSL_ENTER("Dtls13RtxAddAck"); - rn = Dtls13NewRecordNumber(epoch, seq, ssl->heap); - if (rn == NULL) - return MEMORY_E; +#ifdef WOLFSSL_RW_THREADED + if (wc_LockMutex(&ssl->dtls13Rtx.mutex) == 0) +#endif + { + rn = Dtls13NewRecordNumber(epoch, seq, ssl->heap); + if (rn == NULL) + return MEMORY_E; - rn->next = ssl->dtls13Rtx.seenRecords; - ssl->dtls13Rtx.seenRecords = rn; + rn->next = ssl->dtls13Rtx.seenRecords; + ssl->dtls13Rtx.seenRecords = rn; + #ifdef WOLFSSL_RW_THREADED + wc_UnLockMutex(&ssl->dtls13Rtx.mutex); + #endif + } return 0; } @@ -727,15 +755,23 @@ static void Dtls13RtxFlushAcks(WOLFSSL* ssl) WOLFSSL_ENTER("Dtls13RtxFlushAcks"); - list = ssl->dtls13Rtx.seenRecords; +#ifdef WOLFSSL_RW_THREADED + if (wc_LockMutex(&ssl->dtls13Rtx.mutex) == 0) +#endif + { + list = ssl->dtls13Rtx.seenRecords; - while (list != NULL) { - rn = list; - list = rn->next; - XFREE(rn, ssl->heap, DYNAMIC_TYPE_DTLS_MSG); - } + while (list != NULL) { + rn = list; + list = rn->next; + XFREE(rn, ssl->heap, DYNAMIC_TYPE_DTLS_MSG); + } - ssl->dtls13Rtx.seenRecords = NULL; + ssl->dtls13Rtx.seenRecords = NULL; + #ifdef WOLFSSL_RW_THREADED + wc_UnLockMutex(&ssl->dtls13Rtx.mutex); + #endif + } } static int Dtls13DetectDisruption(WOLFSSL* ssl, word32 fragOffset) @@ -811,9 +847,7 @@ static void Dtls13MaybeSaveClientHello(WOLFSSL* ssl) while (r != NULL) { if (r->handshakeType == client_hello) { Dtls13RtxRecordUnlink(ssl, prev_next, r); - if (ssl->dtls13ClientHello != NULL) - XFREE(ssl->dtls13ClientHello, ssl->heap, - DYNAMIC_TYPE_DTLS_MSG); + XFREE(ssl->dtls13ClientHello, ssl->heap, DYNAMIC_TYPE_DTLS_MSG); ssl->dtls13ClientHello = r->data; ssl->dtls13ClientHelloSz = r->length; r->data = NULL; @@ -921,7 +955,7 @@ static int Dtls13SendOneFragmentRtx(WOLFSSL* ssl, handshakeType, hashOutput, Dtls13SendNow(ssl, handshakeType)); if (rtxRecord != NULL) { - if (ret == 0 || ret == WANT_WRITE) + if (ret == 0 || ret == WC_NO_ERR_TRACE(WANT_WRITE)) Dtls13RtxAddRecord(&ssl->dtls13Rtx, rtxRecord); else Dtls13FreeRtxBufferRecord(ssl, rtxRecord); @@ -981,7 +1015,7 @@ static int Dtls13SendFragmentedInternal(WOLFSSL* ssl) ret = Dtls13SendOneFragmentRtx(ssl, (enum HandShakeType)ssl->dtls13FragHandshakeType, (word16)recordLength + MAX_MSG_EXTRA, output, (word32)recordLength, 0); - if (ret == WANT_WRITE) { + if (ret == WC_NO_ERR_TRACE(WANT_WRITE)) { ssl->dtls13FragOffset += fragLength; return ret; } @@ -1053,45 +1087,26 @@ static WC_INLINE word8 Dtls13GetEpochBits(w64wrapper epoch) } #ifdef WOLFSSL_DTLS_CID -static byte Dtls13GetCidTxSize(WOLFSSL* ssl) -{ - unsigned int cidSz; - int ret; - ret = wolfSSL_dtls_cid_get_tx_size(ssl, &cidSz); - if (ret != WOLFSSL_SUCCESS) - return 0; - return (byte)cidSz; -} - -static byte Dtls13GetCidRxSize(WOLFSSL* ssl) -{ - unsigned int cidSz; - int ret; - ret = wolfSSL_dtls_cid_get_rx_size(ssl, &cidSz); - if (ret != WOLFSSL_SUCCESS) - return 0; - return (byte)cidSz; -} static int Dtls13AddCID(WOLFSSL* ssl, byte* flags, byte* out, word16* idx) { - byte cidSize; + byte cidSz; int ret; if (!wolfSSL_dtls_cid_is_enabled(ssl)) return 0; - cidSize = Dtls13GetCidTxSize(ssl); + cidSz = DtlsGetCidTxSize(ssl); /* no cid */ - if (cidSize == 0) + if (cidSz == 0) return 0; *flags |= DTLS13_CID_BIT; - /* we know that we have at least cidSize of space */ - ret = wolfSSL_dtls_cid_get_tx(ssl, out + *idx, cidSize); + /* we know that we have at least cidSz of space */ + ret = wolfSSL_dtls_cid_get_tx(ssl, out + *idx, cidSz); if (ret != WOLFSSL_SUCCESS) return ret; - *idx += cidSize; + *idx += cidSz; return 0; } @@ -1137,8 +1152,6 @@ static int Dtls13UnifiedHeaderParseCID(WOLFSSL* ssl, byte flags, #else #define Dtls13AddCID(a, b, c, d) 0 -#define Dtls13GetCidRxSize(a) 0 -#define Dtls13GetCidTxSize(a) 0 #define Dtls13UnifiedHeaderParseCID(a, b, c, d, e) 0 #endif /* WOLFSSL_DTLS_CID */ @@ -1210,6 +1223,11 @@ int Dtls13HandshakeAddHeader(WOLFSSL* ssl, byte* output, return 0; } +int Dtls13MinimumRecordLength(WOLFSSL* ssl) +{ + return Dtls13GetRlHeaderLength(ssl, 1) + DTLS13_MIN_CIPHERTEXT; +} + /** * Dtls13EncryptRecordNumber() - encrypt record number in the header * @ssl: ssl object @@ -1226,14 +1244,20 @@ int Dtls13EncryptRecordNumber(WOLFSSL* ssl, byte* hdr, word16 recordLength) if (ssl == NULL || hdr == NULL) return BAD_FUNC_ARG; +#ifdef HAVE_NULL_CIPHER + /* Do not encrypt record numbers with null cipher. See RFC 9150 Sec 9 */ + if (ssl->specs.bulk_cipher_algorithm == wolfssl_cipher_null) + return 0; +#endif /*HAVE_NULL_CIPHER */ + /* we need at least a 16 bytes of ciphertext to encrypt record number see 4.2.3*/ - if (recordLength < Dtls13GetRlHeaderLength(ssl, 1) + DTLS13_MIN_CIPHERTEXT) + if (recordLength < Dtls13MinimumRecordLength(ssl)) return BUFFER_ERROR; seqLength = (*hdr & DTLS13_LEN_BIT) ? DTLS13_SEQ_16_LEN : DTLS13_SEQ_8_LEN; - cidSz = Dtls13GetCidTxSize(ssl); + cidSz = DtlsGetCidTxSize(ssl); /* header flags + seq number + CID size*/ hdrLength = OPAQUE8_LEN + seqLength + cidSz; @@ -1264,7 +1288,7 @@ word16 Dtls13GetRlHeaderLength(WOLFSSL* ssl, byte isEncrypted) if (!isEncrypted) return DTLS_RECORD_HEADER_SZ; - return DTLS13_UNIFIED_HEADER_SIZE + Dtls13GetCidTxSize(ssl); + return DTLS13_UNIFIED_HEADER_SIZE + DtlsGetCidTxSize(ssl); } /** @@ -1391,7 +1415,7 @@ int Dtls13GetUnifiedHeaderSize(WOLFSSL* ssl, const byte input, word16* size) return BAD_FUNC_ARG; /* flags (1) + CID + seq 8bit (1) */ - *size = OPAQUE8_LEN + Dtls13GetCidRxSize(ssl) + OPAQUE8_LEN; + *size = OPAQUE8_LEN + DtlsGetCidRxSize(ssl) + OPAQUE8_LEN; if (input & DTLS13_SEQ_LEN_BIT) *size += OPAQUE8_LEN; if (input & DTLS13_LEN_BIT) @@ -1454,17 +1478,22 @@ int Dtls13ParseUnifiedRecordLayer(WOLFSSL* ssl, const byte* input, hdrInfo->recordLength = inputSize - idx; } - /* minimum size for a dtls1.3 packet is 16 bytes (to have enough ciphertext - to create record number xor mask). (draft 43 - Sec 4.2.3) */ - if (hdrInfo->recordLength < DTLS13_RN_MASK_SIZE) - return LENGTH_ERROR; - if (inputSize < idx + DTLS13_RN_MASK_SIZE) - return BUFFER_ERROR; + /* Do not encrypt record numbers with null cipher. See RFC 9150 Sec 9 */ + if (ssl->specs.bulk_cipher_algorithm != wolfssl_cipher_null) + { + /* minimum size for a dtls1.3 packet is 16 bytes (to have enough + * ciphertext to create record number xor mask). + * (draft 43 - Sec 4.2.3) */ + if (hdrInfo->recordLength < DTLS13_RN_MASK_SIZE) + return LENGTH_ERROR; + if (inputSize < idx + DTLS13_RN_MASK_SIZE) + return BUFFER_ERROR; - ret = Dtls13EncryptDecryptRecordNumber(ssl, seqNum, seqLen, input + idx, - DEPROTECT); - if (ret != 0) - return ret; + ret = Dtls13EncryptDecryptRecordNumber(ssl, seqNum, seqLen, input + idx, + DEPROTECT); + if (ret != 0) + return ret; + } if (seqLen == DTLS13_SEQ_16_LEN) { hdrInfo->seqHiPresent = 1; @@ -1563,7 +1592,7 @@ static int Dtls13RtxSendBuffered(WOLFSSL* ssl) ret = Dtls13SendFragment(ssl, output, (word16)sendSz, r->length + headerLength, (enum HandShakeType)r->handshakeType, 0, isLast || !ssl->options.groupMessages); - if (ret != 0 && ret != WANT_WRITE) + if (ret != 0 && ret != WC_NO_ERR_TRACE(WANT_WRITE)) return ret; if (r->rnIdx >= DTLS13_RETRANS_RN_SIZE) @@ -1577,7 +1606,7 @@ static int Dtls13RtxSendBuffered(WOLFSSL* ssl) r->seq[r->rnIdx] = seq; r->rnIdx++; - if (ret == WANT_WRITE) { + if (ret == WC_NO_ERR_TRACE(WANT_WRITE)) { /* this fragment will be sent eventually. Move it to the end of the list so next time we start with a new one. */ Dtls13RtxMoveToEndOfList(ssl, prevNext, r); @@ -1684,7 +1713,7 @@ static int _Dtls13HandshakeRecv(WOLFSSL* ssl, byte* input, word32 size, isFirst = fragOff == 0; isComplete = isFirst && fragLength == messageLength; - if (!isComplete && !Dtls13AcceptFragmented(ssl, handshakeType)) { + if (!isComplete && !Dtls13AcceptFragmented(ssl, (enum HandShakeType)handshakeType)) { #ifdef WOLFSSL_DTLS_CH_FRAG byte tls13 = 0; /* check if the first CH fragment contains a valid cookie */ @@ -1876,7 +1905,7 @@ int Dtls13HandshakeSend(WOLFSSL* ssl, byte* message, word16 outputSize, if (maxLen < maxFrag) { ret = Dtls13SendOneFragmentRtx(ssl, handshakeType, outputSize, message, length, hashOutput); - if (ret == 0 || ret == WANT_WRITE) + if (ret == 0 || ret == WC_NO_ERR_TRACE(WANT_WRITE)) ssl->keys.dtls_handshake_number++; } else { @@ -2523,13 +2552,25 @@ static void Dtls13RtxRemoveRecord(WOLFSSL* ssl, w64wrapper epoch, int Dtls13DoScheduledWork(WOLFSSL* ssl) { int ret; + int sendAcks; WOLFSSL_ENTER("Dtls13DoScheduledWork"); ssl->dtls13SendingAckOrRtx = 1; - if (ssl->dtls13Rtx.sendAcks) { +#ifdef WOLFSSL_RW_THREADED + ret = wc_LockMutex(&ssl->dtls13Rtx.mutex); + if (ret < 0) + return ret; +#endif + sendAcks = ssl->dtls13Rtx.sendAcks; + if (sendAcks) { ssl->dtls13Rtx.sendAcks = 0; + } +#ifdef WOLFSSL_RW_THREADED + ret = wc_UnLockMutex(&ssl->dtls13Rtx.mutex); +#endif + if (sendAcks) { ret = SendDtls13Ack(ssl); if (ret != 0) return ret; @@ -2586,7 +2627,7 @@ int Dtls13RtxTimeout(WOLFSSL* ssl) /* Increase timeout on long timeout */ if (DtlsMsgPoolTimeout(ssl) != 0) - return -1; + return WOLFSSL_FATAL_ERROR; return Dtls13RtxSendBuffered(ssl); } @@ -2605,13 +2646,28 @@ static int Dtls13RtxHasKeyUpdateBuffered(WOLFSSL* ssl) return 0; } +int DoDtls13KeyUpdateAck(WOLFSSL* ssl) +{ + int ret = 0; + + if (!Dtls13RtxHasKeyUpdateBuffered(ssl)) { + /* we removed the KeyUpdate message because it was ACKed */ + ssl->dtls13WaitKeyUpdateAck = 0; + ret = Dtls13KeyUpdateAckReceived(ssl); + } + + return ret; +} + int DoDtls13Ack(WOLFSSL* ssl, const byte* input, word32 inputSize, word32* processedSize) { const byte* ackMessage; w64wrapper epoch, seq; word16 length; +#ifndef WOLFSSL_RW_THREADED int ret; +#endif int i; if (inputSize < OPAQUE16_LEN) @@ -2643,15 +2699,13 @@ int DoDtls13Ack(WOLFSSL* ssl, const byte* input, word32 inputSize, ssl->options.serverState = SERVER_FINISHED_ACKED; } +#ifndef WOLFSSL_RW_THREADED if (ssl->dtls13WaitKeyUpdateAck) { - if (!Dtls13RtxHasKeyUpdateBuffered(ssl)) { - /* we removed the KeyUpdate message because it was ACKed */ - ssl->dtls13WaitKeyUpdateAck = 0; - ret = Dtls13KeyUpdateAckReceived(ssl); - if (ret != 0) - return ret; - } + ret = DoDtls13KeyUpdateAck(ssl); + if (ret != 0) + return ret; } +#endif *processedSize = length + OPAQUE16_LEN; @@ -2702,9 +2756,17 @@ int SendDtls13Ack(WOLFSSL* ssl) if (ret != 0) return ret; - ret = Dtls13WriteAckMessage(ssl, ssl->dtls13Rtx.seenRecords, &length); - if (ret != 0) +#ifdef WOLFSSL_RW_THREADED + ret = wc_LockMutex(&ssl->dtls13Rtx.mutex); + if (ret < 0) return ret; +#endif + ret = Dtls13WriteAckMessage(ssl, ssl->dtls13Rtx.seenRecords, &length); +#ifdef WOLFSSL_RW_THREADED + wc_UnLockMutex(&ssl->dtls13Rtx.mutex); +#endif + if (ret != 0) + return ret; output = GetOutputBuffer(ssl); diff --git a/src/src/internal.c b/src/src/internal.c index 6bbd38f..a152022 100644 --- a/src/src/internal.c +++ b/src/src/internal.c @@ -1,6 +1,6 @@ /* internal.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -19,8 +19,6 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ - - #ifdef HAVE_CONFIG_H #include #endif @@ -212,6 +210,8 @@ WOLFSSL_CALLBACKS needs LARGE_STATIC_BUFFERS, please add LARGE_STATIC_BUFFERS #endif #endif +int writeAeadAuthData(WOLFSSL* ssl, word16 sz, byte type, byte* additional, + byte dec, byte** seq, int verifyOrder); #ifdef WOLFSSL_DTLS static int _DtlsCheckWindow(WOLFSSL* ssl); @@ -344,7 +344,7 @@ void wolfssl_priv_der_unblind(DerBuffer* key, DerBuffer* mask) { wolfSSL_CTX_keylog_cb_func logCb = NULL; int msSz; - int hasVal; + int invalidCount; int i; const char* label = SSC_CR; int labelSz = sizeof(SSC_CR); @@ -355,32 +355,34 @@ void wolfssl_priv_der_unblind(DerBuffer* key, DerBuffer* mask) int ret; (void)ctx; - if (ssl == NULL || secret == NULL || *secretSz == 0) + if (ssl == NULL || secret == NULL || secretSz == NULL || *secretSz == 0) return BAD_FUNC_ARG; if (ssl->arrays == NULL) return BAD_FUNC_ARG; - /* get the user-callback func from CTX*/ + /* get the user-callback func from CTX */ logCb = ssl->ctx->keyLogCb; - if (logCb == NULL) - return 0; + if (logCb == NULL) { + return 0; /* no logging callback */ + } - /* need to make sure the given master-secret has a meaningful value */ + /* make sure the given master-secret has a meaningful value */ msSz = *secretSz; - hasVal = 0; + invalidCount = 0; for (i = 0; i < msSz; i++) { - if (*((byte*)secret) != 0) { - hasVal = 1; - break; + if (((byte*)secret)[i] == 0) { + invalidCount++; } } - if (hasVal == 0) - return 0; /* master-secret looks invalid */ + if (invalidCount == *secretSz) { + WOLFSSL_MSG("master-secret is not valid"); + return 0; /* ignore error */ + } /* build up a hex-decoded keylog string - "CLIENT_RANDOM " - note that each keylog string does not have CR/LF. - */ + * "CLIENT_RANDOM " + * note that each keylog string does not have CR/LF. + */ buffSz = labelSz + (RAN_LEN * 2) + 1 + ((*secretSz) * 2) + 1; log = XMALLOC(buffSz, ssl->heap, DYNAMIC_TYPE_SECRET); if (log == NULL) @@ -410,8 +412,9 @@ void wolfssl_priv_der_unblind(DerBuffer* key, DerBuffer* mask) ret = 0; } } - else - ret = MEMORY_E; + else { + ret = BUFFER_E; + } } /* Zero out Base16 encoded secret and other data. */ ForceZero(log, buffSz); @@ -2107,7 +2110,7 @@ int wolfSSL_session_export_internal(WOLFSSL* ssl, byte* buf, word32* sz, if (type == WOLFSSL_EXPORT_TLS) { *sz += AES_BLOCK_SIZE*2; } - ret = LENGTH_ONLY_E; + ret = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if (ret == 0) { @@ -2562,7 +2565,7 @@ void wolfSSL_CRYPTO_cleanup_ex_data(WOLFSSL_CRYPTO_EX_DATA* ex_data) #if defined(WOLFSSL_TLS13) && defined(HAVE_ECH) /* free all ech configs in the list */ -static void FreeEchConfigs(WOLFSSL_EchConfig* configs, void* heap) +void FreeEchConfigs(WOLFSSL_EchConfig* configs, void* heap) { WOLFSSL_EchConfig* working_config = configs; WOLFSSL_EchConfig* next_config; @@ -2573,8 +2576,7 @@ static void FreeEchConfigs(WOLFSSL_EchConfig* configs, void* heap) XFREE(working_config->cipherSuites, heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(working_config->publicName, heap, DYNAMIC_TYPE_TMP_BUFFER); - if (working_config->raw != NULL) - XFREE(working_config->raw, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(working_config->raw, heap, DYNAMIC_TYPE_TMP_BUFFER); if (working_config->receiverPrivkey != NULL) { wc_HpkeFreeKey(NULL, working_config->kemId, @@ -2621,10 +2623,8 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx) XFREE(ctx->method, heapAtCTXInit, DYNAMIC_TYPE_METHOD); ctx->method = NULL; - if (ctx->suites) { - XFREE(ctx->suites, ctx->heap, DYNAMIC_TYPE_SUITES); - ctx->suites = NULL; - } + XFREE(ctx->suites, ctx->heap, DYNAMIC_TYPE_SUITES); + ctx->suites = NULL; #ifndef NO_DH XFREE(ctx->serverDH_G.buffer, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); @@ -2723,10 +2723,8 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx) XFREE((void*)ctx->alpn_cli_protos, ctx->heap, DYNAMIC_TYPE_OPENSSL); ctx->alpn_cli_protos = NULL; } - if (ctx->param) { - XFREE(ctx->param, heapAtCTXInit, DYNAMIC_TYPE_OPENSSL); - ctx->param = NULL; - } + XFREE(ctx->param, heapAtCTXInit, DYNAMIC_TYPE_OPENSSL); + ctx->param = NULL; if (ctx->x509_store.param) { XFREE(ctx->x509_store.param, heapAtCTXInit, DYNAMIC_TYPE_OPENSSL); @@ -2774,6 +2772,7 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx) #ifdef WOLFSSL_STATIC_MEMORY static void SSL_CtxResourceFreeStaticMem(void* heap) { +#ifndef SINGLE_THREADED if (heap != NULL #ifdef WOLFSSL_HEAP_TEST /* avoid dereferencing a test value */ @@ -2784,6 +2783,9 @@ static void SSL_CtxResourceFreeStaticMem(void* heap) WOLFSSL_HEAP* mem = hint->memory; wc_FreeMutex(&mem->memory_mutex); } +#else + (void)heap; +#endif } #endif /* WOLFSSL_STATIC_MEMORY */ @@ -2883,100 +2885,92 @@ void InitCiphers(WOLFSSL* ssl) } - -/* Free ciphers */ -void FreeCiphers(WOLFSSL* ssl) +static void FreeCiphersSide(Ciphers *cipher, void* heap) { - (void)ssl; #ifdef BUILD_ARC4 - wc_Arc4Free(ssl->encrypt.arc4); - wc_Arc4Free(ssl->decrypt.arc4); - XFREE(ssl->encrypt.arc4, ssl->heap, DYNAMIC_TYPE_CIPHER); - XFREE(ssl->decrypt.arc4, ssl->heap, DYNAMIC_TYPE_CIPHER); + wc_Arc4Free(cipher->arc4); + XFREE(cipher->arc4, heap, DYNAMIC_TYPE_CIPHER); + cipher->arc4 = NULL; #endif #ifdef BUILD_DES3 - wc_Des3Free(ssl->encrypt.des3); - wc_Des3Free(ssl->decrypt.des3); - XFREE(ssl->encrypt.des3, ssl->heap, DYNAMIC_TYPE_CIPHER); - XFREE(ssl->decrypt.des3, ssl->heap, DYNAMIC_TYPE_CIPHER); + wc_Des3Free(cipher->des3); + XFREE(cipher->des3, heap, DYNAMIC_TYPE_CIPHER); + cipher->des3 = NULL; #endif #if defined(BUILD_AES) || defined(BUILD_AESGCM) || defined(HAVE_ARIA) - /* See: InitKeys() in keys.c on addition of BUILD_AESGCM check (enc->aes, dec->aes) */ - wc_AesFree(ssl->encrypt.aes); - wc_AesFree(ssl->decrypt.aes); - XFREE(ssl->encrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER); - XFREE(ssl->decrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER); + /* See: InitKeys() in keys.c on addition of BUILD_AESGCM check (enc->aes, + * dec->aes) */ + wc_AesFree(cipher->aes); + XFREE(cipher->aes, heap, DYNAMIC_TYPE_CIPHER); + cipher->aes = NULL; #endif #if defined(WOLFSSL_SM4_GCM) || defined(WOLFSSL_SM4_CCM) - wc_Sm4Free(ssl->encrypt.sm4); - wc_Sm4Free(ssl->decrypt.sm4); - XFREE(ssl->encrypt.sm4, ssl->heap, DYNAMIC_TYPE_CIPHER); - XFREE(ssl->decrypt.sm4, ssl->heap, DYNAMIC_TYPE_CIPHER); + wc_Sm4Free(cipher->sm4); + XFREE(cipher->sm4, heap, DYNAMIC_TYPE_CIPHER); + cipher->sm4 = NULL; #endif #if (defined(BUILD_AESGCM) || defined(BUILD_AESCCM) || defined(HAVE_ARIA)) && \ !defined(WOLFSSL_NO_TLS12) - XFREE(ssl->decrypt.additional, ssl->heap, DYNAMIC_TYPE_CIPHER); - XFREE(ssl->encrypt.additional, ssl->heap, DYNAMIC_TYPE_CIPHER); + XFREE(cipher->additional, heap, DYNAMIC_TYPE_CIPHER); + cipher->additional = NULL; #endif #ifdef CIPHER_NONCE - XFREE(ssl->decrypt.nonce, ssl->heap, DYNAMIC_TYPE_CIPHER); - XFREE(ssl->encrypt.nonce, ssl->heap, DYNAMIC_TYPE_CIPHER); + XFREE(cipher->nonce, heap, DYNAMIC_TYPE_CIPHER); + cipher->nonce = NULL; #endif #ifdef HAVE_ARIA - wc_AriaFreeCrypt(ssl->encrypt.aria); - wc_AriaFreeCrypt(ssl->decrypt.aria); - XFREE(ssl->encrypt.aria, ssl->heap, DYNAMIC_TYPE_CIPHER); - XFREE(ssl->decrypt.aria, ssl->heap, DYNAMIC_TYPE_CIPHER); + wc_AriaFreeCrypt(cipher->aria); + XFREE(cipher->aria, heap, DYNAMIC_TYPE_CIPHER); + cipher->aria = NULL; #endif #ifdef HAVE_CAMELLIA - XFREE(ssl->encrypt.cam, ssl->heap, DYNAMIC_TYPE_CIPHER); - XFREE(ssl->decrypt.cam, ssl->heap, DYNAMIC_TYPE_CIPHER); + XFREE(cipher->cam, heap, DYNAMIC_TYPE_CIPHER); + cipher->cam = NULL; #endif #ifdef HAVE_CHACHA - if (ssl->encrypt.chacha) - ForceZero(ssl->encrypt.chacha, sizeof(ChaCha)); - if (ssl->decrypt.chacha) - ForceZero(ssl->decrypt.chacha, sizeof(ChaCha)); - XFREE(ssl->encrypt.chacha, ssl->heap, DYNAMIC_TYPE_CIPHER); - XFREE(ssl->decrypt.chacha, ssl->heap, DYNAMIC_TYPE_CIPHER); + if (cipher->chacha) + ForceZero(cipher->chacha, sizeof(ChaCha)); + XFREE(cipher->chacha, heap, DYNAMIC_TYPE_CIPHER); + cipher->chacha = NULL; #endif +#if defined(WOLFSSL_TLS13) && defined(HAVE_NULL_CIPHER) + wc_HmacFree(cipher->hmac); + XFREE(cipher->hmac, heap, DYNAMIC_TYPE_CIPHER); + cipher->hmac = NULL; +#endif +} + +/* Free ciphers */ +void FreeCiphers(WOLFSSL* ssl) +{ + FreeCiphersSide(&ssl->encrypt, ssl->heap); + FreeCiphersSide(&ssl->decrypt, ssl->heap); + #if defined(HAVE_POLY1305) && defined(HAVE_ONE_TIME_AUTH) if (ssl->auth.poly1305) ForceZero(ssl->auth.poly1305, sizeof(Poly1305)); XFREE(ssl->auth.poly1305, ssl->heap, DYNAMIC_TYPE_CIPHER); -#endif -#if defined(WOLFSSL_TLS13) && defined(HAVE_NULL_CIPHER) - wc_HmacFree(ssl->encrypt.hmac); - wc_HmacFree(ssl->decrypt.hmac); - XFREE(ssl->encrypt.hmac, ssl->heap, DYNAMIC_TYPE_CIPHER); - XFREE(ssl->decrypt.hmac, ssl->heap, DYNAMIC_TYPE_CIPHER); + ssl->auth.poly1305 = NULL; #endif #ifdef WOLFSSL_DTLS13 #ifdef BUILD_AES - if (ssl->dtlsRecordNumberEncrypt.aes != NULL) { - wc_AesFree(ssl->dtlsRecordNumberEncrypt.aes); - XFREE(ssl->dtlsRecordNumberEncrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER); - ssl->dtlsRecordNumberEncrypt.aes = NULL; - } - if (ssl->dtlsRecordNumberDecrypt.aes != NULL) { - wc_AesFree(ssl->dtlsRecordNumberDecrypt.aes); - XFREE(ssl->dtlsRecordNumberDecrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER); - ssl->dtlsRecordNumberDecrypt.aes = NULL; - } + wc_AesFree(ssl->dtlsRecordNumberEncrypt.aes); + wc_AesFree(ssl->dtlsRecordNumberDecrypt.aes); + XFREE(ssl->dtlsRecordNumberEncrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER); + XFREE(ssl->dtlsRecordNumberDecrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER); + ssl->dtlsRecordNumberEncrypt.aes = NULL; + ssl->dtlsRecordNumberDecrypt.aes = NULL; #endif /* BUILD_AES */ #ifdef HAVE_CHACHA - XFREE(ssl->dtlsRecordNumberEncrypt.chacha, - ssl->heap, DYNAMIC_TYPE_CIPHER); - XFREE(ssl->dtlsRecordNumberDecrypt.chacha, - ssl->heap, DYNAMIC_TYPE_CIPHER); + XFREE(ssl->dtlsRecordNumberEncrypt.chacha, ssl->heap, DYNAMIC_TYPE_CIPHER); + XFREE(ssl->dtlsRecordNumberDecrypt.chacha, ssl->heap, DYNAMIC_TYPE_CIPHER); ssl->dtlsRecordNumberEncrypt.chacha = NULL; ssl->dtlsRecordNumberDecrypt.chacha = NULL; #endif /* HAVE_CHACHA */ #endif /* WOLFSSL_DTLS13 */ } - void InitCipherSpecs(CipherSpecs* cs) { XMEMSET(cs, 0, sizeof(CipherSpecs)); @@ -3268,9 +3262,13 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, int haveRSAsig = 1; #ifdef WOLFSSL_DTLS - /* If DTLS v1.2 or later than set tls1_2 flag */ - if (pv.major == DTLS_MAJOR && pv.minor <= DTLSv1_2_MINOR) { - tls1_2 = 1; + if (pv.major == DTLS_MAJOR) { + dtls = 1; + tls = 1; + /* May be dead assignments dependent upon configuration */ + (void) dtls; + (void) tls; + tls1_2 = pv.minor <= DTLSv1_2_MINOR; } #endif @@ -3381,17 +3379,6 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA, haveRSAsig = 0; /* can't have RSA sig if don't have RSA */ #endif -#ifdef WOLFSSL_DTLS - if (pv.major == DTLS_MAJOR) { - dtls = 1; - tls = 1; - /* May be dead assignments dependent upon configuration */ - (void) dtls; - (void) tls; - tls1_2 = pv.minor <= DTLSv1_2_MINOR; - } -#endif - #ifdef HAVE_RENEGOTIATION_INDICATION if (side == WOLFSSL_CLIENT_END) { suites->suites[idx++] = CIPHER_BYTE; @@ -4568,23 +4555,17 @@ void FreeX509(WOLFSSL_X509* x509) x509->authKeyId = NULL; XFREE(x509->subjKeyId, x509->heap, DYNAMIC_TYPE_X509_EXT); x509->subjKeyId = NULL; - if (x509->authInfo != NULL) { - XFREE(x509->authInfo, x509->heap, DYNAMIC_TYPE_X509_EXT); - x509->authInfo = NULL; - } - if (x509->rawCRLInfo != NULL) { - XFREE(x509->rawCRLInfo, x509->heap, DYNAMIC_TYPE_X509_EXT); - x509->rawCRLInfo = NULL; - } - if (x509->CRLInfo != NULL) { - XFREE(x509->CRLInfo, x509->heap, DYNAMIC_TYPE_X509_EXT); - x509->CRLInfo = NULL; - } + wolfSSL_ASN1_STRING_free(x509->subjKeyIdStr); + x509->subjKeyIdStr = NULL; + XFREE(x509->authInfo, x509->heap, DYNAMIC_TYPE_X509_EXT); + x509->authInfo = NULL; + XFREE(x509->rawCRLInfo, x509->heap, DYNAMIC_TYPE_X509_EXT); + x509->rawCRLInfo = NULL; + XFREE(x509->CRLInfo, x509->heap, DYNAMIC_TYPE_X509_EXT); + x509->CRLInfo = NULL; #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \ defined(WOLFSSL_QT) - if (x509->authInfoCaIssuer != NULL) { - XFREE(x509->authInfoCaIssuer, x509->heap, DYNAMIC_TYPE_X509_EXT); - } + XFREE(x509->authInfoCaIssuer, x509->heap, DYNAMIC_TYPE_X509_EXT); if (x509->ext_sk != NULL) { wolfSSL_sk_X509_EXTENSION_pop_free(x509->ext_sk, NULL); } @@ -4639,11 +4620,16 @@ void FreeX509(WOLFSSL_X509* x509) x509->altNames = NULL; } -#ifdef WOLFSSL_DUAL_ALG_CERTS + #ifdef WOLFSSL_DUAL_ALG_CERTS XFREE(x509->sapkiDer, x509->heap, DYNAMIC_TYPE_X509_EXT); + x509->sapkiDer = NULL; XFREE(x509->altSigAlgDer, x509->heap, DYNAMIC_TYPE_X509_EXT); - XFREE(x509->altSigValDer, x509->heap, DYNAMIC_TYPE_X509_EXT); -#endif /* WOLFSSL_DUAL_ALG_CERTS */ + x509->altSigAlgDer = NULL; + if (x509->altSigValDer) { + XFREE(x509->altSigValDer, x509->heap, DYNAMIC_TYPE_X509_EXT); + x509->altSigValDer= NULL; + } + #endif /* WOLFSSL_DUAL_ALG_CERTS */ #if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) wolfSSL_RefFree(&x509->ref); @@ -4758,8 +4744,7 @@ static void SetDigest(WOLFSSL* ssl, int hashAlgo) #endif /* !NO_WOLFSSL_SERVER || !NO_WOLFSSL_CLIENT */ #endif /* !NO_CERTS */ -#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) -static word32 MacSize(const WOLFSSL* ssl) +word32 MacSize(const WOLFSSL* ssl) { #ifdef HAVE_TRUNCATED_HMAC word32 digestSz = ssl->truncated_hmac ? (byte)TRUNCATED_HMAC_SZ @@ -4770,7 +4755,6 @@ static word32 MacSize(const WOLFSSL* ssl) return digestSz; } -#endif /* HAVE_ENCRYPT_THEN_MAC && !WOLFSSL_AEAD_ONLY */ #ifndef NO_RSA #if !defined(WOLFSSL_NO_TLS12) || \ @@ -6804,19 +6788,67 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) #endif /* HAVE_RPK */ #ifndef NO_CERTS +#ifdef WOLFSSL_COPY_CERT + /* If WOLFSSL_COPY_CERT is defined, always copy the cert */ + if (ctx->certificate != NULL) { + ret = AllocCopyDer(&ssl->buffers.certificate, ctx->certificate->buffer, + ctx->certificate->length, ctx->certificate->type, + ctx->certificate->heap); + if (ret != 0) { + return ret; + } + + ssl->buffers.weOwnCert = 1; + ret = WOLFSSL_SUCCESS; + } + if (ctx->certChain != NULL) { + ret = AllocCopyDer(&ssl->buffers.certChain, ctx->certChain->buffer, + ctx->certChain->length, ctx->certChain->type, + ctx->certChain->heap); + if (ret != 0) { + return ret; + } + + ssl->buffers.weOwnCertChain = 1; + ret = WOLFSSL_SUCCESS; + } +#else /* ctx still owns certificate, certChain, key, dh, and cm */ ssl->buffers.certificate = ctx->certificate; ssl->buffers.certChain = ctx->certChain; +#endif #ifdef WOLFSSL_TLS13 ssl->buffers.certChainCnt = ctx->certChainCnt; #endif #ifndef WOLFSSL_BLIND_PRIVATE_KEY +#ifdef WOLFSSL_COPY_KEY + if (ctx->privateKey != NULL) { + if (ssl->buffers.key != NULL) { + FreeDer(&ssl->buffers.key); + } + ret = AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer, + ctx->privateKey->length, ctx->privateKey->type, + ctx->privateKey->heap); + if (ret != 0) { + return ret; + } + ssl->buffers.weOwnKey = 1; + ret = WOLFSSL_SUCCESS; + } + else { + ssl->buffers.key = ctx->privateKey; + } +#else ssl->buffers.key = ctx->privateKey; +#endif #else if (ctx->privateKey != NULL) { - AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer, + ret = AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer, ctx->privateKey->length, ctx->privateKey->type, ctx->privateKey->heap); + if (ret != 0) { + return ret; + } ssl->buffers.weOwnKey = 1; /* Blind the private key for the SSL with new random mask. */ wolfssl_priv_der_unblind(ssl->buffers.key, ctx->privateKeyMask); @@ -6837,9 +6869,12 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) ssl->buffers.altKey = ctx->altPrivateKey; #else if (ctx->altPrivateKey != NULL) { - AllocCopyDer(&ssl->buffers.altkey, ctx->altPrivateKey->buffer, + ret = AllocCopyDer(&ssl->buffers.altkey, ctx->altPrivateKey->buffer, ctx->altPrivateKey->length, ctx->altPrivateKey->type, ctx->altPrivateKey->heap); + if (ret != 0) { + return ret; + } /* Blind the private key for the SSL with new random mask. */ wolfssl_priv_der_unblind(ssl->buffers.altKey, ctx->altPrivateKeyMask); ret = wolfssl_priv_der_blind(ssl->rng, ssl->buffers.altKey, @@ -6847,6 +6882,7 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) if (ret != 0) { return ret; } + ret = WOLFSSL_SUCCESS; } #endif ssl->buffers.altKeyType = ctx->altPrivateKeyType; @@ -6893,7 +6929,7 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) } } /* writeDup check */ - if (ctx->mask != 0 && wolfSSL_set_options(ssl, ctx->mask) == 0) { + if (ctx->mask != 0 && wolfSSL_set_options(ssl, (long)ctx->mask) == 0) { WOLFSSL_MSG("wolfSSL_set_options error"); return BAD_FUNC_ARG; } @@ -6916,12 +6952,12 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) #endif #if defined(OPENSSL_EXTRA) && !defined(NO_BIO) /* Don't change recv callback if currently using BIO's */ - if (ssl->CBIORecv != BioReceive) + if (ssl->CBIORecv != SslBioReceive) #endif ssl->CBIORecv = ctx->CBIORecv; #if defined(OPENSSL_EXTRA) && !defined(NO_BIO) /* Don't change send callback if currently using BIO's */ - if (ssl->CBIOSend != BioSend) + if (ssl->CBIOSend != SslBioSend) #endif ssl->CBIOSend = ctx->CBIOSend; ssl->verifyDepth = ctx->verifyDepth; @@ -7235,6 +7271,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) ssl_hint->memory = ctx_hint->memory; #ifndef WOLFSSL_STATIC_MEMORY_LEAN + #ifndef SINGLE_THREADED /* lock and check IO count / handshake count */ if (wc_LockMutex(&(ctx_hint->memory->memory_mutex)) != 0) { WOLFSSL_MSG("Bad memory_mutex lock"); @@ -7243,10 +7280,13 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) WOLFSSL_ERROR_VERBOSE(BAD_MUTEX_E); return BAD_MUTEX_E; } + #endif if (ctx_hint->memory->maxHa > 0 && ctx_hint->memory->maxHa <= ctx_hint->memory->curHa) { WOLFSSL_MSG("At max number of handshakes for static memory"); + #ifndef SINGLE_THREADED wc_UnLockMutex(&(ctx_hint->memory->memory_mutex)); + #endif XFREE(ssl->heap, ctx->heap, DYNAMIC_TYPE_SSL); ssl->heap = NULL; /* free and set to NULL for IO counter */ return MEMORY_E; @@ -7255,7 +7295,9 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) if (ctx_hint->memory->maxIO > 0 && ctx_hint->memory->maxIO <= ctx_hint->memory->curIO) { WOLFSSL_MSG("At max number of IO allowed for static memory"); + #ifndef SINGLE_THREADED wc_UnLockMutex(&(ctx_hint->memory->memory_mutex)); + #endif XFREE(ssl->heap, ctx->heap, DYNAMIC_TYPE_SSL); ssl->heap = NULL; /* free and set to NULL for IO counter */ return MEMORY_E; @@ -7263,7 +7305,9 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) ctx_hint->memory->curIO++; ctx_hint->memory->curHa++; ssl_hint->haFlag = 1; + #ifndef SINGLE_THREADED wc_UnLockMutex(&(ctx_hint->memory->memory_mutex)); + #endif /* check if tracking stats */ if (ctx_hint->memory->flag & WOLFMEM_TRACK_STATS) { @@ -7277,25 +7321,35 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) /* check if using fixed IO buffers */ if (ctx_hint->memory->flag & WOLFMEM_IO_POOL_FIXED) { + #ifndef SINGLE_THREADED if (wc_LockMutex(&(ctx_hint->memory->memory_mutex)) != 0) { WOLFSSL_MSG("Bad memory_mutex lock"); WOLFSSL_ERROR_VERBOSE(BAD_MUTEX_E); return BAD_MUTEX_E; } + #endif if (SetFixedIO(ctx_hint->memory, &(ssl_hint->inBuf)) != 1) { + #ifndef SINGLE_THREADED wc_UnLockMutex(&(ctx_hint->memory->memory_mutex)); + #endif return MEMORY_E; } if (SetFixedIO(ctx_hint->memory, &(ssl_hint->outBuf)) != 1) { + #ifndef SINGLE_THREADED wc_UnLockMutex(&(ctx_hint->memory->memory_mutex)); + #endif return MEMORY_E; } if (ssl_hint->outBuf == NULL || ssl_hint->inBuf == NULL) { WOLFSSL_MSG("Not enough memory to create fixed IO buffers"); + #ifndef SINGLE_THREADED wc_UnLockMutex(&(ctx_hint->memory->memory_mutex)); + #endif return MEMORY_E; } + #ifndef SINGLE_THREADED wc_UnLockMutex(&(ctx_hint->memory->memory_mutex)); + #endif } #endif /* !WOLFSSL_STATIC_MEMORY_LEAN */ #ifdef WOLFSSL_HEAP_TEST @@ -7315,6 +7369,15 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) ssl->buffers.outputBuffer.buffer = ssl->buffers.outputBuffer.staticBuffer; ssl->buffers.outputBuffer.bufferSize = STATIC_BUFFER_LEN; +#ifdef WOLFSSL_THREADED_CRYPT + { + int i; + for (i = 0; i < WOLFSSL_THREADED_CRYPT_CNT; i++) { + ssl->buffers.encrypt[i].avail = 1; + } + } +#endif + #ifdef KEEP_PEER_CERT InitX509(&ssl->peerCert, 0, ssl->heap); #endif @@ -7469,6 +7532,9 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) ssl->options.disallowEncThenMac = ctx->disallowEncThenMac; #endif +#if defined(WOLFSSL_TLS13) && defined(HAVE_ECH) + ssl->options.disableECH = ctx->disableECH; +#endif /* default alert state (none) */ ssl->alert_history.last_rx.code = -1; @@ -7532,7 +7598,7 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) /* requires valid arrays and suites unless writeDup ing */ if ((ret = SetSSL_CTX(ssl, ctx, writeDup)) != WOLFSSL_SUCCESS #ifdef WOLFSSL_NO_INIT_CTX_KEY - && ret != NO_PRIVATE_KEY + && ret != WC_NO_ERR_TRACE(NO_PRIVATE_KEY) #endif ) { WOLFSSL_MSG_EX("SetSSL_CTX failed. err = %d", ret); @@ -7649,6 +7715,13 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) ssl->dtls13DecryptEpoch = &ssl->dtls13Epochs[0]; ssl->options.dtls13SendMoreAcks = WOLFSSL_DTLS13_SEND_MOREACK_DEFAULT; ssl->dtls13Rtx.rtxRecordTailPtr = &ssl->dtls13Rtx.rtxRecords; + +#ifdef WOLFSSL_RW_THREADED + ret = wc_InitMutex(&ssl->dtls13Rtx.mutex); + if (ret < 0) { + return ret; + } +#endif #endif /* WOLFSSL_DTLS13 */ #ifdef WOLFSSL_QUIC @@ -7676,6 +7749,11 @@ int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) ssl->sigSpec = ctx->sigSpec; ssl->sigSpecSz = ctx->sigSpecSz; #endif /* WOLFSSL_DUAL_ALG_CERTS */ +#ifdef HAVE_OCSP +#if defined(WOLFSSL_TLS13) && defined(HAVE_CERTIFICATE_STATUS_REQUEST) + ssl->response_idx = 0; +#endif +#endif /* Returns 0 on success, not WOLFSSL_SUCCESS (1) */ WOLFSSL_MSG_EX("InitSSL done. return 0 (success)"); return 0; @@ -7774,7 +7852,7 @@ void FreeKey(WOLFSSL* ssl, int type, void** pKey) int AllocKey(WOLFSSL* ssl, int type, void** pKey) { int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG); - int sz = 0; + size_t sz = 0; #ifdef HAVE_ECC ecc_key* eccKey; #endif /* HAVE_ECC */ @@ -8056,7 +8134,7 @@ void FreeKeyExchange(WOLFSSL* ssl) } /* Free handshake key */ - FreeKey(ssl, ssl->hsType, &ssl->hsKey); + FreeKey(ssl, (int)ssl->hsType, &ssl->hsKey); #ifdef WOLFSSL_DUAL_ALG_CERTS FreeKey(ssl, ssl->hsAltType, &ssl->hsAltKey); #endif /* WOLFSSL_DUAL_ALG_CERTS */ @@ -8174,6 +8252,25 @@ void SSL_ResourceFree(WOLFSSL* ssl) ShrinkInputBuffer(ssl, FORCED_FREE); if (ssl->buffers.outputBuffer.dynamicFlag) ShrinkOutputBuffer(ssl); +#ifdef WOLFSSL_THREADED_CRYPT + { + int i; + for (i = 0; i < WOLFSSL_THREADED_CRYPT_CNT; i++) { + bufferStatic* buff = &ssl->buffers.encrypt[i].buffer; + + ssl->buffers.encrypt[i].stop = 1; + FreeCiphersSide(&ssl->buffers.encrypt[i].encrypt, ssl->heap); + if (buff->dynamicFlag) { + XFREE(buff->buffer - buff->offset, ssl->heap, + DYNAMIC_TYPE_OUT_BUFFER); + buff->buffer = buff->staticBuffer; + buff->bufferSize = STATIC_BUFFER_LEN; + buff->offset = 0; + buff->dynamicFlag = 0; + } + } + } +#endif #if defined(WOLFSSL_SEND_HRR_COOKIE) && !defined(NO_WOLFSSL_SERVER) if (ssl->buffers.tls13CookieSecret.buffer != NULL) { ForceZero(ssl->buffers.tls13CookieSecret.buffer, @@ -8342,9 +8439,7 @@ void SSL_ResourceFree(WOLFSSL* ssl) } #endif #ifdef OPENSSL_EXTRA - if (ssl->param) { - XFREE(ssl->param, ssl->heap, DYNAMIC_TYPE_OPENSSL); - } + XFREE(ssl->param, ssl->heap, DYNAMIC_TYPE_OPENSSL); #endif #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) while (ssl->certReqCtx != NULL) { @@ -8428,6 +8523,10 @@ void SSL_ResourceFree(WOLFSSL* ssl) #endif #ifdef WOLFSSL_DTLS13 Dtls13FreeFsmResources(ssl); + +#ifdef WOLFSSL_RW_THREADED + wc_FreeMutex(&ssl->dtls13Rtx.mutex); +#endif #endif /* WOLFSSL_DTLS13 */ #ifdef WOLFSSL_QUIC wolfSSL_quic_free(ssl); @@ -8887,8 +8986,7 @@ void DtlsMsgDelete(DtlsMsg* item, void* heap) DtlsMsgDestroyFragBucket(item->fragBucketList, heap); item->fragBucketList = next; } - if (item->raw != NULL) - XFREE(item->raw, heap, DYNAMIC_TYPE_DTLS_FRAG); + XFREE(item->raw, heap, DYNAMIC_TYPE_DTLS_FRAG); XFREE(item, heap, DYNAMIC_TYPE_DTLS_MSG); } } @@ -9892,7 +9990,7 @@ ProtocolVersion MakeDTLSv1_3(void) word32 LowResTimer(void) { int64_t t; - #if defined(CONFIG_ARCH_POSIX) + #if defined(CONFIG_ARCH_POSIX) && !defined(CONFIG_BOARD_NATIVE_POSIX) k_cpu_idle(); #endif t = k_uptime_get(); /* returns current uptime in milliseconds */ @@ -10083,6 +10181,13 @@ int HashOutput(WOLFSSL* ssl, const byte* output, int sz, int ivSz) sz -= dtls_record_extra; #endif /* WOLFSSL_DTLS13 */ } else { +#ifdef WOLFSSL_DTLS_CID + byte cidSz = DtlsGetCidTxSize(ssl); + if (IsEncryptionOn(ssl, 1) && cidSz > 0) { + adj += cidSz; + sz -= cidSz + 1; /* +1 to not hash the real content type */ + } +#endif adj += DTLS_RECORD_EXTRA; sz -= DTLS_RECORD_EXTRA; } @@ -10123,7 +10228,8 @@ int HashInput(WOLFSSL* ssl, const byte* input, int sz) /* add record layer header for message */ -static void AddRecordHeader(byte* output, word32 length, byte type, WOLFSSL* ssl, int epochOrder) +static void AddRecordHeader(byte* output, word32 length, byte type, + WOLFSSL* ssl, int epochOrder) { RecordLayerHeader* rl; @@ -10162,12 +10268,18 @@ static void AddRecordHeader(byte* output, word32 length, byte type, WOLFSSL* ssl } else { #ifdef WOLFSSL_DTLS - DtlsRecordLayerHeader* dtls; - /* dtls record layer header extensions */ - dtls = (DtlsRecordLayerHeader*)output; + DtlsRecordLayerHeader* dtls = (DtlsRecordLayerHeader*)output; +#ifdef WOLFSSL_DTLS_CID + byte cidSz = 0; + if (type == dtls12_cid && (cidSz = DtlsGetCidTxSize(ssl)) > 0) { + wolfSSL_dtls_cid_get_tx(ssl, output + DTLS12_CID_OFFSET, cidSz); + c16toa((word16)length, output + DTLS12_CID_OFFSET + cidSz); + } + else +#endif + c16toa((word16)length, dtls->length); WriteSEQ(ssl, epochOrder, dtls->sequence_number); - c16toa((word16)length, dtls->length); #endif } } @@ -10269,6 +10381,8 @@ static int SendHandshakeMsg(WOLFSSL* ssl, byte* input, word32 inputSz, int maxFrag; int ret = 0; int headerSz; + int rHdrSz = 0; /* record header size */ + int hsHdrSz = 0; /* handshake header size */ WOLFSSL_ENTER("SendHandshakeMsg"); (void)type; @@ -10277,8 +10391,10 @@ static int SendHandshakeMsg(WOLFSSL* ssl, byte* input, word32 inputSz, if (ssl == NULL || input == NULL) return BAD_FUNC_ARG; #ifdef WOLFSSL_DTLS - if (ssl->options.dtls) - headerSz = DTLS_RECORD_HEADER_SZ + DTLS_HANDSHAKE_HEADER_SZ; + if (ssl->options.dtls) { + rHdrSz = DTLS_RECORD_HEADER_SZ; + hsHdrSz = DTLS_HANDSHAKE_HEADER_SZ; + } else #endif { @@ -10286,7 +10402,7 @@ static int SendHandshakeMsg(WOLFSSL* ssl, byte* input, word32 inputSz, * per fragment like in DTLS. The handshake header should * already be in the input buffer. */ inputSz += HANDSHAKE_HEADER_SZ; - headerSz = RECORD_HEADER_SZ; + rHdrSz = RECORD_HEADER_SZ; } maxFrag = wolfSSL_GetMaxFragSize(ssl, (int)inputSz); @@ -10301,7 +10417,7 @@ static int SendHandshakeMsg(WOLFSSL* ssl, byte* input, word32 inputSz, if (!ssl->options.buildingMsg) { /* Hash it before the loop as we modify the input with * encryption on */ - ret = HashOutput(ssl, input, headerSz + (int)inputSz, 0); + ret = HashRaw(ssl, input + rHdrSz, inputSz + hsHdrSz); if (ret != 0) return ret; #ifdef WOLFSSL_DTLS @@ -10311,6 +10427,7 @@ static int SendHandshakeMsg(WOLFSSL* ssl, byte* input, word32 inputSz, ssl->keys.dtls_handshake_number--; #endif } + headerSz = rHdrSz + hsHdrSz; while (ssl->fragOffset < inputSz) { byte* output; int outputSz; @@ -10323,7 +10440,7 @@ static int SendHandshakeMsg(WOLFSSL* ssl, byte* input, word32 inputSz, fragSz = inputSz - ssl->fragOffset; /* check for available size */ - outputSz = headerSz + fragSz; + outputSz = headerSz + (int)fragSz; if (IsEncryptionOn(ssl, 1)) outputSz += cipherExtraData(ssl); if ((ret = CheckAvailableSize(ssl, outputSz)) != 0) @@ -10381,7 +10498,7 @@ static int SendHandshakeMsg(WOLFSSL* ssl, byte* input, word32 inputSz, } #endif } - ssl->buffers.outputBuffer.length += outputSz; + ssl->buffers.outputBuffer.length += (word32)outputSz; #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA) if (ssl->hsInfoOn) { AddPacketName(ssl, packetName); @@ -10431,14 +10548,14 @@ static int wolfSSLReceive(WOLFSSL* ssl, byte* buf, word32 sz) if (ssl->CBIORecv == NULL) { WOLFSSL_MSG("Your IO Recv callback is null, please set"); - return -1; + return WOLFSSL_FATAL_ERROR; } retry: recvd = ssl->CBIORecv(ssl, (char *)buf, (int)sz, ssl->IOCB_ReadCtx); if (recvd < 0) { switch (recvd) { - case WOLFSSL_CBIO_ERR_GENERAL: /* general/unknown error */ + case WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_GENERAL): #ifdef WOLFSSL_APACHE_HTTPD #ifndef NO_BIO if (ssl->biord) { @@ -10450,26 +10567,26 @@ static int wolfSSLReceive(WOLFSSL* ssl, byte* buf, word32 sz) } #endif #endif - return -1; + return WOLFSSL_FATAL_ERROR; - case WOLFSSL_CBIO_ERR_WANT_READ: /* want read, would block */ + case WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_WANT_READ): if (retryLimit > 0 && ssl->ctx->autoRetry && !ssl->options.handShakeDone && !ssl->options.dtls) { retryLimit--; goto retry; } - return WANT_READ; + return WC_NO_ERR_TRACE(WANT_READ); - case WOLFSSL_CBIO_ERR_CONN_RST: /* connection reset */ + case WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_CONN_RST): #ifdef USE_WINDOWS_API if (ssl->options.dtls) { goto retry; } #endif ssl->options.connReset = 1; - return -1; + return WOLFSSL_FATAL_ERROR; - case WOLFSSL_CBIO_ERR_ISR: /* interrupt */ + case WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_ISR): /* interrupt */ /* see if we got our timeout */ #ifdef WOLFSSL_CALLBACKS if (ssl->toInfoOn) { @@ -10489,11 +10606,11 @@ static int wolfSSLReceive(WOLFSSL* ssl, byte* buf, word32 sz) #endif goto retry; - case WOLFSSL_CBIO_ERR_CONN_CLOSE: /* peer closed connection */ + case WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_CONN_CLOSE): ssl->options.isClosed = 1; - return -1; + return WOLFSSL_FATAL_ERROR; - case WOLFSSL_CBIO_ERR_TIMEOUT: + case WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_TIMEOUT): #ifdef WOLFSSL_DTLS #ifdef WOLFSSL_DTLS13 if (ssl->options.dtls && IsAtLeastTLSv1_3(ssl->version)) { @@ -10501,7 +10618,7 @@ static int wolfSSLReceive(WOLFSSL* ssl, byte* buf, word32 sz) if (Dtls13RtxTimeout(ssl) < 0) { WOLFSSL_MSG( "Error trying to retransmit DTLS buffered message"); - return -1; + return WOLFSSL_FATAL_ERROR; } goto retry; } @@ -10516,7 +10633,7 @@ static int wolfSSLReceive(WOLFSSL* ssl, byte* buf, word32 sz) goto retry; } #endif - return -1; + return WOLFSSL_FATAL_ERROR; default: WOLFSSL_MSG("Unexpected recv return code"); @@ -10549,8 +10666,8 @@ void ShrinkOutputBuffer(WOLFSSL* ssl) * calls ShrinkInputBuffer itself when it is safe to do so. Don't overuse it. */ void ShrinkInputBuffer(WOLFSSL* ssl, int forcedFree) { - int usedLength = ssl->buffers.inputBuffer.length - - ssl->buffers.inputBuffer.idx; + int usedLength = (int)(ssl->buffers.inputBuffer.length - + ssl->buffers.inputBuffer.idx); if (!forcedFree && (usedLength > STATIC_BUFFER_LEN || ssl->buffers.clearOutputBuffer.length > 0)) return; @@ -10609,19 +10726,19 @@ int SendBuffered(WOLFSSL* ssl) if (sent < 0) { switch (sent) { - case WOLFSSL_CBIO_ERR_WANT_WRITE: /* would block */ + case WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_WANT_WRITE): if (retryLimit > 0 && ssl->ctx->autoRetry && !ssl->options.handShakeDone && !ssl->options.dtls) { retryLimit--; goto retry; } - return WANT_WRITE; + return WC_NO_ERR_TRACE(WANT_WRITE); - case WOLFSSL_CBIO_ERR_CONN_RST: /* connection reset */ + case WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_CONN_RST): ssl->options.connReset = 1; break; - case WOLFSSL_CBIO_ERR_ISR: /* interrupt */ + case WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_ISR): /* interrupt */ /* see if we got our timeout */ #ifdef WOLFSSL_CALLBACKS if (ssl->toInfoOn) { @@ -10641,7 +10758,7 @@ int SendBuffered(WOLFSSL* ssl) #endif continue; - case WOLFSSL_CBIO_ERR_CONN_CLOSE: /* epipe / conn closed */ + case WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_CONN_CLOSE): /* epipe */ ssl->options.connReset = 1; /* treat same as reset */ break; @@ -10657,8 +10774,8 @@ int SendBuffered(WOLFSSL* ssl) return SEND_OOB_READ_E; } - ssl->buffers.outputBuffer.idx += sent; - ssl->buffers.outputBuffer.length -= sent; + ssl->buffers.outputBuffer.idx += (word32)sent; + ssl->buffers.outputBuffer.length -= (word32)sent; } ssl->buffers.outputBuffer.idx = 0; @@ -10669,6 +10786,69 @@ int SendBuffered(WOLFSSL* ssl) return 0; } +#ifdef WOLFSSL_THREADED_CRYPT +static WC_INLINE int GrowAnOutputBuffer(WOLFSSL* ssl, + bufferStatic* outputBuffer, int size) +{ + byte* tmp; +#if WOLFSSL_GENERAL_ALIGNMENT > 0 + byte hdrSz = ssl->options.dtls ? DTLS_RECORD_HEADER_SZ : + RECORD_HEADER_SZ; + byte align = WOLFSSL_GENERAL_ALIGNMENT; +#else + const byte align = WOLFSSL_GENERAL_ALIGNMENT; +#endif + +#if WOLFSSL_GENERAL_ALIGNMENT > 0 + /* the encrypted data will be offset from the front of the buffer by + the header, if the user wants encrypted alignment they need + to define their alignment requirement */ + + while (align < hdrSz) + align *= 2; +#endif + + tmp = (byte*)XMALLOC(size + outputBuffer->length + align, + ssl->heap, DYNAMIC_TYPE_OUT_BUFFER); + WOLFSSL_MSG("growing output buffer"); + + if (tmp == NULL) + return MEMORY_E; + +#if WOLFSSL_GENERAL_ALIGNMENT > 0 + if (align) + tmp += align - hdrSz; +#endif + +#ifdef WOLFSSL_STATIC_MEMORY + /* can be from IO memory pool which does not need copy if same buffer */ + if (outputBuffer->length && tmp == outputBuffer->buffer) { + outputBuffer->bufferSize = size + outputBuffer->length; + return 0; + } +#endif + + if (outputBuffer->length) + XMEMCPY(tmp, outputBuffer->buffer, outputBuffer->length); + + if (outputBuffer->dynamicFlag) { + XFREE(outputBuffer->buffer - outputBuffer->offset, ssl->heap, + DYNAMIC_TYPE_OUT_BUFFER); + } + +#if WOLFSSL_GENERAL_ALIGNMENT > 0 + if (align) + outputBuffer->offset = align - hdrSz; + else +#endif + outputBuffer->offset = 0; + + outputBuffer->buffer = tmp; + outputBuffer->dynamicFlag = 1; + outputBuffer->bufferSize = size + outputBuffer->length; + return 0; +} +#endif /* returns the current location in the output buffer to start writing to */ byte* GetOutputBuffer(WOLFSSL* ssl) @@ -10781,7 +10961,7 @@ int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength) return BAD_FUNC_ARG; } - tmp = (byte*)XMALLOC(size + usedLength + align, + tmp = (byte*)XMALLOC((size_t)(size + usedLength + align), ssl->heap, DYNAMIC_TYPE_IN_BUFFER); WOLFSSL_MSG("growing input buffer"); @@ -10825,7 +11005,7 @@ int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength) ssl->buffers.inputBuffer.offset = 0; ssl->buffers.inputBuffer.buffer = tmp; - ssl->buffers.inputBuffer.bufferSize = size + usedLength; + ssl->buffers.inputBuffer.bufferSize = (word32)(size + usedLength); ssl->buffers.inputBuffer.idx = 0; ssl->buffers.inputBuffer.length = (word32)usedLength; @@ -10992,13 +11172,8 @@ int MsgCheckEncryption(WOLFSSL* ssl, byte type, byte encrypted) static WC_INLINE int isLastMsg(const WOLFSSL* ssl, word32 msgSz) { word32 extra = 0; - if (IsEncryptionOn(ssl, 0)) { + if (IsEncryptionOn(ssl, 0)) extra = ssl->keys.padSz; -#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) - if (ssl->options.startedETMRead) - extra += MacSize(ssl); -#endif - } return (ssl->buffers.inputBuffer.idx - ssl->curStartIdx) + msgSz + extra == ssl->curSize; } @@ -11219,6 +11394,11 @@ static int GetDtls13RecordHeader(WOLFSSL* ssl, word32* inOutIdx, if (ret != 0) return ret; + if (ssl->dtls13CurRlLength > sizeof(ssl->dtls13CurRL)) { + WOLFSSL_MSG("Record header too long"); + return SEQUENCE_ERROR; + } + if (readSize < ssl->dtls13CurRlLength + DTLS13_RN_MASK_SIZE) { /* when using DTLS over a medium that does not guarantee that a full * message is received in a single read, we may end up without the full @@ -11271,6 +11451,9 @@ static int GetDtls13RecordHeader(WOLFSSL* ssl, word32* inOutIdx, static int GetDtlsRecordHeader(WOLFSSL* ssl, word32* inOutIdx, RecordLayerHeader* rh, word16* size) { +#ifdef WOLFSSL_DTLS_CID + byte cidSz = 0; +#endif #ifdef HAVE_FUZZER if (ssl->fuzzerCb) @@ -11288,8 +11471,8 @@ static int GetDtlsRecordHeader(WOLFSSL* ssl, word32* inOutIdx, if (ssl->options.tls1_3) { ret = GetDtls13RecordHeader(ssl, inOutIdx, rh, size); if (ret == 0 || - ret != WC_NO_ERR_TRACE(SEQUENCE_ERROR) || - ret != WC_NO_ERR_TRACE(DTLS_CID_ERROR)) + ((ret != WC_NO_ERR_TRACE(SEQUENCE_ERROR)) && + (ret != WC_NO_ERR_TRACE(DTLS_CID_ERROR)))) return ret; } @@ -11324,6 +11507,11 @@ static int GetDtlsRecordHeader(WOLFSSL* ssl, word32* inOutIdx, *inOutIdx += ENUM_LEN + VERSION_SZ; ato16(ssl->buffers.inputBuffer.buffer + *inOutIdx, &ssl->keys.curEpoch); +#ifdef WOLFSSL_DTLS_CID + if (rh->type == dtls12_cid && (cidSz = DtlsGetCidRxSize(ssl)) == 0) + return DTLS_CID_ERROR; +#endif + #ifdef WOLFSSL_DTLS13 /* only non protected message can use the DTLSPlaintext record header */ if (IsAtLeastTLSv1_3(ssl->version)) { @@ -11355,6 +11543,21 @@ static int GetDtlsRecordHeader(WOLFSSL* ssl, word32* inOutIdx, ssl->keys.curSeq = w64From32(ssl->keys.curSeq_hi, ssl->keys.curSeq_lo); #endif /* WOLFSSL_DTLS13 */ +#ifdef WOLFSSL_DTLS_CID + if (rh->type == dtls12_cid) { + byte cid[DTLS_CID_MAX_SIZE]; + if (ssl->buffers.inputBuffer.length - *inOutIdx < + (word32)cidSz + LENGTH_SZ) + return LENGTH_ERROR; + if (cidSz > DTLS_CID_MAX_SIZE || + wolfSSL_dtls_cid_get_rx(ssl, cid, cidSz) != WOLFSSL_SUCCESS) + return DTLS_CID_ERROR; + if (XMEMCMP(ssl->buffers.inputBuffer.buffer + *inOutIdx, + cid, cidSz) != 0) + return DTLS_CID_ERROR; + *inOutIdx += cidSz; + } +#endif ato16(ssl->buffers.inputBuffer.buffer + *inOutIdx, size); *inOutIdx += LENGTH_SZ; @@ -11402,8 +11605,12 @@ static int GetRecordHeader(WOLFSSL* ssl, word32* inOutIdx, /* DTLSv1.3 MUST check window after deprotecting to avoid timing channel (RFC9147 Section 4.5.1) */ if (IsDtlsNotSctpMode(ssl) && !IsAtLeastTLSv1_3(ssl->version)) { + byte needsEnc = rh->type == application_data; /* can't be epoch 0 */ +#ifdef WOLFSSL_DTLS_CID + needsEnc = needsEnc || rh->type == dtls12_cid; +#endif if (!_DtlsCheckWindow(ssl) || - (rh->type == application_data && ssl->keys.curEpoch == 0) || + (needsEnc && ssl->keys.curEpoch == 0) || (rh->type == alert && ssl->options.handShakeDone && ssl->keys.curEpoch == 0 && ssl->keys.dtls_epoch != 0)) { WOLFSSL_LEAVE("GetRecordHeader()", SEQUENCE_ERROR); @@ -11450,7 +11657,7 @@ static int GetRecordHeader(WOLFSSL* ssl, word32* inOutIdx, } #endif /* WOLFSSL_DTLS13 */ /* Don't care about protocol version being lower than expected on alerts - * sent back before version negotitation. */ + * sent back before version negotiation. */ else if (!(ssl->options.side == WOLFSSL_CLIENT_END && ssl->options.connectState == CLIENT_HELLO_SENT && rh->type == alert && @@ -11494,6 +11701,9 @@ static int GetRecordHeader(WOLFSSL* ssl, word32* inOutIdx, case change_cipher_spec: case application_data: case alert: +#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID) + case dtls12_cid: +#endif #ifdef WOLFSSL_DTLS13 case ack: #endif /* WOLFSSL_DTLS13 */ @@ -12393,16 +12603,20 @@ int CipherRequires(byte first, byte second, int requirement) #ifndef NO_CERTS - /* Match names with wildcards, each wildcard can represent a single name component or fragment but not multiple names, i.e., *.z.com matches y.z.com but not x.y.z.com + If flags contains WOLFSSL_LEFT_MOST_WILDCARD_ONLY, wildcard only applies + to left-most name component, compatible with RFC 2830 identity checking. + return 1 on success */ int MatchDomainName(const char* pattern, int patternLen, const char* str, - word32 strLen) + word32 strLen, unsigned int flags) { int ret = 0; + byte wildcardEligible = 1; + byte leftWildcardOnly = flags & WOLFSSL_LEFT_MOST_WILDCARD_ONLY; if (pattern == NULL || str == NULL || patternLen <= 0 || strLen == 0) return 0; @@ -12415,11 +12629,16 @@ int MatchDomainName(const char* pattern, int patternLen, const char* str, pattern++; - if (p == '*') { + if ((p == '*') && wildcardEligible) { char s; /* We will always match '*' */ patternLen--; + /* Only single wildcard allowed with strict left only */ + if (leftWildcardOnly) { + wildcardEligible = 0; + } + /* Consume any extra '*' chars until the next non '*' char. */ while (patternLen > 0) { p = (char)XTOLOWER((unsigned char)*pattern); @@ -12428,6 +12647,10 @@ int MatchDomainName(const char* pattern, int patternLen, const char* str, return 0; if (p != '*') break; + if (leftWildcardOnly && (p == '*')) { + /* RFC2830 only allows single left-most wildcard */ + return 0; + } patternLen--; } @@ -12459,6 +12682,11 @@ int MatchDomainName(const char* pattern, int patternLen, const char* str, } } else { + /* Past left-most wildcard location, not eligible if flag set*/ + if (leftWildcardOnly && wildcardEligible) { + wildcardEligible = 0; + } + /* Simple case, pattern match exactly */ if (p != (char)XTOLOWER((unsigned char) *str)) return 0; @@ -12490,7 +12718,7 @@ int MatchDomainName(const char* pattern, int patternLen, const char* str, * -1 : No matches and wild pattern match failed. */ int CheckForAltNames(DecodedCert* dCert, const char* domain, word32 domainLen, - int* checkCN) + int* checkCN, unsigned int flags) { int match = 0; DNS_entry* altName = NULL; @@ -12509,19 +12737,19 @@ int CheckForAltNames(DecodedCert* dCert, const char* domain, word32 domainLen, while (altName) { WOLFSSL_MSG("\tindividual AltName check"); -#if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) +#ifdef WOLFSSL_IP_ALT_NAME if (altName->type == ASN_IP_TYPE) { buf = altName->ipString; len = (word32)XSTRLEN(buf); } else -#endif /* OPENSSL_ALL || WOLFSSL_IP_ALT_NAME */ +#endif /* WOLFSSL_IP_ALT_NAME */ { buf = altName->name; len = (word32)altName->len; } - if (MatchDomainName(buf, (int)len, domain, domainLen)) { + if (MatchDomainName(buf, (int)len, domain, domainLen, flags)) { match = 1; if (checkCN != NULL) { *checkCN = 0; @@ -12550,13 +12778,14 @@ int CheckForAltNames(DecodedCert* dCert, const char* domain, word32 domainLen, * domainNameLen The length of the domain name. * returns DOMAIN_NAME_MISMATCH when no match found and 0 on success. */ -int CheckHostName(DecodedCert* dCert, const char *domainName, size_t domainNameLen) +int CheckHostName(DecodedCert* dCert, const char *domainName, + size_t domainNameLen, unsigned int flags) { int checkCN; int ret = WC_NO_ERR_TRACE(DOMAIN_NAME_MISMATCH); if (CheckForAltNames(dCert, domainName, (word32)domainNameLen, - &checkCN) != 1) { + &checkCN, flags) != 1) { ret = DOMAIN_NAME_MISMATCH; WOLFSSL_MSG("DomainName match on alt names failed"); } @@ -12567,7 +12796,7 @@ int CheckHostName(DecodedCert* dCert, const char *domainName, size_t domainNameL #ifndef WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY if (checkCN == 1) { if (MatchDomainName(dCert->subjectCN, dCert->subjectCNLen, - domainName, (word32)domainNameLen) == 1) { + domainName, (word32)domainNameLen, flags) == 1) { ret = 0; } else { @@ -12584,7 +12813,7 @@ int CheckIPAddr(DecodedCert* dCert, const char* ipasc) { WOLFSSL_MSG("Checking IPAddr"); - return CheckHostName(dCert, ipasc, (size_t)XSTRLEN(ipasc)); + return CheckHostName(dCert, ipasc, (size_t)XSTRLEN(ipasc), 0); } @@ -12605,40 +12834,9 @@ static void AddSessionCertToChain(WOLFSSL_X509_CHAIN* chain, #endif #if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) || \ - defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) -void CopyDecodedName(WOLFSSL_X509_NAME* name, DecodedCert* dCert, int nameType) -{ - if (name->dynamicName) { - XFREE(name->name, name->heap, DYNAMIC_TYPE_X509); - name->name = name->staticName; - name->dynamicName = 0; - } - - if (nameType == SUBJECT) { - XSTRNCPY(name->name, dCert->subject, ASN_NAME_MAX); - name->name[ASN_NAME_MAX - 1] = '\0'; - name->sz = (int)XSTRLEN(name->name) + 1; -#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY) - name->rawLen = min(dCert->subjectRawLen, ASN_NAME_MAX); - if (name->rawLen > 0) - XMEMCPY(name->raw, dCert->subjectRaw, name->rawLen); -#endif - } - else { - XSTRNCPY(name->name, dCert->issuer, ASN_NAME_MAX); - name->name[ASN_NAME_MAX - 1] = '\0'; - name->sz = (int)XSTRLEN(name->name) + 1; -#if (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY)) \ - && (defined(HAVE_PKCS7) || defined(WOLFSSL_CERT_EXT)) - name->rawLen = min(dCert->issuerRawLen, ASN_NAME_MAX); - if (name->rawLen > 0) { - XMEMCPY(name->raw, dCert->issuerRaw, name->rawLen); - } -#endif - } -} - -static int CopyAltNames(DNS_entry** to, DNS_entry* from, int type, void* heap) + defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ + defined(WOLFSSL_ACERT) + static int CopyAltNames(DNS_entry** to, DNS_entry* from, int type, void* heap) { /* Copy from to the beginning of to */ DNS_entry** prev_next = to; @@ -12669,6 +12867,44 @@ static int CopyAltNames(DNS_entry** to, DNS_entry* from, int type, void* heap) return 0; } +#endif /* KEEP_PEER_CERT || SESSION_CERTS || + * OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL || + * WOLFSSL_ACERT */ + + +#if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) || \ + defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +void CopyDecodedName(WOLFSSL_X509_NAME* name, DecodedCert* dCert, int nameType) +{ + if (name->dynamicName) { + XFREE(name->name, name->heap, DYNAMIC_TYPE_X509); + name->name = name->staticName; + name->dynamicName = 0; + } + + if (nameType == ASN_SUBJECT) { + XSTRNCPY(name->name, dCert->subject, ASN_NAME_MAX); + name->name[ASN_NAME_MAX - 1] = '\0'; + name->sz = (int)XSTRLEN(name->name) + 1; +#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY) + name->rawLen = min(dCert->subjectRawLen, ASN_NAME_MAX); + if (name->rawLen > 0) + XMEMCPY(name->raw, dCert->subjectRaw, name->rawLen); +#endif + } + else { + XSTRNCPY(name->name, dCert->issuer, ASN_NAME_MAX); + name->name[ASN_NAME_MAX - 1] = '\0'; + name->sz = (int)XSTRLEN(name->name) + 1; +#if (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY)) \ + && (defined(HAVE_PKCS7) || defined(WOLFSSL_CERT_EXT)) + name->rawLen = min(dCert->issuerRawLen, ASN_NAME_MAX); + if (name->rawLen > 0) { + XMEMCPY(name->raw, dCert->issuerRaw, name->rawLen); + } +#endif + } +} #ifdef WOLFSSL_CERT_REQ static int CopyREQAttributes(WOLFSSL_X509* x509, DecodedCert* dCert) @@ -12786,6 +13022,7 @@ static int CopyREQAttributes(WOLFSSL_X509* x509, DecodedCert* dCert) int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) { int ret = 0; + int minSz; if (x509 == NULL || dCert == NULL || dCert->subjectCNLen < 0) @@ -12799,7 +13036,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) x509->version = dCert->version + 1; - CopyDecodedName(&x509->issuer, dCert, ISSUER); + CopyDecodedName(&x509->issuer, dCert, ASN_ISSUER); #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) if (dCert->issuerName != NULL) { wolfSSL_X509_set_issuer_name(x509, @@ -12807,7 +13044,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) x509->issuer.x509 = x509; } #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ - CopyDecodedName(&x509->subject, dCert, SUBJECT); + CopyDecodedName(&x509->subject, dCert, ASN_SUBJECT); #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) if (dCert->subjectName != NULL) { wolfSSL_X509_set_subject_name(x509, @@ -12835,49 +13072,45 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) #endif /* WOLFSSL_CERT_REQ */ #ifdef WOLFSSL_SEP - { - int minSz = min(dCert->deviceTypeSz, EXTERNAL_SERIAL_SIZE); - if (minSz > 0) { - x509->deviceTypeSz = minSz; - XMEMCPY(x509->deviceType, dCert->deviceType, minSz); - } - else - x509->deviceTypeSz = 0; - minSz = min(dCert->hwTypeSz, EXTERNAL_SERIAL_SIZE); - if (minSz > 0) { - x509->hwTypeSz = minSz; - XMEMCPY(x509->hwType, dCert->hwType, minSz); - } - else - x509->hwTypeSz = 0; - minSz = min(dCert->hwSerialNumSz, EXTERNAL_SERIAL_SIZE); - if (minSz > 0) { - x509->hwSerialNumSz = minSz; - XMEMCPY(x509->hwSerialNum, dCert->hwSerialNum, minSz); - } - else - x509->hwSerialNumSz = 0; + minSz = min(dCert->deviceTypeSz, EXTERNAL_SERIAL_SIZE); + if (minSz > 0) { + x509->deviceTypeSz = minSz; + XMEMCPY(x509->deviceType, dCert->deviceType, minSz); } + else + x509->deviceTypeSz = 0; + minSz = min(dCert->hwTypeSz, EXTERNAL_SERIAL_SIZE); + if (minSz > 0) { + x509->hwTypeSz = minSz; + XMEMCPY(x509->hwType, dCert->hwType, minSz); + } + else + x509->hwTypeSz = 0; + minSz = min(dCert->hwSerialNumSz, EXTERNAL_SERIAL_SIZE); + if (minSz > 0) { + x509->hwSerialNumSz = minSz; + XMEMCPY(x509->hwSerialNum, dCert->hwSerialNum, minSz); + } + else + x509->hwSerialNumSz = 0; #endif /* WOLFSSL_SEP */ - { - int minSz; - if (dCert->beforeDateLen > 0) { - minSz = (int)min(dCert->beforeDate[1], MAX_DATE_SZ); - x509->notBefore.type = dCert->beforeDate[0]; - x509->notBefore.length = minSz; - XMEMCPY(x509->notBefore.data, &dCert->beforeDate[2], minSz); - } - else - x509->notBefore.length = 0; - if (dCert->afterDateLen > 0) { - minSz = (int)min(dCert->afterDate[1], MAX_DATE_SZ); - x509->notAfter.type = dCert->afterDate[0]; - x509->notAfter.length = minSz; - XMEMCPY(x509->notAfter.data, &dCert->afterDate[2], minSz); - } - else - x509->notAfter.length = 0; + + if (dCert->beforeDateLen > 0) { + minSz = (int)min(dCert->beforeDate[1], MAX_DATE_SZ); + x509->notBefore.type = dCert->beforeDate[0]; + x509->notBefore.length = minSz; + XMEMCPY(x509->notBefore.data, &dCert->beforeDate[2], minSz); + } + else + x509->notBefore.length = 0; + if (dCert->afterDateLen > 0) { + minSz = (int)min(dCert->afterDate[1], MAX_DATE_SZ); + x509->notAfter.type = dCert->afterDate[0]; + x509->notAfter.length = minSz; + XMEMCPY(x509->notAfter.data, &dCert->afterDate[2], minSz); } + else + x509->notAfter.length = 0; if (dCert->publicKey != NULL && dCert->pubKeySize != 0) { x509->pubKey.buffer = (byte*)XMALLOC( @@ -13016,7 +13249,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) ret = MEMORY_E; } } - #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) + #ifdef WOLFSSL_ASN_CA_ISSUER if (dCert->extAuthInfoCaIssuer != NULL && dCert->extAuthInfoCaIssuerSz > 0) { x509->authInfoCaIssuer = (byte*)XMALLOC(dCert->extAuthInfoCaIssuerSz, x509->heap, DYNAMIC_TYPE_X509_EXT); @@ -13102,10 +13335,10 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) #ifndef IGNORE_NETSCAPE_CERT_TYPE x509->nsCertType = dCert->nsCertType; #endif - #if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT) + #ifdef WOLFSSL_SEP x509->certPolicySet = dCert->extCertPolicySet; x509->certPolicyCrit = dCert->extCertPolicyCrit; - #endif /* WOLFSSL_SEP || WOLFSSL_QT */ + #endif #ifdef WOLFSSL_CERT_EXT { int i; @@ -13179,14 +13412,135 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) #endif /* KEEP_PEER_CERT || SESSION_CERTS */ +#if defined(WOLFSSL_ACERT) +/* Copy a DecodedAcert structure to an X509_ACERT. + * + * @param [out] x509 the dst X509 acert structure + * @param [in] dAcert the src decoded acert structure + * + * @return 0 on success + * @return < 0 on error + * */ +int CopyDecodedAcertToX509(WOLFSSL_X509_ACERT* x509, DecodedAcert* dAcert) +{ + int ret = 0; + + if (x509 == NULL || dAcert == NULL) { + return BAD_FUNC_ARG; + } + + /* Copy version and serial number. */ + x509->version = dAcert->version + 1; + + XMEMCPY(x509->serial, dAcert->serial, EXTERNAL_SERIAL_SIZE); + x509->serialSz = dAcert->serialSz; + + if (dAcert->holderSerialSz > 0) { + /* This ACERT Holder field had a serial number. Copy it. */ + XMEMCPY(x509->holderSerial, dAcert->holderSerial, + dAcert->holderSerialSz); + x509->holderSerialSz = dAcert->holderSerialSz; + } + + /* Copy before and after dates. */ + { + int minSz = 0; + + if (dAcert->beforeDateLen > 0) { + minSz = (int)min(dAcert->beforeDate[1], MAX_DATE_SZ); + x509->notBefore.type = dAcert->beforeDate[0]; + x509->notBefore.length = minSz; + XMEMCPY(x509->notBefore.data, &dAcert->beforeDate[2], minSz); + } + else { + x509->notBefore.length = 0; + } + + if (dAcert->afterDateLen > 0) { + minSz = (int)min(dAcert->afterDate[1], MAX_DATE_SZ); + x509->notAfter.type = dAcert->afterDate[0]; + x509->notAfter.length = minSz; + XMEMCPY(x509->notAfter.data, &dAcert->afterDate[2], minSz); + } + else { + x509->notAfter.length = 0; + } + } + + /* Copy the signature. */ + if (dAcert->signature != NULL && dAcert->sigLength != 0 && + dAcert->sigLength <= MAX_ENCODED_SIG_SZ) { + x509->sig.buffer = (byte*)XMALLOC( + dAcert->sigLength, x509->heap, DYNAMIC_TYPE_SIGNATURE); + if (x509->sig.buffer == NULL) { + ret = MEMORY_E; + } + else { + XMEMCPY(x509->sig.buffer, dAcert->signature, dAcert->sigLength); + x509->sig.length = dAcert->sigLength; + x509->sigOID = (int)dAcert->signatureOID; + } + } + + /* if der contains original source buffer then store for potential + * retrieval */ + if (dAcert->source != NULL && dAcert->maxIdx > 0) { + if (AllocDer(&x509->derCert, dAcert->maxIdx, CERT_TYPE, x509->heap) + == 0) { + XMEMCPY(x509->derCert->buffer, dAcert->source, dAcert->maxIdx); + } + else { + ret = MEMORY_E; + } + } + + /* Copy holder and att cert issuer names if present. */ + if (CopyAltNames(&x509->holderIssuerName, dAcert->holderIssuerName, + ASN_DIR_TYPE, x509->heap) != 0) { + return MEMORY_E; + } + + if (CopyAltNames(&x509->holderEntityName, dAcert->holderEntityName, + ASN_DIR_TYPE, x509->heap) != 0) { + return MEMORY_E; + } + + if (CopyAltNames(&x509->AttCertIssuerName, dAcert->AttCertIssuerName, + ASN_DIR_TYPE, x509->heap) != 0) { + return MEMORY_E; + } + + if (dAcert->rawAttr && dAcert->rawAttrLen > 0) { + /* Allocate space for the raw Attributes field, then copy it in. */ + x509->rawAttr = (byte*)XMALLOC(dAcert->rawAttrLen, x509->heap, + DYNAMIC_TYPE_X509_EXT); + if (x509->rawAttr != NULL) { + XMEMCPY(x509->rawAttr, dAcert->rawAttr, dAcert->rawAttrLen); + x509->rawAttrLen = dAcert->rawAttrLen; + } + else { + ret = MEMORY_E; + } + } + + return ret; +} +#endif /* WOLFSSL_ACERT */ + + #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \ (defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) && !defined(WOLFSSL_NO_TLS12)) -static int ProcessCSR(WOLFSSL* ssl, byte* input, word32* inOutIdx, - word32 status_length) +static int ProcessCSR_ex(WOLFSSL* ssl, byte* input, word32* inOutIdx, + word32 status_length, int idx) { int ret = 0; OcspRequest* request; - +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) + TLSX* ext = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST); + CertificateStatusRequest* csr; +#else + (void)idx; +#endif #ifdef WOLFSSL_SMALL_STACK CertStatus* status; OcspEntry* single; @@ -13198,11 +13552,19 @@ static int ProcessCSR(WOLFSSL* ssl, byte* input, word32* inOutIdx, #endif WOLFSSL_ENTER("ProcessCSR"); - +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) + if (ext) { + /* status request */ + csr = (CertificateStatusRequest*)ext->data; + if (csr && !csr->ssl) + csr->ssl = ssl; + } +#endif do { #ifdef HAVE_CERTIFICATE_STATUS_REQUEST if (ssl->status_request) { - request = (OcspRequest*)TLSX_CSR_GetRequest(ssl->extensions); + request = (OcspRequest*)TLSX_CSR_GetRequest_ex(ssl->extensions, + idx); ssl->status_request = 0; break; } @@ -13225,24 +13587,28 @@ static int ProcessCSR(WOLFSSL* ssl, byte* input, word32* inOutIdx, #ifdef WOLFSSL_SMALL_STACK status = (CertStatus*)XMALLOC(sizeof(CertStatus), ssl->heap, - DYNAMIC_TYPE_OCSP_STATUS); + DYNAMIC_TYPE_OCSP_STATUS); single = (OcspEntry*)XMALLOC(sizeof(OcspEntry), ssl->heap, - DYNAMIC_TYPE_OCSP_ENTRY); + DYNAMIC_TYPE_OCSP_ENTRY); response = (OcspResponse*)XMALLOC(sizeof(OcspResponse), ssl->heap, - DYNAMIC_TYPE_OCSP_REQUEST); + DYNAMIC_TYPE_OCSP_REQUEST); if (status == NULL || single == NULL || response == NULL) { - if (status) + if (status != NULL) { XFREE(status, ssl->heap, DYNAMIC_TYPE_OCSP_STATUS); - if (single) + } + if (single != NULL) { XFREE(single, ssl->heap, DYNAMIC_TYPE_OCSP_ENTRY); - if (response) + } + if (response != NULL) { XFREE(response, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST); + } return MEMORY_ERROR; } #endif + /* InitOcspResponse sets single and status to response struct. */ InitOcspResponse(response, single, status, input +*inOutIdx, status_length, ssl->heap); if (OcspResponseDecode(response, SSL_CM(ssl), ssl->heap, 0) != 0) @@ -13263,17 +13629,25 @@ static int ProcessCSR(WOLFSSL* ssl, byte* input, word32* inOutIdx, *inOutIdx += status_length; + /* FreeOcspResponse frees status and single only if + * single->isDynamic is set. */ FreeOcspResponse(response); #ifdef WOLFSSL_SMALL_STACK - XFREE(status, ssl->heap, DYNAMIC_TYPE_OCSP_STATUS); - XFREE(single, ssl->heap, DYNAMIC_TYPE_OCSP_ENTRY); - XFREE(response, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST); + XFREE(status, ssl->heap, DYNAMIC_TYPE_OCSP_STATUS); + XFREE(single, ssl->heap, DYNAMIC_TYPE_OCSP_ENTRY); + XFREE(response, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST); #endif WOLFSSL_LEAVE("ProcessCSR", ret); return ret; } + +static int ProcessCSR(WOLFSSL* ssl, byte* input, word32* inOutIdx, + word32 status_length) +{ + return ProcessCSR_ex(ssl, input, inOutIdx, status_length, 0); +} #endif @@ -13526,8 +13900,7 @@ int SetupStoreCtxCallback(WOLFSSL_X509_STORE_CTX** store_pt, if (x509 != NULL) wolfSSL_X509_free(x509); #endif - if (domain != NULL) - XFREE(domain, heap, DYNAMIC_TYPE_STRING); + XFREE(domain, heap, DYNAMIC_TYPE_STRING); return MEMORY_E; } @@ -13612,7 +13985,7 @@ int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl, int cert_err, /* If altNames names is present, then subject common name is ignored */ if (args->dCert->altNames != NULL) { if (CheckForAltNames(args->dCert, ssl->param->hostName, - (word32)XSTRLEN(ssl->param->hostName), NULL) != 1) { + (word32)XSTRLEN(ssl->param->hostName), NULL, 0) != 1) { if (cert_err == 0) { ret = DOMAIN_NAME_MISMATCH; WOLFSSL_ERROR_VERBOSE(ret); @@ -13626,7 +13999,7 @@ int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl, int cert_err, args->dCert->subjectCN, args->dCert->subjectCNLen, ssl->param->hostName, - (word32)XSTRLEN(ssl->param->hostName)) == 0) { + (word32)XSTRLEN(ssl->param->hostName), 0) == 0) { if (cert_err == 0) { ret = DOMAIN_NAME_MISMATCH; WOLFSSL_ERROR_VERBOSE(ret); @@ -13806,15 +14179,11 @@ static void FreeProcPeerCertArgs(WOLFSSL* ssl, void* pArgs) (void)ssl; - if (args->certs) { - XFREE(args->certs, ssl->heap, DYNAMIC_TYPE_DER); - args->certs = NULL; - } + XFREE(args->certs, ssl->heap, DYNAMIC_TYPE_DER); + args->certs = NULL; #ifdef WOLFSSL_TLS13 - if (args->exts) { - XFREE(args->exts, ssl->heap, DYNAMIC_TYPE_CERT_EXT); - args->exts = NULL; - } + XFREE(args->exts, ssl->heap, DYNAMIC_TYPE_CERT_EXT); + args->exts = NULL; #endif if (args->dCert) { if (args->dCertInit) { @@ -13924,9 +14293,7 @@ int LoadCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type) /* / .(r)N\0 */ /*|1| 8 |1|1|1|1| => 13 */ len = (int)XSTRLEN(entry->dir_name) + 13; - if (filename != NULL) { - XFREE(filename, NULL, DYNAMIC_TYPE_OPENSSL); - } + XFREE(filename, NULL, DYNAMIC_TYPE_OPENSSL); filename = (char*)XMALLOC(len, NULL, DYNAMIC_TYPE_OPENSSL); if (filename == NULL) { @@ -14001,7 +14368,8 @@ int LoadCertByIssuer(WOLFSSL_X509_STORE* store, X509_NAME* issuer, int type) ph->hash_value = hash; ph->last_suffix = suffix; - ret = wolfSSL_sk_BY_DIR_HASH_push(entry->hashes, ph); + ret = wolfSSL_sk_BY_DIR_HASH_push(entry->hashes, ph) > 0 + ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE; } } wc_UnLockMutex(&lookup->dirs->lock); @@ -14336,6 +14704,52 @@ static int ProcessPeerCertCheckKey(WOLFSSL* ssl, ProcPeerCertArgs* args) return ret; } +#if defined(HAVE_OCSP) && defined(WOLFSSL_TLS13) \ + && defined(HAVE_CERTIFICATE_STATUS_REQUEST) +static int ProcessPeerCertsChainOCSPStatusCheck(WOLFSSL* ssl) +{ + int ret = 0; + word32 i; + word32 idx = 0; + TLSX* ext = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST); + CertificateStatusRequest* csr; + + if (ext) { + csr = (CertificateStatusRequest*)ext->data; + if (csr == NULL) { + return 0; + } + } else + return 0; + + /* error when leaf cert doesn't have certificate status */ + if (csr->requests < 1 || csr->responses[0].length == 0) { + WOLFSSL_MSG("Leaf cert doesn't have certificate status."); + return BAD_CERTIFICATE_STATUS_ERROR; + } + + for (i = 0; i < csr->requests; i++) { + if (csr->responses[i].length != 0) { + ssl->status_request = 1; + idx = 0; + ret = ProcessCSR_ex(ssl, + csr->responses[i].buffer, + &idx, csr->responses[i].length, i); + if (ret < 0) { + WOLFSSL_ERROR_VERBOSE(ret); + break; + } + } + else { + WOLFSSL_MSG("Intermediate cert doesn't have certificate status."); + } + } + + return ret; +} + +#endif + #ifdef HAVE_CRL static int ProcessPeerCertsChainCRLCheck(WOLFSSL* ssl, ProcPeerCertArgs* args) { @@ -14618,8 +15032,11 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, args->idx += extSz; listSz -= extSz + OPAQUE16_LEN; WOLFSSL_MSG_EX("\tParsing %d bytes of cert extensions", - args->exts[args->totalCerts].length); + args->exts[args->totalCerts].length); #if !defined(NO_TLS) + #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) + ssl->response_idx = args->totalCerts; + #endif ret = TLSX_Parse(ssl, args->exts[args->totalCerts].buffer, (word16)args->exts[args->totalCerts].length, certificate, NULL); @@ -14805,13 +15222,22 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, #ifdef HAVE_OCSP #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 addToPendingCAs = 0; - if (ssl->status_request_v2 && TLSX_CSR2_IsMulti(ssl->extensions)) { + if (ssl->options.side == WOLFSSL_CLIENT_END && + ssl->status_request_v2 && + TLSX_CSR2_IsMulti(ssl->extensions)) { ret = TLSX_CSR2_InitRequests(ssl->extensions, args->dCert, 0, ssl->heap); addToPendingCAs = 1; } else /* skips OCSP and force CRL check */ #endif /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */ + #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) + if (IsAtLeastTLSv1_3(ssl->version)) { + ret = TLSX_CSR_InitRequest_ex(ssl->extensions, + args->dCert, ssl->heap, args->certIdx); + } + else + #endif if (SSL_CM(ssl)->ocspEnabled && SSL_CM(ssl)->ocspCheckAll) { WOLFSSL_MSG("Doing Non Leaf OCSP check"); @@ -15007,8 +15433,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, if (dCertAdd_inited) FreeDecodedCert(dCertAdd); #ifdef WOLFSSL_SMALL_STACK - if (dCertAdd) - XFREE(dCertAdd, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(dCertAdd, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif if (ret != 0) goto exit_ppc; @@ -15293,24 +15718,17 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, if (ssl->options.side == WOLFSSL_CLIENT_END) { #ifdef HAVE_CERTIFICATE_STATUS_REQUEST if (ssl->status_request) { - args->fatal = (TLSX_CSR_InitRequest(ssl->extensions, - args->dCert, ssl->heap) != 0); + args->fatal = (TLSX_CSR_InitRequest_ex( + ssl->extensions, args->dCert, + ssl->heap, args->certIdx) != 0); doLookup = 0; WOLFSSL_MSG("\tHave status request"); #if defined(WOLFSSL_TLS13) if (ssl->options.tls1_3) { - TLSX* ext = TLSX_Find(ssl->extensions, - TLSX_STATUS_REQUEST); - if (ext != NULL) { - word32 idx = 0; - CertificateStatusRequest* csr = - (CertificateStatusRequest*)ext->data; - ret = ProcessCSR(ssl, csr->response.buffer, - &idx, csr->response.length); - if (ret < 0) { - WOLFSSL_ERROR_VERBOSE(ret); - goto exit_ppc; - } + ret = ProcessPeerCertsChainOCSPStatusCheck(ssl); + if (ret < 0) { + WOLFSSL_ERROR_VERBOSE(ret); + goto exit_ppc; } } #endif @@ -15350,9 +15768,9 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, if (ssl->peerVerifyRet == 0) { /* Return first cert error here */ ssl->peerVerifyRet = - ret == OCSP_CERT_REVOKED - ? WOLFSSL_X509_V_ERR_CERT_REVOKED - : WOLFSSL_X509_V_ERR_CERT_REJECTED; + ret == WC_NO_ERR_TRACE(OCSP_CERT_REVOKED) + ? WOLFSSL_X509_V_ERR_CERT_REVOKED + : WOLFSSL_X509_V_ERR_CERT_REJECTED; } #endif } @@ -15381,7 +15799,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, if (ssl->peerVerifyRet == 0) { /* Return first cert error here */ ssl->peerVerifyRet = - ret == CRL_CERT_REVOKED + ret == WC_NO_ERR_TRACE(CRL_CERT_REVOKED) ? WOLFSSL_X509_V_ERR_CERT_REVOKED : WOLFSSL_X509_V_ERR_CERT_REJECTED; } @@ -15520,7 +15938,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, (ssl->buffers.domainName.buffer == NULL ? 0 : (word32)XSTRLEN( (const char *)ssl->buffers.domainName.buffer)), - NULL) != 1) { + NULL, 0) != 1) { WOLFSSL_MSG("DomainName match on alt names failed"); /* try to get peer key still */ ret = DOMAIN_NAME_MISMATCH; @@ -15535,7 +15953,7 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, (ssl->buffers.domainName.buffer == NULL ? 0 : (word32)XSTRLEN( (const char *)ssl->buffers.domainName.buffer) - )) == 0) + ), 0) == 0) { WOLFSSL_MSG("DomainName match on common name failed"); ret = DOMAIN_NAME_MISMATCH; @@ -15548,14 +15966,14 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, args->dCert->subjectCNLen, (char*)ssl->buffers.domainName.buffer, (ssl->buffers.domainName.buffer == NULL ? 0 : - (word32)XSTRLEN(ssl->buffers.domainName.buffer))) == 0) + (word32)XSTRLEN(ssl->buffers.domainName.buffer)), 0) == 0) { WOLFSSL_MSG("DomainName match on common name failed"); if (CheckForAltNames(args->dCert, (char*)ssl->buffers.domainName.buffer, (ssl->buffers.domainName.buffer == NULL ? 0 : (word32)XSTRLEN(ssl->buffers.domainName.buffer)), - NULL) != 1) { + NULL, 0) != 1) { WOLFSSL_MSG( "DomainName match on alt names failed too"); /* try to get peer key still */ @@ -16025,13 +16443,8 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, ssl->options.serverState = SERVER_CERT_COMPLETE; } - if (IsEncryptionOn(ssl, 0)) { + if (IsEncryptionOn(ssl, 0)) args->idx += ssl->keys.padSz; - #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) - if (ssl->options.startedETMRead) - args->idx += MacSize(ssl); - #endif - } /* Advance state and proceed */ ssl->options.asyncState = TLS_ASYNC_END; @@ -16196,12 +16609,9 @@ static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx, DYNAMIC_TYPE_OCSP_REQUEST); if (status == NULL || single == NULL || response == NULL) { - if (status) - XFREE(status, ssl->heap, DYNAMIC_TYPE_OCSP_STATUS); - if (single) - XFREE(single, ssl->heap, DYNAMIC_TYPE_OCSP_ENTRY); - if (response) - XFREE(response, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST); + XFREE(status, ssl->heap, DYNAMIC_TYPE_OCSP_STATUS); + XFREE(single, ssl->heap, DYNAMIC_TYPE_OCSP_ENTRY); + XFREE(response, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST); return MEMORY_ERROR; } @@ -16294,20 +16704,9 @@ static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx, } if (IsEncryptionOn(ssl, 0)) { - #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) - if (ssl->options.startedETMRead) { - word32 digestSz = MacSize(ssl); - if (*inOutIdx + ssl->keys.padSz + digestSz > size) - return BUFFER_E; - *inOutIdx += ssl->keys.padSz + digestSz; - } - else - #endif - { - if (*inOutIdx + ssl->keys.padSz > size) - return BUFFER_E; - *inOutIdx += ssl->keys.padSz; - } + if (*inOutIdx + ssl->keys.padSz > size) + return BUFFER_E; + *inOutIdx += ssl->keys.padSz; } WOLFSSL_LEAVE("DoCertificateStatus", ret); @@ -16338,24 +16737,12 @@ static int DoHelloRequest(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if (IsEncryptionOn(ssl, 0)) { /* If size == totalSz then we are in DtlsMsgDrain so no need to worry * about padding */ - #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) - if (ssl->options.startedETMRead) { - word32 digestSz = MacSize(ssl); - if (size != totalSz && - *inOutIdx + ssl->keys.padSz + digestSz > totalSz) - return BUFFER_E; - *inOutIdx += ssl->keys.padSz + digestSz; - } - else - #endif - { - /* access beyond input + size should be checked against totalSz */ - if (size != totalSz && - *inOutIdx + ssl->keys.padSz > totalSz) - return BUFFER_E; + /* access beyond input + size should be checked against totalSz */ + if (size != totalSz && + *inOutIdx + ssl->keys.padSz > totalSz) + return BUFFER_E; - *inOutIdx += ssl->keys.padSz; - } + *inOutIdx += ssl->keys.padSz; } if (ssl->options.side == WOLFSSL_SERVER_END) { @@ -16392,17 +16779,8 @@ int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word32 size, * If size == totalSz then we are in DtlsMsgDrain so no need to worry about * padding */ if (size != totalSz) { - #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) - if (ssl->options.startedETMRead) { - if (*inOutIdx + size + ssl->keys.padSz + MacSize(ssl) > totalSz) - return BUFFER_E; - } - else - #endif - { - if (*inOutIdx + size + ssl->keys.padSz > totalSz) - return BUFFER_E; - } + if (*inOutIdx + size + ssl->keys.padSz > totalSz) + return BUFFER_E; } #ifdef WOLFSSL_CALLBACKS @@ -16445,10 +16823,6 @@ int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word32 size, /* force input exhaustion at ProcessReply consuming padSz */ *inOutIdx += size + ssl->keys.padSz; -#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) - if (ssl->options.startedETMRead) - *inOutIdx += MacSize(ssl); -#endif if (ssl->options.side == WOLFSSL_CLIENT_END) { ssl->options.serverState = SERVER_FINISHED_COMPLETE; @@ -16995,10 +17369,6 @@ int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, expectedIdx = *inOutIdx + size + (ssl->keys.encryptionOn ? ssl->keys.padSz : 0); -#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) - if (ssl->options.startedETMRead && ssl->keys.encryptionOn) - expectedIdx += MacSize(ssl); -#endif #if !defined(NO_WOLFSSL_SERVER) && \ defined(HAVE_SECURE_RENEGOTIATION) && \ @@ -17081,10 +17451,10 @@ int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, /* hello_request not hashed */ if (type != hello_request #ifdef WOLFSSL_ASYNC_CRYPT - && ssl->error != WC_PENDING_E + && ssl->error != WC_NO_ERR_TRACE(WC_PENDING_E) #endif #ifdef WOLFSSL_NONBLOCK_OCSP - && ssl->error != OCSP_WANT_READ + && ssl->error != WC_NO_ERR_TRACE(OCSP_WANT_READ) #endif ) { ret = HashInput(ssl, input + *inOutIdx, (int)size); @@ -17101,6 +17471,18 @@ int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, case certificate_request: case server_hello_done: if (ssl->options.resuming) { + /* Client requested resumption, but server is doing a + * full handshake */ + + /* The server's decision to resume isn't known until after the + * "server_hello". If subsequent handshake messages like + * "certificate" or "server_key_exchange" are recevied then we + * are doing a full handshake */ + + /* If the server included a session id then we + * treat this as a fatal error, since the server said it was + * doing resumption, but did not. */ + /* https://www.rfc-editor.org/rfc/rfc5077.html#section-3.4 * Alternatively, the client MAY include an empty Session ID * in the ClientHello. In this case, the client ignores the @@ -17109,7 +17491,7 @@ int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, * messages. */ #ifndef WOLFSSL_WPAS - if (ssl->session->sessionIDSz != 0) { + if (ssl->arrays->sessionIDSz != 0) { /* Fatal error. Only try to send an alert. RFC 5246 does not * allow for reverting back to a full handshake after the * server has indicated the intention to do a resumption. */ @@ -17149,23 +17531,12 @@ int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, WOLFSSL_MSG("processing hello verify request"); ret = DoHelloVerifyRequest(ssl, input,inOutIdx, size); if (IsEncryptionOn(ssl, 0)) { - #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) - if (ssl->options.startedETMRead) { - word32 digestSz = MacSize(ssl); - if (*inOutIdx + ssl->keys.padSz + digestSz > totalSz) - return BUFFER_E; - *inOutIdx += ssl->keys.padSz + digestSz; - } - else - #endif - { - /* access beyond input + size should be checked against totalSz - */ - if (*inOutIdx + ssl->keys.padSz > totalSz) - return BUFFER_E; + /* access beyond input + size should be checked against totalSz + */ + if (*inOutIdx + ssl->keys.padSz > totalSz) + return BUFFER_E; - *inOutIdx += ssl->keys.padSz; - } + *inOutIdx += ssl->keys.padSz; } break; @@ -17238,13 +17609,8 @@ int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, AddLateName("ServerHelloDone", &ssl->timeoutInfo); #endif ssl->options.serverState = SERVER_HELLODONE_COMPLETE; - if (IsEncryptionOn(ssl, 0)) { + if (IsEncryptionOn(ssl, 0)) *inOutIdx += ssl->keys.padSz; - #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) - if (ssl->options.startedETMRead) - *inOutIdx += MacSize(ssl); - #endif - } break; case finished: @@ -17279,24 +17645,12 @@ int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, /* If size == totalSz then we are in DtlsMsgDrain so no need to worry * about padding */ if (IsEncryptionOn(ssl, 0)) { - #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) - if (ssl->options.startedETMRead) { - word32 digestSz = MacSize(ssl); - if (size != totalSz && - *inOutIdx + ssl->keys.padSz + digestSz > totalSz) - return BUFFER_E; - *inOutIdx += ssl->keys.padSz + digestSz; - } - else - #endif - { - /* access beyond input + size should be checked against totalSz - */ - if (size != totalSz && - *inOutIdx + ssl->keys.padSz > totalSz) - return BUFFER_E; - *inOutIdx += ssl->keys.padSz; - } + /* access beyond input + size should be checked against totalSz + */ + if (size != totalSz && + *inOutIdx + ssl->keys.padSz > totalSz) + return BUFFER_E; + *inOutIdx += ssl->keys.padSz; } break; @@ -18159,22 +18513,9 @@ static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx, input + *inOutIdx, size, type, fragOffset, fragSz, ssl->heap); *inOutIdx += fragSz; - #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) - if (ssl->options.startedETMRead && ssl->keys.curEpoch != 0) { - word32 digestSz = MacSize(ssl); - if (*inOutIdx + ssl->keys.padSz + digestSz > totalSz) { - WOLFSSL_ERROR(BUFFER_E); - return BUFFER_E; - } - *inOutIdx += digestSz; - } - else - #endif - { - if (*inOutIdx + ssl->keys.padSz > totalSz) { - WOLFSSL_ERROR(BUFFER_E); - return BUFFER_E; - } + if (*inOutIdx + ssl->keys.padSz > totalSz) { + WOLFSSL_ERROR(BUFFER_E); + return BUFFER_E; } *inOutIdx += ssl->keys.padSz; ret = 0; @@ -18215,22 +18556,9 @@ static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx, /* Already saw this message and processed it. It can be ignored. */ WOLFSSL_MSG("Already saw this message and processed it"); *inOutIdx += fragSz; - #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) - if (ssl->options.startedETMRead && ssl->keys.curEpoch != 0) { - word32 digestSz = MacSize(ssl); - if (*inOutIdx + ssl->keys.padSz + digestSz > totalSz) { - WOLFSSL_ERROR(BUFFER_E); - return BUFFER_E; - } - *inOutIdx += digestSz; - } - else - #endif - { - if (*inOutIdx + ssl->keys.padSz > totalSz) { - WOLFSSL_ERROR(BUFFER_E); - return BUFFER_E; - } + if (*inOutIdx + ssl->keys.padSz > totalSz) { + WOLFSSL_ERROR(BUFFER_E); + return BUFFER_E; } #ifndef WOLFSSL_DTLS_RESEND_ONLY_TIMEOUT if (IsDtlsNotSctpMode(ssl) && @@ -18263,17 +18591,11 @@ static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx, input + *inOutIdx, size, type, fragOffset, fragSz, ssl->heap); *inOutIdx += fragSz; - *inOutIdx += ssl->keys.padSz; -#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) - if (ssl->options.startedETMRead && ssl->keys.curEpoch != 0) { - word32 digestSz = MacSize(ssl); - if (*inOutIdx + digestSz > totalSz) { - WOLFSSL_ERROR(BUFFER_E); - return BUFFER_E; - } - *inOutIdx += digestSz; + if (*inOutIdx + ssl->keys.padSz > totalSz) { + WOLFSSL_ERROR(BUFFER_E); + return BUFFER_E; } -#endif + *inOutIdx += ssl->keys.padSz; ret = 0; if (ssl->dtls_rx_msg_list != NULL && ssl->dtls_rx_msg_list->ready) ret = DtlsMsgDrain(ssl); @@ -18293,14 +18615,6 @@ static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx, if (idx + fragSz + ssl->keys.padSz > totalSz) return BUFFER_E; *inOutIdx = idx + fragSz + ssl->keys.padSz; -#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) - if (ssl->options.startedETMRead && ssl->keys.curEpoch != 0) { - word32 digestSz = MacSize(ssl); - if (*inOutIdx + digestSz > totalSz) - return BUFFER_E; - *inOutIdx += digestSz; - } -#endif /* In async mode always store the message and process it with * DtlsMsgDrain because in case of a WC_PENDING_E it will be * easier this way. */ @@ -18357,8 +18671,8 @@ static WC_INLINE void AeadIncrementExpIV(WOLFSSL* ssl) #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_CHAPOL_AEAD) /* Used for the older version of creating AEAD tags with Poly1305 */ -static int Poly1305TagOld(WOLFSSL* ssl, byte* additional, const byte* out, - byte* cipher, word16 sz, byte* tag) +static int Poly1305TagOld(WOLFSSL* ssl, byte* additional, int additionalSz, + const byte* out, byte* cipher, word16 sz, byte* tag) { int ret = 0; int msglen = (sz - ssl->specs.aead_mac_size); @@ -18376,12 +18690,12 @@ static int Poly1305TagOld(WOLFSSL* ssl, byte* additional, const byte* out, return ret; if ((ret = wc_Poly1305Update(ssl->auth.poly1305, additional, - AEAD_AUTH_DATA_SZ)) != 0) + additionalSz)) != 0) return ret; /* length of additional input plus padding */ XMEMSET(padding, 0, sizeof(padding)); - padding[0] = AEAD_AUTH_DATA_SZ; + padding[0] = additionalSz; if ((ret = wc_Poly1305Update(ssl->auth.poly1305, padding, sizeof(padding))) != 0) return ret; @@ -18424,19 +18738,21 @@ static int Poly1305TagOld(WOLFSSL* ssl, byte* additional, const byte* out, * Return 0 on success negative values in error case */ int ChachaAEADEncrypt(WOLFSSL* ssl, byte* out, const byte* input, - word16 sz) + word16 sz, byte type) { - const byte* additionalSrc = input - RECORD_HEADER_SZ; int ret = 0; word32 msgLen = (sz - ssl->specs.aead_mac_size); byte tag[POLY1305_AUTH_SZ]; byte add[AEAD_AUTH_DATA_SZ]; + int addSz = 0; byte nonce[CHACHA20_NONCE_SZ]; byte poly[CHACHA20_256_KEY_SIZE]; /* generated key for poly1305 */ #ifdef CHACHA_AEAD_TEST int i; #endif Keys* keys = &ssl->keys; + byte* seq = NULL; + int verifyOrder = CUR_ORDER; XMEMSET(tag, 0, sizeof(tag)); XMEMSET(nonce, 0, sizeof(nonce)); @@ -18454,36 +18770,22 @@ int ChachaAEADEncrypt(WOLFSSL* ssl, byte* out, const byte* input, /* opaque SEQ number stored for AD */ if (ssl->options.dtls && DtlsSCRKeysSet(ssl)) { if (ssl->keys.dtls_epoch == - ssl->secure_renegotiation->tmp_keys.dtls_epoch) { + ssl->secure_renegotiation->tmp_keys.dtls_epoch) keys = &ssl->secure_renegotiation->tmp_keys; - WriteSEQ(ssl, CUR_ORDER, add); - } else - WriteSEQ(ssl, PREV_ORDER, add); + verifyOrder = PREV_ORDER; } - else #endif - WriteSEQ(ssl, CUR_ORDER, add); + + addSz = writeAeadAuthData(ssl, msgLen, type, add, 0, &seq, verifyOrder); + if (addSz < 0) + return addSz; if (ssl->options.oldPoly != 0) { /* get nonce. SEQ should not be incremented again here */ - XMEMCPY(nonce + CHACHA20_OLD_OFFSET, add, OPAQUE32_LEN * 2); + XMEMCPY(nonce + CHACHA20_OLD_OFFSET, seq, SEQ_SZ); } - /* Store the type, version. Unfortunately, they are in - * the input buffer ahead of the plaintext. */ - #ifdef WOLFSSL_DTLS - if (ssl->options.dtls) { - additionalSrc -= DTLS_HANDSHAKE_EXTRA; - } - #endif - - /* add TLS message size to additional data */ - add[AEAD_AUTH_DATA_SZ - 2] = (msgLen >> 8) & 0xff; - add[AEAD_AUTH_DATA_SZ - 1] = msgLen & 0xff; - - XMEMCPY(add + AEAD_TYPE_OFFSET, additionalSrc, 3); - #ifdef CHACHA_AEAD_TEST printf("Encrypt Additional : "); for (i = 0; i < AEAD_AUTH_DATA_SZ; i++) { @@ -18502,15 +18804,8 @@ int ChachaAEADEncrypt(WOLFSSL* ssl, byte* out, const byte* input, if (ssl->options.oldPoly == 0) { /* nonce is formed by 4 0x00 byte padded to the left followed by 8 byte * record sequence number XORed with client_write_IV/server_write_IV */ - XMEMCPY(nonce, keys->aead_enc_imp_IV, CHACHA20_IMP_IV_SZ); - nonce[4] ^= add[0]; - nonce[5] ^= add[1]; - nonce[6] ^= add[2]; - nonce[7] ^= add[3]; - nonce[8] ^= add[4]; - nonce[9] ^= add[5]; - nonce[10] ^= add[6]; - nonce[11] ^= add[7]; + XMEMCPY(nonce + CHACHA20_OFFSET, seq, SEQ_SZ); + xorbuf(nonce, keys->aead_enc_imp_IV, CHACHA20_IMP_IV_SZ); } #ifdef WOLFSSL_CHECK_MEM_ZERO wc_MemZero_Add("ChachaAEADEncrypt nonce", nonce, CHACHA20_NONCE_SZ); @@ -18565,7 +18860,7 @@ int ChachaAEADEncrypt(WOLFSSL* ssl, byte* out, const byte* input, /* get the poly1305 tag using either old padding scheme or more recent */ if (ssl->options.oldPoly != 0) { - if ((ret = Poly1305TagOld(ssl, add, (const byte* )out, + if ((ret = Poly1305TagOld(ssl, add, addSz, (const byte* )out, poly, sz, tag)) != 0) { ForceZero(poly, sizeof(poly)); #ifdef WOLFSSL_CHECK_MEM_ZERO @@ -18583,8 +18878,8 @@ int ChachaAEADEncrypt(WOLFSSL* ssl, byte* out, const byte* input, #endif return ret; } - if ((ret = wc_Poly1305_MAC(ssl->auth.poly1305, add, - sizeof(add), out, msgLen, tag, sizeof(tag))) != 0) { + if ((ret = wc_Poly1305_MAC(ssl->auth.poly1305, add, addSz, out, msgLen, + tag, sizeof(tag))) != 0) { ForceZero(poly, sizeof(poly)); #ifdef WOLFSSL_CHECK_MEM_ZERO wc_MemZero_Check(poly, CHACHA20_256_KEY_SIZE); @@ -18640,12 +18935,14 @@ int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input, word16 sz) { byte add[AEAD_AUTH_DATA_SZ]; + int addSz = 0; byte nonce[CHACHA20_NONCE_SZ]; byte tag[POLY1305_AUTH_SZ]; byte poly[CHACHA20_256_KEY_SIZE]; /* generated key for mac */ int ret = 0; int msgLen = (sz - ssl->specs.aead_mac_size); Keys* keys = &ssl->keys; + byte* seq = NULL; #ifdef CHACHA_AEAD_TEST int i; @@ -18674,24 +18971,16 @@ int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input, keys = &ssl->secure_renegotiation->tmp_keys; #endif - /* sequence number field is 64-bits */ - WriteSEQ(ssl, PEER_ORDER, add); + + addSz = writeAeadAuthData(ssl, msgLen, no_type, add, 1, &seq, PEER_ORDER); + if (addSz < 0) + return addSz; if (ssl->options.oldPoly != 0) { /* get nonce, SEQ should not be incremented again here */ - XMEMCPY(nonce + CHACHA20_OLD_OFFSET, add, OPAQUE32_LEN * 2); + XMEMCPY(nonce + CHACHA20_OLD_OFFSET, seq, SEQ_SZ); } - /* get AD info */ - /* Store the type, version. */ - add[AEAD_TYPE_OFFSET] = ssl->curRL.type; - add[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor; - add[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor; - - /* add TLS message size to additional data */ - add[AEAD_AUTH_DATA_SZ - 2] = (msgLen >> 8) & 0xff; - add[AEAD_AUTH_DATA_SZ - 1] = msgLen & 0xff; - #ifdef CHACHA_AEAD_TEST printf("Decrypt Additional : "); for (i = 0; i < AEAD_AUTH_DATA_SZ; i++) { @@ -18703,15 +18992,8 @@ int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input, if (ssl->options.oldPoly == 0) { /* nonce is formed by 4 0x00 byte padded to the left followed by 8 byte * record sequence number XORed with client_write_IV/server_write_IV */ - XMEMCPY(nonce, keys->aead_dec_imp_IV, CHACHA20_IMP_IV_SZ); - nonce[4] ^= add[0]; - nonce[5] ^= add[1]; - nonce[6] ^= add[2]; - nonce[7] ^= add[3]; - nonce[8] ^= add[4]; - nonce[9] ^= add[5]; - nonce[10] ^= add[6]; - nonce[11] ^= add[7]; + XMEMCPY(nonce + CHACHA20_OFFSET, seq, SEQ_SZ); + xorbuf(nonce, keys->aead_dec_imp_IV, CHACHA20_IMP_IV_SZ); } #ifdef WOLFSSL_CHECK_MEM_ZERO wc_MemZero_Add("ChachaAEADEncrypt nonce", nonce, CHACHA20_NONCE_SZ); @@ -18756,7 +19038,8 @@ int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input, /* get the tag using Poly1305 */ if (ssl->options.oldPoly != 0) { - if ((ret = Poly1305TagOld(ssl, add, input, poly, sz, tag)) != 0) { + if ((ret = Poly1305TagOld(ssl, add, addSz, input, poly, sz, tag)) + != 0) { ForceZero(poly, sizeof(poly)); #ifdef WOLFSSL_CHECK_MEM_ZERO wc_MemZero_Check(poly, CHACHA20_256_KEY_SIZE); @@ -18773,8 +19056,8 @@ int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input, #endif return ret; } - if ((ret = wc_Poly1305_MAC(ssl->auth.poly1305, add, - sizeof(add), input, (word32)msgLen, tag, sizeof(tag))) != 0) { + if ((ret = wc_Poly1305_MAC(ssl->auth.poly1305, add, addSz, input, + (word32)msgLen, tag, sizeof(tag))) != 0) { ForceZero(poly, sizeof(poly)); #ifdef WOLFSSL_CHECK_MEM_ZERO wc_MemZero_Check(poly, CHACHA20_256_KEY_SIZE); @@ -18858,9 +19141,74 @@ typedef int (*Sm4AuthDecryptFunc)(wc_Sm4* sm4, byte* out, const byte* in, #endif +#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID) +#define TLS_AEAD_CID_SZ(s, dec) \ + ((dec) ? DtlsGetCidRxSize((s)) \ + : DtlsGetCidTxSize((s))) +#define TLS_AEAD_CID(s, dec, b, c) \ + ((dec) ? wolfSSL_dtls_cid_get_rx((s), (b), (c)) \ + : wolfSSL_dtls_cid_get_tx((s), (b), (c))) +#endif +/** + * + * @param ssl WOLFSSL object + * @param sz Length of fragment + * @param type Record content type + * @param additional AAD output buffer. Assumed AEAD_AUTH_DATA_SZ length. + * @param dec Are we decrypting + * @return >= 0 length of auth data + * < 0 error + */ +int writeAeadAuthData(WOLFSSL* ssl, word16 sz, byte type, + byte* additional, byte dec, byte** seq, int verifyOrder) +{ + word32 idx = 0; +#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID) + byte cidSz = 0; + if (ssl->options.dtls && (cidSz = TLS_AEAD_CID_SZ(ssl, dec)) > 0) { + if (cidSz > DTLS_CID_MAX_SIZE) { + WOLFSSL_MSG("DTLS CID too large"); + return DTLS_CID_ERROR; + } + + XMEMSET(additional + idx, 0xFF, SEQ_SZ); + idx += SEQ_SZ; + additional[idx++] = dtls12_cid; + additional[idx++] = cidSz; + additional[idx++] = dtls12_cid; + additional[idx++] = dec ? ssl->curRL.pvMajor : ssl->version.major; + additional[idx++] = dec ? ssl->curRL.pvMinor : ssl->version.minor; + WriteSEQ(ssl, verifyOrder, additional + idx); + if (seq != NULL) + *seq = additional + idx; + idx += SEQ_SZ; + if (TLS_AEAD_CID(ssl, dec, additional + idx, (unsigned int)cidSz) + == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) { + WOLFSSL_MSG("DTLS CID write failed"); + return DTLS_CID_ERROR; + } + idx += cidSz; + c16toa(sz, additional + idx); + idx += LENGTH_SZ; + + return (int)idx; + } +#endif + if (seq != NULL) + *seq = additional + idx; + WriteSEQ(ssl, verifyOrder, additional + idx); + idx += SEQ_SZ; + additional[idx++] = dec ? ssl->curRL.type : type; + additional[idx++] = dec ? ssl->curRL.pvMajor : ssl->version.major; + additional[idx++] = dec ? ssl->curRL.pvMinor : ssl->version.minor; + c16toa(sz, additional + idx); + idx += LENGTH_SZ; + + return (int)idx; +} static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input, - word16 sz, int asyncOkay) + word16 sz, int asyncOkay, byte type) { int ret = 0; #ifdef WOLFSSL_ASYNC_CRYPT @@ -18927,7 +19275,7 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input, case wolfssl_aes_ccm:/* GCM AEAD macros use same size as CCM */ { AES_AUTH_ENCRYPT_FUNC aes_auth_fn; - const byte* additionalSrc; + int additionalSz; #ifdef WOLFSSL_ASYNC_CRYPT /* initialize event */ @@ -18945,27 +19293,17 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input, #else aes_auth_fn = AES_CCM_ENCRYPT; #endif - additionalSrc = input - 5; - - XMEMSET(ssl->encrypt.additional, 0, AEAD_AUTH_DATA_SZ); - /* sequence number field is 64-bits */ - WriteSEQ(ssl, CUR_ORDER, ssl->encrypt.additional); - - /* Store the type, version. Unfortunately, they are in - * the input buffer ahead of the plaintext. */ - #ifdef WOLFSSL_DTLS - if (ssl->options.dtls) { - additionalSrc -= DTLS_HANDSHAKE_EXTRA; + additionalSz = writeAeadAuthData(ssl, + /* Length of the plain text minus the explicit + * IV length minus the authentication tag size. */ + sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size, type, + ssl->encrypt.additional, 0, NULL, CUR_ORDER); + if (additionalSz < 0) { + ret = additionalSz; + break; } - #endif - XMEMCPY(ssl->encrypt.additional + AEAD_TYPE_OFFSET, - additionalSrc, 3); - /* Store the length of the plain text minus the explicit - * IV length minus the authentication tag size. */ - c16toa(sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size, - ssl->encrypt.additional + AEAD_LEN_OFFSET); #if !defined(NO_PUBLIC_GCM_SET_IV) && \ ((defined(HAVE_FIPS) || defined(HAVE_SELFTEST)) && \ (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))) @@ -18983,7 +19321,7 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input, ssl->encrypt.nonce, AESGCM_NONCE_SZ, out + sz - ssl->specs.aead_mac_size, ssl->specs.aead_mac_size, - ssl->encrypt.additional, AEAD_AUTH_DATA_SZ); + ssl->encrypt.additional, additionalSz); } if (ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN)) @@ -18995,7 +19333,7 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input, ssl->encrypt.nonce, AESGCM_NONCE_SZ, out + sz - ssl->specs.aead_mac_size, ssl->specs.aead_mac_size, - ssl->encrypt.additional, AEAD_AUTH_DATA_SZ); + ssl->encrypt.additional, additionalSz); } #ifdef WOLFSSL_ASYNC_CRYPT @@ -19016,27 +19354,18 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input, #ifdef HAVE_ARIA case wolfssl_aria_gcm: { - const byte* additionalSrc = input - RECORD_HEADER_SZ; + int additionalSz; byte *outBuf = NULL; - XMEMSET(ssl->encrypt.additional, 0, AEAD_AUTH_DATA_SZ); - /* sequence number field is 64-bits */ - WriteSEQ(ssl, CUR_ORDER, ssl->encrypt.additional); - - /* Store the type, version. Unfortunately, they are in - * the input buffer ahead of the plaintext. */ - #ifdef WOLFSSL_DTLS - if (ssl->options.dtls) { - additionalSrc -= DTLS_HANDSHAKE_EXTRA; - } - #endif - XMEMCPY(ssl->encrypt.additional + AEAD_TYPE_OFFSET, - additionalSrc, 3); + additionalSz = ret = writeAeadAuthData(ssl, + /* Length of the plain text minus the explicit + * IV length minus the authentication tag size. */ + sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size, type, + ssl->encrypt.additional, 0, NULL, CUR_ORDER); + if (ret < 0) + break; + ret = 0; - /* Store the length of the plain text minus the explicit - * IV length minus the authentication tag size. */ - c16toa(sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size, - ssl->encrypt.additional + AEAD_LEN_OFFSET); XMEMCPY(ssl->encrypt.nonce, ssl->keys.aead_enc_imp_IV, AESGCM_IMP_IV_SZ); XMEMCPY(ssl->encrypt.nonce + AESGCM_IMP_IV_SZ, @@ -19051,7 +19380,7 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input, (byte*) input + AESGCM_EXP_IV_SZ, sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size, ssl->encrypt.nonce, AESGCM_NONCE_SZ, - ssl->encrypt.additional, AEAD_AUTH_DATA_SZ, + ssl->encrypt.additional, additionalSz, out + sz - ssl->specs.aead_mac_size, ssl->specs.aead_mac_size ); @@ -19074,7 +19403,7 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input, #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && \ !defined(NO_CHAPOL_AEAD) case wolfssl_chacha: - ret = ChachaAEADEncrypt(ssl, out, input, sz); + ret = ChachaAEADEncrypt(ssl, out, input, sz, type); break; #endif @@ -19192,7 +19521,7 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input, } static WC_INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input, - word16 sz, int asyncOkay) + word16 sz, int asyncOkay, byte type) { int ret = 0; @@ -19283,7 +19612,7 @@ static WC_INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input, case CIPHER_STATE_DO: { - ret = EncryptDo(ssl, out, input, sz, asyncOkay); + ret = EncryptDo(ssl, out, input, sz, asyncOkay, type); /* Advance state */ ssl->encrypt.state = CIPHER_STATE_END; @@ -19416,6 +19745,7 @@ static WC_INLINE int DecryptDo(WOLFSSL* ssl, byte* plain, const byte* input, case wolfssl_aes_ccm: /* GCM AEAD macros use same size as CCM */ { wc_AesAuthDecryptFunc aes_auth_fn; + int additionalSz; #ifdef WOLFSSL_ASYNC_CRYPT /* initialize event */ @@ -19434,17 +19764,13 @@ static WC_INLINE int DecryptDo(WOLFSSL* ssl, byte* plain, const byte* input, aes_auth_fn = wc_AesCcmDecrypt; #endif - XMEMSET(ssl->decrypt.additional, 0, AEAD_AUTH_DATA_SZ); - - /* sequence number field is 64-bits */ - WriteSEQ(ssl, PEER_ORDER, ssl->decrypt.additional); - - ssl->decrypt.additional[AEAD_TYPE_OFFSET] = ssl->curRL.type; - ssl->decrypt.additional[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor; - ssl->decrypt.additional[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor; - - c16toa(sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size, - ssl->decrypt.additional + AEAD_LEN_OFFSET); + additionalSz = writeAeadAuthData(ssl, + sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size, no_type, + ssl->decrypt.additional, 1, NULL, PEER_ORDER); + if (additionalSz < 0) { + ret = additionalSz; + break; + } #if defined(WOLFSSL_DTLS) && defined(HAVE_SECURE_RENEGOTIATION) if (ssl->options.dtls && IsDtlsMsgSCRKeys(ssl)) @@ -19467,7 +19793,7 @@ static WC_INLINE int DecryptDo(WOLFSSL* ssl, byte* plain, const byte* input, ssl->decrypt.nonce, AESGCM_NONCE_SZ, (byte *)(input + sz - ssl->specs.aead_mac_size), ssl->specs.aead_mac_size, - ssl->decrypt.additional, AEAD_AUTH_DATA_SZ); + ssl->decrypt.additional, additionalSz); } if (ret == WC_NO_ERR_TRACE(NOT_COMPILED_IN)) @@ -19480,7 +19806,7 @@ static WC_INLINE int DecryptDo(WOLFSSL* ssl, byte* plain, const byte* input, ssl->decrypt.nonce, AESGCM_NONCE_SZ, input + sz - ssl->specs.aead_mac_size, ssl->specs.aead_mac_size, - ssl->decrypt.additional, AEAD_AUTH_DATA_SZ)) < 0) { + ssl->decrypt.additional, additionalSz)) < 0) { #ifdef WOLFSSL_ASYNC_CRYPT if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { ret = wolfSSL_AsyncPush(ssl, @@ -19497,17 +19823,14 @@ static WC_INLINE int DecryptDo(WOLFSSL* ssl, byte* plain, const byte* input, case wolfssl_aria_gcm: { byte *outBuf = NULL; - XMEMSET(ssl->decrypt.additional, 0, AEAD_AUTH_DATA_SZ); - - /* sequence number field is 64-bits */ - WriteSEQ(ssl, PEER_ORDER, ssl->decrypt.additional); - - ssl->decrypt.additional[AEAD_TYPE_OFFSET] = ssl->curRL.type; - ssl->decrypt.additional[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor; - ssl->decrypt.additional[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor; + int additionalSz; - c16toa(sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size, - ssl->decrypt.additional + AEAD_LEN_OFFSET); + additionalSz = ret = writeAeadAuthData(ssl, + sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size, no_type, + ssl->decrypt.additional, 1, NULL, PEER_ORDER); + if (ret < 0) + break; + ret = 0; #if defined(WOLFSSL_DTLS) && defined(HAVE_SECURE_RENEGOTIATION) if (ssl->options.dtls && IsDtlsMsgSCRKeys(ssl)) @@ -19530,7 +19853,7 @@ static WC_INLINE int DecryptDo(WOLFSSL* ssl, byte* plain, const byte* input, (byte *)input + AESGCM_EXP_IV_SZ, sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size, ssl->decrypt.nonce, AESGCM_NONCE_SZ, - ssl->decrypt.additional, AEAD_AUTH_DATA_SZ, + ssl->decrypt.additional, additionalSz, (byte *)input + sz - ssl->specs.aead_mac_size, ssl->specs.aead_mac_size ); @@ -19853,12 +20176,7 @@ static WC_INLINE int CipherHasExpIV(WOLFSSL *ssl) /* check cipher text size for sanity */ static int SanityCheckCipherText(WOLFSSL* ssl, word32 encryptSz) { -#ifdef HAVE_TRUNCATED_HMAC - word32 minLength = ssl->truncated_hmac ? (byte)TRUNCATED_HMAC_SZ - : ssl->specs.hash_size; -#else - word32 minLength = ssl->specs.hash_size; /* covers stream */ -#endif + word32 minLength = MacSize(ssl); #ifndef WOLFSSL_AEAD_ONLY if (ssl->specs.cipher_type == block) { @@ -20290,7 +20608,7 @@ int TimingPadVerify(WOLFSSL* ssl, const byte* input, int padLen, int macSz, /* 4th argument has potential to underflow, ssl->hmac function should * either increment the size by (macSz + padLen + 1) before use or check on * the size to make sure is valid. */ - ret = ssl->hmac(ssl, verify, input, pLen - macSz - padLen - 1, padLen, + ret = ssl->hmac(ssl, verify, input, (word32)(pLen - macSz - padLen - 1), padLen, content, 1, PEER_ORDER); good |= MaskMac(input, pLen, ssl->specs.hash_size, verify); @@ -20316,10 +20634,9 @@ int TimingPadVerify(WOLFSSL* ssl, const byte* input, int padLen, int macSz, int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx, int sniff) { - word32 msgSz = WOLFSSL_IS_QUIC(ssl)? ssl->curSize : ssl->keys.encryptSz; + word32 msgSz = ssl->curSize; word32 idx = *inOutIdx; int dataSz; - int ivExtra = 0; byte* rawData = input + idx; /* keep current for hmac */ #ifdef HAVE_LIBZ byte decomp[MAX_RECORD_SIZE + MAX_COMP_EXTRA]; @@ -20380,23 +20697,7 @@ int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx, int sniff) } #endif -#ifndef WOLFSSL_AEAD_ONLY - if (ssl->specs.cipher_type == block) { - if (ssl->options.tls1_1) - ivExtra = ssl->specs.block_size; - } - else -#endif - if (ssl->specs.cipher_type == aead) { - if (CipherHasExpIV(ssl)) - ivExtra = AESGCM_EXP_IV_SZ; - } - - dataSz = msgSz - ivExtra - ssl->keys.padSz; -#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) - if (ssl->options.startedETMRead) - dataSz -= MacSize(ssl); -#endif + dataSz = msgSz - ssl->keys.padSz; if (dataSz < 0) { WOLFSSL_MSG("App data buffer error, malicious input?"); if (sniff == NO_SNIFF) { @@ -20428,17 +20729,13 @@ int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx, int sniff) if (dataSz < 0) return dataSz; } #endif - idx += rawSz; + idx += (word32)rawSz; ssl->buffers.clearOutputBuffer.buffer = rawData; ssl->buffers.clearOutputBuffer.length = (unsigned int)dataSz; } idx += ssl->keys.padSz; -#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) - if (ssl->options.startedETMRead) - idx += MacSize(ssl); -#endif #ifdef HAVE_LIBZ /* decompress could be bigger, overwrite after verify */ @@ -20654,7 +20951,11 @@ static void LogAlert(int type) typeStr = AlertTypeToString(type); if (typeStr != NULL) { char buff[60]; - XSNPRINTF(buff, sizeof(buff), "Alert type: %s", typeStr); + if (XSNPRINTF(buff, sizeof(buff), "Alert type: %s", typeStr) + >= (int)sizeof(buff)) + { + buff[sizeof(buff) - 1] = 0; + } WOLFSSL_MSG(buff); } #else @@ -20684,26 +20985,8 @@ static int DoAlert(WOLFSSL* ssl, byte* input, word32* inOutIdx, int* type) } #endif - if (IsEncryptionOn(ssl, 0)) { - int ivExtra = 0; -#ifndef WOLFSSL_AEAD_ONLY - if (ssl->specs.cipher_type == block) { - if (ssl->options.tls1_1) - ivExtra = ssl->specs.block_size; - } - else -#endif - if (ssl->specs.cipher_type == aead) { - if (CipherHasExpIV(ssl)) - ivExtra = AESGCM_EXP_IV_SZ; - } - dataSz -= ivExtra; + if (IsEncryptionOn(ssl, 0)) dataSz -= ssl->keys.padSz; - #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) - if (ssl->options.startedETMRead) - dataSz -= MacSize(ssl); - #endif - } /* make sure can read the message */ if (dataSz != ALERT_SIZE) { @@ -20746,10 +21029,6 @@ static int DoAlert(WOLFSSL* ssl, byte* input, word32* inOutIdx, int* type) if (IsEncryptionOn(ssl, 0)) { *inOutIdx += ssl->keys.padSz; - #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) - if (ssl->options.startedETMRead) - *inOutIdx += MacSize(ssl); - #endif } return level; @@ -20764,9 +21043,9 @@ static int GetInputData(WOLFSSL *ssl, word32 size) /* check max input length */ - usedLength = ssl->buffers.inputBuffer.length - ssl->buffers.inputBuffer.idx; - maxLength = ssl->buffers.inputBuffer.bufferSize - usedLength; - inSz = (int)(size - usedLength); /* from last partial read */ + usedLength = (int)(ssl->buffers.inputBuffer.length - ssl->buffers.inputBuffer.idx); + maxLength = (int)(ssl->buffers.inputBuffer.bufferSize - (word32)usedLength); + inSz = (int)(size - (word32)usedLength); /* from last partial read */ #ifdef WOLFSSL_DTLS if (ssl->options.dtls && IsDtlsNotSctpMode(ssl)) { @@ -20788,7 +21067,7 @@ static int GetInputData(WOLFSSL *ssl, word32 size) } if (inSz > maxLength) { - if (GrowInputBuffer(ssl, size + dtlsExtra, usedLength) < 0) + if (GrowInputBuffer(ssl, (int)(size + (word32)dtlsExtra), usedLength) < 0) return MEMORY_E; } @@ -20808,8 +21087,8 @@ static int GetInputData(WOLFSSL *ssl, word32 size) ssl->buffers.inputBuffer.buffer + ssl->buffers.inputBuffer.length, (word32)inSz); - if (in == WANT_READ) - return WANT_READ; + if (in == WC_NO_ERR_TRACE(WANT_READ)) + return WC_NO_ERR_TRACE(WANT_READ); if (in < 0) { WOLFSSL_ERROR_VERBOSE(SOCKET_ERROR_E); @@ -20821,7 +21100,7 @@ static int GetInputData(WOLFSSL *ssl, word32 size) return RECV_OVERFLOW_E; } - ssl->buffers.inputBuffer.length += in; + ssl->buffers.inputBuffer.length += (word32)in; inSz -= in; } while (ssl->buffers.inputBuffer.length < size); @@ -20875,20 +21154,12 @@ static WC_INLINE int VerifyMac(WOLFSSL* ssl, const byte* input, word32 msgSz, int ret; word32 pad = 0; word32 padByte = 0; -#ifdef HAVE_TRUNCATED_HMAC - word32 digestSz = ssl->truncated_hmac ? (byte)TRUNCATED_HMAC_SZ - : ssl->specs.hash_size; -#else - word32 digestSz = ssl->specs.hash_size; -#endif + word32 digestSz = MacSize(ssl); byte verify[WC_MAX_DIGEST_SIZE]; if (ssl->specs.cipher_type == block) { - int ivExtra = 0; - if (ssl->options.tls1_1) - ivExtra = ssl->specs.block_size; - pad = *(input + msgSz - ivExtra - 1); + pad = input[msgSz - 1]; padByte = 1; if (ssl->options.tls) { @@ -20897,8 +21168,8 @@ static WC_INLINE int VerifyMac(WOLFSSL* ssl, const byte* input, word32 msgSz, if(ssl->ctx->VerifyMacCb) { void* ctx = wolfSSL_GetVerifyMacCtx(ssl); ret = ssl->ctx->VerifyMacCb(ssl, input, - (msgSz - ivExtra) - digestSz - pad - 1, - digestSz, (word32)content, ctx); + msgSz - digestSz - pad - 1, + digestSz, (word32)content, ctx); if (ret != 0 && ret != WC_NO_ERR_TRACE(PROTOCOLCB_UNAVAILABLE)) { return ret; @@ -20907,8 +21178,8 @@ static WC_INLINE int VerifyMac(WOLFSSL* ssl, const byte* input, word32 msgSz, if (!ssl->ctx->VerifyMacCb || ret == WC_NO_ERR_TRACE(PROTOCOLCB_UNAVAILABLE)) #endif - ret = TimingPadVerify(ssl, input, pad, digestSz, msgSz - ivExtra, - content); + ret = TimingPadVerify(ssl, input, (int)pad, (int)digestSz, + (int)msgSz, content); if (ret != 0) return ret; } @@ -20957,7 +21228,7 @@ static WC_INLINE int VerifyMac(WOLFSSL* ssl, const byte* input, word32 msgSz, } #if !defined(WOLFSSL_NO_TLS12) && !defined(WOLFSSL_AEAD_ONLY) else { - *padSz = digestSz + pad + padByte; + *padSz = pad + padByte; } #endif /* !WOLFSSL_NO_TLS12 && !WOLFSSL_AEAD_ONLY */ @@ -21026,6 +21297,38 @@ static int DtlsShouldDrop(WOLFSSL* ssl, int retcode) } #endif /* WOLFSSL_DTLS */ +#if defined(WOLFSSL_TLS13) || defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID) +static int removeMsgInnerPadding(WOLFSSL* ssl) +{ + word32 i = ssl->buffers.inputBuffer.idx + + ssl->curSize; + if (ssl->specs.cipher_type == aead) + i -= ssl->specs.aead_mac_size; + else + i -= ssl->keys.padSz + MacSize(ssl); + + /* check that the end of the logical length doesn't extend + * past the real buffer */ + if (i > ssl->buffers.inputBuffer.length || i == 0) { + WOLFSSL_ERROR(BUFFER_ERROR); + return BUFFER_ERROR; + } + + /* Remove padding from end of plain text. */ + for (--i; i > ssl->buffers.inputBuffer.idx; i--) { + if (ssl->buffers.inputBuffer.buffer[i] != 0) + break; + } + + /* Get the real content type from the end of the data. */ + ssl->curRL.type = ssl->buffers.inputBuffer.buffer[i]; + /* consider both contentType byte and MAC as padding */ + ssl->keys.padSz = ssl->buffers.inputBuffer.idx + + ssl->curSize - i; + return 0; +} +#endif + int ProcessReply(WOLFSSL* ssl) { return ProcessReplyEx(ssl, 0); @@ -21048,15 +21351,17 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr) atomicUser = 1; #endif - if (ssl->error != 0 && ssl->error != WANT_READ && ssl->error != WANT_WRITE + if (ssl->error != 0 && + ssl->error != WC_NO_ERR_TRACE(WANT_READ) && + ssl->error != WC_NO_ERR_TRACE(WANT_WRITE) #if defined(HAVE_SECURE_RENEGOTIATION) || defined(WOLFSSL_DTLS13) - && ssl->error != APP_DATA_READY + && ssl->error != WC_NO_ERR_TRACE(APP_DATA_READY) #endif #ifdef WOLFSSL_ASYNC_CRYPT - && ssl->error != WC_PENDING_E + && ssl->error != WC_NO_ERR_TRACE(WC_PENDING_E) #endif #ifdef WOLFSSL_NONBLOCK_OCSP - && ssl->error != OCSP_WANT_READ + && ssl->error != WC_NO_ERR_TRACE(OCSP_WANT_READ) #endif && (allowSocketErr != 1 || ssl->error != WC_NO_ERR_TRACE(SOCKET_ERROR_E)) @@ -21290,7 +21595,7 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr) if (!ssl->options.dtls) { if ((ret = GetInputData(ssl, ssl->curSize)) < 0) { #ifdef WOLFSSL_EXTRA_ALERTS - if (ret != WANT_READ) + if (ret != WC_NO_ERR_TRACE(WANT_READ)) SendAlert(ssl, alert_fatal, bad_record_mac); #endif return ret; @@ -21334,8 +21639,6 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr) ssl->keys.padSz = 0; ssl->options.processReply = verifyEncryptedMessage; - /* in case > 1 msg per record */ - ssl->curStartIdx = ssl->buffers.inputBuffer.idx; FALL_THROUGH; /* verify digest of encrypted message */ @@ -21439,13 +21742,14 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr) /* Mask on indicates this is expected to be a * padding byte. */ - padding &= ctMaskLTE(i, ssl->keys.padSz); + padding &= ctMaskLTE((int)i, + (int)ssl->keys.padSz); /* When this is a padding byte and not equal * to length then mask is set. */ invalid |= padding & ctMaskNotEq(in->buffer[off - i], - ssl->keys.padSz); + (int)ssl->keys.padSz); } /* If mask is set then there was an error. */ if (invalid) { @@ -21502,12 +21806,17 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr) #ifndef WOLFSSL_NO_TLS12 /* handle success */ #ifndef WOLFSSL_AEAD_ONLY - if (ssl->options.tls1_1 && ssl->specs.cipher_type == block) + if (ssl->options.tls1_1 && + ssl->specs.cipher_type == block) { ssl->buffers.inputBuffer.idx += ssl->specs.block_size; + ssl->curSize -= ssl->specs.block_size; + } #endif /* go past TLSv1.1 IV */ - if (CipherHasExpIV(ssl)) + if (CipherHasExpIV(ssl)) { ssl->buffers.inputBuffer.idx += AESGCM_EXP_IV_SZ; + ssl->curSize -= AESGCM_EXP_IV_SZ; + } #endif } else { @@ -21604,32 +21913,49 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr) ssl->keys.encryptSz = ssl->curSize; ssl->keys.decryptedCur = 1; -#ifdef WOLFSSL_TLS13 - if (ssl->options.tls1_3) { - word32 i = (ssl->buffers.inputBuffer.idx + - ssl->curSize - ssl->specs.aead_mac_size); - /* check that the end of the logical length doesn't extend - * past the real buffer */ - if (i > ssl->buffers.inputBuffer.length || i == 0) { - WOLFSSL_ERROR(BUFFER_ERROR); - return BUFFER_ERROR; - } - - /* Remove padding from end of plain text. */ - for (--i; i > ssl->buffers.inputBuffer.idx; i--) { - if (ssl->buffers.inputBuffer.buffer[i] != 0) - break; - } + } - /* Get the real content type from the end of the data. */ - ssl->curRL.type = ssl->buffers.inputBuffer.buffer[i]; - /* consider both contentType byte and MAC as padding */ - ssl->keys.padSz = ssl->buffers.inputBuffer.idx - + ssl->curSize - i; + if (IsEncryptionOn(ssl, 0) && ssl->keys.decryptedCur == 1) { +#if defined(WOLFSSL_TLS13) || defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID) + int removePadding = 0; + if (ssl->options.tls1_3) + removePadding = 1; +#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID) + if (!ssl->options.tls1_3 && ssl->options.dtls && + ssl->curRL.type == dtls12_cid) + removePadding = 1; +#endif + if (removePadding) { + ret = removeMsgInnerPadding(ssl); + if (ret != 0) + return ret; } + else #endif + { + /* With atomicUser the callback should have already included + * the mac in the padding size. The ETM callback doesn't do + * this for some reason. */ + if (ssl->specs.cipher_type != aead +#ifdef ATOMIC_USER + && (!atomicUser +#ifdef HAVE_ENCRYPT_THEN_MAC + || ssl->options.startedETMRead +#endif /* HAVE_ENCRYPT_THEN_MAC */ + ) +#endif /* !ATOMIC_USER */ + ) + { + /* consider MAC as padding */ + ssl->keys.padSz += MacSize(ssl); + } + } + } + /* in case > 1 msg per record */ + ssl->curStartIdx = ssl->buffers.inputBuffer.idx; + ssl->options.processReply = runProcessingOneRecord; FALL_THROUGH; @@ -21676,11 +22002,7 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr) } #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) if (IsEncryptionOn(ssl, 0) && ssl->options.startedETMRead) { - /* For TLS v1.1 the block size and explicit IV are added to idx, - * so it needs to be included in this limit check */ - if ((ssl->curSize - ssl->keys.padSz - - (ssl->buffers.inputBuffer.idx - ssl->curStartIdx) - - MacSize(ssl) > MAX_PLAINTEXT_SZ) + if ((ssl->curSize - ssl->keys.padSz > MAX_PLAINTEXT_SZ) #ifdef WOLFSSL_ASYNC_CRYPT && ssl->buffers.inputBuffer.length != ssl->buffers.inputBuffer.idx @@ -21697,12 +22019,8 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr) else #endif /* TLS13 plaintext limit is checked earlier before decryption */ - /* For TLS v1.1 the block size and explicit IV are added to idx, - * so it needs to be included in this limit check */ if (!IsAtLeastTLSv1_3(ssl->version) - && ssl->curSize - ssl->keys.padSz - - (ssl->buffers.inputBuffer.idx - ssl->curStartIdx) - > MAX_PLAINTEXT_SZ + && ssl->curSize - ssl->keys.padSz > MAX_PLAINTEXT_SZ #ifdef WOLFSSL_ASYNC_CRYPT && ssl->buffers.inputBuffer.length != ssl->buffers.inputBuffer.idx @@ -21813,7 +22131,7 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr) * calling DtlsMsgPoolSend. This msg is done * processing so let's move on. */ && (!ssl->options.dtls - || ret != WANT_WRITE) + || ret != WC_NO_ERR_TRACE(WANT_WRITE)) #ifdef WOLFSSL_ASYNC_CRYPT /* In async case, on pending, move onto next message. * Current message should have been DtlsMsgStore'ed and @@ -21890,28 +22208,8 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr) } if (IsEncryptionOn(ssl, 0) && ssl->options.handShakeDone) { -#ifdef HAVE_AEAD - if (ssl->specs.cipher_type == aead) { - if (ssl->specs.bulk_cipher_algorithm != wolfssl_chacha) - ssl->curSize -= AESGCM_EXP_IV_SZ; - ssl->buffers.inputBuffer.idx += ssl->specs.aead_mac_size; - ssl->curSize -= ssl->specs.aead_mac_size; - } - else -#endif - { - ssl->buffers.inputBuffer.idx += ssl->keys.padSz; - ssl->curSize -= (word16)ssl->keys.padSz; - ssl->curSize -= ssl->specs.iv_size; - } - - #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) - if (ssl->options.startedETMRead) { - word32 digestSz = MacSize(ssl); - ssl->buffers.inputBuffer.idx += digestSz; - ssl->curSize -= (word16)digestSz; - } - #endif + ssl->buffers.inputBuffer.idx += ssl->keys.padSz; + ssl->curSize -= (word16)ssl->keys.padSz; } if (ssl->curSize != 1) { @@ -22012,6 +22310,7 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr) #endif } #endif + #ifndef WOLFSSL_RW_THREADED #ifdef WOLFSSL_TLS13 if (ssl->keys.keyUpdateRespond) { WOLFSSL_MSG("No KeyUpdate from peer seen"); @@ -22019,6 +22318,7 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr) return SANITY_MSG_E; } #endif + #endif if ((ret = DoApplicationData(ssl, ssl->buffers.inputBuffer.buffer, &ssl->buffers.inputBuffer.idx, @@ -22115,32 +22415,17 @@ int ProcessReplyEx(WOLFSSL* ssl, int allowSocketErr) ssl->options.processReply = runProcessingOneMessage; if (IsEncryptionOn(ssl, 0)) { - WOLFSSL_MSG("Bundled encrypted messages, remove middle pad"); - #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) - if (ssl->options.startedETMRead) { - word32 digestSz = MacSize(ssl); - if (ssl->buffers.inputBuffer.idx >= - ssl->keys.padSz + digestSz) { - ssl->buffers.inputBuffer.idx -= - ssl->keys.padSz + digestSz; - } - else { - WOLFSSL_MSG("\tmiddle padding error"); - WOLFSSL_ERROR_VERBOSE(FATAL_ERROR); - return FATAL_ERROR; - } + /* With encryption on, we advance the index by the value + * of ssl->keys.padSz. Since padding only appears once, we + * only can do this at the end of record parsing. We have to + * reset the index to the start of the next message here. */ + if (ssl->buffers.inputBuffer.idx >= ssl->keys.padSz) { + ssl->buffers.inputBuffer.idx -= ssl->keys.padSz; } - else - #endif - { - if (ssl->buffers.inputBuffer.idx >= ssl->keys.padSz) { - ssl->buffers.inputBuffer.idx -= ssl->keys.padSz; - } - else { - WOLFSSL_MSG("\tmiddle padding error"); - WOLFSSL_ERROR_VERBOSE(FATAL_ERROR); - return FATAL_ERROR; - } + else { + WOLFSSL_MSG("\tBuffer advanced not enough error"); + WOLFSSL_ERROR_VERBOSE(FATAL_ERROR); + return FATAL_ERROR; } } } @@ -22259,7 +22544,7 @@ int SendChangeCipher(WOLFSSL* ssl) return ret; } #endif - ssl->buffers.outputBuffer.length += sendSz; + ssl->buffers.outputBuffer.length += (word32)sendSz; #ifdef WOLFSSL_TLS13 if (!ssl->options.tls1_3) @@ -22675,9 +22960,10 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, ssl->options.buildMsgState = BUILD_MSG_BEGIN; XMEMSET(args, 0, sizeof(BuildMsgArgs)); - args->sz = RECORD_HEADER_SZ + inSz; + args->sz = RECORD_HEADER_SZ + (word32)inSz; args->idx = RECORD_HEADER_SZ; args->headerSz = RECORD_HEADER_SZ; + args->type = (byte)type; } switch (ssl->options.buildMsgState) { @@ -22743,6 +23029,17 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, args->sz += DTLS_RECORD_EXTRA; args->idx += DTLS_RECORD_EXTRA; args->headerSz += DTLS_RECORD_EXTRA; + #ifdef WOLFSSL_DTLS_CID + if (ssl->options.dtls) { + byte cidSz = 0; + if ((cidSz = DtlsGetCidTxSize(ssl)) > 0) { + args->sz += cidSz; + args->idx += cidSz; + args->headerSz += cidSz; + args->sz++; /* real_type. no padding. */ + } + } + #endif } #endif @@ -22824,7 +23121,12 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, #endif args->size = (word16)(args->sz - args->headerSz); /* include mac and digest */ - AddRecordHeader(output, args->size, (byte)type, ssl, epochOrder); + +#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID) + if (ssl->options.dtls && DtlsGetCidTxSize(ssl) > 0) + args->type = dtls12_cid; +#endif + AddRecordHeader(output, args->size, args->type, ssl, epochOrder); /* write to output */ if (args->ivSz > 0) { @@ -22833,7 +23135,16 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, args->idx += min(args->ivSz, MAX_IV_SZ); } XMEMCPY(output + args->idx, input, inSz); - args->idx += inSz; + args->idx += (word32)inSz; +#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID) + if (ssl->options.dtls && DtlsGetCidTxSize(ssl) > 0) { + output[args->idx++] = (byte)type; /* type goes after input */ + inSz++; + } +#endif + /* Make sure we don't access input anymore as inSz may have been + * incremented */ + input = NULL; ssl->options.buildMsgState = BUILD_MSG_HASH; } @@ -22845,7 +23156,8 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, goto exit_buildmsg; if (type == handshake && hashOutput) { - ret = HashOutput(ssl, output, args->headerSz + inSz, args->ivSz); + ret = HashOutput(ssl, output, + (int)(args->headerSz + (word32)inSz), (int)args->ivSz); if (ret != 0) goto exit_buildmsg; } @@ -22881,7 +23193,7 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, if (ssl->options.startedETMWrite) { if (ssl->ctx->EncryptMacCb) { ret = ssl->ctx->EncryptMacCb(ssl, output + args->idx + - args->pad + 1, type, 0, + args->pad + 1, args->type, 0, output + args->headerSz, output + args->headerSz, args->size - args->digestSz, @@ -22894,8 +23206,9 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, { if (ssl->ctx->MacEncryptCb) { ret = ssl->ctx->MacEncryptCb(ssl, output + args->idx, - output + args->headerSz + args->ivSz, (unsigned int)inSz, - type, 0, output + args->headerSz, + output + args->headerSz + args->ivSz, + (unsigned int)inSz, args->type, 0, + output + args->headerSz, output + args->headerSz, args->size, ssl->MacEncryptCtx); goto exit_buildmsg; @@ -22926,8 +23239,9 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, #endif ret = ssl->hmac(ssl, hmac, - output + args->headerSz + args->ivSz, (word32)inSz, - -1, type, 0, epochOrder); + output + args->headerSz + args->ivSz, + (word32)inSz, -1, args->type, 0, + epochOrder); XMEMCPY(output + args->idx, hmac, args->digestSz); #ifdef WOLFSSL_SMALL_STACK @@ -22938,7 +23252,8 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, #endif { ret = ssl->hmac(ssl, output + args->idx, output + - args->headerSz + args->ivSz, (word32)inSz, -1, type, 0, epochOrder); + args->headerSz + args->ivSz, (word32)inSz, -1, + args->type, 0, epochOrder); } } #endif /* WOLFSSL_AEAD_ONLY */ @@ -22974,18 +23289,42 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, ssl->keys.dtls_prev_sequence_number_lo; } #endif + +#ifdef WOLFSSL_THREADED_CRYPT + if (asyncOkay) { + WOLFSSL_MSG("Not encrypting\n"); + /* make sure build message state is reset */ + ssl->options.buildMsgState = BUILD_MSG_BEGIN; + + /* return sz on success */ + if (ret == 0) { + ret = args->sz; + } + else { + WOLFSSL_ERROR_VERBOSE(ret); + } + + /* Final cleanup */ + FreeBuildMsgArgs(ssl, args); + + return ret; + } + else +#endif + { #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) if (ssl->options.startedETMWrite) { ret = Encrypt(ssl, output + args->headerSz, output + args->headerSz, (word16)(args->size - args->digestSz), - asyncOkay); + asyncOkay, args->type); } else #endif { ret = Encrypt(ssl, output + args->headerSz, - output + args->headerSz, args->size, asyncOkay); + output + args->headerSz, args->size, asyncOkay, + args->type); } #if defined(HAVE_SECURE_RENEGOTIATION) && defined(WOLFSSL_DTLS) /* Restore sequence numbers */ @@ -22995,6 +23334,7 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, ssl->keys.dtls_sequence_number_lo = dtls_sequence_number_lo; } #endif + } } if (ret != 0) { @@ -23046,8 +23386,8 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, #endif ret = ssl->hmac(ssl, hmac, output + args->headerSz, - args->ivSz + inSz + args->pad + 1, -1, type, - 0, epochOrder); + args->ivSz + inSz + args->pad + 1, -1, + args->type, 0, epochOrder); XMEMCPY(output + args->idx + args->pad + 1, hmac, args->digestSz); @@ -23060,8 +23400,8 @@ int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input, { ret = ssl->hmac(ssl, output + args->idx + args->pad + 1, output + args->headerSz, - args->ivSz + inSz + args->pad + 1, -1, type, - 0, epochOrder); + args->ivSz + (word32)inSz + args->pad + 1, + -1, args->type, 0, epochOrder); } } #endif /* HAVE_ENCRYPT_THEN_MAC && !WOLFSSL_AEAD_ONLY */ @@ -23132,6 +23472,13 @@ int SendFinished(WOLFSSL* ssl) /* check for available size */ outputSz = sizeof(input) + MAX_MSG_EXTRA; +#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID) + if (ssl->options.dtls) { + byte cidSz = 0; + if ((cidSz = DtlsGetCidTxSize(ssl)) > 0) + outputSz += cidSz + 1; /* +1 for inner content type */ + } +#endif /* Set this in case CheckAvailableSize returns a WANT_WRITE so that state * is not advanced yet */ @@ -23155,7 +23502,8 @@ int SendFinished(WOLFSSL* ssl) /* get output buffer */ output = GetOutputBuffer(ssl); - AddHandShakeHeader(input, finishedSz, 0, finishedSz, finished, ssl); + AddHandShakeHeader(input, (word32)finishedSz, 0, + (word32)finishedSz, finished, ssl); /* make finished hashes */ hashes = (Hashes*)&input[headerSz]; @@ -23195,6 +23543,7 @@ int SendFinished(WOLFSSL* ssl) } #endif + ssl->keys.encryptionOn = 1; sendSz = BuildMessage(ssl, output, outputSz, input, headerSz + finishedSz, handshake, 1, 0, 0, CUR_ORDER); if (sendSz < 0) @@ -23245,7 +23594,7 @@ int SendFinished(WOLFSSL* ssl) } #endif - ssl->buffers.outputBuffer.length += sendSz; + ssl->buffers.outputBuffer.length += (word32)sendSz; ret = SendBuffered(ssl); @@ -23278,14 +23627,18 @@ int SendFinished(WOLFSSL* ssl) * * Returns 0 on success */ -static int CreateOcspRequest(WOLFSSL* ssl, OcspRequest* request, - DecodedCert* cert, byte* certData, word32 length) +int CreateOcspRequest(WOLFSSL* ssl, OcspRequest* request, + DecodedCert* cert, byte* certData, word32 length, + byte *ctxOwnsRequest) { int ret; if (request != NULL) XMEMSET(request, 0, sizeof(OcspRequest)); + if (ctxOwnsRequest!= NULL) + *ctxOwnsRequest = 0; + InitDecodedCert(cert, certData, length, ssl->heap); /* TODO: Setup async support here */ ret = ParseCertRelative(cert, CERT_TYPE, VERIFY, SSL_CM(ssl), NULL); @@ -23299,8 +23652,11 @@ static int CreateOcspRequest(WOLFSSL* ssl, OcspRequest* request, if (!ssl->buffers.weOwnCert) { wolfSSL_Mutex* ocspLock = &SSL_CM(ssl)->ocsp_stapling->ocspLock; if (wc_LockMutex(ocspLock) == 0) { - if (ssl->ctx->certOcspRequest == NULL) + if (ssl->ctx->certOcspRequest == NULL) { ssl->ctx->certOcspRequest = request; + if (ctxOwnsRequest!= NULL) + *ctxOwnsRequest = 1; + } wc_UnLockMutex(ocspLock); } } @@ -23329,6 +23685,7 @@ int CreateOcspResponse(WOLFSSL* ssl, OcspRequest** ocspRequest, int ret = 0; OcspRequest* request = NULL; byte createdRequest = 0; + byte ctxOwnsRequest = 0; if (ssl == NULL || ocspRequest == NULL || response == NULL) return BAD_FUNC_ARG; @@ -23366,7 +23723,7 @@ int CreateOcspResponse(WOLFSSL* ssl, OcspRequest** ocspRequest, createdRequest = 1; if (ret == 0) { ret = CreateOcspRequest(ssl, request, cert, der->buffer, - der->length); + der->length, &ctxOwnsRequest); } if (ret != 0) { @@ -23393,7 +23750,7 @@ int CreateOcspResponse(WOLFSSL* ssl, OcspRequest** ocspRequest, } /* free request up if error case found otherwise return it */ - if (ret != 0 && createdRequest) { + if (ret != 0 && createdRequest && !ctxOwnsRequest) { FreeOcspRequest(request); XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST); } @@ -23425,6 +23782,14 @@ int cipherExtraData(WOLFSSL* ssl) cipherExtra = ssl->specs.iv_size + ssl->specs.block_size + ssl->specs.hash_size; } + /* Add space needed for the CID */ +#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID) + if (ssl->options.dtls) { + byte cidSz = 0; + if ((cidSz = DtlsGetCidTxSize(ssl)) > 0) + cipherExtra += cidSz + 1; /* +1 for inner content type */ + } +#endif /* Sanity check so we don't ever return negative. */ return cipherExtra > 0 ? cipherExtra : 0; } @@ -23669,7 +24034,7 @@ int SendCertificate(WOLFSSL* ssl) } if (inputSz > 0) { /* clang thinks could be zero, let's help */ - input = (byte*)XMALLOC(inputSz, ssl->heap, + input = (byte*)XMALLOC((size_t)inputSz, ssl->heap, DYNAMIC_TYPE_IN_BUFFER); if (input == NULL) return MEMORY_E; @@ -23722,12 +24087,12 @@ int SendCertificate(WOLFSSL* ssl) } #endif - ssl->buffers.outputBuffer.length += sendSz; + ssl->buffers.outputBuffer.length += (word32)sendSz; if (!ssl->options.groupMessages) ret = SendBuffered(ssl); } - if (ret != WANT_WRITE) { + if (ret != WC_NO_ERR_TRACE(WANT_WRITE)) { /* Clean up the fragment offset. */ ssl->options.buildingMsg = 0; ssl->fragOffset = 0; @@ -23895,14 +24260,16 @@ int SendCertificateRequest(WOLFSSL* ssl) return BUFFER_E; } - input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_IN_BUFFER); + input = (byte*)XMALLOC((size_t)inputSz, ssl->heap, + DYNAMIC_TYPE_IN_BUFFER); if (input == NULL) return MEMORY_E; XMEMCPY(input, output + recordHeaderSz, inputSz); #ifdef WOLFSSL_DTLS if (IsDtlsNotSctpMode(ssl) && - (ret = DtlsMsgPoolSave(ssl, input, (word32)inputSz, certificate_request)) != 0) { + (ret = DtlsMsgPoolSave(ssl, input, (word32)inputSz, + certificate_request)) != 0) { XFREE(input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER); return ret; } @@ -23917,7 +24284,8 @@ int SendCertificateRequest(WOLFSSL* ssl) sendSz = (int)i; #ifdef WOLFSSL_DTLS if (IsDtlsNotSctpMode(ssl)) { - if ((ret = DtlsMsgPoolSave(ssl, output, (word32)sendSz, certificate_request)) != 0) + if ((ret = DtlsMsgPoolSave(ssl, output, (word32)sendSz, + certificate_request)) != 0) return ret; } if (ssl->options.dtls) @@ -23938,7 +24306,7 @@ int SendCertificateRequest(WOLFSSL* ssl) return ret; } #endif - ssl->buffers.outputBuffer.length += sendSz; + ssl->buffers.outputBuffer.length += (word32)sendSz; if (ssl->options.groupMessages) ret = 0; else @@ -24088,6 +24456,7 @@ int SendCertificateStatus(WOLFSSL* ssl) { OcspRequest* request = ssl->ctx->certOcspRequest; buffer responses[1 + MAX_CHAIN_DEPTH]; + byte ctxOwnsRequest = 0; int i = 0; XMEMSET(responses, 0, sizeof(responses)); @@ -24144,9 +24513,8 @@ int SendCertificateStatus(WOLFSSL* ssl) if (idx > chain->length) break; - ret = CreateOcspRequest(ssl, request, cert, der.buffer, - der.length); + der.length, &ctxOwnsRequest); if (ret == 0) { request->ssl = ssl; ret = CheckOcspRequest(SSL_CM(ssl)->ocsp_stapling, @@ -24161,12 +24529,13 @@ int SendCertificateStatus(WOLFSSL* ssl) i++; - FreeOcspRequest(request); + if (!ctxOwnsRequest) + FreeOcspRequest(request); } } } - - XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST); + if (!ctxOwnsRequest) + XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST); #ifdef WOLFSSL_SMALL_STACK XFREE(cert, ssl->heap, DYNAMIC_TYPE_DCERT); #endif @@ -24393,6 +24762,50 @@ static int CheckTLS13AEADSendLimit(WOLFSSL* ssl) } #endif /* WOLFSSL_TLS13 && !WOLFSSL_TLS13_IGNORE_AEAD_LIMITS */ +#ifdef WOLFSSL_THREADED_CRYPT +int SendAsyncData(WOLFSSL* ssl) +{ + int i; + + for (i = 0; i < WOLFSSL_THREADED_CRYPT_CNT; i++) { + ThreadCrypt* encrypt = &ssl->buffers.encrypt[i]; + + if (encrypt->done) { + int error; + + GrowOutputBuffer(ssl, encrypt->buffer.length); + XMEMCPY(ssl->buffers.outputBuffer.buffer, encrypt->buffer.buffer, + encrypt->buffer.length); + ssl->buffers.outputBuffer.length = encrypt->buffer.length; + ssl->buffers.outputBuffer.idx = 0; + encrypt->done = 0; + encrypt->avail = 1; + if ((error = SendBuffered(ssl)) < 0) { + ssl->error = error; + WOLFSSL_ERROR(ssl->error); + /* store for next call if WANT_WRITE or user embedSend() that + doesn't present like WANT_WRITE */ + ssl->buffers.plainSz = encrypt->buffer.length; + ssl->buffers.prevSent = encrypt->buffer.length; + if (ssl->error == WC_NO_ERR_TRACE(SOCKET_ERROR_E) && + (ssl->options.connReset || ssl->options.isClosed)) { + return SOCKET_PEER_CLOSED_E; /* peer reset or closed */ + } + return ssl->error; + } + + /* only one message per attempt */ + if (ssl->options.partialWrite == 1) { + WOLFSSL_MSG("Partial Write on, only sending one record"); + break; + } + } + } + + return 0; +} +#endif + /** * ssl_in_handshake(): * Invoked in wolfSSL_read/wolfSSL_write to check if wolfSSL_negotiate() is @@ -24447,18 +24860,20 @@ int SendData(WOLFSSL* ssl, const void* data, int sz) #if defined(WOLFSSL_EARLY_DATA) && defined(WOLFSSL_EARLY_DATA_GROUP) int groupMsgs = 0; #endif + int error = ssl->error; - if (ssl->error == WANT_WRITE + if (error == WC_NO_ERR_TRACE(WANT_WRITE) #ifdef WOLFSSL_ASYNC_CRYPT - || ssl->error == WC_PENDING_E + || error == WC_NO_ERR_TRACE(WC_PENDING_E) #endif ) { + error = 0; ssl->error = 0; } /* don't allow write after decrypt or mac error */ - if (ssl->error == WC_NO_ERR_TRACE(VERIFY_MAC_ERROR) || - ssl->error == WC_NO_ERR_TRACE(DECRYPT_ERROR)) { + if (error == WC_NO_ERR_TRACE(VERIFY_MAC_ERROR) || + error == WC_NO_ERR_TRACE(DECRYPT_ERROR)) { /* For DTLS allow these possible errors and allow the session to continue despite them */ if (ssl->options.dtls) { @@ -24501,10 +24916,33 @@ int SendData(WOLFSSL* ssl, const void* data, int sz) return WOLFSSL_CBIO_ERR_WANT_WRITE; } #endif - return err; + return err; } } +#ifdef WOLFSSL_RW_THREADED +#ifdef WOLFSSL_DTLS13 + if (ssl->options.dtls) { + /* Dtls13DoScheduledWork(ssl) may return WANT_WRITE */ + if ((error = Dtls13DoScheduledWork(ssl)) < 0) { + ssl->error = error; + WOLFSSL_ERROR(error); + return error; + } + } +#endif /* WOLFSSL_DTLS13 */ +#ifdef WOLFSSL_TLS13 + if (ssl->options.sendKeyUpdate) { + ssl->options.sendKeyUpdate = 0; + ret = SendTls13KeyUpdate(ssl); + if (ret != 0) { + ssl->error = BUILD_MSG_ERROR; + return WOLFSSL_FATAL_ERROR; + } + } +#endif +#endif + /* last time system socket output buffer was full, try again to send */ if (ssl->buffers.outputBuffer.length > 0 #if defined(WOLFSSL_EARLY_DATA) && defined(WOLFSSL_EARLY_DATA_GROUP) @@ -24512,15 +24950,16 @@ int SendData(WOLFSSL* ssl, const void* data, int sz) #endif ) { WOLFSSL_MSG("output buffer was full, trying to send again"); - if ( (ssl->error = SendBuffered(ssl)) < 0) { - WOLFSSL_ERROR(ssl->error); - if (ssl->error == WC_NO_ERR_TRACE(SOCKET_ERROR_E) && - (ssl->options.connReset || ssl->options.isClosed)) { - ssl->error = SOCKET_PEER_CLOSED_E; - WOLFSSL_ERROR(ssl->error); + if ( (error = SendBuffered(ssl)) < 0) { + WOLFSSL_ERROR(error); + if (error == WC_NO_ERR_TRACE(SOCKET_ERROR_E) && + (ssl->options.connReset || ssl->options.isClosed)) { + error = SOCKET_PEER_CLOSED_E; + ssl->error = error; + WOLFSSL_ERROR(error); return 0; /* peer reset or closed */ } - return ssl->error; + return (ssl->error = error); } else { /* advance sent to previous sent + plain size just sent */ @@ -24529,7 +24968,7 @@ int SendData(WOLFSSL* ssl, const void* data, int sz) if (sent > sz) { WOLFSSL_MSG("error: write() after WANT_WRITE with short size"); - return ssl->error = BAD_FUNC_ARG; + return (ssl->error = BAD_FUNC_ARG); } } } @@ -24540,6 +24979,19 @@ int SendData(WOLFSSL* ssl, const void* data, int sz) return WOLFSSL_FATAL_ERROR; } +#ifdef WOLFSSL_THREADED_CRYPT + ret = SendAsyncData(ssl); + if (ret != 0) { + ssl->error = ret; + return WOLFSSL_FATAL_ERROR; + } + if (ssl->dtls13WaitKeyUpdateAck) { + ret = DoDtls13KeyUpdateAck(ssl); + if (ret != 0) + return ret; + } +#endif + for (;;) { byte* out; byte* sendBuffer = (byte*)data + sent; /* may switch on comp */ @@ -24548,6 +25000,10 @@ int SendData(WOLFSSL* ssl, const void* data, int sz) #ifdef HAVE_LIBZ byte comp[MAX_RECORD_SIZE + MAX_COMP_EXTRA]; #endif +#ifdef WOLFSSL_THREADED_CRYPT + int i; + ThreadCrypt* encrypt = NULL; +#endif #if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_TLS13_IGNORE_AEAD_LIMITS) if (IsAtLeastTLSv1_3(ssl->version)) { @@ -24612,21 +25068,53 @@ int SendData(WOLFSSL* ssl, const void* data, int sz) #if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_DTLS_SIZE_CHECK) if (ssl->options.dtls && (buffSz < sz - sent)) { - ssl->error = DTLS_SIZE_ERROR; - WOLFSSL_ERROR(ssl->error); - return ssl->error; + error = DTLS_SIZE_ERROR; + ssl->error = error; + WOLFSSL_ERROR(error); + return error; } #endif outputSz = buffSz + COMP_EXTRA + DTLS_RECORD_HEADER_SZ; if (IsEncryptionOn(ssl, 1) || ssl->options.tls1_3) outputSz += cipherExtraData(ssl); +#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID) + if (ssl->options.dtls) { + byte cidSz = 0; + if ((cidSz = DtlsGetCidTxSize(ssl)) > 0) + outputSz += cidSz + 1; /* +1 for inner content type */ + } +#endif + /* check for available size */ if ((ret = CheckAvailableSize(ssl, outputSz)) != 0) - return ssl->error = ret; + return (ssl->error = ret); /* get output buffer */ +#ifndef WOLFSSL_THREADED_CRYPT out = GetOutputBuffer(ssl); +#else + do { + for (i = 0; i < WOLFSSL_THREADED_CRYPT_CNT; i++) { + if (ssl->buffers.encrypt[i].avail) { + encrypt = &ssl->buffers.encrypt[i]; + break; + } + } + if (encrypt == NULL) { + ret = SendAsyncData(ssl); + if (ret != 0) { + ssl->error = ret; + return WOLFSSL_FATAL_ERROR; + } + } + } + while (encrypt == NULL); + encrypt->done = 0; + encrypt->avail = 0; + GrowAnOutputBuffer(ssl, &encrypt->buffer, outputSz); + out = encrypt->buffer.buffer; +#endif #ifdef HAVE_LIBZ if (ssl->options.usingCompression) { @@ -24670,21 +25158,70 @@ int SendData(WOLFSSL* ssl, const void* data, int sz) #ifdef WOLFSSL_ASYNC_CRYPT FreeAsyncCtx(ssl, 0); #endif - ssl->buffers.outputBuffer.length += sendSz; +#ifdef WOLFSSL_THREADED_CRYPT + if (!encrypt->init) { + SetKeys(&encrypt->encrypt, NULL, &ssl->keys, &ssl->specs, + ssl->options.side, ssl->heap, ssl->devId, ssl->rng, + ssl->options.tls1_3); + encrypt->init = 1; + } + encrypt->buffer.length = sendSz; + encrypt->offset = RECORD_HEADER_SZ; + if (ssl->options.dtls) { + encrypt->offset += DTLS_RECORD_EXTRA; + } + encrypt->cryptLen = outputSz - encrypt->offset; + #ifdef HAVE_TRUNCATED_HMAC + if (ssl->truncated_hmac) { + encrypt->cryptLen -= min(TRUNCATED_HMAC_SZ, ssl->specs.hash_size); + } + else + #endif + { + encrypt->cryptLen -= ssl->specs.hash_size; + } - if ( (ssl->error = SendBuffered(ssl)) < 0) { - WOLFSSL_ERROR(ssl->error); +#if !defined(NO_PUBLIC_GCM_SET_IV) && \ + ((defined(HAVE_FIPS) || defined(HAVE_SELFTEST)) && \ + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))) + XMEMCPY(encrypt->nonce, ssl->keys.aead_enc_imp_IV, AESGCM_IMP_IV_SZ); + XMEMCPY(encrypt->nonce + AESGCM_IMP_IV_SZ, ssl->keys.aead_exp_IV, + AESGCM_EXP_IV_SZ); +#endif + XMEMSET(encrypt->additional, 0, AEAD_AUTH_DATA_SZ); + WriteSEQ(ssl, CUR_ORDER, encrypt->additional); + XMEMCPY(encrypt->additional + AEAD_TYPE_OFFSET, encrypt->buffer.buffer, + 3); + c16toa(sendSz - encrypt->offset - AESGCM_EXP_IV_SZ - + ssl->specs.aead_mac_size, encrypt->additional + AEAD_LEN_OFFSET); + + #ifdef WOLFSSL_DTLS + if (ssl->options.dtls) + DtlsSEQIncrement(ssl, CUR_ORDER); + #endif + + if (encrypt->signal != NULL) { + encrypt->signal(encrypt->signalCtx, ssl); + } + return sendSz; +#else + ssl->buffers.outputBuffer.length += (word32)sendSz; + + if ( (error = SendBuffered(ssl)) < 0) { + ssl->error = error; + WOLFSSL_ERROR(error); /* store for next call if WANT_WRITE or user embedSend() that doesn't present like WANT_WRITE */ ssl->buffers.plainSz = buffSz; ssl->buffers.prevSent = sent; - if (ssl->error == WC_NO_ERR_TRACE(SOCKET_ERROR_E) && - (ssl->options.connReset || ssl->options.isClosed)) { + if (error == WC_NO_ERR_TRACE(SOCKET_ERROR_E) && + (ssl->options.connReset || ssl->options.isClosed)) { + error = SOCKET_PEER_CLOSED_E; ssl->error = SOCKET_PEER_CLOSED_E; - WOLFSSL_ERROR(ssl->error); + WOLFSSL_ERROR(error); return 0; /* peer reset or closed */ } - return ssl->error; + return error; } sent += buffSz; @@ -24694,6 +25231,7 @@ int SendData(WOLFSSL* ssl, const void* data, int sz) WOLFSSL_MSG("Partial Write on, only sending one record"); break; } +#endif } return sent; @@ -24703,11 +25241,14 @@ int SendData(WOLFSSL* ssl, const void* data, int sz) int ReceiveData(WOLFSSL* ssl, byte* output, int sz, int peek) { int size; + int error = ssl->error; WOLFSSL_ENTER("ReceiveData"); /* reset error state */ - if (ssl->error == WANT_READ || ssl->error == WOLFSSL_ERROR_WANT_READ) { + if (error == WC_NO_ERR_TRACE(WANT_READ) || + error == WOLFSSL_ERROR_WANT_READ) { + error = 0; ssl->error = 0; } @@ -24715,25 +25256,26 @@ int ReceiveData(WOLFSSL* ssl, byte* output, int sz, int peek) if (ssl->options.dtls) { /* In DTLS mode, we forgive some errors and allow the session * to continue despite them. */ - if (ssl->error == WC_NO_ERR_TRACE(VERIFY_MAC_ERROR) || - ssl->error == WC_NO_ERR_TRACE(DECRYPT_ERROR) || - ssl->error == WC_NO_ERR_TRACE(DTLS_SIZE_ERROR)) { + if (error == WC_NO_ERR_TRACE(VERIFY_MAC_ERROR) || + error == WC_NO_ERR_TRACE(DECRYPT_ERROR) || + error == WC_NO_ERR_TRACE(DTLS_SIZE_ERROR)) { + error = 0; ssl->error = 0; } } #endif /* WOLFSSL_DTLS */ - if (ssl->error != 0 && ssl->error != WANT_WRITE + if (error != 0 && error != WC_NO_ERR_TRACE(WANT_WRITE) #ifdef WOLFSSL_ASYNC_CRYPT - && ssl->error != WC_PENDING_E + && error != WC_NO_ERR_TRACE(WC_PENDING_E) #endif #if defined(HAVE_SECURE_RENEGOTIATION) || defined(WOLFSSL_DTLS13) - && ssl->error != APP_DATA_READY + && error != WC_NO_ERR_TRACE(APP_DATA_READY) #endif ) { WOLFSSL_MSG("User calling wolfSSL_read in error state, not allowed"); - return ssl->error; + return error; } #ifdef WOLFSSL_EARLY_DATA @@ -24771,32 +25313,39 @@ int ReceiveData(WOLFSSL* ssl, byte* output, int sz, int peek) #endif while (ssl->buffers.clearOutputBuffer.length == 0) { - if ( (ssl->error = ProcessReply(ssl)) < 0) { - if (ssl->error == ZERO_RETURN) { + if ( (error = ProcessReply(ssl)) < 0) { + if (error == WC_NO_ERR_TRACE(ZERO_RETURN)) { + ssl->error = error; WOLFSSL_MSG("Zero return, no more data coming"); return 0; /* no more data coming */ } - if (ssl->error == WC_NO_ERR_TRACE(SOCKET_ERROR_E)) { + if (error == WC_NO_ERR_TRACE(SOCKET_ERROR_E)) { if (ssl->options.connReset || ssl->options.isClosed) { WOLFSSL_MSG("Peer reset or closed, connection done"); - ssl->error = SOCKET_PEER_CLOSED_E; - WOLFSSL_ERROR(ssl->error); + error = SOCKET_PEER_CLOSED_E; + ssl->error = error; + WOLFSSL_ERROR(error); return 0; /* peer reset or closed */ } } - WOLFSSL_ERROR(ssl->error); - return ssl->error; + ssl->error = error; + WOLFSSL_ERROR(error); + return error; } -#ifdef WOLFSSL_DTLS13 +#ifndef WOLFSSL_RW_THREADED + #ifdef WOLFSSL_DTLS13 if (ssl->options.dtls) { /* Dtls13DoScheduledWork(ssl) may return WANT_WRITE */ - if ((ssl->error = Dtls13DoScheduledWork(ssl)) < 0) { - WOLFSSL_ERROR(ssl->error); - return ssl->error; + if ((error = Dtls13DoScheduledWork(ssl)) < 0) { + ssl->error = error; + WOLFSSL_ERROR(error); + return error; } } -#endif /* WOLFSSL_DTLS13 */ + #endif /* WOLFSSL_DTLS13 */ +#endif + #ifdef HAVE_SECURE_RENEGOTIATION if (ssl->secure_renegotiation && ssl->secure_renegotiation->startScr) { @@ -24845,12 +25394,12 @@ int ReceiveData(WOLFSSL* ssl, byte* output, int sz, int peek) #endif } - size = min(sz, (int)ssl->buffers.clearOutputBuffer.length); + size = (int)min((word32)sz, ssl->buffers.clearOutputBuffer.length); XMEMCPY(output, ssl->buffers.clearOutputBuffer.buffer, size); if (peek == 0) { - ssl->buffers.clearOutputBuffer.length -= size; + ssl->buffers.clearOutputBuffer.length -= (word32)size; ssl->buffers.clearOutputBuffer.buffer += size; } @@ -24924,7 +25473,7 @@ static int SendAlert_ex(WOLFSSL* ssl, int severity, int type) /* If CheckAvailableSize returned WANT_WRITE due to a blocking write * then discard pending output and just send the alert. */ if (ssl->options.dtls) { - if (ret != WANT_WRITE || severity != alert_fatal) + if (ret != WC_NO_ERR_TRACE(WANT_WRITE) || severity != alert_fatal) return ret; ShrinkOutputBuffer(ssl); if ((ret = CheckAvailableSize(ssl, outputSz)) != 0) { @@ -25021,7 +25570,21 @@ static int SendAlert_ex(WOLFSSL* ssl, int severity, int type) } #endif - ssl->buffers.outputBuffer.length += sendSz; + /* + * We check if we are trying to send a + * CLOSE_NOTIFY alert. + * */ + if (type == close_notify) { + if (!ssl->options.sentNotify) { + ssl->options.sentNotify = 1; + } + else { + /* CLOSE_NOTIFY already sent */ + return 0; + } + } + + ssl->buffers.outputBuffer.length += (word32)sendSz; ret = SendBuffered(ssl); @@ -25103,16 +25666,19 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e) } /* pass to wolfCrypt */ - if (error < MAX_CODE_E && error > MIN_CODE_E) { + if (error <= WC_FIRST_E && error >= WC_LAST_E) { return wc_GetErrorString(error); } - switch (error) { - + if (error == 0) { #ifdef OPENSSL_EXTRA - case 0 : return "ok"; +#else + return "unknown error number"; #endif + } + + switch ((enum wolfSSL_ErrorCodes)error) { case UNSUPPORTED_SUITE : return "unsupported cipher suite"; @@ -25222,9 +25788,6 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e) case -WOLFSSL_ERROR_WANT_X509_LOOKUP: return "application client cert callback asked to be called again"; - case -WOLFSSL_ERROR_SSL: - return "fatal TLS protocol error"; - case BUFFER_ERROR : return "malformed buffer input error"; @@ -25320,6 +25883,9 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e) case MAX_CHAIN_ERROR: return "Maximum Chain Depth Exceeded"; + case MAX_CERT_EXTENSIONS_ERR: + return "Maximum Cert Extension Exceeded"; + case COOKIE_ERROR: return "DTLS Cookie Error"; @@ -25380,6 +25946,9 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e) case SESSION_TICKET_EXPECT_E: return "Session Ticket Error"; + case SCR_DIFFERENT_CERT_E: + return "SCR Different cert error"; + case SESSION_SECRET_CB_E: return "Session Secret Callback Error"; @@ -25545,81 +26114,133 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e) case UNSUPPORTED_CERTIFICATE: return "Unsupported certificate type"; -#ifdef HAVE_HTTP_CLIENT case HTTP_TIMEOUT: return "HTTP timeout for OCSP or CRL req"; + case HTTP_RECV_ERR: return "HTTP Receive error"; + case HTTP_HEADER_ERR: return "HTTP Header error"; + case HTTP_PROTO_ERR: return "HTTP Protocol error"; + case HTTP_STATUS_ERR: return "HTTP Status error"; + case HTTP_VERSION_ERR: return "HTTP Version error"; + case HTTP_APPSTR_ERR: return "HTTP Application string error"; -#endif -#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) + + case UNSUPPORTED_PROTO_VERSION: + #ifdef OPENSSL_EXTRA + return "WRONG_SSL_VERSION"; + #else + return "bad/unsupported protocol version"; + #endif + + case FALCON_KEY_SIZE_E: + return "Wrong key size for Falcon."; + + case DILITHIUM_KEY_SIZE_E: + return "Wrong key size for Dilithium."; + + case QUIC_TP_MISSING_E: + return "QUIC transport parameter not set"; + + case QUIC_WRONG_ENC_LEVEL: + return "QUIC data received at wrong encryption level"; + + case DTLS_CID_ERROR: + return "DTLS ConnectionID mismatch or missing"; + + case DTLS_TOO_MANY_FRAGMENTS_E: + return "Received too many fragmented messages from peer error"; + + case DUPLICATE_TLS_EXT_E: + return "Duplicate TLS extension in message."; + + case WOLFSSL_ALPN_NOT_FOUND: + return "TLS extension not found"; + + case WOLFSSL_BAD_CERTTYPE: + return "Certificate type not supported"; + + case WOLFSSL_BAD_STAT: + return "bad status"; + + case WOLFSSL_BAD_PATH: + return "No certificates found at designated path"; + + case WOLFSSL_BAD_FILETYPE: + return "Data format not supported"; + + case WOLFSSL_BAD_FILE: + return "Input/output error on file"; + + case WOLFSSL_NOT_IMPLEMENTED: + return "Function not implemented"; + + case WOLFSSL_UNKNOWN: + return "Unknown algorithm (EVP)"; + + case WOLFSSL_FATAL_ERROR: + return "fatal error"; + } + +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ + defined(HAVE_WEBSERVER) || defined(HAVE_MEMCACHED) + + switch (error) { /* TODO: -WOLFSSL_X509_V_ERR_CERT_SIGNATURE_FAILURE. Conflicts with - * -WOLFSSL_ERROR_WANT_CONNECT. */ + * -WOLFSSL_ERROR_WANT_CONNECT. + */ + case -WOLFSSL_X509_V_ERR_CERT_NOT_YET_VALID: return "certificate not yet valid"; + case -WOLFSSL_X509_V_ERR_CERT_HAS_EXPIRED: return "certificate has expired"; + case -WOLFSSL_X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: return "certificate signature failure"; + case -WOLFSSL_X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: return "format error in certificate's notAfter field"; + case -WOLFSSL_X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: return "self-signed certificate in certificate chain"; + case -WOLFSSL_X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: return "unable to get local issuer certificate"; + case -WOLFSSL_X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: return "unable to verify the first certificate"; + case -WOLFSSL_X509_V_ERR_CERT_CHAIN_TOO_LONG: return "certificate chain too long"; + case -WOLFSSL_X509_V_ERR_CERT_REVOKED: return "certificate revoked"; + case -WOLFSSL_X509_V_ERR_INVALID_CA: return "invalid CA certificate"; + case -WOLFSSL_X509_V_ERR_PATH_LENGTH_EXCEEDED: return "path length constraint exceeded"; + case -WOLFSSL_X509_V_ERR_CERT_REJECTED: return "certificate rejected"; + case -WOLFSSL_X509_V_ERR_SUBJECT_ISSUER_MISMATCH: return "subject issuer mismatch"; -#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL || HAVE_WEBSERVER */ - case UNSUPPORTED_PROTO_VERSION: - #ifdef OPENSSL_EXTRA - return "WRONG_SSL_VERSION"; - #else - return "bad/unsupported protocol version"; - #endif - - case FALCON_KEY_SIZE_E: - return "Wrong key size for Falcon."; - case DILITHIUM_KEY_SIZE_E: - return "Wrong key size for Dilithium."; - -#ifdef WOLFSSL_QUIC - case QUIC_TP_MISSING_E: - return "QUIC transport parameter not set"; - case QUIC_WRONG_ENC_LEVEL: - return "QUIC data received at wrong encryption level"; -#endif - case DTLS_CID_ERROR: - return "DTLS ConnectionID mismatch or missing"; - case DTLS_TOO_MANY_FRAGMENTS_E: - return "Received too many fragmented messages from peer error"; - - case DUPLICATE_TLS_EXT_E: - return "Duplicate TLS extension in message."; - - default : - return "unknown error number"; } +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL || HAVE_WEBSERVER || HAVE_MEMCACHED */ + + return "unknown error number"; #endif /* NO_ERROR_STRINGS */ } @@ -25696,7 +26317,7 @@ void SetErrorString(int error, char* str) */ #ifndef NO_ERROR_STRINGS - #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || \ + #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_QT) || \ defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX) #define SUITE_INFO(x,y,z,w,v,u) {(x),(y),(z),(w),(v),(u),WOLFSSL_CIPHER_SUITE_FLAG_NONE} #define SUITE_ALIAS(x,z,w,v,u) {(x),"",(z),(w),(v),(u),WOLFSSL_CIPHER_SUITE_FLAG_NAMEALIAS}, @@ -25705,7 +26326,7 @@ void SetErrorString(int error, char* str) #define SUITE_ALIAS(x,z,w,v,u) {(x),"",(z),(w),WOLFSSL_CIPHER_SUITE_FLAG_NAMEALIAS}, #endif #else - #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || \ + #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_QT) || \ defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX) #define SUITE_INFO(x,y,z,w,v,u) {(x),(z),(w),(v),(u),WOLFSSL_CIPHER_SUITE_FLAG_NONE} #define SUITE_ALIAS(x,z,w,v,u) {(x),(z),(w),(v),(u),WOLFSSL_CIPHER_SUITE_FLAG_NAMEALIAS}, @@ -26499,7 +27120,7 @@ const char* GetCipherMacStr(char n[][MAX_SEGMENT_SZ]) { /* Returns the number of bits based on the cipher enc string, or 0 on failure */ int SetCipherBits(const char* enc) { - int ret = WOLFSSL_FAILURE; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); if ((XSTRCMP(enc,"AESGCM(256)") == 0) || (XSTRCMP(enc,"AES(256)") == 0) || @@ -26567,13 +27188,16 @@ const char* wolfSSL_get_cipher_name_iana(WOLFSSL* ssl) } int GetCipherSuiteFromName(const char* name, byte* cipherSuite0, - byte* cipherSuite, int* flags) + byte* cipherSuite, byte* major, byte* minor, int* flags) { int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG); int i; unsigned long len; const char* nameDelim; + (void)major; + (void)minor; + /* Support trailing : */ nameDelim = XSTRSTR(name, ":"); if (nameDelim) @@ -26591,9 +27215,19 @@ int GetCipherSuiteFromName(const char* name, byte* cipherSuite0, #endif if (found) { - *cipherSuite0 = cipher_names[i].cipherSuite0; - *cipherSuite = cipher_names[i].cipherSuite; - *flags = cipher_names[i].flags; + if (cipherSuite0 != NULL) + *cipherSuite0 = cipher_names[i].cipherSuite0; + if (cipherSuite != NULL) + *cipherSuite = cipher_names[i].cipherSuite; +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_QT) || \ + defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX) + if (major != NULL) + *major = cipher_names[i].major; + if (minor != NULL) + *minor = cipher_names[i].minor; +#endif + if (flags != NULL) + *flags = cipher_names[i].flags; ret = 0; break; } @@ -27464,7 +28098,7 @@ static int CmpEccStrength(int hashAlgo, int curveSz) { int dgstSz = GetMacDigestSize((byte)hashAlgo); if (dgstSz <= 0) - return -1; + return WOLFSSL_FATAL_ERROR; return dgstSz - (curveSz & (~0x3)); } #endif @@ -28263,7 +28897,7 @@ int DecodePrivateKey(WOLFSSL *ssl, word32* length) #ifndef NO_RSA if (ssl->buffers.keyType == rsa_sa_algo || ssl->buffers.keyType == 0) { ssl->hsType = DYNAMIC_TYPE_RSA; - ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey); + ret = AllocKey(ssl, (int)ssl->hsType, &ssl->hsKey); if (ret != 0) { goto exit_dpk; } @@ -28312,7 +28946,7 @@ int DecodePrivateKey(WOLFSSL *ssl, word32* length) #ifdef HAVE_ECC #ifndef NO_RSA - FreeKey(ssl, ssl->hsType, (void**)&ssl->hsKey); + FreeKey(ssl, (int)ssl->hsType, (void**)&ssl->hsKey); #endif /* !NO_RSA */ if (ssl->buffers.keyType == ecc_dsa_sa_algo || ssl->buffers.keyType == 0 @@ -28321,7 +28955,7 @@ int DecodePrivateKey(WOLFSSL *ssl, word32* length) #endif ) { ssl->hsType = DYNAMIC_TYPE_ECC; - ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey); + ret = AllocKey(ssl, (int)ssl->hsType, &ssl->hsKey); if (ret != 0) { goto exit_dpk; } @@ -29474,14 +30108,16 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, if (ssl->options.dtls) recordHeaderSz += DTLS_RECORD_EXTRA; inputSz -= recordHeaderSz; - input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_IN_BUFFER); + input = (byte*)XMALLOC((size_t)inputSz, ssl->heap, + DYNAMIC_TYPE_IN_BUFFER); if (input == NULL) return MEMORY_E; XMEMCPY(input, output + recordHeaderSz, inputSz); #ifdef WOLFSSL_DTLS if (IsDtlsNotSctpMode(ssl) && - (ret = DtlsMsgPoolSave(ssl, input, (word32)inputSz, client_hello)) != 0) { + (ret = DtlsMsgPoolSave(ssl, input, (word32)inputSz, + client_hello)) != 0) { XFREE(input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER); return ret; } @@ -29525,7 +30161,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, ssl->options.buildingMsg = 0; - ssl->buffers.outputBuffer.length += sendSz; + ssl->buffers.outputBuffer.length += (word32)sendSz; ret = SendBuffered(ssl); @@ -29550,9 +30186,8 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, #endif #ifdef WOLFSSL_DTLS - if (ssl->options.dtls) { + if (ssl->options.dtls) DtlsMsgPoolReset(ssl); - } #endif if (OPAQUE16_LEN + OPAQUE8_LEN > size) @@ -30006,15 +30641,8 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, ssl->options.serverState = SERVER_HELLO_COMPLETE; - if (IsEncryptionOn(ssl, 0)) { + if (IsEncryptionOn(ssl, 0)) *inOutIdx += ssl->keys.padSz; - #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) - if (ssl->options.startedETMWrite && - ssl->specs.cipher_type == block) { - *inOutIdx += MacSize(ssl); - } - #endif - } #ifdef HAVE_SECRET_CALLBACK if (ssl->sessionSecretCb != NULL @@ -30264,7 +30892,7 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, InitDecodedCert(cert, input + *inOutIdx, dnSz, ssl->heap); - ret = GetName(cert, SUBJECT, dnSz); + ret = GetName(cert, ASN_SUBJECT, dnSz); if (ret == 0) { if ((name = wolfSSL_X509_NAME_new_ex(cert->heap)) == NULL) @@ -30272,12 +30900,12 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, } if (ret == 0) { - CopyDecodedName(name, cert, SUBJECT); + CopyDecodedName(name, cert, ASN_SUBJECT); } if (ret == 0) { if (wolfSSL_sk_X509_NAME_push(ssl->client_ca_names, name) - == WOLFSSL_FAILURE) + <= 0) { ret = MEMORY_ERROR; } @@ -30346,13 +30974,8 @@ static int HashSkeData(WOLFSSL* ssl, enum wc_HashType hashType, ssl->options.sendVerify = SEND_BLANK_CERT; } - if (IsEncryptionOn(ssl, 0)) { + if (IsEncryptionOn(ssl, 0)) *inOutIdx += ssl->keys.padSz; - #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) - if (ssl->options.startedETMRead) - *inOutIdx += MacSize(ssl); - #endif - } WOLFSSL_LEAVE("DoCertificateRequest", 0); WOLFSSL_END(WC_FUNC_CERTIFICATE_REQUEST_DO); @@ -30472,10 +31095,8 @@ static void FreeDskeArgs(WOLFSSL* ssl, void* pArgs) #if !defined(NO_DH) || defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \ defined(HAVE_CURVE448) - if (args->verifySig) { - XFREE(args->verifySig, ssl->heap, DYNAMIC_TYPE_SIGNATURE); - args->verifySig = NULL; - } + XFREE(args->verifySig, ssl->heap, DYNAMIC_TYPE_SIGNATURE); + args->verifySig = NULL; #endif } @@ -31742,13 +32363,8 @@ static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, case TLS_ASYNC_FINALIZE: { - if (IsEncryptionOn(ssl, 0)) { + if (IsEncryptionOn(ssl, 0)) args->idx += ssl->keys.padSz; - #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) - if (ssl->options.startedETMRead) - args->idx += MacSize(ssl); - #endif - } /* Advance state and proceed */ ssl->options.asyncState = TLS_ASYNC_END; @@ -31811,14 +32427,10 @@ static void FreeSckeArgs(WOLFSSL* ssl, void* pArgs) (void)ssl; - if (args->encSecret) { - XFREE(args->encSecret, ssl->heap, DYNAMIC_TYPE_SECRET); - args->encSecret = NULL; - } - if (args->input) { - XFREE(args->input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER); - args->input = NULL; - } + XFREE(args->encSecret, ssl->heap, DYNAMIC_TYPE_SECRET); + args->encSecret = NULL; + XFREE(args->input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER); + args->input = NULL; } /* handle generation client_key_exchange (16) */ @@ -32101,7 +32713,7 @@ int SendClientKeyExchange(WOLFSSL* ssl) /* create ephemeral private key */ ssl->hsType = DYNAMIC_TYPE_ECC; - ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey); + ret = AllocKey(ssl, (int)ssl->hsType, &ssl->hsKey); if (ret != 0) { goto exit_scke; } @@ -32620,7 +33232,7 @@ int SendClientKeyExchange(WOLFSSL* ssl) ); if (!ssl->specs.static_ecdh #ifdef WOLFSSL_ASYNC_CRYPT - && ret != WC_PENDING_E + && ret != WC_NO_ERR_TRACE(WC_PENDING_E) #endif ) { FreeKey(ssl, DYNAMIC_TYPE_CURVE25519, @@ -32641,7 +33253,7 @@ int SendClientKeyExchange(WOLFSSL* ssl) ); if (!ssl->specs.static_ecdh #ifdef WOLFSSL_ASYNC_CRYPT - && ret != WC_PENDING_E + && ret != WC_NO_ERR_TRACE(WC_PENDING_E) #endif ) { FreeKey(ssl, DYNAMIC_TYPE_CURVE448, @@ -32688,7 +33300,7 @@ int SendClientKeyExchange(WOLFSSL* ssl) ); if (!ssl->specs.static_ecdh #ifdef WOLFSSL_ASYNC_CRYPT - && ret != WC_PENDING_E + && ret != WC_NO_ERR_TRACE(WC_PENDING_E) #endif ) { FreeKey(ssl, DYNAMIC_TYPE_CURVE25519, @@ -32709,7 +33321,7 @@ int SendClientKeyExchange(WOLFSSL* ssl) ); if (!ssl->specs.static_ecdh #ifdef WOLFSSL_ASYNC_CRYPT - && ret != WC_PENDING_E + && ret != WC_NO_ERR_TRACE(WC_PENDING_E) #endif ) { FreeKey(ssl, DYNAMIC_TYPE_CURVE448, @@ -32732,7 +33344,7 @@ int SendClientKeyExchange(WOLFSSL* ssl) if (!ssl->specs.static_ecdh #ifdef WOLFSSL_ASYNC_CRYPT - && ret != WC_PENDING_E + && ret != WC_NO_ERR_TRACE(WC_PENDING_E) #endif && !ssl->options.keepResources) { FreeKey(ssl, DYNAMIC_TYPE_ECC, @@ -32925,8 +33537,8 @@ int SendClientKeyExchange(WOLFSSL* ssl) if (ssl->options.dtls) recordHeaderSz += DTLS_RECORD_EXTRA; - args->inputSz = idx - recordHeaderSz; /* buildmsg adds rechdr */ - args->input = (byte*)XMALLOC(args->inputSz, ssl->heap, + args->inputSz = (int)idx - recordHeaderSz; /* buildmsg adds rechdr */ + args->input = (byte*)XMALLOC((size_t)args->inputSz, ssl->heap, DYNAMIC_TYPE_IN_BUFFER); if (args->input == NULL) { ERROR_OUT(MEMORY_E, exit_scke); @@ -32989,12 +33601,12 @@ int SendClientKeyExchange(WOLFSSL* ssl) } #endif - ssl->buffers.outputBuffer.length += args->sendSz; + ssl->buffers.outputBuffer.length += (word32)args->sendSz; if (!ssl->options.groupMessages) { ret = SendBuffered(ssl); } - if (ret == 0 || ret == WANT_WRITE) { + if (ret == 0 || ret == WC_NO_ERR_TRACE(WANT_WRITE)) { int tmpRet = MakeMasterSecret(ssl); if (tmpRet != 0) { ret = tmpRet; /* save WANT_WRITE unless more serious */ @@ -33024,7 +33636,9 @@ int SendClientKeyExchange(WOLFSSL* ssl) #ifdef WOLFSSL_ASYNC_IO /* Handle async operation */ - if (ret == WC_NO_ERR_TRACE(WC_PENDING_E) || ret == WANT_WRITE) { + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E) || + ret == WC_NO_ERR_TRACE(WANT_WRITE)) + { if (ssl->options.buildingMsg) return ret; /* If we have completed all states then we will not enter this function @@ -33083,15 +33697,11 @@ static void FreeScvArgs(WOLFSSL* ssl, void* pArgs) (void)ssl; #ifndef NO_RSA - if (args->verifySig) { - XFREE(args->verifySig, ssl->heap, DYNAMIC_TYPE_SIGNATURE); - args->verifySig = NULL; - } + XFREE(args->verifySig, ssl->heap, DYNAMIC_TYPE_SIGNATURE); + args->verifySig = NULL; #endif - if (args->input) { - XFREE(args->input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER); - args->input = NULL; - } + XFREE(args->input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER); + args->input = NULL; } /* handle generation of certificate_verify (15) */ @@ -33171,7 +33781,7 @@ int SendCertificateVerify(WOLFSSL* ssl) } /* Use tmp buffer */ - args->input = (byte*)XMALLOC(args->sendSz, + args->input = (byte*)XMALLOC((size_t)args->sendSz, ssl->heap, DYNAMIC_TYPE_IN_BUFFER); if (args->input == NULL) ERROR_OUT(MEMORY_E, exit_scv); @@ -33581,9 +34191,9 @@ int SendCertificateVerify(WOLFSSL* ssl) #ifdef WOLFSSL_ASYNC_IO /* Handle async operation */ - if (ret == WANT_WRITE + if (ret == WC_NO_ERR_TRACE(WANT_WRITE) #ifdef WOLFSSL_ASYNC_CRYPT - || ret == WC_PENDING_E + || ret == WC_NO_ERR_TRACE(WC_PENDING_E) #endif ) return ret; @@ -33717,13 +34327,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #endif } - if (IsEncryptionOn(ssl, 0)) { + if (IsEncryptionOn(ssl, 0)) *inOutIdx += ssl->keys.padSz; - #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) - if (ssl->options.startedETMRead) - *inOutIdx += MacSize(ssl); - #endif - } ssl->expect_session_ticket = 0; @@ -33917,6 +34522,29 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #ifndef WOLFSSL_NO_TLS12 + static int getSessionID(WOLFSSL* ssl) + { + int sessIdSz = 0; + (void)ssl; +#ifndef NO_SESSION_CACHE + /* if no session cache don't send a session ID */ + if (!ssl->options.sessionCacheOff) + sessIdSz = ID_LEN; +#endif +#ifdef HAVE_SESSION_TICKET + /* we may be echoing an ID as part of session tickets */ + if (ssl->options.useTicket) { + /* echo session id sz can be 0,32 or bogus len in between */ + sessIdSz = ssl->arrays->sessionIDSz; + if (sessIdSz > ID_LEN) { + WOLFSSL_MSG("Bad bogus session id len"); + return BUFFER_ERROR; + } + } +#endif /* HAVE_SESSION_TICKET */ + return sessIdSz; + } + /* handle generation of server_hello (2) */ int SendServerHello(WOLFSSL* ssl) { @@ -33925,17 +34553,18 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word16 length; word32 idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; int sendSz; - byte sessIdSz = ID_LEN; - #if defined(HAVE_TLS_EXTENSIONS) && defined(HAVE_SESSION_TICKET) - byte echoId = 0; /* ticket echo id flag */ - #endif - byte cacheOff = 0; /* session cache off flag */ + byte sessIdSz; WOLFSSL_START(WC_FUNC_SERVER_HELLO_SEND); WOLFSSL_ENTER("SendServerHello"); + ret = getSessionID(ssl); + if (ret < 0) + return ret; + sessIdSz = (byte)ret; + length = VERSION_SZ + RAN_LEN - + ID_LEN + ENUM_LEN + + ENUM_LEN + sessIdSz + SUITE_LEN + ENUM_LEN; @@ -33943,45 +34572,12 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, ret = TLSX_GetResponseSize(ssl, server_hello, &length); if (ret != 0) return ret; - #ifdef HAVE_SESSION_TICKET - if (ssl->options.useTicket) { - /* echo session id sz can be 0,32 or bogus len in between */ - sessIdSz = ssl->arrays->sessionIDSz; - if (sessIdSz > ID_LEN) { - WOLFSSL_MSG("Bad bogus session id len"); - return BUFFER_ERROR; - } - if (!IsAtLeastTLSv1_3(ssl->version)) - length -= (ID_LEN - sessIdSz); /* adjust ID_LEN assumption */ - echoId = 1; - } - #endif /* HAVE_SESSION_TICKET */ #else if (ssl->options.haveEMS) { length += HELLO_EXT_SZ_SZ + HELLO_EXT_SZ; } #endif - /* is the session cache off at build or runtime */ -#ifdef NO_SESSION_CACHE - cacheOff = 1; -#else - if (ssl->options.sessionCacheOff == 1) { - cacheOff = 1; - } -#endif - - /* if no session cache don't send a session ID unless we're echoing - * an ID as part of session tickets */ - if (cacheOff == 1 - #if defined(HAVE_TLS_EXTENSIONS) && defined(HAVE_SESSION_TICKET) - && echoId == 0 - #endif - ) { - length -= ID_LEN; /* adjust ID_LEN assumption */ - sessIdSz = 0; - } - sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ; #ifdef WOLFSSL_DTLS if (ssl->options.dtls) { @@ -34012,11 +34608,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, /* then random and session id */ if (!ssl->options.resuming) { - /* generate random part and session id */ - ret = wc_RNG_GenerateBlock(ssl->rng, output + idx, - RAN_LEN + sizeof(sessIdSz) + sessIdSz); - if (ret != 0) - return ret; + word32 genRanLen = RAN_LEN; #ifdef WOLFSSL_TLS13 if (TLSv1_3_Capable(ssl)) { @@ -34024,6 +34616,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, XMEMCPY(output + idx + RAN_LEN - (TLS13_DOWNGRADE_SZ + 1), tls13Downgrade, TLS13_DOWNGRADE_SZ); output[idx + RAN_LEN - 1] = (byte)IsAtLeastTLSv1_2(ssl); + genRanLen -= TLS13_DOWNGRADE_SZ + 1; } else #endif @@ -34035,12 +34628,21 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, XMEMCPY(output + idx + RAN_LEN - (TLS13_DOWNGRADE_SZ + 1), tls13Downgrade, TLS13_DOWNGRADE_SZ); output[idx + RAN_LEN - 1] = 0; + genRanLen -= TLS13_DOWNGRADE_SZ + 1; } - /* store info in SSL for later */ + /* generate random part */ + ret = wc_RNG_GenerateBlock(ssl->rng, output + idx, genRanLen); + if (ret != 0) + return ret; XMEMCPY(ssl->arrays->serverRandom, output + idx, RAN_LEN); idx += RAN_LEN; + + /* generate session id */ output[idx++] = sessIdSz; + ret = wc_RNG_GenerateBlock(ssl->rng, output + idx, sessIdSz); + if (ret != 0) + return ret; XMEMCPY(ssl->arrays->sessionID, output + idx, sessIdSz); ssl->arrays->sessionIDSz = sessIdSz; } @@ -34106,7 +34708,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if (ssl->options.dtls) recordHeaderSz += DTLS_RECORD_EXTRA; inputSz -= recordHeaderSz; - input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_IN_BUFFER); + input = (byte*)XMALLOC((size_t)inputSz, ssl->heap, + DYNAMIC_TYPE_IN_BUFFER); if (input == NULL) return MEMORY_E; @@ -34151,7 +34754,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, ssl->options.serverState = SERVER_HELLO_COMPLETE; ssl->options.buildingMsg = 0; - ssl->buffers.outputBuffer.length += sendSz; + ssl->buffers.outputBuffer.length += (word32)sendSz; if (ssl->options.groupMessages) ret = 0; @@ -34174,7 +34777,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, return 0; } - return (byte)GetCurveByOID(key->dp->oidSum); + return (byte)GetCurveByOID((int)key->dp->oidSum); } #endif /* HAVE_ECC */ @@ -34210,16 +34813,12 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, (void)ssl; #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448) - if (args->exportBuf) { - XFREE(args->exportBuf, ssl->heap, DYNAMIC_TYPE_DER); - args->exportBuf = NULL; - } + XFREE(args->exportBuf, ssl->heap, DYNAMIC_TYPE_DER); + args->exportBuf = NULL; #endif #ifndef NO_RSA - if (args->verifySig) { - XFREE(args->verifySig, ssl->heap, DYNAMIC_TYPE_SIGNATURE); - args->verifySig = NULL; - } + XFREE(args->verifySig, ssl->heap, DYNAMIC_TYPE_SIGNATURE); + args->verifySig = NULL; #endif (void)args; } @@ -35816,9 +36415,9 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #ifdef WOLFSSL_ASYNC_IO /* Handle async operation */ - if (ret == WANT_WRITE + if (ret == WC_NO_ERR_TRACE(WANT_WRITE) #ifdef WOLFSSL_ASYNC_CRYPT - || ret == WC_PENDING_E + || ret == WC_NO_ERR_TRACE(WC_PENDING_E) #endif ) return ret; @@ -37116,8 +37715,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, ssl->clSuites = NULL; #endif #ifdef WOLFSSL_SMALL_STACK - if (clSuites != NULL) - XFREE(clSuites, ssl->heap, DYNAMIC_TYPE_SUITES); + XFREE(clSuites, ssl->heap, DYNAMIC_TYPE_SUITES); #endif WOLFSSL_LEAVE("DoClientHello", ret); WOLFSSL_END(WC_FUNC_CLIENT_HELLO_DO); @@ -37533,13 +38131,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, case TLS_ASYNC_FINALIZE: { - if (IsEncryptionOn(ssl, 0)) { + if (IsEncryptionOn(ssl, 0)) args->idx += ssl->keys.padSz; - #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) - if (ssl->options.startedETMRead) - args->idx += MacSize(ssl); - #endif - } ssl->options.havePeerVerify = 1; @@ -37652,7 +38245,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, inputSz += DTLS_HANDSHAKE_EXTRA; } - input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_IN_BUFFER); + input = (byte*)XMALLOC((size_t)inputSz, ssl->heap, + DYNAMIC_TYPE_IN_BUFFER); if (input == NULL) return MEMORY_E; @@ -37697,7 +38291,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, ssl->options.serverState = SERVER_HELLODONE_COMPLETE; ssl->options.buildingMsg = 0; - ssl->buffers.outputBuffer.length += sendSz; + ssl->buffers.outputBuffer.length += (word32)sendSz; ret = SendBuffered(ssl); @@ -37888,7 +38482,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, itHash = HashObject((byte*)it, sizeof(*it), &error); if (error == 0) { ret = ssl->ctx->ticketEncCb(ssl, et->key_name, et->iv, et->mac, - 1, et->enc_ticket, sizeof(InternalTicket), &encLen, + 1, et->enc_ticket, WOLFSSL_INTERNAL_TICKET_LEN, &encLen, SSL_TICKET_CTX(ssl)); } else { @@ -37903,7 +38497,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #endif goto error; } - if (encLen < (int)sizeof(InternalTicket) || + if (encLen < (int)WOLFSSL_INTERNAL_TICKET_LEN || encLen > (int)WOLFSSL_TICKET_ENC_SZ) { WOLFSSL_MSG("Bad user ticket encrypt size"); ret = BAD_TICKET_KEY_CB_SZ; @@ -37979,7 +38573,8 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, WOLFSSL_ENTER("DoDecryptTicket"); if (len > SESSION_TICKET_LEN || - len < (word32)(sizeof(InternalTicket) + WOLFSSL_TICKET_FIXED_SZ)) { + len < (word32)(WOLFSSL_INTERNAL_TICKET_LEN + + WOLFSSL_TICKET_FIXED_SZ)) { WOLFSSL_ERROR_VERBOSE(BAD_TICKET_MSG_SZ); return WOLFSSL_TICKET_RET_REJECT; } @@ -38027,7 +38622,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, return WOLFSSL_TICKET_RET_REJECT; } } - if (outLen > (int)inLen || outLen < (int)sizeof(InternalTicket)) { + if (outLen > (int)inLen || outLen < (int)WOLFSSL_INTERNAL_TICKET_LEN) { WOLFSSL_MSG("Bad user ticket decrypt len"); WOLFSSL_ERROR_VERBOSE(BAD_TICKET_KEY_CB_SZ); return BAD_TICKET_KEY_CB_SZ; @@ -38095,7 +38690,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, diff -= ticketSeen; if (diff > timeout * 1000 || diff > (sword64)TLS13_MAX_TICKET_AGE * 1000) - return -1; + return WOLFSSL_FATAL_ERROR; #else sword64 diff; sword64 ticketSeen; /* Time ticket seen (ms) */ @@ -38113,7 +38708,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, diff -= ticketSeen; if (diff > timeout * 1000 || diff > (sword64)TLS13_MAX_TICKET_AGE * 1000) - return -1; + return WOLFSSL_FATAL_ERROR; #endif ato32(psk->it->ageAdd, &ticketAdd); /* Subtract client's ticket age and unobfuscate. */ @@ -38123,7 +38718,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, * Allow +/- 1000 milliseconds on ticket age. */ if (diff < -1000 || diff - MAX_TICKET_AGE_DIFF * 1000 > 1000) - return -1; + return WOLFSSL_FATAL_ERROR; #if !defined(WOLFSSL_PSK_ONE_ID) && !defined(WOLFSSL_PRIORITIZE_PSK) /* Check whether resumption is possible based on suites in SSL and @@ -38131,18 +38726,18 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, */ (void)ssl; if (XMEMCMP(suite, psk->it->suite, SUITE_LEN) != 0) - return -1; + return WOLFSSL_FATAL_ERROR; #else (void)suite; if (!FindSuiteSSL(ssl, psk->it->suite)) - return -1; + return WOLFSSL_FATAL_ERROR; #endif #ifdef OPENSSL_EXTRA if (ssl->sessionCtxSz > 0 && (psk->it->sessionCtxSz != ssl->sessionCtxSz || XMEMCMP(psk->it->sessionCtx, ssl->sessionCtx, ssl->sessionCtxSz) != 0)) - return -1; + return WOLFSSL_FATAL_ERROR; #endif return 0; } @@ -38721,7 +39316,123 @@ static void TicketEncCbCtx_Free(TicketEncCbCtx* keyCtx) wc_FreeRng(&keyCtx->rng); } -#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && \ +#ifdef WOLFSSL_TICKET_ENC_CBC_HMAC +/* Ticket encryption/decryption implementation. + * + * @param [in] key Key for encryption/decryption and HMAC. + * @param [in] keyLen Length of key in bytes. + * @param [in] iv IV/Nonce for encryption/decryption. + * @param [in] aad Additional authentication data. + * @param [in] aadSz Length of additional authentication data. + * @param [in] in Data to encrypt/decrypt. + * @param [in] inLen Length of encrypted data. + * @param [out] out Resulting data from encrypt/decrypt. + * @param [out] outLen Size of resulting data. + * @param [in] tag Authentication tag for encrypted data. + * @param [in] heap Dynamic memory allocation data hint. + * @param [in] enc 1 when encrypting, 0 when decrypting. + * @return 0 on success. + * @return Other value when encryption/decryption fails. + */ +static int TicketEncDec(byte* key, int keyLen, byte* iv, byte* aad, int aadSz, + byte* in, int inLen, byte* out, int* outLen, byte* tag, + void* heap, int enc) +{ + int ret; +#ifdef WOLFSSL_SMALL_STACK + Aes* aes; + Hmac* hmac; +#else + Aes aes[1]; + Hmac hmac[1]; +#endif + + (void)heap; + +#ifdef WOLFSSL_SMALL_STACK + aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_TMP_BUFFER); + if (aes == NULL) + return MEMORY_E; + hmac = (Hmac*)XMALLOC(sizeof(Hmac), heap, DYNAMIC_TYPE_TMP_BUFFER); + if (hmac == NULL) { + XFREE(aes, heap, DYNAMIC_TYPE_TMP_BUFFER); + return MEMORY_E; + } +#endif + + XMEMSET(aes, 0, sizeof(Aes)); + XMEMSET(hmac, 0, sizeof(Hmac)); + + ret = wc_HmacInit(hmac, heap, DYNAMIC_TYPE_TMP_BUFFER); + if (ret == 0) { + ret = wc_HmacSetKey(hmac, WOLFSSL_TICKET_ENC_HMAC, key + keyLen - + WOLFSSL_TICKET_HMAC_KEY_SZ, WOLFSSL_TICKET_HMAC_KEY_SZ); + } + if (ret == 0) { + ret = wc_HmacUpdate(hmac, aad, aadSz); + } + + if (ret == 0) { + if (enc) { + ret = wc_AesInit(aes, NULL, INVALID_DEVID); + if (ret == 0) { + ret = wc_AesSetKey(aes, key, + keyLen - WOLFSSL_TICKET_HMAC_KEY_SZ, iv, AES_ENCRYPTION); + } + if (ret == 0) { + ret = wc_HmacUpdate(hmac, in, inLen); + } + if (ret == 0) { + ret = wc_AesCbcEncrypt(aes, in, out, inLen); + } + if (ret == 0) { + XMEMSET(tag, 0, WOLFSSL_TICKET_MAC_SZ); + ret = wc_HmacFinal(hmac, tag); + } + wc_AesFree(aes); + } + else { + unsigned char calcTag[WOLFSSL_TICKET_MAC_SZ]; + + ret = wc_AesInit(aes, NULL, INVALID_DEVID); + if (ret == 0) { + ret = wc_AesSetKey(aes, key, + keyLen - WOLFSSL_TICKET_HMAC_KEY_SZ, iv, AES_DECRYPTION); + } + if (ret == 0) { + ret = wc_AesCbcDecrypt(aes, in, out, inLen); + } + if (ret == 0) { + ret = wc_HmacUpdate(hmac, out, inLen); + } + if (ret == 0) { + XMEMSET(calcTag, 0, WOLFSSL_TICKET_MAC_SZ); + ret = wc_HmacFinal(hmac, calcTag); + } + if (ret == 0) { + int i; + calcTag[0] ^= tag[0]; + for (i = 1; i < WOLFSSL_TICKET_MAC_SZ; i++) { + calcTag[0] |= calcTag[i] ^ tag[i]; + } + /* Return a negative value when no match. */ + ret = -calcTag[0]; + } + wc_AesFree(aes); + } + } + wc_HmacFree(hmac); + +#ifdef WOLFSSL_SMALL_STACK + XFREE(hmac, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(aes, heap, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + *outLen = inLen; + + return ret; +} +#elif defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && \ !defined(WOLFSSL_TICKET_ENC_AES128_GCM) && \ !defined(WOLFSSL_TICKET_ENC_AES256_GCM) /* Ticket encryption/decryption implementation. @@ -39016,7 +39727,7 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ], WOLFSSL_ENTER("DefTicketEncCb"); - if ((!enc) && (inLen != sizeof(InternalTicket))) { + if ((!enc) && (inLen != WOLFSSL_INTERNAL_TICKET_LEN)) { return BUFFER_E; } @@ -40142,7 +40853,7 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ], lenErrMask = 0 - (SECRET_LEN != args->sigSz); args->lastErr = (ret & (~lenErrMask)) | - (RSA_PAD_E & lenErrMask); + (WC_NO_ERR_TRACE(RSA_PAD_E) & lenErrMask); ret = 0; break; } /* rsa_kea */ @@ -40297,7 +41008,7 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ], ); if (!ssl->specs.static_ecdh #ifdef WOLFSSL_ASYNC_CRYPT - && ret != WC_PENDING_E + && ret != WC_NO_ERR_TRACE(WC_PENDING_E) #endif ) { FreeKey(ssl, DYNAMIC_TYPE_ECC, @@ -40500,13 +41211,8 @@ static int DefTicketEncCb(WOLFSSL* ssl, byte key_name[WOLFSSL_TICKET_NAME_SZ], case TLS_ASYNC_FINALIZE: { - if (IsEncryptionOn(ssl, 0)) { + if (IsEncryptionOn(ssl, 0)) args->idx += ssl->keys.padSz; - #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY) - if (ssl->options.startedETMRead) - args->idx += MacSize(ssl); - #endif - } ret = MakeMasterSecret(ssl); @@ -40858,7 +41564,7 @@ int wolfSSL_sk_BY_DIR_HASH_find( } next = next->next; } - return -1; + return WOLFSSL_FATAL_ERROR; } /* return a number of WOLFSSL_BY_DIR_HASH in stack */ int wolfSSL_sk_BY_DIR_HASH_num(const WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *sk) @@ -40866,7 +41572,7 @@ int wolfSSL_sk_BY_DIR_HASH_num(const WOLF_STACK_OF(WOLFSSL_BY_DIR_HASH) *sk) WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_HASH_num"); if (sk == NULL) - return -1; + return WOLFSSL_FATAL_ERROR; return (int)sk->num; } /* return WOLFSSL_BY_DIR_HASH instance at i */ @@ -41027,9 +41733,7 @@ void wolfSSL_BY_DIR_entry_free(WOLFSSL_BY_DIR_entry* entry) wolfSSL_sk_BY_DIR_HASH_free(entry->hashes); } - if (entry->dir_name != NULL) { - XFREE(entry->dir_name, NULL, DYNAMIC_TYPE_OPENSSL); - } + XFREE(entry->dir_name, NULL, DYNAMIC_TYPE_OPENSSL); XFREE(entry, NULL, DYNAMIC_TYPE_OPENSSL); } @@ -41051,7 +41755,7 @@ int wolfSSL_sk_BY_DIR_entry_num(const WOLF_STACK_OF(WOLFSSL_BY_DIR_entry) *sk) WOLFSSL_ENTER("wolfSSL_sk_BY_DIR_entry_num"); if (sk == NULL) - return -1; + return WOLFSSL_FATAL_ERROR; return (int)sk->num; } /* return WOLFSSL_BY_DIR_entry instance at i */ @@ -41269,7 +41973,8 @@ static int DoAppleNativeCertValidation(const WOLFSSL_BUFFER_INFO* certs, } for (i = 0; i < totalCerts; i++) { - secCert = ConvertToSecCertificateRef(certs[i].buffer, certs[i].length); + secCert = ConvertToSecCertificateRef(certs[i].buffer, + (int)certs[i].length); if (!secCert) { WOLFSSL_MSG("Error: can't convert DER cert to SecCertificateRef"); ret = 0; diff --git a/src/src/keys.c b/src/src/keys.c index f9f9e85..b5b982c 100644 --- a/src/src/keys.c +++ b/src/src/keys.c @@ -1,6 +1,6 @@ /* keys.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -2371,7 +2371,7 @@ static int SetPrefix(byte* sha_input, int idx) #endif -static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, +int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, int side, void* heap, int devId, WC_RNG* rng, int tls13) { (void)rng; @@ -3318,9 +3318,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, DYNAMIC_TYPE_CIPHER); if (enc->hmac == NULL) return MEMORY_E; - } - if (enc) { if (wc_HmacInit(enc->hmac, heap, devId) != 0) { WOLFSSL_MSG("HmacInit failed in SetKeys"); XFREE(enc->hmac, heap, DYNAMIC_TYPE_CIPHER); @@ -3334,9 +3332,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, DYNAMIC_TYPE_CIPHER); if (dec->hmac == NULL) return MEMORY_E; - } - if (dec) { if (wc_HmacInit(dec->hmac, heap, devId) != 0) { WOLFSSL_MSG("HmacInit failed in SetKeys"); XFREE(dec->hmac, heap, DYNAMIC_TYPE_CIPHER); @@ -3876,12 +3872,12 @@ int DeriveKeys(WOLFSSL* ssl) if (shaOutput == NULL || md5Input == NULL || shaInput == NULL || keyData == NULL || md5 == NULL || sha == NULL) { - if (shaOutput) XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (md5Input) XFREE(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (shaInput) XFREE(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (keyData) XFREE(keyData, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (md5) XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (sha) XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(keyData, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER); return MEMORY_E; } @@ -4013,11 +4009,11 @@ static int MakeSslMasterSecret(WOLFSSL* ssl) if (shaOutput == NULL || md5Input == NULL || shaInput == NULL || md5 == NULL || sha == NULL) { - if (shaOutput) XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (md5Input) XFREE(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (shaInput) XFREE(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (md5) XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (sha) XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(shaOutput, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(md5Input, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(shaInput, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(sha, NULL, DYNAMIC_TYPE_TMP_BUFFER); return MEMORY_E; } diff --git a/src/src/ocsp.c b/src/src/ocsp.c index 4760c50..493d826 100644 --- a/src/src/ocsp.c +++ b/src/src/ocsp.c @@ -1,6 +1,6 @@ /* ocsp.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -90,8 +90,7 @@ static void FreeOcspEntry(OcspEntry* entry, void* heap) for (status = entry->status; status; status = next) { next = status->next; - if (status->rawOcspResponse) - XFREE(status->rawOcspResponse, heap, DYNAMIC_TYPE_OCSP_STATUS); + XFREE(status->rawOcspResponse, heap, DYNAMIC_TYPE_OCSP_STATUS); #ifdef OPENSSL_EXTRA if (status->serialInt) { @@ -251,10 +250,10 @@ static int GetOcspStatus(WOLFSSL_OCSP* ocsp, OcspRequest* request, else if (*status) { #ifndef NO_ASN_TIME if (XVALIDATE_DATE((*status)->thisDate, - (*status)->thisDateFormat, BEFORE) + (*status)->thisDateFormat, ASN_BEFORE) && ((*status)->nextDate[0] != 0) && XVALIDATE_DATE((*status)->nextDate, - (*status)->nextDateFormat, AFTER)) + (*status)->nextDateFormat, ASN_AFTER)) #endif { ret = xstat2err((*status)->status); @@ -284,7 +283,7 @@ static int GetOcspStatus(WOLFSSL_OCSP* ocsp, OcspRequest* request, * ocsp Context object for OCSP status. * response OCSP response message data. * responseSz Length of OCSP response message data. - * reponseBuffer Buffer object to return the response with. + * responseBuffer Buffer object to return the response with. * status The certificate status object. * entry The OCSP entry for this certificate. * ocspRequest Request corresponding to response. @@ -318,9 +317,9 @@ int CheckOcspResponse(WOLFSSL_OCSP *ocsp, byte *response, int responseSz, DYNAMIC_TYPE_OCSP_REQUEST); if (newStatus == NULL || newSingle == NULL || ocspResponse == NULL) { - if (newStatus) XFREE(newStatus, NULL, DYNAMIC_TYPE_OCSP_STATUS); - if (newSingle) XFREE(newSingle, NULL, DYNAMIC_TYPE_OCSP_ENTRY); - if (ocspResponse) XFREE(ocspResponse, NULL, DYNAMIC_TYPE_OCSP_REQUEST); + XFREE(newStatus, NULL, DYNAMIC_TYPE_OCSP_STATUS); + XFREE(newSingle, NULL, DYNAMIC_TYPE_OCSP_ENTRY); + XFREE(ocspResponse, NULL, DYNAMIC_TYPE_OCSP_REQUEST); WOLFSSL_LEAVE("CheckCertOCSP", MEMORY_ERROR); return MEMORY_E; @@ -375,10 +374,7 @@ int CheckOcspResponse(WOLFSSL_OCSP *ocsp, byte *response, int responseSz, } if (status != NULL) { - if (status->rawOcspResponse) { - XFREE(status->rawOcspResponse, ocsp->cm->heap, - DYNAMIC_TYPE_OCSP_STATUS); - } + XFREE(status->rawOcspResponse, ocsp->cm->heap, DYNAMIC_TYPE_OCSP_STATUS); /* Replace existing certificate entry with updated */ ocspResponse->single->status->next = status->next; @@ -493,8 +489,7 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest, ret = wolfSSL_get_ocsp_response(ssl, &response); ret = CheckOcspResponse(ocsp, response, ret, responseBuffer, status, entry, NULL, heap); - if (response != NULL) - XFREE(response, NULL, DYNAMIC_TYPE_OPENSSL); + XFREE(response, NULL, DYNAMIC_TYPE_OPENSSL); break; case SSL_TLSEXT_ERR_NOACK: ret = OCSP_LOOKUP_FAIL; @@ -538,9 +533,12 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest, responseSz = ocsp->cm->ocspIOCb(ioCtx, url, urlSz, request, requestSz, &response); } - if (responseSz == WOLFSSL_CBIO_ERR_WANT_READ) { + if (responseSz == WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_WANT_READ)) { ret = OCSP_WANT_READ; } + else if (responseSz == WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_TIMEOUT)){ + ret = HTTP_TIMEOUT; + } XFREE(request, ocsp->cm->heap, DYNAMIC_TYPE_OCSP); @@ -668,8 +666,9 @@ int CheckOcspResponder(OcspResponse *bs, DecodedCert *cert, void* vp) return ret; } -#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \ - defined(WOLFSSL_APACHE_HTTPD) || defined(HAVE_LIGHTY) + +/* compatibility layer OCSP functions */ +#ifdef OPENSSL_EXTRA int wolfSSL_OCSP_resp_find_status(WOLFSSL_OCSP_BASICRESP *bs, WOLFSSL_OCSP_CERTID* id, int* status, int* reason, WOLFSSL_ASN1_TIME** revtime, WOLFSSL_ASN1_TIME** thisupd, @@ -695,10 +694,17 @@ int wolfSSL_OCSP_resp_find_status(WOLFSSL_OCSP_BASICRESP *bs, if (status != NULL) *status = single->status->status; +#ifdef WOLFSSL_OCSP_PARSE_STATUS if (thisupd != NULL) *thisupd = &single->status->thisDateParsed; if (nextupd != NULL) *nextupd = &single->status->nextDateParsed; +#else + if (thisupd != NULL) + *thisupd = NULL; + if (nextupd != NULL) + *nextupd = NULL; +#endif /* TODO: Not needed for Nginx or httpd */ if (reason != NULL) @@ -821,16 +827,15 @@ WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_cert_to_id( if (ret != 0) { if (derCert != NULL) FreeDer(&derCert); - if (certId != NULL) { + if (cm != NULL) { XFREE(certId, cm->heap, DYNAMIC_TYPE_OPENSSL); certId = NULL; - } - if (certStatus) XFREE(certStatus, cm->heap, DYNAMIC_TYPE_OPENSSL); + } } #ifdef WOLFSSL_SMALL_STACK - if (cert != NULL) + if (cm != NULL) XFREE(cert, cm->heap, DYNAMIC_TYPE_DCERT); #endif @@ -850,7 +855,7 @@ void wolfSSL_OCSP_BASICRESP_free(WOLFSSL_OCSP_BASICRESP* basicResponse) int wolfSSL_OCSP_basic_verify(WOLFSSL_OCSP_BASICRESP *bs, WOLF_STACK_OF(WOLFSSL_X509) *certs, WOLFSSL_X509_STORE *st, unsigned long flags) { - int ret = WOLFSSL_FAILURE; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); #ifdef WOLFSSL_SMALL_STACK DecodedCert *cert; #else @@ -872,10 +877,8 @@ int wolfSSL_OCSP_basic_verify(WOLFSSL_OCSP_BASICRESP *bs, return WOLFSSL_FAILURE; #endif -#ifdef OPENSSL_EXTRA if (bs->verifyError != OCSP_VERIFY_ERROR_NONE) goto out; -#endif if (flags & OCSP_TRUSTOTHER) { for (idx = 0; idx < wolfSSL_sk_X509_num(certs); idx++) { @@ -922,8 +925,7 @@ void wolfSSL_OCSP_RESPONSE_free(OcspResponse* response) XFREE(response->single, NULL, DYNAMIC_TYPE_OCSP_ENTRY); } - if (response->source != NULL) - XFREE(response->source, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(response->source, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(response, NULL, DYNAMIC_TYPE_OCSP_REQUEST); } @@ -952,18 +954,18 @@ OcspResponse* wolfSSL_d2i_OCSP_RESPONSE_bio(WOLFSSL_BIO* bio, long fcur; long flen; - if (bio->ptr == NULL) + if (bio->ptr.fh == NULL) return NULL; - fcur = XFTELL((XFILE)bio->ptr); + fcur = XFTELL(bio->ptr.fh); if (fcur < 0) return NULL; - if(XFSEEK((XFILE)bio->ptr, 0, SEEK_END) != 0) + if(XFSEEK(bio->ptr.fh, 0, SEEK_END) != 0) return NULL; - flen = XFTELL((XFILE)bio->ptr); + flen = XFTELL(bio->ptr.fh); if (flen < 0) return NULL; - if (XFSEEK((XFILE)bio->ptr, fcur, SEEK_SET) != 0) + if (XFSEEK(bio->ptr.fh, fcur, SEEK_SET) != 0) return NULL; /* check calculated length */ @@ -1054,6 +1056,9 @@ OcspResponse* wolfSSL_d2i_OCSP_RESPONSE(OcspResponse** response, if (GetSequence(*data, &idx, &length, (word32)len) >= 0) (*data) += (unsigned char) ((int)idx + length); + if (response != NULL && *response == NULL) + *response = resp; + return resp; } @@ -1106,10 +1111,8 @@ WOLFSSL_OCSP_BASICRESP* wolfSSL_OCSP_response_get1_basic(OcspResponse* response) DYNAMIC_TYPE_OCSP_ENTRY); bs->source = (byte*)XMALLOC(bs->maxIdx, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (bs->single == NULL || bs->source == NULL) { - if (bs->single) { - XFREE(bs->single, NULL, DYNAMIC_TYPE_OCSP_ENTRY); - bs->single = NULL; - } + XFREE(bs->single, NULL, DYNAMIC_TYPE_OCSP_ENTRY); + bs->single = NULL; wolfSSL_OCSP_RESPONSE_free(bs); bs = NULL; } @@ -1143,6 +1146,9 @@ int wolfSSL_i2d_OCSP_REQUEST(OcspRequest* request, unsigned char** data) { int size; + if (request == NULL) + return BAD_FUNC_ARG; + size = EncodeOcspRequest(request, NULL, 0); if (size <= 0 || data == NULL) return size; @@ -1164,8 +1170,7 @@ WOLFSSL_OCSP_ONEREQ* wolfSSL_OCSP_request_add0_id(OcspRequest *req, XMEMCPY(req->issuerHash, cid->issuerHash, KEYID_SIZE); XMEMCPY(req->issuerKeyHash, cid->issuerKeyHash, KEYID_SIZE); if (cid->status->serialSz > req->serialSz) { - if (req->serial != NULL) - XFREE(req->serial, req->heap, DYNAMIC_TYPE_OCSP); + XFREE(req->serial, req->heap, DYNAMIC_TYPE_OCSP); req->serial = (byte*)XMALLOC((size_t)cid->status->serialSz, req->heap, DYNAMIC_TYPE_OCSP_REQUEST); if (req->serial == NULL) @@ -1191,9 +1196,7 @@ WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_CERTID_dup(WOLFSSL_OCSP_CERTID* id) } return certId; } -#endif -#if defined(OPENSSL_ALL) || defined(APACHE_HTTPD) || defined(WOLFSSL_HAPROXY) #ifndef NO_BIO int wolfSSL_i2d_OCSP_REQUEST_bio(WOLFSSL_BIO* out, WOLFSSL_OCSP_REQUEST *req) @@ -1295,7 +1298,8 @@ WOLFSSL_OCSP_CERTID* wolfSSL_d2i_OCSP_CERTID(WOLFSSL_OCSP_CERTID** cidOut, return NULL; } -const WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_SINGLERESP_get0_id(const WOLFSSL_OCSP_SINGLERESP *single) +const WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_SINGLERESP_get0_id( + const WOLFSSL_OCSP_SINGLERESP *single) { return single; } @@ -1343,11 +1347,17 @@ int wolfSSL_OCSP_single_get0_status(WOLFSSL_OCSP_SINGLERESP *single, if (single == NULL) return WOLFSSL_FAILURE; +#ifdef WOLFSSL_OCSP_PARSE_STATUS if (thisupd != NULL) *thisupd = &single->status->thisDateParsed; if (nextupd != NULL) *nextupd = &single->status->nextDateParsed; - +#else + if (thisupd != NULL) + *thisupd = NULL; + if (nextupd != NULL) + *nextupd = NULL; +#endif if (reason != NULL) *reason = 0; if (revtime != NULL) @@ -1392,9 +1402,325 @@ WOLFSSL_OCSP_SINGLERESP* wolfSSL_OCSP_resp_get0(WOLFSSL_OCSP_BASICRESP *bs, int return single; } -#endif /* OPENSSL_ALL || APACHE_HTTPD || WOLFSSL_HAPROXY */ +#endif /* OPENSSL_EXTRA */ + +#ifdef OPENSSL_ALL + +/******************************************************************************* + * START OF WOLFSSL_OCSP_REQ_CTX API + ******************************************************************************/ + +enum ocspReqStates { + ORS_INVALID = 0, + ORS_HEADER_ADDED, + ORS_REQ_DONE +}; + +enum ocspReqIOStates { + ORIOS_INVALID = 0, + ORIOS_WRITE, + ORIOS_READ +}; + +WOLFSSL_OCSP_REQ_CTX* wolfSSL_OCSP_REQ_CTX_new(WOLFSSL_BIO *bio, int maxline) +{ + WOLFSSL_OCSP_REQ_CTX* ret = NULL; + + WOLFSSL_ENTER("wolfSSL_OCSP_REQ_CTX_new"); + + if (maxline <= 0) + maxline = OCSP_MAX_REQUEST_SZ; + + ret = (WOLFSSL_OCSP_REQ_CTX*)XMALLOC(sizeof(*ret), NULL, + DYNAMIC_TYPE_OPENSSL); + if (ret != NULL) { + XMEMSET(ret, 0, sizeof(*ret)); + ret->buf = (byte*)XMALLOC((word32)maxline, NULL, DYNAMIC_TYPE_OPENSSL); + if (ret->buf == NULL) + goto error; + ret->reqResp = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()); + ret->bufLen = maxline; + ret->bio = bio; + ret->ioState = ORIOS_WRITE; + } + + return ret; +error: + wolfSSL_OCSP_REQ_CTX_free(ret); + return NULL; +} + +void wolfSSL_OCSP_REQ_CTX_free(WOLFSSL_OCSP_REQ_CTX *ctx) +{ + WOLFSSL_ENTER("wolfSSL_OCSP_REQ_CTX_free"); + if (ctx != NULL) { + if (ctx->buf != NULL) + XFREE(ctx->buf, NULL, DYNAMIC_TYPE_OPENSSL); + if (ctx->reqResp != NULL) + wolfSSL_BIO_free(ctx->reqResp); + XFREE(ctx, NULL, DYNAMIC_TYPE_OPENSSL); + } +} + +WOLFSSL_OCSP_REQ_CTX* wolfSSL_OCSP_sendreq_new(WOLFSSL_BIO *bio, + const char *path, OcspRequest *req, int maxline) +{ + WOLFSSL_OCSP_REQ_CTX* ret = NULL; + + WOLFSSL_ENTER("wolfSSL_OCSP_sendreq_new"); + + ret = wolfSSL_OCSP_REQ_CTX_new(bio, maxline); + if (ret == NULL) + return NULL; + + if (wolfSSL_OCSP_REQ_CTX_http(ret, "POST", path) != WOLFSSL_SUCCESS) + goto error; + + if (req != NULL && + wolfSSL_OCSP_REQ_CTX_set1_req(ret, req) != WOLFSSL_SUCCESS) + goto error; + + return ret; +error: + wolfSSL_OCSP_REQ_CTX_free(ret); + return NULL; +} + +int wolfSSL_OCSP_REQ_CTX_add1_header(WOLFSSL_OCSP_REQ_CTX *ctx, + const char *name, const char *value) +{ + WOLFSSL_ENTER("wolfSSL_OCSP_REQ_CTX_add1_header"); + + if (name == NULL) { + WOLFSSL_MSG("Bad parameter"); + return WOLFSSL_FAILURE; + } + if (wolfSSL_BIO_puts(ctx->reqResp, name) <= 0) { + WOLFSSL_MSG("wolfSSL_BIO_puts error"); + return WOLFSSL_FAILURE; + } + if (value != NULL) { + if (wolfSSL_BIO_write(ctx->reqResp, ": ", 2) != 2) { + WOLFSSL_MSG("wolfSSL_BIO_write error"); + return WOLFSSL_FAILURE; + } + if (wolfSSL_BIO_puts(ctx->reqResp, value) <= 0) { + WOLFSSL_MSG("wolfSSL_BIO_puts error"); + return WOLFSSL_FAILURE; + } + } + if (wolfSSL_BIO_write(ctx->reqResp, "\r\n", 2) != 2) { + WOLFSSL_MSG("wolfSSL_BIO_write error"); + return WOLFSSL_FAILURE; + } + + ctx->state = ORS_HEADER_ADDED; + + return WOLFSSL_SUCCESS; +} + +int wolfSSL_OCSP_REQ_CTX_http(WOLFSSL_OCSP_REQ_CTX *ctx, const char *op, + const char *path) +{ + static const char http_hdr[] = "%s %s HTTP/1.0\r\n"; + + WOLFSSL_ENTER("wolfSSL_OCSP_REQ_CTX_http"); + + if (ctx == NULL || op == NULL) { + WOLFSSL_MSG("Bad parameter"); + return WOLFSSL_FAILURE; + } + + if (path == NULL) + path = "/"; + + if (wolfSSL_BIO_printf(ctx->reqResp, http_hdr, op, path) <= 0) { + WOLFSSL_MSG("WOLFSSL_OCSP_REQ_CTX: wolfSSL_BIO_printf error"); + return WOLFSSL_FAILURE; + } + + ctx->state = ORS_HEADER_ADDED; + + return WOLFSSL_SUCCESS; +} + +int wolfSSL_OCSP_REQ_CTX_set1_req(WOLFSSL_OCSP_REQ_CTX *ctx, OcspRequest *req) +{ + static const char req_hdr[] = + "Content-Type: application/ocsp-request\r\n" + "Content-Length: %d\r\n\r\n"; + /* Should be enough to hold Content-Length */ + char req_hdr_buf[sizeof(req_hdr) + 10]; + int req_hdr_buf_len; + int req_len = wolfSSL_i2d_OCSP_REQUEST(req, NULL); + + WOLFSSL_ENTER("wolfSSL_OCSP_REQ_CTX_set1_req"); + + if (ctx == NULL || req == NULL) { + WOLFSSL_MSG("Bad parameters"); + return WOLFSSL_FAILURE; + } + + if (req_len <= 0) { + WOLFSSL_MSG("wolfSSL_OCSP_REQ_CTX_set1_req: request len error"); + return WOLFSSL_FAILURE; + } + + req_hdr_buf_len = + XSNPRINTF(req_hdr_buf, sizeof(req_hdr_buf), req_hdr, req_len); + if (req_hdr_buf_len >= (int)sizeof(req_hdr_buf)) { + WOLFSSL_MSG("wolfSSL_OCSP_REQ_CTX_set1_req: request too long"); + return WOLFSSL_FAILURE; + } + + if (wolfSSL_BIO_write(ctx->reqResp, req_hdr_buf, req_hdr_buf_len) <= 0) { + WOLFSSL_MSG("wolfSSL_OCSP_REQ_CTX_set1_req: wolfSSL_BIO_write error"); + return WOLFSSL_FAILURE; + } + + if (wolfSSL_i2d_OCSP_REQUEST_bio(ctx->reqResp, req) <= 0) { + WOLFSSL_MSG("wolfSSL_OCSP_REQ_CTX_set1_req: request i2d error"); + return WOLFSSL_FAILURE; + } + + ctx->state = ORS_REQ_DONE; + + return WOLFSSL_SUCCESS; +} + +static int OCSP_REQ_CTX_bio_cb(char *buf, int sz, void *ctx) +{ + return BioReceiveInternal((WOLFSSL_BIO*)ctx, NULL, buf, sz); +} + +int wolfSSL_OCSP_REQ_CTX_nbio(WOLFSSL_OCSP_REQ_CTX *ctx) +{ + WOLFSSL_ENTER("wolfSSL_OCSP_REQ_CTX_nbio"); + + if (ctx == NULL) { + WOLFSSL_MSG("Bad parameters"); + return WOLFSSL_FAILURE; + } + + switch ((enum ocspReqIOStates)ctx->ioState) { + case ORIOS_WRITE: + case ORIOS_READ: + break; + case ORIOS_INVALID: + default: + WOLFSSL_MSG("Invalid ctx->ioState state"); + return WOLFSSL_FAILURE; + } + + if (ctx->ioState == ORIOS_WRITE) { + switch ((enum ocspReqStates)ctx->state) { + case ORS_HEADER_ADDED: + /* Write final new line to complete http header */ + if (wolfSSL_BIO_write(ctx->reqResp, "\r\n", 2) != 2) { + WOLFSSL_MSG("wolfSSL_BIO_write error"); + return WOLFSSL_FAILURE; + } + break; + case ORS_REQ_DONE: + break; + case ORS_INVALID: + default: + WOLFSSL_MSG("Invalid WOLFSSL_OCSP_REQ_CTX state"); + return WOLFSSL_FAILURE; + } + } + + switch ((enum ocspReqIOStates)ctx->ioState) { + case ORIOS_WRITE: + { + const unsigned char *req; + int reqLen = wolfSSL_BIO_get_mem_data(ctx->reqResp, &req); + if (reqLen <= 0) { + WOLFSSL_MSG("wolfSSL_BIO_get_mem_data error"); + return WOLFSSL_FAILURE; + } + while (ctx->sent < reqLen) { + int sent = wolfSSL_BIO_write(ctx->bio, req + ctx->sent, + reqLen - ctx->sent); + if (sent <= 0) { + if (wolfSSL_BIO_should_retry(ctx->bio)) + return WOLFSSL_FATAL_ERROR; + WOLFSSL_MSG("wolfSSL_BIO_write error"); + ctx->ioState = ORIOS_INVALID; + return 0; + } + ctx->sent += sent; + } + ctx->sent = 0; + ctx->ioState = ORIOS_READ; + (void)wolfSSL_BIO_reset(ctx->reqResp); + FALL_THROUGH; + } + case ORIOS_READ: + { + byte* resp = NULL; + int respLen; + int ret; + + if (ctx->buf == NULL) /* Should be allocated in new call */ + return WOLFSSL_FAILURE; + + ret = wolfIO_HttpProcessResponseOcspGenericIO(OCSP_REQ_CTX_bio_cb, + ctx->bio, &resp, ctx->buf, ctx->bufLen, NULL); + if (ret <= 0) { + if (resp != NULL) + XFREE(resp, NULL, DYNAMIC_TYPE_OCSP); + if (ret == WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_WANT_READ) || + ret == WC_NO_ERR_TRACE(OCSP_WANT_READ)) + { + return WOLFSSL_FATAL_ERROR; + } + return WOLFSSL_FAILURE; + } + respLen = ret; + ret = wolfSSL_BIO_write(ctx->reqResp, resp, respLen); + XFREE(resp, NULL, DYNAMIC_TYPE_OCSP); + if (ret != respLen) { + WOLFSSL_MSG("wolfSSL_BIO_write error"); + return WOLFSSL_FAILURE; + } + break; + } + case ORIOS_INVALID: + default: + WOLFSSL_MSG("Invalid ctx->ioState state"); + return WOLFSSL_FAILURE; + } + + return WOLFSSL_SUCCESS; +} + +int wolfSSL_OCSP_sendreq_nbio(OcspResponse **presp, WOLFSSL_OCSP_REQ_CTX *ctx) +{ + int ret; + int len; + const unsigned char *resp = NULL; + + WOLFSSL_ENTER("wolfSSL_OCSP_sendreq_nbio"); + + if (presp == NULL) + return WOLFSSL_FAILURE; + + ret = wolfSSL_OCSP_REQ_CTX_nbio(ctx); + if (ret != WOLFSSL_SUCCESS) + return ret; + + len = wolfSSL_BIO_get_mem_data(ctx->reqResp, &resp); + if (len <= 0) + return WOLFSSL_FAILURE; + return wolfSSL_d2i_OCSP_RESPONSE(presp, &resp, len) != NULL + ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE; +} + +/******************************************************************************* + * END OF WOLFSSL_OCSP_REQ_CTX API + ******************************************************************************/ -#ifdef OPENSSL_EXTRA #ifndef NO_WOLFSSL_STUB int wolfSSL_OCSP_REQUEST_add_ext(OcspRequest* req, WOLFSSL_X509_EXTENSION* ext, int idx) @@ -1467,12 +1793,14 @@ int wolfSSL_OCSP_id_get0_info(WOLFSSL_ASN1_STRING **name, #if defined(WOLFSSL_QT) || defined(WOLFSSL_HAPROXY) /* Serial number starts at 0 index of ser->data */ - XMEMCPY(&ser->data[i], cid->status->serial, (size_t)cid->status->serialSz); + XMEMCPY(&ser->data[i], cid->status->serial, + (size_t)cid->status->serialSz); ser->length = cid->status->serialSz; #else ser->data[i++] = ASN_INTEGER; i += SetLength(cid->status->serialSz, ser->data + i); - XMEMCPY(&ser->data[i], cid->status->serial, (size_t)cid->status->serialSz); + XMEMCPY(&ser->data[i], cid->status->serial, + (size_t)cid->status->serialSz); ser->length = i + cid->status->serialSz; #endif @@ -1573,7 +1901,7 @@ int wolfSSL_OCSP_check_nonce(OcspRequest* req, WOLFSSL_OCSP_BASICRESP* bs) /* nonce present in req only */ if (reqNonce != NULL && rspNonce == NULL) - return -1; + return WOLFSSL_FATAL_ERROR; /* nonces are present and equal, return 1. Extra NULL check for fixing scan-build warning. */ @@ -1585,7 +1913,8 @@ int wolfSSL_OCSP_check_nonce(OcspRequest* req, WOLFSSL_OCSP_BASICRESP* bs) /* nonces are present but not equal */ return 0; } -#endif /* OPENSSL_EXTRA */ + +#endif /* OPENSSL_ALL */ #else /* HAVE_OCSP */ diff --git a/src/src/pk.c b/src/src/pk.c index db281f6..42468bf 100644 --- a/src/src/pk.c +++ b/src/src/pk.c @@ -1,6 +1,6 @@ /* pk.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -354,7 +354,7 @@ int EncryptDerKey(byte *der, int *derSz, const EVP_CIPHER* cipher, int ret = 0; int paddingSz = 0; word32 idx; - word32 cipherInfoSz; + word32 cipherInfoSz = 0; #ifdef WOLFSSL_SMALL_STACK EncryptedInfo* info = NULL; #else @@ -376,7 +376,7 @@ int EncryptDerKey(byte *der, int *derSz, const EVP_CIPHER* cipher, DYNAMIC_TYPE_ENCRYPTEDINFO); if (info == NULL) { WOLFSSL_MSG("malloc failed"); - ret = 0; + ret = MEMORY_E; } } #endif @@ -397,7 +397,7 @@ int EncryptDerKey(byte *der, int *derSz, const EVP_CIPHER* cipher, /* Generate a random salt. */ if (wolfSSL_RAND_bytes(info->iv, info->ivSz) != 1) { WOLFSSL_MSG("generate iv failed"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } @@ -417,7 +417,8 @@ int EncryptDerKey(byte *der, int *derSz, const EVP_CIPHER* cipher, (*derSz) += (int)paddingSz; /* Encrypt DER buffer. */ - ret = wc_BufferKeyEncrypt(info, der, (word32)*derSz, passwd, passwdSz, WC_MD5); + ret = wc_BufferKeyEncrypt(info, der, (word32)*derSz, passwd, passwdSz, + WC_MD5); if (ret != 0) { WOLFSSL_MSG("encrypt key failed"); } @@ -1789,7 +1790,7 @@ int wolfSSL_RSA_LoadDer_ex(WOLFSSL_RSA* rsa, const unsigned char* derBuf, if ((rsa == NULL) || (rsa->internal == NULL) || (derBuf == NULL) || (derSz <= 0)) { WOLFSSL_ERROR_MSG("Bad function arguments"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } if (ret == 1) { @@ -1808,7 +1809,7 @@ int wolfSSL_RSA_LoadDer_ex(WOLFSSL_RSA* rsa, const unsigned char* derBuf, /* Something went wrong while decoding. */ WOLFSSL_ERROR_MSG("Unexpected error with trying to remove PKCS#8 " "header"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } if (ret == 1) { @@ -1830,13 +1831,13 @@ int wolfSSL_RSA_LoadDer_ex(WOLFSSL_RSA* rsa, const unsigned char* derBuf, WOLFSSL_ERROR_MSG("RsaPublicKeyDecode failed"); } WOLFSSL_ERROR_VERBOSE(res); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } if (ret == 1) { /* Set external RSA key data from wolfCrypt key. */ if (SetRsaExternal(rsa) != 1) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } else { rsa->inSet = 1; @@ -2051,6 +2052,32 @@ WOLFSSL_RSA *wolfSSL_PEM_read_bio_RSA_PUBKEY(WOLFSSL_BIO* bio, } return rsa; } + +WOLFSSL_RSA *wolfSSL_d2i_RSA_PUBKEY_bio(WOLFSSL_BIO *bio, WOLFSSL_RSA **out) +{ + char* data = NULL; + int dataSz = 0; + int memAlloced = 0; + WOLFSSL_RSA* rsa = NULL; + + WOLFSSL_ENTER("wolfSSL_d2i_RSA_PUBKEY_bio"); + + if (bio == NULL) + return NULL; + + if (wolfssl_read_bio(bio, &data, &dataSz, &memAlloced) != 0) { + if (memAlloced) + XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return NULL; + } + + rsa = wolfssl_rsa_d2i(out, (const unsigned char*)data, dataSz, + WOLFSSL_RSA_LOAD_PUBLIC); + if (memAlloced) + XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + return rsa; +} #endif /* !NO_BIO */ #ifndef NO_FILESYSTEM @@ -2451,7 +2478,7 @@ int wolfSSL_RSA_print(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa, int indent) /* Validate parameters. */ if ((bio == NULL) || (rsa == NULL) || (indent > PRINT_NUM_MAX_INDENT)) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } if (ret == 1) { @@ -2551,7 +2578,7 @@ int SetRsaExternal(WOLFSSL_RSA* rsa) /* Validate parameters. */ if ((rsa == NULL) || (rsa->internal == NULL)) { WOLFSSL_ERROR_MSG("rsa key NULL error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } if (ret == 1) { @@ -2571,6 +2598,7 @@ int SetRsaExternal(WOLFSSL_RSA* rsa) } if (key->type == RSA_PRIVATE) { + #ifndef WOLFSSL_RSA_PUBLIC_ONLY if (ret == 1) { /* Copy private exponent. */ ret = wolfssl_bn_set_value(&rsa->d, &key->d); @@ -2592,7 +2620,8 @@ int SetRsaExternal(WOLFSSL_RSA* rsa) WOLFSSL_ERROR_MSG("rsa q error"); } } - #ifndef RSA_LOW_MEM + #if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || \ + !defined(RSA_LOW_MEM) if (ret == 1) { /* Copy d mod p-1. */ ret = wolfssl_bn_set_value(&rsa->dmp1, &key->dP); @@ -2614,7 +2643,11 @@ int SetRsaExternal(WOLFSSL_RSA* rsa) WOLFSSL_ERROR_MSG("rsa u error"); } } - #endif /* !RSA_LOW_MEM */ + #endif + #else + WOLFSSL_ERROR_MSG("rsa private key not compiled in "); + ret = 0; + #endif /* !WOLFSSL_RSA_PUBLIC_ONLY */ } } if (ret == 1) { @@ -2647,7 +2680,7 @@ int SetRsaInternal(WOLFSSL_RSA* rsa) /* Validate parameters. */ if ((rsa == NULL) || (rsa->internal == NULL)) { WOLFSSL_ERROR_MSG("rsa key NULL error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } if (ret == 1) { @@ -2656,24 +2689,25 @@ int SetRsaInternal(WOLFSSL_RSA* rsa) /* Copy down modulus if available. */ if ((rsa->n != NULL) && (wolfssl_bn_get_value(rsa->n, &key->n) != 1)) { WOLFSSL_ERROR_MSG("rsa n key error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } /* Copy down public exponent if available. */ if ((ret == 1) && (rsa->e != NULL) && (wolfssl_bn_get_value(rsa->e, &key->e) != 1)) { WOLFSSL_ERROR_MSG("rsa e key error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } /* Enough numbers for public key */ key->type = RSA_PUBLIC; +#ifndef WOLFSSL_RSA_PUBLIC_ONLY /* Copy down private exponent if available. */ if ((ret == 1) && (rsa->d != NULL)) { if (wolfssl_bn_get_value(rsa->d, &key->d) != 1) { WOLFSSL_ERROR_MSG("rsa d key error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } else { /* Enough numbers for private key */ @@ -2685,38 +2719,39 @@ int SetRsaInternal(WOLFSSL_RSA* rsa) if ((ret == 1) && (rsa->p != NULL) && (wolfssl_bn_get_value(rsa->p, &key->p) != 1)) { WOLFSSL_ERROR_MSG("rsa p key error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } /* Copy down second prime if available. */ if ((ret == 1) && (rsa->q != NULL) && (wolfssl_bn_get_value(rsa->q, &key->q) != 1)) { WOLFSSL_ERROR_MSG("rsa q key error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } - #ifndef RSA_LOW_MEM +#if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || !defined(RSA_LOW_MEM) /* Copy down d mod p-1 if available. */ if ((ret == 1) && (rsa->dmp1 != NULL) && (wolfssl_bn_get_value(rsa->dmp1, &key->dP) != 1)) { WOLFSSL_ERROR_MSG("rsa dP key error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } /* Copy down d mod q-1 if available. */ if ((ret == 1) && (rsa->dmq1 != NULL) && (wolfssl_bn_get_value(rsa->dmq1, &key->dQ) != 1)) { WOLFSSL_ERROR_MSG("rsa dQ key error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } /* Copy down 1/q mod p if available. */ if ((ret == 1) && (rsa->iqmp != NULL) && (wolfssl_bn_get_value(rsa->iqmp, &key->u) != 1)) { WOLFSSL_ERROR_MSG("rsa u key error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } - #endif /* !RSA_LOW_MEM */ +#endif +#endif if (ret == 1) { /* All available numbers have been set down. */ @@ -3273,6 +3308,7 @@ static int wolfssl_rsa_generate_key_native(WOLFSSL_RSA* rsa, int bits, #endif int initTmpRng = 0; WC_RNG* rng = NULL; + long en = 0; #endif (void)cb; @@ -3286,10 +3322,12 @@ static int wolfssl_rsa_generate_key_native(WOLFSSL_RSA* rsa, int bits, /* Something went wrong so return memory error. */ ret = MEMORY_E; } + if ((ret == 0) && ((en = (long)wolfSSL_BN_get_word(e)) <= 0)) { + ret = BAD_FUNC_ARG; + } if (ret == 0) { /* Generate an RSA key. */ - ret = wc_MakeRsaKey((RsaKey*)rsa->internal, bits, - (long)wolfSSL_BN_get_word(e), rng); + ret = wc_MakeRsaKey((RsaKey*)rsa->internal, bits, en, rng); if (ret != MP_OKAY) { WOLFSSL_ERROR_MSG("wc_MakeRsaKey failed"); } @@ -3493,12 +3531,15 @@ int wolfSSL_RSA_generate_key_ex(WOLFSSL_RSA* rsa, int bits, WOLFSSL_BIGNUM* e, * @param [out] em Encoded message. * @param [in[ mHash Message hash. * @param [in] hashAlg Hash algorithm. + * @param [in] mgf1Hash MGF algorithm. * @param [in] saltLen Length of salt to generate. * @return 1 on success. * @return 0 on failure. */ -int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *em, - const unsigned char *mHash, const WOLFSSL_EVP_MD *hashAlg, int saltLen) + +int wolfSSL_RSA_padding_add_PKCS1_PSS_mgf1(WOLFSSL_RSA *rsa, unsigned char *em, + const unsigned char *mHash, const WOLFSSL_EVP_MD *hashAlg, + const WOLFSSL_EVP_MD *mgf1Hash, int saltLen) { int ret = 1; enum wc_HashType hashType; @@ -3521,6 +3562,9 @@ int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *em, ret = 0; } + if (mgf1Hash == NULL) + mgf1Hash = hashAlg; + if (ret == 1) { /* Get/create an RNG. */ rng = WOLFSSL_RSA_GetRNG(rsa, (WC_RNG**)&tmpRng, &initTmpRng); @@ -3546,7 +3590,7 @@ int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *em, } if (ret == 1) { /* Get the wolfCrypt MGF algorithm from hash algorithm. */ - mgf = wc_hash2mgf(hashType); + mgf = wc_hash2mgf(EvpMd2MacType(mgf1Hash)); if (mgf == WC_MGF1NONE) { WOLFSSL_ERROR_MSG("wc_hash2mgf error"); ret = 0; @@ -3617,6 +3661,13 @@ int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *em, return ret; } +int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *em, + const unsigned char *mHash, const WOLFSSL_EVP_MD *hashAlg, int saltLen) +{ + return wolfSSL_RSA_padding_add_PKCS1_PSS_mgf1(rsa, em, mHash, hashAlg, NULL, + saltLen); +} + /* Checks that the hash is valid for the RSA PKCS#1 PSS encoded message. * * Refer to wolfSSL_RSA_padding_add_PKCS1_PSS for a diagram. @@ -3624,14 +3675,15 @@ int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *em, * @param [in] rsa RSA key. * @param [in[ mHash Message hash. * @param [in] hashAlg Hash algorithm. + * @param [in] mgf1Hash MGF algorithm. * @param [in] em Encoded message. * @param [in] saltLen Length of salt to generate. * @return 1 on success. * @return 0 on failure. */ -int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash, - const WOLFSSL_EVP_MD *hashAlg, - const unsigned char *em, int saltLen) +int wolfSSL_RSA_verify_PKCS1_PSS_mgf1(WOLFSSL_RSA *rsa, + const unsigned char *mHash, const WOLFSSL_EVP_MD *hashAlg, + const WOLFSSL_EVP_MD *mgf1Hash, const unsigned char *em, int saltLen) { int ret = 1; int hashLen = 0; @@ -3649,6 +3701,9 @@ int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash, ret = 0; } + if (mgf1Hash == NULL) + mgf1Hash = hashAlg; + /* TODO: use wolfCrypt RSA key to get emLen and bits? */ /* Set the external data from the wolfCrypt RSA key if not done. */ if ((ret == 1) && (!rsa->exSet)) { @@ -3711,7 +3766,7 @@ int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash, if (ret == 1) { /* Get the wolfCrypt MGF algorithm from hash algorithm. */ - if ((mgf = wc_hash2mgf(hashType)) == WC_MGF1NONE) { + if ((mgf = wc_hash2mgf(EvpMd2MacType(mgf1Hash))) == WC_MGF1NONE) { WOLFSSL_ERROR_MSG("wc_hash2mgf error"); ret = 0; } @@ -3754,6 +3809,14 @@ int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash, XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); return ret; } + +int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash, + const WOLFSSL_EVP_MD *hashAlg, + const unsigned char *em, int saltLen) +{ + return wolfSSL_RSA_verify_PKCS1_PSS_mgf1(rsa, mHash, hashAlg, NULL, em, + saltLen); +} #endif /* !HAVE_FIPS || FIPS_VERSION_GT(2,0) */ #endif /* WC_RSA_PSS && (OPENSSL_ALL || WOLFSSL_ASIO || WOLFSSL_HAPROXY || * WOLFSSL_NGINX) */ @@ -4235,7 +4298,7 @@ int wolfSSL_RSA_public_encrypt(int len, const unsigned char* from, if ((len < 0) || (rsa == NULL) || (rsa->internal == NULL) || (from == NULL)) { WOLFSSL_ERROR_MSG("Bad function arguments"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } if (ret == 0) { @@ -4256,7 +4319,7 @@ int wolfSSL_RSA_public_encrypt(int len, const unsigned char* from, default: WOLFSSL_ERROR_MSG("RSA_public_encrypt doesn't support padding " "scheme"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } #else /* Check for supported padding schemes in FIPS. */ @@ -4264,14 +4327,14 @@ int wolfSSL_RSA_public_encrypt(int len, const unsigned char* from, if (padding != RSA_PKCS1_PADDING) { WOLFSSL_ERROR_MSG("RSA_public_encrypt pad type not supported in " "FIPS"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } #endif } /* Set wolfCrypt RSA key data from external if not already done. */ if ((ret == 0) && (!rsa->inSet) && (SetRsaInternal(rsa) != 1)) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } if (ret == 0) { @@ -4279,7 +4342,7 @@ int wolfSSL_RSA_public_encrypt(int len, const unsigned char* from, outLen = wolfSSL_RSA_size(rsa); if (outLen == 0) { WOLFSSL_ERROR_MSG("Bad RSA size"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } @@ -4287,7 +4350,7 @@ int wolfSSL_RSA_public_encrypt(int len, const unsigned char* from, /* Get an RNG. */ rng = WOLFSSL_RSA_GetRNG(rsa, (WC_RNG**)&tmpRng, &initTmpRng); if (rng == NULL) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } @@ -4313,7 +4376,7 @@ int wolfSSL_RSA_public_encrypt(int len, const unsigned char* from, /* wolfCrypt error means return -1. */ if (ret <= 0) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } WOLFSSL_LEAVE("wolfSSL_RSA_public_encrypt", ret); return ret; @@ -4348,7 +4411,7 @@ int wolfSSL_RSA_private_decrypt(int len, const unsigned char* from, if ((len < 0) || (rsa == NULL) || (rsa->internal == NULL) || (from == NULL)) { WOLFSSL_ERROR_MSG("Bad function arguments"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } if (ret == 0) { @@ -4367,7 +4430,7 @@ int wolfSSL_RSA_private_decrypt(int len, const unsigned char* from, break; default: WOLFSSL_ERROR_MSG("RSA_private_decrypt unsupported padding"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } #else /* Check for supported padding schemes in FIPS. */ @@ -4375,14 +4438,14 @@ int wolfSSL_RSA_private_decrypt(int len, const unsigned char* from, if (padding != RSA_PKCS1_PADDING) { WOLFSSL_ERROR_MSG("RSA_public_encrypt pad type not supported in " "FIPS"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } #endif } /* Set wolfCrypt RSA key data from external if not already done. */ if ((ret == 0) && (!rsa->inSet) && (SetRsaInternal(rsa) != 1)) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } if (ret == 0) { @@ -4390,7 +4453,7 @@ int wolfSSL_RSA_private_decrypt(int len, const unsigned char* from, outLen = wolfSSL_RSA_size(rsa); if (outLen == 0) { WOLFSSL_ERROR_MSG("Bad RSA size"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } @@ -4408,7 +4471,7 @@ int wolfSSL_RSA_private_decrypt(int len, const unsigned char* from, /* wolfCrypt error means return -1. */ if (ret <= 0) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } WOLFSSL_LEAVE("wolfSSL_RSA_private_decrypt", ret); return ret; @@ -4439,7 +4502,7 @@ int wolfSSL_RSA_public_decrypt(int len, const unsigned char* from, if ((len < 0) || (rsa == NULL) || (rsa->internal == NULL) || (from == NULL)) { WOLFSSL_ERROR_MSG("Bad function arguments"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } if (ret == 0) { @@ -4454,20 +4517,20 @@ int wolfSSL_RSA_public_decrypt(int len, const unsigned char* from, /* TODO: RSA_X931_PADDING not supported */ default: WOLFSSL_ERROR_MSG("RSA_public_decrypt unsupported padding"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } #else if (padding != RSA_PKCS1_PADDING) { WOLFSSL_ERROR_MSG("RSA_public_decrypt pad type not supported in " "FIPS"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } #endif } /* Set wolfCrypt RSA key data from external if not already done. */ if ((ret == 0) && (!rsa->inSet) && (SetRsaInternal(rsa) != 1)) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } if (ret == 0) { @@ -4475,7 +4538,7 @@ int wolfSSL_RSA_public_decrypt(int len, const unsigned char* from, outLen = wolfSSL_RSA_size(rsa); if (outLen == 0) { WOLFSSL_ERROR_MSG("Bad RSA size"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } @@ -4494,7 +4557,7 @@ int wolfSSL_RSA_public_decrypt(int len, const unsigned char* from, /* wolfCrypt error means return -1. */ if (ret <= 0) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } WOLFSSL_LEAVE("wolfSSL_RSA_public_decrypt", ret); return ret; @@ -4531,7 +4594,7 @@ int wolfSSL_RSA_private_encrypt(int len, const unsigned char* from, if ((len < 0) || (rsa == NULL) || (rsa->internal == NULL) || (from == NULL)) { WOLFSSL_ERROR_MSG("Bad function arguments"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } if (ret == 0) { @@ -4544,20 +4607,20 @@ int wolfSSL_RSA_private_encrypt(int len, const unsigned char* from, /* TODO: RSA_X931_PADDING not supported */ default: WOLFSSL_ERROR_MSG("RSA_private_encrypt unsupported padding"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } /* Set wolfCrypt RSA key data from external if not already done. */ if ((ret == 0) && (!rsa->inSet) && (SetRsaInternal(rsa) != 1)) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } if (ret == 0) { /* Get an RNG. */ rng = WOLFSSL_RSA_GetRNG(rsa, (WC_RNG**)&tmpRng, &initTmpRng); if (rng == NULL) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } @@ -4590,7 +4653,7 @@ int wolfSSL_RSA_private_encrypt(int len, const unsigned char* from, /* wolfCrypt error means return -1. */ if (ret <= 0) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } WOLFSSL_LEAVE("wolfSSL_RSA_private_encrypt", ret); return ret; @@ -4625,7 +4688,7 @@ int wolfSSL_RSA_GenAdd(WOLFSSL_RSA* rsa) if ((rsa == NULL) || (rsa->p == NULL) || (rsa->q == NULL) || (rsa->d == NULL) || (rsa->dmp1 == NULL) || (rsa->dmq1 == NULL)) { WOLFSSL_ERROR_MSG("rsa no init error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } #ifdef WOLFSSL_SMALL_STACK @@ -4634,7 +4697,7 @@ int wolfSSL_RSA_GenAdd(WOLFSSL_RSA* rsa) DYNAMIC_TYPE_TMP_BUFFER); if (tmp == NULL) { WOLFSSL_ERROR_MSG("Memory allocation failure"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } #endif @@ -4643,7 +4706,7 @@ int wolfSSL_RSA_GenAdd(WOLFSSL_RSA* rsa) /* Initialize temp MP integer. */ if (mp_init(tmp) != MP_OKAY) { WOLFSSL_ERROR_MSG("mp_init error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } @@ -4654,7 +4717,7 @@ int wolfSSL_RSA_GenAdd(WOLFSSL_RSA* rsa) err = mp_sub_d((mp_int*)rsa->p->internal, 1, tmp); if (err != MP_OKAY) { WOLFSSL_ERROR_MSG("mp_sub_d error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } if (ret == 1) { @@ -4663,7 +4726,7 @@ int wolfSSL_RSA_GenAdd(WOLFSSL_RSA* rsa) (mp_int*)rsa->dmp1->internal); if (err != MP_OKAY) { WOLFSSL_ERROR_MSG("mp_mod error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } if (ret == 1) { @@ -4671,7 +4734,7 @@ int wolfSSL_RSA_GenAdd(WOLFSSL_RSA* rsa) err = mp_sub_d((mp_int*)rsa->q->internal, 1, tmp); if (err != MP_OKAY) { WOLFSSL_ERROR_MSG("mp_sub_d error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } if (ret == 1) { @@ -4680,15 +4743,16 @@ int wolfSSL_RSA_GenAdd(WOLFSSL_RSA* rsa) (mp_int*)rsa->dmq1->internal); if (err != MP_OKAY) { WOLFSSL_ERROR_MSG("mp_mod error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } mp_clear(t); #ifdef WOLFSSL_SMALL_STACK - if (tmp != NULL) + if (rsa != NULL) { XFREE(tmp, rsa->heap, DYNAMIC_TYPE_TMP_BUFFER); + } #endif return ret; @@ -4861,34 +4925,34 @@ int SetDsaExternal(WOLFSSL_DSA* dsa) if (dsa == NULL || dsa->internal == NULL) { WOLFSSL_MSG("dsa key NULL error"); - return -1; + return WOLFSSL_FATAL_ERROR; } key = (DsaKey*)dsa->internal; if (wolfssl_bn_set_value(&dsa->p, &key->p) != 1) { WOLFSSL_MSG("dsa p key error"); - return -1; + return WOLFSSL_FATAL_ERROR; } if (wolfssl_bn_set_value(&dsa->q, &key->q) != 1) { WOLFSSL_MSG("dsa q key error"); - return -1; + return WOLFSSL_FATAL_ERROR; } if (wolfssl_bn_set_value(&dsa->g, &key->g) != 1) { WOLFSSL_MSG("dsa g key error"); - return -1; + return WOLFSSL_FATAL_ERROR; } if (wolfssl_bn_set_value(&dsa->pub_key, &key->y) != 1) { WOLFSSL_MSG("dsa y key error"); - return -1; + return WOLFSSL_FATAL_ERROR; } if (wolfssl_bn_set_value(&dsa->priv_key, &key->x) != 1) { WOLFSSL_MSG("dsa x key error"); - return -1; + return WOLFSSL_FATAL_ERROR; } dsa->exSet = 1; @@ -4906,7 +4970,7 @@ int SetDsaInternal(WOLFSSL_DSA* dsa) if (dsa == NULL || dsa->internal == NULL) { WOLFSSL_MSG("dsa key NULL error"); - return -1; + return WOLFSSL_FATAL_ERROR; } key = (DsaKey*)dsa->internal; @@ -4914,25 +4978,25 @@ int SetDsaInternal(WOLFSSL_DSA* dsa) if (dsa->p != NULL && wolfssl_bn_get_value(dsa->p, &key->p) != 1) { WOLFSSL_MSG("rsa p key error"); - return -1; + return WOLFSSL_FATAL_ERROR; } if (dsa->q != NULL && wolfssl_bn_get_value(dsa->q, &key->q) != 1) { WOLFSSL_MSG("rsa q key error"); - return -1; + return WOLFSSL_FATAL_ERROR; } if (dsa->g != NULL && wolfssl_bn_get_value(dsa->g, &key->g) != 1) { WOLFSSL_MSG("rsa g key error"); - return -1; + return WOLFSSL_FATAL_ERROR; } if (dsa->pub_key != NULL) { if (wolfssl_bn_get_value(dsa->pub_key, &key->y) != 1) { WOLFSSL_MSG("rsa pub_key error"); - return -1; + return WOLFSSL_FATAL_ERROR; } /* public key */ @@ -4942,7 +5006,7 @@ int SetDsaInternal(WOLFSSL_DSA* dsa) if (dsa->priv_key != NULL) { if (wolfssl_bn_get_value(dsa->priv_key, &key->x) != 1) { WOLFSSL_MSG("rsa priv_key error"); - return -1; + return WOLFSSL_FATAL_ERROR; } /* private key */ @@ -4990,7 +5054,7 @@ int wolfSSL_DSA_generate_key(WOLFSSL_DSA* dsa) #ifdef WOLFSSL_SMALL_STACK tmpRng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG); if (tmpRng == NULL) - return -1; + return WOLFSSL_FATAL_ERROR; #endif if (wc_InitRng(tmpRng) == 0) { rng = tmpRng; @@ -5094,7 +5158,7 @@ int wolfSSL_DSA_generate_parameters_ex(WOLFSSL_DSA* dsa, int bits, #ifdef WOLFSSL_SMALL_STACK tmpRng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG); if (tmpRng == NULL) - return -1; + return WOLFSSL_FATAL_ERROR; #endif if (wc_InitRng(tmpRng) == 0) { rng = tmpRng; @@ -5266,20 +5330,20 @@ int wolfSSL_i2d_DSA_SIG(const WOLFSSL_DSA_SIG *sig, byte **out) if (sig == NULL || sig->r == NULL || sig->s == NULL || out == NULL) { WOLFSSL_MSG("Bad function arguments"); - return -1; + return WOLFSSL_FATAL_ERROR; } if (StoreECC_DSA_Sig(buf, &bufLen, (mp_int*)sig->r->internal, (mp_int*)sig->s->internal) != 0) { WOLFSSL_MSG("StoreECC_DSA_Sig error"); - return -1; + return WOLFSSL_FATAL_ERROR; } if (*out == NULL) { byte* tmp = (byte*)XMALLOC(bufLen, NULL, DYNAMIC_TYPE_ASN1); if (tmp == NULL) { WOLFSSL_MSG("malloc error"); - return -1; + return WOLFSSL_FATAL_ERROR; } *out = tmp; } @@ -5403,13 +5467,13 @@ WOLFSSL_DSA_SIG* wolfSSL_d2i_DSA_SIG(WOLFSSL_DSA_SIG **sig, return ret; } -#endif /* HAVE_SELFTEST */ -/* return 1 on success, < 0 otherwise */ -int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet, - WOLFSSL_DSA* dsa) +#endif /* !HAVE_SELFTEST */ + +static int dsa_do_sign(const unsigned char* d, int dLen, unsigned char* sigRet, + WOLFSSL_DSA* dsa) { - int ret = -1; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR); int initTmpRng = 0; WC_RNG* rng = NULL; #ifdef WOLFSSL_SMALL_STACK @@ -5418,25 +5482,23 @@ int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet, WC_RNG tmpRng[1]; #endif - WOLFSSL_ENTER("wolfSSL_DSA_do_sign"); - if (d == NULL || sigRet == NULL || dsa == NULL) { WOLFSSL_MSG("Bad function arguments"); - return ret; + return WOLFSSL_FATAL_ERROR; } if (dsa->inSet == 0) { WOLFSSL_MSG("No DSA internal set, do it"); if (SetDsaInternal(dsa) != 1) { WOLFSSL_MSG("SetDsaInternal failed"); - return ret; + return WOLFSSL_FATAL_ERROR; } } #ifdef WOLFSSL_SMALL_STACK tmpRng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG); if (tmpRng == NULL) - return -1; + return WOLFSSL_FATAL_ERROR; #endif if (wc_InitRng(tmpRng) == 0) { @@ -5445,14 +5507,30 @@ int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet, } else { WOLFSSL_MSG("Bad RNG Init, trying global"); +#ifdef WOLFSSL_SMALL_STACK + XFREE(tmpRng, NULL, DYNAMIC_TYPE_RNG); + tmpRng = NULL; +#endif rng = wolfssl_get_global_rng(); + if (! rng) + return WOLFSSL_FATAL_ERROR; } if (rng) { - if (wc_DsaSign(d, sigRet, (DsaKey*)dsa->internal, rng) < 0) - WOLFSSL_MSG("DsaSign failed"); +#ifdef HAVE_SELFTEST + if (dLen != WC_SHA_DIGEST_SIZE || + wc_DsaSign(d, sigRet, (DsaKey*)dsa->internal, rng) < 0) { + WOLFSSL_MSG("wc_DsaSign failed or dLen wrong length"); + ret = WOLFSSL_FATAL_ERROR; + } +#else + if (wc_DsaSign_ex(d, dLen, sigRet, (DsaKey*)dsa->internal, rng) < 0) { + WOLFSSL_MSG("wc_DsaSign_ex failed"); + ret = WOLFSSL_FATAL_ERROR; + } +#endif else - ret = 1; + ret = WOLFSSL_SUCCESS; } if (initTmpRng) @@ -5464,6 +5542,15 @@ int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet, return ret; } +/* return 1 on success, < 0 otherwise */ +int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet, + WOLFSSL_DSA* dsa) +{ + WOLFSSL_ENTER("wolfSSL_DSA_do_sign"); + + return dsa_do_sign(d, WC_SHA_DIGEST_SIZE, sigRet, dsa); +} + #ifndef HAVE_SELFTEST WOLFSSL_DSA_SIG* wolfSSL_DSA_do_sign_ex(const unsigned char* digest, int inLen, WOLFSSL_DSA* dsa) @@ -5474,12 +5561,12 @@ WOLFSSL_DSA_SIG* wolfSSL_DSA_do_sign_ex(const unsigned char* digest, WOLFSSL_ENTER("wolfSSL_DSA_do_sign_ex"); - if (!digest || !dsa || inLen != WC_SHA_DIGEST_SIZE) { + if (!digest || !dsa) { WOLFSSL_MSG("Bad function arguments"); return NULL; } - if (wolfSSL_DSA_do_sign(digest, sigBin, dsa) != 1) { + if (dsa_do_sign(digest, inLen, sigBin, dsa) != 1) { WOLFSSL_MSG("wolfSSL_DSA_do_sign error"); return NULL; } @@ -5498,18 +5585,16 @@ WOLFSSL_DSA_SIG* wolfSSL_DSA_do_sign_ex(const unsigned char* digest, /* 2 * sigLen for the two points r and s */ return wolfSSL_d2i_DSA_SIG(NULL, &tmp, 2 * sigLen); } -#endif /* !HAVE_SELFTEST */ +#endif -int wolfSSL_DSA_do_verify(const unsigned char* d, unsigned char* sig, +static int dsa_do_verify(const unsigned char* d, int dLen, unsigned char* sig, WOLFSSL_DSA* dsa, int *dsacheck) { - int ret = -1; - - WOLFSSL_ENTER("wolfSSL_DSA_do_verify"); + int ret; if (d == NULL || sig == NULL || dsa == NULL) { WOLFSSL_MSG("Bad function arguments"); - return -1; + return WOLFSSL_FATAL_ERROR; } if (dsa->inSet == 0) { @@ -5517,17 +5602,34 @@ int wolfSSL_DSA_do_verify(const unsigned char* d, unsigned char* sig, if (SetDsaInternal(dsa) != 1) { WOLFSSL_MSG("SetDsaInternal failed"); - return -1; + return WOLFSSL_FATAL_ERROR; } } - ret = DsaVerify(d, sig, (DsaKey*)dsa->internal, dsacheck); - if (ret != 0 || *dsacheck != 1) { +#ifdef HAVE_SELFTEST + ret = dLen == WC_SHA_DIGEST_SIZE ? + wc_DsaVerify(d, sig, (DsaKey*)dsa->internal, dsacheck) : BAD_FUNC_ARG; +#else + ret = wc_DsaVerify_ex(d, dLen, sig, (DsaKey*)dsa->internal, dsacheck); +#endif + if (ret != 0) { WOLFSSL_MSG("DsaVerify failed"); - return ret; + return WOLFSSL_FATAL_ERROR; + } + if (*dsacheck != 1) { + WOLFSSL_MSG("DsaVerify sig failed"); + return WOLFSSL_FAILURE; } - return 1; + return WOLFSSL_SUCCESS; +} + +int wolfSSL_DSA_do_verify(const unsigned char* d, unsigned char* sig, + WOLFSSL_DSA* dsa, int *dsacheck) +{ + WOLFSSL_ENTER("wolfSSL_DSA_do_verify"); + + return dsa_do_verify(d, WC_SHA_DIGEST_SIZE, sig, dsa, dsacheck); } @@ -5552,7 +5654,7 @@ int wolfSSL_DSA_do_verify_ex(const unsigned char* digest, int digest_len, WOLFSSL_ENTER("wolfSSL_DSA_do_verify_ex"); - if (!digest || !sig || !dsa || digest_len != WC_SHA_DIGEST_SIZE) { + if (!digest || !sig || !dsa) { WOLFSSL_MSG("Bad function arguments"); return 0; } @@ -5604,14 +5706,14 @@ int wolfSSL_DSA_do_verify_ex(const unsigned char* digest, int digest_len, if (wolfSSL_BN_bn2bin(sig->s, sigBinPtr) == -1) return 0; - if ((wolfSSL_DSA_do_verify(digest, sigBin, dsa, &dsacheck) + if ((dsa_do_verify(digest, digest_len, sigBin, dsa, &dsacheck) != 1) || dsacheck != 1) { return 0; } return 1; } -#endif /* !HAVE_SELFTEST */ +#endif int wolfSSL_i2d_DSAparams(const WOLFSSL_DSA* dsa, unsigned char** out) @@ -5910,8 +6012,7 @@ int wolfSSL_PEM_write_mem_DSAPrivateKey(WOLFSSL_DSA* dsa, if (tmp == NULL) { WOLFSSL_MSG("malloc failed"); XFREE(derBuf, NULL, DYNAMIC_TYPE_DER); - if (cipherInfo != NULL) - XFREE(cipherInfo, NULL, DYNAMIC_TYPE_STRING); + XFREE(cipherInfo, NULL, DYNAMIC_TYPE_STRING); return 0; } @@ -5922,13 +6023,11 @@ int wolfSSL_PEM_write_mem_DSAPrivateKey(WOLFSSL_DSA* dsa, WOLFSSL_MSG("wc_DerToPemEx failed"); XFREE(derBuf, NULL, DYNAMIC_TYPE_DER); XFREE(tmp, NULL, DYNAMIC_TYPE_PEM); - if (cipherInfo != NULL) - XFREE(cipherInfo, NULL, DYNAMIC_TYPE_STRING); + XFREE(cipherInfo, NULL, DYNAMIC_TYPE_STRING); return 0; } XFREE(derBuf, NULL, DYNAMIC_TYPE_DER); - if (cipherInfo != NULL) - XFREE(cipherInfo, NULL, DYNAMIC_TYPE_STRING); + XFREE(cipherInfo, NULL, DYNAMIC_TYPE_STRING); *pem = (byte*)XMALLOC((size_t)((*pLen)+1), NULL, DYNAMIC_TYPE_KEY); if (*pem == NULL) { @@ -6104,19 +6203,19 @@ int wolfSSL_DSA_LoadDer(WOLFSSL_DSA* dsa, const unsigned char* derBuf, int derSz if (dsa == NULL || dsa->internal == NULL || derBuf == NULL || derSz <= 0) { WOLFSSL_MSG("Bad function arguments"); - return -1; + return WOLFSSL_FATAL_ERROR; } ret = DsaPrivateKeyDecode(derBuf, &idx, (DsaKey*)dsa->internal, (word32)derSz); if (ret < 0) { WOLFSSL_MSG("DsaPrivateKeyDecode failed"); - return -1; + return WOLFSSL_FATAL_ERROR; } if (SetDsaExternal(dsa) != 1) { WOLFSSL_MSG("SetDsaExternal failed"); - return -1; + return WOLFSSL_FATAL_ERROR; } dsa->inSet = 1; @@ -6136,7 +6235,7 @@ int wolfSSL_DSA_LoadDer_ex(WOLFSSL_DSA* dsa, const unsigned char* derBuf, if (dsa == NULL || dsa->internal == NULL || derBuf == NULL || derSz <= 0) { WOLFSSL_MSG("Bad function arguments"); - return -1; + return WOLFSSL_FATAL_ERROR; } if (opt == WOLFSSL_DSA_LOAD_PRIVATE) { @@ -6151,17 +6250,17 @@ int wolfSSL_DSA_LoadDer_ex(WOLFSSL_DSA* dsa, const unsigned char* derBuf, if (ret < 0 && opt == WOLFSSL_DSA_LOAD_PRIVATE) { WOLFSSL_ERROR_VERBOSE(ret); WOLFSSL_MSG("DsaPrivateKeyDecode failed"); - return -1; + return WOLFSSL_FATAL_ERROR; } else if (ret < 0 && opt == WOLFSSL_DSA_LOAD_PUBLIC) { WOLFSSL_ERROR_VERBOSE(ret); WOLFSSL_MSG("DsaPublicKeyDecode failed"); - return -1; + return WOLFSSL_FATAL_ERROR; } if (SetDsaExternal(dsa) != 1) { WOLFSSL_MSG("SetDsaExternal failed"); - return -1; + return WOLFSSL_FATAL_ERROR; } dsa->inSet = 1; @@ -7279,7 +7378,7 @@ WOLFSSL_BIGNUM* wolfSSL_DH_8192_prime(WOLFSSL_BIGNUM* bn) #ifndef NO_CERTS -/* Load the DER encoded DH parameters/key into DH key. +/* Load the DER encoded DH parameters into DH key. * * @param [in, out] dh DH key to load parameters into. * @param [in] der Buffer holding DER encoded parameters data. @@ -7290,7 +7389,7 @@ WOLFSSL_BIGNUM* wolfSSL_DH_8192_prime(WOLFSSL_BIGNUM* bn) * @return 0 on success. * @return 1 when decoding DER or setting the external key fails. */ -static int wolfssl_dh_load_key(WOLFSSL_DH* dh, const unsigned char* der, +static int wolfssl_dh_load_params(WOLFSSL_DH* dh, const unsigned char* der, word32* idx, word32 derSz) { int err = 0; @@ -7403,7 +7502,7 @@ WOLFSSL_DH *wolfSSL_d2i_DHparams(WOLFSSL_DH** dh, const unsigned char** pp, WOLFSSL_ERROR_MSG("wolfSSL_DH_new() failed"); err = 1; } - if ((!err) && (wolfssl_dh_load_key(newDh, *pp, &idx, + if ((!err) && (wolfssl_dh_load_params(newDh, *pp, &idx, (word32)length) != 0)) { WOLFSSL_ERROR_MSG("Loading DH parameters failed"); err = 1; @@ -7560,13 +7659,13 @@ int wolfSSL_DH_LoadDer(WOLFSSL_DH* dh, const unsigned char* derBuf, int derSz) if ((dh == NULL) || (dh->internal == NULL) || (derBuf == NULL) || (derSz <= 0)) { WOLFSSL_ERROR_MSG("Bad function arguments"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } - if ((ret == 1) && (wolfssl_dh_load_key(dh, derBuf, &idx, + if ((ret == 1) && (wolfssl_dh_load_params(dh, derBuf, &idx, (word32)derSz) != 0)) { WOLFSSL_ERROR_MSG("DH key decode failed"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } return ret; @@ -7754,7 +7853,7 @@ WOLFSSL_DH* wolfSSL_PEM_read_DHparams(XFILE fp, WOLFSSL_DH** dh, static int wolfssl_dhparams_to_der(WOLFSSL_DH* dh, unsigned char** out, void* heap) { - int ret = -1; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR); int err = 0; byte* der = NULL; word32 derSz; @@ -7798,9 +7897,7 @@ static int wolfssl_dhparams_to_der(WOLFSSL_DH* dh, unsigned char** out, *out = der; der = NULL; } - if (der != NULL) { - XFREE(der, heap, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(der, heap, DYNAMIC_TYPE_TMP_BUFFER); return ret; } @@ -7885,7 +7982,7 @@ int SetDhExternal_ex(WOLFSSL_DH *dh, int elm) /* Validate parameters. */ if ((dh == NULL) || (dh->internal == NULL)) { WOLFSSL_ERROR_MSG("dh key NULL error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } if (ret == 1) { @@ -7897,21 +7994,21 @@ int SetDhExternal_ex(WOLFSSL_DH *dh, int elm) /* Set the prime. */ if (wolfssl_bn_set_value(&dh->p, &key->p) != 1) { WOLFSSL_ERROR_MSG("dh param p error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } if ((ret == 1) && (elm & ELEMENT_G)) { /* Set the generator. */ if (wolfssl_bn_set_value(&dh->g, &key->g) != 1) { WOLFSSL_ERROR_MSG("dh param g error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } if ((ret == 1) && (elm & ELEMENT_Q)) { /* Set the order. */ if (wolfssl_bn_set_value(&dh->q, &key->q) != 1) { WOLFSSL_ERROR_MSG("dh param q error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } #ifdef WOLFSSL_DH_EXTRA @@ -7919,14 +8016,14 @@ int SetDhExternal_ex(WOLFSSL_DH *dh, int elm) /* Set the private key. */ if (wolfssl_bn_set_value(&dh->priv_key, &key->priv) != 1) { WOLFSSL_ERROR_MSG("No DH Private Key"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } if ((ret == 1) && (elm & ELEMENT_PUB)) { /* Set the public key. */ if (wolfssl_bn_set_value(&dh->pub_key, &key->pub) != 1) { WOLFSSL_ERROR_MSG("No DH Public Key"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } #endif /* WOLFSSL_DH_EXTRA */ @@ -7971,7 +8068,7 @@ int SetDhInternal(WOLFSSL_DH* dh) /* Validate parameters. */ if ((dh == NULL) || (dh->p == NULL) || (dh->g == NULL)) { WOLFSSL_ERROR_MSG("Bad function arguments"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } if (ret == 1) { /* Get the wolfSSL DH key. */ @@ -7980,26 +8077,26 @@ int SetDhInternal(WOLFSSL_DH* dh) /* Clear out key and initialize. */ wc_FreeDhKey(key); if (wc_InitDhKey(key) != 0) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } if (ret == 1) { /* Transfer prime. */ if (wolfssl_bn_get_value(dh->p, &key->p) != 1) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } if (ret == 1) { /* Transfer generator. */ if (wolfssl_bn_get_value(dh->g, &key->g) != 1) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } #ifdef HAVE_FFDHE_Q /* Transfer order if available. */ if ((ret == 1) && (dh->q != NULL)) { if (wolfssl_bn_get_value(dh->q, &key->q) != 1) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } #endif @@ -8008,14 +8105,14 @@ int SetDhInternal(WOLFSSL_DH* dh) if ((ret == 1) && (dh->priv_key != NULL) && (!wolfSSL_BN_is_zero(dh->priv_key))) { if (wolfssl_bn_get_value(dh->priv_key, &key->priv) != 1) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } /* Transfer public key if available. */ if ((ret == 1) && (dh->pub_key != NULL) && (!wolfSSL_BN_is_zero(dh->pub_key))) { if (wolfssl_bn_get_value(dh->pub_key, &key->pub) != 1) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } #endif /* WOLFSSL_DH_EXTRA */ @@ -8038,17 +8135,14 @@ int SetDhInternal(WOLFSSL_DH* dh) */ int wolfSSL_DH_size(WOLFSSL_DH* dh) { - int ret = -1; - WOLFSSL_ENTER("wolfSSL_DH_size"); - /* Validate parameter. */ - if (dh != NULL) { - /* Size of key is size of prime in bytes. */ - ret = wolfSSL_BN_num_bytes(dh->p); - } + if (dh == NULL) + return WOLFSSL_FATAL_ERROR; - return ret; + /* Validate parameter. */ + /* Size of key is size of prime in bytes. */ + return wolfSSL_BN_num_bytes(dh->p); } /** @@ -8575,6 +8669,10 @@ int wolfSSL_DH_generate_key(WOLFSSL_DH* dh) /* Private key size can be as much as the size of the prime. */ if (dh->length) { privSz = (word32)(dh->length / 8); /* to bytes */ + /* Special case where priv key is larger than dh->length / 8 + * See GeneratePrivateDh */ + if (dh->length == 128) + privSz = 21; } else { privSz = pubSz; @@ -8641,20 +8739,8 @@ int wolfSSL_DH_generate_key(WOLFSSL_DH* dh) } -/* Compute the shared key from the private key and peer's public key. - * - * Return code compliant with OpenSSL. - * OpenSSL returns 0 when number of bits in p are smaller than minimum - * supported. - * - * @param [out] key Buffer to place shared key. - * @param [in] otherPub Peer's public key. - * @param [in] dh DH key containing private key. - * @return -1 on error. - * @return Size of shared secret in bytes on success. - */ -int wolfSSL_DH_compute_key(unsigned char* key, const WOLFSSL_BIGNUM* otherPub, - WOLFSSL_DH* dh) +static int _DH_compute_key(unsigned char* key, const WOLFSSL_BIGNUM* otherPub, + WOLFSSL_DH* dh, int ct) { int ret = 0; word32 keySz = 0; @@ -8674,19 +8760,19 @@ int wolfSSL_DH_compute_key(unsigned char* key, const WOLFSSL_BIGNUM* otherPub, /* Validate parameters. */ if ((dh == NULL) || (dh->priv_key == NULL) || (otherPub == NULL)) { WOLFSSL_ERROR_MSG("Bad function arguments"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } /* Get the maximum size of computed DH key. */ if ((ret == 0) && ((keySz = (word32)DH_size(dh)) == 0)) { WOLFSSL_ERROR_MSG("Bad DH_size"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } if (ret == 0) { /* Validate the size of the private key. */ sz = wolfSSL_BN_num_bytes(dh->priv_key); if (sz > (int)privSz) { WOLFSSL_ERROR_MSG("Bad priv internal size"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } if (ret == 0) { @@ -8699,7 +8785,7 @@ int wolfSSL_DH_compute_key(unsigned char* key, const WOLFSSL_BIGNUM* otherPub, sz = wolfSSL_BN_num_bytes(otherPub); if (sz > pubSz) { WOLFSSL_ERROR_MSG("Bad otherPub size"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } @@ -8709,14 +8795,14 @@ int wolfSSL_DH_compute_key(unsigned char* key, const WOLFSSL_BIGNUM* otherPub, pub = (unsigned char*)XMALLOC((size_t)sz, NULL, DYNAMIC_TYPE_PUBLIC_KEY); if (pub == NULL) - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } if (ret == 0) { /* Allocate memory for the private key array. */ priv = (unsigned char*)XMALLOC((size_t)privSz, NULL, DYNAMIC_TYPE_PRIVATE_KEY); if (priv == NULL) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } if (ret == 0) { @@ -8724,28 +8810,58 @@ int wolfSSL_DH_compute_key(unsigned char* key, const WOLFSSL_BIGNUM* otherPub, /* Get the private key into the array. */ privSz = wolfSSL_BN_bn2bin(dh->priv_key, priv); if (privSz <= 0) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } if (ret == 0) { /* Get the public key into the array. */ pubSz = wolfSSL_BN_bn2bin(otherPub, pub); if (pubSz <= 0) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } /* Synchronize the external into the internal parameters. */ if ((ret == 0) && ((dh->inSet == 0) && (SetDhInternal(dh) != 1))) { WOLFSSL_ERROR_MSG("Bad DH set internal"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } PRIVATE_KEY_UNLOCK(); /* Calculate shared secret from private and public keys. */ - if ((ret == 0) && (wc_DhAgree((DhKey*)dh->internal, key, &keySz, priv, - (word32)privSz, pub, (word32)pubSz) < 0)) { - WOLFSSL_ERROR_MSG("wc_DhAgree failed"); - ret = -1; + if (ret == 0) { + word32 padded_keySz = keySz; +#if (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7,0)) && !defined(HAVE_SELFTEST) + if (ct) { + if (wc_DhAgree_ct((DhKey*)dh->internal, key, &keySz, priv, + (word32)privSz, pub, (word32)pubSz) < 0) { + WOLFSSL_ERROR_MSG("wc_DhAgree_ct failed"); + ret = WOLFSSL_FATAL_ERROR; + } + } + else +#endif /* (!HAVE_FIPS || FIPS_VERSION_GE(7,0)) && !HAVE_SELFTEST */ + { + if (wc_DhAgree((DhKey*)dh->internal, key, &keySz, priv, + (word32)privSz, pub, (word32)pubSz) < 0) { + WOLFSSL_ERROR_MSG("wc_DhAgree failed"); + ret = WOLFSSL_FATAL_ERROR; + } + } + + if ((ret == 0) && ct) { + /* Arrange for correct fixed-length, right-justified key, even if + * the crypto back end doesn't support it. With some crypto back + * ends this forgoes formal constant-timeness on the key agreement, + * but assured that wolfSSL_DH_compute_key_padded() functions + * correctly. + */ + if (keySz < padded_keySz) { + XMEMMOVE(key, key + (padded_keySz - keySz), + padded_keySz - keySz); + XMEMSET(key, 0, padded_keySz - keySz); + keySz = padded_keySz; + } + } } if (ret == 0) { /* Return actual length. */ @@ -8769,6 +8885,45 @@ int wolfSSL_DH_compute_key(unsigned char* key, const WOLFSSL_BIGNUM* otherPub, return ret; } + +/* Compute the shared key from the private key and peer's public key. + * + * Return code compliant with OpenSSL. + * OpenSSL returns 0 when number of bits in p are smaller than minimum + * supported. + * + * @param [out] key Buffer to place shared key. + * @param [in] otherPub Peer's public key. + * @param [in] dh DH key containing private key. + * @return -1 on error. + * @return Size of shared secret in bytes on success. + */ +int wolfSSL_DH_compute_key(unsigned char* key, const WOLFSSL_BIGNUM* otherPub, + WOLFSSL_DH* dh) +{ + return _DH_compute_key(key, otherPub, dh, 0); +} + +/* Compute the shared key from the private key and peer's public key as in + * wolfSSL_DH_compute_key, but using constant time processing, with an output + * key length fixed at the nominal DH key size. Leading zeros are retained. + * + * Return code compliant with OpenSSL. + * OpenSSL returns 0 when number of bits in p are smaller than minimum + * supported. + * + * @param [out] key Buffer to place shared key. + * @param [in] otherPub Peer's public key. + * @param [in] dh DH key containing private key. + * @return -1 on error. + * @return Size of shared secret in bytes on success. + */ +int wolfSSL_DH_compute_key_padded(unsigned char* key, + const WOLFSSL_BIGNUM* otherPub, WOLFSSL_DH* dh) +{ + return _DH_compute_key(key, otherPub, dh, 1); +} + #endif /* !HAVE_FIPS || (HAVE_FIPS && !WOLFSSL_DH_EXTRA) || * HAVE_FIPS_VERSION > 2 */ @@ -8956,7 +9111,7 @@ int EccEnumToNID(int n) #endif default: WOLFSSL_MSG("NID not found"); - return -1; + return WOLFSSL_FATAL_ERROR; } } #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ @@ -8972,8 +9127,7 @@ int EccEnumToNID(int n) */ int NIDToEccEnum(int nid) { - /* -1 on error. */ - int id = -1; + int id; WOLFSSL_ENTER("NIDToEccEnum"); @@ -9061,6 +9215,8 @@ int NIDToEccEnum(int nid) break; default: WOLFSSL_MSG("NID not found"); + /* -1 on error. */ + id = WOLFSSL_FATAL_ERROR; } return id; @@ -9172,13 +9328,19 @@ void wolfSSL_EC_GROUP_free(WOLFSSL_EC_GROUP *group) * @return NULL on error. */ static WOLFSSL_EC_GROUP* wolfssl_ec_group_d2i(WOLFSSL_EC_GROUP** group, - const unsigned char* in, long inSz) + const unsigned char** in_pp, long inSz) { int err = 0; WOLFSSL_EC_GROUP* ret = NULL; word32 idx = 0; word32 oid = 0; int id = 0; + const unsigned char* in; + + if (in_pp == NULL || *in_pp == NULL) + return NULL; + + in = *in_pp; /* Use the group passed in. */ if ((group != NULL) && (*group != NULL)) { @@ -9227,6 +9389,9 @@ static WOLFSSL_EC_GROUP* wolfssl_ec_group_d2i(WOLFSSL_EC_GROUP** group, } ret = NULL; } + else { + *in_pp += idx; + } return ret; } @@ -9258,7 +9423,8 @@ WOLFSSL_EC_GROUP* wolfSSL_PEM_read_bio_ECPKParameters(WOLFSSL_BIO* bio, } if (!err) { /* Create EC group from DER encoding. */ - ret = wolfssl_ec_group_d2i(group, der->buffer, der->length); + const byte** p = (const byte**)&der->buffer; + ret = wolfssl_ec_group_d2i(group, p, der->length); if (ret == NULL) { WOLFSSL_ERROR_MSG("Error loading DER buffer into WOLFSSL_EC_GROUP"); } @@ -9269,6 +9435,52 @@ WOLFSSL_EC_GROUP* wolfSSL_PEM_read_bio_ECPKParameters(WOLFSSL_BIO* bio, return ret; } +WOLFSSL_EC_GROUP *wolfSSL_d2i_ECPKParameters(WOLFSSL_EC_GROUP **out, + const unsigned char **in, long len) +{ + return wolfssl_ec_group_d2i(out, in, len); +} + +int wolfSSL_i2d_ECPKParameters(const WOLFSSL_EC_GROUP* grp, unsigned char** pp) +{ + unsigned char* out = NULL; + int len = 0; + int idx; + const byte* oid = NULL; + word32 oidSz = 0; + + if (grp == NULL || !wc_ecc_is_valid_idx(grp->curve_idx) || + grp->curve_idx < 0) + return WOLFSSL_FATAL_ERROR; + + /* Get the actual DER encoding of the OID. ecc_sets[grp->curve_idx].oid + * is just the numerical representation. */ + if (wc_ecc_get_oid(grp->curve_oid, &oid, &oidSz) < 0) + return WOLFSSL_FATAL_ERROR; + + len = SetObjectId(oidSz, NULL) + oidSz; + + if (pp == NULL) + return len; + + if (*pp == NULL) { + out = (unsigned char*)XMALLOC(len, NULL, DYNAMIC_TYPE_ASN1); + if (out == NULL) + return WOLFSSL_FATAL_ERROR; + } + else { + out = *pp; + } + + idx = SetObjectId(oidSz, out); + XMEMCPY(out + idx, oid, oidSz); + if (*pp == NULL) + *pp = out; + else + *pp += len; + + return len; +} #endif /* !NO_BIO */ #if defined(OPENSSL_ALL) && !defined(NO_CERTS) @@ -9337,7 +9549,7 @@ int wolfSSL_EC_GROUP_cmp(const WOLFSSL_EC_GROUP *a, const WOLFSSL_EC_GROUP *b, if ((a == NULL) || (b == NULL)) { WOLFSSL_MSG("wolfSSL_EC_GROUP_cmp Bad arguments"); /* Return error value. */ - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } /* Compare NID and wolfSSL curve index. */ else { @@ -9488,7 +9700,7 @@ int wolfSSL_EC_GROUP_order_bits(const WOLFSSL_EC_GROUP *group) /* Validate parameter. */ if ((group == NULL) || (group->curve_idx < 0)) { WOLFSSL_MSG("wolfSSL_EC_GROUP_order_bits NULL error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } #ifdef WOLFSSL_SMALL_STACK @@ -9497,7 +9709,7 @@ int wolfSSL_EC_GROUP_order_bits(const WOLFSSL_EC_GROUP *group) order = (mp_int *)XMALLOC(sizeof(*order), NULL, DYNAMIC_TYPE_TMP_BUFFER); if (order == NULL) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } #endif @@ -9559,6 +9771,12 @@ int wolfSSL_EC_GROUP_get_order(const WOLFSSL_EC_GROUP *group, ret = 0; } + if (ret == 1 && + (group->curve_idx < 0 || !wc_ecc_is_valid_idx(group->curve_idx))) { + WOLFSSL_MSG("wolfSSL_EC_GROUP_get_order Bad group idx"); + ret = 0; + } + if (ret == 1) { mp = (mp_int*)order->internal; } @@ -9604,7 +9822,7 @@ static int ec_point_internal_set(WOLFSSL_EC_POINT *p) /* Validate parameter. */ if ((p == NULL) || (p->internal == NULL)) { WOLFSSL_MSG("ECPoint NULL error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } else { /* Get internal point as a wolfCrypt EC point. */ @@ -9613,19 +9831,19 @@ static int ec_point_internal_set(WOLFSSL_EC_POINT *p) /* Set X ordinate if available. */ if ((p->X != NULL) && (wolfssl_bn_get_value(p->X, point->x) != 1)) { WOLFSSL_MSG("ecc point X error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } /* Set Y ordinate if available. */ if ((ret == 1) && (p->Y != NULL) && (wolfssl_bn_get_value(p->Y, point->y) != 1)) { WOLFSSL_MSG("ecc point Y error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } /* Set Z ordinate if available. */ if ((ret == 1) && (p->Z != NULL) && (wolfssl_bn_get_value(p->Z, point->z) != 1)) { WOLFSSL_MSG("ecc point Z error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } /* Internal values set when operations succeeded. */ p->inSet = (ret == 1); @@ -9651,7 +9869,7 @@ static int ec_point_external_set(WOLFSSL_EC_POINT *p) /* Validate parameter. */ if ((p == NULL) || (p->internal == NULL)) { WOLFSSL_MSG("ECPoint NULL error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } else { /* Get internal point as a wolfCrypt EC point. */ @@ -9660,17 +9878,17 @@ static int ec_point_external_set(WOLFSSL_EC_POINT *p) /* Set X ordinate. */ if (wolfssl_bn_set_value(&p->X, point->x) != 1) { WOLFSSL_MSG("ecc point X error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } /* Set Y ordinate. */ if ((ret == 1) && (wolfssl_bn_set_value(&p->Y, point->y) != 1)) { WOLFSSL_MSG("ecc point Y error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } /* Set Z ordinate. */ if ((ret == 1) && (wolfssl_bn_set_value(&p->Z, point->z) != 1)) { WOLFSSL_MSG("ecc point Z error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } /* External values set when operations succeeded. */ p->exSet = (ret == 1); @@ -10316,7 +10534,7 @@ size_t wolfSSL_EC_POINT_point2oct(const WOLFSSL_EC_GROUP *group, /* Check return. When buf is NULL, return will be length only * error. */ - if (ret != ((buf != NULL) ? MP_OKAY : LENGTH_ONLY_E)) { + if (ret != ((buf != NULL) ? MP_OKAY : WC_NO_ERR_TRACE(LENGTH_ONLY_E))) { err = 1; } } @@ -11350,43 +11568,43 @@ static int ec_point_cmp_jacobian(const WOLFSSL_EC_GROUP* group, /* Check that the big numbers were allocated. */ if ((at == NULL) || (bt == NULL) || (az == NULL) || (bz == NULL) || (mod == NULL)) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } /* Get the modulus for the curve. */ if ((ret == 0) && (BN_hex2bn(&mod, ecc_sets[group->curve_idx].prime) != 1)) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } if (ret == 0) { /* bt = Bx * (Az ^ 2). When Az is one then just copy. */ if (BN_is_one(a->Z)) { if (BN_copy(bt, b->X) == NULL) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } /* az = Az ^ 2 */ else if ((BN_mod_mul(az, a->Z, a->Z, mod, ctx) != 1)) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } /* bt = Bx * az = Bx * (Az ^ 2) */ else if (BN_mod_mul(bt, b->X, az, mod, ctx) != 1) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } if (ret == 0) { /* at = Ax * (Bz ^ 2). When Bz is one then just copy. */ if (BN_is_one(b->Z)) { if (BN_copy(at, a->X) == NULL) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } /* bz = Bz ^ 2 */ else if (BN_mod_mul(bz, b->Z, b->Z, mod, ctx) != 1) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } /* at = Ax * bz = Ax * (Bz ^ 2) */ else if (BN_mod_mul(at, a->X, bz, mod, ctx) != 1) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } /* Compare x-ordinates. */ @@ -11397,32 +11615,32 @@ static int ec_point_cmp_jacobian(const WOLFSSL_EC_GROUP* group, /* bt = By * (Az ^ 3). When Az is one then just copy. */ if (BN_is_one(a->Z)) { if (BN_copy(bt, b->Y) == NULL) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } /* az = az * Az = Az ^ 3 */ else if ((BN_mod_mul(az, az, a->Z, mod, ctx) != 1)) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } /* bt = By * az = By * (Az ^ 3) */ else if (BN_mod_mul(bt, b->Y, az, mod, ctx) != 1) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } if (ret == 0) { /* at = Ay * (Bz ^ 3). When Bz is one then just copy. */ if (BN_is_one(b->Z)) { if (BN_copy(at, a->Y) == NULL) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } /* bz = bz * Bz = Bz ^ 3 */ else if (BN_mod_mul(bz, bz, b->Z, mod, ctx) != 1) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } /* at = Ay * bz = Ay * (Bz ^ 3) */ else if (BN_mod_mul(at, a->Y, bz, mod, ctx) != 1) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } /* Compare y-ordinates. */ @@ -11462,7 +11680,7 @@ int wolfSSL_EC_POINT_cmp(const WOLFSSL_EC_GROUP *group, if ((group == NULL) || (a == NULL) || (a->internal == NULL) || (b == NULL) || (b->internal == NULL)) { WOLFSSL_MSG("wolfSSL_EC_POINT_cmp Bad arguments"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } if (ret != -1) { #ifdef WOLFSSL_EC_POINT_CMP_JACOBIAN @@ -12239,11 +12457,11 @@ int wolfSSL_EC_KEY_LoadDer_ex(WOLFSSL_EC_KEY* key, const unsigned char* derBuf, if ((key == NULL) || (key->internal == NULL) || (derBuf == NULL) || (derSz <= 0)) { WOLFSSL_MSG("Bad function arguments"); - res = -1; + res = WOLFSSL_FATAL_ERROR; } if ((res == 1) && (opt != WOLFSSL_EC_KEY_LOAD_PRIVATE) && (opt != WOLFSSL_EC_KEY_LOAD_PUBLIC)) { - res = -1; + res = WOLFSSL_FATAL_ERROR; } if (res == 1) { @@ -12262,7 +12480,7 @@ int wolfSSL_EC_KEY_LoadDer_ex(WOLFSSL_EC_KEY* key, const unsigned char* derBuf, /* Error out on parsing error. */ else if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) { WOLFSSL_MSG("Unexpected error with trying to remove PKCS8 header"); - res = -1; + res = WOLFSSL_FATAL_ERROR; } } @@ -12279,7 +12497,7 @@ int wolfSSL_EC_KEY_LoadDer_ex(WOLFSSL_EC_KEY* key, const unsigned char* derBuf, ecc_key *tmp = (ecc_key*)XMALLOC(sizeof(ecc_key), ((ecc_key*)key->internal)->heap, DYNAMIC_TYPE_ECC); if (tmp == NULL) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } else { /* We now try again as x.963 [point type][x][opt y]. */ @@ -12311,7 +12529,7 @@ int wolfSSL_EC_KEY_LoadDer_ex(WOLFSSL_EC_KEY* key, const unsigned char* derBuf, else { WOLFSSL_MSG("wc_EccPublicKeyDecode failed"); } - res = -1; + res = WOLFSSL_FATAL_ERROR; } /* Internal key updated - update whether it is a valid key. */ @@ -12321,12 +12539,62 @@ int wolfSSL_EC_KEY_LoadDer_ex(WOLFSSL_EC_KEY* key, const unsigned char* derBuf, /* Set the external EC key based on value in internal. */ if ((res == 1) && (SetECKeyExternal(key) != 1)) { WOLFSSL_MSG("SetECKeyExternal failed"); - res = -1; + res = WOLFSSL_FATAL_ERROR; } return res; } + +#ifndef NO_BIO + +WOLFSSL_EC_KEY *wolfSSL_d2i_EC_PUBKEY_bio(WOLFSSL_BIO *bio, + WOLFSSL_EC_KEY **out) +{ + char* data = NULL; + int dataSz = 0; + int memAlloced = 0; + WOLFSSL_EC_KEY* ec = NULL; + int err = 0; + + WOLFSSL_ENTER("wolfSSL_d2i_EC_PUBKEY_bio"); + + if (bio == NULL) + return NULL; + + if (err == 0 && wolfssl_read_bio(bio, &data, &dataSz, &memAlloced) != 0) { + WOLFSSL_ERROR_MSG("wolfssl_read_bio failed"); + err = 1; + } + + if (err == 0 && (ec = wolfSSL_EC_KEY_new()) == NULL) { + WOLFSSL_ERROR_MSG("wolfSSL_EC_KEY_new failed"); + err = 1; + } + + /* Load the EC key with the public key from the DER encoding. */ + if (err == 0 && wolfSSL_EC_KEY_LoadDer_ex(ec, (const unsigned char*)data, + dataSz, WOLFSSL_EC_KEY_LOAD_PUBLIC) != 1) { + WOLFSSL_ERROR_MSG("wolfSSL_EC_KEY_LoadDer_ex failed"); + err = 1; + } + + if (memAlloced) + XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (err) { /* on error */ + wolfSSL_EC_KEY_free(ec); + ec = NULL; + } + else { /* on success */ + if (out != NULL) + *out = ec; + } + + return ec; +} + +#endif /* !NO_BIO */ + /* * EC key PEM APIs */ @@ -12915,7 +13183,7 @@ int SetECKeyExternal(WOLFSSL_EC_KEY* eckey) /* Validate parameter. */ if ((eckey == NULL) || (eckey->internal == NULL)) { WOLFSSL_MSG("ec key NULL error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } else { ecc_key* key = (ecc_key*)eckey->internal; @@ -12930,13 +13198,13 @@ int SetECKeyExternal(WOLFSSL_EC_KEY* eckey) if (wc_ecc_copy_point(&key->pubkey, (ecc_point*)eckey->pub_key->internal) != MP_OKAY) { WOLFSSL_MSG("SetECKeyExternal ecc_copy_point failed"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } /* Set external public key from internal wolfCrypt, public key. */ if ((ret == 1) && (ec_point_external_set(eckey->pub_key) != 1)) { WOLFSSL_MSG("SetECKeyExternal ec_point_external_set failed"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } @@ -12945,7 +13213,7 @@ int SetECKeyExternal(WOLFSSL_EC_KEY* eckey) (wolfssl_bn_set_value(&eckey->priv_key, wc_ecc_key_get_priv(key)) != 1)) { WOLFSSL_MSG("ec priv key error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } /* External values set when operations succeeded. */ @@ -12973,7 +13241,7 @@ int SetECKeyInternal(WOLFSSL_EC_KEY* eckey) if ((eckey == NULL) || (eckey->internal == NULL) || (eckey->group == NULL)) { WOLFSSL_MSG("ec key NULL error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } else { ecc_key* key = (ecc_key*)eckey->internal; @@ -12983,7 +13251,7 @@ int SetECKeyInternal(WOLFSSL_EC_KEY* eckey) if ((eckey->group->curve_idx < 0) || (wc_ecc_is_valid_idx(eckey->group->curve_idx) == 0)) { WOLFSSL_MSG("invalid curve idx"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } if (ret == 1) { @@ -12996,14 +13264,14 @@ int SetECKeyInternal(WOLFSSL_EC_KEY* eckey) if ((ret == 1) && pubSet) { if (ec_point_internal_set(eckey->pub_key) != 1) { WOLFSSL_MSG("ec key pub error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } /* Copy public point to key. */ if ((ret == 1) && (wc_ecc_copy_point( (ecc_point*)eckey->pub_key->internal, &key->pubkey) != MP_OKAY)) { WOLFSSL_MSG("wc_ecc_copy_point error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } if (ret == 1) { @@ -13017,7 +13285,7 @@ int SetECKeyInternal(WOLFSSL_EC_KEY* eckey) if (wolfssl_bn_get_value(eckey->priv_key, wc_ecc_key_get_priv(key)) != 1) { WOLFSSL_MSG("ec key priv error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } /* private key */ if ((ret == 1) && (!mp_iszero(wc_ecc_key_get_priv(key)))) { @@ -13045,13 +13313,9 @@ int SetECKeyInternal(WOLFSSL_EC_KEY* eckey) */ point_conversion_form_t wolfSSL_EC_KEY_get_conv_form(const WOLFSSL_EC_KEY* key) { - int ret = -1; - - if (key != NULL) { - ret = key->form; - } - - return ret; + if (key == NULL) + return WOLFSSL_FATAL_ERROR; + return key->form; } /* Set point conversion format into EC key. @@ -13902,7 +14166,7 @@ int wolfSSL_ECDSA_do_verify(const unsigned char *dgst, int dLen, if ((dgst == NULL) || (sig == NULL) || (key == NULL) || (key->internal == NULL)) { WOLFSSL_MSG("wolfSSL_ECDSA_do_verify Bad arguments"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } /* Ensure internal EC key is set from external. */ @@ -13911,7 +14175,7 @@ int wolfSSL_ECDSA_do_verify(const unsigned char *dgst, int dLen, if (SetECKeyInternal(key) != 1) { WOLFSSL_MSG("SetECKeyInternal failed"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } @@ -13922,7 +14186,7 @@ int wolfSSL_ECDSA_do_verify(const unsigned char *dgst, int dLen, (mp_int*)sig->s->internal, dgst, (word32)dLen, &verified, (ecc_key *)key->internal) != MP_OKAY) { WOLFSSL_MSG("wc_ecc_verify_hash failed"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } else if (verified == 0) { WOLFSSL_MSG("wc_ecc_verify_hash incorrect signature detected"); @@ -13936,7 +14200,7 @@ int wolfSSL_ECDSA_do_verify(const unsigned char *dgst, int dLen, (word32)dLen, &verified, (ecc_key*)key->internal); if (ret != MP_OKAY) { WOLFSSL_MSG("wc_ecc_verify_hash failed"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } else if (verified == 0) { WOLFSSL_MSG("wc_ecc_verify_hash incorrect signature detected"); @@ -15448,7 +15712,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio, if (!err) { const unsigned char* ptr = der->buffer; - int type = -1; + int type; /* Set key type based on format returned. */ switch (keyFormat) { @@ -15467,6 +15731,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio, type = EVP_PKEY_DH; break; default: + type = WOLFSSL_FATAL_ERROR; break; } @@ -15494,6 +15759,13 @@ WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio, return pkey; } + + +PKCS8_PRIV_KEY_INFO* wolfSSL_PEM_read_bio_PKCS8_PRIV_KEY_INFO(WOLFSSL_BIO* bio, + PKCS8_PRIV_KEY_INFO** key, wc_pem_password_cb* cb, void* arg) +{ + return wolfSSL_PEM_read_bio_PrivateKey(bio, key, cb, arg); +} #endif /* !NO_BIO */ #if !defined(NO_FILESYSTEM) @@ -15586,7 +15858,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_PrivateKey(XFILE fp, WOLFSSL_EVP_PKEY **key, if (!err) { const unsigned char* ptr = der->buffer; - int type = -1; + int type; /* Set key type based on format returned. */ switch (keyFormat) { @@ -15605,6 +15877,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_PrivateKey(XFILE fp, WOLFSSL_EVP_PKEY **key, type = EVP_PKEY_DH; break; default: + type = WOLFSSL_FATAL_ERROR; break; } @@ -16126,8 +16399,6 @@ int wolfSSL_PEM_do_header(EncryptedInfo* cipher, unsigned char* data, long* len, #ifdef OPENSSL_ALL #if !defined(NO_PWDBASED) && defined(HAVE_PKCS8) -#if !defined(NO_BIO) || (!defined(NO_FILESYSTEM) && \ - !defined(NO_STDIO_FILESYSTEM)) /* Encrypt the key into a buffer using PKCS$8 and a password. * * @param [in] pkey Private key to encrypt. @@ -16140,7 +16411,7 @@ int wolfSSL_PEM_do_header(EncryptedInfo* cipher, unsigned char* data, long* len, * @return 0 on success. * @return BAD_FUNC_ARG when EVP cipher not supported. */ -static int pem_pkcs8_encrypt(WOLFSSL_EVP_PKEY* pkey, +int pkcs8_encrypt(WOLFSSL_EVP_PKEY* pkey, const WOLFSSL_EVP_CIPHER* enc, char* passwd, int passwdSz, byte* key, word32* keySz) { @@ -16204,7 +16475,7 @@ static int pem_pkcs8_encrypt(WOLFSSL_EVP_PKEY* pkey, * @param On out, size of encoded key in bytes. * @return 0 on success. */ -static int pem_pkcs8_encode(WOLFSSL_EVP_PKEY* pkey, byte* key, word32* keySz) +int pkcs8_encode(WOLFSSL_EVP_PKEY* pkey, byte* key, word32* keySz) { int ret = 0; int algId; @@ -16227,6 +16498,34 @@ static int pem_pkcs8_encode(WOLFSSL_EVP_PKEY* pkey, byte* key, word32* keySz) curveOid = NULL; oidSz = 0; } + else if (pkey->type == EVP_PKEY_DSA) { + /* DSA has no curve information. */ + algId = DSAk; + curveOid = NULL; + oidSz = 0; + } + else if (pkey->type == EVP_PKEY_DH) { + if (pkey->dh == NULL) + return BAD_FUNC_ARG; + + if (pkey->dh->priv_key != NULL || pkey->dh->pub_key != NULL) { + /* Special case. DH buffer is always in PKCS8 format */ + if (keySz == NULL) + return BAD_FUNC_ARG; + + *keySz = pkey->pkey_sz; + if (key == NULL) + return LENGTH_ONLY_E; + + XMEMCPY(key, pkey->pkey.ptr, pkey->pkey_sz); + return pkey->pkey_sz; + } + + /* DH has no curve information. */ + algId = DHk; + curveOid = NULL; + oidSz = 0; + } else { ret = NOT_COMPILED_IN; } @@ -16240,6 +16539,8 @@ static int pem_pkcs8_encode(WOLFSSL_EVP_PKEY* pkey, byte* key, word32* keySz) return ret; } +#if !defined(NO_BIO) || (!defined(NO_FILESYSTEM) && \ + !defined(NO_STDIO_FILESYSTEM)) /* Write PEM encoded, PKCS#8 formatted private key to BIO. * * @param [out] pem Buffer holding PEM encoding. @@ -16272,7 +16573,7 @@ static int pem_write_mem_pkcs8privatekey(byte** pem, int* pemSz, if (res == 1) { /* Guestimate key size and PEM size. */ - if (pem_pkcs8_encode(pkey, NULL, &keySz) != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) { + if (pkcs8_encode(pkey, NULL, &keySz) != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) { res = 0; } } @@ -16320,7 +16621,7 @@ static int pem_write_mem_pkcs8privatekey(byte** pem, int* pemSz, if (res == 1) { /* Encrypt the private key. */ - ret = pem_pkcs8_encrypt(pkey, enc, passwd, passwdSz, key, &keySz); + ret = pkcs8_encrypt(pkey, enc, passwd, passwdSz, key, &keySz); if (ret <= 0) { res = 0; } @@ -16336,7 +16637,7 @@ static int pem_write_mem_pkcs8privatekey(byte** pem, int* pemSz, type = PKCS8_PRIVATEKEY_TYPE; /* Encode private key in PKCS#8 format. */ - ret = pem_pkcs8_encode(pkey, key, &keySz); + ret = pkcs8_encode(pkey, key, &keySz); if (ret < 0) { res = 0; } @@ -16402,6 +16703,13 @@ int wolfSSL_PEM_write_bio_PKCS8PrivateKey(WOLFSSL_BIO* bio, XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); return res; } + +int wolfSSL_PEM_write_bio_PKCS8_PRIV_KEY_INFO(WOLFSSL_BIO* bio, + PKCS8_PRIV_KEY_INFO* keyInfo) +{ + return wolfSSL_PEM_write_bio_PKCS8PrivateKey(bio, keyInfo, NULL, NULL, 0, + NULL, NULL); +} #endif /* !NO_BIO */ #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) diff --git a/src/src/quic.c b/src/src/quic.c index 117bb43..f709ea6 100644 --- a/src/src/quic.c +++ b/src/src/quic.c @@ -1,6 +1,6 @@ /* quic.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -200,7 +200,7 @@ static sword32 quic_record_transfer(QuicRecord* qr, byte* buf, word32 sz) /* We check if the buf is at least RECORD_HEADER_SZ */ if (sz < RECORD_HEADER_SZ) { - return -1; + return WOLFSSL_FATAL_ERROR; } if (qr->rec_hdr_remain == 0) { @@ -614,7 +614,7 @@ int wolfSSL_quic_do_handshake(WOLFSSL* ssl) else { ret = wolfSSL_read_early_data(ssl, tmpbuffer, sizeof(tmpbuffer), &len); - if (ret < 0 && ssl->error == ZERO_RETURN) { + if (ret < 0 && ssl->error == WC_NO_ERR_TRACE(ZERO_RETURN)) { /* this is expected, since QUIC handles the actual early * data separately. */ ret = WOLFSSL_SUCCESS; @@ -634,7 +634,9 @@ int wolfSSL_quic_do_handshake(WOLFSSL* ssl) cleanup: if (ret <= 0 && ssl->options.handShakeState == HANDSHAKE_DONE - && (ssl->error == ZERO_RETURN || ssl->error == WANT_READ)) { + && (ssl->error == WC_NO_ERR_TRACE(ZERO_RETURN) || + ssl->error == WC_NO_ERR_TRACE(WANT_READ))) + { ret = WOLFSSL_SUCCESS; } if (ret == WOLFSSL_SUCCESS) { @@ -783,7 +785,7 @@ int wolfSSL_quic_receive(WOLFSSL* ssl, byte* buf, word32 sz) /* record too small to be fit into a RecordLayerHeader struct. */ if (n == -1) { - return -1; + return WOLFSSL_FATAL_ERROR; } if (quic_record_done(ssl->quic.input_head)) { QuicRecord* qr = ssl->quic.input_head; diff --git a/src/src/sniffer.c b/src/src/sniffer.c index 94b2a9f..758e7be 100644 --- a/src/src/sniffer.c +++ b/src/src/sniffer.c @@ -1,6 +1,6 @@ /* sniffer.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -851,14 +851,11 @@ static void FreeSnifferSession(SnifferSession* session) XFREE(session->hash, NULL, DYNAMIC_TYPE_HASHES); #endif #ifdef WOLFSSL_TLS13 - if (session->cliKeyShare) - XFREE(session->cliKeyShare, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(session->cliKeyShare, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif #ifdef HAVE_MAX_FRAGMENT - if (session->tlsFragBuf) { - XFREE(session->tlsFragBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); - session->tlsFragBuf = NULL; - } + XFREE(session->tlsFragBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + session->tlsFragBuf = NULL; #endif } XFREE(session, NULL, DYNAMIC_TYPE_SNIFFER_SESSION); @@ -1659,31 +1656,31 @@ static int LoadKeyFile(byte** keyBuf, word32* keyBufSz, int ret = -1; if (keyBuf == NULL || keyBufSz == NULL || keyFile == NULL) { - return -1; + return WOLFSSL_FATAL_ERROR; } if (keySz == 0) { /* load from file */ file = XFOPEN(keyFile, "rb"); - if (file == XBADFILE) return -1; + if (file == XBADFILE) return WOLFSSL_FATAL_ERROR; if(XFSEEK(file, 0, XSEEK_END) != 0) { XFCLOSE(file); - return -1; + return WOLFSSL_FATAL_ERROR; } fileSz = XFTELL(file); if (fileSz > MAX_WOLFSSL_FILE_SIZE || fileSz < 0) { XFCLOSE(file); - return -1; + return WOLFSSL_FATAL_ERROR; } if(XFSEEK(file, 0, XSEEK_SET) != 0) { XFCLOSE(file); - return -1; + return WOLFSSL_FATAL_ERROR; } loadBuf = (byte*)XMALLOC(fileSz, NULL, DYNAMIC_TYPE_FILE); if (loadBuf == NULL) { XFCLOSE(file); - return -1; + return WOLFSSL_FATAL_ERROR; } ret = (int)XFREAD(loadBuf, 1, fileSz, file); @@ -1691,14 +1688,14 @@ static int LoadKeyFile(byte** keyBuf, word32* keyBufSz, if (ret != fileSz) { XFREE(loadBuf, NULL, DYNAMIC_TYPE_FILE); - return -1; + return WOLFSSL_FATAL_ERROR; } } else { /* use buffer directly */ loadBuf = (byte*)XMALLOC(keySz, NULL, DYNAMIC_TYPE_FILE); if (loadBuf == NULL) { - return -1; + return WOLFSSL_FATAL_ERROR; } fileSz = keySz; XMEMCPY(loadBuf, keyFile, fileSz); @@ -1735,7 +1732,7 @@ static int LoadKeyFile(byte** keyBuf, word32* keyBufSz, } if (ret < 0) { - return -1; + return WOLFSSL_FATAL_ERROR; } return ret; @@ -1754,14 +1751,14 @@ static int CreateWatchSnifferServer(char* error) DYNAMIC_TYPE_SNIFFER_SERVER); if (sniffer == NULL) { SetError(MEMORY_STR, error, NULL, 0); - return -1; + return WOLFSSL_FATAL_ERROR; } InitSnifferServer(sniffer); sniffer->ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); if (!sniffer->ctx) { SetError(MEMORY_STR, error, NULL, 0); FreeSnifferServer(sniffer); - return -1; + return WOLFSSL_FATAL_ERROR; } #if defined(WOLF_CRYPTO_CB) || defined(WOLFSSL_ASYNC_CRYPT) if (CryptoDeviceId != INVALID_DEVID) @@ -1803,7 +1800,7 @@ static int SetNamedPrivateKey(const char* name, const char* address, int port, NULL, DYNAMIC_TYPE_SNIFFER_NAMED_KEY); if (namedKey == NULL) { SetError(MEMORY_STR, error, NULL, 0); - return -1; + return WOLFSSL_FATAL_ERROR; } XMEMSET(namedKey, 0, sizeof(NamedKey)); @@ -1818,7 +1815,7 @@ static int SetNamedPrivateKey(const char* name, const char* address, int port, if (ret < 0) { SetError(KEY_FILE_STR, error, NULL, 0); FreeNamedKey(namedKey); - return -1; + return WOLFSSL_FATAL_ERROR; } } #endif @@ -1852,7 +1849,7 @@ static int SetNamedPrivateKey(const char* name, const char* address, int port, #ifdef HAVE_SNI FreeNamedKey(namedKey); #endif - return -1; + return WOLFSSL_FATAL_ERROR; } InitSnifferServer(sniffer); @@ -1868,7 +1865,7 @@ static int SetNamedPrivateKey(const char* name, const char* address, int port, FreeNamedKey(namedKey); #endif FreeSnifferServer(sniffer); - return -1; + return WOLFSSL_FATAL_ERROR; } #if defined(WOLF_CRYPTO_CB) || defined(WOLFSSL_ASYNC_CRYPT) if (CryptoDeviceId != INVALID_DEVID) @@ -1909,7 +1906,7 @@ static int SetNamedPrivateKey(const char* name, const char* address, int port, SetError(KEY_FILE_STR, error, NULL, 0); if (isNew) FreeSnifferServer(sniffer); - return -1; + return WOLFSSL_FATAL_ERROR; } #ifdef WOLF_CRYPTO_CB wolfSSL_CTX_SetDevId(sniffer->ctx, CryptoDeviceId); @@ -2127,7 +2124,7 @@ static int CheckIp6Hdr(Ip6Hdr* iphdr, IpInfo* info, int length, char* error) if (version != IPV6) { SetError(BAD_IPVER_STR, error, NULL, 0); - return -1; + return WOLFSSL_FATAL_ERROR; } /* Here, we need to move onto next header if not TCP. */ @@ -2137,7 +2134,7 @@ static int CheckIp6Hdr(Ip6Hdr* iphdr, IpInfo* info, int length, char* error) int hdrsz = (exthdr->length + 1) * 8; if (hdrsz > length - exthdrsz) { SetError(PACKET_HDR_SHORT_STR, error, NULL, 0); - return -1; + return WOLFSSL_FATAL_ERROR; } exthdrsz += hdrsz; exthdr = (Ip6ExtHdr*)((byte*)exthdr + hdrsz); @@ -2149,7 +2146,7 @@ static int CheckIp6Hdr(Ip6Hdr* iphdr, IpInfo* info, int length, char* error) #ifndef WOLFSSL_SNIFFER_WATCH if (!IsServerRegistered6(iphdr->src) && !IsServerRegistered6(iphdr->dst)) { SetError(SERVER_NOT_REG_STR, error, NULL, 0); - return -1; + return WOLFSSL_FATAL_ERROR; } #endif @@ -2183,12 +2180,12 @@ static int CheckIpHdr(IpHdr* iphdr, IpInfo* info, int length, char* error, if (version != IPV4) { SetError(BAD_IPVER_STR, error, NULL, 0); - return -1; + return WOLFSSL_FATAL_ERROR; } if (iphdr->protocol != TCP_PROTOCOL) { SetError(BAD_PROTO_STR, error, NULL, 0); - return -1; + return WOLFSSL_FATAL_ERROR; } info->length = IP_HL(iphdr); @@ -2580,7 +2577,7 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session, if (args->length > *sslBytes) { SetError(PARTIAL_INPUT_STR, error, session, FATAL_ERROR_STATE); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } @@ -2803,7 +2800,7 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session, if (args->length > *sslBytes) { SetError(PARTIAL_INPUT_STR, error, session, FATAL_ERROR_STATE); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } /* if curve not provided in key share data, then use private @@ -2896,7 +2893,7 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session, if (args->length > *sslBytes) { SetError(PARTIAL_INPUT_STR, error, session, FATAL_ERROR_STATE); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } if (ret == 0) { @@ -2979,7 +2976,7 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session, if (args->length > *sslBytes) { SetError(PARTIAL_INPUT_STR, error, session, FATAL_ERROR_STATE); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } if (ret == 0) { @@ -3165,13 +3162,13 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session, if (SetCipherSpecs(session->sslServer) != 0) { SetError(BAD_CIPHER_SPEC_STR, error, session, FATAL_ERROR_STATE); session->verboseErr = 1; - ret = -1; break; + ret = WOLFSSL_FATAL_ERROR; break; } if (SetCipherSpecs(session->sslClient) != 0) { SetError(BAD_CIPHER_SPEC_STR, error, session, FATAL_ERROR_STATE); session->verboseErr = 1; - ret = -1; break; + ret = WOLFSSL_FATAL_ERROR; break; } #ifdef WOLFSSL_TLS13 @@ -3203,7 +3200,7 @@ static int SetupKeys(const byte* input, int* sslBytes, SnifferSession* session, } if (ret != 0) { SetError(BAD_DERIVE_STR, error, session, FATAL_ERROR_STATE); - ret = -1; break; + ret = WOLFSSL_FATAL_ERROR; break; } #ifdef SHOW_SECRETS @@ -3263,7 +3260,7 @@ static int ProcessClientKeyExchange(const byte* input, int* sslBytes, session->sslServer->buffers.key->length == 0) { SetError(RSA_KEY_MISSING_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } #endif @@ -3291,7 +3288,7 @@ static int ProcessKeyShare(KeyShareInfo* info, const byte* input, int len, info->key_len = (word16)((input[index] << 8) | input[index+1]); index += OPAQUE16_LEN; if (info->key_len == 0 || info->key_len > len - index) { - return -1; + return WOLFSSL_FATAL_ERROR; } info->key = &input[index]; index += info->key_len; @@ -3395,7 +3392,7 @@ static int ProcessServerKeyShare(SnifferSession* session, const byte* input, int } if (ret != 0) { SetError(SERVER_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } return ret; @@ -3420,7 +3417,7 @@ static int ProcessSessionTicket(const byte* input, int* sslBytes, /* make sure can read through hint len */ if (TICKET_HINT_LEN > *sslBytes) { SetError(BAD_INPUT_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } input += TICKET_HINT_LEN; /* skip over hint len */ *sslBytes -= TICKET_HINT_LEN; @@ -3431,7 +3428,7 @@ static int ProcessSessionTicket(const byte* input, int* sslBytes, /* make sure can read through hint age and nonce len */ if (TICKET_HINT_AGE_LEN + 1 > *sslBytes) { SetError(BAD_INPUT_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } input += TICKET_HINT_AGE_LEN; /* skip over hint age */ *sslBytes -= TICKET_HINT_AGE_LEN; @@ -3440,7 +3437,7 @@ static int ProcessSessionTicket(const byte* input, int* sslBytes, len = input[0]; if (len > MAX_TICKET_NONCE_STATIC_SZ) { SetError(BAD_INPUT_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } input += OPAQUE8_LEN; *sslBytes -= OPAQUE8_LEN; @@ -3458,7 +3455,7 @@ static int ProcessSessionTicket(const byte* input, int* sslBytes, /* make sure can read through len */ if (OPAQUE16_LEN > *sslBytes) { SetError(BAD_INPUT_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } len = (word16)((input[0] << 8) | input[1]); @@ -3468,7 +3465,7 @@ static int ProcessSessionTicket(const byte* input, int* sslBytes, /* make sure can read through ticket */ if (len > *sslBytes) { SetError(BAD_INPUT_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } #ifdef WOLFSSL_TLS13 @@ -3478,7 +3475,7 @@ static int ProcessSessionTicket(const byte* input, int* sslBytes, #ifdef HAVE_SESSION_TICKET if (SetTicket(session->sslServer, input, len) != 0) { SetError(BAD_INPUT_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } /* set haveSessionId to use the wolfSession cache */ @@ -3505,7 +3502,7 @@ static int ProcessSessionTicket(const byte* input, int* sslBytes, /* capture last part of sessionID as macID (32 bytes) */ if (len < ID_LEN) { SetError(BAD_INPUT_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } /* store session with macID as sessionID */ session->sslServer->options.haveSessionId = 1; @@ -3549,7 +3546,7 @@ static int DoResume(SnifferSession* session, char* error) INC_STAT(SnifferStats.sslResumeMisses); #endif SetError(BAD_SESSION_RESUME_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } } @@ -3574,13 +3571,13 @@ static int DoResume(SnifferSession* session, char* error) if (SetCipherSpecs(session->sslServer) != 0) { SetError(BAD_CIPHER_SPEC_STR, error, session, FATAL_ERROR_STATE); session->verboseErr = 1; - return -1; + return WOLFSSL_FATAL_ERROR; } if (SetCipherSpecs(session->sslClient) != 0) { SetError(BAD_CIPHER_SPEC_STR, error, session, FATAL_ERROR_STATE); session->verboseErr = 1; - return -1; + return WOLFSSL_FATAL_ERROR; } #ifdef WOLFSSL_TLS13 @@ -3619,7 +3616,7 @@ static int DoResume(SnifferSession* session, char* error) if (ret != 0) { SetError(BAD_DERIVE_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } return ret; @@ -3648,7 +3645,7 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes, /* make sure can read through session len */ if (toRead > *sslBytes) { SetError(SERVER_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } XMEMCPY(&pv, input, VERSION_SZ); @@ -3673,7 +3670,7 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes, /* make sure can read through compression */ if ( (b + SUITE_LEN + ENUM_LEN) > *sslBytes) { SetError(SERVER_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } if (b) { #ifdef WOLFSSL_TLS13 @@ -3721,7 +3718,7 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes, if (b) { SetError(BAD_COMPRESSION_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } /* extensions */ @@ -3732,7 +3729,7 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes, /* make sure can read len */ if (SUITE_LEN > *sslBytes) { SetError(SERVER_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } len = (word16)((input[0] << 8) | input[1]); input += SUITE_LEN; @@ -3740,7 +3737,7 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes, /* make sure can read through all extensions */ if (len > *sslBytes) { SetError(SERVER_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } while (len >= EXT_TYPE_SZ + LENGTH_SZ) { @@ -3759,7 +3756,7 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes, if (extLen > *sslBytes) { SetError(SERVER_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } #ifdef DEBUG_SNIFFER printf("\tserver_hello ext: 0x%02x (len %d)\n", extType, extLen); @@ -3772,7 +3769,7 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes, if (ret != 0) { SetError(SERVER_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } break; #endif @@ -3838,14 +3835,14 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes, #ifndef WOLFSSL_TLS13 SetError(UNSUPPORTED_TLS_VER_STR, error, session, FATAL_ERROR_STATE); session->verboseErr = 1; - return -1; + return WOLFSSL_FATAL_ERROR; #endif } else { #ifdef WOLFSSL_NO_TLS12 SetError(UNSUPPORTED_TLS_VER_STR, error, session, FATAL_ERROR_STATE); session->verboseErr = 1; - return -1; + return WOLFSSL_FATAL_ERROR; #endif } @@ -4010,7 +4007,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes, /* make sure can read up to session len */ if (toRead > *sslBytes) { SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } /* skip, get negotiated one from server hello */ @@ -4032,7 +4029,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes, if (bLen) { if (ID_LEN > *sslBytes) { SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } Trace(CLIENT_RESUME_TRY_STR); #ifdef WOLFSSL_TLS13 @@ -4058,7 +4055,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes, /* make sure can read len */ if (SUITE_LEN > *sslBytes) { SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } len = (word16)((input[0] << 8) | input[1]); input += SUITE_LEN; @@ -4066,7 +4063,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes, /* make sure can read suites + comp len */ if (len + ENUM_LEN > *sslBytes) { SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } input += len; *sslBytes -= len; @@ -4077,7 +4074,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes, /* make sure can read len */ if (bLen > *sslBytes) { SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } input += bLen; *sslBytes -= bLen; @@ -4091,7 +4088,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes, /* make sure can read len */ if (SUITE_LEN > *sslBytes) { SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } len = (word16)((input[0] << 8) | input[1]); input += SUITE_LEN; @@ -4099,7 +4096,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes, /* make sure can read through all extensions */ if (len > *sslBytes) { SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } while (len >= EXT_TYPE_SZ + LENGTH_SZ) { @@ -4117,7 +4114,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes, /* make sure can read through individual extension */ if (extLen > *sslBytes) { SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } #ifdef DEBUG_SNIFFER @@ -4166,7 +4163,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes, word16 ksLen = (word16)((input[0] << 8) | input[1]); if (ksLen + OPAQUE16_LEN > extLen) { SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } /* cache key share data till server_hello */ session->cliKeyShareSz = ksLen; @@ -4190,7 +4187,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes, idsLen = (word16)((input[idx] << 8) | input[idx+1]); if (idsLen + OPAQUE16_LEN + idx > extLen) { SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } idx += OPAQUE16_LEN; @@ -4198,7 +4195,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes, idLen = (word16)((input[idx] << 8) | input[idx+1]); if (idLen + OPAQUE16_LEN + idx > extLen) { SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } idx += OPAQUE16_LEN; identity = &input[idx]; @@ -4214,7 +4211,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes, bindersLen = (word16)((input[idx] << 8) | input[idx+1]); if (bindersLen + OPAQUE16_LEN + idx > extLen) { SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } idx += OPAQUE16_LEN; binders = &input[idx]; @@ -4249,7 +4246,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes, if (extLen && extLen < ID_LEN) { SetError(CLIENT_HELLO_INPUT_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } if (extLen) { if (session->ticketID == NULL) { @@ -4258,7 +4255,7 @@ static int ProcessClientHello(const byte* input, int* sslBytes, if (session->ticketID == 0) { SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } } @@ -4300,7 +4297,7 @@ static int KeyWatchCall(SnifferSession* session, const byte* data, int dataSz, if (WatchCb == NULL) { SetError(WATCH_CB_MISSING_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } ret = wc_InitSha256(&sha); @@ -4310,7 +4307,7 @@ static int KeyWatchCall(SnifferSession* session, const byte* data, int dataSz, ret = wc_Sha256Final(&sha, digest); if (ret != 0) { SetError(WATCH_HASH_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } ret = WatchCb((void*)session, digest, sizeof(digest), @@ -4320,7 +4317,7 @@ static int KeyWatchCall(SnifferSession* session, const byte* data, int dataSz, INC_STAT(SnifferStats.sslKeysUnmatched); #endif SetError(WATCH_FAIL_STR, error, session, FATAL_ERROR_STATE); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } else { #ifdef WOLFSSL_SNIFFER_STATS @@ -4344,7 +4341,7 @@ static int ProcessCertificate(const byte* input, int* sslBytes, if (*sslBytes < CERT_HEADER_SZ) { SetError(BAD_CERT_MSG_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } #ifdef WOLFSSL_TLS13 @@ -4361,14 +4358,14 @@ static int ProcessCertificate(const byte* input, int* sslBytes, if (*sslBytes < (int)certChainSz) { SetError(BAD_CERT_MSG_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } ato24(input, &certSz); input += OPAQUE24_LEN; if (*sslBytes < (int)certSz) { SetError(BAD_CERT_MSG_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } *sslBytes -= certChainSz; @@ -4446,7 +4443,7 @@ static int ProcessFinished(const byte* input, int size, int* sslBytes, if (ret != 0) { SetError(BAD_FINISHED_MSG, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } session->flags.gotFinished = 1; @@ -4482,7 +4479,7 @@ static int ProcessFinished(const byte* input, int size, int* sslBytes, if (ret != 0) { SetError(BAD_FINISHED_MSG, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } } #endif @@ -4532,7 +4529,7 @@ static int DoHandShake(const byte* input, int* sslBytes, if (*sslBytes < HANDSHAKE_HEADER_SZ) { SetError(HANDSHAKE_INPUT_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } type = input[0]; size = (input[1] << 16) | (input[2] << 8) | input[3]; @@ -4598,7 +4595,7 @@ static int DoHandShake(const byte* input, int* sslBytes, if (HashUpdate(session->hash, input, size) != 0) { SetError(EXTENDED_MASTER_HASH_STR, error, session, FATAL_ERROR_STATE); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; goto exit; } } @@ -4632,7 +4629,7 @@ static int DoHandShake(const byte* input, int* sslBytes, /* can't know temp key passively */ SetError(BAD_CIPHER_SPEC_STR, error, session, FATAL_ERROR_STATE); session->verboseErr = 1; - ret = -1; + ret = WOLFSSL_FATAL_ERROR; #if defined(WOLFSSL_SNIFFER_STATS) INC_STAT(SnifferStats.sslEphemeralMisses); @@ -4683,7 +4680,7 @@ static int DoHandShake(const byte* input, int* sslBytes, else { SetError(EXTENDED_MASTER_HASH_STR, error, session, FATAL_ERROR_STATE); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } XMEMSET(session->hash, 0, sizeof(HsHashes)); XFREE(session->hash, NULL, DYNAMIC_TYPE_HASHES); @@ -4715,7 +4712,7 @@ static int DoHandShake(const byte* input, int* sslBytes, break; default: SetError(GOT_UNKNOWN_HANDSHAKE_STR, error, session, 0); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; break; } @@ -4723,10 +4720,8 @@ static int DoHandShake(const byte* input, int* sslBytes, exit: #endif #ifdef HAVE_MAX_FRAGMENT - if (session->tlsFragBuf) { - XFREE(session->tlsFragBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); - session->tlsFragBuf = NULL; - } + XFREE(session->tlsFragBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + session->tlsFragBuf = NULL; #endif *sslBytes = startBytes - size; /* actual bytes of full process */ @@ -5011,6 +5006,7 @@ static const byte* DecryptMessage(WOLFSSL* ssl, const byte* input, word32 sz, return NULL; } + ssl->curSize = sz; ssl->keys.encryptSz = sz; if (ssl->options.tls1_1 && ssl->specs.cipher_type == block) { output += ssl->specs.block_size; /* go past TLSv1.1 IV */ @@ -5251,14 +5247,14 @@ static int DoOldHello(SnifferSession* session, const byte* sslFrame, if (*rhSize > *sslBytes) { SetError(OLD_CLIENT_INPUT_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } ret = ProcessOldClientHello(session->sslServer, input, &idx, *sslBytes, (word16)*rhSize); if (ret < 0 && ret != WC_NO_ERR_TRACE(MATCH_SUITE_ERROR)) { SetError(BAD_OLD_CLIENT_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } Trace(OLD_CLIENT_OK_STR); @@ -5324,7 +5320,7 @@ static int TcpChecksum(IpInfo* ipInfo, TcpInfo* tcpInfo, int dataLen, /* field, but tcp checksum offloading could negate calculation */ if (checksum == 0) return 0; - return -1; + return WOLFSSL_FATAL_ERROR; } #endif @@ -5347,7 +5343,7 @@ static int CheckHeaders(IpInfo* ipInfo, TcpInfo* tcpInfo, const byte* packet, /* ip header */ if (length < IP_HDR_SZ) { SetError(PACKET_HDR_SHORT_STR, error, NULL, 0); - return -1; + return WOLFSSL_FATAL_ERROR; } version = IP_V(iphdr); @@ -5361,31 +5357,31 @@ static int CheckHeaders(IpInfo* ipInfo, TcpInfo* tcpInfo, const byte* packet, } if (CheckIpHdr(iphdr, ipInfo, length, error, trace) != 0) - return -1; + return WOLFSSL_FATAL_ERROR; #ifndef WOLFSSL_SNIFFER_WATCH if (checkReg && !IsServerRegistered(iphdr->src) && !IsServerRegistered(iphdr->dst)) { SetError(SERVER_NOT_REG_STR, error, NULL, 0); - return -1; + return WOLFSSL_FATAL_ERROR; } #endif /* tcp header */ if (length < (ipInfo->length + TCP_HDR_SZ)) { SetError(PACKET_HDR_SHORT_STR, error, NULL, 0); - return -1; + return WOLFSSL_FATAL_ERROR; } tcphdr = (TcpHdr*)(packet + ipInfo->length); if (CheckTcpHdr(tcphdr, tcpInfo, error, trace) != 0) - return -1; + return WOLFSSL_FATAL_ERROR; #ifndef WOLFSSL_SNIFFER_WATCH if (checkReg && !IsPortRegistered(tcpInfo->srcPort) && !IsPortRegistered(tcpInfo->dstPort)) { SetError(SERVER_PORT_NOT_REG_STR, error, NULL, 0); - return -1; + return WOLFSSL_FATAL_ERROR; } #endif @@ -5393,7 +5389,7 @@ static int CheckHeaders(IpInfo* ipInfo, TcpInfo* tcpInfo, const byte* packet, *sslFrame = packet + ipInfo->length + tcpInfo->length; if (*sslFrame > packet + length) { SetError(PACKET_HDR_SHORT_STR, error, NULL, 0); - return -1; + return WOLFSSL_FATAL_ERROR; } /* We only care about the data in the TCP/IP record. There may be extra @@ -5435,7 +5431,7 @@ static int CheckSession(IpInfo* ipInfo, TcpInfo* tcpInfo, int sslBytes, return 1; SetError(MEMORY_STR, error, NULL, 0); - return -1; + return WOLFSSL_FATAL_ERROR; } return 1; } @@ -5458,7 +5454,7 @@ static int CheckSession(IpInfo* ipInfo, TcpInfo* tcpInfo, int sslBytes, #endif SetError(BAD_SESSION_STR, error, NULL, 0); - return -1; + return WOLFSSL_FATAL_ERROR; } } return 0; @@ -5519,12 +5515,12 @@ static int AddToReassembly(byte from, word32 seq, const byte* sslFrame, if (MaxRecoveryMemory != -1 && (int)(*reassemblyMemory + sslBytes) > MaxRecoveryMemory) { SetError(REASSEMBLY_MAX_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } add = CreateBuffer(&seq, seq + sslBytes - 1, sslFrame, &bytesLeft); if (add == NULL) { SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } *front = add; *reassemblyMemory += sslBytes; @@ -5541,12 +5537,12 @@ static int AddToReassembly(byte from, word32 seq, const byte* sslFrame, if (MaxRecoveryMemory -1 && (int)(*reassemblyMemory + sslBytes) > MaxRecoveryMemory) { SetError(REASSEMBLY_MAX_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } add = CreateBuffer(&seq, end, sslFrame, &bytesLeft); if (add == NULL) { SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } add->next = curr; *front = add; @@ -5583,13 +5579,13 @@ static int AddToReassembly(byte from, word32 seq, const byte* sslFrame, if (MaxRecoveryMemory != -1 && (int)(*reassemblyMemory + added) > MaxRecoveryMemory) { SetError(REASSEMBLY_MAX_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } add = CreateBuffer(&seq, seq + added - 1, &sslFrame[seq - startSeq], &bytesLeft); if (add == NULL) { SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } add->next = prev->next; prev->next = add; @@ -5859,7 +5855,7 @@ static int FindNextRecordInAssembly(SnifferSession* session, if ( *sslBytes > (int)ssl->buffers.inputBuffer.bufferSize) { if (GrowInputBuffer(ssl, *sslBytes, 0) < 0) { SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } } @@ -5951,7 +5947,7 @@ static int CheckAck(TcpInfo* tcpInfo, SnifferSession* session) TraceAck(real, expected); if (real > expected) - return -1; /* we missed a packet, ACKing data we never saw */ + return WOLFSSL_FATAL_ERROR; /* we missed a packet, ACKing data we never saw */ } return 0; } @@ -6000,7 +5996,7 @@ static int CheckSequence(IpInfo* ipInfo, TcpInfo* tcpInfo, UpdateMissedDataSessions(); #endif SetError(ACK_MISSED_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } else { SetError(ACK_MISSED_STR, error, session, 0); @@ -6071,13 +6067,13 @@ static int CheckPreRecord(IpInfo* ipInfo, TcpInfo* tcpInfo, if (session->flags.fatalError == FATAL_ERROR_STATE) { SetError(FATAL_ERROR_STR, error, NULL, 0); - return -1; + return WOLFSSL_FATAL_ERROR; } if (skipPartial) { if (FindNextRecordInAssembly(session, sslFrame, sslBytes, end, error) < 0) { - return -1; + return WOLFSSL_FATAL_ERROR; } } @@ -6095,7 +6091,7 @@ static int CheckPreRecord(IpInfo* ipInfo, TcpInfo* tcpInfo, if ( (*sslBytes + length) > ssl->buffers.inputBuffer.bufferSize) { if (GrowInputBuffer(ssl, *sslBytes, length) < 0) { SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } } if (vChain == NULL) { @@ -6118,7 +6114,7 @@ static int CheckPreRecord(IpInfo* ipInfo, TcpInfo* tcpInfo, if ( (*sslBytes + length) > ssl->buffers.inputBuffer.bufferSize) { if (GrowInputBuffer(ssl, *sslBytes, length) < 0) { SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } } @@ -6156,7 +6152,7 @@ static int CheckPreRecord(IpInfo* ipInfo, TcpInfo* tcpInfo, #ifdef OLD_HELLO_ALLOWED int ret = DoOldHello(session, *sslFrame, &rhSize, sslBytes, error); if (ret < 0) - return -1; /* error already set */ + return WOLFSSL_FATAL_ERROR; /* error already set */ if (*sslBytes <= 0) return 1; #endif @@ -6267,7 +6263,7 @@ static int ProcessMessage(const byte* sslFrame, SnifferSession* session, rhSize = 0; if (sslBytes < 0) { SetError(PACKET_HDR_SHORT_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } if (sslBytes >= RECORD_HEADER_SZ) { if (GetRecordHeader(sslFrame, &rh, &rhSize) != 0) { @@ -6289,7 +6285,7 @@ static int ProcessMessage(const byte* sslFrame, SnifferSession* session, if (sslBytes > (int)ssl->buffers.inputBuffer.bufferSize) { if (GrowInputBuffer(ssl, sslBytes, 0) < 0) { SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } } XMEMMOVE(ssl->buffers.inputBuffer.buffer, sslFrame, sslBytes); @@ -6327,11 +6323,11 @@ static int ProcessMessage(const byte* sslFrame, SnifferSession* session, } if (ssl->decrypt.setup != 1) { SetError(DECRYPT_KEYS_NOT_SETUP, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } if (CheckAvailableSize(ssl, rhSize) < 0) { SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } sslFrame = DecryptMessage(ssl, sslFrame, rhSize, @@ -6355,7 +6351,7 @@ static int ProcessMessage(const byte* sslFrame, SnifferSession* session, if (errCode != 0) { if ((enum ContentType)rh.type == application_data) { SetError(BAD_DECRYPT, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } /* do not end session for failures on handshake packets */ return 0; @@ -6380,7 +6376,7 @@ static int ProcessMessage(const byte* sslFrame, SnifferSession* session, if (session->flags.fatalError == 0) SetError(BAD_HANDSHAKE_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } /* DoHandShake now fully decrements sslBytes to remaining */ @@ -6434,7 +6430,7 @@ static int ProcessMessage(const byte* sslFrame, SnifferSession* session, *data = NULL; SetError(MEMORY_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } *data = tmpData; XMEMCPY(*data + decoded, @@ -6454,7 +6450,7 @@ static int ProcessMessage(const byte* sslFrame, SnifferSession* session, stored = StoreDataCb(buf, bufSz, offset, ctx); if (stored <= 0) { - return -1; + return WOLFSSL_FATAL_ERROR; } offset += stored; } while (offset < bufSz); @@ -6462,13 +6458,13 @@ static int ProcessMessage(const byte* sslFrame, SnifferSession* session, else { SetError(STORE_DATA_CB_MISSING_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } #else (void)ctx; SetError(NO_DATA_DEST_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; #endif } TraceAddedData(ret, decoded); @@ -6479,7 +6475,7 @@ static int ProcessMessage(const byte* sslFrame, SnifferSession* session, else { /* set error, but do not treat fatal */ SetError(BAD_APP_DATA_STR, error,session, 0); - return -1; + return WOLFSSL_FATAL_ERROR; } if (ssl->buffers.outputBuffer.dynamicFlag) ShrinkOutputBuffer(ssl); @@ -6500,10 +6496,11 @@ static int ProcessMessage(const byte* sslFrame, SnifferSession* session, case ack: /* TODO */ #endif /* WOLFSSL_DTLS13 */ + case dtls12_cid: case no_type: default: SetError(GOT_UNKNOWN_RECORD_STR, error, session, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } /* do we have another msg in record ? */ @@ -6851,7 +6848,7 @@ int ssl_FreeZeroDecodeBuffer(byte** data, int sz, char* error) (void)error; if (sz < 0) { - return -1; + return WOLFSSL_FATAL_ERROR; } if (data != NULL) { @@ -6874,7 +6871,7 @@ int ssl_Trace(const char* traceFile, char* error) TraceFile = XFOPEN(traceFile, "a"); if (!TraceFile) { SetError(BAD_TRACE_FILE_STR, error, NULL, 0); - return -1; + return WOLFSSL_FATAL_ERROR; } TraceOn = 1; } @@ -6944,7 +6941,7 @@ int ssl_GetSessionStats(unsigned int* active, unsigned int* total, return 0; else { SetError(BAD_SESSION_STATS, error, NULL, 0); - return -1; + return WOLFSSL_FATAL_ERROR; } } @@ -6985,7 +6982,7 @@ int ssl_ResetStatistics(void) int ssl_ReadStatistics(SSLStats* stats) { if (stats == NULL) - return -1; + return WOLFSSL_FATAL_ERROR; LOCK_STAT(); XMEMCPY(stats, &SnifferStats, sizeof(SSLStats)); @@ -6999,7 +6996,7 @@ int ssl_ReadStatistics(SSLStats* stats) int ssl_ReadResetStatistics(SSLStats* stats) { if (stats == NULL) - return -1; + return WOLFSSL_FATAL_ERROR; LOCK_STAT(); XMEMCPY(stats, &SnifferStats, sizeof(SSLStats)); @@ -7045,10 +7042,10 @@ int ssl_SetWatchKey_buffer(void* vSniffer, const byte* key, word32 keySz, int ret; if (vSniffer == NULL) { - return -1; + return WOLFSSL_FATAL_ERROR; } if (key == NULL || keySz == 0) { - return -1; + return WOLFSSL_FATAL_ERROR; } sniffer = (SnifferSession*)vSniffer; @@ -7077,7 +7074,7 @@ int ssl_SetWatchKey_buffer(void* vSniffer, const byte* key, word32 keySz, if (ret != WOLFSSL_SUCCESS) { SetError(KEY_FILE_STR, error, sniffer, FATAL_ERROR_STATE); - return -1; + return WOLFSSL_FATAL_ERROR; } return 0; @@ -7091,10 +7088,10 @@ int ssl_SetWatchKey_file(void* vSniffer, const char* keyFile, int keyType, int ret; if (vSniffer == NULL) { - return -1; + return WOLFSSL_FATAL_ERROR; } if (keyFile == NULL) { - return -1; + return WOLFSSL_FATAL_ERROR; } /* Remap the keyType from what the user can use to @@ -7106,7 +7103,7 @@ int ssl_SetWatchKey_file(void* vSniffer, const char* keyFile, int keyType, if (ret < 0) { SetError(KEY_FILE_STR, error, NULL, 0); XFREE(keyBuf, NULL, DYNAMIC_TYPE_X509); - return -1; + return WOLFSSL_FATAL_ERROR; } ret = ssl_SetWatchKey_buffer(vSniffer, keyBuf, keyBufSz, FILETYPE_DER, diff --git a/src/src/ssl.c b/src/src/ssl.c index 9ba891d..fe81193 100644 --- a/src/src/ssl.c +++ b/src/src/ssl.c @@ -1,6 +1,6 @@ /* ssl.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -25,10 +25,9 @@ #endif #include -#if defined(OPENSSL_EXTRA) && !defined(_WIN32) +#if defined(OPENSSL_EXTRA) && !defined(_WIN32) && !defined(_GNU_SOURCE) /* turn on GNU extensions for XISASCII */ - #undef _GNU_SOURCE - #define _GNU_SOURCE + #define _GNU_SOURCE 1 #endif #if !defined(WOLFCRYPT_ONLY) || defined(OPENSSL_EXTRA) || \ @@ -553,6 +552,18 @@ int wolfSSL_CTX_GetEchConfigs(WOLFSSL_CTX* ctx, byte* output, return GetEchConfigsEx(ctx->echConfigs, output, outputLen); } +void wolfSSL_CTX_SetEchEnable(WOLFSSL_CTX* ctx, byte enable) +{ + if (ctx != NULL) { + ctx->disableECH = !enable; + if (ctx->disableECH) { + TLSX_Remove(&ctx->extensions, TLSX_ECH, ctx->heap); + FreeEchConfigs(ctx->echConfigs, ctx->heap); + ctx->echConfigs = NULL; + } + } +} + /* set the ech config from base64 for our client ssl object, base64 is the * format ech configs are sent using dns records */ int wolfSSL_SetEchConfigsBase64(WOLFSSL* ssl, char* echConfigs64, @@ -841,7 +852,7 @@ int GetEchConfig(WOLFSSL_EchConfig* config, byte* output, word32* outputLen) if (output == NULL) { *outputLen = totalLen; - return LENGTH_ONLY_E; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if (totalLen > *outputLen) { @@ -942,6 +953,18 @@ int wolfSSL_GetEchConfigs(WOLFSSL* ssl, byte* output, word32* outputLen) return GetEchConfigsEx(ssl->echConfigs, output, outputLen); } +void wolfSSL_SetEchEnable(WOLFSSL* ssl, byte enable) +{ + if (ssl != NULL) { + ssl->options.disableECH = !enable; + if (ssl->options.disableECH) { + TLSX_Remove(&ssl->extensions, TLSX_ECH, ssl->heap); + FreeEchConfigs(ssl->echConfigs, ssl->heap); + ssl->echConfigs = NULL; + } + } +} + /* get the raw ech configs from our linked list of ech config structs */ int GetEchConfigsEx(WOLFSSL_EchConfig* configs, byte* output, word32* outputLen) { @@ -986,7 +1009,7 @@ int GetEchConfigsEx(WOLFSSL_EchConfig* configs, byte* output, word32* outputLen) if (output == NULL) { *outputLen = totalLen; - return LENGTH_ONLY_E; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if (totalLen > *outputLen) { @@ -1034,9 +1057,7 @@ WOLFSSL_CTX* wolfSSL_CTX_new_ex(WOLFSSL_METHOD* method, void* heap) if (ret != WOLFSSL_SUCCESS) { WOLFSSL_MSG("wolfSSL_Init failed"); WOLFSSL_LEAVE("wolfSSL_CTX_new_ex", 0); - if (method != NULL) { - XFREE(method, heap, DYNAMIC_TYPE_METHOD); - } + XFREE(method, heap, DYNAMIC_TYPE_METHOD); return NULL; } } @@ -1132,10 +1153,8 @@ void wolfSSL_CTX_free(WOLFSSL_CTX* ctx) #if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) \ && !defined(NO_SHA256) && !defined(WC_NO_RNG) if (ctx->srp != NULL) { - if (ctx->srp_password != NULL){ - XFREE(ctx->srp_password, ctx->heap, DYNAMIC_TYPE_SRP); - ctx->srp_password = NULL; - } + XFREE(ctx->srp_password, ctx->heap, DYNAMIC_TYPE_SRP); + ctx->srp_password = NULL; wc_SrpTerm(ctx->srp); XFREE(ctx->srp, ctx->heap, DYNAMIC_TYPE_SRP); ctx->srp = NULL; @@ -1688,7 +1707,7 @@ const char* wolfSSL_get_shared_ciphers(WOLFSSL* ssl, char* buf, int len) return NULL; cipher = wolfSSL_get_cipher_name_iana(ssl); - len = (int)min((word32)len, (int)(XSTRLEN(cipher) + 1)); + len = (int)min((word32)len, (word32)(XSTRLEN(cipher) + 1)); XMEMCPY(buf, cipher, len); return buf; } @@ -1954,6 +1973,15 @@ int wolfSSL_dtls_set_mtu(WOLFSSL* ssl, word16 newMtu) return WOLFSSL_SUCCESS; } +#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) +int wolfSSL_set_mtu_compat(WOLFSSL* ssl, unsigned short mtu) { + if (wolfSSL_dtls_set_mtu(ssl, mtu) == 0) + return SSL_SUCCESS; + else + return SSL_FAILURE; +} +#endif /* OPENSSL_ALL || OPENSSL_EXTRA */ + #endif /* WOLFSSL_DTLS && (WOLFSSL_SCTP || WOLFSSL_DTLS_MTU) */ #ifdef WOLFSSL_SRTP @@ -2041,7 +2069,7 @@ static int DtlsSrtpSelProfiles(word16* id, const char* profile_str) int wolfSSL_CTX_set_tlsext_use_srtp(WOLFSSL_CTX* ctx, const char* profile_str) { - int ret = WOLFSSL_FAILURE; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); if (ctx != NULL) { ret = DtlsSrtpSelProfiles(&ctx->dtlsSrtpProfiles, profile_str); } @@ -2049,7 +2077,7 @@ int wolfSSL_CTX_set_tlsext_use_srtp(WOLFSSL_CTX* ctx, const char* profile_str) } int wolfSSL_set_tlsext_use_srtp(WOLFSSL* ssl, const char* profile_str) { - int ret = WOLFSSL_FAILURE; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); if (ssl != NULL) { ret = DtlsSrtpSelProfiles(&ssl->dtlsSrtpProfiles, profile_str); } @@ -2094,7 +2122,7 @@ int wolfSSL_export_dtls_srtp_keying_material(WOLFSSL* ssl, } if (out == NULL) { *olen = (size_t)profile->kdfBits; - return LENGTH_ONLY_E; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if (*olen < (size_t)profile->kdfBits) { @@ -2303,7 +2331,7 @@ int wolfSSL_mcast_peer_add(WOLFSSL* ssl, word16 peerId, int sub) } else { WOLFSSL_MSG("No room in peer list."); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } else { @@ -2394,7 +2422,7 @@ int wolfSSL_mcast_set_highwater_ctx(WOLFSSL* ssl, void* ctx) /* return underlying connect or accept, WOLFSSL_SUCCESS on ok */ int wolfSSL_negotiate(WOLFSSL* ssl) { - int err = WOLFSSL_FATAL_ERROR; + int err = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR); WOLFSSL_ENTER("wolfSSL_negotiate"); @@ -2876,8 +2904,9 @@ static int wolfSSL_read_internal(WOLFSSL* ssl, void* data, int sz, int peek) /* make sure bidirectional TLS shutdown completes */ if (ssl->error == WOLFSSL_ERROR_SYSCALL || ssl->options.shutdownDone) { /* ask the underlying transport the connection is closed */ - if (ssl->CBIORecv(ssl, (char*)data, 0, ssl->IOCB_ReadCtx) == - WOLFSSL_CBIO_ERR_CONN_CLOSE) { + if (ssl->CBIORecv(ssl, (char*)data, 0, ssl->IOCB_ReadCtx) + == WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_CONN_CLOSE)) + { ssl->options.isClosed = 1; ssl->error = WOLFSSL_ERROR_ZERO_RETURN; } @@ -2900,9 +2929,9 @@ static int wolfSSL_read_internal(WOLFSSL* ssl, void* data, int sz, int peek) #ifdef HAVE_WRITE_DUP if (ssl->dupWrite) { - if (ssl->error != 0 && ssl->error != WANT_READ + if (ssl->error != 0 && ssl->error != WC_NO_ERR_TRACE(WANT_READ) #ifdef WOLFSSL_ASYNC_CRYPT - && ssl->error != WC_PENDING_E + && ssl->error != WC_NO_ERR_TRACE(WC_PENDING_E) #endif ) { int notifyErr; @@ -3395,7 +3424,7 @@ int wolfSSL_UseALPN(WOLFSSL* ssl, char *protocol_name_list, char *list, *ptr, **token; word16 len; int idx = 0; - int ret = WOLFSSL_FAILURE; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); WOLFSSL_ENTER("wolfSSL_UseALPN"); @@ -3623,7 +3652,7 @@ static int _Rehandshake(WOLFSSL* ssl) ssl->secure_renegotiation->cache_status = SCR_CACHE_NEEDED; -#if !defined(NO_WOLFSSL_SERVER) +#if !defined(NO_WOLFSSL_SERVER) && !defined(WOLFSSL_NO_TLS12) if (ssl->options.side == WOLFSSL_SERVER_END) { ret = SendHelloRequest(ssl); if (ret != 0) { @@ -3631,7 +3660,7 @@ static int _Rehandshake(WOLFSSL* ssl) return WOLFSSL_FATAL_ERROR; } } -#endif /* !NO_WOLFSSL_SERVER */ +#endif /* !NO_WOLFSSL_SERVER && !WOLFSSL_NO_TLS12 */ ret = InitHandshakeHashes(ssl); if (ret != 0) { @@ -3975,7 +4004,7 @@ int wolfSSL_recv(WOLFSSL* ssl, void* data, int sz, int flags) int wolfSSL_SendUserCanceled(WOLFSSL* ssl) { - int ret = WOLFSSL_FAILURE; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); WOLFSSL_ENTER("wolfSSL_recv"); if (ssl != NULL) { @@ -3997,7 +4026,7 @@ int wolfSSL_SendUserCanceled(WOLFSSL* ssl) WOLFSSL_ABI int wolfSSL_shutdown(WOLFSSL* ssl) { - int ret = WOLFSSL_FATAL_ERROR; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR); WOLFSSL_ENTER("wolfSSL_shutdown"); if (ssl == NULL) @@ -4039,7 +4068,7 @@ int wolfSSL_shutdown(WOLFSSL* ssl) /* call wolfSSL_shutdown again for bidirectional shutdown */ if (ssl->options.sentNotify && !ssl->options.closeNotify) { ret = ProcessReply(ssl); - if ((ret == ZERO_RETURN) || + if ((ret == WC_NO_ERR_TRACE(ZERO_RETURN)) || (ret == WC_NO_ERR_TRACE(SOCKET_ERROR_E))) { /* simulate OpenSSL behavior */ ssl->options.shutdownDone = 1; @@ -4097,13 +4126,16 @@ int wolfSSL_get_error(WOLFSSL* ssl, int ret) WOLFSSL_LEAVE("wolfSSL_get_error", ssl->error); /* make sure converted types are handled in SetErrorString() too */ - if (ssl->error == WANT_READ) + if (ssl->error == WC_NO_ERR_TRACE(WANT_READ)) return WOLFSSL_ERROR_WANT_READ; /* convert to OpenSSL type */ - else if (ssl->error == WANT_WRITE) + else if (ssl->error == WC_NO_ERR_TRACE(WANT_WRITE)) return WOLFSSL_ERROR_WANT_WRITE; /* convert to OpenSSL type */ - else if (ssl->error == ZERO_RETURN || ssl->options.shutdownDone) + else if (ssl->error == WC_NO_ERR_TRACE(ZERO_RETURN) || + ssl->options.shutdownDone) return WOLFSSL_ERROR_ZERO_RETURN; /* convert to OpenSSL type */ #ifdef OPENSSL_EXTRA + else if (ssl->error == WC_NO_ERR_TRACE(MATCH_SUITE_ERROR)) + return WOLFSSL_ERROR_SYSCALL; /* convert to OpenSSL type */ else if (ssl->error == WC_NO_ERR_TRACE(SOCKET_PEER_CLOSED_E)) return WOLFSSL_ERROR_SYSCALL; /* convert to OpenSSL type */ #endif @@ -4126,9 +4158,9 @@ int wolfSSL_want(WOLFSSL* ssl) { int rw_state = SSL_NOTHING; if (ssl) { - if (ssl->error == WANT_READ) + if (ssl->error == WC_NO_ERR_TRACE(WANT_READ)) rw_state = SSL_READING; - else if (ssl->error == WANT_WRITE) + else if (ssl->error == WC_NO_ERR_TRACE(WANT_WRITE)) rw_state = SSL_WRITING; } return rw_state; @@ -4139,7 +4171,7 @@ int wolfSSL_want(WOLFSSL* ssl) int wolfSSL_want_read(WOLFSSL* ssl) { WOLFSSL_ENTER("wolfSSL_want_read"); - if (ssl->error == WANT_READ) + if (ssl->error == WC_NO_ERR_TRACE(WANT_READ)) return 1; return 0; @@ -4150,7 +4182,7 @@ int wolfSSL_want_read(WOLFSSL* ssl) int wolfSSL_want_write(WOLFSSL* ssl) { WOLFSSL_ENTER("wolfSSL_want_write"); - if (ssl->error == WANT_WRITE) + if (ssl->error == WC_NO_ERR_TRACE(WANT_WRITE)) return 1; return 0; @@ -4549,7 +4581,7 @@ int wolfSSL_GetCipherType(WOLFSSL* ssl) if (ssl->specs.cipher_type == aead) return WOLFSSL_AEAD_TYPE; - return -1; + return WOLFSSL_FATAL_ERROR; } @@ -4665,7 +4697,7 @@ int wolfSSL_pending(WOLFSSL* ssl) if (ssl == NULL) return WOLFSSL_FAILURE; - return ssl->buffers.clearOutputBuffer.length; + return (int)ssl->buffers.clearOutputBuffer.length; } int wolfSSL_has_pending(const WOLFSSL* ssl) @@ -4834,6 +4866,20 @@ int wolfSSL_GetVersion(const WOLFSSL* ssl) break; } } +#ifdef WOLFSSL_DTLS + if (ssl->version.major == DTLS_MAJOR) { + switch (ssl->version.minor) { + case DTLS_MINOR : + return WOLFSSL_DTLSV1; + case DTLSv1_2_MINOR : + return WOLFSSL_DTLSV1_2; + case DTLSv1_3_MINOR : + return WOLFSSL_DTLSV1_3; + default: + break; + } + } +#endif /* WOLFSSL_DTLS */ return VERSION_ERROR; } @@ -5094,6 +5140,42 @@ Signer* GetCA(void* vp, byte* hash) return ret; } +#if defined(HAVE_OCSP) +Signer* GetCAByKeyHash(void* vp, const byte* keyHash) +{ + WOLFSSL_CERT_MANAGER* cm = (WOLFSSL_CERT_MANAGER*)vp; + Signer* ret = NULL; + Signer* signers; + int row; + + if (cm == NULL || keyHash == NULL) + return NULL; + + /* try lookup using keyHash as subjKeyID first */ + ret = GetCA(vp, (byte*)keyHash); + if (ret != NULL && XMEMCMP(ret->subjectKeyHash, keyHash, KEYID_SIZE) == 0) { + return ret; + } + + /* if we can't find the cert, we have to scan the full table */ + if (wc_LockMutex(&cm->caLock) != 0) + return NULL; + + /* Unfortunately we need to look through the entire table */ + for (row = 0; row < CA_TABLE_SIZE && ret == NULL; row++) { + for (signers = cm->caTable[row]; signers != NULL; + signers = signers->next) { + if (XMEMCMP(signers->subjectKeyHash, keyHash, KEYID_SIZE) == 0) { + ret = signers; + break; + } + } + } + + wc_UnLockMutex(&cm->caLock); + return ret; +} +#endif #ifdef WOLFSSL_AKID_NAME Signer* GetCAByAKID(void* vp, const byte* issuer, word32 issuerSz, const byte* serial, word32 serialSz) @@ -5349,6 +5431,13 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify) #endif InitDecodedCert(cert, der->buffer, der->length, cm->heap); + +#ifdef WC_ASN_UNKNOWN_EXT_CB + if (cm->unknownExtCallback != NULL) { + wc_SetUnknownExtCallback(cert, cm->unknownExtCallback); + } +#endif + ret = ParseCert(cert, CA_TYPE, verify, cm); WOLFSSL_MSG("\tParsed new CA"); @@ -5446,13 +5535,15 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify) } } - if (ret == 0 && cert->isCA == 0 && type != WOLFSSL_USER_CA) { + if (ret == 0 && cert->isCA == 0 && type != WOLFSSL_USER_CA && + type != WOLFSSL_TEMP_CA) { WOLFSSL_MSG("\tCan't add as CA if not actually one"); ret = NOT_CA_ERROR; } #ifndef ALLOW_INVALID_CERTSIGN else if (ret == 0 && cert->isCA == 1 && type != WOLFSSL_USER_CA && - !cert->selfSigned && (cert->extKeyUsage & KEYUSE_KEY_CERT_SIGN) == 0) { + type != WOLFSSL_TEMP_CA && !cert->selfSigned && + (cert->extKeyUsage & KEYUSE_KEY_CERT_SIGN) == 0) { /* Intermediate CA certs are required to have the keyCertSign * extension set. User loaded root certs are not. */ WOLFSSL_MSG("\tDoesn't have key usage certificate signing"); @@ -5932,6 +6023,17 @@ int wolfSSL_SetCRL_Cb(WOLFSSL* ssl, CbMissingCRL cb) return BAD_FUNC_ARG; } +int wolfSSL_SetCRL_ErrorCb(WOLFSSL* ssl, crlErrorCb cb, void* ctx) +{ + WOLFSSL_ENTER("wolfSSL_SetCRL_Cb"); + if (ssl) { + SSL_CM_WARNING(ssl); + return wolfSSL_CertManagerSetCRL_ErrorCb(SSL_CM(ssl), cb, ctx); + } + else + return BAD_FUNC_ARG; +} + #ifdef HAVE_CRL_IO int wolfSSL_SetCRL_IOCb(WOLFSSL* ssl, CbCrlIO cb) { @@ -5997,6 +6099,15 @@ int wolfSSL_CTX_SetCRL_Cb(WOLFSSL_CTX* ctx, CbMissingCRL cb) return BAD_FUNC_ARG; } +int wolfSSL_CTX_SetCRL_ErrorCb(WOLFSSL_CTX* ctx, crlErrorCb cb, void* cbCtx) +{ + WOLFSSL_ENTER("wolfSSL_CTX_SetCRL_ErrorCb"); + if (ctx) + return wolfSSL_CertManagerSetCRL_ErrorCb(ctx->cm, cb, cbCtx); + else + return BAD_FUNC_ARG; +} + #ifdef HAVE_CRL_IO int wolfSSL_CTX_SetCRL_IOCb(WOLFSSL_CTX* ctx, CbCrlIO cb) { @@ -6194,7 +6305,7 @@ static int check_cert_key(DerBuffer* cert, DerBuffer* key, DerBuffer* altKey, #endif word32 size; byte* buff; - int ret = WOLFSSL_FAILURE; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); WOLFSSL_ENTER("check_cert_key"); @@ -6238,7 +6349,7 @@ static int check_cert_key(DerBuffer* cert, DerBuffer* key, DerBuffer* altKey, if (ret == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) #endif /* WOLF_PRIVATE_KEY_ID */ { - ret = wc_CheckPrivateKeyCert(buff, size, der, 0); + ret = wc_CheckPrivateKeyCert(buff, size, der, 0, heap); ret = (ret == 1) ? WOLFSSL_SUCCESS: WOLFSSL_FAILURE; } @@ -6298,7 +6409,7 @@ static int check_cert_key(DerBuffer* cert, DerBuffer* key, DerBuffer* altKey, if (ret == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) #endif /* WOLF_PRIVATE_KEY_ID */ { - ret = wc_CheckPrivateKeyCert(buff, size, der, 1); + ret = wc_CheckPrivateKeyCert(buff, size, der, 1, heap); ret = (ret == 1) ? WOLFSSL_SUCCESS: WOLFSSL_FAILURE; } } @@ -6482,7 +6593,7 @@ static int d2iTryRsaKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem, #endif if (!isRsaKey) { - return -1; + return WOLFSSL_FATAL_ERROR; } if (*out != NULL) { @@ -6566,7 +6677,7 @@ static int d2iTryEccKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem, #endif if (!isEccKey) { - return -1; + return WOLFSSL_FATAL_ERROR; } if (*out != NULL) { @@ -6654,7 +6765,7 @@ static int d2iTryDsaKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem, /* test if DSA key */ if (!isDsaKey) { - return -1; + return WOLFSSL_FATAL_ERROR; } if (*out != NULL) { @@ -6738,7 +6849,7 @@ static int d2iTryDhKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem, /* test if DH key */ if (!isDhKey) { - return -1; + return WOLFSSL_FATAL_ERROR; } if (*out != NULL) { @@ -6822,7 +6933,7 @@ static int d2iTryAltDhKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem, #endif if (ret != 0) { - return -1; + return WOLFSSL_FATAL_ERROR; } if (*out != NULL) { @@ -6937,7 +7048,7 @@ static int d2iTryFalconKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem, #endif if (!isFalcon) { - return -1; + return WOLFSSL_FATAL_ERROR; } if (*out != NULL) { @@ -7022,7 +7133,7 @@ static int d2iTryDilithiumKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem, #endif if (!isDilithium) { - return -1; + return WOLFSSL_FATAL_ERROR; } if (*out != NULL) { @@ -7132,29 +7243,51 @@ WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY( WOLFSSL_PKCS8_PRIV_KEY_INFO* pkcs8 = NULL; #ifdef WOLFSSL_PEM_TO_DER int ret; - DerBuffer* der = NULL; + DerBuffer* pkcs8Der = NULL; + DerBuffer rawDer; + EncryptedInfo info; + int advanceLen = 0; + + XMEMSET(&info, 0, sizeof(info)); + XMEMSET(&rawDer, 0, sizeof(rawDer)); if (keyBuf == NULL || *keyBuf == NULL || keyLen <= 0) { WOLFSSL_MSG("Bad key PEM/DER args"); return NULL; } - ret = PemToDer(*keyBuf, keyLen, PRIVATEKEY_TYPE, &der, NULL, NULL, NULL); + ret = PemToDer(*keyBuf, keyLen, PRIVATEKEY_TYPE, &pkcs8Der, NULL, &info, + NULL); if (ret < 0) { WOLFSSL_MSG("Not PEM format"); - ret = AllocDer(&der, (word32)keyLen, PRIVATEKEY_TYPE, NULL); + ret = AllocDer(&pkcs8Der, (word32)keyLen, PRIVATEKEY_TYPE, NULL); if (ret == 0) { - XMEMCPY(der->buffer, *keyBuf, keyLen); + XMEMCPY(pkcs8Der->buffer, *keyBuf, keyLen); } } + else { + advanceLen = (int)info.consumed; + } if (ret == 0) { /* Verify this is PKCS8 Key */ word32 inOutIdx = 0; word32 algId; - ret = ToTraditionalInline_ex(der->buffer, &inOutIdx, der->length, - &algId); + ret = ToTraditionalInline_ex(pkcs8Der->buffer, &inOutIdx, + pkcs8Der->length, &algId); if (ret >= 0) { + if (advanceLen == 0) /* Set only if not PEM */ + advanceLen = inOutIdx + ret; + if (algId == DHk) { + /* Special case for DH as we expect the DER buffer to be always + * be in PKCS8 format */ + rawDer.buffer = pkcs8Der->buffer; + rawDer.length = inOutIdx + ret; + } + else { + rawDer.buffer = pkcs8Der->buffer + inOutIdx; + rawDer.length = ret; + } ret = 0; /* good DER */ } } @@ -7165,21 +7298,24 @@ WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY( ret = MEMORY_E; } if (ret == 0) { - pkcs8->pkey.ptr = (char*)XMALLOC(der->length, NULL, + pkcs8->pkey.ptr = (char*)XMALLOC(rawDer.length, NULL, DYNAMIC_TYPE_PUBLIC_KEY); if (pkcs8->pkey.ptr == NULL) ret = MEMORY_E; } if (ret == 0) { - XMEMCPY(pkcs8->pkey.ptr, der->buffer, der->length); - pkcs8->pkey_sz = (int)der->length; + XMEMCPY(pkcs8->pkey.ptr, rawDer.buffer, rawDer.length); + pkcs8->pkey_sz = (int)rawDer.length; } - FreeDer(&der); + FreeDer(&pkcs8Der); if (ret != 0) { wolfSSL_EVP_PKEY_free(pkcs8); pkcs8 = NULL; } + else { + *keyBuf += advanceLen; + } if (pkey != NULL) { *pkey = pkcs8; } @@ -7192,6 +7328,48 @@ WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY( return pkcs8; } +#ifdef OPENSSL_ALL +int wolfSSL_i2d_PKCS8_PKEY(WOLFSSL_PKCS8_PRIV_KEY_INFO* key, unsigned char** pp) +{ + word32 keySz = 0; + unsigned char* out; + int len; + + WOLFSSL_ENTER("wolfSSL_i2d_PKCS8_PKEY"); + + if (key == NULL) + return WOLFSSL_FATAL_ERROR; + + if (pkcs8_encode(key, NULL, &keySz) != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) + return WOLFSSL_FATAL_ERROR; + len = (int)keySz; + + if (pp == NULL) + return len; + + if (*pp == NULL) { + out = (unsigned char*)XMALLOC(len, NULL, DYNAMIC_TYPE_ASN1); + if (out == NULL) + return WOLFSSL_FATAL_ERROR; + } + else { + out = *pp; + } + + if (pkcs8_encode(key, out, &keySz) != len) { + if (*pp == NULL) + XFREE(out, NULL, DYNAMIC_TYPE_ASN1); + return WOLFSSL_FATAL_ERROR; + } + + if (*pp == NULL) + *pp = out; + else + *pp += len; + + return len; +} +#endif #ifndef NO_BIO /* put SSL type in extra for now, not very common */ @@ -8337,6 +8515,8 @@ static int CheckcipherList(const char* list) char name[MAX_SUITE_NAME + 1]; word32 length = MAX_SUITE_NAME; word32 current_length; + byte major = INVALID_BYTE; + byte minor = INVALID_BYTE; next = XSTRSTR(next, ":"); @@ -8361,10 +8541,10 @@ static int CheckcipherList(const char* list) break; } - ret = wolfSSL_get_cipher_suite_from_name(name, &cipherSuite0, - &cipherSuite1, &flags); + ret = GetCipherSuiteFromName(name, &cipherSuite0, + &cipherSuite1, &major, &minor, &flags); if (ret == 0) { - if (cipherSuite0 == TLS13_BYTE) { + if (cipherSuite0 == TLS13_BYTE || minor == TLSv1_3_MINOR) { /* TLSv13 suite */ findTLSv13Suites = 1; } @@ -8465,10 +8645,6 @@ static int wolfSSL_parse_cipher_list(WOLFSSL_CTX* ctx, WOLFSSL* ssl, } /* list contains ciphers either only for TLS 1.3 or <= TLS 1.2 */ - if (suites->suiteSz == 0) { - WOLFSSL_MSG("Warning suites->suiteSz = 0 set to WOLFSSL_MAX_SUITE_SZ"); - suites->suiteSz = WOLFSSL_MAX_SUITE_SZ; - } #ifdef WOLFSSL_SMALL_STACK if (suites->suiteSz > 0) { suitesCpy = (byte*)XMALLOC(suites->suiteSz, NULL, @@ -8495,6 +8671,12 @@ static int wolfSSL_parse_cipher_list(WOLFSSL_CTX* ctx, WOLFSSL* ssl, return WOLFSSL_FAILURE; } + /* The idea in this section is that OpenSSL has two API to set ciphersuites. + * - SSL_CTX_set_cipher_list for setting TLS <= 1.2 suites + * - SSL_CTX_set_ciphersuites for setting TLS 1.3 suites + * Since we direct both API here we attempt to provide API compatibility. If + * we only get suites from <= 1.2 or == 1.3 then we will only update those + * suites and keep the suites from the other group. */ for (i = 0; i < suitesCpySz && suites->suiteSz <= (WOLFSSL_MAX_SUITE_SZ - SUITE_LEN); i += 2) { /* Check for duplicates */ @@ -8884,14 +9066,14 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl) int result = WOLFSSL_SUCCESS; WOLFSSL_ENTER("wolfSSL_dtls_got_timeout"); - if (ssl == NULL) + if (ssl == NULL || !ssl->options.dtls) return WOLFSSL_FATAL_ERROR; #ifdef WOLFSSL_DTLS13 - if (ssl->options.dtls && IsAtLeastTLSv1_3(ssl->version)) { + if (IsAtLeastTLSv1_3(ssl->version)) { result = Dtls13RtxTimeout(ssl); if (result < 0) { - if (result == WANT_WRITE) + if (result == WC_NO_ERR_TRACE(WANT_WRITE)) ssl->dtls13SendingAckOrRtx = 1; ssl->error = result; WOLFSSL_ERROR(result); @@ -8902,7 +9084,8 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl) } #endif /* WOLFSSL_DTLS13 */ - if ((IsSCR(ssl) || !ssl->options.handShakeDone)) { + /* Do we have any 1.2 messages stored? */ + if (ssl->dtls_tx_msg_list != NULL || ssl->dtls_tx_msg != NULL) { if (DtlsMsgPoolTimeout(ssl) < 0){ ssl->error = SOCKET_ERROR_E; WOLFSSL_ERROR(ssl->error); @@ -9231,7 +9414,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, #ifdef WOLFSSL_ASYNC_CRYPT /* do not send buffered or advance state if last error was an async pending operation */ - && ssl->error != WC_PENDING_E + && ssl->error != WC_NO_ERR_TRACE(WC_PENDING_E) #endif ) { ret = SendBuffered(ssl); @@ -9330,7 +9513,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, * should just ignore the message */ ssl->dtls13Rtx.sendAcks = 0; if ((ssl->error = SendDtls13Ack(ssl)) < 0) { - if (ssl->error == WANT_WRITE) + if (ssl->error == WC_NO_ERR_TRACE(WANT_WRITE)) ssl->dtls13SendingAckOrRtx = 1; WOLFSSL_ERROR(ssl->error); return WOLFSSL_FATAL_ERROR; @@ -9431,7 +9614,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, ProcessReplyEx(ssl, 1); /* See if an alert was sent. */ #endif #ifdef WOLFSSL_EXTRA_ALERTS - if (ssl->error == NO_PEER_KEY || + if (ssl->error == WC_NO_ERR_TRACE(NO_PEER_KEY) || ssl->error == WC_NO_ERR_TRACE(PSK_KEY_ERROR)) { SendAlert(ssl, alert_fatal, handshake_failure); } @@ -9782,7 +9965,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, #ifdef WOLFSSL_ASYNC_CRYPT /* do not send buffered or advance state if last error was an async pending operation */ - && ssl->error != WC_PENDING_E + && ssl->error != WC_NO_ERR_TRACE(WC_PENDING_E) #endif ) { ret = SendBuffered(ssl); @@ -10098,7 +10281,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, WOLFSSL_LEAVE("wolfSSL_accept", WOLFSSL_SUCCESS); return WOLFSSL_SUCCESS; - default : + default: WOLFSSL_MSG("Unknown accept state ERROR"); return WOLFSSL_FATAL_ERROR; } @@ -10315,6 +10498,25 @@ int wolfSSL_check_domain_name(WOLFSSL* ssl, const char* dn) } } +#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) +const char *wolfSSL_get0_peername(WOLFSSL *ssl) { + if (ssl == NULL) { + return NULL; + } + + if (ssl->buffers.domainName.buffer) + return (const char *)ssl->buffers.domainName.buffer; + else if (ssl->session && ssl->session->peer) + return ssl->session->peer->subjectCN; + else if (ssl->peerCert.subjectCN[0]) + return ssl->peerCert.subjectCN; + else { + ssl->error = NO_PEER_CERT; + return NULL; + } +} + +#endif /* SESSION_CERTS && OPENSSL_EXTRA */ /* turn on wolfSSL zlib compression returns WOLFSSL_SUCCESS for success, else error (not built in) @@ -10357,7 +10559,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) sending += (int)iov[i].iov_len; if (sending > (int)sizeof(staticBuffer)) { - myBuffer = (byte*)XMALLOC(sending, ssl->heap, + myBuffer = (byte*)XMALLOC((size_t)sending, ssl->heap, DYNAMIC_TYPE_WRITEV); if (!myBuffer) return MEMORY_ERROR; @@ -10432,7 +10634,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) static int wolfSSL_ex_wrapper(WOLFSSL* ssl, HandShakeCallBack hsCb, TimeoutCallBack toCb, WOLFSSL_TIMEVAL timeout) { - int ret = WOLFSSL_FATAL_ERROR; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR); int oldTimerOn = 0; /* was timer already on */ WOLFSSL_TIMEVAL startTime; WOLFSSL_TIMEVAL endTime; @@ -10887,8 +11089,11 @@ int wolfSSL_set_compression(WOLFSSL* ssl) { WOLFSSL_ENTER("wolfSSL_OpenSSL_add_all_algorithms_noconf"); - if (wolfSSL_add_all_algorithms() == WOLFSSL_FATAL_ERROR) + if (wolfSSL_add_all_algorithms() == + WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) + { return WOLFSSL_FATAL_ERROR; + } return WOLFSSL_SUCCESS; } @@ -10901,7 +11106,9 @@ int wolfSSL_set_compression(WOLFSSL* ssl) the use of a wolfssl.cnf type configuration file and is only used for OpenSSL compatibility. */ - if (wolfSSL_add_all_algorithms() == WOLFSSL_FATAL_ERROR) { + if (wolfSSL_add_all_algorithms() == + WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) + { return WOLFSSL_FATAL_ERROR; } return WOLFSSL_SUCCESS; @@ -10930,7 +11137,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) #ifdef OPENSSL_EXTRA #ifndef NO_BIO - void wolfSSL_set_bio(WOLFSSL* ssl, WOLFSSL_BIO* rd, WOLFSSL_BIO* wr) + static void ssl_set_bio(WOLFSSL* ssl, WOLFSSL_BIO* rd, WOLFSSL_BIO* wr, int flags) { WOLFSSL_ENTER("wolfSSL_set_bio"); @@ -10941,8 +11148,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl) /* free any existing WOLFSSL_BIOs in use but don't free those in * a chain */ - if (ssl->biord != NULL) { - if (ssl->biord != ssl->biowr) { + if ((flags & WOLFSSL_BIO_FLAG_READ) && (ssl->biord != NULL)) { + if ((flags & WOLFSSL_BIO_FLAG_WRITE) && (ssl->biord != ssl->biowr)) { if (ssl->biowr != NULL && ssl->biowr->prev != NULL) wolfSSL_BIO_free(ssl->biowr); ssl->biowr = NULL; @@ -10951,21 +11158,33 @@ int wolfSSL_set_compression(WOLFSSL* ssl) wolfSSL_BIO_free(ssl->biord); ssl->biord = NULL; } + else if ((flags & WOLFSSL_BIO_FLAG_WRITE) && (ssl->biowr != NULL)) { + if (ssl->biowr->prev != NULL) + wolfSSL_BIO_free(ssl->biowr); + ssl->biowr = NULL; + } + /* set flag obviously */ if (rd && !(rd->flags & WOLFSSL_BIO_FLAG_READ)) rd->flags |= WOLFSSL_BIO_FLAG_READ; if (wr && !(wr->flags & WOLFSSL_BIO_FLAG_WRITE)) wr->flags |= WOLFSSL_BIO_FLAG_WRITE; - ssl->biord = rd; - ssl->biowr = wr; + if (flags & WOLFSSL_BIO_FLAG_READ) + ssl->biord = rd; + if (flags & WOLFSSL_BIO_FLAG_WRITE) + ssl->biowr = wr; /* set SSL to use BIO callbacks instead */ - if (((ssl->cbioFlag & WOLFSSL_CBIO_RECV) == 0)) { - ssl->CBIORecv = BioReceive; + if ((flags & WOLFSSL_BIO_FLAG_READ) && + (((ssl->cbioFlag & WOLFSSL_CBIO_RECV) == 0))) + { + ssl->CBIORecv = SslBioReceive; } - if (((ssl->cbioFlag & WOLFSSL_CBIO_SEND) == 0)) { - ssl->CBIOSend = BioSend; + if ((flags & WOLFSSL_BIO_FLAG_WRITE) && + (((ssl->cbioFlag & WOLFSSL_CBIO_SEND) == 0))) + { + ssl->CBIOSend = SslBioSend; } /* User programs should always retry reading from these BIOs */ @@ -10978,6 +11197,22 @@ int wolfSSL_set_compression(WOLFSSL* ssl) BIO_set_retry_read(wr); } } + + void wolfSSL_set_bio(WOLFSSL* ssl, WOLFSSL_BIO* rd, WOLFSSL_BIO* wr) + { + ssl_set_bio(ssl, rd, wr, WOLFSSL_BIO_FLAG_READ | WOLFSSL_BIO_FLAG_WRITE); + } + + void wolfSSL_set_rbio(WOLFSSL* ssl, WOLFSSL_BIO* rd) + { + ssl_set_bio(ssl, rd, NULL, WOLFSSL_BIO_FLAG_READ); + } + + void wolfSSL_set_wbio(WOLFSSL* ssl, WOLFSSL_BIO* wr) + { + ssl_set_bio(ssl, NULL, wr, WOLFSSL_BIO_FLAG_WRITE); + } + #endif /* !NO_BIO */ #endif /* OPENSSL_EXTRA */ @@ -11272,8 +11507,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) return WOLFSSL_FAILURE; } - if (wolfSSL_sk_X509_NAME_push(ctx->client_ca_names, nameCopy) != - WOLFSSL_SUCCESS) { + if (wolfSSL_sk_X509_NAME_push(ctx->client_ca_names, nameCopy) <= 0) { WOLFSSL_MSG("wolfSSL_sk_X509_NAME_push error"); wolfSSL_X509_NAME_free(nameCopy); return WOLFSSL_FAILURE; @@ -11297,7 +11531,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) WOLFSSL_BIO* bio = NULL; WOLFSSL_X509 *cert = NULL; WOLFSSL_X509_NAME *nameCopy = NULL; - unsigned long err = WOLFSSL_FAILURE; + unsigned long err = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); WOLFSSL_ENTER("wolfSSL_load_client_CA_file"); @@ -11328,8 +11562,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) */ nameCopy->x509 = NULL; - if (wolfSSL_sk_X509_NAME_push(list, nameCopy) != - WOLFSSL_SUCCESS) { + if (wolfSSL_sk_X509_NAME_push(list, nameCopy) <= 0) { WOLFSSL_MSG("wolfSSL_sk_X509_NAME_push error"); /* Do free in loop because nameCopy is now responsibility * of list to free and adding jumps to cleanup after this @@ -11490,16 +11723,12 @@ int wolfSSL_set_compression(WOLFSSL* ssl) wc_FreeRng(&rng); return WOLFSSL_FAILURE; } - if (ctx->srp_password != NULL){ - XFREE(ctx->srp_password,NULL, - DYNAMIC_TYPE_SRP); - ctx->srp_password = NULL; - } + XFREE(ctx->srp_password, NULL, DYNAMIC_TYPE_SRP); + ctx->srp_password = NULL; wc_FreeRng(&rng); } else { /* save password for wolfSSL_set_srp_username */ - if (ctx->srp_password != NULL) - XFREE(ctx->srp_password,ctx->heap, DYNAMIC_TYPE_SRP); + XFREE(ctx->srp_password, ctx->heap, DYNAMIC_TYPE_SRP); ctx->srp_password = (byte*)XMALLOC(XSTRLEN(password) + 1, ctx->heap, DYNAMIC_TYPE_SRP); @@ -11673,7 +11902,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) WOLFSSL_MSG("wolfSSL options are set through API calls and macros"); if(ctx == NULL) return BAD_FUNC_ARG; - return ctx->mask; + return (long)ctx->mask; } /* forward declaration */ @@ -11686,7 +11915,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) if (ctx == NULL) return BAD_FUNC_ARG; - ctx->mask = wolf_set_options(ctx->mask, opt); + ctx->mask = (unsigned long)wolf_set_options((long)ctx->mask, opt); #if defined(HAVE_SESSION_TICKET) && (defined(OPENSSL_EXTRA) \ || defined(HAVE_WEBSERVER) || defined(WOLFSSL_WPAS_SMALL)) if ((ctx->mask & WOLFSSL_OP_NO_TICKET) == WOLFSSL_OP_NO_TICKET) { @@ -11702,7 +11931,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) #endif */ #endif - return ctx->mask; + return (long)ctx->mask; } long wolfSSL_CTX_clear_options(WOLFSSL_CTX* ctx, long opt) @@ -11710,8 +11939,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl) WOLFSSL_ENTER("wolfSSL_CTX_clear_options"); if(ctx == NULL) return BAD_FUNC_ARG; - ctx->mask &= ~opt; - return ctx->mask; + ctx->mask &= (unsigned long)~opt; + return (long)ctx->mask; } #ifdef OPENSSL_EXTRA @@ -12129,8 +12358,9 @@ int wolfSSL_get_peer_tmp_key(const WOLFSSL* ssl, WOLFSSL_EVP_PKEY** pkey) int sz; PRIVATE_KEY_UNLOCK(); - if (wc_ecc_export_x963(ssl->peerEccKey, NULL, &derSz) != - LENGTH_ONLY_E) { + if (wc_ecc_export_x963(ssl->peerEccKey, NULL, &derSz) + != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) + { WOLFSSL_MSG("get ecc der size failed"); PRIVATE_KEY_LOCK(); return WOLFSSL_FAILURE; @@ -12530,7 +12760,7 @@ static int Set_CTX_max_proto_version(WOLFSSL_CTX* ctx, int ver) int wolfSSL_CTX_set_max_proto_version(WOLFSSL_CTX* ctx, int version) { int i; - int ret = WOLFSSL_FAILURE; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); int minProto; WOLFSSL_ENTER("wolfSSL_CTX_set_max_proto_version"); @@ -12651,7 +12881,7 @@ static int Set_SSL_min_proto_version(WOLFSSL* ssl, int ver) int wolfSSL_set_min_proto_version(WOLFSSL* ssl, int version) { int i; - int ret = WOLFSSL_FAILURE;; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);; WOLFSSL_ENTER("wolfSSL_set_min_proto_version"); @@ -12719,7 +12949,7 @@ static int Set_SSL_max_proto_version(WOLFSSL* ssl, int ver) int wolfSSL_set_max_proto_version(WOLFSSL* ssl, int version) { int i; - int ret = WOLFSSL_FAILURE;; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);; WOLFSSL_ENTER("wolfSSL_set_max_proto_version"); @@ -12857,7 +13087,7 @@ int wolfSSL_CTX_get_max_proto_version(WOLFSSL_CTX* ctx) WOLFSSL_LEAVE("wolfSSL_CTX_get_max_proto_version", ret); - if (ret == WOLFSSL_FATAL_ERROR) { + if (ret == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) { WOLFSSL_MSG("Error getting max proto version"); ret = 0; /* setting ret to 0 to match compat return */ } @@ -13031,6 +13261,10 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, ssl->keys.encryptionOn = 0; XMEMSET(&ssl->msgsReceived, 0, sizeof(ssl->msgsReceived)); + FreeCiphers(ssl); + InitCiphers(ssl); + InitCipherSpecs(&ssl->specs); + if (InitSSL_Suites(ssl) != WOLFSSL_SUCCESS) return WOLFSSL_FAILURE; @@ -13045,7 +13279,11 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, #ifdef WOLFSSL_QUIC wolfSSL_quic_clear(ssl); #endif - +#ifdef HAVE_OCSP +#if defined(WOLFSSL_TLS13) && defined(HAVE_CERTIFICATE_STATUS_REQUEST) + ssl->response_idx = 0; +#endif +#endif return WOLFSSL_SUCCESS; } @@ -13074,7 +13312,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, } /* SSL_MODE_AUTO_RETRY - * Should not return -1 with renegotiation on read/write */ + * Should not return WOLFSSL_FATAL_ERROR with renegotiation on read/write */ return mode; } @@ -13101,7 +13339,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, } /* SSL_MODE_AUTO_RETRY - * Should not return -1 with renegotiation on read/write */ + * Should not return WOLFSSL_FATAL_ERROR with renegotiation on read/write */ return 0; } @@ -13410,7 +13648,7 @@ static int PushCAx509Chain(WOLFSSL_CERT_MANAGER* cm, i--; for (; i >= 0; i--) { if (push) { - if (wolfSSL_sk_X509_push(sk, issuer[i]) != WOLFSSL_SUCCESS) { + if (wolfSSL_sk_X509_push(sk, issuer[i]) <= 0) { wolfSSL_X509_free(issuer[i]); ret = WOLFSSL_FATAL_ERROR; push = 0; /* Free the rest of the unpushed certs */ @@ -13456,13 +13694,13 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_set_peer_cert_chain(WOLFSSL* ssl) * first if we have one for this cert */ SSL_CM_WARNING(ssl); if (PushCAx509Chain(SSL_CM(ssl), x509, sk) - == WOLFSSL_FATAL_ERROR) { + == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) { ret = WOLFSSL_FATAL_ERROR; } } #endif - if (ret != 0 || wolfSSL_sk_X509_push(sk, x509) != WOLFSSL_SUCCESS) { + if (ret != 0 || wolfSSL_sk_X509_push(sk, x509) <= 0) { WOLFSSL_MSG("Error decoding cert"); wolfSSL_X509_free(x509); wolfSSL_sk_X509_pop_free(sk, NULL); @@ -13552,71 +13790,85 @@ static WC_INLINE int compare_WOLFSSL_CIPHER( (a->bits == b->bits)) return 0; else - return -1; + return WOLFSSL_FATAL_ERROR; } #endif /* OPENSSL_ALL || WOLFSSL_QT */ -/* return 1 on success 0 on fail */ +/* return number of elements on success 0 on fail */ int wolfSSL_sk_push(WOLFSSL_STACK* sk, const void *data) +{ + WOLFSSL_ENTER("wolfSSL_sk_push"); + + return wolfSSL_sk_insert(sk, data, 0); +} + +/* return number of elements on success 0 on fail */ +int wolfSSL_sk_insert(WOLFSSL_STACK *sk, const void *data, int idx) { WOLFSSL_STACK* node; #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) WOLFSSL_CIPHER ciph; #endif - WOLFSSL_ENTER("wolfSSL_sk_push"); + WOLFSSL_ENTER("wolfSSL_sk_insert"); - if (!sk) { + if (!sk) + return WOLFSSL_FATAL_ERROR; + if (!data) return WOLFSSL_FAILURE; - } - /* Check if empty data */ - switch (sk->type) { - case STACK_TYPE_CIPHER: + if (idx == 0 || sk->num == 0) { + /* Check if empty data */ + switch (sk->type) { + case STACK_TYPE_CIPHER: #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) - /* check if entire struct is zero */ - XMEMSET(&ciph, 0, sizeof(WOLFSSL_CIPHER)); - if (compare_WOLFSSL_CIPHER(&sk->data.cipher, &ciph) == 0) { - sk->data.cipher = *(WOLFSSL_CIPHER*)data; - sk->num = 1; - if (sk->hash_fn) { - sk->hash = sk->hash_fn(&sk->data.cipher); + /* check if entire struct is zero */ + XMEMSET(&ciph, 0, sizeof(WOLFSSL_CIPHER)); + if (compare_WOLFSSL_CIPHER(&sk->data.cipher, &ciph) == 0) { + sk->data.cipher = *(WOLFSSL_CIPHER*)data; + sk->num = 1; + if (sk->hash_fn) { + sk->hash = sk->hash_fn(&sk->data.cipher); + } + return (int)sk->num; } - return WOLFSSL_SUCCESS; - } - break; + if (sk->num == 0) + sk->num = 1; /* confirmed at least one element */ + break; #endif - case STACK_TYPE_X509: - case STACK_TYPE_GEN_NAME: - case STACK_TYPE_BIO: - case STACK_TYPE_OBJ: - case STACK_TYPE_STRING: - case STACK_TYPE_ACCESS_DESCRIPTION: - case STACK_TYPE_X509_EXT: - case STACK_TYPE_X509_REQ_ATTR: - case STACK_TYPE_NULL: - case STACK_TYPE_X509_NAME: - case STACK_TYPE_X509_NAME_ENTRY: - case STACK_TYPE_CONF_VALUE: - case STACK_TYPE_X509_INFO: - case STACK_TYPE_BY_DIR_entry: - case STACK_TYPE_BY_DIR_hash: - case STACK_TYPE_X509_OBJ: - case STACK_TYPE_DIST_POINT: - case STACK_TYPE_X509_CRL: - default: - /* All other types are pointers */ - if (!sk->data.generic) { - sk->data.generic = (void*)data; - sk->num = 1; + case STACK_TYPE_X509: + case STACK_TYPE_GEN_NAME: + case STACK_TYPE_BIO: + case STACK_TYPE_OBJ: + case STACK_TYPE_STRING: + case STACK_TYPE_ACCESS_DESCRIPTION: + case STACK_TYPE_X509_EXT: + case STACK_TYPE_X509_REQ_ATTR: + case STACK_TYPE_NULL: + case STACK_TYPE_X509_NAME: + case STACK_TYPE_X509_NAME_ENTRY: + case STACK_TYPE_CONF_VALUE: + case STACK_TYPE_X509_INFO: + case STACK_TYPE_BY_DIR_entry: + case STACK_TYPE_BY_DIR_hash: + case STACK_TYPE_X509_OBJ: + case STACK_TYPE_DIST_POINT: + case STACK_TYPE_X509_CRL: + default: + /* All other types are pointers */ + if (!sk->data.generic) { + sk->data.generic = (void*)data; + sk->num = 1; #ifdef OPENSSL_ALL - if (sk->hash_fn) { - sk->hash = sk->hash_fn(sk->data.generic); - } + if (sk->hash_fn) + sk->hash = sk->hash_fn(sk->data.generic); #endif - return WOLFSSL_SUCCESS; - } - break; + return (int)sk->num; + } + if (sk->num == 0) + sk->num = 1; /* confirmed at least one element */ + break; + } } /* stack already has value(s) create a new node and add more */ @@ -13625,26 +13877,71 @@ int wolfSSL_sk_push(WOLFSSL_STACK* sk, const void *data) WOLFSSL_MSG("Memory error"); return WOLFSSL_FAILURE; } - - /* push new x509 onto head of stack */ - node->next = sk->next; node->type = sk->type; - sk->next = node; sk->num += 1; - #ifdef OPENSSL_ALL node->hash_fn = sk->hash_fn; - node->hash = sk->hash; - sk->hash = 0; #endif + + if (idx == 0) { + /* Special case where we need to change the values in the head element + * to avoid changing the initial pointer. */ + /* push new item onto head of stack */ + node->next = sk->next; + sk->next = node; +#ifdef OPENSSL_ALL + node->hash = sk->hash; + sk->hash = 0; +#endif + switch (sk->type) { + case STACK_TYPE_CIPHER: +#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) + node->data.cipher = sk->data.cipher; + sk->data.cipher = *(WOLFSSL_CIPHER*)data; + if (sk->hash_fn) { + sk->hash = sk->hash_fn(&sk->data.cipher); + } + break; +#endif + case STACK_TYPE_X509: + case STACK_TYPE_GEN_NAME: + case STACK_TYPE_BIO: + case STACK_TYPE_OBJ: + case STACK_TYPE_STRING: + case STACK_TYPE_ACCESS_DESCRIPTION: + case STACK_TYPE_X509_EXT: + case STACK_TYPE_X509_REQ_ATTR: + case STACK_TYPE_NULL: + case STACK_TYPE_X509_NAME: + case STACK_TYPE_X509_NAME_ENTRY: + case STACK_TYPE_CONF_VALUE: + case STACK_TYPE_X509_INFO: + case STACK_TYPE_BY_DIR_entry: + case STACK_TYPE_BY_DIR_hash: + case STACK_TYPE_X509_OBJ: + case STACK_TYPE_DIST_POINT: + case STACK_TYPE_X509_CRL: + default: + /* All other types are pointers */ + node->data.generic = sk->data.generic; + sk->data.generic = (void*)data; +#ifdef OPENSSL_ALL + if (sk->hash_fn) + sk->hash = sk->hash_fn(sk->data.generic); +#endif + break; + } + + return (int)sk->num; + } + + /* populate node */ switch (sk->type) { case STACK_TYPE_CIPHER: #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) - node->data.cipher = sk->data.cipher; - sk->data.cipher = *(WOLFSSL_CIPHER*)data; - if (sk->hash_fn) { - sk->hash = sk->hash_fn(&sk->data.cipher); - } + node->data.cipher = *(WOLFSSL_CIPHER*)data; + if (node->hash_fn) + node->hash = node->hash_fn(&node->data.cipher); break; #endif case STACK_TYPE_X509: @@ -13667,17 +13964,25 @@ int wolfSSL_sk_push(WOLFSSL_STACK* sk, const void *data) case STACK_TYPE_X509_CRL: default: /* All other types are pointers */ - node->data.generic = sk->data.generic; - sk->data.generic = (void*)data; + node->data.generic = (void*)data; #ifdef OPENSSL_ALL - if (sk->hash_fn) { - sk->hash = sk->hash_fn(sk->data.generic); - } + if (node->hash_fn) + node->hash = node->hash_fn(node->data.generic); #endif break; } + { + /* insert node into stack. not using sk since we return sk->num after */ + WOLFSSL_STACK* prev_node = sk; + while (idx != 0 && prev_node->next != NULL) { + prev_node = prev_node->next; + idx--; + } + node->next = prev_node->next; + prev_node->next = node; + } - return WOLFSSL_SUCCESS; + return (int)sk->num; } #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ @@ -14106,7 +14411,8 @@ int wolfSSL_get_cipher_suite_from_name(const char* name, byte* cipherSuite0, (cipherSuite == NULL) || (flags == NULL)) return BAD_FUNC_ARG; - return GetCipherSuiteFromName(name, cipherSuite0, cipherSuite, flags); + return GetCipherSuiteFromName(name, cipherSuite0, cipherSuite, NULL, NULL, + flags); } @@ -14149,7 +14455,7 @@ word32 wolfSSL_CIPHER_get_id(const WOLFSSL_CIPHER* cipher) WOLFSSL_ENTER("wolfSSL_CIPHER_get_id"); if (cipher && cipher->ssl) { - cipher_id = (cipher->ssl->options.cipherSuite0 << 8) | + cipher_id = (word16)(cipher->ssl->options.cipherSuite0 << 8) | cipher->ssl->options.cipherSuite; } @@ -14247,9 +14553,6 @@ const char* wolfSSL_get_curve_name(WOLFSSL* ssl) return "P384_KYBER_LEVEL3"; case WOLFSSL_P521_KYBER_LEVEL5: return "P521_KYBER_LEVEL5"; -#elif defined(HAVE_PQM4) - case WOLFSSL_KYBER_LEVEL1: - return "KYBER_LEVEL1"; #elif defined(WOLFSSL_WC_KYBER) #ifdef WOLFSSL_KYBER512 case WOLFSSL_KYBER_LEVEL1: @@ -14549,7 +14852,9 @@ int wolfSSL_sk_CIPHER_description(WOLFSSL_CIPHER* cipher) authStr = GetCipherAuthStr(n); /* encStr */ encStr = GetCipherEncStr(n); - if ((cipher->bits = SetCipherBits(encStr)) == WOLFSSL_FAILURE) { + if ((cipher->bits = SetCipherBits(encStr)) == + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) + { WOLFSSL_MSG("Cipher Bits Not Set."); } /* macStr */ @@ -14805,7 +15110,7 @@ static WC_INLINE const char* wolfssl_mac_to_string(int mac) macStr = "SHA1"; break; #endif -#ifdef HAVE_SHA224 +#ifdef WOLFSSL_SHA224 case sha224_mac: macStr = "SHA224"; break; @@ -14815,12 +15120,12 @@ static WC_INLINE const char* wolfssl_mac_to_string(int mac) macStr = "SHA256"; break; #endif -#ifdef HAVE_SHA384 +#ifdef WOLFSSL_SHA384 case sha384_mac: macStr = "SHA384"; break; #endif -#ifdef HAVE_SHA512 +#ifdef WOLFSSL_SHA512 case sha512_mac: macStr = "SHA512"; break; @@ -14894,20 +15199,80 @@ char* wolfSSL_CIPHER_description(const WOLFSSL_CIPHER* cipher, char* in, return ret; } - -#ifndef NO_WOLFSSL_STUB -int wolfSSL_OCSP_parse_url(char* url, char** host, char** port, char** path, - int* ssl) +int wolfSSL_OCSP_parse_url(const char* url, char** host, char** port, + char** path, int* ssl) { - (void)url; - (void)host; - (void)port; - (void)path; - (void)ssl; - WOLFSSL_STUB("OCSP_parse_url"); - return 0; + const char* u = url; + const char* upath; /* path in u */ + const char* uport; /* port in u */ + const char* hostEnd; + + WOLFSSL_ENTER("OCSP_parse_url"); + + *host = NULL; + *port = NULL; + *path = NULL; + *ssl = 0; + + if (*(u++) != 'h') goto err; + if (*(u++) != 't') goto err; + if (*(u++) != 't') goto err; + if (*(u++) != 'p') goto err; + if (*u == 's') { + *ssl = 1; + u++; + *port = CopyString("443", -1, NULL, DYNAMIC_TYPE_OPENSSL); + } + else if (*u == ':') { + *ssl = 0; + *port = CopyString("80", -1, NULL, DYNAMIC_TYPE_OPENSSL); + } + else + goto err; + if (*port == NULL) + goto err; + if (*(u++) != ':') goto err; + if (*(u++) != '/') goto err; + if (*(u++) != '/') goto err; + + /* Look for path */ + upath = XSTRSTR(u, "/"); + *path = CopyString(upath == NULL ? "/" : upath, -1, NULL, + DYNAMIC_TYPE_OPENSSL); + + /* Look for port */ + uport = XSTRSTR(u, ":"); + if (uport != NULL) { + if (*(++uport) == '\0') + goto err; + /* port must be before path */ + if (upath != NULL && uport >= upath) + goto err; + XFREE(*port, NULL, DYNAMIC_TYPE_OPENSSL); + *port = CopyString(uport, upath != NULL ? (int)(upath - uport) : -1, + NULL, DYNAMIC_TYPE_OPENSSL); + if (*port == NULL) + goto err; + hostEnd = uport - 1; + } + else + hostEnd = upath; + + *host = CopyString(u, hostEnd != NULL ? (int)(hostEnd - u) : -1, NULL, + DYNAMIC_TYPE_OPENSSL); + if (*host == NULL) + goto err; + + return WOLFSSL_SUCCESS; +err: + XFREE(*host, NULL, DYNAMIC_TYPE_OPENSSL); + *host = NULL; + XFREE(*port, NULL, DYNAMIC_TYPE_OPENSSL); + *port = NULL; + XFREE(*path, NULL, DYNAMIC_TYPE_OPENSSL); + *path = NULL; + return WOLFSSL_FAILURE; } -#endif #ifndef NO_WOLFSSL_STUB WOLFSSL_COMP_METHOD* wolfSSL_COMP_zlib(void) @@ -14915,17 +15280,13 @@ WOLFSSL_COMP_METHOD* wolfSSL_COMP_zlib(void) WOLFSSL_STUB("COMP_zlib"); return 0; } -#endif -#ifndef NO_WOLFSSL_STUB WOLFSSL_COMP_METHOD* wolfSSL_COMP_rle(void) { WOLFSSL_STUB("COMP_rle"); return 0; } -#endif -#ifndef NO_WOLFSSL_STUB int wolfSSL_COMP_add_compression_method(int method, void* data) { (void)method; @@ -14933,10 +15294,18 @@ int wolfSSL_COMP_add_compression_method(int method, void* data) WOLFSSL_STUB("COMP_add_compression_method"); return 0; } -#endif -#ifndef NO_WOLFSSL_STUB -const char* wolfSSL_COMP_get_name(const void* comp) +const WOLFSSL_COMP_METHOD* wolfSSL_get_current_compression(const WOLFSSL *ssl) { + (void)ssl; + return NULL; +} + +const WOLFSSL_COMP_METHOD* wolfSSL_get_current_expansion(const WOLFSSL *ssl) { + (void)ssl; + return NULL; +} + +const char* wolfSSL_COMP_get_name(const WOLFSSL_COMP_METHOD *comp) { static const char ret[] = "not supported"; @@ -15287,7 +15656,7 @@ int wolfSSL_ERR_GET_REASON(unsigned long err) /* Nginx looks for this error to know to stop parsing certificates. * Same for HAProxy. */ if (err == ((ERR_LIB_PEM << 24) | PEM_R_NO_START_LINE) || - ((err & 0xFFFFFFL) == -ASN_NO_PEM_HEADER) || + ((err & 0xFFFFFFL) == -WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER)) || ((err & 0xFFFL) == PEM_R_NO_START_LINE )) return PEM_R_NO_START_LINE; if (err == ((ERR_LIB_SSL << 24) | -SSL_R_HTTP_REQUEST)) @@ -15302,7 +15671,9 @@ int wolfSSL_ERR_GET_REASON(unsigned long err) ret = 0 - ret; /* setting as negative value */ /* wolfCrypt range is less than MAX (-100) wolfSSL range is MIN (-300) and lower */ - if (ret < MAX_CODE_E && ret > MIN_CODE_E) { + if ((ret <= WC_FIRST_E && ret >= WC_LAST_E) || + (ret <= WOLFSSL_FIRST_E && ret >= WOLFSSL_LAST_E)) + { return ret; } else { @@ -15774,7 +16145,7 @@ long wolfSSL_set_options(WOLFSSL* ssl, long op) return 0; } - ssl->options.mask = wolf_set_options(ssl->options.mask, op); + ssl->options.mask = (unsigned long)wolf_set_options((long)ssl->options.mask, op); if ((ssl->options.mask & WOLFSSL_OP_NO_TLSv1_3) == WOLFSSL_OP_NO_TLSv1_3) { WOLFSSL_MSG("Disabling TLS 1.3"); @@ -15840,11 +16211,14 @@ long wolfSSL_set_options(WOLFSSL* ssl, long op) else { /* Only preserve overlapping suites */ Suites tmpSuites; - word16 in, out, haveECDSAsig = 0; - word16 haveStaticECC = ssl->options.haveStaticECC; + word16 in, out; + word16 haveECDSAsig, haveStaticECC; #ifdef NO_RSA haveECDSAsig = 1; haveStaticECC = 1; +#else + haveECDSAsig = 0; + haveStaticECC = ssl->options.haveStaticECC; #endif XMEMSET(&tmpSuites, 0, sizeof(Suites)); /* Get all possible ciphers and sigalgs for the version. Following @@ -15877,7 +16251,7 @@ long wolfSSL_set_options(WOLFSSL* ssl, long op) } } - return ssl->options.mask; + return (long)ssl->options.mask; } @@ -15886,7 +16260,7 @@ long wolfSSL_get_options(const WOLFSSL* ssl) WOLFSSL_ENTER("wolfSSL_get_options"); if(ssl == NULL) return WOLFSSL_FAILURE; - return ssl->options.mask; + return (long)ssl->options.mask; } #if defined(HAVE_SECURE_RENEGOTIATION) \ @@ -16844,7 +17218,7 @@ int wolfSSL_sk_SSL_COMP_num(WOLF_STACK_OF(WOLFSSL_COMP)* sk) #if defined(HAVE_EX_DATA) && !defined(NO_FILESYSTEM) int wolfSSL_cmp_peer_cert_to_file(WOLFSSL* ssl, const char *fname) { - int ret = WOLFSSL_FATAL_ERROR; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR); WOLFSSL_ENTER("wolfSSL_cmp_peer_cert_to_file"); if (ssl != NULL && fname != NULL) @@ -17826,7 +18200,7 @@ int wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN* chain, int idx, NULL, &szNeeded) != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) return WOLFSSL_FAILURE; *outLen = szNeeded + headerLen + footerLen; - return LENGTH_ONLY_E; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); } /* don't even try if inLen too short */ @@ -18838,7 +19212,7 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl) #endif if (o == NULL) { - return -1; + return WOLFSSL_FATAL_ERROR; } #ifdef WOLFSSL_QT @@ -18858,7 +19232,7 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl) byte* buf = (byte*)XMALLOC(len, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (!buf) { WOLFSSL_MSG("malloc error"); - return -1; + return WOLFSSL_FATAL_ERROR; } idx = SetObjectId(o->objSz, buf); XMEMCPY(buf + idx, o->obj, o->objSz); @@ -18867,12 +19241,12 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl) XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (ret < 0) { WOLFSSL_MSG("Issue getting OID of object"); - return -1; + return WOLFSSL_FATAL_ERROR; } } else { WOLFSSL_MSG("Issue getting OID of object"); - return -1; + return WOLFSSL_FATAL_ERROR; } } @@ -19137,11 +19511,11 @@ unsigned long wolfSSL_ERR_peek_last_error_line(const char **file, int *line) } #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) \ || defined(WOLFSSL_HAPROXY) - if (ret == -ASN_NO_PEM_HEADER) + if (ret == -WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER)) return (ERR_LIB_PEM << 24) | PEM_R_NO_START_LINE; #endif #if defined(OPENSSL_ALL) && defined(WOLFSSL_PYTHON) - if (ret == ASN1_R_HEADER_TOO_LONG) { + if (ret == WC_NO_ERR_TRACE(ASN1_R_HEADER_TOO_LONG)) { return (ERR_LIB_ASN1 << 24) | ASN1_R_HEADER_TOO_LONG; } #endif @@ -19168,7 +19542,7 @@ static int crypto_ex_cb_new(CRYPTO_EX_cb_ctx** dst, long ctx_l, void* ctx_ptr, CRYPTO_EX_cb_ctx* new_ctx = (CRYPTO_EX_cb_ctx*)XMALLOC( sizeof(CRYPTO_EX_cb_ctx), NULL, DYNAMIC_TYPE_OPENSSL); if (new_ctx == NULL) - return -1; + return WOLFSSL_FATAL_ERROR; new_ctx->ctx_l = ctx_l; new_ctx->ctx_ptr = ctx_ptr; new_ctx->new_func = new_func; @@ -19272,7 +19646,7 @@ int wolfssl_get_ex_new_index(int class_index, long ctx_l, void* ctx_ptr, case WOLF_CRYPTO_EX_INDEX_SSL_SESSION: if (crypto_ex_cb_new(&crypto_ex_cb_ctx_session, ctx_l, ctx_ptr, new_func, dup_func, free_func) != 0) - return -1; + return WOLFSSL_FATAL_ERROR; idx = ssl_session_idx++; break; @@ -19293,7 +19667,7 @@ int wolfssl_get_ex_new_index(int class_index, long ctx_l, void* ctx_ptr, break; } if (idx >= MAX_EX_DATA) - return -1; + return WOLFSSL_FATAL_ERROR; return idx; } #endif /* HAVE_EX_DATA || WOLFSSL_WPAS_SMALL */ @@ -19488,11 +19862,15 @@ void wolfSSL_certs_clear(WOLFSSL* ssl) return; /* ctx still owns certificate, certChain, key, dh, and cm */ - if (ssl->buffers.weOwnCert) + if (ssl->buffers.weOwnCert) { FreeDer(&ssl->buffers.certificate); + ssl->buffers.weOwnCert = 0; + } ssl->buffers.certificate = NULL; - if (ssl->buffers.weOwnCertChain) + if (ssl->buffers.weOwnCertChain) { FreeDer(&ssl->buffers.certChain); + ssl->buffers.weOwnCertChain = 0; + } ssl->buffers.certChain = NULL; #ifdef WOLFSSL_TLS13 ssl->buffers.certChainCnt = 0; @@ -19502,6 +19880,7 @@ void wolfSSL_certs_clear(WOLFSSL* ssl) #ifdef WOLFSSL_BLIND_PRIVATE_KEY FreeDer(&ssl->buffers.keyMask); #endif + ssl->buffers.weOwnKey = 0; } ssl->buffers.key = NULL; #ifdef WOLFSSL_BLIND_PRIVATE_KEY @@ -19518,6 +19897,7 @@ void wolfSSL_certs_clear(WOLFSSL* ssl) #ifdef WOLFSSL_BLIND_PRIVATE_KEY FreeDer(&ssl->buffers.altKeyMask); #endif + ssl->buffers.weOwnAltKey = 0; } ssl->buffers.altKey = NULL; #ifdef WOLFSSL_BLIND_PRIVATE_KEY @@ -19971,7 +20351,7 @@ int wolfSSL_FIPS_mode_set(int r) int wolfSSL_CIPHER_get_bits(const WOLFSSL_CIPHER *c, int *alg_bits) { - int ret = WOLFSSL_FAILURE; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); WOLFSSL_ENTER("wolfSSL_CIPHER_get_bits"); #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) @@ -20092,25 +20472,82 @@ WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx) ssl->ctx = ctx; #ifndef NO_CERTS +#ifdef WOLFSSL_COPY_CERT + /* If WOLFSSL_COPY_CERT defined, always make new copy of cert from ctx */ + if (ctx->certificate != NULL) { + if (ssl->buffers.certificate != NULL) { + FreeDer(&ssl->buffers.certificate); + ssl->buffers.certificate = NULL; + } + ret = AllocCopyDer(&ssl->buffers.certificate, ctx->certificate->buffer, + ctx->certificate->length, ctx->certificate->type, + ctx->certificate->heap); + if (ret != 0) { + ssl->buffers.weOwnCert = 0; + return NULL; + } + + ssl->buffers.weOwnCert = 1; + } + if (ctx->certChain != NULL) { + if (ssl->buffers.certChain != NULL) { + FreeDer(&ssl->buffers.certChain); + ssl->buffers.certChain = NULL; + } + ret = AllocCopyDer(&ssl->buffers.certChain, ctx->certChain->buffer, + ctx->certChain->length, ctx->certChain->type, + ctx->certChain->heap); + if (ret != 0) { + ssl->buffers.weOwnCertChain = 0; + return NULL; + } + + ssl->buffers.weOwnCertChain = 1; + } +#else /* ctx owns certificate, certChain and key */ ssl->buffers.certificate = ctx->certificate; ssl->buffers.certChain = ctx->certChain; +#endif #ifdef WOLFSSL_TLS13 ssl->buffers.certChainCnt = ctx->certChainCnt; #endif #ifndef WOLFSSL_BLIND_PRIVATE_KEY +#ifdef WOLFSSL_COPY_KEY + if (ctx->privateKey != NULL) { + if (ssl->buffers.key != NULL) { + FreeDer(&ssl->buffers.key); + ssl->buffers.key = NULL; + } + ret = AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer, + ctx->privateKey->length, ctx->privateKey->type, + ctx->privateKey->heap); + if (ret != 0) { + ssl->buffers.weOwnKey = 0; + return NULL; + } + ssl->buffers.weOwnKey = 1; + } + else { + ssl->buffers.key = ctx->privateKey; + } +#else ssl->buffers.key = ctx->privateKey; +#endif #else if (ctx->privateKey != NULL) { - AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer, + ret = AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer, ctx->privateKey->length, ctx->privateKey->type, ctx->privateKey->heap); + if (ret != 0) { + return NULL; + } /* Blind the private key for the SSL with new random mask. */ wolfssl_priv_der_unblind(ssl->buffers.key, ctx->privateKeyMask); ret = wolfssl_priv_der_blind(ssl->rng, ssl->buffers.key, &ssl->buffers.keyMask); if (ret != 0) { - return ret; + return NULL; } } #endif @@ -20132,15 +20569,18 @@ WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx) ssl->buffers.altKey = ctx->altPrivateKey; #else if (ctx->altPrivateKey != NULL) { - AllocCopyDer(&ssl->buffers.altkey, ctx->altPrivateKey->buffer, + ret = AllocCopyDer(&ssl->buffers.altkey, ctx->altPrivateKey->buffer, ctx->altPrivateKey->length, ctx->altPrivateKey->type, ctx->altPrivateKey->heap); + if (ret != 0) { + return NULL; + } /* Blind the private key for the SSL with new random mask. */ wolfssl_priv_der_unblind(ssl->buffers.altKey, ctx->altPrivateKeyMask); ret = wolfssl_priv_der_blind(ssl->rng, ssl->buffers.altKey, &ssl->buffers.altKeyMask); if (ret != 0) { - return ret; + return NULL; } } #endif @@ -20168,7 +20608,7 @@ VerifyCallback wolfSSL_CTX_get_verify_callback(WOLFSSL_CTX* ctx) } #ifdef HAVE_SNI -/* this is a compatibily function, consider using +/* this is a compatibility function, consider using * wolfSSL_CTX_set_servername_callback */ int wolfSSL_CTX_set_tlsext_servername_callback(WOLFSSL_CTX* ctx, CallbackSniRecv cb) @@ -20260,10 +20700,10 @@ unsigned long wolfSSL_ERR_peek_last_error(void) WOLFSSL_MSG("Issue peeking at error node in queue"); return 0; } - if (ret == -ASN_NO_PEM_HEADER) + if (ret == -WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER)) return (ERR_LIB_PEM << 24) | PEM_R_NO_START_LINE; #if defined(WOLFSSL_PYTHON) - if (ret == ASN1_R_HEADER_TOO_LONG) + if (ret == WC_NO_ERR_TRACE(ASN1_R_HEADER_TOO_LONG)) return (ERR_LIB_ASN1 << 24) | ASN1_R_HEADER_TOO_LONG; #endif return (unsigned long)ret; @@ -21249,8 +21689,7 @@ void wolfSSL_WOLFSSL_STRING_free(WOLFSSL_STRING s) { WOLFSSL_ENTER("wolfSSL_WOLFSSL_STRING_free"); - if (s != NULL) - XFREE(s, NULL, DYNAMIC_TYPE_OPENSSL); + XFREE(s, NULL, DYNAMIC_TYPE_OPENSSL); } void wolfSSL_sk_WOLFSSL_STRING_free(WOLF_STACK_OF(WOLFSSL_STRING)* sk) @@ -21460,12 +21899,12 @@ const WOLF_EC_NIST_NAME kNistCurves[] = { #endif #ifdef WOLFSSL_HAVE_KYBER {CURVE_NAME("KYBER_LEVEL1"), WOLFSSL_KYBER_LEVEL1, WOLFSSL_KYBER_LEVEL1}, - {CURVE_NAME("KYBER_LEVEL3"), WOLFSSL_KYBER_LEVEL3, WOLFSSL_KYBER_LEVEL1}, - {CURVE_NAME("KYBER_LEVEL5"), WOLFSSL_KYBER_LEVEL5, WOLFSSL_KYBER_LEVEL1}, + {CURVE_NAME("KYBER_LEVEL3"), WOLFSSL_KYBER_LEVEL3, WOLFSSL_KYBER_LEVEL3}, + {CURVE_NAME("KYBER_LEVEL5"), WOLFSSL_KYBER_LEVEL5, WOLFSSL_KYBER_LEVEL5}, #if (defined(WOLFSSL_WC_KYBER) || defined(HAVE_LIBOQS)) && defined(HAVE_ECC) {CURVE_NAME("P256_KYBER_LEVEL1"), WOLFSSL_P256_KYBER_LEVEL1, WOLFSSL_P256_KYBER_LEVEL1}, - {CURVE_NAME("P384_KYBER_LEVEL3"), WOLFSSL_P384_KYBER_LEVEL3, WOLFSSL_P256_KYBER_LEVEL1}, - {CURVE_NAME("P521_KYBER_LEVEL5"), WOLFSSL_P521_KYBER_LEVEL5, WOLFSSL_P256_KYBER_LEVEL1}, + {CURVE_NAME("P384_KYBER_LEVEL3"), WOLFSSL_P384_KYBER_LEVEL3, WOLFSSL_P384_KYBER_LEVEL3}, + {CURVE_NAME("P521_KYBER_LEVEL5"), WOLFSSL_P521_KYBER_LEVEL5, WOLFSSL_P521_KYBER_LEVEL5}, #endif #endif #ifdef WOLFSSL_SM2 @@ -21618,9 +22057,9 @@ int set_curves_list(WOLFSSL* ssl, WOLFSSL_CTX *ctx, const char* names, #endif /* HAVE_SUPPORTED_CURVES */ } - if (ssl) + if (ssl != NULL) ssl->disabledCurves = disabled; - else + else if (ctx != NULL) ctx->disabledCurves = disabled; ret = WOLFSSL_SUCCESS; @@ -22646,7 +23085,7 @@ int oid2nid(word32 oid, int grp) } } - return -1; + return WOLFSSL_FATAL_ERROR; } /* frees all nodes in the current threads error queue @@ -22663,7 +23102,7 @@ void wolfSSL_ERR_remove_state(unsigned long id) } } -#endif /* OPENSSL_EXTRA */ +#endif /* OPENSSL_EXTRA */ #ifdef OPENSSL_ALL @@ -23240,6 +23679,18 @@ int wolfSSL_CTX_set_ecdh_auto(WOLFSSL_CTX* ctx, int onoff) return WOLFSSL_SUCCESS; } +/* wolfSSL_CTX_set_dh_auto is provided as compatible API with + * SSL_CTX_set_dh_auto to enable auto dh selection functionality. + * Since this functionality is enabled by default in wolfSSL, + * this API exists as a stub. + */ +int wolfSSL_CTX_set_dh_auto(WOLFSSL_CTX* ctx, int onoff) +{ + (void)ctx; + (void)onoff; + return WOLFSSL_SUCCESS; +} + /** * set security level (wolfSSL doesn't support security level) * @param ctx a pointer to WOLFSSL_EVP_PKEY_CTX structure @@ -23273,7 +23724,7 @@ void wolfSSL_CTX_set_keylog_callback(WOLFSSL_CTX* ctx, wolfSSL_CTX_keylog_cb_func cb) { WOLFSSL_ENTER("wolfSSL_CTX_set_keylog_callback"); - /* stores the callback into WOLFSSL_CTX */ + /* stores the callback into WOLFSSL_CTX */ if (ctx != NULL) { ctx->keyLogCb = cb; } @@ -23284,14 +23735,92 @@ wolfSSL_CTX_keylog_cb_func wolfSSL_CTX_get_keylog_callback( WOLFSSL_ENTER("wolfSSL_CTX_get_keylog_callback"); if (ctx != NULL) return ctx->keyLogCb; - else - return NULL; + return NULL; } #endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK */ #endif /* OPENSSL_EXTRA */ -#ifndef NO_CERTS +#ifdef WOLFSSL_THREADED_CRYPT +int wolfSSL_AsyncEncryptReady(WOLFSSL* ssl, int idx) +{ + ThreadCrypt* encrypt; + + if (ssl == NULL) { + return 0; + } + + encrypt = &ssl->buffers.encrypt[idx]; + return (encrypt->avail == 0) && (encrypt->done == 0); +} + +int wolfSSL_AsyncEncryptStop(WOLFSSL* ssl, int idx) +{ + ThreadCrypt* encrypt; + + if (ssl == NULL) { + return 1; + } + + encrypt = &ssl->buffers.encrypt[idx]; + return encrypt->stop; +} + +int wolfSSL_AsyncEncrypt(WOLFSSL* ssl, int idx) +{ + int ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN); + ThreadCrypt* encrypt = &ssl->buffers.encrypt[idx]; + + if (ssl->specs.bulk_cipher_algorithm == wolfssl_aes_gcm) { + unsigned char* out = encrypt->buffer.buffer + encrypt->offset; + unsigned char* input = encrypt->buffer.buffer + encrypt->offset; + word32 encSz = encrypt->buffer.length - encrypt->offset; + + ret = +#if !defined(NO_GCM_ENCRYPT_EXTRA) && \ + ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) + wc_AesGcmEncrypt_ex +#else + wc_AesGcmEncrypt +#endif + (encrypt->encrypt.aes, + out + AESGCM_EXP_IV_SZ, input + AESGCM_EXP_IV_SZ, + encSz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size, + encrypt->nonce, AESGCM_NONCE_SZ, + out + encSz - ssl->specs.aead_mac_size, + ssl->specs.aead_mac_size, + encrypt->additional, AEAD_AUTH_DATA_SZ); +#if !defined(NO_PUBLIC_GCM_SET_IV) && \ + ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) + XMEMCPY(out, encrypt->nonce + AESGCM_IMP_IV_SZ, AESGCM_EXP_IV_SZ); +#endif + encrypt->done = 1; + } + + return ret; +} + +int wolfSSL_AsyncEncryptSetSignal(WOLFSSL* ssl, int idx, + WOLFSSL_THREAD_SIGNAL signal, void* ctx) +{ + int ret = 0; + + if (ssl == NULL) { + ret = BAD_FUNC_ARG; + } + else { + ssl->buffers.encrypt[idx].signal = signal; + ssl->buffers.encrypt[idx].signalCtx = ctx; + } + + return ret; +} +#endif + + +#ifndef NO_CERT #define WOLFSSL_X509_INCLUDED #include "src/x509.c" #endif @@ -23561,10 +24090,8 @@ int wolfSSL_BUF_MEM_resize(WOLFSSL_BUF_MEM* buf, size_t len) void wolfSSL_BUF_MEM_free(WOLFSSL_BUF_MEM* buf) { if (buf) { - if (buf->data) { - XFREE(buf->data, NULL, DYNAMIC_TYPE_OPENSSL); - buf->data = NULL; - } + XFREE(buf->data, NULL, DYNAMIC_TYPE_OPENSSL); + buf->data = NULL; buf->max = 0; buf->length = 0; XFREE(buf, NULL, DYNAMIC_TYPE_OPENSSL); @@ -23609,7 +24136,7 @@ static int wolfSSL_RAND_InitMutex(void) */ int wolfSSL_RAND_Init(void) { - int ret = WOLFSSL_FAILURE; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); #ifdef HAVE_GLOBAL_RNG if (wc_LockMutex(&globalRNGMutex) == 0) { if (initGlobalRNG == 0) { @@ -23665,7 +24192,7 @@ int wolfSSL_RAND_seed(const void* seed, int len) */ const char* wolfSSL_RAND_file_name(char* fname, unsigned long len) { -#if !defined(NO_FILESYSTEM) && defined(XGETENV) +#if !defined(NO_FILESYSTEM) && defined(XGETENV) && !defined(NO_GETENV) char* rt; WOLFSSL_ENTER("wolfSSL_RAND_file_name"); @@ -23676,6 +24203,7 @@ const char* wolfSSL_RAND_file_name(char* fname, unsigned long len) XMEMSET(fname, 0, len); +/* // NOLINTBEGIN(concurrency-mt-unsafe) */ if ((rt = XGETENV("RANDFILE")) != NULL) { if (len > XSTRLEN(rt)) { XMEMCPY(fname, rt, XSTRLEN(rt)); @@ -23685,6 +24213,7 @@ const char* wolfSSL_RAND_file_name(char* fname, unsigned long len) rt = NULL; } } +/* // NOLINTEND(concurrency-mt-unsafe) */ /* $RANDFILE was not set or is too large, check $HOME */ if (rt == NULL) { @@ -23692,6 +24221,7 @@ const char* wolfSSL_RAND_file_name(char* fname, unsigned long len) WOLFSSL_MSG("Environment variable RANDFILE not set"); +/* // NOLINTBEGIN(concurrency-mt-unsafe) */ if ((rt = XGETENV("HOME")) == NULL) { #ifdef XALTHOMEVARNAME if ((rt = XGETENV(XALTHOMEVARNAME)) == NULL) { @@ -23704,6 +24234,7 @@ const char* wolfSSL_RAND_file_name(char* fname, unsigned long len) return NULL; #endif } +/* // NOLINTEND(concurrency-mt-unsafe) */ if (len > XSTRLEN(rt) + XSTRLEN(ap)) { fname[0] = '\0'; @@ -24139,8 +24670,7 @@ int wolfSSL_RAND_bytes(unsigned char* buf, int num) if (initTmpRng) wc_FreeRng(tmpRNG); #ifdef WOLFSSL_SMALL_STACK - if (tmpRNG) - XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG); + XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG); #endif return ret; @@ -24626,7 +25156,7 @@ void wolfSSL_aes_ctr_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, int doset, #if defined(OPENSSL_EXTRA) && !defined(WC_NO_RNG) && defined(HAVE_HASHDRBG) int wolfSSL_FIPS_drbg_init(WOLFSSL_DRBG_CTX *ctx, int type, unsigned int flags) { - int ret = WOLFSSL_FAILURE; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); if (ctx != NULL) { XMEMSET(ctx, 0, sizeof(WOLFSSL_DRBG_CTX)); ctx->type = type; @@ -24638,7 +25168,7 @@ int wolfSSL_FIPS_drbg_init(WOLFSSL_DRBG_CTX *ctx, int type, unsigned int flags) } WOLFSSL_DRBG_CTX* wolfSSL_FIPS_drbg_new(int type, unsigned int flags) { - int ret = WOLFSSL_FAILURE; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); WOLFSSL_DRBG_CTX* ctx = (WOLFSSL_DRBG_CTX*)XMALLOC(sizeof(WOLFSSL_DRBG_CTX), NULL, DYNAMIC_TYPE_OPENSSL); ret = wolfSSL_FIPS_drbg_init(ctx, type, flags); @@ -24655,7 +25185,7 @@ WOLFSSL_DRBG_CTX* wolfSSL_FIPS_drbg_new(int type, unsigned int flags) int wolfSSL_FIPS_drbg_instantiate(WOLFSSL_DRBG_CTX* ctx, const unsigned char* pers, size_t perslen) { - int ret = WOLFSSL_FAILURE; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); if (ctx != NULL && ctx->rng == NULL) { #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \ (defined(HAVE_FIPS) && FIPS_VERSION_GE(5,0))) @@ -24689,7 +25219,7 @@ int wolfSSL_FIPS_drbg_set_callbacks(WOLFSSL_DRBG_CTX* ctx, size_t entropy_blocklen, drbg_nonce_get none_get, drbg_nonce_clean nonce_clean) { - int ret = WOLFSSL_FAILURE; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); if (ctx != NULL) { ctx->entropy_get = entropy_get; ctx->entropy_clean = entropy_clean; @@ -24710,7 +25240,7 @@ void wolfSSL_FIPS_rand_add(const void* buf, int num, double entropy) int wolfSSL_FIPS_drbg_reseed(WOLFSSL_DRBG_CTX* ctx, const unsigned char* adin, size_t adinlen) { - int ret = WOLFSSL_FAILURE; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); if (ctx != NULL && ctx->rng != NULL) { #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \ (defined(HAVE_FIPS) && FIPS_VERSION_GE(2,0))) @@ -24729,7 +25259,7 @@ int wolfSSL_FIPS_drbg_generate(WOLFSSL_DRBG_CTX* ctx, unsigned char* out, size_t outlen, int prediction_resistance, const unsigned char* adin, size_t adinlen) { - int ret = WOLFSSL_FAILURE; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); if (ctx != NULL && ctx->rng != NULL) { ret = wc_RNG_GenerateBlock(ctx->rng, out, (word32)outlen); if (ret == 0) { diff --git a/src/src/ssl_asn1.c b/src/src/ssl_asn1.c index b93d8d5..95f9cca 100644 --- a/src/src/ssl_asn1.c +++ b/src/src/ssl_asn1.c @@ -1,6 +1,6 @@ /* ssl_asn1.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -46,212 +46,197 @@ #ifdef OPENSSL_ALL -/* Create an ASN1 item of the specified type. - * - * @param [out] item Pointer to location to place new ASN1 item. - * @param [in] type Type of ASN1 item to create. - * @return 0 on success. - * @return 1 when item type not supported. - * @return 1 when item type allocation fails. - */ -static int wolfssl_asn1_item_new(void** item, int type) +/* Provides access to the member of the obj offset by offset */ +#define asn1Mem(obj, offset) (*(void**)(((byte*)(obj)) + (offset))) +#define asn1Type(obj, offset) (*(int*)(((byte*)(obj)) + (offset))) + +static void* asn1_new_tpl(const WOLFSSL_ASN1_TEMPLATE *mem) { - int err = 0; + if (mem->sequence) + return wolfSSL_sk_new_null(); + else + return mem->new_func(); +} - switch (type) { - case WOLFSSL_X509_ALGOR_ASN1: - *(WOLFSSL_X509_ALGOR**)item = wolfSSL_X509_ALGOR_new(); +static void* asn1_item_alloc(const WOLFSSL_ASN1_ITEM* item) +{ + void* ret = NULL; + + /* allocation */ + switch (item->type) { + case WOLFSSL_ASN1_SEQUENCE: + case WOLFSSL_ASN1_CHOICE: + ret = (void *)XMALLOC(item->size, NULL, DYNAMIC_TYPE_OPENSSL); + if (ret != NULL) + XMEMSET(ret, 0, item->size); break; - case WOLFSSL_ASN1_BIT_STRING_ASN1: - *(WOLFSSL_ASN1_BIT_STRING**)item = wolfSSL_ASN1_BIT_STRING_new(); + case WOLFSSL_ASN1_OBJECT_TYPE: + if (item->mcount != 1 || item->members->offset) { + WOLFSSL_MSG("incorrect member count or offset"); + return NULL; + } + ret = asn1_new_tpl(item->members); break; - case WOLFSSL_ASN1_INTEGER_ASN1: - *(WOLFSSL_ASN1_INTEGER**)item = wolfSSL_ASN1_INTEGER_new(); - break; default: - WOLFSSL_MSG("Type not supported in wolfSSL_ASN1_item_new"); - *(void**)item = NULL; + WOLFSSL_MSG("ASN1 type not implemented"); + return NULL; } - /* Check whether an item was put in. */ - if (*(void**)item == NULL) { - err = 1; + + return ret; +} + +static int asn1_item_init(void* obj, const WOLFSSL_ASN1_ITEM* item) +{ + const WOLFSSL_ASN1_TEMPLATE *mem = NULL; + size_t i; + int ret = 0; + + switch (item->type) { + case WOLFSSL_ASN1_SEQUENCE: + for (mem = item->members, i = 0; i < item->mcount; mem++, i++) { + asn1Mem(obj, mem->offset) = asn1_new_tpl(mem); + if (asn1Mem(obj, mem->offset) == NULL) { + ret = WOLFSSL_FATAL_ERROR; + break; + } + } + break; + case WOLFSSL_ASN1_OBJECT_TYPE: + /* Initialized by new_func. Nothing to do. */ + break; + case WOLFSSL_ASN1_CHOICE: + asn1Type(obj, item->toffset) = -1; + /* We don't know what to initialize. Nothing to do. */ + break; + default: + WOLFSSL_MSG("ASN1 type not implemented"); + ret = WOLFSSL_FATAL_ERROR; + break; } - return err; + return ret; } /* Create a new ASN1 item based on a template. * - * @param [in] tpl Template of ASN1 items. + * @param [in] item Info about ASN1 items. * @return A new ASN1 item on success. - * @return NULL when tpl is NULL, dynamic memory allocation fails or ASN1 + * @return NULL when item is NULL, dynamic memory allocation fails or ASN1 * item type not supported. */ -void* wolfSSL_ASN1_item_new(const WOLFSSL_ASN1_ITEM* tpl) +void* wolfSSL_ASN1_item_new(const WOLFSSL_ASN1_ITEM* item) { - int err = 0; void* ret = NULL; - const WOLFSSL_ASN1_TEMPLATE *mem = NULL; - size_t i; WOLFSSL_ENTER("wolfSSL_ASN1_item_new"); - if (tpl != NULL) { - ret = (void *)XMALLOC(tpl->size, NULL, DYNAMIC_TYPE_OPENSSL); - } + if (item == NULL) + return NULL; - if (ret != NULL) { - XMEMSET(ret, 0, tpl->size); - for (mem = tpl->members, i = 0; i < tpl->mcount; mem++, i++) { - if ((err = wolfssl_asn1_item_new( - (void**)(((byte*)ret) + mem->offset), mem->type))) { - break; - } - } - } + /* allocation */ + ret = asn1_item_alloc(item); + if (ret == NULL) + return NULL; - if (err) { - wolfSSL_ASN1_item_free(ret, tpl); + /* initialization */ + if (asn1_item_init(ret, item) != 0) { + wolfSSL_ASN1_item_free(ret, item); ret = NULL; } + return ret; } -/* Dispose of an ASN1 item of the specified type. - * - * @param [in, out] item Pointer to an anonymized ASN1 item to free. - * @param [in] type Type of ASN1 item to free. - */ -static void wolfssl_asn1_item_free(void** item, int type) +static void asn1_free_tpl(void *obj, const WOLFSSL_ASN1_TEMPLATE *mem) { - switch (type) { - case WOLFSSL_X509_ALGOR_ASN1: - wolfSSL_X509_ALGOR_free(*(WOLFSSL_X509_ALGOR**)item); - break; - case WOLFSSL_ASN1_BIT_STRING_ASN1: - wolfSSL_ASN1_BIT_STRING_free(*(WOLFSSL_ASN1_BIT_STRING**)item); - break; - case WOLFSSL_ASN1_INTEGER_ASN1: - wolfSSL_ASN1_INTEGER_free(*(WOLFSSL_ASN1_INTEGER**)item); - break; - default: - WOLFSSL_MSG("Type not supported in wolfSSL_ASN1_item_free"); + if (obj != NULL) { + if (mem->sequence) + wolfSSL_sk_pop_free((WOLFSSL_STACK *)obj, mem->free_func); + else + mem->free_func(obj); } } /* Dispose of ASN1 item based on a template. * * @param [in, out] val ASN item to free. - * @param [in, tpl Template of ASN1 items. + * @param [in, item Info about ASN1 items. */ -void wolfSSL_ASN1_item_free(void *items, const WOLFSSL_ASN1_ITEM *tpl) +void wolfSSL_ASN1_item_free(void *obj, const WOLFSSL_ASN1_ITEM *item) { const WOLFSSL_ASN1_TEMPLATE *mem = NULL; size_t i; WOLFSSL_ENTER("wolfSSL_ASN1_item_free"); - if (items != NULL) { - for (mem = tpl->members, i = 0; i < tpl->mcount; mem++, i++) { - wolfssl_asn1_item_free((void**)(((byte*)items) + mem->offset), - mem->type); + if (obj != NULL) { + switch (item->type) { + case WOLFSSL_ASN1_SEQUENCE: + for (mem = item->members, i = 0; i < item->mcount; mem++, i++) + asn1_free_tpl(asn1Mem(obj, mem->offset), mem); + XFREE(obj, NULL, DYNAMIC_TYPE_OPENSSL); + break; + case WOLFSSL_ASN1_CHOICE: + if (asn1Type(obj, item->toffset) < 0) + break; /* type not set */ + for (mem = item->members, i = 0; i < item->mcount; mem++, i++) { + if (asn1Type(obj, item->toffset) == mem->tag) { + asn1_free_tpl(asn1Mem(obj, mem->offset), mem); + break; + } + } + XFREE(obj, NULL, DYNAMIC_TYPE_OPENSSL); + break; + case WOLFSSL_ASN1_OBJECT_TYPE: + asn1_free_tpl(obj, item->members); + break; + default: + WOLFSSL_MSG("ASN1 type not implemented"); + break; } } - XFREE(items, NULL, DYNAMIC_TYPE_OPENSSL); -} - -/* Offset buf if not NULL or NULL. */ -#define bufLenOrNull(buf, len) (((buf) != NULL) ? ((buf) + (len)) : NULL) - -/* Encode X509 algorithm as DER. - * - * @param [in] algor X509 algorithm object. - * @param [in, out] buf Buffer to encode into. May be NULL. - * @return Length of DER encoding on success. - * @return 0 on failure. - */ -static int wolfSSL_i2d_X509_ALGOR(const WOLFSSL_X509_ALGOR* algor, byte* buf) -{ - int ret; - word32 oid = 0; - word32 idx = 0; - - if (algor->algorithm == 0) { - WOLFSSL_MSG("X509_ALGOR algorithm not set"); - ret = 0; - } - else if (GetObjectId(algor->algorithm->obj, &idx, &oid, - (word32)algor->algorithm->grp, algor->algorithm->objSz) < 0) { - WOLFSSL_MSG("Issue getting OID of object"); - ret = 0; - } - else { - ret = (int)SetAlgoID((int)oid, buf, algor->algorithm->grp, 0); - } - - return ret; } -/* Encode ASN.1 BIT_STRING as DER. - * - * @param [in] bit_str BIT_STRING object. - * @param [in, out] buf Buffer to encode into. May be NULL. - * @return Length of DER encoding on success. - */ -static int wolfSSL_i2d_ASN1_BIT_STRING(const WOLFSSL_ASN1_BIT_STRING* bit_str, - byte* buf) +static int i2d_asn1_items(const void* obj, byte** buf, + const WOLFSSL_ASN1_TEMPLATE* mem) { - int len; - - len = (int)SetBitString((word32)bit_str->length, 0, buf); - if ((buf != NULL) && (bit_str->data != NULL)) { - XMEMCPY(buf + len, bit_str->data, (size_t)bit_str->length); - } - - return len + bit_str->length; -} - -/* Encode ASN item as DER. - * - * @param [in] item Pointer to anonymized ASN item. - * @param [in, out] buf Buffer to encode into. May be NULL. - * @return Length of DER encoding on success. - * @return 0 on failure. - */ -static int wolfssl_i2d_asn1_item(void** item, int type, byte* buf) -{ - int len; - - switch (type) { - case WOLFSSL_X509_ALGOR_ASN1: - len = wolfSSL_i2d_X509_ALGOR(*(const WOLFSSL_X509_ALGOR**)item, - buf); - break; - case WOLFSSL_ASN1_BIT_STRING_ASN1: - len = wolfSSL_i2d_ASN1_BIT_STRING( - *(const WOLFSSL_ASN1_BIT_STRING**)item, buf); - break; - case WOLFSSL_ASN1_INTEGER_ASN1: - { - byte *tmp_buf = buf; - len = wolfSSL_i2d_ASN1_INTEGER( - *(const WOLFSSL_ASN1_INTEGER**)item, &tmp_buf); - if ((buf == NULL) && (tmp_buf != NULL)) { - XFREE(tmp_buf, NULL, DYNAMIC_TYPE_ASN1); - tmp_buf = NULL; + int len = 0; + int ret = 0; + if (mem->sequence) { + const WOLFSSL_STACK* sk = (WOLFSSL_STACK *)asn1Mem(obj, mem->offset); + int ski; /* stack index */ + int innerLen = 0; + /* Figure out the inner length first */ + for (ski = 0; ski < wolfSSL_sk_num(sk); ski++) { + ret = mem->i2d_func(wolfSSL_sk_value(sk, ski), NULL); + if (ret <= 0) + break; + innerLen += ret; + } + if (ret <= 0) + return 0; + if (buf != NULL && *buf != NULL) { + /* Now write it out */ + int writeLen = 0; + *buf += SetSequence((word32)innerLen, *buf); + for (ski = 0; ski < wolfSSL_sk_num(sk); ski++) { + ret = mem->i2d_func(wolfSSL_sk_value(sk, ski), buf); + if (ret <= 0) + break; + writeLen += ret; } + if (ret <= 0 || writeLen != innerLen) + return 0; } - break; - default: - WOLFSSL_MSG("Type not support in processMembers"); - len = 0; + len = (int)SetSequence((word32)innerLen, NULL) + innerLen; } - - if (len < 0) { - len = 0; /* wolfSSL_i2d_ASN1_INTEGER can return a value less than 0 - * on error */ + else { + ret = mem->i2d_func(asn1Mem(obj, mem->offset), + buf != NULL && *buf != NULL ? buf : NULL); + if (ret <= 0) + return 0; + len = ret; } - return len; } @@ -264,7 +249,7 @@ static int wolfssl_i2d_asn1_item(void** item, int type, byte* buf) * @return Length of DER encoding on success. * @return 0 on failure. */ -static int wolfssl_i2d_asn1_items(const void* src, byte*buf, +static int wolfssl_i2d_asn1_items(const void* obj, byte* buf, const WOLFSSL_ASN1_TEMPLATE* members, size_t mcount) { const WOLFSSL_ASN1_TEMPLATE* mem = NULL; @@ -275,12 +260,34 @@ static int wolfssl_i2d_asn1_items(const void* src, byte*buf, WOLFSSL_ENTER("wolfssl_i2d_asn1_items"); for (mem = members, i = 0; i < mcount; mem++, i++) { - ret = wolfssl_i2d_asn1_item((void**)(((byte*)src) + mem->offset), - mem->type, bufLenOrNull(buf, len)); - if (ret == 0) { + byte* tmp = buf; + if (mem->ex && mem->tag >= 0) { + /* Figure out the inner length */ + int innerLen = 0; + int hdrLen = 0; + ret = i2d_asn1_items(obj, NULL, mem); + if (ret <= 0) { + len = 0; + break; + } + innerLen = ret; + hdrLen = SetExplicit((byte)mem->tag, (word32)innerLen, buf, 0); + len += hdrLen; + if (buf != NULL) + buf += hdrLen; + } + + ret = i2d_asn1_items(obj, &buf, mem); + if (ret <= 0) { len = 0; break; } + if (buf != NULL && tmp != NULL && !mem->ex && mem->tag >= 0) { + /* Encode the implicit tag */ + byte imp[ASN_TAG_SZ + MAX_LENGTH_SZ]; + SetImplicit(tmp[0], mem->tag, 0, imp, 0); + tmp[0] = imp[0]; + } len += ret; } @@ -297,25 +304,55 @@ static int wolfssl_i2d_asn1_items(const void* src, byte*buf, * @return Length of DER encoding on success. * @return 0 on failure. */ -static int i2d_ASN_SEQUENCE(const void* src, byte* buf, - const WOLFSSL_ASN1_ITEM* tpl) +static int i2d_ASN_SEQUENCE(const void* obj, byte* buf, + const WOLFSSL_ASN1_ITEM* item) { word32 seq_len; word32 len = 0; - seq_len = (word32)wolfssl_i2d_asn1_items(src, NULL, tpl->members, - tpl->mcount); + seq_len = (word32)wolfssl_i2d_asn1_items(obj, NULL, item->members, + item->mcount); if (seq_len != 0) { len = SetSequence(seq_len, buf); if (buf != NULL) { - wolfssl_i2d_asn1_items(src, buf + len, tpl->members, tpl->mcount); + if (wolfssl_i2d_asn1_items(obj, buf + len, item->members, + item->mcount) > 0) + len += seq_len; /* success */ + else + len = 0; /* error */ } - len += seq_len; + else + len += seq_len; } return (int)len; } +static int i2d_ASN_CHOICE(const void* obj, byte* buf, + const WOLFSSL_ASN1_ITEM* item) +{ + const WOLFSSL_ASN1_TEMPLATE* mem = NULL; + size_t i; + + if (asn1Type(obj, item->toffset) < 0) + return 0; /* type not set */ + for (mem = item->members, i = 0; i < item->mcount; mem++, i++) { + if (asn1Type(obj, item->toffset) == mem->tag) { + return wolfssl_i2d_asn1_items(obj, buf, mem, 1); + } + } + return 0; +} + +static int i2d_ASN_OBJECT_TYPE(const void* obj, byte* buf, + const WOLFSSL_ASN1_ITEM* item) +{ + /* To be able to use wolfssl_i2d_asn1_items without any modifications, + * pass in a pointer to obj so that asn1Mem uses the correct pointer. */ + const void ** obj_pp = &obj; + return wolfssl_i2d_asn1_items(obj_pp, buf, item->members, item->mcount); +} + /* Encode ASN1 template item. * * @param [in] src ASN1 items to encode. @@ -324,14 +361,20 @@ static int i2d_ASN_SEQUENCE(const void* src, byte* buf, * @return Length of DER encoding on success. * @return 0 on failure. */ -static int wolfssl_asn1_item_encode(const void* src, byte* buf, - const WOLFSSL_ASN1_ITEM* tpl) +static int wolfssl_asn1_item_encode(const void* obj, byte* buf, + const WOLFSSL_ASN1_ITEM* item) { int len; - switch (tpl->type) { - case ASN_SEQUENCE: - len = i2d_ASN_SEQUENCE(src, buf, tpl); + switch (item->type) { + case WOLFSSL_ASN1_SEQUENCE: + len = i2d_ASN_SEQUENCE(obj, buf, item); + break; + case WOLFSSL_ASN1_OBJECT_TYPE: + len = i2d_ASN_OBJECT_TYPE(obj, buf, item); + break; + case WOLFSSL_ASN1_CHOICE: + len = i2d_ASN_CHOICE(obj, buf, item); break; default: WOLFSSL_MSG("Type not supported in wolfSSL_ASN1_item_i2d"); @@ -347,10 +390,10 @@ static int wolfssl_asn1_item_encode(const void* src, byte* buf, * @param [in, out] dest Pointer to buffer to encode into. May be NULL. * @param [in] tpl Template of ASN1 items. * @return Length of DER encoding on success. - * @return 0 on failure. + * @return WOLFSSL_FATAL_ERROR on failure. */ -int wolfSSL_ASN1_item_i2d(const void* src, byte** dest, - const WOLFSSL_ASN1_ITEM* tpl) +int wolfSSL_ASN1_item_i2d(const void* obj, byte** dest, + const WOLFSSL_ASN1_ITEM* item) { int ret = 1; int len = 0; @@ -359,35 +402,320 @@ int wolfSSL_ASN1_item_i2d(const void* src, byte** dest, WOLFSSL_ENTER("wolfSSL_ASN1_item_i2d"); /* Validate parameters. */ - if ((src == NULL) || (tpl == NULL)) { + if ((obj == NULL) || (item == NULL)) { ret = 0; } - if ((ret == 1) && ((len = wolfssl_asn1_item_encode(src, NULL, tpl)) == 0)) { + if ((ret == 1) && ((len = wolfssl_asn1_item_encode(obj, NULL, item)) == 0)) ret = 0; - } if ((ret == 1) && (dest != NULL)) { if (*dest == NULL) { buf = (byte*)XMALLOC((size_t)len, NULL, DYNAMIC_TYPE_ASN1); if (buf == NULL) ret = 0; - *dest = buf; + } + else + buf = *dest; + + if (ret == 1) { + len = wolfssl_asn1_item_encode(obj, buf, item); + if (len <= 0) + ret = 0; } if (ret == 1) { - len = wolfssl_asn1_item_encode(src, *dest, tpl); + if (*dest == NULL) + *dest = buf; + else + *dest += len; } } if (ret == 0) { - XFREE(buf, NULL, DYNAMIC_TYPE_ASN1); - len = 0; + if (*dest == NULL) + XFREE(buf, NULL, DYNAMIC_TYPE_ASN1); + len = WOLFSSL_FATAL_ERROR; } WOLFSSL_LEAVE("wolfSSL_ASN1_item_i2d", len); return len; } +static void* d2i_obj(const WOLFSSL_ASN1_TEMPLATE* mem, const byte** src, + long* len) +{ + void* ret; + const byte* tmp = *src; + ret = mem->d2i_func(NULL, &tmp, *len); + if (ret == NULL) { + WOLFSSL_MSG("d2i error"); + return NULL; + } + if (tmp <= *src) { + WOLFSSL_MSG("ptr not advanced"); + mem->free_func(ret); /* never a stack so we can call this directly */ + return NULL; + } + *len -= (tmp - *src); + *src = tmp; + return ret; +} + +static void* d2i_generic_obj(const WOLFSSL_ASN1_TEMPLATE* mem, const byte** src, + long* len) +{ + void* ret = NULL; + if (mem->sequence) { + long skl = 0; + int slen = 0; + WOLFSSL_STACK* sk = NULL; + word32 idx = 0; + const byte* tmp = *src; + if (GetSequence(tmp, &idx, &slen, (word32)*len) < 0) + goto error; + skl = (long)slen; + tmp += idx; + ret = sk = wolfSSL_sk_new_null(); + while (skl > 0) { + void* new_obj = d2i_obj(mem, &tmp, &skl); + if (new_obj == NULL) { + WOLFSSL_MSG("d2i_obj failed"); + goto error; + } + if (wolfSSL_sk_insert(sk, new_obj, -1) <= 0) { + mem->free_func(new_obj); + WOLFSSL_MSG("push failed"); + goto error; + } + } + if (skl != 0) { + WOLFSSL_MSG("l not zero after sequence"); + goto error; + } + *len -= (long)slen; + *src = tmp; + } + else { + ret = d2i_obj(mem, src, len); + } + return ret; +error: + asn1_free_tpl(ret, mem); + return NULL; +} + +static int d2i_handle_tags(const WOLFSSL_ASN1_TEMPLATE* mem, const byte** src, + long* len, byte** impBuf, int* asnLen) +{ + if (mem->tag >= 0) { + byte tag = 0; + word32 idx = 0; + if (mem->ex) { + if (GetASNTag(*src, &idx, &tag, (word32)*len) < 0 || + (byte)(ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | mem->tag) + != tag || + GetLength(*src, &idx, asnLen, (word32)*len) < 0) { + WOLFSSL_MSG("asn tag error"); + return WOLFSSL_FATAL_ERROR; + } + *len -= idx; + *src += idx; + } + else { + /* Underlying d2i functions won't be able to handle the implicit + * tag so we substitute it for the expected tag. */ + if (mem->first_byte == 0) { + WOLFSSL_MSG("first byte not set"); + return WOLFSSL_FATAL_ERROR; + } + if (GetASNTag(*src, &idx, &tag, (word32)*len) < 0 || + (byte)mem->tag != (tag & ASN_TYPE_MASK) || + GetLength(*src, &idx, asnLen, (word32)*len) < 0) { + WOLFSSL_MSG("asn tag error"); + return WOLFSSL_FATAL_ERROR; + } + *asnLen += idx; /* total buffer length */ + *impBuf = (byte*)XMALLOC(*asnLen, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (*impBuf == NULL) { + WOLFSSL_MSG("malloc error"); + return WOLFSSL_FATAL_ERROR; + } + XMEMCPY(*impBuf, *src, *asnLen); + (*impBuf)[0] = mem->first_byte; + } + } + return 0; +} + +static void* d2i_generic(const WOLFSSL_ASN1_TEMPLATE* mem, + const byte** src, long* len) +{ + int asnLen = -1; + const byte *tmp = NULL; + void* ret = NULL; + byte* impBuf = NULL; + long l; + + if (*len <= 0) { + WOLFSSL_MSG("buffer too short"); + return NULL; + } + + if (d2i_handle_tags(mem, src, len, &impBuf, &asnLen) != 0) { + WOLFSSL_MSG("tags error"); + goto error; + } + + if (impBuf != NULL) + tmp = impBuf; + else + tmp = *src; + l = (long)(asnLen >= 0 ? asnLen : *len); + ret = d2i_generic_obj(mem, &tmp, &l); + if (l < 0) { + WOLFSSL_MSG("ptr advanced too far"); + goto error; + } + if (impBuf != NULL) { + tmp = *src + (tmp - impBuf); /* for the next calculation */ + XFREE(impBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + impBuf = NULL; + } + if (asnLen >= 0 && (int)(tmp - *src) != asnLen) { + WOLFSSL_MSG("ptr not advanced enough"); + goto error; + } + *len -= tmp - *src; + *src = tmp; + return ret; +error: + asn1_free_tpl(ret, mem); + if (impBuf != NULL) + XFREE(impBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return NULL; +} + +static int d2i_ASN_SEQUENCE(void* obj, const byte **src, long len, + const WOLFSSL_ASN1_ITEM* item) +{ + const WOLFSSL_ASN1_TEMPLATE* mem = NULL; + int err; + word32 idx = 0; + int slen = 0; + size_t i; + const byte* s = *src; + + err = GetSequence(s, &idx, &slen, (word32)len); + if (err <= 0) { + WOLFSSL_MSG("GetSequence error"); + return WOLFSSL_FATAL_ERROR; + } + s += idx; + len -= idx; + + for (mem = item->members, i = 0; i < item->mcount; mem++, i++) { + asn1Mem(obj, mem->offset) = d2i_generic(mem, &s, &len); + if (asn1Mem(obj, mem->offset) == NULL) { + WOLFSSL_MSG("d2i error"); + return WOLFSSL_FATAL_ERROR; + } + } + *src = s; + return 0; +} + +static int d2i_ASN_CHOICE(void* obj, const byte **src, long len, + const WOLFSSL_ASN1_ITEM* item) +{ + const WOLFSSL_ASN1_TEMPLATE* mem = NULL; + size_t i; + + for (mem = item->members, i = 0; i < item->mcount; mem++, i++) { + asn1Mem(obj, mem->offset) = d2i_generic(mem, src, &len); + if (asn1Mem(obj, mem->offset) != NULL) { + asn1Type(obj, item->toffset) = mem->tag; + return 0; + } + } + WOLFSSL_MSG("der does not decode with any CHOICE"); + return WOLFSSL_FATAL_ERROR; +} + +static void* d2i_ASN_OBJECT_TYPE(const byte **src, long len, + const WOLFSSL_ASN1_ITEM* item) +{ + return d2i_generic(item->members, src, &len); +} + +void* wolfSSL_ASN1_item_d2i(void** dst, const byte **src, long len, + const WOLFSSL_ASN1_ITEM* item) +{ + void* obj = NULL; + int err = 0; + const byte *tmp; + + WOLFSSL_ENTER("wolfSSL_ASN1_item_d2i"); + + if (src == NULL || *src == NULL || len <= 0 || item == NULL) { + WOLFSSL_LEAVE("wolfSSL_ASN1_item_d2i", 0); + return NULL; + } + + tmp = *src; + + /* Create an empty object. */ + + switch (item->type) { + case WOLFSSL_ASN1_SEQUENCE: + case WOLFSSL_ASN1_CHOICE: + obj = asn1_item_alloc(item); + if (obj == NULL) + return NULL; + break; + case WOLFSSL_ASN1_OBJECT_TYPE: + /* allocated later */ + break; + default: + WOLFSSL_MSG("Type not supported in wolfSSL_ASN1_item_d2i"); + return NULL; + } + + switch (item->type) { + case WOLFSSL_ASN1_SEQUENCE: + err = d2i_ASN_SEQUENCE(obj, &tmp, len, item); + break; + case WOLFSSL_ASN1_CHOICE: + err = d2i_ASN_CHOICE(obj, &tmp, len, item); + break; + case WOLFSSL_ASN1_OBJECT_TYPE: + obj = d2i_ASN_OBJECT_TYPE(&tmp, len, item); + if (obj == NULL) + err = WOLFSSL_FATAL_ERROR; + break; + default: + WOLFSSL_MSG("Type not supported in wolfSSL_ASN1_item_d2i"); + err = WOLFSSL_FATAL_ERROR; + break; + } + + if (err == 0) + *src = tmp; + else { + wolfSSL_ASN1_item_free(obj, item); + obj = NULL; + } + + if (dst != NULL && obj != NULL) { + if (*dst != NULL) + wolfSSL_ASN1_item_free(*dst, item); + *dst = obj; + } + + WOLFSSL_LEAVE("wolfSSL_ASN1_item_d2i", obj != NULL); + return obj; +} + #endif /* OPENSSL_ALL */ #endif /* OPENSSL_EXTRA */ @@ -453,9 +781,6 @@ int wolfSSL_ASN1_BIT_STRING_get_bit(const WOLFSSL_ASN1_BIT_STRING* bitStr, return bit; } -#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ - -#if defined(OPENSSL_ALL) && !defined(NO_CERTS) /* Grow data to require length. * @@ -478,7 +803,8 @@ static int wolfssl_asn1_bit_string_grow(WOLFSSL_ASN1_BIT_STRING* bitStr, } else { /* Clear out new, top bytes. */ - XMEMSET(tmp + bitStr->length, 0, (size_t)(len - bitStr->length)); + if (len > bitStr->length) + XMEMSET(tmp + bitStr->length, 0, (size_t)(len - bitStr->length)); bitStr->data = tmp; bitStr->length = len; } @@ -527,7 +853,99 @@ int wolfSSL_ASN1_BIT_STRING_set_bit(WOLFSSL_ASN1_BIT_STRING* bitStr, int idx, return ret; } -#endif /* OPENSSL_ALL && !NO_CERTS */ +/* Serialize object to DER encoding + * + * @param bstr Object to serialize + * @param pp Output + * @return Length on success + * Negative number on failure + */ +int wolfSSL_i2d_ASN1_BIT_STRING(const WOLFSSL_ASN1_BIT_STRING* bstr, + unsigned char** pp) +{ + int len; + unsigned char* buf; + + if (bstr == NULL || (bstr->data == NULL && bstr->length != 0)) + return WOLFSSL_FATAL_ERROR; + + len = (int)SetBitString((word32)bstr->length, 0, NULL) + bstr->length; + if (pp != NULL) { + word32 idx; + + if (*pp != NULL) + buf = *pp; + else { + buf = (byte*)XMALLOC((size_t)len, NULL, DYNAMIC_TYPE_ASN1); + if (buf == NULL) + return WOLFSSL_FATAL_ERROR; + } + + idx = SetBitString((word32)bstr->length, 0, buf); + if (bstr->length > 0) + XMEMCPY(buf + idx, bstr->data, (size_t)bstr->length); + + if (*pp != NULL) + *pp += len; + else + *pp = buf; + } + + return len; +} + +WOLFSSL_ASN1_BIT_STRING* wolfSSL_d2i_ASN1_BIT_STRING( + WOLFSSL_ASN1_BIT_STRING** out, const byte** src, long len) +{ + WOLFSSL_ASN1_BIT_STRING* ret = NULL; +#ifdef WOLFSSL_ASN_TEMPLATE + word32 idx = 0; + byte tag = 0; + int length = 0; + + WOLFSSL_ENTER("wolfSSL_d2i_ASN1_BIT_STRING"); + + if (src == NULL || *src == NULL || len == 0) + return NULL; + + if (GetASNTag(*src, &idx, &tag, (word32)len) < 0) + return NULL; + if (tag != ASN_BIT_STRING) + return NULL; + if (GetLength(*src, &idx, &length, (word32)len) < 0) + return NULL; + if (GetASN_BitString(*src, idx, length) != 0) + return NULL; + idx++; /* step over unused bits */ + length--; + + ret = wolfSSL_ASN1_BIT_STRING_new(); + if (ret == NULL) + return NULL; + + if (wolfssl_asn1_bit_string_grow(ret, length) != 1) { + wolfSSL_ASN1_BIT_STRING_free(ret); + return NULL; + } + + XMEMCPY(ret->data, *src + idx, length); + *src += idx + (word32)length; + + if (out != NULL) { + if (*out != NULL) + wolfSSL_ASN1_BIT_STRING_free(*out); + *out = ret; + } +#else + WOLFSSL_MSG("d2i_ASN1_BIT_STRING needs --enable-asn=template"); + (void)out; + (void)src; + (void)len; +#endif + return ret; +} + +#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ /******************************************************************************* * ASN1_INTEGER APIs @@ -706,7 +1124,7 @@ WOLFSSL_ASN1_INTEGER* wolfSSL_ASN1_INTEGER_dup(const WOLFSSL_ASN1_INTEGER* src) * @return Negative value when a is less than b. * @return 0 when a equals b. * @return Positive value when a is greater than b. - * @return -1 when a or b is NULL. + * @return WOLFSSL_FATAL_ERROR when a or b is NULL. */ int wolfSSL_ASN1_INTEGER_cmp(const WOLFSSL_ASN1_INTEGER* a, const WOLFSSL_ASN1_INTEGER* b) @@ -718,11 +1136,11 @@ int wolfSSL_ASN1_INTEGER_cmp(const WOLFSSL_ASN1_INTEGER* a, /* Validate parameters. */ if ((a == NULL) || (b == NULL)) { WOLFSSL_MSG("Bad parameter."); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } /* Negative value < Positive value */ else if (a->negative && !b->negative) { - ret = -1; + ret = -2; /* avoid collision with WOLFSSL_FATAL_ERROR */ } /* Positive value > Negative value */ else if (!a->negative && b->negative) { @@ -772,7 +1190,7 @@ static void wolfssl_twos_compl(byte* data, int length) /* Calculate 2's complement of DER encoding. * - * @param [in] data Array that is number. + * @param [in|out] data Array that is number. * @param [in] length Number of bytes in array. * @param [out] neg When NULL, 2's complement data. * When not NULL, check for negative first and return. @@ -787,7 +1205,7 @@ static int wolfssl_asn1_int_twos_compl(byte* data, int length, byte* neg) /* Get length from DER header. */ if (GetLength(data, &idx, &len, (word32)length) < 0) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } else { if (neg != NULL) { @@ -811,60 +1229,48 @@ static int wolfssl_asn1_int_twos_compl(byte* data, int length, byte* neg) * @return -1 when a is NULL or no data, out is NULL, dynamic memory allocation * fails or encoding length fails. */ -int wolfSSL_i2d_ASN1_INTEGER(const WOLFSSL_ASN1_INTEGER* a, unsigned char** out) +int wolfSSL_i2d_ASN1_INTEGER(const WOLFSSL_ASN1_INTEGER* a, unsigned char** pp) { - int ret = 0; - byte* buf = NULL; - WOLFSSL_ENTER("wolfSSL_i2d_ASN1_INTEGER"); /* Validate parameters. */ - if ((a == NULL) || (a->data == NULL) || (a->length <= 0) || (out == NULL)) { + if (a == NULL || a->data == NULL || a->length <= 0) { WOLFSSL_MSG("Bad parameter."); - ret = -1; + return WOLFSSL_FATAL_ERROR; } - if ((ret == 0) && (*out == NULL)) { - /* Allocate buffer to hold encoding. */ - buf = (unsigned char*)XMALLOC((size_t)a->length, NULL, - DYNAMIC_TYPE_ASN1); - if (buf == NULL) { - WOLFSSL_MSG("Failed to allocate output buffer."); - ret = -1; + if (pp != NULL) { + byte* buf; + + if (*pp != NULL) + buf = *pp; + else { + buf = (byte*)XMALLOC((size_t)a->length, NULL, DYNAMIC_TYPE_ASN1); + if (buf == NULL) + return WOLFSSL_FATAL_ERROR; } - /* Return any allocated buffer. */ - *out = buf; - } - if (ret == 0) { + /* Copy the data (including tag and length) into output buffer. */ - XMEMCPY(*out, a->data, (size_t)a->length); + XMEMCPY(buf, a->data, (size_t)a->length); /* Only magnitude of the number stored (i.e. the sign isn't encoded). * The "negative" field is 1 if the value must be interpreted as * negative and we need to output the 2's complement of the value in * the DER output. */ - if (a->negative) { - ret = wolfssl_asn1_int_twos_compl(*out, a->length, NULL); - } - } - if (ret == 0) { - ret = a->length; - /* Move pointer on passed encoding when buffer passed in. */ - if (buf == NULL) { - *out += a->length; + if (a->negative && + wolfssl_asn1_int_twos_compl(buf, a->length, NULL) != 0) { + if (*pp == NULL) + XFREE(buf, NULL, DYNAMIC_TYPE_ASN1); + return WOLFSSL_FATAL_ERROR; } - } - /* Dispose of any dynamically allocated data on error. */ - else if (buf != NULL) { - /* Dispose of buffer allocated locally on error. */ - XFREE(buf, NULL, DYNAMIC_TYPE_ASN1); - /* Don't return freed buffer. */ - *out = NULL; - } - WOLFSSL_LEAVE("wolfSSL_i2d_ASN1_INTEGER", ret); + if (*pp != NULL) + *pp += a->length; + else + *pp = buf; + } - return ret; + return a->length; } /* Decode DER encoding of ASN.1 INTEGER. @@ -1427,7 +1833,7 @@ long wolfSSL_ASN1_INTEGER_get(const WOLFSSL_ASN1_INTEGER* a) /* Create a big number from the DER encoding. */ bn = wolfSSL_ASN1_INTEGER_to_BN(a, NULL); if (bn == NULL) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } if (ret > 0) { @@ -1700,6 +2106,36 @@ int wolfSSL_ASN1_get_object(const unsigned char **in, long *len, int *tag, return ret; } +int wolfssl_asn1_obj_set(WOLFSSL_ASN1_OBJECT* obj, const byte* der, word32 len, + int addHdr) +{ + word32 idx = 0; + + if (obj == NULL || der == NULL || len == 0) + return WOLFSSL_FAILURE; + + if (addHdr) + idx = SetHeader(ASN_OBJECT_ID, (word32)len, NULL, 0); + + if (obj->obj != NULL) { + XFREE((void*)obj->obj, obj->heap, DYNAMIC_TYPE_ASN1); + obj->obj = NULL; + obj->dynamic &= ~WOLFSSL_ASN1_DYNAMIC_DATA; + } + + obj->obj =(unsigned char*)XMALLOC(idx + len, obj->heap, DYNAMIC_TYPE_ASN1); + if (obj->obj == NULL) + return WOLFSSL_FAILURE; + + if (addHdr) + SetHeader(ASN_OBJECT_ID, (word32)len, (byte*)obj->obj, 0); + + XMEMCPY((byte*)obj->obj + idx, der, len); + obj->objSz = (unsigned int)(idx + len); + obj->dynamic |= WOLFSSL_ASN1_DYNAMIC_DATA; + return WOLFSSL_SUCCESS; +} + /* Creates and ASN.1 OBJECT_ID object from DER encoding. * * @param [out] a Pointer to return new ASN.1 OBJECT_ID through. @@ -1714,38 +2150,43 @@ WOLFSSL_ASN1_OBJECT *wolfSSL_d2i_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT **a, const unsigned char **der, long length) { WOLFSSL_ASN1_OBJECT* ret = NULL; - int err = 0; - const unsigned char *d; - long len = 0; - int tag = 0; - int cls; + int len = 0; + word32 idx = 0; WOLFSSL_ENTER("wolfSSL_d2i_ASN1_OBJECT"); /* Validate parameters. */ if ((der == NULL) || (*der == NULL) || (length <= 0)) { WOLFSSL_MSG("Bad parameter"); - err = 1; + return NULL; } - if (!err) { - /* Get pointer to be modified along the way. */ - d = *der; - /* Move d to value and get length and tag. */ - if (wolfSSL_ASN1_get_object(&d, &len, &tag, &cls, length) & 0x80) { - WOLFSSL_MSG("wolfSSL_ASN1_get_object error"); - err = 1; - } + if (GetASNHeader(*der, ASN_OBJECT_ID, &idx, &len, (word32)length) < 0) { + WOLFSSL_MSG("error getting tag"); + return NULL; } - /* Check it DER encoding is of an OBJECT_ID. */ - if ((!err) && (tag != ASN_OBJECT_ID)) { - WOLFSSL_MSG("Not an ASN object"); - err = 1; + + if (len <= 0) { + WOLFSSL_MSG("zero length"); + return NULL; } - /* Create an ASN.1 OBJECT_ID_object from value. TODO: not DER encoding? */ - if ((!err) && ((ret = wolfSSL_c2i_ASN1_OBJECT(a, &d, len)) != NULL)) { - /* Update pointer to after decoded bytes. */ - *der = d; + + ret = wolfSSL_ASN1_OBJECT_new(); + if (ret == NULL) { + WOLFSSL_MSG("wolfSSL_ASN1_OBJECT_new error"); + return NULL; + } + + if (wolfssl_asn1_obj_set(ret, *der, idx + len, 0) != WOLFSSL_SUCCESS) { + wolfSSL_ASN1_OBJECT_free(ret); + return NULL; + } + + *der += idx + len; + if (a != NULL) { + if (*a != NULL) + wolfSSL_ASN1_OBJECT_free(*a); + *a = ret; } return ret; @@ -1821,7 +2262,6 @@ int wolfSSL_i2d_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT *a, unsigned char **pp) WOLFSSL_ASN1_OBJECT *wolfSSL_c2i_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT **a, const unsigned char **pp, long len) { - int err = 0; WOLFSSL_ASN1_OBJECT* ret = NULL; WOLFSSL_ENTER("wolfSSL_c2i_ASN1_OBJECT"); @@ -1829,40 +2269,29 @@ WOLFSSL_ASN1_OBJECT *wolfSSL_c2i_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT **a, /* Validate parameters. */ if ((pp == NULL) || (*pp == NULL) || (len <= 0)) { WOLFSSL_MSG("Bad parameter"); - err = 1; + return NULL; } /* Create a new ASN.1 OBJECT_ID object. */ - if ((!err) && ((ret = wolfSSL_ASN1_OBJECT_new()) == NULL)) { + ret = wolfSSL_ASN1_OBJECT_new(); + if (ret == NULL) { WOLFSSL_MSG("wolfSSL_ASN1_OBJECT_new error"); - err = 1; + return NULL; } - if (!err) { - /* Allocate memory for content octets. */ - ret->obj = (const unsigned char*)XMALLOC((size_t)len, NULL, - DYNAMIC_TYPE_ASN1); - if (ret->obj == NULL) { - WOLFSSL_MSG("error allocating asn data memory"); - wolfSSL_ASN1_OBJECT_free(ret); - ret = NULL; - err = 1; - } + if (wolfssl_asn1_obj_set(ret, *pp, (word32)len, 1) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("wolfssl_asn1_obj_set error"); + wolfSSL_ASN1_OBJECT_free(ret); + return NULL; } - if (!err) { - /* Content octets buffer was dynamically allocated. */ - ret->dynamic |= WOLFSSL_ASN1_DYNAMIC_DATA; - /* Copy in content octets and set size. */ - XMEMCPY((byte*)ret->obj, *pp, (size_t)len); - ret->objSz = (unsigned int)len; - - /* Move pointer to after data copied out. */ - *pp += len; - /* Return ASN.1 OBJECT_ID object through a if required. */ - if (a != NULL) { - *a = ret; - } + /* Move pointer to after data copied out. */ + *pp += len; + /* Return ASN.1 OBJECT_ID object through a if required. */ + if (a != NULL) { + if (*a != NULL) + wolfSSL_ASN1_OBJECT_free(*a); + *a = ret; } return ret; @@ -1992,16 +2421,9 @@ void wolfSSL_sk_ASN1_OBJECT_pop_free(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk, int wolfSSL_sk_ASN1_OBJECT_push(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk, WOLFSSL_ASN1_OBJECT* obj) { - int ret = 0; - WOLFSSL_ENTER("wolfSSL_sk_ASN1_OBJECT_push"); - /* Push on when we have a stack and object to work with. */ - if ((sk != NULL) && (obj != NULL)) { - ret = wolfSSL_sk_push(sk, obj); - } - - return ret; + return wolfSSL_sk_push(sk, obj); } /* Pop off a WOLFSSL_ASN1_OBJECT from the stack. @@ -2163,7 +2585,7 @@ WOLFSSL_ASN1_STRING* wolfSSL_ASN1_STRING_dup(WOLFSSL_ASN1_STRING* asn1) * @return Negative value when a is less than b. * @return 0 when a equals b. * @return Positive value when a is greater than b. - * @return -1 when a or b is NULL. + * @return WOLFSSL_FATAL_ERROR when a or b is NULL. */ int wolfSSL_ASN1_STRING_cmp(const WOLFSSL_ASN1_STRING *a, const WOLFSSL_ASN1_STRING *b) @@ -2173,7 +2595,7 @@ int wolfSSL_ASN1_STRING_cmp(const WOLFSSL_ASN1_STRING *a, /* Validate parameters. */ if ((a == NULL) || (b == NULL)) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } /* Compare length of data. */ else if (a->length != b->length) { @@ -2296,7 +2718,7 @@ int wolfSSL_ASN1_STRING_to_UTF8(unsigned char **out, WOLFSSL_ASN1_STRING *asn1) len = wolfSSL_ASN1_STRING_length(asn1); /* Check data and length are usable. */ if ((data == NULL) || (len < 0)) { - len = -1; + len = WOLFSSL_FATAL_ERROR; } } if (len != -1) { @@ -2304,7 +2726,7 @@ int wolfSSL_ASN1_STRING_to_UTF8(unsigned char **out, WOLFSSL_ASN1_STRING *asn1) buf = (unsigned char*)XMALLOC((size_t)(len + 1), NULL, DYNAMIC_TYPE_OPENSSL); if (buf == NULL) { - len = -1; + len = WOLFSSL_FATAL_ERROR; } } if (len != -1) { @@ -2318,7 +2740,7 @@ int wolfSSL_ASN1_STRING_to_UTF8(unsigned char **out, WOLFSSL_ASN1_STRING *asn1) } #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ -#if defined(OPENSSL_EXTRA) +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) /* Encode ASN.1 STRING data as hex digits separated by colon. * @@ -2397,7 +2819,155 @@ char* wolfSSL_i2s_ASN1_STRING(WOLFSSL_v3_ext_method *method, return ret; } -#endif /* OPENSSL_EXTRA */ + +static int i2d_ASN1_STRING(WOLFSSL_ASN1_STRING* s, + unsigned char **pp, byte tag) +{ + int idx; + int len; + unsigned char* out; + + if (s == NULL || s->data == NULL || s->length == 0) + return WOLFSSL_FATAL_ERROR; + + len = SetHeader(tag, s->length, NULL, 0) + s->length; + + if (pp == NULL) + return len; + + if (*pp == NULL) { + out = (unsigned char*)XMALLOC(len, NULL, DYNAMIC_TYPE_ASN1); + if (out == NULL) + return WOLFSSL_FATAL_ERROR; + } + else { + out = *pp; + } + + idx = (int)SetHeader(tag, s->length, out, 0); + XMEMCPY(out + idx, s->data, s->length); + if (*pp == NULL) + *pp = out; + else + *pp += len; + + return len; +} + +int wolfSSL_i2d_ASN1_GENERALSTRING(WOLFSSL_ASN1_STRING* s, unsigned char **pp) +{ + WOLFSSL_ENTER("wolfSSL_i2d_ASN1_GENERALSTRING"); + + return i2d_ASN1_STRING(s, pp, ASN_GENERALSTRING); +} + +int wolfSSL_i2d_ASN1_OCTET_STRING(WOLFSSL_ASN1_STRING* s, unsigned char **pp) +{ + WOLFSSL_ENTER("wolfSSL_i2d_ASN1_OCTET_STRING"); + + return i2d_ASN1_STRING(s, pp, ASN_OCTET_STRING); +} + +int wolfSSL_i2d_ASN1_UTF8STRING(WOLFSSL_ASN1_STRING* s, unsigned char **pp) +{ + WOLFSSL_ENTER("wolfSSL_i2d_ASN1_UTF8STRING"); + + return i2d_ASN1_STRING(s, pp, ASN_UTF8STRING); +} + +int wolfSSL_i2d_ASN1_SEQUENCE(WOLFSSL_ASN1_STRING* s, + unsigned char **pp) +{ + unsigned char* out; + + if (s == NULL || s->data == NULL || s->length == 0) + return WOLFSSL_FATAL_ERROR; + + if (pp == NULL) + return s->length; + + if (*pp == NULL) { + out = (unsigned char*)XMALLOC(s->length, NULL, DYNAMIC_TYPE_ASN1); + if (out == NULL) + return WOLFSSL_FATAL_ERROR; + } + else { + out = *pp; + } + + XMEMCPY(out, s->data, s->length); + if (*pp == NULL) + *pp = out; + else + *pp += s->length; + + return s->length; +} + +static WOLFSSL_ASN1_STRING* d2i_ASN1_STRING(WOLFSSL_ASN1_STRING** out, + const byte** src, long len, byte expTag) +{ + WOLFSSL_ASN1_STRING* ret = NULL; + word32 idx = 0; + byte tag = 0; + int length = 0; + + WOLFSSL_ENTER("d2i_ASN1_GENERALSTRING"); + + if (src == NULL || *src == NULL || len == 0) + return NULL; + + if (GetASNTag(*src, &idx, &tag, (word32)len) < 0) + return NULL; + if (tag != expTag) + return NULL; + if (GetLength(*src, &idx, &length, (word32)len) < 0) + return NULL; + + ret = wolfSSL_ASN1_STRING_new(); + if (ret == NULL) + return NULL; + + if (wolfSSL_ASN1_STRING_set(ret, *src + idx, length) != 1) { + wolfSSL_ASN1_STRING_free(ret); + return NULL; + } + + if (out != NULL) { + if (*out != NULL) + wolfSSL_ASN1_STRING_free(*out); + *out = ret; + } + *src += idx + length; + + return ret; +} + +WOLFSSL_ASN1_STRING* wolfSSL_d2i_ASN1_GENERALSTRING(WOLFSSL_ASN1_STRING** out, + const byte** src, long len) +{ + WOLFSSL_ENTER("wolfSSL_d2i_ASN1_GENERALSTRING"); + + return d2i_ASN1_STRING(out, src, len, ASN_GENERALSTRING); +} + +WOLFSSL_ASN1_STRING* wolfSSL_d2i_ASN1_OCTET_STRING(WOLFSSL_ASN1_STRING** out, + const byte** src, long len) +{ + WOLFSSL_ENTER("wolfSSL_d2i_ASN1_OCTET_STRING"); + + return d2i_ASN1_STRING(out, src, len, ASN_OCTET_STRING); +} + +WOLFSSL_ASN1_STRING* wolfSSL_d2i_ASN1_UTF8STRING(WOLFSSL_ASN1_STRING** out, + const byte** src, long len) +{ + WOLFSSL_ENTER("wolfSSL_d2i_ASN1_UTF8STRING"); + + return d2i_ASN1_STRING(out, src, len, ASN_UTF8STRING); +} + +#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ #endif /* NO_ASN */ #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) @@ -2470,7 +3040,7 @@ unsigned char* wolfSSL_ASN1_STRING_data(WOLFSSL_ASN1_STRING* asn) * @return String length on success. * @return 0 when asn is NULL or no data set. */ -int wolfSSL_ASN1_STRING_length(WOLFSSL_ASN1_STRING* asn) +int wolfSSL_ASN1_STRING_length(const WOLFSSL_ASN1_STRING* asn) { int len = 0; @@ -2820,7 +3390,7 @@ static int wolfssl_asn1_string_dump_hex(WOLFSSL_BIO *bio, /* Write out hash character to indicate hex string. */ if (wolfSSL_BIO_write(bio, hash, 1) != 1) { - str_len = -1; + str_len = WOLFSSL_FATAL_ERROR; } else { /* Check if we are to write out DER header. */ @@ -2832,7 +3402,7 @@ static int wolfssl_asn1_string_dump_hex(WOLFSSL_BIO *bio, str_len += 4; /* Write out tag and length as hex digits. */ if (wolfSSL_BIO_write(bio, hex_tmp, 4) != 4) { - str_len = -1; + str_len = WOLFSSL_FATAL_ERROR; } } } @@ -2850,7 +3420,7 @@ static int wolfssl_asn1_string_dump_hex(WOLFSSL_BIO *bio, str_len += 2; /* Write out character as hex digites. */ if (wolfSSL_BIO_write(bio, hex_tmp, 2) != 2) { - str_len = -1; + str_len = WOLFSSL_FATAL_ERROR; break; } } @@ -2905,7 +3475,7 @@ static int wolfssl_asn1_string_print_esc_2253(WOLFSSL_BIO *bio, str_len++; /* Write out escaping character. */ if (wolfSSL_BIO_write(bio,"\\", 1) != 1) { - str_len = -1; + str_len = WOLFSSL_FATAL_ERROR; break; } } @@ -2913,7 +3483,7 @@ static int wolfssl_asn1_string_print_esc_2253(WOLFSSL_BIO *bio, str_len++; /* Write out character. */ if (wolfSSL_BIO_write(bio, p, 1) != 1) { - str_len = -1; + str_len = WOLFSSL_FATAL_ERROR; break; } } @@ -3002,9 +3572,7 @@ int wolfSSL_ASN1_STRING_print_ex(WOLFSSL_BIO *bio, WOLFSSL_ASN1_STRING *str, void wolfSSL_ASN1_GENERALIZEDTIME_free(WOLFSSL_ASN1_TIME* asn1Time) { WOLFSSL_ENTER("wolfSSL_ASN1_GENERALIZEDTIME_free"); - if (asn1Time != NULL) { - XFREE(asn1Time, NULL, DYNAMIC_TYPE_OPENSSL); - } + XFREE(asn1Time, NULL, DYNAMIC_TYPE_OPENSSL); } #ifndef NO_BIO @@ -3419,7 +3987,7 @@ unsigned char* wolfSSL_ASN1_TIME_get_data(const WOLFSSL_ASN1_TIME *t) */ int wolfSSL_ASN1_TIME_check(const WOLFSSL_ASN1_TIME* a) { - int ret = 1; + int ret = WOLFSSL_SUCCESS; char buf[MAX_TIME_STRING_SZ]; WOLFSSL_ENTER("wolfSSL_ASN1_TIME_check"); @@ -3427,7 +3995,7 @@ int wolfSSL_ASN1_TIME_check(const WOLFSSL_ASN1_TIME* a) /* If can convert to human readable then format good. */ if (wolfSSL_ASN1_TIME_to_string((WOLFSSL_ASN1_TIME*)a, buf, MAX_TIME_STRING_SZ) == NULL) { - ret = 0; + ret = WOLFSSL_FAILURE; } return ret; @@ -3445,7 +4013,7 @@ int wolfSSL_ASN1_TIME_check(const WOLFSSL_ASN1_TIME* a) */ int wolfSSL_ASN1_TIME_set_string(WOLFSSL_ASN1_TIME *t, const char *str) { - int ret = 1; + int ret = WOLFSSL_SUCCESS; int slen = 0; WOLFSSL_ENTER("wolfSSL_ASN1_TIME_set_string"); @@ -3454,15 +4022,15 @@ int wolfSSL_ASN1_TIME_set_string(WOLFSSL_ASN1_TIME *t, const char *str) WOLFSSL_MSG("Bad parameter"); ret = 0; } - if (ret == 1) { + if (ret == WOLFSSL_SUCCESS) { /* Get length of string including NUL terminator. */ slen = (int)XSTRLEN(str) + 1; if (slen > CTC_DATE_SIZE) { WOLFSSL_MSG("Date string too long"); - ret = 0; + ret = WOLFSSL_FAILURE; } } - if ((ret == 1) && (t != NULL)) { + if ((ret == WOLFSSL_SUCCESS) && (t != NULL)) { /* Copy in string including NUL terminator. */ XMEMCPY(t->data, str, (size_t)slen); /* Do not include NUL terminator in length. */ @@ -3475,6 +4043,21 @@ int wolfSSL_ASN1_TIME_set_string(WOLFSSL_ASN1_TIME *t, const char *str) return ret; } +int wolfSSL_ASN1_TIME_set_string_X509(WOLFSSL_ASN1_TIME *t, const char *str) +{ + int ret = WOLFSSL_SUCCESS; + + WOLFSSL_ENTER("wolfSSL_ASN1_TIME_set_string_X509"); + + if (t == NULL) + ret = WOLFSSL_FAILURE; + if (ret == WOLFSSL_SUCCESS) + ret = wolfSSL_ASN1_TIME_set_string(t, str); + if (ret == WOLFSSL_SUCCESS) + ret = wolfSSL_ASN1_TIME_check(t); + return ret; +} + /* Convert ASN.1 TIME object to ASN.1 GENERALIZED TIME object. * * @param [in] t ASN.1 TIME object. @@ -3547,6 +4130,7 @@ WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_to_generalizedtime(WOLFSSL_ASN1_TIME *t, return ret; } +#if !defined(USER_TIME) && !defined(TIME_OVERRIDES) WOLFSSL_ASN1_TIME* wolfSSL_ASN1_UTCTIME_set(WOLFSSL_ASN1_TIME *s, time_t t) { WOLFSSL_ASN1_TIME* ret = s; @@ -3572,7 +4156,7 @@ WOLFSSL_ASN1_TIME* wolfSSL_ASN1_UTCTIME_set(WOLFSSL_ASN1_TIME *s, time_t t) return ret; } - +#endif /* !USER_TIME && !TIME_OVERRIDES */ #endif /* OPENSSL_EXTRA */ #if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA) @@ -4006,6 +4590,7 @@ static void wolfssl_asn1_type_free_value(WOLFSSL_ASN1_TYPE* at) #endif break; case V_ASN1_UTF8STRING: + case V_ASN1_OCTET_STRING: case V_ASN1_PRINTABLESTRING: case V_ASN1_T61STRING: case V_ASN1_IA5STRING: @@ -4033,6 +4618,41 @@ void wolfSSL_ASN1_TYPE_free(WOLFSSL_ASN1_TYPE* at) XFREE(at, NULL, DYNAMIC_TYPE_OPENSSL); } +int wolfSSL_i2d_ASN1_TYPE(WOLFSSL_ASN1_TYPE* at, unsigned char** pp) +{ + int ret = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR); + + if (at == NULL) + return WOLFSSL_FATAL_ERROR; + + switch (at->type) { + case V_ASN1_NULL: + break; + case V_ASN1_OBJECT: + ret = wolfSSL_i2d_ASN1_OBJECT(at->value.object, pp); + break; + case V_ASN1_UTF8STRING: + ret = wolfSSL_i2d_ASN1_UTF8STRING(at->value.utf8string, pp); + break; + case V_ASN1_GENERALIZEDTIME: + ret = wolfSSL_i2d_ASN1_GENERALSTRING(at->value.utf8string, pp); + break; + case V_ASN1_SEQUENCE: + ret = wolfSSL_i2d_ASN1_SEQUENCE(at->value.sequence, pp); + break; + case V_ASN1_UTCTIME: + case V_ASN1_PRINTABLESTRING: + case V_ASN1_T61STRING: + case V_ASN1_IA5STRING: + case V_ASN1_UNIVERSALSTRING: + default: + WOLFSSL_MSG("asn1 i2d type not supported"); + break; + } + + return ret; +} + #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS) || \ @@ -4070,6 +4690,7 @@ void wolfSSL_ASN1_TYPE_set(WOLFSSL_ASN1_TYPE *a, int type, void *value) case V_ASN1_UTCTIME: case V_ASN1_GENERALIZEDTIME: case V_ASN1_UTF8STRING: + case V_ASN1_OCTET_STRING: case V_ASN1_PRINTABLESTRING: case V_ASN1_T61STRING: case V_ASN1_IA5STRING: @@ -4089,6 +4710,14 @@ void wolfSSL_ASN1_TYPE_set(WOLFSSL_ASN1_TYPE *a, int type, void *value) } } +int wolfSSL_ASN1_TYPE_get(const WOLFSSL_ASN1_TYPE *a) +{ + if (a != NULL && (a->type == V_ASN1_BOOLEAN || a->type == V_ASN1_NULL + || a->value.ptr != NULL)) + return a->type; + return 0; +} + #endif /* OPENSSL_ALL || OPENSSL_EXTRA || WOLFSSL_WPAS */ #endif /* !NO_ASN */ diff --git a/src/src/ssl_bn.c b/src/src/ssl_bn.c index c025755..227fc71 100644 --- a/src/src/ssl_bn.c +++ b/src/src/ssl_bn.c @@ -1,6 +1,6 @@ /* ssl_bn.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -64,7 +64,7 @@ static int wolfssl_bn_set_neg(WOLFSSL_BIGNUM* bn, int neg) if (BN_IS_NULL(bn)) { WOLFSSL_MSG("bn NULL error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } #if !defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_INT_NEGATIVE) else if (neg) { @@ -102,17 +102,17 @@ int wolfssl_bn_get_value(WOLFSSL_BIGNUM* bn, mp_int* mpi) /* Validate parameters. */ if (BN_IS_NULL(bn)) { WOLFSSL_MSG("bn NULL error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } else if (mpi == NULL) { WOLFSSL_MSG("mpi NULL error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } /* Copy the internal representation into MP integer. */ if ((ret == 1) && mp_copy((mp_int*)bn->internal, mpi) != MP_OKAY) { WOLFSSL_MSG("mp_copy error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } return ret; @@ -145,7 +145,7 @@ int wolfssl_bn_set_value(WOLFSSL_BIGNUM** bn, mp_int* mpi) /* Validate parameters. */ if ((bn == NULL) || (mpi == NULL)) { WOLFSSL_MSG("mpi or bn NULL error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } /* Allocate a new big number if one not passed in. */ @@ -153,7 +153,7 @@ int wolfssl_bn_set_value(WOLFSSL_BIGNUM** bn, mp_int* mpi) a = wolfSSL_BN_new(); if (a == NULL) { WOLFSSL_MSG("wolfssl_bn_set_value alloc failed"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } *bn = a; } @@ -161,7 +161,7 @@ int wolfssl_bn_set_value(WOLFSSL_BIGNUM** bn, mp_int* mpi) /* Copy MP integer value into internal representation of big number. */ if ((ret == 1) && (mp_copy(mpi, (mp_int*)((*bn)->internal)) != MP_OKAY)) { WOLFSSL_MSG("mp_copy error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } /* Dispose of any allocated big number on error. */ @@ -455,7 +455,7 @@ int wolfSSL_BN_bn2bin(const WOLFSSL_BIGNUM* bn, unsigned char* r) /* Validate parameters. */ if (BN_IS_NULL(bn)) { WOLFSSL_MSG("NULL bn error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } else { /* Get the length of the encoding. */ @@ -464,7 +464,7 @@ int wolfSSL_BN_bn2bin(const WOLFSSL_BIGNUM* bn, unsigned char* r) if ((r != NULL) && (mp_to_unsigned_bin((mp_int*)bn->internal, r) != MP_OKAY)) { WOLFSSL_MSG("mp_to_unsigned_bin error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } } @@ -492,7 +492,7 @@ WOLFSSL_BIGNUM* wolfSSL_BN_bin2bn(const unsigned char* data, int len, WOLFSSL_ENTER("wolfSSL_BN_bin2bn"); /* Validate parameters. */ - if ((data == NULL) || (len < 0)) { + if (len < 0) { ret = NULL; } /* Allocate a new big number when ret is NULL. */ @@ -507,7 +507,7 @@ WOLFSSL_BIGNUM* wolfSSL_BN_bin2bn(const unsigned char* data, int len, if (ret->internal == NULL) { ret = NULL; } - else { + else if (data != NULL) { /* Decode into big number. */ if (mp_read_unsigned_bin((mp_int*)ret->internal, data, (word32)len) != 0) { @@ -516,10 +516,15 @@ WOLFSSL_BIGNUM* wolfSSL_BN_bin2bn(const unsigned char* data, int len, ret = NULL; } else { - /* Don't free bn as we may be returning it. */ + /* Don't free bn as we are returning it. */ bn = NULL; } } + else if (data == NULL) { + wolfSSL_BN_zero(ret); + /* Don't free bn as we are returning it. */ + bn = NULL; + } } /* Dispose of allocated BN not being returned. */ @@ -1129,8 +1134,7 @@ int wolfSSL_BN_cmp(const WOLFSSL_BIGNUM* a, const WOLFSSL_BIGNUM* b) ret = 0; } else { - /* NULL less than not NULL. */ - ret = -1; + ret = -1; /* NULL less than not NULL. */ } } else if (bIsNull) { @@ -1147,9 +1151,12 @@ int wolfSSL_BN_cmp(const WOLFSSL_BIGNUM* a, const WOLFSSL_BIGNUM* b) else if (ret == MP_GT) { ret = 1; } - else { + else if (ret == MP_LT) { ret = -1; } + else { + ret = WOLFSSL_FATAL_ERROR; /* also -1 */ + } } return ret; @@ -1305,7 +1312,7 @@ static int wolfssl_bn_add_word_int(WOLFSSL_BIGNUM *bn, WOLFSSL_BN_ULONG w, #endif /* Validate parameters. */ - if (BN_IS_NULL(bn)) { + if (ret == 1 && BN_IS_NULL(bn)) { WOLFSSL_MSG("bn NULL error"); ret = 0; } @@ -1412,6 +1419,85 @@ int wolfSSL_BN_sub_word(WOLFSSL_BIGNUM* bn, WOLFSSL_BN_ULONG w) return ret; } +int wolfSSL_BN_mul_word(WOLFSSL_BIGNUM *bn, WOLFSSL_BN_ULONG w) +{ + int ret = 1; +#if DIGIT_BIT < (SIZEOF_LONG * CHAR_BIT) +#ifdef WOLFSSL_SMALL_STACK + mp_int* w_mp = NULL; +#else + mp_int w_mp[1]; +#endif /* WOLFSSL_SMALL_STACK */ +#endif + + WOLFSSL_ENTER("wolfSSL_BN_mul_word"); + +#if DIGIT_BIT < (SIZEOF_LONG * CHAR_BIT) +#ifdef WOLFSSL_SMALL_STACK + /* Allocate temporary MP integer. */ + w_mp = (mp_int*)XMALLOC(sizeof(*w_mp), NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (w_mp == NULL) { + ret = 0; + } + else +#endif /* WOLFSSL_SMALL_STACK */ + { + /* Clear out MP integer so it can be freed. */ + XMEMSET(w_mp, 0, sizeof(*w_mp)); + } +#endif + + /* Validate parameters. */ + if (ret == 1 && BN_IS_NULL(bn)) { + WOLFSSL_MSG("bn NULL error"); + ret = 0; + } + + if (ret == 1) { + int rc = 0; +#if DIGIT_BIT < (SIZEOF_LONG * CHAR_BIT) + if (w > (WOLFSSL_BN_ULONG)MP_MASK) { + /* Initialize temporary MP integer. */ + if (mp_init(w_mp) != MP_OKAY) { + ret = 0; + } + /* Set value into temporary MP integer. */ + if ((ret == 1) && (mp_set_int(w_mp, w) != MP_OKAY)) { + ret = 0; + } + if (ret == 1) { + rc = mp_mul((mp_int*)bn->internal, w_mp, + (mp_int*)bn->internal); + if (rc != MP_OKAY) { + WOLFSSL_MSG("mp_mul error"); + ret = 0; + } + } + } + else +#endif + { + rc = mp_mul_d((mp_int*)bn->internal, (mp_digit)w, + (mp_int*)bn->internal); + if (rc != MP_OKAY) { + WOLFSSL_MSG("mp_mul_d error"); + ret = 0; + } + } + } + +#if DIGIT_BIT < (SIZEOF_LONG * CHAR_BIT) + mp_free(w_mp); +#ifdef WOLFSSL_SMALL_STACK + XFREE(w_mp, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif /* WOLFSSL_SMALL_STACK */ +#endif + + WOLFSSL_LEAVE("wolfSSL_BN_mul_word", ret); + + return ret; +} + #if defined(WOLFSSL_KEY_GEN) && (!defined(NO_RSA) || !defined(NO_DH) || \ !defined(NO_DSA)) /* Calculate bn modulo word w. bn % w @@ -2268,18 +2354,18 @@ int wolfSSL_BN_is_prime_ex(const WOLFSSL_BIGNUM *bn, int checks, if (BN_IS_NULL(bn)) { WOLFSSL_MSG("bn NULL error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } /* Create a new RNG or use global. */ if ((ret == 1) && ((rng = wolfssl_make_rng(tmpRng, &localRng)) == NULL)) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } if ((ret == 1) && (mp_prime_is_prime_ex((mp_int*)bn->internal, checks, &res, rng) != MP_OKAY)) { WOLFSSL_MSG("mp_prime_is_prime_ex error"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } if (localRng) { diff --git a/src/src/ssl_certman.c b/src/src/ssl_certman.c index e666059..346904e 100644 --- a/src/src/ssl_certman.c +++ b/src/src/ssl_certman.c @@ -1,6 +1,6 @@ /* ssl_certman.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -398,7 +398,7 @@ WOLFSSL_STACK* wolfSSL_CertManagerGetCerts(WOLFSSL_CERT_MANAGER* cm) } /* Decode certificate. */ - if ((!err) && (wolfSSL_sk_X509_push(sk, x509) != WOLFSSL_SUCCESS)) { + if ((!err) && (wolfSSL_sk_X509_push(sk, x509) <= 0)) { wolfSSL_X509_free(x509); err = 1; } @@ -455,11 +455,12 @@ int wolfSSL_CertManagerUnloadCAs(WOLFSSL_CERT_MANAGER* cm) return ret; } -int wolfSSL_CertManagerUnloadIntermediateCerts(WOLFSSL_CERT_MANAGER* cm) +static int wolfSSL_CertManagerUnloadIntermediateCertsEx( + WOLFSSL_CERT_MANAGER* cm, byte type) { int ret = WOLFSSL_SUCCESS; - WOLFSSL_ENTER("wolfSSL_CertManagerUnloadIntermediateCerts"); + WOLFSSL_ENTER("wolfSSL_CertManagerUnloadIntermediateCertsEx"); /* Validate parameter. */ if (cm == NULL) { @@ -471,7 +472,7 @@ int wolfSSL_CertManagerUnloadIntermediateCerts(WOLFSSL_CERT_MANAGER* cm) } if (ret == WOLFSSL_SUCCESS) { /* Dispose of CA table. */ - FreeSignerTableType(cm->caTable, CA_TABLE_SIZE, WOLFSSL_CHAIN_CA, + FreeSignerTableType(cm->caTable, CA_TABLE_SIZE, type, cm->heap); /* Unlock CA table. */ @@ -481,6 +482,22 @@ int wolfSSL_CertManagerUnloadIntermediateCerts(WOLFSSL_CERT_MANAGER* cm) return ret; } +#if defined(OPENSSL_EXTRA) +static int wolfSSL_CertManagerUnloadTempIntermediateCerts( + WOLFSSL_CERT_MANAGER* cm) +{ + WOLFSSL_ENTER("wolfSSL_CertManagerUnloadTempIntermediateCerts"); + return wolfSSL_CertManagerUnloadIntermediateCertsEx(cm, WOLFSSL_TEMP_CA); +} +#endif + +int wolfSSL_CertManagerUnloadIntermediateCerts( + WOLFSSL_CERT_MANAGER* cm) +{ + WOLFSSL_ENTER("wolfSSL_CertManagerUnloadIntermediateCerts"); + return wolfSSL_CertManagerUnloadIntermediateCertsEx(cm, WOLFSSL_CHAIN_CA); +} + #ifdef WOLFSSL_TRUST_PEER_CERT /* Unload the trusted peers table. * @@ -609,8 +626,7 @@ void wolfSSL_CertManagerSetVerify(WOLFSSL_CERT_MANAGER* cm, VerifyCallback vc) } #endif /* NO_WOLFSSL_CM_VERIFY */ -#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \ - && defined(HAVE_OID_DECODING) +#ifdef WC_ASN_UNKNOWN_EXT_CB void wolfSSL_CertManagerSetUnknownExtCallback(WOLFSSL_CERT_MANAGER* cm, wc_UnknownExtCallback cb) { @@ -620,7 +636,7 @@ void wolfSSL_CertManagerSetUnknownExtCallback(WOLFSSL_CERT_MANAGER* cm, } } -#endif /* WOLFSSL_CUSTOM_OID && WOLFSSL_ASN_TEMPLATE && HAVE_OID_DECODING */ +#endif /* WC_ASN_UNKNOWN_EXT_CB */ #if !defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH) /* Verify the certificate. @@ -690,8 +706,7 @@ int CM_VerifyBuffer_ex(WOLFSSL_CERT_MANAGER* cm, const unsigned char* buff, /* Create a decoded certificate with DER buffer. */ InitDecodedCert(cert, buff, (word32)sz, cm->heap); -#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \ - && defined(HAVE_OID_DECODING) +#ifdef WC_ASN_UNKNOWN_EXT_CB if (cm->unknownExtCallback != NULL) wc_SetUnknownExtCallback(cert, cm->unknownExtCallback); #endif @@ -1384,9 +1399,7 @@ int CM_SaveCertCache(WOLFSSL_CERT_MANAGER* cm, const char* fname) ret = FWRITE_ERROR; } } - if (mem != NULL) { - XFREE(mem, cm->heap, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(mem, cm->heap, DYNAMIC_TYPE_TMP_BUFFER); /* Unlock CA table. */ wc_UnLockMutex(&cm->caLock); @@ -1862,6 +1875,26 @@ int wolfSSL_CertManagerSetCRL_Cb(WOLFSSL_CERT_MANAGER* cm, CbMissingCRL cb) return ret; } +int wolfSSL_CertManagerSetCRL_ErrorCb(WOLFSSL_CERT_MANAGER* cm, crlErrorCb cb, + void* ctx) +{ + int ret = WOLFSSL_SUCCESS; + + WOLFSSL_ENTER("wolfSSL_CertManagerSetCRL_Cb"); + + /* Validate parameters. */ + if (cm == NULL) { + ret = BAD_FUNC_ARG; + } + if (ret == WOLFSSL_SUCCESS) { + /* Store callback. */ + cm->crlCb = cb; + cm->crlCbCtx = ctx; + } + + return ret; +} + #ifdef HAVE_CRL_IO /* Set the CRL I/O callback. * diff --git a/src/src/ssl_crypto.c b/src/src/ssl_crypto.c index 5a05324..0730c45 100644 --- a/src/src/ssl_crypto.c +++ b/src/src/ssl_crypto.c @@ -1,6 +1,6 @@ /* ssl_crypto.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -45,8 +45,7 @@ void wolfSSL_MD4_Init(WOLFSSL_MD4_CTX* md4) { /* Ensure WOLFSSL_MD4_CTX is big enough for wolfCrypt Md4. */ - typedef char ok[sizeof(md4->buffer) >= sizeof(Md4) ? 1 : -1]; - (void)sizeof(ok); + WOLFSSL_ASSERT_SIZEOF_GE(md4->buffer, Md4); WOLFSSL_ENTER("MD4_Init"); @@ -97,8 +96,7 @@ void wolfSSL_MD4_Final(unsigned char* digest, WOLFSSL_MD4_CTX* md4) int wolfSSL_MD5_Init(WOLFSSL_MD5_CTX* md5) { /* Ensure WOLFSSL_MD5_CTX is big enough for wolfCrypt wc_Md5. */ - typedef char md5_test[sizeof(WOLFSSL_MD5_CTX) >= sizeof(wc_Md5) ? 1 : -1]; - (void)sizeof(md5_test); + WOLFSSL_ASSERT_SIZEOF_GE(WOLFSSL_MD5_CTX, wc_Md5); WOLFSSL_ENTER("MD5_Init"); @@ -212,8 +210,7 @@ unsigned char* wolfSSL_MD5(const unsigned char* data, size_t len, int wolfSSL_SHA_Init(WOLFSSL_SHA_CTX* sha) { /* Ensure WOLFSSL_SHA_CTX is big enough for wolfCrypt wc_Sha. */ - typedef char sha_test[sizeof(WOLFSSL_SHA_CTX) >= sizeof(wc_Sha) ? 1 : -1]; - (void)sizeof(sha_test); + WOLFSSL_ASSERT_SIZEOF_GE(WOLFSSL_SHA_CTX, wc_Sha); WOLFSSL_ENTER("SHA_Init"); @@ -362,8 +359,7 @@ int wolfSSL_SHA1_Transform(WOLFSSL_SHA_CTX* sha, const unsigned char* data) int wolfSSL_SHA224_Init(WOLFSSL_SHA224_CTX* sha224) { /* Ensure WOLFSSL_SHA224_CTX is big enough for wolfCrypt wc_Sha224. */ - typedef char sha_test[sizeof(SHA224_CTX) >= sizeof(wc_Sha224) ? 1 : -1]; - (void)sizeof(sha_test); + WOLFSSL_ASSERT_SIZEOF_GE(SHA224_CTX, wc_Sha224); WOLFSSL_ENTER("SHA224_Init"); @@ -422,8 +418,7 @@ int wolfSSL_SHA224_Final(byte* output, WOLFSSL_SHA224_CTX* sha224) int wolfSSL_SHA256_Init(WOLFSSL_SHA256_CTX* sha256) { /* Ensure WOLFSSL_SHA256_CTX is big enough for wolfCrypt wc_Sha256. */ - typedef char sha_test[sizeof(SHA256_CTX) >= sizeof(wc_Sha256) ? 1 : -1]; - (void)sizeof(sha_test); + WOLFSSL_ASSERT_SIZEOF_GE(SHA256_CTX, wc_Sha256); WOLFSSL_ENTER("SHA256_Init"); @@ -512,8 +507,7 @@ int wolfSSL_SHA256_Transform(WOLFSSL_SHA256_CTX* sha256, int wolfSSL_SHA384_Init(WOLFSSL_SHA384_CTX* sha384) { /* Ensure WOLFSSL_SHA384_CTX is big enough for wolfCrypt wc_Sha384. */ - typedef char sha_test[sizeof(SHA384_CTX) >= sizeof(wc_Sha384) ? 1 : -1]; - (void)sizeof(sha_test); + WOLFSSL_ASSERT_SIZEOF_GE(SHA384_CTX, wc_Sha384); WOLFSSL_ENTER("SHA384_Init"); @@ -572,8 +566,7 @@ int wolfSSL_SHA384_Final(byte* output, WOLFSSL_SHA384_CTX* sha384) int wolfSSL_SHA512_Init(WOLFSSL_SHA512_CTX* sha512) { /* Ensure WOLFSSL_SHA512_CTX is big enough for wolfCrypt wc_Sha512. */ - typedef char sha_test[sizeof(SHA512_CTX) >= sizeof(wc_Sha512) ? 1 : -1]; - (void)sizeof(sha_test); + WOLFSSL_ASSERT_SIZEOF_GE(SHA512_CTX, wc_Sha512); WOLFSSL_ENTER("SHA512_Init"); @@ -809,8 +802,7 @@ int wolfSSL_SHA512_256_Transform(WOLFSSL_SHA512_CTX* sha512, int wolfSSL_SHA3_224_Init(WOLFSSL_SHA3_224_CTX* sha3_224) { /* Ensure WOLFSSL_SHA3_224_CTX is big enough for wolfCrypt wc_Sha3. */ - typedef char sha_test[sizeof(SHA3_224_CTX) >= sizeof(wc_Sha3) ? 1 : -1]; - (void)sizeof(sha_test); + WOLFSSL_ASSERT_SIZEOF_GE(SHA3_224_CTX, wc_Sha3); WOLFSSL_ENTER("SHA3_224_Init"); @@ -869,8 +861,7 @@ int wolfSSL_SHA3_224_Final(byte* output, WOLFSSL_SHA3_224_CTX* sha3) int wolfSSL_SHA3_256_Init(WOLFSSL_SHA3_256_CTX* sha3_256) { /* Ensure WOLFSSL_SHA3_256_CTX is big enough for wolfCrypt wc_Sha3. */ - typedef char sha_test[sizeof(SHA3_256_CTX) >= sizeof(wc_Sha3) ? 1 : -1]; - (void)sizeof(sha_test); + WOLFSSL_ASSERT_SIZEOF_GE(SHA3_256_CTX, wc_Sha3); WOLFSSL_ENTER("SHA3_256_Init"); @@ -929,8 +920,7 @@ int wolfSSL_SHA3_256_Final(byte* output, WOLFSSL_SHA3_256_CTX* sha3) int wolfSSL_SHA3_384_Init(WOLFSSL_SHA3_384_CTX* sha3_384) { /* Ensure WOLFSSL_SHA3_384_CTX is big enough for wolfCrypt wc_Sha3. */ - typedef char sha_test[sizeof(SHA3_384_CTX) >= sizeof(wc_Sha3) ? 1 : -1]; - (void)sizeof(sha_test); + WOLFSSL_ASSERT_SIZEOF_GE(SHA3_384_CTX, wc_Sha3); WOLFSSL_ENTER("SHA3_384_Init"); @@ -989,8 +979,7 @@ int wolfSSL_SHA3_384_Final(byte* output, WOLFSSL_SHA3_384_CTX* sha3) int wolfSSL_SHA3_512_Init(WOLFSSL_SHA3_512_CTX* sha3_512) { /* Ensure WOLFSSL_SHA3_512_CTX is big enough for wolfCrypt wc_Sha3. */ - typedef char sha_test[sizeof(SHA3_512_CTX) >= sizeof(wc_Sha3) ? 1 : -1]; - (void)sizeof(sha_test); + WOLFSSL_ASSERT_SIZEOF_GE(SHA3_512_CTX, wc_Sha3); WOLFSSL_ENTER("SHA3_512_Init"); @@ -2442,7 +2431,7 @@ int wolfSSL_DES_set_key_checked(WOLFSSL_const_DES_cblock* key, /* Check key parity is odd. */ if ((ret == 0) && (!wolfSSL_DES_check_key_parity(key))) { WOLFSSL_MSG("Odd parity test fail"); - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } /* Check whether key is weak. */ if ((ret == 0) && wolfSSL_DES_is_weak_key(key)) { @@ -2934,25 +2923,24 @@ void wolfSSL_DES_ecb_encrypt(WOLFSSL_DES_cblock* in, WOLFSSL_DES_cblock* out, static int wolfssl_aes_set_key(const unsigned char *key, const int bits, AES_KEY *aes, int enc) { - typedef char aes_test[sizeof(AES_KEY) >= sizeof(Aes) ? 1 : -1]; - (void)sizeof(aes_test); + wc_static_assert(sizeof(AES_KEY) >= sizeof(Aes)); /* Validate parameters. */ if ((key == NULL) || (aes == NULL)) { WOLFSSL_MSG("Null argument passed in"); - return -1; + return WOLFSSL_FATAL_ERROR; } XMEMSET(aes, 0, sizeof(AES_KEY)); if (wc_AesInit((Aes*)aes, NULL, INVALID_DEVID) != 0) { WOLFSSL_MSG("Error in initting AES key"); - return -1; + return WOLFSSL_FATAL_ERROR; } if (wc_AesSetKey((Aes*)aes, key, ((bits)/8), NULL, enc) != 0) { WOLFSSL_MSG("Error in setting AES key"); - return -1; + return WOLFSSL_FATAL_ERROR; } return 0; } @@ -3449,8 +3437,7 @@ size_t wolfSSL_CRYPTO_cts128_decrypt(const unsigned char *in, void wolfSSL_RC4_set_key(WOLFSSL_RC4_KEY* key, int len, const unsigned char* data) { - typedef char rc4_test[sizeof(WOLFSSL_RC4_KEY) >= sizeof(Arc4) ? 1 : -1]; - (void)sizeof(rc4_test); + wc_static_assert(sizeof(WOLFSSL_RC4_KEY) >= sizeof(Arc4)); WOLFSSL_ENTER("wolfSSL_RC4_set_key"); diff --git a/src/src/ssl_load.c b/src/src/ssl_load.c index 2441d48..0361edb 100644 --- a/src/src/ssl_load.c +++ b/src/src/ssl_load.c @@ -1,6 +1,6 @@ /* ssl_load.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -137,26 +137,16 @@ static int DataToDerBuffer(const unsigned char* buff, word32 len, int format, FreeDer(der); } #else + (void)algId; ret = NOT_COMPILED_IN; #endif } /* Data in buffer is ASN.1 format - get first SEQ or OCT into der. */ else { - int length; - word32 inOutIdx = 0; - /* Get length of SEQ including header. */ if ((info->consumed = wolfssl_der_length(buff, (int)len)) > 0) { ret = 0; } - /* Private keys may be wrapped in OCT when PKCS#8 wrapper removed. - * TODO: is this really needed? */ - else if ((type == PRIVATEKEY_TYPE) && - (GetOctetString(buff, &inOutIdx, &length, len) >= 0)) { - /* Include octet string DER header. */ - info->consumed = length + inOutIdx; - ret = 0; - } else { ret = ASN_PARSE_E; } @@ -302,22 +292,11 @@ static int ProcessUserChain(WOLFSSL_CTX* ctx, WOLFSSL* ssl, WOLFSSL_ENTER("ProcessUserChain"); - /* Validate parameters. */ - if ((type == CA_TYPE) && (ctx == NULL)) { - WOLFSSL_MSG("Need context for CA load"); - ret = BAD_FUNC_ARG; - } - - /* Ignore non-certificate types. */ - if ((ret == 0) && (type != CERT_TYPE) && (type != CHAIN_CERT_TYPE) && - (type != CA_TYPE)) { - WOLFSSL_MSG("File type not a certificate"); - } /* Check we haven't consumed all the data. */ - else if ((ret == 0) && (info->consumed >= sz)) { + if (info->consumed >= sz) { WOLFSSL_MSG("Already consumed data"); } - else if (ret == 0) { + else { #ifndef WOLFSSL_SMALL_STACK byte stackBuffer[FILE_BUFFER_SIZE]; #endif @@ -884,17 +863,17 @@ static int ProcessBufferTryDecodeFalcon(WOLFSSL_CTX* ctx, WOLFSSL* ssl, ret = wc_falcon_init(key); if (ret == 0) { /* Set up key to parse the format specified. */ - if (*keyFormat == FALCON_LEVEL1k) { + if ((*keyFormat == FALCON_LEVEL1k) || ((*keyFormat == 0) && + ((der->length == FALCON_LEVEL1_KEY_SIZE) || + (der->length == FALCON_LEVEL1_PRV_KEY_SIZE)))) { ret = wc_falcon_set_level(key, 1); } - else if (*keyFormat == FALCON_LEVEL5k) { + else if ((*keyFormat == FALCON_LEVEL5k) || ((*keyFormat == 0) && + ((der->length == FALCON_LEVEL5_KEY_SIZE) || + (der->length == FALCON_LEVEL5_PRV_KEY_SIZE)))) { ret = wc_falcon_set_level(key, 5); } else { - /* What if *keyformat is 0? We might want to do something more - * graceful here. */ - /* TODO: get the size of the private key for different formats and - * compare with DER length. */ wc_falcon_free(key); ret = ALGO_ID_E; } @@ -935,6 +914,11 @@ static int ProcessBufferTryDecodeFalcon(WOLFSSL_CTX* ctx, WOLFSSL* ssl, /* Free dynamically allocated data in key. */ wc_falcon_free(key); } + else if ((ret == WC_NO_ERR_TRACE(ALGO_ID_E)) && (*keyFormat == 0)) { + WOLFSSL_MSG("Not a Falcon key"); + /* Format unknown so keep trying. */ + ret = 0; + } /* Dispose of allocated key. */ XFREE(key, heap, DYNAMIC_TYPE_FALCON); @@ -977,20 +961,22 @@ static int ProcessBufferTryDecodeDilithium(WOLFSSL_CTX* ctx, WOLFSSL* ssl, ret = wc_dilithium_init(key); if (ret == 0) { /* Set up key to parse the format specified. */ - if (*keyFormat == DILITHIUM_LEVEL2k) { + if ((*keyFormat == DILITHIUM_LEVEL2k) || ((*keyFormat == 0) && + ((der->length == DILITHIUM_LEVEL2_KEY_SIZE) || + (der->length == DILITHIUM_LEVEL2_PRV_KEY_SIZE)))) { ret = wc_dilithium_set_level(key, 2); } - else if (*keyFormat == DILITHIUM_LEVEL3k) { + else if ((*keyFormat == DILITHIUM_LEVEL3k) || ((*keyFormat == 0) && + ((der->length == DILITHIUM_LEVEL3_KEY_SIZE) || + (der->length == DILITHIUM_LEVEL3_PRV_KEY_SIZE)))) { ret = wc_dilithium_set_level(key, 3); } - else if (*keyFormat == DILITHIUM_LEVEL5k) { + else if ((*keyFormat == DILITHIUM_LEVEL5k) || ((*keyFormat == 0) && + ((der->length == DILITHIUM_LEVEL5_KEY_SIZE) || + (der->length == DILITHIUM_LEVEL5_PRV_KEY_SIZE)))) { ret = wc_dilithium_set_level(key, 5); } else { - /* What if *keyformat is 0? We might want to do something more - * graceful here. */ - /* TODO: get the size of the private key for different formats and - * compare with DER length. */ wc_dilithium_free(key); ret = ALGO_ID_E; } @@ -1036,6 +1022,11 @@ static int ProcessBufferTryDecodeDilithium(WOLFSSL_CTX* ctx, WOLFSSL* ssl, /* Free dynamically allocated data in key. */ wc_dilithium_free(key); } + else if ((ret == WC_NO_ERR_TRACE(ALGO_ID_E)) && (*keyFormat == 0)) { + WOLFSSL_MSG("Not a Dilithium key"); + /* Format unknown so keep trying. */ + ret = 0; + } /* Dispose of allocated key. */ XFREE(key, heap, DYNAMIC_TYPE_DILITHIUM); @@ -1227,8 +1218,13 @@ static int ProcessBufferPrivPkcs8Dec(EncryptedInfo* info, DerBuffer* der, der->length = (word32)ret; } - /* Ensure password is zeroized. */ - ForceZero(password, (word32)passwordSz); +#ifdef WOLFSSL_SMALL_STACK + if (password != NULL) +#endif + { + /* Ensure password is zeroized. */ + ForceZero(password, (word32)passwordSz); + } #ifdef WOLFSSL_SMALL_STACK /* Dispose of password memory. */ XFREE(password, heap, DYNAMIC_TYPE_STRING); @@ -1348,24 +1344,10 @@ static int ProcessBufferPrivateKey(WOLFSSL_CTX* ctx, WOLFSSL* ssl, int algId) { int ret; -#if (defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_PWDBASED)) || \ - defined(HAVE_PKCS8) - word32 p8AlgId = 0; -#endif (void)info; (void)format; -#ifdef HAVE_PKCS8 - /* Try and remove PKCS8 header and get algorithm id. */ - ret = ToTraditional_ex(der->buffer, der->length, &p8AlgId); - if (ret > 0) { - /* Header stripped inline. */ - der->length = (word32)ret; - algId = p8AlgId; - } -#endif - /* Put the data into the SSL or SSL context object. */ ret = ProcessBufferPrivKeyHandleDer(ctx, ssl, &der, type); if (ret == 0) { @@ -1579,7 +1561,9 @@ static void ProcessBufferCertSetHave(WOLFSSL_CTX* ctx, WOLFSSL* ssl, } #endif #ifndef WC_STRICT_SIG - wolfssl_set_have_from_key_oid(ctx, ssl, cert->keyOID); + if ((ctx != NULL) || (ssl != NULL)) { + wolfssl_set_have_from_key_oid(ctx, ssl, (int)cert->keyOID); + } #else /* Set whether ECC is available based on signature available. */ if (ssl != NULL) { @@ -2386,7 +2370,7 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, long sz, if (ret == 0) { ret = 1; } - else if (ret == WOLFSSL_FATAL_ERROR) { + else if (ret == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) { ret = 0; } WOLFSSL_LEAVE("ProcessBuffer", ret); @@ -2875,6 +2859,41 @@ int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX* ctx, const char* file, return WS_RETURN_CODE(ret, 0); } +/* Load a file and/or files in path, with OpenSSL-compatible semantics. + * + * No c_rehash. + * + * @param [in, out] ctx SSL context object. + * @param [in] file Name of file to load. May be NULL. + * @param [in] path Path to directory containing PEM CA files. + * May be NULL. + * @return 1 on success. + * @return 0 on failure. + */ +int wolfSSL_CTX_load_verify_locations_compat(WOLFSSL_CTX* ctx, const char* file, + const char* path) +{ + /* We want to keep trying to load more CA certs even if one cert in the + * directory is bad and can't be used (e.g. if one is expired), and we + * want to return success if any were successfully loaded (mimicking + * OpenSSL SSL_CTX_load_verify_locations() semantics), so we use + * WOLFSSL_LOAD_FLAG_IGNORE_ERR. OpenSSL (as of v3.3.2) actually + * returns success even if no certs are loaded (e.g. because the + * supplied "path" doesn't exist or access is prohibited), and only + * returns failure if the "file" is non-null and fails to load. + * + * Note that if a file is supplied and can't be successfully loaded, the + * overall call fails and the path is never even evaluated. This is + * consistent with OpenSSL behavior. + */ + + int ret = wolfSSL_CTX_load_verify_locations_ex(ctx, file, path, + WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS | WOLFSSL_LOAD_FLAG_IGNORE_ERR); + + /* Return 1 on success or 0 on failure. */ + return WS_RETURN_CODE(ret, 0); +} + #ifdef WOLFSSL_SYS_CA_CERTS #ifdef USE_WINDOWS_API @@ -4793,7 +4812,8 @@ int wolfSSL_CTX_add1_chain_cert(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509) } if (ret == 1) { /* Push the X509 object onto stack. */ - ret = wolfSSL_sk_X509_push(ctx->x509Chain, x509); + ret = wolfSSL_sk_X509_push(ctx->x509Chain, x509) > 0 + ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE; } if (ret != 1) { @@ -4820,8 +4840,7 @@ int wolfSSL_add0_chain_cert(WOLFSSL* ssl, WOLFSSL_X509* x509) WOLFSSL_ENTER("wolfSSL_add0_chain_cert"); /* Validate parameters. */ - if ((ssl == NULL) || (ssl->ctx == NULL) || (x509 == NULL) || - (x509->derCert == NULL)) { + if ((ssl == NULL) || (x509 == NULL) || (x509->derCert == NULL)) { ret = 0; } @@ -4858,7 +4877,8 @@ int wolfSSL_add0_chain_cert(WOLFSSL* ssl, WOLFSSL_X509* x509) } if (ret == 1) { /* Push X509 object onto stack to be freed. */ - ret = wolfSSL_sk_X509_push(ssl->ourCertChain, x509); + ret = wolfSSL_sk_X509_push(ssl->ourCertChain, x509) > 0 + ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE; if (ret != 1) { /* Free it now on error. */ wolfSSL_X509_free(x509); @@ -4884,8 +4904,7 @@ int wolfSSL_add1_chain_cert(WOLFSSL* ssl, WOLFSSL_X509* x509) WOLFSSL_ENTER("wolfSSL_add1_chain_cert"); /* Validate parameters. */ - if ((ssl == NULL) || (ssl->ctx == NULL) || (x509 == NULL) || - (x509->derCert == NULL)) { + if ((ssl == NULL) || (x509 == NULL) || (x509->derCert == NULL)) { ret = 0; } @@ -5080,19 +5099,20 @@ int wolfSSL_CTX_use_RSAPrivateKey(WOLFSSL_CTX* ctx, WOLFSSL_RSA* rsa) int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX* ctx) { int ret; -#ifdef XGETENV - char* certDir; - char* certFile; - word32 flags; +#if defined(XGETENV) && !defined(NO_GETENV) + char* certDir = NULL; + char* certFile = NULL; + word32 flags = 0; #elif !defined(WOLFSSL_SYS_CA_CERTS) (void)ctx; #endif WOLFSSL_ENTER("wolfSSL_CTX_set_default_verify_paths"); -#ifdef XGETENV - certDir = XGETENV("SSL_CERT_DIR"); - certFile = XGETENV("SSL_CERT_FILE"); +#if defined(XGETENV) && !defined(NO_GETENV) + /* // NOLINTBEGIN(concurrency-mt-unsafe) */ + certDir = wc_strdup_ex(XGETENV("SSL_CERT_DIR"), DYNAMIC_TYPE_TMP_BUFFER); + certFile = wc_strdup_ex(XGETENV("SSL_CERT_FILE"), DYNAMIC_TYPE_TMP_BUFFER); flags = WOLFSSL_LOAD_FLAG_PEM_CA_ONLY; if ((certDir != NULL) || (certFile != NULL)) { @@ -5114,6 +5134,7 @@ int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX* ctx) ret = 0; } } + /* // NOLINTEND(concurrency-mt-unsafe) */ else #endif @@ -5125,7 +5146,7 @@ int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX* ctx) #elif defined(WOLFSSL_SYS_CA_CERTS) /* Load the system CA certificates. */ ret = wolfSSL_CTX_load_system_CA_certs(ctx); - if (ret == WOLFSSL_BAD_PATH) { + if (ret == WC_NO_ERR_TRACE(WOLFSSL_BAD_PATH)) { /* OpenSSL doesn't treat the lack of a system CA cert directory as a * failure. We do the same here. */ @@ -5138,6 +5159,10 @@ int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX* ctx) #endif } +#if defined(XGETENV) && !defined(NO_GETENV) + XFREE(certFile, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(certDir, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif WOLFSSL_LEAVE("wolfSSL_CTX_set_default_verify_paths", ret); return ret; @@ -5250,9 +5275,10 @@ int wolfSSL_SetTmpDH(WOLFSSL* ssl, const unsigned char* p, int pSz, if (ret == 1) { /* Allocate buffers for p and g to be assigned into SSL. */ - pAlloc = (byte*)XMALLOC(pSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); - gAlloc = (byte*)XMALLOC(gSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); + pAlloc = (byte*)XMALLOC((size_t)pSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); + gAlloc = (byte*)XMALLOC((size_t)gSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); if ((pAlloc == NULL) || (gAlloc == NULL)) { + /* Memory will be freed below in the (ret != 1) block */ ret = MEMORY_E; } } @@ -5309,7 +5335,7 @@ static int wolfssl_check_dh_key(unsigned char* p, int pSz, unsigned char* g, /* Initialize a DH object. */ if ((ret = wc_InitDhKey(checkKey)) == 0) { /* Check DH parameters. */ - ret = wc_DhSetCheckKey(checkKey, p, (word32)pSz, g, gSz, NULL, 0, 0, &rng); + ret = wc_DhSetCheckKey(checkKey, p, (word32)pSz, g, (word32)gSz, NULL, 0, 0, &rng); /* Dispose of DH object. */ wc_FreeDhKey(checkKey); } @@ -5408,13 +5434,9 @@ int wolfSSL_CTX_SetTmpDH(WOLFSSL_CTX* ctx, const unsigned char* p, int pSz, if (ret == 1) { /* Allocate buffers for p and g to be assigned into SSL context. */ - pAlloc = (byte*)XMALLOC(pSz, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); - gAlloc = (byte*)XMALLOC(gSz, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); + pAlloc = (byte*)XMALLOC((size_t)pSz, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); + gAlloc = (byte*)XMALLOC((size_t)gSz, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); if ((pAlloc == NULL) || (gAlloc == NULL)) { - XFREE(pAlloc, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); - pAlloc = NULL; - XFREE(gAlloc, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); - gAlloc = NULL; ret = MEMORY_E; } } @@ -5427,12 +5449,10 @@ int wolfSSL_CTX_SetTmpDH(WOLFSSL_CTX* ctx, const unsigned char* p, int pSz, ret = wolfssl_ctx_set_tmp_dh(ctx, pAlloc, pSz, gAlloc, gSz); } - if (ret != 1) { + if ((ret != 1) && (ctx != NULL)) { /* Free the allocated buffers if not assigned into SSL context. */ - if (pAlloc) - XFREE(pAlloc, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); - if (gAlloc) - XFREE(gAlloc, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); + XFREE(pAlloc, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); + XFREE(gAlloc, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); } return ret; } @@ -5465,7 +5485,7 @@ long wolfSSL_set_tmp_dh(WOLFSSL *ssl, WOLFSSL_DH *dh) } if (ret == 1) { - /* Get needed size for p and g. */ + /* Get sizes of p and g. */ pSz = wolfSSL_BN_bn2bin(dh->p, NULL); gSz = wolfSSL_BN_bn2bin(dh->g, NULL); /* Validate p and g size. */ @@ -5496,7 +5516,7 @@ long wolfSSL_set_tmp_dh(WOLFSSL *ssl, WOLFSSL_DH *dh) ret = wolfssl_set_tmp_dh(ssl, p, pSz, g, gSz); } - if (ret != 1 && ssl != NULL) { + if ((ret != 1) && (ssl != NULL)) { /* Free the allocated buffers if not assigned into SSL. */ XFREE(p, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); XFREE(g, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); @@ -5531,7 +5551,7 @@ long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX* ctx, WOLFSSL_DH* dh) } if (ret == 1) { - /* Get needed size for p and g. */ + /* Get sizes of p and g. */ pSz = wolfSSL_BN_bn2bin(dh->p, NULL); gSz = wolfSSL_BN_bn2bin(dh->g, NULL); /* Validate p and g size. */ @@ -5563,7 +5583,7 @@ long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX* ctx, WOLFSSL_DH* dh) ret = wolfssl_ctx_set_tmp_dh(ctx, p, pSz, g, gSz); } - if (ret != 1 && ctx != NULL) { + if ((ret != 1) && (ctx != NULL)) { /* Free the allocated buffers if not assigned into SSL. */ XFREE(p, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); XFREE(g, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); @@ -5670,11 +5690,11 @@ static int ws_ctx_ssl_set_tmp_dh(WOLFSSL_CTX* ctx, WOLFSSL* ssl, } else if (ssl != NULL) { /* Set p and g into SSL. */ - res = wolfssl_set_tmp_dh(ssl, p, (int)pSz, g, gSz); + res = wolfssl_set_tmp_dh(ssl, p, (int)pSz, g, (int)gSz); } else { /* Set p and g into SSL context. */ - res = wolfssl_ctx_set_tmp_dh(ctx, p, (int)pSz, g, gSz); + res = wolfssl_ctx_set_tmp_dh(ctx, p, (int)pSz, g, (int)gSz); } } diff --git a/src/src/ssl_misc.c b/src/src/ssl_misc.c index d52c2cd..9a5f4b0 100644 --- a/src/src/ssl_misc.c +++ b/src/src/ssl_misc.c @@ -1,6 +1,6 @@ /* ssl_misc.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -165,7 +165,15 @@ static int wolfssl_read_bio(WOLFSSL_BIO* bio, char** data, int* dataSz, if (bio->type == WOLFSSL_BIO_MEMORY) { ret = wolfSSL_BIO_get_mem_data(bio, data); if (ret > 0) { - bio->rdIdx += ret; + /* Advance the write index in the memory bio */ + WOLFSSL_BIO* mem_bio = bio; + for (; mem_bio != NULL; mem_bio = mem_bio->next) { + if (mem_bio->type == WOLFSSL_BIO_MEMORY) + break; + } + if (mem_bio == NULL) + mem_bio = bio; /* Default to input */ + mem_bio->rdIdx += ret; } *memAlloced = 0; } diff --git a/src/src/ssl_p7p12.c b/src/src/ssl_p7p12.c index 11b6c40..fba2767 100644 --- a/src/src/ssl_p7p12.c +++ b/src/src/ssl_p7p12.c @@ -94,8 +94,7 @@ void wolfSSL_PKCS7_free(PKCS7* pkcs7) WOLFSSL_PKCS7* p7 = (WOLFSSL_PKCS7*)pkcs7; if (p7 != NULL) { - if (p7->data != NULL) - XFREE(p7->data, NULL, DYNAMIC_TYPE_PKCS7); + XFREE(p7->data, NULL, DYNAMIC_TYPE_PKCS7); wc_PKCS7_Free(&p7->pkcs7); if (p7->certs) wolfSSL_sk_pop_free(p7->certs, NULL); @@ -230,7 +229,7 @@ WOLFSSL_STACK* wolfSSL_PKCS7_to_stack(PKCS7* pkcs7) if (!ret) ret = wolfSSL_sk_X509_new_null(); if (x509) { - if (wolfSSL_sk_X509_push(ret, x509) != WOLFSSL_SUCCESS) { + if (wolfSSL_sk_X509_push(ret, x509) <= 0) { wolfSSL_X509_free(x509); WOLFSSL_MSG("wolfSSL_sk_X509_push error"); goto error; @@ -295,7 +294,7 @@ WOLFSSL_STACK* wolfSSL_PKCS7_get0_signers(PKCS7* pkcs7, WOLFSSL_STACK* certs, return NULL; } - if (wolfSSL_sk_X509_push(signers, x509) != WOLFSSL_SUCCESS) { + if (wolfSSL_sk_X509_push(signers, x509) <= 0) { wolfSSL_sk_X509_pop_free(signers, NULL); return NULL; } @@ -352,7 +351,7 @@ int wolfSSL_i2d_PKCS7(PKCS7 *p7, unsigned char **out) int localBuf = 0; int len; WC_RNG rng; - int ret = WOLFSSL_FAILURE; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); WOLFSSL_ENTER("wolfSSL_i2d_PKCS7"); if (!out || !p7) { @@ -397,9 +396,9 @@ int wolfSSL_i2d_PKCS7(PKCS7 *p7, unsigned char **out) wc_FreeRng(&rng); p7->rng = NULL; } - if (ret == WOLFSSL_FAILURE && localBuf && output) + if (ret == WC_NO_ERR_TRACE(WOLFSSL_FAILURE) && localBuf) XFREE(output, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (ret != WOLFSSL_FAILURE) + if (ret != WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) *out = output; return ret; } @@ -408,7 +407,7 @@ int wolfSSL_i2d_PKCS7_bio(WOLFSSL_BIO *bio, PKCS7 *p7) { byte* output = NULL; int len; - int ret = WOLFSSL_FAILURE; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); WOLFSSL_ENTER("wolfSSL_i2d_PKCS7_bio"); if (!bio || !p7) { @@ -416,7 +415,9 @@ int wolfSSL_i2d_PKCS7_bio(WOLFSSL_BIO *bio, PKCS7 *p7) return WOLFSSL_FAILURE; } - if ((len = wolfSSL_i2d_PKCS7(p7, &output)) == WOLFSSL_FAILURE) { + if ((len = wolfSSL_i2d_PKCS7(p7, &output)) == + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) + { WOLFSSL_MSG("wolfSSL_i2d_PKCS7 error"); goto cleanup; } @@ -428,8 +429,7 @@ int wolfSSL_i2d_PKCS7_bio(WOLFSSL_BIO *bio, PKCS7 *p7) ret = WOLFSSL_SUCCESS; cleanup: - if (output) - XFREE(output, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(output, NULL, DYNAMIC_TYPE_TMP_BUFFER); return ret; } @@ -602,7 +602,7 @@ static int wolfSSL_BIO_to_MIME_crlf(WOLFSSL_BIO* in, WOLFSSL_BIO* out) canonLineLen = (word32)lineLen; if ((canonLine = wc_MIME_single_canonicalize( line, &canonLineLen)) == NULL) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; break; } @@ -612,7 +612,7 @@ static int wolfSSL_BIO_to_MIME_crlf(WOLFSSL_BIO* in, WOLFSSL_BIO* out) } if (wolfSSL_BIO_write(out, canonLine, (int)canonLineLen) < 0) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; break; } XFREE(canonLine, NULL, DYNAMIC_TYPE_PKCS7); @@ -621,15 +621,13 @@ static int wolfSSL_BIO_to_MIME_crlf(WOLFSSL_BIO* in, WOLFSSL_BIO* out) else { /* no line ending in current line, write direct to out */ if (wolfSSL_BIO_write(out, line, lineLen) < 0) { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; break; } } } - if (canonLine != NULL) { - XFREE(canonLine, NULL, DYNAMIC_TYPE_PKCS7); - } + XFREE(canonLine, NULL, DYNAMIC_TYPE_PKCS7); #ifdef WOLFSSL_SMALL_STACK XFREE(line, in->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif @@ -718,9 +716,7 @@ int wolfSSL_PKCS7_final(PKCS7* pkcs7, WOLFSSL_BIO* in, int flags) } } - if (mem != NULL) { - XFREE(mem, in->heap, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(mem, in->heap, DYNAMIC_TYPE_TMP_BUFFER); } else { #ifdef HAVE_SMIME @@ -746,9 +742,7 @@ int wolfSSL_PKCS7_final(PKCS7* pkcs7, WOLFSSL_BIO* in, int flags) } if (ret == 1) { - if (p7->data != NULL) { - XFREE(p7->data, NULL, DYNAMIC_TYPE_PKCS7); - } + XFREE(p7->data, NULL, DYNAMIC_TYPE_PKCS7); p7->data = (byte*)XMALLOC(memSz, NULL, DYNAMIC_TYPE_PKCS7); if (p7->data == NULL) { ret = 0; @@ -1040,19 +1034,11 @@ int wolfSSL_PEM_write_bio_PKCS7(WOLFSSL_BIO* bio, PKCS7* p7) error: #ifdef WOLFSSL_SMALL_STACK - if (outputHead) { - XFREE(outputHead, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); - } - if (outputFoot) { - XFREE(outputFoot, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(outputHead, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(outputFoot, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif - if (output) { - XFREE(output, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); - } - if (pem) { - XFREE(pem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(output, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); return WOLFSSL_FAILURE; } @@ -1168,7 +1154,8 @@ PKCS7* wolfSSL_SMIME_read_PKCS7(WOLFSSL_BIO* in, } XMEMSET(boundary, 0, (word32)(boundLen+1)); boundary[0] = boundary[1] = '-'; - XSTRNCPY(&boundary[2], curParam->value, boundLen-2); + /* analyzers have issues with using strncpy and strcpy here */ + XMEMCPY(&boundary[2], curParam->value, boundLen - 2); /* Parse up to first boundary, ignore everything here. */ lineLen = wolfSSL_BIO_gets(in, section, remainLen); @@ -1387,10 +1374,8 @@ PKCS7* wolfSSL_SMIME_read_PKCS7(WOLFSSL_BIO* in, XFREE(boundary, NULL, DYNAMIC_TYPE_PKCS7); XFREE(outHead, NULL, DYNAMIC_TYPE_PKCS7); XFREE(section, NULL, DYNAMIC_TYPE_PKCS7); - if (canonSection != NULL) - XFREE(canonSection, NULL, DYNAMIC_TYPE_PKCS7); - if (canonLine != NULL) - XFREE(canonLine, NULL, DYNAMIC_TYPE_PKCS7); + XFREE(canonSection, NULL, DYNAMIC_TYPE_PKCS7); + XFREE(canonLine, NULL, DYNAMIC_TYPE_PKCS7); if (bcont) { wolfSSL_BIO_free(*bcont); *bcont = NULL; /* reset 'bcount' pointer to NULL on failure */ @@ -1491,7 +1476,9 @@ int wolfSSL_SMIME_write_PKCS7(WOLFSSL_BIO* out, PKCS7* pkcs7, WOLFSSL_BIO* in, if (ret > 0) { /* Generate signedData bundle, DER in output (dynamic) */ - if ((len = wolfSSL_i2d_PKCS7((PKCS7*)p7, &p7out)) == WOLFSSL_FAILURE) { + if ((len = wolfSSL_i2d_PKCS7((PKCS7*)p7, &p7out)) == + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) + { WOLFSSL_MSG("Error in wolfSSL_i2d_PKCS7"); ret = 0; } @@ -1607,12 +1594,8 @@ int wolfSSL_SMIME_write_PKCS7(WOLFSSL_BIO* out, PKCS7* pkcs7, WOLFSSL_BIO* in, } } - if (p7out != NULL) { - XFREE(p7out, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } - if (sigBase64 != NULL) { - XFREE(sigBase64, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(p7out, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(sigBase64, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (ret > 0) { return WOLFSSL_SUCCESS; @@ -1704,8 +1687,7 @@ WC_PKCS12* wolfSSL_d2i_PKCS12_bio(WOLFSSL_BIO* bio, WC_PKCS12** pkcs12) } /* cleanup */ - if (mem != NULL) - XFREE(mem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(mem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); if (ret < 0 && localPkcs12 != NULL) { wc_PKCS12_free(localPkcs12); localPkcs12 = NULL; @@ -1725,7 +1707,7 @@ WC_PKCS12* wolfSSL_d2i_PKCS12_bio(WOLFSSL_BIO* bio, WC_PKCS12** pkcs12) */ int wolfSSL_i2d_PKCS12_bio(WOLFSSL_BIO *bio, WC_PKCS12 *pkcs12) { - int ret = WOLFSSL_FAILURE; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); WOLFSSL_ENTER("wolfSSL_i2d_PKCS12_bio"); @@ -1740,9 +1722,7 @@ int wolfSSL_i2d_PKCS12_bio(WOLFSSL_BIO *bio, WC_PKCS12 *pkcs12) } } - if (certDer != NULL) { - XFREE(certDer, NULL, DYNAMIC_TYPE_PKCS); - } + XFREE(certDer, NULL, DYNAMIC_TYPE_PKCS); } return ret; @@ -1904,12 +1884,8 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, *ca = (WOLF_STACK_OF(WOLFSSL_X509)*)XMALLOC( sizeof(WOLF_STACK_OF(WOLFSSL_X509)), heap, DYNAMIC_TYPE_X509); if (*ca == NULL) { - if (pk != NULL) { - XFREE(pk, heap, DYNAMIC_TYPE_PUBLIC_KEY); - } - if (certData != NULL) { - XFREE(certData, heap, DYNAMIC_TYPE_PKCS); - } + XFREE(pk, heap, DYNAMIC_TYPE_PUBLIC_KEY); + XFREE(certData, heap, DYNAMIC_TYPE_PKCS); /* Free up WC_DerCertList and move on */ while (current != NULL) { WC_DerCertList* next = current->next; @@ -1943,12 +1919,8 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, FreeDecodedCert(DeCert); wolfSSL_X509_free(x509); wolfSSL_sk_X509_pop_free(*ca, NULL); *ca = NULL; - if (pk != NULL) { - XFREE(pk, heap, DYNAMIC_TYPE_PUBLIC_KEY); - } - if (certData != NULL) { - XFREE(certData, heap, DYNAMIC_TYPE_PKCS); - } + XFREE(pk, heap, DYNAMIC_TYPE_PUBLIC_KEY); + XFREE(certData, heap, DYNAMIC_TYPE_PKCS); /* Free up WC_DerCertList */ while (current != NULL) { WC_DerCertList* next = current->next; @@ -1962,16 +1934,12 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, } FreeDecodedCert(DeCert); - if (wolfSSL_sk_X509_push(*ca, x509) != 1) { + if (wolfSSL_sk_X509_push(*ca, x509) <= 0) { WOLFSSL_MSG("Failed to push x509 onto stack"); wolfSSL_X509_free(x509); wolfSSL_sk_X509_pop_free(*ca, NULL); *ca = NULL; - if (pk != NULL) { - XFREE(pk, heap, DYNAMIC_TYPE_PUBLIC_KEY); - } - if (certData != NULL) { - XFREE(certData, heap, DYNAMIC_TYPE_PKCS); - } + XFREE(pk, heap, DYNAMIC_TYPE_PUBLIC_KEY); + XFREE(certData, heap, DYNAMIC_TYPE_PKCS); /* Free up WC_DerCertList */ while (current != NULL) { @@ -1997,9 +1965,7 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, *cert = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), heap, DYNAMIC_TYPE_X509); if (*cert == NULL) { - if (pk != NULL) { - XFREE(pk, heap, DYNAMIC_TYPE_PUBLIC_KEY); - } + XFREE(pk, heap, DYNAMIC_TYPE_PUBLIC_KEY); if (ca != NULL) { wolfSSL_sk_X509_pop_free(*ca, NULL); *ca = NULL; } @@ -2015,9 +1981,7 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, if (CopyDecodedToX509(*cert, DeCert) != 0) { WOLFSSL_MSG("Failed to copy decoded cert"); FreeDecodedCert(DeCert); - if (pk != NULL) { - XFREE(pk, heap, DYNAMIC_TYPE_PUBLIC_KEY); - } + XFREE(pk, heap, DYNAMIC_TYPE_PUBLIC_KEY); if (ca != NULL) { wolfSSL_sk_X509_pop_free(*ca, NULL); *ca = NULL; } @@ -2064,8 +2028,7 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, } } #endif /* HAVE_ECC */ - if (pk != NULL) - XFREE(pk, heap, DYNAMIC_TYPE_PKCS); + XFREE(pk, heap, DYNAMIC_TYPE_PKCS); if (ret != 0) { /* if is in fail state and no PKEY then fail */ wolfSSL_X509_free(*cert); *cert = NULL; if (ca != NULL) { diff --git a/src/src/ssl_sess.c b/src/src/ssl_sess.c index 43ce1f5..91f2c84 100644 --- a/src/src/ssl_sess.c +++ b/src/src/ssl_sess.c @@ -1004,7 +1004,7 @@ WOLFSSL_SESSION* wolfSSL_GetSessionClient(WOLFSSL* ssl, const byte* id, int len) #else current = &sessRow->Sessions[clSess[idx].serverIdx]; #endif - if (current && XMEMCMP(current->serverID, id, len) == 0) { + if (current && XMEMCMP(current->serverID, id, (unsigned long)len) == 0) { WOLFSSL_MSG("Found a serverid match for client"); if (LowResTimer() < (current->bornOn + current->timeout)) { WOLFSSL_MSG("Session valid"); @@ -1309,8 +1309,7 @@ int wolfSSL_GetSessionFromCache(WOLFSSL* ssl, WOLFSSL_SESSION* output) output->ticketLenAlloc = 0; } #ifdef WOLFSSL_SMALL_STACK - if (tmpTicket != NULL) - XFREE(tmpTicket, output->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tmpTicket, output->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif return WOLFSSL_FAILURE; } @@ -1330,16 +1329,12 @@ int wolfSSL_GetSessionFromCache(WOLFSSL* ssl, WOLFSSL_SESSION* output) output->ticketLenAlloc = 0; } #ifdef WOLFSSL_TLS13 - if (preallocNonce != NULL) { - XFREE(preallocNonce, output->heap, DYNAMIC_TYPE_SESSION_TICK); - preallocNonce = NULL; - } + XFREE(preallocNonce, output->heap, DYNAMIC_TYPE_SESSION_TICK); + preallocNonce = NULL; #endif /* WOLFSSL_TLS13 */ #ifdef WOLFSSL_SMALL_STACK - if (tmpTicket != NULL) { - XFREE(tmpTicket, output->heap, DYNAMIC_TYPE_TMP_BUFFER); - tmpTicket = NULL; - } + XFREE(tmpTicket, output->heap, DYNAMIC_TYPE_TMP_BUFFER); + tmpTicket = NULL; #endif #endif } @@ -1413,12 +1408,11 @@ int wolfSSL_GetSessionFromCache(WOLFSSL* ssl, WOLFSSL_SESSION* output) output->ticketLen = 0; } if (error == WOLFSSL_SUCCESS) { - XMEMCPY(output->ticket, tmpTicket, output->ticketLen); + XMEMCPY(output->ticket, tmpTicket, output->ticketLen); /* cppcheck-suppress uninitvar */ } } #ifdef WOLFSSL_SMALL_STACK - if (tmpTicket != NULL) - XFREE(tmpTicket, output->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tmpTicket, output->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) && \ @@ -1455,8 +1449,7 @@ int wolfSSL_GetSessionFromCache(WOLFSSL* ssl, WOLFSSL_SESSION* output) preallocNonce = NULL; } } - if (preallocNonce != NULL) - XFREE(preallocNonce, output->heap, DYNAMIC_TYPE_SESSION_TICK); + XFREE(preallocNonce, output->heap, DYNAMIC_TYPE_SESSION_TICK); #endif /* WOLFSSL_TLS13 && WOLFSSL_TICKET_NONCE_MALLOC && FIPS_VERSION_GE(5,3)*/ #endif @@ -1632,7 +1625,7 @@ ClientSession* AddSessionToClientCache(int side, int row, int idx, ID_LEN, &error) % CLIENT_SESSION_ROWS; } else { - error = -1; + error = WOLFSSL_FATAL_ERROR; } if (error == 0 && wc_LockMutex(&clisession_mutex) == 0) { clientIdx = (word32)ClientCache[clientRow].nextIdx; @@ -1651,7 +1644,7 @@ ClientSession* AddSessionToClientCache(int side, int row, int idx, } } else { - error = -1; + error = WOLFSSL_FATAL_ERROR; ClientCache[clientRow].nextIdx = 0; /* reset index as safety */ WOLFSSL_MSG("Invalid client cache index! " "Possible corrupted memory"); @@ -1716,14 +1709,14 @@ WOLFSSL_SESSION* ClientSessionToSession(const WOLFSSL_SESSION* session) if (clientSession->serverRow >= SESSION_ROWS || clientSession->serverIdx >= SESSIONS_PER_ROW) { WOLFSSL_MSG("Client cache serverRow or serverIdx invalid"); - error = -1; + error = WOLFSSL_FATAL_ERROR; } - /* Prevent memory access before clientSession->serverRow and - * clientSession->serverIdx are sanitized. */ - XFENCE(); if (error == 0) { /* Lock row */ sessRow = &SessionCache[clientSession->serverRow]; + /* Prevent memory access before clientSession->serverRow and + * clientSession->serverIdx are sanitized. */ + XFENCE(); error = SESSION_ROW_RD_LOCK(sessRow); if (error != 0) { WOLFSSL_MSG("Session cache row lock failure"); @@ -1736,10 +1729,12 @@ WOLFSSL_SESSION* ClientSessionToSession(const WOLFSSL_SESSION* session) #else cacheSession = &sessRow->Sessions[clientSession->serverIdx]; #endif + /* Prevent memory access */ + XFENCE(); if (cacheSession && cacheSession->sessionIDSz == 0) { cacheSession = NULL; WOLFSSL_MSG("Session cache entry not set"); - error = -1; + error = WOLFSSL_FATAL_ERROR; } } if (error == 0) { @@ -1839,8 +1834,7 @@ int AddSessionToCache(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* addSession, preallocNonce = (byte*)XMALLOC(addSession->ticketNonce.len, addSession->heap, DYNAMIC_TYPE_SESSION_TICK); if (preallocNonce == NULL) { - if (ticBuff != NULL) - XFREE(ticBuff, addSession->heap, DYNAMIC_TYPE_SESSION_TICK); + XFREE(ticBuff, addSession->heap, DYNAMIC_TYPE_SESSION_TICK); return MEMORY_E; } preallocNonceLen = addSession->ticketNonce.len; @@ -1855,7 +1849,8 @@ int AddSessionToCache(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* addSession, WOLFSSL_MSG("Hash session failed"); #ifdef HAVE_SESSION_TICKET XFREE(ticBuff, NULL, DYNAMIC_TYPE_SESSION_TICK); - #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) + #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) && \ + (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) XFREE(preallocNonce, addSession->heap, DYNAMIC_TYPE_SESSION_TICK); #endif #endif @@ -1866,7 +1861,8 @@ int AddSessionToCache(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* addSession, if (SESSION_ROW_WR_LOCK(sessRow) != 0) { #ifdef HAVE_SESSION_TICKET XFREE(ticBuff, NULL, DYNAMIC_TYPE_SESSION_TICK); - #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) + #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) && \ + (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) XFREE(preallocNonce, addSession->heap, DYNAMIC_TYPE_SESSION_TICK); #endif #endif @@ -1905,7 +1901,8 @@ int AddSessionToCache(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* addSession, if (cacheSession == NULL) { #ifdef HAVE_SESSION_TICKET XFREE(ticBuff, NULL, DYNAMIC_TYPE_SESSION_TICK); - #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) + #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TICKET_NONCE_MALLOC) && \ + (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) XFREE(preallocNonce, addSession->heap, DYNAMIC_TYPE_SESSION_TICK); #endif #endif @@ -1994,10 +1991,12 @@ int AddSessionToCache(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* addSession, #if defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_TLS13) && \ defined(WOLFSSL_TICKET_NONCE_MALLOC) && \ (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) - ret = wolfSSL_DupSessionEx(addSession, cacheSession, 1, preallocNonce, - &preallocNonceLen, &preallocNonceUsed) == WOLFSSL_FAILURE; + ret = (wolfSSL_DupSessionEx(addSession, cacheSession, 1, preallocNonce, + &preallocNonceLen, &preallocNonceUsed) + == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); #else - ret = wolfSSL_DupSession(addSession, cacheSession, 1) == WOLFSSL_FAILURE; + ret = (wolfSSL_DupSession(addSession, cacheSession, 1) + == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); #endif /* HAVE_SESSION_TICKET && WOLFSSL_TLS13 && WOLFSSL_TICKET_NONCE_MALLOC && FIPS_VERSION_GE(5,3)*/ #if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) @@ -3906,8 +3905,7 @@ static int wolfSSL_DupSessionEx(const WOLFSSL_SESSION* input, } } else { - if (ticBuff != NULL) - XFREE(ticBuff, output->heap, DYNAMIC_TYPE_SESSION_TICK); + XFREE(ticBuff, output->heap, DYNAMIC_TYPE_SESSION_TICK); output->ticket = output->staticTicket; output->ticketLenAlloc = 0; } @@ -4237,7 +4235,7 @@ const byte* wolfSSL_get_sessionID(const WOLFSSL_SESSION* session) int wolfSSL_SESSION_set_ex_data(WOLFSSL_SESSION* session, int idx, void* data) { - int ret = WOLFSSL_FAILURE; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); WOLFSSL_ENTER("wolfSSL_SESSION_set_ex_data"); #ifdef HAVE_EX_DATA session = ClientSessionToSession(session); diff --git a/src/src/tls.c b/src/src/tls.c index 6529216..8441acf 100644 --- a/src/src/tls.c +++ b/src/src/tls.c @@ -1,6 +1,6 @@ /* tls.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -52,7 +52,7 @@ #include #ifdef WOLFSSL_WC_KYBER #include -#elif defined(HAVE_LIBOQS) || defined(HAVE_PQM4) +#elif defined(HAVE_LIBOQS) #include #endif #endif @@ -760,6 +760,15 @@ int wolfSSL_SetTlsHmacInner(WOLFSSL* ssl, byte* inner, word32 sz, int content, if (ssl == NULL || inner == NULL) return BAD_FUNC_ARG; + if (content == dtls12_cid +#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID) + || (ssl->options.dtls && DtlsGetCidTxSize(ssl) > 0) +#endif + ) { + WOLFSSL_MSG("wolfSSL_SetTlsHmacInner doesn't support CID"); + return BAD_FUNC_ARG; + } + XMEMSET(inner, 0, WOLFSSL_TLS_HMAC_INNER_SZ); WriteSEQ(ssl, verify, inner); @@ -918,10 +927,11 @@ static int Hmac_OuterHash(Hmac* hmac, unsigned char* mac) * in Message data. * sz Size of the message data. * header Constructed record header with length of handshake data. + * headerSz Length of header * returns 0 on success, otherwise failure. */ static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in, - word32 sz, int macLen, byte* header) + word32 sz, int macLen, byte* header, word32 headerSz) { byte lenBytes[8]; int i, j; @@ -929,7 +939,7 @@ static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in, int blockBits, blockMask; int lastBlockLen, extraLen, eocIndex; int blocks, safeBlocks, lenBlock, eocBlock; - unsigned int maxLen; + word32 maxLen; int blockSz, padSz; int ret; word32 realLen; @@ -982,29 +992,30 @@ static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in, blockMask = blockSz - 1; /* Size of data to HMAC if padding length byte is zero. */ - maxLen = WOLFSSL_TLS_HMAC_INNER_SZ + sz - 1 - macLen; + maxLen = WOLFSSL_TLS_HMAC_INNER_SZ + sz - 1 - (word32)macLen; + /* Complete data (including padding) has block for EOC and/or length. */ - extraBlock = ctSetLTE((maxLen + padSz) & blockMask, padSz); + extraBlock = ctSetLTE(((int)maxLen + padSz) & blockMask, padSz); /* Total number of blocks for data including padding. */ - blocks = ((maxLen + blockSz - 1) >> blockBits) + extraBlock; + blocks = ((int)(maxLen + (word32)blockSz - 1) >> blockBits) + extraBlock; /* Up to last 6 blocks can be hashed safely. */ safeBlocks = blocks - 6; /* Length of message data. */ realLen = maxLen - in[sz - 1]; /* Number of message bytes in last block. */ - lastBlockLen = realLen & blockMask; + lastBlockLen = (int)realLen & blockMask; /* Number of padding bytes in last block. */ extraLen = ((blockSz * 2 - padSz - lastBlockLen) & blockMask) + 1; /* Number of blocks to create for hash. */ - lenBlock = (realLen + extraLen) >> blockBits; + lenBlock = ((int)realLen + extraLen) >> blockBits; /* Block containing EOC byte. */ - eocBlock = realLen >> blockBits; + eocBlock = (int)(realLen >> (word32)blockBits); /* Index of EOC byte in block. */ - eocIndex = realLen & blockMask; + eocIndex = (int)(realLen & (word32)blockMask); /* Add length of hmac's ipad to total length. */ - realLen += blockSz; + realLen += (word32)blockSz; /* Length as bits - 8 bytes bigendian. */ c32toa(realLen >> ((sizeof(word32) * 8) - 3), lenBytes); c32toa(realLen << 3, lenBytes + sizeof(word32)); @@ -1016,11 +1027,12 @@ static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in, XMEMSET(hmac->innerHash, 0, macLen); if (safeBlocks > 0) { - ret = Hmac_HashUpdate(hmac, header, WOLFSSL_TLS_HMAC_INNER_SZ); + ret = Hmac_HashUpdate(hmac, header, headerSz); if (ret != 0) return ret; - ret = Hmac_HashUpdate(hmac, in, safeBlocks * blockSz - - WOLFSSL_TLS_HMAC_INNER_SZ); + ret = Hmac_HashUpdate(hmac, in, (word32)(safeBlocks * blockSz - + WOLFSSL_TLS_HMAC_INNER_SZ)); + if (ret != 0) return ret; } @@ -1039,10 +1051,10 @@ static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in, unsigned char pastEoc = ctMaskGT(j, eocIndex) & isEocBlock; unsigned char b = 0; - if (k < WOLFSSL_TLS_HMAC_INNER_SZ) + if (k < headerSz) b = header[k]; else if (k < maxLen) - b = in[k - WOLFSSL_TLS_HMAC_INNER_SZ]; + b = in[k - headerSz]; k++; b = ctMaskSel(atEoc, 0x80, b); @@ -1056,7 +1068,7 @@ static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in, hashBlock[j] = b; } - ret = Hmac_HashUpdate(hmac, hashBlock, (word32)blockSz); + ret = Hmac_HashUpdate(hmac, hashBlock, (word32)blockSz); /* cppcheck-suppress uninitvar */ if (ret != 0) return ret; ret = Hmac_HashFinalRaw(hmac, hashBlock); @@ -1085,10 +1097,11 @@ static int Hmac_UpdateFinal_CT(Hmac* hmac, byte* digest, const byte* in, * in Message data. * sz Size of the message data. * header Constructed record header with length of handshake data. + * headerSz Length of header * returns 0 on success, otherwise failure. */ static int Hmac_UpdateFinal(Hmac* hmac, byte* digest, const byte* in, - word32 sz, byte* header) + word32 sz, byte* header, word32 headerSz) { byte dummy[WC_MAX_BLOCK_SIZE] = {0}; int ret = 0; @@ -1174,7 +1187,7 @@ static int Hmac_UpdateFinal(Hmac* hmac, byte* digest, const byte* in, /* Calculate whole blocks. */ msgBlocks--; - ret = wc_HmacUpdate(hmac, header, WOLFSSL_TLS_HMAC_INNER_SZ); + ret = wc_HmacUpdate(hmac, header, headerSz); if (ret == 0) { /* Fill the rest of the block with any available data. */ word32 currSz = ctMaskLT((int)msgSz, blockSz) & msgSz; @@ -1210,11 +1223,66 @@ static int Hmac_UpdateFinal(Hmac* hmac, byte* digest, const byte* in, #endif +#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID) +#define TLS_HMAC_CID_SZ(s, v) \ + ((v) ? DtlsGetCidRxSize((s)) \ + : DtlsGetCidTxSize((s))) +#define TLS_HMAC_CID(s, v, b, c) \ + ((v) ? wolfSSL_dtls_cid_get_rx((s), (b), (c)) \ + : wolfSSL_dtls_cid_get_tx((s), (b), (c))) +#endif + +static int TLS_hmac_SetInner(WOLFSSL* ssl, byte* inner, word32* innerSz, + word32 sz, int content, int verify, int epochOrder) +{ +#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID) + unsigned int cidSz = 0; + if (ssl->options.dtls && (cidSz = TLS_HMAC_CID_SZ(ssl, verify)) > 0) { + word32 idx = 0; + if (cidSz > DTLS_CID_MAX_SIZE) { + WOLFSSL_MSG("DTLS CID too large"); + return DTLS_CID_ERROR; + } + + XMEMSET(inner + idx, 0xFF, SEQ_SZ); + idx += SEQ_SZ; + inner[idx++] = dtls12_cid; + inner[idx++] = (byte)cidSz; + inner[idx++] = dtls12_cid; + inner[idx++] = ssl->version.major; + inner[idx++] = ssl->version.minor; + WriteSEQ(ssl, epochOrder, inner + idx); + idx += SEQ_SZ; + if (TLS_HMAC_CID(ssl, verify, inner + idx, cidSz) == + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) { + WOLFSSL_MSG("DTLS CID write failed"); + return DTLS_CID_ERROR; + } + idx += cidSz; + c16toa((word16)sz, inner + idx); + idx += LENGTH_SZ; + + *innerSz = idx; + return 0; + } +#endif + *innerSz = WOLFSSL_TLS_HMAC_INNER_SZ; + return wolfSSL_SetTlsHmacInner(ssl, inner, sz, content, + !ssl->options.dtls ? verify : epochOrder); +} + +#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID) +#define TLS_HMAC_INNER_SZ WOLFSSL_TLS_HMAC_CID_INNER_SZ +#else +#define TLS_HMAC_INNER_SZ WOLFSSL_TLS_HMAC_INNER_SZ +#endif + int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, int padSz, int content, int verify, int epochOrder) { Hmac hmac; - byte myInner[WOLFSSL_TLS_HMAC_INNER_SZ]; + byte myInner[TLS_HMAC_INNER_SZ]; + word32 innerSz = TLS_HMAC_INNER_SZ; int ret = 0; const byte* macSecret = NULL; word32 hashSz = 0; @@ -1242,10 +1310,10 @@ int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, int padSz, } #endif - if (!ssl->options.dtls) - wolfSSL_SetTlsHmacInner(ssl, myInner, sz, content, verify); - else - wolfSSL_SetTlsHmacInner(ssl, myInner, sz, content, epochOrder); + ret = TLS_hmac_SetInner(ssl, myInner, &innerSz, sz, content, verify, + epochOrder); + if (ret != 0) + return ret; ret = wc_HmacInit(&hmac, ssl->heap, ssl->devId); if (ret != 0) @@ -1256,10 +1324,8 @@ int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, int padSz, if (ssl->options.dtls) macSecret = wolfSSL_GetDtlsMacSecret(ssl, verify, epochOrder); else - macSecret = wolfSSL_GetMacSecret(ssl, verify); -#else - macSecret = wolfSSL_GetMacSecret(ssl, verify); #endif + macSecret = wolfSSL_GetMacSecret(ssl, verify); ret = wc_HmacSetKey(&hmac, wolfSSL_GetHmacType(ssl), macSecret, ssl->specs.hash_size); @@ -1272,21 +1338,23 @@ int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, int padSz, #ifdef HAVE_BLAKE2 if (wolfSSL_GetHmacType(ssl) == WC_HASH_TYPE_BLAKE2B) { ret = Hmac_UpdateFinal(&hmac, digest, in, - sz + hashSz + padSz + 1, myInner); + sz + hashSz + padSz + 1, myInner, innerSz); } else #endif { ret = Hmac_UpdateFinal_CT(&hmac, digest, in, - sz + hashSz + padSz + 1, hashSz, myInner); + (sz + hashSz + (word32)padSz + 1), + (int)hashSz, myInner, innerSz); + } #else ret = Hmac_UpdateFinal(&hmac, digest, in, sz + hashSz + padSz + 1, - myInner); + myInner, innerSz); #endif } else { - ret = wc_HmacUpdate(&hmac, myInner, sizeof(myInner)); + ret = wc_HmacUpdate(&hmac, myInner, innerSz); if (ret == 0) ret = wc_HmacUpdate(&hmac, in, sz); /* content */ if (ret == 0) @@ -1830,7 +1898,7 @@ static int TLSX_ALPN_ParseAndSet(WOLFSSL *ssl, const byte *input, word16 length, byte isRequest) { word16 size = 0, offset = 0, wlen; - int r = BUFFER_ERROR; + int r = WC_NO_ERR_TRACE(BUFFER_ERROR); const byte *s; if (OPAQUE16_LEN > length) @@ -2682,8 +2750,7 @@ static void TLSX_TCA_Free(TCA* tca, void* heap) (void)heap; if (tca) { - if (tca->id) - XFREE(tca->id, heap, DYNAMIC_TYPE_TLSX); + XFREE(tca->id, heap, DYNAMIC_TYPE_TLSX); XFREE(tca, heap, DYNAMIC_TYPE_TLSX); } } @@ -3117,51 +3184,64 @@ int TLSX_UseTruncatedHMAC(TLSX** extensions, void* heap) static void TLSX_CSR_Free(CertificateStatusRequest* csr, void* heap) { + int i; + switch (csr->status_type) { case WOLFSSL_CSR_OCSP: - FreeOcspRequest(&csr->request.ocsp); + for (i = 0; i <= csr->requests; i++) { + FreeOcspRequest(&csr->request.ocsp[i]); + } break; } - #ifdef WOLFSSL_TLS13 - if (csr->response.buffer != NULL) { - XFREE(csr->response.buffer, csr->ssl->heap, + for (i = 0; i < MAX_CERT_EXTENSIONS; i++) { + if (csr->responses[i].buffer != NULL) { + XFREE(csr->responses[i].buffer, heap, DYNAMIC_TYPE_TMP_BUFFER); + } } #endif XFREE(csr, heap, DYNAMIC_TYPE_TLSX); (void)heap; } -static word16 TLSX_CSR_GetSize(CertificateStatusRequest* csr, byte isRequest) +word16 TLSX_CSR_GetSize_ex(CertificateStatusRequest* csr, byte isRequest, + int idx) { word16 size = 0; /* shut up compiler warnings */ (void) csr; (void) isRequest; - #ifndef NO_WOLFSSL_CLIENT if (isRequest) { switch (csr->status_type) { case WOLFSSL_CSR_OCSP: size += ENUM_LEN + 2 * OPAQUE16_LEN; - if (csr->request.ocsp.nonceSz) + if (csr->request.ocsp[0].nonceSz) size += OCSP_NONCE_EXT_SZ; break; } } #endif #if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER) - if (!isRequest && csr->ssl->options.tls1_3) - return OPAQUE8_LEN + OPAQUE24_LEN + csr->response.length; + if (!isRequest && IsAtLeastTLSv1_3(csr->ssl->version)) { + return (word16)(OPAQUE8_LEN + OPAQUE24_LEN + + csr->responses[idx].length); + } +#else + (void)idx; #endif - return size; } -static int TLSX_CSR_Write(CertificateStatusRequest* csr, byte* output, - byte isRequest) +static word16 TLSX_CSR_GetSize(CertificateStatusRequest* csr, byte isRequest) +{ + return TLSX_CSR_GetSize_ex(csr, isRequest, 0); +} + +int TLSX_CSR_Write_ex(CertificateStatusRequest* csr, byte* output, + byte isRequest, int idx) { /* shut up compiler warnings */ (void) csr; (void) output; (void) isRequest; @@ -3182,8 +3262,8 @@ static int TLSX_CSR_Write(CertificateStatusRequest* csr, byte* output, offset += OPAQUE16_LEN; /* request extensions */ - if (csr->request.ocsp.nonceSz) { - ret = (int)EncodeOcspRequestExtensions(&csr->request.ocsp, + if (csr->request.ocsp[0].nonceSz) { + ret = (int)EncodeOcspRequestExtensions(&csr->request.ocsp[0], output + offset + OPAQUE16_LEN, OCSP_NONCE_EXT_SZ); @@ -3205,20 +3285,112 @@ static int TLSX_CSR_Write(CertificateStatusRequest* csr, byte* output, } #endif #if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER) - if (!isRequest && csr->ssl->options.tls1_3) { + if (!isRequest && IsAtLeastTLSv1_3(csr->ssl->version)) { word16 offset = 0; output[offset++] = csr->status_type; - c32to24(csr->response.length, output + offset); + c32to24(csr->responses[idx].length, output + offset); offset += OPAQUE24_LEN; - XMEMCPY(output + offset, csr->response.buffer, csr->response.length); - offset += csr->response.length; + XMEMCPY(output + offset, csr->responses[idx].buffer, + csr->responses[idx].length); + offset += (word16)csr->responses[idx].length; return offset; } +#else + (void)idx; #endif return 0; } +static int TLSX_CSR_Write(CertificateStatusRequest* csr, byte* output, + byte isRequest) +{ + return TLSX_CSR_Write_ex(csr, output, isRequest, 0); +} + +#if !defined(NO_WOLFSSL_SERVER) && defined(WOLFSSL_TLS13) && \ + defined(WOLFSSL_TLS_OCSP_MULTI) +/* Process OCSP request certificate chain + * + * ssl SSL/TLS object. + * returns 0 on success, otherwise failure. + */ +static int ProcessChainOCSPRequest(WOLFSSL* ssl) +{ + DecodedCert* cert; + OcspRequest* request; + TLSX* extension; + CertificateStatusRequest* csr; + DerBuffer* chain; + word32 pos = 0; + buffer der; + int i = 1; + int ret = 0; + byte ctxOwnsRequest = 0; + + /* use certChain if available, otherwise use peer certificate */ + chain = ssl->buffers.certChain; + if (chain == NULL) { + chain = ssl->buffers.certificate; + } + + extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST); + csr = extension ? + (CertificateStatusRequest*)extension->data : NULL; + if (csr == NULL) + return MEMORY_ERROR; + + cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), ssl->heap, + DYNAMIC_TYPE_DCERT); + if (cert == NULL) { + return MEMORY_E; + } + + if (chain && chain->buffer) { + while (ret == 0 && pos + OPAQUE24_LEN < chain->length) { + c24to32(chain->buffer + pos, &der.length); + pos += OPAQUE24_LEN; + der.buffer = chain->buffer + pos; + pos += der.length; + + if (pos > chain->length) + break; + request = &csr->request.ocsp[i]; + if (ret == 0) { + ret = CreateOcspRequest(ssl, request, cert, + der.buffer, der.length, &ctxOwnsRequest); + if (ctxOwnsRequest) { + wolfSSL_Mutex* ocspLock = + &SSL_CM(ssl)->ocsp_stapling->ocspLock; + if (wc_LockMutex(ocspLock) == 0) { + /* the request is ours */ + ssl->ctx->certOcspRequest = NULL; + } + wc_UnLockMutex(ocspLock); + } + } + + if (ret == 0) { + request->ssl = ssl; + ret = CheckOcspRequest(SSL_CM(ssl)->ocsp_stapling, + request, &csr->responses[i], ssl->heap); + /* Suppressing, not critical */ + if (ret == WC_NO_ERR_TRACE(OCSP_CERT_REVOKED) || + ret == WC_NO_ERR_TRACE(OCSP_CERT_UNKNOWN) || + ret == WC_NO_ERR_TRACE(OCSP_LOOKUP_FAIL)) { + ret = 0; + } + i++; + csr->requests++; + } + } + } + XFREE(cert, ssl->heap, DYNAMIC_TYPE_DCERT); + + return ret; +} +#endif + static int TLSX_CSR_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte isRequest) { @@ -3273,14 +3445,14 @@ static int TLSX_CSR_Parse(WOLFSSL* ssl, const byte* input, word16 length, switch (csr->status_type) { case WOLFSSL_CSR_OCSP: /* propagate nonce */ - if (csr->request.ocsp.nonceSz) { + if (csr->request.ocsp[0].nonceSz) { request = (OcspRequest*)TLSX_CSR_GetRequest(ssl->extensions); if (request) { - XMEMCPY(request->nonce, csr->request.ocsp.nonce, - csr->request.ocsp.nonceSz); - request->nonceSz = csr->request.ocsp.nonceSz; + XMEMCPY(request->nonce, csr->request.ocsp[0].nonce, + csr->request.ocsp[0].nonceSz); + request->nonceSz = csr->request.ocsp[0].nonceSz; } } break; @@ -3311,14 +3483,21 @@ static int TLSX_CSR_Parse(WOLFSSL* ssl, const byte* input, word16 length, ret = BUFFER_ERROR; } if (ret == 0) { - csr->response.buffer = (byte*)XMALLOC(resp_length, ssl->heap, + if (ssl->response_idx < (1 + MAX_CHAIN_DEPTH)) + csr->responses[ssl->response_idx].buffer = + (byte*)XMALLOC(resp_length, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (csr->response.buffer == NULL) + else + ret = BAD_FUNC_ARG; + + if (ret == 0 && + csr->responses[ssl->response_idx].buffer == NULL) ret = MEMORY_ERROR; } if (ret == 0) { - XMEMCPY(csr->response.buffer, input + offset, resp_length); - csr->response.length = resp_length; + XMEMCPY(csr->responses[ssl->response_idx].buffer, + input + offset, resp_length); + csr->responses[ssl->response_idx].length = resp_length; } return ret; @@ -3383,6 +3562,7 @@ static int TLSX_CSR_Parse(WOLFSSL* ssl, const byte* input, word16 length, #if defined(WOLFSSL_TLS13) if (ssl->options.tls1_3) { + if (ssl->buffers.certificate == NULL) { WOLFSSL_MSG("Certificate buffer not set!"); return BUFFER_ERROR; @@ -3413,19 +3593,33 @@ static int TLSX_CSR_Parse(WOLFSSL* ssl, const byte* input, word16 length, } FreeDecodedCert(cert); XFREE(cert, ssl->heap, DYNAMIC_TYPE_DCERT); - extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST); csr = extension ? (CertificateStatusRequest*)extension->data : NULL; if (csr == NULL) return MEMORY_ERROR; - request = &csr->request.ocsp; - ret = CreateOcspResponse(ssl, &request, &csr->response); + request = &csr->request.ocsp[0]; + ret = CreateOcspResponse(ssl, &request, &csr->responses[0]); + if (request != &csr->request.ocsp[0] && + ssl->buffers.weOwnCert) { + /* request will be allocated in CreateOcspResponse() */ + FreeOcspRequest(request); + XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST); + } if (ret != 0) return ret; - if (csr->response.buffer) + + if (csr->responses[0].buffer) TLSX_SetResponse(ssl, TLSX_STATUS_REQUEST); + #if defined(WOLFSSL_TLS_OCSP_MULTI) + /* process OCSP request in certificate chain */ + if ((ret = ProcessChainOCSPRequest(ssl)) != 0) { + WOLFSSL_MSG("Process Cert Chain OCSP request failed"); + WOLFSSL_ERROR_VERBOSE(ret); + return ret; + } + #endif } else #endif @@ -3437,9 +3631,10 @@ static int TLSX_CSR_Parse(WOLFSSL* ssl, const byte* input, word16 length, return 0; } -int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert, void* heap) +int TLSX_CSR_InitRequest_ex(TLSX* extensions, DecodedCert* cert, + void* heap, int idx) { - TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST); + TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST); CertificateStatusRequest* csr = extension ? (CertificateStatusRequest*)extension->data : NULL; int ret = 0; @@ -3448,18 +3643,33 @@ int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert, void* heap) switch (csr->status_type) { case WOLFSSL_CSR_OCSP: { byte nonce[MAX_OCSP_NONCE_SZ]; - int nonceSz = csr->request.ocsp.nonceSz; - + int req_cnt = idx == -1 ? csr->requests : idx; + int nonceSz = csr->request.ocsp[0].nonceSz; + OcspRequest* request; + + request = &csr->request.ocsp[req_cnt]; + if (request->serial != NULL) { + /* clear request contents before re-use */ + FreeOcspRequest(request); + if (csr->requests > 0) + csr->requests--; + } /* preserve nonce */ - XMEMCPY(nonce, csr->request.ocsp.nonce, nonceSz); + XMEMCPY(nonce, request->nonce, nonceSz); - if ((ret = InitOcspRequest(&csr->request.ocsp, cert, 0, heap)) - != 0) - return ret; + if (req_cnt < MAX_CERT_EXTENSIONS) { + if ((ret = InitOcspRequest(request, cert, 0, heap)) != 0) + return ret; - /* restore nonce */ - XMEMCPY(csr->request.ocsp.nonce, nonce, nonceSz); - csr->request.ocsp.nonceSz = nonceSz; + /* restore nonce */ + XMEMCPY(request->nonce, nonce, nonceSz); + request->nonceSz = nonceSz; + csr->requests++; + } + else { + WOLFSSL_ERROR_VERBOSE(MAX_CERT_EXTENSIONS_ERR); + return MAX_CERT_EXTENSIONS_ERR; + } } break; } @@ -3468,22 +3678,37 @@ int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert, void* heap) return ret; } -void* TLSX_CSR_GetRequest(TLSX* extensions) +int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert, void* heap) +{ + return TLSX_CSR_InitRequest_ex(extensions, cert, heap, -1); +} + +void* TLSX_CSR_GetRequest_ex(TLSX* extensions, int idx) { TLSX* extension = TLSX_Find(extensions, TLSX_STATUS_REQUEST); CertificateStatusRequest* csr = extension ? (CertificateStatusRequest*)extension->data : NULL; - if (csr) { + if (csr && csr->ssl) { switch (csr->status_type) { case WOLFSSL_CSR_OCSP: - return &csr->request.ocsp; + if (IsAtLeastTLSv1_3(csr->ssl->version)) { + return idx < csr->requests ? &csr->request.ocsp[idx] : NULL; + } + else { + return idx == 0 ? &csr->request.ocsp[0] : NULL; + } } } return NULL; } +void* TLSX_CSR_GetRequest(TLSX* extensions) +{ + return TLSX_CSR_GetRequest_ex(extensions, 0); +} + int TLSX_CSR_ForceRequest(WOLFSSL* ssl) { TLSX* extension = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST); @@ -3494,9 +3719,9 @@ int TLSX_CSR_ForceRequest(WOLFSSL* ssl) switch (csr->status_type) { case WOLFSSL_CSR_OCSP: if (SSL_CM(ssl)->ocspEnabled) { - csr->request.ocsp.ssl = ssl; + csr->request.ocsp[0].ssl = ssl; return CheckOcspRequest(SSL_CM(ssl)->ocsp, - &csr->request.ocsp, NULL, NULL); + &csr->request.ocsp[0], NULL, NULL); } else { WOLFSSL_ERROR_VERBOSE(OCSP_LOOKUP_FAIL); @@ -3524,7 +3749,9 @@ int TLSX_UseCertificateStatusRequest(TLSX** extensions, byte status_type, return MEMORY_E; ForceZero(csr, sizeof(CertificateStatusRequest)); - +#if defined(WOLFSSL_TLS13) + XMEMSET(csr->responses, 0, sizeof(csr->responses)); +#endif csr->status_type = status_type; csr->options = options; csr->ssl = ssl; @@ -3541,9 +3768,9 @@ int TLSX_UseCertificateStatusRequest(TLSX** extensions, byte status_type, (void)devId; #endif if (ret == 0) { - if (wc_RNG_GenerateBlock(&rng, csr->request.ocsp.nonce, + if (wc_RNG_GenerateBlock(&rng, csr->request.ocsp[0].nonce, MAX_OCSP_NONCE_SZ) == 0) - csr->request.ocsp.nonceSz = MAX_OCSP_NONCE_SZ; + csr->request.ocsp[0].nonceSz = MAX_OCSP_NONCE_SZ; wc_FreeRng(&rng); } @@ -3887,7 +4114,7 @@ int TLSX_CSR2_AddPendingSigner(TLSX *extensions, Signer *s) csr2 = TLSX_CSR2_GetMulti(extensions); if (!csr2) - return -1; + return WOLFSSL_FATAL_ERROR; s->next = csr2->pendingSigners; csr2->pendingSigners = s; @@ -5678,14 +5905,25 @@ static int TLSX_SessionTicket_Parse(WOLFSSL* ssl, const byte* input, /* SERVER: ticket is peer auth. */ ssl->options.peerAuthGood = 1; } - } else if (ret == WOLFSSL_TICKET_RET_REJECT) { + } else if (ret == WOLFSSL_TICKET_RET_REJECT || + ret == WC_NO_ERR_TRACE(VERSION_ERROR)) { WOLFSSL_MSG("Process client ticket rejected, not using"); - ssl->options.rejectTicket = 1; + if (ret == WC_NO_ERR_TRACE(VERSION_ERROR)) + WOLFSSL_MSG("\tbad TLS version"); ret = 0; /* not fatal */ - } else if (ret == WC_NO_ERR_TRACE(VERSION_ERROR)) { - WOLFSSL_MSG("Process client ticket rejected, bad TLS version"); + ssl->options.rejectTicket = 1; - ret = 0; /* not fatal */ + /* If we have session tickets enabled then send a new ticket */ + if (!TLSX_CheckUnsupportedExtension(ssl, TLSX_SESSION_TICKET)) { + ret = TLSX_UseSessionTicket(&ssl->extensions, NULL, + ssl->heap); + if (ret == WOLFSSL_SUCCESS) { + ret = 0; + TLSX_SetResponse(ssl, TLSX_SESSION_TICKET); + ssl->options.createTicket = 1; + ssl->options.useTicket = 1; + } + } } else if (ret == WOLFSSL_TICKET_RET_FATAL) { WOLFSSL_MSG("Process client ticket fatal error, not using"); } else if (ret < 0) { @@ -5975,9 +6213,7 @@ static TlsxSrtp* TLSX_UseSRTP_New(word16 ids, void* heap) static void TLSX_UseSRTP_Free(TlsxSrtp *srtp, void* heap) { - if (srtp != NULL) { - XFREE(srtp, heap, DYNAMIC_TYPE_TLSX); - } + XFREE(srtp, heap, DYNAMIC_TYPE_TLSX); (void)heap; } @@ -6594,8 +6830,7 @@ static void TLSX_Cookie_FreeAll(Cookie* cookie, void* heap) { (void)heap; - if (cookie != NULL) - XFREE(cookie, heap, DYNAMIC_TYPE_TLSX); + XFREE(cookie, heap, DYNAMIC_TYPE_TLSX); } /* Get the size of the encoded Cookie extension. @@ -6748,8 +6983,7 @@ int TLSX_Cookie_Use(const WOLFSSL* ssl, const byte* data, word16 len, byte* mac, if (mac != NULL) XMEMCPY(cookie->data + len, mac, macSz); - if (extension->data != NULL) - XFREE(extension->data, ssl->heap, DYNAMIC_TYPE_TLSX); + XFREE(extension->data, ssl->heap, DYNAMIC_TYPE_TLSX); extension->data = (void*)cookie; extension->resp = (byte)resp; @@ -6907,16 +7141,15 @@ static int TLSX_CA_Names_Parse(WOLFSSL *ssl, const byte* input, InitDecodedCert(cert, input + idx, extLen, ssl->heap); didInit = TRUE; idx += extLen; - ret = GetName(cert, SUBJECT, extLen); + ret = GetName(cert, ASN_SUBJECT, extLen); } if (ret == 0 && (name = wolfSSL_X509_NAME_new()) == NULL) ret = MEMORY_ERROR; if (ret == 0) { - CopyDecodedName(name, cert, SUBJECT); - if (wolfSSL_sk_X509_NAME_push(ssl->client_ca_names, name) - == WOLFSSL_FAILURE) + CopyDecodedName(name, cert, ASN_SUBJECT); + if (wolfSSL_sk_X509_NAME_push(ssl->client_ca_names, name) <= 0) ret = MEMORY_ERROR; } @@ -7392,21 +7625,15 @@ static int TLSX_KeyShare_GenDhKey(WOLFSSL *ssl, KeyShareEntry* kse) * The DhKey will be setup again in TLSX_KeyShare_ProcessDh */ if (dhKey != NULL) wc_FreeDhKey(dhKey); - if (kse->key != NULL) { - XFREE(kse->key, ssl->heap, DYNAMIC_TYPE_DH); - kse->key = NULL; - } + XFREE(kse->key, ssl->heap, DYNAMIC_TYPE_DH); + kse->key = NULL; if (ret != 0) { /* Cleanup on error, otherwise data owned by key share entry */ - if (kse->privKey != NULL) { - XFREE(kse->privKey, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); - kse->privKey = NULL; - } - if (kse->pubKey != NULL) { - XFREE(kse->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); - kse->pubKey = NULL; - } + XFREE(kse->privKey, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); + kse->privKey = NULL; + XFREE(kse->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); + kse->pubKey = NULL; } #else (void)ssl; @@ -7488,16 +7715,12 @@ static int TLSX_KeyShare_GenX25519Key(WOLFSSL *ssl, KeyShareEntry* kse) if (ret != 0) { /* Data owned by key share entry otherwise. */ - if (kse->pubKey != NULL) { - XFREE(kse->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); - kse->pubKey = NULL; - } + XFREE(kse->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); + kse->pubKey = NULL; if (key != NULL) wc_curve25519_free(key); - if (kse->key != NULL) { - XFREE(kse->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); - kse->key = NULL; - } + XFREE(kse->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); + kse->key = NULL; } #else (void)ssl; @@ -7576,16 +7799,12 @@ static int TLSX_KeyShare_GenX448Key(WOLFSSL *ssl, KeyShareEntry* kse) if (ret != 0) { /* Data owned by key share entry otherwise. */ - if (kse->pubKey != NULL) { - XFREE(kse->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); - kse->pubKey = NULL; - } + XFREE(kse->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); + kse->pubKey = NULL; if (key != NULL) wc_curve448_free(key); - if (kse->key != NULL) { - XFREE(kse->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); - kse->key = NULL; - } + XFREE(kse->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); + kse->key = NULL; } #else (void)ssl; @@ -7683,7 +7902,7 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse) #endif { /* set curve info for EccMakeKey "peer" info */ - ret = wc_ecc_set_curve(eccKey, kse->keyLen, curveId); + ret = wc_ecc_set_curve(eccKey, (int)kse->keyLen, curveId); if (ret == 0) { #ifdef WOLFSSL_ASYNC_CRYPT /* Detect when private key generation is done */ @@ -7739,16 +7958,12 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse) if (ret != 0) { /* Cleanup on error, otherwise data owned by key share entry */ - if (kse->pubKey != NULL) { - XFREE(kse->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); - kse->pubKey = NULL; - } + XFREE(kse->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); + kse->pubKey = NULL; if (eccKey != NULL) wc_ecc_free(eccKey); - if (kse->key != NULL) { - XFREE(kse->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); - kse->key = NULL; - } + XFREE(kse->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); + kse->key = NULL; } #else (void)ssl; @@ -7957,10 +8172,8 @@ static int TLSX_KeyShare_GenPqcKey(WOLFSSL *ssl, KeyShareEntry* kse) wc_KyberKey_Free(kem); TLSX_KeyShare_FreeAll(ecc_kse, ssl->heap); - if (pubKey != NULL) - XFREE(pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); - if (privKey != NULL) - XFREE(privKey, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); + XFREE(pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); + XFREE(privKey, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); return ret; } @@ -8024,10 +8237,8 @@ static void TLSX_KeyShare_FreeAll(KeyShareEntry* list, void* heap) if (current->key != NULL) { ForceZero((byte*)current->key, current->keyLen); } - if (current->pubKey != NULL) { - XFREE(current->pubKey, heap, DYNAMIC_TYPE_PUBLIC_KEY); - current->pubKey = NULL; - } + XFREE(current->pubKey, heap, DYNAMIC_TYPE_PUBLIC_KEY); + current->pubKey = NULL; if (current->privKey != NULL) { ForceZero(current->privKey, current->privKeyLen); XFREE(current->privKey, heap, DYNAMIC_TYPE_PRIVATE_KEY); @@ -8246,18 +8457,12 @@ static int TLSX_KeyShare_ProcessDh(WOLFSSL* ssl, KeyShareEntry* keyShareEntry) /* done with key share, release resources */ if (dhKey) wc_FreeDhKey(dhKey); - if (keyShareEntry->key) { - XFREE(keyShareEntry->key, ssl->heap, DYNAMIC_TYPE_DH); - keyShareEntry->key = NULL; - } - if (keyShareEntry->privKey != NULL) { - XFREE(keyShareEntry->privKey, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); - keyShareEntry->privKey = NULL; - } - if (keyShareEntry->pubKey != NULL) { - XFREE(keyShareEntry->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); - keyShareEntry->pubKey = NULL; - } + XFREE(keyShareEntry->key, ssl->heap, DYNAMIC_TYPE_DH); + keyShareEntry->key = NULL; + XFREE(keyShareEntry->privKey, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); + keyShareEntry->privKey = NULL; + XFREE(keyShareEntry->pubKey, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); + keyShareEntry->pubKey = NULL; XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); keyShareEntry->ke = NULL; #else @@ -8335,10 +8540,8 @@ static int TLSX_KeyShare_ProcessX25519(WOLFSSL* ssl, wc_curve25519_free(peerX25519Key); XFREE(peerX25519Key, ssl->heap, DYNAMIC_TYPE_TLSX); wc_curve25519_free((curve25519_key*)keyShareEntry->key); - if (keyShareEntry->key != NULL) { - XFREE(keyShareEntry->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); - keyShareEntry->key = NULL; - } + XFREE(keyShareEntry->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); + keyShareEntry->key = NULL; #else (void)ssl; (void)keyShareEntry; @@ -8415,10 +8618,8 @@ static int TLSX_KeyShare_ProcessX448(WOLFSSL* ssl, KeyShareEntry* keyShareEntry) wc_curve448_free(peerX448Key); XFREE(peerX448Key, ssl->heap, DYNAMIC_TYPE_TLSX); wc_curve448_free((curve448_key*)keyShareEntry->key); - if (keyShareEntry->key != NULL) { - XFREE(keyShareEntry->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); - keyShareEntry->key = NULL; - } + XFREE(keyShareEntry->key, ssl->heap, DYNAMIC_TYPE_PRIVATE_KEY); + keyShareEntry->key = NULL; #else (void)ssl; (void)keyShareEntry; @@ -8705,7 +8906,7 @@ static int TLSX_KeyShare_ProcessPqc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry) (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \ !defined(HAVE_SELFTEST) if (ret == 0) { - ret = wc_ecc_set_rng(keyShareEntry->key, ssl->rng); + ret = wc_ecc_set_rng((ecc_key *)keyShareEntry->key, ssl->rng); if (ret != 0) { WOLFSSL_MSG("Failure to set the ECC private key RNG."); } @@ -8714,8 +8915,8 @@ static int TLSX_KeyShare_ProcessPqc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry) if (ret == 0) { PRIVATE_KEY_UNLOCK(); - ret = wc_ecc_shared_secret(keyShareEntry->key, &eccpubkey, - sharedSecret, &outlen); + ret = wc_ecc_shared_secret((ecc_key *)keyShareEntry->key, + &eccpubkey, sharedSecret, &outlen); PRIVATE_KEY_LOCK(); if (outlen != sharedSecretLen - ssSz) { WOLFSSL_MSG("ECC shared secret derivation error."); @@ -8735,9 +8936,7 @@ static int TLSX_KeyShare_ProcessPqc(WOLFSSL* ssl, KeyShareEntry* keyShareEntry) ssl->arrays->preMasterSz = (word32) sharedSecretLen; } - if (sharedSecret != NULL) { - XFREE(sharedSecret, ssl->heap, DYNAMIC_TYPE_SECRET); - } + XFREE(sharedSecret, ssl->heap, DYNAMIC_TYPE_SECRET); wc_ecc_free(&eccpubkey); wc_KyberKey_Free(kem); @@ -9193,14 +9392,14 @@ static int server_generate_pqc_ciphertext(WOLFSSL* ssl, (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \ !defined(HAVE_SELFTEST) if (ret == 0) { - ret = wc_ecc_set_rng(ecc_kse->key, ssl->rng); + ret = wc_ecc_set_rng((ecc_key *)ecc_kse->key, ssl->rng); } #endif if (ret == 0) { outlen = ecc_kse->keyLen; PRIVATE_KEY_UNLOCK(); - ret = wc_ecc_shared_secret(ecc_kse->key, &eccpubkey, + ret = wc_ecc_shared_secret((ecc_key *)ecc_kse->key, &eccpubkey, sharedSecret, &outlen); PRIVATE_KEY_LOCK(); @@ -9224,9 +9423,7 @@ static int server_generate_pqc_ciphertext(WOLFSSL* ssl, } if (ret == 0) { - if (keyShareEntry->ke != NULL) { - XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); - } + XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); keyShareEntry->ke = sharedSecret; keyShareEntry->keLen = outlen + ssSz; @@ -9244,10 +9441,8 @@ static int server_generate_pqc_ciphertext(WOLFSSL* ssl, } TLSX_KeyShare_FreeAll(ecc_kse, ssl->heap); - if (sharedSecret != NULL) - XFREE(sharedSecret, ssl->heap, DYNAMIC_TYPE_SECRET); - if (ciphertext != NULL) - XFREE(ciphertext, ssl->heap, DYNAMIC_TYPE_TLSX); + XFREE(sharedSecret, ssl->heap, DYNAMIC_TYPE_SECRET); + XFREE(ciphertext, ssl->heap, DYNAMIC_TYPE_TLSX); wc_ecc_free(&eccpubkey); wc_KyberKey_Free(kem); return ret; @@ -9312,9 +9507,7 @@ int TLSX_KeyShare_Use(const WOLFSSL* ssl, word16 group, word16 len, byte* data, else #endif if (data != NULL) { - if (keyShareEntry->ke != NULL) { - XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); - } + XFREE(keyShareEntry->ke, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); keyShareEntry->ke = data; keyShareEntry->keLen = len; } @@ -9504,9 +9697,6 @@ static int TLSX_KeyShare_IsSupported(int namedGroup) } break; } - #elif defined(HAVE_PQM4) - case WOLFSSL_KYBER_LEVEL1: - break; #endif #endif default: @@ -9575,8 +9765,6 @@ static const word16 preferredGroup[] = { WOLFSSL_P256_KYBER_LEVEL1, WOLFSSL_P384_KYBER_LEVEL3, WOLFSSL_P521_KYBER_LEVEL5, -#elif defined(HAVE_PQM4) - WOLFSSL_KYBER_LEVEL1, #endif WOLFSSL_NAMED_GROUP_INVALID }; @@ -9610,14 +9798,14 @@ static int TLSX_KeyShare_GroupRank(const WOLFSSL* ssl, int group) #ifdef HAVE_LIBOQS if (!TLSX_KeyShare_IsSupported(group)) - return -1; + return WOLFSSL_FATAL_ERROR; #endif for (i = 0; i < numGroups; i++) if (groups[i] == (word16)group) return i; - return -1; + return WOLFSSL_FATAL_ERROR; } /* Set a key share that is supported by the client into extensions. @@ -9965,7 +10153,7 @@ int TLSX_KeyShare_Setup(WOLFSSL *ssl, KeyShareEntry* clientKSE) /* for async do setup of serverKSE below, but return WC_PENDING_E */ if (ret != 0 #ifdef WOLFSSL_ASYNC_CRYPT - && ret != WC_PENDING_E + && ret != WC_NO_ERR_TRACE(WC_PENDING_E) #endif ) { TLSX_KeyShare_FreeAll(list, ssl->heap); @@ -12106,8 +12294,7 @@ static int TLSX_ExtractEch(WOLFSSL_ECH* ech, WOLFSSL_EchConfig* echConfig, ech->hpke = NULL; } - if (info != NULL) - XFREE(info, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(info, heap, DYNAMIC_TYPE_TMP_BUFFER); return ret; } @@ -12130,6 +12317,11 @@ static int TLSX_ECH_Parse(WOLFSSL* ssl, const byte* readBuf, word16 size, if (size == 0) return BAD_FUNC_ARG; + if (ssl->options.disableECH) { + WOLFSSL_MSG("TLSX_ECH_Parse: ECH disabled. Ignoring."); + return 0; + } + if (msgType == encrypted_extensions) { ret = wolfSSL_SetEchConfigs(ssl, readBuf, size); @@ -12263,13 +12455,11 @@ static int TLSX_ECH_Parse(WOLFSSL* ssl, const byte* readBuf, word16 size, /* free the ech struct and the dynamic buffer it uses */ static void TLSX_ECH_Free(WOLFSSL_ECH* ech, void* heap) { - if (ech->innerClientHello != NULL) - XFREE(ech->innerClientHello, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(ech->innerClientHello, heap, DYNAMIC_TYPE_TMP_BUFFER); if (ech->ephemeralKey != NULL) wc_HpkeFreeKey(ech->hpke, ech->hpke->kem, ech->ephemeralKey, ech->hpke->heap); - if (ech->hpke != NULL) - XFREE(ech->hpke, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(ech->hpke, heap, DYNAMIC_TYPE_TMP_BUFFER); XFREE(ech, heap, DYNAMIC_TYPE_TMP_BUFFER); (void)heap; @@ -12436,27 +12626,36 @@ void TLSX_FreeAll(TLSX* list, void* heap) WOLFSSL_MSG("Encrypt-Then-Mac extension free"); break; #endif -#ifdef WOLFSSL_TLS13 - case TLSX_SUPPORTED_VERSIONS: - WOLFSSL_MSG("Supported Versions extension free"); - break; - - #ifdef WOLFSSL_SEND_HRR_COOKIE - case TLSX_COOKIE: - WOLFSSL_MSG("Cookie extension free"); - CKE_FREE_ALL((Cookie*)extension->data, heap); - break; - #endif +#if defined(WOLFSSL_TLS13) || !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS) #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) case TLSX_PRE_SHARED_KEY: WOLFSSL_MSG("Pre-Shared Key extension free"); PSK_FREE_ALL((PreSharedKey*)extension->data, heap); break; + #ifdef WOLFSSL_TLS13 case TLSX_PSK_KEY_EXCHANGE_MODES: WOLFSSL_MSG("PSK Key Exchange Modes extension free"); break; + #endif + #endif + + case TLSX_KEY_SHARE: + WOLFSSL_MSG("Key Share extension free"); + KS_FREE_ALL((KeyShareEntry*)extension->data, heap); + break; +#endif +#ifdef WOLFSSL_TLS13 + case TLSX_SUPPORTED_VERSIONS: + WOLFSSL_MSG("Supported Versions extension free"); + break; + + #ifdef WOLFSSL_SEND_HRR_COOKIE + case TLSX_COOKIE: + WOLFSSL_MSG("Cookie extension free"); + CKE_FREE_ALL((Cookie*)extension->data, heap); + break; #endif #ifdef WOLFSSL_EARLY_DATA @@ -12476,11 +12675,6 @@ void TLSX_FreeAll(TLSX* list, void* heap) WOLFSSL_MSG("Signature Algorithms extension free"); break; #endif - - case TLSX_KEY_SHARE: - WOLFSSL_MSG("Key Share extension free"); - KS_FREE_ALL((KeyShareEntry*)extension->data, heap); - break; #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_CA_NAMES) case TLSX_CERTIFICATE_AUTHORITIES: WOLFSSL_MSG("Certificate Authorities extension free"); @@ -12554,7 +12748,7 @@ static int TLSX_GetSize(TLSX* list, byte* semaphore, byte msgType, continue; /* skip! */ /* ssl level extensions are expected to override ctx level ones. */ - if (!IS_OFF(semaphore, TLSX_ToSemaphore(extension->type))) + if (!IS_OFF(semaphore, TLSX_ToSemaphore((word16)extension->type))) continue; /* skip! */ /* extension type + extension data length. */ @@ -12631,26 +12825,33 @@ static int TLSX_GetSize(TLSX* list, byte* semaphore, byte msgType, ret = ETM_GET_SIZE(msgType, &length); break; #endif /* HAVE_ENCRYPT_THEN_MAC */ -#ifdef WOLFSSL_TLS13 - case TLSX_SUPPORTED_VERSIONS: - ret = SV_GET_SIZE(extension->data, msgType, &length); - break; - - #ifdef WOLFSSL_SEND_HRR_COOKIE - case TLSX_COOKIE: - ret = CKE_GET_SIZE((Cookie*)extension->data, msgType, &length); - break; - #endif +#if defined(WOLFSSL_TLS13) || !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS) #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) case TLSX_PRE_SHARED_KEY: ret = PSK_GET_SIZE((PreSharedKey*)extension->data, msgType, &length); break; - + #ifdef WOLFSSL_TLS13 case TLSX_PSK_KEY_EXCHANGE_MODES: ret = PKM_GET_SIZE((byte)extension->val, msgType, &length); break; + #endif + #endif + case TLSX_KEY_SHARE: + length += KS_GET_SIZE((KeyShareEntry*)extension->data, msgType); + break; +#endif + +#ifdef WOLFSSL_TLS13 + case TLSX_SUPPORTED_VERSIONS: + ret = SV_GET_SIZE(extension->data, msgType, &length); + break; + + #ifdef WOLFSSL_SEND_HRR_COOKIE + case TLSX_COOKIE: + ret = CKE_GET_SIZE((Cookie*)extension->data, msgType, &length); + break; #endif #ifdef WOLFSSL_EARLY_DATA @@ -12671,9 +12872,6 @@ static int TLSX_GetSize(TLSX* list, byte* semaphore, byte msgType, break; #endif - case TLSX_KEY_SHARE: - length += KS_GET_SIZE((KeyShareEntry*)extension->data, msgType); - break; #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_CA_NAMES) case TLSX_CERTIFICATE_AUTHORITIES: length += CAN_GET_SIZE(extension->data); @@ -12719,7 +12917,7 @@ static int TLSX_GetSize(TLSX* list, byte* semaphore, byte msgType, /* marks the extension as processed so ctx level */ /* extensions don't overlap with ssl level ones. */ - TURN_ON(semaphore, TLSX_ToSemaphore(extension->type)); + TURN_ON(semaphore, TLSX_ToSemaphore((word16)extension->type)); } *pLength += length; @@ -12746,11 +12944,11 @@ static int TLSX_Write(TLSX* list, byte* output, byte* semaphore, continue; /* skip! */ /* ssl level extensions are expected to override ctx level ones. */ - if (!IS_OFF(semaphore, TLSX_ToSemaphore(extension->type))) + if (!IS_OFF(semaphore, TLSX_ToSemaphore((word16)extension->type))) continue; /* skip! */ /* writes extension type. */ - c16toa(extension->type, output + offset); + c16toa((word16)extension->type, output + offset); offset += HELLO_EXT_TYPE_SZ + OPAQUE16_LEN; length_offset = offset; @@ -12855,20 +13053,8 @@ static int TLSX_Write(TLSX* list, byte* output, byte* semaphore, ret = ETM_WRITE(extension->data, output, msgType, &offset); break; #endif /* HAVE_ENCRYPT_THEN_MAC */ -#ifdef WOLFSSL_TLS13 - case TLSX_SUPPORTED_VERSIONS: - WOLFSSL_MSG("Supported Versions extension to write"); - ret = SV_WRITE(extension->data, output + offset, msgType, &offset); - break; - - #ifdef WOLFSSL_SEND_HRR_COOKIE - case TLSX_COOKIE: - WOLFSSL_MSG("Cookie extension to write"); - ret = CKE_WRITE((Cookie*)extension->data, output + offset, - msgType, &offset); - break; - #endif +#if defined(WOLFSSL_TLS13) || !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS) #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) case TLSX_PRE_SHARED_KEY: WOLFSSL_MSG("Pre-Shared Key extension to write"); @@ -12876,11 +13062,33 @@ static int TLSX_Write(TLSX* list, byte* output, byte* semaphore, msgType, &offset); break; + #ifdef WOLFSSL_TLS13 case TLSX_PSK_KEY_EXCHANGE_MODES: WOLFSSL_MSG("PSK Key Exchange Modes extension to write"); ret = PKM_WRITE((byte)extension->val, output + offset, msgType, &offset); break; + #endif + #endif + case TLSX_KEY_SHARE: + WOLFSSL_MSG("Key Share extension to write"); + offset += KS_WRITE((KeyShareEntry*)extension->data, + output + offset, msgType); + break; +#endif +#ifdef WOLFSSL_TLS13 + case TLSX_SUPPORTED_VERSIONS: + WOLFSSL_MSG("Supported Versions extension to write"); + ret = SV_WRITE(extension->data, output + offset, msgType, + &offset); + break; + + #ifdef WOLFSSL_SEND_HRR_COOKIE + case TLSX_COOKIE: + WOLFSSL_MSG("Cookie extension to write"); + ret = CKE_WRITE((Cookie*)extension->data, output + offset, + msgType, &offset); + break; #endif #ifdef WOLFSSL_EARLY_DATA @@ -12905,11 +13113,6 @@ static int TLSX_Write(TLSX* list, byte* output, byte* semaphore, break; #endif - case TLSX_KEY_SHARE: - WOLFSSL_MSG("Key Share extension to write"); - offset += KS_WRITE((KeyShareEntry*)extension->data, - output + offset, msgType); - break; #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_CA_NAMES) case TLSX_CERTIFICATE_AUTHORITIES: WOLFSSL_MSG("Certificate Authorities extension to write"); @@ -12968,7 +13171,7 @@ static int TLSX_Write(TLSX* list, byte* output, byte* semaphore, /* marks the extension as processed so ctx level */ /* extensions don't overlap with ssl level ones. */ - TURN_ON(semaphore, TLSX_ToSemaphore(extension->type)); + TURN_ON(semaphore, TLSX_ToSemaphore((word16)extension->type)); /* if we encountered an error propagate it */ if (ret != 0) @@ -13190,7 +13393,7 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions) ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P384_KYBER_LEVEL3, ssl->heap); #endif -#ifdef WOLFSSL_KYBER768 +#ifdef WOLFSSL_KYBER1024 if (ret == WOLFSSL_SUCCESS) ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_KYBER_LEVEL5, ssl->heap); @@ -13215,8 +13418,6 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions) if (ret == WOLFSSL_SUCCESS) ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P521_KYBER_LEVEL5, ssl->heap); -#elif defined(HAVE_PQM4) - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_KYBER_LEVEL1, ssl->heap); #endif /* HAVE_LIBOQS */ #endif /* WOLFSSL_HAVE_KYBER */ @@ -13551,7 +13752,7 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer) ssl->arrays->client_identity, MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN, &cipherName); if (GetCipherSuiteFromName(cipherName, &cipherSuite0, - &cipherSuite, &cipherSuiteFlags) != 0) { + &cipherSuite, NULL, NULL, &cipherSuiteFlags) != 0) { return PSK_KEY_ERROR; } } @@ -13637,18 +13838,21 @@ int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isServer) #endif #if defined(HAVE_ECH) /* GREASE ECH */ - if (ssl->echConfigs == NULL) { - ret = GREASE_ECH_USE(&(ssl->extensions), ssl->heap, ssl->rng); - } - else if (ssl->echConfigs != NULL) { - ret = ECH_USE(ssl->echConfigs, &(ssl->extensions), ssl->heap, - ssl->rng); + if (!ssl->options.disableECH) { + if (ssl->echConfigs == NULL) { + ret = GREASE_ECH_USE(&(ssl->extensions), ssl->heap, + ssl->rng); + } + else if (ssl->echConfigs != NULL) { + ret = ECH_USE(ssl->echConfigs, &(ssl->extensions), + ssl->heap, ssl->rng); + } } #endif } #if defined(HAVE_ECH) else if (IsAtLeastTLSv1_3(ssl->version)) { - if (ssl->ctx->echConfigs != NULL) { + if (ssl->ctx->echConfigs != NULL && !ssl->options.disableECH) { ret = SERVER_ECH_USE(&(ssl->extensions), ssl->heap, ssl->ctx->echConfigs); @@ -13838,7 +14042,8 @@ int TLSX_GetRequestSize(WOLFSSL* ssl, byte msgType, word32* pLength) } #endif #if defined(HAVE_ECH) - if (ssl->options.useEch == 1 && msgType == client_hello) { + if (ssl->options.useEch == 1 && !ssl->options.disableECH + && msgType == client_hello) { ret = TLSX_GetSizeWithEch(ssl, semaphore, msgType, &length); if (ret != 0) return ret; @@ -14083,7 +14288,8 @@ int TLSX_WriteRequest(WOLFSSL* ssl, byte* output, byte msgType, word32* pOffset) #endif #endif #if defined(WOLFSSL_TLS13) && defined(HAVE_ECH) - if (ssl->options.useEch == 1 && msgType == client_hello) { + if (ssl->options.useEch == 1 && !ssl->options.disableECH + && msgType == client_hello) { ret = TLSX_WriteWithEch(ssl, output, semaphore, msgType, &offset); if (ret != 0) @@ -14169,9 +14375,6 @@ int TLSX_GetResponseSize(WOLFSSL* ssl, byte msgType, word16* pLength) #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY)); #endif - #ifdef WOLFSSL_DTLS_CID - TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_CONNECTION_ID)); - #endif } #if !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS) else { @@ -14183,6 +14386,9 @@ int TLSX_GetResponseSize(WOLFSSL* ssl, byte msgType, word16* pLength) #endif } #endif + #ifdef WOLFSSL_DTLS_CID + TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_CONNECTION_ID)); + #endif #endif /* WOLFSSL_TLS13 */ break; @@ -14296,7 +14502,7 @@ int TLSX_WriteResponse(WOLFSSL *ssl, byte* output, byte msgType, word16* pOffset #ifndef NO_WOLFSSL_SERVER case server_hello: PF_VALIDATE_RESPONSE(ssl, semaphore); - #ifdef WOLFSSL_TLS13 + #ifdef WOLFSSL_TLS13 if (IsAtLeastTLSv1_3(ssl->version)) { XMEMSET(semaphore, 0xff, SEMAPHORE_SIZE); TURN_OFF(semaphore, @@ -14313,21 +14519,23 @@ int TLSX_WriteResponse(WOLFSSL *ssl, byte* output, byte msgType, word16* pOffset #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY)); #endif - #ifdef WOLFSSL_DTLS_CID - TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_CONNECTION_ID)); - #endif /* WOLFSSL_DTLS_CID */ } + else + #endif /* WOLFSSL_TLS13 */ + { #if !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS) - else { #ifdef HAVE_SUPPORTED_CURVES TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_KEY_SHARE)); #endif #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) TURN_ON(semaphore, TLSX_ToSemaphore(TLSX_PRE_SHARED_KEY)); #endif - } #endif - #endif + WC_DO_NOTHING; /* avoid empty brackets */ + } + #ifdef WOLFSSL_DTLS_CID + TURN_OFF(semaphore, TLSX_ToSemaphore(TLSX_CONNECTION_ID)); + #endif /* WOLFSSL_DTLS_CID */ break; #ifdef WOLFSSL_TLS13 @@ -15233,10 +15441,6 @@ int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType, #endif /* WOLFSSL_QUIC */ #if defined(WOLFSSL_DTLS_CID) case TLSX_CONNECTION_ID: - /* connection ID not supported in DTLSv1.2 */ - if (!IsAtLeastTLSv1_3(ssl->version)) - break; - if (msgType != client_hello && msgType != server_hello) return EXT_NOT_ALLOWED; @@ -15652,6 +15856,26 @@ int TLSX_Parse(WOLFSSL* ssl, const byte* input, word16 length, byte msgType, return m; } #endif /* !WOLFSSL_NO_TLS12 */ + #ifdef WOLFSSL_DTLS13 + WOLFSSL_METHOD* wolfDTLSv1_3_method(void) + { + return wolfDTLSv1_3_method_ex(NULL); + } + WOLFSSL_METHOD* wolfDTLSv1_3_method_ex(void* heap) + { + WOLFSSL_METHOD* m; + WOLFSSL_ENTER("DTLSv1_3_method"); + #ifndef NO_WOLFSSL_CLIENT + m = wolfDTLSv1_3_client_method_ex(heap); + #else + m = wolfDTLSv1_3_server_method_ex(heap); + #endif + if (m != NULL) { + m->side = WOLFSSL_NEITHER_END; + } + return m; + } + #endif /* WOLFSSL_DTLS13 */ #endif /* WOLFSSL_DTLS */ #endif /* OPENSSL_EXTRA || WOLFSSL_EITHER_SIDE */ diff --git a/src/src/tls13.c b/src/src/tls13.c index ef37c29..e826893 100644 --- a/src/src/tls13.c +++ b/src/src/tls13.c @@ -1,6 +1,6 @@ /* tls13.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -221,7 +221,7 @@ static int Tls13HKDFExpandLabel(WOLFSSL* ssl, byte* okm, word32 okmLen, #endif (void)ssl; PRIVATE_KEY_UNLOCK(); -#if !defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)) +#if !defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(6,0)) ret = wc_Tls13_HKDF_Expand_Label_ex(okm, okmLen, prk, prkLen, protocol, protocolLen, label, labelLen, @@ -261,7 +261,7 @@ static int Tls13HKDFExpandKeyLabel(WOLFSSL* ssl, byte* okm, word32 okmLen, return ret; #endif -#if !defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)) +#if !defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(6,0)) ret = wc_Tls13_HKDF_Expand_Label_ex(okm, okmLen, prk, prkLen, protocol, protocolLen, label, labelLen, @@ -1137,7 +1137,7 @@ static int Tls13_HKDF_Extract(WOLFSSL *ssl, byte* prk, const byte* salt, #endif { #if !defined(HAVE_FIPS) || \ - (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)) + (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(6,0)) ret = wc_Tls13_HKDF_Extract_ex(prk, salt, (word32)saltLen, ikm, (word32)ikmLen, digest, ssl->heap, ssl->devId); #else @@ -2534,7 +2534,6 @@ static int Tls13IntegrityOnly_Encrypt(WOLFSSL* ssl, byte* output, /* Copy the input to output if not the same buffer */ if (ret == 0 && output != input) XMEMCPY(output, input, sz); - return ret; } #endif @@ -2930,7 +2929,6 @@ static int Tls13IntegrityOnly_Decrypt(WOLFSSL* ssl, byte* output, /* Copy the input to output if not the same buffer */ if (ret == 0 && output != input) XMEMCPY(output, input, sz); - return ret; } #endif @@ -3199,6 +3197,7 @@ typedef struct BuildMsg13Args { word32 idx; word32 headerSz; word16 size; + word32 paddingSz; } BuildMsg13Args; static void FreeBuildMsg13Args(WOLFSSL* ssl, void* pArgs) @@ -3304,7 +3303,14 @@ int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input, args->sz++; /* Authentication data at the end. */ args->sz += ssl->specs.aead_mac_size; - +#ifdef WOLFSSL_DTLS13 + /* Pad to minimum length */ + if (ssl->options.dtls && + args->sz < (word32)Dtls13MinimumRecordLength(ssl)) { + args->paddingSz = Dtls13MinimumRecordLength(ssl) - args->sz; + args->sz = Dtls13MinimumRecordLength(ssl); + } +#endif if (sizeOnly) return (int)args->sz; @@ -3348,6 +3354,9 @@ int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input, /* The real record content type goes at the end of the data. */ output[args->idx++] = (byte)type; + /* Double check that any necessary padding is zero'd out */ + XMEMSET(output + args->idx, 0, args->paddingSz); + args->idx += args->paddingSz; ssl->options.buildMsgState = BUILD_MSG_ENCRYPT; } @@ -3393,7 +3402,8 @@ int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input, #ifdef WOLFSSL_DTLS13 if (ret == 0 && ssl->options.dtls) { /* AAD points to the header. Reuse the variable */ - ret = Dtls13EncryptRecordNumber(ssl, (byte*)aad, (word16)args->sz); + ret = Dtls13EncryptRecordNumber(ssl, (byte*)aad, + (word16)args->sz); } #endif /* WOLFSSL_DTLS13 */ } @@ -3600,7 +3610,7 @@ int CreateCookieExt(const WOLFSSL* ssl, byte* hash, word16 hashSz, macSz = WC_SHA256_DIGEST_SIZE; #endif /* NO_SHA256 */ - ret = wc_HmacInit(&cookieHmac, ssl->heap, INVALID_DEVID); + ret = wc_HmacInit(&cookieHmac, ssl->heap, ssl->devId); if (ret == 0) { ret = wc_HmacSetKey(&cookieHmac, cookieType, ssl->buffers.tls13CookieSecret.buffer, @@ -3940,7 +3950,7 @@ static int SetupPskKey(WOLFSSL* ssl, PreSharedKey* psk, int clientHello) MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN, &cipherName); if (GetCipherSuiteFromName(cipherName, &cipherSuite0, - &cipherSuite, &cipherSuiteFlags) != 0) { + &cipherSuite, NULL, NULL, &cipherSuiteFlags) != 0) { WOLFSSL_ERROR_VERBOSE(PSK_KEY_ERROR); return PSK_KEY_ERROR; } @@ -4145,7 +4155,7 @@ int EchConfigGetSupportedCipherSuite(WOLFSSL_EchConfig* config) return i; } - return -1; + return WOLFSSL_FATAL_ERROR; } /* returns status after we hash the ech inner */ @@ -4153,7 +4163,11 @@ static int EchHashHelloInner(WOLFSSL* ssl, WOLFSSL_ECH* ech) { int ret; HS_Hashes* tmpHashes; +#ifdef WOLFSSL_DTLS13 + byte falseHeader[DTLS13_HANDSHAKE_HEADER_SZ]; +#else byte falseHeader[HANDSHAKE_HEADER_SZ]; +#endif if (ssl == NULL || ech == NULL) return BAD_FUNC_ARG; @@ -4415,14 +4429,14 @@ int SendTls13ClientHello(WOLFSSL* ssl) /* find length of outer and inner */ #if defined(HAVE_ECH) - if (ssl->options.useEch == 1) { + if (ssl->options.useEch == 1 && !ssl->options.disableECH) { TLSX* echX = TLSX_Find(ssl->extensions, TLSX_ECH); if (echX == NULL) - return -1; + return WOLFSSL_FATAL_ERROR; args->ech = (WOLFSSL_ECH*)echX->data; if (args->ech == NULL) - return -1; + return WOLFSSL_FATAL_ERROR; /* set the type to inner */ args->ech->type = ECH_TYPE_INNER; @@ -4455,8 +4469,17 @@ int SendTls13ClientHello(WOLFSSL* ssl) if (ret != 0) return ret; + /* Total message size. */ + args->sendSz = + (int)(args->length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ); + +#ifdef WOLFSSL_DTLS13 + if (ssl->options.dtls) + args->sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; +#endif /* WOLFSSL_DTLS13 */ + #ifdef WOLFSSL_DTLS_CH_FRAG - if (ssl->options.dtls && args->length > maxFrag && + if (ssl->options.dtls && args->sendSz > maxFrag && TLSX_Find(ssl->extensions, TLSX_COOKIE) == NULL) { /* Try again with an empty key share if we would be fragmenting * without a cookie */ @@ -4467,7 +4490,9 @@ int SendTls13ClientHello(WOLFSSL* ssl) ret = TLSX_GetRequestSize(ssl, client_hello, &args->length); if (ret != 0) return ret; - if (args->length > maxFrag) { + args->sendSz = (int)(args->length + + DTLS_HANDSHAKE_HEADER_SZ + DTLS_RECORD_HEADER_SZ); + if (args->sendSz > maxFrag) { WOLFSSL_MSG("Can't fit first CH in one fragment."); return BUFFER_ERROR; } @@ -4476,14 +4501,6 @@ int SendTls13ClientHello(WOLFSSL* ssl) #endif } - /* Total message size. */ - args->sendSz = (int)(args->length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ); - -#ifdef WOLFSSL_DTLS13 - if (ssl->options.dtls) - args->sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; -#endif /* WOLFSSL_DTLS13 */ - /* Check buffers are big enough and grow if needed. */ if ((ret = CheckAvailableSize(ssl, args->sendSz)) != 0) return ret; @@ -4563,7 +4580,7 @@ int SendTls13ClientHello(WOLFSSL* ssl) #if defined(HAVE_ECH) /* write inner then outer */ - if (ssl->options.useEch == 1) { + if (ssl->options.useEch == 1 && !ssl->options.disableECH) { /* set the type to inner */ args->ech->type = ECH_TYPE_INNER; @@ -4623,7 +4640,7 @@ int SendTls13ClientHello(WOLFSSL* ssl) #if defined(HAVE_ECH) /* encrypt and pack the ech innerClientHello */ - if (ssl->options.useEch == 1) { + if (ssl->options.useEch == 1 && !ssl->options.disableECH) { ret = TLSX_FinalizeEch(args->ech, args->output + RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ, (word32)(args->sendSz - (RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ))); @@ -4653,11 +4670,9 @@ int SendTls13ClientHello(WOLFSSL* ssl) { #if defined(HAVE_ECH) /* compute the inner hash */ - if (ssl->options.useEch == 1) { + if (ssl->options.useEch == 1 && !ssl->options.disableECH) ret = EchHashHelloInner(ssl, args->ech); - } #endif - /* compute the outer hash */ if (ret == 0) ret = HashOutput(ssl, args->output, (int)args->idx, 0); @@ -4815,7 +4830,7 @@ static int EchCheckAcceptance(WOLFSSL* ssl, const byte* input, break; #endif /* WOLFSSL_SM3 */ default: - ret = -1; + ret = WOLFSSL_FATAL_ERROR; break; } } @@ -4823,7 +4838,7 @@ static int EchCheckAcceptance(WOLFSSL* ssl, const byte* input, if (ret == 0) { PRIVATE_KEY_UNLOCK(); #if !defined(HAVE_FIPS) || \ - (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)) + (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(6,0)) ret = wc_HKDF_Extract_ex(digestType, zeros, (word32)digestSize, ssl->arrays->clientRandomInner, RAN_LEN, expandLabelPrk, ssl->heap, ssl->devId); @@ -4953,7 +4968,7 @@ static int EchWriteAcceptance(WOLFSSL* ssl, byte* output, break; #endif /* WOLFSSL_SM3 */ default: - ret = -1; + ret = WOLFSSL_FATAL_ERROR; break; } @@ -4961,7 +4976,7 @@ static int EchWriteAcceptance(WOLFSSL* ssl, byte* output, if (ret == 0) { PRIVATE_KEY_UNLOCK(); #if !defined(HAVE_FIPS) || \ - (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)) + (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(6,0)) ret = wc_HKDF_Extract_ex(digestType, zeros, (word32)digestSize, ssl->arrays->clientRandom, RAN_LEN, expandLabelPrk, ssl->heap, ssl->devId); @@ -5472,7 +5487,7 @@ int DoTls13ServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, #if defined(HAVE_ECH) /* check for acceptConfirmation and HashInput with 8 0 bytes */ - if (ssl->options.useEch == 1) { + if (ssl->options.useEch == 1 && !ssl->options.disableECH) { ret = EchCheckAcceptance(ssl, input, args->serverRandomOffset, (int)helloSz); if (ret != 0) return ret; @@ -5851,7 +5866,7 @@ int FindPskSuite(const WOLFSSL* ssl, PreSharedKey* psk, byte* psk_key, if (*psk_keySz != 0) { int cipherSuiteFlags = WOLFSSL_CIPHER_SUITE_FLAG_NONE; *found = (GetCipherSuiteFromName(cipherName, &cipherSuite0, - &cipherSuite, &cipherSuiteFlags) == 0); + &cipherSuite, NULL, NULL, &cipherSuiteFlags) == 0); (void)cipherSuiteFlags; } } @@ -6377,7 +6392,7 @@ int TlsCheckCookie(const WOLFSSL* ssl, const byte* cookie, word16 cookieSz) return HRR_COOKIE_ERROR; cookieSz -= macSz; - ret = wc_HmacInit(&cookieHmac, ssl->heap, INVALID_DEVID); + ret = wc_HmacInit(&cookieHmac, ssl->heap, ssl->devId); if (ret == 0) { ret = wc_HmacSetKey(&cookieHmac, cookieType, ssl->buffers.tls13CookieSecret.buffer, @@ -6932,12 +6947,12 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, goto exit_dch; #if defined(HAVE_ECH) - if (ssl->ctx->echConfigs != NULL) { + if (ssl->ctx->echConfigs != NULL && !ssl->options.disableECH) { /* save the start of the buffer so we can use it when parsing ech */ echX = TLSX_Find(ssl->extensions, TLSX_ECH); if (echX == NULL) - return -1; + return WOLFSSL_FATAL_ERROR; ((WOLFSSL_ECH*)echX->data)->aad = input + HANDSHAKE_HEADER_SZ; ((WOLFSSL_ECH*)echX->data)->aadLen = helloSz; @@ -7011,7 +7026,7 @@ int DoTls13ClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, if (ret != 0) goto exit_dch; #else - if ((ret = HashInput(ssl, input + args->begin, helloSz)) != 0) + if ((ret = HashInput(ssl, input + args->begin, (int)helloSz)) != 0) goto exit_dch; #endif @@ -7404,11 +7419,11 @@ int SendTls13ServerHello(WOLFSSL* ssl, byte extMsgType) #endif /* WOLFSSL_DTLS13 */ { #if defined(HAVE_ECH) - if (ssl->ctx->echConfigs != NULL) { + if (ssl->ctx->echConfigs != NULL && !ssl->options.disableECH) { echX = TLSX_Find(ssl->extensions, TLSX_ECH); if (echX == NULL) - return -1; + return WOLFSSL_FATAL_ERROR; /* replace the last 8 bytes of server random with the accept */ if (((WOLFSSL_ECH*)echX->data)->state == ECH_PARSED_INTERNAL) { @@ -7455,7 +7470,7 @@ int SendTls13ServerHello(WOLFSSL* ssl, byte extMsgType) } #endif /* WOLFSSL_DTLS13 */ - ssl->buffers.outputBuffer.length += sendSz; + ssl->buffers.outputBuffer.length += (word32)sendSz; if (!ssl->options.groupMessages || extMsgType != server_hello) ret = SendBuffered(ssl); @@ -7603,11 +7618,12 @@ static int SendTls13EncryptedExtensions(WOLFSSL* ssl) /* This handshake message is always encrypted. */ sendSz = BuildTls13Message(ssl, output, sendSz, output + RECORD_HEADER_SZ, - idx - RECORD_HEADER_SZ, handshake, 1, 0, 0); + (int)(idx - RECORD_HEADER_SZ), + handshake, 1, 0, 0); if (sendSz < 0) return sendSz; - ssl->buffers.outputBuffer.length += sendSz; + ssl->buffers.outputBuffer.length += (word32)sendSz; ssl->options.buildingMsg = 0; ssl->options.serverState = SERVER_ENCRYPTED_EXTENSIONS_COMPLETE; @@ -7633,7 +7649,7 @@ static int SendTls13EncryptedExtensions(WOLFSSL* ssl) * returns 0 on success, otherwise failure. */ static int SendTls13CertificateRequest(WOLFSSL* ssl, byte* reqCtx, - int reqCtxLen) + word32 reqCtxLen) { byte* output; int ret; @@ -7721,7 +7737,7 @@ static int SendTls13CertificateRequest(WOLFSSL* ssl, byte* reqCtx, /* Always encrypted. */ sendSz = BuildTls13Message(ssl, output, sendSz, output + RECORD_HEADER_SZ, - i - RECORD_HEADER_SZ, handshake, 1, 0, 0); + (int)(i - RECORD_HEADER_SZ), handshake, 1, 0, 0); if (sendSz < 0) return sendSz; @@ -7736,7 +7752,7 @@ static int SendTls13CertificateRequest(WOLFSSL* ssl, byte* reqCtx, } #endif - ssl->buffers.outputBuffer.length += sendSz; + ssl->buffers.outputBuffer.length += (word32)sendSz; ssl->options.buildingMsg = 0; if (!ssl->options.groupMessages) ret = SendBuffered(ssl); @@ -8403,6 +8419,75 @@ static word32 NextCert(byte* data, word32 length, word32* idx) return len; } +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) && !defined(NO_WOLFSSL_SERVER) +/* Write certificate status request into certificate to buffer. + * + * ssl SSL/TLS object. + * certExts DerBuffer array. buffers written + * extSz word32 array. + * Length of the certificate status request data for the certificate. + * extSz_num number of the CSR written + * extIdx The index number of certificate status request data + * for the certificate. + * offset index offset + * returns Total number of bytes written. + */ +static word32 WriteCSRToBuffer(WOLFSSL* ssl, DerBuffer** certExts, + word16* extSz, word16 extSz_num) +{ + int ret = 0; + TLSX* ext; + CertificateStatusRequest* csr; + word32 ex_offset = HELLO_EXT_TYPE_SZ + OPAQUE16_LEN /* extension type */ + + OPAQUE16_LEN /* extension length */; + word32 totalSz = 0; + word32 tmpSz; + word32 extIdx; + DerBuffer* der; + + ext = TLSX_Find(ssl->extensions, TLSX_STATUS_REQUEST); + csr = ext ? (CertificateStatusRequest*)ext->data : NULL; + + if (csr) { + for (extIdx = 0; extIdx < (word16)(extSz_num); extIdx++) { + tmpSz = TLSX_CSR_GetSize_ex(csr, 0, extIdx); + + if (tmpSz > (OPAQUE8_LEN + OPAQUE24_LEN) && + certExts[extIdx] == NULL) { + /* csr extension is not zero */ + extSz[extIdx] = tmpSz; + + ret = AllocDer(&certExts[extIdx], extSz[extIdx] + ex_offset, + CERT_TYPE, ssl->heap); + if (ret < 0) + return ret; + der = certExts[extIdx]; + + /* write extension type */ + c16toa(ext->type, der->buffer + + OPAQUE16_LEN); + /* writes extension data length. */ + c16toa(extSz[extIdx], der->buffer + + HELLO_EXT_TYPE_SZ + OPAQUE16_LEN); + /* write extension data */ + extSz[extIdx] = (word16)TLSX_CSR_Write_ex(csr, + der->buffer + ex_offset, 0, extIdx); + /* add extension offset */ + extSz[extIdx] += (word16)ex_offset; + /* extension length */ + c16toa(extSz[extIdx] - OPAQUE16_LEN, + der->buffer); + } + totalSz += extSz[extIdx]; + } + } + else { + /* chain cert empty extension size */ + totalSz += OPAQUE16_LEN * extSz_num; + } + return totalSz; +} +#endif /* HAVE_CERTIFICATE_STATUS_REQUEST */ /* Add certificate data and empty extension to output up to the fragment size. * * ssl SSL/TLS object. @@ -8412,10 +8497,11 @@ static word32 NextCert(byte* data, word32 length, word32* idx) * idx The start of the certificate data to write out. * fragSz The maximum size of this fragment. * output The buffer to write to. + * extIdx The index number of the extension data with the certificate * returns the number of bytes written. */ static word32 AddCertExt(WOLFSSL* ssl, byte* cert, word32 len, word16 extSz, - word32 idx, word32 fragSz, byte* output) + word32 idx, word32 fragSz, byte* output, word16 extIdx) { word32 i = 0; word32 copySz = min(len - idx, fragSz); @@ -8436,7 +8522,7 @@ static word32 AddCertExt(WOLFSSL* ssl, byte* cert, word32 len, word16 extSz, } } else { - byte* certExts = ssl->buffers.certExts->buffer + idx + i - len; + byte* certExts = ssl->buffers.certExts[extIdx]->buffer + idx + i - len; /* Put out as much of the extensions' data as will fit in fragment. */ if (copySz > fragSz - i) copySz = fragSz - i; @@ -8458,13 +8544,16 @@ static int SendTls13Certificate(WOLFSSL* ssl) { int ret = 0; word32 certSz, certChainSz, headerSz, listSz, payloadSz; - word16 extSz = 0; - word32 length, maxFragment; + word16 extSz[MAX_CERT_EXTENSIONS]; + word16 extIdx = 0; + word32 maxFragment; + word32 totalextSz = 0; word32 len = 0; word32 idx = 0; word32 offset = OPAQUE16_LEN; byte* p = NULL; byte certReqCtxLen = 0; + sword32 length; #ifdef WOLFSSL_POST_HANDSHAKE_AUTH byte* certReqCtx = NULL; #endif @@ -8477,6 +8566,8 @@ static int SendTls13Certificate(WOLFSSL* ssl) WOLFSSL_START(WC_FUNC_CERTIFICATE_SEND); WOLFSSL_ENTER("SendTls13Certificate"); + XMEMSET(extSz, 0, sizeof(extSz)); + ssl->options.buildingMsg = 1; #ifdef WOLFSSL_POST_HANDSHAKE_AUTH @@ -8506,11 +8597,11 @@ static int SendTls13Certificate(WOLFSSL* ssl) certSz = 0; certChainSz = 0; headerSz = OPAQUE8_LEN + certReqCtxLen + CERT_HEADER_SZ; - length = headerSz; + length = (sword32)headerSz; listSz = 0; } else { - if (!ssl->buffers.certificate) { + if (!ssl->buffers.certificate || !ssl->buffers.certificate->buffer) { WOLFSSL_MSG("Send Cert missing certificate buffer"); return NO_CERT_ERROR; } @@ -8519,35 +8610,42 @@ static int SendTls13Certificate(WOLFSSL* ssl) /* Cert Req Ctx Len | Cert Req Ctx | Cert List Len | Cert Data Len */ headerSz = OPAQUE8_LEN + certReqCtxLen + CERT_HEADER_SZ + CERT_HEADER_SZ; - - ret = TLSX_GetResponseSize(ssl, certificate, &extSz); - if (ret < 0) - return ret; - - /* Create extensions' data if none already present. */ - if (extSz > OPAQUE16_LEN && ssl->buffers.certExts == NULL) { - ret = AllocDer(&ssl->buffers.certExts, extSz, CERT_TYPE, ssl->heap); - if (ret < 0) - return ret; - - extSz = 0; - ret = TLSX_WriteResponse(ssl, ssl->buffers.certExts->buffer, - certificate, &extSz); + /* set empty extension as default */ + for (extIdx = 0; extIdx < (word16)XELEM_CNT(extSz); extIdx++) + extSz[extIdx] = OPAQUE16_LEN; + + #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) && !defined(NO_WOLFSSL_SERVER) + /* We only send CSR on the server side. On client side, the CSR data + * is populated with the server response. We would be sending the server + * its own stapling data. */ + if (ssl->options.side == WOLFSSL_SERVER_END) { + ret = WriteCSRToBuffer(ssl, &ssl->buffers.certExts[0], &extSz[0], + 1 /* +1 for leaf */ + ssl->buffers.certChainCnt); if (ret < 0) return ret; + totalextSz += ret; + ret = 0; /* Clear to signal no error */ + } + else + #endif + { + /* Leaf cert empty extension size */ + totalextSz += OPAQUE16_LEN; + /* chain cert empty extension size */ + totalextSz += OPAQUE16_LEN * ssl->buffers.certChainCnt; } /* Length of message data with one certificate and extensions. */ - length = headerSz + certSz + extSz; + length = (sword32)(headerSz + certSz + totalextSz); /* Length of list data with one certificate and extensions. */ - listSz = CERT_HEADER_SZ + certSz + extSz; + listSz = CERT_HEADER_SZ + certSz + totalextSz; /* Send rest of chain if sending cert (chain has leading size/s). */ if (certSz > 0 && ssl->buffers.certChainCnt > 0) { p = ssl->buffers.certChain->buffer; /* Chain length including extensions. */ - certChainSz = ssl->buffers.certChain->length + - OPAQUE16_LEN * ssl->buffers.certChainCnt; + certChainSz = ssl->buffers.certChain->length; + length += certChainSz; listSz += certChainSz; } @@ -8555,13 +8653,15 @@ static int SendTls13Certificate(WOLFSSL* ssl) certChainSz = 0; } - payloadSz = length; + payloadSz = (word32)length; if (ssl->fragOffset != 0) length -= (ssl->fragOffset + headerSz); maxFragment = (word32)wolfSSL_GetMaxFragSize(ssl, MAX_RECORD_SIZE); + extIdx = 0; + while (length > 0 && ret == 0) { byte* output = NULL; word32 fragSz = 0; @@ -8576,15 +8676,15 @@ static int SendTls13Certificate(WOLFSSL* ssl) #endif /* WOLFSSL_DTLS13 */ if (ssl->fragOffset == 0) { - if (headerSz + certSz + extSz + certChainSz <= + if (headerSz + certSz + totalextSz + certChainSz <= maxFragment - HANDSHAKE_HEADER_SZ) { - fragSz = headerSz + certSz + extSz + certChainSz; + fragSz = headerSz + certSz + totalextSz + certChainSz; } #ifdef WOLFSSL_DTLS13 else if (ssl->options.dtls){ /* short-circuit the fragmentation logic here. DTLS fragmentation will be done in dtls13HandshakeSend() */ - fragSz = headerSz + certSz + extSz + certChainSz; + fragSz = headerSz + certSz + totalextSz + certChainSz; } #endif /* WOLFSSL_DTLS13 */ else { @@ -8601,7 +8701,7 @@ static int SendTls13Certificate(WOLFSSL* ssl) #endif /* WOLFSSL_DTLS13 */ } else { - fragSz = min(length, maxFragment); + fragSz = min((word32)length, maxFragment); sendSz += fragSz; } @@ -8643,20 +8743,23 @@ static int SendTls13Certificate(WOLFSSL* ssl) else AddTls13RecordHeader(output, fragSz, handshake, ssl); - if (certSz > 0 && ssl->fragOffset < certSz + extSz) { - /* Put in the leaf certificate with extensions. */ - word32 copySz = AddCertExt(ssl, ssl->buffers.certificate->buffer, - certSz, extSz, ssl->fragOffset, fragSz, output + i); - i += copySz; - ssl->fragOffset += copySz; - length -= copySz; - fragSz -= copySz; - if (ssl->fragOffset == certSz + extSz) - FreeDer(&ssl->buffers.certExts); + if (extIdx == 0) { + if (certSz > 0 && ssl->fragOffset < certSz + extSz[0]) { + /* Put in the leaf certificate with extensions. */ + word32 copySz = AddCertExt(ssl, ssl->buffers.certificate->buffer, + certSz, extSz[0], ssl->fragOffset, fragSz, + output + i, 0); + i += copySz; + ssl->fragOffset += copySz; + length -= copySz; + fragSz -= copySz; + if (ssl->fragOffset == certSz + extSz[0]) + FreeDer(&ssl->buffers.certExts[0]); + } } if (certChainSz > 0 && fragSz > 0) { - /* Put in the CA certificates with empty extensions. */ - while (fragSz > 0) { + /* Put in the CA certificates with extensions. */ + while (fragSz > 0) { word32 l; if (offset == len + OPAQUE16_LEN) { @@ -8665,19 +8768,30 @@ static int SendTls13Certificate(WOLFSSL* ssl) /* Point to the start of current cert in chain buffer. */ p = ssl->buffers.certChain->buffer + idx; len = NextCert(ssl->buffers.certChain->buffer, - ssl->buffers.certChain->length, &idx); + ssl->buffers.certChain->length, &idx); if (len == 0) break; + #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) && \ + !defined(NO_WOLFSSL_SERVER) + if (MAX_CERT_EXTENSIONS > extIdx) + extIdx++; + #endif } - - /* Write out certificate and empty extension. */ - l = AddCertExt(ssl, p, len, OPAQUE16_LEN, offset, fragSz, - output + i); + /* Write out certificate and extension. */ + l = AddCertExt(ssl, p, len, extSz[extIdx], offset, fragSz, + output + i, extIdx); i += l; ssl->fragOffset += l; length -= l; fragSz -= l; offset += l; + + if (extIdx != 0 && extIdx < MAX_CERT_EXTENSIONS && + ssl->buffers.certExts[extIdx] != NULL && + offset == len + extSz[extIdx]) + FreeDer(&ssl->buffers.certExts[extIdx]); + /* for next chain cert */ + len += extSz[extIdx] - OPAQUE16_LEN; } } @@ -8699,7 +8813,8 @@ static int SendTls13Certificate(WOLFSSL* ssl) { /* This message is always encrypted. */ sendSz = BuildTls13Message(ssl, output, sendSz, - output + RECORD_HEADER_SZ, i - RECORD_HEADER_SZ, handshake, 1, + output + RECORD_HEADER_SZ, (int)(i - RECORD_HEADER_SZ), + handshake, 1, 0, 0); if (sendSz < 0) return sendSz; @@ -8715,14 +8830,14 @@ static int SendTls13Certificate(WOLFSSL* ssl) } #endif - ssl->buffers.outputBuffer.length += sendSz; + ssl->buffers.outputBuffer.length += (word32)sendSz; ssl->options.buildingMsg = 0; if (!ssl->options.groupMessages) ret = SendBuffered(ssl); } } - if (ret != WANT_WRITE) { + if (ret != WC_NO_ERR_TRACE(WANT_WRITE)) { /* Clean up the fragment offset. */ ssl->options.buildingMsg = 0; ssl->fragOffset = 0; @@ -8759,6 +8874,10 @@ typedef struct Scv13Args { byte sigAlgo; byte* sigData; word16 sigDataSz; +#ifndef NO_RSA + byte* toSign; /* not allocated */ + word32 toSignSz; +#endif #ifdef WOLFSSL_DUAL_ALG_CERTS byte altSigAlgo; word32 altSigLen; /* Only used in the case of both native and alt. */ @@ -8918,7 +9037,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl) if (ssl->buffers.key == NULL) { #ifdef HAVE_PK_CALLBACKS if (wolfSSL_CTX_IsPrivatePkSet(ssl->ctx)) - args->length = (word16)GetPrivateKeySigSize(ssl); + args->sigLen = (word16)GetPrivateKeySigSize(ssl); else #endif ERROR_OUT(NO_PRIVATE_KEY, exit_scv); @@ -9146,7 +9265,8 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl) #endif /* !NO_RSA */ #ifdef HAVE_ECC if (ssl->hsType == DYNAMIC_TYPE_ECC) { - args->sigLen = args->sendSz - args->idx - HASH_SIG_SIZE - + args->sigLen = (word32)args->sendSz - args->idx - + HASH_SIG_SIZE - VERIFY_HEADER; #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3) if (ssl->buffers.keyType != sm2_sa_algo) @@ -9313,7 +9433,17 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl) #endif /* HAVE_DILITHIUM */ #ifndef NO_RSA if (ssl->hsType == DYNAMIC_TYPE_RSA) { - ret = RsaSign(ssl, rsaSigBuf->buffer, (word32)rsaSigBuf->length, + args->toSign = rsaSigBuf->buffer; + args->toSignSz = (word32)rsaSigBuf->length; + #if defined(HAVE_PK_CALLBACKS) && \ + defined(TLS13_RSA_PSS_SIGN_CB_NO_PREHASH) + /* Pass full data to sign (args->sigData), not hash of */ + if (ssl->ctx->RsaPssSignCb) { + args->toSign = args->sigData; + args->toSignSz = args->sigDataSz; + } + #endif + ret = RsaSign(ssl, (const byte*)args->toSign, args->toSignSz, sigOut, &args->sigLen, args->sigAlgo, ssl->options.hashAlgo, (RsaKey*)ssl->hsKey, ssl->buffers.key); @@ -9357,10 +9487,20 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl) #endif /* HAVE_ECC */ #ifndef NO_RSA if (ssl->hsAltType == DYNAMIC_TYPE_RSA) { - ret = RsaSign(ssl, rsaSigBuf->buffer, - (word32)rsaSigBuf->length, sigOut, - &args->altSigLen, args->altSigAlgo, - ssl->options.hashAlgo, (RsaKey*)ssl->hsAltKey, + args->toSign = rsaSigBuf->buffer; + args->toSignSz = (word32)rsaSigBuf->length; + #if defined(HAVE_PK_CALLBACKS) && \ + defined(TLS13_RSA_PSS_SIGN_CB_NO_PREHASH) + /* Pass full data to sign (args->altSigData), not hash of */ + if (ssl->ctx->RsaPssSignCb) { + args->toSign = args->altSigData; + args->toSignSz = (word32)args->altSigDataSz; + } + #endif + ret = RsaSign(ssl, (const byte*)args->toSign, + args->toSignSz, sigOut, &args->altSigLen, + args->altSigAlgo, ssl->options.hashAlgo, + (RsaKey*)ssl->hsAltKey, ssl->buffers.altKey); if (ret == 0) { @@ -9551,7 +9691,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl) } #endif - ssl->buffers.outputBuffer.length += args->sendSz; + ssl->buffers.outputBuffer.length += (word32)args->sendSz; ssl->options.buildingMsg = 0; if (!ssl->options.groupMessages) ret = SendBuffered(ssl); @@ -10842,7 +10982,8 @@ static int SendTls13Finished(WOLFSSL* ssl) input = output + Dtls13GetRlHeaderLength(ssl, 1); #endif /* WOLFSSL_DTLS13 */ - AddTls13HandShakeHeader(input, (word32)finishedSz, 0, finishedSz, finished, ssl); + AddTls13HandShakeHeader(input, (word32)finishedSz, 0, (word32)finishedSz, + finished, ssl); #if defined(WOLFSSL_RENESAS_TSIP_TLS) if (ssl->options.side == WOLFSSL_CLIENT_END) { @@ -10903,7 +11044,7 @@ static int SendTls13Finished(WOLFSSL* ssl) dtlsRet = Dtls13HandshakeSend(ssl, output, (word16)outputSz, (word16)(Dtls13GetRlHeaderLength(ssl, 1) + headerSz + finishedSz), finished, 1); - if (dtlsRet != 0 && dtlsRet != WANT_WRITE) + if (dtlsRet != 0 && dtlsRet != WC_NO_ERR_TRACE(WANT_WRITE)) return ret; } else @@ -10927,7 +11068,7 @@ static int SendTls13Finished(WOLFSSL* ssl) } #endif - ssl->buffers.outputBuffer.length += sendSz; + ssl->buffers.outputBuffer.length += (word32)sendSz; ssl->options.buildingMsg = 0; } @@ -11067,7 +11208,7 @@ static int SendTls13Finished(WOLFSSL* ssl) * ssl The SSL/TLS object. * returns 0 on success, otherwise failure. */ -static int SendTls13KeyUpdate(WOLFSSL* ssl) +int SendTls13KeyUpdate(WOLFSSL* ssl) { byte* input; byte* output; @@ -11136,12 +11277,12 @@ static int SendTls13KeyUpdate(WOLFSSL* ssl) } #endif - ssl->buffers.outputBuffer.length += sendSz; + ssl->buffers.outputBuffer.length += (word32)sendSz; ret = SendBuffered(ssl); - if (ret != 0 && ret != WANT_WRITE) + if (ret != 0 && ret != WC_NO_ERR_TRACE(WANT_WRITE)) return ret; } @@ -11244,7 +11385,12 @@ static int DoTls13KeyUpdate(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } #endif /* WOLFSSL_DTLS13 */ +#ifndef WOLFSSL_RW_THREADED return SendTls13KeyUpdate(ssl); +#else + ssl->options.sendKeyUpdate = 1; + return 0; +#endif } WOLFSSL_LEAVE("DoTls13KeyUpdate", ret); @@ -12347,7 +12493,7 @@ int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx, { int ret = 0, tmp; word32 inIdx = *inOutIdx; - int alertType = invalid_alert; + int alertType; #if defined(HAVE_ECH) TLSX* echX = NULL; word32 echInOutIdx; @@ -12932,7 +13078,7 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl) #ifdef WOLFSSL_ASYNC_CRYPT /* do not send buffered or advance state if last error was an async pending operation */ - && ssl->error != WC_PENDING_E + && ssl->error != WC_NO_ERR_TRACE(WC_PENDING_E) #endif ) { if ((ret = SendBuffered(ssl)) == 0) { @@ -13086,6 +13232,14 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl) case HELLO_AGAIN_REPLY: /* Get the response/s from the server. */ while (ssl->options.serverState < SERVER_FINISHED_COMPLETE) { +#ifdef WOLFSSL_DTLS13 + if (!IsAtLeastTLSv1_3(ssl->version)) { + #ifndef WOLFSSL_NO_TLS12 + if (ssl->options.downgrade) + return wolfSSL_connect(ssl); + #endif + } +#endif /* WOLFSSL_DTLS13 */ if ((ssl->error = ProcessReply(ssl)) < 0) { WOLFSSL_ERROR(ssl->error); return WOLFSSL_FATAL_ERROR; @@ -13606,7 +13760,7 @@ int wolfSSL_update_keys(WOLFSSL* ssl) { int ret; ret = Tls13UpdateKeys(ssl); - if (ret == WANT_WRITE) + if (ret == WC_NO_ERR_TRACE(WANT_WRITE)) ret = WOLFSSL_ERROR_WANT_WRITE; else if (ret == 0) ret = WOLFSSL_SUCCESS; @@ -13707,7 +13861,7 @@ int wolfSSL_request_certificate(WOLFSSL* ssl) ssl->msgsReceived.got_finished = 0; ret = SendTls13CertificateRequest(ssl, &certReqCtx->ctx, certReqCtx->len); - if (ret == WANT_WRITE) + if (ret == WC_NO_ERR_TRACE(WANT_WRITE)) ret = WOLFSSL_ERROR_WANT_WRITE; else if (ret == 0) ret = WOLFSSL_SUCCESS; @@ -14062,7 +14216,7 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl) #ifdef WOLFSSL_ASYNC_CRYPT /* do not send buffered or advance state if last error was an async pending operation */ - && ssl->error != WC_PENDING_E + && ssl->error != WC_NO_ERR_TRACE(WC_PENDING_E) #endif ) { @@ -14440,7 +14594,7 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl) WOLFSSL_LEAVE("wolfSSL_accept", WOLFSSL_SUCCESS); return WOLFSSL_SUCCESS; - default : + default: WOLFSSL_MSG("Unknown accept state ERROR"); return WOLFSSL_FATAL_ERROR; } @@ -14674,7 +14828,7 @@ int wolfSSL_read_early_data(WOLFSSL* ssl, void* data, int sz, int* outSz) ret = ReceiveData(ssl, (byte*)data, sz, FALSE); if (ret > 0) *outSz = ret; - if (ssl->error == ZERO_RETURN) { + if (ssl->error == WC_NO_ERR_TRACE(ZERO_RETURN)) { ssl->error = WOLFSSL_ERROR_NONE; #ifdef WOLFSSL_DTLS13 if (ssl->options.dtls) { diff --git a/src/src/wolfio.c b/src/src/wolfio.c index 52e61a5..a632ff8 100644 --- a/src/src/wolfio.c +++ b/src/src/wolfio.c @@ -1,6 +1,6 @@ /* wolfio.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -41,6 +41,11 @@ #include #include +#ifdef NUCLEUS_PLUS_2_3 +/* Holds last Nucleus networking error number */ +int Nucleus_Net_Errno; +#endif + #if defined(USE_WOLFSSL_IO) || defined(HAVE_HTTP_CLIENT) #ifndef USE_WINDOWS_API #if defined(WOLFSSL_LWIP) && !defined(WOLFSSL_APACHE_MYNEWT) @@ -131,68 +136,65 @@ Possible IO enable options: #if defined(USE_WOLFSSL_IO) || defined(HAVE_HTTP_CLIENT) -/* Translates return codes returned from - * send() and recv() if need be. - */ -static WC_INLINE int TranslateReturnCode(int old, int sd) +static WC_INLINE int wolfSSL_LastError(int err, SOCKET_T sd) { (void)sd; -#if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) - if (old == 0) { - errno = SOCKET_EWOULDBLOCK; - return -1; /* convert to BSD style wouldblock as error */ - } - - if (old < 0) { - errno = RTCS_geterror(sd); - if (errno == RTCSERR_TCP_CONN_CLOSING) - return 0; /* convert to BSD style closing */ - if (errno == RTCSERR_TCP_CONN_RLSD) - errno = SOCKET_ECONNRESET; - if (errno == RTCSERR_TCP_TIMED_OUT) - errno = SOCKET_EAGAIN; - } -#elif defined(WOLFSSL_EMNET) - if (old < 0) { /* SOCKET_ERROR */ - /* Get the real socket error */ - IP_SOCK_getsockopt(sd, SOL_SOCKET, SO_ERROR, &old, (int)sizeof(old)); - } -#endif - - return old; -} - -static WC_INLINE int wolfSSL_LastError(int err) -{ - (void)err; /* Suppress unused arg */ + if (err > 0) + return 0; #ifdef USE_WINDOWS_API return WSAGetLastError(); #elif defined(EBSNET) return xn_getlasterror(); #elif defined(WOLFSSL_LINUXKM) || defined(WOLFSSL_EMNET) - return err; /* Return provided error value */ + return -err; /* Return provided error value with corrected sign. */ #elif defined(FUSION_RTOS) #include return FCL_GET_ERRNO; +#elif defined(NUCLEUS_PLUS_2_3) + return Nucleus_Net_Errno; +#elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) + if ((err == 0) || (err == -SOCKET_EWOULDBLOCK)) { + return SOCKET_EWOULDBLOCK; /* convert to BSD style wouldblock */ + } else { + err = RTCS_geterror(sd); + if ((err == RTCSERR_TCP_CONN_CLOSING) || + (err == RTCSERR_TCP_CONN_RLSD)) + { + err = SOCKET_ECONNRESET; + } + return err; + } +#elif defined(WOLFSSL_EMNET) + /* Get the real socket error */ + IP_SOCK_getsockopt(sd, SOL_SOCKET, SO_ERROR, &err, (int)sizeof(old)); + return err; #else return errno; #endif } -static int TranslateIoError(int err) +/* Translates return codes returned from + * send(), recv(), and other network I/O calls. + */ +static int TranslateIoReturnCode(int err, SOCKET_T sd, int direction) { #ifdef _WIN32 size_t errstr_offset; char errstr[WOLFSSL_STRERROR_BUFFER_SIZE]; #endif /* _WIN32 */ - +#if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) if (err > 0) return err; +#else + if (err >= 0) + return err; +#endif + + err = wolfSSL_LastError(err, sd); - err = wolfSSL_LastError(err); #if SOCKET_EWOULDBLOCK != SOCKET_EAGAIN if ((err == SOCKET_EWOULDBLOCK) || (err == SOCKET_EAGAIN)) #else @@ -200,8 +202,26 @@ static int TranslateIoError(int err) #endif { WOLFSSL_MSG("\tWould block"); - return WOLFSSL_CBIO_ERR_WANT_READ; + if (direction == SOCKET_SENDING) + return WOLFSSL_CBIO_ERR_WANT_WRITE; + else if (direction == SOCKET_RECEIVING) + return WOLFSSL_CBIO_ERR_WANT_READ; + else + return WOLFSSL_CBIO_ERR_GENERAL; } + +#ifdef SOCKET_ETIMEDOUT + else if (err == SOCKET_ETIMEDOUT) { + WOLFSSL_MSG("\tTimed out"); + if (direction == SOCKET_SENDING) + return WOLFSSL_CBIO_ERR_WANT_WRITE; + else if (direction == SOCKET_RECEIVING) + return WOLFSSL_CBIO_ERR_WANT_READ; + else + return WOLFSSL_CBIO_ERR_TIMEOUT; + } +#endif + else if (err == SOCKET_ECONNRESET) { WOLFSSL_MSG("\tConnection reset"); return WOLFSSL_CBIO_ERR_CONN_RST; @@ -239,56 +259,58 @@ static int TranslateIoError(int err) #ifdef OPENSSL_EXTRA #ifndef NO_BIO -/* Use the WOLFSSL read BIO for receiving data. This is set by the function - * wolfSSL_set_bio and can also be set by wolfSSL_CTX_SetIORecv. - * - * ssl WOLFSSL struct passed in that has this function set as the receive - * callback. - * buf buffer to fill with data read - * sz size of buf buffer - * ctx a user set context - * - * returns the amount of data read or want read. See WOLFSSL_CBIO_ERR_* values. - */ + +int BioSend(WOLFSSL* ssl, char *buf, int sz, void *ctx) +{ + return SslBioSend(ssl, buf, sz, ctx); +} + int BioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx) { - int recvd = WOLFSSL_CBIO_ERR_GENERAL; + return SslBioReceive(ssl, buf, sz, ctx); +} + +int BioReceiveInternal(WOLFSSL_BIO* biord, WOLFSSL_BIO* biowr, char* buf, + int sz) +{ + int recvd = WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_GENERAL); - WOLFSSL_ENTER("BioReceive"); + WOLFSSL_ENTER("SslBioReceive"); - if (ssl->biord == NULL) { + if (biord == NULL) { WOLFSSL_MSG("WOLFSSL biord not set"); return WOLFSSL_CBIO_ERR_GENERAL; } - recvd = wolfSSL_BIO_read(ssl->biord, buf, sz); + recvd = wolfSSL_BIO_read(biord, buf, sz); if (recvd <= 0) { if (/* ssl->biowr->wrIdx is checked for Bind9 */ - wolfSSL_BIO_method_type(ssl->biowr) == WOLFSSL_BIO_BIO && - wolfSSL_BIO_wpending(ssl->biowr) != 0 && + wolfSSL_BIO_method_type(biowr) == WOLFSSL_BIO_BIO && + wolfSSL_BIO_wpending(biowr) != 0 && /* Not sure this pending check is necessary but let's double * check that the read BIO is empty before we signal a write * need */ - wolfSSL_BIO_supports_pending(ssl->biord) && - wolfSSL_BIO_ctrl_pending(ssl->biord) == 0) { + wolfSSL_BIO_supports_pending(biord) && + wolfSSL_BIO_ctrl_pending(biord) == 0) { /* Let's signal to the app layer that we have * data pending that needs to be sent. */ return WOLFSSL_CBIO_ERR_WANT_WRITE; } - else if (ssl->biord->type == WOLFSSL_BIO_SOCKET) { + else if (biord->type == WOLFSSL_BIO_SOCKET) { if (recvd == 0) { - WOLFSSL_MSG("BioReceive connection closed"); + WOLFSSL_MSG("SslBioReceive connection closed"); return WOLFSSL_CBIO_ERR_CONN_CLOSE; } #ifdef USE_WOLFSSL_IO - recvd = TranslateIoError(recvd); + recvd = TranslateIoReturnCode(recvd, biord->num.fd, + SOCKET_RECEIVING); #endif return recvd; } /* If retry and read flags are set, return WANT_READ */ - if ((ssl->biord->flags & WOLFSSL_BIO_FLAG_READ) && - (ssl->biord->flags & WOLFSSL_BIO_FLAG_RETRY)) { + if ((biord->flags & WOLFSSL_BIO_FLAG_READ) && + (biord->flags & WOLFSSL_BIO_FLAG_RETRY)) { return WOLFSSL_CBIO_ERR_WANT_READ; } @@ -296,10 +318,27 @@ int BioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx) return WOLFSSL_CBIO_ERR_GENERAL; } - (void)ctx; return recvd; } +/* Use the WOLFSSL read BIO for receiving data. This is set by the function + * wolfSSL_set_bio and can also be set by wolfSSL_CTX_SetIORecv. + * + * ssl WOLFSSL struct passed in that has this function set as the receive + * callback. + * buf buffer to fill with data read + * sz size of buf buffer + * ctx a user set context + * + * returns the amount of data read or want read. See WOLFSSL_CBIO_ERR_* values. + */ +int SslBioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx) +{ + WOLFSSL_ENTER("SslBioReceive"); + (void)ctx; + return BioReceiveInternal(ssl->biord, ssl->biowr, buf, sz); +} + /* Use the WOLFSSL write BIO for sending data. This is set by the function * wolfSSL_set_bio and can also be set by wolfSSL_CTX_SetIOSend. @@ -311,11 +350,11 @@ int BioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx) * * returns the amount of data sent or want send. See WOLFSSL_CBIO_ERR_* values. */ -int BioSend(WOLFSSL* ssl, char *buf, int sz, void *ctx) +int SslBioSend(WOLFSSL* ssl, char *buf, int sz, void *ctx) { - int sent = WOLFSSL_CBIO_ERR_GENERAL; + int sent = WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_GENERAL); - WOLFSSL_ENTER("BioSend"); + WOLFSSL_ENTER("SslBioSend"); if (ssl->biowr == NULL) { WOLFSSL_MSG("WOLFSSL biowr not set"); @@ -326,7 +365,8 @@ int BioSend(WOLFSSL* ssl, char *buf, int sz, void *ctx) if (sent <= 0) { if (ssl->biowr->type == WOLFSSL_BIO_SOCKET) { #ifdef USE_WOLFSSL_IO - sent = TranslateIoError(sent); + sent = TranslateIoReturnCode(sent, ssl->biowr->num.fd, + SOCKET_SENDING); #endif return sent; } @@ -370,7 +410,6 @@ int EmbedReceive(WOLFSSL *ssl, char *buf, int sz, void *ctx) recvd = wolfIO_Recv(sd, buf, sz, ssl->rflags); if (recvd < 0) { WOLFSSL_MSG("Embed Receive error"); - return TranslateIoError(recvd); } else if (recvd == 0) { WOLFSSL_MSG("Embed receive connection closed"); @@ -400,7 +439,6 @@ int EmbedSend(WOLFSSL* ssl, char *buf, int sz, void *ctx) sent = wolfIO_Send(sd, buf, sz, ssl->wflags); if (sent < 0) { WOLFSSL_MSG("Embed Send error"); - return TranslateIoError(sent); } return sent; @@ -411,6 +449,110 @@ int EmbedSend(WOLFSSL* ssl, char *buf, int sz, void *ctx) #include +#if defined(NUCLEUS_PLUS_2_3) +STATIC INT32 nucyassl_recv(INT sd, CHAR *buf, UINT16 sz, INT16 flags) +{ + int recvd; + + /* Read data from socket */ + recvd = NU_Recv(sd, buf, sz, flags); + if (recvd < 0) { + if (recvd == NU_NOT_CONNECTED) { + recvd = 0; + } else { + Nucleus_Net_Errno = recvd; + recvd = WOLFSSL_FATAL_ERROR; + } + } else { + Nucleus_Net_Errno = 0; + } + + return (recvd); +} + + +STATIC int nucyassl_send(INT sd, CHAR *buf, UINT16 sz, INT16 flags) +{ + int sent; + + /* Write data to socket */ + sent = NU_Send(sd, buf, sz, flags); + + if (sent < 0) { + Nucleus_Net_Errno = sent; + sent = WOLFSSL_FATAL_ERROR; + } else { + Nucleus_Net_Errno = 0; + } + + return sent; +} + +#define SELECT_FUNCTION nucyassl_select + +int nucyassl_select(INT sd, UINT32 timeout) +{ + FD_SET readfs; + STATUS status; + + /* Init fs data for socket */ + NU_FD_Init(&readfs); + NU_FD_Set(sd, &readfs); + + /* Wait for data to arrive */ + status = NU_Select((sd + 1), &readfs, NU_NULL, NU_NULL, + (timeout * NU_TICKS_PER_SECOND)); + + if (status < 0) { + Nucleus_Net_Errno = status; + status = WOLFSSL_FATAL_ERROR; + } + + return status; +} + +#define sockaddr_storage addr_struct +#define sockaddr addr_struct + +STATIC INT32 nucyassl_recvfrom(INT sd, CHAR *buf, UINT16 sz, INT16 flags, + SOCKADDR *peer, XSOCKLENT *peersz) +{ + int recvd; + + memset(peer, 0, sizeof(struct addr_struct)); + + recvd = NU_Recv_From(sd, buf, sz, flags, (struct addr_struct *) peer, + (INT16*) peersz); + if (recvd < 0) { + Nucleus_Net_Errno = recvd; + recvd = WOLFSSL_FATAL_ERROR; + } else { + Nucleus_Net_Errno = 0; + } + + return recvd; + +} + +STATIC int nucyassl_sendto(INT sd, CHAR *buf, UINT16 sz, INT16 flags, + const SOCKADDR *peer, INT16 peersz) +{ + int sent; + + sent = NU_Send_To(sd, buf, sz, flags, (const struct addr_struct *) peer, + peersz); + + if (sent < 0) { + Nucleus_Net_Errno = sent; + sent = WOLFSSL_FATAL_ERROR; + } else { + Nucleus_Net_Errno = 0; + } + + return sent; +} +#endif /* NUCLEUS_PLUS_2_3 */ + #ifndef DTLS_SENDTO_FUNCTION #define DTLS_SENDTO_FUNCTION sendto #endif @@ -508,6 +650,7 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx) #elif !defined(DTLS_RECEIVEFROM_NO_TIMEOUT_ON_INVALID_PEER) word32 invalidPeerPackets = 0; #endif + int newPeer = 0; WOLFSSL_ENTER("EmbedReceiveFrom"); @@ -535,8 +678,13 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx) dtlsCtx->peer.bufSz = sizeof(SOCKADDR_S); else dtlsCtx->peer.bufSz = 0; + newPeer = 1; + peer = (SOCKADDR_S*)dtlsCtx->peer.sa; + } + else { + peer = &lclPeer; + XMEMCPY(peer, (SOCKADDR_S*)dtlsCtx->peer.sa, sizeof(lclPeer)); } - peer = (SOCKADDR_S*)dtlsCtx->peer.sa; peerSz = dtlsCtx->peer.bufSz; } @@ -546,9 +694,20 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx) #ifdef WOLFSSL_DTLS13 if (ssl->options.dtls && IsAtLeastTLSv1_3(ssl->version)) { - doDtlsTimeout = - doDtlsTimeout || ssl->dtls13Rtx.rtxRecords != NULL || + doDtlsTimeout = doDtlsTimeout || ssl->dtls13Rtx.rtxRecords != NULL; +#ifdef WOLFSSL_RW_THREADED + { + int ret = wc_LockMutex(&ssl->dtls13Rtx.mutex); + if (ret < 0) { + return ret; + } + } +#endif + doDtlsTimeout = doDtlsTimeout || (ssl->dtls13FastTimeout && ssl->dtls13Rtx.seenRecords != NULL); +#ifdef WOLFSSL_RW_THREADED + wc_UnLockMutex(&ssl->dtls13Rtx.mutex); +#endif } #endif /* WOLFSSL_DTLS13 */ @@ -635,12 +794,11 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx) peerSz = (XSOCKLENT)dtlsCtx->peer.bufSz; } - recvd = TranslateReturnCode(recvd, sd); + recvd = TranslateIoReturnCode(recvd, sd, SOCKET_RECEIVING); if (recvd < 0) { WOLFSSL_MSG("Embed Receive From error"); - recvd = TranslateIoError(recvd); - if (recvd == WOLFSSL_CBIO_ERR_WANT_READ && + if (recvd == WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_WANT_READ) && !wolfSSL_dtls_get_using_nonblock(ssl)) { recvd = WOLFSSL_CBIO_ERR_TIMEOUT; } @@ -681,8 +839,16 @@ int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx) } } else { - /* Store size of saved address */ - dtlsCtx->peer.sz = peerSz; + if (newPeer) { + /* Store size of saved address */ + dtlsCtx->peer.sz = peerSz; + } +#ifndef WOLFSSL_PEER_ADDRESS_CHANGES + else if ((dtlsCtx->peer.sz != (unsigned int)peerSz) || + (XMEMCMP(peer, dtlsCtx->peer.sa, peerSz) != 0)) { + return WOLFSSL_CBIO_ERR_GENERAL; + } +#endif } #ifndef NO_ASN_TIME ssl->dtls_start_timeout = 0; @@ -724,11 +890,10 @@ int EmbedSendTo(WOLFSSL* ssl, char *buf, int sz, void *ctx) sent = (int)DTLS_SENDTO_FUNCTION(sd, buf, (size_t)sz, ssl->wflags, (const SOCKADDR*)peer, peerSz); - sent = TranslateReturnCode(sent, sd); + sent = TranslateIoReturnCode(sent, sd, SOCKET_SENDING); if (sent < 0) { WOLFSSL_MSG("Embed Send To error"); - return TranslateIoError(sent); } return sent; @@ -750,16 +915,14 @@ int EmbedReceiveFromMcast(WOLFSSL *ssl, char *buf, int sz, void *ctx) recvd = (int)DTLS_RECVFROM_FUNCTION(sd, buf, (size_t)sz, ssl->rflags, NULL, NULL); - recvd = TranslateReturnCode(recvd, sd); + recvd = TranslateIoReturnCode(recvd, sd, SOCKET_RECEIVING); if (recvd < 0) { WOLFSSL_MSG("Embed Receive From error"); - recvd = TranslateIoError(recvd); - if (recvd == WOLFSSL_CBIO_ERR_WANT_READ && + if (recvd == WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_WANT_READ) && !wolfSSL_dtls_get_using_nonblock(ssl)) { recvd = WOLFSSL_CBIO_ERR_TIMEOUT; } - return recvd; } return recvd; @@ -987,7 +1150,7 @@ int wolfIO_Recv(SOCKET_T sd, char *buf, int sz, int rdFlags) int recvd; recvd = (int)RECV_FUNCTION(sd, buf, (size_t)sz, rdFlags); - recvd = TranslateReturnCode(recvd, (int)sd); + recvd = TranslateIoReturnCode(recvd, sd, SOCKET_RECEIVING); return recvd; } @@ -997,11 +1160,41 @@ int wolfIO_Send(SOCKET_T sd, char *buf, int sz, int wrFlags) int sent; sent = (int)SEND_FUNCTION(sd, buf, (size_t)sz, wrFlags); - sent = TranslateReturnCode(sent, (int)sd); + sent = TranslateIoReturnCode(sent, sd, SOCKET_SENDING); return sent; } +#if defined(WOLFSSL_HAVE_BIO_ADDR) && defined(WOLFSSL_DTLS) && defined(OPENSSL_EXTRA) + +int wolfIO_RecvFrom(SOCKET_T sd, WOLFSSL_BIO_ADDR *addr, char *buf, int sz, int rdFlags) +{ + int recvd; + socklen_t addr_len = (socklen_t)sizeof(*addr); + + recvd = (int)DTLS_RECVFROM_FUNCTION(sd, buf, (size_t)sz, rdFlags, + addr ? &addr->sa : NULL, + addr ? &addr_len : 0); + recvd = TranslateIoReturnCode(recvd, sd, SOCKET_RECEIVING); + + return recvd; +} + +int wolfIO_SendTo(SOCKET_T sd, WOLFSSL_BIO_ADDR *addr, char *buf, int sz, int wrFlags) +{ + int sent; + socklen_t addr_len = addr ? wolfSSL_BIO_ADDR_size(addr) : 0; + + sent = (int)DTLS_SENDTO_FUNCTION(sd, buf, (size_t)sz, wrFlags, + addr ? &addr->sa : NULL, + addr_len); + sent = TranslateIoReturnCode(sent, sd, SOCKET_SENDING); + + return sent; +} + +#endif /* WOLFSSL_HAVE_BIO_ADDR && WOLFSSL_DTLS && OPENSSL_EXTRA */ + #endif /* USE_WOLFSSL_IO */ @@ -1030,7 +1223,7 @@ int wolfIO_Send(SOCKET_T sd, char *buf, int sz, int wrFlags) unsigned long blocking = non_blocking; ret = ioctlsocket(sockfd, FIONBIO, &blocking); if (ret == SOCKET_ERROR) - ret = -1; + ret = WOLFSSL_FATAL_ERROR; #else ret = fcntl(sockfd, F_GETFL, 0); if (ret >= 0) { @@ -1060,7 +1253,7 @@ int wolfIO_Send(SOCKET_T sd, char *buf, int sz, int wrFlags) if ((sockfd < 0) || (sockfd >= FD_SETSIZE)) { WOLFSSL_MSG("socket fd out of FDSET range"); - return -1; + return WOLFSSL_FATAL_ERROR; } #endif @@ -1146,7 +1339,7 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec) #endif /* HAVE_SOCKADDR */ if (sockfd == NULL || ip == NULL) { - return -1; + return WOLFSSL_FATAL_ERROR; } #if !defined(HAVE_GETADDRINFO) @@ -1175,12 +1368,12 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec) if (wolfIO_Word16ToString(strPort, port) == 0) { WOLFSSL_MSG("invalid port number for responder"); - return -1; + return WOLFSSL_FATAL_ERROR; } if (getaddrinfo(ip, strPort, &hints, &answer) < 0 || answer == NULL) { WOLFSSL_MSG("no addr info for responder"); - return -1; + return WOLFSSL_FATAL_ERROR; } sockaddr_len = answer->ai_addrlen; @@ -1244,7 +1437,7 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec) } else { WOLFSSL_MSG("no addr info for responder"); - return -1; + return WOLFSSL_FATAL_ERROR; } } #else @@ -1284,7 +1477,7 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec) if (entry == NULL) { WOLFSSL_MSG("no addr info for responder"); - return -1; + return WOLFSSL_FATAL_ERROR; } #endif @@ -1297,7 +1490,7 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec) { WOLFSSL_MSG("bad socket fd, out of fds?"); *sockfd = SOCKET_INVALID; - return -1; + return WOLFSSL_FATAL_ERROR; } #ifdef HAVE_IO_TIMEOUT @@ -1313,7 +1506,8 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec) #ifdef HAVE_IO_TIMEOUT if ((ret != 0) && (to_sec > 0)) { #ifdef USE_WINDOWS_API - if ((ret == SOCKET_ERROR) && (wolfSSL_LastError(ret) == WSAEWOULDBLOCK)) + if ((ret == SOCKET_ERROR) && + (wolfSSL_LastError(ret, *sockfd) == SOCKET_EWOULDBLOCK)) #else if (errno == EINPROGRESS) #endif @@ -1330,7 +1524,7 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec) WOLFSSL_MSG("Responder tcp connect failed"); CloseSocket(*sockfd); *sockfd = SOCKET_INVALID; - return -1; + return WOLFSSL_FATAL_ERROR; } return ret; #else @@ -1338,7 +1532,7 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec) (void)ip; (void)port; (void)to_sec; - return -1; + return WOLFSSL_FATAL_ERROR; #endif /* HAVE_SOCKADDR */ } @@ -1351,7 +1545,7 @@ int wolfIO_TcpBind(SOCKET_T* sockfd, word16 port) SOCKADDR_IN *sin = (SOCKADDR_IN *)&addr; if (sockfd == NULL || port < 1) { - return -1; + return WOLFSSL_FATAL_ERROR; } XMEMSET(&addr, 0, sizeof(addr)); @@ -1369,7 +1563,7 @@ int wolfIO_TcpBind(SOCKET_T* sockfd, word16 port) { WOLFSSL_MSG("socket failed"); *sockfd = SOCKET_INVALID; - return -1; + return WOLFSSL_FATAL_ERROR; } #if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_MDK_ARM)\ @@ -1390,14 +1584,14 @@ int wolfIO_TcpBind(SOCKET_T* sockfd, word16 port) WOLFSSL_MSG("wolfIO_TcpBind failed"); CloseSocket(*sockfd); *sockfd = SOCKET_INVALID; - ret = -1; + ret = WOLFSSL_FATAL_ERROR; } return ret; #else (void)sockfd; (void)port; - return -1; + return WOLFSSL_FATAL_ERROR; #endif /* HAVE_SOCKADDR */ } @@ -1477,7 +1671,7 @@ int wolfIO_DecodeUrl(const char* url, int urlSz, char* outName, char* outPath, } for (j = 0; j < i; j++) { - if (port[j] < '0' || port[j] > '9') return -1; + if (port[j] < '0' || port[j] > '9') return WOLFSSL_FATAL_ERROR; bigPort = (bigPort * 10) + (word32)(port[j] - '0'); } if (outPort) @@ -1508,8 +1702,9 @@ int wolfIO_DecodeUrl(const char* url, int urlSz, char* outName, char* outPath, return result; } -static int wolfIO_HttpProcessResponseBuf(int sfd, byte **recvBuf, - int* recvBufSz, int chunkSz, char* start, int len, int dynType, void* heap) +static int wolfIO_HttpProcessResponseBuf(WolfSSLGenericIORecvCb ioCb, + void* ioCbCtx, byte **recvBuf, int* recvBufSz, int chunkSz, char* start, + int len, int dynType, void* heap) { byte* newRecvBuf = NULL; int newRecvSz = *recvBufSz + chunkSz; @@ -1556,13 +1751,13 @@ static int wolfIO_HttpProcessResponseBuf(int sfd, byte **recvBuf, else { WOLFSSL_MSG("wolfIO_HttpProcessResponseBuf bad size"); XFREE(newRecvBuf, heap, dynType); - return -1; + return WOLFSSL_FATAL_ERROR; } } /* receive the remainder of chunk */ while (len < chunkSz) { - int rxSz = wolfIO_Recv(sfd, (char*)&newRecvBuf[pos], chunkSz-len, 0); + int rxSz = ioCb((char*)&newRecvBuf[pos], chunkSz-len, ioCbCtx); if (rxSz > 0) { len += rxSz; pos += rxSz; @@ -1570,7 +1765,7 @@ static int wolfIO_HttpProcessResponseBuf(int sfd, byte **recvBuf, else { WOLFSSL_MSG("wolfIO_HttpProcessResponseBuf recv failed"); XFREE(newRecvBuf, heap, dynType); - return -1; + return WOLFSSL_FATAL_ERROR; } } @@ -1580,8 +1775,9 @@ static int wolfIO_HttpProcessResponseBuf(int sfd, byte **recvBuf, return 0; } -int wolfIO_HttpProcessResponse(int sfd, const char** appStrList, - byte** respBuf, byte* httpBuf, int httpBufSz, int dynType, void* heap) +int wolfIO_HttpProcessResponseGenericIO(WolfSSLGenericIORecvCb ioCb, + void* ioCbCtx, const char** appStrList, unsigned char** respBuf, + unsigned char* httpBuf, int httpBufSz, int dynType, void* heap) { static const char HTTP_PROTO[] = "HTTP/1."; static const char HTTP_STATUS_200[] = "200"; @@ -1602,8 +1798,8 @@ int wolfIO_HttpProcessResponse(int sfd, const char** appStrList, do { if (state == phr_get_chunk_data) { /* get chunk of data */ - result = wolfIO_HttpProcessResponseBuf(sfd, respBuf, &respBufSz, - chunkSz, start, len, dynType, heap); + result = wolfIO_HttpProcessResponseBuf(ioCb, ioCbCtx, respBuf, + &respBufSz, chunkSz, start, len, dynType, heap); state = (result != 0) ? phr_http_end : phr_get_chunk_len; end = NULL; @@ -1617,16 +1813,14 @@ int wolfIO_HttpProcessResponse(int sfd, const char** appStrList, * can. */ } - result = wolfIO_Recv(sfd, (char*)httpBuf+len, httpBufSz-len-1, 0); + result = ioCb((char*)httpBuf+len, httpBufSz-len-1, ioCbCtx); if (result > 0) { len += result; start = (char*)httpBuf; start[len] = 0; } else { - result = TranslateReturnCode(result, sfd); - result = wolfSSL_LastError(result); - if (result == SOCKET_EWOULDBLOCK || result == SOCKET_EAGAIN) { + if (result == WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_WANT_READ)) { return OCSP_WANT_READ; } @@ -1745,8 +1939,8 @@ int wolfIO_HttpProcessResponse(int sfd, const char** appStrList, } while (state != phr_http_end); if (!isChunked) { - result = wolfIO_HttpProcessResponseBuf(sfd, respBuf, &respBufSz, chunkSz, - start, len, dynType, heap); + result = wolfIO_HttpProcessResponseBuf(ioCb, ioCbCtx, respBuf, + &respBufSz, chunkSz, start, len, dynType, heap); } if (result >= 0) { @@ -1758,6 +1952,22 @@ int wolfIO_HttpProcessResponse(int sfd, const char** appStrList, return result; } + +static int httpResponseIoCb(char* buf, int sz, void* ctx) +{ + /* Double cast to silence the compiler int/pointer width msg */ + return wolfIO_Recv((SOCKET_T)(uintptr_t)ctx, buf, sz, 0); +} + +int wolfIO_HttpProcessResponse(int sfd, const char** appStrList, + byte** respBuf, byte* httpBuf, int httpBufSz, int dynType, void* heap) +{ + return wolfIO_HttpProcessResponseGenericIO(httpResponseIoCb, + /* Double cast to silence the compiler int/pointer width msg */ + (void*)(uintptr_t)sfd, appStrList, respBuf, httpBuf, httpBufSz, + dynType, heap); +} + int wolfIO_HttpBuildRequest(const char *reqType, const char *domainName, const char *path, int pathLen, int reqSz, const char *contentType, byte *buf, int bufSize) @@ -1879,17 +2089,25 @@ int wolfIO_HttpBuildRequestOcsp(const char* domainName, const char* path, ocspReqSz, "application/ocsp-request", cacheCtl, buf, bufSize); } +static const char* ocspAppStrList[] = { + "application/ocsp-response", + NULL +}; + +WOLFSSL_API int wolfIO_HttpProcessResponseOcspGenericIO( + WolfSSLGenericIORecvCb ioCb, void* ioCbCtx, unsigned char** respBuf, + unsigned char* httpBuf, int httpBufSz, void* heap) +{ + return wolfIO_HttpProcessResponseGenericIO(ioCb, ioCbCtx, + ocspAppStrList, respBuf, httpBuf, httpBufSz, DYNAMIC_TYPE_OCSP, heap); +} + /* return: >0 OCSP Response Size * -1 error */ int wolfIO_HttpProcessResponseOcsp(int sfd, byte** respBuf, byte* httpBuf, int httpBufSz, void* heap) { - const char* appStrList[] = { - "application/ocsp-response", - NULL - }; - - return wolfIO_HttpProcessResponse(sfd, appStrList, + return wolfIO_HttpProcessResponse(sfd, ocspAppStrList, respBuf, httpBuf, httpBufSz, DYNAMIC_TYPE_OCSP, heap); } @@ -1976,8 +2194,7 @@ int EmbedOcspLookup(void* ctx, const char* url, int urlSz, /* in default callback ctx is heap hint */ void EmbedOcspRespFree(void* ctx, byte *resp) { - if (resp) - XFREE(resp, ctx, DYNAMIC_TYPE_OCSP); + XFREE(resp, ctx, DYNAMIC_TYPE_OCSP); (void)ctx; } @@ -2862,7 +3079,7 @@ int uIPReceive(WOLFSSL *ssl, char *buf, int sz, void *_ctx) { uip_wolfssl_ctx *ctx = (uip_wolfssl_ctx *)_ctx; if (!ctx || !ctx->ssl_rx_databuf) - return -1; + return WOLFSSL_FATAL_ERROR; (void)ssl; if (ctx->ssl_rb_len > 0) { if (sz > ctx->ssl_rb_len - ctx->ssl_rb_off) @@ -3014,7 +3231,7 @@ int LwIPNativeSend(WOLFSSL* ssl, char* buf, int sz, void* ctx) ret = tcp_write(nlwip->pcb, buf, sz, TCP_WRITE_FLAG_COPY); if (ret != ERR_OK) { - sz = -1; + sz = WOLFSSL_FATAL_ERROR; } return sz; diff --git a/src/src/x509.c b/src/src/x509.c index 72a4f37..18feff0 100644 --- a/src/src/x509.c +++ b/src/src/x509.c @@ -1,6 +1,6 @@ /* x509.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -362,71 +362,9 @@ WOLFSSL_STACK* wolfSSL_sk_new_x509_ext(void) * OpenSSL. */ int wolfSSL_sk_X509_EXTENSION_push(WOLFSSL_STACK* sk,WOLFSSL_X509_EXTENSION* ext) { - WOLFSSL_STACK* node; - WOLFSSL_ENTER("wolfSSL_sk_X509_EXTENSION_push"); - if (sk == NULL || ext == NULL) { - return WOLFSSL_FAILURE; - } - - /* no previous values in stack */ - if (sk->data.ext == NULL) { - sk->data.ext = ext; - sk->num += 1; - return (int)sk->num; - } - - /* stack already has value(s) create a new node and add more */ - node = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), NULL, - DYNAMIC_TYPE_X509); - if (node == NULL) { - WOLFSSL_MSG("Memory error"); - return WOLFSSL_FAILURE; - } - XMEMSET(node, 0, sizeof(WOLFSSL_STACK)); - - /* push new obj onto head of stack */ - node->data.ext = sk->data.ext; - node->next = sk->next; - node->type = sk->type; - sk->next = node; - sk->data.ext = ext; - sk->num += 1; - - return (int)sk->num; -} - -/* Free the structure for X509_EXTENSION stack - * - * sk stack to free nodes in - */ -void wolfSSL_sk_X509_EXTENSION_free(WOLFSSL_STACK* sk) -{ - WOLFSSL_STACK* node; - - WOLFSSL_ENTER("wolfSSL_sk_X509_EXTENSION_free"); - - if (sk == NULL) { - return; - } - - /* parse through stack freeing each node */ - node = sk->next; - while ((node != NULL) && (sk->num > 1)) { - WOLFSSL_STACK* tmp = node; - node = node->next; - - wolfSSL_X509_EXTENSION_free(tmp->data.ext); - XFREE(tmp, NULL, DYNAMIC_TYPE_X509); - sk->num -= 1; - } - - /* free head of stack */ - if (sk->num == 1) { - wolfSSL_X509_EXTENSION_free(sk->data.ext); - } - XFREE(sk, NULL, DYNAMIC_TYPE_X509); + return wolfSSL_sk_push(sk, ext); } static WOLFSSL_STACK* generateExtStack(const WOLFSSL_X509 *x) @@ -523,22 +461,22 @@ int wolfSSL_X509_get_ext_by_OBJ(const WOLFSSL_X509 *x, if (!x || !obj) { WOLFSSL_MSG("Bad parameter"); - return -1; + return WOLFSSL_FATAL_ERROR; } sk = wolfSSL_X509_get0_extensions(x); if (!sk) { WOLFSSL_MSG("No extensions"); - return -1; + return WOLFSSL_FATAL_ERROR; } lastpos++; if (lastpos < 0) lastpos = 0; for (; lastpos < wolfSSL_sk_num(sk); lastpos++) - if (wolfSSL_OBJ_cmp((WOLFSSL_ASN1_OBJECT*)wolfSSL_sk_value(sk, - lastpos), obj) == 0) + if (wolfSSL_OBJ_cmp(wolfSSL_sk_X509_EXTENSION_value(sk, + lastpos)->obj, obj) == 0) return lastpos; - return -1; + return WOLFSSL_FATAL_ERROR; } #endif /* OPENSSL_ALL || OPENSSL_EXTRA */ @@ -556,10 +494,10 @@ static int wolfssl_dns_entry_othername_to_gn(DNS_entry* dns, WOLFSSL_GENERAL_NAME* gn) { int ret = 0; - WOLFSSL_ASN1_OBJECT* obj; - WOLFSSL_ASN1_TYPE* type; - WOLFSSL_ASN1_STRING* str; - byte tag; + WOLFSSL_ASN1_OBJECT* obj = NULL; + WOLFSSL_ASN1_TYPE* type = NULL; + WOLFSSL_ASN1_STRING* str = NULL; + byte tag = 0; unsigned char* p = (unsigned char *)dns->name; long len = dns->len; @@ -594,7 +532,7 @@ static int wolfssl_dns_entry_othername_to_gn(DNS_entry* dns, goto err; } - tag = ASN_UTF8STRING; + tag = V_ASN1_UTF8STRING; } else #endif @@ -604,54 +542,34 @@ static int wolfssl_dns_entry_othername_to_gn(DNS_entry* dns, /* Create an object id for general name from DER encoding. */ obj = wolfSSL_d2i_ASN1_OBJECT(NULL, (const unsigned char**)&p, len); - if (obj == NULL) { + if (obj == NULL) goto err; - } /* Pointer moved on and now update length of remaining data. */ len -= (long)((size_t)p - (size_t)dns->name); - /* Next is: [0]. Check tag and length. */ - if (GetASNTag(p, &idx, &tag, (word32)len) < 0) { - wolfSSL_ASN1_OBJECT_free(obj); - goto err; - } - if (tag != (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 0)) { - wolfSSL_ASN1_OBJECT_free(obj); - goto err; - } - if (GetLength(p, &idx, &nameLen, (word32)len) <= 1) { - wolfSSL_ASN1_OBJECT_free(obj); - goto err; - } - - /* Next is a string of some type. */ - if (GetASNTag(p, &idx, &tag, (word32)len) < 0) { - wolfSSL_ASN1_OBJECT_free(obj); + /* Next is "value [0] EXPLICIT ANY DEFINED BY type-id" */ + if (GetASNHeader(p, ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 0, + &idx, &nameLen, (word32)len) < 0) goto err; - } - if (GetLength(p, &idx, &nameLen, (word32)len) <= 0) { - wolfSSL_ASN1_OBJECT_free(obj); - goto err; - } p += idx; len -= idx; + + /* Set the tag to object so that it gets output in raw form */ + tag = V_ASN1_SEQUENCE; } + /* Create a WOLFSSL_ASN1_STRING from the DER. */ str = wolfSSL_ASN1_STRING_type_new(tag); if (str == NULL) { - wolfSSL_ASN1_OBJECT_free(obj); goto err; } wolfSSL_ASN1_STRING_set(str, p, (int)len); /* Wrap string in a WOLFSSL_ASN1_TYPE. */ type = wolfSSL_ASN1_TYPE_new(); - if (type == NULL) { - wolfSSL_ASN1_OBJECT_free(obj); - wolfSSL_ASN1_STRING_free(str); + if (type == NULL) goto err; - } wolfSSL_ASN1_TYPE_set(type, tag, str); /* Store the object and string in general name. */ @@ -660,6 +578,10 @@ static int wolfssl_dns_entry_othername_to_gn(DNS_entry* dns, ret = 1; err: + if (ret != 1) { + wolfSSL_ASN1_OBJECT_free(obj); + wolfSSL_ASN1_STRING_free(str); + } return ret; } #endif /* OPENSSL_ALL || WOLFSSL_WPAS_SMALL */ @@ -722,7 +644,7 @@ static int wolfssl_x509_alt_names_to_gn(WOLFSSL_X509* x509, } } - if (wolfSSL_sk_GENERAL_NAME_push(sk, gn) != WOLFSSL_SUCCESS) { + if (wolfSSL_sk_GENERAL_NAME_push(sk, gn) <= 0) { WOLFSSL_MSG("Error pushing onto stack"); wolfSSL_GENERAL_NAME_free(gn); wolfSSL_sk_pop_free(sk, NULL); @@ -917,11 +839,37 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) switch (oid) { case BASIC_CA_OID: + { + word32 dataIdx = idx; + word32 dummyOid; + int dataLen = 0; + if (!isSet) break; /* Set pathlength */ a = wolfSSL_ASN1_INTEGER_new(); - if (a == NULL) { + + /* Set the data */ + ret = GetObjectId(input, &dataIdx, &dummyOid, oidCertExtType, + (word32)sz) == 0; + if (ret && dataIdx < (word32)sz) { + /* Skip the critical information */ + if (input[dataIdx] == ASN_BOOLEAN) { + dataIdx++; + ret = GetLength(input, &dataIdx, &dataLen, sz) >= 0; + dataIdx += dataLen; + } + } + if (ret) { + ret = GetOctetString(input, &dataIdx, &dataLen, + (word32)sz) > 0; + } + if (ret) { + ret = wolfSSL_ASN1_STRING_set(&ext->value, input + dataIdx, + dataLen) == 1; + } + + if (a == NULL || !ret) { wolfSSL_X509_EXTENSION_free(ext); FreeDecodedCert(cert); #ifdef WOLFSSL_SMALL_STACK @@ -937,7 +885,7 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) ext->obj->ca = x509->isCa; ext->crit = x509->basicConstCrit; break; - + } case AUTH_INFO_OID: if (!isSet) break; @@ -976,7 +924,8 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) obj->grp = oidCertAuthInfoType; obj->nid = NID_ad_ca_issuers; - ret = wolfSSL_sk_ASN1_OBJECT_push(sk, obj); + ret = wolfSSL_sk_ASN1_OBJECT_push(sk, obj) > 0 + ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE; if (ret != WOLFSSL_SUCCESS) { WOLFSSL_MSG("Error pushing ASN1 object onto stack"); wolfSSL_ASN1_OBJECT_free(obj); @@ -1011,7 +960,8 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) obj->grp = oidCertAuthInfoType; obj->nid = NID_ad_OCSP; - ret = wolfSSL_sk_ASN1_OBJECT_push(sk, obj); + ret = wolfSSL_sk_ASN1_OBJECT_push(sk, obj) > 0 + ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE; if (ret != WOLFSSL_SUCCESS) { WOLFSSL_MSG("Error pushing ASN1 object onto stack"); wolfSSL_ASN1_OBJECT_free(obj); @@ -1067,7 +1017,9 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) case CERT_POLICY_OID: if (!isSet) break; + #ifdef WOLFSSL_SEP ext->crit = x509->certPolicyCrit; + #endif break; case KEY_USAGE_OID: @@ -1249,7 +1201,7 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) */ if (x509->ext_sk == NULL) x509->ext_sk = wolfSSL_sk_new_x509_ext(); - if (wolfSSL_sk_X509_EXTENSION_push(x509->ext_sk, ext) == WOLFSSL_FAILURE) { + if (wolfSSL_sk_insert(x509->ext_sk, ext, -1) <= 0) { wolfSSL_X509_EXTENSION_free(ext); ext = NULL; } @@ -1338,7 +1290,7 @@ int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, int lo word32 len = 0; len = SetOthername(gn->d.otherName, NULL); - if (len == WOLFSSL_FAILURE) { + if (len == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) { return WOLFSSL_FAILURE; } @@ -1354,7 +1306,7 @@ int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, int lo ret = wolfSSL_X509_add_altname_ex(x509, buf, len, ASN_OTHER_TYPE); XFREE(buf, x509->heap, DYNAMIC_TYPE_X509_EXT); - if (ret == WOLFSSL_FAILURE) { + if (ret == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) { WOLFSSL_MSG("wolfSSL_X509_add_altname_ex() failed"); return WOLFSSL_FAILURE; } @@ -1424,6 +1376,11 @@ int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, int lo break; default: #ifdef WOLFSSL_CUSTOM_OID + { + char *oid = NULL; + byte *val = NULL; + int err = 0; + if ((ext->obj == NULL) || (ext->value.length == 0)) { WOLFSSL_MSG("Extension has insufficient information."); return WOLFSSL_FAILURE; @@ -1436,12 +1393,10 @@ int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, int lo } /* This is a viable custom extension. */ - char *oid = XMALLOC(MAX_OID_STRING_SZ, x509->heap, - DYNAMIC_TYPE_X509_EXT); - byte *val = XMALLOC(ext->value.length, x509->heap, - DYNAMIC_TYPE_X509_EXT); - int err = 0; - + oid = (char*)XMALLOC(MAX_OID_STRING_SZ, x509->heap, + DYNAMIC_TYPE_X509_EXT); + val = (byte*)XMALLOC(ext->value.length, x509->heap, + DYNAMIC_TYPE_X509_EXT); if ((oid == NULL) || (val == NULL)) { WOLFSSL_MSG("Memory allocation failure.\n"); err = 1; @@ -1466,12 +1421,13 @@ int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, int lo x509->custom_exts[x509->customExtCount].val = val; x509->custom_exts[x509->customExtCount].valSz = ext->value.length; x509->customExtCount++; + break; + } #else WOLFSSL_MSG("Unsupported extension to add"); return WOLFSSL_FAILURE; #endif /* WOLFSSL_CUSTOM_OID */ - break; - } + } /* switch (nid) */ return WOLFSSL_SUCCESS; } @@ -1485,7 +1441,7 @@ int wolfSSL_X509V3_EXT_print(WOLFSSL_BIO *out, WOLFSSL_X509_EXTENSION *ext, ASN1_OBJECT* obj; ASN1_STRING* str; int nid; - int rc = WOLFSSL_FAILURE; + int rc = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); char tmp[CTC_NAME_SIZE*2 + 1]; const int tmpSz = sizeof(tmp); int tmpLen = 0; @@ -1807,7 +1763,8 @@ static WOLFSSL_AUTHORITY_INFO_ACCESS* wolfssl_x509v3_ext_aia_d2i( break; } /* Push onto AUTHORITY_INFO_ACCESS stack. */ - ret = wolfSSL_sk_ACCESS_DESCRIPTION_push(aia, ad); + ret = wolfSSL_sk_ACCESS_DESCRIPTION_push(aia, ad) > 0 + ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE; if (ret != WOLFSSL_SUCCESS) { WOLFSSL_MSG("Error pushing ASN1 AD onto stack"); err = 1; @@ -2035,7 +1992,7 @@ void* wolfSSL_X509V3_EXT_d2i(WOLFSSL_X509_EXTENSION* ext) * lastPos : Start search from extension after lastPos. * Set to -1 to search from index 0. * return >= 0 If successful the extension index is returned. - * return -1 If extension is not found or error is encountered. + * return WOLFSSL_FATAL_ERROR If extension is not found or error is encountered. */ int wolfSSL_X509_get_ext_by_NID(const WOLFSSL_X509* x509, int nid, int lastPos) { @@ -2305,8 +2262,7 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c, } dns = dns->next; - if (wolfSSL_sk_GENERAL_NAME_push(sk, gn) != - WOLFSSL_SUCCESS) { + if (wolfSSL_sk_GENERAL_NAME_push(sk, gn) <= 0) { WOLFSSL_MSG("Error pushing ASN1 object onto stack"); goto err; } @@ -2361,13 +2317,13 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c, /* push GENERAL_NAME onto fullname stack */ if (wolfSSL_sk_GENERAL_NAME_push(dp->distpoint->name.fullname, - gn) != WOLFSSL_SUCCESS) { + gn) <= 0) { WOLFSSL_MSG("wolfSSL_sk_GENERAL_NAME_push error"); goto err; } /* push DIST_POINT onto stack */ - if (wolfSSL_sk_DIST_POINT_push(sk, dp) != WOLFSSL_SUCCESS) { + if (wolfSSL_sk_DIST_POINT_push(sk, dp) <= 0) { WOLFSSL_MSG("Error pushing DIST_POINT onto stack"); goto err; } @@ -2482,14 +2438,14 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c, obj->grp = oidCertExtType; obj->obj = (byte*)(x509->certPolicies[i]); obj->objSz = MAX_CERTPOL_SZ; - if (wolfSSL_sk_ASN1_OBJECT_push(sk, obj) - != WOLFSSL_SUCCESS) { + if (wolfSSL_sk_ASN1_OBJECT_push(sk, obj) <= 0) { WOLFSSL_MSG("Error pushing ASN1 object onto stack"); wolfSSL_ASN1_OBJECT_free(obj); wolfSSL_sk_ASN1_OBJECT_pop_free(sk, NULL); sk = NULL; } } + obj = wolfSSL_ASN1_OBJECT_new(); if (obj == NULL) { WOLFSSL_MSG("Issue creating WOLFSSL_ASN1_OBJECT struct"); @@ -2500,11 +2456,21 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c, obj->grp = oidCertExtType; obj->obj = (byte*)(x509->certPolicies[i]); obj->objSz = MAX_CERTPOL_SZ; + + if (wolfSSL_sk_ASN1_OBJECT_push(sk, obj) <= 0) { + WOLFSSL_MSG("Error pushing ASN1 object onto stack"); + wolfSSL_ASN1_OBJECT_free(obj); + wolfSSL_sk_ASN1_OBJECT_pop_free(sk, NULL); + sk = NULL; + } + + obj = NULL; } else { WOLFSSL_MSG("No Cert Policy set"); } - #elif defined(WOLFSSL_SEP) + #endif /* WOLFSSL_CERT_EXT */ + #ifdef WOLFSSL_SEP if (x509->certPolicySet) { if (c != NULL) { *c = x509->certPolicyCrit; @@ -2520,8 +2486,6 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c, else { WOLFSSL_MSG("No Cert Policy set"); } - #else - WOLFSSL_MSG("wolfSSL not built with WOLFSSL_SEP or WOLFSSL_CERT_EXT"); #endif break; } @@ -2560,6 +2524,44 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c, case EXT_KEY_USAGE_OID: if (x509->extKeyUsageSrc != NULL) { + const byte* ekuSrc = x509->extKeyUsageSrc; + word32 i; + + sk = wolfSSL_sk_new_asn1_obj(); + if (sk == NULL) { + WOLFSSL_MSG("Issue creating stack"); + return NULL; + } + + for (i = 0; i < x509->extKeyUsageCount; i++) { + long ekuSrcLen = (long)(x509->extKeyUsageSz - + (word32)(ekuSrc - x509->extKeyUsageSrc)); + WOLFSSL_ASN1_OBJECT* ekuObj = wolfSSL_d2i_ASN1_OBJECT(NULL, + &ekuSrc, ekuSrcLen); + if (ekuObj == NULL) { + wolfSSL_sk_ASN1_OBJECT_pop_free(sk, NULL); + WOLFSSL_MSG("d2i obj error"); + return NULL; + } + ekuObj->type = EXT_KEY_USAGE_OID; + ekuObj->grp = oidCertExtType; + /* Push to end to maintain order */ + if (wolfSSL_sk_insert(sk, ekuObj, -1) <= 0) { + wolfSSL_ASN1_OBJECT_free(ekuObj); + wolfSSL_sk_ASN1_OBJECT_pop_free(sk, NULL); + WOLFSSL_MSG("d2i obj error"); + return NULL; + } + } + + if ((word32)(ekuSrc - x509->extKeyUsageSrc) + != x509->extKeyUsageSz || + i != x509->extKeyUsageCount) { + wolfSSL_sk_ASN1_OBJECT_pop_free(sk, NULL); + WOLFSSL_MSG("incorrect eku count or buffer not exhausted"); + return NULL; + } + if (c != NULL) { if (x509->extKeyUsageCount > 1) { *c = -2; @@ -2568,15 +2570,6 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c, *c = x509->extKeyUsageCrit; } } - obj = wolfSSL_ASN1_OBJECT_new(); - if (obj == NULL) { - WOLFSSL_MSG("Issue creating WOLFSSL_ASN1_OBJECT struct"); - return NULL; - } - obj->type = EXT_KEY_USAGE_OID; - obj->grp = oidCertExtType; - obj->obj = x509->extKeyUsageSrc; - obj->objSz = x509->extKeyUsageSz; } else { WOLFSSL_MSG("No Extended Key Usage set"); @@ -2623,7 +2616,7 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c, } } if (obj) { - if (wolfSSL_sk_ASN1_OBJECT_push(sk, obj) != WOLFSSL_SUCCESS) { + if (wolfSSL_sk_ASN1_OBJECT_push(sk, obj) <= 0) { WOLFSSL_MSG("Error pushing ASN1_OBJECT object onto " "stack."); goto err; @@ -2796,7 +2789,7 @@ static WOLFSSL_X509_EXTENSION* createExtFromStr(int nid, const char *value) WOLFSSL_MSG("wolfSSL_GENERAL_NAME_new error"); goto err_cleanup; } - if (wolfSSL_sk_GENERAL_NAME_push(gns, gn) != WOLFSSL_SUCCESS) { + if (wolfSSL_sk_GENERAL_NAME_push(gns, gn) <= 0) { WOLFSSL_MSG("wolfSSL_sk_GENERAL_NAME_push error"); wolfSSL_GENERAL_NAME_free(gn); goto err_cleanup; @@ -3550,7 +3543,7 @@ char* wolfSSL_X509_get_name_oneline(WOLFSSL_X509_NAME* name, char* in, int sz) } } - XMEMCPY(in, tmpBuf, totalLen); + XMEMCPY(in, tmpBuf, totalLen); /* cppcheck-suppress uninitvar */ in[totalLen] = '\0'; return in; @@ -3664,6 +3657,24 @@ WOLFSSL_X509* wolfSSL_X509_REQ_d2i(WOLFSSL_X509** x509, { return d2i_X509orX509REQ(x509, in, len, 1, NULL); } + +WOLFSSL_X509* wolfSSL_d2i_X509_REQ_INFO(WOLFSSL_X509** req, + const unsigned char** in, int len) +{ + WOLFSSL_X509* ret = NULL; + WOLFSSL_ENTER("wolfSSL_d2i_X509_REQ_INFO"); + + if (in == NULL) { + WOLFSSL_MSG("NULL input for wolfSSL_d2i_X509"); + return NULL; + } + + ret = wolfSSL_X509_REQ_d2i(req, *in, len); + if (ret != NULL) { + *in += ret->derCert->length; + } + return ret; +} #endif #endif /* KEEP_PEER_CERT || SESSION_CERTS || OPENSSL_EXTRA || @@ -3711,7 +3722,7 @@ char* wolfSSL_X509_get_next_altname(WOLFSSL_X509* cert) } ret = cert->altNamesNext->name; -#if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) +#ifdef WOLFSSL_IP_ALT_NAME /* return the IP address as a string */ if (cert->altNamesNext->type == ASN_IP_TYPE) { ret = cert->altNamesNext->ipString; @@ -4459,39 +4470,9 @@ int wolfSSL_GENERAL_NAME_set0_othername(WOLFSSL_GENERAL_NAME* gen, int wolfSSL_sk_GENERAL_NAME_push(WOLFSSL_GENERAL_NAMES* sk, WOLFSSL_GENERAL_NAME* gn) { - WOLFSSL_STACK* node; WOLFSSL_ENTER("wolfSSL_sk_GENERAL_NAME_push"); - if (sk == NULL || gn == NULL) { - return WOLFSSL_FAILURE; - } - - /* no previous values in stack */ - if (sk->data.gn == NULL) { - sk->data.gn = gn; - sk->num += 1; - - return WOLFSSL_SUCCESS; - } - - /* stack already has value(s) create a new node and add more */ - node = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), NULL, - DYNAMIC_TYPE_ASN1); - if (node == NULL) { - WOLFSSL_MSG("Memory error"); - return WOLFSSL_FAILURE; - } - XMEMSET(node, 0, sizeof(WOLFSSL_STACK)); - - /* push new obj onto head of stack */ - node->type = STACK_TYPE_GEN_NAME; - node->data.gn = sk->data.gn; - node->next = sk->next; - sk->next = node; - sk->data.gn = gn; - sk->num += 1; - - return WOLFSSL_SUCCESS; + return wolfSSL_sk_push(sk, gn); } #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ @@ -4531,7 +4512,7 @@ int wolfSSL_sk_GENERAL_NAME_num(WOLFSSL_STACK* sk) WOLFSSL_ENTER("wolfSSL_sk_GENERAL_NAME_num"); if (sk == NULL) { - return -1; + return WOLFSSL_FATAL_ERROR; } return (int)sk->num; @@ -4702,7 +4683,7 @@ int wolfSSL_sk_DIST_POINT_num(WOLFSSL_STACK* sk) WOLFSSL_ENTER("wolfSSL_sk_DIST_POINT_num"); if (sk == NULL) { - return -1; + return WOLFSSL_FATAL_ERROR; } return wolfSSL_sk_num(sk); @@ -5040,7 +5021,7 @@ int wolfSSL_GENERAL_NAME_print(WOLFSSL_BIO* out, WOLFSSL_GENERAL_NAME* gen) break; } - if (ret == WOLFSSL_FAILURE) + if (ret == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) return WOLFSSL_FAILURE; else return WOLFSSL_SUCCESS; @@ -5069,19 +5050,9 @@ int wolfSSL_sk_X509_EXTENSION_num(WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk) /* returns null on failure and pointer to internal value on success */ WOLFSSL_X509_EXTENSION* wolfSSL_sk_X509_EXTENSION_value( - WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk, int idx) + const WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk, int idx) { - WOLFSSL_STACK* ret; - - if (sk == NULL) { - return NULL; - } - - ret = wolfSSL_sk_get_node(sk, idx); - if (ret != NULL) { - return ret->data.ext; - } - return NULL; + return (WOLFSSL_X509_EXTENSION*)wolfSSL_sk_value(sk, idx); } /* frees all of the nodes and the values in stack */ @@ -5092,6 +5063,11 @@ void wolfSSL_sk_X509_EXTENSION_pop_free( wolfSSL_sk_pop_free(sk, (wolfSSL_sk_freefunc)f); } +void wolfSSL_sk_X509_EXTENSION_free(WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk) +{ + wolfSSL_sk_pop_free(sk, NULL); +} + #endif /* OPENSSL_EXTRA */ #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) @@ -5368,7 +5344,7 @@ int wolfSSL_X509_NAME_get_sz(WOLFSSL_X509_NAME* name) { WOLFSSL_ENTER("wolfSSL_X509_NAME_get_sz"); if (!name) - return -1; + return WOLFSSL_FATAL_ERROR; return name->sz; } @@ -5583,7 +5559,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509) * size of this subset and its memory usage */ #endif /* OPENSSL_EXTRA_X509_SMALL || KEEP_PEER_CERT || SESSION_CERTS */ -#if defined(OPENSSL_ALL) +#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) /* * Converts a and b to DER and then does an XMEMCMP to check if they match. * Returns 0 when certificates match and WOLFSSL_FATAL_ERROR when they don't. @@ -5668,9 +5644,9 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b) case NID_key_usage: crit = x509->keyUsageCrit; break; case NID_crl_distribution_points: crit= x509->CRLdistCrit; break; case NID_ext_key_usage: crit= x509->extKeyUsageCrit; break; - #if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT) - case NID_certificate_policies: crit = x509->certPolicyCrit; break; - #endif /* WOLFSSL_SEP || WOLFSSL_QT */ + #ifdef WOLFSSL_SEP + case NID_certificate_policies: crit = x509->certPolicyCrit; break; + #endif /* WOLFSSL_SEP */ } } @@ -5778,6 +5754,37 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b) return id; } + + const WOLFSSL_ASN1_STRING *wolfSSL_X509_get0_subject_key_id( + WOLFSSL_X509 *x509) + { + WOLFSSL_ASN1_STRING* ret = NULL; + + WOLFSSL_ENTER("wolfSSL_X509_get0_subject_key_id"); + + if (x509 != NULL && x509->subjKeyIdSet) { + if (x509->subjKeyIdStr == NULL) { + x509->subjKeyIdStr = wolfSSL_ASN1_STRING_new(); + if (x509->subjKeyIdStr != NULL) { + if (wolfSSL_ASN1_STRING_set(x509->subjKeyIdStr, + x509->subjKeyId, x509->subjKeyIdSz) == 1) { + ret = x509->subjKeyIdStr; + } + else { + wolfSSL_ASN1_STRING_free(x509->subjKeyIdStr); + x509->subjKeyIdStr = NULL; + } + } + } + else { + ret = x509->subjKeyIdStr; + } + } + + WOLFSSL_LEAVE("wolfSSL_X509_get0_subject_key_id", ret != NULL); + + return ret; + } #endif /* OPENSSL_EXTRA */ #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) || \ @@ -5830,81 +5837,304 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b) #define MAX_WIDTH 80 #endif -static int X509PrintSubjAltName(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, - int indent) +#if defined(WOLFSSL_ACERT) +#define ACERT_NUM_DIR_TAGS 4 + +/* Convenience struct and function for printing the Holder sub fields + * of an X509 Attribute struct. */ +struct acert_dir_print_t { + const char * pfx; + const byte tag[3]; +}; + +static struct acert_dir_print_t acert_dir_print[ACERT_NUM_DIR_TAGS] = { - int ret = WOLFSSL_SUCCESS; - DNS_entry* entry; + { "C=", {0x55, 0x04, ASN_COUNTRY_NAME} }, + { "O=", {0x55, 0x04, ASN_ORG_NAME} }, + { "OU=", {0x55, 0x04, ASN_ORGUNIT_NAME} }, + { "CN=", {0x55, 0x04, ASN_COMMON_NAME} }, +}; - if (bio == NULL || x509 == NULL) { - ret = WOLFSSL_FAILURE; - } +/* Print an entry of ASN_DIR_TYPE into dst of length max_len. + * + * Returns total_len of str on success. + * Returns < 0 on failure. + * */ +static int X509PrintDirType(char * dst, int max_len, const DNS_entry * entry) +{ + word32 k = 0; + word32 i = 0; + const char * src = entry->name; + word32 src_len = (word32)XSTRLEN(src); + int total_len = 0; + int bytes_left = max_len; + int fld_len = 0; + int match_found = 0; + + XMEMSET(dst, 0, max_len); + + /* loop over printable DIR tags. */ + for (k = 0; k < ACERT_NUM_DIR_TAGS; ++k) { + const char * pfx = acert_dir_print[k].pfx; + const byte * tag = acert_dir_print[k].tag; + byte asn_tag; + + /* walk through entry looking for matches. */ + for (i = 0; i < src_len - 5; ++i) { + if (XMEMCMP(tag, &src[i], 3) == 0) { + if (bytes_left < 5) { + /* Not enough space left for name oid + tag + len. */ + break; + } - if (ret == WOLFSSL_SUCCESS && x509->subjAltNameSet && - x509->altNames != NULL) { - char scratch[MAX_WIDTH]; - int len; + if (match_found) { + /* append a {',', ' '} before doing anything else. */ + *dst++ = ','; + *dst++ = ' '; + total_len += 2; + bytes_left -= 2; + } - len = XSNPRINTF(scratch, MAX_WIDTH, "%*s", indent, ""); - if (len >= MAX_WIDTH) - ret = WOLFSSL_FAILURE; - if (ret == WOLFSSL_SUCCESS) { - if (wolfSSL_BIO_write(bio, scratch, (int)XSTRLEN(scratch)) <= 0) { - ret = WOLFSSL_FAILURE; - } - } - if (ret == WOLFSSL_SUCCESS) { - int nameCount = 0; + i += 3; - entry = x509->altNames; - while (entry != NULL) { - ++nameCount; - if (nameCount > 1) { - if (wolfSSL_BIO_write(bio, ", ", 2) <= 0) { - ret = WOLFSSL_FAILURE; - break; - } + /* Get the ASN Tag. */ + if (GetASNTag((const byte *)src, &i, &asn_tag, src_len) < 0) { + WOLFSSL_MSG("error: GetASNTag failed"); + break; } - if (entry->type == ASN_DNS_TYPE) { - len = XSNPRINTF(scratch, MAX_WIDTH, "DNS:%s", entry->name); - if (len >= MAX_WIDTH) { - ret = WOLFSSL_FAILURE; - break; - } + /* Check it is printable. */ + if ((asn_tag != ASN_PRINTABLE_STRING) && + (asn_tag != ASN_IA5_STRING) && + (asn_tag != ASN_UTF8STRING)) { + /* Don't know what this is but we can't print it. */ + WOLFSSL_MSG("error: asn tag not printable string"); + break; } - #if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) - else if (entry->type == ASN_IP_TYPE) { - len = XSNPRINTF(scratch, MAX_WIDTH, "IP Address:%s", - entry->ipString); - if (len >= MAX_WIDTH) { - ret = WOLFSSL_FAILURE; - break; - } + + /* Now get the length of the printable string. */ + if (GetLength((const byte *)src, &i, &fld_len, src_len) < 0) { + break; } - #endif /* OPENSSL_ALL || WOLFSSL_IP_ALT_NAME */ - else if (entry->type == ASN_RFC822_TYPE) { - len = XSNPRINTF(scratch, MAX_WIDTH, "email:%s", - entry->name); - if (len >= MAX_WIDTH) { - ret = WOLFSSL_FAILURE; - break; - } + + /* Make sure we have space to fit it. */ + if ((int) XSTRLEN(pfx) > bytes_left) { + /* Not enough space left. */ + break; } - else if (entry->type == ASN_DIR_TYPE) { - /* @TODO entry->name in ASN1 syntax */ - len = XSNPRINTF(scratch, MAX_WIDTH, - "DirName:"); - if (len >= MAX_WIDTH) { - ret = WOLFSSL_FAILURE; - break; - } + + /* Copy it in, decrement available space. */ + XSTRNCPY(dst, pfx, bytes_left); + dst += XSTRLEN(pfx); + total_len += XSTRLEN(pfx); + bytes_left -= XSTRLEN(pfx); + + if (fld_len > bytes_left) { + /* Not enough space left. */ + break; } - else if (entry->type == ASN_URI_TYPE) { - len = XSNPRINTF(scratch, MAX_WIDTH, "URI:%s", - entry->name); - if (len >= MAX_WIDTH) { - ret = WOLFSSL_FAILURE; + + XMEMCPY(dst, &src[i], fld_len); + i += fld_len; + dst += fld_len; + total_len += fld_len; + bytes_left -= fld_len; + + match_found = 1; + } + } + } + + return total_len; +} + +static int X509_ACERT_print_name_entry(WOLFSSL_BIO* bio, + const DNS_entry* entry, int indent) +{ + int ret = WOLFSSL_SUCCESS; + int nameCount = 0; + char scratch[MAX_WIDTH]; + int len; + + if (bio == NULL || entry == NULL) { + return WOLFSSL_FAILURE; + } + + len = XSNPRINTF(scratch, MAX_WIDTH, "%*s", indent, ""); + if (len >= MAX_WIDTH) { + return WOLFSSL_FAILURE; + } + + if (wolfSSL_BIO_write(bio, scratch, (int)XSTRLEN(scratch)) <= 0) { + return WOLFSSL_FAILURE; + } + + while (entry != NULL) { + ++nameCount; + if (nameCount > 1) { + if (wolfSSL_BIO_write(bio, ", ", 2) <= 0) { + ret = WOLFSSL_FAILURE; + break; + } + } + + if (entry->type == ASN_DNS_TYPE) { + len = XSNPRINTF(scratch, MAX_WIDTH, "DNS:%s", entry->name); + if (len >= MAX_WIDTH) { + ret = WOLFSSL_FAILURE; + break; + } + } + #if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) + else if (entry->type == ASN_IP_TYPE) { + len = XSNPRINTF(scratch, MAX_WIDTH, "IP Address:%s", + entry->ipString); + if (len >= MAX_WIDTH) { + ret = WOLFSSL_FAILURE; + break; + } + } + #endif /* OPENSSL_ALL || WOLFSSL_IP_ALT_NAME */ + else if (entry->type == ASN_RFC822_TYPE) { + len = XSNPRINTF(scratch, MAX_WIDTH, "email:%s", + entry->name); + if (len >= MAX_WIDTH) { + ret = WOLFSSL_FAILURE; + break; + } + } + else if (entry->type == ASN_DIR_TYPE) { + len = X509PrintDirType(scratch, MAX_WIDTH, entry); + if (len >= MAX_WIDTH) { + ret = WOLFSSL_FAILURE; + break; + } + } + else if (entry->type == ASN_URI_TYPE) { + len = XSNPRINTF(scratch, MAX_WIDTH, "URI:%s", + entry->name); + if (len >= MAX_WIDTH) { + ret = WOLFSSL_FAILURE; + break; + } + } + #if defined(OPENSSL_ALL) + else if (entry->type == ASN_RID_TYPE) { + len = XSNPRINTF(scratch, MAX_WIDTH, "Registered ID:%s", + entry->ridString); + if (len >= MAX_WIDTH) { + ret = WOLFSSL_FAILURE; + break; + } + } + #endif + else if (entry->type == ASN_OTHER_TYPE) { + len = XSNPRINTF(scratch, MAX_WIDTH, + "othername "); + if (len >= MAX_WIDTH) { + ret = WOLFSSL_FAILURE; + break; + } + } + else { + WOLFSSL_MSG("Bad alt name type."); + ret = WOLFSSL_FAILURE; + break; + } + + if (wolfSSL_BIO_write(bio, scratch, (int)XSTRLEN(scratch)) + <= 0) { + ret = WOLFSSL_FAILURE; + break; + } + + entry = entry->next; + } + + if (ret == WOLFSSL_SUCCESS && wolfSSL_BIO_write(bio, "\n", 1) <= 0) { + ret = WOLFSSL_FAILURE; + } + + return ret; +} + +#endif /* if WOLFSSL_ACERT*/ + +static int X509PrintSubjAltName(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, + int indent) +{ + int ret = WOLFSSL_SUCCESS; + DNS_entry* entry; + + if (bio == NULL || x509 == NULL) { + ret = WOLFSSL_FAILURE; + } + + if (ret == WOLFSSL_SUCCESS && x509->subjAltNameSet && + x509->altNames != NULL) { + char scratch[MAX_WIDTH]; + int len; + + len = XSNPRINTF(scratch, MAX_WIDTH, "%*s", indent, ""); + if (len >= MAX_WIDTH) + ret = WOLFSSL_FAILURE; + if (ret == WOLFSSL_SUCCESS) { + if (wolfSSL_BIO_write(bio, scratch, (int)XSTRLEN(scratch)) <= 0) { + ret = WOLFSSL_FAILURE; + } + } + if (ret == WOLFSSL_SUCCESS) { + int nameCount = 0; + + entry = x509->altNames; + while (entry != NULL) { + ++nameCount; + if (nameCount > 1) { + if (wolfSSL_BIO_write(bio, ", ", 2) <= 0) { + ret = WOLFSSL_FAILURE; + break; + } + } + + if (entry->type == ASN_DNS_TYPE) { + len = XSNPRINTF(scratch, MAX_WIDTH, "DNS:%s", entry->name); + if (len >= MAX_WIDTH) { + ret = WOLFSSL_FAILURE; + break; + } + } + #ifdef WOLFSSL_IP_ALT_NAME + else if (entry->type == ASN_IP_TYPE) { + len = XSNPRINTF(scratch, MAX_WIDTH, "IP Address:%s", + entry->ipString); + if (len >= MAX_WIDTH) { + ret = WOLFSSL_FAILURE; + break; + } + } + #endif /* OPENSSL_ALL || WOLFSSL_IP_ALT_NAME */ + else if (entry->type == ASN_RFC822_TYPE) { + len = XSNPRINTF(scratch, MAX_WIDTH, "email:%s", + entry->name); + if (len >= MAX_WIDTH) { + ret = WOLFSSL_FAILURE; + break; + } + } + else if (entry->type == ASN_DIR_TYPE) { + /* @TODO entry->name in ASN1 syntax */ + len = XSNPRINTF(scratch, MAX_WIDTH, + "DirName:"); + if (len >= MAX_WIDTH) { + ret = WOLFSSL_FAILURE; + break; + } + } + else if (entry->type == ASN_URI_TYPE) { + len = XSNPRINTF(scratch, MAX_WIDTH, "URI:%s", + entry->name); + if (len >= MAX_WIDTH) { + ret = WOLFSSL_FAILURE; break; } } @@ -6158,6 +6388,70 @@ static int X509PrintSerial(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int indent) return WOLFSSL_SUCCESS; } +#ifndef NO_ASN_TIME +static int X509PrintValidity(WOLFSSL_BIO* bio, WOLFSSL_ASN1_TIME * notBefore, + WOLFSSL_ASN1_TIME * notAfter, int indent) +{ + char tmp[80]; + (void) indent; + + if (wolfSSL_BIO_write(bio, " Validity\n", + (int)XSTRLEN(" Validity\n")) <= 0) { + return WOLFSSL_FAILURE; + } + + if (wolfSSL_BIO_write(bio, " Not Before: ", + (int)XSTRLEN(" Not Before: ")) <= 0) { + return WOLFSSL_FAILURE; + } + if (notBefore->length > 0) { + if (GetTimeString(notBefore->data, ASN_UTC_TIME, + tmp, sizeof(tmp)) != WOLFSSL_SUCCESS) { + if (GetTimeString(notBefore->data, ASN_GENERALIZED_TIME, + tmp, sizeof(tmp)) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("Error getting not before date"); + return WOLFSSL_FAILURE; + } + } + } + else { + XSTRNCPY(tmp, "Not Set", sizeof(tmp)-1); + } + tmp[sizeof(tmp) - 1] = '\0'; /* make sure null terminated */ + if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { + return WOLFSSL_FAILURE; + } + + if (wolfSSL_BIO_write(bio, "\n Not After : ", + (int)XSTRLEN("\n Not After : ")) <= 0) { + return WOLFSSL_FAILURE; + } + if (notAfter->length > 0) { + if (GetTimeString(notAfter->data, ASN_UTC_TIME, + tmp, sizeof(tmp)) != WOLFSSL_SUCCESS) { + if (GetTimeString(notAfter->data, ASN_GENERALIZED_TIME, + tmp, sizeof(tmp)) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("Error getting not after date"); + return WOLFSSL_FAILURE; + } + } + } + else { + XSTRNCPY(tmp, "Not Set", sizeof(tmp)-1); + } + tmp[sizeof(tmp) - 1] = '\0'; /* make sure null terminated */ + if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { + return WOLFSSL_FAILURE; + } + + if (wolfSSL_BIO_write(bio, "\n\0", (int)XSTRLEN("\n\0")) <= 0) { + return WOLFSSL_FAILURE; + } + + return WOLFSSL_SUCCESS; +} +#endif /* ifndef NO_ASN_TIME */ + /* iterate through certificate extensions printing them out in human readable * form * return WOLFSSL_SUCCESS on success @@ -6200,7 +6494,7 @@ static int X509PrintExtensions(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int indent) return WOLFSSL_FAILURE; } - for (i = 0; (i < count) && (ret != WOLFSSL_FAILURE); i++) { + for (i = 0; (i < count) && (ret != WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); i++) { WOLFSSL_X509_EXTENSION* ext; ext = wolfSSL_X509_get_ext(x509, i); @@ -6217,7 +6511,7 @@ static int X509PrintExtensions(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int indent) break; } if (wolfSSL_OBJ_obj2txt(buf, MAX_WIDTH, obj, 0) - == WOLFSSL_FAILURE) + == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) { ret = WOLFSSL_FAILURE; break; @@ -6280,7 +6574,7 @@ static int X509PrintExtensions(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int indent) XMEMCPY(scratch + scratchLen, val, valLen); scratchLen += valLen; } - if (ret == WOLFSSL_FAILURE) + if (ret == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) break; if (wolfSSL_BIO_write(bio, scratch, scratchLen) <= 0) { @@ -6329,7 +6623,7 @@ static int X509PrintExtensions(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int indent) XMEMCPY(scratch + scratchLen, val, valLen); scratchLen += valLen; } - if (ret == WOLFSSL_FAILURE) + if (ret == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) break; if (wolfSSL_BIO_write(bio, scratch, scratchLen) <= 0) { @@ -6386,9 +6680,7 @@ static int X509PrintExtensions(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int indent) } } - if (buf != NULL) { - XFREE(buf, x509->heap, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(buf, x509->heap, DYNAMIC_TYPE_TMP_BUFFER); return ret; } @@ -6429,7 +6721,7 @@ static int X509PrintSignature_ex(WOLFSSL_BIO* bio, byte* sig, } if (ret == WOLFSSL_SUCCESS) { if (wolfSSL_OBJ_obj2txt(scratch, MAX_WIDTH, obj, 0) - == WOLFSSL_FAILURE) + == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) { ret = WOLFSSL_FAILURE; } @@ -6568,9 +6860,7 @@ static int X509PrintSignature(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, return WOLFSSL_FAILURE; } - if (sig != NULL) { - XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER); } @@ -6726,7 +7016,7 @@ static int X509PrintReqAttributes(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, const byte* data; if (wolfSSL_OBJ_obj2txt(lName, lNameSz, attr->object, 0) - == WOLFSSL_FAILURE) + == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) { return WOLFSSL_FAILURE; } @@ -6820,142 +7110,289 @@ int wolfSSL_X509_REQ_print(WOLFSSL_BIO* bio, WOLFSSL_X509* x509) return WOLFSSL_SUCCESS; } -#endif /* WOLFSSL_CERT_REQ */ +#endif /* WOLFSSL_CERT_REQ */ + + +/* Writes the human readable form of x509 to bio. + * + * bio WOLFSSL_BIO to write to. + * x509 Certificate to write. + * + * returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure + */ +int wolfSSL_X509_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, + unsigned long nmflags, unsigned long cflag) +{ + char issuType[] = "Issuer:"; + char subjType[] = "Subject:"; + + WOLFSSL_ENTER("wolfSSL_X509_print_ex"); + + /* flags currently not supported */ + (void)nmflags; + (void)cflag; + + if (bio == NULL || x509 == NULL) { + return WOLFSSL_FAILURE; + } + + if (wolfSSL_BIO_write(bio, "Certificate:\n", + (int)XSTRLEN("Certificate:\n")) <= 0) { + return WOLFSSL_FAILURE; + } + + if (wolfSSL_BIO_write(bio, " Data:\n", + (int)XSTRLEN(" Data:\n")) <= 0) { + return WOLFSSL_FAILURE; + } + + /* print version of cert */ + if (X509PrintVersion(bio, wolfSSL_X509_version(x509), 8) + != WOLFSSL_SUCCESS) { + return WOLFSSL_FAILURE; + } + + /* print serial number out */ + if (X509PrintSerial(bio, x509, 8) != WOLFSSL_SUCCESS) { + return WOLFSSL_FAILURE; + } + + /* print out signature algo*/ + if (X509PrintSignature(bio, x509, 1, 8) != WOLFSSL_SUCCESS) { + return WOLFSSL_FAILURE; + } + + /* print issuer */ + if (X509PrintName(bio, wolfSSL_X509_get_issuer_name(x509), issuType, 8) + != WOLFSSL_SUCCESS) { + return WOLFSSL_FAILURE; + } + + #ifndef NO_ASN_TIME + /* print validity */ + if (X509PrintValidity(bio, &x509->notBefore, &x509->notAfter, 8) + != WOLFSSL_SUCCESS) { + return WOLFSSL_FAILURE; + } + #endif /* NO_ASN_TIME */ + + /* print subject */ + if (X509PrintName(bio, wolfSSL_X509_get_subject_name(x509), subjType, 8) + != WOLFSSL_SUCCESS) { + return WOLFSSL_FAILURE; + } + + /* get and print public key */ + if (X509PrintPubKey(bio, x509, 8) != WOLFSSL_SUCCESS) { + return WOLFSSL_FAILURE; + } + + /* print out extensions */ + if (X509PrintExtensions(bio, x509, 8) != WOLFSSL_SUCCESS) { + return WOLFSSL_FAILURE; + } + + /* print out signature */ + if (X509PrintSignature(bio, x509, 0, 4) != WOLFSSL_SUCCESS) { + return WOLFSSL_FAILURE; + } + + /* done with print out */ + if (wolfSSL_BIO_write(bio, "\n\0", (int)XSTRLEN("\n\0")) <= 0) { + return WOLFSSL_FAILURE; + } + + return WOLFSSL_SUCCESS; +} +int wolfSSL_X509_print(WOLFSSL_BIO* bio, WOLFSSL_X509* x509) +{ + return wolfSSL_X509_print_ex(bio, x509, 0, 0); +} + +#if defined(WOLFSSL_ACERT) +/* Retrieve sig NID from an ACERT. + * + * returns NID on success + * returns 0 on failure + */ +int wolfSSL_X509_ACERT_get_signature_nid(const WOLFSSL_X509_ACERT *x509) +{ + if (x509 == NULL) { + return 0; + } + + return oid2nid((word32)x509->sigOID, oidSigType); +} + +static int X509AcertPrintSignature(WOLFSSL_BIO* bio, WOLFSSL_X509_ACERT* x509, + int algOnly, int indent) +{ + int sigSz = 0; + if (wolfSSL_X509_ACERT_get_signature(x509, NULL, &sigSz) <= 0) { + return WOLFSSL_FAILURE; + } + + if (sigSz > 0) { + unsigned char* sig; + int sigNid; + + sigNid = wolfSSL_X509_ACERT_get_signature_nid(x509); + if (sigNid <= 0) { + return WOLFSSL_FAILURE; + } + + sig = (unsigned char*)XMALLOC(sigSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (sig == NULL) { + return WOLFSSL_FAILURE; + } + + if (wolfSSL_X509_ACERT_get_signature(x509, sig, &sigSz) <= 0) { + XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return WOLFSSL_FAILURE; + } + + if (X509PrintSignature_ex(bio, sig, sigSz, sigNid, algOnly, indent) + != WOLFSSL_SUCCESS) { + XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return WOLFSSL_FAILURE; + } + + if (sig != NULL) { + XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } + + } + + return WOLFSSL_SUCCESS; +} + +static int X509AcertPrintSerial(WOLFSSL_BIO* bio, WOLFSSL_X509_ACERT* x509, + int indent) +{ + unsigned char serial[32]; + int sz = sizeof(serial); + + XMEMSET(serial, 0, sz); + if (wolfSSL_X509_ACERT_get_serial_number(x509, serial, &sz) + == WOLFSSL_SUCCESS) { + X509PrintSerial_ex(bio, serial, sz, 1, indent); + } + return WOLFSSL_SUCCESS; +} - -/* Writes the human readable form of x509 to bio. - * - * bio WOLFSSL_BIO to write to. - * x509 Certificate to write. - * - * returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure - */ -int wolfSSL_X509_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, - unsigned long nmflags, unsigned long cflag) +int wolfSSL_X509_ACERT_print(WOLFSSL_BIO* bio, WOLFSSL_X509_ACERT* x509) { - char issuType[] = "Issuer:"; - char subjType[] = "Subject:"; - - WOLFSSL_ENTER("wolfSSL_X509_print_ex"); - - /* flags currently not supported */ - (void)nmflags; - (void)cflag; + const char * hdr = "Attribute Certificate:\n"; + const char * data_hdr = " Data:\n"; + const char * holder_hdr = " Holder:\n"; + const char * holder_issuer_hdr = " Issuer:"; + const char * holder_name_hdr = " Name:"; + const char * attcert_issuer_hdr = " Issuer:"; if (bio == NULL || x509 == NULL) { return WOLFSSL_FAILURE; } - if (wolfSSL_BIO_write(bio, "Certificate:\n", - (int)XSTRLEN("Certificate:\n")) <= 0) { - return WOLFSSL_FAILURE; + /* print acert header */ + if (wolfSSL_BIO_write(bio, hdr, (int)XSTRLEN(hdr)) <= 0) { + return WOLFSSL_FAILURE; } - if (wolfSSL_BIO_write(bio, " Data:\n", - (int)XSTRLEN(" Data:\n")) <= 0) { - return WOLFSSL_FAILURE; + /* print data header */ + if (wolfSSL_BIO_write(bio, data_hdr, (int)XSTRLEN(data_hdr)) <= 0) { + return WOLFSSL_FAILURE; } /* print version of cert */ - if (X509PrintVersion(bio, wolfSSL_X509_version(x509), 8) + if (X509PrintVersion(bio, wolfSSL_X509_ACERT_version(x509), 8) != WOLFSSL_SUCCESS) { return WOLFSSL_FAILURE; } /* print serial number out */ - if (X509PrintSerial(bio, x509, 8) != WOLFSSL_SUCCESS) { + if (X509AcertPrintSerial(bio, x509, 8) != WOLFSSL_SUCCESS) { return WOLFSSL_FAILURE; } - /* print out signature algo*/ - if (X509PrintSignature(bio, x509, 1, 8) != WOLFSSL_SUCCESS) { - return WOLFSSL_FAILURE; - } - - /* print issuer */ - if (X509PrintName(bio, wolfSSL_X509_get_issuer_name(x509), issuType, 8) - != WOLFSSL_SUCCESS) { + /* print holder field */ + if (wolfSSL_BIO_write(bio, holder_hdr, (int)XSTRLEN(holder_hdr)) <= 0) { return WOLFSSL_FAILURE; } -#ifndef NO_ASN_TIME - /* print validity */ - { - char tmp[80]; - - if (wolfSSL_BIO_write(bio, " Validity\n", - (int)XSTRLEN(" Validity\n")) <= 0) { + if (x509->holderEntityName != NULL) { + /* print issuer header */ + if (wolfSSL_BIO_write(bio, holder_name_hdr, + (int)XSTRLEN(holder_name_hdr)) <= 0) { return WOLFSSL_FAILURE; } - if (wolfSSL_BIO_write(bio, " Not Before: ", - (int)XSTRLEN(" Not Before: ")) <= 0) { + if (X509_ACERT_print_name_entry(bio, x509->holderEntityName, 1) + != WOLFSSL_SUCCESS) { return WOLFSSL_FAILURE; } - if (x509->notBefore.length > 0) { - if (GetTimeString(x509->notBefore.data, ASN_UTC_TIME, - tmp, sizeof(tmp)) != WOLFSSL_SUCCESS) { - if (GetTimeString(x509->notBefore.data, ASN_GENERALIZED_TIME, - tmp, sizeof(tmp)) != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("Error getting not before date"); - return WOLFSSL_FAILURE; - } - } - } - else { - XSTRNCPY(tmp, "Not Set", sizeof(tmp)-1); - } - tmp[sizeof(tmp) - 1] = '\0'; /* make sure null terminated */ - if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { + } + + if (x509->holderIssuerName != NULL) { + /* print issuer header */ + if (wolfSSL_BIO_write(bio, holder_issuer_hdr, + (int)XSTRLEN(holder_issuer_hdr)) <= 0) { return WOLFSSL_FAILURE; } - if (wolfSSL_BIO_write(bio, "\n Not After : ", - (int)XSTRLEN("\n Not After : ")) <= 0) { + if (X509_ACERT_print_name_entry(bio, x509->holderIssuerName, 1) + != WOLFSSL_SUCCESS) { return WOLFSSL_FAILURE; } - if (x509->notAfter.length > 0) { - if (GetTimeString(x509->notAfter.data, ASN_UTC_TIME, - tmp, sizeof(tmp)) != WOLFSSL_SUCCESS) { - if (GetTimeString(x509->notAfter.data, ASN_GENERALIZED_TIME, - tmp, sizeof(tmp)) != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("Error getting not after date"); - return WOLFSSL_FAILURE; - } - } - } - else { - XSTRNCPY(tmp, "Not Set", sizeof(tmp)-1); - } - tmp[sizeof(tmp) - 1] = '\0'; /* make sure null terminated */ - if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { + } + + if (x509->holderSerialSz > 0) { + X509PrintSerial_ex(bio, x509->holderSerial, x509->holderSerialSz, + 1, 12); + } + + /* print issuer header */ + if (wolfSSL_BIO_write(bio, attcert_issuer_hdr, + (int)XSTRLEN(attcert_issuer_hdr)) <= 0) { + return WOLFSSL_FAILURE; + } + + if (x509->AttCertIssuerName != NULL) { + if (X509_ACERT_print_name_entry(bio, x509->AttCertIssuerName, 1) + != WOLFSSL_SUCCESS) { return WOLFSSL_FAILURE; } - - if (wolfSSL_BIO_write(bio, "\n\0", (int)XSTRLEN("\n\0")) <= 0) { + } + else { + const char * msg = " Issuer type not supported.\n"; + if (wolfSSL_BIO_write(bio, msg, (int)XSTRLEN(msg)) <= 0) { return WOLFSSL_FAILURE; } } - #endif - /* print subject */ - if (X509PrintName(bio, wolfSSL_X509_get_subject_name(x509), subjType, 8) - != WOLFSSL_SUCCESS) { + #ifndef NO_ASN_TIME + /* print validity */ + if (X509PrintValidity(bio, &x509->notBefore, &x509->notAfter, 8) + != WOLFSSL_SUCCESS) { return WOLFSSL_FAILURE; } + #endif /* NO_ASN_TIME */ - /* get and print public key */ - if (X509PrintPubKey(bio, x509, 8) != WOLFSSL_SUCCESS) { - return WOLFSSL_FAILURE; - } + /* print raw attributes */ + if (x509->rawAttr && x509->rawAttrLen > 0) { + char attr_hdr[128]; /* buffer for XSNPRINTF */ - /* print out extensions */ - if (X509PrintExtensions(bio, x509, 8) != WOLFSSL_SUCCESS) { - return WOLFSSL_FAILURE; + if (XSNPRINTF(attr_hdr, 128, "%*s%s: %d bytes\n", 8, "", + "Attributes", x509->rawAttrLen) >= 128) { + return WOLFSSL_FAILURE; + } + + if (wolfSSL_BIO_write(bio, attr_hdr, (int)XSTRLEN(attr_hdr)) <= 0) { + return WOLFSSL_FAILURE; + } } - /* print out signature */ - if (X509PrintSignature(bio, x509, 0, 4) != WOLFSSL_SUCCESS) { + /* print out sig algo and signature */ + if (X509AcertPrintSignature(bio, x509, 0, 8) != WOLFSSL_SUCCESS) { return WOLFSSL_FAILURE; } @@ -6966,10 +7403,7 @@ int wolfSSL_X509_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, return WOLFSSL_SUCCESS; } -int wolfSSL_X509_print(WOLFSSL_BIO* bio, WOLFSSL_X509* x509) -{ - return wolfSSL_X509_print_ex(bio, x509, 0, 0); -} +#endif /* WOLFSSL_ACERT */ #ifndef NO_FILESYSTEM int wolfSSL_X509_print_fp(XFILE fp, WOLFSSL_X509 *x509) @@ -7040,7 +7474,6 @@ int wolfSSL_X509_signature_print(WOLFSSL_BIO *bp, for (i = 0; i < length; ++i) { char hex_digits[4]; -#ifdef XSNPRINTF if (XSNPRINTF(hex_digits, sizeof(hex_digits), "%c%02X", i>0 ? ':' : ' ', (unsigned int)sigalg->algorithm->obj[idx+i]) >= (int)sizeof(hex_digits)) @@ -7048,10 +7481,6 @@ int wolfSSL_X509_signature_print(WOLFSSL_BIO *bp, WOLFSSL_MSG("buffer overrun"); return WOLFSSL_FAILURE; } -#else - XSPRINTF(hex_digits, "%c%02X", i>0 ? ':' : ' ', - (unsigned int)sigalg->algorithm->obj[idx+i]); -#endif if (wolfSSL_BIO_puts(bp, hex_digits) <= 0) return WOLFSSL_FAILURE; } @@ -7101,13 +7530,12 @@ int wolfSSL_X509_LOOKUP_load_file(WOLFSSL_X509_LOOKUP* lookup, { #if !defined(NO_FILESYSTEM) && \ (defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM)) - int ret = WOLFSSL_FAILURE; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); XFILE fp; long sz; byte* pem = NULL; byte* curr = NULL; byte* prev = NULL; - WOLFSSL_X509* x509; const char* header = NULL; const char* footer = NULL; @@ -7168,12 +7596,8 @@ int wolfSSL_X509_LOOKUP_load_file(WOLFSSL_X509_LOOKUP* lookup, } else if (wc_PemGetHeaderFooter(CERT_TYPE, &header, &footer) == 0 && XSTRNSTR((char*)curr, header, (unsigned int)sz) != NULL) { - x509 = wolfSSL_X509_load_certificate_buffer(curr, (int)sz, - WOLFSSL_FILETYPE_PEM); - if (x509 == NULL) - goto end; - ret = wolfSSL_X509_STORE_add_cert(lookup->store, x509); - wolfSSL_X509_free(x509); + ret = X509StoreLoadCertBuffer(lookup->store, curr, + (word32)sz, WOLFSSL_FILETYPE_PEM); if (ret != WOLFSSL_SUCCESS) goto end; curr = (byte*)XSTRNSTR((char*)curr, footer, (unsigned int)sz); @@ -7191,8 +7615,7 @@ int wolfSSL_X509_LOOKUP_load_file(WOLFSSL_X509_LOOKUP* lookup, while (ret == WOLFSSL_SUCCESS); end: - if (pem != NULL) - XFREE(pem, 0, DYNAMIC_TYPE_PEM); + XFREE(pem, 0, DYNAMIC_TYPE_PEM); XFCLOSE(fp); return WS_RETURN_CODE(ret, (int)WOLFSSL_FAILURE); #else @@ -7310,8 +7733,7 @@ static int x509AddCertDir(WOLFSSL_BY_DIR *ctx, const char *argc, long argl) XSTRNCPY(entry->dir_name, buf, pathLen); entry->dir_name[pathLen] = '\0'; - if (wolfSSL_sk_BY_DIR_entry_push(ctx->dir_entry, entry) - != WOLFSSL_SUCCESS) { + if (wolfSSL_sk_BY_DIR_entry_push(ctx->dir_entry, entry) <= 0) { wolfSSL_BY_DIR_entry_free(entry); #ifdef WOLFSSL_SMALL_STACK XFREE(buf, 0, DYNAMIC_TYPE_OPENSSL); @@ -7357,7 +7779,7 @@ static int x509AddCertDir(WOLFSSL_BY_DIR *ctx, const char *argc, long argl) int wolfSSL_X509_LOOKUP_ctrl(WOLFSSL_X509_LOOKUP *ctx, int cmd, const char *argc, long argl, char **ret) { - int lret = WOLFSSL_FAILURE; + int lret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); WOLFSSL_ENTER("wolfSSL_X509_LOOKUP_ctrl"); #if !defined(NO_FILESYSTEM) @@ -7416,7 +7838,7 @@ static int wolfssl_x509_make_der(WOLFSSL_X509* x509, int req, */ static int loadX509orX509REQFromBio(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, int req) { - int ret = WOLFSSL_FAILURE; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); /* Get large buffer to hold cert der */ int derSz = X509_BUFFER_SZ; #ifdef WOLFSSL_SMALL_STACK @@ -7526,20 +7948,12 @@ int wolfSSL_i2d_X509(WOLFSSL_X509* x509, unsigned char** out) int wc_GeneratePreTBS(DecodedCert* cert, byte *der, int derSz) { int ret = 0; WOLFSSL_X509 *x = NULL; - byte certOwnsAltNames = 0; byte certIsCSR = 0; if ((cert == NULL) || (der == NULL) || (derSz <= 0)) { return BAD_FUNC_ARG; } - /* The call to CopyDecodedToX509() transfers ownership of the altNames in - * the DecodedCert to the temporary X509 object, causing the list to be - * freed in wolfSSL_X509_free(). As this is an unintended side-effect, we - * have to save the ownerFlag here and transfer ownership back to the - * DecodedCert prior to freeing the X509 object. */ - certOwnsAltNames = cert->weOwnAltNames; - #ifdef WOLFSSL_CERT_REQ certIsCSR = cert->isCSR; #endif @@ -7552,9 +7966,6 @@ int wc_GeneratePreTBS(DecodedCert* cert, byte *der, int derSz) { ret = CopyDecodedToX509(x, cert); } - /* CopyDecodedToX509() clears cert->weOwnAltNames. Restore it. */ - cert->weOwnAltNames = certOwnsAltNames; - if (ret == 0) { /* Remove the altsigval extension. */ XFREE(x->altSigValDer, x->heap, DYNAMIC_TYPE_X509_EXT); @@ -7570,9 +7981,6 @@ int wc_GeneratePreTBS(DecodedCert* cert, byte *der, int derSz) { } if (x != NULL) { - /* Safe the altNames list from being freed unitentionally. */ - x->altNames = NULL; - wolfSSL_X509_free(x); } @@ -7807,8 +8215,7 @@ static void *wolfSSL_d2i_X509_fp_ex(XFILE file, void **x509, int type) } #endif _exit: - if (fileBuffer != NULL) - XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE); + XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE); return newx509; } @@ -7983,9 +8390,7 @@ WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_bio(WOLFSSL_BIO *bp, } } - if (der != NULL) { - XFREE(der, 0, DYNAMIC_TYPE_DER); - } + XFREE(der, 0, DYNAMIC_TYPE_DER); return crl; } @@ -8007,7 +8412,7 @@ WOLFSSL_API int wolfSSL_X509_load_crl_file(WOLFSSL_X509_LOOKUP *ctx, const char *file, int type) { #ifndef NO_BIO - int ret = WOLFSSL_FAILURE; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); int count = 0; WOLFSSL_BIO *bio = NULL; WOLFSSL_X509_CRL *crl = NULL; @@ -8041,7 +8446,7 @@ WOLFSSL_API int wolfSSL_X509_load_crl_file(WOLFSSL_X509_LOOKUP *ctx, } ret = wolfSSL_X509_STORE_add_crl(ctx->store, crl); - if (ret == WOLFSSL_FAILURE) { + if (ret == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) { WOLFSSL_MSG("Adding crl failed"); break; } @@ -8058,7 +8463,7 @@ WOLFSSL_API int wolfSSL_X509_load_crl_file(WOLFSSL_X509_LOOKUP *ctx, WOLFSSL_MSG("Load crl failed"); } else { ret = wolfSSL_X509_STORE_add_crl(ctx->store, crl); - if (ret == WOLFSSL_FAILURE) { + if (ret == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) { WOLFSSL_MSG("Adding crl failed"); } else { ret = 1;/* handled a file */ @@ -8074,7 +8479,7 @@ WOLFSSL_API int wolfSSL_X509_load_crl_file(WOLFSSL_X509_LOOKUP *ctx, WOLFSSL_LEAVE("wolfSSL_X509_load_crl_file", ret); return ret; #else - int ret = WOLFSSL_FAILURE; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); int count = 0; XFILE fp; WOLFSSL_X509_CRL *crl = NULL; @@ -8098,7 +8503,7 @@ WOLFSSL_API int wolfSSL_X509_load_crl_file(WOLFSSL_X509_LOOKUP *ctx, } ret = wolfSSL_X509_STORE_add_crl(ctx->store, crl); - if (ret == WOLFSSL_FAILURE) { + if (ret == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) { WOLFSSL_MSG("Adding crl failed"); break; } @@ -8117,7 +8522,7 @@ WOLFSSL_API int wolfSSL_X509_load_crl_file(WOLFSSL_X509_LOOKUP *ctx, } else { ret = wolfSSL_X509_STORE_add_crl(ctx->store, crl); - if (ret == WOLFSSL_FAILURE) { + if (ret == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) { WOLFSSL_MSG("Adding crl failed"); } else { @@ -8346,9 +8751,7 @@ static int X509CRLPrintSignature(WOLFSSL_BIO* bio, WOLFSSL_X509_CRL* crl, return WOLFSSL_FAILURE; } - if (sig != NULL) { - XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER); } @@ -8724,8 +9127,7 @@ WOLFSSL_X509_VERIFY_PARAM* wolfSSL_X509_VERIFY_PARAM_new(void) void wolfSSL_X509_VERIFY_PARAM_free(WOLFSSL_X509_VERIFY_PARAM *param) { - if (param != NULL) - XFREE(param, NULL, DYNAMIC_TYPE_OPENSSL); + XFREE(param, NULL, DYNAMIC_TYPE_OPENSSL); } @@ -8733,7 +9135,7 @@ void wolfSSL_X509_VERIFY_PARAM_free(WOLFSSL_X509_VERIFY_PARAM *param) int wolfSSL_X509_VERIFY_PARAM_set_flags(WOLFSSL_X509_VERIFY_PARAM *param, unsigned long flags) { - int ret = WOLFSSL_FAILURE; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); if (param != NULL) { param->flags |= flags; @@ -8759,7 +9161,7 @@ int wolfSSL_X509_VERIFY_PARAM_get_flags(WOLFSSL_X509_VERIFY_PARAM *param) int wolfSSL_X509_VERIFY_PARAM_clear_flags(WOLFSSL_X509_VERIFY_PARAM *param, unsigned long flags) { - int ret = WOLFSSL_FAILURE; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); if (param != NULL) { param->flags &= ~flags; @@ -8769,6 +9171,41 @@ int wolfSSL_X509_VERIFY_PARAM_clear_flags(WOLFSSL_X509_VERIFY_PARAM *param, return ret; } +/* note WOLFSSL_X509_VERIFY_PARAM does not record purpose, trust, depth, or + * auth_level. + */ +static const WOLFSSL_X509_VERIFY_PARAM x509_verify_param_builtins[] = { + { + "ssl_client", /* name */ + 0, /* check_time */ + 0, /* inherit_flags */ + 0, /* flags */ + "", /* hostname */ + 0, /* hostFlags */ + "" /* ipasc */ + }, + { + "ssl_server", /* name */ + 0, /* check_time */ + 0, /* inherit_flags */ + 0, /* flags */ + "", /* hostname */ + 0, /* hostFlags */ + "" /* ipasc */ + } +}; + +const WOLFSSL_X509_VERIFY_PARAM *wolfSSL_X509_VERIFY_PARAM_lookup(const char *name) +{ + const WOLFSSL_X509_VERIFY_PARAM *param = &x509_verify_param_builtins[0], + *param_end = &x509_verify_param_builtins[XELEM_CNT(x509_verify_param_builtins)]; + while (param < param_end) { + if (XSTRCMP(name, param->name) == 0) + return param; + ++param; + } + return NULL; +} /* inherits properties of param "to" to param "from" * @@ -8779,10 +9216,10 @@ int wolfSSL_X509_VERIFY_PARAM_clear_flags(WOLFSSL_X509_VERIFY_PARAM *param, * WOLFSSL_VPARAM_LOCKED don't copy any values * WOLFSSL_VPARAM_ONCE the current inherit_flags is zerroed */ -static int wolfSSL_X509_VERIFY_PARAM_inherit(WOLFSSL_X509_VERIFY_PARAM *to, +int wolfSSL_X509_VERIFY_PARAM_inherit(WOLFSSL_X509_VERIFY_PARAM *to, const WOLFSSL_X509_VERIFY_PARAM *from) { - int ret = WOLFSSL_FAILURE; + int ret = WOLFSSL_SUCCESS; int isOverWrite = 0; int isDefault = 0; unsigned int flags; @@ -8884,7 +9321,7 @@ int wolfSSL_X509_VERIFY_PARAM_set1_host(WOLFSSL_X509_VERIFY_PARAM* pParam, int wolfSSL_X509_VERIFY_PARAM_set1(WOLFSSL_X509_VERIFY_PARAM *to, const WOLFSSL_X509_VERIFY_PARAM *from) { - int ret = WOLFSSL_FAILURE; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); unsigned int _inherit_flags; if (!to) { @@ -8926,7 +9363,7 @@ void wolfSSL_X509_VERIFY_PARAM_set_hostflags(WOLFSSL_X509_VERIFY_PARAM* param, int wolfSSL_X509_VERIFY_PARAM_set1_ip_asc(WOLFSSL_X509_VERIFY_PARAM *param, const char *ipasc) { - int ret = WOLFSSL_FAILURE; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); if (param != NULL) { if (ipasc == NULL) { @@ -8951,7 +9388,7 @@ int wolfSSL_X509_VERIFY_PARAM_set1_ip_asc(WOLFSSL_X509_VERIFY_PARAM *param, int wolfSSL_X509_VERIFY_PARAM_set1_ip(WOLFSSL_X509_VERIFY_PARAM* param, const unsigned char* ip, size_t iplen) { - int ret = WOLFSSL_FAILURE; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); #ifndef NO_FILESYSTEM char* buf = NULL; char* p = NULL; @@ -8970,14 +9407,13 @@ int wolfSSL_X509_VERIFY_PARAM_set1_ip(WOLFSSL_X509_VERIFY_PARAM* param, if (iplen == 4) { /* ipv4 www.xxx.yyy.zzz max 15 length + Null termination */ buf = (char*)XMALLOC(16, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (!buf) { WOLFSSL_MSG("failed malloc"); return ret; } - XSPRINTF(buf, "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]); - buf[15] = '\0'; + (void)XSNPRINTF(buf, 16, "%d.%d.%d.%d", ip[0], ip[1], ip[2], ip[3]); + buf[15] = '\0'; /* null terminate */ } else if (iplen == 16) { /* ipv6 normal address scheme @@ -9006,47 +9442,46 @@ int wolfSSL_X509_VERIFY_PARAM_set1_ip(WOLFSSL_X509_VERIFY_PARAM* param, * to re-construct IP address in ascii. */ buf = (char*)XMALLOC(max_ipv6_len, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (!buf) { WOLFSSL_MSG("failed malloc"); return ret; } p = buf; for (i = 0; i < 16; i += 2) { - val = (((word32)(ip[i]<<8)) | (ip[i+1])) & 0xFFFF; - if (val == 0){ - if (!write_zero) { + val = (((word32)(ip[i]<<8)) | (ip[i+1])) & 0xFFFF; + if (val == 0){ + if (!write_zero) { *p = ':'; - } - p++; - *p = '\0'; - write_zero = 1; - } - else { - if (i != 0) - *p++ = ':'; - XSPRINTF(p, "%x", val); - } - /* sanity check */ - if (XSTRLEN(buf) > max_ipv6_len) { - WOLFSSL_MSG("The target ip address exceeds buffer length(40)"); - XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); - buf = NULL; - break; - } - /* move the pointer to the last */ - /* XSTRLEN includes NULL because of XSPRINTF use */ - p = buf + (XSTRLEN(buf)); + } + p++; + *p = '\0'; + write_zero = 1; + } + else { + if (i != 0) { + *p++ = ':'; + } + (void)XSNPRINTF(p, max_ipv6_len - (size_t)(p - buf), "%x", val); + } + /* sanity check */ + if (XSTRLEN(buf) > max_ipv6_len) { + WOLFSSL_MSG("The target ip address exceeds buffer length(40)"); + XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + buf = NULL; + break; + } + /* move the pointer to the last */ + /* XSTRLEN includes NULL because of XSPRINTF use */ + p = buf + (XSTRLEN(buf)); } /* termination */ - if(i == 16 && buf) { + if (i == 16 && buf) { p--; if ((*p) == ':') { - /* when the last character is :, the following segments are zero - * Therefore, adding : and null termination - */ - p++; - *p++ = ':'; + /* when the last character is :, the following segments are zero + * Therefore, adding : and null termination */ + p++; + *p++ = ':'; *p = '\0'; } } @@ -9057,7 +9492,7 @@ int wolfSSL_X509_VERIFY_PARAM_set1_ip(WOLFSSL_X509_VERIFY_PARAM* param, } if (buf) { - /* set address to ip asc */ + /* set address to ip asc */ ret = wolfSSL_X509_VERIFY_PARAM_set1_ip_asc(param, buf); XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); } @@ -9084,12 +9519,12 @@ int wolfSSL_X509_cmp_current_time(const WOLFSSL_ASN1_TIME* asnTime) return wolfSSL_X509_cmp_time(asnTime, NULL); } -/* return -1 if asnTime is earlier than or equal to cmpTime, and 1 otherwise +/* return WOLFSSL_FATAL_ERROR if asnTime is earlier than or equal to cmpTime, and 1 otherwise * return 0 on error */ int wolfSSL_X509_cmp_time(const WOLFSSL_ASN1_TIME* asnTime, time_t* cmpTime) { - int ret = WOLFSSL_FAILURE; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); time_t tmpTime, *pTime = &tmpTime; struct tm ts, *tmpTs, *ct; #if defined(NEED_TMP_TIME) @@ -9336,6 +9771,110 @@ int wolfSSL_X509_ALGOR_set0(WOLFSSL_X509_ALGOR *algor, WOLFSSL_ASN1_OBJECT *aobj return WOLFSSL_SUCCESS; } +/** + * Serialize object to DER encoding + * + * @param alg Object to serialize + * @param pp Output + * @return Length on success + * Negative number on failure + */ +int wolfSSL_i2d_X509_ALGOR(const WOLFSSL_X509_ALGOR* alg, + unsigned char** pp) +{ + int len; + word32 oid = 0; + word32 idx = 0; + unsigned char* buf = NULL; + + if (alg == NULL || alg->algorithm == 0) { + WOLFSSL_MSG("alg is NULL or algorithm not set"); + return WOLFSSL_FATAL_ERROR; + } + + if (GetObjectId(alg->algorithm->obj, &idx, &oid, + (word32)alg->algorithm->grp, alg->algorithm->objSz) < 0) { + WOLFSSL_MSG("Issue getting OID of object"); + return WOLFSSL_FATAL_ERROR; + } + + len = (int)SetAlgoID((int)oid, NULL, alg->algorithm->grp, 0); + if (len == 0) { + WOLFSSL_MSG("SetAlgoID error"); + return WOLFSSL_FATAL_ERROR; + } + + if (pp != NULL) { + if (*pp != NULL) + buf = *pp; + else { + buf = (byte*)XMALLOC((size_t)len, NULL, DYNAMIC_TYPE_ASN1); + if (buf == NULL) + return WOLFSSL_FATAL_ERROR; + } + + len = (int)SetAlgoID((int)oid, buf, alg->algorithm->grp, 0); + if (len == 0) { + WOLFSSL_MSG("SetAlgoID error"); + if (*pp == NULL) + XFREE(buf, NULL, DYNAMIC_TYPE_ASN1); + return WOLFSSL_FATAL_ERROR; + } + + if (*pp != NULL) + *pp += len; + else + *pp = buf; + } + + return len; +} + +WOLFSSL_X509_ALGOR* wolfSSL_d2i_X509_ALGOR(WOLFSSL_X509_ALGOR** out, + const byte** src, long len) +{ + WOLFSSL_X509_ALGOR* ret = NULL; + word32 idx = 0; + word32 oid = 0; + int grp; + + WOLFSSL_ENTER("wolfSSL_d2i_X509_ALGOR"); + + if (src == NULL || *src == NULL || len == 0) + return NULL; + + if (GetAlgoId(*src, &idx, &oid, oidIgnoreType, (word32)len) != 0) + return NULL; + + /* Try to guess the type */ + for (grp = 0; grp < oidIgnoreType; grp++) { + word32 oidSz; + if (OidFromId(oid, (word32)grp, &oidSz) != NULL) + break; + } + if (grp == oidIgnoreType) + return NULL; + + ret = wolfSSL_X509_ALGOR_new(); + if (ret == NULL) + return NULL; + + ret->algorithm = wolfSSL_OBJ_nid2obj(oid2nid(oid, grp)); + if (ret->algorithm == NULL) { + wolfSSL_X509_ALGOR_free(ret); + return NULL; + } + *src += idx; + + if (out != NULL) { + if (*out != NULL) + wolfSSL_X509_ALGOR_free(*out); + *out = ret; + } + + return ret; +} + /** * Allocate a new WOLFSSL_X509_PUBKEY object. * @@ -9557,6 +10096,17 @@ int wolfSSL_X509_PUBKEY_set(WOLFSSL_X509_PUBKEY **x, WOLFSSL_EVP_PKEY *key) #endif /* OPENSSL_ALL || WOLFSSL_APACHE_HTTPD || WOLFSSL_HAPROXY || WOLFSSL_WPAS */ +#if !defined(NO_CERTS) && !defined(NO_ASN) && !defined(NO_PWDBASED) + +int wolfSSL_i2d_X509_PUBKEY(WOLFSSL_X509_PUBKEY* x509_PubKey, unsigned char** der) +{ + if (x509_PubKey == NULL) + return WOLFSSL_FATAL_ERROR; + return wolfSSL_i2d_PublicKey(x509_PubKey->pkey, der); +} + +#endif /* !NO_CERTS && !NO_ASN && !NO_PWDBASED */ + #endif /* OPENSSL_EXTRA */ #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) @@ -9731,7 +10281,7 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref( static int CopyX509NameToCert(WOLFSSL_X509_NAME* n, byte* out) { unsigned char* der = NULL; - int length = BAD_FUNC_ARG, ret; + int length = WC_NO_ERR_TRACE(BAD_FUNC_ARG), ret; word32 idx = 0; ret = wolfSSL_i2d_X509_NAME(n, &der); @@ -9749,8 +10299,7 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref( XMEMCPY(out, der + idx, length); } - if (der != NULL) - XFREE(der, NULL, DYNAMIC_TYPE_OPENSSL); + XFREE(der, NULL, DYNAMIC_TYPE_OPENSSL); return length; } @@ -9799,7 +10348,7 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref( #if defined(OPENSSL_ALL) idx = wolfSSL_X509_REQ_get_attr_by_NID(req, NID_pkcs9_unstructuredName, -1); - if (idx != WOLFSSL_FATAL_ERROR) { + if (idx != WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) { WOLFSSL_X509_ATTRIBUTE *attr; attr = wolfSSL_X509_REQ_get_attr(req, idx); if (attr != NULL) { @@ -10083,7 +10632,9 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref( int sigType = WOLFSSL_FAILURE; /* Convert key type and hash algorithm to a signature algorithm */ - if (wolfSSL_EVP_get_hashinfo(md, &hashType, NULL) == WOLFSSL_FAILURE) { + if (wolfSSL_EVP_get_hashinfo(md, &hashType, NULL) + == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) + { return WOLFSSL_FAILURE; } @@ -10178,7 +10729,7 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref( static int wolfssl_x509_make_der(WOLFSSL_X509* x509, int req, unsigned char* der, int* derSz, int includeSig) { - int ret = WOLFSSL_FAILURE; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); int totalLen; Cert* cert = NULL; void* key = NULL; @@ -10622,7 +11173,7 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref( WOLFSSL_ENTER("wolfSSL_X509_resign_cert"); sigType = wolfSSL_sigTypeFromPKEY(md, pkey); - if (sigType == WOLFSSL_FAILURE) { + if (sigType == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) { WOLFSSL_MSG("Error getting signature type from pkey"); return WOLFSSL_FATAL_ERROR; } @@ -10752,8 +11303,7 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref( } out: - if (der) - XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); return ret; } @@ -10809,7 +11359,7 @@ static int ConvertNIDToWolfSSL(int nid) case NID_favouriteDrink: return ASN_FAVOURITE_DRINK; default: WOLFSSL_MSG("Attribute NID not found"); - return -1; + return WOLFSSL_FATAL_ERROR; } } #endif /* OPENSSL_ALL || OPENSSL_EXTRA || @@ -11113,7 +11663,7 @@ int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* name, unsigned char** out) InitDecodedCert(cert, *in, (word32)length, NULL); /* Parse the X509 subject name */ - if (GetName(cert, SUBJECT, (int)length) != 0) { + if (GetName(cert, ASN_SUBJECT, (int)length) != 0) { WOLFSSL_MSG("WOLFSSL_X509_NAME parse error"); goto cleanup; } @@ -11276,6 +11826,63 @@ int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* name, unsigned char** out) } +#if defined(WOLFSSL_ACERT) + WOLFSSL_X509_ACERT *wolfSSL_PEM_read_bio_X509_ACERT(WOLFSSL_BIO *bp, + WOLFSSL_X509_ACERT **x, + wc_pem_password_cb *cb, + void *u) + { + WOLFSSL_X509_ACERT* x509 = NULL; +#if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM) + unsigned char * pem = NULL; + int pemSz; + + WOLFSSL_ENTER("wolfSSL_PEM_read_bio_X509_ACERT"); + + if (bp == NULL) { + WOLFSSL_LEAVE("wolfSSL_PEM_read_bio_X509_ACERT", BAD_FUNC_ARG); + return NULL; + } + + if ((pemSz = wolfSSL_BIO_get_len(bp)) <= 0) { + /* No certificate in buffer */ + WOLFSSL_ERROR(ASN_NO_PEM_HEADER); + return NULL; + } + + pem = (unsigned char*)XMALLOC(pemSz, 0, DYNAMIC_TYPE_PEM); + + if (pem == NULL) { + return NULL; + } + + XMEMSET(pem, 0, pemSz); + + if (wolfSSL_BIO_read(bp, pem, pemSz) != pemSz) { + XFREE(pem, NULL, DYNAMIC_TYPE_PEM); + return NULL; + } + + x509 = wolfSSL_X509_ACERT_load_certificate_buffer(pem, pemSz, + WOLFSSL_FILETYPE_PEM); + + if (x != NULL) { + *x = x509; + } + + XFREE(pem, NULL, DYNAMIC_TYPE_PEM); + +#endif /* WOLFSSL_PEM_TO_DER || WOLFSSL_DER_TO_PEM */ + (void)bp; + (void)x; + (void)cb; + (void)u; + + return x509; + + } +#endif /* WOLFSSL_ACERT */ + WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, wc_pem_password_cb *cb, void *u) { @@ -11382,9 +11989,7 @@ int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* name, unsigned char** out) } err: - if(pem != NULL) { - XFREE(pem, 0, DYNAMIC_TYPE_PEM); - } + XFREE(pem, 0, DYNAMIC_TYPE_PEM); if(der != NULL) { FreeDer(&der); } @@ -11481,8 +12086,7 @@ int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* name, unsigned char** out) return newx509; err_exit: - if (pem != NULL) - XFREE(pem, NULL, DYNAMIC_TYPE_PEM); + XFREE(pem, NULL, DYNAMIC_TYPE_PEM); if (der != NULL) FreeDer(&der); @@ -11747,8 +12351,7 @@ int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* name, unsigned char** out) #endif return WOLFSSL_SUCCESS; err: - if (pem) - XFREE(pem, 0, DYNAMIC_TYPE_PEM); + XFREE(pem, 0, DYNAMIC_TYPE_PEM); #ifdef HAVE_CRL if (der) FreeDer(&der); @@ -11838,8 +12441,7 @@ int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* name, unsigned char** out) ret = MEMORY_E; break; } - if (wolfSSL_sk_X509_INFO_push(localSk, current) != - WOLFSSL_SUCCESS) { + if (wolfSSL_sk_X509_INFO_push(localSk, current) <= 0) { wolfSSL_X509_INFO_free(current); current = NULL; ret = WOLFSSL_FAILURE; @@ -12216,8 +12818,7 @@ WOLFSSL_ASN1_OBJECT* wolfSSL_X509_NAME_ENTRY_get_object( if (name->entries == NULL) { name->entries = wolfSSL_sk_X509_NAME_new(NULL); } - if (wolfSSL_sk_X509_NAME_ENTRY_push(name->entries, current - ) != WOLFSSL_SUCCESS) { + if (wolfSSL_sk_X509_NAME_ENTRY_push(name->entries, current) <= 0) { ret = WOLFSSL_FAILURE; } #endif @@ -12245,7 +12846,7 @@ WOLFSSL_ASN1_OBJECT* wolfSSL_X509_NAME_ENTRY_get_object( const unsigned char *bytes, int len, int loc, int set) { - int ret = WOLFSSL_FAILURE; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); int nid; WOLFSSL_X509_NAME_ENTRY* entry; @@ -12315,7 +12916,7 @@ WOLFSSL_ASN1_OBJECT* wolfSSL_X509_NAME_ENTRY_get_object( int idx) { if (!name || idx >= MAX_NAME_ENTRIES || !obj || !obj->obj) { - return -1; + return WOLFSSL_FATAL_ERROR; } if (idx < 0) { @@ -12332,7 +12933,7 @@ WOLFSSL_ASN1_OBJECT* wolfSSL_X509_NAME_ENTRY_get_object( } } } - return -1; + return WOLFSSL_FATAL_ERROR; } #endif @@ -12388,7 +12989,7 @@ WOLFSSL_ASN1_OBJECT* wolfSSL_X509_NAME_ENTRY_get_object( #ifndef NO_CHECK_PRIVATE_KEY return wc_CheckPrivateKey((byte*)key->pkey.ptr, key->pkey_sz, x509->pubKey.buffer, x509->pubKey.length, - (enum Key_Sum)x509->pubKeyOID) == 1 ? + (enum Key_Sum)x509->pubKeyOID, key->heap) == 1 ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE; #else /* not compiled in */ @@ -12549,8 +13150,7 @@ int wolfSSL_PEM_write_bio_X509(WOLFSSL_BIO *bio, WOLFSSL_X509 *cert) return WOLFSSL_SUCCESS; error: - if (pem) - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); return WOLFSSL_FAILURE; } #endif /* WOLFSSL_CERT_GEN */ @@ -12669,7 +13269,7 @@ int wolfSSL_sk_X509_NAME_find(const WOLF_STACK_OF(WOLFSSL_X509_NAME) *sk, return i; } } - return -1; + return WOLFSSL_FATAL_ERROR; } /* Name Entry */ @@ -12849,7 +13449,7 @@ WOLF_STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list( for (i = 0; i < num; i++) { name = wolfSSL_X509_NAME_dup(wolfSSL_sk_X509_NAME_value(sk, i)); - if (name == NULL || WOLFSSL_SUCCESS != wolfSSL_sk_X509_NAME_push(copy, name)) { + if (name == NULL || wolfSSL_sk_X509_NAME_push(copy, name) <= 0) { WOLFSSL_MSG("Memory error"); wolfSSL_sk_X509_NAME_pop_free(copy, wolfSSL_X509_NAME_free); wolfSSL_X509_NAME_free(name); @@ -13247,6 +13847,28 @@ void wolfSSL_X509_OBJECT_free(WOLFSSL_X509_OBJECT *obj) XFREE(obj, NULL, DYNAMIC_TYPE_OPENSSL); } } + +WOLFSSL_X509_OBJECT *wolfSSL_X509_OBJECT_retrieve_by_subject( + WOLF_STACK_OF(WOLFSSL_X509_OBJECT) *sk, + WOLFSSL_X509_LOOKUP_TYPE type, + WOLFSSL_X509_NAME *name) +{ + int i; + + WOLFSSL_ENTER("wolfSSL_X509_OBJECT_retrieve_by_subject"); + + if (sk == NULL || name == NULL) + return NULL; + + for (i = 0; i < wolfSSL_sk_X509_OBJECT_num(sk); i++) { + WOLFSSL_X509_OBJECT* obj = (WOLFSSL_X509_OBJECT *)wolfSSL_sk_X509_OBJECT_value(sk, i); + if (obj != NULL && obj->type == type && + wolfSSL_X509_NAME_cmp( + wolfSSL_X509_get_subject_name(obj->data.x509), name) == 0) + return obj; + } + return NULL; +} #endif /* OPENSSL_ALL */ #ifndef NO_WOLFSSL_STUB @@ -13287,7 +13909,7 @@ int wolfSSL_sk_X509_num(const WOLF_STACK_OF(WOLFSSL_X509) *s) WOLFSSL_ENTER("wolfSSL_sk_X509_num"); if (s == NULL) - return -1; + return WOLFSSL_FATAL_ERROR; return (int)s->num; } @@ -13376,7 +13998,6 @@ int wolfSSL_X509_check_host(WOLFSSL_X509 *x, const char *chk, size_t chklen, WOLFSSL_ENTER("wolfSSL_X509_check_host"); /* flags and peername not needed for Nginx. */ - (void)flags; (void)peername; if ((x == NULL) || (chk == NULL)) { @@ -13384,11 +14005,15 @@ int wolfSSL_X509_check_host(WOLFSSL_X509 *x, const char *chk, size_t chklen, return WOLFSSL_FAILURE; } - if (flags == WOLFSSL_NO_WILDCARDS) { + if (flags & WOLFSSL_NO_WILDCARDS) { WOLFSSL_MSG("X509_CHECK_FLAG_NO_WILDCARDS not yet implemented"); return WOLFSSL_FAILURE; } - if (flags == WOLFSSL_NO_PARTIAL_WILDCARDS) { + if (flags & WOLFSSL_NO_PARTIAL_WILDCARDS) { + WOLFSSL_MSG("X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS not yet implemented"); + return WOLFSSL_FAILURE; + } + if (flags & WOLFSSL_MULTI_LABEL_WILDCARDS) { WOLFSSL_MSG("X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS not yet implemented"); return WOLFSSL_FAILURE; } @@ -13415,7 +14040,7 @@ int wolfSSL_X509_check_host(WOLFSSL_X509 *x, const char *chk, size_t chklen, else { for (i = 0; i < (chklen > 1 ? chklen - 1 : chklen); i++) { if (chk[i] == '\0') { - ret = -1; + ret = WOLFSSL_FATAL_ERROR; goto out; } } @@ -13424,7 +14049,7 @@ int wolfSSL_X509_check_host(WOLFSSL_X509 *x, const char *chk, size_t chklen, chklen--; } - ret = CheckHostName(dCert, (char *)chk, chklen); + ret = CheckHostName(dCert, (char *)chk, chklen, flags); out: @@ -13442,7 +14067,7 @@ int wolfSSL_X509_check_host(WOLFSSL_X509 *x, const char *chk, size_t chklen, int wolfSSL_X509_check_ip_asc(WOLFSSL_X509 *x, const char *ipasc, unsigned int flags) { - int ret = WOLFSSL_FAILURE; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); #ifdef WOLFSSL_SMALL_STACK DecodedCert *dCert = NULL; #else @@ -13491,8 +14116,9 @@ int wolfSSL_X509_check_ip_asc(WOLFSSL_X509 *x, const char *ipasc, } #ifdef WOLFSSL_SMALL_STACK - if (dCert != NULL) + if (x != NULL) { XFREE(dCert, x->heap, DYNAMIC_TYPE_DCERT); + } #endif return ret; @@ -13579,6 +14205,9 @@ int wolfSSL_X509_NAME_digest(const WOLFSSL_X509_NAME *name, #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \ defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) +#if defined(OPENSSL_EXTRA) && \ + ((defined(SESSION_CERTS) && !defined(WOLFSSL_QT)) || \ + defined(WOLFSSL_SIGNER_DER_CERT)) /** * Find the issuing cert of the input cert. On a self-signed cert this @@ -13649,6 +14278,8 @@ static int x509GetIssuerFromCM(WOLFSSL_X509 **issuer, WOLFSSL_CERT_MANAGER* cm, return WOLFSSL_SUCCESS; } +#endif /* if defined(OPENSSL_EXTRA) && (defined(SESSION_CERTS) || \ + defined(WOLFSSL_SIGNER_DER_CERT)) */ void wolfSSL_X509_email_free(WOLF_STACK_OF(WOLFSSL_STRING) *sk) { @@ -14097,7 +14728,7 @@ int wolfSSL_X509_set_version(WOLFSSL_X509* x509, long v) #endif /* (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) && WOLFSSL_CERT_GEN */ -#if defined(OPENSSL_ALL) && \ +#if (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)) && \ defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) void wolfSSL_X509V3_set_ctx(WOLFSSL_X509V3_CTX* ctx, WOLFSSL_X509* issuer, @@ -14158,7 +14789,7 @@ void wolfSSL_X509V3_set_ctx(WOLFSSL_X509V3_CTX* ctx, WOLFSSL_X509* issuer, int wolfSSL_i2d_X509_REQ(WOLFSSL_X509* req, unsigned char** out) { int derSz = 0; - int ret = WOLFSSL_FAILURE; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); WOLFSSL_BIO* bio = NULL; WOLFSSL_ENTER("wolfSSL_i2d_X509_REQ"); @@ -14270,7 +14901,7 @@ int wolfSSL_X509_REQ_sign_ctx(WOLFSSL_X509 *req, static int regenX509REQDerBuffer(WOLFSSL_X509* x509) { int derSz = X509_BUFFER_SZ; - int ret = WOLFSSL_FAILURE; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); #ifdef WOLFSSL_SMALL_STACK byte* der; der = (byte*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -14467,11 +15098,16 @@ int wolfSSL_X509_REQ_add1_attr_by_NID(WOLFSSL_X509 *req, req->reqAttributes->type = STACK_TYPE_X509_REQ_ATTR; } } - ret = wolfSSL_sk_push(req->reqAttributes, attr); - if ((ret != WOLFSSL_SUCCESS) || (req->reqAttributes->type == STACK_TYPE_CIPHER)) { - /* CIPHER type makes a copy */ - wolfSSL_X509_ATTRIBUTE_free(attr); + if ((req->reqAttributes != NULL) && + (req->reqAttributes->type == STACK_TYPE_X509_REQ_ATTR)) { + ret = wolfSSL_sk_push(req->reqAttributes, attr) > 0 + ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE; + } + else { + ret = WOLFSSL_FAILURE; } + if (ret != WOLFSSL_SUCCESS) + wolfSSL_X509_ATTRIBUTE_free(attr); } return ret; @@ -14621,7 +15257,417 @@ void wolfSSL_X509_ATTRIBUTE_free(WOLFSSL_X509_ATTRIBUTE* attr) XFREE(attr, NULL, DYNAMIC_TYPE_OPENSSL); } } -#endif +#endif /* (OPENSSL_ALL || OPENSSL_EXTRA) && + (WOLFSSL_CERT_GEN || WOLFSSL_CERT_REQ) */ + +#if defined(WOLFSSL_ACERT) && \ + (defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_EXTRA)) + +/* Allocate and return a new WOLFSSL_X509_ACERT struct pointer. + * + * @param [in] heap heap hint + * + * @return pointer on success + * @return NULL on error + * */ +WOLFSSL_X509_ACERT * wolfSSL_X509_ACERT_new_ex(void* heap) +{ + WOLFSSL_X509_ACERT* x509; + + x509 = (WOLFSSL_X509_ACERT*) XMALLOC(sizeof(WOLFSSL_X509_ACERT), heap, + DYNAMIC_TYPE_X509_ACERT); + + if (x509 != NULL) { + wolfSSL_X509_ACERT_init(x509, 1, heap); + } + + return x509; +} + +WOLFSSL_X509_ACERT * wolfSSL_X509_ACERT_new(void) +{ + return wolfSSL_X509_ACERT_new_ex(NULL); +} + +/* Initialize a WOLFSSL_X509_ACERT struct. + * + * If dynamic == 1, then the x509 pointer will be freed + * in wolfSSL_X509_ACERT_free. + * + * @param [in] x509 x509 acert pointer + * @param [in] dynamic dynamic mem flag + * @param [in] heap heap hint + * + * @return void + * */ +void wolfSSL_X509_ACERT_init(WOLFSSL_X509_ACERT * x509, int dynamic, void* heap) +{ + if (x509 == NULL) { + WOLFSSL_MSG("error: InitX509Acert: null parameter"); + return; + } + + XMEMSET(x509, 0, sizeof(*x509)); + + x509->heap = heap; + x509->dynamic = dynamic; +} + +/* Free a WOLFSSL_X509_ACERT struct and its sub-fields. + * + * If this ACERT was initialized with dynamic == 1, then + * the x509 pointer itself will be freed as well. + * + * @param [in] x509 x509 acert pointer + * + * @return void + * */ +void wolfSSL_X509_ACERT_free(WOLFSSL_X509_ACERT * x509) +{ + int dynamic = 0; + void * heap = NULL; + + if (x509 == NULL) { + WOLFSSL_MSG("error: wolfSSL_X509_ACERT_free: null parameter"); + return; + } + + dynamic = x509->dynamic; + heap = x509->heap; + + /* Free holder and att cert issuer structures. */ + if (x509->holderIssuerName) { + FreeAltNames(x509->holderIssuerName, heap); + x509->holderIssuerName = NULL; + } + + if (x509->AttCertIssuerName) { + FreeAltNames(x509->AttCertIssuerName, heap); + x509->AttCertIssuerName = NULL; + } + + if (x509->rawAttr != NULL) { + XFREE(x509->rawAttr, heap, DYNAMIC_TYPE_X509_EXT); + x509->rawAttr = NULL; + x509->rawAttrLen = 0; + } + + /* Free derCert source and signature buffer. */ + FreeDer(&x509->derCert); + + if (x509->sig.buffer != NULL) { + XFREE(x509->sig.buffer, heap, DYNAMIC_TYPE_SIGNATURE); + x509->sig.buffer = NULL; + } + + /* Finally memset and free x509 acert structure. */ + XMEMSET(x509, 0, sizeof(*x509)); + + if (dynamic == 1) { + XFREE(x509, heap, DYNAMIC_TYPE_X509_ACERT); + } + + return; +} + +#if defined(OPENSSL_EXTRA) +long wolfSSL_X509_ACERT_get_version(const WOLFSSL_X509_ACERT* x509) +{ + int version = 0; + + if (x509 == NULL) { + return 0L; + } + + version = x509->version; + + return version != 0 ? (long)version - 1L : 0L; +} +#endif /* OPENSSL_EXTRA */ + +int wolfSSL_X509_ACERT_version(WOLFSSL_X509_ACERT* x509) +{ + if (x509 == NULL) { + return 0; + } + + return x509->version; +} + +/* Retrieve the serial number from an ACERT. + * + * @param [in] x509 the x509 attribute certificate + * @param [in, out] buf the serial number buffer pointer + * @param [in, out] bufSz the serial number buffer size pointer + * + * buf may be null, but bufSz is required. On success, sets + * bufSz pointer to signature length, and copies signature + * to buf if provided. + * + * Returns WWOLFSSL_FATAL_ERROR if bufSz is null or too small. + * Returns WOLFSSL_SUCCESS on success. + */ +int wolfSSL_X509_ACERT_get_serial_number(WOLFSSL_X509_ACERT* x509, + byte* buf, int* bufSz) +{ + WOLFSSL_ENTER("wolfSSL_X509_ACERT_get_serial_number"); + + if (x509 == NULL || bufSz == NULL) { + WOLFSSL_MSG("error: null argument passed in"); + return BAD_FUNC_ARG; + } + + if (buf != NULL) { + if (*bufSz < x509->serialSz) { + WOLFSSL_MSG("error: serial buffer too small"); + return BUFFER_E; + } + + XMEMCPY(buf, x509->serial, x509->serialSz); + } + + *bufSz = x509->serialSz; + + return WOLFSSL_SUCCESS; +} + +/* Sets buf pointer and len to raw Attribute buffer and buffer len + * in X509 struct. + * + * Returns WOLFSSL_SUCCESS on success. + * Returns BAD_FUNC_ARG if input pointers are null. + * */ +WOLFSSL_API int wolfSSL_X509_ACERT_get_attr_buf(const WOLFSSL_X509_ACERT* x509, + const byte ** rawAttr, + word32 * rawAttrLen) +{ + if (x509 == NULL || rawAttr == NULL || rawAttrLen == NULL) { + return BAD_FUNC_ARG; + } + + *rawAttr = x509->rawAttr; + *rawAttrLen = x509->rawAttrLen; + + return WOLFSSL_SUCCESS; +} + +#ifndef NO_WOLFSSL_STUB +WOLFSSL_API int wolfSSL_X509_ACERT_sign(WOLFSSL_X509_ACERT * x509, + WOLFSSL_EVP_PKEY * pkey, + const WOLFSSL_EVP_MD * md) +{ + WOLFSSL_STUB("X509_ACERT_sign"); + (void) x509; + (void) pkey; + (void) md; + return WOLFSSL_NOT_IMPLEMENTED; +} +#endif /* NO_WOLFSSL_STUB */ + +/* Helper function for ACERT_verify. + * + * @param [in] x509 the x509 attribute certificate + * @param [in, out] outSz the x509 der length + * + * @return der buffer on success + * @return NULL on error + * */ +static const byte* acert_get_der(WOLFSSL_X509_ACERT * x509, int* outSz) +{ + if (x509 == NULL || x509->derCert == NULL || outSz == NULL) { + return NULL; + } + + *outSz = (int)x509->derCert->length; + return x509->derCert->buffer; +} + +/* Given an X509_ACERT and EVP_PKEY, verify the acert's signature. + * + * @param [in] x509 the x509 attribute certificate + * @param [in] pkey the evp_pkey + * + * @return WOLFSSL_SUCCESS on verify success + * @return < 0 on error + * */ +int wolfSSL_X509_ACERT_verify(WOLFSSL_X509_ACERT* x509, WOLFSSL_EVP_PKEY* pkey) +{ + int ret = 0; + const byte * der = NULL; + int derSz = 0; + int pkey_type; + + if (x509 == NULL || pkey == NULL) { + WOLFSSL_MSG("error: wolfSSL_X509_ACERT_verify: bad arg"); + return WOLFSSL_FATAL_ERROR; + } + + WOLFSSL_ENTER("wolfSSL_X509_ACERT_verify"); + + der = acert_get_der(x509, &derSz); + + if (der == NULL || derSz <= 0) { + WOLFSSL_MSG("error: wolfSSL_X509_ACERT_verify: get der failed"); + return WOLFSSL_FATAL_ERROR; + } + + switch (pkey->type) { + case EVP_PKEY_RSA: + pkey_type = RSAk; + break; + + case EVP_PKEY_EC: + pkey_type = ECDSAk; + break; + + case EVP_PKEY_DSA: + pkey_type = DSAk; + break; + + default: + WOLFSSL_MSG("error: wolfSSL_X509_ACERT_verify: unknown pkey type"); + return WOLFSSL_FATAL_ERROR; + } + + + ret = VerifyX509Acert(der, (word32)derSz, + (const byte *)pkey->pkey.ptr, pkey->pkey_sz, + pkey_type, x509->heap); + + return ret == 0 ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE; +} + +WOLFSSL_X509_ACERT * wolfSSL_X509_ACERT_load_certificate_buffer_ex( + const unsigned char* buf, int sz, int format, void * heap) +{ + int ret = 0; + WOLFSSL_X509_ACERT * x509 = NULL; + DerBuffer * der = NULL; + #ifdef WOLFSSL_SMALL_STACK + DecodedAcert * acert = NULL; + #else + DecodedAcert acert[1]; + #endif + + WOLFSSL_ENTER("wolfSSL_X509_ACERT_load_certificate_buffer"); + + if (format == WOLFSSL_FILETYPE_PEM) { + #ifdef WOLFSSL_PEM_TO_DER + ret = PemToDer(buf, sz, ACERT_TYPE, &der, heap, NULL, NULL); + + if (ret != 0 || der == NULL || der->buffer == NULL) { + WOLFSSL_ERROR(ret); + + if (der != NULL) { + FreeDer(&der); + } + + return NULL; + } + #else + WOLFSSL_ERROR(NOT_COMPILED_IN); + return NULL; + #endif + } + else { + ret = AllocDer(&der, (word32)sz, ACERT_TYPE, heap); + + if (ret != 0 || der == NULL || der->buffer == NULL) { + WOLFSSL_ERROR(ret); + return NULL; + } + + XMEMCPY(der->buffer, buf, sz); + } + + #ifdef WOLFSSL_SMALL_STACK + acert = (DecodedAcert*)XMALLOC(sizeof(DecodedAcert), heap, + DYNAMIC_TYPE_DCERT); + if (acert == NULL) { + WOLFSSL_ERROR(MEMORY_ERROR); + FreeDer(&der); + return NULL; + } + #endif + + InitDecodedAcert(acert, der->buffer, der->length, heap); + + ret = ParseX509Acert(acert, VERIFY_SKIP_DATE); + + if (ret == 0) { + x509 = wolfSSL_X509_ACERT_new_ex(heap); + + if (x509 != NULL) { + ret = CopyDecodedAcertToX509(x509, acert); + + if (ret != 0) { + wolfSSL_X509_ACERT_free(x509); + x509 = NULL; + } + } + else { + ret = MEMORY_ERROR; + } + } + + FreeDecodedAcert(acert); + + #ifdef WOLFSSL_SMALL_STACK + XFREE(acert, heap, DYNAMIC_TYPE_DCERT); + #endif + + FreeDer(&der); + + if (ret != 0) { + WOLFSSL_ERROR(ret); + } + + return x509; +} + +WOLFSSL_X509_ACERT * wolfSSL_X509_ACERT_load_certificate_buffer( + const unsigned char* buf, int sz, int format) +{ + return wolfSSL_X509_ACERT_load_certificate_buffer_ex(buf, sz, format, NULL); +} + +/* Retrieve the signature from an ACERT. + * + * @param [in] x509 the x509 attribute certificate + * @param [in, out] buf the signature buffer pointer + * @param [in, out] bufSz the signature buffer size pointer + * + * buf may be null, but bufSz is required. On success, sets + * bufSz pointer to signature length, and copies signature + * to buf if provided. + * + * Returns WWOLFSSL_FATAL_ERROR if bufSz is null or too small. + * Returns WOLFSSL_SUCCESS on success. + */ +int wolfSSL_X509_ACERT_get_signature(WOLFSSL_X509_ACERT* x509, + unsigned char* buf, int* bufSz) +{ + WOLFSSL_ENTER("wolfSSL_X509_ACERT_get_signature"); + + if (x509 == NULL || bufSz == NULL) { + return WOLFSSL_FATAL_ERROR; + } + + /* If buf array is provided, it must be long enough. */ + if (buf != NULL && *bufSz < (int)x509->sig.length) { + return WOLFSSL_FATAL_ERROR; + } + + if (buf != NULL) { + /* Copy in buffer if provided. */ + XMEMCPY(buf, x509->sig.buffer, x509->sig.length); + } + + *bufSz = (int)x509->sig.length; + + return WOLFSSL_SUCCESS; +} +#endif /* WOLFSSL_ACERT && (OPENSSL_EXTRA_X509_SMALL || OPENSSL_EXTRA) */ #endif /* !NO_CERTS */ diff --git a/src/src/x509_str.c b/src/src/x509_str.c index f5c5c2a..c3d33b8 100644 --- a/src/src/x509_str.c +++ b/src/src/x509_str.c @@ -1,6 +1,6 @@ /* x509_str.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -36,9 +36,21 @@ #ifndef NO_CERTS -/******************************************************************************* +#ifdef OPENSSL_EXTRA +static int X509StoreGetIssuerEx(WOLFSSL_X509 **issuer, + WOLFSSL_STACK *certs, WOLFSSL_X509 *x); +static int X509StoreAddCa(WOLFSSL_X509_STORE* store, + WOLFSSL_X509* x509, int type); +#endif + +/* Based on OpenSSL default max depth */ +#ifndef WOLFSSL_X509_STORE_DEFAULT_MAX_DEPTH +#define WOLFSSL_X509_STORE_DEFAULT_MAX_DEPTH 100 +#endif + +/****************************************************************************** * START OF X509_STORE_CTX APIs - ******************************************************************************/ + *****************************************************************************/ /* This API is necessary outside of OPENSSL_EXTRA because it is used in * SetupStoreCtxCallback */ @@ -53,11 +65,16 @@ WOLFSSL_X509_STORE_CTX* wolfSSL_X509_STORE_CTX_new_ex(void* heap) XMEMSET(ctx, 0, sizeof(WOLFSSL_X509_STORE_CTX)); ctx->heap = heap; #ifdef OPENSSL_EXTRA - if (wolfSSL_X509_STORE_CTX_init(ctx, NULL, NULL, NULL) != - WOLFSSL_SUCCESS) { + if ((ctx->owned = wolfSSL_sk_X509_new_null()) == NULL) { XFREE(ctx, heap, DYNAMIC_TYPE_X509_CTX); ctx = NULL; } + if (ctx != NULL && + wolfSSL_X509_STORE_CTX_init(ctx, NULL, NULL, NULL) != + WOLFSSL_SUCCESS) { + wolfSSL_X509_STORE_CTX_free(ctx); + ctx = NULL; + } #endif } @@ -76,9 +93,18 @@ void wolfSSL_X509_STORE_CTX_free(WOLFSSL_X509_STORE_CTX* ctx) #endif #ifdef OPENSSL_EXTRA - if (ctx->param != NULL) { - XFREE(ctx->param, ctx->heap, DYNAMIC_TYPE_OPENSSL); - ctx->param = NULL; + XFREE(ctx->param, ctx->heap, DYNAMIC_TYPE_OPENSSL); + ctx->param = NULL; + + if (ctx->chain != NULL) { + wolfSSL_sk_X509_free(ctx->chain); + } + if (ctx->owned != NULL) { + wolfSSL_sk_X509_pop_free(ctx->owned, NULL); + } + + if (ctx->current_issuer != NULL) { + wolfSSL_X509_free(ctx->current_issuer); } #endif @@ -98,8 +124,6 @@ int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX* ctx, WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509, WOLF_STACK_OF(WOLFSSL_X509)* sk) { - int ret = 0; - (void)sk; WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_init"); if (ctx != NULL) { @@ -108,51 +132,21 @@ int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX* ctx, ctx->current_cert = x509; #else if(x509 != NULL){ - ctx->current_cert = wolfSSL_X509_d2i_ex(NULL, x509->derCert->buffer, - x509->derCert->length, x509->heap); + ctx->current_cert = wolfSSL_X509_d2i_ex(NULL, + x509->derCert->buffer, + x509->derCert->length, + x509->heap); if(ctx->current_cert == NULL) return WOLFSSL_FAILURE; } else ctx->current_cert = NULL; #endif - ctx->chain = sk; - /* Add intermediate certs, that verify to a loaded CA, to the store */ - if (sk != NULL) { - byte addedAtLeastOne = 1; - WOLF_STACK_OF(WOLFSSL_X509)* head = wolfSSL_shallow_sk_dup(sk); - if (head == NULL) - return WOLFSSL_FAILURE; - while (addedAtLeastOne) { - WOLF_STACK_OF(WOLFSSL_X509)* cur = head; - WOLF_STACK_OF(WOLFSSL_X509)** prev = &head; - addedAtLeastOne = 0; - while (cur) { - WOLFSSL_X509* cert = cur->data.x509; - if (cert != NULL && cert->derCert != NULL && - wolfSSL_CertManagerVerifyBuffer(store->cm, - cert->derCert->buffer, - cert->derCert->length, - WOLFSSL_FILETYPE_ASN1) == WOLFSSL_SUCCESS) { - ret = wolfSSL_X509_STORE_add_cert(store, cert); - if (ret < 0) { - wolfSSL_sk_free(head); - return WOLFSSL_FAILURE; - } - addedAtLeastOne = 1; - *prev = cur->next; - wolfSSL_sk_free_node(cur); - cur = *prev; - } - else { - prev = &cur->next; - cur = cur->next; - } - } - } - wolfSSL_sk_free(head); + ctx->ctxIntermediates = sk; + if (ctx->chain != NULL) { + wolfSSL_sk_X509_free(ctx->chain); + ctx->chain = NULL; } - ctx->sesChain = NULL; ctx->domain = NULL; #ifdef HAVE_EX_DATA @@ -186,20 +180,19 @@ void wolfSSL_X509_STORE_CTX_cleanup(WOLFSSL_X509_STORE_CTX* ctx) { if (ctx != NULL) { - if (ctx->param != NULL) { - XFREE(ctx->param, ctx->heap, DYNAMIC_TYPE_OPENSSL); - ctx->param = NULL; - } + XFREE(ctx->param, ctx->heap, DYNAMIC_TYPE_OPENSSL); + ctx->param = NULL; wolfSSL_X509_STORE_CTX_init(ctx, NULL, NULL, NULL); } } -void wolfSSL_X509_STORE_CTX_trusted_stack(WOLFSSL_X509_STORE_CTX *ctx, WOLF_STACK_OF(WOLFSSL_X509) *sk) +void wolfSSL_X509_STORE_CTX_trusted_stack(WOLFSSL_X509_STORE_CTX *ctx, + WOLF_STACK_OF(WOLFSSL_X509) *sk) { if (ctx != NULL) { - ctx->chain = sk; + ctx->setTrustedSk = sk; } } @@ -225,6 +218,10 @@ int GetX509Error(int e) case WC_NO_ERR_TRACE(ASN_SIG_HASH_E): case WC_NO_ERR_TRACE(ASN_SIG_KEY_E): return WOLFSSL_X509_V_ERR_CERT_SIGNATURE_FAILURE; + /* We can't disambiguate if its the before or after date that caused + * the error. Assume expired. */ + case WC_NO_ERR_TRACE(CRL_CERT_DATE_ERR): + return X509_V_ERR_CRL_HAS_EXPIRED; case WC_NO_ERR_TRACE(CRL_CERT_REVOKED): return WOLFSSL_X509_V_ERR_CERT_REVOKED; case WC_NO_ERR_TRACE(CRL_MISSING): @@ -255,58 +252,239 @@ static void SetupStoreCtxError(WOLFSSL_X509_STORE_CTX* ctx, int ret) wolfSSL_X509_STORE_CTX_set_error_depth(ctx, depth); } -/* Verifies certificate chain using WOLFSSL_X509_STORE_CTX - * returns 0 on success or < 0 on failure. - */ -int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx) +static int X509StoreVerifyCert(WOLFSSL_X509_STORE_CTX* ctx) { - WOLFSSL_ENTER("wolfSSL_X509_verify_cert"); - - if (ctx != NULL && ctx->store != NULL && ctx->store->cm != NULL - && ctx->current_cert != NULL && ctx->current_cert->derCert != NULL) { - int ret = wolfSSL_CertManagerVerifyBuffer(ctx->store->cm, - ctx->current_cert->derCert->buffer, - ctx->current_cert->derCert->length, - WOLFSSL_FILETYPE_ASN1); + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); + WOLFSSL_ENTER("X509StoreVerifyCert"); + + if (ctx->current_cert != NULL && ctx->current_cert->derCert != NULL) { + ret = wolfSSL_CertManagerVerifyBuffer(ctx->store->cm, + ctx->current_cert->derCert->buffer, + ctx->current_cert->derCert->length, + WOLFSSL_FILETYPE_ASN1); SetupStoreCtxError(ctx, ret); + #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) + if (ctx->store->verify_cb) + ret = ctx->store->verify_cb(ret >= 0 ? 1 : 0, ctx) == 1 ? 0 : ret; + #endif #ifndef NO_ASN_TIME if (ret != WC_NO_ERR_TRACE(ASN_BEFORE_DATE_E) && ret != WC_NO_ERR_TRACE(ASN_AFTER_DATE_E)) { /* wolfSSL_CertManagerVerifyBuffer only returns ASN_AFTER_DATE_E or - ASN_BEFORE_DATE_E if there are no additional errors found in the - cert. Therefore, check if the cert is expired or not yet valid - in order to return the correct expected error. */ + * ASN_BEFORE_DATE_E if there are no additional errors found in the + * cert. Therefore, check if the cert is expired or not yet valid + * in order to return the correct expected error. */ byte *afterDate = ctx->current_cert->notAfter.data; byte *beforeDate = ctx->current_cert->notBefore.data; if (XVALIDATE_DATE(afterDate, - (byte)ctx->current_cert->notAfter.type, AFTER) < 1) { + (byte)ctx->current_cert->notAfter.type, ASN_AFTER) < 1) { ret = ASN_AFTER_DATE_E; } else if (XVALIDATE_DATE(beforeDate, - (byte)ctx->current_cert->notBefore.type, BEFORE) < 1) { + (byte)ctx->current_cert->notBefore.type, ASN_BEFORE) < 1) { ret = ASN_BEFORE_DATE_E; } SetupStoreCtxError(ctx, ret); + #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) + if (ctx->store->verify_cb) + ret = ctx->store->verify_cb(ret >= 0 ? 1 : 0, + ctx) == 1 ? 0 : -1; + #endif } #endif + } - #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) - if (ctx->store && ctx->store->verify_cb) - ret = ctx->store->verify_cb(ret >= 0 ? 1 : 0, ctx) == 1 ? 0 : -1; + return ret; +} + +static int addAllButSelfSigned(WOLF_STACK_OF(WOLFSSL_X509)*to, + WOLF_STACK_OF(WOLFSSL_X509)*from, int *numAdded) +{ + int ret = WOLFSSL_SUCCESS; + int i = 0; + int cnt = 0; + WOLFSSL_X509 *x = NULL; + + for (i = 0; i < wolfSSL_sk_X509_num(from); i++) { + x = wolfSSL_sk_X509_value(from, i); + if (wolfSSL_X509_NAME_cmp(&x->issuer, &x->subject) != 0) { + if (wolfSSL_sk_X509_push(to, x) <= 0) { + ret = WOLFSSL_FAILURE; + goto exit; + } + cnt++; + } + } + +exit: + if (numAdded != NULL) { + *numAdded = cnt; + } + return ret; +} + +/* Verifies certificate chain using WOLFSSL_X509_STORE_CTX + * returns 0 on success or < 0 on failure. + */ +int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx) +{ + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); + int done = 0; + int added = 0; + int i = 0; + int numInterAdd = 0; + int depth = 0; + WOLFSSL_X509 *issuer = NULL; + WOLFSSL_X509 *orig = NULL; + WOLF_STACK_OF(WOLFSSL_X509)* certs = NULL; + WOLF_STACK_OF(WOLFSSL_X509)* certsToUse = NULL; + WOLFSSL_ENTER("wolfSSL_X509_verify_cert"); + + if (ctx == NULL || ctx->store == NULL || ctx->store->cm == NULL + || ctx->current_cert == NULL || ctx->current_cert->derCert == NULL) { + return WOLFSSL_FATAL_ERROR; + } + + certs = ctx->store->certs; + if (ctx->setTrustedSk != NULL) { + certs = ctx->setTrustedSk; + } + + if (certs == NULL && + wolfSSL_sk_X509_num(ctx->ctxIntermediates) > 0) { + certsToUse = wolfSSL_sk_X509_new_null(); + ret = addAllButSelfSigned(certsToUse, ctx->ctxIntermediates, NULL); + } + else { + /* Add the intermediates provided on init to the list of untrusted + * intermediates to be used */ + ret = addAllButSelfSigned(certs, ctx->ctxIntermediates, &numInterAdd); + } + if (ret != WOLFSSL_SUCCESS) { + goto exit; + } + + if (ctx->chain != NULL) { + wolfSSL_sk_X509_free(ctx->chain); + } + ctx->chain = wolfSSL_sk_X509_new_null(); + + if (ctx->depth > 0) { + depth = ctx->depth + 1; + } + else { + depth = WOLFSSL_X509_STORE_DEFAULT_MAX_DEPTH + 1; + } + + orig = ctx->current_cert; + while(done == 0 && depth > 0) { + issuer = NULL; + + /* Try to find an untrusted issuer first */ + ret = X509StoreGetIssuerEx(&issuer, certs, + ctx->current_cert); + if (ret == WOLFSSL_SUCCESS) { + if (ctx->current_cert == issuer) { + wolfSSL_sk_X509_push(ctx->chain, ctx->current_cert); + break; + } + + /* We found our issuer in the non-trusted cert list, add it + * to the CM and verify the current cert against it */ + ret = X509StoreAddCa(ctx->store, issuer, + WOLFSSL_TEMP_CA); + if (ret != WOLFSSL_SUCCESS) { + goto exit; + } + + added = 1; + + ret = X509StoreVerifyCert(ctx); + if (ret != WOLFSSL_SUCCESS) { + goto exit; + } + + /* Add it to the current chain and look at the issuer cert next */ + wolfSSL_sk_X509_push(ctx->chain, ctx->current_cert); + ctx->current_cert = issuer; + } + else if (ret == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) { + /* Could not find in untrusted list, only place left is + * a trusted CA in the CM */ + ret = X509StoreVerifyCert(ctx); + if (ret != WOLFSSL_SUCCESS) { + if (((ctx->flags & WOLFSSL_PARTIAL_CHAIN) || + (ctx->store->param->flags & WOLFSSL_PARTIAL_CHAIN)) && + (added == 1)) { + wolfSSL_sk_X509_push(ctx->chain, ctx->current_cert); + ret = WOLFSSL_SUCCESS; + } + goto exit; + } + + /* Cert verified, finish building the chain */ + wolfSSL_sk_X509_push(ctx->chain, ctx->current_cert); + issuer = NULL; + #ifdef WOLFSSL_SIGNER_DER_CERT + x509GetIssuerFromCM(&issuer, ctx->store->cm, ctx->current_cert); + if (issuer != NULL && ctx->owned != NULL) { + wolfSSL_sk_X509_push(ctx->owned, issuer); + } + #else + if (ctx->setTrustedSk == NULL) { + X509StoreGetIssuerEx(&issuer, + ctx->store->trusted, ctx->current_cert); + } + else { + X509StoreGetIssuerEx(&issuer, + ctx->setTrustedSk, ctx->current_cert); + } #endif + if (issuer != NULL) { + wolfSSL_sk_X509_push(ctx->chain, issuer); + } - return ret >= 0 ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE; + done = 1; + } + else { + goto exit; + } + + depth--; } - return WOLFSSL_FATAL_ERROR; + +exit: + /* Remove additional intermediates from init from the store */ + if (ctx != NULL && numInterAdd > 0) { + for (i = 0; i < numInterAdd; i++) { + wolfSSL_sk_X509_pop(ctx->store->certs); + } + } + /* Remove intermediates that were added to CM */ + if (ctx != NULL) { + if (ctx->store != NULL) { + if (added == 1) { + wolfSSL_CertManagerUnloadTempIntermediateCerts(ctx->store->cm); + } + } + if (orig != NULL) { + ctx->current_cert = orig; + } + } + if (certsToUse != NULL) { + wolfSSL_sk_X509_free(certsToUse); + } + + return ret == WOLFSSL_SUCCESS ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE; } #endif /* OPENSSL_EXTRA */ #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) WOLFSSL_X509* wolfSSL_X509_STORE_CTX_get_current_cert( - WOLFSSL_X509_STORE_CTX* ctx) + WOLFSSL_X509_STORE_CTX* ctx) { WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_get_current_cert"); if (ctx) @@ -404,14 +582,6 @@ int wolfSSL_X509_STORE_CTX_set_purpose(WOLFSSL_X509_STORE_CTX *ctx, WOLFSSL_STUB("wolfSSL_X509_STORE_CTX_set_purpose (not implemented)"); return 0; } - -void wolfSSL_X509_STORE_CTX_set_flags(WOLFSSL_X509_STORE_CTX *ctx, - unsigned long flags) -{ - (void)ctx; - (void)flags; - WOLFSSL_STUB("wolfSSL_X509_STORE_CTX_set_flags (not implemented)"); -} #endif /* !NO_WOLFSSL_STUB */ #endif /* WOLFSSL_QT || OPENSSL_ALL */ @@ -419,6 +589,14 @@ void wolfSSL_X509_STORE_CTX_set_flags(WOLFSSL_X509_STORE_CTX *ctx, #ifdef OPENSSL_EXTRA +void wolfSSL_X509_STORE_CTX_set_flags(WOLFSSL_X509_STORE_CTX *ctx, + unsigned long flags) +{ + if ((ctx != NULL) && (flags & WOLFSSL_PARTIAL_CHAIN)){ + ctx->flags |= WOLFSSL_PARTIAL_CHAIN; + } +} + /* set X509_STORE_CTX ex_data, max idx is MAX_EX_DATA. Return WOLFSSL_SUCCESS * on success, WOLFSSL_FAILURE on error. */ int wolfSSL_X509_STORE_CTX_set_ex_data(WOLFSSL_X509_STORE_CTX* ctx, int idx, @@ -450,8 +628,8 @@ int wolfSSL_X509_STORE_CTX_set_ex_data_with_cleanup( WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_set_ex_data_with_cleanup"); if (ctx != NULL) { - return wolfSSL_CRYPTO_set_ex_data_with_cleanup(&ctx->ex_data, idx, data, - cleanup_routine); + return wolfSSL_CRYPTO_set_ex_data_with_cleanup(&ctx->ex_data, idx, + data, cleanup_routine); } return WOLFSSL_FAILURE; } @@ -466,22 +644,24 @@ void wolfSSL_X509_STORE_CTX_set_depth(WOLFSSL_X509_STORE_CTX* ctx, int depth) } #endif - WOLFSSL_X509* wolfSSL_X509_STORE_CTX_get0_current_issuer( WOLFSSL_X509_STORE_CTX* ctx) { - int ret; - WOLFSSL_X509* issuer; - + WOLFSSL_STACK* node; WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_get0_current_issuer"); - if (ctx == NULL) { + if (ctx == NULL) return NULL; - } - ret = wolfSSL_X509_STORE_CTX_get1_issuer(&issuer, ctx, ctx->current_cert); - if (ret == WOLFSSL_SUCCESS) { - return issuer; + /* get0 only checks currently built chain */ + if (ctx->chain != NULL) { + for (node = ctx->chain; node != NULL; node = node->next) { + if (wolfSSL_X509_check_issued(node->data.x509, + ctx->current_cert) == + WOLFSSL_X509_V_OK) { + return node->data.x509; + } + } } return NULL; @@ -501,7 +681,7 @@ void wolfSSL_X509_STORE_CTX_set_error(WOLFSSL_X509_STORE_CTX* ctx, int er) /* Set the error depth in the X509 STORE CTX */ void wolfSSL_X509_STORE_CTX_set_error_depth(WOLFSSL_X509_STORE_CTX* ctx, - int depth) + int depth) { WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_set_error_depth"); @@ -529,7 +709,8 @@ WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get_chain(WOLFSSL_X509_STORE_CTX* ctx) if (sk == NULL) return NULL; -#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \ + defined(OPENSSL_EXTRA) /* add CA used to verify top of chain to the list */ if (c->count > 0) { WOLFSSL_X509* x509 = wolfSSL_get_chain_X509(c, c->count - 1); @@ -541,7 +722,7 @@ WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get_chain(WOLFSSL_X509_STORE_CTX* ctx) * signed and that a issuer was found */ if (issuer != NULL && wolfSSL_X509_NAME_cmp(&x509->issuer, &x509->subject) != 0) { - if (wolfSSL_sk_X509_push(sk, issuer) != WOLFSSL_SUCCESS) { + if (wolfSSL_sk_X509_push(sk, issuer) <= 0) { WOLFSSL_MSG("Unable to load CA x509 into stack"); error = 1; } @@ -573,7 +754,7 @@ WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get_chain(WOLFSSL_X509_STORE_CTX* ctx) break; } - if (wolfSSL_sk_X509_push(sk, x509) != WOLFSSL_SUCCESS) { + if (wolfSSL_sk_X509_push(sk, x509) <= 0) { WOLFSSL_MSG("Unable to load x509 into stack"); wolfSSL_X509_free(x509); error = 1; @@ -692,13 +873,13 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_STORE_get1_certs( if (certToFilterName != NULL) { if (wolfSSL_X509_NAME_cmp(certToFilterName, name) == 0) { filteredCert = wolfSSL_X509_dup(certToFilter->data.x509); - if (filteredCert == NULL) { + if (filteredCert == NULL || + wolfSSL_sk_X509_push(filteredCerts, filteredCert) + <= 0) { err = 1; + wolfSSL_X509_free(filteredCert); break; } - else { - wolfSSL_sk_X509_push(filteredCerts, filteredCert); - } } } certToFilter = certToFilter->next; @@ -730,34 +911,63 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_STORE_get1_certs( int wolfSSL_X509_STORE_CTX_get1_issuer(WOLFSSL_X509 **issuer, WOLFSSL_X509_STORE_CTX *ctx, WOLFSSL_X509 *x) { - WOLFSSL_STACK* node; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); + WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_get1_issuer"); if (issuer == NULL || ctx == NULL || x == NULL) return WOLFSSL_FATAL_ERROR; - if (ctx->chain != NULL) { - for (node = ctx->chain; node != NULL; node = node->next) { - if (wolfSSL_X509_check_issued(node->data.x509, x) == - WOLFSSL_X509_V_OK) { - *issuer = x; + ret = X509StoreGetIssuerEx(issuer, ctx->store->certs, x); + if ((ret == WOLFSSL_SUCCESS) && (*issuer != NULL)) { + return wolfSSL_X509_up_ref(*issuer); + } + +#ifdef WOLFSSL_SIGNER_DER_CERT + ret = x509GetIssuerFromCM(issuer, ctx->store->cm, x); +#else + ret = X509StoreGetIssuerEx(issuer, ctx->store->trusted, x); + if ((ret == WOLFSSL_SUCCESS) && (*issuer != NULL)) { + return wolfSSL_X509_up_ref(*issuer); + } +#endif + + return ret; +} +#endif /* WOLFSSL_NGINX || WOLFSSL_HAPROXY || OPENSSL_EXTRA || OPENSSL_ALL */ + +#ifdef OPENSSL_EXTRA + +static int X509StoreGetIssuerEx(WOLFSSL_X509 **issuer, + WOLFSSL_STACK * certs, WOLFSSL_X509 *x) +{ + int i; + + if (issuer == NULL || x == NULL) + return WOLFSSL_FATAL_ERROR; + + if (certs != NULL) { + for (i = 0; i < wolfSSL_sk_X509_num(certs); i++) { + if (wolfSSL_X509_check_issued( + wolfSSL_sk_X509_value(certs, i), x) == + WOLFSSL_X509_V_OK) { + *issuer = wolfSSL_sk_X509_value(certs, i); return WOLFSSL_SUCCESS; } } } - /* Result is ignored when passed to wolfSSL_OCSP_cert_to_id(). */ - - return x509GetIssuerFromCM(issuer, ctx->store->cm, x); + return WOLFSSL_FAILURE; } -#endif /* WOLFSSL_NGINX || WOLFSSL_HAPROXY || OPENSSL_EXTRA || OPENSSL_ALL */ -/******************************************************************************* +#endif + +/****************************************************************************** * END OF X509_STORE_CTX APIs - ******************************************************************************/ + *****************************************************************************/ -/******************************************************************************* +/****************************************************************************** * START OF X509_STORE APIs - ******************************************************************************/ + *****************************************************************************/ #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || \ defined(WOLFSSL_WPAS_SMALL) @@ -785,10 +995,25 @@ WOLFSSL_X509_STORE* wolfSSL_X509_STORE_new(void) if ((store->cm = wolfSSL_CertManagerNew()) == NULL) goto err_exit; +#ifdef OPENSSL_EXTRA + if ((store->certs = wolfSSL_sk_X509_new_null()) == NULL) + goto err_exit; + + if ((store->owned = wolfSSL_sk_X509_new_null()) == NULL) + goto err_exit; + +#if !defined(WOLFSSL_SIGNER_DER_CERT) + if ((store->trusted = wolfSSL_sk_X509_new_null()) == NULL) + goto err_exit; +#endif +#endif + #ifdef HAVE_CRL store->crl = store->cm->crl; #endif + store->numAdded = 0; + #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) /* Link store's new Certificate Manager to self by default */ @@ -823,6 +1048,30 @@ WOLFSSL_X509_STORE* wolfSSL_X509_STORE_new(void) return NULL; } +#ifdef OPENSSL_ALL +static void X509StoreFreeObjList(WOLFSSL_X509_STORE* store, + WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* objs) +{ + int i; + WOLFSSL_X509_OBJECT *obj = NULL; + int cnt = store->numAdded; + + i = wolfSSL_sk_X509_OBJECT_num(objs) - 1; + while (cnt > 0 && i > 0) { + /* The inner X509 is owned by somebody else, NULL out the reference */ + obj = (WOLFSSL_X509_OBJECT *)wolfSSL_sk_X509_OBJECT_value(objs, i); + if (obj != NULL) { + obj->type = (WOLFSSL_X509_LOOKUP_TYPE)0; + obj->data.ptr = NULL; + } + cnt--; + i--; + } + + wolfSSL_sk_X509_OBJECT_pop_free(objs, NULL); +} +#endif + void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store) { int doFree = 0; @@ -845,21 +1094,36 @@ void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store) wolfSSL_CertManagerFree(store->cm); store->cm = NULL; } +#if defined(OPENSSL_EXTRA) + if (store->certs != NULL) { + wolfSSL_sk_X509_free(store->certs); + store->certs = NULL; + } + if (store->owned != NULL) { + wolfSSL_sk_X509_pop_free(store->owned, wolfSSL_X509_free); + store->owned = NULL; + } +#if !defined(WOLFSSL_SIGNER_DER_CERT) + if (store->trusted != NULL) { + wolfSSL_sk_X509_free(store->trusted); + store->trusted = NULL; + } +#endif +#endif #ifdef OPENSSL_ALL if (store->objs != NULL) { - wolfSSL_sk_X509_OBJECT_pop_free(store->objs, NULL); + X509StoreFreeObjList(store, store->objs); } #endif #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) - if (store->param != NULL) { - XFREE(store->param, NULL, DYNAMIC_TYPE_OPENSSL); - store->param = NULL; - } + XFREE(store->param, NULL, DYNAMIC_TYPE_OPENSSL); + store->param = NULL; if (store->lookup.dirs != NULL) { #if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) if (store->lookup.dirs->dir_entry) { - wolfSSL_sk_BY_DIR_entry_free(store->lookup.dirs->dir_entry); + wolfSSL_sk_BY_DIR_entry_free( + store->lookup.dirs->dir_entry); } #endif wc_FreeMutex(&store->lookup.dirs->lock); @@ -867,6 +1131,7 @@ void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store) store->lookup.dirs = NULL; } #endif + wolfSSL_RefFree(&store->ref); XFREE(store, NULL, DYNAMIC_TYPE_X509_STORE); } } @@ -920,7 +1185,7 @@ int wolfSSL_X509_STORE_up_ref(WOLFSSL_X509_STORE* store) * @return WOLFSSL_SUCCESS on success or WOLFSSL_FAILURE on failure */ int wolfSSL_X509_STORE_set_ex_data(WOLFSSL_X509_STORE* store, int idx, - void *data) + void *data) { WOLFSSL_ENTER("wolfSSL_X509_STORE_set_ex_data"); #ifdef HAVE_EX_DATA @@ -1007,22 +1272,68 @@ WOLFSSL_X509_LOOKUP* wolfSSL_X509_STORE_add_lookup(WOLFSSL_X509_STORE* store, return &store->lookup; } -int wolfSSL_X509_STORE_add_cert(WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509) +static int X509StoreAddCa(WOLFSSL_X509_STORE* store, + WOLFSSL_X509* x509, int type) { - int result = WOLFSSL_FATAL_ERROR; - - WOLFSSL_ENTER("wolfSSL_X509_STORE_add_cert"); - if (store != NULL && store->cm != NULL && x509 != NULL - && x509->derCert != NULL) { - DerBuffer* derCert = NULL; + int result = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR); + DerBuffer* derCert = NULL; + WOLFSSL_ENTER("X509StoreAddCa"); + if (store != NULL && x509 != NULL && x509->derCert != NULL) { result = AllocDer(&derCert, x509->derCert->length, x509->derCert->type, NULL); if (result == 0) { /* AddCA() frees the buffer. */ XMEMCPY(derCert->buffer, x509->derCert->buffer, x509->derCert->length); - result = AddCA(store->cm, &derCert, WOLFSSL_USER_CA, VERIFY); + result = AddCA(store->cm, &derCert, type, VERIFY); + } + } + + return result; +} + + +int wolfSSL_X509_STORE_add_cert(WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509) +{ + int result = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR); + + WOLFSSL_ENTER("wolfSSL_X509_STORE_add_cert"); + if (store != NULL && store->cm != NULL && x509 != NULL + && x509->derCert != NULL) { + /* Mimic the openssl behavior, must be self signed to be considered + * trusted, addCA() internals will do additional checks for + * CA=TRUE */ + if (wolfSSL_X509_NAME_cmp(&x509->issuer, &x509->subject) == 0) { + result = X509StoreAddCa(store, x509, WOLFSSL_USER_CA); + #if !defined(WOLFSSL_SIGNER_DER_CERT) + if (result == WOLFSSL_SUCCESS && store->trusted != NULL) { + result = wolfSSL_sk_X509_push(store->trusted, x509); + if (result > 0) { + result = WOLFSSL_SUCCESS; + } + else { + result = WOLFSSL_FATAL_ERROR; + } + } + #endif + } + else { + if (store->certs != NULL) { + result = wolfSSL_sk_X509_push(store->certs, x509); + if (result > 0) { + result = WOLFSSL_SUCCESS; + } + else { + result = WOLFSSL_FATAL_ERROR; + } + } + else { + /* If store->certs is NULL, this is an X509_STORE managed by an + * SSL_CTX, preserve behavior and always add as USER_CA */ + result = X509StoreAddCa( + store, x509, WOLFSSL_USER_CA); + } } } @@ -1052,6 +1363,9 @@ int wolfSSL_X509_STORE_set_flags(WOLFSSL_X509_STORE* store, unsigned long flag) ret = wolfSSL_CertManagerDisableCRL(store->cm); } #endif + if (flag & WOLFSSL_PARTIAL_CHAIN) { + store->param->flags |= WOLFSSL_PARTIAL_CHAIN; + } return ret; } @@ -1062,13 +1376,107 @@ int wolfSSL_X509_STORE_set_default_paths(WOLFSSL_X509_STORE* store) return WOLFSSL_SUCCESS; } +int X509StoreLoadCertBuffer(WOLFSSL_X509_STORE *str, + byte *buf, word32 bufLen, int type) +{ + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); + WOLFSSL_X509 *x509 = NULL; + + if (str == NULL || buf == NULL) { + return WOLFSSL_FAILURE; + } + + /* OpenSSL X509_STORE_load_file fails on DER file, we will as well */ + x509 = wolfSSL_X509_load_certificate_buffer(buf, bufLen, type); + if (str->owned != NULL) { + wolfSSL_sk_X509_push(str->owned, x509); + } + ret = wolfSSL_X509_STORE_add_cert(str, x509); + if (ret != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("Failed to load file"); + ret = WOLFSSL_FAILURE; + } + if (str->owned == NULL) { + wolfSSL_X509_free(x509); + } + + return ret; +} + #if !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) + +static int X509StoreReadFile(const char *fname, + StaticBuffer *content, word32 *bytesRead, int *type) +{ + int ret = -1; + long sz = 0; +#ifdef HAVE_CRL + const char* header = NULL; + const char* footer = NULL; +#endif + + ret = wolfssl_read_file_static(fname, content, NULL, DYNAMIC_TYPE_FILE, + &sz); + if (ret == 0) { + *type = CERT_TYPE; + *bytesRead = (word32)sz; +#ifdef HAVE_CRL + /* Look for CRL header and footer. */ + if (wc_PemGetHeaderFooter(CRL_TYPE, &header, &footer) == 0 && + (XSTRNSTR((char*)content->buffer, header, (word32)sz) != + NULL)) { + *type = CRL_TYPE; + } +#endif + } + + return (ret == 0 ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE); +} + +static int X509StoreLoadFile(WOLFSSL_X509_STORE *str, + const char *fname) +{ + int ret = WOLFSSL_SUCCESS; + int type = 0; +#ifndef WOLFSSL_SMALL_STACK + byte stackBuffer[FILE_BUFFER_SIZE]; +#endif + StaticBuffer content; + word32 contentLen = 0; + +#ifdef WOLFSSL_SMALL_STACK + static_buffer_init(&content); +#else + static_buffer_init(&content, stackBuffer, FILE_BUFFER_SIZE); +#endif + + ret = X509StoreReadFile(fname, &content, &contentLen, &type); + if (ret != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("Failed to load file"); + ret = WOLFSSL_FAILURE; + } + + if ((ret == WOLFSSL_SUCCESS) && (type == CERT_TYPE)) { + ret = X509StoreLoadCertBuffer(str, content.buffer, + contentLen, WOLFSSL_FILETYPE_PEM); + } +#ifdef HAVE_CRL + else if ((ret == WOLFSSL_SUCCESS) && (type == CRL_TYPE)) { + ret = BufferLoadCRL(str->cm->crl, content.buffer, contentLen, + WOLFSSL_FILETYPE_PEM, 0); + } +#endif + + static_buffer_free(&content, NULL, DYNAMIC_TYPE_FILE); + return ret; +} + /* Loads certificate(s) files in pem format into X509_STORE struct from either * a file or directory. * Returns WOLFSSL_SUCCESS on success or WOLFSSL_FAILURE if an error occurs. */ WOLFSSL_API int wolfSSL_X509_STORE_load_locations(WOLFSSL_X509_STORE *str, - const char *file, const char *dir) + const char *file, const char *dir) { WOLFSSL_CTX* ctx; char *name = NULL; @@ -1108,10 +1516,7 @@ WOLFSSL_API int wolfSSL_X509_STORE_load_locations(WOLFSSL_X509_STORE *str, /* Load individual file */ if (file) { - /* Try to process file with type DETECT_CERT_TYPE to parse the - correct certificate header and footer type */ - ret = ProcessFile(ctx, file, WOLFSSL_FILETYPE_PEM, DETECT_CERT_TYPE, - NULL, 0, str->cm->crl, 0); + ret = X509StoreLoadFile(str, file); if (ret != WOLFSSL_SUCCESS) { WOLFSSL_MSG("Failed to load file"); ret = WOLFSSL_FAILURE; @@ -1124,7 +1529,7 @@ WOLFSSL_API int wolfSSL_X509_STORE_load_locations(WOLFSSL_X509_STORE *str, #ifdef WOLFSSL_SMALL_STACK readCtx = (ReadDirCtx*)XMALLOC(sizeof(ReadDirCtx), ctx->heap, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_TMP_BUFFER); if (readCtx == NULL) { WOLFSSL_MSG("Memory error"); wolfSSL_CTX_free(ctx); @@ -1136,10 +1541,8 @@ WOLFSSL_API int wolfSSL_X509_STORE_load_locations(WOLFSSL_X509_STORE *str, ret = wc_ReadDirFirst(readCtx, dir, &name); while (ret == 0 && name) { WOLFSSL_MSG(name); - /* Try to process file with type DETECT_CERT_TYPE to parse the - correct certificate header and footer type */ - ret = ProcessFile(ctx, name, WOLFSSL_FILETYPE_PEM, DETECT_CERT_TYPE, - NULL, 0, str->cm->crl, 0); + + ret = X509StoreLoadFile(str, name); /* Not failing on load errors */ if (ret != WOLFSSL_SUCCESS) WOLFSSL_MSG("Failed to load file in path, continuing"); @@ -1182,17 +1585,23 @@ int wolfSSL_X509_CA_num(WOLFSSL_X509_STORE* store) } table = store->cm->caTable; - if (table){ + if (table || (store->certs != NULL)){ if (wc_LockMutex(&store->cm->caLock) == 0){ - int i = 0; - for (i = 0; i < CA_TABLE_SIZE; i++) { - Signer* signer = table[i]; - while (signer) { - Signer* next = signer->next; - cnt_ret++; - signer = next; + if (table) { + int i = 0; + for (i = 0; i < CA_TABLE_SIZE; i++) { + Signer* signer = table[i]; + while (signer) { + Signer* next = signer->next; + cnt_ret++; + signer = next; + } } } + + if (store->certs != NULL) { + cnt_ret += wolfSSL_sk_X509_num(store->certs); + } wc_UnLockMutex(&store->cm->caLock); } } @@ -1201,7 +1610,8 @@ int wolfSSL_X509_CA_num(WOLFSSL_X509_STORE* store) } /****************************************************************************** -* wolfSSL_X509_STORE_GetCerts - retrieve stack of X509 in a certificate store ctx +* wolfSSL_X509_STORE_GetCerts - retrieve stack of X509 in a certificate +* store ctx * * This API can be used in SSL verify callback function to view cert chain * See examples/client/client.c and myVerify() function in test.h @@ -1232,7 +1642,8 @@ WOLFSSL_STACK* wolfSSL_X509_STORE_GetCerts(WOLFSSL_X509_STORE_CTX* s) /* get certificate buffer */ cert = &s->certs[certIdx]; - dCert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, DYNAMIC_TYPE_DCERT); + dCert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, + DYNAMIC_TYPE_DCERT); if (dCert == NULL) { goto error; @@ -1254,7 +1665,7 @@ WOLFSSL_STACK* wolfSSL_X509_STORE_GetCerts(WOLFSSL_X509_STORE_CTX* s) if (CopyDecodedToX509(x509, dCert) == 0) { - if (wolfSSL_sk_X509_push(sk, x509) != WOLFSSL_SUCCESS) { + if (wolfSSL_sk_X509_push(sk, x509) <= 0) { WOLFSSL_MSG("Unable to load x509 into stack"); wolfSSL_X509_free(x509); goto error; @@ -1295,7 +1706,14 @@ WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* wolfSSL_X509_STORE_get0_objects( { WOLFSSL_STACK* ret = NULL; WOLFSSL_STACK* cert_stack = NULL; +#if ((defined(WOLFSSL_SIGNER_DER_CERT) && !defined(NO_FILESYSTEM)) || \ + (defined(HAVE_CRL))) + WOLFSSL_X509_OBJECT* obj = NULL; +#endif +#if defined(WOLFSSL_SIGNER_DER_CERT) && !defined(NO_FILESYSTEM) WOLFSSL_X509* x509 = NULL; + int i = 0; +#endif WOLFSSL_ENTER("wolfSSL_X509_STORE_get0_objects"); if (store == NULL || store->cm == NULL) { @@ -1306,7 +1724,7 @@ WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* wolfSSL_X509_STORE_get0_objects( if (store->objs != NULL) { #if defined(WOLFSSL_SIGNER_DER_CERT) && !defined(NO_FILESYSTEM) /* want to update objs stack by cm stack again before returning it*/ - wolfSSL_sk_X509_OBJECT_pop_free(store->objs, NULL); + X509StoreFreeObjList(store, store->objs); store->objs = NULL; #else if (wolfSSL_sk_X509_OBJECT_num(store->objs) == 0) { @@ -1326,32 +1744,43 @@ WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* wolfSSL_X509_STORE_get0_objects( #if defined(WOLFSSL_SIGNER_DER_CERT) && !defined(NO_FILESYSTEM) cert_stack = wolfSSL_CertManagerGetCerts(store->cm); - /* wolfSSL_sk_X509_pop checks for NULL */ - while ((x509 = wolfSSL_sk_X509_pop(cert_stack)) != NULL) { - WOLFSSL_X509_OBJECT* obj = wolfSSL_X509_OBJECT_new(); + store->numAdded = 0; + for (i = 0; i < wolfSSL_sk_X509_num(store->certs); i++) { + wolfSSL_sk_X509_push(cert_stack, + wolfSSL_sk_X509_value(store->certs, i)); + store->numAdded++; + } + /* Do not modify stack until after we guarantee success to + * simplify cleanup logic handling cert merging above */ + for (i = 0; i < wolfSSL_sk_X509_num(cert_stack); i++) { + x509 = (WOLFSSL_X509 *)wolfSSL_sk_value(cert_stack, i); + obj = wolfSSL_X509_OBJECT_new(); if (obj == NULL) { WOLFSSL_MSG("wolfSSL_X509_OBJECT_new error"); goto err_cleanup; } - if (wolfSSL_sk_X509_OBJECT_push(ret, obj) != WOLFSSL_SUCCESS) { + if (wolfSSL_sk_X509_OBJECT_push(ret, obj) <= 0) { WOLFSSL_MSG("wolfSSL_sk_X509_OBJECT_push error"); wolfSSL_X509_OBJECT_free(obj); goto err_cleanup; } obj->type = WOLFSSL_X509_LU_X509; obj->data.x509 = x509; - x509 = NULL; + } + + while (wolfSSL_sk_X509_num(cert_stack) > 0) { + wolfSSL_sk_X509_pop(cert_stack); } #endif #ifdef HAVE_CRL if (store->cm->crl != NULL) { - WOLFSSL_X509_OBJECT* obj = wolfSSL_X509_OBJECT_new(); + obj = wolfSSL_X509_OBJECT_new(); if (obj == NULL) { WOLFSSL_MSG("wolfSSL_X509_OBJECT_new error"); goto err_cleanup; } - if (wolfSSL_sk_X509_OBJECT_push(ret, obj) != WOLFSSL_SUCCESS) { + if (wolfSSL_sk_X509_OBJECT_push(ret, obj) <= 0) { WOLFSSL_MSG("wolfSSL_sk_X509_OBJECT_push error"); wolfSSL_X509_OBJECT_free(obj); goto err_cleanup; @@ -1367,11 +1796,14 @@ WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* wolfSSL_X509_STORE_get0_objects( return ret; err_cleanup: if (ret != NULL) - wolfSSL_sk_X509_OBJECT_pop_free(ret, NULL); - if (cert_stack != NULL) + X509StoreFreeObjList(store, ret); + if (cert_stack != NULL) { + while (store->numAdded > 0) { + wolfSSL_sk_X509_pop(cert_stack); + store->numAdded--; + } wolfSSL_sk_X509_pop_free(cert_stack, NULL); - if (x509 != NULL) - wolfSSL_X509_free(x509); + } return NULL; } #endif /* OPENSSL_ALL */ @@ -1385,11 +1817,21 @@ WOLFSSL_X509_VERIFY_PARAM *wolfSSL_X509_STORE_get0_param( return NULL; return ctx->param; } + +#ifdef OPENSSL_EXTRA +int wolfSSL_X509_STORE_set1_param(WOLFSSL_X509_STORE *ctx, + WOLFSSL_X509_VERIFY_PARAM *param) +{ + if (ctx == NULL) + return WOLFSSL_FAILURE; + return wolfSSL_X509_VERIFY_PARAM_set1(ctx->param, param); +} +#endif #endif -/******************************************************************************* +/****************************************************************************** * END OF X509_STORE APIs - ******************************************************************************/ + *****************************************************************************/ #endif /* NO_CERTS */ diff --git a/src/user_settings.h b/src/user_settings.h index 52c4e7d..15bc03b 100644 --- a/src/user_settings.h +++ b/src/user_settings.h @@ -1,6 +1,6 @@ /* examples/configs/user_settings_arduino.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -23,7 +23,7 @@ */ /* Define a macro to display user settings version in example code: */ -#define WOLFSSL_USER_SETTINGS_ID "Arduino user_settings.h v5.7.2" +#define WOLFSSL_USER_SETTINGS_ID "Arduino user_settings.h v5.7.4" /* Due to limited build control, we'll ignore file warnings. */ /* See https://github.com/arduino/arduino-cli/issues/631 */ diff --git a/src/wolfcrypt/src/aes.c b/src/wolfcrypt/src/aes.c index 8418fb0..1cb9843 100644 --- a/src/wolfcrypt/src/aes.c +++ b/src/wolfcrypt/src/aes.c @@ -1,6 +1,6 @@ /* aes.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -82,6 +82,17 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits #include #endif +#if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD) + #include +#ifdef MAX3266X_CB + /* Revert back to SW so HW CB works */ + /* HW only works for AES: ECB, CBC, and partial via ECB for other modes */ + #include + /* Turn off MAX3266X_AES in the context of this file when using CB */ + #undef MAX3266X_AES +#endif +#endif + #if defined(WOLFSSL_TI_CRYPT) #include #else @@ -613,6 +624,10 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits #define AESNI_ALIGN 16 #endif + /* note that all write access to these static variables must be idempotent, + * as arranged by Check_CPU_support_AES(), else they will be susceptible to + * data races. + */ static int checkedAESNI = 0; static int haveAESNI = 0; static word32 intel_flags = 0; @@ -2201,7 +2216,8 @@ static void AesEncrypt_C(Aes* aes, const byte* inBlock, byte* outBlock, } #if defined(HAVE_AES_ECB) && !(defined(WOLFSSL_IMX6_CAAM) && \ - !defined(NO_IMX6_CAAM_AES) && !defined(WOLFSSL_QNX_CAAM)) + !defined(NO_IMX6_CAAM_AES) && !defined(WOLFSSL_QNX_CAAM)) && \ + !defined(MAX3266X_AES) /* Encrypt a number of blocks using AES. * * @param [in] aes AES object. @@ -2785,6 +2801,12 @@ extern void AesEncryptBlocks_C(Aes* aes, const byte* in, byte* out, word32 sz); static WARN_UNUSED_RESULT int wc_AesEncrypt( Aes* aes, const byte* inBlock, byte* outBlock) { +#if defined(MAX3266X_AES) + word32 keySize; +#endif +#if defined(MAX3266X_CB) + int ret_cb; +#endif word32 r; if (aes == NULL) { @@ -2888,6 +2910,26 @@ static WARN_UNUSED_RESULT int wc_AesEncrypt( } #endif +#if defined(MAX3266X_AES) + if (wc_AesGetKeySize(aes, &keySize) == 0) { + return wc_MXC_TPU_AesEncrypt(inBlock, (byte*)aes->reg, (byte*)aes->key, + MXC_TPU_MODE_ECB, AES_BLOCK_SIZE, + outBlock, (unsigned int)keySize); + } +#endif +#if defined(MAX3266X_CB) && defined(HAVE_AES_ECB) /* Can do a basic ECB block */ + #ifndef WOLF_CRYPTO_CB_FIND + if (aes->devId != INVALID_DEVID) + #endif + { + ret_cb = wc_CryptoCb_AesEcbEncrypt(aes, outBlock, inBlock, + AES_BLOCK_SIZE); + if (ret_cb != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) + return ret_cb; + /* fall-through when unavailable */ + } +#endif + AesEncrypt_C(aes, inBlock, outBlock, r); return 0; @@ -3168,7 +3210,8 @@ static void AesDecrypt_C(Aes* aes, const byte* inBlock, byte* outBlock, } #if defined(HAVE_AES_ECB) && !(defined(WOLFSSL_IMX6_CAAM) && \ - !defined(NO_IMX6_CAAM_AES) && !defined(WOLFSSL_QNX_CAAM)) + !defined(NO_IMX6_CAAM_AES) && !defined(WOLFSSL_QNX_CAAM)) && \ + !defined(MAX3266X_AES) /* Decrypt a number of blocks using AES. * * @param [in] aes AES object. @@ -3535,6 +3578,12 @@ static void AesDecryptBlocks_C(Aes* aes, const byte* in, byte* out, word32 sz) static WARN_UNUSED_RESULT int wc_AesDecrypt( Aes* aes, const byte* inBlock, byte* outBlock) { +#if defined(MAX3266X_AES) + word32 keySize; +#endif +#if defined(MAX3266X_CB) + int ret_cb; +#endif word32 r; if (aes == NULL) { @@ -3611,6 +3660,27 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt( } /* else !wc_esp32AesSupportedKeyLen for ESP32 */ #endif +#if defined(MAX3266X_AES) + if (wc_AesGetKeySize(aes, &keySize) == 0) { + return wc_MXC_TPU_AesDecrypt(inBlock, (byte*)aes->reg, (byte*)aes->key, + MXC_TPU_MODE_ECB, AES_BLOCK_SIZE, + outBlock, (unsigned int)keySize); + } +#endif + +#if defined(MAX3266X_CB) && defined(HAVE_AES_ECB) /* Can do a basic ECB block */ + #ifndef WOLF_CRYPTO_CB_FIND + if (aes->devId != INVALID_DEVID) + #endif + { + ret_cb = wc_CryptoCb_AesEcbDecrypt(aes, outBlock, inBlock, + AES_BLOCK_SIZE); + if (ret_cb != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) + return ret_cb; + /* fall-through when unavailable */ + } +#endif + AesDecrypt_C(aes, inBlock, outBlock, r); return 0; @@ -3656,8 +3726,8 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt( #if !defined(WOLFSSL_STM32_CUBEMX) || defined(STM32_HAL_V2) ByteReverseWords(rk, rk, keylen); #endif - #if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) || \ - defined(WOLFSSL_AES_OFB) + #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ + defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) aes->left = 0; #endif return wc_AesSetIV(aes, iv); @@ -3737,8 +3807,8 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt( if (iv) XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE); - #if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) || \ - defined(WOLFSSL_AES_OFB) + #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ + defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) aes->left = 0; #endif @@ -3768,8 +3838,8 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt( aes->rounds = keylen/4 + 6; XMEMCPY(aes->key, userKey, keylen); - #if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) || \ - defined(WOLFSSL_AES_OFB) + #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ + defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) aes->left = 0; #endif @@ -3820,8 +3890,8 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt( if (rk == NULL) return BAD_FUNC_ARG; - #if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) || \ - defined(WOLFSSL_AES_OFB) + #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ + defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) aes->left = 0; #endif @@ -3901,8 +3971,8 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt( XMEMCPY(aes->key, userKey, keylen); ret = nrf51_aes_set_key(userKey); - #if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) || \ - defined(WOLFSSL_AES_OFB) + #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ + defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) aes->left = 0; #endif @@ -3958,7 +4028,8 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt( aes->rounds = keylen/4 + 6; XMEMCPY(aes->key, userKey, keylen); - #if defined(WOLFSSL_AES_COUNTER) + #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ + defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) aes->left = 0; #endif return wc_AesSetIV(aes, iv); @@ -4099,7 +4170,8 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir) XMEMCPY(rk, key, keySz); #if defined(LITTLE_ENDIAN_ORDER) && !defined(WOLFSSL_PIC32MZ_CRYPT) && \ - (!defined(WOLFSSL_ESP32_CRYPT) || defined(NO_WOLFSSL_ESP32_CRYPT_AES)) + (!defined(WOLFSSL_ESP32_CRYPT) || defined(NO_WOLFSSL_ESP32_CRYPT_AES)) && \ + !defined(MAX3266X_AES) /* Always reverse words when using only SW */ { ByteReverseWords(rk, rk, keySz); @@ -4246,7 +4318,7 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir) } /* switch */ ForceZero(&temp, sizeof(temp)); -#if defined(HAVE_AES_DECRYPT) +#if defined(HAVE_AES_DECRYPT) && !defined(MAX3266X_AES) if (dir == AES_DECRYPTION) { unsigned int j; @@ -4449,8 +4521,8 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir) #endif } - #if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) || \ - defined(WOLFSSL_AES_OFB) + #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ + defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) aes->left = 0; #endif @@ -4542,8 +4614,8 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir) #ifndef WC_AES_BITSLICED #if defined(LITTLE_ENDIAN_ORDER) && !defined(WOLFSSL_PIC32MZ_CRYPT) && \ - (!defined(WOLFSSL_ESP32_CRYPT) || \ - defined(NO_WOLFSSL_ESP32_CRYPT_AES)) + (!defined(WOLFSSL_ESP32_CRYPT) || defined(NO_WOLFSSL_ESP32_CRYPT_AES)) \ + && !defined(MAX3266X_AES) /* software */ ByteReverseWords(aes->key, aes->key, keylen); @@ -4688,7 +4760,7 @@ int wc_AesSetIV(Aes* aes, const byte* iv) #ifdef WC_C_DYNAMIC_FALLBACK -#define VECTOR_REGISTERS_PUSH { \ +#define VECTOR_REGISTERS_PUSH { \ int orig_use_aesni = aes->use_aesni; \ if (aes->use_aesni && (SAVE_VECTOR_REGISTERS2() != 0)) { \ aes->use_aesni = 0; \ @@ -4703,6 +4775,15 @@ int wc_AesSetIV(Aes* aes, const byte* iv) } \ WC_DO_NOTHING +#elif defined(SAVE_VECTOR_REGISTERS2_DOES_NOTHING) + +#define VECTOR_REGISTERS_PUSH { \ + WC_DO_NOTHING + +#define VECTOR_REGISTERS_POP \ + } \ + WC_DO_NOTHING + #else #define VECTOR_REGISTERS_PUSH { \ @@ -5374,6 +5455,91 @@ int wc_AesSetIV(Aes* aes, const byte* iv) } #endif /* HAVE_AES_DECRYPT */ +#elif defined(MAX3266X_AES) + int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) + { + word32 keySize; + int status; + byte *iv; + + if ((in == NULL) || (out == NULL) || (aes == NULL)) { + return BAD_FUNC_ARG; + } + + /* Always enforce a length check */ + if (sz % AES_BLOCK_SIZE) { + #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS + return BAD_LENGTH_E; + #else + return BAD_FUNC_ARG; + #endif + } + if (sz == 0) { + return 0; + } + + iv = (byte*)aes->reg; + status = wc_AesGetKeySize(aes, &keySize); + if (status != 0) { + return status; + } + + status = wc_MXC_TPU_AesEncrypt(in, iv, (byte*)aes->key, + MXC_TPU_MODE_CBC, sz, out, + (unsigned int)keySize); + /* store iv for next call */ + if (status == 0) { + XMEMCPY(iv, out + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE); + } + return (status == 0) ? 0 : -1; + } + + #ifdef HAVE_AES_DECRYPT + int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) + { + word32 keySize; + int status; + byte *iv; + byte temp_block[AES_BLOCK_SIZE]; + + if ((in == NULL) || (out == NULL) || (aes == NULL)) { + return BAD_FUNC_ARG; + } + + /* Always enforce a length check */ + if (sz % AES_BLOCK_SIZE) { + #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS + return BAD_LENGTH_E; + #else + return BAD_FUNC_ARG; + #endif + } + if (sz == 0) { + return 0; + } + + iv = (byte*)aes->reg; + status = wc_AesGetKeySize(aes, &keySize); + if (status != 0) { + return status; + } + + /* get IV for next call */ + XMEMCPY(temp_block, in + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE); + status = wc_MXC_TPU_AesDecrypt(in, iv, (byte*)aes->key, + MXC_TPU_MODE_CBC, sz, out, + keySize); + + /* store iv for next call */ + if (status == 0) { + XMEMCPY(iv, temp_block, AES_BLOCK_SIZE); + } + return (status == 0) ? 0 : -1; + } + #endif /* HAVE_AES_DECRYPT */ + + + #elif defined(WOLFSSL_PIC32MZ_CRYPT) int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) @@ -7897,6 +8063,8 @@ static void GHASH_FINAL(Aes* aes, byte* s, word32 sSz) GHASH_LEN_BLOCK(aes); /* Copy the result into s. */ XMEMCPY(s, AES_TAG(aes), sSz); + /* reset aes->gcm.H in case of re-use */ + GHASH_INIT_EXTRA(aes); } #endif /* WOLFSSL_AESGCM_STREAM */ @@ -8308,7 +8476,10 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz, int ret; /* argument checks */ - if (aes == NULL || authTagSz > AES_BLOCK_SIZE || ivSz == 0) { + if (aes == NULL || authTagSz > AES_BLOCK_SIZE || ivSz == 0 || + ((authTagSz > 0) && (authTag == NULL)) || + ((authInSz > 0) && (authIn == NULL))) + { return BAD_FUNC_ARG; } @@ -8437,8 +8608,8 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, * in and out are don't cares, as this is is the GMAC case. */ if (aes == NULL || iv == NULL || (sz != 0 && (in == NULL || out == NULL)) || authTag == NULL || authTagSz > AES_BLOCK_SIZE || authTagSz == 0 || - ivSz == 0) { - + ivSz == 0 || ((authInSz > 0) && (authIn == NULL))) + { return BAD_FUNC_ARG; } @@ -8855,7 +9026,7 @@ int WARN_UNUSED_RESULT AES_GCM_decrypt_C( /* now use res as a mask for constant time return of ret, unless tag * mismatch, whereupon AES_GCM_AUTH_E is returned. */ - ret = (ret & ~res) | (res & AES_GCM_AUTH_E); + ret = (ret & ~res) | (res & WC_NO_ERR_TRACE(AES_GCM_AUTH_E)); #endif return ret; } @@ -9637,7 +9808,7 @@ static WARN_UNUSED_RESULT int AesGcmDecryptUpdate_aesni( ASSERT_SAVED_VECTOR_REGISTERS(); /* Hash in A, the Authentication Data */ - ret = AesGcmAadUpdate_aesni(aes, a, aSz, (cSz > 0) && (c != NULL)); + ret = AesGcmAadUpdate_aesni(aes, a, aSz, cSz > 0); if (ret != 0) return ret; @@ -9858,7 +10029,8 @@ int wc_AesGcmInit(Aes* aes, const byte* key, word32 len, const byte* iv, #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_AESNI) if ((ret == 0) && (aes->streamData == NULL)) { /* Allocate buffers for streaming. */ - aes->streamData = (byte*)XMALLOC(5 * AES_BLOCK_SIZE, aes->heap, + aes->streamData_sz = 5 * AES_BLOCK_SIZE; + aes->streamData = (byte*)XMALLOC(aes->streamData_sz, aes->heap, DYNAMIC_TYPE_AES); if (aes->streamData == NULL) { ret = MEMORY_E; @@ -10345,7 +10517,7 @@ int wc_Gmac(const byte* key, word32 keySz, byte* iv, word32 ivSz, byte* authTag, word32 authTagSz, WC_RNG* rng) { #ifdef WOLFSSL_SMALL_STACK - Aes *aes = NULL; + Aes *aes; #else Aes aes[1]; #endif @@ -10358,24 +10530,24 @@ int wc_Gmac(const byte* key, word32 keySz, byte* iv, word32 ivSz, } #ifdef WOLFSSL_SMALL_STACK - if ((aes = (Aes *)XMALLOC(sizeof *aes, NULL, - DYNAMIC_TYPE_AES)) == NULL) - return MEMORY_E; + aes = wc_AesNew(NULL, INVALID_DEVID, &ret); +#else + ret = wc_AesInit(aes, NULL, INVALID_DEVID); #endif + if (ret != 0) + return ret; - ret = wc_AesInit(aes, NULL, INVALID_DEVID); - if (ret == 0) { - ret = wc_AesGcmSetKey(aes, key, keySz); - if (ret == 0) - ret = wc_AesGcmSetIV(aes, ivSz, NULL, 0, rng); - if (ret == 0) - ret = wc_AesGcmEncrypt_ex(aes, NULL, NULL, 0, iv, ivSz, + ret = wc_AesGcmSetKey(aes, key, keySz); + if (ret == 0) + ret = wc_AesGcmSetIV(aes, ivSz, NULL, 0, rng); + if (ret == 0) + ret = wc_AesGcmEncrypt_ex(aes, NULL, NULL, 0, iv, ivSz, authTag, authTagSz, authIn, authInSz); - wc_AesFree(aes); - } - ForceZero(aes, sizeof *aes); + #ifdef WOLFSSL_SMALL_STACK - XFREE(aes, NULL, DYNAMIC_TYPE_AES); + wc_AesDelete(aes, NULL); +#else + wc_AesFree(aes); #endif return ret; @@ -10401,22 +10573,21 @@ int wc_GmacVerify(const byte* key, word32 keySz, } #ifdef WOLFSSL_SMALL_STACK - if ((aes = (Aes *)XMALLOC(sizeof *aes, NULL, - DYNAMIC_TYPE_AES)) == NULL) - return MEMORY_E; -#endif - + aes = wc_AesNew(NULL, INVALID_DEVID, &ret); +#else ret = wc_AesInit(aes, NULL, INVALID_DEVID); +#endif if (ret == 0) { ret = wc_AesGcmSetKey(aes, key, keySz); if (ret == 0) ret = wc_AesGcmDecrypt(aes, NULL, NULL, 0, iv, ivSz, authTag, authTagSz, authIn, authInSz); - wc_AesFree(aes); + } - ForceZero(aes, sizeof *aes); #ifdef WOLFSSL_SMALL_STACK - XFREE(aes, NULL, DYNAMIC_TYPE_AES); + wc_AesDelete(aes, NULL); +#else + wc_AesFree(aes); #endif #else (void)key; @@ -11128,8 +11299,41 @@ int wc_AesCcmEncrypt_ex(Aes* aes, byte* out, const byte* in, word32 sz, #endif /* HAVE_AESCCM */ +#ifndef WC_NO_CONSTRUCTORS +Aes* wc_AesNew(void* heap, int devId, int *result_code) +{ + int ret; + Aes* aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_AES); + if (aes == NULL) { + ret = MEMORY_E; + } + else { + ret = wc_AesInit(aes, heap, devId); + if (ret != 0) { + XFREE(aes, heap, DYNAMIC_TYPE_AES); + aes = NULL; + } + } + + if (result_code != NULL) + *result_code = ret; -/* Initialize Aes for use with async hardware */ + return aes; +} + +int wc_AesDelete(Aes *aes, Aes** aes_p) +{ + if (aes == NULL) + return BAD_FUNC_ARG; + wc_AesFree(aes); + XFREE(aes, aes->heap, DYNAMIC_TYPE_AES); + if (aes_p != NULL) + *aes_p = NULL; + return 0; +} +#endif /* !WC_NO_CONSTRUCTORS */ + +/* Initialize Aes */ int wc_AesInit(Aes* aes, void* heap, int devId) { int ret = 0; @@ -11137,17 +11341,12 @@ int wc_AesInit(Aes* aes, void* heap, int devId) if (aes == NULL) return BAD_FUNC_ARG; - aes->heap = heap; - aes->rounds = 0; + XMEMSET(aes, 0, sizeof(*aes)); -#ifdef WOLFSSL_AESNI - /* clear here for the benefit of wc_AesGcmInit(). */ - aes->use_aesni = 0; -#endif + aes->heap = heap; #ifdef WOLF_CRYPTO_CB aes->devId = devId; - aes->devCtx = NULL; #else (void)devId; #endif @@ -11160,51 +11359,18 @@ int wc_AesInit(Aes* aes, void* heap, int devId) aes->alFd = WC_SOCK_NOTSET; aes->rdFd = WC_SOCK_NOTSET; #endif -#ifdef WOLFSSL_KCAPI_AES - aes->handle = NULL; - aes->init = 0; -#endif #if defined(WOLFSSL_DEVCRYPTO) && \ (defined(WOLFSSL_DEVCRYPTO_AES) || defined(WOLFSSL_DEVCRYPTO_CBC)) aes->ctx.cfd = -1; #endif -#if defined(WOLFSSL_CRYPTOCELL) && defined(WOLFSSL_CRYPTOCELL_AES) - XMEMSET(&aes->ctx, 0, sizeof(aes->ctx)); -#endif #if defined(WOLFSSL_IMXRT_DCP) DCPAesInit(aes); #endif -#ifdef WOLFSSL_MAXQ10XX_CRYPTO - XMEMSET(&aes->maxq_ctx, 0, sizeof(aes->maxq_ctx)); -#endif - -#ifdef HAVE_AESGCM -#ifdef OPENSSL_EXTRA - XMEMSET(aes->gcm.aadH, 0, sizeof(aes->gcm.aadH)); - aes->gcm.aadLen = 0; -#endif -#endif - -#ifdef WOLFSSL_AESGCM_STREAM -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_AESNI) - aes->streamData = NULL; -#endif - aes->keylen = 0; - aes->nonceSz = 0; - aes->gcmKeySet = 0; - aes->nonceSet = 0; - aes->ctrSet = 0; -#endif - #if defined(WOLFSSL_HAVE_PSA) && !defined(WOLFSSL_PSA_NO_AES) ret = wc_psa_aes_init(aes); #endif -#if defined(WOLFSSL_RENESAS_FSPSM) - XMEMSET(&aes->ctx, 0, sizeof(aes->ctx)); -#endif - #ifdef WC_DEBUG_CIPHER_LIFECYCLE if (ret == 0) ret = wc_debug_CipherLifecycleInit(&aes->CipherLifecycleTag, aes->heap); @@ -11259,11 +11425,12 @@ int wc_AesInit_Label(Aes* aes, const char* label, void* heap, int devId) } #endif -/* Free Aes from use with async hardware */ +/* Free Aes resources */ void wc_AesFree(Aes* aes) { - if (aes == NULL) + if (aes == NULL) { return; + } #ifdef WC_DEBUG_CIPHER_LIFECYCLE (void)wc_debug_CipherLifecycleFree(&aes->CipherLifecycleTag, aes->heap, 1); @@ -11305,6 +11472,7 @@ void wc_AesFree(Aes* aes) #if defined(WOLFSSL_AESGCM_STREAM) && defined(WOLFSSL_SMALL_STACK) && \ !defined(WOLFSSL_AESNI) if (aes->streamData != NULL) { + ForceZero(aes->streamData, aes->streamData_sz); XFREE(aes->streamData, aes->heap, DYNAMIC_TYPE_AES); aes->streamData = NULL; } @@ -11330,6 +11498,8 @@ void wc_AesFree(Aes* aes) wc_fspsm_Aesfree(aes); #endif + ForceZero(aes, sizeof(Aes)); + #ifdef WOLFSSL_CHECK_MEM_ZERO wc_MemZero_Check(aes, sizeof(Aes)); #endif @@ -11400,6 +11570,48 @@ int wc_AesGetKeySize(Aes* aes, word32* keySize) #elif defined(WOLFSSL_RISCV_ASM) /* implemented in wolfcrypt/src/port/riscv/riscv-64-aes.c */ +#elif defined(MAX3266X_AES) + +int wc_AesEcbEncrypt(Aes* aes, byte* out, const byte* in, word32 sz) +{ + int status; + word32 keySize; + + if ((in == NULL) || (out == NULL) || (aes == NULL)) + return BAD_FUNC_ARG; + + status = wc_AesGetKeySize(aes, &keySize); + if (status != 0) { + return status; + } + + status = wc_MXC_TPU_AesEncrypt(in, (byte*)aes->reg, (byte*)aes->key, + MXC_TPU_MODE_ECB, sz, out, keySize); + + return status; +} + +#ifdef HAVE_AES_DECRYPT +int wc_AesEcbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) +{ + int status; + word32 keySize; + + if ((in == NULL) || (out == NULL) || (aes == NULL)) + return BAD_FUNC_ARG; + + status = wc_AesGetKeySize(aes, &keySize); + if (status != 0) { + return status; + } + + status = wc_MXC_TPU_AesDecrypt(in, (byte*)aes->reg, (byte*)aes->key, + MXC_TPU_MODE_ECB, sz, out, keySize); + + return status; +} +#endif /* HAVE_AES_DECRYPT */ + #elif defined(WOLFSSL_SCE) && !defined(WOLFSSL_SCE_NO_AES) /* Software AES - ECB */ @@ -12167,8 +12379,7 @@ int wc_AesKeyWrap(const byte* key, word32 keySz, const byte* in, word32 inSz, out: #ifdef WOLFSSL_SMALL_STACK - if (aes != NULL) - XFREE(aes, NULL, DYNAMIC_TYPE_AES); + XFREE(aes, NULL, DYNAMIC_TYPE_AES); #endif return ret; @@ -12286,8 +12497,7 @@ int wc_AesKeyUnWrap(const byte* key, word32 keySz, const byte* in, word32 inSz, out: #ifdef WOLFSSL_SMALL_STACK - if (aes) - XFREE(aes, NULL, DYNAMIC_TYPE_AES); + XFREE(aes, NULL, DYNAMIC_TYPE_AES); #endif return ret; @@ -13606,7 +13816,7 @@ int wc_AesXtsDecryptConsecutiveSectors(XtsAes* aes, byte* out, const byte* in, * See RFC 5297 Section 2.4. */ static WARN_UNUSED_RESULT int S2V( - const byte* key, word32 keySz, const byte* assoc, word32 assocSz, + const byte* key, word32 keySz, const AesSivAssoc* assoc, word32 numAssoc, const byte* nonce, word32 nonceSz, const byte* data, word32 dataSz, byte* out) { @@ -13620,6 +13830,8 @@ static WARN_UNUSED_RESULT int S2V( #endif word32 macSz = AES_BLOCK_SIZE; int ret = 0; + byte tmpi = 0; + word32 ai; word32 zeroBytes; #ifdef WOLFSSL_SMALL_STACK @@ -13632,32 +13844,48 @@ static WARN_UNUSED_RESULT int S2V( } if (ret == 0) #endif - { + + if ((numAssoc > 126) || ((nonceSz > 0) && (numAssoc > 125))) { + /* See RFC 5297 Section 7. */ + WOLFSSL_MSG("Maximum number of ADs (including the nonce) for AES SIV is" + " 126."); + ret = BAD_FUNC_ARG; + } + + if (ret == 0) { XMEMSET(tmp[1], 0, AES_BLOCK_SIZE); XMEMSET(tmp[2], 0, AES_BLOCK_SIZE); ret = wc_AesCmacGenerate(tmp[0], &macSz, tmp[1], AES_BLOCK_SIZE, key, keySz); - if (ret == 0) { - ShiftAndXorRb(tmp[1], tmp[0]); - ret = wc_AesCmacGenerate(tmp[0], &macSz, assoc, assocSz, key, - keySz); - if (ret == 0) { - xorbuf(tmp[1], tmp[0], AES_BLOCK_SIZE); - } - } } if (ret == 0) { - if (nonceSz > 0) { - ShiftAndXorRb(tmp[0], tmp[1]); - ret = wc_AesCmacGenerate(tmp[1], &macSz, nonce, nonceSz, key, - keySz); + /* Loop over authenticated associated data AD1..ADn */ + for (ai = 0; ai < numAssoc; ++ai) { + ShiftAndXorRb(tmp[1-tmpi], tmp[tmpi]); + ret = wc_AesCmacGenerate(tmp[tmpi], &macSz, assoc[ai].assoc, + assoc[ai].assocSz, key, keySz); + if (ret != 0) + break; + xorbuf(tmp[1-tmpi], tmp[tmpi], AES_BLOCK_SIZE); + tmpi = 1 - tmpi; + } + + /* Add nonce as final AD. See RFC 5297 Section 3. */ + if ((ret == 0) && (nonceSz > 0)) { + ShiftAndXorRb(tmp[1-tmpi], tmp[tmpi]); + ret = wc_AesCmacGenerate(tmp[tmpi], &macSz, nonce, + nonceSz, key, keySz); if (ret == 0) { - xorbuf(tmp[0], tmp[1], AES_BLOCK_SIZE); + xorbuf(tmp[1-tmpi], tmp[tmpi], AES_BLOCK_SIZE); } + tmpi = 1 - tmpi; } - else { + + /* For simplicity of the remaining code, make sure the "final" result + is always in tmp[0]. */ + if (tmpi == 1) { XMEMCPY(tmp[0], tmp[1], AES_BLOCK_SIZE); } } @@ -13693,9 +13921,7 @@ static WARN_UNUSED_RESULT int S2V( } } #ifdef WOLFSSL_SMALL_STACK - if (cmac != NULL) { - XFREE(cmac, NULL, DYNAMIC_TYPE_CMAC); - } + XFREE(cmac, NULL, DYNAMIC_TYPE_CMAC); #elif defined(WOLFSSL_CHECK_MEM_ZERO) wc_MemZero_Check(cmac, sizeof(Cmac)); #endif @@ -13726,8 +13952,8 @@ static WARN_UNUSED_RESULT int S2V( } static WARN_UNUSED_RESULT int AesSivCipher( - const byte* key, word32 keySz, const byte* assoc, - word32 assocSz, const byte* nonce, word32 nonceSz, + const byte* key, word32 keySz, const AesSivAssoc* assoc, + word32 numAssoc, const byte* nonce, word32 nonceSz, const byte* data, word32 dataSz, byte* siv, byte* out, int enc) { @@ -13751,7 +13977,7 @@ static WARN_UNUSED_RESULT int AesSivCipher( if (ret == 0) { if (enc == 1) { - ret = S2V(key, keySz / 2, assoc, assocSz, nonce, nonceSz, data, + ret = S2V(key, keySz / 2, assoc, numAssoc, nonce, nonceSz, data, dataSz, sivTmp); if (ret != 0) { WOLFSSL_MSG("S2V failed."); @@ -13765,17 +13991,12 @@ static WARN_UNUSED_RESULT int AesSivCipher( } } -#ifdef WOLFSSL_SMALL_STACK - if (ret == 0) { - aes = (Aes*)XMALLOC(sizeof(Aes), NULL, DYNAMIC_TYPE_AES); - if (aes == NULL) { - ret = MEMORY_E; - } - } -#endif - if (ret == 0) { +#ifdef WOLFSSL_SMALL_STACK + aes = wc_AesNew(NULL, INVALID_DEVID, &ret); +#else ret = wc_AesInit(aes, NULL, INVALID_DEVID); +#endif if (ret != 0) { WOLFSSL_MSG("Failed to initialized AES object."); } @@ -13798,7 +14019,7 @@ static WARN_UNUSED_RESULT int AesSivCipher( } if (ret == 0 && enc == 0) { - ret = S2V(key, keySz / 2, assoc, assocSz, nonce, nonceSz, out, dataSz, + ret = S2V(key, keySz / 2, assoc, numAssoc, nonce, nonceSz, out, dataSz, sivTmp); if (ret != 0) { WOLFSSL_MSG("S2V failed."); @@ -13810,9 +14031,10 @@ static WARN_UNUSED_RESULT int AesSivCipher( } } - wc_AesFree(aes); #ifdef WOLFSSL_SMALL_STACK - XFREE(aes, NULL, DYNAMIC_TYPE_AES); + wc_AesDelete(aes, NULL); +#else + wc_AesFree(aes); #endif return ret; @@ -13825,7 +14047,10 @@ int wc_AesSivEncrypt(const byte* key, word32 keySz, const byte* assoc, word32 assocSz, const byte* nonce, word32 nonceSz, const byte* in, word32 inSz, byte* siv, byte* out) { - return AesSivCipher(key, keySz, assoc, assocSz, nonce, nonceSz, in, inSz, + AesSivAssoc ad; + ad.assoc = assoc; + ad.assocSz = assocSz; + return AesSivCipher(key, keySz, &ad, 1U, nonce, nonceSz, in, inSz, siv, out, 1); } @@ -13836,7 +14061,32 @@ int wc_AesSivDecrypt(const byte* key, word32 keySz, const byte* assoc, word32 assocSz, const byte* nonce, word32 nonceSz, const byte* in, word32 inSz, byte* siv, byte* out) { - return AesSivCipher(key, keySz, assoc, assocSz, nonce, nonceSz, in, inSz, + AesSivAssoc ad; + ad.assoc = assoc; + ad.assocSz = assocSz; + return AesSivCipher(key, keySz, &ad, 1U, nonce, nonceSz, in, inSz, + siv, out, 0); +} + +/* + * See RFC 5297 Section 2.6. + */ +int wc_AesSivEncrypt_ex(const byte* key, word32 keySz, const AesSivAssoc* assoc, + word32 numAssoc, const byte* nonce, word32 nonceSz, + const byte* in, word32 inSz, byte* siv, byte* out) +{ + return AesSivCipher(key, keySz, assoc, numAssoc, nonce, nonceSz, in, inSz, + siv, out, 1); +} + +/* + * See RFC 5297 Section 2.7. + */ +int wc_AesSivDecrypt_ex(const byte* key, word32 keySz, const AesSivAssoc* assoc, + word32 numAssoc, const byte* nonce, word32 nonceSz, + const byte* in, word32 inSz, byte* siv, byte* out) +{ + return AesSivCipher(key, keySz, assoc, numAssoc, nonce, nonceSz, in, inSz, siv, out, 0); } diff --git a/src/wolfcrypt/src/arc4.c b/src/wolfcrypt/src/arc4.c index af298a0..649d52f 100644 --- a/src/wolfcrypt/src/arc4.c +++ b/src/wolfcrypt/src/arc4.c @@ -1,6 +1,6 @@ /* arc4.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfcrypt/src/asm.c b/src/wolfcrypt/src/asm.c index c735ebf..2096ae9 100644 --- a/src/wolfcrypt/src/asm.c +++ b/src/wolfcrypt/src/asm.c @@ -1,6 +1,6 @@ /* asm.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -529,6 +529,27 @@ __asm__( \ #define LOOP_START \ mu = c[x] * mp +#ifdef __APPLE__ + +#define INNERMUL \ +__asm__( \ + " mullw r16,%3,%4 \n\t" \ + " mulhwu r17,%3,%4 \n\t" \ + " addc r16,r16,%2 \n\t" \ + " addze r17,r17 \n\t" \ + " addc %1,r16,%5 \n\t" \ + " addze %0,r17 \n\t" \ +:"=r"(cy),"=r"(_c[0]):"0"(cy),"r"(mu),"r"(tmpm[0]),"1"(_c[0]):"r16", "r17", "cc"); ++tmpm; + +#define PROPCARRY \ +__asm__( \ + " addc %1,%3,%2 \n\t" \ + " xor %0,%2,%2 \n\t" \ + " addze %0,%2 \n\t" \ +:"=r"(cy),"=r"(_c[0]):"0"(cy),"1"(_c[0]):"cc"); + +#else + #define INNERMUL \ __asm__( \ " mullw 16,%3,%4 \n\t" \ @@ -546,6 +567,8 @@ __asm__( \ " addze %0,%2 \n\t" \ :"=r"(cy),"=r"(_c[0]):"0"(cy),"1"(_c[0]):"cc"); +#endif + #elif defined(TFM_PPC64) /* PPC64 */ @@ -555,6 +578,8 @@ __asm__( \ #define LOOP_START \ mu = c[x] * mp +#ifdef __APPLE__ + #define INNERMUL \ __asm__( \ " mulld r16,%3,%4 \n\t" \ @@ -576,6 +601,31 @@ __asm__( \ " addze %0,%0 \n\t" \ :"=r"(cy),"=m"(_c[0]):"0"(cy),"1"(_c[0]):"r16","cc"); +#else + +#define INNERMUL \ +__asm__( \ + " mulld 16,%3,%4 \n\t" \ + " mulhdu 17,%3,%4 \n\t" \ + " addc 16,16,%0 \n\t" \ + " addze 17,17 \n\t" \ + " ldx 18,0,%1 \n\t" \ + " addc 16,16,18 \n\t" \ + " addze %0,17 \n\t" \ + " sdx 16,0,%1 \n\t" \ +:"=r"(cy),"=m"(_c[0]):"0"(cy),"r"(mu),"r"(tmpm[0]),"1"(_c[0]):"16", "17", "18","cc"); ++tmpm; + +#define PROPCARRY \ +__asm__( \ + " ldx 16,0,%1 \n\t" \ + " addc 16,16,%0 \n\t" \ + " sdx 16,0,%1 \n\t" \ + " xor %0,%0,%0 \n\t" \ + " addze %0,%0 \n\t" \ +:"=r"(cy),"=m"(_c[0]):"0"(cy),"1"(_c[0]):"16","cc"); + +#endif + /******************************************************************/ #elif defined(TFM_AVR32) diff --git a/src/wolfcrypt/src/asn.c b/src/wolfcrypt/src/asn.c index 778d3e7..0c52002 100644 --- a/src/wolfcrypt/src/asn.c +++ b/src/wolfcrypt/src/asn.c @@ -1,6 +1,6 @@ /* asn.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -56,6 +56,8 @@ ASN Options: * WOLFSSL_CERT_GEN: Cert generation. Saves extra certificate info in GetName. * WOLFSSL_NO_ASN_STRICT: Disable strict RFC compliance checks to restore 3.13.0 behavior. + * WOLFSSL_ASN_ALLOW_0_SERIAL: Even if WOLFSSL_NO_ASN_STRICT is not defined, + allow a length=1, but zero value serial number. * WOLFSSL_NO_OCSP_OPTIONAL_CERTS: Skip optional OCSP certs (responder issuer must still be trusted) * WOLFSSL_NO_TRUSTED_CERTS_VERIFY: Workaround for situation where entire cert @@ -100,6 +102,9 @@ ASN Options: * which is discouraged by X.690 specification - default values shall not * be encoded. * NO_TIME_SIGNEDNESS_CHECK: Disabled the time_t signedness check. + * WOLFSSL_ECC_SIGALG_PARAMS_NULL_ALLOWED: Allows the ECDSA/EdDSA signature + * algorithms in certificates to have NULL parameter instead of empty. + * DO NOT enable this unless required for interoperability. */ #include @@ -1092,7 +1097,7 @@ static int GetASN_Integer(const byte* input, word32 idx, int length, * @return 0 on success. * @return ASN_PARSE_E when unused bits is invalid. */ -static int GetASN_BitString(const byte* input, word32 idx, int length) +int GetASN_BitString(const byte* input, word32 idx, int length) { #if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) || \ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) @@ -1210,7 +1215,7 @@ static int GetASN_ObjectId(const byte* input, word32 idx, int length) /* Last octet of a sub-identifier has bit 8 clear. Last octet must be last * of a subidentifier. Ensure last octet hasn't got top bit set. */ - else if ((input[(int)idx + length - 1] & 0x80) != 0x00) { + else if ((input[(int)idx + length - 1] & 0x80) == 0x80) { WOLFSSL_MSG("OID last octet has top bit set"); ret = ASN_PARSE_E; } @@ -1498,6 +1503,8 @@ int GetASN_Items(const ASNItem* asn, ASNGetData *data, int count, int complete, int minDepth; /* Integer had a zero prepended. */ int zeroPadded; + word32 tmpW32Val; + signed char tmpScharVal; #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE WOLFSSL_ENTER("GetASN_Items"); @@ -1536,14 +1543,18 @@ int GetASN_Items(const ASNItem* asn, ASNGetData *data, int count, int complete, /* Check if first of numbered choice. */ if (choice == 0 && asn[i].optional > 1) { choice = asn[i].optional; - if (choiceMet[choice - 2] == -1) { + tmpScharVal = choiceMet[choice - 2]; + XFENCE(); /* Prevent memory access */ + if (tmpScharVal == -1) { /* Choice seen but not found a match yet. */ choiceMet[choice - 2] = 0; } } /* Check for end of data or not a choice and tag not matching. */ - if (idx == endIdx[depth] || (data[i].dataType != ASN_DATA_TYPE_CHOICE && + tmpW32Val = endIdx[depth]; + XFENCE(); /* Prevent memory access */ + if (idx == tmpW32Val || (data[i].dataType != ASN_DATA_TYPE_CHOICE && (input[idx] & ~ASN_CONSTRUCTED) != asn[i].tag)) { if (asn[i].optional) { /* Skip over ASN.1 items underneath this optional item. */ @@ -1611,6 +1622,7 @@ int GetASN_Items(const ASNItem* asn, ASNGetData *data, int count, int complete, /* Store found tag in data. */ data[i].tag = input[idx]; + XFENCE(); /* Prevent memory access */ if (data[i].dataType != ASN_DATA_TYPE_CHOICE) { int constructed = (input[idx] & ASN_CONSTRUCTED) == ASN_CONSTRUCTED; /* Check constructed match expected for non-choice ASN.1 item. */ @@ -2285,7 +2297,7 @@ int GetLength_ex(const byte* input, word32* inOutIdx, int* len, word32 maxIdx, /* Bottom 7 bits are the number of bytes to calculate length with. * Note: 0 indicates indefinite length encoding *not* 0 bytes of length. */ - word32 bytes = (word32)b & 0x7FU; + int bytes = (int)(b & 0x7F); int minLen; /* Calculate minimum length to be encoded with bytes. */ @@ -2297,15 +2309,16 @@ int GetLength_ex(const byte* input, word32* inOutIdx, int* len, word32 maxIdx, minLen = 0x80; } /* Only support up to the number of bytes that fit into return var. */ - else if (bytes > sizeof(length)) { + else if (bytes > (int)sizeof(length)) { WOLFSSL_MSG("GetLength - overlong data length spec"); return ASN_PARSE_E; - } else { + } + else { minLen = 1 << ((bytes - 1) * 8); } /* Check the number of bytes required are available. */ - if ((idx + bytes) > maxIdx) { + if ((idx + (word32)bytes) > maxIdx) { WOLFSSL_MSG("GetLength - bad long length"); return BUFFER_E; } @@ -2429,6 +2442,19 @@ static int GetASNHeader_ex(const byte* input, byte tag, word32* inOutIdx, if ((ret == 0) && (GetLength_ex(input, &idx, &length, maxIdx, check) < 0)) { ret = ASN_PARSE_E; } + if (ret == 0 && tag == ASN_OBJECT_ID) { + if (length < 3) { + /* OID data must be at least 3 bytes. */ + WOLFSSL_MSG("OID length less than 3"); + ret = ASN_PARSE_E; + } + else if ((input[(int)idx + length - 1] & 0x80) == 0x80) { + /* Last octet of a sub-identifier has bit 8 clear. Last octet must be + * last of a subidentifier. Ensure last octet hasn't got top bit set. */ + WOLFSSL_MSG("OID last octet has top bit set"); + ret = ASN_PARSE_E; + } + } if (ret == 0) { /* Return the length of data and index after header. */ *len = length; @@ -2457,7 +2483,7 @@ static int GetASNHeader_ex(const byte* input, byte tag, word32* inOutIdx, * @return BUFFER_E when there is not enough data to parse. * @return ASN_PARSE_E when the expected tag is not found or length is invalid. */ -static int GetASNHeader(const byte* input, byte tag, word32* inOutIdx, int* len, +int GetASNHeader(const byte* input, byte tag, word32* inOutIdx, int* len, word32 maxIdx) { return GetASNHeader_ex(input, tag, inOutIdx, len, maxIdx, 1); @@ -2690,14 +2716,15 @@ int GetASNInt(const byte* input, word32* inOutIdx, int* len, return ret; if (*len > 0) { - #ifndef WOLFSSL_ASN_INT_LEAD_0_ANY /* check for invalid padding on negative integer. * c.f. X.690 (ISO/IEC 8825-2:2003 (E)) 10.4.6; RFC 5280 4.1 */ if (*len > 1) { - if ((input[*inOutIdx] == 0xff) && (input[*inOutIdx + 1] & 0x80)) - return ASN_PARSE_E; + if ((input[*inOutIdx] == 0xff) && (input[*inOutIdx + 1] & 0x80)) { + WOLFSSL_MSG("Bad INTEGER encoding of negative"); + return ASN_EXPECT_0_E; + } } #endif @@ -2707,8 +2734,10 @@ int GetASNInt(const byte* input, word32* inOutIdx, int* len, (*len)--; #ifndef WOLFSSL_ASN_INT_LEAD_0_ANY - if (*len > 0 && (input[*inOutIdx] & 0x80) == 0) - return ASN_PARSE_E; + if (*len > 0 && (input[*inOutIdx] & 0x80) == 0) { + WOLFSSL_MSG("INTEGER is negative"); + return ASN_EXPECT_0_E; + } #endif } } @@ -3473,7 +3502,7 @@ int CheckBitString(const byte* input, word32* inOutIdx, int* len, } b = input[idx]; - if (zeroBits && b != 0x00) + if (zeroBits && (b != 0x00)) return ASN_EXPECT_0_E; if (b >= 0x08) return ASN_PARSE_E; @@ -3636,14 +3665,14 @@ int StreamOctetString(const byte* inBuf, word32 inBufSz, byte* out, word32* outS } else { *outSz = outIdx; - return LENGTH_ONLY_E; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); } } /* Convert BER to DER */ -/* Pull informtation from the ASN.1 BER encoded item header */ +/* Pull information from the ASN.1 BER encoded item header */ static int GetBerHeader(const byte* data, word32* idx, word32 maxIdx, byte* pTag, word32* pLen, int* indef) { @@ -4004,13 +4033,11 @@ int wc_BerToDer(const byte* ber, word32 berSz, byte* der, word32* derSz) /* Return the length of the DER encoded ASN.1 */ *derSz = j; if (der == NULL) { - ret = LENGTH_ONLY_E; + ret = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } end: #ifdef WOLFSSL_SMALL_STACK - if (indefItems != NULL) { - XFREE(indefItems, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(indefItems, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return ret; } @@ -4206,6 +4233,7 @@ static word32 SetBitString16Bit(word16 val, byte* output) static const byte sigFalcon_Level5Oid[] = {43, 206, 15, 3, 9}; #endif /* HAVE_FACON */ #ifdef HAVE_DILITHIUM +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT /* Dilithium Level 2: 1.3.6.1.4.1.2.267.12.4.4 */ static const byte sigDilithium_Level2Oid[] = {43, 6, 1, 4, 1, 2, 130, 11, 12, 4, 4}; @@ -4217,6 +4245,19 @@ static word32 SetBitString16Bit(word16 val, byte* output) /* Dilithium Level 5: 1.3.6.1.4.1.2.267.12.8.7 */ static const byte sigDilithium_Level5Oid[] = {43, 6, 1, 4, 1, 2, 130, 11, 12, 8, 7}; +#endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */ + + /* ML-DSA Level 2: 2.16.840.1.101.3.4.3.17 */ + static const byte sigMlDsa_Level2Oid[] = + {96, 134, 72, 1, 101, 3, 4, 3, 17}; + + /* ML-DSA Level 3: 2.16.840.1.101.3.4.3.18 */ + static const byte sigMlDsa_Level3Oid[] = + {96, 134, 72, 1, 101, 3, 4, 3, 18}; + + /* ML-DSA Level 5: 2.16.840.1.101.3.4.3.19 */ + static const byte sigMlDsa_Level5Oid[] = + {96, 134, 72, 1, 101, 3, 4, 3, 19}; #endif /* HAVE_DILITHIUM */ #ifdef HAVE_SPHINCS /* Sphincs Fast Level 1: 1 3 9999 6 7 4 */ @@ -4280,6 +4321,7 @@ static word32 SetBitString16Bit(word16 val, byte* output) static const byte keyFalcon_Level5Oid[] = {43, 206, 15, 3, 9}; #endif /* HAVE_FALCON */ #ifdef HAVE_DILITHIUM +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT /* Dilithium Level 2: 1.3.6.1.4.1.2.267.12.4.4 */ static const byte keyDilithium_Level2Oid[] = {43, 6, 1, 4, 1, 2, 130, 11, 12, 4, 4}; @@ -4291,6 +4333,19 @@ static word32 SetBitString16Bit(word16 val, byte* output) /* Dilithium Level 5: 1.3.6.1.4.1.2.267.12.8.7 */ static const byte keyDilithium_Level5Oid[] = {43, 6, 1, 4, 1, 2, 130, 11, 12, 8, 7}; +#endif + + /* ML-DSA Level 2: 2.16.840.1.101.3.4.3.17 */ + static const byte keyMlDsa_Level2Oid[] = + {96, 134, 72, 1, 101, 3, 4, 3, 17}; + + /* ML-DSA Level 3: 2.16.840.1.101.3.4.3.18 */ + static const byte keyMlDsa_Level3Oid[] = + {96, 134, 72, 1, 101, 3, 4, 3, 18}; + + /* ML-DSA Level 5: 2.16.840.1.101.3.4.3.19 */ + static const byte keyMlDsa_Level5Oid[] = + {96, 134, 72, 1, 101, 3, 4, 3, 19}; #endif /* HAVE_DILITHIUM */ #ifdef HAVE_SPHINCS /* Sphincs Fast Level 1: 1 3 9999 6 7 4 */ @@ -4834,7 +4889,8 @@ const byte* OidFromId(word32 id, word32 type, word32* oidSz) *oidSz = sizeof(sigFalcon_Level5Oid); break; #endif /* HAVE_FALCON */ - #ifdef HAVE_DILITHIUM + #ifdef HAVE_DILITHIUM + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT case CTC_DILITHIUM_LEVEL2: oid = sigDilithium_Level2Oid; *oidSz = sizeof(sigDilithium_Level2Oid); @@ -4847,7 +4903,20 @@ const byte* OidFromId(word32 id, word32 type, word32* oidSz) oid = sigDilithium_Level5Oid; *oidSz = sizeof(sigDilithium_Level5Oid); break; - #endif /* HAVE_DILITHIUM */ + #endif + case CTC_ML_DSA_LEVEL2: + oid = sigMlDsa_Level2Oid; + *oidSz = sizeof(sigMlDsa_Level2Oid); + break; + case CTC_ML_DSA_LEVEL3: + oid = sigMlDsa_Level3Oid; + *oidSz = sizeof(sigMlDsa_Level3Oid); + break; + case CTC_ML_DSA_LEVEL5: + oid = sigMlDsa_Level5Oid; + *oidSz = sizeof(sigMlDsa_Level5Oid); + break; + #endif /* HAVE_DILITHIUM */ #ifdef HAVE_SPHINCS case CTC_SPHINCS_FAST_LEVEL1: oid = sigSphincsFast_Level1Oid; @@ -4945,7 +5014,8 @@ const byte* OidFromId(word32 id, word32 type, word32* oidSz) *oidSz = sizeof(keyFalcon_Level5Oid); break; #endif /* HAVE_FALCON */ - #ifdef HAVE_DILITHIUM + #ifdef HAVE_DILITHIUM + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT case DILITHIUM_LEVEL2k: oid = keyDilithium_Level2Oid; *oidSz = sizeof(keyDilithium_Level2Oid); @@ -4958,7 +5028,20 @@ const byte* OidFromId(word32 id, word32 type, word32* oidSz) oid = keyDilithium_Level5Oid; *oidSz = sizeof(keyDilithium_Level5Oid); break; - #endif /* HAVE_DILITHIUM */ + #endif + case ML_DSA_LEVEL2k: + oid = keyMlDsa_Level2Oid; + *oidSz = sizeof(keyMlDsa_Level2Oid); + break; + case ML_DSA_LEVEL3k: + oid = keyMlDsa_Level3Oid; + *oidSz = sizeof(keyMlDsa_Level3Oid); + break; + case ML_DSA_LEVEL5k: + oid = keyMlDsa_Level5Oid; + *oidSz = sizeof(keyMlDsa_Level5Oid); + break; + #endif /* HAVE_DILITHIUM */ #ifdef HAVE_SPHINCS case SPHINCS_FAST_LEVEL1k: oid = keySphincsFast_Level1Oid; @@ -5625,7 +5708,7 @@ int EncodeObjectId(const word16* in, word32 inSz, byte* out, word32* outSz) } /* compute length of encoded OID */ - d = (in[0] * 40) + in[1]; + d = ((word32)in[0] * 40) + in[1]; len = 0; for (i = 1; i < (int)inSz; i++) { x = 0; @@ -5648,7 +5731,7 @@ int EncodeObjectId(const word16* in, word32 inSz, byte* out, word32* outSz) } /* calc first byte */ - d = (in[0] * 40) + in[1]; + d = ((word32)in[0] * 40) + in[1]; /* encode bytes */ x = 0; @@ -5683,14 +5766,13 @@ int EncodeObjectId(const word16* in, word32 inSz, byte* out, word32* outSz) } /* return length */ - *outSz = len; + *outSz = (word32)len; return 0; } #endif /* HAVE_OID_ENCODING */ -#if defined(HAVE_OID_DECODING) || defined(WOLFSSL_ASN_PRINT) || \ - defined(OPENSSL_ALL) +#if defined(HAVE_OID_DECODING) || defined(WOLFSSL_ASN_PRINT) /* Encode dotted form of OID into byte array version. * * @param [in] in Byte array containing OID. @@ -5737,7 +5819,7 @@ int DecodeObjectId(const byte* in, word32 inSz, word16* out, word32* outSz) return 0; } -#endif /* HAVE_OID_DECODING || WOLFSSL_ASN_PRINT || OPENSSL_ALL */ +#endif /* HAVE_OID_DECODING || WOLFSSL_ASN_PRINT */ /* Decode the header of a BER/DER encoded OBJECT ID. * @@ -6047,22 +6129,8 @@ enum { #define algoIdASN_Length (sizeof(algoIdASN) / sizeof(ASNItem)) #endif -/* Get the OID id/sum from the BER encoding of an algorithm identifier. - * - * NULL tag is skipped if present. - * - * @param [in] input Buffer holding BER encoded data. - * @param [in, out] inOutIdx On in, start of algorithm identifier. - * On out, start of ASN.1 item after algorithm id. - * @param [out] oid Id of OID in algorithm identifier data. - * @param [in] oidType Type of OID to expect. - * @param [in] maxIdx Maximum index of data in buffer. - * @return 0 on success. - * @return ASN_PARSE_E when encoding is invalid. - * @return ASN_UNKNOWN_OID_E when the OID cannot be verified. - */ -int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid, - word32 oidType, word32 maxIdx) +static int GetAlgoIdImpl(const byte* input, word32* inOutIdx, word32* oid, + word32 oidType, word32 maxIdx, byte *absentParams) { #ifndef WOLFSSL_ASN_TEMPLATE int length; @@ -6088,6 +6156,10 @@ int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid, ret = GetASNNull(input, &idx, maxIdx); if (ret != 0) return ret; + + if (absentParams != NULL) { + *absentParams = FALSE; + } } } } @@ -6112,6 +6184,11 @@ int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid, if (ret == 0) { /* Return the OID id/sum. */ *oid = dataASN[ALGOIDASN_IDX_OID].data.oid.sum; + + if ((absentParams != NULL) && + (dataASN[ALGOIDASN_IDX_NULL].tag == ASN_TAG_NULL)) { + *absentParams = FALSE; + } } FREE_ASNGETDATA(dataASN, NULL); @@ -6119,6 +6196,37 @@ int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid, #endif /* WOLFSSL_ASN_TEMPLATE */ } +/* Get the OID id/sum from the BER encoding of an algorithm identifier. + * + * NULL tag is skipped if present. + * + * @param [in] input Buffer holding BER encoded data. + * @param [in, out] inOutIdx On in, start of algorithm identifier. + * On out, start of ASN.1 item after algorithm id. + * @param [out] oid Id of OID in algorithm identifier data. + * @param [in] oidType Type of OID to expect. + * @param [in] maxIdx Maximum index of data in buffer. + * @return 0 on success. + * @return ASN_PARSE_E when encoding is invalid. + * @return ASN_UNKNOWN_OID_E when the OID cannot be verified. + */ +int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid, + word32 oidType, word32 maxIdx) +{ + return GetAlgoIdImpl(input, inOutIdx, oid, oidType, maxIdx, NULL); +} + +int GetAlgoIdEx(const byte* input, word32* inOutIdx, word32* oid, + word32 oidType, word32 maxIdx, byte *absentParams) +{ + /* Assume absent until proven otherwise */ + if (absentParams != NULL) { + *absentParams = TRUE; + } + + return GetAlgoIdImpl(input, inOutIdx, oid, oidType, maxIdx, absentParams); +} + #ifndef NO_RSA #ifdef WC_RSA_PSS @@ -6210,7 +6318,8 @@ static int RsaPssHashOidToMgf1(word32 oid, int* mgf) return ret; } -#ifndef NO_CERTS +#if !defined(NO_CERTS) && !defined(NO_ASN_CRYPT) + /* Convert a hash OID to a fake signature OID. * * @param [in] oid Hash OID. @@ -6261,7 +6370,7 @@ static int RsaPssHashOidToSigOid(word32 oid, word32* sigOid) #endif #ifdef WOLFSSL_ASN_TEMPLATE -/* ASN tag for hashAlgorigthm. */ +/* ASN tag for hashAlgorithm. */ #define ASN_TAG_RSA_PSS_HASH (ASN_CONTEXT_SPECIFIC | 0) /* ASN tag for maskGenAlgorithm. */ #define ASN_TAG_RSA_PSS_MGF (ASN_CONTEXT_SPECIFIC | 1) @@ -6309,7 +6418,7 @@ enum { /* Number of items in ASN.1 template for an algorithm identifier. */ #define rsaPssParamsASN_Length (sizeof(rsaPssParamsASN) / sizeof(ASNItem)) #else -/* ASN tag for hashAlgorigthm. */ +/* ASN tag for hashAlgorithm. */ #define ASN_TAG_RSA_PSS_HASH (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 0) /* ASN tag for maskGenAlgorithm. */ #define ASN_TAG_RSA_PSS_MGF (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 1) @@ -6829,8 +6938,9 @@ static const ASNItem pkcs8KeyASN[] = { /* PKEY_ALGO_PARAM_SEQ */ { 2, ASN_SEQUENCE, 1, 0, 1 }, #endif /* PKEY_DATA */ { 1, ASN_OCTET_STRING, 0, 0, 0 }, - /* attributes [0] Attributes OPTIONAL */ - /* [[2: publicKey [1] PublicKey OPTIONAL ]] */ +/* OPTIONAL Attributes IMPLICIT [0] */ + { 1, ASN_CONTEXT_SPECIFIC | 0, 1, 0, 1 }, +/* [[2: publicKey [1] PublicKey OPTIONAL ]] */ }; enum { PKCS8KEYASN_IDX_SEQ = 0, @@ -6843,6 +6953,7 @@ enum { PKCS8KEYASN_IDX_PKEY_ALGO_PARAM_SEQ, #endif PKCS8KEYASN_IDX_PKEY_DATA, + PKCS8KEYASN_IDX_PKEY_ATTRIBUTES, WOLF_ENUM_DUMMY_LAST_ELEMENT(PKCS8KEYASN_IDX) }; @@ -6857,6 +6968,7 @@ enum { * On out, start of encoded key. * @param [in] sz Size of data in buffer. * @param [out] algId Key's algorithm id from PKCS #8 header. + * @param [out] eccOid ECC curve OID. * @return Length of key data on success. * @return BAD_FUNC_ARG when input or inOutIdx is NULL. * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or @@ -6866,8 +6978,8 @@ enum { * @return ASN_EXPECT_0_E when the INTEGER has the MSB set or NULL has a * non-zero length. */ -int ToTraditionalInline_ex(const byte* input, word32* inOutIdx, word32 sz, - word32* algId) +int ToTraditionalInline_ex2(const byte* input, word32* inOutIdx, word32 sz, + word32* algId, word32* eccOid) { #ifndef WOLFSSL_ASN_TEMPLATE word32 idx; @@ -6917,8 +7029,14 @@ int ToTraditionalInline_ex(const byte* input, word32* inOutIdx, word32 sz, #endif /* WC_RSA_PSS && !NO_RSA */ if (tag == ASN_OBJECT_ID) { - if (SkipObjectId(input, &idx, sz) < 0) - return ASN_PARSE_E; + if ((*algId == ECDSAk) && (eccOid != NULL)) { + if (GetObjectId(input, &idx, eccOid, oidCurveType, sz) < 0) + return ASN_PARSE_E; + } + else { + if (SkipObjectId(input, &idx, sz) < 0) + return ASN_PARSE_E; + } } ret = GetOctetString(input, &idx, &length, sz); @@ -6939,6 +7057,8 @@ int ToTraditionalInline_ex(const byte* input, word32* inOutIdx, word32 sz, byte version = 0; word32 idx; + (void)eccOid; + /* Check validity of parameters. */ if (input == NULL || inOutIdx == NULL) { return BAD_FUNC_ARG; @@ -7012,6 +7132,11 @@ int ToTraditionalInline_ex(const byte* input, word32* inOutIdx, word32 sz, if (dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_NULL].tag != 0) { ret = ASN_PARSE_E; } + if (eccOid != NULL) { + ASNGetData* oidCurve = + &dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_OID_CURVE]; + *eccOid = oidCurve->data.oid.sum; + } break; #endif #ifdef HAVE_ED25519 @@ -7049,6 +7174,15 @@ int ToTraditionalInline_ex(const byte* input, word32* inOutIdx, word32 sz, ret = ASN_PARSE_E; } break; + #endif + #ifndef NO_DH + case DHk: + /* Neither NULL item nor OBJECT_ID item allowed. */ + if ((dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_NULL].tag != 0) || + (dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_OID_CURVE].tag != 0)) { + ret = ASN_PARSE_E; + } + break; #endif /* DSAk not supported. */ /* Falcon, Dilithium and Sphincs not supported. */ @@ -7071,6 +7205,29 @@ int ToTraditionalInline_ex(const byte* input, word32* inOutIdx, word32 sz, #endif } +/* Remove PKCS #8 header around an RSA, ECDSA, Ed25519, or Ed448. + * + * @param [in] input Buffer holding BER data. + * @param [in, out] inOutIdx On in, start of PKCS #8 encoding. + * On out, start of encoded key. + * @param [in] sz Size of data in buffer. + * @param [out] algId Key's algorithm id from PKCS #8 header. + * @return Length of key data on success. + * @return BAD_FUNC_ARG when input or inOutIdx is NULL. + * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or + * is invalid. + * @return BUFFER_E when data in buffer is too small. + * @return ASN_OBJECT_ID_E when the expected OBJECT_ID tag is not found. + * @return ASN_EXPECT_0_E when the INTEGER has the MSB set or NULL has a + * non-zero length. + */ +int ToTraditionalInline_ex(const byte* input, word32* inOutIdx, word32 sz, + word32* algId) +{ + return ToTraditionalInline_ex2(input, inOutIdx, sz, algId, NULL); +} + + /* TODO: test case */ int ToTraditionalInline(const byte* input, word32* inOutIdx, word32 sz) { @@ -7146,7 +7303,7 @@ int wc_CreatePKCS8Key(byte* out, word32* outSz, byte* key, word32 keySz, WOLFSSL_MSG("Checking size of PKCS8"); - return LENGTH_ONLY_E; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); } WOLFSSL_ENTER("wc_CreatePKCS8Key"); @@ -7216,7 +7373,9 @@ int wc_CreatePKCS8Key(byte* out, word32* outSz, byte* key, word32 keySz, *outSz = tmpSz + sz; return (int)(tmpSz + sz); #else - DECL_ASNSETDATA(dataASN, pkcs8KeyASN_Length); + /* pkcs8KeyASN_Length-1, the -1 is because we are not adding the optional + * set of attributes */ + DECL_ASNSETDATA(dataASN, pkcs8KeyASN_Length-1); int sz = 0; int ret = 0; word32 keyIdx = 0; @@ -7237,7 +7396,7 @@ int wc_CreatePKCS8Key(byte* out, word32* outSz, byte* key, word32 keySz, ret = ASN_PARSE_E; } - CALLOC_ASNSETDATA(dataASN, pkcs8KeyASN_Length, ret, NULL); + CALLOC_ASNSETDATA(dataASN, pkcs8KeyASN_Length-1, ret, NULL); if (ret == 0) { /* Only support default PKCS #8 format - v0. */ @@ -7263,7 +7422,7 @@ int wc_CreatePKCS8Key(byte* out, word32* outSz, byte* key, word32 keySz, SetASN_Buffer(&dataASN[PKCS8KEYASN_IDX_PKEY_DATA], key, keySz); /* Get the size of the DER encoding. */ - ret = SizeASN_Items(pkcs8KeyASN, dataASN, pkcs8KeyASN_Length, &sz); + ret = SizeASN_Items(pkcs8KeyASN, dataASN, pkcs8KeyASN_Length-1, &sz); } if (ret == 0) { /* Always return the calculated size. */ @@ -7272,11 +7431,11 @@ int wc_CreatePKCS8Key(byte* out, word32* outSz, byte* key, word32 keySz, /* Check for buffer to encoded into. */ if ((ret == 0) && (out == NULL)) { WOLFSSL_MSG("Checking size of PKCS8"); - ret = LENGTH_ONLY_E; + ret = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if (ret == 0) { /* Encode PKCS #8 key into buffer. */ - SetASN_Items(pkcs8KeyASN, dataASN, pkcs8KeyASN_Length, out); + SetASN_Items(pkcs8KeyASN, dataASN, pkcs8KeyASN_Length-1, out); ret = sz; } @@ -7296,9 +7455,11 @@ int wc_CreatePKCS8Key(byte* out, word32* outSz, byte* key, word32 keySz, * privKeySz : size of private key buffer * pubKey : buffer holding DER format public key * pubKeySz : size of public key buffer - * ks : type of key */ + * ks : type of key + * heap : heap hint to use */ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz, - const byte* pubKey, word32 pubKeySz, enum Key_Sum ks) + const byte* pubKey, word32 pubKeySz, enum Key_Sum ks, + void* heap) { int ret; (void)privKeySz; @@ -7335,14 +7496,14 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz, } #endif - if ((ret = wc_InitRsaKey(a, NULL)) < 0) { + if ((ret = wc_InitRsaKey(a, heap)) < 0) { #ifdef WOLFSSL_SMALL_STACK XFREE(b, NULL, DYNAMIC_TYPE_RSA); XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return ret; } - if ((ret = wc_InitRsaKey(b, NULL)) < 0) { + if ((ret = wc_InitRsaKey(b, heap)) < 0) { wc_FreeRsaKey(a); #ifdef WOLFSSL_SMALL_STACK XFREE(b, NULL, DYNAMIC_TYPE_RSA); @@ -7403,7 +7564,7 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz, } #endif - if ((ret = wc_ecc_init(key_pair)) < 0) { + if ((ret = wc_ecc_init_ex(key_pair, heap, INVALID_DEVID)) < 0) { #ifdef WOLFSSL_SMALL_STACK XFREE(privDer, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(key_pair, NULL, DYNAMIC_TYPE_ECC); @@ -7421,7 +7582,7 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz, wc_MemZero_Add("wc_CheckPrivateKey privDer", privDer, privSz); #endif wc_ecc_free(key_pair); - ret = wc_ecc_init(key_pair); + ret = wc_ecc_init_ex(key_pair, heap, INVALID_DEVID); if (ret == 0) { ret = wc_ecc_import_private_key(privDer, privSz, pubKey, @@ -7472,7 +7633,7 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz, return MEMORY_E; #endif - if ((ret = wc_ed25519_init(key_pair)) < 0) { + if ((ret = wc_ed25519_init_ex(key_pair, heap, INVALID_DEVID)) < 0) { #ifdef WOLFSSL_SMALL_STACK XFREE(key_pair, NULL, DYNAMIC_TYPE_ED25519); #endif @@ -7522,7 +7683,7 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz, return MEMORY_E; #endif - if ((ret = wc_ed448_init(key_pair)) < 0) { + if ((ret = wc_ed448_init_ex(key_pair, heap, INVALID_DEVID)) < 0) { #ifdef WOLFSSL_SMALL_STACK XFREE(key_pair, NULL, DYNAMIC_TYPE_ED448); #endif @@ -7618,9 +7779,15 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz, #endif /* HAVE_FALCON */ #if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_SIGN) && \ !defined(WOLFSSL_DILITHIUM_NO_VERIFY) && !defined(WOLFSSL_DILITHIUM_NO_ASN1) - if ((ks == DILITHIUM_LEVEL2k) || - (ks == DILITHIUM_LEVEL3k) || - (ks == DILITHIUM_LEVEL5k)) { + if ((ks == ML_DSA_LEVEL2k) || + (ks == ML_DSA_LEVEL3k) || + (ks == ML_DSA_LEVEL5k) + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + || (ks == DILITHIUM_LEVEL2k) + || (ks == DILITHIUM_LEVEL3k) + || (ks == DILITHIUM_LEVEL5k) + #endif + ) { #ifdef WOLFSSL_SMALL_STACK dilithium_key* key_pair = NULL; #else @@ -7642,15 +7809,27 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz, return ret; } - if (ks == DILITHIUM_LEVEL2k) { - ret = wc_dilithium_set_level(key_pair, 2); + + if (ks == ML_DSA_LEVEL2k) { + ret = wc_dilithium_set_level(key_pair, WC_ML_DSA_44); + } + else if (ks == ML_DSA_LEVEL3k) { + ret = wc_dilithium_set_level(key_pair, WC_ML_DSA_65); + } + else if (ks == ML_DSA_LEVEL5k) { + ret = wc_dilithium_set_level(key_pair, WC_ML_DSA_87); + } + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + else if (ks == DILITHIUM_LEVEL2k) { + ret = wc_dilithium_set_level(key_pair, WC_ML_DSA_44_DRAFT); } else if (ks == DILITHIUM_LEVEL3k) { - ret = wc_dilithium_set_level(key_pair, 3); + ret = wc_dilithium_set_level(key_pair, WC_ML_DSA_65_DRAFT); } else if (ks == DILITHIUM_LEVEL5k) { - ret = wc_dilithium_set_level(key_pair, 5); + ret = wc_dilithium_set_level(key_pair, WC_ML_DSA_87_DRAFT); } + #endif if (ret < 0) { #ifdef WOLFSSL_SMALL_STACK @@ -7751,6 +7930,7 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz, ret = 0; } (void)ks; + (void)heap; return ret; } @@ -7765,7 +7945,7 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz, * checkAlt : indicate if we check primary or alternative key */ int wc_CheckPrivateKeyCert(const byte* key, word32 keySz, DecodedCert* der, - int checkAlt) + int checkAlt, void* heap) { int ret = 0; @@ -7779,7 +7959,7 @@ int wc_CheckPrivateKeyCert(const byte* key, word32 keySz, DecodedCert* der, word32 idx = 0; /* Dilithium has the largest public key at the moment */ word32 pubKeyLen = DILITHIUM_MAX_PUB_KEY_SIZE; - byte* decodedPubKey = (byte*)XMALLOC(pubKeyLen, NULL, + byte* decodedPubKey = (byte*)XMALLOC(pubKeyLen, heap, DYNAMIC_TYPE_PUBLIC_KEY); if (decodedPubKey == NULL) { ret = MEMORY_E; @@ -7798,15 +7978,15 @@ int wc_CheckPrivateKeyCert(const byte* key, word32 keySz, DecodedCert* der, } if (ret == 0) { ret = wc_CheckPrivateKey(key, keySz, decodedPubKey, pubKeyLen, - (enum Key_Sum) der->sapkiOID); + (enum Key_Sum) der->sapkiOID, heap); } - XFREE(decodedPubKey, NULL, DYNAMIC_TYPE_PUBLIC_KEY); + XFREE(decodedPubKey, heap, DYNAMIC_TYPE_PUBLIC_KEY); } else #endif { ret = wc_CheckPrivateKey(key, keySz, der->publicKey, - der->pubKeySize, (enum Key_Sum) der->keyOID); + der->pubKeySize, (enum Key_Sum) der->keyOID, heap); } (void)checkAlt; @@ -8136,31 +8316,28 @@ int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz, if (wc_dilithium_init(dilithium) != 0) { tmpIdx = 0; - if (wc_dilithium_set_level(dilithium, 2) - == 0) { + if (wc_dilithium_set_level(dilithium, WC_ML_DSA_44) == 0) { if (wc_Dilithium_PrivateKeyDecode(key, &tmpIdx, dilithium, - keySz) == 0) { - *algoID = DILITHIUM_LEVEL2k; + keySz) == 0) { + *algoID = ML_DSA_LEVEL2k; } else { WOLFSSL_MSG("Not Dilithium Level 2 DER key"); } } - else if (wc_dilithium_set_level(dilithium, 3) - == 0) { + else if (wc_dilithium_set_level(dilithium, WC_ML_DSA_65) == 0) { if (wc_Dilithium_PrivateKeyDecode(key, &tmpIdx, dilithium, - keySz) == 0) { - *algoID = DILITHIUM_LEVEL3k; + keySz) == 0) { + *algoID = ML_DSA_LEVEL3k; } else { WOLFSSL_MSG("Not Dilithium Level 3 DER key"); } } - else if (wc_dilithium_set_level(dilithium, 5) - == 0) { + else if (wc_dilithium_set_level(dilithium, WC_ML_DSA_87) == 0) { if (wc_Dilithium_PrivateKeyDecode(key, &tmpIdx, dilithium, - keySz) == 0) { - *algoID = DILITHIUM_LEVEL5k; + keySz) == 0) { + *algoID = ML_DSA_LEVEL5k; } else { WOLFSSL_MSG("Not Dilithium Level 5 DER key"); @@ -8479,7 +8656,7 @@ int wc_EncryptPKCS8Key(byte* key, word32 keySz, byte* out, word32* outSz, if (out == NULL) { /* Sequence tag, length */ *outSz = 1 + SetLength(outerLen, NULL) + outerLen; - return LENGTH_ONLY_E; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); } SetOctetString(keySz + padSz, out); @@ -8562,9 +8739,7 @@ int wc_EncryptPKCS8Key(byte* key, word32 keySz, byte* out, word32* outSz, } #ifdef WOLFSSL_SMALL_STACK - if (saltTmp != NULL) { - XFREE(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER); #endif WOLFSSL_LEAVE("wc_EncryptPKCS8Key", ret); @@ -9064,7 +9239,7 @@ static const ASNItem p8EncPbes1ASN[] = { /* ENCALGO_PBEPARAM_SALT */ { 3, ASN_OCTET_STRING, 0, 0, 0 }, /* Iteration Count */ /* ENCALGO_PBEPARAM_ITER */ { 3, ASN_INTEGER, 0, 0, 0 }, -/* ENCDATA */ { 1, ASN_OCTET_STRING, 0, 0, 0 }, +/* ENCDATA */ { 1, (ASN_CONTEXT_SPECIFIC | 0), 0, 0, 0 }, }; enum { P8ENCPBES1ASN_IDX_SEQ = 0, @@ -9123,7 +9298,7 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz, word32 seqSz; word32 innerSz; int ret; - int version, id, blockSz = 0; + int version, id = PBE_NONE, blockSz = 0; #ifdef WOLFSSL_SMALL_STACK byte* saltTmp = NULL; byte* cbcIv = NULL; @@ -9195,7 +9370,7 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz, if (out == NULL) { *outSz = totalSz; - return LENGTH_ONLY_E; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); } inOutIdx = 0; @@ -9351,7 +9526,7 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz, /* Return size when no output buffer. */ if ((ret == 0) && (out == NULL)) { *outSz = (word32)sz; - ret = LENGTH_ONLY_E; + ret = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } /* Check output buffer is big enough for encoded data. */ if ((ret == 0) && (sz > (int)*outSz)) { @@ -9398,6 +9573,42 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz, #endif /* NO_PWDBASED */ #ifndef NO_RSA +#ifdef WOLFSSL_ASN_TEMPLATE +/* ASN.1 template for an RSA public key. + * X.509: RFC 5280, 4.1 - SubjectPublicKeyInfo + * PKCS #1: RFC 8017, A.1.1 - RSAPublicKey + */ +static const ASNItem rsaPublicKeyASN[] = { +/* SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 }, +/* ALGOID_SEQ */ { 1, ASN_SEQUENCE, 1, 1, 0 }, +/* ALGOID_OID */ { 2, ASN_OBJECT_ID, 0, 0, 0 }, +/* ALGOID_NULL */ { 2, ASN_TAG_NULL, 0, 0, 1 }, +#ifdef WC_RSA_PSS +/* ALGOID_P_SEQ */ { 2, ASN_SEQUENCE, 1, 0, 1 }, +#endif +/* PUBKEY */ { 1, ASN_BIT_STRING, 0, 1, 0 }, + /* RSAPublicKey */ +/* PUBKEY_RSA_SEQ */ { 2, ASN_SEQUENCE, 1, 1, 0 }, +/* PUBKEY_RSA_N */ { 3, ASN_INTEGER, 0, 0, 0 }, +/* PUBKEY_RSA_E */ { 3, ASN_INTEGER, 0, 0, 0 }, +}; +enum { + RSAPUBLICKEYASN_IDX_SEQ = 0, + RSAPUBLICKEYASN_IDX_ALGOID_SEQ, + RSAPUBLICKEYASN_IDX_ALGOID_OID, + RSAPUBLICKEYASN_IDX_ALGOID_NULL, +#ifdef WC_RSA_PSS + RSAPUBLICKEYASN_IDX_ALGOID_P_SEQ, +#endif + RSAPUBLICKEYASN_IDX_PUBKEY, + RSAPUBLICKEYASN_IDX_PUBKEY_RSA_SEQ, + RSAPUBLICKEYASN_IDX_PUBKEY_RSA_N, + RSAPUBLICKEYASN_IDX_PUBKEY_RSA_E +}; + +/* Number of items in ASN.1 template for an RSA public key. */ +#define rsaPublicKeyASN_Length (sizeof(rsaPublicKeyASN) / sizeof(ASNItem)) +#endif #if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS) /* This function is to retrieve key position information in a cert.* @@ -9408,9 +9619,10 @@ static int RsaPublicKeyDecodeRawIndex(const byte* input, word32* inOutIdx, word32* key_n_len, word32* key_e, word32* key_e_len) { - +#ifndef WOLFSSL_ASN_TEMPLATE int ret = 0; int length = 0; + #if defined(OPENSSL_EXTRA) || defined(RSA_DECODE_EXTRA) byte b; #endif @@ -9473,48 +9685,31 @@ static int RsaPublicKeyDecodeRawIndex(const byte* input, word32* inOutIdx, } if (key_e_len) *key_e_len = length; - return ret; -} -#endif /* WOLFSSL_RENESAS_TSIP */ - -#ifdef WOLFSSL_ASN_TEMPLATE -/* ASN.1 template for an RSA public key. - * X.509: RFC 5280, 4.1 - SubjectPublicKeyInfo - * PKCS #1: RFC 8017, A.1.1 - RSAPublicKey - */ -static const ASNItem rsaPublicKeyASN[] = { -/* SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 }, -/* ALGOID_SEQ */ { 1, ASN_SEQUENCE, 1, 1, 0 }, -/* ALGOID_OID */ { 2, ASN_OBJECT_ID, 0, 0, 0 }, -/* ALGOID_NULL */ { 2, ASN_TAG_NULL, 0, 0, 1 }, -#ifdef WC_RSA_PSS -/* ALGOID_P_SEQ */ { 2, ASN_SEQUENCE, 1, 0, 1 }, -#endif -/* PUBKEY */ { 1, ASN_BIT_STRING, 0, 1, 0 }, - /* RSAPublicKey */ -/* PUBKEY_RSA_SEQ */ { 2, ASN_SEQUENCE, 1, 1, 0 }, -/* PUBKEY_RSA_N */ { 3, ASN_INTEGER, 0, 0, 0 }, -/* PUBKEY_RSA_E */ { 3, ASN_INTEGER, 0, 0, 0 }, -}; -enum { - RSAPUBLICKEYASN_IDX_SEQ = 0, - RSAPUBLICKEYASN_IDX_ALGOID_SEQ, - RSAPUBLICKEYASN_IDX_ALGOID_OID, - RSAPUBLICKEYASN_IDX_ALGOID_NULL, -#ifdef WC_RSA_PSS - RSAPUBLICKEYASN_IDX_ALGOID_P_SEQ, -#endif - RSAPUBLICKEYASN_IDX_PUBKEY, - RSAPUBLICKEYASN_IDX_PUBKEY_RSA_SEQ, - RSAPUBLICKEYASN_IDX_PUBKEY_RSA_N, - RSAPUBLICKEYASN_IDX_PUBKEY_RSA_E -}; +#else + int ret = 0; + const byte* n = NULL; + const byte* e = NULL; /* pointer to modulus/exponent */ + word32 rawIndex = 0; -/* Number of items in ASN.1 template for an RSA public key. */ -#define rsaPublicKeyASN_Length (sizeof(rsaPublicKeyASN) / sizeof(ASNItem)) + ret = wc_RsaPublicKeyDecode_ex(input, inOutIdx, (word32)inSz, + &n, key_n_len, &e, key_e_len); + if (ret == 0) { + /* convert pointer to offset */ + if (key_n != NULL) { + rawIndex = n - input; + *key_n += rawIndex; + } + if (key_e != NULL) { + rawIndex = e - input; + *key_e += rawIndex; + } + } + return ret; #endif +} +#endif /* WOLFSSL_RENESAS_TSIP */ /* Decode RSA public key. * * X.509: RFC 5280, 4.1 - SubjectPublicKeyInfo @@ -10126,7 +10321,7 @@ int wc_DhKeyToDer(DhKey* key, byte* output, word32* outSz, int exportPriv) /* if no output, then just getting size */ if (output == NULL) { *outSz = total; - return LENGTH_ONLY_E; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); } /* make sure output fits in buffer */ @@ -10201,7 +10396,7 @@ int wc_DhKeyToDer(DhKey* key, byte* output, word32* outSz, int exportPriv) ret = SizeASN_Items(dhKeyPkcs8ASN, dataASN, dhKeyPkcs8ASN_Length, &sz); if (output == NULL) { *outSz = (word32)sz; - ret = LENGTH_ONLY_E; + ret = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } /* Check buffer is big enough for encoding. */ if ((ret == 0) && ((int)*outSz < sz)) { @@ -10265,7 +10460,7 @@ int wc_DhParamsToDer(DhKey* key, byte* output, word32* outSz) if (output == NULL) { *outSz = idx; - return LENGTH_ONLY_E; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); } /* make sure output fits in buffer */ if (idx > *outSz) { @@ -10313,7 +10508,7 @@ int wc_DhParamsToDer(DhKey* key, byte* output, word32* outSz) } if ((ret == 0) && (output == NULL)) { *outSz = (word32)sz; - ret = LENGTH_ONLY_E; + ret = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } /* Check buffer is big enough for encoding. */ if ((ret == 0) && (*outSz < (word32)sz)) { @@ -11164,7 +11359,7 @@ static int DsaKeyIntsToDer(DsaKey* key, byte* output, word32* inLen, *inLen = outLen; if (output == NULL) { FreeTmpDsas(tmps, key->heap, ints); - return LENGTH_ONLY_E; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if (outLen > *inLen) { FreeTmpDsas(tmps, key->heap, ints); @@ -11226,7 +11421,7 @@ static int DsaKeyIntsToDer(DsaKey* key, byte* output, word32* inLen, } if ((ret == 0) && (output == NULL)) { *inLen = (word32)sz; - ret = LENGTH_ONLY_E; + ret = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } /* Check buffer is big enough for encoding. */ if ((ret == 0) && (sz > (int)*inLen)) { @@ -11277,7 +11472,7 @@ int wc_DsaKeyToParamsDer(DsaKey* key, byte* output, word32 inLen) } /* This version of the function allows output to be NULL. In that case, the - DsaKeyIntsToDer will return LENGTH_ONLY_E and the required output buffer + DsaKeyIntsToDer will return WC_NO_ERR_TRACE(LENGTH_ONLY_E) and the required output buffer size will be pointed to by inLen. */ int wc_DsaKeyToParamsDer_ex(DsaKey* key, byte* output, word32* inLen) { @@ -11373,10 +11568,10 @@ void FreeAltNames(DNS_entry* altNames, void* heap) DNS_entry* tmp = altNames->next; XFREE(altNames->name, heap, DYNAMIC_TYPE_ALTNAME); - #if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) + #ifdef WOLFSSL_IP_ALT_NAME XFREE(altNames->ipString, heap, DYNAMIC_TYPE_ALTNAME); #endif - #if defined(OPENSSL_ALL) + #ifdef WOLFSSL_RID_ALT_NAME XFREE(altNames->ridString, heap, DYNAMIC_TYPE_ALTNAME); #endif XFREE(altNames, heap, DYNAMIC_TYPE_ALTNAME); @@ -11411,17 +11606,17 @@ DNS_entry* AltNameDup(DNS_entry* from, void* heap) ret->name = CopyString(from->name, from->len, heap, DYNAMIC_TYPE_ALTNAME); -#if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) +#ifdef WOLFSSL_IP_ALT_NAME ret->ipString = CopyString(from->ipString, 0, heap, DYNAMIC_TYPE_ALTNAME); #endif -#ifdef OPENSSL_ALL +#ifdef WOLFSSL_RID_ALT_NAME ret->ridString = CopyString(from->ridString, 0, heap, DYNAMIC_TYPE_ALTNAME); #endif if (ret->name == NULL -#if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) +#ifdef WOLFSSL_IP_ALT_NAME || (from->ipString != NULL && ret->ipString == NULL) #endif -#ifdef OPENSSL_ALL +#ifdef WOLFSSL_RID_ALT_NAME || (from->ridString != NULL && ret->ridString == NULL) #endif ) { @@ -11500,8 +11695,7 @@ void FreeDecodedCert(DecodedCert* cert) wolfSSL_X509_NAME_free((WOLFSSL_X509_NAME*)cert->subjectName); #endif /* WOLFSSL_X509_NAME_AVAILABLE */ #if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS) - if (cert->sce_tsip_encRsaKeyIdx != NULL) - XFREE(cert->sce_tsip_encRsaKeyIdx, cert->heap, DYNAMIC_TYPE_RSA); + XFREE(cert->sce_tsip_encRsaKeyIdx, cert->heap, DYNAMIC_TYPE_RSA); #endif FreeSignatureCtx(&cert->sigCtx); } @@ -11534,9 +11728,11 @@ static int GetCertHeader(DecodedCert* cert) cert->sigIndex) < 0) return ASN_PARSE_E; - if (wc_GetSerialNumber(cert->source, &cert->srcIdx, cert->serial, - &cert->serialSz, cert->sigIndex) < 0) - return ASN_PARSE_E; + ret = wc_GetSerialNumber(cert->source, &cert->srcIdx, cert->serial, + &cert->serialSz, cert->sigIndex); + if (ret < 0) { + return ret; + } return ret; } @@ -11782,7 +11978,7 @@ static int SetEccPublicKey(byte* output, ecc_key* key, int outLen, pubSz = 1 + pubSz; else pubSz = 1 + 2 * pubSz; - ret = LENGTH_ONLY_E; + ret = WC_NO_ERR_TRACE(LENGTH_ONLY_E); #else ret = wc_ecc_export_x963_ex(key, NULL, &pubSz, comp); #endif @@ -11902,34 +12098,38 @@ int wc_EccPublicKeyDerSize(ecc_key* key, int with_AlgCurve) #ifdef WOLFSSL_ASN_TEMPLATE #if defined(WC_ENABLE_ASYM_KEY_EXPORT) || defined(WC_ENABLE_ASYM_KEY_IMPORT) -/* ASN.1 template for Ed25519 and Ed448 public key (SubkectPublicKeyInfo). +/* ASN.1 template for the SubjectPublicKeyInfo of a general asymmetric key. + * Used with Ed448/Ed25519, Curve448/Curve25519, SPHINCS+, falcon, dilithium, + * etc. + * + * X.509: RFC 5280, 4.1 - SubjectPublicKeyInfo * RFC 8410, 4 - Subject Public Key Fields */ -static const ASNItem edPubKeyASN[] = { +static const ASNItem publicKeyASN[] = { /* SubjectPublicKeyInfo */ /* SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 }, /* AlgorithmIdentifier */ /* ALGOID_SEQ */ { 1, ASN_SEQUENCE, 1, 1, 0 }, - /* Ed25519/Ed448 OID */ + /* Ed25519/Ed448 OID, etc. */ /* ALGOID_OID */ { 2, ASN_OBJECT_ID, 0, 0, 1 }, /* Public key stream */ /* PUBKEY */ { 1, ASN_BIT_STRING, 0, 0, 0 }, }; enum { - EDPUBKEYASN_IDX_SEQ = 0, - EDPUBKEYASN_IDX_ALGOID_SEQ, - EDPUBKEYASN_IDX_ALGOID_OID, - EDPUBKEYASN_IDX_PUBKEY + PUBKEYASN_IDX_SEQ = 0, + PUBKEYASN_IDX_ALGOID_SEQ, + PUBKEYASN_IDX_ALGOID_OID, + PUBKEYASN_IDX_PUBKEY }; -/* Number of items in ASN.1 template for Ed25519 and Ed448 public key. */ -#define edPubKeyASN_Length (sizeof(edPubKeyASN) / sizeof(ASNItem)) +/* Number of items in ASN.1 template for public key SubjectPublicKeyInfo. */ +#define publicKeyASN_Length (sizeof(publicKeyASN) / sizeof(ASNItem)) #endif /* WC_ENABLE_ASYM_KEY_EXPORT || WC_ENABLE_ASYM_KEY_IMPORT */ #endif /* WOLFSSL_ASN_TEMPLATE */ #ifdef WC_ENABLE_ASYM_KEY_EXPORT -/* Build ASN.1 formatted public key based on RFC 8410 +/* Build ASN.1 formatted public key based on RFC 5280 and RFC 8410 * * Pass NULL for output to get the size of the encoding. * @@ -11953,12 +12153,16 @@ int SetAsymKeyDerPublic(const byte* pubKey, word32 pubKeyLen, word32 sz; #else int sz = 0; - DECL_ASNSETDATA(dataASN, edPubKeyASN_Length); + DECL_ASNSETDATA(dataASN, publicKeyASN_Length); #endif - if (pubKey == NULL) { + /* validate parameters */ + if (pubKey == NULL){ return BAD_FUNC_ARG; } + if (output != NULL && outLen == 0) { + return BUFFER_E; + } #ifndef WOLFSSL_ASN_TEMPLATE /* calculate size */ @@ -12001,25 +12205,26 @@ int SetAsymKeyDerPublic(const byte* pubKey, word32 pubKeyLen, } #else if (withHeader) { - CALLOC_ASNSETDATA(dataASN, edPubKeyASN_Length, ret, NULL); + CALLOC_ASNSETDATA(dataASN, publicKeyASN_Length, ret, NULL); if (ret == 0) { /* Set the OID. */ - SetASN_OID(&dataASN[EDPUBKEYASN_IDX_ALGOID_OID], (word32)keyType, + SetASN_OID(&dataASN[PUBKEYASN_IDX_ALGOID_OID], (word32)keyType, oidKeyType); /* Leave space for public point. */ - SetASN_Buffer(&dataASN[EDPUBKEYASN_IDX_PUBKEY], NULL, pubKeyLen); + SetASN_Buffer(&dataASN[PUBKEYASN_IDX_PUBKEY], NULL, pubKeyLen); /* Calculate size of public key encoding. */ - ret = SizeASN_Items(edPubKeyASN, dataASN, edPubKeyASN_Length, &sz); + ret = SizeASN_Items(publicKeyASN, dataASN, publicKeyASN_Length, + &sz); } if ((ret == 0) && (output != NULL) && (sz > (int)outLen)) { ret = BUFFER_E; } if ((ret == 0) && (output != NULL)) { /* Encode public key. */ - SetASN_Items(edPubKeyASN, dataASN, edPubKeyASN_Length, output); + SetASN_Items(publicKeyASN, dataASN, publicKeyASN_Length, output); /* Set location to encode public point. */ - output = (byte*)dataASN[EDPUBKEYASN_IDX_PUBKEY].data.buffer.data; + output = (byte*)dataASN[PUBKEYASN_IDX_PUBKEY].data.buffer.data; } FREE_ASNSETDATA(dataASN, NULL); @@ -12627,16 +12832,15 @@ static int GetCertKey(DecodedCert* cert, const byte* source, word32* inOutIdx, break; #endif /* HAVE_FALCON */ #ifdef HAVE_DILITHIUM + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT case DILITHIUM_LEVEL2k: - cert->pkCurveOID = DILITHIUM_LEVEL2k; - ret = StoreKey(cert, source, &srcIdx, maxIdx); - break; case DILITHIUM_LEVEL3k: - cert->pkCurveOID = DILITHIUM_LEVEL3k; - ret = StoreKey(cert, source, &srcIdx, maxIdx); - break; case DILITHIUM_LEVEL5k: - cert->pkCurveOID = DILITHIUM_LEVEL5k; + #endif + case ML_DSA_LEVEL2k: + case ML_DSA_LEVEL3k: + case ML_DSA_LEVEL5k: + cert->pkCurveOID = cert->keyOID; ret = StoreKey(cert, source, &srcIdx, maxIdx); break; #endif /* HAVE_DILITHIUM */ @@ -13264,7 +13468,7 @@ static const byte rdnChoice[] = { }; #endif -#if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) +#ifdef WOLFSSL_IP_ALT_NAME /* used to set the human readable string for the IP address with a ASN_IP_TYPE * DNS entry * return 0 on success @@ -13273,7 +13477,7 @@ static int GenerateDNSEntryIPString(DNS_entry* entry, void* heap) { int ret = 0; size_t nameSz = 0; - char tmpName[WOLFSSL_MAX_IPSTR] = {0}; + char tmpName[WOLFSSL_MAX_IPSTR]; unsigned char* ip; if (entry == NULL || entry->type != ASN_IP_TYPE) { @@ -13287,6 +13491,8 @@ static int GenerateDNSEntryIPString(DNS_entry* entry, void* heap) } ip = (unsigned char*)entry->name; + XMEMSET(tmpName, 0, sizeof(tmpName)); + /* store IP addresses as a string */ if (entry->len == WOLFSSL_IP4_ADDR_LEN) { if (XSNPRINTF(tmpName, sizeof(tmpName), "%u.%u.%u.%u", 0xFFU & ip[0], @@ -13328,9 +13534,9 @@ static int GenerateDNSEntryIPString(DNS_entry* entry, void* heap) return ret; } -#endif /* OPENSSL_ALL || WOLFSSL_IP_ALT_NAME */ +#endif /* WOLFSSL_IP_ALT_NAME */ -#if defined(OPENSSL_ALL) +#ifdef WOLFSSL_RID_ALT_NAME /* used to set the human readable string for the registeredID with an * ASN_RID_TYPE DNS entry * return 0 on success @@ -13339,7 +13545,9 @@ static int GenerateDNSEntryRIDString(DNS_entry* entry, void* heap) { int i, j, ret = 0; int nameSz = 0; +#if !defined(WOLFCRYPT_ONLY) && defined(OPENSSL_EXTRA) int nid = 0; +#endif int tmpSize = MAX_OID_SZ; word32 oid = 0; word32 idx = 0; @@ -13359,47 +13567,53 @@ static int GenerateDNSEntryRIDString(DNS_entry* entry, void* heap) ret = GetOID((const byte*)entry->name, &idx, &oid, oidIgnoreType, entry->len); + if (ret == 0) { + #if !defined(WOLFCRYPT_ONLY) && defined(OPENSSL_EXTRA) + if ((nid = oid2nid(oid, oidCsrAttrType)) > 0) { + /* OID has known string value */ + finalName = (char*)wolfSSL_OBJ_nid2ln(nid); + } + else + #endif + { + /* Decode OBJECT_ID into dotted form array. */ + ret = DecodeObjectId((const byte*)(entry->name),(word32)entry->len, + tmpName, (word32*)&tmpSize); - if (ret == 0 && (nid = oid2nid(oid, oidCsrAttrType)) > 0) { - /* OID has known string value */ - finalName = (char*)wolfSSL_OBJ_nid2ln(nid); - } - else { - /* Decode OBJECT_ID into dotted form array. */ - ret = DecodeObjectId((const byte*)(entry->name),(word32)entry->len, - tmpName, (word32*)&tmpSize); - - if (ret == 0) { - j = 0; - /* Append each number of dotted form. */ - for (i = 0; i < tmpSize; i++) { - if (j >= MAX_OID_SZ) { - return BUFFER_E; - } + if (ret == 0) { + j = 0; + /* Append each number of dotted form. */ + for (i = 0; i < tmpSize; i++) { + if (j >= MAX_OID_SZ) { + return BUFFER_E; + } - if (i < tmpSize - 1) { - ret = XSNPRINTF(oidName + j, MAX_OID_SZ - j, "%d.", tmpName[i]); - } - else { - ret = XSNPRINTF(oidName + j, MAX_OID_SZ - j, "%d", tmpName[i]); - } + if (i < tmpSize - 1) { + ret = XSNPRINTF(oidName + j, (word32)(MAX_OID_SZ - j), + "%d.", tmpName[i]); + } + else { + ret = XSNPRINTF(oidName + j, (word32)(MAX_OID_SZ - j), + "%d", tmpName[i]); + } - if (ret >= 0) { - j += ret; - } - else { - return BUFFER_E; + if (ret >= 0) { + j += ret; + } + else { + return BUFFER_E; + } } + ret = 0; + finalName = oidName; } - ret = 0; - finalName = oidName; } } if (ret == 0) { nameSz = (int)XSTRLEN((const char*)finalName); - entry->ridString = (char*)XMALLOC(nameSz + 1, heap, + entry->ridString = (char*)XMALLOC((word32)(nameSz + 1), heap, DYNAMIC_TYPE_ALTNAME); if (entry->ridString == NULL) { @@ -13407,13 +13621,13 @@ static int GenerateDNSEntryRIDString(DNS_entry* entry, void* heap) } if (ret == 0) { - XMEMCPY(entry->ridString, finalName, nameSz + 1); + XMEMCPY(entry->ridString, finalName, (word32)(nameSz + 1)); } } return ret; } -#endif /* OPENSSL_ALL && WOLFSSL_ASN_TEMPLATE */ +#endif /* WOLFSSL_RID_ALT_NAME */ #ifdef WOLFSSL_ASN_TEMPLATE @@ -13454,7 +13668,7 @@ static int AddDNSEntryToList(DNS_entry** lst, DNS_entry* entry) /* Allocate a DNS entry and set the fields. * - * @param [in] cert Certificate object. + * @param [in] heap Heap hint. * @param [in] str DNS name string. * @param [in] strLen Length of DNS name string. * @param [in] type Type of DNS name string. @@ -13462,27 +13676,23 @@ static int AddDNSEntryToList(DNS_entry** lst, DNS_entry* entry) * @return 0 on success. * @return MEMORY_E when dynamic memory allocation fails. */ -static int SetDNSEntry(DecodedCert* cert, const char* str, int strLen, +static int SetDNSEntry(void* heap, const char* str, int strLen, int type, DNS_entry** entries) { DNS_entry* dnsEntry; int ret = 0; - /* Only used for heap. */ - (void)cert; - /* TODO: consider one malloc. */ /* Allocate DNS Entry object. */ - dnsEntry = AltNameNew(cert->heap); + dnsEntry = AltNameNew(heap); if (dnsEntry == NULL) { ret = MEMORY_E; } if (ret == 0) { /* Allocate DNS Entry name - length of string plus 1 for NUL. */ - dnsEntry->name = (char*)XMALLOC((size_t)strLen + 1, cert->heap, + dnsEntry->name = (char*)XMALLOC((size_t)strLen + 1, heap, DYNAMIC_TYPE_ALTNAME); if (dnsEntry->name == NULL) { - XFREE(dnsEntry, cert->heap, DYNAMIC_TYPE_ALTNAME); ret = MEMORY_E; } } @@ -13493,29 +13703,27 @@ static int SetDNSEntry(DecodedCert* cert, const char* str, int strLen, XMEMCPY(dnsEntry->name, str, (size_t)strLen); dnsEntry->name[strLen] = '\0'; -#if defined(OPENSSL_ALL) +#ifdef WOLFSSL_RID_ALT_NAME /* store registeredID as a string */ - if (type == ASN_RID_TYPE) { - if ((ret = GenerateDNSEntryRIDString(dnsEntry, cert->heap)) != 0) { - XFREE(dnsEntry->name, cert->heap, DYNAMIC_TYPE_ALTNAME); - XFREE(dnsEntry, cert->heap, DYNAMIC_TYPE_ALTNAME); - } - } + if (type == ASN_RID_TYPE) + ret = GenerateDNSEntryRIDString(dnsEntry, heap); #endif -#if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) - /* store IP addresses as a string */ - if (type == ASN_IP_TYPE) { - if ((ret = GenerateDNSEntryIPString(dnsEntry, cert->heap)) != 0) { - XFREE(dnsEntry->name, cert->heap, DYNAMIC_TYPE_ALTNAME); - XFREE(dnsEntry, cert->heap, DYNAMIC_TYPE_ALTNAME); - } - } } - if (ret == 0) { +#ifdef WOLFSSL_IP_ALT_NAME + /* store IP addresses as a string */ + if (ret == 0 && type == ASN_IP_TYPE) + ret = GenerateDNSEntryIPString(dnsEntry, heap); #endif + if (ret == 0) { ret = AddDNSEntryToList(entries, dnsEntry); } + /* failure cleanup */ + if (ret != 0 && dnsEntry != NULL) { + XFREE(dnsEntry->name, heap, DYNAMIC_TYPE_ALTNAME); + XFREE(dnsEntry, heap, DYNAMIC_TYPE_ALTNAME); + } + return ret; } #endif @@ -13774,7 +13982,7 @@ static int GetRDN(DecodedCert* cert, char* full, word32* idx, int* nid, * @param [in, out] cert Decoded certificate object. * @param [out] full Buffer to hold full name as a string. * @param [out] hash Buffer to hold hash of name. - * @param [in] nameType ISSUER or SUBJECT. + * @param [in] nameType ASN_ISSUER or ASN_SUBJECT. * @param [in] input Buffer holding certificate name. * @param [in, out] inOutIdx On in, start of certificate name. * On out, start of ASN.1 item after cert name. @@ -13829,13 +14037,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, #if defined(HAVE_PKCS7) || defined(WOLFSSL_CERT_EXT) /* store pointer to raw issuer */ - if (nameType == ISSUER) { + if (nameType == ASN_ISSUER) { cert->issuerRaw = &input[srcIdx]; cert->issuerRawLen = length; } #endif #if !defined(IGNORE_NAME_CONSTRAINTS) || defined(WOLFSSL_CERT_EXT) - if (nameType == SUBJECT) { + if (nameType == ASN_SUBJECT) { cert->subjectRaw = &input[srcIdx]; cert->subjectRawLen = length; } @@ -13904,26 +14112,30 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, } #ifndef WOLFSSL_NO_ASN_STRICT - /* RFC 5280 section 4.1.2.4 lists a DirecotryString as being + /* RFC 5280 section 4.1.2.4 lists a DirectoryString as being * 1..MAX in length */ if (strLen < 1) { WOLFSSL_MSG("Non conforming DirectoryString of length 0 was" " found"); WOLFSSL_MSG("Use WOLFSSL_NO_ASN_STRICT if wanting to allow" " empty DirectoryString's"); + #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ + !defined(WOLFCRYPT_ONLY) + wolfSSL_X509_NAME_free(dName); + #endif /* OPENSSL_EXTRA */ return ASN_PARSE_E; } #endif if (id == ASN_COMMON_NAME) { - if (nameType == SUBJECT) { + if (nameType == ASN_SUBJECT) { cert->subjectCN = (char *)&input[srcIdx]; cert->subjectCNLen = strLen; cert->subjectCNEnc = (char)b; } #if (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)) && \ defined(WOLFSSL_HAVE_ISSUER_NAMES) - else if (nameType == ISSUER) { + else if (nameType == ASN_ISSUER) { cert->issuerCN = (char*)&input[srcIdx]; cert->issuerCNLen = strLen; cert->issuerCNEnc = (char)b; @@ -13942,7 +14154,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, copy = WOLFSSL_NAME; copyLen = sizeof(WOLFSSL_NAME) - 1; #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == SUBJECT) { + if (nameType == ASN_SUBJECT) { cert->subjectN = (char*)&input[srcIdx]; cert->subjectNLen = strLen; cert->subjectNEnc = b; @@ -13958,7 +14170,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, copy = WOLFSSL_INITIALS; copyLen = sizeof(WOLFSSL_INITIALS) - 1; #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == SUBJECT) { + if (nameType == ASN_SUBJECT) { cert->subjectI = (char*)&input[srcIdx]; cert->subjectILen = strLen; cert->subjectIEnc = b; @@ -13974,7 +14186,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, copy = WOLFSSL_GIVEN_NAME; copyLen = sizeof(WOLFSSL_GIVEN_NAME) - 1; #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == SUBJECT) { + if (nameType == ASN_SUBJECT) { cert->subjectGN = (char*)&input[srcIdx]; cert->subjectGNLen = strLen; cert->subjectGNEnc = b; @@ -13990,7 +14202,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, copy = WOLFSSL_DNQUALIFIER; copyLen = sizeof(WOLFSSL_DNQUALIFIER) - 1; #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == SUBJECT) { + if (nameType == ASN_SUBJECT) { cert->subjectDNQ = (char*)&input[srcIdx]; cert->subjectDNQLen = strLen; cert->subjectDNQEnc = b; @@ -14007,13 +14219,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, copy = WOLFSSL_SUR_NAME; copyLen = sizeof(WOLFSSL_SUR_NAME) - 1; #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == SUBJECT) { + if (nameType == ASN_SUBJECT) { cert->subjectSN = (char*)&input[srcIdx]; cert->subjectSNLen = strLen; cert->subjectSNEnc = (char)b; } #if defined(WOLFSSL_HAVE_ISSUER_NAMES) - else if (nameType == ISSUER) { + else if (nameType == ASN_ISSUER) { cert->issuerSN = (char*)&input[srcIdx]; cert->issuerSNLen = strLen; cert->issuerSNEnc = (char)b; @@ -14030,13 +14242,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, copy = WOLFSSL_COUNTRY_NAME; copyLen = sizeof(WOLFSSL_COUNTRY_NAME) - 1; #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == SUBJECT) { + if (nameType == ASN_SUBJECT) { cert->subjectC = (char*)&input[srcIdx]; cert->subjectCLen = strLen; cert->subjectCEnc = (char)b; } #if defined(WOLFSSL_HAVE_ISSUER_NAMES) - else if (nameType == ISSUER) { + else if (nameType == ASN_ISSUER) { cert->issuerC = (char*)&input[srcIdx]; cert->issuerCLen = strLen; cert->issuerCEnc = (char)b; @@ -14053,13 +14265,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, copy = WOLFSSL_LOCALITY_NAME; copyLen = sizeof(WOLFSSL_LOCALITY_NAME) - 1; #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == SUBJECT) { + if (nameType == ASN_SUBJECT) { cert->subjectL = (char*)&input[srcIdx]; cert->subjectLLen = strLen; cert->subjectLEnc = (char)b; } #if defined(WOLFSSL_HAVE_ISSUER_NAMES) - else if (nameType == ISSUER) { + else if (nameType == ASN_ISSUER) { cert->issuerL = (char*)&input[srcIdx]; cert->issuerLLen = strLen; cert->issuerLEnc = (char)b; @@ -14076,13 +14288,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, copy = WOLFSSL_STATE_NAME; copyLen = sizeof(WOLFSSL_STATE_NAME) - 1; #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == SUBJECT) { + if (nameType == ASN_SUBJECT) { cert->subjectST = (char*)&input[srcIdx]; cert->subjectSTLen = strLen; cert->subjectSTEnc = (char)b; } #if defined(WOLFSSL_HAVE_ISSUER_NAMES) - else if (nameType == ISSUER) { + else if (nameType == ASN_ISSUER) { cert->issuerST = (char*)&input[srcIdx]; cert->issuerSTLen = strLen; cert->issuerSTEnc = (char)b; @@ -14099,13 +14311,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, copy = WOLFSSL_ORG_NAME; copyLen = sizeof(WOLFSSL_ORG_NAME) - 1; #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == SUBJECT) { + if (nameType == ASN_SUBJECT) { cert->subjectO = (char*)&input[srcIdx]; cert->subjectOLen = strLen; cert->subjectOEnc = (char)b; } #if defined(WOLFSSL_HAVE_ISSUER_NAMES) - else if (nameType == ISSUER) { + else if (nameType == ASN_ISSUER) { cert->issuerO = (char*)&input[srcIdx]; cert->issuerOLen = strLen; cert->issuerOEnc = (char)b; @@ -14122,13 +14334,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, copy = WOLFSSL_ORGUNIT_NAME; copyLen = sizeof(WOLFSSL_ORGUNIT_NAME) - 1; #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == SUBJECT) { + if (nameType == ASN_SUBJECT) { cert->subjectOU = (char*)&input[srcIdx]; cert->subjectOULen = strLen; cert->subjectOUEnc = (char)b; } #if defined(WOLFSSL_HAVE_ISSUER_NAMES) - else if (nameType == ISSUER) { + else if (nameType == ASN_ISSUER) { cert->issuerOU = (char*)&input[srcIdx]; cert->issuerOULen = strLen; cert->issuerOUEnc = (char)b; @@ -14145,13 +14357,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, copy = WOLFSSL_SERIAL_NUMBER; copyLen = sizeof(WOLFSSL_SERIAL_NUMBER) - 1; #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == SUBJECT) { + if (nameType == ASN_SUBJECT) { cert->subjectSND = (char*)&input[srcIdx]; cert->subjectSNDLen = strLen; cert->subjectSNDEnc = (char)b; } #if defined(WOLFSSL_HAVE_ISSUER_NAMES) - else if (nameType == ISSUER) { + else if (nameType == ASN_ISSUER) { cert->issuerSND = (char*)&input[srcIdx]; cert->issuerSNDLen = strLen; cert->issuerSNDEnc = (char)b; @@ -14168,7 +14380,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, copy = WOLFSSL_USER_ID; copyLen = sizeof(WOLFSSL_USER_ID) - 1; #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == SUBJECT) { + if (nameType == ASN_SUBJECT) { cert->subjectUID = (char*)&input[srcIdx]; cert->subjectUIDLen = strLen; cert->subjectUIDEnc = (char)b; @@ -14185,7 +14397,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, copy = WOLFSSL_STREET_ADDR_NAME; copyLen = sizeof(WOLFSSL_STREET_ADDR_NAME) - 1; #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == SUBJECT) { + if (nameType == ASN_SUBJECT) { cert->subjectStreet = (char*)&input[srcIdx]; cert->subjectStreetLen = strLen; cert->subjectStreetEnc = (char)b; @@ -14201,7 +14413,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, copy = WOLFSSL_BUS_CAT; copyLen = sizeof(WOLFSSL_BUS_CAT) - 1; #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == SUBJECT) { + if (nameType == ASN_SUBJECT) { cert->subjectBC = (char*)&input[srcIdx]; cert->subjectBCLen = strLen; cert->subjectBCEnc = (char)b; @@ -14216,7 +14428,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, copy = WOLFSSL_POSTAL_NAME; copyLen = sizeof(WOLFSSL_POSTAL_NAME) - 1; #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == SUBJECT) { + if (nameType == ASN_SUBJECT) { cert->subjectPC = (char*)&input[srcIdx]; cert->subjectPCLen = strLen; cert->subjectPCEnc = (char)b; @@ -14255,7 +14467,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, copy = WOLFSSL_JOI_C; copyLen = sizeof(WOLFSSL_JOI_C) - 1; #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == SUBJECT) { + if (nameType == ASN_SUBJECT) { cert->subjectJC = (char*)&input[srcIdx]; cert->subjectJCLen = strLen; cert->subjectJCEnc = (char)b; @@ -14273,7 +14485,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, copy = WOLFSSL_JOI_ST; copyLen = sizeof(WOLFSSL_JOI_ST) - 1; #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == SUBJECT) { + if (nameType == ASN_SUBJECT) { cert->subjectJS = (char*)&input[srcIdx]; cert->subjectJSLen = strLen; cert->subjectJSEnc = (char)b; @@ -14337,13 +14549,13 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, #if !defined(IGNORE_NAME_CONSTRAINTS) || \ defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) - if (nameType == SUBJECT) { + if (nameType == ASN_SUBJECT) { cert->subjectEmail = (char*)&input[srcIdx]; cert->subjectEmailLen = strLen; } #if defined(WOLFSSL_HAVE_ISSUER_NAMES) && \ (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)) - else if (nameType == ISSUER) { + else if (nameType == ASN_ISSUER) { cert->issuerEmail = (char*)&input[srcIdx]; cert->issuerEmailLen = strLen; } @@ -14445,8 +14657,8 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ !defined(WOLFCRYPT_ONLY) - if (nameType == ISSUER) { -#if (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY)) && \ + if (nameType == ASN_ISSUER) { +#if (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY)) &&\ (defined(HAVE_PKCS7) || defined(WOLFSSL_CERT_EXT)) dName->rawLen = min(cert->issuerRawLen, WC_ASN_NAME_MAX); XMEMCPY(dName->raw, cert->issuerRaw, dName->rawLen); @@ -14504,14 +14716,14 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, if (ret == 0) { #if defined(HAVE_PKCS7) || defined(WOLFSSL_CERT_EXT) /* Store pointer and length to raw issuer. */ - if (nameType == ISSUER) { + if (nameType == ASN_ISSUER) { cert->issuerRaw = &input[srcIdx]; cert->issuerRawLen = len; } #endif #if !defined(IGNORE_NAME_CONSTRAINTS) || defined(WOLFSSL_CERT_EXT) /* Store pointer and length to raw subject. */ - if (nameType == SUBJECT) { + if (nameType == ASN_SUBJECT) { cert->subjectRaw = &input[srcIdx]; cert->subjectRawLen = len; } @@ -14530,7 +14742,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, &srcIdx, maxIdx); if (ret == 0) { /* Put RDN data into certificate. */ - ret = GetRDN(cert, full, &idx, &nid, nameType == SUBJECT, + ret = GetRDN(cert, full, &idx, &nid, nameType == ASN_SUBJECT, dataASN); } #ifdef WOLFSSL_X509_NAME_AVAILABLE @@ -14546,7 +14758,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, GetASN_GetRef(&dataASN[RDNASN_IDX_ATTR_VAL], &str, &strLen); #ifndef WOLFSSL_NO_ASN_STRICT - /* RFC 5280 section 4.1.2.4 lists a DirecotryString as being + /* RFC 5280 section 4.1.2.4 lists a DirectoryString as being * 1..MAX in length */ if (ret == 0 && strLen < 1) { WOLFSSL_MSG("Non conforming DirectoryString of length 0 was" @@ -14588,7 +14800,7 @@ static int GetCertName(DecodedCert* cert, char* full, byte* hash, int nameType, #ifdef WOLFSSL_X509_NAME_AVAILABLE /* Store X509_NAME in certificate. */ - if (nameType == ISSUER) { + if (nameType == ASN_ISSUER) { #if (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \ defined(HAVE_LIGHTY)) && \ (defined(HAVE_PKCS7) || defined(WOLFSSL_CERT_EXT)) @@ -14638,7 +14850,7 @@ enum { * Either the issuer or subject name. * * @param [in, out] cert Decoded certificate object. - * @param [in] nameType Type of name being decoded: ISSUER or SUBJECT. + * @param [in] nameType Type being decoded: ASN_ISSUER or ASN_SUBJECT. * @param [in] maxIdx Index of next item after certificate name. * @return 0 on success. * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or @@ -14659,7 +14871,7 @@ int GetName(DecodedCert* cert, int nameType, int maxIdx) WOLFSSL_MSG("Getting Name"); - if (nameType == ISSUER) { + if (nameType == ASN_ISSUER) { full = cert->issuer; hash = cert->issuerHash; } @@ -14717,7 +14929,7 @@ int GetName(DecodedCert* cert, int nameType, int maxIdx) cert->srcIdx = dataASN[CERTNAMEASN_IDX_NAME].offset; /* Get fields to fill in based on name type. */ - if (nameType == ISSUER) { + if (nameType == ASN_ISSUER) { full = cert->issuer; hash = cert->issuerHash; } @@ -14774,18 +14986,23 @@ static WC_INLINE int GetTime_Long(long* value, const byte* date, int* idx) } #endif +/* Extract certTime from date string parameter. + * Reminder: idx is incremented in each call to GetTime() + * Return 0 on failure, 1 for success. */ int ExtractDate(const unsigned char* date, unsigned char format, - struct tm* certTime, int* idx) + struct tm* certTime, int* idx) { XMEMSET(certTime, 0, sizeof(struct tm)); + /* Get the first two bytes of the year (century) */ if (format == ASN_UTC_TIME) { if (btoi(date[*idx]) >= 5) certTime->tm_year = 1900; else certTime->tm_year = 2000; } - else { /* format == GENERALIZED_TIME */ + else { + /* format == GENERALIZED_TIME */ #ifdef WOLFSSL_LINUXKM if (GetTime_Long(&certTime->tm_year, date, idx) != 0) return 0; #else @@ -14805,11 +15022,7 @@ int ExtractDate(const unsigned char* date, unsigned char format, int tm_min = certTime->tm_min; int tm_sec = certTime->tm_sec; -#ifdef WOLFSSL_LINUXKM - if (GetTime_Long(&tm_year, date, idx) != 0) return 0; -#else if (GetTime(&tm_year, date, idx) != 0) return 0; -#endif if (GetTime(&tm_mon , date, idx) != 0) return 0; if (GetTime(&tm_mday, date, idx) != 0) return 0; if (GetTime(&tm_hour, date, idx) != 0) return 0; @@ -14823,28 +15036,30 @@ int ExtractDate(const unsigned char* date, unsigned char format, certTime->tm_hour = tm_hour; certTime->tm_min = tm_min; certTime->tm_sec = tm_sec; -#else - /* adjust tm_year, tm_mon */ -#ifdef WOLFSSL_LINUXKM - if (GetTime_Long(&certTime->tm_year, date, idx) != 0) return 0; -#else - if (GetTime(&certTime->tm_year, date, idx) != 0) return 0; -#endif +#else /* !AVR */ + /* Get the next two bytes of the year. */ + #ifdef WOLFSSL_LINUXKM + if (GetTime_Long(&certTime->tm_year, date, idx) != 0) return 0; + #else + if (GetTime(&certTime->tm_year, date, idx) != 0) return 0; + #endif certTime->tm_year -= 1900; + + /* The next fields are expected in specific order in [date] string: */ if (GetTime(&certTime->tm_mon , date, idx) != 0) return 0; certTime->tm_mon -= 1; if (GetTime(&certTime->tm_mday, date, idx) != 0) return 0; if (GetTime(&certTime->tm_hour, date, idx) != 0) return 0; if (GetTime(&certTime->tm_min , date, idx) != 0) return 0; if (GetTime(&certTime->tm_sec , date, idx) != 0) return 0; -#endif + +#endif /* !AVR */ return 1; } -#if defined(OPENSSL_ALL) || defined(WOLFSSL_MYSQL_COMPATIBLE) || \ - defined(OPENSSL_EXTRA) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) +#ifdef WOLFSSL_ASN_TIME_STRING int GetTimeString(byte* date, int format, char* buf, int len) { struct tm t; @@ -14890,7 +15105,7 @@ int GetTimeString(byte* date, int format, char* buf, int len) return 1; } -#endif /* OPENSSL_ALL || WOLFSSL_MYSQL_COMPATIBLE || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ +#endif /* WOLFSSL_ASN_TIME_STRING */ /* Check time struct for valid values. Returns 0 for success */ static int ValidateGmtime(struct tm* inTime) @@ -15006,19 +15221,13 @@ int GetFormattedTime(void* currTime, byte* buf, word32 len) hour = ts->tm_hour; mini = ts->tm_min; sec = ts->tm_sec; - #if defined(WOLF_C89) if (len < ASN_UTC_TIME_SIZE) { WOLFSSL_MSG("buffer for GetFormattedTime is too short."); return BUFFER_E; } - ret = XSPRINTF((char*)buf, - "%02d%02d%02d%02d%02d%02dZ", year, mon, day, - hour, mini, sec); - #else ret = XSNPRINTF((char*)buf, len, "%02d%02d%02d%02d%02d%02dZ", year, mon, day, hour, mini, sec); - #endif } else { /* GeneralizedTime */ @@ -15028,19 +15237,13 @@ int GetFormattedTime(void* currTime, byte* buf, word32 len) hour = ts->tm_hour; mini = ts->tm_min; sec = ts->tm_sec; - #if defined(WOLF_C89) if (len < ASN_GENERALIZED_TIME_SIZE) { WOLFSSL_MSG("buffer for GetFormattedTime is too short."); return BUFFER_E; } - ret = XSPRINTF((char*)buf, - "%4d%02d%02d%02d%02d%02dZ", year, mon, day, - hour, mini, sec); - #else ret = XSNPRINTF((char*)buf, len, "%4d%02d%02d%02d%02d%02dZ", year, mon, day, hour, mini, sec); - #endif } return ret; @@ -15091,7 +15294,7 @@ static WC_INLINE int DateLessThan(const struct tm* a, const struct tm* b) /* Make sure before and after dates are valid */ /* date = ASN.1 raw */ /* format = ASN_UTC_TIME or ASN_GENERALIZED_TIME */ -/* dateType = AFTER or BEFORE */ +/* dateType = ASN_AFTER or ASN_BEFORE */ int wc_ValidateDate(const byte* date, byte format, int dateType) { time_t ltime; @@ -15121,14 +15324,14 @@ int wc_ValidateDate(const byte* date, byte format, int dateType) #endif #ifdef WOLFSSL_BEFORE_DATE_CLOCK_SKEW - if (dateType == BEFORE) { + if (dateType == ASN_BEFORE) { WOLFSSL_MSG("Skewing local time for before date check"); ltime += WOLFSSL_BEFORE_DATE_CLOCK_SKEW; } #endif #ifdef WOLFSSL_AFTER_DATE_CLOCK_SKEW - if (dateType == AFTER) { + if (dateType == ASN_AFTER) { WOLFSSL_MSG("Skewing local time for after date check"); ltime -= WOLFSSL_AFTER_DATE_CLOCK_SKEW; } @@ -15162,13 +15365,13 @@ int wc_ValidateDate(const byte* date, byte format, int dateType) return 0; } - if (dateType == BEFORE) { + if (dateType == ASN_BEFORE) { if (DateLessThan(localTime, &certTime)) { WOLFSSL_MSG("Date BEFORE check failed"); return 0; } } - else { /* dateType == AFTER */ + else { /* dateType == ASN_AFTER */ if (DateGreaterThan(localTime, &certTime)) { WOLFSSL_MSG("Date AFTER check failed"); return 0; @@ -15334,7 +15537,7 @@ static int GetDate(DecodedCert* cert, int dateType, int verify, int maxIdx) byte format; word32 startIdx = 0; - if (dateType == BEFORE) + if (dateType == ASN_BEFORE) cert->beforeDate = &cert->source[cert->srcIdx]; else cert->afterDate = &cert->source[cert->srcIdx]; @@ -15348,7 +15551,7 @@ static int GetDate(DecodedCert* cert, int dateType, int verify, int maxIdx) XMEMSET(date, 0, MAX_DATE_SIZE); XMEMCPY(date, datePtr, (size_t)length); - if (dateType == BEFORE) + if (dateType == ASN_BEFORE) cert->beforeDateLen = (int)(cert->srcIdx - startIdx); else cert->afterDateLen = (int)(cert->srcIdx - startIdx); @@ -15356,7 +15559,7 @@ static int GetDate(DecodedCert* cert, int dateType, int verify, int maxIdx) #ifndef NO_ASN_TIME_CHECK if (verify != NO_VERIFY && verify != VERIFY_SKIP_DATE && !XVALIDATE_DATE(date, format, dateType)) { - if (dateType == BEFORE) { + if (dateType == ASN_BEFORE) { WOLFSSL_ERROR_VERBOSE(ASN_BEFORE_DATE_E); return ASN_BEFORE_DATE_E; } @@ -15382,10 +15585,10 @@ static int GetValidity(DecodedCert* cert, int verify, int maxIdx) maxIdx = (int)cert->srcIdx + length; - if (GetDate(cert, BEFORE, verify, maxIdx) < 0) + if (GetDate(cert, ASN_BEFORE, verify, maxIdx) < 0) badDate = ASN_BEFORE_DATE_E; /* continue parsing */ - if (GetDate(cert, AFTER, verify, maxIdx) < 0) + if (GetDate(cert, ASN_AFTER, verify, maxIdx) < 0) return ASN_AFTER_DATE_E; if (badDate != 0) @@ -15585,7 +15788,7 @@ int wc_GetPubX509(DecodedCert* cert, int verify, int* badDate) WOLFSSL_MSG("Got Algo ID"); - if ( (ret = GetName(cert, ISSUER, (int)cert->sigIndex)) < 0) + if ( (ret = GetName(cert, ASN_ISSUER, (int)cert->sigIndex)) < 0) return ret; if ( (ret = GetValidity(cert, verify, (int)cert->sigIndex)) < 0) @@ -15594,7 +15797,7 @@ int wc_GetPubX509(DecodedCert* cert, int verify, int* badDate) } #endif - if ( (ret = GetName(cert, SUBJECT, (int)cert->sigIndex)) < 0) + if ( (ret = GetName(cert, ASN_SUBJECT, (int)cert->sigIndex)) < 0) return ret; WOLFSSL_MSG("Got Subject Name"); @@ -15621,8 +15824,8 @@ int wc_GetPubX509(DecodedCert* cert, int verify, int* badDate) * @return 0 on success. * @return ASN_TIME_E when date BER tag is nor UTC or GENERALIZED time. * @return ASN_DATE_SZ_E when time data is not supported. - * @return ASN_BEFORE_DATE_E when BEFORE date is invalid. - * @return ASN_AFTER_DATE_E when AFTER date is invalid. + * @return ASN_BEFORE_DATE_E when ASN_BEFORE date is invalid. + * @return ASN_AFTER_DATE_E when ASN_AFTER date is invalid. * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or * is invalid. * @return BUFFER_E when data in buffer is too small. @@ -15800,7 +16003,7 @@ word32 SetLengthEx(word32 length, byte* output, byte isIndef) * @param [out] output Buffer to encode into. * @return Number of bytes encoded. */ -static word32 SetHeader(byte tag, word32 len, byte* output, byte isIndef) +word32 SetHeader(byte tag, word32 len, byte* output, byte isIndef) { if (output) { /* Encode tag first. */ @@ -15998,9 +16201,14 @@ static WC_INLINE int IsSigAlgoECC(word32 algoOID) || (algoOID == FALCON_LEVEL5k) #endif #ifdef HAVE_DILITHIUM + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT || (algoOID == DILITHIUM_LEVEL2k) || (algoOID == DILITHIUM_LEVEL3k) || (algoOID == DILITHIUM_LEVEL5k) + #endif + || (algoOID == ML_DSA_LEVEL2k) + || (algoOID == ML_DSA_LEVEL3k) + || (algoOID == ML_DSA_LEVEL5k) #endif #ifdef HAVE_SPHINCS || (algoOID == SPHINCS_FAST_LEVEL1k) @@ -16024,7 +16232,7 @@ static WC_INLINE int IsSigAlgoECC(word32 algoOID) * @return Encoded data size on success. * @return 0 when dynamic memory allocation fails. */ -word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz) +static word32 SetAlgoIDImpl(int algoOID, byte* output, int type, int curveSz, byte absentParams) { #ifndef WOLFSSL_ASN_TEMPLATE word32 tagSz, idSz, seqSz, algoSz = 0; @@ -16033,9 +16241,10 @@ word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz) byte seqArray[MAX_SEQ_SZ + 1]; /* add object_id to end */ word32 length = 0; - tagSz = (type == oidHashType || + tagSz = ((type == oidHashType || (type == oidSigType && !IsSigAlgoECC((word32)algoOID)) || - (type == oidKeyType && algoOID == RSAk)) ? 2U : 0U; + (type == oidKeyType && algoOID == RSAk)) && + (absentParams == FALSE)) ? 2U : 0U; algoName = OidFromId((word32)algoOID, (word32)type, &algoSz); if (algoName == NULL) { WOLFSSL_MSG("Unknown Algorithm"); @@ -16091,6 +16300,10 @@ word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz) /* Don't put out NULL DER item. */ dataASN[ALGOIDASN_IDX_NULL].noOut = 1; } + /* Override for absent (not NULL) params */ + if (TRUE == absentParams) { + dataASN[ALGOIDASN_IDX_NULL].noOut = 1; + } if (algoOID == DSAk) { /* Don't include SEQUENCE for DSA keys. */ o = 1; @@ -16133,6 +16346,27 @@ word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz) #endif /* WOLFSSL_ASN_TEMPLATE */ } +/* Encode an algorithm identifier. + * + * [algoOID, type] is unique. + * + * @param [in] algoOID Algorithm identifier. + * @param [out] output Buffer to hold encoding. + * @param [in] type Type of OID being encoded. + * @param [in] curveSz Add extra space for curve data. + * @return Encoded data size on success. + * @return 0 when dynamic memory allocation fails. + */ +word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz) +{ + return SetAlgoIDImpl(algoOID, output, type, curveSz, FALSE); +} + +word32 SetAlgoIDEx(int algoOID, byte* output, int type, int curveSz, byte absentParams) +{ + return SetAlgoIDImpl(algoOID, output, type, curveSz, absentParams); +} + #ifdef WOLFSSL_ASN_TEMPLATE /* Always encode PKCS#1 v1.5 RSA signature and compare to encoded data. */ /* ASN.1 template for DigestInfo for a PKCS#1 v1.5 RSA signature. @@ -16265,15 +16499,11 @@ void FreeSignatureCtx(SignatureCtx* sigCtx) if (sigCtx == NULL) return; - if (sigCtx->digest) { - XFREE(sigCtx->digest, sigCtx->heap, DYNAMIC_TYPE_DIGEST); - sigCtx->digest = NULL; - } + XFREE(sigCtx->digest, sigCtx->heap, DYNAMIC_TYPE_DIGEST); + sigCtx->digest = NULL; #if !(defined(NO_RSA) && defined(NO_DSA)) - if (sigCtx->sigCpy) { - XFREE(sigCtx->sigCpy, sigCtx->heap, DYNAMIC_TYPE_SIGNATURE); - sigCtx->sigCpy = NULL; - } + XFREE(sigCtx->sigCpy, sigCtx->heap, DYNAMIC_TYPE_SIGNATURE); + sigCtx->sigCpy = NULL; #endif #ifndef NO_ASN_CRYPT if (sigCtx->key.ptr) { @@ -16337,9 +16567,14 @@ void FreeSignatureCtx(SignatureCtx* sigCtx) break; #endif /* HAVE_FALCON */ #if defined(HAVE_DILITHIUM) + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT case DILITHIUM_LEVEL2k: case DILITHIUM_LEVEL3k: case DILITHIUM_LEVEL5k: + #endif + case ML_DSA_LEVEL2k: + case ML_DSA_LEVEL3k: + case ML_DSA_LEVEL5k: wc_dilithium_free(sigCtx->key.dilithium); XFREE(sigCtx->key.dilithium, sigCtx->heap, DYNAMIC_TYPE_DILITHIUM); @@ -16511,9 +16746,14 @@ static int HashForSignature(const byte* buf, word32 bufSz, word32 sigOID, break; #endif #ifdef HAVE_DILITHIUM + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT case CTC_DILITHIUM_LEVEL2: case CTC_DILITHIUM_LEVEL3: case CTC_DILITHIUM_LEVEL5: + #endif + case CTC_ML_DSA_LEVEL2: + case CTC_ML_DSA_LEVEL3: + case CTC_ML_DSA_LEVEL5: /* Hashes done in signing operation. */ break; #endif @@ -16553,7 +16793,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx, const byte* sigParams, word32 sigParamsSz, byte* rsaKeyIdx) { - int ret = 0; + int ret = WC_NO_ERR_TRACE(ASN_SIG_CONFIRM_E); /* default to failure */ #if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS) CertAttribute* certatt = NULL; #endif @@ -16965,83 +17205,55 @@ static int ConfirmSignature(SignatureCtx* sigCtx, #if defined(HAVE_DILITHIUM) && \ !defined(WOLFSSL_DILITHIUM_NO_VERIFY) && \ !defined(WOLFSSL_DILITHIUM_NO_ASN1) + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT case DILITHIUM_LEVEL2k: + case DILITHIUM_LEVEL3k: + case DILITHIUM_LEVEL5k: + #endif + case ML_DSA_LEVEL2k: + case ML_DSA_LEVEL3k: + case ML_DSA_LEVEL5k: { word32 idx = 0; - sigCtx->verify = 0; - sigCtx->key.dilithium = - (dilithium_key*)XMALLOC(sizeof(dilithium_key), - sigCtx->heap, - DYNAMIC_TYPE_DILITHIUM); - if (sigCtx->key.dilithium == NULL) { - ERROR_OUT(MEMORY_E, exit_cs); - } - if ((ret = wc_dilithium_init_ex(sigCtx->key.dilithium, - sigCtx->heap, sigCtx->devId)) < 0) { - goto exit_cs; + int level; + if (keyOID == ML_DSA_LEVEL2k) { + level = WC_ML_DSA_44; } - if ((ret = wc_dilithium_set_level( - sigCtx->key.dilithium, 2)) - < 0) { - goto exit_cs; - } - if ((ret = wc_Dilithium_PublicKeyDecode(key, &idx, - sigCtx->key.dilithium, keySz)) < 0) { - WOLFSSL_MSG("ASN Key import error Dilithium Level 2"); - goto exit_cs; + else if (keyOID == ML_DSA_LEVEL3k) { + level = WC_ML_DSA_65; } - break; - } - case DILITHIUM_LEVEL3k: - { - word32 idx = 0; - sigCtx->verify = 0; - sigCtx->key.dilithium = - (dilithium_key*)XMALLOC(sizeof(dilithium_key), - sigCtx->heap, - DYNAMIC_TYPE_DILITHIUM); - if (sigCtx->key.dilithium == NULL) { - ERROR_OUT(MEMORY_E, exit_cs); + else if (keyOID == ML_DSA_LEVEL5k) { + level = WC_ML_DSA_87; } - if ((ret = wc_dilithium_init_ex(sigCtx->key.dilithium, - sigCtx->heap, sigCtx->devId)) < 0) { - goto exit_cs; + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + else if (keyOID == DILITHIUM_LEVEL2k) { + level = WC_ML_DSA_44_DRAFT; } - if ((ret = wc_dilithium_set_level( - sigCtx->key.dilithium, 3)) - < 0) { - goto exit_cs; + else if (keyOID == DILITHIUM_LEVEL3k) { + level = WC_ML_DSA_65_DRAFT; } - if ((ret = wc_Dilithium_PublicKeyDecode(key, &idx, - sigCtx->key.dilithium, keySz)) < 0) { - WOLFSSL_MSG("ASN Key import error Dilithium Level 3"); - goto exit_cs; + else if (keyOID == DILITHIUM_LEVEL5k) { + level = WC_ML_DSA_87_DRAFT; } - break; - } - case DILITHIUM_LEVEL5k: - { - word32 idx = 0; + #endif sigCtx->verify = 0; - sigCtx->key.dilithium = - (dilithium_key*)XMALLOC(sizeof(dilithium_key), - sigCtx->heap, - DYNAMIC_TYPE_DILITHIUM); + sigCtx->key.dilithium = (dilithium_key*)XMALLOC( + sizeof(dilithium_key), sigCtx->heap, + DYNAMIC_TYPE_DILITHIUM); if (sigCtx->key.dilithium == NULL) { ERROR_OUT(MEMORY_E, exit_cs); } if ((ret = wc_dilithium_init_ex(sigCtx->key.dilithium, - sigCtx->heap, sigCtx->devId)) < 0) { + sigCtx->heap, sigCtx->devId)) < 0) { goto exit_cs; } - if ((ret = wc_dilithium_set_level( - sigCtx->key.dilithium, 5)) - < 0) { + if ((ret = wc_dilithium_set_level(sigCtx->key.dilithium, + level)) < 0) { goto exit_cs; } if ((ret = wc_Dilithium_PublicKeyDecode(key, &idx, sigCtx->key.dilithium, keySz)) < 0) { - WOLFSSL_MSG("ASN Key import error Dilithium Level 5"); + WOLFSSL_MSG("ASN Key import error Dilithium"); goto exit_cs; } break; @@ -17371,6 +17583,7 @@ static int ConfirmSignature(SignatureCtx* sigCtx, } #endif /* HAVE_FALCON */ #if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_VERIFY) + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT case DILITHIUM_LEVEL2k: case DILITHIUM_LEVEL3k: case DILITHIUM_LEVEL5k: @@ -17380,6 +17593,15 @@ static int ConfirmSignature(SignatureCtx* sigCtx, sigCtx->key.dilithium); break; } + #endif + case ML_DSA_LEVEL2k: + case ML_DSA_LEVEL3k: + case ML_DSA_LEVEL5k: + { + ret = wc_dilithium_verify_ctx_msg(sig, sigSz, NULL, 0, buf, + bufSz, &sigCtx->verify, sigCtx->key.dilithium); + break; + } #endif /* HAVE_DILITHIUM */ #if defined(HAVE_SPHINCS) case SPHINCS_FAST_LEVEL1k: @@ -17574,39 +17796,22 @@ static int ConfirmSignature(SignatureCtx* sigCtx, } #endif /* HAVE_FALCON */ #ifdef HAVE_DILITHIUM + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT case DILITHIUM_LEVEL2k: - { - if (sigCtx->verify == 1) { - ret = 0; - } - else { - WOLFSSL_MSG("DILITHIUM_LEVEL2 Verify didn't match"); - ret = ASN_SIG_CONFIRM_E; - } - break; - } case DILITHIUM_LEVEL3k: - { - if (sigCtx->verify == 1) { - ret = 0; - } - else { - WOLFSSL_MSG("DILITHIUM_LEVEL3 Verify didn't match"); - ret = ASN_SIG_CONFIRM_E; - } - break; - } case DILITHIUM_LEVEL5k: - { + #endif + case ML_DSA_LEVEL2k: + case ML_DSA_LEVEL3k: + case ML_DSA_LEVEL5k: if (sigCtx->verify == 1) { ret = 0; } else { - WOLFSSL_MSG("DILITHIUM_LEVEL5 Verify didn't match"); + WOLFSSL_MSG("DILITHIUM Verify didn't match"); ret = ASN_SIG_CONFIRM_E; } break; - } #endif /* HAVE_DILITHIUM */ #ifdef HAVE_SPHINCS case SPHINCS_FAST_LEVEL1k: @@ -17689,6 +17894,9 @@ static int ConfirmSignature(SignatureCtx* sigCtx, exit_cs: +#else + /* For NO_ASN_CRYPT return "not compiled in" */ + ret = NOT_COMPILED_IN; #endif /* !NO_ASN_CRYPT */ (void)keyOID; @@ -17735,8 +17943,7 @@ int wc_ConfirmAltSignature( } #ifdef WOLFSSL_SMALL_STACK - if (sigCtx != NULL) - XFREE(sigCtx, heap, DYNAMIC_TYPE_SIGNATURE); + XFREE(sigCtx, heap, DYNAMIC_TYPE_SIGNATURE); #endif return ret; } @@ -17987,7 +18194,9 @@ static int ConfirmNameConstraints(Signer* signer, DecodedCert* cert) #ifndef WOLFSSL_ASN_TEMPLATE static void AddAltName(DecodedCert* cert, DNS_entry* dnsEntry) { -#if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_ALT_NAMES_NO_REV) +#if (defined(WOLFSSL_ASN_ALL) || defined(OPENSSL_EXTRA)) && \ + !defined(WOLFSSL_ALT_NAMES_NO_REV) + /* logic to add alt name to end of list */ dnsEntry->next = NULL; if (cert->altNames == NULL) { /* First on list */ @@ -18110,7 +18319,7 @@ static int DecodeOtherHelper(ASNGetData* dataASN, DecodedCert* cert, int oid) } if (ret == 0) { - ret = SetDNSEntry(cert, buf, (int)bufLen, ASN_OTHER_TYPE, &entry); + ret = SetDNSEntry(cert->heap, buf, (int)bufLen, ASN_OTHER_TYPE, &entry); if (ret == 0) { #ifdef WOLFSSL_FPKI entry->oidSum = oid; @@ -18137,10 +18346,12 @@ static int DecodeOtherHelper(ASNGetData* dataASN, DecodedCert* cert, int oid) * @return BUFFER_E when data in buffer is too small. */ static int DecodeOtherName(DecodedCert* cert, const byte* input, - word32* inOutIdx, word32 maxIdx) + word32* inOutIdx, int len) { DECL_ASNGETDATA(dataASN, otherNameASN_Length); int ret = 0; + word32 maxIdx = *inOutIdx + (word32)len; + const char* name = (const char*)input + *inOutIdx; CALLOC_ASNGETDATA(dataASN, otherNameASN_Length, ret, cert->heap); @@ -18169,7 +18380,9 @@ static int DecodeOtherName(DecodedCert* cert, const byte* input, (int)dataASN[OTHERNAMEASN_IDX_TYPEID].data.oid.sum); break; default: - WOLFSSL_MSG("\tunsupported OID skipping"); + WOLFSSL_MSG("\tadding unsupported OID"); + ret = SetDNSEntry(cert->heap, name, len, ASN_OTHER_TYPE, + &cert->altNames); break; } } @@ -18201,8 +18414,8 @@ static int DecodeGeneralName(const byte* input, word32* inOutIdx, byte tag, /* GeneralName choice: dnsName */ if (tag == (ASN_CONTEXT_SPECIFIC | ASN_DNS_TYPE)) { - ret = SetDNSEntry(cert, (const char*)(input + idx), len, ASN_DNS_TYPE, - &cert->altNames); + ret = SetDNSEntry(cert->heap, (const char*)(input + idx), len, + ASN_DNS_TYPE, &cert->altNames); if (ret == 0) { idx += (word32)len; } @@ -18220,7 +18433,7 @@ static int DecodeGeneralName(const byte* input, word32* inOutIdx, byte tag, return ASN_PARSE_E; } - ret = SetDNSEntry(cert, (const char*)(input + idxDir), strLen, + ret = SetDNSEntry(cert->heap, (const char*)(input + idxDir), strLen, ASN_DIR_TYPE, &cert->altDirNames); if (ret == 0) { idx += (word32)len; @@ -18228,7 +18441,7 @@ static int DecodeGeneralName(const byte* input, word32* inOutIdx, byte tag, } /* GeneralName choice: rfc822Name */ else if (tag == (ASN_CONTEXT_SPECIFIC | ASN_RFC822_TYPE)) { - ret = SetDNSEntry(cert, (const char*)(input + idx), len, + ret = SetDNSEntry(cert->heap, (const char*)(input + idx), len, ASN_RFC822_TYPE, &cert->altEmailNames); if (ret == 0) { idx += (word32)len; @@ -18276,40 +18489,38 @@ static int DecodeGeneralName(const byte* input, word32* inOutIdx, byte tag, } #endif - ret = SetDNSEntry(cert, (const char*)(input + idx), len, ASN_URI_TYPE, - &cert->altNames); + ret = SetDNSEntry(cert->heap, (const char*)(input + idx), len, + ASN_URI_TYPE, &cert->altNames); if (ret == 0) { idx += (word32)len; } } - #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || \ - defined(WOLFSSL_IP_ALT_NAME) + #ifdef WOLFSSL_IP_ALT_NAME /* GeneralName choice: iPAddress */ else if (tag == (ASN_CONTEXT_SPECIFIC | ASN_IP_TYPE)) { - ret = SetDNSEntry(cert, (const char*)(input + idx), len, ASN_IP_TYPE, - &cert->altNames); + ret = SetDNSEntry(cert->heap, (const char*)(input + idx), len, + ASN_IP_TYPE, &cert->altNames); if (ret == 0) { idx += (word32)len; } } - #endif /* WOLFSSL_QT || OPENSSL_ALL */ - - #ifdef OPENSSL_ALL + #endif /* WOLFSSL_IP_ALT_NAME */ + #ifdef WOLFSSL_RID_ALT_NAME /* GeneralName choice: registeredID */ else if (tag == (ASN_CONTEXT_SPECIFIC | ASN_RID_TYPE)) { - ret = SetDNSEntry(cert, (const char*)(input + idx), len, + ret = SetDNSEntry(cert->heap, (const char*)(input + idx), len, ASN_RID_TYPE, &cert->altNames); if (ret == 0) { idx += (word32)len; } } - #endif + #endif /* WOLFSSL_RID_ALT_NAME */ #endif /* IGNORE_NAME_CONSTRAINTS */ #if defined(WOLFSSL_SEP) || defined(WOLFSSL_FPKI) /* GeneralName choice: otherName */ else if (tag == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | ASN_OTHER_TYPE)) { /* TODO: test data for code path */ - ret = DecodeOtherName(cert, input, &idx, idx + (word32)len); + ret = DecodeOtherName(cert, input, &idx, len); } #endif /* GeneralName choice: dNSName, x400Address, ediPartyName */ @@ -18547,6 +18758,7 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert) #ifndef WOLFSSL_ASN_TEMPLATE word32 idx = 0; int length = 0; + word32 numNames = 0; WOLFSSL_ENTER("DecodeAltNames"); @@ -18579,8 +18791,13 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert) return BUFFER_E; } - current_byte = input[idx++]; + numNames++; + if (numNames > WOLFSSL_MAX_ALT_NAMES) { + WOLFSSL_MSG("\tToo many subject alternative names"); + return ASN_ALT_NAME_E; + } + current_byte = input[idx++]; length--; /* Save DNS Type names in the altNames list. */ @@ -18774,7 +18991,7 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert) length -= strLen; idx += (word32)strLen; } -#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) +#ifdef WOLFSSL_IP_ALT_NAME else if (current_byte == (ASN_CONTEXT_SPECIFIC | ASN_IP_TYPE)) { DNS_entry* ipAddr; int strLen; @@ -18809,21 +19026,19 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert) XMEMCPY(ipAddr->name, &input[idx], strLen); ipAddr->name[strLen] = '\0'; - #if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) if (GenerateDNSEntryIPString(ipAddr, cert->heap) != 0) { WOLFSSL_MSG("\tOut of Memory for IP string"); XFREE(ipAddr->name, cert->heap, DYNAMIC_TYPE_ALTNAME); XFREE(ipAddr, cert->heap, DYNAMIC_TYPE_ALTNAME); return MEMORY_E; } - #endif /* OPENSSL_ALL || WOLFSSL_IP_ALT_NAME */ AddAltName(cert, ipAddr); length -= strLen; idx += (word32)strLen; } -#endif /* WOLFSSL_QT || OPENSSL_ALL || WOLFSSL_IP_ALT_NAME */ -#if defined(OPENSSL_ALL) +#endif /* WOLFSSL_IP_ALT_NAME */ +#ifdef WOLFSSL_RID_ALT_NAME else if (current_byte == (ASN_CONTEXT_SPECIFIC | ASN_RID_TYPE)) { DNS_entry* rid; int strLen; @@ -18870,7 +19085,7 @@ static int DecodeAltNames(const byte* input, word32 sz, DecodedCert* cert) length -= strLen; idx += (word32)strLen; } -#endif /* OPENSSL_ALL */ +#endif /* WOLFSSL_RID_ALT_NAME */ #endif /* IGNORE_NAME_CONSTRAINTS */ else if (current_byte == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | ASN_OTHER_TYPE)) { @@ -19472,15 +19687,11 @@ static int DecodeAuthInfo(const byte* input, word32 sz, DecodedCert* cert) /* Set ocsp entry */ if (b == GENERALNAME_URI && oid == AIA_OCSP_OID && - cert->extAuthInfo == NULL) - { + cert->extAuthInfo == NULL) { cert->extAuthInfoSz = length; cert->extAuthInfo = input + idx; - #if !defined(OPENSSL_ALL) && !defined(WOLFSSL_QT) - break; - #endif } - #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) + #ifdef WOLFSSL_ASN_CA_ISSUER /* Set CaIssuers entry */ else if ((b == GENERALNAME_URI) && oid == AIA_CA_ISSUER_OID && cert->extAuthInfoCaIssuer == NULL) @@ -19488,7 +19699,7 @@ static int DecodeAuthInfo(const byte* input, word32 sz, DecodedCert* cert) cert->extAuthInfoCaIssuerSz = length; cert->extAuthInfoCaIssuer = input + idx; } - #endif + #endif idx += (word32)length; } @@ -19526,11 +19737,8 @@ static int DecodeAuthInfo(const byte* input, word32 sz, DecodedCert* cert) GetASN_GetConstRef(&dataASN[ACCESSDESCASN_IDX_LOC], &cert->extAuthInfo, &sz32); cert->extAuthInfoSz = (int)sz32; - #if !defined(OPENSSL_ALL) && !defined(WOLFSSL_QT) - break; - #endif } - #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) + #ifdef WOLFSSL_ASN_CA_ISSUER /* Check we have CA Issuer and URI. */ else if ((dataASN[ACCESSDESCASN_IDX_METH].data.oid.sum == AIA_CA_ISSUER_OID) && @@ -19541,7 +19749,7 @@ static int DecodeAuthInfo(const byte* input, word32 sz, DecodedCert* cert) &cert->extAuthInfoCaIssuer, &sz32); cert->extAuthInfoCaIssuerSz = (int)sz32; } - #endif + #endif /* Otherwise skip. */ } } @@ -19617,13 +19825,14 @@ static int DecodeAuthKeyId(const byte* input, word32 sz, DecodedCert* cert) return ASN_PARSE_E; } + cert->extAuthKeyIdSz = length; + #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) #ifdef WOLFSSL_AKID_NAME cert->extRawAuthKeyIdSrc = input; cert->extRawAuthKeyIdSz = sz; #endif cert->extAuthKeyIdSrc = &input[idx]; - cert->extAuthKeyIdSz = length; #endif /* OPENSSL_EXTRA */ return GetHashId(input + idx, length, cert->extAuthKeyId, @@ -19719,9 +19928,9 @@ static int DecodeSubjKeyId(const byte* input, word32 sz, DecodedCert* cert) ret = GetOctetString(input, &idx, &length, sz); if (ret > 0) { + cert->extSubjKeyIdSz = (word32)length; #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) cert->extSubjKeyIdSrc = &input[idx]; - cert->extSubjKeyIdSz = (word32)length; #endif /* OPENSSL_EXTRA */ /* Get the hash or hash of the hash if wrong size. */ @@ -20110,6 +20319,7 @@ static int DecodeSubtree(const byte* input, word32 sz, Base_entry** head, #ifndef WOLFSSL_ASN_TEMPLATE word32 idx = 0; int ret = 0; + word32 cnt = 0; (void)heap; @@ -20118,6 +20328,14 @@ static int DecodeSubtree(const byte* input, word32 sz, Base_entry** head, word32 nameIdx; byte b, bType; + if (limit > 0) { + cnt++; + if (cnt > limit) { + WOLFSSL_MSG("too many name constraints"); + return ASN_NAME_INVALID_E; + } + } + if (GetSequence(input, &idx, &seqLength, sz) < 0) { WOLFSSL_MSG("\tfail: should be a SEQUENCE"); return ASN_PARSE_E; @@ -20348,7 +20566,7 @@ static int DecodeNameConstraints(const byte* input, word32 sz, } #endif /* IGNORE_NAME_CONSTRAINTS */ -#if (defined(WOLFSSL_CERT_EXT) && !defined(WOLFSSL_SEP)) || \ +#if defined(WOLFSSL_CERT_EXT) || \ defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) /* Decode ITU-T X.690 OID format to a string representation @@ -20401,10 +20619,10 @@ int DecodePolicyOID(char *out, word32 outSz, const byte *in, word32 inSz) exit: return w; } -#endif /* WOLFSSL_CERT_EXT && !WOLFSSL_SEP */ +#endif /* WOLFSSL_CERT_EXT || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ -#if defined(WOLFSSL_SEP) || defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_QT) - #ifdef WOLFSSL_ASN_TEMPLATE +#if defined(WOLFSSL_SEP) || defined(WOLFSSL_CERT_EXT) +#ifdef WOLFSSL_ASN_TEMPLATE /* ASN.1 template for PolicyInformation. * X.509: RFC 5280, 4.2.1.4 - Certificate Policies. */ @@ -20423,230 +20641,221 @@ int DecodePolicyOID(char *out, word32 outSz, const byte *in, word32 inSz) /* Number of items in ASN.1 template for PolicyInformation. */ #define policyInfoASN_Length (sizeof(policyInfoASN) / sizeof(ASNItem)) - #endif +#endif - /* Reference: https://tools.ietf.org/html/rfc5280#section-4.2.1.4 */ - static int DecodeCertPolicy(const byte* input, word32 sz, DecodedCert* cert) - { - #ifndef WOLFSSL_ASN_TEMPLATE - word32 idx = 0; - word32 oldIdx; - int policy_length = 0; - int ret; - int total_length = 0; - #if !defined(WOLFSSL_SEP) && defined(WOLFSSL_CERT_EXT) && \ - !defined(WOLFSSL_DUP_CERTPOL) - int i; - #endif +/* Reference: https://tools.ietf.org/html/rfc5280#section-4.2.1.4 */ +static int DecodeCertPolicy(const byte* input, word32 sz, DecodedCert* cert) +{ +#ifndef WOLFSSL_ASN_TEMPLATE + word32 idx = 0; + word32 oldIdx; + int policy_length = 0; + int ret; + int total_length = 0; +#if defined(WOLFSSL_CERT_EXT) && !defined(WOLFSSL_DUP_CERTPOL) + int i; +#endif - WOLFSSL_ENTER("DecodeCertPolicy"); + WOLFSSL_ENTER("DecodeCertPolicy"); - #if defined(WOLFSSL_SEP) || defined(WOLFSSL_CERT_EXT) - /* Check if cert is null before dereferencing below */ - if (cert == NULL) - return BAD_FUNC_ARG; - #else - (void)cert; - #endif + /* Check if cert is null before dereferencing below */ + if (cert == NULL) + return BAD_FUNC_ARG; - #if defined(WOLFSSL_CERT_EXT) - cert->extCertPoliciesNb = 0; - #endif +#if defined(WOLFSSL_CERT_EXT) + cert->extCertPoliciesNb = 0; +#endif - if (GetSequence(input, &idx, &total_length, sz) < 0) { - WOLFSSL_MSG("\tGet CertPolicy total seq failed"); - return ASN_PARSE_E; - } + if (GetSequence(input, &idx, &total_length, sz) < 0) { + WOLFSSL_MSG("\tGet CertPolicy total seq failed"); + return ASN_PARSE_E; + } + + /* Validate total length */ + if (total_length > (int)(sz - idx)) { + WOLFSSL_MSG("\tCertPolicy length mismatch"); + return ASN_PARSE_E; + } + + /* Unwrap certificatePolicies */ + do { + int length = 0; - /* Validate total length */ - if (total_length > (int)(sz - idx)) { - WOLFSSL_MSG("\tCertPolicy length mismatch"); + if (GetSequence(input, &idx, &policy_length, sz) < 0) { + WOLFSSL_MSG("\tGet CertPolicy seq failed"); return ASN_PARSE_E; } - /* Unwrap certificatePolicies */ - do { - int length = 0; + oldIdx = idx; + ret = GetASNObjectId(input, &idx, &length, sz); + if (ret != 0) + return ret; + policy_length -= (int)(idx - oldIdx); - if (GetSequence(input, &idx, &policy_length, sz) < 0) { - WOLFSSL_MSG("\tGet CertPolicy seq failed"); + if (length > 0) { + /* Verify length won't overrun buffer */ + if (length > (int)(sz - idx)) { + WOLFSSL_MSG("\tCertPolicy length exceeds input buffer"); return ASN_PARSE_E; } - oldIdx = idx; - ret = GetASNObjectId(input, &idx, &length, sz); - if (ret != 0) - return ret; - policy_length -= (int)(idx - oldIdx); - - if (length > 0) { - /* Verify length won't overrun buffer */ - if (length > (int)(sz - idx)) { - WOLFSSL_MSG("\tCertPolicy length exceeds input buffer"); - return ASN_PARSE_E; - } - - #if defined(WOLFSSL_SEP) + #ifdef WOLFSSL_SEP + if (cert->deviceType == NULL) { cert->deviceType = (byte*)XMALLOC((size_t)length, cert->heap, - DYNAMIC_TYPE_X509_EXT); + DYNAMIC_TYPE_X509_EXT); if (cert->deviceType == NULL) { WOLFSSL_MSG("\tCouldn't alloc memory for deviceType"); return MEMORY_E; } cert->deviceTypeSz = length; XMEMCPY(cert->deviceType, input + idx, (size_t)length); - break; - #elif defined(WOLFSSL_CERT_EXT) - /* decode cert policy */ - if (DecodePolicyOID(cert->extCertPolicies[ - cert->extCertPoliciesNb], MAX_CERTPOL_SZ, - input + idx, length) <= 0) { - WOLFSSL_MSG("\tCouldn't decode CertPolicy"); - WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E); - return ASN_PARSE_E; - } - #ifndef WOLFSSL_DUP_CERTPOL - /* From RFC 5280 section 4.2.1.4 "A certificate policy OID MUST - * NOT appear more than once in a certificate policies - * extension". This is a sanity check for duplicates. - * extCertPolicies should only have OID values, additional - * qualifiers need to be stored in a separate array. */ - for (i = 0; i < cert->extCertPoliciesNb; i++) { - if (XMEMCMP(cert->extCertPolicies[i], + } + #endif + + #ifdef WOLFSSL_CERT_EXT + /* decode cert policy */ + if (DecodePolicyOID(cert->extCertPolicies[ + cert->extCertPoliciesNb], MAX_CERTPOL_SZ, + input + idx, length) <= 0) { + WOLFSSL_MSG("\tCouldn't decode CertPolicy"); + WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E); + return ASN_PARSE_E; + } + #ifndef WOLFSSL_DUP_CERTPOL + /* From RFC 5280 section 4.2.1.4 "A certificate policy OID MUST + * NOT appear more than once in a certificate policies + * extension". This is a sanity check for duplicates. + * extCertPolicies should only have OID values, additional + * qualifiers need to be stored in a separate array. */ + for (i = 0; i < cert->extCertPoliciesNb; i++) { + if (XMEMCMP(cert->extCertPolicies[i], cert->extCertPolicies[cert->extCertPoliciesNb], MAX_CERTPOL_SZ) == 0) { - WOLFSSL_MSG("Duplicate policy OIDs not allowed"); - WOLFSSL_MSG("Use WOLFSSL_DUP_CERTPOL if wanted"); - WOLFSSL_ERROR_VERBOSE(CERTPOLICIES_E); - return CERTPOLICIES_E; - } + WOLFSSL_MSG("Duplicate policy OIDs not allowed"); + WOLFSSL_MSG("Use WOLFSSL_DUP_CERTPOL if wanted"); + WOLFSSL_ERROR_VERBOSE(CERTPOLICIES_E); + return CERTPOLICIES_E; } - #endif /* !WOLFSSL_DUP_CERTPOL */ - cert->extCertPoliciesNb++; - #else - WOLFSSL_LEAVE("DecodeCertPolicy : unsupported mode", 0); - return 0; - #endif } - idx += (word32)policy_length; - } while((int)idx < total_length - #if defined(WOLFSSL_CERT_EXT) - && cert->extCertPoliciesNb < MAX_CERTPOL_NB + #endif /* !WOLFSSL_DUP_CERTPOL */ + cert->extCertPoliciesNb++; #endif - ); - - WOLFSSL_LEAVE("DecodeCertPolicy", 0); - return 0; - #else /* WOLFSSL_ASN_TEMPLATE */ - word32 idx = 0; - int ret = 0; - int total_length = 0; - #if !defined(WOLFSSL_SEP) && defined(WOLFSSL_CERT_EXT) && \ - !defined(WOLFSSL_DUP_CERTPOL) - int i; + } + idx += (word32)policy_length; + } while((int)idx < total_length + #ifdef WOLFSSL_CERT_EXT + && cert->extCertPoliciesNb < MAX_CERTPOL_NB #endif + ); - WOLFSSL_ENTER("DecodeCertPolicy"); - #if defined(WOLFSSL_SEP) || defined(WOLFSSL_CERT_EXT) - /* Check if cert is null before dereferencing below */ - if (cert == NULL) - ret = BAD_FUNC_ARG; - #endif + WOLFSSL_LEAVE("DecodeCertPolicy", 0); + return 0; +#else /* WOLFSSL_ASN_TEMPLATE */ + word32 idx = 0; + int ret = 0; + int total_length = 0; +#if defined(WOLFSSL_CERT_EXT) && !defined(WOLFSSL_DUP_CERTPOL) + int i; +#endif - if (ret == 0) { - #if defined(WOLFSSL_CERT_EXT) - cert->extCertPoliciesNb = 0; - #endif + WOLFSSL_ENTER("DecodeCertPolicy"); - /* Strip SEQUENCE OF and check using all data. */ - if (GetASN_Sequence(input, &idx, &total_length, (word32)sz, 1) < 0) - { - ret = ASN_PARSE_E; - } + /* Check if cert is null before dereferencing below */ + if (cert == NULL) { + ret = BAD_FUNC_ARG; + } + + if (ret == 0) { + #if defined(WOLFSSL_CERT_EXT) + cert->extCertPoliciesNb = 0; + #endif + + /* Strip SEQUENCE OF and check using all data. */ + if (GetASN_Sequence(input, &idx, &total_length, (word32)sz, 1) < 0) + { + ret = ASN_PARSE_E; } + } - /* Unwrap certificatePolicies */ - while ((ret == 0) && ((int)idx < total_length) - #if defined(WOLFSSL_CERT_EXT) - && (cert->extCertPoliciesNb < MAX_CERTPOL_NB) - #endif - ) { - ASNGetData dataASN[policyInfoASN_Length]; - byte* data = NULL; - word32 length = 0; + /* Unwrap certificatePolicies */ + while ((ret == 0) && ((int)idx < total_length) + #if defined(WOLFSSL_CERT_EXT) + && (cert->extCertPoliciesNb < MAX_CERTPOL_NB) + #endif + ) { + ASNGetData dataASN[policyInfoASN_Length]; + byte* data = NULL; + word32 length = 0; - /* Clear dynamic data and check OID is a cert policy type. */ - XMEMSET(dataASN, 0, sizeof(dataASN)); - GetASN_OID(&dataASN[POLICYINFOASN_IDX_ID], oidCertPolicyType); - ret = GetASN_Items(policyInfoASN, dataASN, policyInfoASN_Length, 1, - input, &idx, (word32)sz); - if (ret == 0) { - /* Get the OID. */ - GetASN_OIDData(&dataASN[POLICYINFOASN_IDX_ID], &data, &length); - if (length == 0) { - ret = ASN_PARSE_E; - } - } - #if defined(WOLFSSL_SEP) - /* Store OID in device type. */ - if (ret == 0) { - cert->deviceType = (byte*)XMALLOC(length, cert->heap, - DYNAMIC_TYPE_X509_EXT); - if (cert->deviceType == NULL) { - WOLFSSL_MSG("\tCouldn't alloc memory for deviceType"); - ret = MEMORY_E; - } + /* Clear dynamic data and check OID is a cert policy type. */ + XMEMSET(dataASN, 0, sizeof(dataASN)); + GetASN_OID(&dataASN[POLICYINFOASN_IDX_ID], oidCertPolicyType); + ret = GetASN_Items(policyInfoASN, dataASN, policyInfoASN_Length, 1, + input, &idx, (word32)sz); + if (ret == 0) { + /* Get the OID. */ + GetASN_OIDData(&dataASN[POLICYINFOASN_IDX_ID], &data, &length); + if (length == 0) { + ret = ASN_PARSE_E; } - if (ret == 0) { + } + #ifdef WOLFSSL_SEP + /* Store OID in device type. */ + if (ret == 0 && cert->deviceType == NULL) { + cert->deviceType = (byte*)XMALLOC(length, cert->heap, + DYNAMIC_TYPE_X509_EXT); + if (cert->deviceType != NULL) { /* Store device type data and length. */ cert->deviceTypeSz = (int)length; XMEMCPY(cert->deviceType, data, length); - break; } - #elif defined(WOLFSSL_CERT_EXT) - if (ret == 0) { - /* Decode cert policy. */ - if (DecodePolicyOID( - cert->extCertPolicies[cert->extCertPoliciesNb], - MAX_CERTPOL_SZ, data, length) <= 0) { - WOLFSSL_MSG("\tCouldn't decode CertPolicy"); - WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E); - ret = ASN_PARSE_E; - } + else { + WOLFSSL_MSG("\tCouldn't alloc memory for deviceType"); + ret = MEMORY_E; } - #ifndef WOLFSSL_DUP_CERTPOL - /* From RFC 5280 section 4.2.1.4 "A certificate policy OID MUST - * NOT appear more than once in a certificate policies - * extension". This is a sanity check for duplicates. - * extCertPolicies should only have OID values, additional - * qualifiers need to be stored in a separate array. */ - for (i = 0; (ret == 0) && (i < cert->extCertPoliciesNb); i++) { - if (XMEMCMP(cert->extCertPolicies[i], - cert->extCertPolicies[cert->extCertPoliciesNb], - MAX_CERTPOL_SZ) == 0) { - WOLFSSL_MSG("Duplicate policy OIDs not allowed"); - WOLFSSL_MSG("Use WOLFSSL_DUP_CERTPOL if wanted"); - WOLFSSL_ERROR_VERBOSE(CERTPOLICIES_E); - ret = CERTPOLICIES_E; - } + } + #endif /* WOLFSSL_SEP */ + + #ifdef WOLFSSL_CERT_EXT + if (ret == 0) { + /* Decode cert policy. */ + if (DecodePolicyOID( + cert->extCertPolicies[cert->extCertPoliciesNb], + MAX_CERTPOL_SZ, data, length) <= 0) { + WOLFSSL_MSG("\tCouldn't decode CertPolicy"); + WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E); + ret = ASN_PARSE_E; } - #endif /* !defined(WOLFSSL_DUP_CERTPOL) */ - if (ret == 0) { - /* Keep count of policies seen. */ - cert->extCertPoliciesNb++; + } + #ifndef WOLFSSL_DUP_CERTPOL + /* From RFC 5280 section 4.2.1.4 "A certificate policy OID MUST + * NOT appear more than once in a certificate policies + * extension". This is a sanity check for duplicates. + * extCertPolicies should only have OID values, additional + * qualifiers need to be stored in a separate array. */ + for (i = 0; (ret == 0) && (i < cert->extCertPoliciesNb); i++) { + if (XMEMCMP(cert->extCertPolicies[i], + cert->extCertPolicies[cert->extCertPoliciesNb], + MAX_CERTPOL_SZ) == 0) { + WOLFSSL_MSG("Duplicate policy OIDs not allowed"); + WOLFSSL_MSG("Use WOLFSSL_DUP_CERTPOL if wanted"); + WOLFSSL_ERROR_VERBOSE(CERTPOLICIES_E); + ret = CERTPOLICIES_E; } - #else - (void)data; - WOLFSSL_LEAVE("DecodeCertPolicy : unsupported mode", 0); - break; - #endif } - - WOLFSSL_LEAVE("DecodeCertPolicy", 0); - return ret; - #endif /* WOLFSSL_ASN_TEMPLATE */ + #endif /* !WOLFSSL_DUP_CERTPOL */ + if (ret == 0) { + /* Keep count of policies seen. */ + cert->extCertPoliciesNb++; + } + #endif /* WOLFSSL_CERT_EXT */ } -#endif /* WOLFSSL_SEP */ + + WOLFSSL_LEAVE("DecodeCertPolicy", 0); + return ret; +#endif /* WOLFSSL_ASN_TEMPLATE */ +} +#endif /* WOLFSSL_SEP || WOLFSSL_CERT_EXT */ #ifdef WOLFSSL_SUBJ_DIR_ATTR #ifdef WOLFSSL_ASN_TEMPLATE @@ -20661,7 +20870,7 @@ static const ASNItem subjDirAttrASN[] = { enum { SUBJDIRATTRASN_IDX_SEQ = 0, SUBJDIRATTRASN_IDX_OID, - SUBJDIRATTRASN_IDX_SET, + SUBJDIRATTRASN_IDX_SET }; /* Number of items in ASN.1 template for BasicConstraints. */ @@ -20746,6 +20955,11 @@ static int DecodeSubjDirAttr(const byte* input, word32 sz, DecodedCert* cert) WOLFSSL_ENTER("DecodeSubjDirAttr"); +#ifdef OPENSSL_ALL + cert->extSubjDirAttrSrc = input; + cert->extSubjDirAttrSz = sz; +#endif /* OPENSSL_ALL */ + CALLOC_ASNGETDATA(dataASN, subjDirAttrASN_Length, ret, cert->heap); /* Strip outer SEQUENCE. */ @@ -20983,6 +21197,7 @@ static int DecodeAltSigAlg(const byte* input, int sz, DecodedCert* cert) (void)cert; } + /* We do this to make sure the format of the extension is correct. */ if (ret == 0) { GetASN_OID(&dataASN[ALTSIG_ALGOID_OID], oidSigType); @@ -20992,8 +21207,8 @@ static int DecodeAltSigAlg(const byte* input, int sz, DecodedCert* cert) } if (ret == 0) { - cert->altSigAlgDer = dataASN[ALTSIG_ALGOID_SEQ].data.u8; - cert->altSigAlgLen = dataASN[ALTSIG_ALGOID_SEQ].length; + cert->altSigAlgDer = (byte *)input; + cert->altSigAlgLen = sz; cert->altSigAlgOID = dataASN[ALTSIG_ALGOID_OID].data.oid.sum; } @@ -21175,15 +21390,11 @@ static int DecodeExtensionType(const byte* input, word32 length, word32 oid, /* Certificate policies. */ case CERT_POLICY_OID: - #if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT) + #ifdef WOLFSSL_SEP VERIFY_AND_SET_OID(cert->extCertPolicySet); - #if defined(OPENSSL_EXTRA) || \ - defined(OPENSSL_EXTRA_X509_SMALL) - cert->extCertPolicyCrit = critical ? 1 : 0; - #endif + cert->extCertPolicyCrit = critical ? 1 : 0; #endif - #if defined(WOLFSSL_SEP) || defined(WOLFSSL_CERT_EXT) || \ - defined(WOLFSSL_QT) + #if defined(WOLFSSL_SEP) || defined(WOLFSSL_CERT_EXT) if (DecodeCertPolicy(input, length, cert) < 0) { ret = ASN_PARSE_E; } @@ -21355,8 +21566,7 @@ enum { #define certExtASN_Length (sizeof(certExtASN) / sizeof(ASNItem)) #endif -#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \ - && defined(HAVE_OID_DECODING) +#ifdef WC_ASN_UNKNOWN_EXT_CB int wc_SetUnknownExtCallback(DecodedCert* cert, wc_UnknownExtCallback cb) { if (cert == NULL) { @@ -21366,7 +21576,18 @@ int wc_SetUnknownExtCallback(DecodedCert* cert, cert->unknownExtCallback = cb; return 0; } -#endif + +int wc_SetUnknownExtCallbackEx(DecodedCert* cert, + wc_UnknownExtCallbackEx cb, void *ctx) { + if (cert == NULL) { + return BAD_FUNC_ARG; + } + + cert->unknownExtCallbackEx = cb; + cert->unknownExtCallbackExCtx = ctx; + return 0; +} +#endif /* WC_ASN_UNKNOWN_EXT_CB */ /* * Processing the Certificate Extensions. This does not modify the current @@ -21520,8 +21741,9 @@ static int DecodeCertExtensions(DecodedCert* cert) /* Decode the extension by type. */ ret = DecodeExtensionType(input + idx, length, oid, critical, cert, &isUnknownExt); -#if defined(WOLFSSL_CUSTOM_OID) && defined(HAVE_OID_DECODING) - if (isUnknownExt && (cert->unknownExtCallback != NULL)) { +#ifdef WC_ASN_UNKNOWN_EXT_CB + if (isUnknownExt && (cert->unknownExtCallback != NULL || + cert->unknownExtCallbackEx != NULL)) { word16 decOid[MAX_OID_SZ]; word32 decOidSz = sizeof(decOid); ret = DecodeObjectId( @@ -21535,12 +21757,22 @@ static int DecodeCertExtensions(DecodedCert* cert) WOLFSSL_ERROR(ret); } - ret = cert->unknownExtCallback(decOid, decOidSz, critical, - dataASN[CERTEXTASN_IDX_VAL].data.buffer.data, - dataASN[CERTEXTASN_IDX_VAL].length); + if ((ret == 0) && (cert->unknownExtCallback != NULL)) { + ret = cert->unknownExtCallback(decOid, decOidSz, critical, + dataASN[CERTEXTASN_IDX_VAL].data.buffer.data, + dataASN[CERTEXTASN_IDX_VAL].length); + } + + if ((ret == 0) && (cert->unknownExtCallbackEx != NULL)) { + ret = cert->unknownExtCallbackEx(decOid, decOidSz, critical, + dataASN[CERTEXTASN_IDX_VAL].data.buffer.data, + dataASN[CERTEXTASN_IDX_VAL].length, + cert->unknownExtCallbackExCtx); + } } -#endif +#else (void)isUnknownExt; +#endif /* Move index on to next extension. */ idx += length; @@ -21723,12 +21955,12 @@ enum { /* Check the data data. * * @param [in] dataASN ASN template dynamic data item. - * @param [in] dataType BEFORE or AFTER date. + * @param [in] dataType ASN_BEFORE or ASN_AFTER date. * @return 0 on success. * @return ASN_TIME_E when BER tag is nor UTC or GENERALIZED time. * @return ASN_DATE_SZ_E when time data is not supported. - * @return ASN_BEFORE_DATE_E when BEFORE date is invalid. - * @return ASN_AFTER_DATE_E when AFTER date is invalid. + * @return ASN_BEFORE_DATE_E when ASN_BEFORE date is invalid. + * @return ASN_AFTER_DATE_E when ASN_AFTER date is invalid. */ static int CheckDate(ASNGetData *dataASN, int dateType) { @@ -21746,14 +21978,18 @@ static int CheckDate(ASNGetData *dataASN, int dateType) } #ifndef NO_ASN_TIME_CHECK - /* Check date is a valid string and BEFORE or AFTER now. */ - if ((ret == 0) && - (!XVALIDATE_DATE(dataASN->data.ref.data, dataASN->tag, dateType))) { - if (dateType == BEFORE) { - ret = ASN_BEFORE_DATE_E; - } - else { - ret = ASN_AFTER_DATE_E; + /* Check date is a valid string and ASN_BEFORE or ASN_AFTER now. */ + if (ret == 0) { + if (!XVALIDATE_DATE(dataASN->data.ref.data, dataASN->tag, dateType)) { + if (dateType == ASN_BEFORE) { + ret = ASN_BEFORE_DATE_E; + } + else if (dateType == ASN_AFTER) { + ret = ASN_AFTER_DATE_E; + } + else { + ret = ASN_TIME_E; + } } } #endif @@ -21768,14 +22004,14 @@ static int CheckDate(ASNGetData *dataASN, int dateType) * @param [in] verify Whether to verify dates before and after now. * @param [out] criticalExt Critical extension return code. * @param [out] badDateRet Bad date return code. - * @param [in] stopAtPubKey Stop parsing before subkectPublicKeyInfo. - * @param [in] stopAfterPubKey Stop parsing after subkectPublicKeyInfo. + * @param [in] stopAtPubKey Stop parsing before subjectPublicKeyInfo. + * @param [in] stopAfterPubKey Stop parsing after subjectPublicKeyInfo. * @return 0 on success. * @return ASN_CRIT_EXT_E when a critical extension was not recognized. * @return ASN_TIME_E when date BER tag is nor UTC or GENERALIZED time. * @return ASN_DATE_SZ_E when time data is not supported. - * @return ASN_BEFORE_DATE_E when BEFORE date is invalid. - * @return ASN_AFTER_DATE_E when AFTER date is invalid. + * @return ASN_BEFORE_DATE_E when ASN_BEFORE date is invalid. + * @return ASN_AFTER_DATE_E when ASN_AFTER date is invalid. * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or * is invalid. * @return BUFFER_E when data in buffer is too small. @@ -21878,7 +22114,8 @@ static int DecodeCertInternal(DecodedCert* cert, int verify, int* criticalExt, cert->version = version; cert->serialSz = (int)serialSz; - #if !defined(WOLFSSL_NO_ASN_STRICT) && !defined(WOLFSSL_PYTHON) + #if !defined(WOLFSSL_NO_ASN_STRICT) && !defined(WOLFSSL_PYTHON) && \ + !defined(WOLFSSL_ASN_ALLOW_0_SERIAL) /* RFC 5280 section 4.1.2.2 states that non-conforming CAs may issue * a negative or zero serial number and should be handled gracefully. * Since it is a non-conforming CA that issues a serial of 0 then we @@ -21889,6 +22126,11 @@ static int DecodeCertInternal(DecodedCert* cert, int verify, int* criticalExt, ret = ASN_PARSE_E; } #endif + if (cert->serialSz == 0) { + WOLFSSL_MSG("Error serial size is zero. Should be at least one " + "even with no serial number."); + ret = ASN_PARSE_E; + } cert->signatureOID = dataASN[X509CERTASN_IDX_TBS_ALGOID_OID].data.oid.sum; cert->keyOID = dataASN[X509CERTASN_IDX_TBS_SPUBKEYINFO_ALGO_OID].data.oid.sum; @@ -21896,27 +22138,27 @@ static int DecodeCertInternal(DecodedCert* cert, int verify, int* criticalExt, /* No bad date error - don't always care. */ badDate = 0; - /* Find the item with the BEFORE date and check it. */ + /* Find the item with the ASN_BEFORE date and check it. */ i = (dataASN[X509CERTASN_IDX_TBS_VALIDITY_NOTB_UTC].tag != 0) ? X509CERTASN_IDX_TBS_VALIDITY_NOTB_UTC : X509CERTASN_IDX_TBS_VALIDITY_NOTB_GT; - if ((CheckDate(&dataASN[i], BEFORE) < 0) && (verify != NO_VERIFY) && + if ((CheckDate(&dataASN[i], ASN_BEFORE) < 0) && (verify != NO_VERIFY) && (verify != VERIFY_SKIP_DATE)) { badDate = ASN_BEFORE_DATE_E; } - /* Store reference to BEFOREdate. */ + /* Store reference to ASN_BEFORE date. */ cert->beforeDate = GetASNItem_Addr(dataASN[i], cert->source); cert->beforeDateLen = (int)GetASNItem_Length(dataASN[i], cert->source); - /* Find the item with the AFTER date and check it. */ + /* Find the item with the ASN_AFTER date and check it. */ i = (dataASN[X509CERTASN_IDX_TBS_VALIDITY_NOTA_UTC].tag != 0) ? X509CERTASN_IDX_TBS_VALIDITY_NOTA_UTC : X509CERTASN_IDX_TBS_VALIDITY_NOTA_GT; - if ((CheckDate(&dataASN[i], AFTER) < 0) && (verify != NO_VERIFY) && + if ((CheckDate(&dataASN[i], ASN_AFTER) < 0) && (verify != NO_VERIFY) && (verify != VERIFY_SKIP_DATE)) { badDate = ASN_AFTER_DATE_E; } - /* Store reference to AFTER date. */ + /* Store reference to ASN_AFTER date. */ cert->afterDate = GetASNItem_Addr(dataASN[i], cert->source); cert->afterDateLen = (int)GetASNItem_Length(dataASN[i], cert->source); @@ -21954,16 +22196,20 @@ static int DecodeCertInternal(DecodedCert* cert, int verify, int* criticalExt, } /* Parameters not allowed after ECDSA or EdDSA algorithm OID. */ else if (IsSigAlgoECC(cert->signatureOID)) { - if ((dataASN[X509CERTASN_IDX_SIGALGO_PARAMS_NULL].tag != 0) - #ifdef WC_RSA_PSS - || (dataASN[X509CERTASN_IDX_SIGALGO_PARAMS].tag != 0) + #ifndef WOLFSSL_ECC_SIGALG_PARAMS_NULL_ALLOWED + if (dataASN[X509CERTASN_IDX_SIGALGO_PARAMS_NULL].tag != 0) { + WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E); + ret = ASN_PARSE_E; + } #endif - ) { + #ifdef WC_RSA_PSS + if (dataASN[X509CERTASN_IDX_SIGALGO_PARAMS].tag != 0) { WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E); ret = ASN_PARSE_E; } + #endif } - #ifdef WC_RSA_PSS + #ifdef WC_RSA_PSS /* Check parameters starting with a SEQUENCE. */ else if (dataASN[X509CERTASN_IDX_SIGALGO_PARAMS].tag != 0) { word32 oid = dataASN[X509CERTASN_IDX_SIGALGO_OID].data.oid.sum; @@ -22005,7 +22251,7 @@ static int DecodeCertInternal(DecodedCert* cert, int verify, int* criticalExt, cert->sigParamsLength = sigAlgParamsSz; } } - #endif + #endif } if ((ret == 0) && (!done)) { pubKeyEnd = dataASN[X509CERTASN_IDX_TBS_ISSUERUID].offset; @@ -22047,13 +22293,13 @@ static int DecodeCertInternal(DecodedCert* cert, int verify, int* criticalExt, if ((ret == 0) && (issuer != NULL)) { idx = 0; /* Put issuer into cert and calculate hash. */ - ret = GetCertName(cert, cert->issuer, cert->issuerHash, ISSUER, issuer, + ret = GetCertName(cert, cert->issuer, cert->issuerHash, ASN_ISSUER, issuer, &idx, issuerSz); } if ((ret == 0) && (subject != NULL)) { idx = 0; /* Put subject into cert and calculate hash. */ - ret = GetCertName(cert, cert->subject, cert->subjectHash, SUBJECT, + ret = GetCertName(cert, cert->subject, cert->subjectHash, ASN_SUBJECT, subject, &idx, subjectSz); } if (ret == 0) { @@ -22115,8 +22361,8 @@ static int DecodeCertInternal(DecodedCert* cert, int verify, int* criticalExt, * @return ASN_CRIT_EXT_E when a critical extension was not recognized. * @return ASN_TIME_E when date BER tag is nor UTC or GENERALIZED time. * @return ASN_DATE_SZ_E when time data is not supported. - * @return ASN_BEFORE_DATE_E when BEFORE date is invalid. - * @return ASN_AFTER_DATE_E when AFTER date is invalid. + * @return ASN_BEFORE_DATE_E when ASN_BEFORE date is invalid. + * @return ASN_AFTER_DATE_E when ASN_AFTER date is invalid. * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or * is invalid. * @return BUFFER_E when data in buffer is too small. @@ -22425,7 +22671,7 @@ static int DecodeCertReq(DecodedCert* cert, int* criticalExt) { DECL_ASNGETDATA(dataASN, certReqASN_Length); int ret = 0; - byte version; + byte version = 0; word32 idx; CALLOC_ASNGETDATA(dataASN, certReqASN_Length, ret, cert->heap); @@ -22461,7 +22707,7 @@ static int DecodeCertReq(DecodedCert* cert, int* criticalExt) /* Parse the subject name. */ idx = dataASN[CERTREQASN_IDX_INFO_SUBJ_SEQ].offset; - ret = GetCertName(cert, cert->subject, cert->subjectHash, SUBJECT, + ret = GetCertName(cert, cert->subject, cert->subjectHash, ASN_SUBJECT, cert->source, &idx, dataASN[CERTREQASN_IDX_INFO_SPUBKEYINFO_SEQ].offset); } @@ -23034,8 +23280,7 @@ static int CheckCertSignature_ex(const byte* cert, word32 certSz, void* heap, FreeSignatureCtx(sigCtx); #ifdef WOLFSSL_SMALL_STACK - if (sigCtx != NULL) - XFREE(sigCtx, heap, DYNAMIC_TYPE_SIGNATURE); + XFREE(sigCtx, heap, DYNAMIC_TYPE_SIGNATURE); #endif return ret; #else /* WOLFSSL_ASN_TEMPLATE */ @@ -23293,9 +23538,9 @@ typedef struct DecodeInstr { /* Tag expected. */ byte tag; /* Operation to perform: step in or go over */ - byte op:1; + WC_BITFIELD op:1; /* ASN.1 item is optional. */ - byte optional:1; + WC_BITFIELD optional:1; } DecodeInstr; /* Step into ASN.1 item. */ @@ -23319,7 +23564,7 @@ int wc_CertGetPubKey(const byte* cert, word32 certSz, const unsigned char** pubKey, word32* pubKeySz) { int ret = 0; - int l; + int l = 0; word32 o = 0; int i; static DecodeInstr ops[] = { @@ -24024,8 +24269,10 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm, Signer else { /* no signer */ WOLFSSL_MSG("No CA signer to verify with"); + /* If you end up here with error -188, + * consider using WOLFSSL_ALT_CERT_CHAINS. */ #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) - /* ret needs to be self-signer error for Qt compat */ + /* ret needs to be self-signer error for openssl compatibility */ if (cert->selfSigned) { WOLFSSL_ERROR_VERBOSE(ASN_SELF_SIGNED_E); return ASN_SELF_SIGNED_E; @@ -24241,13 +24488,9 @@ void FreeTrustedPeer(TrustedPeerCert* tp, void* heap) return; } - if (tp->name) { - XFREE(tp->name, heap, DYNAMIC_TYPE_SUBJECT_CN); - } + XFREE(tp->name, heap, DYNAMIC_TYPE_SUBJECT_CN); - if (tp->sig) { - XFREE(tp->sig, heap, DYNAMIC_TYPE_SIGNATURE); - } + XFREE(tp->sig, heap, DYNAMIC_TYPE_SIGNATURE); #ifndef IGNORE_NAME_CONSTRAINTS if (tp->permittedNames) FreeNameSubtrees(tp->permittedNames, heap); @@ -24485,6 +24728,10 @@ wcchar END_CERT = "-----END CERTIFICATE-----"; wcchar BEGIN_CERT_REQ = "-----BEGIN CERTIFICATE REQUEST-----"; wcchar END_CERT_REQ = "-----END CERTIFICATE REQUEST-----"; #endif +#if defined(WOLFSSL_ACERT) + wcchar BEGIN_ACERT = "-----BEGIN ATTRIBUTE CERTIFICATE-----"; + wcchar END_ACERT = "-----END ATTRIBUTE CERTIFICATE-----"; +#endif /* WOLFSSL_ACERT */ #ifndef NO_DH wcchar BEGIN_DH_PARAM = "-----BEGIN DH PARAMETERS-----"; wcchar END_DH_PARAM = "-----END DH PARAMETERS-----"; @@ -24513,6 +24760,10 @@ wcchar END_ENC_PRIV_KEY = "-----END ENCRYPTED PRIVATE KEY-----"; wcchar END_EC_PARAM = "-----END EC PARAMETERS-----"; #endif #endif +#ifdef HAVE_PKCS7 +wcchar BEGIN_PKCS7 = "-----BEGIN PKCS7-----"; +wcchar END_PKCS7 = "-----END PKCS7-----"; +#endif #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) || \ !defined(NO_DSA) wcchar BEGIN_DSA_PRIV = "-----BEGIN DSA PRIVATE KEY-----"; @@ -24536,12 +24787,20 @@ wcchar END_PUB_KEY = "-----END PUBLIC KEY-----"; wcchar END_FALCON_LEVEL5_PRIV = "-----END FALCON_LEVEL5 PRIVATE KEY-----"; #endif /* HAVE_FALCON */ #if defined(HAVE_DILITHIUM) + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT wcchar BEGIN_DILITHIUM_LEVEL2_PRIV = "-----BEGIN DILITHIUM_LEVEL2 PRIVATE KEY-----"; wcchar END_DILITHIUM_LEVEL2_PRIV = "-----END DILITHIUM_LEVEL2 PRIVATE KEY-----"; wcchar BEGIN_DILITHIUM_LEVEL3_PRIV = "-----BEGIN DILITHIUM_LEVEL3 PRIVATE KEY-----"; wcchar END_DILITHIUM_LEVEL3_PRIV = "-----END DILITHIUM_LEVEL3 PRIVATE KEY-----"; wcchar BEGIN_DILITHIUM_LEVEL5_PRIV = "-----BEGIN DILITHIUM_LEVEL5 PRIVATE KEY-----"; wcchar END_DILITHIUM_LEVEL5_PRIV = "-----END DILITHIUM_LEVEL5 PRIVATE KEY-----"; + #endif + wcchar BEGIN_ML_DSA_LEVEL2_PRIV = "-----BEGIN ML_DSA_LEVEL2 PRIVATE KEY-----"; + wcchar END_ML_DSA_LEVEL2_PRIV = "-----END ML_DSA_LEVEL2 PRIVATE KEY-----"; + wcchar BEGIN_ML_DSA_LEVEL3_PRIV = "-----BEGIN ML_DSA_LEVEL3 PRIVATE KEY-----"; + wcchar END_ML_DSA_LEVEL3_PRIV = "-----END ML_DSA_LEVEL3 PRIVATE KEY-----"; + wcchar BEGIN_ML_DSA_LEVEL5_PRIV = "-----BEGIN ML_DSA_LEVEL5 PRIVATE KEY-----"; + wcchar END_ML_DSA_LEVEL5_PRIV = "-----END ML_DSA_LEVEL5 PRIVATE KEY-----"; #endif /* HAVE_DILITHIUM */ #if defined(HAVE_SPHINCS) wcchar BEGIN_SPHINCS_FAST_LEVEL1_PRIV = "-----BEGIN SPHINCS_FAST_LEVEL1 PRIVATE KEY-----"; @@ -24620,6 +24879,20 @@ int wc_PemGetHeaderFooter(int type, const char** header, const char** footer) ret = 0; break; #endif + #ifdef HAVE_PKCS7 + case PKCS7_TYPE: + if (header) *header = BEGIN_PKCS7; + if (footer) *footer = END_PKCS7; + ret = 0; + break; + #endif + #if defined(WOLFSSL_ACERT) + case ACERT_TYPE: + if (header) *header = BEGIN_ACERT; + if (footer) *footer = END_ACERT; + ret = 0; + break; + #endif /* WOLFSSL_ACERT */ #ifndef NO_DSA case DSA_TYPE: case DSA_PRIVATEKEY_TYPE: @@ -24678,6 +24951,7 @@ int wc_PemGetHeaderFooter(int type, const char** header, const char** footer) break; #endif /* HAVE_FALCON */ #ifdef HAVE_DILITHIUM + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT case DILITHIUM_LEVEL2_TYPE: if (header) *header = BEGIN_DILITHIUM_LEVEL2_PRIV; if (footer) *footer = END_DILITHIUM_LEVEL2_PRIV; @@ -24693,6 +24967,22 @@ int wc_PemGetHeaderFooter(int type, const char** header, const char** footer) if (footer) *footer = END_DILITHIUM_LEVEL5_PRIV; ret = 0; break; + #endif + case ML_DSA_LEVEL2_TYPE: + if (header) *header = BEGIN_ML_DSA_LEVEL2_PRIV; + if (footer) *footer = END_ML_DSA_LEVEL2_PRIV; + ret = 0; + break; + case ML_DSA_LEVEL3_TYPE: + if (header) *header = BEGIN_ML_DSA_LEVEL3_PRIV; + if (footer) *footer = END_ML_DSA_LEVEL3_PRIV; + ret = 0; + break; + case ML_DSA_LEVEL5_TYPE: + if (header) *header = BEGIN_ML_DSA_LEVEL5_PRIV; + if (footer) *footer = END_ML_DSA_LEVEL5_PRIV; + ret = 0; + break; #endif /* HAVE_DILITHIUM */ #ifdef HAVE_SPHINCS case SPHINCS_FAST_LEVEL1_TYPE: @@ -25124,9 +25414,9 @@ int PemToDer(const unsigned char* buff, long longSz, int type, { const char* header = NULL; const char* footer = NULL; - const char* headerEnd; - const char* footerEnd; - const char* consumedEnd; + const char* headerEnd = NULL; + const char* footerEnd = NULL; + const char* consumedEnd = NULL; const char* bufferEnd = (const char*)(buff + longSz); long neededSz; int ret = 0; @@ -25657,7 +25947,7 @@ int wc_CertPemToDer(const unsigned char* pem, int pemSz, } if (type != CERT_TYPE && type != CHAIN_CERT_TYPE && type != CA_TYPE && - type != CERTREQ_TYPE) { + type != CERTREQ_TYPE && type != PKCS7_TYPE) { WOLFSSL_MSG("Bad cert type"); return BAD_FUNC_ARG; } @@ -25948,7 +26238,7 @@ int wc_GetPubKeyDerFromCert(struct DecodedCert* cert, /* if derKey is NULL, return required output buffer size in derKeySz */ if (derKey == NULL) { *derKeySz = cert->pubKeySize; - ret = LENGTH_ONLY_E; + ret = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if (ret == 0) { @@ -26015,7 +26305,7 @@ int wc_GetUUIDFromCert(struct DecodedCert* cert, byte* uuid, word32* uuidSz) if (uuid == NULL) { *uuidSz = (word32)id->len; - return LENGTH_ONLY_E; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if ((int)*uuidSz < id->len) { @@ -26043,7 +26333,7 @@ int wc_GetFASCNFromCert(struct DecodedCert* cert, byte* fascn, word32* fascnSz) if (id != NULL && id->oidSum == FASCN_OID) { if (fascn == NULL) { *fascnSz = (word32)id->len; - return LENGTH_ONLY_E; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if ((int)*fascnSz < id->len) { @@ -27409,12 +27699,8 @@ static int SetExtKeyUsage(Cert* cert, byte* output, word32 outSz, byte input) } /* Dispose of allocated data. */ - if (extKuASN != NULL) { - XFREE(extKuASN, cert->heap, DYNAMIC_TYPE_TMP_BUFFER); - } - if (dataASN != NULL) { - XFREE(dataASN, cert->heap, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(extKuASN, cert->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(dataASN, cert->heap, DYNAMIC_TYPE_TMP_BUFFER); return ret; #endif @@ -27567,7 +27853,7 @@ static int SetCertificatePolicies(byte *output, byte oid[MAX_OID_SZ]; word32 oidSz; word32 sz = 0; - int piSz; + int piSz = 0; if ((input == NULL) || (nb_certpol > MAX_CERTPOL_NB)) { ret = BAD_FUNC_ARG; @@ -27964,9 +28250,9 @@ static int EncodeName(EncodedName* name, const char* nameStr, break; #ifdef WOLFSSL_CUSTOM_OID case ASN_CUSTOM_NAME: - nameSz = cname->custom.valSz; + nameSz = (word32)cname->custom.valSz; oid = cname->custom.oid; - oidSz = cname->custom.oidSz; + oidSz = (word32)cname->custom.oidSz; break; #endif #ifdef WOLFSSL_CERT_REQ @@ -28033,8 +28319,7 @@ int wc_EncodeNameCanonical(EncodedName* name, const char* nameStr, } #endif /* WOLFSSL_CERT_GEN || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ -#if (defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT)) || \ - (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)) +#ifdef WOLFSSL_ASN_PARSE_KEYUSAGE /* Convert key usage string (comma delimited, null terminated) to word16 * Returns 0 on success, negative on error */ @@ -28157,7 +28442,7 @@ int ParseExtKeyUsageStr(const char* value, byte* extKeyUsage, void* heap) return ret; } -#endif /* (CERT_GEN && CERT_EXT) || (OPENSSL_ALL || OPENSSL_EXTRA) */ +#endif /* WOLFSSL_ASN_PARSE_KEYUSAGE */ #ifdef WOLFSSL_CERT_GEN /* Encodes one attribute of the name (issuer/subject) @@ -28291,8 +28576,8 @@ static int SetNameRdnItems(ASNSetData* dataASN, ASNItem* namesASN, else if (type == ASN_CUSTOM_NAME) { #ifdef WOLFSSL_CUSTOM_OID SetRdnItems(namesASN + idx, dataASN + idx, name->custom.oid, - name->custom.oidSz, name->custom.enc, - name->custom.val, name->custom.valSz); + (word32)name->custom.oidSz, (byte)name->custom.enc, + name->custom.val, (word32)name->custom.valSz); #endif } else { @@ -28514,10 +28799,8 @@ int SetNameEx(byte* output, word32 outputSz, CertName* name, void* heap) } } - if (namesASN != NULL) - XFREE(namesASN, heap, DYNAMIC_TYPE_TMP_BUFFER); - if (dataASN != NULL) - XFREE(dataASN, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(namesASN, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(dataASN, heap, DYNAMIC_TYPE_TMP_BUFFER); (void)heap; return ret; #endif @@ -28591,9 +28874,14 @@ static int EncodePublicKey(int keyType, byte* output, int outLen, break; #endif /* HAVE_FALCON */ #if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_ASN1) + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT case DILITHIUM_LEVEL2_KEY: case DILITHIUM_LEVEL3_KEY: case DILITHIUM_LEVEL5_KEY: + #endif + case ML_DSA_LEVEL2_KEY: + case ML_DSA_LEVEL3_KEY: + case ML_DSA_LEVEL5_KEY: ret = wc_Dilithium_PublicKeyToDer(dilithiumKey, output, (word32)outLen, 1); if (ret <= 0) { @@ -29415,9 +29703,15 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey, } #endif /* HAVE_FALCON */ #if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_ASN1) - if ((cert->keyType == DILITHIUM_LEVEL2_KEY) || - (cert->keyType == DILITHIUM_LEVEL3_KEY) || - (cert->keyType == DILITHIUM_LEVEL5_KEY)) { + if ((cert->keyType == ML_DSA_LEVEL2_KEY) || + (cert->keyType == ML_DSA_LEVEL3_KEY) || + (cert->keyType == ML_DSA_LEVEL5_KEY) + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + || (cert->keyType == DILITHIUM_LEVEL2_KEY) + || (cert->keyType == DILITHIUM_LEVEL3_KEY) + || (cert->keyType == DILITHIUM_LEVEL5_KEY) + #endif + ) { if (dilithiumKey == NULL) return PUBLIC_KEY_E; @@ -29904,7 +30198,7 @@ static int MakeSignature(CertSignCtx* certSignCtx, const byte* buf, word32 sz, case CERTSIGN_STATE_DO: certSignCtx->state = CERTSIGN_STATE_DO; - ret = ALGO_ID_E; /* default to error */ + ret = -1; /* default to error, reassigned to ALGO_ID_E below. */ #ifndef NO_RSA if (rsaKey) { @@ -29958,9 +30252,23 @@ static int MakeSignature(CertSignCtx* certSignCtx, const byte* buf, word32 sz, if (!rsaKey && !eccKey && !ed25519Key && !ed448Key && !falconKey && dilithiumKey) { word32 outSz = sigSz; - ret = wc_dilithium_sign_msg(buf, sz, sig, &outSz, dilithiumKey, rng); - if (ret == 0) - ret = outSz; + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + if ((dilithiumKey->params->level == WC_ML_DSA_44_DRAFT) || + (dilithiumKey->params->level == WC_ML_DSA_65_DRAFT) || + (dilithiumKey->params->level == WC_ML_DSA_87_DRAFT)) { + ret = wc_dilithium_sign_msg(buf, sz, sig, &outSz, dilithiumKey, + rng); + if (ret == 0) + ret = outSz; + } + else + #endif + { + ret = wc_dilithium_sign_ctx_msg(NULL, 0, buf, sz, sig, + &outSz, dilithiumKey, rng); + if (ret == 0) + ret = outSz; + } } #endif /* HAVE_DILITHIUM */ #if defined(HAVE_SPHINCS) @@ -29973,6 +30281,9 @@ static int MakeSignature(CertSignCtx* certSignCtx, const byte* buf, word32 sz, } #endif /* HAVE_SPHINCS */ + if (ret == -1) + ret = ALGO_ID_E; + break; } @@ -30103,8 +30414,8 @@ int AddSignature(byte* buf, int bodySz, const byte* sig, int sigSz, return (int)(idx + seqSz); #else DECL_ASNSETDATA(dataASN, sigASN_Length); - word32 seqSz; - int sz; + word32 seqSz = 0; + int sz = 0; int ret = 0; CALLOC_ASNSETDATA(dataASN, sigASN_Length, ret, NULL); @@ -30195,12 +30506,32 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz, cert->keyType = FALCON_LEVEL5_KEY; #endif /* HAVE_FALCON */ #ifdef HAVE_DILITHIUM - else if ((dilithiumKey != NULL) && (dilithiumKey->level == 2)) + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + else if ((dilithiumKey != NULL) && + (dilithiumKey->params->level == WC_ML_DSA_44_DRAFT)) { cert->keyType = DILITHIUM_LEVEL2_KEY; - else if ((dilithiumKey != NULL) && (dilithiumKey->level == 3)) + } + else if ((dilithiumKey != NULL) && + (dilithiumKey->params->level == WC_ML_DSA_65_DRAFT)) { cert->keyType = DILITHIUM_LEVEL3_KEY; - else if ((dilithiumKey != NULL) && (dilithiumKey->level == 5)) + } + else if ((dilithiumKey != NULL) && + (dilithiumKey->params->level == WC_ML_DSA_87_DRAFT)) { cert->keyType = DILITHIUM_LEVEL5_KEY; + } + #endif + else if ((dilithiumKey != NULL) && + (dilithiumKey->params->level == WC_ML_DSA_44)) { + cert->keyType = ML_DSA_LEVEL2_KEY; + } + else if ((dilithiumKey != NULL) && + (dilithiumKey->params->level == WC_ML_DSA_65)) { + cert->keyType = ML_DSA_LEVEL3_KEY; + } + else if ((dilithiumKey != NULL) && + (dilithiumKey->params->level == WC_ML_DSA_87)) { + cert->keyType = ML_DSA_LEVEL5_KEY; + } #endif /* HAVE_DILITHIUM */ #ifdef HAVE_SPHINCS else if ((sphincsKey != NULL) && (sphincsKey->level == 1) @@ -30290,15 +30621,32 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz, } #endif /* HAVE_FALCON */ #ifdef HAVE_DILITHIUM - else if ((dilithiumKey != NULL) && (dilithiumKey->level == 2)) { + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + else if ((dilithiumKey != NULL) && + (dilithiumKey->params->level == WC_ML_DSA_44_DRAFT)) { cert->keyType = DILITHIUM_LEVEL2_KEY; } - else if ((dilithiumKey != NULL) && (dilithiumKey->level == 3)) { + else if ((dilithiumKey != NULL) && + (dilithiumKey->params->level == WC_ML_DSA_65_DRAFT)) { cert->keyType = DILITHIUM_LEVEL3_KEY; } - else if ((dilithiumKey != NULL) && (dilithiumKey->level == 5)) { + else if ((dilithiumKey != NULL) && + (dilithiumKey->params->level == WC_ML_DSA_87_DRAFT)) { cert->keyType = DILITHIUM_LEVEL5_KEY; } + #endif + else if ((dilithiumKey != NULL) && + (dilithiumKey->level == WC_ML_DSA_44)) { + cert->keyType = ML_DSA_LEVEL2_KEY; + } + else if ((dilithiumKey != NULL) && + (dilithiumKey->level == WC_ML_DSA_65)) { + cert->keyType = ML_DSA_LEVEL3_KEY; + } + else if ((dilithiumKey != NULL) && + (dilithiumKey->level == WC_ML_DSA_87)) { + cert->keyType = ML_DSA_LEVEL5_KEY; + } #endif /* HAVE_DILITHIUM */ #ifdef HAVE_SPHINCS else if ((sphincsKey != NULL) && (sphincsKey->level == 1) @@ -30603,12 +30951,20 @@ int wc_MakeCert_ex(Cert* cert, byte* derBuffer, word32 derSz, int keyType, falconKey = (falcon_key*)key; else if (keyType == FALCON_LEVEL5_TYPE) falconKey = (falcon_key*)key; +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT else if (keyType == DILITHIUM_LEVEL2_TYPE) dilithiumKey = (dilithium_key*)key; else if (keyType == DILITHIUM_LEVEL3_TYPE) dilithiumKey = (dilithium_key*)key; else if (keyType == DILITHIUM_LEVEL5_TYPE) dilithiumKey = (dilithium_key*)key; +#endif + else if (keyType == ML_DSA_LEVEL2_TYPE) + dilithiumKey = (dilithium_key*)key; + else if (keyType == ML_DSA_LEVEL3_TYPE) + dilithiumKey = (dilithium_key*)key; + else if (keyType == ML_DSA_LEVEL5_TYPE) + dilithiumKey = (dilithium_key*)key; else if (keyType == SPHINCS_FAST_LEVEL1_TYPE) sphincsKey = (sphincs_key*)key; else if (keyType == SPHINCS_FAST_LEVEL3_TYPE) @@ -30910,9 +31266,15 @@ static int EncodeCertReq(Cert* cert, DerCert* der, RsaKey* rsaKey, } #endif #if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_ASN1) - if ((cert->keyType == DILITHIUM_LEVEL2_KEY) || - (cert->keyType == DILITHIUM_LEVEL3_KEY) || - (cert->keyType == DILITHIUM_LEVEL5_KEY)) { + if ((cert->keyType == ML_DSA_LEVEL2_KEY) || + (cert->keyType == ML_DSA_LEVEL3_KEY) || + (cert->keyType == ML_DSA_LEVEL5_KEY) + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + || (cert->keyType == DILITHIUM_LEVEL2_KEY) + || (cert->keyType == DILITHIUM_LEVEL3_KEY) + || (cert->keyType == DILITHIUM_LEVEL5_KEY) + #endif + ) { if (dilithiumKey == NULL) return PUBLIC_KEY_E; der->publicKeySz = wc_Dilithium_PublicKeyToDer(dilithiumKey, @@ -31264,12 +31626,32 @@ static int MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz, cert->keyType = FALCON_LEVEL5_KEY; #endif /* HAVE_FALCON */ #ifdef HAVE_DILITHIUM - else if ((dilithiumKey != NULL) && (dilithiumKey->level == 2)) + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + else if ((dilithiumKey != NULL) && + (dilithiumKey->params->level == WC_ML_DSA_44_DRAFT)) { cert->keyType = DILITHIUM_LEVEL2_KEY; - else if ((dilithiumKey != NULL) && (dilithiumKey->level == 3)) + } + else if ((dilithiumKey != NULL) && + (dilithiumKey->params->level == WC_ML_DSA_65_DRAFT)) { cert->keyType = DILITHIUM_LEVEL3_KEY; - else if ((dilithiumKey != NULL) && (dilithiumKey->level == 5)) + } + else if ((dilithiumKey != NULL) && + (dilithiumKey->params->level == WC_ML_DSA_87_DRAFT)) { cert->keyType = DILITHIUM_LEVEL5_KEY; + } + #endif + else if ((dilithiumKey != NULL) && + (dilithiumKey->params->level == WC_ML_DSA_44)) { + cert->keyType = ML_DSA_LEVEL2_KEY; + } + else if ((dilithiumKey != NULL) && + (dilithiumKey->params->level == WC_ML_DSA_65)) { + cert->keyType = ML_DSA_LEVEL3_KEY; + } + else if ((dilithiumKey != NULL) && + (dilithiumKey->params->level == WC_ML_DSA_87)) { + cert->keyType = ML_DSA_LEVEL5_KEY; + } #endif /* HAVE_DILITHIUM */ #ifdef HAVE_SPHINCS else if ((sphincsKey != NULL) && (sphincsKey->level == 1) @@ -31360,15 +31742,32 @@ static int MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz, } #endif /* HAVE_FALCON */ #ifdef HAVE_DILITHIUM - else if ((dilithiumKey != NULL) && (dilithiumKey->level == 2)) { + #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + else if ((dilithiumKey != NULL) && + (dilithiumKey->params->level == WC_ML_DSA_44_DRAFT)) { cert->keyType = DILITHIUM_LEVEL2_KEY; } - else if ((dilithiumKey != NULL) && (dilithiumKey->level == 3)) { + else if ((dilithiumKey != NULL) && + (dilithiumKey->params->level == WC_ML_DSA_65_DRAFT)) { cert->keyType = DILITHIUM_LEVEL3_KEY; } - else if ((dilithiumKey != NULL) && (dilithiumKey->level == 5)) { + else if ((dilithiumKey != NULL) && + (dilithiumKey->params->level == WC_ML_DSA_87_DRAFT)) { cert->keyType = DILITHIUM_LEVEL5_KEY; } + #endif + else if ((dilithiumKey != NULL) && + (dilithiumKey->level == WC_ML_DSA_44)) { + cert->keyType = ML_DSA_LEVEL2_KEY; + } + else if ((dilithiumKey != NULL) && + (dilithiumKey->level == WC_ML_DSA_65)) { + cert->keyType = ML_DSA_LEVEL3_KEY; + } + else if ((dilithiumKey != NULL) && + (dilithiumKey->level == WC_ML_DSA_87)) { + cert->keyType = ML_DSA_LEVEL5_KEY; + } #endif /* HAVE_DILITHIUM */ #ifdef HAVE_SPHINCS else if ((sphincsKey != NULL) && (sphincsKey->level == 1) @@ -31580,12 +31979,20 @@ int wc_MakeCertReq_ex(Cert* cert, byte* derBuffer, word32 derSz, int keyType, falconKey = (falcon_key*)key; else if (keyType == FALCON_LEVEL5_TYPE) falconKey = (falcon_key*)key; +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT else if (keyType == DILITHIUM_LEVEL2_TYPE) dilithiumKey = (dilithium_key*)key; else if (keyType == DILITHIUM_LEVEL3_TYPE) dilithiumKey = (dilithium_key*)key; else if (keyType == DILITHIUM_LEVEL5_TYPE) dilithiumKey = (dilithium_key*)key; +#endif + else if (keyType == ML_DSA_LEVEL2_TYPE) + dilithiumKey = (dilithium_key*)key; + else if (keyType == ML_DSA_LEVEL3_TYPE) + dilithiumKey = (dilithium_key*)key; + else if (keyType == ML_DSA_LEVEL5_TYPE) + dilithiumKey = (dilithium_key*)key; else if (keyType == SPHINCS_FAST_LEVEL1_TYPE) sphincsKey = (sphincs_key*)key; else if (keyType == SPHINCS_FAST_LEVEL3_TYPE) @@ -31726,9 +32133,14 @@ int wc_MakeSigWithBitStr(byte *sig, int sigSz, int sType, byte* buf, case FALCON_LEVEL5_TYPE: falconKey = (falcon_key*)key; break; +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT case DILITHIUM_LEVEL2_TYPE: case DILITHIUM_LEVEL3_TYPE: case DILITHIUM_LEVEL5_TYPE: +#endif + case ML_DSA_LEVEL2_TYPE: + case ML_DSA_LEVEL3_TYPE: + case ML_DSA_LEVEL5_TYPE: dilithiumKey = (dilithium_key*)key; break; case SPHINCS_FAST_LEVEL1_TYPE: @@ -31829,12 +32241,20 @@ int wc_SignCert_ex(int requestSz, int sType, byte* buf, word32 buffSz, falconKey = (falcon_key*)key; else if (keyType == FALCON_LEVEL5_TYPE) falconKey = (falcon_key*)key; +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT else if (keyType == DILITHIUM_LEVEL2_TYPE) dilithiumKey = (dilithium_key*)key; else if (keyType == DILITHIUM_LEVEL3_TYPE) dilithiumKey = (dilithium_key*)key; else if (keyType == DILITHIUM_LEVEL5_TYPE) dilithiumKey = (dilithium_key*)key; +#endif + else if (keyType == ML_DSA_LEVEL2_TYPE) + dilithiumKey = (dilithium_key*)key; + else if (keyType == ML_DSA_LEVEL3_TYPE) + dilithiumKey = (dilithium_key*)key; + else if (keyType == ML_DSA_LEVEL5_TYPE) + dilithiumKey = (dilithium_key*)key; else if (keyType == SPHINCS_FAST_LEVEL1_TYPE) sphincsKey = (sphincs_key*)key; else if (keyType == SPHINCS_FAST_LEVEL3_TYPE) @@ -31882,7 +32302,7 @@ int wc_MakeSelfCert(Cert* cert, byte* buf, word32 buffSz, WOLFSSL_ABI int wc_GetSubjectRaw(byte **subjectRaw, Cert *cert) { - int rc = BAD_FUNC_ARG; + int rc = WC_NO_ERR_TRACE(BAD_FUNC_ARG); if ((subjectRaw != NULL) && (cert != NULL)) { *subjectRaw = cert->sbjRaw; rc = 0; @@ -32008,12 +32428,20 @@ int wc_SetSubjectKeyIdFromPublicKey_ex(Cert *cert, int keyType, void* key) falconKey = (falcon_key*)key; else if (keyType == FALCON_LEVEL5_TYPE) falconKey = (falcon_key*)key; +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT else if (keyType == DILITHIUM_LEVEL2_TYPE) dilithiumKey = (dilithium_key*)key; else if (keyType == DILITHIUM_LEVEL3_TYPE) dilithiumKey = (dilithium_key*)key; else if (keyType == DILITHIUM_LEVEL5_TYPE) dilithiumKey = (dilithium_key*)key; +#endif + else if (keyType == ML_DSA_LEVEL2_TYPE) + dilithiumKey = (dilithium_key*)key; + else if (keyType == ML_DSA_LEVEL3_TYPE) + dilithiumKey = (dilithium_key*)key; + else if (keyType == ML_DSA_LEVEL5_TYPE) + dilithiumKey = (dilithium_key*)key; else if (keyType == SPHINCS_FAST_LEVEL1_TYPE) sphincsKey = (sphincs_key*)key; else if (keyType == SPHINCS_FAST_LEVEL3_TYPE) @@ -32061,12 +32489,20 @@ int wc_SetAuthKeyIdFromPublicKey_ex(Cert *cert, int keyType, void* key) falconKey = (falcon_key*)key; else if (keyType == FALCON_LEVEL5_TYPE) falconKey = (falcon_key*)key; +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT else if (keyType == DILITHIUM_LEVEL2_TYPE) dilithiumKey = (dilithium_key*)key; else if (keyType == DILITHIUM_LEVEL3_TYPE) dilithiumKey = (dilithium_key*)key; else if (keyType == DILITHIUM_LEVEL5_TYPE) dilithiumKey = (dilithium_key*)key; +#endif + else if (keyType == ML_DSA_LEVEL2_TYPE) + dilithiumKey = (dilithium_key*)key; + else if (keyType == ML_DSA_LEVEL3_TYPE) + dilithiumKey = (dilithium_key*)key; + else if (keyType == ML_DSA_LEVEL5_TYPE) + dilithiumKey = (dilithium_key*)key; else if (keyType == SPHINCS_FAST_LEVEL1_TYPE) sphincsKey = (sphincs_key*)key; else if (keyType == SPHINCS_FAST_LEVEL3_TYPE) @@ -32332,7 +32768,7 @@ int wc_SetExtKeyUsageOID(Cert *cert, const char *in, word32 sz, byte idx, } XMEMCPY(cert->extKeyUsageOID[idx], oid, oidSz); - cert->extKeyUsageOIDSz[idx] = oidSz; + cert->extKeyUsageOIDSz[idx] = (byte)oidSz; cert->extKeyUsage |= EXTKEYUSE_USER; return 0; @@ -32368,7 +32804,7 @@ int wc_SetCustomExtension(Cert *cert, int critical, const char *oid, ext->oid = (char*)oid; ext->crit = (critical == 0) ? 0 : 1; ext->val = (byte*)der; - ext->valSz = derSz; + ext->valSz = (int)derSz; cert->customCertExtCount++; return 0; @@ -33659,9 +34095,9 @@ static int EccSpecifiedECDomainDecode(const byte* input, word32 inSz, #else if (ret == 0) { /* Base X-ordinate */ - DataToHexString(base + 1, curve->size, curve->Gx); + DataToHexString(base + 1, (word32)curve->size, curve->Gx); /* Base Y-ordinate */ - DataToHexString(base + 1 + curve->size, curve->size, curve->Gy); + DataToHexString(base + 1 + curve->size, (word32)curve->size, curve->Gy); /* Prime */ DataToHexString(dataASN[ECCSPECIFIEDASN_IDX_PRIME_P].data.ref.data, dataASN[ECCSPECIFIEDASN_IDX_PRIME_P].data.ref.length, @@ -33886,6 +34322,7 @@ int wc_EccPrivateKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key, int curve_id = ECC_CURVE_DEF; #if defined(HAVE_PKCS8) || defined(HAVE_PKCS12) || defined(SM2) word32 algId = 0; + word32 eccOid = 0; #endif /* Validate parameters. */ @@ -33895,11 +34332,11 @@ int wc_EccPrivateKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key, #if defined(HAVE_PKCS8) || defined(HAVE_PKCS12) || defined(SM2) /* if has pkcs8 header skip it */ - if (ToTraditionalInline_ex(input, inOutIdx, inSz, &algId) < 0) { + if (ToTraditionalInline_ex2(input, inOutIdx, inSz, &algId, &eccOid) < 0) { /* ignore error, did not have pkcs8 header */ } else { - curve_id = wc_ecc_get_oid(algId, NULL, NULL); + curve_id = wc_ecc_get_oid(eccOid, NULL, NULL); } #endif @@ -34392,7 +34829,7 @@ int wc_EccPublicKeyDecode(const byte* input, word32* inOutIdx, #endif /* WOLFSSL_ASN_TEMPLATE */ } -#if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT) +#ifdef HAVE_ECC_KEY_EXPORT /* build DER formatted ECC key, include optional public key if requested, * return length on success, negative on error */ int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 *inLen, @@ -34527,7 +34964,7 @@ int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 *inLen, XFREE(pub, key->heap, DYNAMIC_TYPE_TMP_BUFFER); } #endif - return LENGTH_ONLY_E; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if (inLen != NULL && totalSz > *inLen) { #ifndef WOLFSSL_NO_MALLOC @@ -34639,7 +35076,7 @@ int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 *inLen, /* Return the size if no buffer. */ if ((ret == 0) && (output == NULL)) { *inLen = (word32)sz; - ret = LENGTH_ONLY_E; + ret = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } /* Check the buffer is big enough. */ if ((ret == 0) && (inLen != NULL) && (sz > (int)*inLen)) { @@ -34684,6 +35121,7 @@ int wc_BuildEccKeyDer(ecc_key* key, byte* output, word32 *inLen, /* Write a Private ecc key, including public to DER format, * length on success else < 0 */ +/* Note: use wc_EccKeyDerSize to get length only */ WOLFSSL_ABI int wc_EccKeyToDer(ecc_key* key, byte* output, word32 inLen) { @@ -34695,10 +35133,7 @@ int wc_EccKeyToDer(ecc_key* key, byte* output, word32 inLen) int wc_EccKeyDerSize(ecc_key* key, int pub) { word32 sz = 0; - int ret; - - ret = wc_BuildEccKeyDer(key, NULL, &sz, pub, 1); - + int ret = wc_BuildEccKeyDer(key, NULL, &sz, pub, 1); if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) { return ret; } @@ -34709,7 +35144,11 @@ int wc_EccKeyDerSize(ecc_key* key, int pub) * length on success else < 0 */ int wc_EccPrivateKeyToDer(ecc_key* key, byte* output, word32 inLen) { - return wc_BuildEccKeyDer(key, output, &inLen, 0, 1); + int ret = wc_BuildEccKeyDer(key, output, &inLen, 0, 1); + if (ret == WC_NO_ERR_TRACE(LENGTH_ONLY_E)) { + return (int)inLen; + } + return ret; } #ifdef HAVE_PKCS8 @@ -34778,7 +35217,7 @@ static int eccToPKCS8(ecc_key* key, byte* output, word32* outLen, XFREE(tmpDer, key->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif *outLen = pkcs8Sz; - return LENGTH_ONLY_E; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); } else if (*outLen < pkcs8Sz) { @@ -34823,7 +35262,7 @@ int wc_EccKeyToPKCS8(ecc_key* key, byte* output, return eccToPKCS8(key, output, outLen, 1); } #endif /* HAVE_PKCS8 */ -#endif /* HAVE_ECC_KEY_EXPORT && !NO_ASN_CRYPT */ +#endif /* HAVE_ECC_KEY_EXPORT */ #endif /* HAVE_ECC */ #ifdef WC_ENABLE_ASYM_KEY_IMPORT @@ -35042,7 +35481,7 @@ int DecodeAsymKeyPublic_Assign(const byte* input, word32* inOutIdx, word32 inSz, word32 oid; #else word32 len; - DECL_ASNGETDATA(dataASN, edPubKeyASN_Length); + DECL_ASNGETDATA(dataASN, publicKeyASN_Length); #endif if (input == NULL || inSz == 0 || inOutIdx == NULL || @@ -35077,17 +35516,17 @@ int DecodeAsymKeyPublic_Assign(const byte* input, word32* inOutIdx, word32 inSz, #else len = inSz - *inOutIdx; - CALLOC_ASNGETDATA(dataASN, edPubKeyASN_Length, ret, NULL); + CALLOC_ASNGETDATA(dataASN, publicKeyASN_Length, ret, NULL); if (ret == 0) { /* Require OID. */ word32 oidSz; const byte* oid = OidFromId((word32)keyType, oidKeyType, &oidSz); - GetASN_ExpBuffer(&dataASN[EDPUBKEYASN_IDX_ALGOID_OID], oid, oidSz); + GetASN_ExpBuffer(&dataASN[PUBKEYASN_IDX_ALGOID_OID], oid, oidSz); /* Decode Ed25519 private key. */ - ret = GetASN_Items(edPubKeyASN, dataASN, edPubKeyASN_Length, 1, input, - inOutIdx, inSz); + ret = GetASN_Items(publicKeyASN, dataASN, publicKeyASN_Length, 1, + input, inOutIdx, inSz); if (ret != 0) ret = ASN_PARSE_E; /* check that input buffer is exhausted */ @@ -35096,12 +35535,12 @@ int DecodeAsymKeyPublic_Assign(const byte* input, word32* inOutIdx, word32 inSz, } /* Check that the all the buffer was used. */ if ((ret == 0) && - (GetASNItem_Length(dataASN[EDPUBKEYASN_IDX_SEQ], input) != len)) { + (GetASNItem_Length(dataASN[PUBKEYASN_IDX_SEQ], input) != len)) { ret = ASN_PARSE_E; } if (ret == 0) { - *pubKeyLen = dataASN[EDPUBKEYASN_IDX_PUBKEY].data.ref.length; - *pubKey = dataASN[EDPUBKEYASN_IDX_PUBKEY].data.ref.data; + *pubKeyLen = dataASN[PUBKEYASN_IDX_PUBKEY].data.ref.length; + *pubKey = dataASN[PUBKEYASN_IDX_PUBKEY].data.ref.data; } FREE_ASNGETDATA(dataASN, NULL); @@ -35251,13 +35690,16 @@ int SetAsymKeyDer(const byte* privKey, word32 privKeyLen, word32 idx = 0, seqSz, verSz, algoSz, privSz, pubSz = 0, sz; #else DECL_ASNSETDATA(dataASN, edKeyASN_Length); - int sz; + int sz = 0; #endif - /* Validate parameters. */ - if (privKey == NULL || outLen == 0) { + /* validate parameters */ + if (privKey == NULL) { return BAD_FUNC_ARG; } + if (output != NULL && outLen == 0) { + return BUFFER_E; + } #ifndef WOLFSSL_ASN_TEMPLATE /* calculate size */ @@ -35415,7 +35857,7 @@ int wc_Curve25519PublicKeyToDer(curve25519_key* key, byte* output, word32 inLen, byte pubKey[CURVE25519_PUB_KEY_SIZE]; word32 pubKeyLen = (word32)sizeof(pubKey); - if (key == NULL || output == NULL) { + if (key == NULL) { return BAD_FUNC_ARG; } @@ -35788,7 +36230,7 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size, if (idx >= size) return BUFFER_E; -#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) +#ifdef WOLFSSL_OCSP_PARSE_STATUS single->status->thisDateAsn = source + idx; localIdx = 0; if (GetDateInfo(single->status->thisDateAsn, &localIdx, NULL, @@ -35809,7 +36251,7 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size, #ifndef NO_ASN_TIME_CHECK #ifndef WOLFSSL_NO_OCSP_DATE_CHECK - if (!XVALIDATE_DATE(single->status->thisDate, single->status->thisDateFormat, BEFORE)) + if (!XVALIDATE_DATE(single->status->thisDate, single->status->thisDateFormat, ASN_BEFORE)) return ASN_BEFORE_DATE_E; #endif #endif @@ -35824,7 +36266,7 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size, idx++; if (GetLength(source, &idx, &length, size) < 0) return ASN_PARSE_E; -#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) +#ifdef WOLFSSL_OCSP_PARSE_STATUS single->status->nextDateAsn = source + idx; localIdx = 0; if (GetDateInfo(single->status->nextDateAsn, &localIdx, NULL, @@ -35845,7 +36287,7 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size, #ifndef NO_ASN_TIME_CHECK #ifndef WOLFSSL_NO_OCSP_DATE_CHECK - if (!XVALIDATE_DATE(single->status->nextDate, single->status->nextDateFormat, AFTER)) + if (!XVALIDATE_DATE(single->status->nextDate, single->status->nextDateFormat, ASN_AFTER)) return ASN_AFTER_DATE_E; #endif #endif @@ -35866,7 +36308,7 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size, *ioIndex = idx; return 0; -#else +#else /* WOLFSSL_ASN_TEMPLATE */ DECL_ASNGETDATA(dataASN, singleResponseASN_Length); int ret = 0; word32 ocspDigestSize = OCSP_DIGEST_SIZE; @@ -35876,10 +36318,6 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size, word32 issuerKeyHashLen; word32 thisDateLen; word32 nextDateLen; -#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \ - defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY) - WOLFSSL_ASN1_TIME *at; -#endif (void)wrapperSz; @@ -35953,48 +36391,49 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size, /* Store the thisDate format - only one possible. */ cs->thisDateFormat = ASN_GENERALIZED_TIME; #if !defined(NO_ASN_TIME_CHECK) && !defined(WOLFSSL_NO_OCSP_DATE_CHECK) - /* Check date is a valid string and BEFORE now. */ - if (!XVALIDATE_DATE(cs->thisDate, ASN_GENERALIZED_TIME, BEFORE)) { + /* Check date is a valid string and ASN_BEFORE now. */ + if (!XVALIDATE_DATE(cs->thisDate, ASN_GENERALIZED_TIME, ASN_BEFORE)) { ret = ASN_BEFORE_DATE_E; } + #endif /* !NO_ASN_TIME_CHECK && !WOLFSSL_NO_OCSP_DATE_CHECK */ } +#ifdef WOLFSSL_OCSP_PARSE_STATUS if (ret == 0) { - #endif - #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \ - defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY) /* Store ASN.1 version of thisDate. */ + WOLFSSL_ASN1_TIME *at; cs->thisDateAsn = GetASNItem_Addr( dataASN[SINGLERESPONSEASN_IDX_THISUPDATE_GT], source); at = &cs->thisDateParsed; at->type = ASN_GENERALIZED_TIME; XMEMCPY(at->data, cs->thisDate, thisDateLen); at->length = (int)thisDateLen; - #endif } +#endif if ((ret == 0) && (dataASN[SINGLERESPONSEASN_IDX_NEXTUPDATE_GT].tag != 0)) { /* Store the nextDate format - only one possible. */ cs->nextDateFormat = ASN_GENERALIZED_TIME; #if !defined(NO_ASN_TIME_CHECK) && !defined(WOLFSSL_NO_OCSP_DATE_CHECK) - /* Check date is a valid string and AFTER now. */ - if (!XVALIDATE_DATE(cs->nextDate, ASN_GENERALIZED_TIME, AFTER)) { + /* Check date is a valid string and ASN_AFTER now. */ + if (!XVALIDATE_DATE(cs->nextDate, ASN_GENERALIZED_TIME, ASN_AFTER)) { ret = ASN_AFTER_DATE_E; } + #endif /* !NO_ASN_TIME_CHECK && !WOLFSSL_NO_OCSP_DATE_CHECK */ } +#ifdef WOLFSSL_OCSP_PARSE_STATUS if ((ret == 0) && - (dataASN[SINGLERESPONSEASN_IDX_NEXTUPDATE_GT].tag != 0)) { - #endif - #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \ - defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY) + (dataASN[SINGLERESPONSEASN_IDX_NEXTUPDATE_GT].tag != 0)) + { /* Store ASN.1 version of thisDate. */ + WOLFSSL_ASN1_TIME *at; cs->nextDateAsn = GetASNItem_Addr( dataASN[SINGLERESPONSEASN_IDX_NEXTUPDATE_GT], source); at = &cs->nextDateParsed; at->type = ASN_GENERALIZED_TIME; XMEMCPY(at->data, cs->nextDate, nextDateLen); at->length = (int)nextDateLen; - #endif } +#endif if (ret == 0) { /* OcspEntry now used. */ single->used = 1; @@ -36002,7 +36441,7 @@ static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size, FREE_ASNGETDATA(dataASN, NULL); return ret; -#endif +#endif /* WOLFSSL_ASN_TEMPLATE */ } #ifdef WOLFSSL_ASN_TEMPLATE @@ -36614,7 +37053,7 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex, int sigValid = -1; #ifndef NO_SKID - ca = GetCA(cm, resp->single->issuerKeyHash); + ca = GetCAByKeyHash(cm, resp->single->issuerKeyHash); #else ca = GetCA(cm, resp->single->issuerHash); #endif @@ -36755,7 +37194,7 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex, /* Response didn't have a certificate - lookup CA. */ #ifndef NO_SKID - ca = GetCA(cm, resp->single->issuerKeyHash); + ca = GetCAByKeyHash(cm, resp->single->issuerKeyHash); #else ca = GetCA(cm, resp->single->issuerHash); #endif @@ -37392,8 +37831,7 @@ void FreeOcspRequest(OcspRequest* req) WOLFSSL_ENTER("FreeOcspRequest"); if (req) { - if (req->serial) - XFREE(req->serial, req->heap, DYNAMIC_TYPE_OCSP_REQUEST); + XFREE(req->serial, req->heap, DYNAMIC_TYPE_OCSP_REQUEST); req->serial = NULL; #ifdef OPENSSL_EXTRA @@ -37406,13 +37844,10 @@ void FreeOcspRequest(OcspRequest* req) req->serialInt = NULL; #endif - if (req->url) - XFREE(req->url, req->heap, DYNAMIC_TYPE_OCSP_REQUEST); + XFREE(req->url, req->heap, DYNAMIC_TYPE_OCSP_REQUEST); req->url = NULL; -#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \ - defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_APACHE_HTTPD) || \ - defined(HAVE_LIGHTY) +#ifdef OPENSSL_EXTRA if (req->cid != NULL) wolfSSL_OCSP_CERTID_free((WOLFSSL_OCSP_CERTID*)req->cid); req->cid = NULL; @@ -37630,8 +38065,7 @@ void FreeDecodedCRL(DecodedCRL* dcrl) tmp = next; } #ifdef OPENSSL_EXTRA - if (dcrl->issuer != NULL) - XFREE(dcrl->issuer, NULL, DYNAMIC_TYPE_OPENSSL); + XFREE(dcrl->issuer, NULL, DYNAMIC_TYPE_OPENSSL); #endif } @@ -38009,7 +38443,7 @@ static int ParseCRL_CertList(RevokedCert* rcert, DecodedCRL* dcrl, { #if !defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_CRL_DATE_CHECK) if (verify != NO_VERIFY && - !XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, AFTER)) { + !XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, ASN_AFTER)) { WOLFSSL_MSG("CRL after date is no longer valid"); WOLFSSL_ERROR_VERBOSE(CRL_CERT_DATE_ERR); return CRL_CERT_DATE_ERR; @@ -38072,6 +38506,7 @@ static int ParseCRL_AuthKeyIdExt(const byte* input, int sz, DecodedCRL* dcrl) } dcrl->extAuthKeyIdSet = 1; + /* Get the hash or hash of the hash if wrong size. */ ret = GetHashId(input + idx, length, dcrl->extAuthKeyId, HashIdAlg(dcrl->signatureOID)); @@ -38097,6 +38532,8 @@ static int ParseCRL_AuthKeyIdExt(const byte* input, int sz, DecodedCRL* dcrl) WOLFSSL_MSG("\tinfo: OPTIONAL item 0, not available"); } else { + dcrl->extAuthKeyIdSet = 1; + /* Get the hash or hash of the hash if wrong size. */ ret = GetHashId(dataASN[AUTHKEYIDASN_IDX_KEYID].data.ref.data, (int)dataASN[AUTHKEYIDASN_IDX_KEYID].data.ref.length, @@ -38570,7 +39007,7 @@ int ParseCRL(RevokedCert* rcert, DecodedCRL* dcrl, const byte* buff, word32 sz, tbsParams = GetASNItem_Addr(dataASN[CRLASN_IDX_TBS_SIGALGO_PARAMS], buff); - tbsParamsSz = + tbsParamsSz =(int) GetASNItem_Length(dataASN[CRLASN_IDX_TBS_SIGALGO_PARAMS], buff); } @@ -38578,7 +39015,7 @@ int ParseCRL(RevokedCert* rcert, DecodedCRL* dcrl, const byte* buff, word32 sz, sigParams = GetASNItem_Addr(dataASN[CRLASN_IDX_SIGALGO_PARAMS], buff); - sigParamsSz = + sigParamsSz = (int) GetASNItem_Length(dataASN[CRLASN_IDX_SIGALGO_PARAMS], buff); dcrl->sigParamsIndex = @@ -38605,7 +39042,7 @@ int ParseCRL(RevokedCert* rcert, DecodedCRL* dcrl, const byte* buff, word32 sz, ret = ASN_PARSE_E; } else if ((tbsParamsSz > 0) && - (XMEMCMP(tbsParams, sigParams, tbsParamsSz) != 0)) { + (XMEMCMP(tbsParams, sigParams, (word32)tbsParamsSz) != 0)) { WOLFSSL_MSG("CRL TBS and signature parameter mismatch"); ret = ASN_PARSE_E; } @@ -38622,7 +39059,7 @@ int ParseCRL(RevokedCert* rcert, DecodedCRL* dcrl, const byte* buff, word32 sz, if (dcrl->nextDateFormat != 0) { /* Next date was set, so validate it. */ if (verify != NO_VERIFY && - !XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, AFTER)) { + !XVALIDATE_DATE(dcrl->nextDate, dcrl->nextDateFormat, ASN_AFTER)) { WOLFSSL_MSG("CRL after date is no longer valid"); ret = CRL_CERT_DATE_ERR; WOLFSSL_ERROR_VERBOSE(ret); @@ -38934,10 +39371,8 @@ int wc_MIME_parse_headers(char* in, int inLen, MimeHdr** headers) mimeType == MIME_PARAM)) && pos >= 1) { mimeStatus = MIME_BODYVAL; end = pos-1; - if (nameAttr != NULL) { - XFREE(nameAttr, NULL, DYNAMIC_TYPE_PKCS7); - nameAttr = NULL; - } + XFREE(nameAttr, NULL, DYNAMIC_TYPE_PKCS7); + nameAttr = NULL; ret = wc_MIME_header_strip(curLine, &nameAttr, start, end); if (ret) { goto error; @@ -38946,10 +39381,8 @@ int wc_MIME_parse_headers(char* in, int inLen, MimeHdr** headers) } else if (mimeStatus == MIME_BODYVAL && cur == ';' && pos >= 1) { end = pos-1; - if (bodyVal != NULL) { - XFREE(bodyVal, NULL, DYNAMIC_TYPE_PKCS7); - bodyVal = NULL; - } + XFREE(bodyVal, NULL, DYNAMIC_TYPE_PKCS7); + bodyVal = NULL; ret = wc_MIME_header_strip(curLine, &bodyVal, start, end); if (ret) { goto error; @@ -39042,12 +39475,9 @@ int wc_MIME_parse_headers(char* in, int inLen, MimeHdr** headers) if (ret != 0) wc_MIME_free_hdrs(curHdr); wc_MIME_free_hdrs(nextHdr); - if (nameAttr != NULL) - XFREE(nameAttr, NULL, DYNAMIC_TYPE_PKCS7); - if (bodyVal != NULL) - XFREE(bodyVal, NULL, DYNAMIC_TYPE_PKCS7); - if (nextParam != NULL) - XFREE(nextParam, NULL, DYNAMIC_TYPE_PKCS7); + XFREE(nameAttr, NULL, DYNAMIC_TYPE_PKCS7); + XFREE(bodyVal, NULL, DYNAMIC_TYPE_PKCS7); + XFREE(nextParam, NULL, DYNAMIC_TYPE_PKCS7); return ret; } @@ -40029,6 +40459,1032 @@ int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz, const byte* e, } #endif /* !NO_RSA && (!NO_BIG_INT || WOLFSSL_SP_MATH) */ +#if defined(WOLFSSL_ACERT) && defined(WOLFSSL_ASN_TEMPLATE) +/* Initialize decoded certificate object with buffer of DER encoding. + * + * @param [in, out] cert Decoded certificate object. + * @param [in] source Buffer containing DER encoded certificate. + * @param [in] inSz Size of DER data in buffer in bytes. + * @param [in] heap Dynamic memory hint. + */ +void InitDecodedAcert(DecodedAcert* acert, const byte* source, word32 inSz, + void* heap) +{ + if (acert == NULL) { + return; + } + + WOLFSSL_MSG("InitDecodedAcert"); + + XMEMSET(acert, 0, sizeof(DecodedAcert)); + acert->heap = heap; + acert->source = source; /* don't own */ + acert->maxIdx = inSz; /* can't go over this index */ + acert->heap = heap; + + InitSignatureCtx(&acert->sigCtx, heap, INVALID_DEVID); + + return; +} + +/* Free the decoded attribute cert object's dynamic data. + * + * @param [in, out] acert Attribute Decoded certificate object. + */ +void FreeDecodedAcert(DecodedAcert * acert) +{ + if (acert == NULL) { + return; + } + + WOLFSSL_MSG("FreeDecodedAcert"); + + if (acert->holderIssuerName) { + FreeAltNames(acert->holderIssuerName, acert->heap); + acert->holderIssuerName = NULL; + } + + if (acert->holderEntityName) { + FreeAltNames(acert->holderEntityName, acert->heap); + acert->holderEntityName = NULL; + } + + if (acert->AttCertIssuerName) { + FreeAltNames(acert->AttCertIssuerName, acert->heap); + acert->AttCertIssuerName = NULL; + } + + FreeSignatureCtx(&acert->sigCtx); + + XMEMSET(acert, 0, sizeof(DecodedAcert)); + return; +} + +/* Decode an Attribute Cert GeneralName field. + * + * @param [in] input Buffer containing encoded OtherName. + * @param [in, out] inOutIdx On in, the index of the start of the OtherName. + * On out, index after OtherName. + * @param [in] len Length of data in buffer. + * @param [in] cert Decoded attribute certificate object. + * @param [in, out] entries Linked list of DNS name entries. + * + * @return 0 on success. + * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or + * is invalid. + * @return BUFFER_E when data in buffer is too small. + * @return ASN_UNKNOWN_OID_E when the OID cannot be verified. + * @return MEMORY_E when dynamic memory allocation fails. + */ +static int DecodeAcertGeneralName(const byte* input, word32* inOutIdx, + byte tag, int len, DecodedAcert* acert, + DNS_entry** entries) +{ + int ret = 0; + word32 idx = *inOutIdx; + + /* GeneralName choice: dnsName */ + if (tag == (ASN_CONTEXT_SPECIFIC | ASN_DNS_TYPE)) { + ret = SetDNSEntry(acert->heap, (const char*)(input + idx), len, + ASN_DNS_TYPE, entries); + if (ret == 0) { + idx += (word32)len; + } + } +#ifndef IGNORE_NAME_CONSTRAINTS + /* GeneralName choice: directoryName */ + else if (tag == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | ASN_DIR_TYPE)) { + int strLen = 0; + word32 idxDir = idx; + + /* Expecting a SEQUENCE using up all data. */ + if (GetASN_Sequence(input, &idxDir, &strLen, idx + (word32)len, 1) < 0) + { + WOLFSSL_MSG("\tfail: seq length"); + return ASN_PARSE_E; + } + + ret = SetDNSEntry(acert->heap, (const char*)(input + idxDir), strLen, + ASN_DIR_TYPE, entries); + if (ret == 0) { + idx += (word32)len; + } + } + /* GeneralName choice: rfc822Name */ + else if (tag == (ASN_CONTEXT_SPECIFIC | ASN_RFC822_TYPE)) { + ret = SetDNSEntry(acert->heap, (const char*)(input + idx), len, + ASN_RFC822_TYPE, entries); + if (ret == 0) { + idx += (word32)len; + } + } + /* GeneralName choice: uniformResourceIdentifier */ + else if (tag == (ASN_CONTEXT_SPECIFIC | ASN_URI_TYPE)) { + WOLFSSL_MSG("\tPutting URI into list but not using"); + + #if !defined(WOLFSSL_NO_ASN_STRICT) && !defined(WOLFSSL_FPKI) + /* Verify RFC 5280 Sec 4.2.1.6 rule: + "The name MUST NOT be a relative URI" + As per RFC 3986 Sec 4.3, an absolute URI is only required to contain + a scheme and hier-part. So the only strict requirement is a ':' + being present after the scheme. If a '/' is present as part of the + hier-part, it must come after the ':' (see RFC 3986 Sec 3). */ + { + int i = 0; + + /* skip past scheme (i.e http,ftp,...) finding first ':' char */ + for (i = 0; i < len; i++) { + if (input[idx + (word32)i] == ':') { + break; + } + if (input[idx + (word32)i] == '/') { + i = len; /* error, found relative path since '/' was + * encountered before ':'. Returning error + * value in next if statement. */ + } + } + + /* test hier-part is empty */ + if (i == 0 || i == len) { + WOLFSSL_MSG("\tEmpty or malformed URI"); + WOLFSSL_ERROR_VERBOSE(ASN_ALT_NAME_E); + return ASN_ALT_NAME_E; + } + + /* test if scheme is missing */ + if (input[idx + (word32)i] != ':') { + WOLFSSL_MSG("\tAlt Name must be absolute URI"); + WOLFSSL_ERROR_VERBOSE(ASN_ALT_NAME_E); + return ASN_ALT_NAME_E; + } + } + #endif + + ret = SetDNSEntry(acert->heap, (const char*)(input + idx), len, + ASN_URI_TYPE, entries); + if (ret == 0) { + idx += (word32)len; + } + } + #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || \ + defined(WOLFSSL_IP_ALT_NAME) + /* GeneralName choice: iPAddress */ + else if (tag == (ASN_CONTEXT_SPECIFIC | ASN_IP_TYPE)) { + ret = SetDNSEntry(acert->heap, (const char*)(input + idx), len, + ASN_IP_TYPE, entries); + if (ret == 0) { + idx += (word32)len; + } + } + #endif /* WOLFSSL_QT || OPENSSL_ALL */ + + #ifdef OPENSSL_ALL + /* GeneralName choice: registeredID */ + else if (tag == (ASN_CONTEXT_SPECIFIC | ASN_RID_TYPE)) { + ret = SetDNSEntry(acert->heap, (const char*)(input + idx), len, + ASN_RID_TYPE, entries); + if (ret == 0) { + idx += (word32)len; + } + } + #endif +#endif /* IGNORE_NAME_CONSTRAINTS */ + /* GeneralName choice: dNSName, x400Address, ediPartyName */ + else { + WOLFSSL_MSG("\tUnsupported name type, skipping"); + idx += (word32)len; + } + + if (ret == 0) { + /* Return index of next encoded byte. */ + *inOutIdx = idx; + } + return ret; +} + +/* Decode General Names from an ACERT input. + * + * @param [in] input Buffer holding encoded data. + * @param [in] sz Size of encoded data in bytes. + * @param [in, out] cert Decoded certificate object. + * @param [in, out] entries Linked list of DNS name entries. + * + * @return 0 on success. + * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or + * is invalid. + * @return BUFFER_E when data in buffer is too small. + * @return ASN_UNKNOWN_OID_E when the OID cannot be verified. + * @return MEMORY_E when dynamic memory allocation fails. + */ +static int DecodeAcertGeneralNames(const byte* input, word32 sz, + DecodedAcert* acert, + DNS_entry** entries) +{ + word32 idx = 0; + int length = 0; + int ret = 0; + word32 numNames = 0; + + /* Get SEQUENCE and expect all data to be accounted for. */ + if (GetASN_Sequence(input, &idx, &length, sz, 1) != 0) { + WOLFSSL_MSG("\tBad Sequence"); + return ASN_PARSE_E; + } + + if (length == 0) { + /* There is supposed to be a non-empty sequence here. */ + WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E); + return ASN_PARSE_E; + } + + if ((word32)length + idx != sz) { + return ASN_PARSE_E; + } + + while ((ret == 0) && (idx < sz)) { + ASNGetData dataASN[altNameASN_Length]; + + numNames++; + if (numNames > WOLFSSL_MAX_ALT_NAMES) { + WOLFSSL_MSG("error: acert: too many subject alternative names"); + ret = ASN_ALT_NAME_E; + break; + } + + /* Clear dynamic data items. */ + XMEMSET(dataASN, 0, sizeof(dataASN)); + /* Parse GeneralName with the choices supported. */ + GetASN_Choice(&dataASN[ALTNAMEASN_IDX_GN], generalNameChoice); + /* Decode a GeneralName choice. */ + ret = GetASN_Items(altNameASN, dataASN, altNameASN_Length, 0, input, + &idx, sz); + + if (ret != 0) { + break; + } + + ret = DecodeAcertGeneralName(input, &idx, + dataASN[ALTNAMEASN_IDX_GN].tag, + (int)dataASN[ALTNAMEASN_IDX_GN].length, + acert, entries); + } + + return ret; +} + +/* Holder has three potential forms: + * Holder ::= SEQUENCE { + * baseCertificateID [0] IssuerSerial OPTIONAL, + * -- the issuer and serial number of + * -- the holder's Public Key Certificate + * entityName [1] GeneralNames OPTIONAL, + * -- the name of the claimant or role + * objectDigestInfo [2] ObjectDigestInfo OPTIONAL + * -- used to directly authenticate the holder, + * -- for example, an executable + * } + * + * where IssuerSerial is: + * IssuerSerial ::= SEQUENCE { + * issuer GeneralNames, + * serial CertificateSerialNumber, + * issuerUID UniqueIdentifier OPTIONAL + * } + * + * Note: + * - Holder Option 2 objectDigestInfo is not mandatory + * for the spec and is not implemented here yet. + * + * - issuerUniqueID not supported yet. + * */ +static const ASNItem HolderASN[] = +{ + /* Holder root sequence. */ +/* HOLDER_SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 }, + /* Holder Option 0:*/ +/* ISSUERSERIAL_SEQ */ { 1, ASN_CONTEXT_SPECIFIC | 0, 1, 1, 2 }, + /* issuer GeneralNames, */ +/* GN_SEQ */ { 2, ASN_SEQUENCE, 1, 0, 0 }, + /* serial CertificateSerialNumber */ +/* SERIAL_INT */ { 2, ASN_INTEGER, 0, 0, 0 }, + /* Holder Option 1:*/ +/* GN_SEQ */ { 1, ASN_CONTEXT_SPECIFIC | 1, 1, 0, 2 }, +}; + +enum { + HOLDER_IDX_SEQ = 0, + HOLDER_IDX_ISSUERSERIAL_SEQ, + HOLDER_IDX_GN_SEQ, + HOLDER_IDX_SERIAL_INT, + HOLDER_IDX_GN_SEQ_OPT1 +}; + +/* Number of items in ASN template for an X509 Acert. */ +#define HolderASN_Length (sizeof(HolderASN) / sizeof(ASNItem)) + +/* Decode the Holder field of an x509 attribute certificate. + * + * + * @param [in] input Buffer containing encoded Holder field. + * @param [in] len Length of Holder field. + * @param [in] cert Decoded certificate object. + * + * @return 0 on success. + * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or + * is invalid. + * @return BUFFER_E when data in buffer is too small. + * @return ASN_UNKNOWN_OID_E when the OID cannot be verified. + * @return MEMORY_E when dynamic memory allocation fails. + * */ +static int DecodeHolder(const byte* input, word32 len, DecodedAcert* acert) +{ + DECL_ASNGETDATA(dataASN, HolderASN_Length); + int ret = 0; + word32 idx = 0; + word32 holderSerialSz = 0; + + if (input == NULL || len <= 0 || acert == NULL) { + return BUFFER_E; + } + + CALLOC_ASNGETDATA(dataASN, HolderASN_Length, ret, acert->heap); + + if (ret != 0) { + FREE_ASNGETDATA(dataASN, acert->heap); + return MEMORY_E; + } + + holderSerialSz = EXTERNAL_SERIAL_SIZE; + + GetASN_Buffer(&dataASN[HOLDER_IDX_SERIAL_INT], acert->holderSerial, + &holderSerialSz); + + ret = GetASN_Items(HolderASN, dataASN, HolderASN_Length, 0, input, + &idx, len); + + if (ret != 0) { + WOLFSSL_MSG("error: Holder: GetASN_Items failed"); + FREE_ASNGETDATA(dataASN, acert->heap); + return ret; + } + + if (dataASN[HOLDER_IDX_SERIAL_INT].tag != 0) { + acert->holderSerialSz = (int)holderSerialSz; + } + else { + acert->holderSerialSz = 0; + } + + { + /* Now parse the GeneralNames field. + * Use the HOLDER_IDX_GN_SEQ offset for input. */ + const byte * gn_input = NULL; + word32 gn_len = 0; + word32 holder_index = HOLDER_IDX_GN_SEQ; + + /* Determine which tag was seen. */ + if (dataASN[HOLDER_IDX_GN_SEQ].tag != 0) { + gn_input = input + dataASN[holder_index].offset; + gn_len = dataASN[holder_index].length + 2; + } + else { + gn_input = input; + gn_len = len; + } + + ret = DecodeAcertGeneralNames(gn_input, gn_len, acert, + &acert->holderIssuerName); + + if (ret != 0) { + WOLFSSL_MSG("error: Holder: DecodeAcertGeneralNames failed"); + FREE_ASNGETDATA(dataASN, acert->heap); + return ret; + } + } + + FREE_ASNGETDATA(dataASN, acert->heap); + return 0; +} + +/* From RFC 5755. + * 4.2.3. Issuer + * + * ACs conforming to this profile MUST use the v2Form choice, which MUST + * contain one and only one GeneralName in the issuerName, which MUST + * contain a non-empty distinguished name in the directoryName field. + * This means that all AC issuers MUST have non-empty distinguished + * names. ACs conforming to this profile MUST omit the + * baseCertificateID and objectDigestInfo fields. + * + * 4.1. X.509 Attribute Certificate Definition + * + * AttCertIssuer ::= CHOICE { + * v1Form GeneralNames, -- MUST NOT be used in this + * -- profile + * v2Form [0] V2Form -- v2 only + * } + * + * V2Form ::= SEQUENCE { + * issuerName GeneralNames OPTIONAL, + * baseCertificateID [0] IssuerSerial OPTIONAL, + * objectDigestInfo [1] ObjectDigestInfo OPTIONAL + * -- issuerName MUST be present in this profile + * -- baseCertificateID and objectDigestInfo MUST + * -- NOT be present in this profile + * } + * */ +static const ASNItem AttCertIssuerASN[] = +{ + /* V2Form ::= SEQUENCE { */ +/* AttCertIssuer_GN_SEQ */ { 0, ASN_SEQUENCE, 1, 0, 0 }, +}; + +enum { + ATTCERTISSUER_IDX_GN_SEQ +}; + +/* Number of items in ASN template for an X509 Acert. */ +#define AttCertIssuerASN_Length (sizeof(AttCertIssuerASN) / sizeof(ASNItem)) + +/* Decode the AttCertIssuer Field of an x509 attribute certificate. + * + * + * @param [in] input Buffer containing encoded AttCertIssuer field. + * @param [in] len Length of Holder field. + * @param [in] cert Decoded certificate object. + * + * @return 0 on success. + * @return ASN_PARSE_E when BER encoded data does not match ASN.1 items or + * is invalid. + * @return BUFFER_E when data in buffer is too small. + * @return ASN_UNKNOWN_OID_E when the OID cannot be verified. + * @return MEMORY_E when dynamic memory allocation fails. + * */ +static int DecodeAttCertIssuer(const byte* input, word32 len, + DecodedAcert* cert) +{ + DECL_ASNGETDATA(dataASN, AttCertIssuerASN_Length); + int ret = 0; + word32 idx = 0; + const byte * gn_input = NULL; + word32 gn_len = 0; + + if (input == NULL || len <= 0 || cert == NULL) { + return BUFFER_E; + } + + CALLOC_ASNGETDATA(dataASN, AttCertIssuerASN_Length, ret, cert->heap); + + if (ret != 0) { + return MEMORY_E; + } + + ret = GetASN_Items(AttCertIssuerASN, dataASN, AttCertIssuerASN_Length, + 0, input, &idx, len); + + if (ret != 0) { + FREE_ASNGETDATA(dataASN, cert->heap); + WOLFSSL_MSG("error: AttCertIssuer: GetASN_Items failed"); + return ret; + } + + /* Now parse the GeneralNames field. + * Use the HOLDER_IDX_GN_SEQ offset for input. */ + gn_input = input + dataASN[ATTCERTISSUER_IDX_GN_SEQ].offset; + gn_len = dataASN[ATTCERTISSUER_IDX_GN_SEQ].length + 2; + + ret = DecodeAcertGeneralNames(gn_input, gn_len, cert, + &cert->AttCertIssuerName); + + if (ret != 0) { + FREE_ASNGETDATA(dataASN, cert->heap); + WOLFSSL_MSG("error: AttCertIssuer: DecodeAcertGeneralNames failed"); + return ret; + } + + FREE_ASNGETDATA(dataASN, cert->heap); + return 0; +} + + +/* ASN template for an X509 Attribute Certificate, + * from RFC 5755 + */ +static const ASNItem AcertASN[] = +{ + /* AttributeCertificate ::= SEQUENCE */ +/* SEQ */ { 0, ASN_SEQUENCE, 1, 1, 0 }, + /* AttributeCertificateInfo ::= SEQUENCE */ +/* ACINFO_SEQ */ { 1, ASN_SEQUENCE, 1, 1, 0 }, + /* AttCertVersion ::= INTEGER { v2(1) } */ +/* ACINFO_VER_INT */ { 2, ASN_INTEGER, 0, 0, 0 }, + /* holder Holder */ +/* ACINFO_HOLDER_SEQ */ { 2, ASN_SEQUENCE, 1, 0, 0 }, + /* issuer AttCertIssuer */ +/* ACINFO_CHOICE_SEQ */ { 2, ASN_CONTEXT_SPECIFIC | 0, 1, 0, 2 }, +/* ACINFO_ISSUER_SEQ */ { 2, ASN_SEQUENCE | 0, 1, 0, 2 }, + /* signature AlgorithmIdentifier */ + /* AlgorithmIdentifier ::= SEQUENCE */ +/* ACINFO_ALGOID_SEQ */ { 2, ASN_SEQUENCE, 1, 1, 0 }, + /* Algorithm OBJECT IDENTIFIER */ +/* ACINFO_ALGOID_OID */ { 3, ASN_OBJECT_ID, 0, 0, 0 }, + /* parameters */ +/* ACINFO_ALGOID_PARAMS_NULL */ { 3, ASN_TAG_NULL, 0, 0, 2 }, +#ifdef WC_RSA_PSS +/* ACINFO_ALGOID_PARAMS */ { 3, ASN_SEQUENCE, 1, 0, 2 }, +#endif + /* CertificateSerialNumber ::= INTEGER */ +/* ACINFO_SERIAL */ { 2, ASN_INTEGER, 0, 0, 0 }, + /* Validity ::= SEQUENCE */ +/* ACINFO_VALIDITY_SEQ */ { 2, ASN_SEQUENCE, 1, 1, 0 }, + /* notBeforeTime GeneralizedTime, */ +/* ACINFO_VALIDITY_NOTB_GT */ { 3, ASN_GENERALIZED_TIME, 0, 0, 2 }, + /* notAfterTime GeneralizedTime */ +/* ACINFO_VALIDITY_NOTA_GT */ { 3, ASN_GENERALIZED_TIME, 0, 0, 3 }, + /* attributes SEQUENCE OF Attribute */ +/* ACINFO_ATTRIBUTES_SEQ */ { 2, ASN_SEQUENCE, 1, 0, 0 }, + /* issuerUniqueID OPTIONAL, */ +/* ACINFO_UNIQUE_ID */ { 2, ASN_CONTEXT_SPECIFIC | 1, 0, 0, 1 }, + /* extensions OPTIONAL */ +/* ACINFO_EXT */ { 2, ASN_CONTEXT_SPECIFIC | 2, 1, 1, 1 }, +/* ACINFO_EXT_SEQ */ { 2, ASN_SEQUENCE, 1, 0, 1 }, + /* signature AlgorithmIdentifier */ + /* AlgorithmIdentifier ::= SEQUENCE */ +/* SIGALGO_SEQ */ { 1, ASN_SEQUENCE, 1, 1, 0 }, + /* Algorithm OBJECT IDENTIFIER */ +/* SIGALGO_OID */ { 2, ASN_OBJECT_ID, 0, 0, 0 }, + /* parameters */ +/* SIGALGO_PARAMS_NULL */ { 2, ASN_TAG_NULL, 0, 0, 2 }, +#ifdef WC_RSA_PSS +/* SIGALGO_PARAMS */ { 2, ASN_SEQUENCE, 1, 0, 2 }, +#endif + /* signature BIT STRING */ +/* SIGNATURE */ { 1, ASN_BIT_STRING, 0, 0, 0 }, +}; + +enum { + ACERT_IDX_SEQ = 0, + ACERT_IDX_ACINFO_SEQ, + ACERT_IDX_ACINFO_VER_INT, + /* ACINFO holder and issuer */ + ACERT_IDX_ACINFO_HOLDER_SEQ, + ACERT_IDX_ACINFO_CHOICE_SEQ, + ACERT_IDX_ACINFO_ISSUER_SEQ, + /* ACINFO sig alg*/ + ACERT_IDX_ACINFO_ALGOID_SEQ, + ACERT_IDX_ACINFO_ALGOID_OID, + ACERT_IDX_ACINFO_ALGOID_PARAMS_NULL, +#ifdef WC_RSA_PSS + /* Additional RSA-PSS params. */ + ACERT_IDX_ACINFO_ALGOID_PARAMS, +#endif + /* serial number */ + ACERT_IDX_ACINFO_SERIAL, + /* validity time */ + ACERT_IDX_ACINFO_VALIDITY_SEQ, + ACERT_IDX_ACINFO_VALIDITY_NOTB_GT, + ACERT_IDX_ACINFO_VALIDITY_NOTA_GT, + /* attributes */ + ACERT_IDX_ACINFO_ATTRIBUTES_SEQ, + /* unique identifier */ + ACERT_IDX_ACINFO_UNIQUE_ID, + /* extensions */ + ACERT_ACINFO_EXT, + ACERT_ACINFO_EXT_SEQ, + /* sig alg */ + ACERT_IDX_SIGALGO_SEQ, + ACERT_IDX_SIGALGO_OID, + ACERT_IDX_SIGALGO_PARAMS_NULL, +#ifdef WC_RSA_PSS + /* Additional RSA-PSS params. */ + ACERT_IDX_SIGALGO_PARAMS, +#endif + /* signature */ + ACERT_IDX_SIGNATURE, + WOLF_ENUM_DUMMY_LAST_ELEMENT(ACERT_IDX) +}; + +/* Number of items in ASN template for an X509 Acert. */ +#define AcertASN_Length (sizeof(AcertASN) / sizeof(ASNItem)) + +/* Initial implementation for parsing and verifying an + * X509 Attribute Certificate (RFC 5755). + * + * At present these fields are NOT parsed: + * - issuerUniqueID + * - extensions + * - attributes + * + * Returns 0 on success. + * Returns negative error code on error/failure. + * */ +int ParseX509Acert(DecodedAcert* acert, int verify) +{ + DECL_ASNGETDATA(dataASN, AcertASN_Length); + int ret = 0; + word32 idx = 0; + int badDate = 0; + byte version = 0; + word32 serialSz = EXTERNAL_SERIAL_SIZE; + + if (acert == NULL) { + return BAD_FUNC_ARG; + } + + CALLOC_ASNGETDATA(dataASN, AcertASN_Length, ret, acert->heap); + + if (ret != 0) { + return MEMORY_E; + } + + /* Get the version and put the serial number into the buffer. */ + GetASN_Int8Bit(&dataASN[ACERT_IDX_ACINFO_VER_INT], &version); + + GetASN_Buffer(&dataASN[ACERT_IDX_ACINFO_SERIAL], acert->serial, + &serialSz); + + /* Check OID types for signature algorithm. */ + GetASN_OID(&dataASN[ACERT_IDX_ACINFO_ALGOID_OID], oidSigType); + GetASN_OID(&dataASN[ACERT_IDX_SIGALGO_OID], oidSigType); + + /* Parse the X509 certificate. */ + ret = GetASN_Items(AcertASN, dataASN, AcertASN_Length, 1, + acert->source, &acert->srcIdx, acert->maxIdx); + + if (ret != 0) { + FREE_ASNGETDATA(dataASN, acert->heap); + return ret; + } + + /* Check version is valid/supported - can't be negative. */ + if (version > MAX_X509_VERSION) { + FREE_ASNGETDATA(dataASN, acert->heap); + WOLFSSL_MSG("Unexpected attribute certificate version"); + WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E); + return ASN_PARSE_E; + } + + acert->version = version; + acert->serialSz = (int)serialSz; + + acert->signatureOID = dataASN[ACERT_IDX_ACINFO_ALGOID_OID].data.oid.sum; + acert->certBegin = dataASN[ACERT_IDX_ACINFO_SEQ].offset; + + /* check BEFORE date. */ + idx = ACERT_IDX_ACINFO_VALIDITY_NOTB_GT; + if (CheckDate(&dataASN[idx], BEFORE) < 0) { + if ((verify != NO_VERIFY) && (verify != VERIFY_SKIP_DATE)) { + badDate = ASN_BEFORE_DATE_E; + } + } + + /* Store reference to BEFORE date. */ + acert->beforeDate = GetASNItem_Addr(dataASN[idx], acert->source); + acert->beforeDateLen = (int)GetASNItem_Length(dataASN[idx], acert->source); + + /* check AFTER date. */ + idx = ACERT_IDX_ACINFO_VALIDITY_NOTA_GT; + if (CheckDate(&dataASN[idx], AFTER) < 0) { + if ((verify != NO_VERIFY) && (verify != VERIFY_SKIP_DATE)) { + badDate = ASN_BEFORE_DATE_E; + } + } + + /* Store reference to AFTER date. */ + acert->afterDate = GetASNItem_Addr(dataASN[idx], acert->source); + acert->afterDateLen = (int)GetASNItem_Length(dataASN[idx], acert->source); + + /* Store the signature information. */ + acert->sigIndex = dataASN[ACERT_IDX_SIGALGO_SEQ].offset; + GetASN_GetConstRef(&dataASN[ACERT_IDX_SIGNATURE], + &acert->signature, &acert->sigLength); + + /* Make sure 'signature' and 'signatureAlgorithm' are the same. */ + if (dataASN[ACERT_IDX_SIGALGO_OID].data.oid.sum != acert->signatureOID) { + FREE_ASNGETDATA(dataASN, acert->heap); + WOLFSSL_ERROR_VERBOSE(ASN_SIG_OID_E); + return ASN_SIG_OID_E; + } + + /* Parameters not allowed after ECDSA or EdDSA algorithm OID. */ + if (IsSigAlgoECC(acert->signatureOID)) { + if ((dataASN[ACERT_IDX_SIGALGO_PARAMS_NULL].tag != 0) + #ifdef WC_RSA_PSS + || (dataASN[ACERT_IDX_SIGALGO_PARAMS].tag != 0) + #endif + ) { + FREE_ASNGETDATA(dataASN, acert->heap); + WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E); + return ASN_PARSE_E; + } + } + + #ifdef WC_RSA_PSS + /* Check parameters starting with a SEQUENCE. */ + if (dataASN[ACERT_IDX_SIGALGO_PARAMS].tag != 0) { + word32 oid = dataASN[ACERT_IDX_SIGALGO_OID].data.oid.sum; + word32 sigAlgParamsSz = 0; + const byte * acParams = NULL; + word32 acParamsSz = 0; + const byte * sigAlgParams = NULL; + + /* Parameters only with RSA PSS. */ + if (oid != CTC_RSASSAPSS) { + FREE_ASNGETDATA(dataASN, acert->heap); + WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E); + return ASN_PARSE_E; + } + + /* Check RSA PSS parameters are the same. */ + acParams = GetASNItem_Addr(dataASN[ACERT_IDX_ACINFO_ALGOID_PARAMS], + acert->source); + acParamsSz = GetASNItem_Length(dataASN[ACERT_IDX_ACINFO_ALGOID_PARAMS], + acert->source); + sigAlgParams = GetASNItem_Addr(dataASN[ACERT_IDX_SIGALGO_PARAMS], + acert->source); + sigAlgParamsSz = GetASNItem_Length(dataASN[ACERT_IDX_SIGALGO_PARAMS], + acert->source); + + if ((acParamsSz != sigAlgParamsSz) || + (XMEMCMP(acParams, sigAlgParams, acParamsSz) != 0)) { + + FREE_ASNGETDATA(dataASN, acert->heap); + WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E); + return ASN_PARSE_E; + } + + /* Store RSA PSS parameters for use in signature verification. */ + acert->sigParamsIndex = dataASN[ACERT_IDX_SIGALGO_PARAMS].offset; + acert->sigParamsLength = sigAlgParamsSz; + } + #endif + + /* Store the raw Attributes field. */ + GetASN_GetConstRef(&dataASN[ACERT_IDX_ACINFO_ATTRIBUTES_SEQ], + &acert->rawAttr, &acert->rawAttrLen); + + { + /* Now parse the Holder and AttCertIssuer fields. + * Use the ACINFO holder and issuer sequence offset for input. */ + const byte * holder_input = NULL; + word32 holder_len = 0; + const byte * issuer_input = NULL; + word32 issuer_len = 0; + word32 i_holder = ACERT_IDX_ACINFO_HOLDER_SEQ; + word32 i_issuer = 0; + + /* Determine which issuer tag was seen. We need this to determine + * the holder_input. */ + i_issuer = (dataASN[ACERT_IDX_ACINFO_CHOICE_SEQ].tag != 0) ? + ACERT_IDX_ACINFO_CHOICE_SEQ : ACERT_IDX_ACINFO_ISSUER_SEQ; + + holder_input = acert->source + dataASN[i_holder].offset; + holder_len = dataASN[i_issuer].offset - dataASN[i_holder].offset; + + ret = DecodeHolder(holder_input, holder_len, acert); + + if (ret != 0) { + FREE_ASNGETDATA(dataASN, acert->heap); + return ret; + } + + #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE + printf("debug: parse acert:issuer index: %d\n", i_issuer); + #endif /* WOLFSSL_DEBUG_ASN_TEMPLATE */ + + GetASN_GetConstRef(&dataASN[i_issuer], &issuer_input, &issuer_len); + + if (i_issuer == ACERT_IDX_ACINFO_CHOICE_SEQ && issuer_len > 0) { + /* Try to decode the AttCertIssuer as well. */ + ret = DecodeAttCertIssuer(issuer_input, issuer_len, acert); + + if (ret != 0) { + FREE_ASNGETDATA(dataASN, acert->heap); + return ret; + } + } + #ifdef WOLFSSL_DEBUG_ASN_TEMPLATE + else { + printf("debug: parse acert: unsupported issuer format: %d, %d\n", + i_issuer, issuer_len); + } + #endif /* WOLFSSL_DEBUG_ASN_TEMPLATE */ + } + + if (badDate) { + if ((verify != NO_VERIFY) && (verify != VERIFY_SKIP_DATE)) { + ret = badDate; + } + } + + FREE_ASNGETDATA(dataASN, acert->heap); + return ret; +} + +/* Given the parsed attribute cert info, verify the signature. + * + * The sigCtx is alloced and freed here. + * + * @param [in] acinfo the parsed acinfo sequence + * @param [in] acinfoSz the parsed acinfo sequence length + * @param [in] pubKey public key + * @param [in] pubKeySz public key length + * @param [in] pubKeyOID public key oid + * @param [in] sig the parsed signature + * @param [in] sigSz the parsed signature length + * @param [in] sigOID the parsed signature OID + * @param [in] sigParams the parsed signature RSA-PSS params + * @param [in] sigParamsSz the parsed signature RSA-PSS params length + * @param [in] heap heap hint + * + * @return 0 on verify success + * @return < 0 on error + * */ +static int acert_sig_verify(const byte * acinfo, word32 acinfoSz, + const byte * pubKey, word32 pubKeySz, + int pubKeyOID, const byte * sig, word32 sigSz, + word32 sigOID, const byte * sigParams, + word32 sigParamsSz, void * heap) +{ +#ifndef WOLFSSL_SMALL_STACK + SignatureCtx sigCtx[1]; +#else + SignatureCtx * sigCtx = NULL; +#endif + int ret = 0; + + #ifdef WOLFSSL_SMALL_STACK + sigCtx = (SignatureCtx*)XMALLOC(sizeof(*sigCtx), heap, + DYNAMIC_TYPE_SIGNATURE); + if (sigCtx == NULL) { + WOLFSSL_MSG("error: VerifyX509Acert: malloc sigCtx failed"); + return MEMORY_E; + } + #endif + + InitSignatureCtx(sigCtx, heap, INVALID_DEVID); + + /* Check x509 acert signature. */ + ret = ConfirmSignature(sigCtx, acinfo, acinfoSz, pubKey, pubKeySz, + (word32)pubKeyOID, sig, sigSz, sigOID, + sigParams, sigParamsSz, NULL); + + if (ret == WC_NO_ERR_TRACE(ASN_SIG_CONFIRM_E)) { + WOLFSSL_MSG("info: VerifyX509Acert: confirm signature failed"); + } + + FreeSignatureCtx(sigCtx); + #ifdef WOLFSSL_SMALL_STACK + XFREE(sigCtx, heap, DYNAMIC_TYPE_SIGNATURE); + sigCtx = NULL; + #endif + + return ret; +} + +/* Verify the X509 ACERT signature, using the given pubkey. + * + * @param [in] der input acert in der format + * @param [in] derSz acert length + * @param [in] pubKey public key + * @param [in] pubKeySz public key length + * @param [in] pubKeyOID public key oid + * @param [in] heap heap hint + * + * @return 0 on success + * @return < 0 on error + * */ +int VerifyX509Acert(const byte* der, word32 derSz, + const byte* pubKey, word32 pubKeySz, int pubKeyOID, + void * heap) +{ + DECL_ASNGETDATA(dataASN, AcertASN_Length); + word32 idx = 0; + int ret = 0; + const byte * acinfo = NULL; /* The acinfo sequence. */ + word32 acinfoSz = 0; /* The acinfo sequence length. */ +#ifdef WC_RSA_PSS + const byte * acParams = NULL; + word32 acParamsSz = 0; +#endif + const byte * sig = NULL; + word32 sigSz = 0; + word32 sigOID = 0; + const byte * sigParams = NULL; + word32 sigParamsSz = 0; + + if (der == NULL || pubKey == NULL || derSz == 0 || pubKeySz == 0) { + WOLFSSL_MSG("error: VerifyX509Acert: bad args"); + return BAD_FUNC_ARG; + } + + CALLOC_ASNGETDATA(dataASN, AcertASN_Length, ret, heap); + + if (ret != 0) { + WOLFSSL_MSG("error: VerifyX509Acert: calloc dataASN failed"); + return MEMORY_E; + } + + /* Check OID types for signature algorithm. */ + GetASN_OID(&dataASN[ACERT_IDX_ACINFO_ALGOID_OID], oidSigType); + GetASN_OID(&dataASN[ACERT_IDX_SIGALGO_OID], oidSigType); + + /* Parse the X509 certificate. */ + ret = GetASN_Items(AcertASN, dataASN, AcertASN_Length, 1, + der, &idx, derSz); + + if (ret != 0) { + WOLFSSL_MSG("error: VerifyX509Acert: GetASN_Items failed"); + FREE_ASNGETDATA(dataASN, heap); + return ret; + } + + /* Check signature OIDs match. */ + if (dataASN[ACERT_IDX_ACINFO_ALGOID_OID].data.oid.sum + != dataASN[ACERT_IDX_SIGALGO_OID].data.oid.sum) { + WOLFSSL_MSG("error: VerifyX509Acert: sig OID mismatch"); + FREE_ASNGETDATA(dataASN, heap); + return ASN_SIG_OID_E; + } + + /* Get the attribute certificate info. */ + acinfo = GetASNItem_Addr(dataASN[ACERT_IDX_ACINFO_SEQ], der); + acinfoSz = GetASNItem_Length(dataASN[ACERT_IDX_ACINFO_SEQ], der); + + if (acinfo == NULL || acinfoSz == 0) { + WOLFSSL_MSG("error: VerifyX509Acert: empty acinfo"); + FREE_ASNGETDATA(dataASN, heap); + return ASN_PARSE_E; + } + + /* Get acert signature and sig info. */ + sigOID = dataASN[ACERT_IDX_ACINFO_ALGOID_OID].data.oid.sum; + #ifdef WC_RSA_PSS + if (dataASN[ACERT_IDX_ACINFO_ALGOID_PARAMS].tag != 0) { + acParams = GetASNItem_Addr(dataASN[ACERT_IDX_ACINFO_ALGOID_PARAMS], + der); + acParamsSz = GetASNItem_Length(dataASN[ACERT_IDX_ACINFO_ALGOID_PARAMS], + der); + } + if (dataASN[ACERT_IDX_SIGALGO_PARAMS].tag != 0) { + sigParams = GetASNItem_Addr(dataASN[ACERT_IDX_SIGALGO_PARAMS], der); + sigParamsSz = GetASNItem_Length(dataASN[ACERT_IDX_SIGALGO_PARAMS], + der); + } + #endif + + GetASN_GetConstRef(&dataASN[ACERT_IDX_SIGNATURE], &sig, &sigSz); + + #ifdef WC_RSA_PSS + if (acParamsSz != sigParamsSz) { + ret = ASN_PARSE_E; + } + else if ((acParamsSz > 0) && (sigOID != CTC_RSASSAPSS)) { + ret = ASN_PARSE_E; + } + else if ((acParamsSz > 0) && + (XMEMCMP(acParams, sigParams, acParamsSz) != 0)) { + ret = ASN_PARSE_E; + } + #endif + + if (ret == 0) { + /* Finally, do the verification. */ + ret = acert_sig_verify(acinfo, acinfoSz, + pubKey, pubKeySz, pubKeyOID, + sig, sigSz, sigOID, sigParams, sigParamsSz, + heap); + } + + FREE_ASNGETDATA(dataASN, heap); + return ret; +} + +void wc_InitDecodedAcert(DecodedAcert* acert, const byte* source, word32 inSz, + void* heap) +{ + InitDecodedAcert(acert, source, inSz, heap); +} + +void wc_FreeDecodedAcert(DecodedAcert * acert) +{ + FreeDecodedAcert(acert); +} + +int wc_ParseX509Acert(DecodedAcert* acert, int verify) +{ + return ParseX509Acert(acert, verify); +} + +int wc_VerifyX509Acert(const byte* acert, word32 acertSz, + const byte* pubKey, word32 pubKeySz, + int pubKeyOID, void * heap) +{ + return VerifyX509Acert(acert, acertSz, pubKey, pubKeySz, + pubKeyOID, heap); +} + +#endif /* WOLFSSL_ACERT && WOLFSSL_ASN_TEMPLATE */ #ifdef WOLFSSL_SEP diff --git a/src/wolfcrypt/src/bio.c b/src/wolfcrypt/src/bio.c index 340cbfd..ac4eb03 100644 --- a/src/wolfcrypt/src/bio.c +++ b/src/wolfcrypt/src/bio.c @@ -1,6 +1,6 @@ /* bio.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -24,10 +24,9 @@ #endif #include -#if defined(OPENSSL_EXTRA) && !defined(_WIN32) +#if defined(OPENSSL_EXTRA) && !defined(_WIN32) && !defined(_GNU_SOURCE) /* turn on GNU extensions for XVASPRINTF with wolfSSL_BIO_printf */ - #undef _GNU_SOURCE - #define _GNU_SOURCE + #define _GNU_SOURCE 1 #endif #if !defined(WOLFSSL_BIO_INCLUDED) @@ -161,7 +160,7 @@ static int wolfSSL_BIO_MEMORY_read(WOLFSSL_BIO* bio, void* buf, int len) bio->wrSz = 0; bio->mem_buf->length = 0; } - bio->ptr = bio->mem_buf->data; + bio->ptr.mem_buf_data = (byte *)bio->mem_buf->data; } else if (bio->rdIdx >= WOLFSSL_BIO_RESIZE_THRESHOLD && !(bio->flags & BIO_FLAGS_MEM_RDONLY)) { @@ -180,7 +179,7 @@ static int wolfSSL_BIO_MEMORY_read(WOLFSSL_BIO* bio, void* buf, int len) return WOLFSSL_BIO_ERROR; } bio->mem_buf->length = (size_t)bio->wrSz; - bio->ptr = bio->mem_buf->data; + bio->ptr.mem_buf_data = (byte *)bio->mem_buf->data; } } else { @@ -217,11 +216,11 @@ static int wolfSSL_BIO_SSL_read(WOLFSSL_BIO* bio, void* buf, return WOLFSSL_FATAL_ERROR; bio->flags &= ~(WOLFSSL_BIO_FLAG_RETRY); /* default no retry */ - ret = wolfSSL_read((WOLFSSL*)bio->ptr, buf, len); + ret = wolfSSL_read(bio->ptr.ssl, buf, len); if (ret == 0) front->eof = 1; else if (ret < 0) { - int err = wolfSSL_get_error((WOLFSSL*)bio->ptr, 0); + int err = wolfSSL_get_error(bio->ptr.ssl, 0); if ( !(err == WOLFSSL_ERROR_WANT_READ || err == WOLFSSL_ERROR_WANT_WRITE) ) { front->eof = 1; } @@ -235,15 +234,15 @@ static int wolfSSL_BIO_SSL_read(WOLFSSL_BIO* bio, void* buf, static int wolfSSL_BIO_MD_read(WOLFSSL_BIO* bio, void* buf, int sz) { - if (wolfSSL_EVP_MD_CTX_type((WOLFSSL_EVP_MD_CTX*)bio->ptr) == NID_hmac) { - if (wolfSSL_EVP_DigestSignUpdate((WOLFSSL_EVP_MD_CTX*)bio->ptr, buf, + if (wolfSSL_EVP_MD_CTX_type(bio->ptr.md_ctx) == NID_hmac) { + if (wolfSSL_EVP_DigestSignUpdate(bio->ptr.md_ctx, buf, (unsigned int)sz) != WOLFSSL_SUCCESS) { return WOLFSSL_FATAL_ERROR; } } else { - if (wolfSSL_EVP_DigestUpdate((WOLFSSL_EVP_MD_CTX*)bio->ptr, buf, (size_t)sz) + if (wolfSSL_EVP_DigestUpdate(bio->ptr.md_ctx, buf, (size_t)sz) != WOLFSSL_SUCCESS) { return WOLFSSL_FATAL_ERROR; } @@ -290,6 +289,9 @@ int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len) } while (bio != NULL && ret >= 0) { +#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS + int inhibit_flow_increment = 0; +#endif /* check for custom read */ if (bio->method && bio->method->readCb) { ret = bio->method->readCb(bio, (char*)buf, len); @@ -302,19 +304,22 @@ int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len) break; case WOLFSSL_BIO_BIO: /* read BIOs */ ret = wolfSSL_BIO_BIO_read(bio, buf, len); +#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS + inhibit_flow_increment = 1; +#endif break; case WOLFSSL_BIO_MEMORY: ret = wolfSSL_BIO_MEMORY_read(bio, buf, len); break; case WOLFSSL_BIO_FILE: #ifndef NO_FILESYSTEM - if (bio->ptr) { - ret = (int)XFREAD(buf, 1, (size_t)len, (XFILE)bio->ptr); + if (bio->ptr.fh) { + ret = (int)XFREAD(buf, 1, (size_t)len, bio->ptr.fh); } else { #if defined(XREAD) && !defined(NO_WOLFSSL_DIR) && \ !defined(WOLFSSL_NUCLEUS) && !defined(WOLFSSL_NUCLEUS_1_2) - ret = (int)XREAD(bio->num, buf, (size_t)len); + ret = (int)XREAD(bio->num.fd, buf, (size_t)len); #else WOLFSSL_MSG("No file pointer and XREAD not enabled"); ret = NOT_COMPILED_IN; @@ -345,14 +350,52 @@ int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len) #ifdef USE_WOLFSSL_IO /* BIO requires built-in socket support * (cannot be used with WOLFSSL_USER_IO) */ - ret = wolfIO_Recv(bio->num, (char*)buf, len, 0); + bio->flags &= ~WOLFSSL_BIO_FLAG_RETRY; + ret = wolfIO_Recv(bio->num.fd, (char*)buf, len, 0); + if (ret == WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_WANT_READ)) { + bio->flags |= WOLFSSL_BIO_FLAG_RETRY; + } + if (ret < 0) { + ret = WOLFSSL_BIO_ERROR; + } #else ret = NOT_COMPILED_IN; #endif break; + + case WOLFSSL_BIO_DGRAM: + #if defined(WOLFSSL_HAVE_BIO_ADDR) && defined(WOLFSSL_DTLS) && \ + defined(USE_WOLFSSL_IO) + /* BIO requires built-in socket support + * (cannot be used with WOLFSSL_USER_IO) */ + bio->flags &= ~WOLFSSL_BIO_FLAG_RETRY; + if (bio->connected) + ret = wolfIO_Recv(bio->num.fd, (char*)buf, len, 0); + else { + wolfSSL_BIO_ADDR_clear(&bio->peer_addr); + ret = wolfIO_RecvFrom(bio->num.fd, &bio->peer_addr, + (char*)buf, len, 0); + } + if (ret == WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_WANT_READ)) { + bio->flags |= WOLFSSL_BIO_FLAG_RETRY; + } + if (ret < 0) { + ret = WOLFSSL_BIO_ERROR; + } + #else + ret = NOT_COMPILED_IN; + #endif + break; + } /* switch */ } +#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS + if ((ret > 0) && (!inhibit_flow_increment)) { + bio->bytes_read += (word32)ret; + } +#endif + /* case where front of list is done */ if (bio == front) { break; /* at front of list so be done */ @@ -409,8 +452,9 @@ static int wolfSSL_BIO_BASE64_write(WOLFSSL_BIO* bio, const void* data, } } else { - if (Base64_Encode((const byte*)data, inLen, NULL, &sz) != - LENGTH_ONLY_E) { + if (Base64_Encode((const byte*)data, inLen, NULL, &sz) + != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) + { WOLFSSL_MSG("Error with base64 get length"); return WOLFSSL_FATAL_ERROR; } @@ -468,16 +512,16 @@ static int wolfSSL_BIO_SSL_write(WOLFSSL_BIO* bio, const void* data, WOLFSSL_ENTER("wolfSSL_BIO_SSL_write"); - if (bio->ptr == NULL) { + if (bio->ptr.ssl == NULL) { return BAD_FUNC_ARG; } bio->flags &= ~(WOLFSSL_BIO_FLAG_RETRY); /* default no retry */ - ret = wolfSSL_write((WOLFSSL*)bio->ptr, data, len); + ret = wolfSSL_write(bio->ptr.ssl, data, len); if (ret == 0) front->eof = 1; else if (ret < 0) { - int err = wolfSSL_get_error((WOLFSSL*)bio->ptr, 0); + int err = wolfSSL_get_error(bio->ptr.ssl, 0); if ( !(err == WOLFSSL_ERROR_WANT_READ || err == WOLFSSL_ERROR_WANT_WRITE) ) { front->eof = 1; } @@ -576,8 +620,8 @@ static int wolfSSL_BIO_MEMORY_write(WOLFSSL_BIO* bio, const void* data, } XMEMCPY(bio->mem_buf->data + bio->wrSz, data, len); - bio->ptr = bio->mem_buf->data; - bio->num = (int)bio->mem_buf->max; + bio->ptr.mem_buf_data = (byte *)bio->mem_buf->data; + bio->num.length = bio->mem_buf->max; bio->wrSz += len; bio->wrIdx += len; @@ -598,14 +642,14 @@ static int wolfSSL_BIO_MD_write(WOLFSSL_BIO* bio, const void* data, int len) return BAD_FUNC_ARG; } - if (wolfSSL_EVP_MD_CTX_type((WOLFSSL_EVP_MD_CTX*)bio->ptr) == NID_hmac) { - if (wolfSSL_EVP_DigestSignUpdate((WOLFSSL_EVP_MD_CTX*)bio->ptr, data, + if (wolfSSL_EVP_MD_CTX_type(bio->ptr.md_ctx) == NID_hmac) { + if (wolfSSL_EVP_DigestSignUpdate(bio->ptr.md_ctx, data, (unsigned int)len) != WOLFSSL_SUCCESS) { ret = WOLFSSL_BIO_ERROR; } } else { - if (wolfSSL_EVP_DigestUpdate((WOLFSSL_EVP_MD_CTX*)bio->ptr, data, (size_t)len) + if (wolfSSL_EVP_DigestUpdate(bio->ptr.md_ctx, data, (size_t)len) != WOLFSSL_SUCCESS) { ret = WOLFSSL_BIO_ERROR; } @@ -647,6 +691,9 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len) } while (bio != NULL && ret >= 0) { +#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS + int inhibit_flow_increment = 0; +#endif /* check for custom write */ if (bio->method && bio->method->writeCb) { ret = bio->method->writeCb(bio, (const char*)data, len); @@ -672,19 +719,22 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len) } case WOLFSSL_BIO_BIO: /* write bios */ ret = wolfSSL_BIO_BIO_write(bio, data, len); +#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS + inhibit_flow_increment = 1; +#endif break; case WOLFSSL_BIO_MEMORY: ret = wolfSSL_BIO_MEMORY_write(bio, data, len); break; case WOLFSSL_BIO_FILE: #ifndef NO_FILESYSTEM - if (bio->ptr) { - ret = (int)XFWRITE(data, 1, (size_t)len, (XFILE)bio->ptr); + if (bio->ptr.fh) { + ret = (int)XFWRITE(data, 1, (size_t)len, bio->ptr.fh); } else { #if defined(XWRITE) && !defined(NO_WOLFSSL_DIR) && \ !defined(WOLFSSL_NUCLEUS) && !defined(WOLFSSL_NUCLEUS_1_2) - ret = (int)XWRITE(bio->num, data, (size_t)len); + ret = (int)XWRITE(bio->num.fd, data, (size_t)len); #else WOLFSSL_MSG("No file pointer and XWRITE not enabled"); ret = NOT_COMPILED_IN; @@ -725,14 +775,50 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len) #ifdef USE_WOLFSSL_IO /* BIO requires built-in socket support * (cannot be used with WOLFSSL_USER_IO) */ - ret = wolfIO_Send(bio->num, (char*)data, len, 0); + bio->flags &= ~WOLFSSL_BIO_FLAG_RETRY; + ret = wolfIO_Send(bio->num.fd, (char*)data, len, 0); + if (ret == WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_WANT_WRITE)) { + bio->flags |= WOLFSSL_BIO_FLAG_RETRY; + } + if (ret < 0) { + ret = WOLFSSL_BIO_ERROR; + } #else ret = NOT_COMPILED_IN; #endif break; + + case WOLFSSL_BIO_DGRAM: + #if defined(WOLFSSL_HAVE_BIO_ADDR) && defined(WOLFSSL_DTLS) && \ + defined(USE_WOLFSSL_IO) + /* BIO requires built-in socket support + * (cannot be used with WOLFSSL_USER_IO) */ + bio->flags &= ~WOLFSSL_BIO_FLAG_RETRY; + if (bio->connected) + ret = wolfIO_Send(bio->num.fd, (char*)data, len, 0); + else if (bio->peer_addr.sa.sa_family == AF_UNSPEC) + ret = SOCKET_ERROR_E; + else + ret = wolfIO_SendTo(bio->num.fd, &bio->peer_addr, (char*)data, len, 0); + if (ret == WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_WANT_WRITE)) { + bio->flags |= WOLFSSL_BIO_FLAG_RETRY; + } + if (ret < 0) { + ret = WOLFSSL_BIO_ERROR; + } + #else + ret = NOT_COMPILED_IN; + #endif + break; + } /* switch */ } +#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS + if ((ret > 0) && (! inhibit_flow_increment)) + bio->bytes_written += (word32)ret; +#endif + /* advance to the next bio in list */ bio = bio->next; } @@ -748,7 +834,7 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len) (const char*)data, len, 0, ret); } - if (frmt != NULL) { + if (front != NULL) { XFREE(frmt, front->heap, DYNAMIC_TYPE_TMP_BUFFER); } @@ -793,6 +879,49 @@ long wolfSSL_BIO_ctrl(WOLFSSL_BIO *bio, int cmd, long larg, void *parg) case BIO_CTRL_RESET: ret = (long)wolfSSL_BIO_reset(bio); break; + +#ifdef WOLFSSL_HAVE_BIO_ADDR + case BIO_CTRL_DGRAM_CONNECT: + case BIO_CTRL_DGRAM_SET_PEER: + { + socklen_t addr_size; + if (parg == NULL) { + ret = WOLFSSL_FAILURE; + break; + } + addr_size = wolfSSL_BIO_ADDR_size((WOLFSSL_BIO_ADDR *)parg); + if (addr_size == 0) { + ret = WOLFSSL_FAILURE; + break; + } + XMEMCPY(&bio->peer_addr, parg, addr_size); + ret = WOLFSSL_SUCCESS; + break; + } + + case BIO_CTRL_DGRAM_SET_CONNECTED: + if (parg == NULL) { + wolfSSL_BIO_ADDR_clear(&bio->peer_addr); + bio->connected = 0; + } + else { + socklen_t addr_size = wolfSSL_BIO_ADDR_size((WOLFSSL_BIO_ADDR *)parg); + if (addr_size == 0) { + ret = WOLFSSL_FAILURE; + break; + } + XMEMCPY(&bio->peer_addr, parg, addr_size); + bio->connected = 1; + } + ret = WOLFSSL_SUCCESS; + break; + + case BIO_CTRL_DGRAM_QUERY_MTU: + ret = 0; /* not implemented */ + break; + +#endif /* WOLFSSL_HAVE_BIO_ADDR */ + default: WOLFSSL_MSG("CMD not yet implemented"); ret = WOLFSSL_FAILURE; @@ -826,8 +955,51 @@ int wolfSSL_BIO_up_ref(WOLFSSL_BIO* bio) return WOLFSSL_FAILURE; } + +#ifdef WOLFSSL_HAVE_BIO_ADDR +WOLFSSL_BIO_ADDR *wolfSSL_BIO_ADDR_new(void) { + WOLFSSL_BIO_ADDR *addr = + (WOLFSSL_BIO_ADDR *)XMALLOC(sizeof(*addr), NULL, DYNAMIC_TYPE_BIO); + if (addr) + addr->sa.sa_family = AF_UNSPEC; + return addr; +} + +void wolfSSL_BIO_ADDR_free(WOLFSSL_BIO_ADDR *addr) { + XFREE(addr, NULL, DYNAMIC_TYPE_BIO); +} + +void wolfSSL_BIO_ADDR_clear(WOLFSSL_BIO_ADDR *addr) { + if (addr == NULL) + return; + XMEMSET(addr, 0, sizeof(*addr)); + addr->sa.sa_family = AF_UNSPEC; +} + +socklen_t wolfSSL_BIO_ADDR_size(const WOLFSSL_BIO_ADDR *addr) { + switch (addr->sa.sa_family) { +#ifndef WOLFSSL_NO_BIO_ADDR_IN + case AF_INET: + return sizeof(addr->sa_in); +#endif +#ifdef WOLFSSL_IPV6 + case AF_INET6: + return sizeof(addr->sa_in6); #endif +#if defined(HAVE_SYS_UN_H) && !defined(WOLFSSL_NO_SOCKADDR_UN) + case AF_UNIX: + return sizeof(addr->sa_un); +#endif + default: + /* must return zero if length can't be determined, to avoid buffer + * overruns in callers. + */ + return 0; + } +} +#endif /* WOLFSSL_HAVE_BIO_ADDR */ +#endif /* OPENSSL_ALL || OPENSSL_EXTRA */ /* helper function for wolfSSL_BIO_gets * size till a newline is hit @@ -888,15 +1060,15 @@ int wolfSSL_BIO_gets(WOLFSSL_BIO* bio, char* buf, int sz) switch (bio->type) { #ifndef NO_FILESYSTEM case WOLFSSL_BIO_FILE: - if (((XFILE)bio->ptr) == XBADFILE) { + if (bio->ptr.fh == XBADFILE) { return WOLFSSL_BIO_ERROR; } #if defined(MICRIUM) || defined(LSR_FS) || defined(EBSNET) WOLFSSL_MSG("XFGETS not ported for this system yet"); - ret = XFGETS(buf, sz, (XFILE)bio->ptr); + ret = XFGETS(buf, sz, bio->ptr.fh); #else - if (XFGETS(buf, sz, (XFILE)bio->ptr) != NULL) { + if (XFGETS(buf, sz, bio->ptr.fh) != NULL) { ret = (int)XSTRLEN(buf); } else { @@ -972,13 +1144,13 @@ int wolfSSL_BIO_gets(WOLFSSL_BIO* bio, char* buf, int sz) #ifndef WOLFCRYPT_ONLY /* call final on hash */ case WOLFSSL_BIO_MD: - if (wolfSSL_EVP_MD_CTX_size((WOLFSSL_EVP_MD_CTX*)bio->ptr) > sz) { + if (wolfSSL_EVP_MD_CTX_size(bio->ptr.md_ctx) > sz) { WOLFSSL_MSG("Output buffer was too small for digest"); ret = WOLFSSL_FAILURE; } else { unsigned int szOut = 0; - ret = wolfSSL_EVP_DigestFinal((WOLFSSL_EVP_MD_CTX*)bio->ptr, + ret = wolfSSL_EVP_DigestFinal(bio->ptr.md_ctx, (unsigned char*)buf, &szOut); if (ret == WOLFSSL_SUCCESS) { ret = (int)szOut; @@ -1133,8 +1305,8 @@ size_t wolfSSL_BIO_ctrl_pending(WOLFSSL_BIO *bio) } #ifndef WOLFCRYPT_ONLY - if (bio->type == WOLFSSL_BIO_SSL && bio->ptr != NULL) { - return (long)wolfSSL_pending((WOLFSSL*)bio->ptr); + if (bio->type == WOLFSSL_BIO_SSL && bio->ptr.ssl != NULL) { + return (long)wolfSSL_pending(bio->ptr.ssl); } #endif @@ -1162,7 +1334,7 @@ size_t wolfSSL_BIO_ctrl_pending(WOLFSSL_BIO *bio) long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *bio, WOLFSSL_BUF_MEM **ptr) { WOLFSSL_BIO* front = bio; - long ret = WOLFSSL_FAILURE; + long ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); WOLFSSL_ENTER("wolfSSL_BIO_get_mem_ptr"); @@ -1188,7 +1360,10 @@ long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *bio, WOLFSSL_BUF_MEM **ptr) bio = bio->prev; } - return ret; + if (ret == WOLFSSL_SUCCESS) + return ret; + else + return WOLFSSL_FAILURE; } #ifdef OPENSSL_ALL @@ -1208,8 +1383,8 @@ long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *bio, WOLFSSL_BUF_MEM **ptr) bio->wrSz = (int)bio->mem_buf->length; bio->wrSzReset = bio->wrSz; - bio->num = (int)bio->mem_buf->max; - bio->ptr = bio->mem_buf->data; + bio->num.length = bio->mem_buf->max; + bio->ptr.mem_buf_data = (byte *)bio->mem_buf->data; bio->wrIdx = 0; bio->rdIdx = 0; @@ -1242,15 +1417,16 @@ int wolfSSL_BIO_set_write_buf_size(WOLFSSL_BIO *bio, long size) return WOLFSSL_FAILURE; } - if (bio->ptr != NULL) { - XFREE(bio->ptr, bio->heap, DYNAMIC_TYPE_OPENSSL); + if (bio->ptr.mem_buf_data != NULL) { + XFREE(bio->ptr.mem_buf_data, bio->heap, DYNAMIC_TYPE_OPENSSL); } - bio->ptr = (byte*)XMALLOC(size, bio->heap, DYNAMIC_TYPE_OPENSSL); - if (bio->ptr == NULL) { + bio->ptr.mem_buf_data = (byte*)XMALLOC(size, bio->heap, + DYNAMIC_TYPE_OPENSSL); + if (bio->ptr.mem_buf_data == NULL) { WOLFSSL_MSG("Memory allocation error"); bio->wrSz = 0; - bio->num = 0; + bio->num.length = 0; bio->wrIdx = 0; bio->rdIdx = 0; if (bio->mem_buf != NULL) { @@ -1261,13 +1437,13 @@ int wolfSSL_BIO_set_write_buf_size(WOLFSSL_BIO *bio, long size) return WOLFSSL_FAILURE; } bio->wrSz = (int)size; - bio->num = (int)size; + bio->num.length = size; bio->wrIdx = 0; bio->rdIdx = 0; if (bio->mem_buf != NULL) { - bio->mem_buf->data = (char*)bio->ptr; - bio->mem_buf->length = (size_t)bio->num; - bio->mem_buf->max = (size_t)bio->num; + bio->mem_buf->data = (char*)bio->ptr.mem_buf_data; + bio->mem_buf->length = bio->num.length; + bio->mem_buf->max = bio->num.length; } return WOLFSSL_SUCCESS; @@ -1295,12 +1471,12 @@ int wolfSSL_BIO_make_bio_pair(WOLFSSL_BIO *b1, WOLFSSL_BIO *b2) } /* set default write size if not already set */ - if (b1->ptr == NULL && wolfSSL_BIO_set_write_buf_size(b1, + if (b1->ptr.mem_buf_data == NULL && wolfSSL_BIO_set_write_buf_size(b1, WOLFSSL_BIO_SIZE) != WOLFSSL_SUCCESS) { return WOLFSSL_FAILURE; } - if (b2->ptr == NULL && wolfSSL_BIO_set_write_buf_size(b2, + if (b2->ptr.mem_buf_data == NULL && wolfSSL_BIO_set_write_buf_size(b2, WOLFSSL_BIO_SIZE) != WOLFSSL_SUCCESS) { return WOLFSSL_FAILURE; } @@ -1341,7 +1517,7 @@ int wolfSSL_BIO_nread0(WOLFSSL_BIO *bio, char **buf) WOLFSSL_BIO* pair = bio->pair; /* case where have wrapped around write buffer */ - *buf = (char*)pair->ptr + pair->rdIdx; + *buf = (char*)pair->ptr.mem_buf_data + pair->rdIdx; if (pair->wrIdx > 0 && pair->rdIdx >= pair->wrIdx) { return pair->wrSz - pair->rdIdx; } @@ -1373,7 +1549,7 @@ int wolfSSL_BIO_nread(WOLFSSL_BIO *bio, char **buf, int num) if (bio->pair != NULL) { /* special case if asking to read 0 bytes */ if (num == 0) { - *buf = (char*)bio->pair->ptr + bio->pair->rdIdx; + *buf = (char*)bio->pair->ptr.mem_buf_data + bio->pair->rdIdx; return 0; } @@ -1387,6 +1563,9 @@ int wolfSSL_BIO_nread(WOLFSSL_BIO *bio, char **buf, int num) sz = num; } bio->pair->rdIdx += sz; +#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS + bio->pair->bytes_read += (word32)sz; +#endif /* check if have read to the end of the buffer and need to reset */ if (bio->pair->rdIdx == bio->pair->wrSz) { @@ -1424,7 +1603,7 @@ int wolfSSL_BIO_nwrite(WOLFSSL_BIO *bio, char **buf, int num) if (bio->pair != NULL) { if (num == 0) { - *buf = (char*)bio->ptr + bio->wrIdx; + *buf = (char*)bio->ptr.mem_buf_data + bio->wrIdx; return 0; } @@ -1463,8 +1642,11 @@ int wolfSSL_BIO_nwrite(WOLFSSL_BIO *bio, char **buf, int num) if (num < sz) { sz = num; } - *buf = (char*)bio->ptr + bio->wrIdx; + *buf = (char*)bio->ptr.mem_buf_data + bio->wrIdx; bio->wrIdx += sz; +#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS + bio->bytes_written += (word32)sz; +#endif /* if at the end of the buffer and space for wrap around then set * write index back to 0 */ @@ -1476,6 +1658,37 @@ int wolfSSL_BIO_nwrite(WOLFSSL_BIO *bio, char **buf, int num) return sz; } +#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS +word64 wolfSSL_BIO_number_read(WOLFSSL_BIO *bio) +{ + word64 ret = 0; + if (bio == NULL) { + WOLFSSL_MSG("NULL argument passed in"); + return 0; + } + while (bio) { + ret += bio->bytes_read; + bio = bio->next; + } + + return ret; +} + +word64 wolfSSL_BIO_number_written(WOLFSSL_BIO *bio) +{ + word64 ret = 0; + if (bio == NULL) { + WOLFSSL_MSG("NULL argument passed in"); + return 0; + } + while (bio) { + ret += bio->bytes_written; + bio = bio->next; + } + + return ret; +} +#endif /* WOLFSSL_BIO_HAVE_FLOW_STATS */ /* Reset BIO to initial state */ int wolfSSL_BIO_reset(WOLFSSL_BIO *bio) @@ -1491,16 +1704,16 @@ int wolfSSL_BIO_reset(WOLFSSL_BIO *bio) switch (bio->type) { #ifndef NO_FILESYSTEM case WOLFSSL_BIO_FILE: - if (XFSEEK((XFILE)bio->ptr, 0, XSEEK_SET) != 0) + if (XFSEEK(bio->ptr.fh, 0, XSEEK_SET) != 0) return WOLFSSL_BIO_ERROR; else - return 0; + return WOLFSSL_SUCCESS; #endif case WOLFSSL_BIO_BIO: bio->rdIdx = 0; bio->wrIdx = 0; - return 0; + return WOLFSSL_SUCCESS; case WOLFSSL_BIO_MEMORY: bio->rdIdx = 0; @@ -1510,27 +1723,27 @@ int wolfSSL_BIO_reset(WOLFSSL_BIO *bio) } else { bio->wrSz = 0; - XFREE(bio->ptr, bio->heap, DYNAMIC_TYPE_OPENSSL); - bio->ptr = NULL; - bio->num = 0; + XFREE(bio->ptr.mem_buf_data, bio->heap, DYNAMIC_TYPE_OPENSSL); + bio->ptr.mem_buf_data = NULL; + bio->num.length = 0; if (bio->mem_buf != NULL) { bio->mem_buf->data = NULL; bio->mem_buf->length = 0; bio->mem_buf->max = 0; } } - return 0; + return WOLFSSL_SUCCESS; #ifndef WOLFCRYPT_ONLY case WOLFSSL_BIO_MD: - if (bio->ptr != NULL) { + if (bio->ptr.md_ctx != NULL) { const WOLFSSL_EVP_MD* md = - wolfSSL_EVP_MD_CTX_md((WOLFSSL_EVP_MD_CTX*)bio->ptr); - wolfSSL_EVP_MD_CTX_cleanup((WOLFSSL_EVP_MD_CTX*)bio->ptr); - wolfSSL_EVP_MD_CTX_init((WOLFSSL_EVP_MD_CTX*)bio->ptr); - wolfSSL_EVP_DigestInit((WOLFSSL_EVP_MD_CTX*)bio->ptr, md); + wolfSSL_EVP_MD_CTX_md(bio->ptr.md_ctx); + wolfSSL_EVP_MD_CTX_cleanup(bio->ptr.md_ctx); + wolfSSL_EVP_MD_CTX_init(bio->ptr.md_ctx); + wolfSSL_EVP_DigestInit(bio->ptr.md_ctx, md); } - return 0; + return WOLFSSL_SUCCESS; #endif /* WOLFCRYPT_ONLY */ default: @@ -1580,7 +1793,7 @@ long wolfSSL_BIO_set_fp(WOLFSSL_BIO *bio, XFILE fp, int c) } bio->shutdown = (byte)c; - bio->ptr = (XFILE)fp; + bio->ptr.fh = fp; return WOLFSSL_SUCCESS; } @@ -1598,7 +1811,7 @@ long wolfSSL_BIO_get_fp(WOLFSSL_BIO *bio, XFILE* fp) return WOLFSSL_FAILURE; } - *fp = (XFILE)bio->ptr; + *fp = bio->ptr.fh; return WOLFSSL_SUCCESS; } @@ -1613,8 +1826,8 @@ int wolfSSL_BIO_write_filename(WOLFSSL_BIO *bio, char *name) } if (bio->type == WOLFSSL_BIO_FILE) { - if (((XFILE)bio->ptr) != XBADFILE && bio->shutdown == BIO_CLOSE) { - XFCLOSE((XFILE)bio->ptr); + if (bio->ptr.fh != XBADFILE && bio->shutdown == BIO_CLOSE) { + XFCLOSE(bio->ptr.fh); } /* 'b' flag is ignored on POSIX targets, but on Windows it assures @@ -1622,8 +1835,8 @@ int wolfSSL_BIO_write_filename(WOLFSSL_BIO *bio, char *name) * between the size and contents of the representation in memory and on * disk. */ - bio->ptr = XFOPEN(name, "wb"); - if (((XFILE)bio->ptr) == XBADFILE) { + bio->ptr.fh = XFOPEN(name, "wb"); + if (bio->ptr.fh == XBADFILE) { return WOLFSSL_FAILURE; } bio->shutdown = BIO_CLOSE; @@ -1640,13 +1853,13 @@ int wolfSSL_BIO_seek(WOLFSSL_BIO *bio, int ofs) WOLFSSL_ENTER("wolfSSL_BIO_seek"); if (bio == NULL) { - return -1; + return WOLFSSL_FATAL_ERROR; } /* offset ofs from beginning of file */ if (bio->type == WOLFSSL_BIO_FILE && - XFSEEK((XFILE)bio->ptr, ofs, SEEK_SET) < 0) { - return -1; + XFSEEK(bio->ptr.fh, ofs, SEEK_SET) < 0) { + return WOLFSSL_FATAL_ERROR; } return 0; @@ -1663,16 +1876,16 @@ int wolfSSL_BIO_tell(WOLFSSL_BIO* bio) WOLFSSL_ENTER("wolfSSL_BIO_tell"); if (bio == NULL) { - return -1; + return WOLFSSL_FATAL_ERROR; } if (bio->type != WOLFSSL_BIO_FILE) { return 0; } - pos = (int)XFTELL((XFILE)bio->ptr); + pos = (int)XFTELL(bio->ptr.fh); if (pos < 0) - return -1; + return WOLFSSL_FATAL_ERROR; else return pos; } @@ -1799,15 +2012,16 @@ long wolfSSL_BIO_set_nbio(WOLFSSL_BIO* bio, long on) if (bio) { switch (bio->type) { case WOLFSSL_BIO_SOCKET: + case WOLFSSL_BIO_DGRAM: #ifdef XFCNTL { int ret; - int flag = XFCNTL(bio->num, F_GETFL, 0); + int flag = XFCNTL(bio->num.fd, F_GETFL, 0); if (on) { - ret = XFCNTL(bio->num, F_SETFL, flag | O_NONBLOCK); + ret = XFCNTL(bio->num.fd, F_SETFL, flag | O_NONBLOCK); } else { - ret = XFCNTL(bio->num, F_SETFL, flag & ~O_NONBLOCK); + ret = XFCNTL(bio->num.fd, F_SETFL, flag & ~O_NONBLOCK); } if (ret == -1) { @@ -1818,7 +2032,7 @@ long wolfSSL_BIO_set_nbio(WOLFSSL_BIO* bio, long on) break; case WOLFSSL_BIO_SSL: #ifdef WOLFSSL_DTLS - wolfSSL_dtls_set_using_nonblock((WOLFSSL*)bio->ptr, (int)on); + wolfSSL_dtls_set_using_nonblock(bio->ptr.ssl, (int)on); #endif break; @@ -1966,7 +2180,7 @@ int wolfSSL_BIO_get_mem_data(WOLFSSL_BIO* bio, void* p) } if (p) { - *(byte**)p = (byte*)mem_bio->ptr + mem_bio->rdIdx; + *(byte**)p = mem_bio->ptr.mem_buf_data + mem_bio->rdIdx; } return mem_bio->wrSz - mem_bio->rdIdx; @@ -1991,7 +2205,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) } else if (bio->type == WOLFSSL_BIO_FILE) { #if !defined(NO_FILESYSTEM) && defined(XFFLUSH) - if (XFFLUSH((FILE *)bio->ptr) != 0) + if (XFFLUSH(bio->ptr.fh) != 0) return WOLFSSL_FAILURE; #endif /* !NO_FILESYSTEM && XFFLUSH */ @@ -2015,14 +2229,17 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) /* return the context and initialize the BIO state */ int wolfSSL_BIO_get_md_ctx(WOLFSSL_BIO *bio, WOLFSSL_EVP_MD_CTX **mdcp) { - int ret = WOLFSSL_FAILURE; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); if ((bio != NULL) && (mdcp != NULL)) { - *mdcp = (WOLFSSL_EVP_MD_CTX*)bio->ptr; + *mdcp = bio->ptr.md_ctx; ret = WOLFSSL_SUCCESS; } - return ret; + if (ret == WOLFSSL_SUCCESS) + return ret; + else + return WOLFSSL_FAILURE; } WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_buffer(void) @@ -2110,11 +2327,39 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) if (bio) { bio->type = WOLFSSL_BIO_SOCKET; bio->shutdown = (byte)closeF; - bio->num = sfd; + bio->num.fd = (SOCKET_T)sfd; } return bio; } + +#if defined(WOLFSSL_HAVE_BIO_ADDR) && defined(WOLFSSL_DTLS) + WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_datagram(void) + { + static WOLFSSL_BIO_METHOD meth = + WOLFSSL_BIO_METHOD_INIT(WOLFSSL_BIO_DGRAM); + + WOLFSSL_ENTER("wolfSSL_BIO_s_datagram"); + + return &meth; + } + + + WOLFSSL_BIO* wolfSSL_BIO_new_dgram(int fd, int closeF) + { + WOLFSSL_BIO* bio = wolfSSL_BIO_new(wolfSSL_BIO_s_datagram()); + + WOLFSSL_ENTER("wolfSSL_BIO_new_dgram"); + if (bio) { + bio->type = WOLFSSL_BIO_DGRAM; + bio->shutdown = (byte)closeF; + bio->num.fd = (SOCKET_T)fd; + } + return bio; + } +#endif + + /** * Create new socket BIO object. This is a pure TCP connection with * no SSL or TLS protection. @@ -2231,7 +2476,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) return WOLFSSL_FAILURE; } - b->num = (int)sfd; + b->num.fd = sfd; b->shutdown = BIO_CLOSE; return WOLFSSL_SUCCESS; } @@ -2255,17 +2500,17 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) return WOLFSSL_FAILURE; } - if (b->num == WOLFSSL_BIO_ERROR) { + if (b->num.fd == SOCKET_INVALID) { if (wolfIO_TcpBind(&sfd, b->port) < 0) { WOLFSSL_MSG("wolfIO_TcpBind error"); return WOLFSSL_FAILURE; } - b->num = (int)sfd; + b->num.fd = sfd; b->shutdown = BIO_CLOSE; } else { WOLFSSL_BIO* new_bio; - int newfd = wolfIO_TcpAccept(b->num, NULL, NULL); + int newfd = wolfIO_TcpAccept(b->num.fd, NULL, NULL); if (newfd < 0) { WOLFSSL_MSG("wolfIO_TcpBind error"); return WOLFSSL_FAILURE; @@ -2322,8 +2567,8 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) WOLFSSL_MSG("Bad parameter"); return WOLFSSL_FAILURE; } - if (b->type == WOLFSSL_BIO_SSL && b->ptr != NULL) { - return wolfSSL_negotiate((WOLFSSL*)b->ptr); + if (b->type == WOLFSSL_BIO_SSL && b->ptr.ssl != NULL) { + return wolfSSL_negotiate(b->ptr.ssl); } else { WOLFSSL_MSG("Not SSL BIO or no SSL object set"); @@ -2348,12 +2593,12 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) return; } - if (b->ptr != NULL) { - int rc = wolfSSL_shutdown((WOLFSSL*)b->ptr); + if (b->ptr.ssl != NULL) { + int rc = wolfSSL_shutdown(b->ptr.ssl); if (rc == SSL_SHUTDOWN_NOT_DONE) { /* In this case, call again to give us a chance to read the * close notify alert from the other end. */ - wolfSSL_shutdown((WOLFSSL*)b->ptr); + wolfSSL_shutdown(b->ptr.ssl); } } else { @@ -2363,12 +2608,12 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) long wolfSSL_BIO_set_ssl(WOLFSSL_BIO* b, WOLFSSL* ssl, int closeF) { - long ret = WOLFSSL_FAILURE; + long ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); WOLFSSL_ENTER("wolfSSL_BIO_set_ssl"); if (b != NULL) { - b->ptr = ssl; + b->ptr.ssl = ssl; b->shutdown = (byte)closeF; if (b->next != NULL) wolfSSL_set_bio(ssl, b->next, b->next); @@ -2376,7 +2621,10 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) ret = WOLFSSL_SUCCESS; } - return ret; + if (ret == WOLFSSL_SUCCESS) + return ret; + else + return WOLFSSL_FAILURE; } long wolfSSL_BIO_get_ssl(WOLFSSL_BIO* bio, WOLFSSL** ssl) @@ -2396,7 +2644,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) return WOLFSSL_FAILURE; } - *ssl = (WOLFSSL*)bio->ptr; + *ssl = bio->ptr.ssl; return WOLFSSL_SUCCESS; } @@ -2540,7 +2788,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) WOLFSSL_ENTER("wolfSSL_BIO_set_fd"); if (b != NULL) { - b->num = fd; + b->num.fd = (SOCKET_T)fd; b->shutdown = (byte)closeF; } @@ -2584,7 +2832,14 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) bio->method = method; #endif bio->shutdown = BIO_CLOSE; /* default to close things */ - bio->num = WOLFSSL_BIO_ERROR; + + if ((bio->type == WOLFSSL_BIO_SOCKET) || + (bio->type == WOLFSSL_BIO_DGRAM)) + { + bio->num.fd = SOCKET_INVALID; + } else { + bio->num.length = 0; + } bio->init = 1; #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) @@ -2616,8 +2871,8 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) } if (method->type == WOLFSSL_BIO_MD) { - bio->ptr = wolfSSL_EVP_MD_CTX_new(); - if (bio->ptr == NULL) { + bio->ptr.md_ctx = wolfSSL_EVP_MD_CTX_new(); + if (bio->ptr.md_ctx == NULL) { WOLFSSL_MSG("Memory error"); wolfSSL_BIO_free(bio); return NULL; @@ -2656,11 +2911,11 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) return NULL; } - bio->num = (int)bio->mem_buf->max; + bio->num.length = bio->mem_buf->max; bio->wrSz = len; - bio->ptr = bio->mem_buf->data; - if (len > 0 && bio->ptr != NULL) { - XMEMCPY(bio->ptr, buf, len); + bio->ptr.mem_buf_data = (byte *)bio->mem_buf->data; + if (len > 0 && bio->ptr.mem_buf_data != NULL) { + XMEMCPY(bio->ptr.mem_buf_data, buf, len); bio->flags |= BIO_FLAGS_MEM_RDONLY; bio->wrSzReset = bio->wrSz; } @@ -2723,44 +2978,51 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) bio->pair->pair = NULL; } - if (bio->ip != NULL) { - XFREE(bio->ip, bio->heap, DYNAMIC_TYPE_OPENSSL); - } + XFREE(bio->ip, bio->heap, DYNAMIC_TYPE_OPENSSL); if (bio->shutdown) { - if (bio->type == WOLFSSL_BIO_SSL && bio->ptr) - wolfSSL_free((WOLFSSL*)bio->ptr); + if (bio->type == WOLFSSL_BIO_SSL && bio->ptr.ssl) + wolfSSL_free(bio->ptr.ssl); #ifdef CloseSocket - if ((bio->type == WOLFSSL_BIO_SOCKET) && (bio->num > 0)) - CloseSocket(bio->num); + if (((bio->type == WOLFSSL_BIO_SOCKET) || + (bio->type == WOLFSSL_BIO_DGRAM)) && + (bio->num.fd != SOCKET_INVALID)) + { + CloseSocket(bio->num.fd); + } #endif } #ifndef NO_FILESYSTEM if (bio->type == WOLFSSL_BIO_FILE && bio->shutdown == BIO_CLOSE) { - if (bio->ptr) { - XFCLOSE((XFILE)bio->ptr); + if (bio->ptr.fh) { + XFCLOSE(bio->ptr.fh); } #if !defined(USE_WINDOWS_API) && !defined(NO_WOLFSSL_DIR)\ && !defined(WOLFSSL_NUCLEUS) && !defined(WOLFSSL_NUCLEUS_1_2) - else if (bio->num != WOLFSSL_BIO_ERROR) { - XCLOSE(bio->num); + else if (bio->num.fd != SOCKET_INVALID) { + XCLOSE(bio->num.fd); } #endif } #endif if (bio->shutdown != BIO_NOCLOSE) { - if (bio->type == WOLFSSL_BIO_MEMORY && bio->ptr != NULL) { + if (bio->type == WOLFSSL_BIO_MEMORY && + bio->ptr.mem_buf_data != NULL) + { if (bio->mem_buf != NULL) { - if (bio->mem_buf->data != (char*)bio->ptr) { - XFREE(bio->ptr, bio->heap, DYNAMIC_TYPE_OPENSSL); - bio->ptr = NULL; + if ((byte *)bio->mem_buf->data != bio->ptr.mem_buf_data) + { + XFREE(bio->ptr.mem_buf_data, bio->heap, + DYNAMIC_TYPE_OPENSSL); + bio->ptr.mem_buf_data = NULL; } } else { - XFREE(bio->ptr, bio->heap, DYNAMIC_TYPE_OPENSSL); - bio->ptr = NULL; + XFREE(bio->ptr.mem_buf_data, bio->heap, + DYNAMIC_TYPE_OPENSSL); + bio->ptr.mem_buf_data = NULL; } } if (bio->mem_buf != NULL) { @@ -2770,7 +3032,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) } if (bio->type == WOLFSSL_BIO_MD) { - wolfSSL_EVP_MD_CTX_free((WOLFSSL_EVP_MD_CTX*)bio->ptr); + wolfSSL_EVP_MD_CTX_free(bio->ptr.md_ctx); } XFREE(bio, 0, DYNAMIC_TYPE_OPENSSL); @@ -2809,8 +3071,8 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) } /* SSL BIO's should use the next object in the chain for IO */ - if (top->type == WOLFSSL_BIO_SSL && top->ptr) - wolfSSL_set_bio((WOLFSSL*)top->ptr, append, append); + if (top->type == WOLFSSL_BIO_SSL && top->ptr.ssl) + wolfSSL_set_bio(top->ptr.ssl, append, append); return top; } @@ -2914,9 +3176,11 @@ int wolfSSL_BIO_get_fd(WOLFSSL_BIO *bio, int* fd) WOLFSSL_ENTER("wolfSSL_BIO_get_fd"); if (bio != NULL) { + if (bio->num.fd == SOCKET_INVALID) + return WOLFSSL_BIO_ERROR; if (fd != NULL) - *fd = bio->num; - return bio->num; + *fd = (int)bio->num.fd; + return (int)bio->num.fd; } return WOLFSSL_BIO_ERROR; @@ -2991,10 +3255,10 @@ int wolfSSL_BIO_vprintf(WOLFSSL_BIO* bio, const char* format, va_list args) switch (bio->type) { #if !defined(NO_FILESYSTEM) case WOLFSSL_BIO_FILE: - if (bio->ptr == NULL) { - return -1; + if (bio->ptr.fh == XBADFILE) { + return WOLFSSL_FATAL_ERROR; } - ret = XVFPRINTF((XFILE)bio->ptr, format, args); + ret = XVFPRINTF(bio->ptr.fh, format, args); break; #endif @@ -3088,21 +3352,22 @@ int wolfSSL_BIO_dump(WOLFSSL_BIO *bio, const char *buf, int length) return wolfSSL_BIO_write(bio, "\tNULL", 5); } - XSPRINTF(line, "%04x - ", lineOffset); + (void)XSNPRINTF(line, sizeof(line), "%04x - ", lineOffset); o = 7; for (i = 0; i < BIO_DUMP_LINE_LEN; i++) { if (i < length) - XSPRINTF(line + o,"%02x ", (unsigned char)buf[i]); + (void)XSNPRINTF(line + o, (int)sizeof(line) - o, + "%02x ", (unsigned char)buf[i]); else - XSPRINTF(line + o, " "); + (void)XSNPRINTF(line + o, (int)sizeof(line) - o, " "); if (i == 7) - XSPRINTF(line + o + 2, "-"); + (void)XSNPRINTF(line + o + 2, (int)sizeof(line) - (o + 2), "-"); o += 3; } - XSPRINTF(line + o, " "); + (void)XSNPRINTF(line + o, (int)sizeof(line) - o, " "); o += 2; for (i = 0; (i < BIO_DUMP_LINE_LEN) && (i < length); i++) { - XSPRINTF(line + o, "%c", + (void)XSNPRINTF(line + o, (int)sizeof(line) - o, "%c", ((31 < buf[i]) && (buf[i] < 127)) ? buf[i] : '.'); o++; } diff --git a/src/wolfcrypt/src/blake2b.c b/src/wolfcrypt/src/blake2b.c index adc6034..bce74b3 100644 --- a/src/wolfcrypt/src/blake2b.c +++ b/src/wolfcrypt/src/blake2b.c @@ -12,7 +12,7 @@ */ /* blake2b.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfcrypt/src/blake2s.c b/src/wolfcrypt/src/blake2s.c index 9efa84f..7e36d6e 100644 --- a/src/wolfcrypt/src/blake2s.c +++ b/src/wolfcrypt/src/blake2s.c @@ -12,7 +12,7 @@ */ /* blake2s.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfcrypt/src/camellia.c b/src/wolfcrypt/src/camellia.c index 9f2897f..3425177 100644 --- a/src/wolfcrypt/src/camellia.c +++ b/src/wolfcrypt/src/camellia.c @@ -27,7 +27,7 @@ /* camellia.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfcrypt/src/chacha.c b/src/wolfcrypt/src/chacha.c index f497560..84b26eb 100644 --- a/src/wolfcrypt/src/chacha.c +++ b/src/wolfcrypt/src/chacha.c @@ -1,6 +1,6 @@ /* chacha.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -35,22 +35,56 @@ Public domain. #include -#if defined(WOLFSSL_ARMASM) && !defined(WOLFSSL_ARMASM_NO_NEON) +#ifdef HAVE_CHACHA + #include + #include + + #ifdef NO_INLINE + #include + #else + #define WOLFSSL_MISC_INCLUDED + #include + #endif + + #ifdef BIG_ENDIAN_ORDER + #define LITTLE32(x) ByteReverseWord32(x) + #else + #define LITTLE32(x) (x) + #endif + + /* Number of rounds */ + #define ROUNDS 20 + + #define U32C(v) (v##U) + #define U32V(v) ((word32)(v) & U32C(0xFFFFFFFF)) + #define U8TO32_LITTLE(p) LITTLE32(((word32*)(p))[0]) + + #define ROTATE(v,c) rotlFixed(v, c) + #define XOR(v,w) ((v) ^ (w)) + #define PLUS(v,w) (U32V((v) + (w))) + #define PLUSONE(v) (PLUS((v),1)) + + #define QUARTERROUND(a,b,c,d) \ + x[a] = PLUS(x[a],x[b]); x[d] = ROTATE(XOR(x[d],x[a]),16); \ + x[c] = PLUS(x[c],x[d]); x[b] = ROTATE(XOR(x[b],x[c]),12); \ + x[a] = PLUS(x[a],x[b]); x[d] = ROTATE(XOR(x[d],x[a]), 8); \ + x[c] = PLUS(x[c],x[d]); x[b] = ROTATE(XOR(x[b],x[c]), 7); +#endif /* HAVE_CHACHA */ + + +#if defined(WOLFSSL_ARMASM) /* implementation is located in wolfcrypt/src/port/arm/armv8-chacha.c */ +#elif defined(WOLFSSL_RISCV_ASM) + /* implementation located in wolfcrypt/src/port/rsicv/riscv-64-chacha.c */ + #else + +/* BEGIN ChaCha C implementation */ #if defined(HAVE_CHACHA) -#include -#include #include #include -#ifdef NO_INLINE - #include -#else - #define WOLFSSL_MISC_INCLUDED - #include -#endif #ifdef CHACHA_AEAD_TEST #include @@ -85,31 +119,6 @@ Public domain. static word32 cpuidFlags = 0; #endif -#ifdef BIG_ENDIAN_ORDER - #define LITTLE32(x) ByteReverseWord32(x) -#else - #define LITTLE32(x) (x) -#endif - -/* Number of rounds */ -#define ROUNDS 20 - -#define U32C(v) (v##U) -#define U32V(v) ((word32)(v) & U32C(0xFFFFFFFF)) -#define U8TO32_LITTLE(p) LITTLE32(((word32*)(p))[0]) - -#define ROTATE(v,c) rotlFixed(v, c) -#define XOR(v,w) ((v) ^ (w)) -#define PLUS(v,w) (U32V((v) + (w))) -#define PLUSONE(v) (PLUS((v),1)) - -#define QUARTERROUND(a,b,c,d) \ - x[a] = PLUS(x[a],x[b]); x[d] = ROTATE(XOR(x[d],x[a]),16); \ - x[c] = PLUS(x[c],x[d]); x[b] = ROTATE(XOR(x[b],x[c]),12); \ - x[a] = PLUS(x[a],x[b]); x[d] = ROTATE(XOR(x[d],x[a]), 8); \ - x[c] = PLUS(x[c],x[d]); x[b] = ROTATE(XOR(x[b],x[c]), 7); - - /** * Set up iv(nonce). Earlier versions used 64 bits instead of 96, this version * uses the typical AEAD 96 bit nonce and can do record sizes of 256 GB. @@ -235,86 +244,6 @@ static WC_INLINE void wc_Chacha_wordtobyte(word32 x[CHACHA_CHUNK_WORDS], } #endif /* !USE_INTEL_CHACHA_SPEEDUP */ - -#ifdef HAVE_XCHACHA - -/* - * wc_HChacha_block - half a ChaCha block, for XChaCha - * - * see https://tools.ietf.org/html/draft-arciszewski-xchacha-03 - */ -static WC_INLINE void wc_HChacha_block(ChaCha* ctx, word32 stream[CHACHA_CHUNK_WORDS/2], word32 nrounds) -{ - word32 x[CHACHA_CHUNK_WORDS]; - word32 i; - - for (i = 0; i < CHACHA_CHUNK_WORDS; i++) { - x[i] = ctx->X[i]; - } - - for (i = nrounds; i > 0; i -= 2) { - QUARTERROUND(0, 4, 8, 12) - QUARTERROUND(1, 5, 9, 13) - QUARTERROUND(2, 6, 10, 14) - QUARTERROUND(3, 7, 11, 15) - QUARTERROUND(0, 5, 10, 15) - QUARTERROUND(1, 6, 11, 12) - QUARTERROUND(2, 7, 8, 13) - QUARTERROUND(3, 4, 9, 14) - } - - for (i = 0; i < CHACHA_CHUNK_WORDS/4; ++i) - stream[i] = x[i]; - for (i = CHACHA_CHUNK_WORDS/4; i < CHACHA_CHUNK_WORDS/2; ++i) - stream[i] = x[i + CHACHA_CHUNK_WORDS/2]; -} - -/* XChaCha -- https://tools.ietf.org/html/draft-arciszewski-xchacha-03 */ -int wc_XChacha_SetKey(ChaCha *ctx, - const byte *key, word32 keySz, - const byte *nonce, word32 nonceSz, - word32 counter) { - word32 k[CHACHA_MAX_KEY_SZ]; - byte iv[CHACHA_IV_BYTES]; - int ret; - - if (nonceSz != XCHACHA_NONCE_BYTES) - return BAD_FUNC_ARG; - - if ((ret = wc_Chacha_SetKey(ctx, key, keySz)) < 0) - return ret; - - /* form a first chacha IV from the first 16 bytes of the nonce. - * the first word is supplied in the "counter" arg, and - * the result is a full 128 bit nonceful IV for the one-time block - * crypto op that follows. - */ - if ((ret = wc_Chacha_SetIV(ctx, nonce + 4, U8TO32_LITTLE(nonce))) < 0) - return ret; - - wc_HChacha_block(ctx, k, 20); /* 20 rounds, but keeping half the output. */ - - /* the HChacha output is used as a 256 bit key for the main cipher. */ - XMEMCPY(&ctx->X[4], k, 8 * sizeof(word32)); - - /* use 8 bytes from the end of the 24 byte nonce, padded up to 12 bytes, - * to form the IV for the main cipher. - */ - XMEMSET(iv, 0, 4); - XMEMCPY(iv + 4, nonce + 16, 8); - - if ((ret = wc_Chacha_SetIV(ctx, iv, counter)) < 0) - return ret; - - ForceZero(k, sizeof k); - ForceZero(iv, sizeof iv); - - return 0; -} - -#endif /* HAVE_XCHACHA */ - - #ifdef __cplusplus extern "C" { #endif @@ -438,7 +367,13 @@ int wc_Chacha_Process(ChaCha* ctx, byte* output, const byte* input, #endif } -void wc_Chacha_purge_current_block(ChaCha* ctx) { +#endif /* HAVE_CHACHA */ +#endif /* END ChaCha C implementation */ + +#if defined(HAVE_CHACHA) && defined(HAVE_XCHACHA) + +void wc_Chacha_purge_current_block(ChaCha* ctx) +{ if (ctx->left > 0) { byte scratch[CHACHA_CHUNK_BYTES]; XMEMSET(scratch, 0, sizeof(scratch)); @@ -446,6 +381,80 @@ void wc_Chacha_purge_current_block(ChaCha* ctx) { } } -#endif /* HAVE_CHACHA */ +/* + * wc_HChacha_block - half a ChaCha block, for XChaCha + * + * see https://tools.ietf.org/html/draft-arciszewski-xchacha-03 + */ +static WC_INLINE void wc_HChacha_block(ChaCha* ctx, + word32 stream[CHACHA_CHUNK_WORDS/2], word32 nrounds) +{ + word32 x[CHACHA_CHUNK_WORDS]; + word32 i; + + for (i = 0; i < CHACHA_CHUNK_WORDS; i++) { + x[i] = ctx->X[i]; + } + + for (i = nrounds; i > 0; i -= 2) { + QUARTERROUND(0, 4, 8, 12) + QUARTERROUND(1, 5, 9, 13) + QUARTERROUND(2, 6, 10, 14) + QUARTERROUND(3, 7, 11, 15) + QUARTERROUND(0, 5, 10, 15) + QUARTERROUND(1, 6, 11, 12) + QUARTERROUND(2, 7, 8, 13) + QUARTERROUND(3, 4, 9, 14) + } + + for (i = 0; i < CHACHA_CHUNK_WORDS/4; ++i) + stream[i] = x[i]; + for (i = CHACHA_CHUNK_WORDS/4; i < CHACHA_CHUNK_WORDS/2; ++i) + stream[i] = x[i + CHACHA_CHUNK_WORDS/2]; +} + +/* XChaCha -- https://tools.ietf.org/html/draft-arciszewski-xchacha-03 */ +int wc_XChacha_SetKey(ChaCha *ctx, + const byte *key, word32 keySz, + const byte *nonce, word32 nonceSz, + word32 counter) +{ + int ret; + word32 k[CHACHA_MAX_KEY_SZ]; + byte iv[CHACHA_IV_BYTES]; + + if (nonceSz != XCHACHA_NONCE_BYTES) + return BAD_FUNC_ARG; + + if ((ret = wc_Chacha_SetKey(ctx, key, keySz)) < 0) + return ret; + + /* form a first chacha IV from the first 16 bytes of the nonce. + * the first word is supplied in the "counter" arg, and + * the result is a full 128 bit nonceful IV for the one-time block + * crypto op that follows. + */ + if ((ret = wc_Chacha_SetIV(ctx, nonce + 4, U8TO32_LITTLE(nonce))) < 0) + return ret; + + wc_HChacha_block(ctx, k, 20); /* 20 rounds, but keeping half the output. */ + + /* the HChacha output is used as a 256 bit key for the main cipher. */ + XMEMCPY(&ctx->X[4], k, 8 * sizeof(word32)); + + /* use 8 bytes from the end of the 24 byte nonce, padded up to 12 bytes, + * to form the IV for the main cipher. + */ + XMEMSET(iv, 0, 4); + XMEMCPY(iv + 4, nonce + 16, 8); + + if ((ret = wc_Chacha_SetIV(ctx, iv, counter)) < 0) + return ret; + + ForceZero(k, sizeof k); + ForceZero(iv, sizeof iv); + + return 0; +} -#endif /* WOLFSSL_ARMASM && !WOLFSSL_ARMASM_NO_NEON */ +#endif /* HAVE_CHACHA && HAVE_XCHACHA */ diff --git a/src/wolfcrypt/src/chacha20_poly1305.c b/src/wolfcrypt/src/chacha20_poly1305.c index df4147c..a29a18f 100644 --- a/src/wolfcrypt/src/chacha20_poly1305.c +++ b/src/wolfcrypt/src/chacha20_poly1305.c @@ -1,6 +1,6 @@ /* chacha.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfcrypt/src/cmac.c b/src/wolfcrypt/src/cmac.c index b77cc33..52c1d2d 100644 --- a/src/wolfcrypt/src/cmac.c +++ b/src/wolfcrypt/src/cmac.c @@ -1,6 +1,6 @@ /* cmac.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -32,7 +32,7 @@ #include #endif -#if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT) +#if defined(WOLFSSL_CMAC) #if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */ @@ -80,7 +80,7 @@ int wc_CMAC_Grow(Cmac* cmac, const byte* in, int inSz) } #endif /* WOLFSSL_HASH_KEEP */ - +#if !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT) /* Used by AES-SIV. See aes.c. */ void ShiftAndXorRb(byte* out, byte* in) { @@ -100,6 +100,7 @@ void ShiftAndXorRb(byte* out, byte* in) } } } +#endif /* !NO_AES && WOLFSSL_AES_DIRECT */ /* returns 0 on success */ int wc_InitCmac_ex(Cmac* cmac, const byte* key, word32 keySz, @@ -146,30 +147,40 @@ int wc_InitCmac_ex(Cmac* cmac, const byte* key, word32 keySz, return BAD_FUNC_ARG; } - ret = wc_AesInit(&cmac->aes, heap, devId); + switch (type) { +#if !defined (NO_AES) && defined(WOLFSSL_AES_DIRECT) + case WC_CMAC_AES: + cmac->type = WC_CMAC_AES; + ret = wc_AesInit(&cmac->aes, heap, devId); -#if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_CRYPT) - cmac->useSWCrypt = useSW; - if (cmac->useSWCrypt == 1) { - cmac->aes.useSWCrypt = 1; - } -#endif - - if (ret == 0) { - ret = wc_AesSetKey(&cmac->aes, key, keySz, NULL, AES_ENCRYPTION); - } + #if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_CRYPT) + cmac->useSWCrypt = useSW; + if (cmac->useSWCrypt == 1) { + cmac->aes.useSWCrypt = 1; + } + #endif - if (ret == 0) { - byte l[AES_BLOCK_SIZE]; + if (ret == 0) { + ret = wc_AesSetKey(&cmac->aes, key, keySz, NULL, AES_ENCRYPTION); + } - XMEMSET(l, 0, AES_BLOCK_SIZE); - ret = wc_AesEncryptDirect(&cmac->aes, l, l); if (ret == 0) { - ShiftAndXorRb(cmac->k1, l); - ShiftAndXorRb(cmac->k2, cmac->k1); - ForceZero(l, AES_BLOCK_SIZE); + byte l[AES_BLOCK_SIZE]; + + XMEMSET(l, 0, AES_BLOCK_SIZE); + ret = wc_AesEncryptDirect(&cmac->aes, l, l); + if (ret == 0) { + ShiftAndXorRb(cmac->k1, l); + ShiftAndXorRb(cmac->k2, cmac->k1); + ForceZero(l, AES_BLOCK_SIZE); + } } + break; +#endif /* !NO_AES && WOLFSSL_AES_DIRECT */ + default: + return BAD_FUNC_ARG; } + return ret; } @@ -201,7 +212,7 @@ int wc_CmacUpdate(Cmac* cmac, const byte* in, word32 inSz) #endif { ret = wc_CryptoCb_Cmac(cmac, NULL, 0, in, inSz, - NULL, NULL, 0, NULL); + NULL, NULL, cmac->type, NULL); if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; /* fall-through when unavailable */ @@ -211,26 +222,35 @@ int wc_CmacUpdate(Cmac* cmac, const byte* in, word32 inSz) /* Clear CRYPTOCB_UNAVAILABLE return code */ ret = 0; - while ((ret == 0) && (inSz != 0)) { - word32 add = min(inSz, AES_BLOCK_SIZE - cmac->bufferSz); - XMEMCPY(&cmac->buffer[cmac->bufferSz], in, add); - - cmac->bufferSz += add; - in += add; - inSz -= add; - - if (cmac->bufferSz == AES_BLOCK_SIZE && inSz != 0) { - if (cmac->totalSz != 0) { - xorbuf(cmac->buffer, cmac->digest, AES_BLOCK_SIZE); - } - ret = wc_AesEncryptDirect(&cmac->aes, cmac->digest, cmac->buffer); - if (ret == 0) { - cmac->totalSz += AES_BLOCK_SIZE; - cmac->bufferSz = 0; + switch (cmac->type) { +#if !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT) + case WC_CMAC_AES: + { + while ((ret == 0) && (inSz != 0)) { + word32 add = min(inSz, AES_BLOCK_SIZE - cmac->bufferSz); + XMEMCPY(&cmac->buffer[cmac->bufferSz], in, add); + + cmac->bufferSz += add; + in += add; + inSz -= add; + + if (cmac->bufferSz == AES_BLOCK_SIZE && inSz != 0) { + if (cmac->totalSz != 0) { + xorbuf(cmac->buffer, cmac->digest, AES_BLOCK_SIZE); + } + ret = wc_AesEncryptDirect(&cmac->aes, cmac->digest, + cmac->buffer); + if (ret == 0) { + cmac->totalSz += AES_BLOCK_SIZE; + cmac->bufferSz = 0; + } } } + }; break; +#endif /* !NO_AES && WOLFSSL_AES_DIRECT */ + default: + ret = BAD_FUNC_ARG; } - return ret; } @@ -242,11 +262,18 @@ int wc_CmacFree(Cmac* cmac) /* TODO: msg is leaked if wc_CmacFinal() is not called * e.g. when multiple calls to wc_CmacUpdate() and one fails but * wc_CmacFinal() not called. */ - if (cmac->msg != NULL) { - XFREE(cmac->msg, cmac->heap, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(cmac->msg, cmac->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif - wc_AesFree(&cmac->aes); + switch (cmac->type) { +#if !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT) + case WC_CMAC_AES: + wc_AesFree(&cmac->aes); + break; +#endif /* !NO_AES && WOLFSSL_AES_DIRECT */ + default: + /* Nothing to do */ + (void)cmac; + } ForceZero(cmac, sizeof(Cmac)); return 0; } @@ -254,8 +281,6 @@ int wc_CmacFree(Cmac* cmac) int wc_CmacFinalNoFree(Cmac* cmac, byte* out, word32* outSz) { int ret = 0; - const byte* subKey; - word32 remainder; if (cmac == NULL || out == NULL || outSz == NULL) { return BAD_FUNC_ARG; @@ -269,44 +294,64 @@ int wc_CmacFinalNoFree(Cmac* cmac, byte* out, word32* outSz) if (cmac->devId != INVALID_DEVID) #endif { - ret = wc_CryptoCb_Cmac(cmac, NULL, 0, NULL, 0, out, outSz, 0, NULL); + ret = wc_CryptoCb_Cmac(cmac, NULL, 0, NULL, 0, out, outSz, cmac->type, + NULL); if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; - /* fall-through when unavailable */ - } -#endif - if (cmac->bufferSz == AES_BLOCK_SIZE) { - subKey = cmac->k1; - } - else { - /* ensure we will have a valid remainder value */ - if (cmac->bufferSz > AES_BLOCK_SIZE) { - return BAD_STATE_E; - } - remainder = AES_BLOCK_SIZE - cmac->bufferSz; + /* Clear CRYPTOCB_UNAVAILABLE return code */ + ret = 0; - if (remainder == 0) { - remainder = AES_BLOCK_SIZE; - } - if (remainder > 1) { - XMEMSET(cmac->buffer + AES_BLOCK_SIZE - remainder, 0, remainder); - } - - cmac->buffer[AES_BLOCK_SIZE - remainder] = 0x80; - subKey = cmac->k2; + /* fall-through when unavailable */ } - xorbuf(cmac->buffer, cmac->digest, AES_BLOCK_SIZE); - xorbuf(cmac->buffer, subKey, AES_BLOCK_SIZE); - ret = wc_AesEncryptDirect(&cmac->aes, cmac->digest, cmac->buffer); +#endif if (ret == 0) { - XMEMCPY(out, cmac->digest, *outSz); + switch (cmac->type) { + #if !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT) + case WC_CMAC_AES: + { + const byte* subKey; + word32 remainder; + + if (cmac->bufferSz == AES_BLOCK_SIZE) { + subKey = cmac->k1; + } + else { + /* ensure we will have a valid remainder value */ + if (cmac->bufferSz > AES_BLOCK_SIZE) { + ret = BAD_STATE_E; + break; + } + remainder = AES_BLOCK_SIZE - cmac->bufferSz; + + if (remainder == 0) { + remainder = AES_BLOCK_SIZE; + } + if (remainder > 1) { + XMEMSET(cmac->buffer + AES_BLOCK_SIZE - remainder, 0, + remainder); + } + + cmac->buffer[AES_BLOCK_SIZE - remainder] = 0x80; + subKey = cmac->k2; + } + xorbuf(cmac->buffer, cmac->digest, AES_BLOCK_SIZE); + xorbuf(cmac->buffer, subKey, AES_BLOCK_SIZE); + ret = wc_AesEncryptDirect(&cmac->aes, cmac->digest, cmac->buffer); + if (ret == 0) { + XMEMCPY(out, cmac->digest, *outSz); + } + }; break; + #endif /* !NO_AES && WOLFSSL_AES_DIRECT */ + default: + ret = BAD_FUNC_ARG; + } } - - return 0; + return ret; } -int wc_CmacFinal(Cmac* cmac, byte* out, word32* outSz) { +int wc_CmacFinal(Cmac* cmac, byte* out, word32* outSz) +{ int ret = 0; if (cmac == NULL) @@ -316,7 +361,7 @@ int wc_CmacFinal(Cmac* cmac, byte* out, word32* outSz) { return ret; } - +#if !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT) int wc_AesCmacGenerate_ex(Cmac* cmac, byte* out, word32* outSz, const byte* in, word32 inSz, @@ -336,8 +381,6 @@ int wc_AesCmacGenerate_ex(Cmac* cmac, if (devId != INVALID_DEVID) #endif { - cmac->devCtx = NULL; - ret = wc_CryptoCb_Cmac(cmac, key, keySz, in, inSz, out, outSz, WC_CMAC_AES, NULL); if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) @@ -414,9 +457,7 @@ int wc_AesCmacGenerate(byte* out, word32* outSz, #ifdef WOLFSSL_SMALL_STACK - if (cmac) { - XFREE(cmac, NULL, DYNAMIC_TYPE_CMAC); - } + XFREE(cmac, NULL, DYNAMIC_TYPE_CMAC); #elif defined(WOLFSSL_CHECK_MEM_ZERO) wc_MemZero_Check(cmac, sizeof(Cmac)); #endif @@ -436,7 +477,8 @@ int wc_AesCmacVerify_ex(Cmac* cmac, word32 aSz = sizeof(a); int compareRet; - if (cmac == NULL || check == NULL || checkSz == 0 || (in == NULL && inSz != 0)) { + if (cmac == NULL || check == NULL || checkSz == 0 || + (in == NULL && inSz != 0)) { return BAD_FUNC_ARG; } @@ -495,14 +537,13 @@ int wc_AesCmacVerify(const byte* check, word32 checkSz, INVALID_DEVID); #ifdef WOLFSSL_SMALL_STACK - if (cmac) { - XFREE(cmac, NULL, DYNAMIC_TYPE_CMAC); - } + XFREE(cmac, NULL, DYNAMIC_TYPE_CMAC); #elif defined(WOLFSSL_CHECK_MEM_ZERO) wc_MemZero_Check(cmac, sizeof(Cmac)); #endif return ret; } +#endif /* !NO_AES && WOLFSSL_AES_DIRECT */ -#endif /* WOLFSSL_CMAC && NO_AES && WOLFSSL_AES_DIRECT */ +#endif /* WOLFSSL_CMAC */ diff --git a/src/wolfcrypt/src/coding.c b/src/wolfcrypt/src/coding.c index 2509948..aa87ae7 100644 --- a/src/wolfcrypt/src/coding.c +++ b/src/wolfcrypt/src/coding.c @@ -1,6 +1,6 @@ /* coding.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -458,7 +458,7 @@ static int DoBase64_Encode(const byte* in, word32 inLen, byte* out, *outLen = i; if (ret == 0) - return getSzOnly ? LENGTH_ONLY_E : 0; + return getSzOnly ? WC_NO_ERR_TRACE(LENGTH_ONLY_E) : 0; return ret; } diff --git a/src/wolfcrypt/src/compress.c b/src/wolfcrypt/src/compress.c index 58c154c..941596e 100644 --- a/src/wolfcrypt/src/compress.c +++ b/src/wolfcrypt/src/compress.c @@ -1,6 +1,6 @@ /* compress.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -310,10 +310,8 @@ int wc_DeCompressDynamic(byte** out, int maxSz, int memoryType, if (inflateEnd(&stream) != Z_OK) result = DECOMPRESS_E; - if (tmp != NULL) { - XFREE(tmp, heap, memoryType); - tmp = NULL; - } + XFREE(tmp, heap, memoryType); + tmp = NULL; return result; } diff --git a/src/wolfcrypt/src/cpuid.c b/src/wolfcrypt/src/cpuid.c index fa7ee43..6722386 100644 --- a/src/wolfcrypt/src/cpuid.c +++ b/src/wolfcrypt/src/cpuid.c @@ -1,6 +1,6 @@ /* cpuid.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfcrypt/src/cryptocb.c b/src/wolfcrypt/src/cryptocb.c index 06b9ebe..4b903dd 100644 --- a/src/wolfcrypt/src/cryptocb.c +++ b/src/wolfcrypt/src/cryptocb.c @@ -1,6 +1,6 @@ /* cryptocb.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -55,7 +55,6 @@ #ifdef WOLFSSL_CAAM #include #endif - /* TODO: Consider linked list with mutex */ #ifndef MAX_CRYPTO_DEVID_CALLBACKS #define MAX_CRYPTO_DEVID_CALLBACKS 8 @@ -85,6 +84,7 @@ static const char* GetAlgoTypeStr(int algo) case WC_ALGO_TYPE_RNG: return "RNG"; case WC_ALGO_TYPE_SEED: return "Seed"; case WC_ALGO_TYPE_HMAC: return "HMAC"; + case WC_ALGO_TYPE_CMAC: return "CMAC"; } return NULL; } @@ -104,6 +104,7 @@ static const char* GetPkTypeStr(int pk) } return NULL; } +#if !defined(NO_AES) || !defined(NO_DES3) static const char* GetCipherTypeStr(int cipher) { switch (cipher) { @@ -119,6 +120,7 @@ static const char* GetCipherTypeStr(int cipher) } return NULL; } +#endif /* !NO_AES || !NO_DES3 */ static const char* GetHashTypeStr(int hash) { switch (hash) { @@ -141,6 +143,16 @@ static const char* GetHashTypeStr(int hash) return NULL; } +#ifdef WOLFSSL_CMAC +static const char* GetCmacTypeStr(int type) +{ + switch (type) { + case WC_CMAC_AES: return "AES"; + } + return NULL; +} +#endif /* WOLFSSL_CMAC */ + #ifndef NO_RSA static const char* GetRsaType(int type) { @@ -186,12 +198,14 @@ WOLFSSL_API void wc_CryptoCb_InfoString(wc_CryptoInfo* info) GetPkTypeStr(info->pk.type), info->pk.type); } } +#if !defined(NO_AES) || !defined(NO_DES3) else if (info->algo_type == WC_ALGO_TYPE_CIPHER) { printf("Crypto CB: %s %s (%d) (%p ctx)\n", GetAlgoTypeStr(info->algo_type), GetCipherTypeStr(info->cipher.type), info->cipher.type, info->cipher.ctx); } +#endif /* !NO_AES || !NO_DES3 */ else if (info->algo_type == WC_ALGO_TYPE_HASH) { printf("Crypto CB: %s %s (%d) (%p ctx) %s\n", GetAlgoTypeStr(info->algo_type), @@ -206,6 +220,17 @@ WOLFSSL_API void wc_CryptoCb_InfoString(wc_CryptoInfo* info) info->hmac.macType, info->hmac.hmac, (info->hmac.in != NULL) ? "Update" : "Final"); } +#ifdef WOLFSSL_CMAC + else if (info->algo_type == WC_ALGO_TYPE_CMAC) { + printf("Crypto CB: %s %s (%d) (%p ctx) %s %s %s\n", + GetAlgoTypeStr(info->algo_type), + GetCmacTypeStr(info->cmac.type), + info->cmac.type, info->cmac.cmac, + (info->cmac.key != NULL) ? "Init " : "", + (info->cmac.in != NULL) ? "Update " : "", + (info->cmac.out != NULL) ? "Final" : ""); + } +#endif #ifdef WOLF_CRYPTO_CB_CMD else if (info->algo_type == WC_ALGO_TYPE_NONE) { printf("Crypto CB: %s %s (%d)\n", @@ -418,6 +443,62 @@ int wc_CryptoCb_Rsa(const byte* in, word32 inLen, byte* out, return wc_CryptoCb_TranslateErrorCode(ret); } +#ifdef WOLF_CRYPTO_CB_RSA_PAD +int wc_CryptoCb_RsaPad(const byte* in, word32 inLen, byte* out, + word32* outLen, int type, RsaKey* key, WC_RNG* rng, + RsaPadding *padding) +{ + int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); + CryptoCb* dev; + int pk_type; + + if (key == NULL) + return ret; + + /* locate registered callback */ + dev = wc_CryptoCb_FindDevice(key->devId, WC_ALGO_TYPE_PK); + + if (padding) { + switch(padding->pad_type) { +#ifndef NO_PKCS11_RSA_PKCS + case WC_RSA_PKCSV15_PAD: + pk_type = WC_PK_TYPE_RSA_PKCS; + break; + case WC_RSA_PSS_PAD: + pk_type = WC_PK_TYPE_RSA_PSS; + break; + case WC_RSA_OAEP_PAD: + pk_type = WC_PK_TYPE_RSA_OAEP; + break; +#endif /* NO_PKCS11_RSA_PKCS */ + default: + pk_type = WC_PK_TYPE_RSA; + } + } else { + pk_type = WC_PK_TYPE_RSA; + } + + if (dev && dev->cb) { + wc_CryptoInfo cryptoInfo; + XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo)); + cryptoInfo.algo_type = WC_ALGO_TYPE_PK; + cryptoInfo.pk.type = pk_type; + cryptoInfo.pk.rsa.in = in; + cryptoInfo.pk.rsa.inLen = inLen; + cryptoInfo.pk.rsa.out = out; + cryptoInfo.pk.rsa.outLen = outLen; + cryptoInfo.pk.rsa.type = type; + cryptoInfo.pk.rsa.key = key; + cryptoInfo.pk.rsa.rng = rng; + cryptoInfo.pk.rsa.padding = padding; + + ret = dev->cb(dev->devId, &cryptoInfo, dev->ctx); + } + + return wc_CryptoCb_TranslateErrorCode(ret); +} +#endif + #ifdef WOLFSSL_KEY_GEN int wc_CryptoCb_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng) { @@ -1719,7 +1800,8 @@ int wc_CryptoCb_RandomSeed(OS_Seed* os, byte* seed, word32 sz) return wc_CryptoCb_TranslateErrorCode(ret); } #endif /* !WC_NO_RNG */ -#ifdef WOLFSSL_CMAC + +#if defined(WOLFSSL_CMAC) int wc_CryptoCb_Cmac(Cmac* cmac, const byte* key, word32 keySz, const byte* in, word32 inSz, byte* out, word32* outSz, int type, void* ctx) @@ -1735,7 +1817,6 @@ int wc_CryptoCb_Cmac(Cmac* cmac, const byte* key, word32 keySz, /* locate first callback and try using it */ dev = wc_CryptoCb_FindDeviceByIndex(0); } - if (dev && dev->cb) { wc_CryptoInfo cryptoInfo; XMEMSET(&cryptoInfo, 0, sizeof(cryptoInfo)); @@ -1756,7 +1837,7 @@ int wc_CryptoCb_Cmac(Cmac* cmac, const byte* key, word32 keySz, return wc_CryptoCb_TranslateErrorCode(ret); } -#endif +#endif /* WOLFSSL_CMAC */ /* returns the default dev id for the current build */ int wc_CryptoCb_DefaultDevID(void) diff --git a/src/wolfcrypt/src/curve25519.c b/src/wolfcrypt/src/curve25519.c index 4cd29c4..7641055 100644 --- a/src/wolfcrypt/src/curve25519.c +++ b/src/wolfcrypt/src/curve25519.c @@ -1,6 +1,6 @@ /* curve25519.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -655,6 +655,40 @@ int wc_curve25519_import_private_ex(const byte* priv, word32 privSz, #endif /* HAVE_CURVE25519_KEY_IMPORT */ +#ifndef WC_NO_CONSTRUCTORS +curve25519_key* wc_curve25519_new(void* heap, int devId, int *result_code) +{ + int ret; + curve25519_key* key = (curve25519_key*)XMALLOC(sizeof(curve25519_key), heap, + DYNAMIC_TYPE_CURVE25519); + if (key == NULL) { + ret = MEMORY_E; + } + else { + ret = wc_curve25519_init_ex(key, heap, devId); + if (ret != 0) { + XFREE(key, heap, DYNAMIC_TYPE_CURVE25519); + key = NULL; + } + } + + if (result_code != NULL) + *result_code = ret; + + return key; +} + +int wc_curve25519_delete(curve25519_key* key, curve25519_key** key_p) { + if (key == NULL) + return BAD_FUNC_ARG; + wc_curve25519_free(key); + XFREE(key, key->heap, DYNAMIC_TYPE_CURVE25519); + if (key_p != NULL) + *key_p = NULL; + return 0; +} +#endif /* !WC_NO_CONSTRUCTORS */ + int wc_curve25519_init_ex(curve25519_key* key, void* heap, int devId) { if (key == NULL) @@ -698,11 +732,8 @@ void wc_curve25519_free(curve25519_key* key) se050_curve25519_free_key(key); #endif - key->dp = NULL; - ForceZero(key->k, sizeof(key->k)); - XMEMSET(&key->p, 0, sizeof(key->p)); - key->pubSet = 0; - key->privSet = 0; + ForceZero(key, sizeof(*key)); + #ifdef WOLFSSL_CHECK_MEM_ZERO wc_MemZero_Check(key, sizeof(curve25519_key)); #endif diff --git a/src/wolfcrypt/src/curve448.c b/src/wolfcrypt/src/curve448.c index dd320a8..3cbf577 100644 --- a/src/wolfcrypt/src/curve448.c +++ b/src/wolfcrypt/src/curve448.c @@ -1,6 +1,6 @@ /* curve448.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfcrypt/src/des3.c b/src/wolfcrypt/src/des3.c index e66a33d..93bdde2 100644 --- a/src/wolfcrypt/src/des3.c +++ b/src/wolfcrypt/src/des3.c @@ -1,6 +1,6 @@ /* des3.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -1031,6 +1031,169 @@ } +#ifdef WOLFSSL_DES_ECB + /* One block, compatibility only */ + int wc_Des_EcbEncrypt(Des* des, byte* out, const byte* in, word32 sz) + { + int offset = 0; + int len = sz; + int ret = 0; + byte temp_block[DES_BLOCK_SIZE]; + + + #ifdef FREESCALE_MMCAU_CLASSIC + if ((wc_ptr_t)out % WOLFSSL_MMCAU_ALIGNMENT) { + WOLFSSL_MSG("Bad cau_des_encrypt alignment"); + return BAD_ALIGN_E; + } + #endif + + while (len > 0) + { + XMEMCPY(temp_block, in + offset, DES_BLOCK_SIZE); + + ret = wolfSSL_CryptHwMutexLock(); + if (ret != 0) { + return ret; + } + #ifdef FREESCALE_MMCAU_CLASSIC + cau_des_encrypt(temp_block, (byte*)des->key, out + offset); + #else + MMCAU_DES_EncryptEcb(temp_block, (byte*)des->key, out + offset); + #endif + wolfSSL_CryptHwMutexUnLock(); + + len -= DES_BLOCK_SIZE; + offset += DES_BLOCK_SIZE; + + } + return ret; + + } + + int wc_Des_EcbDecrypt(Des* des, byte* out, const byte* in, word32 sz) + { + int offset = 0; + int len = sz; + int ret = 0; + byte temp_block[DES_BLOCK_SIZE]; + + #ifdef FREESCALE_MMCAU_CLASSIC + if ((wc_ptr_t)out % WOLFSSL_MMCAU_ALIGNMENT) { + WOLFSSL_MSG("Bad cau_des_decrypt alignment"); + return BAD_ALIGN_E; + } + #endif + + while (len > 0) + { + XMEMCPY(temp_block, in + offset, DES_BLOCK_SIZE); + + ret = wolfSSL_CryptHwMutexLock(); + if (ret != 0) { + return ret; + } + + #ifdef FREESCALE_MMCAU_CLASSIC + cau_des_decrypt(in + offset, (byte*)des->key, out + offset); + #else + MMCAU_DES_DecryptEcb(in + offset, (byte*)des->key, out + offset); + #endif + wolfSSL_CryptHwMutexUnLock(); + + len -= DES_BLOCK_SIZE; + offset += DES_BLOCK_SIZE; + } + + return ret; + } + + int wc_Des3_EcbEncrypt(Des3* des, byte* out, const byte* in, word32 sz) + { + int offset = 0; + int len = sz; + int ret = 0; + + byte temp_block[DES_BLOCK_SIZE]; + + + #ifdef FREESCALE_MMCAU_CLASSIC + if ((wc_ptr_t)out % WOLFSSL_MMCAU_ALIGNMENT) { + WOLFSSL_MSG("Bad 3ede cau_des_encrypt alignment"); + return BAD_ALIGN_E; + } + #endif + + while (len > 0) + { + XMEMCPY(temp_block, in + offset, DES_BLOCK_SIZE); + + ret = wolfSSL_CryptHwMutexLock(); + if (ret != 0) { + return ret; + } + #ifdef FREESCALE_MMCAU_CLASSIC + cau_des_encrypt(temp_block, (byte*)des->key[0], out + offset); + cau_des_decrypt(out + offset, (byte*)des->key[1], out + offset); + cau_des_encrypt(out + offset, (byte*)des->key[2], out + offset); + #else + MMCAU_DES_EncryptEcb(temp_block , (byte*)des->key[0], out + offset); + MMCAU_DES_DecryptEcb(out + offset, (byte*)des->key[1], out + offset); + MMCAU_DES_EncryptEcb(out + offset, (byte*)des->key[2], out + offset); + #endif + wolfSSL_CryptHwMutexUnLock(); + + len -= DES_BLOCK_SIZE; + offset += DES_BLOCK_SIZE; + + } + + return ret; + } + + int wc_Des3_EcbDecrypt(Des3* des, byte* out, const byte* in, word32 sz) + { + int offset = 0; + int len = sz; + int ret = 0; + + byte temp_block[DES_BLOCK_SIZE]; + + #ifdef FREESCALE_MMCAU_CLASSIC + if ((wc_ptr_t)out % WOLFSSL_MMCAU_ALIGNMENT) { + WOLFSSL_MSG("Bad 3ede cau_des_decrypt alignment"); + return BAD_ALIGN_E; + } + #endif + + while (len > 0) + { + XMEMCPY(temp_block, in + offset, DES_BLOCK_SIZE); + + ret = wolfSSL_CryptHwMutexLock(); + if (ret != 0) { + return ret; + } + #ifdef FREESCALE_MMCAU_CLASSIC + cau_des_decrypt(in + offset, (byte*)des->key[2], out + offset); + cau_des_encrypt(out + offset, (byte*)des->key[1], out + offset); + cau_des_decrypt(out + offset, (byte*)des->key[0], out + offset); + #else + MMCAU_DES_DecryptEcb(in + offset , (byte*)des->key[2], out + offset); + MMCAU_DES_EncryptEcb(out + offset, (byte*)des->key[1], out + offset); + MMCAU_DES_DecryptEcb(out + offset, (byte*)des->key[0], out + offset); + #endif + wolfSSL_CryptHwMutexUnLock(); + + len -= DES_BLOCK_SIZE; + offset += DES_BLOCK_SIZE; + } + + return ret; + } +#endif /* WOLFSSL_DES_ECB */ + + #elif defined(WOLFSSL_PIC32MZ_CRYPT) /* PIC32MZ DES hardware requires size multiple of block size */ diff --git a/src/wolfcrypt/src/dh.c b/src/wolfcrypt/src/dh.c index 28ed197..610b4b6 100644 --- a/src/wolfcrypt/src/dh.c +++ b/src/wolfcrypt/src/dh.c @@ -1,6 +1,6 @@ /* dh.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -1028,7 +1028,7 @@ static int _ffc_pairwise_consistency_test(DhKey* key, if (n < 5) return 0; else - return (word32)(2.4 * XPOW((double)n, 1.0/3.0) * + return (word32)((double)2.4 * XPOW((double)n, 1.0/3.0) * XPOW(XLOG((double)n), 2.0/3.0) - 5); } #endif /* WOLFSSL_DH_CONST*/ @@ -1153,7 +1153,7 @@ static int GeneratePrivateDh186(DhKey* key, WC_RNG* rng, byte* priv, } #ifdef WOLFSSL_CHECK_MEM_ZERO - wc_MemZero_Add("GeneratePrivateDh186 cBuf", cBuf, cSz); + wc_MemZero_Add("GeneratePrivateDh186 cBuf", cBuf, cSz); /* cppcheck-suppress uninitvar */ mp_memzero_add("GeneratePrivateDh186 tmpX", tmpX); #endif do { @@ -1981,7 +1981,7 @@ int wc_DhGenerateKeyPair(DhKey* key, WC_RNG* rng, #ifndef WOLFSSL_KCAPI_DH static int wc_DhAgree_Sync(DhKey* key, byte* agree, word32* agreeSz, - const byte* priv, word32 privSz, const byte* otherPub, word32 pubSz) + const byte* priv, word32 privSz, const byte* otherPub, word32 pubSz, int ct) { int ret = 0; #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) @@ -2138,6 +2138,13 @@ static int wc_DhAgree_Sync(DhKey* key, byte* agree, word32* agreeSz, #endif #if !defined(WOLFSSL_SP_MATH) + if (ct) { + /* for the constant-time variant, we will probably use more bits in x for + * the modexp than we read from the private key, and those extra bits need + * to be zeroed. + */ + XMEMSET(x, 0, sizeof *x); + } if (mp_init_multi(x, y, z, 0, 0, 0) != MP_OKAY) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) XFREE(z, key->heap, DYNAMIC_TYPE_DH); @@ -2159,8 +2166,17 @@ static int wc_DhAgree_Sync(DhKey* key, byte* agree, word32* agreeSz, if (ret == 0 && mp_read_unsigned_bin(y, otherPub, pubSz) != MP_OKAY) ret = MP_READ_E; - if (ret == 0 && mp_exptmod(y, x, &key->p, z) != MP_OKAY) - ret = MP_EXPTMOD_E; + if (ret == 0) { + if (ct) + ret = mp_exptmod_ex(y, x, + ((int)*agreeSz + DIGIT_BIT - 1) / DIGIT_BIT, + &key->p, z); + else + ret = mp_exptmod(y, x, &key->p, z); + if (ret != MP_OKAY) + ret = MP_EXPTMOD_E; + } + #ifdef WOLFSSL_CHECK_MEM_ZERO if (ret == 0) mp_memzero_add("wc_DhAgree_Sync z", z); @@ -2170,11 +2186,16 @@ static int wc_DhAgree_Sync(DhKey* key, byte* agree, word32* agreeSz, if (ret == 0 && (mp_cmp_d(z, 1) == MP_EQ)) ret = MP_VAL; - if (ret == 0 && mp_to_unsigned_bin(z, agree) != MP_OKAY) - ret = MP_TO_E; - - if (ret == 0) - *agreeSz = (word32)mp_unsigned_bin_size(z); + if (ret == 0) { + if (ct) { + ret = mp_to_unsigned_bin_len_ct(z, agree, (int)*agreeSz); + } + else { + ret = mp_to_unsigned_bin(z, agree); + if (ret == MP_OKAY) + *agreeSz = (word32)mp_unsigned_bin_size(z); + } + } mp_forcezero(z); mp_clear(y); @@ -2183,6 +2204,7 @@ static int wc_DhAgree_Sync(DhKey* key, byte* agree, word32* agreeSz, RESTORE_VECTOR_REGISTERS(); #else + (void)ct; ret = WC_KEY_SIZE_E; #endif @@ -2238,7 +2260,8 @@ static int wc_DhAgree_Async(DhKey* key, byte* agree, word32* agreeSz, #endif /* otherwise use software DH */ - ret = wc_DhAgree_Sync(key, agree, agreeSz, priv, privSz, otherPub, pubSz); + ret = wc_DhAgree_Sync(key, agree, agreeSz, priv, privSz, otherPub, pubSz, + 0); return ret; } @@ -2267,13 +2290,69 @@ int wc_DhAgree(DhKey* key, byte* agree, word32* agreeSz, const byte* priv, else #endif { - ret = wc_DhAgree_Sync(key, agree, agreeSz, priv, privSz, otherPub, pubSz); + ret = wc_DhAgree_Sync(key, agree, agreeSz, priv, privSz, otherPub, + pubSz, 0); } #endif /* WOLFSSL_KCAPI_DH */ return ret; } +int wc_DhAgree_ct(DhKey* key, byte* agree, word32 *agreeSz, const byte* priv, + word32 privSz, const byte* otherPub, word32 pubSz) +{ + int ret; + word32 requested_agreeSz; +#ifndef WOLFSSL_NO_MALLOC + byte *agree_buffer = NULL; +#else + byte agree_buffer[DH_MAX_SIZE / 8]; +#endif + + if (key == NULL || agree == NULL || agreeSz == NULL || priv == NULL || + otherPub == NULL) { + return BAD_FUNC_ARG; + } + + requested_agreeSz = *agreeSz; + +#ifndef WOLFSSL_NO_MALLOC + agree_buffer = (byte *)XMALLOC(requested_agreeSz, key->heap, + DYNAMIC_TYPE_DH); + if (agree_buffer == NULL) + return MEMORY_E; +#endif + + XMEMSET(agree_buffer, 0, requested_agreeSz); + + ret = wc_DhAgree_Sync(key, agree_buffer, agreeSz, priv, privSz, otherPub, + pubSz, 1); + + if (ret == 0) { + /* Arrange for correct fixed-length, right-justified key, even if the + * crypto back end doesn't support it. This assures that the key is + * unconditionally agreed correctly. With some crypto back ends, + * e.g. heapmath, there are no provisions for actual constant time, but + * with others the key computation and clamping is constant time, and + * the unclamping here is also constant time. + */ + byte *agree_src = agree_buffer + *agreeSz - 1, + *agree_dst = agree + requested_agreeSz - 1; + while (agree_dst >= agree) { + word32 mask = (agree_src >= agree_buffer) - 1U; + agree_src += (mask & requested_agreeSz); + *agree_dst-- = *agree_src--; + } + *agreeSz = requested_agreeSz; + } + +#ifndef WOLFSSL_NO_MALLOC + XFREE(agree_buffer, key->heap, DYNAMIC_TYPE_DH); +#endif + + return ret; +} + #ifdef WOLFSSL_DH_EXTRA WOLFSSL_LOCAL int wc_DhKeyCopy(DhKey* src, DhKey* dst) { @@ -2900,7 +2979,11 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh) primeCheckCount = 0; int primeCheck = MP_NO, ret = 0; +#ifdef WOLFSSL_NO_MALLOC + unsigned char buf[DH_MAX_SIZE / WOLFSSL_BIT_SIZE]; +#else unsigned char *buf = NULL; +#endif #if !defined(WOLFSSL_SMALL_STACK) || defined(WOLFSSL_NO_MALLOC) XMEMSET(tmp, 0, sizeof(tmp)); @@ -2950,11 +3033,16 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh) if (ret == 0) { bufSz = (word32)modSz - groupSz; +#ifdef WOLFSSL_NO_MALLOC + if (bufSz > sizeof(buf)) + ret = MEMORY_E; +#else /* allocate ram */ buf = (unsigned char *)XMALLOC(bufSz, dh->heap, DYNAMIC_TYPE_TMP_BUFFER); if (buf == NULL) ret = MEMORY_E; +#endif } /* make a random string that will be multiplied against q */ @@ -3088,11 +3176,16 @@ int wc_DhGenerateParams(WC_RNG *rng, int modSz, DhKey *dh) RESTORE_VECTOR_REGISTERS(); - if (buf != NULL) { +#ifndef WOLFSSL_NO_MALLOC + if (buf != NULL) +#endif + { ForceZero(buf, bufSz); +#ifndef WOLFSSL_NO_MALLOC if (dh != NULL) { XFREE(buf, dh->heap, DYNAMIC_TYPE_TMP_BUFFER); } +#endif } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) @@ -3149,7 +3242,7 @@ int wc_DhExportParamsRaw(DhKey* dh, byte* p, word32* pSz, *pSz = pLen; *qSz = qLen; *gSz = gLen; - ret = LENGTH_ONLY_E; + ret = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } } diff --git a/src/wolfcrypt/src/dilithium.c b/src/wolfcrypt/src/dilithium.c index f3a6f01..ce01042 100644 --- a/src/wolfcrypt/src/dilithium.c +++ b/src/wolfcrypt/src/dilithium.c @@ -1,6 +1,6 @@ /* dilithium.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -58,6 +58,19 @@ * WOLFSSL_DILITHIUM_SIGN_SMALL_MEM Default: OFF * Compiles signature implementation that uses smaller amounts of memory but * is considerably slower. + * WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC Default: OFF + * Compiles signature implementation that uses smaller amounts of memory but + * is considerably slower. Allocates vectors and decodes private key data + * into them upfront. + * WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A Default: OFF + * Compiles signature implementation that uses smaller amounts of memory but + * is slower. Allocates matrix A and calculates it upfront. + * WOLFSSL_DILITHIUM_MAKE_KEY_SMALL_MEM Default: OFF + * Compiles key generation implementation that uses smaller amounts of memory + * but is slower. + * WOLFSSL_DILITHIUM_SMALL_MEM_POLY64 Default: OFF + * Compiles the small memory implementations to use a 64-bit polynomial. + * Uses 2KB of memory but is slightly quicker (2.75-7%). * * WOLFSSL_DILITHIUM_ALIGNMENT Default: 8 * Use to indicate whether loading and storing of words needs to be aligned. @@ -67,6 +80,9 @@ * * WOLFSSL_DILITHIUM_NO_ASN1 Default: OFF * Disables any ASN.1 encoding or decoding code. + * WOLFSSL_DILITHIUM_REVERSE_HASH_OID Default: OFF + * Reverse the DER encoded hash oid when signing and verifying a pre-hashed + * message. * * WC_DILITHIUM_CACHE_MATRIX_A Default: OFF * Enable caching of the A matrix on import. @@ -79,6 +95,10 @@ * Enable caching of public key vectors on import. * Enables WC_DILITHIUM_CACHE_MATRIX_A. * Less work is required in sign operations. + * WC_DILITHIUM_FIXED_ARRAY Default: OFF + * Make the matrix and vectors of cached data fixed arrays that have + * maximumal sizes for the configured parameters. + * Useful in low dynamic memory situations. * * WOLFSSL_DILITHIUM_SIGN_CHECK_Y Default: OFF * Check vector y is in required range as an early check on valid vector z. @@ -129,6 +149,7 @@ #endif #include +#include #include #include #ifdef NO_INLINE @@ -138,6 +159,18 @@ #include #endif +#if defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC) && \ + !defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM) + #define WOLFSSL_DILITHIUM_SIGN_SMALL_MEM +#endif +#if defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A) && \ + !defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM) + #define WOLFSSL_DILITHIUM_SIGN_SMALL_MEM + #ifdef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC + #error "PRECALC and PRECALC_A is equivalent to non small mem" + #endif +#endif + #ifdef WOLFSSL_WC_DILITHIUM #ifdef DEBUG_DILITHIUM @@ -217,6 +250,9 @@ void print_data(const char* name, const byte* d, int len) /* Number of bytes to a block of SHAKE-256 when generating s1 and s2. */ #define DILITHIUM_GEN_S_BLOCK_BYTES (WC_SHA3_256_COUNT * 8) +/* Length of the hash OID to include in pre-hash message. */ +#define DILITHIUM_HASH_OID_LEN 11 + /* The ML-DSA parameters sets. */ static const wc_dilithium_params dilithium_params[] = { @@ -256,6 +292,44 @@ static const wc_dilithium_params dilithium_params[] = { PARAMS_ML_DSA_87_Z_ENC_SIZE, PARAMS_ML_DSA_87_PK_SIZE, PARAMS_ML_DSA_87_SIG_SIZE }, #endif +#if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT) +#ifndef WOLFSSL_NO_ML_DSA_44 + { WC_ML_DSA_44_DRAFT, PARAMS_ML_DSA_44_K, PARAMS_ML_DSA_44_L, + PARAMS_ML_DSA_44_ETA, PARAMS_ML_DSA_44_ETA_BITS, + PARAMS_ML_DSA_44_TAU, PARAMS_ML_DSA_44_BETA, PARAMS_ML_DSA_44_OMEGA, + PARAMS_ML_DSA_44_LAMBDA, + PARAMS_ML_DSA_44_GAMMA1_BITS, PARAMS_ML_DSA_44_GAMMA2, + PARAMS_ML_DSA_44_W1_ENC_SZ, PARAMS_ML_DSA_44_A_SIZE, + PARAMS_ML_DSA_44_S1_SIZE, PARAMS_ML_DSA_44_S1_ENC_SIZE, + PARAMS_ML_DSA_44_S2_SIZE, PARAMS_ML_DSA_44_S2_ENC_SIZE, + PARAMS_ML_DSA_44_Z_ENC_SIZE, + PARAMS_ML_DSA_44_PK_SIZE, PARAMS_ML_DSA_44_SIG_SIZE }, +#endif +#ifndef WOLFSSL_NO_ML_DSA_65 + { WC_ML_DSA_65_DRAFT, PARAMS_ML_DSA_65_K, PARAMS_ML_DSA_65_L, + PARAMS_ML_DSA_65_ETA, PARAMS_ML_DSA_65_ETA_BITS, + PARAMS_ML_DSA_65_TAU, PARAMS_ML_DSA_65_BETA, PARAMS_ML_DSA_65_OMEGA, + PARAMS_ML_DSA_65_LAMBDA, + PARAMS_ML_DSA_65_GAMMA1_BITS, PARAMS_ML_DSA_65_GAMMA2, + PARAMS_ML_DSA_65_W1_ENC_SZ, PARAMS_ML_DSA_65_A_SIZE, + PARAMS_ML_DSA_65_S1_SIZE, PARAMS_ML_DSA_65_S1_ENC_SIZE, + PARAMS_ML_DSA_65_S2_SIZE, PARAMS_ML_DSA_65_S2_ENC_SIZE, + PARAMS_ML_DSA_65_Z_ENC_SIZE, + PARAMS_ML_DSA_65_PK_SIZE, PARAMS_ML_DSA_65_SIG_SIZE }, +#endif +#ifndef WOLFSSL_NO_ML_DSA_87 + { WC_ML_DSA_87_DRAFT, PARAMS_ML_DSA_87_K, PARAMS_ML_DSA_87_L, + PARAMS_ML_DSA_87_ETA, PARAMS_ML_DSA_87_ETA_BITS, + PARAMS_ML_DSA_87_TAU, PARAMS_ML_DSA_87_BETA, PARAMS_ML_DSA_87_OMEGA, + PARAMS_ML_DSA_87_LAMBDA, + PARAMS_ML_DSA_87_GAMMA1_BITS, PARAMS_ML_DSA_87_GAMMA2, + PARAMS_ML_DSA_87_W1_ENC_SZ, PARAMS_ML_DSA_87_A_SIZE, + PARAMS_ML_DSA_87_S1_SIZE, PARAMS_ML_DSA_87_S1_ENC_SIZE, + PARAMS_ML_DSA_87_S2_SIZE, PARAMS_ML_DSA_87_S2_ENC_SIZE, + PARAMS_ML_DSA_87_Z_ENC_SIZE, + PARAMS_ML_DSA_87_PK_SIZE, PARAMS_ML_DSA_87_SIG_SIZE }, +#endif +#endif }; /* Number of ML-DSA parameter sets compiled in. */ #define DILITHIUM_PARAMS_CNT \ @@ -271,7 +345,7 @@ static const wc_dilithium_params dilithium_params[] = { static int dilithium_get_params(int level, const wc_dilithium_params** params) { unsigned int i; - int ret = NOT_COMPILED_IN; + int ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN); for (i = 0; i < DILITHIUM_PARAMS_CNT; i++) { if (dilithium_params[i].level == level) { @@ -318,7 +392,6 @@ static int dilithium_shake256(wc_Shake* shake256, const byte* data, return ret; } -#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY) /* 256-bit hash using SHAKE-256. * * FIPS 204. 8.3: H(v,d) <- SHAKE256(v,d) @@ -356,6 +429,195 @@ static int dilithium_hash256(wc_Shake* shake256, const byte* data1, return ret; } + +#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY) +/* 256-bit hash of context and message using SHAKE-256. + * + * FIPS 204. 5.2: Algorithm 2 ML-DSA.Sign(sk, M, ctx) + * ... + * 10: M' <- BytesToBits(IntegerToBytes(0, 1) || IntegerToBytes(|ctx|, 1) || + * ctx) || M + * ... + * + * FIPS 204. 6.2: Algorithm 7 ML-DSA.Sign_internal(sk, M', rnd) + * ... + * 6: mu <- H(BytesToBits(tr)||M', 64)) + * ... + * + * @param [in, out] shake256 SHAKE-256 object. + * @param [in] tr Public key hash. + * @param [in] trLen Length of public key hash in bytes. + * @param [in] preHash 0 when message was not hashed, + * 1 when message was hashed. + * @param [in] ctx Context of signature. + * @param [in] ctxLen Length of context of signature in bytes. + * @param [in] ctx Message to sign. + * @param [in] ctxLen Length of message to sign in bytes. + * @param [out] hash Buffer to hold hash result. + * @param [in] hashLen Number of bytes of hash to return. + * @return 0 on success. + * @return Negative on error. + */ +static int dilithium_hash256_ctx_msg(wc_Shake* shake256, const byte* tr, + byte trLen, byte preHash, const byte* ctx, byte ctxLen, const byte* msg, + word32 msgLen, byte* hash, word32 hashLen) +{ + int ret; + byte prefix[2]; + + prefix[0] = preHash; + prefix[1] = ctxLen; + + /* Initialize SHAKE-256 operation. */ + ret = wc_InitShake256(shake256, NULL, INVALID_DEVID); + if (ret == 0) { + /* Update with public key hash. */ + ret = wc_Shake256_Update(shake256, tr, trLen); + } + if (ret == 0) { + /* Update with context prefix - 0 | ctxLen. */ + ret = wc_Shake256_Update(shake256, prefix, (word32)sizeof(prefix)); + } + if (ret == 0) { + /* Update with context. */ + ret = wc_Shake256_Update(shake256, ctx, ctxLen); + } + if (ret == 0) { + /* Update with message. */ + ret = wc_Shake256_Update(shake256, msg, msgLen); + } + if (ret == 0) { + /* Compute hash of data. */ + ret = wc_Shake256_Final(shake256, hash, hashLen); + } + + return ret; +} + +/* Get the OID for the digest hash. + * + * @param [in] hash Hash algorithm. + * @param [out] oidBuffer Buffer to hold OID. + * @param [out] oidLen Length of OID in buffer. + * @return 0 on success. + * @return BAD_FUNC_ARG if hash algorithm not known. + */ +static int dilithium_get_hash_oid(int hash, byte* oidBuffer, word32* oidLen) +{ + int ret = 0; + const byte* oid; + +#ifndef WOLFSSL_DILITHIUM_NO_ASN1 + + oid = OidFromId(wc_HashGetOID((enum wc_HashType)hash), oidHashType, oidLen); + if ((oid != NULL) && (*oidLen <= DILITHIUM_HASH_OID_LEN - 2)) { +#ifndef WOLFSSL_DILITHIUM_REVERSE_HASH_OID + oidBuffer[0] = 0x06; /* ObjectID */ + oidBuffer[1] = *oidLen; /* ObjectID */ + oidBuffer += 2; + XMEMCPY(oidBuffer, oid, *oidLen); +#else + int i; + for (i = (int)*oidLen - 1; i >= 0; i--) { + *(oidBuffer++) = oid[i]; + } + *(oidBuffer++) = *oidLen; /* ObjectID */ + * oidBuffer = 0x06; /* ObjectID */ +#endif + *oidLen += 2; + } + else { + ret = BAD_FUNC_ARG; + } + +#else + + *oidLen = DILITHIUM_HASH_OID_LEN; +#ifndef NO_SHA256 + if (hash == WC_HASH_TYPE_SHA256) { + static byte sha256Oid[DILITHIUM_HASH_OID_LEN] = { + 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01 + }; + oid = sha256Oid; + } + else +#endif +#ifdef WOLFSSL_SHA384 + if (hash == WC_HASH_TYPE_SHA384) { + static byte sha384Oid[DILITHIUM_HASH_OID_LEN] = { + 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x02 + }; + oid = sha384Oid; + } + else +#endif +#ifdef WOLFSSL_SHA512 + if (hash == WC_HASH_TYPE_SHA512) { + static byte sha512Oid[DILITHIUM_HASH_OID_LEN] = { + 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x03 + }; + oid = sha512Oid; + } + else +#ifndef WOLFSSL_NOSHA512_256 + if (hash == WC_HASH_TYPE_SHA512_256) { + static byte sha512_256Oid[DILITHIUM_HASH_OID_LEN] = { + 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x06 + }; + oid = sha512_256Oid; + } + else +#endif +#endif + if (hash == WC_HASH_TYPE_SHAKE128) { + static byte shake128Oid[DILITHIUM_HASH_OID_LEN] = { + 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x0B + }; + oid = shake128Oid; + } + else if (hash == WC_HASH_TYPE_SHAKE256) { + static byte shake256Oid[DILITHIUM_HASH_OID_LEN] = { + 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x0C + }; + oid = shake256Oid; + } + else if (hash == WC_HASH_TYPE_SHA3_256) { + static byte sha3_256Oid[DILITHIUM_HASH_OID_LEN] = { + 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x08 + }; + oid = sha3_256Oid; + } + else if (hash == WC_HASH_TYPE_SHA3_384) { + static byte sha3_384Oid[DILITHIUM_HASH_OID_LEN] = { + 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x09 + }; + oid = sha3_384Oid; + } + else if (hash == WC_HASH_TYPE_SHA3_512) { + static byte sha3_512Oid[DILITHIUM_HASH_OID_LEN] = { + 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x0A + }; + oid = sha3_512Oid; + } + else { + oid = NULL; + ret = BAD_FUNC_ARG; + } + + if ((oid != NULL) && (*oidLen <= DILITHIUM_HASH_OID_LEN)) { +#ifndef WOLFSSL_DILITHIUM_REVERSE_HASH_OID + XMEMCPY(oidBuffer, oid, *oidLen); +#else + int i; + for (i = (int)*oidLen - 1; i >= 0; i--) { + *(oidBuffer++) = oid[i]; + } +#endif + } +#endif + + return ret; +} #endif #ifndef WOLFSSL_DILITHIUM_SMALL @@ -710,13 +972,13 @@ static void dilithium_vec_decode_eta_bits(const byte* p, byte eta, sword32* s, * 2: r0 <- r+ mod +/- 2^d * 3: return ((r+ - r0) / 2^d, r0) * - * FIPS 204. 8.2: Algorithm 18 skEncode(rho, K, tr, s1, s2, t0) + * FIPS 204. 7.2: Algorithm 24 skEncode(rho, K, tr, s1, s2, t0) * ... * 8: for i form 0 to k - 1 do * 9: sk <- sk || BitPack(t0[i], s^(d-1) - 1, 2^(d-1)) * 10: end for * - * FIPS 204. 8.2: Algorithm 16 pkEncode(rho, t1) + * FIPS 204. 7.2: Algorithm 22 pkEncode(rho, t1) * ... * 2: for i from 0 to k - 1 do * 3: pk <- pk || SimpleBitPack(t1[i], 2^bitlen(q-1) - d - 1) @@ -732,9 +994,9 @@ static void dilithium_vec_encode_t0_t1(sword32* t, byte d, byte* t0, byte* t1) unsigned int i; unsigned int j; - /* Alg 18, Step 8 and Alg 16, Step 2. For each polynomial of vector. */ + /* Alg 24, Step 8 and Alg 22, Step 2. For each polynomial of vector. */ for (i = 0; i < d; i++) { - /* Alg 18, Step 9 and Alg 16, Step 3. + /* Alg 24, Step 9 and Alg 22, Step 3. * Do all polynomial values - 8 at a time. */ for (j = 0; j < DILITHIUM_N; j += 8) { /* Take 8 values of t and take top bits and make positive. */ @@ -1674,43 +1936,24 @@ static void dilithium_vec_encode_w1(const sword32* w1, byte k, sword32 gamma2, * @param [in, out] shake128 SHAKE-128 object. * @param [in] seed Seed to hash to generate values. * @param [out] a Polynomial. + * @param [in] h Buffer to hold hashes. * @return 0 on success. - * @return MEMORY_E when dynamic memory allocation fails. * @return Negative on hash error. */ -static int dilithium_rej_ntt_poly(wc_Shake* shake128, byte* seed, sword32* a, - byte* key_h) +static int dilithium_rej_ntt_poly_ex(wc_Shake* shake128, byte* seed, sword32* a, + byte* h) { -#ifdef WOLFSSL_DILITHIUM_SMALL int ret = 0; +#ifdef WOLFSSL_DILITHIUM_SMALL int j = 0; -#if defined(WOLFSSL_SMALL_STACK) || defined(WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC) - byte* h = NULL; -#else - byte h[DILITHIUM_REJ_NTT_POLY_H_SIZE]; -#endif - - (void)key_h; - -#ifdef WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC - h = key_h; -#elif defined(WOLFSSL_SMALL_STACK) - h = (byte*)XMALLOC(DILITHIUM_REJ_NTT_POLY_H_SIZE, NULL, - DYNAMIC_TYPE_DILITHIUM); - if (h == NULL) { - ret = MEMORY_E; - } -#endif /* WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC */ - if (ret == 0) { - #if defined(LITTLE_ENDIAN_ORDER) && (WOLFSSL_DILITHIUM_ALIGNMENT == 0) - /* Reading 4 bytes for 3 so need to set 1 past for last read. */ - h[DILITHIUM_GEN_A_BLOCK_BYTES] = 0; - #endif +#if defined(LITTLE_ENDIAN_ORDER) && (WOLFSSL_DILITHIUM_ALIGNMENT == 0) + /* Reading 4 bytes for 3 so need to set 1 past for last read. */ + h[DILITHIUM_GEN_A_BLOCK_BYTES] = 0; +#endif - /* Initialize SHAKE-128 object for new hash. */ - ret = wc_InitShake128(shake128, NULL, INVALID_DEVID); - } + /* Initialize SHAKE-128 object for new hash. */ + ret = wc_InitShake128(shake128, NULL, INVALID_DEVID); if (ret == 0) { /* Absorb the seed. */ ret = wc_Shake128_Absorb(shake128, seed, DILITHIUM_GEN_A_SEED_SZ); @@ -1746,39 +1989,14 @@ static int dilithium_rej_ntt_poly(wc_Shake* shake128, byte* seed, sword32* a, } } } - -#if !defined(WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC) && defined(WOLFSSL_SMALL_STACK) - XFREE(h, NULL, DYNAMIC_TYPE_DILITHIUM); -#endif - return ret; #else - int ret = 0; unsigned int j = 0; unsigned int c; -#if defined(WOLFSSL_SMALL_STACK) || defined(WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC) - byte* h = NULL; -#else - byte h[DILITHIUM_REJ_NTT_POLY_H_SIZE]; -#endif - - (void)key_h; - -#ifdef WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC - h = key_h; -#elif defined(WOLFSSL_SMALL_STACK) - h = (byte*)XMALLOC(DILITHIUM_REJ_NTT_POLY_H_SIZE, NULL, - DYNAMIC_TYPE_DILITHIUM); - if (h == NULL) { - ret = MEMORY_E; - } -#endif /* WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC */ - if (ret == 0) { - /* Generate enough SHAKE-128 output blocks to give high probability of - * being able to get 256 valid 3-byte, 23-bit values from it. */ - ret = dilithium_squeeze128(shake128, seed, DILITHIUM_GEN_A_SEED_SZ, h, - DILITHIUM_GEN_A_NBLOCKS); - } + /* Generate enough SHAKE-128 output blocks to give high probability of + * being able to get 256 valid 3-byte, 23-bit values from it. */ + ret = dilithium_squeeze128(shake128, seed, DILITHIUM_GEN_A_SEED_SZ, h, + DILITHIUM_GEN_A_NBLOCKS); if (ret == 0) { #if defined(LITTLE_ENDIAN_ORDER) && (WOLFSSL_DILITHIUM_ALIGNMENT == 0) /* Reading 4 bytes for 3 so need to set 1 past for last read. */ @@ -1786,7 +2004,7 @@ static int dilithium_rej_ntt_poly(wc_Shake* shake128, byte* seed, sword32* a, #endif /* Use the first 256 triplets and know we won't exceed required. */ -#ifdef WOLFSSL_DILITHIUM_NO_LARGE_CODE + #ifdef WOLFSSL_DILITHIUM_NO_LARGE_CODE for (c = 0; c < (DILITHIUM_N - 1) * 3; c += 3) { #if defined(LITTLE_ENDIAN_ORDER) && (WOLFSSL_DILITHIUM_ALIGNMENT == 0) /* Load 32-bit value and mask out 23 bits. */ @@ -1822,7 +2040,7 @@ static int dilithium_rej_ntt_poly(wc_Shake* shake128, byte* seed, sword32* a, } } } -#else + #else /* Do 15 bytes at a time: 255 * 3 / 15 = 51 */ for (c = 0; c < DILITHIUM_N * 3; c += 24) { #if defined(LITTLE_ENDIAN_ORDER) && (WOLFSSL_DILITHIUM_ALIGNMENT == 0) @@ -1919,7 +2137,7 @@ static int dilithium_rej_ntt_poly(wc_Shake* shake128, byte* seed, sword32* a, } } } -#endif + #endif /* Keep generating more blocks and using triplets until we have enough. */ while (j < DILITHIUM_N) { @@ -1952,15 +2170,60 @@ static int dilithium_rej_ntt_poly(wc_Shake* shake128, byte* seed, sword32* a, } } } - -#if !defined(WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC) && defined(WOLFSSL_SMALL_STACK) - XFREE(h, NULL, DYNAMIC_TYPE_DILITHIUM); #endif + return ret; +} + +#if (!defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) && \ + !defined(WOLFSSL_DILITHIUM_MAKE_KEY_SMALL_MEM)) || \ + defined(WOLFSSL_DILITHIUM_CHECK_KEY) || \ + (!defined(WOLFSSL_DILITHIUM_NO_SIGN) && \ + !defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM)) || \ + (!defined(WOLFSSL_DILITHIUM_NO_VERIFY) && \ + !defined(WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM)) +/* Generate a random polynomial by rejection. + * + * @param [in, out] shake128 SHAKE-128 object. + * @param [in] seed Seed to hash to generate values. + * @param [out] a Polynomial. + * @param [in] heap Dynamic memory hint. + * @return 0 on success. + * @return MEMORY_E when dynamic memory allocation fails. + * @return Negative on hash error. + */ +static int dilithium_rej_ntt_poly(wc_Shake* shake128, byte* seed, sword32* a, + void* heap) +{ + int ret; +#if defined(WOLFSSL_SMALL_STACK) + byte* h = NULL; +#else + byte h[DILITHIUM_REJ_NTT_POLY_H_SIZE]; #endif + + (void)heap; + +#if defined(WOLFSSL_SMALL_STACK) + h = (byte*)XMALLOC(DILITHIUM_REJ_NTT_POLY_H_SIZE, heap, + DYNAMIC_TYPE_DILITHIUM); + if (h == NULL) { + ret = MEMORY_E; + } +#endif + + ret = dilithium_rej_ntt_poly_ex(shake128, seed, a, h); + +#if defined(WOLFSSL_SMALL_STACK) + XFREE(h, heap, DYNAMIC_TYPE_DILITHIUM); +#endif + + return ret; } +#endif -#if !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) || \ +#if (!defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) && \ + !defined(WOLFSSL_DILITHIUM_MAKE_KEY_SMALL_MEM)) || \ defined(WOLFSSL_DILITHIUM_CHECK_KEY) || \ (!defined(WOLFSSL_DILITHIUM_NO_VERIFY) && \ !defined(WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM)) || \ @@ -1983,11 +2246,12 @@ static int dilithium_rej_ntt_poly(wc_Shake* shake128, byte* seed, sword32* a, * @param [in] k First dimension of matrix a. * @param [in] l Second dimension of matrix a. * @param [out] a Matrix of polynomials. + * @param [in] heap Dynamic memory hint. * @return 0 on success. * @return Negative on hash error. */ static int dilithium_expand_a(wc_Shake* shake128, const byte* pub_seed, byte k, - byte l, sword32* a) + byte l, sword32* a, void* heap) { int ret = 0; byte r; @@ -2005,7 +2269,7 @@ static int dilithium_expand_a(wc_Shake* shake128, const byte* pub_seed, byte k, /* Put s into buffer to be hashed. */ seed[DILITHIUM_PUB_SEED_SZ + 0] = s; /* Step 3: Create polynomial from hashing seed. */ - ret = dilithium_rej_ntt_poly(shake128, seed, a, NULL); + ret = dilithium_rej_ntt_poly(shake128, seed, a, heap); /* Next polynomial. */ a += DILITHIUM_N; } @@ -2031,7 +2295,7 @@ static int dilithium_expand_a(wc_Shake* shake128, const byte* pub_seed, byte k, #define DILITHIUM_COEFF_S_VALID_ETA2(b) \ ((b) < DILITHIUM_ETA_2_MOD) -static const byte dilithium_coeff_eta2[] = { +static const char dilithium_coeff_eta2[] = { 2, 1, 0, -1, -2, 2, 1, 0, -1, -2, 2, 1, 0, -1, -2 @@ -2514,6 +2778,7 @@ static int dilithium_vec_expand_mask(wc_Shake* shake256, byte* seed, #endif #if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY) + /* Expand commit to a polynomial. * * FIPS 204. 8.3: Algorithm 23 SampleInBall(rho) @@ -2530,48 +2795,41 @@ static int dilithium_vec_expand_mask(wc_Shake* shake256, byte* seed, * 11: end for * 12: return c * - * @param [in] shake256 SHAKE-256 object. - * @param [in] seed Buffer containing seed to expand. - * @param [in] tau Number of +/- 1s in polynomial. - * @param [out] c Commit polynomial. - * @param [in] key_block Memory to use for block from key. + * @param [in] shake256 SHAKE-256 object. + * @param [in] seed Buffer containing seed to expand. + * @param [in] seedLen Length of seed in bytes. + * @param [in] tau Number of +/- 1s in polynomial. + * @param [out] c Commit polynomial. + * @param [in] block Memory to use for block from key. * @return 0 on success. - * @return MEMORY_E when dynamic memory allocation fails. * @return Negative on hash error. */ -static int dilithium_sample_in_ball(wc_Shake* shake256, const byte* seed, - byte tau, sword32* c, byte* key_block) +static int dilithium_sample_in_ball_ex(int level, wc_Shake* shake256, + const byte* seed, word32 seedLen, byte tau, sword32* c, byte* block) { int ret = 0; unsigned int k; unsigned int i; unsigned int s; -#if defined(WOLFSSL_SMALL_STACK) || defined(WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC) - byte* block = NULL; -#else - byte block[DILITHIUM_GEN_C_BLOCK_BYTES]; -#endif byte signs[DILITHIUM_SIGN_BYTES]; - (void)key_block; - -#ifdef WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC - block = key_block; -#elif defined(WOLFSSL_SMALL_STACK) - block = (byte*)XMALLOC(DILITHIUM_GEN_C_BLOCK_BYTES, NULL, - DYNAMIC_TYPE_DILITHIUM); - if (block == NULL) { - ret = MEMORY_E; - } -#endif - if (ret == 0) { /* Set polynomial to all zeros. */ XMEMSET(c, 0, DILITHIUM_POLY_SIZE); /* Generate a block of data from seed. */ - ret = dilithium_shake256(shake256, seed, DILITHIUM_SEED_SZ, block, - DILITHIUM_GEN_C_BLOCK_BYTES); +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + if (level >= WC_ML_DSA_DRAFT) { + ret = dilithium_shake256(shake256, seed, DILITHIUM_SEED_SZ, block, + DILITHIUM_GEN_C_BLOCK_BYTES); + } + else +#endif + { + (void)level; + ret = dilithium_shake256(shake256, seed, seedLen, block, + DILITHIUM_GEN_C_BLOCK_BYTES); + } } if (ret == 0) { /* Copy first 8 bytes of first hash block as random sign bits. */ @@ -2609,26 +2867,72 @@ static int dilithium_sample_in_ball(wc_Shake* shake256, const byte* seed, s++; } -#if !defined(WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC) && defined(WOLFSSL_SMALL_STACK) - XFREE(block, NULL, DYNAMIC_TYPE_DILITHIUM); -#endif return ret; } + +#if (!defined(WOLFSSL_DILITHIUM_NO_SIGN) && \ + !defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM)) || \ + (!defined(WOLFSSL_DILITHIUM_NO_VERIFY) && \ + !defined(WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM)) +/* Expand commit to a polynomial. + * + * @param [in] shake256 SHAKE-256 object. + * @param [in] seed Buffer containing seed to expand. + * @param [in] seedLen Length of seed in bytes. + * @param [in] tau Number of +/- 1s in polynomial. + * @param [out] c Commit polynomial. + * @param [in] heap Dynamic memory hint. + * @return 0 on success. + * @return MEMORY_E when dynamic memory allocation fails. + * @return Negative on hash error. + */ +static int dilithium_sample_in_ball(int level, wc_Shake* shake256, + const byte* seed, word32 seedLen, byte tau, sword32* c, void* heap) +{ + int ret = 0; +#if defined(WOLFSSL_SMALL_STACK) + byte* block = NULL; +#else + byte block[DILITHIUM_GEN_C_BLOCK_BYTES]; #endif -/****************************************************************************** - * Decompose operations - ******************************************************************************/ + (void)heap; -#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY) -#ifndef WOLFSSL_NO_ML_DSA_44 -/* Decompose value into high and low based on GAMMA2 being ((q-1) / 88). - * - * FIPS 204. 8.4: Algorithm 30 Decompose(r) - * 1: r+ <- r mod q - * 2: r0 <- r+ mod+/- (2 * GAMMA2) - * 3: if r+ - r0 = q - 1 then - * 4: r1 <- 0 +#if defined(WOLFSSL_SMALL_STACK) + block = (byte*)XMALLOC(DILITHIUM_GEN_C_BLOCK_BYTES, heap, + DYNAMIC_TYPE_DILITHIUM); + if (block == NULL) { + ret = MEMORY_E; + } +#endif + + if (ret == 0) { + ret = dilithium_sample_in_ball_ex(level, shake256, seed, seedLen, tau, + c, block); + } + +#if defined(WOLFSSL_SMALL_STACK) + XFREE(block, heap, DYNAMIC_TYPE_DILITHIUM); +#endif + return ret; +} +#endif + +#endif + +/****************************************************************************** + * Decompose operations + ******************************************************************************/ + +#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY) +#ifndef WOLFSSL_NO_ML_DSA_44 +/* Decompose value into high and low based on GAMMA2 being ((q-1) / 88). + * + * FIPS 204. 8.4: Algorithm 30 Decompose(r) + * 1: r+ <- r mod q + * 2: r0 <- r+ mod+/- (2 * GAMMA2) + * 3: if r+ - r0 = q - 1 then + * 4: r1 <- 0 * 5: r0 <- r0 - 1 * 6: else r1 <- (r+ - r0) / (2 * GAMMA2) * 7: end if @@ -2734,7 +3038,8 @@ static void dilithium_decompose_q32(sword32 r, sword32* r0, sword32* r1) #ifndef WOLFSSL_DILITHIUM_NO_SIGN -#ifndef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM +#if !defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM) || \ + defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A) /* Decompose vector of polynomials into high and low based on GAMMA2. * * @param [in] r Vector of polynomials to decompose. @@ -2825,8 +3130,7 @@ static int dilithium_check_low(const sword32* a, sword32 hi) return ret; } -#if (!defined(WOLFSSL_DILITHIUM_NO_VERIFY) && \ - !defined(WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM)) || \ +#if !defined(WOLFSSL_DILITHIUM_NO_VERIFY) || \ (!defined(WOLFSSL_DILITHIUM_NO_SIGN) && \ !defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM)) /* Check that the values of the vector are in range. @@ -3125,11 +3429,11 @@ static int dilithium_check_hint(const byte* h, byte k, byte omega) unsigned int i; /* Skip polynomial index while count is 0. */ - while ((h[omega + o] == 0) && (o < k)) { + while ((o < k) && (h[omega + o] == 0)) { o++; } /* Check all possible hints. */ - for (i = 1; i < omega; i++) { + for (i = 1; (o < k) && (i < omega); i++) { /* Done with polynomial if index equals count of hints. */ if (i == h[omega + o]) { /* Next polynomial index while count is index. */ @@ -3143,7 +3447,7 @@ static int dilithium_check_hint(const byte* h, byte k, byte omega) } } /* Ensure the last hint is less than the current hint. */ - else if (h[i - 1] > h[i]) { + else if (h[i - 1] >= h[i]) { ret = SIG_VERIFY_E; break; } @@ -5160,27 +5464,27 @@ static void dilithium_vec_make_pos(sword32* a, byte l) /* Make a key from a random seed. * * xi is seed passed in. - * FIPS 204. 5: Algorithm 1 ML-DSA.KeyGen() - * ... - * 2: (rho, rho', K) E {0,1}256 x {0,1}512 x {0,1}256 <- H(xi, 1024) + * FIPS 204. 6.1: Algorithm 6 ML-DSA.KeyGen_internal(xi) + * 1: (rho, rho', K) E B32 x B64 x B32 <- H(xi||k||l, 1024) + * 2: * 3: A_circum <- ExpandA(rho) * 4: (s1,s2) <- ExpandS(rho') * 5: t <- NTT-1(A_circum o NTT(s1)) + s2 * 6: (t1, t0) <- Power2Round(t, d) * 7: pk <- pkEncode(rho, t1) - * 8: tr <- H(BytesToBits(pk), 512) + * 8: tr <- H(pk, 64) * 9: sk <- skEncode(rho, K, tr, s1, s2, t0) * 10: return (pk, sk) * - * FIPS 204. 8.2: Algorithm 16 pkEncode(rho, t1) - * 1: pk <- BitsToBytes(rho) - * 2: for i from 0 to l - 1 do + * FIPS 204. 7.2: Algorithm 22 pkEncode(rho, t1) + * 1: pk <- rho + * 2: for i from 0 to k - 1 do * 3: pk <- pk || SimpleBitPack(t1[i], 2^(bitlen(q-1)-d) - 1) * 4: end for * 5: return pk * - * FIPS 204. 8.2: Algorithm 18 skEncode(rho, K, tr, s, s2, t0) - * 1: sk <- BitsToBytes(rho) || BitsToBytes(K) || BitsToBytes(tr) + * FIPS 204. 7.2: Algorithm 24 skEncode(rho, K, tr, s, s2, t0) + * 1: sk <- rho || K || tr * 2: for i from 0 to l - 1 do * 3: sk <- sk || BitPack(s1[i], eta, eta) * 4: end for @@ -5202,6 +5506,7 @@ static void dilithium_vec_make_pos(sword32* a, byte l) */ static int dilithium_make_key_from_seed(dilithium_key* key, const byte* seed) { +#ifndef WOLFSSL_DILITHIUM_MAKE_KEY_SMALL_MEM int ret = 0; const wc_dilithium_params* params = key->params; sword32* a = NULL; @@ -5209,22 +5514,28 @@ static int dilithium_make_key_from_seed(dilithium_key* key, const byte* seed) sword32* s2 = NULL; sword32* t = NULL; byte* pub_seed = key->k; + byte kl[2]; /* Allocate memory for large intermediates. */ #ifdef WC_DILITHIUM_CACHE_MATRIX_A +#ifndef WC_DILITHIUM_FIXED_ARRAY if (key->a == NULL) { - key->a = (sword32*)XMALLOC(params->aSz, NULL, DYNAMIC_TYPE_DILITHIUM); + key->a = (sword32*)XMALLOC(params->aSz, key->heap, + DYNAMIC_TYPE_DILITHIUM); if (key->a == NULL) { ret = MEMORY_E; } } +#endif if (ret == 0) { a = key->a; } #endif #ifdef WC_DILITHIUM_CACHE_PRIV_VECTORS +#ifndef WC_DILITHIUM_FIXED_ARRAY if ((ret == 0) && (key->s1 == NULL)) { - key->s1 = (sword32*)XMALLOC(params->aSz, NULL, DYNAMIC_TYPE_DILITHIUM); + key->s1 = (sword32*)XMALLOC(params->aSz, key->heap, + DYNAMIC_TYPE_DILITHIUM); if (key->s1 == NULL) { ret = MEMORY_E; } @@ -5233,6 +5544,7 @@ static int dilithium_make_key_from_seed(dilithium_key* key, const byte* seed) key->t0 = key->s2 + params->s2Sz / sizeof(*s2); } } +#endif if (ret == 0) { s1 = key->s1; s2 = key->s2; @@ -5248,7 +5560,7 @@ static int dilithium_make_key_from_seed(dilithium_key* key, const byte* seed) #endif /* s1, s2, t, a */ - s1 = (sword32*)XMALLOC(allocSz, NULL, DYNAMIC_TYPE_DILITHIUM); + s1 = (sword32*)XMALLOC(allocSz, key->heap, DYNAMIC_TYPE_DILITHIUM); if (s1 == NULL) { ret = MEMORY_E; } @@ -5256,25 +5568,40 @@ static int dilithium_make_key_from_seed(dilithium_key* key, const byte* seed) s2 = s1 + params->s1Sz / sizeof(*s1); t = s2 + params->s2Sz / sizeof(*s2); #ifndef WC_DILITHIUM_CACHE_MATRIX_A - a = t + params->s2Sz / sizeof(*s2); + a = t + params->s2Sz / sizeof(*t); #endif } } #endif if (ret == 0) { - /* Step 2: Create public seed, private seed and K from seed. - * Step 9; Alg 18, Step 1: Public seed is placed into private key. */ - ret = dilithium_shake256(&key->shake, seed, DILITHIUM_SEED_SZ, pub_seed, - DILITHIUM_SEEDS_SZ); +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + if (key->params->level >= WC_ML_DSA_DRAFT) { + /* Step 2: Create public seed, private seed and K from seed. + * Step 9; Alg 18, Step 1: Public seed is placed into private key. + */ + ret = dilithium_shake256(&key->shake, seed, DILITHIUM_SEED_SZ, + pub_seed, DILITHIUM_SEEDS_SZ); + } + else +#endif + { + kl[0] = params->k; + kl[1] = params->l; + /* Step 1: Create public seed, private seed and K from seed. + * Step 9; Alg 24, Step 1: Public seed is placed into private key. + */ + ret = dilithium_hash256(&key->shake, seed, DILITHIUM_SEED_SZ, kl, 2, + pub_seed, DILITHIUM_SEEDS_SZ); + } } if (ret == 0) { - /* Step 7; Alg 16 Step 1: Copy public seed into public key. */ + /* Step 7; Alg 22 Step 1: Copy public seed into public key. */ XMEMCPY(key->p, pub_seed, DILITHIUM_PUB_SEED_SZ); /* Step 3: Expand public seed into a matrix of polynomials. */ ret = dilithium_expand_a(&key->shake, pub_seed, params->k, params->l, - a); + a, key->heap); } if (ret == 0) { byte* priv_seed = key->k + DILITHIUM_PUB_SEED_SZ; @@ -5293,9 +5620,9 @@ static int dilithium_make_key_from_seed(dilithium_key* key, const byte* seed) /* Step 9: Move k down to after public seed. */ XMEMCPY(k, k + DILITHIUM_PRIV_SEED_SZ, DILITHIUM_K_SZ); - /* Step 9. Alg 18 Steps 2-4: Encode s1 into private key. */ + /* Step 9. Alg 24 Steps 2-4: Encode s1 into private key. */ dilthium_vec_encode_eta_bits(s1, params->l, params->eta, s1p); - /* Step 9. Alg 18 Steps 5-7: Encode s2 into private key. */ + /* Step 9. Alg 24 Steps 5-7: Encode s2 into private key. */ dilthium_vec_encode_eta_bits(s2, params->k, params->eta, s2p); /* Step 5: t <- NTT-1(A_circum o NTT(s1)) + s2 */ @@ -5306,11 +5633,11 @@ static int dilithium_make_key_from_seed(dilithium_key* key, const byte* seed) /* Make positive for decomposing. */ dilithium_vec_make_pos(t, params->k); - /* Step 6, Step 7, Step 9. Alg 16 Steps 2-4, Alg 18 Steps 8-10. + /* Step 6, Step 7, Step 9. Alg 22 Steps 2-4, Alg 24 Steps 8-10. * Decompose t in t0 and t1 and encode into public and private key. */ dilithium_vec_encode_t0_t1(t, params->k, t0, t1); - /* Step 8. Alg 18, Step 1: Hash public key into private key. */ + /* Step 8. Alg 24, Step 1: Hash public key into private key. */ ret = dilithium_shake256(&key->shake, key->p, params->pkSz, tr, DILITHIUM_TR_SZ); } @@ -5333,16 +5660,239 @@ static int dilithium_make_key_from_seed(dilithium_key* key, const byte* seed) } #ifndef WC_DILITHIUM_CACHE_PRIV_VECTORS - XFREE(s1, NULL, DYNAMIC_TYPE_DILITHIUM); + XFREE(s1, key->heap, DYNAMIC_TYPE_DILITHIUM); +#endif + return ret; +#else + int ret = 0; + const wc_dilithium_params* params = key->params; + sword32* a = NULL; + sword32* s1 = NULL; + sword32* s2 = NULL; + sword32* t = NULL; +#ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64 + sword64* t64 = NULL; +#endif + byte* h = NULL; + byte* pub_seed = key->k; + unsigned int r; + unsigned int s; + byte kl[2]; + + /* Allocate memory for large intermediates. */ + if (ret == 0) { + unsigned int allocSz; + + /* s1-l, s2-k, t-k, a-1 */ + allocSz = params->s1Sz + params->s2Sz + params->s2Sz + + DILITHIUM_REJ_NTT_POLY_H_SIZE + DILITHIUM_POLY_SIZE; + #ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64 + /* t64 */ + allocSz += DILITHIUM_POLY_SIZE * 2; + #endif + s1 = (sword32*)XMALLOC(allocSz, key->heap, DYNAMIC_TYPE_DILITHIUM); + if (s1 == NULL) { + ret = MEMORY_E; + } + else { + s2 = s1 + params->s1Sz / sizeof(*s1); + t = s2 + params->s2Sz / sizeof(*s2); + h = (byte*)(t + params->s2Sz / sizeof(*t)); + a = (sword32*)(h + DILITHIUM_REJ_NTT_POLY_H_SIZE); + #ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64 + t64 = (sword64*)(a + DILITHIUM_N); + #endif + } + } + + if (ret == 0) { +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + if (key->params->level >= WC_ML_DSA_DRAFT) { + /* Step 2: Create public seed, private seed and K from seed. + * Step 9; Alg 18, Step 1: Public seed is placed into private key. + */ + ret = dilithium_shake256(&key->shake, seed, DILITHIUM_SEED_SZ, + pub_seed, DILITHIUM_SEEDS_SZ); + } + else #endif + { + kl[0] = params->k; + kl[1] = params->l; + /* Step 1: Create public seed, private seed and K from seed. + * Step 9; Alg 24, Step 1: Public seed is placed into private key. + */ + ret = dilithium_hash256(&key->shake, seed, DILITHIUM_SEED_SZ, kl, 2, + pub_seed, DILITHIUM_SEEDS_SZ); + } + } + if (ret == 0) { + byte* priv_seed = key->k + DILITHIUM_PUB_SEED_SZ; + + /* Step 7; Alg 22 Step 1: Copy public seed into public key. */ + XMEMCPY(key->p, pub_seed, DILITHIUM_PUB_SEED_SZ); + + /* Step 4: Expand private seed into to vectors of polynomials. */ + ret = dilithium_expand_s(&key->shake, priv_seed, params->eta, s1, + params->l, s2, params->k); + } + if (ret == 0) { + byte* k = pub_seed + DILITHIUM_PUB_SEED_SZ; + byte* tr = k + DILITHIUM_K_SZ; + byte* s1p = tr + DILITHIUM_TR_SZ; + byte* s2p = s1p + params->s1EncSz; + byte* t0 = s2p + params->s2EncSz; + byte* t1 = key->p + DILITHIUM_PUB_SEED_SZ; + byte aseed[DILITHIUM_GEN_A_SEED_SZ]; + sword32* s2t = s2; + sword32* tt = t; + + /* Step 9: Move k down to after public seed. */ + XMEMCPY(k, k + DILITHIUM_PRIV_SEED_SZ, DILITHIUM_K_SZ); + /* Step 9. Alg 24 Steps 2-4: Encode s1 into private key. */ + dilthium_vec_encode_eta_bits(s1, params->l, params->eta, s1p); + /* Step 9. Alg 24 Steps 5-7: Encode s2 into private key. */ + dilthium_vec_encode_eta_bits(s2, params->k, params->eta, s2p); + + /* Step 5: NTT(s1) */ + dilithium_vec_ntt_small(s1, params->l); + /* Step 5: t <- NTT-1(A_circum o NTT(s1)) + s2 */ + XMEMCPY(aseed, pub_seed, DILITHIUM_PUB_SEED_SZ); + for (r = 0; (ret == 0) && (r < params->k); r++) { + sword32* s1t = s1; + unsigned int e; + + /* Put r/i into buffer to be hashed. */ + aseed[DILITHIUM_PUB_SEED_SZ + 1] = r; + for (s = 0; (ret == 0) && (s < params->l); s++) { + + /* Put s into buffer to be hashed. */ + aseed[DILITHIUM_PUB_SEED_SZ + 0] = s; + /* Step 3: Expand public seed into a matrix of polynomials. */ + ret = dilithium_rej_ntt_poly_ex(&key->shake, aseed, a, h); + if (ret != 0) { + break; + } + /* Matrix multiply. */ + #ifndef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64 + if (s == 0) { + #ifdef WOLFSSL_DILITHIUM_SMALL + for (e = 0; e < DILITHIUM_N; e++) { + tt[e] = dilithium_mont_red((sword64)a[e] * s1t[e]); + } + #else + for (e = 0; e < DILITHIUM_N; e += 8) { + tt[e+0] = dilithium_mont_red((sword64)a[e+0]*s1t[e+0]); + tt[e+1] = dilithium_mont_red((sword64)a[e+1]*s1t[e+1]); + tt[e+2] = dilithium_mont_red((sword64)a[e+2]*s1t[e+2]); + tt[e+3] = dilithium_mont_red((sword64)a[e+3]*s1t[e+3]); + tt[e+4] = dilithium_mont_red((sword64)a[e+4]*s1t[e+4]); + tt[e+5] = dilithium_mont_red((sword64)a[e+5]*s1t[e+5]); + tt[e+6] = dilithium_mont_red((sword64)a[e+6]*s1t[e+6]); + tt[e+7] = dilithium_mont_red((sword64)a[e+7]*s1t[e+7]); + } + #endif + } + else { + #ifdef WOLFSSL_DILITHIUM_SMALL + for (e = 0; e < DILITHIUM_N; e++) { + tt[e] += dilithium_mont_red((sword64)a[e] * s1t[e]); + } + #else + for (e = 0; e < DILITHIUM_N; e += 8) { + tt[e+0] += dilithium_mont_red((sword64)a[e+0]*s1t[e+0]); + tt[e+1] += dilithium_mont_red((sword64)a[e+1]*s1t[e+1]); + tt[e+2] += dilithium_mont_red((sword64)a[e+2]*s1t[e+2]); + tt[e+3] += dilithium_mont_red((sword64)a[e+3]*s1t[e+3]); + tt[e+4] += dilithium_mont_red((sword64)a[e+4]*s1t[e+4]); + tt[e+5] += dilithium_mont_red((sword64)a[e+5]*s1t[e+5]); + tt[e+6] += dilithium_mont_red((sword64)a[e+6]*s1t[e+6]); + tt[e+7] += dilithium_mont_red((sword64)a[e+7]*s1t[e+7]); + } + #endif + } + #else + if (s == 0) { + #ifdef WOLFSSL_DILITHIUM_SMALL + for (e = 0; e < DILITHIUM_N; e++) { + t64[e] = (sword64)a[e] * s1t[e]; + } + #else + for (e = 0; e < DILITHIUM_N; e += 8) { + t64[e+0] = (sword64)a[e+0] * s1t[e+0]; + t64[e+1] = (sword64)a[e+1] * s1t[e+1]; + t64[e+2] = (sword64)a[e+2] * s1t[e+2]; + t64[e+3] = (sword64)a[e+3] * s1t[e+3]; + t64[e+4] = (sword64)a[e+4] * s1t[e+4]; + t64[e+5] = (sword64)a[e+5] * s1t[e+5]; + t64[e+6] = (sword64)a[e+6] * s1t[e+6]; + t64[e+7] = (sword64)a[e+7] * s1t[e+7]; + } + #endif + } + else { + #ifdef WOLFSSL_DILITHIUM_SMALL + for (e = 0; e < DILITHIUM_N; e++) { + t64[e] += (sword64)a[e] * s1t[e]; + } + #else + for (e = 0; e < DILITHIUM_N; e += 8) { + t64[e+0] += (sword64)a[e+0] * s1t[e+0]; + t64[e+1] += (sword64)a[e+1] * s1t[e+1]; + t64[e+2] += (sword64)a[e+2] * s1t[e+2]; + t64[e+3] += (sword64)a[e+3] * s1t[e+3]; + t64[e+4] += (sword64)a[e+4] * s1t[e+4]; + t64[e+5] += (sword64)a[e+5] * s1t[e+5]; + t64[e+6] += (sword64)a[e+6] * s1t[e+6]; + t64[e+7] += (sword64)a[e+7] * s1t[e+7]; + } + #endif + } + #endif + /* Next polynomial. */ + s1t += DILITHIUM_N; + } + #ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64 + for (e = 0; e < DILITHIUM_N; e++) { + tt[e] = dilithium_mont_red(t64[e]); + } + #endif + dilithium_invntt(tt); + dilithium_add(tt, s2t); + /* Make positive for decomposing. */ + dilithium_make_pos(tt); + + tt += DILITHIUM_N; + s2t += DILITHIUM_N; + } + + /* Step 6, Step 7, Step 9. Alg 22 Steps 2-4, Alg 24 Steps 8-10. + * Decompose t in t0 and t1 and encode into public and private key. + */ + dilithium_vec_encode_t0_t1(t, params->k, t0, t1); + /* Step 8. Alg 24, Step 1: Hash public key into private key. */ + ret = dilithium_shake256(&key->shake, key->p, params->pkSz, tr, + DILITHIUM_TR_SZ); + } + if (ret == 0) { + /* Public key and private key are available. */ + key->prvKeySet = 1; + key->pubKeySet = 1; + } + + XFREE(s1, key->heap, DYNAMIC_TYPE_DILITHIUM); return ret; +#endif } /* Make a key from a random seed. * - * FIPS 204. 5: Algorithm 1 ML-DSA.KeyGen() - * 1: xi <- {0,1}256 [Choose random seed] - * ... + * FIPS 204. 5.1: Algorithm 1 ML-DSA.KeyGen() + * 1: xi <- B32 [Choose random seed] + * 2: if xi = NULL then + * 3: return falsam + * 4: end if + * 5: return ML-DSA.KeyGen_internal(xi) * * @param [in, out] key Dilithium key. * @param [in] rng Random number generator. @@ -5355,10 +5905,11 @@ static int dilithium_make_key(dilithium_key* key, WC_RNG* rng) int ret; byte seed[DILITHIUM_SEED_SZ]; - /* Generate a 256-bit random seed. */ + /* Step 1: Generate a 32 byte random seed. */ ret = wc_RNG_GenerateBlock(rng, seed, DILITHIUM_SEED_SZ); + /* Step 2: Check for error. */ if (ret == 0) { - /* Make key with random seed. */ + /* Step 5: Make key with random seed. */ ret = wc_dilithium_make_key_from_seed(key, seed); } @@ -5369,10 +5920,11 @@ static int dilithium_make_key(dilithium_key* key, WC_RNG* rng) #ifndef WOLFSSL_DILITHIUM_NO_SIGN #if !defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM) || \ + defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC) || \ defined(WC_DILITHIUM_CACHE_PRIV_VECTORS) /* Decode, from private key, and NTT private key vectors s1, s2, and t0. * - * FIPS 204. 6: Algorithm 2 MD-DSA.Sign(sk, M) + * FIPS 204. 6: Algorithm 2 ML-DSA.Sign(sk, M) * 1: (rho, K, tr, s1, s2, t0) <- skDecode(sk) * 2: s1_circum <- NTT(s1) * 3: s2_circum <- NTT(s2) @@ -5415,7 +5967,13 @@ static void dilithium_make_priv_vecs(dilithium_key* key, sword32* s1, /* Sign a message with the key and a seed. * - * FIPS 204. 6: Algorithm 2 MD-DSA.Sign(sk, M) + * FIPS 204. 5.2: Algorithm 2 ML-DSA.sign(sk, M, ctx) + * ... + * 10: M' <- ByyesToBits(IntegerToBytes(0, 1) || IntegerToBytes(|ctx|, 1) || + * ctx) || M + * ... + * + * FIPS 204. 6: Algorithm 2 ML-DSA.Sign(sk, M) * 1: (rho, K, tr, s1, s2, t0) <- skDecode(sk) * 2: s1_circum <- NTT(s1) * 3: s2_circum <- NTT(s2) @@ -5454,26 +6012,25 @@ static void dilithium_make_priv_vecs(dilithium_key* key, sword32* s1, * 33: return sigma * * @param [in, out] key Dilithium key. - * @param [in, out] seed Random seed. - * @param [in] msg Message data to sign. - * @param [in] msgLen Length of message data in bytes. + * @param [in] seedMu Random seed || mu. * @param [out] sig Buffer to hold signature. * @param [in, out] sigLen On in, length of buffer in bytes. * On out, the length of the signature in bytes. * @return 0 on success. + * @return BAD_FUNC_ARG when context length is greater than 255. * @return BUFFER_E when the signature buffer is too small. * @return MEMORY_E when memory allocation fails. * @return Other negative when an error occurs. */ -static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed, - const byte* msg, word32 msgLen, byte* sig, word32 *sigLen) +static int dilithium_sign_with_seed_mu(dilithium_key* key, + const byte* seedMu, byte* sig, word32 *sigLen) { #ifndef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM int ret = 0; const wc_dilithium_params* params = key->params; - byte* pub_seed = key->k; - byte* k = pub_seed + DILITHIUM_PUB_SEED_SZ; - byte* tr = k + DILITHIUM_K_SZ; + const byte* pub_seed = key->k; + const byte* k = pub_seed + DILITHIUM_PUB_SEED_SZ; + const byte* mu = seedMu + DILITHIUM_RND_SZ; sword32* a = NULL; sword32* s1 = NULL; sword32* s2 = NULL; @@ -5484,13 +6041,11 @@ static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed, sword32* c = NULL; sword32* z = NULL; sword32* ct0 = NULL; - byte data[DILITHIUM_RND_SZ + DILITHIUM_MU_SZ]; - byte* mu = data + DILITHIUM_RND_SZ; byte priv_rand_seed[DILITHIUM_Y_SEED_SZ]; - byte* h = sig + params->lambda * 2 + params->zEncSz; + byte* h = sig + params->lambda / 4 + params->zEncSz; /* Check the signature buffer isn't too small. */ - if ((ret == 0) && (*sigLen < params->sigSz)) { + if (*sigLen < params->sigSz) { ret = BUFFER_E; } if (ret == 0) { @@ -5500,19 +6055,23 @@ static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed, /* Allocate memory for large intermediates. */ #ifdef WC_DILITHIUM_CACHE_MATRIX_A +#ifndef WC_DILITHIUM_FIXED_ARRAY if ((ret == 0) && (key->a == NULL)) { - a = (sword32*)XMALLOC(params->aSz, NULL, DYNAMIC_TYPE_DILITHIUM); + a = (sword32*)XMALLOC(params->aSz, key->heap, DYNAMIC_TYPE_DILITHIUM); if (a == NULL) { ret = MEMORY_E; } } +#endif if (ret == 0) { a = key->a; } #endif #ifdef WC_DILITHIUM_CACHE_PRIV_VECTORS +#ifndef WC_DILITHIUM_FIXED_ARRAY if ((ret == 0) && (key->s1 == NULL)) { - key->s1 = (sword32*)XMALLOC(params->aSz, NULL, DYNAMIC_TYPE_DILITHIUM); + key->s1 = (sword32*)XMALLOC(params->aSz, key->heap, + DYNAMIC_TYPE_DILITHIUM); if (key->s1 == NULL) { ret = MEMORY_E; } @@ -5521,6 +6080,7 @@ static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed, key->t0 = key->s2 + params->s2Sz / sizeof(*s2); } } +#endif if (ret == 0) { s1 = key->s1; s2 = key->s2; @@ -5541,7 +6101,7 @@ static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed, /* A */ allocSz += params->aSz; #endif - y = (sword32*)XMALLOC(allocSz, NULL, DYNAMIC_TYPE_DILITHIUM); + y = (sword32*)XMALLOC(allocSz, key->heap, DYNAMIC_TYPE_DILITHIUM); if (y == NULL) { ret = MEMORY_E; } @@ -5579,24 +6139,15 @@ static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed, { /* Step 5: Create the matrix A from the public seed. */ ret = dilithium_expand_a(&key->shake, pub_seed, params->k, - params->l, a); + params->l, a, key->heap); #ifdef WC_DILITHIUM_CACHE_MATRIX_A key->aSet = (ret == 0); #endif } } - if (ret == 0) { - /* Step 6: Compute the hash of tr, public key hash, and message. */ - ret = dilithium_hash256(&key->shake, tr, DILITHIUM_TR_SZ, msg, msgLen, - mu, DILITHIUM_MU_SZ); - } - if (ret == 0) { - /* Step 7: Copy random into buffer for hashing. */ - XMEMCPY(data, seed, DILITHIUM_RND_SZ); - } if (ret == 0) { /* Step 9: Compute private random using hash. */ - ret = dilithium_hash256(&key->shake, k, DILITHIUM_K_SZ, data, + ret = dilithium_hash256(&key->shake, k, DILITHIUM_K_SZ, seedMu, DILITHIUM_RND_SZ + DILITHIUM_MU_SZ, priv_rand_seed, DILITHIUM_PRIV_RAND_SEED_SZ); } @@ -5640,11 +6191,11 @@ static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed, /* Step 15: Hash mu and encoded w1. * Step 32: Hash is stored in signature. */ ret = dilithium_hash256(&key->shake, mu, DILITHIUM_MU_SZ, - w1e, params->w1EncSz, commit, 2 * params->lambda); + w1e, params->w1EncSz, commit, params->lambda / 4); if (ret == 0) { /* Step 17: Compute c from first 256 bits of commit. */ - ret = dilithium_sample_in_ball(&key->shake, commit, - params->tau, c, NULL); + ret = dilithium_sample_in_ball(params->level, &key->shake, + commit, params->lambda / 4, params->tau, c, key->heap); } if (ret == 0) { sword32 hi; @@ -5708,23 +6259,24 @@ static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed, while ((ret == 0) && (!valid)); } if (ret == 0) { - byte* ze = sig + params->lambda * 2; + byte* ze = sig + params->lambda / 4; /* Step 32: Encode z into signature. * Commit (c) and h already encoded into signature. */ dilithium_vec_encode_gamma1(z, params->l, params->gamma1_bits, ze); } - XFREE(y, NULL, DYNAMIC_TYPE_DILITHIUM); + XFREE(y, key->heap, DYNAMIC_TYPE_DILITHIUM); return ret; #else int ret = 0; const wc_dilithium_params* params = key->params; - byte* pub_seed = key->k; - byte* k = pub_seed + DILITHIUM_PUB_SEED_SZ; - byte* tr = k + DILITHIUM_K_SZ; + const byte* pub_seed = key->k; + const byte* k = pub_seed + DILITHIUM_PUB_SEED_SZ; + const byte* tr = k + DILITHIUM_K_SZ; const byte* s1p = tr + DILITHIUM_TR_SZ; const byte* s2p = s1p + params->s1EncSz; const byte* t0p = s2p + params->s2EncSz; + const byte* mu = seedMu + DILITHIUM_RND_SZ; sword32* a = NULL; sword32* s1 = NULL; sword32* s2 = NULL; @@ -5736,10 +6288,16 @@ static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed, sword32* c = NULL; sword32* z = NULL; sword32* ct0 = NULL; - byte data[DILITHIUM_RND_SZ + DILITHIUM_MU_SZ]; - byte* mu = data + DILITHIUM_RND_SZ; +#ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64 + sword64* t64 = NULL; +#endif + byte* blocks = NULL; byte priv_rand_seed[DILITHIUM_Y_SEED_SZ]; - byte* h = sig + params->lambda * 2 + params->zEncSz; + byte* h = sig + params->lambda / 4 + params->zEncSz; +#ifdef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A + byte maxK = (byte)min(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A, + params->k); +#endif /* Check the signature buffer isn't too small. */ if ((ret == 0) && (*sigLen < params->sigSz)) { @@ -5754,58 +6312,101 @@ static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed, if (ret == 0) { unsigned int allocSz; - /* y-l, w0-k, w1-k, c-1, s1-1, A-1 */ - allocSz = params->s1Sz + params->s2Sz + params->s2Sz + + /* y-l, w0-k, w1-k, blocks, c-1, z-1, A-1 */ + allocSz = params->s1Sz + params->s2Sz + params->s2Sz + + DILITHIUM_REJ_NTT_POLY_H_SIZE + DILITHIUM_POLY_SIZE + DILITHIUM_POLY_SIZE + DILITHIUM_POLY_SIZE; - y = (sword32*)XMALLOC(allocSz, NULL, DYNAMIC_TYPE_DILITHIUM); + #ifdef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC + allocSz += params->s1Sz + params->s2Sz + params->s2Sz; + #elif defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A) + allocSz += maxK * params->l * DILITHIUM_POLY_SIZE; + #endif + #ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64 + allocSz += DILITHIUM_POLY_SIZE * 2; + #endif + y = (sword32*)XMALLOC(allocSz, key->heap, DYNAMIC_TYPE_DILITHIUM); if (y == NULL) { ret = MEMORY_E; } else { - w0 = y + params->s1Sz / sizeof(*y_ntt); - w1 = w0 + params->s2Sz / sizeof(*w0); - c = w1 + params->s2Sz / sizeof(*w1); - s1 = c + DILITHIUM_N; - a = s1 + DILITHIUM_N; - s2 = s1; - t0 = s1; - ct0 = s1; - z = s1; - y_ntt = s1; + w0 = y + params->s1Sz / sizeof(*y_ntt); + w1 = w0 + params->s2Sz / sizeof(*w0); + blocks = (byte*)(w1 + params->s2Sz / sizeof(*w1)); + c = (sword32*)(blocks + DILITHIUM_REJ_NTT_POLY_H_SIZE); + z = c + DILITHIUM_N; + a = z + DILITHIUM_N; + ct0 = z; + #if defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A) + y_ntt = w0; + s1 = z; + s2 = z; + t0 = z; + #ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64 + t64 = (sword64*)(a + (1 + maxK * params->l) * DILITHIUM_N); + #endif + #elif defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC) + y_ntt = z; + s1 = a + DILITHIUM_N; + s2 = s1 + params->s1Sz / sizeof(*s1); + t0 = s2 + params->s2Sz / sizeof(*s2); + #ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64 + t64 = (sword64*)(t0 + params->s2Sz / sizeof(*t0)); + #endif + #else + y_ntt = z; + s1 = z; + s2 = z; + t0 = z; + #ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64 + t64 = (sword64*)(a + DILITHIUM_N); + #endif + #endif } } - if (ret == 0) { - /* Step 7: Copy random into buffer for hashing. */ - XMEMCPY(data, seed, DILITHIUM_RND_SZ); - - /* Step 6: Compute the hash of tr, public key hash, and message. */ - ret = dilithium_hash256(&key->shake, tr, DILITHIUM_TR_SZ, msg, msgLen, - mu, DILITHIUM_MU_SZ); - } if (ret == 0) { /* Step 9: Compute private random using hash. */ - ret = dilithium_hash256(&key->shake, k, DILITHIUM_K_SZ, data, + ret = dilithium_hash256(&key->shake, k, DILITHIUM_K_SZ, seedMu, DILITHIUM_RND_SZ + DILITHIUM_MU_SZ, priv_rand_seed, DILITHIUM_PRIV_RAND_SEED_SZ); } +#ifdef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC + if (ret == 0) { + dilithium_make_priv_vecs(key, s1, s2, t0); + } +#endif +#ifdef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A + if (ret == 0) { + /* Step 5: Create the matrix A from the public seed. */ + ret = dilithium_expand_a(&key->shake, pub_seed, maxK, params->l, a, + key->heap); + } +#endif if (ret == 0) { word16 kappa = 0; int valid; /* Step 11: Start rejection sampling loop */ do { + byte aseed[DILITHIUM_GEN_A_SEED_SZ]; byte w1e[DILITHIUM_MAX_W1_ENC_SZ]; sword32* w = w1; byte* commit = sig; byte r; byte s; - byte aseed[DILITHIUM_GEN_A_SEED_SZ]; sword32 hi; - sword32* at = a; sword32* wt = w; sword32* w0t = w0; sword32* w1t = w1; + sword32* at = a; + + #ifdef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A + w0t += WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A * DILITHIUM_N; + w1t += WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A * DILITHIUM_N; + wt += WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A * DILITHIUM_N; + at += WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A * params->l * + DILITHIUM_N; + #endif valid = 1; /* Step 12: Compute vector y from private random seed and kappa. */ @@ -5816,13 +6417,33 @@ static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed, (1 << params->gamma1_bits) - params->beta); #endif + #ifdef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A + /* Step 13: NTT-1(A o NTT(y)) */ + XMEMCPY(y_ntt, y, params->s1Sz); + dilithium_vec_ntt(y_ntt, params->l); + dilithium_matrix_mul(w, a, y_ntt, maxK, params->l); + dilithium_vec_invntt(w, maxK); + /* Step 14, Step 22: Make values positive and decompose. */ + dilithium_vec_make_pos(w, maxK); + dilithium_vec_decompose(w, maxK, params->gamma2, w0, w1); + #endif /* Step 5: Create the matrix A from the public seed. */ /* Copy the seed into a buffer that has space for s and r. */ XMEMCPY(aseed, pub_seed, DILITHIUM_PUB_SEED_SZ); + #ifdef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A + r = WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A; + #else + r = 0; + #endif /* Alg 26. Step 1: Loop over first dimension of matrix. */ - for (r = 0; (ret == 0) && valid && (r < params->k); r++) { + for (; (ret == 0) && valid && (r < params->k); r++) { unsigned int e; sword32* yt = y; + #ifdef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC_A + sword32* y_ntt_t = z; + #else + sword32* y_ntt_t = y_ntt; + #endif /* Put r/i into buffer to be hashed. */ aseed[DILITHIUM_PUB_SEED_SZ + 1] = r; @@ -5831,29 +6452,115 @@ static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed, /* Put s into buffer to be hashed. */ aseed[DILITHIUM_PUB_SEED_SZ + 0] = s; /* Alg 26. Step 3: Create polynomial from hashing seed. */ - ret = dilithium_rej_ntt_poly(&key->shake, aseed, at, - NULL); + ret = dilithium_rej_ntt_poly_ex(&key->shake, aseed, at, + blocks); if (ret != 0) { break; } - XMEMCPY(y_ntt, yt, DILITHIUM_POLY_SIZE); - dilithium_ntt(y_ntt); + XMEMCPY(y_ntt_t, yt, DILITHIUM_POLY_SIZE); + dilithium_ntt(y_ntt_t); /* Matrix multiply. */ + #ifndef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64 if (s == 0) { + #ifdef WOLFSSL_DILITHIUM_SMALL for (e = 0; e < DILITHIUM_N; e++) { wt[e] = dilithium_mont_red((sword64)at[e] * - y_ntt[e]); + y_ntt_t[e]); + } + #else + for (e = 0; e < DILITHIUM_N; e += 8) { + wt[e + 0] = dilithium_mont_red((sword64)at[e + 0] * + y_ntt_t[e + 0]); + wt[e + 1] = dilithium_mont_red((sword64)at[e + 1] * + y_ntt_t[e + 1]); + wt[e + 2] = dilithium_mont_red((sword64)at[e + 2] * + y_ntt_t[e + 2]); + wt[e + 3] = dilithium_mont_red((sword64)at[e + 3] * + y_ntt_t[e + 3]); + wt[e + 4] = dilithium_mont_red((sword64)at[e + 4] * + y_ntt_t[e + 4]); + wt[e + 5] = dilithium_mont_red((sword64)at[e + 5] * + y_ntt_t[e + 5]); + wt[e + 6] = dilithium_mont_red((sword64)at[e + 6] * + y_ntt_t[e + 6]); + wt[e + 7] = dilithium_mont_red((sword64)at[e + 7] * + y_ntt_t[e + 7]); } + #endif } else { + #ifdef WOLFSSL_DILITHIUM_SMALL for (e = 0; e < DILITHIUM_N; e++) { wt[e] += dilithium_mont_red((sword64)at[e] * - y_ntt[e]); + y_ntt_t[e]); + } + #else + for (e = 0; e < DILITHIUM_N; e += 8) { + wt[e + 0] += dilithium_mont_red((sword64)at[e + 0] * + y_ntt_t[e + 0]); + wt[e + 1] += dilithium_mont_red((sword64)at[e + 1] * + y_ntt_t[e + 1]); + wt[e + 2] += dilithium_mont_red((sword64)at[e + 2] * + y_ntt_t[e + 2]); + wt[e + 3] += dilithium_mont_red((sword64)at[e + 3] * + y_ntt_t[e + 3]); + wt[e + 4] += dilithium_mont_red((sword64)at[e + 4] * + y_ntt_t[e + 4]); + wt[e + 5] += dilithium_mont_red((sword64)at[e + 5] * + y_ntt_t[e + 5]); + wt[e + 6] += dilithium_mont_red((sword64)at[e + 6] * + y_ntt_t[e + 6]); + wt[e + 7] += dilithium_mont_red((sword64)at[e + 7] * + y_ntt_t[e + 7]); + } + #endif + } + #else + if (s == 0) { + #ifdef WOLFSSL_DILITHIUM_SMALL + for (e = 0; e < DILITHIUM_N; e++) { + t64[e] = (sword64)at[e] * y_ntt_t[e]; + } + #else + for (e = 0; e < DILITHIUM_N; e += 8) { + t64[e+0] = (sword64)at[e+0] * y_ntt_t[e+0]; + t64[e+1] = (sword64)at[e+1] * y_ntt_t[e+1]; + t64[e+2] = (sword64)at[e+2] * y_ntt_t[e+2]; + t64[e+3] = (sword64)at[e+3] * y_ntt_t[e+3]; + t64[e+4] = (sword64)at[e+4] * y_ntt_t[e+4]; + t64[e+5] = (sword64)at[e+5] * y_ntt_t[e+5]; + t64[e+6] = (sword64)at[e+6] * y_ntt_t[e+6]; + t64[e+7] = (sword64)at[e+7] * y_ntt_t[e+7]; + } + #endif + } + else { + #ifdef WOLFSSL_DILITHIUM_SMALL + for (e = 0; e < DILITHIUM_N; e++) { + t64[e] += (sword64)at[e] * y_ntt_t[e]; + } + #else + for (e = 0; e < DILITHIUM_N; e += 8) { + t64[e+0] += (sword64)at[e+0] * y_ntt_t[e+0]; + t64[e+1] += (sword64)at[e+1] * y_ntt_t[e+1]; + t64[e+2] += (sword64)at[e+2] * y_ntt_t[e+2]; + t64[e+3] += (sword64)at[e+3] * y_ntt_t[e+3]; + t64[e+4] += (sword64)at[e+4] * y_ntt_t[e+4]; + t64[e+5] += (sword64)at[e+5] * y_ntt_t[e+5]; + t64[e+6] += (sword64)at[e+6] * y_ntt_t[e+6]; + t64[e+7] += (sword64)at[e+7] * y_ntt_t[e+7]; } + #endif } + #endif /* Next polynomial. */ yt += DILITHIUM_N; } + #ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64 + for (e = 0; e < DILITHIUM_N; e++) { + wt[e] = dilithium_mont_red(t64[e]); + } + #endif dilithium_invntt(wt); /* Step 14, Step 22: Make values positive and decompose. */ dilithium_make_pos(wt); @@ -5885,19 +6592,22 @@ static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed, } if ((ret == 0) && valid) { sword32* yt = y; + #ifndef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC const byte* s1pt = s1p; - byte* ze = sig + params->lambda * 2; + #endif + byte* ze = sig + params->lambda / 4; /* Step 15: Encode w1. */ dilithium_vec_encode_w1(w1, params->k, params->gamma2, w1e); /* Step 15: Hash mu and encoded w1. * Step 32: Hash is stored in signature. */ ret = dilithium_hash256(&key->shake, mu, DILITHIUM_MU_SZ, - w1e, params->w1EncSz, commit, 2 * params->lambda); + w1e, params->w1EncSz, commit, params->lambda / 4); if (ret == 0) { /* Step 17: Compute c from first 256 bits of commit. */ - ret = dilithium_sample_in_ball(&key->shake, commit, - params->tau, c, NULL); + ret = dilithium_sample_in_ball_ex(params->level, + &key->shake, commit, params->lambda / 4, params->tau, c, + blocks); } if (ret == 0) { /* Step 18: NTT(c). */ @@ -5905,6 +6615,7 @@ static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed, } for (s = 0; (ret == 0) && valid && (s < params->l); s++) { + #ifndef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC #if !defined(WOLFSSL_NO_ML_DSA_44) || \ !defined(WOLFSSL_NO_ML_DSA_87) /* -2..2 */ @@ -5922,6 +6633,9 @@ static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed, #endif dilithium_ntt_small(s1); dilithium_mul(z, c, s1); + #else + dilithium_mul(z, c, s1 + s * DILITHIUM_N); + #endif /* Step 19: cs1 = NTT-1(c o s1) */ dilithium_invntt(z); /* Step 21: z = y + cs1 */ @@ -5958,13 +6672,16 @@ static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed, } if ((ret == 0) && valid) { const byte* t0pt = t0p; + #ifndef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC const byte* s2pt = s2p; + #endif sword32* cs2 = ct0; w0t = w0; w1t = w1; byte idx = 0; for (r = 0; valid && (r < params->k); r++) { + #ifndef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC #if !defined(WOLFSSL_NO_ML_DSA_44) || \ !defined(WOLFSSL_NO_ML_DSA_87) /* -2..2 */ @@ -5979,10 +6696,14 @@ static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed, dilithium_decode_eta_4_bits(s2pt, s2); s2pt += DILITHIUM_N / 2; } - #endif + #endif dilithium_ntt_small(s2); /* Step 20: cs2 = NTT-1(c o s2) */ dilithium_mul(cs2, c, s2); + #else + /* Step 20: cs2 = NTT-1(c o s2) */ + dilithium_mul(cs2, c, s2 + r * DILITHIUM_N); + #endif dilithium_invntt(cs2); /* Step 22: w0 - cs2 */ dilithium_sub(w0t, cs2); @@ -5991,11 +6712,16 @@ static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed, hi = params->gamma2 - params->beta; valid = dilithium_check_low(w0t, hi); if (valid) { + #ifndef WOLFSSL_DILITHIUM_SIGN_SMALL_MEM_PRECALC dilithium_decode_t0(t0pt, t0); dilithium_ntt(t0); /* Step 25: ct0 = NTT-1(c o t0) */ dilithium_mul(ct0, c, t0); + #else + /* Step 25: ct0 = NTT-1(c o t0) */ + dilithium_mul(ct0, c, t0 + r * DILITHIUM_N); + #endif dilithium_invntt(ct0); /* Step 27: Check ct0 has low enough values. */ valid = dilithium_check_low(ct0, params->gamma2); @@ -6053,49 +6779,351 @@ static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed, while ((ret == 0) && (!valid)); } - XFREE(y, NULL, DYNAMIC_TYPE_DILITHIUM); + XFREE(y, key->heap, DYNAMIC_TYPE_DILITHIUM); return ret; #endif } -/* Sign a message with the key and a random number generator. +/* Sign a message with the key and a seed. + * + * FIPS 204. 5.2: Algorithm 2 ML-DSA.Sign(sk, M, ctx) + * ... + * 10: M' <- BytesToBits(IntegerToBytes(0, 1) || IntegerToBytes(|ctx|, 1) || + * ctx || M) + * 11: sigma <- ML-DSA.Sign_internal(sk, M', rnd) + * 12: return sigma * - * FIPS 204. 6: Algorithm 2 MD-DSA.Sign(sk, M) + * FIPS 204. 6.2: Algorithm 7 ML-DSA.SignInternal(sk, M', rnd) * ... - * 7: rnd <- {0,1}256 [Randomly generated.] + * 6: mu <- H(BytesToBits(tr)||M', 64) * ... * * @param [in, out] key Dilithium key. - * @param [in, out] rng Random number generator. + * @param [in] seed Random seed. + * @param [in] ctx Context of signature. + * @param [in] ctxLen Length of context in bytes. * @param [in] msg Message data to sign. * @param [in] msgLen Length of message data in bytes. * @param [out] sig Buffer to hold signature. * @param [in, out] sigLen On in, length of buffer in bytes. * On out, the length of the signature in bytes. * @return 0 on success. + * @return BAD_FUNC_ARG when context length is greater than 255. * @return BUFFER_E when the signature buffer is too small. * @return MEMORY_E when memory allocation fails. * @return Other negative when an error occurs. */ -static int dilithium_sign_msg(dilithium_key* key, WC_RNG* rng, const byte* msg, +static int dilithium_sign_ctx_msg_with_seed(dilithium_key* key, + const byte* seed, const byte* ctx, byte ctxLen, const byte* msg, word32 msgLen, byte* sig, word32 *sigLen) { - int ret = 0; - byte rnd[DILITHIUM_RND_SZ]; + int ret; + const byte* pub_seed = key->k; + const byte* k = pub_seed + DILITHIUM_PUB_SEED_SZ; + const byte* tr = k + DILITHIUM_K_SZ; + byte seedMu[DILITHIUM_RND_SZ + DILITHIUM_MU_SZ]; + byte* mu = seedMu + DILITHIUM_RND_SZ; - /* Must have a random number generator. */ - if (rng == NULL) { - ret = BAD_FUNC_ARG; + XMEMCPY(seedMu, seed, DILITHIUM_RND_SZ); + /* Step 6. Calculate mu. */ + ret = dilithium_hash256_ctx_msg(&key->shake, tr, DILITHIUM_TR_SZ, 0, + ctx, ctxLen, msg, msgLen, mu, DILITHIUM_MU_SZ); + if (ret == 0) { + ret = dilithium_sign_with_seed_mu(key, seedMu, sig, sigLen); } - if (ret == 0) { + return ret; +} + +/* Sign a message with the key and a seed. + * + * FIPS 204. 5.2: Algorithm 2 ML-DSA.Sign(sk, M, ctx) + * ... + * 10: M' <- BytesToBits(IntegerToBytes(0, 1) || IntegerToBytes(|ctx|, 1) || + * ctx || M) + * 11: sigma <- ML-DSA.Sign_internal(sk, M', rnd) + * 12: return sigma + * + * FIPS 204. 6.2: Algorithm 7 ML-DSA.SignInternal(sk, M', rnd) + * ... + * 6: mu <- H(BytesToBits(tr)||M', 64) + * ... + * + * @param [in, out] key Dilithium key. + * @param [in] seed Random seed. + * @param [in] msg Message data to sign. + * @param [in] msgLen Length of message data in bytes. + * @param [out] sig Buffer to hold signature. + * @param [in, out] sigLen On in, length of buffer in bytes. + * On out, the length of the signature in bytes. + * @return 0 on success. + * @return BAD_FUNC_ARG when context length is greater than 255. + * @return BUFFER_E when the signature buffer is too small. + * @return MEMORY_E when memory allocation fails. + * @return Other negative when an error occurs. + */ +static int dilithium_sign_msg_with_seed(dilithium_key* key, const byte* seed, + const byte* msg, word32 msgLen, byte* sig, word32 *sigLen) +{ + int ret; + const byte* pub_seed = key->k; + const byte* k = pub_seed + DILITHIUM_PUB_SEED_SZ; + const byte* tr = k + DILITHIUM_K_SZ; + byte seedMu[DILITHIUM_RND_SZ + DILITHIUM_MU_SZ]; + byte* mu = seedMu + DILITHIUM_RND_SZ; + + XMEMCPY(seedMu, seed, DILITHIUM_RND_SZ); + /* Step 6. Calculate mu. */ + ret = dilithium_hash256(&key->shake, tr, DILITHIUM_TR_SZ, msg, msgLen, mu, + DILITHIUM_MU_SZ); + if (ret == 0) { + ret = dilithium_sign_with_seed_mu(key, seedMu, sig, sigLen); + } + + return ret; +} + +/* Sign a message with the key and a random number generator. + * + * FIPS 204. 5.2: Algorithm 2 ML-DSA.Sign(sk, M, ctx) + * ... + * 5: rnd <- B32 [Randomly generated.] + * 6: if rnd = NULL then + * 7: return falsam + * 8: end if + * 9: + * 10: M' <- BytesToBits(IntegerToBytes(0, 1) || IntegerToBytes(|ctx|, 1) || + * ctx || M) + * ... + * + * FIPS 204. 6.2: Algorithm 7 ML-DSA.SignInternal(sk, M', rnd) + * ... + * 6: mu <- H(BytesToBits(tr)||M', 64) + * ... + * + * @param [in, out] key Dilithium key. + * @param [in, out] rng Random number generator. + * @param [in] ctx Context of signature. + * @param [in] ctxLen Length of context. + * @param [in] msg Message data to sign. + * @param [in] msgLen Length of message data in bytes. + * @param [out] sig Buffer to hold signature. + * @param [in, out] sigLen On in, length of buffer in bytes. + * On out, the length of the signature in bytes. + * @return 0 on success. + * @return BUFFER_E when the signature buffer is too small. + * @return MEMORY_E when memory allocation fails. + * @return Other negative when an error occurs. + */ +static int dilithium_sign_ctx_msg(dilithium_key* key, WC_RNG* rng, + const byte* ctx, byte ctxLen, const byte* msg, word32 msgLen, byte* sig, + word32 *sigLen) +{ + int ret = 0; + const byte* pub_seed = key->k; + const byte* k = pub_seed + DILITHIUM_PUB_SEED_SZ; + const byte* tr = k + DILITHIUM_K_SZ; + byte seedMu[DILITHIUM_RND_SZ + DILITHIUM_MU_SZ]; + byte* mu = seedMu + DILITHIUM_RND_SZ; + + /* Must have a random number generator. */ + if (rng == NULL) { + ret = BAD_FUNC_ARG; + } + + if (ret == 0) { /* Step 7: Generate random seed. */ - ret = wc_RNG_GenerateBlock(rng, rnd, DILITHIUM_RND_SZ); + ret = wc_RNG_GenerateBlock(rng, seedMu, DILITHIUM_RND_SZ); } if (ret == 0) { - /* Sign with random seed. */ - ret = dilithium_sign_msg_with_seed(key, rnd, msg, msgLen, sig, - sigLen); + /* Step 6. Calculate mu. */ + ret = dilithium_hash256_ctx_msg(&key->shake, tr, DILITHIUM_TR_SZ, 0, + ctx, ctxLen, msg, msgLen, mu, DILITHIUM_MU_SZ); + } + if (ret == 0) { + ret = dilithium_sign_with_seed_mu(key, seedMu, sig, sigLen); + } + + return ret; +} + +/* Sign a message with the key and a random number generator. + * + * FIPS 204. 5.2: Algorithm 2 ML-DSA.Sign(sk, M, ctx) + * ... + * 5: rnd <- B32 [Randomly generated.] + * 6: if rnd = NULL then + * 7: return falsam + * 8: end if + * 9: + * 10: M' <- BytesToBits(IntegerToBytes(0, 1) || IntegerToBytes(|ctx|, 1) || + * ctx || M) + * ... + * + * FIPS 204. 6.2: Algorithm 7 ML-DSA.SignInternal(sk, M', rnd) + * ... + * 6: mu <- H(BytesToBits(tr)||M', 64) + * ... + * + * @param [in, out] key Dilithium key. + * @param [in, out] rng Random number generator. + * @param [in] msg Message data to sign. + * @param [in] msgLen Length of message data in bytes. + * @param [out] sig Buffer to hold signature. + * @param [in, out] sigLen On in, length of buffer in bytes. + * On out, the length of the signature in bytes. + * @return 0 on success. + * @return BUFFER_E when the signature buffer is too small. + * @return MEMORY_E when memory allocation fails. + * @return Other negative when an error occurs. + */ +static int dilithium_sign_msg(dilithium_key* key, WC_RNG* rng, + const byte* msg, word32 msgLen, byte* sig, word32 *sigLen) +{ + int ret = 0; + const byte* pub_seed = key->k; + const byte* k = pub_seed + DILITHIUM_PUB_SEED_SZ; + const byte* tr = k + DILITHIUM_K_SZ; + byte seedMu[DILITHIUM_RND_SZ + DILITHIUM_MU_SZ]; + byte* mu = seedMu + DILITHIUM_RND_SZ; + + /* Must have a random number generator. */ + if (rng == NULL) { + ret = BAD_FUNC_ARG; + } + + if (ret == 0) { + /* Step 7: Generate random seed. */ + ret = wc_RNG_GenerateBlock(rng, seedMu, DILITHIUM_RND_SZ); + } + if (ret == 0) { + /* Step 6. Calculate mu. */ + ret = dilithium_hash256(&key->shake, tr, DILITHIUM_TR_SZ, msg, msgLen, + mu, DILITHIUM_MU_SZ); + } + if (ret == 0) { + ret = dilithium_sign_with_seed_mu(key, seedMu, sig, sigLen); + } + + return ret; +} + +/* Sign a pre-hashed message with the key and a seed. + * + * FIPS 204. 5.4.1: Algorithm 4 HashML-DSA.Sign(sk, M, ctx, PH) + * ... + * 10: switch PH do + * 11: case SHA-256: + * 12: OID <- IntegerToBytes(0x0609608648016503040201, 11) + * 13: PHm <- SHA256(M) (not done here as hash is passed in) + * ... + * 22: end switch + * 23: M' <- BytesToBits(IntegerToBytes(1, 1) || IntegerToBytes(|ctx|, 1) || + * ctx || OID || PHm) + * 24: sigma <- ML-DSA.Sign_internal(sk, M', rnd) + * 25: return sigma + * + * FIPS 204. 6.2: Algorithm 7 ML-DSA.SignInternal(sk, M', rnd) + * ... + * 6: mu <- H(BytesToBits(tr)||M', 64) + * ... + * + * @param [in, out] key Dilithium key. + * @param [in] seed Random seed. + * @param [in] ctx Context of signature. + * @param [in] ctxLen Length of context. + * @param [in] hashAlg Hash algorithm used on message. + * @param [in] hash Message hash to sign. + * @param [in] hashLen Length of message hash in bytes. + * @param [out] sig Buffer to hold signature. + * @param [in, out] sigLen On in, length of buffer in bytes. + * On out, the length of the signature in bytes. + * @return 0 on success. + * @return BUFFER_E when the signature buffer is too small. + * @return MEMORY_E when memory allocation fails. + * @return Other negative when an error occurs. + */ +static int dilithium_sign_ctx_hash_with_seed(dilithium_key* key, + const byte* seed, const byte* ctx, byte ctxLen, int hashAlg, + const byte* hash, word32 hashLen, byte* sig, word32 *sigLen) +{ + int ret = 0; + const byte* pub_seed = key->k; + const byte* k = pub_seed + DILITHIUM_PUB_SEED_SZ; + const byte* tr = k + DILITHIUM_K_SZ; + byte seedMu[DILITHIUM_RND_SZ + DILITHIUM_MU_SZ]; + byte* mu = seedMu + DILITHIUM_RND_SZ; + byte oidMsgHash[DILITHIUM_HASH_OID_LEN + WC_MAX_DIGEST_SIZE]; + word32 oidMsgHashLen; + + if ((ret == 0) && (hashLen > WC_MAX_DIGEST_SIZE)) { + ret = BUFFER_E; + } + + if (ret == 0) { + XMEMCPY(seedMu, seed, DILITHIUM_RND_SZ); + + ret = dilithium_get_hash_oid(hashAlg, oidMsgHash, &oidMsgHashLen); + } + if (ret == 0) { + XMEMCPY(oidMsgHash + oidMsgHashLen, hash, hashLen); + oidMsgHashLen += hashLen; + + /* Step 6. Calculate mu. */ + ret = dilithium_hash256_ctx_msg(&key->shake, tr, DILITHIUM_TR_SZ, 1, + ctx, ctxLen, oidMsgHash, oidMsgHashLen, mu, DILITHIUM_MU_SZ); + } + if (ret == 0) { + ret = dilithium_sign_with_seed_mu(key, seedMu, sig, sigLen); + } + + return ret; +} + +/* Sign a pre-hashed message with the key and a random number generator. + * + * FIPS 204. 5.4.1: Algorithm 4 HashML-DSA.Sign(sk, M, ctx, PH) + * ... + * 5: rnd <- B32 [Randomly generated.] + * 6: if rnd = NULL then + * 7: return falsam + * 8: end if + * ... + * + * @param [in, out] key Dilithium key. + * @param [in, out] rng Random number generator. + * @param [in] ctx Context of signature. + * @param [in] ctxLen Length of context. + * @param [in] hashAlg Hash algorithm used on message. + * @param [in] hash Message hash to sign. + * @param [in] hashLen Length of message hash in bytes. + * @param [out] sig Buffer to hold signature. + * @param [in, out] sigLen On in, length of buffer in bytes. + * On out, the length of the signature in bytes. + * @return 0 on success. + * @return BUFFER_E when the signature buffer is too small. + * @return MEMORY_E when memory allocation fails. + * @return Other negative when an error occurs. + */ +static int dilithium_sign_ctx_hash(dilithium_key* key, WC_RNG* rng, + const byte* ctx, byte ctxLen, int hashAlg, const byte* hash, word32 hashLen, + byte* sig, word32 *sigLen) +{ + int ret = 0; + byte seed[DILITHIUM_RND_SZ]; + + /* Must have a random number generator. */ + if (rng == NULL) { + ret = BAD_FUNC_ARG; + } + if (ret == 0) { + /* Step 7: Generate random seed. */ + ret = wc_RNG_GenerateBlock(rng, seed, DILITHIUM_RND_SZ); + } + + if (ret == 0) { + ret = dilithium_sign_ctx_hash_with_seed(key, seed, ctx, ctxLen, hashAlg, + hash, hashLen, sig, sigLen); } return ret; @@ -6105,7 +7133,13 @@ static int dilithium_sign_msg(dilithium_key* key, WC_RNG* rng, const byte* msg, #ifndef WOLFSSL_DILITHIUM_NO_VERIFY -#ifndef WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM +#if !defined(WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM) || \ + defined(WC_DILITHIUM_CACHE_PUB_VECTORS) +/* Make public vector from public key data. + * + * @param [in, out] key Key with public key data. + * @param [out] t1 Vector in NTT form. + */ static void dilithium_make_pub_vec(dilithium_key* key, sword32* t1) { const wc_dilithium_params* params = key->params; @@ -6132,15 +7166,14 @@ static void dilithium_make_pub_vec(dilithium_key* key, sword32* t1) * 7: mu <- H(tr||M, 512) * 8: (c1_tilde, c2_tilde) E {0,1}256 x {0,1)2*lambda-256 <- c_tilde * 9: c <- SampleInBall(c1_tilde) - * 10: w'approx <- NTT-1(A_circum o NTT(z) - NTT(c) o NTT(t1.s^d)) + * 10: w'approx <- NTT-1(A_circum o NTT(z) - NTT(c) o NTT(t1.2^d)) * 11: w1' <- UseHint(h, w'approx) * 12: c'_tilde < H(mu||w1Encode(w1'), 2*lambda) * 13: return [[ ||z||inf < GAMMA1 - BETA]] and [[c_tilde = c'_tilde]] and * [[number of 1's in h is <= OMEGA * * @param [in, out] key Dilithium key. - * @param [in] msg Message to verify. - * @param [in] msgLen Length of message in bytes. + * @param [in] mu Data to verify. * @param [in] sig Signature to verify message. * @param [in] sigLen Length of message in bytes. * @param [out] res Result of verification. @@ -6151,15 +7184,15 @@ static void dilithium_make_pub_vec(dilithium_key* key, sword32* t1) * @return MEMORY_E when memory allocation fails. * @return Other negative when an error occurs. */ -static int dilithium_verify_msg(dilithium_key* key, const byte* msg, - word32 msgLen, const byte* sig, word32 sigLen, int* res) +static int dilithium_verify_mu(dilithium_key* key, const byte* mu, + const byte* sig, word32 sigLen, int* res) { #ifndef WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM int ret = 0; const wc_dilithium_params* params = key->params; const byte* pub_seed = key->p; const byte* commit = sig; - const byte* ze = sig + params->lambda * 2; + const byte* ze = sig + params->lambda / 4; const byte* h = ze + params->zEncSz; sword32* a = NULL; sword32* t1 = NULL; @@ -6167,10 +7200,8 @@ static int dilithium_verify_msg(dilithium_key* key, const byte* msg, sword32* z = NULL; sword32* w = NULL; sword32* t1c = NULL; - byte tr[DILITHIUM_TR_SZ]; - byte* mu = tr; + byte commit_calc[DILITHIUM_TR_SZ]; byte* w1e = NULL; - byte* commit_calc = tr; int valid = 0; sword32 hi; @@ -6185,23 +7216,29 @@ static int dilithium_verify_msg(dilithium_key* key, const byte* msg, /* Allocate memory for large intermediates. */ #ifdef WC_DILITHIUM_CACHE_MATRIX_A +#ifndef WC_DILITHIUM_FIXED_ARRAY if ((ret == 0) && (key->a == NULL)) { - key->a = (sword32*)XMALLOC(params->aSz, NULL, DYNAMIC_TYPE_DILITHIUM); + key->a = (sword32*)XMALLOC(params->aSz, key->heap, + DYNAMIC_TYPE_DILITHIUM); if (key->a == NULL) { ret = MEMORY_E; } } +#endif if (ret == 0) { a = key->a; } #endif #ifdef WC_DILITHIUM_CACHE_PUB_VECTORS +#ifndef WC_DILITHIUM_FIXED_ARRAY if ((ret == 0) && (key->t1 == NULL)) { - key->t1 = (sword32*)XMALLOC(params->s2Sz, NULL, DYNAMIC_TYPE_DILITHIUM); + key->t1 = (sword32*)XMALLOC(params->s2Sz, key->heap, + DYNAMIC_TYPE_DILITHIUM); if (key->t1 == NULL) { ret = MEMORY_E; } } +#endif if (ret == 0) { t1 = key->t1; } @@ -6217,7 +7254,7 @@ static int dilithium_verify_msg(dilithium_key* key, const byte* msg, allocSz += params->aSz; #endif - z = (sword32*)XMALLOC(allocSz, NULL, DYNAMIC_TYPE_DILITHIUM); + z = (sword32*)XMALLOC(allocSz, key->heap, DYNAMIC_TYPE_DILITHIUM); if (z == NULL) { ret = MEMORY_E; } @@ -6261,7 +7298,7 @@ static int dilithium_verify_msg(dilithium_key* key, const byte* msg, { /* Step 5: Expand pub seed to compute matrix A. */ ret = dilithium_expand_a(&key->shake, pub_seed, params->k, - params->l, a); + params->l, a, key->heap); #ifdef WC_DILITHIUM_CACHE_MATRIX_A /* Whether we have cached A is dependent on success of operation. */ key->aSet = (ret == 0); @@ -6269,19 +7306,9 @@ static int dilithium_verify_msg(dilithium_key* key, const byte* msg, } } if ((ret == 0) && valid) { - /* Step 6: Hash public key. */ - ret = dilithium_shake256(&key->shake, key->p, params->pkSz, tr, - DILITHIUM_TR_SZ); - } - if ((ret == 0) && valid) { - /* Step 7: Hash hash of public key and message. */ - ret = dilithium_hash256(&key->shake, tr, DILITHIUM_TR_SZ, msg, msgLen, - mu, DILITHIUM_MU_SZ); - } - if ((ret == 0) && valid) { - /* Step 9: Compute c from first 256 bits of commit. */ - ret = dilithium_sample_in_ball(&key->shake, commit, params->tau, c, - NULL); + /* Step 9: Compute c from commit. */ + ret = dilithium_sample_in_ball(params->level, &key->shake, commit, + params->lambda / 4, params->tau, c, key->heap); } if ((ret == 0) && valid) { /* Step 10: w = NTT-1(A o NTT(z) - NTT(c) o NTT(t1)) */ @@ -6297,15 +7324,15 @@ static int dilithium_verify_msg(dilithium_key* key, const byte* msg, dilithium_vec_encode_w1(w, params->k, params->gamma2, w1e); /* Step 12: Hash mu and encoded w1. */ ret = dilithium_hash256(&key->shake, mu, DILITHIUM_MU_SZ, w1e, - params->w1EncSz, commit_calc, 2 * params->lambda); + params->w1EncSz, commit_calc, params->lambda / 4); } if ((ret == 0) && valid) { /* Step 13: Compare commit. */ - valid = (XMEMCMP(commit, commit_calc, 2 * params->lambda) == 0); + valid = (XMEMCMP(commit, commit_calc, params->lambda / 4) == 0); } *res = valid; - XFREE(z, NULL, DYNAMIC_TYPE_DILITHIUM); + XFREE(z, key->heap, DYNAMIC_TYPE_DILITHIUM); return ret; #else int ret = 0; @@ -6313,24 +7340,27 @@ static int dilithium_verify_msg(dilithium_key* key, const byte* msg, const byte* pub_seed = key->p; const byte* t1p = pub_seed + DILITHIUM_PUB_SEED_SZ; const byte* commit = sig; - const byte* ze = sig + params->lambda * 2; + const byte* ze = sig + params->lambda / 4; const byte* h = ze + params->zEncSz; sword32* t1 = NULL; sword32* a = NULL; sword32* c = NULL; sword32* z = NULL; sword32* w = NULL; - byte tr[DILITHIUM_TR_SZ]; - byte* mu = tr; +#ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64 + sword64* t64 = NULL; +#endif +#ifndef WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC + byte* block = NULL; +#endif byte* w1e = NULL; - byte* commit_calc = tr; + byte commit_calc[DILITHIUM_TR_SZ]; int valid = 0; sword32 hi; - byte i; - unsigned int j; + unsigned int r; byte o; byte* encW1; - byte* seed = tr; + byte* seed = commit_calc; /* Ensure the signature is the right size for the parameters. */ if (sigLen != params->sigSz) { @@ -6345,17 +7375,27 @@ static int dilithium_verify_msg(dilithium_key* key, const byte* msg, /* Allocate memory for large intermediates. */ if (ret == 0) { /* z, c, w, t1, w1e. */ - z = (sword32*)XMALLOC(params->s1Sz + 3 * DILITHIUM_POLY_SIZE + - DILITHIUM_MAX_W1_ENC_SZ, NULL, DYNAMIC_TYPE_DILITHIUM); + unsigned int allocSz; + + allocSz = params->s1Sz + 3 * DILITHIUM_POLY_SIZE + + DILITHIUM_REJ_NTT_POLY_H_SIZE + params->w1EncSz; + #ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64 + allocSz += DILITHIUM_POLY_SIZE * 2; + #endif + z = (sword32*)XMALLOC(allocSz, key->heap, DYNAMIC_TYPE_DILITHIUM); if (z == NULL) { ret = MEMORY_E; } else { - c = z + params->s1Sz / sizeof(*t1); - w = c + DILITHIUM_N; - t1 = w + DILITHIUM_N; - w1e = (byte*)(t1 + DILITHIUM_N); - a = t1; + c = z + params->s1Sz / sizeof(*t1); + w = c + DILITHIUM_N; + t1 = w + DILITHIUM_N; + block = (byte*)(t1 + DILITHIUM_N); + w1e = block + DILITHIUM_REJ_NTT_POLY_H_SIZE; + a = t1; + #ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64 + t64 = (sword64*)(w1e + params->w1EncSz); + #endif } } #else @@ -6366,6 +7406,9 @@ static int dilithium_verify_msg(dilithium_key* key, const byte* msg, t1 = key->t1; w1e = key->w1e; a = t1; + #ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64 + t64 = key->t64; + #endif } #endif @@ -6382,11 +7425,11 @@ static int dilithium_verify_msg(dilithium_key* key, const byte* msg, /* Step 9: Compute c from first 256 bits of commit. */ #ifdef WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC - ret = dilithium_sample_in_ball(&key->shake, commit, params->tau, c, - key->block); + ret = dilithium_sample_in_ball_ex(params->level, &key->shake, commit, + params->lambda / 4, params->tau, c, key->block); #else - ret = dilithium_sample_in_ball(&key->shake, commit, params->tau, c, - NULL); + ret = dilithium_sample_in_ball_ex(params->level, &key->shake, commit, + params->lambda / 4, params->tau, c, block); #endif } if ((ret == 0) && valid) { @@ -6398,8 +7441,9 @@ static int dilithium_verify_msg(dilithium_key* key, const byte* msg, /* Copy the seed into a buffer that has space for s and r. */ XMEMCPY(seed, pub_seed, DILITHIUM_PUB_SEED_SZ); /* Step 1: Loop over first dimension of matrix. */ - for (i = 0; (ret == 0) && (i < params->k); i++) { - byte s; + for (r = 0; (ret == 0) && (r < params->k); r++) { + unsigned int s; + unsigned int e; const sword32* zt = z; /* Step 1: Decode and NTT vector t1. */ @@ -6409,112 +7453,288 @@ static int dilithium_verify_msg(dilithium_key* key, const byte* msg, /* Step 10: - NTT(c) o NTT(t1)) */ dilithium_ntt(w); -#ifdef WOLFSSL_DILITHIUM_SMALL - for (j = 0; j < DILITHIUM_N; j++) { - w[j] = -dilithium_mont_red((sword64)c[j] * w[j]); + #ifndef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64 + #ifdef WOLFSSL_DILITHIUM_SMALL + for (e = 0; e < DILITHIUM_N; e++) { + w[e] = -dilithium_mont_red((sword64)c[e] * w[e]); } -#else - for (j = 0; j < DILITHIUM_N; j += 8) { - w[j+0] = -dilithium_mont_red((sword64)c[j+0] * w[j+0]); - w[j+1] = -dilithium_mont_red((sword64)c[j+1] * w[j+1]); - w[j+2] = -dilithium_mont_red((sword64)c[j+2] * w[j+2]); - w[j+3] = -dilithium_mont_red((sword64)c[j+3] * w[j+3]); - w[j+4] = -dilithium_mont_red((sword64)c[j+4] * w[j+4]); - w[j+5] = -dilithium_mont_red((sword64)c[j+5] * w[j+5]); - w[j+6] = -dilithium_mont_red((sword64)c[j+6] * w[j+6]); - w[j+7] = -dilithium_mont_red((sword64)c[j+7] * w[j+7]); + #else + for (e = 0; e < DILITHIUM_N; e += 8) { + w[e+0] = -dilithium_mont_red((sword64)c[e+0] * w[e+0]); + w[e+1] = -dilithium_mont_red((sword64)c[e+1] * w[e+1]); + w[e+2] = -dilithium_mont_red((sword64)c[e+2] * w[e+2]); + w[e+3] = -dilithium_mont_red((sword64)c[e+3] * w[e+3]); + w[e+4] = -dilithium_mont_red((sword64)c[e+4] * w[e+4]); + w[e+5] = -dilithium_mont_red((sword64)c[e+5] * w[e+5]); + w[e+6] = -dilithium_mont_red((sword64)c[e+6] * w[e+6]); + w[e+7] = -dilithium_mont_red((sword64)c[e+7] * w[e+7]); } -#endif + #endif + #else + #ifdef WOLFSSL_DILITHIUM_SMALL + for (e = 0; e < DILITHIUM_N; e++) { + t64[e] = -(sword64)c[e] * w[e]; + } + #else + for (e = 0; e < DILITHIUM_N; e += 8) { + t64[e+0] = -(sword64)c[e+0] * w[e+0]; + t64[e+1] = -(sword64)c[e+1] * w[e+1]; + t64[e+2] = -(sword64)c[e+2] * w[e+2]; + t64[e+3] = -(sword64)c[e+3] * w[e+3]; + t64[e+4] = -(sword64)c[e+4] * w[e+4]; + t64[e+5] = -(sword64)c[e+5] * w[e+5]; + t64[e+6] = -(sword64)c[e+6] * w[e+6]; + t64[e+7] = -(sword64)c[e+7] * w[e+7]; + } + #endif + #endif /* Step 5: Expand pub seed to compute matrix A. */ /* Put r into buffer to be hashed. */ - seed[DILITHIUM_PUB_SEED_SZ + 1] = i; + seed[DILITHIUM_PUB_SEED_SZ + 1] = r; for (s = 0; (ret == 0) && (s < params->l); s++) { /* Put s into buffer to be hashed. */ seed[DILITHIUM_PUB_SEED_SZ + 0] = s; /* Step 3: Create polynomial from hashing seed. */ #ifdef WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC - ret = dilithium_rej_ntt_poly(&key->shake, seed, a, key->h); + ret = dilithium_rej_ntt_poly_ex(&key->shake, seed, a, key->h); #else - ret = dilithium_rej_ntt_poly(&key->shake, seed, a, NULL); + ret = dilithium_rej_ntt_poly_ex(&key->shake, seed, a, block); #endif /* Step 10: w = A o NTT(z) - NTT(c) o NTT(t1) */ -#ifdef WOLFSSL_DILITHIUM_SMALL - for (j = 0; j < DILITHIUM_N; j++) { - w[j] += dilithium_mont_red((sword64)a[j] * zt[j]); + #ifndef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64 + #ifdef WOLFSSL_DILITHIUM_SMALL + for (e = 0; e < DILITHIUM_N; e++) { + w[e] += dilithium_mont_red((sword64)a[e] * zt[e]); } -#else - for (j = 0; j < DILITHIUM_N; j += 8) { - w[j+0] += dilithium_mont_red((sword64)a[j+0] * zt[j+0]); - w[j+1] += dilithium_mont_red((sword64)a[j+1] * zt[j+1]); - w[j+2] += dilithium_mont_red((sword64)a[j+2] * zt[j+2]); - w[j+3] += dilithium_mont_red((sword64)a[j+3] * zt[j+3]); - w[j+4] += dilithium_mont_red((sword64)a[j+4] * zt[j+4]); - w[j+5] += dilithium_mont_red((sword64)a[j+5] * zt[j+5]); - w[j+6] += dilithium_mont_red((sword64)a[j+6] * zt[j+6]); - w[j+7] += dilithium_mont_red((sword64)a[j+7] * zt[j+7]); + #else + for (e = 0; e < DILITHIUM_N; e += 8) { + w[e+0] += dilithium_mont_red((sword64)a[e+0] * zt[e+0]); + w[e+1] += dilithium_mont_red((sword64)a[e+1] * zt[e+1]); + w[e+2] += dilithium_mont_red((sword64)a[e+2] * zt[e+2]); + w[e+3] += dilithium_mont_red((sword64)a[e+3] * zt[e+3]); + w[e+4] += dilithium_mont_red((sword64)a[e+4] * zt[e+4]); + w[e+5] += dilithium_mont_red((sword64)a[e+5] * zt[e+5]); + w[e+6] += dilithium_mont_red((sword64)a[e+6] * zt[e+6]); + w[e+7] += dilithium_mont_red((sword64)a[e+7] * zt[e+7]); } -#endif + #endif + #else + #ifdef WOLFSSL_DILITHIUM_SMALL + for (e = 0; e < DILITHIUM_N; e++) { + t64[e] += (sword64)a[e] * zt[e]; + } + #else + for (e = 0; e < DILITHIUM_N; e += 8) { + t64[e+0] += (sword64)a[e+0] * zt[e+0]; + t64[e+1] += (sword64)a[e+1] * zt[e+1]; + t64[e+2] += (sword64)a[e+2] * zt[e+2]; + t64[e+3] += (sword64)a[e+3] * zt[e+3]; + t64[e+4] += (sword64)a[e+4] * zt[e+4]; + t64[e+5] += (sword64)a[e+5] * zt[e+5]; + t64[e+6] += (sword64)a[e+6] * zt[e+6]; + t64[e+7] += (sword64)a[e+7] * zt[e+7]; + } + #endif + #endif /* Next polynomial. */ zt += DILITHIUM_N; } + #ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64 + for (e = 0; e < DILITHIUM_N; e++) { + w[e] = dilithium_mont_red(t64[e]); + } + #endif /* Step 10: w = NTT-1(A o NTT(z) - NTT(c) o NTT(t1)) */ dilithium_invntt(w); -#ifndef WOLFSSL_NO_ML_DSA_44 + #ifndef WOLFSSL_NO_ML_DSA_44 if (params->gamma2 == DILITHIUM_Q_LOW_88) { /* Step 11: Use hint to give full w1. */ - dilithium_use_hint_88(w, h, i, &o); + dilithium_use_hint_88(w, h, r, &o); /* Step 12: Encode w1. */ dilithium_encode_w1_88(w, encW1); encW1 += DILITHIUM_Q_HI_88_ENC_BITS * 2 * DILITHIUM_N / 16; } else -#endif -#if !defined(WOLFSSL_NO_ML_DSA_65) || !defined(WOLFSSL_NO_ML_DSA_87) + #endif + #if !defined(WOLFSSL_NO_ML_DSA_65) || !defined(WOLFSSL_NO_ML_DSA_87) if (params->gamma2 == DILITHIUM_Q_LOW_32) { /* Step 11: Use hint to give full w1. */ - dilithium_use_hint_32(w, h, params->omega, i, &o); + dilithium_use_hint_32(w, h, params->omega, r, &o); /* Step 12: Encode w1. */ dilithium_encode_w1_32(w, encW1); encW1 += DILITHIUM_Q_HI_32_ENC_BITS * 2 * DILITHIUM_N / 16; } else -#endif + #endif { } } } - if ((ret == 0) && valid) { + if ((ret == 0) && valid) { + /* Step 12: Hash mu and encoded w1. */ + ret = dilithium_hash256(&key->shake, mu, DILITHIUM_MU_SZ, w1e, + params->w1EncSz, commit_calc, params->lambda / 4); + } + if ((ret == 0) && valid) { + /* Step 13: Compare commit. */ + valid = (XMEMCMP(commit, commit_calc, params->lambda / 4) == 0); + } + + *res = valid; +#ifndef WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC + XFREE(z, key->heap, DYNAMIC_TYPE_DILITHIUM); +#endif + return ret; +#endif /* !WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM */ +} + +/* Verify signature of message using public key. + * + * @param [in, out] key Dilithium key. + * @param [in] ctx Context of verification. + * @param [in] ctxLen Length of context in bytes. + * @param [in] msg Message to verify. + * @param [in] msgLen Length of message in bytes. + * @param [in] sig Signature to verify message. + * @param [in] sigLen Length of message in bytes. + * @param [out] res Result of verification. + * @return 0 on success. + * @return SIG_VERIFY_E when hint is malformed. + * @return BUFFER_E when the length of the signature does not match + * parameters. + * @return MEMORY_E when memory allocation fails. + * @return Other negative when an error occurs. + */ +static int dilithium_verify_ctx_msg(dilithium_key* key, const byte* ctx, + word32 ctxLen, const byte* msg, word32 msgLen, const byte* sig, + word32 sigLen, int* res) +{ + int ret = 0; + byte tr[DILITHIUM_TR_SZ]; + byte* mu = tr; + + if (key == NULL) { + ret = BAD_FUNC_ARG; + } + + if (ret == 0) { + /* Step 6: Hash public key. */ + ret = dilithium_shake256(&key->shake, key->p, key->params->pkSz, tr, + DILITHIUM_TR_SZ); + } + if (ret == 0) { + /* Step 6. Calculate mu. */ + ret = dilithium_hash256_ctx_msg(&key->shake, tr, DILITHIUM_TR_SZ, 0, + ctx, ctxLen, msg, msgLen, mu, DILITHIUM_MU_SZ); + } + if (ret == 0) { + ret = dilithium_verify_mu(key, mu, sig, sigLen, res); + } + + return ret; +} + +/* Verify signature of message using public key. + * + * @param [in, out] key Dilithium key. + * @param [in] msg Message to verify. + * @param [in] msgLen Length of message in bytes. + * @param [in] sig Signature to verify message. + * @param [in] sigLen Length of message in bytes. + * @param [out] res Result of verification. + * @return 0 on success. + * @return SIG_VERIFY_E when hint is malformed. + * @return BUFFER_E when the length of the signature does not match + * parameters. + * @return MEMORY_E when memory allocation fails. + * @return Other negative when an error occurs. + */ +static int dilithium_verify_msg(dilithium_key* key, const byte* msg, + word32 msgLen, const byte* sig, word32 sigLen, int* res) +{ + int ret = 0; + byte tr[DILITHIUM_TR_SZ]; + byte* mu = tr; + + if (key == NULL) { + ret = BAD_FUNC_ARG; + } + + if (ret == 0) { + /* Step 6: Hash public key. */ + ret = dilithium_shake256(&key->shake, key->p, key->params->pkSz, tr, + DILITHIUM_TR_SZ); + } + if (ret == 0) { + /* Step 6. Calculate mu. */ + ret = dilithium_hash256(&key->shake, tr, DILITHIUM_TR_SZ, msg, msgLen, + mu, DILITHIUM_MU_SZ); + } + if (ret == 0) { + ret = dilithium_verify_mu(key, mu, sig, sigLen, res); + } + + return ret; +} + +/* Verify signature of message using public key. + * + * @param [in, out] key Dilithium key. + * @param [in] ctx Context of verification. + * @param [in] ctxLen Length of context in bytes. + * @param [iu] hashAlg Hash algorithm used on message. + * @param [in] hash Hash of message to verify. + * @param [in] hashLen Length of message hash in bytes. + * @param [in] sig Signature to verify message. + * @param [in] sigLen Length of message in bytes. + * @param [out] res Result of verification. + * @return 0 on success. + * @return SIG_VERIFY_E when hint is malformed. + * @return BUFFER_E when the length of the signature does not match + * parameters. + * @return MEMORY_E when memory allocation fails. + * @return Other negative when an error occurs. + */ +static int dilithium_verify_ctx_hash(dilithium_key* key, const byte* ctx, + word32 ctxLen, int hashAlg, const byte* hash, word32 hashLen, + const byte* sig, word32 sigLen, int* res) +{ + int ret = 0; + byte tr[DILITHIUM_TR_SZ]; + byte* mu = tr; + byte oidMsgHash[DILITHIUM_HASH_OID_LEN + WC_MAX_DIGEST_SIZE]; + word32 oidMsgHashLen; + + if (key == NULL) { + ret = BAD_FUNC_ARG; + } + + if (ret == 0) { /* Step 6: Hash public key. */ - ret = dilithium_shake256(&key->shake, key->p, params->pkSz, tr, + ret = dilithium_shake256(&key->shake, key->p, key->params->pkSz, tr, DILITHIUM_TR_SZ); } - if ((ret == 0) && valid) { - /* Step 7: Hash hash of public key and message. */ - ret = dilithium_hash256(&key->shake, tr, DILITHIUM_TR_SZ, msg, msgLen, - mu, DILITHIUM_MU_SZ); + if (ret == 0) { + ret = dilithium_get_hash_oid(hashAlg, oidMsgHash, &oidMsgHashLen); } - if ((ret == 0) && valid) { - /* Step 12: Hash mu and encoded w1. */ - ret = dilithium_hash256(&key->shake, mu, DILITHIUM_MU_SZ, w1e, - params->w1EncSz, commit_calc, 2 * params->lambda); + if (ret == 0) { + XMEMCPY(oidMsgHash + oidMsgHashLen, hash, hashLen); + oidMsgHashLen += hashLen; + + /* Step 6. Calculate mu. */ + ret = dilithium_hash256_ctx_msg(&key->shake, tr, DILITHIUM_TR_SZ, 1, + ctx, ctxLen, oidMsgHash, oidMsgHashLen, mu, DILITHIUM_MU_SZ); } - if ((ret == 0) && valid) { - /* Step 13: Compare commit. */ - valid = (XMEMCMP(commit, commit_calc, 2 * params->lambda) == 0); + if (ret == 0) { + ret = dilithium_verify_mu(key, mu, sig, sigLen, res); } - *res = valid; -#ifndef WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC - XFREE(z, NULL, DYNAMIC_TYPE_DILITHIUM); -#endif return ret; -#endif /* !WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM */ } - #endif /* WOLFSSL_DILITHIUM_NO_VERIFY */ #elif defined(HAVE_LIBOQS) @@ -6525,13 +7745,13 @@ static int oqs_dilithium_make_key(dilithium_key* key, WC_RNG* rng) int ret = 0; OQS_SIG *oqssig = NULL; - if (key->level == 2) { + if (key->level == WC_ML_DSA_44) { oqssig = OQS_SIG_new(OQS_SIG_alg_ml_dsa_44_ipd); } - else if (key->level == 3) { + else if (key->level == WC_ML_DSA_65) { oqssig = OQS_SIG_new(OQS_SIG_alg_ml_dsa_65_ipd); } - else if (key->level == 5) { + else if (key->level == WC_ML_DSA_87) { oqssig = OQS_SIG_new(OQS_SIG_alg_ml_dsa_87_ipd); } else { @@ -6573,13 +7793,13 @@ static int oqs_dilithium_sign_msg(const byte* msg, word32 msgLen, byte* sig, } if (ret == 0) { - if (key->level == 2) { + if (key->level == WC_ML_DSA_44) { oqssig = OQS_SIG_new(OQS_SIG_alg_ml_dsa_44_ipd); } - else if (key->level == 3) { + else if (key->level == WC_ML_DSA_65) { oqssig = OQS_SIG_new(OQS_SIG_alg_ml_dsa_65_ipd); } - else if (key->level == 5) { + else if (key->level == WC_ML_DSA_87) { oqssig = OQS_SIG_new(OQS_SIG_alg_ml_dsa_87_ipd); } else { @@ -6593,16 +7813,19 @@ static int oqs_dilithium_sign_msg(const byte* msg, word32 msgLen, byte* sig, /* check and set up out length */ if (ret == 0) { - if ((key->level == 2) && (*sigLen < DILITHIUM_LEVEL2_SIG_SIZE)) { - *sigLen = DILITHIUM_LEVEL2_SIG_SIZE; + if ((key->level == WC_ML_DSA_44) && + (*sigLen < ML_DSA_LEVEL2_SIG_SIZE)) { + *sigLen = ML_DSA_LEVEL2_SIG_SIZE; ret = BUFFER_E; } - else if ((key->level == 3) && (*sigLen < DILITHIUM_LEVEL3_SIG_SIZE)) { - *sigLen = DILITHIUM_LEVEL3_SIG_SIZE; + else if ((key->level == WC_ML_DSA_65) && + (*sigLen < ML_DSA_LEVEL3_SIG_SIZE)) { + *sigLen = ML_DSA_LEVEL3_SIG_SIZE; ret = BUFFER_E; } - else if ((key->level == 5) && (*sigLen < DILITHIUM_LEVEL5_SIG_SIZE)) { - *sigLen = DILITHIUM_LEVEL5_SIG_SIZE; + else if ((key->level == WC_ML_DSA_87) && + (*sigLen < ML_DSA_LEVEL5_SIG_SIZE)) { + *sigLen = ML_DSA_LEVEL5_SIG_SIZE; ret = BUFFER_E; } localOutLen = *sigLen; @@ -6643,13 +7866,13 @@ static int oqs_dilithium_verify_msg(const byte* sig, word32 sigLen, } if (ret == 0) { - if (key->level == 2) { + if (key->level == WC_ML_DSA_44) { oqssig = OQS_SIG_new(OQS_SIG_alg_ml_dsa_44_ipd); } - else if (key->level == 3) { + else if (key->level == WC_ML_DSA_65) { oqssig = OQS_SIG_new(OQS_SIG_alg_ml_dsa_65_ipd); } - else if (key->level == 5) { + else if (key->level == WC_ML_DSA_87) { oqssig = OQS_SIG_new(OQS_SIG_alg_ml_dsa_87_ipd); } else { @@ -6757,6 +7980,63 @@ int wc_dilithium_make_key_from_seed(dilithium_key* key, const byte* seed) #endif #ifndef WOLFSSL_DILITHIUM_NO_SIGN +/* Sign the message using the dilithium private key. + * + * ctx [in] Context of signature. + * ctxLen [in] Length of context in bytes. + * msg [in] Message to sign. + * msgLen [in] Length of the message in bytes. + * sig [out] Buffer to write signature into. + * sigLen [in/out] On in, size of buffer. + * On out, the length of the signature in bytes. + * key [in] Dilithium key to use when signing + * returns BAD_FUNC_ARG when a parameter is NULL, public key not set + * or ctx is NULL and ctxLen is not 0, + * BUFFER_E when outLen is less than DILITHIUM_LEVEL2_SIG_SIZE, + * 0 otherwise. + */ +int wc_dilithium_sign_ctx_msg(const byte* ctx, byte ctxLen, const byte* msg, + word32 msgLen, byte* sig, word32 *sigLen, dilithium_key* key, WC_RNG* rng) +{ + int ret = 0; + + /* Validate parameters. */ + if ((msg == NULL) || (sig == NULL) || (sigLen == NULL) || (key == NULL)) { + ret = BAD_FUNC_ARG; + } + if ((ret == 0) && (ctx == NULL) && (ctxLen > 0)) { + ret = BAD_FUNC_ARG; + } + +#ifdef WOLF_CRYPTO_CB + if (ret == 0) { + #ifndef WOLF_CRYPTO_CB_FIND + if (key->devId != INVALID_DEVID) + #endif + { + ret = wc_CryptoCb_PqcSign(msg, msgLen, sig, sigLen, rng, + WC_PQC_SIG_TYPE_DILITHIUM, key); + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) + return ret; + /* fall-through when unavailable */ + ret = 0; + } + } +#endif + + if (ret == 0) { + /* Sign message. */ + #ifdef WOLFSSL_WC_DILITHIUM + ret = dilithium_sign_ctx_msg(key, rng, ctx, ctxLen, msg, msgLen, sig, + sigLen); + #elif defined(HAVE_LIBOQS) + ret = oqs_dilithium_sign_msg(msg, msgLen, sig, sigLen, key, rng); + #endif + } + + return ret; +} + /* Sign the message using the dilithium private key. * * msg [in] Message to sign. @@ -6807,6 +8087,97 @@ int wc_dilithium_sign_msg(const byte* msg, word32 msgLen, byte* sig, return ret; } +/* Sign the message hash using the dilithium private key. + * + * ctx [in] Context of signature. + * ctxLen [in] Length of context in bytes. + * hashAlg [in] Hash algorithm used on message. + * hash [in] Hash of message to sign. + * hashLen [in] Length of the message hash in bytes. + * sig [out] Buffer to write signature into. + * sigLen [in/out] On in, size of buffer. + * On out, the length of the signature in bytes. + * key [in] Dilithium key to use when signing + * returns BAD_FUNC_ARG when a parameter is NULL, public key not set + * or ctx is NULL and ctxLen is not 0, + * BUFFER_E when outLen is less than DILITHIUM_LEVEL2_SIG_SIZE, + * 0 otherwise. + */ +int wc_dilithium_sign_ctx_hash(const byte* ctx, byte ctxLen, int hashAlg, + const byte* hash, word32 hashLen, byte* sig, word32 *sigLen, + dilithium_key* key, WC_RNG* rng) +{ + int ret = 0; + + /* Validate parameters. */ + if ((hash == NULL) || (sig == NULL) || (sigLen == NULL) || (key == NULL)) { + ret = BAD_FUNC_ARG; + } + if ((ret == 0) && (ctx == NULL) && (ctxLen > 0)) { + ret = BAD_FUNC_ARG; + } + + if (ret == 0) { + /* Sign message. */ + #ifdef WOLFSSL_WC_DILITHIUM + ret = dilithium_sign_ctx_hash(key, rng, ctx, ctxLen, hashAlg, hash, + hashLen, sig, sigLen); + #elif defined(HAVE_LIBOQS) + ret = NOT_COMPILED_IN; + (void)hashAlg; + (void)hash; + (void)hashLen; + (void)rng; + #endif + } + + return ret; +} + +/* Sign the message using the dilithium private key. + * + * ctx [in] Context of signature. + * ctxLen [in] Length of context in bytes. + * msg [in] Message to sign. + * msgLen [in] Length of the message in bytes. + * sig [out] Buffer to write signature into. + * sigLen [in/out] On in, size of buffer. + * On out, the length of the signature in bytes. + * key [in] Dilithium key to use when signing + * returns BAD_FUNC_ARG when a parameter is NULL, public key not set + * or ctx is NULL and ctxLen is not 0, + * BUFFER_E when outLen is less than DILITHIUM_LEVEL2_SIG_SIZE, + * 0 otherwise. + */ +int wc_dilithium_sign_ctx_msg_with_seed(const byte* ctx, byte ctxLen, + const byte* msg, word32 msgLen, byte* sig, word32 *sigLen, + dilithium_key* key, const byte* seed) +{ + int ret = 0; + + /* Validate parameters. */ + if ((msg == NULL) || (sig == NULL) || (sigLen == NULL) || (key == NULL)) { + ret = BAD_FUNC_ARG; + } + if ((ret == 0) && (ctx == NULL) && (ctxLen > 0)) { + ret = BAD_FUNC_ARG; + } + + if (ret == 0) { + /* Sign message. */ + #ifdef WOLFSSL_WC_DILITHIUM + ret = dilithium_sign_ctx_msg_with_seed(key, seed, ctx, ctxLen, msg, + msgLen, sig, sigLen); + #elif defined(HAVE_LIBOQS) + ret = NOT_COMPILED_IN; + (void)msgLen; + (void)seed; + #endif + } + + return ret; +} + /* Sign the message using the dilithium private key. * * msg [in] Message to sign. @@ -6820,7 +8191,7 @@ int wc_dilithium_sign_msg(const byte* msg, word32 msgLen, byte* sig, * 0 otherwise. */ int wc_dilithium_sign_msg_with_seed(const byte* msg, word32 msgLen, byte* sig, - word32 *sigLen, dilithium_key* key, byte* seed) + word32 *sigLen, dilithium_key* key, const byte* seed) { int ret = 0; @@ -6842,9 +8213,100 @@ int wc_dilithium_sign_msg_with_seed(const byte* msg, word32 msgLen, byte* sig, return ret; } + +/* Sign the message using the dilithium private key. + * + * ctx [in] Context of signature. + * ctxLen [in] Length of context in bytes. + * hashAlg [in] Hash algorithm used on message. + * hash [in] Hash of message to sign. + * hashLen [in] Length of the message hash in bytes. + * sig [out] Buffer to write signature into. + * sigLen [in/out] On in, size of buffer. + * On out, the length of the signature in bytes. + * key [in] Dilithium key to use when signing + * returns BAD_FUNC_ARG when a parameter is NULL, public key not set + * or ctx is NULL and ctxLen is not 0, + * BUFFER_E when outLen is less than DILITHIUM_LEVEL2_SIG_SIZE, + * 0 otherwise. + */ +int wc_dilithium_sign_ctx_hash_with_seed(const byte* ctx, byte ctxLen, + int hashAlg, const byte* hash, word32 hashLen, byte* sig, word32 *sigLen, + dilithium_key* key, const byte* seed) +{ + int ret = 0; + + /* Validate parameters. */ + if ((hash == NULL) || (sig == NULL) || (sigLen == NULL) || (key == NULL)) { + ret = BAD_FUNC_ARG; + } + if ((ret == 0) && (ctx == NULL) && (ctxLen > 0)) { + ret = BAD_FUNC_ARG; + } + + if (ret == 0) { + /* Sign message. */ + #ifdef WOLFSSL_WC_DILITHIUM + ret = dilithium_sign_ctx_hash_with_seed(key, seed, ctx, ctxLen, + hashAlg, hash, hashLen, sig, sigLen); + #elif defined(HAVE_LIBOQS) + ret = NOT_COMPILED_IN; + (void)hashAlg; + (void)hash; + (void)hashLen; + (void)seed; + #endif + } + + return ret; +} #endif /* !WOLFSSL_DILITHIUM_NO_SIGN */ #ifndef WOLFSSL_DILITHIUM_NO_VERIFY +/* Verify the message using the dilithium public key. + * + * sig [in] Signature to verify. + * sigLen [in] Size of signature in bytes. + * ctx [in] Context of signature. + * ctxLen [in] Length of context in bytes. + * msg [in] Message to verify. + * msgLen [in] Length of the message in bytes. + * res [out] *res is set to 1 on successful verification. + * key [in] Dilithium key to use to verify. + * returns BAD_FUNC_ARG when a parameter is NULL, public key not set + * or ctx is NULL and ctxLen is not 0, + * BUFFER_E when sigLen is less than DILITHIUM_LEVEL2_SIG_SIZE, + * 0 otherwise. + */ +int wc_dilithium_verify_ctx_msg(const byte* sig, word32 sigLen, const byte* ctx, + word32 ctxLen, const byte* msg, word32 msgLen, int* res, dilithium_key* key) +{ + int ret = 0; + + /* Validate parameters. */ + if ((key == NULL) || (sig == NULL) || (msg == NULL) || (res == NULL)) { + ret = BAD_FUNC_ARG; + } + if ((ret == 0) && (ctx == NULL) && (ctxLen > 0)) { + ret = BAD_FUNC_ARG; + } + + if (ret == 0) { + /* Verify message with signature. */ + #ifdef WOLFSSL_WC_DILITHIUM + ret = dilithium_verify_ctx_msg(key, ctx, ctxLen, msg, msgLen, sig, + sigLen, res); + #elif defined(HAVE_LIBOQS) + ret = NOT_COMPILED_IN; + (void)sigLen; + (void)msgLen; + (void)res; + #endif + } + + return ret; +} + /* Verify the message using the dilithium public key. * * sig [in] Signature to verify. @@ -6894,6 +8356,53 @@ int wc_dilithium_verify_msg(const byte* sig, word32 sigLen, const byte* msg, return ret; } + +/* Verify the message using the dilithium public key. + * + * sig [in] Signature to verify. + * sigLen [in] Size of signature in bytes. + * ctx [in] Context of signature. + * ctxLen [in] Length of context in bytes. + * hashAlg [in] Hash algorithm used on message. + * hash [in] Hash of message to verify. + * hashLen [in] Length of the message hash in bytes. + * res [out] *res is set to 1 on successful verification. + * key [in] Dilithium key to use to verify. + * returns BAD_FUNC_ARG when a parameter is NULL, public key not set + * or ctx is NULL and ctxLen is not 0, + * BUFFER_E when sigLen is less than DILITHIUM_LEVEL2_SIG_SIZE, + * 0 otherwise. + */ +int wc_dilithium_verify_ctx_hash(const byte* sig, word32 sigLen, + const byte* ctx, word32 ctxLen, int hashAlg, const byte* hash, + word32 hashLen, int* res, dilithium_key* key) +{ + int ret = 0; + + /* Validate parameters. */ + if ((key == NULL) || (sig == NULL) || (hash == NULL) || (res == NULL)) { + ret = BAD_FUNC_ARG; + } + if ((ret == 0) && (ctx == NULL) && (ctxLen > 0)) { + ret = BAD_FUNC_ARG; + } + + if (ret == 0) { + /* Verify message with signature. */ + #ifdef WOLFSSL_WC_DILITHIUM + ret = dilithium_verify_ctx_hash(key, ctx, ctxLen, hashAlg, hash, + hashLen, sig, sigLen, res); + #elif defined(HAVE_LIBOQS) + ret = NOT_COMPILED_IN; + (void)sigLen; + (void)hashAlg; + (void)hash; + (void)hashLen; + #endif + } + + return ret; +} #endif /* WOLFSSL_DILITHIUM_NO_VERIFY */ /* Initialize the dilithium private/public key. @@ -6917,7 +8426,6 @@ int wc_dilithium_init_ex(dilithium_key* key, void* heap, int devId) { int ret = 0; - (void)heap; (void)devId; /* Validate parameters. */ @@ -6937,6 +8445,7 @@ int wc_dilithium_init_ex(dilithium_key* key, void* heap, int devId) key->idLen = 0; key->labelLen = 0; #endif + key->heap = heap; } return ret; @@ -6964,7 +8473,7 @@ int wc_dilithium_init_id(dilithium_key* key, const unsigned char* id, int len, } /* Set the maximum level here */ - wc_dilithium_set_level(key, 5); + wc_dilithium_set_level(key, WC_ML_DSA_87); return ret; } @@ -6994,7 +8503,7 @@ int wc_dilithium_init_label(dilithium_key* key, const char* label, void* heap, } /* Set the maximum level here */ - wc_dilithium_set_level(key, 5); + wc_dilithium_set_level(key, WC_ML_DSA_87); return ret; } @@ -7014,7 +8523,17 @@ int wc_dilithium_set_level(dilithium_key* key, byte level) if (key == NULL) { ret = BAD_FUNC_ARG; } - if ((ret == 0) && (level != 2) && (level != 3) && (level != 5)) { + if ((ret == 0) && ((level == WC_ML_DSA_44) || (level == WC_ML_DSA_65) || + (level == WC_ML_DSA_87))) { + /* Nothing to do. */ + } +#if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT) + else if ((ret == 0) && ((level == WC_ML_DSA_44_DRAFT) || + (level == WC_ML_DSA_65_DRAFT) || (level == WC_ML_DSA_87_DRAFT))) { + /* Nothing to do. */ + } +#endif + else { ret = BAD_FUNC_ARG; } @@ -7025,27 +8544,29 @@ int wc_dilithium_set_level(dilithium_key* key, byte level) } if (ret == 0) { /* Clear any cached items. */ +#ifndef WC_DILITHIUM_FIXED_ARRAY #ifdef WC_DILITHIUM_CACHE_MATRIX_A - XFREE(key->a, NULL, WOLFSSL_WC_DILITHIUM); + XFREE(key->a, key->heap, DYNAMIC_TYPE_DILITHIUM); key->a = NULL; key->aSet = 0; #endif #ifdef WC_DILITHIUM_CACHE_PRIV_VECTORS - XFREE(key->s1, NULL, WOLFSSL_WC_DILITHIUM); + XFREE(key->s1, key->heap, DYNAMIC_TYPE_DILITHIUM); key->s1 = NULL; key->s2 = NULL; key->t0 = NULL; key->privVecsSet = 0; #endif #ifdef WC_DILITHIUM_CACHE_PUB_VECTORS - XFREE(key->t1, NULL, WOLFSSL_WC_DILITHIUM); + XFREE(key->t1, key->heap, DYNAMIC_TYPE_DILITHIUM); key->t1 = NULL; key->pubVecSet = 0; #endif +#endif #endif /* WOLFSSL_WC_DILITHIUM */ /* Store level and indicate public and private key are not set. */ - key->level = level; + key->level = level % WC_ML_DSA_DRAFT; key->pubKeySet = 0; key->prvKeySet = 0; } @@ -7067,8 +8588,8 @@ int wc_dilithium_get_level(dilithium_key* key, byte* level) if ((key == NULL) || (level == NULL)) { ret = BAD_FUNC_ARG; } - if ((ret == 0) && (key->level != 2) && (key->level != 3) && - (key->level != 5)) { + if ((ret == 0) && (key->level != WC_ML_DSA_44) && + (key->level != WC_ML_DSA_65) && (key->level != WC_ML_DSA_87)) { ret = BAD_FUNC_ARG; } @@ -7088,16 +8609,18 @@ void wc_dilithium_free(dilithium_key* key) { if (key != NULL) { #ifdef WOLFSSL_WC_DILITHIUM +#ifndef WC_DILITHIUM_FIXED_ARRAY /* Dispose of cached items. */ #ifdef WC_DILITHIUM_CACHE_PUB_VECTORS - XFREE(key->t1, NULL, WOLFSSL_WC_DILITHIUM); + XFREE(key->t1, key->heap, DYNAMIC_TYPE_DILITHIUM); #endif #ifdef WC_DILITHIUM_CACHE_PRIV_VECTORS - XFREE(key->s1, NULL, WOLFSSL_WC_DILITHIUM); + XFREE(key->s1, key->heap, DYNAMIC_TYPE_DILITHIUM); #endif #ifdef WC_DILITHIUM_CACHE_MATRIX_A - XFREE(key->a, NULL, WOLFSSL_WC_DILITHIUM); + XFREE(key->a, key->heap, DYNAMIC_TYPE_DILITHIUM); #endif +#endif /* Free the SHAKE-128/256 object. */ wc_Shake256_Free(&key->shake); #endif @@ -7115,17 +8638,32 @@ void wc_dilithium_free(dilithium_key* key) */ int wc_dilithium_size(dilithium_key* key) { - int ret = BAD_FUNC_ARG; + int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG); if (key != NULL) { - if (key->level == 2) { + #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT) + if (key->params == NULL) { + ret = BAD_FUNC_ARG; + } + else if (key->params->level == WC_ML_DSA_44_DRAFT) { ret = DILITHIUM_LEVEL2_KEY_SIZE; } - else if (key->level == 3) { - ret = DILITHIUM_LEVEL3_KEY_SIZE; + else if (key->params->level == WC_ML_DSA_65_DRAFT) { + ret = DILITHIUM_LEVEL3_KEY_SIZE; + } + else if (key->params->level == WC_ML_DSA_87_DRAFT) { + ret = DILITHIUM_LEVEL5_KEY_SIZE; + } + else + #endif + if (key->level == WC_ML_DSA_44) { + ret = ML_DSA_LEVEL2_KEY_SIZE; + } + else if (key->level == WC_ML_DSA_65) { + ret = ML_DSA_LEVEL3_KEY_SIZE; } - else if (key->level == 5) { - ret = DILITHIUM_LEVEL5_KEY_SIZE; + else if (key->level == WC_ML_DSA_87) { + ret = ML_DSA_LEVEL5_KEY_SIZE; } } @@ -7141,18 +8679,32 @@ int wc_dilithium_size(dilithium_key* key) */ int wc_dilithium_priv_size(dilithium_key* key) { - int ret = BAD_FUNC_ARG; + int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG); if (key != NULL) { - if (key->level == 2) { + #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT) + if (key->params == NULL) { + ret = BAD_FUNC_ARG; + } + else if (key->params->level == WC_ML_DSA_44_DRAFT) { ret = DILITHIUM_LEVEL2_PRV_KEY_SIZE; } - else if (key->level == 3) { + else if (key->params->level == WC_ML_DSA_65_DRAFT) { ret = DILITHIUM_LEVEL3_PRV_KEY_SIZE; } - else if (key->level == 5) { + else if (key->params->level == WC_ML_DSA_87_DRAFT) { ret = DILITHIUM_LEVEL5_PRV_KEY_SIZE; } + #endif + if (key->level == WC_ML_DSA_44) { + ret = ML_DSA_LEVEL2_PRV_KEY_SIZE; + } + else if (key->level == WC_ML_DSA_65) { + ret = ML_DSA_LEVEL3_PRV_KEY_SIZE; + } + else if (key->level == WC_ML_DSA_87) { + ret = ML_DSA_LEVEL5_PRV_KEY_SIZE; + } } return ret; @@ -7188,18 +8740,33 @@ int wc_MlDsaKey_GetPrivLen(MlDsaKey* key, int* len) */ int wc_dilithium_pub_size(dilithium_key* key) { - int ret = BAD_FUNC_ARG; + int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG); if (key != NULL) { - if (key->level == 2) { + #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT) + if (key->params == NULL) { + ret = BAD_FUNC_ARG; + } + else if (key->params->level == WC_ML_DSA_44_DRAFT) { ret = DILITHIUM_LEVEL2_PUB_KEY_SIZE; } - else if (key->level == 3) { + else if (key->params->level == WC_ML_DSA_65_DRAFT) { ret = DILITHIUM_LEVEL3_PUB_KEY_SIZE; } - else if (key->level == 5) { + else if (key->params->level == WC_ML_DSA_87_DRAFT) { ret = DILITHIUM_LEVEL5_PUB_KEY_SIZE; } + else + #endif + if (key->level == WC_ML_DSA_44) { + ret = ML_DSA_LEVEL2_PUB_KEY_SIZE; + } + else if (key->level == WC_ML_DSA_65) { + ret = ML_DSA_LEVEL3_PUB_KEY_SIZE; + } + else if (key->level == WC_ML_DSA_87) { + ret = ML_DSA_LEVEL5_PUB_KEY_SIZE; + } } return ret; @@ -7234,18 +8801,33 @@ int wc_MlDsaKey_GetPubLen(MlDsaKey* key, int* len) */ int wc_dilithium_sig_size(dilithium_key* key) { - int ret = BAD_FUNC_ARG; + int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG); if (key != NULL) { - if (key->level == 2) { + #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT) + if (key->params == NULL) { + ret = BAD_FUNC_ARG; + } + else if (key->params->level == WC_ML_DSA_44_DRAFT) { ret = DILITHIUM_LEVEL2_SIG_SIZE; } - else if (key->level == 3) { + else if (key->params->level == WC_ML_DSA_65_DRAFT) { ret = DILITHIUM_LEVEL3_SIG_SIZE; } - else if (key->level == 5) { + else if (key->params->level == WC_ML_DSA_87_DRAFT) { ret = DILITHIUM_LEVEL5_SIG_SIZE; } + else + #endif + if (key->level == WC_ML_DSA_44) { + ret = ML_DSA_LEVEL2_SIG_SIZE; + } + else if (key->level == WC_ML_DSA_65) { + ret = ML_DSA_LEVEL3_SIG_SIZE; + } + else if (key->level == WC_ML_DSA_87) { + ret = ML_DSA_LEVEL5_SIG_SIZE; + } } return ret; @@ -7321,7 +8903,7 @@ int wc_dilithium_check_key(dilithium_key* key) #endif /* Allocate memory for large intermediates. */ - s1 = (sword32*)XMALLOC(allocSz, NULL, DYNAMIC_TYPE_DILITHIUM); + s1 = (sword32*)XMALLOC(allocSz, key->heap, DYNAMIC_TYPE_DILITHIUM); if (s1 == NULL) { ret = MEMORY_E; } @@ -7347,7 +8929,7 @@ int wc_dilithium_check_key(dilithium_key* key) const byte* pub_seed = key->p; ret = dilithium_expand_a(&key->shake, pub_seed, params->k, - params->l, a); + params->l, a, key->heap); #ifdef WC_DILITHIUM_CACHE_MATRIX_A key->aSet = (ret == 0); #endif @@ -7400,8 +8982,10 @@ int wc_dilithium_check_key(dilithium_key* key) } } - /* Dispose of allocated memory. */ - XFREE(s1, NULL, DYNAMIC_TYPE_DILITHIUM); + if (key != NULL) { + /* Dispose of allocated memory. */ + XFREE(s1, key->heap, DYNAMIC_TYPE_DILITHIUM); + } #else /* Validate parameter. */ if (key == NULL) { @@ -7456,7 +9040,11 @@ int wc_dilithium_export_public(dilithium_key* key, byte* out, word32* outLen) if (ret == 0) { /* Get length passed in for checking. */ inLen = *outLen; - if (key->level == 2) { + #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT) + if (key->params == NULL) { + ret = BAD_FUNC_ARG; + } + else if (key->params->level == WC_ML_DSA_44_DRAFT) { /* Set out length. */ *outLen = DILITHIUM_LEVEL2_PUB_KEY_SIZE; /* Validate length passed in. */ @@ -7464,7 +9052,7 @@ int wc_dilithium_export_public(dilithium_key* key, byte* out, word32* outLen) ret = BUFFER_E; } } - else if (key->level == 3) { + else if (key->params->level == WC_ML_DSA_65_DRAFT) { /* Set out length. */ *outLen = DILITHIUM_LEVEL3_PUB_KEY_SIZE; /* Validate length passed in. */ @@ -7472,7 +9060,7 @@ int wc_dilithium_export_public(dilithium_key* key, byte* out, word32* outLen) ret = BUFFER_E; } } - else if (key->level == 5) { + else if (key->params->level == WC_ML_DSA_87_DRAFT) { /* Set out length. */ *outLen = DILITHIUM_LEVEL5_PUB_KEY_SIZE; /* Validate length passed in. */ @@ -7480,6 +9068,32 @@ int wc_dilithium_export_public(dilithium_key* key, byte* out, word32* outLen) ret = BUFFER_E; } } + else + #endif + if (key->level == WC_ML_DSA_44) { + /* Set out length. */ + *outLen = ML_DSA_LEVEL2_PUB_KEY_SIZE; + /* Validate length passed in. */ + if (inLen < ML_DSA_LEVEL2_PUB_KEY_SIZE) { + ret = BUFFER_E; + } + } + else if (key->level == WC_ML_DSA_65) { + /* Set out length. */ + *outLen = ML_DSA_LEVEL3_PUB_KEY_SIZE; + /* Validate length passed in. */ + if (inLen < ML_DSA_LEVEL3_PUB_KEY_SIZE) { + ret = BUFFER_E; + } + } + else if (key->level == WC_ML_DSA_87) { + /* Set out length. */ + *outLen = ML_DSA_LEVEL5_PUB_KEY_SIZE; + /* Validate length passed in. */ + if (inLen < ML_DSA_LEVEL5_PUB_KEY_SIZE) { + ret = BUFFER_E; + } + } else { /* Level not set. */ ret = BAD_FUNC_ARG; @@ -7518,24 +9132,48 @@ int wc_dilithium_import_public(const byte* in, word32 inLen, dilithium_key* key) ret = BAD_FUNC_ARG; } if (ret == 0) { - if (key->level == 2) { + #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT) + if (key->params == NULL) { + ret = BAD_FUNC_ARG; + } + else if (key->params->level == WC_ML_DSA_44_DRAFT) { /* Check length. */ if (inLen != DILITHIUM_LEVEL2_PUB_KEY_SIZE) { ret = BAD_FUNC_ARG; } } - else if (key->level == 3) { + else if (key->params->level == WC_ML_DSA_65_DRAFT) { /* Check length. */ if (inLen != DILITHIUM_LEVEL3_PUB_KEY_SIZE) { ret = BAD_FUNC_ARG; } } - else if (key->level == 5) { + else if (key->params->level == WC_ML_DSA_87_DRAFT) { /* Check length. */ if (inLen != DILITHIUM_LEVEL5_PUB_KEY_SIZE) { ret = BAD_FUNC_ARG; } } + else + #endif + if (key->level == WC_ML_DSA_44) { + /* Check length. */ + if (inLen != ML_DSA_LEVEL2_PUB_KEY_SIZE) { + ret = BAD_FUNC_ARG; + } + } + else if (key->level == WC_ML_DSA_65) { + /* Check length. */ + if (inLen != ML_DSA_LEVEL3_PUB_KEY_SIZE) { + ret = BAD_FUNC_ARG; + } + } + else if (key->level == WC_ML_DSA_87) { + /* Check length. */ + if (inLen != ML_DSA_LEVEL5_PUB_KEY_SIZE) { + ret = BAD_FUNC_ARG; + } + } else { /* Level not set. */ ret = BAD_FUNC_ARG; @@ -7550,40 +9188,44 @@ int wc_dilithium_import_public(const byte* in, word32 inLen, dilithium_key* key) key->p = in; #endif - #ifdef WC_DILITHIUM_CACHE_PUB_VECTORS +#ifdef WC_DILITHIUM_CACHE_PUB_VECTORS + #ifndef WC_DILITHIUM_FIXED_ARRAY /* Allocate t1 if required. */ if (key->t1 == NULL) { - key->t1 = (sword32*)XMALLOC(key->params->s2Sz, NULL, + key->t1 = (sword32*)XMALLOC(key->params->s2Sz, key->heap, DYNAMIC_TYPE_DILITHIUM); if (key->t1 == NULL) { ret = MEMORY_E; } } + #endif } if (ret == 0) { /* Compute t1 from public key data. */ dilithium_make_pub_vec(key, key->t1); - #endif - #ifdef WC_DILITHIUM_CACHE_MATRIX_A +#endif +#ifdef WC_DILITHIUM_CACHE_MATRIX_A + #ifndef WC_DILITHIUM_FIXED_ARRAY /* Allocate matrix a if required. */ if (key->a == NULL) { - key->a = (sword32*)XMALLOC(key->params->aSz, NULL, + key->a = (sword32*)XMALLOC(key->params->aSz, key->heap, DYNAMIC_TYPE_DILITHIUM); if (key->a == NULL) { ret = MEMORY_E; } } + #endif } if (ret == 0) { /* Compute matrix a from public key data. */ ret = dilithium_expand_a(&key->shake, key->p, key->params->k, - key->params->l, key->a); + key->params->l, key->a, key->heap); if (ret == 0) { key->aSet = 1; } } if (ret == 0) { - #endif +#endif /* Public key is set. */ key->pubKeySet = 1; } @@ -7614,9 +9256,9 @@ static int dilithium_set_priv_key(const byte* priv, word32 privSz, #endif /* Validate parameters. */ - if ((privSz != DILITHIUM_LEVEL2_KEY_SIZE) && - (privSz != DILITHIUM_LEVEL3_KEY_SIZE) && - (privSz != DILITHIUM_LEVEL5_KEY_SIZE)) { + if ((privSz != ML_DSA_LEVEL2_KEY_SIZE) && + (privSz != ML_DSA_LEVEL3_KEY_SIZE) && + (privSz != ML_DSA_LEVEL5_KEY_SIZE)) { ret = BAD_FUNC_ARG; } @@ -7631,39 +9273,44 @@ static int dilithium_set_priv_key(const byte* priv, word32 privSz, /* Allocate and create cached values. */ #ifdef WC_DILITHIUM_CACHE_MATRIX_A +#ifndef WC_DILITHIUM_FIXED_ARRAY if (ret == 0) { /* Allocate matrix a if required. */ if (key->a == NULL) { - key->a = (sword32*)XMALLOC(params->aSz, NULL, + key->a = (sword32*)XMALLOC(params->aSz, key->heap, DYNAMIC_TYPE_DILITHIUM); if (key->a == NULL) { ret = MEMORY_E; } } } +#endif if (ret == 0) { /* Compute matrix a from private key data. */ ret = dilithium_expand_a(&key->shake, key->k, params->k, params->l, - key->a); + key->a, key->heap); if (ret == 0) { key->aSet = 1; } } #endif #ifdef WC_DILITHIUM_CACHE_PRIV_VECTORS +#ifndef WC_DILITHIUM_FIXED_ARRAY if ((ret == 0) && (key->s1 == NULL)) { /* Allocate L vector s1, K vector s2 and K vector t0 if required. */ key->s1 = (sword32*)XMALLOC(params->s1Sz + params->s2Sz + params->s2Sz, - NULL, DYNAMIC_TYPE_DILITHIUM); - if (key->s1 == NULL) { + key->heap, DYNAMIC_TYPE_DILITHIUM); + if (key->s1 == NULL) { ret = MEMORY_E; } + if (ret == 0) { + /* Set pointers into allocated memory. */ + key->s2 = key->s1 + params->s1Sz / sizeof(*key->s1); + key->t0 = key->s2 + params->s2Sz / sizeof(*key->s2); + } } +#endif if (ret == 0) { - /* Set pointers into allocated memory. */ - key->s2 = key->s1 + params->s1Sz / sizeof(*key->s1); - key->t0 = key->s2 + params->s2Sz / sizeof(*key->s2); - /* Compute vectors from private key. */ dilithium_make_priv_vecs(key, key->s1, key->s2, key->t0); } @@ -7694,8 +9341,8 @@ int wc_dilithium_import_private(const byte* priv, word32 privSz, if ((priv == NULL) || (key == NULL)) { ret = BAD_FUNC_ARG; } - if ((ret == 0) && (key->level != 2) && (key->level != 3) && - (key->level != 5)) { + if ((ret == 0) && (key->level != WC_ML_DSA_44) && + (key->level != WC_ML_DSA_65) && (key->level != WC_ML_DSA_87)) { ret = BAD_FUNC_ARG; } @@ -7731,8 +9378,8 @@ int wc_dilithium_import_key(const byte* priv, word32 privSz, if ((pub == NULL) && (pubSz != 0)) { ret = BAD_FUNC_ARG; } - if ((ret == 0) && (key->level != 2) && (key->level != 3) && - (key->level != 5)) { + if ((ret == 0) && (key->level != WC_ML_DSA_44) && + (key->level != WC_ML_DSA_65) && (key->level != WC_ML_DSA_87)) { ret = BAD_FUNC_ARG; } @@ -7777,15 +9424,30 @@ int wc_dilithium_export_private(dilithium_key* key, byte* out, if (ret == 0) { inLen = *outLen; /* check and set up out length */ - if (key->level == 2) { + #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT) + if (key->params == NULL) { + ret = BAD_FUNC_ARG; + } + else if (key->params->level == WC_ML_DSA_44_DRAFT) { *outLen = DILITHIUM_LEVEL2_KEY_SIZE; } - else if (key->level == 3) { + else if (key->params->level == WC_ML_DSA_65_DRAFT) { *outLen = DILITHIUM_LEVEL3_KEY_SIZE; } - else if (key->level == 5) { + else if (key->params->level == WC_ML_DSA_87_DRAFT) { *outLen = DILITHIUM_LEVEL5_KEY_SIZE; } + else + #endif + if (key->level == WC_ML_DSA_44) { + *outLen = ML_DSA_LEVEL2_KEY_SIZE; + } + else if (key->level == WC_ML_DSA_65) { + *outLen = ML_DSA_LEVEL3_KEY_SIZE; + } + else if (key->level == WC_ML_DSA_87) { + *outLen = ML_DSA_LEVEL5_KEY_SIZE; + } else { /* Level not set. */ ret = BAD_FUNC_ARG; @@ -7870,15 +9532,30 @@ int wc_Dilithium_PrivateKeyDecode(const byte* input, word32* inOutIdx, if (ret == 0) { /* Get OID sum for level. */ - if (key->level == 2) { + #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT) + if (key->params == NULL) { + ret = BAD_FUNC_ARG; + } + else if (key->params->level == WC_ML_DSA_44_DRAFT) { keytype = DILITHIUM_LEVEL2k; } - else if (key->level == 3) { + else if (key->params->level == WC_ML_DSA_65_DRAFT) { keytype = DILITHIUM_LEVEL3k; } - else if (key->level == 5) { + else if (key->params->level == WC_ML_DSA_87_DRAFT) { keytype = DILITHIUM_LEVEL5k; } + else + #endif + if (key->level == WC_ML_DSA_44) { + keytype = ML_DSA_LEVEL2k; + } + else if (key->level == WC_ML_DSA_65) { + keytype = ML_DSA_LEVEL3k; + } + else if (key->level == WC_ML_DSA_87) { + keytype = ML_DSA_LEVEL5k; + } else { /* Level not set. */ ret = BAD_FUNC_ARG; @@ -7892,24 +9569,48 @@ int wc_Dilithium_PrivateKeyDecode(const byte* input, word32* inOutIdx, } if ((ret == 0) && (pubKey == NULL) && (pubKeyLen == 0)) { /* Check if the public key is included in the private key. */ - if ((key->level == 2) && + #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT) + if (key->params == NULL) { + ret = BAD_FUNC_ARG; + } + else if ((key->params->level == WC_ML_DSA_44_DRAFT) && (privKeyLen == DILITHIUM_LEVEL2_PRV_KEY_SIZE)) { pubKey = privKey + DILITHIUM_LEVEL2_KEY_SIZE; pubKeyLen = DILITHIUM_LEVEL2_PUB_KEY_SIZE; privKeyLen -= DILITHIUM_LEVEL2_PUB_KEY_SIZE; } - else if ((key->level == 3) && + else if ((key->params->level == WC_ML_DSA_65_DRAFT) && (privKeyLen == DILITHIUM_LEVEL3_PRV_KEY_SIZE)) { pubKey = privKey + DILITHIUM_LEVEL3_KEY_SIZE; pubKeyLen = DILITHIUM_LEVEL3_PUB_KEY_SIZE; privKeyLen -= DILITHIUM_LEVEL3_PUB_KEY_SIZE; } - else if ((key->level == 5) && + else if ((key->params->level == WC_ML_DSA_87_DRAFT) && (privKeyLen == DILITHIUM_LEVEL5_PRV_KEY_SIZE)) { pubKey = privKey + DILITHIUM_LEVEL5_KEY_SIZE; pubKeyLen = DILITHIUM_LEVEL5_PUB_KEY_SIZE; privKeyLen -= DILITHIUM_LEVEL5_PUB_KEY_SIZE; } + else + #endif + if ((key->level == WC_ML_DSA_44) && + (privKeyLen == ML_DSA_LEVEL2_PRV_KEY_SIZE)) { + pubKey = privKey + ML_DSA_LEVEL2_KEY_SIZE; + pubKeyLen = ML_DSA_LEVEL2_PUB_KEY_SIZE; + privKeyLen -= ML_DSA_LEVEL2_PUB_KEY_SIZE; + } + else if ((key->level == WC_ML_DSA_65) && + (privKeyLen == ML_DSA_LEVEL3_PRV_KEY_SIZE)) { + pubKey = privKey + ML_DSA_LEVEL3_KEY_SIZE; + pubKeyLen = ML_DSA_LEVEL3_PUB_KEY_SIZE; + privKeyLen -= ML_DSA_LEVEL3_PUB_KEY_SIZE; + } + else if ((key->level == WC_ML_DSA_87) && + (privKeyLen == ML_DSA_LEVEL5_PRV_KEY_SIZE)) { + pubKey = privKey + ML_DSA_LEVEL5_KEY_SIZE; + pubKeyLen = ML_DSA_LEVEL5_PUB_KEY_SIZE; + privKeyLen -= ML_DSA_LEVEL5_PUB_KEY_SIZE; + } } if (ret == 0) { @@ -7938,8 +9639,118 @@ int wc_Dilithium_PrivateKeyDecode(const byte* input, word32* inOutIdx, #endif /* WOLFSSL_DILITHIUM_PRIVATE_KEY */ +#endif /* WOLFSSL_DILITHIUM_NO_ASN1 */ + #ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY +#if defined(WOLFSSL_DILITHIUM_NO_ASN1) +#ifndef WOLFSSL_NO_ML_DSA_44 +static unsigned char ml_dsa_oid_44[] = { + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x11 +}; +#if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT) +static unsigned char dilithium_oid_44[] = { + 0x2b, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0b, + 0x0c, 0x04, 0x04 +}; +#endif +#endif +#ifndef WOLFSSL_NO_ML_DSA_65 +static unsigned char ml_dsa_oid_65[] = { + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x12 +}; +#if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT) +static unsigned char dilithium_oid_65[] = { + 0x2b, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0b, + 0x0c, 0x06, 0x05 +}; +#endif +#endif +#ifndef WOLFSSL_NO_ML_DSA_87 +static unsigned char ml_dsa_oid_87[] = { + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x13 +}; +#if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT) +static unsigned char dilithium_oid_87[] = { + 0x2b, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0b, + 0x0c, 0x08, 0x07 +}; +#endif +#endif + +static int dilitihium_get_der_length(const byte* input, word32* inOutIdx, + int *length, word32 inSz) +{ + int ret = 0; + word32 idx = *inOutIdx; + word32 len = 0; + + if (idx >= inSz) { + ret = ASN_PARSE_E; + } + else if (input[idx] < 0x80) { + len = input[idx]; + idx++; + } + else if ((input[idx] == 0x80) || (input[idx] >= 0x83)) { + ret = ASN_PARSE_E; + } + else if (input[idx] == 0x81) { + if (idx + 1 >= inSz) { + ret = ASN_PARSE_E; + } + else if (input[idx + 1] < 0x80) { + ret = ASN_PARSE_E; + } + else { + len = input[idx + 1]; + idx += 2; + } + } + else if (input[idx] == 0x82) { + if (idx + 2 >= inSz) { + ret = ASN_PARSE_E; + } + else { + len = ((word16)input[idx + 1] << 8) + input[idx + 2]; + idx += 3; + if (len < 0x100) { + ret = ASN_PARSE_E; + } + } + } + + if ((ret == 0) && ((idx + len) > inSz)) { + ret = ASN_PARSE_E; + } + + *length = (int)len; + *inOutIdx = idx; + return ret; +} + +static int dilithium_check_type(const byte* input, word32* inOutIdx, byte type, + word32 inSz) +{ + int ret = 0; + word32 idx = *inOutIdx; + + if (idx >= inSz) { + ret = ASN_PARSE_E; + } + else if (input[idx] != type){ + ret = ASN_PARSE_E; + } + else { + idx++; + } + + *inOutIdx = idx; + return ret; +} + +#endif /* WOLFSSL_DILITHIUM_NO_ASN1 */ + /* Decode the DER encoded Dilithium public key. * * @param [in] input Array holding DER encoded data. @@ -7958,7 +9769,6 @@ int wc_Dilithium_PublicKeyDecode(const byte* input, word32* inOutIdx, int ret = 0; const byte* pubKey; word32 pubKeyLen = 0; - int keytype = 0; /* Validate parameters. */ if ((input == NULL) || (inOutIdx == NULL) || (key == NULL) || (inSz == 0)) { @@ -7969,19 +9779,44 @@ int wc_Dilithium_PublicKeyDecode(const byte* input, word32* inOutIdx, /* Try to import the key directly. */ ret = wc_dilithium_import_public(input, inSz, key); if (ret != 0) { + #if !defined(WOLFSSL_DILITHIUM_NO_ASN1) + int keytype = 0; + #else + int length; + unsigned char* oid; + int oidLen; + word32 idx = 0; + #endif + /* Start again. */ ret = 0; + #if !defined(WOLFSSL_DILITHIUM_NO_ASN1) /* Get OID sum for level. */ - if (key->level == 2) { + #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT) + if (key->params == NULL) { + ret = BAD_FUNC_ARG; + } + else if (key->params->level == WC_ML_DSA_44_DRAFT) { keytype = DILITHIUM_LEVEL2k; } - else if (key->level == 3) { + else if (key->params->level == WC_ML_DSA_65_DRAFT) { keytype = DILITHIUM_LEVEL3k; } - else if (key->level == 5) { + else if (key->params->level == WC_ML_DSA_87_DRAFT) { keytype = DILITHIUM_LEVEL5k; } + else + #endif + if (key->level == WC_ML_DSA_44) { + keytype = ML_DSA_LEVEL2k; + } + else if (key->level == WC_ML_DSA_65) { + keytype = ML_DSA_LEVEL3k; + } + else if (key->level == WC_ML_DSA_87) { + keytype = ML_DSA_LEVEL5k; + } else { /* Level not set. */ ret = BAD_FUNC_ARG; @@ -7991,6 +9826,104 @@ int wc_Dilithium_PublicKeyDecode(const byte* input, word32* inOutIdx, ret = DecodeAsymKeyPublic_Assign(input, inOutIdx, inSz, &pubKey, &pubKeyLen, keytype); } + #else + /* Get OID sum for level. */ + #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT) + if (key->params == NULL) { + ret = BAD_FUNC_ARG; + } + else + #ifndef WOLFSSL_NO_ML_DSA_44 + if (key->params->level == WC_ML_DSA_44_DRAFT) { + oid = dilithium_oid_44; + oidLen = (int)sizeof(dilithium_oid_44); + } + else + #endif + #ifndef WOLFSSL_NO_ML_DSA_65 + if (key->params->level == WC_ML_DSA_65_DRAFT) { + oid = dilithium_oid_65; + oidLen = (int)sizeof(dilithium_oid_65); + } + else + #endif + #ifndef WOLFSSL_NO_ML_DSA_87 + if (key->params->level == WC_ML_DSA_87_DRAFT) { + oid = dilithium_oid_87; + oidLen = (int)sizeof(dilithium_oid_87); + } + else + #endif + #endif + #ifndef WOLFSSL_NO_ML_DSA_44 + if (key->level == WC_ML_DSA_44) { + oid = ml_dsa_oid_44; + oidLen = (int)sizeof(ml_dsa_oid_44); + } + else + #endif + #ifndef WOLFSSL_NO_ML_DSA_65 + if (key->level == WC_ML_DSA_65) { + oid = ml_dsa_oid_65; + oidLen = (int)sizeof(ml_dsa_oid_65); + } + else + #endif + #ifndef WOLFSSL_NO_ML_DSA_87 + if (key->level == WC_ML_DSA_87) { + oid = ml_dsa_oid_87; + oidLen = (int)sizeof(ml_dsa_oid_87); + } + else + #endif + { + /* Level not set. */ + ret = BAD_FUNC_ARG; + } + if (ret == 0) { + ret = dilithium_check_type(input, &idx, 0x30, inSz); + } + if (ret == 0) { + ret = dilitihium_get_der_length(input, &idx, &length, inSz); + } + if (ret == 0) { + ret = dilithium_check_type(input, &idx, 0x30, inSz); + } + if (ret == 0) { + ret = dilitihium_get_der_length(input, &idx, &length, inSz); + } + if (ret == 0) { + ret = dilithium_check_type(input, &idx, 0x06, inSz); + } + if (ret == 0) { + ret = dilitihium_get_der_length(input, &idx, &length, inSz); + } + if (ret == 0) { + if ((length != oidLen) || + (XMEMCMP(input + idx, oid, oidLen) != 0)) { + ret = ASN_PARSE_E; + } + idx += oidLen; + } + if (ret == 0) { + ret = dilithium_check_type(input, &idx, 0x03, inSz); + } + if (ret == 0) { + ret = dilitihium_get_der_length(input, &idx, &length, inSz); + } + if (ret == 0) { + if ((input[idx] != 0) || (length == 0)) { + ret = ASN_PARSE_E; + } + idx++; + length--; + } + if (ret == 0) { + /* This is the raw point data compressed or uncompressed. */ + pubKeyLen = (word32)length; + pubKey = input + idx; + } + #endif if (ret == 0) { /* Import public key data. */ ret = wc_dilithium_import_public(pubKey, pubKeyLen, key); @@ -8000,6 +9933,8 @@ int wc_Dilithium_PublicKeyDecode(const byte* input, word32* inOutIdx, return ret; } +#ifndef WOLFSSL_DILITHIUM_NO_ASN1 + #ifdef WC_ENABLE_ASYM_KEY_EXPORT /* Encode the public part of a Dilithium key in DER. * @@ -8031,18 +9966,36 @@ int wc_Dilithium_PublicKeyToDer(dilithium_key* key, byte* output, word32 len, if (ret == 0) { /* Get OID and length for level. */ - if (key->level == 2) { + #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT) + if (key->params == NULL) { + ret = BAD_FUNC_ARG; + } + else if (key->params->level == WC_ML_DSA_44_DRAFT) { keytype = DILITHIUM_LEVEL2k; pubKeyLen = DILITHIUM_LEVEL2_PUB_KEY_SIZE; } - else if (key->level == 3) { + else if (key->params->level == WC_ML_DSA_65_DRAFT) { keytype = DILITHIUM_LEVEL3k; pubKeyLen = DILITHIUM_LEVEL3_PUB_KEY_SIZE; } - else if (key->level == 5) { + else if (key->params->level == WC_ML_DSA_87_DRAFT) { keytype = DILITHIUM_LEVEL5k; pubKeyLen = DILITHIUM_LEVEL5_PUB_KEY_SIZE; } + else + #endif + if (key->level == WC_ML_DSA_44) { + keytype = ML_DSA_LEVEL2k; + pubKeyLen = ML_DSA_LEVEL2_PUB_KEY_SIZE; + } + else if (key->level == WC_ML_DSA_65) { + keytype = ML_DSA_LEVEL3k; + pubKeyLen = ML_DSA_LEVEL3_PUB_KEY_SIZE; + } + else if (key->level == WC_ML_DSA_87) { + keytype = ML_DSA_LEVEL5k; + pubKeyLen = ML_DSA_LEVEL5_PUB_KEY_SIZE; + } else { /* Level not set. */ ret = BAD_FUNC_ARG; @@ -8058,10 +10011,14 @@ int wc_Dilithium_PublicKeyToDer(dilithium_key* key, byte* output, word32 len, } #endif /* WC_ENABLE_ASYM_KEY_EXPORT */ +#endif /* !WOLFSSL_DILITHIUM_NO_ASN1 */ + #endif /* WOLFSSL_DILITHIUM_PUBLIC_KEY */ #ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY +#ifndef WOLFSSL_DILITHIUM_NO_ASN1 + #ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY /* Encode the private and public data of a Dilithium key in DER. * @@ -8076,23 +10033,41 @@ int wc_Dilithium_PublicKeyToDer(dilithium_key* key, byte* output, word32 len, */ int wc_Dilithium_KeyToDer(dilithium_key* key, byte* output, word32 len) { - int ret = BAD_FUNC_ARG; + int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG); /* Validate parameters and check public and private key set. */ if ((key != NULL) && key->prvKeySet && key->pubKeySet) { /* Create DER for level. */ - if (key->level == 2) { + #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT) + if (key->params == NULL) { + ret = BAD_FUNC_ARG; + } + else if (key->params->level == WC_ML_DSA_44_DRAFT) { ret = SetAsymKeyDer(key->k, DILITHIUM_LEVEL2_KEY_SIZE, key->p, DILITHIUM_LEVEL2_PUB_KEY_SIZE, output, len, DILITHIUM_LEVEL2k); } - else if (key->level == 3) { + else if (key->params->level == WC_ML_DSA_65_DRAFT) { ret = SetAsymKeyDer(key->k, DILITHIUM_LEVEL3_KEY_SIZE, key->p, DILITHIUM_LEVEL3_PUB_KEY_SIZE, output, len, DILITHIUM_LEVEL3k); } - else if (key->level == 5) { + else if (key->params->level == WC_ML_DSA_87_DRAFT) { ret = SetAsymKeyDer(key->k, DILITHIUM_LEVEL5_KEY_SIZE, key->p, DILITHIUM_LEVEL5_PUB_KEY_SIZE, output, len, DILITHIUM_LEVEL5k); } + else + #endif + if (key->level == WC_ML_DSA_44) { + ret = SetAsymKeyDer(key->k, ML_DSA_LEVEL2_KEY_SIZE, key->p, + ML_DSA_LEVEL2_PUB_KEY_SIZE, output, len, ML_DSA_LEVEL2k); + } + else if (key->level == WC_ML_DSA_65) { + ret = SetAsymKeyDer(key->k, ML_DSA_LEVEL3_KEY_SIZE, key->p, + ML_DSA_LEVEL3_PUB_KEY_SIZE, output, len, ML_DSA_LEVEL3k); + } + else if (key->level == WC_ML_DSA_87) { + ret = SetAsymKeyDer(key->k, ML_DSA_LEVEL5_KEY_SIZE, key->p, + ML_DSA_LEVEL5_PUB_KEY_SIZE, output, len, ML_DSA_LEVEL5k); + } } return ret; @@ -8112,30 +10087,48 @@ int wc_Dilithium_KeyToDer(dilithium_key* key, byte* output, word32 len) */ int wc_Dilithium_PrivateKeyToDer(dilithium_key* key, byte* output, word32 len) { - int ret = BAD_FUNC_ARG; + int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG); /* Validate parameters and check private key set. */ if ((key != NULL) && key->prvKeySet) { /* Create DER for level. */ - if (key->level == 2) { + #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT) + if (key->params == NULL) { + ret = BAD_FUNC_ARG; + } + else if (key->params->level == WC_ML_DSA_44_DRAFT) { ret = SetAsymKeyDer(key->k, DILITHIUM_LEVEL2_KEY_SIZE, NULL, 0, output, len, DILITHIUM_LEVEL2k); } - else if (key->level == 3) { + else if (key->params->level == WC_ML_DSA_65_DRAFT) { ret = SetAsymKeyDer(key->k, DILITHIUM_LEVEL3_KEY_SIZE, NULL, 0, output, len, DILITHIUM_LEVEL3k); } - else if (key->level == 5) { + else if (key->params->level == WC_ML_DSA_87_DRAFT) { ret = SetAsymKeyDer(key->k, DILITHIUM_LEVEL5_KEY_SIZE, NULL, 0, output, len, DILITHIUM_LEVEL5k); } + else + #endif + if (key->level == WC_ML_DSA_44) { + ret = SetAsymKeyDer(key->k, ML_DSA_LEVEL2_KEY_SIZE, NULL, 0, output, + len, ML_DSA_LEVEL2k); + } + else if (key->level == WC_ML_DSA_65) { + ret = SetAsymKeyDer(key->k, ML_DSA_LEVEL3_KEY_SIZE, NULL, 0, output, + len, ML_DSA_LEVEL3k); + } + else if (key->level == WC_ML_DSA_87) { + ret = SetAsymKeyDer(key->k, ML_DSA_LEVEL5_KEY_SIZE, NULL, 0, output, + len, ML_DSA_LEVEL5k); + } } return ret; } -#endif /* WOLFSSL_DILITHIUM_PRIVATE_KEY */ - #endif /* WOLFSSL_DILITHIUM_NO_ASN1 */ +#endif /* WOLFSSL_DILITHIUM_PRIVATE_KEY */ + #endif /* HAVE_DILITHIUM */ diff --git a/src/wolfcrypt/src/dsa.c b/src/wolfcrypt/src/dsa.c index c1606b3..6ed4435 100644 --- a/src/wolfcrypt/src/dsa.c +++ b/src/wolfcrypt/src/dsa.c @@ -1,6 +1,6 @@ /* dsa.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -542,7 +542,7 @@ int wc_DsaExportParamsRaw(DsaKey* dsa, byte* p, word32* pSz, *pSz = pLen; *qSz = qLen; *gSz = gLen; - return LENGTH_ONLY_E; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if (p == NULL || q == NULL || g == NULL) @@ -616,7 +616,7 @@ int wc_DsaExportKeyRaw(DsaKey* dsa, byte* x, word32* xSz, byte* y, word32* ySz) if (x == NULL && y == NULL) { *xSz = xLen; *ySz = yLen; - return LENGTH_ONLY_E; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if (x == NULL || y == NULL) diff --git a/src/wolfcrypt/src/ecc.c b/src/wolfcrypt/src/ecc.c index ee1e7b7..da6505c 100644 --- a/src/wolfcrypt/src/ecc.c +++ b/src/wolfcrypt/src/ecc.c @@ -1,6 +1,6 @@ /* ecc.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -236,14 +236,6 @@ ECC Curve Sizes: #define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING #endif -#if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL) - #define GEN_MEM_ERR MP_MEM -#elif defined(USE_FAST_MATH) - #define GEN_MEM_ERR FP_MEM -#else - #define GEN_MEM_ERR MP_MEM -#endif - #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \ !defined(WOLFSSL_KCAPI_ECC) && !defined(WOLFSSL_SE050) && \ @@ -864,6 +856,14 @@ enum { /* This holds the key settings. ***MUST*** be organized by size from smallest to largest. */ +#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0) + #undef ecc_sets + #undef ecc_sets_count +#endif + +#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0) +static +#endif const ecc_set_type ecc_sets[] = { #ifdef ECC112 #ifndef NO_ECC_SECP @@ -1407,8 +1407,17 @@ const ecc_set_type ecc_sets[] = { } }; #define ECC_SET_COUNT (sizeof(ecc_sets)/sizeof(ecc_set_type)) +#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0) +static +#endif const size_t ecc_sets_count = ECC_SET_COUNT - 1; +const ecc_set_type *wc_ecc_get_sets(void) { + return ecc_sets; +} +size_t wc_ecc_get_sets_count(void) { + return ecc_sets_count; +} #ifdef HAVE_OID_ENCODING /* encoded OID cache */ @@ -1417,7 +1426,13 @@ const size_t ecc_sets_count = ECC_SET_COUNT - 1; byte oid[ECC_MAX_OID_LEN]; } oid_cache_t; static oid_cache_t ecc_oid_cache[ECC_SET_COUNT]; + + static wolfSSL_Mutex ecc_oid_cache_lock + WOLFSSL_MUTEX_INITIALIZER_CLAUSE(ecc_oid_cache_lock); +#ifndef WOLFSSL_MUTEX_INITIALIZER + static volatile int eccOidLockInit = 0; #endif +#endif /* HAVE_OID_ENCODING */ /* Forward declarations */ #if defined(HAVE_COMP_KEY) && defined(HAVE_ECC_KEY_EXPORT) @@ -2491,8 +2506,7 @@ static int _ecc_projective_dbl_point(ecc_point *P, ecc_point *R, mp_int* a, } if (err == MP_OKAY && mp_iszero((MP_INT_SIZE*)t2)) { /* T2 = X * X */ - if (err == MP_OKAY) - err = mp_sqr(x, t2); + err = mp_sqr(x, t2); if (err == MP_OKAY) err = mp_montgomery_reduce(t2, modulus, mp); /* T1 = T2 + T1 */ @@ -2506,8 +2520,7 @@ static int _ecc_projective_dbl_point(ecc_point *P, ecc_point *R, mp_int* a, /* use "a" in calc */ /* T2 = T1 * T1 */ - if (err == MP_OKAY) - err = mp_sqr(t1, t2); + err = mp_sqr(t1, t2); if (err == MP_OKAY) err = mp_montgomery_reduce(t2, modulus, mp); /* T1 = T2 * a */ @@ -2904,7 +2917,7 @@ int ecc_map_ex(ecc_point* P, mp_int* modulus, mp_digit mp, int ct) if ((mp_count_bits(modulus) == 256) && (!mp_is_bit_set(modulus, 224))) { err = sp_ecc_map_sm2_256(P->x, P->y, P->z); } -#elif defined(WOLFSSL_SP_NO_256) +#elif !defined(WOLFSSL_SP_NO_256) if (mp_count_bits(modulus) == 256) { err = sp_ecc_map_256(P->x, P->y, P->z); } @@ -3653,17 +3666,12 @@ static void ecc_key_tmp_final(ecc_key* key, void* heap) FREE_MP_INT_SIZE(key->t1, heap, DYNAMIC_TYPE_ECC); #else #ifdef ALT_ECC_SIZE - if (key->z != NULL) - XFREE(key->z, heap, DYNAMIC_TYPE_ECC); - if (key->y != NULL) - XFREE(key->y, heap, DYNAMIC_TYPE_ECC); - if (key->x != NULL) - XFREE(key->x, heap, DYNAMIC_TYPE_ECC); + XFREE(key->z, heap, DYNAMIC_TYPE_ECC); + XFREE(key->y, heap, DYNAMIC_TYPE_ECC); + XFREE(key->x, heap, DYNAMIC_TYPE_ECC); #endif - if (key->t2 != NULL) - XFREE(key->t2, heap, DYNAMIC_TYPE_ECC); - if (key->t1 != NULL) - XFREE(key->t1, heap, DYNAMIC_TYPE_ECC); + XFREE(key->t2, heap, DYNAMIC_TYPE_ECC); + XFREE(key->t1, heap, DYNAMIC_TYPE_ECC); #endif } #endif /* WOLFSSL_SMALL_STACK_CACHE */ @@ -4084,24 +4092,24 @@ static int wc_ecc_new_point_ex(ecc_point** point, void* heap) } p = *point; -#ifndef WOLFSSL_NO_MALLOC if (p == NULL) { p = (ecc_point*)XMALLOC(sizeof(ecc_point), heap, DYNAMIC_TYPE_ECC); } -#endif if (p == NULL) { return MEMORY_E; } XMEMSET(p, 0, sizeof(ecc_point)); + if (*point == NULL) + p->isAllocated = 1; + #ifndef ALT_ECC_SIZE err = mp_init_multi(p->x, p->y, p->z, NULL, NULL, NULL); if (err != MP_OKAY) { WOLFSSL_MSG("mp_init_multi failed."); - #ifndef WOLFSSL_NO_MALLOC - XFREE(p, heap, DYNAMIC_TYPE_ECC); - #endif - return err; + if (p->isAllocated) + XFREE(p, heap, DYNAMIC_TYPE_ECC); + p = NULL; } #else p->x = (mp_int*)&p->xyz[0]; @@ -4140,9 +4148,8 @@ static void wc_ecc_del_point_ex(ecc_point* p, void* heap) mp_clear(p->x); mp_clear(p->y); mp_clear(p->z); - #ifndef WOLFSSL_NO_MALLOC - XFREE(p, heap, DYNAMIC_TYPE_ECC); - #endif + if (p->isAllocated) + XFREE(p, heap, DYNAMIC_TYPE_ECC); } (void)heap; } @@ -4255,7 +4262,7 @@ int wc_ecc_get_curve_idx(int curve_id) int wc_ecc_get_curve_id(int curve_idx) { - if (wc_ecc_is_valid_idx(curve_idx)) { + if (wc_ecc_is_valid_idx(curve_idx) && curve_idx >= 0) { return ecc_sets[curve_idx].id; } return ECC_CURVE_INVALID; @@ -4547,13 +4554,11 @@ int wc_ecc_get_curve_id_from_oid(const byte* oid, word32 len) } #endif -#if !defined(HAVE_OID_ENCODING) && !defined(HAVE_OID_DECODING) if (len == 0) { /* SAKKE has zero oidSz and will otherwise match with len==0. */ WOLFSSL_MSG("zero oidSz"); return ECC_CURVE_INVALID; } -#endif for (curve_idx = 0; ecc_sets[curve_idx].size != 0; curve_idx++) { #if defined(HAVE_OID_ENCODING) && !defined(HAVE_OID_DECODING) @@ -4981,8 +4986,7 @@ int wc_ecc_shared_secret_gen_sync(ecc_key* private_key, ecc_point* point, if (k == k_lcl) mp_clear(k); #ifdef WOLFSSL_SMALL_STACK - if (k_lcl != NULL) - XFREE(k_lcl, private_key->heap, DYNAMIC_TYPE_ECC_BUFFER); + XFREE(k_lcl, private_key->heap, DYNAMIC_TYPE_ECC_BUFFER); #endif #endif @@ -5526,7 +5530,7 @@ static int ecc_make_pub_ex(ecc_key* key, ecc_curve_spec* curve, /* Map in a separate call as this should be constant time */ err = wc_ecc_mulmod_ex2(ecc_get_k(key), base, pub, curve->Af, curve->prime, curve->order, rng, 0, key->heap); - if (err == MP_MEM) { + if (err == WC_NO_ERR_TRACE(MP_MEM)) { err = MEMORY_E; } } @@ -5542,7 +5546,7 @@ static int ecc_make_pub_ex(ecc_key* key, ecc_curve_spec* curve, if (err != MP_OKAY #ifdef WOLFSSL_ASYNC_CRYPT - && err != WC_PENDING_E + && err != WC_NO_ERR_TRACE(WC_PENDING_E) #endif ) { /* clean up if failed */ @@ -5996,7 +6000,7 @@ static int _ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, if (err == MP_OKAY #ifdef WOLFSSL_ASYNC_CRYPT - || err == WC_PENDING_E + || err == WC_NO_ERR_TRACE(WC_PENDING_E) #endif ) { key->type = ECC_PRIVATEKEY; @@ -6395,9 +6399,6 @@ static int wc_ecc_get_curve_order_bit_count(const ecc_set_type* dp) #ifdef HAVE_ECC_SIGN -#ifndef NO_ASN - - #if defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \ defined(PLUTON_CRYPTO_ECC) || defined(WOLFSSL_CRYPTOCELL) || \ defined(WOLFSSL_SILABS_SE_ACCEL) || defined(WOLFSSL_KCAPI_ECC) || \ @@ -6722,6 +6723,9 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen, DECL_MP_INT_SIZE_DYN(r, ECC_KEY_MAX_BITS(key), MAX_ECC_BITS_USE); DECL_MP_INT_SIZE_DYN(s, ECC_KEY_MAX_BITS(key), MAX_ECC_BITS_USE); #endif +#ifdef NO_ASN + word32 keySz; +#endif if (in == NULL || out == NULL || outlen == NULL || key == NULL) { return ECC_BAD_ARG_E; @@ -6758,17 +6762,17 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen, #else NEW_MP_INT_SIZE(r, ECC_KEY_MAX_BITS_NONULLCHECK(key), key->heap, DYNAMIC_TYPE_ECC); -#ifdef MP_INT_SIZE_CHECK_NULL + #ifdef MP_INT_SIZE_CHECK_NULL if (r == NULL) return MEMORY_E; -#endif + #endif NEW_MP_INT_SIZE(s, ECC_KEY_MAX_BITS_NONULLCHECK(key), key->heap, DYNAMIC_TYPE_ECC); -#ifdef MP_INT_SIZE_CHECK_NULL + #ifdef MP_INT_SIZE_CHECK_NULL if (s == NULL) { FREE_MP_INT_SIZE(r, key->heap, DYNAMIC_TYPE_ECC); return MEMORY_E; } -#endif + #endif err = INIT_MP_INT_SIZE(r, ECC_KEY_MAX_BITS_NONULLCHECK(key)); if (err != 0) { @@ -6800,8 +6804,26 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen, return err; } +#ifndef NO_ASN /* encoded with DSA header */ err = StoreECC_DSA_Sig(out, outlen, r, s); +#else + /* No support for DSA ASN.1 header. + * Signature will be r+s directly. */ + keySz = 0; + if (key->dp != NULL) { + keySz = (word32)key->dp->size; + } + if (keySz <= 0) { + WOLFSSL_MSG("Error: ECDSA sign raw signature size"); + return WC_NO_ERR_TRACE(ECC_BAD_ARG_E); + } + *outlen = keySz * 2; + + /* Export signature into r,s */ + mp_to_unsigned_bin_len(r, out, keySz); + mp_to_unsigned_bin_len(s, out + keySz, keySz); +#endif /* !NO_ASN */ /* cleanup */ mp_clear(r); @@ -6813,7 +6835,6 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen, return err; #endif /* !WOLF_CRYPTO_CB_ONLY_ECC */ } -#endif /* !NO_ASN */ #if defined(WOLFSSL_ECDSA_DETERMINISTIC_K) || \ defined(WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT) @@ -6837,13 +6858,17 @@ static int deterministic_sign_helper(const byte* in, word32 inlen, ecc_key* key) if (key->sign_k == NULL) { key->sign_k = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_ECC); + if (key->sign_k != NULL) { + err = mp_init(key->sign_k); + if (err != MP_OKAY) { + XFREE(key->sign_k, key->heap, DYNAMIC_TYPE_ECC); + key->sign_k = NULL; + } + } } - if (key->sign_k != NULL) { - /* currently limiting to SHA256 for auto create */ - if (mp_init(key->sign_k) != MP_OKAY || - wc_ecc_gen_deterministic_k(in, inlen, - WC_HASH_TYPE_SHA256, ecc_get_k(key), key->sign_k, + if (wc_ecc_gen_deterministic_k(in, inlen, + key->hashType, ecc_get_k(key), key->sign_k, curve->order, key->heap) != 0) { mp_free(key->sign_k); XFREE(key->sign_k, key->heap, DYNAMIC_TYPE_ECC); @@ -6861,8 +6886,7 @@ static int deterministic_sign_helper(const byte* in, word32 inlen, ecc_key* key) } #else key->sign_k_set = 0; - /* currently limiting to SHA256 for auto create */ - if (wc_ecc_gen_deterministic_k(in, inlen, WC_HASH_TYPE_SHA256, + if (wc_ecc_gen_deterministic_k(in, inlen, key->hashType, ecc_get_k(key), key->sign_k, curve->order, key->heap) != 0) { err = ECC_PRIV_KEY_E; } @@ -7479,7 +7503,7 @@ static int _HMAC_K(byte* K, word32 KSz, byte* V, word32 VSz, Hmac hmac; int ret, init; - ret = init = wc_HmacInit(&hmac, heap, 0); + ret = init = wc_HmacInit(&hmac, heap, INVALID_DEVID); if (ret == 0) ret = wc_HmacSetKey(&hmac, hashType, K, KSz); @@ -7519,7 +7543,7 @@ int wc_ecc_gen_deterministic_k(const byte* hash, word32 hashSz, enum wc_HashType hashType, mp_int* priv, mp_int* k, mp_int* order, void* heap) { - int ret = 0, qbits = 0; + int ret = 0; #ifndef WOLFSSL_SMALL_STACK byte h1[MAX_ECC_BYTES]; byte V[WC_MAX_DIGEST_SIZE]; @@ -7535,6 +7559,7 @@ int wc_ecc_gen_deterministic_k(const byte* hash, word32 hashSz, #endif word32 xSz, VSz, KSz, h1len, qLen; byte intOct; + int qbits = 0; if (hash == NULL || k == NULL || order == NULL) { return BAD_FUNC_ARG; @@ -7545,9 +7570,20 @@ int wc_ecc_gen_deterministic_k(const byte* hash, word32 hashSz, return BAD_FUNC_ARG; } - if (hashSz != WC_SHA256_DIGEST_SIZE) { - WOLFSSL_MSG("Currently only SHA256 digest is supported"); - return BAD_FUNC_ARG; + /* if none is provided then detect has type based on hash size */ + if (hashType == WC_HASH_TYPE_NONE) { + if (hashSz == 64) { + hashType = WC_HASH_TYPE_SHA512; + } + else if (hashSz == 48) { + hashType = WC_HASH_TYPE_SHA384; + } + else if (hashSz == 32) { + hashType = WC_HASH_TYPE_SHA256; + } + else { + return BAD_FUNC_ARG; + } } if (mp_unsigned_bin_size(priv) > MAX_ECC_BYTES) { @@ -7587,14 +7623,10 @@ int wc_ecc_gen_deterministic_k(const byte* hash, word32 hashSz, /* bail out if any error has been hit at this point */ if (ret != 0) { - if (x != NULL) - XFREE(x, heap, DYNAMIC_TYPE_PRIVATE_KEY); - if (K != NULL) - XFREE(K, heap, DYNAMIC_TYPE_ECC_BUFFER); - if (V != NULL) - XFREE(V, heap, DYNAMIC_TYPE_ECC_BUFFER); - if (h1 != NULL) - XFREE(h1, heap, DYNAMIC_TYPE_DIGEST); + XFREE(x, heap, DYNAMIC_TYPE_PRIVATE_KEY); + XFREE(K, heap, DYNAMIC_TYPE_ECC_BUFFER); + XFREE(V, heap, DYNAMIC_TYPE_ECC_BUFFER); + XFREE(h1, heap, DYNAMIC_TYPE_DIGEST); return ret; } #endif @@ -7615,6 +7647,16 @@ int wc_ecc_gen_deterministic_k(const byte* hash, word32 hashSz, wc_MemZero_Add("wc_ecc_gen_deterministic_k x", x, qLen); #endif qbits = mp_count_bits(order); + if (qbits < 0) + ret = MP_VAL; + } + + if (ret == 0) { + /* hash truncate if too long */ + if (((WOLFSSL_BIT_SIZE) * hashSz) > (word32)qbits) { + /* calculate truncated hash size using bits rounded up byte */ + hashSz = ((word32)qbits + (WOLFSSL_BIT_SIZE - 1)) / WOLFSSL_BIT_SIZE; + } ret = mp_read_unsigned_bin(z1, hash, hashSz); } @@ -7636,7 +7678,7 @@ int wc_ecc_gen_deterministic_k(const byte* hash, word32 hashSz, ret = BUFFER_E; } else { - ret = mp_to_unsigned_bin_len(z1, h1, h1len); + ret = mp_to_unsigned_bin_len(z1, h1, (int)h1len); } } else @@ -7705,7 +7747,7 @@ int wc_ecc_gen_deterministic_k(const byte* hash, word32 hashSz, ret = mp_read_unsigned_bin(k, x, xSz); } - if ((ret == 0) && ((int)(xSz * WOLFSSL_BIT_SIZE) != qbits)) { + if ((ret == 0) && ((xSz * WOLFSSL_BIT_SIZE) != (word32)qbits)) { /* handle odd case where shift of 'k' is needed with RFC 6979 * k = bits2int(T) in section 3.2 h.3 */ mp_rshb(k, ((int)xSz * WOLFSSL_BIT_SIZE) - qbits); @@ -7737,16 +7779,11 @@ int wc_ecc_gen_deterministic_k(const byte* hash, word32 hashSz, ForceZero(x, MAX_ECC_BYTES); #ifdef WOLFSSL_SMALL_STACK - if (z1 != NULL) - XFREE(z1, heap, DYNAMIC_TYPE_ECC_BUFFER); - if (x != NULL) - XFREE(x, heap, DYNAMIC_TYPE_PRIVATE_KEY); - if (K != NULL) - XFREE(K, heap, DYNAMIC_TYPE_ECC_BUFFER); - if (V != NULL) - XFREE(V, heap, DYNAMIC_TYPE_ECC_BUFFER); - if (h1 != NULL) - XFREE(h1, heap, DYNAMIC_TYPE_DIGEST); + XFREE(z1, heap, DYNAMIC_TYPE_ECC_BUFFER); + XFREE(x, heap, DYNAMIC_TYPE_PRIVATE_KEY); + XFREE(K, heap, DYNAMIC_TYPE_ECC_BUFFER); + XFREE(V, heap, DYNAMIC_TYPE_ECC_BUFFER); + XFREE(h1, heap, DYNAMIC_TYPE_DIGEST); #elif defined(WOLFSSL_CHECK_MEM_ZERO) wc_MemZero_Check(x, MAX_ECC_BYTES); #endif @@ -7758,15 +7795,23 @@ int wc_ecc_gen_deterministic_k(const byte* hash, word32 hashSz, /* Sets the deterministic flag for 'k' generation with sign. * returns 0 on success */ -int wc_ecc_set_deterministic(ecc_key* key, byte flag) +int wc_ecc_set_deterministic_ex(ecc_key* key, byte flag, + enum wc_HashType hashType) { if (key == NULL) { return BAD_FUNC_ARG; } key->deterministic = flag ? 1 : 0; + key->hashType = hashType; return 0; } + +int wc_ecc_set_deterministic(ecc_key* key, byte flag) +{ + return wc_ecc_set_deterministic_ex(key, flag, WC_HASH_TYPE_NONE); +} + #endif /* end sign_ex and deterministic sign */ @@ -7859,7 +7904,9 @@ int wc_ecc_free(ecc_key* key) return 0; } -#if defined(WOLFSSL_ECDSA_SET_K) || defined(WOLFSSL_ECDSA_SET_K_ONE_LOOP) +#if defined(WOLFSSL_ECDSA_SET_K) || defined(WOLFSSL_ECDSA_SET_K_ONE_LOOP) || \ + defined(WOLFSSL_ECDSA_DETERMINISTIC_K) || \ + defined(WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT) #ifndef WOLFSSL_NO_MALLOC if (key->sign_k != NULL) #endif @@ -8169,12 +8216,12 @@ int ecc_mul2add(ecc_point* A, mp_int* kA, /* allocate memory */ tA = (unsigned char*)XMALLOC(ECC_BUFSIZE, heap, DYNAMIC_TYPE_ECC_BUFFER); if (tA == NULL) { - return GEN_MEM_ERR; + return MP_MEM; } tB = (unsigned char*)XMALLOC(ECC_BUFSIZE, heap, DYNAMIC_TYPE_ECC_BUFFER); if (tB == NULL) { XFREE(tA, heap, DYNAMIC_TYPE_ECC_BUFFER); - return GEN_MEM_ERR; + return MP_MEM; } #endif @@ -8183,7 +8230,7 @@ int ecc_mul2add(ecc_point* A, mp_int* kA, if (key == NULL) { XFREE(tB, heap, DYNAMIC_TYPE_ECC_BUFFER); XFREE(tA, heap, DYNAMIC_TYPE_ECC_BUFFER); - return GEN_MEM_ERR; + return MP_MEM; } #endif #ifdef WOLFSSL_SMALL_STACK @@ -8195,7 +8242,7 @@ int ecc_mul2add(ecc_point* A, mp_int* kA, #ifdef WOLFSSL_SMALL_STACK_CACHE XFREE(key, heap, DYNAMIC_TYPE_ECC_BUFFER); #endif - return GEN_MEM_ERR; + return MP_MEM; } #endif #ifdef WOLFSSL_SMALL_STACK_CACHE @@ -8423,7 +8470,6 @@ int ecc_mul2add(ecc_point* A, mp_int* kA, #ifdef HAVE_ECC_VERIFY -#ifndef NO_ASN /* verify * * w = s^-1 mod n @@ -8461,6 +8507,9 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash, #ifdef WOLFSSL_ASYNC_CRYPT int isPrivateKeyOnly = 0; #endif +#ifdef NO_ASN + word32 keySz; +#endif if (sig == NULL || hash == NULL || res == NULL || key == NULL) { return ECC_BAD_ARG_E; @@ -8493,18 +8542,20 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash, r = key->r; s = key->s; #else - NEW_MP_INT_SIZE(r, ECC_KEY_MAX_BITS_NONULLCHECK(key), key->heap, DYNAMIC_TYPE_ECC); -#ifdef MP_INT_SIZE_CHECK_NULL + NEW_MP_INT_SIZE(r, ECC_KEY_MAX_BITS_NONULLCHECK(key), key->heap, + DYNAMIC_TYPE_ECC); + #ifdef MP_INT_SIZE_CHECK_NULL if (r == NULL) return MEMORY_E; -#endif - NEW_MP_INT_SIZE(s, ECC_KEY_MAX_BITS_NONULLCHECK(key), key->heap, DYNAMIC_TYPE_ECC); -#ifdef MP_INT_SIZE_CHECK_NULL + #endif + NEW_MP_INT_SIZE(s, ECC_KEY_MAX_BITS_NONULLCHECK(key), key->heap, + DYNAMIC_TYPE_ECC); + #ifdef MP_INT_SIZE_CHECK_NULL if (s == NULL) { FREE_MP_INT_SIZE(r, key->heap, DYNAMIC_TYPE_ECC); return MEMORY_E; } -#endif + #endif err = INIT_MP_INT_SIZE(r, ECC_KEY_MAX_BITS_NONULLCHECK(key)); if (err != 0) { FREE_MP_INT_SIZE(s, key->heap, DYNAMIC_TYPE_ECC); @@ -8527,6 +8578,7 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash, /* default to invalid signature */ *res = 0; + #ifndef NO_ASN /* Decode ASN.1 ECDSA signature. */ #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC) /* Note, DecodeECC_DSA_Sig() calls mp_init() on r and s. @@ -8541,6 +8593,24 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash, if (err < 0) { break; } + #else + /* No support for DSA ASN.1 header. + * Signature must be r+s directly. */ + keySz = 0; + if (key->dp != NULL) { + keySz = (word32)key->dp->size; + } + if (siglen != keySz * 2) { + WOLFSSL_MSG("Error: ECDSA Verify raw signature size"); + return WC_NO_ERR_TRACE(ECC_BAD_ARG_E); + } + + /* Import signature into r,s */ + mp_init(r); + mp_init(s); + mp_read_unsigned_bin(r, sig, keySz); + mp_read_unsigned_bin(s, sig + keySz, keySz); + #endif /* !NO_ASN */ FALL_THROUGH; case ECC_STATE_VERIFY_DO: @@ -8600,7 +8670,6 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash, return err; #endif /* !WOLF_CRYPTO_CB_ONLY_ECC */ } -#endif /* !NO_ASN */ #ifndef WOLF_CRYPTO_CB_ONLY_ECC @@ -9089,7 +9158,7 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash, keySz = (word32)key->dp->size; #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_ECC) && \ - defined(WOLFSSL_ASYNC_CRYPT_SW) + defined(WOLFSSL_ASYNC_CRYPT_SW) if (key->asyncDev.marker == WOLFSSL_ASYNC_MARKER_ECC) { if (wc_AsyncSwInit(&key->asyncDev, ASYNC_SW_ECC_VERIFY)) { WC_ASYNC_SW* sw = &key->asyncDev.sw; @@ -9466,12 +9535,8 @@ int wc_ecc_import_point_der_ex(const byte* in, word32 inLen, } #ifdef WOLFSSL_SMALL_STACK - if (t1 != NULL) { - XFREE(t1, NULL, DYNAMIC_TYPE_BIGINT); - } - if (t2 != NULL) { - XFREE(t2, NULL, DYNAMIC_TYPE_BIGINT); - } + XFREE(t1, NULL, DYNAMIC_TYPE_BIGINT); + XFREE(t2, NULL, DYNAMIC_TYPE_BIGINT); #endif wc_ecc_curve_free(curve); @@ -9548,7 +9613,7 @@ int wc_ecc_export_point_der(const int curve_idx, ecc_point* point, byte* out, /* return length needed only */ if (point != NULL && out == NULL && outLen != NULL) { *outLen = 1 + 2*numlen; - return LENGTH_ONLY_E; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if (point == NULL || out == NULL || outLen == NULL) @@ -9624,7 +9689,7 @@ int wc_ecc_export_point_der_compressed(const int curve_idx, ecc_point* point, /* return length needed only */ if (point != NULL && out == NULL && outLen != NULL) { *outLen = output_len; - return LENGTH_ONLY_E; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if (point == NULL || out == NULL || outLen == NULL) @@ -9688,7 +9753,7 @@ int wc_ecc_export_x963(ecc_key* key, byte* out, word32* outLen) /* if key hasn't been setup assume max bytes for size estimation */ numlen = key->dp ? (word32)key->dp->size : MAX_ECC_BYTES; *outLen = 1 + 2 * numlen; - return LENGTH_ONLY_E; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if (key == NULL || out == NULL || outLen == NULL) @@ -10166,23 +10231,32 @@ static int _ecc_pairwise_consistency_test(ecc_key* key, WC_RNG* rng) } if (!err && (flags & WC_ECC_FLAG_DEC_SIGN)) { +#ifndef WOLFSSL_SMALL_STACK + #define SIG_SZ ((MAX_ECC_BYTES * 2) + SIG_HEADER_SZ + ECC_MAX_PAD_SZ) + byte sig[SIG_SZ + WC_SHA256_DIGEST_SIZE]; +#else byte* sig; +#endif byte* digest; word32 sigLen, digestLen; int dynRng = 0, res = 0; sigLen = (word32)wc_ecc_sig_size(key); digestLen = WC_SHA256_DIGEST_SIZE; - sig = (byte*)XMALLOC(sigLen + digestLen, NULL, DYNAMIC_TYPE_ECC); +#ifdef WOLFSSL_SMALL_STACK + sig = (byte*)XMALLOC(sigLen + digestLen, key->heap, DYNAMIC_TYPE_ECC); if (sig == NULL) return MEMORY_E; +#endif digest = sig + sigLen; if (rng == NULL) { dynRng = 1; - rng = wc_rng_new(NULL, 0, NULL); + rng = wc_rng_new(NULL, 0, key->heap); if (rng == NULL) { - XFREE(sig, NULL, DYNAMIC_TYPE_ECC); +#ifdef WOLFSSL_SMALL_STACK + XFREE(sig, key->heap, DYNAMIC_TYPE_ECC); +#endif return MEMORY_E; } } @@ -10203,7 +10277,9 @@ static int _ecc_pairwise_consistency_test(ecc_key* key, WC_RNG* rng) wc_rng_free(rng); } ForceZero(sig, sigLen + digestLen); - XFREE(sig, NULL, DYNAMIC_TYPE_ECC); +#ifdef WOLFSSL_SMALL_STACK + XFREE(sig, key->heap, DYNAMIC_TYPE_ECC); +#endif } (void)rng; @@ -10737,12 +10813,8 @@ int wc_ecc_import_x963_ex(const byte* in, word32 inLen, ecc_key* key, mp_clear(t1); } #ifdef WOLFSSL_SMALL_STACK - if (t1 != NULL) { - XFREE(t1, NULL, DYNAMIC_TYPE_BIGINT); - } - if (t2 != NULL) { - XFREE(t2, NULL, DYNAMIC_TYPE_BIGINT); - } + XFREE(t1, NULL, DYNAMIC_TYPE_BIGINT); + XFREE(t2, NULL, DYNAMIC_TYPE_BIGINT); #endif wc_ecc_curve_free(curve); @@ -12366,6 +12438,9 @@ static const struct { /* find a hole and free as required, return -1 if no hole found */ static int find_hole(void) { +#ifdef WOLFSSL_NO_MALLOC + return -1; +#else int x, y, z; for (z = -1, y = INT_MAX, x = 0; x < FP_ENTRIES; x++) { if (fp_cache[x].lru_count < y && fp_cache[x].lock == 0) { @@ -12394,6 +12469,7 @@ static int find_hole(void) fp_cache[z].lru_count = 0; } return z; +#endif /* !WOLFSSL_NO_MALLOC */ } /* determine if a base is already in the cache and if so, where */ @@ -12422,7 +12498,7 @@ static int add_entry(int idx, ecc_point *g) /* allocate base and LUT */ fp_cache[idx].g = wc_ecc_new_point(); if (fp_cache[idx].g == NULL) { - return GEN_MEM_ERR; + return MP_MEM; } /* copy x and y */ @@ -12431,7 +12507,7 @@ static int add_entry(int idx, ecc_point *g) (mp_copy(g->z, fp_cache[idx].g->z) != MP_OKAY)) { wc_ecc_del_point(fp_cache[idx].g); fp_cache[idx].g = NULL; - return GEN_MEM_ERR; + return MP_MEM; } for (x = 0; x < (1U<x, R->x) != MP_OKAY) || (mp_copy(fp_cache[idx].LUT[z]->y, R->y) != MP_OKAY) || (mp_copy(&fp_cache[idx].mu, R->z) != MP_OKAY)) { - err = GEN_MEM_ERR; + err = MP_MEM; break; } first = 0; @@ -13020,7 +13096,7 @@ static int accel_fp_mul2add(int idx1, int idx2, if ((mp_copy(fp_cache[idx1].LUT[zA]->x, R->x) != MP_OKAY) || (mp_copy(fp_cache[idx1].LUT[zA]->y, R->y) != MP_OKAY) || (mp_copy(&fp_cache[idx1].mu, R->z) != MP_OKAY)) { - err = GEN_MEM_ERR; + err = MP_MEM; break; } first = 0; @@ -13035,7 +13111,7 @@ static int accel_fp_mul2add(int idx1, int idx2, if ((mp_copy(fp_cache[idx2].LUT[zB]->x, R->x) != MP_OKAY) || (mp_copy(fp_cache[idx2].LUT[zB]->y, R->y) != MP_OKAY) || (mp_copy(&fp_cache[idx2].mu, R->z) != MP_OKAY)) { - err = GEN_MEM_ERR; + err = MP_MEM; break; } first = 0; @@ -13839,15 +13915,25 @@ int wc_ecc_ctx_set_kdf_salt(ecEncCtx* ctx, const byte* salt, word32 sz) if (ctx == NULL || (salt == NULL && sz != 0)) return BAD_FUNC_ARG; - ctx->kdfSalt = salt; - ctx->kdfSaltSz = sz; + /* truncate salt if exceeds max */ + if (sz > EXCHANGE_SALT_SZ) + sz = EXCHANGE_SALT_SZ; + /* using a custom kdf salt, so borrow clientSalt/serverSalt for it, + * since wc_ecc_ctx_set_peer_salt will set kdf and mac salts */ if (ctx->protocol == REQ_RESP_CLIENT) { ctx->cliSt = ecCLI_SALT_SET; + ctx->kdfSalt = ctx->clientSalt; } else if (ctx->protocol == REQ_RESP_SERVER) { ctx->srvSt = ecSRV_SALT_SET; + ctx->kdfSalt = ctx->serverSalt; + } + + if (salt != NULL) { + XMEMCPY((byte*)ctx->kdfSalt, salt, sz); } + ctx->kdfSaltSz = sz; return 0; } @@ -14695,8 +14781,9 @@ int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg, if (ret == 0) ret = wc_HmacFinal(hmac, verify); if ((ret == 0) && (XMEMCMP(verify, msg + msgSz - digestSz, - digestSz) != 0)) { - ret = -1; + digestSz) != 0)) { + ret = HASH_TYPE_E; + WOLFSSL_MSG("ECC Decrypt HMAC Check failed!"); } wc_HmacFree(hmac); @@ -14805,9 +14892,7 @@ int wc_ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg, #endif #ifdef WOLFSSL_SMALL_STACK #ifndef WOLFSSL_ECIES_OLD - if (peerKey != NULL) { - XFREE(peerKey, ctx->heap, DYNAMIC_TYPE_ECC_BUFFER); - } + XFREE(peerKey, ctx->heap, DYNAMIC_TYPE_ECC_BUFFER); #endif XFREE(sharedSecret, ctx->heap, DYNAMIC_TYPE_ECC_BUFFER); XFREE(keys, ctx->heap, DYNAMIC_TYPE_ECC_BUFFER); @@ -15327,7 +15412,7 @@ static int wc_ecc_export_x963_compressed(ecc_key* key, byte* out, word32* outLen if (*outLen < (1 + numlen)) { *outLen = 1 + numlen; - return LENGTH_ONLY_E; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if (out == NULL) @@ -15351,23 +15436,57 @@ static int wc_ecc_export_x963_compressed(ecc_key* key, byte* out, word32* outLen #endif /* HAVE_ECC_KEY_EXPORT */ #endif /* HAVE_COMP_KEY */ +#ifdef HAVE_OID_ENCODING +int wc_ecc_oid_cache_init(void) +{ + int ret = 0; +#if !defined(SINGLE_THREADED) && !defined(WOLFSSL_MUTEX_INITIALIZER) + ret = wc_InitMutex(&ecc_oid_cache_lock); +#endif + return ret; +} + +void wc_ecc_oid_cache_free(void) +{ +#if !defined(SINGLE_THREADED) && !defined(WOLFSSL_MUTEX_INITIALIZER) + wc_FreeMutex(&ecc_oid_cache_lock); +#endif +} +#endif /* HAVE_OID_ENCODING */ int wc_ecc_get_oid(word32 oidSum, const byte** oid, word32* oidSz) { int x; + int ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN); +#ifdef HAVE_OID_ENCODING + oid_cache_t* o = NULL; +#endif if (oidSum == 0) { return BAD_FUNC_ARG; } +#ifdef HAVE_OID_ENCODING + #ifndef WOLFSSL_MUTEX_INITIALIZER + /* extra sanity check if wolfCrypt_Init not called */ + if (eccOidLockInit == 0) { + wc_InitMutex(&ecc_oid_cache_lock); + eccOidLockInit = 1; + } + #endif + + if (wc_LockMutex(&ecc_oid_cache_lock) != 0) { + return BAD_MUTEX_E; + } +#endif + /* find matching OID sum (based on encoded value) */ for (x = 0; ecc_sets[x].size != 0; x++) { if (ecc_sets[x].oidSum == oidSum) { - int ret; #ifdef HAVE_OID_ENCODING - ret = 0; /* check cache */ - oid_cache_t* o = &ecc_oid_cache[x]; + ret = 0; + o = &ecc_oid_cache[x]; if (o->oidSz == 0) { o->oidSz = sizeof(o->oid); ret = EncodeObjectId(ecc_sets[x].oid, ecc_sets[x].oidSz, @@ -15379,10 +15498,12 @@ int wc_ecc_get_oid(word32 oidSum, const byte** oid, word32* oidSz) if (oid) { *oid = o->oid; } + /* on success return curve id */ if (ret == 0) { ret = ecc_sets[x].id; } + break; #else if (oidSz) { *oidSz = ecc_sets[x].oidSz; @@ -15391,12 +15512,16 @@ int wc_ecc_get_oid(word32 oidSum, const byte** oid, word32* oidSz) *oid = ecc_sets[x].oid; } ret = ecc_sets[x].id; + break; #endif - return ret; } } - return NOT_COMPILED_IN; +#ifdef HAVE_OID_ENCODING + wc_UnLockMutex(&ecc_oid_cache_lock); +#endif + + return ret; } #ifdef WOLFSSL_CUSTOM_CURVES diff --git a/src/wolfcrypt/src/eccsi.c b/src/wolfcrypt/src/eccsi.c index 69d999b..2be700f 100644 --- a/src/wolfcrypt/src/eccsi.c +++ b/src/wolfcrypt/src/eccsi.c @@ -1,6 +1,6 @@ /* eccsi.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -516,7 +516,7 @@ static int eccsi_encode_point(ecc_point* point, word32 size, byte* data, if (data == NULL) { *sz = size * 2 + !raw; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if ((err == 0) && (*sz < size * 2 + !raw)) { err = BUFFER_E; @@ -655,7 +655,7 @@ int wc_ExportEccsiKey(EccsiKey* key, byte* data, word32* sz) if (err == 0) { if (data == NULL) { *sz = (word32)(key->ecc.dp->size * 3); - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } else if (*sz < (word32)key->ecc.dp->size * 3) { err = BUFFER_E; @@ -777,7 +777,7 @@ int wc_ExportEccsiPrivateKey(EccsiKey* key, byte* data, word32* sz) if (err == 0) { if (data == NULL) { *sz = (word32)key->ecc.dp->size; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } else if (*sz < (word32)key->ecc.dp->size) { err = BUFFER_E; @@ -1016,7 +1016,7 @@ int wc_EncodeEccsiPair(const EccsiKey* key, mp_int* ssk, ecc_point* pvt, if ((err == 0) && (data == NULL)) { *sz = (word32)(key->ecc.dp->size * 3); - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if ((err == 0) && (*sz < (word32)(key->ecc.dp->size * 3))) { err = BUFFER_E; @@ -1077,7 +1077,7 @@ int wc_EncodeEccsiSsk(const EccsiKey* key, mp_int* ssk, byte* data, word32* sz) if (err == 0) { if (data == NULL) { *sz = (word32)key->ecc.dp->size; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } else if (*sz < (word32)key->ecc.dp->size) { err = BUFFER_E; @@ -2000,7 +2000,7 @@ int wc_SignEccsiHash(EccsiKey* key, WC_RNG* rng, enum wc_HashType hashType, sz = (word32)key->ecc.dp->size; if (sig == NULL) { *sigSz = sz * 4 + 1; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } } if ((err == 0) && (*sigSz < sz * 4 + 1)) { diff --git a/src/wolfcrypt/src/ed25519.c b/src/wolfcrypt/src/ed25519.c index 381b911..09777dd 100644 --- a/src/wolfcrypt/src/ed25519.c +++ b/src/wolfcrypt/src/ed25519.c @@ -1,6 +1,6 @@ /* ed25519.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -968,6 +968,39 @@ int wc_ed25519ph_verify_msg(const byte* sig, word32 sigLen, const byte* msg, } #endif /* HAVE_ED25519_VERIFY */ +#ifndef WC_NO_CONSTRUCTORS +ed25519_key* wc_ed25519_new(void* heap, int devId, int *result_code) +{ + int ret; + ed25519_key* key = (ed25519_key*)XMALLOC(sizeof(ed25519_key), heap, + DYNAMIC_TYPE_ED25519); + if (key == NULL) { + ret = MEMORY_E; + } + else { + ret = wc_ed25519_init_ex(key, heap, devId); + if (ret != 0) { + XFREE(key, heap, DYNAMIC_TYPE_ED25519); + key = NULL; + } + } + + if (result_code != NULL) + *result_code = ret; + + return key; +} + +int wc_ed25519_delete(ed25519_key* key, ed25519_key** key_p) { + if (key == NULL) + return BAD_FUNC_ARG; + wc_ed25519_free(key); + XFREE(key, key->heap, DYNAMIC_TYPE_ED25519); + if (key_p != NULL) + *key_p = NULL; + return 0; +} +#endif /* !WC_NO_CONSTRUCTORS */ /* initialize information and memory for key */ int wc_ed25519_init_ex(ed25519_key* key, void* heap, int devId) diff --git a/src/wolfcrypt/src/ed448.c b/src/wolfcrypt/src/ed448.c index e9e865c..1598c9c 100644 --- a/src/wolfcrypt/src/ed448.c +++ b/src/wolfcrypt/src/ed448.c @@ -1,6 +1,6 @@ /* ed448.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfcrypt/src/error.c b/src/wolfcrypt/src/error.c index 2e25b60..deedcbe 100644 --- a/src/wolfcrypt/src/error.c +++ b/src/wolfcrypt/src/error.c @@ -1,6 +1,6 @@ /* error.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -42,7 +42,19 @@ WOLFSSL_ABI const char* wc_GetErrorString(int error) { - switch (error) { + switch ((enum wolfCrypt_ErrorCodes)error) { + + case MP_MEM : + return "MP integer dynamic memory allocation failed"; + + case MP_VAL : + return "MP integer invalid argument"; + + case MP_WOULDBLOCK : + return "MP integer non-blocking operation would block"; + + case MP_NOT_INF: + return "MP point not at infinity"; case OPEN_RAN_E : return "opening random device error"; @@ -352,13 +364,13 @@ const char* wc_GetErrorString(int error) return "ECC is point on curve failed"; case ECC_INF_E: - return " ECC point at infinity error"; + return "ECC point at infinity error"; case ECC_OUT_OF_RANGE_E: - return " ECC Qx or Qy out of range error"; + return "ECC Qx or Qy out of range error"; case ECC_PRIV_KEY_E: - return " ECC private key is not valid error"; + return "ECC private key is not valid error"; case SRP_CALL_ORDER_E: return "SRP function called in the wrong order error"; @@ -630,6 +642,8 @@ const char* wc_GetErrorString(int error) case PBKDF2_KAT_FIPS_E: return "wolfCrypt FIPS PBKDF2 Known Answer Test Failure"; + case MAX_CODE_E: + case MIN_CODE_E: default: return "unknown error number"; diff --git a/src/wolfcrypt/src/evp.c b/src/wolfcrypt/src/evp.c index 42949fc..808aa04 100644 --- a/src/wolfcrypt/src/evp.c +++ b/src/wolfcrypt/src/evp.c @@ -1,6 +1,6 @@ /* evp.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -283,6 +283,40 @@ static const struct s_ent { static const char EVP_NULL[] = "NULL"; +static const struct pkey_type_name_ent { + int type; + const char *name; +} pkey_type_names[] = { + { EVP_PKEY_RSA, "RSA" }, + { EVP_PKEY_EC, "EC" }, + { EVP_PKEY_DH, "DH" }, + { EVP_PKEY_DSA, "DSA" } +}; + +static int pkey_type_by_name(const char *name) { + unsigned int i; + if (name == NULL) + return EVP_PKEY_NONE; + for (i = 0; i < XELEM_CNT(pkey_type_names); ++i) { + if (XSTRCMP(name, pkey_type_names[i].name) == 0) + return pkey_type_names[i].type; + } + return EVP_PKEY_NONE; +} + +int wolfSSL_EVP_PKEY_is_a(const WOLFSSL_EVP_PKEY *pkey, const char *name) { + int type; + + if (pkey == NULL) + return WOLFSSL_FAILURE; + + type = pkey_type_by_name(name); + if (type == EVP_PKEY_NONE) + return WOLFSSL_FAILURE; + + return (pkey->type == type) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE; +} + #define EVP_CIPHER_TYPE_MATCHES(x, y) (XSTRCMP(x,y) == 0) #define EVP_PKEY_PRINT_LINE_WIDTH_MAX 80 @@ -364,6 +398,9 @@ int wolfSSL_EVP_Cipher_key_length(const WOLFSSL_EVP_CIPHER* c) case DES_ECB_TYPE: return 8; case DES_EDE3_ECB_TYPE: return 24; #endif + #ifndef NO_RC4 + case ARC4_TYPE: return 16; + #endif #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) case CHACHA20_POLY1305_TYPE: return 32; #endif @@ -452,7 +489,7 @@ void wolfSSL_EVP_CIPHER_CTX_free(WOLFSSL_EVP_CIPHER_CTX *ctx) int wolfSSL_EVP_CIPHER_CTX_reset(WOLFSSL_EVP_CIPHER_CTX *ctx) { - int ret = WOLFSSL_FAILURE; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); if (ctx != NULL) { WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_reset"); @@ -1688,7 +1725,7 @@ int wolfSSL_EVP_DecryptFinal_legacy(WOLFSSL_EVP_CIPHER_CTX *ctx, { int fl; if (ctx == NULL || out == NULL || outl == NULL) - return BAD_FUNC_ARG; + return WOLFSSL_FAILURE; WOLFSSL_ENTER("wolfSSL_EVP_DecryptFinal_legacy"); if (ctx->block_size == 1) { @@ -1727,7 +1764,7 @@ int wolfSSL_EVP_DecryptFinal_legacy(WOLFSSL_EVP_CIPHER_CTX *ctx, int wolfSSL_EVP_CIPHER_CTX_block_size(const WOLFSSL_EVP_CIPHER_CTX *ctx) { - if (ctx == NULL) return BAD_FUNC_ARG; + if (ctx == NULL) return WOLFSSL_FAILURE; switch (ctx->cipherType) { #if !defined(NO_AES) || !defined(NO_DES3) || defined(WOLFSSL_SM4) #if !defined(NO_AES) @@ -2009,7 +2046,7 @@ static unsigned int cipherType(const WOLFSSL_EVP_CIPHER *cipher) int wolfSSL_EVP_CIPHER_block_size(const WOLFSSL_EVP_CIPHER *cipher) { if (cipher == NULL) - return BAD_FUNC_ARG; + return WOLFSSL_FAILURE; switch (cipherType(cipher)) { #if !defined(NO_AES) @@ -2269,7 +2306,7 @@ int wolfSSL_EVP_CIPHER_CTX_set_padding(WOLFSSL_EVP_CIPHER_CTX *ctx, int padding) { if (ctx == NULL) - return BAD_FUNC_ARG; + return WOLFSSL_FAILURE; if (padding) { ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_NO_PADDING; } @@ -2281,9 +2318,10 @@ int wolfSSL_EVP_CIPHER_CTX_set_padding(WOLFSSL_EVP_CIPHER_CTX *ctx, int wolfSSL_EVP_add_digest(const WOLFSSL_EVP_MD *digest) { - (void)digest; /* nothing to do */ - return 0; + if (digest == NULL) + return WOLFSSL_FAILURE; + return WOLFSSL_SUCCESS; } @@ -2679,9 +2717,7 @@ int wolfSSL_EVP_PKEY_CTX_set1_hkdf_salt(WOLFSSL_EVP_PKEY_CTX* ctx, } if (ret == WOLFSSL_SUCCESS && salt != NULL && saltSz > 0) { - if (ctx->pkey->hkdfSalt != NULL) { - XFREE(ctx->pkey->hkdfSalt, NULL, DYNAMIC_TYPE_SALT); - } + XFREE(ctx->pkey->hkdfSalt, NULL, DYNAMIC_TYPE_SALT); ctx->pkey->hkdfSalt = (byte*)XMALLOC((size_t)saltSz, NULL, DYNAMIC_TYPE_SALT); if (ctx->pkey->hkdfSalt == NULL) { @@ -2716,9 +2752,7 @@ int wolfSSL_EVP_PKEY_CTX_set1_hkdf_key(WOLFSSL_EVP_PKEY_CTX* ctx, } if (ret == WOLFSSL_SUCCESS) { - if (ctx->pkey->hkdfKey != NULL) { - XFREE(ctx->pkey->hkdfKey, NULL, DYNAMIC_TYPE_KEY); - } + XFREE(ctx->pkey->hkdfKey, NULL, DYNAMIC_TYPE_KEY); ctx->pkey->hkdfKey = (byte*)XMALLOC((size_t)keySz, NULL, DYNAMIC_TYPE_KEY); if (ctx->pkey->hkdfKey == NULL) { @@ -3110,7 +3144,7 @@ int wolfSSL_EVP_PKEY_sign(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *sig, if (!ctx->pkey->dsa) return WOLFSSL_FAILURE; bytes = wolfSSL_BN_num_bytes(ctx->pkey->dsa->q); - if (bytes == WOLFSSL_FAILURE) + if (bytes == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) return WOLFSSL_FAILURE; bytes *= 2; if (!sig) { @@ -3123,7 +3157,7 @@ int wolfSSL_EVP_PKEY_sign(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *sig, /* wolfSSL_DSA_do_sign() can return WOLFSSL_FATAL_ERROR */ if (ret != WOLFSSL_SUCCESS) return ret; - if (bytes == WOLFSSL_FAILURE) + if (bytes == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) return WOLFSSL_FAILURE; *siglen = (size_t)bytes; return WOLFSSL_SUCCESS; @@ -3404,14 +3438,14 @@ int wolfSSL_EVP_PKEY_keygen_init(WOLFSSL_EVP_PKEY_CTX *ctx) int wolfSSL_EVP_PKEY_keygen(WOLFSSL_EVP_PKEY_CTX *ctx, WOLFSSL_EVP_PKEY **ppkey) { - int ret = WOLFSSL_FAILURE; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); int ownPkey = 0; WOLFSSL_EVP_PKEY* pkey; WOLFSSL_ENTER("wolfSSL_EVP_PKEY_keygen"); if (ctx == NULL || ppkey == NULL) { - return BAD_FUNC_ARG; + return WOLFSSL_FAILURE; } pkey = *ppkey; @@ -3421,7 +3455,7 @@ int wolfSSL_EVP_PKEY_keygen(WOLFSSL_EVP_PKEY_CTX *ctx, ctx->pkey->type != EVP_PKEY_RSA && ctx->pkey->type != EVP_PKEY_DH)) { WOLFSSL_MSG("Key not set or key type not supported"); - return BAD_FUNC_ARG; + return WOLFSSL_FAILURE; } pkey = wolfSSL_EVP_PKEY_new(); if (pkey == NULL) { @@ -3802,14 +3836,15 @@ static int DH_param_check(WOLFSSL_DH* dh_key) dh_key->q != NULL) { if (ret == WOLFSSL_SUCCESS && - wolfSSL_BN_mod_exp(num1, dh_key->g, dh_key->q, dh_key->p, ctx) == - WOLFSSL_FAILURE) { + wolfSSL_BN_mod_exp(num1, dh_key->g, dh_key->q, dh_key->p, ctx) + == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) + { WOLFSSL_MSG("BN_mod_exp failed"); ret = WOLFSSL_FAILURE; } else if (ret == WOLFSSL_SUCCESS && - wolfSSL_BN_is_one(num1) == WOLFSSL_FAILURE) { + wolfSSL_BN_is_one(num1) == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) { WOLFSSL_MSG("dh_key->g is not suitable generator"); ret = WOLFSSL_FAILURE; } @@ -3957,7 +3992,7 @@ int wolfSSL_EVP_SignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sigret, (void)siglen; WOLFSSL_ENTER("EVP_SignFinal"); - if (ctx == NULL) + if (ctx == NULL || sigret == NULL || siglen == NULL || pkey == NULL) return WOLFSSL_FAILURE; ret = wolfSSL_EVP_DigestFinal(ctx, md, &mdsize); @@ -3989,15 +4024,32 @@ int wolfSSL_EVP_SignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sigret, if (ret != WOLFSSL_SUCCESS) return ret; bytes = wolfSSL_BN_num_bytes(pkey->dsa->q); - if (bytes == WOLFSSL_FAILURE || (int)*siglen < bytes * 2) + if (bytes == WC_NO_ERR_TRACE(WOLFSSL_FAILURE) || + (int)*siglen < bytes * 2) + { return WOLFSSL_FAILURE; + } *siglen = (unsigned int)(bytes * 2); return WOLFSSL_SUCCESS; } #endif - case EVP_PKEY_EC: - WOLFSSL_MSG("not implemented"); - FALL_THROUGH; +#ifdef HAVE_ECC + case EVP_PKEY_EC: { + WOLFSSL_ECDSA_SIG *ecdsaSig = wolfSSL_ECDSA_do_sign(md, (int)mdsize, + pkey->ecc); + if (ecdsaSig == NULL) + return WOLFSSL_FAILURE; + ret = wolfSSL_i2d_ECDSA_SIG(ecdsaSig, NULL); + if (ret <= 0 || ret > (int)*siglen) + return WOLFSSL_FAILURE; + ret = wolfSSL_i2d_ECDSA_SIG(ecdsaSig, &sigret); + wolfSSL_ECDSA_SIG_free(ecdsaSig); + if (ret <= 0 || ret > (int)*siglen) + return WOLFSSL_FAILURE; + *siglen = (unsigned int)ret; + return WOLFSSL_SUCCESS; + } +#endif default: break; } @@ -4055,7 +4107,8 @@ int wolfSSL_EVP_VerifyFinal(WOLFSSL_EVP_MD_CTX *ctx, if (ctx == NULL) return WOLFSSL_FAILURE; WOLFSSL_ENTER("EVP_VerifyFinal"); ret = wolfSSL_EVP_DigestFinal(ctx, md, &mdsize); - if (ret <= 0) return ret; + if (ret <= 0) + return ret; (void)sig; (void)siglen; @@ -4072,9 +4125,19 @@ int wolfSSL_EVP_VerifyFinal(WOLFSSL_EVP_MD_CTX *ctx, (unsigned int)siglen, pkey->rsa); } #endif /* NO_RSA */ - +#ifdef HAVE_ECC + case EVP_PKEY_EC: { + WOLFSSL_ECDSA_SIG *ecdsaSig = wolfSSL_d2i_ECDSA_SIG( + NULL, (const unsigned char **)&sig, (long)siglen); + if (ecdsaSig == NULL) + return WOLFSSL_FAILURE; + ret = wolfSSL_ECDSA_do_verify(md, (int)mdsize, ecdsaSig, + pkey->ecc); + wolfSSL_ECDSA_SIG_free(ecdsaSig); + return ret; + } +#endif case EVP_PKEY_DSA: - case EVP_PKEY_EC: WOLFSSL_MSG("not implemented"); FALL_THROUGH; default: @@ -4085,9 +4148,10 @@ int wolfSSL_EVP_VerifyFinal(WOLFSSL_EVP_MD_CTX *ctx, int wolfSSL_EVP_add_cipher(const WOLFSSL_EVP_CIPHER *cipher) { - (void)cipher; /* nothing to do */ - return 0; + if (cipher == NULL) + return WOLFSSL_FAILURE; + return WOLFSSL_SUCCESS; } @@ -4144,7 +4208,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_CMAC_key(WOLFSSL_ENGINE* e, } ret = wolfSSL_CMAC_Init(ctx, priv, len, cipher, e); - if (ret == WOLFSSL_FAILURE) { + if (ret == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) { wolfSSL_CMAC_CTX_free(ctx); WOLFSSL_LEAVE("wolfSSL_EVP_PKEY_new_CMAC_key", 0); return NULL; @@ -4286,7 +4350,7 @@ static int wolfSSL_evp_digest_pk_init(WOLFSSL_EVP_MD_CTX *ctx, } type = wolfSSL_EVP_get_digestbynid(default_digest); if (type == NULL) { - return BAD_FUNC_ARG; + return WOLFSSL_FAILURE; } } @@ -4478,7 +4542,7 @@ int wolfSSL_EVP_DigestSignInit(WOLFSSL_EVP_MD_CTX *ctx, WOLFSSL_ENTER("EVP_DigestSignInit"); if (ctx == NULL || pkey == NULL) - return BAD_FUNC_ARG; + return WOLFSSL_FAILURE; return wolfSSL_evp_digest_pk_init(ctx, pctx, type, e, pkey); } @@ -4490,7 +4554,7 @@ int wolfSSL_EVP_DigestSignUpdate(WOLFSSL_EVP_MD_CTX *ctx, const void *d, WOLFSSL_ENTER("EVP_DigestSignUpdate"); if (ctx == NULL || d == NULL) - return BAD_FUNC_ARG; + return WOLFSSL_FAILURE; return wolfssl_evp_digest_pk_update(ctx, d, cnt); } @@ -4500,7 +4564,7 @@ int wolfSSL_EVP_DigestSignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sig, { unsigned char digest[WC_MAX_DIGEST_SIZE]; unsigned int hashLen; - int ret = WOLFSSL_FAILURE; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); WOLFSSL_ENTER("EVP_DigestSignFinal"); @@ -4603,7 +4667,7 @@ int wolfSSL_EVP_DigestVerifyInit(WOLFSSL_EVP_MD_CTX *ctx, WOLFSSL_ENTER("EVP_DigestVerifyInit"); if (ctx == NULL || type == NULL || pkey == NULL) - return BAD_FUNC_ARG; + return WOLFSSL_FAILURE; return wolfSSL_evp_digest_pk_init(ctx, pctx, type, e, pkey); } @@ -4615,7 +4679,7 @@ int wolfSSL_EVP_DigestVerifyUpdate(WOLFSSL_EVP_MD_CTX *ctx, const void *d, WOLFSSL_ENTER("EVP_DigestVerifyUpdate"); if (ctx == NULL || d == NULL) - return BAD_FUNC_ARG; + return WOLFSSL_FAILURE; return wolfssl_evp_digest_pk_update(ctx, d, (unsigned int)cnt); } @@ -4756,7 +4820,7 @@ int wolfSSL_EVP_DigestVerifyFinal(WOLFSSL_EVP_MD_CTX *ctx, int wolfSSL_EVP_read_pw_string(char* buf, int bufSz, const char* banner, int v) { printf("%s", banner); - if (XGETPASSWD(buf, bufSz) == WOLFSSL_FAILURE) { + if (XGETPASSWD(buf, bufSz) == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) { return -1; } (void)v; /* fgets always sanity checks size of input vs buffer */ @@ -5913,7 +5977,7 @@ void wolfSSL_EVP_init(void) int wolfSSL_EVP_CIPHER_CTX_ctrl(WOLFSSL_EVP_CIPHER_CTX *ctx, int type, \ int arg, void *ptr) { - int ret = WOLFSSL_FAILURE; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); #if defined(HAVE_AESGCM) || (defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) #ifndef WC_NO_RNG WC_RNG rng; @@ -6298,15 +6362,11 @@ void wolfSSL_EVP_init(void) ctx->keyLen = 0; #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) || defined(HAVE_ARIA) || \ defined(WOLFSSL_SM4_GCM) || defined(WOLFSSL_SM4_CCM) - if (ctx->authBuffer) { - XFREE(ctx->authBuffer, NULL, DYNAMIC_TYPE_OPENSSL); - ctx->authBuffer = NULL; - } + XFREE(ctx->authBuffer, NULL, DYNAMIC_TYPE_OPENSSL); + ctx->authBuffer = NULL; ctx->authBufferLen = 0; - if (ctx->authIn) { - XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL); - ctx->authIn = NULL; - } + XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL); + ctx->authIn = NULL; ctx->authInSz = 0; ctx->authIvGenEnable = 0; ctx->authIncIv = 0; @@ -6361,7 +6421,7 @@ void wolfSSL_EVP_init(void) } ret = wolfSSL_EVP_get_hashinfo(md, &hashType, NULL); - if (ret == WOLFSSL_FAILURE) + if (ret == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) goto end; ret = wc_PBKDF1_ex(key, (int)info->keySz, iv, (int)info->ivSz, data, sz, @@ -6428,10 +6488,8 @@ void wolfSSL_EVP_init(void) { int ret = WOLFSSL_SUCCESS; - if (ctx->authIn) { - XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL); - ctx->authIn = NULL; - } + XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL); + ctx->authIn = NULL; ctx->authInSz = 0; ctx->block_size = AES_BLOCK_SIZE; @@ -6520,7 +6578,7 @@ void wolfSSL_EVP_init(void) static int EvpCipherAesGCM(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* dst, byte* src, word32 len) { - int ret = WOLFSSL_FAILURE; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); #ifndef WOLFSSL_AESGCM_STREAM /* No destination means only AAD. */ @@ -6635,10 +6693,8 @@ void wolfSSL_EVP_init(void) { int ret = WOLFSSL_SUCCESS; - if (ctx->authIn) { - XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL); - ctx->authIn = NULL; - } + XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL); + ctx->authIn = NULL; ctx->authInSz = 0; ctx->block_size = AES_BLOCK_SIZE; @@ -6714,7 +6770,7 @@ void wolfSSL_EVP_init(void) static int EvpCipherAesCCM(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* dst, byte* src, word32 len) { - int ret = WOLFSSL_FAILURE; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); /* No destination means only AAD. */ if (src != NULL && dst == NULL) { @@ -6786,10 +6842,8 @@ void wolfSSL_EVP_init(void) return WOLFSSL_FAILURE; } - if (ctx->authIn) { - XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL); - ctx->authIn = NULL; - } + XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL); + ctx->authIn = NULL; ctx->authInSz = 0; ctx->block_size = AES_BLOCK_SIZE; @@ -7821,10 +7875,8 @@ void wolfSSL_EVP_init(void) ctx->ivSz = GCM_NONCE_MID_SZ; } ctx->authTagSz = SM4_BLOCK_SIZE; - if (ctx->authIn) { - XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL); - ctx->authIn = NULL; - } + XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL); + ctx->authIn = NULL; ctx->authInSz = 0; if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; @@ -7853,10 +7905,8 @@ void wolfSSL_EVP_init(void) ctx->ivSz = GCM_NONCE_MID_SZ; } ctx->authTagSz = SM4_BLOCK_SIZE; - if (ctx->authIn) { - XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL); - ctx->authIn = NULL; - } + XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL); + ctx->authIn = NULL; ctx->authInSz = 0; if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; @@ -8224,7 +8274,7 @@ void wolfSSL_EVP_init(void) int wolfSSL_EVP_Cipher(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* dst, byte* src, word32 len) { - int ret = WOLFSSL_FAILURE; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); WOLFSSL_ENTER("wolfSSL_EVP_Cipher"); @@ -9001,7 +9051,7 @@ int wolfSSL_EVP_PKEY_set1_DH(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_DH *key) /* Get size of DER buffer only */ if (havePublic && !havePrivate) { ret = wc_DhPubKeyToDer(dhkey, NULL, &derSz); - } else if (havePrivate && !havePublic) { + } else if (havePrivate) { ret = wc_DhPrivKeyToDer(dhkey, NULL, &derSz); } else { ret = wc_DhParamsToDer(dhkey,NULL,&derSz); @@ -9021,7 +9071,7 @@ int wolfSSL_EVP_PKEY_set1_DH(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_DH *key) /* Fill DER buffer */ if (havePublic && !havePrivate) { ret = wc_DhPubKeyToDer(dhkey, derBuf, &derSz); - } else if (havePrivate && !havePublic) { + } else if (havePrivate) { ret = wc_DhPrivKeyToDer(dhkey, derBuf, &derSz); } else { ret = wc_DhParamsToDer(dhkey,derBuf,&derSz); @@ -9304,7 +9354,7 @@ const WOLFSSL_EVP_MD* wolfSSL_EVP_ripemd160(void) int wolfSSL_EVP_MD_pkey_type(const WOLFSSL_EVP_MD* type) { - int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG); + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); WOLFSSL_ENTER("wolfSSL_EVP_MD_pkey_type"); @@ -9329,7 +9379,7 @@ int wolfSSL_EVP_MD_pkey_type(const WOLFSSL_EVP_MD* type) } } else { - ret = BAD_FUNC_ARG; + ret = WOLFSSL_FAILURE; } WOLFSSL_LEAVE("wolfSSL_EVP_MD_pkey_type", ret); @@ -9720,7 +9770,12 @@ WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKCS82PKEY(const WOLFSSL_PKCS8_PRIV_KEY_INFO* p8) /* this function just casts and returns pointer */ WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_EVP_PKEY2PKCS8(const WOLFSSL_EVP_PKEY* pkey) { - return (WOLFSSL_PKCS8_PRIV_KEY_INFO*)pkey; + if (pkey == NULL || pkey->pkey.ptr == NULL) { + return NULL; + } + + return wolfSSL_d2i_PrivateKey_EVP(NULL, (unsigned char**)&pkey->pkey.ptr, + pkey->pkey_sz); } #endif @@ -9873,10 +9928,24 @@ static const struct alias { const char *alias; } digest_alias_tbl[] = { - {"MD4", "ssl3-md4"}, - {"MD5", "ssl3-md5"}, - {"SHA1", "ssl3-sha1"}, + {"MD4", "md4"}, + {"MD5", "md5"}, + {"SHA1", "sha1"}, {"SHA1", "SHA"}, + {"SHA224", "sha224"}, + {"SHA256", "sha256"}, + {"SHA384", "sha384"}, + {"SHA512", "sha512"}, + {"SHA512_224", "sha512_224"}, + {"SHA3_224", "sha3_224"}, + {"SHA3_256", "sha3_256"}, + {"SHA3_384", "sha3_384"}, + {"SHA3_512", "sha3_512"}, + {"SM3", "sm3"}, + {"BLAKE2B512", "blake2b512"}, + {"BLAKE2S256", "blake2s256"}, + {"SHAKE128", "shake128"}, + {"SHAKE256", "shake256"}, { NULL, NULL} }; @@ -10205,7 +10274,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) * @param n message digest type name * @return alias name, otherwise NULL */ - static const char* hasAliasName(const char* n) + static const char* getMdAliasName(const char* n) { const char* aliasnm = NULL; @@ -10236,23 +10305,15 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) { struct do_all_md *md = (struct do_all_md*)arg; - const struct s_ent *ent; - /* sanity check */ if (md == NULL || nm == NULL || md->fn == NULL || nm->type != WOLFSSL_OBJ_NAME_TYPE_MD_METH) return; - /* loop all md */ - for (ent = md_tbl; ent->name != NULL; ent++){ - /* check if the md has alias */ - if(hasAliasName(ent->name) != NULL) { - md->fn(NULL, ent->name, ent->name, md->arg); - } - else { - md->fn(ent->name, ent->name, NULL, md->arg); - } - } + if (nm->alias) + md->fn(NULL, nm->name, nm->data, md->arg); + else + md->fn((const EVP_MD *)nm->data, nm->name, NULL, md->arg); } /* call md_do_all function to do all md algorithm via a callback function @@ -10287,11 +10348,30 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) if (!fn) return; - objnm.type = type; - switch(type) { case WOLFSSL_OBJ_NAME_TYPE_MD_METH: - fn(&objnm, arg); + { + const struct s_ent *ent; + /* loop all md */ + for (ent = md_tbl; ent->name != NULL; ent++){ + XMEMSET(&objnm, 0, sizeof(objnm)); + + /* populate objnm with info about the md */ + objnm.type = WOLFSSL_OBJ_NAME_TYPE_MD_METH; + objnm.name = ent->name; + objnm.data = (const char*) + wolfSSL_EVP_get_digestbyname(ent->name); + fn(&objnm, arg); + + /* check if the md has alias and also call fn with it */ + objnm.name = getMdAliasName(ent->name); + if (objnm.name != NULL) { + objnm.alias |= WOLFSSL_OBJ_NAME_ALIAS; + objnm.data = ent->name; + fn(&objnm, arg); + } + } + } break; case WOLFSSL_OBJ_NAME_TYPE_CIPHER_METH: case WOLFSSL_OBJ_NAME_TYPE_PKEY_METH: @@ -10420,20 +10500,17 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* md) { int ret = WOLFSSL_SUCCESS; + #ifdef WOLFSSL_ASYNC_CRYPT + wc_static_assert(WC_ASYNC_DEV_SIZE >= sizeof(WC_ASYNC_DEV)); + #endif WOLFSSL_ENTER("EVP_DigestInit"); if (ctx == NULL) { - return BAD_FUNC_ARG; + return WOLFSSL_FAILURE; } - - #ifdef WOLFSSL_ASYNC_CRYPT - /* compile-time validation of ASYNC_CTX_SIZE */ - typedef char async_test[WC_ASYNC_DEV_SIZE >= sizeof(WC_ASYNC_DEV) ? - 1 : -1]; - (void)sizeof(async_test); - #endif + wolfSSL_EVP_MD_CTX_init(ctx); /* Set to 0 if no match */ ctx->macType = EvpMd2MacType(md); @@ -10522,7 +10599,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) #endif { ctx->macType = WC_HASH_TYPE_NONE; - return BAD_FUNC_ARG; + return WOLFSSL_FAILURE; } return ret; @@ -10532,7 +10609,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) int wolfSSL_EVP_DigestUpdate(WOLFSSL_EVP_MD_CTX* ctx, const void* data, size_t sz) { - int ret = WOLFSSL_FAILURE; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); enum wc_HashType macType; WOLFSSL_ENTER("EVP_DigestUpdate"); @@ -10660,7 +10737,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) int wolfSSL_EVP_DigestFinal(WOLFSSL_EVP_MD_CTX* ctx, unsigned char* md, unsigned int* s) { - int ret = WOLFSSL_FAILURE; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); enum wc_HashType macType; WOLFSSL_ENTER("EVP_DigestFinal"); @@ -10839,7 +10916,7 @@ int wolfSSL_EVP_MD_block_size(const WOLFSSL_EVP_MD* type) if (type == NULL) { WOLFSSL_MSG("No md type arg"); - return BAD_FUNC_ARG; + return WOLFSSL_FAILURE; } #ifndef NO_SHA @@ -10905,7 +10982,7 @@ int wolfSSL_EVP_MD_block_size(const WOLFSSL_EVP_MD* type) } else #endif - return BAD_FUNC_ARG; + return WOLFSSL_FAILURE; } int wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* type) @@ -10914,7 +10991,7 @@ int wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* type) if (type == NULL) { WOLFSSL_MSG("No md type arg"); - return BAD_FUNC_ARG; + return WOLFSSL_FAILURE; } #ifndef NO_SHA @@ -10990,7 +11067,7 @@ int wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* type) } #endif - return BAD_FUNC_ARG; + return WOLFSSL_FAILURE; } #endif /* OPENSSL_EXTRA || HAVE_CURL */ @@ -11108,18 +11185,12 @@ void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY* key) #ifdef HAVE_HKDF case EVP_PKEY_HKDF: - if (key->hkdfSalt != NULL) { - XFREE(key->hkdfSalt, NULL, DYNAMIC_TYPE_SALT); - key->hkdfSalt = NULL; - } - if (key->hkdfKey != NULL) { - XFREE(key->hkdfKey, NULL, DYNAMIC_TYPE_KEY); - key->hkdfKey = NULL; - } - if (key->hkdfInfo != NULL) { - XFREE(key->hkdfInfo, NULL, DYNAMIC_TYPE_INFO); - key->hkdfInfo = NULL; - } + XFREE(key->hkdfSalt, NULL, DYNAMIC_TYPE_SALT); + key->hkdfSalt = NULL; + XFREE(key->hkdfKey, NULL, DYNAMIC_TYPE_KEY); + key->hkdfKey = NULL; + XFREE(key->hkdfInfo, NULL, DYNAMIC_TYPE_INFO); + key->hkdfInfo = NULL; key->hkdfSaltSz = 0; key->hkdfKeySz = 0; key->hkdfInfoSz = 0; @@ -11279,7 +11350,7 @@ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, int indent, int bitlen, ASN1_PCTX* pctx) { byte buff[8] = { 0 }; - int res = WOLFSSL_FAILURE; + int res = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); word32 inOutIdx = 0; word32 nSz; /* size of modulus */ word32 eSz; /* size of public exponent */ @@ -11598,10 +11669,8 @@ static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, res = wolfSSL_BIO_write(out, "\n", 1) > 0; } - if (pub != NULL) { - XFREE(pub, NULL, DYNAMIC_TYPE_ECC_BUFFER); - pub = NULL; - } + XFREE(pub, NULL, DYNAMIC_TYPE_ECC_BUFFER); + pub = NULL; wc_ecc_free(key); mp_free(a); @@ -11633,7 +11702,7 @@ static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, byte buff[8] = { 0 }; int length; - int res = WOLFSSL_FAILURE; + int res = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); word32 inOutIdx = 0; word32 oid; byte tagFound; @@ -11851,7 +11920,7 @@ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, { byte buff[8] = { 0 }; - int res = WOLFSSL_FAILURE; + int res = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); word32 length; word32 inOutIdx; word32 oid; diff --git a/src/wolfcrypt/src/ext_kyber.c b/src/wolfcrypt/src/ext_kyber.c index 77ab430..0c2cb2b 100644 --- a/src/wolfcrypt/src/ext_kyber.c +++ b/src/wolfcrypt/src/ext_kyber.c @@ -1,6 +1,6 @@ /* ext_kyber.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -27,7 +27,7 @@ #include #include -#ifdef WOLFSSL_HAVE_KYBER +#if defined(WOLFSSL_HAVE_KYBER) && !defined(WOLFSSL_WC_KYBER) #include #ifdef NO_INLINE @@ -168,12 +168,6 @@ int wc_KyberKey_PrivateKeySize(KyberKey* key, word32* len) } } #endif /* HAVE_LIBOQS */ -#ifdef HAVE_PQM4 - (void)key; - if (ret == 0) { - *len = PQM4_PRIVATE_KEY_LENGTH; - } -#endif /* HAVE_PQM4 */ return ret; } @@ -216,12 +210,6 @@ int wc_KyberKey_PublicKeySize(KyberKey* key, word32* len) } } #endif /* HAVE_LIBOQS */ -#ifdef HAVE_PQM4 - (void)key; - if (ret == 0) { - *len = PQM4_PUBLIC_KEY_LENGTH; - } -#endif /* HAVE_PQM4 */ return ret; } @@ -264,12 +252,6 @@ int wc_KyberKey_CipherTextSize(KyberKey* key, word32* len) } } #endif /* HAVE_LIBOQS */ -#ifdef HAVE_PQM4 - (void)key; - if (ret == 0) { - *len = PQM4_CIPHERTEXT_LENGTH; - } -#endif /* HAVE_PQM4 */ return ret; } @@ -301,7 +283,7 @@ int wc_KyberKey_SharedSecretSize(KyberKey* key, word32* len) /** * Make a Kyber key object using a random number generator. * - * NOTE: rng is ignored. OQS and PQM4 don't use our RNG. + * NOTE: rng is ignored. OQS doesn't use our RNG. * * @param [in, out] key Kyber key ovject. * @param [in] rng Random number generator. @@ -362,14 +344,6 @@ int wc_KyberKey_MakeKey(KyberKey* key, WC_RNG* rng) wolfSSL_liboqsRngMutexUnlock(); OQS_KEM_free(kem); #endif /* HAVE_LIBOQS */ -#ifdef HAVE_PQM4 - if (ret == 0) { - if (crypto_kem_keypair(key->pub, key->priv) != 0) { - WOLFSSL_MSG("PQM4 keygen failure"); - ret = BAD_FUNC_ARG; - } - } -#endif /* HAVE_PQM4 */ if (ret != 0) { ForceZero(key, sizeof(*key)); @@ -394,7 +368,7 @@ int wc_KyberKey_MakeKeyWithRandom(KyberKey* key, const unsigned char* rand, { (void)rand; (void)len; - /* OQS and PQM4 don't support external randomness. */ + /* OQS doesn't support external randomness. */ return wc_KyberKey_MakeKey(key, NULL); } @@ -471,14 +445,6 @@ int wc_KyberKey_Encapsulate(KyberKey* key, unsigned char* ct, unsigned char* ss, wolfSSL_liboqsRngMutexUnlock(); OQS_KEM_free(kem); #endif /* HAVE_LIBOQS */ -#ifdef HAVE_PQM4 - if (ret == 0) { - if (crypto_kem_enc(ct, ss, key->pub) != 0) { - WOLFSSL_MSG("PQM4 Encapsulation failure."); - ret = BAD_FUNC_ARG; - } - } -#endif /* HAVE_PQM4 */ return ret; } @@ -501,7 +467,7 @@ int wc_KyberKey_EncapsulateWithRandom(KyberKey* key, unsigned char* ct, { (void)rand; (void)len; - /* OQS and PQM4 don't support external randomness. */ + /* OQS doesn't support external randomness. */ return wc_KyberKey_Encapsulate(key, ct, ss, NULL); } @@ -577,14 +543,6 @@ int wc_KyberKey_Decapsulate(KyberKey* key, unsigned char* ss, OQS_KEM_free(kem); #endif /* HAVE_LIBOQS */ -#ifdef HAVE_PQM4 - if (ret == 0) { - if (crypto_kem_dec(ss, ct, key->priv) != 0) { - WOLFSSL_MSG("PQM4 Decapsulation failure."); - ret = BAD_FUNC_ARG; - } - } -#endif /* HAVE_PQM4 */ return ret; @@ -750,4 +708,4 @@ int wc_KyberKey_EncodePublicKey(KyberKey* key, unsigned char* out, word32 len) return ret; } -#endif /* WOLFSSL_HAVE_KYBER */ +#endif /* WOLFSSL_HAVE_KYBER && !WOLFSSL_WC_KYBER */ diff --git a/src/wolfcrypt/src/ext_lms.c b/src/wolfcrypt/src/ext_lms.c index 7a59576..70dfa5b 100644 --- a/src/wolfcrypt/src/ext_lms.c +++ b/src/wolfcrypt/src/ext_lms.c @@ -1,6 +1,6 @@ /* ext_lms.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -27,7 +27,8 @@ #include #include -#ifdef WOLFSSL_HAVE_LMS +#if defined(WOLFSSL_HAVE_LMS) && defined(HAVE_LIBLMS) + #include #ifdef NO_INLINE @@ -1048,4 +1049,4 @@ int wc_LmsKey_Verify(LmsKey * key, const byte * sig, word32 sigSz, return 0; } -#endif /* WOLFSSL_HAVE_LMS */ +#endif /* WOLFSSL_HAVE_LMS && HAVE_LIBLMS */ diff --git a/src/wolfcrypt/src/ext_xmss.c b/src/wolfcrypt/src/ext_xmss.c index 9ce012e..938d513 100644 --- a/src/wolfcrypt/src/ext_xmss.c +++ b/src/wolfcrypt/src/ext_xmss.c @@ -1,6 +1,6 @@ /* ext_xmss.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -28,7 +28,8 @@ #include #include -#ifdef WOLFSSL_HAVE_XMSS +#if defined(WOLFSSL_HAVE_XMSS) && defined(HAVE_LIBXMSS) + #include #ifdef NO_INLINE @@ -1042,4 +1043,4 @@ int wc_XmssKey_Verify(XmssKey * key, const byte * sig, word32 sigLen, return ret; } -#endif /* WOLFSSL_HAVE_XMSS */ +#endif /* WOLFSSL_HAVE_XMSS && HAVE_LIBXMSS */ diff --git a/src/wolfcrypt/src/falcon.c b/src/wolfcrypt/src/falcon.c index 04309db..b1aabb1 100644 --- a/src/wolfcrypt/src/falcon.c +++ b/src/wolfcrypt/src/falcon.c @@ -1,6 +1,6 @@ /* falcon.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfcrypt/src/fe_448.c b/src/wolfcrypt/src/fe_448.c index 36c6096..ede162a 100644 --- a/src/wolfcrypt/src/fe_448.c +++ b/src/wolfcrypt/src/fe_448.c @@ -1,6 +1,6 @@ /* fe_448.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfcrypt/src/fe_low_mem.c b/src/wolfcrypt/src/fe_low_mem.c index 3556639..ad10a0e 100644 --- a/src/wolfcrypt/src/fe_low_mem.c +++ b/src/wolfcrypt/src/fe_low_mem.c @@ -1,6 +1,6 @@ /* fe_low_mem.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfcrypt/src/fe_operations.c b/src/wolfcrypt/src/fe_operations.c index 704b455..2910151 100644 --- a/src/wolfcrypt/src/fe_operations.c +++ b/src/wolfcrypt/src/fe_operations.c @@ -1,6 +1,6 @@ /* fe_operations.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfcrypt/src/ge_448.c b/src/wolfcrypt/src/ge_448.c index d2033af..415928f 100644 --- a/src/wolfcrypt/src/ge_448.c +++ b/src/wolfcrypt/src/ge_448.c @@ -1,6 +1,6 @@ /* ge_448.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -10781,18 +10781,10 @@ int ge448_double_scalarmult_vartime(ge448_p2 *r, const byte *a, } #if defined(WOLFSSL_SMALL_STACK) && (!defined(WOLFSSL_NO_MALLOC) || defined(XMALLOC_USER)) - if (p2 != NULL) { - XFREE(p2, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } - if (pi != NULL) { - XFREE(pi, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } - if (bslide != NULL) { - XFREE(bslide, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } - if (aslide != NULL) { - XFREE(aslide, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(p2, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pi, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(bslide, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(aslide, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return ret; diff --git a/src/wolfcrypt/src/ge_low_mem.c b/src/wolfcrypt/src/ge_low_mem.c index abe6ea6..df747a1 100644 --- a/src/wolfcrypt/src/ge_low_mem.c +++ b/src/wolfcrypt/src/ge_low_mem.c @@ -1,6 +1,6 @@ /* ge_low_mem.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfcrypt/src/ge_operations.c b/src/wolfcrypt/src/ge_operations.c index 57a838c..bcf9d35 100644 --- a/src/wolfcrypt/src/ge_operations.c +++ b/src/wolfcrypt/src/ge_operations.c @@ -1,6 +1,6 @@ /* ge_operations.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -9470,18 +9470,12 @@ int ge_double_scalarmult_vartime(ge_p2 *r, const unsigned char *a, #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) out: - if (aslide != NULL) - XFREE(aslide, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (bslide != NULL) - XFREE(bslide, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (Ai != NULL) - XFREE(Ai, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (t != NULL) - XFREE(t, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (u != NULL) - XFREE(u, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (A2 != NULL) - XFREE(A2, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(aslide, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(bslide, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(Ai, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(t, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(u, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(A2, NULL, DYNAMIC_TYPE_TMP_BUFFER); return ret; #else diff --git a/src/wolfcrypt/src/hash.c b/src/wolfcrypt/src/hash.c index bc69c3b..b16c47d 100644 --- a/src/wolfcrypt/src/hash.c +++ b/src/wolfcrypt/src/hash.c @@ -1,6 +1,6 @@ /* hash.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -686,6 +686,44 @@ int wc_Hash(enum wc_HashType hash_type, const byte* data, NULL, INVALID_DEVID); } +#ifndef WC_NO_CONSTRUCTORS +wc_HashAlg* wc_HashNew(enum wc_HashType type, void* heap, int devId, + int *result_code) +{ + int ret; + wc_HashAlg* hash = (wc_HashAlg*)XMALLOC(sizeof(wc_HashAlg), heap, + DYNAMIC_TYPE_HASHES); + if (hash == NULL) { + ret = MEMORY_E; + } + else { + ret = wc_HashInit_ex(hash, type, heap, devId); + if (ret != 0) { + XFREE(hash, heap, DYNAMIC_TYPE_HASHES); + hash = NULL; + } + } + + if (result_code != NULL) + *result_code = ret; + + return hash; +} + +int wc_HashDelete(wc_HashAlg *hash, wc_HashAlg **hash_p) { + int ret; + if (hash == NULL) + return BAD_FUNC_ARG; + ret = wc_HashFree(hash, hash->type); + if (ret < 0) + return ret; + XFREE(hash, hash->heap, DYNAMIC_TYPE_HASHES); + if (hash_p != NULL) + *hash_p = NULL; + return 0; +} +#endif /* !WC_NO_CONSTRUCTORS */ + int wc_HashInit_ex(wc_HashAlg* hash, enum wc_HashType type, void* heap, int devId) { @@ -694,42 +732,50 @@ int wc_HashInit_ex(wc_HashAlg* hash, enum wc_HashType type, void* heap, if (hash == NULL) return BAD_FUNC_ARG; + hash->type = type; + +#ifdef WC_NO_CONSTRUCTORS + (void)heap; +#else + hash->heap = heap; +#endif + switch (type) { case WC_HASH_TYPE_MD5: #ifndef NO_MD5 - ret = wc_InitMd5_ex(&hash->md5, heap, devId); + ret = wc_InitMd5_ex(&hash->alg.md5, heap, devId); #endif break; case WC_HASH_TYPE_SHA: #ifndef NO_SHA - ret = wc_InitSha_ex(&hash->sha, heap, devId); + ret = wc_InitSha_ex(&hash->alg.sha, heap, devId); #endif break; case WC_HASH_TYPE_SHA224: #ifdef WOLFSSL_SHA224 - ret = wc_InitSha224_ex(&hash->sha224, heap, devId); + ret = wc_InitSha224_ex(&hash->alg.sha224, heap, devId); #endif break; case WC_HASH_TYPE_SHA256: #ifndef NO_SHA256 - ret = wc_InitSha256_ex(&hash->sha256, heap, devId); + ret = wc_InitSha256_ex(&hash->alg.sha256, heap, devId); #endif break; case WC_HASH_TYPE_SHA384: #ifdef WOLFSSL_SHA384 - ret = wc_InitSha384_ex(&hash->sha384, heap, devId); + ret = wc_InitSha384_ex(&hash->alg.sha384, heap, devId); #endif break; case WC_HASH_TYPE_SHA512: #ifdef WOLFSSL_SHA512 - ret = wc_InitSha512_ex(&hash->sha512, heap, devId); + ret = wc_InitSha512_ex(&hash->alg.sha512, heap, devId); #endif break; #ifndef WOLFSSL_NOSHA512_224 case WC_HASH_TYPE_SHA512_224: #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) - ret = wc_InitSha512_224_ex(&hash->sha512, heap, devId); + ret = wc_InitSha512_224_ex(&hash->alg.sha512, heap, devId); #endif #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ break; @@ -738,35 +784,35 @@ int wc_HashInit_ex(wc_HashAlg* hash, enum wc_HashType type, void* heap, case WC_HASH_TYPE_SHA512_256: #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) - ret = wc_InitSha512_256_ex(&hash->sha512, heap, devId); + ret = wc_InitSha512_256_ex(&hash->alg.sha512, heap, devId); #endif #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ break; #endif case WC_HASH_TYPE_SHA3_224: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224) - ret = wc_InitSha3_224(&hash->sha3, heap, devId); + ret = wc_InitSha3_224(&hash->alg.sha3, heap, devId); #endif break; case WC_HASH_TYPE_SHA3_256: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) - ret = wc_InitSha3_256(&hash->sha3, heap, devId); + ret = wc_InitSha3_256(&hash->alg.sha3, heap, devId); #endif break; case WC_HASH_TYPE_SHA3_384: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384) - ret = wc_InitSha3_384(&hash->sha3, heap, devId); + ret = wc_InitSha3_384(&hash->alg.sha3, heap, devId); #endif break; case WC_HASH_TYPE_SHA3_512: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512) - ret = wc_InitSha3_512(&hash->sha3, heap, devId); + ret = wc_InitSha3_512(&hash->alg.sha3, heap, devId); #endif break; #ifdef WOLFSSL_SM3 case WC_HASH_TYPE_SM3: - ret = wc_InitSm3(&hash->sm3, heap, devId); + ret = wc_InitSm3(&hash->alg.sm3, heap, devId); break; #endif @@ -787,7 +833,6 @@ int wc_HashInit_ex(wc_HashAlg* hash, enum wc_HashType type, void* heap, ret = BAD_FUNC_ARG; }; - (void)heap; (void)devId; return ret; @@ -806,42 +851,49 @@ int wc_HashUpdate(wc_HashAlg* hash, enum wc_HashType type, const byte* data, if (hash == NULL || (data == NULL && dataSz > 0)) return BAD_FUNC_ARG; +#ifdef DEBUG_WOLFSSL + if (hash->type != type) { + WOLFSSL_MSG("Hash update type mismatch!"); + return BAD_FUNC_ARG; + } +#endif + switch (type) { case WC_HASH_TYPE_MD5: #ifndef NO_MD5 - ret = wc_Md5Update(&hash->md5, data, dataSz); + ret = wc_Md5Update(&hash->alg.md5, data, dataSz); #endif break; case WC_HASH_TYPE_SHA: #ifndef NO_SHA - ret = wc_ShaUpdate(&hash->sha, data, dataSz); + ret = wc_ShaUpdate(&hash->alg.sha, data, dataSz); #endif break; case WC_HASH_TYPE_SHA224: #ifdef WOLFSSL_SHA224 - ret = wc_Sha224Update(&hash->sha224, data, dataSz); + ret = wc_Sha224Update(&hash->alg.sha224, data, dataSz); #endif break; case WC_HASH_TYPE_SHA256: #ifndef NO_SHA256 - ret = wc_Sha256Update(&hash->sha256, data, dataSz); + ret = wc_Sha256Update(&hash->alg.sha256, data, dataSz); #endif break; case WC_HASH_TYPE_SHA384: #ifdef WOLFSSL_SHA384 - ret = wc_Sha384Update(&hash->sha384, data, dataSz); + ret = wc_Sha384Update(&hash->alg.sha384, data, dataSz); #endif break; case WC_HASH_TYPE_SHA512: #ifdef WOLFSSL_SHA512 - ret = wc_Sha512Update(&hash->sha512, data, dataSz); + ret = wc_Sha512Update(&hash->alg.sha512, data, dataSz); #endif break; #ifndef WOLFSSL_NOSHA512_224 case WC_HASH_TYPE_SHA512_224: #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) - ret = wc_Sha512_224Update(&hash->sha512, data, dataSz); + ret = wc_Sha512_224Update(&hash->alg.sha512, data, dataSz); #endif #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ break; @@ -850,35 +902,35 @@ int wc_HashUpdate(wc_HashAlg* hash, enum wc_HashType type, const byte* data, case WC_HASH_TYPE_SHA512_256: #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) - ret = wc_Sha512_256Update(&hash->sha512, data, dataSz); + ret = wc_Sha512_256Update(&hash->alg.sha512, data, dataSz); #endif #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ break; #endif case WC_HASH_TYPE_SHA3_224: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224) - ret = wc_Sha3_224_Update(&hash->sha3, data, dataSz); + ret = wc_Sha3_224_Update(&hash->alg.sha3, data, dataSz); #endif break; case WC_HASH_TYPE_SHA3_256: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) - ret = wc_Sha3_256_Update(&hash->sha3, data, dataSz); + ret = wc_Sha3_256_Update(&hash->alg.sha3, data, dataSz); #endif break; case WC_HASH_TYPE_SHA3_384: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384) - ret = wc_Sha3_384_Update(&hash->sha3, data, dataSz); + ret = wc_Sha3_384_Update(&hash->alg.sha3, data, dataSz); #endif break; case WC_HASH_TYPE_SHA3_512: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512) - ret = wc_Sha3_512_Update(&hash->sha3, data, dataSz); + ret = wc_Sha3_512_Update(&hash->alg.sha3, data, dataSz); #endif break; #ifdef WOLFSSL_SM3 case WC_HASH_TYPE_SM3: - ret = wc_Sm3Update(&hash->sm3, data, dataSz); + ret = wc_Sm3Update(&hash->alg.sm3, data, dataSz); break; #endif @@ -909,42 +961,49 @@ int wc_HashFinal(wc_HashAlg* hash, enum wc_HashType type, byte* out) if (hash == NULL || out == NULL) return BAD_FUNC_ARG; +#ifdef DEBUG_WOLFSSL + if (hash->type != type) { + WOLFSSL_MSG("Hash final type mismatch!"); + return BAD_FUNC_ARG; + } +#endif + switch (type) { case WC_HASH_TYPE_MD5: #ifndef NO_MD5 - ret = wc_Md5Final(&hash->md5, out); + ret = wc_Md5Final(&hash->alg.md5, out); #endif break; case WC_HASH_TYPE_SHA: #ifndef NO_SHA - ret = wc_ShaFinal(&hash->sha, out); + ret = wc_ShaFinal(&hash->alg.sha, out); #endif break; case WC_HASH_TYPE_SHA224: #ifdef WOLFSSL_SHA224 - ret = wc_Sha224Final(&hash->sha224, out); + ret = wc_Sha224Final(&hash->alg.sha224, out); #endif break; case WC_HASH_TYPE_SHA256: #ifndef NO_SHA256 - ret = wc_Sha256Final(&hash->sha256, out); + ret = wc_Sha256Final(&hash->alg.sha256, out); #endif break; case WC_HASH_TYPE_SHA384: #ifdef WOLFSSL_SHA384 - ret = wc_Sha384Final(&hash->sha384, out); + ret = wc_Sha384Final(&hash->alg.sha384, out); #endif break; case WC_HASH_TYPE_SHA512: #ifdef WOLFSSL_SHA512 - ret = wc_Sha512Final(&hash->sha512, out); + ret = wc_Sha512Final(&hash->alg.sha512, out); #endif break; #ifndef WOLFSSL_NOSHA512_224 case WC_HASH_TYPE_SHA512_224: #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) - ret = wc_Sha512_224Final(&hash->sha512, out); + ret = wc_Sha512_224Final(&hash->alg.sha512, out); #endif #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ break; @@ -953,35 +1012,35 @@ int wc_HashFinal(wc_HashAlg* hash, enum wc_HashType type, byte* out) case WC_HASH_TYPE_SHA512_256: #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) - ret = wc_Sha512_256Final(&hash->sha512, out); + ret = wc_Sha512_256Final(&hash->alg.sha512, out); #endif #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ break; #endif case WC_HASH_TYPE_SHA3_224: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224) - ret = wc_Sha3_224_Final(&hash->sha3, out); + ret = wc_Sha3_224_Final(&hash->alg.sha3, out); #endif break; case WC_HASH_TYPE_SHA3_256: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) - ret = wc_Sha3_256_Final(&hash->sha3, out); + ret = wc_Sha3_256_Final(&hash->alg.sha3, out); #endif break; case WC_HASH_TYPE_SHA3_384: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384) - ret = wc_Sha3_384_Final(&hash->sha3, out); + ret = wc_Sha3_384_Final(&hash->alg.sha3, out); #endif break; case WC_HASH_TYPE_SHA3_512: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512) - ret = wc_Sha3_512_Final(&hash->sha3, out); + ret = wc_Sha3_512_Final(&hash->alg.sha3, out); #endif break; #ifdef WOLFSSL_SM3 case WC_HASH_TYPE_SM3: - ret = wc_Sm3Final(&hash->sm3, out); + ret = wc_Sm3Final(&hash->alg.sm3, out); break; #endif @@ -1012,40 +1071,47 @@ int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type) if (hash == NULL) return BAD_FUNC_ARG; +#ifdef DEBUG_WOLFSSL + if (hash->type != type) { + WOLFSSL_MSG("Hash free type mismatch!"); + return BAD_FUNC_ARG; + } +#endif + switch (type) { case WC_HASH_TYPE_MD5: #ifndef NO_MD5 - wc_Md5Free(&hash->md5); + wc_Md5Free(&hash->alg.md5); ret = 0; #endif break; case WC_HASH_TYPE_SHA: #ifndef NO_SHA - wc_ShaFree(&hash->sha); + wc_ShaFree(&hash->alg.sha); ret = 0; #endif break; case WC_HASH_TYPE_SHA224: #ifdef WOLFSSL_SHA224 - wc_Sha224Free(&hash->sha224); + wc_Sha224Free(&hash->alg.sha224); ret = 0; #endif break; case WC_HASH_TYPE_SHA256: #ifndef NO_SHA256 - wc_Sha256Free(&hash->sha256); + wc_Sha256Free(&hash->alg.sha256); ret = 0; #endif break; case WC_HASH_TYPE_SHA384: #ifdef WOLFSSL_SHA384 - wc_Sha384Free(&hash->sha384); + wc_Sha384Free(&hash->alg.sha384); ret = 0; #endif break; case WC_HASH_TYPE_SHA512: #ifdef WOLFSSL_SHA512 - wc_Sha512Free(&hash->sha512); + wc_Sha512Free(&hash->alg.sha512); ret = 0; #endif break; @@ -1053,7 +1119,7 @@ int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type) case WC_HASH_TYPE_SHA512_224: #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) - wc_Sha512_224Free(&hash->sha512); + wc_Sha512_224Free(&hash->alg.sha512); ret = 0; #endif #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ @@ -1063,7 +1129,7 @@ int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type) case WC_HASH_TYPE_SHA512_256: #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) - wc_Sha512_256Free(&hash->sha512); + wc_Sha512_256Free(&hash->alg.sha512); ret = 0; #endif #endif /* !HAVE_FIPS && !HAVE_SELFTEST */ @@ -1071,32 +1137,32 @@ int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type) #endif case WC_HASH_TYPE_SHA3_224: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224) - wc_Sha3_224_Free(&hash->sha3); + wc_Sha3_224_Free(&hash->alg.sha3); ret = 0; #endif break; case WC_HASH_TYPE_SHA3_256: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) - wc_Sha3_256_Free(&hash->sha3); + wc_Sha3_256_Free(&hash->alg.sha3); ret = 0; #endif break; case WC_HASH_TYPE_SHA3_384: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384) - wc_Sha3_384_Free(&hash->sha3); + wc_Sha3_384_Free(&hash->alg.sha3); ret = 0; #endif break; case WC_HASH_TYPE_SHA3_512: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512) - wc_Sha3_512_Free(&hash->sha3); + wc_Sha3_512_Free(&hash->alg.sha3); ret = 0; #endif break; #ifdef WOLFSSL_SM3 case WC_HASH_TYPE_SM3: - wc_Sm3Free(&hash->sm3); + wc_Sm3Free(&hash->alg.sm3); ret = 0; break; #endif @@ -1132,27 +1198,27 @@ int wc_HashSetFlags(wc_HashAlg* hash, enum wc_HashType type, word32 flags) switch (type) { case WC_HASH_TYPE_MD5: #ifndef NO_MD5 - ret = wc_Md5SetFlags(&hash->md5, flags); + ret = wc_Md5SetFlags(&hash->alg.md5, flags); #endif break; case WC_HASH_TYPE_SHA: #ifndef NO_SHA - ret = wc_ShaSetFlags(&hash->sha, flags); + ret = wc_ShaSetFlags(&hash->alg.sha, flags); #endif break; case WC_HASH_TYPE_SHA224: #ifdef WOLFSSL_SHA224 - ret = wc_Sha224SetFlags(&hash->sha224, flags); + ret = wc_Sha224SetFlags(&hash->alg.sha224, flags); #endif break; case WC_HASH_TYPE_SHA256: #ifndef NO_SHA256 - ret = wc_Sha256SetFlags(&hash->sha256, flags); + ret = wc_Sha256SetFlags(&hash->alg.sha256, flags); #endif break; case WC_HASH_TYPE_SHA384: #ifdef WOLFSSL_SHA384 - ret = wc_Sha384SetFlags(&hash->sha384, flags); + ret = wc_Sha384SetFlags(&hash->alg.sha384, flags); #endif break; case WC_HASH_TYPE_SHA512: @@ -1163,7 +1229,7 @@ int wc_HashSetFlags(wc_HashAlg* hash, enum wc_HashType type, word32 flags) case WC_HASH_TYPE_SHA512_256: #endif #ifdef WOLFSSL_SHA512 - ret = wc_Sha512SetFlags(&hash->sha512, flags); + ret = wc_Sha512SetFlags(&hash->alg.sha512, flags); #endif break; @@ -1172,13 +1238,13 @@ int wc_HashSetFlags(wc_HashAlg* hash, enum wc_HashType type, word32 flags) case WC_HASH_TYPE_SHA3_384: case WC_HASH_TYPE_SHA3_512: #ifdef WOLFSSL_SHA3 - ret = wc_Sha3_SetFlags(&hash->sha3, flags); + ret = wc_Sha3_SetFlags(&hash->alg.sha3, flags); #endif break; #ifdef WOLFSSL_SM3 case WC_HASH_TYPE_SM3: - ret = wc_Sm3SetFlags(&hash->sm3, flags); + ret = wc_Sm3SetFlags(&hash->alg.sm3, flags); break; #endif @@ -1211,27 +1277,27 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags) switch (type) { case WC_HASH_TYPE_MD5: #ifndef NO_MD5 - ret = wc_Md5GetFlags(&hash->md5, flags); + ret = wc_Md5GetFlags(&hash->alg.md5, flags); #endif break; case WC_HASH_TYPE_SHA: #ifndef NO_SHA - ret = wc_ShaGetFlags(&hash->sha, flags); + ret = wc_ShaGetFlags(&hash->alg.sha, flags); #endif break; case WC_HASH_TYPE_SHA224: #ifdef WOLFSSL_SHA224 - ret = wc_Sha224GetFlags(&hash->sha224, flags); + ret = wc_Sha224GetFlags(&hash->alg.sha224, flags); #endif break; case WC_HASH_TYPE_SHA256: #ifndef NO_SHA256 - ret = wc_Sha256GetFlags(&hash->sha256, flags); + ret = wc_Sha256GetFlags(&hash->alg.sha256, flags); #endif break; case WC_HASH_TYPE_SHA384: #ifdef WOLFSSL_SHA384 - ret = wc_Sha384GetFlags(&hash->sha384, flags); + ret = wc_Sha384GetFlags(&hash->alg.sha384, flags); #endif break; case WC_HASH_TYPE_SHA512: @@ -1242,7 +1308,7 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags) case WC_HASH_TYPE_SHA512_256: #endif #ifdef WOLFSSL_SHA512 - ret = wc_Sha512GetFlags(&hash->sha512, flags); + ret = wc_Sha512GetFlags(&hash->alg.sha512, flags); #endif break; @@ -1251,13 +1317,13 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags) case WC_HASH_TYPE_SHA3_384: case WC_HASH_TYPE_SHA3_512: #ifdef WOLFSSL_SHA3 - ret = wc_Sha3_GetFlags(&hash->sha3, flags); + ret = wc_Sha3_GetFlags(&hash->alg.sha3, flags); #endif break; #ifdef WOLFSSL_SM3 case WC_HASH_TYPE_SM3: - ret = wc_Sm3GetFlags(&hash->sm3, flags); + ret = wc_Sm3GetFlags(&hash->alg.sm3, flags); break; #endif diff --git a/src/wolfcrypt/src/hmac.c b/src/wolfcrypt/src/hmac.c index fb71bf3..47f8f13 100644 --- a/src/wolfcrypt/src/hmac.c +++ b/src/wolfcrypt/src/hmac.c @@ -1,6 +1,6 @@ /* hmac.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfcrypt/src/hpke.c b/src/wolfcrypt/src/hpke.c index 15e8d85..450ee73 100644 --- a/src/wolfcrypt/src/hpke.c +++ b/src/wolfcrypt/src/hpke.c @@ -1,6 +1,6 @@ /* hpke.c * - * Copyright (C) 2006-2022 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfcrypt/src/integer.c b/src/wolfcrypt/src/integer.c index dadfeb4..3deeaeb 100644 --- a/src/wolfcrypt/src/integer.c +++ b/src/wolfcrypt/src/integer.c @@ -1,6 +1,6 @@ /* integer.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfcrypt/src/kdf.c b/src/wolfcrypt/src/kdf.c index 9edf3a5..1bb338e 100644 --- a/src/wolfcrypt/src/kdf.c +++ b/src/wolfcrypt/src/kdf.c @@ -1,6 +1,6 @@ /* kdf.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -84,11 +84,9 @@ int wc_PRF(byte* result, word32 resLen, const byte* secret, word32 lastTime; int ret = 0; #ifdef WOLFSSL_SMALL_STACK - byte* previous; byte* current; Hmac* hmac; #else - byte previous[P_HASH_MAX_SIZE]; /* max size */ byte current[P_HASH_MAX_SIZE]; /* max size */ Hmac hmac[1]; #endif @@ -153,19 +151,16 @@ int wc_PRF(byte* result, word32 resLen, const byte* secret, lastTime = times - 1; #ifdef WOLFSSL_SMALL_STACK - previous = (byte*)XMALLOC(P_HASH_MAX_SIZE, heap, DYNAMIC_TYPE_DIGEST); - current = (byte*)XMALLOC(P_HASH_MAX_SIZE, heap, DYNAMIC_TYPE_DIGEST); - hmac = (Hmac*)XMALLOC(sizeof(Hmac), heap, DYNAMIC_TYPE_HMAC); - if (previous == NULL || current == NULL || hmac == NULL) { - if (previous) XFREE(previous, heap, DYNAMIC_TYPE_DIGEST); - if (current) XFREE(current, heap, DYNAMIC_TYPE_DIGEST); - if (hmac) XFREE(hmac, heap, DYNAMIC_TYPE_HMAC); + current = (byte*)XMALLOC(P_HASH_MAX_SIZE, heap, DYNAMIC_TYPE_DIGEST); + hmac = (Hmac*)XMALLOC(sizeof(Hmac), heap, DYNAMIC_TYPE_HMAC); + if (current == NULL || hmac == NULL) { + XFREE(current, heap, DYNAMIC_TYPE_DIGEST); + XFREE(hmac, heap, DYNAMIC_TYPE_HMAC); return MEMORY_E; } #endif #ifdef WOLFSSL_CHECK_MEM_ZERO - XMEMSET(previous, 0xff, P_HASH_MAX_SIZE); - wc_MemZero_Add("wc_PRF previous", previous, P_HASH_MAX_SIZE); + XMEMSET(current, 0xff, P_HASH_MAX_SIZE); wc_MemZero_Add("wc_PRF current", current, P_HASH_MAX_SIZE); wc_MemZero_Add("wc_PRF hmac", hmac, sizeof(Hmac)); #endif @@ -176,53 +171,53 @@ int wc_PRF(byte* result, word32 resLen, const byte* secret, if (ret == 0) ret = wc_HmacUpdate(hmac, seed, seedLen); /* A0 = seed */ if (ret == 0) - ret = wc_HmacFinal(hmac, previous); /* A1 */ + ret = wc_HmacFinal(hmac, current); /* A1 */ if (ret == 0) { word32 i; word32 idx = 0; for (i = 0; i < times; i++) { - ret = wc_HmacUpdate(hmac, previous, len); + ret = wc_HmacUpdate(hmac, current, len); if (ret != 0) break; ret = wc_HmacUpdate(hmac, seed, seedLen); if (ret != 0) break; - ret = wc_HmacFinal(hmac, current); - if (ret != 0) - break; - - if ((i == lastTime) && lastLen) - XMEMCPY(&result[idx], current, - min(lastLen, P_HASH_MAX_SIZE)); - else { - XMEMCPY(&result[idx], current, len); + if ((i != lastTime) || !lastLen) { + ret = wc_HmacFinal(hmac, &result[idx]); + if (ret != 0) + break; idx += len; - ret = wc_HmacUpdate(hmac, previous, len); + + ret = wc_HmacUpdate(hmac, current, len); if (ret != 0) break; - ret = wc_HmacFinal(hmac, previous); + ret = wc_HmacFinal(hmac, current); if (ret != 0) break; } + else { + ret = wc_HmacFinal(hmac, current); + if (ret != 0) + break; + XMEMCPY(&result[idx], current, + min(lastLen, P_HASH_MAX_SIZE)); + } } } wc_HmacFree(hmac); } - ForceZero(previous, P_HASH_MAX_SIZE); - ForceZero(current, P_HASH_MAX_SIZE); - ForceZero(hmac, sizeof(Hmac)); + ForceZero(current, P_HASH_MAX_SIZE); + ForceZero(hmac, sizeof(Hmac)); #if defined(WOLFSSL_CHECK_MEM_ZERO) - wc_MemZero_Check(previous, P_HASH_MAX_SIZE); - wc_MemZero_Check(current, P_HASH_MAX_SIZE); - wc_MemZero_Check(hmac, sizeof(Hmac)); + wc_MemZero_Check(current, P_HASH_MAX_SIZE); + wc_MemZero_Check(hmac, sizeof(Hmac)); #endif #ifdef WOLFSSL_SMALL_STACK - XFREE(previous, heap, DYNAMIC_TYPE_DIGEST); - XFREE(current, heap, DYNAMIC_TYPE_DIGEST); + XFREE(current, heap, DYNAMIC_TYPE_DIGEST); XFREE(hmac, heap, DYNAMIC_TYPE_HMAC); #endif diff --git a/src/wolfcrypt/src/logging.c b/src/wolfcrypt/src/logging.c index de87dbf..d548cd6 100644 --- a/src/wolfcrypt/src/logging.c +++ b/src/wolfcrypt/src/logging.c @@ -1,6 +1,6 @@ /* logging.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -471,26 +471,48 @@ void WOLFSSL_BUFFER(const byte* buffer, word32 length) while (buflen > 0) { int bufidx = 0; - XSNPRINTF(&line[bufidx], sizeof(line)-bufidx, "\t"); + if (XSNPRINTF(&line[bufidx], sizeof(line)-bufidx, "\t") + >= (int)sizeof(line) - bufidx) + { + goto errout; + } bufidx++; for (i = 0; i < LINE_LEN; i++) { if (i < buflen) { - XSNPRINTF(&line[bufidx], sizeof(line)-bufidx, "%02x ", buffer[i]); + if (XSNPRINTF(&line[bufidx], sizeof(line)-bufidx, "%02x ", + buffer[i]) >= (int)sizeof(line) - bufidx) + { + goto errout; + } } else { - XSNPRINTF(&line[bufidx], sizeof(line)-bufidx, " "); + if (XSNPRINTF(&line[bufidx], sizeof(line)-bufidx, " ") + >= (int)sizeof(line) - bufidx) + { + goto errout; + } } bufidx += 3; } - XSNPRINTF(&line[bufidx], sizeof(line)-bufidx, "| "); + if (XSNPRINTF(&line[bufidx], sizeof(line)-bufidx, "| ") + >= (int)sizeof(line) - bufidx) + { + goto errout; + } bufidx++; for (i = 0; i < LINE_LEN; i++) { if (i < buflen) { - XSNPRINTF(&line[bufidx], sizeof(line)-bufidx, - "%c", 31 < buffer[i] && buffer[i] < 127 ? buffer[i] : '.'); + if (XSNPRINTF(&line[bufidx], sizeof(line)-bufidx, + "%c", 31 < buffer[i] && buffer[i] < 127 + ? buffer[i] + : '.') + >= (int)sizeof(line) - bufidx) + { + goto errout; + } bufidx++; } } @@ -499,6 +521,12 @@ void WOLFSSL_BUFFER(const byte* buffer, word32 length) buffer += LINE_LEN; buflen -= LINE_LEN; } + + return; + +errout: + + wolfssl_log(INFO_LOG, NULL, 0, "\t[Buffer error while rendering]"); } #undef WOLFSSL_ENTER /* undo WOLFSSL_DEBUG_CODEPOINTS wrapper */ @@ -506,7 +534,11 @@ void WOLFSSL_ENTER(const char* msg) { if (loggingEnabled) { char buffer[WOLFSSL_MAX_ERROR_SZ]; - XSNPRINTF(buffer, sizeof(buffer), "wolfSSL Entering %s", msg); + if (XSNPRINTF(buffer, sizeof(buffer), "wolfSSL Entering %s", msg) + >= (int)sizeof(buffer)) + { + buffer[sizeof(buffer) - 1] = 0; + } wolfssl_log(ENTER_LOG, NULL, 0, buffer); } } @@ -516,7 +548,11 @@ void WOLFSSL_ENTER2(const char *file, int line, const char* msg) { if (loggingEnabled) { char buffer[WOLFSSL_MAX_ERROR_SZ]; - XSNPRINTF(buffer, sizeof(buffer), "wolfSSL Entering %s", msg); + if (XSNPRINTF(buffer, sizeof(buffer), "wolfSSL Entering %s", msg) + >= (int)sizeof(buffer)) + { + buffer[sizeof(buffer) - 1] = 0; + } wolfssl_log(ENTER_LOG, file, line, buffer); } } @@ -527,8 +563,12 @@ void WOLFSSL_LEAVE(const char* msg, int ret) { if (loggingEnabled) { char buffer[WOLFSSL_MAX_ERROR_SZ]; - XSNPRINTF(buffer, sizeof(buffer), "wolfSSL Leaving %s, return %d", - msg, ret); + if (XSNPRINTF(buffer, sizeof(buffer), "wolfSSL Leaving %s, return %d", + msg, ret) + >= (int)sizeof(buffer)) + { + buffer[sizeof(buffer) - 1] = 0; + } wolfssl_log(LEAVE_LOG, NULL, 0, buffer); } } @@ -538,8 +578,12 @@ void WOLFSSL_LEAVE2(const char *file, int line, const char* msg, int ret) { if (loggingEnabled) { char buffer[WOLFSSL_MAX_ERROR_SZ]; - XSNPRINTF(buffer, sizeof(buffer), "wolfSSL Leaving %s, return %d", - msg, ret); + if (XSNPRINTF(buffer, sizeof(buffer), "wolfSSL Leaving %s, return %d", + msg, ret) + >= (int)sizeof(buffer)) + { + buffer[sizeof(buffer) - 1] = 0; + } wolfssl_log(LEAVE_LOG, file, line, buffer); } } @@ -1674,3 +1718,144 @@ void WOLFSSL_ERROR_MSG(const char* msg) } #endif /* DEBUG_WOLFSSL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ + +#ifdef WOLFSSL_DEBUG_BACKTRACE_ERROR_CODES + +#ifdef WOLFSSL_LINUXKM + +void wc_backtrace_render(void) { + dump_stack(); +} + +#else /* !WOLFSSL_LINUXKM */ + +#include + +#if BACKTRACE_SUPPORTED != 1 + #error WOLFSSL_DEBUG_BACKTRACE_ERROR_CODES is defined but BACKTRACE_SUPPORTED is 0. +#endif + +#if !defined(WOLFSSL_MUTEX_INITIALIZER) && defined(WOLFSSL_NO_ATOMICS) + #error WOLFSSL_DEBUG_BACKTRACE_ERROR_CODES requires WOLFSSL_MUTEX_INITIALIZER or wolfSSL_Atomic_Ints. +#endif + +#include + +static int backtrace_callback(void *data, uintptr_t pc, const char *filename, + int lineno, const char *function) +{ + if (function == NULL) + return 0; + /* the first callback is for the call to wc_print_backtrace() -- skip it. */ + if (*(int *)data == 0) { + *(int *)data = 1; + return 0; + } +#ifdef NO_STDIO_FILESYSTEM + printf(" #%d %p in %s %s:%d\n", (*(int *)data)++, (void *)pc, + function, filename, lineno); +#else + fprintf(stderr, " #%d %p in %s %s:%d\n", (*(int *)data)++, (void *)pc, + function, filename, lineno); +#endif + return 0; +} + +static void backtrace_error(void *data, const char *msg, int errnum) { + (void)data; +#ifdef NO_STDIO_FILESYSTEM + printf("ERR TRACE: error %d while backtracing: %s", errnum, msg); +#else + fprintf(stderr, "ERR TRACE: error %d while backtracing: %s", errnum, msg); +#endif +} + +static void backtrace_creation_error(void *data, const char *msg, int errnum) { + (void)data; +#ifdef NO_STDIO_FILESYSTEM + printf("ERR TRACE: internal error %d " + "while initializing backtrace facility: %s", errnum, msg); + printf("ERR TRACE: internal error " + "while initializing backtrace facility"); +#else + fprintf(stderr, "ERR TRACE: internal error %d " + "while initializing backtrace facility: %s", errnum, msg); +#endif +} + +static int backtrace_init(struct backtrace_state **backtrace_state) { +#ifdef WOLFSSL_MUTEX_INITIALIZER + static wolfSSL_Mutex backtrace_create_state_mutex = + WOLFSSL_MUTEX_INITIALIZER(backtrace_create_state_mutex); + if (wc_LockMutex(&backtrace_create_state_mutex) != 0) + return -1; +#elif defined(WOLFSSL_ATOMIC_OPS) + static wolfSSL_Atomic_Int init_count = 0; + if (wolfSSL_Atomic_Int_FetchAdd(&init_count, 1) != 1) + return -1; +#endif + if (*backtrace_state == NULL) { + /* passing a NULL filename to backtrace_create_state() tells + * libbacktrace to use a target-specific strategy to determine the + * executable. "libbacktrace supports ELF, PE/COFF, Mach-O, and XCOFF + * executables with DWARF debugging information. In other words, it + * supports GNU/Linux, *BSD, macOS, Windows, and AIX." + */ + *backtrace_state = backtrace_create_state( + NULL, 0, backtrace_creation_error, NULL); + } +#ifdef WOLFSSL_MUTEX_INITIALIZER + wc_UnLockMutex(&backtrace_create_state_mutex); +#endif + if (*backtrace_state == NULL) + return -1; + return 0; +} + +void wc_backtrace_render(void) { + static wolfSSL_Mutex backtrace_mutex + WOLFSSL_MUTEX_INITIALIZER_CLAUSE(backtrace_mutex); + static struct backtrace_state *backtrace_state = NULL; + int depth = 0; + +#ifndef WOLFSSL_MUTEX_INITIALIZER + static wolfSSL_Atomic_Int init_count = 0; + if (init_count != 1) { + int cur_init_count = wolfSSL_Atomic_Int_FetchSub(&init_count, 1); + if (cur_init_count != 0) { + (void)wolfSSL_Atomic_Int_FetchAdd(&init_count, 1); + return; + } + if (wc_InitMutex(&backtrace_mutex) != 0) + return; + /* set init_count to 1, race-free: (-1) - (0-2) = 1 */ + (void)wolfSSL_Atomic_Int_FetchSub(&init_count, cur_init_count - 2); + } +#endif + + /* backtrace_state can't be shared between threads even when + * BACKTRACE_SUPPORTS_THREADS == 1, so we serialize the render op. this + * helpfully mutexes the initialization too. + */ + if (wc_LockMutex(&backtrace_mutex) != 0) + return; + + if (backtrace_state == NULL) { + if (backtrace_init(&backtrace_state) < 0) { + wc_UnLockMutex(&backtrace_mutex); + return; + } + } + + /* note that the optimizer can produce misleading backtraces, even with + * -funwind-tables. in contrast, the macro-generated "ERR TRACE" message + * from WC_ERR_TRACE() always accurately identifies the error code point. + */ + backtrace_full(backtrace_state, 0, backtrace_callback, backtrace_error, + (void *)&depth); + + wc_UnLockMutex(&backtrace_mutex); +} +#endif /* !WOLFSSL_LINUXKM */ + +#endif /* WOLFSSL_DEBUG_BACKTRACE_ERROR_CODES */ diff --git a/src/wolfcrypt/src/md2.c b/src/wolfcrypt/src/md2.c index 789704e..c28a049 100644 --- a/src/wolfcrypt/src/md2.c +++ b/src/wolfcrypt/src/md2.c @@ -1,6 +1,6 @@ /* md2.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -123,7 +123,7 @@ void wc_Md2Final(Md2* md2, byte* hash) for (i = 0; i < padLen; i++) padding[i] = (byte)padLen; - wc_Md2Update(md2, padding, padLen); + wc_Md2Update(md2, padding, padLen); /* cppcheck-suppress uninitvar */ wc_Md2Update(md2, md2->C, MD2_BLOCK_SIZE); XMEMCPY(hash, md2->X, MD2_DIGEST_SIZE); diff --git a/src/wolfcrypt/src/md4.c b/src/wolfcrypt/src/md4.c index 68eab5f..65b4dc2 100644 --- a/src/wolfcrypt/src/md4.c +++ b/src/wolfcrypt/src/md4.c @@ -1,6 +1,6 @@ /* md4.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfcrypt/src/md5.c b/src/wolfcrypt/src/md5.c index daab9c9..f6ca240 100644 --- a/src/wolfcrypt/src/md5.c +++ b/src/wolfcrypt/src/md5.c @@ -1,6 +1,6 @@ /* md5.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfcrypt/src/memory.c b/src/wolfcrypt/src/memory.c index d9958a9..75d0389 100644 --- a/src/wolfcrypt/src/memory.c +++ b/src/wolfcrypt/src/memory.c @@ -1,6 +1,6 @@ /* memory.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -32,6 +32,7 @@ #endif #include +#include /* Possible memory options: @@ -793,9 +794,13 @@ int wc_LoadStaticMemory(WOLFSSL_HEAP_HINT** pHint, void wc_UnloadStaticMemory(WOLFSSL_HEAP_HINT* heap) { WOLFSSL_ENTER("wc_UnloadStaticMemory"); +#ifndef SINGLE_THREADED if (heap != NULL && heap->memory != NULL) { wc_FreeMutex(&heap->memory->memory_mutex); } +#else + (void)heap; +#endif } #ifndef WOLFSSL_STATIC_MEMORY_LEAN @@ -1207,6 +1212,9 @@ void wolfSSL_Free(void *ptr, void* heap, int type) #else free(ptr); #endif + #ifdef WOLFSSL_DEBUG_MEMORY + fprintf(stderr, "Free: %p at %s:%d\n", ptr, func, line); + #endif #else WOLFSSL_MSG("Error trying to call free when turned off"); #endif /* WOLFSSL_NO_MALLOC */ diff --git a/src/wolfcrypt/src/misc.c b/src/wolfcrypt/src/misc.c index 10f733b..e4b53d9 100644 --- a/src/wolfcrypt/src/misc.c +++ b/src/wolfcrypt/src/misc.c @@ -1,6 +1,6 @@ /* misc.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -211,6 +211,52 @@ WC_MISC_STATIC WC_INLINE void ByteReverseWords(word32* out, const word32* in, #if defined(WORD64_AVAILABLE) && !defined(WOLFSSL_NO_WORD64_OPS) +WC_MISC_STATIC WC_INLINE word64 readUnalignedWord64(const byte *in) +{ + if (((wc_ptr_t)in & (wc_ptr_t)(sizeof(word64) - 1U)) == (wc_ptr_t)0) + return *(word64 *)in; + else { + word64 out; + XMEMCPY(&out, in, sizeof(word64)); + return out; + } +} + +WC_MISC_STATIC WC_INLINE word64 writeUnalignedWord64(void *out, word64 in) +{ + if (((wc_ptr_t)out & (wc_ptr_t)(sizeof(word64) - 1U)) == (wc_ptr_t)0) + *(word64 *)out = in; + else { + XMEMCPY(out, &in, sizeof(word64)); + } + return in; +} + +WC_MISC_STATIC WC_INLINE void readUnalignedWords64(word64 *out, const byte *in, + size_t count) +{ + if (((wc_ptr_t)in & (wc_ptr_t)(sizeof(word64) - 1U)) == (wc_ptr_t)0) { + const word64 *in_word64 = (const word64 *)in; + while (count-- > 0) + *out++ = *in_word64++; + } + else { + XMEMCPY(out, in, count * sizeof(word64)); + } +} + +WC_MISC_STATIC WC_INLINE void writeUnalignedWords64(byte *out, const word64 *in, + size_t count) +{ + if (((wc_ptr_t)out & (wc_ptr_t)(sizeof(word64) - 1U)) == (wc_ptr_t)0) { + word64 *out_word64 = (word64 *)out; + while (count-- > 0) + *out_word64++ = *in++; + } + else { + XMEMCPY(out, in, count * sizeof(word64)); + } +} WC_MISC_STATIC WC_INLINE word64 rotlFixed64(word64 x, word64 y) { @@ -709,13 +755,23 @@ WC_MISC_STATIC WC_INLINE void w64SetLow32(w64wrapper *n, word32 low) { WC_MISC_STATIC WC_INLINE w64wrapper w64Add32(w64wrapper a, word32 b, byte *wrap) { - a.n = a.n + b; + a.n += b; if (a.n < b && wrap != NULL) *wrap = 1; return a; } +WC_MISC_STATIC WC_INLINE w64wrapper w64Add(w64wrapper a, w64wrapper b, + byte *wrap) +{ + a.n += b.n; + if (a.n < b.n && wrap != NULL) + *wrap = 1; + + return a; +} + WC_MISC_STATIC WC_INLINE w64wrapper w64Sub32(w64wrapper a, word32 b, byte *wrap) { if (a.n < b && wrap != NULL) @@ -796,6 +852,13 @@ WC_MISC_STATIC WC_INLINE w64wrapper w64ShiftLeft(w64wrapper a, int shift) return a; } +WC_MISC_STATIC WC_INLINE w64wrapper w64Mul(word32 a, word32 b) +{ + w64wrapper ret; + ret.n = (word64)a * (word64)b; + return ret; +} + #else WC_MISC_STATIC WC_INLINE void w64Increment(w64wrapper *n) @@ -831,7 +894,7 @@ WC_MISC_STATIC WC_INLINE void w64SetLow32(w64wrapper *n, word32 low) WC_MISC_STATIC WC_INLINE w64wrapper w64Add32(w64wrapper a, word32 b, byte *wrap) { - a.n[1] = a.n[1] + b; + a.n[1] += b; if (a.n[1] < b) { a.n[0]++; if (wrap != NULL && a.n[0] == 0) @@ -841,6 +904,24 @@ WC_MISC_STATIC WC_INLINE w64wrapper w64Add32(w64wrapper a, word32 b, byte *wrap) return a; } +WC_MISC_STATIC WC_INLINE w64wrapper w64Add(w64wrapper a, w64wrapper b, + byte *wrap) +{ + a.n[1] += b.n[1]; + if (a.n[1] < b.n[1]) { + a.n[0]++; + if (wrap != NULL && a.n[0] == 0) + *wrap = 1; + } + + a.n[0] += b.n[0]; + if (wrap != NULL && a.n[0] < b.n[0]) { + *wrap = 1; + } + + return a; +} + WC_MISC_STATIC WC_INLINE w64wrapper w64Sub32(w64wrapper a, word32 b, byte *wrap) { byte _underflow = 0; @@ -894,7 +975,7 @@ WC_MISC_STATIC WC_INLINE byte w64IsZero(w64wrapper a) return a.n[0] == 0 && a.n[1] == 0; } -WC_MISC_STATIC WC_INLINE void c64toa(w64wrapper *a, byte *out) +WC_MISC_STATIC WC_INLINE void c64toa(const w64wrapper *a, byte *out) { #ifdef BIG_ENDIAN_ORDER word32 *_out = (word32*)(out); @@ -939,7 +1020,7 @@ WC_MISC_STATIC WC_INLINE byte w64LT(w64wrapper a, w64wrapper b) WC_MISC_STATIC WC_INLINE w64wrapper w64ShiftRight(w64wrapper a, int shift) { if (shift < 32) { - a.n[1] = (a.n[1] >> shift) || (a.n[0] << (32 - shift)); + a.n[1] = (a.n[1] >> shift) | (a.n[0] << (32 - shift)); a.n[0] >>= shift; } else { @@ -951,7 +1032,7 @@ WC_MISC_STATIC WC_INLINE w64wrapper w64ShiftRight(w64wrapper a, int shift) WC_MISC_STATIC WC_INLINE w64wrapper w64ShiftLeft(w64wrapper a, int shift) { if (shift < 32) { - a.n[0] = (a.n[0] << shift) || (a.n[1] >> (32 - shift)); + a.n[0] = (a.n[0] << shift) | (a.n[1] >> (32 - shift)); a.n[1] <<= shift; } else { @@ -961,6 +1042,30 @@ WC_MISC_STATIC WC_INLINE w64wrapper w64ShiftLeft(w64wrapper a, int shift) return a; } +WC_MISC_STATIC WC_INLINE w64wrapper w64Mul(word32 a, word32 b) +{ + w64wrapper ret; + word16 ltlA, ltlB, ltlC, ltlD; + word32 bigA, bigB, bigC, bigD; + + ltlA = a & 0xFFFF; + ltlB = (a >> 16) & 0xFFFF; + ltlC = b & 0xFFFF; + ltlD = (b >> 16) & 0xFFFF; + + bigA = (word32)ltlA * (word32)ltlC; + bigC = (word32)ltlB * (word32)ltlC; + bigD = (word32)ltlA * (word32)ltlD; + bigB = (word32)ltlB * (word32)ltlD; + + ret = w64From32(0, bigB); + ret = w64ShiftLeft(ret, 16); + ret = w64Add32(ret, bigD, NULL); + ret = w64Add32(ret, bigC, NULL); + ret = w64ShiftLeft(ret, 16); + return w64Add32(ret, bigA, NULL); +} + #endif /* WORD64_AVAILABLE && !WOLFSSL_W64_WRAPPER_TEST */ #endif /* WOLFSSL_W64_WRAPPER */ diff --git a/src/wolfcrypt/src/pkcs12.c b/src/wolfcrypt/src/pkcs12.c index ef111a6..e8cc11e 100644 --- a/src/wolfcrypt/src/pkcs12.c +++ b/src/wolfcrypt/src/pkcs12.c @@ -1,6 +1,6 @@ /* pkcs12.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -165,9 +165,7 @@ static void freeSafe(AuthenticatedSafe* safe, void* heap) safe->CI = ci->next; XFREE(ci, heap, DYNAMIC_TYPE_PKCS); } - if (safe->data != NULL) { - XFREE(safe->data, heap, DYNAMIC_TYPE_PKCS); - } + XFREE(safe->data, heap, DYNAMIC_TYPE_PKCS); XFREE(safe, heap, DYNAMIC_TYPE_PKCS); (void)heap; @@ -191,22 +189,14 @@ void wc_PKCS12_free(WC_PKCS12* pkcs12) /* free mac data */ if (pkcs12->signData != NULL) { - if (pkcs12->signData->digest != NULL) { - XFREE(pkcs12->signData->digest, heap, DYNAMIC_TYPE_DIGEST); - } - if (pkcs12->signData->salt != NULL) { - XFREE(pkcs12->signData->salt, heap, DYNAMIC_TYPE_SALT); - } + XFREE(pkcs12->signData->digest, heap, DYNAMIC_TYPE_DIGEST); + XFREE(pkcs12->signData->salt, heap, DYNAMIC_TYPE_SALT); XFREE(pkcs12->signData, heap, DYNAMIC_TYPE_PKCS); } #ifdef ASN_BER_TO_DER - if (pkcs12->der != NULL) { - XFREE(pkcs12->der, pkcs12->heap, DYNAMIC_TYPE_PKCS); - } - if (pkcs12->safeDer != NULL) { - XFREE(pkcs12->safeDer, pkcs12->heap, DYNAMIC_TYPE_PKCS); - } + XFREE(pkcs12->der, pkcs12->heap, DYNAMIC_TYPE_PKCS); + XFREE(pkcs12->safeDer, pkcs12->heap, DYNAMIC_TYPE_PKCS); #endif XFREE(pkcs12, heap, DYNAMIC_TYPE_PKCS); @@ -533,8 +523,7 @@ static int GetSignData(WC_PKCS12* pkcs12, const byte* mem, word32* idx, /* failure cleanup */ if (ret != 0) { if (mac) { - if (mac->digest) - XFREE(mac->digest, pkcs12->heap, DYNAMIC_TYPE_DIGEST); + XFREE(mac->digest, pkcs12->heap, DYNAMIC_TYPE_DIGEST); XFREE(mac, pkcs12->heap, DYNAMIC_TYPE_PKCS); } } @@ -856,9 +845,7 @@ int wc_d2i_PKCS12_fp(const char* file, WC_PKCS12** pkcs12) wc_PKCS12_free(*pkcs12); *pkcs12 = NULL; } - if (buf != NULL) { - XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); WOLFSSL_LEAVE("wc_d2i_PKCS12_fp", ret); @@ -1008,7 +995,7 @@ int wc_i2d_PKCS12(WC_PKCS12* pkcs12, byte** der, int* derSz) if (der == NULL && derSz != NULL) { *derSz = (int)totalSz; XFREE(sdBuf, pkcs12->heap, DYNAMIC_TYPE_PKCS); - return LENGTH_ONLY_E; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if (*der == NULL) { @@ -1099,9 +1086,7 @@ void wc_FreeCertList(WC_DerCertList* list, void* heap) while (current != NULL) { next = current->next; - if (current->buffer != NULL) { - XFREE(current->buffer, heap, DYNAMIC_TYPE_PKCS); - } + XFREE(current->buffer, heap, DYNAMIC_TYPE_PKCS); XFREE(current, heap, DYNAMIC_TYPE_PKCS); current = next; } @@ -1127,7 +1112,7 @@ static WARN_UNUSED_RESULT int freeDecCertList(WC_DerCertList** list, InitDecodedCert(DeCert, current->buffer, current->bufferSz, heap); if (ParseCertRelative(DeCert, CERT_TYPE, NO_VERIFY, NULL, NULL) == 0) { - if (wc_CheckPrivateKeyCert(*pkey, *pkeySz, DeCert, 0) == 1) { + if (wc_CheckPrivateKeyCert(*pkey, *pkeySz, DeCert, 0, heap) == 1) { WOLFSSL_MSG("Key Pair found"); *cert = current->buffer; *certSz = current->bufferSz; @@ -1707,10 +1692,8 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, } /* free temporary buffer */ - if (buf != NULL) { - XFREE(buf, pkcs12->heap, DYNAMIC_TYPE_PKCS); - buf = NULL; - } + XFREE(buf, pkcs12->heap, DYNAMIC_TYPE_PKCS); + buf = NULL; ci = ci->next; WOLFSSL_MSG("Done Parsing PKCS12 Content Info Container"); @@ -1744,10 +1727,8 @@ int wc_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, XFREE(*pkey, pkcs12->heap, DYNAMIC_TYPE_PUBLIC_KEY); *pkey = NULL; } - if (buf) { - XFREE(buf, pkcs12->heap, DYNAMIC_TYPE_PKCS); - buf = NULL; - } + XFREE(buf, pkcs12->heap, DYNAMIC_TYPE_PKCS); + buf = NULL; wc_FreeCertList(certList, pkcs12->heap); } @@ -1828,7 +1809,7 @@ static int wc_PKCS12_shroud_key(WC_PKCS12* pkcs12, WC_RNG* rng, } if (ret == WC_NO_ERR_TRACE(LENGTH_ONLY_E)) { *outSz = sz + MAX_LENGTH_SZ + 1; - return LENGTH_ONLY_E; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if (ret < 0) { return ret; @@ -1890,7 +1871,7 @@ static int wc_PKCS12_create_key_bag(WC_PKCS12* pkcs12, WC_RNG* rng, if (out == NULL) { *outSz = MAX_SEQ_SZ + WC_PKCS12_DATA_OBJ_SZ + 1 + MAX_LENGTH_SZ + length; - return LENGTH_ONLY_E; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); } heap = wc_PKCS12_GetHeap(pkcs12); @@ -1967,7 +1948,7 @@ static int wc_PKCS12_create_cert_bag(WC_PKCS12* pkcs12, *outSz = (word32)(MAX_SEQ_SZ + WC_CERTBAG_OBJECT_ID + 1 + MAX_LENGTH_SZ + MAX_SEQ_SZ + WC_CERTBAG1_OBJECT_ID + 1 + MAX_LENGTH_SZ + 1 + MAX_LENGTH_SZ + (int)certSz); - return LENGTH_ONLY_E; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); } /* check buffer size able to handle max size */ @@ -2112,7 +2093,7 @@ static int wc_PKCS12_encrypt_content(WC_PKCS12* pkcs12, WC_RNG* rng, totalSz += SetLength(outerSz, seq) + outerSz; if (out == NULL) { *outSz = totalSz + SetSequence(totalSz, seq); - return LENGTH_ONLY_E; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if (*outSz < totalSz + SetSequence(totalSz, seq)) { @@ -2200,7 +2181,7 @@ static int wc_PKCS12_encrypt_content(WC_PKCS12* pkcs12, WC_RNG* rng, if (out == NULL) { *outSz = totalSz + SetSequence(totalSz, seq); - return LENGTH_ONLY_E; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if (*outSz < (totalSz + SetSequence(totalSz, seq))) { diff --git a/src/wolfcrypt/src/pkcs7.c b/src/wolfcrypt/src/pkcs7.c index acf7ef8..bb37054 100644 --- a/src/wolfcrypt/src/pkcs7.c +++ b/src/wolfcrypt/src/pkcs7.c @@ -1,6 +1,6 @@ /* pkcs7.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -118,12 +118,12 @@ struct PKCS7State { word32 peakUsed; /* most bytes used for struct at any one time */ word32 peakRead; /* most bytes used by read buffer */ #endif - byte multi:1; /* flag for if content is in multiple parts */ - byte flagOne:1; - byte detached:1; /* flag to indicate detached signature is present */ - byte noContent:1;/* indicates content isn't included in bundle */ - byte degenerate:1; - byte indefLen:1; /* flag to indicate indef-length encoding used */ + WC_BITFIELD multi:1; /* flag for if content is in multiple parts */ + WC_BITFIELD flagOne:1; + WC_BITFIELD detached:1; /* flag to indicate detached signature is present */ + WC_BITFIELD noContent:1;/* indicates content isn't included in bundle */ + WC_BITFIELD degenerate:1; + WC_BITFIELD indefLen:1; /* flag to indicate indef-length encoding used */ }; @@ -289,7 +289,7 @@ static int wc_PKCS7_AddDataToStream(PKCS7* pkcs7, byte* in, word32 inSz, /* try to store input data into stream buffer */ if (inSz - rdSz > 0 && pkcs7->stream->length < expected) { - int len = (int)min(inSz - rdSz, expected - pkcs7->stream->length); + word32 len = min(inSz - rdSz, expected - pkcs7->stream->length); /* sanity check that the input buffer is not internal buffer */ if (in == pkcs7->stream->buffer) { @@ -385,7 +385,7 @@ static int wc_PKCS7_SetMaxStream(PKCS7* pkcs7, byte* in, word32 defSz) } } #endif /* ASN_BER_TO_DER */ - pkcs7->stream->maxLen = length + idx; + pkcs7->stream->maxLen = (word32)length + idx; if (pkcs7->stream->maxLen == 0) { pkcs7->stream->maxLen = defSz; @@ -550,7 +550,7 @@ static int wc_SetContentType(int pkcs7TypeOID, byte* output, word32 outputSz) { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x05, 0x0C }; #endif - int idSz, idx = 0; + word32 idSz, idx = 0; word32 typeSz = 0; const byte* typeName = 0; byte ID_Length[MAX_LENGTH_SZ]; @@ -630,14 +630,14 @@ static int wc_SetContentType(int pkcs7TypeOID, byte* output, word32 outputSz) return BAD_FUNC_ARG; } - idSz = (int)SetLength(typeSz, ID_Length); + idSz = SetLength(typeSz, ID_Length); output[idx++] = ASN_OBJECT_ID; XMEMCPY(output + idx, ID_Length, idSz); idx += idSz; XMEMCPY(output + idx, typeName, typeSz); idx += typeSz; - return idx; + return (int)idx; } @@ -819,7 +819,7 @@ int wc_PKCS7_Init(PKCS7* pkcs7, void* heap, int devId) isDynamic = pkcs7->isDynamic; XMEMSET(pkcs7, 0, sizeof(PKCS7)); - pkcs7->isDynamic = isDynamic; + pkcs7->isDynamic = (isDynamic != 0); #ifdef WOLFSSL_HEAP_TEST pkcs7->heap = (void*)WOLFSSL_HEAP_TEST; #else @@ -830,6 +830,14 @@ int wc_PKCS7_Init(PKCS7* pkcs7, void* heap, int devId) return 0; } +#ifdef WC_ASN_UNKNOWN_EXT_CB +void wc_PKCS7_SetUnknownExtCallback(PKCS7* pkcs7, wc_UnknownExtCallback cb) +{ + if (pkcs7 != NULL) { + pkcs7->unknownExtCallback = cb; + } +} +#endif /* Certificate structure holding der pointer, size, and pointer to next * Pkcs7Cert struct. Used when creating SignedData types with multiple @@ -879,7 +887,7 @@ static void wc_PKCS7_FreeCertSet(PKCS7* pkcs7) * Returns total size of recipients, or negative upon error */ static int wc_PKCS7_GetRecipientListSize(PKCS7* pkcs7) { - int totalSz = 0; + word32 totalSz = 0; Pkcs7EncodedRecip* tmp = NULL; if (pkcs7 == NULL) @@ -892,7 +900,7 @@ static int wc_PKCS7_GetRecipientListSize(PKCS7* pkcs7) tmp = tmp->next; } - return totalSz; + return (int)totalSz; } @@ -1074,6 +1082,9 @@ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* derCert, word32 derCertSz) int devId; Pkcs7Cert* cert; Pkcs7Cert* lastCert; +#ifdef WC_ASN_UNKNOWN_EXT_CB + wc_UnknownExtCallback cb; +#endif if (pkcs7 == NULL || (derCert == NULL && derCertSz != 0)) { return BAD_FUNC_ARG; @@ -1082,9 +1093,16 @@ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* derCert, word32 derCertSz) heap = pkcs7->heap; devId = pkcs7->devId; cert = pkcs7->certList; +#ifdef WC_ASN_UNKNOWN_EXT_CB + cb = pkcs7->unknownExtCallback; /* save / restore callback */ +#endif ret = wc_PKCS7_Init(pkcs7, heap, devId); if (ret != 0) return ret; + +#ifdef WC_ASN_UNKNOWN_EXT_CB + pkcs7->unknownExtCallback = cb; +#endif pkcs7->certList = cert; if (derCert != NULL && derCertSz > 0) { @@ -1133,6 +1151,10 @@ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* derCert, word32 derCertSz) } InitDecodedCert(dCert, derCert, derCertSz, pkcs7->heap); +#ifdef WC_ASN_UNKNOWN_EXT_CB + if (pkcs7->unknownExtCallback != NULL) + wc_SetUnknownExtCallback(dCert, pkcs7->unknownExtCallback); +#endif ret = ParseCert(dCert, CA_TYPE, NO_VERIFY, 0); if (ret < 0) { FreeDecodedCert(dCert); @@ -1143,7 +1165,7 @@ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* derCert, word32 derCertSz) } /* verify extracted public key is valid before storing */ - ret = wc_PKCS7_CheckPublicKeyDer(pkcs7, dCert->keyOID, + ret = wc_PKCS7_CheckPublicKeyDer(pkcs7, (int)dCert->keyOID, dCert->publicKey, dCert->pubKeySize); if (ret != 0) { WOLFSSL_MSG("Invalid public key, check pkcs7->cert"); @@ -1170,7 +1192,7 @@ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* derCert, word32 derCertSz) XMEMCPY(pkcs7->issuerHash, dCert->issuerHash, KEYID_SIZE); pkcs7->issuer = dCert->issuerRaw; pkcs7->issuerSz = (word32)dCert->issuerRawLen; - XMEMCPY(pkcs7->issuerSn, dCert->serial, dCert->serialSz); + XMEMCPY(pkcs7->issuerSn, dCert->serial, (word32)dCert->serialSz); pkcs7->issuerSnSz = (word32)dCert->serialSz; XMEMCPY(pkcs7->issuerSubjKeyId, dCert->extSubjKeyId, KEYID_SIZE); @@ -1243,12 +1265,8 @@ static void wc_PKCS7_FreeDecodedAttrib(PKCS7DecodedAttrib* attrib, void* heap) current = attrib; while (current != NULL) { PKCS7DecodedAttrib* next = current->next; - if (current->oid != NULL) { - XFREE(current->oid, heap, DYNAMIC_TYPE_PKCS7); - } - if (current->value != NULL) { - XFREE(current->value, heap, DYNAMIC_TYPE_PKCS7); - } + XFREE(current->oid, heap, DYNAMIC_TYPE_PKCS7); + XFREE(current->value, heap, DYNAMIC_TYPE_PKCS7); XFREE(current, heap, DYNAMIC_TYPE_PKCS7); current = next; } @@ -1260,10 +1278,8 @@ static void wc_PKCS7_FreeDecodedAttrib(PKCS7DecodedAttrib* attrib, void* heap) /* return 0 on success */ static int wc_PKCS7_SignerInfoNew(PKCS7* pkcs7) { - if (pkcs7->signerInfo != NULL) { - XFREE(pkcs7->signerInfo, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - pkcs7->signerInfo = NULL; - } + XFREE(pkcs7->signerInfo, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + pkcs7->signerInfo = NULL; pkcs7->signerInfo = (PKCS7SignerInfo*)XMALLOC(sizeof(PKCS7SignerInfo), pkcs7->heap, DYNAMIC_TYPE_PKCS7); @@ -1279,10 +1295,8 @@ static int wc_PKCS7_SignerInfoNew(PKCS7* pkcs7) static void wc_PKCS7_SignerInfoFree(PKCS7* pkcs7) { if (pkcs7->signerInfo != NULL) { - if (pkcs7->signerInfo->sid != NULL) { - XFREE(pkcs7->signerInfo->sid, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - pkcs7->signerInfo->sid = NULL; - } + XFREE(pkcs7->signerInfo->sid, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + pkcs7->signerInfo->sid = NULL; XFREE(pkcs7->signerInfo, pkcs7->heap, DYNAMIC_TYPE_PKCS7); pkcs7->signerInfo = NULL; } @@ -1298,16 +1312,14 @@ static int wc_PKCS7_SignerInfoSetSID(PKCS7* pkcs7, byte* in, int inSz) return BAD_FUNC_ARG; } - if (pkcs7->signerInfo->sid != NULL) { - XFREE(pkcs7->signerInfo->sid, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - pkcs7->signerInfo->sid = NULL; - } - pkcs7->signerInfo->sid = (byte*)XMALLOC(inSz, pkcs7->heap, + XFREE(pkcs7->signerInfo->sid, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + pkcs7->signerInfo->sid = NULL; + pkcs7->signerInfo->sid = (byte*)XMALLOC((word32)inSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7); if (pkcs7->signerInfo->sid == NULL) { return MEMORY_E; } - XMEMCPY(pkcs7->signerInfo->sid, in, inSz); + XMEMCPY(pkcs7->signerInfo->sid, in, (word32)inSz); pkcs7->signerInfo->sidSz = (word32)inSz; return 0; } @@ -1329,15 +1341,11 @@ void wc_PKCS7_Free(PKCS7* pkcs7) wc_PKCS7_FreeCertSet(pkcs7); #ifdef ASN_BER_TO_DER - if (pkcs7->der != NULL) { - XFREE(pkcs7->der, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - pkcs7->der = NULL; - } + XFREE(pkcs7->der, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + pkcs7->der = NULL; #endif - if (pkcs7->contentDynamic != NULL) { - XFREE(pkcs7->contentDynamic, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - pkcs7->contentDynamic = NULL; - } + XFREE(pkcs7->contentDynamic, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + pkcs7->contentDynamic = NULL; if (pkcs7->cek != NULL) { ForceZero(pkcs7->cek, pkcs7->cekSz); @@ -1368,6 +1376,12 @@ void wc_PKCS7_Free(PKCS7* pkcs7) pkcs7->cachedEncryptedContentSz = 0; } + if (pkcs7->customSKID) { + XFREE(pkcs7->customSKID, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + pkcs7->customSKID = NULL; + pkcs7->customSKIDSz = 0; + } + if (pkcs7->isDynamic) { pkcs7->isDynamic = 0; XFREE(pkcs7, pkcs7->heap, DYNAMIC_TYPE_PKCS7); @@ -1448,7 +1462,7 @@ int wc_PKCS7_GetAttributeValue(PKCS7* pkcs7, const byte* oid, word32 oidSz, if (out == NULL) { *outSz = attrib->valueSz; - return LENGTH_ONLY_E; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if (*outSz < attrib->valueSz) { @@ -1456,7 +1470,7 @@ int wc_PKCS7_GetAttributeValue(PKCS7* pkcs7, const byte* oid, word32 oidSz, } XMEMCPY(out, attrib->value, attrib->valueSz); - return attrib->valueSz; + return (int)attrib->valueSz; } @@ -1471,7 +1485,7 @@ int wc_PKCS7_EncodeData(PKCS7* pkcs7, byte* output, word32 outputSz) word32 seqSz; word32 octetStrSz; word32 oidSz = (word32)sizeof(oid); - int idx = 0; + word32 idx = 0; if (pkcs7 == NULL || output == NULL) { return BAD_FUNC_ARG; @@ -1492,7 +1506,7 @@ int wc_PKCS7_EncodeData(PKCS7* pkcs7, byte* output, word32 outputSz) XMEMCPY(output + idx, pkcs7->content, pkcs7->contentSz); idx += pkcs7->contentSz; - return idx; + return (int)idx; } @@ -1509,7 +1523,7 @@ typedef struct ESD { wc_HashAlg hash; enum wc_HashType hashType; byte contentDigest[WC_MAX_DIGEST_SIZE + 2]; /* content only + ASN.1 heading */ - byte contentDigestSet:1; + WC_BITFIELD contentDigestSet:1; byte contentAttribsDigest[WC_MAX_DIGEST_SIZE]; byte encContentDigest[MAX_ENCRYPTED_KEY_SZ]; @@ -1556,26 +1570,26 @@ static int EncodeAttributes(EncodedAttrib* ea, int eaSz, PKCS7Attrib* attribs, int attribsSz) { int i; - int maxSz = (int)min((word32)eaSz, attribsSz); + int maxSz = (int)min((word32)eaSz, (word32)attribsSz); int allAttribsSz = 0; for (i = 0; i < maxSz; i++) { - int attribSz = 0; + word32 attribSz = 0; ea[i].value = attribs[i].value; ea[i].valueSz = attribs[i].valueSz; attribSz += ea[i].valueSz; - ea[i].valueSetSz = SetSet((word32)attribSz, ea[i].valueSet); + ea[i].valueSetSz = SetSet(attribSz, ea[i].valueSet); attribSz += ea[i].valueSetSz; ea[i].oid = attribs[i].oid; ea[i].oidSz = attribs[i].oidSz; attribSz += ea[i].oidSz; - ea[i].valueSeqSz = SetSequence((word32)attribSz, ea[i].valueSeq); + ea[i].valueSeqSz = SetSequence(attribSz, ea[i].valueSeq); attribSz += ea[i].valueSeqSz; - ea[i].totalSz = (word32)attribSz; + ea[i].totalSz = attribSz; - allAttribsSz += attribSz; + allAttribsSz += (int)attribSz; } return allAttribsSz; } @@ -1664,7 +1678,8 @@ static int SortAttribArray(FlatAttrib** arr, int rows) static int FlattenEncodedAttribs(PKCS7* pkcs7, FlatAttrib** derArr, int rows, EncodedAttrib* ea, int eaSz) { - int i, idx, sz; + int i; + word32 idx, sz; byte* output = NULL; FlatAttrib* fa = NULL; @@ -1697,7 +1712,7 @@ static int FlattenEncodedAttribs(PKCS7* pkcs7, FlatAttrib** derArr, int rows, fa = derArr[i]; fa->data = output; - fa->dataSz = (word32)sz; + fa->dataSz = sz; } return 0; @@ -1708,7 +1723,8 @@ static int FlattenEncodedAttribs(PKCS7* pkcs7, FlatAttrib** derArr, int rows, static int FlattenAttributes(PKCS7* pkcs7, byte* output, EncodedAttrib* ea, int eaSz) { - int i, idx, ret; + int i, ret; + word32 idx; FlatAttrib** derArr = NULL; FlatAttrib* fa = NULL; @@ -2087,8 +2103,9 @@ static int wc_PKCS7_BuildSignedAttributes(PKCS7* pkcs7, ESD* esd, } esd->signedAttribsCount += cannedAttribsCount; - esd->signedAttribsSz += EncodeAttributes(&esd->signedAttribs[atrIdx], - (int)idx, cannedAttribs, cannedAttribsCount); + esd->signedAttribsSz += (word32)EncodeAttributes( + &esd->signedAttribs[atrIdx], (int)idx, cannedAttribs, + (int)cannedAttribsCount); atrIdx += idx; } else { esd->signedAttribsCount = 0; @@ -2098,9 +2115,9 @@ static int wc_PKCS7_BuildSignedAttributes(PKCS7* pkcs7, ESD* esd, /* add custom signed attributes if set */ if (pkcs7->signedAttribsSz > 0 && pkcs7->signedAttribs != NULL) { esd->signedAttribsCount += pkcs7->signedAttribsSz; - esd->signedAttribsSz += EncodeAttributes(&esd->signedAttribs[atrIdx], - esd->signedAttribsCount, - pkcs7->signedAttribs, pkcs7->signedAttribsSz); + esd->signedAttribsSz += (word32)EncodeAttributes( + &esd->signedAttribs[atrIdx], (int)esd->signedAttribsCount, + pkcs7->signedAttribs, (int)pkcs7->signedAttribsSz); } #ifdef NO_ASN_TIME @@ -2268,12 +2285,12 @@ static int wc_PKCS7_BuildDigestInfo(PKCS7* pkcs7, byte* flatSignedAttribs, word32 flatSignedAttribsSz, ESD* esd, byte* digestInfo, word32* digestInfoSz) { - int ret, hashSz, digIdx = 0; + int ret, digIdx = 0; byte digestInfoSeq[MAX_SEQ_SZ]; byte digestStr[MAX_OCTET_STR_SZ]; byte attribSet[MAX_SET_SZ]; byte algoId[MAX_ALGO_SZ]; - word32 digestInfoSeqSz, digestStrSz, algoIdSz; + word32 digestInfoSeqSz, digestStrSz, algoIdSz, dgstInfoSz, hashSz; word32 attribSetSz; if (pkcs7 == NULL || esd == NULL || digestInfo == NULL || @@ -2281,9 +2298,10 @@ static int wc_PKCS7_BuildDigestInfo(PKCS7* pkcs7, byte* flatSignedAttribs, return BAD_FUNC_ARG; } - hashSz = wc_HashGetDigestSize(esd->hashType); - if (hashSz < 0) - return hashSz; + ret = wc_HashGetDigestSize(esd->hashType); + if (ret < 0) + return ret; + hashSz = (word32)ret; if (flatSignedAttribsSz != 0) { @@ -2314,25 +2332,26 @@ static int wc_PKCS7_BuildDigestInfo(PKCS7* pkcs7, byte* flatSignedAttribs, XMEMCPY(esd->contentAttribsDigest, esd->contentDigest + 2, hashSz); } - /* set algoID, with NULL attributes */ - algoIdSz = SetAlgoID(pkcs7->hashOID, algoId, oidHashType, 0); + /* Set algoID, allow absent hash params */ + algoIdSz = SetAlgoIDEx(pkcs7->hashOID, algoId, oidHashType, + 0, pkcs7->hashParamsAbsent); digestStrSz = SetOctetString(hashSz, digestStr); - digestInfoSeqSz = SetSequence(algoIdSz + digestStrSz + hashSz, - digestInfoSeq); + dgstInfoSz = algoIdSz + digestStrSz + hashSz; + digestInfoSeqSz = SetSequence(dgstInfoSz, digestInfoSeq); - if (*digestInfoSz < (digestInfoSeqSz + algoIdSz + digestStrSz + hashSz)) { + if (*digestInfoSz < (digestInfoSeqSz + dgstInfoSz)) { return BUFFER_E; } XMEMCPY(digestInfo + digIdx, digestInfoSeq, digestInfoSeqSz); - digIdx += digestInfoSeqSz; + digIdx += (int)digestInfoSeqSz; XMEMCPY(digestInfo + digIdx, algoId, algoIdSz); - digIdx += algoIdSz; + digIdx += (int)algoIdSz; XMEMCPY(digestInfo + digIdx, digestStr, digestStrSz); - digIdx += digestStrSz; + digIdx += (int)digestStrSz; XMEMCPY(digestInfo + digIdx, esd->contentAttribsDigest, hashSz); - digIdx += hashSz; + digIdx += (int)hashSz; *digestInfoSz = (word32)digIdx; @@ -2478,7 +2497,7 @@ static int wc_PKCS7_EncodeContentStreamHelper(PKCS7* pkcs7, int cipherType, switch (cipherType) { case WC_CIPHER_NONE: - XMEMCPY(encContentOut, contentData, contentDataSz); + XMEMCPY(encContentOut, contentData, (word32)contentDataSz); if (esd && esd->contentDigestSet != 1) { ret = wc_HashUpdate(&esd->hash, esd->hashType, contentData, (word32)contentDataSz); @@ -2515,7 +2534,7 @@ static int wc_PKCS7_EncodeContentStreamHelper(PKCS7* pkcs7, int cipherType, *outIdx += encContentOutOctSz; wc_PKCS7_WriteOut(pkcs7, (out)? out + *outIdx : NULL, encContentOut, (word32)contentDataSz); - *outIdx += contentDataSz; + *outIdx += (word32)contentDataSz; } return ret; @@ -2552,10 +2571,10 @@ static int wc_PKCS7_EncodeContentStream(PKCS7* pkcs7, ESD* esd, void* aes, byte* encContentOut; byte* contentData; word32 idx = 0, outIdx = 0; - int padSz = 0; + word32 padSz = 0; if (cipherType != WC_CIPHER_NONE) { - padSz = wc_PKCS7_GetPadSize(pkcs7->contentSz, + padSz = (word32)wc_PKCS7_GetPadSize(pkcs7->contentSz, (word32)wc_PKCS7_GetOIDBlockSize(pkcs7->encryptOID)); } @@ -2607,8 +2626,8 @@ static int wc_PKCS7_EncodeContentStream(PKCS7* pkcs7, ESD* esd, void* aes, return BAD_FUNC_ARG; } - if (szLeft + totalSz > (word32)inSz) - szLeft = inSz - totalSz; + if ((word32)szLeft + totalSz > (word32)inSz) + szLeft = inSz - (int)totalSz; contentDataRead = szLeft; buf = in + totalSz; @@ -2622,11 +2641,11 @@ static int wc_PKCS7_EncodeContentStream(PKCS7* pkcs7, ESD* esd, void* aes, /* check and handle octet boundary */ sz = contentDataRead; - if (idx + sz > BER_OCTET_LENGTH) { - sz = BER_OCTET_LENGTH - idx; + if ((int)idx + sz > BER_OCTET_LENGTH) { + sz = BER_OCTET_LENGTH - (int)idx; contentDataRead -= sz; - XMEMCPY(contentData + idx, buf, sz); + XMEMCPY(contentData + idx, buf, (word32)sz); ret = wc_PKCS7_EncodeContentStreamHelper(pkcs7, cipherType, aes, encContentOut, contentData, BER_OCTET_LENGTH, out, &outIdx, esd); @@ -2637,20 +2656,20 @@ static int wc_PKCS7_EncodeContentStream(PKCS7* pkcs7, ESD* esd, void* aes, } /* copy over any remaining data */ - XMEMCPY(contentData, buf + sz, contentDataRead); + XMEMCPY(contentData, buf + sz, (word32)contentDataRead); idx = (word32)contentDataRead; } else { /* was not on an octet boundary, copy full * amount over */ - XMEMCPY(contentData + idx, buf, sz); - idx += sz; + XMEMCPY(contentData + idx, buf, (word32)sz); + idx += (word32)sz; } } while (totalSz < pkcs7->contentSz); /* add in padding to the end */ if ((cipherType != WC_CIPHER_NONE) && (totalSz == pkcs7->contentSz)) { - int i; + word32 i; if (BER_OCTET_LENGTH < idx) { XFREE(encContentOut, heap, DYNAMIC_TYPE_PKCS7); @@ -2661,7 +2680,7 @@ static int wc_PKCS7_EncodeContentStream(PKCS7* pkcs7, ESD* esd, void* aes, for (i = 0; i < padSz; i++) { contentData[idx + i] = (byte)padSz; } - idx += padSz; + idx += (word32)padSz; } /* encrypt and flush out remainder of content data */ @@ -2687,7 +2706,7 @@ static int wc_PKCS7_EncodeContentStream(PKCS7* pkcs7, ESD* esd, void* aes, switch (cipherType) { case WC_CIPHER_NONE: if (!pkcs7->detached) { - XMEMCPY(out, in, inSz); + XMEMCPY(out, in, (word32)inSz); } if (esd && esd->contentDigestSet != 1) { ret = wc_HashInit(&esd->hash, esd->hashType); @@ -2803,6 +2822,15 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, keyIdSize = KEYID_SIZE; #endif + /* use custom SKID if set */ + if (pkcs7->customSKIDSz > 0) { + if (pkcs7->customSKID == NULL) { + WOLFSSL_MSG("Bad custom SKID setup, size > 0 and was NULL"); + return BAD_FUNC_ARG; + } + keyIdSize = pkcs7->customSKIDSz; + } + #ifdef WOLFSSL_SMALL_STACK signedDataOid = (byte *)XMALLOC(MAX_OID_SZ, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); if (signedDataOid == NULL) { @@ -2909,9 +2937,11 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, } else if (pkcs7->sidType == CMS_SKID) { /* SubjectKeyIdentifier */ esd->issuerSKIDSz = SetOctetString((word32)keyIdSize, esd->issuerSKID); - esd->issuerSKIDSeqSz = SetExplicit(0, esd->issuerSKIDSz + keyIdSize, + esd->issuerSKIDSeqSz = SetExplicit(0, esd->issuerSKIDSz + + (word32)keyIdSize, esd->issuerSKIDSeq, 0); - signerInfoSz += (esd->issuerSKIDSz + esd->issuerSKIDSeqSz + keyIdSize); + signerInfoSz += (esd->issuerSKIDSz + esd->issuerSKIDSeqSz + + (word32)keyIdSize); /* version MUST be 3 */ esd->signerVersionSz = (word32)SetMyVersion(3, esd->signerVersion, 0); @@ -2924,8 +2954,8 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, if (pkcs7->sidType != DEGENERATE_SID) { signerInfoSz += esd->signerVersionSz; - esd->signerDigAlgoIdSz = SetAlgoID(pkcs7->hashOID, esd->signerDigAlgoId, - oidHashType, 0); + esd->signerDigAlgoIdSz = SetAlgoIDEx(pkcs7->hashOID, esd->signerDigAlgoId, + oidHashType, 0, pkcs7->hashParamsAbsent); signerInfoSz += esd->signerDigAlgoIdSz; /* set signatureAlgorithm */ @@ -2935,8 +2965,8 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, idx = ret; goto out; } - esd->digEncAlgoIdSz = SetAlgoID(digEncAlgoId, esd->digEncAlgoId, - digEncAlgoType, 0); + esd->digEncAlgoIdSz = SetAlgoIDEx(digEncAlgoId, esd->digEncAlgoId, + digEncAlgoType, 0, pkcs7->hashParamsAbsent); signerInfoSz += esd->digEncAlgoIdSz; /* build up signed attributes, include contentType, signingTime, and @@ -2962,8 +2992,8 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, flatSignedAttribsSz = esd->signedAttribsSz; - FlattenAttributes(pkcs7, flatSignedAttribs, - esd->signedAttribs, esd->signedAttribsCount); + FlattenAttributes(pkcs7, flatSignedAttribs, esd->signedAttribs, + (int)esd->signedAttribsCount); esd->signedAttribSetSz = SetImplicit(ASN_SET, 0, esd->signedAttribsSz, esd->signedAttribSet, 0); } else { @@ -3010,8 +3040,8 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, esd->certsSetSz = SetImplicit(ASN_SET, 0, certSetSz, esd->certsSet, 0); if (pkcs7->sidType != DEGENERATE_SID) { - esd->singleDigAlgoIdSz = SetAlgoID(pkcs7->hashOID, esd->singleDigAlgoId, - oidHashType, 0); + esd->singleDigAlgoIdSz = SetAlgoIDEx(pkcs7->hashOID, esd->singleDigAlgoId, + oidHashType, 0, pkcs7->hashParamsAbsent); } esd->digAlgoIdSetSz = SetSet(esd->singleDigAlgoIdSz, esd->digAlgoIdSet); @@ -3121,37 +3151,37 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, idx = 0; wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL, esd->outerSeq, esd->outerSeqSz); - idx += esd->outerSeqSz; + idx += (int)esd->outerSeqSz; wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL, signedDataOid, signedDataOidSz); - idx += signedDataOidSz; + idx += (int)signedDataOidSz; wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL, esd->outerContent, esd->outerContentSz); - idx += esd->outerContentSz; + idx += (int)esd->outerContentSz; wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL, esd->innerSeq, esd->innerSeqSz); - idx += esd->innerSeqSz; + idx += (int)esd->innerSeqSz; wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL, esd->version, esd->versionSz); - idx += esd->versionSz; + idx += (int)esd->versionSz; wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL, esd->digAlgoIdSet, esd->digAlgoIdSetSz); - idx += esd->digAlgoIdSetSz; + idx += (int)esd->digAlgoIdSetSz; wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL, esd->singleDigAlgoId, esd->singleDigAlgoIdSz); - idx += esd->singleDigAlgoIdSz; + idx += (int)esd->singleDigAlgoIdSz; wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL, esd->contentInfoSeq, esd->contentInfoSeqSz); - idx += esd->contentInfoSeqSz; + idx += (int)esd->contentInfoSeqSz; wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL, pkcs7->contentType, pkcs7->contentTypeSz); - idx += pkcs7->contentTypeSz; + idx += (int)pkcs7->contentTypeSz; wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL, esd->innerContSeq, esd->innerContSeqSz); - idx += esd->innerContSeqSz; + idx += (int)esd->innerContSeqSz; wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL, esd->innerOctets, esd->innerOctetsSz); - idx += esd->innerOctetsSz; + idx += (int)esd->innerOctetsSz; /* support returning header and footer without content */ if (output2 && output2Sz) { @@ -3167,14 +3197,15 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, #endif && pkcs7->contentSz > 0) { wc_PKCS7_EncodeContentStream(pkcs7, esd, NULL, pkcs7->content, - pkcs7->contentSz, (output)? output + idx : NULL, WC_CIPHER_NONE); + (int)pkcs7->contentSz, (output)? output + idx : NULL, + WC_CIPHER_NONE); if (!pkcs7->detached) { #ifdef ASN_BER_TO_DER if (pkcs7->encodeStream) { byte indefEnd[ASN_INDEF_END_SZ * 3]; word32 localIdx = 0; - idx += streamSz; + idx += (int)streamSz; /* end of content octet string */ localIdx += SetIndefEnd(indefEnd + localIdx); @@ -3187,12 +3218,12 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL, indefEnd, localIdx); - idx += localIdx; + idx += (int)localIdx; } else #endif { - idx += pkcs7->contentSz; + idx += (int)pkcs7->contentSz; } } } @@ -3202,14 +3233,14 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, /* certificates */ wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL, esd->certsSet, esd->certsSetSz); - idx += esd->certsSetSz; + idx += (int)esd->certsSetSz; if (pkcs7->noCerts != 1) { certPtr = pkcs7->certList; while (certPtr != NULL) { wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL, certPtr->der, certPtr->derSz); - idx += certPtr->derSz; + idx += (int)certPtr->derSz; certPtr = certPtr->next; } } @@ -3218,38 +3249,45 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL, esd->signerInfoSet, esd->signerInfoSetSz); - idx += esd->signerInfoSetSz; + idx += (int)esd->signerInfoSetSz; wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL, esd->signerInfoSeq, esd->signerInfoSeqSz); - idx += esd->signerInfoSeqSz; + idx += (int)esd->signerInfoSeqSz; wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL, esd->signerVersion, esd->signerVersionSz); - idx += esd->signerVersionSz; + idx += (int)esd->signerVersionSz; /* SignerIdentifier */ if (pkcs7->sidType == CMS_ISSUER_AND_SERIAL_NUMBER) { /* IssuerAndSerialNumber */ wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL, esd->issuerSnSeq, esd->issuerSnSeqSz); - idx += esd->issuerSnSeqSz; + idx += (int)esd->issuerSnSeqSz; wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL, esd->issuerName, esd->issuerNameSz); - idx += esd->issuerNameSz; + idx += (int)esd->issuerNameSz; wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL, pkcs7->issuer, pkcs7->issuerSz); - idx += pkcs7->issuerSz; + idx += (int)pkcs7->issuerSz; wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL, esd->issuerSn, esd->issuerSnSz); - idx += esd->issuerSnSz; + idx += (int)esd->issuerSnSz; } else if (pkcs7->sidType == CMS_SKID) { /* SubjectKeyIdentifier */ wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL, esd->issuerSKIDSeq, esd->issuerSKIDSeqSz); - idx += esd->issuerSKIDSeqSz; + idx += (int)esd->issuerSKIDSeqSz; wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL, esd->issuerSKID, esd->issuerSKIDSz); - idx += esd->issuerSKIDSz; - wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL, + idx += (int)esd->issuerSKIDSz; + + if (pkcs7->customSKID) { + wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL, + pkcs7->customSKID, (word32)keyIdSize); + } + else { + wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL, pkcs7->issuerSubjKeyId, (word32)keyIdSize); + } idx += keyIdSize; } else if (pkcs7->sidType == DEGENERATE_SID) { /* no signer infos in degenerate case */ @@ -3259,7 +3297,7 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, } wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL, esd->signerDigAlgoId, esd->signerDigAlgoIdSz); - idx += esd->signerDigAlgoIdSz; + idx += (int)esd->signerDigAlgoIdSz; /* SignerInfo:Attributes */ if (flatSignedAttribsSz > 0) { @@ -3290,7 +3328,8 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, flatSignedAttribsSz = esd->signedAttribsSz; FlattenAttributes(pkcs7, flatSignedAttribs, - esd->signedAttribs, esd->signedAttribsCount); + esd->signedAttribs, + (int)esd->signedAttribsCount); } else { esd->signedAttribSetSz = 0; } @@ -3298,10 +3337,10 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL, esd->signedAttribSet, esd->signedAttribSetSz); - idx += esd->signedAttribSetSz; + idx += (int)esd->signedAttribSetSz; wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL, flatSignedAttribs, flatSignedAttribsSz); - idx += flatSignedAttribsSz; + idx += (int)flatSignedAttribsSz; } if (hashBuf == NULL && pkcs7->sidType != DEGENERATE_SID) { @@ -3317,14 +3356,14 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL, esd->digEncAlgoId, esd->digEncAlgoIdSz); - idx += esd->digEncAlgoIdSz; + idx += (int)esd->digEncAlgoIdSz; wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL, esd->signerDigest, esd->signerDigestSz); - idx += esd->signerDigestSz; + idx += (int)esd->signerDigestSz; wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL, esd->encContentDigest, esd->encContentDigestSz); - idx += esd->encContentDigestSz; + idx += (int)esd->encContentDigestSz; #ifdef ASN_BER_TO_DER if (pkcs7->encodeStream) { @@ -3342,7 +3381,7 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, wc_PKCS7_WriteOut(pkcs7, (output2)? (output2 + idx) : NULL, indefEnd, localIdx); - idx += localIdx; + idx += (int)localIdx; } #endif @@ -3356,14 +3395,11 @@ static int PKCS7_EncodeSigned(PKCS7* pkcs7, out: - if (flatSignedAttribs != NULL) - XFREE(flatSignedAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + XFREE(flatSignedAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); #ifdef WOLFSSL_SMALL_STACK - if (esd) - XFREE(esd, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (signedDataOid) - XFREE(signedDataOid, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(esd, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(signedDataOid, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif return idx; @@ -3404,6 +3440,40 @@ int wc_PKCS7_EncodeSignedData_ex(PKCS7* pkcs7, const byte* hashBuf, return ret; } + +/* Sets a custom SKID in PKCS7 struct, used before calling an encode operation + * Returns 0 on success, negative upon error. */ +int wc_PKCS7_SetCustomSKID(PKCS7* pkcs7, const byte* in, word16 inSz) +{ + int ret = 0; + + if (pkcs7 == NULL || (in == NULL && inSz > 0)) { + return BAD_FUNC_ARG; + } + + if (in == NULL) { + if (pkcs7->customSKID != NULL) { + XFREE(pkcs7->customSKID, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + } + pkcs7->customSKIDSz = 0; + pkcs7->customSKID = NULL; + } + else { + pkcs7->customSKID = (byte*)XMALLOC(inSz, pkcs7->heap, + DYNAMIC_TYPE_PKCS7); + if (pkcs7->customSKID == NULL) { + ret = MEMORY_E; + } + else { + XMEMCPY(pkcs7->customSKID, in, inSz); + pkcs7->customSKIDSz = inSz; + } + } + + return ret; +} + + /* Toggle detached signature mode on/off for PKCS#7/CMS SignedData content type. * By default wolfCrypt includes the data to be signed in the SignedData * bundle. This data can be omitted in the case when a detached signature is @@ -3422,7 +3492,7 @@ int wc_PKCS7_SetDetached(PKCS7* pkcs7, word16 flag) if (pkcs7 == NULL || (flag != 0 && flag != 1)) return BAD_FUNC_ARG; - pkcs7->detached = flag; + pkcs7->detached = (flag != 0); return 0; } @@ -3664,13 +3734,14 @@ int wc_PKCS7_EncodeSignedEncryptedFPD(PKCS7* pkcs7, byte* encryptKey, } /* save encryptedData, reset output buffer and struct */ - encrypted = (byte*)XMALLOC(encryptedSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + encrypted = (byte*)XMALLOC((word32)encryptedSz, pkcs7->heap, + DYNAMIC_TYPE_PKCS7); if (encrypted == NULL) { ForceZero(output, outputSz); return MEMORY_E; } - XMEMCPY(encrypted, output, encryptedSz); + XMEMCPY(encrypted, output, (word32)encryptedSz); ForceZero(output, outputSz); ret = wc_InitRng_ex(&rng, pkcs7->heap, pkcs7->devId); @@ -3969,8 +4040,14 @@ static int wc_PKCS7_RsaVerify(PKCS7* pkcs7, byte* sig, int sigSz, byte* digest; RsaKey* key; DecodedCert* dCert; +#else +#ifdef WOLFSSL_NO_MALLOC + byte digest[RSA_MAX_SIZE / WOLFSSL_BIT_SIZE]; /* accessed in-place with size + * key->dataLen + */ #else byte digest[MAX_PKCS7_DIGEST_SZ]; +#endif RsaKey key[1]; DecodedCert stack_dCert; DecodedCert* dCert = &stack_dCert; @@ -4181,14 +4258,18 @@ static int wc_PKCS7_EcdsaVerify(PKCS7* pkcs7, byte* sig, int sigSz, } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); #endif - FreeDecodedCert(dCert); - wc_ecc_free(key); - if (ret == 0 && res == 1) { /* found signer that successfully verified signature */ verified = 1; + XMEMCPY(pkcs7->issuerSubjKeyId, dCert->extSubjKeyId, KEYID_SIZE); pkcs7->verifyCert = pkcs7->cert[i]; pkcs7->verifyCertSz = pkcs7->certSz[i]; + } + + wc_ecc_free(key); + FreeDecodedCert(dCert); + + if (ret == 0 && res == 1) { break; } } @@ -4318,23 +4399,24 @@ static int wc_PKCS7_BuildSignedDataDigest(PKCS7* pkcs7, byte* signedAttrib, } } - /* Set algoID, with NULL attributes */ - algoIdSz = SetAlgoID(pkcs7->hashOID, algoId, oidHashType, 0); + /* Set algoID, match whatever was input to match either NULL or absent */ + algoIdSz = SetAlgoIDEx(pkcs7->hashOID, algoId, oidHashType, + 0, pkcs7->hashParamsAbsent); digestStrSz = SetOctetString(hashSz, digestStr); digestInfoSeqSz = SetSequence(algoIdSz + digestStrSz + hashSz, digestInfoSeq); XMEMCPY(digestInfo + digIdx, digestInfoSeq, digestInfoSeqSz); - digIdx += digestInfoSeqSz; + digIdx += (int)digestInfoSeqSz; XMEMCPY(digestInfo + digIdx, algoId, algoIdSz); - digIdx += algoIdSz; + digIdx += (int)algoIdSz; XMEMCPY(digestInfo + digIdx, digestStr, digestStrSz); - digIdx += digestStrSz; + digIdx += (int)digestStrSz; XMEMCPY(digestInfo + digIdx, digest, hashSz); - digIdx += hashSz; + digIdx += (int)hashSz; - XMEMCPY(pkcs7Digest, digestInfo, digIdx); + XMEMCPY(pkcs7Digest, digestInfo, (word32)digIdx); *pkcs7DigestSz = (word32)digIdx; /* set plain digest pointer */ @@ -4728,7 +4810,7 @@ static int wc_PKCS7_SetPublicKeyOID(PKCS7* pkcs7, int sigOID) return ASN_SIG_KEY_E; } - return pkcs7->publicKeyOID; + return (int)pkcs7->publicKeyOID; } @@ -4760,7 +4842,7 @@ static int wc_PKCS7_ParseAttribs(PKCS7* pkcs7, byte* in, int inSz) while (idx < (word32)inSz) { int length = 0; - int oidIdx; + word32 oidIdx; PKCS7DecodedAttrib* attrib; if (GetSequence(in, &idx, &length, (word32)inSz) < 0) @@ -4773,7 +4855,7 @@ static int wc_PKCS7_ParseAttribs(PKCS7* pkcs7, byte* in, int inSz) } XMEMSET(attrib, 0, sizeof(PKCS7DecodedAttrib)); - oidIdx = (int)idx; + oidIdx = idx; if (GetObjectId(in, &idx, &oid, oidIgnoreType, (word32)inSz) < 0) { XFREE(attrib, pkcs7->heap, DYNAMIC_TYPE_PKCS7); @@ -4795,7 +4877,7 @@ static int wc_PKCS7_ParseAttribs(PKCS7* pkcs7, byte* in, int inSz) return ASN_PARSE_E; } - if ((inSz - idx) < (word32)length) { + if ((inSz - (int)idx) < length) { XFREE(attrib->oid, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(attrib, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return ASN_PARSE_E; @@ -4810,7 +4892,7 @@ static int wc_PKCS7_ParseAttribs(PKCS7* pkcs7, byte* in, int inSz) return MEMORY_E; } XMEMCPY(attrib->value, in + idx, attrib->valueSz); - idx += length; + idx += (word32)length; /* store attribute in linked list */ if (pkcs7->decodedAttrib != NULL) { @@ -4863,6 +4945,7 @@ static int wc_PKCS7_ParseSignerInfo(PKCS7* pkcs7, byte* in, word32 inSz, word32 sigOID = 0, hashOID = 0; word32 idx = *idxIn, localIdx; byte tag; + byte absentParams = FALSE; WOLFSSL_ENTER("wc_PKCS7_ParseSignerInfo"); /* require a signer if degenerate case not allowed */ @@ -4899,7 +4982,7 @@ static int wc_PKCS7_ParseSignerInfo(PKCS7* pkcs7, byte* in, word32 inSz, if (ret == 0) { ret = wc_PKCS7_SignerInfoSetSID(pkcs7, in + idx, length); - idx += length; + idx += (word32)length; } } else if (ret == 0 && version == 3) { @@ -4955,7 +5038,7 @@ static int wc_PKCS7_ParseSignerInfo(PKCS7* pkcs7, byte* in, word32 inSz, if (ret == 0) { ret = wc_PKCS7_SignerInfoSetSID(pkcs7, in + idx, length); - idx += length; + idx += (word32)length; } } else { @@ -4964,10 +5047,12 @@ static int wc_PKCS7_ParseSignerInfo(PKCS7* pkcs7, byte* in, word32 inSz, } /* Get the sequence of digestAlgorithm */ - if (ret == 0 && GetAlgoId(in, &idx, &hashOID, oidHashType, inSz) < 0) { + if (ret == 0 && GetAlgoIdEx(in, &idx, &hashOID, oidHashType, + inSz, &absentParams) < 0) { ret = ASN_PARSE_E; } pkcs7->hashOID = (int)hashOID; + pkcs7->hashParamsAbsent = (absentParams != 0); /* Get the IMPLICIT[0] SET OF signedAttributes */ localIdx = idx; @@ -4988,7 +5073,7 @@ static int wc_PKCS7_ParseSignerInfo(PKCS7* pkcs7, byte* in, word32 inSz, ret = ASN_PARSE_E; } - idx += length; + idx += (word32)length; } /* Get digestEncryptionAlgorithm - key type or signature type */ @@ -5045,10 +5130,8 @@ static int wc_PKCS7_HandleOctetStrings(PKCS7* pkcs7, byte* in, word32 inSz, /* no content case, do nothing */ if (pkcs7->stream->noContent) { if (pkcs7->content && pkcs7->contentSz > 0) { - if (pkcs7->stream->content != NULL) { - XFREE(pkcs7->stream->content, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - pkcs7->stream->content = NULL; - } + XFREE(pkcs7->stream->content, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + pkcs7->stream->content = NULL; pkcs7->stream->content = (byte*)XMALLOC(pkcs7->contentSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7); @@ -5063,10 +5146,8 @@ static int wc_PKCS7_HandleOctetStrings(PKCS7* pkcs7, byte* in, word32 inSz, } /* free pkcs7->contentDynamic buffer */ - if (pkcs7->contentDynamic != NULL) { - XFREE(pkcs7->contentDynamic, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - pkcs7->contentDynamic = NULL; - } + XFREE(pkcs7->contentDynamic, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + pkcs7->contentDynamic = NULL; while(1) { if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz, @@ -5121,7 +5202,7 @@ static int wc_PKCS7_HandleOctetStrings(PKCS7* pkcs7, byte* in, word32 inSz, * number of indef is stored in pkcs7->stream->cntIdfCnt. */ pkcs7->stream->expected = (word32)(ASN_TAG_SZ + TRAILING_ZERO) * - pkcs7->stream->cntIdfCnt; + (word32)pkcs7->stream->cntIdfCnt; /* dec idx by one since already consumed to get ASN_EOC */ (*idx)--; @@ -5201,10 +5282,8 @@ static int wc_PKCS7_HandleOctetStrings(PKCS7* pkcs7, byte* in, word32 inSz, if (pkcs7->stream->content == NULL) { WOLFSSL_MSG("failed to grow content buffer."); - if (tempBuf != NULL) { - XFREE(tempBuf, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - tempBuf = NULL; - } + XFREE(tempBuf, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + tempBuf = NULL; ret = MEMORY_E; break; } @@ -5215,10 +5294,8 @@ static int wc_PKCS7_HandleOctetStrings(PKCS7* pkcs7, byte* in, word32 inSz, } XMEMCPY(pkcs7->stream->content + contBufSz, msg + *idx, pkcs7->stream->expected); - if (tempBuf != NULL) { - XFREE(tempBuf, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - tempBuf = NULL; - } + XFREE(tempBuf, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + tempBuf = NULL; } } @@ -5337,9 +5414,11 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, switch (pkcs7->state) { case WC_PKCS7_START: #ifndef NO_PKCS7_STREAM - if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz, MAX_SEQ_SZ + + /* The expected size calculation originally assumed digest OID + * with NULL params, -2 to also accept with absent params */ + if ((ret = wc_PKCS7_AddDataToStream(pkcs7, in, inSz, (MAX_SEQ_SZ + MAX_VERSION_SZ + MAX_SEQ_SZ + MAX_LENGTH_SZ + - ASN_TAG_SZ + MAX_OID_SZ + MAX_SEQ_SZ, + ASN_TAG_SZ + MAX_OID_SZ + MAX_SEQ_SZ) - 2, &pkiMsg, &idx)) != 0) { break; } @@ -5353,7 +5432,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, break; } if (ret == 0 && length > 0) - pkcs7->stream->maxLen = length + localIdx; + pkcs7->stream->maxLen = (word32)length + localIdx; else pkcs7->stream->maxLen = inSz; @@ -5495,7 +5574,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, ret = ASN_PARSE_E; } /* store hashType for later hashing */ - pkcs7->stream->hashType = hashType; + pkcs7->stream->hashType = (int)hashType; /* restore idx */ idx = localIdx; @@ -5505,12 +5584,12 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, #endif /* !NO_PKCS7_STREAM */ /* Skip the set. */ - idx += length; + idx += (word32)length; degenerate = (length == 0) ? 1 : 0; #ifndef NO_PKCS7_STREAM - pkcs7->stream->degenerate = degenerate; + pkcs7->stream->degenerate = (degenerate != 0); #endif /* !NO_PKCS7_STREAM */ - if (pkcs7->noDegenerate == 1 && degenerate == 1) { + if (pkcs7->noDegenerate == 1 && degenerate != 0) { ret = PKCS7_NO_SIGNER_E; } @@ -5574,8 +5653,8 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, } if (GetASNObjectId(pkiMsg, &idx, &length, pkiMsgSz) == 0) { contentType = pkiMsg + tmpIdx; - contentTypeSz = length + (idx - tmpIdx); - idx += length; + contentTypeSz = (word32)length + (idx - tmpIdx); + idx += (word32)length; } else { ret = ASN_PARSE_E; @@ -5608,7 +5687,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, /* Set error state if no more data left in ContentInfo, meaning * no content - may be detached. Will recover from error below */ if ((encapContentInfoLen != 0) && - (encapContentInfoLen - contentTypeSz == 0)) { + ((word32)encapContentInfoLen - contentTypeSz == 0)) { ret = ASN_PARSE_E; #ifndef NO_PKCS7_STREAM pkcs7->stream->noContent = 1; @@ -5708,11 +5787,12 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, if (ret == 0) { /* Use single OCTET_STRING directly, or reset length. */ - if (localIdx - start + length == (word32)contentLen) { + if (localIdx - start + (word32)length == + (word32)contentLen) { multiPart = 0; } else { #ifndef NO_PKCS7_STREAM - pkcs7->stream->multi = multiPart; + pkcs7->stream->multi = (multiPart != 0); pkcs7->stream->currContIdx = localIdx; pkcs7->stream->currContSz = (word32)length; pkcs7->stream->currContRmnSz = (word32)length; @@ -5740,7 +5820,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, ret = ASN_PARSE_E; #ifndef NO_PKCS7_STREAM if (ret == 0) { - pkcs7->stream->multi = multiPart; + pkcs7->stream->multi = (multiPart != 0); pkcs7->stream->currContIdx = localIdx; pkcs7->stream->currContSz = (word32)length; pkcs7->stream->currContRmnSz = (word32)length; @@ -5792,7 +5872,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, #ifndef NO_PKCS7_STREAM /* save detached flag value */ - pkcs7->stream->detached = detached; + pkcs7->stream->detached = (detached != 0); /* save contentType */ pkcs7->stream->nonce = (byte*)XMALLOC(contentTypeSz, pkcs7->heap, @@ -5836,10 +5916,8 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, #ifndef NO_PKCS7_STREAM /* free pkcs7->stream->content buffer */ - if (pkcs7->stream->content != NULL) { - XFREE(pkcs7->stream->content, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - pkcs7->stream->content = NULL; - } + XFREE(pkcs7->stream->content, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + pkcs7->stream->content = NULL; #endif /* !NO_PKCS7_STREAM */ FALL_THROUGH; @@ -6059,7 +6137,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, WOLFSSL_MSG("certificate set found"); /* adjust cert length */ - length += localIdx - certIdx; + length += (int)(localIdx - certIdx); idx = certIdx; } } @@ -6137,13 +6215,13 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, if (length > 0 && in2Sz == 0) { /* free tmpCert if not NULL */ XFREE(pkcs7->stream->tmpCert, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - pkcs7->stream->tmpCert = (byte*)XMALLOC(length, + pkcs7->stream->tmpCert = (byte*)XMALLOC((word32)length, pkcs7->heap, DYNAMIC_TYPE_PKCS7); if ((pkiMsg2 == NULL) || (pkcs7->stream->tmpCert == NULL)) { ret = MEMORY_E; break; } - XMEMCPY(pkcs7->stream->tmpCert, pkiMsg2 + idx, length); + XMEMCPY(pkcs7->stream->tmpCert, pkiMsg2 + idx, (word32)length); pkiMsg2 = pkcs7->stream->tmpCert; pkiMsg2Sz = (word32)length; idx = 0; @@ -6174,7 +6252,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, ret = ASN_PARSE_E; cert = &pkiMsg2[idx]; - certSz += (certIdx - idx); + certSz += (int)(certIdx - idx); if (certSz > length) { ret = BUFFER_E; break; @@ -6196,7 +6274,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, /* Save dynamic content before freeing PKCS7 struct */ if (pkcs7->contentDynamic != NULL) { - contentDynamic = (byte*)XMALLOC(contentSz, + contentDynamic = (byte*)XMALLOC((word32)contentSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7); if (contentDynamic == NULL) { #ifndef NO_PKCS7_STREAM @@ -6206,13 +6284,13 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, break; } XMEMCPY(contentDynamic, pkcs7->contentDynamic, - contentSz); + (word32)contentSz); } /* Free pkcs7 resources but not the structure itself */ pkcs7->isDynamic = 0; wc_PKCS7_Free(pkcs7); - pkcs7->isDynamic = isDynamic; + pkcs7->isDynamic = (isDynamic != 0); /* This will reset PKCS7 structure and then set the * certificate */ ret = wc_PKCS7_InitWithCert(pkcs7, cert, (word32)certSz); @@ -6225,7 +6303,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, } /* Restore content is PKCS#7 flag */ - pkcs7->contentIsPkcs7Type = contentIsPkcs7Type; + pkcs7->contentIsPkcs7Type = (contentIsPkcs7Type != 0); #ifndef NO_PKCS7_STREAM pkcs7->stream = stream; @@ -6245,7 +6323,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, pkcs7->cert[0] = cert; pkcs7->certSz[0] = (word32)certSz; - certIdx = idx + certSz; + certIdx = idx + (word32)certSz; for (i = 1; i < MAX_PKCS7_CERTS && certIdx + 1 < pkiMsg2Sz && @@ -6267,21 +6345,22 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, } pkcs7->cert[i] = &pkiMsg2[localIdx]; - pkcs7->certSz[i] = sz + (certIdx - localIdx); - certIdx += sz; + pkcs7->certSz[i] = (word32)sz + + (certIdx - localIdx); + certIdx += (word32)sz; } } } } - idx += length; + idx += (word32)length; if (!detached) { /* set content and size after init of PKCS7 structure */ pkcs7->content = content; - pkcs7->contentSz = contentSz; + pkcs7->contentSz = (word32)contentSz; } - idx = certIdx2 + length; + idx = certIdx2 + (word32)length; if (ret != 0) { break; @@ -6307,7 +6386,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, /* if certificate set has indef-length, there maybe trailing zeros. * add expected size to include size of zeros. */ if (pkcs7->stream->cntIdfCnt > 0) { - pkcs7->stream->expected += pkcs7->stream->cntIdfCnt * 2; + pkcs7->stream->expected += (word32)pkcs7->stream->cntIdfCnt * 2; } if (pkcs7->stream->expected > (pkcs7->stream->maxLen - @@ -6367,10 +6446,10 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, /* prior to find set of crls, remove trailing zeros of * set of certificates */ if (ret == 0 && pkcs7->stream->cntIdfCnt > 0) { - int i; + word32 i; + word32 sz = (word32)pkcs7->stream->cntIdfCnt * ASN_INDEF_END_SZ; localIdx = idx; - for (i = 0; i < pkcs7->stream->cntIdfCnt * ASN_INDEF_END_SZ; - i++) { + for (i = 0; i < sz; i++) { if (pkiMsg2[localIdx + i] == 0) continue; else { @@ -6379,7 +6458,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, } } if (ret == 0) { - idx += pkcs7->stream->cntIdfCnt * ASN_INDEF_END_SZ; + idx += (word32)pkcs7->stream->cntIdfCnt * ASN_INDEF_END_SZ; pkcs7->stream->cntIdfCnt = 0; } } @@ -6396,7 +6475,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, ret = ASN_PARSE_E; /* Skip the set */ - idx += length; + idx += (word32)length; } /* Get the set of signerInfos */ @@ -6491,7 +6570,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, sig = &pkiMsg2[idx]; sigSz = length; - idx += length; + idx += (word32)length; } pkcs7->content = content; @@ -6508,7 +6587,7 @@ static int PKCS7_VerifySignedData(PKCS7* pkcs7, const byte* hashBuf, /* make sure that terminating zero's follow */ if ((ret == WC_NO_ERR_TRACE(PKCS7_SIGNEEDS_CHECK) || ret >= 0) && pkcs7->stream->indefLen == 1) { - int i; + word32 i; for (i = 0; i < 3 * ASN_INDEF_END_SZ; i++) { if (pkiMsg2[idx + i] != 0) { ret = ASN_PARSE_E; @@ -6570,7 +6649,7 @@ int wc_PKCS7_GetSignerSID(PKCS7* pkcs7, byte* out, word32* outSz) if (out == NULL) { *outSz = pkcs7->signerInfo->sidSz; - return LENGTH_ONLY_E; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if (*outSz < pkcs7->signerInfo->sidSz) { @@ -6750,9 +6829,9 @@ typedef struct WC_PKCS7_KARI { word32 sharedInfoSz; /* size of ECC-CMS-SharedInfo encoded */ byte ukmOwner; /* do we own ukm buffer? 1:yes, 0:no */ byte direction; /* WC_PKCS7_ENCODE | WC_PKCS7_DECODE */ - byte decodedInit : 1; /* indicates decoded was initialized */ - byte recipKeyInit : 1; /* indicates recipKey was initialized */ - byte senderKeyInit : 1; /* indicates senderKey was initialized */ + WC_BITFIELD decodedInit:1; /* indicates decoded was initialized */ + WC_BITFIELD recipKeyInit:1; /* indicates recipKey was initialized */ + WC_BITFIELD senderKeyInit:1; /* indicates senderKey was initialized */ } WC_PKCS7_KARI; @@ -7044,22 +7123,22 @@ static int wc_PKCS7_KariGenerateSharedInfo(WC_PKCS7_KARI* kari, int keyWrapOID) /* kekOctet */ kekOctetSz = (int)SetOctetString(sizeof(word32), kekOctet); - sharedInfoSz += (kekOctetSz + sizeof(word32)); + sharedInfoSz += (kekOctetSz + (int)sizeof(word32)); /* suppPubInfo */ - suppPubInfoSeqSz = SetImplicit(ASN_SEQUENCE, 2, - kekOctetSz + sizeof(word32), - suppPubInfoSeq, 0); + suppPubInfoSeqSz = (int)SetImplicit(ASN_SEQUENCE, 2, + (word32)kekOctetSz + sizeof(word32), + suppPubInfoSeq, 0); sharedInfoSz += suppPubInfoSeqSz; /* optional ukm/entityInfo */ if (kari->ukmSz > 0) { entityUInfoOctetSz = (int)SetOctetString(kari->ukmSz, entityUInfoOctet); - sharedInfoSz += (entityUInfoOctetSz + kari->ukmSz); + sharedInfoSz += (entityUInfoOctetSz + (int)kari->ukmSz); - entityUInfoExplicitSz = SetExplicit(0, entityUInfoOctetSz + - kari->ukmSz, - entityUInfoExplicitSeq, 0); + entityUInfoExplicitSz = (int)SetExplicit(0, + (word32)entityUInfoOctetSz + kari->ukmSz, + entityUInfoExplicitSeq, 0); sharedInfoSz += entityUInfoExplicitSz; } @@ -7071,29 +7150,30 @@ static int wc_PKCS7_KariGenerateSharedInfo(WC_PKCS7_KARI* kari, int keyWrapOID) sharedInfoSeqSz = (int)SetSequence((word32)sharedInfoSz, sharedInfoSeq); sharedInfoSz += sharedInfoSeqSz; - kari->sharedInfo = (byte*)XMALLOC(sharedInfoSz, kari->heap, + kari->sharedInfo = (byte*)XMALLOC((word32)sharedInfoSz, kari->heap, DYNAMIC_TYPE_PKCS7); if (kari->sharedInfo == NULL) return MEMORY_E; kari->sharedInfoSz = (word32)sharedInfoSz; - XMEMCPY(kari->sharedInfo + idx, sharedInfoSeq, sharedInfoSeqSz); + XMEMCPY(kari->sharedInfo + idx, sharedInfoSeq, (word32)sharedInfoSeqSz); idx += sharedInfoSeqSz; - XMEMCPY(kari->sharedInfo + idx, keyInfo, keyInfoSz); + XMEMCPY(kari->sharedInfo + idx, keyInfo, (word32)keyInfoSz); idx += keyInfoSz; if (kari->ukmSz > 0) { XMEMCPY(kari->sharedInfo + idx, entityUInfoExplicitSeq, - entityUInfoExplicitSz); + (word32)entityUInfoExplicitSz); idx += entityUInfoExplicitSz; - XMEMCPY(kari->sharedInfo + idx, entityUInfoOctet, entityUInfoOctetSz); + XMEMCPY(kari->sharedInfo + idx, entityUInfoOctet, + (word32)entityUInfoOctetSz); idx += entityUInfoOctetSz; XMEMCPY(kari->sharedInfo + idx, kari->ukm, kari->ukmSz); - idx += kari->ukmSz; + idx += (int)kari->ukmSz; } - XMEMCPY(kari->sharedInfo + idx, suppPubInfoSeq, suppPubInfoSeqSz); + XMEMCPY(kari->sharedInfo + idx, suppPubInfoSeq, (word32)suppPubInfoSeqSz); idx += suppPubInfoSeqSz; - XMEMCPY(kari->sharedInfo + idx, kekOctet, kekOctetSz); + XMEMCPY(kari->sharedInfo + idx, kekOctet, (word32)kekOctetSz); idx += kekOctetSz; kekBitSz = (kari->kekSz) * 8; /* convert to bits */ @@ -7126,7 +7206,7 @@ static int wc_PKCS7_KariGenerateKEK(WC_PKCS7_KARI* kari, WC_RNG* rng, if (kSz < 0) return kSz; - kari->kek = (byte*)XMALLOC(kSz, kari->heap, DYNAMIC_TYPE_PKCS7); + kari->kek = (byte*)XMALLOC((word32)kSz, kari->heap, DYNAMIC_TYPE_PKCS7); if (kari->kek == NULL) return MEMORY_E; @@ -7426,16 +7506,18 @@ int wc_PKCS7_AddRecipient_KARI(PKCS7* pkcs7, const byte* cert, word32 certSz, /* Start of RecipientEncryptedKeys */ /* EncryptedKey */ - encryptedKeyOctetSz = (int)SetOctetString(encryptedKeySz, encryptedKeyOctet); - totalSz += (encryptedKeyOctetSz + encryptedKeySz); + encryptedKeyOctetSz = (int)SetOctetString(encryptedKeySz, + encryptedKeyOctet); + totalSz += (encryptedKeyOctetSz + (int)encryptedKeySz); /* SubjectKeyIdentifier */ subjKeyIdOctetSz = (int)SetOctetString((word32)keyIdSize, subjKeyIdOctet); totalSz += (subjKeyIdOctetSz + keyIdSize); /* RecipientKeyIdentifier IMPLICIT [0] */ - recipKeyIdSeqSz = SetImplicit(ASN_SEQUENCE, 0, subjKeyIdOctetSz + - keyIdSize, recipKeyIdSeq, 0); + recipKeyIdSeqSz = (int)SetImplicit(ASN_SEQUENCE, 0, + (word32)(subjKeyIdOctetSz + keyIdSize), + recipKeyIdSeq, 0); totalSz += recipKeyIdSeqSz; /* RecipientEncryptedKey */ @@ -7450,9 +7532,9 @@ int wc_PKCS7_AddRecipient_KARI(PKCS7* pkcs7, const byte* cert, word32 certSz, if (kari->ukmSz > 0) { ukmOctetSz = (int)SetOctetString(kari->ukmSz, ukmOctetStr); - totalSz += (ukmOctetSz + kari->ukmSz); + totalSz += (ukmOctetSz + (int)kari->ukmSz); - ukmExplicitSz = SetExplicit(1, ukmOctetSz + kari->ukmSz, + ukmExplicitSz = (int)SetExplicit(1, (word32)ukmOctetSz + kari->ukmSz, ukmExplicitSeq, 0); totalSz += ukmExplicitSz; } @@ -7475,7 +7557,7 @@ int wc_PKCS7_AddRecipient_KARI(PKCS7* pkcs7, const byte* cert, word32 certSz, origPubKeyStr[0] = ASN_BIT_STRING; origPubKeyStrSz = (int)SetLength(kari->senderKeyExportSz + 1, origPubKeyStr + 1) + 2; - totalSz += (origPubKeyStrSz + kari->senderKeyExportSz); + totalSz += (origPubKeyStrSz + (int)kari->senderKeyExportSz); /* Originator AlgorithmIdentifier, params set to NULL for interop compatibility */ @@ -7486,15 +7568,15 @@ int wc_PKCS7_AddRecipient_KARI(PKCS7* pkcs7, const byte* cert, word32 certSz, /* outer OriginatorPublicKey IMPLICIT [1] */ origPubKeySeqSz = (int)SetImplicit(ASN_SEQUENCE, 1, - origAlgIdSz + origPubKeyStrSz + - kari->senderKeyExportSz, origPubKeySeq, 0); + (word32)(origAlgIdSz + origPubKeyStrSz + + (int)kari->senderKeyExportSz), origPubKeySeq, 0); totalSz += origPubKeySeqSz; /* outer OriginatorIdentifierOrKey IMPLICIT [0] */ origIdOrKeySeqSz = (int)SetImplicit(ASN_SEQUENCE, 0, - origPubKeySeqSz + origAlgIdSz + - origPubKeyStrSz + kari->senderKeyExportSz, - origIdOrKeySeq, 0); + (word32)(origPubKeySeqSz + origAlgIdSz + + origPubKeyStrSz + (int)kari->senderKeyExportSz), + origIdOrKeySeq, 0); totalSz += origIdOrKeySeqSz; /* version, always 3 */ @@ -7516,53 +7598,53 @@ int wc_PKCS7_AddRecipient_KARI(PKCS7* pkcs7, const byte* cert, word32 certSz, return BUFFER_E; } - XMEMCPY(recip->recip + idx, kariSeq, kariSeqSz); - idx += kariSeqSz; - XMEMCPY(recip->recip + idx, ver, verSz); - idx += verSz; + XMEMCPY(recip->recip + idx, kariSeq, (word32)kariSeqSz); + idx += (word32)kariSeqSz; + XMEMCPY(recip->recip + idx, ver, (word32)verSz); + idx += (word32)verSz; - XMEMCPY(recip->recip + idx, origIdOrKeySeq, origIdOrKeySeqSz); - idx += origIdOrKeySeqSz; - XMEMCPY(recip->recip + idx, origPubKeySeq, origPubKeySeqSz); - idx += origPubKeySeqSz; + XMEMCPY(recip->recip + idx, origIdOrKeySeq, (word32)origIdOrKeySeqSz); + idx += (word32)origIdOrKeySeqSz; + XMEMCPY(recip->recip + idx, origPubKeySeq, (word32)origPubKeySeqSz); + idx += (word32)origPubKeySeqSz; /* AlgorithmIdentifier with NULL parameter */ - XMEMCPY(recip->recip + idx, origAlgId, origAlgIdSz); - idx += origAlgIdSz; + XMEMCPY(recip->recip + idx, origAlgId, (word32)origAlgIdSz); + idx += (word32)origAlgIdSz; - XMEMCPY(recip->recip + idx, origPubKeyStr, origPubKeyStrSz); - idx += origPubKeyStrSz; + XMEMCPY(recip->recip + idx, origPubKeyStr, (word32)origPubKeyStrSz); + idx += (word32)origPubKeyStrSz; /* ephemeral public key */ XMEMCPY(recip->recip + idx, kari->senderKeyExport, kari->senderKeyExportSz); idx += kari->senderKeyExportSz; if (kari->ukmSz > 0) { - XMEMCPY(recip->recip + idx, ukmExplicitSeq, ukmExplicitSz); - idx += ukmExplicitSz; - XMEMCPY(recip->recip + idx, ukmOctetStr, ukmOctetSz); - idx += ukmOctetSz; + XMEMCPY(recip->recip + idx, ukmExplicitSeq, (word32)ukmExplicitSz); + idx += (word32)ukmExplicitSz; + XMEMCPY(recip->recip + idx, ukmOctetStr, (word32)ukmOctetSz); + idx += (word32)ukmOctetSz; XMEMCPY(recip->recip + idx, kari->ukm, kari->ukmSz); idx += kari->ukmSz; } - XMEMCPY(recip->recip + idx, keyEncryptAlgoId, keyEncryptAlgoIdSz); - idx += keyEncryptAlgoIdSz; - XMEMCPY(recip->recip + idx, keyWrapAlg, keyWrapAlgSz); - idx += keyWrapAlgSz; + XMEMCPY(recip->recip + idx, keyEncryptAlgoId, (word32)keyEncryptAlgoIdSz); + idx += (word32)keyEncryptAlgoIdSz; + XMEMCPY(recip->recip + idx, keyWrapAlg, (word32)keyWrapAlgSz); + idx += (word32)keyWrapAlgSz; - XMEMCPY(recip->recip + idx, recipEncKeysSeq, recipEncKeysSeqSz); - idx += recipEncKeysSeqSz; - XMEMCPY(recip->recip + idx, recipEncKeySeq, recipEncKeySeqSz); - idx += recipEncKeySeqSz; - XMEMCPY(recip->recip + idx, recipKeyIdSeq, recipKeyIdSeqSz); - idx += recipKeyIdSeqSz; - XMEMCPY(recip->recip + idx, subjKeyIdOctet, subjKeyIdOctetSz); - idx += subjKeyIdOctetSz; + XMEMCPY(recip->recip + idx, recipEncKeysSeq, (word32)recipEncKeysSeqSz); + idx += (word32)recipEncKeysSeqSz; + XMEMCPY(recip->recip + idx, recipEncKeySeq, (word32)recipEncKeySeqSz); + idx += (word32)recipEncKeySeqSz; + XMEMCPY(recip->recip + idx, recipKeyIdSeq, (word32)recipKeyIdSeqSz); + idx += (word32)recipKeyIdSeqSz; + XMEMCPY(recip->recip + idx, subjKeyIdOctet, (word32)subjKeyIdOctetSz); + idx += (word32)subjKeyIdOctetSz; /* subject key id */ - XMEMCPY(recip->recip + idx, kari->decoded->extSubjKeyId, keyIdSize); - idx += keyIdSize; - XMEMCPY(recip->recip + idx, encryptedKeyOctet, encryptedKeyOctetSz); - idx += encryptedKeyOctetSz; + XMEMCPY(recip->recip + idx, kari->decoded->extSubjKeyId, (word32)keyIdSize); + idx += (word32)keyIdSize; + XMEMCPY(recip->recip + idx, encryptedKeyOctet, (word32)encryptedKeyOctetSz); + idx += (word32)encryptedKeyOctetSz; /* encrypted CEK */ XMEMCPY(recip->recip + idx, encryptedKey, encryptedKeySz); idx += encryptedKeySz; @@ -7777,8 +7859,8 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz, XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return -1; } - snSz = SetSerialNumber(decoded->serial, decoded->serialSz, serial, - MAX_SN_SZ, MAX_SN_SZ); + snSz = SetSerialNumber(decoded->serial, (word32)decoded->serialSz, + serial, MAX_SN_SZ, MAX_SN_SZ); if (snSz < 0) { WOLFSSL_MSG("Error setting the serial number"); FreeDecodedCert(decoded); @@ -7791,8 +7873,8 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz, XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return -1; } - issuerSerialSeqSz = SetSequence(issuerSeqSz + issuerSz + snSz, - issuerSerialSeq); + issuerSerialSeqSz = (int)SetSequence((word32)(issuerSeqSz + issuerSz + + snSz), issuerSerialSeq); } else if (sidType == CMS_SKID) { /* version, must be 2 for SubjectKeyIdentifier */ @@ -7827,7 +7909,8 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz, return ALGO_ID_E; } - keyEncAlgSz = SetAlgoID(pkcs7->publicKeyOID, keyAlgArray, oidKeyType, 0); + keyEncAlgSz = (int)SetAlgoID((int)pkcs7->publicKeyOID, keyAlgArray, + oidKeyType, 0); if (keyEncAlgSz == 0) { FreeDecodedCert(decoded); #ifdef WOLFSSL_SMALL_STACK @@ -7939,12 +8022,12 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz, /* RecipientInfo */ if (sidType == CMS_ISSUER_AND_SERIAL_NUMBER) { - recipSeqSz = (int)SetSequence(verSz + issuerSerialSeqSz + issuerSeqSz + - issuerSz + snSz + keyEncAlgSz + - encKeyOctetStrSz + encryptedKeySz, recipSeq); + int recipLen = verSz + (int)issuerSerialSeqSz + issuerSeqSz + + issuerSz + snSz + keyEncAlgSz + encKeyOctetStrSz + + (int)encryptedKeySz; + recipSeqSz = (int)SetSequence((word32)recipLen, recipSeq); - if (recipSeqSz + verSz + issuerSerialSeqSz + issuerSeqSz + snSz + - keyEncAlgSz + encKeyOctetStrSz + encryptedKeySz > MAX_RECIP_SZ) { + if ((recipSeqSz + recipLen) > MAX_RECIP_SZ) { WOLFSSL_MSG("RecipientInfo output buffer too small"); FreeDecodedCert(decoded); #ifdef WOLFSSL_SMALL_STACK @@ -7958,12 +8041,10 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz, } } else { - recipSeqSz = SetSequence(verSz + ASN_TAG_SZ + issuerSKIDSz + - keyIdSize + keyEncAlgSz + encKeyOctetStrSz + - encryptedKeySz, recipSeq); - - if (recipSeqSz + verSz + ASN_TAG_SZ + issuerSKIDSz + keyIdSize + - keyEncAlgSz + encKeyOctetStrSz + encryptedKeySz > MAX_RECIP_SZ) { + int recipLen = verSz + ASN_TAG_SZ + (int)issuerSKIDSz + keyIdSize + + keyEncAlgSz + encKeyOctetStrSz + (int)encryptedKeySz; + recipSeqSz = (int)SetSequence((word32)recipLen, recipSeq); + if ((recipSeqSz + recipLen) > MAX_RECIP_SZ) { WOLFSSL_MSG("RecipientInfo output buffer too small"); FreeDecodedCert(decoded); #ifdef WOLFSSL_SMALL_STACK @@ -7978,31 +8059,31 @@ int wc_PKCS7_AddRecipient_KTRI(PKCS7* pkcs7, const byte* cert, word32 certSz, } idx = 0; - XMEMCPY(recip->recip + idx, recipSeq, recipSeqSz); - idx += recipSeqSz; - XMEMCPY(recip->recip + idx, ver, verSz); - idx += verSz; + XMEMCPY(recip->recip + idx, recipSeq, (word32)recipSeqSz); + idx += (word32)recipSeqSz; + XMEMCPY(recip->recip + idx, ver, (word32)verSz); + idx += (word32)verSz; if (sidType == CMS_ISSUER_AND_SERIAL_NUMBER) { - XMEMCPY(recip->recip + idx, issuerSerialSeq, issuerSerialSeqSz); - idx += issuerSerialSeqSz; - XMEMCPY(recip->recip + idx, issuerSeq, issuerSeqSz); - idx += issuerSeqSz; - XMEMCPY(recip->recip + idx, decoded->issuerRaw, issuerSz); - idx += issuerSz; - XMEMCPY(recip->recip + idx, serial, snSz); - idx += snSz; + XMEMCPY(recip->recip + idx, issuerSerialSeq, (word32)issuerSerialSeqSz); + idx += (word32)issuerSerialSeqSz; + XMEMCPY(recip->recip + idx, issuerSeq, (word32)issuerSeqSz); + idx += (word32)issuerSeqSz; + XMEMCPY(recip->recip + idx, decoded->issuerRaw, (word32)issuerSz); + idx += (word32)issuerSz; + XMEMCPY(recip->recip + idx, serial, (word32)snSz); + idx += (word32)snSz; } else { recip->recip[idx] = ASN_CONTEXT_SPECIFIC; idx += ASN_TAG_SZ; XMEMCPY(recip->recip + idx, issuerSKID, issuerSKIDSz); idx += issuerSKIDSz; - XMEMCPY(recip->recip + idx, pkcs7->issuerSubjKeyId, keyIdSize); - idx += keyIdSize; + XMEMCPY(recip->recip + idx, pkcs7->issuerSubjKeyId, (word32)keyIdSize); + idx += (word32)keyIdSize; } - XMEMCPY(recip->recip + idx, keyAlgArray, keyEncAlgSz); - idx += keyEncAlgSz; - XMEMCPY(recip->recip + idx, encKeyOctetStr, encKeyOctetStrSz); - idx += encKeyOctetStrSz; + XMEMCPY(recip->recip + idx, keyAlgArray, (word32)keyEncAlgSz); + idx += (word32)keyEncAlgSz; + XMEMCPY(recip->recip + idx, encKeyOctetStr, (word32)encKeyOctetStrSz); + idx += (word32)encKeyOctetStrSz; XMEMCPY(recip->recip + idx, encryptedKey, encryptedKeySz); idx += encryptedKeySz; @@ -8185,16 +8266,18 @@ static int wc_PKCS7_EncryptContent(PKCS7* pkcs7, int encryptOID, byte* key, ret = NOT_COMPILED_IN; } else { - ret = wc_AesGcmEncrypt(aes, out, in, inSz, iv, ivSz, - authTag, authTagSz, aad, aadSz); + ret = wc_AesGcmEncrypt(aes, out, in, (word32)inSz, iv, + (word32)ivSz, authTag, authTagSz, aad, aadSz); #ifdef WOLFSSL_ASYNC_CRYPT - /* async encrypt not available here, so block till done */ + /* async encrypt not available here, so block till done + */ ret = wc_AsyncWait(ret, &aes->asyncDev, WC_ASYNC_FLAG_NONE); #endif } #else - ret = wc_AesGcmEncryptInit(aes, key, (word32)keySz, iv, ivSz); + ret = wc_AesGcmEncryptInit(aes, key, (word32)keySz, iv, + (word32)ivSz); if (ret == 0) { ret = wc_AesGcmEncryptUpdate(aes, NULL, NULL, 0, aad, aadSz); @@ -8246,8 +8329,9 @@ static int wc_PKCS7_EncryptContent(PKCS7* pkcs7, int encryptOID, byte* key, if (ret == 0) { ret = wc_AesCcmSetKey(aes, key, (word32)keySz); if (ret == 0) { - ret = wc_AesCcmEncrypt(aes, out, in, (word32)inSz, iv, ivSz, - authTag, authTagSz, aad, aadSz); + ret = wc_AesCcmEncrypt(aes, out, in, (word32)inSz, iv, + (word32)ivSz, authTag, authTagSz, + aad, aadSz); #ifdef WOLFSSL_ASYNC_CRYPT /* async encrypt not available here, so block till done */ ret = wc_AsyncWait(ret, &aes->asyncDev, WC_ASYNC_FLAG_NONE); @@ -8417,8 +8501,9 @@ static int wc_PKCS7_DecryptContent(PKCS7* pkcs7, int encryptOID, byte* key, if (ret == 0) { ret = wc_AesGcmSetKey(aes, key, (word32)keySz); if (ret == 0) { - ret = wc_AesGcmDecrypt(aes, out, in, (word32)inSz, iv, ivSz, - authTag, authTagSz, aad, aadSz); + ret = wc_AesGcmDecrypt(aes, out, in, (word32)inSz, iv, + (word32)ivSz, authTag, authTagSz, + aad, aadSz); #ifdef WOLFSSL_ASYNC_CRYPT /* async decrypt not available here, so block till done */ ret = wc_AsyncWait(ret, &aes->asyncDev, WC_ASYNC_FLAG_NONE); @@ -8456,8 +8541,9 @@ static int wc_PKCS7_DecryptContent(PKCS7* pkcs7, int encryptOID, byte* key, if (ret == 0) { ret = wc_AesCcmSetKey(aes, key, (word32)keySz); if (ret == 0) { - ret = wc_AesCcmDecrypt(aes, out, in, (word32)inSz, iv, ivSz, - authTag, authTagSz, aad, aadSz); + ret = wc_AesCcmDecrypt(aes, out, in, (word32)inSz, iv, + (word32)ivSz, authTag, authTagSz, + aad, aadSz); #ifdef WOLFSSL_ASYNC_CRYPT /* async decrypt not available here, so block till done */ ret = wc_AsyncWait(ret, &aes->asyncDev, WC_ASYNC_FLAG_NONE); @@ -8611,14 +8697,14 @@ int wc_PKCS7_SetContentType(PKCS7* pkcs7, byte* contentType, word32 sz) /* return size of padded data, padded to blockSz chunks, or negative on error */ int wc_PKCS7_GetPadSize(word32 inputSz, word32 blockSz) { - int padSz; + word32 padSz; if (blockSz == 0) return BAD_FUNC_ARG; padSz = blockSz - (inputSz % blockSz); - return padSz; + return (int)padSz; } @@ -8627,15 +8713,17 @@ int wc_PKCS7_GetPadSize(word32 inputSz, word32 blockSz) int wc_PKCS7_PadData(byte* in, word32 inSz, byte* out, word32 outSz, word32 blockSz) { - int i, padSz; + int ret; + word32 i, padSz; if (in == NULL || inSz == 0 || out == NULL || outSz == 0) return BAD_FUNC_ARG; - padSz = wc_PKCS7_GetPadSize(inSz, blockSz); - if (padSz < 0) - return padSz; + ret = wc_PKCS7_GetPadSize(inSz, blockSz); + if (ret < 0) + return ret; + padSz = (word32)ret; if (outSz < (inSz + padSz)) return BAD_FUNC_ARG; @@ -8646,7 +8734,7 @@ int wc_PKCS7_PadData(byte* in, word32 inSz, byte* out, word32 outSz, out[inSz + i] = (byte)padSz; } - return inSz + padSz; + return (int)(inSz + padSz); } @@ -8707,8 +8795,8 @@ int wc_PKCS7_AddRecipient_ORI(PKCS7* pkcs7, CallbackOriEncrypt oriEncryptCb, oriTypeLenSz = (int)SetLength(oriTypeSz, oriTypeLen); - recipSeqSz = SetImplicit(ASN_SEQUENCE, 4, 1 + oriTypeLenSz + oriTypeSz + - oriValueSz, recipSeq, 0); + recipSeqSz = SetImplicit(ASN_SEQUENCE, 4, 1 + (word32)oriTypeLenSz + + oriTypeSz + oriValueSz, recipSeq, 0); idx = 0; XMEMCPY(recip->recip + idx, recipSeq, recipSeqSz); @@ -8716,8 +8804,8 @@ int wc_PKCS7_AddRecipient_ORI(PKCS7* pkcs7, CallbackOriEncrypt oriEncryptCb, /* oriType */ recip->recip[idx] = ASN_OBJECT_ID; idx += 1; - XMEMCPY(recip->recip + idx, oriTypeLen, oriTypeLenSz); - idx += oriTypeLenSz; + XMEMCPY(recip->recip + idx, oriTypeLen, (word32)oriTypeLenSz); + idx += (word32)oriTypeLenSz; XMEMCPY(recip->recip + idx, oriType, oriTypeSz); idx += oriTypeSz; /* oriValue, input MUST already be ASN.1 encoded */ @@ -8762,8 +8850,8 @@ static int wc_PKCS7_GenerateKEK_PWRI(PKCS7* pkcs7, byte* passwd, word32 pLen, case PBKDF2_OID: - ret = wc_PBKDF2(out, passwd, (int)pLen, salt, saltSz, iterations, - (int)outSz, prfOID); + ret = wc_PBKDF2(out, passwd, (int)pLen, salt, (int)saltSz, + iterations, (int)outSz, prfOID); if (ret != 0) { return ret; } @@ -8805,17 +8893,17 @@ static int wc_PKCS7_PwriKek_KeyWrap(PKCS7* pkcs7, const byte* kek, word32 kekSz, } /* get pad bytes needed to block boundary */ - padSz = blockSz - ((4 + cekSz) % blockSz); - outLen = 4 + cekSz + padSz; + padSz = (word32)blockSz - ((4 + cekSz) % (word32)blockSz); + outLen = (int)(4 + cekSz + padSz); /* must be at least two blocks long */ if (outLen < 2 * blockSz) - padSz += blockSz; + padSz += (word32)blockSz; /* if user set out to NULL, give back required length */ if (out == NULL) { *outSz = (word32)outLen; - return LENGTH_ONLY_E; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); } /* verify output buffer is large enough */ @@ -8895,7 +8983,7 @@ static int wc_PKCS7_PwriKek_KeyUnWrap(PKCS7* pkcs7, const byte* kek, } /* input needs to be blockSz multiple and at least 2 * blockSz */ - if (((inSz % blockSz) != 0) || (inSz < (2 * (word32)blockSz))) { + if (((inSz % (word32)blockSz) != 0) || (inSz < (2 * (word32)blockSz))) { WOLFSSL_MSG("PWRI-KEK unwrap input must of block size and >= 2 " "times block size"); XFREE(outTmp, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); @@ -8915,15 +9003,15 @@ static int wc_PKCS7_PwriKek_KeyUnWrap(PKCS7* pkcs7, const byte* kek, /* using last decrypted block as IV, decrypt [0 ... n-1] blocks */ lastBlock = outTmp + inSz - blockSz; ret = wc_PKCS7_DecryptContent(pkcs7, algID, (byte*)kek, (int)kekSz, - lastBlock, blockSz, NULL, 0, NULL, 0, (byte*)in, inSz - blockSz, - outTmp, pkcs7->devId, pkcs7->heap); + lastBlock, blockSz, NULL, 0, NULL, 0, (byte*)in, + (int)inSz - blockSz, outTmp, pkcs7->devId, pkcs7->heap); } if (ret == 0) { /* decrypt using original kek and iv */ ret = wc_PKCS7_DecryptContent(pkcs7, algID, (byte*)kek, (int)kekSz, - (byte*)iv, ivSz, NULL, 0, NULL, 0, outTmp, inSz, outTmp, - pkcs7->devId, pkcs7->heap); + (byte*)iv, (int)ivSz, NULL, 0, NULL, 0, outTmp, (int)inSz, + outTmp, pkcs7->devId, pkcs7->heap); } if (ret != 0) { @@ -9058,7 +9146,7 @@ int wc_PKCS7_AddRecipient_PWRI(PKCS7* pkcs7, byte* passwd, word32 pLen, if (recip == NULL) return MEMORY_E; - kek = (byte*)XMALLOC(kekKeySz, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + kek = (byte*)XMALLOC((word32)kekKeySz, pkcs7->heap, DYNAMIC_TYPE_PKCS7); if (kek == NULL) { XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return MEMORY_E; @@ -9074,7 +9162,7 @@ int wc_PKCS7_AddRecipient_PWRI(PKCS7* pkcs7, byte* passwd, word32 pLen, encryptedKeySz = MAX_ENCRYPTED_KEY_SZ; XMEMSET(recip, 0, sizeof(Pkcs7EncodedRecip)); - XMEMSET(kek, 0, kekKeySz); + XMEMSET(kek, 0, (word32)kekKeySz); XMEMSET(encryptedKey, 0, encryptedKeySz); /* generate KEK: expand password into KEK */ @@ -9106,12 +9194,12 @@ int wc_PKCS7_AddRecipient_PWRI(PKCS7* pkcs7, byte* passwd, word32 pLen, /* put together IV OCTET STRING */ ivOctetStringSz = SetOctetString((word32)kekBlockSz, ivOctetString); - totalSz += (ivOctetStringSz + kekBlockSz); + totalSz += (ivOctetStringSz + (word32)kekBlockSz); /* set PWRIAlgorithms AlgorithmIdentifier, adding (ivOctetStringSz + blockKeySz) for IV OCTET STRING */ pwriEncAlgoIdSz = SetAlgoID(encryptOID, pwriEncAlgoId, - oidBlkType, ivOctetStringSz + kekBlockSz); + oidBlkType, (int)ivOctetStringSz + kekBlockSz); totalSz += pwriEncAlgoIdSz; /* set KeyEncryptionAlgorithms OID */ @@ -9127,7 +9215,7 @@ int wc_PKCS7_AddRecipient_PWRI(PKCS7* pkcs7, byte* passwd, word32 pLen, /* KeyEncryptionAlgorithm SEQ */ keyEncAlgoIdSeqSz = SetSequence(keyEncAlgoIdSz + pwriEncAlgoIdSz + - ivOctetStringSz + kekBlockSz, + ivOctetStringSz + (word32)kekBlockSz, keyEncAlgoIdSeq); totalSz += keyEncAlgoIdSeqSz; @@ -9203,8 +9291,8 @@ int wc_PKCS7_AddRecipient_PWRI(PKCS7* pkcs7, byte* passwd, word32 pLen, idx += pwriEncAlgoIdSz; XMEMCPY(recip->recip + idx, ivOctetString, ivOctetStringSz); idx += ivOctetStringSz; - XMEMCPY(recip->recip + idx, tmpIv, kekBlockSz); - idx += kekBlockSz; + XMEMCPY(recip->recip + idx, tmpIv, (word32)kekBlockSz); + idx += (word32)kekBlockSz; XMEMCPY(recip->recip + idx, encKeyOctetStr, encKeyOctetStrSz); idx += encKeyOctetStrSz; XMEMCPY(recip->recip + idx, encryptedKey, encryptedKeySz); @@ -9339,7 +9427,7 @@ int wc_PKCS7_AddRecipient_KEKRI(PKCS7* pkcs7, int keyWrapOID, byte* kek, } #endif encryptedKeySz = MAX_ENCRYPTED_KEY_SZ; - XMEMSET(encryptedKey, 0, encryptedKeySz); + XMEMSET(encryptedKey, 0, (word32)encryptedKeySz); #ifndef NO_AES direction = AES_ENCRYPTION; @@ -9367,7 +9455,7 @@ int wc_PKCS7_AddRecipient_KEKRI(PKCS7* pkcs7, int keyWrapOID, byte* kek, } encKeyOctetStrSz = SetOctetString((word32)encryptedKeySz, encKeyOctetStr); - totalSz += (encKeyOctetStrSz + encryptedKeySz); + totalSz += (encKeyOctetStrSz + (word32)encryptedKeySz); /* KeyEncryptionAlgorithmIdentifier */ encAlgoIdSz = SetAlgoID(keyWrapOID, encAlgoId, oidKeyWrapType, 0); @@ -9389,7 +9477,7 @@ int wc_PKCS7_AddRecipient_KEKRI(PKCS7* pkcs7, int keyWrapOID, byte* kek, #endif return timeSz; } - totalSz += timeSz; + totalSz += (word32)timeSz; } #endif @@ -9400,7 +9488,7 @@ int wc_PKCS7_AddRecipient_KEKRI(PKCS7* pkcs7, int keyWrapOID, byte* kek, } /* KEKIdentifier SEQ */ - kekIdSeqSz = SetSequence(kekIdOctetStrSz + keyIdSz + timeSz + + kekIdSeqSz = SetSequence(kekIdOctetStrSz + keyIdSz + (word32)timeSz + otherAttSeqSz + otherOIDSz + otherSz, kekIdSeq); totalSz += kekIdSeqSz; @@ -9433,8 +9521,8 @@ int wc_PKCS7_AddRecipient_KEKRI(PKCS7* pkcs7, int keyWrapOID, byte* kek, XMEMCPY(recip->recip + idx, keyId, keyIdSz); idx += keyIdSz; if (timePtr != NULL) { - XMEMCPY(recip->recip + idx, genTime, timeSz); - idx += timeSz; + XMEMCPY(recip->recip + idx, genTime, (word32)timeSz); + idx += (word32)timeSz; } if (other != NULL && otherSz > 0) { XMEMCPY(recip->recip + idx, otherAttSeq, otherAttSeqSz); @@ -9448,8 +9536,8 @@ int wc_PKCS7_AddRecipient_KEKRI(PKCS7* pkcs7, int keyWrapOID, byte* kek, idx += encAlgoIdSz; XMEMCPY(recip->recip + idx, encKeyOctetStr, encKeyOctetStrSz); idx += encKeyOctetStrSz; - XMEMCPY(recip->recip + idx, encryptedKey, encryptedKeySz); - idx += encryptedKeySz; + XMEMCPY(recip->recip + idx, encryptedKey, (word32)encryptedKeySz); + idx += (word32)encryptedKeySz; #ifdef WOLFSSL_SMALL_STACK XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7); @@ -9563,8 +9651,9 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) } #ifndef ASN_BER_TO_DER - if (output == NULL || outputSz == 0) + if (output == NULL || outputSz == 0) { return BAD_FUNC_ARG; + } #else /* if both output and callback are not set then error out */ if ((output == NULL || outputSz == 0) && (pkcs7->streamOutCb == NULL)) { @@ -9677,20 +9766,21 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) return padSz; } - encryptedOutSz = pkcs7->contentSz + padSz; + encryptedOutSz = (int)pkcs7->contentSz + padSz; #ifdef ASN_BER_TO_DER if (pkcs7->getContentCb == NULL) #endif { - plain = (byte*)XMALLOC(encryptedOutSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + plain = (byte*)XMALLOC((word32)encryptedOutSz, pkcs7->heap, + DYNAMIC_TYPE_PKCS7); if (plain == NULL) { wc_PKCS7_FreeEncodedRecipientSet(pkcs7); return MEMORY_E; } ret = wc_PKCS7_PadData(pkcs7->content, pkcs7->contentSz, plain, - (word32)encryptedOutSz, blockSz); + (word32)encryptedOutSz, (word32)blockSz); if (ret < 0) { XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7); wc_PKCS7_FreeEncodedRecipientSet(pkcs7); @@ -9703,7 +9793,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) if (pkcs7->streamOutCb == NULL) #endif { - encryptedContent = (byte*)XMALLOC(encryptedOutSz, pkcs7->heap, + encryptedContent = (byte*)XMALLOC((word32)encryptedOutSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7); if (encryptedContent == NULL) { XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7); @@ -9729,9 +9819,9 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) encContentOctetSz = (int)SetImplicit(ASN_OCTET_STRING, 0, (word32)encryptedOutSz, encContentOctet, pkcs7->encodeStream); - encContentSeqSz = (int)SetSequenceEx(contentTypeSz + contentEncAlgoSz + - ivOctetStringSz + blockSz + - encContentOctetSz + encryptedOutSz, + encContentSeqSz = (int)SetSequenceEx((word32)(contentTypeSz + + contentEncAlgoSz + ivOctetStringSz + blockSz + + encContentOctetSz + encryptedOutSz), encContentSeq, pkcs7->encodeStream); /* keep track of sizes for outer wrapper layering */ @@ -9751,8 +9841,9 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) totalSz += ASN_INDEF_END_SZ; /* account for asn1 syntax around octet strings */ - StreamOctetString(NULL, (word32)encryptedOutSz, NULL, &streamSz, &tmpIdx); - totalSz += (streamSz - encryptedOutSz); + StreamOctetString(NULL, (word32)encryptedOutSz, NULL, &streamSz, + &tmpIdx); + totalSz += ((int)streamSz - encryptedOutSz); /* resize encrypted content buffer */ if (encryptedContent != NULL) { @@ -9836,7 +9927,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) while (tmpRecip != NULL) { wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL, tmpRecip->recip, tmpRecip->recipSz); - idx += tmpRecip->recipSz; + idx += (int)tmpRecip->recipSz; tmpRecip = tmpRecip->next; } wc_PKCS7_FreeEncodedRecipientSet(pkcs7); @@ -9862,16 +9953,12 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) /* encrypt content */ ret = wc_PKCS7_EncryptContent(pkcs7, pkcs7->encryptOID, pkcs7->cek, - pkcs7->cekSz, tmpIv, blockSz, NULL, 0, NULL, 0, plain, + (int)pkcs7->cekSz, tmpIv, blockSz, NULL, 0, NULL, 0, plain, encryptedOutSz, encryptedContent); if (ret != 0) { - if (encryptedContent != NULL) { - XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - } + XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - if (plain != NULL) { - XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - } + XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7); wc_PKCS7_FreeEncodedRecipientSet(pkcs7); return ret; @@ -9888,7 +9975,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) wc_PKCS7_WriteOut(pkcs7, (output)? output + idx : NULL, encryptedContent, streamSz); } - idx += streamSz; + idx += (int)streamSz; /* end of encrypted content */ localIdx += SetIndefEnd(indefEnd + localIdx); @@ -9907,23 +9994,19 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL, indefEnd, localIdx); - idx += localIdx; + idx += (int)localIdx; } else #endif { wc_PKCS7_WriteOut(pkcs7, (output)? (output + idx) : NULL, - encryptedContent, encryptedOutSz); + encryptedContent, (word32)encryptedOutSz); idx += encryptedOutSz; } - if (plain != NULL) { - XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - } + XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - if (encryptedContent != NULL) { - XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - } + XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return idx; } @@ -10063,7 +10146,8 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz, return ASN_PARSE_E; /* if we found correct recipient, issuer hashes will match */ - if (XMEMCMP(issuerHash, pkcs7->issuerHash, keyIdSize) == 0) { + if (XMEMCMP(issuerHash, pkcs7->issuerHash, + (word32)keyIdSize) == 0) { *recipFound = 1; } @@ -10116,10 +10200,10 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz, /* if we found correct recipient, SKID will match */ if (XMEMCMP(pkiMsg + (*idx), pkcs7->issuerSubjKeyId, - keyIdSize) == 0) { + (word32)keyIdSize) == 0) { *recipFound = 1; } - (*idx) += keyIdSize; + (*idx) += (word32)keyIdSize; } if (GetAlgoId(pkiMsg, idx, &encOID, oidKeyType, pkiMsgSz) < 0) @@ -10180,14 +10264,14 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz, #endif /* Always allocate to ensure aligned use with RSA */ - encryptedKey = (byte*)XMALLOC(encryptedKeySz, pkcs7->heap, + encryptedKey = (byte*)XMALLOC((word32)encryptedKeySz, pkcs7->heap, DYNAMIC_TYPE_WOLF_BIGINT); if (encryptedKey == NULL) return MEMORY_E; if (*recipFound == 1) - XMEMCPY(encryptedKey, &pkiMsg[*idx], encryptedKeySz); - *idx += encryptedKeySz; + XMEMCPY(encryptedKey, &pkiMsg[*idx], (word32)encryptedKeySz); + *idx += (word32)encryptedKeySz; /* load private key */ #ifdef WOLFSSL_SMALL_STACK @@ -10302,7 +10386,7 @@ static int wc_PKCS7_DecryptKtri(PKCS7* pkcs7, byte* in, word32 inSz, return keySz; } else { *decryptedKeySz = (word32)keySz; - XMEMCPY(decryptedKey, outKey, keySz); + XMEMCPY(decryptedKey, outKey, (word32)keySz); ForceZero(encryptedKey, (word32)encryptedKeySz); } @@ -10408,15 +10492,16 @@ static int wc_PKCS7_KariGetOriginatorIdentifierOrKey(WC_PKCS7_KARI* kari, kari->senderKeyInit = 1; /* length-1 for unused bits counter */ - ret = wc_ecc_import_x963_ex(pkiMsg + (*idx), length - 1, kari->senderKey, - curve_id); + ret = wc_ecc_import_x963_ex(pkiMsg + (*idx), (word32)length - 1, + kari->senderKey, curve_id); if (ret != 0) { - ret = wc_EccPublicKeyDecode(pkiMsg, idx, kari->senderKey, *idx + length - 1); + ret = wc_EccPublicKeyDecode(pkiMsg, idx, kari->senderKey, + *idx + (word32)length - 1); if (ret != 0) return ret; } else { - (*idx) += length - 1; + (*idx) += (word32)(length - 1); } return 0; @@ -10469,15 +10554,16 @@ static int wc_PKCS7_KariGetUserKeyingMaterial(WC_PKCS7_KARI* kari, kari->ukm = NULL; if (length > 0) { - kari->ukm = (byte*)XMALLOC(length, kari->heap, DYNAMIC_TYPE_PKCS7); + kari->ukm = (byte*)XMALLOC((word32)length, kari->heap, + DYNAMIC_TYPE_PKCS7); if (kari->ukm == NULL) return MEMORY_E; - XMEMCPY(kari->ukm, pkiMsg + (*idx), length); + XMEMCPY(kari->ukm, pkiMsg + (*idx), (word32)length); kari->ukmOwner = 1; } - (*idx) += length; + (*idx) += (word32)length; kari->ukmSz = (word32)length; return 0; @@ -10509,7 +10595,7 @@ static int wc_PKCS7_KariGetKeyEncryptionAlgorithmId(WC_PKCS7_KARI* kari, return ASN_PARSE_E; } - if (localIdx < *idx + length) { + if (localIdx < *idx + (word32)length) { *idx = localIdx; } /* remove KeyWrapAlgorithm, stored in parameter of KeyEncAlgoId */ @@ -10568,11 +10654,11 @@ static int wc_PKCS7_KariGetSubjectKeyIdentifier(WC_PKCS7_KARI* kari, if (length != keyIdSize) return ASN_PARSE_E; - XMEMCPY(rid, pkiMsg + (*idx), keyIdSize); - (*idx) += length; + XMEMCPY(rid, pkiMsg + (*idx), (word32)keyIdSize); + (*idx) += (word32)length; /* subject key id should match if recipient found */ - if (XMEMCMP(rid, kari->decoded->extSubjKeyId, keyIdSize) == 0) { + if (XMEMCMP(rid, kari->decoded->extSubjKeyId, (word32)keyIdSize) == 0) { *recipFound = 1; } @@ -10618,7 +10704,7 @@ static int wc_PKCS7_KariGetIssuerAndSerialNumber(WC_PKCS7_KARI* kari, /* if we found correct recipient, issuer hashes will match */ if (kari->decodedInit == 1) { - if (XMEMCMP(rid, kari->decoded->issuerHash, keyIdSize) == 0) { + if (XMEMCMP(rid, kari->decoded->issuerHash, (word32)keyIdSize) == 0) { *recipFound = 1; } } @@ -10653,7 +10739,7 @@ static int wc_PKCS7_KariGetIssuerAndSerialNumber(WC_PKCS7_KARI* kari, ret = mp_init(recipSerial); if (ret == MP_OKAY) ret = mp_read_unsigned_bin(recipSerial, kari->decoded->serial, - kari->decoded->serialSz); + (word32)kari->decoded->serialSz); if (ret != MP_OKAY) { mp_clear(serial); WOLFSSL_MSG("Failed to parse CMS recipient serial number"); @@ -10745,9 +10831,9 @@ static int wc_PKCS7_KariGetRecipientEncryptedKeys(WC_PKCS7_KARI* kari, if (length > *encryptedKeySz) return BUFFER_E; - XMEMCPY(encryptedKey, pkiMsg + (*idx), length); + XMEMCPY(encryptedKey, pkiMsg + (*idx), (word32)length); *encryptedKeySz = length; - (*idx) += length; + (*idx) += (word32)length; return 0; } @@ -10858,12 +10944,12 @@ static int wc_PKCS7_DecryptOri(PKCS7* pkcs7, byte* in, word32 inSz, if (GetASNObjectId(pkiMsg, idx, &oriOIDSz, pkiMsgSz) != 0) return ASN_PARSE_E; - XMEMCPY(oriOID, pkiMsg + *idx, oriOIDSz); - *idx += oriOIDSz; + XMEMCPY(oriOID, pkiMsg + *idx, (word32)oriOIDSz); + *idx += (word32)oriOIDSz; /* get oriValue, increment idx */ oriValue = pkiMsg + *idx; - oriValueSz = seqSz - (*idx - tmpIdx); + oriValueSz = (word32)seqSz - (*idx - tmpIdx); *idx += oriValueSz; /* pass oriOID and oriValue to user callback, expect back @@ -10971,12 +11057,13 @@ static int wc_PKCS7_DecryptPwri(PKCS7* pkcs7, byte* in, word32 inSz, if (GetLength(pkiMsg, idx, &saltSz, pkiMsgSz) < 0) return ASN_PARSE_E; - salt = (byte*)XMALLOC(saltSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + salt = (byte*)XMALLOC((word32)saltSz, pkcs7->heap, + DYNAMIC_TYPE_PKCS7); if (salt == NULL) return MEMORY_E; - XMEMCPY(salt, pkiMsg + (*idx), saltSz); - *idx += saltSz; + XMEMCPY(salt, pkiMsg + (*idx), (word32)saltSz); + *idx += (word32)saltSz; /* get KDF iterations */ if (GetMyVersion(pkiMsg, idx, &iterations, pkiMsgSz) < 0) { @@ -10997,7 +11084,8 @@ static int wc_PKCS7_DecryptPwri(PKCS7* pkcs7, byte* in, word32 inSz, } /* get pwriEncAlgoId */ - if (GetAlgoId(pkiMsg, idx, &pwriEncAlgoId, oidBlkType, pkiMsgSz) < 0) { + if (GetAlgoId(pkiMsg, idx, &pwriEncAlgoId, oidBlkType, + pkiMsgSz) < 0) { XFREE(salt, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return ASN_PARSE_E; } @@ -11037,8 +11125,8 @@ static int wc_PKCS7_DecryptPwri(PKCS7* pkcs7, byte* in, word32 inSz, return ASN_PARSE_E; } - XMEMCPY(tmpIv, pkiMsg + (*idx), length); - *idx += length; + XMEMCPY(tmpIv, pkiMsg + (*idx), (word32)length); + *idx += (word32)length; /* get EncryptedKey */ if (GetASNTag(pkiMsg, idx, &tag, pkiMsgSz) < 0) { @@ -11065,7 +11153,8 @@ static int wc_PKCS7_DecryptPwri(PKCS7* pkcs7, byte* in, word32 inSz, } /* generate KEK */ - kek = (byte*)XMALLOC(kekKeySz, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + kek = (byte*)XMALLOC((word32)kekKeySz, pkcs7->heap, + DYNAMIC_TYPE_PKCS7); if (kek == NULL) { XFREE(salt, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(cek, pkcs7->heap, DYNAMIC_TYPE_PKCS7); @@ -11073,8 +11162,8 @@ static int wc_PKCS7_DecryptPwri(PKCS7* pkcs7, byte* in, word32 inSz, } ret = wc_PKCS7_GenerateKEK_PWRI(pkcs7, pkcs7->pass, pkcs7->passSz, - salt, (word32)saltSz, kdfAlgoId, hashOID, - iterations, kek, (word32)kekKeySz); + salt, (word32)saltSz, (int)kdfAlgoId, hashOID, + iterations, kek, (word32)kekKeySz); if (ret < 0) { XFREE(salt, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(kek, pkcs7->heap, DYNAMIC_TYPE_PKCS7); @@ -11084,8 +11173,8 @@ static int wc_PKCS7_DecryptPwri(PKCS7* pkcs7, byte* in, word32 inSz, /* decrypt CEK with KEK */ ret = wc_PKCS7_PwriKek_KeyUnWrap(pkcs7, kek, (word32)kekKeySz, - pkiMsg + (*idx), (word32)length, cek, - cekSz, tmpIv, (word32)blockSz, + pkiMsg + (*idx), (word32)length, + cek, cekSz, tmpIv, (word32)blockSz, (int)pwriEncAlgoId); if (ret < 0) { XFREE(salt, pkcs7->heap, DYNAMIC_TYPE_PKCS7); @@ -11112,7 +11201,7 @@ static int wc_PKCS7_DecryptPwri(PKCS7* pkcs7, byte* in, word32 inSz, /* mark recipFound, since we only support one RecipientInfo for now */ *recipFound = 1; - *idx += length; + *idx += (word32)length; #ifndef NO_PKCS7_STREAM if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &tmpIdx, idx)) != 0) { break; @@ -11190,7 +11279,7 @@ static int wc_PKCS7_DecryptKekri(PKCS7* pkcs7, byte* in, word32 inSz, &dateLen) != 0) { return ASN_PARSE_E; } - *idx += (dateLen + 1); + *idx += (word32)(dateLen + 1); } if (*idx > pkiMsgSz) { @@ -11206,7 +11295,7 @@ static int wc_PKCS7_DecryptKekri(PKCS7* pkcs7, byte* in, word32 inSz, return ASN_PARSE_E; /* skip it */ - *idx += length; + *idx += (word32)length; } if (*idx > pkiMsgSz) { @@ -11252,7 +11341,7 @@ static int wc_PKCS7_DecryptKekri(PKCS7* pkcs7, byte* in, word32 inSz, /* mark recipFound, since we only support one RecipientInfo for now */ *recipFound = 1; - *idx += length; + *idx += (word32)length; #ifndef NO_PKCS7_STREAM if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &tmpIdx, idx)) != 0) { @@ -12299,8 +12388,8 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in, ret = 0; #endif - XMEMCPY(tmpIv, &pkiMsg[idx], length); - idx += length; + XMEMCPY(tmpIv, &pkiMsg[idx], (word32)length); + idx += (word32)length; explicitOctet = 0; localIdx = idx; @@ -12360,7 +12449,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in, * consecutive OCTET STRINGs, if so loop through * collecting and caching encrypted content bytes */ localIdx = idx; - while (idx < (localIdx + encryptedContentTotalSz)) { + while (idx < (localIdx + (word32)encryptedContentTotalSz)) { if (GetASNTag(pkiMsg, &idx, &tag, pkiMsgSz) < 0) { ret = ASN_PARSE_E; @@ -12385,7 +12474,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in, } /* advance idx past encrypted content */ - idx += encryptedContentSz; + idx += (word32)encryptedContentSz; } if (ret != 0) { @@ -12399,7 +12488,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in, if (ret != 0) { break; } - idx += encryptedContentTotalSz; + idx += (word32)encryptedContentTotalSz; } /* use cached content */ @@ -12423,7 +12512,8 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* in, ret = BUFFER_E; break; } - XMEMCPY(output, encryptedContent, encryptedContentSz - padLen); + XMEMCPY(output, encryptedContent, + (word32)encryptedContentSz - padLen); /* free memory, zero out keys */ ForceZero(decryptedKey, MAX_ENCRYPTED_KEY_SZ); @@ -12731,17 +12821,18 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output, contentTypeAttrib.valueSz = pkcs7->contentTypeSz; } - authAttribsSz += EncodeAttributes(authAttribs, 1, - &contentTypeAttrib, 1); + authAttribsSz += (word32)EncodeAttributes(authAttribs, 1, + &contentTypeAttrib, 1); authAttribsCount += 1; } /* authAttribs: add in user authenticated attributes */ if (pkcs7->authAttribs != NULL && pkcs7->authAttribsSz > 0) { - authAttribsSz += EncodeAttributes(authAttribs + authAttribsCount, - MAX_AUTH_ATTRIBS_SZ - authAttribsCount, + authAttribsSz += (word32)EncodeAttributes( + authAttribs + authAttribsCount, + (int)(MAX_AUTH_ATTRIBS_SZ - authAttribsCount), pkcs7->authAttribs, - pkcs7->authAttribsSz); + (int)pkcs7->authAttribsSz); authAttribsCount += pkcs7->authAttribsSz; } @@ -12789,20 +12880,19 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output, /* build up unauthenticated attributes (unauthAttrs) */ if (pkcs7->unauthAttribsSz > 0) { - unauthAttribsSz = EncodeAttributes(unauthAttribs + unauthAttribsCount, - MAX_UNAUTH_ATTRIBS_SZ - unauthAttribsCount, - pkcs7->unauthAttribs, - pkcs7->unauthAttribsSz); + unauthAttribsSz = (word32)EncodeAttributes( + unauthAttribs + unauthAttribsCount, + (int)(MAX_UNAUTH_ATTRIBS_SZ - unauthAttribsCount), + pkcs7->unauthAttribs, + (int)pkcs7->unauthAttribsSz); unauthAttribsCount = pkcs7->unauthAttribsSz; flatUnauthAttribs = (byte*)XMALLOC(unauthAttribsSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7); if (flatUnauthAttribs == NULL) { wc_PKCS7_FreeEncodedRecipientSet(pkcs7); - if (aadBuffer) - XFREE(aadBuffer, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (flatAuthAttribs) - XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + XFREE(aadBuffer, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return MEMORY_E; } @@ -12823,56 +12913,48 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output, /* Copy content to plain buffer (zero-padded) to encrypt in full, * contiguous blocks */ - plain = (byte*)XMALLOC(encryptedAllocSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + plain = (byte*)XMALLOC((word32)encryptedAllocSz, pkcs7->heap, + DYNAMIC_TYPE_PKCS7); if (plain == NULL) { wc_PKCS7_FreeEncodedRecipientSet(pkcs7); - if (aadBuffer) - XFREE(aadBuffer, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (flatUnauthAttribs) - XFREE(flatUnauthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - if (flatAuthAttribs) - XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + XFREE(aadBuffer, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(flatUnauthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return MEMORY_E; } XMEMCPY(plain, pkcs7->content, pkcs7->contentSz); if ((encryptedAllocSz - encryptedOutSz) > 0) { - XMEMSET(plain + encryptedOutSz, 0, encryptedAllocSz - encryptedOutSz); + XMEMSET(plain + encryptedOutSz, 0, + (word32)(encryptedAllocSz - encryptedOutSz)); } - encryptedContent = (byte*)XMALLOC(encryptedAllocSz, pkcs7->heap, + encryptedContent = (byte*)XMALLOC((word32)encryptedAllocSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7); if (encryptedContent == NULL) { XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7); wc_PKCS7_FreeEncodedRecipientSet(pkcs7); - if (aadBuffer) - XFREE(aadBuffer, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (flatUnauthAttribs) - XFREE(flatUnauthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - if (flatAuthAttribs) - XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + XFREE(aadBuffer, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(flatUnauthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return MEMORY_E; } /* encrypt content */ ret = wc_PKCS7_EncryptContent(pkcs7, pkcs7->encryptOID, pkcs7->cek, - pkcs7->cekSz, nonce, nonceSz, aadBuffer, aadBufferSz, authTag, - sizeof(authTag), plain, encryptedOutSz, encryptedContent); + (int)pkcs7->cekSz, nonce, (int)nonceSz, aadBuffer, aadBufferSz, + authTag, sizeof(authTag), plain, encryptedOutSz, encryptedContent); XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7); plain = NULL; - if (aadBuffer) { - XFREE(aadBuffer, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); - aadBuffer = NULL; - } + XFREE(aadBuffer, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); + aadBuffer = NULL; if (ret != 0) { wc_PKCS7_FreeEncodedRecipientSet(pkcs7); - if (flatUnauthAttribs) - XFREE(flatUnauthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - if (flatAuthAttribs) - XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + XFREE(flatUnauthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return ret; } @@ -12882,10 +12964,8 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output, sizeof(contentType)); if (ret < 0) { wc_PKCS7_FreeEncodedRecipientSet(pkcs7); - if (flatUnauthAttribs) - XFREE(flatUnauthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - if (flatAuthAttribs) - XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + XFREE(flatUnauthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return ret; } @@ -12899,41 +12979,41 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output, macIntSz = (word32)SetMyVersion(sizeof(authTag), macInt, 0); /* add nonce and icv len into parameters string RFC5084 */ - algoParamSeqSz = SetSequence(nonceOctetStringSz + nonceSz + macIntSz, - algoParamSeq); + algoParamSeqSz = SetSequence((word32)nonceOctetStringSz + nonceSz + + macIntSz, algoParamSeq); /* build up our ContentEncryptionAlgorithmIdentifier sequence, * adding (nonceOctetStringSz + blockSz + macIntSz) for nonce OCTET STRING * and tag size */ contentEncAlgoSz = (int)SetAlgoID(pkcs7->encryptOID, contentEncAlgo, - oidBlkType, nonceOctetStringSz + nonceSz + - macIntSz + algoParamSeqSz); + oidBlkType, nonceOctetStringSz + (int)nonceSz + + (int)macIntSz + (int)algoParamSeqSz); if (contentEncAlgoSz == 0) { wc_PKCS7_FreeEncodedRecipientSet(pkcs7); - if (flatUnauthAttribs) - XFREE(flatUnauthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - if (flatAuthAttribs) - XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + XFREE(flatUnauthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return BAD_FUNC_ARG; } encContentOctetSz = (int)SetImplicit(ASN_OCTET_STRING, 0, (word32)encryptedOutSz, encContentOctet, 0); - encContentSeqSz = (int)SetSequence(contentTypeSz + contentEncAlgoSz + - nonceOctetStringSz + nonceSz + macIntSz + - algoParamSeqSz + encContentOctetSz + - encryptedOutSz, encContentSeq); + encContentSeqSz = (int)SetSequence((word32)contentTypeSz + + (word32)contentEncAlgoSz + + (word32)nonceOctetStringSz + nonceSz + macIntSz + + algoParamSeqSz + (word32)encContentOctetSz + + (word32)encryptedOutSz, encContentSeq); macOctetStringSz = (int)SetOctetString(sizeof(authTag), macOctetString); /* keep track of sizes for outer wrapper layering */ - totalSz = verSz + recipSetSz + recipSz + encContentSeqSz + contentTypeSz + - contentEncAlgoSz + nonceOctetStringSz + nonceSz + macIntSz + - algoParamSeqSz + encContentOctetSz + encryptedOutSz + - authAttribsSz + authAttribsSetSz + macOctetStringSz + - sizeof(authTag) + unauthAttribsSz + unauthAttribsSetSz; + totalSz = verSz + recipSetSz + recipSz + encContentSeqSz + + contentTypeSz + contentEncAlgoSz + nonceOctetStringSz + + (int)nonceSz + (int)macIntSz + (int)algoParamSeqSz + + encContentOctetSz + encryptedOutSz + (int)authAttribsSz + + (int)authAttribsSetSz + macOctetStringSz + (int)sizeof(authTag) + + (int)unauthAttribsSz + (int)unauthAttribsSetSz; /* EnvelopedData */ envDataSeqSz = (int)SetSequence((word32)totalSz, envDataSeq); @@ -12951,80 +13031,76 @@ int wc_PKCS7_EncodeAuthEnvelopedData(PKCS7* pkcs7, byte* output, if (totalSz > (int)outputSz) { WOLFSSL_MSG("Pkcs7_encrypt output buffer too small"); wc_PKCS7_FreeEncodedRecipientSet(pkcs7); - if (flatUnauthAttribs) - XFREE(flatUnauthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - if (flatAuthAttribs) - XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + XFREE(flatUnauthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return BUFFER_E; } - XMEMCPY(output + idx, contentInfoSeq, contentInfoSeqSz); + XMEMCPY(output + idx, contentInfoSeq, (word32)contentInfoSeqSz); idx += contentInfoSeqSz; - XMEMCPY(output + idx, outerContentType, outerContentTypeSz); + XMEMCPY(output + idx, outerContentType, (word32)outerContentTypeSz); idx += outerContentTypeSz; - XMEMCPY(output + idx, outerContent, outerContentSz); + XMEMCPY(output + idx, outerContent, (word32)outerContentSz); idx += outerContentSz; - XMEMCPY(output + idx, envDataSeq, envDataSeqSz); + XMEMCPY(output + idx, envDataSeq, (word32)envDataSeqSz); idx += envDataSeqSz; - XMEMCPY(output + idx, ver, verSz); + XMEMCPY(output + idx, ver, (word32)verSz); idx += verSz; - XMEMCPY(output + idx, recipSet, recipSetSz); + XMEMCPY(output + idx, recipSet, (word32)recipSetSz); idx += recipSetSz; /* copy in recipients from list */ tmpRecip = pkcs7->recipList; while (tmpRecip != NULL) { XMEMCPY(output + idx, tmpRecip->recip, tmpRecip->recipSz); - idx += tmpRecip->recipSz; + idx += (int)tmpRecip->recipSz; tmpRecip = tmpRecip->next; } wc_PKCS7_FreeEncodedRecipientSet(pkcs7); - XMEMCPY(output + idx, encContentSeq, encContentSeqSz); + XMEMCPY(output + idx, encContentSeq, (word32)encContentSeqSz); idx += encContentSeqSz; - XMEMCPY(output + idx, contentType, contentTypeSz); + XMEMCPY(output + idx, contentType, (word32)contentTypeSz); idx += contentTypeSz; - XMEMCPY(output + idx, contentEncAlgo, contentEncAlgoSz); + XMEMCPY(output + idx, contentEncAlgo, (word32)contentEncAlgoSz); idx += contentEncAlgoSz; XMEMCPY(output + idx, algoParamSeq, algoParamSeqSz); - idx += algoParamSeqSz; - XMEMCPY(output + idx, nonceOctetString, nonceOctetStringSz); + idx += (int)algoParamSeqSz; + XMEMCPY(output + idx, nonceOctetString, (word32)nonceOctetStringSz); idx += nonceOctetStringSz; XMEMCPY(output + idx, nonce, nonceSz); - idx += nonceSz; + idx += (int)nonceSz; XMEMCPY(output + idx, macInt, macIntSz); - idx += macIntSz; + idx += (int)macIntSz; - XMEMCPY(output + idx, encContentOctet, encContentOctetSz); + XMEMCPY(output + idx, encContentOctet, (word32)encContentOctetSz); idx += encContentOctetSz; - XMEMCPY(output + idx, encryptedContent, encryptedOutSz); + XMEMCPY(output + idx, encryptedContent, (word32)encryptedOutSz); idx += encryptedOutSz; /* authenticated attributes */ if (flatAuthAttribs && authAttribsSz > 0) { XMEMCPY(output + idx, authAttribSet, authAttribsSetSz); - idx += authAttribsSetSz; + idx += (int)authAttribsSetSz; XMEMCPY(output + idx, flatAuthAttribs, authAttribsSz); - idx += authAttribsSz; + idx += (int)authAttribsSz; XFREE(flatAuthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); } - XMEMCPY(output + idx, macOctetString, macOctetStringSz); + XMEMCPY(output + idx, macOctetString, (word32)macOctetStringSz); idx += macOctetStringSz; XMEMCPY(output + idx, authTag, sizeof(authTag)); - idx += sizeof(authTag); + idx += (int)sizeof(authTag); /* unauthenticated attributes */ if (unauthAttribsSz > 0) { XMEMCPY(output + idx, unauthAttribSet, unauthAttribsSetSz); - idx += unauthAttribsSetSz; + idx += (int)unauthAttribsSetSz; XMEMCPY(output + idx, flatUnauthAttribs, unauthAttribsSz); - idx += unauthAttribsSz; + idx += (int)unauthAttribsSz; } - if (flatUnauthAttribs != NULL) { - XFREE(flatUnauthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - } + XFREE(flatUnauthAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); @@ -13268,8 +13344,8 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in, } if (ret == 0) { - XMEMCPY(nonce, &pkiMsg[idx], nonceSz); - idx += nonceSz; + XMEMCPY(nonce, &pkiMsg[idx], (word32)nonceSz); + idx += (word32)nonceSz; } /* get mac size, also stored in OPTIONAL parameter of AlgoID */ @@ -13324,14 +13400,14 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in, /* store nonce for later */ if (nonceSz > 0) { pkcs7->stream->nonceSz = (word32)nonceSz; - pkcs7->stream->nonce = (byte*)XMALLOC(nonceSz, pkcs7->heap, - DYNAMIC_TYPE_PKCS7); + pkcs7->stream->nonce = (byte*)XMALLOC((word32)nonceSz, + pkcs7->heap, DYNAMIC_TYPE_PKCS7); if (pkcs7->stream->nonce == NULL) { ret = MEMORY_E; break; } else { - XMEMCPY(pkcs7->stream->nonce, nonce, nonceSz); + XMEMCPY(pkcs7->stream->nonce, nonce, (word32)nonceSz); } } @@ -13380,15 +13456,16 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in, encryptedContentSz + expBlockSz - (encryptedContentSz % expBlockSz) : encryptedContentSz; - encryptedContent = (byte*)XMALLOC(encryptedAllocSz, pkcs7->heap, - DYNAMIC_TYPE_PKCS7); + encryptedContent = (byte*)XMALLOC((word32)encryptedAllocSz, + pkcs7->heap, DYNAMIC_TYPE_PKCS7); if (ret == 0 && encryptedContent == NULL) { ret = MEMORY_E; } if (ret == 0) { - XMEMCPY(encryptedContent, &pkiMsg[idx], encryptedContentSz); - idx += encryptedContentSz; + XMEMCPY(encryptedContent, &pkiMsg[idx], + (word32)encryptedContentSz); + idx += (word32)encryptedContentSz; } #ifndef NO_PKCS7_STREAM pkcs7->stream->bufferPt = encryptedContent; @@ -13407,7 +13484,7 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in, #ifndef NO_PKCS7_STREAM pkcs7->stream->expected = (word32)length; #endif - encodedAttribSz = length + (idx - encodedAttribIdx); + encodedAttribSz = (word32)length + (idx - encodedAttribIdx); if (ret != 0) break; @@ -13464,12 +13541,12 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in, break; } - idx += length; + idx += (word32)length; #ifndef NO_PKCS7_STREAM if (encodedAttribSz > 0) { - XMEMCPY(pkcs7->stream->aad + (encodedAttribSz - length), - authAttrib, authAttribSz); + XMEMCPY(pkcs7->stream->aad + (encodedAttribSz - (word32)length), + authAttrib, (word32)authAttribSz); } if ((ret = wc_PKCS7_StreamEndCase(pkcs7, &tmpIdx, &idx)) != 0) { break; @@ -13513,8 +13590,8 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in, } if (ret == 0) { - XMEMCPY(authTag, &pkiMsg[idx], authTagSz); - idx += authTagSz; + XMEMCPY(authTag, &pkiMsg[idx], (word32)authTagSz); + idx += (word32)authTagSz; } if (ret == 0 && authAttrib != NULL) { @@ -13539,14 +13616,14 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in, /* store tag for later */ if (authTagSz > 0) { pkcs7->stream->tagSz = (word32)authTagSz; - pkcs7->stream->tag = (byte*)XMALLOC(authTagSz, pkcs7->heap, - DYNAMIC_TYPE_PKCS7); + pkcs7->stream->tag = (byte*)XMALLOC((word32)authTagSz, + pkcs7->heap, DYNAMIC_TYPE_PKCS7); if (pkcs7->stream->tag == NULL) { ret = MEMORY_E; break; } else { - XMEMCPY(pkcs7->stream->tag, authTag, authTagSz); + XMEMCPY(pkcs7->stream->tag, authTag, (word32)authTagSz); } } @@ -13570,7 +13647,7 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in, break; } else { - XMEMCPY(nonce, pkcs7->stream->nonce, nonceSz); + XMEMCPY(nonce, pkcs7->stream->nonce, (word32)nonceSz); } } @@ -13582,7 +13659,7 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in, break; } else { - XMEMCPY(authTag, pkcs7->stream->tag, authTagSz); + XMEMCPY(authTag, pkcs7->stream->tag, (word32)authTagSz); } } @@ -13602,8 +13679,9 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in, /* decrypt encryptedContent */ ret = wc_PKCS7_DecryptContent(pkcs7, (int)encOID, decryptedKey, blockKeySz, nonce, nonceSz, encodedAttribs, encodedAttribSz, - authTag, (word32)authTagSz, encryptedContent, encryptedContentSz, - encryptedContent, pkcs7->devId, pkcs7->heap); + authTag, (word32)authTagSz, encryptedContent, + encryptedContentSz, encryptedContent, pkcs7->devId, + pkcs7->heap); if (ret != 0) { XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return ret; @@ -13615,11 +13693,12 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in, } /* copy plaintext to output */ - XMEMCPY(output, encryptedContent, encryptedContentSz); + XMEMCPY(output, encryptedContent, (word32)encryptedContentSz); /* free memory, zero out keys */ ForceZero(encryptedContent, (word32)encryptedContentSz); XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + encryptedContent = NULL; ForceZero(decryptedKey, MAX_ENCRYPTED_KEY_SZ); #ifdef WOLFSSL_SMALL_STACK XFREE(decryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7); @@ -13646,7 +13725,17 @@ WOLFSSL_API int wc_PKCS7_DecodeAuthEnvelopedData(PKCS7* pkcs7, byte* in, } XFREE(decryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7); } +#else + if (ret < 0) { + if (encryptedContent != NULL) { + ForceZero(encryptedContent, (word32)encryptedContentSz); + XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + encryptedContent = NULL; + } + ForceZero(decryptedKey, MAX_ENCRYPTED_KEY_SZ); + } #endif + #ifndef NO_PKCS7_STREAM if (ret != 0 && ret != WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)) { wc_PKCS7_ResetStream(pkcs7); @@ -13751,21 +13840,21 @@ int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz) if (padSz < 0) return padSz; - encryptedOutSz = pkcs7->contentSz + padSz; + encryptedOutSz = (int)pkcs7->contentSz + padSz; - plain = (byte*)XMALLOC(encryptedOutSz, pkcs7->heap, + plain = (byte*)XMALLOC((word32)encryptedOutSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7); if (plain == NULL) return MEMORY_E; ret = wc_PKCS7_PadData(pkcs7->content, pkcs7->contentSz, plain, - (word32)encryptedOutSz, blockSz); + (word32)encryptedOutSz, (word32)blockSz); if (ret < 0) { XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return ret; } - encryptedContent = (byte*)XMALLOC(encryptedOutSz, pkcs7->heap, + encryptedContent = (byte*)XMALLOC((word32)encryptedOutSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7); if (encryptedContent == NULL) { XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7); @@ -13795,8 +13884,8 @@ int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz) } ret = wc_PKCS7_EncryptContent(pkcs7, pkcs7->encryptOID, - pkcs7->encryptionKey, pkcs7->encryptionKeySz, tmpIv, blockSz, NULL, - 0, NULL, 0, plain, encryptedOutSz, encryptedContent); + pkcs7->encryptionKey, (int)pkcs7->encryptionKeySz, tmpIv, blockSz, + NULL, 0, NULL, 0, plain, encryptedOutSz, encryptedContent); if (ret != 0) { XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7); @@ -13806,9 +13895,9 @@ int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz) encContentOctetSz = (int)SetImplicit(ASN_OCTET_STRING, 0, (word32)encryptedOutSz, encContentOctet, 0); - encContentSeqSz = (int)SetSequence(contentTypeSz + contentEncAlgoSz + - ivOctetStringSz + blockSz + - encContentOctetSz + encryptedOutSz, + encContentSeqSz = (int)SetSequence((word32)(contentTypeSz + + contentEncAlgoSz + ivOctetStringSz + blockSz + + encContentOctetSz + encryptedOutSz), encContentSeq); /* optional UnprotectedAttributes */ @@ -13830,11 +13919,13 @@ int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz) } attribsCount = pkcs7->unprotectedAttribsSz; - attribsSz = EncodeAttributes(attribs, pkcs7->unprotectedAttribsSz, + attribsSz = (word32)EncodeAttributes(attribs, + (int)pkcs7->unprotectedAttribsSz, pkcs7->unprotectedAttribs, - pkcs7->unprotectedAttribsSz); + (int)pkcs7->unprotectedAttribsSz); - flatAttribs = (byte*)XMALLOC(attribsSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + flatAttribs = (byte*)XMALLOC(attribsSz, pkcs7->heap, + DYNAMIC_TYPE_PKCS7); if (flatAttribs == NULL) { XFREE(attribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); @@ -13860,7 +13951,7 @@ int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz) /* keep track of sizes for outer wrapper layering */ totalSz = verSz + encContentSeqSz + contentTypeSz + contentEncAlgoSz + ivOctetStringSz + blockSz + encContentOctetSz + encryptedOutSz + - attribsSz + attribsSetSz; + (int)attribsSz + (int)attribsSetSz; /* EncryptedData */ encDataSeqSz = (int)SetSequence((word32)totalSz, encDataSeq); @@ -13881,51 +13972,47 @@ int wc_PKCS7_EncodeEncryptedData(PKCS7* pkcs7, byte* output, word32 outputSz) if (totalSz > (int)outputSz) { WOLFSSL_MSG("PKCS#7 output buffer too small"); - if (attribs != NULL) - XFREE(attribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - if (flatAttribs != NULL) - XFREE(flatAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + XFREE(attribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + XFREE(flatAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7); return BUFFER_E; } - XMEMCPY(output + idx, contentInfoSeq, contentInfoSeqSz); + XMEMCPY(output + idx, contentInfoSeq, (word32)contentInfoSeqSz); idx += contentInfoSeqSz; - XMEMCPY(output + idx, outerContentType, outerContentTypeSz); + XMEMCPY(output + idx, outerContentType, (word32)outerContentTypeSz); idx += outerContentTypeSz; - XMEMCPY(output + idx, outerContent, outerContentSz); + XMEMCPY(output + idx, outerContent, (word32)outerContentSz); idx += outerContentSz; - XMEMCPY(output + idx, encDataSeq, encDataSeqSz); + XMEMCPY(output + idx, encDataSeq, (word32)encDataSeqSz); idx += encDataSeqSz; - XMEMCPY(output + idx, ver, verSz); + XMEMCPY(output + idx, ver, (word32)verSz); idx += verSz; - XMEMCPY(output + idx, encContentSeq, encContentSeqSz); + XMEMCPY(output + idx, encContentSeq, (word32)encContentSeqSz); idx += encContentSeqSz; - XMEMCPY(output + idx, contentType, contentTypeSz); + XMEMCPY(output + idx, contentType, (word32)contentTypeSz); idx += contentTypeSz; - XMEMCPY(output + idx, contentEncAlgo, contentEncAlgoSz); + XMEMCPY(output + idx, contentEncAlgo, (word32)contentEncAlgoSz); idx += contentEncAlgoSz; - XMEMCPY(output + idx, ivOctetString, ivOctetStringSz); + XMEMCPY(output + idx, ivOctetString, (word32)ivOctetStringSz); idx += ivOctetStringSz; - XMEMCPY(output + idx, tmpIv, blockSz); + XMEMCPY(output + idx, tmpIv, (word32)blockSz); idx += blockSz; - XMEMCPY(output + idx, encContentOctet, encContentOctetSz); + XMEMCPY(output + idx, encContentOctet, (word32)encContentOctetSz); idx += encContentOctetSz; - XMEMCPY(output + idx, encryptedContent, encryptedOutSz); + XMEMCPY(output + idx, encryptedContent, (word32)encryptedOutSz); idx += encryptedOutSz; if (pkcs7->unprotectedAttribsSz != 0) { XMEMCPY(output + idx, attribSet, attribsSetSz); - idx += attribsSetSz; + idx += (int)attribsSetSz; XMEMCPY(output + idx, flatAttribs, attribsSz); - idx += attribsSz; + idx += (int)attribsSz; } - if (attribs != NULL) - XFREE(attribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); - if (flatAttribs != NULL) - XFREE(flatAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + XFREE(attribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + XFREE(flatAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7); @@ -14186,8 +14273,8 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* in, word32 inSz, tmpIv = pkcs7->stream->tmpIv; length = (int)pkcs7->stream->expected; #endif - XMEMCPY(tmpIv, &pkiMsg[idx], length); - idx += length; + XMEMCPY(tmpIv, &pkiMsg[idx], (word32)length); + idx += (word32)length; /* read encryptedContent, cont[0] */ if (ret == 0 && GetASNTag(pkiMsg, &idx, &tag, pkiMsgSz) < 0) ret = ASN_PARSE_E; @@ -14207,7 +14294,7 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* in, word32 inSz, break; } - if (pkcs7->stream->totalRd + encryptedContentSz < + if (pkcs7->stream->totalRd + (word32)encryptedContentSz < pkcs7->stream->maxLen) { pkcs7->stream->flagOne = 1; } @@ -14236,21 +14323,23 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* in, word32 inSz, tmpIv = pkcs7->stream->tmpIv; #endif if (ret == 0 && (encryptedContent = (byte*)XMALLOC( - encryptedContentSz, pkcs7->heap, DYNAMIC_TYPE_PKCS7)) == NULL) { + (unsigned int)encryptedContentSz, pkcs7->heap, + DYNAMIC_TYPE_PKCS7)) == NULL) { ret = MEMORY_E; break; } if (ret == 0) { - XMEMCPY(encryptedContent, &pkiMsg[idx], encryptedContentSz); - idx += encryptedContentSz; + XMEMCPY(encryptedContent, &pkiMsg[idx], + (unsigned int)encryptedContentSz); + idx += (word32)encryptedContentSz; /* decrypt encryptedContent */ ret = wc_PKCS7_DecryptContent(pkcs7, (int)encOID, - pkcs7->encryptionKey, pkcs7->encryptionKeySz, tmpIv, - expBlockSz, NULL, 0, NULL, 0, encryptedContent, - encryptedContentSz, encryptedContent, - pkcs7->devId, pkcs7->heap); + pkcs7->encryptionKey, (int)pkcs7->encryptionKeySz, + tmpIv, expBlockSz, NULL, 0, NULL, 0, + encryptedContent, encryptedContentSz, + encryptedContent, pkcs7->devId, pkcs7->heap); if (ret != 0) { XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); } @@ -14267,7 +14356,8 @@ int wc_PKCS7_DecodeEncryptedData(PKCS7* pkcs7, byte* in, word32 inSz, } /* copy plaintext to output */ - XMEMCPY(output, encryptedContent, encryptedContentSz - padLen); + XMEMCPY(output, encryptedContent, + (unsigned int)(encryptedContentSz - padLen)); /* get implicit[1] unprotected attributes, optional */ wc_PKCS7_FreeDecodedAttrib(pkcs7->decodedAttrib, pkcs7->heap); @@ -14370,7 +14460,7 @@ int wc_PKCS7_SetStreamMode(PKCS7* pkcs7, byte flag, return BAD_FUNC_ARG; } #ifdef ASN_BER_TO_DER - pkcs7->encodeStream = flag; + pkcs7->encodeStream = (flag != 0); pkcs7->getContentCb = getContentCb; pkcs7->streamOutCb = streamOutCb; pkcs7->streamCtx = ctx; @@ -14406,7 +14496,7 @@ int wc_PKCS7_SetNoCerts(PKCS7* pkcs7, byte flag) if (pkcs7 == NULL) { return BAD_FUNC_ARG; } - pkcs7->noCerts = flag; + pkcs7->noCerts = (flag != 0); return 0; } diff --git a/src/wolfcrypt/src/poly1305.c b/src/wolfcrypt/src/poly1305.c index cde7547..718289c 100644 --- a/src/wolfcrypt/src/poly1305.c +++ b/src/wolfcrypt/src/poly1305.c @@ -1,6 +1,6 @@ /* poly1305.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -29,6 +29,13 @@ and Daniel J. Bernstein */ +/* + * WOLFSSL_W64_WRAPPER Uses wrappers around word64 types for a system that does + * not have word64 available. As expected it reduces + * performance. Benchmarks collected July 2024 show + * 303.004 MiB/s with and 1874.194 MiB/s without. + */ + #ifdef HAVE_CONFIG_H #include #endif @@ -199,7 +206,7 @@ extern void poly1305_final_avx2(Poly1305* ctx, byte* mac); #endif #elif defined(POLY130564) -#ifndef WOLFSSL_ARMASM +#if !defined(WOLFSSL_ARMASM) && !defined(WOLFSSL_RISCV_ASM) static word64 U8TO64(const byte* p) { return @@ -223,8 +230,9 @@ extern void poly1305_final_avx2(Poly1305* ctx, byte* mac); p[6] = (byte)(v >> 48); p[7] = (byte)(v >> 56); } -#endif/* WOLFSSL_ARMASM */ -#else /* if not 64 bit then use 32 bit */ +#endif/* !WOLFSSL_ARMASM && !WOLFSSL_RISCV_ASM */ +/* if not 64 bit then use 32 bit */ +#elif !defined(WOLFSSL_ARMASM) static word32 U8TO32(const byte *p) { @@ -261,7 +269,7 @@ static WC_INLINE void u32tole64(const word32 inLe32, byte outLe64[8]) } -#if !defined(WOLFSSL_ARMASM) || !defined(__aarch64__) +#if !defined(WOLFSSL_ARMASM) && !defined(WOLFSSL_RISCV_ASM) /* This local function operates on a message with a given number of bytes with a given ctx pointer to a Poly1305 structure. @@ -332,8 +340,22 @@ static int poly1305_blocks(Poly1305* ctx, const unsigned char *m, word32 r0,r1,r2,r3,r4; word32 s1,s2,s3,s4; word32 h0,h1,h2,h3,h4; - word64 d0,d1,d2,d3,d4; word32 c; +#ifdef WOLFSSL_W64_WRAPPER + #ifdef WOLFSSL_SMALL_STACK + w64wrapper* d; + + d = (w64wrapper*)XMALLOC(5 * sizeof(w64wrapper), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (d == NULL) { + return MEMORY_E; + } + #else + w64wrapper d[5]; + #endif +#else + word64 d0,d1,d2,d3,d4; +#endif r0 = ctx->r[0]; @@ -362,6 +384,41 @@ static int poly1305_blocks(Poly1305* ctx, const unsigned char *m, h4 += (U8TO32(m+12) >> 8) | hibit; /* h *= r */ +#ifdef WOLFSSL_W64_WRAPPER + { + w64wrapper tmp; + + d[0] = w64Mul(h0, r0); tmp = w64Mul(h1, s4); + d[0] = w64Add(d[0], tmp, NULL); tmp = w64Mul(h2, s3); + d[0] = w64Add(d[0], tmp, NULL); tmp = w64Mul(h3, s2); + d[0] = w64Add(d[0], tmp, NULL); tmp = w64Mul(h4, s1); + d[0] = w64Add(d[0], tmp, NULL); + + d[1] = w64Mul(h0, r1); tmp = w64Mul(h1, r0); + d[1] = w64Add(d[1], tmp, NULL); tmp = w64Mul(h2, s4); + d[1] = w64Add(d[1], tmp, NULL); tmp = w64Mul(h3, s3); + d[1] = w64Add(d[1], tmp, NULL); tmp = w64Mul(h4, s2); + d[1] = w64Add(d[1], tmp, NULL); + + d[2] = w64Mul(h0, r2); tmp = w64Mul(h1, r1); + d[2] = w64Add(d[2], tmp, NULL); tmp = w64Mul(h2, r0); + d[2] = w64Add(d[2], tmp, NULL); tmp = w64Mul(h3, s4); + d[2] = w64Add(d[2], tmp, NULL); tmp = w64Mul(h4, s3); + d[2] = w64Add(d[2], tmp, NULL); + + d[3] = w64Mul(h0, r3); tmp = w64Mul(h1, r2); + d[3] = w64Add(d[3], tmp, NULL); tmp = w64Mul(h2, r1); + d[3] = w64Add(d[3], tmp, NULL); tmp = w64Mul(h3, r0); + d[3] = w64Add(d[3], tmp, NULL); tmp = w64Mul(h4, s4); + d[3] = w64Add(d[3], tmp, NULL); + + d[4] = w64Mul(h0, r4); tmp = w64Mul(h1, r3); + d[4] = w64Add(d[4], tmp, NULL); tmp = w64Mul(h2, r2); + d[4] = w64Add(d[4], tmp, NULL); tmp = w64Mul(h3, r1); + d[4] = w64Add(d[4], tmp, NULL); tmp = w64Mul(h4, r0); + d[4] = w64Add(d[4], tmp, NULL); + } +#else d0 = ((word64)h0 * r0) + ((word64)h1 * s4) + ((word64)h2 * s3) + ((word64)h3 * s2) + ((word64)h4 * s1); d1 = ((word64)h0 * r1) + ((word64)h1 * r0) + ((word64)h2 * s4) + @@ -372,13 +429,31 @@ static int poly1305_blocks(Poly1305* ctx, const unsigned char *m, ((word64)h3 * r0) + ((word64)h4 * s4); d4 = ((word64)h0 * r4) + ((word64)h1 * r3) + ((word64)h2 * r2) + ((word64)h3 * r1) + ((word64)h4 * r0); +#endif /* (partial) h %= p */ +#ifdef WOLFSSL_W64_WRAPPER + c = w64GetLow32(w64ShiftRight(d[0], 26)); + h0 = w64GetLow32(d[0]) & 0x3ffffff; + d[1] = w64Add32(d[1], c, NULL); + c = w64GetLow32(w64ShiftRight(d[1], 26)); + h1 = w64GetLow32(d[1]) & 0x3ffffff; + d[2] = w64Add32(d[2], c, NULL); + c = w64GetLow32(w64ShiftRight(d[2], 26)); + h2 = w64GetLow32(d[2]) & 0x3ffffff; + d[3] = w64Add32(d[3], c, NULL); + c = w64GetLow32(w64ShiftRight(d[3], 26)); + h3 = w64GetLow32(d[3]) & 0x3ffffff; + d[4] = w64Add32(d[4], c, NULL); + c = w64GetLow32(w64ShiftRight(d[4], 26)); + h4 = w64GetLow32(d[4]) & 0x3ffffff; +#else c = (word32)(d0 >> 26); h0 = (word32)d0 & 0x3ffffff; d1 += c; c = (word32)(d1 >> 26); h1 = (word32)d1 & 0x3ffffff; d2 += c; c = (word32)(d2 >> 26); h2 = (word32)d2 & 0x3ffffff; d3 += c; c = (word32)(d3 >> 26); h3 = (word32)d3 & 0x3ffffff; d4 += c; c = (word32)(d4 >> 26); h4 = (word32)d4 & 0x3ffffff; +#endif h0 += c * 5; c = (h0 >> 26); h0 = h0 & 0x3ffffff; h1 += c; @@ -392,6 +467,10 @@ static int poly1305_blocks(Poly1305* ctx, const unsigned char *m, ctx->h[3] = h3; ctx->h[4] = h4; +#if defined(WOLFSSL_W64_WRAPPER) && defined(WOLFSSL_SMALL_STACK) + XFREE(d, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return 0; #endif /* end of 64 bit cpu blocks or 32 bit cpu */ @@ -413,9 +492,7 @@ static int poly1305_block(Poly1305* ctx, const unsigned char *m) return poly1305_blocks(ctx, m, POLY1305_BLOCK_SIZE); #endif } -#endif /* !defined(WOLFSSL_ARMASM) || !defined(__aarch64__) */ -#if !defined(WOLFSSL_ARMASM) || !defined(__aarch64__) int wc_Poly1305SetKey(Poly1305* ctx, const byte* key, word32 keySz) { #if defined(POLY130564) && !defined(USE_INTEL_POLY1305_SPEEDUP) @@ -517,7 +594,11 @@ int wc_Poly1305Final(Poly1305* ctx, byte* mac) word32 h0,h1,h2,h3,h4,c; word32 g0,g1,g2,g3,g4; +#ifdef WOLFSSL_W64_WRAPPER + w64wrapper f; +#else word64 f; +#endif word32 mask; #endif @@ -656,10 +737,31 @@ int wc_Poly1305Final(Poly1305* ctx, byte* mac) h3 = ((h3 >> 18) | (h4 << 8)) & 0xffffffff; /* mac = (h + pad) % (2^128) */ +#ifdef WOLFSSL_W64_WRAPPER + f = w64From32(0, h0); + f = w64Add32(f, ctx->pad[0], NULL); + h0 = w64GetLow32(f); + + f = w64ShiftRight(f, 32); + f = w64Add32(f, h1, NULL); + f = w64Add32(f, ctx->pad[1], NULL); + h1 = w64GetLow32(f); + + f = w64ShiftRight(f, 32); + f = w64Add32(f, h2, NULL); + f = w64Add32(f, ctx->pad[2], NULL); + h2 = w64GetLow32(f); + + f = w64ShiftRight(f, 32); + f = w64Add32(f, h3, NULL); + f = w64Add32(f, ctx->pad[3], NULL); + h3 = w64GetLow32(f); +#else f = (word64)h0 + ctx->pad[0] ; h0 = (word32)f; f = (word64)h1 + ctx->pad[1] + (f >> 32); h1 = (word32)f; f = (word64)h2 + ctx->pad[2] + (f >> 32); h2 = (word32)f; f = (word64)h3 + ctx->pad[3] + (f >> 32); h3 = (word32)f; +#endif U32TO8(mac + 0, h0); U32TO8(mac + 4, h1); @@ -686,7 +788,7 @@ int wc_Poly1305Final(Poly1305* ctx, byte* mac) return 0; } -#endif /* !defined(WOLFSSL_ARMASM) || !defined(__aarch64__) */ +#endif /* !WOLFSSL_ARMASM && !WOLFSSL_RISCV_ASM */ int wc_Poly1305Update(Poly1305* ctx, const byte* m, word32 bytes) @@ -781,7 +883,7 @@ int wc_Poly1305Update(Poly1305* ctx, const byte* m, word32 bytes) /* process full blocks */ if (bytes >= POLY1305_BLOCK_SIZE) { size_t want = ((size_t)bytes & ~((size_t)POLY1305_BLOCK_SIZE - 1)); -#if !defined(WOLFSSL_ARMASM) || !defined(__aarch64__) +#if !defined(WOLFSSL_ARMASM) && !defined(WOLFSSL_RISCV_ASM) int ret; ret = poly1305_blocks(ctx, m, want); if (ret != 0) diff --git a/src/wolfcrypt/src/port/Espressif/esp32_aes.c b/src/wolfcrypt/src/port/Espressif/esp32_aes.c index e8c917c..f85343e 100644 --- a/src/wolfcrypt/src/port/Espressif/esp32_aes.c +++ b/src/wolfcrypt/src/port/Espressif/esp32_aes.c @@ -637,7 +637,7 @@ int esp_hw_show_aes_metrics(void) #if defined(WOLFSSL_HW_METRICS) ESP_LOGI(TAG, "--------------------------------------------------------"); - ESP_LOGI(TAG, "------------- wolfSSL ESP HW AES Metrics----------------"); + ESP_LOGI(TAG, "------------- wolfSSL ESP HW AES Metrics -------------"); ESP_LOGI(TAG, "--------------------------------------------------------"); ESP_LOGI(TAG, "esp_aes_unsupported_length_usage_ct = %lu", diff --git a/src/wolfcrypt/src/port/Espressif/esp32_mp.c b/src/wolfcrypt/src/port/Espressif/esp32_mp.c index 5c37592..458719d 100644 --- a/src/wolfcrypt/src/port/Espressif/esp32_mp.c +++ b/src/wolfcrypt/src/port/Espressif/esp32_mp.c @@ -35,7 +35,6 @@ * * Also, beware: "we have uint32_t == unsigned long for both Xtensa and RISC-V" * see https://github.com/espressif/esp-idf/issues/9511#issuecomment-1207342464 - * https://docs.espressif.com/projects/esp-idf/en/latest/esp32/migration-guides/release-5.x/5.0/gcc.html */ #ifdef HAVE_CONFIG_H @@ -69,9 +68,70 @@ #include #endif -#define ESP_HW_RSAMAX_BIT 4096 -#define ESP_HW_MULTI_RSAMAX_BITS 2048 #define ESP_HW_RSAMIN_BIT 512 +#define ESP_HW_RSAMAX_BIT 4096 +#if defined(CONFIG_IDF_TARGET_ESP32) + /* See 24.3.2 Large Number Modular Exponentiation: + * esp32_technical_reference_manual_en.pdf + * The RSA Accelerator supports specific operand lengths of N + * {512, 1024, 1536, 2048, 2560, 3072, 3584, 4096} bits + * + * 24.3.4 Large Number Multiplication + * The length of Z is twice that of X and Y . Therefore, the RSA Accelerator + * supports large-number multiplication with only four operand lengths of + * N in {512, 1024, 1536, 2048} */ + #define ESP_HW_MOD_RSAMAX_BITS 4096 + #define ESP_HW_MULTI_RSAMAX_BITS 2048 +#elif defined(CONFIG_IDF_TARGET_ESP32S2) + /* See 18.3.1 Large Number Modular Exponentiation + * esp32-s2_technical_reference_manual_en.pdf + * RSA Accelerator supports operands of length N = (32 * x), + * where x in {1, 2, 3, . . . , 128}. The bit lengths of arguments + * Z, X, Y , M, and r can be arbitrary N, but all numbers in a calculation + * must be of the same length. 32 * 128 = 4096 */ + #define ESP_HW_MOD_RSAMAX_BITS 4096 + #define ESP_HW_MULTI_RSAMAX_BITS 2048 +#elif defined(CONFIG_IDF_TARGET_ESP32S3) + /* See 20.3.1 Large Number Modular Exponentiation + * esp32-s3_technical_reference_manual_en.pdf + * RSA Accelerator supports operands of length N = (32 * x), + * where x in {1, 2, 3, . . . , 128}. The bit lengths of arguments + * Z, X, Y , M, and r can be arbitrary N, but all numbers in a calculation + * must be of the same length. 32 * 128 = 4096 */ + #define ESP_HW_MOD_RSAMAX_BITS 4096 + #define ESP_HW_MULTI_RSAMAX_BITS 2048 +#elif defined(CONFIG_IDF_TARGET_ESP32C3) + /* See 20.3.1 Large Number Modular Exponentiation + * esp32-c3_technical_reference_manual_en.pdf + * RSA Accelerator supports operands of length N = (32 * x), + * where x in {1, 2, 3, . . . , 96}. The bit lengths of arguments + * Z, X, Y , M, and r can be arbitrary N, but all numbers in a calculation + * must be of the same length. 32 * 96 = 3072 */ + #define ESP_HW_MOD_RSAMAX_BITS 3072 + /* The length of result Z is twice that of operand X and operand Y. + * Therefore, the RSA accelerator only supports large-number multiplication + * with operand length N = 32 * x, where x in {1, 2, 3, . . . , 48}. + * 32 * (96/2) = 32 * (48/2) = 1536 */ + #define ESP_HW_MULTI_RSAMAX_BITS 1536 +#elif defined(CONFIG_IDF_TARGET_ESP32C6) + /* See 22.3.1 Large-number Modular Exponentiation + * esp32-c6_technical_reference_manual_en.pdf + * The RSA accelerator supports operands of length N = (32 * x), + * where x in {1, 2, 3, . . . , 96}. The bit lengths of arguments + * Z, X, Y , M, and r can be arbitrary N, but all numbers in a calculation + * must be of the same length. 32 * 96 = 3072 */ + #define ESP_HW_MOD_RSAMAX_BITS 3072 + /* The length of result Z is twice that of operand X and operand Y. + * Therefore, the RSA accelerator only supports large-number multiplication + * with operand length N = 32 * x, where x in {1, 2, 3, . . . , 48}. + * 32 * (96/2) = 32 * (48/2) = 1536 */ + #define ESP_HW_MULTI_RSAMAX_BITS 1536 +#else + /* No HW on ESP8266, but then we'll not even use this lib. + * Other ESP32 devices not implemented: */ + #define ESP_HW_MOD_RSAMAX_BITS 0 + #define ESP_HW_MULTI_RSAMAX_BITS 0 +#endif /* (s+(4-1))/ 4 */ #define BYTE_TO_WORDS(s) (((s+3)>>2)) @@ -81,6 +141,7 @@ #define BITS_IN_ONE_WORD 32 +/* Some minimum operand sizes, fall back to SW if too small: */ #ifndef ESP_RSA_MULM_BITS #define ESP_RSA_MULM_BITS 16 #endif @@ -93,8 +154,18 @@ #define ESP_RSA_EXPT_YBITS 8 #endif +/* RSA math calculation timeout */ +#ifndef ESP_RSA_TIMEOUT_CNT + #define ESP_RSA_TIMEOUT_CNT 0x5000000 +#endif #define ESP_TIMEOUT(cnt) (cnt >= ESP_RSA_TIMEOUT_CNT) +/* Hardware Ready Timeout */ +#ifndef ESP_RSA_WAIT_TIMEOUT_CNT + #define ESP_RSA_WAIT_TIMEOUT_CNT 0x20 +#endif +#define ESP_WAIT_TIMEOUT(cnt) (cnt >= ESP_RSA_WAIT_TIMEOUT_CNT) + #if defined(CONFIG_IDF_TARGET_ESP32C3) #include #include @@ -142,33 +213,42 @@ static portMUX_TYPE wc_rsa_reg_lock = portMUX_INITIALIZER_UNLOCKED; #ifdef WOLFSSL_HW_METRICS static unsigned long esp_mp_max_used = 0; - static unsigned long esp_mp_mulmod_small_x_ct = 0; - static unsigned long esp_mp_mulmod_small_y_ct = 0; - - static unsigned long esp_mp_max_timeout = 0; + static unsigned long esp_mp_max_timeout = 0; /* Calc duration */ + static unsigned long esp_mp_max_wait_timeout; /* HW wait duration */ + /* HW Multiplication Metrics */ #ifndef NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL static unsigned long esp_mp_mul_usage_ct = 0; static unsigned long esp_mp_mul_error_ct = 0; + static unsigned long esp_mp_mul_tiny_ct = 0; + static unsigned long esp_mp_mul_max_exceeded_ct = 0; #endif /* !NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL */ + /* HW Modular Multiplication Metrics */ #ifndef NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD + static unsigned long esp_mp_mulmod_small_x_ct = 0; + static unsigned long esp_mp_mulmod_small_y_ct = 0; + static unsigned long esp_mp_mulmod_max_exceeded_ct = 0; static unsigned long esp_mp_mulmod_usage_ct = 0; static unsigned long esp_mp_mulmod_fallback_ct = 0; static unsigned long esp_mp_mulmod_even_mod_ct = 0; static unsigned long esp_mp_mulmod_error_ct = 0; - #endif /* !NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD */ + #endif + /* HW Modular Exponentiation Metrics */ #ifndef NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD static unsigned long esp_mp_exptmod_usage_ct = 0; static unsigned long esp_mp_exptmod_error_ct = 0; + static unsigned long esp_mp_exptmod_max_exceeded_ct = 0; static unsigned long esp_mp_exptmod_fallback_ct = 0; #endif /* !NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ -#endif +#endif /* WOLFSSL_HW_METRICS */ /* mutex */ #ifdef SINGLE_THREADED - int single_thread_locked = 0; + /* Although freeRTOS is multithreaded, if we know we'll only be in + * a single thread for wolfSSL, we can avoid the complexity of mutexes. */ + static int single_thread_locked = 0; #else static wolfSSL_Mutex mp_mutex; static int espmp_CryptHwMutexInit = 0; @@ -185,7 +265,7 @@ static portMUX_TYPE wc_rsa_reg_lock = portMUX_INITIALIZER_UNLOCKED; * check if the HW is ready before accessing it * * See 24.3.1 Initialization of ESP32 Technical Reference Manual -* https://www.espressif.com/sites/default/files/documentation/esp32_technical_reference_manual_en.pdf +* esp32_technical_reference_manual_en.pdf * * The RSA Accelerator is activated by enabling the corresponding peripheral * clock, and by clearing the DPORT_RSA_PD bit in the DPORT_RSA_PD_CTRL_REG @@ -238,14 +318,23 @@ static int esp_mp_hw_wait_clean(void) /* no HW timeout if we don't know the platform. assumes no HW */ #endif - #if defined(WOLFSSL_HW_METRICS) - { - esp_mp_max_timeout = (timeout > esp_mp_max_timeout) ? timeout : - esp_mp_max_timeout; +#if defined(WOLFSSL_HW_METRICS) + /* The wait timeout is separate from the overall max calc timeout. */ + if (timeout > esp_mp_max_wait_timeout) { + esp_mp_max_wait_timeout = timeout; } - #endif + /* Also see if the overall timeout has been increased. */ + if (timeout > esp_mp_max_timeout) { + esp_mp_max_timeout = timeout; + } +#endif if (ESP_TIMEOUT(timeout)) { + /* This is highly unusual and will likely only occur in multi-threaded + * application. wolfSSL ctx is not thread safe. */ + #ifndef SINGLE_THREADED + ESP_LOGI(TAG, "Consider #define SINGLE_THREADED. See docs"); + #endif ESP_LOGE(TAG, "esp_mp_hw_wait_clean waiting HW ready timed out."); ret = WC_HW_WAIT_E; /* hardware is busy, MP_HW_BUSY; */ } @@ -293,7 +382,7 @@ static int esp_mp_hw_islocked(void) * Returns 0 (ESP_OK) if the HW lock was initialized and mutex lock. * * See Chapter 24: -* https://www.espressif.com/sites/default/files/documentation/esp32_technical_reference_manual_en.pdf +* esp32_technical_reference_manual_en.pdf * * The RSA Accelerator is activated by enabling the corresponding peripheral * clock, and by clearing the DPORT_RSA_PD bit in the DPORT_RSA_PD_CTRL_REG @@ -332,8 +421,7 @@ static int esp_mp_hw_lock(void) if (ret == ESP_OK) { /* lock hardware; there should be exactly one instance * of esp_CryptHwMutexLock(&mp_mutex ...) in code */ - /* TODO - do we really want to wait? - * probably not */ + ret = esp_CryptHwMutexLock(&mp_mutex, ESP_MP_HW_LOCK_MAX_DELAY); if (ret != ESP_OK) { ESP_LOGE(TAG, "mp engine lock failed."); @@ -529,7 +617,9 @@ static int esp_mp_hw_unlock(void) ESP_LOGV(TAG, "exit esp_mp_hw_unlock"); } else { +#ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG ESP_LOGW(TAG, "Warning: esp_mp_hw_unlock called when not locked."); +#endif } return ret; @@ -736,6 +826,12 @@ static int wait_until_done(word32 reg) #endif +#if defined(WOLFSSL_HW_METRICS) + if (timeout > esp_mp_max_timeout) { + esp_mp_max_timeout = timeout; + } +#endif + if (ESP_TIMEOUT(timeout)) { ESP_LOGE(TAG, "rsa operation timed out."); ret = WC_HW_E; /* MP_HW_ERROR; */ @@ -1084,12 +1180,17 @@ int esp_mp_montgomery_init(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, mph->hwWords_sz = words2hwords(mph->maxWords_sz); if ((mph->hwWords_sz << 5) > ESP_HW_RSAMAX_BIT) { + #if defined(WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS) || \ + defined(WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS) ESP_LOGW(TAG, "Warning: hwWords_sz = %d (%d bits)" " exceeds HW maximum bits (%d), " " falling back to SW.", mph->hwWords_sz, mph->hwWords_sz << 5, ESP_HW_RSAMAX_BIT); + #endif + /* The fallback error code is expected to be handled by + * caller to perform software instead. */ ret = MP_HW_FALLBACK; } /* hwWords_sz check */ } /* X and Y size ok */ @@ -1285,17 +1386,34 @@ int esp_mp_mul(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* Z) Zs = Xs + Ys; /* RSA Accelerator only supports Large Number Multiplication - * with operand length N = 32 * x, - * where x in {1, 2, 3, . . . , 64} */ - if (Xs > 64 || Ys > 64) { - return MP_HW_FALLBACK; /* TODO add count metric on size fallback */ + * with certain operand lengths N = (32 * x); See above. */ + if (Xs > ESP_HW_MULTI_RSAMAX_BITS) { +#if defined(WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS) + ESP_LOGW(TAG, "mp-mul X %d bits exceeds max bit length (%d)", + Xs, ESP_HW_MULTI_RSAMAX_BITS); +#endif + esp_mp_mul_max_exceeded_ct++; + return MP_HW_FALLBACK; + } + if (Ys > ESP_HW_MULTI_RSAMAX_BITS) { +#if defined(WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS) + ESP_LOGW(TAG, "mp-mul Y %d bits exceeds max bit length (%d)", + Ys, ESP_HW_MULTI_RSAMAX_BITS); +#endif + esp_mp_mul_max_exceeded_ct++; + return MP_HW_FALLBACK; } - if (Zs <= sizeof(mp_digit)*8) { + /* sizeof(mp_digit) is typically 4 bytes. + * If the total Zs fits into a 4 * 8 = 32 bit word, just do regular math: */ + if (Zs <= sizeof(mp_digit) * 8) { Z->dp[0] = X->dp[0] * Y->dp[0]; Z->used = 1; #if defined(WOLFSSL_SP_INT_NEGATIVE) || defined(USE_FAST_MATH) Z->sign = res_sign; /* See above mp_isneg() for negative detection */ +#endif +#if defined(WOLFSSL_HW_METRICS) + esp_mp_mul_tiny_ct++; #endif return MP_OKAY; } @@ -1306,13 +1424,21 @@ int esp_mp_mul(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* Z) hwWords_sz = words2hwords(maxWords_sz); resultWords_sz = bits2words(Xs + Ys); - /* sanity check */ + + /* Final parameter sanity check */ if ( (hwWords_sz << 5) > ESP_HW_MULTI_RSAMAX_BITS) { - ESP_LOGW(TAG, "exceeds max bit length(2048) (a)"); - ret = MP_HW_FALLBACK; /* Error: value is not able to be used. */ + #if defined(WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS) + ESP_LOGW(TAG, "mp-mul exceeds max bit length (%d)", + ESP_HW_MULTI_RSAMAX_BITS); + #endif + #if defined(WOLFSSL_HW_METRICS) + esp_mp_mul_max_exceeded_ct++; + #endif + return MP_HW_FALLBACK; /* Fallback to use SW */ } } + /* If no initial exit, proceed to hardware multiplication calculations: */ #if defined(CONFIG_IDF_TARGET_ESP32) /* assumed to be regular ESP32 Xtensa here */ @@ -1440,11 +1566,17 @@ int esp_mp_mul(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* Z) /* Make sure we are within capabilities of hardware. */ if ((hwWords_sz * BITS_IN_ONE_WORD) > ESP_HW_MULTI_RSAMAX_BITS) { - ESP_LOGW(TAG, "exceeds max bit length(%d)", ESP_HW_MULTI_RSAMAX_BITS); +#ifdef WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS + ESP_LOGW(TAG, "exceeds max bit length(%d)", + ESP_HW_MULTI_RSAMAX_BITS); +#endif ret = MP_HW_FALLBACK; /* let SW figure out how to deal with it */ } if ((hwWords_sz * BITS_IN_ONE_WORD * 2) > ESP_HW_RSAMAX_BIT) { - ESP_LOGW(TAG, "result exceeds max bit length(%d)", ESP_HW_RSAMAX_BIT ); +#ifdef WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS + ESP_LOGW(TAG, "result exceeds max bit length(%d) * 2", + ESP_HW_RSAMAX_BIT ); +#endif ret = MP_HW_FALLBACK; /* let SW figure out how to deal with it */ } @@ -1517,21 +1649,30 @@ int esp_mp_mul(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* Z) #elif defined(CONFIG_IDF_TARGET_ESP32C6) /* Unlike the ESP32 that is limited to only four operand lengths, * the ESP32-C6 The RSA Accelerator supports large-number modular - * multiplication with operands of 128 different lengths. + * multiplication with operands of 96 different lengths. (1 .. 96 words) * * X & Y must be represented by the same number of bits. Must be - * enough to represent the larger one. */ + * enough to represent the larger one. + * + * Multiplication is limited to 48 different lengths (1 .. 48 words) */ /* Figure out how many words we need to * represent each operand & the result. */ /* Make sure we are within capabilities of hardware. */ + if ((hwWords_sz * BITS_IN_ONE_WORD) > ESP_HW_MULTI_RSAMAX_BITS) { - ESP_LOGW(TAG, "exceeds max bit length(%d)", ESP_HW_MULTI_RSAMAX_BITS); +#ifdef WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS + ESP_LOGW(TAG, "RSA mul result hwWords_sz %d exceeds max bit length %d", + hwWords_sz, ESP_HW_MULTI_RSAMAX_BITS); +#endif ret = MP_HW_FALLBACK; /* let SW figure out how to deal with it */ } if ((hwWords_sz * BITS_IN_ONE_WORD * 2) > ESP_HW_RSAMAX_BIT) { - ESP_LOGW(TAG, "result exceeds max bit length(%d)", ESP_HW_RSAMAX_BIT ); +#ifdef WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS + ESP_LOGW(TAG, "RSA max result hwWords_sz %d exceeds max bit length %d", + hwWords_sz, ESP_HW_RSAMAX_BIT ); +#endif ret = MP_HW_FALLBACK; /* let SW figure out how to deal with it */ } @@ -1627,11 +1768,15 @@ int esp_mp_mul(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* Z) /* Make sure we are within capabilities of hardware. */ if ((hwWords_sz * BITS_IN_ONE_WORD) > ESP_HW_MULTI_RSAMAX_BITS) { +#ifdef WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS ESP_LOGW(TAG, "exceeds max bit length(%d)", ESP_HW_MULTI_RSAMAX_BITS); +#endif ret = MP_HW_FALLBACK; /* let SW figure out how to deal with it */ } if ((hwWords_sz * BITS_IN_ONE_WORD * 2) > ESP_HW_RSAMAX_BIT) { +#ifdef WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS ESP_LOGW(TAG, "result exceeds max bit length(%d)", ESP_HW_RSAMAX_BIT ); +#endif ret = MP_HW_FALLBACK; /* let SW figure out how to deal with it */ } @@ -1934,10 +2079,9 @@ int esp_mp_mulmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z) } #endif ret = MP_HW_FALLBACK; - /* TODO add debug metrics */ #ifdef WOLFSSL_DEBUG_ESP_RSA_MULM_BITS { - ESP_LOGV(TAG, "esp_mp_mulmod falling back for ESP_RSA_MULM_BITS!"); + ESP_LOGW(TAG, "esp_mp_mulmod falling back for ESP_RSA_MULM_BITS!"); } #endif } @@ -2101,9 +2245,11 @@ int esp_mp_mulmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z) /* 3. Write (N_result_bits/32 - 1) to the RSA_MODE_REG. */ OperandBits = max(max(mph->Xs, mph->Ys), mph->Ms); - if (OperandBits > ESP_HW_MULTI_RSAMAX_BITS) { + if (OperandBits > ESP_HW_MOD_RSAMAX_BITS) { + #ifdef WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS ESP_LOGW(TAG, "result exceeds max bit length"); - return MP_VAL; /* Error: value is not able to be used. */ + #endif + return MP_HW_FALLBACK; /* Error: value is not able to be used. */ } WordsForOperand = bits2words(OperandBits); /* alt inline calc: @@ -2190,9 +2336,16 @@ int esp_mp_mulmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z) /* 3. Write (N_result_bits/32 - 1) to the RSA_MODE_REG. */ OperandBits = max(max(mph->Xs, mph->Ys), mph->Ms); - if (OperandBits > ESP_HW_MULTI_RSAMAX_BITS) { - ESP_LOGW(TAG, "result exceeds max bit length"); - return MP_VAL; /* Error: value is not able to be used. */ + if (OperandBits > ESP_HW_MOD_RSAMAX_BITS) { + #ifdef WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS + ESP_LOGW(TAG, "mulmod OperandBits = %d " + "result exceeds max bit length %d", + OperandBits, ESP_HW_MOD_RSAMAX_BITS); + #endif + if (mulmod_lock_called) { + ret = esp_mp_hw_unlock(); + } + return MP_HW_FALLBACK; /* Error: value is not able to be used. */ } WordsForOperand = bits2words(OperandBits); /* alt inline calc: @@ -2282,9 +2435,12 @@ int esp_mp_mulmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z) /* 3. Write (N_result_bits/32 - 1) to the RSA_MODE_REG. */ OperandBits = max(max(mph->Xs, mph->Ys), mph->Ms); - if (OperandBits > ESP_HW_MULTI_RSAMAX_BITS) { - ESP_LOGW(TAG, "result exceeds max bit length"); - return MP_VAL; /* Error: value is not able to be used. */ + if (OperandBits > ESP_HW_MOD_RSAMAX_BITS) { + #ifdef WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS + ESP_LOGW(TAG, "mp_mulmod OperandBits %d exceeds max bit length %d.", + OperandBits, ESP_HW_MOD_RSAMAX_BITS); + #endif + return MP_HW_FALLBACK; /* Error: value is not able to be used. */ } WordsForOperand = bits2words(OperandBits); /* alt inline calc: @@ -2346,7 +2502,9 @@ int esp_mp_mulmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z) ESP_LOGV(TAG, "Lock not called due to no-lock MP_HW_FALLBACK"); } else { - ESP_LOGW(TAG, "Lock unexpectedly not called"); + #ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG + ESP_LOGW(TAG, "Lock unexpectedly not called for mp_mulmod"); + #endif } } @@ -2505,8 +2663,8 @@ int esp_mp_mulmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z) * * Z = X^Y mod M * - * ESP32, Section 24.3.2 https://www.espressif.com/sites/default/files/documentation/esp32_technical_reference_manual_en.pdf - * ESP32S3, Section 20.3.1, https://www.espressif.com/sites/default/files/documentation/esp32-s3_technical_reference_manual_en.pdf + * ESP32, Section 24.3.2 esp32_technical_reference_manual_en.pdf + * ESP32S3, Section 20.3.1, esp32-s3_technical_reference_manual_en.pdf * * The operation is based on Montgomery multiplication. Aside from the * arguments X, Y , and M, two additional ones are needed -r and M' @@ -2623,6 +2781,7 @@ int esp_mp_exptmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z) #ifdef DEBUG_WOLFSSL esp_mp_exptmod_depth_counter--; #endif + return MP_HW_FALLBACK; /* If we can't lock HW, fall back to SW */ } } /* the only thing we expect is success or busy */ @@ -2700,6 +2859,25 @@ int esp_mp_exptmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z) } #elif defined(CONFIG_IDF_TARGET_ESP32C3) + OperandBits = max(max(mph->Xs, mph->Ys), mph->Ms); + if (OperandBits > ESP_HW_MOD_RSAMAX_BITS) { + #ifdef WOLFSSL_HW_METRICS + ESP_LOGW(TAG, "exptmod operand bits %d exceeds max bit length %d", + OperandBits, ESP_HW_MOD_RSAMAX_BITS); + esp_mp_mulmod_max_exceeded_ct++; + #endif + if (exptmod_lock_called) { + ret = esp_mp_hw_unlock(); + } + ESP_LOGV(TAG, "Return esp_mp_exptmod fallback"); + + /* HW not capable for this size, return error to fall back to SW: */ + return MP_HW_FALLBACK; + } + else { + WordsForOperand = bits2words(OperandBits); + } + /* Steps to perform large number modular exponentiation. * Calculates Z = (X ^ Y) modulo M. * The number of bits in the operands (X, Y) is N. N can be 32x, @@ -2725,17 +2903,6 @@ int esp_mp_exptmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z) ret = esp_mp_hw_wait_clean(); } - if (ret == MP_OKAY) { - OperandBits = max(max(mph->Xs, mph->Ys), mph->Ms); - if (OperandBits > ESP_HW_MULTI_RSAMAX_BITS) { - ESP_LOGW(TAG, "result exceeds max bit length"); - ret = MP_VAL; /* Error: value is not able to be used. */ - } - else { - WordsForOperand = bits2words(OperandBits); - } - } - if (ret == MP_OKAY) { /* 2. Disable completion interrupt signal; we don't use. ** 0 => no interrupt; 1 => interrupt on completion. */ @@ -2786,6 +2953,25 @@ int esp_mp_exptmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z) /* end if CONFIG_IDF_TARGET_ESP32C3 */ #elif defined(CONFIG_IDF_TARGET_ESP32C6) + OperandBits = max(max(mph->Xs, mph->Ys), mph->Ms); + if (OperandBits > ESP_HW_MOD_RSAMAX_BITS) { + #ifdef WOLFSSL_HW_METRICS + ESP_LOGW(TAG, "exptmod operand bits %d exceeds max bit length %d", + OperandBits, ESP_HW_MOD_RSAMAX_BITS); + esp_mp_mulmod_max_exceeded_ct++; + #endif + if (exptmod_lock_called) { + ret = esp_mp_hw_unlock(); + } + ESP_LOGV(TAG, "Return esp_mp_exptmod fallback"); + + /* HW not capable for this size, return error to fall back to SW: */ + return MP_HW_FALLBACK; + } + else { + WordsForOperand = bits2words(OperandBits); + } + /* Steps to perform large number modular exponentiation. * Calculates Z = (X ^ Y) modulo M. * The number of bits in the operands (X, Y) is N. N can be 32x, @@ -2811,17 +2997,6 @@ int esp_mp_exptmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z) ret = esp_mp_hw_wait_clean(); } - if (ret == MP_OKAY) { - OperandBits = max(max(mph->Xs, mph->Ys), mph->Ms); - if (OperandBits > ESP_HW_MULTI_RSAMAX_BITS) { - ESP_LOGW(TAG, "result exceeds max bit length"); - ret = MP_VAL; /* Error: value is not able to be used. */ - } - else { - WordsForOperand = bits2words(OperandBits); - } - } - if (ret == MP_OKAY) { /* 2. Disable completion interrupt signal; we don't use. ** 0 => no interrupt; 1 => interrupt on completion. */ @@ -2864,11 +3039,16 @@ int esp_mp_exptmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z) } /* 8. clear and release HW */ + #ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG + ESP_LOGI(TAG, "Unlock esp_mp_exptmod"); + #endif if (exptmod_lock_called) { ret = esp_mp_hw_unlock(); } else { + #ifdef WOLFSSL_ESP32_HW_LOCK_DEBUG ESP_LOGV(TAG, "Lock not called"); + #endif } /* end if CONFIG_IDF_TARGET_ESP32C6 */ @@ -2900,9 +3080,12 @@ int esp_mp_exptmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z) if (ret == MP_OKAY) { OperandBits = max(max(mph->Xs, mph->Ys), mph->Ms); - if (OperandBits > ESP_HW_MULTI_RSAMAX_BITS) { - ESP_LOGW(TAG, "result exceeds max bit length"); - ret = MP_VAL; /* Error: value is not able to be used. */ + if (OperandBits > ESP_HW_MOD_RSAMAX_BITS) { + #ifdef WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS + ESP_LOGW(TAG, "exptmod operand bits %d exceeds max bit length %d", + OperandBits, ESP_HW_MOD_RSAMAX_BITS); + #endif + ret = MP_HW_FALLBACK; /* Error: value is not able to be used. */ } else { WordsForOperand = bits2words(OperandBits); @@ -2978,6 +3161,7 @@ int esp_mp_exptmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z) #ifdef WOLFSSL_HW_METRICS esp_mp_max_used = (Z->used > esp_mp_max_used) ? Z->used : esp_mp_max_used; #endif + ESP_LOGV(TAG, "Return esp_mp_exptmod %d", ret); return ret; } /* esp_mp_exptmod */ @@ -2988,6 +3172,7 @@ int esp_mp_exptmod(MATH_INT_T* X, MATH_INT_T* Y, MATH_INT_T* M, MATH_INT_T* Z) #endif /* !NO_RSA || HAVE_ECC */ +/* Some optional metrics when using RSA HW Accleration */ #if defined(WOLFSSL_ESP32_CRYPT_RSA_PRI) && defined(WOLFSSL_HW_METRICS) int esp_hw_show_mp_metrics(void) { @@ -3004,6 +3189,10 @@ int esp_hw_show_mp_metrics(void) ESP_LOGI(TAG, "esp_mp_mul HW acceleration enabled."); ESP_LOGI(TAG, "Number of calls to esp_mp_mul: %lu", esp_mp_mul_usage_ct); + ESP_LOGI(TAG, "Number of calls to esp_mp_mul with tiny operands: %lu", + esp_mp_mul_tiny_ct); + ESP_LOGI(TAG, "Number of calls to esp_mp_mul HW operand exceeded: %lu", + esp_mp_mul_max_exceeded_ct); if (esp_mp_mul_error_ct == 0) { ESP_LOGI(TAG, "Success: no esp_mp_mul() errors."); } @@ -3025,6 +3214,8 @@ int esp_hw_show_mp_metrics(void) /* Metrics: esp_mp_mulmod() */ ESP_LOGI(TAG, "Number of calls to esp_mp_mulmod: %lu", esp_mp_mulmod_usage_ct); + ESP_LOGI(TAG, "Number of calls to esp_mp_mulmod HW operand exceeded: %lu", + esp_mp_mulmod_max_exceeded_ct); ESP_LOGI(TAG, "Number of fallback to SW mp_mulmod: %lu", esp_mp_mulmod_fallback_ct); @@ -3065,6 +3256,8 @@ int esp_hw_show_mp_metrics(void) ESP_LOGI(TAG, "Number of calls to esp_mp_exptmod: %lu", esp_mp_exptmod_usage_ct); + ESP_LOGI(TAG, "Number of calls to esp_mp_exptmod HW operand exceeded: %lu", + esp_mp_exptmod_max_exceeded_ct); ESP_LOGI(TAG, "Number of fallback to SW mp_exptmod: %lu", esp_mp_exptmod_fallback_ct); if (esp_mp_exptmod_error_ct == 0) { @@ -3078,7 +3271,10 @@ int esp_hw_show_mp_metrics(void) #endif /* EXPTMOD not disabled !NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD */ ESP_LOGI(TAG, "Max N->used: esp_mp_max_used = %lu", esp_mp_max_used); - ESP_LOGI(TAG, "Max timeout: esp_mp_max_timeout = %lu", esp_mp_max_timeout); + ESP_LOGI(TAG, "Max hw wait timeout: esp_mp_max_wait_timeout = %lu", + esp_mp_max_wait_timeout); + ESP_LOGI(TAG, "Max calc timeout: esp_mp_max_timeout = 0x%08lx", + esp_mp_max_timeout); #else /* no HW math, no HW math metrics */ diff --git a/src/wolfcrypt/src/port/Espressif/esp32_sha.c b/src/wolfcrypt/src/port/Espressif/esp32_sha.c index bef77b0..6fa955a 100644 --- a/src/wolfcrypt/src/port/Espressif/esp32_sha.c +++ b/src/wolfcrypt/src/port/Espressif/esp32_sha.c @@ -20,7 +20,7 @@ */ /* - * ESP32-C3: https://www.espressif.com/sites/default/files/documentation/esp32-c3_technical_reference_manual_en.pdf + * ESP32-C3: esp32-c3_technical_reference_manual_en.pdf * see page 335: no SHA-512 * */ @@ -135,7 +135,11 @@ static const char* TAG = "wolf_hw_sha"; #endif static uintptr_t mutex_ctx_owner = NULLPTR; + +#if (defined(ESP_MONITOR_HW_TASK_LOCK) && !defined(SINGLE_THREADED)) \ + || defined(WOLFSSL_DEBUG_MUTEX) static portMUX_TYPE sha_crit_sect = portMUX_INITIALIZER_UNLOCKED; +#endif #if defined(ESP_MONITOR_HW_TASK_LOCK) #ifdef SINGLE_THREADED @@ -506,7 +510,7 @@ int esp_sha224_ctx_copy(struct wc_Sha256* src, struct wc_Sha256* dst) dst->ctx.initializer = (uintptr_t)&dst->ctx; #if defined(ESP_MONITOR_HW_TASK_LOCK) && !defined(SINGLE_THREADED) { - /* not HW mode for copy, so we are not interested in task owner: */ + /* Not HW mode for copy, so we are not interested in task owner: */ dst->ctx.task_owner = 0; } #endif @@ -985,8 +989,10 @@ int esp_sha_hw_in_use() */ uintptr_t esp_sha_hw_islocked(WC_ESP32SHA* ctx) { - TaskHandle_t mutexHolder; uintptr_t ret = 0; + #ifndef SINGLE_THREADED + TaskHandle_t mutexHolder; + #endif CTX_STACK_CHECK(ctx); #ifdef WOLFSSL_DEBUG_MUTEX @@ -1132,7 +1138,9 @@ uintptr_t esp_sha_release_unfinished_lock(WC_ESP32SHA* ctx) ESP_LOGW(TAG, "esp_sha_release_unfinished_lock mode = %d", ctx->mode); #endif if (ctx->mode == ESP32_SHA_HW) { +#if defined(DEBUG_WOLFSSL_ESP32_UNFINISHED_HW) ESP_LOGW(TAG, "esp_sha_release_unfinished_lock HW!"); +#endif } } return ret; @@ -2376,7 +2384,7 @@ int esp_hw_show_sha_metrics(void) int ret = 0; #if defined(WOLFSSL_ESP32_CRYPT) && !defined(NO_WOLFSSL_ESP32_CRYPT_HASH) ESP_LOGI(TAG, "--------------------------------------------------------"); - ESP_LOGI(TAG, "------------- wolfSSL ESP HW SHA Metrics----------------"); + ESP_LOGI(TAG, "------------- wolfSSL ESP HW SHA Metrics -------------"); ESP_LOGI(TAG, "--------------------------------------------------------"); ESP_LOGI(TAG, "esp_sha_hw_copy_ct = %lu", diff --git a/src/wolfcrypt/src/port/Espressif/esp32_util.c b/src/wolfcrypt/src/port/Espressif/esp32_util.c index 793554a..d5d77ed 100644 --- a/src/wolfcrypt/src/port/Espressif/esp32_util.c +++ b/src/wolfcrypt/src/port/Espressif/esp32_util.c @@ -98,21 +98,44 @@ int esp_CryptHwMutexInit(wolfSSL_Mutex* mutex) { } /* - * call the ESP-IDF mutex lock; xSemaphoreTake + * Call the ESP-IDF mutex lock; xSemaphoreTake * this is a general mutex locker, used for different mutex objects for * different HW acclerators or other single-use HW features. + * + * We should already have known if the resource is in use or not. + * + * Return 0 (ESP_OK) on success, otherwise BAD_MUTEX_E */ int esp_CryptHwMutexLock(wolfSSL_Mutex* mutex, TickType_t block_time) { + int ret; if (mutex == NULL) { WOLFSSL_ERROR_MSG("esp_CryptHwMutexLock called with null mutex"); return BAD_MUTEX_E; } #ifdef SINGLE_THREADED - return wc_LockMutex(mutex); /* xSemaphoreTake take with portMAX_DELAY */ + /* does nothing in single thread mode, always return 0 */ + ret = wc_LockMutex(mutex); #else - return ((xSemaphoreTake(*mutex, block_time) == pdTRUE) ? 0 : BAD_MUTEX_E); + ret = xSemaphoreTake(*mutex, block_time); + ESP_LOGV(TAG, "xSemaphoreTake 0x%x = %d", (intptr_t)*mutex, ret); + if (ret == pdTRUE) { + ret = ESP_OK; + } + else { + if (ret == pdFALSE) { + ESP_LOGW(TAG, "xSemaphoreTake failed for 0x%x. Still busy?", + (intptr_t)*mutex); + ret = ESP_ERR_NOT_FINISHED; + } + else { + ESP_LOGE(TAG, "xSemaphoreTake 0x%x unexpected = %d", + (intptr_t)*mutex, ret); + ret = BAD_MUTEX_E; + } + } #endif + return ret; } /* @@ -120,17 +143,36 @@ int esp_CryptHwMutexLock(wolfSSL_Mutex* mutex, TickType_t block_time) { * */ esp_err_t esp_CryptHwMutexUnLock(wolfSSL_Mutex* mutex) { + int ret = pdTRUE; if (mutex == NULL) { WOLFSSL_ERROR_MSG("esp_CryptHwMutexLock called with null mutex"); return BAD_MUTEX_E; } #ifdef SINGLE_THREADED - return wc_UnLockMutex(mutex); + ret = wc_UnLockMutex(mutex); #else - xSemaphoreGive(*mutex); - return ESP_OK; + ESP_LOGV(TAG, ">> xSemaphoreGive 0x%x", (intptr_t)*mutex); + TaskHandle_t mutexHolder = xSemaphoreGetMutexHolder(*mutex); + + if (mutexHolder == NULL) { + ESP_LOGW(TAG, "esp_CryptHwMutexUnLock with no lock owner 0x%x", + (intptr_t)*mutex); + ret = ESP_OK; + } + else { + ret = xSemaphoreGive(*mutex); + if (ret == pdTRUE) { + ESP_LOGV(TAG, "Success: give mutex 0x%x", (intptr_t)*mutex); + ret = ESP_OK; + } + else { + ESP_LOGV(TAG, "Failed: give mutex 0x%x", (intptr_t)*mutex); + ret = ESP_FAIL; + } + } #endif + return ret; } #endif /* WOLFSSL_ESP32_CRYPT, etc. */ @@ -168,6 +210,7 @@ static int ShowExtendedSystemInfo_platform_espressif(void) WOLFSSL_VERSION_PRINTF("Xthal_have_ccount: %u", Xthal_have_ccount); +#endif /* this is the legacy stack size */ #if defined(CONFIG_MAIN_TASK_STACK_SIZE) @@ -205,24 +248,35 @@ static int ShowExtendedSystemInfo_platform_espressif(void) #endif -#elif CONFIG_IDF_TARGET_ESP32S2 - WOLFSSL_VERSION_PRINTF("Xthal_have_ccount = %u", +/* Platform-specific attributes of interest*/ +#if CONFIG_IDF_TARGET_ESP32 + #if defined(CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ) + WOLFSSL_VERSION_PRINTF("CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ: %u MHz", + CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ); + #endif + WOLFSSL_VERSION_PRINTF("Xthal_have_ccount: %u", Xthal_have_ccount); -#elif CONFIG_IDF_TARGET_ESP32C6 - /* TODO find Xthal for C6 */ + #elif CONFIG_IDF_TARGET_ESP32C2 - /* TODO find Xthal for C6 */ -#elif defined(CONFIG_IDF_TARGET_ESP8684) - /* TODO find Xthal for C6 */ + /* TODO find Xthal for C2 */ #elif CONFIG_IDF_TARGET_ESP32C3 /* not supported at this time */ -#elif CONFIG_IDF_TARGET_ESP32S3 - WOLFSSL_VERSION_PRINTF("Xthal_have_ccount = %u", - Xthal_have_ccount); +#elif CONFIG_IDF_TARGET_ESP32C6 + /* TODO find Xthal for C6 */ #elif CONFIG_IDF_TARGET_ESP32H2 - /* not supported at this time */ -#elif CONFIG_IDF_TARGET_ESP32C2 - /* not supported at this time */ + /* TODO find Xthal for H2 */ +#elif CONFIG_IDF_TARGET_ESP32S2 + ESP_LOGI(TAG, "CONFIG_ESP32S2_DEFAULT_CPU_FREQ_MHZ = %u MHz", + CONFIG_ESP32S2_DEFAULT_CPU_FREQ_MHZ + ); + ESP_LOGI(TAG, "Xthal_have_ccount = %u", Xthal_have_ccount); +#elif CONFIG_IDF_TARGET_ESP32S3 + ESP_LOGI(TAG, "CONFIG_ESP32S3_DEFAULT_CPU_FREQ_MHZ = %u MHz", + CONFIG_ESP32S3_DEFAULT_CPU_FREQ_MHZ + ); + ESP_LOGI(TAG, "Xthal_have_ccount = %u", Xthal_have_ccount); +#elif defined(CONFIG_IDF_TARGET_ESP8684) + /* TODO find Xthal for ESP8684 */ #else /* not supported at this time */ #endif @@ -438,6 +492,7 @@ esp_err_t ShowExtendedSystemInfo_config(void) { esp_ShowMacroStatus_need_header = 1; + show_macro("NO_ESP32_CRYPT", STR_IFNDEF(NO_ESP32_CRYPT)); show_macro("NO_ESPIDF_DEFAULT", STR_IFNDEF(NO_ESPIDF_DEFAULT)); show_macro("HW_MATH_ENABLED", STR_IFNDEF(HW_MATH_ENABLED)); @@ -562,11 +617,11 @@ int ShowExtendedSystemInfo(void) #if defined(WOLFSSL_MULTI_INSTALL_WARNING) /* CMake may have detected undesired multiple installs, so give warning. */ - WOLFSSL_VERSION_PRINTF(""); + WOLFSSL_VERSION_PRINTF(WOLFSSL_ESPIDF_BLANKLINE_MESSAGE); WOLFSSL_VERSION_PRINTF("WARNING: Multiple wolfSSL installs found."); WOLFSSL_VERSION_PRINTF("Check ESP-IDF components and " "local project [components] directory."); - WOLFSSL_VERSION_PRINTF(""); + WOLFSSL_VERSION_PRINTF(WOLFSSL_ESPIDF_BLANKLINE_MESSAGE); #else #ifdef WOLFSSL_USER_SETTINGS_DIR { @@ -737,14 +792,11 @@ esp_err_t esp_EnabledWatchdog(void) ESP_IDF_VERSION_MAJOR); #endif #endif - -#ifdef DEBUG_WOLFSSL - ESP_LOGI(TAG, "Watchdog enabled."); -#endif - return ret; } + + /* Print a MATH_INT_T attribute list. * * Note with the right string parameters, the result can be pasted as @@ -904,4 +956,49 @@ esp_err_t esp_hw_show_metrics(void) return ESP_OK; } +int show_binary(byte* theVar, size_t dataSz) { + printf("*****************************************************\n"); + word32 i; + for (i = 0; i < dataSz; i++) + printf("%02X", theVar[i]); + printf("\n"); + printf("******************************************************\n"); + return 0; +} + +int hexToBinary(byte* toVar, const char* fromHexString, size_t szHexString ) { + int ret = 0; + /* Calculate the actual binary length of the hex string */ + size_t byteLen = szHexString / 2; + + if (toVar == NULL || fromHexString == NULL) { + ESP_LOGE("ssh", " error"); + return -1; + } + if ((szHexString % 2 != 0)) { + ESP_LOGE("ssh", "fromHexString length not even!"); + } + + ESP_LOGW(TAG, "Replacing %d bytes at %x", byteLen, (word32)toVar); + memset(toVar, 0, byteLen); + /* Iterate through the hex string and convert to binary */ + for (size_t i = 0; i < szHexString; i += 2) { + /* Convert hex character to decimal */ + int decimalValue; + sscanf(&fromHexString[i], "%2x", &decimalValue); + size_t index = i / 2; +#if (0) + /* Optionall peek at new values */ + byte new_val = (decimalValue & 0x0F) << ((i % 2) * 4); + ESP_LOGI("hex", "Current char = %d", toVar[index]); + ESP_LOGI("hex", "New val = %d", decimalValue); +#endif + toVar[index] = decimalValue; + } + + return ret; +} + + + #endif /* WOLFSSL_ESPIDF */ diff --git a/src/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c b/src/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c index 8c5cd37..81d88a6 100644 --- a/src/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c +++ b/src/wolfcrypt/src/port/Espressif/esp_sdk_mem_lib.c @@ -25,10 +25,10 @@ /* wolfSSL */ /* Always include wolfcrypt/settings.h before any other wolfSSL file. */ -/* Reminder: settings.h pulls in user_settings.h; don't include it here. */ -#ifdef WOLFSSL_USER_SETTINGS - #include -#endif +/* Be sure to define WOLFSSL_USER_SETTINGS, typically in CMakeLists.txt */ +/* Reminder: settings.h pulls in user_settings.h */ +/* Do not explicitly include user_settings.h here. */ +#include #if defined(WOLFSSL_ESPIDF) /* Entire file is only for Espressif EDP-IDF */ @@ -71,8 +71,6 @@ extern wc_ptr_t _rodata_start[]; extern wc_ptr_t _rodata_end[]; extern wc_ptr_t _bss_start[]; extern wc_ptr_t _bss_end[]; -extern wc_ptr_t _rtc_data_start[]; -extern wc_ptr_t _rtc_data_end[]; extern wc_ptr_t _rtc_bss_start[]; extern wc_ptr_t _rtc_bss_end[]; extern wc_ptr_t _iram_start[]; @@ -83,18 +81,29 @@ extern wc_ptr_t _init_end[]; #endif extern wc_ptr_t _iram_text_start[]; extern wc_ptr_t _iram_text_end[]; -extern wc_ptr_t _iram_bss_start[]; -extern wc_ptr_t _iram_bss_end[]; +#if defined(CONFIG_IDF_TARGET_ESP32S2) + /* TODO: Find ESP32-S2 equivalent */ +#else + extern wc_ptr_t _iram_bss_start[]; + extern wc_ptr_t _iram_bss_end[]; +#endif extern wc_ptr_t _noinit_start[]; extern wc_ptr_t _noinit_end[]; extern wc_ptr_t _text_start[]; extern wc_ptr_t _text_end[]; extern wc_ptr_t _heap_start[]; extern wc_ptr_t _heap_end[]; -extern wc_ptr_t _rtc_data_start[]; -extern wc_ptr_t _rtc_data_end[]; -extern void* _thread_local_start; -extern void* _thread_local_end; +#ifdef CONFIG_IDF_TARGET_ESP32C2 + /* no rtc_data on ESP32-C2*/ +#else + extern wc_ptr_t _rtc_data_start[]; + extern wc_ptr_t _rtc_data_end[]; +#endif + +#if defined(CONFIG_IDF_TARGET_ARCH_XTENSA) && CONFIG_IDF_TARGET_ARCH_XTENSA == 1 + extern void* _thread_local_start; + extern void* _thread_local_end; +#endif /* See https://github.com/esp8266/esp8266-wiki/wiki/Memory-Map */ #define MEM_MAP_IO_START ((void*)(0x3FF00000)) @@ -161,7 +170,7 @@ static const char* sdk_memory_segment_text[SDK_MEMORY_SEGMENT_COUNT + 1] = { int sdk_log_meminfo(enum sdk_memory_segment m, void* start, void* end) { const char* str; - int len = 0; + word32 len = 0; str = sdk_memory_segment_text[m]; sdk_memory_segment_start[m] = start; sdk_memory_segment_end[m] = end; @@ -173,7 +182,7 @@ int sdk_log_meminfo(enum sdk_memory_segment m, void* start, void* end) ESP_LOGI(TAG, " Start End Length"); } else { - len = (uint32_t)end - (uint32_t)start; + len = (word32)end - (word32)start; ESP_LOGI(TAG, "%s: %p ~ %p : 0x%05x (%d)", str, start, end, len, len ); } return ESP_OK; @@ -186,10 +195,16 @@ int sdk_init_meminfo(void) { sdk_log_meminfo(SDK_MEMORY_SEGMENT_COUNT, NULL, NULL); /* print header */ sdk_log_meminfo(mem_map_io, MEM_MAP_IO_START, MEM_MAP_IO_END); +#if defined(CONFIG_IDF_TARGET_ARCH_XTENSA) && CONFIG_IDF_TARGET_ARCH_XTENSA == 1 sdk_log_meminfo(thread_local, _thread_local_start, _thread_local_end); +#endif sdk_log_meminfo(data, _data_start, _data_end); sdk_log_meminfo(user_data_ram, USER_DATA_START, USER_DATA_END); +#if defined(CONFIG_IDF_TARGET_ESP32S2) + /* TODO: Find ESP32-S2 equivalent of bss */ +#else sdk_log_meminfo(bss, _bss_start, _bss_end); +#endif sdk_log_meminfo(noinit, _noinit_start, _noinit_end); sdk_log_meminfo(ets_system, ETS_SYS_START, ETS_SYS_END); sdk_log_meminfo(rodata, _rodata_start, _rodata_end); @@ -198,12 +213,20 @@ int sdk_init_meminfo(void) { sdk_log_meminfo(iramf2, IRAMF2_START, IRAMF2_END); sdk_log_meminfo(iram, _iram_start, _iram_end); sdk_log_meminfo(iram_text, _iram_text_start, _iram_text_end); +#if defined(CONFIG_IDF_TARGET_ESP32S2) + /* No iram_bss on ESP32-C2 at this time. TODO: something equivalent? */ +#else sdk_log_meminfo(iram_bss, _iram_bss_start, _iram_bss_end); +#endif #if defined(CONFIG_IDF_TARGET_ESP8266) sdk_log_meminfo(init, _init_start, _init_end); #endif sdk_log_meminfo(text, _text_start, _text_end); +#if defined(CONFIG_IDF_TARGET_ESP32C2) + /* No rtc_data on ESP32-C2 at this time. TODO: something equivalent? */ +#else sdk_log_meminfo(rtc_data, _rtc_data_start, _rtc_data_end); +#endif ESP_LOGI(TAG, "-----------------------------------------------------"); sample_heap_var = malloc(1); if (sample_heap_var == NULL) { diff --git a/src/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c b/src/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c index 1ef8de4..678de3b 100644 --- a/src/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c +++ b/src/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c @@ -23,14 +23,17 @@ #include #endif -/* Reminder: user_settings.h is needed and included from settings.h - * Be sure to define WOLFSSL_USER_SETTINGS, typically in CMakeLists.txt */ +/* wolfSSL */ +/* Always include wolfcrypt/settings.h before any other wolfSSL file. */ +/* Reminder: settings.h pulls in user_settings.h */ +/* Do not explicitly include user_settings.h here. */ #include -#if defined(WOLFSSL_ESPIDF) /* Entire file is only for Espressif EDP-IDF */ +#if defined(WOLFSSL_ESPIDF) /* Entire file is only for Espressif EDP-IDF. */ +#include "sdkconfig.h" /* programmatically generated from sdkconfig. */ + #if defined(USE_WOLFSSL_ESP_SDK_TIME) /* Espressif */ -#include "sdkconfig.h" /* programmatically generated from sdkconfig */ #include #include @@ -71,10 +74,10 @@ esp_err_t esp_sdk_time_lib_init(void) /* ESP-IDF uses a 64-bit signed integer to represent time_t * starting from release v5.0 - * See: https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#year-2036-and-2038-overflow-issues + * See: Espressif api-reference system_time (year-2036-and-2038-overflow-issues) */ -/* see https://www.gnu.org/software/libc/manual/html_node/TZ-Variable.html */ +/* see gnu TZ-Variable */ #ifndef TIME_ZONE /* * PST represents Pacific Standard Time. @@ -116,6 +119,41 @@ esp_err_t esp_sdk_time_lib_init(void) #define CONFIG_LWIP_SNTP_MAX_SERVERS NTP_SERVER_COUNT #endif +/* When reproducible builds are enabled in ESP-IDF + * (starting from version 4.0 and above), + * the __DATE__ and __TIME__ macros are deliberately disabled. */ +#ifndef __DATE__ + #define YEAR 2024 + #define MONTH 9 + #define DAY 25 +#else + /* e.g. __DATE__ "Sep 25 2024" */ + #define YEAR ( \ + ((__DATE__)[7] - '0') * 1000 + \ + ((__DATE__)[8] - '0') * 100 + \ + ((__DATE__)[9] - '0') * 10 + \ + ((__DATE__)[10] - '0') * 1 \ + ) + + #define MONTH ( \ + __DATE__[2] == 'n' ? (__DATE__[1] == 'a' ? 1 : 6) \ + : __DATE__[2] == 'b' ? 2 \ + : __DATE__[2] == 'r' ? (__DATE__[0] == 'M' ? 3 : 4) \ + : __DATE__[2] == 'y' ? 5 \ + : __DATE__[2] == 'l' ? 7 \ + : __DATE__[2] == 'g' ? 8 \ + : __DATE__[2] == 'p' ? 9 \ + : __DATE__[2] == 't' ? 10 \ + : __DATE__[2] == 'v' ? 11 \ + : 12 \ + ) + + #define DAY ( \ + ((__DATE__)[4] - '0') * 10 + \ + ((__DATE__)[5] - '0') * 1 \ + ) +#endif + /* our NTP server list is global info */ extern char* ntpServerList[NTP_SERVER_COUNT]; @@ -144,12 +182,12 @@ int set_fixed_default_time(void) /* ideally, we'd like to set time from network, * but let's set a default time, just in case */ struct tm timeinfo = { - .tm_year = 2024 - 1900, - .tm_mon = 1, - .tm_mday = 05, + .tm_year = YEAR, + .tm_mon = MONTH, /* Month, where 0 = Jan */ + .tm_mday = DAY, /* Numeric decimal day of the month */ .tm_hour = 13, - .tm_min = 01, - .tm_sec = 05 + .tm_min = 1, + .tm_sec = 5 }; struct timeval now; time_t interim_time; @@ -341,7 +379,7 @@ int set_time(void) if (NTP_SERVER_COUNT) { /* next, let's setup NTP time servers * - * see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#sntp-time-synchronization + * see Espressif api-reference system_time (sntp-time-synchronization) * * WARNING: do not set operating mode while SNTP client is running! */ diff --git a/src/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.c b/src/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.c index 06c9f81..9a200a9 100644 --- a/src/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.c +++ b/src/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.c @@ -23,12 +23,15 @@ #include #endif -/* Reminder: user_settings.h is needed and included from settings.h - * Be sure to define WOLFSSL_USER_SETTINGS, typically in CMakeLists.txt */ +/* wolfSSL */ +/* Always include wolfcrypt/settings.h before any other wolfSSL file. */ +/* Be sure to define WOLFSSL_USER_SETTINGS, typically in CMakeLists.txt */ +/* Reminder: settings.h pulls in user_settings.h */ +/* Do not explicitly include user_settings.h here. */ #include #if defined(WOLFSSL_ESPIDF) /* Entire file is only for Espressif EDP-IDF */ -#if defined(USE_WOLFSSL_ESP_SDK_WIFI) +#if defined(USE_WOLFSSL_ESP_SDK_WIFI) && ESP_IDF_VERSION_MAJOR > 4 /* Espressif */ #include "sdkconfig.h" /* programmatically generated from sdkconfig */ @@ -59,8 +62,8 @@ esp_err_t esp_sdk_wifi_lib_init(void) #if defined(CONFIG_IDF_TARGET_ESP8266) #elif ESP_IDF_VERSION_MAJOR >= 5 && defined(FOUND_PROTOCOL_EXAMPLES_DIR) /* example path set in cmake file */ -#elif ESP_IDF_VERSION_MAJOR >= 4 - #include "protocol_examples_common.h" +#elif ESP_IDF_VERSION_MAJOR > 4 +/* #include "protocol_examples_common.h" */ #else const static int CONNECTED_BIT = BIT0; static EventGroupHandle_t wifi_event_group; @@ -266,7 +269,7 @@ static esp_err_t wifi_event_handler(void *ctx, system_event_t *event) ESP_LOGI(TAG, "got ip:%s", ip4addr_ntoa(&event->event_info.got_ip.ip_info.ip)); #endif - /* see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/freertos_idf.html */ + /* see Espressif api-reference freertos_idf */ xEventGroupSetBits(wifi_event_group, CONNECTED_BIT); break; case SYSTEM_EVENT_STA_DISCONNECTED: diff --git a/src/wolfcrypt/src/port/atmel/atmel.c b/src/wolfcrypt/src/port/atmel/atmel.c index b3c6b79..31ad98f 100644 --- a/src/wolfcrypt/src/port/atmel/atmel.c +++ b/src/wolfcrypt/src/port/atmel/atmel.c @@ -1,6 +1,6 @@ /* atmel.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfcrypt/src/pwdbased.c b/src/wolfcrypt/src/pwdbased.c index 1aef716..fb06dce 100644 --- a/src/wolfcrypt/src/pwdbased.c +++ b/src/wolfcrypt/src/pwdbased.c @@ -1,6 +1,6 @@ /* pwdbased.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -218,7 +218,7 @@ int wc_PBKDF2_ex(byte* output, const byte* passwd, int pLen, const byte* salt, * length", ensure the returned bits for the derived master key are at a * minimum 14-bytes or 112-bits after stretching and strengthening * (iterations) */ - if (kLen < HMAC_FIPS_MIN_KEY/8) + if (kLen < HMAC_FIPS_MIN_KEY) return BAD_LENGTH_E; #endif @@ -588,16 +588,11 @@ int wc_PKCS12_PBKDF_ex(byte* output, const byte* passwd, int passLen, #ifdef WOLFSSL_SMALL_STACK out: - if (Ai != NULL) - XFREE(Ai, heap, DYNAMIC_TYPE_TMP_BUFFER); - if (B != NULL) - XFREE(B, heap, DYNAMIC_TYPE_TMP_BUFFER); - if (B1 != NULL) - XFREE(B1, heap, DYNAMIC_TYPE_TMP_BUFFER); - if (i1 != NULL) - XFREE(i1, heap, DYNAMIC_TYPE_TMP_BUFFER); - if (res != NULL) - XFREE(res, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(Ai, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(B, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(B1, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(i1, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(res, heap, DYNAMIC_TYPE_TMP_BUFFER); #endif if (dynamic) @@ -859,12 +854,9 @@ int wc_scrypt(byte* output, const byte* passwd, int passLen, ret = wc_PBKDF2(output, passwd, passLen, blocks, (int)blocksSz, 1, dkLen, WC_SHA256); end: - if (blocks != NULL) - XFREE(blocks, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (v != NULL) - XFREE(v, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (y != NULL) - XFREE(y, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(blocks, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(v, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(y, NULL, DYNAMIC_TYPE_TMP_BUFFER); return ret; } diff --git a/src/wolfcrypt/src/random.c b/src/wolfcrypt/src/random.c index 89c7411..278e2d7 100644 --- a/src/wolfcrypt/src/random.c +++ b/src/wolfcrypt/src/random.c @@ -1,6 +1,6 @@ /* random.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -110,7 +110,7 @@ This library contains implementation for the random number generator. #include #include #elif defined(WOLFSSL_XILINX_CRYPT_VERSAL) -#include "wolfssl/wolfcrypt/port/xilinx/xil-versal-trng.h" + #include "wolfssl/wolfcrypt/port/xilinx/xil-versal-trng.h" #elif defined(NO_DEV_RANDOM) #elif defined(CUSTOM_RAND_GENERATE) #elif defined(CUSTOM_RAND_GENERATE_BLOCK) @@ -126,6 +126,9 @@ This library contains implementation for the random number generator. #elif defined(WOLFSSL_PB) #elif defined(WOLFSSL_ZEPHYR) #elif defined(WOLFSSL_TELIT_M2MB) +#elif defined(WOLFSSL_RENESAS_TSIP) + /* for wc_tsip_GenerateRandBlock */ + #include "wolfssl/wolfcrypt/port/Renesas/renesas-tsip-crypt.h" #elif defined(WOLFSSL_SCE) && !defined(WOLFSSL_SCE_NO_TRNG) #elif defined(WOLFSSL_IMXRT1170_CAAM) #elif defined(CY_USING_HAL) && defined(COMPONENT_WOLFSSL) @@ -133,6 +136,8 @@ This library contains implementation for the random number generator. #elif defined(WOLFSSL_GETRANDOM) #include #include +#elif defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD) + #include "wolfssl/wolfcrypt/port/maxim/max3266x.h" #else /* include headers that may be needed to get good seed */ #include @@ -591,7 +596,7 @@ static WC_INLINE void array_add(byte* d, word32 dLen, const byte* s, word32 sLen dIdx = (int)dLen - 1; for (sIdx = (int)sLen - 1; sIdx >= 0; sIdx--) { - carry += (word16)(d[dIdx] + s[sIdx]); + carry += (word16)((word16)d[dIdx] + (word16)s[sIdx]); d[dIdx] = (byte)carry; carry >>= 8; dIdx--; @@ -3652,6 +3657,14 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) return 0; } +#elif defined(WOLFSSL_RENESAS_TSIP) + + int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) + { + (void)os; + return wc_tsip_GenerateRandBlock(output, sz); + } + #elif defined(WOLFSSL_SCE) && !defined(WOLFSSL_SCE_NO_TRNG) #include "hal_data.h" @@ -3804,7 +3817,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) return ret; } -#elif defined(DOLPHIN_EMULATOR) +#elif defined(DOLPHIN_EMULATOR) || defined (WOLFSSL_NDS) int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) { @@ -3823,6 +3836,38 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) return maxq10xx_random(output, sz); } +#elif defined(MAX3266X_RNG) + int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) + { + #ifdef WOLFSSL_MAX3266X + int status; + #endif /* WOLFSSL_MAX3266X */ + static int initDone = 0; + (void)os; + if (initDone == 0) { + #ifdef WOLFSSL_MAX3266X + status = wolfSSL_HwRngMutexLock(); + if (status != 0) { + return status; + } + #endif /* WOLFSSL_MAX3266X */ + if(MXC_TRNG_HealthTest() != 0) { + #ifdef DEBUG_WOLFSSL + WOLFSSL_MSG("TRNG HW Health Test Failed"); + #endif /* DEBUG_WOLFSSL */ + #ifdef WOLFSSL_MAX3266X + wolfSSL_HwRngMutexUnLock(); + #endif /* WOLFSSL_MAX3266X */ + return WC_HW_E; + } + #ifdef WOLFSSL_MAX3266X + wolfSSL_HwRngMutexUnLock(); + #endif /* WOLFSSL_MAX3266X */ + initDone = 1; + } + return wc_MXC_TRNG_Random(output, sz); + } + #elif defined(WOLFSSL_GETRANDOM) /* getrandom() was added to the Linux kernel in version 3.17. @@ -4044,7 +4089,7 @@ int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz) { word32 i; for (i = 0; i < sz; i++ ) - output[i] = i; + output[i] = (byte)i; (void)os; diff --git a/src/wolfcrypt/src/rc2.c b/src/wolfcrypt/src/rc2.c index 3839d49..67dc7d6 100644 --- a/src/wolfcrypt/src/rc2.c +++ b/src/wolfcrypt/src/rc2.c @@ -1,6 +1,6 @@ /* rc2.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfcrypt/src/ripemd.c b/src/wolfcrypt/src/ripemd.c index 9402c70..36cca1b 100644 --- a/src/wolfcrypt/src/ripemd.c +++ b/src/wolfcrypt/src/ripemd.c @@ -1,6 +1,6 @@ /* ripemd.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfcrypt/src/rsa.c b/src/wolfcrypt/src/rsa.c index 587e47c..9e34599 100644 --- a/src/wolfcrypt/src/rsa.c +++ b/src/wolfcrypt/src/rsa.c @@ -1,6 +1,6 @@ /* rsa.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -154,9 +154,43 @@ static void wc_RsaCleanup(RsaKey* key) #endif } +#ifndef WC_NO_CONSTRUCTORS +RsaKey* wc_NewRsaKey(void* heap, int devId, int *result_code) +{ + int ret; + RsaKey* key = (RsaKey*)XMALLOC(sizeof(RsaKey), heap, DYNAMIC_TYPE_RSA); + if (key == NULL) { + ret = MEMORY_E; + } + else { + ret = wc_InitRsaKey_ex(key, heap, devId); + if (ret != 0) { + XFREE(key, heap, DYNAMIC_TYPE_RSA); + key = NULL; + } + } + + if (result_code != NULL) + *result_code = ret; + + return key; +} + +int wc_DeleteRsaKey(RsaKey* key, RsaKey** key_p) +{ + if (key == NULL) + return BAD_FUNC_ARG; + wc_FreeRsaKey(key); + XFREE(key, key->heap, DYNAMIC_TYPE_RSA); + if (key_p != NULL) + *key_p = NULL; + return 0; +} +#endif /* !WC_NO_CONSTRUCTORS */ + int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId) { - int ret = 0; + int ret = 0; if (key == NULL) { return BAD_FUNC_ARG; @@ -373,9 +407,7 @@ int wc_InitRsaHw(RsaKey* key) } /* check for existing mod buffer to avoid memory leak */ - if (key->mod != NULL) { - XFREE(key->mod, key->heap, DYNAMIC_TYPE_KEY); - } + XFREE(key->mod, key->heap, DYNAMIC_TYPE_KEY); key->pubExp = e; key->mod = m; @@ -2144,9 +2176,7 @@ static int wc_RsaFunctionSync(const byte* in, word32 inLen, byte* out, #endif } - if (d != NULL) { - XFREE(d, key->heap, DYNAMIC_TYPE_PRIVATE_KEY); - } + XFREE(d, key->heap, DYNAMIC_TYPE_PRIVATE_KEY); } #endif break; @@ -2396,7 +2426,10 @@ static int RsaFunction_SP(const byte* in, word32 inLen, byte* out, #endif #ifndef RSA_LOW_MEM if ((mp_count_bits(&key->p) == 1024) && - (mp_count_bits(&key->q) == 1024)) { + (mp_count_bits(&key->q) == 1024) && + (mp_count_bits(&key->dP) > 0) && + (mp_count_bits(&key->dQ) > 0) && + (mp_count_bits(&key->u) > 0)) { return sp_RsaPrivate_2048(in, inLen, &key->d, &key->p, &key->q, &key->dP, &key->dQ, &key->u, &key->n, out, outLen); @@ -2427,7 +2460,10 @@ static int RsaFunction_SP(const byte* in, word32 inLen, byte* out, #endif #ifndef RSA_LOW_MEM if ((mp_count_bits(&key->p) == 1536) && - (mp_count_bits(&key->q) == 1536)) { + (mp_count_bits(&key->q) == 1536) && + (mp_count_bits(&key->dP) > 0) && + (mp_count_bits(&key->dQ) > 0) && + (mp_count_bits(&key->u) > 0)) { return sp_RsaPrivate_3072(in, inLen, &key->d, &key->p, &key->q, &key->dP, &key->dQ, &key->u, &key->n, out, outLen); @@ -2458,7 +2494,10 @@ static int RsaFunction_SP(const byte* in, word32 inLen, byte* out, #endif #ifndef RSA_LOW_MEM if ((mp_count_bits(&key->p) == 2048) && - (mp_count_bits(&key->q) == 2048)) { + (mp_count_bits(&key->q) == 2048) && + (mp_count_bits(&key->dP) > 0) && + (mp_count_bits(&key->dQ) > 0) && + (mp_count_bits(&key->u) > 0)) { return sp_RsaPrivate_4096(in, inLen, &key->d, &key->p, &key->q, &key->dP, &key->dQ, &key->u, &key->n, out, outLen); @@ -2555,7 +2594,13 @@ static int RsaFunctionPrivate(mp_int* tmp, RsaKey* key, WC_RNG* rng) } } #else - if (ret == 0) { + if (ret == 0 && (mp_iszero(&key->p) || mp_iszero(&key->q) || + mp_iszero(&key->dP) || mp_iszero(&key->dQ))) { + if (mp_exptmod(tmp, &key->d, &key->n, tmp) != MP_OKAY) { + ret = MP_EXPTMOD_E; + } + } + else if (ret == 0) { mp_int* tmpa = tmp; #if defined(WC_RSA_BLINDING) && !defined(WC_NO_RNG) mp_int* tmpb = rnd; @@ -2915,7 +2960,7 @@ int wc_RsaDirect(byte* in, word32 inLen, byte* out, word32* outSz, if (out == NULL) { *outSz = inLen; - return LENGTH_ONLY_E; + return WC_NO_ERR_TRACE(LENGTH_ONLY_E); } switch (key->state) { @@ -2952,7 +2997,7 @@ int wc_RsaDirect(byte* in, word32 inLen, byte* out, word32* outSz, } /* if async pending then skip cleanup*/ - if (ret == WC_PENDING_E + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E) #ifdef WC_RSA_NONBLOCK || ret == FP_WOULDBLOCK #endif @@ -3116,6 +3161,9 @@ static int wc_RsaFunction_ex(const byte* in, word32 inLen, byte* out, int ret = 0; (void)rng; (void)checkSmallCt; +#if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_RSA_PAD) + RsaPadding padding; +#endif if (key == NULL || in == NULL || inLen == 0 || out == NULL || outLen == NULL || *outLen == 0 || type == RSA_TYPE_UNKNOWN) { @@ -3127,7 +3175,18 @@ static int wc_RsaFunction_ex(const byte* in, word32 inLen, byte* out, if (key->devId != INVALID_DEVID) #endif { + #if defined(WOLF_CRYPTO_CB_RSA_PAD) + /* If we are here, either the RSA PAD callback was already called + * and returned that it could not implement for that padding scheme, + * or this is a public verify operation. Either way indicate to the + * callback that this should be a raw RSA operation with no padding.*/ + XMEMSET(&padding, 0, sizeof(RsaPadding)); + padding.pad_type = WC_RSA_NO_PAD; + ret = wc_CryptoCb_RsaPad(in, inLen, out, + outLen, type, key, rng, &padding); + #else ret = wc_CryptoCb_Rsa(in, inLen, out, outLen, type, key, rng); + #endif #ifndef WOLF_CRYPTO_CB_ONLY_RSA if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; @@ -3181,7 +3240,7 @@ static int wc_RsaFunction_ex(const byte* in, word32 inLen, byte* out, RESTORE_VECTOR_REGISTERS(); /* handle error */ - if (ret < 0 && ret != WC_PENDING_E + if (ret < 0 && ret != WC_NO_ERR_TRACE(WC_PENDING_E) #ifdef WC_RSA_NONBLOCK && ret != FP_WOULDBLOCK #endif @@ -3235,6 +3294,9 @@ static int RsaPublicEncryptEx(const byte* in, word32 inLen, byte* out, int ret = 0; int sz; int state; +#if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_RSA_PAD) + RsaPadding padding; +#endif if (in == NULL || inLen == 0 || out == NULL || key == NULL) { return BAD_FUNC_ARG; @@ -3331,6 +3393,29 @@ static int RsaPublicEncryptEx(const byte* in, word32 inLen, byte* out, #endif #endif /* WOLFSSL_SE050 */ + #if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_RSA_PAD) + if (key->devId != INVALID_DEVID) { + XMEMSET(&padding, 0, sizeof(RsaPadding)); + padding.pad_value = pad_value; + padding.pad_type = pad_type; + padding.hash = hash; + padding.mgf = mgf; + padding.label = label; + padding.labelSz = labelSz; + padding.saltLen = saltLen; + ret = wc_CryptoCb_RsaPad(in, inLen, out, &outLen, rsa_type, key, rng, + &padding); + + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) { + if (ret < 0) { + break; + } + + ret = outLen; + break; + } + } + #endif key->state = RSA_STATE_ENCRYPT_PAD; ret = wc_RsaPad_ex(in, inLen, out, (word32)sz, pad_value, rng, pad_type, hash, mgf, label, labelSz, saltLen, @@ -3367,7 +3452,7 @@ static int RsaPublicEncryptEx(const byte* in, word32 inLen, byte* out, } /* if async pending then return and skip done cleanup below */ - if (ret == WC_PENDING_E + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E) #ifdef WC_RSA_NONBLOCK || ret == FP_WOULDBLOCK #endif @@ -3410,6 +3495,9 @@ static int RsaPrivateDecryptEx(const byte* in, word32 inLen, byte* out, { int ret = WC_NO_ERR_TRACE(RSA_WRONG_TYPE_E); byte* pad = NULL; +#if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_RSA_PAD) + RsaPadding padding; +#endif if (in == NULL || inLen == 0 || out == NULL || key == NULL) { return BAD_FUNC_ARG; @@ -3520,6 +3608,25 @@ static int RsaPrivateDecryptEx(const byte* in, word32 inLen, byte* out, FALL_THROUGH; case RSA_STATE_DECRYPT_EXPTMOD: +#if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_RSA_PAD) + if ((key->devId != INVALID_DEVID) && (rsa_type != RSA_PUBLIC_DECRYPT)) { + /* Everything except verify goes to crypto cb if + * WOLF_CRYPTO_CB_RSA_PAD defined */ + XMEMSET(&padding, 0, sizeof(RsaPadding)); + padding.pad_value = pad_value; + padding.pad_type = pad_type; + padding.hash = hash; + padding.mgf = mgf; + padding.label = label; + padding.labelSz = labelSz; + padding.saltLen = saltLen; + ret = wc_CryptoCb_RsaPad(in, inLen, out, + &outLen, rsa_type, key, rng, &padding); + if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) { + break; + } + } +#endif #if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_VERIFY_INLINE) && \ !defined(WOLFSSL_NO_MALLOC) ret = wc_RsaFunction_ex(key->data, inLen, key->data, &key->dataLen, @@ -3583,9 +3690,11 @@ static int RsaPrivateDecryptEx(const byte* in, word32 inLen, byte* out, } #if !defined(WOLFSSL_RSA_VERIFY_ONLY) - ret = ctMaskSelInt(ctMaskLTE(ret, (int)outLen), ret, RSA_BUFFER_E); + ret = ctMaskSelInt(ctMaskLTE(ret, (int)outLen), ret, + WC_NO_ERR_TRACE(RSA_BUFFER_E)); #ifndef WOLFSSL_RSA_DECRYPT_TO_0_LEN - ret = ctMaskSelInt(ctMaskNotEq(ret, 0), ret, RSA_BUFFER_E); + ret = ctMaskSelInt(ctMaskNotEq(ret, 0), ret, + WC_NO_ERR_TRACE(RSA_BUFFER_E)); #endif #else if (outLen < (word32)ret) @@ -3620,7 +3729,7 @@ static int RsaPrivateDecryptEx(const byte* in, word32 inLen, byte* out, } /* if async pending then return and skip done cleanup below */ - if (ret == WC_PENDING_E + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E) #ifdef WC_RSA_NONBLOCK || ret == FP_WOULDBLOCK #endif @@ -5085,16 +5194,13 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng) #if !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SE050) #ifdef WOLFSSL_SMALL_STACK - if (p) + if (key != NULL) { XFREE(p, key->heap, DYNAMIC_TYPE_RSA); - if (q) XFREE(q, key->heap, DYNAMIC_TYPE_RSA); - if (tmp1) XFREE(tmp1, key->heap, DYNAMIC_TYPE_RSA); - if (tmp2) XFREE(tmp2, key->heap, DYNAMIC_TYPE_RSA); - if (tmp3) XFREE(tmp3, key->heap, DYNAMIC_TYPE_RSA); + } #elif defined(WOLFSSL_CHECK_MEM_ZERO) mp_memzero_check(p); mp_memzero_check(q); @@ -5250,7 +5356,7 @@ int wc_RsaPrivateKeyDecodeRaw(const byte* n, word32 nSz, if (err == MP_OKAY) { key->type = RSA_PRIVATE; } - else { + else if (key != NULL) { mp_clear(&key->n); mp_clear(&key->e); mp_clear(&key->d); diff --git a/src/wolfcrypt/src/sakke.c b/src/wolfcrypt/src/sakke.c index c87963a..962299f 100644 --- a/src/wolfcrypt/src/sakke.c +++ b/src/wolfcrypt/src/sakke.c @@ -1,6 +1,6 @@ /* sakke.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -622,7 +622,7 @@ int wc_ExportSakkeKey(SakkeKey* key, byte* data, word32* sz) if ((err == 0) && (data == NULL)) { *sz = (word32)(3 * key->ecc.dp->size); - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if ((err >= 0) && (*sz < (word32)(3 * key->ecc.dp->size))) { err = BUFFER_E; @@ -731,7 +731,7 @@ int wc_ExportSakkePrivateKey(SakkeKey* key, byte* data, word32* sz) if ((err == 0) && (data == NULL)) { *sz = (word32)key->ecc.dp->size; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if ((err >= 0) && (*sz < (word32)key->ecc.dp->size)) { err = BUFFER_E; @@ -848,7 +848,7 @@ static int sakke_encode_point(ecc_point* point, word32 size, byte* data, if (data == NULL) { *sz = size * 2 + !raw; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if ((err == 0) && (*sz < size * 2 + !raw)) { err = BUFFER_E; @@ -1419,7 +1419,7 @@ int wc_GenerateSakkeRskTable(const SakkeKey* key, const ecc_point* rsk, } if ((err == 0) && (table == NULL)) { *len = 0; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if ((err == 0) && (*len != 0)) { err = BUFFER_E; @@ -6421,7 +6421,7 @@ int wc_GetSakkePointI(SakkeKey* key, byte* data, word32* sz) if ((err == 0) && (data == NULL)) { *sz = (word32)(key->ecc.dp->size * 2); - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if ((err == 0) && (*sz < (word32)key->ecc.dp->size * 2)) { err = BUFFER_E; @@ -6531,7 +6531,7 @@ int wc_GenerateSakkePointITable(SakkeKey* key, byte* table, word32* len) #else if ((err == 0) && (table == NULL)) { *len = 0; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if ((err == 0) && (*len != 0)) { *len = 0; @@ -6729,7 +6729,7 @@ int wc_MakeSakkeEncapsulatedSSV(SakkeKey* key, enum wc_HashType hashType, *authSz = outSz; if (auth == NULL) { - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } } @@ -6824,7 +6824,7 @@ int wc_GenerateSakkeSSV(SakkeKey* key, WC_RNG* rng, byte* ssv, word16* ssvSz) /* Return length only if an output buffer is NULL. */ if (ssv == NULL) { *ssvSz = (word16) (n / 8); - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } else { n = *ssvSz; diff --git a/src/wolfcrypt/src/sha.c b/src/wolfcrypt/src/sha.c index 1892de4..78ce918 100644 --- a/src/wolfcrypt/src/sha.c +++ b/src/wolfcrypt/src/sha.c @@ -1,6 +1,6 @@ /* sha.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -308,6 +308,10 @@ !defined(WOLFSSL_QNX_CAAM) /* wolfcrypt/src/port/caam/caam_sha.c */ +#elif defined(MAX3266X_SHA) + /* Already brought in by sha.h */ + /* #include */ + #elif defined(WOLFSSL_USE_ESP32_CRYPT_HASH_HW) || \ defined(WOLFSSL_USE_ESP32C3_CRYPT_HASH_HW) @@ -441,7 +445,7 @@ static WC_INLINE void AddLength(wc_Sha* sha, word32 len) #define f3(x,y,z) (((x)&(y))|((z)&((x)|(y)))) #define f4(x,y,z) ((x)^(y)^(z)) - #ifdef WOLFSSL_NUCLEUS_1_2 + #if defined(WOLFSSL_NUCLEUS_1_2) || defined(NUCLEUS_PLUS_2_3) /* nucleus.h also defines R1-R4 */ #undef R1 #undef R2 @@ -560,6 +564,13 @@ int wc_InitSha_ex(wc_Sha* sha, void* heap, int devId) sha->devCtx = NULL; #endif +#ifdef MAX3266X_SHA_CB + ret = wc_MXC_TPU_SHA_Init(&(sha->mxcCtx)); + if (ret != 0) { + return ret; + } +#endif + #ifdef WOLFSSL_USE_ESP32_CRYPT_HASH_HW if (sha->ctx.mode != ESP32_SHA_INIT) { /* it may be interesting to see old values during debugging */ @@ -1035,6 +1046,8 @@ int wc_InitSha(wc_Sha* sha) #if !defined(WOLFSSL_HAVE_PSA) || defined(WOLFSSL_PSA_NO_HASH) +#ifndef MAX3266X_SHA + void wc_ShaFree(wc_Sha* sha) { if (sha == NULL) @@ -1051,6 +1064,9 @@ void wc_ShaFree(wc_Sha* sha) #ifdef WOLFSSL_PIC32MZ_HASH wc_ShaPic32Free(sha); #endif +#ifdef MAX3266X_SHA_CB + wc_MXC_TPU_SHA_Free(&(sha->mxcCtx)); +#endif #if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH) se050_hash_free(&sha->se050Ctx); #endif @@ -1058,16 +1074,15 @@ void wc_ShaFree(wc_Sha* sha) defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY)) && \ !defined(NO_WOLFSSL_RENESAS_TSIP_CRYPT_HASH) || \ defined(WOLFSSL_RENESAS_RX64_HASH) - if (sha->msg != NULL) { - XFREE(sha->msg, sha->heap, DYNAMIC_TYPE_TMP_BUFFER); - sha->msg = NULL; - } + XFREE(sha->msg, sha->heap, DYNAMIC_TYPE_TMP_BUFFER); + sha->msg = NULL; #endif #ifdef WOLFSSL_IMXRT_DCP DCPShaFree(sha); #endif } +#endif /* !MAX3266X_SHA */ #endif /* !defined(WOLFSSL_HAVE_PSA) || defined(WOLFSSL_PSA_NO_HASH) */ #endif /* !WOLFSSL_TI_HASH */ @@ -1082,6 +1097,8 @@ void wc_ShaFree(wc_Sha* sha) #if !defined(WOLFSSL_HAVE_PSA) || defined(WOLFSSL_PSA_NO_HASH) +#ifndef MAX3266X_SHA + /* wc_ShaGetHash get hash value */ int wc_ShaGetHash(wc_Sha* sha, byte* hash) { @@ -1146,12 +1163,20 @@ int wc_ShaCopy(wc_Sha* src, wc_Sha* dst) esp_sha_ctx_copy(src, dst); #endif +#ifdef MAX3266X_SHA_CB + ret = wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx)); + if (ret != 0) { + return ret; + } +#endif + #ifdef WOLFSSL_HASH_FLAGS dst->flags |= WC_HASH_FLAG_ISCOPY; #endif return ret; } #endif /* WOLFSSL_RENESAS_RX64_HASH */ +#endif /* !MAX3266X_SHA */ #endif /* !defined(WOLFSSL_HAVE_PSA) || defined(WOLFSSL_PSA_NO_HASH) */ #endif /* !defined(WOLFSSL_RENESAS_TSIP_TLS) && \ !defined(WOLFSSL_RENESAS_TSIP_CRYPTONLY) || diff --git a/src/wolfcrypt/src/sha256.c b/src/wolfcrypt/src/sha256.c index f955dff..c9c3b10 100644 --- a/src/wolfcrypt/src/sha256.c +++ b/src/wolfcrypt/src/sha256.c @@ -1,6 +1,6 @@ /* sha256.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -63,8 +63,8 @@ on the specific device platform. #endif -#if !defined(NO_SHA256) && (!defined(WOLFSSL_ARMASM) && \ - !defined(WOLFSSL_ARMASM_NO_NEON)) +#if !defined(NO_SHA256) && !(defined(WOLFSSL_ARMASM) || \ + defined(WOLFSSL_ARMASM_NO_NEON)) && !defined(WOLFSSL_RISCV_ASM) #if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */ @@ -122,7 +122,9 @@ on the specific device platform. #elif defined(WOLFSSL_PSOC6_CRYPTO) - +#elif defined(MAX3266X_SHA) + /* Already brought in by sha256.h */ + /* #include */ #else #include @@ -277,10 +279,6 @@ static int InitSha256(wc_Sha256* sha256) #endif #endif -#ifdef WOLF_CRYPTO_CB - sha256->devId = wc_CryptoCb_DefaultDevID(); -#endif - #ifdef WOLFSSL_MAXQ10XX_CRYPTO XMEMSET(&sha256->maxq_ctx, 0, sizeof(sha256->maxq_ctx)); #endif @@ -408,6 +406,10 @@ static int InitSha256(wc_Sha256* sha256) SHA256_SSE2, SHA256_C }; #ifndef WC_C_DYNAMIC_FALLBACK + /* note that all write access to this static variable must be idempotent, + * as arranged by Sha256_SetTransform(), else it will be susceptible to + * data races. + */ static enum sha_methods sha_method = SHA256_UNSET; #endif @@ -1090,6 +1092,12 @@ static int InitSha256(wc_Sha256* sha256) sha256->devId = devId; sha256->devCtx = NULL; #endif + #ifdef MAX3266X_SHA_CB + ret = wc_MXC_TPU_SHA_Init(&(sha256->mxcCtx)); + if (ret != 0) { + return ret; + } + #endif #ifdef WOLFSSL_SMALL_STACK_CACHE sha256->W = NULL; #endif @@ -1251,6 +1259,9 @@ static int InitSha256(wc_Sha256* sha256) { word32 S[8], t0, t1; int i; + #ifdef USE_SLOW_SHA256 + int j; + #endif word32 W[WC_SHA256_BLOCK_SIZE/sizeof(word32)]; /* Copy digest to working vars */ @@ -1264,6 +1275,16 @@ static int InitSha256(wc_Sha256* sha256) S[7] = sha256->digest[7]; i = 0; + #ifdef USE_SLOW_SHA256 + for (j = 0; j < 16; j++) { + RND1(j); + } + for (i = 16; i < 64; i += 16) { + for (j = 0; j < 16; j++) { + RNDN(j); + } + } + #else RND1( 0); RND1( 1); RND1( 2); RND1( 3); RND1( 4); RND1( 5); RND1( 6); RND1( 7); RND1( 8); RND1( 9); RND1(10); RND1(11); @@ -1275,6 +1296,7 @@ static int InitSha256(wc_Sha256* sha256) RNDN( 8); RNDN( 9); RNDN(10); RNDN(11); RNDN(12); RNDN(13); RNDN(14); RNDN(15); } + #endif /* Add the working vars back into digest */ sha256->digest[0] += S[0]; @@ -1945,6 +1967,9 @@ static int InitSha256(wc_Sha256* sha256) #elif defined(WOLFSSL_HAVE_PSA) && !defined(WOLFSSL_PSA_NO_HASH) /* implemented in wolfcrypt/src/port/psa/psa_hash.c */ +#elif defined(MAX3266X_SHA) + /* implemented in wolfcrypt/src/port/maxim/max3266x.c */ + #elif defined(WOLFSSL_RENESAS_RX64_HASH) /* implemented in wolfcrypt/src/port/Renesas/renesas_rx64_hw_sha.c */ @@ -2223,6 +2248,10 @@ void wc_Sha256Free(wc_Sha256* sha256) } #endif +#ifdef MAX3266X_SHA_CB + wc_MXC_TPU_SHA_Free(&(sha256->mxcCtx)); +#endif + #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA256) wolfAsync_DevCtxFree(&sha256->asyncDev, WOLFSSL_ASYNC_MARKER_SHA256); #endif /* WOLFSSL_ASYNC_CRYPT */ @@ -2335,6 +2364,9 @@ int wc_Sha224_Grow(wc_Sha224* sha224, const byte* in, int inSz) #elif defined(WOLFSSL_HAVE_PSA) && !defined(WOLFSSL_PSA_NO_HASH) /* implemented in wolfcrypt/src/port/psa/psa_hash.c */ +#elif defined(MAX3266X_SHA) + /* implemented in wolfcrypt/src/port/maxim/max3266x.c */ + #else int wc_Sha224GetHash(wc_Sha224* sha224, byte* hash) @@ -2469,7 +2501,8 @@ int wc_Sha224_Grow(wc_Sha224* sha224, const byte* in, int inSz) /* implemented in wolfcrypt/src/port/psa/psa_hash.c */ #elif defined(WOLFSSL_RENESAS_RX64_HASH) /* implemented in wolfcrypt/src/port/Renesas/renesas_rx64_hw_sha.c */ - +#elif defined(MAX3266X_SHA) + /* Implemented in wolfcrypt/src/port/maxim/max3266x.c */ #else int wc_Sha256GetHash(wc_Sha256* sha256, byte* hash) @@ -2496,7 +2529,7 @@ int wc_Sha256GetHash(wc_Sha256* sha256, byte* hash) ret = wc_Sha256Copy(sha256, tmpSha256); if (ret == 0) { ret = wc_Sha256Final(tmpSha256, hash); - wc_Sha256Free(tmpSha256); /* TODO move outside brackets? */ + wc_Sha256Free(tmpSha256); } @@ -2520,6 +2553,13 @@ int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst) wc_MAXQ10XX_Sha256Copy(src); #endif +#ifdef MAX3266X_SHA_CB + ret = wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx)); + if (ret != 0) { + return ret; + } +#endif + #ifdef WOLFSSL_SMALL_STACK_CACHE dst->W = NULL; #endif diff --git a/src/wolfcrypt/src/sha3.c b/src/wolfcrypt/src/sha3.c index 99f739b..1a3596a 100644 --- a/src/wolfcrypt/src/sha3.c +++ b/src/wolfcrypt/src/sha3.c @@ -1,6 +1,6 @@ /* sha3.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -62,8 +62,7 @@ } #endif -#if !defined(WOLFSSL_ARMASM) || (!defined(__arm__) && \ - !defined(WOLFSSL_ARMASM_CRYPTO_SHA3)) +#if !defined(WOLFSSL_ARMASM) && !defined(WOLFSSL_RISCV_ASM) #ifdef USE_INTEL_SPEEDUP #include @@ -250,7 +249,7 @@ while (0) #ifndef USE_INTEL_SPEEDUP static #endif -void BlockSha3(word64 *s) +void BlockSha3(word64* s) { byte i, x, y; word64 t0, t1; @@ -541,7 +540,7 @@ while (0) #ifndef USE_INTEL_SPEEDUP static #endif -void BlockSha3(word64 *s) +void BlockSha3(word64* s) { word64 n[25]; word64 b[5]; @@ -563,7 +562,7 @@ void BlockSha3(word64 *s) } } #endif /* WOLFSSL_SHA3_SMALL */ -#endif /* !WOLFSSL_ARMASM */ +#endif /* !WOLFSSL_ARMASM && !WOLFSSL_RISCV_ASM */ static WC_INLINE word64 Load64Unaligned(const unsigned char *a) { diff --git a/src/wolfcrypt/src/sha512.c b/src/wolfcrypt/src/sha512.c index 88c38f0..7f3e745 100644 --- a/src/wolfcrypt/src/sha512.c +++ b/src/wolfcrypt/src/sha512.c @@ -1,6 +1,6 @@ /* sha512.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -28,7 +28,7 @@ #if (defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384)) && \ (!defined(WOLFSSL_ARMASM) && !defined(WOLFSSL_ARMASM_NO_NEON)) && \ - !defined(WOLFSSL_PSOC6_CRYPTO) + !defined(WOLFSSL_PSOC6_CRYPTO) && !defined(WOLFSSL_RISCV_ASM) /* determine if we are using Espressif SHA hardware acceleration */ #undef WOLFSSL_USE_ESP32_CRYPT_HASH_HW @@ -96,6 +96,11 @@ #include #endif +#if defined(MAX3266X_SHA) + /* Already brought in by sha512.h */ + /* #include */ +#endif + #if defined(WOLFSSL_X86_64_BUILD) && defined(USE_INTEL_SPEEDUP) #if defined(__GNUC__) && ((__GNUC__ < 4) || \ (__GNUC__ == 4 && __GNUC_MINOR__ <= 8)) @@ -149,6 +154,9 @@ !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH) /* functions defined in wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c */ +#elif defined(MAX3266X_SHA) + /* Functions defined in wolfcrypt/src/port/maxim/max3266x.c */ + #elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH) int wc_InitSha512(wc_Sha512* sha512) { @@ -489,6 +497,10 @@ static int InitSha512_256(wc_Sha512* sha512) SHA512_AVX1_RORX, SHA512_AVX2_RORX, SHA512_C }; #ifndef WC_C_DYNAMIC_FALLBACK + /* note that all write access to this static variable must be idempotent, + * as arranged by Sha512_SetTransform(), else it will be susceptible to + * data races. + */ static enum sha_methods sha_method = SHA512_UNSET; #endif @@ -761,6 +773,12 @@ int wc_InitSha512_ex(wc_Sha512* sha512, void* heap, int devId) sha512->ctx.mode = ESP32_SHA_INIT; #endif +#ifdef MAX3266X_SHA_CB + if (wc_MXC_TPU_SHA_Init(&(sha512->mxcCtx)) != 0){ + return BAD_FUNC_ARG; + } +#endif + return InitSha512_Family(sha512, heap, devId, InitSha512); } @@ -1154,6 +1172,9 @@ int wc_Sha512Update(wc_Sha512* sha512, const byte* data, word32 len) /* functions defined in wolfcrypt/src/port/renesas/renesas_fspsm_sha.c */ #elif defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH) +#elif defined(MAX3266X_SHA) + /* Functions defined in wolfcrypt/src/port/maxim/max3266x.c */ + #else static WC_INLINE int Sha512Final(wc_Sha512* sha512) @@ -1314,6 +1335,9 @@ static WC_INLINE int Sha512Final(wc_Sha512* sha512) !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH) /* functions defined in wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c */ +#elif defined(MAX3266X_SHA) + /* Functions defined in wolfcrypt/src/port/maxim/max3266x.c */ + #else static int Sha512FinalRaw(wc_Sha512* sha512, byte* hash, size_t digestSz) @@ -1390,6 +1414,10 @@ int wc_Sha512Final(wc_Sha512* sha512, byte* hash) #endif /* WOLFSSL_KCAPI_HASH */ +#if defined(MAX3266X_SHA) + /* Functions defined in wolfcrypt/src/port/maxim/max3266x.c */ + +#else #if !defined(WOLFSSL_SE050) || !defined(WOLFSSL_SE050_HASH) int wc_InitSha512(wc_Sha512* sha512) { @@ -1432,12 +1460,18 @@ void wc_Sha512Free(wc_Sha512* sha512) } #endif +#ifdef MAX3266X_SHA_CB + wc_MXC_TPU_SHA_Free(&(sha512->mxcCtx)); +#endif + #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA512) wolfAsync_DevCtxFree(&sha512->asyncDev, WOLFSSL_ASYNC_MARKER_SHA512); #endif /* WOLFSSL_ASYNC_CRYPT */ ForceZero(sha512, sizeof(*sha512)); } +#endif + #if (defined(OPENSSL_EXTRA) || defined(HAVE_CURL)) \ && !defined(WOLFSSL_KCAPI_HASH) /* Apply SHA512 transformation to the data */ @@ -1556,6 +1590,9 @@ int wc_Sha512Transform(wc_Sha512* sha, const unsigned char* data) !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH) /* functions defined in wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c */ +#elif defined(MAX3266X_SHA) + /* Functions defined in wolfcrypt/src/port/maxim/max3266x.c */ + #else static int InitSha384(wc_Sha384* sha384) @@ -1732,6 +1769,13 @@ int wc_InitSha384_ex(wc_Sha384* sha384, void* heap, int devId) sha384->ctx.mode = ESP32_SHA_INIT; #endif +#ifdef MAX3266X_SHA_CB + ret = wc_MXC_TPU_SHA_Init(&(sha384->mxcCtx)); + if (ret != 0) { + return ret; + } +#endif + ret = InitSha384(sha384); if (ret != 0) { return ret; @@ -1751,6 +1795,10 @@ int wc_InitSha384_ex(wc_Sha384* sha384, void* heap, int devId) #endif /* WOLFSSL_IMX6_CAAM || WOLFSSL_SILABS_SHA512 || WOLFSSL_KCAPI_HASH */ +#if defined(MAX3266X_SHA) + /* Functions defined in wolfcrypt/src/port/maxim/max3266x.c */ + +#else int wc_InitSha384(wc_Sha384* sha384) { int devId = INVALID_DEVID; @@ -1806,9 +1854,14 @@ void wc_Sha384Free(wc_Sha384* sha384) } #endif +#ifdef MAX3266X_SHA_CB + wc_MXC_TPU_SHA_Free(&(sha384->mxcCtx)); +#endif + ForceZero(sha384, sizeof(*sha384)); } +#endif #endif /* WOLFSSL_SHA384 */ #ifdef WOLFSSL_SHA512 @@ -1820,6 +1873,9 @@ void wc_Sha384Free(wc_Sha384* sha384) !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH) /* functions defined in wolfcrypt/src/port/Renesas/renesas_fspsm_sha.c */ +#elif defined(MAX3266X_SHA) + /* Functions defined in wolfcrypt/src/port/maxim/max3266x.c */ + #else static int Sha512_Family_GetHash(wc_Sha512* sha512, byte* hash, @@ -1923,6 +1979,13 @@ int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst) } #endif +#ifdef MAX3266X_SHA_CB + ret = wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx)); + if (ret != 0) { + return ret; + } +#endif + return ret; } @@ -2111,6 +2174,8 @@ int wc_Sha512_256Transform(wc_Sha512* sha, const unsigned char* data) #elif defined(WOLFSSL_RENESAS_RSIP) && \ !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH) /* functions defined in wolfcrypt/src/port/renesas/renesas_fspsm_sha.c */ +#elif defined(MAX3266X_SHA) + /* Functions defined in wolfcrypt/src/port/maxim/max3266x.c */ #else int wc_Sha384GetHash(wc_Sha384* sha384, byte* hash) @@ -2210,6 +2275,13 @@ int wc_Sha384Copy(wc_Sha384* src, wc_Sha384* dst) } #endif +#ifdef MAX3266X_SHA_CB + ret = wc_MXC_TPU_SHA_Copy(&(src->mxcCtx), &(dst->mxcCtx)); + if (ret != 0) { + return ret; + } +#endif + return ret; } diff --git a/src/wolfcrypt/src/signature.c b/src/wolfcrypt/src/signature.c index 33cec70..09ae526 100644 --- a/src/wolfcrypt/src/signature.c +++ b/src/wolfcrypt/src/signature.c @@ -1,6 +1,6 @@ /* signature.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -80,7 +80,7 @@ static int wc_SignatureDerEncode(enum wc_HashType hash_type, byte* hash_data, int wc_SignatureGetSize(enum wc_SignatureType sig_type, const void* key, word32 key_len) { - int sig_len = BAD_FUNC_ARG; + int sig_len = WC_NO_ERR_TRACE(BAD_FUNC_ARG); /* Suppress possible unused args if all signature types are disabled */ (void)key; diff --git a/src/wolfcrypt/src/siphash.c b/src/wolfcrypt/src/siphash.c index 173b914..54c02f6 100644 --- a/src/wolfcrypt/src/siphash.c +++ b/src/wolfcrypt/src/siphash.c @@ -1,6 +1,6 @@ /* siphash.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -805,29 +805,29 @@ int wc_SipHash(const unsigned char* key, const unsigned char* in, word32 inSz, #else #define SipRoundV(v0, v1, v2, v3) \ - v0 += v1; \ - v2 += v3; \ - v1 = rotlFixed64(v1, 13); \ - v3 = rotlFixed64(v3, 16); \ - v1 ^= v0; \ - v3 ^= v2; \ - v0 = rotlFixed64(v0, 32); \ - v2 += v1; \ - v0 += v3; \ - v1 = rotlFixed64(v1, 17); \ - v3 = rotlFixed64(v3, 21); \ - v1 ^= v2; \ - v3 ^= v0; \ - v2 = rotlFixed64(v2, 32); + (v0) += (v1); \ + (v2) += (v3); \ + (v1) = rotlFixed64(v1, 13); \ + (v3) = rotlFixed64(v3, 16); \ + (v1) ^= (v0); \ + (v3) ^= (v2); \ + (v0) = rotlFixed64(v0, 32); \ + (v2) += (v1); \ + (v0) += (v3); \ + (v1) = rotlFixed64(v1, 17); \ + (v3) = rotlFixed64(v3, 21); \ + (v1) ^= (v2); \ + (v3) ^= (v0); \ + (v2) = rotlFixed64(v2, 32); #define SipHashCompressV(v0, v1, v2, v3, m) \ do { \ int i; \ - v3 ^= m; \ + (v3) ^= (m); \ for (i = 0; i < WOLFSSL_SIPHASH_CROUNDS; i++) { \ SipRoundV(v0, v1, v2, v3); \ } \ - v0 ^= m; \ + (v0) ^= (m); \ } \ while (0) @@ -839,7 +839,7 @@ int wc_SipHash(const unsigned char* key, const unsigned char* in, word32 inSz, for (i = 0; i < WOLFSSL_SIPHASH_DROUNDS; i++) { \ SipRoundV(v0, v1, v2, v3); \ } \ - n = v0 ^ v1 ^ v2 ^ v3; \ + n = (v0) ^ (v1) ^ (v2) ^ (v3); \ SET_U64(out, n); \ } \ while (0) diff --git a/src/wolfcrypt/src/sm2.c b/src/wolfcrypt/src/sm2.c index 829d5e5..24b8df9 100644 --- a/src/wolfcrypt/src/sm2.c +++ b/src/wolfcrypt/src/sm2.c @@ -1,6 +1,6 @@ /* sm2.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfcrypt/src/sm3.c b/src/wolfcrypt/src/sm3.c index 1339037..dfbef2e 100644 --- a/src/wolfcrypt/src/sm3.c +++ b/src/wolfcrypt/src/sm3.c @@ -1,6 +1,6 @@ /* sm3.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfcrypt/src/sm4.c b/src/wolfcrypt/src/sm4.c index 1e4f317..c29cc2b 100644 --- a/src/wolfcrypt/src/sm4.c +++ b/src/wolfcrypt/src/sm4.c @@ -1,6 +1,6 @@ /* sm4.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfcrypt/src/sp_arm32.c b/src/wolfcrypt/src/sp_arm32.c index 8529e41..68449be 100644 --- a/src/wolfcrypt/src/sp_arm32.c +++ b/src/wolfcrypt/src/sp_arm32.c @@ -1,6 +1,6 @@ /* sp.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -67,7 +67,7 @@ do { \ int ii; \ fprintf(stderr, name "=0x"); \ - for (ii = ((bits + 31) / 32) - 1; ii >= 0; ii--) \ + for (ii = (((bits) + 31) / 32) - 1; ii >= 0; ii--) \ fprintf(stderr, SP_PRINT_FMT, (var)[ii]); \ fprintf(stderr, "\n"); \ } while (0) @@ -2231,7 +2231,8 @@ static void sp_2048_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_ "stm %[r]!, {r3, r4, r5, r6}\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", "r12", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", + "r12" ); } @@ -2584,7 +2585,8 @@ static void sp_2048_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_ "add sp, sp, #36\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); } @@ -2610,7 +2612,7 @@ static void sp_2048_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_ "strd %[r], %[a], [sp, #36]\n\t" #endif "mov lr, %[b]\n\t" - "ldm %[a], {%[r], %[a], %[b], r3}\n\t" + "ldm %[a], {r0, r1, r2, r3}\n\t" "ldm lr!, {r4, r5, r6}\n\t" "umull r10, r11, %[r], r4\n\t" "umull r12, r7, %[a], r4\n\t" @@ -2655,7 +2657,7 @@ static void sp_2048_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_ "umaal r4, r6, %[b], r7\n\t" "sub lr, lr, #16\n\t" "umaal r5, r6, r3, r7\n\t" - "ldm %[r], {%[r], %[a], %[b], r3}\n\t" + "ldm %[r], {r0, r1, r2, r3}\n\t" "str r6, [sp, #32]\n\t" "ldm lr!, {r6}\n\t" "mov r7, #0\n\t" @@ -2715,7 +2717,8 @@ static void sp_2048_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_ "add sp, sp, #44\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r10", "r11", "r12", "r7", "r8", "r9", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r10", "r11", "r12", "r7", + "r8", "r9", "lr" ); } @@ -2751,7 +2754,7 @@ static sp_digit sp_2048_add_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit "adc %[r], %[r], #0\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -2798,7 +2801,7 @@ static sp_digit sp_2048_sub_in_place_16(sp_digit* a_p, const sp_digit* b_p) "sbc %[a], r9, r9\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); return (uint32_t)(size_t)a; } @@ -2848,7 +2851,7 @@ static sp_digit sp_2048_add_16(sp_digit* r_p, const sp_digit* a_p, const sp_digi "adc %[r], %[r], #0\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -2988,7 +2991,7 @@ static sp_digit sp_2048_sub_in_place_32(sp_digit* a_p, const sp_digit* b_p) "sbc %[a], r9, r9\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); return (uint32_t)(size_t)a; } @@ -3066,7 +3069,7 @@ static sp_digit sp_2048_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digi "adc %[r], %[r], #0\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -3266,7 +3269,7 @@ static sp_digit sp_2048_sub_in_place_64(sp_digit* a_p, const sp_digit* b_p) "sbc %[a], r9, r9\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); return (uint32_t)(size_t)a; } @@ -3400,7 +3403,7 @@ static sp_digit sp_2048_add_64(sp_digit* r_p, const sp_digit* a_p, const sp_digi "adc %[r], %[r], #0\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -4680,7 +4683,8 @@ static void sp_2048_sqr_8(sp_digit* r_p, const sp_digit* a_p) "stm %[r]!, {r2, r3, r4, r8}\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r12" ); } @@ -4923,7 +4927,8 @@ static void sp_2048_sqr_8(sp_digit* r_p, const sp_digit* a_p) "add sp, sp, #0x44\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); } @@ -4941,7 +4946,7 @@ static void sp_2048_sqr_8(sp_digit* r_p, const sp_digit* a_p) __asm__ __volatile__ ( "sub sp, sp, #32\n\t" "str %[r], [sp, #28]\n\t" - "ldm %[a], {%[r], %[a], r2, r3, r4, r5, r6, r7}\n\t" + "ldm %[a], {r0, r1, r2, r3, r4, r5, r6, r7}\n\t" "umull r9, r10, %[r], %[r]\n\t" "umull r11, r12, %[r], %[a]\n\t" "adds r11, r11, r11\n\t" @@ -5028,18 +5033,19 @@ static void sp_2048_sqr_8(sp_digit* r_p, const sp_digit* a_p) /* R[15] = r7 */ "ldr lr, [sp, #28]\n\t" "add lr, lr, #28\n\t" - "stm lr!, {%[r], r12}\n\t" + "stm lr!, {r0, r12}\n\t" "stm lr!, {r11}\n\t" "stm lr!, {r10}\n\t" "stm lr!, {r3, r4, r8, r9}\n\t" "stm lr!, {r7}\n\t" "sub lr, lr, #0x40\n\t" - "ldm sp, {%[r], %[a], r2, r3, r4, r5, r6}\n\t" - "stm lr, {%[r], %[a], r2, r3, r4, r5, r6}\n\t" + "ldm sp, {r0, r1, r2, r3, r4, r5, r6}\n\t" + "stm lr, {r0, r1, r2, r3, r4, r5, r6}\n\t" "add sp, sp, #32\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); } @@ -5074,7 +5080,7 @@ static sp_digit sp_2048_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit "sbc %[r], r6, r6\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -5159,7 +5165,7 @@ static sp_digit sp_2048_sub_16(sp_digit* r_p, const sp_digit* a_p, const sp_digi "sbc %[r], r6, r6\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -5272,7 +5278,7 @@ static sp_digit sp_2048_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp_digi "sbc %[r], r6, r6\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -5347,7 +5353,8 @@ static sp_digit sp_2048_add_64(sp_digit* r_p, const sp_digit* a_p, const sp_digi "mov %[r], r3\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r3", "r12" ); return (uint32_t)(size_t)r; } @@ -5383,7 +5390,8 @@ static sp_digit sp_2048_sub_in_place_64(sp_digit* a_p, const sp_digit* b_p) "mov %[a], r12\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", + "lr" ); return (uint32_t)(size_t)a; } @@ -5585,7 +5593,8 @@ static void sp_2048_mul_64(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b "bgt L_sp_2048_mul_64_store_%=\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -5742,7 +5751,8 @@ static void sp_2048_sqr_64(sp_digit* r_p, const sp_digit* a_p) "bgt L_sp_2048_sqr_64_store_%=\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -5798,7 +5808,8 @@ static sp_digit sp_2048_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digi "mov %[r], r3\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r3", "r12" ); return (uint32_t)(size_t)r; } @@ -5834,7 +5845,8 @@ static sp_digit sp_2048_sub_in_place_32(sp_digit* a_p, const sp_digit* b_p) "mov %[a], r12\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", + "lr" ); return (uint32_t)(size_t)a; } @@ -6036,7 +6048,8 @@ static void sp_2048_mul_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b "bgt L_sp_2048_mul_32_store_%=\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -6193,7 +6206,8 @@ static void sp_2048_sqr_32(sp_digit* r_p, const sp_digit* a_p) "bgt L_sp_2048_sqr_32_store_%=\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -6314,7 +6328,7 @@ static void sp_2048_mul_d_64(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) "str r3, [%[r], #256]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); } @@ -8379,7 +8393,7 @@ static void sp_2048_mul_d_64(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) "str r4, [%[r]]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8" ); } @@ -8408,7 +8422,8 @@ static void sp_2048_mont_norm_32(sp_digit* r, const sp_digit* m) * b A single precision number to subtract. * m Mask value to apply. */ -static sp_digit sp_2048_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_2048_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -8434,7 +8449,7 @@ static sp_digit sp_2048_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp "mov %[r], r12\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); return (uint32_t)(size_t)r; } @@ -8448,7 +8463,8 @@ static sp_digit sp_2048_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp * b A single precision number to subtract. * m Mask value to apply. */ -static sp_digit sp_2048_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_2048_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -8572,7 +8588,7 @@ static sp_digit sp_2048_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp "sbc %[r], lr, lr\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7" ); return (uint32_t)(size_t)r; } @@ -9553,7 +9569,8 @@ static SP_NOINLINE void sp_2048_mont_reduce_32(sp_digit* a_p, const sp_digit* m_ "mov %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_2048_cond_sub_32(a - 32, a, m, (sp_digit)0 - mp); } @@ -9848,7 +9865,8 @@ static SP_NOINLINE void sp_2048_mont_reduce_32(sp_digit* a_p, const sp_digit* m_ "mov %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_2048_cond_sub_32(a - 32, a, m, (sp_digit)0 - mp); } @@ -10053,7 +10071,8 @@ static SP_NOINLINE void sp_2048_mont_reduce_32(sp_digit* a_p, const sp_digit* m_ "mov %[mp], lr\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_2048_cond_sub_32(a - 32, a, m, (sp_digit)0 - mp); } @@ -10183,7 +10202,7 @@ static void sp_2048_mul_d_32(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) "str r3, [%[r], #128]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); } @@ -11224,7 +11243,7 @@ static void sp_2048_mul_d_32(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) "str r5, [%[r]]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8" ); } @@ -11283,7 +11302,7 @@ static sp_digit div_2048_word_32(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "add %[d1], r4, r3\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (uint32_t)(size_t)d1; } @@ -11421,7 +11440,7 @@ static sp_digit div_2048_word_32(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "sub %[d1], r3, r6\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (uint32_t)(size_t)d1; } @@ -11820,7 +11839,7 @@ static sp_int32 sp_2048_cmp_32(const sp_digit* a_p, const sp_digit* b_p) "mov %[a], r2\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "cc" + : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6" ); return (uint32_t)(size_t)a; } @@ -12022,13 +12041,12 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e, XMEMSET(&r[32], 0, sizeof(sp_digit) * 32U); sp_2048_mont_reduce_32(r, m, mp); - mask = 0 - (sp_2048_cmp_32(r, m) >= 0); + mask = (sp_digit)0 - (sp_2048_cmp_32(r, m) >= 0); sp_2048_cond_sub_32(r, r, m, mask); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -12191,13 +12209,12 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e, XMEMSET(&r[32], 0, sizeof(sp_digit) * 32U); sp_2048_mont_reduce_32(r, m, mp); - mask = 0 - (sp_2048_cmp_32(r, m) >= 0); + mask = (sp_digit)0 - (sp_2048_cmp_32(r, m) >= 0); sp_2048_cond_sub_32(r, r, m, mask); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -12231,7 +12248,8 @@ static void sp_2048_mont_norm_64(sp_digit* r, const sp_digit* m) * b A single precision number to subtract. * m Mask value to apply. */ -static sp_digit sp_2048_cond_sub_64(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_2048_cond_sub_64(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -12257,7 +12275,7 @@ static sp_digit sp_2048_cond_sub_64(sp_digit* r_p, const sp_digit* a_p, const sp "mov %[r], r12\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); return (uint32_t)(size_t)r; } @@ -12271,7 +12289,8 @@ static sp_digit sp_2048_cond_sub_64(sp_digit* r_p, const sp_digit* a_p, const sp * b A single precision number to subtract. * m Mask value to apply. */ -static sp_digit sp_2048_cond_sub_64(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_2048_cond_sub_64(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -12507,7 +12526,7 @@ static sp_digit sp_2048_cond_sub_64(sp_digit* r_p, const sp_digit* a_p, const sp "sbc %[r], lr, lr\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7" ); return (uint32_t)(size_t)r; } @@ -14416,7 +14435,8 @@ static SP_NOINLINE void sp_2048_mont_reduce_64(sp_digit* a_p, const sp_digit* m_ "mov %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_2048_cond_sub_64(a - 64, a, m, (sp_digit)0 - mp); } @@ -14967,7 +14987,8 @@ static SP_NOINLINE void sp_2048_mont_reduce_64(sp_digit* a_p, const sp_digit* m_ "mov %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_2048_cond_sub_64(a - 64, a, m, (sp_digit)0 - mp); } @@ -15332,7 +15353,8 @@ static SP_NOINLINE void sp_2048_mont_reduce_64(sp_digit* a_p, const sp_digit* m_ "mov %[mp], lr\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_2048_cond_sub_64(a - 64, a, m, (sp_digit)0 - mp); } @@ -15400,7 +15422,8 @@ static sp_digit sp_2048_sub_64(sp_digit* r_p, const sp_digit* a_p, const sp_digi "mov %[r], r12\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r12", "lr" ); return (uint32_t)(size_t)r; } @@ -15534,7 +15557,7 @@ static sp_digit sp_2048_sub_64(sp_digit* r_p, const sp_digit* a_p, const sp_digi "sbc %[r], r6, r6\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -15594,7 +15617,7 @@ static sp_digit div_2048_word_64(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "add %[d1], r4, r3\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (uint32_t)(size_t)d1; } @@ -15732,7 +15755,7 @@ static sp_digit div_2048_word_64(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "sub %[d1], r3, r6\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (uint32_t)(size_t)d1; } @@ -16587,7 +16610,7 @@ static sp_int32 sp_2048_cmp_64(const sp_digit* a_p, const sp_digit* b_p) "mov %[a], r2\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "cc" + : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6" ); return (uint32_t)(size_t)a; } @@ -16783,13 +16806,12 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e, XMEMSET(&r[64], 0, sizeof(sp_digit) * 64U); sp_2048_mont_reduce_64(r, m, mp); - mask = 0 - (sp_2048_cmp_64(r, m) >= 0); + mask = (sp_digit)0 - (sp_2048_cmp_64(r, m) >= 0); sp_2048_cond_sub_64(r, r, m, mask); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -16935,13 +16957,12 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e, XMEMSET(&r[64], 0, sizeof(sp_digit) * 64U); sp_2048_mont_reduce_64(r, m, mp); - mask = 0 - (sp_2048_cmp_64(r, m) >= 0); + mask = (sp_digit)0 - (sp_2048_cmp_64(r, m) >= 0); sp_2048_cond_sub_64(r, r, m, mask); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -17104,8 +17125,7 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (a != NULL) - XFREE(a, NULL, DYNAMIC_TYPE_RSA); + XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -17121,7 +17141,8 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em, * b A single precision number to add. * m Mask value to apply. */ -static sp_digit sp_2048_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_2048_cond_add_32(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -17147,7 +17168,7 @@ static sp_digit sp_2048_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp "mov %[r], lr\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); return (uint32_t)(size_t)r; } @@ -17161,7 +17182,8 @@ static sp_digit sp_2048_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp * b A single precision number to add. * m Mask value to apply. */ -static sp_digit sp_2048_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_2048_cond_add_32(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -17285,7 +17307,7 @@ static sp_digit sp_2048_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp "adc %[r], r8, r8\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (uint32_t)(size_t)r; } @@ -17999,7 +18021,7 @@ static void sp_2048_lshift_64(sp_digit* r_p, const sp_digit* a_p, byte n_p) "str r6, [%[r], #4]\n\t" : [r] "+r" (r), [a] "+r" (a), [n] "+r" (n) : - : "memory", "r4", "r5", "r6", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r3", "r12" ); } @@ -18117,13 +18139,12 @@ static int sp_2048_mod_exp_2_64(sp_digit* r, const sp_digit* e, int bits, XMEMSET(&r[64], 0, sizeof(sp_digit) * 64U); sp_2048_mont_reduce_64(r, m, mp); - mask = 0 - (sp_2048_cmp_64(r, m) >= 0); + mask = (sp_digit)0 - (sp_2048_cmp_64(r, m) >= 0); sp_2048_cond_sub_64(r, r, m, mask); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -23905,7 +23926,8 @@ static void sp_3072_mul_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b "stm %[r]!, {r3, r4, r5, r6}\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", "r12", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", + "r12" ); } @@ -23947,7 +23969,7 @@ static sp_digit sp_3072_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digi "adc %[r], %[r], #0\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -24008,7 +24030,7 @@ static sp_digit sp_3072_sub_in_place_24(sp_digit* a_p, const sp_digit* b_p) "sbc %[a], r9, r9\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); return (uint32_t)(size_t)a; } @@ -24072,7 +24094,7 @@ static sp_digit sp_3072_add_24(sp_digit* r_p, const sp_digit* a_p, const sp_digi "adc %[r], %[r], #0\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -24244,7 +24266,7 @@ static sp_digit sp_3072_sub_in_place_48(sp_digit* a_p, const sp_digit* b_p) "sbc %[a], r9, r9\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); return (uint32_t)(size_t)a; } @@ -24350,7 +24372,7 @@ static sp_digit sp_3072_add_48(sp_digit* r_p, const sp_digit* a_p, const sp_digi "adc %[r], %[r], #0\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -24606,7 +24628,7 @@ static sp_digit sp_3072_sub_in_place_96(sp_digit* a_p, const sp_digit* b_p) "sbc %[a], r9, r9\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); return (uint32_t)(size_t)a; } @@ -24796,7 +24818,7 @@ static sp_digit sp_3072_add_96(sp_digit* r_p, const sp_digit* a_p, const sp_digi "adc %[r], %[r], #0\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -27928,7 +27950,8 @@ static void sp_3072_sqr_12(sp_digit* r_p, const sp_digit* a_p) "stm %[r]!, {r2, r3, r4, r8}\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r12" ); } @@ -27969,7 +27992,7 @@ static sp_digit sp_3072_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digi "sbc %[r], r6, r6\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -28068,7 +28091,7 @@ static sp_digit sp_3072_sub_24(sp_digit* r_p, const sp_digit* a_p, const sp_digi "sbc %[r], r6, r6\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -28209,7 +28232,7 @@ static sp_digit sp_3072_sub_48(sp_digit* r_p, const sp_digit* a_p, const sp_digi "sbc %[r], r6, r6\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -28284,7 +28307,8 @@ static sp_digit sp_3072_add_96(sp_digit* r_p, const sp_digit* a_p, const sp_digi "mov %[r], r3\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r3", "r12" ); return (uint32_t)(size_t)r; } @@ -28320,7 +28344,8 @@ static sp_digit sp_3072_sub_in_place_96(sp_digit* a_p, const sp_digit* b_p) "mov %[a], r12\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", + "lr" ); return (uint32_t)(size_t)a; } @@ -28522,7 +28547,8 @@ static void sp_3072_mul_96(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b "bgt L_sp_3072_mul_96_store_%=\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -28679,7 +28705,8 @@ static void sp_3072_sqr_96(sp_digit* r_p, const sp_digit* a_p) "bgt L_sp_3072_sqr_96_store_%=\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -28735,7 +28762,8 @@ static sp_digit sp_3072_add_48(sp_digit* r_p, const sp_digit* a_p, const sp_digi "mov %[r], r3\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r3", "r12" ); return (uint32_t)(size_t)r; } @@ -28771,7 +28799,8 @@ static sp_digit sp_3072_sub_in_place_48(sp_digit* a_p, const sp_digit* b_p) "mov %[a], r12\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", + "lr" ); return (uint32_t)(size_t)a; } @@ -28973,7 +29002,8 @@ static void sp_3072_mul_48(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b "bgt L_sp_3072_mul_48_store_%=\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -29130,7 +29160,8 @@ static void sp_3072_sqr_48(sp_digit* r_p, const sp_digit* a_p) "bgt L_sp_3072_sqr_48_store_%=\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -29251,7 +29282,7 @@ static void sp_3072_mul_d_96(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) "str r3, [%[r], #384]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); } @@ -32340,7 +32371,7 @@ static void sp_3072_mul_d_96(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) "str r3, [%[r]]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8" ); } @@ -32369,7 +32400,8 @@ static void sp_3072_mont_norm_48(sp_digit* r, const sp_digit* m) * b A single precision number to subtract. * m Mask value to apply. */ -static sp_digit sp_3072_cond_sub_48(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_3072_cond_sub_48(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -32395,7 +32427,7 @@ static sp_digit sp_3072_cond_sub_48(sp_digit* r_p, const sp_digit* a_p, const sp "mov %[r], r12\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); return (uint32_t)(size_t)r; } @@ -32409,7 +32441,8 @@ static sp_digit sp_3072_cond_sub_48(sp_digit* r_p, const sp_digit* a_p, const sp * b A single precision number to subtract. * m Mask value to apply. */ -static sp_digit sp_3072_cond_sub_48(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_3072_cond_sub_48(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -32589,7 +32622,7 @@ static sp_digit sp_3072_cond_sub_48(sp_digit* r_p, const sp_digit* a_p, const sp "sbc %[r], lr, lr\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7" ); return (uint32_t)(size_t)r; } @@ -34034,7 +34067,8 @@ static SP_NOINLINE void sp_3072_mont_reduce_48(sp_digit* a_p, const sp_digit* m_ "mov %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_3072_cond_sub_48(a - 48, a, m, (sp_digit)0 - mp); } @@ -34457,7 +34491,8 @@ static SP_NOINLINE void sp_3072_mont_reduce_48(sp_digit* a_p, const sp_digit* m_ "mov %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_3072_cond_sub_48(a - 48, a, m, (sp_digit)0 - mp); } @@ -34742,7 +34777,8 @@ static SP_NOINLINE void sp_3072_mont_reduce_48(sp_digit* a_p, const sp_digit* m_ "mov %[mp], lr\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_3072_cond_sub_48(a - 48, a, m, (sp_digit)0 - mp); } @@ -34872,7 +34908,7 @@ static void sp_3072_mul_d_48(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) "str r3, [%[r], #192]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); } @@ -36425,7 +36461,7 @@ static void sp_3072_mul_d_48(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) "str r3, [%[r]]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8" ); } @@ -36484,7 +36520,7 @@ static sp_digit div_3072_word_48(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "add %[d1], r4, r3\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (uint32_t)(size_t)d1; } @@ -36622,7 +36658,7 @@ static sp_digit div_3072_word_48(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "sub %[d1], r3, r6\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (uint32_t)(size_t)d1; } @@ -37197,7 +37233,7 @@ static sp_int32 sp_3072_cmp_48(const sp_digit* a_p, const sp_digit* b_p) "mov %[a], r2\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "cc" + : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6" ); return (uint32_t)(size_t)a; } @@ -37399,13 +37435,12 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e, XMEMSET(&r[48], 0, sizeof(sp_digit) * 48U); sp_3072_mont_reduce_48(r, m, mp); - mask = 0 - (sp_3072_cmp_48(r, m) >= 0); + mask = (sp_digit)0 - (sp_3072_cmp_48(r, m) >= 0); sp_3072_cond_sub_48(r, r, m, mask); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -37568,13 +37603,12 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e, XMEMSET(&r[48], 0, sizeof(sp_digit) * 48U); sp_3072_mont_reduce_48(r, m, mp); - mask = 0 - (sp_3072_cmp_48(r, m) >= 0); + mask = (sp_digit)0 - (sp_3072_cmp_48(r, m) >= 0); sp_3072_cond_sub_48(r, r, m, mask); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -37608,7 +37642,8 @@ static void sp_3072_mont_norm_96(sp_digit* r, const sp_digit* m) * b A single precision number to subtract. * m Mask value to apply. */ -static sp_digit sp_3072_cond_sub_96(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_3072_cond_sub_96(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -37634,7 +37669,7 @@ static sp_digit sp_3072_cond_sub_96(sp_digit* r_p, const sp_digit* a_p, const sp "mov %[r], r12\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); return (uint32_t)(size_t)r; } @@ -37648,7 +37683,8 @@ static sp_digit sp_3072_cond_sub_96(sp_digit* r_p, const sp_digit* a_p, const sp * b A single precision number to subtract. * m Mask value to apply. */ -static sp_digit sp_3072_cond_sub_96(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_3072_cond_sub_96(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -37996,7 +38032,7 @@ static sp_digit sp_3072_cond_sub_96(sp_digit* r_p, const sp_digit* a_p, const sp "sbc %[r], lr, lr\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7" ); return (uint32_t)(size_t)r; } @@ -40833,7 +40869,8 @@ static SP_NOINLINE void sp_3072_mont_reduce_96(sp_digit* a_p, const sp_digit* m_ "mov %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_3072_cond_sub_96(a - 96, a, m, (sp_digit)0 - mp); } @@ -41640,7 +41677,8 @@ static SP_NOINLINE void sp_3072_mont_reduce_96(sp_digit* a_p, const sp_digit* m_ "mov %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_3072_cond_sub_96(a - 96, a, m, (sp_digit)0 - mp); } @@ -42165,7 +42203,8 @@ static SP_NOINLINE void sp_3072_mont_reduce_96(sp_digit* a_p, const sp_digit* m_ "mov %[mp], lr\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_3072_cond_sub_96(a - 96, a, m, (sp_digit)0 - mp); } @@ -42233,7 +42272,8 @@ static sp_digit sp_3072_sub_96(sp_digit* r_p, const sp_digit* a_p, const sp_digi "mov %[r], r12\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r12", "lr" ); return (uint32_t)(size_t)r; } @@ -42423,7 +42463,7 @@ static sp_digit sp_3072_sub_96(sp_digit* r_p, const sp_digit* a_p, const sp_digi "sbc %[r], r6, r6\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -42483,7 +42523,7 @@ static sp_digit div_3072_word_96(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "add %[d1], r4, r3\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (uint32_t)(size_t)d1; } @@ -42621,7 +42661,7 @@ static sp_digit div_3072_word_96(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "sub %[d1], r3, r6\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (uint32_t)(size_t)d1; } @@ -43834,7 +43874,7 @@ static sp_int32 sp_3072_cmp_96(const sp_digit* a_p, const sp_digit* b_p) "mov %[a], r2\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "cc" + : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6" ); return (uint32_t)(size_t)a; } @@ -44030,13 +44070,12 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e, XMEMSET(&r[96], 0, sizeof(sp_digit) * 96U); sp_3072_mont_reduce_96(r, m, mp); - mask = 0 - (sp_3072_cmp_96(r, m) >= 0); + mask = (sp_digit)0 - (sp_3072_cmp_96(r, m) >= 0); sp_3072_cond_sub_96(r, r, m, mask); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -44182,13 +44221,12 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e, XMEMSET(&r[96], 0, sizeof(sp_digit) * 96U); sp_3072_mont_reduce_96(r, m, mp); - mask = 0 - (sp_3072_cmp_96(r, m) >= 0); + mask = (sp_digit)0 - (sp_3072_cmp_96(r, m) >= 0); sp_3072_cond_sub_96(r, r, m, mask); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -44351,8 +44389,7 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (a != NULL) - XFREE(a, NULL, DYNAMIC_TYPE_RSA); + XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -44368,7 +44405,8 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em, * b A single precision number to add. * m Mask value to apply. */ -static sp_digit sp_3072_cond_add_48(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_3072_cond_add_48(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -44394,7 +44432,7 @@ static sp_digit sp_3072_cond_add_48(sp_digit* r_p, const sp_digit* a_p, const sp "mov %[r], lr\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); return (uint32_t)(size_t)r; } @@ -44408,7 +44446,8 @@ static sp_digit sp_3072_cond_add_48(sp_digit* r_p, const sp_digit* a_p, const sp * b A single precision number to add. * m Mask value to apply. */ -static sp_digit sp_3072_cond_add_48(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_3072_cond_add_48(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -44588,7 +44627,7 @@ static sp_digit sp_3072_cond_add_48(sp_digit* r_p, const sp_digit* a_p, const sp "adc %[r], r8, r8\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (uint32_t)(size_t)r; } @@ -45494,7 +45533,7 @@ static void sp_3072_lshift_96(sp_digit* r_p, const sp_digit* a_p, byte n_p) "str r4, [%[r], #4]\n\t" : [r] "+r" (r), [a] "+r" (a), [n] "+r" (n) : - : "memory", "r4", "r5", "r6", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r3", "r12" ); } @@ -45612,13 +45651,12 @@ static int sp_3072_mod_exp_2_96(sp_digit* r, const sp_digit* e, int bits, XMEMSET(&r[96], 0, sizeof(sp_digit) * 96U); sp_3072_mont_reduce_96(r, m, mp); - mask = 0 - (sp_3072_cmp_96(r, m) >= 0); + mask = (sp_digit)0 - (sp_3072_cmp_96(r, m) >= 0); sp_3072_cond_sub_96(r, r, m, mask); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -46146,7 +46184,7 @@ static sp_digit sp_4096_sub_in_place_128(sp_digit* a_p, const sp_digit* b_p) "sbc %[a], r9, r9\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); return (uint32_t)(size_t)a; } @@ -46157,7 +46195,8 @@ static sp_digit sp_4096_sub_in_place_128(sp_digit* a_p, const sp_digit* b_p) * a A single precision integer. * b A single precision integer. */ -static sp_digit sp_4096_add_128(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +static sp_digit sp_4096_add_128(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -46392,7 +46431,7 @@ static sp_digit sp_4096_add_128(sp_digit* r_p, const sp_digit* a_p, const sp_dig "adc %[r], %[r], #0\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -46480,7 +46519,8 @@ SP_NOINLINE static void sp_4096_sqr_128(sp_digit* r, const sp_digit* a) * a A single precision integer. * b A single precision integer. */ -static sp_digit sp_4096_add_128(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +static sp_digit sp_4096_add_128(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -46506,7 +46546,8 @@ static sp_digit sp_4096_add_128(sp_digit* r_p, const sp_digit* a_p, const sp_dig "mov %[r], r3\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r3", "r12" ); return (uint32_t)(size_t)r; } @@ -46542,7 +46583,8 @@ static sp_digit sp_4096_sub_in_place_128(sp_digit* a_p, const sp_digit* b_p) "mov %[a], r12\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", + "lr" ); return (uint32_t)(size_t)a; } @@ -46744,7 +46786,8 @@ static void sp_4096_mul_128(sp_digit* r_p, const sp_digit* a_p, const sp_digit* "bgt L_sp_4096_mul_128_store_%=\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -46901,7 +46944,8 @@ static void sp_4096_sqr_128(sp_digit* r_p, const sp_digit* a_p) "bgt L_sp_4096_sqr_128_store_%=\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -47020,7 +47064,7 @@ static void sp_4096_mul_d_128(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) "str r3, [%[r], #512]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); } @@ -51133,7 +51177,7 @@ static void sp_4096_mul_d_128(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) "str r5, [%[r]]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8" ); } @@ -51163,7 +51207,8 @@ static void sp_4096_mont_norm_128(sp_digit* r, const sp_digit* m) * b A single precision number to subtract. * m Mask value to apply. */ -static sp_digit sp_4096_cond_sub_128(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_4096_cond_sub_128(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -51189,7 +51234,7 @@ static sp_digit sp_4096_cond_sub_128(sp_digit* r_p, const sp_digit* a_p, const s "mov %[r], r12\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); return (uint32_t)(size_t)r; } @@ -51203,7 +51248,8 @@ static sp_digit sp_4096_cond_sub_128(sp_digit* r_p, const sp_digit* a_p, const s * b A single precision number to subtract. * m Mask value to apply. */ -static sp_digit sp_4096_cond_sub_128(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_4096_cond_sub_128(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -51663,7 +51709,7 @@ static sp_digit sp_4096_cond_sub_128(sp_digit* r_p, const sp_digit* a_p, const s "sbc %[r], lr, lr\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7" ); return (uint32_t)(size_t)r; } @@ -55428,7 +55474,8 @@ static SP_NOINLINE void sp_4096_mont_reduce_128(sp_digit* a_p, const sp_digit* m "mov %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_4096_cond_sub_128(a - 128, a, m, (sp_digit)0 - mp); } @@ -56491,7 +56538,8 @@ static SP_NOINLINE void sp_4096_mont_reduce_128(sp_digit* a_p, const sp_digit* m "mov %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_4096_cond_sub_128(a - 128, a, m, (sp_digit)0 - mp); } @@ -57176,7 +57224,8 @@ static SP_NOINLINE void sp_4096_mont_reduce_128(sp_digit* a_p, const sp_digit* m "mov %[mp], lr\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_4096_cond_sub_128(a - 128, a, m, (sp_digit)0 - mp); } @@ -57219,7 +57268,8 @@ SP_NOINLINE static void sp_4096_mont_sqr_128(sp_digit* r, const sp_digit* a, * a A single precision integer. * b A single precision integer. */ -static sp_digit sp_4096_sub_128(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +static sp_digit sp_4096_sub_128(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -57244,7 +57294,8 @@ static sp_digit sp_4096_sub_128(sp_digit* r_p, const sp_digit* a_p, const sp_dig "mov %[r], r12\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r12", "lr" ); return (uint32_t)(size_t)r; } @@ -57256,7 +57307,8 @@ static sp_digit sp_4096_sub_128(sp_digit* r_p, const sp_digit* a_p, const sp_dig * a A single precision integer. * b A single precision integer. */ -static sp_digit sp_4096_sub_128(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p) +static sp_digit sp_4096_sub_128(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -57490,7 +57542,7 @@ static sp_digit sp_4096_sub_128(sp_digit* r_p, const sp_digit* a_p, const sp_dig "sbc %[r], r6, r6\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -57550,7 +57602,7 @@ static sp_digit div_4096_word_128(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "add %[d1], r4, r3\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (uint32_t)(size_t)d1; } @@ -57688,7 +57740,7 @@ static sp_digit div_4096_word_128(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "sub %[d1], r3, r6\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (uint32_t)(size_t)d1; } @@ -59253,7 +59305,7 @@ static sp_int32 sp_4096_cmp_128(const sp_digit* a_p, const sp_digit* b_p) "mov %[a], r2\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "cc" + : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6" ); return (uint32_t)(size_t)a; } @@ -59449,13 +59501,12 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e XMEMSET(&r[128], 0, sizeof(sp_digit) * 128U); sp_4096_mont_reduce_128(r, m, mp); - mask = 0 - (sp_4096_cmp_128(r, m) >= 0); + mask = (sp_digit)0 - (sp_4096_cmp_128(r, m) >= 0); sp_4096_cond_sub_128(r, r, m, mask); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -59601,13 +59652,12 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e XMEMSET(&r[128], 0, sizeof(sp_digit) * 128U); sp_4096_mont_reduce_128(r, m, mp); - mask = 0 - (sp_4096_cmp_128(r, m) >= 0); + mask = (sp_digit)0 - (sp_4096_cmp_128(r, m) >= 0); sp_4096_cond_sub_128(r, r, m, mask); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -59770,8 +59820,7 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (a != NULL) - XFREE(a, NULL, DYNAMIC_TYPE_RSA); + XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -59787,7 +59836,8 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em, * b A single precision number to add. * m Mask value to apply. */ -static sp_digit sp_4096_cond_add_64(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_4096_cond_add_64(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -59813,7 +59863,7 @@ static sp_digit sp_4096_cond_add_64(sp_digit* r_p, const sp_digit* a_p, const sp "mov %[r], lr\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); return (uint32_t)(size_t)r; } @@ -59827,7 +59877,8 @@ static sp_digit sp_4096_cond_add_64(sp_digit* r_p, const sp_digit* a_p, const sp * b A single precision number to add. * m Mask value to apply. */ -static sp_digit sp_4096_cond_add_64(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_4096_cond_add_64(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -60063,7 +60114,7 @@ static sp_digit sp_4096_cond_add_64(sp_digit* r_p, const sp_digit* a_p, const sp "adc %[r], r8, r8\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (uint32_t)(size_t)r; } @@ -61161,7 +61212,7 @@ static void sp_4096_lshift_128(sp_digit* r_p, const sp_digit* a_p, byte n_p) "str r5, [%[r], #4]\n\t" : [r] "+r" (r), [a] "+r" (a), [n] "+r" (n) : - : "memory", "r4", "r5", "r6", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r3", "r12" ); } @@ -61279,13 +61330,12 @@ static int sp_4096_mod_exp_2_128(sp_digit* r, const sp_digit* e, int bits, XMEMSET(&r[128], 0, sizeof(sp_digit) * 128U); sp_4096_mont_reduce_128(r, m, mp); - mask = 0 - (sp_4096_cmp_128(r, m) >= 0); + mask = (sp_digit)0 - (sp_4096_cmp_128(r, m) >= 0); sp_4096_cond_sub_128(r, r, m, mask); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -61643,7 +61693,8 @@ static void sp_256_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p "bgt L_sp_256_mul_8_store_%=\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -63639,7 +63690,8 @@ static void sp_256_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p "stm %[r]!, {r3, r4, r5, r6}\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", "r12", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", + "r12" ); } @@ -63992,7 +64044,8 @@ static void sp_256_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p "add sp, sp, #36\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); } @@ -64018,7 +64071,7 @@ static void sp_256_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p "strd %[r], %[a], [sp, #36]\n\t" #endif "mov lr, %[b]\n\t" - "ldm %[a], {%[r], %[a], %[b], r3}\n\t" + "ldm %[a], {r0, r1, r2, r3}\n\t" "ldm lr!, {r4, r5, r6}\n\t" "umull r10, r11, %[r], r4\n\t" "umull r12, r7, %[a], r4\n\t" @@ -64063,7 +64116,7 @@ static void sp_256_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p "umaal r4, r6, %[b], r7\n\t" "sub lr, lr, #16\n\t" "umaal r5, r6, r3, r7\n\t" - "ldm %[r], {%[r], %[a], %[b], r3}\n\t" + "ldm %[r], {r0, r1, r2, r3}\n\t" "str r6, [sp, #32]\n\t" "ldm lr!, {r6}\n\t" "mov r7, #0\n\t" @@ -64123,7 +64176,8 @@ static void sp_256_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p "add sp, sp, #44\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r10", "r11", "r12", "r7", "r8", "r9", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r10", "r11", "r12", "r7", + "r8", "r9", "lr" ); } @@ -64283,7 +64337,8 @@ static void sp_256_sqr_8(sp_digit* r_p, const sp_digit* a_p) "bgt L_sp_256_sqr_8_store_%=\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -65494,7 +65549,8 @@ static void sp_256_sqr_8(sp_digit* r_p, const sp_digit* a_p) "stm %[r]!, {r2, r3, r4, r8}\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r12" ); } @@ -65737,7 +65793,8 @@ static void sp_256_sqr_8(sp_digit* r_p, const sp_digit* a_p) "add sp, sp, #0x44\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); } @@ -65755,7 +65812,7 @@ static void sp_256_sqr_8(sp_digit* r_p, const sp_digit* a_p) __asm__ __volatile__ ( "sub sp, sp, #32\n\t" "str %[r], [sp, #28]\n\t" - "ldm %[a], {%[r], %[a], r2, r3, r4, r5, r6, r7}\n\t" + "ldm %[a], {r0, r1, r2, r3, r4, r5, r6, r7}\n\t" "umull r9, r10, %[r], %[r]\n\t" "umull r11, r12, %[r], %[a]\n\t" "adds r11, r11, r11\n\t" @@ -65842,18 +65899,19 @@ static void sp_256_sqr_8(sp_digit* r_p, const sp_digit* a_p) /* R[15] = r7 */ "ldr lr, [sp, #28]\n\t" "add lr, lr, #28\n\t" - "stm lr!, {%[r], r12}\n\t" + "stm lr!, {r0, r12}\n\t" "stm lr!, {r11}\n\t" "stm lr!, {r10}\n\t" "stm lr!, {r3, r4, r8, r9}\n\t" "stm lr!, {r7}\n\t" "sub lr, lr, #0x40\n\t" - "ldm sp, {%[r], %[a], r2, r3, r4, r5, r6}\n\t" - "stm lr, {%[r], %[a], r2, r3, r4, r5, r6}\n\t" + "ldm sp, {r0, r1, r2, r3, r4, r5, r6}\n\t" + "stm lr, {r0, r1, r2, r3, r4, r5, r6}\n\t" "add sp, sp, #32\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); } @@ -65892,7 +65950,8 @@ static sp_digit sp_256_add_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* "mov %[r], r3\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r3", "r12" ); return (uint32_t)(size_t)r; } @@ -65929,7 +65988,7 @@ static sp_digit sp_256_add_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* "adc %[r], %[r], #0\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -65941,7 +66000,8 @@ static sp_digit sp_256_add_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* * a The number to convert. * m The modulus (prime). */ -static int sp_256_mod_mul_norm_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p) +static int sp_256_mod_mul_norm_8(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -66165,7 +66225,8 @@ static int sp_256_mod_mul_norm_8(sp_digit* r_p, const sp_digit* a_p, const sp_di "add sp, sp, #24\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "r10", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", + "lr", "r10" ); (void)m_p; return (uint32_t)(size_t)r; @@ -66376,7 +66437,8 @@ static int sp_256_point_to_ecc_point_8(const sp_point_256* p, ecc_point* pm) * m Modulus (prime). * mp Montgomery multiplier. */ -static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p, sp_digit mp_p) +static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, + const sp_digit* m_p, sp_digit mp_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -68480,7 +68542,8 @@ static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, co "add sp, sp, #0x44\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r12", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r12" ); (void)m_p; (void)mp_p; @@ -68496,7 +68559,8 @@ static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, co * m Modulus (prime). * mp Montgomery multiplier. */ -static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p, sp_digit mp_p) +static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, + const sp_digit* m_p, sp_digit mp_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -68957,7 +69021,8 @@ static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, co "add sp, sp, #0x44\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); (void)m_p; (void)mp_p; @@ -68973,7 +69038,8 @@ static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, co * m Modulus (prime). * mp Montgomery multiplier. */ -static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p, sp_digit mp_p) +static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, + const sp_digit* m_p, sp_digit mp_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -68988,7 +69054,7 @@ static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, co "strd %[r], %[a], [sp, #68]\n\t" #endif "mov lr, %[b]\n\t" - "ldm %[a], {%[r], %[a], %[b], r3}\n\t" + "ldm %[a], {r0, r1, r2, r3}\n\t" "ldm lr!, {r4, r5, r6}\n\t" "umull r10, r11, %[r], r4\n\t" "umull r12, r7, %[a], r4\n\t" @@ -69033,7 +69099,7 @@ static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, co "umaal r4, r6, %[b], r7\n\t" "sub lr, lr, #16\n\t" "umaal r5, r6, r3, r7\n\t" - "ldm %[r], {%[r], %[a], %[b], r3}\n\t" + "ldm %[r], {r0, r1, r2, r3}\n\t" "str r6, [sp, #64]\n\t" "ldm lr!, {r6}\n\t" "mov r7, #0\n\t" @@ -69212,7 +69278,8 @@ static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, co "add sp, sp, #0x4c\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r10", "r11", "r12", "r7", "r8", "r9", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r10", "r11", "r12", "r7", + "r8", "r9", "lr" ); (void)m_p; (void)mp_p; @@ -69227,7 +69294,8 @@ static SP_NOINLINE void sp_256_mont_mul_8(sp_digit* r_p, const sp_digit* a_p, co * m Modulus (prime). * mp Montgomery multiplier. */ -static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p, + sp_digit mp_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -70410,7 +70478,8 @@ static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, co "add sp, sp, #0x44\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r12", "r8", "r9", "r10", "lr", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r12", "r8", "r9", + "r10", "lr" ); (void)m_p; (void)mp_p; @@ -70424,7 +70493,8 @@ static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, co * m Modulus (prime). * mp Montgomery multiplier. */ -static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p, + sp_digit mp_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -70776,7 +70846,8 @@ static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, co "add sp, sp, #0x44\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); (void)m_p; (void)mp_p; @@ -70790,7 +70861,8 @@ static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, co * m Modulus (prime). * mp Montgomery multiplier. */ -static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p, + sp_digit mp_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -70798,7 +70870,7 @@ static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, co __asm__ __volatile__ ( "sub sp, sp, #0x44\n\t" "str %[r], [sp, #64]\n\t" - "ldm %[a], {%[r], %[a], r2, r3, r4, r5, r6, r7}\n\t" + "ldm %[a], {r0, r1, r2, r3, r4, r5, r6, r7}\n\t" "umull r9, r10, %[r], %[r]\n\t" "umull r11, r12, %[r], %[a]\n\t" "adds r11, r11, r11\n\t" @@ -70885,7 +70957,7 @@ static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, co /* R[15] = r7 */ "mov lr, sp\n\t" "add lr, lr, #28\n\t" - "stm lr!, {%[r], r12}\n\t" + "stm lr!, {r0, r12}\n\t" "stm lr!, {r11}\n\t" "stm lr!, {r10}\n\t" "stm lr!, {r3, r4, r8, r9}\n\t" @@ -71016,7 +71088,8 @@ static SP_NOINLINE void sp_256_mont_sqr_8(sp_digit* r_p, const sp_digit* a_p, co "add sp, sp, #0x44\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); (void)m_p; (void)mp_p; @@ -71248,7 +71321,7 @@ static sp_int32 sp_256_cmp_8(const sp_digit* a_p, const sp_digit* b_p) "mov %[a], r2\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "cc" + : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6" ); return (uint32_t)(size_t)a; } @@ -71268,7 +71341,8 @@ static sp_int32 sp_256_cmp_8(const sp_digit* a_p, const sp_digit* b_p) * b A single precision number to subtract. * m Mask value to apply. */ -static sp_digit sp_256_cond_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_256_cond_sub_8(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -71294,7 +71368,7 @@ static sp_digit sp_256_cond_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_d "mov %[r], r12\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); return (uint32_t)(size_t)r; } @@ -71308,7 +71382,8 @@ static sp_digit sp_256_cond_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_d * b A single precision number to subtract. * m Mask value to apply. */ -static sp_digit sp_256_cond_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_256_cond_sub_8(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -71348,7 +71423,7 @@ static sp_digit sp_256_cond_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_d "sbc %[r], lr, lr\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7" ); return (uint32_t)(size_t)r; } @@ -71636,7 +71711,8 @@ static SP_NOINLINE void sp_256_mont_reduce_8(sp_digit* a_p, const sp_digit* m_p, "mov %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_256_cond_sub_8(a - 8, a, m, (sp_digit)0 - mp); } @@ -71739,7 +71815,8 @@ static SP_NOINLINE void sp_256_mont_reduce_8(sp_digit* a_p, const sp_digit* m_p, "mov %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_256_cond_sub_8(a - 8, a, m, (sp_digit)0 - mp); } @@ -71824,7 +71901,8 @@ static SP_NOINLINE void sp_256_mont_reduce_8(sp_digit* a_p, const sp_digit* m_p, "mov %[mp], lr\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_256_cond_sub_8(a - 8, a, m, (sp_digit)0 - mp); } @@ -71975,7 +72053,8 @@ static SP_NOINLINE void sp_256_mont_reduce_8(sp_digit* a_p, const sp_digit* m_p, "add sp, sp, #0x44\n\t" : [a] "+r" (a) : - : "memory", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11", "r12", "lr" ); (void)m_p; (void)mp_p; @@ -71988,7 +72067,8 @@ static SP_NOINLINE void sp_256_mont_reduce_8(sp_digit* a_p, const sp_digit* m_p, * m The single precision number representing the modulus. * mp The digit representing the negative inverse of m mod 2^n. */ -static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit* m_p, + sp_digit mp_p) { register sp_digit* a asm ("r0") = (sp_digit*)a_p; register const sp_digit* m asm ("r1") = (const sp_digit*)m_p; @@ -72260,7 +72340,8 @@ static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit "mov %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_256_cond_sub_8(a - 8, a, m, (sp_digit)0 - mp); } @@ -72272,7 +72353,8 @@ static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit * m The single precision number representing the modulus. * mp The digit representing the negative inverse of m mod 2^n. */ -static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit* m_p, + sp_digit mp_p) { register sp_digit* a asm ("r0") = (sp_digit*)a_p; register const sp_digit* m asm ("r1") = (const sp_digit*)m_p; @@ -72363,7 +72445,8 @@ static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit "mov %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_256_cond_sub_8(a - 8, a, m, (sp_digit)0 - mp); } @@ -72375,7 +72458,8 @@ static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit * m The single precision number representing the modulus. * mp The digit representing the negative inverse of m mod 2^n. */ -static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit* m_p, + sp_digit mp_p) { register sp_digit* a asm ("r0") = (sp_digit*)a_p; register const sp_digit* m asm ("r1") = (const sp_digit*)m_p; @@ -72448,7 +72532,8 @@ static SP_NOINLINE void sp_256_mont_reduce_order_8(sp_digit* a_p, const sp_digit "mov %[mp], lr\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_256_cond_sub_8(a - 8, a, m, (sp_digit)0 - mp); } @@ -72479,7 +72564,7 @@ static void sp_256_map_8(sp_point_256* r, const sp_point_256* p, sp_256_mont_reduce_8(r->x, p256_mod, p256_mp_mod); /* Reduce x to less than modulus */ n = sp_256_cmp_8(r->x, p256_mod); - sp_256_cond_sub_8(r->x, r->x, p256_mod, ~(n >> 31)); + sp_256_cond_sub_8(r->x, r->x, p256_mod, (sp_digit)~(n >> 31)); sp_256_norm_8(r->x); /* y /= z^3 */ @@ -72488,7 +72573,7 @@ static void sp_256_map_8(sp_point_256* r, const sp_point_256* p, sp_256_mont_reduce_8(r->y, p256_mod, p256_mp_mod); /* Reduce y to less than modulus */ n = sp_256_cmp_8(r->y, p256_mod); - sp_256_cond_sub_8(r->y, r->y, p256_mod, ~(n >> 31)); + sp_256_cond_sub_8(r->y, r->y, p256_mod, (sp_digit)~(n >> 31)); sp_256_norm_8(r->y); XMEMSET(r->z, 0, sizeof(r->z) / 2); @@ -72502,7 +72587,8 @@ static void sp_256_map_8(sp_point_256* r, const sp_point_256* p, * b Second number to add in Montgomery form. * m Modulus (prime). */ -static void sp_256_mont_add_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p) +static void sp_256_mont_add_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, + const sp_digit* m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -72546,7 +72632,8 @@ static void sp_256_mont_add_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit "stm %[r], {r5, r6, r7, r8, r9, r10, r11, r12}\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); (void)m_p; } @@ -72596,7 +72683,8 @@ static void sp_256_mont_dbl_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit "stm %[r], {r4, r5, r6, r7, r8, r9, r10, r11}\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r2", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r2" ); (void)m_p; } @@ -72678,7 +72766,8 @@ static void sp_256_mont_tpl_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit "stm %[r], {r4, r5, r6, r7, r8, r9, r10, r11}\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r2", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r2", "r3", "r12" ); (void)m_p; } @@ -72690,7 +72779,8 @@ static void sp_256_mont_tpl_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit * b Number to subtract with in Montgomery form. * m Modulus (prime). */ -static void sp_256_mont_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p) +static void sp_256_mont_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, + const sp_digit* m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -72732,7 +72822,8 @@ static void sp_256_mont_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit "stm %[r], {r5, r6, r7, r8, r9, r10, r11, r12}\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r11", "r12", "lr" ); (void)m_p; } @@ -72809,7 +72900,8 @@ static void sp_256_mont_div2_8(sp_digit* r_p, const sp_digit* a_p, const sp_digi "stm %[r], {r8, r9, r10, r11}\n\t" : [r] "+r" (r), [a] "+r" (a), [m] "+r" (m) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r3" ); } @@ -73104,8 +73196,8 @@ static void sp_256_proj_point_add_8(sp_point_256* r, sp_256_mont_sub_8(y, y, t5, p256_mod); { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -73122,7 +73214,7 @@ static void sp_256_proj_point_add_8(sp_point_256* r, (z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } } } @@ -73296,8 +73388,8 @@ static int sp_256_proj_point_add_8_nb(sp_ecc_ctx_t* sp_ctx, sp_point_256* r, { { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -73314,7 +73406,7 @@ static int sp_256_proj_point_add_8_nb(sp_ecc_ctx_t* sp_ctx, sp_point_256* r, (ctx->z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } ctx->state = 25; break; @@ -73369,7 +73461,7 @@ static void sp_256_get_point_16_8(sp_point_256* r, const sp_point_256* table, r->z[6] = 0; r->z[7] = 0; for (i = 1; i < 16; i++) { - mask = 0 - (i == idx); + mask = (sp_digit)0 - (i == idx); r->x[0] |= mask & table[i].x[0]; r->x[1] |= mask & table[i].x[1]; r->x[2] |= mask & table[i].x[2]; @@ -73563,15 +73655,15 @@ static int sp_256_ecc_mulmod_fast_8(sp_point_256* r, const sp_point_256* g, cons #endif } #ifndef WC_NO_CACHE_RESISTANT - #ifdef WOLFSSL_SP_SMALL_STACK +#ifdef WOLFSSL_SP_SMALL_STACK if (p != NULL) +#endif + { + ForceZero(p, sizeof(sp_point_256)); + #ifdef WOLFSSL_SP_SMALL_STACK + XFREE(p, heap, DYNAMIC_TYPE_ECC); #endif - { - ForceZero(p, sizeof(sp_point_256)); - #ifdef WOLFSSL_SP_SMALL_STACK - XFREE(p, heap, DYNAMIC_TYPE_ECC); - #endif - } + } #endif /* !WC_NO_CACHE_RESISTANT */ #ifdef WOLFSSL_SP_SMALL_STACK if (t != NULL) @@ -73767,8 +73859,8 @@ static void sp_256_proj_point_add_qz1_8(sp_point_256* r, sp_256_mont_sub_8(y, t3, t1, p256_mod); { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -73785,7 +73877,7 @@ static void sp_256_proj_point_add_qz1_8(sp_point_256* r, (z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } } } @@ -73875,8 +73967,7 @@ static int sp_256_gen_stripe_table_8(const sp_point_256* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -73913,7 +74004,7 @@ static void sp_256_get_entry_16_8(sp_point_256* r, r->y[6] = 0; r->y[7] = 0; for (i = 1; i < 16; i++) { - mask = 0 - (i == idx); + mask = (sp_digit)0 - (i == idx); r->x[0] |= mask & table[i].x[0]; r->x[1] |= mask & table[i].x[1]; r->x[2] |= mask & table[i].x[2]; @@ -74040,10 +74131,8 @@ static int sp_256_ecc_mulmod_stripe_8(sp_point_256* r, const sp_point_256* g, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -74299,8 +74388,7 @@ static int sp_256_gen_stripe_table_8(const sp_point_256* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -74337,7 +74425,7 @@ static void sp_256_get_entry_256_8(sp_point_256* r, r->y[6] = 0; r->y[7] = 0; for (i = 1; i < 256; i++) { - mask = 0 - (i == idx); + mask = (sp_digit)0 - (i == idx); r->x[0] |= mask & table[i].x[0]; r->x[1] |= mask & table[i].x[1]; r->x[2] |= mask & table[i].x[2]; @@ -74464,10 +74552,8 @@ static int sp_256_ecc_mulmod_stripe_8(sp_point_256* r, const sp_point_256* g, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -74685,10 +74771,8 @@ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -74765,10 +74849,8 @@ int sp_ecc_mulmod_add_256(const mp_int* km, const ecc_point* gm, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -76235,10 +76317,8 @@ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -76313,10 +76393,8 @@ int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -76348,7 +76426,7 @@ static void sp_256_add_one_8(sp_digit* a_p) "stm %[a]!, {r1, r2, r3, r4}\n\t" : [a] "+r" (a) : - : "memory", "r1", "r2", "r3", "r4", "cc" + : "memory", "cc", "r1", "r2", "r3", "r4" ); } @@ -76399,6 +76477,7 @@ static void sp_256_from_bin(sp_digit* r, int size, const byte* a, int n) */ static int sp_256_ecc_gen_k_8(WC_RNG* rng, sp_digit* k) { +#ifndef WC_NO_RNG int err; byte buf[32]; @@ -76415,6 +76494,11 @@ static int sp_256_ecc_gen_k_8(WC_RNG* rng, sp_digit* k) while (err == 0); return err; +#else + (void)rng; + (void)k; + return NOT_COMPILED_IN; +#endif } /* Makes a random EC key pair. @@ -76493,12 +76577,9 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) { - /* point is not sensitive, so no need to zeroize */ - XFREE(point, heap, DYNAMIC_TYPE_ECC); - } + XFREE(k, heap, DYNAMIC_TYPE_ECC); + /* point is not sensitive, so no need to zeroize */ + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -76656,10 +76737,8 @@ int sp_ecc_secret_gen_256(const mp_int* priv, const ecc_point* pub, byte* out, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -76751,7 +76830,8 @@ static sp_digit sp_256_sub_in_place_8(sp_digit* a_p, const sp_digit* b_p) "mov %[a], r12\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", + "lr" ); return (uint32_t)(size_t)a; } @@ -76785,7 +76865,7 @@ static sp_digit sp_256_sub_in_place_8(sp_digit* a_p, const sp_digit* b_p) "sbc %[a], r9, r9\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); return (uint32_t)(size_t)a; } @@ -76885,7 +76965,7 @@ static void sp_256_mul_d_8(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) "str r3, [%[r], #32]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); } @@ -77158,7 +77238,7 @@ static void sp_256_mul_d_8(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) "str r5, [%[r]]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8" ); } @@ -77217,7 +77297,7 @@ static sp_digit div_256_word_8(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "add %[d1], r4, r3\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (uint32_t)(size_t)d1; } @@ -77355,7 +77435,7 @@ static sp_digit div_256_word_8(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "sub %[d1], r3, r6\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (uint32_t)(size_t)d1; } @@ -78039,7 +78119,8 @@ static sp_digit sp_256_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* "mov %[r], r12\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r12", "lr" ); return (uint32_t)(size_t)r; } @@ -78075,7 +78156,7 @@ static sp_digit sp_256_sub_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit* "sbc %[r], r6, r6\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -78155,7 +78236,8 @@ static void sp_256_rshift1_8(sp_digit* r_p, const sp_digit* a_p) #endif : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "r10", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", + "lr", "r10" ); } @@ -78241,7 +78323,8 @@ static void sp_256_div2_mod_8(sp_digit* r_p, const sp_digit* a_p, const sp_digit "stm %[r], {r8, r9, r10, r11}\n\t" : [r] "+r" (r), [a] "+r" (a), [m] "+r" (m) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r3", "r12" ); } @@ -78284,7 +78367,8 @@ static const unsigned char L_sp_256_num_bits_8_table[] = { static int sp_256_num_bits_8(const sp_digit* a_p) { register const sp_digit* a asm ("r0") = (const sp_digit*)a_p; - register unsigned char* L_sp_256_num_bits_8_table_c asm ("r1") = (unsigned char*)&L_sp_256_num_bits_8_table; + register unsigned char* L_sp_256_num_bits_8_table_c asm ("r1") = + (unsigned char*)&L_sp_256_num_bits_8_table; __asm__ __volatile__ ( "mov lr, %[L_sp_256_num_bits_8_table]\n\t" @@ -78596,9 +78680,10 @@ static int sp_256_num_bits_8(const sp_digit* a_p) "\n" "L_sp_256_num_bits_8_9_%=: \n\t" "mov %[a], r12\n\t" - : [a] "+r" (a), [L_sp_256_num_bits_8_table] "+r" (L_sp_256_num_bits_8_table_c) + : [a] "+r" (a), + [L_sp_256_num_bits_8_table] "+r" (L_sp_256_num_bits_8_table_c) : - : "memory", "r2", "r3", "r12", "lr", "cc" + : "memory", "cc", "r2", "r3", "r12", "lr" ); return (uint32_t)(size_t)a; } @@ -78687,7 +78772,7 @@ static int sp_256_num_bits_8(const sp_digit* a_p) "mov %[a], r12\n\t" : [a] "+r" (a) : - : "memory", "r1", "r2", "r3", "r12", "lr", "cc" + : "memory", "cc", "r1", "r2", "r3", "r12", "lr" ); return (uint32_t)(size_t)a; } @@ -78976,10 +79061,8 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, } #ifdef WOLFSSL_SP_SMALL_STACK - if (u1 != NULL) - XFREE(u1, heap, DYNAMIC_TYPE_ECC); - if (p1 != NULL) - XFREE(p1, heap, DYNAMIC_TYPE_ECC); + XFREE(u1, heap, DYNAMIC_TYPE_ECC); + XFREE(p1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -79186,8 +79269,7 @@ static int sp_256_ecc_is_point_8(const sp_point_256* point, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, heap, DYNAMIC_TYPE_ECC); + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -79226,8 +79308,7 @@ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY) } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, NULL, DYNAMIC_TYPE_ECC); + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -79335,10 +79416,8 @@ int sp_ecc_check_key_256(const mp_int* pX, const mp_int* pY, } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, heap, DYNAMIC_TYPE_ECC); - if (priv != NULL) - XFREE(priv, heap, DYNAMIC_TYPE_ECC); + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + XFREE(priv, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -79417,10 +79496,8 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -79485,10 +79562,8 @@ int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -79549,10 +79624,8 @@ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ) } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -79618,8 +79691,7 @@ static int sp_256_mont_sqrt_8(sp_digit* y) } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_ECC); + XFREE(t1, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -79684,8 +79756,7 @@ int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym) } #ifdef WOLFSSL_SP_SMALL_STACK - if (x != NULL) - XFREE(x, NULL, DYNAMIC_TYPE_ECC); + XFREE(x, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -79974,7 +80045,8 @@ static void sp_384_mul_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_ "bgt L_sp_384_mul_12_store_%=\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -85471,7 +85543,8 @@ static void sp_384_mul_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_ "stm %[r]!, {r3, r4, r5, r6}\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", "r12", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", + "r12" ); } @@ -85630,7 +85703,8 @@ static void sp_384_sqr_12(sp_digit* r_p, const sp_digit* a_p) "bgt L_sp_384_sqr_12_store_%=\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -88693,7 +88767,8 @@ static void sp_384_sqr_12(sp_digit* r_p, const sp_digit* a_p) "stm %[r]!, {r2, r3, r4, r8}\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r12" ); } @@ -88731,7 +88806,8 @@ static sp_digit sp_384_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit "mov %[r], r3\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r3", "r12" ); return (uint32_t)(size_t)r; } @@ -88775,7 +88851,7 @@ static sp_digit sp_384_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit "adc %[r], %[r], #0\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -88861,23 +88937,22 @@ static int sp_384_mod_mul_norm_12(sp_digit* r, const sp_digit* a, const sp_digit t[10] += t[9] >> 32; t[9] &= 0xffffffff; t[11] += t[10] >> 32; t[10] &= 0xffffffff; - r[0] = t[0]; - r[1] = t[1]; - r[2] = t[2]; - r[3] = t[3]; - r[4] = t[4]; - r[5] = t[5]; - r[6] = t[6]; - r[7] = t[7]; - r[8] = t[8]; - r[9] = t[9]; - r[10] = t[10]; - r[11] = t[11]; + r[0] = (sp_digit)t[0]; + r[1] = (sp_digit)t[1]; + r[2] = (sp_digit)t[2]; + r[3] = (sp_digit)t[3]; + r[4] = (sp_digit)t[4]; + r[5] = (sp_digit)t[5]; + r[6] = (sp_digit)t[6]; + r[7] = (sp_digit)t[7]; + r[8] = (sp_digit)t[8]; + r[9] = (sp_digit)t[9]; + r[10] = (sp_digit)t[10]; + r[11] = (sp_digit)t[11]; } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, NULL, DYNAMIC_TYPE_ECC); + XFREE(t, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -89087,7 +89162,8 @@ static int sp_384_point_to_ecc_point_12(const sp_point_384* p, ecc_point* pm) * b A single precision number to subtract. * m Mask value to apply. */ -static sp_digit sp_384_cond_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_384_cond_sub_12(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -89113,7 +89189,7 @@ static sp_digit sp_384_cond_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_ "mov %[r], r12\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); return (uint32_t)(size_t)r; } @@ -89127,7 +89203,8 @@ static sp_digit sp_384_cond_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_ * b A single precision number to subtract. * m Mask value to apply. */ -static sp_digit sp_384_cond_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_384_cond_sub_12(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -89181,7 +89258,7 @@ static sp_digit sp_384_cond_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_ "sbc %[r], lr, lr\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7" ); return (uint32_t)(size_t)r; } @@ -89584,7 +89661,8 @@ static SP_NOINLINE void sp_384_mont_reduce_12(sp_digit* a_p, const sp_digit* m_p "mov %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_384_cond_sub_12(a - 12, a, m, (sp_digit)0 - mp); } @@ -89719,7 +89797,8 @@ static SP_NOINLINE void sp_384_mont_reduce_12(sp_digit* a_p, const sp_digit* m_p "mov %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_384_cond_sub_12(a - 12, a, m, (sp_digit)0 - mp); } @@ -89824,7 +89903,8 @@ static SP_NOINLINE void sp_384_mont_reduce_12(sp_digit* a_p, const sp_digit* m_p "mov %[mp], lr\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_384_cond_sub_12(a - 12, a, m, (sp_digit)0 - mp); } @@ -90145,7 +90225,7 @@ static sp_int32 sp_384_cmp_12(const sp_digit* a_p, const sp_digit* b_p) "mov %[a], r2\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "cc" + : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6" ); return (uint32_t)(size_t)a; } @@ -90180,7 +90260,7 @@ static void sp_384_map_12(sp_point_384* r, const sp_point_384* p, sp_384_mont_reduce_12(r->x, p384_mod, p384_mp_mod); /* Reduce x to less than modulus */ n = sp_384_cmp_12(r->x, p384_mod); - sp_384_cond_sub_12(r->x, r->x, p384_mod, ~(n >> 31)); + sp_384_cond_sub_12(r->x, r->x, p384_mod, (sp_digit)~(n >> 31)); sp_384_norm_12(r->x); /* y /= z^3 */ @@ -90189,7 +90269,7 @@ static void sp_384_map_12(sp_point_384* r, const sp_point_384* p, sp_384_mont_reduce_12(r->y, p384_mod, p384_mp_mod); /* Reduce y to less than modulus */ n = sp_384_cmp_12(r->y, p384_mod); - sp_384_cond_sub_12(r->y, r->y, p384_mod, ~(n >> 31)); + sp_384_cond_sub_12(r->y, r->y, p384_mod, (sp_digit)~(n >> 31)); sp_384_norm_12(r->y); XMEMSET(r->z, 0, sizeof(r->z) / 2); @@ -90203,7 +90283,8 @@ static void sp_384_map_12(sp_point_384* r, const sp_point_384* p, * b Second number to add in Montgomery form. * m Modulus (prime). */ -static void sp_384_mont_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p) +static void sp_384_mont_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, + const sp_digit* m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -90286,7 +90367,8 @@ static sp_digit sp_384_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit "mov %[r], r12\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r12", "lr" ); return (uint32_t)(size_t)r; } @@ -90329,7 +90411,7 @@ static sp_digit sp_384_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit "sbc %[r], r6, r6\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -90344,7 +90426,8 @@ static sp_digit sp_384_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit * b A single precision number to add. * m Mask value to apply. */ -static sp_digit sp_384_cond_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_384_cond_add_12(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -90370,7 +90453,7 @@ static sp_digit sp_384_cond_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_ "mov %[r], lr\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); return (uint32_t)(size_t)r; } @@ -90384,7 +90467,8 @@ static sp_digit sp_384_cond_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_ * b A single precision number to add. * m Mask value to apply. */ -static sp_digit sp_384_cond_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_384_cond_add_12(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -90438,7 +90522,7 @@ static sp_digit sp_384_cond_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_ "adc %[r], r8, r8\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (uint32_t)(size_t)r; } @@ -90451,7 +90535,8 @@ static sp_digit sp_384_cond_add_12(sp_digit* r_p, const sp_digit* a_p, const sp_ * b Number to subtract with in Montgomery form. * m Modulus (prime). */ -static void sp_384_mont_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p) +static void sp_384_mont_sub_12(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, + const sp_digit* m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -90521,7 +90606,7 @@ static void sp_384_rshift1_12(sp_digit* r_p, const sp_digit* a_p) "str r4, [%[r], #44]\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r2", "r3", "r4", "cc" + : "memory", "cc", "r2", "r3", "r4" ); } @@ -90833,8 +90918,8 @@ static void sp_384_proj_point_add_12(sp_point_384* r, sp_384_mont_sub_12(y, y, t5, p384_mod); { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -90851,7 +90936,7 @@ static void sp_384_proj_point_add_12(sp_point_384* r, (z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } } } @@ -91025,8 +91110,8 @@ static int sp_384_proj_point_add_12_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r, { { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -91043,7 +91128,7 @@ static int sp_384_proj_point_add_12_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r, (ctx->z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } ctx->state = 25; break; @@ -91110,7 +91195,7 @@ static void sp_384_get_point_16_12(sp_point_384* r, const sp_point_384* table, r->z[10] = 0; r->z[11] = 0; for (i = 1; i < 16; i++) { - mask = 0 - (i == idx); + mask = (sp_digit)0 - (i == idx); r->x[0] |= mask & table[i].x[0]; r->x[1] |= mask & table[i].x[1]; r->x[2] |= mask & table[i].x[2]; @@ -91316,15 +91401,15 @@ static int sp_384_ecc_mulmod_fast_12(sp_point_384* r, const sp_point_384* g, con #endif } #ifndef WC_NO_CACHE_RESISTANT - #ifdef WOLFSSL_SP_SMALL_STACK +#ifdef WOLFSSL_SP_SMALL_STACK if (p != NULL) +#endif + { + ForceZero(p, sizeof(sp_point_384)); + #ifdef WOLFSSL_SP_SMALL_STACK + XFREE(p, heap, DYNAMIC_TYPE_ECC); #endif - { - ForceZero(p, sizeof(sp_point_384)); - #ifdef WOLFSSL_SP_SMALL_STACK - XFREE(p, heap, DYNAMIC_TYPE_ECC); - #endif - } + } #endif /* !WC_NO_CACHE_RESISTANT */ #ifdef WOLFSSL_SP_SMALL_STACK if (t != NULL) @@ -91520,8 +91605,8 @@ static void sp_384_proj_point_add_qz1_12(sp_point_384* r, sp_384_mont_sub_12(y, t3, t1, p384_mod); { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -91538,7 +91623,7 @@ static void sp_384_proj_point_add_qz1_12(sp_point_384* r, (z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } } } @@ -91628,8 +91713,7 @@ static int sp_384_gen_stripe_table_12(const sp_point_384* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -91674,7 +91758,7 @@ static void sp_384_get_entry_16_12(sp_point_384* r, r->y[10] = 0; r->y[11] = 0; for (i = 1; i < 16; i++) { - mask = 0 - (i == idx); + mask = (sp_digit)0 - (i == idx); r->x[0] |= mask & table[i].x[0]; r->x[1] |= mask & table[i].x[1]; r->x[2] |= mask & table[i].x[2]; @@ -91809,10 +91893,8 @@ static int sp_384_ecc_mulmod_stripe_12(sp_point_384* r, const sp_point_384* g, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -92068,8 +92150,7 @@ static int sp_384_gen_stripe_table_12(const sp_point_384* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -92114,7 +92195,7 @@ static void sp_384_get_entry_256_12(sp_point_384* r, r->y[10] = 0; r->y[11] = 0; for (i = 1; i < 256; i++) { - mask = 0 - (i == idx); + mask = (sp_digit)0 - (i == idx); r->x[0] |= mask & table[i].x[0]; r->x[1] |= mask & table[i].x[1]; r->x[2] |= mask & table[i].x[2]; @@ -92249,10 +92330,8 @@ static int sp_384_ecc_mulmod_stripe_12(sp_point_384* r, const sp_point_384* g, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -92470,10 +92549,8 @@ int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -92550,10 +92627,8 @@ int sp_ecc_mulmod_add_384(const mp_int* km, const ecc_point* gm, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -94020,10 +94095,8 @@ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -94098,10 +94171,8 @@ int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -94139,7 +94210,7 @@ static void sp_384_add_one_12(sp_digit* a_p) "stm %[a]!, {r1, r2, r3, r4}\n\t" : [a] "+r" (a) : - : "memory", "r1", "r2", "r3", "r4", "cc" + : "memory", "cc", "r1", "r2", "r3", "r4" ); } @@ -94190,6 +94261,7 @@ static void sp_384_from_bin(sp_digit* r, int size, const byte* a, int n) */ static int sp_384_ecc_gen_k_12(WC_RNG* rng, sp_digit* k) { +#ifndef WC_NO_RNG int err; byte buf[48]; @@ -94206,6 +94278,11 @@ static int sp_384_ecc_gen_k_12(WC_RNG* rng, sp_digit* k) while (err == 0); return err; +#else + (void)rng; + (void)k; + return NOT_COMPILED_IN; +#endif } /* Makes a random EC key pair. @@ -94284,12 +94361,9 @@ int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) { - /* point is not sensitive, so no need to zeroize */ - XFREE(point, heap, DYNAMIC_TYPE_ECC); - } + XFREE(k, heap, DYNAMIC_TYPE_ECC); + /* point is not sensitive, so no need to zeroize */ + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -94447,10 +94521,8 @@ int sp_ecc_secret_gen_384(const mp_int* priv, const ecc_point* pub, byte* out, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -94542,7 +94614,8 @@ static sp_digit sp_384_sub_in_place_12(sp_digit* a_p, const sp_digit* b_p) "mov %[a], r12\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", + "lr" ); return (uint32_t)(size_t)a; } @@ -94583,7 +94656,7 @@ static sp_digit sp_384_sub_in_place_12(sp_digit* a_p, const sp_digit* b_p) "sbc %[a], r9, r9\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); return (uint32_t)(size_t)a; } @@ -94683,7 +94756,7 @@ static void sp_384_mul_d_12(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) "str r3, [%[r], #48]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); } @@ -95084,7 +95157,7 @@ static void sp_384_mul_d_12(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) "str r3, [%[r]]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8" ); } @@ -95143,7 +95216,7 @@ static sp_digit div_384_word_12(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "add %[d1], r4, r3\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (uint32_t)(size_t)d1; } @@ -95281,7 +95354,7 @@ static sp_digit div_384_word_12(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "sub %[d1], r3, r6\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (uint32_t)(size_t)d1; } @@ -96009,7 +96082,8 @@ static void sp_384_div2_mod_12(sp_digit* r_p, const sp_digit* a_p, const sp_digi "str r10, [%[r], #44]\n\t" : [r] "+r" (r), [a] "+r" (a), [m] "+r" (m) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r3", "r12" ); } @@ -96052,7 +96126,8 @@ static const unsigned char L_sp_384_num_bits_12_table[] = { static int sp_384_num_bits_12(const sp_digit* a_p) { register const sp_digit* a asm ("r0") = (const sp_digit*)a_p; - register unsigned char* L_sp_384_num_bits_12_table_c asm ("r1") = (unsigned char*)&L_sp_384_num_bits_12_table; + register unsigned char* L_sp_384_num_bits_12_table_c asm ("r1") = + (unsigned char*)&L_sp_384_num_bits_12_table; __asm__ __volatile__ ( "mov lr, %[L_sp_384_num_bits_12_table]\n\t" @@ -96616,9 +96691,10 @@ static int sp_384_num_bits_12(const sp_digit* a_p) "\n" "L_sp_384_num_bits_12_13_%=: \n\t" "mov %[a], r12\n\t" - : [a] "+r" (a), [L_sp_384_num_bits_12_table] "+r" (L_sp_384_num_bits_12_table_c) + : [a] "+r" (a), + [L_sp_384_num_bits_12_table] "+r" (L_sp_384_num_bits_12_table_c) : - : "memory", "r2", "r3", "r12", "lr", "cc" + : "memory", "cc", "r2", "r3", "r12", "lr" ); return (uint32_t)(size_t)a; } @@ -96767,7 +96843,7 @@ static int sp_384_num_bits_12(const sp_digit* a_p) "mov %[a], r12\n\t" : [a] "+r" (a) : - : "memory", "r1", "r2", "r3", "r12", "lr", "cc" + : "memory", "cc", "r1", "r2", "r3", "r12", "lr" ); return (uint32_t)(size_t)a; } @@ -97060,10 +97136,8 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, } #ifdef WOLFSSL_SP_SMALL_STACK - if (u1 != NULL) - XFREE(u1, heap, DYNAMIC_TYPE_ECC); - if (p1 != NULL) - XFREE(p1, heap, DYNAMIC_TYPE_ECC); + XFREE(u1, heap, DYNAMIC_TYPE_ECC); + XFREE(p1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -97270,8 +97344,7 @@ static int sp_384_ecc_is_point_12(const sp_point_384* point, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, heap, DYNAMIC_TYPE_ECC); + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -97310,8 +97383,7 @@ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY) } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, NULL, DYNAMIC_TYPE_ECC); + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -97419,10 +97491,8 @@ int sp_ecc_check_key_384(const mp_int* pX, const mp_int* pY, } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, heap, DYNAMIC_TYPE_ECC); - if (priv != NULL) - XFREE(priv, heap, DYNAMIC_TYPE_ECC); + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + XFREE(priv, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -97501,10 +97571,8 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -97569,10 +97637,8 @@ int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -97633,10 +97699,8 @@ int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ) } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -97732,8 +97796,7 @@ static int sp_384_mont_sqrt_12(sp_digit* y) } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_ECC); + XFREE(t1, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -97798,8 +97861,7 @@ int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym) } #ifdef WOLFSSL_SP_SMALL_STACK - if (x != NULL) - XFREE(x, NULL, DYNAMIC_TYPE_ECC); + XFREE(x, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -98103,7 +98165,8 @@ static void sp_521_mul_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_ "bgt L_sp_521_mul_17_store_%=\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -109119,7 +109182,8 @@ static void sp_521_mul_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_ "stm %[r]!, {r3}\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", "r12", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", + "r12" ); } @@ -109281,7 +109345,8 @@ static void sp_521_sqr_17(sp_digit* r_p, const sp_digit* a_p) "bgt L_sp_521_sqr_17_store_%=\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -115153,7 +115218,8 @@ static void sp_521_sqr_17(sp_digit* r_p, const sp_digit* a_p) "stm %[r]!, {r2}\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r12" ); } @@ -115197,7 +115263,8 @@ static sp_digit sp_521_add_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit "adc %[r], r4, #0\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r3", "r12" ); return (uint32_t)(size_t)r; } @@ -115252,7 +115319,7 @@ static sp_digit sp_521_add_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit "adc %[r], %[r], #0\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -115480,7 +115547,8 @@ static int sp_521_point_to_ecc_point_17(const sp_point_521* p, ecc_point* pm) * b A single precision number to subtract. * m Mask value to apply. */ -static sp_digit sp_521_cond_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_521_cond_sub_17(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -115506,7 +115574,7 @@ static sp_digit sp_521_cond_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_ "mov %[r], r12\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); return (uint32_t)(size_t)r; } @@ -115520,7 +115588,8 @@ static sp_digit sp_521_cond_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_ * b A single precision number to subtract. * m Mask value to apply. */ -static sp_digit sp_521_cond_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_521_cond_sub_17(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -115593,7 +115662,7 @@ static sp_digit sp_521_cond_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_ "sbc %[r], lr, lr\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7" ); return (uint32_t)(size_t)r; } @@ -115721,7 +115790,8 @@ static SP_NOINLINE void sp_521_mont_reduce_17(sp_digit* a_p, const sp_digit* m_p "stm %[a]!, {r1, r2, r3, r4, r5, r6, r7, r8}\n\t" : [a] "+r" (a) : - : "memory", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "lr", "cc" + : "memory", "cc", "r1", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11", "r12", "lr" ); (void)m_p; (void)mp_p; @@ -115734,7 +115804,8 @@ static SP_NOINLINE void sp_521_mont_reduce_17(sp_digit* a_p, const sp_digit* m_p * m The single precision number representing the modulus. * mp The digit representing the negative inverse of m mod 2^n. */ -static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digit* m_p, + sp_digit mp_p) { register sp_digit* a asm ("r0") = (sp_digit*)a_p; register const sp_digit* m asm ("r1") = (const sp_digit*)m_p; @@ -116350,7 +116421,8 @@ static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digi "mov %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_521_cond_sub_17(a - 17, a, m, (sp_digit)0 - mp); } @@ -116362,7 +116434,8 @@ static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digi * m The single precision number representing the modulus. * mp The digit representing the negative inverse of m mod 2^n. */ -static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digit* m_p, + sp_digit mp_p) { register sp_digit* a asm ("r0") = (sp_digit*)a_p; register const sp_digit* m asm ("r1") = (const sp_digit*)m_p; @@ -116608,7 +116681,8 @@ static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digi "mov %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_521_cond_sub_17(a - 17, a, m, (sp_digit)0 - mp); } @@ -116620,7 +116694,8 @@ static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digi * m The single precision number representing the modulus. * mp The digit representing the negative inverse of m mod 2^n. */ -static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digit* m_p, sp_digit mp_p) +static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digit* m_p, + sp_digit mp_p) { register sp_digit* a asm ("r0") = (sp_digit*)a_p; register const sp_digit* m asm ("r1") = (const sp_digit*)m_p; @@ -116821,7 +116896,8 @@ static SP_NOINLINE void sp_521_mont_reduce_order_17(sp_digit* a_p, const sp_digi "mov %[mp], lr\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_521_cond_sub_17(a - 17, a, m, (sp_digit)0 - mp); } @@ -117194,7 +117270,7 @@ static sp_int32 sp_521_cmp_17(const sp_digit* a_p, const sp_digit* b_p) "mov %[a], r2\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "cc" + : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6" ); return (uint32_t)(size_t)a; } @@ -117229,7 +117305,7 @@ static void sp_521_map_17(sp_point_521* r, const sp_point_521* p, sp_521_mont_reduce_17(r->x, p521_mod, p521_mp_mod); /* Reduce x to less than modulus */ n = sp_521_cmp_17(r->x, p521_mod); - sp_521_cond_sub_17(r->x, r->x, p521_mod, ~(n >> 31)); + sp_521_cond_sub_17(r->x, r->x, p521_mod, (sp_digit)~(n >> 31)); sp_521_norm_17(r->x); /* y /= z^3 */ @@ -117238,7 +117314,7 @@ static void sp_521_map_17(sp_point_521* r, const sp_point_521* p, sp_521_mont_reduce_17(r->y, p521_mod, p521_mp_mod); /* Reduce y to less than modulus */ n = sp_521_cmp_17(r->y, p521_mod); - sp_521_cond_sub_17(r->y, r->y, p521_mod, ~(n >> 31)); + sp_521_cond_sub_17(r->y, r->y, p521_mod, (sp_digit)~(n >> 31)); sp_521_norm_17(r->y); XMEMSET(r->z, 0, sizeof(r->z) / 2); @@ -117252,7 +117328,8 @@ static void sp_521_map_17(sp_point_521* r, const sp_point_521* p, * b Second number to add in Montgomery form. * m Modulus (prime). */ -static void sp_521_mont_add_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p) +static void sp_521_mont_add_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, + const sp_digit* m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -117327,7 +117404,8 @@ static void sp_521_mont_add_17(sp_digit* r_p, const sp_digit* a_p, const sp_digi "stm %[r]!, {r4}\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r3", "r12" ); (void)m_p; } @@ -117403,7 +117481,8 @@ static void sp_521_mont_dbl_17(sp_digit* r_p, const sp_digit* a_p, const sp_digi "stm %[r]!, {r4}\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r2", "r3", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r2", "r3" ); (void)m_p; } @@ -117499,7 +117578,8 @@ static void sp_521_mont_tpl_17(sp_digit* r_p, const sp_digit* a_p, const sp_digi "stm %[r]!, {r4}\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r2", "r3", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r2", "r3" ); (void)m_p; } @@ -117511,7 +117591,8 @@ static void sp_521_mont_tpl_17(sp_digit* r_p, const sp_digit* a_p, const sp_digi * b Number to subtract with in Montgomery form. * m Modulus (prime). */ -static void sp_521_mont_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p) +static void sp_521_mont_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, + const sp_digit* m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -117587,7 +117668,8 @@ static void sp_521_mont_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_digi "stm %[r]!, {r4}\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r3", "r12" ); (void)m_p; } @@ -117666,7 +117748,7 @@ static void sp_521_rshift1_17(sp_digit* r_p, const sp_digit* a_p) "str r3, [%[r], #64]\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r2", "r3", "r4", "cc" + : "memory", "cc", "r2", "r3", "r4" ); } @@ -117982,8 +118064,8 @@ static void sp_521_proj_point_add_17(sp_point_521* r, sp_521_mont_sub_17(y, y, t5, p521_mod); { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -118000,7 +118082,7 @@ static void sp_521_proj_point_add_17(sp_point_521* r, (z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } } } @@ -118174,8 +118256,8 @@ static int sp_521_proj_point_add_17_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r, { { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -118192,7 +118274,7 @@ static int sp_521_proj_point_add_17_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r, (ctx->z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } ctx->state = 25; break; @@ -118274,7 +118356,7 @@ static void sp_521_get_point_16_17(sp_point_521* r, const sp_point_521* table, r->z[15] = 0; r->z[16] = 0; for (i = 1; i < 16; i++) { - mask = 0 - (i == idx); + mask = (sp_digit)0 - (i == idx); r->x[0] |= mask & table[i].x[0]; r->x[1] |= mask & table[i].x[1]; r->x[2] |= mask & table[i].x[2]; @@ -118499,15 +118581,15 @@ static int sp_521_ecc_mulmod_fast_17(sp_point_521* r, const sp_point_521* g, con #endif } #ifndef WC_NO_CACHE_RESISTANT - #ifdef WOLFSSL_SP_SMALL_STACK +#ifdef WOLFSSL_SP_SMALL_STACK if (p != NULL) +#endif + { + ForceZero(p, sizeof(sp_point_521)); + #ifdef WOLFSSL_SP_SMALL_STACK + XFREE(p, heap, DYNAMIC_TYPE_ECC); #endif - { - ForceZero(p, sizeof(sp_point_521)); - #ifdef WOLFSSL_SP_SMALL_STACK - XFREE(p, heap, DYNAMIC_TYPE_ECC); - #endif - } + } #endif /* !WC_NO_CACHE_RESISTANT */ #ifdef WOLFSSL_SP_SMALL_STACK if (t != NULL) @@ -118703,8 +118785,8 @@ static void sp_521_proj_point_add_qz1_17(sp_point_521* r, sp_521_mont_sub_17(y, t3, t1, p521_mod); { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -118721,7 +118803,7 @@ static void sp_521_proj_point_add_qz1_17(sp_point_521* r, (z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } } } @@ -118811,8 +118893,7 @@ static int sp_521_gen_stripe_table_17(const sp_point_521* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -118867,7 +118948,7 @@ static void sp_521_get_entry_16_17(sp_point_521* r, r->y[15] = 0; r->y[16] = 0; for (i = 1; i < 16; i++) { - mask = 0 - (i == idx); + mask = (sp_digit)0 - (i == idx); r->x[0] |= mask & table[i].x[0]; r->x[1] |= mask & table[i].x[1]; r->x[2] |= mask & table[i].x[2]; @@ -119012,10 +119093,8 @@ static int sp_521_ecc_mulmod_stripe_17(sp_point_521* r, const sp_point_521* g, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -119271,8 +119350,7 @@ static int sp_521_gen_stripe_table_17(const sp_point_521* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -119327,7 +119405,7 @@ static void sp_521_get_entry_256_17(sp_point_521* r, r->y[15] = 0; r->y[16] = 0; for (i = 1; i < 256; i++) { - mask = 0 - (i == idx); + mask = (sp_digit)0 - (i == idx); r->x[0] |= mask & table[i].x[0]; r->x[1] |= mask & table[i].x[1]; r->x[2] |= mask & table[i].x[2]; @@ -119472,10 +119550,8 @@ static int sp_521_ecc_mulmod_stripe_17(sp_point_521* r, const sp_point_521* g, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -119693,10 +119769,8 @@ int sp_ecc_mulmod_521(const mp_int* km, const ecc_point* gm, ecc_point* r, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -119773,10 +119847,8 @@ int sp_ecc_mulmod_add_521(const mp_int* km, const ecc_point* gm, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -121787,10 +121859,8 @@ int sp_ecc_mulmod_base_521(const mp_int* km, ecc_point* r, int map, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -121865,10 +121935,8 @@ int sp_ecc_mulmod_base_add_521(const mp_int* km, const ecc_point* am, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -121915,7 +121983,7 @@ static void sp_521_add_one_17(sp_digit* a_p) "stm %[a]!, {r1}\n\t" : [a] "+r" (a) : - : "memory", "r1", "r2", "r3", "r4", "cc" + : "memory", "cc", "r1", "r2", "r3", "r4" ); } @@ -121966,6 +122034,7 @@ static void sp_521_from_bin(sp_digit* r, int size, const byte* a, int n) */ static int sp_521_ecc_gen_k_17(WC_RNG* rng, sp_digit* k) { +#ifndef WC_NO_RNG int err; byte buf[66]; @@ -121983,6 +122052,11 @@ static int sp_521_ecc_gen_k_17(WC_RNG* rng, sp_digit* k) while (err == 0); return err; +#else + (void)rng; + (void)k; + return NOT_COMPILED_IN; +#endif } /* Makes a random EC key pair. @@ -122061,12 +122135,9 @@ int sp_ecc_make_key_521(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) { - /* point is not sensitive, so no need to zeroize */ - XFREE(point, heap, DYNAMIC_TYPE_ECC); - } + XFREE(k, heap, DYNAMIC_TYPE_ECC); + /* point is not sensitive, so no need to zeroize */ + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -122226,10 +122297,8 @@ int sp_ecc_secret_gen_521(const mp_int* priv, const ecc_point* pub, byte* out, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -122388,7 +122457,7 @@ static void sp_521_rshift_17(sp_digit* r_p, const sp_digit* a_p, byte n_p) #endif : [r] "+r" (r), [a] "+r" (a), [n] "+r" (n) : - : "memory", "r4", "r5", "r6", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r3", "r12" ); } @@ -122508,7 +122577,7 @@ static void sp_521_lshift_17(sp_digit* r_p, const sp_digit* a_p, byte n_p) "str r5, [%[r], #4]\n\t" : [r] "+r" (r), [a] "+r" (a), [n] "+r" (n) : - : "memory", "r4", "r5", "r6", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r3", "r12" ); } @@ -122726,7 +122795,7 @@ static void sp_521_lshift_34(sp_digit* r_p, const sp_digit* a_p, byte n_p) "str r6, [%[r], #4]\n\t" : [r] "+r" (r), [a] "+r" (a), [n] "+r" (n) : - : "memory", "r4", "r5", "r6", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r3", "r12" ); } @@ -122765,7 +122834,8 @@ static sp_digit sp_521_sub_in_place_17(sp_digit* a_p, const sp_digit* b_p) "sbc %[a], %[a], %[a]\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", + "lr" ); return (uint32_t)(size_t)a; } @@ -122817,7 +122887,7 @@ static sp_digit sp_521_sub_in_place_17(sp_digit* a_p, const sp_digit* b_p) "sbc %[a], r9, r9\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); return (uint32_t)(size_t)a; } @@ -122917,7 +122987,7 @@ static void sp_521_mul_d_17(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) "str r3, [%[r], #68]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); } @@ -123478,7 +123548,7 @@ static void sp_521_mul_d_17(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) "str r5, [%[r]]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8" ); } @@ -123537,7 +123607,7 @@ static sp_digit div_521_word_17(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "add %[d1], r4, r3\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (uint32_t)(size_t)d1; } @@ -123675,7 +123745,7 @@ static sp_digit div_521_word_17(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "sub %[d1], r3, r6\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (uint32_t)(size_t)d1; } @@ -124365,7 +124435,8 @@ static sp_digit sp_521_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit "sbc %[r], r6, r6\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "lr", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r12", "lr" ); return (uint32_t)(size_t)r; } @@ -124419,7 +124490,7 @@ static sp_digit sp_521_sub_17(sp_digit* r_p, const sp_digit* a_p, const sp_digit "sbc %[r], r6, r6\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -124565,7 +124636,8 @@ static void sp_521_div2_mod_17(sp_digit* r_p, const sp_digit* a_p, const sp_digi "str r9, [%[r], #64]\n\t" : [r] "+r" (r), [a] "+r" (a), [m] "+r" (m) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r3", "r12" ); } @@ -124608,7 +124680,8 @@ static const unsigned char L_sp_521_num_bits_17_table[] = { static int sp_521_num_bits_17(const sp_digit* a_p) { register const sp_digit* a asm ("r0") = (const sp_digit*)a_p; - register unsigned char* L_sp_521_num_bits_17_table_c asm ("r1") = (unsigned char*)&L_sp_521_num_bits_17_table; + register unsigned char* L_sp_521_num_bits_17_table_c asm ("r1") = + (unsigned char*)&L_sp_521_num_bits_17_table; __asm__ __volatile__ ( "mov lr, %[L_sp_521_num_bits_17_table]\n\t" @@ -125487,9 +125560,10 @@ static int sp_521_num_bits_17(const sp_digit* a_p) "\n" "L_sp_521_num_bits_17_18_%=: \n\t" "mov %[a], r12\n\t" - : [a] "+r" (a), [L_sp_521_num_bits_17_table] "+r" (L_sp_521_num_bits_17_table_c) + : [a] "+r" (a), + [L_sp_521_num_bits_17_table] "+r" (L_sp_521_num_bits_17_table_c) : - : "memory", "r2", "r3", "r12", "lr", "cc" + : "memory", "cc", "r2", "r3", "r12", "lr" ); return (uint32_t)(size_t)a; } @@ -125713,7 +125787,7 @@ static int sp_521_num_bits_17(const sp_digit* a_p) "mov %[a], r12\n\t" : [a] "+r" (a) : - : "memory", "r1", "r2", "r3", "r12", "lr", "cc" + : "memory", "cc", "r1", "r2", "r3", "r12", "lr" ); return (uint32_t)(size_t)a; } @@ -126015,10 +126089,8 @@ int sp_ecc_verify_521(const byte* hash, word32 hashLen, const mp_int* pX, } #ifdef WOLFSSL_SP_SMALL_STACK - if (u1 != NULL) - XFREE(u1, heap, DYNAMIC_TYPE_ECC); - if (p1 != NULL) - XFREE(p1, heap, DYNAMIC_TYPE_ECC); + XFREE(u1, heap, DYNAMIC_TYPE_ECC); + XFREE(p1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -126228,8 +126300,7 @@ static int sp_521_ecc_is_point_17(const sp_point_521* point, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, heap, DYNAMIC_TYPE_ECC); + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -126268,8 +126339,7 @@ int sp_ecc_is_point_521(const mp_int* pX, const mp_int* pY) } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, NULL, DYNAMIC_TYPE_ECC); + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -126377,10 +126447,8 @@ int sp_ecc_check_key_521(const mp_int* pX, const mp_int* pY, } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, heap, DYNAMIC_TYPE_ECC); - if (priv != NULL) - XFREE(priv, heap, DYNAMIC_TYPE_ECC); + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + XFREE(priv, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -126459,10 +126527,8 @@ int sp_ecc_proj_add_point_521(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -126527,10 +126593,8 @@ int sp_ecc_proj_dbl_point_521(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -126591,10 +126655,8 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ) } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -126644,8 +126706,7 @@ static int sp_521_mont_sqrt_17(sp_digit* y) } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, NULL, DYNAMIC_TYPE_ECC); + XFREE(t, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -126710,8 +126771,7 @@ int sp_ecc_uncompress_521(mp_int* xm, int odd, mp_int* ym) } #ifdef WOLFSSL_SP_SMALL_STACK - if (x != NULL) - XFREE(x, NULL, DYNAMIC_TYPE_ECC); + XFREE(x, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -136488,7 +136548,8 @@ static void sp_1024_mul_16(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b "stm %[r]!, {r3, r4, r5, r6}\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", "r12", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r11", + "r12" ); } @@ -141720,7 +141781,8 @@ static void sp_1024_sqr_16(sp_digit* r_p, const sp_digit* a_p) "stm %[r]!, {r2, r3, r4, r8}\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r12", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", + "r12" ); } @@ -141769,7 +141831,7 @@ static sp_digit sp_1024_add_16(sp_digit* r_p, const sp_digit* a_p, const sp_digi "adc %[r], %[r], #0\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -141844,7 +141906,7 @@ static sp_digit sp_1024_sub_in_place_32(sp_digit* a_p, const sp_digit* b_p) "sbc %[a], r9, r9\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); return (uint32_t)(size_t)a; } @@ -141922,7 +141984,7 @@ static sp_digit sp_1024_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digi "adc %[r], %[r], #0\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -142040,7 +142102,7 @@ static sp_digit sp_1024_sub_16(sp_digit* r_p, const sp_digit* a_p, const sp_digi "sbc %[r], r6, r6\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10" ); return (uint32_t)(size_t)r; } @@ -142277,7 +142339,8 @@ static void sp_1024_mul_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b "bgt L_sp_1024_mul_32_store_%=\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -142434,7 +142497,8 @@ static void sp_1024_sqr_32(sp_digit* r_p, const sp_digit* a_p) "bgt L_sp_1024_sqr_32_store_%=\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", "r11", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "lr", + "r11" ); } @@ -142554,7 +142618,8 @@ static sp_digit sp_1024_sub_in_place_32(sp_digit* a_p, const sp_digit* b_p) "mov %[a], r12\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", "lr", "cc" + : "memory", "cc", "r2", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "r12", + "lr" ); return (uint32_t)(size_t)a; } @@ -142569,7 +142634,8 @@ static sp_digit sp_1024_sub_in_place_32(sp_digit* a_p, const sp_digit* b_p) * b A single precision number to subtract. * m Mask value to apply. */ -static sp_digit sp_1024_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_1024_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -142595,7 +142661,7 @@ static sp_digit sp_1024_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp "mov %[r], r12\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); return (uint32_t)(size_t)r; } @@ -142609,7 +142675,8 @@ static sp_digit sp_1024_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp * b A single precision number to subtract. * m Mask value to apply. */ -static sp_digit sp_1024_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_1024_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -142733,7 +142800,7 @@ static sp_digit sp_1024_cond_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp "sbc %[r], lr, lr\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7" ); return (uint32_t)(size_t)r; } @@ -142772,7 +142839,8 @@ static sp_digit sp_1024_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digi "mov %[r], r3\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r3", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r3", "r12" ); return (uint32_t)(size_t)r; } @@ -142872,7 +142940,7 @@ static void sp_1024_mul_d_32(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) "str r3, [%[r], #128]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "r9", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8", "r9" ); } @@ -143913,7 +143981,7 @@ static void sp_1024_mul_d_32(sp_digit* r_p, const sp_digit* a_p, sp_digit b_p) "str r5, [%[r]]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : - : "memory", "r3", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r4", "r5", "r6", "r7", "r8" ); } @@ -143972,7 +144040,7 @@ static sp_digit div_1024_word_32(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "add %[d1], r4, r3\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (uint32_t)(size_t)d1; } @@ -144110,7 +144178,7 @@ static sp_digit div_1024_word_32(sp_digit d1_p, sp_digit d0_p, sp_digit div_p) "sub %[d1], r3, r6\n\t" : [d1] "+r" (d1), [d0] "+r" (d0), [div] "+r" (div) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (uint32_t)(size_t)d1; } @@ -144539,7 +144607,7 @@ static sp_int32 sp_1024_cmp_32(const sp_digit* a_p, const sp_digit* b_p) "mov %[a], r2\n\t" : [a] "+r" (a), [b] "+r" (b) : - : "memory", "r2", "r3", "r12", "lr", "r4", "r5", "r6", "cc" + : "memory", "cc", "r2", "r3", "r12", "lr", "r4", "r5", "r6" ); return (uint32_t)(size_t)a; } @@ -144661,16 +144729,16 @@ static void sp_1024_point_free_32(sp_point_1024* p, int clear, void* heap) { #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) -/* If valid pointer then clear point data if requested and free data. */ + /* If valid pointer then clear point data if requested and free data. */ if (p != NULL) { - if (clear != 0) { + if (clear) { XMEMSET(p, 0, sizeof(*p)); } XFREE(p, heap, DYNAMIC_TYPE_ECC); } #else -/* Clear point data if requested. */ - if ((p != NULL) && (clear != 0)) { + /* Clear point data if requested. */ + if ((p != NULL) && clear) { XMEMSET(p, 0, sizeof(*p)); } #endif @@ -145853,7 +145921,8 @@ static SP_NOINLINE void sp_1024_mont_reduce_32(sp_digit* a_p, const sp_digit* m_ "mov %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_1024_cond_sub_32(a - 32, a, m, mp); } @@ -146153,7 +146222,8 @@ static SP_NOINLINE void sp_1024_mont_reduce_32(sp_digit* a_p, const sp_digit* m_ "mov %[mp], r3\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_1024_cond_sub_32(a - 32, a, m, mp); } @@ -146363,7 +146433,8 @@ static SP_NOINLINE void sp_1024_mont_reduce_32(sp_digit* a_p, const sp_digit* m_ "mov %[mp], lr\n\t" : [a] "+r" (a), [m] "+r" (m), [mp] "+r" (mp) : - : "memory", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "cc" + : "memory", "cc", "r3", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "r9", + "r10", "r11" ); sp_1024_cond_sub_32(a - 32, a, m, mp); } @@ -146490,7 +146561,7 @@ static void sp_1024_map_32(sp_point_1024* r, const sp_point_1024* p, sp_1024_mont_reduce_32(r->x, p1024_mod, p1024_mp_mod); /* Reduce x to less than modulus */ n = sp_1024_cmp_32(r->x, p1024_mod); - sp_1024_cond_sub_32(r->x, r->x, p1024_mod, ~(n >> 31)); + sp_1024_cond_sub_32(r->x, r->x, p1024_mod, (sp_digit)~(n >> 31)); sp_1024_norm_32(r->x); /* y /= z^3 */ @@ -146499,7 +146570,7 @@ static void sp_1024_map_32(sp_point_1024* r, const sp_point_1024* p, sp_1024_mont_reduce_32(r->y, p1024_mod, p1024_mp_mod); /* Reduce y to less than modulus */ n = sp_1024_cmp_32(r->y, p1024_mod); - sp_1024_cond_sub_32(r->y, r->y, p1024_mod, ~(n >> 31)); + sp_1024_cond_sub_32(r->y, r->y, p1024_mod, (sp_digit)~(n >> 31)); sp_1024_norm_32(r->y); XMEMSET(r->z, 0, sizeof(r->z) / 2); @@ -146513,7 +146584,8 @@ static void sp_1024_map_32(sp_point_1024* r, const sp_point_1024* p, * b Second number to add in Montgomery form. * m Modulus (prime). */ -static void sp_1024_mont_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p) +static void sp_1024_mont_add_32(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, const sp_digit* m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -146675,7 +146747,8 @@ static void sp_1024_mont_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_dig "stm %[r]!, {r4, r5, r6, r7}\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r12" ); } @@ -146685,7 +146758,8 @@ static void sp_1024_mont_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_dig * a Number to double in Montgomery form. * m Modulus (prime). */ -static void sp_1024_mont_dbl_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p) +static void sp_1024_mont_dbl_32(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -146830,7 +146904,8 @@ static void sp_1024_mont_dbl_32(sp_digit* r_p, const sp_digit* a_p, const sp_dig "stm %[r]!, {r4, r5, r6, r7}\n\t" : [r] "+r" (r), [a] "+r" (a), [m] "+r" (m) : - : "memory", "r8", "r9", "r10", "r11", "r4", "r5", "r6", "r7", "r12", "cc" + : "memory", "cc", "r8", "r9", "r10", "r11", "r4", "r5", "r6", "r7", + "r12" ); } @@ -146840,7 +146915,8 @@ static void sp_1024_mont_dbl_32(sp_digit* r_p, const sp_digit* a_p, const sp_dig * a Number to triple in Montgomery form. * m Modulus (prime). */ -static void sp_1024_mont_tpl_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* m_p) +static void sp_1024_mont_tpl_32(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -147140,7 +147216,8 @@ static void sp_1024_mont_tpl_32(sp_digit* r_p, const sp_digit* a_p, const sp_dig "stm %[r]!, {r4, r5, r6, r7}\n\t" : [r] "+r" (r), [a] "+r" (a), [m] "+r" (m) : - : "memory", "r8", "r9", "r10", "r11", "r4", "r5", "r6", "r7", "r12", "cc" + : "memory", "cc", "r8", "r9", "r10", "r11", "r4", "r5", "r6", "r7", + "r12" ); } @@ -147151,7 +147228,8 @@ static void sp_1024_mont_tpl_32(sp_digit* r_p, const sp_digit* a_p, const sp_dig * b Number to subtract with in Montgomery form. * m Modulus (prime). */ -static void sp_1024_mont_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, const sp_digit* m_p) +static void sp_1024_mont_sub_32(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, const sp_digit* m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -147307,7 +147385,8 @@ static void sp_1024_mont_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp_dig "stm %[r]!, {r4, r5, r6, r7}\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", "r12", "cc" + : "memory", "cc", "r4", "r5", "r6", "r7", "r8", "r9", "r10", "r11", + "r12" ); } @@ -147320,7 +147399,8 @@ static void sp_1024_mont_sub_32(sp_digit* r_p, const sp_digit* a_p, const sp_dig * b A single precision number to add. * m Mask value to apply. */ -static sp_digit sp_1024_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_1024_cond_add_32(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -147346,7 +147426,7 @@ static sp_digit sp_1024_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp "mov %[r], lr\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6" ); return (uint32_t)(size_t)r; } @@ -147360,7 +147440,8 @@ static sp_digit sp_1024_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp * b A single precision number to add. * m Mask value to apply. */ -static sp_digit sp_1024_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp_digit* b_p, sp_digit m_p) +static sp_digit sp_1024_cond_add_32(sp_digit* r_p, const sp_digit* a_p, + const sp_digit* b_p, sp_digit m_p) { register sp_digit* r asm ("r0") = (sp_digit*)r_p; register const sp_digit* a asm ("r1") = (const sp_digit*)a_p; @@ -147484,7 +147565,7 @@ static sp_digit sp_1024_cond_add_32(sp_digit* r_p, const sp_digit* a_p, const sp "adc %[r], r8, r8\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) : - : "memory", "r12", "lr", "r4", "r5", "r6", "r7", "r8", "cc" + : "memory", "cc", "r12", "lr", "r4", "r5", "r6", "r7", "r8" ); return (uint32_t)(size_t)r; } @@ -147624,7 +147705,7 @@ static void sp_1024_rshift1_32(sp_digit* r_p, const sp_digit* a_p) "str r3, [%[r], #124]\n\t" : [r] "+r" (r), [a] "+r" (a) : - : "memory", "r2", "r3", "r4", "cc" + : "memory", "cc", "r2", "r3", "r4" ); } @@ -147945,8 +148026,8 @@ static void sp_1024_proj_point_add_32(sp_point_1024* r, sp_1024_mont_sub_32(y, y, t5, p1024_mod); { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -147963,7 +148044,7 @@ static void sp_1024_proj_point_add_32(sp_point_1024* r, (z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } } } @@ -148137,8 +148218,8 @@ static int sp_1024_proj_point_add_32_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024* r, { { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -148155,7 +148236,7 @@ static int sp_1024_proj_point_add_32_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024* r, (ctx->z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } ctx->state = 25; break; @@ -148496,8 +148577,8 @@ static void sp_1024_proj_point_add_qz1_32(sp_point_1024* r, sp_1024_mont_sub_32(y, t3, t1, p1024_mod); { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -148514,7 +148595,7 @@ static void sp_1024_proj_point_add_qz1_32(sp_point_1024* r, (z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } } } @@ -148604,8 +148685,7 @@ static int sp_1024_gen_stripe_table_32(const sp_point_1024* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -148704,10 +148784,8 @@ static int sp_1024_ecc_mulmod_stripe_32(sp_point_1024* r, const sp_point_1024* g } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -148963,8 +149041,7 @@ static int sp_1024_gen_stripe_table_32(const sp_point_1024* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -149063,10 +149140,8 @@ static int sp_1024_ecc_mulmod_stripe_32(sp_point_1024* r, const sp_point_1024* g } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -149284,10 +149359,8 @@ int sp_ecc_mulmod_1024(const mp_int* km, const ecc_point* gm, ecc_point* r, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -152922,10 +152995,8 @@ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -153000,10 +153071,8 @@ int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -153037,7 +153106,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len, if ((err == MP_OKAY) && (table == NULL)) { *len = sizeof(sp_table_entry_1024) * 256; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if ((err == MP_OKAY) && (*len < (int)(sizeof(sp_table_entry_1024) * 256))) { err = BUFFER_E; @@ -153068,10 +153137,8 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -153097,7 +153164,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len, if ((err == 0) && (table == NULL)) { *len = 0; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if ((err == 0) && (*len != 0)) { err = BUFFER_E; @@ -153164,10 +153231,8 @@ int sp_ecc_mulmod_table_1024(const mp_int* km, const ecc_point* gm, byte* table, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -153314,9 +153379,7 @@ int sp_ModExp_Fp_star_1024(const mp_int* base, mp_int* exp, mp_int* res) #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; } @@ -155212,9 +155275,7 @@ int sp_ModExp_Fp_star_1024(const mp_int* base, mp_int* exp, mp_int* res) #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; } @@ -155582,9 +155643,7 @@ int sp_Pairing_1024(const ecc_point* pm, const ecc_point* qm, mp_int* res) #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif sp_1024_point_free_32(c, 1, NULL); sp_1024_point_free_32(q, 1, NULL); @@ -156009,9 +156068,7 @@ int sp_Pairing_1024(const ecc_point* pm, const ecc_point* qm, mp_int* res) #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif sp_1024_point_free_32(c, 1, NULL); sp_1024_point_free_32(q, 1, NULL); @@ -156041,7 +156098,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table, if (table == NULL) { *len = 0; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } else if (*len != 0) { err = BUFFER_E; @@ -156270,7 +156327,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table, if (table == NULL) { *len = sizeof(sp_table_entry_1024) * 1167; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if ((err == MP_OKAY) && @@ -156377,9 +156434,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table, #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif sp_1024_point_free_32(neg, 1, NULL); sp_1024_point_free_32(c, 1, NULL); @@ -156572,9 +156627,7 @@ int sp_Pairing_precomp_1024(const ecc_point* pm, const ecc_point* qm, #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif sp_1024_point_free_32(c, 1, NULL); sp_1024_point_free_32(q, 1, NULL); @@ -156667,7 +156720,7 @@ static int sp_1024_ecc_is_point_32(const sp_point_1024* point, n = sp_1024_cmp_32(t1, p1024_mod); - sp_1024_cond_sub_32(t1, t1, p1024_mod, ~(n >> 31)); + sp_1024_cond_sub_32(t1, t1, p1024_mod, (sp_digit)~(n >> 31)); sp_1024_norm_32(t1); if (!sp_1024_iszero_32(t1)) { err = MP_VAL; @@ -156675,8 +156728,7 @@ static int sp_1024_ecc_is_point_32(const sp_point_1024* point, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, heap, DYNAMIC_TYPE_ECC); + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -156715,8 +156767,7 @@ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY) } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, NULL, DYNAMIC_TYPE_ECC); + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -156824,10 +156875,8 @@ int sp_ecc_check_key_1024(const mp_int* pX, const mp_int* pY, } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, heap, DYNAMIC_TYPE_ECC); - if (priv != NULL) - XFREE(priv, heap, DYNAMIC_TYPE_ECC); + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + XFREE(priv, heap, DYNAMIC_TYPE_ECC); #endif return err; diff --git a/src/wolfcrypt/src/sp_arm64.c b/src/wolfcrypt/src/sp_arm64.c index ea3ce39..0a465f4 100644 --- a/src/wolfcrypt/src/sp_arm64.c +++ b/src/wolfcrypt/src/sp_arm64.c @@ -1,6 +1,6 @@ /* sp.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -67,7 +67,7 @@ do { \ int ii; \ fprintf(stderr, name "=0x"); \ - for (ii = ((bits + 63) / 64) - 1; ii >= 0; ii--) \ + for (ii = (((bits) + 63) / 64) - 1; ii >= 0; ii--) \ fprintf(stderr, SP_PRINT_FMT, (var)[ii]); \ fprintf(stderr, "\n"); \ } while (0) @@ -4164,13 +4164,12 @@ static int sp_2048_mod_exp_16(sp_digit* r, const sp_digit* a, const sp_digit* e, XMEMSET(&r[16], 0, sizeof(sp_digit) * 16U); sp_2048_mont_reduce_16(r, m, mp); - mask = 0 - (sp_2048_cmp_16(r, m) >= 0); + mask = (sp_digit)0 - (sp_2048_cmp_16(r, m) >= 0); sp_2048_cond_sub_16(r, r, m, mask); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -4333,13 +4332,12 @@ static int sp_2048_mod_exp_16(sp_digit* r, const sp_digit* a, const sp_digit* e, XMEMSET(&r[16], 0, sizeof(sp_digit) * 16U); sp_2048_mont_reduce_16(r, m, mp); - mask = 0 - (sp_2048_cmp_16(r, m) >= 0); + mask = (sp_digit)0 - (sp_2048_cmp_16(r, m) >= 0); sp_2048_cond_sub_16(r, r, m, mask); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -5790,13 +5788,12 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e, XMEMSET(&r[32], 0, sizeof(sp_digit) * 32U); sp_2048_mont_reduce_32(r, m, mp); - mask = 0 - (sp_2048_cmp_32(r, m) >= 0); + mask = (sp_digit)0 - (sp_2048_cmp_32(r, m) >= 0); sp_2048_cond_sub_32(r, r, m, mask); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -5992,13 +5989,12 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e, XMEMSET(&r[32], 0, sizeof(sp_digit) * 32U); sp_2048_mont_reduce_32(r, m, mp); - mask = 0 - (sp_2048_cmp_32(r, m) >= 0); + mask = (sp_digit)0 - (sp_2048_cmp_32(r, m) >= 0); sp_2048_cond_sub_32(r, r, m, mask); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -6161,8 +6157,7 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (a != NULL) - XFREE(a, NULL, DYNAMIC_TYPE_RSA); + XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -6837,13 +6832,12 @@ static int sp_2048_mod_exp_2_32(sp_digit* r, const sp_digit* e, int bits, XMEMSET(&r[32], 0, sizeof(sp_digit) * 32U); sp_2048_mont_reduce_32(r, m, mp); - mask = 0 - (sp_2048_cmp_32(r, m) >= 0); + mask = (sp_digit)0 - (sp_2048_cmp_32(r, m) >= 0); sp_2048_cond_sub_32(r, r, m, mask); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -13355,13 +13349,12 @@ static int sp_3072_mod_exp_24(sp_digit* r, const sp_digit* a, const sp_digit* e, XMEMSET(&r[24], 0, sizeof(sp_digit) * 24U); sp_3072_mont_reduce_24(r, m, mp); - mask = 0 - (sp_3072_cmp_24(r, m) >= 0); + mask = (sp_digit)0 - (sp_3072_cmp_24(r, m) >= 0); sp_3072_cond_sub_24(r, r, m, mask); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -13524,13 +13517,12 @@ static int sp_3072_mod_exp_24(sp_digit* r, const sp_digit* a, const sp_digit* e, XMEMSET(&r[24], 0, sizeof(sp_digit) * 24U); sp_3072_mont_reduce_24(r, m, mp); - mask = 0 - (sp_3072_cmp_24(r, m) >= 0); + mask = (sp_digit)0 - (sp_3072_cmp_24(r, m) >= 0); sp_3072_cond_sub_24(r, r, m, mask); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -15347,13 +15339,12 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e, XMEMSET(&r[48], 0, sizeof(sp_digit) * 48U); sp_3072_mont_reduce_48(r, m, mp); - mask = 0 - (sp_3072_cmp_48(r, m) >= 0); + mask = (sp_digit)0 - (sp_3072_cmp_48(r, m) >= 0); sp_3072_cond_sub_48(r, r, m, mask); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -15499,13 +15490,12 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e, XMEMSET(&r[48], 0, sizeof(sp_digit) * 48U); sp_3072_mont_reduce_48(r, m, mp); - mask = 0 - (sp_3072_cmp_48(r, m) >= 0); + mask = (sp_digit)0 - (sp_3072_cmp_48(r, m) >= 0); sp_3072_cond_sub_48(r, r, m, mask); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -15668,8 +15658,7 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (a != NULL) - XFREE(a, NULL, DYNAMIC_TYPE_RSA); + XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -16440,13 +16429,12 @@ static int sp_3072_mod_exp_2_48(sp_digit* r, const sp_digit* e, int bits, XMEMSET(&r[48], 0, sizeof(sp_digit) * 48U); sp_3072_mont_reduce_48(r, m, mp); - mask = 0 - (sp_3072_cmp_48(r, m) >= 0); + mask = (sp_digit)0 - (sp_3072_cmp_48(r, m) >= 0); sp_3072_cond_sub_48(r, r, m, mask); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -20458,13 +20446,12 @@ static int sp_4096_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e, XMEMSET(&r[64], 0, sizeof(sp_digit) * 64U); sp_4096_mont_reduce_64(r, m, mp); - mask = 0 - (sp_4096_cmp_64(r, m) >= 0); + mask = (sp_digit)0 - (sp_4096_cmp_64(r, m) >= 0); sp_4096_cond_sub_64(r, r, m, mask); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -20610,13 +20597,12 @@ static int sp_4096_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e, XMEMSET(&r[64], 0, sizeof(sp_digit) * 64U); sp_4096_mont_reduce_64(r, m, mp); - mask = 0 - (sp_4096_cmp_64(r, m) >= 0); + mask = (sp_digit)0 - (sp_4096_cmp_64(r, m) >= 0); sp_4096_cond_sub_64(r, r, m, mask); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -20779,8 +20765,7 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (a != NULL) - XFREE(a, NULL, DYNAMIC_TYPE_RSA); + XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -21647,13 +21632,12 @@ static int sp_4096_mod_exp_2_64(sp_digit* r, const sp_digit* e, int bits, XMEMSET(&r[64], 0, sizeof(sp_digit) * 64U); sp_4096_mont_reduce_64(r, m, mp); - mask = 0 - (sp_4096_cmp_64(r, m) >= 0); + mask = (sp_digit)0 - (sp_4096_cmp_64(r, m) >= 0); sp_4096_cond_sub_64(r, r, m, mask); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -22119,14 +22103,14 @@ static int sp_256_mod_mul_norm_4(sp_digit* r, const sp_digit* a, const sp_digit* (void)m; - a32[0] = a[0] & 0xffffffff; - a32[1] = a[0] >> 32; - a32[2] = a[1] & 0xffffffff; - a32[3] = a[1] >> 32; - a32[4] = a[2] & 0xffffffff; - a32[5] = a[2] >> 32; - a32[6] = a[3] & 0xffffffff; - a32[7] = a[3] >> 32; + a32[0] = (int64_t)(a[0] & 0xffffffff); + a32[1] = (int64_t)(a[0] >> 32); + a32[2] = (int64_t)(a[1] & 0xffffffff); + a32[3] = (int64_t)(a[1] >> 32); + a32[4] = (int64_t)(a[2] & 0xffffffff); + a32[5] = (int64_t)(a[2] >> 32); + a32[6] = (int64_t)(a[3] & 0xffffffff); + a32[7] = (int64_t)(a[3] >> 32); /* 1 1 0 -1 -1 -1 -1 0 */ t[0] = 0 + a32[0] + a32[1] - a32[3] - a32[4] - a32[5] - a32[6]; @@ -22176,10 +22160,10 @@ static int sp_256_mod_mul_norm_4(sp_digit* r, const sp_digit* a, const sp_digit* t[5] += t[4] >> 32; t[4] &= 0xffffffff; t[6] += t[5] >> 32; t[5] &= 0xffffffff; t[7] += t[6] >> 32; t[6] &= 0xffffffff; - r[0] = (t[1] << 32) | t[0]; - r[1] = (t[3] << 32) | t[2]; - r[2] = (t[5] << 32) | t[4]; - r[3] = (t[7] << 32) | t[6]; + r[0] = (sp_digit)((t[1] << 32) | t[0]); + r[1] = (sp_digit)((t[3] << 32) | t[2]); + r[2] = (sp_digit)((t[5] << 32) | t[4]); + r[3] = (sp_digit)((t[7] << 32) | t[6]); return MP_OKAY; } @@ -23060,7 +23044,7 @@ static void sp_256_map_4(sp_point_256* r, const sp_point_256* p, sp_256_mont_reduce_4(r->x, p256_mod, p256_mp_mod); /* Reduce x to less than modulus */ n = sp_256_cmp_4(r->x, p256_mod); - sp_256_cond_sub_4(r->x, r->x, p256_mod, ~(n >> 63)); + sp_256_cond_sub_4(r->x, r->x, p256_mod, (sp_digit)~(n >> 63)); sp_256_norm_4(r->x); /* y /= z^3 */ @@ -23069,7 +23053,7 @@ static void sp_256_map_4(sp_point_256* r, const sp_point_256* p, sp_256_mont_reduce_4(r->y, p256_mod, p256_mp_mod); /* Reduce y to less than modulus */ n = sp_256_cmp_4(r->y, p256_mod); - sp_256_cond_sub_4(r->y, r->y, p256_mod, ~(n >> 63)); + sp_256_cond_sub_4(r->y, r->y, p256_mod, (sp_digit)~(n >> 63)); sp_256_norm_4(r->y); XMEMSET(r->z, 0, sizeof(r->z) / 2); @@ -24255,7 +24239,7 @@ static void sp_256_ecc_recode_6_4(const sp_digit* k, ecc_recode_256* v) n = k[j]; o = 0; for (i=0; i<43; i++) { - y = (int8_t)n; + y = (uint8_t)(int8_t)n; if (o + 6 < 64) { y &= 0x3f; n >>= 6; @@ -24486,10 +24470,8 @@ static int sp_256_ecc_mulmod_win_add_sub_4(sp_point_256* r, const sp_point_256* } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (tmp != NULL) - XFREE(tmp, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(tmp, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -24731,8 +24713,7 @@ static int sp_256_gen_stripe_table_4(const sp_point_256* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -24902,10 +24883,8 @@ static int sp_256_ecc_mulmod_stripe_4(sp_point_256* r, const sp_point_256* g, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -25164,8 +25143,7 @@ static int sp_256_gen_stripe_table_4(const sp_point_256* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -25335,10 +25313,8 @@ static int sp_256_ecc_mulmod_stripe_4(sp_point_256* r, const sp_point_256* g, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -25557,10 +25533,8 @@ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -25637,10 +25611,8 @@ int sp_ecc_mulmod_add_256(const mp_int* km, const ecc_point* gm, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -27350,7 +27322,7 @@ static void sp_256_ecc_recode_7_4(const sp_digit* k, ecc_recode_256* v) n = k[j]; o = 0; for (i=0; i<37; i++) { - y = (int8_t)n; + y = (uint8_t)(int8_t)n; if (o + 7 < 64) { y &= 0x7f; n >>= 7; @@ -39494,8 +39466,7 @@ static int sp_256_ecc_mulmod_add_only_4(sp_point_256* r, const sp_point_256* g, #endif } #ifdef WOLFSSL_SP_SMALL_STACK - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -39562,10 +39533,8 @@ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -39640,10 +39609,8 @@ int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -39796,6 +39763,7 @@ static void sp_256_from_bin(sp_digit* r, int size, const byte* a, int n) */ static int sp_256_ecc_gen_k_4(WC_RNG* rng, sp_digit* k) { +#ifndef WC_NO_RNG int err; byte buf[32]; @@ -39812,6 +39780,11 @@ static int sp_256_ecc_gen_k_4(WC_RNG* rng, sp_digit* k) while (err == 0); return err; +#else + (void)rng; + (void)k; + return NOT_COMPILED_IN; +#endif } /* Makes a random EC key pair. @@ -39890,12 +39863,9 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) { - /* point is not sensitive, so no need to zeroize */ - XFREE(point, heap, DYNAMIC_TYPE_ECC); - } + XFREE(k, heap, DYNAMIC_TYPE_ECC); + /* point is not sensitive, so no need to zeroize */ + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -40059,10 +40029,8 @@ int sp_ecc_secret_gen_256(const mp_int* priv, const ecc_point* pub, byte* out, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -41930,10 +41898,8 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, } #ifdef WOLFSSL_SP_SMALL_STACK - if (u1 != NULL) - XFREE(u1, heap, DYNAMIC_TYPE_ECC); - if (p1 != NULL) - XFREE(p1, heap, DYNAMIC_TYPE_ECC); + XFREE(u1, heap, DYNAMIC_TYPE_ECC); + XFREE(p1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -42184,8 +42150,7 @@ static int sp_256_ecc_is_point_4(const sp_point_256* point, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, heap, DYNAMIC_TYPE_ECC); + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -42224,8 +42189,7 @@ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY) } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, NULL, DYNAMIC_TYPE_ECC); + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -42333,10 +42297,8 @@ int sp_ecc_check_key_256(const mp_int* pX, const mp_int* pY, } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, heap, DYNAMIC_TYPE_ECC); - if (priv != NULL) - XFREE(priv, heap, DYNAMIC_TYPE_ECC); + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + XFREE(priv, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -42415,10 +42377,8 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -42483,10 +42443,8 @@ int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -42547,10 +42505,8 @@ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ) } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -42616,8 +42572,7 @@ static int sp_256_mont_sqrt_4(sp_digit* y) } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_ECC); + XFREE(t1, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -42682,8 +42637,7 @@ int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym) } #ifdef WOLFSSL_SP_SMALL_STACK - if (x != NULL) - XFREE(x, NULL, DYNAMIC_TYPE_ECC); + XFREE(x, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -43390,18 +43344,18 @@ static int sp_384_mod_mul_norm_6(sp_digit* r, const sp_digit* a, const sp_digit* if (err == MP_OKAY) { a32 = t + 12; - a32[0] = a[0] & 0xffffffff; - a32[1] = a[0] >> 32; - a32[2] = a[1] & 0xffffffff; - a32[3] = a[1] >> 32; - a32[4] = a[2] & 0xffffffff; - a32[5] = a[2] >> 32; - a32[6] = a[3] & 0xffffffff; - a32[7] = a[3] >> 32; - a32[8] = a[4] & 0xffffffff; - a32[9] = a[4] >> 32; - a32[10] = a[5] & 0xffffffff; - a32[11] = a[5] >> 32; + a32[0] = (int64_t)(a[0] & 0xffffffff); + a32[1] = (int64_t)(a[0] >> 32); + a32[2] = (int64_t)(a[1] & 0xffffffff); + a32[3] = (int64_t)(a[1] >> 32); + a32[4] = (int64_t)(a[2] & 0xffffffff); + a32[5] = (int64_t)(a[2] >> 32); + a32[6] = (int64_t)(a[3] & 0xffffffff); + a32[7] = (int64_t)(a[3] >> 32); + a32[8] = (int64_t)(a[4] & 0xffffffff); + a32[9] = (int64_t)(a[4] >> 32); + a32[10] = (int64_t)(a[5] & 0xffffffff); + a32[11] = (int64_t)(a[5] >> 32); /* 1 0 0 0 0 0 0 0 1 1 0 -1 */ t[0] = 0 + a32[0] + a32[8] + a32[9] - a32[11]; @@ -43456,17 +43410,16 @@ static int sp_384_mod_mul_norm_6(sp_digit* r, const sp_digit* a, const sp_digit* t[10] += t[9] >> 32; t[9] &= 0xffffffff; t[11] += t[10] >> 32; t[10] &= 0xffffffff; - r[0] = (t[1] << 32) | t[0]; - r[1] = (t[3] << 32) | t[2]; - r[2] = (t[5] << 32) | t[4]; - r[3] = (t[7] << 32) | t[6]; - r[4] = (t[9] << 32) | t[8]; - r[5] = (t[11] << 32) | t[10]; + r[0] = (sp_digit)((t[1] << 32) | t[0]); + r[1] = (sp_digit)((t[3] << 32) | t[2]); + r[2] = (sp_digit)((t[5] << 32) | t[4]); + r[3] = (sp_digit)((t[7] << 32) | t[6]); + r[4] = (sp_digit)((t[9] << 32) | t[8]); + r[5] = (sp_digit)((t[11] << 32) | t[10]); } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, NULL, DYNAMIC_TYPE_ECC); + XFREE(t, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -44245,7 +44198,7 @@ static void sp_384_map_6(sp_point_384* r, const sp_point_384* p, sp_384_mont_reduce_6(r->x, p384_mod, p384_mp_mod); /* Reduce x to less than modulus */ n = sp_384_cmp_6(r->x, p384_mod); - sp_384_cond_sub_6(r->x, r->x, p384_mod, ~(n >> 63)); + sp_384_cond_sub_6(r->x, r->x, p384_mod, (sp_digit)~(n >> 63)); sp_384_norm_6(r->x); /* y /= z^3 */ @@ -44254,7 +44207,7 @@ static void sp_384_map_6(sp_point_384* r, const sp_point_384* p, sp_384_mont_reduce_6(r->y, p384_mod, p384_mp_mod); /* Reduce y to less than modulus */ n = sp_384_cmp_6(r->y, p384_mod); - sp_384_cond_sub_6(r->y, r->y, p384_mod, ~(n >> 63)); + sp_384_cond_sub_6(r->y, r->y, p384_mod, (sp_digit)~(n >> 63)); sp_384_norm_6(r->y); XMEMSET(r->z, 0, sizeof(r->z) / 2); @@ -44824,8 +44777,8 @@ static void sp_384_proj_point_add_6(sp_point_384* r, sp_384_mont_sub_6(y, y, t5, p384_mod); { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -44842,7 +44795,7 @@ static void sp_384_proj_point_add_6(sp_point_384* r, (z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } } } @@ -45016,8 +44969,8 @@ static int sp_384_proj_point_add_6_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r, { { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -45034,7 +44987,7 @@ static int sp_384_proj_point_add_6_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r, (ctx->z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } ctx->state = 25; break; @@ -45248,7 +45201,7 @@ static void sp_384_ecc_recode_6_6(const sp_digit* k, ecc_recode_384* v) n = k[j]; o = 0; for (i=0; i<65; i++) { - y = (int8_t)n; + y = (uint8_t)(int8_t)n; if (o + 6 < 64) { y &= 0x3f; n >>= 6; @@ -45483,10 +45436,8 @@ static int sp_384_ecc_mulmod_win_add_sub_6(sp_point_384* r, const sp_point_384* } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (tmp != NULL) - XFREE(tmp, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(tmp, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -45556,8 +45507,8 @@ static void sp_384_proj_point_add_qz1_6(sp_point_384* r, sp_384_mont_sub_6(y, t3, t1, p384_mod); { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -45574,7 +45525,7 @@ static void sp_384_proj_point_add_qz1_6(sp_point_384* r, (z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } } } @@ -45688,8 +45639,7 @@ static int sp_384_gen_stripe_table_6(const sp_point_384* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -45859,10 +45809,8 @@ static int sp_384_ecc_mulmod_stripe_6(sp_point_384* r, const sp_point_384* g, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -46121,8 +46069,7 @@ static int sp_384_gen_stripe_table_6(const sp_point_384* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -46292,10 +46239,8 @@ static int sp_384_ecc_mulmod_stripe_6(sp_point_384* r, const sp_point_384* g, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -46514,10 +46459,8 @@ int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -46594,10 +46537,8 @@ int sp_ecc_mulmod_add_384(const mp_int* km, const ecc_point* gm, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -48307,7 +48248,7 @@ static void sp_384_ecc_recode_7_6(const sp_digit* k, ecc_recode_384* v) n = k[j]; o = 0; for (i=0; i<55; i++) { - y = (int8_t)n; + y = (uint8_t)(int8_t)n; if (o + 7 < 64) { y &= 0x7f; n >>= 7; @@ -66265,8 +66206,7 @@ static int sp_384_ecc_mulmod_add_only_6(sp_point_384* r, const sp_point_384* g, #endif } #ifdef WOLFSSL_SP_SMALL_STACK - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -66333,10 +66273,8 @@ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -66411,10 +66349,8 @@ int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -66571,6 +66507,7 @@ static void sp_384_from_bin(sp_digit* r, int size, const byte* a, int n) */ static int sp_384_ecc_gen_k_6(WC_RNG* rng, sp_digit* k) { +#ifndef WC_NO_RNG int err; byte buf[48]; @@ -66587,6 +66524,11 @@ static int sp_384_ecc_gen_k_6(WC_RNG* rng, sp_digit* k) while (err == 0); return err; +#else + (void)rng; + (void)k; + return NOT_COMPILED_IN; +#endif } /* Makes a random EC key pair. @@ -66665,12 +66607,9 @@ int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) { - /* point is not sensitive, so no need to zeroize */ - XFREE(point, heap, DYNAMIC_TYPE_ECC); - } + XFREE(k, heap, DYNAMIC_TYPE_ECC); + /* point is not sensitive, so no need to zeroize */ + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -66834,10 +66773,8 @@ int sp_ecc_secret_gen_384(const mp_int* priv, const ecc_point* pub, byte* out, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -68062,10 +67999,8 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, } #ifdef WOLFSSL_SP_SMALL_STACK - if (u1 != NULL) - XFREE(u1, heap, DYNAMIC_TYPE_ECC); - if (p1 != NULL) - XFREE(p1, heap, DYNAMIC_TYPE_ECC); + XFREE(u1, heap, DYNAMIC_TYPE_ECC); + XFREE(p1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -68272,8 +68207,7 @@ static int sp_384_ecc_is_point_6(const sp_point_384* point, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, heap, DYNAMIC_TYPE_ECC); + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -68312,8 +68246,7 @@ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY) } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, NULL, DYNAMIC_TYPE_ECC); + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -68421,10 +68354,8 @@ int sp_ecc_check_key_384(const mp_int* pX, const mp_int* pY, } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, heap, DYNAMIC_TYPE_ECC); - if (priv != NULL) - XFREE(priv, heap, DYNAMIC_TYPE_ECC); + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + XFREE(priv, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -68503,10 +68434,8 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -68571,10 +68500,8 @@ int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -68635,10 +68562,8 @@ int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ) } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -68734,8 +68659,7 @@ static int sp_384_mont_sqrt_6(sp_digit* y) } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_ECC); + XFREE(t1, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -68800,8 +68724,7 @@ int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym) } #ifdef WOLFSSL_SP_SMALL_STACK - if (x != NULL) - XFREE(x, NULL, DYNAMIC_TYPE_ECC); + XFREE(x, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -72454,7 +72377,7 @@ static void sp_521_map_9(sp_point_521* r, const sp_point_521* p, sp_521_mont_reduce_9(r->x, p521_mod, p521_mp_mod); /* Reduce x to less than modulus */ n = sp_521_cmp_9(r->x, p521_mod); - sp_521_cond_sub_9(r->x, r->x, p521_mod, ~(n >> 63)); + sp_521_cond_sub_9(r->x, r->x, p521_mod, (sp_digit)~(n >> 63)); sp_521_norm_9(r->x); /* y /= z^3 */ @@ -72463,7 +72386,7 @@ static void sp_521_map_9(sp_point_521* r, const sp_point_521* p, sp_521_mont_reduce_9(r->y, p521_mod, p521_mp_mod); /* Reduce y to less than modulus */ n = sp_521_cmp_9(r->y, p521_mod); - sp_521_cond_sub_9(r->y, r->y, p521_mod, ~(n >> 63)); + sp_521_cond_sub_9(r->y, r->y, p521_mod, (sp_digit)~(n >> 63)); sp_521_norm_9(r->y); XMEMSET(r->z, 0, sizeof(r->z) / 2); @@ -73211,8 +73134,8 @@ static void sp_521_proj_point_add_9(sp_point_521* r, sp_521_mont_sub_9(y, y, t5, p521_mod); { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -73229,7 +73152,7 @@ static void sp_521_proj_point_add_9(sp_point_521* r, (z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } } } @@ -73403,8 +73326,8 @@ static int sp_521_proj_point_add_9_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r, { { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -73421,7 +73344,7 @@ static int sp_521_proj_point_add_9_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r, (ctx->z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } ctx->state = 25; break; @@ -73635,7 +73558,7 @@ static void sp_521_ecc_recode_6_9(const sp_digit* k, ecc_recode_521* v) n = k[j]; o = 0; for (i=0; i<87; i++) { - y = (int8_t)n; + y = (uint8_t)(int8_t)n; if (o + 6 < 64) { y &= 0x3f; n >>= 6; @@ -73897,10 +73820,8 @@ static int sp_521_ecc_mulmod_win_add_sub_9(sp_point_521* r, const sp_point_521* } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (tmp != NULL) - XFREE(tmp, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(tmp, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -73970,8 +73891,8 @@ static void sp_521_proj_point_add_qz1_9(sp_point_521* r, sp_521_mont_sub_9(y, t3, t1, p521_mod); { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -73988,7 +73909,7 @@ static void sp_521_proj_point_add_qz1_9(sp_point_521* r, (z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } } } @@ -74102,8 +74023,7 @@ static int sp_521_gen_stripe_table_9(const sp_point_521* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -74291,10 +74211,8 @@ static int sp_521_ecc_mulmod_stripe_9(sp_point_521* r, const sp_point_521* g, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -74553,8 +74471,7 @@ static int sp_521_gen_stripe_table_9(const sp_point_521* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -74742,10 +74659,8 @@ static int sp_521_ecc_mulmod_stripe_9(sp_point_521* r, const sp_point_521* g, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -74964,10 +74879,8 @@ int sp_ecc_mulmod_521(const mp_int* km, const ecc_point* gm, ecc_point* r, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -75044,10 +74957,8 @@ int sp_ecc_mulmod_add_521(const mp_int* km, const ecc_point* gm, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -77393,7 +77304,7 @@ static void sp_521_ecc_recode_7_9(const sp_digit* k, ecc_recode_521* v) n = k[j]; o = 0; for (i=0; i<75; i++) { - y = (int8_t)n; + y = (uint8_t)(int8_t)n; if (o + 7 < 64) { y &= 0x7f; n >>= 7; @@ -111429,8 +111340,7 @@ static int sp_521_ecc_mulmod_add_only_9(sp_point_521* r, const sp_point_521* g, #endif } #ifdef WOLFSSL_SP_SMALL_STACK - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -111497,10 +111407,8 @@ int sp_ecc_mulmod_base_521(const mp_int* km, ecc_point* r, int map, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -111575,10 +111483,8 @@ int sp_ecc_mulmod_base_add_521(const mp_int* km, const ecc_point* am, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -111743,6 +111649,7 @@ static void sp_521_from_bin(sp_digit* r, int size, const byte* a, int n) */ static int sp_521_ecc_gen_k_9(WC_RNG* rng, sp_digit* k) { +#ifndef WC_NO_RNG int err; byte buf[66]; @@ -111760,6 +111667,11 @@ static int sp_521_ecc_gen_k_9(WC_RNG* rng, sp_digit* k) while (err == 0); return err; +#else + (void)rng; + (void)k; + return NOT_COMPILED_IN; +#endif } /* Makes a random EC key pair. @@ -111838,12 +111750,9 @@ int sp_ecc_make_key_521(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) { - /* point is not sensitive, so no need to zeroize */ - XFREE(point, heap, DYNAMIC_TYPE_ECC); - } + XFREE(k, heap, DYNAMIC_TYPE_ECC); + /* point is not sensitive, so no need to zeroize */ + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -112009,10 +111918,8 @@ int sp_ecc_secret_gen_521(const mp_int* priv, const ecc_point* pub, byte* out, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -113011,10 +112918,8 @@ int sp_ecc_verify_521(const byte* hash, word32 hashLen, const mp_int* pX, } #ifdef WOLFSSL_SP_SMALL_STACK - if (u1 != NULL) - XFREE(u1, heap, DYNAMIC_TYPE_ECC); - if (p1 != NULL) - XFREE(p1, heap, DYNAMIC_TYPE_ECC); + XFREE(u1, heap, DYNAMIC_TYPE_ECC); + XFREE(p1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -113224,8 +113129,7 @@ static int sp_521_ecc_is_point_9(const sp_point_521* point, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, heap, DYNAMIC_TYPE_ECC); + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -113264,8 +113168,7 @@ int sp_ecc_is_point_521(const mp_int* pX, const mp_int* pY) } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, NULL, DYNAMIC_TYPE_ECC); + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -113373,10 +113276,8 @@ int sp_ecc_check_key_521(const mp_int* pX, const mp_int* pY, } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, heap, DYNAMIC_TYPE_ECC); - if (priv != NULL) - XFREE(priv, heap, DYNAMIC_TYPE_ECC); + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + XFREE(priv, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -113455,10 +113356,8 @@ int sp_ecc_proj_add_point_521(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -113523,10 +113422,8 @@ int sp_ecc_proj_dbl_point_521(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -113587,10 +113484,8 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ) } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -113640,8 +113535,7 @@ static int sp_521_mont_sqrt_9(sp_digit* y) } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, NULL, DYNAMIC_TYPE_ECC); + XFREE(t, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -113706,8 +113600,7 @@ int sp_ecc_uncompress_521(mp_int* xm, int odd, mp_int* ym) } #ifdef WOLFSSL_SP_SMALL_STACK - if (x != NULL) - XFREE(x, NULL, DYNAMIC_TYPE_ECC); + XFREE(x, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -115642,16 +115535,16 @@ static void sp_1024_point_free_16(sp_point_1024* p, int clear, void* heap) { #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) -/* If valid pointer then clear point data if requested and free data. */ + /* If valid pointer then clear point data if requested and free data. */ if (p != NULL) { - if (clear != 0) { + if (clear) { XMEMSET(p, 0, sizeof(*p)); } XFREE(p, heap, DYNAMIC_TYPE_ECC); } #else -/* Clear point data if requested. */ - if ((p != NULL) && (clear != 0)) { + /* Clear point data if requested. */ + if ((p != NULL) && clear) { XMEMSET(p, 0, sizeof(*p)); } #endif @@ -116275,7 +116168,7 @@ static void sp_1024_map_16(sp_point_1024* r, const sp_point_1024* p, sp_1024_mont_reduce_16(r->x, p1024_mod, p1024_mp_mod); /* Reduce x to less than modulus */ n = sp_1024_cmp_16(r->x, p1024_mod); - sp_1024_cond_sub_16(r->x, r->x, p1024_mod, ~(n >> 63)); + sp_1024_cond_sub_16(r->x, r->x, p1024_mod, (sp_digit)~(n >> 63)); sp_1024_norm_16(r->x); /* y /= z^3 */ @@ -116284,7 +116177,7 @@ static void sp_1024_map_16(sp_point_1024* r, const sp_point_1024* p, sp_1024_mont_reduce_16(r->y, p1024_mod, p1024_mp_mod); /* Reduce y to less than modulus */ n = sp_1024_cmp_16(r->y, p1024_mod); - sp_1024_cond_sub_16(r->y, r->y, p1024_mod, ~(n >> 63)); + sp_1024_cond_sub_16(r->y, r->y, p1024_mod, (sp_digit)~(n >> 63)); sp_1024_norm_16(r->y); XMEMSET(r->z, 0, sizeof(r->z) / 2); @@ -117320,8 +117213,8 @@ static void sp_1024_proj_point_add_16(sp_point_1024* r, sp_1024_mont_sub_16(y, y, t5, p1024_mod); { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -117338,7 +117231,7 @@ static void sp_1024_proj_point_add_16(sp_point_1024* r, (z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } } } @@ -117512,8 +117405,8 @@ static int sp_1024_proj_point_add_16_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024* r, { { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -117530,7 +117423,7 @@ static int sp_1024_proj_point_add_16_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024* r, (ctx->z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } ctx->state = 25; break; @@ -117752,7 +117645,7 @@ static void sp_1024_ecc_recode_7_16(const sp_digit* k, ecc_recode_1024* v) n = k[j]; o = 0; for (i=0; i<147; i++) { - y = (int8_t)n; + y = (uint8_t)(int8_t)n; if (o + 7 < 64) { y &= 0x7f; n >>= 7; @@ -117918,10 +117811,8 @@ static int sp_1024_ecc_mulmod_win_add_sub_16(sp_point_1024* r, const sp_point_10 } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (tmp != NULL) - XFREE(tmp, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(tmp, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -117993,8 +117884,8 @@ static void sp_1024_proj_point_add_qz1_16(sp_point_1024* r, sp_1024_mont_sub_16(y, t3, t1, p1024_mod); { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -118011,7 +117902,7 @@ static void sp_1024_proj_point_add_qz1_16(sp_point_1024* r, (z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } } } @@ -118122,8 +118013,7 @@ static int sp_1024_gen_stripe_table_16(const sp_point_1024* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -118222,10 +118112,8 @@ static int sp_1024_ecc_mulmod_stripe_16(sp_point_1024* r, const sp_point_1024* g } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -118442,10 +118330,8 @@ int sp_ecc_mulmod_1024(const mp_int* km, const ecc_point* gm, ecc_point* r, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -121843,10 +121729,8 @@ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -121921,10 +121805,8 @@ int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -121958,7 +121840,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len, if ((err == MP_OKAY) && (table == NULL)) { *len = sizeof(sp_table_entry_1024) * 256; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if ((err == MP_OKAY) && (*len < (int)(sizeof(sp_table_entry_1024) * 256))) { err = BUFFER_E; @@ -121989,10 +121871,8 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -122018,7 +121898,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len, if ((err == 0) && (table == NULL)) { *len = 0; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if ((err == 0) && (*len != 0)) { err = BUFFER_E; @@ -122085,10 +121965,8 @@ int sp_ecc_mulmod_table_1024(const mp_int* km, const ecc_point* gm, byte* table, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -122235,9 +122113,7 @@ int sp_ModExp_Fp_star_1024(const mp_int* base, mp_int* exp, mp_int* res) #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; } @@ -123877,9 +123753,7 @@ int sp_ModExp_Fp_star_1024(const mp_int* base, mp_int* exp, mp_int* res) #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; } @@ -124247,9 +124121,7 @@ int sp_Pairing_1024(const ecc_point* pm, const ecc_point* qm, mp_int* res) #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif sp_1024_point_free_16(c, 1, NULL); sp_1024_point_free_16(q, 1, NULL); @@ -124674,9 +124546,7 @@ int sp_Pairing_1024(const ecc_point* pm, const ecc_point* qm, mp_int* res) #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif sp_1024_point_free_16(c, 1, NULL); sp_1024_point_free_16(q, 1, NULL); @@ -124706,7 +124576,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table, if (table == NULL) { *len = 0; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } else if (*len != 0) { err = BUFFER_E; @@ -124935,7 +124805,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table, if (table == NULL) { *len = sizeof(sp_table_entry_1024) * 1167; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if ((err == MP_OKAY) && @@ -125042,9 +124912,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table, #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif sp_1024_point_free_16(neg, 1, NULL); sp_1024_point_free_16(c, 1, NULL); @@ -125237,9 +125105,7 @@ int sp_Pairing_precomp_1024(const ecc_point* pm, const ecc_point* qm, #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif sp_1024_point_free_16(c, 1, NULL); sp_1024_point_free_16(q, 1, NULL); @@ -125407,7 +125273,7 @@ static int sp_1024_ecc_is_point_16(const sp_point_1024* point, n = sp_1024_cmp_16(t1, p1024_mod); - sp_1024_cond_sub_16(t1, t1, p1024_mod, ~(n >> 63)); + sp_1024_cond_sub_16(t1, t1, p1024_mod, (sp_digit)~(n >> 63)); sp_1024_norm_16(t1); if (!sp_1024_iszero_16(t1)) { err = MP_VAL; @@ -125415,8 +125281,7 @@ static int sp_1024_ecc_is_point_16(const sp_point_1024* point, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, heap, DYNAMIC_TYPE_ECC); + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -125455,8 +125320,7 @@ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY) } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, NULL, DYNAMIC_TYPE_ECC); + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -125564,10 +125428,8 @@ int sp_ecc_check_key_1024(const mp_int* pX, const mp_int* pY, } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, heap, DYNAMIC_TYPE_ECC); - if (priv != NULL) - XFREE(priv, heap, DYNAMIC_TYPE_ECC); + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + XFREE(priv, heap, DYNAMIC_TYPE_ECC); #endif return err; diff --git a/src/wolfcrypt/src/sp_armthumb.c b/src/wolfcrypt/src/sp_armthumb.c index c7cb418..56c7931 100644 --- a/src/wolfcrypt/src/sp_armthumb.c +++ b/src/wolfcrypt/src/sp_armthumb.c @@ -1,6 +1,6 @@ /* sp.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -67,7 +67,7 @@ do { \ int ii; \ fprintf(stderr, name "=0x"); \ - for (ii = ((bits + 31) / 32) - 1; ii >= 0; ii--) \ + for (ii = (((bits) + 31) / 32) - 1; ii >= 0; ii--) \ fprintf(stderr, SP_PRINT_FMT, (var)[ii]); \ fprintf(stderr, "\n"); \ } while (0) @@ -24134,13 +24134,12 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e, XMEMSET(&r[32], 0, sizeof(sp_digit) * 32U); sp_2048_mont_reduce_32(r, m, mp); - mask = 0 - (sp_2048_cmp_32(r, m) >= 0); + mask = (sp_digit)0 - (sp_2048_cmp_32(r, m) >= 0); sp_2048_cond_sub_32(r, r, m, mask); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -24303,13 +24302,12 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e, XMEMSET(&r[32], 0, sizeof(sp_digit) * 32U); sp_2048_mont_reduce_32(r, m, mp); - mask = 0 - (sp_2048_cmp_32(r, m) >= 0); + mask = (sp_digit)0 - (sp_2048_cmp_32(r, m) >= 0); sp_2048_cond_sub_32(r, r, m, mask); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -27715,13 +27713,12 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e, XMEMSET(&r[64], 0, sizeof(sp_digit) * 64U); sp_2048_mont_reduce_64(r, m, mp); - mask = 0 - (sp_2048_cmp_64(r, m) >= 0); + mask = (sp_digit)0 - (sp_2048_cmp_64(r, m) >= 0); sp_2048_cond_sub_64(r, r, m, mask); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -27867,13 +27864,12 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e, XMEMSET(&r[64], 0, sizeof(sp_digit) * 64U); sp_2048_mont_reduce_64(r, m, mp); - mask = 0 - (sp_2048_cmp_64(r, m) >= 0); + mask = (sp_digit)0 - (sp_2048_cmp_64(r, m) >= 0); sp_2048_cond_sub_64(r, r, m, mask); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -28036,8 +28032,7 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (a != NULL) - XFREE(a, NULL, DYNAMIC_TYPE_RSA); + XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -30132,13 +30127,12 @@ static int sp_2048_mod_exp_2_64(sp_digit* r, const sp_digit* e, int bits, XMEMSET(&r[64], 0, sizeof(sp_digit) * 64U); sp_2048_mont_reduce_64(r, m, mp); - mask = 0 - (sp_2048_cmp_64(r, m) >= 0); + mask = (sp_digit)0 - (sp_2048_cmp_64(r, m) >= 0); sp_2048_cond_sub_64(r, r, m, mask); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -75596,13 +75590,12 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e, XMEMSET(&r[48], 0, sizeof(sp_digit) * 48U); sp_3072_mont_reduce_48(r, m, mp); - mask = 0 - (sp_3072_cmp_48(r, m) >= 0); + mask = (sp_digit)0 - (sp_3072_cmp_48(r, m) >= 0); sp_3072_cond_sub_48(r, r, m, mask); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -75765,13 +75758,12 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e, XMEMSET(&r[48], 0, sizeof(sp_digit) * 48U); sp_3072_mont_reduce_48(r, m, mp); - mask = 0 - (sp_3072_cmp_48(r, m) >= 0); + mask = (sp_digit)0 - (sp_3072_cmp_48(r, m) >= 0); sp_3072_cond_sub_48(r, r, m, mask); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -80008,13 +80000,12 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e, XMEMSET(&r[96], 0, sizeof(sp_digit) * 96U); sp_3072_mont_reduce_96(r, m, mp); - mask = 0 - (sp_3072_cmp_96(r, m) >= 0); + mask = (sp_digit)0 - (sp_3072_cmp_96(r, m) >= 0); sp_3072_cond_sub_96(r, r, m, mask); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -80160,13 +80151,12 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e, XMEMSET(&r[96], 0, sizeof(sp_digit) * 96U); sp_3072_mont_reduce_96(r, m, mp); - mask = 0 - (sp_3072_cmp_96(r, m) >= 0); + mask = (sp_digit)0 - (sp_3072_cmp_96(r, m) >= 0); sp_3072_cond_sub_96(r, r, m, mask); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -80329,8 +80319,7 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (a != NULL) - XFREE(a, NULL, DYNAMIC_TYPE_RSA); + XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -83223,13 +83212,12 @@ static int sp_3072_mod_exp_2_96(sp_digit* r, const sp_digit* e, int bits, XMEMSET(&r[96], 0, sizeof(sp_digit) * 96U); sp_3072_mont_reduce_96(r, m, mp); - mask = 0 - (sp_3072_cmp_96(r, m) >= 0); + mask = (sp_digit)0 - (sp_3072_cmp_96(r, m) >= 0); sp_3072_cond_sub_96(r, r, m, mask); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -92557,13 +92545,12 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e XMEMSET(&r[128], 0, sizeof(sp_digit) * 128U); sp_4096_mont_reduce_128(r, m, mp); - mask = 0 - (sp_4096_cmp_128(r, m) >= 0); + mask = (sp_digit)0 - (sp_4096_cmp_128(r, m) >= 0); sp_4096_cond_sub_128(r, r, m, mask); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -92709,13 +92696,12 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e XMEMSET(&r[128], 0, sizeof(sp_digit) * 128U); sp_4096_mont_reduce_128(r, m, mp); - mask = 0 - (sp_4096_cmp_128(r, m) >= 0); + mask = (sp_digit)0 - (sp_4096_cmp_128(r, m) >= 0); sp_4096_cond_sub_128(r, r, m, mask); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -92878,8 +92864,7 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (a != NULL) - XFREE(a, NULL, DYNAMIC_TYPE_RSA); + XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -96565,13 +96550,12 @@ static int sp_4096_mod_exp_2_128(sp_digit* r, const sp_digit* e, int bits, XMEMSET(&r[128], 0, sizeof(sp_digit) * 128U); sp_4096_mont_reduce_128(r, m, mp); - mask = 0 - (sp_4096_cmp_128(r, m) >= 0); + mask = (sp_digit)0 - (sp_4096_cmp_128(r, m) >= 0); sp_4096_cond_sub_128(r, r, m, mask); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -99151,7 +99135,7 @@ static void sp_256_map_8(sp_point_256* r, const sp_point_256* p, sp_256_mont_reduce_8(r->x, p256_mod, p256_mp_mod); /* Reduce x to less than modulus */ n = sp_256_cmp_8(r->x, p256_mod); - sp_256_cond_sub_8(r->x, r->x, p256_mod, ~(n >> 31)); + sp_256_cond_sub_8(r->x, r->x, p256_mod, (sp_digit)~(n >> 31)); sp_256_norm_8(r->x); /* y /= z^3 */ @@ -99160,7 +99144,7 @@ static void sp_256_map_8(sp_point_256* r, const sp_point_256* p, sp_256_mont_reduce_8(r->y, p256_mod, p256_mp_mod); /* Reduce y to less than modulus */ n = sp_256_cmp_8(r->y, p256_mod); - sp_256_cond_sub_8(r->y, r->y, p256_mod, ~(n >> 31)); + sp_256_cond_sub_8(r->y, r->y, p256_mod, (sp_digit)~(n >> 31)); sp_256_norm_8(r->y); XMEMSET(r->z, 0, sizeof(r->z) / 2); @@ -100606,8 +100590,8 @@ static void sp_256_proj_point_add_8(sp_point_256* r, sp_256_mont_sub_8(y, y, t5, p256_mod); { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -100624,7 +100608,7 @@ static void sp_256_proj_point_add_8(sp_point_256* r, (z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } } } @@ -100798,8 +100782,8 @@ static int sp_256_proj_point_add_8_nb(sp_ecc_ctx_t* sp_ctx, sp_point_256* r, { { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -100816,7 +100800,7 @@ static int sp_256_proj_point_add_8_nb(sp_ecc_ctx_t* sp_ctx, sp_point_256* r, (ctx->z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } ctx->state = 25; break; @@ -100871,7 +100855,7 @@ static void sp_256_get_point_16_8(sp_point_256* r, const sp_point_256* table, r->z[6] = 0; r->z[7] = 0; for (i = 1; i < 16; i++) { - mask = 0 - (i == idx); + mask = (sp_digit)0 - (i == idx); r->x[0] |= mask & table[i].x[0]; r->x[1] |= mask & table[i].x[1]; r->x[2] |= mask & table[i].x[2]; @@ -101065,15 +101049,15 @@ static int sp_256_ecc_mulmod_fast_8(sp_point_256* r, const sp_point_256* g, cons #endif } #ifndef WC_NO_CACHE_RESISTANT - #ifdef WOLFSSL_SP_SMALL_STACK +#ifdef WOLFSSL_SP_SMALL_STACK if (p != NULL) +#endif + { + ForceZero(p, sizeof(sp_point_256)); + #ifdef WOLFSSL_SP_SMALL_STACK + XFREE(p, heap, DYNAMIC_TYPE_ECC); #endif - { - ForceZero(p, sizeof(sp_point_256)); - #ifdef WOLFSSL_SP_SMALL_STACK - XFREE(p, heap, DYNAMIC_TYPE_ECC); - #endif - } + } #endif /* !WC_NO_CACHE_RESISTANT */ #ifdef WOLFSSL_SP_SMALL_STACK if (t != NULL) @@ -101269,8 +101253,8 @@ static void sp_256_proj_point_add_qz1_8(sp_point_256* r, sp_256_mont_sub_8(y, t3, t1, p256_mod); { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -101287,7 +101271,7 @@ static void sp_256_proj_point_add_qz1_8(sp_point_256* r, (z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } } } @@ -101377,8 +101361,7 @@ static int sp_256_gen_stripe_table_8(const sp_point_256* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -101415,7 +101398,7 @@ static void sp_256_get_entry_16_8(sp_point_256* r, r->y[6] = 0; r->y[7] = 0; for (i = 1; i < 16; i++) { - mask = 0 - (i == idx); + mask = (sp_digit)0 - (i == idx); r->x[0] |= mask & table[i].x[0]; r->x[1] |= mask & table[i].x[1]; r->x[2] |= mask & table[i].x[2]; @@ -101542,10 +101525,8 @@ static int sp_256_ecc_mulmod_stripe_8(sp_point_256* r, const sp_point_256* g, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -101801,8 +101782,7 @@ static int sp_256_gen_stripe_table_8(const sp_point_256* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -101839,7 +101819,7 @@ static void sp_256_get_entry_256_8(sp_point_256* r, r->y[6] = 0; r->y[7] = 0; for (i = 1; i < 256; i++) { - mask = 0 - (i == idx); + mask = (sp_digit)0 - (i == idx); r->x[0] |= mask & table[i].x[0]; r->x[1] |= mask & table[i].x[1]; r->x[2] |= mask & table[i].x[2]; @@ -101966,10 +101946,8 @@ static int sp_256_ecc_mulmod_stripe_8(sp_point_256* r, const sp_point_256* g, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -102187,10 +102165,8 @@ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -102267,10 +102243,8 @@ int sp_ecc_mulmod_add_256(const mp_int* km, const ecc_point* gm, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -103737,10 +103711,8 @@ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -103815,10 +103787,8 @@ int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -103959,6 +103929,7 @@ static void sp_256_from_bin(sp_digit* r, int size, const byte* a, int n) */ static int sp_256_ecc_gen_k_8(WC_RNG* rng, sp_digit* k) { +#ifndef WC_NO_RNG int err; byte buf[32]; @@ -103975,6 +103946,11 @@ static int sp_256_ecc_gen_k_8(WC_RNG* rng, sp_digit* k) while (err == 0); return err; +#else + (void)rng; + (void)k; + return NOT_COMPILED_IN; +#endif } /* Makes a random EC key pair. @@ -104053,12 +104029,9 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) { - /* point is not sensitive, so no need to zeroize */ - XFREE(point, heap, DYNAMIC_TYPE_ECC); - } + XFREE(k, heap, DYNAMIC_TYPE_ECC); + /* point is not sensitive, so no need to zeroize */ + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -104216,10 +104189,8 @@ int sp_ecc_secret_gen_256(const mp_int* priv, const ecc_point* pub, byte* out, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -107521,10 +107492,8 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, } #ifdef WOLFSSL_SP_SMALL_STACK - if (u1 != NULL) - XFREE(u1, heap, DYNAMIC_TYPE_ECC); - if (p1 != NULL) - XFREE(p1, heap, DYNAMIC_TYPE_ECC); + XFREE(u1, heap, DYNAMIC_TYPE_ECC); + XFREE(p1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -107731,8 +107700,7 @@ static int sp_256_ecc_is_point_8(const sp_point_256* point, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, heap, DYNAMIC_TYPE_ECC); + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -107771,8 +107739,7 @@ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY) } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, NULL, DYNAMIC_TYPE_ECC); + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -107880,10 +107847,8 @@ int sp_ecc_check_key_256(const mp_int* pX, const mp_int* pY, } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, heap, DYNAMIC_TYPE_ECC); - if (priv != NULL) - XFREE(priv, heap, DYNAMIC_TYPE_ECC); + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + XFREE(priv, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -107962,10 +107927,8 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -108030,10 +107993,8 @@ int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -108094,10 +108055,8 @@ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ) } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -108163,8 +108122,7 @@ static int sp_256_mont_sqrt_8(sp_digit* y) } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_ECC); + XFREE(t1, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -108229,8 +108187,7 @@ int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym) } #ifdef WOLFSSL_SP_SMALL_STACK - if (x != NULL) - XFREE(x, NULL, DYNAMIC_TYPE_ECC); + XFREE(x, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -109271,23 +109228,22 @@ static int sp_384_mod_mul_norm_12(sp_digit* r, const sp_digit* a, const sp_digit t[10] += t[9] >> 32; t[9] &= 0xffffffff; t[11] += t[10] >> 32; t[10] &= 0xffffffff; - r[0] = t[0]; - r[1] = t[1]; - r[2] = t[2]; - r[3] = t[3]; - r[4] = t[4]; - r[5] = t[5]; - r[6] = t[6]; - r[7] = t[7]; - r[8] = t[8]; - r[9] = t[9]; - r[10] = t[10]; - r[11] = t[11]; + r[0] = (sp_digit)t[0]; + r[1] = (sp_digit)t[1]; + r[2] = (sp_digit)t[2]; + r[3] = (sp_digit)t[3]; + r[4] = (sp_digit)t[4]; + r[5] = (sp_digit)t[5]; + r[6] = (sp_digit)t[6]; + r[7] = (sp_digit)t[7]; + r[8] = (sp_digit)t[8]; + r[9] = (sp_digit)t[9]; + r[10] = (sp_digit)t[10]; + r[11] = (sp_digit)t[11]; } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, NULL, DYNAMIC_TYPE_ECC); + XFREE(t, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -110560,7 +110516,7 @@ static void sp_384_map_12(sp_point_384* r, const sp_point_384* p, sp_384_mont_reduce_12(r->x, p384_mod, p384_mp_mod); /* Reduce x to less than modulus */ n = sp_384_cmp_12(r->x, p384_mod); - sp_384_cond_sub_12(r->x, r->x, p384_mod, ~(n >> 31)); + sp_384_cond_sub_12(r->x, r->x, p384_mod, (sp_digit)~(n >> 31)); sp_384_norm_12(r->x); /* y /= z^3 */ @@ -110569,7 +110525,7 @@ static void sp_384_map_12(sp_point_384* r, const sp_point_384* p, sp_384_mont_reduce_12(r->y, p384_mod, p384_mp_mod); /* Reduce y to less than modulus */ n = sp_384_cmp_12(r->y, p384_mod); - sp_384_cond_sub_12(r->y, r->y, p384_mod, ~(n >> 31)); + sp_384_cond_sub_12(r->y, r->y, p384_mod, (sp_digit)~(n >> 31)); sp_384_norm_12(r->y); XMEMSET(r->z, 0, sizeof(r->z) / 2); @@ -111442,8 +111398,8 @@ static void sp_384_proj_point_add_12(sp_point_384* r, sp_384_mont_sub_12(y, y, t5, p384_mod); { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -111460,7 +111416,7 @@ static void sp_384_proj_point_add_12(sp_point_384* r, (z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } } } @@ -111634,8 +111590,8 @@ static int sp_384_proj_point_add_12_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r, { { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -111652,7 +111608,7 @@ static int sp_384_proj_point_add_12_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r, (ctx->z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } ctx->state = 25; break; @@ -111719,7 +111675,7 @@ static void sp_384_get_point_16_12(sp_point_384* r, const sp_point_384* table, r->z[10] = 0; r->z[11] = 0; for (i = 1; i < 16; i++) { - mask = 0 - (i == idx); + mask = (sp_digit)0 - (i == idx); r->x[0] |= mask & table[i].x[0]; r->x[1] |= mask & table[i].x[1]; r->x[2] |= mask & table[i].x[2]; @@ -111925,15 +111881,15 @@ static int sp_384_ecc_mulmod_fast_12(sp_point_384* r, const sp_point_384* g, con #endif } #ifndef WC_NO_CACHE_RESISTANT - #ifdef WOLFSSL_SP_SMALL_STACK +#ifdef WOLFSSL_SP_SMALL_STACK if (p != NULL) +#endif + { + ForceZero(p, sizeof(sp_point_384)); + #ifdef WOLFSSL_SP_SMALL_STACK + XFREE(p, heap, DYNAMIC_TYPE_ECC); #endif - { - ForceZero(p, sizeof(sp_point_384)); - #ifdef WOLFSSL_SP_SMALL_STACK - XFREE(p, heap, DYNAMIC_TYPE_ECC); - #endif - } + } #endif /* !WC_NO_CACHE_RESISTANT */ #ifdef WOLFSSL_SP_SMALL_STACK if (t != NULL) @@ -112129,8 +112085,8 @@ static void sp_384_proj_point_add_qz1_12(sp_point_384* r, sp_384_mont_sub_12(y, t3, t1, p384_mod); { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -112147,7 +112103,7 @@ static void sp_384_proj_point_add_qz1_12(sp_point_384* r, (z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } } } @@ -112237,8 +112193,7 @@ static int sp_384_gen_stripe_table_12(const sp_point_384* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -112283,7 +112238,7 @@ static void sp_384_get_entry_16_12(sp_point_384* r, r->y[10] = 0; r->y[11] = 0; for (i = 1; i < 16; i++) { - mask = 0 - (i == idx); + mask = (sp_digit)0 - (i == idx); r->x[0] |= mask & table[i].x[0]; r->x[1] |= mask & table[i].x[1]; r->x[2] |= mask & table[i].x[2]; @@ -112418,10 +112373,8 @@ static int sp_384_ecc_mulmod_stripe_12(sp_point_384* r, const sp_point_384* g, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -112677,8 +112630,7 @@ static int sp_384_gen_stripe_table_12(const sp_point_384* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -112723,7 +112675,7 @@ static void sp_384_get_entry_256_12(sp_point_384* r, r->y[10] = 0; r->y[11] = 0; for (i = 1; i < 256; i++) { - mask = 0 - (i == idx); + mask = (sp_digit)0 - (i == idx); r->x[0] |= mask & table[i].x[0]; r->x[1] |= mask & table[i].x[1]; r->x[2] |= mask & table[i].x[2]; @@ -112858,10 +112810,8 @@ static int sp_384_ecc_mulmod_stripe_12(sp_point_384* r, const sp_point_384* g, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -113079,10 +113029,8 @@ int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -113159,10 +113107,8 @@ int sp_ecc_mulmod_add_384(const mp_int* km, const ecc_point* gm, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -114629,10 +114575,8 @@ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -114707,10 +114651,8 @@ int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -114887,6 +114829,7 @@ static void sp_384_from_bin(sp_digit* r, int size, const byte* a, int n) */ static int sp_384_ecc_gen_k_12(WC_RNG* rng, sp_digit* k) { +#ifndef WC_NO_RNG int err; byte buf[48]; @@ -114903,6 +114846,11 @@ static int sp_384_ecc_gen_k_12(WC_RNG* rng, sp_digit* k) while (err == 0); return err; +#else + (void)rng; + (void)k; + return NOT_COMPILED_IN; +#endif } /* Makes a random EC key pair. @@ -114981,12 +114929,9 @@ int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) { - /* point is not sensitive, so no need to zeroize */ - XFREE(point, heap, DYNAMIC_TYPE_ECC); - } + XFREE(k, heap, DYNAMIC_TYPE_ECC); + /* point is not sensitive, so no need to zeroize */ + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -115144,10 +115089,8 @@ int sp_ecc_secret_gen_384(const mp_int* priv, const ecc_point* pub, byte* out, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -118725,10 +118668,8 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, } #ifdef WOLFSSL_SP_SMALL_STACK - if (u1 != NULL) - XFREE(u1, heap, DYNAMIC_TYPE_ECC); - if (p1 != NULL) - XFREE(p1, heap, DYNAMIC_TYPE_ECC); + XFREE(u1, heap, DYNAMIC_TYPE_ECC); + XFREE(p1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -118935,8 +118876,7 @@ static int sp_384_ecc_is_point_12(const sp_point_384* point, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, heap, DYNAMIC_TYPE_ECC); + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -118975,8 +118915,7 @@ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY) } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, NULL, DYNAMIC_TYPE_ECC); + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -119084,10 +119023,8 @@ int sp_ecc_check_key_384(const mp_int* pX, const mp_int* pY, } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, heap, DYNAMIC_TYPE_ECC); - if (priv != NULL) - XFREE(priv, heap, DYNAMIC_TYPE_ECC); + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + XFREE(priv, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -119166,10 +119103,8 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -119234,10 +119169,8 @@ int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -119298,10 +119231,8 @@ int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ) } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -119397,8 +119328,7 @@ static int sp_384_mont_sqrt_12(sp_digit* y) } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_ECC); + XFREE(t1, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -119463,8 +119393,7 @@ int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym) } #ifdef WOLFSSL_SP_SMALL_STACK - if (x != NULL) - XFREE(x, NULL, DYNAMIC_TYPE_ECC); + XFREE(x, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -122849,7 +122778,7 @@ static void sp_521_map_17(sp_point_521* r, const sp_point_521* p, sp_521_mont_reduce_17(r->x, p521_mod, p521_mp_mod); /* Reduce x to less than modulus */ n = sp_521_cmp_17(r->x, p521_mod); - sp_521_cond_sub_17(r->x, r->x, p521_mod, ~(n >> 31)); + sp_521_cond_sub_17(r->x, r->x, p521_mod, (sp_digit)~(n >> 31)); sp_521_norm_17(r->x); /* y /= z^3 */ @@ -122858,7 +122787,7 @@ static void sp_521_map_17(sp_point_521* r, const sp_point_521* p, sp_521_mont_reduce_17(r->y, p521_mod, p521_mp_mod); /* Reduce y to less than modulus */ n = sp_521_cmp_17(r->y, p521_mod); - sp_521_cond_sub_17(r->y, r->y, p521_mod, ~(n >> 31)); + sp_521_cond_sub_17(r->y, r->y, p521_mod, (sp_digit)~(n >> 31)); sp_521_norm_17(r->y); XMEMSET(r->z, 0, sizeof(r->z) / 2); @@ -125039,8 +124968,8 @@ static void sp_521_proj_point_add_17(sp_point_521* r, sp_521_mont_sub_17(y, y, t5, p521_mod); { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -125057,7 +124986,7 @@ static void sp_521_proj_point_add_17(sp_point_521* r, (z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } } } @@ -125231,8 +125160,8 @@ static int sp_521_proj_point_add_17_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r, { { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -125249,7 +125178,7 @@ static int sp_521_proj_point_add_17_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r, (ctx->z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } ctx->state = 25; break; @@ -125331,7 +125260,7 @@ static void sp_521_get_point_16_17(sp_point_521* r, const sp_point_521* table, r->z[15] = 0; r->z[16] = 0; for (i = 1; i < 16; i++) { - mask = 0 - (i == idx); + mask = (sp_digit)0 - (i == idx); r->x[0] |= mask & table[i].x[0]; r->x[1] |= mask & table[i].x[1]; r->x[2] |= mask & table[i].x[2]; @@ -125556,15 +125485,15 @@ static int sp_521_ecc_mulmod_fast_17(sp_point_521* r, const sp_point_521* g, con #endif } #ifndef WC_NO_CACHE_RESISTANT - #ifdef WOLFSSL_SP_SMALL_STACK +#ifdef WOLFSSL_SP_SMALL_STACK if (p != NULL) +#endif + { + ForceZero(p, sizeof(sp_point_521)); + #ifdef WOLFSSL_SP_SMALL_STACK + XFREE(p, heap, DYNAMIC_TYPE_ECC); #endif - { - ForceZero(p, sizeof(sp_point_521)); - #ifdef WOLFSSL_SP_SMALL_STACK - XFREE(p, heap, DYNAMIC_TYPE_ECC); - #endif - } + } #endif /* !WC_NO_CACHE_RESISTANT */ #ifdef WOLFSSL_SP_SMALL_STACK if (t != NULL) @@ -125760,8 +125689,8 @@ static void sp_521_proj_point_add_qz1_17(sp_point_521* r, sp_521_mont_sub_17(y, t3, t1, p521_mod); { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -125778,7 +125707,7 @@ static void sp_521_proj_point_add_qz1_17(sp_point_521* r, (z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } } } @@ -125868,8 +125797,7 @@ static int sp_521_gen_stripe_table_17(const sp_point_521* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -125924,7 +125852,7 @@ static void sp_521_get_entry_16_17(sp_point_521* r, r->y[15] = 0; r->y[16] = 0; for (i = 1; i < 16; i++) { - mask = 0 - (i == idx); + mask = (sp_digit)0 - (i == idx); r->x[0] |= mask & table[i].x[0]; r->x[1] |= mask & table[i].x[1]; r->x[2] |= mask & table[i].x[2]; @@ -126069,10 +125997,8 @@ static int sp_521_ecc_mulmod_stripe_17(sp_point_521* r, const sp_point_521* g, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -126328,8 +126254,7 @@ static int sp_521_gen_stripe_table_17(const sp_point_521* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -126384,7 +126309,7 @@ static void sp_521_get_entry_256_17(sp_point_521* r, r->y[15] = 0; r->y[16] = 0; for (i = 1; i < 256; i++) { - mask = 0 - (i == idx); + mask = (sp_digit)0 - (i == idx); r->x[0] |= mask & table[i].x[0]; r->x[1] |= mask & table[i].x[1]; r->x[2] |= mask & table[i].x[2]; @@ -126529,10 +126454,8 @@ static int sp_521_ecc_mulmod_stripe_17(sp_point_521* r, const sp_point_521* g, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -126750,10 +126673,8 @@ int sp_ecc_mulmod_521(const mp_int* km, const ecc_point* gm, ecc_point* r, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -126830,10 +126751,8 @@ int sp_ecc_mulmod_add_521(const mp_int* km, const ecc_point* gm, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -128844,10 +128763,8 @@ int sp_ecc_mulmod_base_521(const mp_int* km, ecc_point* r, int map, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -128922,10 +128839,8 @@ int sp_ecc_mulmod_base_add_521(const mp_int* km, const ecc_point* am, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -129147,6 +129062,7 @@ static void sp_521_from_bin(sp_digit* r, int size, const byte* a, int n) */ static int sp_521_ecc_gen_k_17(WC_RNG* rng, sp_digit* k) { +#ifndef WC_NO_RNG int err; byte buf[66]; @@ -129164,6 +129080,11 @@ static int sp_521_ecc_gen_k_17(WC_RNG* rng, sp_digit* k) while (err == 0); return err; +#else + (void)rng; + (void)k; + return NOT_COMPILED_IN; +#endif } /* Makes a random EC key pair. @@ -129242,12 +129163,9 @@ int sp_ecc_make_key_521(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) { - /* point is not sensitive, so no need to zeroize */ - XFREE(point, heap, DYNAMIC_TYPE_ECC); - } + XFREE(k, heap, DYNAMIC_TYPE_ECC); + /* point is not sensitive, so no need to zeroize */ + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -129407,10 +129325,8 @@ int sp_ecc_secret_gen_521(const mp_int* priv, const ecc_point* pub, byte* out, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -135672,10 +135588,8 @@ int sp_ecc_verify_521(const byte* hash, word32 hashLen, const mp_int* pX, } #ifdef WOLFSSL_SP_SMALL_STACK - if (u1 != NULL) - XFREE(u1, heap, DYNAMIC_TYPE_ECC); - if (p1 != NULL) - XFREE(p1, heap, DYNAMIC_TYPE_ECC); + XFREE(u1, heap, DYNAMIC_TYPE_ECC); + XFREE(p1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -135885,8 +135799,7 @@ static int sp_521_ecc_is_point_17(const sp_point_521* point, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, heap, DYNAMIC_TYPE_ECC); + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -135925,8 +135838,7 @@ int sp_ecc_is_point_521(const mp_int* pX, const mp_int* pY) } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, NULL, DYNAMIC_TYPE_ECC); + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -136034,10 +135946,8 @@ int sp_ecc_check_key_521(const mp_int* pX, const mp_int* pY, } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, heap, DYNAMIC_TYPE_ECC); - if (priv != NULL) - XFREE(priv, heap, DYNAMIC_TYPE_ECC); + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + XFREE(priv, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -136116,10 +136026,8 @@ int sp_ecc_proj_add_point_521(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -136184,10 +136092,8 @@ int sp_ecc_proj_dbl_point_521(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -136248,10 +136154,8 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ) } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -136301,8 +136205,7 @@ static int sp_521_mont_sqrt_17(sp_digit* y) } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, NULL, DYNAMIC_TYPE_ECC); + XFREE(t, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -136367,8 +136270,7 @@ int sp_ecc_uncompress_521(mp_int* xm, int odd, mp_int* ym) } #ifdef WOLFSSL_SP_SMALL_STACK - if (x != NULL) - XFREE(x, NULL, DYNAMIC_TYPE_ECC); + XFREE(x, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -202512,16 +202414,16 @@ static void sp_1024_point_free_32(sp_point_1024* p, int clear, void* heap) { #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) -/* If valid pointer then clear point data if requested and free data. */ + /* If valid pointer then clear point data if requested and free data. */ if (p != NULL) { - if (clear != 0) { + if (clear) { XMEMSET(p, 0, sizeof(*p)); } XFREE(p, heap, DYNAMIC_TYPE_ECC); } #else -/* Clear point data if requested. */ - if ((p != NULL) && (clear != 0)) { + /* Clear point data if requested. */ + if ((p != NULL) && clear) { XMEMSET(p, 0, sizeof(*p)); } #endif @@ -203932,7 +203834,7 @@ static void sp_1024_map_32(sp_point_1024* r, const sp_point_1024* p, sp_1024_mont_reduce_32(r->x, p1024_mod, p1024_mp_mod); /* Reduce x to less than modulus */ n = sp_1024_cmp_32(r->x, p1024_mod); - sp_1024_cond_sub_32(r->x, r->x, p1024_mod, ~(n >> 31)); + sp_1024_cond_sub_32(r->x, r->x, p1024_mod, (sp_digit)~(n >> 31)); sp_1024_norm_32(r->x); /* y /= z^3 */ @@ -203941,7 +203843,7 @@ static void sp_1024_map_32(sp_point_1024* r, const sp_point_1024* p, sp_1024_mont_reduce_32(r->y, p1024_mod, p1024_mp_mod); /* Reduce y to less than modulus */ n = sp_1024_cmp_32(r->y, p1024_mod); - sp_1024_cond_sub_32(r->y, r->y, p1024_mod, ~(n >> 31)); + sp_1024_cond_sub_32(r->y, r->y, p1024_mod, (sp_digit)~(n >> 31)); sp_1024_norm_32(r->y); XMEMSET(r->z, 0, sizeof(r->z) / 2); @@ -209936,8 +209838,8 @@ static void sp_1024_proj_point_add_32(sp_point_1024* r, sp_1024_mont_sub_32(y, y, t5, p1024_mod); { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -209954,7 +209856,7 @@ static void sp_1024_proj_point_add_32(sp_point_1024* r, (z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } } } @@ -210128,8 +210030,8 @@ static int sp_1024_proj_point_add_32_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024* r, { { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -210146,7 +210048,7 @@ static int sp_1024_proj_point_add_32_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024* r, (ctx->z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } ctx->state = 25; break; @@ -210487,8 +210389,8 @@ static void sp_1024_proj_point_add_qz1_32(sp_point_1024* r, sp_1024_mont_sub_32(y, t3, t1, p1024_mod); { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -210505,7 +210407,7 @@ static void sp_1024_proj_point_add_qz1_32(sp_point_1024* r, (z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } } } @@ -210595,8 +210497,7 @@ static int sp_1024_gen_stripe_table_32(const sp_point_1024* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -210695,10 +210596,8 @@ static int sp_1024_ecc_mulmod_stripe_32(sp_point_1024* r, const sp_point_1024* g } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -210954,8 +210853,7 @@ static int sp_1024_gen_stripe_table_32(const sp_point_1024* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -211054,10 +210952,8 @@ static int sp_1024_ecc_mulmod_stripe_32(sp_point_1024* r, const sp_point_1024* g } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -211275,10 +211171,8 @@ int sp_ecc_mulmod_1024(const mp_int* km, const ecc_point* gm, ecc_point* r, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -214913,10 +214807,8 @@ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -214991,10 +214883,8 @@ int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -215028,7 +214918,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len, if ((err == MP_OKAY) && (table == NULL)) { *len = sizeof(sp_table_entry_1024) * 256; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if ((err == MP_OKAY) && (*len < (int)(sizeof(sp_table_entry_1024) * 256))) { err = BUFFER_E; @@ -215059,10 +214949,8 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -215088,7 +214976,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len, if ((err == 0) && (table == NULL)) { *len = 0; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if ((err == 0) && (*len != 0)) { err = BUFFER_E; @@ -215155,10 +215043,8 @@ int sp_ecc_mulmod_table_1024(const mp_int* km, const ecc_point* gm, byte* table, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -215305,9 +215191,7 @@ int sp_ModExp_Fp_star_1024(const mp_int* base, mp_int* exp, mp_int* res) #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; } @@ -217203,9 +217087,7 @@ int sp_ModExp_Fp_star_1024(const mp_int* base, mp_int* exp, mp_int* res) #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; } @@ -217573,9 +217455,7 @@ int sp_Pairing_1024(const ecc_point* pm, const ecc_point* qm, mp_int* res) #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif sp_1024_point_free_32(c, 1, NULL); sp_1024_point_free_32(q, 1, NULL); @@ -218000,9 +217880,7 @@ int sp_Pairing_1024(const ecc_point* pm, const ecc_point* qm, mp_int* res) #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif sp_1024_point_free_32(c, 1, NULL); sp_1024_point_free_32(q, 1, NULL); @@ -218032,7 +217910,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table, if (table == NULL) { *len = 0; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } else if (*len != 0) { err = BUFFER_E; @@ -218261,7 +218139,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table, if (table == NULL) { *len = sizeof(sp_table_entry_1024) * 1167; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if ((err == MP_OKAY) && @@ -218368,9 +218246,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table, #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif sp_1024_point_free_32(neg, 1, NULL); sp_1024_point_free_32(c, 1, NULL); @@ -218563,9 +218439,7 @@ int sp_Pairing_precomp_1024(const ecc_point* pm, const ecc_point* qm, #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif sp_1024_point_free_32(c, 1, NULL); sp_1024_point_free_32(q, 1, NULL); @@ -218658,7 +218532,7 @@ static int sp_1024_ecc_is_point_32(const sp_point_1024* point, n = sp_1024_cmp_32(t1, p1024_mod); - sp_1024_cond_sub_32(t1, t1, p1024_mod, ~(n >> 31)); + sp_1024_cond_sub_32(t1, t1, p1024_mod, (sp_digit)~(n >> 31)); sp_1024_norm_32(t1); if (!sp_1024_iszero_32(t1)) { err = MP_VAL; @@ -218666,8 +218540,7 @@ static int sp_1024_ecc_is_point_32(const sp_point_1024* point, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, heap, DYNAMIC_TYPE_ECC); + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -218706,8 +218579,7 @@ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY) } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, NULL, DYNAMIC_TYPE_ECC); + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -218815,10 +218687,8 @@ int sp_ecc_check_key_1024(const mp_int* pX, const mp_int* pY, } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, heap, DYNAMIC_TYPE_ECC); - if (priv != NULL) - XFREE(priv, heap, DYNAMIC_TYPE_ECC); + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + XFREE(priv, heap, DYNAMIC_TYPE_ECC); #endif return err; diff --git a/src/wolfcrypt/src/sp_c32.c b/src/wolfcrypt/src/sp_c32.c index 21a9e0e..9520f86 100644 --- a/src/wolfcrypt/src/sp_c32.c +++ b/src/wolfcrypt/src/sp_c32.c @@ -1,6 +1,6 @@ /* sp.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -71,13 +71,13 @@ #define SP_PRINT_NUM(var, name, total, words, bits) \ do { \ int ii; \ - byte nb[(bits + 7) / 8]; \ + byte nb[((bits) + 7) / 8]; \ sp_digit _s[words]; \ XMEMCPY(_s, var, sizeof(_s)); \ sp_##total##_norm_##words(_s); \ sp_##total##_to_bin_##words(_s, nb); \ fprintf(stderr, name "=0x"); \ - for (ii=0; ii<(bits + 7) / 8; ii++) \ + for (ii=0; ii<((bits) + 7) / 8; ii++) \ fprintf(stderr, "%02x", nb[ii]); \ fprintf(stderr, "\n"); \ } while (0) @@ -357,29 +357,29 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a, t0 = ((sp_uint64)a[ 0]) * b[ 0]; t1 = ((sp_uint64)a[ 0]) * b[ 1] + ((sp_uint64)a[ 1]) * b[ 0]; - t[ 0] = t0 & 0x1fffffff; t1 += t0 >> 29; + t[ 0] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = ((sp_uint64)a[ 0]) * b[ 2] + ((sp_uint64)a[ 1]) * b[ 1] + ((sp_uint64)a[ 2]) * b[ 0]; - t[ 1] = t1 & 0x1fffffff; t0 += t1 >> 29; + t[ 1] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = ((sp_uint64)a[ 0]) * b[ 3] + ((sp_uint64)a[ 1]) * b[ 2] + ((sp_uint64)a[ 2]) * b[ 1] + ((sp_uint64)a[ 3]) * b[ 0]; - t[ 2] = t0 & 0x1fffffff; t1 += t0 >> 29; + t[ 2] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = ((sp_uint64)a[ 0]) * b[ 4] + ((sp_uint64)a[ 1]) * b[ 3] + ((sp_uint64)a[ 2]) * b[ 2] + ((sp_uint64)a[ 3]) * b[ 1] + ((sp_uint64)a[ 4]) * b[ 0]; - t[ 3] = t1 & 0x1fffffff; t0 += t1 >> 29; + t[ 3] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = ((sp_uint64)a[ 0]) * b[ 5] + ((sp_uint64)a[ 1]) * b[ 4] + ((sp_uint64)a[ 2]) * b[ 3] + ((sp_uint64)a[ 3]) * b[ 2] + ((sp_uint64)a[ 4]) * b[ 1] + ((sp_uint64)a[ 5]) * b[ 0]; - t[ 4] = t0 & 0x1fffffff; t1 += t0 >> 29; + t[ 4] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = ((sp_uint64)a[ 0]) * b[ 6] + ((sp_uint64)a[ 1]) * b[ 5] + ((sp_uint64)a[ 2]) * b[ 4] @@ -387,7 +387,7 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[ 4]) * b[ 2] + ((sp_uint64)a[ 5]) * b[ 1] + ((sp_uint64)a[ 6]) * b[ 0]; - t[ 5] = t1 & 0x1fffffff; t0 += t1 >> 29; + t[ 5] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = ((sp_uint64)a[ 0]) * b[ 7] + ((sp_uint64)a[ 1]) * b[ 6] + ((sp_uint64)a[ 2]) * b[ 5] @@ -396,7 +396,7 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[ 5]) * b[ 2] + ((sp_uint64)a[ 6]) * b[ 1] + ((sp_uint64)a[ 7]) * b[ 0]; - t[ 6] = t0 & 0x1fffffff; t1 += t0 >> 29; + t[ 6] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = ((sp_uint64)a[ 0]) * b[ 8] + ((sp_uint64)a[ 1]) * b[ 7] + ((sp_uint64)a[ 2]) * b[ 6] @@ -406,7 +406,7 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[ 6]) * b[ 2] + ((sp_uint64)a[ 7]) * b[ 1] + ((sp_uint64)a[ 8]) * b[ 0]; - t[ 7] = t1 & 0x1fffffff; t0 += t1 >> 29; + t[ 7] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = ((sp_uint64)a[ 0]) * b[ 9] + ((sp_uint64)a[ 1]) * b[ 8] + ((sp_uint64)a[ 2]) * b[ 7] @@ -417,7 +417,7 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[ 7]) * b[ 2] + ((sp_uint64)a[ 8]) * b[ 1] + ((sp_uint64)a[ 9]) * b[ 0]; - t[ 8] = t0 & 0x1fffffff; t1 += t0 >> 29; + t[ 8] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = ((sp_uint64)a[ 0]) * b[10] + ((sp_uint64)a[ 1]) * b[ 9] + ((sp_uint64)a[ 2]) * b[ 8] @@ -429,7 +429,7 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[ 8]) * b[ 2] + ((sp_uint64)a[ 9]) * b[ 1] + ((sp_uint64)a[10]) * b[ 0]; - t[ 9] = t1 & 0x1fffffff; t0 += t1 >> 29; + t[ 9] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = ((sp_uint64)a[ 0]) * b[11] + ((sp_uint64)a[ 1]) * b[10] + ((sp_uint64)a[ 2]) * b[ 9] @@ -442,7 +442,7 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[ 9]) * b[ 2] + ((sp_uint64)a[10]) * b[ 1] + ((sp_uint64)a[11]) * b[ 0]; - t[10] = t0 & 0x1fffffff; t1 += t0 >> 29; + t[10] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = ((sp_uint64)a[ 1]) * b[11] + ((sp_uint64)a[ 2]) * b[10] + ((sp_uint64)a[ 3]) * b[ 9] @@ -454,7 +454,7 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[ 9]) * b[ 3] + ((sp_uint64)a[10]) * b[ 2] + ((sp_uint64)a[11]) * b[ 1]; - t[11] = t1 & 0x1fffffff; t0 += t1 >> 29; + t[11] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = ((sp_uint64)a[ 2]) * b[11] + ((sp_uint64)a[ 3]) * b[10] + ((sp_uint64)a[ 4]) * b[ 9] @@ -465,7 +465,7 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[ 9]) * b[ 4] + ((sp_uint64)a[10]) * b[ 3] + ((sp_uint64)a[11]) * b[ 2]; - r[12] = t0 & 0x1fffffff; t1 += t0 >> 29; + r[12] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = ((sp_uint64)a[ 3]) * b[11] + ((sp_uint64)a[ 4]) * b[10] + ((sp_uint64)a[ 5]) * b[ 9] @@ -475,7 +475,7 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[ 9]) * b[ 5] + ((sp_uint64)a[10]) * b[ 4] + ((sp_uint64)a[11]) * b[ 3]; - r[13] = t1 & 0x1fffffff; t0 += t1 >> 29; + r[13] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = ((sp_uint64)a[ 4]) * b[11] + ((sp_uint64)a[ 5]) * b[10] + ((sp_uint64)a[ 6]) * b[ 9] @@ -484,7 +484,7 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[ 9]) * b[ 6] + ((sp_uint64)a[10]) * b[ 5] + ((sp_uint64)a[11]) * b[ 4]; - r[14] = t0 & 0x1fffffff; t1 += t0 >> 29; + r[14] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = ((sp_uint64)a[ 5]) * b[11] + ((sp_uint64)a[ 6]) * b[10] + ((sp_uint64)a[ 7]) * b[ 9] @@ -492,35 +492,35 @@ SP_NOINLINE static void sp_2048_mul_12(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[ 9]) * b[ 7] + ((sp_uint64)a[10]) * b[ 6] + ((sp_uint64)a[11]) * b[ 5]; - r[15] = t1 & 0x1fffffff; t0 += t1 >> 29; + r[15] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = ((sp_uint64)a[ 6]) * b[11] + ((sp_uint64)a[ 7]) * b[10] + ((sp_uint64)a[ 8]) * b[ 9] + ((sp_uint64)a[ 9]) * b[ 8] + ((sp_uint64)a[10]) * b[ 7] + ((sp_uint64)a[11]) * b[ 6]; - r[16] = t0 & 0x1fffffff; t1 += t0 >> 29; + r[16] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = ((sp_uint64)a[ 7]) * b[11] + ((sp_uint64)a[ 8]) * b[10] + ((sp_uint64)a[ 9]) * b[ 9] + ((sp_uint64)a[10]) * b[ 8] + ((sp_uint64)a[11]) * b[ 7]; - r[17] = t1 & 0x1fffffff; t0 += t1 >> 29; + r[17] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = ((sp_uint64)a[ 8]) * b[11] + ((sp_uint64)a[ 9]) * b[10] + ((sp_uint64)a[10]) * b[ 9] + ((sp_uint64)a[11]) * b[ 8]; - r[18] = t0 & 0x1fffffff; t1 += t0 >> 29; + r[18] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = ((sp_uint64)a[ 9]) * b[11] + ((sp_uint64)a[10]) * b[10] + ((sp_uint64)a[11]) * b[ 9]; - r[19] = t1 & 0x1fffffff; t0 += t1 >> 29; + r[19] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = ((sp_uint64)a[10]) * b[11] + ((sp_uint64)a[11]) * b[10]; - r[20] = t0 & 0x1fffffff; t1 += t0 >> 29; + r[20] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = ((sp_uint64)a[11]) * b[11]; - r[21] = t1 & 0x1fffffff; t0 += t1 >> 29; - r[22] = t0 & 0x1fffffff; + r[21] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; + r[22] = (sp_digit)(t0 & 0x1fffffff); r[23] = (sp_digit)(t0 >> 29); XMEMCPY(r, t, sizeof(t)); } @@ -874,105 +874,105 @@ SP_NOINLINE static void sp_2048_sqr_12(sp_digit* r, const sp_digit* a) t0 = ((sp_uint64)a[ 0]) * a[ 0]; t1 = (((sp_uint64)a[ 0]) * a[ 1]) * 2; - t[ 0] = t0 & 0x1fffffff; t1 += t0 >> 29; + t[ 0] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = (((sp_uint64)a[ 0]) * a[ 2]) * 2 + ((sp_uint64)a[ 1]) * a[ 1]; - t[ 1] = t1 & 0x1fffffff; t0 += t1 >> 29; + t[ 1] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = (((sp_uint64)a[ 0]) * a[ 3] + ((sp_uint64)a[ 1]) * a[ 2]) * 2; - t[ 2] = t0 & 0x1fffffff; t1 += t0 >> 29; + t[ 2] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = (((sp_uint64)a[ 0]) * a[ 4] + ((sp_uint64)a[ 1]) * a[ 3]) * 2 + ((sp_uint64)a[ 2]) * a[ 2]; - t[ 3] = t1 & 0x1fffffff; t0 += t1 >> 29; + t[ 3] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = (((sp_uint64)a[ 0]) * a[ 5] + ((sp_uint64)a[ 1]) * a[ 4] + ((sp_uint64)a[ 2]) * a[ 3]) * 2; - t[ 4] = t0 & 0x1fffffff; t1 += t0 >> 29; + t[ 4] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = (((sp_uint64)a[ 0]) * a[ 6] + ((sp_uint64)a[ 1]) * a[ 5] + ((sp_uint64)a[ 2]) * a[ 4]) * 2 + ((sp_uint64)a[ 3]) * a[ 3]; - t[ 5] = t1 & 0x1fffffff; t0 += t1 >> 29; + t[ 5] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = (((sp_uint64)a[ 0]) * a[ 7] + ((sp_uint64)a[ 1]) * a[ 6] + ((sp_uint64)a[ 2]) * a[ 5] + ((sp_uint64)a[ 3]) * a[ 4]) * 2; - t[ 6] = t0 & 0x1fffffff; t1 += t0 >> 29; + t[ 6] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = (((sp_uint64)a[ 0]) * a[ 8] + ((sp_uint64)a[ 1]) * a[ 7] + ((sp_uint64)a[ 2]) * a[ 6] + ((sp_uint64)a[ 3]) * a[ 5]) * 2 + ((sp_uint64)a[ 4]) * a[ 4]; - t[ 7] = t1 & 0x1fffffff; t0 += t1 >> 29; + t[ 7] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = (((sp_uint64)a[ 0]) * a[ 9] + ((sp_uint64)a[ 1]) * a[ 8] + ((sp_uint64)a[ 2]) * a[ 7] + ((sp_uint64)a[ 3]) * a[ 6] + ((sp_uint64)a[ 4]) * a[ 5]) * 2; - t[ 8] = t0 & 0x1fffffff; t1 += t0 >> 29; + t[ 8] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = (((sp_uint64)a[ 0]) * a[10] + ((sp_uint64)a[ 1]) * a[ 9] + ((sp_uint64)a[ 2]) * a[ 8] + ((sp_uint64)a[ 3]) * a[ 7] + ((sp_uint64)a[ 4]) * a[ 6]) * 2 + ((sp_uint64)a[ 5]) * a[ 5]; - t[ 9] = t1 & 0x1fffffff; t0 += t1 >> 29; + t[ 9] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = (((sp_uint64)a[ 0]) * a[11] + ((sp_uint64)a[ 1]) * a[10] + ((sp_uint64)a[ 2]) * a[ 9] + ((sp_uint64)a[ 3]) * a[ 8] + ((sp_uint64)a[ 4]) * a[ 7] + ((sp_uint64)a[ 5]) * a[ 6]) * 2; - t[10] = t0 & 0x1fffffff; t1 += t0 >> 29; + t[10] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = (((sp_uint64)a[ 1]) * a[11] + ((sp_uint64)a[ 2]) * a[10] + ((sp_uint64)a[ 3]) * a[ 9] + ((sp_uint64)a[ 4]) * a[ 8] + ((sp_uint64)a[ 5]) * a[ 7]) * 2 + ((sp_uint64)a[ 6]) * a[ 6]; - t[11] = t1 & 0x1fffffff; t0 += t1 >> 29; + t[11] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = (((sp_uint64)a[ 2]) * a[11] + ((sp_uint64)a[ 3]) * a[10] + ((sp_uint64)a[ 4]) * a[ 9] + ((sp_uint64)a[ 5]) * a[ 8] + ((sp_uint64)a[ 6]) * a[ 7]) * 2; - r[12] = t0 & 0x1fffffff; t1 += t0 >> 29; + r[12] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = (((sp_uint64)a[ 3]) * a[11] + ((sp_uint64)a[ 4]) * a[10] + ((sp_uint64)a[ 5]) * a[ 9] + ((sp_uint64)a[ 6]) * a[ 8]) * 2 + ((sp_uint64)a[ 7]) * a[ 7]; - r[13] = t1 & 0x1fffffff; t0 += t1 >> 29; + r[13] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = (((sp_uint64)a[ 4]) * a[11] + ((sp_uint64)a[ 5]) * a[10] + ((sp_uint64)a[ 6]) * a[ 9] + ((sp_uint64)a[ 7]) * a[ 8]) * 2; - r[14] = t0 & 0x1fffffff; t1 += t0 >> 29; + r[14] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = (((sp_uint64)a[ 5]) * a[11] + ((sp_uint64)a[ 6]) * a[10] + ((sp_uint64)a[ 7]) * a[ 9]) * 2 + ((sp_uint64)a[ 8]) * a[ 8]; - r[15] = t1 & 0x1fffffff; t0 += t1 >> 29; + r[15] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = (((sp_uint64)a[ 6]) * a[11] + ((sp_uint64)a[ 7]) * a[10] + ((sp_uint64)a[ 8]) * a[ 9]) * 2; - r[16] = t0 & 0x1fffffff; t1 += t0 >> 29; + r[16] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = (((sp_uint64)a[ 7]) * a[11] + ((sp_uint64)a[ 8]) * a[10]) * 2 + ((sp_uint64)a[ 9]) * a[ 9]; - r[17] = t1 & 0x1fffffff; t0 += t1 >> 29; + r[17] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = (((sp_uint64)a[ 8]) * a[11] + ((sp_uint64)a[ 9]) * a[10]) * 2; - r[18] = t0 & 0x1fffffff; t1 += t0 >> 29; + r[18] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = (((sp_uint64)a[ 9]) * a[11]) * 2 + ((sp_uint64)a[10]) * a[10]; - r[19] = t1 & 0x1fffffff; t0 += t1 >> 29; + r[19] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = (((sp_uint64)a[10]) * a[11]) * 2; - r[20] = t0 & 0x1fffffff; t1 += t0 >> 29; + r[20] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = ((sp_uint64)a[11]) * a[11]; - r[21] = t1 & 0x1fffffff; t0 += t1 >> 29; - r[22] = t0 & 0x1fffffff; + r[21] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; + r[22] = (sp_digit)(t0 & 0x1fffffff); r[23] = (sp_digit)(t0 >> 29); XMEMCPY(r, t, sizeof(t)); } @@ -1626,26 +1626,26 @@ SP_NOINLINE static void sp_2048_mul_add_36(sp_digit* r, const sp_digit* a, t[1] = (tb * a[i+1]) + r[i+1]; t[2] = (tb * a[i+2]) + r[i+2]; t[3] = (tb * a[i+3]) + r[i+3]; - r[i+0] = t[0] & 0x1fffffff; + r[i+0] = (sp_digit)(t[0] & 0x1fffffff); t[1] += t[0] >> 29; - r[i+1] = t[1] & 0x1fffffff; + r[i+1] = (sp_digit)(t[1] & 0x1fffffff); t[2] += t[1] >> 29; - r[i+2] = t[2] & 0x1fffffff; + r[i+2] = (sp_digit)(t[2] & 0x1fffffff); t[3] += t[2] >> 29; - r[i+3] = t[3] & 0x1fffffff; + r[i+3] = (sp_digit)(t[3] & 0x1fffffff); t[0] = t[3] >> 29; } t[0] += (tb * a[32]) + r[32]; t[1] = (tb * a[33]) + r[33]; t[2] = (tb * a[34]) + r[34]; t[3] = (tb * a[35]) + r[35]; - r[32] = t[0] & 0x1fffffff; + r[32] = (sp_digit)(t[0] & 0x1fffffff); t[1] += t[0] >> 29; - r[33] = t[1] & 0x1fffffff; + r[33] = (sp_digit)(t[1] & 0x1fffffff); t[2] += t[1] >> 29; - r[34] = t[2] & 0x1fffffff; + r[34] = (sp_digit)(t[2] & 0x1fffffff); t[3] += t[2] >> 29; - r[35] = t[3] & 0x1fffffff; + r[35] = (sp_digit)(t[3] & 0x1fffffff); r[36] += (sp_digit)(t[3] >> 29); #else sp_int64 tb = b; @@ -1662,34 +1662,34 @@ SP_NOINLINE static void sp_2048_mul_add_36(sp_digit* r, const sp_digit* a, t[5] = (tb * a[i+5]) + r[i+5]; t[6] = (tb * a[i+6]) + r[i+6]; t[7] = (tb * a[i+7]) + r[i+7]; - r[i+0] = t[0] & 0x1fffffff; + r[i+0] = (sp_digit)(t[0] & 0x1fffffff); t[1] += t[0] >> 29; - r[i+1] = t[1] & 0x1fffffff; + r[i+1] = (sp_digit)(t[1] & 0x1fffffff); t[2] += t[1] >> 29; - r[i+2] = t[2] & 0x1fffffff; + r[i+2] = (sp_digit)(t[2] & 0x1fffffff); t[3] += t[2] >> 29; - r[i+3] = t[3] & 0x1fffffff; + r[i+3] = (sp_digit)(t[3] & 0x1fffffff); t[4] += t[3] >> 29; - r[i+4] = t[4] & 0x1fffffff; + r[i+4] = (sp_digit)(t[4] & 0x1fffffff); t[5] += t[4] >> 29; - r[i+5] = t[5] & 0x1fffffff; + r[i+5] = (sp_digit)(t[5] & 0x1fffffff); t[6] += t[5] >> 29; - r[i+6] = t[6] & 0x1fffffff; + r[i+6] = (sp_digit)(t[6] & 0x1fffffff); t[7] += t[6] >> 29; - r[i+7] = t[7] & 0x1fffffff; + r[i+7] = (sp_digit)(t[7] & 0x1fffffff); t[0] = t[7] >> 29; } t[0] += (tb * a[32]) + r[32]; t[1] = (tb * a[33]) + r[33]; t[2] = (tb * a[34]) + r[34]; t[3] = (tb * a[35]) + r[35]; - r[32] = t[0] & 0x1fffffff; + r[32] = (sp_digit)(t[0] & 0x1fffffff); t[1] += t[0] >> 29; - r[33] = t[1] & 0x1fffffff; + r[33] = (sp_digit)(t[1] & 0x1fffffff); t[2] += t[1] >> 29; - r[34] = t[2] & 0x1fffffff; + r[34] = (sp_digit)(t[2] & 0x1fffffff); t[3] += t[2] >> 29; - r[35] = t[3] & 0x1fffffff; + r[35] = (sp_digit)(t[3] & 0x1fffffff); r[36] += (sp_digit)(t[3] >> 29); #endif /* WOLFSSL_SP_SMALL */ #endif /* !WOLFSSL_SP_LARGE_CODE */ @@ -1708,7 +1708,7 @@ static void sp_2048_mont_shift_36(sp_digit* r, const sp_digit* a) n += ((sp_int64)a[36]) << 20; for (i = 0; i < 35; i++) { - r[i] = n & 0x1fffffff; + r[i] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[37 + i]) << 20; } @@ -1718,26 +1718,26 @@ static void sp_2048_mont_shift_36(sp_digit* r, const sp_digit* a) sp_int64 n = a[35] >> 9; n += ((sp_int64)a[36]) << 20; for (i = 0; i < 32; i += 8) { - r[i + 0] = n & 0x1fffffff; + r[i + 0] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[i + 37]) << 20; - r[i + 1] = n & 0x1fffffff; + r[i + 1] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[i + 38]) << 20; - r[i + 2] = n & 0x1fffffff; + r[i + 2] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[i + 39]) << 20; - r[i + 3] = n & 0x1fffffff; + r[i + 3] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[i + 40]) << 20; - r[i + 4] = n & 0x1fffffff; + r[i + 4] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[i + 41]) << 20; - r[i + 5] = n & 0x1fffffff; + r[i + 5] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[i + 42]) << 20; - r[i + 6] = n & 0x1fffffff; + r[i + 6] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[i + 43]) << 20; - r[i + 7] = n & 0x1fffffff; + r[i + 7] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[i + 44]) << 20; } - r[32] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[69]) << 20; - r[33] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[70]) << 20; - r[34] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[71]) << 20; + r[32] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[69]) << 20; + r[33] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[70]) << 20; + r[34] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[71]) << 20; r[35] = (sp_digit)n; #endif /* WOLFSSL_SP_SMALL */ XMEMSET(&r[36], 0, sizeof(*r) * 36U); @@ -1758,11 +1758,11 @@ static void sp_2048_mont_reduce_36(sp_digit* a, const sp_digit* m, sp_digit mp) sp_2048_norm_36(a + 36); for (i=0; i<35; i++) { - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff); sp_2048_mul_add_36(a+i, m, mu); a[i+1] += a[i] >> 29; } - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1ffL; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1ffL); sp_2048_mul_add_36(a+i, m, mu); a[i+1] += a[i] >> 29; a[i] &= 0x1fffffff; @@ -1913,22 +1913,22 @@ SP_NOINLINE static void sp_2048_rshift_36(sp_digit* r, const sp_digit* a, #ifdef WOLFSSL_SP_SMALL for (i=0; i<35; i++) { - r[i] = ((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff; + r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff); } #else for (i=0; i<32; i += 8) { - r[i+0] = (a[i+0] >> n) | ((a[i+1] << (29 - n)) & 0x1fffffff); - r[i+1] = (a[i+1] >> n) | ((a[i+2] << (29 - n)) & 0x1fffffff); - r[i+2] = (a[i+2] >> n) | ((a[i+3] << (29 - n)) & 0x1fffffff); - r[i+3] = (a[i+3] >> n) | ((a[i+4] << (29 - n)) & 0x1fffffff); - r[i+4] = (a[i+4] >> n) | ((a[i+5] << (29 - n)) & 0x1fffffff); - r[i+5] = (a[i+5] >> n) | ((a[i+6] << (29 - n)) & 0x1fffffff); - r[i+6] = (a[i+6] >> n) | ((a[i+7] << (29 - n)) & 0x1fffffff); - r[i+7] = (a[i+7] >> n) | ((a[i+8] << (29 - n)) & 0x1fffffff); - } - r[32] = (a[32] >> n) | ((a[33] << (29 - n)) & 0x1fffffff); - r[33] = (a[33] >> n) | ((a[34] << (29 - n)) & 0x1fffffff); - r[34] = (a[34] >> n) | ((a[35] << (29 - n)) & 0x1fffffff); + r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (29 - n)) & 0x1fffffff); + r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (29 - n)) & 0x1fffffff); + r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (29 - n)) & 0x1fffffff); + r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (29 - n)) & 0x1fffffff); + r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (29 - n)) & 0x1fffffff); + r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (29 - n)) & 0x1fffffff); + r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (29 - n)) & 0x1fffffff); + r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (29 - n)) & 0x1fffffff); + } + r[32] = (a[32] >> n) | (sp_digit)((a[33] << (29 - n)) & 0x1fffffff); + r[33] = (a[33] >> n) | (sp_digit)((a[34] << (29 - n)) & 0x1fffffff); + r[34] = (a[34] >> n) | (sp_digit)((a[35] << (29 - n)) & 0x1fffffff); #endif /* WOLFSSL_SP_SMALL */ r[35] = a[35] >> n; } @@ -2105,8 +2105,7 @@ static int sp_2048_div_36(const sp_digit* a, const sp_digit* d, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -2218,14 +2217,13 @@ static int sp_2048_mod_exp_36(sp_digit* r, const sp_digit* a, const sp_digit* e, sp_2048_mont_reduce_36(t[0], m, mp); n = sp_2048_cmp_36(t[0], m); - sp_2048_cond_sub_36(t[0], t[0], m, ~(n >> 31)); + sp_2048_cond_sub_36(t[0], t[0], m, (sp_digit)~(n >> 31)); XMEMCPY(r, t[0], sizeof(*r) * 36 * 2); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -2309,13 +2307,12 @@ static int sp_2048_mod_exp_36(sp_digit* r, const sp_digit* a, const sp_digit* e, sp_2048_mont_reduce_36(t[0], m, mp); n = sp_2048_cmp_36(t[0], m); - sp_2048_cond_sub_36(t[0], t[0], m, ~(n >> 31)); + sp_2048_cond_sub_36(t[0], t[0], m, (sp_digit)~(n >> 31)); XMEMCPY(r, t[0], sizeof(*r) * 36 * 2); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -2455,13 +2452,12 @@ static int sp_2048_mod_exp_36(sp_digit* r, const sp_digit* a, const sp_digit* e, sp_2048_mont_reduce_36(rt, m, mp); n = sp_2048_cmp_36(rt, m); - sp_2048_cond_sub_36(rt, rt, m, ~(n >> 31)); + sp_2048_cond_sub_36(rt, rt, m, (sp_digit)~(n >> 31)); XMEMCPY(r, rt, sizeof(sp_digit) * 72); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -2615,26 +2611,26 @@ SP_NOINLINE static void sp_2048_mul_add_72(sp_digit* r, const sp_digit* a, t[1] = (tb * a[i+1]) + r[i+1]; t[2] = (tb * a[i+2]) + r[i+2]; t[3] = (tb * a[i+3]) + r[i+3]; - r[i+0] = t[0] & 0x1fffffff; + r[i+0] = (sp_digit)(t[0] & 0x1fffffff); t[1] += t[0] >> 29; - r[i+1] = t[1] & 0x1fffffff; + r[i+1] = (sp_digit)(t[1] & 0x1fffffff); t[2] += t[1] >> 29; - r[i+2] = t[2] & 0x1fffffff; + r[i+2] = (sp_digit)(t[2] & 0x1fffffff); t[3] += t[2] >> 29; - r[i+3] = t[3] & 0x1fffffff; + r[i+3] = (sp_digit)(t[3] & 0x1fffffff); t[0] = t[3] >> 29; } t[0] += (tb * a[68]) + r[68]; t[1] = (tb * a[69]) + r[69]; t[2] = (tb * a[70]) + r[70]; t[3] = (tb * a[71]) + r[71]; - r[68] = t[0] & 0x1fffffff; + r[68] = (sp_digit)(t[0] & 0x1fffffff); t[1] += t[0] >> 29; - r[69] = t[1] & 0x1fffffff; + r[69] = (sp_digit)(t[1] & 0x1fffffff); t[2] += t[1] >> 29; - r[70] = t[2] & 0x1fffffff; + r[70] = (sp_digit)(t[2] & 0x1fffffff); t[3] += t[2] >> 29; - r[71] = t[3] & 0x1fffffff; + r[71] = (sp_digit)(t[3] & 0x1fffffff); r[72] += (sp_digit)(t[3] >> 29); #else sp_int64 tb = b; @@ -2651,21 +2647,21 @@ SP_NOINLINE static void sp_2048_mul_add_72(sp_digit* r, const sp_digit* a, t[5] = (tb * a[i+5]) + r[i+5]; t[6] = (tb * a[i+6]) + r[i+6]; t[7] = (tb * a[i+7]) + r[i+7]; - r[i+0] = t[0] & 0x1fffffff; + r[i+0] = (sp_digit)(t[0] & 0x1fffffff); t[1] += t[0] >> 29; - r[i+1] = t[1] & 0x1fffffff; + r[i+1] = (sp_digit)(t[1] & 0x1fffffff); t[2] += t[1] >> 29; - r[i+2] = t[2] & 0x1fffffff; + r[i+2] = (sp_digit)(t[2] & 0x1fffffff); t[3] += t[2] >> 29; - r[i+3] = t[3] & 0x1fffffff; + r[i+3] = (sp_digit)(t[3] & 0x1fffffff); t[4] += t[3] >> 29; - r[i+4] = t[4] & 0x1fffffff; + r[i+4] = (sp_digit)(t[4] & 0x1fffffff); t[5] += t[4] >> 29; - r[i+5] = t[5] & 0x1fffffff; + r[i+5] = (sp_digit)(t[5] & 0x1fffffff); t[6] += t[5] >> 29; - r[i+6] = t[6] & 0x1fffffff; + r[i+6] = (sp_digit)(t[6] & 0x1fffffff); t[7] += t[6] >> 29; - r[i+7] = t[7] & 0x1fffffff; + r[i+7] = (sp_digit)(t[7] & 0x1fffffff); t[0] = t[7] >> 29; } t[0] += (tb * a[64]) + r[64]; @@ -2676,21 +2672,21 @@ SP_NOINLINE static void sp_2048_mul_add_72(sp_digit* r, const sp_digit* a, t[5] = (tb * a[69]) + r[69]; t[6] = (tb * a[70]) + r[70]; t[7] = (tb * a[71]) + r[71]; - r[64] = t[0] & 0x1fffffff; + r[64] = (sp_digit)(t[0] & 0x1fffffff); t[1] += t[0] >> 29; - r[65] = t[1] & 0x1fffffff; + r[65] = (sp_digit)(t[1] & 0x1fffffff); t[2] += t[1] >> 29; - r[66] = t[2] & 0x1fffffff; + r[66] = (sp_digit)(t[2] & 0x1fffffff); t[3] += t[2] >> 29; - r[67] = t[3] & 0x1fffffff; + r[67] = (sp_digit)(t[3] & 0x1fffffff); t[4] += t[3] >> 29; - r[68] = t[4] & 0x1fffffff; + r[68] = (sp_digit)(t[4] & 0x1fffffff); t[5] += t[4] >> 29; - r[69] = t[5] & 0x1fffffff; + r[69] = (sp_digit)(t[5] & 0x1fffffff); t[6] += t[5] >> 29; - r[70] = t[6] & 0x1fffffff; + r[70] = (sp_digit)(t[6] & 0x1fffffff); t[7] += t[6] >> 29; - r[71] = t[7] & 0x1fffffff; + r[71] = (sp_digit)(t[7] & 0x1fffffff); r[72] += (sp_digit)(t[7] >> 29); #endif /* WOLFSSL_SP_SMALL */ #endif /* !WOLFSSL_SP_LARGE_CODE */ @@ -2709,7 +2705,7 @@ static void sp_2048_mont_shift_72(sp_digit* r, const sp_digit* a) n += ((sp_int64)a[71]) << 11; for (i = 0; i < 70; i++) { - r[i] = n & 0x1fffffff; + r[i] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[72 + i]) << 11; } @@ -2719,29 +2715,29 @@ static void sp_2048_mont_shift_72(sp_digit* r, const sp_digit* a) sp_int64 n = a[70] >> 18; n += ((sp_int64)a[71]) << 11; for (i = 0; i < 64; i += 8) { - r[i + 0] = n & 0x1fffffff; + r[i + 0] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[i + 72]) << 11; - r[i + 1] = n & 0x1fffffff; + r[i + 1] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[i + 73]) << 11; - r[i + 2] = n & 0x1fffffff; + r[i + 2] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[i + 74]) << 11; - r[i + 3] = n & 0x1fffffff; + r[i + 3] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[i + 75]) << 11; - r[i + 4] = n & 0x1fffffff; + r[i + 4] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[i + 76]) << 11; - r[i + 5] = n & 0x1fffffff; + r[i + 5] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[i + 77]) << 11; - r[i + 6] = n & 0x1fffffff; + r[i + 6] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[i + 78]) << 11; - r[i + 7] = n & 0x1fffffff; + r[i + 7] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[i + 79]) << 11; } - r[64] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[136]) << 11; - r[65] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[137]) << 11; - r[66] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[138]) << 11; - r[67] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[139]) << 11; - r[68] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[140]) << 11; - r[69] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[141]) << 11; + r[64] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[136]) << 11; + r[65] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[137]) << 11; + r[66] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[138]) << 11; + r[67] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[139]) << 11; + r[68] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[140]) << 11; + r[69] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[141]) << 11; r[70] = (sp_digit)n; #endif /* WOLFSSL_SP_SMALL */ XMEMSET(&r[71], 0, sizeof(*r) * 71U); @@ -2764,33 +2760,33 @@ static void sp_2048_mont_reduce_72(sp_digit* a, const sp_digit* m, sp_digit mp) #ifdef WOLFSSL_SP_DH if (mp != 1) { for (i=0; i<70; i++) { - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff); sp_2048_mul_add_72(a+i, m, mu); a[i+1] += a[i] >> 29; } - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffL; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffL); sp_2048_mul_add_72(a+i, m, mu); a[i+1] += a[i] >> 29; a[i] &= 0x1fffffff; } else { for (i=0; i<70; i++) { - mu = a[i] & 0x1fffffff; + mu = (sp_digit)(a[i] & 0x1fffffff); sp_2048_mul_add_72(a+i, m, mu); a[i+1] += a[i] >> 29; } - mu = a[i] & 0x3ffffL; + mu = (sp_digit)(a[i] & 0x3ffffL); sp_2048_mul_add_72(a+i, m, mu); a[i+1] += a[i] >> 29; a[i] &= 0x1fffffff; } #else for (i=0; i<70; i++) { - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff); sp_2048_mul_add_72(a+i, m, mu); a[i+1] += a[i] >> 29; } - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffL; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffL); sp_2048_mul_add_72(a+i, m, mu); a[i+1] += a[i] >> 29; a[i] &= 0x1fffffff; @@ -2971,26 +2967,26 @@ SP_NOINLINE static void sp_2048_rshift_72(sp_digit* r, const sp_digit* a, #ifdef WOLFSSL_SP_SMALL for (i=0; i<71; i++) { - r[i] = ((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff; + r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff); } #else for (i=0; i<64; i += 8) { - r[i+0] = (a[i+0] >> n) | ((a[i+1] << (29 - n)) & 0x1fffffff); - r[i+1] = (a[i+1] >> n) | ((a[i+2] << (29 - n)) & 0x1fffffff); - r[i+2] = (a[i+2] >> n) | ((a[i+3] << (29 - n)) & 0x1fffffff); - r[i+3] = (a[i+3] >> n) | ((a[i+4] << (29 - n)) & 0x1fffffff); - r[i+4] = (a[i+4] >> n) | ((a[i+5] << (29 - n)) & 0x1fffffff); - r[i+5] = (a[i+5] >> n) | ((a[i+6] << (29 - n)) & 0x1fffffff); - r[i+6] = (a[i+6] >> n) | ((a[i+7] << (29 - n)) & 0x1fffffff); - r[i+7] = (a[i+7] >> n) | ((a[i+8] << (29 - n)) & 0x1fffffff); - } - r[64] = (a[64] >> n) | ((a[65] << (29 - n)) & 0x1fffffff); - r[65] = (a[65] >> n) | ((a[66] << (29 - n)) & 0x1fffffff); - r[66] = (a[66] >> n) | ((a[67] << (29 - n)) & 0x1fffffff); - r[67] = (a[67] >> n) | ((a[68] << (29 - n)) & 0x1fffffff); - r[68] = (a[68] >> n) | ((a[69] << (29 - n)) & 0x1fffffff); - r[69] = (a[69] >> n) | ((a[70] << (29 - n)) & 0x1fffffff); - r[70] = (a[70] >> n) | ((a[71] << (29 - n)) & 0x1fffffff); + r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (29 - n)) & 0x1fffffff); + r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (29 - n)) & 0x1fffffff); + r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (29 - n)) & 0x1fffffff); + r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (29 - n)) & 0x1fffffff); + r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (29 - n)) & 0x1fffffff); + r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (29 - n)) & 0x1fffffff); + r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (29 - n)) & 0x1fffffff); + r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (29 - n)) & 0x1fffffff); + } + r[64] = (a[64] >> n) | (sp_digit)((a[65] << (29 - n)) & 0x1fffffff); + r[65] = (a[65] >> n) | (sp_digit)((a[66] << (29 - n)) & 0x1fffffff); + r[66] = (a[66] >> n) | (sp_digit)((a[67] << (29 - n)) & 0x1fffffff); + r[67] = (a[67] >> n) | (sp_digit)((a[68] << (29 - n)) & 0x1fffffff); + r[68] = (a[68] >> n) | (sp_digit)((a[69] << (29 - n)) & 0x1fffffff); + r[69] = (a[69] >> n) | (sp_digit)((a[70] << (29 - n)) & 0x1fffffff); + r[70] = (a[70] >> n) | (sp_digit)((a[71] << (29 - n)) & 0x1fffffff); #endif /* WOLFSSL_SP_SMALL */ r[71] = a[71] >> n; } @@ -3167,8 +3163,7 @@ static int sp_2048_div_72(const sp_digit* a, const sp_digit* d, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -3283,14 +3278,13 @@ static int sp_2048_mod_exp_72(sp_digit* r, const sp_digit* a, const sp_digit* e, sp_2048_mont_reduce_72(t[0], m, mp); n = sp_2048_cmp_72(t[0], m); - sp_2048_cond_sub_72(t[0], t[0], m, ~(n >> 31)); + sp_2048_cond_sub_72(t[0], t[0], m, (sp_digit)~(n >> 31)); XMEMCPY(r, t[0], sizeof(*r) * 72 * 2); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -3374,13 +3368,12 @@ static int sp_2048_mod_exp_72(sp_digit* r, const sp_digit* a, const sp_digit* e, sp_2048_mont_reduce_72(t[0], m, mp); n = sp_2048_cmp_72(t[0], m); - sp_2048_cond_sub_72(t[0], t[0], m, ~(n >> 31)); + sp_2048_cond_sub_72(t[0], t[0], m, (sp_digit)~(n >> 31)); XMEMCPY(r, t[0], sizeof(*r) * 72 * 2); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -3503,13 +3496,12 @@ static int sp_2048_mod_exp_72(sp_digit* r, const sp_digit* a, const sp_digit* e, sp_2048_mont_reduce_72(rt, m, mp); n = sp_2048_cmp_72(rt, m); - sp_2048_cond_sub_72(rt, rt, m, ~(n >> 31)); + sp_2048_cond_sub_72(rt, rt, m, (sp_digit)~(n >> 31)); XMEMCPY(r, rt, sizeof(sp_digit) * 144); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -3630,8 +3622,7 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (a != NULL) - XFREE(a, NULL, DYNAMIC_TYPE_RSA); + XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -3742,8 +3733,7 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (d != NULL) - XFREE(d, NULL, DYNAMIC_TYPE_RSA); + XFREE(d, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -4113,7 +4103,7 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm, } #ifdef WOLFSSL_SP_SMALL_STACK -if (a != NULL) + if (a != NULL) #endif { ForceZero(a, sizeof(sp_digit) * 36 * 13); @@ -4350,7 +4340,7 @@ SP_NOINLINE static void sp_2048_lshift_72(sp_digit* r, const sp_digit* a, r[72] = a[71] >> (29 - n); for (i=71; i>0; i--) { - r[i] = ((a[i] << n) | (a[i-1] >> (29 - n))) & 0x1fffffff; + r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (29 - n))) & 0x1fffffff); } #else sp_int_digit s; @@ -4359,149 +4349,149 @@ SP_NOINLINE static void sp_2048_lshift_72(sp_digit* r, const sp_digit* a, s = (sp_int_digit)a[71]; r[72] = s >> (29U - n); s = (sp_int_digit)(a[71]); t = (sp_int_digit)(a[70]); - r[71] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[71] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[70]); t = (sp_int_digit)(a[69]); - r[70] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[70] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[69]); t = (sp_int_digit)(a[68]); - r[69] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[69] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[68]); t = (sp_int_digit)(a[67]); - r[68] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[68] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[67]); t = (sp_int_digit)(a[66]); - r[67] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[67] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[66]); t = (sp_int_digit)(a[65]); - r[66] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[66] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[65]); t = (sp_int_digit)(a[64]); - r[65] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[65] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[64]); t = (sp_int_digit)(a[63]); - r[64] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[64] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[63]); t = (sp_int_digit)(a[62]); - r[63] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[63] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[62]); t = (sp_int_digit)(a[61]); - r[62] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[62] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[61]); t = (sp_int_digit)(a[60]); - r[61] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[61] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[60]); t = (sp_int_digit)(a[59]); - r[60] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[60] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[59]); t = (sp_int_digit)(a[58]); - r[59] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[59] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[58]); t = (sp_int_digit)(a[57]); - r[58] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[58] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[57]); t = (sp_int_digit)(a[56]); - r[57] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[57] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[56]); t = (sp_int_digit)(a[55]); - r[56] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[56] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[55]); t = (sp_int_digit)(a[54]); - r[55] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[55] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[54]); t = (sp_int_digit)(a[53]); - r[54] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[54] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[53]); t = (sp_int_digit)(a[52]); - r[53] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[53] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[52]); t = (sp_int_digit)(a[51]); - r[52] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[52] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[51]); t = (sp_int_digit)(a[50]); - r[51] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[51] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[50]); t = (sp_int_digit)(a[49]); - r[50] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[50] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[49]); t = (sp_int_digit)(a[48]); - r[49] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[49] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[48]); t = (sp_int_digit)(a[47]); - r[48] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[48] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[47]); t = (sp_int_digit)(a[46]); - r[47] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[47] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[46]); t = (sp_int_digit)(a[45]); - r[46] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[46] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[45]); t = (sp_int_digit)(a[44]); - r[45] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[45] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[44]); t = (sp_int_digit)(a[43]); - r[44] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[44] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[43]); t = (sp_int_digit)(a[42]); - r[43] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[43] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[42]); t = (sp_int_digit)(a[41]); - r[42] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[42] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[41]); t = (sp_int_digit)(a[40]); - r[41] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[41] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[40]); t = (sp_int_digit)(a[39]); - r[40] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[40] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[39]); t = (sp_int_digit)(a[38]); - r[39] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[39] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[38]); t = (sp_int_digit)(a[37]); - r[38] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[38] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[37]); t = (sp_int_digit)(a[36]); - r[37] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[37] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[36]); t = (sp_int_digit)(a[35]); - r[36] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[36] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[35]); t = (sp_int_digit)(a[34]); - r[35] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[35] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[34]); t = (sp_int_digit)(a[33]); - r[34] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[34] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[33]); t = (sp_int_digit)(a[32]); - r[33] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[33] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[32]); t = (sp_int_digit)(a[31]); - r[32] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[32] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[31]); t = (sp_int_digit)(a[30]); - r[31] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[31] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[30]); t = (sp_int_digit)(a[29]); - r[30] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[30] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[29]); t = (sp_int_digit)(a[28]); - r[29] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[29] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[28]); t = (sp_int_digit)(a[27]); - r[28] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[28] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[27]); t = (sp_int_digit)(a[26]); - r[27] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[27] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[26]); t = (sp_int_digit)(a[25]); - r[26] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[26] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[25]); t = (sp_int_digit)(a[24]); - r[25] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[25] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[24]); t = (sp_int_digit)(a[23]); - r[24] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[24] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[23]); t = (sp_int_digit)(a[22]); - r[23] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[23] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[22]); t = (sp_int_digit)(a[21]); - r[22] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[22] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[21]); t = (sp_int_digit)(a[20]); - r[21] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[21] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[20]); t = (sp_int_digit)(a[19]); - r[20] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[20] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[19]); t = (sp_int_digit)(a[18]); - r[19] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[19] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[18]); t = (sp_int_digit)(a[17]); - r[18] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[18] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[17]); t = (sp_int_digit)(a[16]); - r[17] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[17] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[16]); t = (sp_int_digit)(a[15]); - r[16] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[16] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[15]); t = (sp_int_digit)(a[14]); - r[15] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[15] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[14]); t = (sp_int_digit)(a[13]); - r[14] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[14] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[13]); t = (sp_int_digit)(a[12]); - r[13] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[13] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[12]); t = (sp_int_digit)(a[11]); - r[12] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[12] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[11]); t = (sp_int_digit)(a[10]); - r[11] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[11] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[10]); t = (sp_int_digit)(a[9]); - r[10] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[10] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]); - r[9] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[9] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]); - r[8] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[8] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]); - r[7] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[7] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]); - r[6] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[6] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]); - r[5] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[5] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]); - r[4] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[4] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]); - r[3] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[3] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]); - r[2] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[2] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]); - r[1] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[1] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); #endif /* WOLFSSL_SP_SMALL */ - r[0] = (a[0] << n) & 0x1fffffff; + r[0] = (sp_digit)((a[0] << n) & 0x1fffffff); } /* Modular exponentiate 2 to the e mod m. (r = 2^e mod m) @@ -4611,12 +4601,11 @@ static int sp_2048_mod_exp_2_72(sp_digit* r, const sp_digit* e, int bits, const sp_2048_mont_reduce_72(r, m, mp); n = sp_2048_cmp_72(r, m); - sp_2048_cond_sub_72(r, r, m, ~(n >> 31)); + sp_2048_cond_sub_72(r, r, m, (sp_digit)~(n >> 31)); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -5335,17 +5324,17 @@ SP_NOINLINE static void sp_3072_mul_add_53(sp_digit* r, const sp_digit* a, t[1] = (tb * a[i+1]) + r[i+1]; t[2] = (tb * a[i+2]) + r[i+2]; t[3] = (tb * a[i+3]) + r[i+3]; - r[i+0] = t[0] & 0x1fffffff; + r[i+0] = (sp_digit)(t[0] & 0x1fffffff); t[1] += t[0] >> 29; - r[i+1] = t[1] & 0x1fffffff; + r[i+1] = (sp_digit)(t[1] & 0x1fffffff); t[2] += t[1] >> 29; - r[i+2] = t[2] & 0x1fffffff; + r[i+2] = (sp_digit)(t[2] & 0x1fffffff); t[3] += t[2] >> 29; - r[i+3] = t[3] & 0x1fffffff; + r[i+3] = (sp_digit)(t[3] & 0x1fffffff); t[0] = t[3] >> 29; } t[0] += (tb * a[52]) + r[52]; - r[52] = t[0] & 0x1fffffff; + r[52] = (sp_digit)(t[0] & 0x1fffffff); r[53] += (sp_digit)(t[0] >> 29); #endif /* !WOLFSSL_SP_LARGE_CODE */ } @@ -5362,7 +5351,7 @@ static void sp_3072_mont_shift_53(sp_digit* r, const sp_digit* a) n += ((sp_int64)a[53]) << 1; for (i = 0; i < 52; i++) { - r[i] = n & 0x1fffffff; + r[i] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[54 + i]) << 1; } @@ -5385,11 +5374,11 @@ static void sp_3072_mont_reduce_53(sp_digit* a, const sp_digit* m, sp_digit mp) sp_3072_norm_53(a + 53); for (i=0; i<52; i++) { - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff); sp_3072_mul_add_53(a+i, m, mu); a[i+1] += a[i] >> 29; } - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffffL; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffffL); sp_3072_mul_add_53(a+i, m, mu); a[i+1] += a[i] >> 29; a[i] &= 0x1fffffff; @@ -5613,7 +5602,7 @@ SP_NOINLINE static void sp_3072_rshift_53(sp_digit* r, const sp_digit* a, int i; for (i=0; i<52; i++) { - r[i] = ((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff; + r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff); } r[52] = a[52] >> n; } @@ -5790,8 +5779,7 @@ static int sp_3072_div_53(const sp_digit* a, const sp_digit* d, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -5903,14 +5891,13 @@ static int sp_3072_mod_exp_53(sp_digit* r, const sp_digit* a, const sp_digit* e, sp_3072_mont_reduce_53(t[0], m, mp); n = sp_3072_cmp_53(t[0], m); - sp_3072_cond_sub_53(t[0], t[0], m, ~(n >> 31)); + sp_3072_cond_sub_53(t[0], t[0], m, (sp_digit)~(n >> 31)); XMEMCPY(r, t[0], sizeof(*r) * 53 * 2); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -5994,13 +5981,12 @@ static int sp_3072_mod_exp_53(sp_digit* r, const sp_digit* a, const sp_digit* e, sp_3072_mont_reduce_53(t[0], m, mp); n = sp_3072_cmp_53(t[0], m); - sp_3072_cond_sub_53(t[0], t[0], m, ~(n >> 31)); + sp_3072_cond_sub_53(t[0], t[0], m, (sp_digit)~(n >> 31)); XMEMCPY(r, t[0], sizeof(*r) * 53 * 2); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -6140,13 +6126,12 @@ static int sp_3072_mod_exp_53(sp_digit* r, const sp_digit* a, const sp_digit* e, sp_3072_mont_reduce_53(rt, m, mp); n = sp_3072_cmp_53(rt, m); - sp_3072_cond_sub_53(rt, rt, m, ~(n >> 31)); + sp_3072_cond_sub_53(rt, rt, m, (sp_digit)~(n >> 31)); XMEMCPY(r, rt, sizeof(sp_digit) * 106); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -6265,20 +6250,20 @@ SP_NOINLINE static void sp_3072_mul_add_106(sp_digit* r, const sp_digit* a, t[1] = (tb * a[i+1]) + r[i+1]; t[2] = (tb * a[i+2]) + r[i+2]; t[3] = (tb * a[i+3]) + r[i+3]; - r[i+0] = t[0] & 0x1fffffff; + r[i+0] = (sp_digit)(t[0] & 0x1fffffff); t[1] += t[0] >> 29; - r[i+1] = t[1] & 0x1fffffff; + r[i+1] = (sp_digit)(t[1] & 0x1fffffff); t[2] += t[1] >> 29; - r[i+2] = t[2] & 0x1fffffff; + r[i+2] = (sp_digit)(t[2] & 0x1fffffff); t[3] += t[2] >> 29; - r[i+3] = t[3] & 0x1fffffff; + r[i+3] = (sp_digit)(t[3] & 0x1fffffff); t[0] = t[3] >> 29; } t[0] += (tb * a[104]) + r[104]; t[1] = (tb * a[105]) + r[105]; - r[104] = t[0] & 0x1fffffff; + r[104] = (sp_digit)(t[0] & 0x1fffffff); t[1] += t[0] >> 29; - r[105] = t[1] & 0x1fffffff; + r[105] = (sp_digit)(t[1] & 0x1fffffff); r[106] += (sp_digit)(t[1] >> 29); #endif /* !WOLFSSL_SP_LARGE_CODE */ } @@ -6295,7 +6280,7 @@ static void sp_3072_mont_shift_106(sp_digit* r, const sp_digit* a) n += ((sp_int64)a[106]) << 2; for (i = 0; i < 105; i++) { - r[i] = n & 0x1fffffff; + r[i] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[107 + i]) << 2; } @@ -6320,33 +6305,33 @@ static void sp_3072_mont_reduce_106(sp_digit* a, const sp_digit* m, sp_digit mp) #ifdef WOLFSSL_SP_DH if (mp != 1) { for (i=0; i<105; i++) { - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff); sp_3072_mul_add_106(a+i, m, mu); a[i+1] += a[i] >> 29; } - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x7ffffffL; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x7ffffffL); sp_3072_mul_add_106(a+i, m, mu); a[i+1] += a[i] >> 29; a[i] &= 0x1fffffff; } else { for (i=0; i<105; i++) { - mu = a[i] & 0x1fffffff; + mu = (sp_digit)(a[i] & 0x1fffffff); sp_3072_mul_add_106(a+i, m, mu); a[i+1] += a[i] >> 29; } - mu = a[i] & 0x7ffffffL; + mu = (sp_digit)(a[i] & 0x7ffffffL); sp_3072_mul_add_106(a+i, m, mu); a[i+1] += a[i] >> 29; a[i] &= 0x1fffffff; } #else for (i=0; i<105; i++) { - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff); sp_3072_mul_add_106(a+i, m, mu); a[i+1] += a[i] >> 29; } - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x7ffffffL; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x7ffffffL); sp_3072_mul_add_106(a+i, m, mu); a[i+1] += a[i] >> 29; a[i] &= 0x1fffffff; @@ -6452,7 +6437,7 @@ SP_NOINLINE static void sp_3072_rshift_106(sp_digit* r, const sp_digit* a, int i; for (i=0; i<105; i++) { - r[i] = ((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff; + r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff); } r[105] = a[105] >> n; } @@ -6629,8 +6614,7 @@ static int sp_3072_div_106(const sp_digit* a, const sp_digit* d, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -6743,14 +6727,13 @@ static int sp_3072_mod_exp_106(sp_digit* r, const sp_digit* a, const sp_digit* e sp_3072_mont_reduce_106(t[0], m, mp); n = sp_3072_cmp_106(t[0], m); - sp_3072_cond_sub_106(t[0], t[0], m, ~(n >> 31)); + sp_3072_cond_sub_106(t[0], t[0], m, (sp_digit)~(n >> 31)); XMEMCPY(r, t[0], sizeof(*r) * 106 * 2); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -6834,13 +6817,12 @@ static int sp_3072_mod_exp_106(sp_digit* r, const sp_digit* a, const sp_digit* e sp_3072_mont_reduce_106(t[0], m, mp); n = sp_3072_cmp_106(t[0], m); - sp_3072_cond_sub_106(t[0], t[0], m, ~(n >> 31)); + sp_3072_cond_sub_106(t[0], t[0], m, (sp_digit)~(n >> 31)); XMEMCPY(r, t[0], sizeof(*r) * 106 * 2); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -6963,13 +6945,12 @@ static int sp_3072_mod_exp_106(sp_digit* r, const sp_digit* a, const sp_digit* e sp_3072_mont_reduce_106(rt, m, mp); n = sp_3072_cmp_106(rt, m); - sp_3072_cond_sub_106(rt, rt, m, ~(n >> 31)); + sp_3072_cond_sub_106(rt, rt, m, (sp_digit)~(n >> 31)); XMEMCPY(r, rt, sizeof(sp_digit) * 212); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -7088,8 +7069,7 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (a != NULL) - XFREE(a, NULL, DYNAMIC_TYPE_RSA); + XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -7200,8 +7180,7 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (d != NULL) - XFREE(d, NULL, DYNAMIC_TYPE_RSA); + XFREE(d, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -7571,7 +7550,7 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm, } #ifdef WOLFSSL_SP_SMALL_STACK -if (a != NULL) + if (a != NULL) #endif { ForceZero(a, sizeof(sp_digit) * 53 * 13); @@ -7807,9 +7786,9 @@ SP_NOINLINE static void sp_3072_lshift_106(sp_digit* r, const sp_digit* a, r[106] = a[105] >> (29 - n); for (i=105; i>0; i--) { - r[i] = ((a[i] << n) | (a[i-1] >> (29 - n))) & 0x1fffffff; + r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (29 - n))) & 0x1fffffff); } - r[0] = (a[0] << n) & 0x1fffffff; + r[0] = (sp_digit)((a[0] << n) & 0x1fffffff); } /* Modular exponentiate 2 to the e mod m. (r = 2^e mod m) @@ -7919,12 +7898,11 @@ static int sp_3072_mod_exp_2_106(sp_digit* r, const sp_digit* e, int bits, const sp_3072_mont_reduce_106(r, m, mp); n = sp_3072_cmp_106(r, m); - sp_3072_cond_sub_106(r, r, m, ~(n >> 31)); + sp_3072_cond_sub_106(r, r, m, (sp_digit)~(n >> 31)); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -8460,29 +8438,29 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a, t0 = ((sp_uint64)a[ 0]) * b[ 0]; t1 = ((sp_uint64)a[ 0]) * b[ 1] + ((sp_uint64)a[ 1]) * b[ 0]; - t[ 0] = t0 & 0xfffffff; t1 += t0 >> 28; + t[ 0] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = ((sp_uint64)a[ 0]) * b[ 2] + ((sp_uint64)a[ 1]) * b[ 1] + ((sp_uint64)a[ 2]) * b[ 0]; - t[ 1] = t1 & 0xfffffff; t0 += t1 >> 28; + t[ 1] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = ((sp_uint64)a[ 0]) * b[ 3] + ((sp_uint64)a[ 1]) * b[ 2] + ((sp_uint64)a[ 2]) * b[ 1] + ((sp_uint64)a[ 3]) * b[ 0]; - t[ 2] = t0 & 0xfffffff; t1 += t0 >> 28; + t[ 2] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = ((sp_uint64)a[ 0]) * b[ 4] + ((sp_uint64)a[ 1]) * b[ 3] + ((sp_uint64)a[ 2]) * b[ 2] + ((sp_uint64)a[ 3]) * b[ 1] + ((sp_uint64)a[ 4]) * b[ 0]; - t[ 3] = t1 & 0xfffffff; t0 += t1 >> 28; + t[ 3] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = ((sp_uint64)a[ 0]) * b[ 5] + ((sp_uint64)a[ 1]) * b[ 4] + ((sp_uint64)a[ 2]) * b[ 3] + ((sp_uint64)a[ 3]) * b[ 2] + ((sp_uint64)a[ 4]) * b[ 1] + ((sp_uint64)a[ 5]) * b[ 0]; - t[ 4] = t0 & 0xfffffff; t1 += t0 >> 28; + t[ 4] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = ((sp_uint64)a[ 0]) * b[ 6] + ((sp_uint64)a[ 1]) * b[ 5] + ((sp_uint64)a[ 2]) * b[ 4] @@ -8490,7 +8468,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[ 4]) * b[ 2] + ((sp_uint64)a[ 5]) * b[ 1] + ((sp_uint64)a[ 6]) * b[ 0]; - t[ 5] = t1 & 0xfffffff; t0 += t1 >> 28; + t[ 5] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = ((sp_uint64)a[ 0]) * b[ 7] + ((sp_uint64)a[ 1]) * b[ 6] + ((sp_uint64)a[ 2]) * b[ 5] @@ -8499,7 +8477,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[ 5]) * b[ 2] + ((sp_uint64)a[ 6]) * b[ 1] + ((sp_uint64)a[ 7]) * b[ 0]; - t[ 6] = t0 & 0xfffffff; t1 += t0 >> 28; + t[ 6] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = ((sp_uint64)a[ 0]) * b[ 8] + ((sp_uint64)a[ 1]) * b[ 7] + ((sp_uint64)a[ 2]) * b[ 6] @@ -8509,7 +8487,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[ 6]) * b[ 2] + ((sp_uint64)a[ 7]) * b[ 1] + ((sp_uint64)a[ 8]) * b[ 0]; - t[ 7] = t1 & 0xfffffff; t0 += t1 >> 28; + t[ 7] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = ((sp_uint64)a[ 0]) * b[ 9] + ((sp_uint64)a[ 1]) * b[ 8] + ((sp_uint64)a[ 2]) * b[ 7] @@ -8520,7 +8498,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[ 7]) * b[ 2] + ((sp_uint64)a[ 8]) * b[ 1] + ((sp_uint64)a[ 9]) * b[ 0]; - t[ 8] = t0 & 0xfffffff; t1 += t0 >> 28; + t[ 8] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = ((sp_uint64)a[ 0]) * b[10] + ((sp_uint64)a[ 1]) * b[ 9] + ((sp_uint64)a[ 2]) * b[ 8] @@ -8532,7 +8510,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[ 8]) * b[ 2] + ((sp_uint64)a[ 9]) * b[ 1] + ((sp_uint64)a[10]) * b[ 0]; - t[ 9] = t1 & 0xfffffff; t0 += t1 >> 28; + t[ 9] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = ((sp_uint64)a[ 0]) * b[11] + ((sp_uint64)a[ 1]) * b[10] + ((sp_uint64)a[ 2]) * b[ 9] @@ -8545,7 +8523,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[ 9]) * b[ 2] + ((sp_uint64)a[10]) * b[ 1] + ((sp_uint64)a[11]) * b[ 0]; - t[10] = t0 & 0xfffffff; t1 += t0 >> 28; + t[10] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = ((sp_uint64)a[ 0]) * b[12] + ((sp_uint64)a[ 1]) * b[11] + ((sp_uint64)a[ 2]) * b[10] @@ -8559,7 +8537,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[10]) * b[ 2] + ((sp_uint64)a[11]) * b[ 1] + ((sp_uint64)a[12]) * b[ 0]; - t[11] = t1 & 0xfffffff; t0 += t1 >> 28; + t[11] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = ((sp_uint64)a[ 0]) * b[13] + ((sp_uint64)a[ 1]) * b[12] + ((sp_uint64)a[ 2]) * b[11] @@ -8574,7 +8552,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[11]) * b[ 2] + ((sp_uint64)a[12]) * b[ 1] + ((sp_uint64)a[13]) * b[ 0]; - t[12] = t0 & 0xfffffff; t1 += t0 >> 28; + t[12] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = ((sp_uint64)a[ 1]) * b[13] + ((sp_uint64)a[ 2]) * b[12] + ((sp_uint64)a[ 3]) * b[11] @@ -8588,7 +8566,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[11]) * b[ 3] + ((sp_uint64)a[12]) * b[ 2] + ((sp_uint64)a[13]) * b[ 1]; - t[13] = t1 & 0xfffffff; t0 += t1 >> 28; + t[13] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = ((sp_uint64)a[ 2]) * b[13] + ((sp_uint64)a[ 3]) * b[12] + ((sp_uint64)a[ 4]) * b[11] @@ -8601,7 +8579,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[11]) * b[ 4] + ((sp_uint64)a[12]) * b[ 3] + ((sp_uint64)a[13]) * b[ 2]; - r[14] = t0 & 0xfffffff; t1 += t0 >> 28; + r[14] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = ((sp_uint64)a[ 3]) * b[13] + ((sp_uint64)a[ 4]) * b[12] + ((sp_uint64)a[ 5]) * b[11] @@ -8613,7 +8591,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[11]) * b[ 5] + ((sp_uint64)a[12]) * b[ 4] + ((sp_uint64)a[13]) * b[ 3]; - r[15] = t1 & 0xfffffff; t0 += t1 >> 28; + r[15] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = ((sp_uint64)a[ 4]) * b[13] + ((sp_uint64)a[ 5]) * b[12] + ((sp_uint64)a[ 6]) * b[11] @@ -8624,7 +8602,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[11]) * b[ 6] + ((sp_uint64)a[12]) * b[ 5] + ((sp_uint64)a[13]) * b[ 4]; - r[16] = t0 & 0xfffffff; t1 += t0 >> 28; + r[16] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = ((sp_uint64)a[ 5]) * b[13] + ((sp_uint64)a[ 6]) * b[12] + ((sp_uint64)a[ 7]) * b[11] @@ -8634,7 +8612,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[11]) * b[ 7] + ((sp_uint64)a[12]) * b[ 6] + ((sp_uint64)a[13]) * b[ 5]; - r[17] = t1 & 0xfffffff; t0 += t1 >> 28; + r[17] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = ((sp_uint64)a[ 6]) * b[13] + ((sp_uint64)a[ 7]) * b[12] + ((sp_uint64)a[ 8]) * b[11] @@ -8643,7 +8621,7 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[11]) * b[ 8] + ((sp_uint64)a[12]) * b[ 7] + ((sp_uint64)a[13]) * b[ 6]; - r[18] = t0 & 0xfffffff; t1 += t0 >> 28; + r[18] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = ((sp_uint64)a[ 7]) * b[13] + ((sp_uint64)a[ 8]) * b[12] + ((sp_uint64)a[ 9]) * b[11] @@ -8651,35 +8629,35 @@ SP_NOINLINE static void sp_3072_mul_14(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[11]) * b[ 9] + ((sp_uint64)a[12]) * b[ 8] + ((sp_uint64)a[13]) * b[ 7]; - r[19] = t1 & 0xfffffff; t0 += t1 >> 28; + r[19] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = ((sp_uint64)a[ 8]) * b[13] + ((sp_uint64)a[ 9]) * b[12] + ((sp_uint64)a[10]) * b[11] + ((sp_uint64)a[11]) * b[10] + ((sp_uint64)a[12]) * b[ 9] + ((sp_uint64)a[13]) * b[ 8]; - r[20] = t0 & 0xfffffff; t1 += t0 >> 28; + r[20] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = ((sp_uint64)a[ 9]) * b[13] + ((sp_uint64)a[10]) * b[12] + ((sp_uint64)a[11]) * b[11] + ((sp_uint64)a[12]) * b[10] + ((sp_uint64)a[13]) * b[ 9]; - r[21] = t1 & 0xfffffff; t0 += t1 >> 28; + r[21] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = ((sp_uint64)a[10]) * b[13] + ((sp_uint64)a[11]) * b[12] + ((sp_uint64)a[12]) * b[11] + ((sp_uint64)a[13]) * b[10]; - r[22] = t0 & 0xfffffff; t1 += t0 >> 28; + r[22] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = ((sp_uint64)a[11]) * b[13] + ((sp_uint64)a[12]) * b[12] + ((sp_uint64)a[13]) * b[11]; - r[23] = t1 & 0xfffffff; t0 += t1 >> 28; + r[23] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = ((sp_uint64)a[12]) * b[13] + ((sp_uint64)a[13]) * b[12]; - r[24] = t0 & 0xfffffff; t1 += t0 >> 28; + r[24] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = ((sp_uint64)a[13]) * b[13]; - r[25] = t1 & 0xfffffff; t0 += t1 >> 28; - r[26] = t0 & 0xfffffff; + r[25] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; + r[26] = (sp_digit)(t0 & 0xfffffff); r[27] = (sp_digit)(t0 >> 28); XMEMCPY(r, t, sizeof(t)); } @@ -9032,57 +9010,57 @@ SP_NOINLINE static void sp_3072_sqr_14(sp_digit* r, const sp_digit* a) t0 = ((sp_uint64)a[ 0]) * a[ 0]; t1 = (((sp_uint64)a[ 0]) * a[ 1]) * 2; - t[ 0] = t0 & 0xfffffff; t1 += t0 >> 28; + t[ 0] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = (((sp_uint64)a[ 0]) * a[ 2]) * 2 + ((sp_uint64)a[ 1]) * a[ 1]; - t[ 1] = t1 & 0xfffffff; t0 += t1 >> 28; + t[ 1] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = (((sp_uint64)a[ 0]) * a[ 3] + ((sp_uint64)a[ 1]) * a[ 2]) * 2; - t[ 2] = t0 & 0xfffffff; t1 += t0 >> 28; + t[ 2] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = (((sp_uint64)a[ 0]) * a[ 4] + ((sp_uint64)a[ 1]) * a[ 3]) * 2 + ((sp_uint64)a[ 2]) * a[ 2]; - t[ 3] = t1 & 0xfffffff; t0 += t1 >> 28; + t[ 3] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = (((sp_uint64)a[ 0]) * a[ 5] + ((sp_uint64)a[ 1]) * a[ 4] + ((sp_uint64)a[ 2]) * a[ 3]) * 2; - t[ 4] = t0 & 0xfffffff; t1 += t0 >> 28; + t[ 4] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = (((sp_uint64)a[ 0]) * a[ 6] + ((sp_uint64)a[ 1]) * a[ 5] + ((sp_uint64)a[ 2]) * a[ 4]) * 2 + ((sp_uint64)a[ 3]) * a[ 3]; - t[ 5] = t1 & 0xfffffff; t0 += t1 >> 28; + t[ 5] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = (((sp_uint64)a[ 0]) * a[ 7] + ((sp_uint64)a[ 1]) * a[ 6] + ((sp_uint64)a[ 2]) * a[ 5] + ((sp_uint64)a[ 3]) * a[ 4]) * 2; - t[ 6] = t0 & 0xfffffff; t1 += t0 >> 28; + t[ 6] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = (((sp_uint64)a[ 0]) * a[ 8] + ((sp_uint64)a[ 1]) * a[ 7] + ((sp_uint64)a[ 2]) * a[ 6] + ((sp_uint64)a[ 3]) * a[ 5]) * 2 + ((sp_uint64)a[ 4]) * a[ 4]; - t[ 7] = t1 & 0xfffffff; t0 += t1 >> 28; + t[ 7] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = (((sp_uint64)a[ 0]) * a[ 9] + ((sp_uint64)a[ 1]) * a[ 8] + ((sp_uint64)a[ 2]) * a[ 7] + ((sp_uint64)a[ 3]) * a[ 6] + ((sp_uint64)a[ 4]) * a[ 5]) * 2; - t[ 8] = t0 & 0xfffffff; t1 += t0 >> 28; + t[ 8] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = (((sp_uint64)a[ 0]) * a[10] + ((sp_uint64)a[ 1]) * a[ 9] + ((sp_uint64)a[ 2]) * a[ 8] + ((sp_uint64)a[ 3]) * a[ 7] + ((sp_uint64)a[ 4]) * a[ 6]) * 2 + ((sp_uint64)a[ 5]) * a[ 5]; - t[ 9] = t1 & 0xfffffff; t0 += t1 >> 28; + t[ 9] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = (((sp_uint64)a[ 0]) * a[11] + ((sp_uint64)a[ 1]) * a[10] + ((sp_uint64)a[ 2]) * a[ 9] + ((sp_uint64)a[ 3]) * a[ 8] + ((sp_uint64)a[ 4]) * a[ 7] + ((sp_uint64)a[ 5]) * a[ 6]) * 2; - t[10] = t0 & 0xfffffff; t1 += t0 >> 28; + t[10] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = (((sp_uint64)a[ 0]) * a[12] + ((sp_uint64)a[ 1]) * a[11] + ((sp_uint64)a[ 2]) * a[10] @@ -9090,7 +9068,7 @@ SP_NOINLINE static void sp_3072_sqr_14(sp_digit* r, const sp_digit* a) + ((sp_uint64)a[ 4]) * a[ 8] + ((sp_uint64)a[ 5]) * a[ 7]) * 2 + ((sp_uint64)a[ 6]) * a[ 6]; - t[11] = t1 & 0xfffffff; t0 += t1 >> 28; + t[11] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = (((sp_uint64)a[ 0]) * a[13] + ((sp_uint64)a[ 1]) * a[12] + ((sp_uint64)a[ 2]) * a[11] @@ -9098,7 +9076,7 @@ SP_NOINLINE static void sp_3072_sqr_14(sp_digit* r, const sp_digit* a) + ((sp_uint64)a[ 4]) * a[ 9] + ((sp_uint64)a[ 5]) * a[ 8] + ((sp_uint64)a[ 6]) * a[ 7]) * 2; - t[12] = t0 & 0xfffffff; t1 += t0 >> 28; + t[12] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = (((sp_uint64)a[ 1]) * a[13] + ((sp_uint64)a[ 2]) * a[12] + ((sp_uint64)a[ 3]) * a[11] @@ -9106,62 +9084,62 @@ SP_NOINLINE static void sp_3072_sqr_14(sp_digit* r, const sp_digit* a) + ((sp_uint64)a[ 5]) * a[ 9] + ((sp_uint64)a[ 6]) * a[ 8]) * 2 + ((sp_uint64)a[ 7]) * a[ 7]; - t[13] = t1 & 0xfffffff; t0 += t1 >> 28; + t[13] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = (((sp_uint64)a[ 2]) * a[13] + ((sp_uint64)a[ 3]) * a[12] + ((sp_uint64)a[ 4]) * a[11] + ((sp_uint64)a[ 5]) * a[10] + ((sp_uint64)a[ 6]) * a[ 9] + ((sp_uint64)a[ 7]) * a[ 8]) * 2; - r[14] = t0 & 0xfffffff; t1 += t0 >> 28; + r[14] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = (((sp_uint64)a[ 3]) * a[13] + ((sp_uint64)a[ 4]) * a[12] + ((sp_uint64)a[ 5]) * a[11] + ((sp_uint64)a[ 6]) * a[10] + ((sp_uint64)a[ 7]) * a[ 9]) * 2 + ((sp_uint64)a[ 8]) * a[ 8]; - r[15] = t1 & 0xfffffff; t0 += t1 >> 28; + r[15] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = (((sp_uint64)a[ 4]) * a[13] + ((sp_uint64)a[ 5]) * a[12] + ((sp_uint64)a[ 6]) * a[11] + ((sp_uint64)a[ 7]) * a[10] + ((sp_uint64)a[ 8]) * a[ 9]) * 2; - r[16] = t0 & 0xfffffff; t1 += t0 >> 28; + r[16] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = (((sp_uint64)a[ 5]) * a[13] + ((sp_uint64)a[ 6]) * a[12] + ((sp_uint64)a[ 7]) * a[11] + ((sp_uint64)a[ 8]) * a[10]) * 2 + ((sp_uint64)a[ 9]) * a[ 9]; - r[17] = t1 & 0xfffffff; t0 += t1 >> 28; + r[17] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = (((sp_uint64)a[ 6]) * a[13] + ((sp_uint64)a[ 7]) * a[12] + ((sp_uint64)a[ 8]) * a[11] + ((sp_uint64)a[ 9]) * a[10]) * 2; - r[18] = t0 & 0xfffffff; t1 += t0 >> 28; + r[18] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = (((sp_uint64)a[ 7]) * a[13] + ((sp_uint64)a[ 8]) * a[12] + ((sp_uint64)a[ 9]) * a[11]) * 2 + ((sp_uint64)a[10]) * a[10]; - r[19] = t1 & 0xfffffff; t0 += t1 >> 28; + r[19] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = (((sp_uint64)a[ 8]) * a[13] + ((sp_uint64)a[ 9]) * a[12] + ((sp_uint64)a[10]) * a[11]) * 2; - r[20] = t0 & 0xfffffff; t1 += t0 >> 28; + r[20] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = (((sp_uint64)a[ 9]) * a[13] + ((sp_uint64)a[10]) * a[12]) * 2 + ((sp_uint64)a[11]) * a[11]; - r[21] = t1 & 0xfffffff; t0 += t1 >> 28; + r[21] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = (((sp_uint64)a[10]) * a[13] + ((sp_uint64)a[11]) * a[12]) * 2; - r[22] = t0 & 0xfffffff; t1 += t0 >> 28; + r[22] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = (((sp_uint64)a[11]) * a[13]) * 2 + ((sp_uint64)a[12]) * a[12]; - r[23] = t1 & 0xfffffff; t0 += t1 >> 28; + r[23] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; t1 = (((sp_uint64)a[12]) * a[13]) * 2; - r[24] = t0 & 0xfffffff; t1 += t0 >> 28; + r[24] = (sp_digit)(t0 & 0xfffffff); t1 += t0 >> 28; t0 = ((sp_uint64)a[13]) * a[13]; - r[25] = t1 & 0xfffffff; t0 += t1 >> 28; - r[26] = t0 & 0xfffffff; + r[25] = (sp_digit)(t1 & 0xfffffff); t0 += t1 >> 28; + r[26] = (sp_digit)(t0 & 0xfffffff); r[27] = (sp_digit)(t0 >> 28); XMEMCPY(r, t, sizeof(t)); } @@ -9419,21 +9397,21 @@ SP_NOINLINE static void sp_3072_mul_add_56(sp_digit* r, const sp_digit* a, t[5] = (tb * a[i+5]) + r[i+5]; t[6] = (tb * a[i+6]) + r[i+6]; t[7] = (tb * a[i+7]) + r[i+7]; - r[i+0] = t[0] & 0xfffffff; + r[i+0] = (sp_digit)(t[0] & 0xfffffff); t[1] += t[0] >> 28; - r[i+1] = t[1] & 0xfffffff; + r[i+1] = (sp_digit)(t[1] & 0xfffffff); t[2] += t[1] >> 28; - r[i+2] = t[2] & 0xfffffff; + r[i+2] = (sp_digit)(t[2] & 0xfffffff); t[3] += t[2] >> 28; - r[i+3] = t[3] & 0xfffffff; + r[i+3] = (sp_digit)(t[3] & 0xfffffff); t[4] += t[3] >> 28; - r[i+4] = t[4] & 0xfffffff; + r[i+4] = (sp_digit)(t[4] & 0xfffffff); t[5] += t[4] >> 28; - r[i+5] = t[5] & 0xfffffff; + r[i+5] = (sp_digit)(t[5] & 0xfffffff); t[6] += t[5] >> 28; - r[i+6] = t[6] & 0xfffffff; + r[i+6] = (sp_digit)(t[6] & 0xfffffff); t[7] += t[6] >> 28; - r[i+7] = t[7] & 0xfffffff; + r[i+7] = (sp_digit)(t[7] & 0xfffffff); t[0] = t[7] >> 28; } t[0] += (tb * a[48]) + r[48]; @@ -9444,21 +9422,21 @@ SP_NOINLINE static void sp_3072_mul_add_56(sp_digit* r, const sp_digit* a, t[5] = (tb * a[53]) + r[53]; t[6] = (tb * a[54]) + r[54]; t[7] = (tb * a[55]) + r[55]; - r[48] = t[0] & 0xfffffff; + r[48] = (sp_digit)(t[0] & 0xfffffff); t[1] += t[0] >> 28; - r[49] = t[1] & 0xfffffff; + r[49] = (sp_digit)(t[1] & 0xfffffff); t[2] += t[1] >> 28; - r[50] = t[2] & 0xfffffff; + r[50] = (sp_digit)(t[2] & 0xfffffff); t[3] += t[2] >> 28; - r[51] = t[3] & 0xfffffff; + r[51] = (sp_digit)(t[3] & 0xfffffff); t[4] += t[3] >> 28; - r[52] = t[4] & 0xfffffff; + r[52] = (sp_digit)(t[4] & 0xfffffff); t[5] += t[4] >> 28; - r[53] = t[5] & 0xfffffff; + r[53] = (sp_digit)(t[5] & 0xfffffff); t[6] += t[5] >> 28; - r[54] = t[6] & 0xfffffff; + r[54] = (sp_digit)(t[6] & 0xfffffff); t[7] += t[6] >> 28; - r[55] = t[7] & 0xfffffff; + r[55] = (sp_digit)(t[7] & 0xfffffff); r[56] += (sp_digit)(t[7] >> 28); #endif /* !WOLFSSL_SP_LARGE_CODE */ } @@ -9474,29 +9452,29 @@ static void sp_3072_mont_shift_56(sp_digit* r, const sp_digit* a) sp_int64 n = a[54] >> 24; n += ((sp_int64)a[55]) << 4; for (i = 0; i < 48; i += 8) { - r[i + 0] = n & 0xfffffff; + r[i + 0] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[i + 56]) << 4; - r[i + 1] = n & 0xfffffff; + r[i + 1] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[i + 57]) << 4; - r[i + 2] = n & 0xfffffff; + r[i + 2] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[i + 58]) << 4; - r[i + 3] = n & 0xfffffff; + r[i + 3] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[i + 59]) << 4; - r[i + 4] = n & 0xfffffff; + r[i + 4] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[i + 60]) << 4; - r[i + 5] = n & 0xfffffff; + r[i + 5] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[i + 61]) << 4; - r[i + 6] = n & 0xfffffff; + r[i + 6] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[i + 62]) << 4; - r[i + 7] = n & 0xfffffff; + r[i + 7] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[i + 63]) << 4; } - r[48] = n & 0xfffffff; n >>= 28; n += ((sp_int64)a[104]) << 4; - r[49] = n & 0xfffffff; n >>= 28; n += ((sp_int64)a[105]) << 4; - r[50] = n & 0xfffffff; n >>= 28; n += ((sp_int64)a[106]) << 4; - r[51] = n & 0xfffffff; n >>= 28; n += ((sp_int64)a[107]) << 4; - r[52] = n & 0xfffffff; n >>= 28; n += ((sp_int64)a[108]) << 4; - r[53] = n & 0xfffffff; n >>= 28; n += ((sp_int64)a[109]) << 4; + r[48] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[104]) << 4; + r[49] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[105]) << 4; + r[50] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[106]) << 4; + r[51] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[107]) << 4; + r[52] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[108]) << 4; + r[53] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[109]) << 4; r[54] = (sp_digit)n; XMEMSET(&r[55], 0, sizeof(*r) * 55U); } @@ -9516,11 +9494,11 @@ static void sp_3072_mont_reduce_56(sp_digit* a, const sp_digit* m, sp_digit mp) sp_3072_norm_56(a + 55); for (i=0; i<54; i++) { - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffff; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffff); sp_3072_mul_add_56(a+i, m, mu); a[i+1] += a[i] >> 28; } - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0xffffffL; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0xffffffL); sp_3072_mul_add_56(a+i, m, mu); a[i+1] += a[i] >> 28; a[i] &= 0xfffffff; @@ -9633,22 +9611,22 @@ SP_NOINLINE static void sp_3072_rshift_56(sp_digit* r, const sp_digit* a, int i; for (i=0; i<48; i += 8) { - r[i+0] = (a[i+0] >> n) | ((a[i+1] << (28 - n)) & 0xfffffff); - r[i+1] = (a[i+1] >> n) | ((a[i+2] << (28 - n)) & 0xfffffff); - r[i+2] = (a[i+2] >> n) | ((a[i+3] << (28 - n)) & 0xfffffff); - r[i+3] = (a[i+3] >> n) | ((a[i+4] << (28 - n)) & 0xfffffff); - r[i+4] = (a[i+4] >> n) | ((a[i+5] << (28 - n)) & 0xfffffff); - r[i+5] = (a[i+5] >> n) | ((a[i+6] << (28 - n)) & 0xfffffff); - r[i+6] = (a[i+6] >> n) | ((a[i+7] << (28 - n)) & 0xfffffff); - r[i+7] = (a[i+7] >> n) | ((a[i+8] << (28 - n)) & 0xfffffff); - } - r[48] = (a[48] >> n) | ((a[49] << (28 - n)) & 0xfffffff); - r[49] = (a[49] >> n) | ((a[50] << (28 - n)) & 0xfffffff); - r[50] = (a[50] >> n) | ((a[51] << (28 - n)) & 0xfffffff); - r[51] = (a[51] >> n) | ((a[52] << (28 - n)) & 0xfffffff); - r[52] = (a[52] >> n) | ((a[53] << (28 - n)) & 0xfffffff); - r[53] = (a[53] >> n) | ((a[54] << (28 - n)) & 0xfffffff); - r[54] = (a[54] >> n) | ((a[55] << (28 - n)) & 0xfffffff); + r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (28 - n)) & 0xfffffff); + r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (28 - n)) & 0xfffffff); + r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (28 - n)) & 0xfffffff); + r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (28 - n)) & 0xfffffff); + r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (28 - n)) & 0xfffffff); + r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (28 - n)) & 0xfffffff); + r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (28 - n)) & 0xfffffff); + r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (28 - n)) & 0xfffffff); + } + r[48] = (a[48] >> n) | (sp_digit)((a[49] << (28 - n)) & 0xfffffff); + r[49] = (a[49] >> n) | (sp_digit)((a[50] << (28 - n)) & 0xfffffff); + r[50] = (a[50] >> n) | (sp_digit)((a[51] << (28 - n)) & 0xfffffff); + r[51] = (a[51] >> n) | (sp_digit)((a[52] << (28 - n)) & 0xfffffff); + r[52] = (a[52] >> n) | (sp_digit)((a[53] << (28 - n)) & 0xfffffff); + r[53] = (a[53] >> n) | (sp_digit)((a[54] << (28 - n)) & 0xfffffff); + r[54] = (a[54] >> n) | (sp_digit)((a[55] << (28 - n)) & 0xfffffff); r[55] = a[55] >> n; } @@ -9824,8 +9802,7 @@ static int sp_3072_div_56(const sp_digit* a, const sp_digit* d, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -9937,14 +9914,13 @@ static int sp_3072_mod_exp_56(sp_digit* r, const sp_digit* a, const sp_digit* e, sp_3072_mont_reduce_56(t[0], m, mp); n = sp_3072_cmp_56(t[0], m); - sp_3072_cond_sub_56(t[0], t[0], m, ~(n >> 31)); + sp_3072_cond_sub_56(t[0], t[0], m, (sp_digit)~(n >> 31)); XMEMCPY(r, t[0], sizeof(*r) * 56 * 2); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -10028,13 +10004,12 @@ static int sp_3072_mod_exp_56(sp_digit* r, const sp_digit* a, const sp_digit* e, sp_3072_mont_reduce_56(t[0], m, mp); n = sp_3072_cmp_56(t[0], m); - sp_3072_cond_sub_56(t[0], t[0], m, ~(n >> 31)); + sp_3072_cond_sub_56(t[0], t[0], m, (sp_digit)~(n >> 31)); XMEMCPY(r, t[0], sizeof(*r) * 56 * 2); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -10174,13 +10149,12 @@ static int sp_3072_mod_exp_56(sp_digit* r, const sp_digit* a, const sp_digit* e, sp_3072_mont_reduce_56(rt, m, mp); n = sp_3072_cmp_56(rt, m); - sp_3072_cond_sub_56(rt, rt, m, ~(n >> 31)); + sp_3072_cond_sub_56(rt, rt, m, (sp_digit)~(n >> 31)); XMEMCPY(r, rt, sizeof(sp_digit) * 112); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -10313,21 +10287,21 @@ SP_NOINLINE static void sp_3072_mul_add_112(sp_digit* r, const sp_digit* a, t[5] = (tb * a[i+5]) + r[i+5]; t[6] = (tb * a[i+6]) + r[i+6]; t[7] = (tb * a[i+7]) + r[i+7]; - r[i+0] = t[0] & 0xfffffff; + r[i+0] = (sp_digit)(t[0] & 0xfffffff); t[1] += t[0] >> 28; - r[i+1] = t[1] & 0xfffffff; + r[i+1] = (sp_digit)(t[1] & 0xfffffff); t[2] += t[1] >> 28; - r[i+2] = t[2] & 0xfffffff; + r[i+2] = (sp_digit)(t[2] & 0xfffffff); t[3] += t[2] >> 28; - r[i+3] = t[3] & 0xfffffff; + r[i+3] = (sp_digit)(t[3] & 0xfffffff); t[4] += t[3] >> 28; - r[i+4] = t[4] & 0xfffffff; + r[i+4] = (sp_digit)(t[4] & 0xfffffff); t[5] += t[4] >> 28; - r[i+5] = t[5] & 0xfffffff; + r[i+5] = (sp_digit)(t[5] & 0xfffffff); t[6] += t[5] >> 28; - r[i+6] = t[6] & 0xfffffff; + r[i+6] = (sp_digit)(t[6] & 0xfffffff); t[7] += t[6] >> 28; - r[i+7] = t[7] & 0xfffffff; + r[i+7] = (sp_digit)(t[7] & 0xfffffff); t[0] = t[7] >> 28; } t[0] += (tb * a[104]) + r[104]; @@ -10338,21 +10312,21 @@ SP_NOINLINE static void sp_3072_mul_add_112(sp_digit* r, const sp_digit* a, t[5] = (tb * a[109]) + r[109]; t[6] = (tb * a[110]) + r[110]; t[7] = (tb * a[111]) + r[111]; - r[104] = t[0] & 0xfffffff; + r[104] = (sp_digit)(t[0] & 0xfffffff); t[1] += t[0] >> 28; - r[105] = t[1] & 0xfffffff; + r[105] = (sp_digit)(t[1] & 0xfffffff); t[2] += t[1] >> 28; - r[106] = t[2] & 0xfffffff; + r[106] = (sp_digit)(t[2] & 0xfffffff); t[3] += t[2] >> 28; - r[107] = t[3] & 0xfffffff; + r[107] = (sp_digit)(t[3] & 0xfffffff); t[4] += t[3] >> 28; - r[108] = t[4] & 0xfffffff; + r[108] = (sp_digit)(t[4] & 0xfffffff); t[5] += t[4] >> 28; - r[109] = t[5] & 0xfffffff; + r[109] = (sp_digit)(t[5] & 0xfffffff); t[6] += t[5] >> 28; - r[110] = t[6] & 0xfffffff; + r[110] = (sp_digit)(t[6] & 0xfffffff); t[7] += t[6] >> 28; - r[111] = t[7] & 0xfffffff; + r[111] = (sp_digit)(t[7] & 0xfffffff); r[112] += (sp_digit)(t[7] >> 28); #endif /* !WOLFSSL_SP_LARGE_CODE */ } @@ -10368,28 +10342,28 @@ static void sp_3072_mont_shift_112(sp_digit* r, const sp_digit* a) sp_int64 n = a[109] >> 20; n += ((sp_int64)a[110]) << 8; for (i = 0; i < 104; i += 8) { - r[i + 0] = n & 0xfffffff; + r[i + 0] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[i + 111]) << 8; - r[i + 1] = n & 0xfffffff; + r[i + 1] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[i + 112]) << 8; - r[i + 2] = n & 0xfffffff; + r[i + 2] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[i + 113]) << 8; - r[i + 3] = n & 0xfffffff; + r[i + 3] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[i + 114]) << 8; - r[i + 4] = n & 0xfffffff; + r[i + 4] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[i + 115]) << 8; - r[i + 5] = n & 0xfffffff; + r[i + 5] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[i + 116]) << 8; - r[i + 6] = n & 0xfffffff; + r[i + 6] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[i + 117]) << 8; - r[i + 7] = n & 0xfffffff; + r[i + 7] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[i + 118]) << 8; } - r[104] = n & 0xfffffff; n >>= 28; n += ((sp_int64)a[215]) << 8; - r[105] = n & 0xfffffff; n >>= 28; n += ((sp_int64)a[216]) << 8; - r[106] = n & 0xfffffff; n >>= 28; n += ((sp_int64)a[217]) << 8; - r[107] = n & 0xfffffff; n >>= 28; n += ((sp_int64)a[218]) << 8; - r[108] = n & 0xfffffff; n >>= 28; n += ((sp_int64)a[219]) << 8; + r[104] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[215]) << 8; + r[105] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[216]) << 8; + r[106] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[217]) << 8; + r[107] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[218]) << 8; + r[108] = (sp_digit)(n & 0xfffffff); n >>= 28; n += ((sp_int64)a[219]) << 8; r[109] = (sp_digit)n; XMEMSET(&r[110], 0, sizeof(*r) * 110U); } @@ -10411,33 +10385,33 @@ static void sp_3072_mont_reduce_112(sp_digit* a, const sp_digit* m, sp_digit mp) #ifdef WOLFSSL_SP_DH if (mp != 1) { for (i=0; i<109; i++) { - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffff; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffff); sp_3072_mul_add_112(a+i, m, mu); a[i+1] += a[i] >> 28; } - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffL; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffL); sp_3072_mul_add_112(a+i, m, mu); a[i+1] += a[i] >> 28; a[i] &= 0xfffffff; } else { for (i=0; i<109; i++) { - mu = a[i] & 0xfffffff; + mu = (sp_digit)(a[i] & 0xfffffff); sp_3072_mul_add_112(a+i, m, mu); a[i+1] += a[i] >> 28; } - mu = a[i] & 0xfffffL; + mu = (sp_digit)(a[i] & 0xfffffL); sp_3072_mul_add_112(a+i, m, mu); a[i+1] += a[i] >> 28; a[i] &= 0xfffffff; } #else for (i=0; i<109; i++) { - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffff; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffff); sp_3072_mul_add_112(a+i, m, mu); a[i+1] += a[i] >> 28; } - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffL; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffL); sp_3072_mul_add_112(a+i, m, mu); a[i+1] += a[i] >> 28; a[i] &= 0xfffffff; @@ -10551,22 +10525,22 @@ SP_NOINLINE static void sp_3072_rshift_112(sp_digit* r, const sp_digit* a, int i; for (i=0; i<104; i += 8) { - r[i+0] = (a[i+0] >> n) | ((a[i+1] << (28 - n)) & 0xfffffff); - r[i+1] = (a[i+1] >> n) | ((a[i+2] << (28 - n)) & 0xfffffff); - r[i+2] = (a[i+2] >> n) | ((a[i+3] << (28 - n)) & 0xfffffff); - r[i+3] = (a[i+3] >> n) | ((a[i+4] << (28 - n)) & 0xfffffff); - r[i+4] = (a[i+4] >> n) | ((a[i+5] << (28 - n)) & 0xfffffff); - r[i+5] = (a[i+5] >> n) | ((a[i+6] << (28 - n)) & 0xfffffff); - r[i+6] = (a[i+6] >> n) | ((a[i+7] << (28 - n)) & 0xfffffff); - r[i+7] = (a[i+7] >> n) | ((a[i+8] << (28 - n)) & 0xfffffff); - } - r[104] = (a[104] >> n) | ((a[105] << (28 - n)) & 0xfffffff); - r[105] = (a[105] >> n) | ((a[106] << (28 - n)) & 0xfffffff); - r[106] = (a[106] >> n) | ((a[107] << (28 - n)) & 0xfffffff); - r[107] = (a[107] >> n) | ((a[108] << (28 - n)) & 0xfffffff); - r[108] = (a[108] >> n) | ((a[109] << (28 - n)) & 0xfffffff); - r[109] = (a[109] >> n) | ((a[110] << (28 - n)) & 0xfffffff); - r[110] = (a[110] >> n) | ((a[111] << (28 - n)) & 0xfffffff); + r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (28 - n)) & 0xfffffff); + r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (28 - n)) & 0xfffffff); + r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (28 - n)) & 0xfffffff); + r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (28 - n)) & 0xfffffff); + r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (28 - n)) & 0xfffffff); + r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (28 - n)) & 0xfffffff); + r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (28 - n)) & 0xfffffff); + r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (28 - n)) & 0xfffffff); + } + r[104] = (a[104] >> n) | (sp_digit)((a[105] << (28 - n)) & 0xfffffff); + r[105] = (a[105] >> n) | (sp_digit)((a[106] << (28 - n)) & 0xfffffff); + r[106] = (a[106] >> n) | (sp_digit)((a[107] << (28 - n)) & 0xfffffff); + r[107] = (a[107] >> n) | (sp_digit)((a[108] << (28 - n)) & 0xfffffff); + r[108] = (a[108] >> n) | (sp_digit)((a[109] << (28 - n)) & 0xfffffff); + r[109] = (a[109] >> n) | (sp_digit)((a[110] << (28 - n)) & 0xfffffff); + r[110] = (a[110] >> n) | (sp_digit)((a[111] << (28 - n)) & 0xfffffff); r[111] = a[111] >> n; } @@ -10743,8 +10717,7 @@ static int sp_3072_div_112(const sp_digit* a, const sp_digit* d, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -10859,14 +10832,13 @@ static int sp_3072_mod_exp_112(sp_digit* r, const sp_digit* a, const sp_digit* e sp_3072_mont_reduce_112(t[0], m, mp); n = sp_3072_cmp_112(t[0], m); - sp_3072_cond_sub_112(t[0], t[0], m, ~(n >> 31)); + sp_3072_cond_sub_112(t[0], t[0], m, (sp_digit)~(n >> 31)); XMEMCPY(r, t[0], sizeof(*r) * 112 * 2); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -10950,13 +10922,12 @@ static int sp_3072_mod_exp_112(sp_digit* r, const sp_digit* a, const sp_digit* e sp_3072_mont_reduce_112(t[0], m, mp); n = sp_3072_cmp_112(t[0], m); - sp_3072_cond_sub_112(t[0], t[0], m, ~(n >> 31)); + sp_3072_cond_sub_112(t[0], t[0], m, (sp_digit)~(n >> 31)); XMEMCPY(r, t[0], sizeof(*r) * 112 * 2); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -11079,13 +11050,12 @@ static int sp_3072_mod_exp_112(sp_digit* r, const sp_digit* a, const sp_digit* e sp_3072_mont_reduce_112(rt, m, mp); n = sp_3072_cmp_112(rt, m); - sp_3072_cond_sub_112(rt, rt, m, ~(n >> 31)); + sp_3072_cond_sub_112(rt, rt, m, (sp_digit)~(n >> 31)); XMEMCPY(r, rt, sizeof(sp_digit) * 224); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -11206,8 +11176,7 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (a != NULL) - XFREE(a, NULL, DYNAMIC_TYPE_RSA); + XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -11318,8 +11287,7 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (d != NULL) - XFREE(d, NULL, DYNAMIC_TYPE_RSA); + XFREE(d, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -11689,7 +11657,7 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm, } #ifdef WOLFSSL_SP_SMALL_STACK -if (a != NULL) + if (a != NULL) #endif { ForceZero(a, sizeof(sp_digit) * 56 * 13); @@ -11927,228 +11895,228 @@ SP_NOINLINE static void sp_3072_lshift_112(sp_digit* r, const sp_digit* a, s = (sp_int_digit)a[111]; r[112] = s >> (28U - n); s = (sp_int_digit)(a[111]); t = (sp_int_digit)(a[110]); - r[111] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[111] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[110]); t = (sp_int_digit)(a[109]); - r[110] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[110] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[109]); t = (sp_int_digit)(a[108]); - r[109] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[109] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[108]); t = (sp_int_digit)(a[107]); - r[108] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[108] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[107]); t = (sp_int_digit)(a[106]); - r[107] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[107] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[106]); t = (sp_int_digit)(a[105]); - r[106] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[106] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[105]); t = (sp_int_digit)(a[104]); - r[105] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[105] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[104]); t = (sp_int_digit)(a[103]); - r[104] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[104] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[103]); t = (sp_int_digit)(a[102]); - r[103] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[103] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[102]); t = (sp_int_digit)(a[101]); - r[102] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[102] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[101]); t = (sp_int_digit)(a[100]); - r[101] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[101] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[100]); t = (sp_int_digit)(a[99]); - r[100] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[100] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[99]); t = (sp_int_digit)(a[98]); - r[99] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[99] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[98]); t = (sp_int_digit)(a[97]); - r[98] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[98] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[97]); t = (sp_int_digit)(a[96]); - r[97] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[97] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[96]); t = (sp_int_digit)(a[95]); - r[96] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[96] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[95]); t = (sp_int_digit)(a[94]); - r[95] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[95] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[94]); t = (sp_int_digit)(a[93]); - r[94] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[94] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[93]); t = (sp_int_digit)(a[92]); - r[93] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[93] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[92]); t = (sp_int_digit)(a[91]); - r[92] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[92] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[91]); t = (sp_int_digit)(a[90]); - r[91] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[91] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[90]); t = (sp_int_digit)(a[89]); - r[90] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[90] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[89]); t = (sp_int_digit)(a[88]); - r[89] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[89] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[88]); t = (sp_int_digit)(a[87]); - r[88] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[88] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[87]); t = (sp_int_digit)(a[86]); - r[87] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[87] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[86]); t = (sp_int_digit)(a[85]); - r[86] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[86] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[85]); t = (sp_int_digit)(a[84]); - r[85] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[85] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[84]); t = (sp_int_digit)(a[83]); - r[84] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[84] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[83]); t = (sp_int_digit)(a[82]); - r[83] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[83] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[82]); t = (sp_int_digit)(a[81]); - r[82] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[82] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[81]); t = (sp_int_digit)(a[80]); - r[81] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[81] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[80]); t = (sp_int_digit)(a[79]); - r[80] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[80] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[79]); t = (sp_int_digit)(a[78]); - r[79] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[79] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[78]); t = (sp_int_digit)(a[77]); - r[78] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[78] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[77]); t = (sp_int_digit)(a[76]); - r[77] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[77] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[76]); t = (sp_int_digit)(a[75]); - r[76] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[76] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[75]); t = (sp_int_digit)(a[74]); - r[75] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[75] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[74]); t = (sp_int_digit)(a[73]); - r[74] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[74] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[73]); t = (sp_int_digit)(a[72]); - r[73] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[73] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[72]); t = (sp_int_digit)(a[71]); - r[72] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[72] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[71]); t = (sp_int_digit)(a[70]); - r[71] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[71] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[70]); t = (sp_int_digit)(a[69]); - r[70] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[70] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[69]); t = (sp_int_digit)(a[68]); - r[69] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[69] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[68]); t = (sp_int_digit)(a[67]); - r[68] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[68] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[67]); t = (sp_int_digit)(a[66]); - r[67] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[67] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[66]); t = (sp_int_digit)(a[65]); - r[66] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[66] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[65]); t = (sp_int_digit)(a[64]); - r[65] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[65] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[64]); t = (sp_int_digit)(a[63]); - r[64] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[64] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[63]); t = (sp_int_digit)(a[62]); - r[63] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[63] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[62]); t = (sp_int_digit)(a[61]); - r[62] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[62] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[61]); t = (sp_int_digit)(a[60]); - r[61] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[61] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[60]); t = (sp_int_digit)(a[59]); - r[60] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[60] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[59]); t = (sp_int_digit)(a[58]); - r[59] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[59] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[58]); t = (sp_int_digit)(a[57]); - r[58] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[58] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[57]); t = (sp_int_digit)(a[56]); - r[57] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[57] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[56]); t = (sp_int_digit)(a[55]); - r[56] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[56] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[55]); t = (sp_int_digit)(a[54]); - r[55] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[55] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[54]); t = (sp_int_digit)(a[53]); - r[54] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[54] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[53]); t = (sp_int_digit)(a[52]); - r[53] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[53] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[52]); t = (sp_int_digit)(a[51]); - r[52] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[52] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[51]); t = (sp_int_digit)(a[50]); - r[51] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[51] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[50]); t = (sp_int_digit)(a[49]); - r[50] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[50] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[49]); t = (sp_int_digit)(a[48]); - r[49] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[49] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[48]); t = (sp_int_digit)(a[47]); - r[48] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[48] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[47]); t = (sp_int_digit)(a[46]); - r[47] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[47] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[46]); t = (sp_int_digit)(a[45]); - r[46] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[46] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[45]); t = (sp_int_digit)(a[44]); - r[45] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[45] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[44]); t = (sp_int_digit)(a[43]); - r[44] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[44] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[43]); t = (sp_int_digit)(a[42]); - r[43] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[43] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[42]); t = (sp_int_digit)(a[41]); - r[42] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[42] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[41]); t = (sp_int_digit)(a[40]); - r[41] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[41] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[40]); t = (sp_int_digit)(a[39]); - r[40] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[40] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[39]); t = (sp_int_digit)(a[38]); - r[39] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[39] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[38]); t = (sp_int_digit)(a[37]); - r[38] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[38] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[37]); t = (sp_int_digit)(a[36]); - r[37] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[37] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[36]); t = (sp_int_digit)(a[35]); - r[36] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[36] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[35]); t = (sp_int_digit)(a[34]); - r[35] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[35] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[34]); t = (sp_int_digit)(a[33]); - r[34] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[34] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[33]); t = (sp_int_digit)(a[32]); - r[33] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[33] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[32]); t = (sp_int_digit)(a[31]); - r[32] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[32] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[31]); t = (sp_int_digit)(a[30]); - r[31] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[31] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[30]); t = (sp_int_digit)(a[29]); - r[30] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[30] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[29]); t = (sp_int_digit)(a[28]); - r[29] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[29] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[28]); t = (sp_int_digit)(a[27]); - r[28] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[28] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[27]); t = (sp_int_digit)(a[26]); - r[27] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[27] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[26]); t = (sp_int_digit)(a[25]); - r[26] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[26] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[25]); t = (sp_int_digit)(a[24]); - r[25] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[25] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[24]); t = (sp_int_digit)(a[23]); - r[24] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[24] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[23]); t = (sp_int_digit)(a[22]); - r[23] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[23] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[22]); t = (sp_int_digit)(a[21]); - r[22] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[22] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[21]); t = (sp_int_digit)(a[20]); - r[21] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[21] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[20]); t = (sp_int_digit)(a[19]); - r[20] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[20] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[19]); t = (sp_int_digit)(a[18]); - r[19] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[19] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[18]); t = (sp_int_digit)(a[17]); - r[18] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[18] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[17]); t = (sp_int_digit)(a[16]); - r[17] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[17] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[16]); t = (sp_int_digit)(a[15]); - r[16] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[16] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[15]); t = (sp_int_digit)(a[14]); - r[15] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[15] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[14]); t = (sp_int_digit)(a[13]); - r[14] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[14] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[13]); t = (sp_int_digit)(a[12]); - r[13] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[13] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[12]); t = (sp_int_digit)(a[11]); - r[12] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[12] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[11]); t = (sp_int_digit)(a[10]); - r[11] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[11] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[10]); t = (sp_int_digit)(a[9]); - r[10] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[10] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]); - r[9] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[9] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]); - r[8] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[8] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]); - r[7] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[7] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]); - r[6] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[6] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]); - r[5] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[5] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]); - r[4] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[4] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]); - r[3] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[3] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]); - r[2] = ((s << n) | (t >> (28U - n))) & 0xfffffff; + r[2] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]); - r[1] = ((s << n) | (t >> (28U - n))) & 0xfffffff; - r[0] = (a[0] << n) & 0xfffffff; + r[1] = (sp_digit)(((s << n) | (t >> (28U - n))) & 0xfffffff); + r[0] = (sp_digit)((a[0] << n) & 0xfffffff); } /* Modular exponentiate 2 to the e mod m. (r = 2^e mod m) @@ -12258,12 +12226,11 @@ static int sp_3072_mod_exp_2_112(sp_digit* r, const sp_digit* e, int bits, const sp_3072_mont_reduce_112(r, m, mp); n = sp_3072_cmp_112(r, m); - sp_3072_cond_sub_112(r, r, m, ~(n >> 31)); + sp_3072_cond_sub_112(r, r, m, (sp_digit)~(n >> 31)); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -12986,23 +12953,23 @@ SP_NOINLINE static void sp_4096_mul_add_71(sp_digit* r, const sp_digit* a, t[1] = (tb * a[i+1]) + r[i+1]; t[2] = (tb * a[i+2]) + r[i+2]; t[3] = (tb * a[i+3]) + r[i+3]; - r[i+0] = t[0] & 0x1fffffff; + r[i+0] = (sp_digit)(t[0] & 0x1fffffff); t[1] += t[0] >> 29; - r[i+1] = t[1] & 0x1fffffff; + r[i+1] = (sp_digit)(t[1] & 0x1fffffff); t[2] += t[1] >> 29; - r[i+2] = t[2] & 0x1fffffff; + r[i+2] = (sp_digit)(t[2] & 0x1fffffff); t[3] += t[2] >> 29; - r[i+3] = t[3] & 0x1fffffff; + r[i+3] = (sp_digit)(t[3] & 0x1fffffff); t[0] = t[3] >> 29; } t[0] += (tb * a[68]) + r[68]; t[1] = (tb * a[69]) + r[69]; t[2] = (tb * a[70]) + r[70]; - r[68] = t[0] & 0x1fffffff; + r[68] = (sp_digit)(t[0] & 0x1fffffff); t[1] += t[0] >> 29; - r[69] = t[1] & 0x1fffffff; + r[69] = (sp_digit)(t[1] & 0x1fffffff); t[2] += t[1] >> 29; - r[70] = t[2] & 0x1fffffff; + r[70] = (sp_digit)(t[2] & 0x1fffffff); r[71] += (sp_digit)(t[2] >> 29); #endif /* !WOLFSSL_SP_LARGE_CODE */ } @@ -13019,7 +12986,7 @@ static void sp_4096_mont_shift_71(sp_digit* r, const sp_digit* a) n += ((sp_int64)a[71]) << 11; for (i = 0; i < 70; i++) { - r[i] = n & 0x1fffffff; + r[i] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[72 + i]) << 11; } @@ -13042,11 +13009,11 @@ static void sp_4096_mont_reduce_71(sp_digit* a, const sp_digit* m, sp_digit mp) sp_4096_norm_71(a + 71); for (i=0; i<70; i++) { - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff); sp_4096_mul_add_71(a+i, m, mu); a[i+1] += a[i] >> 29; } - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffL; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffL); sp_4096_mul_add_71(a+i, m, mu); a[i+1] += a[i] >> 29; a[i] &= 0x1fffffff; @@ -13270,7 +13237,7 @@ SP_NOINLINE static void sp_4096_rshift_71(sp_digit* r, const sp_digit* a, int i; for (i=0; i<70; i++) { - r[i] = ((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff; + r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff); } r[70] = a[70] >> n; } @@ -13447,8 +13414,7 @@ static int sp_4096_div_71(const sp_digit* a, const sp_digit* d, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -13560,14 +13526,13 @@ static int sp_4096_mod_exp_71(sp_digit* r, const sp_digit* a, const sp_digit* e, sp_4096_mont_reduce_71(t[0], m, mp); n = sp_4096_cmp_71(t[0], m); - sp_4096_cond_sub_71(t[0], t[0], m, ~(n >> 31)); + sp_4096_cond_sub_71(t[0], t[0], m, (sp_digit)~(n >> 31)); XMEMCPY(r, t[0], sizeof(*r) * 71 * 2); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -13651,13 +13616,12 @@ static int sp_4096_mod_exp_71(sp_digit* r, const sp_digit* a, const sp_digit* e, sp_4096_mont_reduce_71(t[0], m, mp); n = sp_4096_cmp_71(t[0], m); - sp_4096_cond_sub_71(t[0], t[0], m, ~(n >> 31)); + sp_4096_cond_sub_71(t[0], t[0], m, (sp_digit)~(n >> 31)); XMEMCPY(r, t[0], sizeof(*r) * 71 * 2); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -13797,13 +13761,12 @@ static int sp_4096_mod_exp_71(sp_digit* r, const sp_digit* a, const sp_digit* e, sp_4096_mont_reduce_71(rt, m, mp); n = sp_4096_cmp_71(rt, m); - sp_4096_cond_sub_71(rt, rt, m, ~(n >> 31)); + sp_4096_cond_sub_71(rt, rt, m, (sp_digit)~(n >> 31)); XMEMCPY(r, rt, sizeof(sp_digit) * 142); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -13923,20 +13886,20 @@ SP_NOINLINE static void sp_4096_mul_add_142(sp_digit* r, const sp_digit* a, t[1] = (tb * a[i+1]) + r[i+1]; t[2] = (tb * a[i+2]) + r[i+2]; t[3] = (tb * a[i+3]) + r[i+3]; - r[i+0] = t[0] & 0x1fffffff; + r[i+0] = (sp_digit)(t[0] & 0x1fffffff); t[1] += t[0] >> 29; - r[i+1] = t[1] & 0x1fffffff; + r[i+1] = (sp_digit)(t[1] & 0x1fffffff); t[2] += t[1] >> 29; - r[i+2] = t[2] & 0x1fffffff; + r[i+2] = (sp_digit)(t[2] & 0x1fffffff); t[3] += t[2] >> 29; - r[i+3] = t[3] & 0x1fffffff; + r[i+3] = (sp_digit)(t[3] & 0x1fffffff); t[0] = t[3] >> 29; } t[0] += (tb * a[140]) + r[140]; t[1] = (tb * a[141]) + r[141]; - r[140] = t[0] & 0x1fffffff; + r[140] = (sp_digit)(t[0] & 0x1fffffff); t[1] += t[0] >> 29; - r[141] = t[1] & 0x1fffffff; + r[141] = (sp_digit)(t[1] & 0x1fffffff); r[142] += (sp_digit)(t[1] >> 29); #endif /* !WOLFSSL_SP_LARGE_CODE */ } @@ -13953,7 +13916,7 @@ static void sp_4096_mont_shift_142(sp_digit* r, const sp_digit* a) n += ((sp_int64)a[142]) << 22; for (i = 0; i < 141; i++) { - r[i] = n & 0x1fffffff; + r[i] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[143 + i]) << 22; } @@ -13978,33 +13941,33 @@ static void sp_4096_mont_reduce_142(sp_digit* a, const sp_digit* m, sp_digit mp) #ifdef WOLFSSL_SP_DH if (mp != 1) { for (i=0; i<141; i++) { - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff); sp_4096_mul_add_142(a+i, m, mu); a[i+1] += a[i] >> 29; } - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x7fL; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x7fL); sp_4096_mul_add_142(a+i, m, mu); a[i+1] += a[i] >> 29; a[i] &= 0x1fffffff; } else { for (i=0; i<141; i++) { - mu = a[i] & 0x1fffffff; + mu = (sp_digit)(a[i] & 0x1fffffff); sp_4096_mul_add_142(a+i, m, mu); a[i+1] += a[i] >> 29; } - mu = a[i] & 0x7fL; + mu = (sp_digit)(a[i] & 0x7fL); sp_4096_mul_add_142(a+i, m, mu); a[i+1] += a[i] >> 29; a[i] &= 0x1fffffff; } #else for (i=0; i<141; i++) { - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff); sp_4096_mul_add_142(a+i, m, mu); a[i+1] += a[i] >> 29; } - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x7fL; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x7fL); sp_4096_mul_add_142(a+i, m, mu); a[i+1] += a[i] >> 29; a[i] &= 0x1fffffff; @@ -14110,7 +14073,7 @@ SP_NOINLINE static void sp_4096_rshift_142(sp_digit* r, const sp_digit* a, int i; for (i=0; i<141; i++) { - r[i] = ((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff; + r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff); } r[141] = a[141] >> n; } @@ -14287,8 +14250,7 @@ static int sp_4096_div_142(const sp_digit* a, const sp_digit* d, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -14401,14 +14363,13 @@ static int sp_4096_mod_exp_142(sp_digit* r, const sp_digit* a, const sp_digit* e sp_4096_mont_reduce_142(t[0], m, mp); n = sp_4096_cmp_142(t[0], m); - sp_4096_cond_sub_142(t[0], t[0], m, ~(n >> 31)); + sp_4096_cond_sub_142(t[0], t[0], m, (sp_digit)~(n >> 31)); XMEMCPY(r, t[0], sizeof(*r) * 142 * 2); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -14492,13 +14453,12 @@ static int sp_4096_mod_exp_142(sp_digit* r, const sp_digit* a, const sp_digit* e sp_4096_mont_reduce_142(t[0], m, mp); n = sp_4096_cmp_142(t[0], m); - sp_4096_cond_sub_142(t[0], t[0], m, ~(n >> 31)); + sp_4096_cond_sub_142(t[0], t[0], m, (sp_digit)~(n >> 31)); XMEMCPY(r, t[0], sizeof(*r) * 142 * 2); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -14621,13 +14581,12 @@ static int sp_4096_mod_exp_142(sp_digit* r, const sp_digit* a, const sp_digit* e sp_4096_mont_reduce_142(rt, m, mp); n = sp_4096_cmp_142(rt, m); - sp_4096_cond_sub_142(rt, rt, m, ~(n >> 31)); + sp_4096_cond_sub_142(rt, rt, m, (sp_digit)~(n >> 31)); XMEMCPY(r, rt, sizeof(sp_digit) * 284); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -14746,8 +14705,7 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (a != NULL) - XFREE(a, NULL, DYNAMIC_TYPE_RSA); + XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -14858,8 +14816,7 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (d != NULL) - XFREE(d, NULL, DYNAMIC_TYPE_RSA); + XFREE(d, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -15229,7 +15186,7 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm, } #ifdef WOLFSSL_SP_SMALL_STACK -if (a != NULL) + if (a != NULL) #endif { ForceZero(a, sizeof(sp_digit) * 71 * 13); @@ -15465,9 +15422,9 @@ SP_NOINLINE static void sp_4096_lshift_142(sp_digit* r, const sp_digit* a, r[142] = a[141] >> (29 - n); for (i=141; i>0; i--) { - r[i] = ((a[i] << n) | (a[i-1] >> (29 - n))) & 0x1fffffff; + r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (29 - n))) & 0x1fffffff); } - r[0] = (a[0] << n) & 0x1fffffff; + r[0] = (sp_digit)((a[0] << n) & 0x1fffffff); } /* Modular exponentiate 2 to the e mod m. (r = 2^e mod m) @@ -15577,12 +15534,11 @@ static int sp_4096_mod_exp_2_142(sp_digit* r, const sp_digit* e, int bits, const sp_4096_mont_reduce_142(r, m, mp); n = sp_4096_cmp_142(r, m); - sp_4096_cond_sub_142(r, r, m, ~(n >> 31)); + sp_4096_cond_sub_142(r, r, m, (sp_digit)~(n >> 31)); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -15965,29 +15921,29 @@ SP_NOINLINE static void sp_4096_mul_9(sp_digit* r, const sp_digit* a, t0 = ((sp_uint64)a[ 0]) * b[ 0]; t1 = ((sp_uint64)a[ 0]) * b[ 1] + ((sp_uint64)a[ 1]) * b[ 0]; - t[ 0] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[ 0] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_uint64)a[ 0]) * b[ 2] + ((sp_uint64)a[ 1]) * b[ 1] + ((sp_uint64)a[ 2]) * b[ 0]; - t[ 1] = t1 & 0x3ffffff; t0 += t1 >> 26; + t[ 1] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = ((sp_uint64)a[ 0]) * b[ 3] + ((sp_uint64)a[ 1]) * b[ 2] + ((sp_uint64)a[ 2]) * b[ 1] + ((sp_uint64)a[ 3]) * b[ 0]; - t[ 2] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[ 2] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_uint64)a[ 0]) * b[ 4] + ((sp_uint64)a[ 1]) * b[ 3] + ((sp_uint64)a[ 2]) * b[ 2] + ((sp_uint64)a[ 3]) * b[ 1] + ((sp_uint64)a[ 4]) * b[ 0]; - t[ 3] = t1 & 0x3ffffff; t0 += t1 >> 26; + t[ 3] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = ((sp_uint64)a[ 0]) * b[ 5] + ((sp_uint64)a[ 1]) * b[ 4] + ((sp_uint64)a[ 2]) * b[ 3] + ((sp_uint64)a[ 3]) * b[ 2] + ((sp_uint64)a[ 4]) * b[ 1] + ((sp_uint64)a[ 5]) * b[ 0]; - t[ 4] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[ 4] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_uint64)a[ 0]) * b[ 6] + ((sp_uint64)a[ 1]) * b[ 5] + ((sp_uint64)a[ 2]) * b[ 4] @@ -15995,7 +15951,7 @@ SP_NOINLINE static void sp_4096_mul_9(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[ 4]) * b[ 2] + ((sp_uint64)a[ 5]) * b[ 1] + ((sp_uint64)a[ 6]) * b[ 0]; - t[ 5] = t1 & 0x3ffffff; t0 += t1 >> 26; + t[ 5] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = ((sp_uint64)a[ 0]) * b[ 7] + ((sp_uint64)a[ 1]) * b[ 6] + ((sp_uint64)a[ 2]) * b[ 5] @@ -16004,7 +15960,7 @@ SP_NOINLINE static void sp_4096_mul_9(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[ 5]) * b[ 2] + ((sp_uint64)a[ 6]) * b[ 1] + ((sp_uint64)a[ 7]) * b[ 0]; - t[ 6] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[ 6] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_uint64)a[ 0]) * b[ 8] + ((sp_uint64)a[ 1]) * b[ 7] + ((sp_uint64)a[ 2]) * b[ 6] @@ -16014,7 +15970,7 @@ SP_NOINLINE static void sp_4096_mul_9(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[ 6]) * b[ 2] + ((sp_uint64)a[ 7]) * b[ 1] + ((sp_uint64)a[ 8]) * b[ 0]; - t[ 7] = t1 & 0x3ffffff; t0 += t1 >> 26; + t[ 7] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = ((sp_uint64)a[ 1]) * b[ 8] + ((sp_uint64)a[ 2]) * b[ 7] + ((sp_uint64)a[ 3]) * b[ 6] @@ -16023,7 +15979,7 @@ SP_NOINLINE static void sp_4096_mul_9(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[ 6]) * b[ 3] + ((sp_uint64)a[ 7]) * b[ 2] + ((sp_uint64)a[ 8]) * b[ 1]; - t[ 8] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[ 8] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_uint64)a[ 2]) * b[ 8] + ((sp_uint64)a[ 3]) * b[ 7] + ((sp_uint64)a[ 4]) * b[ 6] @@ -16031,35 +15987,35 @@ SP_NOINLINE static void sp_4096_mul_9(sp_digit* r, const sp_digit* a, + ((sp_uint64)a[ 6]) * b[ 4] + ((sp_uint64)a[ 7]) * b[ 3] + ((sp_uint64)a[ 8]) * b[ 2]; - r[ 9] = t1 & 0x3ffffff; t0 += t1 >> 26; + r[ 9] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = ((sp_uint64)a[ 3]) * b[ 8] + ((sp_uint64)a[ 4]) * b[ 7] + ((sp_uint64)a[ 5]) * b[ 6] + ((sp_uint64)a[ 6]) * b[ 5] + ((sp_uint64)a[ 7]) * b[ 4] + ((sp_uint64)a[ 8]) * b[ 3]; - r[10] = t0 & 0x3ffffff; t1 += t0 >> 26; + r[10] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_uint64)a[ 4]) * b[ 8] + ((sp_uint64)a[ 5]) * b[ 7] + ((sp_uint64)a[ 6]) * b[ 6] + ((sp_uint64)a[ 7]) * b[ 5] + ((sp_uint64)a[ 8]) * b[ 4]; - r[11] = t1 & 0x3ffffff; t0 += t1 >> 26; + r[11] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = ((sp_uint64)a[ 5]) * b[ 8] + ((sp_uint64)a[ 6]) * b[ 7] + ((sp_uint64)a[ 7]) * b[ 6] + ((sp_uint64)a[ 8]) * b[ 5]; - r[12] = t0 & 0x3ffffff; t1 += t0 >> 26; + r[12] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_uint64)a[ 6]) * b[ 8] + ((sp_uint64)a[ 7]) * b[ 7] + ((sp_uint64)a[ 8]) * b[ 6]; - r[13] = t1 & 0x3ffffff; t0 += t1 >> 26; + r[13] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = ((sp_uint64)a[ 7]) * b[ 8] + ((sp_uint64)a[ 8]) * b[ 7]; - r[14] = t0 & 0x3ffffff; t1 += t0 >> 26; + r[14] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_uint64)a[ 8]) * b[ 8]; - r[15] = t1 & 0x3ffffff; t0 += t1 >> 26; - r[16] = t0 & 0x3ffffff; + r[15] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; + r[16] = (sp_digit)(t0 & 0x3ffffff); r[17] = (sp_digit)(t0 >> 26); XMEMCPY(r, t, sizeof(t)); } @@ -16573,66 +16529,66 @@ SP_NOINLINE static void sp_4096_sqr_9(sp_digit* r, const sp_digit* a) t0 = ((sp_uint64)a[ 0]) * a[ 0]; t1 = (((sp_uint64)a[ 0]) * a[ 1]) * 2; - t[ 0] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[ 0] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = (((sp_uint64)a[ 0]) * a[ 2]) * 2 + ((sp_uint64)a[ 1]) * a[ 1]; - t[ 1] = t1 & 0x3ffffff; t0 += t1 >> 26; + t[ 1] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = (((sp_uint64)a[ 0]) * a[ 3] + ((sp_uint64)a[ 1]) * a[ 2]) * 2; - t[ 2] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[ 2] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = (((sp_uint64)a[ 0]) * a[ 4] + ((sp_uint64)a[ 1]) * a[ 3]) * 2 + ((sp_uint64)a[ 2]) * a[ 2]; - t[ 3] = t1 & 0x3ffffff; t0 += t1 >> 26; + t[ 3] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = (((sp_uint64)a[ 0]) * a[ 5] + ((sp_uint64)a[ 1]) * a[ 4] + ((sp_uint64)a[ 2]) * a[ 3]) * 2; - t[ 4] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[ 4] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = (((sp_uint64)a[ 0]) * a[ 6] + ((sp_uint64)a[ 1]) * a[ 5] + ((sp_uint64)a[ 2]) * a[ 4]) * 2 + ((sp_uint64)a[ 3]) * a[ 3]; - t[ 5] = t1 & 0x3ffffff; t0 += t1 >> 26; + t[ 5] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = (((sp_uint64)a[ 0]) * a[ 7] + ((sp_uint64)a[ 1]) * a[ 6] + ((sp_uint64)a[ 2]) * a[ 5] + ((sp_uint64)a[ 3]) * a[ 4]) * 2; - t[ 6] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[ 6] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = (((sp_uint64)a[ 0]) * a[ 8] + ((sp_uint64)a[ 1]) * a[ 7] + ((sp_uint64)a[ 2]) * a[ 6] + ((sp_uint64)a[ 3]) * a[ 5]) * 2 + ((sp_uint64)a[ 4]) * a[ 4]; - t[ 7] = t1 & 0x3ffffff; t0 += t1 >> 26; + t[ 7] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = (((sp_uint64)a[ 1]) * a[ 8] + ((sp_uint64)a[ 2]) * a[ 7] + ((sp_uint64)a[ 3]) * a[ 6] + ((sp_uint64)a[ 4]) * a[ 5]) * 2; - t[ 8] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[ 8] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = (((sp_uint64)a[ 2]) * a[ 8] + ((sp_uint64)a[ 3]) * a[ 7] + ((sp_uint64)a[ 4]) * a[ 6]) * 2 + ((sp_uint64)a[ 5]) * a[ 5]; - r[ 9] = t1 & 0x3ffffff; t0 += t1 >> 26; + r[ 9] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = (((sp_uint64)a[ 3]) * a[ 8] + ((sp_uint64)a[ 4]) * a[ 7] + ((sp_uint64)a[ 5]) * a[ 6]) * 2; - r[10] = t0 & 0x3ffffff; t1 += t0 >> 26; + r[10] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = (((sp_uint64)a[ 4]) * a[ 8] + ((sp_uint64)a[ 5]) * a[ 7]) * 2 + ((sp_uint64)a[ 6]) * a[ 6]; - r[11] = t1 & 0x3ffffff; t0 += t1 >> 26; + r[11] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = (((sp_uint64)a[ 5]) * a[ 8] + ((sp_uint64)a[ 6]) * a[ 7]) * 2; - r[12] = t0 & 0x3ffffff; t1 += t0 >> 26; + r[12] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = (((sp_uint64)a[ 6]) * a[ 8]) * 2 + ((sp_uint64)a[ 7]) * a[ 7]; - r[13] = t1 & 0x3ffffff; t0 += t1 >> 26; + r[13] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = (((sp_uint64)a[ 7]) * a[ 8]) * 2; - r[14] = t0 & 0x3ffffff; t1 += t0 >> 26; + r[14] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_uint64)a[ 8]) * a[ 8]; - r[15] = t1 & 0x3ffffff; t0 += t1 >> 26; - r[16] = t0 & 0x3ffffff; + r[15] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; + r[16] = (sp_digit)(t0 & 0x3ffffff); r[17] = (sp_digit)(t0 >> 26); XMEMCPY(r, t, sizeof(t)); } @@ -16980,25 +16936,25 @@ SP_NOINLINE static void sp_4096_mul_add_81(sp_digit* r, const sp_digit* a, t[5] = (tb * a[i+5]) + r[i+5]; t[6] = (tb * a[i+6]) + r[i+6]; t[7] = (tb * a[i+7]) + r[i+7]; - r[i+0] = t[0] & 0x3ffffff; + r[i+0] = (sp_digit)(t[0] & 0x3ffffff); t[1] += t[0] >> 26; - r[i+1] = t[1] & 0x3ffffff; + r[i+1] = (sp_digit)(t[1] & 0x3ffffff); t[2] += t[1] >> 26; - r[i+2] = t[2] & 0x3ffffff; + r[i+2] = (sp_digit)(t[2] & 0x3ffffff); t[3] += t[2] >> 26; - r[i+3] = t[3] & 0x3ffffff; + r[i+3] = (sp_digit)(t[3] & 0x3ffffff); t[4] += t[3] >> 26; - r[i+4] = t[4] & 0x3ffffff; + r[i+4] = (sp_digit)(t[4] & 0x3ffffff); t[5] += t[4] >> 26; - r[i+5] = t[5] & 0x3ffffff; + r[i+5] = (sp_digit)(t[5] & 0x3ffffff); t[6] += t[5] >> 26; - r[i+6] = t[6] & 0x3ffffff; + r[i+6] = (sp_digit)(t[6] & 0x3ffffff); t[7] += t[6] >> 26; - r[i+7] = t[7] & 0x3ffffff; + r[i+7] = (sp_digit)(t[7] & 0x3ffffff); t[0] = t[7] >> 26; } t[0] += (tb * a[80]) + r[80]; - r[80] = t[0] & 0x3ffffff; + r[80] = (sp_digit)(t[0] & 0x3ffffff); r[81] += (sp_digit)(t[0] >> 26); #endif /* !WOLFSSL_SP_LARGE_CODE */ } @@ -17014,29 +16970,29 @@ static void sp_4096_mont_shift_81(sp_digit* r, const sp_digit* a) sp_int64 n = a[78] >> 20; n += ((sp_int64)a[79]) << 6; for (i = 0; i < 72; i += 8) { - r[i + 0] = n & 0x3ffffff; + r[i + 0] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[i + 80]) << 6; - r[i + 1] = n & 0x3ffffff; + r[i + 1] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[i + 81]) << 6; - r[i + 2] = n & 0x3ffffff; + r[i + 2] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[i + 82]) << 6; - r[i + 3] = n & 0x3ffffff; + r[i + 3] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[i + 83]) << 6; - r[i + 4] = n & 0x3ffffff; + r[i + 4] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[i + 84]) << 6; - r[i + 5] = n & 0x3ffffff; + r[i + 5] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[i + 85]) << 6; - r[i + 6] = n & 0x3ffffff; + r[i + 6] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[i + 86]) << 6; - r[i + 7] = n & 0x3ffffff; + r[i + 7] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[i + 87]) << 6; } - r[72] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[152]) << 6; - r[73] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[153]) << 6; - r[74] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[154]) << 6; - r[75] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[155]) << 6; - r[76] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[156]) << 6; - r[77] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[157]) << 6; + r[72] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[152]) << 6; + r[73] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[153]) << 6; + r[74] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[154]) << 6; + r[75] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[155]) << 6; + r[76] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[156]) << 6; + r[77] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[157]) << 6; r[78] = (sp_digit)n; XMEMSET(&r[79], 0, sizeof(*r) * 79U); } @@ -17056,11 +17012,11 @@ static void sp_4096_mont_reduce_81(sp_digit* a, const sp_digit* m, sp_digit mp) sp_4096_norm_81(a + 79); for (i=0; i<78; i++) { - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffff; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffff); sp_4096_mul_add_81(a+i, m, mu); a[i+1] += a[i] >> 26; } - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffL; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffL); sp_4096_mul_add_81(a+i, m, mu); a[i+1] += a[i] >> 26; a[i] &= 0x3ffffff; @@ -17177,14 +17133,14 @@ SP_NOINLINE static void sp_4096_rshift_81(sp_digit* r, const sp_digit* a, int i; for (i=0; i<80; i += 8) { - r[i+0] = (a[i+0] >> n) | ((a[i+1] << (26 - n)) & 0x3ffffff); - r[i+1] = (a[i+1] >> n) | ((a[i+2] << (26 - n)) & 0x3ffffff); - r[i+2] = (a[i+2] >> n) | ((a[i+3] << (26 - n)) & 0x3ffffff); - r[i+3] = (a[i+3] >> n) | ((a[i+4] << (26 - n)) & 0x3ffffff); - r[i+4] = (a[i+4] >> n) | ((a[i+5] << (26 - n)) & 0x3ffffff); - r[i+5] = (a[i+5] >> n) | ((a[i+6] << (26 - n)) & 0x3ffffff); - r[i+6] = (a[i+6] >> n) | ((a[i+7] << (26 - n)) & 0x3ffffff); - r[i+7] = (a[i+7] >> n) | ((a[i+8] << (26 - n)) & 0x3ffffff); + r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (26 - n)) & 0x3ffffff); + r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (26 - n)) & 0x3ffffff); + r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (26 - n)) & 0x3ffffff); + r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (26 - n)) & 0x3ffffff); + r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (26 - n)) & 0x3ffffff); + r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (26 - n)) & 0x3ffffff); + r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (26 - n)) & 0x3ffffff); + r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (26 - n)) & 0x3ffffff); } r[80] = a[80] >> n; } @@ -17362,8 +17318,7 @@ static int sp_4096_div_81(const sp_digit* a, const sp_digit* d, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -17475,14 +17430,13 @@ static int sp_4096_mod_exp_81(sp_digit* r, const sp_digit* a, const sp_digit* e, sp_4096_mont_reduce_81(t[0], m, mp); n = sp_4096_cmp_81(t[0], m); - sp_4096_cond_sub_81(t[0], t[0], m, ~(n >> 31)); + sp_4096_cond_sub_81(t[0], t[0], m, (sp_digit)~(n >> 31)); XMEMCPY(r, t[0], sizeof(*r) * 81 * 2); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -17566,13 +17520,12 @@ static int sp_4096_mod_exp_81(sp_digit* r, const sp_digit* a, const sp_digit* e, sp_4096_mont_reduce_81(t[0], m, mp); n = sp_4096_cmp_81(t[0], m); - sp_4096_cond_sub_81(t[0], t[0], m, ~(n >> 31)); + sp_4096_cond_sub_81(t[0], t[0], m, (sp_digit)~(n >> 31)); XMEMCPY(r, t[0], sizeof(*r) * 81 * 2); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -17712,13 +17665,12 @@ static int sp_4096_mod_exp_81(sp_digit* r, const sp_digit* a, const sp_digit* e, sp_4096_mont_reduce_81(rt, m, mp); n = sp_4096_cmp_81(rt, m); - sp_4096_cond_sub_81(rt, rt, m, ~(n >> 31)); + sp_4096_cond_sub_81(rt, rt, m, (sp_digit)~(n >> 31)); XMEMCPY(r, rt, sizeof(sp_digit) * 162); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -17858,28 +17810,28 @@ SP_NOINLINE static void sp_4096_mul_add_162(sp_digit* r, const sp_digit* a, t[5] = (tb * a[i+5]) + r[i+5]; t[6] = (tb * a[i+6]) + r[i+6]; t[7] = (tb * a[i+7]) + r[i+7]; - r[i+0] = t[0] & 0x3ffffff; + r[i+0] = (sp_digit)(t[0] & 0x3ffffff); t[1] += t[0] >> 26; - r[i+1] = t[1] & 0x3ffffff; + r[i+1] = (sp_digit)(t[1] & 0x3ffffff); t[2] += t[1] >> 26; - r[i+2] = t[2] & 0x3ffffff; + r[i+2] = (sp_digit)(t[2] & 0x3ffffff); t[3] += t[2] >> 26; - r[i+3] = t[3] & 0x3ffffff; + r[i+3] = (sp_digit)(t[3] & 0x3ffffff); t[4] += t[3] >> 26; - r[i+4] = t[4] & 0x3ffffff; + r[i+4] = (sp_digit)(t[4] & 0x3ffffff); t[5] += t[4] >> 26; - r[i+5] = t[5] & 0x3ffffff; + r[i+5] = (sp_digit)(t[5] & 0x3ffffff); t[6] += t[5] >> 26; - r[i+6] = t[6] & 0x3ffffff; + r[i+6] = (sp_digit)(t[6] & 0x3ffffff); t[7] += t[6] >> 26; - r[i+7] = t[7] & 0x3ffffff; + r[i+7] = (sp_digit)(t[7] & 0x3ffffff); t[0] = t[7] >> 26; } t[0] += (tb * a[160]) + r[160]; t[1] = (tb * a[161]) + r[161]; - r[160] = t[0] & 0x3ffffff; + r[160] = (sp_digit)(t[0] & 0x3ffffff); t[1] += t[0] >> 26; - r[161] = t[1] & 0x3ffffff; + r[161] = (sp_digit)(t[1] & 0x3ffffff); r[162] += (sp_digit)(t[1] >> 26); #endif /* !WOLFSSL_SP_LARGE_CODE */ } @@ -17895,28 +17847,28 @@ static void sp_4096_mont_shift_162(sp_digit* r, const sp_digit* a) sp_int64 n = a[157] >> 14; n += ((sp_int64)a[158]) << 12; for (i = 0; i < 152; i += 8) { - r[i + 0] = n & 0x3ffffff; + r[i + 0] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[i + 159]) << 12; - r[i + 1] = n & 0x3ffffff; + r[i + 1] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[i + 160]) << 12; - r[i + 2] = n & 0x3ffffff; + r[i + 2] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[i + 161]) << 12; - r[i + 3] = n & 0x3ffffff; + r[i + 3] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[i + 162]) << 12; - r[i + 4] = n & 0x3ffffff; + r[i + 4] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[i + 163]) << 12; - r[i + 5] = n & 0x3ffffff; + r[i + 5] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[i + 164]) << 12; - r[i + 6] = n & 0x3ffffff; + r[i + 6] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[i + 165]) << 12; - r[i + 7] = n & 0x3ffffff; + r[i + 7] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[i + 166]) << 12; } - r[152] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[311]) << 12; - r[153] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[312]) << 12; - r[154] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[313]) << 12; - r[155] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[314]) << 12; - r[156] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[315]) << 12; + r[152] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[311]) << 12; + r[153] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[312]) << 12; + r[154] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[313]) << 12; + r[155] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[314]) << 12; + r[156] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[315]) << 12; r[157] = (sp_digit)n; XMEMSET(&r[158], 0, sizeof(*r) * 158U); } @@ -17938,33 +17890,33 @@ static void sp_4096_mont_reduce_162(sp_digit* a, const sp_digit* m, sp_digit mp) #ifdef WOLFSSL_SP_DH if (mp != 1) { for (i=0; i<157; i++) { - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffff; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffff); sp_4096_mul_add_162(a+i, m, mu); a[i+1] += a[i] >> 26; } - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x3fffL; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x3fffL); sp_4096_mul_add_162(a+i, m, mu); a[i+1] += a[i] >> 26; a[i] &= 0x3ffffff; } else { for (i=0; i<157; i++) { - mu = a[i] & 0x3ffffff; + mu = (sp_digit)(a[i] & 0x3ffffff); sp_4096_mul_add_162(a+i, m, mu); a[i+1] += a[i] >> 26; } - mu = a[i] & 0x3fffL; + mu = (sp_digit)(a[i] & 0x3fffL); sp_4096_mul_add_162(a+i, m, mu); a[i+1] += a[i] >> 26; a[i] &= 0x3ffffff; } #else for (i=0; i<157; i++) { - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffff; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffff); sp_4096_mul_add_162(a+i, m, mu); a[i+1] += a[i] >> 26; } - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x3fffL; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x3fffL); sp_4096_mul_add_162(a+i, m, mu); a[i+1] += a[i] >> 26; a[i] &= 0x3ffffff; @@ -18080,16 +18032,16 @@ SP_NOINLINE static void sp_4096_rshift_162(sp_digit* r, const sp_digit* a, int i; for (i=0; i<160; i += 8) { - r[i+0] = (a[i+0] >> n) | ((a[i+1] << (26 - n)) & 0x3ffffff); - r[i+1] = (a[i+1] >> n) | ((a[i+2] << (26 - n)) & 0x3ffffff); - r[i+2] = (a[i+2] >> n) | ((a[i+3] << (26 - n)) & 0x3ffffff); - r[i+3] = (a[i+3] >> n) | ((a[i+4] << (26 - n)) & 0x3ffffff); - r[i+4] = (a[i+4] >> n) | ((a[i+5] << (26 - n)) & 0x3ffffff); - r[i+5] = (a[i+5] >> n) | ((a[i+6] << (26 - n)) & 0x3ffffff); - r[i+6] = (a[i+6] >> n) | ((a[i+7] << (26 - n)) & 0x3ffffff); - r[i+7] = (a[i+7] >> n) | ((a[i+8] << (26 - n)) & 0x3ffffff); - } - r[160] = (a[160] >> n) | ((a[161] << (26 - n)) & 0x3ffffff); + r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (26 - n)) & 0x3ffffff); + r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (26 - n)) & 0x3ffffff); + r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (26 - n)) & 0x3ffffff); + r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (26 - n)) & 0x3ffffff); + r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (26 - n)) & 0x3ffffff); + r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (26 - n)) & 0x3ffffff); + r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (26 - n)) & 0x3ffffff); + r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (26 - n)) & 0x3ffffff); + } + r[160] = (a[160] >> n) | (sp_digit)((a[161] << (26 - n)) & 0x3ffffff); r[161] = a[161] >> n; } @@ -18268,8 +18220,7 @@ static int sp_4096_div_162(const sp_digit* a, const sp_digit* d, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -18384,14 +18335,13 @@ static int sp_4096_mod_exp_162(sp_digit* r, const sp_digit* a, const sp_digit* e sp_4096_mont_reduce_162(t[0], m, mp); n = sp_4096_cmp_162(t[0], m); - sp_4096_cond_sub_162(t[0], t[0], m, ~(n >> 31)); + sp_4096_cond_sub_162(t[0], t[0], m, (sp_digit)~(n >> 31)); XMEMCPY(r, t[0], sizeof(*r) * 162 * 2); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -18475,13 +18425,12 @@ static int sp_4096_mod_exp_162(sp_digit* r, const sp_digit* a, const sp_digit* e sp_4096_mont_reduce_162(t[0], m, mp); n = sp_4096_cmp_162(t[0], m); - sp_4096_cond_sub_162(t[0], t[0], m, ~(n >> 31)); + sp_4096_cond_sub_162(t[0], t[0], m, (sp_digit)~(n >> 31)); XMEMCPY(r, t[0], sizeof(*r) * 162 * 2); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -18604,13 +18553,12 @@ static int sp_4096_mod_exp_162(sp_digit* r, const sp_digit* a, const sp_digit* e sp_4096_mont_reduce_162(rt, m, mp); n = sp_4096_cmp_162(rt, m); - sp_4096_cond_sub_162(rt, rt, m, ~(n >> 31)); + sp_4096_cond_sub_162(rt, rt, m, (sp_digit)~(n >> 31)); XMEMCPY(r, rt, sizeof(sp_digit) * 324); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -18731,8 +18679,7 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (a != NULL) - XFREE(a, NULL, DYNAMIC_TYPE_RSA); + XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -18843,8 +18790,7 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (d != NULL) - XFREE(d, NULL, DYNAMIC_TYPE_RSA); + XFREE(d, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -19214,7 +19160,7 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm, } #ifdef WOLFSSL_SP_SMALL_STACK -if (a != NULL) + if (a != NULL) #endif { ForceZero(a, sizeof(sp_digit) * 81 * 13); @@ -19452,328 +19398,328 @@ SP_NOINLINE static void sp_4096_lshift_162(sp_digit* r, const sp_digit* a, s = (sp_int_digit)a[161]; r[162] = s >> (26U - n); s = (sp_int_digit)(a[161]); t = (sp_int_digit)(a[160]); - r[161] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[161] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[160]); t = (sp_int_digit)(a[159]); - r[160] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[160] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[159]); t = (sp_int_digit)(a[158]); - r[159] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[159] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[158]); t = (sp_int_digit)(a[157]); - r[158] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[158] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[157]); t = (sp_int_digit)(a[156]); - r[157] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[157] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[156]); t = (sp_int_digit)(a[155]); - r[156] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[156] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[155]); t = (sp_int_digit)(a[154]); - r[155] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[155] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[154]); t = (sp_int_digit)(a[153]); - r[154] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[154] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[153]); t = (sp_int_digit)(a[152]); - r[153] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[153] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[152]); t = (sp_int_digit)(a[151]); - r[152] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[152] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[151]); t = (sp_int_digit)(a[150]); - r[151] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[151] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[150]); t = (sp_int_digit)(a[149]); - r[150] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[150] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[149]); t = (sp_int_digit)(a[148]); - r[149] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[149] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[148]); t = (sp_int_digit)(a[147]); - r[148] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[148] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[147]); t = (sp_int_digit)(a[146]); - r[147] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[147] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[146]); t = (sp_int_digit)(a[145]); - r[146] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[146] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[145]); t = (sp_int_digit)(a[144]); - r[145] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[145] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[144]); t = (sp_int_digit)(a[143]); - r[144] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[144] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[143]); t = (sp_int_digit)(a[142]); - r[143] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[143] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[142]); t = (sp_int_digit)(a[141]); - r[142] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[142] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[141]); t = (sp_int_digit)(a[140]); - r[141] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[141] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[140]); t = (sp_int_digit)(a[139]); - r[140] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[140] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[139]); t = (sp_int_digit)(a[138]); - r[139] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[139] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[138]); t = (sp_int_digit)(a[137]); - r[138] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[138] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[137]); t = (sp_int_digit)(a[136]); - r[137] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[137] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[136]); t = (sp_int_digit)(a[135]); - r[136] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[136] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[135]); t = (sp_int_digit)(a[134]); - r[135] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[135] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[134]); t = (sp_int_digit)(a[133]); - r[134] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[134] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[133]); t = (sp_int_digit)(a[132]); - r[133] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[133] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[132]); t = (sp_int_digit)(a[131]); - r[132] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[132] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[131]); t = (sp_int_digit)(a[130]); - r[131] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[131] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[130]); t = (sp_int_digit)(a[129]); - r[130] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[130] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[129]); t = (sp_int_digit)(a[128]); - r[129] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[129] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[128]); t = (sp_int_digit)(a[127]); - r[128] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[128] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[127]); t = (sp_int_digit)(a[126]); - r[127] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[127] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[126]); t = (sp_int_digit)(a[125]); - r[126] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[126] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[125]); t = (sp_int_digit)(a[124]); - r[125] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[125] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[124]); t = (sp_int_digit)(a[123]); - r[124] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[124] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[123]); t = (sp_int_digit)(a[122]); - r[123] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[123] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[122]); t = (sp_int_digit)(a[121]); - r[122] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[122] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[121]); t = (sp_int_digit)(a[120]); - r[121] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[121] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[120]); t = (sp_int_digit)(a[119]); - r[120] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[120] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[119]); t = (sp_int_digit)(a[118]); - r[119] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[119] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[118]); t = (sp_int_digit)(a[117]); - r[118] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[118] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[117]); t = (sp_int_digit)(a[116]); - r[117] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[117] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[116]); t = (sp_int_digit)(a[115]); - r[116] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[116] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[115]); t = (sp_int_digit)(a[114]); - r[115] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[115] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[114]); t = (sp_int_digit)(a[113]); - r[114] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[114] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[113]); t = (sp_int_digit)(a[112]); - r[113] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[113] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[112]); t = (sp_int_digit)(a[111]); - r[112] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[112] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[111]); t = (sp_int_digit)(a[110]); - r[111] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[111] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[110]); t = (sp_int_digit)(a[109]); - r[110] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[110] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[109]); t = (sp_int_digit)(a[108]); - r[109] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[109] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[108]); t = (sp_int_digit)(a[107]); - r[108] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[108] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[107]); t = (sp_int_digit)(a[106]); - r[107] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[107] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[106]); t = (sp_int_digit)(a[105]); - r[106] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[106] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[105]); t = (sp_int_digit)(a[104]); - r[105] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[105] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[104]); t = (sp_int_digit)(a[103]); - r[104] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[104] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[103]); t = (sp_int_digit)(a[102]); - r[103] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[103] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[102]); t = (sp_int_digit)(a[101]); - r[102] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[102] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[101]); t = (sp_int_digit)(a[100]); - r[101] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[101] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[100]); t = (sp_int_digit)(a[99]); - r[100] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[100] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[99]); t = (sp_int_digit)(a[98]); - r[99] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[99] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[98]); t = (sp_int_digit)(a[97]); - r[98] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[98] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[97]); t = (sp_int_digit)(a[96]); - r[97] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[97] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[96]); t = (sp_int_digit)(a[95]); - r[96] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[96] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[95]); t = (sp_int_digit)(a[94]); - r[95] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[95] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[94]); t = (sp_int_digit)(a[93]); - r[94] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[94] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[93]); t = (sp_int_digit)(a[92]); - r[93] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[93] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[92]); t = (sp_int_digit)(a[91]); - r[92] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[92] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[91]); t = (sp_int_digit)(a[90]); - r[91] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[91] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[90]); t = (sp_int_digit)(a[89]); - r[90] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[90] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[89]); t = (sp_int_digit)(a[88]); - r[89] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[89] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[88]); t = (sp_int_digit)(a[87]); - r[88] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[88] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[87]); t = (sp_int_digit)(a[86]); - r[87] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[87] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[86]); t = (sp_int_digit)(a[85]); - r[86] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[86] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[85]); t = (sp_int_digit)(a[84]); - r[85] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[85] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[84]); t = (sp_int_digit)(a[83]); - r[84] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[84] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[83]); t = (sp_int_digit)(a[82]); - r[83] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[83] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[82]); t = (sp_int_digit)(a[81]); - r[82] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[82] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[81]); t = (sp_int_digit)(a[80]); - r[81] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[81] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[80]); t = (sp_int_digit)(a[79]); - r[80] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[80] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[79]); t = (sp_int_digit)(a[78]); - r[79] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[79] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[78]); t = (sp_int_digit)(a[77]); - r[78] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[78] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[77]); t = (sp_int_digit)(a[76]); - r[77] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[77] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[76]); t = (sp_int_digit)(a[75]); - r[76] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[76] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[75]); t = (sp_int_digit)(a[74]); - r[75] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[75] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[74]); t = (sp_int_digit)(a[73]); - r[74] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[74] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[73]); t = (sp_int_digit)(a[72]); - r[73] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[73] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[72]); t = (sp_int_digit)(a[71]); - r[72] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[72] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[71]); t = (sp_int_digit)(a[70]); - r[71] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[71] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[70]); t = (sp_int_digit)(a[69]); - r[70] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[70] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[69]); t = (sp_int_digit)(a[68]); - r[69] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[69] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[68]); t = (sp_int_digit)(a[67]); - r[68] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[68] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[67]); t = (sp_int_digit)(a[66]); - r[67] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[67] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[66]); t = (sp_int_digit)(a[65]); - r[66] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[66] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[65]); t = (sp_int_digit)(a[64]); - r[65] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[65] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[64]); t = (sp_int_digit)(a[63]); - r[64] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[64] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[63]); t = (sp_int_digit)(a[62]); - r[63] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[63] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[62]); t = (sp_int_digit)(a[61]); - r[62] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[62] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[61]); t = (sp_int_digit)(a[60]); - r[61] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[61] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[60]); t = (sp_int_digit)(a[59]); - r[60] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[60] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[59]); t = (sp_int_digit)(a[58]); - r[59] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[59] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[58]); t = (sp_int_digit)(a[57]); - r[58] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[58] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[57]); t = (sp_int_digit)(a[56]); - r[57] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[57] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[56]); t = (sp_int_digit)(a[55]); - r[56] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[56] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[55]); t = (sp_int_digit)(a[54]); - r[55] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[55] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[54]); t = (sp_int_digit)(a[53]); - r[54] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[54] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[53]); t = (sp_int_digit)(a[52]); - r[53] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[53] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[52]); t = (sp_int_digit)(a[51]); - r[52] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[52] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[51]); t = (sp_int_digit)(a[50]); - r[51] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[51] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[50]); t = (sp_int_digit)(a[49]); - r[50] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[50] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[49]); t = (sp_int_digit)(a[48]); - r[49] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[49] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[48]); t = (sp_int_digit)(a[47]); - r[48] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[48] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[47]); t = (sp_int_digit)(a[46]); - r[47] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[47] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[46]); t = (sp_int_digit)(a[45]); - r[46] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[46] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[45]); t = (sp_int_digit)(a[44]); - r[45] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[45] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[44]); t = (sp_int_digit)(a[43]); - r[44] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[44] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[43]); t = (sp_int_digit)(a[42]); - r[43] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[43] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[42]); t = (sp_int_digit)(a[41]); - r[42] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[42] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[41]); t = (sp_int_digit)(a[40]); - r[41] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[41] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[40]); t = (sp_int_digit)(a[39]); - r[40] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[40] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[39]); t = (sp_int_digit)(a[38]); - r[39] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[39] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[38]); t = (sp_int_digit)(a[37]); - r[38] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[38] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[37]); t = (sp_int_digit)(a[36]); - r[37] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[37] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[36]); t = (sp_int_digit)(a[35]); - r[36] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[36] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[35]); t = (sp_int_digit)(a[34]); - r[35] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[35] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[34]); t = (sp_int_digit)(a[33]); - r[34] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[34] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[33]); t = (sp_int_digit)(a[32]); - r[33] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[33] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[32]); t = (sp_int_digit)(a[31]); - r[32] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[32] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[31]); t = (sp_int_digit)(a[30]); - r[31] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[31] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[30]); t = (sp_int_digit)(a[29]); - r[30] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[30] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[29]); t = (sp_int_digit)(a[28]); - r[29] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[29] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[28]); t = (sp_int_digit)(a[27]); - r[28] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[28] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[27]); t = (sp_int_digit)(a[26]); - r[27] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[27] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[26]); t = (sp_int_digit)(a[25]); - r[26] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[26] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[25]); t = (sp_int_digit)(a[24]); - r[25] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[25] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[24]); t = (sp_int_digit)(a[23]); - r[24] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[24] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[23]); t = (sp_int_digit)(a[22]); - r[23] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[23] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[22]); t = (sp_int_digit)(a[21]); - r[22] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[22] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[21]); t = (sp_int_digit)(a[20]); - r[21] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[21] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[20]); t = (sp_int_digit)(a[19]); - r[20] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[20] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[19]); t = (sp_int_digit)(a[18]); - r[19] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[19] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[18]); t = (sp_int_digit)(a[17]); - r[18] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[18] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[17]); t = (sp_int_digit)(a[16]); - r[17] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[17] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[16]); t = (sp_int_digit)(a[15]); - r[16] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[16] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[15]); t = (sp_int_digit)(a[14]); - r[15] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[15] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[14]); t = (sp_int_digit)(a[13]); - r[14] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[14] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[13]); t = (sp_int_digit)(a[12]); - r[13] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[13] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[12]); t = (sp_int_digit)(a[11]); - r[12] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[12] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[11]); t = (sp_int_digit)(a[10]); - r[11] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[11] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[10]); t = (sp_int_digit)(a[9]); - r[10] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[10] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]); - r[9] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[9] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]); - r[8] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[8] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]); - r[7] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[7] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]); - r[6] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[6] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]); - r[5] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[5] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]); - r[4] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[4] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]); - r[3] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[3] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]); - r[2] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[2] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]); - r[1] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; - r[0] = (a[0] << n) & 0x3ffffff; + r[1] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); + r[0] = (sp_digit)((a[0] << n) & 0x3ffffff); } /* Modular exponentiate 2 to the e mod m. (r = 2^e mod m) @@ -19883,12 +19829,11 @@ static int sp_4096_mod_exp_2_162(sp_digit* r, const sp_digit* e, int bits, const sp_4096_mont_reduce_162(r, m, mp); n = sp_4096_cmp_162(r, m); - sp_4096_cond_sub_162(r, r, m, ~(n >> 31)); + sp_4096_cond_sub_162(r, r, m, (sp_digit)~(n >> 31)); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -20139,29 +20084,29 @@ SP_NOINLINE static void sp_256_mul_9(sp_digit* r, const sp_digit* a, t0 = ((sp_int64)a[ 0]) * b[ 0]; t1 = ((sp_int64)a[ 0]) * b[ 1] + ((sp_int64)a[ 1]) * b[ 0]; - t[ 0] = t0 & 0x1fffffff; t1 += t0 >> 29; + t[ 0] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = ((sp_int64)a[ 0]) * b[ 2] + ((sp_int64)a[ 1]) * b[ 1] + ((sp_int64)a[ 2]) * b[ 0]; - t[ 1] = t1 & 0x1fffffff; t0 += t1 >> 29; + t[ 1] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = ((sp_int64)a[ 0]) * b[ 3] + ((sp_int64)a[ 1]) * b[ 2] + ((sp_int64)a[ 2]) * b[ 1] + ((sp_int64)a[ 3]) * b[ 0]; - t[ 2] = t0 & 0x1fffffff; t1 += t0 >> 29; + t[ 2] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = ((sp_int64)a[ 0]) * b[ 4] + ((sp_int64)a[ 1]) * b[ 3] + ((sp_int64)a[ 2]) * b[ 2] + ((sp_int64)a[ 3]) * b[ 1] + ((sp_int64)a[ 4]) * b[ 0]; - t[ 3] = t1 & 0x1fffffff; t0 += t1 >> 29; + t[ 3] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = ((sp_int64)a[ 0]) * b[ 5] + ((sp_int64)a[ 1]) * b[ 4] + ((sp_int64)a[ 2]) * b[ 3] + ((sp_int64)a[ 3]) * b[ 2] + ((sp_int64)a[ 4]) * b[ 1] + ((sp_int64)a[ 5]) * b[ 0]; - t[ 4] = t0 & 0x1fffffff; t1 += t0 >> 29; + t[ 4] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = ((sp_int64)a[ 0]) * b[ 6] + ((sp_int64)a[ 1]) * b[ 5] + ((sp_int64)a[ 2]) * b[ 4] @@ -20169,7 +20114,7 @@ SP_NOINLINE static void sp_256_mul_9(sp_digit* r, const sp_digit* a, + ((sp_int64)a[ 4]) * b[ 2] + ((sp_int64)a[ 5]) * b[ 1] + ((sp_int64)a[ 6]) * b[ 0]; - t[ 5] = t1 & 0x1fffffff; t0 += t1 >> 29; + t[ 5] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = ((sp_int64)a[ 0]) * b[ 7] + ((sp_int64)a[ 1]) * b[ 6] + ((sp_int64)a[ 2]) * b[ 5] @@ -20178,7 +20123,7 @@ SP_NOINLINE static void sp_256_mul_9(sp_digit* r, const sp_digit* a, + ((sp_int64)a[ 5]) * b[ 2] + ((sp_int64)a[ 6]) * b[ 1] + ((sp_int64)a[ 7]) * b[ 0]; - t[ 6] = t0 & 0x1fffffff; t1 += t0 >> 29; + t[ 6] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = ((sp_int64)a[ 0]) * b[ 8] + ((sp_int64)a[ 1]) * b[ 7] + ((sp_int64)a[ 2]) * b[ 6] @@ -20188,7 +20133,7 @@ SP_NOINLINE static void sp_256_mul_9(sp_digit* r, const sp_digit* a, + ((sp_int64)a[ 6]) * b[ 2] + ((sp_int64)a[ 7]) * b[ 1] + ((sp_int64)a[ 8]) * b[ 0]; - t[ 7] = t1 & 0x1fffffff; t0 += t1 >> 29; + t[ 7] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = ((sp_int64)a[ 1]) * b[ 8] + ((sp_int64)a[ 2]) * b[ 7] + ((sp_int64)a[ 3]) * b[ 6] @@ -20197,7 +20142,7 @@ SP_NOINLINE static void sp_256_mul_9(sp_digit* r, const sp_digit* a, + ((sp_int64)a[ 6]) * b[ 3] + ((sp_int64)a[ 7]) * b[ 2] + ((sp_int64)a[ 8]) * b[ 1]; - t[ 8] = t0 & 0x1fffffff; t1 += t0 >> 29; + t[ 8] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = ((sp_int64)a[ 2]) * b[ 8] + ((sp_int64)a[ 3]) * b[ 7] + ((sp_int64)a[ 4]) * b[ 6] @@ -20205,35 +20150,35 @@ SP_NOINLINE static void sp_256_mul_9(sp_digit* r, const sp_digit* a, + ((sp_int64)a[ 6]) * b[ 4] + ((sp_int64)a[ 7]) * b[ 3] + ((sp_int64)a[ 8]) * b[ 2]; - r[ 9] = t1 & 0x1fffffff; t0 += t1 >> 29; + r[ 9] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = ((sp_int64)a[ 3]) * b[ 8] + ((sp_int64)a[ 4]) * b[ 7] + ((sp_int64)a[ 5]) * b[ 6] + ((sp_int64)a[ 6]) * b[ 5] + ((sp_int64)a[ 7]) * b[ 4] + ((sp_int64)a[ 8]) * b[ 3]; - r[10] = t0 & 0x1fffffff; t1 += t0 >> 29; + r[10] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = ((sp_int64)a[ 4]) * b[ 8] + ((sp_int64)a[ 5]) * b[ 7] + ((sp_int64)a[ 6]) * b[ 6] + ((sp_int64)a[ 7]) * b[ 5] + ((sp_int64)a[ 8]) * b[ 4]; - r[11] = t1 & 0x1fffffff; t0 += t1 >> 29; + r[11] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = ((sp_int64)a[ 5]) * b[ 8] + ((sp_int64)a[ 6]) * b[ 7] + ((sp_int64)a[ 7]) * b[ 6] + ((sp_int64)a[ 8]) * b[ 5]; - r[12] = t0 & 0x1fffffff; t1 += t0 >> 29; + r[12] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = ((sp_int64)a[ 6]) * b[ 8] + ((sp_int64)a[ 7]) * b[ 7] + ((sp_int64)a[ 8]) * b[ 6]; - r[13] = t1 & 0x1fffffff; t0 += t1 >> 29; + r[13] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = ((sp_int64)a[ 7]) * b[ 8] + ((sp_int64)a[ 8]) * b[ 7]; - r[14] = t0 & 0x1fffffff; t1 += t0 >> 29; + r[14] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = ((sp_int64)a[ 8]) * b[ 8]; - r[15] = t1 & 0x1fffffff; t0 += t1 >> 29; - r[16] = t0 & 0x1fffffff; + r[15] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; + r[16] = (sp_digit)(t0 & 0x1fffffff); r[17] = (sp_digit)(t0 >> 29); XMEMCPY(r, t, sizeof(t)); } @@ -20295,66 +20240,66 @@ SP_NOINLINE static void sp_256_sqr_9(sp_digit* r, const sp_digit* a) t0 = ((sp_int64)a[ 0]) * a[ 0]; t1 = (((sp_int64)a[ 0]) * a[ 1]) * 2; - t[ 0] = t0 & 0x1fffffff; t1 += t0 >> 29; + t[ 0] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = (((sp_int64)a[ 0]) * a[ 2]) * 2 + ((sp_int64)a[ 1]) * a[ 1]; - t[ 1] = t1 & 0x1fffffff; t0 += t1 >> 29; + t[ 1] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = (((sp_int64)a[ 0]) * a[ 3] + ((sp_int64)a[ 1]) * a[ 2]) * 2; - t[ 2] = t0 & 0x1fffffff; t1 += t0 >> 29; + t[ 2] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = (((sp_int64)a[ 0]) * a[ 4] + ((sp_int64)a[ 1]) * a[ 3]) * 2 + ((sp_int64)a[ 2]) * a[ 2]; - t[ 3] = t1 & 0x1fffffff; t0 += t1 >> 29; + t[ 3] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = (((sp_int64)a[ 0]) * a[ 5] + ((sp_int64)a[ 1]) * a[ 4] + ((sp_int64)a[ 2]) * a[ 3]) * 2; - t[ 4] = t0 & 0x1fffffff; t1 += t0 >> 29; + t[ 4] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = (((sp_int64)a[ 0]) * a[ 6] + ((sp_int64)a[ 1]) * a[ 5] + ((sp_int64)a[ 2]) * a[ 4]) * 2 + ((sp_int64)a[ 3]) * a[ 3]; - t[ 5] = t1 & 0x1fffffff; t0 += t1 >> 29; + t[ 5] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = (((sp_int64)a[ 0]) * a[ 7] + ((sp_int64)a[ 1]) * a[ 6] + ((sp_int64)a[ 2]) * a[ 5] + ((sp_int64)a[ 3]) * a[ 4]) * 2; - t[ 6] = t0 & 0x1fffffff; t1 += t0 >> 29; + t[ 6] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = (((sp_int64)a[ 0]) * a[ 8] + ((sp_int64)a[ 1]) * a[ 7] + ((sp_int64)a[ 2]) * a[ 6] + ((sp_int64)a[ 3]) * a[ 5]) * 2 + ((sp_int64)a[ 4]) * a[ 4]; - t[ 7] = t1 & 0x1fffffff; t0 += t1 >> 29; + t[ 7] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = (((sp_int64)a[ 1]) * a[ 8] + ((sp_int64)a[ 2]) * a[ 7] + ((sp_int64)a[ 3]) * a[ 6] + ((sp_int64)a[ 4]) * a[ 5]) * 2; - t[ 8] = t0 & 0x1fffffff; t1 += t0 >> 29; + t[ 8] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = (((sp_int64)a[ 2]) * a[ 8] + ((sp_int64)a[ 3]) * a[ 7] + ((sp_int64)a[ 4]) * a[ 6]) * 2 + ((sp_int64)a[ 5]) * a[ 5]; - r[ 9] = t1 & 0x1fffffff; t0 += t1 >> 29; + r[ 9] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = (((sp_int64)a[ 3]) * a[ 8] + ((sp_int64)a[ 4]) * a[ 7] + ((sp_int64)a[ 5]) * a[ 6]) * 2; - r[10] = t0 & 0x1fffffff; t1 += t0 >> 29; + r[10] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = (((sp_int64)a[ 4]) * a[ 8] + ((sp_int64)a[ 5]) * a[ 7]) * 2 + ((sp_int64)a[ 6]) * a[ 6]; - r[11] = t1 & 0x1fffffff; t0 += t1 >> 29; + r[11] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = (((sp_int64)a[ 5]) * a[ 8] + ((sp_int64)a[ 6]) * a[ 7]) * 2; - r[12] = t0 & 0x1fffffff; t1 += t0 >> 29; + r[12] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = (((sp_int64)a[ 6]) * a[ 8]) * 2 + ((sp_int64)a[ 7]) * a[ 7]; - r[13] = t1 & 0x1fffffff; t0 += t1 >> 29; + r[13] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; t1 = (((sp_int64)a[ 7]) * a[ 8]) * 2; - r[14] = t0 & 0x1fffffff; t1 += t0 >> 29; + r[14] = (sp_digit)(t0 & 0x1fffffff); t1 += t0 >> 29; t0 = ((sp_int64)a[ 8]) * a[ 8]; - r[15] = t1 & 0x1fffffff; t0 += t1 >> 29; - r[16] = t0 & 0x1fffffff; + r[15] = (sp_digit)(t1 & 0x1fffffff); t0 += t1 >> 29; + r[16] = (sp_digit)(t0 & 0x1fffffff); r[17] = (sp_digit)(t0 >> 29); XMEMCPY(r, t, sizeof(t)); } @@ -20734,17 +20679,17 @@ SP_NOINLINE static void sp_256_mul_add_9(sp_digit* r, const sp_digit* a, t[1] = (tb * a[i+1]) + r[i+1]; t[2] = (tb * a[i+2]) + r[i+2]; t[3] = (tb * a[i+3]) + r[i+3]; - r[i+0] = t[0] & 0x1fffffff; + r[i+0] = (sp_digit)(t[0] & 0x1fffffff); t[1] += t[0] >> 29; - r[i+1] = t[1] & 0x1fffffff; + r[i+1] = (sp_digit)(t[1] & 0x1fffffff); t[2] += t[1] >> 29; - r[i+2] = t[2] & 0x1fffffff; + r[i+2] = (sp_digit)(t[2] & 0x1fffffff); t[3] += t[2] >> 29; - r[i+3] = t[3] & 0x1fffffff; + r[i+3] = (sp_digit)(t[3] & 0x1fffffff); t[0] = t[3] >> 29; } t[0] += (tb * a[8]) + r[8]; - r[8] = t[0] & 0x1fffffff; + r[8] = (sp_digit)(t[0] & 0x1fffffff); r[9] += (sp_digit)(t[0] >> 29); #else sp_int64 tb = b; @@ -20761,25 +20706,25 @@ SP_NOINLINE static void sp_256_mul_add_9(sp_digit* r, const sp_digit* a, t[5] = (tb * a[i+5]) + r[i+5]; t[6] = (tb * a[i+6]) + r[i+6]; t[7] = (tb * a[i+7]) + r[i+7]; - r[i+0] = t[0] & 0x1fffffff; + r[i+0] = (sp_digit)(t[0] & 0x1fffffff); t[1] += t[0] >> 29; - r[i+1] = t[1] & 0x1fffffff; + r[i+1] = (sp_digit)(t[1] & 0x1fffffff); t[2] += t[1] >> 29; - r[i+2] = t[2] & 0x1fffffff; + r[i+2] = (sp_digit)(t[2] & 0x1fffffff); t[3] += t[2] >> 29; - r[i+3] = t[3] & 0x1fffffff; + r[i+3] = (sp_digit)(t[3] & 0x1fffffff); t[4] += t[3] >> 29; - r[i+4] = t[4] & 0x1fffffff; + r[i+4] = (sp_digit)(t[4] & 0x1fffffff); t[5] += t[4] >> 29; - r[i+5] = t[5] & 0x1fffffff; + r[i+5] = (sp_digit)(t[5] & 0x1fffffff); t[6] += t[5] >> 29; - r[i+6] = t[6] & 0x1fffffff; + r[i+6] = (sp_digit)(t[6] & 0x1fffffff); t[7] += t[6] >> 29; - r[i+7] = t[7] & 0x1fffffff; + r[i+7] = (sp_digit)(t[7] & 0x1fffffff); t[0] = t[7] >> 29; } t[0] += (tb * a[8]) + r[8]; - r[8] = t[0] & 0x1fffffff; + r[8] = (sp_digit)(t[0] & 0x1fffffff); r[9] += (sp_digit)(t[0] >> 29); #endif /* WOLFSSL_SP_SMALL */ #endif /* !WOLFSSL_SP_LARGE_CODE */ @@ -20822,7 +20767,7 @@ static void sp_256_mont_shift_9(sp_digit* r, const sp_digit* a) n += ((sp_int64)a[9]) << 5; for (i = 0; i < 8; i++) { - r[i] = n & 0x1fffffff; + r[i] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[10 + i]) << 5; } @@ -20830,14 +20775,14 @@ static void sp_256_mont_shift_9(sp_digit* r, const sp_digit* a) #else sp_int64 n = a[8] >> 24; n += ((sp_int64)a[9]) << 5; - r[ 0] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[10]) << 5; - r[ 1] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[11]) << 5; - r[ 2] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[12]) << 5; - r[ 3] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[13]) << 5; - r[ 4] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[14]) << 5; - r[ 5] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[15]) << 5; - r[ 6] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[16]) << 5; - r[ 7] = n & 0x1fffffff; n >>= 29; n += ((sp_int64)a[17]) << 5; + r[ 0] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[10]) << 5; + r[ 1] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[11]) << 5; + r[ 2] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[12]) << 5; + r[ 3] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[13]) << 5; + r[ 4] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[14]) << 5; + r[ 5] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[15]) << 5; + r[ 6] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[16]) << 5; + r[ 7] = (sp_digit)(n & 0x1fffffff); n >>= 29; n += ((sp_int64)a[17]) << 5; r[8] = (sp_digit)n; #endif /* WOLFSSL_SP_SMALL */ XMEMSET(&r[9], 0, sizeof(*r) * 9U); @@ -20858,11 +20803,11 @@ static void sp_256_mont_reduce_order_9(sp_digit* a, const sp_digit* m, sp_digit sp_256_norm_9(a + 9); for (i=0; i<8; i++) { - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffff); sp_256_mul_add_9(a+i, m, mu); a[i+1] += a[i] >> 29; } - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0xffffffL; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0xffffffL); sp_256_mul_add_9(a+i, m, mu); a[i+1] += a[i] >> 29; a[i] &= 0x1fffffff; @@ -20887,32 +20832,32 @@ static void sp_256_mont_reduce_9(sp_digit* a, const sp_digit* m, sp_digit mp) (void)mp; for (i = 0; i < 8; i++) { - am = a[i] & 0x1fffffff; - a[i + 3] += (am << 9) & 0x1fffffff; + am = (sp_digit)(a[i] & 0x1fffffff); + a[i + 3] += (sp_digit)((am << 9) & 0x1fffffff); a[i + 4] += am >> 20; - a[i + 6] += (am << 18) & 0x1fffffff; - a[i + 7] += (am >> 11) - ((am << 21) & 0x1fffffff); - a[i + 8] += -(am >> 8) + ((am << 24) & 0x1fffffff); + a[i + 6] += (sp_digit)((am << 18) & 0x1fffffff); + a[i + 7] += (am >> 11) - (sp_digit)((am << 21) & 0x1fffffff); + a[i + 8] += -(am >> 8) + (sp_digit)((am << 24) & 0x1fffffff); a[i + 9] += am >> 5; a[i + 1] += a[i] >> 29; } - am = a[8] & 0xffffff; - a[8 + 3] += (am << 9) & 0x1fffffff; + am = (sp_digit)(a[8] & 0xffffff); + a[8 + 3] += (sp_digit)((am << 9) & 0x1fffffff); a[8 + 4] += am >> 20; - a[8 + 6] += (am << 18) & 0x1fffffff; - a[8 + 7] += (am >> 11) - ((am << 21) & 0x1fffffff); - a[8 + 8] += -(am >> 8) + ((am << 24) & 0x1fffffff); + a[8 + 6] += (sp_digit)((am << 18) & 0x1fffffff); + a[8 + 7] += (am >> 11) - (sp_digit)((am << 21) & 0x1fffffff); + a[8 + 8] += -(am >> 8) + (sp_digit)((am << 24) & 0x1fffffff); a[8 + 9] += am >> 5; - a[0] = (a[ 8] >> 24) + ((a[ 9] << 5) & 0x1fffffff); - a[1] = (a[ 9] >> 24) + ((a[10] << 5) & 0x1fffffff); - a[2] = (a[10] >> 24) + ((a[11] << 5) & 0x1fffffff); - a[3] = (a[11] >> 24) + ((a[12] << 5) & 0x1fffffff); - a[4] = (a[12] >> 24) + ((a[13] << 5) & 0x1fffffff); - a[5] = (a[13] >> 24) + ((a[14] << 5) & 0x1fffffff); - a[6] = (a[14] >> 24) + ((a[15] << 5) & 0x1fffffff); - a[7] = (a[15] >> 24) + ((a[16] << 5) & 0x1fffffff); + a[0] = (a[ 8] >> 24) + (sp_digit)((a[ 9] << 5) & 0x1fffffff); + a[1] = (a[ 9] >> 24) + (sp_digit)((a[10] << 5) & 0x1fffffff); + a[2] = (a[10] >> 24) + (sp_digit)((a[11] << 5) & 0x1fffffff); + a[3] = (a[11] >> 24) + (sp_digit)((a[12] << 5) & 0x1fffffff); + a[4] = (a[12] >> 24) + (sp_digit)((a[13] << 5) & 0x1fffffff); + a[5] = (a[13] >> 24) + (sp_digit)((a[14] << 5) & 0x1fffffff); + a[6] = (a[14] >> 24) + (sp_digit)((a[15] << 5) & 0x1fffffff); + a[7] = (a[15] >> 24) + (sp_digit)((a[16] << 5) & 0x1fffffff); a[8] = (a[16] >> 24) + (a[17] << 5); a[1] += a[0] >> 29; a[0] &= 0x1fffffff; @@ -20929,15 +20874,15 @@ static void sp_256_mont_reduce_9(sp_digit* a, const sp_digit* m, sp_digit mp) /* Create mask. */ am = 0 - am; - a[0] -= 0x1fffffff & am; - a[1] -= 0x1fffffff & am; - a[2] -= 0x1fffffff & am; - a[3] -= 0x000001ff & am; + a[0] -= (sp_digit)(0x1fffffff & am); + a[1] -= (sp_digit)(0x1fffffff & am); + a[2] -= (sp_digit)(0x1fffffff & am); + a[3] -= (sp_digit)(0x000001ff & am); /* p256_mod[4] is zero */ /* p256_mod[5] is zero */ - a[6] -= 0x00040000 & am; - a[7] -= 0x1fe00000 & am; - a[8] -= 0x00ffffff & am; + a[6] -= (sp_digit)(0x00040000 & am); + a[7] -= (sp_digit)(0x1fe00000 & am); + a[8] -= (sp_digit)(0x00ffffff & am); a[1] += a[0] >> 29; a[0] &= 0x1fffffff; a[2] += a[1] >> 29; a[1] &= 0x1fffffff; @@ -21099,7 +21044,7 @@ static void sp_256_map_9(sp_point_256* r, const sp_point_256* p, sp_256_mont_reduce_9(r->x, p256_mod, p256_mp_mod); /* Reduce x to less than modulus */ n = sp_256_cmp_9(r->x, p256_mod); - sp_256_cond_sub_9(r->x, r->x, p256_mod, ~(n >> 28)); + sp_256_cond_sub_9(r->x, r->x, p256_mod, (sp_digit)~(n >> 28)); sp_256_norm_9(r->x); /* y /= z^3 */ @@ -21108,7 +21053,7 @@ static void sp_256_map_9(sp_point_256* r, const sp_point_256* p, sp_256_mont_reduce_9(r->y, p256_mod, p256_mp_mod); /* Reduce y to less than modulus */ n = sp_256_cmp_9(r->y, p256_mod); - sp_256_cond_sub_9(r->y, r->y, p256_mod, ~(n >> 28)); + sp_256_cond_sub_9(r->y, r->y, p256_mod, (sp_digit)~(n >> 28)); sp_256_norm_9(r->y); XMEMSET(r->z, 0, sizeof(r->z) / 2); @@ -21242,17 +21187,17 @@ SP_NOINLINE static void sp_256_rshift1_9(sp_digit* r, const sp_digit* a) int i; for (i=0; i<8; i++) { - r[i] = (a[i] >> 1) + ((a[i + 1] << 28) & 0x1fffffff); + r[i] = (a[i] >> 1) + (sp_digit)((a[i + 1] << 28) & 0x1fffffff); } #else - r[0] = (a[0] >> 1) + ((a[1] << 28) & 0x1fffffff); - r[1] = (a[1] >> 1) + ((a[2] << 28) & 0x1fffffff); - r[2] = (a[2] >> 1) + ((a[3] << 28) & 0x1fffffff); - r[3] = (a[3] >> 1) + ((a[4] << 28) & 0x1fffffff); - r[4] = (a[4] >> 1) + ((a[5] << 28) & 0x1fffffff); - r[5] = (a[5] >> 1) + ((a[6] << 28) & 0x1fffffff); - r[6] = (a[6] >> 1) + ((a[7] << 28) & 0x1fffffff); - r[7] = (a[7] >> 1) + ((a[8] << 28) & 0x1fffffff); + r[0] = (a[0] >> 1) + (sp_digit)((a[1] << 28) & 0x1fffffff); + r[1] = (a[1] >> 1) + (sp_digit)((a[2] << 28) & 0x1fffffff); + r[2] = (a[2] >> 1) + (sp_digit)((a[3] << 28) & 0x1fffffff); + r[3] = (a[3] >> 1) + (sp_digit)((a[4] << 28) & 0x1fffffff); + r[4] = (a[4] >> 1) + (sp_digit)((a[5] << 28) & 0x1fffffff); + r[5] = (a[5] >> 1) + (sp_digit)((a[6] << 28) & 0x1fffffff); + r[6] = (a[6] >> 1) + (sp_digit)((a[7] << 28) & 0x1fffffff); + r[7] = (a[7] >> 1) + (sp_digit)((a[8] << 28) & 0x1fffffff); #endif r[8] = a[8] >> 1; } @@ -21563,8 +21508,8 @@ static void sp_256_proj_point_add_9(sp_point_256* r, sp_256_mont_sub_9(y, y, t5, p256_mod); { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -21581,7 +21526,7 @@ static void sp_256_proj_point_add_9(sp_point_256* r, (z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } } } @@ -21755,8 +21700,8 @@ static int sp_256_proj_point_add_9_nb(sp_ecc_ctx_t* sp_ctx, sp_point_256* r, { { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -21773,7 +21718,7 @@ static int sp_256_proj_point_add_9_nb(sp_ecc_ctx_t* sp_ctx, sp_point_256* r, (ctx->z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } ctx->state = 25; break; @@ -21907,8 +21852,7 @@ static int sp_256_mod_mul_norm_9(sp_digit* r, const sp_digit* a, const sp_digit* } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, NULL, DYNAMIC_TYPE_ECC); + XFREE(t, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -22483,7 +22427,7 @@ static void sp_256_ecc_recode_6_9(const sp_digit* k, ecc_recode_256* v) n = k[j]; o = 0; for (i=0; i<43; i++) { - y = (int8_t)n; + y = (uint8_t)(int8_t)n; if (o + 6 < 29) { y &= 0x3f; n >>= 6; @@ -22550,7 +22494,7 @@ static void sp_256_get_point_33_9(sp_point_256* r, const sp_point_256* table, r->z[7] = 0; r->z[8] = 0; for (i = 1; i < 33; i++) { - mask = 0 - (i == idx); + mask = (sp_digit)0 - (i == idx); r->x[0] |= mask & table[i].x[0]; r->x[1] |= mask & table[i].x[1]; r->x[2] |= mask & table[i].x[2]; @@ -22717,10 +22661,8 @@ static int sp_256_ecc_mulmod_win_add_sub_9(sp_point_256* r, const sp_point_256* } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (tmp != NULL) - XFREE(tmp, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(tmp, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -22786,8 +22728,8 @@ static void sp_256_proj_point_add_qz1_9(sp_point_256* r, sp_256_mont_sub_9(y, t3, t1, p256_mod); { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -22804,7 +22746,7 @@ static void sp_256_proj_point_add_qz1_9(sp_point_256* r, (z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } } } @@ -22915,8 +22857,7 @@ static int sp_256_gen_stripe_table_9(const sp_point_256* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -22955,7 +22896,7 @@ static void sp_256_get_entry_256_9(sp_point_256* r, r->y[7] = 0; r->y[8] = 0; for (i = 1; i < 256; i++) { - mask = 0 - (i == idx); + mask = (sp_digit)0 - (i == idx); r->x[0] |= mask & table[i].x[0]; r->x[1] |= mask & table[i].x[1]; r->x[2] |= mask & table[i].x[2]; @@ -23084,10 +23025,8 @@ static int sp_256_ecc_mulmod_stripe_9(sp_point_256* r, const sp_point_256* g, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -23305,10 +23244,8 @@ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -23385,10 +23322,8 @@ int sp_ecc_mulmod_add_256(const mp_int* km, const ecc_point* gm, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -24774,10 +24709,8 @@ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -24852,10 +24785,8 @@ int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -24919,6 +24850,7 @@ static void sp_256_from_bin(sp_digit* r, int size, const byte* a, int n) */ static int sp_256_ecc_gen_k_9(WC_RNG* rng, sp_digit* k) { +#ifndef WC_NO_RNG int err; byte buf[32]; @@ -24935,6 +24867,11 @@ static int sp_256_ecc_gen_k_9(WC_RNG* rng, sp_digit* k) while (err == 0); return err; +#else + (void)rng; + (void)k; + return NOT_COMPILED_IN; +#endif } /* Makes a random EC key pair. @@ -25013,12 +24950,9 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) { - /* point is not sensitive, so no need to zeroize */ - XFREE(point, heap, DYNAMIC_TYPE_ECC); - } + XFREE(k, heap, DYNAMIC_TYPE_ECC); + /* point is not sensitive, so no need to zeroize */ + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -25201,10 +25135,8 @@ int sp_ecc_secret_gen_256(const mp_int* priv, const ecc_point* pub, byte* out, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -25271,18 +25203,18 @@ SP_NOINLINE static void sp_256_rshift_9(sp_digit* r, const sp_digit* a, #ifdef WOLFSSL_SP_SMALL for (i=0; i<8; i++) { - r[i] = ((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff; + r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (29 - n))) & 0x1fffffff); } #else for (i=0; i<8; i += 8) { - r[i+0] = (a[i+0] >> n) | ((a[i+1] << (29 - n)) & 0x1fffffff); - r[i+1] = (a[i+1] >> n) | ((a[i+2] << (29 - n)) & 0x1fffffff); - r[i+2] = (a[i+2] >> n) | ((a[i+3] << (29 - n)) & 0x1fffffff); - r[i+3] = (a[i+3] >> n) | ((a[i+4] << (29 - n)) & 0x1fffffff); - r[i+4] = (a[i+4] >> n) | ((a[i+5] << (29 - n)) & 0x1fffffff); - r[i+5] = (a[i+5] >> n) | ((a[i+6] << (29 - n)) & 0x1fffffff); - r[i+6] = (a[i+6] >> n) | ((a[i+7] << (29 - n)) & 0x1fffffff); - r[i+7] = (a[i+7] >> n) | ((a[i+8] << (29 - n)) & 0x1fffffff); + r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (29 - n)) & 0x1fffffff); + r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (29 - n)) & 0x1fffffff); + r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (29 - n)) & 0x1fffffff); + r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (29 - n)) & 0x1fffffff); + r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (29 - n)) & 0x1fffffff); + r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (29 - n)) & 0x1fffffff); + r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (29 - n)) & 0x1fffffff); + r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (29 - n)) & 0x1fffffff); } #endif /* WOLFSSL_SP_SMALL */ r[8] = a[8] >> n; @@ -25342,7 +25274,7 @@ SP_NOINLINE static void sp_256_lshift_18(sp_digit* r, const sp_digit* a, r[18] = a[17] >> (29 - n); for (i=17; i>0; i--) { - r[i] = ((a[i] << n) | (a[i-1] >> (29 - n))) & 0x1fffffff; + r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (29 - n))) & 0x1fffffff); } #else sp_int_digit s; @@ -25351,41 +25283,41 @@ SP_NOINLINE static void sp_256_lshift_18(sp_digit* r, const sp_digit* a, s = (sp_int_digit)a[17]; r[18] = s >> (29U - n); s = (sp_int_digit)(a[17]); t = (sp_int_digit)(a[16]); - r[17] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[17] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[16]); t = (sp_int_digit)(a[15]); - r[16] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[16] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[15]); t = (sp_int_digit)(a[14]); - r[15] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[15] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[14]); t = (sp_int_digit)(a[13]); - r[14] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[14] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[13]); t = (sp_int_digit)(a[12]); - r[13] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[13] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[12]); t = (sp_int_digit)(a[11]); - r[12] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[12] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[11]); t = (sp_int_digit)(a[10]); - r[11] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[11] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[10]); t = (sp_int_digit)(a[9]); - r[10] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[10] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]); - r[9] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[9] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]); - r[8] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[8] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]); - r[7] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[7] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]); - r[6] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[6] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]); - r[5] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[5] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]); - r[4] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[4] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]); - r[3] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[3] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]); - r[2] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[2] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]); - r[1] = ((s << n) | (t >> (29U - n))) & 0x1fffffff; + r[1] = (sp_digit)(((s << n) | (t >> (29U - n))) & 0x1fffffff); #endif /* WOLFSSL_SP_SMALL */ - r[0] = (a[0] << n) & 0x1fffffff; + r[0] = (sp_digit)((a[0] << n) & 0x1fffffff); } /* Divide d in a and put remainder into r (m*d + r = a) @@ -25449,8 +25381,7 @@ static int sp_256_div_9(const sp_digit* a, const sp_digit* d, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -26175,8 +26106,7 @@ static int sp_256_mod_inv_9(sp_digit* r, const sp_digit* a, const sp_digit* m) XMEMCPY(r, d, sizeof(sp_digit) * 9); } #ifdef WOLFSSL_SP_SMALL_STACK - if (u != NULL) - XFREE(u, NULL, DYNAMIC_TYPE_ECC); + XFREE(u, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -26384,10 +26314,8 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, } #ifdef WOLFSSL_SP_SMALL_STACK - if (u1 != NULL) - XFREE(u1, heap, DYNAMIC_TYPE_ECC); - if (p1 != NULL) - XFREE(p1, heap, DYNAMIC_TYPE_ECC); + XFREE(u1, heap, DYNAMIC_TYPE_ECC); + XFREE(p1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -26594,8 +26522,7 @@ static int sp_256_ecc_is_point_9(const sp_point_256* point, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, heap, DYNAMIC_TYPE_ECC); + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -26634,8 +26561,7 @@ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY) } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, NULL, DYNAMIC_TYPE_ECC); + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -26743,10 +26669,8 @@ int sp_ecc_check_key_256(const mp_int* pX, const mp_int* pY, } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, heap, DYNAMIC_TYPE_ECC); - if (priv != NULL) - XFREE(priv, heap, DYNAMIC_TYPE_ECC); + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + XFREE(priv, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -26825,10 +26749,8 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -26893,10 +26815,8 @@ int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -26957,10 +26877,8 @@ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ) } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -27026,8 +26944,7 @@ static int sp_256_mont_sqrt_9(sp_digit* y) } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_ECC); + XFREE(t1, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -27092,8 +27009,7 @@ int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym) } #ifdef WOLFSSL_SP_SMALL_STACK - if (x != NULL) - XFREE(x, NULL, DYNAMIC_TYPE_ECC); + XFREE(x, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -27252,29 +27168,29 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a, t0 = ((sp_int64)a[ 0]) * b[ 0]; t1 = ((sp_int64)a[ 0]) * b[ 1] + ((sp_int64)a[ 1]) * b[ 0]; - t[ 0] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[ 0] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_int64)a[ 0]) * b[ 2] + ((sp_int64)a[ 1]) * b[ 1] + ((sp_int64)a[ 2]) * b[ 0]; - t[ 1] = t1 & 0x3ffffff; t0 += t1 >> 26; + t[ 1] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = ((sp_int64)a[ 0]) * b[ 3] + ((sp_int64)a[ 1]) * b[ 2] + ((sp_int64)a[ 2]) * b[ 1] + ((sp_int64)a[ 3]) * b[ 0]; - t[ 2] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[ 2] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_int64)a[ 0]) * b[ 4] + ((sp_int64)a[ 1]) * b[ 3] + ((sp_int64)a[ 2]) * b[ 2] + ((sp_int64)a[ 3]) * b[ 1] + ((sp_int64)a[ 4]) * b[ 0]; - t[ 3] = t1 & 0x3ffffff; t0 += t1 >> 26; + t[ 3] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = ((sp_int64)a[ 0]) * b[ 5] + ((sp_int64)a[ 1]) * b[ 4] + ((sp_int64)a[ 2]) * b[ 3] + ((sp_int64)a[ 3]) * b[ 2] + ((sp_int64)a[ 4]) * b[ 1] + ((sp_int64)a[ 5]) * b[ 0]; - t[ 4] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[ 4] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_int64)a[ 0]) * b[ 6] + ((sp_int64)a[ 1]) * b[ 5] + ((sp_int64)a[ 2]) * b[ 4] @@ -27282,7 +27198,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a, + ((sp_int64)a[ 4]) * b[ 2] + ((sp_int64)a[ 5]) * b[ 1] + ((sp_int64)a[ 6]) * b[ 0]; - t[ 5] = t1 & 0x3ffffff; t0 += t1 >> 26; + t[ 5] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = ((sp_int64)a[ 0]) * b[ 7] + ((sp_int64)a[ 1]) * b[ 6] + ((sp_int64)a[ 2]) * b[ 5] @@ -27291,7 +27207,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a, + ((sp_int64)a[ 5]) * b[ 2] + ((sp_int64)a[ 6]) * b[ 1] + ((sp_int64)a[ 7]) * b[ 0]; - t[ 6] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[ 6] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_int64)a[ 0]) * b[ 8] + ((sp_int64)a[ 1]) * b[ 7] + ((sp_int64)a[ 2]) * b[ 6] @@ -27301,7 +27217,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a, + ((sp_int64)a[ 6]) * b[ 2] + ((sp_int64)a[ 7]) * b[ 1] + ((sp_int64)a[ 8]) * b[ 0]; - t[ 7] = t1 & 0x3ffffff; t0 += t1 >> 26; + t[ 7] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = ((sp_int64)a[ 0]) * b[ 9] + ((sp_int64)a[ 1]) * b[ 8] + ((sp_int64)a[ 2]) * b[ 7] @@ -27312,7 +27228,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a, + ((sp_int64)a[ 7]) * b[ 2] + ((sp_int64)a[ 8]) * b[ 1] + ((sp_int64)a[ 9]) * b[ 0]; - t[ 8] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[ 8] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_int64)a[ 0]) * b[10] + ((sp_int64)a[ 1]) * b[ 9] + ((sp_int64)a[ 2]) * b[ 8] @@ -27324,7 +27240,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a, + ((sp_int64)a[ 8]) * b[ 2] + ((sp_int64)a[ 9]) * b[ 1] + ((sp_int64)a[10]) * b[ 0]; - t[ 9] = t1 & 0x3ffffff; t0 += t1 >> 26; + t[ 9] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = ((sp_int64)a[ 0]) * b[11] + ((sp_int64)a[ 1]) * b[10] + ((sp_int64)a[ 2]) * b[ 9] @@ -27337,7 +27253,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a, + ((sp_int64)a[ 9]) * b[ 2] + ((sp_int64)a[10]) * b[ 1] + ((sp_int64)a[11]) * b[ 0]; - t[10] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[10] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_int64)a[ 0]) * b[12] + ((sp_int64)a[ 1]) * b[11] + ((sp_int64)a[ 2]) * b[10] @@ -27351,7 +27267,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a, + ((sp_int64)a[10]) * b[ 2] + ((sp_int64)a[11]) * b[ 1] + ((sp_int64)a[12]) * b[ 0]; - t[11] = t1 & 0x3ffffff; t0 += t1 >> 26; + t[11] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = ((sp_int64)a[ 0]) * b[13] + ((sp_int64)a[ 1]) * b[12] + ((sp_int64)a[ 2]) * b[11] @@ -27366,7 +27282,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a, + ((sp_int64)a[11]) * b[ 2] + ((sp_int64)a[12]) * b[ 1] + ((sp_int64)a[13]) * b[ 0]; - t[12] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[12] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_int64)a[ 0]) * b[14] + ((sp_int64)a[ 1]) * b[13] + ((sp_int64)a[ 2]) * b[12] @@ -27382,7 +27298,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a, + ((sp_int64)a[12]) * b[ 2] + ((sp_int64)a[13]) * b[ 1] + ((sp_int64)a[14]) * b[ 0]; - t[13] = t1 & 0x3ffffff; t0 += t1 >> 26; + t[13] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = ((sp_int64)a[ 1]) * b[14] + ((sp_int64)a[ 2]) * b[13] + ((sp_int64)a[ 3]) * b[12] @@ -27397,7 +27313,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a, + ((sp_int64)a[12]) * b[ 3] + ((sp_int64)a[13]) * b[ 2] + ((sp_int64)a[14]) * b[ 1]; - t[14] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[14] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_int64)a[ 2]) * b[14] + ((sp_int64)a[ 3]) * b[13] + ((sp_int64)a[ 4]) * b[12] @@ -27411,7 +27327,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a, + ((sp_int64)a[12]) * b[ 4] + ((sp_int64)a[13]) * b[ 3] + ((sp_int64)a[14]) * b[ 2]; - r[15] = t1 & 0x3ffffff; t0 += t1 >> 26; + r[15] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = ((sp_int64)a[ 3]) * b[14] + ((sp_int64)a[ 4]) * b[13] + ((sp_int64)a[ 5]) * b[12] @@ -27424,7 +27340,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a, + ((sp_int64)a[12]) * b[ 5] + ((sp_int64)a[13]) * b[ 4] + ((sp_int64)a[14]) * b[ 3]; - r[16] = t0 & 0x3ffffff; t1 += t0 >> 26; + r[16] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_int64)a[ 4]) * b[14] + ((sp_int64)a[ 5]) * b[13] + ((sp_int64)a[ 6]) * b[12] @@ -27436,7 +27352,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a, + ((sp_int64)a[12]) * b[ 6] + ((sp_int64)a[13]) * b[ 5] + ((sp_int64)a[14]) * b[ 4]; - r[17] = t1 & 0x3ffffff; t0 += t1 >> 26; + r[17] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = ((sp_int64)a[ 5]) * b[14] + ((sp_int64)a[ 6]) * b[13] + ((sp_int64)a[ 7]) * b[12] @@ -27447,7 +27363,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a, + ((sp_int64)a[12]) * b[ 7] + ((sp_int64)a[13]) * b[ 6] + ((sp_int64)a[14]) * b[ 5]; - r[18] = t0 & 0x3ffffff; t1 += t0 >> 26; + r[18] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_int64)a[ 6]) * b[14] + ((sp_int64)a[ 7]) * b[13] + ((sp_int64)a[ 8]) * b[12] @@ -27457,7 +27373,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a, + ((sp_int64)a[12]) * b[ 8] + ((sp_int64)a[13]) * b[ 7] + ((sp_int64)a[14]) * b[ 6]; - r[19] = t1 & 0x3ffffff; t0 += t1 >> 26; + r[19] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = ((sp_int64)a[ 7]) * b[14] + ((sp_int64)a[ 8]) * b[13] + ((sp_int64)a[ 9]) * b[12] @@ -27466,7 +27382,7 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a, + ((sp_int64)a[12]) * b[ 9] + ((sp_int64)a[13]) * b[ 8] + ((sp_int64)a[14]) * b[ 7]; - r[20] = t0 & 0x3ffffff; t1 += t0 >> 26; + r[20] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_int64)a[ 8]) * b[14] + ((sp_int64)a[ 9]) * b[13] + ((sp_int64)a[10]) * b[12] @@ -27474,35 +27390,35 @@ SP_NOINLINE static void sp_384_mul_15(sp_digit* r, const sp_digit* a, + ((sp_int64)a[12]) * b[10] + ((sp_int64)a[13]) * b[ 9] + ((sp_int64)a[14]) * b[ 8]; - r[21] = t1 & 0x3ffffff; t0 += t1 >> 26; + r[21] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = ((sp_int64)a[ 9]) * b[14] + ((sp_int64)a[10]) * b[13] + ((sp_int64)a[11]) * b[12] + ((sp_int64)a[12]) * b[11] + ((sp_int64)a[13]) * b[10] + ((sp_int64)a[14]) * b[ 9]; - r[22] = t0 & 0x3ffffff; t1 += t0 >> 26; + r[22] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_int64)a[10]) * b[14] + ((sp_int64)a[11]) * b[13] + ((sp_int64)a[12]) * b[12] + ((sp_int64)a[13]) * b[11] + ((sp_int64)a[14]) * b[10]; - r[23] = t1 & 0x3ffffff; t0 += t1 >> 26; + r[23] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = ((sp_int64)a[11]) * b[14] + ((sp_int64)a[12]) * b[13] + ((sp_int64)a[13]) * b[12] + ((sp_int64)a[14]) * b[11]; - r[24] = t0 & 0x3ffffff; t1 += t0 >> 26; + r[24] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_int64)a[12]) * b[14] + ((sp_int64)a[13]) * b[13] + ((sp_int64)a[14]) * b[12]; - r[25] = t1 & 0x3ffffff; t0 += t1 >> 26; + r[25] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = ((sp_int64)a[13]) * b[14] + ((sp_int64)a[14]) * b[13]; - r[26] = t0 & 0x3ffffff; t1 += t0 >> 26; + r[26] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_int64)a[14]) * b[14]; - r[27] = t1 & 0x3ffffff; t0 += t1 >> 26; - r[28] = t0 & 0x3ffffff; + r[27] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; + r[28] = (sp_digit)(t0 & 0x3ffffff); r[29] = (sp_digit)(t0 >> 26); XMEMCPY(r, t, sizeof(t)); } @@ -27564,57 +27480,57 @@ SP_NOINLINE static void sp_384_sqr_15(sp_digit* r, const sp_digit* a) t0 = ((sp_int64)a[ 0]) * a[ 0]; t1 = (((sp_int64)a[ 0]) * a[ 1]) * 2; - t[ 0] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[ 0] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = (((sp_int64)a[ 0]) * a[ 2]) * 2 + ((sp_int64)a[ 1]) * a[ 1]; - t[ 1] = t1 & 0x3ffffff; t0 += t1 >> 26; + t[ 1] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = (((sp_int64)a[ 0]) * a[ 3] + ((sp_int64)a[ 1]) * a[ 2]) * 2; - t[ 2] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[ 2] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = (((sp_int64)a[ 0]) * a[ 4] + ((sp_int64)a[ 1]) * a[ 3]) * 2 + ((sp_int64)a[ 2]) * a[ 2]; - t[ 3] = t1 & 0x3ffffff; t0 += t1 >> 26; + t[ 3] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = (((sp_int64)a[ 0]) * a[ 5] + ((sp_int64)a[ 1]) * a[ 4] + ((sp_int64)a[ 2]) * a[ 3]) * 2; - t[ 4] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[ 4] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = (((sp_int64)a[ 0]) * a[ 6] + ((sp_int64)a[ 1]) * a[ 5] + ((sp_int64)a[ 2]) * a[ 4]) * 2 + ((sp_int64)a[ 3]) * a[ 3]; - t[ 5] = t1 & 0x3ffffff; t0 += t1 >> 26; + t[ 5] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = (((sp_int64)a[ 0]) * a[ 7] + ((sp_int64)a[ 1]) * a[ 6] + ((sp_int64)a[ 2]) * a[ 5] + ((sp_int64)a[ 3]) * a[ 4]) * 2; - t[ 6] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[ 6] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = (((sp_int64)a[ 0]) * a[ 8] + ((sp_int64)a[ 1]) * a[ 7] + ((sp_int64)a[ 2]) * a[ 6] + ((sp_int64)a[ 3]) * a[ 5]) * 2 + ((sp_int64)a[ 4]) * a[ 4]; - t[ 7] = t1 & 0x3ffffff; t0 += t1 >> 26; + t[ 7] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = (((sp_int64)a[ 0]) * a[ 9] + ((sp_int64)a[ 1]) * a[ 8] + ((sp_int64)a[ 2]) * a[ 7] + ((sp_int64)a[ 3]) * a[ 6] + ((sp_int64)a[ 4]) * a[ 5]) * 2; - t[ 8] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[ 8] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = (((sp_int64)a[ 0]) * a[10] + ((sp_int64)a[ 1]) * a[ 9] + ((sp_int64)a[ 2]) * a[ 8] + ((sp_int64)a[ 3]) * a[ 7] + ((sp_int64)a[ 4]) * a[ 6]) * 2 + ((sp_int64)a[ 5]) * a[ 5]; - t[ 9] = t1 & 0x3ffffff; t0 += t1 >> 26; + t[ 9] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = (((sp_int64)a[ 0]) * a[11] + ((sp_int64)a[ 1]) * a[10] + ((sp_int64)a[ 2]) * a[ 9] + ((sp_int64)a[ 3]) * a[ 8] + ((sp_int64)a[ 4]) * a[ 7] + ((sp_int64)a[ 5]) * a[ 6]) * 2; - t[10] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[10] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = (((sp_int64)a[ 0]) * a[12] + ((sp_int64)a[ 1]) * a[11] + ((sp_int64)a[ 2]) * a[10] @@ -27622,7 +27538,7 @@ SP_NOINLINE static void sp_384_sqr_15(sp_digit* r, const sp_digit* a) + ((sp_int64)a[ 4]) * a[ 8] + ((sp_int64)a[ 5]) * a[ 7]) * 2 + ((sp_int64)a[ 6]) * a[ 6]; - t[11] = t1 & 0x3ffffff; t0 += t1 >> 26; + t[11] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = (((sp_int64)a[ 0]) * a[13] + ((sp_int64)a[ 1]) * a[12] + ((sp_int64)a[ 2]) * a[11] @@ -27630,7 +27546,7 @@ SP_NOINLINE static void sp_384_sqr_15(sp_digit* r, const sp_digit* a) + ((sp_int64)a[ 4]) * a[ 9] + ((sp_int64)a[ 5]) * a[ 8] + ((sp_int64)a[ 6]) * a[ 7]) * 2; - t[12] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[12] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = (((sp_int64)a[ 0]) * a[14] + ((sp_int64)a[ 1]) * a[13] + ((sp_int64)a[ 2]) * a[12] @@ -27639,7 +27555,7 @@ SP_NOINLINE static void sp_384_sqr_15(sp_digit* r, const sp_digit* a) + ((sp_int64)a[ 5]) * a[ 9] + ((sp_int64)a[ 6]) * a[ 8]) * 2 + ((sp_int64)a[ 7]) * a[ 7]; - t[13] = t1 & 0x3ffffff; t0 += t1 >> 26; + t[13] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = (((sp_int64)a[ 1]) * a[14] + ((sp_int64)a[ 2]) * a[13] + ((sp_int64)a[ 3]) * a[12] @@ -27647,7 +27563,7 @@ SP_NOINLINE static void sp_384_sqr_15(sp_digit* r, const sp_digit* a) + ((sp_int64)a[ 5]) * a[10] + ((sp_int64)a[ 6]) * a[ 9] + ((sp_int64)a[ 7]) * a[ 8]) * 2; - t[14] = t0 & 0x3ffffff; t1 += t0 >> 26; + t[14] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = (((sp_int64)a[ 2]) * a[14] + ((sp_int64)a[ 3]) * a[13] + ((sp_int64)a[ 4]) * a[12] @@ -27655,62 +27571,62 @@ SP_NOINLINE static void sp_384_sqr_15(sp_digit* r, const sp_digit* a) + ((sp_int64)a[ 6]) * a[10] + ((sp_int64)a[ 7]) * a[ 9]) * 2 + ((sp_int64)a[ 8]) * a[ 8]; - r[15] = t1 & 0x3ffffff; t0 += t1 >> 26; + r[15] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = (((sp_int64)a[ 3]) * a[14] + ((sp_int64)a[ 4]) * a[13] + ((sp_int64)a[ 5]) * a[12] + ((sp_int64)a[ 6]) * a[11] + ((sp_int64)a[ 7]) * a[10] + ((sp_int64)a[ 8]) * a[ 9]) * 2; - r[16] = t0 & 0x3ffffff; t1 += t0 >> 26; + r[16] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = (((sp_int64)a[ 4]) * a[14] + ((sp_int64)a[ 5]) * a[13] + ((sp_int64)a[ 6]) * a[12] + ((sp_int64)a[ 7]) * a[11] + ((sp_int64)a[ 8]) * a[10]) * 2 + ((sp_int64)a[ 9]) * a[ 9]; - r[17] = t1 & 0x3ffffff; t0 += t1 >> 26; + r[17] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = (((sp_int64)a[ 5]) * a[14] + ((sp_int64)a[ 6]) * a[13] + ((sp_int64)a[ 7]) * a[12] + ((sp_int64)a[ 8]) * a[11] + ((sp_int64)a[ 9]) * a[10]) * 2; - r[18] = t0 & 0x3ffffff; t1 += t0 >> 26; + r[18] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = (((sp_int64)a[ 6]) * a[14] + ((sp_int64)a[ 7]) * a[13] + ((sp_int64)a[ 8]) * a[12] + ((sp_int64)a[ 9]) * a[11]) * 2 + ((sp_int64)a[10]) * a[10]; - r[19] = t1 & 0x3ffffff; t0 += t1 >> 26; + r[19] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = (((sp_int64)a[ 7]) * a[14] + ((sp_int64)a[ 8]) * a[13] + ((sp_int64)a[ 9]) * a[12] + ((sp_int64)a[10]) * a[11]) * 2; - r[20] = t0 & 0x3ffffff; t1 += t0 >> 26; + r[20] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = (((sp_int64)a[ 8]) * a[14] + ((sp_int64)a[ 9]) * a[13] + ((sp_int64)a[10]) * a[12]) * 2 + ((sp_int64)a[11]) * a[11]; - r[21] = t1 & 0x3ffffff; t0 += t1 >> 26; + r[21] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = (((sp_int64)a[ 9]) * a[14] + ((sp_int64)a[10]) * a[13] + ((sp_int64)a[11]) * a[12]) * 2; - r[22] = t0 & 0x3ffffff; t1 += t0 >> 26; + r[22] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = (((sp_int64)a[10]) * a[14] + ((sp_int64)a[11]) * a[13]) * 2 + ((sp_int64)a[12]) * a[12]; - r[23] = t1 & 0x3ffffff; t0 += t1 >> 26; + r[23] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = (((sp_int64)a[11]) * a[14] + ((sp_int64)a[12]) * a[13]) * 2; - r[24] = t0 & 0x3ffffff; t1 += t0 >> 26; + r[24] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = (((sp_int64)a[12]) * a[14]) * 2 + ((sp_int64)a[13]) * a[13]; - r[25] = t1 & 0x3ffffff; t0 += t1 >> 26; + r[25] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; t1 = (((sp_int64)a[13]) * a[14]) * 2; - r[26] = t0 & 0x3ffffff; t1 += t0 >> 26; + r[26] = (sp_digit)(t0 & 0x3ffffff); t1 += t0 >> 26; t0 = ((sp_int64)a[14]) * a[14]; - r[27] = t1 & 0x3ffffff; t0 += t1 >> 26; - r[28] = t0 & 0x3ffffff; + r[27] = (sp_digit)(t1 & 0x3ffffff); t0 += t1 >> 26; + r[28] = (sp_digit)(t0 & 0x3ffffff); r[29] = (sp_digit)(t0 >> 26); XMEMCPY(r, t, sizeof(t)); } @@ -28101,23 +28017,23 @@ SP_NOINLINE static void sp_384_mul_add_15(sp_digit* r, const sp_digit* a, t[1] = (tb * a[i+1]) + r[i+1]; t[2] = (tb * a[i+2]) + r[i+2]; t[3] = (tb * a[i+3]) + r[i+3]; - r[i+0] = t[0] & 0x3ffffff; + r[i+0] = (sp_digit)(t[0] & 0x3ffffff); t[1] += t[0] >> 26; - r[i+1] = t[1] & 0x3ffffff; + r[i+1] = (sp_digit)(t[1] & 0x3ffffff); t[2] += t[1] >> 26; - r[i+2] = t[2] & 0x3ffffff; + r[i+2] = (sp_digit)(t[2] & 0x3ffffff); t[3] += t[2] >> 26; - r[i+3] = t[3] & 0x3ffffff; + r[i+3] = (sp_digit)(t[3] & 0x3ffffff); t[0] = t[3] >> 26; } t[0] += (tb * a[12]) + r[12]; t[1] = (tb * a[13]) + r[13]; t[2] = (tb * a[14]) + r[14]; - r[12] = t[0] & 0x3ffffff; + r[12] = (sp_digit)(t[0] & 0x3ffffff); t[1] += t[0] >> 26; - r[13] = t[1] & 0x3ffffff; + r[13] = (sp_digit)(t[1] & 0x3ffffff); t[2] += t[1] >> 26; - r[14] = t[2] & 0x3ffffff; + r[14] = (sp_digit)(t[2] & 0x3ffffff); r[15] += (sp_digit)(t[2] >> 26); #else sp_int64 tb = b; @@ -28200,7 +28116,7 @@ static void sp_384_mont_shift_15(sp_digit* r, const sp_digit* a) n += ((sp_int64)a[15]) << 6; for (i = 0; i < 14; i++) { - r[i] = n & 0x3ffffff; + r[i] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[16 + i]) << 6; } @@ -28208,20 +28124,20 @@ static void sp_384_mont_shift_15(sp_digit* r, const sp_digit* a) #else sp_int64 n = a[14] >> 20; n += ((sp_int64)a[15]) << 6; - r[ 0] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[16]) << 6; - r[ 1] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[17]) << 6; - r[ 2] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[18]) << 6; - r[ 3] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[19]) << 6; - r[ 4] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[20]) << 6; - r[ 5] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[21]) << 6; - r[ 6] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[22]) << 6; - r[ 7] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[23]) << 6; - r[ 8] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[24]) << 6; - r[ 9] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[25]) << 6; - r[10] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[26]) << 6; - r[11] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[27]) << 6; - r[12] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[28]) << 6; - r[13] = n & 0x3ffffff; n >>= 26; n += ((sp_int64)a[29]) << 6; + r[ 0] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[16]) << 6; + r[ 1] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[17]) << 6; + r[ 2] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[18]) << 6; + r[ 3] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[19]) << 6; + r[ 4] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[20]) << 6; + r[ 5] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[21]) << 6; + r[ 6] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[22]) << 6; + r[ 7] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[23]) << 6; + r[ 8] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[24]) << 6; + r[ 9] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[25]) << 6; + r[10] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[26]) << 6; + r[11] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[27]) << 6; + r[12] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[28]) << 6; + r[13] = (sp_digit)(n & 0x3ffffff); n >>= 26; n += ((sp_int64)a[29]) << 6; r[14] = (sp_digit)n; #endif /* WOLFSSL_SP_SMALL */ XMEMSET(&r[15], 0, sizeof(*r) * 15U); @@ -28242,11 +28158,11 @@ static void sp_384_mont_reduce_order_15(sp_digit* a, const sp_digit* m, sp_digit sp_384_norm_15(a + 15); for (i=0; i<14; i++) { - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffff; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x3ffffff); sp_384_mul_add_15(a+i, m, mu); a[i+1] += a[i] >> 26; } - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffL; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0xfffffL); sp_384_mul_add_15(a+i, m, mu); a[i+1] += a[i] >> 26; a[i] &= 0x3ffffff; @@ -28271,42 +28187,42 @@ static void sp_384_mont_reduce_15(sp_digit* a, const sp_digit* m, sp_digit mp) (void)mp; for (i = 0; i < 14; i++) { - am = (a[i] * 0x1) & 0x3ffffff; - a[i + 1] += (am << 6) & 0x3ffffff; + am = (sp_digit)((a[i] * 0x1) & 0x3ffffff); + a[i + 1] += (sp_digit)((am << 6) & 0x3ffffff); a[i + 2] += am >> 20; - a[i + 3] -= (am << 18) & 0x3ffffff; + a[i + 3] -= (sp_digit)((am << 18) & 0x3ffffff); a[i + 4] -= am >> 8; - a[i + 4] -= (am << 24) & 0x3ffffff; + a[i + 4] -= (sp_digit)((am << 24) & 0x3ffffff); a[i + 5] -= am >> 2; - a[i + 14] += (am << 20) & 0x3ffffff; + a[i + 14] += (sp_digit)((am << 20) & 0x3ffffff); a[i + 15] += am >> 6; a[i + 1] += a[i] >> 26; } - am = (a[14] * 0x1) & 0xfffff; - a[14 + 1] += (am << 6) & 0x3ffffff; + am = (sp_digit)((a[14] * 0x1) & 0xfffff); + a[14 + 1] += (sp_digit)((am << 6) & 0x3ffffff); a[14 + 2] += am >> 20; - a[14 + 3] -= (am << 18) & 0x3ffffff; + a[14 + 3] -= (sp_digit)((am << 18) & 0x3ffffff); a[14 + 4] -= am >> 8; - a[14 + 4] -= (am << 24) & 0x3ffffff; + a[14 + 4] -= (sp_digit)((am << 24) & 0x3ffffff); a[14 + 5] -= am >> 2; - a[14 + 14] += (am << 20) & 0x3ffffff; + a[14 + 14] += (sp_digit)((am << 20) & 0x3ffffff); a[14 + 15] += am >> 6; - a[0] = (a[14] >> 20) + ((a[15] << 6) & 0x3ffffff); - a[1] = (a[15] >> 20) + ((a[16] << 6) & 0x3ffffff); - a[2] = (a[16] >> 20) + ((a[17] << 6) & 0x3ffffff); - a[3] = (a[17] >> 20) + ((a[18] << 6) & 0x3ffffff); - a[4] = (a[18] >> 20) + ((a[19] << 6) & 0x3ffffff); - a[5] = (a[19] >> 20) + ((a[20] << 6) & 0x3ffffff); - a[6] = (a[20] >> 20) + ((a[21] << 6) & 0x3ffffff); - a[7] = (a[21] >> 20) + ((a[22] << 6) & 0x3ffffff); - a[8] = (a[22] >> 20) + ((a[23] << 6) & 0x3ffffff); - a[9] = (a[23] >> 20) + ((a[24] << 6) & 0x3ffffff); - a[10] = (a[24] >> 20) + ((a[25] << 6) & 0x3ffffff); - a[11] = (a[25] >> 20) + ((a[26] << 6) & 0x3ffffff); - a[12] = (a[26] >> 20) + ((a[27] << 6) & 0x3ffffff); - a[13] = (a[27] >> 20) + ((a[28] << 6) & 0x3ffffff); + a[0] = (a[14] >> 20) + (sp_digit)((a[15] << 6) & 0x3ffffff); + a[1] = (a[15] >> 20) + (sp_digit)((a[16] << 6) & 0x3ffffff); + a[2] = (a[16] >> 20) + (sp_digit)((a[17] << 6) & 0x3ffffff); + a[3] = (a[17] >> 20) + (sp_digit)((a[18] << 6) & 0x3ffffff); + a[4] = (a[18] >> 20) + (sp_digit)((a[19] << 6) & 0x3ffffff); + a[5] = (a[19] >> 20) + (sp_digit)((a[20] << 6) & 0x3ffffff); + a[6] = (a[20] >> 20) + (sp_digit)((a[21] << 6) & 0x3ffffff); + a[7] = (a[21] >> 20) + (sp_digit)((a[22] << 6) & 0x3ffffff); + a[8] = (a[22] >> 20) + (sp_digit)((a[23] << 6) & 0x3ffffff); + a[9] = (a[23] >> 20) + (sp_digit)((a[24] << 6) & 0x3ffffff); + a[10] = (a[24] >> 20) + (sp_digit)((a[25] << 6) & 0x3ffffff); + a[11] = (a[25] >> 20) + (sp_digit)((a[26] << 6) & 0x3ffffff); + a[12] = (a[26] >> 20) + (sp_digit)((a[27] << 6) & 0x3ffffff); + a[13] = (a[27] >> 20) + (sp_digit)((a[28] << 6) & 0x3ffffff); a[14] = (a[14 + 14] >> 20) + (a[29] << 6); a[1] += a[0] >> 26; a[0] &= 0x3ffffff; @@ -28329,21 +28245,21 @@ static void sp_384_mont_reduce_15(sp_digit* a, const sp_digit* m, sp_digit mp) /* Create mask. */ am = 0 - am; - a[0] -= 0x03ffffff & am; - a[1] -= 0x0000003f & am; + a[0] -= (sp_digit)(0x03ffffff & am); + a[1] -= (sp_digit)(0x0000003f & am); /* p384_mod[2] is zero */ - a[3] -= 0x03fc0000 & am; - a[4] -= 0x02ffffff & am; - a[5] -= 0x03ffffff & am; - a[6] -= 0x03ffffff & am; - a[7] -= 0x03ffffff & am; - a[8] -= 0x03ffffff & am; - a[9] -= 0x03ffffff & am; - a[10] -= 0x03ffffff & am; - a[11] -= 0x03ffffff & am; - a[12] -= 0x03ffffff & am; - a[13] -= 0x03ffffff & am; - a[14] -= 0x000fffff & am; + a[3] -= (sp_digit)(0x03fc0000 & am); + a[4] -= (sp_digit)(0x02ffffff & am); + a[5] -= (sp_digit)(0x03ffffff & am); + a[6] -= (sp_digit)(0x03ffffff & am); + a[7] -= (sp_digit)(0x03ffffff & am); + a[8] -= (sp_digit)(0x03ffffff & am); + a[9] -= (sp_digit)(0x03ffffff & am); + a[10] -= (sp_digit)(0x03ffffff & am); + a[11] -= (sp_digit)(0x03ffffff & am); + a[12] -= (sp_digit)(0x03ffffff & am); + a[13] -= (sp_digit)(0x03ffffff & am); + a[14] -= (sp_digit)(0x000fffff & am); a[1] += a[0] >> 26; a[0] &= 0x3ffffff; a[2] += a[1] >> 26; a[1] &= 0x3ffffff; @@ -28527,7 +28443,7 @@ static void sp_384_map_15(sp_point_384* r, const sp_point_384* p, sp_384_mont_reduce_15(r->x, p384_mod, p384_mp_mod); /* Reduce x to less than modulus */ n = sp_384_cmp_15(r->x, p384_mod); - sp_384_cond_sub_15(r->x, r->x, p384_mod, ~(n >> 25)); + sp_384_cond_sub_15(r->x, r->x, p384_mod, (sp_digit)~(n >> 25)); sp_384_norm_15(r->x); /* y /= z^3 */ @@ -28536,7 +28452,7 @@ static void sp_384_map_15(sp_point_384* r, const sp_point_384* p, sp_384_mont_reduce_15(r->y, p384_mod, p384_mp_mod); /* Reduce y to less than modulus */ n = sp_384_cmp_15(r->y, p384_mod); - sp_384_cond_sub_15(r->y, r->y, p384_mod, ~(n >> 25)); + sp_384_cond_sub_15(r->y, r->y, p384_mod, (sp_digit)~(n >> 25)); sp_384_norm_15(r->y); XMEMSET(r->z, 0, sizeof(r->z) / 2); @@ -28676,23 +28592,23 @@ SP_NOINLINE static void sp_384_rshift1_15(sp_digit* r, const sp_digit* a) int i; for (i=0; i<14; i++) { - r[i] = (a[i] >> 1) + ((a[i + 1] << 25) & 0x3ffffff); - } -#else - r[0] = (a[0] >> 1) + ((a[1] << 25) & 0x3ffffff); - r[1] = (a[1] >> 1) + ((a[2] << 25) & 0x3ffffff); - r[2] = (a[2] >> 1) + ((a[3] << 25) & 0x3ffffff); - r[3] = (a[3] >> 1) + ((a[4] << 25) & 0x3ffffff); - r[4] = (a[4] >> 1) + ((a[5] << 25) & 0x3ffffff); - r[5] = (a[5] >> 1) + ((a[6] << 25) & 0x3ffffff); - r[6] = (a[6] >> 1) + ((a[7] << 25) & 0x3ffffff); - r[7] = (a[7] >> 1) + ((a[8] << 25) & 0x3ffffff); - r[8] = (a[8] >> 1) + ((a[9] << 25) & 0x3ffffff); - r[9] = (a[9] >> 1) + ((a[10] << 25) & 0x3ffffff); - r[10] = (a[10] >> 1) + ((a[11] << 25) & 0x3ffffff); - r[11] = (a[11] >> 1) + ((a[12] << 25) & 0x3ffffff); - r[12] = (a[12] >> 1) + ((a[13] << 25) & 0x3ffffff); - r[13] = (a[13] >> 1) + ((a[14] << 25) & 0x3ffffff); + r[i] = (a[i] >> 1) + (sp_digit)((a[i + 1] << 25) & 0x3ffffff); + } +#else + r[0] = (a[0] >> 1) + (sp_digit)((a[1] << 25) & 0x3ffffff); + r[1] = (a[1] >> 1) + (sp_digit)((a[2] << 25) & 0x3ffffff); + r[2] = (a[2] >> 1) + (sp_digit)((a[3] << 25) & 0x3ffffff); + r[3] = (a[3] >> 1) + (sp_digit)((a[4] << 25) & 0x3ffffff); + r[4] = (a[4] >> 1) + (sp_digit)((a[5] << 25) & 0x3ffffff); + r[5] = (a[5] >> 1) + (sp_digit)((a[6] << 25) & 0x3ffffff); + r[6] = (a[6] >> 1) + (sp_digit)((a[7] << 25) & 0x3ffffff); + r[7] = (a[7] >> 1) + (sp_digit)((a[8] << 25) & 0x3ffffff); + r[8] = (a[8] >> 1) + (sp_digit)((a[9] << 25) & 0x3ffffff); + r[9] = (a[9] >> 1) + (sp_digit)((a[10] << 25) & 0x3ffffff); + r[10] = (a[10] >> 1) + (sp_digit)((a[11] << 25) & 0x3ffffff); + r[11] = (a[11] >> 1) + (sp_digit)((a[12] << 25) & 0x3ffffff); + r[12] = (a[12] >> 1) + (sp_digit)((a[13] << 25) & 0x3ffffff); + r[13] = (a[13] >> 1) + (sp_digit)((a[14] << 25) & 0x3ffffff); #endif r[14] = a[14] >> 1; } @@ -29005,8 +28921,8 @@ static void sp_384_proj_point_add_15(sp_point_384* r, sp_384_mont_sub_15(y, y, t5, p384_mod); { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -29023,7 +28939,7 @@ static void sp_384_proj_point_add_15(sp_point_384* r, (z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } } } @@ -29197,8 +29113,8 @@ static int sp_384_proj_point_add_15_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r, { { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -29215,7 +29131,7 @@ static int sp_384_proj_point_add_15_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r, (ctx->z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } ctx->state = 25; break; @@ -29393,8 +29309,7 @@ static int sp_384_mod_mul_norm_15(sp_digit* r, const sp_digit* a, const sp_digit } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, NULL, DYNAMIC_TYPE_ECC); + XFREE(t, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -29981,7 +29896,7 @@ static void sp_384_ecc_recode_6_15(const sp_digit* k, ecc_recode_384* v) n = k[j]; o = 0; for (i=0; i<65; i++) { - y = (int8_t)n; + y = (uint8_t)(int8_t)n; if (o + 6 < 26) { y &= 0x3f; n >>= 6; @@ -30066,7 +29981,7 @@ static void sp_384_get_point_33_15(sp_point_384* r, const sp_point_384* table, r->z[13] = 0; r->z[14] = 0; for (i = 1; i < 33; i++) { - mask = 0 - (i == idx); + mask = (sp_digit)0 - (i == idx); r->x[0] |= mask & table[i].x[0]; r->x[1] |= mask & table[i].x[1]; r->x[2] |= mask & table[i].x[2]; @@ -30251,10 +30166,8 @@ static int sp_384_ecc_mulmod_win_add_sub_15(sp_point_384* r, const sp_point_384* } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (tmp != NULL) - XFREE(tmp, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(tmp, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -30320,8 +30233,8 @@ static void sp_384_proj_point_add_qz1_15(sp_point_384* r, sp_384_mont_sub_15(y, t3, t1, p384_mod); { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -30338,7 +30251,7 @@ static void sp_384_proj_point_add_qz1_15(sp_point_384* r, (z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } } } @@ -30449,8 +30362,7 @@ static int sp_384_gen_stripe_table_15(const sp_point_384* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -30501,7 +30413,7 @@ static void sp_384_get_entry_256_15(sp_point_384* r, r->y[13] = 0; r->y[14] = 0; for (i = 1; i < 256; i++) { - mask = 0 - (i == idx); + mask = (sp_digit)0 - (i == idx); r->x[0] |= mask & table[i].x[0]; r->x[1] |= mask & table[i].x[1]; r->x[2] |= mask & table[i].x[2]; @@ -30642,10 +30554,8 @@ static int sp_384_ecc_mulmod_stripe_15(sp_point_384* r, const sp_point_384* g, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -30863,10 +30773,8 @@ int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -30943,10 +30851,8 @@ int sp_ecc_mulmod_add_384(const mp_int* km, const ecc_point* gm, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -32844,10 +32750,8 @@ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -32922,10 +32826,8 @@ int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -32989,6 +32891,7 @@ static void sp_384_from_bin(sp_digit* r, int size, const byte* a, int n) */ static int sp_384_ecc_gen_k_15(WC_RNG* rng, sp_digit* k) { +#ifndef WC_NO_RNG int err; byte buf[48]; @@ -33005,6 +32908,11 @@ static int sp_384_ecc_gen_k_15(WC_RNG* rng, sp_digit* k) while (err == 0); return err; +#else + (void)rng; + (void)k; + return NOT_COMPILED_IN; +#endif } /* Makes a random EC key pair. @@ -33083,12 +32991,9 @@ int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) { - /* point is not sensitive, so no need to zeroize */ - XFREE(point, heap, DYNAMIC_TYPE_ECC); - } + XFREE(k, heap, DYNAMIC_TYPE_ECC); + /* point is not sensitive, so no need to zeroize */ + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -33271,10 +33176,8 @@ int sp_ecc_secret_gen_384(const mp_int* priv, const ecc_point* pub, byte* out, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -33341,25 +33244,25 @@ SP_NOINLINE static void sp_384_rshift_15(sp_digit* r, const sp_digit* a, #ifdef WOLFSSL_SP_SMALL for (i=0; i<14; i++) { - r[i] = ((a[i] >> n) | (a[i + 1] << (26 - n))) & 0x3ffffff; + r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (26 - n))) & 0x3ffffff); } #else for (i=0; i<8; i += 8) { - r[i+0] = (a[i+0] >> n) | ((a[i+1] << (26 - n)) & 0x3ffffff); - r[i+1] = (a[i+1] >> n) | ((a[i+2] << (26 - n)) & 0x3ffffff); - r[i+2] = (a[i+2] >> n) | ((a[i+3] << (26 - n)) & 0x3ffffff); - r[i+3] = (a[i+3] >> n) | ((a[i+4] << (26 - n)) & 0x3ffffff); - r[i+4] = (a[i+4] >> n) | ((a[i+5] << (26 - n)) & 0x3ffffff); - r[i+5] = (a[i+5] >> n) | ((a[i+6] << (26 - n)) & 0x3ffffff); - r[i+6] = (a[i+6] >> n) | ((a[i+7] << (26 - n)) & 0x3ffffff); - r[i+7] = (a[i+7] >> n) | ((a[i+8] << (26 - n)) & 0x3ffffff); - } - r[8] = (a[8] >> n) | ((a[9] << (26 - n)) & 0x3ffffff); - r[9] = (a[9] >> n) | ((a[10] << (26 - n)) & 0x3ffffff); - r[10] = (a[10] >> n) | ((a[11] << (26 - n)) & 0x3ffffff); - r[11] = (a[11] >> n) | ((a[12] << (26 - n)) & 0x3ffffff); - r[12] = (a[12] >> n) | ((a[13] << (26 - n)) & 0x3ffffff); - r[13] = (a[13] >> n) | ((a[14] << (26 - n)) & 0x3ffffff); + r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (26 - n)) & 0x3ffffff); + r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (26 - n)) & 0x3ffffff); + r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (26 - n)) & 0x3ffffff); + r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (26 - n)) & 0x3ffffff); + r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (26 - n)) & 0x3ffffff); + r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (26 - n)) & 0x3ffffff); + r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (26 - n)) & 0x3ffffff); + r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (26 - n)) & 0x3ffffff); + } + r[8] = (a[8] >> n) | (sp_digit)((a[9] << (26 - n)) & 0x3ffffff); + r[9] = (a[9] >> n) | (sp_digit)((a[10] << (26 - n)) & 0x3ffffff); + r[10] = (a[10] >> n) | (sp_digit)((a[11] << (26 - n)) & 0x3ffffff); + r[11] = (a[11] >> n) | (sp_digit)((a[12] << (26 - n)) & 0x3ffffff); + r[12] = (a[12] >> n) | (sp_digit)((a[13] << (26 - n)) & 0x3ffffff); + r[13] = (a[13] >> n) | (sp_digit)((a[14] << (26 - n)) & 0x3ffffff); #endif /* WOLFSSL_SP_SMALL */ r[14] = a[14] >> n; } @@ -33430,7 +33333,7 @@ SP_NOINLINE static void sp_384_lshift_30(sp_digit* r, const sp_digit* a, r[30] = a[29] >> (26 - n); for (i=29; i>0; i--) { - r[i] = ((a[i] << n) | (a[i-1] >> (26 - n))) & 0x3ffffff; + r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (26 - n))) & 0x3ffffff); } #else sp_int_digit s; @@ -33439,65 +33342,65 @@ SP_NOINLINE static void sp_384_lshift_30(sp_digit* r, const sp_digit* a, s = (sp_int_digit)a[29]; r[30] = s >> (26U - n); s = (sp_int_digit)(a[29]); t = (sp_int_digit)(a[28]); - r[29] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[29] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[28]); t = (sp_int_digit)(a[27]); - r[28] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[28] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[27]); t = (sp_int_digit)(a[26]); - r[27] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[27] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[26]); t = (sp_int_digit)(a[25]); - r[26] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[26] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[25]); t = (sp_int_digit)(a[24]); - r[25] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[25] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[24]); t = (sp_int_digit)(a[23]); - r[24] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[24] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[23]); t = (sp_int_digit)(a[22]); - r[23] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[23] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[22]); t = (sp_int_digit)(a[21]); - r[22] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[22] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[21]); t = (sp_int_digit)(a[20]); - r[21] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[21] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[20]); t = (sp_int_digit)(a[19]); - r[20] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[20] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[19]); t = (sp_int_digit)(a[18]); - r[19] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[19] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[18]); t = (sp_int_digit)(a[17]); - r[18] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[18] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[17]); t = (sp_int_digit)(a[16]); - r[17] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[17] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[16]); t = (sp_int_digit)(a[15]); - r[16] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[16] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[15]); t = (sp_int_digit)(a[14]); - r[15] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[15] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[14]); t = (sp_int_digit)(a[13]); - r[14] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[14] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[13]); t = (sp_int_digit)(a[12]); - r[13] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[13] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[12]); t = (sp_int_digit)(a[11]); - r[12] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[12] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[11]); t = (sp_int_digit)(a[10]); - r[11] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[11] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[10]); t = (sp_int_digit)(a[9]); - r[10] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[10] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]); - r[9] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[9] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]); - r[8] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[8] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]); - r[7] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[7] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]); - r[6] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[6] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]); - r[5] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[5] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]); - r[4] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[4] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]); - r[3] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[3] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]); - r[2] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[2] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]); - r[1] = ((s << n) | (t >> (26U - n))) & 0x3ffffff; + r[1] = (sp_digit)(((s << n) | (t >> (26U - n))) & 0x3ffffff); #endif /* WOLFSSL_SP_SMALL */ - r[0] = (a[0] << n) & 0x3ffffff; + r[0] = (sp_digit)((a[0] << n) & 0x3ffffff); } /* Divide d in a and put remainder into r (m*d + r = a) @@ -33561,8 +33464,7 @@ static int sp_384_div_15(const sp_digit* a, const sp_digit* d, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -34254,8 +34156,7 @@ static int sp_384_mod_inv_15(sp_digit* r, const sp_digit* a, const sp_digit* m) XMEMCPY(r, d, sizeof(sp_digit) * 15); } #ifdef WOLFSSL_SP_SMALL_STACK - if (u != NULL) - XFREE(u, NULL, DYNAMIC_TYPE_ECC); + XFREE(u, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -34469,10 +34370,8 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, } #ifdef WOLFSSL_SP_SMALL_STACK - if (u1 != NULL) - XFREE(u1, heap, DYNAMIC_TYPE_ECC); - if (p1 != NULL) - XFREE(p1, heap, DYNAMIC_TYPE_ECC); + XFREE(u1, heap, DYNAMIC_TYPE_ECC); + XFREE(p1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -34679,8 +34578,7 @@ static int sp_384_ecc_is_point_15(const sp_point_384* point, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, heap, DYNAMIC_TYPE_ECC); + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -34719,8 +34617,7 @@ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY) } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, NULL, DYNAMIC_TYPE_ECC); + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -34828,10 +34725,8 @@ int sp_ecc_check_key_384(const mp_int* pX, const mp_int* pY, } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, heap, DYNAMIC_TYPE_ECC); - if (priv != NULL) - XFREE(priv, heap, DYNAMIC_TYPE_ECC); + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + XFREE(priv, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -34910,10 +34805,8 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -34978,10 +34871,8 @@ int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -35042,10 +34933,8 @@ int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ) } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -35141,8 +35030,7 @@ static int sp_384_mont_sqrt_15(sp_digit* y) } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_ECC); + XFREE(t1, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -35207,8 +35095,7 @@ int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym) } #ifdef WOLFSSL_SP_SMALL_STACK - if (x != NULL) - XFREE(x, NULL, DYNAMIC_TYPE_ECC); + XFREE(x, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -35377,7 +35264,7 @@ SP_NOINLINE static void sp_521_mul_21(sp_digit* r, const sp_digit* a, } } for (i=0; i<41; i++) { - r[i] = t[i] & 0x1ffffff; + r[i] = (sp_digit)(t[i] & 0x1ffffff); t[i+1] += t[i] >> 25; } r[41] = (sp_digit)t[41]; @@ -35446,7 +35333,7 @@ SP_NOINLINE static void sp_521_sqr_21(sp_digit* r, const sp_digit* a) t[i+i] += ((sp_int64)a[i]) * a[i]; } for (i=0; i<41; i++) { - r[i] = t[i] & 0x1ffffff; + r[i] = (sp_digit)(t[i] & 0x1ffffff); t[i+1] += t[i] >> 25; } r[41] = (sp_digit)t[41]; @@ -35794,10 +35681,10 @@ static void sp_521_mont_reduce_21(sp_digit* a, const sp_digit* m, sp_digit mp) (void)mp; for (i = 0; i < 20; i++) { - a[i] += ((a[20 + i] >> 21) + (a[20 + i + 1] << 4)) & 0x1ffffff; + a[i] += (sp_digit)(((a[20 + i] >> 21) + (a[20 + i + 1] << 4)) & 0x1ffffff); } a[20] &= 0x1fffff; - a[20] += ((a[40] >> 21) + (a[41] << 4)) & 0x1ffffff; + a[20] += (sp_digit)(((a[40] >> 21) + (a[41] << 4)) & 0x1ffffff); sp_521_norm_21(a); @@ -35902,17 +35789,17 @@ SP_NOINLINE static void sp_521_mul_add_21(sp_digit* r, const sp_digit* a, t[1] = (tb * a[i+1]) + r[i+1]; t[2] = (tb * a[i+2]) + r[i+2]; t[3] = (tb * a[i+3]) + r[i+3]; - r[i+0] = t[0] & 0x1ffffff; + r[i+0] = (sp_digit)(t[0] & 0x1ffffff); t[1] += t[0] >> 25; - r[i+1] = t[1] & 0x1ffffff; + r[i+1] = (sp_digit)(t[1] & 0x1ffffff); t[2] += t[1] >> 25; - r[i+2] = t[2] & 0x1ffffff; + r[i+2] = (sp_digit)(t[2] & 0x1ffffff); t[3] += t[2] >> 25; - r[i+3] = t[3] & 0x1ffffff; + r[i+3] = (sp_digit)(t[3] & 0x1ffffff); t[0] = t[3] >> 25; } t[0] += (tb * a[20]) + r[20]; - r[20] = t[0] & 0x1ffffff; + r[20] = (sp_digit)(t[0] & 0x1ffffff); r[21] += (sp_digit)(t[0] >> 25); #else sp_int64 tb = b; @@ -35965,8 +35852,8 @@ static void sp_521_mont_shift_21(sp_digit* r, const sp_digit* a) s = a[21]; n = a[20] >> 21; for (i = 0; i < 20; i++) { - n += (s & 0x1ffffff) << 4; - r[i] = n & 0x1ffffff; + n += (sp_digit)((s & 0x1ffffff) << 4); + r[i] = (sp_digit)(n & 0x1ffffff); n >>= 25; s = a[22 + i] + (s >> 25); } @@ -35979,30 +35866,30 @@ static void sp_521_mont_shift_21(sp_digit* r, const sp_digit* a) s = a[21]; n = a[20] >> 21; for (i = 0; i < 16; i += 8) { - n += (s & 0x1ffffff) << 4; r[i+0] = n & 0x1ffffff; + n += (sp_digit)((s & 0x1ffffff) << 4); r[i+0] = (sp_digit)(n & 0x1ffffff); n >>= 25; s = a[i+22] + (s >> 25); - n += (s & 0x1ffffff) << 4; r[i+1] = n & 0x1ffffff; + n += (sp_digit)((s & 0x1ffffff) << 4); r[i+1] = (sp_digit)(n & 0x1ffffff); n >>= 25; s = a[i+23] + (s >> 25); - n += (s & 0x1ffffff) << 4; r[i+2] = n & 0x1ffffff; + n += (sp_digit)((s & 0x1ffffff) << 4); r[i+2] = (sp_digit)(n & 0x1ffffff); n >>= 25; s = a[i+24] + (s >> 25); - n += (s & 0x1ffffff) << 4; r[i+3] = n & 0x1ffffff; + n += (sp_digit)((s & 0x1ffffff) << 4); r[i+3] = (sp_digit)(n & 0x1ffffff); n >>= 25; s = a[i+25] + (s >> 25); - n += (s & 0x1ffffff) << 4; r[i+4] = n & 0x1ffffff; + n += (sp_digit)((s & 0x1ffffff) << 4); r[i+4] = (sp_digit)(n & 0x1ffffff); n >>= 25; s = a[i+26] + (s >> 25); - n += (s & 0x1ffffff) << 4; r[i+5] = n & 0x1ffffff; + n += (sp_digit)((s & 0x1ffffff) << 4); r[i+5] = (sp_digit)(n & 0x1ffffff); n >>= 25; s = a[i+27] + (s >> 25); - n += (s & 0x1ffffff) << 4; r[i+6] = n & 0x1ffffff; + n += (sp_digit)((s & 0x1ffffff) << 4); r[i+6] = (sp_digit)(n & 0x1ffffff); n >>= 25; s = a[i+28] + (s >> 25); - n += (s & 0x1ffffff) << 4; r[i+7] = n & 0x1ffffff; + n += (sp_digit)((s & 0x1ffffff) << 4); r[i+7] = (sp_digit)(n & 0x1ffffff); n >>= 25; s = a[i+29] + (s >> 25); } - n += (s & 0x1ffffff) << 4; r[16] = n & 0x1ffffff; + n += (sp_digit)((s & 0x1ffffff) << 4); r[16] = (sp_digit)(n & 0x1ffffff); n >>= 25; s = a[38] + (s >> 25); - n += (s & 0x1ffffff) << 4; r[17] = n & 0x1ffffff; + n += (sp_digit)((s & 0x1ffffff) << 4); r[17] = (sp_digit)(n & 0x1ffffff); n >>= 25; s = a[39] + (s >> 25); - n += (s & 0x1ffffff) << 4; r[18] = n & 0x1ffffff; + n += (sp_digit)((s & 0x1ffffff) << 4); r[18] = (sp_digit)(n & 0x1ffffff); n >>= 25; s = a[40] + (s >> 25); - n += (s & 0x1ffffff) << 4; r[19] = n & 0x1ffffff; + n += (sp_digit)((s & 0x1ffffff) << 4); r[19] = (sp_digit)(n & 0x1ffffff); n >>= 25; s = a[41] + (s >> 25); n += s << 4; r[20] = n; #endif /* WOLFSSL_SP_SMALL */ @@ -36024,11 +35911,11 @@ static void sp_521_mont_reduce_order_21(sp_digit* a, const sp_digit* m, sp_digit sp_521_norm_21(a + 21); for (i=0; i<20; i++) { - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1ffffff; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1ffffff); sp_521_mul_add_21(a+i, m, mu); a[i+1] += a[i] >> 25; } - mu = ((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffL; + mu = (sp_digit)(((sp_uint32)a[i] * (sp_uint32)mp) & 0x1fffffL); sp_521_mul_add_21(a+i, m, mu); a[i+1] += a[i] >> 25; a[i] &= 0x1ffffff; @@ -36201,7 +36088,7 @@ static void sp_521_map_21(sp_point_521* r, const sp_point_521* p, sp_521_mont_reduce_21(r->x, p521_mod, p521_mp_mod); /* Reduce x to less than modulus */ n = sp_521_cmp_21(r->x, p521_mod); - sp_521_cond_sub_21(r->x, r->x, p521_mod, ~(n >> 24)); + sp_521_cond_sub_21(r->x, r->x, p521_mod, (sp_digit)~(n >> 24)); sp_521_norm_21(r->x); /* y /= z^3 */ @@ -36210,7 +36097,7 @@ static void sp_521_map_21(sp_point_521* r, const sp_point_521* p, sp_521_mont_reduce_21(r->y, p521_mod, p521_mp_mod); /* Reduce y to less than modulus */ n = sp_521_cmp_21(r->y, p521_mod); - sp_521_cond_sub_21(r->y, r->y, p521_mod, ~(n >> 24)); + sp_521_cond_sub_21(r->y, r->y, p521_mod, (sp_digit)~(n >> 24)); sp_521_norm_21(r->y); XMEMSET(r->z, 0, sizeof(r->z) / 2); @@ -36352,29 +36239,29 @@ SP_NOINLINE static void sp_521_rshift1_21(sp_digit* r, const sp_digit* a) int i; for (i=0; i<20; i++) { - r[i] = (a[i] >> 1) + ((a[i + 1] << 24) & 0x1ffffff); - } -#else - r[0] = (a[0] >> 1) + ((a[1] << 24) & 0x1ffffff); - r[1] = (a[1] >> 1) + ((a[2] << 24) & 0x1ffffff); - r[2] = (a[2] >> 1) + ((a[3] << 24) & 0x1ffffff); - r[3] = (a[3] >> 1) + ((a[4] << 24) & 0x1ffffff); - r[4] = (a[4] >> 1) + ((a[5] << 24) & 0x1ffffff); - r[5] = (a[5] >> 1) + ((a[6] << 24) & 0x1ffffff); - r[6] = (a[6] >> 1) + ((a[7] << 24) & 0x1ffffff); - r[7] = (a[7] >> 1) + ((a[8] << 24) & 0x1ffffff); - r[8] = (a[8] >> 1) + ((a[9] << 24) & 0x1ffffff); - r[9] = (a[9] >> 1) + ((a[10] << 24) & 0x1ffffff); - r[10] = (a[10] >> 1) + ((a[11] << 24) & 0x1ffffff); - r[11] = (a[11] >> 1) + ((a[12] << 24) & 0x1ffffff); - r[12] = (a[12] >> 1) + ((a[13] << 24) & 0x1ffffff); - r[13] = (a[13] >> 1) + ((a[14] << 24) & 0x1ffffff); - r[14] = (a[14] >> 1) + ((a[15] << 24) & 0x1ffffff); - r[15] = (a[15] >> 1) + ((a[16] << 24) & 0x1ffffff); - r[16] = (a[16] >> 1) + ((a[17] << 24) & 0x1ffffff); - r[17] = (a[17] >> 1) + ((a[18] << 24) & 0x1ffffff); - r[18] = (a[18] >> 1) + ((a[19] << 24) & 0x1ffffff); - r[19] = (a[19] >> 1) + ((a[20] << 24) & 0x1ffffff); + r[i] = (a[i] >> 1) + (sp_digit)((a[i + 1] << 24) & 0x1ffffff); + } +#else + r[0] = (a[0] >> 1) + (sp_digit)((a[1] << 24) & 0x1ffffff); + r[1] = (a[1] >> 1) + (sp_digit)((a[2] << 24) & 0x1ffffff); + r[2] = (a[2] >> 1) + (sp_digit)((a[3] << 24) & 0x1ffffff); + r[3] = (a[3] >> 1) + (sp_digit)((a[4] << 24) & 0x1ffffff); + r[4] = (a[4] >> 1) + (sp_digit)((a[5] << 24) & 0x1ffffff); + r[5] = (a[5] >> 1) + (sp_digit)((a[6] << 24) & 0x1ffffff); + r[6] = (a[6] >> 1) + (sp_digit)((a[7] << 24) & 0x1ffffff); + r[7] = (a[7] >> 1) + (sp_digit)((a[8] << 24) & 0x1ffffff); + r[8] = (a[8] >> 1) + (sp_digit)((a[9] << 24) & 0x1ffffff); + r[9] = (a[9] >> 1) + (sp_digit)((a[10] << 24) & 0x1ffffff); + r[10] = (a[10] >> 1) + (sp_digit)((a[11] << 24) & 0x1ffffff); + r[11] = (a[11] >> 1) + (sp_digit)((a[12] << 24) & 0x1ffffff); + r[12] = (a[12] >> 1) + (sp_digit)((a[13] << 24) & 0x1ffffff); + r[13] = (a[13] >> 1) + (sp_digit)((a[14] << 24) & 0x1ffffff); + r[14] = (a[14] >> 1) + (sp_digit)((a[15] << 24) & 0x1ffffff); + r[15] = (a[15] >> 1) + (sp_digit)((a[16] << 24) & 0x1ffffff); + r[16] = (a[16] >> 1) + (sp_digit)((a[17] << 24) & 0x1ffffff); + r[17] = (a[17] >> 1) + (sp_digit)((a[18] << 24) & 0x1ffffff); + r[18] = (a[18] >> 1) + (sp_digit)((a[19] << 24) & 0x1ffffff); + r[19] = (a[19] >> 1) + (sp_digit)((a[20] << 24) & 0x1ffffff); #endif r[20] = a[20] >> 1; } @@ -36690,8 +36577,8 @@ static void sp_521_proj_point_add_21(sp_point_521* r, sp_521_mont_sub_21(y, y, t5, p521_mod); { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -36708,7 +36595,7 @@ static void sp_521_proj_point_add_21(sp_point_521* r, (z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } } } @@ -36882,8 +36769,8 @@ static int sp_521_proj_point_add_21_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r, { { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -36900,7 +36787,7 @@ static int sp_521_proj_point_add_21_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r, (ctx->z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } ctx->state = 25; break; @@ -37528,7 +37415,7 @@ static void sp_521_ecc_recode_6_21(const sp_digit* k, ecc_recode_521* v) n = k[j]; o = 0; for (i=0; i<87; i++) { - y = (int8_t)n; + y = (uint8_t)(int8_t)n; if (o + 6 < 25) { y &= 0x3f; n >>= 6; @@ -37631,7 +37518,7 @@ static void sp_521_get_point_33_21(sp_point_521* r, const sp_point_521* table, r->z[19] = 0; r->z[20] = 0; for (i = 1; i < 33; i++) { - mask = 0 - (i == idx); + mask = (sp_digit)0 - (i == idx); r->x[0] |= mask & table[i].x[0]; r->x[1] |= mask & table[i].x[1]; r->x[2] |= mask & table[i].x[2]; @@ -37834,10 +37721,8 @@ static int sp_521_ecc_mulmod_win_add_sub_21(sp_point_521* r, const sp_point_521* } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (tmp != NULL) - XFREE(tmp, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(tmp, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -37903,8 +37788,8 @@ static void sp_521_proj_point_add_qz1_21(sp_point_521* r, sp_521_mont_sub_21(y, t3, t1, p521_mod); { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -37921,7 +37806,7 @@ static void sp_521_proj_point_add_qz1_21(sp_point_521* r, (z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } } } @@ -38032,8 +37917,7 @@ static int sp_521_gen_stripe_table_21(const sp_point_521* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -38096,7 +37980,7 @@ static void sp_521_get_entry_256_21(sp_point_521* r, r->y[19] = 0; r->y[20] = 0; for (i = 1; i < 256; i++) { - mask = 0 - (i == idx); + mask = (sp_digit)0 - (i == idx); r->x[0] |= mask & table[i].x[0]; r->x[1] |= mask & table[i].x[1]; r->x[2] |= mask & table[i].x[2]; @@ -38249,10 +38133,8 @@ static int sp_521_ecc_mulmod_stripe_21(sp_point_521* r, const sp_point_521* g, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -38470,10 +38352,8 @@ int sp_ecc_mulmod_521(const mp_int* km, const ecc_point* gm, ecc_point* r, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -38550,10 +38430,8 @@ int sp_ecc_mulmod_add_521(const mp_int* km, const ecc_point* gm, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -40961,10 +40839,8 @@ int sp_ecc_mulmod_base_521(const mp_int* km, ecc_point* r, int map, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -41039,10 +40915,8 @@ int sp_ecc_mulmod_base_add_521(const mp_int* km, const ecc_point* am, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -41106,6 +40980,7 @@ static void sp_521_from_bin(sp_digit* r, int size, const byte* a, int n) */ static int sp_521_ecc_gen_k_21(WC_RNG* rng, sp_digit* k) { +#ifndef WC_NO_RNG int err; byte buf[66]; @@ -41123,6 +40998,11 @@ static int sp_521_ecc_gen_k_21(WC_RNG* rng, sp_digit* k) while (err == 0); return err; +#else + (void)rng; + (void)k; + return NOT_COMPILED_IN; +#endif } /* Makes a random EC key pair. @@ -41201,12 +41081,9 @@ int sp_ecc_make_key_521(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) { - /* point is not sensitive, so no need to zeroize */ - XFREE(point, heap, DYNAMIC_TYPE_ECC); - } + XFREE(k, heap, DYNAMIC_TYPE_ECC); + /* point is not sensitive, so no need to zeroize */ + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -41389,10 +41266,8 @@ int sp_ecc_secret_gen_521(const mp_int* priv, const ecc_point* pub, byte* out, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -41457,23 +41332,23 @@ SP_NOINLINE static void sp_521_rshift_21(sp_digit* r, const sp_digit* a, #ifdef WOLFSSL_SP_SMALL for (i=0; i<20; i++) { - r[i] = ((a[i] >> n) | (a[i + 1] << (25 - n))) & 0x1ffffff; + r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (25 - n))) & 0x1ffffff); } #else for (i=0; i<16; i += 8) { - r[i+0] = (a[i+0] >> n) | ((a[i+1] << (25 - n)) & 0x1ffffff); - r[i+1] = (a[i+1] >> n) | ((a[i+2] << (25 - n)) & 0x1ffffff); - r[i+2] = (a[i+2] >> n) | ((a[i+3] << (25 - n)) & 0x1ffffff); - r[i+3] = (a[i+3] >> n) | ((a[i+4] << (25 - n)) & 0x1ffffff); - r[i+4] = (a[i+4] >> n) | ((a[i+5] << (25 - n)) & 0x1ffffff); - r[i+5] = (a[i+5] >> n) | ((a[i+6] << (25 - n)) & 0x1ffffff); - r[i+6] = (a[i+6] >> n) | ((a[i+7] << (25 - n)) & 0x1ffffff); - r[i+7] = (a[i+7] >> n) | ((a[i+8] << (25 - n)) & 0x1ffffff); - } - r[16] = (a[16] >> n) | ((a[17] << (25 - n)) & 0x1ffffff); - r[17] = (a[17] >> n) | ((a[18] << (25 - n)) & 0x1ffffff); - r[18] = (a[18] >> n) | ((a[19] << (25 - n)) & 0x1ffffff); - r[19] = (a[19] >> n) | ((a[20] << (25 - n)) & 0x1ffffff); + r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (25 - n)) & 0x1ffffff); + r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (25 - n)) & 0x1ffffff); + r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (25 - n)) & 0x1ffffff); + r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (25 - n)) & 0x1ffffff); + r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (25 - n)) & 0x1ffffff); + r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (25 - n)) & 0x1ffffff); + r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (25 - n)) & 0x1ffffff); + r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (25 - n)) & 0x1ffffff); + } + r[16] = (a[16] >> n) | (sp_digit)((a[17] << (25 - n)) & 0x1ffffff); + r[17] = (a[17] >> n) | (sp_digit)((a[18] << (25 - n)) & 0x1ffffff); + r[18] = (a[18] >> n) | (sp_digit)((a[19] << (25 - n)) & 0x1ffffff); + r[19] = (a[19] >> n) | (sp_digit)((a[20] << (25 - n)) & 0x1ffffff); #endif /* WOLFSSL_SP_SMALL */ r[20] = a[20] >> n; } @@ -41544,7 +41419,7 @@ SP_NOINLINE static void sp_521_lshift_42(sp_digit* r, const sp_digit* a, r[42] = a[41] >> (25 - n); for (i=41; i>0; i--) { - r[i] = ((a[i] << n) | (a[i-1] >> (25 - n))) & 0x1ffffff; + r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (25 - n))) & 0x1ffffff); } #else sp_int_digit s; @@ -41553,89 +41428,89 @@ SP_NOINLINE static void sp_521_lshift_42(sp_digit* r, const sp_digit* a, s = (sp_int_digit)a[41]; r[42] = s >> (25U - n); s = (sp_int_digit)(a[41]); t = (sp_int_digit)(a[40]); - r[41] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[41] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[40]); t = (sp_int_digit)(a[39]); - r[40] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[40] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[39]); t = (sp_int_digit)(a[38]); - r[39] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[39] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[38]); t = (sp_int_digit)(a[37]); - r[38] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[38] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[37]); t = (sp_int_digit)(a[36]); - r[37] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[37] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[36]); t = (sp_int_digit)(a[35]); - r[36] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[36] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[35]); t = (sp_int_digit)(a[34]); - r[35] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[35] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[34]); t = (sp_int_digit)(a[33]); - r[34] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[34] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[33]); t = (sp_int_digit)(a[32]); - r[33] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[33] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[32]); t = (sp_int_digit)(a[31]); - r[32] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[32] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[31]); t = (sp_int_digit)(a[30]); - r[31] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[31] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[30]); t = (sp_int_digit)(a[29]); - r[30] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[30] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[29]); t = (sp_int_digit)(a[28]); - r[29] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[29] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[28]); t = (sp_int_digit)(a[27]); - r[28] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[28] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[27]); t = (sp_int_digit)(a[26]); - r[27] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[27] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[26]); t = (sp_int_digit)(a[25]); - r[26] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[26] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[25]); t = (sp_int_digit)(a[24]); - r[25] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[25] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[24]); t = (sp_int_digit)(a[23]); - r[24] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[24] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[23]); t = (sp_int_digit)(a[22]); - r[23] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[23] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[22]); t = (sp_int_digit)(a[21]); - r[22] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[22] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[21]); t = (sp_int_digit)(a[20]); - r[21] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[21] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[20]); t = (sp_int_digit)(a[19]); - r[20] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[20] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[19]); t = (sp_int_digit)(a[18]); - r[19] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[19] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[18]); t = (sp_int_digit)(a[17]); - r[18] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[18] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[17]); t = (sp_int_digit)(a[16]); - r[17] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[17] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[16]); t = (sp_int_digit)(a[15]); - r[16] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[16] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[15]); t = (sp_int_digit)(a[14]); - r[15] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[15] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[14]); t = (sp_int_digit)(a[13]); - r[14] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[14] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[13]); t = (sp_int_digit)(a[12]); - r[13] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[13] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[12]); t = (sp_int_digit)(a[11]); - r[12] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[12] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[11]); t = (sp_int_digit)(a[10]); - r[11] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[11] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[10]); t = (sp_int_digit)(a[9]); - r[10] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[10] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]); - r[9] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[9] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]); - r[8] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[8] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]); - r[7] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[7] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]); - r[6] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[6] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]); - r[5] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[5] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]); - r[4] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[4] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]); - r[3] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[3] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]); - r[2] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[2] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]); - r[1] = ((s << n) | (t >> (25U - n))) & 0x1ffffff; + r[1] = (sp_digit)(((s << n) | (t >> (25U - n))) & 0x1ffffff); #endif /* WOLFSSL_SP_SMALL */ - r[0] = (a[0] << n) & 0x1ffffff; + r[0] = (sp_digit)((a[0] << n) & 0x1ffffff); } /* Divide d in a and put remainder into r (m*d + r = a) @@ -41699,8 +41574,7 @@ static int sp_521_div_21(const sp_digit* a, const sp_digit* d, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -42417,8 +42291,7 @@ static int sp_521_mod_inv_21(sp_digit* r, const sp_digit* a, const sp_digit* m) XMEMCPY(r, d, sizeof(sp_digit) * 21); } #ifdef WOLFSSL_SP_SMALL_STACK - if (u != NULL) - XFREE(u, NULL, DYNAMIC_TYPE_ECC); + XFREE(u, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -42643,10 +42516,8 @@ int sp_ecc_verify_521(const byte* hash, word32 hashLen, const mp_int* pX, } #ifdef WOLFSSL_SP_SMALL_STACK - if (u1 != NULL) - XFREE(u1, heap, DYNAMIC_TYPE_ECC); - if (p1 != NULL) - XFREE(p1, heap, DYNAMIC_TYPE_ECC); + XFREE(u1, heap, DYNAMIC_TYPE_ECC); + XFREE(p1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -42857,8 +42728,7 @@ static int sp_521_ecc_is_point_21(const sp_point_521* point, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, heap, DYNAMIC_TYPE_ECC); + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -42897,8 +42767,7 @@ int sp_ecc_is_point_521(const mp_int* pX, const mp_int* pY) } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, NULL, DYNAMIC_TYPE_ECC); + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -43006,10 +42875,8 @@ int sp_ecc_check_key_521(const mp_int* pX, const mp_int* pY, } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, heap, DYNAMIC_TYPE_ECC); - if (priv != NULL) - XFREE(priv, heap, DYNAMIC_TYPE_ECC); + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + XFREE(priv, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -43088,10 +42955,8 @@ int sp_ecc_proj_add_point_521(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -43156,10 +43021,8 @@ int sp_ecc_proj_dbl_point_521(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -43220,10 +43083,8 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ) } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -43273,8 +43134,7 @@ static int sp_521_mont_sqrt_21(sp_digit* y) } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, NULL, DYNAMIC_TYPE_ECC); + XFREE(t, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -43339,8 +43199,7 @@ int sp_ecc_uncompress_521(mp_int* xm, int odd, mp_int* ym) } #ifdef WOLFSSL_SP_SMALL_STACK - if (x != NULL) - XFREE(x, NULL, DYNAMIC_TYPE_ECC); + XFREE(x, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -43422,20 +43281,20 @@ SP_NOINLINE static void sp_1024_mul_7(sp_digit* r, const sp_digit* a, + ((sp_int64)a[ 6]) * b[ 5]; sp_int64 t12 = ((sp_int64)a[ 6]) * b[ 6]; - t1 += t0 >> 25; r[ 0] = t0 & 0x1ffffff; - t2 += t1 >> 25; r[ 1] = t1 & 0x1ffffff; - t3 += t2 >> 25; r[ 2] = t2 & 0x1ffffff; - t4 += t3 >> 25; r[ 3] = t3 & 0x1ffffff; - t5 += t4 >> 25; r[ 4] = t4 & 0x1ffffff; - t6 += t5 >> 25; r[ 5] = t5 & 0x1ffffff; - t7 += t6 >> 25; r[ 6] = t6 & 0x1ffffff; - t8 += t7 >> 25; r[ 7] = t7 & 0x1ffffff; - t9 += t8 >> 25; r[ 8] = t8 & 0x1ffffff; - t10 += t9 >> 25; r[ 9] = t9 & 0x1ffffff; - t11 += t10 >> 25; r[10] = t10 & 0x1ffffff; - t12 += t11 >> 25; r[11] = t11 & 0x1ffffff; + t1 += t0 >> 25; r[ 0] = (sp_digit)(t0 & 0x1ffffff); + t2 += t1 >> 25; r[ 1] = (sp_digit)(t1 & 0x1ffffff); + t3 += t2 >> 25; r[ 2] = (sp_digit)(t2 & 0x1ffffff); + t4 += t3 >> 25; r[ 3] = (sp_digit)(t3 & 0x1ffffff); + t5 += t4 >> 25; r[ 4] = (sp_digit)(t4 & 0x1ffffff); + t6 += t5 >> 25; r[ 5] = (sp_digit)(t5 & 0x1ffffff); + t7 += t6 >> 25; r[ 6] = (sp_digit)(t6 & 0x1ffffff); + t8 += t7 >> 25; r[ 7] = (sp_digit)(t7 & 0x1ffffff); + t9 += t8 >> 25; r[ 8] = (sp_digit)(t8 & 0x1ffffff); + t10 += t9 >> 25; r[ 9] = (sp_digit)(t9 & 0x1ffffff); + t11 += t10 >> 25; r[10] = (sp_digit)(t10 & 0x1ffffff); + t12 += t11 >> 25; r[11] = (sp_digit)(t11 & 0x1ffffff); r[13] = (sp_digit)(t12 >> 25); - r[12] = t12 & 0x1ffffff; + r[12] = (sp_digit)(t12 & 0x1ffffff); } /* Square a and put result in r. (r = a * a) @@ -43474,20 +43333,20 @@ SP_NOINLINE static void sp_1024_sqr_7(sp_digit* r, const sp_digit* a) sp_int64 t11 = (((sp_int64)a[ 5]) * a[ 6]) * 2; sp_int64 t12 = ((sp_int64)a[ 6]) * a[ 6]; - t1 += t0 >> 25; r[ 0] = t0 & 0x1ffffff; - t2 += t1 >> 25; r[ 1] = t1 & 0x1ffffff; - t3 += t2 >> 25; r[ 2] = t2 & 0x1ffffff; - t4 += t3 >> 25; r[ 3] = t3 & 0x1ffffff; - t5 += t4 >> 25; r[ 4] = t4 & 0x1ffffff; - t6 += t5 >> 25; r[ 5] = t5 & 0x1ffffff; - t7 += t6 >> 25; r[ 6] = t6 & 0x1ffffff; - t8 += t7 >> 25; r[ 7] = t7 & 0x1ffffff; - t9 += t8 >> 25; r[ 8] = t8 & 0x1ffffff; - t10 += t9 >> 25; r[ 9] = t9 & 0x1ffffff; - t11 += t10 >> 25; r[10] = t10 & 0x1ffffff; - t12 += t11 >> 25; r[11] = t11 & 0x1ffffff; + t1 += t0 >> 25; r[ 0] = (sp_digit)(t0 & 0x1ffffff); + t2 += t1 >> 25; r[ 1] = (sp_digit)(t1 & 0x1ffffff); + t3 += t2 >> 25; r[ 2] = (sp_digit)(t2 & 0x1ffffff); + t4 += t3 >> 25; r[ 3] = (sp_digit)(t3 & 0x1ffffff); + t5 += t4 >> 25; r[ 4] = (sp_digit)(t4 & 0x1ffffff); + t6 += t5 >> 25; r[ 5] = (sp_digit)(t5 & 0x1ffffff); + t7 += t6 >> 25; r[ 6] = (sp_digit)(t6 & 0x1ffffff); + t8 += t7 >> 25; r[ 7] = (sp_digit)(t7 & 0x1ffffff); + t9 += t8 >> 25; r[ 8] = (sp_digit)(t8 & 0x1ffffff); + t10 += t9 >> 25; r[ 9] = (sp_digit)(t9 & 0x1ffffff); + t11 += t10 >> 25; r[10] = (sp_digit)(t10 & 0x1ffffff); + t12 += t11 >> 25; r[11] = (sp_digit)(t11 & 0x1ffffff); r[13] = (sp_digit)(t12 >> 25); - r[12] = t12 & 0x1ffffff; + r[12] = (sp_digit)(t12 & 0x1ffffff); } /* Add b to a into r. (r = a + b) @@ -44192,20 +44051,20 @@ SP_NOINLINE static void sp_1024_rshift_42(sp_digit* r, const sp_digit* a, #ifdef WOLFSSL_SP_SMALL for (i=0; i<41; i++) { - r[i] = ((a[i] >> n) | (a[i + 1] << (25 - n))) & 0x1ffffff; + r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (25 - n))) & 0x1ffffff); } #else for (i=0; i<40; i += 8) { - r[i+0] = (a[i+0] >> n) | ((a[i+1] << (25 - n)) & 0x1ffffff); - r[i+1] = (a[i+1] >> n) | ((a[i+2] << (25 - n)) & 0x1ffffff); - r[i+2] = (a[i+2] >> n) | ((a[i+3] << (25 - n)) & 0x1ffffff); - r[i+3] = (a[i+3] >> n) | ((a[i+4] << (25 - n)) & 0x1ffffff); - r[i+4] = (a[i+4] >> n) | ((a[i+5] << (25 - n)) & 0x1ffffff); - r[i+5] = (a[i+5] >> n) | ((a[i+6] << (25 - n)) & 0x1ffffff); - r[i+6] = (a[i+6] >> n) | ((a[i+7] << (25 - n)) & 0x1ffffff); - r[i+7] = (a[i+7] >> n) | ((a[i+8] << (25 - n)) & 0x1ffffff); - } - r[40] = (a[40] >> n) | ((a[41] << (25 - n)) & 0x1ffffff); + r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (25 - n)) & 0x1ffffff); + r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (25 - n)) & 0x1ffffff); + r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (25 - n)) & 0x1ffffff); + r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (25 - n)) & 0x1ffffff); + r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (25 - n)) & 0x1ffffff); + r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (25 - n)) & 0x1ffffff); + r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (25 - n)) & 0x1ffffff); + r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (25 - n)) & 0x1ffffff); + } + r[40] = (a[40] >> n) | (sp_digit)((a[41] << (25 - n)) & 0x1ffffff); #endif /* WOLFSSL_SP_SMALL */ r[41] = a[41] >> n; } @@ -44382,8 +44241,7 @@ static int sp_1024_div_42(const sp_digit* a, const sp_digit* d, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -44462,16 +44320,16 @@ static void sp_1024_point_free_42(sp_point_1024* p, int clear, void* heap) { #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) -/* If valid pointer then clear point data if requested and free data. */ + /* If valid pointer then clear point data if requested and free data. */ if (p != NULL) { - if (clear != 0) { + if (clear) { XMEMSET(p, 0, sizeof(*p)); } XFREE(p, heap, DYNAMIC_TYPE_ECC); } #else -/* Clear point data if requested. */ - if ((p != NULL) && (clear != 0)) { + /* Clear point data if requested. */ + if ((p != NULL) && clear) { XMEMSET(p, 0, sizeof(*p)); } #endif @@ -44765,20 +44623,20 @@ SP_NOINLINE static void sp_1024_mul_add_42(sp_digit* r, const sp_digit* a, t[1] = (tb * a[i+1]) + r[i+1]; t[2] = (tb * a[i+2]) + r[i+2]; t[3] = (tb * a[i+3]) + r[i+3]; - r[i+0] = t[0] & 0x1ffffff; + r[i+0] = (sp_digit)(t[0] & 0x1ffffff); t[1] += t[0] >> 25; - r[i+1] = t[1] & 0x1ffffff; + r[i+1] = (sp_digit)(t[1] & 0x1ffffff); t[2] += t[1] >> 25; - r[i+2] = t[2] & 0x1ffffff; + r[i+2] = (sp_digit)(t[2] & 0x1ffffff); t[3] += t[2] >> 25; - r[i+3] = t[3] & 0x1ffffff; + r[i+3] = (sp_digit)(t[3] & 0x1ffffff); t[0] = t[3] >> 25; } t[0] += (tb * a[40]) + r[40]; t[1] = (tb * a[41]) + r[41]; - r[40] = t[0] & 0x1ffffff; + r[40] = (sp_digit)(t[0] & 0x1ffffff); t[1] += t[0] >> 25; - r[41] = t[1] & 0x1ffffff; + r[41] = (sp_digit)(t[1] & 0x1ffffff); r[42] += (sp_digit)(t[1] >> 25); #else sp_int64 tb = b; @@ -44852,7 +44710,7 @@ static void sp_1024_mont_shift_42(sp_digit* r, const sp_digit* a) n = a[40] >> 24; for (i = 0; i < 40; i++) { n += (sp_uint32)a[41 + i] << 1; - r[i] = n & 0x1ffffff; + r[i] = (sp_digit)(n & 0x1ffffff); n >>= 25; } n += (sp_uint32)a[81] << 1; @@ -44864,14 +44722,14 @@ static void sp_1024_mont_shift_42(sp_digit* r, const sp_digit* a) n = (sp_uint32)a[40]; n = n >> 24U; for (i = 0; i < 40; i += 8) { - n += (sp_uint32)a[i+41] << 1U; r[i+0] = n & 0x1ffffff; n >>= 25U; - n += (sp_uint32)a[i+42] << 1U; r[i+1] = n & 0x1ffffff; n >>= 25U; - n += (sp_uint32)a[i+43] << 1U; r[i+2] = n & 0x1ffffff; n >>= 25U; - n += (sp_uint32)a[i+44] << 1U; r[i+3] = n & 0x1ffffff; n >>= 25U; - n += (sp_uint32)a[i+45] << 1U; r[i+4] = n & 0x1ffffff; n >>= 25U; - n += (sp_uint32)a[i+46] << 1U; r[i+5] = n & 0x1ffffff; n >>= 25U; - n += (sp_uint32)a[i+47] << 1U; r[i+6] = n & 0x1ffffff; n >>= 25U; - n += (sp_uint32)a[i+48] << 1U; r[i+7] = n & 0x1ffffff; n >>= 25U; + n += (sp_uint32)a[i+41] << 1U; r[i+0] = (sp_digit)(n & 0x1ffffff); n >>= 25U; + n += (sp_uint32)a[i+42] << 1U; r[i+1] = (sp_digit)(n & 0x1ffffff); n >>= 25U; + n += (sp_uint32)a[i+43] << 1U; r[i+2] = (sp_digit)(n & 0x1ffffff); n >>= 25U; + n += (sp_uint32)a[i+44] << 1U; r[i+3] = (sp_digit)(n & 0x1ffffff); n >>= 25U; + n += (sp_uint32)a[i+45] << 1U; r[i+4] = (sp_digit)(n & 0x1ffffff); n >>= 25U; + n += (sp_uint32)a[i+46] << 1U; r[i+5] = (sp_digit)(n & 0x1ffffff); n >>= 25U; + n += (sp_uint32)a[i+47] << 1U; r[i+6] = (sp_digit)(n & 0x1ffffff); n >>= 25U; + n += (sp_uint32)a[i+48] << 1U; r[i+7] = (sp_digit)(n & 0x1ffffff); n >>= 25U; } n += (sp_uint32)a[81] << 1U; r[40] = n; #endif /* WOLFSSL_SP_SMALL */ @@ -44894,22 +44752,22 @@ static void sp_1024_mont_reduce_42(sp_digit* a, const sp_digit* m, sp_digit mp) if (mp != 1) { for (i=0; i<40; i++) { - mu = (a[i] * mp) & 0x1ffffff; + mu = (sp_digit)((a[i] * mp) & 0x1ffffff); sp_1024_mul_add_42(a+i, m, mu); a[i+1] += a[i] >> 25; } - mu = (a[i] * mp) & 0xffffffL; + mu = (sp_digit)((a[i] * mp) & 0xffffffL); sp_1024_mul_add_42(a+i, m, mu); a[i+1] += a[i] >> 25; a[i] &= 0x1ffffff; } else { for (i=0; i<40; i++) { - mu = a[i] & 0x1ffffff; + mu = (sp_digit)(a[i] & 0x1ffffff); sp_1024_mul_add_42(a+i, m, mu); a[i+1] += a[i] >> 25; } - mu = a[i] & 0xffffffL; + mu = (sp_digit)(a[i] & 0xffffffL); sp_1024_mul_add_42(a+i, m, mu); a[i+1] += a[i] >> 25; a[i] &= 0x1ffffff; @@ -45036,7 +44894,7 @@ static void sp_1024_map_42(sp_point_1024* r, const sp_point_1024* p, sp_1024_mont_reduce_42(r->x, p1024_mod, p1024_mp_mod); /* Reduce x to less than modulus */ n = sp_1024_cmp_42(r->x, p1024_mod); - sp_1024_cond_sub_42(r->x, r->x, p1024_mod, ~(n >> 24)); + sp_1024_cond_sub_42(r->x, r->x, p1024_mod, (sp_digit)~(n >> 24)); sp_1024_norm_42(r->x); /* y /= z^3 */ @@ -45045,7 +44903,7 @@ static void sp_1024_map_42(sp_point_1024* r, const sp_point_1024* p, sp_1024_mont_reduce_42(r->y, p1024_mod, p1024_mp_mod); /* Reduce y to less than modulus */ n = sp_1024_cmp_42(r->y, p1024_mod); - sp_1024_cond_sub_42(r->y, r->y, p1024_mod, ~(n >> 24)); + sp_1024_cond_sub_42(r->y, r->y, p1024_mod, (sp_digit)~(n >> 24)); sp_1024_norm_42(r->y); XMEMSET(r->z, 0, sizeof(r->z) / 2); @@ -45135,50 +44993,50 @@ SP_NOINLINE static void sp_1024_rshift1_42(sp_digit* r, const sp_digit* a) int i; for (i=0; i<41; i++) { - r[i] = (a[i] >> 1) + ((a[i + 1] << 24) & 0x1ffffff); - } -#else - r[0] = (a[0] >> 1) + ((a[1] << 24) & 0x1ffffff); - r[1] = (a[1] >> 1) + ((a[2] << 24) & 0x1ffffff); - r[2] = (a[2] >> 1) + ((a[3] << 24) & 0x1ffffff); - r[3] = (a[3] >> 1) + ((a[4] << 24) & 0x1ffffff); - r[4] = (a[4] >> 1) + ((a[5] << 24) & 0x1ffffff); - r[5] = (a[5] >> 1) + ((a[6] << 24) & 0x1ffffff); - r[6] = (a[6] >> 1) + ((a[7] << 24) & 0x1ffffff); - r[7] = (a[7] >> 1) + ((a[8] << 24) & 0x1ffffff); - r[8] = (a[8] >> 1) + ((a[9] << 24) & 0x1ffffff); - r[9] = (a[9] >> 1) + ((a[10] << 24) & 0x1ffffff); - r[10] = (a[10] >> 1) + ((a[11] << 24) & 0x1ffffff); - r[11] = (a[11] >> 1) + ((a[12] << 24) & 0x1ffffff); - r[12] = (a[12] >> 1) + ((a[13] << 24) & 0x1ffffff); - r[13] = (a[13] >> 1) + ((a[14] << 24) & 0x1ffffff); - r[14] = (a[14] >> 1) + ((a[15] << 24) & 0x1ffffff); - r[15] = (a[15] >> 1) + ((a[16] << 24) & 0x1ffffff); - r[16] = (a[16] >> 1) + ((a[17] << 24) & 0x1ffffff); - r[17] = (a[17] >> 1) + ((a[18] << 24) & 0x1ffffff); - r[18] = (a[18] >> 1) + ((a[19] << 24) & 0x1ffffff); - r[19] = (a[19] >> 1) + ((a[20] << 24) & 0x1ffffff); - r[20] = (a[20] >> 1) + ((a[21] << 24) & 0x1ffffff); - r[21] = (a[21] >> 1) + ((a[22] << 24) & 0x1ffffff); - r[22] = (a[22] >> 1) + ((a[23] << 24) & 0x1ffffff); - r[23] = (a[23] >> 1) + ((a[24] << 24) & 0x1ffffff); - r[24] = (a[24] >> 1) + ((a[25] << 24) & 0x1ffffff); - r[25] = (a[25] >> 1) + ((a[26] << 24) & 0x1ffffff); - r[26] = (a[26] >> 1) + ((a[27] << 24) & 0x1ffffff); - r[27] = (a[27] >> 1) + ((a[28] << 24) & 0x1ffffff); - r[28] = (a[28] >> 1) + ((a[29] << 24) & 0x1ffffff); - r[29] = (a[29] >> 1) + ((a[30] << 24) & 0x1ffffff); - r[30] = (a[30] >> 1) + ((a[31] << 24) & 0x1ffffff); - r[31] = (a[31] >> 1) + ((a[32] << 24) & 0x1ffffff); - r[32] = (a[32] >> 1) + ((a[33] << 24) & 0x1ffffff); - r[33] = (a[33] >> 1) + ((a[34] << 24) & 0x1ffffff); - r[34] = (a[34] >> 1) + ((a[35] << 24) & 0x1ffffff); - r[35] = (a[35] >> 1) + ((a[36] << 24) & 0x1ffffff); - r[36] = (a[36] >> 1) + ((a[37] << 24) & 0x1ffffff); - r[37] = (a[37] >> 1) + ((a[38] << 24) & 0x1ffffff); - r[38] = (a[38] >> 1) + ((a[39] << 24) & 0x1ffffff); - r[39] = (a[39] >> 1) + ((a[40] << 24) & 0x1ffffff); - r[40] = (a[40] >> 1) + ((a[41] << 24) & 0x1ffffff); + r[i] = (a[i] >> 1) + (sp_digit)((a[i + 1] << 24) & 0x1ffffff); + } +#else + r[0] = (a[0] >> 1) + (sp_digit)((a[1] << 24) & 0x1ffffff); + r[1] = (a[1] >> 1) + (sp_digit)((a[2] << 24) & 0x1ffffff); + r[2] = (a[2] >> 1) + (sp_digit)((a[3] << 24) & 0x1ffffff); + r[3] = (a[3] >> 1) + (sp_digit)((a[4] << 24) & 0x1ffffff); + r[4] = (a[4] >> 1) + (sp_digit)((a[5] << 24) & 0x1ffffff); + r[5] = (a[5] >> 1) + (sp_digit)((a[6] << 24) & 0x1ffffff); + r[6] = (a[6] >> 1) + (sp_digit)((a[7] << 24) & 0x1ffffff); + r[7] = (a[7] >> 1) + (sp_digit)((a[8] << 24) & 0x1ffffff); + r[8] = (a[8] >> 1) + (sp_digit)((a[9] << 24) & 0x1ffffff); + r[9] = (a[9] >> 1) + (sp_digit)((a[10] << 24) & 0x1ffffff); + r[10] = (a[10] >> 1) + (sp_digit)((a[11] << 24) & 0x1ffffff); + r[11] = (a[11] >> 1) + (sp_digit)((a[12] << 24) & 0x1ffffff); + r[12] = (a[12] >> 1) + (sp_digit)((a[13] << 24) & 0x1ffffff); + r[13] = (a[13] >> 1) + (sp_digit)((a[14] << 24) & 0x1ffffff); + r[14] = (a[14] >> 1) + (sp_digit)((a[15] << 24) & 0x1ffffff); + r[15] = (a[15] >> 1) + (sp_digit)((a[16] << 24) & 0x1ffffff); + r[16] = (a[16] >> 1) + (sp_digit)((a[17] << 24) & 0x1ffffff); + r[17] = (a[17] >> 1) + (sp_digit)((a[18] << 24) & 0x1ffffff); + r[18] = (a[18] >> 1) + (sp_digit)((a[19] << 24) & 0x1ffffff); + r[19] = (a[19] >> 1) + (sp_digit)((a[20] << 24) & 0x1ffffff); + r[20] = (a[20] >> 1) + (sp_digit)((a[21] << 24) & 0x1ffffff); + r[21] = (a[21] >> 1) + (sp_digit)((a[22] << 24) & 0x1ffffff); + r[22] = (a[22] >> 1) + (sp_digit)((a[23] << 24) & 0x1ffffff); + r[23] = (a[23] >> 1) + (sp_digit)((a[24] << 24) & 0x1ffffff); + r[24] = (a[24] >> 1) + (sp_digit)((a[25] << 24) & 0x1ffffff); + r[25] = (a[25] >> 1) + (sp_digit)((a[26] << 24) & 0x1ffffff); + r[26] = (a[26] >> 1) + (sp_digit)((a[27] << 24) & 0x1ffffff); + r[27] = (a[27] >> 1) + (sp_digit)((a[28] << 24) & 0x1ffffff); + r[28] = (a[28] >> 1) + (sp_digit)((a[29] << 24) & 0x1ffffff); + r[29] = (a[29] >> 1) + (sp_digit)((a[30] << 24) & 0x1ffffff); + r[30] = (a[30] >> 1) + (sp_digit)((a[31] << 24) & 0x1ffffff); + r[31] = (a[31] >> 1) + (sp_digit)((a[32] << 24) & 0x1ffffff); + r[32] = (a[32] >> 1) + (sp_digit)((a[33] << 24) & 0x1ffffff); + r[33] = (a[33] >> 1) + (sp_digit)((a[34] << 24) & 0x1ffffff); + r[34] = (a[34] >> 1) + (sp_digit)((a[35] << 24) & 0x1ffffff); + r[35] = (a[35] >> 1) + (sp_digit)((a[36] << 24) & 0x1ffffff); + r[36] = (a[36] >> 1) + (sp_digit)((a[37] << 24) & 0x1ffffff); + r[37] = (a[37] >> 1) + (sp_digit)((a[38] << 24) & 0x1ffffff); + r[38] = (a[38] >> 1) + (sp_digit)((a[39] << 24) & 0x1ffffff); + r[39] = (a[39] >> 1) + (sp_digit)((a[40] << 24) & 0x1ffffff); + r[40] = (a[40] >> 1) + (sp_digit)((a[41] << 24) & 0x1ffffff); #endif r[41] = a[41] >> 1; } @@ -45504,8 +45362,8 @@ static void sp_1024_proj_point_add_42(sp_point_1024* r, sp_1024_mont_sub_42(y, y, t5, p1024_mod); { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -45522,7 +45380,7 @@ static void sp_1024_proj_point_add_42(sp_point_1024* r, (z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } } } @@ -45696,8 +45554,8 @@ static int sp_1024_proj_point_add_42_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024* r, { { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -45714,7 +45572,7 @@ static int sp_1024_proj_point_add_42_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024* r, (ctx->z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } ctx->state = 25; break; @@ -46374,7 +46232,7 @@ static void sp_1024_ecc_recode_7_42(const sp_digit* k, ecc_recode_1024* v) n = k[j]; o = 0; for (i=0; i<147; i++) { - y = (int8_t)n; + y = (uint8_t)(int8_t)n; if (o + 7 < 25) { y &= 0x7f; n >>= 7; @@ -46540,10 +46398,8 @@ static int sp_1024_ecc_mulmod_win_add_sub_42(sp_point_1024* r, const sp_point_10 } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (tmp != NULL) - XFREE(tmp, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(tmp, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -46609,8 +46465,8 @@ static void sp_1024_proj_point_add_qz1_42(sp_point_1024* r, sp_1024_mont_sub_42(y, t3, t1, p1024_mod); { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -46627,7 +46483,7 @@ static void sp_1024_proj_point_add_qz1_42(sp_point_1024* r, (z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } } } @@ -46738,8 +46594,7 @@ static int sp_1024_gen_stripe_table_42(const sp_point_1024* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -46838,10 +46693,8 @@ static int sp_1024_ecc_mulmod_stripe_42(sp_point_1024* r, const sp_point_1024* g } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -47059,10 +46912,8 @@ int sp_ecc_mulmod_1024(const mp_int* km, const ecc_point* gm, ecc_point* r, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -51004,10 +50855,8 @@ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -51082,10 +50931,8 @@ int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -51119,7 +50966,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len, if ((err == MP_OKAY) && (table == NULL)) { *len = sizeof(sp_table_entry_1024) * 256; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if ((err == MP_OKAY) && (*len < (int)(sizeof(sp_table_entry_1024) * 256))) { err = BUFFER_E; @@ -51150,10 +50997,8 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -51179,7 +51024,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len, if ((err == 0) && (table == NULL)) { *len = 0; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if ((err == 0) && (*len != 0)) { err = BUFFER_E; @@ -51246,10 +51091,8 @@ int sp_ecc_mulmod_table_1024(const mp_int* km, const ecc_point* gm, byte* table, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -51396,9 +51239,7 @@ int sp_ModExp_Fp_star_1024(const mp_int* base, mp_int* exp, mp_int* res) #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; } @@ -53294,9 +53135,7 @@ int sp_ModExp_Fp_star_1024(const mp_int* base, mp_int* exp, mp_int* res) #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; } @@ -53664,9 +53503,7 @@ int sp_Pairing_1024(const ecc_point* pm, const ecc_point* qm, mp_int* res) #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif sp_1024_point_free_42(c, 1, NULL); sp_1024_point_free_42(q, 1, NULL); @@ -54091,9 +53928,7 @@ int sp_Pairing_1024(const ecc_point* pm, const ecc_point* qm, mp_int* res) #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif sp_1024_point_free_42(c, 1, NULL); sp_1024_point_free_42(q, 1, NULL); @@ -54123,7 +53958,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table, if (table == NULL) { *len = 0; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } else if (*len != 0) { err = BUFFER_E; @@ -54352,7 +54187,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table, if (table == NULL) { *len = sizeof(sp_table_entry_1024) * 1167; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if ((err == MP_OKAY) && @@ -54459,9 +54294,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table, #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif sp_1024_point_free_42(neg, 1, NULL); sp_1024_point_free_42(c, 1, NULL); @@ -54654,9 +54487,7 @@ int sp_Pairing_precomp_1024(const ecc_point* pm, const ecc_point* qm, #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif sp_1024_point_free_42(c, 1, NULL); sp_1024_point_free_42(q, 1, NULL); @@ -54746,7 +54577,7 @@ static int sp_1024_ecc_is_point_42(const sp_point_1024* point, n = sp_1024_cmp_42(t1, p1024_mod); - sp_1024_cond_sub_42(t1, t1, p1024_mod, ~(n >> 24)); + sp_1024_cond_sub_42(t1, t1, p1024_mod, (sp_digit)~(n >> 24)); sp_1024_norm_42(t1); if (!sp_1024_iszero_42(t1)) { err = MP_VAL; @@ -54754,8 +54585,7 @@ static int sp_1024_ecc_is_point_42(const sp_point_1024* point, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, heap, DYNAMIC_TYPE_ECC); + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -54794,8 +54624,7 @@ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY) } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, NULL, DYNAMIC_TYPE_ECC); + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -54903,10 +54732,8 @@ int sp_ecc_check_key_1024(const mp_int* pX, const mp_int* pY, } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, heap, DYNAMIC_TYPE_ECC); - if (priv != NULL) - XFREE(priv, heap, DYNAMIC_TYPE_ECC); + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + XFREE(priv, heap, DYNAMIC_TYPE_ECC); #endif return err; diff --git a/src/wolfcrypt/src/sp_c64.c b/src/wolfcrypt/src/sp_c64.c index 93fd140..ab0ceda 100644 --- a/src/wolfcrypt/src/sp_c64.c +++ b/src/wolfcrypt/src/sp_c64.c @@ -1,6 +1,6 @@ /* sp.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -71,13 +71,13 @@ #define SP_PRINT_NUM(var, name, total, words, bits) \ do { \ int ii; \ - byte nb[(bits + 7) / 8]; \ + byte nb[((bits) + 7) / 8]; \ sp_digit _s[words]; \ XMEMCPY(_s, var, sizeof(_s)); \ sp_##total##_norm_##words(_s); \ sp_##total##_to_bin_##words(_s, nb); \ fprintf(stderr, name "=0x"); \ - for (ii=0; ii<(bits + 7) / 8; ii++) \ + for (ii=0; ii<((bits) + 7) / 8; ii++) \ fprintf(stderr, "%02x", nb[ii]); \ fprintf(stderr, "\n"); \ } while (0) @@ -563,17 +563,17 @@ SP_NOINLINE static void sp_2048_mul_add_17(sp_digit* r, const sp_digit* a, t[1] = (tb * a[i+1]) + r[i+1]; t[2] = (tb * a[i+2]) + r[i+2]; t[3] = (tb * a[i+3]) + r[i+3]; - r[i+0] = t[0] & 0x1fffffffffffffffL; + r[i+0] = (sp_digit)(t[0] & 0x1fffffffffffffffL); t[1] += t[0] >> 61; - r[i+1] = t[1] & 0x1fffffffffffffffL; + r[i+1] = (sp_digit)(t[1] & 0x1fffffffffffffffL); t[2] += t[1] >> 61; - r[i+2] = t[2] & 0x1fffffffffffffffL; + r[i+2] = (sp_digit)(t[2] & 0x1fffffffffffffffL); t[3] += t[2] >> 61; - r[i+3] = t[3] & 0x1fffffffffffffffL; + r[i+3] = (sp_digit)(t[3] & 0x1fffffffffffffffL); t[0] = t[3] >> 61; } t[0] += (tb * a[16]) + r[16]; - r[16] = t[0] & 0x1fffffffffffffffL; + r[16] = (sp_digit)(t[0] & 0x1fffffffffffffffL); r[17] += (sp_digit)(t[0] >> 61); } @@ -589,7 +589,7 @@ static void sp_2048_mont_shift_17(sp_digit* r, const sp_digit* a) n += ((sp_int128)a[17]) << 13; for (i = 0; i < 16; i++) { - r[i] = n & 0x1fffffffffffffffL; + r[i] = (sp_digit)(n & 0x1fffffffffffffffL); n >>= 61; n += ((sp_int128)a[18 + i]) << 13; } @@ -612,11 +612,11 @@ static void sp_2048_mont_reduce_17(sp_digit* a, const sp_digit* m, sp_digit mp) sp_2048_norm_17(a + 17); for (i=0; i<16; i++) { - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffffL); sp_2048_mul_add_17(a+i, m, mu); a[i+1] += a[i] >> 61; } - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0xffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0xffffffffffffL); sp_2048_mul_add_17(a+i, m, mu); a[i+1] += a[i] >> 61; a[i] &= 0x1fffffffffffffffL; @@ -840,7 +840,7 @@ SP_NOINLINE static void sp_2048_rshift_17(sp_digit* r, const sp_digit* a, int i; for (i=0; i<16; i++) { - r[i] = ((a[i] >> n) | (a[i + 1] << (61 - n))) & 0x1fffffffffffffffL; + r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (61 - n))) & 0x1fffffffffffffffL); } r[16] = a[16] >> n; } @@ -1017,8 +1017,7 @@ static int sp_2048_div_17(const sp_digit* a, const sp_digit* d, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -1130,14 +1129,13 @@ static int sp_2048_mod_exp_17(sp_digit* r, const sp_digit* a, const sp_digit* e, sp_2048_mont_reduce_17(t[0], m, mp); n = sp_2048_cmp_17(t[0], m); - sp_2048_cond_sub_17(t[0], t[0], m, ~(n >> 63)); + sp_2048_cond_sub_17(t[0], t[0], m, (sp_digit)~(n >> 63)); XMEMCPY(r, t[0], sizeof(*r) * 17 * 2); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -1221,13 +1219,12 @@ static int sp_2048_mod_exp_17(sp_digit* r, const sp_digit* a, const sp_digit* e, sp_2048_mont_reduce_17(t[0], m, mp); n = sp_2048_cmp_17(t[0], m); - sp_2048_cond_sub_17(t[0], t[0], m, ~(n >> 63)); + sp_2048_cond_sub_17(t[0], t[0], m, (sp_digit)~(n >> 63)); XMEMCPY(r, t[0], sizeof(*r) * 17 * 2); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -1367,13 +1364,12 @@ static int sp_2048_mod_exp_17(sp_digit* r, const sp_digit* a, const sp_digit* e, sp_2048_mont_reduce_17(rt, m, mp); n = sp_2048_cmp_17(rt, m); - sp_2048_cond_sub_17(rt, rt, m, ~(n >> 63)); + sp_2048_cond_sub_17(rt, rt, m, (sp_digit)~(n >> 63)); XMEMCPY(r, rt, sizeof(sp_digit) * 34); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -1479,20 +1475,20 @@ SP_NOINLINE static void sp_2048_mul_add_34(sp_digit* r, const sp_digit* a, t[1] = (tb * a[i+1]) + r[i+1]; t[2] = (tb * a[i+2]) + r[i+2]; t[3] = (tb * a[i+3]) + r[i+3]; - r[i+0] = t[0] & 0x1fffffffffffffffL; + r[i+0] = (sp_digit)(t[0] & 0x1fffffffffffffffL); t[1] += t[0] >> 61; - r[i+1] = t[1] & 0x1fffffffffffffffL; + r[i+1] = (sp_digit)(t[1] & 0x1fffffffffffffffL); t[2] += t[1] >> 61; - r[i+2] = t[2] & 0x1fffffffffffffffL; + r[i+2] = (sp_digit)(t[2] & 0x1fffffffffffffffL); t[3] += t[2] >> 61; - r[i+3] = t[3] & 0x1fffffffffffffffL; + r[i+3] = (sp_digit)(t[3] & 0x1fffffffffffffffL); t[0] = t[3] >> 61; } t[0] += (tb * a[32]) + r[32]; t[1] = (tb * a[33]) + r[33]; - r[32] = t[0] & 0x1fffffffffffffffL; + r[32] = (sp_digit)(t[0] & 0x1fffffffffffffffL); t[1] += t[0] >> 61; - r[33] = t[1] & 0x1fffffffffffffffL; + r[33] = (sp_digit)(t[1] & 0x1fffffffffffffffL); r[34] += (sp_digit)(t[1] >> 61); } @@ -1508,7 +1504,7 @@ static void sp_2048_mont_shift_34(sp_digit* r, const sp_digit* a) n += ((sp_int128)a[34]) << 26; for (i = 0; i < 33; i++) { - r[i] = n & 0x1fffffffffffffffL; + r[i] = (sp_digit)(n & 0x1fffffffffffffffL); n >>= 61; n += ((sp_int128)a[35 + i]) << 26; } @@ -1533,33 +1529,33 @@ static void sp_2048_mont_reduce_34(sp_digit* a, const sp_digit* m, sp_digit mp) #ifdef WOLFSSL_SP_DH if (mp != 1) { for (i=0; i<33; i++) { - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffffL); sp_2048_mul_add_34(a+i, m, mu); a[i+1] += a[i] >> 61; } - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffL); sp_2048_mul_add_34(a+i, m, mu); a[i+1] += a[i] >> 61; a[i] &= 0x1fffffffffffffffL; } else { for (i=0; i<33; i++) { - mu = a[i] & 0x1fffffffffffffffL; + mu = (sp_digit)(a[i] & 0x1fffffffffffffffL); sp_2048_mul_add_34(a+i, m, mu); a[i+1] += a[i] >> 61; } - mu = a[i] & 0x7ffffffffL; + mu = (sp_digit)(a[i] & 0x7ffffffffL); sp_2048_mul_add_34(a+i, m, mu); a[i+1] += a[i] >> 61; a[i] &= 0x1fffffffffffffffL; } #else for (i=0; i<33; i++) { - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffffL); sp_2048_mul_add_34(a+i, m, mu); a[i+1] += a[i] >> 61; } - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffL); sp_2048_mul_add_34(a+i, m, mu); a[i+1] += a[i] >> 61; a[i] &= 0x1fffffffffffffffL; @@ -1665,7 +1661,7 @@ SP_NOINLINE static void sp_2048_rshift_34(sp_digit* r, const sp_digit* a, int i; for (i=0; i<33; i++) { - r[i] = ((a[i] >> n) | (a[i + 1] << (61 - n))) & 0x1fffffffffffffffL; + r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (61 - n))) & 0x1fffffffffffffffL); } r[33] = a[33] >> n; } @@ -1842,8 +1838,7 @@ static int sp_2048_div_34(const sp_digit* a, const sp_digit* d, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -1956,14 +1951,13 @@ static int sp_2048_mod_exp_34(sp_digit* r, const sp_digit* a, const sp_digit* e, sp_2048_mont_reduce_34(t[0], m, mp); n = sp_2048_cmp_34(t[0], m); - sp_2048_cond_sub_34(t[0], t[0], m, ~(n >> 63)); + sp_2048_cond_sub_34(t[0], t[0], m, (sp_digit)~(n >> 63)); XMEMCPY(r, t[0], sizeof(*r) * 34 * 2); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -2047,13 +2041,12 @@ static int sp_2048_mod_exp_34(sp_digit* r, const sp_digit* a, const sp_digit* e, sp_2048_mont_reduce_34(t[0], m, mp); n = sp_2048_cmp_34(t[0], m); - sp_2048_cond_sub_34(t[0], t[0], m, ~(n >> 63)); + sp_2048_cond_sub_34(t[0], t[0], m, (sp_digit)~(n >> 63)); XMEMCPY(r, t[0], sizeof(*r) * 34 * 2); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -2176,13 +2169,12 @@ static int sp_2048_mod_exp_34(sp_digit* r, const sp_digit* a, const sp_digit* e, sp_2048_mont_reduce_34(rt, m, mp); n = sp_2048_cmp_34(rt, m); - sp_2048_cond_sub_34(rt, rt, m, ~(n >> 63)); + sp_2048_cond_sub_34(rt, rt, m, (sp_digit)~(n >> 63)); XMEMCPY(r, rt, sizeof(sp_digit) * 68); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -2301,8 +2293,7 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (a != NULL) - XFREE(a, NULL, DYNAMIC_TYPE_RSA); + XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -2413,8 +2404,7 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (d != NULL) - XFREE(d, NULL, DYNAMIC_TYPE_RSA); + XFREE(d, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -2784,7 +2774,7 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm, } #ifdef WOLFSSL_SP_SMALL_STACK -if (a != NULL) + if (a != NULL) #endif { ForceZero(a, sizeof(sp_digit) * 17 * 13); @@ -3020,9 +3010,9 @@ SP_NOINLINE static void sp_2048_lshift_34(sp_digit* r, const sp_digit* a, r[34] = a[33] >> (61 - n); for (i=33; i>0; i--) { - r[i] = ((a[i] << n) | (a[i-1] >> (61 - n))) & 0x1fffffffffffffffL; + r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (61 - n))) & 0x1fffffffffffffffL); } - r[0] = (a[0] << n) & 0x1fffffffffffffffL; + r[0] = (sp_digit)((a[0] << n) & 0x1fffffffffffffffL); } /* Modular exponentiate 2 to the e mod m. (r = 2^e mod m) @@ -3133,12 +3123,11 @@ static int sp_2048_mod_exp_2_34(sp_digit* r, const sp_digit* e, int bits, const sp_2048_mont_reduce_34(r, m, mp); n = sp_2048_cmp_34(r, m); - sp_2048_cond_sub_34(r, r, m, ~(n >> 63)); + sp_2048_cond_sub_34(r, r, m, (sp_digit)~(n >> 63)); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -3615,29 +3604,29 @@ SP_NOINLINE static void sp_2048_mul_9(sp_digit* r, const sp_digit* a, t0 = ((sp_uint128)a[ 0]) * b[ 0]; t1 = ((sp_uint128)a[ 0]) * b[ 1] + ((sp_uint128)a[ 1]) * b[ 0]; - t[ 0] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 0] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_uint128)a[ 0]) * b[ 2] + ((sp_uint128)a[ 1]) * b[ 1] + ((sp_uint128)a[ 2]) * b[ 0]; - t[ 1] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 1] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = ((sp_uint128)a[ 0]) * b[ 3] + ((sp_uint128)a[ 1]) * b[ 2] + ((sp_uint128)a[ 2]) * b[ 1] + ((sp_uint128)a[ 3]) * b[ 0]; - t[ 2] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 2] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_uint128)a[ 0]) * b[ 4] + ((sp_uint128)a[ 1]) * b[ 3] + ((sp_uint128)a[ 2]) * b[ 2] + ((sp_uint128)a[ 3]) * b[ 1] + ((sp_uint128)a[ 4]) * b[ 0]; - t[ 3] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 3] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = ((sp_uint128)a[ 0]) * b[ 5] + ((sp_uint128)a[ 1]) * b[ 4] + ((sp_uint128)a[ 2]) * b[ 3] + ((sp_uint128)a[ 3]) * b[ 2] + ((sp_uint128)a[ 4]) * b[ 1] + ((sp_uint128)a[ 5]) * b[ 0]; - t[ 4] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 4] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_uint128)a[ 0]) * b[ 6] + ((sp_uint128)a[ 1]) * b[ 5] + ((sp_uint128)a[ 2]) * b[ 4] @@ -3645,7 +3634,7 @@ SP_NOINLINE static void sp_2048_mul_9(sp_digit* r, const sp_digit* a, + ((sp_uint128)a[ 4]) * b[ 2] + ((sp_uint128)a[ 5]) * b[ 1] + ((sp_uint128)a[ 6]) * b[ 0]; - t[ 5] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 5] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = ((sp_uint128)a[ 0]) * b[ 7] + ((sp_uint128)a[ 1]) * b[ 6] + ((sp_uint128)a[ 2]) * b[ 5] @@ -3654,7 +3643,7 @@ SP_NOINLINE static void sp_2048_mul_9(sp_digit* r, const sp_digit* a, + ((sp_uint128)a[ 5]) * b[ 2] + ((sp_uint128)a[ 6]) * b[ 1] + ((sp_uint128)a[ 7]) * b[ 0]; - t[ 6] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 6] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_uint128)a[ 0]) * b[ 8] + ((sp_uint128)a[ 1]) * b[ 7] + ((sp_uint128)a[ 2]) * b[ 6] @@ -3664,7 +3653,7 @@ SP_NOINLINE static void sp_2048_mul_9(sp_digit* r, const sp_digit* a, + ((sp_uint128)a[ 6]) * b[ 2] + ((sp_uint128)a[ 7]) * b[ 1] + ((sp_uint128)a[ 8]) * b[ 0]; - t[ 7] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 7] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = ((sp_uint128)a[ 1]) * b[ 8] + ((sp_uint128)a[ 2]) * b[ 7] + ((sp_uint128)a[ 3]) * b[ 6] @@ -3673,7 +3662,7 @@ SP_NOINLINE static void sp_2048_mul_9(sp_digit* r, const sp_digit* a, + ((sp_uint128)a[ 6]) * b[ 3] + ((sp_uint128)a[ 7]) * b[ 2] + ((sp_uint128)a[ 8]) * b[ 1]; - t[ 8] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 8] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_uint128)a[ 2]) * b[ 8] + ((sp_uint128)a[ 3]) * b[ 7] + ((sp_uint128)a[ 4]) * b[ 6] @@ -3681,35 +3670,35 @@ SP_NOINLINE static void sp_2048_mul_9(sp_digit* r, const sp_digit* a, + ((sp_uint128)a[ 6]) * b[ 4] + ((sp_uint128)a[ 7]) * b[ 3] + ((sp_uint128)a[ 8]) * b[ 2]; - r[ 9] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + r[ 9] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = ((sp_uint128)a[ 3]) * b[ 8] + ((sp_uint128)a[ 4]) * b[ 7] + ((sp_uint128)a[ 5]) * b[ 6] + ((sp_uint128)a[ 6]) * b[ 5] + ((sp_uint128)a[ 7]) * b[ 4] + ((sp_uint128)a[ 8]) * b[ 3]; - r[10] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + r[10] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_uint128)a[ 4]) * b[ 8] + ((sp_uint128)a[ 5]) * b[ 7] + ((sp_uint128)a[ 6]) * b[ 6] + ((sp_uint128)a[ 7]) * b[ 5] + ((sp_uint128)a[ 8]) * b[ 4]; - r[11] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + r[11] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = ((sp_uint128)a[ 5]) * b[ 8] + ((sp_uint128)a[ 6]) * b[ 7] + ((sp_uint128)a[ 7]) * b[ 6] + ((sp_uint128)a[ 8]) * b[ 5]; - r[12] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + r[12] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_uint128)a[ 6]) * b[ 8] + ((sp_uint128)a[ 7]) * b[ 7] + ((sp_uint128)a[ 8]) * b[ 6]; - r[13] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + r[13] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = ((sp_uint128)a[ 7]) * b[ 8] + ((sp_uint128)a[ 8]) * b[ 7]; - r[14] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + r[14] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_uint128)a[ 8]) * b[ 8]; - r[15] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; - r[16] = t0 & 0x1ffffffffffffffL; + r[15] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; + r[16] = (sp_digit)(t0 & 0x1ffffffffffffffL); r[17] = (sp_digit)(t0 >> 57); XMEMCPY(r, t, sizeof(t)); } @@ -3909,66 +3898,66 @@ SP_NOINLINE static void sp_2048_sqr_9(sp_digit* r, const sp_digit* a) t0 = ((sp_uint128)a[ 0]) * a[ 0]; t1 = (((sp_uint128)a[ 0]) * a[ 1]) * 2; - t[ 0] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 0] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = (((sp_uint128)a[ 0]) * a[ 2]) * 2 + ((sp_uint128)a[ 1]) * a[ 1]; - t[ 1] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 1] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = (((sp_uint128)a[ 0]) * a[ 3] + ((sp_uint128)a[ 1]) * a[ 2]) * 2; - t[ 2] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 2] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = (((sp_uint128)a[ 0]) * a[ 4] + ((sp_uint128)a[ 1]) * a[ 3]) * 2 + ((sp_uint128)a[ 2]) * a[ 2]; - t[ 3] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 3] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = (((sp_uint128)a[ 0]) * a[ 5] + ((sp_uint128)a[ 1]) * a[ 4] + ((sp_uint128)a[ 2]) * a[ 3]) * 2; - t[ 4] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 4] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = (((sp_uint128)a[ 0]) * a[ 6] + ((sp_uint128)a[ 1]) * a[ 5] + ((sp_uint128)a[ 2]) * a[ 4]) * 2 + ((sp_uint128)a[ 3]) * a[ 3]; - t[ 5] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 5] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = (((sp_uint128)a[ 0]) * a[ 7] + ((sp_uint128)a[ 1]) * a[ 6] + ((sp_uint128)a[ 2]) * a[ 5] + ((sp_uint128)a[ 3]) * a[ 4]) * 2; - t[ 6] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 6] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = (((sp_uint128)a[ 0]) * a[ 8] + ((sp_uint128)a[ 1]) * a[ 7] + ((sp_uint128)a[ 2]) * a[ 6] + ((sp_uint128)a[ 3]) * a[ 5]) * 2 + ((sp_uint128)a[ 4]) * a[ 4]; - t[ 7] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 7] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = (((sp_uint128)a[ 1]) * a[ 8] + ((sp_uint128)a[ 2]) * a[ 7] + ((sp_uint128)a[ 3]) * a[ 6] + ((sp_uint128)a[ 4]) * a[ 5]) * 2; - t[ 8] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 8] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = (((sp_uint128)a[ 2]) * a[ 8] + ((sp_uint128)a[ 3]) * a[ 7] + ((sp_uint128)a[ 4]) * a[ 6]) * 2 + ((sp_uint128)a[ 5]) * a[ 5]; - r[ 9] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + r[ 9] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = (((sp_uint128)a[ 3]) * a[ 8] + ((sp_uint128)a[ 4]) * a[ 7] + ((sp_uint128)a[ 5]) * a[ 6]) * 2; - r[10] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + r[10] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = (((sp_uint128)a[ 4]) * a[ 8] + ((sp_uint128)a[ 5]) * a[ 7]) * 2 + ((sp_uint128)a[ 6]) * a[ 6]; - r[11] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + r[11] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = (((sp_uint128)a[ 5]) * a[ 8] + ((sp_uint128)a[ 6]) * a[ 7]) * 2; - r[12] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + r[12] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = (((sp_uint128)a[ 6]) * a[ 8]) * 2 + ((sp_uint128)a[ 7]) * a[ 7]; - r[13] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + r[13] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = (((sp_uint128)a[ 7]) * a[ 8]) * 2; - r[14] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + r[14] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_uint128)a[ 8]) * a[ 8]; - r[15] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; - r[16] = t0 & 0x1ffffffffffffffL; + r[15] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; + r[16] = (sp_digit)(t0 & 0x1ffffffffffffffL); r[17] = (sp_digit)(t0 >> 57); XMEMCPY(r, t, sizeof(t)); } @@ -4213,16 +4202,16 @@ static void sp_2048_mont_shift_18(sp_digit* r, const sp_digit* a) n = (sp_uint64)a[17]; n = n >> 55U; for (i = 0; i < 16; i += 8) { - n += (sp_uint64)a[i+18] << 2U; r[i+0] = n & 0x1ffffffffffffffUL; n >>= 57U; - n += (sp_uint64)a[i+19] << 2U; r[i+1] = n & 0x1ffffffffffffffUL; n >>= 57U; - n += (sp_uint64)a[i+20] << 2U; r[i+2] = n & 0x1ffffffffffffffUL; n >>= 57U; - n += (sp_uint64)a[i+21] << 2U; r[i+3] = n & 0x1ffffffffffffffUL; n >>= 57U; - n += (sp_uint64)a[i+22] << 2U; r[i+4] = n & 0x1ffffffffffffffUL; n >>= 57U; - n += (sp_uint64)a[i+23] << 2U; r[i+5] = n & 0x1ffffffffffffffUL; n >>= 57U; - n += (sp_uint64)a[i+24] << 2U; r[i+6] = n & 0x1ffffffffffffffUL; n >>= 57U; - n += (sp_uint64)a[i+25] << 2U; r[i+7] = n & 0x1ffffffffffffffUL; n >>= 57U; - } - n += (sp_uint64)a[34] << 2U; r[16] = n & 0x1ffffffffffffffUL; n >>= 57U; + n += (sp_uint64)a[i+18] << 2U; r[i+0] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U; + n += (sp_uint64)a[i+19] << 2U; r[i+1] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U; + n += (sp_uint64)a[i+20] << 2U; r[i+2] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U; + n += (sp_uint64)a[i+21] << 2U; r[i+3] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U; + n += (sp_uint64)a[i+22] << 2U; r[i+4] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U; + n += (sp_uint64)a[i+23] << 2U; r[i+5] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U; + n += (sp_uint64)a[i+24] << 2U; r[i+6] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U; + n += (sp_uint64)a[i+25] << 2U; r[i+7] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U; + } + n += (sp_uint64)a[34] << 2U; r[16] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U; n += (sp_uint64)a[35] << 2U; r[17] = n; XMEMSET(&r[18], 0, sizeof(*r) * 18U); } @@ -4242,11 +4231,11 @@ static void sp_2048_mont_reduce_18(sp_digit* a, const sp_digit* m, sp_digit mp) sp_2048_norm_18(a + 18); for (i=0; i<17; i++) { - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL); sp_2048_mul_add_18(a+i, m, mu); a[i+1] += a[i] >> 57; } - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x7fffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x7fffffffffffffL); sp_2048_mul_add_18(a+i, m, mu); a[i+1] += a[i] >> 57; a[i] &= 0x1ffffffffffffffL; @@ -4367,16 +4356,16 @@ SP_NOINLINE static void sp_2048_rshift_18(sp_digit* r, const sp_digit* a, int i; for (i=0; i<16; i += 8) { - r[i+0] = (a[i+0] >> n) | ((a[i+1] << (57 - n)) & 0x1ffffffffffffffL); - r[i+1] = (a[i+1] >> n) | ((a[i+2] << (57 - n)) & 0x1ffffffffffffffL); - r[i+2] = (a[i+2] >> n) | ((a[i+3] << (57 - n)) & 0x1ffffffffffffffL); - r[i+3] = (a[i+3] >> n) | ((a[i+4] << (57 - n)) & 0x1ffffffffffffffL); - r[i+4] = (a[i+4] >> n) | ((a[i+5] << (57 - n)) & 0x1ffffffffffffffL); - r[i+5] = (a[i+5] >> n) | ((a[i+6] << (57 - n)) & 0x1ffffffffffffffL); - r[i+6] = (a[i+6] >> n) | ((a[i+7] << (57 - n)) & 0x1ffffffffffffffL); - r[i+7] = (a[i+7] >> n) | ((a[i+8] << (57 - n)) & 0x1ffffffffffffffL); - } - r[16] = (a[16] >> n) | ((a[17] << (57 - n)) & 0x1ffffffffffffffL); + r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (57 - n)) & 0x1ffffffffffffffL); + r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (57 - n)) & 0x1ffffffffffffffL); + r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (57 - n)) & 0x1ffffffffffffffL); + r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (57 - n)) & 0x1ffffffffffffffL); + r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (57 - n)) & 0x1ffffffffffffffL); + r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (57 - n)) & 0x1ffffffffffffffL); + r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (57 - n)) & 0x1ffffffffffffffL); + r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (57 - n)) & 0x1ffffffffffffffL); + } + r[16] = (a[16] >> n) | (sp_digit)((a[17] << (57 - n)) & 0x1ffffffffffffffL); r[17] = a[17] >> n; } @@ -4552,8 +4541,7 @@ static int sp_2048_div_18(const sp_digit* a, const sp_digit* d, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -4665,14 +4653,13 @@ static int sp_2048_mod_exp_18(sp_digit* r, const sp_digit* a, const sp_digit* e, sp_2048_mont_reduce_18(t[0], m, mp); n = sp_2048_cmp_18(t[0], m); - sp_2048_cond_sub_18(t[0], t[0], m, ~(n >> 63)); + sp_2048_cond_sub_18(t[0], t[0], m, (sp_digit)~(n >> 63)); XMEMCPY(r, t[0], sizeof(*r) * 18 * 2); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -4756,13 +4743,12 @@ static int sp_2048_mod_exp_18(sp_digit* r, const sp_digit* a, const sp_digit* e, sp_2048_mont_reduce_18(t[0], m, mp); n = sp_2048_cmp_18(t[0], m); - sp_2048_cond_sub_18(t[0], t[0], m, ~(n >> 63)); + sp_2048_cond_sub_18(t[0], t[0], m, (sp_digit)~(n >> 63)); XMEMCPY(r, t[0], sizeof(*r) * 18 * 2); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -4902,13 +4888,12 @@ static int sp_2048_mod_exp_18(sp_digit* r, const sp_digit* a, const sp_digit* e, sp_2048_mont_reduce_18(rt, m, mp); n = sp_2048_cmp_18(rt, m); - sp_2048_cond_sub_18(rt, rt, m, ~(n >> 63)); + sp_2048_cond_sub_18(rt, rt, m, (sp_digit)~(n >> 63)); XMEMCPY(r, rt, sizeof(sp_digit) * 36); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -5063,28 +5048,28 @@ static void sp_2048_mont_shift_36(sp_digit* r, const sp_digit* a) s = a[36]; n = a[35] >> 53; for (i = 0; i < 32; i += 8) { - n += (s & 0x1ffffffffffffffL) << 4; r[i+0] = n & 0x1ffffffffffffffL; + n += (sp_digit)((s & 0x1ffffffffffffffL) << 4); r[i+0] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; s = a[i+37] + (s >> 57); - n += (s & 0x1ffffffffffffffL) << 4; r[i+1] = n & 0x1ffffffffffffffL; + n += (sp_digit)((s & 0x1ffffffffffffffL) << 4); r[i+1] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; s = a[i+38] + (s >> 57); - n += (s & 0x1ffffffffffffffL) << 4; r[i+2] = n & 0x1ffffffffffffffL; + n += (sp_digit)((s & 0x1ffffffffffffffL) << 4); r[i+2] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; s = a[i+39] + (s >> 57); - n += (s & 0x1ffffffffffffffL) << 4; r[i+3] = n & 0x1ffffffffffffffL; + n += (sp_digit)((s & 0x1ffffffffffffffL) << 4); r[i+3] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; s = a[i+40] + (s >> 57); - n += (s & 0x1ffffffffffffffL) << 4; r[i+4] = n & 0x1ffffffffffffffL; + n += (sp_digit)((s & 0x1ffffffffffffffL) << 4); r[i+4] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; s = a[i+41] + (s >> 57); - n += (s & 0x1ffffffffffffffL) << 4; r[i+5] = n & 0x1ffffffffffffffL; + n += (sp_digit)((s & 0x1ffffffffffffffL) << 4); r[i+5] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; s = a[i+42] + (s >> 57); - n += (s & 0x1ffffffffffffffL) << 4; r[i+6] = n & 0x1ffffffffffffffL; + n += (sp_digit)((s & 0x1ffffffffffffffL) << 4); r[i+6] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; s = a[i+43] + (s >> 57); - n += (s & 0x1ffffffffffffffL) << 4; r[i+7] = n & 0x1ffffffffffffffL; + n += (sp_digit)((s & 0x1ffffffffffffffL) << 4); r[i+7] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; s = a[i+44] + (s >> 57); } - n += (s & 0x1ffffffffffffffL) << 4; r[32] = n & 0x1ffffffffffffffL; + n += (sp_digit)((s & 0x1ffffffffffffffL) << 4); r[32] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; s = a[69] + (s >> 57); - n += (s & 0x1ffffffffffffffL) << 4; r[33] = n & 0x1ffffffffffffffL; + n += (sp_digit)((s & 0x1ffffffffffffffL) << 4); r[33] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; s = a[70] + (s >> 57); - n += (s & 0x1ffffffffffffffL) << 4; r[34] = n & 0x1ffffffffffffffL; + n += (sp_digit)((s & 0x1ffffffffffffffL) << 4); r[34] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; s = a[71] + (s >> 57); n += s << 4; r[35] = n; XMEMSET(&r[36], 0, sizeof(*r) * 36U); @@ -5107,33 +5092,33 @@ static void sp_2048_mont_reduce_36(sp_digit* a, const sp_digit* m, sp_digit mp) #ifdef WOLFSSL_SP_DH if (mp != 1) { for (i=0; i<35; i++) { - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL); sp_2048_mul_add_36(a+i, m, mu); a[i+1] += a[i] >> 57; } - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffL); sp_2048_mul_add_36(a+i, m, mu); a[i+1] += a[i] >> 57; a[i] &= 0x1ffffffffffffffL; } else { for (i=0; i<35; i++) { - mu = a[i] & 0x1ffffffffffffffL; + mu = (sp_digit)(a[i] & 0x1ffffffffffffffL); sp_2048_mul_add_36(a+i, m, mu); a[i+1] += a[i] >> 57; } - mu = a[i] & 0x1fffffffffffffL; + mu = (sp_digit)(a[i] & 0x1fffffffffffffL); sp_2048_mul_add_36(a+i, m, mu); a[i+1] += a[i] >> 57; a[i] &= 0x1ffffffffffffffL; } #else for (i=0; i<35; i++) { - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL); sp_2048_mul_add_36(a+i, m, mu); a[i+1] += a[i] >> 57; } - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffL); sp_2048_mul_add_36(a+i, m, mu); a[i+1] += a[i] >> 57; a[i] &= 0x1ffffffffffffffL; @@ -5251,18 +5236,18 @@ SP_NOINLINE static void sp_2048_rshift_36(sp_digit* r, const sp_digit* a, int i; for (i=0; i<32; i += 8) { - r[i+0] = (a[i+0] >> n) | ((a[i+1] << (57 - n)) & 0x1ffffffffffffffL); - r[i+1] = (a[i+1] >> n) | ((a[i+2] << (57 - n)) & 0x1ffffffffffffffL); - r[i+2] = (a[i+2] >> n) | ((a[i+3] << (57 - n)) & 0x1ffffffffffffffL); - r[i+3] = (a[i+3] >> n) | ((a[i+4] << (57 - n)) & 0x1ffffffffffffffL); - r[i+4] = (a[i+4] >> n) | ((a[i+5] << (57 - n)) & 0x1ffffffffffffffL); - r[i+5] = (a[i+5] >> n) | ((a[i+6] << (57 - n)) & 0x1ffffffffffffffL); - r[i+6] = (a[i+6] >> n) | ((a[i+7] << (57 - n)) & 0x1ffffffffffffffL); - r[i+7] = (a[i+7] >> n) | ((a[i+8] << (57 - n)) & 0x1ffffffffffffffL); - } - r[32] = (a[32] >> n) | ((a[33] << (57 - n)) & 0x1ffffffffffffffL); - r[33] = (a[33] >> n) | ((a[34] << (57 - n)) & 0x1ffffffffffffffL); - r[34] = (a[34] >> n) | ((a[35] << (57 - n)) & 0x1ffffffffffffffL); + r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (57 - n)) & 0x1ffffffffffffffL); + r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (57 - n)) & 0x1ffffffffffffffL); + r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (57 - n)) & 0x1ffffffffffffffL); + r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (57 - n)) & 0x1ffffffffffffffL); + r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (57 - n)) & 0x1ffffffffffffffL); + r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (57 - n)) & 0x1ffffffffffffffL); + r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (57 - n)) & 0x1ffffffffffffffL); + r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (57 - n)) & 0x1ffffffffffffffL); + } + r[32] = (a[32] >> n) | (sp_digit)((a[33] << (57 - n)) & 0x1ffffffffffffffL); + r[33] = (a[33] >> n) | (sp_digit)((a[34] << (57 - n)) & 0x1ffffffffffffffL); + r[34] = (a[34] >> n) | (sp_digit)((a[35] << (57 - n)) & 0x1ffffffffffffffL); r[35] = a[35] >> n; } @@ -5438,8 +5423,7 @@ static int sp_2048_div_36(const sp_digit* a, const sp_digit* d, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -5554,14 +5538,13 @@ static int sp_2048_mod_exp_36(sp_digit* r, const sp_digit* a, const sp_digit* e, sp_2048_mont_reduce_36(t[0], m, mp); n = sp_2048_cmp_36(t[0], m); - sp_2048_cond_sub_36(t[0], t[0], m, ~(n >> 63)); + sp_2048_cond_sub_36(t[0], t[0], m, (sp_digit)~(n >> 63)); XMEMCPY(r, t[0], sizeof(*r) * 36 * 2); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -5645,13 +5628,12 @@ static int sp_2048_mod_exp_36(sp_digit* r, const sp_digit* a, const sp_digit* e, sp_2048_mont_reduce_36(t[0], m, mp); n = sp_2048_cmp_36(t[0], m); - sp_2048_cond_sub_36(t[0], t[0], m, ~(n >> 63)); + sp_2048_cond_sub_36(t[0], t[0], m, (sp_digit)~(n >> 63)); XMEMCPY(r, t[0], sizeof(*r) * 36 * 2); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -5774,13 +5756,12 @@ static int sp_2048_mod_exp_36(sp_digit* r, const sp_digit* a, const sp_digit* e, sp_2048_mont_reduce_36(rt, m, mp); n = sp_2048_cmp_36(rt, m); - sp_2048_cond_sub_36(rt, rt, m, ~(n >> 63)); + sp_2048_cond_sub_36(rt, rt, m, (sp_digit)~(n >> 63)); XMEMCPY(r, rt, sizeof(sp_digit) * 72); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -5901,8 +5882,7 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (a != NULL) - XFREE(a, NULL, DYNAMIC_TYPE_RSA); + XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -6013,8 +5993,7 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (d != NULL) - XFREE(d, NULL, DYNAMIC_TYPE_RSA); + XFREE(d, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -6384,7 +6363,7 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm, } #ifdef WOLFSSL_SP_SMALL_STACK -if (a != NULL) + if (a != NULL) #endif { ForceZero(a, sizeof(sp_digit) * 18 * 13); @@ -6622,76 +6601,76 @@ SP_NOINLINE static void sp_2048_lshift_36(sp_digit* r, const sp_digit* a, s = (sp_int_digit)a[35]; r[36] = s >> (57U - n); s = (sp_int_digit)(a[35]); t = (sp_int_digit)(a[34]); - r[35] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[35] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[34]); t = (sp_int_digit)(a[33]); - r[34] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[34] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[33]); t = (sp_int_digit)(a[32]); - r[33] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[33] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[32]); t = (sp_int_digit)(a[31]); - r[32] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[32] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[31]); t = (sp_int_digit)(a[30]); - r[31] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[31] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[30]); t = (sp_int_digit)(a[29]); - r[30] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[30] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[29]); t = (sp_int_digit)(a[28]); - r[29] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[29] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[28]); t = (sp_int_digit)(a[27]); - r[28] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[28] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[27]); t = (sp_int_digit)(a[26]); - r[27] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[27] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[26]); t = (sp_int_digit)(a[25]); - r[26] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[26] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[25]); t = (sp_int_digit)(a[24]); - r[25] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[25] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[24]); t = (sp_int_digit)(a[23]); - r[24] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[24] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[23]); t = (sp_int_digit)(a[22]); - r[23] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[23] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[22]); t = (sp_int_digit)(a[21]); - r[22] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[22] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[21]); t = (sp_int_digit)(a[20]); - r[21] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[21] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[20]); t = (sp_int_digit)(a[19]); - r[20] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[20] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[19]); t = (sp_int_digit)(a[18]); - r[19] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[19] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[18]); t = (sp_int_digit)(a[17]); - r[18] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[18] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[17]); t = (sp_int_digit)(a[16]); - r[17] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[17] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[16]); t = (sp_int_digit)(a[15]); - r[16] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[16] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[15]); t = (sp_int_digit)(a[14]); - r[15] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[15] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[14]); t = (sp_int_digit)(a[13]); - r[14] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[14] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[13]); t = (sp_int_digit)(a[12]); - r[13] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[13] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[12]); t = (sp_int_digit)(a[11]); - r[12] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[12] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[11]); t = (sp_int_digit)(a[10]); - r[11] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[11] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[10]); t = (sp_int_digit)(a[9]); - r[10] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[10] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]); - r[9] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[9] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]); - r[8] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[8] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]); - r[7] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[7] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]); - r[6] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[6] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]); - r[5] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[5] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]); - r[4] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[4] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]); - r[3] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[3] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]); - r[2] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[2] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]); - r[1] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; - r[0] = (a[0] << n) & 0x1ffffffffffffffL; + r[1] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); + r[0] = (sp_digit)((a[0] << n) & 0x1ffffffffffffffL); } /* Modular exponentiate 2 to the e mod m. (r = 2^e mod m) @@ -6802,12 +6781,11 @@ static int sp_2048_mod_exp_2_36(sp_digit* r, const sp_digit* e, int bits, const sp_2048_mont_reduce_36(r, m, mp); n = sp_2048_cmp_36(r, m); - sp_2048_cond_sub_36(r, r, m, ~(n >> 63)); + sp_2048_cond_sub_36(r, r, m, (sp_digit)~(n >> 63)); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -7476,20 +7454,20 @@ SP_NOINLINE static void sp_3072_mul_add_26(sp_digit* r, const sp_digit* a, t[1] = (tb * a[i+1]) + r[i+1]; t[2] = (tb * a[i+2]) + r[i+2]; t[3] = (tb * a[i+3]) + r[i+3]; - r[i+0] = t[0] & 0xfffffffffffffffL; + r[i+0] = (sp_digit)(t[0] & 0xfffffffffffffffL); t[1] += t[0] >> 60; - r[i+1] = t[1] & 0xfffffffffffffffL; + r[i+1] = (sp_digit)(t[1] & 0xfffffffffffffffL); t[2] += t[1] >> 60; - r[i+2] = t[2] & 0xfffffffffffffffL; + r[i+2] = (sp_digit)(t[2] & 0xfffffffffffffffL); t[3] += t[2] >> 60; - r[i+3] = t[3] & 0xfffffffffffffffL; + r[i+3] = (sp_digit)(t[3] & 0xfffffffffffffffL); t[0] = t[3] >> 60; } t[0] += (tb * a[24]) + r[24]; t[1] = (tb * a[25]) + r[25]; - r[24] = t[0] & 0xfffffffffffffffL; + r[24] = (sp_digit)(t[0] & 0xfffffffffffffffL); t[1] += t[0] >> 60; - r[25] = t[1] & 0xfffffffffffffffL; + r[25] = (sp_digit)(t[1] & 0xfffffffffffffffL); r[26] += (sp_digit)(t[1] >> 60); } @@ -7505,7 +7483,7 @@ static void sp_3072_mont_shift_26(sp_digit* r, const sp_digit* a) n += ((sp_int128)a[26]) << 24; for (i = 0; i < 25; i++) { - r[i] = n & 0xfffffffffffffffL; + r[i] = (sp_digit)(n & 0xfffffffffffffffL); n >>= 60; n += ((sp_int128)a[27 + i]) << 24; } @@ -7528,11 +7506,11 @@ static void sp_3072_mont_reduce_26(sp_digit* a, const sp_digit* m, sp_digit mp) sp_3072_norm_26(a + 26); for (i=0; i<25; i++) { - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffffffffffffffL); sp_3072_mul_add_26(a+i, m, mu); a[i+1] += a[i] >> 60; } - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffffffffL); sp_3072_mul_add_26(a+i, m, mu); a[i+1] += a[i] >> 60; a[i] &= 0xfffffffffffffffL; @@ -7717,7 +7695,7 @@ SP_NOINLINE static void sp_3072_rshift_26(sp_digit* r, const sp_digit* a, int i; for (i=0; i<25; i++) { - r[i] = ((a[i] >> n) | (a[i + 1] << (60 - n))) & 0xfffffffffffffffL; + r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (60 - n))) & 0xfffffffffffffffL); } r[25] = a[25] >> n; } @@ -7894,8 +7872,7 @@ static int sp_3072_div_26(const sp_digit* a, const sp_digit* d, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -8007,14 +7984,13 @@ static int sp_3072_mod_exp_26(sp_digit* r, const sp_digit* a, const sp_digit* e, sp_3072_mont_reduce_26(t[0], m, mp); n = sp_3072_cmp_26(t[0], m); - sp_3072_cond_sub_26(t[0], t[0], m, ~(n >> 63)); + sp_3072_cond_sub_26(t[0], t[0], m, (sp_digit)~(n >> 63)); XMEMCPY(r, t[0], sizeof(*r) * 26 * 2); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -8098,13 +8074,12 @@ static int sp_3072_mod_exp_26(sp_digit* r, const sp_digit* a, const sp_digit* e, sp_3072_mont_reduce_26(t[0], m, mp); n = sp_3072_cmp_26(t[0], m); - sp_3072_cond_sub_26(t[0], t[0], m, ~(n >> 63)); + sp_3072_cond_sub_26(t[0], t[0], m, (sp_digit)~(n >> 63)); XMEMCPY(r, t[0], sizeof(*r) * 26 * 2); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -8244,13 +8219,12 @@ static int sp_3072_mod_exp_26(sp_digit* r, const sp_digit* a, const sp_digit* e, sp_3072_mont_reduce_26(rt, m, mp); n = sp_3072_cmp_26(rt, m); - sp_3072_cond_sub_26(rt, rt, m, ~(n >> 63)); + sp_3072_cond_sub_26(rt, rt, m, (sp_digit)~(n >> 63)); XMEMCPY(r, rt, sizeof(sp_digit) * 52); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -8356,26 +8330,26 @@ SP_NOINLINE static void sp_3072_mul_add_52(sp_digit* r, const sp_digit* a, t[1] = (tb * a[i+1]) + r[i+1]; t[2] = (tb * a[i+2]) + r[i+2]; t[3] = (tb * a[i+3]) + r[i+3]; - r[i+0] = t[0] & 0xfffffffffffffffL; + r[i+0] = (sp_digit)(t[0] & 0xfffffffffffffffL); t[1] += t[0] >> 60; - r[i+1] = t[1] & 0xfffffffffffffffL; + r[i+1] = (sp_digit)(t[1] & 0xfffffffffffffffL); t[2] += t[1] >> 60; - r[i+2] = t[2] & 0xfffffffffffffffL; + r[i+2] = (sp_digit)(t[2] & 0xfffffffffffffffL); t[3] += t[2] >> 60; - r[i+3] = t[3] & 0xfffffffffffffffL; + r[i+3] = (sp_digit)(t[3] & 0xfffffffffffffffL); t[0] = t[3] >> 60; } t[0] += (tb * a[48]) + r[48]; t[1] = (tb * a[49]) + r[49]; t[2] = (tb * a[50]) + r[50]; t[3] = (tb * a[51]) + r[51]; - r[48] = t[0] & 0xfffffffffffffffL; + r[48] = (sp_digit)(t[0] & 0xfffffffffffffffL); t[1] += t[0] >> 60; - r[49] = t[1] & 0xfffffffffffffffL; + r[49] = (sp_digit)(t[1] & 0xfffffffffffffffL); t[2] += t[1] >> 60; - r[50] = t[2] & 0xfffffffffffffffL; + r[50] = (sp_digit)(t[2] & 0xfffffffffffffffL); t[3] += t[2] >> 60; - r[51] = t[3] & 0xfffffffffffffffL; + r[51] = (sp_digit)(t[3] & 0xfffffffffffffffL); r[52] += (sp_digit)(t[3] >> 60); } @@ -8391,7 +8365,7 @@ static void sp_3072_mont_shift_52(sp_digit* r, const sp_digit* a) n += ((sp_int128)a[52]) << 48; for (i = 0; i < 51; i++) { - r[i] = n & 0xfffffffffffffffL; + r[i] = (sp_digit)(n & 0xfffffffffffffffL); n >>= 60; n += ((sp_int128)a[53 + i]) << 48; } @@ -8416,33 +8390,33 @@ static void sp_3072_mont_reduce_52(sp_digit* a, const sp_digit* m, sp_digit mp) #ifdef WOLFSSL_SP_DH if (mp != 1) { for (i=0; i<51; i++) { - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffffffffffffffL); sp_3072_mul_add_52(a+i, m, mu); a[i+1] += a[i] >> 60; } - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffL); sp_3072_mul_add_52(a+i, m, mu); a[i+1] += a[i] >> 60; a[i] &= 0xfffffffffffffffL; } else { for (i=0; i<51; i++) { - mu = a[i] & 0xfffffffffffffffL; + mu = (sp_digit)(a[i] & 0xfffffffffffffffL); sp_3072_mul_add_52(a+i, m, mu); a[i+1] += a[i] >> 60; } - mu = a[i] & 0xfffL; + mu = (sp_digit)(a[i] & 0xfffL); sp_3072_mul_add_52(a+i, m, mu); a[i+1] += a[i] >> 60; a[i] &= 0xfffffffffffffffL; } #else for (i=0; i<51; i++) { - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffffffffffffffL); sp_3072_mul_add_52(a+i, m, mu); a[i+1] += a[i] >> 60; } - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffL); sp_3072_mul_add_52(a+i, m, mu); a[i+1] += a[i] >> 60; a[i] &= 0xfffffffffffffffL; @@ -8548,7 +8522,7 @@ SP_NOINLINE static void sp_3072_rshift_52(sp_digit* r, const sp_digit* a, int i; for (i=0; i<51; i++) { - r[i] = ((a[i] >> n) | (a[i + 1] << (60 - n))) & 0xfffffffffffffffL; + r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (60 - n))) & 0xfffffffffffffffL); } r[51] = a[51] >> n; } @@ -8725,8 +8699,7 @@ static int sp_3072_div_52(const sp_digit* a, const sp_digit* d, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -8839,14 +8812,13 @@ static int sp_3072_mod_exp_52(sp_digit* r, const sp_digit* a, const sp_digit* e, sp_3072_mont_reduce_52(t[0], m, mp); n = sp_3072_cmp_52(t[0], m); - sp_3072_cond_sub_52(t[0], t[0], m, ~(n >> 63)); + sp_3072_cond_sub_52(t[0], t[0], m, (sp_digit)~(n >> 63)); XMEMCPY(r, t[0], sizeof(*r) * 52 * 2); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -8930,13 +8902,12 @@ static int sp_3072_mod_exp_52(sp_digit* r, const sp_digit* a, const sp_digit* e, sp_3072_mont_reduce_52(t[0], m, mp); n = sp_3072_cmp_52(t[0], m); - sp_3072_cond_sub_52(t[0], t[0], m, ~(n >> 63)); + sp_3072_cond_sub_52(t[0], t[0], m, (sp_digit)~(n >> 63)); XMEMCPY(r, t[0], sizeof(*r) * 52 * 2); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -9059,13 +9030,12 @@ static int sp_3072_mod_exp_52(sp_digit* r, const sp_digit* a, const sp_digit* e, sp_3072_mont_reduce_52(rt, m, mp); n = sp_3072_cmp_52(rt, m); - sp_3072_cond_sub_52(rt, rt, m, ~(n >> 63)); + sp_3072_cond_sub_52(rt, rt, m, (sp_digit)~(n >> 63)); XMEMCPY(r, rt, sizeof(sp_digit) * 104); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -9184,8 +9154,7 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (a != NULL) - XFREE(a, NULL, DYNAMIC_TYPE_RSA); + XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -9296,8 +9265,7 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (d != NULL) - XFREE(d, NULL, DYNAMIC_TYPE_RSA); + XFREE(d, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -9667,7 +9635,7 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm, } #ifdef WOLFSSL_SP_SMALL_STACK -if (a != NULL) + if (a != NULL) #endif { ForceZero(a, sizeof(sp_digit) * 26 * 13); @@ -9903,9 +9871,9 @@ SP_NOINLINE static void sp_3072_lshift_52(sp_digit* r, const sp_digit* a, r[52] = a[51] >> (60 - n); for (i=51; i>0; i--) { - r[i] = ((a[i] << n) | (a[i-1] >> (60 - n))) & 0xfffffffffffffffL; + r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (60 - n))) & 0xfffffffffffffffL); } - r[0] = (a[0] << n) & 0xfffffffffffffffL; + r[0] = (sp_digit)((a[0] << n) & 0xfffffffffffffffL); } /* Modular exponentiate 2 to the e mod m. (r = 2^e mod m) @@ -10016,12 +9984,11 @@ static int sp_3072_mod_exp_2_52(sp_digit* r, const sp_digit* e, int bits, const sp_3072_mont_reduce_52(r, m, mp); n = sp_3072_cmp_52(r, m); - sp_3072_cond_sub_52(r, r, m, ~(n >> 63)); + sp_3072_cond_sub_52(r, r, m, (sp_digit)~(n >> 63)); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -10501,29 +10468,29 @@ SP_NOINLINE static void sp_3072_mul_9(sp_digit* r, const sp_digit* a, t0 = ((sp_uint128)a[ 0]) * b[ 0]; t1 = ((sp_uint128)a[ 0]) * b[ 1] + ((sp_uint128)a[ 1]) * b[ 0]; - t[ 0] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 0] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_uint128)a[ 0]) * b[ 2] + ((sp_uint128)a[ 1]) * b[ 1] + ((sp_uint128)a[ 2]) * b[ 0]; - t[ 1] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 1] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = ((sp_uint128)a[ 0]) * b[ 3] + ((sp_uint128)a[ 1]) * b[ 2] + ((sp_uint128)a[ 2]) * b[ 1] + ((sp_uint128)a[ 3]) * b[ 0]; - t[ 2] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 2] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_uint128)a[ 0]) * b[ 4] + ((sp_uint128)a[ 1]) * b[ 3] + ((sp_uint128)a[ 2]) * b[ 2] + ((sp_uint128)a[ 3]) * b[ 1] + ((sp_uint128)a[ 4]) * b[ 0]; - t[ 3] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 3] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = ((sp_uint128)a[ 0]) * b[ 5] + ((sp_uint128)a[ 1]) * b[ 4] + ((sp_uint128)a[ 2]) * b[ 3] + ((sp_uint128)a[ 3]) * b[ 2] + ((sp_uint128)a[ 4]) * b[ 1] + ((sp_uint128)a[ 5]) * b[ 0]; - t[ 4] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 4] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_uint128)a[ 0]) * b[ 6] + ((sp_uint128)a[ 1]) * b[ 5] + ((sp_uint128)a[ 2]) * b[ 4] @@ -10531,7 +10498,7 @@ SP_NOINLINE static void sp_3072_mul_9(sp_digit* r, const sp_digit* a, + ((sp_uint128)a[ 4]) * b[ 2] + ((sp_uint128)a[ 5]) * b[ 1] + ((sp_uint128)a[ 6]) * b[ 0]; - t[ 5] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 5] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = ((sp_uint128)a[ 0]) * b[ 7] + ((sp_uint128)a[ 1]) * b[ 6] + ((sp_uint128)a[ 2]) * b[ 5] @@ -10540,7 +10507,7 @@ SP_NOINLINE static void sp_3072_mul_9(sp_digit* r, const sp_digit* a, + ((sp_uint128)a[ 5]) * b[ 2] + ((sp_uint128)a[ 6]) * b[ 1] + ((sp_uint128)a[ 7]) * b[ 0]; - t[ 6] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 6] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_uint128)a[ 0]) * b[ 8] + ((sp_uint128)a[ 1]) * b[ 7] + ((sp_uint128)a[ 2]) * b[ 6] @@ -10550,7 +10517,7 @@ SP_NOINLINE static void sp_3072_mul_9(sp_digit* r, const sp_digit* a, + ((sp_uint128)a[ 6]) * b[ 2] + ((sp_uint128)a[ 7]) * b[ 1] + ((sp_uint128)a[ 8]) * b[ 0]; - t[ 7] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 7] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = ((sp_uint128)a[ 1]) * b[ 8] + ((sp_uint128)a[ 2]) * b[ 7] + ((sp_uint128)a[ 3]) * b[ 6] @@ -10559,7 +10526,7 @@ SP_NOINLINE static void sp_3072_mul_9(sp_digit* r, const sp_digit* a, + ((sp_uint128)a[ 6]) * b[ 3] + ((sp_uint128)a[ 7]) * b[ 2] + ((sp_uint128)a[ 8]) * b[ 1]; - t[ 8] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 8] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_uint128)a[ 2]) * b[ 8] + ((sp_uint128)a[ 3]) * b[ 7] + ((sp_uint128)a[ 4]) * b[ 6] @@ -10567,35 +10534,35 @@ SP_NOINLINE static void sp_3072_mul_9(sp_digit* r, const sp_digit* a, + ((sp_uint128)a[ 6]) * b[ 4] + ((sp_uint128)a[ 7]) * b[ 3] + ((sp_uint128)a[ 8]) * b[ 2]; - r[ 9] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + r[ 9] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = ((sp_uint128)a[ 3]) * b[ 8] + ((sp_uint128)a[ 4]) * b[ 7] + ((sp_uint128)a[ 5]) * b[ 6] + ((sp_uint128)a[ 6]) * b[ 5] + ((sp_uint128)a[ 7]) * b[ 4] + ((sp_uint128)a[ 8]) * b[ 3]; - r[10] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + r[10] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_uint128)a[ 4]) * b[ 8] + ((sp_uint128)a[ 5]) * b[ 7] + ((sp_uint128)a[ 6]) * b[ 6] + ((sp_uint128)a[ 7]) * b[ 5] + ((sp_uint128)a[ 8]) * b[ 4]; - r[11] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + r[11] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = ((sp_uint128)a[ 5]) * b[ 8] + ((sp_uint128)a[ 6]) * b[ 7] + ((sp_uint128)a[ 7]) * b[ 6] + ((sp_uint128)a[ 8]) * b[ 5]; - r[12] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + r[12] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_uint128)a[ 6]) * b[ 8] + ((sp_uint128)a[ 7]) * b[ 7] + ((sp_uint128)a[ 8]) * b[ 6]; - r[13] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + r[13] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = ((sp_uint128)a[ 7]) * b[ 8] + ((sp_uint128)a[ 8]) * b[ 7]; - r[14] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + r[14] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_uint128)a[ 8]) * b[ 8]; - r[15] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; - r[16] = t0 & 0x1ffffffffffffffL; + r[15] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; + r[16] = (sp_digit)(t0 & 0x1ffffffffffffffL); r[17] = (sp_digit)(t0 >> 57); XMEMCPY(r, t, sizeof(t)); } @@ -10853,66 +10820,66 @@ SP_NOINLINE static void sp_3072_sqr_9(sp_digit* r, const sp_digit* a) t0 = ((sp_uint128)a[ 0]) * a[ 0]; t1 = (((sp_uint128)a[ 0]) * a[ 1]) * 2; - t[ 0] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 0] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = (((sp_uint128)a[ 0]) * a[ 2]) * 2 + ((sp_uint128)a[ 1]) * a[ 1]; - t[ 1] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 1] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = (((sp_uint128)a[ 0]) * a[ 3] + ((sp_uint128)a[ 1]) * a[ 2]) * 2; - t[ 2] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 2] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = (((sp_uint128)a[ 0]) * a[ 4] + ((sp_uint128)a[ 1]) * a[ 3]) * 2 + ((sp_uint128)a[ 2]) * a[ 2]; - t[ 3] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 3] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = (((sp_uint128)a[ 0]) * a[ 5] + ((sp_uint128)a[ 1]) * a[ 4] + ((sp_uint128)a[ 2]) * a[ 3]) * 2; - t[ 4] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 4] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = (((sp_uint128)a[ 0]) * a[ 6] + ((sp_uint128)a[ 1]) * a[ 5] + ((sp_uint128)a[ 2]) * a[ 4]) * 2 + ((sp_uint128)a[ 3]) * a[ 3]; - t[ 5] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 5] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = (((sp_uint128)a[ 0]) * a[ 7] + ((sp_uint128)a[ 1]) * a[ 6] + ((sp_uint128)a[ 2]) * a[ 5] + ((sp_uint128)a[ 3]) * a[ 4]) * 2; - t[ 6] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 6] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = (((sp_uint128)a[ 0]) * a[ 8] + ((sp_uint128)a[ 1]) * a[ 7] + ((sp_uint128)a[ 2]) * a[ 6] + ((sp_uint128)a[ 3]) * a[ 5]) * 2 + ((sp_uint128)a[ 4]) * a[ 4]; - t[ 7] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 7] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = (((sp_uint128)a[ 1]) * a[ 8] + ((sp_uint128)a[ 2]) * a[ 7] + ((sp_uint128)a[ 3]) * a[ 6] + ((sp_uint128)a[ 4]) * a[ 5]) * 2; - t[ 8] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 8] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = (((sp_uint128)a[ 2]) * a[ 8] + ((sp_uint128)a[ 3]) * a[ 7] + ((sp_uint128)a[ 4]) * a[ 6]) * 2 + ((sp_uint128)a[ 5]) * a[ 5]; - r[ 9] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + r[ 9] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = (((sp_uint128)a[ 3]) * a[ 8] + ((sp_uint128)a[ 4]) * a[ 7] + ((sp_uint128)a[ 5]) * a[ 6]) * 2; - r[10] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + r[10] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = (((sp_uint128)a[ 4]) * a[ 8] + ((sp_uint128)a[ 5]) * a[ 7]) * 2 + ((sp_uint128)a[ 6]) * a[ 6]; - r[11] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + r[11] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = (((sp_uint128)a[ 5]) * a[ 8] + ((sp_uint128)a[ 6]) * a[ 7]) * 2; - r[12] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + r[12] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = (((sp_uint128)a[ 6]) * a[ 8]) * 2 + ((sp_uint128)a[ 7]) * a[ 7]; - r[13] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + r[13] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = (((sp_uint128)a[ 7]) * a[ 8]) * 2; - r[14] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + r[14] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_uint128)a[ 8]) * a[ 8]; - r[15] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; - r[16] = t0 & 0x1ffffffffffffffL; + r[15] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; + r[16] = (sp_digit)(t0 & 0x1ffffffffffffffL); r[17] = (sp_digit)(t0 >> 57); XMEMCPY(r, t, sizeof(t)); } @@ -11218,26 +11185,26 @@ static void sp_3072_mont_shift_27(sp_digit* r, const sp_digit* a) s = a[27]; n = a[26] >> 54; for (i = 0; i < 24; i += 8) { - n += (s & 0x1ffffffffffffffL) << 3; r[i+0] = n & 0x1ffffffffffffffL; + n += (sp_digit)((s & 0x1ffffffffffffffL) << 3); r[i+0] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; s = a[i+28] + (s >> 57); - n += (s & 0x1ffffffffffffffL) << 3; r[i+1] = n & 0x1ffffffffffffffL; + n += (sp_digit)((s & 0x1ffffffffffffffL) << 3); r[i+1] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; s = a[i+29] + (s >> 57); - n += (s & 0x1ffffffffffffffL) << 3; r[i+2] = n & 0x1ffffffffffffffL; + n += (sp_digit)((s & 0x1ffffffffffffffL) << 3); r[i+2] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; s = a[i+30] + (s >> 57); - n += (s & 0x1ffffffffffffffL) << 3; r[i+3] = n & 0x1ffffffffffffffL; + n += (sp_digit)((s & 0x1ffffffffffffffL) << 3); r[i+3] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; s = a[i+31] + (s >> 57); - n += (s & 0x1ffffffffffffffL) << 3; r[i+4] = n & 0x1ffffffffffffffL; + n += (sp_digit)((s & 0x1ffffffffffffffL) << 3); r[i+4] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; s = a[i+32] + (s >> 57); - n += (s & 0x1ffffffffffffffL) << 3; r[i+5] = n & 0x1ffffffffffffffL; + n += (sp_digit)((s & 0x1ffffffffffffffL) << 3); r[i+5] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; s = a[i+33] + (s >> 57); - n += (s & 0x1ffffffffffffffL) << 3; r[i+6] = n & 0x1ffffffffffffffL; + n += (sp_digit)((s & 0x1ffffffffffffffL) << 3); r[i+6] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; s = a[i+34] + (s >> 57); - n += (s & 0x1ffffffffffffffL) << 3; r[i+7] = n & 0x1ffffffffffffffL; + n += (sp_digit)((s & 0x1ffffffffffffffL) << 3); r[i+7] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; s = a[i+35] + (s >> 57); } - n += (s & 0x1ffffffffffffffL) << 3; r[24] = n & 0x1ffffffffffffffL; + n += (sp_digit)((s & 0x1ffffffffffffffL) << 3); r[24] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; s = a[52] + (s >> 57); - n += (s & 0x1ffffffffffffffL) << 3; r[25] = n & 0x1ffffffffffffffL; + n += (sp_digit)((s & 0x1ffffffffffffffL) << 3); r[25] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; s = a[53] + (s >> 57); n += s << 3; r[26] = n; XMEMSET(&r[27], 0, sizeof(*r) * 27U); @@ -11258,11 +11225,11 @@ static void sp_3072_mont_reduce_27(sp_digit* a, const sp_digit* m, sp_digit mp) sp_3072_norm_27(a + 27); for (i=0; i<26; i++) { - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL); sp_3072_mul_add_27(a+i, m, mu); a[i+1] += a[i] >> 57; } - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x3fffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x3fffffffffffffL); sp_3072_mul_add_27(a+i, m, mu); a[i+1] += a[i] >> 57; a[i] &= 0x1ffffffffffffffL; @@ -11387,17 +11354,17 @@ SP_NOINLINE static void sp_3072_rshift_27(sp_digit* r, const sp_digit* a, int i; for (i=0; i<24; i += 8) { - r[i+0] = (a[i+0] >> n) | ((a[i+1] << (57 - n)) & 0x1ffffffffffffffL); - r[i+1] = (a[i+1] >> n) | ((a[i+2] << (57 - n)) & 0x1ffffffffffffffL); - r[i+2] = (a[i+2] >> n) | ((a[i+3] << (57 - n)) & 0x1ffffffffffffffL); - r[i+3] = (a[i+3] >> n) | ((a[i+4] << (57 - n)) & 0x1ffffffffffffffL); - r[i+4] = (a[i+4] >> n) | ((a[i+5] << (57 - n)) & 0x1ffffffffffffffL); - r[i+5] = (a[i+5] >> n) | ((a[i+6] << (57 - n)) & 0x1ffffffffffffffL); - r[i+6] = (a[i+6] >> n) | ((a[i+7] << (57 - n)) & 0x1ffffffffffffffL); - r[i+7] = (a[i+7] >> n) | ((a[i+8] << (57 - n)) & 0x1ffffffffffffffL); - } - r[24] = (a[24] >> n) | ((a[25] << (57 - n)) & 0x1ffffffffffffffL); - r[25] = (a[25] >> n) | ((a[26] << (57 - n)) & 0x1ffffffffffffffL); + r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (57 - n)) & 0x1ffffffffffffffL); + r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (57 - n)) & 0x1ffffffffffffffL); + r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (57 - n)) & 0x1ffffffffffffffL); + r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (57 - n)) & 0x1ffffffffffffffL); + r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (57 - n)) & 0x1ffffffffffffffL); + r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (57 - n)) & 0x1ffffffffffffffL); + r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (57 - n)) & 0x1ffffffffffffffL); + r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (57 - n)) & 0x1ffffffffffffffL); + } + r[24] = (a[24] >> n) | (sp_digit)((a[25] << (57 - n)) & 0x1ffffffffffffffL); + r[25] = (a[25] >> n) | (sp_digit)((a[26] << (57 - n)) & 0x1ffffffffffffffL); r[26] = a[26] >> n; } @@ -11573,8 +11540,7 @@ static int sp_3072_div_27(const sp_digit* a, const sp_digit* d, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -11686,14 +11652,13 @@ static int sp_3072_mod_exp_27(sp_digit* r, const sp_digit* a, const sp_digit* e, sp_3072_mont_reduce_27(t[0], m, mp); n = sp_3072_cmp_27(t[0], m); - sp_3072_cond_sub_27(t[0], t[0], m, ~(n >> 63)); + sp_3072_cond_sub_27(t[0], t[0], m, (sp_digit)~(n >> 63)); XMEMCPY(r, t[0], sizeof(*r) * 27 * 2); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -11777,13 +11742,12 @@ static int sp_3072_mod_exp_27(sp_digit* r, const sp_digit* a, const sp_digit* e, sp_3072_mont_reduce_27(t[0], m, mp); n = sp_3072_cmp_27(t[0], m); - sp_3072_cond_sub_27(t[0], t[0], m, ~(n >> 63)); + sp_3072_cond_sub_27(t[0], t[0], m, (sp_digit)~(n >> 63)); XMEMCPY(r, t[0], sizeof(*r) * 27 * 2); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -11923,13 +11887,12 @@ static int sp_3072_mod_exp_27(sp_digit* r, const sp_digit* a, const sp_digit* e, sp_3072_mont_reduce_27(rt, m, mp); n = sp_3072_cmp_27(rt, m); - sp_3072_cond_sub_27(rt, rt, m, ~(n >> 63)); + sp_3072_cond_sub_27(rt, rt, m, (sp_digit)~(n >> 63)); XMEMCPY(r, rt, sizeof(sp_digit) * 54); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -12092,28 +12055,28 @@ static void sp_3072_mont_shift_54(sp_digit* r, const sp_digit* a) sp_int128 n = a[53] >> 51; n += ((sp_int128)a[54]) << 6; for (i = 0; i < 48; i += 8) { - r[i + 0] = n & 0x1ffffffffffffffL; + r[i + 0] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; n += ((sp_int128)a[i + 55]) << 6; - r[i + 1] = n & 0x1ffffffffffffffL; + r[i + 1] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; n += ((sp_int128)a[i + 56]) << 6; - r[i + 2] = n & 0x1ffffffffffffffL; + r[i + 2] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; n += ((sp_int128)a[i + 57]) << 6; - r[i + 3] = n & 0x1ffffffffffffffL; + r[i + 3] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; n += ((sp_int128)a[i + 58]) << 6; - r[i + 4] = n & 0x1ffffffffffffffL; + r[i + 4] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; n += ((sp_int128)a[i + 59]) << 6; - r[i + 5] = n & 0x1ffffffffffffffL; + r[i + 5] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; n += ((sp_int128)a[i + 60]) << 6; - r[i + 6] = n & 0x1ffffffffffffffL; + r[i + 6] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; n += ((sp_int128)a[i + 61]) << 6; - r[i + 7] = n & 0x1ffffffffffffffL; + r[i + 7] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; n += ((sp_int128)a[i + 62]) << 6; } - r[48] = n & 0x1ffffffffffffffL; n >>= 57; n += ((sp_int128)a[103]) << 6; - r[49] = n & 0x1ffffffffffffffL; n >>= 57; n += ((sp_int128)a[104]) << 6; - r[50] = n & 0x1ffffffffffffffL; n >>= 57; n += ((sp_int128)a[105]) << 6; - r[51] = n & 0x1ffffffffffffffL; n >>= 57; n += ((sp_int128)a[106]) << 6; - r[52] = n & 0x1ffffffffffffffL; n >>= 57; n += ((sp_int128)a[107]) << 6; + r[48] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; n += ((sp_int128)a[103]) << 6; + r[49] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; n += ((sp_int128)a[104]) << 6; + r[50] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; n += ((sp_int128)a[105]) << 6; + r[51] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; n += ((sp_int128)a[106]) << 6; + r[52] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; n += ((sp_int128)a[107]) << 6; r[53] = (sp_digit)n; XMEMSET(&r[54], 0, sizeof(*r) * 54U); } @@ -12135,33 +12098,33 @@ static void sp_3072_mont_reduce_54(sp_digit* a, const sp_digit* m, sp_digit mp) #ifdef WOLFSSL_SP_DH if (mp != 1) { for (i=0; i<53; i++) { - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL); sp_3072_mul_add_54(a+i, m, mu); a[i+1] += a[i] >> 57; } - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffffffL); sp_3072_mul_add_54(a+i, m, mu); a[i+1] += a[i] >> 57; a[i] &= 0x1ffffffffffffffL; } else { for (i=0; i<53; i++) { - mu = a[i] & 0x1ffffffffffffffL; + mu = (sp_digit)(a[i] & 0x1ffffffffffffffL); sp_3072_mul_add_54(a+i, m, mu); a[i+1] += a[i] >> 57; } - mu = a[i] & 0x7ffffffffffffL; + mu = (sp_digit)(a[i] & 0x7ffffffffffffL); sp_3072_mul_add_54(a+i, m, mu); a[i+1] += a[i] >> 57; a[i] &= 0x1ffffffffffffffL; } #else for (i=0; i<53; i++) { - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL); sp_3072_mul_add_54(a+i, m, mu); a[i+1] += a[i] >> 57; } - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffffffL); sp_3072_mul_add_54(a+i, m, mu); a[i+1] += a[i] >> 57; a[i] &= 0x1ffffffffffffffL; @@ -12281,20 +12244,20 @@ SP_NOINLINE static void sp_3072_rshift_54(sp_digit* r, const sp_digit* a, int i; for (i=0; i<48; i += 8) { - r[i+0] = (a[i+0] >> n) | ((a[i+1] << (57 - n)) & 0x1ffffffffffffffL); - r[i+1] = (a[i+1] >> n) | ((a[i+2] << (57 - n)) & 0x1ffffffffffffffL); - r[i+2] = (a[i+2] >> n) | ((a[i+3] << (57 - n)) & 0x1ffffffffffffffL); - r[i+3] = (a[i+3] >> n) | ((a[i+4] << (57 - n)) & 0x1ffffffffffffffL); - r[i+4] = (a[i+4] >> n) | ((a[i+5] << (57 - n)) & 0x1ffffffffffffffL); - r[i+5] = (a[i+5] >> n) | ((a[i+6] << (57 - n)) & 0x1ffffffffffffffL); - r[i+6] = (a[i+6] >> n) | ((a[i+7] << (57 - n)) & 0x1ffffffffffffffL); - r[i+7] = (a[i+7] >> n) | ((a[i+8] << (57 - n)) & 0x1ffffffffffffffL); - } - r[48] = (a[48] >> n) | ((a[49] << (57 - n)) & 0x1ffffffffffffffL); - r[49] = (a[49] >> n) | ((a[50] << (57 - n)) & 0x1ffffffffffffffL); - r[50] = (a[50] >> n) | ((a[51] << (57 - n)) & 0x1ffffffffffffffL); - r[51] = (a[51] >> n) | ((a[52] << (57 - n)) & 0x1ffffffffffffffL); - r[52] = (a[52] >> n) | ((a[53] << (57 - n)) & 0x1ffffffffffffffL); + r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (57 - n)) & 0x1ffffffffffffffL); + r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (57 - n)) & 0x1ffffffffffffffL); + r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (57 - n)) & 0x1ffffffffffffffL); + r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (57 - n)) & 0x1ffffffffffffffL); + r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (57 - n)) & 0x1ffffffffffffffL); + r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (57 - n)) & 0x1ffffffffffffffL); + r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (57 - n)) & 0x1ffffffffffffffL); + r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (57 - n)) & 0x1ffffffffffffffL); + } + r[48] = (a[48] >> n) | (sp_digit)((a[49] << (57 - n)) & 0x1ffffffffffffffL); + r[49] = (a[49] >> n) | (sp_digit)((a[50] << (57 - n)) & 0x1ffffffffffffffL); + r[50] = (a[50] >> n) | (sp_digit)((a[51] << (57 - n)) & 0x1ffffffffffffffL); + r[51] = (a[51] >> n) | (sp_digit)((a[52] << (57 - n)) & 0x1ffffffffffffffL); + r[52] = (a[52] >> n) | (sp_digit)((a[53] << (57 - n)) & 0x1ffffffffffffffL); r[53] = a[53] >> n; } @@ -12470,8 +12433,7 @@ static int sp_3072_div_54(const sp_digit* a, const sp_digit* d, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -12586,14 +12548,13 @@ static int sp_3072_mod_exp_54(sp_digit* r, const sp_digit* a, const sp_digit* e, sp_3072_mont_reduce_54(t[0], m, mp); n = sp_3072_cmp_54(t[0], m); - sp_3072_cond_sub_54(t[0], t[0], m, ~(n >> 63)); + sp_3072_cond_sub_54(t[0], t[0], m, (sp_digit)~(n >> 63)); XMEMCPY(r, t[0], sizeof(*r) * 54 * 2); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -12677,13 +12638,12 @@ static int sp_3072_mod_exp_54(sp_digit* r, const sp_digit* a, const sp_digit* e, sp_3072_mont_reduce_54(t[0], m, mp); n = sp_3072_cmp_54(t[0], m); - sp_3072_cond_sub_54(t[0], t[0], m, ~(n >> 63)); + sp_3072_cond_sub_54(t[0], t[0], m, (sp_digit)~(n >> 63)); XMEMCPY(r, t[0], sizeof(*r) * 54 * 2); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -12806,13 +12766,12 @@ static int sp_3072_mod_exp_54(sp_digit* r, const sp_digit* a, const sp_digit* e, sp_3072_mont_reduce_54(rt, m, mp); n = sp_3072_cmp_54(rt, m); - sp_3072_cond_sub_54(rt, rt, m, ~(n >> 63)); + sp_3072_cond_sub_54(rt, rt, m, (sp_digit)~(n >> 63)); XMEMCPY(r, rt, sizeof(sp_digit) * 108); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -12933,8 +12892,7 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (a != NULL) - XFREE(a, NULL, DYNAMIC_TYPE_RSA); + XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -13045,8 +13003,7 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (d != NULL) - XFREE(d, NULL, DYNAMIC_TYPE_RSA); + XFREE(d, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -13416,7 +13373,7 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm, } #ifdef WOLFSSL_SP_SMALL_STACK -if (a != NULL) + if (a != NULL) #endif { ForceZero(a, sizeof(sp_digit) * 27 * 13); @@ -13654,112 +13611,112 @@ SP_NOINLINE static void sp_3072_lshift_54(sp_digit* r, const sp_digit* a, s = (sp_int_digit)a[53]; r[54] = s >> (57U - n); s = (sp_int_digit)(a[53]); t = (sp_int_digit)(a[52]); - r[53] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[53] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[52]); t = (sp_int_digit)(a[51]); - r[52] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[52] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[51]); t = (sp_int_digit)(a[50]); - r[51] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[51] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[50]); t = (sp_int_digit)(a[49]); - r[50] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[50] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[49]); t = (sp_int_digit)(a[48]); - r[49] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[49] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[48]); t = (sp_int_digit)(a[47]); - r[48] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[48] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[47]); t = (sp_int_digit)(a[46]); - r[47] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[47] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[46]); t = (sp_int_digit)(a[45]); - r[46] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[46] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[45]); t = (sp_int_digit)(a[44]); - r[45] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[45] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[44]); t = (sp_int_digit)(a[43]); - r[44] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[44] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[43]); t = (sp_int_digit)(a[42]); - r[43] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[43] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[42]); t = (sp_int_digit)(a[41]); - r[42] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[42] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[41]); t = (sp_int_digit)(a[40]); - r[41] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[41] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[40]); t = (sp_int_digit)(a[39]); - r[40] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[40] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[39]); t = (sp_int_digit)(a[38]); - r[39] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[39] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[38]); t = (sp_int_digit)(a[37]); - r[38] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[38] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[37]); t = (sp_int_digit)(a[36]); - r[37] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[37] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[36]); t = (sp_int_digit)(a[35]); - r[36] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[36] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[35]); t = (sp_int_digit)(a[34]); - r[35] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[35] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[34]); t = (sp_int_digit)(a[33]); - r[34] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[34] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[33]); t = (sp_int_digit)(a[32]); - r[33] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[33] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[32]); t = (sp_int_digit)(a[31]); - r[32] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[32] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[31]); t = (sp_int_digit)(a[30]); - r[31] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[31] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[30]); t = (sp_int_digit)(a[29]); - r[30] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[30] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[29]); t = (sp_int_digit)(a[28]); - r[29] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[29] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[28]); t = (sp_int_digit)(a[27]); - r[28] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[28] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[27]); t = (sp_int_digit)(a[26]); - r[27] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[27] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[26]); t = (sp_int_digit)(a[25]); - r[26] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[26] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[25]); t = (sp_int_digit)(a[24]); - r[25] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[25] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[24]); t = (sp_int_digit)(a[23]); - r[24] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[24] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[23]); t = (sp_int_digit)(a[22]); - r[23] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[23] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[22]); t = (sp_int_digit)(a[21]); - r[22] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[22] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[21]); t = (sp_int_digit)(a[20]); - r[21] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[21] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[20]); t = (sp_int_digit)(a[19]); - r[20] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[20] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[19]); t = (sp_int_digit)(a[18]); - r[19] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[19] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[18]); t = (sp_int_digit)(a[17]); - r[18] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[18] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[17]); t = (sp_int_digit)(a[16]); - r[17] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[17] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[16]); t = (sp_int_digit)(a[15]); - r[16] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[16] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[15]); t = (sp_int_digit)(a[14]); - r[15] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[15] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[14]); t = (sp_int_digit)(a[13]); - r[14] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[14] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[13]); t = (sp_int_digit)(a[12]); - r[13] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[13] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[12]); t = (sp_int_digit)(a[11]); - r[12] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[12] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[11]); t = (sp_int_digit)(a[10]); - r[11] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[11] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[10]); t = (sp_int_digit)(a[9]); - r[10] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[10] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]); - r[9] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[9] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]); - r[8] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[8] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]); - r[7] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[7] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]); - r[6] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[6] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]); - r[5] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[5] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]); - r[4] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[4] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]); - r[3] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[3] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]); - r[2] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; + r[2] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]); - r[1] = ((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL; - r[0] = (a[0] << n) & 0x1ffffffffffffffL; + r[1] = (sp_digit)(((s << n) | (t >> (57U - n))) & 0x1ffffffffffffffUL); + r[0] = (sp_digit)((a[0] << n) & 0x1ffffffffffffffL); } /* Modular exponentiate 2 to the e mod m. (r = 2^e mod m) @@ -13870,12 +13827,11 @@ static int sp_3072_mod_exp_2_54(sp_digit* r, const sp_digit* e, int bits, const sp_3072_mont_reduce_54(r, m, mp); n = sp_3072_cmp_54(r, m); - sp_3072_cond_sub_54(r, r, m, ~(n >> 63)); + sp_3072_cond_sub_54(r, r, m, (sp_digit)~(n >> 63)); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -14547,23 +14503,23 @@ SP_NOINLINE static void sp_4096_mul_add_35(sp_digit* r, const sp_digit* a, t[1] = (tb * a[i+1]) + r[i+1]; t[2] = (tb * a[i+2]) + r[i+2]; t[3] = (tb * a[i+3]) + r[i+3]; - r[i+0] = t[0] & 0x7ffffffffffffffL; + r[i+0] = (sp_digit)(t[0] & 0x7ffffffffffffffL); t[1] += t[0] >> 59; - r[i+1] = t[1] & 0x7ffffffffffffffL; + r[i+1] = (sp_digit)(t[1] & 0x7ffffffffffffffL); t[2] += t[1] >> 59; - r[i+2] = t[2] & 0x7ffffffffffffffL; + r[i+2] = (sp_digit)(t[2] & 0x7ffffffffffffffL); t[3] += t[2] >> 59; - r[i+3] = t[3] & 0x7ffffffffffffffL; + r[i+3] = (sp_digit)(t[3] & 0x7ffffffffffffffL); t[0] = t[3] >> 59; } t[0] += (tb * a[32]) + r[32]; t[1] = (tb * a[33]) + r[33]; t[2] = (tb * a[34]) + r[34]; - r[32] = t[0] & 0x7ffffffffffffffL; + r[32] = (sp_digit)(t[0] & 0x7ffffffffffffffL); t[1] += t[0] >> 59; - r[33] = t[1] & 0x7ffffffffffffffL; + r[33] = (sp_digit)(t[1] & 0x7ffffffffffffffL); t[2] += t[1] >> 59; - r[34] = t[2] & 0x7ffffffffffffffL; + r[34] = (sp_digit)(t[2] & 0x7ffffffffffffffL); r[35] += (sp_digit)(t[2] >> 59); } @@ -14579,7 +14535,7 @@ static void sp_4096_mont_shift_35(sp_digit* r, const sp_digit* a) n += ((sp_int128)a[35]) << 17; for (i = 0; i < 34; i++) { - r[i] = n & 0x7ffffffffffffffL; + r[i] = (sp_digit)(n & 0x7ffffffffffffffL); n >>= 59; n += ((sp_int128)a[36 + i]) << 17; } @@ -14602,11 +14558,11 @@ static void sp_4096_mont_reduce_35(sp_digit* a, const sp_digit* m, sp_digit mp) sp_4096_norm_35(a + 35); for (i=0; i<34; i++) { - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffffffffL); sp_4096_mul_add_35(a+i, m, mu); a[i+1] += a[i] >> 59; } - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x3ffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x3ffffffffffL); sp_4096_mul_add_35(a+i, m, mu); a[i+1] += a[i] >> 59; a[i] &= 0x7ffffffffffffffL; @@ -14791,7 +14747,7 @@ SP_NOINLINE static void sp_4096_rshift_35(sp_digit* r, const sp_digit* a, int i; for (i=0; i<34; i++) { - r[i] = ((a[i] >> n) | (a[i + 1] << (59 - n))) & 0x7ffffffffffffffL; + r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (59 - n))) & 0x7ffffffffffffffL); } r[34] = a[34] >> n; } @@ -14968,8 +14924,7 @@ static int sp_4096_div_35(const sp_digit* a, const sp_digit* d, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -15081,14 +15036,13 @@ static int sp_4096_mod_exp_35(sp_digit* r, const sp_digit* a, const sp_digit* e, sp_4096_mont_reduce_35(t[0], m, mp); n = sp_4096_cmp_35(t[0], m); - sp_4096_cond_sub_35(t[0], t[0], m, ~(n >> 63)); + sp_4096_cond_sub_35(t[0], t[0], m, (sp_digit)~(n >> 63)); XMEMCPY(r, t[0], sizeof(*r) * 35 * 2); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -15172,13 +15126,12 @@ static int sp_4096_mod_exp_35(sp_digit* r, const sp_digit* a, const sp_digit* e, sp_4096_mont_reduce_35(t[0], m, mp); n = sp_4096_cmp_35(t[0], m); - sp_4096_cond_sub_35(t[0], t[0], m, ~(n >> 63)); + sp_4096_cond_sub_35(t[0], t[0], m, (sp_digit)~(n >> 63)); XMEMCPY(r, t[0], sizeof(*r) * 35 * 2); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -15318,13 +15271,12 @@ static int sp_4096_mod_exp_35(sp_digit* r, const sp_digit* a, const sp_digit* e, sp_4096_mont_reduce_35(rt, m, mp); n = sp_4096_cmp_35(rt, m); - sp_4096_cond_sub_35(rt, rt, m, ~(n >> 63)); + sp_4096_cond_sub_35(rt, rt, m, (sp_digit)~(n >> 63)); XMEMCPY(r, rt, sizeof(sp_digit) * 70); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -15431,20 +15383,20 @@ SP_NOINLINE static void sp_4096_mul_add_70(sp_digit* r, const sp_digit* a, t[1] = (tb * a[i+1]) + r[i+1]; t[2] = (tb * a[i+2]) + r[i+2]; t[3] = (tb * a[i+3]) + r[i+3]; - r[i+0] = t[0] & 0x7ffffffffffffffL; + r[i+0] = (sp_digit)(t[0] & 0x7ffffffffffffffL); t[1] += t[0] >> 59; - r[i+1] = t[1] & 0x7ffffffffffffffL; + r[i+1] = (sp_digit)(t[1] & 0x7ffffffffffffffL); t[2] += t[1] >> 59; - r[i+2] = t[2] & 0x7ffffffffffffffL; + r[i+2] = (sp_digit)(t[2] & 0x7ffffffffffffffL); t[3] += t[2] >> 59; - r[i+3] = t[3] & 0x7ffffffffffffffL; + r[i+3] = (sp_digit)(t[3] & 0x7ffffffffffffffL); t[0] = t[3] >> 59; } t[0] += (tb * a[68]) + r[68]; t[1] = (tb * a[69]) + r[69]; - r[68] = t[0] & 0x7ffffffffffffffL; + r[68] = (sp_digit)(t[0] & 0x7ffffffffffffffL); t[1] += t[0] >> 59; - r[69] = t[1] & 0x7ffffffffffffffL; + r[69] = (sp_digit)(t[1] & 0x7ffffffffffffffL); r[70] += (sp_digit)(t[1] >> 59); } @@ -15460,7 +15412,7 @@ static void sp_4096_mont_shift_70(sp_digit* r, const sp_digit* a) n += ((sp_int128)a[70]) << 34; for (i = 0; i < 69; i++) { - r[i] = n & 0x7ffffffffffffffL; + r[i] = (sp_digit)(n & 0x7ffffffffffffffL); n >>= 59; n += ((sp_int128)a[71 + i]) << 34; } @@ -15485,33 +15437,33 @@ static void sp_4096_mont_reduce_70(sp_digit* a, const sp_digit* m, sp_digit mp) #ifdef WOLFSSL_SP_DH if (mp != 1) { for (i=0; i<69; i++) { - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffffffffL); sp_4096_mul_add_70(a+i, m, mu); a[i+1] += a[i] >> 59; } - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffL); sp_4096_mul_add_70(a+i, m, mu); a[i+1] += a[i] >> 59; a[i] &= 0x7ffffffffffffffL; } else { for (i=0; i<69; i++) { - mu = a[i] & 0x7ffffffffffffffL; + mu = (sp_digit)(a[i] & 0x7ffffffffffffffL); sp_4096_mul_add_70(a+i, m, mu); a[i+1] += a[i] >> 59; } - mu = a[i] & 0x1ffffffL; + mu = (sp_digit)(a[i] & 0x1ffffffL); sp_4096_mul_add_70(a+i, m, mu); a[i+1] += a[i] >> 59; a[i] &= 0x7ffffffffffffffL; } #else for (i=0; i<69; i++) { - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x7ffffffffffffffL); sp_4096_mul_add_70(a+i, m, mu); a[i+1] += a[i] >> 59; } - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffL); sp_4096_mul_add_70(a+i, m, mu); a[i+1] += a[i] >> 59; a[i] &= 0x7ffffffffffffffL; @@ -15617,7 +15569,7 @@ SP_NOINLINE static void sp_4096_rshift_70(sp_digit* r, const sp_digit* a, int i; for (i=0; i<69; i++) { - r[i] = ((a[i] >> n) | (a[i + 1] << (59 - n))) & 0x7ffffffffffffffL; + r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (59 - n))) & 0x7ffffffffffffffL); } r[69] = a[69] >> n; } @@ -15794,8 +15746,7 @@ static int sp_4096_div_70(const sp_digit* a, const sp_digit* d, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -15908,14 +15859,13 @@ static int sp_4096_mod_exp_70(sp_digit* r, const sp_digit* a, const sp_digit* e, sp_4096_mont_reduce_70(t[0], m, mp); n = sp_4096_cmp_70(t[0], m); - sp_4096_cond_sub_70(t[0], t[0], m, ~(n >> 63)); + sp_4096_cond_sub_70(t[0], t[0], m, (sp_digit)~(n >> 63)); XMEMCPY(r, t[0], sizeof(*r) * 70 * 2); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -15999,13 +15949,12 @@ static int sp_4096_mod_exp_70(sp_digit* r, const sp_digit* a, const sp_digit* e, sp_4096_mont_reduce_70(t[0], m, mp); n = sp_4096_cmp_70(t[0], m); - sp_4096_cond_sub_70(t[0], t[0], m, ~(n >> 63)); + sp_4096_cond_sub_70(t[0], t[0], m, (sp_digit)~(n >> 63)); XMEMCPY(r, t[0], sizeof(*r) * 70 * 2); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -16128,13 +16077,12 @@ static int sp_4096_mod_exp_70(sp_digit* r, const sp_digit* a, const sp_digit* e, sp_4096_mont_reduce_70(rt, m, mp); n = sp_4096_cmp_70(rt, m); - sp_4096_cond_sub_70(rt, rt, m, ~(n >> 63)); + sp_4096_cond_sub_70(rt, rt, m, (sp_digit)~(n >> 63)); XMEMCPY(r, rt, sizeof(sp_digit) * 140); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -16253,8 +16201,7 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (a != NULL) - XFREE(a, NULL, DYNAMIC_TYPE_RSA); + XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -16365,8 +16312,7 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (d != NULL) - XFREE(d, NULL, DYNAMIC_TYPE_RSA); + XFREE(d, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -16736,7 +16682,7 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm, } #ifdef WOLFSSL_SP_SMALL_STACK -if (a != NULL) + if (a != NULL) #endif { ForceZero(a, sizeof(sp_digit) * 35 * 13); @@ -16972,9 +16918,9 @@ SP_NOINLINE static void sp_4096_lshift_70(sp_digit* r, const sp_digit* a, r[70] = a[69] >> (59 - n); for (i=69; i>0; i--) { - r[i] = ((a[i] << n) | (a[i-1] >> (59 - n))) & 0x7ffffffffffffffL; + r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (59 - n))) & 0x7ffffffffffffffL); } - r[0] = (a[0] << n) & 0x7ffffffffffffffL; + r[0] = (sp_digit)((a[0] << n) & 0x7ffffffffffffffL); } /* Modular exponentiate 2 to the e mod m. (r = 2^e mod m) @@ -17085,12 +17031,11 @@ static int sp_4096_mod_exp_2_70(sp_digit* r, const sp_digit* e, int bits, const sp_4096_mont_reduce_70(r, m, mp); n = sp_4096_cmp_70(r, m); - sp_4096_cond_sub_70(r, r, m, ~(n >> 63)); + sp_4096_cond_sub_70(r, r, m, (sp_digit)~(n >> 63)); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -17434,29 +17379,29 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a, t0 = ((sp_uint128)a[ 0]) * b[ 0]; t1 = ((sp_uint128)a[ 0]) * b[ 1] + ((sp_uint128)a[ 1]) * b[ 0]; - t[ 0] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + t[ 0] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = ((sp_uint128)a[ 0]) * b[ 2] + ((sp_uint128)a[ 1]) * b[ 1] + ((sp_uint128)a[ 2]) * b[ 0]; - t[ 1] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; + t[ 1] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; t1 = ((sp_uint128)a[ 0]) * b[ 3] + ((sp_uint128)a[ 1]) * b[ 2] + ((sp_uint128)a[ 2]) * b[ 1] + ((sp_uint128)a[ 3]) * b[ 0]; - t[ 2] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + t[ 2] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = ((sp_uint128)a[ 0]) * b[ 4] + ((sp_uint128)a[ 1]) * b[ 3] + ((sp_uint128)a[ 2]) * b[ 2] + ((sp_uint128)a[ 3]) * b[ 1] + ((sp_uint128)a[ 4]) * b[ 0]; - t[ 3] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; + t[ 3] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; t1 = ((sp_uint128)a[ 0]) * b[ 5] + ((sp_uint128)a[ 1]) * b[ 4] + ((sp_uint128)a[ 2]) * b[ 3] + ((sp_uint128)a[ 3]) * b[ 2] + ((sp_uint128)a[ 4]) * b[ 1] + ((sp_uint128)a[ 5]) * b[ 0]; - t[ 4] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + t[ 4] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = ((sp_uint128)a[ 0]) * b[ 6] + ((sp_uint128)a[ 1]) * b[ 5] + ((sp_uint128)a[ 2]) * b[ 4] @@ -17464,7 +17409,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a, + ((sp_uint128)a[ 4]) * b[ 2] + ((sp_uint128)a[ 5]) * b[ 1] + ((sp_uint128)a[ 6]) * b[ 0]; - t[ 5] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; + t[ 5] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; t1 = ((sp_uint128)a[ 0]) * b[ 7] + ((sp_uint128)a[ 1]) * b[ 6] + ((sp_uint128)a[ 2]) * b[ 5] @@ -17473,7 +17418,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a, + ((sp_uint128)a[ 5]) * b[ 2] + ((sp_uint128)a[ 6]) * b[ 1] + ((sp_uint128)a[ 7]) * b[ 0]; - t[ 6] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + t[ 6] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = ((sp_uint128)a[ 0]) * b[ 8] + ((sp_uint128)a[ 1]) * b[ 7] + ((sp_uint128)a[ 2]) * b[ 6] @@ -17483,7 +17428,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a, + ((sp_uint128)a[ 6]) * b[ 2] + ((sp_uint128)a[ 7]) * b[ 1] + ((sp_uint128)a[ 8]) * b[ 0]; - t[ 7] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; + t[ 7] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; t1 = ((sp_uint128)a[ 0]) * b[ 9] + ((sp_uint128)a[ 1]) * b[ 8] + ((sp_uint128)a[ 2]) * b[ 7] @@ -17494,7 +17439,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a, + ((sp_uint128)a[ 7]) * b[ 2] + ((sp_uint128)a[ 8]) * b[ 1] + ((sp_uint128)a[ 9]) * b[ 0]; - t[ 8] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + t[ 8] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = ((sp_uint128)a[ 0]) * b[10] + ((sp_uint128)a[ 1]) * b[ 9] + ((sp_uint128)a[ 2]) * b[ 8] @@ -17506,7 +17451,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a, + ((sp_uint128)a[ 8]) * b[ 2] + ((sp_uint128)a[ 9]) * b[ 1] + ((sp_uint128)a[10]) * b[ 0]; - t[ 9] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; + t[ 9] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; t1 = ((sp_uint128)a[ 0]) * b[11] + ((sp_uint128)a[ 1]) * b[10] + ((sp_uint128)a[ 2]) * b[ 9] @@ -17519,7 +17464,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a, + ((sp_uint128)a[ 9]) * b[ 2] + ((sp_uint128)a[10]) * b[ 1] + ((sp_uint128)a[11]) * b[ 0]; - t[10] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + t[10] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = ((sp_uint128)a[ 0]) * b[12] + ((sp_uint128)a[ 1]) * b[11] + ((sp_uint128)a[ 2]) * b[10] @@ -17533,7 +17478,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a, + ((sp_uint128)a[10]) * b[ 2] + ((sp_uint128)a[11]) * b[ 1] + ((sp_uint128)a[12]) * b[ 0]; - t[11] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; + t[11] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; t1 = ((sp_uint128)a[ 1]) * b[12] + ((sp_uint128)a[ 2]) * b[11] + ((sp_uint128)a[ 3]) * b[10] @@ -17546,7 +17491,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a, + ((sp_uint128)a[10]) * b[ 3] + ((sp_uint128)a[11]) * b[ 2] + ((sp_uint128)a[12]) * b[ 1]; - t[12] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + t[12] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = ((sp_uint128)a[ 2]) * b[12] + ((sp_uint128)a[ 3]) * b[11] + ((sp_uint128)a[ 4]) * b[10] @@ -17558,7 +17503,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a, + ((sp_uint128)a[10]) * b[ 4] + ((sp_uint128)a[11]) * b[ 3] + ((sp_uint128)a[12]) * b[ 2]; - r[13] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; + r[13] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; t1 = ((sp_uint128)a[ 3]) * b[12] + ((sp_uint128)a[ 4]) * b[11] + ((sp_uint128)a[ 5]) * b[10] @@ -17569,7 +17514,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a, + ((sp_uint128)a[10]) * b[ 5] + ((sp_uint128)a[11]) * b[ 4] + ((sp_uint128)a[12]) * b[ 3]; - r[14] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + r[14] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = ((sp_uint128)a[ 4]) * b[12] + ((sp_uint128)a[ 5]) * b[11] + ((sp_uint128)a[ 6]) * b[10] @@ -17579,7 +17524,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a, + ((sp_uint128)a[10]) * b[ 6] + ((sp_uint128)a[11]) * b[ 5] + ((sp_uint128)a[12]) * b[ 4]; - r[15] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; + r[15] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; t1 = ((sp_uint128)a[ 5]) * b[12] + ((sp_uint128)a[ 6]) * b[11] + ((sp_uint128)a[ 7]) * b[10] @@ -17588,7 +17533,7 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a, + ((sp_uint128)a[10]) * b[ 7] + ((sp_uint128)a[11]) * b[ 6] + ((sp_uint128)a[12]) * b[ 5]; - r[16] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + r[16] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = ((sp_uint128)a[ 6]) * b[12] + ((sp_uint128)a[ 7]) * b[11] + ((sp_uint128)a[ 8]) * b[10] @@ -17596,35 +17541,35 @@ SP_NOINLINE static void sp_4096_mul_13(sp_digit* r, const sp_digit* a, + ((sp_uint128)a[10]) * b[ 8] + ((sp_uint128)a[11]) * b[ 7] + ((sp_uint128)a[12]) * b[ 6]; - r[17] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; + r[17] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; t1 = ((sp_uint128)a[ 7]) * b[12] + ((sp_uint128)a[ 8]) * b[11] + ((sp_uint128)a[ 9]) * b[10] + ((sp_uint128)a[10]) * b[ 9] + ((sp_uint128)a[11]) * b[ 8] + ((sp_uint128)a[12]) * b[ 7]; - r[18] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + r[18] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = ((sp_uint128)a[ 8]) * b[12] + ((sp_uint128)a[ 9]) * b[11] + ((sp_uint128)a[10]) * b[10] + ((sp_uint128)a[11]) * b[ 9] + ((sp_uint128)a[12]) * b[ 8]; - r[19] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; + r[19] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; t1 = ((sp_uint128)a[ 9]) * b[12] + ((sp_uint128)a[10]) * b[11] + ((sp_uint128)a[11]) * b[10] + ((sp_uint128)a[12]) * b[ 9]; - r[20] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + r[20] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = ((sp_uint128)a[10]) * b[12] + ((sp_uint128)a[11]) * b[11] + ((sp_uint128)a[12]) * b[10]; - r[21] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; + r[21] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; t1 = ((sp_uint128)a[11]) * b[12] + ((sp_uint128)a[12]) * b[11]; - r[22] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + r[22] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = ((sp_uint128)a[12]) * b[12]; - r[23] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; - r[24] = t0 & 0x1fffffffffffffL; + r[23] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; + r[24] = (sp_digit)(t0 & 0x1fffffffffffffL); r[25] = (sp_digit)(t0 >> 53); XMEMCPY(r, t, sizeof(t)); } @@ -17890,57 +17835,57 @@ SP_NOINLINE static void sp_4096_sqr_13(sp_digit* r, const sp_digit* a) t0 = ((sp_uint128)a[ 0]) * a[ 0]; t1 = (((sp_uint128)a[ 0]) * a[ 1]) * 2; - t[ 0] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + t[ 0] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = (((sp_uint128)a[ 0]) * a[ 2]) * 2 + ((sp_uint128)a[ 1]) * a[ 1]; - t[ 1] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; + t[ 1] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; t1 = (((sp_uint128)a[ 0]) * a[ 3] + ((sp_uint128)a[ 1]) * a[ 2]) * 2; - t[ 2] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + t[ 2] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = (((sp_uint128)a[ 0]) * a[ 4] + ((sp_uint128)a[ 1]) * a[ 3]) * 2 + ((sp_uint128)a[ 2]) * a[ 2]; - t[ 3] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; + t[ 3] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; t1 = (((sp_uint128)a[ 0]) * a[ 5] + ((sp_uint128)a[ 1]) * a[ 4] + ((sp_uint128)a[ 2]) * a[ 3]) * 2; - t[ 4] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + t[ 4] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = (((sp_uint128)a[ 0]) * a[ 6] + ((sp_uint128)a[ 1]) * a[ 5] + ((sp_uint128)a[ 2]) * a[ 4]) * 2 + ((sp_uint128)a[ 3]) * a[ 3]; - t[ 5] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; + t[ 5] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; t1 = (((sp_uint128)a[ 0]) * a[ 7] + ((sp_uint128)a[ 1]) * a[ 6] + ((sp_uint128)a[ 2]) * a[ 5] + ((sp_uint128)a[ 3]) * a[ 4]) * 2; - t[ 6] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + t[ 6] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = (((sp_uint128)a[ 0]) * a[ 8] + ((sp_uint128)a[ 1]) * a[ 7] + ((sp_uint128)a[ 2]) * a[ 6] + ((sp_uint128)a[ 3]) * a[ 5]) * 2 + ((sp_uint128)a[ 4]) * a[ 4]; - t[ 7] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; + t[ 7] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; t1 = (((sp_uint128)a[ 0]) * a[ 9] + ((sp_uint128)a[ 1]) * a[ 8] + ((sp_uint128)a[ 2]) * a[ 7] + ((sp_uint128)a[ 3]) * a[ 6] + ((sp_uint128)a[ 4]) * a[ 5]) * 2; - t[ 8] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + t[ 8] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = (((sp_uint128)a[ 0]) * a[10] + ((sp_uint128)a[ 1]) * a[ 9] + ((sp_uint128)a[ 2]) * a[ 8] + ((sp_uint128)a[ 3]) * a[ 7] + ((sp_uint128)a[ 4]) * a[ 6]) * 2 + ((sp_uint128)a[ 5]) * a[ 5]; - t[ 9] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; + t[ 9] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; t1 = (((sp_uint128)a[ 0]) * a[11] + ((sp_uint128)a[ 1]) * a[10] + ((sp_uint128)a[ 2]) * a[ 9] + ((sp_uint128)a[ 3]) * a[ 8] + ((sp_uint128)a[ 4]) * a[ 7] + ((sp_uint128)a[ 5]) * a[ 6]) * 2; - t[10] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + t[10] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = (((sp_uint128)a[ 0]) * a[12] + ((sp_uint128)a[ 1]) * a[11] + ((sp_uint128)a[ 2]) * a[10] @@ -17948,62 +17893,62 @@ SP_NOINLINE static void sp_4096_sqr_13(sp_digit* r, const sp_digit* a) + ((sp_uint128)a[ 4]) * a[ 8] + ((sp_uint128)a[ 5]) * a[ 7]) * 2 + ((sp_uint128)a[ 6]) * a[ 6]; - t[11] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; + t[11] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; t1 = (((sp_uint128)a[ 1]) * a[12] + ((sp_uint128)a[ 2]) * a[11] + ((sp_uint128)a[ 3]) * a[10] + ((sp_uint128)a[ 4]) * a[ 9] + ((sp_uint128)a[ 5]) * a[ 8] + ((sp_uint128)a[ 6]) * a[ 7]) * 2; - t[12] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + t[12] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = (((sp_uint128)a[ 2]) * a[12] + ((sp_uint128)a[ 3]) * a[11] + ((sp_uint128)a[ 4]) * a[10] + ((sp_uint128)a[ 5]) * a[ 9] + ((sp_uint128)a[ 6]) * a[ 8]) * 2 + ((sp_uint128)a[ 7]) * a[ 7]; - r[13] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; + r[13] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; t1 = (((sp_uint128)a[ 3]) * a[12] + ((sp_uint128)a[ 4]) * a[11] + ((sp_uint128)a[ 5]) * a[10] + ((sp_uint128)a[ 6]) * a[ 9] + ((sp_uint128)a[ 7]) * a[ 8]) * 2; - r[14] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + r[14] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = (((sp_uint128)a[ 4]) * a[12] + ((sp_uint128)a[ 5]) * a[11] + ((sp_uint128)a[ 6]) * a[10] + ((sp_uint128)a[ 7]) * a[ 9]) * 2 + ((sp_uint128)a[ 8]) * a[ 8]; - r[15] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; + r[15] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; t1 = (((sp_uint128)a[ 5]) * a[12] + ((sp_uint128)a[ 6]) * a[11] + ((sp_uint128)a[ 7]) * a[10] + ((sp_uint128)a[ 8]) * a[ 9]) * 2; - r[16] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + r[16] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = (((sp_uint128)a[ 6]) * a[12] + ((sp_uint128)a[ 7]) * a[11] + ((sp_uint128)a[ 8]) * a[10]) * 2 + ((sp_uint128)a[ 9]) * a[ 9]; - r[17] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; + r[17] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; t1 = (((sp_uint128)a[ 7]) * a[12] + ((sp_uint128)a[ 8]) * a[11] + ((sp_uint128)a[ 9]) * a[10]) * 2; - r[18] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + r[18] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = (((sp_uint128)a[ 8]) * a[12] + ((sp_uint128)a[ 9]) * a[11]) * 2 + ((sp_uint128)a[10]) * a[10]; - r[19] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; + r[19] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; t1 = (((sp_uint128)a[ 9]) * a[12] + ((sp_uint128)a[10]) * a[11]) * 2; - r[20] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + r[20] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = (((sp_uint128)a[10]) * a[12]) * 2 + ((sp_uint128)a[11]) * a[11]; - r[21] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; + r[21] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; t1 = (((sp_uint128)a[11]) * a[12]) * 2; - r[22] = t0 & 0x1fffffffffffffL; t1 += t0 >> 53; + r[22] = (sp_digit)(t0 & 0x1fffffffffffffL); t1 += t0 >> 53; t0 = ((sp_uint128)a[12]) * a[12]; - r[23] = t1 & 0x1fffffffffffffL; t0 += t1 >> 53; - r[24] = t0 & 0x1fffffffffffffL; + r[23] = (sp_digit)(t1 & 0x1fffffffffffffL); t0 += t1 >> 53; + r[24] = (sp_digit)(t0 & 0x1fffffffffffffL); r[25] = (sp_digit)(t0 >> 53); XMEMCPY(r, t, sizeof(t)); } @@ -18332,29 +18277,29 @@ static void sp_4096_mont_shift_39(sp_digit* r, const sp_digit* a) sp_int128 n = a[38] >> 34; n += ((sp_int128)a[39]) << 19; for (i = 0; i < 32; i += 8) { - r[i + 0] = n & 0x1fffffffffffffL; + r[i + 0] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[i + 40]) << 19; - r[i + 1] = n & 0x1fffffffffffffL; + r[i + 1] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[i + 41]) << 19; - r[i + 2] = n & 0x1fffffffffffffL; + r[i + 2] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[i + 42]) << 19; - r[i + 3] = n & 0x1fffffffffffffL; + r[i + 3] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[i + 43]) << 19; - r[i + 4] = n & 0x1fffffffffffffL; + r[i + 4] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[i + 44]) << 19; - r[i + 5] = n & 0x1fffffffffffffL; + r[i + 5] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[i + 45]) << 19; - r[i + 6] = n & 0x1fffffffffffffL; + r[i + 6] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[i + 46]) << 19; - r[i + 7] = n & 0x1fffffffffffffL; + r[i + 7] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[i + 47]) << 19; } - r[32] = n & 0x1fffffffffffffL; n >>= 53; n += ((sp_int128)a[72]) << 19; - r[33] = n & 0x1fffffffffffffL; n >>= 53; n += ((sp_int128)a[73]) << 19; - r[34] = n & 0x1fffffffffffffL; n >>= 53; n += ((sp_int128)a[74]) << 19; - r[35] = n & 0x1fffffffffffffL; n >>= 53; n += ((sp_int128)a[75]) << 19; - r[36] = n & 0x1fffffffffffffL; n >>= 53; n += ((sp_int128)a[76]) << 19; - r[37] = n & 0x1fffffffffffffL; n >>= 53; n += ((sp_int128)a[77]) << 19; + r[32] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[72]) << 19; + r[33] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[73]) << 19; + r[34] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[74]) << 19; + r[35] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[75]) << 19; + r[36] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[76]) << 19; + r[37] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[77]) << 19; r[38] = (sp_digit)n; XMEMSET(&r[39], 0, sizeof(*r) * 39U); } @@ -18374,11 +18319,11 @@ static void sp_4096_mont_reduce_39(sp_digit* a, const sp_digit* m, sp_digit mp) sp_4096_norm_39(a + 39); for (i=0; i<38; i++) { - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffL); sp_4096_mul_add_39(a+i, m, mu); a[i+1] += a[i] >> 53; } - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x3ffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x3ffffffffL); sp_4096_mul_add_39(a+i, m, mu); a[i+1] += a[i] >> 53; a[i] &= 0x1fffffffffffffL; @@ -18507,21 +18452,21 @@ SP_NOINLINE static void sp_4096_rshift_39(sp_digit* r, const sp_digit* a, int i; for (i=0; i<32; i += 8) { - r[i+0] = (a[i+0] >> n) | ((a[i+1] << (53 - n)) & 0x1fffffffffffffL); - r[i+1] = (a[i+1] >> n) | ((a[i+2] << (53 - n)) & 0x1fffffffffffffL); - r[i+2] = (a[i+2] >> n) | ((a[i+3] << (53 - n)) & 0x1fffffffffffffL); - r[i+3] = (a[i+3] >> n) | ((a[i+4] << (53 - n)) & 0x1fffffffffffffL); - r[i+4] = (a[i+4] >> n) | ((a[i+5] << (53 - n)) & 0x1fffffffffffffL); - r[i+5] = (a[i+5] >> n) | ((a[i+6] << (53 - n)) & 0x1fffffffffffffL); - r[i+6] = (a[i+6] >> n) | ((a[i+7] << (53 - n)) & 0x1fffffffffffffL); - r[i+7] = (a[i+7] >> n) | ((a[i+8] << (53 - n)) & 0x1fffffffffffffL); - } - r[32] = (a[32] >> n) | ((a[33] << (53 - n)) & 0x1fffffffffffffL); - r[33] = (a[33] >> n) | ((a[34] << (53 - n)) & 0x1fffffffffffffL); - r[34] = (a[34] >> n) | ((a[35] << (53 - n)) & 0x1fffffffffffffL); - r[35] = (a[35] >> n) | ((a[36] << (53 - n)) & 0x1fffffffffffffL); - r[36] = (a[36] >> n) | ((a[37] << (53 - n)) & 0x1fffffffffffffL); - r[37] = (a[37] >> n) | ((a[38] << (53 - n)) & 0x1fffffffffffffL); + r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (53 - n)) & 0x1fffffffffffffL); + r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (53 - n)) & 0x1fffffffffffffL); + r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (53 - n)) & 0x1fffffffffffffL); + r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (53 - n)) & 0x1fffffffffffffL); + r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (53 - n)) & 0x1fffffffffffffL); + r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (53 - n)) & 0x1fffffffffffffL); + r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (53 - n)) & 0x1fffffffffffffL); + r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (53 - n)) & 0x1fffffffffffffL); + } + r[32] = (a[32] >> n) | (sp_digit)((a[33] << (53 - n)) & 0x1fffffffffffffL); + r[33] = (a[33] >> n) | (sp_digit)((a[34] << (53 - n)) & 0x1fffffffffffffL); + r[34] = (a[34] >> n) | (sp_digit)((a[35] << (53 - n)) & 0x1fffffffffffffL); + r[35] = (a[35] >> n) | (sp_digit)((a[36] << (53 - n)) & 0x1fffffffffffffL); + r[36] = (a[36] >> n) | (sp_digit)((a[37] << (53 - n)) & 0x1fffffffffffffL); + r[37] = (a[37] >> n) | (sp_digit)((a[38] << (53 - n)) & 0x1fffffffffffffL); r[38] = a[38] >> n; } @@ -18697,8 +18642,7 @@ static int sp_4096_div_39(const sp_digit* a, const sp_digit* d, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -18810,14 +18754,13 @@ static int sp_4096_mod_exp_39(sp_digit* r, const sp_digit* a, const sp_digit* e, sp_4096_mont_reduce_39(t[0], m, mp); n = sp_4096_cmp_39(t[0], m); - sp_4096_cond_sub_39(t[0], t[0], m, ~(n >> 63)); + sp_4096_cond_sub_39(t[0], t[0], m, (sp_digit)~(n >> 63)); XMEMCPY(r, t[0], sizeof(*r) * 39 * 2); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -18901,13 +18844,12 @@ static int sp_4096_mod_exp_39(sp_digit* r, const sp_digit* a, const sp_digit* e, sp_4096_mont_reduce_39(t[0], m, mp); n = sp_4096_cmp_39(t[0], m); - sp_4096_cond_sub_39(t[0], t[0], m, ~(n >> 63)); + sp_4096_cond_sub_39(t[0], t[0], m, (sp_digit)~(n >> 63)); XMEMCPY(r, t[0], sizeof(*r) * 39 * 2); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -19047,13 +18989,12 @@ static int sp_4096_mod_exp_39(sp_digit* r, const sp_digit* a, const sp_digit* e, sp_4096_mont_reduce_39(rt, m, mp); n = sp_4096_cmp_39(rt, m); - sp_4096_cond_sub_39(rt, rt, m, ~(n >> 63)); + sp_4096_cond_sub_39(rt, rt, m, (sp_digit)~(n >> 63)); XMEMCPY(r, rt, sizeof(sp_digit) * 78); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -19217,28 +19158,28 @@ static void sp_4096_mont_shift_78(sp_digit* r, const sp_digit* a) sp_int128 n = a[77] >> 15; n += ((sp_int128)a[78]) << 38; for (i = 0; i < 72; i += 8) { - r[i + 0] = n & 0x1fffffffffffffL; + r[i + 0] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[i + 79]) << 38; - r[i + 1] = n & 0x1fffffffffffffL; + r[i + 1] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[i + 80]) << 38; - r[i + 2] = n & 0x1fffffffffffffL; + r[i + 2] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[i + 81]) << 38; - r[i + 3] = n & 0x1fffffffffffffL; + r[i + 3] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[i + 82]) << 38; - r[i + 4] = n & 0x1fffffffffffffL; + r[i + 4] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[i + 83]) << 38; - r[i + 5] = n & 0x1fffffffffffffL; + r[i + 5] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[i + 84]) << 38; - r[i + 6] = n & 0x1fffffffffffffL; + r[i + 6] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[i + 85]) << 38; - r[i + 7] = n & 0x1fffffffffffffL; + r[i + 7] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[i + 86]) << 38; } - r[72] = n & 0x1fffffffffffffL; n >>= 53; n += ((sp_int128)a[151]) << 38; - r[73] = n & 0x1fffffffffffffL; n >>= 53; n += ((sp_int128)a[152]) << 38; - r[74] = n & 0x1fffffffffffffL; n >>= 53; n += ((sp_int128)a[153]) << 38; - r[75] = n & 0x1fffffffffffffL; n >>= 53; n += ((sp_int128)a[154]) << 38; - r[76] = n & 0x1fffffffffffffL; n >>= 53; n += ((sp_int128)a[155]) << 38; + r[72] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[151]) << 38; + r[73] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[152]) << 38; + r[74] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[153]) << 38; + r[75] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[154]) << 38; + r[76] = (sp_digit)(n & 0x1fffffffffffffL); n >>= 53; n += ((sp_int128)a[155]) << 38; r[77] = (sp_digit)n; XMEMSET(&r[78], 0, sizeof(*r) * 78U); } @@ -19260,33 +19201,33 @@ static void sp_4096_mont_reduce_78(sp_digit* a, const sp_digit* m, sp_digit mp) #ifdef WOLFSSL_SP_DH if (mp != 1) { for (i=0; i<77; i++) { - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffL); sp_4096_mul_add_78(a+i, m, mu); a[i+1] += a[i] >> 53; } - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x7fffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x7fffL); sp_4096_mul_add_78(a+i, m, mu); a[i+1] += a[i] >> 53; a[i] &= 0x1fffffffffffffL; } else { for (i=0; i<77; i++) { - mu = a[i] & 0x1fffffffffffffL; + mu = (sp_digit)(a[i] & 0x1fffffffffffffL); sp_4096_mul_add_78(a+i, m, mu); a[i+1] += a[i] >> 53; } - mu = a[i] & 0x7fffL; + mu = (sp_digit)(a[i] & 0x7fffL); sp_4096_mul_add_78(a+i, m, mu); a[i+1] += a[i] >> 53; a[i] &= 0x1fffffffffffffL; } #else for (i=0; i<77; i++) { - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1fffffffffffffL); sp_4096_mul_add_78(a+i, m, mu); a[i+1] += a[i] >> 53; } - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x7fffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x7fffL); sp_4096_mul_add_78(a+i, m, mu); a[i+1] += a[i] >> 53; a[i] &= 0x1fffffffffffffL; @@ -19406,20 +19347,20 @@ SP_NOINLINE static void sp_4096_rshift_78(sp_digit* r, const sp_digit* a, int i; for (i=0; i<72; i += 8) { - r[i+0] = (a[i+0] >> n) | ((a[i+1] << (53 - n)) & 0x1fffffffffffffL); - r[i+1] = (a[i+1] >> n) | ((a[i+2] << (53 - n)) & 0x1fffffffffffffL); - r[i+2] = (a[i+2] >> n) | ((a[i+3] << (53 - n)) & 0x1fffffffffffffL); - r[i+3] = (a[i+3] >> n) | ((a[i+4] << (53 - n)) & 0x1fffffffffffffL); - r[i+4] = (a[i+4] >> n) | ((a[i+5] << (53 - n)) & 0x1fffffffffffffL); - r[i+5] = (a[i+5] >> n) | ((a[i+6] << (53 - n)) & 0x1fffffffffffffL); - r[i+6] = (a[i+6] >> n) | ((a[i+7] << (53 - n)) & 0x1fffffffffffffL); - r[i+7] = (a[i+7] >> n) | ((a[i+8] << (53 - n)) & 0x1fffffffffffffL); - } - r[72] = (a[72] >> n) | ((a[73] << (53 - n)) & 0x1fffffffffffffL); - r[73] = (a[73] >> n) | ((a[74] << (53 - n)) & 0x1fffffffffffffL); - r[74] = (a[74] >> n) | ((a[75] << (53 - n)) & 0x1fffffffffffffL); - r[75] = (a[75] >> n) | ((a[76] << (53 - n)) & 0x1fffffffffffffL); - r[76] = (a[76] >> n) | ((a[77] << (53 - n)) & 0x1fffffffffffffL); + r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (53 - n)) & 0x1fffffffffffffL); + r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (53 - n)) & 0x1fffffffffffffL); + r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (53 - n)) & 0x1fffffffffffffL); + r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (53 - n)) & 0x1fffffffffffffL); + r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (53 - n)) & 0x1fffffffffffffL); + r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (53 - n)) & 0x1fffffffffffffL); + r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (53 - n)) & 0x1fffffffffffffL); + r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (53 - n)) & 0x1fffffffffffffL); + } + r[72] = (a[72] >> n) | (sp_digit)((a[73] << (53 - n)) & 0x1fffffffffffffL); + r[73] = (a[73] >> n) | (sp_digit)((a[74] << (53 - n)) & 0x1fffffffffffffL); + r[74] = (a[74] >> n) | (sp_digit)((a[75] << (53 - n)) & 0x1fffffffffffffL); + r[75] = (a[75] >> n) | (sp_digit)((a[76] << (53 - n)) & 0x1fffffffffffffL); + r[76] = (a[76] >> n) | (sp_digit)((a[77] << (53 - n)) & 0x1fffffffffffffL); r[77] = a[77] >> n; } @@ -19595,8 +19536,7 @@ static int sp_4096_div_78(const sp_digit* a, const sp_digit* d, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -19711,14 +19651,13 @@ static int sp_4096_mod_exp_78(sp_digit* r, const sp_digit* a, const sp_digit* e, sp_4096_mont_reduce_78(t[0], m, mp); n = sp_4096_cmp_78(t[0], m); - sp_4096_cond_sub_78(t[0], t[0], m, ~(n >> 63)); + sp_4096_cond_sub_78(t[0], t[0], m, (sp_digit)~(n >> 63)); XMEMCPY(r, t[0], sizeof(*r) * 78 * 2); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -19802,13 +19741,12 @@ static int sp_4096_mod_exp_78(sp_digit* r, const sp_digit* a, const sp_digit* e, sp_4096_mont_reduce_78(t[0], m, mp); n = sp_4096_cmp_78(t[0], m); - sp_4096_cond_sub_78(t[0], t[0], m, ~(n >> 63)); + sp_4096_cond_sub_78(t[0], t[0], m, (sp_digit)~(n >> 63)); XMEMCPY(r, t[0], sizeof(*r) * 78 * 2); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -19931,13 +19869,12 @@ static int sp_4096_mod_exp_78(sp_digit* r, const sp_digit* a, const sp_digit* e, sp_4096_mont_reduce_78(rt, m, mp); n = sp_4096_cmp_78(rt, m); - sp_4096_cond_sub_78(rt, rt, m, ~(n >> 63)); + sp_4096_cond_sub_78(rt, rt, m, (sp_digit)~(n >> 63)); XMEMCPY(r, rt, sizeof(sp_digit) * 156); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -20058,8 +19995,7 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (a != NULL) - XFREE(a, NULL, DYNAMIC_TYPE_RSA); + XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -20170,8 +20106,7 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (d != NULL) - XFREE(d, NULL, DYNAMIC_TYPE_RSA); + XFREE(d, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -20541,7 +20476,7 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm, } #ifdef WOLFSSL_SP_SMALL_STACK -if (a != NULL) + if (a != NULL) #endif { ForceZero(a, sizeof(sp_digit) * 39 * 13); @@ -20779,160 +20714,160 @@ SP_NOINLINE static void sp_4096_lshift_78(sp_digit* r, const sp_digit* a, s = (sp_int_digit)a[77]; r[78] = s >> (53U - n); s = (sp_int_digit)(a[77]); t = (sp_int_digit)(a[76]); - r[77] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[77] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[76]); t = (sp_int_digit)(a[75]); - r[76] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[76] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[75]); t = (sp_int_digit)(a[74]); - r[75] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[75] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[74]); t = (sp_int_digit)(a[73]); - r[74] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[74] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[73]); t = (sp_int_digit)(a[72]); - r[73] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[73] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[72]); t = (sp_int_digit)(a[71]); - r[72] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[72] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[71]); t = (sp_int_digit)(a[70]); - r[71] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[71] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[70]); t = (sp_int_digit)(a[69]); - r[70] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[70] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[69]); t = (sp_int_digit)(a[68]); - r[69] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[69] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[68]); t = (sp_int_digit)(a[67]); - r[68] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[68] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[67]); t = (sp_int_digit)(a[66]); - r[67] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[67] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[66]); t = (sp_int_digit)(a[65]); - r[66] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[66] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[65]); t = (sp_int_digit)(a[64]); - r[65] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[65] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[64]); t = (sp_int_digit)(a[63]); - r[64] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[64] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[63]); t = (sp_int_digit)(a[62]); - r[63] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[63] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[62]); t = (sp_int_digit)(a[61]); - r[62] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[62] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[61]); t = (sp_int_digit)(a[60]); - r[61] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[61] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[60]); t = (sp_int_digit)(a[59]); - r[60] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[60] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[59]); t = (sp_int_digit)(a[58]); - r[59] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[59] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[58]); t = (sp_int_digit)(a[57]); - r[58] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[58] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[57]); t = (sp_int_digit)(a[56]); - r[57] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[57] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[56]); t = (sp_int_digit)(a[55]); - r[56] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[56] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[55]); t = (sp_int_digit)(a[54]); - r[55] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[55] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[54]); t = (sp_int_digit)(a[53]); - r[54] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[54] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[53]); t = (sp_int_digit)(a[52]); - r[53] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[53] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[52]); t = (sp_int_digit)(a[51]); - r[52] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[52] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[51]); t = (sp_int_digit)(a[50]); - r[51] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[51] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[50]); t = (sp_int_digit)(a[49]); - r[50] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[50] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[49]); t = (sp_int_digit)(a[48]); - r[49] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[49] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[48]); t = (sp_int_digit)(a[47]); - r[48] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[48] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[47]); t = (sp_int_digit)(a[46]); - r[47] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[47] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[46]); t = (sp_int_digit)(a[45]); - r[46] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[46] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[45]); t = (sp_int_digit)(a[44]); - r[45] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[45] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[44]); t = (sp_int_digit)(a[43]); - r[44] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[44] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[43]); t = (sp_int_digit)(a[42]); - r[43] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[43] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[42]); t = (sp_int_digit)(a[41]); - r[42] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[42] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[41]); t = (sp_int_digit)(a[40]); - r[41] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[41] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[40]); t = (sp_int_digit)(a[39]); - r[40] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[40] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[39]); t = (sp_int_digit)(a[38]); - r[39] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[39] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[38]); t = (sp_int_digit)(a[37]); - r[38] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[38] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[37]); t = (sp_int_digit)(a[36]); - r[37] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[37] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[36]); t = (sp_int_digit)(a[35]); - r[36] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[36] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[35]); t = (sp_int_digit)(a[34]); - r[35] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[35] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[34]); t = (sp_int_digit)(a[33]); - r[34] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[34] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[33]); t = (sp_int_digit)(a[32]); - r[33] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[33] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[32]); t = (sp_int_digit)(a[31]); - r[32] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[32] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[31]); t = (sp_int_digit)(a[30]); - r[31] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[31] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[30]); t = (sp_int_digit)(a[29]); - r[30] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[30] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[29]); t = (sp_int_digit)(a[28]); - r[29] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[29] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[28]); t = (sp_int_digit)(a[27]); - r[28] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[28] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[27]); t = (sp_int_digit)(a[26]); - r[27] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[27] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[26]); t = (sp_int_digit)(a[25]); - r[26] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[26] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[25]); t = (sp_int_digit)(a[24]); - r[25] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[25] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[24]); t = (sp_int_digit)(a[23]); - r[24] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[24] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[23]); t = (sp_int_digit)(a[22]); - r[23] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[23] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[22]); t = (sp_int_digit)(a[21]); - r[22] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[22] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[21]); t = (sp_int_digit)(a[20]); - r[21] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[21] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[20]); t = (sp_int_digit)(a[19]); - r[20] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[20] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[19]); t = (sp_int_digit)(a[18]); - r[19] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[19] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[18]); t = (sp_int_digit)(a[17]); - r[18] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[18] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[17]); t = (sp_int_digit)(a[16]); - r[17] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[17] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[16]); t = (sp_int_digit)(a[15]); - r[16] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[16] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[15]); t = (sp_int_digit)(a[14]); - r[15] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[15] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[14]); t = (sp_int_digit)(a[13]); - r[14] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[14] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[13]); t = (sp_int_digit)(a[12]); - r[13] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[13] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[12]); t = (sp_int_digit)(a[11]); - r[12] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[12] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[11]); t = (sp_int_digit)(a[10]); - r[11] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[11] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[10]); t = (sp_int_digit)(a[9]); - r[10] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[10] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]); - r[9] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[9] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]); - r[8] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[8] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]); - r[7] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[7] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]); - r[6] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[6] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]); - r[5] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[5] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]); - r[4] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[4] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]); - r[3] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[3] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]); - r[2] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; + r[2] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]); - r[1] = ((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL; - r[0] = (a[0] << n) & 0x1fffffffffffffL; + r[1] = (sp_digit)(((s << n) | (t >> (53U - n))) & 0x1fffffffffffffUL); + r[0] = (sp_digit)((a[0] << n) & 0x1fffffffffffffL); } /* Modular exponentiate 2 to the e mod m. (r = 2^e mod m) @@ -21043,12 +20978,11 @@ static int sp_4096_mod_exp_2_78(sp_digit* r, const sp_digit* e, int bits, const sp_4096_mont_reduce_78(r, m, mp); n = sp_4096_cmp_78(r, m); - sp_4096_cond_sub_78(r, r, m, ~(n >> 63)); + sp_4096_cond_sub_78(r, r, m, (sp_digit)~(n >> 63)); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -21315,16 +21249,16 @@ SP_NOINLINE static void sp_256_mul_5(sp_digit* r, const sp_digit* a, + ((sp_int128)a[ 4]) * b[ 3]; sp_int128 t8 = ((sp_int128)a[ 4]) * b[ 4]; - t1 += t0 >> 52; r[ 0] = t0 & 0xfffffffffffffL; - t2 += t1 >> 52; r[ 1] = t1 & 0xfffffffffffffL; - t3 += t2 >> 52; r[ 2] = t2 & 0xfffffffffffffL; - t4 += t3 >> 52; r[ 3] = t3 & 0xfffffffffffffL; - t5 += t4 >> 52; r[ 4] = t4 & 0xfffffffffffffL; - t6 += t5 >> 52; r[ 5] = t5 & 0xfffffffffffffL; - t7 += t6 >> 52; r[ 6] = t6 & 0xfffffffffffffL; - t8 += t7 >> 52; r[ 7] = t7 & 0xfffffffffffffL; + t1 += t0 >> 52; r[ 0] = (sp_digit)(t0 & 0xfffffffffffffL); + t2 += t1 >> 52; r[ 1] = (sp_digit)(t1 & 0xfffffffffffffL); + t3 += t2 >> 52; r[ 2] = (sp_digit)(t2 & 0xfffffffffffffL); + t4 += t3 >> 52; r[ 3] = (sp_digit)(t3 & 0xfffffffffffffL); + t5 += t4 >> 52; r[ 4] = (sp_digit)(t4 & 0xfffffffffffffL); + t6 += t5 >> 52; r[ 5] = (sp_digit)(t5 & 0xfffffffffffffL); + t7 += t6 >> 52; r[ 6] = (sp_digit)(t6 & 0xfffffffffffffL); + t8 += t7 >> 52; r[ 7] = (sp_digit)(t7 & 0xfffffffffffffL); r[9] = (sp_digit)(t8 >> 52); - r[8] = t8 & 0xfffffffffffffL; + r[8] = (sp_digit)(t8 & 0xfffffffffffffL); } #endif /* WOLFSSL_SP_SMALL */ @@ -21394,16 +21328,16 @@ SP_NOINLINE static void sp_256_sqr_5(sp_digit* r, const sp_digit* a) sp_int128 t7 = (((sp_int128)a[ 3]) * a[ 4]) * 2; sp_int128 t8 = ((sp_int128)a[ 4]) * a[ 4]; - t1 += t0 >> 52; r[ 0] = t0 & 0xfffffffffffffL; - t2 += t1 >> 52; r[ 1] = t1 & 0xfffffffffffffL; - t3 += t2 >> 52; r[ 2] = t2 & 0xfffffffffffffL; - t4 += t3 >> 52; r[ 3] = t3 & 0xfffffffffffffL; - t5 += t4 >> 52; r[ 4] = t4 & 0xfffffffffffffL; - t6 += t5 >> 52; r[ 5] = t5 & 0xfffffffffffffL; - t7 += t6 >> 52; r[ 6] = t6 & 0xfffffffffffffL; - t8 += t7 >> 52; r[ 7] = t7 & 0xfffffffffffffL; + t1 += t0 >> 52; r[ 0] = (sp_digit)(t0 & 0xfffffffffffffL); + t2 += t1 >> 52; r[ 1] = (sp_digit)(t1 & 0xfffffffffffffL); + t3 += t2 >> 52; r[ 2] = (sp_digit)(t2 & 0xfffffffffffffL); + t4 += t3 >> 52; r[ 3] = (sp_digit)(t3 & 0xfffffffffffffL); + t5 += t4 >> 52; r[ 4] = (sp_digit)(t4 & 0xfffffffffffffL); + t6 += t5 >> 52; r[ 5] = (sp_digit)(t5 & 0xfffffffffffffL); + t7 += t6 >> 52; r[ 6] = (sp_digit)(t6 & 0xfffffffffffffL); + t8 += t7 >> 52; r[ 7] = (sp_digit)(t7 & 0xfffffffffffffL); r[9] = (sp_digit)(t8 >> 52); - r[8] = t8 & 0xfffffffffffffL; + r[8] = (sp_digit)(t8 & 0xfffffffffffffL); } #endif /* WOLFSSL_SP_SMALL */ @@ -21752,17 +21686,17 @@ SP_NOINLINE static void sp_256_mul_add_5(sp_digit* r, const sp_digit* a, t[1] = (tb * a[i+1]) + r[i+1]; t[2] = (tb * a[i+2]) + r[i+2]; t[3] = (tb * a[i+3]) + r[i+3]; - r[i+0] = t[0] & 0xfffffffffffffL; + r[i+0] = (sp_digit)(t[0] & 0xfffffffffffffL); t[1] += t[0] >> 52; - r[i+1] = t[1] & 0xfffffffffffffL; + r[i+1] = (sp_digit)(t[1] & 0xfffffffffffffL); t[2] += t[1] >> 52; - r[i+2] = t[2] & 0xfffffffffffffL; + r[i+2] = (sp_digit)(t[2] & 0xfffffffffffffL); t[3] += t[2] >> 52; - r[i+3] = t[3] & 0xfffffffffffffL; + r[i+3] = (sp_digit)(t[3] & 0xfffffffffffffL); t[0] = t[3] >> 52; } t[0] += (tb * a[4]) + r[4]; - r[4] = t[0] & 0xfffffffffffffL; + r[4] = (sp_digit)(t[0] & 0xfffffffffffffL); r[5] += (sp_digit)(t[0] >> 52); #else sp_int128 tb = b; @@ -21816,7 +21750,7 @@ static void sp_256_mont_shift_5(sp_digit* r, const sp_digit* a) n = a[4] >> 48; for (i = 0; i < 4; i++) { n += (sp_uint64)a[5 + i] << 4; - r[i] = n & 0xfffffffffffffL; + r[i] = (sp_digit)(n & 0xfffffffffffffL); n >>= 52; } n += (sp_uint64)a[9] << 4; @@ -21825,10 +21759,10 @@ static void sp_256_mont_shift_5(sp_digit* r, const sp_digit* a) sp_uint64 n; n = a[4] >> 48; - n += (sp_uint64)a[ 5] << 4U; r[ 0] = n & 0xfffffffffffffUL; n >>= 52U; - n += (sp_uint64)a[ 6] << 4U; r[ 1] = n & 0xfffffffffffffUL; n >>= 52U; - n += (sp_uint64)a[ 7] << 4U; r[ 2] = n & 0xfffffffffffffUL; n >>= 52U; - n += (sp_uint64)a[ 8] << 4U; r[ 3] = n & 0xfffffffffffffUL; n >>= 52U; + n += (sp_uint64)a[ 5] << 4U; r[ 0] = (sp_digit)(n & 0xfffffffffffffUL); n >>= 52U; + n += (sp_uint64)a[ 6] << 4U; r[ 1] = (sp_digit)(n & 0xfffffffffffffUL); n >>= 52U; + n += (sp_uint64)a[ 7] << 4U; r[ 2] = (sp_digit)(n & 0xfffffffffffffUL); n >>= 52U; + n += (sp_uint64)a[ 8] << 4U; r[ 3] = (sp_digit)(n & 0xfffffffffffffUL); n >>= 52U; n += (sp_uint64)a[ 9] << 4U; r[ 4] = n; #endif /* WOLFSSL_SP_SMALL */ XMEMSET(&r[5], 0, sizeof(*r) * 5U); @@ -21849,11 +21783,11 @@ static void sp_256_mont_reduce_order_5(sp_digit* a, const sp_digit* m, sp_digit sp_256_norm_5(a + 5); for (i=0; i<4; i++) { - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0xfffffffffffffL); sp_256_mul_add_5(a+i, m, mu); a[i+1] += a[i] >> 52; } - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0xffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0xffffffffffffL); sp_256_mul_add_5(a+i, m, mu); a[i+1] += a[i] >> 52; a[i] &= 0xfffffffffffffL; @@ -21879,32 +21813,32 @@ static void sp_256_mont_reduce_5(sp_digit* a, const sp_digit* m, sp_digit mp) (void)mp; for (i = 0; i < 4; i++) { - am = a[i] & 0xfffffffffffffL; + am = (sp_digit)(a[i] & 0xfffffffffffffL); /* Fifth word of modulus word */ t = am; t *= 0x0ffffffff0000L; - a[i + 1] += (am << 44) & 0xfffffffffffffL; + a[i + 1] += (sp_digit)((am << 44) & 0xfffffffffffffL); a[i + 2] += am >> 8; - a[i + 3] += (am << 36) & 0xfffffffffffffL; - a[i + 4] += (am >> 16) + (t & 0xfffffffffffffL); + a[i + 3] += (sp_digit)((am << 36) & 0xfffffffffffffL); + a[i + 4] += (am >> 16) + (sp_digit)(t & 0xfffffffffffffL); a[i + 5] += t >> 52; a[i + 1] += a[i] >> 52; } - am = a[4] & 0xffffffffffff; + am = (sp_digit)(a[4] & 0xffffffffffff); /* Fifth word of modulus word */ t = am; t *= 0x0ffffffff0000L; - a[4 + 1] += (am << 44) & 0xfffffffffffffL; + a[4 + 1] += (sp_digit)((am << 44) & 0xfffffffffffffL); a[4 + 2] += am >> 8; - a[4 + 3] += (am << 36) & 0xfffffffffffffL; - a[4 + 4] += (am >> 16) + (t & 0xfffffffffffffL); + a[4 + 3] += (sp_digit)((am << 36) & 0xfffffffffffffL); + a[4 + 4] += (am >> 16) + (sp_digit)(t & 0xfffffffffffffL); a[4 + 5] += t >> 52; - a[0] = (a[4] >> 48) + ((a[5] << 4) & 0xfffffffffffffL); - a[1] = (a[5] >> 48) + ((a[6] << 4) & 0xfffffffffffffL); - a[2] = (a[6] >> 48) + ((a[7] << 4) & 0xfffffffffffffL); - a[3] = (a[7] >> 48) + ((a[8] << 4) & 0xfffffffffffffL); + a[0] = (a[4] >> 48) + (sp_digit)((a[5] << 4) & 0xfffffffffffffL); + a[1] = (a[5] >> 48) + (sp_digit)((a[6] << 4) & 0xfffffffffffffL); + a[2] = (a[6] >> 48) + (sp_digit)((a[7] << 4) & 0xfffffffffffffL); + a[3] = (a[7] >> 48) + (sp_digit)((a[8] << 4) & 0xfffffffffffffL); a[4] = (a[8] >> 48) + (a[9] << 4); a[1] += a[0] >> 52; a[0] &= 0xfffffffffffffL; @@ -21917,11 +21851,11 @@ static void sp_256_mont_reduce_5(sp_digit* a, const sp_digit* m, sp_digit mp) /* Create mask. */ am = 0 - am; - a[0] -= 0x000fffffffffffffL & am; - a[1] -= 0x00000fffffffffffL & am; + a[0] -= (sp_digit)(0x000fffffffffffffL & am); + a[1] -= (sp_digit)(0x00000fffffffffffL & am); /* p256_mod[2] is zero */ - a[3] -= 0x0000001000000000L & am; - a[4] -= 0x0000ffffffff0000L & am; + a[3] -= (sp_digit)(0x0000001000000000L & am); + a[4] -= (sp_digit)(0x0000ffffffff0000L & am); a[1] += a[0] >> 52; a[0] &= 0xfffffffffffffL; a[2] += a[1] >> 52; a[1] &= 0xfffffffffffffL; @@ -22079,7 +22013,7 @@ static void sp_256_map_5(sp_point_256* r, const sp_point_256* p, sp_256_mont_reduce_5(r->x, p256_mod, p256_mp_mod); /* Reduce x to less than modulus */ n = sp_256_cmp_5(r->x, p256_mod); - sp_256_cond_sub_5(r->x, r->x, p256_mod, ~(n >> 51)); + sp_256_cond_sub_5(r->x, r->x, p256_mod, (sp_digit)~(n >> 51)); sp_256_norm_5(r->x); /* y /= z^3 */ @@ -22088,7 +22022,7 @@ static void sp_256_map_5(sp_point_256* r, const sp_point_256* p, sp_256_mont_reduce_5(r->y, p256_mod, p256_mp_mod); /* Reduce y to less than modulus */ n = sp_256_cmp_5(r->y, p256_mod); - sp_256_cond_sub_5(r->y, r->y, p256_mod, ~(n >> 51)); + sp_256_cond_sub_5(r->y, r->y, p256_mod, (sp_digit)~(n >> 51)); sp_256_norm_5(r->y); XMEMSET(r->z, 0, sizeof(r->z) / 2); @@ -22218,13 +22152,13 @@ SP_NOINLINE static void sp_256_rshift1_5(sp_digit* r, const sp_digit* a) int i; for (i=0; i<4; i++) { - r[i] = (a[i] >> 1) + ((a[i + 1] << 51) & 0xfffffffffffffL); + r[i] = (a[i] >> 1) + (sp_digit)((a[i + 1] << 51) & 0xfffffffffffffL); } #else - r[0] = (a[0] >> 1) + ((a[1] << 51) & 0xfffffffffffffL); - r[1] = (a[1] >> 1) + ((a[2] << 51) & 0xfffffffffffffL); - r[2] = (a[2] >> 1) + ((a[3] << 51) & 0xfffffffffffffL); - r[3] = (a[3] >> 1) + ((a[4] << 51) & 0xfffffffffffffL); + r[0] = (a[0] >> 1) + (sp_digit)((a[1] << 51) & 0xfffffffffffffL); + r[1] = (a[1] >> 1) + (sp_digit)((a[2] << 51) & 0xfffffffffffffL); + r[2] = (a[2] >> 1) + (sp_digit)((a[3] << 51) & 0xfffffffffffffL); + r[3] = (a[3] >> 1) + (sp_digit)((a[4] << 51) & 0xfffffffffffffL); #endif r[4] = a[4] >> 1; } @@ -22533,8 +22467,8 @@ static void sp_256_proj_point_add_5(sp_point_256* r, sp_256_mont_sub_5(y, y, t5, p256_mod); { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -22551,7 +22485,7 @@ static void sp_256_proj_point_add_5(sp_point_256* r, (z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } } } @@ -22725,8 +22659,8 @@ static int sp_256_proj_point_add_5_nb(sp_ecc_ctx_t* sp_ctx, sp_point_256* r, { { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -22743,7 +22677,7 @@ static int sp_256_proj_point_add_5_nb(sp_ecc_ctx_t* sp_ctx, sp_point_256* r, (ctx->z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } ctx->state = 25; break; @@ -22862,8 +22796,7 @@ static int sp_256_mod_mul_norm_5(sp_digit* r, const sp_digit* a, const sp_digit* } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, NULL, DYNAMIC_TYPE_ECC); + XFREE(t, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -23430,7 +23363,7 @@ static void sp_256_ecc_recode_6_5(const sp_digit* k, ecc_recode_256* v) n = k[j]; o = 0; for (i=0; i<43; i++) { - y = (int8_t)n; + y = (uint8_t)(int8_t)n; if (o + 6 < 52) { y &= 0x3f; n >>= 6; @@ -23485,7 +23418,7 @@ static void sp_256_get_point_33_5(sp_point_256* r, const sp_point_256* table, r->z[3] = 0; r->z[4] = 0; for (i = 1; i < 33; i++) { - mask = 0 - (i == idx); + mask = (sp_digit)0 - (i == idx); r->x[0] |= mask & table[i].x[0]; r->x[1] |= mask & table[i].x[1]; r->x[2] |= mask & table[i].x[2]; @@ -23640,10 +23573,8 @@ static int sp_256_ecc_mulmod_win_add_sub_5(sp_point_256* r, const sp_point_256* } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (tmp != NULL) - XFREE(tmp, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(tmp, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -23709,8 +23640,8 @@ static void sp_256_proj_point_add_qz1_5(sp_point_256* r, sp_256_mont_sub_5(y, t3, t1, p256_mod); { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -23727,7 +23658,7 @@ static void sp_256_proj_point_add_qz1_5(sp_point_256* r, (z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } } } @@ -23838,8 +23769,7 @@ static int sp_256_gen_stripe_table_5(const sp_point_256* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -23870,7 +23800,7 @@ static void sp_256_get_entry_256_5(sp_point_256* r, r->y[3] = 0; r->y[4] = 0; for (i = 1; i < 256; i++) { - mask = 0 - (i == idx); + mask = (sp_digit)0 - (i == idx); r->x[0] |= mask & table[i].x[0]; r->x[1] |= mask & table[i].x[1]; r->x[2] |= mask & table[i].x[2]; @@ -23991,10 +23921,8 @@ static int sp_256_ecc_mulmod_stripe_5(sp_point_256* r, const sp_point_256* g, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -24212,10 +24140,8 @@ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -24292,10 +24218,8 @@ int sp_ecc_mulmod_add_256(const mp_int* km, const ecc_point* gm, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -25681,10 +25605,8 @@ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -25759,10 +25681,8 @@ int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -25826,6 +25746,7 @@ static void sp_256_from_bin(sp_digit* r, int size, const byte* a, int n) */ static int sp_256_ecc_gen_k_5(WC_RNG* rng, sp_digit* k) { +#ifndef WC_NO_RNG int err; byte buf[32]; @@ -25842,6 +25763,11 @@ static int sp_256_ecc_gen_k_5(WC_RNG* rng, sp_digit* k) while (err == 0); return err; +#else + (void)rng; + (void)k; + return NOT_COMPILED_IN; +#endif } /* Makes a random EC key pair. @@ -25920,12 +25846,9 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) { - /* point is not sensitive, so no need to zeroize */ - XFREE(point, heap, DYNAMIC_TYPE_ECC); - } + XFREE(k, heap, DYNAMIC_TYPE_ECC); + /* point is not sensitive, so no need to zeroize */ + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -26108,10 +26031,8 @@ int sp_ecc_secret_gen_256(const mp_int* priv, const ecc_point* pub, byte* out, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -26178,23 +26099,23 @@ SP_NOINLINE static void sp_256_rshift_5(sp_digit* r, const sp_digit* a, #ifdef WOLFSSL_SP_SMALL for (i=0; i<4; i++) { - r[i] = ((a[i] >> n) | (a[i + 1] << (52 - n))) & 0xfffffffffffffL; + r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (52 - n))) & 0xfffffffffffffL); } #else for (i=0; i<0; i += 8) { - r[i+0] = (a[i+0] >> n) | ((a[i+1] << (52 - n)) & 0xfffffffffffffL); - r[i+1] = (a[i+1] >> n) | ((a[i+2] << (52 - n)) & 0xfffffffffffffL); - r[i+2] = (a[i+2] >> n) | ((a[i+3] << (52 - n)) & 0xfffffffffffffL); - r[i+3] = (a[i+3] >> n) | ((a[i+4] << (52 - n)) & 0xfffffffffffffL); - r[i+4] = (a[i+4] >> n) | ((a[i+5] << (52 - n)) & 0xfffffffffffffL); - r[i+5] = (a[i+5] >> n) | ((a[i+6] << (52 - n)) & 0xfffffffffffffL); - r[i+6] = (a[i+6] >> n) | ((a[i+7] << (52 - n)) & 0xfffffffffffffL); - r[i+7] = (a[i+7] >> n) | ((a[i+8] << (52 - n)) & 0xfffffffffffffL); - } - r[0] = (a[0] >> n) | ((a[1] << (52 - n)) & 0xfffffffffffffL); - r[1] = (a[1] >> n) | ((a[2] << (52 - n)) & 0xfffffffffffffL); - r[2] = (a[2] >> n) | ((a[3] << (52 - n)) & 0xfffffffffffffL); - r[3] = (a[3] >> n) | ((a[4] << (52 - n)) & 0xfffffffffffffL); + r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (52 - n)) & 0xfffffffffffffL); + r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (52 - n)) & 0xfffffffffffffL); + r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (52 - n)) & 0xfffffffffffffL); + r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (52 - n)) & 0xfffffffffffffL); + r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (52 - n)) & 0xfffffffffffffL); + r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (52 - n)) & 0xfffffffffffffL); + r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (52 - n)) & 0xfffffffffffffL); + r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (52 - n)) & 0xfffffffffffffL); + } + r[0] = (a[0] >> n) | (sp_digit)((a[1] << (52 - n)) & 0xfffffffffffffL); + r[1] = (a[1] >> n) | (sp_digit)((a[2] << (52 - n)) & 0xfffffffffffffL); + r[2] = (a[2] >> n) | (sp_digit)((a[3] << (52 - n)) & 0xfffffffffffffL); + r[3] = (a[3] >> n) | (sp_digit)((a[4] << (52 - n)) & 0xfffffffffffffL); #endif /* WOLFSSL_SP_SMALL */ r[4] = a[4] >> n; } @@ -26245,7 +26166,7 @@ SP_NOINLINE static void sp_256_lshift_10(sp_digit* r, const sp_digit* a, r[10] = a[9] >> (52 - n); for (i=9; i>0; i--) { - r[i] = ((a[i] << n) | (a[i-1] >> (52 - n))) & 0xfffffffffffffL; + r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (52 - n))) & 0xfffffffffffffL); } #else sp_int_digit s; @@ -26254,25 +26175,25 @@ SP_NOINLINE static void sp_256_lshift_10(sp_digit* r, const sp_digit* a, s = (sp_int_digit)a[9]; r[10] = s >> (52U - n); s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]); - r[9] = ((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL; + r[9] = (sp_digit)(((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL); s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]); - r[8] = ((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL; + r[8] = (sp_digit)(((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL); s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]); - r[7] = ((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL; + r[7] = (sp_digit)(((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL); s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]); - r[6] = ((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL; + r[6] = (sp_digit)(((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL); s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]); - r[5] = ((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL; + r[5] = (sp_digit)(((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL); s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]); - r[4] = ((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL; + r[4] = (sp_digit)(((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL); s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]); - r[3] = ((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL; + r[3] = (sp_digit)(((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL); s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]); - r[2] = ((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL; + r[2] = (sp_digit)(((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL); s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]); - r[1] = ((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL; + r[1] = (sp_digit)(((s << n) | (t >> (52U - n))) & 0xfffffffffffffUL); #endif /* WOLFSSL_SP_SMALL */ - r[0] = (a[0] << n) & 0xfffffffffffffL; + r[0] = (sp_digit)((a[0] << n) & 0xfffffffffffffL); } /* Divide d in a and put remainder into r (m*d + r = a) @@ -26342,8 +26263,7 @@ static int sp_256_div_5(const sp_digit* a, const sp_digit* d, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -27073,8 +26993,7 @@ static int sp_256_mod_inv_5(sp_digit* r, const sp_digit* a, const sp_digit* m) XMEMCPY(r, d, sizeof(sp_digit) * 5); } #ifdef WOLFSSL_SP_SMALL_STACK - if (u != NULL) - XFREE(u, NULL, DYNAMIC_TYPE_ECC); + XFREE(u, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -27278,10 +27197,8 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, } #ifdef WOLFSSL_SP_SMALL_STACK - if (u1 != NULL) - XFREE(u1, heap, DYNAMIC_TYPE_ECC); - if (p1 != NULL) - XFREE(p1, heap, DYNAMIC_TYPE_ECC); + XFREE(u1, heap, DYNAMIC_TYPE_ECC); + XFREE(p1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -27488,8 +27405,7 @@ static int sp_256_ecc_is_point_5(const sp_point_256* point, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, heap, DYNAMIC_TYPE_ECC); + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -27528,8 +27444,7 @@ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY) } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, NULL, DYNAMIC_TYPE_ECC); + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -27637,10 +27552,8 @@ int sp_ecc_check_key_256(const mp_int* pX, const mp_int* pY, } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, heap, DYNAMIC_TYPE_ECC); - if (priv != NULL) - XFREE(priv, heap, DYNAMIC_TYPE_ECC); + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + XFREE(priv, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -27719,10 +27632,8 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -27787,10 +27698,8 @@ int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -27851,10 +27760,8 @@ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ) } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -27920,8 +27827,7 @@ static int sp_256_mont_sqrt_5(sp_digit* y) } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_ECC); + XFREE(t1, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -27986,8 +27892,7 @@ int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym) } #ifdef WOLFSSL_SP_SMALL_STACK - if (x != NULL) - XFREE(x, NULL, DYNAMIC_TYPE_ECC); + XFREE(x, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -28177,20 +28082,20 @@ SP_NOINLINE static void sp_384_mul_7(sp_digit* r, const sp_digit* a, + ((sp_int128)a[ 6]) * b[ 5]; sp_int128 t12 = ((sp_int128)a[ 6]) * b[ 6]; - t1 += t0 >> 55; r[ 0] = t0 & 0x7fffffffffffffL; - t2 += t1 >> 55; r[ 1] = t1 & 0x7fffffffffffffL; - t3 += t2 >> 55; r[ 2] = t2 & 0x7fffffffffffffL; - t4 += t3 >> 55; r[ 3] = t3 & 0x7fffffffffffffL; - t5 += t4 >> 55; r[ 4] = t4 & 0x7fffffffffffffL; - t6 += t5 >> 55; r[ 5] = t5 & 0x7fffffffffffffL; - t7 += t6 >> 55; r[ 6] = t6 & 0x7fffffffffffffL; - t8 += t7 >> 55; r[ 7] = t7 & 0x7fffffffffffffL; - t9 += t8 >> 55; r[ 8] = t8 & 0x7fffffffffffffL; - t10 += t9 >> 55; r[ 9] = t9 & 0x7fffffffffffffL; - t11 += t10 >> 55; r[10] = t10 & 0x7fffffffffffffL; - t12 += t11 >> 55; r[11] = t11 & 0x7fffffffffffffL; + t1 += t0 >> 55; r[ 0] = (sp_digit)(t0 & 0x7fffffffffffffL); + t2 += t1 >> 55; r[ 1] = (sp_digit)(t1 & 0x7fffffffffffffL); + t3 += t2 >> 55; r[ 2] = (sp_digit)(t2 & 0x7fffffffffffffL); + t4 += t3 >> 55; r[ 3] = (sp_digit)(t3 & 0x7fffffffffffffL); + t5 += t4 >> 55; r[ 4] = (sp_digit)(t4 & 0x7fffffffffffffL); + t6 += t5 >> 55; r[ 5] = (sp_digit)(t5 & 0x7fffffffffffffL); + t7 += t6 >> 55; r[ 6] = (sp_digit)(t6 & 0x7fffffffffffffL); + t8 += t7 >> 55; r[ 7] = (sp_digit)(t7 & 0x7fffffffffffffL); + t9 += t8 >> 55; r[ 8] = (sp_digit)(t8 & 0x7fffffffffffffL); + t10 += t9 >> 55; r[ 9] = (sp_digit)(t9 & 0x7fffffffffffffL); + t11 += t10 >> 55; r[10] = (sp_digit)(t10 & 0x7fffffffffffffL); + t12 += t11 >> 55; r[11] = (sp_digit)(t11 & 0x7fffffffffffffL); r[13] = (sp_digit)(t12 >> 55); - r[12] = t12 & 0x7fffffffffffffL; + r[12] = (sp_digit)(t12 & 0x7fffffffffffffL); } #endif /* WOLFSSL_SP_SMALL */ @@ -28273,20 +28178,20 @@ SP_NOINLINE static void sp_384_sqr_7(sp_digit* r, const sp_digit* a) sp_int128 t11 = (((sp_int128)a[ 5]) * a[ 6]) * 2; sp_int128 t12 = ((sp_int128)a[ 6]) * a[ 6]; - t1 += t0 >> 55; r[ 0] = t0 & 0x7fffffffffffffL; - t2 += t1 >> 55; r[ 1] = t1 & 0x7fffffffffffffL; - t3 += t2 >> 55; r[ 2] = t2 & 0x7fffffffffffffL; - t4 += t3 >> 55; r[ 3] = t3 & 0x7fffffffffffffL; - t5 += t4 >> 55; r[ 4] = t4 & 0x7fffffffffffffL; - t6 += t5 >> 55; r[ 5] = t5 & 0x7fffffffffffffL; - t7 += t6 >> 55; r[ 6] = t6 & 0x7fffffffffffffL; - t8 += t7 >> 55; r[ 7] = t7 & 0x7fffffffffffffL; - t9 += t8 >> 55; r[ 8] = t8 & 0x7fffffffffffffL; - t10 += t9 >> 55; r[ 9] = t9 & 0x7fffffffffffffL; - t11 += t10 >> 55; r[10] = t10 & 0x7fffffffffffffL; - t12 += t11 >> 55; r[11] = t11 & 0x7fffffffffffffL; + t1 += t0 >> 55; r[ 0] = (sp_digit)(t0 & 0x7fffffffffffffL); + t2 += t1 >> 55; r[ 1] = (sp_digit)(t1 & 0x7fffffffffffffL); + t3 += t2 >> 55; r[ 2] = (sp_digit)(t2 & 0x7fffffffffffffL); + t4 += t3 >> 55; r[ 3] = (sp_digit)(t3 & 0x7fffffffffffffL); + t5 += t4 >> 55; r[ 4] = (sp_digit)(t4 & 0x7fffffffffffffL); + t6 += t5 >> 55; r[ 5] = (sp_digit)(t5 & 0x7fffffffffffffL); + t7 += t6 >> 55; r[ 6] = (sp_digit)(t6 & 0x7fffffffffffffL); + t8 += t7 >> 55; r[ 7] = (sp_digit)(t7 & 0x7fffffffffffffL); + t9 += t8 >> 55; r[ 8] = (sp_digit)(t8 & 0x7fffffffffffffL); + t10 += t9 >> 55; r[ 9] = (sp_digit)(t9 & 0x7fffffffffffffL); + t11 += t10 >> 55; r[10] = (sp_digit)(t10 & 0x7fffffffffffffL); + t12 += t11 >> 55; r[11] = (sp_digit)(t11 & 0x7fffffffffffffL); r[13] = (sp_digit)(t12 >> 55); - r[12] = t12 & 0x7fffffffffffffL; + r[12] = (sp_digit)(t12 & 0x7fffffffffffffL); } #endif /* WOLFSSL_SP_SMALL */ @@ -28643,23 +28548,23 @@ SP_NOINLINE static void sp_384_mul_add_7(sp_digit* r, const sp_digit* a, t[1] = (tb * a[i+1]) + r[i+1]; t[2] = (tb * a[i+2]) + r[i+2]; t[3] = (tb * a[i+3]) + r[i+3]; - r[i+0] = t[0] & 0x7fffffffffffffL; + r[i+0] = (sp_digit)(t[0] & 0x7fffffffffffffL); t[1] += t[0] >> 55; - r[i+1] = t[1] & 0x7fffffffffffffL; + r[i+1] = (sp_digit)(t[1] & 0x7fffffffffffffL); t[2] += t[1] >> 55; - r[i+2] = t[2] & 0x7fffffffffffffL; + r[i+2] = (sp_digit)(t[2] & 0x7fffffffffffffL); t[3] += t[2] >> 55; - r[i+3] = t[3] & 0x7fffffffffffffL; + r[i+3] = (sp_digit)(t[3] & 0x7fffffffffffffL); t[0] = t[3] >> 55; } t[0] += (tb * a[4]) + r[4]; t[1] = (tb * a[5]) + r[5]; t[2] = (tb * a[6]) + r[6]; - r[4] = t[0] & 0x7fffffffffffffL; + r[4] = (sp_digit)(t[0] & 0x7fffffffffffffL); t[1] += t[0] >> 55; - r[5] = t[1] & 0x7fffffffffffffL; + r[5] = (sp_digit)(t[1] & 0x7fffffffffffffL); t[2] += t[1] >> 55; - r[6] = t[2] & 0x7fffffffffffffL; + r[6] = (sp_digit)(t[2] & 0x7fffffffffffffL); r[7] += (sp_digit)(t[2] >> 55); #else sp_int128 tb = b; @@ -28719,7 +28624,7 @@ static void sp_384_mont_shift_7(sp_digit* r, const sp_digit* a) n = a[6] >> 54; for (i = 0; i < 6; i++) { n += (sp_uint64)a[7 + i] << 1; - r[i] = n & 0x7fffffffffffffL; + r[i] = (sp_digit)(n & 0x7fffffffffffffL); n >>= 55; } n += (sp_uint64)a[13] << 1; @@ -28728,12 +28633,12 @@ static void sp_384_mont_shift_7(sp_digit* r, const sp_digit* a) sp_uint64 n; n = a[6] >> 54; - n += (sp_uint64)a[ 7] << 1U; r[ 0] = n & 0x7fffffffffffffUL; n >>= 55U; - n += (sp_uint64)a[ 8] << 1U; r[ 1] = n & 0x7fffffffffffffUL; n >>= 55U; - n += (sp_uint64)a[ 9] << 1U; r[ 2] = n & 0x7fffffffffffffUL; n >>= 55U; - n += (sp_uint64)a[10] << 1U; r[ 3] = n & 0x7fffffffffffffUL; n >>= 55U; - n += (sp_uint64)a[11] << 1U; r[ 4] = n & 0x7fffffffffffffUL; n >>= 55U; - n += (sp_uint64)a[12] << 1U; r[ 5] = n & 0x7fffffffffffffUL; n >>= 55U; + n += (sp_uint64)a[ 7] << 1U; r[ 0] = (sp_digit)(n & 0x7fffffffffffffUL); n >>= 55U; + n += (sp_uint64)a[ 8] << 1U; r[ 1] = (sp_digit)(n & 0x7fffffffffffffUL); n >>= 55U; + n += (sp_uint64)a[ 9] << 1U; r[ 2] = (sp_digit)(n & 0x7fffffffffffffUL); n >>= 55U; + n += (sp_uint64)a[10] << 1U; r[ 3] = (sp_digit)(n & 0x7fffffffffffffUL); n >>= 55U; + n += (sp_uint64)a[11] << 1U; r[ 4] = (sp_digit)(n & 0x7fffffffffffffUL); n >>= 55U; + n += (sp_uint64)a[12] << 1U; r[ 5] = (sp_digit)(n & 0x7fffffffffffffUL); n >>= 55U; n += (sp_uint64)a[13] << 1U; r[ 6] = n; #endif /* WOLFSSL_SP_SMALL */ XMEMSET(&r[7], 0, sizeof(*r) * 7U); @@ -28754,11 +28659,11 @@ static void sp_384_mont_reduce_order_7(sp_digit* a, const sp_digit* m, sp_digit sp_384_norm_7(a + 7); for (i=0; i<6; i++) { - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x7fffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x7fffffffffffffL); sp_384_mul_add_7(a+i, m, mu); a[i+1] += a[i] >> 55; } - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x3fffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x3fffffffffffffL); sp_384_mul_add_7(a+i, m, mu); a[i+1] += a[i] >> 55; a[i] &= 0x7fffffffffffffL; @@ -28783,30 +28688,30 @@ static void sp_384_mont_reduce_7(sp_digit* a, const sp_digit* m, sp_digit mp) (void)mp; for (i = 0; i < 6; i++) { - am = (a[i] * 0x100000001) & 0x7fffffffffffffL; - a[i + 0] += (am << 32) & 0x7fffffffffffffL; - a[i + 1] += (am >> 23) - ((am << 41) & 0x7fffffffffffffL); - a[i + 2] += -(am >> 14) - ((am << 18) & 0x7fffffffffffffL); + am = (sp_digit)((a[i] * 0x100000001) & 0x7fffffffffffffL); + a[i + 0] += (sp_digit)((am << 32) & 0x7fffffffffffffL); + a[i + 1] += (am >> 23) - (sp_digit)((am << 41) & 0x7fffffffffffffL); + a[i + 2] += -(am >> 14) - ((sp_digit)(am << 18) & 0x7fffffffffffffL); a[i + 3] += -(am >> 37); - a[i + 6] += (am << 54) & 0x7fffffffffffffL; + a[i + 6] += ((sp_digit)(am << 54) & 0x7fffffffffffffL); a[i + 7] += am >> 1; a[i + 1] += a[i] >> 55; } - am = (a[6] * 0x100000001) & 0x3fffffffffffff; - a[6 + 0] += (am << 32) & 0x7fffffffffffffL; - a[6 + 1] += (am >> 23) - ((am << 41) & 0x7fffffffffffffL); - a[6 + 2] += -(am >> 14) - ((am << 18) & 0x7fffffffffffffL); + am = (sp_digit)((a[6] * 0x100000001) & 0x3fffffffffffff); + a[6 + 0] += (sp_digit)((am << 32) & 0x7fffffffffffffL); + a[6 + 1] += (am >> 23) - (sp_digit)((am << 41) & 0x7fffffffffffffL); + a[6 + 2] += -(am >> 14) - (sp_digit)((am << 18) & 0x7fffffffffffffL); a[6 + 3] += -(am >> 37); - a[6 + 6] += (am << 54) & 0x7fffffffffffffL; + a[6 + 6] += (sp_digit)((am << 54) & 0x7fffffffffffffL); a[6 + 7] += am >> 1; - a[0] = (a[6] >> 54) + ((a[7] << 1) & 0x7fffffffffffffL); - a[1] = (a[7] >> 54) + ((a[8] << 1) & 0x7fffffffffffffL); - a[2] = (a[8] >> 54) + ((a[9] << 1) & 0x7fffffffffffffL); - a[3] = (a[9] >> 54) + ((a[10] << 1) & 0x7fffffffffffffL); - a[4] = (a[10] >> 54) + ((a[11] << 1) & 0x7fffffffffffffL); - a[5] = (a[11] >> 54) + ((a[12] << 1) & 0x7fffffffffffffL); + a[0] = (a[6] >> 54) + (sp_digit)((a[7] << 1) & 0x7fffffffffffffL); + a[1] = (a[7] >> 54) + (sp_digit)((a[8] << 1) & 0x7fffffffffffffL); + a[2] = (a[8] >> 54) + (sp_digit)((a[9] << 1) & 0x7fffffffffffffL); + a[3] = (a[9] >> 54) + (sp_digit)((a[10] << 1) & 0x7fffffffffffffL); + a[4] = (a[10] >> 54) + (sp_digit)((a[11] << 1) & 0x7fffffffffffffL); + a[5] = (a[11] >> 54) + (sp_digit)((a[12] << 1) & 0x7fffffffffffffL); a[6] = (a[12] >> 54) + (a[13] << 1); a[1] += a[0] >> 55; a[0] &= 0x7fffffffffffffL; @@ -28821,13 +28726,13 @@ static void sp_384_mont_reduce_7(sp_digit* a, const sp_digit* m, sp_digit mp) /* Create mask. */ am = 0 - am; - a[0] -= 0x00000000ffffffffL & am; - a[1] -= 0x007ffe0000000000L & am; - a[2] -= 0x007ffffffffbffffL & am; - a[3] -= 0x007fffffffffffffL & am; - a[4] -= 0x007fffffffffffffL & am; - a[5] -= 0x007fffffffffffffL & am; - a[6] -= 0x003fffffffffffffL & am; + a[0] -= (sp_digit)(0x00000000ffffffffL & am); + a[1] -= (sp_digit)(0x007ffe0000000000L & am); + a[2] -= (sp_digit)(0x007ffffffffbffffL & am); + a[3] -= (sp_digit)(0x007fffffffffffffL & am); + a[4] -= (sp_digit)(0x007fffffffffffffL & am); + a[5] -= (sp_digit)(0x007fffffffffffffL & am); + a[6] -= (sp_digit)(0x003fffffffffffffL & am); a[1] += a[0] >> 55; a[0] &= 0x7fffffffffffffL; a[2] += a[1] >> 55; a[1] &= 0x7fffffffffffffL; @@ -29003,7 +28908,7 @@ static void sp_384_map_7(sp_point_384* r, const sp_point_384* p, sp_384_mont_reduce_7(r->x, p384_mod, p384_mp_mod); /* Reduce x to less than modulus */ n = sp_384_cmp_7(r->x, p384_mod); - sp_384_cond_sub_7(r->x, r->x, p384_mod, ~(n >> 54)); + sp_384_cond_sub_7(r->x, r->x, p384_mod, (sp_digit)~(n >> 54)); sp_384_norm_7(r->x); /* y /= z^3 */ @@ -29012,7 +28917,7 @@ static void sp_384_map_7(sp_point_384* r, const sp_point_384* p, sp_384_mont_reduce_7(r->y, p384_mod, p384_mp_mod); /* Reduce y to less than modulus */ n = sp_384_cmp_7(r->y, p384_mod); - sp_384_cond_sub_7(r->y, r->y, p384_mod, ~(n >> 54)); + sp_384_cond_sub_7(r->y, r->y, p384_mod, (sp_digit)~(n >> 54)); sp_384_norm_7(r->y); XMEMSET(r->z, 0, sizeof(r->z) / 2); @@ -29144,15 +29049,15 @@ SP_NOINLINE static void sp_384_rshift1_7(sp_digit* r, const sp_digit* a) int i; for (i=0; i<6; i++) { - r[i] = (a[i] >> 1) + ((a[i + 1] << 54) & 0x7fffffffffffffL); + r[i] = (a[i] >> 1) + (sp_digit)((a[i + 1] << 54) & 0x7fffffffffffffL); } #else - r[0] = (a[0] >> 1) + ((a[1] << 54) & 0x7fffffffffffffL); - r[1] = (a[1] >> 1) + ((a[2] << 54) & 0x7fffffffffffffL); - r[2] = (a[2] >> 1) + ((a[3] << 54) & 0x7fffffffffffffL); - r[3] = (a[3] >> 1) + ((a[4] << 54) & 0x7fffffffffffffL); - r[4] = (a[4] >> 1) + ((a[5] << 54) & 0x7fffffffffffffL); - r[5] = (a[5] >> 1) + ((a[6] << 54) & 0x7fffffffffffffL); + r[0] = (a[0] >> 1) + (sp_digit)((a[1] << 54) & 0x7fffffffffffffL); + r[1] = (a[1] >> 1) + (sp_digit)((a[2] << 54) & 0x7fffffffffffffL); + r[2] = (a[2] >> 1) + (sp_digit)((a[3] << 54) & 0x7fffffffffffffL); + r[3] = (a[3] >> 1) + (sp_digit)((a[4] << 54) & 0x7fffffffffffffL); + r[4] = (a[4] >> 1) + (sp_digit)((a[5] << 54) & 0x7fffffffffffffL); + r[5] = (a[5] >> 1) + (sp_digit)((a[6] << 54) & 0x7fffffffffffffL); #endif r[6] = a[6] >> 1; } @@ -29462,8 +29367,8 @@ static void sp_384_proj_point_add_7(sp_point_384* r, sp_384_mont_sub_7(y, y, t5, p384_mod); { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -29480,7 +29385,7 @@ static void sp_384_proj_point_add_7(sp_point_384* r, (z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } } } @@ -29654,8 +29559,8 @@ static int sp_384_proj_point_add_7_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r, { { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -29672,7 +29577,7 @@ static int sp_384_proj_point_add_7_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r, (ctx->z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } ctx->state = 25; break; @@ -29823,8 +29728,7 @@ static int sp_384_mod_mul_norm_7(sp_digit* r, const sp_digit* a, const sp_digit* } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, NULL, DYNAMIC_TYPE_ECC); + XFREE(t, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -30395,7 +30299,7 @@ static void sp_384_ecc_recode_6_7(const sp_digit* k, ecc_recode_384* v) n = k[j]; o = 0; for (i=0; i<65; i++) { - y = (int8_t)n; + y = (uint8_t)(int8_t)n; if (o + 6 < 55) { y &= 0x3f; n >>= 6; @@ -30456,7 +30360,7 @@ static void sp_384_get_point_33_7(sp_point_384* r, const sp_point_384* table, r->z[5] = 0; r->z[6] = 0; for (i = 1; i < 33; i++) { - mask = 0 - (i == idx); + mask = (sp_digit)0 - (i == idx); r->x[0] |= mask & table[i].x[0]; r->x[1] |= mask & table[i].x[1]; r->x[2] |= mask & table[i].x[2]; @@ -30617,10 +30521,8 @@ static int sp_384_ecc_mulmod_win_add_sub_7(sp_point_384* r, const sp_point_384* } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (tmp != NULL) - XFREE(tmp, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(tmp, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -30686,8 +30588,8 @@ static void sp_384_proj_point_add_qz1_7(sp_point_384* r, sp_384_mont_sub_7(y, t3, t1, p384_mod); { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -30704,7 +30606,7 @@ static void sp_384_proj_point_add_qz1_7(sp_point_384* r, (z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } } } @@ -30815,8 +30717,7 @@ static int sp_384_gen_stripe_table_7(const sp_point_384* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -30851,7 +30752,7 @@ static void sp_384_get_entry_256_7(sp_point_384* r, r->y[5] = 0; r->y[6] = 0; for (i = 1; i < 256; i++) { - mask = 0 - (i == idx); + mask = (sp_digit)0 - (i == idx); r->x[0] |= mask & table[i].x[0]; r->x[1] |= mask & table[i].x[1]; r->x[2] |= mask & table[i].x[2]; @@ -30976,10 +30877,8 @@ static int sp_384_ecc_mulmod_stripe_7(sp_point_384* r, const sp_point_384* g, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -31197,10 +31096,8 @@ int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -31277,10 +31174,8 @@ int sp_ecc_mulmod_add_384(const mp_int* km, const ecc_point* gm, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -33176,10 +33071,8 @@ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -33254,10 +33147,8 @@ int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -33321,6 +33212,7 @@ static void sp_384_from_bin(sp_digit* r, int size, const byte* a, int n) */ static int sp_384_ecc_gen_k_7(WC_RNG* rng, sp_digit* k) { +#ifndef WC_NO_RNG int err; byte buf[48]; @@ -33337,6 +33229,11 @@ static int sp_384_ecc_gen_k_7(WC_RNG* rng, sp_digit* k) while (err == 0); return err; +#else + (void)rng; + (void)k; + return NOT_COMPILED_IN; +#endif } /* Makes a random EC key pair. @@ -33415,12 +33312,9 @@ int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) { - /* point is not sensitive, so no need to zeroize */ - XFREE(point, heap, DYNAMIC_TYPE_ECC); - } + XFREE(k, heap, DYNAMIC_TYPE_ECC); + /* point is not sensitive, so no need to zeroize */ + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -33603,10 +33497,8 @@ int sp_ecc_secret_gen_384(const mp_int* priv, const ecc_point* pub, byte* out, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -33673,25 +33565,25 @@ SP_NOINLINE static void sp_384_rshift_7(sp_digit* r, const sp_digit* a, #ifdef WOLFSSL_SP_SMALL for (i=0; i<6; i++) { - r[i] = ((a[i] >> n) | (a[i + 1] << (55 - n))) & 0x7fffffffffffffL; + r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (55 - n))) & 0x7fffffffffffffL); } #else for (i=0; i<0; i += 8) { - r[i+0] = (a[i+0] >> n) | ((a[i+1] << (55 - n)) & 0x7fffffffffffffL); - r[i+1] = (a[i+1] >> n) | ((a[i+2] << (55 - n)) & 0x7fffffffffffffL); - r[i+2] = (a[i+2] >> n) | ((a[i+3] << (55 - n)) & 0x7fffffffffffffL); - r[i+3] = (a[i+3] >> n) | ((a[i+4] << (55 - n)) & 0x7fffffffffffffL); - r[i+4] = (a[i+4] >> n) | ((a[i+5] << (55 - n)) & 0x7fffffffffffffL); - r[i+5] = (a[i+5] >> n) | ((a[i+6] << (55 - n)) & 0x7fffffffffffffL); - r[i+6] = (a[i+6] >> n) | ((a[i+7] << (55 - n)) & 0x7fffffffffffffL); - r[i+7] = (a[i+7] >> n) | ((a[i+8] << (55 - n)) & 0x7fffffffffffffL); - } - r[0] = (a[0] >> n) | ((a[1] << (55 - n)) & 0x7fffffffffffffL); - r[1] = (a[1] >> n) | ((a[2] << (55 - n)) & 0x7fffffffffffffL); - r[2] = (a[2] >> n) | ((a[3] << (55 - n)) & 0x7fffffffffffffL); - r[3] = (a[3] >> n) | ((a[4] << (55 - n)) & 0x7fffffffffffffL); - r[4] = (a[4] >> n) | ((a[5] << (55 - n)) & 0x7fffffffffffffL); - r[5] = (a[5] >> n) | ((a[6] << (55 - n)) & 0x7fffffffffffffL); + r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (55 - n)) & 0x7fffffffffffffL); + r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (55 - n)) & 0x7fffffffffffffL); + r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (55 - n)) & 0x7fffffffffffffL); + r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (55 - n)) & 0x7fffffffffffffL); + r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (55 - n)) & 0x7fffffffffffffL); + r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (55 - n)) & 0x7fffffffffffffL); + r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (55 - n)) & 0x7fffffffffffffL); + r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (55 - n)) & 0x7fffffffffffffL); + } + r[0] = (a[0] >> n) | (sp_digit)((a[1] << (55 - n)) & 0x7fffffffffffffL); + r[1] = (a[1] >> n) | (sp_digit)((a[2] << (55 - n)) & 0x7fffffffffffffL); + r[2] = (a[2] >> n) | (sp_digit)((a[3] << (55 - n)) & 0x7fffffffffffffL); + r[3] = (a[3] >> n) | (sp_digit)((a[4] << (55 - n)) & 0x7fffffffffffffL); + r[4] = (a[4] >> n) | (sp_digit)((a[5] << (55 - n)) & 0x7fffffffffffffL); + r[5] = (a[5] >> n) | (sp_digit)((a[6] << (55 - n)) & 0x7fffffffffffffL); #endif /* WOLFSSL_SP_SMALL */ r[6] = a[6] >> n; } @@ -33746,7 +33638,7 @@ SP_NOINLINE static void sp_384_lshift_14(sp_digit* r, const sp_digit* a, r[14] = a[13] >> (55 - n); for (i=13; i>0; i--) { - r[i] = ((a[i] << n) | (a[i-1] >> (55 - n))) & 0x7fffffffffffffL; + r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (55 - n))) & 0x7fffffffffffffL); } #else sp_int_digit s; @@ -33755,33 +33647,33 @@ SP_NOINLINE static void sp_384_lshift_14(sp_digit* r, const sp_digit* a, s = (sp_int_digit)a[13]; r[14] = s >> (55U - n); s = (sp_int_digit)(a[13]); t = (sp_int_digit)(a[12]); - r[13] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL; + r[13] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL); s = (sp_int_digit)(a[12]); t = (sp_int_digit)(a[11]); - r[12] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL; + r[12] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL); s = (sp_int_digit)(a[11]); t = (sp_int_digit)(a[10]); - r[11] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL; + r[11] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL); s = (sp_int_digit)(a[10]); t = (sp_int_digit)(a[9]); - r[10] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL; + r[10] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL); s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]); - r[9] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL; + r[9] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL); s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]); - r[8] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL; + r[8] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL); s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]); - r[7] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL; + r[7] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL); s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]); - r[6] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL; + r[6] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL); s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]); - r[5] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL; + r[5] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL); s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]); - r[4] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL; + r[4] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL); s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]); - r[3] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL; + r[3] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL); s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]); - r[2] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL; + r[2] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL); s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]); - r[1] = ((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL; + r[1] = (sp_digit)(((s << n) | (t >> (55U - n))) & 0x7fffffffffffffUL); #endif /* WOLFSSL_SP_SMALL */ - r[0] = (a[0] << n) & 0x7fffffffffffffL; + r[0] = (sp_digit)((a[0] << n) & 0x7fffffffffffffL); } /* Divide d in a and put remainder into r (m*d + r = a) @@ -33845,8 +33737,7 @@ static int sp_384_div_7(const sp_digit* a, const sp_digit* d, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -34543,8 +34434,7 @@ static int sp_384_mod_inv_7(sp_digit* r, const sp_digit* a, const sp_digit* m) XMEMCPY(r, d, sizeof(sp_digit) * 7); } #ifdef WOLFSSL_SP_SMALL_STACK - if (u != NULL) - XFREE(u, NULL, DYNAMIC_TYPE_ECC); + XFREE(u, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -34750,10 +34640,8 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, } #ifdef WOLFSSL_SP_SMALL_STACK - if (u1 != NULL) - XFREE(u1, heap, DYNAMIC_TYPE_ECC); - if (p1 != NULL) - XFREE(p1, heap, DYNAMIC_TYPE_ECC); + XFREE(u1, heap, DYNAMIC_TYPE_ECC); + XFREE(p1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -34960,8 +34848,7 @@ static int sp_384_ecc_is_point_7(const sp_point_384* point, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, heap, DYNAMIC_TYPE_ECC); + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -35000,8 +34887,7 @@ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY) } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, NULL, DYNAMIC_TYPE_ECC); + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -35109,10 +34995,8 @@ int sp_ecc_check_key_384(const mp_int* pX, const mp_int* pY, } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, heap, DYNAMIC_TYPE_ECC); - if (priv != NULL) - XFREE(priv, heap, DYNAMIC_TYPE_ECC); + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + XFREE(priv, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -35191,10 +35075,8 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -35259,10 +35141,8 @@ int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -35323,10 +35203,8 @@ int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ) } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -35422,8 +35300,7 @@ static int sp_384_mont_sqrt_7(sp_digit* y) } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_ECC); + XFREE(t1, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -35488,8 +35365,7 @@ int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym) } #ifdef WOLFSSL_SP_SMALL_STACK - if (x != NULL) - XFREE(x, NULL, DYNAMIC_TYPE_ECC); + XFREE(x, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -35645,29 +35521,29 @@ SP_NOINLINE static void sp_521_mul_9(sp_digit* r, const sp_digit* a, t0 = ((sp_int128)a[ 0]) * b[ 0]; t1 = ((sp_int128)a[ 0]) * b[ 1] + ((sp_int128)a[ 1]) * b[ 0]; - t[ 0] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58; + t[ 0] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58; t0 = ((sp_int128)a[ 0]) * b[ 2] + ((sp_int128)a[ 1]) * b[ 1] + ((sp_int128)a[ 2]) * b[ 0]; - t[ 1] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58; + t[ 1] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58; t1 = ((sp_int128)a[ 0]) * b[ 3] + ((sp_int128)a[ 1]) * b[ 2] + ((sp_int128)a[ 2]) * b[ 1] + ((sp_int128)a[ 3]) * b[ 0]; - t[ 2] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58; + t[ 2] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58; t0 = ((sp_int128)a[ 0]) * b[ 4] + ((sp_int128)a[ 1]) * b[ 3] + ((sp_int128)a[ 2]) * b[ 2] + ((sp_int128)a[ 3]) * b[ 1] + ((sp_int128)a[ 4]) * b[ 0]; - t[ 3] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58; + t[ 3] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58; t1 = ((sp_int128)a[ 0]) * b[ 5] + ((sp_int128)a[ 1]) * b[ 4] + ((sp_int128)a[ 2]) * b[ 3] + ((sp_int128)a[ 3]) * b[ 2] + ((sp_int128)a[ 4]) * b[ 1] + ((sp_int128)a[ 5]) * b[ 0]; - t[ 4] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58; + t[ 4] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58; t0 = ((sp_int128)a[ 0]) * b[ 6] + ((sp_int128)a[ 1]) * b[ 5] + ((sp_int128)a[ 2]) * b[ 4] @@ -35675,7 +35551,7 @@ SP_NOINLINE static void sp_521_mul_9(sp_digit* r, const sp_digit* a, + ((sp_int128)a[ 4]) * b[ 2] + ((sp_int128)a[ 5]) * b[ 1] + ((sp_int128)a[ 6]) * b[ 0]; - t[ 5] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58; + t[ 5] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58; t1 = ((sp_int128)a[ 0]) * b[ 7] + ((sp_int128)a[ 1]) * b[ 6] + ((sp_int128)a[ 2]) * b[ 5] @@ -35684,7 +35560,7 @@ SP_NOINLINE static void sp_521_mul_9(sp_digit* r, const sp_digit* a, + ((sp_int128)a[ 5]) * b[ 2] + ((sp_int128)a[ 6]) * b[ 1] + ((sp_int128)a[ 7]) * b[ 0]; - t[ 6] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58; + t[ 6] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58; t0 = ((sp_int128)a[ 0]) * b[ 8] + ((sp_int128)a[ 1]) * b[ 7] + ((sp_int128)a[ 2]) * b[ 6] @@ -35694,7 +35570,7 @@ SP_NOINLINE static void sp_521_mul_9(sp_digit* r, const sp_digit* a, + ((sp_int128)a[ 6]) * b[ 2] + ((sp_int128)a[ 7]) * b[ 1] + ((sp_int128)a[ 8]) * b[ 0]; - t[ 7] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58; + t[ 7] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58; t1 = ((sp_int128)a[ 1]) * b[ 8] + ((sp_int128)a[ 2]) * b[ 7] + ((sp_int128)a[ 3]) * b[ 6] @@ -35703,7 +35579,7 @@ SP_NOINLINE static void sp_521_mul_9(sp_digit* r, const sp_digit* a, + ((sp_int128)a[ 6]) * b[ 3] + ((sp_int128)a[ 7]) * b[ 2] + ((sp_int128)a[ 8]) * b[ 1]; - t[ 8] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58; + t[ 8] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58; t0 = ((sp_int128)a[ 2]) * b[ 8] + ((sp_int128)a[ 3]) * b[ 7] + ((sp_int128)a[ 4]) * b[ 6] @@ -35711,35 +35587,35 @@ SP_NOINLINE static void sp_521_mul_9(sp_digit* r, const sp_digit* a, + ((sp_int128)a[ 6]) * b[ 4] + ((sp_int128)a[ 7]) * b[ 3] + ((sp_int128)a[ 8]) * b[ 2]; - r[ 9] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58; + r[ 9] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58; t1 = ((sp_int128)a[ 3]) * b[ 8] + ((sp_int128)a[ 4]) * b[ 7] + ((sp_int128)a[ 5]) * b[ 6] + ((sp_int128)a[ 6]) * b[ 5] + ((sp_int128)a[ 7]) * b[ 4] + ((sp_int128)a[ 8]) * b[ 3]; - r[10] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58; + r[10] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58; t0 = ((sp_int128)a[ 4]) * b[ 8] + ((sp_int128)a[ 5]) * b[ 7] + ((sp_int128)a[ 6]) * b[ 6] + ((sp_int128)a[ 7]) * b[ 5] + ((sp_int128)a[ 8]) * b[ 4]; - r[11] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58; + r[11] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58; t1 = ((sp_int128)a[ 5]) * b[ 8] + ((sp_int128)a[ 6]) * b[ 7] + ((sp_int128)a[ 7]) * b[ 6] + ((sp_int128)a[ 8]) * b[ 5]; - r[12] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58; + r[12] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58; t0 = ((sp_int128)a[ 6]) * b[ 8] + ((sp_int128)a[ 7]) * b[ 7] + ((sp_int128)a[ 8]) * b[ 6]; - r[13] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58; + r[13] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58; t1 = ((sp_int128)a[ 7]) * b[ 8] + ((sp_int128)a[ 8]) * b[ 7]; - r[14] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58; + r[14] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58; t0 = ((sp_int128)a[ 8]) * b[ 8]; - r[15] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58; - r[16] = t0 & 0x3ffffffffffffffL; + r[15] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58; + r[16] = (sp_digit)(t0 & 0x3ffffffffffffffL); r[17] = (sp_digit)(t0 >> 58); XMEMCPY(r, t, sizeof(t)); } @@ -35801,66 +35677,66 @@ SP_NOINLINE static void sp_521_sqr_9(sp_digit* r, const sp_digit* a) t0 = ((sp_int128)a[ 0]) * a[ 0]; t1 = (((sp_int128)a[ 0]) * a[ 1]) * 2; - t[ 0] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58; + t[ 0] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58; t0 = (((sp_int128)a[ 0]) * a[ 2]) * 2 + ((sp_int128)a[ 1]) * a[ 1]; - t[ 1] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58; + t[ 1] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58; t1 = (((sp_int128)a[ 0]) * a[ 3] + ((sp_int128)a[ 1]) * a[ 2]) * 2; - t[ 2] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58; + t[ 2] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58; t0 = (((sp_int128)a[ 0]) * a[ 4] + ((sp_int128)a[ 1]) * a[ 3]) * 2 + ((sp_int128)a[ 2]) * a[ 2]; - t[ 3] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58; + t[ 3] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58; t1 = (((sp_int128)a[ 0]) * a[ 5] + ((sp_int128)a[ 1]) * a[ 4] + ((sp_int128)a[ 2]) * a[ 3]) * 2; - t[ 4] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58; + t[ 4] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58; t0 = (((sp_int128)a[ 0]) * a[ 6] + ((sp_int128)a[ 1]) * a[ 5] + ((sp_int128)a[ 2]) * a[ 4]) * 2 + ((sp_int128)a[ 3]) * a[ 3]; - t[ 5] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58; + t[ 5] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58; t1 = (((sp_int128)a[ 0]) * a[ 7] + ((sp_int128)a[ 1]) * a[ 6] + ((sp_int128)a[ 2]) * a[ 5] + ((sp_int128)a[ 3]) * a[ 4]) * 2; - t[ 6] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58; + t[ 6] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58; t0 = (((sp_int128)a[ 0]) * a[ 8] + ((sp_int128)a[ 1]) * a[ 7] + ((sp_int128)a[ 2]) * a[ 6] + ((sp_int128)a[ 3]) * a[ 5]) * 2 + ((sp_int128)a[ 4]) * a[ 4]; - t[ 7] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58; + t[ 7] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58; t1 = (((sp_int128)a[ 1]) * a[ 8] + ((sp_int128)a[ 2]) * a[ 7] + ((sp_int128)a[ 3]) * a[ 6] + ((sp_int128)a[ 4]) * a[ 5]) * 2; - t[ 8] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58; + t[ 8] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58; t0 = (((sp_int128)a[ 2]) * a[ 8] + ((sp_int128)a[ 3]) * a[ 7] + ((sp_int128)a[ 4]) * a[ 6]) * 2 + ((sp_int128)a[ 5]) * a[ 5]; - r[ 9] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58; + r[ 9] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58; t1 = (((sp_int128)a[ 3]) * a[ 8] + ((sp_int128)a[ 4]) * a[ 7] + ((sp_int128)a[ 5]) * a[ 6]) * 2; - r[10] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58; + r[10] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58; t0 = (((sp_int128)a[ 4]) * a[ 8] + ((sp_int128)a[ 5]) * a[ 7]) * 2 + ((sp_int128)a[ 6]) * a[ 6]; - r[11] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58; + r[11] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58; t1 = (((sp_int128)a[ 5]) * a[ 8] + ((sp_int128)a[ 6]) * a[ 7]) * 2; - r[12] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58; + r[12] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58; t0 = (((sp_int128)a[ 6]) * a[ 8]) * 2 + ((sp_int128)a[ 7]) * a[ 7]; - r[13] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58; + r[13] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58; t1 = (((sp_int128)a[ 7]) * a[ 8]) * 2; - r[14] = t0 & 0x3ffffffffffffffL; t1 += t0 >> 58; + r[14] = (sp_digit)(t0 & 0x3ffffffffffffffL); t1 += t0 >> 58; t0 = ((sp_int128)a[ 8]) * a[ 8]; - r[15] = t1 & 0x3ffffffffffffffL; t0 += t1 >> 58; - r[16] = t0 & 0x3ffffffffffffffL; + r[15] = (sp_digit)(t1 & 0x3ffffffffffffffL); t0 += t1 >> 58; + r[16] = (sp_digit)(t0 & 0x3ffffffffffffffL); r[17] = (sp_digit)(t0 >> 58); XMEMCPY(r, t, sizeof(t)); } @@ -36184,10 +36060,10 @@ static void sp_521_mont_reduce_9(sp_digit* a, const sp_digit* m, sp_digit mp) (void)mp; for (i = 0; i < 8; i++) { - a[i] += ((a[8 + i] >> 57) + (a[8 + i + 1] << 1)) & 0x3ffffffffffffffL; + a[i] += (sp_digit)(((a[8 + i] >> 57) + (a[8 + i + 1] << 1)) & 0x3ffffffffffffffL); } a[8] &= 0x1ffffffffffffff; - a[8] += ((a[16] >> 57) + (a[17] << 1)) & 0x3ffffffffffffffL; + a[8] += (sp_digit)(((a[16] >> 57) + (a[17] << 1)) & 0x3ffffffffffffffL); sp_521_norm_9(a); @@ -36276,17 +36152,17 @@ SP_NOINLINE static void sp_521_mul_add_9(sp_digit* r, const sp_digit* a, t[1] = (tb * a[i+1]) + r[i+1]; t[2] = (tb * a[i+2]) + r[i+2]; t[3] = (tb * a[i+3]) + r[i+3]; - r[i+0] = t[0] & 0x3ffffffffffffffL; + r[i+0] = (sp_digit)(t[0] & 0x3ffffffffffffffL); t[1] += t[0] >> 58; - r[i+1] = t[1] & 0x3ffffffffffffffL; + r[i+1] = (sp_digit)(t[1] & 0x3ffffffffffffffL); t[2] += t[1] >> 58; - r[i+2] = t[2] & 0x3ffffffffffffffL; + r[i+2] = (sp_digit)(t[2] & 0x3ffffffffffffffL); t[3] += t[2] >> 58; - r[i+3] = t[3] & 0x3ffffffffffffffL; + r[i+3] = (sp_digit)(t[3] & 0x3ffffffffffffffL); t[0] = t[3] >> 58; } t[0] += (tb * a[8]) + r[8]; - r[8] = t[0] & 0x3ffffffffffffffL; + r[8] = (sp_digit)(t[0] & 0x3ffffffffffffffL); r[9] += (sp_digit)(t[0] >> 58); #else sp_int128 tb = b; @@ -36328,7 +36204,7 @@ static void sp_521_mont_shift_9(sp_digit* r, const sp_digit* a) n = a[8] >> 57; for (i = 0; i < 8; i++) { n += (sp_uint64)a[9 + i] << 1; - r[i] = n & 0x3ffffffffffffffL; + r[i] = (sp_digit)(n & 0x3ffffffffffffffL); n >>= 58; } n += (sp_uint64)a[17] << 1; @@ -36337,14 +36213,14 @@ static void sp_521_mont_shift_9(sp_digit* r, const sp_digit* a) sp_uint64 n; n = a[8] >> 57; - n += (sp_uint64)a[ 9] << 1U; r[ 0] = n & 0x3ffffffffffffffUL; n >>= 58U; - n += (sp_uint64)a[10] << 1U; r[ 1] = n & 0x3ffffffffffffffUL; n >>= 58U; - n += (sp_uint64)a[11] << 1U; r[ 2] = n & 0x3ffffffffffffffUL; n >>= 58U; - n += (sp_uint64)a[12] << 1U; r[ 3] = n & 0x3ffffffffffffffUL; n >>= 58U; - n += (sp_uint64)a[13] << 1U; r[ 4] = n & 0x3ffffffffffffffUL; n >>= 58U; - n += (sp_uint64)a[14] << 1U; r[ 5] = n & 0x3ffffffffffffffUL; n >>= 58U; - n += (sp_uint64)a[15] << 1U; r[ 6] = n & 0x3ffffffffffffffUL; n >>= 58U; - n += (sp_uint64)a[16] << 1U; r[ 7] = n & 0x3ffffffffffffffUL; n >>= 58U; + n += (sp_uint64)a[ 9] << 1U; r[ 0] = (sp_digit)(n & 0x3ffffffffffffffUL); n >>= 58U; + n += (sp_uint64)a[10] << 1U; r[ 1] = (sp_digit)(n & 0x3ffffffffffffffUL); n >>= 58U; + n += (sp_uint64)a[11] << 1U; r[ 2] = (sp_digit)(n & 0x3ffffffffffffffUL); n >>= 58U; + n += (sp_uint64)a[12] << 1U; r[ 3] = (sp_digit)(n & 0x3ffffffffffffffUL); n >>= 58U; + n += (sp_uint64)a[13] << 1U; r[ 4] = (sp_digit)(n & 0x3ffffffffffffffUL); n >>= 58U; + n += (sp_uint64)a[14] << 1U; r[ 5] = (sp_digit)(n & 0x3ffffffffffffffUL); n >>= 58U; + n += (sp_uint64)a[15] << 1U; r[ 6] = (sp_digit)(n & 0x3ffffffffffffffUL); n >>= 58U; + n += (sp_uint64)a[16] << 1U; r[ 7] = (sp_digit)(n & 0x3ffffffffffffffUL); n >>= 58U; n += (sp_uint64)a[17] << 1U; r[ 8] = n; #endif /* WOLFSSL_SP_SMALL */ XMEMSET(&r[9], 0, sizeof(*r) * 9U); @@ -36365,11 +36241,11 @@ static void sp_521_mont_reduce_order_9(sp_digit* a, const sp_digit* m, sp_digit sp_521_norm_9(a + 9); for (i=0; i<8; i++) { - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x3ffffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x3ffffffffffffffL); sp_521_mul_add_9(a+i, m, mu); a[i+1] += a[i] >> 58; } - mu = ((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL; + mu = (sp_digit)(((sp_uint64)a[i] * (sp_uint64)mp) & 0x1ffffffffffffffL); sp_521_mul_add_9(a+i, m, mu); a[i+1] += a[i] >> 58; a[i] &= 0x3ffffffffffffffL; @@ -36542,7 +36418,7 @@ static void sp_521_map_9(sp_point_521* r, const sp_point_521* p, sp_521_mont_reduce_9(r->x, p521_mod, p521_mp_mod); /* Reduce x to less than modulus */ n = sp_521_cmp_9(r->x, p521_mod); - sp_521_cond_sub_9(r->x, r->x, p521_mod, ~(n >> 57)); + sp_521_cond_sub_9(r->x, r->x, p521_mod, (sp_digit)~(n >> 57)); sp_521_norm_9(r->x); /* y /= z^3 */ @@ -36551,7 +36427,7 @@ static void sp_521_map_9(sp_point_521* r, const sp_point_521* p, sp_521_mont_reduce_9(r->y, p521_mod, p521_mp_mod); /* Reduce y to less than modulus */ n = sp_521_cmp_9(r->y, p521_mod); - sp_521_cond_sub_9(r->y, r->y, p521_mod, ~(n >> 57)); + sp_521_cond_sub_9(r->y, r->y, p521_mod, (sp_digit)~(n >> 57)); sp_521_norm_9(r->y); XMEMSET(r->z, 0, sizeof(r->z) / 2); @@ -36685,17 +36561,17 @@ SP_NOINLINE static void sp_521_rshift1_9(sp_digit* r, const sp_digit* a) int i; for (i=0; i<8; i++) { - r[i] = (a[i] >> 1) + ((a[i + 1] << 57) & 0x3ffffffffffffffL); + r[i] = (a[i] >> 1) + (sp_digit)((a[i + 1] << 57) & 0x3ffffffffffffffL); } #else - r[0] = (a[0] >> 1) + ((a[1] << 57) & 0x3ffffffffffffffL); - r[1] = (a[1] >> 1) + ((a[2] << 57) & 0x3ffffffffffffffL); - r[2] = (a[2] >> 1) + ((a[3] << 57) & 0x3ffffffffffffffL); - r[3] = (a[3] >> 1) + ((a[4] << 57) & 0x3ffffffffffffffL); - r[4] = (a[4] >> 1) + ((a[5] << 57) & 0x3ffffffffffffffL); - r[5] = (a[5] >> 1) + ((a[6] << 57) & 0x3ffffffffffffffL); - r[6] = (a[6] >> 1) + ((a[7] << 57) & 0x3ffffffffffffffL); - r[7] = (a[7] >> 1) + ((a[8] << 57) & 0x3ffffffffffffffL); + r[0] = (a[0] >> 1) + (sp_digit)((a[1] << 57) & 0x3ffffffffffffffL); + r[1] = (a[1] >> 1) + (sp_digit)((a[2] << 57) & 0x3ffffffffffffffL); + r[2] = (a[2] >> 1) + (sp_digit)((a[3] << 57) & 0x3ffffffffffffffL); + r[3] = (a[3] >> 1) + (sp_digit)((a[4] << 57) & 0x3ffffffffffffffL); + r[4] = (a[4] >> 1) + (sp_digit)((a[5] << 57) & 0x3ffffffffffffffL); + r[5] = (a[5] >> 1) + (sp_digit)((a[6] << 57) & 0x3ffffffffffffffL); + r[6] = (a[6] >> 1) + (sp_digit)((a[7] << 57) & 0x3ffffffffffffffL); + r[7] = (a[7] >> 1) + (sp_digit)((a[8] << 57) & 0x3ffffffffffffffL); #endif r[8] = a[8] >> 1; } @@ -37006,8 +36882,8 @@ static void sp_521_proj_point_add_9(sp_point_521* r, sp_521_mont_sub_9(y, y, t5, p521_mod); { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -37024,7 +36900,7 @@ static void sp_521_proj_point_add_9(sp_point_521* r, (z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } } } @@ -37198,8 +37074,8 @@ static int sp_521_proj_point_add_9_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r, { { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -37216,7 +37092,7 @@ static int sp_521_proj_point_add_9_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r, (ctx->z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } ctx->state = 25; break; @@ -37820,7 +37696,7 @@ static void sp_521_ecc_recode_6_9(const sp_digit* k, ecc_recode_521* v) n = k[j]; o = 0; for (i=0; i<87; i++) { - y = (int8_t)n; + y = (uint8_t)(int8_t)n; if (o + 6 < 58) { y &= 0x3f; n >>= 6; @@ -37887,7 +37763,7 @@ static void sp_521_get_point_33_9(sp_point_521* r, const sp_point_521* table, r->z[7] = 0; r->z[8] = 0; for (i = 1; i < 33; i++) { - mask = 0 - (i == idx); + mask = (sp_digit)0 - (i == idx); r->x[0] |= mask & table[i].x[0]; r->x[1] |= mask & table[i].x[1]; r->x[2] |= mask & table[i].x[2]; @@ -38054,10 +37930,8 @@ static int sp_521_ecc_mulmod_win_add_sub_9(sp_point_521* r, const sp_point_521* } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (tmp != NULL) - XFREE(tmp, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(tmp, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -38123,8 +37997,8 @@ static void sp_521_proj_point_add_qz1_9(sp_point_521* r, sp_521_mont_sub_9(y, t3, t1, p521_mod); { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -38141,7 +38015,7 @@ static void sp_521_proj_point_add_qz1_9(sp_point_521* r, (z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } } } @@ -38252,8 +38126,7 @@ static int sp_521_gen_stripe_table_9(const sp_point_521* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -38292,7 +38165,7 @@ static void sp_521_get_entry_256_9(sp_point_521* r, r->y[7] = 0; r->y[8] = 0; for (i = 1; i < 256; i++) { - mask = 0 - (i == idx); + mask = (sp_digit)0 - (i == idx); r->x[0] |= mask & table[i].x[0]; r->x[1] |= mask & table[i].x[1]; r->x[2] |= mask & table[i].x[2]; @@ -38421,10 +38294,8 @@ static int sp_521_ecc_mulmod_stripe_9(sp_point_521* r, const sp_point_521* g, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -38642,10 +38513,8 @@ int sp_ecc_mulmod_521(const mp_int* km, const ecc_point* gm, ecc_point* r, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -38722,10 +38591,8 @@ int sp_ecc_mulmod_add_521(const mp_int* km, const ecc_point* gm, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -40621,10 +40488,8 @@ int sp_ecc_mulmod_base_521(const mp_int* km, ecc_point* r, int map, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -40699,10 +40564,8 @@ int sp_ecc_mulmod_base_add_521(const mp_int* km, const ecc_point* am, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -40766,6 +40629,7 @@ static void sp_521_from_bin(sp_digit* r, int size, const byte* a, int n) */ static int sp_521_ecc_gen_k_9(WC_RNG* rng, sp_digit* k) { +#ifndef WC_NO_RNG int err; byte buf[66]; @@ -40783,6 +40647,11 @@ static int sp_521_ecc_gen_k_9(WC_RNG* rng, sp_digit* k) while (err == 0); return err; +#else + (void)rng; + (void)k; + return NOT_COMPILED_IN; +#endif } /* Makes a random EC key pair. @@ -40861,12 +40730,9 @@ int sp_ecc_make_key_521(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) { - /* point is not sensitive, so no need to zeroize */ - XFREE(point, heap, DYNAMIC_TYPE_ECC); - } + XFREE(k, heap, DYNAMIC_TYPE_ECC); + /* point is not sensitive, so no need to zeroize */ + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -41049,10 +40915,8 @@ int sp_ecc_secret_gen_521(const mp_int* priv, const ecc_point* pub, byte* out, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -41117,18 +40981,18 @@ SP_NOINLINE static void sp_521_rshift_9(sp_digit* r, const sp_digit* a, #ifdef WOLFSSL_SP_SMALL for (i=0; i<8; i++) { - r[i] = ((a[i] >> n) | (a[i + 1] << (58 - n))) & 0x3ffffffffffffffL; + r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (58 - n))) & 0x3ffffffffffffffL); } #else for (i=0; i<8; i += 8) { - r[i+0] = (a[i+0] >> n) | ((a[i+1] << (58 - n)) & 0x3ffffffffffffffL); - r[i+1] = (a[i+1] >> n) | ((a[i+2] << (58 - n)) & 0x3ffffffffffffffL); - r[i+2] = (a[i+2] >> n) | ((a[i+3] << (58 - n)) & 0x3ffffffffffffffL); - r[i+3] = (a[i+3] >> n) | ((a[i+4] << (58 - n)) & 0x3ffffffffffffffL); - r[i+4] = (a[i+4] >> n) | ((a[i+5] << (58 - n)) & 0x3ffffffffffffffL); - r[i+5] = (a[i+5] >> n) | ((a[i+6] << (58 - n)) & 0x3ffffffffffffffL); - r[i+6] = (a[i+6] >> n) | ((a[i+7] << (58 - n)) & 0x3ffffffffffffffL); - r[i+7] = (a[i+7] >> n) | ((a[i+8] << (58 - n)) & 0x3ffffffffffffffL); + r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (58 - n)) & 0x3ffffffffffffffL); + r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (58 - n)) & 0x3ffffffffffffffL); + r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (58 - n)) & 0x3ffffffffffffffL); + r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (58 - n)) & 0x3ffffffffffffffL); + r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (58 - n)) & 0x3ffffffffffffffL); + r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (58 - n)) & 0x3ffffffffffffffL); + r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (58 - n)) & 0x3ffffffffffffffL); + r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (58 - n)) & 0x3ffffffffffffffL); } #endif /* WOLFSSL_SP_SMALL */ r[8] = a[8] >> n; @@ -41190,7 +41054,7 @@ SP_NOINLINE static void sp_521_lshift_18(sp_digit* r, const sp_digit* a, r[18] = a[17] >> (58 - n); for (i=17; i>0; i--) { - r[i] = ((a[i] << n) | (a[i-1] >> (58 - n))) & 0x3ffffffffffffffL; + r[i] = (sp_digit)(((a[i] << n) | (a[i-1] >> (58 - n))) & 0x3ffffffffffffffL); } #else sp_int_digit s; @@ -41199,41 +41063,41 @@ SP_NOINLINE static void sp_521_lshift_18(sp_digit* r, const sp_digit* a, s = (sp_int_digit)a[17]; r[18] = s >> (58U - n); s = (sp_int_digit)(a[17]); t = (sp_int_digit)(a[16]); - r[17] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL; + r[17] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL); s = (sp_int_digit)(a[16]); t = (sp_int_digit)(a[15]); - r[16] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL; + r[16] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL); s = (sp_int_digit)(a[15]); t = (sp_int_digit)(a[14]); - r[15] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL; + r[15] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL); s = (sp_int_digit)(a[14]); t = (sp_int_digit)(a[13]); - r[14] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL; + r[14] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL); s = (sp_int_digit)(a[13]); t = (sp_int_digit)(a[12]); - r[13] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL; + r[13] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL); s = (sp_int_digit)(a[12]); t = (sp_int_digit)(a[11]); - r[12] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL; + r[12] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL); s = (sp_int_digit)(a[11]); t = (sp_int_digit)(a[10]); - r[11] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL; + r[11] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL); s = (sp_int_digit)(a[10]); t = (sp_int_digit)(a[9]); - r[10] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL; + r[10] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL); s = (sp_int_digit)(a[9]); t = (sp_int_digit)(a[8]); - r[9] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL; + r[9] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL); s = (sp_int_digit)(a[8]); t = (sp_int_digit)(a[7]); - r[8] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL; + r[8] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL); s = (sp_int_digit)(a[7]); t = (sp_int_digit)(a[6]); - r[7] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL; + r[7] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL); s = (sp_int_digit)(a[6]); t = (sp_int_digit)(a[5]); - r[6] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL; + r[6] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL); s = (sp_int_digit)(a[5]); t = (sp_int_digit)(a[4]); - r[5] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL; + r[5] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL); s = (sp_int_digit)(a[4]); t = (sp_int_digit)(a[3]); - r[4] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL; + r[4] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL); s = (sp_int_digit)(a[3]); t = (sp_int_digit)(a[2]); - r[3] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL; + r[3] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL); s = (sp_int_digit)(a[2]); t = (sp_int_digit)(a[1]); - r[2] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL; + r[2] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL); s = (sp_int_digit)(a[1]); t = (sp_int_digit)(a[0]); - r[1] = ((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL; + r[1] = (sp_digit)(((s << n) | (t >> (58U - n))) & 0x3ffffffffffffffUL); #endif /* WOLFSSL_SP_SMALL */ - r[0] = (a[0] << n) & 0x3ffffffffffffffL; + r[0] = (sp_digit)((a[0] << n) & 0x3ffffffffffffffL); } /* Divide d in a and put remainder into r (m*d + r = a) @@ -41297,8 +41161,7 @@ static int sp_521_div_9(const sp_digit* a, const sp_digit* d, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -42020,8 +41883,7 @@ static int sp_521_mod_inv_9(sp_digit* r, const sp_digit* a, const sp_digit* m) XMEMCPY(r, d, sizeof(sp_digit) * 9); } #ifdef WOLFSSL_SP_SMALL_STACK - if (u != NULL) - XFREE(u, NULL, DYNAMIC_TYPE_ECC); + XFREE(u, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -42234,10 +42096,8 @@ int sp_ecc_verify_521(const byte* hash, word32 hashLen, const mp_int* pX, } #ifdef WOLFSSL_SP_SMALL_STACK - if (u1 != NULL) - XFREE(u1, heap, DYNAMIC_TYPE_ECC); - if (p1 != NULL) - XFREE(p1, heap, DYNAMIC_TYPE_ECC); + XFREE(u1, heap, DYNAMIC_TYPE_ECC); + XFREE(p1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -42448,8 +42308,7 @@ static int sp_521_ecc_is_point_9(const sp_point_521* point, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, heap, DYNAMIC_TYPE_ECC); + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -42488,8 +42347,7 @@ int sp_ecc_is_point_521(const mp_int* pX, const mp_int* pY) } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, NULL, DYNAMIC_TYPE_ECC); + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -42597,10 +42455,8 @@ int sp_ecc_check_key_521(const mp_int* pX, const mp_int* pY, } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, heap, DYNAMIC_TYPE_ECC); - if (priv != NULL) - XFREE(priv, heap, DYNAMIC_TYPE_ECC); + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + XFREE(priv, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -42679,10 +42535,8 @@ int sp_ecc_proj_add_point_521(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -42747,10 +42601,8 @@ int sp_ecc_proj_dbl_point_521(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -42811,10 +42663,8 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ) } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -42864,8 +42714,7 @@ static int sp_521_mont_sqrt_9(sp_digit* y) } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, NULL, DYNAMIC_TYPE_ECC); + XFREE(t, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -42930,8 +42779,7 @@ int sp_ecc_uncompress_521(mp_int* xm, int odd, mp_int* ym) } #ifdef WOLFSSL_SP_SMALL_STACK - if (x != NULL) - XFREE(x, NULL, DYNAMIC_TYPE_ECC); + XFREE(x, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -42970,29 +42818,29 @@ SP_NOINLINE static void sp_1024_mul_9(sp_digit* r, const sp_digit* a, t0 = ((sp_int128)a[ 0]) * b[ 0]; t1 = ((sp_int128)a[ 0]) * b[ 1] + ((sp_int128)a[ 1]) * b[ 0]; - t[ 0] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 0] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_int128)a[ 0]) * b[ 2] + ((sp_int128)a[ 1]) * b[ 1] + ((sp_int128)a[ 2]) * b[ 0]; - t[ 1] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 1] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = ((sp_int128)a[ 0]) * b[ 3] + ((sp_int128)a[ 1]) * b[ 2] + ((sp_int128)a[ 2]) * b[ 1] + ((sp_int128)a[ 3]) * b[ 0]; - t[ 2] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 2] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_int128)a[ 0]) * b[ 4] + ((sp_int128)a[ 1]) * b[ 3] + ((sp_int128)a[ 2]) * b[ 2] + ((sp_int128)a[ 3]) * b[ 1] + ((sp_int128)a[ 4]) * b[ 0]; - t[ 3] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 3] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = ((sp_int128)a[ 0]) * b[ 5] + ((sp_int128)a[ 1]) * b[ 4] + ((sp_int128)a[ 2]) * b[ 3] + ((sp_int128)a[ 3]) * b[ 2] + ((sp_int128)a[ 4]) * b[ 1] + ((sp_int128)a[ 5]) * b[ 0]; - t[ 4] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 4] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_int128)a[ 0]) * b[ 6] + ((sp_int128)a[ 1]) * b[ 5] + ((sp_int128)a[ 2]) * b[ 4] @@ -43000,7 +42848,7 @@ SP_NOINLINE static void sp_1024_mul_9(sp_digit* r, const sp_digit* a, + ((sp_int128)a[ 4]) * b[ 2] + ((sp_int128)a[ 5]) * b[ 1] + ((sp_int128)a[ 6]) * b[ 0]; - t[ 5] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 5] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = ((sp_int128)a[ 0]) * b[ 7] + ((sp_int128)a[ 1]) * b[ 6] + ((sp_int128)a[ 2]) * b[ 5] @@ -43009,7 +42857,7 @@ SP_NOINLINE static void sp_1024_mul_9(sp_digit* r, const sp_digit* a, + ((sp_int128)a[ 5]) * b[ 2] + ((sp_int128)a[ 6]) * b[ 1] + ((sp_int128)a[ 7]) * b[ 0]; - t[ 6] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 6] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_int128)a[ 0]) * b[ 8] + ((sp_int128)a[ 1]) * b[ 7] + ((sp_int128)a[ 2]) * b[ 6] @@ -43019,7 +42867,7 @@ SP_NOINLINE static void sp_1024_mul_9(sp_digit* r, const sp_digit* a, + ((sp_int128)a[ 6]) * b[ 2] + ((sp_int128)a[ 7]) * b[ 1] + ((sp_int128)a[ 8]) * b[ 0]; - t[ 7] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 7] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = ((sp_int128)a[ 1]) * b[ 8] + ((sp_int128)a[ 2]) * b[ 7] + ((sp_int128)a[ 3]) * b[ 6] @@ -43028,7 +42876,7 @@ SP_NOINLINE static void sp_1024_mul_9(sp_digit* r, const sp_digit* a, + ((sp_int128)a[ 6]) * b[ 3] + ((sp_int128)a[ 7]) * b[ 2] + ((sp_int128)a[ 8]) * b[ 1]; - t[ 8] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 8] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_int128)a[ 2]) * b[ 8] + ((sp_int128)a[ 3]) * b[ 7] + ((sp_int128)a[ 4]) * b[ 6] @@ -43036,35 +42884,35 @@ SP_NOINLINE static void sp_1024_mul_9(sp_digit* r, const sp_digit* a, + ((sp_int128)a[ 6]) * b[ 4] + ((sp_int128)a[ 7]) * b[ 3] + ((sp_int128)a[ 8]) * b[ 2]; - r[ 9] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + r[ 9] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = ((sp_int128)a[ 3]) * b[ 8] + ((sp_int128)a[ 4]) * b[ 7] + ((sp_int128)a[ 5]) * b[ 6] + ((sp_int128)a[ 6]) * b[ 5] + ((sp_int128)a[ 7]) * b[ 4] + ((sp_int128)a[ 8]) * b[ 3]; - r[10] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + r[10] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_int128)a[ 4]) * b[ 8] + ((sp_int128)a[ 5]) * b[ 7] + ((sp_int128)a[ 6]) * b[ 6] + ((sp_int128)a[ 7]) * b[ 5] + ((sp_int128)a[ 8]) * b[ 4]; - r[11] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + r[11] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = ((sp_int128)a[ 5]) * b[ 8] + ((sp_int128)a[ 6]) * b[ 7] + ((sp_int128)a[ 7]) * b[ 6] + ((sp_int128)a[ 8]) * b[ 5]; - r[12] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + r[12] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_int128)a[ 6]) * b[ 8] + ((sp_int128)a[ 7]) * b[ 7] + ((sp_int128)a[ 8]) * b[ 6]; - r[13] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + r[13] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = ((sp_int128)a[ 7]) * b[ 8] + ((sp_int128)a[ 8]) * b[ 7]; - r[14] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + r[14] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_int128)a[ 8]) * b[ 8]; - r[15] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; - r[16] = t0 & 0x1ffffffffffffffL; + r[15] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; + r[16] = (sp_digit)(t0 & 0x1ffffffffffffffL); r[17] = (sp_digit)(t0 >> 57); XMEMCPY(r, t, sizeof(t)); } @@ -43082,66 +42930,66 @@ SP_NOINLINE static void sp_1024_sqr_9(sp_digit* r, const sp_digit* a) t0 = ((sp_int128)a[ 0]) * a[ 0]; t1 = (((sp_int128)a[ 0]) * a[ 1]) * 2; - t[ 0] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 0] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = (((sp_int128)a[ 0]) * a[ 2]) * 2 + ((sp_int128)a[ 1]) * a[ 1]; - t[ 1] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 1] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = (((sp_int128)a[ 0]) * a[ 3] + ((sp_int128)a[ 1]) * a[ 2]) * 2; - t[ 2] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 2] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = (((sp_int128)a[ 0]) * a[ 4] + ((sp_int128)a[ 1]) * a[ 3]) * 2 + ((sp_int128)a[ 2]) * a[ 2]; - t[ 3] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 3] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = (((sp_int128)a[ 0]) * a[ 5] + ((sp_int128)a[ 1]) * a[ 4] + ((sp_int128)a[ 2]) * a[ 3]) * 2; - t[ 4] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 4] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = (((sp_int128)a[ 0]) * a[ 6] + ((sp_int128)a[ 1]) * a[ 5] + ((sp_int128)a[ 2]) * a[ 4]) * 2 + ((sp_int128)a[ 3]) * a[ 3]; - t[ 5] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 5] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = (((sp_int128)a[ 0]) * a[ 7] + ((sp_int128)a[ 1]) * a[ 6] + ((sp_int128)a[ 2]) * a[ 5] + ((sp_int128)a[ 3]) * a[ 4]) * 2; - t[ 6] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 6] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = (((sp_int128)a[ 0]) * a[ 8] + ((sp_int128)a[ 1]) * a[ 7] + ((sp_int128)a[ 2]) * a[ 6] + ((sp_int128)a[ 3]) * a[ 5]) * 2 + ((sp_int128)a[ 4]) * a[ 4]; - t[ 7] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + t[ 7] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = (((sp_int128)a[ 1]) * a[ 8] + ((sp_int128)a[ 2]) * a[ 7] + ((sp_int128)a[ 3]) * a[ 6] + ((sp_int128)a[ 4]) * a[ 5]) * 2; - t[ 8] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + t[ 8] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = (((sp_int128)a[ 2]) * a[ 8] + ((sp_int128)a[ 3]) * a[ 7] + ((sp_int128)a[ 4]) * a[ 6]) * 2 + ((sp_int128)a[ 5]) * a[ 5]; - r[ 9] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + r[ 9] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = (((sp_int128)a[ 3]) * a[ 8] + ((sp_int128)a[ 4]) * a[ 7] + ((sp_int128)a[ 5]) * a[ 6]) * 2; - r[10] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + r[10] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = (((sp_int128)a[ 4]) * a[ 8] + ((sp_int128)a[ 5]) * a[ 7]) * 2 + ((sp_int128)a[ 6]) * a[ 6]; - r[11] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + r[11] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = (((sp_int128)a[ 5]) * a[ 8] + ((sp_int128)a[ 6]) * a[ 7]) * 2; - r[12] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + r[12] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = (((sp_int128)a[ 6]) * a[ 8]) * 2 + ((sp_int128)a[ 7]) * a[ 7]; - r[13] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; + r[13] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; t1 = (((sp_int128)a[ 7]) * a[ 8]) * 2; - r[14] = t0 & 0x1ffffffffffffffL; t1 += t0 >> 57; + r[14] = (sp_digit)(t0 & 0x1ffffffffffffffL); t1 += t0 >> 57; t0 = ((sp_int128)a[ 8]) * a[ 8]; - r[15] = t1 & 0x1ffffffffffffffL; t0 += t1 >> 57; - r[16] = t0 & 0x1ffffffffffffffL; + r[15] = (sp_digit)(t1 & 0x1ffffffffffffffL); t0 += t1 >> 57; + r[16] = (sp_digit)(t0 & 0x1ffffffffffffffL); r[17] = (sp_digit)(t0 >> 57); XMEMCPY(r, t, sizeof(t)); } @@ -43657,20 +43505,20 @@ SP_NOINLINE static void sp_1024_rshift_18(sp_digit* r, const sp_digit* a, #ifdef WOLFSSL_SP_SMALL for (i=0; i<17; i++) { - r[i] = ((a[i] >> n) | (a[i + 1] << (57 - n))) & 0x1ffffffffffffffL; + r[i] = (sp_digit)(((a[i] >> n) | (a[i + 1] << (57 - n))) & 0x1ffffffffffffffL); } #else for (i=0; i<16; i += 8) { - r[i+0] = (a[i+0] >> n) | ((a[i+1] << (57 - n)) & 0x1ffffffffffffffL); - r[i+1] = (a[i+1] >> n) | ((a[i+2] << (57 - n)) & 0x1ffffffffffffffL); - r[i+2] = (a[i+2] >> n) | ((a[i+3] << (57 - n)) & 0x1ffffffffffffffL); - r[i+3] = (a[i+3] >> n) | ((a[i+4] << (57 - n)) & 0x1ffffffffffffffL); - r[i+4] = (a[i+4] >> n) | ((a[i+5] << (57 - n)) & 0x1ffffffffffffffL); - r[i+5] = (a[i+5] >> n) | ((a[i+6] << (57 - n)) & 0x1ffffffffffffffL); - r[i+6] = (a[i+6] >> n) | ((a[i+7] << (57 - n)) & 0x1ffffffffffffffL); - r[i+7] = (a[i+7] >> n) | ((a[i+8] << (57 - n)) & 0x1ffffffffffffffL); - } - r[16] = (a[16] >> n) | ((a[17] << (57 - n)) & 0x1ffffffffffffffL); + r[i+0] = (a[i+0] >> n) | (sp_digit)((a[i+1] << (57 - n)) & 0x1ffffffffffffffL); + r[i+1] = (a[i+1] >> n) | (sp_digit)((a[i+2] << (57 - n)) & 0x1ffffffffffffffL); + r[i+2] = (a[i+2] >> n) | (sp_digit)((a[i+3] << (57 - n)) & 0x1ffffffffffffffL); + r[i+3] = (a[i+3] >> n) | (sp_digit)((a[i+4] << (57 - n)) & 0x1ffffffffffffffL); + r[i+4] = (a[i+4] >> n) | (sp_digit)((a[i+5] << (57 - n)) & 0x1ffffffffffffffL); + r[i+5] = (a[i+5] >> n) | (sp_digit)((a[i+6] << (57 - n)) & 0x1ffffffffffffffL); + r[i+6] = (a[i+6] >> n) | (sp_digit)((a[i+7] << (57 - n)) & 0x1ffffffffffffffL); + r[i+7] = (a[i+7] >> n) | (sp_digit)((a[i+8] << (57 - n)) & 0x1ffffffffffffffL); + } + r[16] = (a[16] >> n) | (sp_digit)((a[17] << (57 - n)) & 0x1ffffffffffffffL); #endif /* WOLFSSL_SP_SMALL */ r[17] = a[17] >> n; } @@ -43847,8 +43695,7 @@ static int sp_1024_div_18(const sp_digit* a, const sp_digit* d, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(t1, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -43927,16 +43774,16 @@ static void sp_1024_point_free_18(sp_point_1024* p, int clear, void* heap) { #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) -/* If valid pointer then clear point data if requested and free data. */ + /* If valid pointer then clear point data if requested and free data. */ if (p != NULL) { - if (clear != 0) { + if (clear) { XMEMSET(p, 0, sizeof(*p)); } XFREE(p, heap, DYNAMIC_TYPE_ECC); } #else -/* Clear point data if requested. */ - if ((p != NULL) && (clear != 0)) { + /* Clear point data if requested. */ + if ((p != NULL) && clear) { XMEMSET(p, 0, sizeof(*p)); } #endif @@ -44230,20 +44077,20 @@ SP_NOINLINE static void sp_1024_mul_add_18(sp_digit* r, const sp_digit* a, t[1] = (tb * a[i+1]) + r[i+1]; t[2] = (tb * a[i+2]) + r[i+2]; t[3] = (tb * a[i+3]) + r[i+3]; - r[i+0] = t[0] & 0x1ffffffffffffffL; + r[i+0] = (sp_digit)(t[0] & 0x1ffffffffffffffL); t[1] += t[0] >> 57; - r[i+1] = t[1] & 0x1ffffffffffffffL; + r[i+1] = (sp_digit)(t[1] & 0x1ffffffffffffffL); t[2] += t[1] >> 57; - r[i+2] = t[2] & 0x1ffffffffffffffL; + r[i+2] = (sp_digit)(t[2] & 0x1ffffffffffffffL); t[3] += t[2] >> 57; - r[i+3] = t[3] & 0x1ffffffffffffffL; + r[i+3] = (sp_digit)(t[3] & 0x1ffffffffffffffL); t[0] = t[3] >> 57; } t[0] += (tb * a[16]) + r[16]; t[1] = (tb * a[17]) + r[17]; - r[16] = t[0] & 0x1ffffffffffffffL; + r[16] = (sp_digit)(t[0] & 0x1ffffffffffffffL); t[1] += t[0] >> 57; - r[17] = t[1] & 0x1ffffffffffffffL; + r[17] = (sp_digit)(t[1] & 0x1ffffffffffffffL); r[18] += (sp_digit)(t[1] >> 57); #else sp_int128 tb = b; @@ -44289,7 +44136,7 @@ static void sp_1024_mont_shift_18(sp_digit* r, const sp_digit* a) n = a[17] >> 55; for (i = 0; i < 17; i++) { n += (sp_uint64)a[18 + i] << 2; - r[i] = n & 0x1ffffffffffffffL; + r[i] = (sp_digit)(n & 0x1ffffffffffffffL); n >>= 57; } n += (sp_uint64)a[35] << 2; @@ -44301,16 +44148,16 @@ static void sp_1024_mont_shift_18(sp_digit* r, const sp_digit* a) n = (sp_uint64)a[17]; n = n >> 55U; for (i = 0; i < 16; i += 8) { - n += (sp_uint64)a[i+18] << 2U; r[i+0] = n & 0x1ffffffffffffffUL; n >>= 57U; - n += (sp_uint64)a[i+19] << 2U; r[i+1] = n & 0x1ffffffffffffffUL; n >>= 57U; - n += (sp_uint64)a[i+20] << 2U; r[i+2] = n & 0x1ffffffffffffffUL; n >>= 57U; - n += (sp_uint64)a[i+21] << 2U; r[i+3] = n & 0x1ffffffffffffffUL; n >>= 57U; - n += (sp_uint64)a[i+22] << 2U; r[i+4] = n & 0x1ffffffffffffffUL; n >>= 57U; - n += (sp_uint64)a[i+23] << 2U; r[i+5] = n & 0x1ffffffffffffffUL; n >>= 57U; - n += (sp_uint64)a[i+24] << 2U; r[i+6] = n & 0x1ffffffffffffffUL; n >>= 57U; - n += (sp_uint64)a[i+25] << 2U; r[i+7] = n & 0x1ffffffffffffffUL; n >>= 57U; - } - n += (sp_uint64)a[34] << 2U; r[16] = n & 0x1ffffffffffffffUL; n >>= 57U; + n += (sp_uint64)a[i+18] << 2U; r[i+0] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U; + n += (sp_uint64)a[i+19] << 2U; r[i+1] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U; + n += (sp_uint64)a[i+20] << 2U; r[i+2] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U; + n += (sp_uint64)a[i+21] << 2U; r[i+3] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U; + n += (sp_uint64)a[i+22] << 2U; r[i+4] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U; + n += (sp_uint64)a[i+23] << 2U; r[i+5] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U; + n += (sp_uint64)a[i+24] << 2U; r[i+6] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U; + n += (sp_uint64)a[i+25] << 2U; r[i+7] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U; + } + n += (sp_uint64)a[34] << 2U; r[16] = (sp_digit)(n & 0x1ffffffffffffffUL); n >>= 57U; n += (sp_uint64)a[35] << 2U; r[17] = n; #endif /* WOLFSSL_SP_SMALL */ XMEMSET(&r[18], 0, sizeof(*r) * 18U); @@ -44332,22 +44179,22 @@ static void sp_1024_mont_reduce_18(sp_digit* a, const sp_digit* m, sp_digit mp) if (mp != 1) { for (i=0; i<17; i++) { - mu = (a[i] * mp) & 0x1ffffffffffffffL; + mu = (sp_digit)((a[i] * mp) & 0x1ffffffffffffffL); sp_1024_mul_add_18(a+i, m, mu); a[i+1] += a[i] >> 57; } - mu = (a[i] * mp) & 0x7fffffffffffffL; + mu = (sp_digit)((a[i] * mp) & 0x7fffffffffffffL); sp_1024_mul_add_18(a+i, m, mu); a[i+1] += a[i] >> 57; a[i] &= 0x1ffffffffffffffL; } else { for (i=0; i<17; i++) { - mu = a[i] & 0x1ffffffffffffffL; + mu = (sp_digit)(a[i] & 0x1ffffffffffffffL); sp_1024_mul_add_18(a+i, m, mu); a[i+1] += a[i] >> 57; } - mu = a[i] & 0x7fffffffffffffL; + mu = (sp_digit)(a[i] & 0x7fffffffffffffL); sp_1024_mul_add_18(a+i, m, mu); a[i+1] += a[i] >> 57; a[i] &= 0x1ffffffffffffffL; @@ -44473,7 +44320,7 @@ static void sp_1024_map_18(sp_point_1024* r, const sp_point_1024* p, sp_1024_mont_reduce_18(r->x, p1024_mod, p1024_mp_mod); /* Reduce x to less than modulus */ n = sp_1024_cmp_18(r->x, p1024_mod); - sp_1024_cond_sub_18(r->x, r->x, p1024_mod, ~(n >> 56)); + sp_1024_cond_sub_18(r->x, r->x, p1024_mod, (sp_digit)~(n >> 56)); sp_1024_norm_18(r->x); /* y /= z^3 */ @@ -44482,7 +44329,7 @@ static void sp_1024_map_18(sp_point_1024* r, const sp_point_1024* p, sp_1024_mont_reduce_18(r->y, p1024_mod, p1024_mp_mod); /* Reduce y to less than modulus */ n = sp_1024_cmp_18(r->y, p1024_mod); - sp_1024_cond_sub_18(r->y, r->y, p1024_mod, ~(n >> 56)); + sp_1024_cond_sub_18(r->y, r->y, p1024_mod, (sp_digit)~(n >> 56)); sp_1024_norm_18(r->y); XMEMSET(r->z, 0, sizeof(r->z) / 2); @@ -44572,26 +44419,26 @@ SP_NOINLINE static void sp_1024_rshift1_18(sp_digit* r, const sp_digit* a) int i; for (i=0; i<17; i++) { - r[i] = (a[i] >> 1) + ((a[i + 1] << 56) & 0x1ffffffffffffffL); - } -#else - r[0] = (a[0] >> 1) + ((a[1] << 56) & 0x1ffffffffffffffL); - r[1] = (a[1] >> 1) + ((a[2] << 56) & 0x1ffffffffffffffL); - r[2] = (a[2] >> 1) + ((a[3] << 56) & 0x1ffffffffffffffL); - r[3] = (a[3] >> 1) + ((a[4] << 56) & 0x1ffffffffffffffL); - r[4] = (a[4] >> 1) + ((a[5] << 56) & 0x1ffffffffffffffL); - r[5] = (a[5] >> 1) + ((a[6] << 56) & 0x1ffffffffffffffL); - r[6] = (a[6] >> 1) + ((a[7] << 56) & 0x1ffffffffffffffL); - r[7] = (a[7] >> 1) + ((a[8] << 56) & 0x1ffffffffffffffL); - r[8] = (a[8] >> 1) + ((a[9] << 56) & 0x1ffffffffffffffL); - r[9] = (a[9] >> 1) + ((a[10] << 56) & 0x1ffffffffffffffL); - r[10] = (a[10] >> 1) + ((a[11] << 56) & 0x1ffffffffffffffL); - r[11] = (a[11] >> 1) + ((a[12] << 56) & 0x1ffffffffffffffL); - r[12] = (a[12] >> 1) + ((a[13] << 56) & 0x1ffffffffffffffL); - r[13] = (a[13] >> 1) + ((a[14] << 56) & 0x1ffffffffffffffL); - r[14] = (a[14] >> 1) + ((a[15] << 56) & 0x1ffffffffffffffL); - r[15] = (a[15] >> 1) + ((a[16] << 56) & 0x1ffffffffffffffL); - r[16] = (a[16] >> 1) + ((a[17] << 56) & 0x1ffffffffffffffL); + r[i] = (a[i] >> 1) + (sp_digit)((a[i + 1] << 56) & 0x1ffffffffffffffL); + } +#else + r[0] = (a[0] >> 1) + (sp_digit)((a[1] << 56) & 0x1ffffffffffffffL); + r[1] = (a[1] >> 1) + (sp_digit)((a[2] << 56) & 0x1ffffffffffffffL); + r[2] = (a[2] >> 1) + (sp_digit)((a[3] << 56) & 0x1ffffffffffffffL); + r[3] = (a[3] >> 1) + (sp_digit)((a[4] << 56) & 0x1ffffffffffffffL); + r[4] = (a[4] >> 1) + (sp_digit)((a[5] << 56) & 0x1ffffffffffffffL); + r[5] = (a[5] >> 1) + (sp_digit)((a[6] << 56) & 0x1ffffffffffffffL); + r[6] = (a[6] >> 1) + (sp_digit)((a[7] << 56) & 0x1ffffffffffffffL); + r[7] = (a[7] >> 1) + (sp_digit)((a[8] << 56) & 0x1ffffffffffffffL); + r[8] = (a[8] >> 1) + (sp_digit)((a[9] << 56) & 0x1ffffffffffffffL); + r[9] = (a[9] >> 1) + (sp_digit)((a[10] << 56) & 0x1ffffffffffffffL); + r[10] = (a[10] >> 1) + (sp_digit)((a[11] << 56) & 0x1ffffffffffffffL); + r[11] = (a[11] >> 1) + (sp_digit)((a[12] << 56) & 0x1ffffffffffffffL); + r[12] = (a[12] >> 1) + (sp_digit)((a[13] << 56) & 0x1ffffffffffffffL); + r[13] = (a[13] >> 1) + (sp_digit)((a[14] << 56) & 0x1ffffffffffffffL); + r[14] = (a[14] >> 1) + (sp_digit)((a[15] << 56) & 0x1ffffffffffffffL); + r[15] = (a[15] >> 1) + (sp_digit)((a[16] << 56) & 0x1ffffffffffffffL); + r[16] = (a[16] >> 1) + (sp_digit)((a[17] << 56) & 0x1ffffffffffffffL); #endif r[17] = a[17] >> 1; } @@ -44906,8 +44753,8 @@ static void sp_1024_proj_point_add_18(sp_point_1024* r, sp_1024_mont_sub_18(y, y, t5, p1024_mod); { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -44924,7 +44771,7 @@ static void sp_1024_proj_point_add_18(sp_point_1024* r, (z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } } } @@ -45098,8 +44945,8 @@ static int sp_1024_proj_point_add_18_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024* r, { { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -45116,7 +44963,7 @@ static int sp_1024_proj_point_add_18_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024* r, (ctx->z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } ctx->state = 25; break; @@ -45728,7 +45575,7 @@ static void sp_1024_ecc_recode_7_18(const sp_digit* k, ecc_recode_1024* v) n = k[j]; o = 0; for (i=0; i<147; i++) { - y = (int8_t)n; + y = (uint8_t)(int8_t)n; if (o + 7 < 57) { y &= 0x7f; n >>= 7; @@ -45894,10 +45741,8 @@ static int sp_1024_ecc_mulmod_win_add_sub_18(sp_point_1024* r, const sp_point_10 } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (tmp != NULL) - XFREE(tmp, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(tmp, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -45963,8 +45808,8 @@ static void sp_1024_proj_point_add_qz1_18(sp_point_1024* r, sp_1024_mont_sub_18(y, t3, t1, p1024_mod); { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -45981,7 +45826,7 @@ static void sp_1024_proj_point_add_qz1_18(sp_point_1024* r, (z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } } } @@ -46092,8 +45937,7 @@ static int sp_1024_gen_stripe_table_18(const sp_point_1024* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -46192,10 +46036,8 @@ static int sp_1024_ecc_mulmod_stripe_18(sp_point_1024* r, const sp_point_1024* g } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -46413,10 +46255,8 @@ int sp_ecc_mulmod_1024(const mp_int* km, const ecc_point* gm, ecc_point* r, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -49844,10 +49684,8 @@ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -49922,10 +49760,8 @@ int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -49959,7 +49795,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len, if ((err == MP_OKAY) && (table == NULL)) { *len = sizeof(sp_table_entry_1024) * 256; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if ((err == MP_OKAY) && (*len < (int)(sizeof(sp_table_entry_1024) * 256))) { err = BUFFER_E; @@ -49990,10 +49826,8 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -50019,7 +49853,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len, if ((err == 0) && (table == NULL)) { *len = 0; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if ((err == 0) && (*len != 0)) { err = BUFFER_E; @@ -50086,10 +49920,8 @@ int sp_ecc_mulmod_table_1024(const mp_int* km, const ecc_point* gm, byte* table, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -50236,9 +50068,7 @@ int sp_ModExp_Fp_star_1024(const mp_int* base, mp_int* exp, mp_int* res) #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; } @@ -51878,9 +51708,7 @@ int sp_ModExp_Fp_star_1024(const mp_int* base, mp_int* exp, mp_int* res) #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; } @@ -52248,9 +52076,7 @@ int sp_Pairing_1024(const ecc_point* pm, const ecc_point* qm, mp_int* res) #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif sp_1024_point_free_18(c, 1, NULL); sp_1024_point_free_18(q, 1, NULL); @@ -52675,9 +52501,7 @@ int sp_Pairing_1024(const ecc_point* pm, const ecc_point* qm, mp_int* res) #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif sp_1024_point_free_18(c, 1, NULL); sp_1024_point_free_18(q, 1, NULL); @@ -52707,7 +52531,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table, if (table == NULL) { *len = 0; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } else if (*len != 0) { err = BUFFER_E; @@ -52936,7 +52760,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table, if (table == NULL) { *len = sizeof(sp_table_entry_1024) * 1167; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if ((err == MP_OKAY) && @@ -53043,9 +52867,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table, #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif sp_1024_point_free_18(neg, 1, NULL); sp_1024_point_free_18(c, 1, NULL); @@ -53238,9 +53060,7 @@ int sp_Pairing_precomp_1024(const ecc_point* pm, const ecc_point* qm, #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif sp_1024_point_free_18(c, 1, NULL); sp_1024_point_free_18(q, 1, NULL); @@ -53330,7 +53150,7 @@ static int sp_1024_ecc_is_point_18(const sp_point_1024* point, n = sp_1024_cmp_18(t1, p1024_mod); - sp_1024_cond_sub_18(t1, t1, p1024_mod, ~(n >> 56)); + sp_1024_cond_sub_18(t1, t1, p1024_mod, (sp_digit)~(n >> 56)); sp_1024_norm_18(t1); if (!sp_1024_iszero_18(t1)) { err = MP_VAL; @@ -53338,8 +53158,7 @@ static int sp_1024_ecc_is_point_18(const sp_point_1024* point, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, heap, DYNAMIC_TYPE_ECC); + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -53378,8 +53197,7 @@ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY) } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, NULL, DYNAMIC_TYPE_ECC); + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -53487,10 +53305,8 @@ int sp_ecc_check_key_1024(const mp_int* pX, const mp_int* pY, } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, heap, DYNAMIC_TYPE_ECC); - if (priv != NULL) - XFREE(priv, heap, DYNAMIC_TYPE_ECC); + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + XFREE(priv, heap, DYNAMIC_TYPE_ECC); #endif return err; diff --git a/src/wolfcrypt/src/sp_cortexm.c b/src/wolfcrypt/src/sp_cortexm.c index 8ef1a13..25404a7 100644 --- a/src/wolfcrypt/src/sp_cortexm.c +++ b/src/wolfcrypt/src/sp_cortexm.c @@ -1,6 +1,6 @@ /* sp.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -67,7 +67,7 @@ do { \ int ii; \ fprintf(stderr, name "=0x"); \ - for (ii = ((bits + 31) / 32) - 1; ii >= 0; ii--) \ + for (ii = (((bits) + 31) / 32) - 1; ii >= 0; ii--) \ fprintf(stderr, SP_PRINT_FMT, (var)[ii]); \ fprintf(stderr, "\n"); \ } while (0) @@ -240,7 +240,7 @@ static void sp_2048_to_bin_64(sp_digit* r, byte* a) #define sp_2048_norm_64(a) #ifndef WOLFSSL_SP_SMALL -#ifdef WOLFSSL_SP_NO_UMAAL +#ifdef WOLFSSL_ARM_ARCH_7M /* Multiply a and b into r. (r = a * b) * * r A single precision integer. @@ -736,7 +736,7 @@ SP_NOINLINE static void sp_2048_mul_8(sp_digit* r, const sp_digit* a, const sp_d ); } -#endif /* WOLFSSL_SP_NO_UMAAL */ +#endif /* WOLFSSL_ARM_ARCH_7M */ /* Add b to a into r. (r = a + b) * * r A single precision integer. @@ -1533,7 +1533,7 @@ SP_NOINLINE static void sp_2048_mul_64(sp_digit* r, const sp_digit* a, (void)sp_2048_add_32(r + 96, r + 96, a1); } -#ifdef WOLFSSL_SP_NO_UMAAL +#ifdef WOLFSSL_ARM_ARCH_7M /* Square a and put result in r. (r = a * a) * * r A single precision integer. @@ -1899,7 +1899,7 @@ SP_NOINLINE static void sp_2048_sqr_8(sp_digit* r, const sp_digit* a) ); } -#endif /* WOLFSSL_SP_NO_UMAAL */ +#endif /* WOLFSSL_ARM_ARCH_7M */ /* Sub b from a into r. (r = a - b) * * r A single precision integer. @@ -2211,7 +2211,11 @@ static sp_digit sp_2048_add_64(sp_digit* r, const sp_digit* a, const sp_digit* b "MOV r3, #0x0\n\t" "ADD r12, %[a], #0x100\n\t" "\n" - "L_sp_2048_add_64_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_add_64_word:\n\t" +#else + "L_sp_2048_add_64_word_%=:\n\t" +#endif "ADDS r3, r3, #0xffffffff\n\t" "LDM %[a]!, {r4, r5, r6, r7}\n\t" "LDM %[b]!, {r8, r9, r10, r11}\n\t" @@ -2223,10 +2227,12 @@ static sp_digit sp_2048_add_64(sp_digit* r, const sp_digit* a, const sp_digit* b "MOV r4, #0x0\n\t" "ADC r3, r4, #0x0\n\t" "CMP %[a], r12\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_2048_add_64_word%=\n\t" +#if defined(__GNUC__) + "BNE L_sp_2048_add_64_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_sp_2048_add_64_word\n\t" #else - "BNE.N L_sp_2048_add_64_word%=\n\t" + "BNE.N L_sp_2048_add_64_word_%=\n\t" #endif "MOV %[r], r3\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) @@ -2258,7 +2264,11 @@ static sp_digit sp_2048_sub_in_place_64(sp_digit* a, const sp_digit* b) "MOV r10, #0x0\n\t" "ADD r11, %[a], #0x100\n\t" "\n" - "L_sp_2048_sub_in_pkace_64_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_sub_in_pkace_64_word:\n\t" +#else + "L_sp_2048_sub_in_pkace_64_word_%=:\n\t" +#endif "RSBS r10, r10, #0x0\n\t" "LDM %[a], {r2, r3, r4, r5}\n\t" "LDM %[b]!, {r6, r7, r8, r9}\n\t" @@ -2269,10 +2279,12 @@ static sp_digit sp_2048_sub_in_place_64(sp_digit* a, const sp_digit* b) "STM %[a]!, {r2, r3, r4, r5}\n\t" "SBC r10, r10, r10\n\t" "CMP %[a], r11\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_2048_sub_in_pkace_64_word%=\n\t" +#if defined(__GNUC__) + "BNE L_sp_2048_sub_in_pkace_64_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_sp_2048_sub_in_pkace_64_word\n\t" #else - "BNE.N L_sp_2048_sub_in_pkace_64_word%=\n\t" + "BNE.N L_sp_2048_sub_in_pkace_64_word_%=\n\t" #endif "MOV %[a], r10\n\t" : [a] "+r" (a), [b] "+r" (b) @@ -2312,13 +2324,21 @@ static void sp_2048_mul_64(sp_digit* r, const sp_digit* a, const sp_digit* b) "MOV r8, #0x0\n\t" "MOV r5, #0x4\n\t" "\n" - "L_sp_2048_mul_64_outer%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_mul_64_outer:\n\t" +#else + "L_sp_2048_mul_64_outer_%=:\n\t" +#endif "SUBS r3, r5, #0xfc\n\t" "IT cc\n\t" "MOVCC r3, #0x0\n\t" "SUB r4, r5, r3\n\t" "\n" - "L_sp_2048_mul_64_inner%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_mul_64_inner:\n\t" +#else + "L_sp_2048_mul_64_inner_%=:\n\t" +#endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[b], r4]\n\t" "UMULL r9, r10, lr, r11\n\t" @@ -2334,15 +2354,19 @@ static void sp_2048_mul_64(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADD r3, r3, #0x4\n\t" "SUB r4, r4, #0x4\n\t" "CMP r3, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_2048_mul_64_inner_done%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_2048_mul_64_inner_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_2048_mul_64_inner_done\n\t" #else - "BGT.N L_sp_2048_mul_64_inner_done%=\n\t" + "BGT.N L_sp_2048_mul_64_inner_done_%=\n\t" #endif -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_2048_mul_64_inner%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_2048_mul_64_inner_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_2048_mul_64_inner\n\t" #else - "BLT.N L_sp_2048_mul_64_inner%=\n\t" + "BLT.N L_sp_2048_mul_64_inner_%=\n\t" #endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[b], r3]\n\t" @@ -2351,17 +2375,23 @@ static void sp_2048_mul_64(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADCS r7, r7, r10\n\t" "ADC r8, r8, #0x0\n\t" "\n" - "L_sp_2048_mul_64_inner_done%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_mul_64_inner_done:\n\t" +#else + "L_sp_2048_mul_64_inner_done_%=:\n\t" +#endif "STR r6, [sp, r5]\n\t" "MOV r6, r7\n\t" "MOV r7, r8\n\t" "MOV r8, #0x0\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0x1f4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLE L_sp_2048_mul_64_outer%=\n\t" +#if defined(__GNUC__) + "BLE L_sp_2048_mul_64_outer_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLE.N L_sp_2048_mul_64_outer\n\t" #else - "BLE.N L_sp_2048_mul_64_outer%=\n\t" + "BLE.N L_sp_2048_mul_64_outer_%=\n\t" #endif "LDR lr, [%[a], #252]\n\t" "LDR r11, [%[b], #252]\n\t" @@ -2370,14 +2400,20 @@ static void sp_2048_mul_64(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADD r5, r5, #0x4\n\t" "STR r7, [sp, r5]\n\t" "\n" - "L_sp_2048_mul_64_store%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_mul_64_store:\n\t" +#else + "L_sp_2048_mul_64_store_%=:\n\t" +#endif "LDM sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "STM %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "SUBS r5, r5, #0x20\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_2048_mul_64_store%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_2048_mul_64_store_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_2048_mul_64_store\n\t" #else - "BGT.N L_sp_2048_mul_64_store%=\n\t" + "BGT.N L_sp_2048_mul_64_store_%=\n\t" #endif : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : @@ -2410,13 +2446,21 @@ static void sp_2048_sqr_64(sp_digit* r, const sp_digit* a) "MOV r8, #0x0\n\t" "MOV r5, #0x4\n\t" "\n" - "L_sp_2048_sqr_64_outer%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_sqr_64_outer:\n\t" +#else + "L_sp_2048_sqr_64_outer_%=:\n\t" +#endif "SUBS r3, r5, #0xfc\n\t" "IT cc\n\t" "MOVCC r3, #0x0\n\t" "SUB r4, r5, r3\n\t" "\n" - "L_sp_2048_sqr_64_inner%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_sqr_64_inner:\n\t" +#else + "L_sp_2048_sqr_64_inner_%=:\n\t" +#endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[a], r4]\n\t" "UMULL r9, r10, lr, r11\n\t" @@ -2429,15 +2473,19 @@ static void sp_2048_sqr_64(sp_digit* r, const sp_digit* a) "ADD r3, r3, #0x4\n\t" "SUB r4, r4, #0x4\n\t" "CMP r3, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_2048_sqr_64_inner_done%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_2048_sqr_64_inner_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_2048_sqr_64_inner_done\n\t" #else - "BGT.N L_sp_2048_sqr_64_inner_done%=\n\t" + "BGT.N L_sp_2048_sqr_64_inner_done_%=\n\t" #endif -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_2048_sqr_64_inner%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_2048_sqr_64_inner_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_2048_sqr_64_inner\n\t" #else - "BLT.N L_sp_2048_sqr_64_inner%=\n\t" + "BLT.N L_sp_2048_sqr_64_inner_%=\n\t" #endif "LDR lr, [%[a], r3]\n\t" "UMULL r9, r10, lr, lr\n\t" @@ -2445,17 +2493,23 @@ static void sp_2048_sqr_64(sp_digit* r, const sp_digit* a) "ADCS r7, r7, r10\n\t" "ADC r8, r8, #0x0\n\t" "\n" - "L_sp_2048_sqr_64_inner_done%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_sqr_64_inner_done:\n\t" +#else + "L_sp_2048_sqr_64_inner_done_%=:\n\t" +#endif "STR r6, [sp, r5]\n\t" "MOV r6, r7\n\t" "MOV r7, r8\n\t" "MOV r8, #0x0\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0x1f4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLE L_sp_2048_sqr_64_outer%=\n\t" +#if defined(__GNUC__) + "BLE L_sp_2048_sqr_64_outer_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLE.N L_sp_2048_sqr_64_outer\n\t" #else - "BLE.N L_sp_2048_sqr_64_outer%=\n\t" + "BLE.N L_sp_2048_sqr_64_outer_%=\n\t" #endif "LDR lr, [%[a], #252]\n\t" "UMLAL r6, r7, lr, lr\n\t" @@ -2463,14 +2517,20 @@ static void sp_2048_sqr_64(sp_digit* r, const sp_digit* a) "ADD r5, r5, #0x4\n\t" "STR r7, [sp, r5]\n\t" "\n" - "L_sp_2048_sqr_64_store%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_sqr_64_store:\n\t" +#else + "L_sp_2048_sqr_64_store_%=:\n\t" +#endif "LDM sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "STM %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "SUBS r5, r5, #0x20\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_2048_sqr_64_store%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_2048_sqr_64_store_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_2048_sqr_64_store\n\t" #else - "BGT.N L_sp_2048_sqr_64_store%=\n\t" + "BGT.N L_sp_2048_sqr_64_store_%=\n\t" #endif : [r] "+r" (r), [a] "+r" (a) : @@ -2520,7 +2580,11 @@ static sp_digit sp_2048_add_32(sp_digit* r, const sp_digit* a, const sp_digit* b "MOV r3, #0x0\n\t" "ADD r12, %[a], #0x80\n\t" "\n" - "L_sp_2048_add_32_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_add_32_word:\n\t" +#else + "L_sp_2048_add_32_word_%=:\n\t" +#endif "ADDS r3, r3, #0xffffffff\n\t" "LDM %[a]!, {r4, r5, r6, r7}\n\t" "LDM %[b]!, {r8, r9, r10, r11}\n\t" @@ -2532,10 +2596,12 @@ static sp_digit sp_2048_add_32(sp_digit* r, const sp_digit* a, const sp_digit* b "MOV r4, #0x0\n\t" "ADC r3, r4, #0x0\n\t" "CMP %[a], r12\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_2048_add_32_word%=\n\t" +#if defined(__GNUC__) + "BNE L_sp_2048_add_32_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_sp_2048_add_32_word\n\t" #else - "BNE.N L_sp_2048_add_32_word%=\n\t" + "BNE.N L_sp_2048_add_32_word_%=\n\t" #endif "MOV %[r], r3\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) @@ -2567,7 +2633,11 @@ static sp_digit sp_2048_sub_in_place_32(sp_digit* a, const sp_digit* b) "MOV r10, #0x0\n\t" "ADD r11, %[a], #0x80\n\t" "\n" - "L_sp_2048_sub_in_pkace_32_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_sub_in_pkace_32_word:\n\t" +#else + "L_sp_2048_sub_in_pkace_32_word_%=:\n\t" +#endif "RSBS r10, r10, #0x0\n\t" "LDM %[a], {r2, r3, r4, r5}\n\t" "LDM %[b]!, {r6, r7, r8, r9}\n\t" @@ -2578,10 +2648,12 @@ static sp_digit sp_2048_sub_in_place_32(sp_digit* a, const sp_digit* b) "STM %[a]!, {r2, r3, r4, r5}\n\t" "SBC r10, r10, r10\n\t" "CMP %[a], r11\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_2048_sub_in_pkace_32_word%=\n\t" +#if defined(__GNUC__) + "BNE L_sp_2048_sub_in_pkace_32_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_sp_2048_sub_in_pkace_32_word\n\t" #else - "BNE.N L_sp_2048_sub_in_pkace_32_word%=\n\t" + "BNE.N L_sp_2048_sub_in_pkace_32_word_%=\n\t" #endif "MOV %[a], r10\n\t" : [a] "+r" (a), [b] "+r" (b) @@ -2621,13 +2693,21 @@ static void sp_2048_mul_32(sp_digit* r, const sp_digit* a, const sp_digit* b) "MOV r8, #0x0\n\t" "MOV r5, #0x4\n\t" "\n" - "L_sp_2048_mul_32_outer%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_mul_32_outer:\n\t" +#else + "L_sp_2048_mul_32_outer_%=:\n\t" +#endif "SUBS r3, r5, #0x7c\n\t" "IT cc\n\t" "MOVCC r3, #0x0\n\t" "SUB r4, r5, r3\n\t" "\n" - "L_sp_2048_mul_32_inner%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_mul_32_inner:\n\t" +#else + "L_sp_2048_mul_32_inner_%=:\n\t" +#endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[b], r4]\n\t" "UMULL r9, r10, lr, r11\n\t" @@ -2643,15 +2723,19 @@ static void sp_2048_mul_32(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADD r3, r3, #0x4\n\t" "SUB r4, r4, #0x4\n\t" "CMP r3, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_2048_mul_32_inner_done%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_2048_mul_32_inner_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_2048_mul_32_inner_done\n\t" #else - "BGT.N L_sp_2048_mul_32_inner_done%=\n\t" + "BGT.N L_sp_2048_mul_32_inner_done_%=\n\t" #endif -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_2048_mul_32_inner%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_2048_mul_32_inner_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_2048_mul_32_inner\n\t" #else - "BLT.N L_sp_2048_mul_32_inner%=\n\t" + "BLT.N L_sp_2048_mul_32_inner_%=\n\t" #endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[b], r3]\n\t" @@ -2660,17 +2744,23 @@ static void sp_2048_mul_32(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADCS r7, r7, r10\n\t" "ADC r8, r8, #0x0\n\t" "\n" - "L_sp_2048_mul_32_inner_done%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_mul_32_inner_done:\n\t" +#else + "L_sp_2048_mul_32_inner_done_%=:\n\t" +#endif "STR r6, [sp, r5]\n\t" "MOV r6, r7\n\t" "MOV r7, r8\n\t" "MOV r8, #0x0\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0xf4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLE L_sp_2048_mul_32_outer%=\n\t" +#if defined(__GNUC__) + "BLE L_sp_2048_mul_32_outer_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLE.N L_sp_2048_mul_32_outer\n\t" #else - "BLE.N L_sp_2048_mul_32_outer%=\n\t" + "BLE.N L_sp_2048_mul_32_outer_%=\n\t" #endif "LDR lr, [%[a], #124]\n\t" "LDR r11, [%[b], #124]\n\t" @@ -2679,14 +2769,20 @@ static void sp_2048_mul_32(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADD r5, r5, #0x4\n\t" "STR r7, [sp, r5]\n\t" "\n" - "L_sp_2048_mul_32_store%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_mul_32_store:\n\t" +#else + "L_sp_2048_mul_32_store_%=:\n\t" +#endif "LDM sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "STM %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "SUBS r5, r5, #0x20\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_2048_mul_32_store%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_2048_mul_32_store_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_2048_mul_32_store\n\t" #else - "BGT.N L_sp_2048_mul_32_store%=\n\t" + "BGT.N L_sp_2048_mul_32_store_%=\n\t" #endif : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : @@ -2719,13 +2815,21 @@ static void sp_2048_sqr_32(sp_digit* r, const sp_digit* a) "MOV r8, #0x0\n\t" "MOV r5, #0x4\n\t" "\n" - "L_sp_2048_sqr_32_outer%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_sqr_32_outer:\n\t" +#else + "L_sp_2048_sqr_32_outer_%=:\n\t" +#endif "SUBS r3, r5, #0x7c\n\t" "IT cc\n\t" "MOVCC r3, #0x0\n\t" "SUB r4, r5, r3\n\t" "\n" - "L_sp_2048_sqr_32_inner%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_sqr_32_inner:\n\t" +#else + "L_sp_2048_sqr_32_inner_%=:\n\t" +#endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[a], r4]\n\t" "UMULL r9, r10, lr, r11\n\t" @@ -2738,15 +2842,19 @@ static void sp_2048_sqr_32(sp_digit* r, const sp_digit* a) "ADD r3, r3, #0x4\n\t" "SUB r4, r4, #0x4\n\t" "CMP r3, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_2048_sqr_32_inner_done%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_2048_sqr_32_inner_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_2048_sqr_32_inner_done\n\t" #else - "BGT.N L_sp_2048_sqr_32_inner_done%=\n\t" + "BGT.N L_sp_2048_sqr_32_inner_done_%=\n\t" #endif -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_2048_sqr_32_inner%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_2048_sqr_32_inner_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_2048_sqr_32_inner\n\t" #else - "BLT.N L_sp_2048_sqr_32_inner%=\n\t" + "BLT.N L_sp_2048_sqr_32_inner_%=\n\t" #endif "LDR lr, [%[a], r3]\n\t" "UMULL r9, r10, lr, lr\n\t" @@ -2754,17 +2862,23 @@ static void sp_2048_sqr_32(sp_digit* r, const sp_digit* a) "ADCS r7, r7, r10\n\t" "ADC r8, r8, #0x0\n\t" "\n" - "L_sp_2048_sqr_32_inner_done%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_sqr_32_inner_done:\n\t" +#else + "L_sp_2048_sqr_32_inner_done_%=:\n\t" +#endif "STR r6, [sp, r5]\n\t" "MOV r6, r7\n\t" "MOV r7, r8\n\t" "MOV r8, #0x0\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0xf4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLE L_sp_2048_sqr_32_outer%=\n\t" +#if defined(__GNUC__) + "BLE L_sp_2048_sqr_32_outer_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLE.N L_sp_2048_sqr_32_outer\n\t" #else - "BLE.N L_sp_2048_sqr_32_outer%=\n\t" + "BLE.N L_sp_2048_sqr_32_outer_%=\n\t" #endif "LDR lr, [%[a], #124]\n\t" "UMLAL r6, r7, lr, lr\n\t" @@ -2772,14 +2886,20 @@ static void sp_2048_sqr_32(sp_digit* r, const sp_digit* a) "ADD r5, r5, #0x4\n\t" "STR r7, [sp, r5]\n\t" "\n" - "L_sp_2048_sqr_32_store%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_sqr_32_store:\n\t" +#else + "L_sp_2048_sqr_32_store_%=:\n\t" +#endif "LDM sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "STM %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "SUBS r5, r5, #0x20\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_2048_sqr_32_store%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_2048_sqr_32_store_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_2048_sqr_32_store\n\t" #else - "BGT.N L_sp_2048_sqr_32_store%=\n\t" + "BGT.N L_sp_2048_sqr_32_store_%=\n\t" #endif : [r] "+r" (r), [a] "+r" (a) : @@ -2838,7 +2958,11 @@ static void sp_2048_mul_d_64(sp_digit* r, const sp_digit* a, sp_digit b) "MOV r5, #0x0\n\t" "MOV r9, #0x4\n\t" "\n" - "L_sp_2048_mul_d_64_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_mul_d_64_word:\n\t" +#else + "L_sp_2048_mul_d_64_word_%=:\n\t" +#endif /* A[i] * B */ "LDR r8, [%[a], r9]\n\t" "UMULL r6, r7, %[b], r8\n\t" @@ -2851,10 +2975,12 @@ static void sp_2048_mul_d_64(sp_digit* r, const sp_digit* a, sp_digit b) "MOV r5, #0x0\n\t" "ADD r9, r9, #0x4\n\t" "CMP r9, #0x100\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_2048_mul_d_64_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_2048_mul_d_64_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_2048_mul_d_64_word\n\t" #else - "BLT.N L_sp_2048_mul_d_64_word%=\n\t" + "BLT.N L_sp_2048_mul_d_64_word_%=\n\t" #endif "STR r3, [%[r], #256]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) @@ -3252,7 +3378,11 @@ static sp_digit sp_2048_cond_sub_32(sp_digit* r, const sp_digit* a, const sp_dig "MOV r4, #0x0\n\t" "MOV r5, #0x0\n\t" "\n" - "L_sp_2048_cond_sub_32_words%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_cond_sub_32_words:\n\t" +#else + "L_sp_2048_cond_sub_32_words_%=:\n\t" +#endif "SUBS r4, r8, r4\n\t" "LDR r6, [%[a], r5]\n\t" "LDR r7, [%[b], r5]\n\t" @@ -3262,10 +3392,12 @@ static sp_digit sp_2048_cond_sub_32(sp_digit* r, const sp_digit* a, const sp_dig "STR r6, [%[r], r5]\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0x80\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_2048_cond_sub_32_words%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_2048_cond_sub_32_words_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_2048_cond_sub_32_words\n\t" #else - "BLT.N L_sp_2048_cond_sub_32_words%=\n\t" + "BLT.N L_sp_2048_cond_sub_32_words_%=\n\t" #endif "MOV %[r], r4\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) @@ -3448,7 +3580,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, s "LDR r4, [%[a]]\n\t" "LDR r5, [%[a], #4]\n\t" "\n" - "L_sp_2048_mont_reduce_32_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_mont_reduce_32_word:\n\t" +#else + "L_sp_2048_mont_reduce_32_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "MUL r10, %[mp], r4\n\t" /* a[i+0] += m[0] * mu */ @@ -3710,10 +3846,12 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, s "ADD r11, r11, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r11, #0x80\n\t" -#ifdef __GNUC__ - "BLT L_sp_2048_mont_reduce_32_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_2048_mont_reduce_32_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.W L_sp_2048_mont_reduce_32_word\n\t" #else - "BLT.W L_sp_2048_mont_reduce_32_word%=\n\t" + "BLT.W L_sp_2048_mont_reduce_32_word_%=\n\t" #endif /* Loop Done */ "STR r4, [%[a]]\n\t" @@ -3752,7 +3890,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, s /* ca = 0 */ "MOV r3, #0x0\n\t" "\n" - "L_sp_2048_mont_reduce_32_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_mont_reduce_32_word:\n\t" +#else + "L_sp_2048_mont_reduce_32_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "LDR r10, [%[a]]\n\t" "MUL r8, %[mp], r10\n\t" @@ -3760,7 +3902,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, s "MOV r12, #0x0\n\t" "MOV r4, #0x0\n\t" "\n" - "L_sp_2048_mont_reduce_32_mul%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_mont_reduce_32_mul:\n\t" +#else + "L_sp_2048_mont_reduce_32_mul_%=:\n\t" +#endif /* a[i+j+0] += m[j+0] * mu */ "LDR r7, [%[m], r12]\n\t" "LDR r10, [%[a], r12]\n\t" @@ -3802,10 +3948,12 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, s /* j += 1 */ "ADD r12, r12, #0x4\n\t" "CMP r12, #0x80\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_2048_mont_reduce_32_mul%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_2048_mont_reduce_32_mul_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_2048_mont_reduce_32_mul\n\t" #else - "BLT.N L_sp_2048_mont_reduce_32_mul%=\n\t" + "BLT.N L_sp_2048_mont_reduce_32_mul_%=\n\t" #endif "LDR r10, [%[a], #128]\n\t" "ADDS r4, r4, r3\n\t" @@ -3818,10 +3966,12 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, s "ADD r9, r9, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r9, #0x80\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_2048_mont_reduce_32_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_2048_mont_reduce_32_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_2048_mont_reduce_32_word\n\t" #else - "BLT.N L_sp_2048_mont_reduce_32_word%=\n\t" + "BLT.N L_sp_2048_mont_reduce_32_word_%=\n\t" #endif /* Loop Done */ "MOV %[mp], r3\n\t" @@ -3863,7 +4013,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, s "LDR r9, [%[a], #12]\n\t" "LDR r10, [%[a], #16]\n\t" "\n" - "L_sp_2048_mont_reduce_32_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_mont_reduce_32_word:\n\t" +#else + "L_sp_2048_mont_reduce_32_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "MUL lr, %[mp], r6\n\t" /* a[i+0] += m[0] * mu */ @@ -4030,10 +4184,12 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, s "ADD r4, r4, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r4, #0x80\n\t" -#ifdef __GNUC__ - "BLT L_sp_2048_mont_reduce_32_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_2048_mont_reduce_32_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.W L_sp_2048_mont_reduce_32_word\n\t" #else - "BLT.W L_sp_2048_mont_reduce_32_word%=\n\t" + "BLT.W L_sp_2048_mont_reduce_32_word_%=\n\t" #endif /* Loop Done */ "STR r6, [%[a]]\n\t" @@ -4075,7 +4231,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, s /* ca = 0 */ "MOV r3, #0x0\n\t" "\n" - "L_sp_2048_mont_reduce_32_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_mont_reduce_32_word:\n\t" +#else + "L_sp_2048_mont_reduce_32_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "LDR r10, [%[a]]\n\t" "MUL r8, %[mp], r10\n\t" @@ -4083,7 +4243,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, s "MOV r12, #0x0\n\t" "MOV r4, #0x0\n\t" "\n" - "L_sp_2048_mont_reduce_32_mul%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_mont_reduce_32_mul:\n\t" +#else + "L_sp_2048_mont_reduce_32_mul_%=:\n\t" +#endif /* a[i+j+0] += m[j+0] * mu */ "LDR r7, [%[m], r12]\n\t" "LDR r10, [%[a], r12]\n\t" @@ -4113,10 +4277,12 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, s /* j += 1 */ "ADD r12, r12, #0x4\n\t" "CMP r12, #0x80\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_2048_mont_reduce_32_mul%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_2048_mont_reduce_32_mul_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_2048_mont_reduce_32_mul\n\t" #else - "BLT.N L_sp_2048_mont_reduce_32_mul%=\n\t" + "BLT.N L_sp_2048_mont_reduce_32_mul_%=\n\t" #endif "LDR r10, [%[a], #128]\n\t" "ADDS r4, r4, r3\n\t" @@ -4129,10 +4295,12 @@ SP_NOINLINE static void sp_2048_mont_reduce_32(sp_digit* a, const sp_digit* m, s "ADD r9, r9, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r9, #0x80\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_2048_mont_reduce_32_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_2048_mont_reduce_32_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_2048_mont_reduce_32_word\n\t" #else - "BLT.N L_sp_2048_mont_reduce_32_word%=\n\t" + "BLT.N L_sp_2048_mont_reduce_32_word_%=\n\t" #endif /* Loop Done */ "MOV %[mp], r3\n\t" @@ -4203,7 +4371,11 @@ static void sp_2048_mul_d_32(sp_digit* r, const sp_digit* a, sp_digit b) "MOV r5, #0x0\n\t" "MOV r9, #0x4\n\t" "\n" - "L_sp_2048_mul_d_32_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_mul_d_32_word:\n\t" +#else + "L_sp_2048_mul_d_32_word_%=:\n\t" +#endif /* A[i] * B */ "LDR r8, [%[a], r9]\n\t" "UMULL r6, r7, %[b], r8\n\t" @@ -4216,10 +4388,12 @@ static void sp_2048_mul_d_32(sp_digit* r, const sp_digit* a, sp_digit b) "MOV r5, #0x0\n\t" "ADD r9, r9, #0x4\n\t" "CMP r9, #0x80\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_2048_mul_d_32_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_2048_mul_d_32_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_2048_mul_d_32_word\n\t" #else - "BLT.N L_sp_2048_mul_d_32_word%=\n\t" + "BLT.N L_sp_2048_mul_d_32_word_%=\n\t" #endif "STR r3, [%[r], #128]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) @@ -4517,7 +4691,11 @@ SP_NOINLINE static sp_digit div_2048_word_32(sp_digit d1, sp_digit d0, sp_digit /* Next 30 bits */ "MOV r4, #0x1d\n\t" "\n" - "L_div_2048_word_32_bit%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_div_2048_word_32_bit:\n\t" +#else + "L_div_2048_word_32_bit_%=:\n\t" +#endif "LSLS r6, r6, #1\n\t" "ADC r7, r7, r7\n\t" "SUBS r8, r5, r7\n\t" @@ -4527,7 +4705,13 @@ SP_NOINLINE static sp_digit div_2048_word_32(sp_digit d1, sp_digit d0, sp_digit "AND r8, r8, r5\n\t" "SUBS r7, r7, r8\n\t" "SUBS r4, r4, #0x1\n\t" - "bpl L_div_2048_word_32_bit%=\n\t" +#if defined(__GNUC__) + "BPL L_div_2048_word_32_bit_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BPL.N L_div_2048_word_32_bit\n\t" +#else + "BPL.N L_div_2048_word_32_bit_%=\n\t" +#endif "ADD r3, r3, r3\n\t" "ADD r3, r3, #0x1\n\t" "UMULL r6, r7, r3, %[div]\n\t" @@ -4579,7 +4763,11 @@ static sp_int32 sp_2048_cmp_32(const sp_digit* a, const sp_digit* b) #ifdef WOLFSSL_SP_SMALL "MOV r6, #0x7c\n\t" "\n" - "L_sp_2048_cmp_32_words%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_cmp_32_words:\n\t" +#else + "L_sp_2048_cmp_32_words_%=:\n\t" +#endif "LDR r4, [%[a], r6]\n\t" "LDR r5, [%[b], r6]\n\t" "AND r4, r4, r3\n\t" @@ -4592,7 +4780,11 @@ static sp_int32 sp_2048_cmp_32(const sp_digit* a, const sp_digit* b) "IT ne\n\t" "movne r3, r7\n\t" "SUBS r6, r6, #0x4\n\t" - "bcs L_sp_2048_cmp_32_words%=\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "bcs L_sp_2048_cmp_32_words\n\t" +#else + "bcs L_sp_2048_cmp_32_words_%=\n\t" +#endif "EOR r2, r2, r3\n\t" #else "LDR r4, [%[a], #124]\n\t" @@ -5153,13 +5345,12 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e, XMEMSET(&r[32], 0, sizeof(sp_digit) * 32U); sp_2048_mont_reduce_32(r, m, mp); - mask = 0 - (sp_2048_cmp_32(r, m) >= 0); + mask = (sp_digit)0 - (sp_2048_cmp_32(r, m) >= 0); sp_2048_cond_sub_32(r, r, m, mask); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -5322,13 +5513,12 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e, XMEMSET(&r[32], 0, sizeof(sp_digit) * 32U); sp_2048_mont_reduce_32(r, m, mp); - mask = 0 - (sp_2048_cmp_32(r, m) >= 0); + mask = (sp_digit)0 - (sp_2048_cmp_32(r, m) >= 0); sp_2048_cond_sub_32(r, r, m, mask); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -5380,7 +5570,11 @@ static sp_digit sp_2048_cond_sub_64(sp_digit* r, const sp_digit* a, const sp_dig "MOV r4, #0x0\n\t" "MOV r5, #0x0\n\t" "\n" - "L_sp_2048_cond_sub_64_words%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_cond_sub_64_words:\n\t" +#else + "L_sp_2048_cond_sub_64_words_%=:\n\t" +#endif "SUBS r4, r8, r4\n\t" "LDR r6, [%[a], r5]\n\t" "LDR r7, [%[b], r5]\n\t" @@ -5390,10 +5584,12 @@ static sp_digit sp_2048_cond_sub_64(sp_digit* r, const sp_digit* a, const sp_dig "STR r6, [%[r], r5]\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0x100\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_2048_cond_sub_64_words%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_2048_cond_sub_64_words_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_2048_cond_sub_64_words\n\t" #else - "BLT.N L_sp_2048_cond_sub_64_words%=\n\t" + "BLT.N L_sp_2048_cond_sub_64_words_%=\n\t" #endif "MOV %[r], r4\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) @@ -5688,7 +5884,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, s "LDR r4, [%[a]]\n\t" "LDR r5, [%[a], #4]\n\t" "\n" - "L_sp_2048_mont_reduce_64_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_mont_reduce_64_word:\n\t" +#else + "L_sp_2048_mont_reduce_64_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "MUL r10, %[mp], r4\n\t" /* a[i+0] += m[0] * mu */ @@ -6206,10 +6406,12 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, s "ADD r11, r11, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r11, #0x100\n\t" -#ifdef __GNUC__ - "BLT L_sp_2048_mont_reduce_64_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_2048_mont_reduce_64_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.W L_sp_2048_mont_reduce_64_word\n\t" #else - "BLT.W L_sp_2048_mont_reduce_64_word%=\n\t" + "BLT.W L_sp_2048_mont_reduce_64_word_%=\n\t" #endif /* Loop Done */ "STR r4, [%[a]]\n\t" @@ -6248,7 +6450,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, s /* ca = 0 */ "MOV r3, #0x0\n\t" "\n" - "L_sp_2048_mont_reduce_64_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_mont_reduce_64_word:\n\t" +#else + "L_sp_2048_mont_reduce_64_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "LDR r10, [%[a]]\n\t" "MUL r8, %[mp], r10\n\t" @@ -6256,7 +6462,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, s "MOV r12, #0x0\n\t" "MOV r4, #0x0\n\t" "\n" - "L_sp_2048_mont_reduce_64_mul%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_mont_reduce_64_mul:\n\t" +#else + "L_sp_2048_mont_reduce_64_mul_%=:\n\t" +#endif /* a[i+j+0] += m[j+0] * mu */ "LDR r7, [%[m], r12]\n\t" "LDR r10, [%[a], r12]\n\t" @@ -6298,10 +6508,12 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, s /* j += 1 */ "ADD r12, r12, #0x4\n\t" "CMP r12, #0x100\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_2048_mont_reduce_64_mul%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_2048_mont_reduce_64_mul_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_2048_mont_reduce_64_mul\n\t" #else - "BLT.N L_sp_2048_mont_reduce_64_mul%=\n\t" + "BLT.N L_sp_2048_mont_reduce_64_mul_%=\n\t" #endif "LDR r10, [%[a], #256]\n\t" "ADDS r4, r4, r3\n\t" @@ -6314,10 +6526,12 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, s "ADD r9, r9, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r9, #0x100\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_2048_mont_reduce_64_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_2048_mont_reduce_64_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_2048_mont_reduce_64_word\n\t" #else - "BLT.N L_sp_2048_mont_reduce_64_word%=\n\t" + "BLT.N L_sp_2048_mont_reduce_64_word_%=\n\t" #endif /* Loop Done */ "MOV %[mp], r3\n\t" @@ -6359,7 +6573,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, s "LDR r9, [%[a], #12]\n\t" "LDR r10, [%[a], #16]\n\t" "\n" - "L_sp_2048_mont_reduce_64_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_mont_reduce_64_word:\n\t" +#else + "L_sp_2048_mont_reduce_64_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "MUL lr, %[mp], r6\n\t" /* a[i+0] += m[0] * mu */ @@ -6686,10 +6904,12 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, s "ADD r4, r4, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r4, #0x100\n\t" -#ifdef __GNUC__ - "BLT L_sp_2048_mont_reduce_64_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_2048_mont_reduce_64_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.W L_sp_2048_mont_reduce_64_word\n\t" #else - "BLT.W L_sp_2048_mont_reduce_64_word%=\n\t" + "BLT.W L_sp_2048_mont_reduce_64_word_%=\n\t" #endif /* Loop Done */ "STR r6, [%[a]]\n\t" @@ -6731,7 +6951,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, s /* ca = 0 */ "MOV r3, #0x0\n\t" "\n" - "L_sp_2048_mont_reduce_64_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_mont_reduce_64_word:\n\t" +#else + "L_sp_2048_mont_reduce_64_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "LDR r10, [%[a]]\n\t" "MUL r8, %[mp], r10\n\t" @@ -6739,7 +6963,11 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, s "MOV r12, #0x0\n\t" "MOV r4, #0x0\n\t" "\n" - "L_sp_2048_mont_reduce_64_mul%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_mont_reduce_64_mul:\n\t" +#else + "L_sp_2048_mont_reduce_64_mul_%=:\n\t" +#endif /* a[i+j+0] += m[j+0] * mu */ "LDR r7, [%[m], r12]\n\t" "LDR r10, [%[a], r12]\n\t" @@ -6769,10 +6997,12 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, s /* j += 1 */ "ADD r12, r12, #0x4\n\t" "CMP r12, #0x100\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_2048_mont_reduce_64_mul%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_2048_mont_reduce_64_mul_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_2048_mont_reduce_64_mul\n\t" #else - "BLT.N L_sp_2048_mont_reduce_64_mul%=\n\t" + "BLT.N L_sp_2048_mont_reduce_64_mul_%=\n\t" #endif "LDR r10, [%[a], #256]\n\t" "ADDS r4, r4, r3\n\t" @@ -6785,10 +7015,12 @@ SP_NOINLINE static void sp_2048_mont_reduce_64(sp_digit* a, const sp_digit* m, s "ADD r9, r9, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r9, #0x100\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_2048_mont_reduce_64_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_2048_mont_reduce_64_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_2048_mont_reduce_64_word\n\t" #else - "BLT.N L_sp_2048_mont_reduce_64_word%=\n\t" + "BLT.N L_sp_2048_mont_reduce_64_word_%=\n\t" #endif /* Loop Done */ "MOV %[mp], r3\n\t" @@ -6854,7 +7086,11 @@ static sp_digit sp_2048_sub_64(sp_digit* r, const sp_digit* a, const sp_digit* b "MOV r11, #0x0\n\t" "ADD r12, %[a], #0x100\n\t" "\n" - "L_sp_2048_sub_64_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_sub_64_word:\n\t" +#else + "L_sp_2048_sub_64_word_%=:\n\t" +#endif "RSBS r11, r11, #0x0\n\t" "LDM %[a]!, {r3, r4, r5, r6}\n\t" "LDM %[b]!, {r7, r8, r9, r10}\n\t" @@ -6865,10 +7101,12 @@ static sp_digit sp_2048_sub_64(sp_digit* r, const sp_digit* a, const sp_digit* b "STM %[r]!, {r3, r4, r5, r6}\n\t" "SBC r11, r3, r3\n\t" "CMP %[a], r12\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_2048_sub_64_word%=\n\t" +#if defined(__GNUC__) + "BNE L_sp_2048_sub_64_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_sp_2048_sub_64_word\n\t" #else - "BNE.N L_sp_2048_sub_64_word%=\n\t" + "BNE.N L_sp_2048_sub_64_word_%=\n\t" #endif "MOV %[r], r11\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) @@ -7121,7 +7359,11 @@ SP_NOINLINE static sp_digit div_2048_word_64(sp_digit d1, sp_digit d0, sp_digit /* Next 30 bits */ "MOV r4, #0x1d\n\t" "\n" - "L_div_2048_word_64_bit%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_div_2048_word_64_bit:\n\t" +#else + "L_div_2048_word_64_bit_%=:\n\t" +#endif "LSLS r6, r6, #1\n\t" "ADC r7, r7, r7\n\t" "SUBS r8, r5, r7\n\t" @@ -7131,7 +7373,13 @@ SP_NOINLINE static sp_digit div_2048_word_64(sp_digit d1, sp_digit d0, sp_digit "AND r8, r8, r5\n\t" "SUBS r7, r7, r8\n\t" "SUBS r4, r4, #0x1\n\t" - "bpl L_div_2048_word_64_bit%=\n\t" +#if defined(__GNUC__) + "BPL L_div_2048_word_64_bit_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BPL.N L_div_2048_word_64_bit\n\t" +#else + "BPL.N L_div_2048_word_64_bit_%=\n\t" +#endif "ADD r3, r3, r3\n\t" "ADD r3, r3, #0x1\n\t" "UMULL r6, r7, r3, %[div]\n\t" @@ -7286,7 +7534,11 @@ static sp_int32 sp_2048_cmp_64(const sp_digit* a, const sp_digit* b) #ifdef WOLFSSL_SP_SMALL "MOV r6, #0xfc\n\t" "\n" - "L_sp_2048_cmp_64_words%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_cmp_64_words:\n\t" +#else + "L_sp_2048_cmp_64_words_%=:\n\t" +#endif "LDR r4, [%[a], r6]\n\t" "LDR r5, [%[b], r6]\n\t" "AND r4, r4, r3\n\t" @@ -7299,7 +7551,11 @@ static sp_int32 sp_2048_cmp_64(const sp_digit* a, const sp_digit* b) "IT ne\n\t" "movne r3, r7\n\t" "SUBS r6, r6, #0x4\n\t" - "bcs L_sp_2048_cmp_64_words%=\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "bcs L_sp_2048_cmp_64_words\n\t" +#else + "bcs L_sp_2048_cmp_64_words_%=\n\t" +#endif "EOR r2, r2, r3\n\t" #else "LDR r4, [%[a], #252]\n\t" @@ -8206,13 +8462,12 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e, XMEMSET(&r[64], 0, sizeof(sp_digit) * 64U); sp_2048_mont_reduce_64(r, m, mp); - mask = 0 - (sp_2048_cmp_64(r, m) >= 0); + mask = (sp_digit)0 - (sp_2048_cmp_64(r, m) >= 0); sp_2048_cond_sub_64(r, r, m, mask); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -8358,13 +8613,12 @@ static int sp_2048_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e, XMEMSET(&r[64], 0, sizeof(sp_digit) * 64U); sp_2048_mont_reduce_64(r, m, mp); - mask = 0 - (sp_2048_cmp_64(r, m) >= 0); + mask = (sp_digit)0 - (sp_2048_cmp_64(r, m) >= 0); sp_2048_cond_sub_64(r, r, m, mask); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -8527,8 +8781,7 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (a != NULL) - XFREE(a, NULL, DYNAMIC_TYPE_RSA); + XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -8562,7 +8815,11 @@ static sp_digit sp_2048_cond_add_32(sp_digit* r, const sp_digit* a, const sp_dig "MOV r8, #0x0\n\t" "MOV r4, #0x0\n\t" "\n" - "L_sp_2048_cond_add_32_words%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_2048_cond_add_32_words:\n\t" +#else + "L_sp_2048_cond_add_32_words_%=:\n\t" +#endif "ADDS r5, r5, #0xffffffff\n\t" "LDR r6, [%[a], r4]\n\t" "LDR r7, [%[b], r4]\n\t" @@ -8572,10 +8829,12 @@ static sp_digit sp_2048_cond_add_32(sp_digit* r, const sp_digit* a, const sp_dig "STR r6, [%[r], r4]\n\t" "ADD r4, r4, #0x4\n\t" "CMP r4, #0x80\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_2048_cond_add_32_words%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_2048_cond_add_32_words_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_2048_cond_add_32_words\n\t" #else - "BLT.N L_sp_2048_cond_add_32_words%=\n\t" + "BLT.N L_sp_2048_cond_add_32_words_%=\n\t" #endif "MOV %[r], r5\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) @@ -9562,13 +9821,12 @@ static int sp_2048_mod_exp_2_64(sp_digit* r, const sp_digit* e, int bits, XMEMSET(&r[64], 0, sizeof(sp_digit) * 64U); sp_2048_mont_reduce_64(r, m, mp); - mask = 0 - (sp_2048_cmp_64(r, m) >= 0); + mask = (sp_digit)0 - (sp_2048_cmp_64(r, m) >= 0); sp_2048_cond_sub_64(r, r, m, mask); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -12948,7 +13206,11 @@ static sp_digit sp_3072_add_96(sp_digit* r, const sp_digit* a, const sp_digit* b "MOV r3, #0x0\n\t" "ADD r12, %[a], #0x180\n\t" "\n" - "L_sp_3072_add_96_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_add_96_word:\n\t" +#else + "L_sp_3072_add_96_word_%=:\n\t" +#endif "ADDS r3, r3, #0xffffffff\n\t" "LDM %[a]!, {r4, r5, r6, r7}\n\t" "LDM %[b]!, {r8, r9, r10, r11}\n\t" @@ -12960,10 +13222,12 @@ static sp_digit sp_3072_add_96(sp_digit* r, const sp_digit* a, const sp_digit* b "MOV r4, #0x0\n\t" "ADC r3, r4, #0x0\n\t" "CMP %[a], r12\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_3072_add_96_word%=\n\t" +#if defined(__GNUC__) + "BNE L_sp_3072_add_96_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_sp_3072_add_96_word\n\t" #else - "BNE.N L_sp_3072_add_96_word%=\n\t" + "BNE.N L_sp_3072_add_96_word_%=\n\t" #endif "MOV %[r], r3\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) @@ -12995,7 +13259,11 @@ static sp_digit sp_3072_sub_in_place_96(sp_digit* a, const sp_digit* b) "MOV r10, #0x0\n\t" "ADD r11, %[a], #0x180\n\t" "\n" - "L_sp_3072_sub_in_pkace_96_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_sub_in_pkace_96_word:\n\t" +#else + "L_sp_3072_sub_in_pkace_96_word_%=:\n\t" +#endif "RSBS r10, r10, #0x0\n\t" "LDM %[a], {r2, r3, r4, r5}\n\t" "LDM %[b]!, {r6, r7, r8, r9}\n\t" @@ -13006,10 +13274,12 @@ static sp_digit sp_3072_sub_in_place_96(sp_digit* a, const sp_digit* b) "STM %[a]!, {r2, r3, r4, r5}\n\t" "SBC r10, r10, r10\n\t" "CMP %[a], r11\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_3072_sub_in_pkace_96_word%=\n\t" +#if defined(__GNUC__) + "BNE L_sp_3072_sub_in_pkace_96_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_sp_3072_sub_in_pkace_96_word\n\t" #else - "BNE.N L_sp_3072_sub_in_pkace_96_word%=\n\t" + "BNE.N L_sp_3072_sub_in_pkace_96_word_%=\n\t" #endif "MOV %[a], r10\n\t" : [a] "+r" (a), [b] "+r" (b) @@ -13049,13 +13319,21 @@ static void sp_3072_mul_96(sp_digit* r, const sp_digit* a, const sp_digit* b) "MOV r8, #0x0\n\t" "MOV r5, #0x4\n\t" "\n" - "L_sp_3072_mul_96_outer%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_mul_96_outer:\n\t" +#else + "L_sp_3072_mul_96_outer_%=:\n\t" +#endif "SUBS r3, r5, #0x17c\n\t" "IT cc\n\t" "MOVCC r3, #0x0\n\t" "SUB r4, r5, r3\n\t" "\n" - "L_sp_3072_mul_96_inner%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_mul_96_inner:\n\t" +#else + "L_sp_3072_mul_96_inner_%=:\n\t" +#endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[b], r4]\n\t" "UMULL r9, r10, lr, r11\n\t" @@ -13071,15 +13349,19 @@ static void sp_3072_mul_96(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADD r3, r3, #0x4\n\t" "SUB r4, r4, #0x4\n\t" "CMP r3, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_3072_mul_96_inner_done%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_3072_mul_96_inner_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_3072_mul_96_inner_done\n\t" #else - "BGT.N L_sp_3072_mul_96_inner_done%=\n\t" + "BGT.N L_sp_3072_mul_96_inner_done_%=\n\t" #endif -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_3072_mul_96_inner%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_3072_mul_96_inner_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_3072_mul_96_inner\n\t" #else - "BLT.N L_sp_3072_mul_96_inner%=\n\t" + "BLT.N L_sp_3072_mul_96_inner_%=\n\t" #endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[b], r3]\n\t" @@ -13088,17 +13370,23 @@ static void sp_3072_mul_96(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADCS r7, r7, r10\n\t" "ADC r8, r8, #0x0\n\t" "\n" - "L_sp_3072_mul_96_inner_done%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_mul_96_inner_done:\n\t" +#else + "L_sp_3072_mul_96_inner_done_%=:\n\t" +#endif "STR r6, [sp, r5]\n\t" "MOV r6, r7\n\t" "MOV r7, r8\n\t" "MOV r8, #0x0\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0x2f4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLE L_sp_3072_mul_96_outer%=\n\t" +#if defined(__GNUC__) + "BLE L_sp_3072_mul_96_outer_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLE.N L_sp_3072_mul_96_outer\n\t" #else - "BLE.N L_sp_3072_mul_96_outer%=\n\t" + "BLE.N L_sp_3072_mul_96_outer_%=\n\t" #endif "LDR lr, [%[a], #380]\n\t" "LDR r11, [%[b], #380]\n\t" @@ -13107,14 +13395,20 @@ static void sp_3072_mul_96(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADD r5, r5, #0x4\n\t" "STR r7, [sp, r5]\n\t" "\n" - "L_sp_3072_mul_96_store%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_mul_96_store:\n\t" +#else + "L_sp_3072_mul_96_store_%=:\n\t" +#endif "LDM sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "STM %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "SUBS r5, r5, #0x20\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_3072_mul_96_store%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_3072_mul_96_store_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_3072_mul_96_store\n\t" #else - "BGT.N L_sp_3072_mul_96_store%=\n\t" + "BGT.N L_sp_3072_mul_96_store_%=\n\t" #endif : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : @@ -13147,13 +13441,21 @@ static void sp_3072_sqr_96(sp_digit* r, const sp_digit* a) "MOV r8, #0x0\n\t" "MOV r5, #0x4\n\t" "\n" - "L_sp_3072_sqr_96_outer%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_sqr_96_outer:\n\t" +#else + "L_sp_3072_sqr_96_outer_%=:\n\t" +#endif "SUBS r3, r5, #0x17c\n\t" "IT cc\n\t" "MOVCC r3, #0x0\n\t" "SUB r4, r5, r3\n\t" "\n" - "L_sp_3072_sqr_96_inner%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_sqr_96_inner:\n\t" +#else + "L_sp_3072_sqr_96_inner_%=:\n\t" +#endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[a], r4]\n\t" "UMULL r9, r10, lr, r11\n\t" @@ -13166,15 +13468,19 @@ static void sp_3072_sqr_96(sp_digit* r, const sp_digit* a) "ADD r3, r3, #0x4\n\t" "SUB r4, r4, #0x4\n\t" "CMP r3, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_3072_sqr_96_inner_done%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_3072_sqr_96_inner_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_3072_sqr_96_inner_done\n\t" #else - "BGT.N L_sp_3072_sqr_96_inner_done%=\n\t" + "BGT.N L_sp_3072_sqr_96_inner_done_%=\n\t" #endif -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_3072_sqr_96_inner%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_3072_sqr_96_inner_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_3072_sqr_96_inner\n\t" #else - "BLT.N L_sp_3072_sqr_96_inner%=\n\t" + "BLT.N L_sp_3072_sqr_96_inner_%=\n\t" #endif "LDR lr, [%[a], r3]\n\t" "UMULL r9, r10, lr, lr\n\t" @@ -13182,17 +13488,23 @@ static void sp_3072_sqr_96(sp_digit* r, const sp_digit* a) "ADCS r7, r7, r10\n\t" "ADC r8, r8, #0x0\n\t" "\n" - "L_sp_3072_sqr_96_inner_done%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_sqr_96_inner_done:\n\t" +#else + "L_sp_3072_sqr_96_inner_done_%=:\n\t" +#endif "STR r6, [sp, r5]\n\t" "MOV r6, r7\n\t" "MOV r7, r8\n\t" "MOV r8, #0x0\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0x2f4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLE L_sp_3072_sqr_96_outer%=\n\t" +#if defined(__GNUC__) + "BLE L_sp_3072_sqr_96_outer_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLE.N L_sp_3072_sqr_96_outer\n\t" #else - "BLE.N L_sp_3072_sqr_96_outer%=\n\t" + "BLE.N L_sp_3072_sqr_96_outer_%=\n\t" #endif "LDR lr, [%[a], #380]\n\t" "UMLAL r6, r7, lr, lr\n\t" @@ -13200,14 +13512,20 @@ static void sp_3072_sqr_96(sp_digit* r, const sp_digit* a) "ADD r5, r5, #0x4\n\t" "STR r7, [sp, r5]\n\t" "\n" - "L_sp_3072_sqr_96_store%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_sqr_96_store:\n\t" +#else + "L_sp_3072_sqr_96_store_%=:\n\t" +#endif "LDM sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "STM %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "SUBS r5, r5, #0x20\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_3072_sqr_96_store%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_3072_sqr_96_store_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_3072_sqr_96_store\n\t" #else - "BGT.N L_sp_3072_sqr_96_store%=\n\t" + "BGT.N L_sp_3072_sqr_96_store_%=\n\t" #endif : [r] "+r" (r), [a] "+r" (a) : @@ -13257,7 +13575,11 @@ static sp_digit sp_3072_add_48(sp_digit* r, const sp_digit* a, const sp_digit* b "MOV r3, #0x0\n\t" "ADD r12, %[a], #0xc0\n\t" "\n" - "L_sp_3072_add_48_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_add_48_word:\n\t" +#else + "L_sp_3072_add_48_word_%=:\n\t" +#endif "ADDS r3, r3, #0xffffffff\n\t" "LDM %[a]!, {r4, r5, r6, r7}\n\t" "LDM %[b]!, {r8, r9, r10, r11}\n\t" @@ -13269,10 +13591,12 @@ static sp_digit sp_3072_add_48(sp_digit* r, const sp_digit* a, const sp_digit* b "MOV r4, #0x0\n\t" "ADC r3, r4, #0x0\n\t" "CMP %[a], r12\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_3072_add_48_word%=\n\t" +#if defined(__GNUC__) + "BNE L_sp_3072_add_48_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_sp_3072_add_48_word\n\t" #else - "BNE.N L_sp_3072_add_48_word%=\n\t" + "BNE.N L_sp_3072_add_48_word_%=\n\t" #endif "MOV %[r], r3\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) @@ -13304,7 +13628,11 @@ static sp_digit sp_3072_sub_in_place_48(sp_digit* a, const sp_digit* b) "MOV r10, #0x0\n\t" "ADD r11, %[a], #0xc0\n\t" "\n" - "L_sp_3072_sub_in_pkace_48_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_sub_in_pkace_48_word:\n\t" +#else + "L_sp_3072_sub_in_pkace_48_word_%=:\n\t" +#endif "RSBS r10, r10, #0x0\n\t" "LDM %[a], {r2, r3, r4, r5}\n\t" "LDM %[b]!, {r6, r7, r8, r9}\n\t" @@ -13315,10 +13643,12 @@ static sp_digit sp_3072_sub_in_place_48(sp_digit* a, const sp_digit* b) "STM %[a]!, {r2, r3, r4, r5}\n\t" "SBC r10, r10, r10\n\t" "CMP %[a], r11\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_3072_sub_in_pkace_48_word%=\n\t" +#if defined(__GNUC__) + "BNE L_sp_3072_sub_in_pkace_48_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_sp_3072_sub_in_pkace_48_word\n\t" #else - "BNE.N L_sp_3072_sub_in_pkace_48_word%=\n\t" + "BNE.N L_sp_3072_sub_in_pkace_48_word_%=\n\t" #endif "MOV %[a], r10\n\t" : [a] "+r" (a), [b] "+r" (b) @@ -13358,13 +13688,21 @@ static void sp_3072_mul_48(sp_digit* r, const sp_digit* a, const sp_digit* b) "MOV r8, #0x0\n\t" "MOV r5, #0x4\n\t" "\n" - "L_sp_3072_mul_48_outer%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_mul_48_outer:\n\t" +#else + "L_sp_3072_mul_48_outer_%=:\n\t" +#endif "SUBS r3, r5, #0xbc\n\t" "IT cc\n\t" "MOVCC r3, #0x0\n\t" "SUB r4, r5, r3\n\t" "\n" - "L_sp_3072_mul_48_inner%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_mul_48_inner:\n\t" +#else + "L_sp_3072_mul_48_inner_%=:\n\t" +#endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[b], r4]\n\t" "UMULL r9, r10, lr, r11\n\t" @@ -13380,15 +13718,19 @@ static void sp_3072_mul_48(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADD r3, r3, #0x4\n\t" "SUB r4, r4, #0x4\n\t" "CMP r3, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_3072_mul_48_inner_done%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_3072_mul_48_inner_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_3072_mul_48_inner_done\n\t" #else - "BGT.N L_sp_3072_mul_48_inner_done%=\n\t" + "BGT.N L_sp_3072_mul_48_inner_done_%=\n\t" #endif -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_3072_mul_48_inner%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_3072_mul_48_inner_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_3072_mul_48_inner\n\t" #else - "BLT.N L_sp_3072_mul_48_inner%=\n\t" + "BLT.N L_sp_3072_mul_48_inner_%=\n\t" #endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[b], r3]\n\t" @@ -13397,17 +13739,23 @@ static void sp_3072_mul_48(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADCS r7, r7, r10\n\t" "ADC r8, r8, #0x0\n\t" "\n" - "L_sp_3072_mul_48_inner_done%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_mul_48_inner_done:\n\t" +#else + "L_sp_3072_mul_48_inner_done_%=:\n\t" +#endif "STR r6, [sp, r5]\n\t" "MOV r6, r7\n\t" "MOV r7, r8\n\t" "MOV r8, #0x0\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0x174\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLE L_sp_3072_mul_48_outer%=\n\t" +#if defined(__GNUC__) + "BLE L_sp_3072_mul_48_outer_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLE.N L_sp_3072_mul_48_outer\n\t" #else - "BLE.N L_sp_3072_mul_48_outer%=\n\t" + "BLE.N L_sp_3072_mul_48_outer_%=\n\t" #endif "LDR lr, [%[a], #188]\n\t" "LDR r11, [%[b], #188]\n\t" @@ -13416,14 +13764,20 @@ static void sp_3072_mul_48(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADD r5, r5, #0x4\n\t" "STR r7, [sp, r5]\n\t" "\n" - "L_sp_3072_mul_48_store%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_mul_48_store:\n\t" +#else + "L_sp_3072_mul_48_store_%=:\n\t" +#endif "LDM sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "STM %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "SUBS r5, r5, #0x20\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_3072_mul_48_store%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_3072_mul_48_store_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_3072_mul_48_store\n\t" #else - "BGT.N L_sp_3072_mul_48_store%=\n\t" + "BGT.N L_sp_3072_mul_48_store_%=\n\t" #endif : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : @@ -13456,13 +13810,21 @@ static void sp_3072_sqr_48(sp_digit* r, const sp_digit* a) "MOV r8, #0x0\n\t" "MOV r5, #0x4\n\t" "\n" - "L_sp_3072_sqr_48_outer%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_sqr_48_outer:\n\t" +#else + "L_sp_3072_sqr_48_outer_%=:\n\t" +#endif "SUBS r3, r5, #0xbc\n\t" "IT cc\n\t" "MOVCC r3, #0x0\n\t" "SUB r4, r5, r3\n\t" "\n" - "L_sp_3072_sqr_48_inner%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_sqr_48_inner:\n\t" +#else + "L_sp_3072_sqr_48_inner_%=:\n\t" +#endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[a], r4]\n\t" "UMULL r9, r10, lr, r11\n\t" @@ -13475,15 +13837,19 @@ static void sp_3072_sqr_48(sp_digit* r, const sp_digit* a) "ADD r3, r3, #0x4\n\t" "SUB r4, r4, #0x4\n\t" "CMP r3, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_3072_sqr_48_inner_done%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_3072_sqr_48_inner_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_3072_sqr_48_inner_done\n\t" #else - "BGT.N L_sp_3072_sqr_48_inner_done%=\n\t" + "BGT.N L_sp_3072_sqr_48_inner_done_%=\n\t" #endif -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_3072_sqr_48_inner%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_3072_sqr_48_inner_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_3072_sqr_48_inner\n\t" #else - "BLT.N L_sp_3072_sqr_48_inner%=\n\t" + "BLT.N L_sp_3072_sqr_48_inner_%=\n\t" #endif "LDR lr, [%[a], r3]\n\t" "UMULL r9, r10, lr, lr\n\t" @@ -13491,17 +13857,23 @@ static void sp_3072_sqr_48(sp_digit* r, const sp_digit* a) "ADCS r7, r7, r10\n\t" "ADC r8, r8, #0x0\n\t" "\n" - "L_sp_3072_sqr_48_inner_done%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_sqr_48_inner_done:\n\t" +#else + "L_sp_3072_sqr_48_inner_done_%=:\n\t" +#endif "STR r6, [sp, r5]\n\t" "MOV r6, r7\n\t" "MOV r7, r8\n\t" "MOV r8, #0x0\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0x174\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLE L_sp_3072_sqr_48_outer%=\n\t" +#if defined(__GNUC__) + "BLE L_sp_3072_sqr_48_outer_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLE.N L_sp_3072_sqr_48_outer\n\t" #else - "BLE.N L_sp_3072_sqr_48_outer%=\n\t" + "BLE.N L_sp_3072_sqr_48_outer_%=\n\t" #endif "LDR lr, [%[a], #188]\n\t" "UMLAL r6, r7, lr, lr\n\t" @@ -13509,14 +13881,20 @@ static void sp_3072_sqr_48(sp_digit* r, const sp_digit* a) "ADD r5, r5, #0x4\n\t" "STR r7, [sp, r5]\n\t" "\n" - "L_sp_3072_sqr_48_store%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_sqr_48_store:\n\t" +#else + "L_sp_3072_sqr_48_store_%=:\n\t" +#endif "LDM sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "STM %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "SUBS r5, r5, #0x20\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_3072_sqr_48_store%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_3072_sqr_48_store_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_3072_sqr_48_store\n\t" #else - "BGT.N L_sp_3072_sqr_48_store%=\n\t" + "BGT.N L_sp_3072_sqr_48_store_%=\n\t" #endif : [r] "+r" (r), [a] "+r" (a) : @@ -13575,7 +13953,11 @@ static void sp_3072_mul_d_96(sp_digit* r, const sp_digit* a, sp_digit b) "MOV r5, #0x0\n\t" "MOV r9, #0x4\n\t" "\n" - "L_sp_3072_mul_d_96_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_mul_d_96_word:\n\t" +#else + "L_sp_3072_mul_d_96_word_%=:\n\t" +#endif /* A[i] * B */ "LDR r8, [%[a], r9]\n\t" "UMULL r6, r7, %[b], r8\n\t" @@ -13588,10 +13970,12 @@ static void sp_3072_mul_d_96(sp_digit* r, const sp_digit* a, sp_digit b) "MOV r5, #0x0\n\t" "ADD r9, r9, #0x4\n\t" "CMP r9, #0x180\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_3072_mul_d_96_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_3072_mul_d_96_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_3072_mul_d_96_word\n\t" #else - "BLT.N L_sp_3072_mul_d_96_word%=\n\t" + "BLT.N L_sp_3072_mul_d_96_word_%=\n\t" #endif "STR r3, [%[r], #384]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) @@ -14149,7 +14533,11 @@ static sp_digit sp_3072_cond_sub_48(sp_digit* r, const sp_digit* a, const sp_dig "MOV r4, #0x0\n\t" "MOV r5, #0x0\n\t" "\n" - "L_sp_3072_cond_sub_48_words%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_cond_sub_48_words:\n\t" +#else + "L_sp_3072_cond_sub_48_words_%=:\n\t" +#endif "SUBS r4, r8, r4\n\t" "LDR r6, [%[a], r5]\n\t" "LDR r7, [%[b], r5]\n\t" @@ -14159,10 +14547,12 @@ static sp_digit sp_3072_cond_sub_48(sp_digit* r, const sp_digit* a, const sp_dig "STR r6, [%[r], r5]\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0xc0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_3072_cond_sub_48_words%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_3072_cond_sub_48_words_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_3072_cond_sub_48_words\n\t" #else - "BLT.N L_sp_3072_cond_sub_48_words%=\n\t" + "BLT.N L_sp_3072_cond_sub_48_words_%=\n\t" #endif "MOV %[r], r4\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) @@ -14401,7 +14791,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, s "LDR r4, [%[a]]\n\t" "LDR r5, [%[a], #4]\n\t" "\n" - "L_sp_3072_mont_reduce_48_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_mont_reduce_48_word:\n\t" +#else + "L_sp_3072_mont_reduce_48_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "MUL r10, %[mp], r4\n\t" /* a[i+0] += m[0] * mu */ @@ -14791,10 +15185,12 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, s "ADD r11, r11, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r11, #0xc0\n\t" -#ifdef __GNUC__ - "BLT L_sp_3072_mont_reduce_48_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_3072_mont_reduce_48_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.W L_sp_3072_mont_reduce_48_word\n\t" #else - "BLT.W L_sp_3072_mont_reduce_48_word%=\n\t" + "BLT.W L_sp_3072_mont_reduce_48_word_%=\n\t" #endif /* Loop Done */ "STR r4, [%[a]]\n\t" @@ -14833,7 +15229,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, s /* ca = 0 */ "MOV r3, #0x0\n\t" "\n" - "L_sp_3072_mont_reduce_48_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_mont_reduce_48_word:\n\t" +#else + "L_sp_3072_mont_reduce_48_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "LDR r10, [%[a]]\n\t" "MUL r8, %[mp], r10\n\t" @@ -14841,7 +15241,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, s "MOV r12, #0x0\n\t" "MOV r4, #0x0\n\t" "\n" - "L_sp_3072_mont_reduce_48_mul%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_mont_reduce_48_mul:\n\t" +#else + "L_sp_3072_mont_reduce_48_mul_%=:\n\t" +#endif /* a[i+j+0] += m[j+0] * mu */ "LDR r7, [%[m], r12]\n\t" "LDR r10, [%[a], r12]\n\t" @@ -14883,10 +15287,12 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, s /* j += 1 */ "ADD r12, r12, #0x4\n\t" "CMP r12, #0xc0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_3072_mont_reduce_48_mul%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_3072_mont_reduce_48_mul_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_3072_mont_reduce_48_mul\n\t" #else - "BLT.N L_sp_3072_mont_reduce_48_mul%=\n\t" + "BLT.N L_sp_3072_mont_reduce_48_mul_%=\n\t" #endif "LDR r10, [%[a], #192]\n\t" "ADDS r4, r4, r3\n\t" @@ -14899,10 +15305,12 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, s "ADD r9, r9, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r9, #0xc0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_3072_mont_reduce_48_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_3072_mont_reduce_48_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_3072_mont_reduce_48_word\n\t" #else - "BLT.N L_sp_3072_mont_reduce_48_word%=\n\t" + "BLT.N L_sp_3072_mont_reduce_48_word_%=\n\t" #endif /* Loop Done */ "MOV %[mp], r3\n\t" @@ -14944,7 +15352,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, s "LDR r9, [%[a], #12]\n\t" "LDR r10, [%[a], #16]\n\t" "\n" - "L_sp_3072_mont_reduce_48_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_mont_reduce_48_word:\n\t" +#else + "L_sp_3072_mont_reduce_48_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "MUL lr, %[mp], r6\n\t" /* a[i+0] += m[0] * mu */ @@ -15191,10 +15603,12 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, s "ADD r4, r4, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r4, #0xc0\n\t" -#ifdef __GNUC__ - "BLT L_sp_3072_mont_reduce_48_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_3072_mont_reduce_48_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.W L_sp_3072_mont_reduce_48_word\n\t" #else - "BLT.W L_sp_3072_mont_reduce_48_word%=\n\t" + "BLT.W L_sp_3072_mont_reduce_48_word_%=\n\t" #endif /* Loop Done */ "STR r6, [%[a]]\n\t" @@ -15236,7 +15650,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, s /* ca = 0 */ "MOV r3, #0x0\n\t" "\n" - "L_sp_3072_mont_reduce_48_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_mont_reduce_48_word:\n\t" +#else + "L_sp_3072_mont_reduce_48_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "LDR r10, [%[a]]\n\t" "MUL r8, %[mp], r10\n\t" @@ -15244,7 +15662,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, s "MOV r12, #0x0\n\t" "MOV r4, #0x0\n\t" "\n" - "L_sp_3072_mont_reduce_48_mul%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_mont_reduce_48_mul:\n\t" +#else + "L_sp_3072_mont_reduce_48_mul_%=:\n\t" +#endif /* a[i+j+0] += m[j+0] * mu */ "LDR r7, [%[m], r12]\n\t" "LDR r10, [%[a], r12]\n\t" @@ -15274,10 +15696,12 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, s /* j += 1 */ "ADD r12, r12, #0x4\n\t" "CMP r12, #0xc0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_3072_mont_reduce_48_mul%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_3072_mont_reduce_48_mul_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_3072_mont_reduce_48_mul\n\t" #else - "BLT.N L_sp_3072_mont_reduce_48_mul%=\n\t" + "BLT.N L_sp_3072_mont_reduce_48_mul_%=\n\t" #endif "LDR r10, [%[a], #192]\n\t" "ADDS r4, r4, r3\n\t" @@ -15290,10 +15714,12 @@ SP_NOINLINE static void sp_3072_mont_reduce_48(sp_digit* a, const sp_digit* m, s "ADD r9, r9, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r9, #0xc0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_3072_mont_reduce_48_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_3072_mont_reduce_48_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_3072_mont_reduce_48_word\n\t" #else - "BLT.N L_sp_3072_mont_reduce_48_word%=\n\t" + "BLT.N L_sp_3072_mont_reduce_48_word_%=\n\t" #endif /* Loop Done */ "MOV %[mp], r3\n\t" @@ -15364,7 +15790,11 @@ static void sp_3072_mul_d_48(sp_digit* r, const sp_digit* a, sp_digit b) "MOV r5, #0x0\n\t" "MOV r9, #0x4\n\t" "\n" - "L_sp_3072_mul_d_48_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_mul_d_48_word:\n\t" +#else + "L_sp_3072_mul_d_48_word_%=:\n\t" +#endif /* A[i] * B */ "LDR r8, [%[a], r9]\n\t" "UMULL r6, r7, %[b], r8\n\t" @@ -15377,10 +15807,12 @@ static void sp_3072_mul_d_48(sp_digit* r, const sp_digit* a, sp_digit b) "MOV r5, #0x0\n\t" "ADD r9, r9, #0x4\n\t" "CMP r9, #0xc0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_3072_mul_d_48_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_3072_mul_d_48_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_3072_mul_d_48_word\n\t" #else - "BLT.N L_sp_3072_mul_d_48_word%=\n\t" + "BLT.N L_sp_3072_mul_d_48_word_%=\n\t" #endif "STR r3, [%[r], #192]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) @@ -15758,7 +16190,11 @@ SP_NOINLINE static sp_digit div_3072_word_48(sp_digit d1, sp_digit d0, sp_digit /* Next 30 bits */ "MOV r4, #0x1d\n\t" "\n" - "L_div_3072_word_48_bit%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_div_3072_word_48_bit:\n\t" +#else + "L_div_3072_word_48_bit_%=:\n\t" +#endif "LSLS r6, r6, #1\n\t" "ADC r7, r7, r7\n\t" "SUBS r8, r5, r7\n\t" @@ -15768,7 +16204,13 @@ SP_NOINLINE static sp_digit div_3072_word_48(sp_digit d1, sp_digit d0, sp_digit "AND r8, r8, r5\n\t" "SUBS r7, r7, r8\n\t" "SUBS r4, r4, #0x1\n\t" - "bpl L_div_3072_word_48_bit%=\n\t" +#if defined(__GNUC__) + "BPL L_div_3072_word_48_bit_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BPL.N L_div_3072_word_48_bit\n\t" +#else + "BPL.N L_div_3072_word_48_bit_%=\n\t" +#endif "ADD r3, r3, r3\n\t" "ADD r3, r3, #0x1\n\t" "UMULL r6, r7, r3, %[div]\n\t" @@ -15820,7 +16262,11 @@ static sp_int32 sp_3072_cmp_48(const sp_digit* a, const sp_digit* b) #ifdef WOLFSSL_SP_SMALL "MOV r6, #0xbc\n\t" "\n" - "L_sp_3072_cmp_48_words%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_cmp_48_words:\n\t" +#else + "L_sp_3072_cmp_48_words_%=:\n\t" +#endif "LDR r4, [%[a], r6]\n\t" "LDR r5, [%[b], r6]\n\t" "AND r4, r4, r3\n\t" @@ -15833,7 +16279,11 @@ static sp_int32 sp_3072_cmp_48(const sp_digit* a, const sp_digit* b) "IT ne\n\t" "movne r3, r7\n\t" "SUBS r6, r6, #0x4\n\t" - "bcs L_sp_3072_cmp_48_words%=\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "bcs L_sp_3072_cmp_48_words\n\t" +#else + "bcs L_sp_3072_cmp_48_words_%=\n\t" +#endif "EOR r2, r2, r3\n\t" #else "LDR r4, [%[a], #188]\n\t" @@ -16570,13 +17020,12 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e, XMEMSET(&r[48], 0, sizeof(sp_digit) * 48U); sp_3072_mont_reduce_48(r, m, mp); - mask = 0 - (sp_3072_cmp_48(r, m) >= 0); + mask = (sp_digit)0 - (sp_3072_cmp_48(r, m) >= 0); sp_3072_cond_sub_48(r, r, m, mask); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -16739,13 +17188,12 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e, XMEMSET(&r[48], 0, sizeof(sp_digit) * 48U); sp_3072_mont_reduce_48(r, m, mp); - mask = 0 - (sp_3072_cmp_48(r, m) >= 0); + mask = (sp_digit)0 - (sp_3072_cmp_48(r, m) >= 0); sp_3072_cond_sub_48(r, r, m, mask); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -16797,7 +17245,11 @@ static sp_digit sp_3072_cond_sub_96(sp_digit* r, const sp_digit* a, const sp_dig "MOV r4, #0x0\n\t" "MOV r5, #0x0\n\t" "\n" - "L_sp_3072_cond_sub_96_words%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_cond_sub_96_words:\n\t" +#else + "L_sp_3072_cond_sub_96_words_%=:\n\t" +#endif "SUBS r4, r8, r4\n\t" "LDR r6, [%[a], r5]\n\t" "LDR r7, [%[b], r5]\n\t" @@ -16807,10 +17259,12 @@ static sp_digit sp_3072_cond_sub_96(sp_digit* r, const sp_digit* a, const sp_dig "STR r6, [%[r], r5]\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0x180\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_3072_cond_sub_96_words%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_3072_cond_sub_96_words_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_3072_cond_sub_96_words\n\t" #else - "BLT.N L_sp_3072_cond_sub_96_words%=\n\t" + "BLT.N L_sp_3072_cond_sub_96_words_%=\n\t" #endif "MOV %[r], r4\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) @@ -17217,7 +17671,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, s "LDR r4, [%[a]]\n\t" "LDR r5, [%[a], #4]\n\t" "\n" - "L_sp_3072_mont_reduce_96_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_mont_reduce_96_word:\n\t" +#else + "L_sp_3072_mont_reduce_96_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "MUL r10, %[mp], r4\n\t" /* a[i+0] += m[0] * mu */ @@ -17991,10 +18449,12 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, s "ADD r11, r11, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r11, #0x180\n\t" -#ifdef __GNUC__ - "BLT L_sp_3072_mont_reduce_96_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_3072_mont_reduce_96_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.W L_sp_3072_mont_reduce_96_word\n\t" #else - "BLT.W L_sp_3072_mont_reduce_96_word%=\n\t" + "BLT.W L_sp_3072_mont_reduce_96_word_%=\n\t" #endif /* Loop Done */ "STR r4, [%[a]]\n\t" @@ -18033,7 +18493,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, s /* ca = 0 */ "MOV r3, #0x0\n\t" "\n" - "L_sp_3072_mont_reduce_96_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_mont_reduce_96_word:\n\t" +#else + "L_sp_3072_mont_reduce_96_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "LDR r10, [%[a]]\n\t" "MUL r8, %[mp], r10\n\t" @@ -18041,7 +18505,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, s "MOV r12, #0x0\n\t" "MOV r4, #0x0\n\t" "\n" - "L_sp_3072_mont_reduce_96_mul%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_mont_reduce_96_mul:\n\t" +#else + "L_sp_3072_mont_reduce_96_mul_%=:\n\t" +#endif /* a[i+j+0] += m[j+0] * mu */ "LDR r7, [%[m], r12]\n\t" "LDR r10, [%[a], r12]\n\t" @@ -18083,10 +18551,12 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, s /* j += 1 */ "ADD r12, r12, #0x4\n\t" "CMP r12, #0x180\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_3072_mont_reduce_96_mul%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_3072_mont_reduce_96_mul_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_3072_mont_reduce_96_mul\n\t" #else - "BLT.N L_sp_3072_mont_reduce_96_mul%=\n\t" + "BLT.N L_sp_3072_mont_reduce_96_mul_%=\n\t" #endif "LDR r10, [%[a], #384]\n\t" "ADDS r4, r4, r3\n\t" @@ -18099,10 +18569,12 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, s "ADD r9, r9, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r9, #0x180\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_3072_mont_reduce_96_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_3072_mont_reduce_96_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_3072_mont_reduce_96_word\n\t" #else - "BLT.N L_sp_3072_mont_reduce_96_word%=\n\t" + "BLT.N L_sp_3072_mont_reduce_96_word_%=\n\t" #endif /* Loop Done */ "MOV %[mp], r3\n\t" @@ -18144,7 +18616,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, s "LDR r9, [%[a], #12]\n\t" "LDR r10, [%[a], #16]\n\t" "\n" - "L_sp_3072_mont_reduce_96_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_mont_reduce_96_word:\n\t" +#else + "L_sp_3072_mont_reduce_96_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "MUL lr, %[mp], r6\n\t" /* a[i+0] += m[0] * mu */ @@ -18631,10 +19107,12 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, s "ADD r4, r4, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r4, #0x180\n\t" -#ifdef __GNUC__ - "BLT L_sp_3072_mont_reduce_96_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_3072_mont_reduce_96_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.W L_sp_3072_mont_reduce_96_word\n\t" #else - "BLT.W L_sp_3072_mont_reduce_96_word%=\n\t" + "BLT.W L_sp_3072_mont_reduce_96_word_%=\n\t" #endif /* Loop Done */ "STR r6, [%[a]]\n\t" @@ -18676,7 +19154,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, s /* ca = 0 */ "MOV r3, #0x0\n\t" "\n" - "L_sp_3072_mont_reduce_96_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_mont_reduce_96_word:\n\t" +#else + "L_sp_3072_mont_reduce_96_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "LDR r10, [%[a]]\n\t" "MUL r8, %[mp], r10\n\t" @@ -18684,7 +19166,11 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, s "MOV r12, #0x0\n\t" "MOV r4, #0x0\n\t" "\n" - "L_sp_3072_mont_reduce_96_mul%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_mont_reduce_96_mul:\n\t" +#else + "L_sp_3072_mont_reduce_96_mul_%=:\n\t" +#endif /* a[i+j+0] += m[j+0] * mu */ "LDR r7, [%[m], r12]\n\t" "LDR r10, [%[a], r12]\n\t" @@ -18714,10 +19200,12 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, s /* j += 1 */ "ADD r12, r12, #0x4\n\t" "CMP r12, #0x180\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_3072_mont_reduce_96_mul%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_3072_mont_reduce_96_mul_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_3072_mont_reduce_96_mul\n\t" #else - "BLT.N L_sp_3072_mont_reduce_96_mul%=\n\t" + "BLT.N L_sp_3072_mont_reduce_96_mul_%=\n\t" #endif "LDR r10, [%[a], #384]\n\t" "ADDS r4, r4, r3\n\t" @@ -18730,10 +19218,12 @@ SP_NOINLINE static void sp_3072_mont_reduce_96(sp_digit* a, const sp_digit* m, s "ADD r9, r9, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r9, #0x180\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_3072_mont_reduce_96_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_3072_mont_reduce_96_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_3072_mont_reduce_96_word\n\t" #else - "BLT.N L_sp_3072_mont_reduce_96_word%=\n\t" + "BLT.N L_sp_3072_mont_reduce_96_word_%=\n\t" #endif /* Loop Done */ "MOV %[mp], r3\n\t" @@ -18799,7 +19289,11 @@ static sp_digit sp_3072_sub_96(sp_digit* r, const sp_digit* a, const sp_digit* b "MOV r11, #0x0\n\t" "ADD r12, %[a], #0x180\n\t" "\n" - "L_sp_3072_sub_96_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_sub_96_word:\n\t" +#else + "L_sp_3072_sub_96_word_%=:\n\t" +#endif "RSBS r11, r11, #0x0\n\t" "LDM %[a]!, {r3, r4, r5, r6}\n\t" "LDM %[b]!, {r7, r8, r9, r10}\n\t" @@ -18810,10 +19304,12 @@ static sp_digit sp_3072_sub_96(sp_digit* r, const sp_digit* a, const sp_digit* b "STM %[r]!, {r3, r4, r5, r6}\n\t" "SBC r11, r3, r3\n\t" "CMP %[a], r12\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_3072_sub_96_word%=\n\t" +#if defined(__GNUC__) + "BNE L_sp_3072_sub_96_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_sp_3072_sub_96_word\n\t" #else - "BNE.N L_sp_3072_sub_96_word%=\n\t" + "BNE.N L_sp_3072_sub_96_word_%=\n\t" #endif "MOV %[r], r11\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) @@ -19122,7 +19618,11 @@ SP_NOINLINE static sp_digit div_3072_word_96(sp_digit d1, sp_digit d0, sp_digit /* Next 30 bits */ "MOV r4, #0x1d\n\t" "\n" - "L_div_3072_word_96_bit%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_div_3072_word_96_bit:\n\t" +#else + "L_div_3072_word_96_bit_%=:\n\t" +#endif "LSLS r6, r6, #1\n\t" "ADC r7, r7, r7\n\t" "SUBS r8, r5, r7\n\t" @@ -19132,7 +19632,13 @@ SP_NOINLINE static sp_digit div_3072_word_96(sp_digit d1, sp_digit d0, sp_digit "AND r8, r8, r5\n\t" "SUBS r7, r7, r8\n\t" "SUBS r4, r4, #0x1\n\t" - "bpl L_div_3072_word_96_bit%=\n\t" +#if defined(__GNUC__) + "BPL L_div_3072_word_96_bit_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BPL.N L_div_3072_word_96_bit\n\t" +#else + "BPL.N L_div_3072_word_96_bit_%=\n\t" +#endif "ADD r3, r3, r3\n\t" "ADD r3, r3, #0x1\n\t" "UMULL r6, r7, r3, %[div]\n\t" @@ -19287,7 +19793,11 @@ static sp_int32 sp_3072_cmp_96(const sp_digit* a, const sp_digit* b) #ifdef WOLFSSL_SP_SMALL "MOV r6, #0x17c\n\t" "\n" - "L_sp_3072_cmp_96_words%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_cmp_96_words:\n\t" +#else + "L_sp_3072_cmp_96_words_%=:\n\t" +#endif "LDR r4, [%[a], r6]\n\t" "LDR r5, [%[b], r6]\n\t" "AND r4, r4, r3\n\t" @@ -19300,7 +19810,11 @@ static sp_int32 sp_3072_cmp_96(const sp_digit* a, const sp_digit* b) "IT ne\n\t" "movne r3, r7\n\t" "SUBS r6, r6, #0x4\n\t" - "bcs L_sp_3072_cmp_96_words%=\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "bcs L_sp_3072_cmp_96_words\n\t" +#else + "bcs L_sp_3072_cmp_96_words_%=\n\t" +#endif "EOR r2, r2, r3\n\t" #else "LDR r4, [%[a], #380]\n\t" @@ -20559,13 +21073,12 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e, XMEMSET(&r[96], 0, sizeof(sp_digit) * 96U); sp_3072_mont_reduce_96(r, m, mp); - mask = 0 - (sp_3072_cmp_96(r, m) >= 0); + mask = (sp_digit)0 - (sp_3072_cmp_96(r, m) >= 0); sp_3072_cond_sub_96(r, r, m, mask); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -20711,13 +21224,12 @@ static int sp_3072_mod_exp_96(sp_digit* r, const sp_digit* a, const sp_digit* e, XMEMSET(&r[96], 0, sizeof(sp_digit) * 96U); sp_3072_mont_reduce_96(r, m, mp); - mask = 0 - (sp_3072_cmp_96(r, m) >= 0); + mask = (sp_digit)0 - (sp_3072_cmp_96(r, m) >= 0); sp_3072_cond_sub_96(r, r, m, mask); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -20880,8 +21392,7 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (a != NULL) - XFREE(a, NULL, DYNAMIC_TYPE_RSA); + XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -20915,7 +21426,11 @@ static sp_digit sp_3072_cond_add_48(sp_digit* r, const sp_digit* a, const sp_dig "MOV r8, #0x0\n\t" "MOV r4, #0x0\n\t" "\n" - "L_sp_3072_cond_add_48_words%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_3072_cond_add_48_words:\n\t" +#else + "L_sp_3072_cond_add_48_words_%=:\n\t" +#endif "ADDS r5, r5, #0xffffffff\n\t" "LDR r6, [%[a], r4]\n\t" "LDR r7, [%[b], r4]\n\t" @@ -20925,10 +21440,12 @@ static sp_digit sp_3072_cond_add_48(sp_digit* r, const sp_digit* a, const sp_dig "STR r6, [%[r], r4]\n\t" "ADD r4, r4, #0x4\n\t" "CMP r4, #0xc0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_3072_cond_add_48_words%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_3072_cond_add_48_words_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_3072_cond_add_48_words\n\t" #else - "BLT.N L_sp_3072_cond_add_48_words%=\n\t" + "BLT.N L_sp_3072_cond_add_48_words_%=\n\t" #endif "MOV %[r], r5\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) @@ -22163,13 +22680,12 @@ static int sp_3072_mod_exp_2_96(sp_digit* r, const sp_digit* e, int bits, XMEMSET(&r[96], 0, sizeof(sp_digit) * 96U); sp_3072_mont_reduce_96(r, m, mp); - mask = 0 - (sp_3072_cmp_96(r, m) >= 0); + mask = (sp_digit)0 - (sp_3072_cmp_96(r, m) >= 0); sp_3072_cond_sub_96(r, r, m, mask); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -23059,7 +23575,11 @@ static sp_digit sp_4096_add_128(sp_digit* r, const sp_digit* a, const sp_digit* "MOV r3, #0x0\n\t" "ADD r12, %[a], #0x200\n\t" "\n" - "L_sp_4096_add_128_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_4096_add_128_word:\n\t" +#else + "L_sp_4096_add_128_word_%=:\n\t" +#endif "ADDS r3, r3, #0xffffffff\n\t" "LDM %[a]!, {r4, r5, r6, r7}\n\t" "LDM %[b]!, {r8, r9, r10, r11}\n\t" @@ -23071,10 +23591,12 @@ static sp_digit sp_4096_add_128(sp_digit* r, const sp_digit* a, const sp_digit* "MOV r4, #0x0\n\t" "ADC r3, r4, #0x0\n\t" "CMP %[a], r12\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_4096_add_128_word%=\n\t" +#if defined(__GNUC__) + "BNE L_sp_4096_add_128_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_sp_4096_add_128_word\n\t" #else - "BNE.N L_sp_4096_add_128_word%=\n\t" + "BNE.N L_sp_4096_add_128_word_%=\n\t" #endif "MOV %[r], r3\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) @@ -23106,7 +23628,11 @@ static sp_digit sp_4096_sub_in_place_128(sp_digit* a, const sp_digit* b) "MOV r10, #0x0\n\t" "ADD r11, %[a], #0x200\n\t" "\n" - "L_sp_4096_sub_in_pkace_128_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_4096_sub_in_pkace_128_word:\n\t" +#else + "L_sp_4096_sub_in_pkace_128_word_%=:\n\t" +#endif "RSBS r10, r10, #0x0\n\t" "LDM %[a], {r2, r3, r4, r5}\n\t" "LDM %[b]!, {r6, r7, r8, r9}\n\t" @@ -23117,10 +23643,12 @@ static sp_digit sp_4096_sub_in_place_128(sp_digit* a, const sp_digit* b) "STM %[a]!, {r2, r3, r4, r5}\n\t" "SBC r10, r10, r10\n\t" "CMP %[a], r11\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_4096_sub_in_pkace_128_word%=\n\t" +#if defined(__GNUC__) + "BNE L_sp_4096_sub_in_pkace_128_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_sp_4096_sub_in_pkace_128_word\n\t" #else - "BNE.N L_sp_4096_sub_in_pkace_128_word%=\n\t" + "BNE.N L_sp_4096_sub_in_pkace_128_word_%=\n\t" #endif "MOV %[a], r10\n\t" : [a] "+r" (a), [b] "+r" (b) @@ -23160,13 +23688,21 @@ static void sp_4096_mul_128(sp_digit* r, const sp_digit* a, const sp_digit* b) "MOV r8, #0x0\n\t" "MOV r5, #0x4\n\t" "\n" - "L_sp_4096_mul_128_outer%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_4096_mul_128_outer:\n\t" +#else + "L_sp_4096_mul_128_outer_%=:\n\t" +#endif "SUBS r3, r5, #0x1fc\n\t" "IT cc\n\t" "MOVCC r3, #0x0\n\t" "SUB r4, r5, r3\n\t" "\n" - "L_sp_4096_mul_128_inner%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_4096_mul_128_inner:\n\t" +#else + "L_sp_4096_mul_128_inner_%=:\n\t" +#endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[b], r4]\n\t" "UMULL r9, r10, lr, r11\n\t" @@ -23182,15 +23718,19 @@ static void sp_4096_mul_128(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADD r3, r3, #0x4\n\t" "SUB r4, r4, #0x4\n\t" "CMP r3, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_4096_mul_128_inner_done%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_4096_mul_128_inner_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_4096_mul_128_inner_done\n\t" #else - "BGT.N L_sp_4096_mul_128_inner_done%=\n\t" + "BGT.N L_sp_4096_mul_128_inner_done_%=\n\t" #endif -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_4096_mul_128_inner%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_4096_mul_128_inner_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_4096_mul_128_inner\n\t" #else - "BLT.N L_sp_4096_mul_128_inner%=\n\t" + "BLT.N L_sp_4096_mul_128_inner_%=\n\t" #endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[b], r3]\n\t" @@ -23199,17 +23739,23 @@ static void sp_4096_mul_128(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADCS r7, r7, r10\n\t" "ADC r8, r8, #0x0\n\t" "\n" - "L_sp_4096_mul_128_inner_done%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_4096_mul_128_inner_done:\n\t" +#else + "L_sp_4096_mul_128_inner_done_%=:\n\t" +#endif "STR r6, [sp, r5]\n\t" "MOV r6, r7\n\t" "MOV r7, r8\n\t" "MOV r8, #0x0\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0x3f4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLE L_sp_4096_mul_128_outer%=\n\t" +#if defined(__GNUC__) + "BLE L_sp_4096_mul_128_outer_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLE.N L_sp_4096_mul_128_outer\n\t" #else - "BLE.N L_sp_4096_mul_128_outer%=\n\t" + "BLE.N L_sp_4096_mul_128_outer_%=\n\t" #endif "LDR lr, [%[a], #508]\n\t" "LDR r11, [%[b], #508]\n\t" @@ -23218,14 +23764,20 @@ static void sp_4096_mul_128(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADD r5, r5, #0x4\n\t" "STR r7, [sp, r5]\n\t" "\n" - "L_sp_4096_mul_128_store%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_4096_mul_128_store:\n\t" +#else + "L_sp_4096_mul_128_store_%=:\n\t" +#endif "LDM sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "STM %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "SUBS r5, r5, #0x20\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_4096_mul_128_store%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_4096_mul_128_store_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_4096_mul_128_store\n\t" #else - "BGT.N L_sp_4096_mul_128_store%=\n\t" + "BGT.N L_sp_4096_mul_128_store_%=\n\t" #endif : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : @@ -23258,13 +23810,21 @@ static void sp_4096_sqr_128(sp_digit* r, const sp_digit* a) "MOV r8, #0x0\n\t" "MOV r5, #0x4\n\t" "\n" - "L_sp_4096_sqr_128_outer%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_4096_sqr_128_outer:\n\t" +#else + "L_sp_4096_sqr_128_outer_%=:\n\t" +#endif "SUBS r3, r5, #0x1fc\n\t" "IT cc\n\t" "MOVCC r3, #0x0\n\t" "SUB r4, r5, r3\n\t" "\n" - "L_sp_4096_sqr_128_inner%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_4096_sqr_128_inner:\n\t" +#else + "L_sp_4096_sqr_128_inner_%=:\n\t" +#endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[a], r4]\n\t" "UMULL r9, r10, lr, r11\n\t" @@ -23277,15 +23837,19 @@ static void sp_4096_sqr_128(sp_digit* r, const sp_digit* a) "ADD r3, r3, #0x4\n\t" "SUB r4, r4, #0x4\n\t" "CMP r3, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_4096_sqr_128_inner_done%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_4096_sqr_128_inner_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_4096_sqr_128_inner_done\n\t" #else - "BGT.N L_sp_4096_sqr_128_inner_done%=\n\t" + "BGT.N L_sp_4096_sqr_128_inner_done_%=\n\t" #endif -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_4096_sqr_128_inner%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_4096_sqr_128_inner_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_4096_sqr_128_inner\n\t" #else - "BLT.N L_sp_4096_sqr_128_inner%=\n\t" + "BLT.N L_sp_4096_sqr_128_inner_%=\n\t" #endif "LDR lr, [%[a], r3]\n\t" "UMULL r9, r10, lr, lr\n\t" @@ -23293,17 +23857,23 @@ static void sp_4096_sqr_128(sp_digit* r, const sp_digit* a) "ADCS r7, r7, r10\n\t" "ADC r8, r8, #0x0\n\t" "\n" - "L_sp_4096_sqr_128_inner_done%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_4096_sqr_128_inner_done:\n\t" +#else + "L_sp_4096_sqr_128_inner_done_%=:\n\t" +#endif "STR r6, [sp, r5]\n\t" "MOV r6, r7\n\t" "MOV r7, r8\n\t" "MOV r8, #0x0\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0x3f4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLE L_sp_4096_sqr_128_outer%=\n\t" +#if defined(__GNUC__) + "BLE L_sp_4096_sqr_128_outer_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLE.N L_sp_4096_sqr_128_outer\n\t" #else - "BLE.N L_sp_4096_sqr_128_outer%=\n\t" + "BLE.N L_sp_4096_sqr_128_outer_%=\n\t" #endif "LDR lr, [%[a], #508]\n\t" "UMLAL r6, r7, lr, lr\n\t" @@ -23311,14 +23881,20 @@ static void sp_4096_sqr_128(sp_digit* r, const sp_digit* a) "ADD r5, r5, #0x4\n\t" "STR r7, [sp, r5]\n\t" "\n" - "L_sp_4096_sqr_128_store%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_4096_sqr_128_store:\n\t" +#else + "L_sp_4096_sqr_128_store_%=:\n\t" +#endif "LDM sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "STM %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "SUBS r5, r5, #0x20\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_4096_sqr_128_store%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_4096_sqr_128_store_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_4096_sqr_128_store\n\t" #else - "BGT.N L_sp_4096_sqr_128_store%=\n\t" + "BGT.N L_sp_4096_sqr_128_store_%=\n\t" #endif : [r] "+r" (r), [a] "+r" (a) : @@ -23375,7 +23951,11 @@ static void sp_4096_mul_d_128(sp_digit* r, const sp_digit* a, sp_digit b) "MOV r5, #0x0\n\t" "MOV r9, #0x4\n\t" "\n" - "L_sp_4096_mul_d_128_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_4096_mul_d_128_word:\n\t" +#else + "L_sp_4096_mul_d_128_word_%=:\n\t" +#endif /* A[i] * B */ "LDR r8, [%[a], r9]\n\t" "UMULL r6, r7, %[b], r8\n\t" @@ -23388,10 +23968,12 @@ static void sp_4096_mul_d_128(sp_digit* r, const sp_digit* a, sp_digit b) "MOV r5, #0x0\n\t" "ADD r9, r9, #0x4\n\t" "CMP r9, #0x200\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_4096_mul_d_128_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_4096_mul_d_128_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_4096_mul_d_128_word\n\t" #else - "BLT.N L_sp_4096_mul_d_128_word%=\n\t" + "BLT.N L_sp_4096_mul_d_128_word_%=\n\t" #endif "STR r3, [%[r], #512]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) @@ -24110,7 +24692,11 @@ static sp_digit sp_4096_cond_sub_128(sp_digit* r, const sp_digit* a, const sp_di "MOV r4, #0x0\n\t" "MOV r5, #0x0\n\t" "\n" - "L_sp_4096_cond_sub_128_words%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_4096_cond_sub_128_words:\n\t" +#else + "L_sp_4096_cond_sub_128_words_%=:\n\t" +#endif "SUBS r4, r8, r4\n\t" "LDR r6, [%[a], r5]\n\t" "LDR r7, [%[b], r5]\n\t" @@ -24120,10 +24706,12 @@ static sp_digit sp_4096_cond_sub_128(sp_digit* r, const sp_digit* a, const sp_di "STR r6, [%[r], r5]\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0x200\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_4096_cond_sub_128_words%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_4096_cond_sub_128_words_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_4096_cond_sub_128_words\n\t" #else - "BLT.N L_sp_4096_cond_sub_128_words%=\n\t" + "BLT.N L_sp_4096_cond_sub_128_words_%=\n\t" #endif "MOV %[r], r4\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) @@ -24642,7 +25230,11 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, "LDR r4, [%[a]]\n\t" "LDR r5, [%[a], #4]\n\t" "\n" - "L_sp_4096_mont_reduce_128_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_4096_mont_reduce_128_word:\n\t" +#else + "L_sp_4096_mont_reduce_128_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "MUL r10, %[mp], r4\n\t" /* a[i+0] += m[0] * mu */ @@ -25672,10 +26264,12 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, "ADD r11, r11, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r11, #0x200\n\t" -#ifdef __GNUC__ - "BLT L_sp_4096_mont_reduce_128_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_4096_mont_reduce_128_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.W L_sp_4096_mont_reduce_128_word\n\t" #else - "BLT.W L_sp_4096_mont_reduce_128_word%=\n\t" + "BLT.W L_sp_4096_mont_reduce_128_word_%=\n\t" #endif /* Loop Done */ "STR r4, [%[a]]\n\t" @@ -25714,7 +26308,11 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, /* ca = 0 */ "MOV r3, #0x0\n\t" "\n" - "L_sp_4096_mont_reduce_128_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_4096_mont_reduce_128_word:\n\t" +#else + "L_sp_4096_mont_reduce_128_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "LDR r10, [%[a]]\n\t" "MUL r8, %[mp], r10\n\t" @@ -25722,7 +26320,11 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, "MOV r12, #0x0\n\t" "MOV r4, #0x0\n\t" "\n" - "L_sp_4096_mont_reduce_128_mul%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_4096_mont_reduce_128_mul:\n\t" +#else + "L_sp_4096_mont_reduce_128_mul_%=:\n\t" +#endif /* a[i+j+0] += m[j+0] * mu */ "LDR r7, [%[m], r12]\n\t" "LDR r10, [%[a], r12]\n\t" @@ -25764,10 +26366,12 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, /* j += 1 */ "ADD r12, r12, #0x4\n\t" "CMP r12, #0x200\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_4096_mont_reduce_128_mul%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_4096_mont_reduce_128_mul_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_4096_mont_reduce_128_mul\n\t" #else - "BLT.N L_sp_4096_mont_reduce_128_mul%=\n\t" + "BLT.N L_sp_4096_mont_reduce_128_mul_%=\n\t" #endif "LDR r10, [%[a], #512]\n\t" "ADDS r4, r4, r3\n\t" @@ -25780,10 +26384,12 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, "ADD r9, r9, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r9, #0x200\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_4096_mont_reduce_128_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_4096_mont_reduce_128_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_4096_mont_reduce_128_word\n\t" #else - "BLT.N L_sp_4096_mont_reduce_128_word%=\n\t" + "BLT.N L_sp_4096_mont_reduce_128_word_%=\n\t" #endif /* Loop Done */ "MOV %[mp], r3\n\t" @@ -25825,7 +26431,11 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, "LDR r9, [%[a], #12]\n\t" "LDR r10, [%[a], #16]\n\t" "\n" - "L_sp_4096_mont_reduce_128_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_4096_mont_reduce_128_word:\n\t" +#else + "L_sp_4096_mont_reduce_128_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "MUL lr, %[mp], r6\n\t" /* a[i+0] += m[0] * mu */ @@ -26472,10 +27082,12 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, "ADD r4, r4, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r4, #0x200\n\t" -#ifdef __GNUC__ - "BLT L_sp_4096_mont_reduce_128_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_4096_mont_reduce_128_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.W L_sp_4096_mont_reduce_128_word\n\t" #else - "BLT.W L_sp_4096_mont_reduce_128_word%=\n\t" + "BLT.W L_sp_4096_mont_reduce_128_word_%=\n\t" #endif /* Loop Done */ "STR r6, [%[a]]\n\t" @@ -26517,7 +27129,11 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, /* ca = 0 */ "MOV r3, #0x0\n\t" "\n" - "L_sp_4096_mont_reduce_128_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_4096_mont_reduce_128_word:\n\t" +#else + "L_sp_4096_mont_reduce_128_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "LDR r10, [%[a]]\n\t" "MUL r8, %[mp], r10\n\t" @@ -26525,7 +27141,11 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, "MOV r12, #0x0\n\t" "MOV r4, #0x0\n\t" "\n" - "L_sp_4096_mont_reduce_128_mul%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_4096_mont_reduce_128_mul:\n\t" +#else + "L_sp_4096_mont_reduce_128_mul_%=:\n\t" +#endif /* a[i+j+0] += m[j+0] * mu */ "LDR r7, [%[m], r12]\n\t" "LDR r10, [%[a], r12]\n\t" @@ -26555,10 +27175,12 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, /* j += 1 */ "ADD r12, r12, #0x4\n\t" "CMP r12, #0x200\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_4096_mont_reduce_128_mul%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_4096_mont_reduce_128_mul_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_4096_mont_reduce_128_mul\n\t" #else - "BLT.N L_sp_4096_mont_reduce_128_mul%=\n\t" + "BLT.N L_sp_4096_mont_reduce_128_mul_%=\n\t" #endif "LDR r10, [%[a], #512]\n\t" "ADDS r4, r4, r3\n\t" @@ -26571,10 +27193,12 @@ SP_NOINLINE static void sp_4096_mont_reduce_128(sp_digit* a, const sp_digit* m, "ADD r9, r9, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r9, #0x200\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_4096_mont_reduce_128_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_4096_mont_reduce_128_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_4096_mont_reduce_128_word\n\t" #else - "BLT.N L_sp_4096_mont_reduce_128_word%=\n\t" + "BLT.N L_sp_4096_mont_reduce_128_word_%=\n\t" #endif /* Loop Done */ "MOV %[mp], r3\n\t" @@ -26640,7 +27264,11 @@ static sp_digit sp_4096_sub_128(sp_digit* r, const sp_digit* a, const sp_digit* "MOV r11, #0x0\n\t" "ADD r12, %[a], #0x200\n\t" "\n" - "L_sp_4096_sub_128_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_4096_sub_128_word:\n\t" +#else + "L_sp_4096_sub_128_word_%=:\n\t" +#endif "RSBS r11, r11, #0x0\n\t" "LDM %[a]!, {r3, r4, r5, r6}\n\t" "LDM %[b]!, {r7, r8, r9, r10}\n\t" @@ -26651,10 +27279,12 @@ static sp_digit sp_4096_sub_128(sp_digit* r, const sp_digit* a, const sp_digit* "STM %[r]!, {r3, r4, r5, r6}\n\t" "SBC r11, r3, r3\n\t" "CMP %[a], r12\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_4096_sub_128_word%=\n\t" +#if defined(__GNUC__) + "BNE L_sp_4096_sub_128_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_sp_4096_sub_128_word\n\t" #else - "BNE.N L_sp_4096_sub_128_word%=\n\t" + "BNE.N L_sp_4096_sub_128_word_%=\n\t" #endif "MOV %[r], r11\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) @@ -27019,7 +27649,11 @@ SP_NOINLINE static sp_digit div_4096_word_128(sp_digit d1, sp_digit d0, sp_digit /* Next 30 bits */ "MOV r4, #0x1d\n\t" "\n" - "L_div_4096_word_128_bit%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_div_4096_word_128_bit:\n\t" +#else + "L_div_4096_word_128_bit_%=:\n\t" +#endif "LSLS r6, r6, #1\n\t" "ADC r7, r7, r7\n\t" "SUBS r8, r5, r7\n\t" @@ -27029,7 +27663,13 @@ SP_NOINLINE static sp_digit div_4096_word_128(sp_digit d1, sp_digit d0, sp_digit "AND r8, r8, r5\n\t" "SUBS r7, r7, r8\n\t" "SUBS r4, r4, #0x1\n\t" - "bpl L_div_4096_word_128_bit%=\n\t" +#if defined(__GNUC__) + "BPL L_div_4096_word_128_bit_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BPL.N L_div_4096_word_128_bit\n\t" +#else + "BPL.N L_div_4096_word_128_bit_%=\n\t" +#endif "ADD r3, r3, r3\n\t" "ADD r3, r3, #0x1\n\t" "UMULL r6, r7, r3, %[div]\n\t" @@ -27184,7 +27824,11 @@ static sp_int32 sp_4096_cmp_128(const sp_digit* a, const sp_digit* b) #ifdef WOLFSSL_SP_SMALL "MOV r6, #0x1fc\n\t" "\n" - "L_sp_4096_cmp_128_words%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_4096_cmp_128_words:\n\t" +#else + "L_sp_4096_cmp_128_words_%=:\n\t" +#endif "LDR r4, [%[a], r6]\n\t" "LDR r5, [%[b], r6]\n\t" "AND r4, r4, r3\n\t" @@ -27197,7 +27841,11 @@ static sp_int32 sp_4096_cmp_128(const sp_digit* a, const sp_digit* b) "IT ne\n\t" "movne r3, r7\n\t" "SUBS r6, r6, #0x4\n\t" - "bcs L_sp_4096_cmp_128_words%=\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "bcs L_sp_4096_cmp_128_words\n\t" +#else + "bcs L_sp_4096_cmp_128_words_%=\n\t" +#endif "EOR r2, r2, r3\n\t" #else "LDR r4, [%[a], #508]\n\t" @@ -28808,13 +29456,12 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e XMEMSET(&r[128], 0, sizeof(sp_digit) * 128U); sp_4096_mont_reduce_128(r, m, mp); - mask = 0 - (sp_4096_cmp_128(r, m) >= 0); + mask = (sp_digit)0 - (sp_4096_cmp_128(r, m) >= 0); sp_4096_cond_sub_128(r, r, m, mask); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -28960,13 +29607,12 @@ static int sp_4096_mod_exp_128(sp_digit* r, const sp_digit* a, const sp_digit* e XMEMSET(&r[128], 0, sizeof(sp_digit) * 128U); sp_4096_mont_reduce_128(r, m, mp); - mask = 0 - (sp_4096_cmp_128(r, m) >= 0); + mask = (sp_digit)0 - (sp_4096_cmp_128(r, m) >= 0); sp_4096_cond_sub_128(r, r, m, mask); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -29129,8 +29775,7 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (a != NULL) - XFREE(a, NULL, DYNAMIC_TYPE_RSA); + XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -29164,7 +29809,11 @@ static sp_digit sp_4096_cond_add_64(sp_digit* r, const sp_digit* a, const sp_dig "MOV r8, #0x0\n\t" "MOV r4, #0x0\n\t" "\n" - "L_sp_4096_cond_add_64_words%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_4096_cond_add_64_words:\n\t" +#else + "L_sp_4096_cond_add_64_words_%=:\n\t" +#endif "ADDS r5, r5, #0xffffffff\n\t" "LDR r6, [%[a], r4]\n\t" "LDR r7, [%[b], r4]\n\t" @@ -29174,10 +29823,12 @@ static sp_digit sp_4096_cond_add_64(sp_digit* r, const sp_digit* a, const sp_dig "STR r6, [%[r], r4]\n\t" "ADD r4, r4, #0x4\n\t" "CMP r4, #0x100\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_4096_cond_add_64_words%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_4096_cond_add_64_words_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_4096_cond_add_64_words\n\t" #else - "BLT.N L_sp_4096_cond_add_64_words%=\n\t" + "BLT.N L_sp_4096_cond_add_64_words_%=\n\t" #endif "MOV %[r], r5\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) @@ -30660,13 +31311,12 @@ static int sp_4096_mod_exp_2_128(sp_digit* r, const sp_digit* e, int bits, XMEMSET(&r[128], 0, sizeof(sp_digit) * 128U); sp_4096_mont_reduce_128(r, m, mp); - mask = 0 - (sp_4096_cmp_128(r, m) >= 0); + mask = (sp_digit)0 - (sp_4096_cmp_128(r, m) >= 0); sp_4096_cond_sub_128(r, r, m, mask); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -30857,13 +31507,21 @@ static void sp_256_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b) "MOV r8, #0x0\n\t" "MOV r5, #0x4\n\t" "\n" - "L_sp_256_mul_8_outer%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_256_mul_8_outer:\n\t" +#else + "L_sp_256_mul_8_outer_%=:\n\t" +#endif "SUBS r3, r5, #0x1c\n\t" "IT cc\n\t" "MOVCC r3, #0x0\n\t" "SUB r4, r5, r3\n\t" "\n" - "L_sp_256_mul_8_inner%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_256_mul_8_inner:\n\t" +#else + "L_sp_256_mul_8_inner_%=:\n\t" +#endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[b], r4]\n\t" "UMULL r9, r10, lr, r11\n\t" @@ -30879,15 +31537,19 @@ static void sp_256_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADD r3, r3, #0x4\n\t" "SUB r4, r4, #0x4\n\t" "CMP r3, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_256_mul_8_inner_done%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_256_mul_8_inner_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_256_mul_8_inner_done\n\t" #else - "BGT.N L_sp_256_mul_8_inner_done%=\n\t" + "BGT.N L_sp_256_mul_8_inner_done_%=\n\t" #endif -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_256_mul_8_inner%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_256_mul_8_inner_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_256_mul_8_inner\n\t" #else - "BLT.N L_sp_256_mul_8_inner%=\n\t" + "BLT.N L_sp_256_mul_8_inner_%=\n\t" #endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[b], r3]\n\t" @@ -30896,17 +31558,23 @@ static void sp_256_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADCS r7, r7, r10\n\t" "ADC r8, r8, #0x0\n\t" "\n" - "L_sp_256_mul_8_inner_done%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_256_mul_8_inner_done:\n\t" +#else + "L_sp_256_mul_8_inner_done_%=:\n\t" +#endif "STR r6, [sp, r5]\n\t" "MOV r6, r7\n\t" "MOV r7, r8\n\t" "MOV r8, #0x0\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0x34\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLE L_sp_256_mul_8_outer%=\n\t" +#if defined(__GNUC__) + "BLE L_sp_256_mul_8_outer_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLE.N L_sp_256_mul_8_outer\n\t" #else - "BLE.N L_sp_256_mul_8_outer%=\n\t" + "BLE.N L_sp_256_mul_8_outer_%=\n\t" #endif "LDR lr, [%[a], #28]\n\t" "LDR r11, [%[b], #28]\n\t" @@ -30915,14 +31583,20 @@ static void sp_256_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADD r5, r5, #0x4\n\t" "STR r7, [sp, r5]\n\t" "\n" - "L_sp_256_mul_8_store%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_256_mul_8_store:\n\t" +#else + "L_sp_256_mul_8_store_%=:\n\t" +#endif "LDM sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "STM %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "SUBS r5, r5, #0x20\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_256_mul_8_store%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_256_mul_8_store_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_256_mul_8_store\n\t" #else - "BGT.N L_sp_256_mul_8_store%=\n\t" + "BGT.N L_sp_256_mul_8_store_%=\n\t" #endif : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : @@ -30931,7 +31605,7 @@ static void sp_256_mul_8(sp_digit* r, const sp_digit* a, const sp_digit* b) } #else -#ifdef WOLFSSL_SP_NO_UMAAL +#ifdef WOLFSSL_ARM_ARCH_7M /* Multiply a and b into r. (r = a * b) * * r A single precision integer. @@ -31427,7 +32101,7 @@ SP_NOINLINE static void sp_256_mul_8(sp_digit* r, const sp_digit* a, const sp_di ); } -#endif /* WOLFSSL_SP_NO_UMAAL */ +#endif /* WOLFSSL_ARM_ARCH_7M */ #endif /* WOLFSSL_SP_SMALL */ #ifdef WOLFSSL_SP_SMALL /* Square a and put result in r. (r = a * a) @@ -31455,13 +32129,21 @@ static void sp_256_sqr_8(sp_digit* r, const sp_digit* a) "MOV r8, #0x0\n\t" "MOV r5, #0x4\n\t" "\n" - "L_sp_256_sqr_8_outer%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_256_sqr_8_outer:\n\t" +#else + "L_sp_256_sqr_8_outer_%=:\n\t" +#endif "SUBS r3, r5, #0x1c\n\t" "IT cc\n\t" "MOVCC r3, #0x0\n\t" "SUB r4, r5, r3\n\t" "\n" - "L_sp_256_sqr_8_inner%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_256_sqr_8_inner:\n\t" +#else + "L_sp_256_sqr_8_inner_%=:\n\t" +#endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[a], r4]\n\t" "UMULL r9, r10, lr, r11\n\t" @@ -31474,15 +32156,19 @@ static void sp_256_sqr_8(sp_digit* r, const sp_digit* a) "ADD r3, r3, #0x4\n\t" "SUB r4, r4, #0x4\n\t" "CMP r3, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_256_sqr_8_inner_done%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_256_sqr_8_inner_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_256_sqr_8_inner_done\n\t" #else - "BGT.N L_sp_256_sqr_8_inner_done%=\n\t" + "BGT.N L_sp_256_sqr_8_inner_done_%=\n\t" #endif -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_256_sqr_8_inner%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_256_sqr_8_inner_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_256_sqr_8_inner\n\t" #else - "BLT.N L_sp_256_sqr_8_inner%=\n\t" + "BLT.N L_sp_256_sqr_8_inner_%=\n\t" #endif "LDR lr, [%[a], r3]\n\t" "UMULL r9, r10, lr, lr\n\t" @@ -31490,17 +32176,23 @@ static void sp_256_sqr_8(sp_digit* r, const sp_digit* a) "ADCS r7, r7, r10\n\t" "ADC r8, r8, #0x0\n\t" "\n" - "L_sp_256_sqr_8_inner_done%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_256_sqr_8_inner_done:\n\t" +#else + "L_sp_256_sqr_8_inner_done_%=:\n\t" +#endif "STR r6, [sp, r5]\n\t" "MOV r6, r7\n\t" "MOV r7, r8\n\t" "MOV r8, #0x0\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0x34\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLE L_sp_256_sqr_8_outer%=\n\t" +#if defined(__GNUC__) + "BLE L_sp_256_sqr_8_outer_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLE.N L_sp_256_sqr_8_outer\n\t" #else - "BLE.N L_sp_256_sqr_8_outer%=\n\t" + "BLE.N L_sp_256_sqr_8_outer_%=\n\t" #endif "LDR lr, [%[a], #28]\n\t" "UMLAL r6, r7, lr, lr\n\t" @@ -31508,14 +32200,20 @@ static void sp_256_sqr_8(sp_digit* r, const sp_digit* a) "ADD r5, r5, #0x4\n\t" "STR r7, [sp, r5]\n\t" "\n" - "L_sp_256_sqr_8_store%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_256_sqr_8_store:\n\t" +#else + "L_sp_256_sqr_8_store_%=:\n\t" +#endif "LDM sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "STM %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "SUBS r5, r5, #0x20\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_256_sqr_8_store%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_256_sqr_8_store_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_256_sqr_8_store\n\t" #else - "BGT.N L_sp_256_sqr_8_store%=\n\t" + "BGT.N L_sp_256_sqr_8_store_%=\n\t" #endif : [r] "+r" (r), [a] "+r" (a) : @@ -31524,7 +32222,7 @@ static void sp_256_sqr_8(sp_digit* r, const sp_digit* a) } #else -#ifdef WOLFSSL_SP_NO_UMAAL +#ifdef WOLFSSL_ARM_ARCH_7M /* Square a and put result in r. (r = a * a) * * r A single precision integer. @@ -31890,7 +32588,7 @@ SP_NOINLINE static void sp_256_sqr_8(sp_digit* r, const sp_digit* a) ); } -#endif /* WOLFSSL_SP_NO_UMAAL */ +#endif /* WOLFSSL_ARM_ARCH_7M */ #endif /* WOLFSSL_SP_SMALL */ #ifdef WOLFSSL_SP_SMALL /* Add b to a into r. (r = a + b) @@ -31915,7 +32613,11 @@ static sp_digit sp_256_add_8(sp_digit* r, const sp_digit* a, const sp_digit* b) "MOV r3, #0x0\n\t" "ADD r12, %[a], #0x20\n\t" "\n" - "L_sp_256_add_8_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_256_add_8_word:\n\t" +#else + "L_sp_256_add_8_word_%=:\n\t" +#endif "ADDS r3, r3, #0xffffffff\n\t" "LDM %[a]!, {r4, r5, r6, r7}\n\t" "LDM %[b]!, {r8, r9, r10, r11}\n\t" @@ -31927,10 +32629,12 @@ static sp_digit sp_256_add_8(sp_digit* r, const sp_digit* a, const sp_digit* b) "MOV r4, #0x0\n\t" "ADC r3, r4, #0x0\n\t" "CMP %[a], r12\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_256_add_8_word%=\n\t" +#if defined(__GNUC__) + "BNE L_sp_256_add_8_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_sp_256_add_8_word\n\t" #else - "BNE.N L_sp_256_add_8_word%=\n\t" + "BNE.N L_sp_256_add_8_word_%=\n\t" #endif "MOV %[r], r3\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) @@ -33938,7 +34642,11 @@ static sp_int32 sp_256_cmp_8(const sp_digit* a, const sp_digit* b) #ifdef WOLFSSL_SP_SMALL "MOV r6, #0x1c\n\t" "\n" - "L_sp_256_cmp_8_words%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_256_cmp_8_words:\n\t" +#else + "L_sp_256_cmp_8_words_%=:\n\t" +#endif "LDR r4, [%[a], r6]\n\t" "LDR r5, [%[b], r6]\n\t" "AND r4, r4, r3\n\t" @@ -33951,7 +34659,11 @@ static sp_int32 sp_256_cmp_8(const sp_digit* a, const sp_digit* b) "IT ne\n\t" "movne r3, r7\n\t" "SUBS r6, r6, #0x4\n\t" - "bcs L_sp_256_cmp_8_words%=\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "bcs L_sp_256_cmp_8_words\n\t" +#else + "bcs L_sp_256_cmp_8_words_%=\n\t" +#endif "EOR r2, r2, r3\n\t" #else "LDR r4, [%[a], #28]\n\t" @@ -34085,7 +34797,11 @@ static sp_digit sp_256_cond_sub_8(sp_digit* r, const sp_digit* a, const sp_digit "MOV r4, #0x0\n\t" "MOV r5, #0x0\n\t" "\n" - "L_sp_256_cond_sub_8_words%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_256_cond_sub_8_words:\n\t" +#else + "L_sp_256_cond_sub_8_words_%=:\n\t" +#endif "SUBS r4, r8, r4\n\t" "LDR r6, [%[a], r5]\n\t" "LDR r7, [%[b], r5]\n\t" @@ -34095,10 +34811,12 @@ static sp_digit sp_256_cond_sub_8(sp_digit* r, const sp_digit* a, const sp_digit "STR r6, [%[r], r5]\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0x20\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_256_cond_sub_8_words%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_256_cond_sub_8_words_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_256_cond_sub_8_words\n\t" #else - "BLT.N L_sp_256_cond_sub_8_words%=\n\t" + "BLT.N L_sp_256_cond_sub_8_words_%=\n\t" #endif "MOV %[r], r4\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) @@ -34199,7 +34917,11 @@ SP_NOINLINE static void sp_256_mont_reduce_8(sp_digit* a, const sp_digit* m, sp_ "LDR r4, [%[a]]\n\t" "LDR r5, [%[a], #4]\n\t" "\n" - "L_sp_256_mont_reduce_8_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_256_mont_reduce_8_word:\n\t" +#else + "L_sp_256_mont_reduce_8_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "MUL r10, %[mp], r4\n\t" /* a[i+0] += m[0] * mu */ @@ -34269,10 +34991,12 @@ SP_NOINLINE static void sp_256_mont_reduce_8(sp_digit* a, const sp_digit* m, sp_ "ADD r11, r11, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r11, #0x20\n\t" -#ifdef __GNUC__ - "BLT L_sp_256_mont_reduce_8_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_256_mont_reduce_8_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.W L_sp_256_mont_reduce_8_word\n\t" #else - "BLT.W L_sp_256_mont_reduce_8_word%=\n\t" + "BLT.W L_sp_256_mont_reduce_8_word_%=\n\t" #endif /* Loop Done */ "STR r4, [%[a]]\n\t" @@ -34314,7 +35038,11 @@ SP_NOINLINE static void sp_256_mont_reduce_8(sp_digit* a, const sp_digit* m, sp_ "LDR r9, [%[a], #12]\n\t" "LDR r10, [%[a], #16]\n\t" "\n" - "L_sp_256_mont_reduce_8_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_256_mont_reduce_8_word:\n\t" +#else + "L_sp_256_mont_reduce_8_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "MUL lr, %[mp], r6\n\t" /* a[i+0] += m[0] * mu */ @@ -34361,10 +35089,12 @@ SP_NOINLINE static void sp_256_mont_reduce_8(sp_digit* a, const sp_digit* m, sp_ "ADD r4, r4, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r4, #0x20\n\t" -#ifdef __GNUC__ - "BLT L_sp_256_mont_reduce_8_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_256_mont_reduce_8_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.W L_sp_256_mont_reduce_8_word\n\t" #else - "BLT.W L_sp_256_mont_reduce_8_word%=\n\t" + "BLT.W L_sp_256_mont_reduce_8_word_%=\n\t" #endif /* Loop Done */ "STR r6, [%[a]]\n\t" @@ -34573,7 +35303,11 @@ SP_NOINLINE static void sp_256_mont_reduce_order_8(sp_digit* a, const sp_digit* "LDR r4, [%[a]]\n\t" "LDR r5, [%[a], #4]\n\t" "\n" - "L_sp_256_mont_reduce_order_8_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_256_mont_reduce_order_8_word:\n\t" +#else + "L_sp_256_mont_reduce_order_8_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "MUL r10, %[mp], r4\n\t" /* a[i+0] += m[0] * mu */ @@ -34643,10 +35377,12 @@ SP_NOINLINE static void sp_256_mont_reduce_order_8(sp_digit* a, const sp_digit* "ADD r11, r11, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r11, #0x20\n\t" -#ifdef __GNUC__ - "BLT L_sp_256_mont_reduce_order_8_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_256_mont_reduce_order_8_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.W L_sp_256_mont_reduce_order_8_word\n\t" #else - "BLT.W L_sp_256_mont_reduce_order_8_word%=\n\t" + "BLT.W L_sp_256_mont_reduce_order_8_word_%=\n\t" #endif /* Loop Done */ "STR r4, [%[a]]\n\t" @@ -34688,7 +35424,11 @@ SP_NOINLINE static void sp_256_mont_reduce_order_8(sp_digit* a, const sp_digit* "LDR r9, [%[a], #12]\n\t" "LDR r10, [%[a], #16]\n\t" "\n" - "L_sp_256_mont_reduce_order_8_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_256_mont_reduce_order_8_word:\n\t" +#else + "L_sp_256_mont_reduce_order_8_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "MUL lr, %[mp], r6\n\t" /* a[i+0] += m[0] * mu */ @@ -34735,10 +35475,12 @@ SP_NOINLINE static void sp_256_mont_reduce_order_8(sp_digit* a, const sp_digit* "ADD r4, r4, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r4, #0x20\n\t" -#ifdef __GNUC__ - "BLT L_sp_256_mont_reduce_order_8_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_256_mont_reduce_order_8_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.W L_sp_256_mont_reduce_order_8_word\n\t" #else - "BLT.W L_sp_256_mont_reduce_order_8_word%=\n\t" + "BLT.W L_sp_256_mont_reduce_order_8_word_%=\n\t" #endif /* Loop Done */ "STR r6, [%[a]]\n\t" @@ -34780,7 +35522,7 @@ static void sp_256_map_8(sp_point_256* r, const sp_point_256* p, sp_256_mont_reduce_8(r->x, p256_mod, p256_mp_mod); /* Reduce x to less than modulus */ n = sp_256_cmp_8(r->x, p256_mod); - sp_256_cond_sub_8(r->x, r->x, p256_mod, ~(n >> 31)); + sp_256_cond_sub_8(r->x, r->x, p256_mod, (sp_digit)~(n >> 31)); sp_256_norm_8(r->x); /* y /= z^3 */ @@ -34789,7 +35531,7 @@ static void sp_256_map_8(sp_point_256* r, const sp_point_256* p, sp_256_mont_reduce_8(r->y, p256_mod, p256_mp_mod); /* Reduce y to less than modulus */ n = sp_256_cmp_8(r->y, p256_mod); - sp_256_cond_sub_8(r->y, r->y, p256_mod, ~(n >> 31)); + sp_256_cond_sub_8(r->y, r->y, p256_mod, (sp_digit)~(n >> 31)); sp_256_norm_8(r->y); XMEMSET(r->z, 0, sizeof(r->z) / 2); @@ -35431,8 +36173,8 @@ static void sp_256_proj_point_add_8(sp_point_256* r, sp_256_mont_sub_8(y, y, t5, p256_mod); { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -35449,7 +36191,7 @@ static void sp_256_proj_point_add_8(sp_point_256* r, (z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } } } @@ -35623,8 +36365,8 @@ static int sp_256_proj_point_add_8_nb(sp_ecc_ctx_t* sp_ctx, sp_point_256* r, { { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -35641,7 +36383,7 @@ static int sp_256_proj_point_add_8_nb(sp_ecc_ctx_t* sp_ctx, sp_point_256* r, (ctx->z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } ctx->state = 25; break; @@ -35696,7 +36438,7 @@ static void sp_256_get_point_16_8(sp_point_256* r, const sp_point_256* table, r->z[6] = 0; r->z[7] = 0; for (i = 1; i < 16; i++) { - mask = 0 - (i == idx); + mask = (sp_digit)0 - (i == idx); r->x[0] |= mask & table[i].x[0]; r->x[1] |= mask & table[i].x[1]; r->x[2] |= mask & table[i].x[2]; @@ -35890,15 +36632,15 @@ static int sp_256_ecc_mulmod_fast_8(sp_point_256* r, const sp_point_256* g, cons #endif } #ifndef WC_NO_CACHE_RESISTANT - #ifdef WOLFSSL_SP_SMALL_STACK +#ifdef WOLFSSL_SP_SMALL_STACK if (p != NULL) +#endif + { + ForceZero(p, sizeof(sp_point_256)); + #ifdef WOLFSSL_SP_SMALL_STACK + XFREE(p, heap, DYNAMIC_TYPE_ECC); #endif - { - ForceZero(p, sizeof(sp_point_256)); - #ifdef WOLFSSL_SP_SMALL_STACK - XFREE(p, heap, DYNAMIC_TYPE_ECC); - #endif - } + } #endif /* !WC_NO_CACHE_RESISTANT */ #ifdef WOLFSSL_SP_SMALL_STACK if (t != NULL) @@ -36094,8 +36836,8 @@ static void sp_256_proj_point_add_qz1_8(sp_point_256* r, sp_256_mont_sub_8(y, t3, t1, p256_mod); { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -36112,7 +36854,7 @@ static void sp_256_proj_point_add_qz1_8(sp_point_256* r, (z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } } } @@ -36202,8 +36944,7 @@ static int sp_256_gen_stripe_table_8(const sp_point_256* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -36240,7 +36981,7 @@ static void sp_256_get_entry_16_8(sp_point_256* r, r->y[6] = 0; r->y[7] = 0; for (i = 1; i < 16; i++) { - mask = 0 - (i == idx); + mask = (sp_digit)0 - (i == idx); r->x[0] |= mask & table[i].x[0]; r->x[1] |= mask & table[i].x[1]; r->x[2] |= mask & table[i].x[2]; @@ -36367,10 +37108,8 @@ static int sp_256_ecc_mulmod_stripe_8(sp_point_256* r, const sp_point_256* g, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -36626,8 +37365,7 @@ static int sp_256_gen_stripe_table_8(const sp_point_256* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -36664,7 +37402,7 @@ static void sp_256_get_entry_256_8(sp_point_256* r, r->y[6] = 0; r->y[7] = 0; for (i = 1; i < 256; i++) { - mask = 0 - (i == idx); + mask = (sp_digit)0 - (i == idx); r->x[0] |= mask & table[i].x[0]; r->x[1] |= mask & table[i].x[1]; r->x[2] |= mask & table[i].x[2]; @@ -36791,10 +37529,8 @@ static int sp_256_ecc_mulmod_stripe_8(sp_point_256* r, const sp_point_256* g, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -37012,10 +37748,8 @@ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -37092,10 +37826,8 @@ int sp_ecc_mulmod_add_256(const mp_int* km, const ecc_point* gm, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -38562,10 +39294,8 @@ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -38640,10 +39370,8 @@ int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -38732,6 +39460,7 @@ static void sp_256_from_bin(sp_digit* r, int size, const byte* a, int n) */ static int sp_256_ecc_gen_k_8(WC_RNG* rng, sp_digit* k) { +#ifndef WC_NO_RNG int err; byte buf[32]; @@ -38748,6 +39477,11 @@ static int sp_256_ecc_gen_k_8(WC_RNG* rng, sp_digit* k) while (err == 0); return err; +#else + (void)rng; + (void)k; + return NOT_COMPILED_IN; +#endif } /* Makes a random EC key pair. @@ -38826,12 +39560,9 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) { - /* point is not sensitive, so no need to zeroize */ - XFREE(point, heap, DYNAMIC_TYPE_ECC); - } + XFREE(k, heap, DYNAMIC_TYPE_ECC); + /* point is not sensitive, so no need to zeroize */ + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -38989,10 +39720,8 @@ int sp_ecc_secret_gen_256(const mp_int* priv, const ecc_point* pub, byte* out, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -39075,7 +39804,11 @@ static sp_digit sp_256_sub_in_place_8(sp_digit* a, const sp_digit* b) "MOV r10, #0x0\n\t" "ADD r11, %[a], #0x20\n\t" "\n" - "L_sp_256_sub_in_pkace_8_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_256_sub_in_pkace_8_word:\n\t" +#else + "L_sp_256_sub_in_pkace_8_word_%=:\n\t" +#endif "RSBS r10, r10, #0x0\n\t" "LDM %[a], {r2, r3, r4, r5}\n\t" "LDM %[b]!, {r6, r7, r8, r9}\n\t" @@ -39086,10 +39819,12 @@ static sp_digit sp_256_sub_in_place_8(sp_digit* a, const sp_digit* b) "STM %[a]!, {r2, r3, r4, r5}\n\t" "SBC r10, r10, r10\n\t" "CMP %[a], r11\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_256_sub_in_pkace_8_word%=\n\t" +#if defined(__GNUC__) + "BNE L_sp_256_sub_in_pkace_8_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_sp_256_sub_in_pkace_8_word\n\t" #else - "BNE.N L_sp_256_sub_in_pkace_8_word%=\n\t" + "BNE.N L_sp_256_sub_in_pkace_8_word_%=\n\t" #endif "MOV %[a], r10\n\t" : [a] "+r" (a), [b] "+r" (b) @@ -39168,7 +39903,11 @@ static void sp_256_mul_d_8(sp_digit* r, const sp_digit* a, sp_digit b) "MOV r5, #0x0\n\t" "MOV r9, #0x4\n\t" "\n" - "L_sp_256_mul_d_8_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_256_mul_d_8_word:\n\t" +#else + "L_sp_256_mul_d_8_word_%=:\n\t" +#endif /* A[i] * B */ "LDR r8, [%[a], r9]\n\t" "UMULL r6, r7, %[b], r8\n\t" @@ -39181,10 +39920,12 @@ static void sp_256_mul_d_8(sp_digit* r, const sp_digit* a, sp_digit b) "MOV r5, #0x0\n\t" "ADD r9, r9, #0x4\n\t" "CMP r9, #0x20\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_256_mul_d_8_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_256_mul_d_8_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_256_mul_d_8_word\n\t" #else - "BLT.N L_sp_256_mul_d_8_word%=\n\t" + "BLT.N L_sp_256_mul_d_8_word_%=\n\t" #endif "STR r3, [%[r], #32]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) @@ -39362,7 +40103,11 @@ SP_NOINLINE static sp_digit div_256_word_8(sp_digit d1, sp_digit d0, sp_digit di /* Next 30 bits */ "MOV r4, #0x1d\n\t" "\n" - "L_div_256_word_8_bit%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_div_256_word_8_bit:\n\t" +#else + "L_div_256_word_8_bit_%=:\n\t" +#endif "LSLS r6, r6, #1\n\t" "ADC r7, r7, r7\n\t" "SUBS r8, r5, r7\n\t" @@ -39372,7 +40117,13 @@ SP_NOINLINE static sp_digit div_256_word_8(sp_digit d1, sp_digit d0, sp_digit di "AND r8, r8, r5\n\t" "SUBS r7, r7, r8\n\t" "SUBS r4, r4, #0x1\n\t" - "bpl L_div_256_word_8_bit%=\n\t" +#if defined(__GNUC__) + "BPL L_div_256_word_8_bit_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BPL.N L_div_256_word_8_bit\n\t" +#else + "BPL.N L_div_256_word_8_bit_%=\n\t" +#endif "ADD r3, r3, r3\n\t" "ADD r3, r3, #0x1\n\t" "UMULL r6, r7, r3, %[div]\n\t" @@ -40066,7 +40817,11 @@ static sp_digit sp_256_sub_8(sp_digit* r, const sp_digit* a, const sp_digit* b) "MOV r11, #0x0\n\t" "ADD r12, %[a], #0x20\n\t" "\n" - "L_sp_256_sub_8_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_256_sub_8_word:\n\t" +#else + "L_sp_256_sub_8_word_%=:\n\t" +#endif "RSBS r11, r11, #0x0\n\t" "LDM %[a]!, {r3, r4, r5, r6}\n\t" "LDM %[b]!, {r7, r8, r9, r10}\n\t" @@ -40077,10 +40832,12 @@ static sp_digit sp_256_sub_8(sp_digit* r, const sp_digit* a, const sp_digit* b) "STM %[r]!, {r3, r4, r5, r6}\n\t" "SBC r11, r3, r3\n\t" "CMP %[a], r12\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_256_sub_8_word%=\n\t" +#if defined(__GNUC__) + "BNE L_sp_256_sub_8_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_sp_256_sub_8_word\n\t" #else - "BNE.N L_sp_256_sub_8_word%=\n\t" + "BNE.N L_sp_256_sub_8_word_%=\n\t" #endif "MOV %[r], r11\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) @@ -40199,10 +40956,12 @@ static void sp_256_div2_mod_8(sp_digit* r, const sp_digit* a, const sp_digit* m) "MOV r12, #0x0\n\t" "LDM %[a]!, {r4}\n\t" "ANDS r3, r4, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_256_div2_mod_8_even%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_256_div2_mod_8_even_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_256_div2_mod_8_even\n\t" #else - "BEQ.N L_sp_256_div2_mod_8_even%=\n\t" + "BEQ.N L_sp_256_div2_mod_8_even_%=\n\t" #endif "LDM %[a]!, {r5, r6, r7}\n\t" "LDM %[m]!, {r8, r9, r10, r11}\n\t" @@ -40218,17 +40977,27 @@ static void sp_256_div2_mod_8(sp_digit* r, const sp_digit* a, const sp_digit* m) "ADCS r6, r6, r10\n\t" "ADCS r7, r7, r11\n\t" "ADC r3, r12, r12\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_256_div2_mod_8_div2%=\n\t" +#if defined(__GNUC__) + "B L_sp_256_div2_mod_8_div2_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_256_div2_mod_8_div2\n\t" #else - "B.N L_sp_256_div2_mod_8_div2%=\n\t" + "B.N L_sp_256_div2_mod_8_div2_%=\n\t" #endif "\n" - "L_sp_256_div2_mod_8_even%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_256_div2_mod_8_even:\n\t" +#else + "L_sp_256_div2_mod_8_even_%=:\n\t" +#endif "LDRD r4, r5, [%[a], #12]\n\t" "LDRD r6, r7, [%[a], #20]\n\t" "\n" - "L_sp_256_div2_mod_8_div2%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_256_div2_mod_8_div2:\n\t" +#else + "L_sp_256_div2_mod_8_div2_%=:\n\t" +#endif "LSR r8, r4, #1\n\t" "AND r4, r4, #0x1\n\t" "LSR r9, r5, #1\n\t" @@ -40270,129 +41039,189 @@ static int sp_256_num_bits_8(const sp_digit* a) __asm__ __volatile__ ( "LDR r1, [%[a], #28]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_256_num_bits_8_7%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_256_num_bits_8_7_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_256_num_bits_8_7\n\t" #else - "BEQ.N L_sp_256_num_bits_8_7%=\n\t" + "BEQ.N L_sp_256_num_bits_8_7_%=\n\t" #endif "MOV r2, #0x100\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_256_num_bits_8_9%=\n\t" +#if defined(__GNUC__) + "B L_sp_256_num_bits_8_9_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_256_num_bits_8_9\n\t" #else - "B.N L_sp_256_num_bits_8_9%=\n\t" + "B.N L_sp_256_num_bits_8_9_%=\n\t" #endif "\n" - "L_sp_256_num_bits_8_7%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_256_num_bits_8_7:\n\t" +#else + "L_sp_256_num_bits_8_7_%=:\n\t" +#endif "LDR r1, [%[a], #24]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_256_num_bits_8_6%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_256_num_bits_8_6_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_256_num_bits_8_6\n\t" #else - "BEQ.N L_sp_256_num_bits_8_6%=\n\t" + "BEQ.N L_sp_256_num_bits_8_6_%=\n\t" #endif "MOV r2, #0xe0\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_256_num_bits_8_9%=\n\t" +#if defined(__GNUC__) + "B L_sp_256_num_bits_8_9_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_256_num_bits_8_9\n\t" #else - "B.N L_sp_256_num_bits_8_9%=\n\t" + "B.N L_sp_256_num_bits_8_9_%=\n\t" #endif "\n" - "L_sp_256_num_bits_8_6%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_256_num_bits_8_6:\n\t" +#else + "L_sp_256_num_bits_8_6_%=:\n\t" +#endif "LDR r1, [%[a], #20]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_256_num_bits_8_5%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_256_num_bits_8_5_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_256_num_bits_8_5\n\t" #else - "BEQ.N L_sp_256_num_bits_8_5%=\n\t" + "BEQ.N L_sp_256_num_bits_8_5_%=\n\t" #endif "MOV r2, #0xc0\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_256_num_bits_8_9%=\n\t" +#if defined(__GNUC__) + "B L_sp_256_num_bits_8_9_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_256_num_bits_8_9\n\t" #else - "B.N L_sp_256_num_bits_8_9%=\n\t" + "B.N L_sp_256_num_bits_8_9_%=\n\t" #endif "\n" - "L_sp_256_num_bits_8_5%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_256_num_bits_8_5:\n\t" +#else + "L_sp_256_num_bits_8_5_%=:\n\t" +#endif "LDR r1, [%[a], #16]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_256_num_bits_8_4%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_256_num_bits_8_4_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_256_num_bits_8_4\n\t" #else - "BEQ.N L_sp_256_num_bits_8_4%=\n\t" + "BEQ.N L_sp_256_num_bits_8_4_%=\n\t" #endif "MOV r2, #0xa0\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_256_num_bits_8_9%=\n\t" +#if defined(__GNUC__) + "B L_sp_256_num_bits_8_9_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_256_num_bits_8_9\n\t" #else - "B.N L_sp_256_num_bits_8_9%=\n\t" + "B.N L_sp_256_num_bits_8_9_%=\n\t" #endif "\n" - "L_sp_256_num_bits_8_4%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_256_num_bits_8_4:\n\t" +#else + "L_sp_256_num_bits_8_4_%=:\n\t" +#endif "LDR r1, [%[a], #12]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_256_num_bits_8_3%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_256_num_bits_8_3_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_256_num_bits_8_3\n\t" #else - "BEQ.N L_sp_256_num_bits_8_3%=\n\t" + "BEQ.N L_sp_256_num_bits_8_3_%=\n\t" #endif "MOV r2, #0x80\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_256_num_bits_8_9%=\n\t" +#if defined(__GNUC__) + "B L_sp_256_num_bits_8_9_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_256_num_bits_8_9\n\t" #else - "B.N L_sp_256_num_bits_8_9%=\n\t" + "B.N L_sp_256_num_bits_8_9_%=\n\t" #endif "\n" - "L_sp_256_num_bits_8_3%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_256_num_bits_8_3:\n\t" +#else + "L_sp_256_num_bits_8_3_%=:\n\t" +#endif "LDR r1, [%[a], #8]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_256_num_bits_8_2%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_256_num_bits_8_2_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_256_num_bits_8_2\n\t" #else - "BEQ.N L_sp_256_num_bits_8_2%=\n\t" + "BEQ.N L_sp_256_num_bits_8_2_%=\n\t" #endif "MOV r2, #0x60\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_256_num_bits_8_9%=\n\t" +#if defined(__GNUC__) + "B L_sp_256_num_bits_8_9_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_256_num_bits_8_9\n\t" #else - "B.N L_sp_256_num_bits_8_9%=\n\t" + "B.N L_sp_256_num_bits_8_9_%=\n\t" #endif "\n" - "L_sp_256_num_bits_8_2%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_256_num_bits_8_2:\n\t" +#else + "L_sp_256_num_bits_8_2_%=:\n\t" +#endif "LDR r1, [%[a], #4]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_256_num_bits_8_1%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_256_num_bits_8_1_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_256_num_bits_8_1\n\t" #else - "BEQ.N L_sp_256_num_bits_8_1%=\n\t" + "BEQ.N L_sp_256_num_bits_8_1_%=\n\t" #endif "MOV r2, #0x40\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_256_num_bits_8_9%=\n\t" +#if defined(__GNUC__) + "B L_sp_256_num_bits_8_9_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_256_num_bits_8_9\n\t" #else - "B.N L_sp_256_num_bits_8_9%=\n\t" + "B.N L_sp_256_num_bits_8_9_%=\n\t" #endif "\n" - "L_sp_256_num_bits_8_1%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_256_num_bits_8_1:\n\t" +#else + "L_sp_256_num_bits_8_1_%=:\n\t" +#endif "LDR r1, [%[a]]\n\t" "MOV r2, #0x20\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" "\n" - "L_sp_256_num_bits_8_9%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_256_num_bits_8_9:\n\t" +#else + "L_sp_256_num_bits_8_9_%=:\n\t" +#endif "MOV %[a], r4\n\t" : [a] "+r" (a) : @@ -40684,10 +41513,8 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, } #ifdef WOLFSSL_SP_SMALL_STACK - if (u1 != NULL) - XFREE(u1, heap, DYNAMIC_TYPE_ECC); - if (p1 != NULL) - XFREE(p1, heap, DYNAMIC_TYPE_ECC); + XFREE(u1, heap, DYNAMIC_TYPE_ECC); + XFREE(p1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -40894,8 +41721,7 @@ static int sp_256_ecc_is_point_8(const sp_point_256* point, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, heap, DYNAMIC_TYPE_ECC); + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -40934,8 +41760,7 @@ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY) } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, NULL, DYNAMIC_TYPE_ECC); + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -41043,10 +41868,8 @@ int sp_ecc_check_key_256(const mp_int* pX, const mp_int* pY, } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, heap, DYNAMIC_TYPE_ECC); - if (priv != NULL) - XFREE(priv, heap, DYNAMIC_TYPE_ECC); + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + XFREE(priv, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -41125,10 +41948,8 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -41193,10 +42014,8 @@ int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -41257,10 +42076,8 @@ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ) } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -41326,8 +42143,7 @@ static int sp_256_mont_sqrt_8(sp_digit* y) } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_ECC); + XFREE(t1, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -41392,8 +42208,7 @@ int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym) } #ifdef WOLFSSL_SP_SMALL_STACK - if (x != NULL) - XFREE(x, NULL, DYNAMIC_TYPE_ECC); + XFREE(x, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -41515,13 +42330,21 @@ static void sp_384_mul_12(sp_digit* r, const sp_digit* a, const sp_digit* b) "MOV r8, #0x0\n\t" "MOV r5, #0x4\n\t" "\n" - "L_sp_384_mul_12_outer%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_384_mul_12_outer:\n\t" +#else + "L_sp_384_mul_12_outer_%=:\n\t" +#endif "SUBS r3, r5, #0x2c\n\t" "IT cc\n\t" "MOVCC r3, #0x0\n\t" "SUB r4, r5, r3\n\t" "\n" - "L_sp_384_mul_12_inner%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_384_mul_12_inner:\n\t" +#else + "L_sp_384_mul_12_inner_%=:\n\t" +#endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[b], r4]\n\t" "UMULL r9, r10, lr, r11\n\t" @@ -41537,15 +42360,19 @@ static void sp_384_mul_12(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADD r3, r3, #0x4\n\t" "SUB r4, r4, #0x4\n\t" "CMP r3, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_384_mul_12_inner_done%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_384_mul_12_inner_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_384_mul_12_inner_done\n\t" #else - "BGT.N L_sp_384_mul_12_inner_done%=\n\t" + "BGT.N L_sp_384_mul_12_inner_done_%=\n\t" #endif -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_384_mul_12_inner%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_384_mul_12_inner_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_384_mul_12_inner\n\t" #else - "BLT.N L_sp_384_mul_12_inner%=\n\t" + "BLT.N L_sp_384_mul_12_inner_%=\n\t" #endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[b], r3]\n\t" @@ -41554,17 +42381,23 @@ static void sp_384_mul_12(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADCS r7, r7, r10\n\t" "ADC r8, r8, #0x0\n\t" "\n" - "L_sp_384_mul_12_inner_done%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_384_mul_12_inner_done:\n\t" +#else + "L_sp_384_mul_12_inner_done_%=:\n\t" +#endif "STR r6, [sp, r5]\n\t" "MOV r6, r7\n\t" "MOV r7, r8\n\t" "MOV r8, #0x0\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0x54\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLE L_sp_384_mul_12_outer%=\n\t" +#if defined(__GNUC__) + "BLE L_sp_384_mul_12_outer_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLE.N L_sp_384_mul_12_outer\n\t" #else - "BLE.N L_sp_384_mul_12_outer%=\n\t" + "BLE.N L_sp_384_mul_12_outer_%=\n\t" #endif "LDR lr, [%[a], #44]\n\t" "LDR r11, [%[b], #44]\n\t" @@ -41573,14 +42406,20 @@ static void sp_384_mul_12(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADD r5, r5, #0x4\n\t" "STR r7, [sp, r5]\n\t" "\n" - "L_sp_384_mul_12_store%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_384_mul_12_store:\n\t" +#else + "L_sp_384_mul_12_store_%=:\n\t" +#endif "LDM sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "STM %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "SUBS r5, r5, #0x20\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_384_mul_12_store%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_384_mul_12_store_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_384_mul_12_store\n\t" #else - "BGT.N L_sp_384_mul_12_store%=\n\t" + "BGT.N L_sp_384_mul_12_store_%=\n\t" #endif : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : @@ -42643,13 +43482,21 @@ static void sp_384_sqr_12(sp_digit* r, const sp_digit* a) "MOV r8, #0x0\n\t" "MOV r5, #0x4\n\t" "\n" - "L_sp_384_sqr_12_outer%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_384_sqr_12_outer:\n\t" +#else + "L_sp_384_sqr_12_outer_%=:\n\t" +#endif "SUBS r3, r5, #0x2c\n\t" "IT cc\n\t" "MOVCC r3, #0x0\n\t" "SUB r4, r5, r3\n\t" "\n" - "L_sp_384_sqr_12_inner%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_384_sqr_12_inner:\n\t" +#else + "L_sp_384_sqr_12_inner_%=:\n\t" +#endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[a], r4]\n\t" "UMULL r9, r10, lr, r11\n\t" @@ -42662,15 +43509,19 @@ static void sp_384_sqr_12(sp_digit* r, const sp_digit* a) "ADD r3, r3, #0x4\n\t" "SUB r4, r4, #0x4\n\t" "CMP r3, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_384_sqr_12_inner_done%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_384_sqr_12_inner_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_384_sqr_12_inner_done\n\t" #else - "BGT.N L_sp_384_sqr_12_inner_done%=\n\t" + "BGT.N L_sp_384_sqr_12_inner_done_%=\n\t" #endif -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_384_sqr_12_inner%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_384_sqr_12_inner_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_384_sqr_12_inner\n\t" #else - "BLT.N L_sp_384_sqr_12_inner%=\n\t" + "BLT.N L_sp_384_sqr_12_inner_%=\n\t" #endif "LDR lr, [%[a], r3]\n\t" "UMULL r9, r10, lr, lr\n\t" @@ -42678,17 +43529,23 @@ static void sp_384_sqr_12(sp_digit* r, const sp_digit* a) "ADCS r7, r7, r10\n\t" "ADC r8, r8, #0x0\n\t" "\n" - "L_sp_384_sqr_12_inner_done%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_384_sqr_12_inner_done:\n\t" +#else + "L_sp_384_sqr_12_inner_done_%=:\n\t" +#endif "STR r6, [sp, r5]\n\t" "MOV r6, r7\n\t" "MOV r7, r8\n\t" "MOV r8, #0x0\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0x54\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLE L_sp_384_sqr_12_outer%=\n\t" +#if defined(__GNUC__) + "BLE L_sp_384_sqr_12_outer_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLE.N L_sp_384_sqr_12_outer\n\t" #else - "BLE.N L_sp_384_sqr_12_outer%=\n\t" + "BLE.N L_sp_384_sqr_12_outer_%=\n\t" #endif "LDR lr, [%[a], #44]\n\t" "UMLAL r6, r7, lr, lr\n\t" @@ -42696,14 +43553,20 @@ static void sp_384_sqr_12(sp_digit* r, const sp_digit* a) "ADD r5, r5, #0x4\n\t" "STR r7, [sp, r5]\n\t" "\n" - "L_sp_384_sqr_12_store%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_384_sqr_12_store:\n\t" +#else + "L_sp_384_sqr_12_store_%=:\n\t" +#endif "LDM sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "STM %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "SUBS r5, r5, #0x20\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_384_sqr_12_store%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_384_sqr_12_store_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_384_sqr_12_store\n\t" #else - "BGT.N L_sp_384_sqr_12_store%=\n\t" + "BGT.N L_sp_384_sqr_12_store_%=\n\t" #endif : [r] "+r" (r), [a] "+r" (a) : @@ -43436,7 +44299,11 @@ static sp_digit sp_384_add_12(sp_digit* r, const sp_digit* a, const sp_digit* b) "MOV r3, #0x0\n\t" "ADD r12, %[a], #0x30\n\t" "\n" - "L_sp_384_add_12_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_384_add_12_word:\n\t" +#else + "L_sp_384_add_12_word_%=:\n\t" +#endif "ADDS r3, r3, #0xffffffff\n\t" "LDM %[a]!, {r4, r5, r6, r7}\n\t" "LDM %[b]!, {r8, r9, r10, r11}\n\t" @@ -43448,10 +44315,12 @@ static sp_digit sp_384_add_12(sp_digit* r, const sp_digit* a, const sp_digit* b) "MOV r4, #0x0\n\t" "ADC r3, r4, #0x0\n\t" "CMP %[a], r12\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_384_add_12_word%=\n\t" +#if defined(__GNUC__) + "BNE L_sp_384_add_12_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_sp_384_add_12_word\n\t" #else - "BNE.N L_sp_384_add_12_word%=\n\t" + "BNE.N L_sp_384_add_12_word_%=\n\t" #endif "MOV %[r], r3\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) @@ -43592,23 +44461,22 @@ static int sp_384_mod_mul_norm_12(sp_digit* r, const sp_digit* a, const sp_digit t[10] += t[9] >> 32; t[9] &= 0xffffffff; t[11] += t[10] >> 32; t[10] &= 0xffffffff; - r[0] = t[0]; - r[1] = t[1]; - r[2] = t[2]; - r[3] = t[3]; - r[4] = t[4]; - r[5] = t[5]; - r[6] = t[6]; - r[7] = t[7]; - r[8] = t[8]; - r[9] = t[9]; - r[10] = t[10]; - r[11] = t[11]; + r[0] = (sp_digit)t[0]; + r[1] = (sp_digit)t[1]; + r[2] = (sp_digit)t[2]; + r[3] = (sp_digit)t[3]; + r[4] = (sp_digit)t[4]; + r[5] = (sp_digit)t[5]; + r[6] = (sp_digit)t[6]; + r[7] = (sp_digit)t[7]; + r[8] = (sp_digit)t[8]; + r[9] = (sp_digit)t[9]; + r[10] = (sp_digit)t[10]; + r[11] = (sp_digit)t[11]; } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, NULL, DYNAMIC_TYPE_ECC); + XFREE(t, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -43836,7 +44704,11 @@ static sp_digit sp_384_cond_sub_12(sp_digit* r, const sp_digit* a, const sp_digi "MOV r4, #0x0\n\t" "MOV r5, #0x0\n\t" "\n" - "L_sp_384_cond_sub_12_words%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_384_cond_sub_12_words:\n\t" +#else + "L_sp_384_cond_sub_12_words_%=:\n\t" +#endif "SUBS r4, r8, r4\n\t" "LDR r6, [%[a], r5]\n\t" "LDR r7, [%[b], r5]\n\t" @@ -43846,10 +44718,12 @@ static sp_digit sp_384_cond_sub_12(sp_digit* r, const sp_digit* a, const sp_digi "STR r6, [%[r], r5]\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0x30\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_384_cond_sub_12_words%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_384_cond_sub_12_words_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_384_cond_sub_12_words\n\t" #else - "BLT.N L_sp_384_cond_sub_12_words%=\n\t" + "BLT.N L_sp_384_cond_sub_12_words_%=\n\t" #endif "MOV %[r], r4\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) @@ -43963,7 +44837,11 @@ SP_NOINLINE static void sp_384_mont_reduce_12(sp_digit* a, const sp_digit* m, sp "LDR r4, [%[a]]\n\t" "LDR r5, [%[a], #4]\n\t" "\n" - "L_sp_384_mont_reduce_12_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_384_mont_reduce_12_word:\n\t" +#else + "L_sp_384_mont_reduce_12_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "MUL r10, %[mp], r4\n\t" /* a[i+0] += m[0] * mu */ @@ -44065,10 +44943,12 @@ SP_NOINLINE static void sp_384_mont_reduce_12(sp_digit* a, const sp_digit* m, sp "ADD r11, r11, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r11, #0x30\n\t" -#ifdef __GNUC__ - "BLT L_sp_384_mont_reduce_12_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_384_mont_reduce_12_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.W L_sp_384_mont_reduce_12_word\n\t" #else - "BLT.W L_sp_384_mont_reduce_12_word%=\n\t" + "BLT.W L_sp_384_mont_reduce_12_word_%=\n\t" #endif /* Loop Done */ "STR r4, [%[a]]\n\t" @@ -44110,7 +44990,11 @@ SP_NOINLINE static void sp_384_mont_reduce_12(sp_digit* a, const sp_digit* m, sp "LDR r9, [%[a], #12]\n\t" "LDR r10, [%[a], #16]\n\t" "\n" - "L_sp_384_mont_reduce_12_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_384_mont_reduce_12_word:\n\t" +#else + "L_sp_384_mont_reduce_12_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "MUL lr, %[mp], r6\n\t" /* a[i+0] += m[0] * mu */ @@ -44177,10 +45061,12 @@ SP_NOINLINE static void sp_384_mont_reduce_12(sp_digit* a, const sp_digit* m, sp "ADD r4, r4, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r4, #0x30\n\t" -#ifdef __GNUC__ - "BLT L_sp_384_mont_reduce_12_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_384_mont_reduce_12_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.W L_sp_384_mont_reduce_12_word\n\t" #else - "BLT.W L_sp_384_mont_reduce_12_word%=\n\t" + "BLT.W L_sp_384_mont_reduce_12_word_%=\n\t" #endif /* Loop Done */ "STR r6, [%[a]]\n\t" @@ -44365,7 +45251,11 @@ static sp_int32 sp_384_cmp_12(const sp_digit* a, const sp_digit* b) #ifdef WOLFSSL_SP_SMALL "MOV r6, #0x2c\n\t" "\n" - "L_sp_384_cmp_12_words%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_384_cmp_12_words:\n\t" +#else + "L_sp_384_cmp_12_words_%=:\n\t" +#endif "LDR r4, [%[a], r6]\n\t" "LDR r5, [%[b], r6]\n\t" "AND r4, r4, r3\n\t" @@ -44378,7 +45268,11 @@ static sp_int32 sp_384_cmp_12(const sp_digit* a, const sp_digit* b) "IT ne\n\t" "movne r3, r7\n\t" "SUBS r6, r6, #0x4\n\t" - "bcs L_sp_384_cmp_12_words%=\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "bcs L_sp_384_cmp_12_words\n\t" +#else + "bcs L_sp_384_cmp_12_words_%=\n\t" +#endif "EOR r2, r2, r3\n\t" #else "LDR r4, [%[a], #44]\n\t" @@ -44553,7 +45447,7 @@ static void sp_384_map_12(sp_point_384* r, const sp_point_384* p, sp_384_mont_reduce_12(r->x, p384_mod, p384_mp_mod); /* Reduce x to less than modulus */ n = sp_384_cmp_12(r->x, p384_mod); - sp_384_cond_sub_12(r->x, r->x, p384_mod, ~(n >> 31)); + sp_384_cond_sub_12(r->x, r->x, p384_mod, (sp_digit)~(n >> 31)); sp_384_norm_12(r->x); /* y /= z^3 */ @@ -44562,7 +45456,7 @@ static void sp_384_map_12(sp_point_384* r, const sp_point_384* p, sp_384_mont_reduce_12(r->y, p384_mod, p384_mp_mod); /* Reduce y to less than modulus */ n = sp_384_cmp_12(r->y, p384_mod); - sp_384_cond_sub_12(r->y, r->y, p384_mod, ~(n >> 31)); + sp_384_cond_sub_12(r->y, r->y, p384_mod, (sp_digit)~(n >> 31)); sp_384_norm_12(r->y); XMEMSET(r->z, 0, sizeof(r->z) / 2); @@ -44668,7 +45562,11 @@ static sp_digit sp_384_sub_12(sp_digit* r, const sp_digit* a, const sp_digit* b) "MOV r11, #0x0\n\t" "ADD r12, %[a], #0x30\n\t" "\n" - "L_sp_384_sub_12_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_384_sub_12_word:\n\t" +#else + "L_sp_384_sub_12_word_%=:\n\t" +#endif "RSBS r11, r11, #0x0\n\t" "LDM %[a]!, {r3, r4, r5, r6}\n\t" "LDM %[b]!, {r7, r8, r9, r10}\n\t" @@ -44679,10 +45577,12 @@ static sp_digit sp_384_sub_12(sp_digit* r, const sp_digit* a, const sp_digit* b) "STM %[r]!, {r3, r4, r5, r6}\n\t" "SBC r11, r3, r3\n\t" "CMP %[a], r12\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_384_sub_12_word%=\n\t" +#if defined(__GNUC__) + "BNE L_sp_384_sub_12_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_sp_384_sub_12_word\n\t" #else - "BNE.N L_sp_384_sub_12_word%=\n\t" + "BNE.N L_sp_384_sub_12_word_%=\n\t" #endif "MOV %[r], r11\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) @@ -44769,7 +45669,11 @@ static sp_digit sp_384_cond_add_12(sp_digit* r, const sp_digit* a, const sp_digi "MOV r8, #0x0\n\t" "MOV r4, #0x0\n\t" "\n" - "L_sp_384_cond_add_12_words%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_384_cond_add_12_words:\n\t" +#else + "L_sp_384_cond_add_12_words_%=:\n\t" +#endif "ADDS r5, r5, #0xffffffff\n\t" "LDR r6, [%[a], r4]\n\t" "LDR r7, [%[b], r4]\n\t" @@ -44779,10 +45683,12 @@ static sp_digit sp_384_cond_add_12(sp_digit* r, const sp_digit* a, const sp_digi "STR r6, [%[r], r4]\n\t" "ADD r4, r4, #0x4\n\t" "CMP r4, #0x30\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_384_cond_add_12_words%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_384_cond_add_12_words_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_384_cond_add_12_words\n\t" #else - "BLT.N L_sp_384_cond_add_12_words%=\n\t" + "BLT.N L_sp_384_cond_add_12_words_%=\n\t" #endif "MOV %[r], r5\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) @@ -45268,8 +46174,8 @@ static void sp_384_proj_point_add_12(sp_point_384* r, sp_384_mont_sub_12(y, y, t5, p384_mod); { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -45286,7 +46192,7 @@ static void sp_384_proj_point_add_12(sp_point_384* r, (z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } } } @@ -45460,8 +46366,8 @@ static int sp_384_proj_point_add_12_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r, { { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -45478,7 +46384,7 @@ static int sp_384_proj_point_add_12_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r, (ctx->z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } ctx->state = 25; break; @@ -45545,7 +46451,7 @@ static void sp_384_get_point_16_12(sp_point_384* r, const sp_point_384* table, r->z[10] = 0; r->z[11] = 0; for (i = 1; i < 16; i++) { - mask = 0 - (i == idx); + mask = (sp_digit)0 - (i == idx); r->x[0] |= mask & table[i].x[0]; r->x[1] |= mask & table[i].x[1]; r->x[2] |= mask & table[i].x[2]; @@ -45751,15 +46657,15 @@ static int sp_384_ecc_mulmod_fast_12(sp_point_384* r, const sp_point_384* g, con #endif } #ifndef WC_NO_CACHE_RESISTANT - #ifdef WOLFSSL_SP_SMALL_STACK +#ifdef WOLFSSL_SP_SMALL_STACK if (p != NULL) +#endif + { + ForceZero(p, sizeof(sp_point_384)); + #ifdef WOLFSSL_SP_SMALL_STACK + XFREE(p, heap, DYNAMIC_TYPE_ECC); #endif - { - ForceZero(p, sizeof(sp_point_384)); - #ifdef WOLFSSL_SP_SMALL_STACK - XFREE(p, heap, DYNAMIC_TYPE_ECC); - #endif - } + } #endif /* !WC_NO_CACHE_RESISTANT */ #ifdef WOLFSSL_SP_SMALL_STACK if (t != NULL) @@ -45955,8 +46861,8 @@ static void sp_384_proj_point_add_qz1_12(sp_point_384* r, sp_384_mont_sub_12(y, t3, t1, p384_mod); { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -45973,7 +46879,7 @@ static void sp_384_proj_point_add_qz1_12(sp_point_384* r, (z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } } } @@ -46063,8 +46969,7 @@ static int sp_384_gen_stripe_table_12(const sp_point_384* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -46109,7 +47014,7 @@ static void sp_384_get_entry_16_12(sp_point_384* r, r->y[10] = 0; r->y[11] = 0; for (i = 1; i < 16; i++) { - mask = 0 - (i == idx); + mask = (sp_digit)0 - (i == idx); r->x[0] |= mask & table[i].x[0]; r->x[1] |= mask & table[i].x[1]; r->x[2] |= mask & table[i].x[2]; @@ -46244,10 +47149,8 @@ static int sp_384_ecc_mulmod_stripe_12(sp_point_384* r, const sp_point_384* g, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -46503,8 +47406,7 @@ static int sp_384_gen_stripe_table_12(const sp_point_384* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -46549,7 +47451,7 @@ static void sp_384_get_entry_256_12(sp_point_384* r, r->y[10] = 0; r->y[11] = 0; for (i = 1; i < 256; i++) { - mask = 0 - (i == idx); + mask = (sp_digit)0 - (i == idx); r->x[0] |= mask & table[i].x[0]; r->x[1] |= mask & table[i].x[1]; r->x[2] |= mask & table[i].x[2]; @@ -46684,10 +47586,8 @@ static int sp_384_ecc_mulmod_stripe_12(sp_point_384* r, const sp_point_384* g, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -46905,10 +47805,8 @@ int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -46985,10 +47883,8 @@ int sp_ecc_mulmod_add_384(const mp_int* km, const ecc_point* gm, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -48455,10 +49351,8 @@ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -48533,10 +49427,8 @@ int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -48631,6 +49523,7 @@ static void sp_384_from_bin(sp_digit* r, int size, const byte* a, int n) */ static int sp_384_ecc_gen_k_12(WC_RNG* rng, sp_digit* k) { +#ifndef WC_NO_RNG int err; byte buf[48]; @@ -48647,6 +49540,11 @@ static int sp_384_ecc_gen_k_12(WC_RNG* rng, sp_digit* k) while (err == 0); return err; +#else + (void)rng; + (void)k; + return NOT_COMPILED_IN; +#endif } /* Makes a random EC key pair. @@ -48725,12 +49623,9 @@ int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) { - /* point is not sensitive, so no need to zeroize */ - XFREE(point, heap, DYNAMIC_TYPE_ECC); - } + XFREE(k, heap, DYNAMIC_TYPE_ECC); + /* point is not sensitive, so no need to zeroize */ + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -48888,10 +49783,8 @@ int sp_ecc_secret_gen_384(const mp_int* priv, const ecc_point* pub, byte* out, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -48974,7 +49867,11 @@ static sp_digit sp_384_sub_in_place_12(sp_digit* a, const sp_digit* b) "MOV r10, #0x0\n\t" "ADD r11, %[a], #0x30\n\t" "\n" - "L_sp_384_sub_in_pkace_12_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_384_sub_in_pkace_12_word:\n\t" +#else + "L_sp_384_sub_in_pkace_12_word_%=:\n\t" +#endif "RSBS r10, r10, #0x0\n\t" "LDM %[a], {r2, r3, r4, r5}\n\t" "LDM %[b]!, {r6, r7, r8, r9}\n\t" @@ -48985,10 +49882,12 @@ static sp_digit sp_384_sub_in_place_12(sp_digit* a, const sp_digit* b) "STM %[a]!, {r2, r3, r4, r5}\n\t" "SBC r10, r10, r10\n\t" "CMP %[a], r11\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_384_sub_in_pkace_12_word%=\n\t" +#if defined(__GNUC__) + "BNE L_sp_384_sub_in_pkace_12_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_sp_384_sub_in_pkace_12_word\n\t" #else - "BNE.N L_sp_384_sub_in_pkace_12_word%=\n\t" + "BNE.N L_sp_384_sub_in_pkace_12_word_%=\n\t" #endif "MOV %[a], r10\n\t" : [a] "+r" (a), [b] "+r" (b) @@ -49074,7 +49973,11 @@ static void sp_384_mul_d_12(sp_digit* r, const sp_digit* a, sp_digit b) "MOV r5, #0x0\n\t" "MOV r9, #0x4\n\t" "\n" - "L_sp_384_mul_d_12_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_384_mul_d_12_word:\n\t" +#else + "L_sp_384_mul_d_12_word_%=:\n\t" +#endif /* A[i] * B */ "LDR r8, [%[a], r9]\n\t" "UMULL r6, r7, %[b], r8\n\t" @@ -49087,10 +49990,12 @@ static void sp_384_mul_d_12(sp_digit* r, const sp_digit* a, sp_digit b) "MOV r5, #0x0\n\t" "ADD r9, r9, #0x4\n\t" "CMP r9, #0x30\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_384_mul_d_12_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_384_mul_d_12_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_384_mul_d_12_word\n\t" #else - "BLT.N L_sp_384_mul_d_12_word%=\n\t" + "BLT.N L_sp_384_mul_d_12_word_%=\n\t" #endif "STR r3, [%[r], #48]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) @@ -49288,7 +50193,11 @@ SP_NOINLINE static sp_digit div_384_word_12(sp_digit d1, sp_digit d0, sp_digit d /* Next 30 bits */ "MOV r4, #0x1d\n\t" "\n" - "L_div_384_word_12_bit%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_div_384_word_12_bit:\n\t" +#else + "L_div_384_word_12_bit_%=:\n\t" +#endif "LSLS r6, r6, #1\n\t" "ADC r7, r7, r7\n\t" "SUBS r8, r5, r7\n\t" @@ -49298,7 +50207,13 @@ SP_NOINLINE static sp_digit div_384_word_12(sp_digit d1, sp_digit d0, sp_digit d "AND r8, r8, r5\n\t" "SUBS r7, r7, r8\n\t" "SUBS r4, r4, #0x1\n\t" - "bpl L_div_384_word_12_bit%=\n\t" +#if defined(__GNUC__) + "BPL L_div_384_word_12_bit_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BPL.N L_div_384_word_12_bit\n\t" +#else + "BPL.N L_div_384_word_12_bit_%=\n\t" +#endif "ADD r3, r3, r3\n\t" "ADD r3, r3, #0x1\n\t" "UMULL r6, r7, r3, %[div]\n\t" @@ -49961,10 +50876,12 @@ static void sp_384_div2_mod_12(sp_digit* r, const sp_digit* a, const sp_digit* m __asm__ __volatile__ ( "LDM %[a]!, {r4}\n\t" "ANDS r3, r4, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_384_div2_mod_12_even%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_384_div2_mod_12_even_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_384_div2_mod_12_even\n\t" #else - "BEQ.N L_sp_384_div2_mod_12_even%=\n\t" + "BEQ.N L_sp_384_div2_mod_12_even_%=\n\t" #endif "MOV r12, #0x0\n\t" "LDM %[a]!, {r5, r6, r7}\n\t" @@ -49989,13 +50906,19 @@ static void sp_384_div2_mod_12(sp_digit* r, const sp_digit* a, const sp_digit* m "ADCS r7, r7, r11\n\t" "STM %[r]!, {r4, r5, r6, r7}\n\t" "ADC r3, r12, r12\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_384_div2_mod_12_div2%=\n\t" +#if defined(__GNUC__) + "B L_sp_384_div2_mod_12_div2_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_384_div2_mod_12_div2\n\t" #else - "B.N L_sp_384_div2_mod_12_div2%=\n\t" + "B.N L_sp_384_div2_mod_12_div2_%=\n\t" #endif "\n" - "L_sp_384_div2_mod_12_even%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_384_div2_mod_12_even:\n\t" +#else + "L_sp_384_div2_mod_12_even_%=:\n\t" +#endif "LDM %[a]!, {r5, r6, r7}\n\t" "STM %[r]!, {r4, r5, r6, r7}\n\t" "LDM %[a]!, {r4, r5, r6, r7}\n\t" @@ -50003,7 +50926,11 @@ static void sp_384_div2_mod_12(sp_digit* r, const sp_digit* a, const sp_digit* m "LDM %[a]!, {r4, r5, r6, r7}\n\t" "STM %[r]!, {r4, r5, r6, r7}\n\t" "\n" - "L_sp_384_div2_mod_12_div2%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_384_div2_mod_12_div2:\n\t" +#else + "L_sp_384_div2_mod_12_div2_%=:\n\t" +#endif "SUB %[r], %[r], #0x30\n\t" "LDRD r8, r9, [%[r]]\n\t" "LSR r8, r8, #1\n\t" @@ -50071,197 +50998,289 @@ static int sp_384_num_bits_12(const sp_digit* a) __asm__ __volatile__ ( "LDR r1, [%[a], #44]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_384_num_bits_12_11%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_384_num_bits_12_11_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_384_num_bits_12_11\n\t" #else - "BEQ.N L_sp_384_num_bits_12_11%=\n\t" + "BEQ.N L_sp_384_num_bits_12_11_%=\n\t" #endif "MOV r2, #0x180\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_384_num_bits_12_13%=\n\t" +#if defined(__GNUC__) + "B L_sp_384_num_bits_12_13_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_384_num_bits_12_13\n\t" #else - "B.N L_sp_384_num_bits_12_13%=\n\t" + "B.N L_sp_384_num_bits_12_13_%=\n\t" #endif "\n" - "L_sp_384_num_bits_12_11%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_384_num_bits_12_11:\n\t" +#else + "L_sp_384_num_bits_12_11_%=:\n\t" +#endif "LDR r1, [%[a], #40]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_384_num_bits_12_10%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_384_num_bits_12_10_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_384_num_bits_12_10\n\t" #else - "BEQ.N L_sp_384_num_bits_12_10%=\n\t" + "BEQ.N L_sp_384_num_bits_12_10_%=\n\t" #endif "MOV r2, #0x160\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_384_num_bits_12_13%=\n\t" +#if defined(__GNUC__) + "B L_sp_384_num_bits_12_13_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_384_num_bits_12_13\n\t" #else - "B.N L_sp_384_num_bits_12_13%=\n\t" + "B.N L_sp_384_num_bits_12_13_%=\n\t" #endif "\n" - "L_sp_384_num_bits_12_10%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_384_num_bits_12_10:\n\t" +#else + "L_sp_384_num_bits_12_10_%=:\n\t" +#endif "LDR r1, [%[a], #36]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_384_num_bits_12_9%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_384_num_bits_12_9_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_384_num_bits_12_9\n\t" #else - "BEQ.N L_sp_384_num_bits_12_9%=\n\t" + "BEQ.N L_sp_384_num_bits_12_9_%=\n\t" #endif "MOV r2, #0x140\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_384_num_bits_12_13%=\n\t" +#if defined(__GNUC__) + "B L_sp_384_num_bits_12_13_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_384_num_bits_12_13\n\t" #else - "B.N L_sp_384_num_bits_12_13%=\n\t" + "B.N L_sp_384_num_bits_12_13_%=\n\t" #endif "\n" - "L_sp_384_num_bits_12_9%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_384_num_bits_12_9:\n\t" +#else + "L_sp_384_num_bits_12_9_%=:\n\t" +#endif "LDR r1, [%[a], #32]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_384_num_bits_12_8%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_384_num_bits_12_8_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_384_num_bits_12_8\n\t" #else - "BEQ.N L_sp_384_num_bits_12_8%=\n\t" + "BEQ.N L_sp_384_num_bits_12_8_%=\n\t" #endif "MOV r2, #0x120\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_384_num_bits_12_13%=\n\t" +#if defined(__GNUC__) + "B L_sp_384_num_bits_12_13_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_384_num_bits_12_13\n\t" #else - "B.N L_sp_384_num_bits_12_13%=\n\t" + "B.N L_sp_384_num_bits_12_13_%=\n\t" #endif "\n" - "L_sp_384_num_bits_12_8%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_384_num_bits_12_8:\n\t" +#else + "L_sp_384_num_bits_12_8_%=:\n\t" +#endif "LDR r1, [%[a], #28]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_384_num_bits_12_7%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_384_num_bits_12_7_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_384_num_bits_12_7\n\t" #else - "BEQ.N L_sp_384_num_bits_12_7%=\n\t" + "BEQ.N L_sp_384_num_bits_12_7_%=\n\t" #endif "MOV r2, #0x100\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_384_num_bits_12_13%=\n\t" +#if defined(__GNUC__) + "B L_sp_384_num_bits_12_13_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_384_num_bits_12_13\n\t" #else - "B.N L_sp_384_num_bits_12_13%=\n\t" + "B.N L_sp_384_num_bits_12_13_%=\n\t" #endif "\n" - "L_sp_384_num_bits_12_7%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_384_num_bits_12_7:\n\t" +#else + "L_sp_384_num_bits_12_7_%=:\n\t" +#endif "LDR r1, [%[a], #24]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_384_num_bits_12_6%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_384_num_bits_12_6_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_384_num_bits_12_6\n\t" #else - "BEQ.N L_sp_384_num_bits_12_6%=\n\t" + "BEQ.N L_sp_384_num_bits_12_6_%=\n\t" #endif "MOV r2, #0xe0\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_384_num_bits_12_13%=\n\t" +#if defined(__GNUC__) + "B L_sp_384_num_bits_12_13_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_384_num_bits_12_13\n\t" #else - "B.N L_sp_384_num_bits_12_13%=\n\t" + "B.N L_sp_384_num_bits_12_13_%=\n\t" #endif "\n" - "L_sp_384_num_bits_12_6%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_384_num_bits_12_6:\n\t" +#else + "L_sp_384_num_bits_12_6_%=:\n\t" +#endif "LDR r1, [%[a], #20]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_384_num_bits_12_5%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_384_num_bits_12_5_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_384_num_bits_12_5\n\t" #else - "BEQ.N L_sp_384_num_bits_12_5%=\n\t" + "BEQ.N L_sp_384_num_bits_12_5_%=\n\t" #endif "MOV r2, #0xc0\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_384_num_bits_12_13%=\n\t" +#if defined(__GNUC__) + "B L_sp_384_num_bits_12_13_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_384_num_bits_12_13\n\t" #else - "B.N L_sp_384_num_bits_12_13%=\n\t" + "B.N L_sp_384_num_bits_12_13_%=\n\t" #endif "\n" - "L_sp_384_num_bits_12_5%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_384_num_bits_12_5:\n\t" +#else + "L_sp_384_num_bits_12_5_%=:\n\t" +#endif "LDR r1, [%[a], #16]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_384_num_bits_12_4%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_384_num_bits_12_4_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_384_num_bits_12_4\n\t" #else - "BEQ.N L_sp_384_num_bits_12_4%=\n\t" + "BEQ.N L_sp_384_num_bits_12_4_%=\n\t" #endif "MOV r2, #0xa0\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_384_num_bits_12_13%=\n\t" +#if defined(__GNUC__) + "B L_sp_384_num_bits_12_13_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_384_num_bits_12_13\n\t" #else - "B.N L_sp_384_num_bits_12_13%=\n\t" + "B.N L_sp_384_num_bits_12_13_%=\n\t" #endif "\n" - "L_sp_384_num_bits_12_4%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_384_num_bits_12_4:\n\t" +#else + "L_sp_384_num_bits_12_4_%=:\n\t" +#endif "LDR r1, [%[a], #12]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_384_num_bits_12_3%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_384_num_bits_12_3_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_384_num_bits_12_3\n\t" #else - "BEQ.N L_sp_384_num_bits_12_3%=\n\t" + "BEQ.N L_sp_384_num_bits_12_3_%=\n\t" #endif "MOV r2, #0x80\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_384_num_bits_12_13%=\n\t" +#if defined(__GNUC__) + "B L_sp_384_num_bits_12_13_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_384_num_bits_12_13\n\t" #else - "B.N L_sp_384_num_bits_12_13%=\n\t" + "B.N L_sp_384_num_bits_12_13_%=\n\t" #endif "\n" - "L_sp_384_num_bits_12_3%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_384_num_bits_12_3:\n\t" +#else + "L_sp_384_num_bits_12_3_%=:\n\t" +#endif "LDR r1, [%[a], #8]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_384_num_bits_12_2%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_384_num_bits_12_2_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_384_num_bits_12_2\n\t" #else - "BEQ.N L_sp_384_num_bits_12_2%=\n\t" + "BEQ.N L_sp_384_num_bits_12_2_%=\n\t" #endif "MOV r2, #0x60\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_384_num_bits_12_13%=\n\t" +#if defined(__GNUC__) + "B L_sp_384_num_bits_12_13_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_384_num_bits_12_13\n\t" #else - "B.N L_sp_384_num_bits_12_13%=\n\t" + "B.N L_sp_384_num_bits_12_13_%=\n\t" #endif "\n" - "L_sp_384_num_bits_12_2%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_384_num_bits_12_2:\n\t" +#else + "L_sp_384_num_bits_12_2_%=:\n\t" +#endif "LDR r1, [%[a], #4]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_384_num_bits_12_1%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_384_num_bits_12_1_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_384_num_bits_12_1\n\t" #else - "BEQ.N L_sp_384_num_bits_12_1%=\n\t" + "BEQ.N L_sp_384_num_bits_12_1_%=\n\t" #endif "MOV r2, #0x40\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_384_num_bits_12_13%=\n\t" +#if defined(__GNUC__) + "B L_sp_384_num_bits_12_13_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_384_num_bits_12_13\n\t" #else - "B.N L_sp_384_num_bits_12_13%=\n\t" + "B.N L_sp_384_num_bits_12_13_%=\n\t" #endif "\n" - "L_sp_384_num_bits_12_1%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_384_num_bits_12_1:\n\t" +#else + "L_sp_384_num_bits_12_1_%=:\n\t" +#endif "LDR r1, [%[a]]\n\t" "MOV r2, #0x20\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" "\n" - "L_sp_384_num_bits_12_13%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_384_num_bits_12_13:\n\t" +#else + "L_sp_384_num_bits_12_13_%=:\n\t" +#endif "MOV %[a], r4\n\t" : [a] "+r" (a) : @@ -50557,10 +51576,8 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, } #ifdef WOLFSSL_SP_SMALL_STACK - if (u1 != NULL) - XFREE(u1, heap, DYNAMIC_TYPE_ECC); - if (p1 != NULL) - XFREE(p1, heap, DYNAMIC_TYPE_ECC); + XFREE(u1, heap, DYNAMIC_TYPE_ECC); + XFREE(p1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -50767,8 +51784,7 @@ static int sp_384_ecc_is_point_12(const sp_point_384* point, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, heap, DYNAMIC_TYPE_ECC); + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -50807,8 +51823,7 @@ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY) } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, NULL, DYNAMIC_TYPE_ECC); + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -50916,10 +51931,8 @@ int sp_ecc_check_key_384(const mp_int* pX, const mp_int* pY, } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, heap, DYNAMIC_TYPE_ECC); - if (priv != NULL) - XFREE(priv, heap, DYNAMIC_TYPE_ECC); + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + XFREE(priv, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -50998,10 +52011,8 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -51066,10 +52077,8 @@ int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -51130,10 +52139,8 @@ int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ) } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -51229,8 +52236,7 @@ static int sp_384_mont_sqrt_12(sp_digit* y) } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_ECC); + XFREE(t1, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -51295,8 +52301,7 @@ int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym) } #ifdef WOLFSSL_SP_SMALL_STACK - if (x != NULL) - XFREE(x, NULL, DYNAMIC_TYPE_ECC); + XFREE(x, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -51430,13 +52435,21 @@ static void sp_521_mul_17(sp_digit* r, const sp_digit* a, const sp_digit* b) "MOV r8, #0x0\n\t" "MOV r5, #0x4\n\t" "\n" - "L_sp_521_mul_17_outer%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_mul_17_outer:\n\t" +#else + "L_sp_521_mul_17_outer_%=:\n\t" +#endif "SUBS r3, r5, #0x40\n\t" "IT cc\n\t" "MOVCC r3, #0x0\n\t" "SUB r4, r5, r3\n\t" "\n" - "L_sp_521_mul_17_inner%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_mul_17_inner:\n\t" +#else + "L_sp_521_mul_17_inner_%=:\n\t" +#endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[b], r4]\n\t" "UMULL r9, r10, lr, r11\n\t" @@ -51452,15 +52465,19 @@ static void sp_521_mul_17(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADD r3, r3, #0x4\n\t" "SUB r4, r4, #0x4\n\t" "CMP r3, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_521_mul_17_inner_done%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_521_mul_17_inner_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_521_mul_17_inner_done\n\t" #else - "BGT.N L_sp_521_mul_17_inner_done%=\n\t" + "BGT.N L_sp_521_mul_17_inner_done_%=\n\t" #endif -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_521_mul_17_inner%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_521_mul_17_inner_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_521_mul_17_inner\n\t" #else - "BLT.N L_sp_521_mul_17_inner%=\n\t" + "BLT.N L_sp_521_mul_17_inner_%=\n\t" #endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[b], r3]\n\t" @@ -51469,17 +52486,23 @@ static void sp_521_mul_17(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADCS r7, r7, r10\n\t" "ADC r8, r8, #0x0\n\t" "\n" - "L_sp_521_mul_17_inner_done%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_mul_17_inner_done:\n\t" +#else + "L_sp_521_mul_17_inner_done_%=:\n\t" +#endif "STR r6, [sp, r5]\n\t" "MOV r6, r7\n\t" "MOV r7, r8\n\t" "MOV r8, #0x0\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0x7c\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLE L_sp_521_mul_17_outer%=\n\t" +#if defined(__GNUC__) + "BLE L_sp_521_mul_17_outer_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLE.N L_sp_521_mul_17_outer\n\t" #else - "BLE.N L_sp_521_mul_17_outer%=\n\t" + "BLE.N L_sp_521_mul_17_outer_%=\n\t" #endif "LDR lr, [%[a], #64]\n\t" "LDR r11, [%[b], #64]\n\t" @@ -51491,14 +52514,20 @@ static void sp_521_mul_17(sp_digit* r, const sp_digit* a, const sp_digit* b) "STM %[r]!, {r6, r7}\n\t" "SUB r5, r5, #0x8\n\t" "\n" - "L_sp_521_mul_17_store%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_mul_17_store:\n\t" +#else + "L_sp_521_mul_17_store_%=:\n\t" +#endif "LDM sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "STM %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "SUBS r5, r5, #0x20\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_521_mul_17_store%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_521_mul_17_store_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_521_mul_17_store\n\t" #else - "BGT.N L_sp_521_mul_17_store%=\n\t" + "BGT.N L_sp_521_mul_17_store_%=\n\t" #endif : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : @@ -53575,13 +54604,21 @@ static void sp_521_sqr_17(sp_digit* r, const sp_digit* a) "MOV r8, #0x0\n\t" "MOV r5, #0x4\n\t" "\n" - "L_sp_521_sqr_17_outer%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_sqr_17_outer:\n\t" +#else + "L_sp_521_sqr_17_outer_%=:\n\t" +#endif "SUBS r3, r5, #0x40\n\t" "IT cc\n\t" "MOVCC r3, #0x0\n\t" "SUB r4, r5, r3\n\t" "\n" - "L_sp_521_sqr_17_inner%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_sqr_17_inner:\n\t" +#else + "L_sp_521_sqr_17_inner_%=:\n\t" +#endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[a], r4]\n\t" "UMULL r9, r10, lr, r11\n\t" @@ -53594,15 +54631,19 @@ static void sp_521_sqr_17(sp_digit* r, const sp_digit* a) "ADD r3, r3, #0x4\n\t" "SUB r4, r4, #0x4\n\t" "CMP r3, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_521_sqr_17_inner_done%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_521_sqr_17_inner_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_521_sqr_17_inner_done\n\t" #else - "BGT.N L_sp_521_sqr_17_inner_done%=\n\t" + "BGT.N L_sp_521_sqr_17_inner_done_%=\n\t" #endif -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_521_sqr_17_inner%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_521_sqr_17_inner_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_521_sqr_17_inner\n\t" #else - "BLT.N L_sp_521_sqr_17_inner%=\n\t" + "BLT.N L_sp_521_sqr_17_inner_%=\n\t" #endif "LDR lr, [%[a], r3]\n\t" "UMULL r9, r10, lr, lr\n\t" @@ -53610,17 +54651,23 @@ static void sp_521_sqr_17(sp_digit* r, const sp_digit* a) "ADCS r7, r7, r10\n\t" "ADC r8, r8, #0x0\n\t" "\n" - "L_sp_521_sqr_17_inner_done%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_sqr_17_inner_done:\n\t" +#else + "L_sp_521_sqr_17_inner_done_%=:\n\t" +#endif "STR r6, [sp, r5]\n\t" "MOV r6, r7\n\t" "MOV r7, r8\n\t" "MOV r8, #0x0\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0x7c\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLE L_sp_521_sqr_17_outer%=\n\t" +#if defined(__GNUC__) + "BLE L_sp_521_sqr_17_outer_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLE.N L_sp_521_sqr_17_outer\n\t" #else - "BLE.N L_sp_521_sqr_17_outer%=\n\t" + "BLE.N L_sp_521_sqr_17_outer_%=\n\t" #endif "LDR lr, [%[a], #64]\n\t" "UMLAL r6, r7, lr, lr\n\t" @@ -53631,14 +54678,20 @@ static void sp_521_sqr_17(sp_digit* r, const sp_digit* a) "STM %[r]!, {r6, r7}\n\t" "SUB r5, r5, #0x8\n\t" "\n" - "L_sp_521_sqr_17_store%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_sqr_17_store:\n\t" +#else + "L_sp_521_sqr_17_store_%=:\n\t" +#endif "LDM sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "STM %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "SUBS r5, r5, #0x20\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_521_sqr_17_store%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_521_sqr_17_store_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_521_sqr_17_store\n\t" #else - "BGT.N L_sp_521_sqr_17_store%=\n\t" + "BGT.N L_sp_521_sqr_17_store_%=\n\t" #endif : [r] "+r" (r), [a] "+r" (a) : @@ -54955,7 +56008,11 @@ static sp_digit sp_521_add_17(sp_digit* r, const sp_digit* a, const sp_digit* b) "MOV r3, #0x0\n\t" "ADD r12, %[a], #0x40\n\t" "\n" - "L_sp_521_add_17_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_add_17_word:\n\t" +#else + "L_sp_521_add_17_word_%=:\n\t" +#endif "ADDS r3, r3, #0xffffffff\n\t" "LDM %[a]!, {r4, r5, r6, r7}\n\t" "LDM %[b]!, {r8, r9, r10, r11}\n\t" @@ -54967,10 +56024,12 @@ static sp_digit sp_521_add_17(sp_digit* r, const sp_digit* a, const sp_digit* b) "MOV r4, #0x0\n\t" "ADC r3, r4, #0x0\n\t" "CMP %[a], r12\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_521_add_17_word%=\n\t" +#if defined(__GNUC__) + "BNE L_sp_521_add_17_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_sp_521_add_17_word\n\t" #else - "BNE.N L_sp_521_add_17_word%=\n\t" + "BNE.N L_sp_521_add_17_word_%=\n\t" #endif "ADDS r3, r3, #0xffffffff\n\t" "LDM %[a], {r4}\n\t" @@ -55288,7 +56347,11 @@ static sp_digit sp_521_cond_sub_17(sp_digit* r, const sp_digit* a, const sp_digi "MOV r4, #0x0\n\t" "MOV r5, #0x0\n\t" "\n" - "L_sp_521_cond_sub_17_words%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_cond_sub_17_words:\n\t" +#else + "L_sp_521_cond_sub_17_words_%=:\n\t" +#endif "SUBS r4, r8, r4\n\t" "LDR r6, [%[a], r5]\n\t" "LDR r7, [%[b], r5]\n\t" @@ -55298,10 +56361,12 @@ static sp_digit sp_521_cond_sub_17(sp_digit* r, const sp_digit* a, const sp_digi "STR r6, [%[r], r5]\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0x44\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_521_cond_sub_17_words%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_521_cond_sub_17_words_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_521_cond_sub_17_words\n\t" #else - "BLT.N L_sp_521_cond_sub_17_words%=\n\t" + "BLT.N L_sp_521_cond_sub_17_words_%=\n\t" #endif "MOV %[r], r4\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) @@ -55568,19 +56633,29 @@ SP_NOINLINE static void sp_521_mont_reduce_order_17(sp_digit* a, const sp_digit* "LDR r4, [%[a]]\n\t" "LDR r5, [%[a], #4]\n\t" "\n" - "L_sp_521_mont_reduce_order_17_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_mont_reduce_order_17_word:\n\t" +#else + "L_sp_521_mont_reduce_order_17_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "MUL r10, %[mp], r4\n\t" "CMP r11, #0x40\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_521_mont_reduce_order_17_nomask%=\n\t" +#if defined(__GNUC__) + "BNE L_sp_521_mont_reduce_order_17_nomask_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_sp_521_mont_reduce_order_17_nomask\n\t" #else - "BNE.N L_sp_521_mont_reduce_order_17_nomask%=\n\t" + "BNE.N L_sp_521_mont_reduce_order_17_nomask_%=\n\t" #endif "MOV r9, #0x1ff\n\t" "AND r10, r10, r9\n\t" "\n" - "L_sp_521_mont_reduce_order_17_nomask%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_mont_reduce_order_17_nomask:\n\t" +#else + "L_sp_521_mont_reduce_order_17_nomask_%=:\n\t" +#endif /* a[i+0] += m[0] * mu */ "MOV r7, #0x0\n\t" "UMLAL r4, r7, r10, lr\n\t" @@ -55721,10 +56796,12 @@ SP_NOINLINE static void sp_521_mont_reduce_order_17(sp_digit* a, const sp_digit* "ADD r11, r11, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r11, #0x44\n\t" -#ifdef __GNUC__ - "BLT L_sp_521_mont_reduce_order_17_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_521_mont_reduce_order_17_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.W L_sp_521_mont_reduce_order_17_word\n\t" #else - "BLT.W L_sp_521_mont_reduce_order_17_word%=\n\t" + "BLT.W L_sp_521_mont_reduce_order_17_word_%=\n\t" #endif /* Loop Done */ "STR r4, [%[a]]\n\t" @@ -55836,19 +56913,29 @@ SP_NOINLINE static void sp_521_mont_reduce_order_17(sp_digit* a, const sp_digit* "LDR r9, [%[a], #12]\n\t" "LDR r10, [%[a], #16]\n\t" "\n" - "L_sp_521_mont_reduce_order_17_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_mont_reduce_order_17_word:\n\t" +#else + "L_sp_521_mont_reduce_order_17_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "MUL lr, %[mp], r6\n\t" "CMP r4, #0x40\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_521_mont_reduce_order_17_nomask%=\n\t" +#if defined(__GNUC__) + "BNE L_sp_521_mont_reduce_order_17_nomask_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_sp_521_mont_reduce_order_17_nomask\n\t" #else - "BNE.N L_sp_521_mont_reduce_order_17_nomask%=\n\t" + "BNE.N L_sp_521_mont_reduce_order_17_nomask_%=\n\t" #endif "MOV r12, #0x1ff\n\t" "AND lr, lr, r12\n\t" "\n" - "L_sp_521_mont_reduce_order_17_nomask%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_mont_reduce_order_17_nomask:\n\t" +#else + "L_sp_521_mont_reduce_order_17_nomask_%=:\n\t" +#endif /* a[i+0] += m[0] * mu */ "LDR r12, [%[m]]\n\t" "MOV r3, #0x0\n\t" @@ -55939,10 +57026,12 @@ SP_NOINLINE static void sp_521_mont_reduce_order_17(sp_digit* a, const sp_digit* "ADD r4, r4, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r4, #0x44\n\t" -#ifdef __GNUC__ - "BLT L_sp_521_mont_reduce_order_17_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_521_mont_reduce_order_17_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.W L_sp_521_mont_reduce_order_17_word\n\t" #else - "BLT.W L_sp_521_mont_reduce_order_17_word%=\n\t" + "BLT.W L_sp_521_mont_reduce_order_17_word_%=\n\t" #endif /* Loop Done */ "STR r6, [%[a]]\n\t" @@ -56194,7 +57283,11 @@ static sp_int32 sp_521_cmp_17(const sp_digit* a, const sp_digit* b) #ifdef WOLFSSL_SP_SMALL "MOV r6, #0x40\n\t" "\n" - "L_sp_521_cmp_17_words%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_cmp_17_words:\n\t" +#else + "L_sp_521_cmp_17_words_%=:\n\t" +#endif "LDR r4, [%[a], r6]\n\t" "LDR r5, [%[b], r6]\n\t" "AND r4, r4, r3\n\t" @@ -56207,7 +57300,11 @@ static sp_int32 sp_521_cmp_17(const sp_digit* a, const sp_digit* b) "IT ne\n\t" "movne r3, r7\n\t" "SUBS r6, r6, #0x4\n\t" - "bcs L_sp_521_cmp_17_words%=\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "bcs L_sp_521_cmp_17_words\n\t" +#else + "bcs L_sp_521_cmp_17_words_%=\n\t" +#endif "EOR r2, r2, r3\n\t" #else "LDR r4, [%[a], #64]\n\t" @@ -56437,7 +57534,7 @@ static void sp_521_map_17(sp_point_521* r, const sp_point_521* p, sp_521_mont_reduce_17(r->x, p521_mod, p521_mp_mod); /* Reduce x to less than modulus */ n = sp_521_cmp_17(r->x, p521_mod); - sp_521_cond_sub_17(r->x, r->x, p521_mod, ~(n >> 31)); + sp_521_cond_sub_17(r->x, r->x, p521_mod, (sp_digit)~(n >> 31)); sp_521_norm_17(r->x); /* y /= z^3 */ @@ -56446,7 +57543,7 @@ static void sp_521_map_17(sp_point_521* r, const sp_point_521* p, sp_521_mont_reduce_17(r->y, p521_mod, p521_mp_mod); /* Reduce y to less than modulus */ n = sp_521_cmp_17(r->y, p521_mod); - sp_521_cond_sub_17(r->y, r->y, p521_mod, ~(n >> 31)); + sp_521_cond_sub_17(r->y, r->y, p521_mod, (sp_digit)~(n >> 31)); sp_521_norm_17(r->y); XMEMSET(r->z, 0, sizeof(r->z) / 2); @@ -57212,8 +58309,8 @@ static void sp_521_proj_point_add_17(sp_point_521* r, sp_521_mont_sub_17(y, y, t5, p521_mod); { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -57230,7 +58327,7 @@ static void sp_521_proj_point_add_17(sp_point_521* r, (z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } } } @@ -57404,8 +58501,8 @@ static int sp_521_proj_point_add_17_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r, { { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -57422,7 +58519,7 @@ static int sp_521_proj_point_add_17_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r, (ctx->z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } ctx->state = 25; break; @@ -57504,7 +58601,7 @@ static void sp_521_get_point_16_17(sp_point_521* r, const sp_point_521* table, r->z[15] = 0; r->z[16] = 0; for (i = 1; i < 16; i++) { - mask = 0 - (i == idx); + mask = (sp_digit)0 - (i == idx); r->x[0] |= mask & table[i].x[0]; r->x[1] |= mask & table[i].x[1]; r->x[2] |= mask & table[i].x[2]; @@ -57729,15 +58826,15 @@ static int sp_521_ecc_mulmod_fast_17(sp_point_521* r, const sp_point_521* g, con #endif } #ifndef WC_NO_CACHE_RESISTANT - #ifdef WOLFSSL_SP_SMALL_STACK +#ifdef WOLFSSL_SP_SMALL_STACK if (p != NULL) +#endif + { + ForceZero(p, sizeof(sp_point_521)); + #ifdef WOLFSSL_SP_SMALL_STACK + XFREE(p, heap, DYNAMIC_TYPE_ECC); #endif - { - ForceZero(p, sizeof(sp_point_521)); - #ifdef WOLFSSL_SP_SMALL_STACK - XFREE(p, heap, DYNAMIC_TYPE_ECC); - #endif - } + } #endif /* !WC_NO_CACHE_RESISTANT */ #ifdef WOLFSSL_SP_SMALL_STACK if (t != NULL) @@ -57933,8 +59030,8 @@ static void sp_521_proj_point_add_qz1_17(sp_point_521* r, sp_521_mont_sub_17(y, t3, t1, p521_mod); { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -57951,7 +59048,7 @@ static void sp_521_proj_point_add_qz1_17(sp_point_521* r, (z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } } } @@ -58041,8 +59138,7 @@ static int sp_521_gen_stripe_table_17(const sp_point_521* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -58097,7 +59193,7 @@ static void sp_521_get_entry_16_17(sp_point_521* r, r->y[15] = 0; r->y[16] = 0; for (i = 1; i < 16; i++) { - mask = 0 - (i == idx); + mask = (sp_digit)0 - (i == idx); r->x[0] |= mask & table[i].x[0]; r->x[1] |= mask & table[i].x[1]; r->x[2] |= mask & table[i].x[2]; @@ -58242,10 +59338,8 @@ static int sp_521_ecc_mulmod_stripe_17(sp_point_521* r, const sp_point_521* g, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -58501,8 +59595,7 @@ static int sp_521_gen_stripe_table_17(const sp_point_521* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -58557,7 +59650,7 @@ static void sp_521_get_entry_256_17(sp_point_521* r, r->y[15] = 0; r->y[16] = 0; for (i = 1; i < 256; i++) { - mask = 0 - (i == idx); + mask = (sp_digit)0 - (i == idx); r->x[0] |= mask & table[i].x[0]; r->x[1] |= mask & table[i].x[1]; r->x[2] |= mask & table[i].x[2]; @@ -58702,10 +59795,8 @@ static int sp_521_ecc_mulmod_stripe_17(sp_point_521* r, const sp_point_521* g, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -58923,10 +60014,8 @@ int sp_ecc_mulmod_521(const mp_int* km, const ecc_point* gm, ecc_point* r, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -59003,10 +60092,8 @@ int sp_ecc_mulmod_add_521(const mp_int* km, const ecc_point* gm, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -61017,10 +62104,8 @@ int sp_ecc_mulmod_base_521(const mp_int* km, ecc_point* r, int map, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -61095,10 +62180,8 @@ int sp_ecc_mulmod_base_add_521(const mp_int* km, const ecc_point* am, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -61202,6 +62285,7 @@ static void sp_521_from_bin(sp_digit* r, int size, const byte* a, int n) */ static int sp_521_ecc_gen_k_17(WC_RNG* rng, sp_digit* k) { +#ifndef WC_NO_RNG int err; byte buf[66]; @@ -61219,6 +62303,11 @@ static int sp_521_ecc_gen_k_17(WC_RNG* rng, sp_digit* k) while (err == 0); return err; +#else + (void)rng; + (void)k; + return NOT_COMPILED_IN; +#endif } /* Makes a random EC key pair. @@ -61297,12 +62386,9 @@ int sp_ecc_make_key_521(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) { - /* point is not sensitive, so no need to zeroize */ - XFREE(point, heap, DYNAMIC_TYPE_ECC); - } + XFREE(k, heap, DYNAMIC_TYPE_ECC); + /* point is not sensitive, so no need to zeroize */ + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -61462,10 +62548,8 @@ int sp_ecc_secret_gen_521(const mp_int* priv, const ecc_point* pub, byte* out, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -61995,7 +63079,11 @@ static sp_digit sp_521_sub_in_place_17(sp_digit* a, const sp_digit* b) "MOV r10, #0x0\n\t" "ADD r11, %[a], #0x40\n\t" "\n" - "L_sp_521_sub_in_pkace_17_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_sub_in_pkace_17_word:\n\t" +#else + "L_sp_521_sub_in_pkace_17_word_%=:\n\t" +#endif "RSBS r10, r10, #0x0\n\t" "LDM %[a], {r2, r3, r4, r5}\n\t" "LDM %[b]!, {r6, r7, r8, r9}\n\t" @@ -62006,10 +63094,12 @@ static sp_digit sp_521_sub_in_place_17(sp_digit* a, const sp_digit* b) "STM %[a]!, {r2, r3, r4, r5}\n\t" "SBC r10, r10, r10\n\t" "CMP %[a], r11\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_521_sub_in_pkace_17_word%=\n\t" +#if defined(__GNUC__) + "BNE L_sp_521_sub_in_pkace_17_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_sp_521_sub_in_pkace_17_word\n\t" #else - "BNE.N L_sp_521_sub_in_pkace_17_word%=\n\t" + "BNE.N L_sp_521_sub_in_pkace_17_word_%=\n\t" #endif "RSBS r10, r10, #0x0\n\t" "LDM %[a], {r2}\n\t" @@ -62111,7 +63201,11 @@ static void sp_521_mul_d_17(sp_digit* r, const sp_digit* a, sp_digit b) "MOV r5, #0x0\n\t" "MOV r9, #0x4\n\t" "\n" - "L_sp_521_mul_d_17_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_mul_d_17_word:\n\t" +#else + "L_sp_521_mul_d_17_word_%=:\n\t" +#endif /* A[i] * B */ "LDR r8, [%[a], r9]\n\t" "UMULL r6, r7, %[b], r8\n\t" @@ -62124,10 +63218,12 @@ static void sp_521_mul_d_17(sp_digit* r, const sp_digit* a, sp_digit b) "MOV r5, #0x0\n\t" "ADD r9, r9, #0x4\n\t" "CMP r9, #0x44\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_521_mul_d_17_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_521_mul_d_17_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_521_mul_d_17_word\n\t" #else - "BLT.N L_sp_521_mul_d_17_word%=\n\t" + "BLT.N L_sp_521_mul_d_17_word_%=\n\t" #endif "STR r3, [%[r], #68]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) @@ -62350,7 +63446,11 @@ SP_NOINLINE static sp_digit div_521_word_17(sp_digit d1, sp_digit d0, sp_digit d /* Next 30 bits */ "MOV r4, #0x1d\n\t" "\n" - "L_div_521_word_17_bit%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_div_521_word_17_bit:\n\t" +#else + "L_div_521_word_17_bit_%=:\n\t" +#endif "LSLS r6, r6, #1\n\t" "ADC r7, r7, r7\n\t" "SUBS r8, r5, r7\n\t" @@ -62360,7 +63460,13 @@ SP_NOINLINE static sp_digit div_521_word_17(sp_digit d1, sp_digit d0, sp_digit d "AND r8, r8, r5\n\t" "SUBS r7, r7, r8\n\t" "SUBS r4, r4, #0x1\n\t" - "bpl L_div_521_word_17_bit%=\n\t" +#if defined(__GNUC__) + "BPL L_div_521_word_17_bit_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BPL.N L_div_521_word_17_bit\n\t" +#else + "BPL.N L_div_521_word_17_bit_%=\n\t" +#endif "ADD r3, r3, r3\n\t" "ADD r3, r3, #0x1\n\t" "UMULL r6, r7, r3, %[div]\n\t" @@ -63055,7 +64161,11 @@ static sp_digit sp_521_sub_17(sp_digit* r, const sp_digit* a, const sp_digit* b) "MOV r11, #0x0\n\t" "ADD r12, %[a], #0x40\n\t" "\n" - "L_sp_521_sub_17_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_sub_17_word:\n\t" +#else + "L_sp_521_sub_17_word_%=:\n\t" +#endif "RSBS r11, r11, #0x0\n\t" "LDM %[a]!, {r3, r4, r5, r6}\n\t" "LDM %[b]!, {r7, r8, r9, r10}\n\t" @@ -63066,10 +64176,12 @@ static sp_digit sp_521_sub_17(sp_digit* r, const sp_digit* a, const sp_digit* b) "STM %[r]!, {r3, r4, r5, r6}\n\t" "SBC r11, r3, r3\n\t" "CMP %[a], r12\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_521_sub_17_word%=\n\t" +#if defined(__GNUC__) + "BNE L_sp_521_sub_17_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_sp_521_sub_17_word\n\t" #else - "BNE.N L_sp_521_sub_17_word%=\n\t" + "BNE.N L_sp_521_sub_17_word_%=\n\t" #endif "RSBS r11, r11, #0x0\n\t" "LDM %[a]!, {r3}\n\t" @@ -63166,10 +64278,12 @@ static void sp_521_div2_mod_17(sp_digit* r, const sp_digit* a, const sp_digit* m __asm__ __volatile__ ( "LDM %[a]!, {r4}\n\t" "ANDS r3, r4, #0x1\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_521_div2_mod_17_even%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_521_div2_mod_17_even_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_521_div2_mod_17_even\n\t" #else - "BEQ.N L_sp_521_div2_mod_17_even%=\n\t" + "BEQ.N L_sp_521_div2_mod_17_even_%=\n\t" #endif "MOV r12, #0x0\n\t" "LDM %[a]!, {r5, r6, r7}\n\t" @@ -63205,13 +64319,19 @@ static void sp_521_div2_mod_17(sp_digit* r, const sp_digit* a, const sp_digit* m "ADCS r4, r4, r8\n\t" "STM %[r]!, {r4}\n\t" "ADC r3, r12, r12\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_521_div2_mod_17_div2%=\n\t" +#if defined(__GNUC__) + "B L_sp_521_div2_mod_17_div2_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_521_div2_mod_17_div2\n\t" #else - "B.N L_sp_521_div2_mod_17_div2%=\n\t" + "B.N L_sp_521_div2_mod_17_div2_%=\n\t" #endif "\n" - "L_sp_521_div2_mod_17_even%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_div2_mod_17_even:\n\t" +#else + "L_sp_521_div2_mod_17_even_%=:\n\t" +#endif "LDM %[a]!, {r5, r6, r7}\n\t" "STM %[r]!, {r4, r5, r6, r7}\n\t" "LDM %[a]!, {r4, r5, r6, r7}\n\t" @@ -63223,7 +64343,11 @@ static void sp_521_div2_mod_17(sp_digit* r, const sp_digit* a, const sp_digit* m "LDM %[a]!, {r4}\n\t" "STM %[r]!, {r4}\n\t" "\n" - "L_sp_521_div2_mod_17_div2%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_div2_mod_17_div2:\n\t" +#else + "L_sp_521_div2_mod_17_div2_%=:\n\t" +#endif "SUB %[r], %[r], #0x44\n\t" "LDRD r8, r9, [%[r]]\n\t" "LSR r8, r8, #1\n\t" @@ -63311,282 +64435,414 @@ static int sp_521_num_bits_17(const sp_digit* a) __asm__ __volatile__ ( "LDR r1, [%[a], #64]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_521_num_bits_17_16%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_521_num_bits_17_16_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_521_num_bits_17_16\n\t" #else - "BEQ.N L_sp_521_num_bits_17_16%=\n\t" + "BEQ.N L_sp_521_num_bits_17_16_%=\n\t" #endif "MOV r2, #0x220\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_521_num_bits_17_18%=\n\t" +#if defined(__GNUC__) + "B L_sp_521_num_bits_17_18_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_521_num_bits_17_18\n\t" #else - "B.N L_sp_521_num_bits_17_18%=\n\t" + "B.N L_sp_521_num_bits_17_18_%=\n\t" #endif "\n" - "L_sp_521_num_bits_17_16%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_num_bits_17_16:\n\t" +#else + "L_sp_521_num_bits_17_16_%=:\n\t" +#endif "LDR r1, [%[a], #60]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_521_num_bits_17_15%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_521_num_bits_17_15_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_521_num_bits_17_15\n\t" #else - "BEQ.N L_sp_521_num_bits_17_15%=\n\t" + "BEQ.N L_sp_521_num_bits_17_15_%=\n\t" #endif "MOV r2, #0x200\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_521_num_bits_17_18%=\n\t" +#if defined(__GNUC__) + "B L_sp_521_num_bits_17_18_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_521_num_bits_17_18\n\t" #else - "B.N L_sp_521_num_bits_17_18%=\n\t" + "B.N L_sp_521_num_bits_17_18_%=\n\t" #endif "\n" - "L_sp_521_num_bits_17_15%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_num_bits_17_15:\n\t" +#else + "L_sp_521_num_bits_17_15_%=:\n\t" +#endif "LDR r1, [%[a], #56]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_521_num_bits_17_14%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_521_num_bits_17_14_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_521_num_bits_17_14\n\t" #else - "BEQ.N L_sp_521_num_bits_17_14%=\n\t" + "BEQ.N L_sp_521_num_bits_17_14_%=\n\t" #endif "MOV r2, #0x1e0\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_521_num_bits_17_18%=\n\t" +#if defined(__GNUC__) + "B L_sp_521_num_bits_17_18_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_521_num_bits_17_18\n\t" #else - "B.N L_sp_521_num_bits_17_18%=\n\t" + "B.N L_sp_521_num_bits_17_18_%=\n\t" #endif "\n" - "L_sp_521_num_bits_17_14%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_num_bits_17_14:\n\t" +#else + "L_sp_521_num_bits_17_14_%=:\n\t" +#endif "LDR r1, [%[a], #52]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_521_num_bits_17_13%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_521_num_bits_17_13_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_521_num_bits_17_13\n\t" #else - "BEQ.N L_sp_521_num_bits_17_13%=\n\t" + "BEQ.N L_sp_521_num_bits_17_13_%=\n\t" #endif "MOV r2, #0x1c0\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_521_num_bits_17_18%=\n\t" +#if defined(__GNUC__) + "B L_sp_521_num_bits_17_18_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_521_num_bits_17_18\n\t" #else - "B.N L_sp_521_num_bits_17_18%=\n\t" + "B.N L_sp_521_num_bits_17_18_%=\n\t" #endif "\n" - "L_sp_521_num_bits_17_13%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_num_bits_17_13:\n\t" +#else + "L_sp_521_num_bits_17_13_%=:\n\t" +#endif "LDR r1, [%[a], #48]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_521_num_bits_17_12%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_521_num_bits_17_12_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_521_num_bits_17_12\n\t" #else - "BEQ.N L_sp_521_num_bits_17_12%=\n\t" + "BEQ.N L_sp_521_num_bits_17_12_%=\n\t" #endif "MOV r2, #0x1a0\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_521_num_bits_17_18%=\n\t" +#if defined(__GNUC__) + "B L_sp_521_num_bits_17_18_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_521_num_bits_17_18\n\t" #else - "B.N L_sp_521_num_bits_17_18%=\n\t" + "B.N L_sp_521_num_bits_17_18_%=\n\t" #endif "\n" - "L_sp_521_num_bits_17_12%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_num_bits_17_12:\n\t" +#else + "L_sp_521_num_bits_17_12_%=:\n\t" +#endif "LDR r1, [%[a], #44]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_521_num_bits_17_11%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_521_num_bits_17_11_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_521_num_bits_17_11\n\t" #else - "BEQ.N L_sp_521_num_bits_17_11%=\n\t" + "BEQ.N L_sp_521_num_bits_17_11_%=\n\t" #endif "MOV r2, #0x180\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_521_num_bits_17_18%=\n\t" +#if defined(__GNUC__) + "B L_sp_521_num_bits_17_18_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_521_num_bits_17_18\n\t" #else - "B.N L_sp_521_num_bits_17_18%=\n\t" + "B.N L_sp_521_num_bits_17_18_%=\n\t" #endif "\n" - "L_sp_521_num_bits_17_11%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_num_bits_17_11:\n\t" +#else + "L_sp_521_num_bits_17_11_%=:\n\t" +#endif "LDR r1, [%[a], #40]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_521_num_bits_17_10%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_521_num_bits_17_10_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_521_num_bits_17_10\n\t" #else - "BEQ.N L_sp_521_num_bits_17_10%=\n\t" + "BEQ.N L_sp_521_num_bits_17_10_%=\n\t" #endif "MOV r2, #0x160\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_521_num_bits_17_18%=\n\t" +#if defined(__GNUC__) + "B L_sp_521_num_bits_17_18_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_521_num_bits_17_18\n\t" #else - "B.N L_sp_521_num_bits_17_18%=\n\t" + "B.N L_sp_521_num_bits_17_18_%=\n\t" #endif "\n" - "L_sp_521_num_bits_17_10%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_num_bits_17_10:\n\t" +#else + "L_sp_521_num_bits_17_10_%=:\n\t" +#endif "LDR r1, [%[a], #36]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_521_num_bits_17_9%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_521_num_bits_17_9_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_521_num_bits_17_9\n\t" #else - "BEQ.N L_sp_521_num_bits_17_9%=\n\t" + "BEQ.N L_sp_521_num_bits_17_9_%=\n\t" #endif "MOV r2, #0x140\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_521_num_bits_17_18%=\n\t" +#if defined(__GNUC__) + "B L_sp_521_num_bits_17_18_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_521_num_bits_17_18\n\t" #else - "B.N L_sp_521_num_bits_17_18%=\n\t" + "B.N L_sp_521_num_bits_17_18_%=\n\t" #endif "\n" - "L_sp_521_num_bits_17_9%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_num_bits_17_9:\n\t" +#else + "L_sp_521_num_bits_17_9_%=:\n\t" +#endif "LDR r1, [%[a], #32]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_521_num_bits_17_8%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_521_num_bits_17_8_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_521_num_bits_17_8\n\t" #else - "BEQ.N L_sp_521_num_bits_17_8%=\n\t" + "BEQ.N L_sp_521_num_bits_17_8_%=\n\t" #endif "MOV r2, #0x120\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_521_num_bits_17_18%=\n\t" +#if defined(__GNUC__) + "B L_sp_521_num_bits_17_18_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_521_num_bits_17_18\n\t" #else - "B.N L_sp_521_num_bits_17_18%=\n\t" + "B.N L_sp_521_num_bits_17_18_%=\n\t" #endif "\n" - "L_sp_521_num_bits_17_8%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_num_bits_17_8:\n\t" +#else + "L_sp_521_num_bits_17_8_%=:\n\t" +#endif "LDR r1, [%[a], #28]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_521_num_bits_17_7%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_521_num_bits_17_7_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_521_num_bits_17_7\n\t" #else - "BEQ.N L_sp_521_num_bits_17_7%=\n\t" + "BEQ.N L_sp_521_num_bits_17_7_%=\n\t" #endif "MOV r2, #0x100\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_521_num_bits_17_18%=\n\t" +#if defined(__GNUC__) + "B L_sp_521_num_bits_17_18_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_521_num_bits_17_18\n\t" #else - "B.N L_sp_521_num_bits_17_18%=\n\t" + "B.N L_sp_521_num_bits_17_18_%=\n\t" #endif "\n" - "L_sp_521_num_bits_17_7%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_num_bits_17_7:\n\t" +#else + "L_sp_521_num_bits_17_7_%=:\n\t" +#endif "LDR r1, [%[a], #24]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_521_num_bits_17_6%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_521_num_bits_17_6_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_521_num_bits_17_6\n\t" #else - "BEQ.N L_sp_521_num_bits_17_6%=\n\t" + "BEQ.N L_sp_521_num_bits_17_6_%=\n\t" #endif "MOV r2, #0xe0\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_521_num_bits_17_18%=\n\t" +#if defined(__GNUC__) + "B L_sp_521_num_bits_17_18_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_521_num_bits_17_18\n\t" #else - "B.N L_sp_521_num_bits_17_18%=\n\t" + "B.N L_sp_521_num_bits_17_18_%=\n\t" #endif "\n" - "L_sp_521_num_bits_17_6%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_num_bits_17_6:\n\t" +#else + "L_sp_521_num_bits_17_6_%=:\n\t" +#endif "LDR r1, [%[a], #20]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_521_num_bits_17_5%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_521_num_bits_17_5_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_521_num_bits_17_5\n\t" #else - "BEQ.N L_sp_521_num_bits_17_5%=\n\t" + "BEQ.N L_sp_521_num_bits_17_5_%=\n\t" #endif "MOV r2, #0xc0\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_521_num_bits_17_18%=\n\t" +#if defined(__GNUC__) + "B L_sp_521_num_bits_17_18_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_521_num_bits_17_18\n\t" #else - "B.N L_sp_521_num_bits_17_18%=\n\t" + "B.N L_sp_521_num_bits_17_18_%=\n\t" #endif "\n" - "L_sp_521_num_bits_17_5%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_num_bits_17_5:\n\t" +#else + "L_sp_521_num_bits_17_5_%=:\n\t" +#endif "LDR r1, [%[a], #16]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_521_num_bits_17_4%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_521_num_bits_17_4_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_521_num_bits_17_4\n\t" #else - "BEQ.N L_sp_521_num_bits_17_4%=\n\t" + "BEQ.N L_sp_521_num_bits_17_4_%=\n\t" #endif "MOV r2, #0xa0\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_521_num_bits_17_18%=\n\t" +#if defined(__GNUC__) + "B L_sp_521_num_bits_17_18_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_521_num_bits_17_18\n\t" #else - "B.N L_sp_521_num_bits_17_18%=\n\t" + "B.N L_sp_521_num_bits_17_18_%=\n\t" #endif "\n" - "L_sp_521_num_bits_17_4%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_num_bits_17_4:\n\t" +#else + "L_sp_521_num_bits_17_4_%=:\n\t" +#endif "LDR r1, [%[a], #12]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_521_num_bits_17_3%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_521_num_bits_17_3_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_521_num_bits_17_3\n\t" #else - "BEQ.N L_sp_521_num_bits_17_3%=\n\t" + "BEQ.N L_sp_521_num_bits_17_3_%=\n\t" #endif "MOV r2, #0x80\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_521_num_bits_17_18%=\n\t" +#if defined(__GNUC__) + "B L_sp_521_num_bits_17_18_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_521_num_bits_17_18\n\t" #else - "B.N L_sp_521_num_bits_17_18%=\n\t" + "B.N L_sp_521_num_bits_17_18_%=\n\t" #endif "\n" - "L_sp_521_num_bits_17_3%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_num_bits_17_3:\n\t" +#else + "L_sp_521_num_bits_17_3_%=:\n\t" +#endif "LDR r1, [%[a], #8]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_521_num_bits_17_2%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_521_num_bits_17_2_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_521_num_bits_17_2\n\t" #else - "BEQ.N L_sp_521_num_bits_17_2%=\n\t" + "BEQ.N L_sp_521_num_bits_17_2_%=\n\t" #endif "MOV r2, #0x60\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_521_num_bits_17_18%=\n\t" +#if defined(__GNUC__) + "B L_sp_521_num_bits_17_18_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_521_num_bits_17_18\n\t" #else - "B.N L_sp_521_num_bits_17_18%=\n\t" + "B.N L_sp_521_num_bits_17_18_%=\n\t" #endif "\n" - "L_sp_521_num_bits_17_2%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_num_bits_17_2:\n\t" +#else + "L_sp_521_num_bits_17_2_%=:\n\t" +#endif "LDR r1, [%[a], #4]\n\t" "CMP r1, #0x0\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BEQ L_sp_521_num_bits_17_1%=\n\t" +#if defined(__GNUC__) + "BEQ L_sp_521_num_bits_17_1_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BEQ.N L_sp_521_num_bits_17_1\n\t" #else - "BEQ.N L_sp_521_num_bits_17_1%=\n\t" + "BEQ.N L_sp_521_num_bits_17_1_%=\n\t" #endif "MOV r2, #0x40\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "B L_sp_521_num_bits_17_18%=\n\t" +#if defined(__GNUC__) + "B L_sp_521_num_bits_17_18_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "B.N L_sp_521_num_bits_17_18\n\t" #else - "B.N L_sp_521_num_bits_17_18%=\n\t" + "B.N L_sp_521_num_bits_17_18_%=\n\t" #endif "\n" - "L_sp_521_num_bits_17_1%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_num_bits_17_1:\n\t" +#else + "L_sp_521_num_bits_17_1_%=:\n\t" +#endif "LDR r1, [%[a]]\n\t" "MOV r2, #0x20\n\t" "CLZ r4, r1\n\t" "SUB r4, r2, r4\n\t" "\n" - "L_sp_521_num_bits_17_18%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_521_num_bits_17_18:\n\t" +#else + "L_sp_521_num_bits_17_18_%=:\n\t" +#endif "MOV %[a], r4\n\t" : [a] "+r" (a) : @@ -63891,10 +65147,8 @@ int sp_ecc_verify_521(const byte* hash, word32 hashLen, const mp_int* pX, } #ifdef WOLFSSL_SP_SMALL_STACK - if (u1 != NULL) - XFREE(u1, heap, DYNAMIC_TYPE_ECC); - if (p1 != NULL) - XFREE(p1, heap, DYNAMIC_TYPE_ECC); + XFREE(u1, heap, DYNAMIC_TYPE_ECC); + XFREE(p1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -64104,8 +65358,7 @@ static int sp_521_ecc_is_point_17(const sp_point_521* point, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, heap, DYNAMIC_TYPE_ECC); + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -64144,8 +65397,7 @@ int sp_ecc_is_point_521(const mp_int* pX, const mp_int* pY) } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, NULL, DYNAMIC_TYPE_ECC); + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -64253,10 +65505,8 @@ int sp_ecc_check_key_521(const mp_int* pX, const mp_int* pY, } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, heap, DYNAMIC_TYPE_ECC); - if (priv != NULL) - XFREE(priv, heap, DYNAMIC_TYPE_ECC); + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + XFREE(priv, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -64335,10 +65585,8 @@ int sp_ecc_proj_add_point_521(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -64403,10 +65651,8 @@ int sp_ecc_proj_dbl_point_521(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -64467,10 +65713,8 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ) } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -64520,8 +65764,7 @@ static int sp_521_mont_sqrt_17(sp_digit* y) } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, NULL, DYNAMIC_TYPE_ECC); + XFREE(t, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -64586,8 +65829,7 @@ int sp_ecc_uncompress_521(mp_int* xm, int odd, mp_int* ym) } #ifdef WOLFSSL_SP_SMALL_STACK - if (x != NULL) - XFREE(x, NULL, DYNAMIC_TYPE_ECC); + XFREE(x, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -67981,13 +69223,21 @@ static void sp_1024_mul_32(sp_digit* r, const sp_digit* a, const sp_digit* b) "MOV r8, #0x0\n\t" "MOV r5, #0x4\n\t" "\n" - "L_sp_1024_mul_32_outer%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_1024_mul_32_outer:\n\t" +#else + "L_sp_1024_mul_32_outer_%=:\n\t" +#endif "SUBS r3, r5, #0x7c\n\t" "IT cc\n\t" "MOVCC r3, #0x0\n\t" "SUB r4, r5, r3\n\t" "\n" - "L_sp_1024_mul_32_inner%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_1024_mul_32_inner:\n\t" +#else + "L_sp_1024_mul_32_inner_%=:\n\t" +#endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[b], r4]\n\t" "UMULL r9, r10, lr, r11\n\t" @@ -68003,15 +69253,19 @@ static void sp_1024_mul_32(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADD r3, r3, #0x4\n\t" "SUB r4, r4, #0x4\n\t" "CMP r3, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_1024_mul_32_inner_done%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_1024_mul_32_inner_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_1024_mul_32_inner_done\n\t" #else - "BGT.N L_sp_1024_mul_32_inner_done%=\n\t" + "BGT.N L_sp_1024_mul_32_inner_done_%=\n\t" #endif -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_1024_mul_32_inner%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_1024_mul_32_inner_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_1024_mul_32_inner\n\t" #else - "BLT.N L_sp_1024_mul_32_inner%=\n\t" + "BLT.N L_sp_1024_mul_32_inner_%=\n\t" #endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[b], r3]\n\t" @@ -68020,17 +69274,23 @@ static void sp_1024_mul_32(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADCS r7, r7, r10\n\t" "ADC r8, r8, #0x0\n\t" "\n" - "L_sp_1024_mul_32_inner_done%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_1024_mul_32_inner_done:\n\t" +#else + "L_sp_1024_mul_32_inner_done_%=:\n\t" +#endif "STR r6, [sp, r5]\n\t" "MOV r6, r7\n\t" "MOV r7, r8\n\t" "MOV r8, #0x0\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0xf4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLE L_sp_1024_mul_32_outer%=\n\t" +#if defined(__GNUC__) + "BLE L_sp_1024_mul_32_outer_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLE.N L_sp_1024_mul_32_outer\n\t" #else - "BLE.N L_sp_1024_mul_32_outer%=\n\t" + "BLE.N L_sp_1024_mul_32_outer_%=\n\t" #endif "LDR lr, [%[a], #124]\n\t" "LDR r11, [%[b], #124]\n\t" @@ -68039,14 +69299,20 @@ static void sp_1024_mul_32(sp_digit* r, const sp_digit* a, const sp_digit* b) "ADD r5, r5, #0x4\n\t" "STR r7, [sp, r5]\n\t" "\n" - "L_sp_1024_mul_32_store%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_1024_mul_32_store:\n\t" +#else + "L_sp_1024_mul_32_store_%=:\n\t" +#endif "LDM sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "STM %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "SUBS r5, r5, #0x20\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_1024_mul_32_store%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_1024_mul_32_store_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_1024_mul_32_store\n\t" #else - "BGT.N L_sp_1024_mul_32_store%=\n\t" + "BGT.N L_sp_1024_mul_32_store_%=\n\t" #endif : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) : @@ -68079,13 +69345,21 @@ static void sp_1024_sqr_32(sp_digit* r, const sp_digit* a) "MOV r8, #0x0\n\t" "MOV r5, #0x4\n\t" "\n" - "L_sp_1024_sqr_32_outer%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_1024_sqr_32_outer:\n\t" +#else + "L_sp_1024_sqr_32_outer_%=:\n\t" +#endif "SUBS r3, r5, #0x7c\n\t" "IT cc\n\t" "MOVCC r3, #0x0\n\t" "SUB r4, r5, r3\n\t" "\n" - "L_sp_1024_sqr_32_inner%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_1024_sqr_32_inner:\n\t" +#else + "L_sp_1024_sqr_32_inner_%=:\n\t" +#endif "LDR lr, [%[a], r3]\n\t" "LDR r11, [%[a], r4]\n\t" "UMULL r9, r10, lr, r11\n\t" @@ -68098,15 +69372,19 @@ static void sp_1024_sqr_32(sp_digit* r, const sp_digit* a) "ADD r3, r3, #0x4\n\t" "SUB r4, r4, #0x4\n\t" "CMP r3, r4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_1024_sqr_32_inner_done%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_1024_sqr_32_inner_done_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_1024_sqr_32_inner_done\n\t" #else - "BGT.N L_sp_1024_sqr_32_inner_done%=\n\t" + "BGT.N L_sp_1024_sqr_32_inner_done_%=\n\t" #endif -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_1024_sqr_32_inner%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_1024_sqr_32_inner_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_1024_sqr_32_inner\n\t" #else - "BLT.N L_sp_1024_sqr_32_inner%=\n\t" + "BLT.N L_sp_1024_sqr_32_inner_%=\n\t" #endif "LDR lr, [%[a], r3]\n\t" "UMULL r9, r10, lr, lr\n\t" @@ -68114,17 +69392,23 @@ static void sp_1024_sqr_32(sp_digit* r, const sp_digit* a) "ADCS r7, r7, r10\n\t" "ADC r8, r8, #0x0\n\t" "\n" - "L_sp_1024_sqr_32_inner_done%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_1024_sqr_32_inner_done:\n\t" +#else + "L_sp_1024_sqr_32_inner_done_%=:\n\t" +#endif "STR r6, [sp, r5]\n\t" "MOV r6, r7\n\t" "MOV r7, r8\n\t" "MOV r8, #0x0\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0xf4\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLE L_sp_1024_sqr_32_outer%=\n\t" +#if defined(__GNUC__) + "BLE L_sp_1024_sqr_32_outer_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLE.N L_sp_1024_sqr_32_outer\n\t" #else - "BLE.N L_sp_1024_sqr_32_outer%=\n\t" + "BLE.N L_sp_1024_sqr_32_outer_%=\n\t" #endif "LDR lr, [%[a], #124]\n\t" "UMLAL r6, r7, lr, lr\n\t" @@ -68132,14 +69416,20 @@ static void sp_1024_sqr_32(sp_digit* r, const sp_digit* a) "ADD r5, r5, #0x4\n\t" "STR r7, [sp, r5]\n\t" "\n" - "L_sp_1024_sqr_32_store%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_1024_sqr_32_store:\n\t" +#else + "L_sp_1024_sqr_32_store_%=:\n\t" +#endif "LDM sp!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "STM %[r]!, {r3, r4, r6, r7, r8, r9, r10, r11}\n\t" "SUBS r5, r5, #0x20\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BGT L_sp_1024_sqr_32_store%=\n\t" +#if defined(__GNUC__) + "BGT L_sp_1024_sqr_32_store_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BGT.N L_sp_1024_sqr_32_store\n\t" #else - "BGT.N L_sp_1024_sqr_32_store%=\n\t" + "BGT.N L_sp_1024_sqr_32_store_%=\n\t" #endif : [r] "+r" (r), [a] "+r" (a) : @@ -68254,7 +69544,11 @@ static sp_digit sp_1024_sub_in_place_32(sp_digit* a, const sp_digit* b) "MOV r10, #0x0\n\t" "ADD r11, %[a], #0x80\n\t" "\n" - "L_sp_1024_sub_in_pkace_32_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_1024_sub_in_pkace_32_word:\n\t" +#else + "L_sp_1024_sub_in_pkace_32_word_%=:\n\t" +#endif "RSBS r10, r10, #0x0\n\t" "LDM %[a], {r2, r3, r4, r5}\n\t" "LDM %[b]!, {r6, r7, r8, r9}\n\t" @@ -68265,10 +69559,12 @@ static sp_digit sp_1024_sub_in_place_32(sp_digit* a, const sp_digit* b) "STM %[a]!, {r2, r3, r4, r5}\n\t" "SBC r10, r10, r10\n\t" "CMP %[a], r11\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_1024_sub_in_pkace_32_word%=\n\t" +#if defined(__GNUC__) + "BNE L_sp_1024_sub_in_pkace_32_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_sp_1024_sub_in_pkace_32_word\n\t" #else - "BNE.N L_sp_1024_sub_in_pkace_32_word%=\n\t" + "BNE.N L_sp_1024_sub_in_pkace_32_word_%=\n\t" #endif "MOV %[a], r10\n\t" : [a] "+r" (a), [b] "+r" (b) @@ -68306,7 +69602,11 @@ static sp_digit sp_1024_cond_sub_32(sp_digit* r, const sp_digit* a, const sp_dig "MOV r4, #0x0\n\t" "MOV r5, #0x0\n\t" "\n" - "L_sp_1024_cond_sub_32_words%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_1024_cond_sub_32_words:\n\t" +#else + "L_sp_1024_cond_sub_32_words_%=:\n\t" +#endif "SUBS r4, r8, r4\n\t" "LDR r6, [%[a], r5]\n\t" "LDR r7, [%[b], r5]\n\t" @@ -68316,10 +69616,12 @@ static sp_digit sp_1024_cond_sub_32(sp_digit* r, const sp_digit* a, const sp_dig "STR r6, [%[r], r5]\n\t" "ADD r5, r5, #0x4\n\t" "CMP r5, #0x80\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_1024_cond_sub_32_words%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_1024_cond_sub_32_words_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_1024_cond_sub_32_words\n\t" #else - "BLT.N L_sp_1024_cond_sub_32_words%=\n\t" + "BLT.N L_sp_1024_cond_sub_32_words_%=\n\t" #endif "MOV %[r], r4\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) @@ -68497,7 +69799,11 @@ static sp_digit sp_1024_add_32(sp_digit* r, const sp_digit* a, const sp_digit* b "MOV r3, #0x0\n\t" "ADD r12, %[a], #0x80\n\t" "\n" - "L_sp_1024_add_32_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_1024_add_32_word:\n\t" +#else + "L_sp_1024_add_32_word_%=:\n\t" +#endif "ADDS r3, r3, #0xffffffff\n\t" "LDM %[a]!, {r4, r5, r6, r7}\n\t" "LDM %[b]!, {r8, r9, r10, r11}\n\t" @@ -68509,10 +69815,12 @@ static sp_digit sp_1024_add_32(sp_digit* r, const sp_digit* a, const sp_digit* b "MOV r4, #0x0\n\t" "ADC r3, r4, #0x0\n\t" "CMP %[a], r12\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BNE L_sp_1024_add_32_word%=\n\t" +#if defined(__GNUC__) + "BNE L_sp_1024_add_32_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BNE.N L_sp_1024_add_32_word\n\t" #else - "BNE.N L_sp_1024_add_32_word%=\n\t" + "BNE.N L_sp_1024_add_32_word_%=\n\t" #endif "MOV %[r], r3\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) @@ -68551,7 +69859,11 @@ static void sp_1024_mul_d_32(sp_digit* r, const sp_digit* a, sp_digit b) "MOV r5, #0x0\n\t" "MOV r9, #0x4\n\t" "\n" - "L_sp_1024_mul_d_32_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_1024_mul_d_32_word:\n\t" +#else + "L_sp_1024_mul_d_32_word_%=:\n\t" +#endif /* A[i] * B */ "LDR r8, [%[a], r9]\n\t" "UMULL r6, r7, %[b], r8\n\t" @@ -68564,10 +69876,12 @@ static void sp_1024_mul_d_32(sp_digit* r, const sp_digit* a, sp_digit b) "MOV r5, #0x0\n\t" "ADD r9, r9, #0x4\n\t" "CMP r9, #0x80\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_1024_mul_d_32_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_1024_mul_d_32_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_1024_mul_d_32_word\n\t" #else - "BLT.N L_sp_1024_mul_d_32_word%=\n\t" + "BLT.N L_sp_1024_mul_d_32_word_%=\n\t" #endif "STR r3, [%[r], #128]\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b) @@ -68865,7 +70179,11 @@ SP_NOINLINE static sp_digit div_1024_word_32(sp_digit d1, sp_digit d0, sp_digit /* Next 30 bits */ "MOV r4, #0x1d\n\t" "\n" - "L_div_1024_word_32_bit%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_div_1024_word_32_bit:\n\t" +#else + "L_div_1024_word_32_bit_%=:\n\t" +#endif "LSLS r6, r6, #1\n\t" "ADC r7, r7, r7\n\t" "SUBS r8, r5, r7\n\t" @@ -68875,7 +70193,13 @@ SP_NOINLINE static sp_digit div_1024_word_32(sp_digit d1, sp_digit d0, sp_digit "AND r8, r8, r5\n\t" "SUBS r7, r7, r8\n\t" "SUBS r4, r4, #0x1\n\t" - "bpl L_div_1024_word_32_bit%=\n\t" +#if defined(__GNUC__) + "BPL L_div_1024_word_32_bit_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BPL.N L_div_1024_word_32_bit\n\t" +#else + "BPL.N L_div_1024_word_32_bit_%=\n\t" +#endif "ADD r3, r3, r3\n\t" "ADD r3, r3, #0x1\n\t" "UMULL r6, r7, r3, %[div]\n\t" @@ -68957,7 +70281,11 @@ static sp_int32 sp_1024_cmp_32(const sp_digit* a, const sp_digit* b) #ifdef WOLFSSL_SP_SMALL "MOV r6, #0x7c\n\t" "\n" - "L_sp_1024_cmp_32_words%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_1024_cmp_32_words:\n\t" +#else + "L_sp_1024_cmp_32_words_%=:\n\t" +#endif "LDR r4, [%[a], r6]\n\t" "LDR r5, [%[b], r6]\n\t" "AND r4, r4, r3\n\t" @@ -68970,7 +70298,11 @@ static sp_int32 sp_1024_cmp_32(const sp_digit* a, const sp_digit* b) "IT ne\n\t" "movne r3, r7\n\t" "SUBS r6, r6, #0x4\n\t" - "bcs L_sp_1024_cmp_32_words%=\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "bcs L_sp_1024_cmp_32_words\n\t" +#else + "bcs L_sp_1024_cmp_32_words_%=\n\t" +#endif "EOR r2, r2, r3\n\t" #else "LDR r4, [%[a], #124]\n\t" @@ -69451,16 +70783,16 @@ static void sp_1024_point_free_32(sp_point_1024* p, int clear, void* heap) { #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) -/* If valid pointer then clear point data if requested and free data. */ + /* If valid pointer then clear point data if requested and free data. */ if (p != NULL) { - if (clear != 0) { + if (clear) { XMEMSET(p, 0, sizeof(*p)); } XFREE(p, heap, DYNAMIC_TYPE_ECC); } #else -/* Clear point data if requested. */ - if ((p != NULL) && (clear != 0)) { + /* Clear point data if requested. */ + if ((p != NULL) && clear) { XMEMSET(p, 0, sizeof(*p)); } #endif @@ -69690,7 +71022,11 @@ SP_NOINLINE static void sp_1024_mont_reduce_32(sp_digit* a, const sp_digit* m, s "LDR r4, [%[a]]\n\t" "LDR r5, [%[a], #4]\n\t" "\n" - "L_sp_1024_mont_reduce_32_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_1024_mont_reduce_32_word:\n\t" +#else + "L_sp_1024_mont_reduce_32_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "MUL r10, %[mp], r4\n\t" /* a[i+0] += m[0] * mu */ @@ -69952,10 +71288,12 @@ SP_NOINLINE static void sp_1024_mont_reduce_32(sp_digit* a, const sp_digit* m, s "ADD r11, r11, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r11, #0x80\n\t" -#ifdef __GNUC__ - "BLT L_sp_1024_mont_reduce_32_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_1024_mont_reduce_32_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.W L_sp_1024_mont_reduce_32_word\n\t" #else - "BLT.W L_sp_1024_mont_reduce_32_word%=\n\t" + "BLT.W L_sp_1024_mont_reduce_32_word_%=\n\t" #endif /* Loop Done */ "STR r4, [%[a]]\n\t" @@ -70002,7 +71340,11 @@ SP_NOINLINE static void sp_1024_mont_reduce_32(sp_digit* a, const sp_digit* m, s "LDR r9, [%[a], #12]\n\t" "LDR r10, [%[a], #16]\n\t" "\n" - "L_sp_1024_mont_reduce_32_word%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_1024_mont_reduce_32_word:\n\t" +#else + "L_sp_1024_mont_reduce_32_word_%=:\n\t" +#endif /* mu = a[i] * mp */ "MUL lr, %[mp], r6\n\t" /* a[i+0] += m[0] * mu */ @@ -70169,10 +71511,12 @@ SP_NOINLINE static void sp_1024_mont_reduce_32(sp_digit* a, const sp_digit* m, s "ADD r4, r4, #0x4\n\t" "ADD %[a], %[a], #0x4\n\t" "CMP r4, #0x80\n\t" -#ifdef __GNUC__ - "BLT L_sp_1024_mont_reduce_32_word%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_1024_mont_reduce_32_word_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.W L_sp_1024_mont_reduce_32_word\n\t" #else - "BLT.W L_sp_1024_mont_reduce_32_word%=\n\t" + "BLT.W L_sp_1024_mont_reduce_32_word_%=\n\t" #endif /* Loop Done */ "STR r6, [%[a]]\n\t" @@ -70315,7 +71659,7 @@ static void sp_1024_map_32(sp_point_1024* r, const sp_point_1024* p, sp_1024_mont_reduce_32(r->x, p1024_mod, p1024_mp_mod); /* Reduce x to less than modulus */ n = sp_1024_cmp_32(r->x, p1024_mod); - sp_1024_cond_sub_32(r->x, r->x, p1024_mod, ~(n >> 31)); + sp_1024_cond_sub_32(r->x, r->x, p1024_mod, (sp_digit)~(n >> 31)); sp_1024_norm_32(r->x); /* y /= z^3 */ @@ -70324,7 +71668,7 @@ static void sp_1024_map_32(sp_point_1024* r, const sp_point_1024* p, sp_1024_mont_reduce_32(r->y, p1024_mod, p1024_mp_mod); /* Reduce y to less than modulus */ n = sp_1024_cmp_32(r->y, p1024_mod); - sp_1024_cond_sub_32(r->y, r->y, p1024_mod, ~(n >> 31)); + sp_1024_cond_sub_32(r->y, r->y, p1024_mod, (sp_digit)~(n >> 31)); sp_1024_norm_32(r->y); XMEMSET(r->z, 0, sizeof(r->z) / 2); @@ -71187,7 +72531,11 @@ static sp_digit sp_1024_cond_add_32(sp_digit* r, const sp_digit* a, const sp_dig "MOV r8, #0x0\n\t" "MOV r4, #0x0\n\t" "\n" - "L_sp_1024_cond_add_32_words%=:\n\t" +#if defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "L_sp_1024_cond_add_32_words:\n\t" +#else + "L_sp_1024_cond_add_32_words_%=:\n\t" +#endif "ADDS r5, r5, #0xffffffff\n\t" "LDR r6, [%[a], r4]\n\t" "LDR r7, [%[b], r4]\n\t" @@ -71197,10 +72545,12 @@ static sp_digit sp_1024_cond_add_32(sp_digit* r, const sp_digit* a, const sp_dig "STR r6, [%[r], r4]\n\t" "ADD r4, r4, #0x4\n\t" "CMP r4, #0x80\n\t" -#if defined(__GNUC__) || defined(__ICCARM__) || defined(__IAR_SYSTEMS_ICC__) - "BLT L_sp_1024_cond_add_32_words%=\n\t" +#if defined(__GNUC__) + "BLT L_sp_1024_cond_add_32_words_%=\n\t" +#elif defined(__IAR_SYSTEMS_ICC__) && (__VER__ < 9000000) + "BLT.N L_sp_1024_cond_add_32_words\n\t" #else - "BLT.N L_sp_1024_cond_add_32_words%=\n\t" + "BLT.N L_sp_1024_cond_add_32_words_%=\n\t" #endif "MOV %[r], r5\n\t" : [r] "+r" (r), [a] "+r" (a), [b] "+r" (b), [m] "+r" (m) @@ -71816,8 +73166,8 @@ static void sp_1024_proj_point_add_32(sp_point_1024* r, sp_1024_mont_sub_32(y, y, t5, p1024_mod); { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -71834,7 +73184,7 @@ static void sp_1024_proj_point_add_32(sp_point_1024* r, (z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } } } @@ -72008,8 +73358,8 @@ static int sp_1024_proj_point_add_32_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024* r, { { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -72026,7 +73376,7 @@ static int sp_1024_proj_point_add_32_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024* r, (ctx->z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } ctx->state = 25; break; @@ -72367,8 +73717,8 @@ static void sp_1024_proj_point_add_qz1_32(sp_point_1024* r, sp_1024_mont_sub_32(y, t3, t1, p1024_mod); { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -72385,7 +73735,7 @@ static void sp_1024_proj_point_add_qz1_32(sp_point_1024* r, (z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } } } @@ -72475,8 +73825,7 @@ static int sp_1024_gen_stripe_table_32(const sp_point_1024* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -72575,10 +73924,8 @@ static int sp_1024_ecc_mulmod_stripe_32(sp_point_1024* r, const sp_point_1024* g } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -72834,8 +74181,7 @@ static int sp_1024_gen_stripe_table_32(const sp_point_1024* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -72934,10 +74280,8 @@ static int sp_1024_ecc_mulmod_stripe_32(sp_point_1024* r, const sp_point_1024* g } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -73155,10 +74499,8 @@ int sp_ecc_mulmod_1024(const mp_int* km, const ecc_point* gm, ecc_point* r, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -76793,10 +78135,8 @@ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -76871,10 +78211,8 @@ int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -76908,7 +78246,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len, if ((err == MP_OKAY) && (table == NULL)) { *len = sizeof(sp_table_entry_1024) * 256; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if ((err == MP_OKAY) && (*len < (int)(sizeof(sp_table_entry_1024) * 256))) { err = BUFFER_E; @@ -76939,10 +78277,8 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -76968,7 +78304,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len, if ((err == 0) && (table == NULL)) { *len = 0; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if ((err == 0) && (*len != 0)) { err = BUFFER_E; @@ -77035,10 +78371,8 @@ int sp_ecc_mulmod_table_1024(const mp_int* km, const ecc_point* gm, byte* table, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -77185,9 +78519,7 @@ int sp_ModExp_Fp_star_1024(const mp_int* base, mp_int* exp, mp_int* res) #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; } @@ -79083,9 +80415,7 @@ int sp_ModExp_Fp_star_1024(const mp_int* base, mp_int* exp, mp_int* res) #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; } @@ -79453,9 +80783,7 @@ int sp_Pairing_1024(const ecc_point* pm, const ecc_point* qm, mp_int* res) #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif sp_1024_point_free_32(c, 1, NULL); sp_1024_point_free_32(q, 1, NULL); @@ -79880,9 +81208,7 @@ int sp_Pairing_1024(const ecc_point* pm, const ecc_point* qm, mp_int* res) #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif sp_1024_point_free_32(c, 1, NULL); sp_1024_point_free_32(q, 1, NULL); @@ -79912,7 +81238,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table, if (table == NULL) { *len = 0; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } else if (*len != 0) { err = BUFFER_E; @@ -80141,7 +81467,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table, if (table == NULL) { *len = sizeof(sp_table_entry_1024) * 1167; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if ((err == MP_OKAY) && @@ -80248,9 +81574,7 @@ int sp_Pairing_gen_precomp_1024(const ecc_point* pm, byte* table, #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif sp_1024_point_free_32(neg, 1, NULL); sp_1024_point_free_32(c, 1, NULL); @@ -80443,9 +81767,7 @@ int sp_Pairing_precomp_1024(const ecc_point* pm, const ecc_point* qm, #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif sp_1024_point_free_32(c, 1, NULL); sp_1024_point_free_32(q, 1, NULL); @@ -80538,7 +81860,7 @@ static int sp_1024_ecc_is_point_32(const sp_point_1024* point, n = sp_1024_cmp_32(t1, p1024_mod); - sp_1024_cond_sub_32(t1, t1, p1024_mod, ~(n >> 31)); + sp_1024_cond_sub_32(t1, t1, p1024_mod, (sp_digit)~(n >> 31)); sp_1024_norm_32(t1); if (!sp_1024_iszero_32(t1)) { err = MP_VAL; @@ -80546,8 +81868,7 @@ static int sp_1024_ecc_is_point_32(const sp_point_1024* point, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, heap, DYNAMIC_TYPE_ECC); + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -80586,8 +81907,7 @@ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY) } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, NULL, DYNAMIC_TYPE_ECC); + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -80695,10 +82015,8 @@ int sp_ecc_check_key_1024(const mp_int* pX, const mp_int* pY, } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, heap, DYNAMIC_TYPE_ECC); - if (priv != NULL) - XFREE(priv, heap, DYNAMIC_TYPE_ECC); + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + XFREE(priv, heap, DYNAMIC_TYPE_ECC); #endif return err; diff --git a/src/wolfcrypt/src/sp_dsp32.c b/src/wolfcrypt/src/sp_dsp32.c index d3b1745..f14e1ab 100644 --- a/src/wolfcrypt/src/sp_dsp32.c +++ b/src/wolfcrypt/src/sp_dsp32.c @@ -1,6 +1,6 @@ /* sp_cdsp_signed.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -296,9 +296,7 @@ static int sp_256_mod_mul_norm_10(sp_digit* r, const sp_digit* a, const sp_digit } #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_ECC); - } + XFREE(td, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -2592,9 +2590,7 @@ static int sp_256_ecc_mulmod_stripe_10(sp_point* r, const sp_point* g, } #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK) - if (t != NULL) { - XFREE(t, heap, DYNAMIC_TYPE_ECC); - } + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif sp_ecc_point_free(p, 0, heap); sp_ecc_point_free(rt, 0, heap); @@ -4233,9 +4229,7 @@ static int sp_256_div_10(const sp_digit* a, const sp_digit* d, sp_digit* m, } #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -4530,8 +4524,7 @@ int wolfSSL_DSP_ECC_Verify_256(remote_handle64 h, int32 *u1, int hashLen, int32* } #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK) - if (d != NULL) - XFREE(d, heap, DYNAMIC_TYPE_ECC); + XFREE(d, heap, DYNAMIC_TYPE_ECC); #endif sp_ecc_point_free(p1, 0, heap); sp_ecc_point_free(p2, 0, heap); @@ -4631,9 +4624,7 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, } #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK) - if (tmp != NULL) { - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - } + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); #endif sp_ecc_point_free(q, 0, NULL); sp_ecc_point_free(p, 0, NULL); @@ -4696,9 +4687,7 @@ int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, } #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK) - if (tmp != NULL) { - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - } + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); #endif sp_ecc_point_free(p, 0, NULL); @@ -4754,9 +4743,7 @@ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ) } #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK) - if (tmp != NULL) { - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - } + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); #endif sp_ecc_point_free(p, 0, NULL); @@ -4831,9 +4818,7 @@ static int sp_256_mont_sqrt_10(sp_digit* y) } #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK) - if (d != NULL) { - XFREE(d, NULL, DYNAMIC_TYPE_ECC); - } + XFREE(d, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -4906,9 +4891,7 @@ int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym) } #if defined(WOLFSSL_SP_SMALL) || defined(WOLFSSL_SMALL_STACK) - if (d != NULL) { - XFREE(d, NULL, DYNAMIC_TYPE_ECC); - } + XFREE(d, NULL, DYNAMIC_TYPE_ECC); #endif return err; diff --git a/src/wolfcrypt/src/sp_int.c b/src/wolfcrypt/src/sp_int.c index 3a6884a..d9ac60b 100644 --- a/src/wolfcrypt/src/sp_int.c +++ b/src/wolfcrypt/src/sp_int.c @@ -1,6 +1,6 @@ /* sp_int.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -31,6 +31,7 @@ This library provides single precision (SP) integer math functions. #endif #include +#include #if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL) @@ -167,7 +168,7 @@ This library provides single precision (SP) integer math functions. do { \ ALLOC_SP_INT(n, s, err, h); \ if ((err) == MP_OKAY) { \ - (n)->size = (s); \ + (n)->size = (sp_size_t)(s); \ } \ } \ while (0) @@ -186,7 +187,7 @@ This library provides single precision (SP) integer math functions. do { \ ALLOC_SP_INT(n, s, err, h); \ if ((err) == MP_OKAY) { \ - (n)->size = (unsigned int)(s); \ + (n)->size = (sp_size_t)(s); \ } \ } \ while (0) @@ -210,9 +211,10 @@ This library provides single precision (SP) integer math functions. /* Declare a variable that will be assigned a value on XMALLOC. */ -#define DECL_DYN_SP_INT_ARRAY(n, s, c) \ - sp_int* n##d = NULL; \ - sp_int* (n)[c] = { NULL, } +#define DECL_DYN_SP_INT_ARRAY(n, s, c) \ + sp_int* n##d = NULL; \ + sp_int* (n)[c]; \ + void *n ## _dummy_var = XMEMSET(n, 0, sizeof(n)) /* DECL_SP_INT_ARRAY: Declare array of 'sp_int'. */ #if (defined(WOLFSSL_SMALL_STACK) || defined(SP_ALLOC)) && \ @@ -220,19 +222,17 @@ This library provides single precision (SP) integer math functions. /* Declare a variable that will be assigned a value on XMALLOC. */ #define DECL_SP_INT_ARRAY(n, s, c) \ DECL_DYN_SP_INT_ARRAY(n, s, c) -#else - #if defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \ +#elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \ !defined(WOLFSSL_SP_NO_DYN_STACK) - /* Declare a variable on the stack with the required data size. */ - #define DECL_SP_INT_ARRAY(n, s, c) \ - byte n##d[MP_INT_SIZEOF(s) * (c)]; \ - sp_int* (n)[c] = { NULL, } - #else - /* Declare a variable on the stack. */ - #define DECL_SP_INT_ARRAY(n, s, c) \ - sp_int n##d[c]; \ - sp_int* (n)[c] - #endif + /* Declare a variable on the stack with the required data size. */ + #define DECL_SP_INT_ARRAY(n, s, c) \ + byte n##d[MP_INT_SIZEOF(s) * (c)]; \ + sp_int* (n)[c] = { NULL, } +#else + /* Declare a variable on the stack. */ + #define DECL_SP_INT_ARRAY(n, s, c) \ + sp_int n##d[c]; \ + sp_int* (n)[c] #endif /* Dynamically allocate just enough data to support multiple sp_ints of the @@ -240,6 +240,7 @@ This library provides single precision (SP) integer math functions. */ #define ALLOC_DYN_SP_INT_ARRAY(n, s, c, err, h) \ do { \ + (void)n ## _dummy_var; \ if (((err) == MP_OKAY) && ((s) > SP_INT_DIGITS)) { \ (err) = MP_VAL; \ } \ @@ -252,10 +253,10 @@ do { \ else { \ int n##ii; \ (n)[0] = n##d; \ - (n)[0]->size = (s); \ + (n)[0]->size = (sp_size_t)(s); \ for (n##ii = 1; n##ii < (int)(c); n##ii++) { \ (n)[n##ii] = MP_INT_NEXT((n)[n##ii-1], s); \ - (n)[n##ii]->size = (s); \ + (n)[n##ii]->size = (sp_size_t)(s); \ } \ } \ } \ @@ -267,47 +268,45 @@ while (0) !defined(WOLFSSL_SP_NO_MALLOC) #define ALLOC_SP_INT_ARRAY(n, s, c, err, h) \ ALLOC_DYN_SP_INT_ARRAY(n, s, c, err, h) -#else - #if defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \ +#elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \ !defined(WOLFSSL_SP_NO_DYN_STACK) - /* Data declared on stack that supports multiple sp_ints of the - * required size. Use pointers into data to make up array and set sizes. - */ - #define ALLOC_SP_INT_ARRAY(n, s, c, err, h) \ - do { \ - if (((err) == MP_OKAY) && ((s) > SP_INT_DIGITS)) { \ - (err) = MP_VAL; \ - } \ - if ((err) == MP_OKAY) { \ - int n##ii; \ - (n)[0] = (sp_int*)n##d; \ - ((sp_int_minimal*)(n)[0])->size = (s); \ - for (n##ii = 1; n##ii < (int)(c); n##ii++) { \ - (n)[n##ii] = MP_INT_NEXT((n)[n##ii-1], s); \ - ((sp_int_minimal*)(n)[n##ii])->size = (s); \ - } \ - } \ + /* Data declared on stack that supports multiple sp_ints of the + * required size. Use pointers into data to make up array and set sizes. + */ + #define ALLOC_SP_INT_ARRAY(n, s, c, err, h) \ + do { \ + if (((err) == MP_OKAY) && ((s) > SP_INT_DIGITS)) { \ + (err) = MP_VAL; \ } \ - while (0) - #else - /* Data declared on stack that supports multiple sp_ints of the - * required size. Set into array and set sizes. - */ - #define ALLOC_SP_INT_ARRAY(n, s, c, err, h) \ - do { \ - if (((err) == MP_OKAY) && ((s) > SP_INT_DIGITS)) { \ - (err) = MP_VAL; \ + if ((err) == MP_OKAY) { \ + int n##ii; \ + (n)[0] = (sp_int*)n##d; \ + ((sp_int_minimal*)(n)[0])->size = (sp_size_t)(s); \ + for (n##ii = 1; n##ii < (int)(c); n##ii++) { \ + (n)[n##ii] = MP_INT_NEXT((n)[n##ii-1], s); \ + ((sp_int_minimal*)(n)[n##ii])->size = (sp_size_t)(s); \ } \ - if ((err) == MP_OKAY) { \ - int n##ii; \ - for (n##ii = 0; n##ii < (int)(c); n##ii++) { \ - (n)[n##ii] = &n##d[n##ii]; \ - (n)[n##ii]->size = (s); \ - } \ + } \ + } \ + while (0) +#else + /* Data declared on stack that supports multiple sp_ints of the + * required size. Set into array and set sizes. + */ + #define ALLOC_SP_INT_ARRAY(n, s, c, err, h) \ + do { \ + if (((err) == MP_OKAY) && ((s) > SP_INT_DIGITS)) { \ + (err) = MP_VAL; \ + } \ + if ((err) == MP_OKAY) { \ + int n##ii; \ + for (n##ii = 0; n##ii < (int)(c); n##ii++) { \ + (n)[n##ii] = &n##d[n##ii]; \ + (n)[n##ii]->size = (sp_size_t)(s); \ } \ } \ - while (0) - #endif + } \ + while (0) #endif /* Free data variable that was dynamically allocated. */ @@ -3474,6 +3473,156 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo, * CPU: PPC64 */ + #ifdef __APPLE__ + +/* Multiply va by vb and store double size result in: vh | vl */ +#define SP_ASM_MUL(vl, vh, va, vb) \ + __asm__ __volatile__ ( \ + "mulld %[l], %[a], %[b] \n\t" \ + "mulhdu %[h], %[a], %[b] \n\t" \ + : [h] "+r" (vh), [l] "+r" (vl) \ + : [a] "r" (va), [b] "r" (vb) \ + : "memory" \ + ) +/* Multiply va by vb and store double size result in: vo | vh | vl */ +#define SP_ASM_MUL_SET(vl, vh, vo, va, vb) \ + __asm__ __volatile__ ( \ + "mulhdu %[h], %[a], %[b] \n\t" \ + "mulld %[l], %[a], %[b] \n\t" \ + "li %[o], 0 \n\t" \ + : [l] "+r" (vl), [h] "+r" (vh), [o] "=r" (vo) \ + : [a] "r" (va), [b] "r" (vb) \ + : \ + ) +/* Multiply va by vb and add double size result into: vo | vh | vl */ +#define SP_ASM_MUL_ADD(vl, vh, vo, va, vb) \ + __asm__ __volatile__ ( \ + "mulld r16, %[a], %[b] \n\t" \ + "mulhdu r17, %[a], %[b] \n\t" \ + "addc %[l], %[l], r16 \n\t" \ + "adde %[h], %[h], r17 \n\t" \ + "addze %[o], %[o] \n\t" \ + : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \ + : [a] "r" (va), [b] "r" (vb) \ + : "r16", "r17", "cc" \ + ) +/* Multiply va by vb and add double size result into: vh | vl */ +#define SP_ASM_MUL_ADD_NO(vl, vh, va, vb) \ + __asm__ __volatile__ ( \ + "mulld r16, %[a], %[b] \n\t" \ + "mulhdu r17, %[a], %[b] \n\t" \ + "addc %[l], %[l], r16 \n\t" \ + "adde %[h], %[h], r17 \n\t" \ + : [l] "+r" (vl), [h] "+r" (vh) \ + : [a] "r" (va), [b] "r" (vb) \ + : "r16", "r17", "cc" \ + ) +/* Multiply va by vb and add double size result twice into: vo | vh | vl */ +#define SP_ASM_MUL_ADD2(vl, vh, vo, va, vb) \ + __asm__ __volatile__ ( \ + "mulld r16, %[a], %[b] \n\t" \ + "mulhdu r17, %[a], %[b] \n\t" \ + "addc %[l], %[l], r16 \n\t" \ + "adde %[h], %[h], r17 \n\t" \ + "addze %[o], %[o] \n\t" \ + "addc %[l], %[l], r16 \n\t" \ + "adde %[h], %[h], r17 \n\t" \ + "addze %[o], %[o] \n\t" \ + : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \ + : [a] "r" (va), [b] "r" (vb) \ + : "r16", "r17", "cc" \ + ) +/* Multiply va by vb and add double size result twice into: vo | vh | vl + * Assumes first add will not overflow vh | vl + */ +#define SP_ASM_MUL_ADD2_NO(vl, vh, vo, va, vb) \ + __asm__ __volatile__ ( \ + "mulld r16, %[a], %[b] \n\t" \ + "mulhdu r17, %[a], %[b] \n\t" \ + "addc %[l], %[l], r16 \n\t" \ + "adde %[h], %[h], r17 \n\t" \ + "addc %[l], %[l], r16 \n\t" \ + "adde %[h], %[h], r17 \n\t" \ + "addze %[o], %[o] \n\t" \ + : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \ + : [a] "r" (va), [b] "r" (vb) \ + : "r16", "r17", "cc" \ + ) +/* Square va and store double size result in: vh | vl */ +#define SP_ASM_SQR(vl, vh, va) \ + __asm__ __volatile__ ( \ + "mulld %[l], %[a], %[a] \n\t" \ + "mulhdu %[h], %[a], %[a] \n\t" \ + : [h] "+r" (vh), [l] "+r" (vl) \ + : [a] "r" (va) \ + : "memory" \ + ) +/* Square va and add double size result into: vo | vh | vl */ +#define SP_ASM_SQR_ADD(vl, vh, vo, va) \ + __asm__ __volatile__ ( \ + "mulld r16, %[a], %[a] \n\t" \ + "mulhdu r17, %[a], %[a] \n\t" \ + "addc %[l], %[l], r16 \n\t" \ + "adde %[h], %[h], r17 \n\t" \ + "addze %[o], %[o] \n\t" \ + : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \ + : [a] "r" (va) \ + : "r16", "r17", "cc" \ + ) +/* Square va and add double size result into: vh | vl */ +#define SP_ASM_SQR_ADD_NO(vl, vh, va) \ + __asm__ __volatile__ ( \ + "mulld r16, %[a], %[a] \n\t" \ + "mulhdu r17, %[a], %[a] \n\t" \ + "addc %[l], %[l], r16 \n\t" \ + "adde %[h], %[h], r17 \n\t" \ + : [l] "+r" (vl), [h] "+r" (vh) \ + : [a] "r" (va) \ + : "r16", "r17", "cc" \ + ) +/* Add va into: vh | vl */ +#define SP_ASM_ADDC(vl, vh, va) \ + __asm__ __volatile__ ( \ + "addc %[l], %[l], %[a] \n\t" \ + "addze %[h], %[h] \n\t" \ + : [l] "+r" (vl), [h] "+r" (vh) \ + : [a] "r" (va) \ + : "cc" \ + ) +/* Sub va from: vh | vl */ +#define SP_ASM_SUBB(vl, vh, va) \ + __asm__ __volatile__ ( \ + "subfc %[l], %[a], %[l] \n\t" \ + "li r16, 0 \n\t" \ + "subfe %[h], r16, %[h] \n\t" \ + : [l] "+r" (vl), [h] "+r" (vh) \ + : [a] "r" (va) \ + : "r16", "cc" \ + ) +/* Add two times vc | vb | va into vo | vh | vl */ +#define SP_ASM_ADD_DBL_3(vl, vh, vo, va, vb, vc) \ + __asm__ __volatile__ ( \ + "addc %[l], %[l], %[a] \n\t" \ + "adde %[h], %[h], %[b] \n\t" \ + "adde %[o], %[o], %[c] \n\t" \ + "addc %[l], %[l], %[a] \n\t" \ + "adde %[h], %[h], %[b] \n\t" \ + "adde %[o], %[o], %[c] \n\t" \ + : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \ + : [a] "r" (va), [b] "r" (vb), [c] "r" (vc) \ + : "cc" \ + ) +/* Count leading zeros. */ +#define SP_ASM_LZCNT(va, vn) \ + __asm__ __volatile__ ( \ + "cntlzd %[n], %[a] \n\t" \ + : [n] "=r" (vn) \ + : [a] "r" (va) \ + : \ + ) + + #else /* !defined(__APPLE__) */ + /* Multiply va by vb and store double size result in: vh | vl */ #define SP_ASM_MUL(vl, vh, va, vb) \ __asm__ __volatile__ ( \ @@ -3620,6 +3769,8 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo, : \ ) + #endif /* !defined(__APPLE__) */ + #define SP_INT_ASM_AVAILABLE #endif /* WOLFSSL_SP_PPC64 && SP_WORD_SIZE == 64 */ @@ -3629,6 +3780,8 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo, * CPU: PPC 32-bit */ + #ifdef __APPLE__ + /* Multiply va by vb and store double size result in: vh | vl */ #define SP_ASM_MUL(vl, vh, va, vb) \ __asm__ __volatile__ ( \ @@ -3648,6 +3801,152 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo, : [a] "r" (va), [b] "r" (vb) \ ) /* Multiply va by vb and add double size result into: vo | vh | vl */ +#define SP_ASM_MUL_ADD(vl, vh, vo, va, vb) \ + __asm__ __volatile__ ( \ + "mullw r16, %[a], %[b] \n\t" \ + "mulhwu r17, %[a], %[b] \n\t" \ + "addc %[l], %[l], r16 \n\t" \ + "adde %[h], %[h], r17 \n\t" \ + "addze %[o], %[o] \n\t" \ + : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \ + : [a] "r" (va), [b] "r" (vb) \ + : "r16", "r17", "cc" \ + ) +/* Multiply va by vb and add double size result into: vh | vl */ +#define SP_ASM_MUL_ADD_NO(vl, vh, va, vb) \ + __asm__ __volatile__ ( \ + "mullw r16, %[a], %[b] \n\t" \ + "mulhwu r17, %[a], %[b] \n\t" \ + "addc %[l], %[l], r16 \n\t" \ + "adde %[h], %[h], r17 \n\t" \ + : [l] "+r" (vl), [h] "+r" (vh) \ + : [a] "r" (va), [b] "r" (vb) \ + : "r16", "r17", "cc" \ + ) +/* Multiply va by vb and add double size result twice into: vo | vh | vl */ +#define SP_ASM_MUL_ADD2(vl, vh, vo, va, vb) \ + __asm__ __volatile__ ( \ + "mullw r16, %[a], %[b] \n\t" \ + "mulhwu r17, %[a], %[b] \n\t" \ + "addc %[l], %[l], r16 \n\t" \ + "adde %[h], %[h], r17 \n\t" \ + "addze %[o], %[o] \n\t" \ + "addc %[l], %[l], r16 \n\t" \ + "adde %[h], %[h], r17 \n\t" \ + "addze %[o], %[o] \n\t" \ + : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \ + : [a] "r" (va), [b] "r" (vb) \ + : "r16", "r17", "cc" \ + ) +/* Multiply va by vb and add double size result twice into: vo | vh | vl + * Assumes first add will not overflow vh | vl + */ +#define SP_ASM_MUL_ADD2_NO(vl, vh, vo, va, vb) \ + __asm__ __volatile__ ( \ + "mullw r16, %[a], %[b] \n\t" \ + "mulhwu r17, %[a], %[b] \n\t" \ + "addc %[l], %[l], r16 \n\t" \ + "adde %[h], %[h], r17 \n\t" \ + "addc %[l], %[l], r16 \n\t" \ + "adde %[h], %[h], r17 \n\t" \ + "addze %[o], %[o] \n\t" \ + : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \ + : [a] "r" (va), [b] "r" (vb) \ + : "r16", "r17", "cc" \ + ) +/* Square va and store double size result in: vh | vl */ +#define SP_ASM_SQR(vl, vh, va) \ + __asm__ __volatile__ ( \ + "mullw %[l], %[a], %[a] \n\t" \ + "mulhwu %[h], %[a], %[a] \n\t" \ + : [h] "+r" (vh), [l] "+r" (vl) \ + : [a] "r" (va) \ + : "memory" \ + ) +/* Square va and add double size result into: vo | vh | vl */ +#define SP_ASM_SQR_ADD(vl, vh, vo, va) \ + __asm__ __volatile__ ( \ + "mullw r16, %[a], %[a] \n\t" \ + "mulhwu r17, %[a], %[a] \n\t" \ + "addc %[l], %[l], r16 \n\t" \ + "adde %[h], %[h], r17 \n\t" \ + "addze %[o], %[o] \n\t" \ + : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \ + : [a] "r" (va) \ + : "r16", "r17", "cc" \ + ) +/* Square va and add double size result into: vh | vl */ +#define SP_ASM_SQR_ADD_NO(vl, vh, va) \ + __asm__ __volatile__ ( \ + "mullw r16, %[a], %[a] \n\t" \ + "mulhwu r17, %[a], %[a] \n\t" \ + "addc %[l], %[l], r16 \n\t" \ + "adde %[h], %[h], r17 \n\t" \ + : [l] "+r" (vl), [h] "+r" (vh) \ + : [a] "r" (va) \ + : "r16", "r17", "cc" \ + ) +/* Add va into: vh | vl */ +#define SP_ASM_ADDC(vl, vh, va) \ + __asm__ __volatile__ ( \ + "addc %[l], %[l], %[a] \n\t" \ + "addze %[h], %[h] \n\t" \ + : [l] "+r" (vl), [h] "+r" (vh) \ + : [a] "r" (va) \ + : "cc" \ + ) +/* Sub va from: vh | vl */ +#define SP_ASM_SUBB(vl, vh, va) \ + __asm__ __volatile__ ( \ + "subfc %[l], %[a], %[l] \n\t" \ + "li r16, 0 \n\t" \ + "subfe %[h], r16, %[h] \n\t" \ + : [l] "+r" (vl), [h] "+r" (vh) \ + : [a] "r" (va) \ + : "r16", "cc" \ + ) +/* Add two times vc | vb | va into vo | vh | vl */ +#define SP_ASM_ADD_DBL_3(vl, vh, vo, va, vb, vc) \ + __asm__ __volatile__ ( \ + "addc %[l], %[l], %[a] \n\t" \ + "adde %[h], %[h], %[b] \n\t" \ + "adde %[o], %[o], %[c] \n\t" \ + "addc %[l], %[l], %[a] \n\t" \ + "adde %[h], %[h], %[b] \n\t" \ + "adde %[o], %[o], %[c] \n\t" \ + : [l] "+r" (vl), [h] "+r" (vh), [o] "+r" (vo) \ + : [a] "r" (va), [b] "r" (vb), [c] "r" (vc) \ + : "cc" \ + ) +/* Count leading zeros. */ +#define SP_ASM_LZCNT(va, vn) \ + __asm__ __volatile__ ( \ + "cntlzw %[n], %[a] \n\t" \ + : [n] "=r" (vn) \ + : [a] "r" (va) \ + ) + + #else /* !defined(__APPLE__) */ + +/* Multiply va by vb and store double size result in: vh | vl */ +#define SP_ASM_MUL(vl, vh, va, vb) \ + __asm__ __volatile__ ( \ + "mullw %[l], %[a], %[b] \n\t" \ + "mulhwu %[h], %[a], %[b] \n\t" \ + : [h] "+r" (vh), [l] "+r" (vl) \ + : [a] "r" (va), [b] "r" (vb) \ + : "memory" \ + ) +/* Multiply va by vb and store double size result in: vo | vh | vl */ +#define SP_ASM_MUL_SET(vl, vh, vo, va, vb) \ + __asm__ __volatile__ ( \ + "mulhwu %[h], %[a], %[b] \n\t" \ + "mullw %[l], %[a], %[b] \n\t" \ + "xor %[o], %[o], %[o] \n\t" \ + : [l] "+r" (vl), [h] "+r" (vh), [o] "=r" (vo) \ + : [a] "r" (va), [b] "r" (vb) \ + ) +/* Multiply va by vb and add double size result into: vo | vh | vl */ #define SP_ASM_MUL_ADD(vl, vh, vo, va, vb) \ __asm__ __volatile__ ( \ "mullw 16, %[a], %[b] \n\t" \ @@ -3746,7 +4045,7 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo, #define SP_ASM_SUBB(vl, vh, va) \ __asm__ __volatile__ ( \ "subfc %[l], %[a], %[l] \n\t" \ - "li 16, 0 \n\t" \ + "xor 16, 16, 16 \n\t" \ "subfe %[h], 16, %[h] \n\t" \ : [l] "+r" (vl), [h] "+r" (vh) \ : [a] "r" (va) \ @@ -3773,6 +4072,8 @@ static WC_INLINE sp_int_digit sp_div_word(sp_int_digit hi, sp_int_digit lo, : [a] "r" (va) \ ) + #endif /* !defined(__APPLE__) */ + #define SP_INT_ASM_AVAILABLE #endif /* WOLFSSL_SP_PPC && SP_WORD_SIZE == 64 */ @@ -4827,6 +5128,12 @@ static void _sp_mont_setup(const sp_int* m, sp_int_digit* rho); #define WOLFSSL_SP_PRIME_GEN #endif +#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ + (defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)) || defined(OPENSSL_EXTRA) +/* Determine when mp_mul_d is required */ +#define WOLFSSL_SP_MUL_D +#endif + /* Set the multi-precision number to zero. * * Assumes a is not NULL. @@ -4859,7 +5166,7 @@ static void _sp_init_size(sp_int* a, unsigned int size) #endif _sp_zero((sp_int*)am); - a->size = size; + a->size = (sp_size_t)size; } /* Initialize the multi-precision number to be zero with a given max size. @@ -5214,8 +5521,8 @@ int sp_exch(sp_int* a, sp_int* b) ALLOC_SP_INT(t, a->used, err, NULL); if (err == MP_OKAY) { /* Cache allocated size of a and b. */ - unsigned int asize = a->size; - unsigned int bsize = b->size; + sp_size_t asize = a->size; + sp_size_t bsize = b->size; /* Copy all of SP int: t <- a, a <- b, b <- t. */ XMEMCPY(t, a, MP_INT_SIZEOF(a->used)); XMEMCPY(a, b, MP_INT_SIZEOF(b->used)); @@ -5251,9 +5558,9 @@ int sp_cond_swap_ct_ex(sp_int* a, sp_int* b, int cnt, int swap, sp_int* t) sp_int_digit mask = (sp_int_digit)0 - (sp_int_digit)swap; /* XOR other fields in sp_int into temp - mask set when swapping. */ - t->used = (a->used ^ b->used) & (unsigned int)mask; + t->used = (a->used ^ b->used) & (sp_size_t)mask; #ifdef WOLFSSL_SP_INT_NEGATIVE - t->sign = (a->sign ^ b->sign) & (unsigned int)mask; + t->sign = (a->sign ^ b->sign) & (sp_uint8)mask; #endif /* XOR requested words into temp - mask set when swapping. */ @@ -5719,7 +6026,7 @@ int sp_cnt_lsb(const sp_int* a) unsigned int j; /* Count least significant words that are zero. */ - for (i = 0; i < a->used && a->dp[i] == 0; i++, bc += SP_WORD_SIZE) { + for (i = 0; (i < a->used) && (a->dp[i] == 0); i++, bc += SP_WORD_SIZE) { } /* Use 4-bit table to get count. */ @@ -5790,7 +6097,7 @@ int sp_set_bit(sp_int* a, int i) { int err = MP_OKAY; /* Get index of word to set. */ - unsigned int w = (unsigned int)(i >> SP_WORD_SHIFT); + sp_size_t w = (sp_size_t)(i >> SP_WORD_SHIFT); /* Check for valid number and and space for bit. */ if ((a == NULL) || (i < 0) || (w >= a->size)) { @@ -6252,7 +6559,8 @@ int sp_sub_d(const sp_int* a, sp_int_digit d, sp_int* r) !defined(NO_DH) || defined(HAVE_ECC) || \ (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \ !defined(WOLFSSL_RSA_PUBLIC_ONLY))) || \ - (defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)) + (defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)) || \ + defined(WOLFSSL_SP_MUL_D) /* Multiply a by digit n and put result into r shifting up o digits. * r = (a * n) << (o * SP_WORD_SIZE) * @@ -6326,7 +6634,7 @@ static int _sp_mul_d(const sp_int* a, sp_int_digit d, sp_int* r, unsigned int o) } } /* Update number of words in result. */ - r->used = o; + r->used = (sp_size_t)o; /* In case n is zero. */ sp_clamp(r); @@ -6335,8 +6643,7 @@ static int _sp_mul_d(const sp_int* a, sp_int_digit d, sp_int* r, unsigned int o) #endif /* (WOLFSSL_SP_MATH_ALL && !WOLFSSL_RSA_VERIFY_ONLY) || * WOLFSSL_SP_SMALL || (WOLFSSL_KEY_GEN && !NO_RSA) */ -#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ - (defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)) +#ifdef WOLFSSL_SP_MUL_D /* Multiply a by digit n and put result into r. r = a * n * * @param [in] a SP integer to multiply. @@ -6374,8 +6681,7 @@ int sp_mul_d(const sp_int* a, sp_int_digit d, sp_int* r) return err; } -#endif /* (WOLFSSL_SP_MATH_ALL && !WOLFSSL_RSA_VERIFY_ONLY) || - * (WOLFSSL_KEY_GEN && !NO_RSA) */ +#endif /* WOLFSSL_SP_MUL_D */ /* Predefine complicated rules of when to compile in sp_div_d and sp_mod_d. */ #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ @@ -7057,7 +7363,7 @@ static void _sp_div_2(const sp_int* a, sp_int* r) /* Last word only needs to be shifted down. */ r->dp[i] = a->dp[i] >> 1; /* Set used to be all words seen. */ - r->used = (unsigned int)i + 1; + r->used = (sp_size_t)i + 1; /* Remove leading zeros. */ sp_clamp(r); #ifdef WOLFSSL_SP_INT_NEGATIVE @@ -7133,7 +7439,7 @@ int sp_div_2_mod_ct(const sp_int* a, const sp_int* m, sp_int* r) #endif /* Mask to apply to modulus. */ sp_int_digit mask = (sp_int_digit)0 - (a->dp[0] & 1); - unsigned int i; + sp_size_t i; #if 0 sp_print(a, "a"); @@ -7208,7 +7514,7 @@ int sp_div_2_mod_ct(const sp_int* a, const sp_int* m, sp_int* r) */ static void _sp_add_off(const sp_int* a, const sp_int* b, sp_int* r, int o) { - unsigned int i = 0; + sp_size_t i = 0; #ifndef SQR_MUL_ASM sp_int_word t = 0; #else @@ -7329,10 +7635,10 @@ static void _sp_add_off(const sp_int* a, const sp_int* b, sp_int* r, int o) /* Put in carry. */ #ifndef SQR_MUL_ASM r->dp[i] = (sp_int_digit)t; - r->used += (t != 0); + r->used = (sp_size_t)(r->used + (sp_size_t)(t != 0)); #else r->dp[i] = l; - r->used += (l != 0); + r->used = (sp_size_t)(r->used + (sp_size_t)(l != 0)); #endif /* Remove leading zeros. */ @@ -7356,8 +7662,8 @@ static void _sp_add_off(const sp_int* a, const sp_int* b, sp_int* r, int o) static void _sp_sub_off(const sp_int* a, const sp_int* b, sp_int* r, unsigned int o) { - unsigned int i = 0; - unsigned int j; + sp_size_t i = 0; + sp_size_t j; #ifndef SQR_MUL_ASM sp_int_sword t = 0; #else @@ -7372,7 +7678,7 @@ static void _sp_sub_off(const sp_int* a, const sp_int* b, sp_int* r, } } else { - i = o; + i = (sp_size_t)o; } /* Index to add at is the offset now. */ @@ -7566,7 +7872,7 @@ static int _sp_addmod(const sp_int* a, const sp_int* b, const sp_int* m, { int err = MP_OKAY; /* Calculate used based on digits used in a and b. */ - unsigned int used = ((a->used >= b->used) ? a->used + 1 : b->used + 1); + sp_size_t used = ((a->used >= b->used) ? a->used + 1 : b->used + 1); DECL_SP_INT(t, used); /* Allocate a temporary SP int to hold sum. */ @@ -7687,7 +7993,7 @@ static int _sp_submod(const sp_int* a, const sp_int* b, const sp_int* m, FREE_SP_INT_ARRAY(t, NULL); #else /* WOLFSSL_SP_INT_NEGATIVE */ - unsigned int used = ((a->used >= b->used) ? a->used + 1 : b->used + 1); + sp_size_t used = ((a->used >= b->used) ? a->used + 1 : b->used + 1); DECL_SP_INT(t, used); ALLOC_SP_INT_SIZE(t, used, err, NULL); @@ -7763,12 +8069,12 @@ int sp_submod(const sp_int* a, const sp_int* b, const sp_int* m, sp_int* r) static void sp_clamp_ct(sp_int* a) { int i; - unsigned int used = a->used; - unsigned int mask = (unsigned int)-1; + sp_size_t used = a->used; + sp_size_t mask = (sp_size_t)-1; for (i = (int)a->used - 1; i >= 0; i--) { - used -= ((unsigned int)(a->dp[i] == 0)) & mask; - mask &= (unsigned int)0 - (a->dp[i] == 0); + used = (sp_size_t)(used - ((a->dp[i] == 0) & mask)); + mask &= (sp_size_t)(0 - (a->dp[i] == 0)); } a->used = used; } @@ -7804,7 +8110,7 @@ int sp_addmod_ct(const sp_int* a, const sp_int* b, const sp_int* m, sp_int* r) sp_int_digit mask; sp_int_digit mask_a = (sp_int_digit)-1; sp_int_digit mask_b = (sp_int_digit)-1; - unsigned int i; + sp_size_t i; /* Check result is as big as modulus. */ if (m->used > r->size) { @@ -8041,7 +8347,7 @@ static void _sp_submod_ct(const sp_int* a, const sp_int* b, const sp_int* m, } /* Result will always have digits equal to or less than those in * modulus. */ - r->used = i; + r->used = (sp_size_t)i; #ifdef WOLFSSL_SP_INT_NEGATIVE r->sign = MP_ZPOS; #endif /* WOLFSSL_SP_INT_NEGATIVE */ @@ -8150,7 +8456,7 @@ int sp_lshd(sp_int* a, int s) /* Back fill with zeros. */ XMEMSET(a->dp, 0, (size_t)s * SP_WORD_SIZEOF); /* Update used. */ - a->used += (unsigned int)s; + a->used += (sp_size_t)s; /* Remove leading zeros. */ sp_clamp(a); } @@ -8179,7 +8485,7 @@ static int sp_lshb(sp_int* a, int n) if (a->used != 0) { /* Calculate number of digits to shift. */ - unsigned int s = (unsigned int)n >> SP_WORD_SHIFT; + sp_size_t s = (sp_size_t)n >> SP_WORD_SHIFT; /* Ensure number has enough digits for result. */ if (a->used + s >= a->size) { @@ -8237,14 +8543,14 @@ void sp_rshd(sp_int* a, int c) /* Do shift if we have an SP int. */ if ((a != NULL) && (c > 0)) { /* Make zero if shift removes all digits. */ - if ((unsigned int)c >= a->used) { + if ((sp_size_t)c >= a->used) { _sp_zero(a); } else { - unsigned int i; + sp_size_t i; /* Update used digits count. */ - a->used -= (unsigned int)c; + a->used -= (sp_size_t)c; /* Move digits down. */ for (i = 0; i < a->used; i++, c++) { a->dp[i] = a->dp[c]; @@ -8267,7 +8573,7 @@ int sp_rshb(const sp_int* a, int n, sp_int* r) { int err = MP_OKAY; /* Number of digits to shift down. */ - unsigned int i = (unsigned int)(n >> SP_WORD_SHIFT); + sp_size_t i = (sp_size_t)(n >> SP_WORD_SHIFT); if ((a == NULL) || (n < 0)) { err = MP_VAL; @@ -8281,7 +8587,7 @@ int sp_rshb(const sp_int* a, int n, sp_int* r) err = MP_VAL; } else if (err == MP_OKAY) { - unsigned int j; + sp_size_t j; /* Number of bits to shift in digits. */ n &= SP_WORD_SIZE - 1; @@ -8299,12 +8605,12 @@ int sp_rshb(const sp_int* a, int n, sp_int* r) } else { /* Move the bits down starting at least significant digit. */ - for (j = 0; i < a->used-1; i++, j++) + for (j = 0; i < a->used - 1; i++, j++) r->dp[j] = (a->dp[i] >> n) | (a->dp[i+1] << (SP_WORD_SIZE - n)); /* Most significant digit has no higher digit to pull from. */ r->dp[j] = a->dp[i] >> n; /* Set the count of used digits. */ - r->used = j + (r->dp[j] > 0); + r->used = (sp_size_t)(j + (r->dp[j] > 0)); } #ifdef WOLFSSL_SP_INT_NEGATIVE if (sp_iszero(r)) { @@ -8328,7 +8634,7 @@ int sp_rshb(const sp_int* a, int n, sp_int* r) !defined(WOLFSSL_RSA_PUBLIC_ONLY)) static void _sp_div_same_size(sp_int* a, const sp_int* d, sp_int* r) { - unsigned int i; + sp_size_t i; /* Compare top digits of dividend with those of divisor up to last. */ for (i = d->used - 1; i > 0; i--) { @@ -8366,12 +8672,12 @@ static void _sp_div_same_size(sp_int* a, const sp_int* d, sp_int* r) static int _sp_div_impl(sp_int* a, const sp_int* d, sp_int* r, sp_int* trial) { int err = MP_OKAY; - unsigned int i; + sp_size_t i; #ifdef WOLFSSL_SP_SMALL int c; #else - unsigned int j; - unsigned int o; + sp_size_t j; + sp_size_t o; #ifndef SQR_MUL_ASM sp_int_sword sw; #else @@ -8384,7 +8690,7 @@ static int _sp_div_impl(sp_int* a, const sp_int* d, sp_int* r, sp_int* trial) sp_int_digit dt; /* Set result size to clear. */ - r->used = a->used - d->used + 1; + r->used = (sp_size_t)(a->used - d->used + 1); /* Set all potentially used digits to zero. */ for (i = 0; i < r->used; i++) { r->dp[i] = 0; @@ -8557,8 +8863,8 @@ static int _sp_div(const sp_int* a, const sp_int* d, sp_int* r, sp_int* rem, sp_int* tr = NULL; sp_int* trial = NULL; #ifdef WOLFSSL_SP_INT_NEGATIVE - unsigned int signA = MP_ZPOS; - unsigned int signD = MP_ZPOS; + sp_uint8 signA = MP_ZPOS; + sp_uint8 signD = MP_ZPOS; #endif /* WOLFSSL_SP_INT_NEGATIVE */ /* Intermediates will always be less than or equal to dividend. */ DECL_SP_INT_ARRAY(td, used, 4); @@ -8652,7 +8958,7 @@ static int _sp_div(const sp_int* a, const sp_int* d, sp_int* r, sp_int* rem, tr = td[3]; _sp_init_size(sa, used); - _sp_init_size(tr, a->used - d->used + 2); + _sp_init_size(tr, (unsigned int)(a->used - d->used + 2)); #endif sd = td[0]; trial = td[1]; @@ -8933,7 +9239,7 @@ static int _sp_mul_nxn(const sp_int* a, const sp_int* b, sp_int* r) t[0] = h; h = 0; o = 0; - for (k = 1; k <= a->used - 1; k++) { + for (k = 1; k <= (unsigned int)a->used - 1; k++) { j = (int)k; dp = a->dp; for (; j >= 0; dp++, j--) { @@ -8944,8 +9250,8 @@ static int _sp_mul_nxn(const sp_int* a, const sp_int* b, sp_int* r) h = o; o = 0; } - for (; k <= (a->used - 1) * 2; k++) { - i = k - (b->used - 1); + for (; k <= ((unsigned int)a->used - 1) * 2; k++) { + i = k - (sp_size_t)(b->used - 1); dp = &b->dp[b->used - 1]; for (; i < a->used; i++, dp--) { SP_ASM_MUL_ADD(l, h, o, a->dp[i], dp[0]); @@ -8957,14 +9263,12 @@ static int _sp_mul_nxn(const sp_int* a, const sp_int* b, sp_int* r) } r->dp[k] = l; XMEMCPY(r->dp, t, a->used * sizeof(sp_int_digit)); - r->used = k + 1; + r->used = (sp_size_t)(k + 1); sp_clamp(r); } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (t != NULL) { - XFREE(t, NULL, DYNAMIC_TYPE_BIGINT); - } + XFREE(t, NULL, DYNAMIC_TYPE_BIGINT); #endif return err; } @@ -8981,9 +9285,9 @@ static int _sp_mul_nxn(const sp_int* a, const sp_int* b, sp_int* r) static int _sp_mul(const sp_int* a, const sp_int* b, sp_int* r) { int err = MP_OKAY; - unsigned int i; + sp_size_t i; int j; - unsigned int k; + sp_size_t k; #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_int_digit* t = NULL; #elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \ @@ -9011,7 +9315,7 @@ static int _sp_mul(const sp_int* a, const sp_int* b, sp_int* r) t[0] = h; h = 0; o = 0; - for (k = 1; k <= b->used - 1; k++) { + for (k = 1; k <= (sp_size_t)(b->used - 1); k++) { i = 0; j = (int)k; for (; (i < a->used) && (j >= 0); i++, j--) { @@ -9022,9 +9326,9 @@ static int _sp_mul(const sp_int* a, const sp_int* b, sp_int* r) h = o; o = 0; } - for (; k <= (a->used - 1) + (b->used - 1); k++) { + for (; k <= (sp_size_t)((a->used - 1) + (b->used - 1)); k++) { j = (int)(b->used - 1); - i = k - (unsigned int)j; + i = k - (sp_size_t)j; for (; (i < a->used) && (j >= 0); i++, j--) { SP_ASM_MUL_ADD(l, h, o, a->dp[i], b->dp[j]); } @@ -9034,15 +9338,13 @@ static int _sp_mul(const sp_int* a, const sp_int* b, sp_int* r) o = 0; } t[k] = l; - r->used = k + 1; + r->used = (sp_size_t)(k + 1); XMEMCPY(r->dp, t, r->used * sizeof(sp_int_digit)); sp_clamp(r); } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (t != NULL) { - XFREE(t, NULL, DYNAMIC_TYPE_BIGINT); - } + XFREE(t, NULL, DYNAMIC_TYPE_BIGINT); #endif return err; } @@ -9059,9 +9361,9 @@ static int _sp_mul(const sp_int* a, const sp_int* b, sp_int* r) static int _sp_mul(const sp_int* a, const sp_int* b, sp_int* r) { int err = MP_OKAY; - unsigned int i; + sp_size_t i; int j; - unsigned int k; + sp_size_t k; #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_int_digit* t = NULL; #elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \ @@ -9093,9 +9395,9 @@ static int _sp_mul(const sp_int* a, const sp_int* b, sp_int* r) #ifdef SP_WORD_OVERFLOW o = 0; #endif - for (k = 1; k <= (a->used - 1) + (b->used - 1); k++) { - i = k - (b->used - 1); - i &= (((unsigned int)i >> (sizeof(i) * 8 - 1)) - 1U); + for (k = 1; (int)k <= ((int)a->used - 1) + ((int)b->used - 1); k++) { + i = k - (sp_size_t)(b->used - 1); + i &= (sp_size_t)(((unsigned int)i >> (sizeof(i) * 8 - 1)) - 1U); j = (int)(k - i); for (; (i < a->used) && (j >= 0); i++, j--) { w = (sp_int_word)a->dp[i] * b->dp[j]; @@ -9118,15 +9420,13 @@ static int _sp_mul(const sp_int* a, const sp_int* b, sp_int* r) #endif } t[k] = (sp_int_digit)l; - r->used = k + 1; + r->used = (sp_size_t)(k + 1); XMEMCPY(r->dp, t, r->used * sizeof(sp_int_digit)); sp_clamp(r); } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (t != NULL) { - XFREE(t, NULL, DYNAMIC_TYPE_BIGINT); - } + XFREE(t, NULL, DYNAMIC_TYPE_BIGINT); #endif return err; } @@ -9250,9 +9550,7 @@ static int _sp_mul_4(const sp_int* a, const sp_int* b, sp_int* r) } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (w != NULL) { - XFREE(w, NULL, DYNAMIC_TYPE_BIGINT); - } + XFREE(w, NULL, DYNAMIC_TYPE_BIGINT); #endif return err; } @@ -10249,9 +10547,7 @@ static int _sp_mul_16(const sp_int* a, const sp_int* b, sp_int* r) } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (t != NULL) { - XFREE(t, NULL, DYNAMIC_TYPE_BIGINT); - } + XFREE(t, NULL, DYNAMIC_TYPE_BIGINT); #endif return err; } @@ -11057,9 +11353,7 @@ static int _sp_mul_24(const sp_int* a, const sp_int* b, sp_int* r) } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (t != NULL) { - XFREE(t, NULL, DYNAMIC_TYPE_BIGINT); - } + XFREE(t, NULL, DYNAMIC_TYPE_BIGINT); #endif return err; } @@ -11747,7 +12041,7 @@ int sp_mul(const sp_int* a, const sp_int* b, sp_int* r) { int err = MP_OKAY; #ifdef WOLFSSL_SP_INT_NEGATIVE - unsigned int sign = MP_ZPOS; + sp_uint8 sign = MP_ZPOS; #endif if ((a == NULL) || (b == NULL) || (r == NULL)) { @@ -12140,8 +12434,10 @@ static int _sp_invmod_div(const sp_int* a, const sp_int* m, sp_int* x, ALLOC_SP_INT(d, m->used + 1, err, NULL); if (err == MP_OKAY) { - mp_init(d); + err = sp_init_size(d, m->used + 1); + } + if (err == MP_OKAY) { /* 1. x = m, y = a, b = 1, c = 0 */ if (a != y) { _sp_copy(a, y); @@ -12302,7 +12598,7 @@ static int _sp_invmod(const sp_int* a, const sp_int* m, sp_int* r) err = sp_init_size(b, m->used + 1); } if (err == MP_OKAY) { - err = sp_init_size(c, 2 * m->used + 1); + err = sp_init_size(c, (sp_size_t)(2 * m->used + 1)); } if (err == MP_OKAY) { @@ -12506,12 +12802,12 @@ static int _sp_invmod_mont_ct(const sp_int* a, const sp_int* m, sp_int* r, t = pre[CT_INV_MOD_PRE_CNT + 0]; e = pre[CT_INV_MOD_PRE_CNT + 1]; /* Space for sqr and mul result. */ - _sp_init_size(t, m->used * 2 + 1); + _sp_init_size(t, (sp_size_t)(m->used * 2 + 1)); /* e = mod - 2 */ - _sp_init_size(e, m->used + 1); + _sp_init_size(e, (sp_size_t)(m->used + 1)); /* Create pre-computation results: ((2^(1..8))-1).a. */ - _sp_init_size(pre[0], m->used * 2 + 1); + _sp_init_size(pre[0], (sp_size_t)(m->used * 2 + 1)); /* 1. pre[0] = 2^0 * a mod m * Start with 1.a = a. */ @@ -12522,7 +12818,7 @@ static int _sp_invmod_mont_ct(const sp_int* a, const sp_int* m, sp_int* r, for (i = 1; (err == MP_OKAY) && (i < CT_INV_MOD_PRE_CNT); i++) { /* 2.1 pre[i-1] = ((pre[i-1] ^ 2) * a) mod m */ /* Previous value ..1 -> ..10 */ - _sp_init_size(pre[i], m->used * 2 + 1); + _sp_init_size(pre[i], (sp_size_t)(m->used * 2 + 1)); err = sp_sqr(pre[i-1], pre[i]); if (err == MP_OKAY) { err = _sp_mont_red(pre[i], m, mp, 0); @@ -12748,10 +13044,10 @@ static int _sp_exptmod_ex(const sp_int* b, const sp_int* e, int bits, #endif if (err == MP_OKAY) { /* Initialize temporaries. */ - _sp_init_size(t[0], 2 * m->used + 1); - _sp_init_size(t[1], 2 * m->used + 1); + _sp_init_size(t[0], (sp_size_t)(m->used * 2 + 1)); + _sp_init_size(t[1], (sp_size_t)(m->used * 2 + 1)); #ifndef WC_NO_CACHE_RESISTANT - _sp_init_size(t[2], 2 * m->used + 1); + _sp_init_size(t[2], (sp_size_t)(m->used * 2 + 1)); #endif /* 2. t[0] = b mod m @@ -12979,10 +13275,10 @@ static int _sp_exptmod_mont_ex(const sp_int* b, const sp_int* e, int bits, ALLOC_SP_INT_ARRAY(t, m->used * 2 + 1, 4, err, NULL); if (err == MP_OKAY) { /* Initialize temporaries. */ - _sp_init_size(t[0], m->used * 2 + 1); - _sp_init_size(t[1], m->used * 2 + 1); - _sp_init_size(t[2], m->used * 2 + 1); - _sp_init_size(t[3], m->used * 2 + 1); + _sp_init_size(t[0], (sp_size_t)(m->used * 2 + 1)); + _sp_init_size(t[1], (sp_size_t)(m->used * 2 + 1)); + _sp_init_size(t[2], (sp_size_t)(m->used * 2 + 1)); + _sp_init_size(t[3], (sp_size_t)(m->used * 2 + 1)); /* 1. Ensure base is less than modulus. */ if (_sp_cmp_abs(b, m) != MP_LT) { @@ -13521,9 +13817,9 @@ static int _sp_exptmod_base_2(const sp_int* e, int digits, const sp_int* m, a = d[0]; tr = d[1]; - _sp_init_size(a, m->used * 2 + 1); + _sp_init_size(a, (sp_size_t)(m->used * 2 + 1)); #endif - _sp_init_size(tr, m->used * 2 + 1); + _sp_init_size(tr, (sp_size_t)(m->used * 2 + 1)); } @@ -13664,7 +13960,7 @@ static int _sp_exptmod_base_2(const sp_int* e, int digits, const sp_int* m, #ifndef WC_NO_HARDEN FREE_SP_INT_ARRAY(d, NULL); #else - FREE_SP_INT(tr, m->used * 2 + 1); + FREE_SP_INT(tr, NULL); #endif return err; } @@ -13983,10 +14279,10 @@ static int _sp_exptmod_nct(const sp_int* b, const sp_int* e, const sp_int* m, /* Initialize all allocated */ for (i = 0; i < preCnt; i++) { - _sp_init_size(t[i], m->used * 2 + 1); + _sp_init_size(t[i], (sp_size_t)(m->used * 2 + 1)); } - _sp_init_size(tr, m->used * 2 + 1); - _sp_init_size(bm, m->used * 2 + 1); + _sp_init_size(tr, (sp_size_t)(m->used * 2 + 1)); + _sp_init_size(bm, (sp_size_t)(m->used * 2 + 1)); /* 1. Ensure base is less than modulus. */ if (_sp_cmp_abs(b, m) != MP_LT) { @@ -14441,8 +14737,8 @@ int sp_div_2d(const sp_int* a, int e, sp_int* r, sp_int* rem) } if ((err == MP_OKAY) && (rem != NULL)) { /* Set used and mask off top digit of remainder. */ - rem->used = ((unsigned int)e + SP_WORD_SIZE - 1) >> - SP_WORD_SHIFT; + rem->used = (sp_size_t)((e + SP_WORD_SIZE - 1) >> + SP_WORD_SHIFT); e &= SP_WORD_MASK; if (e > 0) { rem->dp[rem->used - 1] &= ((sp_int_digit)1 << e) - 1; @@ -14476,7 +14772,7 @@ int sp_div_2d(const sp_int* a, int e, sp_int* r, sp_int* rem) int sp_mod_2d(const sp_int* a, int e, sp_int* r) { int err = MP_OKAY; - unsigned int digits = ((unsigned int)e + SP_WORD_SIZE - 1) >> SP_WORD_SHIFT; + sp_size_t digits = (sp_size_t)((e + SP_WORD_SIZE - 1) >> SP_WORD_SHIFT); if ((a == NULL) || (r == NULL) || (e < 0)) { err = MP_VAL; @@ -14557,7 +14853,8 @@ int sp_mul_2d(const sp_int* a, int e, sp_int* r) /* Ensure result has enough allocated digits for result. */ if ((err == MP_OKAY) && - ((unsigned int)(sp_count_bits(a) + e) > r->size * SP_WORD_SIZE)) { + ((unsigned int)(sp_count_bits(a) + e) > + (unsigned int)r->size * SP_WORD_SIZE)) { err = MP_VAL; } @@ -14607,9 +14904,9 @@ int sp_mul_2d(const sp_int* a, int e, sp_int* r) static int _sp_sqr(const sp_int* a, sp_int* r) { int err = MP_OKAY; - unsigned int i; + sp_size_t i; int j; - unsigned int k; + sp_size_t k; #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_int_digit* t = NULL; #elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \ @@ -14649,7 +14946,7 @@ static int _sp_sqr(const sp_int* a, sp_int* r) t[0] = h; h = 0; o = 0; - for (k = 1; k < (a->used + 1) / 2; k++) { + for (k = 1; k < (sp_size_t)((a->used + 1) / 2); k++) { i = k; j = (int)(k - 1); for (; (j >= 0); i++, j--) { @@ -14661,7 +14958,7 @@ static int _sp_sqr(const sp_int* a, sp_int* r) o = 0; SP_ASM_SQR_ADD(l, h, o, a->dp[k]); - i = k + 1; + i = (sp_size_t)(k + 1); j = (int)(k - 1); for (; (j >= 0); i++, j--) { SP_ASM_MUL_ADD2(l, h, o, a->dp[i], a->dp[j]); @@ -14683,7 +14980,7 @@ static int _sp_sqr(const sp_int* a, sp_int* r) o = 0; SP_ASM_SQR_ADD(l, h, o, a->dp[k]); - i = k + 1; + i = (sp_size_t)(k + 1); j = (int)(k - 1); for (; (i < a->used); i++, j--) { SP_ASM_MUL_ADD2(l, h, o, a->dp[i], a->dp[j]); @@ -14696,7 +14993,8 @@ static int _sp_sqr(const sp_int* a, sp_int* r) p = r->dp; } r->dp[k * 2 - 1] = l; - XMEMCPY(r->dp, t, (((a->used + 1) / 2) * 2 + 1) * sizeof(sp_int_digit)); + XMEMCPY(r->dp, t, (size_t)(((a->used + 1) / 2) * 2 + 1) * + sizeof(sp_int_digit)); } if (err == MP_OKAY) { @@ -14705,9 +15003,7 @@ static int _sp_sqr(const sp_int* a, sp_int* r) } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (t != NULL) { - XFREE(t, NULL, DYNAMIC_TYPE_BIGINT); - } + XFREE(t, NULL, DYNAMIC_TYPE_BIGINT); #endif return err; } @@ -14723,9 +15019,9 @@ static int _sp_sqr(const sp_int* a, sp_int* r) static int _sp_sqr(const sp_int* a, sp_int* r) { int err = MP_OKAY; - unsigned int i; + sp_size_t i; int j; - unsigned int k; + sp_size_t k; #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) sp_int_digit* t = NULL; #elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 199901L) && \ @@ -14763,7 +15059,7 @@ static int _sp_sqr(const sp_int* a, sp_int* r) #ifdef SP_WORD_OVERFLOW o = 0; #endif - for (k = 1; k <= (a->used - 1) * 2; k++) { + for (k = 1; k <= (sp_size_t)((a->used - 1) * 2); k++) { i = k / 2; j = (int)(k - i); if (i == (unsigned int)j) { @@ -14806,15 +15102,13 @@ static int _sp_sqr(const sp_int* a, sp_int* r) #endif } t[k] = (sp_int_digit)l; - r->used = k + 1; + r->used = (sp_size_t)(k + 1); XMEMCPY(r->dp, t, r->used * sizeof(sp_int_digit)); sp_clamp(r); } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (t != NULL) { - XFREE(t, NULL, DYNAMIC_TYPE_BIGINT); - } + XFREE(t, NULL, DYNAMIC_TYPE_BIGINT); #endif return err; } @@ -14926,9 +15220,7 @@ static int _sp_sqr_4(const sp_int* a, sp_int* r) } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (w != NULL) { - XFREE(w, NULL, DYNAMIC_TYPE_BIGINT); - } + XFREE(w, NULL, DYNAMIC_TYPE_BIGINT); #endif return err; } @@ -15753,9 +16045,7 @@ static int _sp_sqr_16(const sp_int* a, sp_int* r) } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (t != NULL) { - XFREE(t, NULL, DYNAMIC_TYPE_BIGINT); - } + XFREE(t, NULL, DYNAMIC_TYPE_BIGINT); #endif return err; } @@ -16328,9 +16618,7 @@ static int _sp_sqr_24(const sp_int* a, sp_int* r) } #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SP_NO_MALLOC) - if (t != NULL) { - XFREE(t, NULL, DYNAMIC_TYPE_BIGINT); - } + XFREE(t, NULL, DYNAMIC_TYPE_BIGINT); #endif return err; } @@ -17167,7 +17455,7 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct) /* Adding numbers into m->used * 2 digits - zero out unused digits. */ #ifndef WOLFSSL_NO_CT_OPS if (ct) { - for (i = 0; i < m->used * 2; i++) { + for (i = 0; i < (unsigned int)m->used * 2; i++) { a->dp[i] &= (sp_int_digit) (sp_int_sdigit)ctMaskIntGTE((int)(a->used-1), (int)i); @@ -17176,7 +17464,7 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct) else #endif /* !WOLFSSL_NO_CT_OPS */ { - for (i = a->used; i < m->used * 2; i++) { + for (i = a->used; i < (unsigned int)m->used * 2; i++) { a->dp[i] = 0; } } @@ -17214,7 +17502,7 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct) /* 2.1. mu = (mp * DigitMask(a, i)) & WORD_MASK */ mu = mp * a->dp[i]; /* 2.2. If i == NumDigits(m)-1 and mask != 0 then mu & = mask */ - if ((i == m->used - 1) && (mask != 0)) { + if ((i == (unsigned int)m->used - 1) && (mask != 0)) { mu &= mask; } @@ -17224,7 +17512,7 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct) a->dp[i] = (sp_int_digit)w; w >>= SP_WORD_SIZE; /* 2.4. For j = 1 up to NumDigits(m)-2 */ - for (j = 1; j < m->used - 1; j++) { + for (j = 1; j < (unsigned int)m->used - 1; j++) { /* 2.4.1 a += mu * DigitMask(m, j) */ w += a->dp[i + j]; w += (sp_int_word)mu * m->dp[j]; @@ -17246,7 +17534,7 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct) a->dp[m->used * 2 - 1] = (sp_int_digit)o; o >>= SP_WORD_SIZE; a->dp[m->used * 2] = (sp_int_digit)o; - a->used = m->used * 2 + 1; + a->used = (sp_size_t)(m->used * 2 + 1); } if (!ct) { @@ -17295,7 +17583,7 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct) #ifndef WOLFSSL_NO_CT_OPS if (ct) { - for (i = 0; i < m->used * 2; i++) { + for (i = 0; i < (unsigned int)m->used * 2; i++) { a->dp[i] &= (sp_int_digit) (sp_int_sdigit)ctMaskIntGTE((int)(a->used-1), (int)i); @@ -17304,7 +17592,7 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct) else #endif { - for (i = a->used; i < m->used * 2; i++) { + for (i = a->used; i < (unsigned int)m->used * 2; i++) { a->dp[i] = 0; } } @@ -17325,7 +17613,7 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct) SP_ASM_ADDC(l, h, a->dp[1]); a->dp[1] = l; a->dp[2] = h; - a->used = m->used * 2 + 1; + a->used = (sp_size_t)(m->used * 2 + 1); /* mp is SP_WORD_SIZE */ bits = SP_WORD_SIZE; } @@ -17475,7 +17763,7 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct) h = 0; SP_ASM_MUL_ADD_NO(l, h, mu, *(md++)); l = h; - for (j = 1; j + 1 < m->used - 1; j += 2) { + for (j = 1; j + 1 < (unsigned int)m->used - 1; j += 2) { h = 0; SP_ASM_ADDC(l, h, ad[j]); SP_ASM_MUL_ADD_NO(l, h, mu, *(md++)); @@ -17485,7 +17773,7 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct) SP_ASM_MUL_ADD_NO(h, l, mu, *(md++)); ad[j] = h; } - for (; j < m->used - 1; j++) { + for (; j < (unsigned int)m->used - 1; j++) { h = 0; SP_ASM_ADDC(l, h, ad[j]); SP_ASM_MUL_ADD_NO(l, h, mu, *(md++)); @@ -17536,7 +17824,7 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct) /* 2.1. mu = (mp * DigitMask(a, i)) & WORD_MASK */ mu = mp * ad[0]; /* 2.2. If i == NumDigits(m)-1 and mask != 0 then mu & = mask */ - if ((i == m->used - 1) && (mask != 0)) { + if ((i == (unsigned int)m->used - 1) && (mask != 0)) { mu &= mask; } @@ -17547,7 +17835,7 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct) ad[0] = l; l = h; /* 2.4. If i == NumDigits(m)-1 and mask != 0 then mu & = mask */ - for (j = 1; j + 1 < m->used - 1; j += 2) { + for (j = 1; j + 1 < (unsigned int)m->used - 1; j += 2) { h = 0; /* 2.4.1. a += mu * DigitMask(m, j) */ SP_ASM_ADDC(l, h, ad[j + 0]); @@ -17559,7 +17847,7 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct) SP_ASM_MUL_ADD_NO(h, l, mu, *(md++)); ad[j + 1] = h; } - for (; j < m->used - 1; j++) { + for (; j < (unsigned int)m->used - 1; j++) { h = 0; /* 2.4.1. a += mu * DigitMask(m, j) */ SP_ASM_ADDC(l, h, ad[j]); @@ -17582,7 +17870,7 @@ static int _sp_mont_red(sp_int* a, const sp_int* m, sp_int_digit mp, int ct) SP_ASM_ADDC(l, h, a->dp[m->used * 2 - 1]); a->dp[m->used * 2 - 1] = l; a->dp[m->used * 2] = h; - a->used = m->used * 2 + 1; + a->used = (sp_size_t)(m->used * 2 + 1); } if (!ct) { @@ -17653,7 +17941,7 @@ int sp_mont_red_ex(sp_int* a, const sp_int* m, sp_int_digit mp, int ct) * * Used when performing Montgomery Reduction. * m must be odd. - * Jeffrey Hurchalla’s method. + * Jeffrey Hurchalla's method. * https://arxiv.org/pdf/2204.04342.pdf * * @param [in] m SP integer that is the modulus. @@ -17734,7 +18022,7 @@ int sp_mont_norm(sp_int* norm, const sp_int* m) if (err == MP_OKAY) { /* Find top bit and ensure norm has enough space. */ bits = (unsigned int)sp_count_bits(m); - if (bits >= norm->size * SP_WORD_SIZE) { + if (bits >= (unsigned int)norm->size * SP_WORD_SIZE) { err = MP_VAL; } } @@ -17821,7 +18109,7 @@ int sp_read_unsigned_bin(sp_int* a, const byte* in, word32 inSz) int i; int j = 0; - a->used = (inSz + SP_WORD_SIZEOF - 1) / SP_WORD_SIZEOF; + a->used = (sp_size_t)((inSz + SP_WORD_SIZEOF - 1) / SP_WORD_SIZEOF); #if defined(BIG_ENDIAN_ORDER) && !defined(WOLFSSL_SP_INT_DIGIT_ALIGN) /* Data endian matches representation of number. @@ -17949,7 +18237,7 @@ int sp_to_unsigned_bin_len(const sp_int* a, byte* out, int outSz) d >>= 8; /* Stop if the output buffer is filled. */ if (j < 0) { - if ((i < a->used - 1) || (d > 0)) { + if ((i < (unsigned int)a->used - 1) || (d > 0)) { err = MP_VAL; } break; @@ -18023,7 +18311,7 @@ int sp_to_unsigned_bin_len_ct(const sp_int* a, byte* out, int outSz) out[j--] = (byte)(d & mask); d >>= 8; } - mask &= (sp_int_digit)0 - (i < a->used - 1); + mask &= (sp_int_digit)0 - (i < (unsigned int)a->used - 1); i += (unsigned int)(1 & mask); } } @@ -18039,7 +18327,7 @@ int sp_to_unsigned_bin_len_ct(const sp_int* a, byte* out, int outSz) i = 0; for (j = outSz - 1; j >= 0; j--) { out[j] = a->dp[i] & mask; - mask &= (sp_int_digit)0 - (i < a->used - 1); + mask &= (sp_int_digit)0 - (i < (unsigned int)a->used - 1); i += (unsigned int)(1 & mask); } } @@ -18095,7 +18383,7 @@ static int _sp_read_radix_16(sp_int* a, const char* in) int err = MP_OKAY; int i; unsigned int s = 0; - unsigned int j = 0; + sp_size_t j = 0; sp_int_digit d; /* Skip whitespace at end of line */ int eol_done = 0; @@ -18225,7 +18513,7 @@ int sp_read_radix(sp_int* a, const char* in, int radix) { int err = MP_OKAY; #ifdef WOLFSSL_SP_INT_NEGATIVE - unsigned int sign = MP_ZPOS; + sp_uint8 sign = MP_ZPOS; #endif if ((a == NULL) || (in == NULL)) { @@ -18702,7 +18990,7 @@ int sp_rand_prime(sp_int* r, int len, WC_RNG* rng, void* heap) r->sign = MP_ZPOS; #endif /* WOLFSSL_SP_INT_NEGATIVE */ /* Set number of digits that will be used. */ - r->used = digits; + r->used = (sp_size_t)digits; #if defined(WOLFSSL_SP_MATH_ALL) || defined(BIG_ENDIAN_ORDER) /* Calculate number of bits in last digit. */ bits = (len * 8) & SP_WORD_MASK; @@ -19039,7 +19327,7 @@ static int _sp_prime_trials(const sp_int* a, int trials, int* result) _sp_init_size(n1, a->used + 1); _sp_init_size(r, a->used + 1); - _sp_init_size(b, a->used * 2 + 1); + _sp_init_size(b, (sp_size_t)(a->used * 2 + 1)); /* Do requested number of trials of Miller-Rabin test. */ for (i = 0; i < trials; i++) { @@ -19163,8 +19451,8 @@ static int _sp_prime_random_trials(const sp_int* a, int trials, int* result, _sp_init_size(c , a->used + 1); _sp_init_size(n1, a->used + 1); - _sp_init_size(b , a->used * 2 + 1); - _sp_init_size(r , a->used * 2 + 1); + _sp_init_size(b , (sp_size_t)(a->used * 2 + 1)); + _sp_init_size(r , (sp_size_t)(a->used * 2 + 1)); _sp_sub_d(a, 2, c); diff --git a/src/wolfcrypt/src/sp_sm2_arm32.c b/src/wolfcrypt/src/sp_sm2_arm32.c index 211b143..4dc5377 100644 --- a/src/wolfcrypt/src/sp_sm2_arm32.c +++ b/src/wolfcrypt/src/sp_sm2_arm32.c @@ -1,6 +1,6 @@ /* sp_sm2_arm32.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfcrypt/src/sp_sm2_arm64.c b/src/wolfcrypt/src/sp_sm2_arm64.c index 5c84948..8f87711 100644 --- a/src/wolfcrypt/src/sp_sm2_arm64.c +++ b/src/wolfcrypt/src/sp_sm2_arm64.c @@ -1,6 +1,6 @@ /* sp_sm2_arm64.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfcrypt/src/sp_sm2_armthumb.c b/src/wolfcrypt/src/sp_sm2_armthumb.c index 5d26e27..0be6685 100644 --- a/src/wolfcrypt/src/sp_sm2_armthumb.c +++ b/src/wolfcrypt/src/sp_sm2_armthumb.c @@ -1,6 +1,6 @@ /* sp_sm2_armthumb.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfcrypt/src/sp_sm2_c32.c b/src/wolfcrypt/src/sp_sm2_c32.c index 41c40d1..754b80a 100644 --- a/src/wolfcrypt/src/sp_sm2_c32.c +++ b/src/wolfcrypt/src/sp_sm2_c32.c @@ -1,6 +1,6 @@ /* sp_sm2_c32.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfcrypt/src/sp_sm2_c64.c b/src/wolfcrypt/src/sp_sm2_c64.c index ee38016..861bfe3 100644 --- a/src/wolfcrypt/src/sp_sm2_c64.c +++ b/src/wolfcrypt/src/sp_sm2_c64.c @@ -1,6 +1,6 @@ /* sp_sm2_c64.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfcrypt/src/sp_sm2_cortexm.c b/src/wolfcrypt/src/sp_sm2_cortexm.c index 3bda85f..4b1083f 100644 --- a/src/wolfcrypt/src/sp_sm2_cortexm.c +++ b/src/wolfcrypt/src/sp_sm2_cortexm.c @@ -1,6 +1,6 @@ /* sp_sm2_cortexm.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfcrypt/src/sp_sm2_x86_64.c b/src/wolfcrypt/src/sp_sm2_x86_64.c index f73e408..24a5b9e 100644 --- a/src/wolfcrypt/src/sp_sm2_x86_64.c +++ b/src/wolfcrypt/src/sp_sm2_x86_64.c @@ -1,6 +1,6 @@ /* sp_sm2_x86_64.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfcrypt/src/sp_x86_64.c b/src/wolfcrypt/src/sp_x86_64.c index b57f5a3..2529432 100644 --- a/src/wolfcrypt/src/sp_x86_64.c +++ b/src/wolfcrypt/src/sp_x86_64.c @@ -1,6 +1,6 @@ /* sp.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -67,7 +67,7 @@ do { \ int ii; \ fprintf(stderr, name "=0x"); \ - for (ii = ((bits + 63) / 64) - 1; ii >= 0; ii--) \ + for (ii = (((bits) + 63) / 64) - 1; ii >= 0; ii--) \ fprintf(stderr, SP_PRINT_FMT, (var)[ii]); \ fprintf(stderr, "\n"); \ } while (0) @@ -492,8 +492,8 @@ static WC_INLINE sp_digit div_2048_word_16(sp_digit d1, sp_digit d0, static WC_INLINE sp_digit div_2048_word_16(sp_digit d1, sp_digit d0, sp_digit div) { - ASSERT_SAVED_VECTOR_REGISTERS(); register sp_digit r asm("rax"); + ASSERT_SAVED_VECTOR_REGISTERS(); __asm__ __volatile__ ( "divq %3" : "=a" (r) @@ -575,7 +575,7 @@ static WC_INLINE int sp_2048_div_16(const sp_digit* a, const sp_digit* d, sp_dig #endif sp_2048_cond_sub_16(&t1[16], &t1[16], d, (sp_digit)0 - r1); for (i = 15; i >= 0; i--) { - sp_digit mask = 0 - (t1[16 + i] == div); + sp_digit mask = (sp_digit)0 - (t1[16 + i] == div); sp_digit hi = t1[16 + i] + mask; r1 = div_2048_word_16(hi, t1[16 + i - 1], div); r1 |= mask; @@ -806,13 +806,12 @@ static int sp_2048_mod_exp_16(sp_digit* r, const sp_digit* a, const sp_digit* e, XMEMSET(&r[16], 0, sizeof(sp_digit) * 16); sp_2048_mont_reduce_16(r, m, mp); - mask = 0 - (sp_2048_cmp_16(r, m) >= 0); + mask = (sp_digit)0 - (sp_2048_cmp_16(r, m) >= 0); sp_2048_cond_sub_16(r, r, m, mask); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -1047,13 +1046,12 @@ static int sp_2048_mod_exp_avx2_16(sp_digit* r, const sp_digit* a, const sp_digi XMEMSET(&r[16], 0, sizeof(sp_digit) * 16); sp_2048_mont_reduce_avx2_16(r, m, mp); - mask = 0 - (sp_2048_cmp_16(r, m) >= 0); + mask = (sp_digit)0 - (sp_2048_cmp_16(r, m) >= 0); sp_2048_cond_sub_avx2_16(r, r, m, mask); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -1176,8 +1174,8 @@ static WC_INLINE sp_digit div_2048_word_32(sp_digit d1, sp_digit d0, static WC_INLINE sp_digit div_2048_word_32(sp_digit d1, sp_digit d0, sp_digit div) { - ASSERT_SAVED_VECTOR_REGISTERS(); register sp_digit r asm("rax"); + ASSERT_SAVED_VECTOR_REGISTERS(); __asm__ __volatile__ ( "divq %3" : "=a" (r) @@ -1352,7 +1350,7 @@ static WC_INLINE int sp_2048_div_32(const sp_digit* a, const sp_digit* d, sp_dig #endif sp_2048_cond_sub_32(&t1[32], &t1[32], d, (sp_digit)0 - r1); for (i = 31; i >= 0; i--) { - sp_digit mask = 0 - (t1[32 + i] == div); + sp_digit mask = (sp_digit)0 - (t1[32 + i] == div); sp_digit hi = t1[32 + i] + mask; r1 = div_2048_word_32(hi, t1[32 + i - 1], div); r1 |= mask; @@ -1618,13 +1616,12 @@ static int sp_2048_mod_exp_32(sp_digit* r, const sp_digit* a, const sp_digit* e, XMEMSET(&r[32], 0, sizeof(sp_digit) * 32); sp_2048_mont_reduce_32(r, m, mp); - mask = 0 - (sp_2048_cmp_32(r, m) >= 0); + mask = (sp_digit)0 - (sp_2048_cmp_32(r, m) >= 0); sp_2048_cond_sub_32(r, r, m, mask); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -1894,13 +1891,12 @@ static int sp_2048_mod_exp_avx2_32(sp_digit* r, const sp_digit* a, const sp_digi XMEMSET(&r[32], 0, sizeof(sp_digit) * 32); sp_2048_mont_reduce_avx2_32(r, m, mp); - mask = 0 - (sp_2048_cmp_32(r, m) >= 0); + mask = (sp_digit)0 - (sp_2048_cmp_32(r, m) >= 0); sp_2048_cond_sub_avx2_32(r, r, m, mask); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -1965,7 +1961,7 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em, m = r + 32 * 2; ah = a + 32; - sp_2048_from_bin(ah, 32, in, inLen); + sp_2048_from_bin(ah, 32, in, (int)inLen); #if DIGIT_BIT >= 64 e = em->dp[0]; #else @@ -1993,7 +1989,8 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em, if (err == MP_OKAY) { /* r = a ^ 0x10000 => r = a squared 16 times */ #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) { + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { for (i = 15; i >= 0; i--) { sp_2048_mont_sqr_avx2_32(r, r, m, mp); } @@ -2024,7 +2021,8 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em, } else if (e == 0x3) { #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) { + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { if (err == MP_OKAY) { sp_2048_sqr_avx2_32(r, ah); err = sp_2048_mod_32_cond(r, r, m); @@ -2066,7 +2064,8 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em, XMEMCPY(r, a, sizeof(sp_digit) * 32); #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) { + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { for (i--; i>=0; i--) { sp_2048_mont_sqr_avx2_32(r, r, m, mp); if (((e >> i) & 1) == 1) { @@ -2105,8 +2104,7 @@ int sp_RsaPublic_2048(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (a != NULL) - XFREE(a, NULL, DYNAMIC_TYPE_RSA); + XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -2187,7 +2185,7 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm, r = a; - sp_2048_from_bin(a, 32, in, inLen); + sp_2048_from_bin(a, 32, in, (int)inLen); sp_2048_from_mp(d, 32, dm); sp_2048_from_mp(m, 32, mm); err = sp_2048_mod_exp_32(r, a, d, 2048, m, 0); @@ -2305,14 +2303,16 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm, tmpb = tmpa + 32; r = a + 32; - sp_2048_from_bin(a, 32, in, inLen); + sp_2048_from_bin(a, 32, in, (int)inLen); sp_2048_from_mp(p, 16, pm); sp_2048_from_mp(q, 16, qm); sp_2048_from_mp(dp, 16, dpm); #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { err = sp_2048_mod_exp_avx2_16(tmpa, a, dp, 1024, p, 1); + } else #endif err = sp_2048_mod_exp_16(tmpa, a, dp, 1024, p, 1); @@ -2320,8 +2320,10 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm, if (err == MP_OKAY) { sp_2048_from_mp(dq, 16, dqm); #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { err = sp_2048_mod_exp_avx2_16(tmpb, a, dq, 1024, q, 1); + } else #endif err = sp_2048_mod_exp_16(tmpb, a, dq, 1024, q, 1); @@ -2330,7 +2332,8 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm, if (err == MP_OKAY) { c = sp_2048_sub_in_place_16(tmpa, tmpb); #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) { + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { c += sp_2048_cond_add_avx2_16(tmpa, tmpa, p, c); sp_2048_cond_add_avx2_16(tmpa, tmpa, p, c); } @@ -2343,7 +2346,8 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm, sp_2048_from_mp(qi, 16, qim); #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) { + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { sp_2048_mul_avx2_16(tmpa, tmpa, qi); } else @@ -2356,7 +2360,8 @@ int sp_RsaPrivate_2048(const byte* in, word32 inLen, const mp_int* dm, if (err == MP_OKAY) { #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) { + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { sp_2048_mul_avx2_16(tmpa, q, tmpa); } else @@ -2519,8 +2524,10 @@ int sp_ModExp_2048(const mp_int* base, const mp_int* exp, const mp_int* mod, sp_2048_from_mp(m, 32, mod); #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { err = sp_2048_mod_exp_avx2_32(r, b, e, expBits, m, 0); + } else #endif err = sp_2048_mod_exp_32(r, b, e, expBits, m, 0); @@ -2531,14 +2538,12 @@ int sp_ModExp_2048(const mp_int* base, const mp_int* exp, const mp_int* mod, } #ifdef WOLFSSL_SP_SMALL_STACK - if (b != NULL) - XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (e != NULL) { XMEMSET(e, 0, 32); XFREE(e, NULL, DYNAMIC_TYPE_TMP_BUFFER); } - if (m != NULL) - XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER); #else XMEMSET(e, 0, sizeof(e)); #endif @@ -2682,13 +2687,12 @@ static int sp_2048_mod_exp_2_avx2_32(sp_digit* r, const sp_digit* e, int bits, XMEMSET(&r[32], 0, sizeof(sp_digit) * 32); sp_2048_mont_reduce_avx2_32(r, m, mp); - mask = 0 - (sp_2048_cmp_32(r, m) >= 0); + mask = (sp_digit)0 - (sp_2048_cmp_32(r, m) >= 0); sp_2048_cond_sub_avx2_32(r, r, m, mask); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -2821,13 +2825,12 @@ static int sp_2048_mod_exp_2_32(sp_digit* r, const sp_digit* e, int bits, XMEMSET(&r[32], 0, sizeof(sp_digit) * 32); sp_2048_mont_reduce_32(r, m, mp); - mask = 0 - (sp_2048_cmp_32(r, m) >= 0); + mask = (sp_digit)0 - (sp_2048_cmp_32(r, m) >= 0); sp_2048_cond_sub_32(r, r, m, mask); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -2897,27 +2900,31 @@ int sp_DhExp_2048(const mp_int* base, const byte* exp, word32 expLen, if (err == MP_OKAY) { sp_2048_from_mp(b, 32, base); - sp_2048_from_bin(e, 32, exp, expLen); + sp_2048_from_bin(e, 32, exp, (int)expLen); sp_2048_from_mp(m, 32, mod); #ifdef HAVE_FFDHE_2048 if (base->used == 1 && base->dp[0] == 2 && m[31] == (sp_digit)-1) { #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) - err = sp_2048_mod_exp_2_avx2_32(r, e, expLen * 8, m); + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { + err = sp_2048_mod_exp_2_avx2_32(r, e, (int)expLen * 8, m); + } else #endif - err = sp_2048_mod_exp_2_32(r, e, expLen * 8, m); + err = sp_2048_mod_exp_2_32(r, e, (int)expLen * 8, m); } else #endif { #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) - err = sp_2048_mod_exp_avx2_32(r, b, e, expLen * 8, m, 0); + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { + err = sp_2048_mod_exp_avx2_32(r, b, e, (int)expLen * 8, m, 0); + } else #endif - err = sp_2048_mod_exp_32(r, b, e, expLen * 8, m, 0); + err = sp_2048_mod_exp_32(r, b, e, (int)expLen * 8, m, 0); } } @@ -2932,14 +2939,12 @@ int sp_DhExp_2048(const mp_int* base, const byte* exp, word32 expLen, } #ifdef WOLFSSL_SP_SMALL_STACK - if (b != NULL) - XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (e != NULL) { XMEMSET(e, 0, 32); XFREE(e, NULL, DYNAMIC_TYPE_TMP_BUFFER); } - if (m != NULL) - XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER); #else XMEMSET(e, 0, sizeof(e)); #endif @@ -3010,8 +3015,10 @@ int sp_ModExp_1024(const mp_int* base, const mp_int* exp, const mp_int* mod, sp_2048_from_mp(m, 16, mod); #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { err = sp_2048_mod_exp_avx2_16(r, b, e, expBits, m, 0); + } else #endif err = sp_2048_mod_exp_16(r, b, e, expBits, m, 0); @@ -3023,14 +3030,12 @@ int sp_ModExp_1024(const mp_int* base, const mp_int* exp, const mp_int* mod, } #ifdef WOLFSSL_SP_SMALL_STACK - if (b != NULL) - XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (e != NULL) { XMEMSET(e, 0, 16); XFREE(e, NULL, DYNAMIC_TYPE_TMP_BUFFER); } - if (m != NULL) - XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER); #else XMEMSET(e, 0, sizeof(e)); #endif @@ -3494,8 +3499,8 @@ static WC_INLINE sp_digit div_3072_word_24(sp_digit d1, sp_digit d0, static WC_INLINE sp_digit div_3072_word_24(sp_digit d1, sp_digit d0, sp_digit div) { - ASSERT_SAVED_VECTOR_REGISTERS(); register sp_digit r asm("rax"); + ASSERT_SAVED_VECTOR_REGISTERS(); __asm__ __volatile__ ( "divq %3" : "=a" (r) @@ -3577,7 +3582,7 @@ static WC_INLINE int sp_3072_div_24(const sp_digit* a, const sp_digit* d, sp_dig #endif sp_3072_cond_sub_24(&t1[24], &t1[24], d, (sp_digit)0 - r1); for (i = 23; i >= 0; i--) { - sp_digit mask = 0 - (t1[24 + i] == div); + sp_digit mask = (sp_digit)0 - (t1[24 + i] == div); sp_digit hi = t1[24 + i] + mask; r1 = div_3072_word_24(hi, t1[24 + i - 1], div); r1 |= mask; @@ -3808,13 +3813,12 @@ static int sp_3072_mod_exp_24(sp_digit* r, const sp_digit* a, const sp_digit* e, XMEMSET(&r[24], 0, sizeof(sp_digit) * 24); sp_3072_mont_reduce_24(r, m, mp); - mask = 0 - (sp_3072_cmp_24(r, m) >= 0); + mask = (sp_digit)0 - (sp_3072_cmp_24(r, m) >= 0); sp_3072_cond_sub_24(r, r, m, mask); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -4049,13 +4053,12 @@ static int sp_3072_mod_exp_avx2_24(sp_digit* r, const sp_digit* a, const sp_digi XMEMSET(&r[24], 0, sizeof(sp_digit) * 24); sp_3072_mont_reduce_avx2_24(r, m, mp); - mask = 0 - (sp_3072_cmp_24(r, m) >= 0); + mask = (sp_digit)0 - (sp_3072_cmp_24(r, m) >= 0); sp_3072_cond_sub_avx2_24(r, r, m, mask); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -4178,8 +4181,8 @@ static WC_INLINE sp_digit div_3072_word_48(sp_digit d1, sp_digit d0, static WC_INLINE sp_digit div_3072_word_48(sp_digit d1, sp_digit d0, sp_digit div) { - ASSERT_SAVED_VECTOR_REGISTERS(); register sp_digit r asm("rax"); + ASSERT_SAVED_VECTOR_REGISTERS(); __asm__ __volatile__ ( "divq %3" : "=a" (r) @@ -4354,7 +4357,7 @@ static WC_INLINE int sp_3072_div_48(const sp_digit* a, const sp_digit* d, sp_dig #endif sp_3072_cond_sub_48(&t1[48], &t1[48], d, (sp_digit)0 - r1); for (i = 47; i >= 0; i--) { - sp_digit mask = 0 - (t1[48 + i] == div); + sp_digit mask = (sp_digit)0 - (t1[48 + i] == div); sp_digit hi = t1[48 + i] + mask; r1 = div_3072_word_48(hi, t1[48 + i - 1], div); r1 |= mask; @@ -4568,13 +4571,12 @@ static int sp_3072_mod_exp_48(sp_digit* r, const sp_digit* a, const sp_digit* e, XMEMSET(&r[48], 0, sizeof(sp_digit) * 48); sp_3072_mont_reduce_48(r, m, mp); - mask = 0 - (sp_3072_cmp_48(r, m) >= 0); + mask = (sp_digit)0 - (sp_3072_cmp_48(r, m) >= 0); sp_3072_cond_sub_48(r, r, m, mask); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -4792,13 +4794,12 @@ static int sp_3072_mod_exp_avx2_48(sp_digit* r, const sp_digit* a, const sp_digi XMEMSET(&r[48], 0, sizeof(sp_digit) * 48); sp_3072_mont_reduce_avx2_48(r, m, mp); - mask = 0 - (sp_3072_cmp_48(r, m) >= 0); + mask = (sp_digit)0 - (sp_3072_cmp_48(r, m) >= 0); sp_3072_cond_sub_avx2_48(r, r, m, mask); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -4863,7 +4864,7 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em, m = r + 48 * 2; ah = a + 48; - sp_3072_from_bin(ah, 48, in, inLen); + sp_3072_from_bin(ah, 48, in, (int)inLen); #if DIGIT_BIT >= 64 e = em->dp[0]; #else @@ -4891,7 +4892,8 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em, if (err == MP_OKAY) { /* r = a ^ 0x10000 => r = a squared 16 times */ #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) { + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { for (i = 15; i >= 0; i--) { sp_3072_mont_sqr_avx2_48(r, r, m, mp); } @@ -4922,7 +4924,8 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em, } else if (e == 0x3) { #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) { + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { if (err == MP_OKAY) { sp_3072_sqr_avx2_48(r, ah); err = sp_3072_mod_48_cond(r, r, m); @@ -4964,7 +4967,8 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em, XMEMCPY(r, a, sizeof(sp_digit) * 48); #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) { + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { for (i--; i>=0; i--) { sp_3072_mont_sqr_avx2_48(r, r, m, mp); if (((e >> i) & 1) == 1) { @@ -5003,8 +5007,7 @@ int sp_RsaPublic_3072(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (a != NULL) - XFREE(a, NULL, DYNAMIC_TYPE_RSA); + XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -5085,7 +5088,7 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm, r = a; - sp_3072_from_bin(a, 48, in, inLen); + sp_3072_from_bin(a, 48, in, (int)inLen); sp_3072_from_mp(d, 48, dm); sp_3072_from_mp(m, 48, mm); err = sp_3072_mod_exp_48(r, a, d, 3072, m, 0); @@ -5203,14 +5206,16 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm, tmpb = tmpa + 48; r = a + 48; - sp_3072_from_bin(a, 48, in, inLen); + sp_3072_from_bin(a, 48, in, (int)inLen); sp_3072_from_mp(p, 24, pm); sp_3072_from_mp(q, 24, qm); sp_3072_from_mp(dp, 24, dpm); #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { err = sp_3072_mod_exp_avx2_24(tmpa, a, dp, 1536, p, 1); + } else #endif err = sp_3072_mod_exp_24(tmpa, a, dp, 1536, p, 1); @@ -5218,8 +5223,10 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm, if (err == MP_OKAY) { sp_3072_from_mp(dq, 24, dqm); #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { err = sp_3072_mod_exp_avx2_24(tmpb, a, dq, 1536, q, 1); + } else #endif err = sp_3072_mod_exp_24(tmpb, a, dq, 1536, q, 1); @@ -5228,7 +5235,8 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm, if (err == MP_OKAY) { c = sp_3072_sub_in_place_24(tmpa, tmpb); #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) { + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { c += sp_3072_cond_add_avx2_24(tmpa, tmpa, p, c); sp_3072_cond_add_avx2_24(tmpa, tmpa, p, c); } @@ -5241,7 +5249,8 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm, sp_3072_from_mp(qi, 24, qim); #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) { + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { sp_3072_mul_avx2_24(tmpa, tmpa, qi); } else @@ -5254,7 +5263,8 @@ int sp_RsaPrivate_3072(const byte* in, word32 inLen, const mp_int* dm, if (err == MP_OKAY) { #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) { + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { sp_3072_mul_avx2_24(tmpa, q, tmpa); } else @@ -5417,8 +5427,10 @@ int sp_ModExp_3072(const mp_int* base, const mp_int* exp, const mp_int* mod, sp_3072_from_mp(m, 48, mod); #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { err = sp_3072_mod_exp_avx2_48(r, b, e, expBits, m, 0); + } else #endif err = sp_3072_mod_exp_48(r, b, e, expBits, m, 0); @@ -5429,14 +5441,12 @@ int sp_ModExp_3072(const mp_int* base, const mp_int* exp, const mp_int* mod, } #ifdef WOLFSSL_SP_SMALL_STACK - if (b != NULL) - XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (e != NULL) { XMEMSET(e, 0, 48); XFREE(e, NULL, DYNAMIC_TYPE_TMP_BUFFER); } - if (m != NULL) - XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER); #else XMEMSET(e, 0, sizeof(e)); #endif @@ -5580,13 +5590,12 @@ static int sp_3072_mod_exp_2_avx2_48(sp_digit* r, const sp_digit* e, int bits, XMEMSET(&r[48], 0, sizeof(sp_digit) * 48); sp_3072_mont_reduce_avx2_48(r, m, mp); - mask = 0 - (sp_3072_cmp_48(r, m) >= 0); + mask = (sp_digit)0 - (sp_3072_cmp_48(r, m) >= 0); sp_3072_cond_sub_avx2_48(r, r, m, mask); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -5719,13 +5728,12 @@ static int sp_3072_mod_exp_2_48(sp_digit* r, const sp_digit* e, int bits, XMEMSET(&r[48], 0, sizeof(sp_digit) * 48); sp_3072_mont_reduce_48(r, m, mp); - mask = 0 - (sp_3072_cmp_48(r, m) >= 0); + mask = (sp_digit)0 - (sp_3072_cmp_48(r, m) >= 0); sp_3072_cond_sub_48(r, r, m, mask); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -5795,27 +5803,31 @@ int sp_DhExp_3072(const mp_int* base, const byte* exp, word32 expLen, if (err == MP_OKAY) { sp_3072_from_mp(b, 48, base); - sp_3072_from_bin(e, 48, exp, expLen); + sp_3072_from_bin(e, 48, exp, (int)expLen); sp_3072_from_mp(m, 48, mod); #ifdef HAVE_FFDHE_3072 if (base->used == 1 && base->dp[0] == 2 && m[47] == (sp_digit)-1) { #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) - err = sp_3072_mod_exp_2_avx2_48(r, e, expLen * 8, m); + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { + err = sp_3072_mod_exp_2_avx2_48(r, e, (int)expLen * 8, m); + } else #endif - err = sp_3072_mod_exp_2_48(r, e, expLen * 8, m); + err = sp_3072_mod_exp_2_48(r, e, (int)expLen * 8, m); } else #endif { #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) - err = sp_3072_mod_exp_avx2_48(r, b, e, expLen * 8, m, 0); + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { + err = sp_3072_mod_exp_avx2_48(r, b, e, (int)expLen * 8, m, 0); + } else #endif - err = sp_3072_mod_exp_48(r, b, e, expLen * 8, m, 0); + err = sp_3072_mod_exp_48(r, b, e, (int)expLen * 8, m, 0); } } @@ -5830,14 +5842,12 @@ int sp_DhExp_3072(const mp_int* base, const byte* exp, word32 expLen, } #ifdef WOLFSSL_SP_SMALL_STACK - if (b != NULL) - XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (e != NULL) { XMEMSET(e, 0, 48); XFREE(e, NULL, DYNAMIC_TYPE_TMP_BUFFER); } - if (m != NULL) - XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER); #else XMEMSET(e, 0, sizeof(e)); #endif @@ -5908,8 +5918,10 @@ int sp_ModExp_1536(const mp_int* base, const mp_int* exp, const mp_int* mod, sp_3072_from_mp(m, 24, mod); #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { err = sp_3072_mod_exp_avx2_24(r, b, e, expBits, m, 0); + } else #endif err = sp_3072_mod_exp_24(r, b, e, expBits, m, 0); @@ -5921,14 +5933,12 @@ int sp_ModExp_1536(const mp_int* base, const mp_int* exp, const mp_int* mod, } #ifdef WOLFSSL_SP_SMALL_STACK - if (b != NULL) - XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (e != NULL) { XMEMSET(e, 0, 24); XFREE(e, NULL, DYNAMIC_TYPE_TMP_BUFFER); } - if (m != NULL) - XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER); #else XMEMSET(e, 0, sizeof(e)); #endif @@ -6302,8 +6312,8 @@ static WC_INLINE sp_digit div_4096_word_64(sp_digit d1, sp_digit d0, static WC_INLINE sp_digit div_4096_word_64(sp_digit d1, sp_digit d0, sp_digit div) { - ASSERT_SAVED_VECTOR_REGISTERS(); register sp_digit r asm("rax"); + ASSERT_SAVED_VECTOR_REGISTERS(); __asm__ __volatile__ ( "divq %3" : "=a" (r) @@ -6478,7 +6488,7 @@ static WC_INLINE int sp_4096_div_64(const sp_digit* a, const sp_digit* d, sp_dig #endif sp_4096_cond_sub_64(&t1[64], &t1[64], d, (sp_digit)0 - r1); for (i = 63; i >= 0; i--) { - sp_digit mask = 0 - (t1[64 + i] == div); + sp_digit mask = (sp_digit)0 - (t1[64 + i] == div); sp_digit hi = t1[64 + i] + mask; r1 = div_4096_word_64(hi, t1[64 + i - 1], div); r1 |= mask; @@ -6692,13 +6702,12 @@ static int sp_4096_mod_exp_64(sp_digit* r, const sp_digit* a, const sp_digit* e, XMEMSET(&r[64], 0, sizeof(sp_digit) * 64); sp_4096_mont_reduce_64(r, m, mp); - mask = 0 - (sp_4096_cmp_64(r, m) >= 0); + mask = (sp_digit)0 - (sp_4096_cmp_64(r, m) >= 0); sp_4096_cond_sub_64(r, r, m, mask); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -6916,13 +6925,12 @@ static int sp_4096_mod_exp_avx2_64(sp_digit* r, const sp_digit* a, const sp_digi XMEMSET(&r[64], 0, sizeof(sp_digit) * 64); sp_4096_mont_reduce_avx2_64(r, m, mp); - mask = 0 - (sp_4096_cmp_64(r, m) >= 0); + mask = (sp_digit)0 - (sp_4096_cmp_64(r, m) >= 0); sp_4096_cond_sub_avx2_64(r, r, m, mask); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -6987,7 +6995,7 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em, m = r + 64 * 2; ah = a + 64; - sp_4096_from_bin(ah, 64, in, inLen); + sp_4096_from_bin(ah, 64, in, (int)inLen); #if DIGIT_BIT >= 64 e = em->dp[0]; #else @@ -7015,7 +7023,8 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em, if (err == MP_OKAY) { /* r = a ^ 0x10000 => r = a squared 16 times */ #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) { + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { for (i = 15; i >= 0; i--) { sp_4096_mont_sqr_avx2_64(r, r, m, mp); } @@ -7046,7 +7055,8 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em, } else if (e == 0x3) { #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) { + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { if (err == MP_OKAY) { sp_4096_sqr_avx2_64(r, ah); err = sp_4096_mod_64_cond(r, r, m); @@ -7088,7 +7098,8 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em, XMEMCPY(r, a, sizeof(sp_digit) * 64); #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) { + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { for (i--; i>=0; i--) { sp_4096_mont_sqr_avx2_64(r, r, m, mp); if (((e >> i) & 1) == 1) { @@ -7127,8 +7138,7 @@ int sp_RsaPublic_4096(const byte* in, word32 inLen, const mp_int* em, } #ifdef WOLFSSL_SP_SMALL_STACK - if (a != NULL) - XFREE(a, NULL, DYNAMIC_TYPE_RSA); + XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return err; @@ -7209,7 +7219,7 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm, r = a; - sp_4096_from_bin(a, 64, in, inLen); + sp_4096_from_bin(a, 64, in, (int)inLen); sp_4096_from_mp(d, 64, dm); sp_4096_from_mp(m, 64, mm); err = sp_4096_mod_exp_64(r, a, d, 4096, m, 0); @@ -7327,14 +7337,16 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm, tmpb = tmpa + 64; r = a + 64; - sp_4096_from_bin(a, 64, in, inLen); + sp_4096_from_bin(a, 64, in, (int)inLen); sp_4096_from_mp(p, 32, pm); sp_4096_from_mp(q, 32, qm); sp_4096_from_mp(dp, 32, dpm); #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { err = sp_2048_mod_exp_avx2_32(tmpa, a, dp, 2048, p, 1); + } else #endif err = sp_2048_mod_exp_32(tmpa, a, dp, 2048, p, 1); @@ -7342,8 +7354,10 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm, if (err == MP_OKAY) { sp_4096_from_mp(dq, 32, dqm); #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { err = sp_2048_mod_exp_avx2_32(tmpb, a, dq, 2048, q, 1); + } else #endif err = sp_2048_mod_exp_32(tmpb, a, dq, 2048, q, 1); @@ -7352,7 +7366,8 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm, if (err == MP_OKAY) { c = sp_2048_sub_in_place_32(tmpa, tmpb); #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) { + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { c += sp_4096_cond_add_avx2_32(tmpa, tmpa, p, c); sp_4096_cond_add_avx2_32(tmpa, tmpa, p, c); } @@ -7365,7 +7380,8 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm, sp_2048_from_mp(qi, 32, qim); #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) { + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { sp_2048_mul_avx2_32(tmpa, tmpa, qi); } else @@ -7378,7 +7394,8 @@ int sp_RsaPrivate_4096(const byte* in, word32 inLen, const mp_int* dm, if (err == MP_OKAY) { #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) { + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { sp_2048_mul_avx2_32(tmpa, q, tmpa); } else @@ -7541,8 +7558,10 @@ int sp_ModExp_4096(const mp_int* base, const mp_int* exp, const mp_int* mod, sp_4096_from_mp(m, 64, mod); #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { err = sp_4096_mod_exp_avx2_64(r, b, e, expBits, m, 0); + } else #endif err = sp_4096_mod_exp_64(r, b, e, expBits, m, 0); @@ -7553,14 +7572,12 @@ int sp_ModExp_4096(const mp_int* base, const mp_int* exp, const mp_int* mod, } #ifdef WOLFSSL_SP_SMALL_STACK - if (b != NULL) - XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (e != NULL) { XMEMSET(e, 0, 64); XFREE(e, NULL, DYNAMIC_TYPE_TMP_BUFFER); } - if (m != NULL) - XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER); #else XMEMSET(e, 0, sizeof(e)); #endif @@ -7704,13 +7721,12 @@ static int sp_4096_mod_exp_2_avx2_64(sp_digit* r, const sp_digit* e, int bits, XMEMSET(&r[64], 0, sizeof(sp_digit) * 64); sp_4096_mont_reduce_avx2_64(r, m, mp); - mask = 0 - (sp_4096_cmp_64(r, m) >= 0); + mask = (sp_digit)0 - (sp_4096_cmp_64(r, m) >= 0); sp_4096_cond_sub_avx2_64(r, r, m, mask); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -7843,13 +7859,12 @@ static int sp_4096_mod_exp_2_64(sp_digit* r, const sp_digit* e, int bits, XMEMSET(&r[64], 0, sizeof(sp_digit) * 64); sp_4096_mont_reduce_64(r, m, mp); - mask = 0 - (sp_4096_cmp_64(r, m) >= 0); + mask = (sp_digit)0 - (sp_4096_cmp_64(r, m) >= 0); sp_4096_cond_sub_64(r, r, m, mask); } #ifdef WOLFSSL_SP_SMALL_STACK - if (td != NULL) - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; @@ -7919,27 +7934,31 @@ int sp_DhExp_4096(const mp_int* base, const byte* exp, word32 expLen, if (err == MP_OKAY) { sp_4096_from_mp(b, 64, base); - sp_4096_from_bin(e, 64, exp, expLen); + sp_4096_from_bin(e, 64, exp, (int)expLen); sp_4096_from_mp(m, 64, mod); #ifdef HAVE_FFDHE_4096 if (base->used == 1 && base->dp[0] == 2 && m[63] == (sp_digit)-1) { #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) - err = sp_4096_mod_exp_2_avx2_64(r, e, expLen * 8, m); + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { + err = sp_4096_mod_exp_2_avx2_64(r, e, (int)expLen * 8, m); + } else #endif - err = sp_4096_mod_exp_2_64(r, e, expLen * 8, m); + err = sp_4096_mod_exp_2_64(r, e, (int)expLen * 8, m); } else #endif { #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) - err = sp_4096_mod_exp_avx2_64(r, b, e, expLen * 8, m, 0); + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { + err = sp_4096_mod_exp_avx2_64(r, b, e, (int)expLen * 8, m, 0); + } else #endif - err = sp_4096_mod_exp_64(r, b, e, expLen * 8, m, 0); + err = sp_4096_mod_exp_64(r, b, e, (int)expLen * 8, m, 0); } } @@ -7954,14 +7973,12 @@ int sp_DhExp_4096(const mp_int* base, const byte* exp, word32 expLen, } #ifdef WOLFSSL_SP_SMALL_STACK - if (b != NULL) - XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(b, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (e != NULL) { XMEMSET(e, 0, 64); XFREE(e, NULL, DYNAMIC_TYPE_TMP_BUFFER); } - if (m != NULL) - XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(m, NULL, DYNAMIC_TYPE_TMP_BUFFER); #else XMEMSET(e, 0, sizeof(e)); #endif @@ -8119,14 +8136,14 @@ static int sp_256_mod_mul_norm_4(sp_digit* r, const sp_digit* a, const sp_digit* (void)m; - a32[0] = a[0] & 0xffffffff; - a32[1] = a[0] >> 32; - a32[2] = a[1] & 0xffffffff; - a32[3] = a[1] >> 32; - a32[4] = a[2] & 0xffffffff; - a32[5] = a[2] >> 32; - a32[6] = a[3] & 0xffffffff; - a32[7] = a[3] >> 32; + a32[0] = (int64_t)(a[0] & 0xffffffff); + a32[1] = (int64_t)(a[0] >> 32); + a32[2] = (int64_t)(a[1] & 0xffffffff); + a32[3] = (int64_t)(a[1] >> 32); + a32[4] = (int64_t)(a[2] & 0xffffffff); + a32[5] = (int64_t)(a[2] >> 32); + a32[6] = (int64_t)(a[3] & 0xffffffff); + a32[7] = (int64_t)(a[3] >> 32); /* 1 1 0 -1 -1 -1 -1 0 */ t[0] = 0 + a32[0] + a32[1] - a32[3] - a32[4] - a32[5] - a32[6]; @@ -8176,10 +8193,10 @@ static int sp_256_mod_mul_norm_4(sp_digit* r, const sp_digit* a, const sp_digit* t[5] += t[4] >> 32; t[4] &= 0xffffffff; t[6] += t[5] >> 32; t[5] &= 0xffffffff; t[7] += t[6] >> 32; t[6] &= 0xffffffff; - r[0] = (t[1] << 32) | t[0]; - r[1] = (t[3] << 32) | t[2]; - r[2] = (t[5] << 32) | t[4]; - r[3] = (t[7] << 32) | t[6]; + r[0] = (sp_digit)((t[1] << 32) | t[0]); + r[1] = (sp_digit)((t[3] << 32) | t[2]); + r[2] = (sp_digit)((t[5] << 32) | t[4]); + r[3] = (sp_digit)((t[7] << 32) | t[6]); return MP_OKAY; } @@ -8554,7 +8571,7 @@ static void sp_256_map_4(sp_point_256* r, const sp_point_256* p, sp_256_mont_reduce_4(r->x, p256_mod, p256_mp_mod); /* Reduce x to less than modulus */ n = sp_256_cmp_4(r->x, p256_mod); - sp_256_cond_sub_4(r->x, r->x, p256_mod, ~(n >> 63)); + sp_256_cond_sub_4(r->x, r->x, p256_mod, (sp_digit)~(n >> 63)); sp_256_norm_4(r->x); /* y /= z^3 */ @@ -8563,7 +8580,7 @@ static void sp_256_map_4(sp_point_256* r, const sp_point_256* p, sp_256_mont_reduce_4(r->y, p256_mod, p256_mp_mod); /* Reduce y to less than modulus */ n = sp_256_cmp_4(r->y, p256_mod); - sp_256_cond_sub_4(r->y, r->y, p256_mod, ~(n >> 63)); + sp_256_cond_sub_4(r->y, r->y, p256_mod, (sp_digit)~(n >> 63)); sp_256_norm_4(r->y); XMEMSET(r->z, 0, sizeof(r->z) / 2); @@ -8980,8 +8997,8 @@ static void sp_256_proj_point_add_4(sp_point_256* r, sp_256_mont_sub_4(y, y, t5, p256_mod); { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -8998,7 +9015,7 @@ static void sp_256_proj_point_add_4(sp_point_256* r, (z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } } } @@ -9170,8 +9187,8 @@ static int sp_256_proj_point_add_4_nb(sp_ecc_ctx_t* sp_ctx, sp_point_256* r, { { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -9188,7 +9205,7 @@ static int sp_256_proj_point_add_4_nb(sp_ecc_ctx_t* sp_ctx, sp_point_256* r, (ctx->z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } ctx->state = 25; break; @@ -9399,7 +9416,7 @@ static void sp_256_ecc_recode_6_4(const sp_digit* k, ecc_recode_256* v) n = k[j]; o = 0; for (i=0; i<43; i++) { - y = (int8_t)n; + y = (uint8_t)(int8_t)n; if (o + 6 < 64) { y &= 0x3f; n >>= 6; @@ -9575,10 +9592,8 @@ static int sp_256_ecc_mulmod_win_add_sub_4(sp_point_256* r, const sp_point_256* } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (tmp != NULL) - XFREE(tmp, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(tmp, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -9728,7 +9743,7 @@ static void sp_256_map_avx2_4(sp_point_256* r, const sp_point_256* p, sp_256_mont_reduce_avx2_4(r->x, p256_mod, p256_mp_mod); /* Reduce x to less than modulus */ n = sp_256_cmp_4(r->x, p256_mod); - sp_256_cond_sub_4(r->x, r->x, p256_mod, ~(n >> 63)); + sp_256_cond_sub_4(r->x, r->x, p256_mod, (sp_digit)~(n >> 63)); sp_256_norm_4(r->x); /* y /= z^3 */ @@ -9737,7 +9752,7 @@ static void sp_256_map_avx2_4(sp_point_256* r, const sp_point_256* p, sp_256_mont_reduce_avx2_4(r->y, p256_mod, p256_mp_mod); /* Reduce y to less than modulus */ n = sp_256_cmp_4(r->y, p256_mod); - sp_256_cond_sub_4(r->y, r->y, p256_mod, ~(n >> 63)); + sp_256_cond_sub_4(r->y, r->y, p256_mod, (sp_digit)~(n >> 63)); sp_256_norm_4(r->y); XMEMSET(r->z, 0, sizeof(r->z) / 2); @@ -10100,8 +10115,8 @@ static void sp_256_proj_point_add_avx2_4(sp_point_256* r, sp_256_mont_sub_avx2_4(y, y, t5, p256_mod); { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -10118,7 +10133,7 @@ static void sp_256_proj_point_add_avx2_4(sp_point_256* r, (z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } } } @@ -10290,8 +10305,8 @@ static int sp_256_proj_point_add_avx2_4_nb(sp_ecc_ctx_t* sp_ctx, sp_point_256* r { { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -10308,7 +10323,7 @@ static int sp_256_proj_point_add_avx2_4_nb(sp_ecc_ctx_t* sp_ctx, sp_point_256* r (ctx->z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } ctx->state = 25; break; @@ -10610,10 +10625,8 @@ static int sp_256_ecc_mulmod_win_add_sub_avx2_4(sp_point_256* r, const sp_point_ } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (tmp != NULL) - XFREE(tmp, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(tmp, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -10683,8 +10696,8 @@ static void sp_256_proj_point_add_qz1_4(sp_point_256* r, sp_256_mont_sub_4(y, t3, t1, p256_mod); { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -10701,7 +10714,7 @@ static void sp_256_proj_point_add_qz1_4(sp_point_256* r, (z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } } } @@ -10812,8 +10825,7 @@ static int sp_256_gen_stripe_table_4(const sp_point_256* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -10942,10 +10954,8 @@ static int sp_256_ecc_mulmod_stripe_4(sp_point_256* r, const sp_point_256* g, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -11175,8 +11185,8 @@ static void sp_256_proj_point_add_qz1_avx2_4(sp_point_256* r, sp_256_mont_sub_avx2_4(y, t3, t1, p256_mod); { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -11193,7 +11203,7 @@ static void sp_256_proj_point_add_qz1_avx2_4(sp_point_256* r, (z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } } } @@ -11304,8 +11314,7 @@ static int sp_256_gen_stripe_table_avx2_4(const sp_point_256* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -11420,10 +11429,8 @@ static int sp_256_ecc_mulmod_stripe_avx2_4(sp_point_256* r, const sp_point_256* } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -11544,8 +11551,10 @@ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r, sp_256_point_from_ecc_point_4(point, gm); #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { err = sp_256_ecc_mulmod_avx2_4(point, point, k, map, 1, heap); + } else #endif err = sp_256_ecc_mulmod_4(point, point, k, map, 1, heap); @@ -11555,10 +11564,8 @@ int sp_ecc_mulmod_256(const mp_int* km, const ecc_point* gm, ecc_point* r, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -11626,24 +11633,30 @@ int sp_ecc_mulmod_add_256(const mp_int* km, const ecc_point* gm, } if (err == MP_OKAY) { #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { err = sp_256_ecc_mulmod_avx2_4(point, point, k, 0, 0, heap); + } else #endif err = sp_256_ecc_mulmod_4(point, point, k, 0, 0, heap); } if (err == MP_OKAY) { #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { sp_256_proj_point_add_avx2_4(point, point, addP, tmp); + } else #endif sp_256_proj_point_add_4(point, point, addP, tmp); if (map) { #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { sp_256_map_avx2_4(point, point, tmp); + } else #endif sp_256_map_4(point, point, tmp); @@ -11653,10 +11666,8 @@ int sp_ecc_mulmod_add_256(const mp_int* km, const ecc_point* gm, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -12080,7 +12091,7 @@ static void sp_256_ecc_recode_7_4(const sp_digit* k, ecc_recode_256* v) n = k[j]; o = 0; for (i=0; i<37; i++) { - y = (int8_t)n; + y = (uint8_t)(int8_t)n; if (o + 7 < 64) { y &= 0x7f; n >>= 7; @@ -24183,8 +24194,7 @@ static int sp_256_ecc_mulmod_add_only_4(sp_point_256* r, const sp_point_256* g, #endif } #ifdef WOLFSSL_SP_SMALL_STACK - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -24317,8 +24327,7 @@ static int sp_256_ecc_mulmod_add_only_avx2_4(sp_point_256* r, const sp_point_256 #endif } #ifdef WOLFSSL_SP_SMALL_STACK - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -24383,8 +24392,10 @@ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap) sp_256_from_mp(k, 4, km); #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { err = sp_256_ecc_mulmod_base_avx2_4(point, k, map, 1, heap); + } else #endif err = sp_256_ecc_mulmod_base_4(point, k, map, 1, heap); @@ -24394,10 +24405,8 @@ int sp_ecc_mulmod_base_256(const mp_int* km, ecc_point* r, int map, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -24463,24 +24472,30 @@ int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am, } if (err == MP_OKAY) { #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { err = sp_256_ecc_mulmod_base_avx2_4(point, k, 0, 0, heap); + } else #endif err = sp_256_ecc_mulmod_base_4(point, k, 0, 0, heap); } if (err == MP_OKAY) { #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { sp_256_proj_point_add_avx2_4(point, point, addP, tmp); + } else #endif sp_256_proj_point_add_4(point, point, addP, tmp); if (map) { #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { sp_256_map_avx2_4(point, point, tmp); + } else #endif sp_256_map_4(point, point, tmp); @@ -24490,10 +24505,8 @@ int sp_ecc_mulmod_base_add_256(const mp_int* km, const ecc_point* am, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -24554,6 +24567,7 @@ static void sp_256_from_bin(sp_digit* r, int size, const byte* a, int n) */ static int sp_256_ecc_gen_k_4(WC_RNG* rng, sp_digit* k) { +#ifndef WC_NO_RNG int err; byte buf[32]; @@ -24570,6 +24584,11 @@ static int sp_256_ecc_gen_k_4(WC_RNG* rng, sp_digit* k) while (err == 0); return err; +#else + (void)rng; + (void)k; + return NOT_COMPILED_IN; +#endif } /* Makes a random EC key pair. @@ -24630,8 +24649,10 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) } if (err == MP_OKAY) { #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { err = sp_256_ecc_mulmod_base_avx2_4(point, k, 1, 1, NULL); + } else #endif err = sp_256_ecc_mulmod_base_4(point, k, 1, 1, NULL); @@ -24640,7 +24661,8 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN if (err == MP_OKAY) { #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) { + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { err = sp_256_ecc_mulmod_avx2_4(infinity, point, p256_order, 1, 1, NULL); } @@ -24663,12 +24685,9 @@ int sp_ecc_make_key_256(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) { - /* point is not sensitive, so no need to zeroize */ - XFREE(point, heap, DYNAMIC_TYPE_ECC); - } + XFREE(k, heap, DYNAMIC_TYPE_ECC); + /* point is not sensitive, so no need to zeroize */ + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -24838,8 +24857,10 @@ int sp_ecc_secret_gen_256(const mp_int* priv, const ecc_point* pub, byte* out, sp_256_from_mp(k, 4, priv); sp_256_point_from_ecc_point_4(point, pub); #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { err = sp_256_ecc_mulmod_avx2_4(point, point, k, 1, 1, heap); + } else #endif err = sp_256_ecc_mulmod_4(point, point, k, 1, 1, heap); @@ -24850,10 +24871,8 @@ int sp_ecc_secret_gen_256(const mp_int* priv, const ecc_point* pub, byte* out, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -24972,8 +24991,8 @@ static WC_INLINE sp_digit div_256_word_4(sp_digit d1, sp_digit d0, static WC_INLINE sp_digit div_256_word_4(sp_digit d1, sp_digit d0, sp_digit div) { - ASSERT_SAVED_VECTOR_REGISTERS(); register sp_digit r asm("rax"); + ASSERT_SAVED_VECTOR_REGISTERS(); __asm__ __volatile__ ( "divq %3" : "=a" (r) @@ -25040,7 +25059,7 @@ static WC_INLINE int sp_256_div_4(const sp_digit* a, const sp_digit* d, sp_digit #endif sp_256_cond_sub_4(&t1[4], &t1[4], d, (sp_digit)0 - r1); for (i = 3; i >= 0; i--) { - sp_digit mask = 0 - (t1[4 + i] == div); + sp_digit mask = (sp_digit)0 - (t1[4 + i] == div); sp_digit hi = t1[4 + i] + mask; r1 = div_256_word_4(hi, t1[4 + i - 1], div); r1 |= mask; @@ -25586,8 +25605,10 @@ static int sp_256_calc_s_4(sp_digit* s, const sp_digit* r, sp_digit* k, /* Conv k to Montgomery form (mod order) */ #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { sp_256_mul_avx2_4(k, k, p256_norm_order); + } else #endif sp_256_mul_4(k, k, p256_norm_order); @@ -25597,8 +25618,10 @@ static int sp_256_calc_s_4(sp_digit* s, const sp_digit* r, sp_digit* k, /* kInv = 1/k mod order */ #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { sp_256_mont_inv_order_avx2_4(kInv, k, tmp); + } else #endif sp_256_mont_inv_order_4(kInv, k, tmp); @@ -25606,8 +25629,10 @@ static int sp_256_calc_s_4(sp_digit* s, const sp_digit* r, sp_digit* k, /* s = r * x + e */ #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { sp_256_mul_avx2_4(x, x, r); + } else #endif sp_256_mul_4(x, x, r); @@ -25625,8 +25650,10 @@ static int sp_256_calc_s_4(sp_digit* s, const sp_digit* r, sp_digit* k, /* s = s * k^-1 mod order */ #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { sp_256_mont_mul_order_avx2_4(s, s, kInv); + } else #endif sp_256_mont_mul_order_4(s, s, kInv); @@ -25714,8 +25741,10 @@ int sp_ecc_sign_256(const byte* hash, word32 hashLen, WC_RNG* rng, } if (err == MP_OKAY) { #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { err = sp_256_ecc_mulmod_base_avx2_4(point, k, 1, 1, heap); + } else #endif err = sp_256_ecc_mulmod_base_4(point, k, 1, 1, heap); @@ -25977,7 +26006,8 @@ static void sp_256_add_points_4(sp_point_256* p1, const sp_point_256* p2, #endif #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) { + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { sp_256_proj_point_add_avx2_4(p1, p1, p2, tmp); } else @@ -25986,7 +26016,8 @@ static void sp_256_add_points_4(sp_point_256* p1, const sp_point_256* p2, if (sp_256_iszero_4(p1->z)) { if (sp_256_iszero_4(p1->x) && sp_256_iszero_4(p1->y)) { #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) { + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { sp_256_proj_point_dbl_avx2_4(p1, p2, tmp); } else @@ -26024,7 +26055,8 @@ static int sp_256_calc_vfy_point_4(sp_point_256* p1, sp_point_256* p2, #ifndef WOLFSSL_SP_SMALL #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) { + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { sp_256_mod_inv_avx2_4(s, s, p256_order); } else @@ -26035,7 +26067,8 @@ static int sp_256_calc_vfy_point_4(sp_point_256* p1, sp_point_256* p2, #endif /* !WOLFSSL_SP_SMALL */ { #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) { + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { sp_256_mul_avx2_4(s, s, p256_norm_order); } else @@ -26049,7 +26082,8 @@ static int sp_256_calc_vfy_point_4(sp_point_256* p1, sp_point_256* p2, sp_256_norm_4(s); #ifdef WOLFSSL_SP_SMALL #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) { + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { sp_256_mont_inv_order_avx2_4(s, s, tmp); sp_256_mont_mul_order_avx2_4(u1, u1, s); sp_256_mont_mul_order_avx2_4(u2, u2, s); @@ -26063,7 +26097,8 @@ static int sp_256_calc_vfy_point_4(sp_point_256* p1, sp_point_256* p2, } #else #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) { + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { sp_256_mont_mul_order_avx2_4(u1, u1, s); sp_256_mont_mul_order_avx2_4(u2, u2, s); } @@ -26075,7 +26110,8 @@ static int sp_256_calc_vfy_point_4(sp_point_256* p1, sp_point_256* p2, } #endif /* WOLFSSL_SP_SMALL */ #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) { + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { err = sp_256_ecc_mulmod_base_avx2_4(p1, u1, 0, 0, heap); } else @@ -26089,8 +26125,10 @@ static int sp_256_calc_vfy_point_4(sp_point_256* p1, sp_point_256* p2, } if (err == MP_OKAY) { #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { err = sp_256_ecc_mulmod_avx2_4(p2, p2, u2, 0, 0, heap); + } else #endif err = sp_256_ecc_mulmod_4(p2, p2, u2, 0, 0, heap); @@ -26192,14 +26230,18 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, if (err == MP_OKAY) { /* u1 = r.z'.z' mod prime */ #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { sp_256_mont_sqr_avx2_4(p1->z, p1->z, p256_mod, p256_mp_mod); + } else #endif sp_256_mont_sqr_4(p1->z, p1->z, p256_mod, p256_mp_mod); #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { sp_256_mont_mul_avx2_4(u1, u2, p1->z, p256_mod, p256_mp_mod); + } else #endif sp_256_mont_mul_4(u1, u2, p1->z, p256_mod, p256_mp_mod); @@ -26222,7 +26264,8 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, if (err == MP_OKAY) { /* u1 = (r + 1*order).z'.z' mod prime */ #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) { + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { sp_256_mont_mul_avx2_4(u1, u2, p1->z, p256_mod, p256_mp_mod); } @@ -26237,10 +26280,8 @@ int sp_ecc_verify_256(const byte* hash, word32 hashLen, const mp_int* pX, } #ifdef WOLFSSL_SP_SMALL_STACK - if (u1 != NULL) - XFREE(u1, heap, DYNAMIC_TYPE_ECC); - if (p1 != NULL) - XFREE(p1, heap, DYNAMIC_TYPE_ECC); + XFREE(u1, heap, DYNAMIC_TYPE_ECC); + XFREE(p1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -26447,8 +26488,7 @@ static int sp_256_ecc_is_point_4(const sp_point_256* point, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, heap, DYNAMIC_TYPE_ECC); + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -26487,8 +26527,7 @@ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY) } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, NULL, DYNAMIC_TYPE_ECC); + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -26578,8 +26617,10 @@ int sp_ecc_check_key_256(const mp_int* pX, const mp_int* pY, if (err == MP_OKAY) { /* Point * order = infinity */ #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { err = sp_256_ecc_mulmod_avx2_4(p, pub, p256_order, 1, 1, heap); + } else #endif err = sp_256_ecc_mulmod_4(p, pub, p256_order, 1, 1, heap); @@ -26594,8 +26635,10 @@ int sp_ecc_check_key_256(const mp_int* pX, const mp_int* pY, if (err == MP_OKAY) { /* Base * private = point */ #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { err = sp_256_ecc_mulmod_base_avx2_4(p, priv, 1, 1, heap); + } else #endif err = sp_256_ecc_mulmod_base_4(p, priv, 1, 1, heap); @@ -26609,10 +26652,8 @@ int sp_ecc_check_key_256(const mp_int* pX, const mp_int* pY, } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, heap, DYNAMIC_TYPE_ECC); - if (priv != NULL) - XFREE(priv, heap, DYNAMIC_TYPE_ECC); + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + XFREE(priv, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -26681,8 +26722,10 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, sp_256_iszero_4(q->y); #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { sp_256_proj_point_add_avx2_4(p, p, q, tmp); + } else #endif sp_256_proj_point_add_4(p, p, q, tmp); @@ -26699,10 +26742,8 @@ int sp_ecc_proj_add_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -26757,8 +26798,10 @@ int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, sp_256_iszero_4(p->y); #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { sp_256_proj_point_dbl_avx2_4(p, p, tmp); + } else #endif sp_256_proj_point_dbl_4(p, p, tmp); @@ -26775,10 +26818,8 @@ int sp_ecc_proj_dbl_point_256(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -26829,8 +26870,10 @@ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ) sp_256_iszero_4(p->y); #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { sp_256_map_avx2_4(p, p, tmp); + } else #endif sp_256_map_4(p, p, tmp); @@ -26847,10 +26890,8 @@ int sp_ecc_map_256(mp_int* pX, mp_int* pY, mp_int* pZ) } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -26886,7 +26927,8 @@ static int sp_256_mont_sqrt_4(sp_digit* y) t2 = t1 + 2 * 4; #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) { + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { /* t2 = y ^ 0x2 */ sp_256_mont_sqr_avx2_4(t2, y, p256_mod, p256_mp_mod); /* t1 = y ^ 0x3 */ @@ -26953,8 +26995,7 @@ static int sp_256_mont_sqrt_4(sp_digit* y) } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_ECC); + XFREE(t1, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -26996,7 +27037,8 @@ int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym) if (err == MP_OKAY) { /* y = x^3 */ #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) { + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { sp_256_mont_sqr_avx2_4(y, x, p256_mod, p256_mp_mod); sp_256_mont_mul_avx2_4(y, y, x, p256_mod, p256_mp_mod); } @@ -27029,8 +27071,7 @@ int sp_ecc_uncompress_256(mp_int* xm, int odd, mp_int* ym) } #ifdef WOLFSSL_SP_SMALL_STACK - if (x != NULL) - XFREE(x, NULL, DYNAMIC_TYPE_ECC); + XFREE(x, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -27197,18 +27238,18 @@ static int sp_384_mod_mul_norm_6(sp_digit* r, const sp_digit* a, const sp_digit* if (err == MP_OKAY) { a32 = t + 12; - a32[0] = a[0] & 0xffffffff; - a32[1] = a[0] >> 32; - a32[2] = a[1] & 0xffffffff; - a32[3] = a[1] >> 32; - a32[4] = a[2] & 0xffffffff; - a32[5] = a[2] >> 32; - a32[6] = a[3] & 0xffffffff; - a32[7] = a[3] >> 32; - a32[8] = a[4] & 0xffffffff; - a32[9] = a[4] >> 32; - a32[10] = a[5] & 0xffffffff; - a32[11] = a[5] >> 32; + a32[0] = (int64_t)(a[0] & 0xffffffff); + a32[1] = (int64_t)(a[0] >> 32); + a32[2] = (int64_t)(a[1] & 0xffffffff); + a32[3] = (int64_t)(a[1] >> 32); + a32[4] = (int64_t)(a[2] & 0xffffffff); + a32[5] = (int64_t)(a[2] >> 32); + a32[6] = (int64_t)(a[3] & 0xffffffff); + a32[7] = (int64_t)(a[3] >> 32); + a32[8] = (int64_t)(a[4] & 0xffffffff); + a32[9] = (int64_t)(a[4] >> 32); + a32[10] = (int64_t)(a[5] & 0xffffffff); + a32[11] = (int64_t)(a[5] >> 32); /* 1 0 0 0 0 0 0 0 1 1 0 -1 */ t[0] = 0 + a32[0] + a32[8] + a32[9] - a32[11]; @@ -27263,17 +27304,16 @@ static int sp_384_mod_mul_norm_6(sp_digit* r, const sp_digit* a, const sp_digit* t[10] += t[9] >> 32; t[9] &= 0xffffffff; t[11] += t[10] >> 32; t[10] &= 0xffffffff; - r[0] = (t[1] << 32) | t[0]; - r[1] = (t[3] << 32) | t[2]; - r[2] = (t[5] << 32) | t[4]; - r[3] = (t[7] << 32) | t[6]; - r[4] = (t[9] << 32) | t[8]; - r[5] = (t[11] << 32) | t[10]; + r[0] = (sp_digit)((t[1] << 32) | t[0]); + r[1] = (sp_digit)((t[3] << 32) | t[2]); + r[2] = (sp_digit)((t[5] << 32) | t[4]); + r[3] = (sp_digit)((t[7] << 32) | t[6]); + r[4] = (sp_digit)((t[9] << 32) | t[8]); + r[5] = (sp_digit)((t[11] << 32) | t[10]); } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, NULL, DYNAMIC_TYPE_ECC); + XFREE(t, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -27681,7 +27721,7 @@ static void sp_384_map_6(sp_point_384* r, const sp_point_384* p, sp_384_mont_reduce_6(r->x, p384_mod, p384_mp_mod); /* Reduce x to less than modulus */ n = sp_384_cmp_6(r->x, p384_mod); - sp_384_cond_sub_6(r->x, r->x, p384_mod, ~(n >> 63)); + sp_384_cond_sub_6(r->x, r->x, p384_mod, (sp_digit)~(n >> 63)); sp_384_norm_6(r->x); /* y /= z^3 */ @@ -27690,7 +27730,7 @@ static void sp_384_map_6(sp_point_384* r, const sp_point_384* p, sp_384_mont_reduce_6(r->y, p384_mod, p384_mp_mod); /* Reduce y to less than modulus */ n = sp_384_cmp_6(r->y, p384_mod); - sp_384_cond_sub_6(r->y, r->y, p384_mod, ~(n >> 63)); + sp_384_cond_sub_6(r->y, r->y, p384_mod, (sp_digit)~(n >> 63)); sp_384_norm_6(r->y); XMEMSET(r->z, 0, sizeof(r->z) / 2); @@ -28113,8 +28153,8 @@ static void sp_384_proj_point_add_6(sp_point_384* r, sp_384_mont_sub_6(y, y, t5, p384_mod); { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -28131,7 +28171,7 @@ static void sp_384_proj_point_add_6(sp_point_384* r, (z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } } } @@ -28305,8 +28345,8 @@ static int sp_384_proj_point_add_6_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r, { { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -28323,7 +28363,7 @@ static int sp_384_proj_point_add_6_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r, (ctx->z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } ctx->state = 25; break; @@ -28537,7 +28577,7 @@ static void sp_384_ecc_recode_6_6(const sp_digit* k, ecc_recode_384* v) n = k[j]; o = 0; for (i=0; i<65; i++) { - y = (int8_t)n; + y = (uint8_t)(int8_t)n; if (o + 6 < 64) { y &= 0x3f; n >>= 6; @@ -28713,10 +28753,8 @@ static int sp_384_ecc_mulmod_win_add_sub_6(sp_point_384* r, const sp_point_384* } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (tmp != NULL) - XFREE(tmp, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(tmp, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -28902,7 +28940,7 @@ static void sp_384_map_avx2_6(sp_point_384* r, const sp_point_384* p, sp_384_mont_reduce_avx2_6(r->x, p384_mod, p384_mp_mod); /* Reduce x to less than modulus */ n = sp_384_cmp_6(r->x, p384_mod); - sp_384_cond_sub_6(r->x, r->x, p384_mod, ~(n >> 63)); + sp_384_cond_sub_6(r->x, r->x, p384_mod, (sp_digit)~(n >> 63)); sp_384_norm_6(r->x); /* y /= z^3 */ @@ -28911,7 +28949,7 @@ static void sp_384_map_avx2_6(sp_point_384* r, const sp_point_384* p, sp_384_mont_reduce_avx2_6(r->y, p384_mod, p384_mp_mod); /* Reduce y to less than modulus */ n = sp_384_cmp_6(r->y, p384_mod); - sp_384_cond_sub_6(r->y, r->y, p384_mod, ~(n >> 63)); + sp_384_cond_sub_6(r->y, r->y, p384_mod, (sp_digit)~(n >> 63)); sp_384_norm_6(r->y); XMEMSET(r->z, 0, sizeof(r->z) / 2); @@ -29286,8 +29324,8 @@ static void sp_384_proj_point_add_avx2_6(sp_point_384* r, sp_384_mont_sub_avx2_6(y, y, t5, p384_mod); { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -29304,7 +29342,7 @@ static void sp_384_proj_point_add_avx2_6(sp_point_384* r, (z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } } } @@ -29478,8 +29516,8 @@ static int sp_384_proj_point_add_avx2_6_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r { { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -29496,7 +29534,7 @@ static int sp_384_proj_point_add_avx2_6_nb(sp_ecc_ctx_t* sp_ctx, sp_point_384* r (ctx->z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } ctx->state = 25; break; @@ -29801,10 +29839,8 @@ static int sp_384_ecc_mulmod_win_add_sub_avx2_6(sp_point_384* r, const sp_point_ } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (tmp != NULL) - XFREE(tmp, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(tmp, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -29877,8 +29913,8 @@ static void sp_384_proj_point_add_qz1_6(sp_point_384* r, sp_384_mont_sub_6(y, t3, t1, p384_mod); { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -29895,7 +29931,7 @@ static void sp_384_proj_point_add_qz1_6(sp_point_384* r, (z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } } } @@ -30006,8 +30042,7 @@ static int sp_384_gen_stripe_table_6(const sp_point_384* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -30136,10 +30171,8 @@ static int sp_384_ecc_mulmod_stripe_6(sp_point_384* r, const sp_point_384* g, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -30372,8 +30405,8 @@ static void sp_384_proj_point_add_qz1_avx2_6(sp_point_384* r, sp_384_mont_sub_avx2_6(y, t3, t1, p384_mod); { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -30390,7 +30423,7 @@ static void sp_384_proj_point_add_qz1_avx2_6(sp_point_384* r, (z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } } } @@ -30501,8 +30534,7 @@ static int sp_384_gen_stripe_table_avx2_6(const sp_point_384* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -30617,10 +30649,8 @@ static int sp_384_ecc_mulmod_stripe_avx2_6(sp_point_384* r, const sp_point_384* } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -30741,8 +30771,10 @@ int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r, sp_384_point_from_ecc_point_6(point, gm); #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { err = sp_384_ecc_mulmod_avx2_6(point, point, k, map, 1, heap); + } else #endif err = sp_384_ecc_mulmod_6(point, point, k, map, 1, heap); @@ -30752,10 +30784,8 @@ int sp_ecc_mulmod_384(const mp_int* km, const ecc_point* gm, ecc_point* r, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -30823,24 +30853,30 @@ int sp_ecc_mulmod_add_384(const mp_int* km, const ecc_point* gm, } if (err == MP_OKAY) { #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { err = sp_384_ecc_mulmod_avx2_6(point, point, k, 0, 0, heap); + } else #endif err = sp_384_ecc_mulmod_6(point, point, k, 0, 0, heap); } if (err == MP_OKAY) { #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { sp_384_proj_point_add_avx2_6(point, point, addP, tmp); + } else #endif sp_384_proj_point_add_6(point, point, addP, tmp); if (map) { #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { sp_384_map_avx2_6(point, point, tmp); + } else #endif sp_384_map_6(point, point, tmp); @@ -30850,10 +30886,8 @@ int sp_ecc_mulmod_add_384(const mp_int* km, const ecc_point* gm, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -31277,7 +31311,7 @@ static void sp_384_ecc_recode_7_6(const sp_digit* k, ecc_recode_384* v) n = k[j]; o = 0; for (i=0; i<55; i++) { - y = (int8_t)n; + y = (uint8_t)(int8_t)n; if (o + 7 < 64) { y &= 0x7f; n >>= 7; @@ -49194,8 +49228,7 @@ static int sp_384_ecc_mulmod_add_only_6(sp_point_384* r, const sp_point_384* g, #endif } #ifdef WOLFSSL_SP_SMALL_STACK - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -49328,8 +49361,7 @@ static int sp_384_ecc_mulmod_add_only_avx2_6(sp_point_384* r, const sp_point_384 #endif } #ifdef WOLFSSL_SP_SMALL_STACK - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -49394,8 +49426,10 @@ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap) sp_384_from_mp(k, 6, km); #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { err = sp_384_ecc_mulmod_base_avx2_6(point, k, map, 1, heap); + } else #endif err = sp_384_ecc_mulmod_base_6(point, k, map, 1, heap); @@ -49405,10 +49439,8 @@ int sp_ecc_mulmod_base_384(const mp_int* km, ecc_point* r, int map, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -49474,24 +49506,30 @@ int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am, } if (err == MP_OKAY) { #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { err = sp_384_ecc_mulmod_base_avx2_6(point, k, 0, 0, heap); + } else #endif err = sp_384_ecc_mulmod_base_6(point, k, 0, 0, heap); } if (err == MP_OKAY) { #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { sp_384_proj_point_add_avx2_6(point, point, addP, tmp); + } else #endif sp_384_proj_point_add_6(point, point, addP, tmp); if (map) { #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { sp_384_map_avx2_6(point, point, tmp); + } else #endif sp_384_map_6(point, point, tmp); @@ -49501,10 +49539,8 @@ int sp_ecc_mulmod_base_add_384(const mp_int* km, const ecc_point* am, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -49565,6 +49601,7 @@ static void sp_384_from_bin(sp_digit* r, int size, const byte* a, int n) */ static int sp_384_ecc_gen_k_6(WC_RNG* rng, sp_digit* k) { +#ifndef WC_NO_RNG int err; byte buf[48]; @@ -49581,6 +49618,11 @@ static int sp_384_ecc_gen_k_6(WC_RNG* rng, sp_digit* k) while (err == 0); return err; +#else + (void)rng; + (void)k; + return NOT_COMPILED_IN; +#endif } /* Makes a random EC key pair. @@ -49641,8 +49683,10 @@ int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) } if (err == MP_OKAY) { #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { err = sp_384_ecc_mulmod_base_avx2_6(point, k, 1, 1, NULL); + } else #endif err = sp_384_ecc_mulmod_base_6(point, k, 1, 1, NULL); @@ -49651,7 +49695,8 @@ int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN if (err == MP_OKAY) { #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) { + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { err = sp_384_ecc_mulmod_avx2_6(infinity, point, p384_order, 1, 1, NULL); } @@ -49674,12 +49719,9 @@ int sp_ecc_make_key_384(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) { - /* point is not sensitive, so no need to zeroize */ - XFREE(point, heap, DYNAMIC_TYPE_ECC); - } + XFREE(k, heap, DYNAMIC_TYPE_ECC); + /* point is not sensitive, so no need to zeroize */ + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -49849,8 +49891,10 @@ int sp_ecc_secret_gen_384(const mp_int* priv, const ecc_point* pub, byte* out, sp_384_from_mp(k, 6, priv); sp_384_point_from_ecc_point_6(point, pub); #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { err = sp_384_ecc_mulmod_avx2_6(point, point, k, 1, 1, heap); + } else #endif err = sp_384_ecc_mulmod_6(point, point, k, 1, 1, heap); @@ -49861,10 +49905,8 @@ int sp_ecc_secret_gen_384(const mp_int* priv, const ecc_point* pub, byte* out, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -49983,8 +50025,8 @@ static WC_INLINE sp_digit div_384_word_6(sp_digit d1, sp_digit d0, static WC_INLINE sp_digit div_384_word_6(sp_digit d1, sp_digit d0, sp_digit div) { - ASSERT_SAVED_VECTOR_REGISTERS(); register sp_digit r asm("rax"); + ASSERT_SAVED_VECTOR_REGISTERS(); __asm__ __volatile__ ( "divq %3" : "=a" (r) @@ -50053,7 +50095,7 @@ static WC_INLINE int sp_384_div_6(const sp_digit* a, const sp_digit* d, sp_digit #endif sp_384_cond_sub_6(&t1[6], &t1[6], d, (sp_digit)0 - r1); for (i = 5; i >= 0; i--) { - sp_digit mask = 0 - (t1[6 + i] == div); + sp_digit mask = (sp_digit)0 - (t1[6 + i] == div); sp_digit hi = t1[6 + i] + mask; r1 = div_384_word_6(hi, t1[6 + i - 1], div); r1 |= mask; @@ -50455,8 +50497,10 @@ static int sp_384_calc_s_6(sp_digit* s, const sp_digit* r, sp_digit* k, /* Conv k to Montgomery form (mod order) */ #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { sp_384_mul_avx2_6(k, k, p384_norm_order); + } else #endif sp_384_mul_6(k, k, p384_norm_order); @@ -50466,8 +50510,10 @@ static int sp_384_calc_s_6(sp_digit* s, const sp_digit* r, sp_digit* k, /* kInv = 1/k mod order */ #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { sp_384_mont_inv_order_avx2_6(kInv, k, tmp); + } else #endif sp_384_mont_inv_order_6(kInv, k, tmp); @@ -50475,8 +50521,10 @@ static int sp_384_calc_s_6(sp_digit* s, const sp_digit* r, sp_digit* k, /* s = r * x + e */ #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { sp_384_mul_avx2_6(x, x, r); + } else #endif sp_384_mul_6(x, x, r); @@ -50494,8 +50542,10 @@ static int sp_384_calc_s_6(sp_digit* s, const sp_digit* r, sp_digit* k, /* s = s * k^-1 mod order */ #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { sp_384_mont_mul_order_avx2_6(s, s, kInv); + } else #endif sp_384_mont_mul_order_6(s, s, kInv); @@ -50583,8 +50633,10 @@ int sp_ecc_sign_384(const byte* hash, word32 hashLen, WC_RNG* rng, } if (err == MP_OKAY) { #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { err = sp_384_ecc_mulmod_base_avx2_6(point, k, 1, 1, heap); + } else #endif err = sp_384_ecc_mulmod_base_6(point, k, 1, 1, heap); @@ -50935,7 +50987,8 @@ static void sp_384_add_points_6(sp_point_384* p1, const sp_point_384* p2, #endif #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) { + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { sp_384_proj_point_add_avx2_6(p1, p1, p2, tmp); } else @@ -50944,7 +50997,8 @@ static void sp_384_add_points_6(sp_point_384* p1, const sp_point_384* p2, if (sp_384_iszero_6(p1->z)) { if (sp_384_iszero_6(p1->x) && sp_384_iszero_6(p1->y)) { #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) { + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { sp_384_proj_point_dbl_avx2_6(p1, p2, tmp); } else @@ -50988,7 +51042,8 @@ static int sp_384_calc_vfy_point_6(sp_point_384* p1, sp_point_384* p2, #endif /* !WOLFSSL_SP_SMALL */ { #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) { + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { sp_384_mul_avx2_6(s, s, p384_norm_order); } else @@ -51002,7 +51057,8 @@ static int sp_384_calc_vfy_point_6(sp_point_384* p1, sp_point_384* p2, sp_384_norm_6(s); #ifdef WOLFSSL_SP_SMALL #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) { + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { sp_384_mont_inv_order_avx2_6(s, s, tmp); sp_384_mont_mul_order_avx2_6(u1, u1, s); sp_384_mont_mul_order_avx2_6(u2, u2, s); @@ -51016,7 +51072,8 @@ static int sp_384_calc_vfy_point_6(sp_point_384* p1, sp_point_384* p2, } #else #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) { + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { sp_384_mont_mul_order_avx2_6(u1, u1, s); sp_384_mont_mul_order_avx2_6(u2, u2, s); } @@ -51028,7 +51085,8 @@ static int sp_384_calc_vfy_point_6(sp_point_384* p1, sp_point_384* p2, } #endif /* WOLFSSL_SP_SMALL */ #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) { + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { err = sp_384_ecc_mulmod_base_avx2_6(p1, u1, 0, 0, heap); } else @@ -51042,8 +51100,10 @@ static int sp_384_calc_vfy_point_6(sp_point_384* p1, sp_point_384* p2, } if (err == MP_OKAY) { #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { err = sp_384_ecc_mulmod_avx2_6(p2, p2, u2, 0, 0, heap); + } else #endif err = sp_384_ecc_mulmod_6(p2, p2, u2, 0, 0, heap); @@ -51145,14 +51205,18 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, if (err == MP_OKAY) { /* u1 = r.z'.z' mod prime */ #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { sp_384_mont_sqr_avx2_6(p1->z, p1->z, p384_mod, p384_mp_mod); + } else #endif sp_384_mont_sqr_6(p1->z, p1->z, p384_mod, p384_mp_mod); #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { sp_384_mont_mul_avx2_6(u1, u2, p1->z, p384_mod, p384_mp_mod); + } else #endif sp_384_mont_mul_6(u1, u2, p1->z, p384_mod, p384_mp_mod); @@ -51175,7 +51239,8 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, if (err == MP_OKAY) { /* u1 = (r + 1*order).z'.z' mod prime */ #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) { + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { sp_384_mont_mul_avx2_6(u1, u2, p1->z, p384_mod, p384_mp_mod); } @@ -51190,10 +51255,8 @@ int sp_ecc_verify_384(const byte* hash, word32 hashLen, const mp_int* pX, } #ifdef WOLFSSL_SP_SMALL_STACK - if (u1 != NULL) - XFREE(u1, heap, DYNAMIC_TYPE_ECC); - if (p1 != NULL) - XFREE(p1, heap, DYNAMIC_TYPE_ECC); + XFREE(u1, heap, DYNAMIC_TYPE_ECC); + XFREE(p1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -51400,8 +51463,7 @@ static int sp_384_ecc_is_point_6(const sp_point_384* point, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, heap, DYNAMIC_TYPE_ECC); + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -51440,8 +51502,7 @@ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY) } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, NULL, DYNAMIC_TYPE_ECC); + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -51531,8 +51592,10 @@ int sp_ecc_check_key_384(const mp_int* pX, const mp_int* pY, if (err == MP_OKAY) { /* Point * order = infinity */ #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { err = sp_384_ecc_mulmod_avx2_6(p, pub, p384_order, 1, 1, heap); + } else #endif err = sp_384_ecc_mulmod_6(p, pub, p384_order, 1, 1, heap); @@ -51547,8 +51610,10 @@ int sp_ecc_check_key_384(const mp_int* pX, const mp_int* pY, if (err == MP_OKAY) { /* Base * private = point */ #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { err = sp_384_ecc_mulmod_base_avx2_6(p, priv, 1, 1, heap); + } else #endif err = sp_384_ecc_mulmod_base_6(p, priv, 1, 1, heap); @@ -51562,10 +51627,8 @@ int sp_ecc_check_key_384(const mp_int* pX, const mp_int* pY, } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, heap, DYNAMIC_TYPE_ECC); - if (priv != NULL) - XFREE(priv, heap, DYNAMIC_TYPE_ECC); + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + XFREE(priv, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -51634,8 +51697,10 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, sp_384_iszero_6(q->y); #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { sp_384_proj_point_add_avx2_6(p, p, q, tmp); + } else #endif sp_384_proj_point_add_6(p, p, q, tmp); @@ -51652,10 +51717,8 @@ int sp_ecc_proj_add_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -51710,8 +51773,10 @@ int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, sp_384_iszero_6(p->y); #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { sp_384_proj_point_dbl_avx2_6(p, p, tmp); + } else #endif sp_384_proj_point_dbl_6(p, p, tmp); @@ -51728,10 +51793,8 @@ int sp_ecc_proj_dbl_point_384(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -51782,8 +51845,10 @@ int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ) sp_384_iszero_6(p->y); #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { sp_384_map_avx2_6(p, p, tmp); + } else #endif sp_384_map_6(p, p, tmp); @@ -51800,10 +51865,8 @@ int sp_ecc_map_384(mp_int* pX, mp_int* pY, mp_int* pZ) } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -51844,7 +51907,8 @@ static int sp_384_mont_sqrt_6(sp_digit* y) t5 = t1 + 8 * 6; #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) { + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { /* t2 = y ^ 0x2 */ sp_384_mont_sqr_avx2_6(t2, y, p384_mod, p384_mp_mod); /* t1 = y ^ 0x3 */ @@ -51961,8 +52025,7 @@ static int sp_384_mont_sqrt_6(sp_digit* y) } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, NULL, DYNAMIC_TYPE_ECC); + XFREE(t1, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -52004,7 +52067,8 @@ int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym) if (err == MP_OKAY) { /* y = x^3 */ #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) { + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { sp_384_mont_sqr_avx2_6(y, x, p384_mod, p384_mp_mod); sp_384_mont_mul_avx2_6(y, y, x, p384_mod, p384_mp_mod); } @@ -52037,8 +52101,7 @@ int sp_ecc_uncompress_384(mp_int* xm, int odd, mp_int* ym) } #ifdef WOLFSSL_SP_SMALL_STACK - if (x != NULL) - XFREE(x, NULL, DYNAMIC_TYPE_ECC); + XFREE(x, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -52586,7 +52649,7 @@ static void sp_521_map_9(sp_point_521* r, const sp_point_521* p, sp_521_mont_reduce_9(r->x, p521_mod, p521_mp_mod); /* Reduce x to less than modulus */ n = sp_521_cmp_9(r->x, p521_mod); - sp_521_cond_sub_9(r->x, r->x, p521_mod, ~(n >> 63)); + sp_521_cond_sub_9(r->x, r->x, p521_mod, (sp_digit)~(n >> 63)); sp_521_norm_9(r->x); /* y /= z^3 */ @@ -52595,7 +52658,7 @@ static void sp_521_map_9(sp_point_521* r, const sp_point_521* p, sp_521_mont_reduce_9(r->y, p521_mod, p521_mp_mod); /* Reduce y to less than modulus */ n = sp_521_cmp_9(r->y, p521_mod); - sp_521_cond_sub_9(r->y, r->y, p521_mod, ~(n >> 63)); + sp_521_cond_sub_9(r->y, r->y, p521_mod, (sp_digit)~(n >> 63)); sp_521_norm_9(r->y); XMEMSET(r->z, 0, sizeof(r->z) / 2); @@ -53020,8 +53083,8 @@ static void sp_521_proj_point_add_9(sp_point_521* r, sp_521_mont_sub_9(y, y, t5, p521_mod); { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -53038,7 +53101,7 @@ static void sp_521_proj_point_add_9(sp_point_521* r, (z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } } } @@ -53212,8 +53275,8 @@ static int sp_521_proj_point_add_9_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r, { { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -53230,7 +53293,7 @@ static int sp_521_proj_point_add_9_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r, (ctx->z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } ctx->state = 25; break; @@ -53444,7 +53507,7 @@ static void sp_521_ecc_recode_6_9(const sp_digit* k, ecc_recode_521* v) n = k[j]; o = 0; for (i=0; i<87; i++) { - y = (int8_t)n; + y = (uint8_t)(int8_t)n; if (o + 6 < 64) { y &= 0x3f; n >>= 6; @@ -53620,10 +53683,8 @@ static int sp_521_ecc_mulmod_win_add_sub_9(sp_point_521* r, const sp_point_521* } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (tmp != NULL) - XFREE(tmp, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(tmp, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -53786,7 +53847,7 @@ static void sp_521_map_avx2_9(sp_point_521* r, const sp_point_521* p, sp_521_mont_reduce_avx2_9(r->x, p521_mod, p521_mp_mod); /* Reduce x to less than modulus */ n = sp_521_cmp_9(r->x, p521_mod); - sp_521_cond_sub_9(r->x, r->x, p521_mod, ~(n >> 63)); + sp_521_cond_sub_9(r->x, r->x, p521_mod, (sp_digit)~(n >> 63)); sp_521_norm_9(r->x); /* y /= z^3 */ @@ -53795,7 +53856,7 @@ static void sp_521_map_avx2_9(sp_point_521* r, const sp_point_521* p, sp_521_mont_reduce_avx2_9(r->y, p521_mod, p521_mp_mod); /* Reduce y to less than modulus */ n = sp_521_cmp_9(r->y, p521_mod); - sp_521_cond_sub_9(r->y, r->y, p521_mod, ~(n >> 63)); + sp_521_cond_sub_9(r->y, r->y, p521_mod, (sp_digit)~(n >> 63)); sp_521_norm_9(r->y); XMEMSET(r->z, 0, sizeof(r->z) / 2); @@ -54170,8 +54231,8 @@ static void sp_521_proj_point_add_avx2_9(sp_point_521* r, sp_521_mont_sub_avx2_9(y, y, t5, p521_mod); { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -54188,7 +54249,7 @@ static void sp_521_proj_point_add_avx2_9(sp_point_521* r, (z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } } } @@ -54362,8 +54423,8 @@ static int sp_521_proj_point_add_avx2_9_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r { { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -54380,7 +54441,7 @@ static int sp_521_proj_point_add_avx2_9_nb(sp_ecc_ctx_t* sp_ctx, sp_point_521* r (ctx->z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } ctx->state = 25; break; @@ -54685,10 +54746,8 @@ static int sp_521_ecc_mulmod_win_add_sub_avx2_9(sp_point_521* r, const sp_point_ } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (tmp != NULL) - XFREE(tmp, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(tmp, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -54761,8 +54820,8 @@ static void sp_521_proj_point_add_qz1_9(sp_point_521* r, sp_521_mont_sub_9(y, t3, t1, p521_mod); { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -54779,7 +54838,7 @@ static void sp_521_proj_point_add_qz1_9(sp_point_521* r, (z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } } } @@ -54890,8 +54949,7 @@ static int sp_521_gen_stripe_table_9(const sp_point_521* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -55020,10 +55078,8 @@ static int sp_521_ecc_mulmod_stripe_9(sp_point_521* r, const sp_point_521* g, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -55256,8 +55312,8 @@ static void sp_521_proj_point_add_qz1_avx2_9(sp_point_521* r, sp_521_mont_sub_avx2_9(y, t3, t1, p521_mod); { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -55274,7 +55330,7 @@ static void sp_521_proj_point_add_qz1_avx2_9(sp_point_521* r, (z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } } } @@ -55385,8 +55441,7 @@ static int sp_521_gen_stripe_table_avx2_9(const sp_point_521* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -55501,10 +55556,8 @@ static int sp_521_ecc_mulmod_stripe_avx2_9(sp_point_521* r, const sp_point_521* } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -55625,8 +55678,10 @@ int sp_ecc_mulmod_521(const mp_int* km, const ecc_point* gm, ecc_point* r, sp_521_point_from_ecc_point_9(point, gm); #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { err = sp_521_ecc_mulmod_avx2_9(point, point, k, map, 1, heap); + } else #endif err = sp_521_ecc_mulmod_9(point, point, k, map, 1, heap); @@ -55636,10 +55691,8 @@ int sp_ecc_mulmod_521(const mp_int* km, const ecc_point* gm, ecc_point* r, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -55707,24 +55760,30 @@ int sp_ecc_mulmod_add_521(const mp_int* km, const ecc_point* gm, } if (err == MP_OKAY) { #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { err = sp_521_ecc_mulmod_avx2_9(point, point, k, 0, 0, heap); + } else #endif err = sp_521_ecc_mulmod_9(point, point, k, 0, 0, heap); } if (err == MP_OKAY) { #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { sp_521_proj_point_add_avx2_9(point, point, addP, tmp); + } else #endif sp_521_proj_point_add_9(point, point, addP, tmp); if (map) { #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { sp_521_map_avx2_9(point, point, tmp); + } else #endif sp_521_map_9(point, point, tmp); @@ -55734,10 +55793,8 @@ int sp_ecc_mulmod_add_521(const mp_int* km, const ecc_point* gm, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -56287,7 +56344,7 @@ static void sp_521_ecc_recode_7_9(const sp_digit* k, ecc_recode_521* v) n = k[j]; o = 0; for (i=0; i<75; i++) { - y = (int8_t)n; + y = (uint8_t)(int8_t)n; if (o + 7 < 64) { y &= 0x7f; n >>= 7; @@ -90264,8 +90321,7 @@ static int sp_521_ecc_mulmod_add_only_9(sp_point_521* r, const sp_point_521* g, #endif } #ifdef WOLFSSL_SP_SMALL_STACK - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -90398,8 +90454,7 @@ static int sp_521_ecc_mulmod_add_only_avx2_9(sp_point_521* r, const sp_point_521 #endif } #ifdef WOLFSSL_SP_SMALL_STACK - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -90464,8 +90519,10 @@ int sp_ecc_mulmod_base_521(const mp_int* km, ecc_point* r, int map, void* heap) sp_521_from_mp(k, 9, km); #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { err = sp_521_ecc_mulmod_base_avx2_9(point, k, map, 1, heap); + } else #endif err = sp_521_ecc_mulmod_base_9(point, k, map, 1, heap); @@ -90475,10 +90532,8 @@ int sp_ecc_mulmod_base_521(const mp_int* km, ecc_point* r, int map, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -90544,24 +90599,30 @@ int sp_ecc_mulmod_base_add_521(const mp_int* km, const ecc_point* am, } if (err == MP_OKAY) { #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { err = sp_521_ecc_mulmod_base_avx2_9(point, k, 0, 0, heap); + } else #endif err = sp_521_ecc_mulmod_base_9(point, k, 0, 0, heap); } if (err == MP_OKAY) { #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { sp_521_proj_point_add_avx2_9(point, point, addP, tmp); + } else #endif sp_521_proj_point_add_9(point, point, addP, tmp); if (map) { #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { sp_521_map_avx2_9(point, point, tmp); + } else #endif sp_521_map_9(point, point, tmp); @@ -90571,10 +90632,8 @@ int sp_ecc_mulmod_base_add_521(const mp_int* km, const ecc_point* am, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -90635,6 +90694,7 @@ static void sp_521_from_bin(sp_digit* r, int size, const byte* a, int n) */ static int sp_521_ecc_gen_k_9(WC_RNG* rng, sp_digit* k) { +#ifndef WC_NO_RNG int err; byte buf[66]; @@ -90652,6 +90712,11 @@ static int sp_521_ecc_gen_k_9(WC_RNG* rng, sp_digit* k) while (err == 0); return err; +#else + (void)rng; + (void)k; + return NOT_COMPILED_IN; +#endif } /* Makes a random EC key pair. @@ -90712,8 +90777,10 @@ int sp_ecc_make_key_521(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) } if (err == MP_OKAY) { #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { err = sp_521_ecc_mulmod_base_avx2_9(point, k, 1, 1, NULL); + } else #endif err = sp_521_ecc_mulmod_base_9(point, k, 1, 1, NULL); @@ -90722,7 +90789,8 @@ int sp_ecc_make_key_521(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) #ifdef WOLFSSL_VALIDATE_ECC_KEYGEN if (err == MP_OKAY) { #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) { + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { err = sp_521_ecc_mulmod_avx2_9(infinity, point, p521_order, 1, 1, NULL); } @@ -90745,12 +90813,9 @@ int sp_ecc_make_key_521(WC_RNG* rng, mp_int* priv, ecc_point* pub, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) { - /* point is not sensitive, so no need to zeroize */ - XFREE(point, heap, DYNAMIC_TYPE_ECC); - } + XFREE(k, heap, DYNAMIC_TYPE_ECC); + /* point is not sensitive, so no need to zeroize */ + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -90920,8 +90985,10 @@ int sp_ecc_secret_gen_521(const mp_int* priv, const ecc_point* pub, byte* out, sp_521_from_mp(k, 9, priv); sp_521_point_from_ecc_point_9(point, pub); #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { err = sp_521_ecc_mulmod_avx2_9(point, point, k, 1, 1, heap); + } else #endif err = sp_521_ecc_mulmod_9(point, point, k, 1, 1, heap); @@ -90932,10 +90999,8 @@ int sp_ecc_secret_gen_521(const mp_int* priv, const ecc_point* pub, byte* out, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -91075,8 +91140,8 @@ static WC_INLINE sp_digit div_521_word_9(sp_digit d1, sp_digit d0, static WC_INLINE sp_digit div_521_word_9(sp_digit d1, sp_digit d0, sp_digit div) { - ASSERT_SAVED_VECTOR_REGISTERS(); register sp_digit r asm("rax"); + ASSERT_SAVED_VECTOR_REGISTERS(); __asm__ __volatile__ ( "divq %3" : "=a" (r) @@ -91581,8 +91646,10 @@ static int sp_521_calc_s_9(sp_digit* s, const sp_digit* r, sp_digit* k, /* Conv k to Montgomery form (mod order) */ #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { sp_521_mul_avx2_9(k, k, p521_norm_order); + } else #endif sp_521_mul_9(k, k, p521_norm_order); @@ -91592,8 +91659,10 @@ static int sp_521_calc_s_9(sp_digit* s, const sp_digit* r, sp_digit* k, /* kInv = 1/k mod order */ #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { sp_521_mont_inv_order_avx2_9(kInv, k, tmp); + } else #endif sp_521_mont_inv_order_9(kInv, k, tmp); @@ -91601,8 +91670,10 @@ static int sp_521_calc_s_9(sp_digit* s, const sp_digit* r, sp_digit* k, /* s = r * x + e */ #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { sp_521_mul_avx2_9(x, x, r); + } else #endif sp_521_mul_9(x, x, r); @@ -91620,8 +91691,10 @@ static int sp_521_calc_s_9(sp_digit* s, const sp_digit* r, sp_digit* k, /* s = s * k^-1 mod order */ #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { sp_521_mont_mul_order_avx2_9(s, s, kInv); + } else #endif sp_521_mont_mul_order_9(s, s, kInv); @@ -91709,8 +91782,10 @@ int sp_ecc_sign_521(const byte* hash, word32 hashLen, WC_RNG* rng, } if (err == MP_OKAY) { #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { err = sp_521_ecc_mulmod_base_avx2_9(point, k, 1, 1, heap); + } else #endif err = sp_521_ecc_mulmod_base_9(point, k, 1, 1, heap); @@ -92069,7 +92144,8 @@ static void sp_521_add_points_9(sp_point_521* p1, const sp_point_521* p2, #endif #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) { + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { sp_521_proj_point_add_avx2_9(p1, p1, p2, tmp); } else @@ -92078,7 +92154,8 @@ static void sp_521_add_points_9(sp_point_521* p1, const sp_point_521* p2, if (sp_521_iszero_9(p1->z)) { if (sp_521_iszero_9(p1->x) && sp_521_iszero_9(p1->y)) { #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) { + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { sp_521_proj_point_dbl_avx2_9(p1, p2, tmp); } else @@ -92125,7 +92202,8 @@ static int sp_521_calc_vfy_point_9(sp_point_521* p1, sp_point_521* p2, #endif /* !WOLFSSL_SP_SMALL */ { #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) { + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { sp_521_mul_avx2_9(s, s, p521_norm_order); } else @@ -92139,7 +92217,8 @@ static int sp_521_calc_vfy_point_9(sp_point_521* p1, sp_point_521* p2, sp_521_norm_9(s); #ifdef WOLFSSL_SP_SMALL #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) { + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { sp_521_mont_inv_order_avx2_9(s, s, tmp); sp_521_mont_mul_order_avx2_9(u1, u1, s); sp_521_mont_mul_order_avx2_9(u2, u2, s); @@ -92153,7 +92232,8 @@ static int sp_521_calc_vfy_point_9(sp_point_521* p1, sp_point_521* p2, } #else #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) { + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { sp_521_mont_mul_order_avx2_9(u1, u1, s); sp_521_mont_mul_order_avx2_9(u2, u2, s); } @@ -92165,7 +92245,8 @@ static int sp_521_calc_vfy_point_9(sp_point_521* p1, sp_point_521* p2, } #endif /* WOLFSSL_SP_SMALL */ #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) { + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { err = sp_521_ecc_mulmod_base_avx2_9(p1, u1, 0, 0, heap); } else @@ -92179,8 +92260,10 @@ static int sp_521_calc_vfy_point_9(sp_point_521* p1, sp_point_521* p2, } if (err == MP_OKAY) { #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { err = sp_521_ecc_mulmod_avx2_9(p2, p2, u2, 0, 0, heap); + } else #endif err = sp_521_ecc_mulmod_9(p2, p2, u2, 0, 0, heap); @@ -92286,14 +92369,18 @@ int sp_ecc_verify_521(const byte* hash, word32 hashLen, const mp_int* pX, if (err == MP_OKAY) { /* u1 = r.z'.z' mod prime */ #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { sp_521_mont_sqr_avx2_9(p1->z, p1->z, p521_mod, p521_mp_mod); + } else #endif sp_521_mont_sqr_9(p1->z, p1->z, p521_mod, p521_mp_mod); #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { sp_521_mont_mul_avx2_9(u1, u2, p1->z, p521_mod, p521_mp_mod); + } else #endif sp_521_mont_mul_9(u1, u2, p1->z, p521_mod, p521_mp_mod); @@ -92316,7 +92403,8 @@ int sp_ecc_verify_521(const byte* hash, word32 hashLen, const mp_int* pX, if (err == MP_OKAY) { /* u1 = (r + 1*order).z'.z' mod prime */ #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) { + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { sp_521_mont_mul_avx2_9(u1, u2, p1->z, p521_mod, p521_mp_mod); } @@ -92331,10 +92419,8 @@ int sp_ecc_verify_521(const byte* hash, word32 hashLen, const mp_int* pX, } #ifdef WOLFSSL_SP_SMALL_STACK - if (u1 != NULL) - XFREE(u1, heap, DYNAMIC_TYPE_ECC); - if (p1 != NULL) - XFREE(p1, heap, DYNAMIC_TYPE_ECC); + XFREE(u1, heap, DYNAMIC_TYPE_ECC); + XFREE(p1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -92544,8 +92630,7 @@ static int sp_521_ecc_is_point_9(const sp_point_521* point, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, heap, DYNAMIC_TYPE_ECC); + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -92584,8 +92669,7 @@ int sp_ecc_is_point_521(const mp_int* pX, const mp_int* pY) } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, NULL, DYNAMIC_TYPE_ECC); + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -92675,8 +92759,10 @@ int sp_ecc_check_key_521(const mp_int* pX, const mp_int* pY, if (err == MP_OKAY) { /* Point * order = infinity */ #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { err = sp_521_ecc_mulmod_avx2_9(p, pub, p521_order, 1, 1, heap); + } else #endif err = sp_521_ecc_mulmod_9(p, pub, p521_order, 1, 1, heap); @@ -92691,8 +92777,10 @@ int sp_ecc_check_key_521(const mp_int* pX, const mp_int* pY, if (err == MP_OKAY) { /* Base * private = point */ #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { err = sp_521_ecc_mulmod_base_avx2_9(p, priv, 1, 1, heap); + } else #endif err = sp_521_ecc_mulmod_base_9(p, priv, 1, 1, heap); @@ -92706,10 +92794,8 @@ int sp_ecc_check_key_521(const mp_int* pX, const mp_int* pY, } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, heap, DYNAMIC_TYPE_ECC); - if (priv != NULL) - XFREE(priv, heap, DYNAMIC_TYPE_ECC); + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + XFREE(priv, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -92778,8 +92864,10 @@ int sp_ecc_proj_add_point_521(mp_int* pX, mp_int* pY, mp_int* pZ, sp_521_iszero_9(q->y); #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { sp_521_proj_point_add_avx2_9(p, p, q, tmp); + } else #endif sp_521_proj_point_add_9(p, p, q, tmp); @@ -92796,10 +92884,8 @@ int sp_ecc_proj_add_point_521(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -92854,8 +92940,10 @@ int sp_ecc_proj_dbl_point_521(mp_int* pX, mp_int* pY, mp_int* pZ, sp_521_iszero_9(p->y); #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { sp_521_proj_point_dbl_avx2_9(p, p, tmp); + } else #endif sp_521_proj_point_dbl_9(p, p, tmp); @@ -92872,10 +92960,8 @@ int sp_ecc_proj_dbl_point_521(mp_int* pX, mp_int* pY, mp_int* pZ, } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -92926,8 +93012,10 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ) sp_521_iszero_9(p->y); #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { sp_521_map_avx2_9(p, p, tmp); + } else #endif sp_521_map_9(p, p, tmp); @@ -92944,10 +93032,8 @@ int sp_ecc_map_521(mp_int* pX, mp_int* pY, mp_int* pZ) } #ifdef WOLFSSL_SP_SMALL_STACK - if (tmp != NULL) - XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); - if (p != NULL) - XFREE(p, NULL, DYNAMIC_TYPE_ECC); + XFREE(tmp, NULL, DYNAMIC_TYPE_ECC); + XFREE(p, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -92987,7 +93073,8 @@ static int sp_521_mont_sqrt_9(sp_digit* y) if (err == MP_OKAY) { #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) { + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { int i; XMEMCPY(t, y, sizeof(sp_digit) * 9); @@ -93014,8 +93101,7 @@ static int sp_521_mont_sqrt_9(sp_digit* y) } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, NULL, DYNAMIC_TYPE_ECC); + XFREE(t, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -93057,7 +93143,8 @@ int sp_ecc_uncompress_521(mp_int* xm, int odd, mp_int* ym) if (err == MP_OKAY) { /* y = x^3 */ #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) { + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { sp_521_mont_sqr_avx2_9(y, x, p521_mod, p521_mp_mod); sp_521_mont_mul_avx2_9(y, y, x, p521_mod, p521_mp_mod); } @@ -93090,8 +93177,7 @@ int sp_ecc_uncompress_521(mp_int* xm, int odd, mp_int* ym) } #ifdef WOLFSSL_SP_SMALL_STACK - if (x != NULL) - XFREE(x, NULL, DYNAMIC_TYPE_ECC); + XFREE(x, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -93297,8 +93383,8 @@ static WC_INLINE sp_digit div_1024_word_16(sp_digit d1, sp_digit d0, static WC_INLINE sp_digit div_1024_word_16(sp_digit d1, sp_digit d0, sp_digit div) { - ASSERT_SAVED_VECTOR_REGISTERS(); register sp_digit r asm("rax"); + ASSERT_SAVED_VECTOR_REGISTERS(); __asm__ __volatile__ ( "divq %3" : "=a" (r) @@ -93380,7 +93466,7 @@ static WC_INLINE int sp_1024_div_16(const sp_digit* a, const sp_digit* d, sp_dig #endif sp_1024_cond_sub_16(&t1[16], &t1[16], d, (sp_digit)0 - r1); for (i = 15; i >= 0; i--) { - sp_digit mask = 0 - (t1[16 + i] == div); + sp_digit mask = (sp_digit)0 - (t1[16 + i] == div); sp_digit hi = t1[16 + i] + mask; r1 = div_1024_word_16(hi, t1[16 + i - 1], div); r1 |= mask; @@ -93499,16 +93585,16 @@ static void sp_1024_point_free_16(sp_point_1024* p, int clear, void* heap) { #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) -/* If valid pointer then clear point data if requested and free data. */ + /* If valid pointer then clear point data if requested and free data. */ if (p != NULL) { - if (clear != 0) { + if (clear) { XMEMSET(p, 0, sizeof(*p)); } XFREE(p, heap, DYNAMIC_TYPE_ECC); } #else -/* Clear point data if requested. */ - if ((p != NULL) && (clear != 0)) { + /* Clear point data if requested. */ + if ((p != NULL) && clear) { XMEMSET(p, 0, sizeof(*p)); } #endif @@ -93846,7 +93932,7 @@ static void sp_1024_map_16(sp_point_1024* r, const sp_point_1024* p, sp_1024_mont_reduce_16(r->x, p1024_mod, p1024_mp_mod); /* Reduce x to less than modulus */ n = sp_1024_cmp_16(r->x, p1024_mod); - sp_1024_cond_sub_16(r->x, r->x, p1024_mod, ~(n >> 63)); + sp_1024_cond_sub_16(r->x, r->x, p1024_mod, (sp_digit)~(n >> 63)); sp_1024_norm_16(r->x); /* y /= z^3 */ @@ -93855,7 +93941,7 @@ static void sp_1024_map_16(sp_point_1024* r, const sp_point_1024* p, sp_1024_mont_reduce_16(r->y, p1024_mod, p1024_mp_mod); /* Reduce y to less than modulus */ n = sp_1024_cmp_16(r->y, p1024_mod); - sp_1024_cond_sub_16(r->y, r->y, p1024_mod, ~(n >> 63)); + sp_1024_cond_sub_16(r->y, r->y, p1024_mod, (sp_digit)~(n >> 63)); sp_1024_norm_16(r->y); XMEMSET(r->z, 0, sizeof(r->z) / 2); @@ -94283,8 +94369,8 @@ static void sp_1024_proj_point_add_16(sp_point_1024* r, sp_1024_mont_sub_16(y, y, t5, p1024_mod); { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -94301,7 +94387,7 @@ static void sp_1024_proj_point_add_16(sp_point_1024* r, (z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } } } @@ -94475,8 +94561,8 @@ static int sp_1024_proj_point_add_16_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024* r, { { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -94493,7 +94579,7 @@ static int sp_1024_proj_point_add_16_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024* r, (ctx->z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } ctx->state = 25; break; @@ -94715,7 +94801,7 @@ static void sp_1024_ecc_recode_7_16(const sp_digit* k, ecc_recode_1024* v) n = k[j]; o = 0; for (i=0; i<147; i++) { - y = (int8_t)n; + y = (uint8_t)(int8_t)n; if (o + 7 < 64) { y &= 0x7f; n >>= 7; @@ -94881,10 +94967,8 @@ static int sp_1024_ecc_mulmod_win_add_sub_16(sp_point_1024* r, const sp_point_10 } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (tmp != NULL) - XFREE(tmp, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(tmp, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -94995,7 +95079,7 @@ static void sp_1024_map_avx2_16(sp_point_1024* r, const sp_point_1024* p, sp_1024_mont_reduce_avx2_16(r->x, p1024_mod, p1024_mp_mod); /* Reduce x to less than modulus */ n = sp_1024_cmp_16(r->x, p1024_mod); - sp_1024_cond_sub_16(r->x, r->x, p1024_mod, ~(n >> 63)); + sp_1024_cond_sub_16(r->x, r->x, p1024_mod, (sp_digit)~(n >> 63)); sp_1024_norm_16(r->x); /* y /= z^3 */ @@ -95004,7 +95088,7 @@ static void sp_1024_map_avx2_16(sp_point_1024* r, const sp_point_1024* p, sp_1024_mont_reduce_avx2_16(r->y, p1024_mod, p1024_mp_mod); /* Reduce y to less than modulus */ n = sp_1024_cmp_16(r->y, p1024_mod); - sp_1024_cond_sub_16(r->y, r->y, p1024_mod, ~(n >> 63)); + sp_1024_cond_sub_16(r->y, r->y, p1024_mod, (sp_digit)~(n >> 63)); sp_1024_norm_16(r->y); XMEMSET(r->z, 0, sizeof(r->z) / 2); @@ -95403,8 +95487,8 @@ static void sp_1024_proj_point_add_avx2_16(sp_point_1024* r, sp_1024_mont_sub_avx2_16(y, y, t5, p1024_mod); { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -95421,7 +95505,7 @@ static void sp_1024_proj_point_add_avx2_16(sp_point_1024* r, (z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } } } @@ -95595,8 +95679,8 @@ static int sp_1024_proj_point_add_avx2_16_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024 { { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -95613,7 +95697,7 @@ static int sp_1024_proj_point_add_avx2_16_nb(sp_ecc_ctx_t* sp_ctx, sp_point_1024 (ctx->z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } ctx->state = 25; break; @@ -95922,10 +96006,8 @@ static int sp_1024_ecc_mulmod_win_add_sub_avx2_16(sp_point_1024* r, const sp_poi } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (tmp != NULL) - XFREE(tmp, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(tmp, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -95998,8 +96080,8 @@ static void sp_1024_proj_point_add_qz1_16(sp_point_1024* r, sp_1024_mont_sub_16(y, t3, t1, p1024_mod); { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -96016,7 +96098,7 @@ static void sp_1024_proj_point_add_qz1_16(sp_point_1024* r, (z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } } } @@ -96127,8 +96209,7 @@ static int sp_1024_gen_stripe_table_16(const sp_point_1024* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -96227,10 +96308,8 @@ static int sp_1024_ecc_mulmod_stripe_16(sp_point_1024* r, const sp_point_1024* g } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -96462,8 +96541,8 @@ static void sp_1024_proj_point_add_qz1_avx2_16(sp_point_1024* r, sp_1024_mont_sub_avx2_16(y, t3, t1, p1024_mod); { int i; - sp_digit maskp = 0 - (q->infinity & (!p->infinity)); - sp_digit maskq = 0 - (p->infinity & (!q->infinity)); + sp_digit maskp = (sp_digit)(0 - (q->infinity & (!p->infinity))); + sp_digit maskq = (sp_digit)(0 - (p->infinity & (!q->infinity))); sp_digit maskt = ~(maskp | maskq); sp_digit inf = (sp_digit)(p->infinity & q->infinity); @@ -96480,7 +96559,7 @@ static void sp_1024_proj_point_add_qz1_avx2_16(sp_point_1024* r, (z[i] & maskt); } r->z[0] |= inf; - r->infinity = (word32)inf; + r->infinity = (int)inf; } } } @@ -96591,8 +96670,7 @@ static int sp_1024_gen_stripe_table_avx2_16(const sp_point_1024* a, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -96691,10 +96769,8 @@ static int sp_1024_ecc_mulmod_stripe_avx2_16(sp_point_1024* r, const sp_point_10 } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (rt != NULL) - XFREE(rt, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(rt, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -96814,8 +96890,10 @@ int sp_ecc_mulmod_1024(const mp_int* km, const ecc_point* gm, ecc_point* r, sp_1024_point_from_ecc_point_16(point, gm); #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { err = sp_1024_ecc_mulmod_avx2_16(point, point, k, map, 1, heap); + } else #endif err = sp_1024_ecc_mulmod_16(point, point, k, map, 1, heap); @@ -96825,10 +96903,8 @@ int sp_ecc_mulmod_1024(const mp_int* km, const ecc_point* gm, ecc_point* r, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -100247,8 +100323,10 @@ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap) sp_1024_from_mp(k, 16, km); #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { err = sp_1024_ecc_mulmod_base_avx2_16(point, k, map, 1, heap); + } else #endif err = sp_1024_ecc_mulmod_base_16(point, k, map, 1, heap); @@ -100258,10 +100336,8 @@ int sp_ecc_mulmod_base_1024(const mp_int* km, ecc_point* r, int map, void* heap) } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -100327,24 +100403,30 @@ int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am, } if (err == MP_OKAY) { #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { err = sp_1024_ecc_mulmod_base_avx2_16(point, k, 0, 0, heap); + } else #endif err = sp_1024_ecc_mulmod_base_16(point, k, 0, 0, heap); } if (err == MP_OKAY) { #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { sp_1024_proj_point_add_avx2_16(point, point, addP, tmp); + } else #endif sp_1024_proj_point_add_16(point, point, addP, tmp); if (map) { #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { sp_1024_map_avx2_16(point, point, tmp); + } else #endif sp_1024_map_16(point, point, tmp); @@ -100354,10 +100436,8 @@ int sp_ecc_mulmod_base_add_1024(const mp_int* km, const ecc_point* am, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -100394,7 +100474,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len, if ((err == MP_OKAY) && (table == NULL)) { *len = sizeof(sp_table_entry_1024) * 256; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if ((err == MP_OKAY) && (*len < (int)(sizeof(sp_table_entry_1024) * 256))) { err = BUFFER_E; @@ -100418,9 +100498,11 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len, if (err == MP_OKAY) { sp_1024_point_from_ecc_point_16(point, gm); #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { err = sp_1024_gen_stripe_table_avx2_16(point, (sp_table_entry_1024*)table, t, heap); + } else #endif err = sp_1024_gen_stripe_table_16(point, @@ -100431,10 +100513,8 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t != NULL) - XFREE(t, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(t, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -100460,7 +100540,7 @@ int sp_ecc_gen_table_1024(const ecc_point* gm, byte* table, word32* len, if ((err == 0) && (table == NULL)) { *len = 0; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if ((err == 0) && (*len != 0)) { err = BUFFER_E; @@ -100519,9 +100599,11 @@ int sp_ecc_mulmod_table_1024(const mp_int* km, const ecc_point* gm, byte* table, #ifndef WOLFSSL_SP_SMALL #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { err = sp_1024_ecc_mulmod_stripe_avx2_16(point, point, (const sp_table_entry_1024*)table, k, map, 0, heap); + } else #endif err = sp_1024_ecc_mulmod_stripe_16(point, point, @@ -100536,10 +100618,8 @@ int sp_ecc_mulmod_table_1024(const mp_int* km, const ecc_point* gm, byte* table, } #ifdef WOLFSSL_SP_SMALL_STACK - if (k != NULL) - XFREE(k, heap, DYNAMIC_TYPE_ECC); - if (point != NULL) - XFREE(point, heap, DYNAMIC_TYPE_ECC); + XFREE(k, heap, DYNAMIC_TYPE_ECC); + XFREE(point, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -100686,9 +100766,7 @@ static int sp_ModExp_Fp_star_x64_1024(const mp_int* base, mp_int* exp, mp_int* r #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; } @@ -102328,9 +102406,7 @@ static int sp_ModExp_Fp_star_x64_1024(const mp_int* base, mp_int* exp, mp_int* r #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; } @@ -102478,9 +102554,7 @@ static int sp_ModExp_Fp_star_avx2_1024(const mp_int* base, mp_int* exp, mp_int* #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; } @@ -102577,9 +102651,7 @@ static int sp_ModExp_Fp_star_avx2_1024(const mp_int* base, mp_int* exp, mp_int* #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return err; } @@ -102978,9 +103050,7 @@ static int sp_Pairing_x64_1024(const ecc_point* pm, const ecc_point* qm, mp_int* #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif sp_1024_point_free_16(c, 1, NULL); sp_1024_point_free_16(q, 1, NULL); @@ -103405,9 +103475,7 @@ static int sp_Pairing_x64_1024(const ecc_point* pm, const ecc_point* qm, mp_int* #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif sp_1024_point_free_16(c, 1, NULL); sp_1024_point_free_16(q, 1, NULL); @@ -103779,9 +103847,7 @@ static int sp_Pairing_avx2_1024(const ecc_point* pm, const ecc_point* qm, mp_int #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif sp_1024_point_free_16(c, 1, NULL); sp_1024_point_free_16(q, 1, NULL); @@ -104179,9 +104245,7 @@ static int sp_Pairing_avx2_1024(const ecc_point* pm, const ecc_point* qm, mp_int #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif sp_1024_point_free_16(c, 1, NULL); sp_1024_point_free_16(q, 1, NULL); @@ -104247,7 +104311,7 @@ static int sp_Pairing_gen_precomp_x64_1024(const ecc_point* pm, byte* table, if (table == NULL) { *len = 0; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } else if (*len != 0) { err = BUFFER_E; @@ -104476,7 +104540,7 @@ static int sp_Pairing_gen_precomp_x64_1024(const ecc_point* pm, byte* table, if (table == NULL) { *len = sizeof(sp_table_entry_1024) * 1167; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if ((err == MP_OKAY) && @@ -104583,9 +104647,7 @@ static int sp_Pairing_gen_precomp_x64_1024(const ecc_point* pm, byte* table, #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif sp_1024_point_free_16(neg, 1, NULL); sp_1024_point_free_16(c, 1, NULL); @@ -104778,9 +104840,7 @@ static int sp_Pairing_precomp_x64_1024(const ecc_point* pm, const ecc_point* qm, #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif sp_1024_point_free_16(c, 1, NULL); sp_1024_point_free_16(q, 1, NULL); @@ -104811,7 +104871,7 @@ static int sp_Pairing_gen_precomp_avx2_1024(const ecc_point* pm, byte* table, if (table == NULL) { *len = 0; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } else if (*len != 0) { err = BUFFER_E; @@ -105013,7 +105073,7 @@ static int sp_Pairing_gen_precomp_avx2_1024(const ecc_point* pm, byte* table, if (table == NULL) { *len = sizeof(sp_table_entry_1024) * 1167; - err = LENGTH_ONLY_E; + err = WC_NO_ERR_TRACE(LENGTH_ONLY_E); } if ((err == MP_OKAY) && @@ -105120,9 +105180,7 @@ static int sp_Pairing_gen_precomp_avx2_1024(const ecc_point* pm, byte* table, #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif sp_1024_point_free_16(neg, 1, NULL); sp_1024_point_free_16(c, 1, NULL); @@ -105315,9 +105373,7 @@ static int sp_Pairing_precomp_avx2_1024(const ecc_point* pm, const ecc_point* qm #if (defined(WOLFSSL_SP_SMALL) && !defined(WOLFSSL_SP_NO_MALLOC)) || \ defined(WOLFSSL_SP_SMALL_STACK) - if (td != NULL) { - XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(td, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif sp_1024_point_free_16(c, 1, NULL); sp_1024_point_free_16(q, 1, NULL); @@ -105477,7 +105533,7 @@ static int sp_1024_ecc_is_point_16(const sp_point_1024* point, n = sp_1024_cmp_16(t1, p1024_mod); - sp_1024_cond_sub_16(t1, t1, p1024_mod, ~(n >> 63)); + sp_1024_cond_sub_16(t1, t1, p1024_mod, (sp_digit)~(n >> 63)); sp_1024_norm_16(t1); if (!sp_1024_iszero_16(t1)) { err = MP_VAL; @@ -105485,8 +105541,7 @@ static int sp_1024_ecc_is_point_16(const sp_point_1024* point, } #ifdef WOLFSSL_SP_SMALL_STACK - if (t1 != NULL) - XFREE(t1, heap, DYNAMIC_TYPE_ECC); + XFREE(t1, heap, DYNAMIC_TYPE_ECC); #endif return err; @@ -105525,8 +105580,7 @@ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY) } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, NULL, DYNAMIC_TYPE_ECC); + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); #endif return err; @@ -105616,8 +105670,10 @@ int sp_ecc_check_key_1024(const mp_int* pX, const mp_int* pY, if (err == MP_OKAY) { /* Point * order = infinity */ #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { err = sp_1024_ecc_mulmod_avx2_16(p, pub, p1024_order, 1, 1, heap); + } else #endif err = sp_1024_ecc_mulmod_16(p, pub, p1024_order, 1, 1, heap); @@ -105632,8 +105688,10 @@ int sp_ecc_check_key_1024(const mp_int* pX, const mp_int* pY, if (err == MP_OKAY) { /* Base * private = point */ #ifdef HAVE_INTEL_AVX2 - if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags)) + if (IS_INTEL_BMI2(cpuid_flags) && IS_INTEL_ADX(cpuid_flags) && + IS_INTEL_AVX2(cpuid_flags)) { err = sp_1024_ecc_mulmod_base_avx2_16(p, priv, 1, 1, heap); + } else #endif err = sp_1024_ecc_mulmod_base_16(p, priv, 1, 1, heap); @@ -105647,10 +105705,8 @@ int sp_ecc_check_key_1024(const mp_int* pX, const mp_int* pY, } #ifdef WOLFSSL_SP_SMALL_STACK - if (pub != NULL) - XFREE(pub, heap, DYNAMIC_TYPE_ECC); - if (priv != NULL) - XFREE(priv, heap, DYNAMIC_TYPE_ECC); + XFREE(pub, heap, DYNAMIC_TYPE_ECC); + XFREE(priv, heap, DYNAMIC_TYPE_ECC); #endif return err; diff --git a/src/wolfcrypt/src/sphincs.c b/src/wolfcrypt/src/sphincs.c index 05ba27f..5fc054d 100644 --- a/src/wolfcrypt/src/sphincs.c +++ b/src/wolfcrypt/src/sphincs.c @@ -1,6 +1,6 @@ /* sphincs.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfcrypt/src/srp.c b/src/wolfcrypt/src/srp.c index b914f58..b06f62a 100644 --- a/src/wolfcrypt/src/srp.c +++ b/src/wolfcrypt/src/srp.c @@ -1,6 +1,6 @@ /* srp.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -656,7 +656,7 @@ static int wc_SrpSetKey(Srp* srp, byte* secret, word32 size) byte digest[SRP_MAX_DIGEST_SIZE]; word32 i, j, digestSz = SrpHashSize(srp->type); byte counter[4]; - int r = BAD_FUNC_ARG; + int r = WC_NO_ERR_TRACE(BAD_FUNC_ARG); XMEMSET(digest, 0, SRP_MAX_DIGEST_SIZE); @@ -903,10 +903,8 @@ int wc_SrpComputeKey(Srp* srp, byte* clientPubKey, word32 clientPubKeySz, } #ifdef WOLFSSL_SMALL_STACK - if (hash) - XFREE(hash, srp->heap, DYNAMIC_TYPE_SRP); - if (digest) - XFREE(digest, srp->heap, DYNAMIC_TYPE_SRP); + XFREE(hash, srp->heap, DYNAMIC_TYPE_SRP); + XFREE(digest, srp->heap, DYNAMIC_TYPE_SRP); if (u) { if (r != WC_NO_ERR_TRACE(MP_INIT_E)) mp_clear(u); diff --git a/src/wolfcrypt/src/tfm.c b/src/wolfcrypt/src/tfm.c index 07cd1fe..fc85785 100644 --- a/src/wolfcrypt/src/tfm.c +++ b/src/wolfcrypt/src/tfm.c @@ -1,6 +1,6 @@ /* tfm.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -321,7 +321,7 @@ int fp_mul(fp_int *A, fp_int *B, fp_int *C) goto clean; /* success */ break; - case WC_HW_WAIT_E: /* MP_HW_BUSY math HW busy, fall back */ + case WC_NO_ERR_TRACE(WC_HW_WAIT_E): /* MP_HW_BUSY math HW busy, fall back */ case MP_HW_FALLBACK: /* forced fallback from HW to SW */ case MP_HW_VALIDATION_ACTIVE: /* use SW to compare to HW */ /* fall back to software, below */ @@ -3125,9 +3125,9 @@ int fp_exptmod(fp_int * G, fp_int * X, fp_int * P, fp_int * Y) return retHW; break; - case WC_HW_WAIT_E: /* MP_HW_BUSY math HW busy, fall back */ + case WC_NO_ERR_TRACE(WC_HW_WAIT_E): /* MP_HW_BUSY math HW busy, fall back */ case MP_HW_FALLBACK: /* forced fallback from HW to SW */ - case MP_HW_VALIDATION_ACTIVE: /* use SW to compare to HW */ + case WC_NO_ERR_TRACE(MP_HW_VALIDATION_ACTIVE): /* use SW to compare to HW */ /* use software calc */ break; @@ -3227,7 +3227,7 @@ int fp_exptmod_ex(fp_int * G, fp_int * X, int digits, fp_int * P, fp_int * Y) return retHW; break; - case WC_HW_WAIT_E: /* MP_HW_BUSY math HW busy, fall back */ + case WC_NO_ERR_TRACE(WC_HW_WAIT_E): /* MP_HW_BUSY math HW busy, fall back */ case MP_HW_FALLBACK: /* forced fallback from HW to SW */ case MP_HW_VALIDATION_ACTIVE: /* use SW to compare to HW */ /* use software calc */ @@ -3328,7 +3328,7 @@ int fp_exptmod_nct(fp_int * G, fp_int * X, fp_int * P, fp_int * Y) return retHW; break; - case WC_HW_WAIT_E: /* MP_HW_BUSY math HW busy, fall back */ + case WC_NO_ERR_TRACE(WC_HW_WAIT_E): /* MP_HW_BUSY math HW busy, fall back */ case MP_HW_FALLBACK: /* forced fallback from HW to SW */ case MP_HW_VALIDATION_ACTIVE: /* use SW to compare to HW */ /* use software calc */ @@ -3440,7 +3440,7 @@ int fp_sqr(fp_int *A, fp_int *B) goto clean; /* success */ break; - case WC_HW_WAIT_E: /* MP_HW_BUSY math HW busy, fall back */ + case WC_NO_ERR_TRACE(WC_HW_WAIT_E): /* MP_HW_BUSY math HW busy, fall back */ case MP_HW_FALLBACK: /* forced fallback from HW to SW */ case MP_HW_VALIDATION_ACTIVE: /* use SW to compare to HW */ /* fall back to software, below */ @@ -4698,7 +4698,7 @@ int mp_mulmod (mp_int * a, mp_int * b, mp_int * c, mp_int * d) /* successfully computed in HW */ break; - case WC_HW_WAIT_E: /* MP_HW_BUSY math HW busy, fall back */ + case WC_NO_ERR_TRACE(WC_HW_WAIT_E): /* MP_HW_BUSY math HW busy, fall back */ case MP_HW_FALLBACK: /* forced fallback from HW to SW */ case MP_HW_VALIDATION_ACTIVE: /* use SW to compare to HW */ /* use software calc */ @@ -5685,9 +5685,9 @@ int mp_rand_prime(mp_int* a, int len, WC_RNG* rng, void* heap) err = fp_randprime(a, len, rng, heap); switch(err) { - case FP_VAL: + case WC_NO_ERR_TRACE(MP_VAL): return MP_VAL; - case FP_MEM: + case WC_NO_ERR_TRACE(MP_MEM): return MP_MEM; default: break; diff --git a/src/wolfcrypt/src/wc_dsp.c b/src/wolfcrypt/src/wc_dsp.c index c31c62b..c6c76c2 100644 --- a/src/wolfcrypt/src/wc_dsp.c +++ b/src/wolfcrypt/src/wc_dsp.c @@ -1,6 +1,6 @@ /* wc_dsp.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfcrypt/src/wc_encrypt.c b/src/wolfcrypt/src/wc_encrypt.c index 3b6d87d..9393a69 100644 --- a/src/wolfcrypt/src/wc_encrypt.c +++ b/src/wolfcrypt/src/wc_encrypt.c @@ -1,6 +1,6 @@ /* wc_encrypt.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfcrypt/src/wc_kyber.c b/src/wolfcrypt/src/wc_kyber.c index ffa37d8..bca5e1f 100644 --- a/src/wolfcrypt/src/wc_kyber.c +++ b/src/wolfcrypt/src/wc_kyber.c @@ -47,14 +47,15 @@ /******************************************************************************/ /* Use SHA3-256 to generate 32-bytes of hash. */ -#define KYBER_HASH_H wc_Sha3_256Hash +#define KYBER_HASH_H kyber_hash256 /* Use SHA3-512 to generate 64-bytes of hash. */ -#define KYBER_HASH_G wc_Sha3_512Hash +#define KYBER_HASH_G kyber_hash512 /* Use SHAKE-256 as a key derivation function (KDF). */ -#ifdef USE_INTEL_SPEEDUP -#define KYBER_KDF kyber_kdf +#if defined(USE_INTEL_SPEEDUP) || \ + (defined(WOLFSSL_ARMASM) && defined(__aarch64__)) + #define KYBER_KDF kyber_kdf #else -#define KYBER_KDF wc_Shake256Hash + #define KYBER_KDF wc_Shake256Hash #endif /******************************************************************************/ @@ -123,6 +124,10 @@ int wc_KyberKey_Init(int type, KyberKey* key, void* heap, int devId) key->devId = devId; #endif + /* Initialize the hash algorithm object. */ + ret = kyber_hash_new(&key->hash, heap, devId); + } + if (ret == 0) { /* Initialize the PRF algorithm object. */ ret = kyber_prf_new(&key->prf, heap, devId); } @@ -145,6 +150,8 @@ void wc_KyberKey_Free(KyberKey* key) if (key != NULL) { /* Dispose of PRF object. */ kyber_prf_free(&key->prf); + /* Dispose of hash object. */ + kyber_hash_free(&key->hash); /* Ensure all private data is zeroed. */ ForceZero(key, sizeof(*key)); } @@ -254,18 +261,28 @@ int wc_KyberKey_MakeKeyWithRandom(KyberKey* key, const unsigned char* rand, } } if (ret == 0) { + const byte* d = rand; + /* Error vector allocated at end of a. */ e = a + (kp * kp * KYBER_N); - /* Expand 16 bytes of random to 32. */ - ret = KYBER_HASH_G(rand, KYBER_SYM_SZ, buf); +#ifdef WOLFSSL_KYBER_ORIGINAL + /* Expand 32 bytes of random to 32. */ + ret = KYBER_HASH_G(&key->hash, d, KYBER_SYM_SZ, NULL, 0, buf); +#else + buf[0] = kp; + /* Expand 33 bytes of random to 32. */ + ret = KYBER_HASH_G(&key->hash, d, KYBER_SYM_SZ, buf, 1, buf); +#endif } if (ret == 0) { + const byte* z = rand + KYBER_SYM_SZ; + /* Cache the public seed for use in encapsulation and encoding public * key. */ XMEMCPY(key->pubSeed, pubSeed, KYBER_SYM_SZ); /* Cache the z value for decapsulation and encoding private key. */ - XMEMCPY(key->z, rand + KYBER_SYM_SZ, sizeof(key->z)); + XMEMCPY(key->z, z, sizeof(key->z)); /* Generate the matrix A. */ ret = kyber_gen_matrix(&key->prf, a, kp, pubSeed, 0); @@ -286,7 +303,9 @@ int wc_KyberKey_MakeKeyWithRandom(KyberKey* key, const unsigned char* rand, } /* Free dynamic memory allocated in function. */ - XFREE(a, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (key != NULL) { + XFREE(a, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + } return ret; } @@ -375,11 +394,7 @@ static int kyberkey_encapsulate(KyberKey* key, const byte* msg, byte* coins, sword16* epp = NULL; unsigned int kp = 0; unsigned int compVecSz = 0; -#ifndef USE_INTEL_SPEEDUP sword16* at = NULL; -#else - sword16 at[((KYBER_MAX_K + 3) * KYBER_MAX_K + 3) * KYBER_N]; -#endif /* Establish parameters based on key type. */ switch (key->type) { @@ -407,7 +422,6 @@ static int kyberkey_encapsulate(KyberKey* key, const byte* msg, byte* coins, break; } -#ifndef USE_INTEL_SPEEDUP if (ret == 0) { /* Allocate dynamic memory for all matrices, vectors and polynomials. */ at = (sword16*)XMALLOC(((kp + 3) * kp + 3) * KYBER_N * sizeof(sword16), @@ -416,7 +430,6 @@ static int kyberkey_encapsulate(KyberKey* key, const byte* msg, byte* coins, ret = MEMORY_E; } } -#endif if (ret == 0) { /* Assign allocated dynamic memory to pointers. @@ -470,10 +483,8 @@ static int kyberkey_encapsulate(KyberKey* key, const byte* msg, byte* coins, #endif } -#ifndef USE_INTEL_SPEEDUP /* Dispose of dynamic memory allocated in function. */ XFREE(at, key->heap, DYNAMIC_TYPE_TMP_BUFFER); -#endif return ret; } @@ -530,10 +541,12 @@ int wc_KyberKey_Encapsulate(KyberKey* key, unsigned char* ct, unsigned char* ss, int wc_KyberKey_EncapsulateWithRandom(KyberKey* key, unsigned char* ct, unsigned char* ss, const unsigned char* rand, int len) { - byte msg[2 * KYBER_SYM_SZ]; +#ifdef WOLFSSL_KYBER_ORIGINAL + byte msg[KYBER_SYM_SZ]; +#endif byte kr[2 * KYBER_SYM_SZ + 1]; int ret = 0; -#ifndef WOLFSSL_ML_KEM +#ifdef WOLFSSL_KYBER_ORIGINAL unsigned int ctSz = 0; #endif @@ -545,7 +558,7 @@ int wc_KyberKey_EncapsulateWithRandom(KyberKey* key, unsigned char* ct, ret = BUFFER_E; } -#ifndef WOLFSSL_ML_KEM +#ifdef WOLFSSL_KYBER_ORIGINAL if (ret == 0) { /* Establish parameters based on key type. */ switch (key->type) { @@ -599,31 +612,36 @@ int wc_KyberKey_EncapsulateWithRandom(KyberKey* key, unsigned char* ct, ret = BAD_STATE_E; } +#ifdef WOLFSSL_KYBER_ORIGINAL if (ret == 0) { -#ifndef WOLFSSL_ML_KEM /* Hash random to anonymize as seed data. */ - ret = KYBER_HASH_H(rand, KYBER_SYM_SZ, msg); -#else - XMEMCPY(msg, rand, KYBER_SYM_SZ); -#endif + ret = KYBER_HASH_H(&key->hash, rand, KYBER_SYM_SZ, msg); } +#endif if (ret == 0) { - /* Copy the hash of the public key into msg. */ - XMEMCPY(msg + KYBER_SYM_SZ, key->h, KYBER_SYM_SZ); - /* Hash message into seed buffer. */ - ret = KYBER_HASH_G(msg, 2 * KYBER_SYM_SZ, kr); +#ifdef WOLFSSL_KYBER_ORIGINAL + ret = KYBER_HASH_G(&key->hash, msg, KYBER_SYM_SZ, key->h, KYBER_SYM_SZ, + kr); +#else + ret = KYBER_HASH_G(&key->hash, rand, KYBER_SYM_SZ, key->h, KYBER_SYM_SZ, + kr); +#endif } if (ret == 0) { /* Encapsulate the message using the key and the seed (coins). */ +#ifdef WOLFSSL_KYBER_ORIGINAL ret = kyberkey_encapsulate(key, msg, kr + KYBER_SYM_SZ, ct); +#else + ret = kyberkey_encapsulate(key, rand, kr + KYBER_SYM_SZ, ct); +#endif } -#ifndef WOLFSSL_ML_KEM +#ifdef WOLFSSL_KYBER_ORIGINAL if (ret == 0) { /* Hash the cipher text after the seed. */ - ret = KYBER_HASH_H(ct, ctSz, kr + KYBER_SYM_SZ); + ret = KYBER_HASH_H(&key->hash, ct, ctSz, kr + KYBER_SYM_SZ); } if (ret == 0) { /* Derive the secret from the seed and hash of cipher text. */ @@ -739,7 +757,7 @@ static KYBER_NOINLINE int kyberkey_decapsulate(KyberKey* key, return ret; } -#ifdef WOLFSSL_ML_KEM +#ifndef WOLFSSL_KYBER_ORIGINAL /* Derive the secret from z and cipher text. * * @param [in] z Implicit rejection value. @@ -790,7 +808,7 @@ static int kyber_derive_secret(const byte* z, const byte* ct, word32 ctSz, int wc_KyberKey_Decapsulate(KyberKey* key, unsigned char* ss, const unsigned char* ct, word32 len) { - byte msg[2 * KYBER_SYM_SZ]; + byte msg[KYBER_SYM_SZ]; byte kr[2 * KYBER_SYM_SZ + 1]; int ret = 0; unsigned int ctSz = 0; @@ -852,10 +870,9 @@ int wc_KyberKey_Decapsulate(KyberKey* key, unsigned char* ss, ret = kyberkey_decapsulate(key, msg, ct); } if (ret == 0) { - /* Copy public hash over after the seed. */ - XMEMCPY(msg + KYBER_SYM_SZ, key->h, KYBER_SYM_SZ); /* Hash message into seed buffer. */ - ret = KYBER_HASH_G(msg, 2 * KYBER_SYM_SZ, kr); + ret = KYBER_HASH_G(&key->hash, msg, KYBER_SYM_SZ, key->h, KYBER_SYM_SZ, + kr); } if (ret == 0) { /* Encapsulate the message. */ @@ -865,9 +882,9 @@ int wc_KyberKey_Decapsulate(KyberKey* key, unsigned char* ss, /* Compare generated cipher text with that passed in. */ fail = kyber_cmp(ct, cmp, ctSz); -#ifndef WOLFSSL_ML_KEM +#ifdef WOLFSSL_KYBER_ORIGINAL /* Hash the cipher text after the seed. */ - ret = KYBER_HASH_H(ct, ctSz, kr + KYBER_SYM_SZ); + ret = KYBER_HASH_H(&key->hash, ct, ctSz, kr + KYBER_SYM_SZ); } if (ret == 0) { /* Change seed to z on comparison failure. */ @@ -890,7 +907,9 @@ int wc_KyberKey_Decapsulate(KyberKey* key, unsigned char* ss, #ifndef USE_INTEL_SPEEDUP /* Dispose of dynamic memory allocated in function. */ - XFREE(cmp, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (key != NULL) { + XFREE(cmp, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + } #endif return ret; @@ -1052,7 +1071,7 @@ int wc_KyberKey_DecodePublicKey(KyberKey* key, const unsigned char* in, key->pubSeed[i] = p[i]; } /* Calculate public hash. */ - ret = KYBER_HASH_H(in, len, key->h); + ret = KYBER_HASH_H(&key->hash, in, len, key->h); } if (ret == 0) { /* Record public key and public hash set. */ @@ -1230,7 +1249,7 @@ int wc_KyberKey_EncodePrivateKey(KyberKey* key, unsigned char* out, word32 len) } /* Ensure hash of public key is available. */ if ((ret == 0) && ((key->flags & KYBER_FLAG_H_SET) == 0)) { - ret = KYBER_HASH_H(p - pubLen, pubLen, key->h); + ret = KYBER_HASH_H(&key->hash, p - pubLen, pubLen, key->h); } if (ret == 0) { /* Public hash is available. */ @@ -1317,7 +1336,7 @@ int wc_KyberKey_EncodePublicKey(KyberKey* key, unsigned char* out, word32 len) /* Make sure public hash is set. */ if ((key->flags & KYBER_FLAG_H_SET) == 0) { - ret = KYBER_HASH_H(out, len, key->h); + ret = KYBER_HASH_H(&key->hash, out, len, key->h); } } if (ret == 0) { diff --git a/src/wolfcrypt/src/wc_kyber_poly.c b/src/wolfcrypt/src/wc_kyber_poly.c index aed437c..52c8af3 100644 --- a/src/wolfcrypt/src/wc_kyber_poly.c +++ b/src/wolfcrypt/src/wc_kyber_poly.c @@ -57,12 +57,23 @@ * some platforms and is smaller in code size. */ +#ifdef HAVE_CONFIG_H + #include +#endif + #include #include #include #ifdef WOLFSSL_WC_KYBER +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + /* Declared in wc_kyber.c to stop compiler optimizer from simplifying. */ extern volatile sword16 kyber_opt_blocker; @@ -162,7 +173,16 @@ const sword16 zetas_inv[KYBER_N / 2] = { 3127, 3042, 1907, 1836, 1517, 359, 758, 1441 }; +#define KYBER_BARRETT(a) \ + "SMULWB r10, r14, " #a "\n\t" \ + "SMULWT r11, r14, " #a "\n\t" \ + "SMULBT r10, r12, r10\n\t" \ + "SMULBT r11, r12, r11\n\t" \ + "PKHBT r10, r10, r11, LSL #16\n\t" \ + "SSUB16 " #a ", " #a ", r10\n\t" + +#if !defined(WOLFSSL_ARMASM) /* Number-Theoretic Transform. * * @param [in, out] r Polynomial to transform. @@ -927,15 +947,16 @@ static void kyber_basemul(sword16* r, const sword16* a, const sword16* b, */ static void kyber_basemul_mont(sword16* r, const sword16* a, const sword16* b) { - unsigned int i; const sword16* zeta = zetas + 64; -#ifdef WOLFSSL_KYBER_SMALL +#if defined(WOLFSSL_KYBER_SMALL) + unsigned int i; for (i = 0; i < KYBER_N; i += 4, zeta++) { kyber_basemul(r + i + 0, a + i + 0, b + i + 0, zeta[0]); kyber_basemul(r + i + 2, a + i + 2, b + i + 2, -zeta[0]); } #elif defined(WOLFSSL_KYBER_NO_LARGE_CODE) + unsigned int i; for (i = 0; i < KYBER_N; i += 8, zeta += 2) { kyber_basemul(r + i + 0, a + i + 0, b + i + 0, zeta[0]); kyber_basemul(r + i + 2, a + i + 2, b + i + 2, -zeta[0]); @@ -943,6 +964,7 @@ static void kyber_basemul_mont(sword16* r, const sword16* a, const sword16* b) kyber_basemul(r + i + 6, a + i + 6, b + i + 6, -zeta[1]); } #else + unsigned int i; for (i = 0; i < KYBER_N; i += 16, zeta += 4) { kyber_basemul(r + i + 0, a + i + 0, b + i + 0, zeta[0]); kyber_basemul(r + i + 2, a + i + 2, b + i + 2, -zeta[0]); @@ -965,10 +987,10 @@ static void kyber_basemul_mont(sword16* r, const sword16* a, const sword16* b) static void kyber_basemul_mont_add(sword16* r, const sword16* a, const sword16* b) { - unsigned int i; const sword16* zeta = zetas + 64; -#ifdef WOLFSSL_KYBER_SMALL +#if defined(WOLFSSL_KYBER_SMALL) + unsigned int i; for (i = 0; i < KYBER_N; i += 4, zeta++) { sword16 t0[2]; sword16 t2[2]; @@ -982,6 +1004,7 @@ static void kyber_basemul_mont_add(sword16* r, const sword16* a, r[i + 3] += t2[1]; } #elif defined(WOLFSSL_KYBER_NO_LARGE_CODE) + unsigned int i; for (i = 0; i < KYBER_N; i += 8, zeta += 2) { sword16 t0[2]; sword16 t2[2]; @@ -1003,6 +1026,7 @@ static void kyber_basemul_mont_add(sword16* r, const sword16* a, r[i + 7] += t6[1]; } #else + unsigned int i; for (i = 0; i < KYBER_N; i += 16, zeta += 4) { sword16 t0[2]; sword16 t2[2]; @@ -1041,6 +1065,7 @@ static void kyber_basemul_mont_add(sword16* r, const sword16* a, } #endif } +#endif /* Pointwise multiply elements of a and b, into r, and multiply by 2^-16. * @@ -1074,6 +1099,110 @@ void kyber_init(void) /******************************************************************************/ +#if defined(__aarch64__) && defined(WOLFSSL_ARMASM) + +/* Generate a public-private key pair from randomly generated data. + * + * @param [in, out] priv Private key vector of polynomials. + * @param [out] pub Public key vector of polynomials. + * @param [in] e Error values as a vector of polynomials. Modified. + * @param [in] a Random values in an array of vectors of polynomials. + * @param [in] kp Number of polynomials in vector. + */ +void kyber_keygen(sword16* priv, sword16* pub, sword16* e, const sword16* a, + int kp) +{ + int i; + + /* Transform private key. All of result used in public key calculation */ + for (i = 0; i < kp; ++i) { + kyber_ntt(priv + i * KYBER_N); + } + + /* For each polynomial in the vectors. */ + for (i = 0; i < kp; ++i) { + /* Multiply a by private into public polynomial. */ + kyber_pointwise_acc_mont(pub + i * KYBER_N, a + i * kp * KYBER_N, priv, + kp); + /* Convert public polynomial to Montgomery form. */ + kyber_to_mont(pub + i * KYBER_N); + /* Transform error values polynomial. */ + kyber_ntt(e + i * KYBER_N); + /* Add errors to public key and reduce. */ + kyber_add_reduce(pub + i * KYBER_N, e + i * KYBER_N); + } +} + +/* Encapsuluate message. + * + * @param [in] pub Public key vector of polynomials. + * @param [out] bp Vector of polynomials. + * @param [out] v Polynomial. + * @param [in] at Array of vector of polynomials. + * @param [in] sp Vector of polynomials. + * @param [in] ep Error Vector of polynomials. + * @param [in] epp Error polynomial. + * @param [in] m Message polynomial. + * @param [in] kp Number of polynomials in vector. + */ +void kyber_encapsulate(const sword16* pub, sword16* bp, sword16* v, + const sword16* at, sword16* sp, const sword16* ep, const sword16* epp, + const sword16* m, int kp) +{ + int i; + + /* Transform sp. All of result used in calculation of bp and v. */ + for (i = 0; i < kp; ++i) { + kyber_ntt(sp + i * KYBER_N); + } + + /* For each polynomial in the vectors. */ + for (i = 0; i < kp; ++i) { + /* Multiply at by sp into bp polynomial. */ + kyber_pointwise_acc_mont(bp + i * KYBER_N, at + i * kp * KYBER_N, sp, + kp); + /* Inverse transform bp polynomial. */ + kyber_invntt(bp + i * KYBER_N); + /* Add errors to bp and reduce. */ + kyber_add_reduce(bp + i * KYBER_N, ep + i * KYBER_N); + } + + /* Multiply public key by sp into v polynomial. */ + kyber_pointwise_acc_mont(v, pub, sp, kp); + /* Inverse transform v. */ + kyber_invntt(v); + /* Add errors and message to v and reduce. */ + kyber_add3_reduce(v, epp, m); +} + +/* Decapsulate message. + * + * @param [in] priv Private key vector of polynomials. + * @param [out] mp Message polynomial. + * @param [in] bp Vector of polynomials containing error. + * @param [in] v Encapsulated message polynomial. + * @param [in] kp Number of polynomials in vector. + */ +void kyber_decapsulate(const sword16* priv, sword16* mp, sword16* bp, + const sword16* v, int kp) +{ + int i; + + /* Transform bp. All of result used in calculation of mp. */ + for (i = 0; i < kp; ++i) { + kyber_ntt(bp + i * KYBER_N); + } + + /* Multiply private key by bp into mp polynomial. */ + kyber_pointwise_acc_mont(mp, priv, bp, kp); + /* Inverse transform mp. */ + kyber_invntt(mp); + /* Subtract errors (mp) out of v and reduce into mp. */ + kyber_rsub_reduce(mp, v); +} + +#else + /* Generate a public-private key pair from randomly generated data. * * @param [in, out] priv Private key vector of polynomials. @@ -1126,8 +1255,9 @@ void kyber_keygen(sword16* priv, sword16* pub, sword16* e, const sword16* a, int kp) { #ifdef USE_INTEL_SPEEDUP - if (IS_INTEL_AVX2(cpuid_flags)) { + if ((IS_INTEL_AVX2(cpuid_flags)) && (SAVE_VECTOR_REGISTERS2() == 0)) { kyber_keygen_avx2(priv, pub, e, a, kp); + RESTORE_VECTOR_REGISTERS(); } else #endif @@ -1204,8 +1334,9 @@ void kyber_encapsulate(const sword16* pub, sword16* bp, sword16* v, const sword16* m, int kp) { #ifdef USE_INTEL_SPEEDUP - if (IS_INTEL_AVX2(cpuid_flags)) { + if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { kyber_encapsulate_avx2(pub, bp, v, at, sp, ep, epp, m, kp); + RESTORE_VECTOR_REGISTERS(); } else #endif @@ -1255,8 +1386,9 @@ void kyber_decapsulate(const sword16* priv, sword16* mp, sword16* bp, const sword16* v, int kp) { #ifdef USE_INTEL_SPEEDUP - if (IS_INTEL_AVX2(cpuid_flags)) { + if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { kyber_decapsulate_avx2(priv, mp, bp, v, kp); + RESTORE_VECTOR_REGISTERS(); } else #endif @@ -1265,6 +1397,8 @@ void kyber_decapsulate(const sword16* priv, sword16* mp, sword16* bp, } } +#endif + /******************************************************************************/ #ifdef USE_INTEL_SPEEDUP @@ -1445,20 +1579,18 @@ static int kyber_gen_matrix_k3_avx2(sword16* a, byte* seed, int transposed) a += 4 * KYBER_N; } - state[0] = ((word64*)seed)[0]; - state[1] = ((word64*)seed)[1]; - state[2] = ((word64*)seed)[2]; - state[3] = ((word64*)seed)[3]; + readUnalignedWords64(state, seed, 4); /* Transposed value same as not. */ state[4] = 0x1f0000 + (2 << 8) + 2; XMEMSET(state + 5, 0, sizeof(*state) * (25 - 5)); - state[20] = 0x8000000000000000UL; + state[20] = W64LIT(0x8000000000000000); for (i = 0; i < GEN_MATRIX_SIZE; i += SHA3_128_BYTES) { if (IS_INTEL_BMI2(cpuid_flags)) { sha3_block_bmi2(state); } - else if (IS_INTEL_AVX2(cpuid_flags)) { + else if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { sha3_block_avx2(state); + RESTORE_VECTOR_REGISTERS(); } else { BlockSha3(state); @@ -1470,8 +1602,9 @@ static int kyber_gen_matrix_k3_avx2(sword16* a, byte* seed, int transposed) if (IS_INTEL_BMI2(cpuid_flags)) { sha3_block_bmi2(state); } - else if (IS_INTEL_AVX2(cpuid_flags)) { + else if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { sha3_block_avx2(state); + RESTORE_VECTOR_REGISTERS(); } else { BlockSha3(state); @@ -1574,8 +1707,231 @@ static int kyber_gen_matrix_k4_avx2(sword16* a, byte* seed, int transposed) return 0; } #endif /* KYBER1024 */ +#elif defined(WOLFSSL_ARMASM) && defined(__aarch64__) +#ifdef WOLFSSL_KYBER512 +/* Deterministically generate a matrix (or transpose) of uniform integers mod q. + * + * Seed used with XOF to generate random bytes. + * + * @param [out] a Matrix of uniform integers. + * @param [in] seed Bytes to seed XOF generation. + * @param [in] transposed Whether A or A^T is generated. + * @return 0 on success. + * @return MEMORY_E when dynamic memory allocation fails. Only possible when + * WOLFSSL_SMALL_STACK is defined. + */ +static int kyber_gen_matrix_k2_aarch64(sword16* a, byte* seed, int transposed) +{ + word64 state[3 * 25]; + word64* st = (word64*)state; + unsigned int ctr0; + unsigned int ctr1; + unsigned int ctr2; + byte* p; + + if (!transposed) { + state[0*25 + 4] = 0x1f0000 + (0 << 8) + 0; + state[1*25 + 4] = 0x1f0000 + (0 << 8) + 1; + state[2*25 + 4] = 0x1f0000 + (1 << 8) + 0; + } + else { + state[0*25 + 4] = 0x1f0000 + (0 << 8) + 0; + state[1*25 + 4] = 0x1f0000 + (1 << 8) + 0; + state[2*25 + 4] = 0x1f0000 + (0 << 8) + 1; + } + + kyber_shake128_blocksx3_seed_neon(state, seed); + /* Sample random bytes to create a polynomial. */ + p = (byte*)st; + ctr0 = kyber_rej_uniform_neon(a + 0 * KYBER_N, KYBER_N, p, XOF_BLOCK_SIZE); + p += 25 * 8; + ctr1 = kyber_rej_uniform_neon(a + 1 * KYBER_N, KYBER_N, p, XOF_BLOCK_SIZE); + p += 25 * 8; + ctr2 = kyber_rej_uniform_neon(a + 2 * KYBER_N, KYBER_N, p, XOF_BLOCK_SIZE); + while ((ctr0 < KYBER_N) || (ctr1 < KYBER_N) || (ctr2 < KYBER_N)) { + kyber_sha3_blocksx3_neon(st); + + p = (byte*)st; + ctr0 += kyber_rej_uniform_neon(a + 0 * KYBER_N + ctr0, KYBER_N - ctr0, + p, XOF_BLOCK_SIZE); + p += 25 * 8; + ctr1 += kyber_rej_uniform_neon(a + 1 * KYBER_N + ctr1, KYBER_N - ctr1, + p, XOF_BLOCK_SIZE); + p += 25 * 8; + ctr2 += kyber_rej_uniform_neon(a + 2 * KYBER_N + ctr2, KYBER_N - ctr2, + p, XOF_BLOCK_SIZE); + } + + a += 3 * KYBER_N; + + readUnalignedWords64(state, seed, 4); + /* Transposed value same as not. */ + state[4] = 0x1f0000 + (1 << 8) + 1; + XMEMSET(state + 5, 0, sizeof(*state) * (25 - 5)); + state[20] = W64LIT(0x8000000000000000); + BlockSha3(state); + p = (byte*)state; + ctr0 = kyber_rej_uniform_neon(a, KYBER_N, p, XOF_BLOCK_SIZE); + while (ctr0 < KYBER_N) { + BlockSha3(state); + ctr0 += kyber_rej_uniform_neon(a + ctr0, KYBER_N - ctr0, p, + XOF_BLOCK_SIZE); + } + + return 0; +} +#endif + +#ifdef WOLFSSL_KYBER768 +/* Deterministically generate a matrix (or transpose) of uniform integers mod q. + * + * Seed used with XOF to generate random bytes. + * + * @param [out] a Matrix of uniform integers. + * @param [in] seed Bytes to seed XOF generation. + * @param [in] transposed Whether A or A^T is generated. + * @return 0 on success. + * @return MEMORY_E when dynamic memory allocation fails. Only possible when + * WOLFSSL_SMALL_STACK is defined. + */ +static int kyber_gen_matrix_k3_aarch64(sword16* a, byte* seed, int transposed) +{ + int i; + int k; + word64 state[3 * 25]; + word64* st = (word64*)state; + unsigned int ctr0; + unsigned int ctr1; + unsigned int ctr2; + byte* p; + + for (k = 0; k < 3; k++) { + for (i = 0; i < 3; i++) { + if (!transposed) { + state[i*25 + 4] = 0x1f0000 + ((k << 8) + i); + } + else { + state[i*25 + 4] = 0x1f0000 + ((i << 8) + k); + } + } + + kyber_shake128_blocksx3_seed_neon(state, seed); + /* Sample random bytes to create a polynomial. */ + p = (byte*)st; + ctr0 = kyber_rej_uniform_neon(a + 0 * KYBER_N, KYBER_N, p, + XOF_BLOCK_SIZE); + p += 25 * 8; + ctr1 = kyber_rej_uniform_neon(a + 1 * KYBER_N, KYBER_N, p, + XOF_BLOCK_SIZE); + p +=25 * 8; + ctr2 = kyber_rej_uniform_neon(a + 2 * KYBER_N, KYBER_N, p, + XOF_BLOCK_SIZE); + /* Create more blocks if too many rejected. */ + while ((ctr0 < KYBER_N) || (ctr1 < KYBER_N) || (ctr2 < KYBER_N)) { + kyber_sha3_blocksx3_neon(st); + + p = (byte*)st; + ctr0 += kyber_rej_uniform_neon(a + 0 * KYBER_N + ctr0, + KYBER_N - ctr0, p, XOF_BLOCK_SIZE); + p += 25 * 8; + ctr1 += kyber_rej_uniform_neon(a + 1 * KYBER_N + ctr1, + KYBER_N - ctr1, p, XOF_BLOCK_SIZE); + p += 25 * 8; + ctr2 += kyber_rej_uniform_neon(a + 2 * KYBER_N + ctr2, + KYBER_N - ctr2, p, XOF_BLOCK_SIZE); + } + + a += 3 * KYBER_N; + } + + return 0; +} +#endif + +#ifdef WOLFSSL_KYBER1024 +/* Deterministically generate a matrix (or transpose) of uniform integers mod q. + * + * Seed used with XOF to generate random bytes. + * + * @param [out] a Matrix of uniform integers. + * @param [in] seed Bytes to seed XOF generation. + * @param [in] transposed Whether A or A^T is generated. + * @return 0 on success. + * @return MEMORY_E when dynamic memory allocation fails. Only possible when + * WOLFSSL_SMALL_STACK is defined. + */ +static int kyber_gen_matrix_k4_aarch64(sword16* a, byte* seed, int transposed) +{ + int i; + int k; + word64 state[3 * 25]; + word64* st = (word64*)state; + unsigned int ctr0; + unsigned int ctr1; + unsigned int ctr2; + byte* p; + + for (k = 0; k < 5; k++) { + for (i = 0; i < 3; i++) { + byte bi = ((k * 3) + i) / 4; + byte bj = ((k * 3) + i) % 4; + if (!transposed) { + state[i*25 + 4] = 0x1f0000 + (bi << 8) + bj; + } + else { + state[i*25 + 4] = 0x1f0000 + (bj << 8) + bi; + } + } + + kyber_shake128_blocksx3_seed_neon(state, seed); + /* Sample random bytes to create a polynomial. */ + p = (byte*)st; + ctr0 = kyber_rej_uniform_neon(a + 0 * KYBER_N, KYBER_N, p, + XOF_BLOCK_SIZE); + p += 25 * 8; + ctr1 = kyber_rej_uniform_neon(a + 1 * KYBER_N, KYBER_N, p, + XOF_BLOCK_SIZE); + p += 25 * 8; + ctr2 = kyber_rej_uniform_neon(a + 2 * KYBER_N, KYBER_N, p, + XOF_BLOCK_SIZE); + /* Create more blocks if too many rejected. */ + while ((ctr0 < KYBER_N) || (ctr1 < KYBER_N) || (ctr2 < KYBER_N)) { + kyber_sha3_blocksx3_neon(st); + + p = (byte*)st; + ctr0 += kyber_rej_uniform_neon(a + 0 * KYBER_N + ctr0, + KYBER_N - ctr0, p, XOF_BLOCK_SIZE); + p += 25 * 8; + ctr1 += kyber_rej_uniform_neon(a + 1 * KYBER_N + ctr1, + KYBER_N - ctr1, p, XOF_BLOCK_SIZE); + p += 25 * 8; + ctr2 += kyber_rej_uniform_neon(a + 2 * KYBER_N + ctr2, + KYBER_N - ctr2, p, XOF_BLOCK_SIZE); + } + + a += 3 * KYBER_N; + } + + readUnalignedWords64(state, seed, 4); + /* Transposed value same as not. */ + state[4] = 0x1f0000 + (3 << 8) + 3; + XMEMSET(state + 5, 0, sizeof(*state) * (25 - 5)); + state[20] = W64LIT(0x8000000000000000); + BlockSha3(state); + p = (byte*)state; + ctr0 = kyber_rej_uniform_neon(a, KYBER_N, p, XOF_BLOCK_SIZE); + while (ctr0 < KYBER_N) { + BlockSha3(state); + ctr0 += kyber_rej_uniform_neon(a + ctr0, KYBER_N - ctr0, p, + XOF_BLOCK_SIZE); + } + + return 0; +} +#endif #endif /* USE_INTEL_SPEEDUP */ +#if !(defined(WOLFSSL_ARMASM) && defined(__aarch64__)) /* Absorb the seed data for squeezing out pseudo-random data. * * @param [in, out] shake128 SHAKE-128 object. @@ -1606,6 +1962,56 @@ static int kyber_xof_squeezeblocks(wc_Shake* shake128, byte* out, int blocks) { return wc_Shake128_SqueezeBlocks(shake128, out, blocks); } +#endif + +/* New/Initialize SHA-3 object. + * + * @param [in, out] hash SHA-3 object. + * @param [in] heap Dynamic memory allocator hint. + * @param [in] devId Device id. + * @return 0 on success always. + */ +int kyber_hash_new(wc_Sha3* hash, void* heap, int devId) +{ + return wc_InitSha3_256(hash, heap, devId); +} + +/* Free SHA-3 object. + * + * @param [in, out] hash SHA-3 object. + */ +void kyber_hash_free(wc_Sha3* hash) +{ + wc_Sha3_256_Free(hash); +} + +int kyber_hash256(wc_Sha3* hash, const byte* data, word32 dataLen, byte* out) +{ + int ret; + + ret = wc_Sha3_256_Update(hash, data, dataLen); + if (ret == 0) { + ret = wc_Sha3_256_Final(hash, out); + } + + return ret; +} + +int kyber_hash512(wc_Sha3* hash, const byte* data1, word32 data1Len, + const byte* data2, word32 data2Len, byte* out) +{ + int ret; + + ret = wc_Sha3_512_Update(hash, data1, data1Len); + if ((ret == 0) && (data2Len > 0)) { + ret = wc_Sha3_512_Update(hash, data2, data2Len); + } + if (ret == 0) { + ret = wc_Sha3_512_Final(hash, out); + } + + return ret; +} /* Initialize SHAKE-256 object. * @@ -1637,6 +2043,7 @@ void kyber_prf_free(wc_Shake* prf) wc_Shake256_Free(prf); } +#if !(defined(WOLFSSL_ARMASM) && defined(__aarch64__)) /* Create pseudo-random data from the key using SHAKE-256. * * @param [in, out] shake256 SHAKE-256 object. @@ -1650,24 +2057,22 @@ static int kyber_prf(wc_Shake* shake256, byte* out, unsigned int outLen, const byte* key) { #ifdef USE_INTEL_SPEEDUP - int i; word64 state[25]; (void)shake256; - for (i = 0; i < KYBER_SYM_SZ / 8; i++) { - state[i] = ((word64*)key)[i]; - } + readUnalignedWords64(state, key, KYBER_SYM_SZ / sizeof(word64)); state[KYBER_SYM_SZ / 8] = 0x1f00 | key[KYBER_SYM_SZ]; XMEMSET(state + KYBER_SYM_SZ / 8 + 1, 0, (25 - KYBER_SYM_SZ / 8 - 1) * sizeof(word64)); - state[WC_SHA3_256_COUNT - 1] = 0x8000000000000000UL; + state[WC_SHA3_256_COUNT - 1] = W64LIT(0x8000000000000000); if (IS_INTEL_BMI2(cpuid_flags)) { sha3_block_bmi2(state); } - else if (IS_INTEL_AVX2(cpuid_flags)) { + else if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { sha3_block_avx2(state); + RESTORE_VECTOR_REGISTERS(); } else { BlockSha3(state); @@ -1686,6 +2091,7 @@ static int kyber_prf(wc_Shake* shake256, byte* out, unsigned int outLen, return ret; #endif } +#endif #ifdef USE_INTEL_SPEEDUP /* Create pseudo-random key from the seed using SHAKE-256. @@ -1699,21 +2105,19 @@ static int kyber_prf(wc_Shake* shake256, byte* out, unsigned int outLen, int kyber_kdf(byte* seed, int seedLen, byte* out, int outLen) { word64 state[25]; - int i; - int len64 = seedLen / 8; + word32 len64 = seedLen / 8; - for (i = 0; i < len64; i++) { - state[i] = ((word64*)seed)[i]; - } + readUnalignedWords64(state, seed, len64); state[len64] = 0x1f; XMEMSET(state + len64 + 1, 0, (25 - len64 - 1) * sizeof(word64)); - state[WC_SHA3_256_COUNT - 1] = 0x8000000000000000UL; + state[WC_SHA3_256_COUNT - 1] = W64LIT(0x8000000000000000); if (IS_INTEL_BMI2(cpuid_flags)) { sha3_block_bmi2(state); } - else if (IS_INTEL_AVX2(cpuid_flags)) { + else if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { sha3_block_avx2(state); + RESTORE_VECTOR_REGISTERS(); } else { BlockSha3(state); @@ -1724,6 +2128,33 @@ int kyber_kdf(byte* seed, int seedLen, byte* out, int outLen) } #endif +#if defined(WOLFSSL_ARMASM) && defined(__aarch64__) +/* Create pseudo-random key from the seed using SHAKE-256. + * + * @param [in] seed Data to derive from. + * @param [in] seedLen Length of data to derive from in bytes. + * @param [out] out Buffer to write to. + * @param [in] outLen Number of bytes to derive. + * @return 0 on success always. + */ +int kyber_kdf(byte* seed, int seedLen, byte* out, int outLen) +{ + word64 state[25]; + word32 len64 = seedLen / 8; + + readUnalignedWords64(state, seed, len64); + state[len64] = 0x1f; + XMEMSET(state + len64 + 1, 0, (25 - len64 - 1) * sizeof(word64)); + state[WC_SHA3_256_COUNT - 1] = W64LIT(0x8000000000000000); + + BlockSha3(state); + XMEMCPY(out, state, outLen); + + return 0; +} +#endif + +#if !defined(WOLFSSL_ARMASM) /* Rejection sampling on uniform random bytes to generate uniform random * integers mod q. * @@ -1739,6 +2170,7 @@ static unsigned int kyber_rej_uniform_c(sword16* p, unsigned int len, unsigned int i; unsigned int j; +#if defined(WOLFSSL_KYBER_SMALL) || !defined(WC_64BIT_CPU) /* Keep sampling until maximum number of integers reached or buffer used up. */ for (i = 0, j = 0; (i < len) && (j <= rLen - 3); j += 3) { @@ -1759,10 +2191,93 @@ static unsigned int kyber_rej_uniform_c(sword16* p, unsigned int len, /* Move over used bytes. */ r += 3; } +#else + unsigned int minJ; + + minJ = len / 4 * 6; + if (minJ > rLen) + minJ = rLen; + i = 0; + for (j = 0; j < minJ; j += 6) { + /* Use 48 bits (6 bytes) as four 12-bit integers. */ + word64 r_word = readUnalignedWord64(r); + sword16 v0 = r_word & 0xfff; + sword16 v1 = (r_word >> 12) & 0xfff; + sword16 v2 = (r_word >> 24) & 0xfff; + sword16 v3 = (r_word >> 36) & 0xfff; + + p[i] = v0 & (0 - (v0 < KYBER_Q)); + i += v0 < KYBER_Q; + p[i] = v1 & (0 - (v1 < KYBER_Q)); + i += v1 < KYBER_Q; + p[i] = v2 & (0 - (v2 < KYBER_Q)); + i += v2 < KYBER_Q; + p[i] = v3 & (0 - (v3 < KYBER_Q)); + i += v3 < KYBER_Q; + + /* Move over used bytes. */ + r += 6; + } + if (j < rLen) { + for (; (i + 4 < len) && (j < rLen); j += 6) { + /* Use 48 bits (6 bytes) as four 12-bit integers. */ + word64 r_word = readUnalignedWord64(r); + sword16 v0 = r_word & 0xfff; + sword16 v1 = (r_word >> 12) & 0xfff; + sword16 v2 = (r_word >> 24) & 0xfff; + sword16 v3 = (r_word >> 36) & 0xfff; + + p[i] = v0; + i += v0 < KYBER_Q; + p[i] = v1; + i += v1 < KYBER_Q; + p[i] = v2; + i += v2 < KYBER_Q; + p[i] = v3; + i += v3 < KYBER_Q; + + /* Move over used bytes. */ + r += 6; + } + for (; (i < len) && (j < rLen); j += 6) { + /* Use 48 bits (6 bytes) as four 12-bit integers. */ + word64 r_word = readUnalignedWord64(r); + sword16 v0 = r_word & 0xfff; + sword16 v1 = (r_word >> 12) & 0xfff; + sword16 v2 = (r_word >> 24) & 0xfff; + sword16 v3 = (r_word >> 36) & 0xfff; + + /* Reject first 12-bit integer if greater than or equal to q. */ + if (v0 < KYBER_Q) { + p[i++] = v0; + } + /* Check second if we don't have enough integers yet. + * Reject second 12-bit integer if greater than or equal to q. */ + if ((i < len) && (v1 < KYBER_Q)) { + p[i++] = v1; + } + /* Check second if we don't have enough integers yet. + * Reject third 12-bit integer if greater than or equal to q. */ + if ((i < len) && (v2 < KYBER_Q)) { + p[i++] = v2; + } + /* Check second if we don't have enough integers yet. + * Reject fourth 12-bit integer if greater than or equal to q. */ + if ((i < len) && (v3 < KYBER_Q)) { + p[i++] = v3; + } + + /* Move over used bytes. */ + r += 6; + } + } +#endif return i; } +#endif +#if !(defined(WOLFSSL_ARMASM) && defined(__aarch64__)) /* Deterministically generate a matrix (or transpose) of uniform integers mod q. * * Seed used with XOF to generate random bytes. @@ -1798,6 +2313,12 @@ static int kyber_gen_matrix_c(KYBER_PRF_T* prf, sword16* a, int kp, byte* seed, } #endif +#if !defined(WOLFSSL_KYBER_SMALL) && defined(WC_64BIT_CPU) + /* Loading 64 bits, only using 48 bits. Loading 2 bytes more than used. */ + rand[GEN_MATRIX_SIZE+0] = 0xff; + rand[GEN_MATRIX_SIZE+1] = 0xff; +#endif + /* Generate each vector of polynomials. */ for (i = 0; (ret == 0) && (i < kp); i++, a += kp * KYBER_N) { int j; @@ -1818,35 +2339,17 @@ static int kyber_gen_matrix_c(KYBER_PRF_T* prf, sword16* a, int kp, byte* seed, ret = kyber_xof_squeezeblocks(prf, rand, GEN_MATRIX_NBLOCKS); } if (ret == 0) { - #if (GEN_MATRIX_SIZE % 3) != 0 - unsigned int randLen; - #endif unsigned int ctr; /* Sample random bytes to create a polynomial. */ ctr = kyber_rej_uniform_c(a + j * KYBER_N, KYBER_N, rand, GEN_MATRIX_SIZE); /* Create more blocks if too many rejected. */ - #if (GEN_MATRIX_SIZE % 3) != 0 - randLen = GEN_MATRIX_SIZE; - while (ctr < KYBER_N) { - int off = randLen % 3; - int k; - for (k = 0; k < off; k++) { - rand[k] = rand[randLen - off + k]; - } - kyber_xof_squeezeblocks(prf, rand + off, 1); - randLen = off + XOF_BLOCK_SIZE; - ctr += kyber_rej_uniform_c(a + j * KYBER_N + ctr, - KYBER_N - ctr, rand, randLen); - } - #else while (ctr < KYBER_N) { kyber_xof_squeezeblocks(prf, rand, 1); ctr += kyber_rej_uniform_c(a + j * KYBER_N + ctr, KYBER_N - ctr, rand, XOF_BLOCK_SIZE); } - #endif } } } @@ -1858,6 +2361,7 @@ static int kyber_gen_matrix_c(KYBER_PRF_T* prf, sword16* a, int kp, byte* seed, return ret; } +#endif /* Deterministically generate a matrix (or transpose) of uniform integers mod q. * @@ -1879,43 +2383,58 @@ int kyber_gen_matrix(KYBER_PRF_T* prf, sword16* a, int kp, byte* seed, #ifdef WOLFSSL_KYBER512 if (kp == KYBER512_K) { +#if defined(WOLFSSL_ARMASM) && defined(__aarch64__) + ret = kyber_gen_matrix_k2_aarch64(a, seed, transposed); +#else #ifdef USE_INTEL_SPEEDUP - if (IS_INTEL_AVX2(cpuid_flags)) { + if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { ret = kyber_gen_matrix_k2_avx2(a, seed, transposed); + RESTORE_VECTOR_REGISTERS(); } else #endif { ret = kyber_gen_matrix_c(prf, a, KYBER512_K, seed, transposed); } +#endif } else #endif #ifdef WOLFSSL_KYBER768 if (kp == KYBER768_K) { +#if defined(WOLFSSL_ARMASM) && defined(__aarch64__) + ret = kyber_gen_matrix_k3_aarch64(a, seed, transposed); +#else #ifdef USE_INTEL_SPEEDUP - if (IS_INTEL_AVX2(cpuid_flags)) { + if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { ret = kyber_gen_matrix_k3_avx2(a, seed, transposed); + RESTORE_VECTOR_REGISTERS(); } else #endif { ret = kyber_gen_matrix_c(prf, a, KYBER768_K, seed, transposed); } +#endif } else #endif #ifdef WOLFSSL_KYBER1024 if (kp == KYBER1024_K) { +#if defined(WOLFSSL_ARMASM) && defined(__aarch64__) + ret = kyber_gen_matrix_k4_aarch64(a, seed, transposed); +#else #ifdef USE_INTEL_SPEEDUP - if (IS_INTEL_AVX2(cpuid_flags)) { + if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { ret = kyber_gen_matrix_k4_avx2(a, seed, transposed); + RESTORE_VECTOR_REGISTERS(); } else #endif { ret = kyber_gen_matrix_c(prf, a, KYBER1024_K, seed, transposed); } +#endif } else #endif @@ -1923,6 +2442,8 @@ int kyber_gen_matrix(KYBER_PRF_T* prf, sword16* a, int kp, byte* seed, ret = BAD_STATE_E; } + (void)prf; + return ret; } @@ -1994,9 +2515,9 @@ static void kyber_cbd_eta2(sword16* p, const byte* r) #endif /* Take the next 8 bytes, little endian, as a 64 bit value. */ #ifdef BIG_ENDIAN_ORDER - word64 t = ByteReverseWord64(*(word64*)r); + word64 t = ByteReverseWord64(readUnalignedWord64(r)); #else - word64 t = *(word64*)r; + word64 t = readUnalignedWord64(r); #endif word64 d; /* Add second bits to first. */ @@ -2187,6 +2708,8 @@ static void kyber_cbd_eta3(sword16* p, const byte* r) } #endif +#if !(defined(__aarch64__) && defined(WOLFSSL_ARMASM)) + /* Get noise/error by calculating random bytes and sampling to a binomial * distribution. * @@ -2253,6 +2776,8 @@ static int kyber_get_noise_eta2_c(KYBER_PRF_T* prf, sword16* p, return ret; } +#endif + #ifdef USE_INTEL_SPEEDUP #define PRF_RAND_SZ (2 * SHA3_256_BYTES) @@ -2435,6 +2960,206 @@ static int kyber_get_noise_k4_avx2(KYBER_PRF_T* prf, sword16* vec1, #endif #endif /* USE_INTEL_SPEEDUP */ +#if defined(__aarch64__) && defined(WOLFSSL_ARMASM) + +#define PRF_RAND_SZ (2 * SHA3_256_BYTES) + +/* Get the noise/error by calculating random bytes. + * + * @param [out] rand Random number byte array. + * @param [in] seed Seed to generate random from. + * @param [in] o Offset of seed count. + */ +static void kyber_get_noise_x3_eta2_aarch64(byte* rand, byte* seed, byte o) +{ + word64* state = (word64*)rand; + + state[0*25 + 4] = 0x1f00 + 0 + o; + state[1*25 + 4] = 0x1f00 + 1 + o; + state[2*25 + 4] = 0x1f00 + 2 + o; + + kyber_shake256_blocksx3_seed_neon(state, seed); +} + +#ifdef WOLFSSL_KYBER512 +/* Get the noise/error by calculating random bytes. + * + * @param [out] rand Random number byte array. + * @param [in] seed Seed to generate random from. + * @param [in] o Offset of seed count. + */ +static void kyber_get_noise_x3_eta3_aarch64(byte* rand, byte* seed, byte o) +{ + word64 state[3 * 25]; + + state[0*25 + 4] = 0x1f00 + 0 + o; + state[1*25 + 4] = 0x1f00 + 1 + o; + state[2*25 + 4] = 0x1f00 + 2 + o; + + kyber_shake256_blocksx3_seed_neon(state, seed); + XMEMCPY(rand + 0 * ETA3_RAND_SIZE, state + 0*25, SHA3_256_BYTES); + XMEMCPY(rand + 1 * ETA3_RAND_SIZE, state + 1*25, SHA3_256_BYTES); + XMEMCPY(rand + 2 * ETA3_RAND_SIZE, state + 2*25, SHA3_256_BYTES); + kyber_sha3_blocksx3_neon(state); + rand += SHA3_256_BYTES; + XMEMCPY(rand + 0 * ETA3_RAND_SIZE, state + 0*25, + ETA3_RAND_SIZE - SHA3_256_BYTES); + XMEMCPY(rand + 1 * ETA3_RAND_SIZE, state + 1*25, + ETA3_RAND_SIZE - SHA3_256_BYTES); + XMEMCPY(rand + 2 * ETA3_RAND_SIZE, state + 2*25, + ETA3_RAND_SIZE - SHA3_256_BYTES); +} + +/* Get the noise/error by calculating random bytes. + * + * @param [out] rand Random number byte array. + * @param [in] seed Seed to generate random from. + * @param [in] o Offset of seed count. + * @return 0 on success. + */ +static void kyber_get_noise_eta3_aarch64(byte* rand, byte* seed, byte o) +{ + word64 state[25]; + + state[0] = ((word64*)seed)[0]; + state[1] = ((word64*)seed)[1]; + state[2] = ((word64*)seed)[2]; + state[3] = ((word64*)seed)[3]; + state[4] = 0x1f00 + o; + XMEMSET(state + 5, 0, sizeof(*state) * (25 - 5)); + state[16] = W64LIT(0x8000000000000000); + BlockSha3(state); + XMEMCPY(rand , state, SHA3_256_BYTES); + BlockSha3(state); + XMEMCPY(rand + SHA3_256_BYTES, state, ETA3_RAND_SIZE - SHA3_256_BYTES); +} + +/* Get the noise/error by calculating random bytes and sampling to a binomial + * distribution. + * + * @param [out] vec1 First Vector of polynomials. + * @param [out] vec2 Second Vector of polynomials. + * @param [out] poly Polynomial. + * @param [in] seed Seed to use when calculating random. + * @return 0 on success. + */ +static int kyber_get_noise_k2_aarch64(sword16* vec1, sword16* vec2, + sword16* poly, byte* seed) +{ + int ret = 0; + byte rand[3 * 25 * 8]; + + kyber_get_noise_x3_eta3_aarch64(rand, seed, 0); + kyber_cbd_eta3(vec1 , rand + 0 * ETA3_RAND_SIZE); + kyber_cbd_eta3(vec1 + KYBER_N, rand + 1 * ETA3_RAND_SIZE); + if (poly == NULL) { + kyber_cbd_eta3(vec2 , rand + 2 * ETA3_RAND_SIZE); + kyber_get_noise_eta3_aarch64(rand, seed, 3); + kyber_cbd_eta3(vec2 + KYBER_N, rand ); + } + else { + kyber_get_noise_x3_eta2_aarch64(rand, seed, 2); + kyber_cbd_eta2(vec2 , rand + 0 * 25 * 8); + kyber_cbd_eta2(vec2 + KYBER_N, rand + 1 * 25 * 8); + kyber_cbd_eta2(poly , rand + 2 * 25 * 8); + } + + return ret; +} +#endif + +#ifdef WOLFSSL_KYBER768 +/* Get the noise/error by calculating random bytes. + * + * @param [out] rand Random number byte array. + * @param [in] seed Seed to generate random from. + * @param [in] o Offset of seed count. + * @return 0 on success. + */ +static void kyber_get_noise_eta2_aarch64(byte* rand, byte* seed, byte o) +{ + word64* state = (word64*)rand; + + state[0] = ((word64*)seed)[0]; + state[1] = ((word64*)seed)[1]; + state[2] = ((word64*)seed)[2]; + state[3] = ((word64*)seed)[3]; + /* Transposed value same as not. */ + state[4] = 0x1f00 + o; + XMEMSET(state + 5, 0, sizeof(*state) * (25 - 5)); + state[16] = W64LIT(0x8000000000000000); + BlockSha3(state); +} + +/* Get the noise/error by calculating random bytes and sampling to a binomial + * distribution. + * + * @param [out] vec1 First Vector of polynomials. + * @param [out] vec2 Second Vector of polynomials. + * @param [out] poly Polynomial. + * @param [in] seed Seed to use when calculating random. + * @return 0 on success. + */ +static int kyber_get_noise_k3_aarch64(sword16* vec1, sword16* vec2, + sword16* poly, byte* seed) +{ + byte rand[3 * 25 * 8]; + + kyber_get_noise_x3_eta2_aarch64(rand, seed, 0); + kyber_cbd_eta2(vec1 , rand + 0 * 25 * 8); + kyber_cbd_eta2(vec1 + 1 * KYBER_N, rand + 1 * 25 * 8); + kyber_cbd_eta2(vec1 + 2 * KYBER_N, rand + 2 * 25 * 8); + kyber_get_noise_x3_eta2_aarch64(rand, seed, 3); + kyber_cbd_eta2(vec2 , rand + 0 * 25 * 8); + kyber_cbd_eta2(vec2 + 1 * KYBER_N, rand + 1 * 25 * 8); + kyber_cbd_eta2(vec2 + 2 * KYBER_N, rand + 2 * 25 * 8); + if (poly != NULL) { + kyber_get_noise_eta2_aarch64(rand, seed, 6); + kyber_cbd_eta2(poly , rand + 0 * 25 * 8); + } + + return 0; +} +#endif + +#ifdef WOLFSSL_KYBER1024 +/* Get the noise/error by calculating random bytes and sampling to a binomial + * distribution. + * + * @param [out] vec1 First Vector of polynomials. + * @param [out] vec2 Second Vector of polynomials. + * @param [out] poly Polynomial. + * @param [in] seed Seed to use when calculating random. + * @return 0 on success. + */ +static int kyber_get_noise_k4_aarch64(sword16* vec1, sword16* vec2, + sword16* poly, byte* seed) +{ + int ret = 0; + byte rand[3 * 25 * 8]; + + kyber_get_noise_x3_eta2_aarch64(rand, seed, 0); + kyber_cbd_eta2(vec1 , rand + 0 * 25 * 8); + kyber_cbd_eta2(vec1 + 1 * KYBER_N, rand + 1 * 25 * 8); + kyber_cbd_eta2(vec1 + 2 * KYBER_N, rand + 2 * 25 * 8); + kyber_get_noise_x3_eta2_aarch64(rand, seed, 3); + kyber_cbd_eta2(vec1 + 3 * KYBER_N, rand + 0 * 25 * 8); + kyber_cbd_eta2(vec2 , rand + 1 * 25 * 8); + kyber_cbd_eta2(vec2 + 1 * KYBER_N, rand + 2 * 25 * 8); + kyber_get_noise_x3_eta2_aarch64(rand, seed, 6); + kyber_cbd_eta2(vec2 + 2 * KYBER_N, rand + 0 * 25 * 8); + kyber_cbd_eta2(vec2 + 3 * KYBER_N, rand + 1 * 25 * 8); + if (poly != NULL) { + kyber_cbd_eta2(poly, rand + 2 * 25 * 8); + } + + return ret; +} +#endif +#endif /* __aarch64__ && WOLFSSL_ARMASM */ + +#if !(defined(__aarch64__) && defined(WOLFSSL_ARMASM)) + /* Get the noise/error by calculating random bytes and sampling to a binomial * distribution. * @@ -2478,6 +3203,8 @@ static int kyber_get_noise_c(KYBER_PRF_T* prf, int kp, sword16* vec1, int eta1, return ret; } +#endif /* __aarch64__ && WOLFSSL_ARMASM */ + /* Get the noise/error by calculating random bytes and sampling to a binomial * distribution. * @@ -2496,9 +3223,13 @@ int kyber_get_noise(KYBER_PRF_T* prf, int kp, sword16* vec1, #ifdef WOLFSSL_KYBER512 if (kp == KYBER512_K) { +#if defined(WOLFSSL_ARMASM) && defined(__aarch64__) + ret = kyber_get_noise_k2_aarch64(vec1, vec2, poly, seed); +#else #ifdef USE_INTEL_SPEEDUP - if (IS_INTEL_AVX2(cpuid_flags)) { + if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { ret = kyber_get_noise_k2_avx2(prf, vec1, vec2, poly, seed); + RESTORE_VECTOR_REGISTERS(); } else #endif @@ -2510,14 +3241,19 @@ int kyber_get_noise(KYBER_PRF_T* prf, int kp, sword16* vec1, ret = kyber_get_noise_c(prf, kp, vec1, KYBER_CBD_ETA3, vec2, KYBER_CBD_ETA2, poly, seed); } +#endif } else #endif #ifdef WOLFSSL_KYBER768 if (kp == KYBER768_K) { +#if defined(WOLFSSL_ARMASM) && defined(__aarch64__) + ret = kyber_get_noise_k3_aarch64(vec1, vec2, poly, seed); +#else #ifdef USE_INTEL_SPEEDUP - if (IS_INTEL_AVX2(cpuid_flags)) { + if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { ret = kyber_get_noise_k3_avx2(vec1, vec2, poly, seed); + RESTORE_VECTOR_REGISTERS(); } else #endif @@ -2525,14 +3261,19 @@ int kyber_get_noise(KYBER_PRF_T* prf, int kp, sword16* vec1, ret = kyber_get_noise_c(prf, kp, vec1, KYBER_CBD_ETA2, vec2, KYBER_CBD_ETA2, poly, seed); } +#endif } else #endif #ifdef WOLFSSL_KYBER1024 if (kp == KYBER1024_K) { +#if defined(WOLFSSL_ARMASM) && defined(__aarch64__) + ret = kyber_get_noise_k4_aarch64(vec1, vec2, poly, seed); +#else #ifdef USE_INTEL_SPEEDUP - if (IS_INTEL_AVX2(cpuid_flags)) { + if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { ret = kyber_get_noise_k4_avx2(prf, vec1, vec2, poly, seed); + RESTORE_VECTOR_REGISTERS(); } else #endif @@ -2540,6 +3281,7 @@ int kyber_get_noise(KYBER_PRF_T* prf, int kp, sword16* vec1, ret = kyber_get_noise_c(prf, kp, vec1, KYBER_CBD_ETA2, vec2, KYBER_CBD_ETA2, poly, seed); } +#endif } else #endif @@ -2547,11 +3289,14 @@ int kyber_get_noise(KYBER_PRF_T* prf, int kp, sword16* vec1, ret = BAD_STATE_E; } + (void)prf; + return ret; } /******************************************************************************/ +#if !(defined(__aarch64__) && defined(WOLFSSL_ARMASM)) /* Compare two byte arrays of equal size. * * @param [in] a First array to compare. @@ -2571,6 +3316,7 @@ static int kyber_cmp_c(const byte* a, const byte* b, int sz) } return 0 - ((-(word32)r) >> 31); } +#endif /* Compare two byte arrays of equal size. * @@ -2582,11 +3328,15 @@ static int kyber_cmp_c(const byte* a, const byte* b, int sz) */ int kyber_cmp(const byte* a, const byte* b, int sz) { +#if defined(__aarch64__) && defined(WOLFSSL_ARMASM) + return kyber_cmp_neon(a, b, sz); +#else int fail; #ifdef USE_INTEL_SPEEDUP - if (IS_INTEL_AVX2(cpuid_flags)) { + if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { fail = kyber_cmp_avx2(a, b, sz); + RESTORE_VECTOR_REGISTERS(); } else #endif @@ -2595,10 +3345,13 @@ int kyber_cmp(const byte* a, const byte* b, int sz) } return fail; +#endif } /******************************************************************************/ +#if !defined(WOLFSSL_ARMASM) + /* Conditional subtraction of q to each coefficient of a polynomial. * * @param [in, out] p Polynomial. @@ -2614,6 +3367,20 @@ static KYBER_NOINLINE void kyber_csubq_c(sword16* p) } } +#elif defined(__aarch64__) + +#define kyber_csubq_c kyber_csubq_neon + +#elif defined(WOLFSSL_ARMASM_THUMB2) + +#define kyber_csubq_c kyber_thumb2_csubq + +#else + +#define kyber_csubq_c kyber_arm32_csubq + +#endif + /******************************************************************************/ #if defined(CONV_WITH_DIV) || !defined(WORD64_AVAILABLE) @@ -2814,8 +3581,9 @@ static void kyber_vec_compress_10_c(byte* r, sword16* v, unsigned int kp) void kyber_vec_compress_10(byte* r, sword16* v, unsigned int kp) { #ifdef USE_INTEL_SPEEDUP - if (IS_INTEL_AVX2(cpuid_flags)) { + if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { kyber_compress_10_avx2(r, v, kp); + RESTORE_VECTOR_REGISTERS(); } else #endif @@ -2907,8 +3675,9 @@ static void kyber_vec_compress_11_c(byte* r, sword16* v) void kyber_vec_compress_11(byte* r, sword16* v) { #ifdef USE_INTEL_SPEEDUP - if (IS_INTEL_AVX2(cpuid_flags)) { + if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { kyber_compress_11_avx2(r, v, 4); + RESTORE_VECTOR_REGISTERS(); } else #endif @@ -3005,8 +3774,9 @@ void kyber_vec_decompress_10(sword16* v, const unsigned char* b, unsigned int kp) { #ifdef USE_INTEL_SPEEDUP - if (IS_INTEL_AVX2(cpuid_flags)) { + if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { kyber_decompress_10_avx2(v, b, kp); + RESTORE_VECTOR_REGISTERS(); } else #endif @@ -3088,8 +3858,9 @@ static void kyber_vec_decompress_11_c(sword16* v, const unsigned char* b) void kyber_vec_decompress_11(sword16* v, const unsigned char* b) { #ifdef USE_INTEL_SPEEDUP - if (IS_INTEL_AVX2(cpuid_flags)) { + if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { kyber_decompress_11_avx2(v, b, 4); + RESTORE_VECTOR_REGISTERS(); } else #endif @@ -3238,8 +4009,9 @@ static void kyber_compress_4_c(byte* b, sword16* p) void kyber_compress_4(byte* b, sword16* p) { #ifdef USE_INTEL_SPEEDUP - if (IS_INTEL_AVX2(cpuid_flags)) { + if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { kyber_compress_4_avx2(b, p); + RESTORE_VECTOR_REGISTERS(); } else #endif @@ -3311,8 +4083,9 @@ static void kyber_compress_5_c(byte* b, sword16* p) void kyber_compress_5(byte* b, sword16* p) { #ifdef USE_INTEL_SPEEDUP - if (IS_INTEL_AVX2(cpuid_flags)) { + if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { kyber_compress_5_avx2(b, p); + RESTORE_VECTOR_REGISTERS(); } else #endif @@ -3371,8 +4144,9 @@ static void kyber_decompress_4_c(sword16* p, const unsigned char* b) void kyber_decompress_4(sword16* p, const unsigned char* b) { #ifdef USE_INTEL_SPEEDUP - if (IS_INTEL_AVX2(cpuid_flags)) { + if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { kyber_decompress_4_avx2(p, b); + RESTORE_VECTOR_REGISTERS(); } else #endif @@ -3445,8 +4219,9 @@ static void kyber_decompress_5_c(sword16* p, const unsigned char* b) void kyber_decompress_5(sword16* p, const unsigned char* b) { #ifdef USE_INTEL_SPEEDUP - if (IS_INTEL_AVX2(cpuid_flags)) { + if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { kyber_decompress_5_avx2(p, b); + RESTORE_VECTOR_REGISTERS(); } else #endif @@ -3458,6 +4233,7 @@ void kyber_decompress_5(sword16* p, const unsigned char* b) /******************************************************************************/ +#if !(defined(__aarch64__) && defined(WOLFSSL_ARMASM)) /* Convert bit from byte to 0 or (KYBER_Q + 1) / 2. * * Constant time implementation. @@ -3511,8 +4287,9 @@ static void kyber_from_msg_c(sword16* p, const byte* msg) void kyber_from_msg(sword16* p, const byte* msg) { #ifdef USE_INTEL_SPEEDUP - if (IS_INTEL_AVX2(cpuid_flags)) { + if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { kyber_from_msg_avx2(p, msg); + RESTORE_VECTOR_REGISTERS(); } else #endif @@ -3569,7 +4346,7 @@ static void kyber_to_msg_c(byte* msg, sword16* p) /* Reduce each coefficient to mod q. */ kyber_csubq_c(p); - /* All values are now positive. */ + /* All values are now in range. */ for (i = 0; i < KYBER_N / 8; i++) { #ifdef WOLFSSL_KYBER_SMALL @@ -3600,9 +4377,10 @@ static void kyber_to_msg_c(byte* msg, sword16* p) void kyber_to_msg(byte* msg, sword16* p) { #ifdef USE_INTEL_SPEEDUP - if (IS_INTEL_AVX2(cpuid_flags)) { + if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { /* Convert the polynomial into a array of bytes (message). */ kyber_to_msg_avx2(msg, p); + RESTORE_VECTOR_REGISTERS(); } else #endif @@ -3610,6 +4388,27 @@ void kyber_to_msg(byte* msg, sword16* p) kyber_to_msg_c(msg, p); } } +#else +/* Convert message to polynomial. + * + * @param [out] p Polynomial. + * @param [in] msg Message as a byte array. + */ +void kyber_from_msg(sword16* p, const byte* msg) +{ + kyber_from_msg_neon(p, msg); +} + +/* Convert polynomial to message. + * + * @param [out] msg Message as a byte array. + * @param [in] p Polynomial. + */ +void kyber_to_msg(byte* msg, sword16* p) +{ + kyber_to_msg_neon(msg, p); +} +#endif /******************************************************************************/ @@ -3651,7 +4450,7 @@ static void kyber_from_bytes_c(sword16* p, const byte* b, int k) void kyber_from_bytes(sword16* p, const byte* b, int k) { #ifdef USE_INTEL_SPEEDUP - if (IS_INTEL_AVX2(cpuid_flags)) { + if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { int i; for (i = 0; i < k; i++) { @@ -3659,6 +4458,8 @@ void kyber_from_bytes(sword16* p, const byte* b, int k) p += KYBER_N; b += KYBER_POLY_SIZE; } + + RESTORE_VECTOR_REGISTERS(); } else #endif @@ -3710,7 +4511,7 @@ static void kyber_to_bytes_c(byte* b, sword16* p, int k) void kyber_to_bytes(byte* b, sword16* p, int k) { #ifdef USE_INTEL_SPEEDUP - if (IS_INTEL_AVX2(cpuid_flags)) { + if (IS_INTEL_AVX2(cpuid_flags) && (SAVE_VECTOR_REGISTERS2() == 0)) { int i; for (i = 0; i < k; i++) { @@ -3718,6 +4519,8 @@ void kyber_to_bytes(byte* b, sword16* p, int k) p += KYBER_N; b += KYBER_POLY_SIZE; } + + RESTORE_VECTOR_REGISTERS(); } else #endif diff --git a/src/wolfcrypt/src/wc_lms.c b/src/wolfcrypt/src/wc_lms.c index 0ef0b59..4559001 100644 --- a/src/wolfcrypt/src/wc_lms.c +++ b/src/wolfcrypt/src/wc_lms.c @@ -42,8 +42,8 @@ * * @param [in] w Winternitz width. */ -#define LMS_U(w) \ - (8 * WC_SHA256_DIGEST_SIZE / (w)) +#define LMS_U(w, hLen) \ + (8 * (hLen) / (w)) /* Calculate u. Appendix B. Works for w of 1, 2, 4, or 8. * * @param [in] w Winternitz width. @@ -63,17 +63,17 @@ * @param [in] w Winternitz width. * @param [in] wb Winternitz width length in bits. */ -#define LMS_P(w, wb) \ - (LMS_U(w) + LMS_V(w, wb)) +#define LMS_P(w, wb, hLen) \ + (LMS_U(w, hLen) + LMS_V(w, wb)) /* Calculate signature length. * * @param [in] l Number of levels. * @param [in] h Height of the trees. * @param [in] p Number of n-byte string elements in signature for a tree. */ -#define LMS_PARAMS_SIG_LEN(l, h, p) \ - (4 + (l) * (4 + 4 + 4 + WC_SHA256_DIGEST_SIZE * (1 + (p) + (h))) + \ - ((l) - 1) * LMS_PUBKEY_LEN) +#define LMS_PARAMS_SIG_LEN(l, h, p, hLen) \ + (4 + (l) * (4 + 4 + 4 + (hLen) * (1 + (p) + (h))) + \ + ((l) - 1) * LMS_PUBKEY_LEN(hLen)) #ifndef WOLFSSL_WC_LMS_SMALL /* Root levels and leaf cache bits. */ @@ -94,9 +94,10 @@ * @param [in] t LMS type. * @param [in] t2 LM-OTS type. */ -#define LMS_PARAMS(l, h, w, wb, t, t2) \ - { l, h, w, LMS_LS(w, wb), LMS_P(w, wb), t, t2, \ - LMS_PARAMS_SIG_LEN(l, h, LMS_P(w, wb)), LMS_PARAMS_CACHE(h) } +#define LMS_PARAMS(l, h, w, wb, t, t2, hLen) \ + { l, h, w, LMS_LS(w, wb), LMS_P(w, wb, hLen), t, t2, \ + LMS_PARAMS_SIG_LEN(l, h, LMS_P(w, wb, hLen), hLen), \ + (hLen), LMS_PARAMS_CACHE(h) } /* Initialize the working state for LMS operations. @@ -138,112 +139,230 @@ static void wc_lmskey_state_free(LmsState* state) /* Supported LMS parameters. */ static const wc_LmsParamsMap wc_lms_map[] = { +#ifndef WOLFSSL_NO_LMS_SHA256_256 #if LMS_MAX_HEIGHT >= 15 { WC_LMS_PARM_NONE , "LMS_NONE" , - LMS_PARAMS(1, 15, 2, 1, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W2) }, + LMS_PARAMS(1, 15, 2, 1, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W2, + WC_SHA256_DIGEST_SIZE) }, { WC_LMS_PARM_L1_H15_W2, "LMS/HSS L1_H15_W2", - LMS_PARAMS(1, 15, 2, 1, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W2) }, + LMS_PARAMS(1, 15, 2, 1, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W2, + WC_SHA256_DIGEST_SIZE) }, { WC_LMS_PARM_L1_H15_W4, "LMS/HSS L1_H15_W4", - LMS_PARAMS(1, 15, 4, 2, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W4) }, + LMS_PARAMS(1, 15, 4, 2, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W4, + WC_SHA256_DIGEST_SIZE) }, #endif #if LMS_MAX_LEVELS >= 2 #if LMS_MAX_HEIGHT >= 10 { WC_LMS_PARM_L2_H10_W2, "LMS/HSS L2_H10_W2", - LMS_PARAMS(2, 10, 2, 1, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W2) }, + LMS_PARAMS(2, 10, 2, 1, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W2, + WC_SHA256_DIGEST_SIZE) }, { WC_LMS_PARM_L2_H10_W4, "LMS/HSS L2_H10_W4", - LMS_PARAMS(2, 10, 4, 2, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W4) }, + LMS_PARAMS(2, 10, 4, 2, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W4, + WC_SHA256_DIGEST_SIZE) }, { WC_LMS_PARM_L2_H10_W8, "LMS/HSS L2_H10_W8", - LMS_PARAMS(2, 10, 8, 3, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W8) }, + LMS_PARAMS(2, 10, 8, 3, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W8, + WC_SHA256_DIGEST_SIZE) }, #endif #endif #if LMS_MAX_LEVELS >= 3 { WC_LMS_PARM_L3_H5_W2 , "LMS/HSS L3_H5_W2" , - LMS_PARAMS(3, 5, 2, 1, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W2) }, + LMS_PARAMS(3, 5, 2, 1, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W2, + WC_SHA256_DIGEST_SIZE) }, { WC_LMS_PARM_L3_H5_W4 , "LMS/HSS L3_H5_W4" , - LMS_PARAMS(3, 5, 4, 2, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W4) }, + LMS_PARAMS(3, 5, 4, 2, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W4, + WC_SHA256_DIGEST_SIZE) }, { WC_LMS_PARM_L3_H5_W8 , "LMS/HSS L3_H5_W8" , - LMS_PARAMS(3, 5, 8, 3, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W8) }, + LMS_PARAMS(3, 5, 8, 3, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W8, + WC_SHA256_DIGEST_SIZE) }, #if LMS_MAX_HEIGHT >= 10 { WC_LMS_PARM_L3_H10_W4, "LMS/HSS L3_H10_W4", - LMS_PARAMS(3, 10, 4, 2, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W4) }, + LMS_PARAMS(3, 10, 4, 2, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W4, + WC_SHA256_DIGEST_SIZE) }, #endif #endif #if LMS_MAX_LEVELS >= 4 { WC_LMS_PARM_L4_H5_W8 , "LMS/HSS L4_H5_W8" , - LMS_PARAMS(4, 5, 8, 3, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W8) }, + LMS_PARAMS(4, 5, 8, 3, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W8, + WC_SHA256_DIGEST_SIZE) }, #endif /* For when user sets L, H, W explicitly. */ { WC_LMS_PARM_L1_H5_W1 , "LMS/HSS_L1_H5_W1" , - LMS_PARAMS(1, 5, 1, 1, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W1) }, + LMS_PARAMS(1, 5, 1, 1, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W1, + WC_SHA256_DIGEST_SIZE) }, { WC_LMS_PARM_L1_H5_W2 , "LMS/HSS_L1_H5_W2" , - LMS_PARAMS(1, 5, 2, 1, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W2) }, + LMS_PARAMS(1, 5, 2, 1, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W2, + WC_SHA256_DIGEST_SIZE) }, { WC_LMS_PARM_L1_H5_W4 , "LMS/HSS_L1_H5_W4" , - LMS_PARAMS(1, 5, 4, 2, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W4) }, + LMS_PARAMS(1, 5, 4, 2, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W4, + WC_SHA256_DIGEST_SIZE) }, { WC_LMS_PARM_L1_H5_W8 , "LMS/HSS_L1_H5_W8" , - LMS_PARAMS(1, 5, 8, 3, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W8) }, + LMS_PARAMS(1, 5, 8, 3, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W8, + WC_SHA256_DIGEST_SIZE) }, #if LMS_MAX_HEIGHT >= 10 { WC_LMS_PARM_L1_H10_W2 , "LMS/HSS_L1_H10_W2", - LMS_PARAMS(1, 10, 2, 1, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W2) }, + LMS_PARAMS(1, 10, 2, 1, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W2, + WC_SHA256_DIGEST_SIZE) }, { WC_LMS_PARM_L1_H10_W4 , "LMS/HSS_L1_H10_W4", - LMS_PARAMS(1, 10, 4, 2, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W4) }, + LMS_PARAMS(1, 10, 4, 2, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W4, + WC_SHA256_DIGEST_SIZE) }, { WC_LMS_PARM_L1_H10_W8 , "LMS/HSS_L1_H10_W8", - LMS_PARAMS(1, 10, 8, 3, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W8) }, + LMS_PARAMS(1, 10, 8, 3, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W8, + WC_SHA256_DIGEST_SIZE) }, #endif #if LMS_MAX_HEIGHT >= 15 { WC_LMS_PARM_L1_H15_W8 , "LMS/HSS L1_H15_W8", - LMS_PARAMS(1, 15, 8, 3, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W8) }, + LMS_PARAMS(1, 15, 8, 3, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W8, + WC_SHA256_DIGEST_SIZE) }, #endif #if LMS_MAX_HEIGHT >= 20 { WC_LMS_PARM_L1_H20_W2 , "LMS/HSS_L1_H20_W2", - LMS_PARAMS(1, 20, 2, 1, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W2) }, + LMS_PARAMS(1, 20, 2, 1, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W2, + WC_SHA256_DIGEST_SIZE) }, { WC_LMS_PARM_L1_H20_W4 , "LMS/HSS_L1_H20_W4", - LMS_PARAMS(1, 20, 4, 2, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W4) }, + LMS_PARAMS(1, 20, 4, 2, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W4, + WC_SHA256_DIGEST_SIZE) }, { WC_LMS_PARM_L1_H20_W8 , "LMS/HSS_L1_H20_W8", - LMS_PARAMS(1, 20, 8, 3, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W8) }, + LMS_PARAMS(1, 20, 8, 3, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W8, + WC_SHA256_DIGEST_SIZE) }, #endif #if LMS_MAX_LEVELS >= 2 { WC_LMS_PARM_L2_H5_W2 , "LMS/HSS_L2_H5_W2" , - LMS_PARAMS(2, 5, 2, 1, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W2) }, + LMS_PARAMS(2, 5, 2, 1, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W2, + WC_SHA256_DIGEST_SIZE) }, { WC_LMS_PARM_L2_H5_W4 , "LMS/HSS_L2_H5_W4" , - LMS_PARAMS(2, 5, 4, 2, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W4) }, + LMS_PARAMS(2, 5, 4, 2, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W4, + WC_SHA256_DIGEST_SIZE) }, { WC_LMS_PARM_L2_H5_W8 , "LMS/HSS_L2_H5_W8" , - LMS_PARAMS(2, 5, 8, 3, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W8) }, + LMS_PARAMS(2, 5, 8, 3, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W8, + WC_SHA256_DIGEST_SIZE) }, #if LMS_MAX_HEIGHT >= 15 { WC_LMS_PARM_L2_H15_W2 , "LMS/HSS_L2_H15_W2", - LMS_PARAMS(2, 15, 2, 1, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W2) }, + LMS_PARAMS(2, 15, 2, 1, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W2, + WC_SHA256_DIGEST_SIZE) }, { WC_LMS_PARM_L2_H15_W4 , "LMS/HSS_L2_H15_W4", - LMS_PARAMS(2, 15, 4, 2, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W4) }, + LMS_PARAMS(2, 15, 4, 2, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W4, + WC_SHA256_DIGEST_SIZE) }, { WC_LMS_PARM_L2_H15_W8 , "LMS/HSS_L2_H15_W8", - LMS_PARAMS(2, 15, 8, 3, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W8) }, + LMS_PARAMS(2, 15, 8, 3, LMS_SHA256_M32_H15, LMOTS_SHA256_N32_W8, + WC_SHA256_DIGEST_SIZE) }, #endif #if LMS_MAX_HEIGHT >= 20 { WC_LMS_PARM_L2_H20_W2 , "LMS/HSS_L2_H20_W2", - LMS_PARAMS(2, 20, 2, 1, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W2) }, + LMS_PARAMS(2, 20, 2, 1, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W2, + WC_SHA256_DIGEST_SIZE) }, { WC_LMS_PARM_L2_H20_W4 , "LMS/HSS_L2_H20_W4", - LMS_PARAMS(2, 20, 4, 2, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W4) }, + LMS_PARAMS(2, 20, 4, 2, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W4, + WC_SHA256_DIGEST_SIZE) }, { WC_LMS_PARM_L2_H20_W8 , "LMS/HSS_L2_H20_W8", - LMS_PARAMS(2, 20, 8, 3, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W8) }, + LMS_PARAMS(2, 20, 8, 3, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W8, + WC_SHA256_DIGEST_SIZE) }, #endif #endif #if LMS_MAX_LEVELS >= 3 #if LMS_MAX_HEIGHT >= 10 { WC_LMS_PARM_L3_H10_W8 , "LMS/HSS L3_H10_W8", - LMS_PARAMS(3, 10, 8, 3, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W8) }, + LMS_PARAMS(3, 10, 8, 3, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W8, + WC_SHA256_DIGEST_SIZE) }, #endif #endif #if LMS_MAX_LEVELS >= 4 { WC_LMS_PARM_L4_H5_W2 , "LMS/HSS L4_H5_W2" , - LMS_PARAMS(4, 5, 2, 1, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W2) }, + LMS_PARAMS(4, 5, 2, 1, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W2, + WC_SHA256_DIGEST_SIZE) }, { WC_LMS_PARM_L4_H5_W4 , "LMS/HSS L4_H5_W4" , - LMS_PARAMS(4, 5, 4, 2, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W4) }, + LMS_PARAMS(4, 5, 4, 2, LMS_SHA256_M32_H5 , LMOTS_SHA256_N32_W4, + WC_SHA256_DIGEST_SIZE) }, #if LMS_MAX_HEIGHT >= 10 { WC_LMS_PARM_L4_H10_W4 , "LMS/HSS L4_H10_W4", - LMS_PARAMS(4, 10, 4, 2, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W4) }, + LMS_PARAMS(4, 10, 4, 2, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W4, + WC_SHA256_DIGEST_SIZE) }, { WC_LMS_PARM_L4_H10_W8 , "LMS/HSS L4_H10_W8", - LMS_PARAMS(4, 10, 8, 3, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W8) }, + LMS_PARAMS(4, 10, 8, 3, LMS_SHA256_M32_H10, LMOTS_SHA256_N32_W8, + WC_SHA256_DIGEST_SIZE) }, #endif #endif +#endif /* !WOLFSSL_NO_LMS_SHA256_256 */ + +#ifdef WOLFSSL_LMS_SHA256_192 +#if LMS_MAX_HEIGHT >= 15 + { WC_LMS_PARM_SHA256_192_L1_H15_W2, "LMS/HSS_SHA256/192 L1_H15_W2", + LMS_PARAMS(1, 15, 2, 1, LMS_SHA256_M24_H15, LMOTS_SHA256_N24_W2, + WC_SHA256_192_DIGEST_SIZE) }, + { WC_LMS_PARM_SHA256_192_L1_H15_W4, "LMS/HSS_SHA256/192 L1_H15_W4", + LMS_PARAMS(1, 15, 4, 2, LMS_SHA256_M24_H15, LMOTS_SHA256_N24_W4, + WC_SHA256_192_DIGEST_SIZE) }, +#endif +#if LMS_MAX_LEVELS >= 2 +#if LMS_MAX_HEIGHT >= 10 + { WC_LMS_PARM_SHA256_192_L2_H10_W2, "LMS/HSS SHA256/192 L2_H10_W2", + LMS_PARAMS(2, 10, 2, 1, LMS_SHA256_M24_H10, LMOTS_SHA256_N24_W2, + WC_SHA256_192_DIGEST_SIZE) }, + { WC_LMS_PARM_SHA256_192_L2_H10_W4, "LMS/HSS SHA256/192 L2_H10_W4", + LMS_PARAMS(2, 10, 4, 2, LMS_SHA256_M24_H10, LMOTS_SHA256_N24_W4, + WC_SHA256_192_DIGEST_SIZE) }, + { WC_LMS_PARM_SHA256_192_L2_H10_W8, "LMS/HSS SHA256/192 L2_H10_W8", + LMS_PARAMS(2, 10, 8, 3, LMS_SHA256_M24_H10, LMOTS_SHA256_N24_W8, + WC_SHA256_192_DIGEST_SIZE) }, +#endif +#endif +#if LMS_MAX_LEVELS >= 3 + { WC_LMS_PARM_SHA256_192_L3_H5_W2 , "LMS/HSS_SHA256/192 L3_H5_W2" , + LMS_PARAMS(3, 5, 2, 1, LMS_SHA256_M24_H5 , LMOTS_SHA256_N24_W2, + WC_SHA256_192_DIGEST_SIZE) }, + { WC_LMS_PARM_SHA256_192_L3_H5_W4 , "LMS/HSS_SHA256/192 L3_H5_W4" , + LMS_PARAMS(3, 5, 4, 2, LMS_SHA256_M24_H5 , LMOTS_SHA256_N24_W4, + WC_SHA256_192_DIGEST_SIZE) }, + { WC_LMS_PARM_SHA256_192_L3_H5_W8 , "LMS/HSS_SHA256/192 L3_H5_W8" , + LMS_PARAMS(3, 5, 8, 3, LMS_SHA256_M24_H5 , LMOTS_SHA256_N24_W8, + WC_SHA256_192_DIGEST_SIZE) }, +#if LMS_MAX_HEIGHT >= 10 + { WC_LMS_PARM_SHA256_192_L3_H10_W4, "LMS/HSS_SHA256/192 L3_H10_W4", + LMS_PARAMS(3, 10, 4, 2, LMS_SHA256_M24_H10, LMOTS_SHA256_N24_W4, + WC_SHA256_192_DIGEST_SIZE) }, +#endif +#endif +#if LMS_MAX_LEVELS >= 4 + { WC_LMS_PARM_SHA256_192_L4_H5_W8 , "LMS/HSS_SHA256/192 L4_H5_W8" , + LMS_PARAMS(4, 5, 8, 3, LMS_SHA256_M24_H5 , LMOTS_SHA256_N24_W8, + WC_SHA256_192_DIGEST_SIZE) }, +#endif + + { WC_LMS_PARM_SHA256_192_L1_H5_W1 , "LMS/HSS_SHA256/192_L1_H5_W1" , + LMS_PARAMS(1, 5, 1, 1, LMS_SHA256_M24_H5 , LMOTS_SHA256_N24_W1, + WC_SHA256_192_DIGEST_SIZE) }, + { WC_LMS_PARM_SHA256_192_L1_H5_W2 , "LMS/HSS_SHA256/192_L1_H5_W2" , + LMS_PARAMS(1, 5, 2, 1, LMS_SHA256_M24_H5 , LMOTS_SHA256_N24_W2, + WC_SHA256_192_DIGEST_SIZE) }, + { WC_LMS_PARM_SHA256_192_L1_H5_W4 , "LMS/HSS_SHA256/192_L1_H5_W4" , + LMS_PARAMS(1, 5, 4, 2, LMS_SHA256_M24_H5 , LMOTS_SHA256_N24_W4, + WC_SHA256_192_DIGEST_SIZE) }, + { WC_LMS_PARM_SHA256_192_L1_H5_W8 , "LMS/HSS_SHA256/192_L1_H5_W8" , + LMS_PARAMS(1, 5, 8, 3, LMS_SHA256_M24_H5 , LMOTS_SHA256_N24_W8, + WC_SHA256_192_DIGEST_SIZE) }, +#if LMS_MAX_HEIGHT >= 10 + { WC_LMS_PARM_SHA256_192_L1_H10_W2 , "LMS/HSS_SHA256/192_L1_H10_W2", + LMS_PARAMS(1, 10, 2, 1, LMS_SHA256_M24_H10, LMOTS_SHA256_N24_W2, + WC_SHA256_192_DIGEST_SIZE) }, + { WC_LMS_PARM_SHA256_192_L1_H10_W4 , "LMS/HSS_SHA256/192_L1_H10_W4", + LMS_PARAMS(1, 10, 4, 2, LMS_SHA256_M24_H10, LMOTS_SHA256_N24_W4, + WC_SHA256_192_DIGEST_SIZE) }, + { WC_LMS_PARM_SHA256_192_L1_H10_W8 , "LMS/HSS_SHA256/192_L1_H10_W8", + LMS_PARAMS(1, 10, 8, 3, LMS_SHA256_M24_H10, LMOTS_SHA256_N24_W8, + WC_SHA256_192_DIGEST_SIZE) }, +#endif +#if LMS_MAX_HEIGHT >= 20 + { WC_LMS_PARM_L1_H20_W2 , "LMS/HSS_SHA256/192_L1_H20_W2", + LMS_PARAMS(1, 20, 2, 1, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W2, + WC_SHA256_192_DIGEST_SIZE) }, + { WC_LMS_PARM_L1_H20_W4 , "LMS/HSS_SHA256/192_L1_H20_W4", + LMS_PARAMS(1, 20, 4, 2, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W4, + WC_SHA256_192_DIGEST_SIZE) }, + { WC_LMS_PARM_L1_H20_W8 , "LMS/HSS_SHA256/192_L1_H20_W8", + LMS_PARAMS(1, 20, 8, 3, LMS_SHA256_M32_H20, LMOTS_SHA256_N32_W8, + WC_SHA256_192_DIGEST_SIZE) }, +#endif +#endif /* WOLFSSL_LMS_SHA256_192 */ }; /* Number of parameter sets supported. */ #define WC_LMS_MAP_LEN ((int)(sizeof(wc_lms_map) / sizeof(*wc_lms_map))) @@ -476,7 +595,7 @@ void wc_LmsKey_Free(LmsKey* key) ForceZero(key->priv_data, LMS_PRIV_DATA_LEN(params->levels, params->height, params->p, params->rootLevels, - params->cacheBits)); + params->cacheBits, params->hash_len)); XFREE(key->priv_data, key->heap, DYNAMIC_TYPE_LMS); } @@ -629,9 +748,9 @@ int wc_LmsKey_MakeKey(LmsKey* key, WC_RNG* rng) const LmsParams* params = key->params; /* Allocate memory for the private key data. */ - key->priv_data = XMALLOC(LMS_PRIV_DATA_LEN(params->levels, - params->height, params->p, params->rootLevels, params->cacheBits), - key->heap, DYNAMIC_TYPE_LMS); + key->priv_data = (byte *)XMALLOC(LMS_PRIV_DATA_LEN(params->levels, + params->height, params->p, params->rootLevels, params->cacheBits, + params->hash_len), key->heap, DYNAMIC_TYPE_LMS); /* Check pointer is valid. */ if (key->priv_data == NULL) { ret = MEMORY_E; @@ -669,8 +788,8 @@ int wc_LmsKey_MakeKey(LmsKey* key, WC_RNG* rng) } if (ret == 0) { /* Write private key to storage. */ - int rv = key->write_private_key(key->priv_raw, HSS_PRIVATE_KEY_LEN, - key->context); + int rv = key->write_private_key(key->priv_raw, + HSS_PRIVATE_KEY_LEN(key->params->hash_len), key->context); if (rv != WC_LMS_RC_SAVED_TO_NV_MEMORY) { ret = IO_FAILED_E; } @@ -728,9 +847,9 @@ int wc_LmsKey_Reload(LmsKey* key) const LmsParams* params = key->params; /* Allocate memory for the private key data. */ - key->priv_data = XMALLOC(LMS_PRIV_DATA_LEN(params->levels, - params->height, params->p, params->rootLevels, params->cacheBits), - key->heap, DYNAMIC_TYPE_LMS); + key->priv_data = (byte *)XMALLOC(LMS_PRIV_DATA_LEN(params->levels, + params->height, params->p, params->rootLevels, params->cacheBits, + params->hash_len), key->heap, DYNAMIC_TYPE_LMS); /* Check pointer is valid. */ if (key->priv_data == NULL) { ret = MEMORY_E; @@ -738,8 +857,8 @@ int wc_LmsKey_Reload(LmsKey* key) } if (ret == 0) { /* Load private key. */ - int rv = key->read_private_key(key->priv_raw, HSS_PRIVATE_KEY_LEN, - key->context); + int rv = key->read_private_key(key->priv_raw, + HSS_PRIVATE_KEY_LEN(key->params->hash_len), key->context); if (rv != WC_LMS_RC_READ_TO_MEMORY) { ret = IO_FAILED_E; } @@ -808,7 +927,7 @@ int wc_LmsKey_GetPrivLen(const LmsKey* key, word32* len) if (ret == 0) { /* Return private key length from parameter set. */ - *len = HSS_PRIVATE_KEY_LEN; + *len = HSS_PRIVATE_KEY_LEN(key->params->hash_len); } return ret; @@ -885,8 +1004,8 @@ int wc_LmsKey_Sign(LmsKey* key, byte* sig, word32* sigSz, const byte* msg, } if (ret == 0) { /* Write private key to storage. */ - int rv = key->write_private_key(key->priv_raw, HSS_PRIVATE_KEY_LEN, - key->context); + int rv = key->write_private_key(key->priv_raw, + HSS_PRIVATE_KEY_LEN(key->params->hash_len), key->context); if (rv != WC_LMS_RC_SAVED_TO_NV_MEMORY) { ret = IO_FAILED_E; } @@ -933,7 +1052,7 @@ int wc_LmsKey_GetPubLen(const LmsKey* key, word32* len) } if (ret == 0) { - *len = HSS_PUBLIC_KEY_LEN; + *len = HSS_PUBLIC_KEY_LEN(key->params->hash_len); } return ret; @@ -996,14 +1115,15 @@ int wc_LmsKey_ExportPubRaw(const LmsKey* key, byte* out, word32* outLen) ret = BAD_FUNC_ARG; } /* Check size of out is sufficient. */ - if ((ret == 0) && (*outLen < HSS_PUBLIC_KEY_LEN)) { + if ((ret == 0) && + (*outLen < (word32)HSS_PUBLIC_KEY_LEN(key->params->hash_len))) { ret = BUFFER_E; } if (ret == 0) { /* Return encoded public key. */ - XMEMCPY(out, key->pub, HSS_PUBLIC_KEY_LEN); - *outLen = HSS_PUBLIC_KEY_LEN; + XMEMCPY(out, key->pub, HSS_PUBLIC_KEY_LEN(key->params->hash_len)); + *outLen = HSS_PUBLIC_KEY_LEN(key->params->hash_len); } return ret; @@ -1032,7 +1152,8 @@ int wc_LmsKey_ImportPubRaw(LmsKey* key, const byte* in, word32 inLen) if ((key == NULL) || (in == NULL)) { ret = BAD_FUNC_ARG; } - if ((ret == 0) && (inLen != HSS_PUBLIC_KEY_LEN)) { + if ((ret == 0) && + (inLen != (word32)HSS_PUBLIC_KEY_LEN(key->params->hash_len))) { /* Something inconsistent. Parameters weren't set, or input * pub key is wrong.*/ return BUFFER_E; diff --git a/src/wolfcrypt/src/wc_lms_impl.c b/src/wolfcrypt/src/wc_lms_impl.c index 3f48420..bb9345c 100644 --- a/src/wolfcrypt/src/wc_lms_impl.c +++ b/src/wolfcrypt/src/wc_lms_impl.c @@ -37,6 +37,10 @@ * Enable when memory is limited. */ +#ifdef HAVE_CONFIG_H + #include +#endif + #include #include @@ -75,24 +79,19 @@ #define LMS_D_CHILD_I 0xffff /* Length of data to hash when computing seed: - * 16 + 4 + 2 + 32 = 54 */ -#define LMS_SEED_HASH_LEN \ - (LMS_I_LEN + LMS_R_LEN + LMS_D_LEN + LMS_MAX_NODE_LEN) + * 16 + 4 + 2 + 32/24 = 54/46 */ +#define LMS_SEED_HASH_LEN(hLen) \ + (LMS_I_LEN + LMS_R_LEN + LMS_D_LEN + (hLen)) /* Length of data to hash when computing a node: - * 16 + 4 + 2 + 32 + 32 = 86 */ -#define LMS_NODE_HASH_LEN \ - (LMS_I_LEN + LMS_R_LEN + LMS_D_LEN + 2 * LMS_MAX_NODE_LEN) + * 16 + 4 + 2 + 32/24 + 32/24 = 86/70 */ +#define LMS_NODE_HASH_LEN(hLen) \ + (LMS_I_LEN + LMS_R_LEN + LMS_D_LEN + 2 * (hLen)) /* Length of data to hash when computing most results: - * 16 + 4 + 2 + 1 + 32 = 55 */ -#define LMS_HASH_BUFFER_LEN \ - (LMS_I_LEN + LMS_Q_LEN + LMS_P_LEN + LMS_W_LEN + LMS_MAX_NODE_LEN) - -/* Length of data to hash when computing Q: - * 16 + 4 + 2 + 32 = 54 */ -#define LMS_Q_BUFFER_LEN \ - (LMS_I_LEN + LMS_Q_LEN + LMS_P_LEN + LMS_MAX_NODE_LEN) + * 16 + 4 + 2 + 1 + 32/24 = 55/47 */ +#define LMS_HASH_BUFFER_LEN(hLen) \ + (LMS_I_LEN + LMS_Q_LEN + LMS_P_LEN + LMS_W_LEN + (hLen)) /* Length of preliminary data to hash when computing K: * 16 + 4 + 2 = 22 */ @@ -222,6 +221,7 @@ do { \ (buffer)[63] = 0xb8; \ } while (0) +#ifndef WOLFSSL_NO_LMS_SHA256_256 #ifndef WC_LMS_FULL_HASH /* Hash one full block of data and compute result. * @@ -286,6 +286,7 @@ static WC_INLINE int wc_lms_hash(wc_Sha256* sha256, byte* data, word32 len, return ret; } +#endif /* !WOLFSSL_NO_LMS_SHA256_256 */ /* Update hash with first data. * @@ -357,6 +358,7 @@ static WC_INLINE int wc_lms_hash_update(wc_Sha256* sha256, const byte* data, return ret; } +#ifndef WOLFSSL_NO_LMS_SHA256_256 /* Finalize hash. * * @param [in] sha256 SHA-256 hash object. @@ -399,6 +401,201 @@ static WC_INLINE int wc_lms_hash_final(wc_Sha256* sha256, byte* hash) return wc_Sha256Final(sha256, hash); #endif } +#endif /* !WOLFSSL_NO_LMS_SHA256_256 */ + +#ifdef WOLFSSL_LMS_SHA256_192 +/* Set the length of 46 bytes in buffer as per SHA-256 final operation. + * + * @param [in, out] buffer Hash data buffer to add length to. + */ +#define LMS_SHA256_SET_LEN_46(buffer) \ +do { \ + (buffer)[46] = 0x80; \ + (buffer)[47] = 0x00; \ + (buffer)[48] = 0x00; \ + (buffer)[49] = 0x00; \ + (buffer)[50] = 0x00; \ + (buffer)[51] = 0x00; \ + (buffer)[52] = 0x00; \ + (buffer)[53] = 0x00; \ + (buffer)[54] = 0x00; \ + (buffer)[55] = 0x00; \ + (buffer)[56] = 0x00; \ + (buffer)[57] = 0x00; \ + (buffer)[58] = 0x00; \ + (buffer)[59] = 0x00; \ + (buffer)[60] = 0x00; \ + (buffer)[61] = 0x00; \ + (buffer)[62] = 0x01; \ + (buffer)[63] = 0x70; \ +} while (0) + +/* Set the length of 47 bytes in buffer as per SHA-256 final operation. + * + * @param [in, out] buffer Hash data buffer to add length to. + */ +#define LMS_SHA256_SET_LEN_47(buffer) \ +do { \ + (buffer)[47] = 0x80; \ + (buffer)[48] = 0x00; \ + (buffer)[49] = 0x00; \ + (buffer)[50] = 0x00; \ + (buffer)[51] = 0x00; \ + (buffer)[52] = 0x00; \ + (buffer)[53] = 0x00; \ + (buffer)[54] = 0x00; \ + (buffer)[55] = 0x00; \ + (buffer)[56] = 0x00; \ + (buffer)[57] = 0x00; \ + (buffer)[58] = 0x00; \ + (buffer)[59] = 0x00; \ + (buffer)[60] = 0x00; \ + (buffer)[61] = 0x00; \ + (buffer)[62] = 0x01; \ + (buffer)[63] = 0x78; \ +} while (0) + +#ifndef WC_LMS_FULL_HASH +/* Hash one full block of data and compute result. + * + * @param [in] sha256 SHA-256 hash object. + * @param [in] data Data to hash. + * @param [out] hash Hash output. + * @return 0 on success. + */ +static WC_INLINE int wc_lms_sha256_192_hash_block(wc_Sha256* sha256, + const byte* data, byte* hash) +{ + int ret; + unsigned char output[WC_SHA256_DIGEST_SIZE]; + + /* Hash the block and reset SHA-256 state. */ + ret = wc_Sha256HashBlock(sha256, data, output); + if (ret == 0) { + XMEMCPY(hash, output, WC_SHA256_192_DIGEST_SIZE); + } + + return ret; +} +#endif /* !WC_LMS_FULL_HASH */ + +/* Hash data and compute result. + * + * @param [in] sha256 SHA-256 hash object. + * @param [in] data Data to hash. + * @param [in] len Length of data to hash. + * @param [out] hash Hash output. + * @return 0 on success. + */ +static WC_INLINE int wc_lms_hash_sha256_192(wc_Sha256* sha256, byte* data, + word32 len, byte* hash) +{ + int ret; + unsigned char output[WC_SHA256_DIGEST_SIZE]; + +#ifndef WC_LMS_FULL_HASH + if (len < WC_SHA256_BLOCK_SIZE) { + /* Store data into SHA-256 object's buffer. */ + LMS_SHA256_SET_DATA(sha256, data, len); + ret = wc_Sha256Final(sha256, output); + if (ret == 0) { + XMEMCPY(hash, output, WC_SHA256_192_DIGEST_SIZE); + } + } + else if (len < WC_SHA256_BLOCK_SIZE + WC_SHA256_PAD_SIZE) { + ret = wc_Sha256HashBlock(sha256, data, NULL); + if (ret == 0) { + byte* buffer = (byte*)sha256->buffer; + int rem = len - WC_SHA256_BLOCK_SIZE; + + XMEMCPY(buffer, data + WC_SHA256_BLOCK_SIZE, rem); + buffer[rem++] = 0x80; + XMEMSET(buffer + rem, 0, WC_SHA256_BLOCK_SIZE - 2 - rem); + buffer[WC_SHA256_BLOCK_SIZE - 2] = (byte)(len >> 5); + buffer[WC_SHA256_BLOCK_SIZE - 1] = (byte)(len << 3); + ret = wc_Sha256HashBlock(sha256, buffer, output); + if (ret == 0) { + XMEMCPY(hash, output, WC_SHA256_192_DIGEST_SIZE); + } + } + } + else { + ret = wc_Sha256Update(sha256, data, len); + if (ret == 0) { + ret = wc_Sha256Final(sha256, output); + if (ret == 0) { + XMEMCPY(hash, output, WC_SHA256_192_DIGEST_SIZE); + } + } + } +#else + ret = wc_Sha256Update(sha256, data, len); + if (ret == 0) { + ret = wc_Sha256Final(sha256, output); + if (ret == 0) { + XMEMCPY(hash, output, WC_SHA256_192_DIGEST_SIZE); + } + } +#endif /* !WC_LMS_FULL_HASH */ + + return ret; +} + +/* Finalize hash. + * + * @param [in] sha256 SHA-256 hash object. + * @param [out] hash Hash output. + * @return 0 on success. + */ +static WC_INLINE int wc_lms_hash_sha256_192_final(wc_Sha256* sha256, byte* hash) +{ +#ifndef WC_LMS_FULL_HASH + int ret = 0; + byte* buffer = (byte*)sha256->buffer; + unsigned char output[WC_SHA256_DIGEST_SIZE]; + + buffer[sha256->buffLen++] = 0x80; + if (sha256->buffLen > WC_SHA256_PAD_SIZE) { + XMEMSET(buffer + sha256->buffLen, 0, + WC_SHA256_BLOCK_SIZE - sha256->buffLen); + ret = wc_Sha256HashBlock(sha256, buffer, NULL); + sha256->buffLen = 0; + } + if (ret == 0) { + XMEMSET(buffer + sha256->buffLen, 0, + WC_SHA256_BLOCK_SIZE - 8 - sha256->buffLen); + sha256->hiLen = (sha256->hiLen << 3) + (sha256->loLen >> 29); + sha256->loLen = sha256->loLen << 3; + #ifdef LITTLE_ENDIAN_ORDER + sha256->buffer[14] = ByteReverseWord32(sha256->hiLen); + sha256->buffer[15] = ByteReverseWord32(sha256->loLen); + #else + sha256->buffer[14] = sha256->hiLen; + sha256->buffer[15] = sha256->loLen; + #endif + ret = wc_Sha256HashBlock(sha256, buffer, output); + if (ret == 0) { + XMEMCPY(hash, output, WC_SHA256_192_DIGEST_SIZE); + } + sha256->buffLen = 0; + sha256->hiLen = 0; + sha256->loLen = 0; + } + + return ret; +#else + int ret; + unsigned char output[WC_SHA256_DIGEST_SIZE]; + + ret = wc_Sha256Final(sha256, output); + if (ret == 0) { + XMEMCPY(hash, output, WC_SHA256_192_DIGEST_SIZE); + } + + return ret; +#endif +} +#endif /* WOLFSSL_LMS_SHA256_192 */ /*************************************** * LM-OTS APIs @@ -615,16 +812,30 @@ static int wc_lmots_msg_hash(LmsState* state, const byte* msg, word32 msgSz, ret = wc_lms_hash_first(&state->hash, buffer, LMS_MSG_PRE_LEN); if (ret == 0) { /* H(... || C || ...) */ - ret = wc_lms_hash_update(&state->hash, c, LMS_MAX_NODE_LEN); + ret = wc_lms_hash_update(&state->hash, c, state->params->hash_len); } if (ret == 0) { /* H(... || message) */ ret = wc_lms_hash_update(&state->hash, msg, msgSz); } +#ifdef WOLFSSL_LMS_SHA256_192 + if ((ret == 0) && + ((state->params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192)) { + /* Q = H(...) */ + ret = wc_lms_hash_sha256_192_final(&state->hash, q); + } + else +#endif +#ifndef WOLFSSL_NO_LMS_SHA256_256 if (ret == 0) { /* Q = H(...) */ ret = wc_lms_hash_final(&state->hash, q); } + else +#endif + { + ret = NOT_COMPILED_IN; + } return ret; } @@ -680,15 +891,26 @@ static int wc_lmots_compute_y_from_seed(LmsState* state, const byte* seed, ret = wc_lmots_msg_hash(state, msg, msgSz, c, q); if (ret == 0) { /* Calculate checksum list all coefficients. */ - ret = wc_lmots_q_expand(q, LMS_MAX_NODE_LEN, params->width, params->ls, + ret = wc_lmots_q_expand(q, params->hash_len, params->width, params->ls, a); } - #ifndef WC_LMS_FULL_HASH +#ifndef WC_LMS_FULL_HASH if (ret == 0) { - /* Put in padding for final block. */ - LMS_SHA256_SET_LEN_55(buffer); + #ifdef WOLFSSL_LMS_SHA256_192 + if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + /* Put in padding for final block. */ + LMS_SHA256_SET_LEN_47(buffer); + } + else + #endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + /* Put in padding for final block. */ + LMS_SHA256_SET_LEN_55(buffer); + #endif + } } - #endif /* !WC_LMS_FULL_HASH */ +#endif /* !WC_LMS_FULL_HASH */ /* Compute y for each coefficient. */ for (i = 0; (ret == 0) && (i < params->p); i++) { @@ -698,29 +920,84 @@ static int wc_lmots_compute_y_from_seed(LmsState* state, const byte* seed, * = H(I || u32str(q) || u16str(i) || u8str(0xff) || SEED). */ c16toa(i, ip); *jp = LMS_D_FIXED; - XMEMCPY(tmp, seed, LMS_SEED_LEN); - #ifndef WC_LMS_FULL_HASH - ret = wc_lms_hash_block(&state->hash, buffer, tmp); - #else - ret = wc_lms_hash(&state->hash, buffer, LMS_HASH_BUFFER_LEN, tmp); - #endif /* !WC_LMS_FULL_HASH */ +#ifndef WC_LMS_FULL_HASH + #ifdef WOLFSSL_LMS_SHA256_192 + if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + XMEMCPY(tmp, seed, WC_SHA256_192_DIGEST_SIZE); + ret = wc_lms_sha256_192_hash_block(&state->hash, buffer, tmp); + } + else + #endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + XMEMCPY(tmp, seed, WC_SHA256_DIGEST_SIZE); + ret = wc_lms_hash_block(&state->hash, buffer, tmp); + #else + ret = NOT_COMPILED_IN; + #endif + } +#else + #ifdef WOLFSSL_LMS_SHA256_192 + if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + XMEMCPY(tmp, seed, WC_SHA256_192_DIGEST_SIZE); + ret = wc_lms_hash_sha256_192(&state->hash, buffer, + LMS_HASH_BUFFER_LEN(WC_SHA256_192_DIGEST_SIZE), tmp); + } + else + #endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + XMEMCPY(tmp, seed, WC_SHA256_DIGEST_SIZE); + ret = wc_lms_hash(&state->hash, buffer, + LMS_HASH_BUFFER_LEN(WC_SHA256_DIGEST_SIZE), tmp); + #else + ret = NOT_COMPILED_IN; + #endif + } +#endif /* !WC_LMS_FULL_HASH */ /* Apply the hash function coefficient number of times. */ for (j = 0; (ret == 0) && (j < a[i]); j++) { /* I || u32str(q) || u16str(i) || u8str(j) || tmp */ *jp = j; /* tmp = H(I || u32str(q) || u16str(i) || u8str(j) || tmp) */ - #ifndef WC_LMS_FULL_HASH - ret = wc_lms_hash_block(&state->hash, buffer, tmp); - #else - ret = wc_lms_hash(&state->hash, buffer, LMS_HASH_BUFFER_LEN, tmp); - #endif /* !WC_LMS_FULL_HASH */ + #ifndef WC_LMS_FULL_HASH + #ifdef WOLFSSL_LMS_SHA256_192 + if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + ret = wc_lms_sha256_192_hash_block(&state->hash, buffer, tmp); + } + else + #endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + ret = wc_lms_hash_block(&state->hash, buffer, tmp); + #else + ret = NOT_COMPILED_IN; + #endif + } + #else + #ifdef WOLFSSL_LMS_SHA256_192 + if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + ret = wc_lms_hash_sha256_192(&state->hash, buffer, + LMS_HASH_BUFFER_LEN(WC_SHA256_192_DIGEST_SIZE), tmp); + } + else + #endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + ret = wc_lms_hash(&state->hash, buffer, + LMS_HASH_BUFFER_LEN(WC_SHA256_DIGEST_SIZE), tmp); + #else + ret = NOT_COMPILED_IN; + #endif + } + #endif /* !WC_LMS_FULL_HASH */ } if (ret == 0) { /* y[i] = tmp */ - XMEMCPY(y, tmp, LMS_MAX_NODE_LEN); - y += LMS_MAX_NODE_LEN; + XMEMCPY(y, tmp, params->hash_len); + y += params->hash_len; } } @@ -785,15 +1062,26 @@ static int wc_lmots_compute_kc_from_sig(LmsState* state, const byte* msg, } if (ret == 0) { /* Calculate checksum list all coefficients. */ - ret = wc_lmots_q_expand(q, LMS_MAX_NODE_LEN, params->width, params->ls, + ret = wc_lmots_q_expand(q, params->hash_len, params->width, params->ls, a); } - #ifndef WC_LMS_FULL_HASH +#ifndef WC_LMS_FULL_HASH if (ret == 0) { - /* Put in padding for final block. */ - LMS_SHA256_SET_LEN_55(buffer); + #ifdef WOLFSSL_LMS_SHA256_192 + if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + /* Put in padding for final block. */ + LMS_SHA256_SET_LEN_47(buffer); + } + else + #endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + /* Put in padding for final block. */ + LMS_SHA256_SET_LEN_55(buffer); + #endif + } } - #endif /* !WC_LMS_FULL_HASH */ +#endif /* !WC_LMS_FULL_HASH */ /* Compute z for each coefficient. */ for (i = 0; (ret == 0) && (i < params->p); i++) { @@ -804,30 +1092,69 @@ static int wc_lmots_compute_kc_from_sig(LmsState* state, const byte* msg, /* tmp = y[i]. * I || u32(str) || u16str(i) || ... || tmp */ - XMEMCPY(tmp, sig_y, LMS_MAX_NODE_LEN); - sig_y += LMS_MAX_NODE_LEN; + XMEMCPY(tmp, sig_y, params->hash_len); + sig_y += params->hash_len; /* Finish iterations of hash from coefficient to max. */ for (j = a[i]; (ret == 0) && (j < max); j++) { /* I || u32str(q) || u16str(i) || u8str(j) || tmp */ *jp = (word8)j; /* tmp = H(I || u32str(q) || u16str(i) || u8str(j) || tmp) */ - #ifndef WC_LMS_FULL_HASH - ret = wc_lms_hash_block(&state->hash, buffer, tmp); - #else - ret = wc_lms_hash(&state->hash, buffer, LMS_HASH_BUFFER_LEN, tmp); - #endif /* !WC_LMS_FULL_HASH */ + #ifndef WC_LMS_FULL_HASH + #ifdef WOLFSSL_LMS_SHA256_192 + if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + ret = wc_lms_sha256_192_hash_block(&state->hash, buffer, tmp); + } + else + #endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + ret = wc_lms_hash_block(&state->hash, buffer, tmp); + #else + ret = NOT_COMPILED_IN; + #endif + } + /* Apply the hash function coefficient number of times. */ + #else + #ifdef WOLFSSL_LMS_SHA256_192 + if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + ret = wc_lms_hash_sha256_192(&state->hash, buffer, + LMS_HASH_BUFFER_LEN(WC_SHA256_192_DIGEST_SIZE), tmp); + } + else + #endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + ret = wc_lms_hash(&state->hash, buffer, + LMS_HASH_BUFFER_LEN(WC_SHA256_DIGEST_SIZE), tmp); + #else + ret = NOT_COMPILED_IN; + #endif + } + #endif /* !WC_LMS_FULL_HASH */ } if (ret == 0) { /* H(... || z[i] || ...) (for calculating Kc). */ - ret = wc_lms_hash_update(&state->hash_k, tmp, LMS_MAX_NODE_LEN); + ret = wc_lms_hash_update(&state->hash_k, tmp, params->hash_len); } } +#ifdef WOLFSSL_LMS_SHA256_192 + if ((ret == 0) && + ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192)) { + /* Kc = H(...) */ + ret = wc_lms_hash_sha256_192_final(&state->hash_k, kc); + } + else +#endif if (ret == 0) { + #ifndef WOLFSSL_NO_LMS_SHA256_256 /* Kc = H(...) */ ret = wc_lms_hash_final(&state->hash_k, kc); + #else + ret = NOT_COMPILED_IN; + #endif } return ret; @@ -875,8 +1202,19 @@ static int wc_lmots_make_public_hash(LmsState* state, const byte* seed, byte* k) ret = wc_lms_hash_first(&state->hash_k, buffer, LMS_K_PRE_LEN); #ifndef WC_LMS_FULL_HASH - /* Put in padding for final block. */ - LMS_SHA256_SET_LEN_55(buffer); +#ifdef WOLFSSL_LMS_SHA256_192 + if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + /* Put in padding for final block. */ + LMS_SHA256_SET_LEN_47(buffer); + } + else +#endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + /* Put in padding for final block. */ + LMS_SHA256_SET_LEN_55(buffer); + #endif + } #endif /* !WC_LMS_FULL_HASH */ for (i = 0; (ret == 0) && (i < params->p); i++) { @@ -886,31 +1224,97 @@ static int wc_lmots_make_public_hash(LmsState* state, const byte* seed, byte* k) * = H(I || u32str(q) || u16str(i) || u8str(0xff) || SEED). */ c16toa(i, ip); *jp = LMS_D_FIXED; - XMEMCPY(tmp, seed, LMS_SEED_LEN); - #ifndef WC_LMS_FULL_HASH - ret = wc_lms_hash_block(&state->hash, buffer, tmp); - #else - ret = wc_lms_hash(&state->hash, buffer, LMS_HASH_BUFFER_LEN, tmp); - #endif /* !WC_LMS_FULL_HASH */ +#ifndef WC_LMS_FULL_HASH + #ifdef WOLFSSL_LMS_SHA256_192 + if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + XMEMCPY(tmp, seed, WC_SHA256_192_DIGEST_SIZE); + ret = wc_lms_sha256_192_hash_block(&state->hash, buffer, tmp); + } + else + #endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + XMEMCPY(tmp, seed, WC_SHA256_DIGEST_SIZE); + ret = wc_lms_hash_block(&state->hash, buffer, tmp); + #else + ret = NOT_COMPILED_IN; + #endif + } +#else + #ifdef WOLFSSL_LMS_SHA256_192 + if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + XMEMCPY(tmp, seed, WC_SHA256_192_DIGEST_SIZE); + ret = wc_lms_hash_sha256_192(&state->hash, buffer, + LMS_HASH_BUFFER_LEN(WC_SHA256_192_DIGEST_SIZE), tmp); + } + else + #endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + XMEMCPY(tmp, seed, WC_SHA256_DIGEST_SIZE); + ret = wc_lms_hash(&state->hash, buffer, + LMS_HASH_BUFFER_LEN(WC_SHA256_DIGEST_SIZE), tmp); + #else + ret = NOT_COMPILED_IN; + #endif + } +#endif /* !WC_LMS_FULL_HASH */ /* Do all iterations to calculate y. */ for (j = 0; (ret == 0) && (j < max); j++) { /* I || u32str(q) || u16str(i) || u8str(j) || tmp */ *jp = (word8)j; /* tmp = H(I || u32str(q) || u16str(i) || u8str(j) || tmp) */ - #ifndef WC_LMS_FULL_HASH - ret = wc_lms_hash_block(&state->hash, buffer, tmp); - #else - ret = wc_lms_hash(&state->hash, buffer, LMS_HASH_BUFFER_LEN, tmp); - #endif /* !WC_LMS_FULL_HASH */ + #ifndef WC_LMS_FULL_HASH + #ifdef WOLFSSL_LMS_SHA256_192 + if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + ret = wc_lms_sha256_192_hash_block(&state->hash, buffer, tmp); + } + else + #endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + ret = wc_lms_hash_block(&state->hash, buffer, tmp); + #else + ret = NOT_COMPILED_IN; + #endif + } + #else + #ifdef WOLFSSL_LMS_SHA256_192 + if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + ret = wc_lms_hash_sha256_192(&state->hash, buffer, + LMS_HASH_BUFFER_LEN(WC_SHA256_192_DIGEST_SIZE), tmp); + } + else + #endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + ret = wc_lms_hash(&state->hash, buffer, + LMS_HASH_BUFFER_LEN(WC_SHA256_DIGEST_SIZE), tmp); + #else + ret = NOT_COMPILED_IN; + #endif + } + #endif /* !WC_LMS_FULL_HASH */ } if (ret == 0) { /* K = H(... || y[i] || ...) */ - ret = wc_lms_hash_update(&state->hash_k, tmp, LMS_MAX_NODE_LEN); + ret = wc_lms_hash_update(&state->hash_k, tmp, params->hash_len); } } +#ifdef WOLFSSL_LMS_SHA256_192 + if ((ret == 0) && ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192)) { + /* K = H(I || u32str(q) || u16str(D_PBLC) || y[0] || ... || y[p-1]) */ + ret = wc_lms_hash_sha256_192_final(&state->hash_k, k); + } + else +#endif if (ret == 0) { + #ifndef WOLFSSL_NO_LMS_SHA256_256 /* K = H(I || u32str(q) || u16str(D_PBLC) || y[0] || ... || y[p-1]) */ ret = wc_lms_hash_final(&state->hash_k, k); + #else + ret = NOT_COMPILED_IN; + #endif } return ret; @@ -931,7 +1335,7 @@ static int wc_lmots_make_public_hash(LmsState* state, const byte* seed, byte* k) static void wc_lmots_public_key_encode(const LmsParams* params, const byte* priv, byte* pub) { - const byte* priv_i = priv + LMS_Q_LEN + LMS_SEED_LEN; + const byte* priv_i = priv + LMS_Q_LEN + params->hash_len; /* u32str(type) || ... || T(1) */ c32toa(params->lmsType, pub); @@ -1012,7 +1416,7 @@ static int wc_lmots_calc_kc(LmsState* state, const byte* pub, const byte* msg, /* Get C or randomizer value from signature. */ const byte* c = sig + LMS_TYPE_LEN; /* Get array y from signature. */ - const byte* y = c + LMS_MAX_NODE_LEN; + const byte* y = c + state->params->hash_len; /* Compute the public key candidate Kc from the signature. */ ret = wc_lmots_compute_kc_from_sig(state, msg, msgSz, c, y, kc); @@ -1028,12 +1432,13 @@ static int wc_lmots_calc_kc(LmsState* state, const byte* pub, const byte* msg, * But use Appendix A to generate x on the fly. * PRIV = SEED | I * - * @param [in] rng Random number generator. - * @param [out] priv Private key data. + * @param [in] rng Random number generator. + * @param [in] seed_len Length of seed to generate. + * @param [out] priv Private key data. */ -static int wc_lmots_make_private_key(WC_RNG* rng, byte* priv) +static int wc_lmots_make_private_key(WC_RNG* rng, word16 seed_len, byte* priv) { - return wc_RNG_GenerateBlock(rng, priv, LMS_SEED_LEN + LMS_I_LEN); + return wc_RNG_GenerateBlock(rng, priv, seed_len + LMS_I_LEN); } /* Generate LM-OTS signature. @@ -1067,20 +1472,60 @@ static int wc_lmots_sign(LmsState* state, const byte* seed, const byte* msg, c16toa(LMS_D_C, ip); /* I || u32str(q) || u16str(0xFFFD) || u8str(0xFF) || ... */ *jp = LMS_D_FIXED; - /* I || u32str(q) || u16str(0xFFFD) || u8str(0xFF) || SEED */ - XMEMCPY(tmp, seed, LMS_SEED_LEN); - /* C = H(I || u32str(q) || u16str(0xFFFD) || u8str(0xFF) || SEED) - * sig = u32str(type) || C || ... */ #ifndef WC_LMS_FULL_HASH - /* Put in padding for final block. */ - LMS_SHA256_SET_LEN_55(buffer); - ret = wc_lms_hash_block(&state->hash, buffer, sig_c); +#ifdef WOLFSSL_LMS_SHA256_192 + if ((state->params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + /* I || u32str(q) || u16str(0xFFFD) || u8str(0xFF) || SEED */ + XMEMCPY(tmp, seed, WC_SHA256_192_DIGEST_SIZE); + /* C = H(I || u32str(q) || u16str(0xFFFD) || u8str(0xFF) || SEED) + * sig = u32str(type) || C || ... */ + /* Put in padding for final block. */ + LMS_SHA256_SET_LEN_47(buffer); + ret = wc_lms_sha256_192_hash_block(&state->hash, buffer, sig_c); + } + else +#endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + /* I || u32str(q) || u16str(0xFFFD) || u8str(0xFF) || SEED */ + XMEMCPY(tmp, seed, WC_SHA256_DIGEST_SIZE); + /* C = H(I || u32str(q) || u16str(0xFFFD) || u8str(0xFF) || SEED) + * sig = u32str(type) || C || ... */ + /* Put in padding for final block. */ + LMS_SHA256_SET_LEN_55(buffer); + ret = wc_lms_hash_block(&state->hash, buffer, sig_c); + #else + ret = NOT_COMPILED_IN; + #endif + } #else - ret = wc_lms_hash(&state->hash, buffer, LMS_HASH_BUFFER_LEN, sig_c); +#ifdef WOLFSSL_LMS_SHA256_192 + if ((state->params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + /* I || u32str(q) || u16str(0xFFFD) || u8str(0xFF) || SEED */ + XMEMCPY(tmp, seed, WC_SHA256_192_DIGEST_SIZE); + /* C = H(I || u32str(q) || u16str(0xFFFD) || u8str(0xFF) || SEED) + * sig = u32str(type) || C || ... */ + ret = wc_lms_hash_sha256_192(&state->hash, buffer, + LMS_HASH_BUFFER_LEN(WC_SHA256_192_DIGEST_SIZE), sig_c); + } + else +#endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + /* I || u32str(q) || u16str(0xFFFD) || u8str(0xFF) || SEED */ + XMEMCPY(tmp, seed, WC_SHA256_DIGEST_SIZE); + /* C = H(I || u32str(q) || u16str(0xFFFD) || u8str(0xFF) || SEED) + * sig = u32str(type) || C || ... */ + ret = wc_lms_hash(&state->hash, buffer, + LMS_HASH_BUFFER_LEN(WC_SHA256_DIGEST_SIZE), sig_c); + #else + ret = NOT_COMPILED_IN; + #endif + } #endif /* !WC_LMS_FULL_HASH */ if (ret == 0) { - byte* sig_y = sig_c + LMS_MAX_NODE_LEN; + byte* sig_y = sig_c + state->params->hash_len; /* Compute array y. * sig = u32str(type) || C || y[0] || ... || y[p-1] */ @@ -1109,21 +1554,21 @@ static void wc_lms_priv_state_load(const LmsParams* params, LmsPrivState* state, { /* Authentication path data. */ state->auth_path = priv_data; - priv_data += params->height * LMS_MAX_NODE_LEN; + priv_data += params->height * params->hash_len; /* Stack of nodes. */ state->stack.stack = priv_data; - priv_data += (params->height + 1) * LMS_MAX_NODE_LEN; + priv_data += (params->height + 1) * params->hash_len; ato32(priv_data, &state->stack.offset); priv_data += 4; /* Cached root nodes. */ state->root = priv_data; - priv_data += LMS_ROOT_CACHE_LEN(params->rootLevels); + priv_data += LMS_ROOT_CACHE_LEN(params->rootLevels, params->hash_len); /* Cached leaf nodes. */ state->leaf.cache = priv_data; - priv_data += LMS_LEAF_CACHE_LEN(params->cacheBits); + priv_data += LMS_LEAF_CACHE_LEN(params->cacheBits, params->hash_len); ato32(priv_data, &state->leaf.idx); priv_data += 4; ato32(priv_data, &state->leaf.offset); @@ -1140,18 +1585,18 @@ static void wc_lms_priv_state_store(const LmsParams* params, LmsPrivState* state, byte* priv_data) { /* Authentication path data. */ - priv_data += params->height * LMS_MAX_NODE_LEN; + priv_data += params->height * params->hash_len; /* Stack of nodes. */ - priv_data += (params->height + 1) * LMS_MAX_NODE_LEN; + priv_data += (params->height + 1) * params->hash_len; c32toa(state->stack.offset, priv_data); priv_data += 4; /* Cached root nodes. */ - priv_data += LMS_ROOT_CACHE_LEN(params->rootLevels); + priv_data += LMS_ROOT_CACHE_LEN(params->rootLevels, params->hash_len); /* Cached leaf nodes. */ - priv_data += LMS_LEAF_CACHE_LEN(params->cacheBits); + priv_data += LMS_LEAF_CACHE_LEN(params->cacheBits, params->hash_len); c32toa(state->leaf.idx, priv_data); priv_data += 4; c32toa(state->leaf.offset, priv_data); @@ -1169,7 +1614,7 @@ static void wc_lms_priv_state_copy(const LmsParams* params, LmsPrivState* dst, const LmsPrivState* src) { XMEMCPY(dst->auth_path, src->auth_path, LMS_PRIV_STATE_LEN(params->height, - params->rootLevels, params->cacheBits)); + params->rootLevels, params->cacheBits, params->hash_len)); dst->stack.offset = src->stack.offset; dst->leaf.idx = src->leaf.idx; dst->leaf.offset = src->leaf.offset; @@ -1225,13 +1670,40 @@ static int wc_lms_leaf_hash(LmsState* state, const byte* seed, word32 i, /* I || u32str(r) || u16str(D_LEAF) || OTS_PUB_HASH[i] */ c16toa(LMS_D_LEAF, dp); /* temp = H(I || u32str(r) || u16str(D_LEAF) || OTS_PUB_HASH[i]) */ - #ifndef WC_LMS_FULL_HASH +#ifndef WC_LMS_FULL_HASH /* Put in padding for final block. */ - LMS_SHA256_SET_LEN_54(buffer); - ret = wc_lms_hash_block(&state->hash, buffer, leaf); - #else - ret = wc_lms_hash(&state->hash, buffer, LMS_SEED_HASH_LEN, leaf); - #endif /* !WC_LMS_FULL_HASH */ + #ifdef WOLFSSL_LMS_SHA256_192 + if ((state->params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + LMS_SHA256_SET_LEN_46(buffer); + ret = wc_lms_sha256_192_hash_block(&state->hash, buffer, leaf); + } + else + #endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + LMS_SHA256_SET_LEN_54(buffer); + ret = wc_lms_hash_block(&state->hash, buffer, leaf); + #else + ret = NOT_COMPILED_IN; + #endif + } +#else + #ifdef WOLFSSL_LMS_SHA256_192 + if ((state->params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + ret = wc_lms_hash_sha256_192(&state->hash, buffer, + LMS_SEED_HASH_LEN(WC_SHA256_192_DIGEST_SIZE), leaf); + } + else + #endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + ret = wc_lms_hash(&state->hash, buffer, + LMS_SEED_HASH_LEN(WC_SHA256_DIGEST_SIZE), leaf); + #else + ret = NOT_COMPILED_IN; + #endif + } +#endif /* !WC_LMS_FULL_HASH */ } return ret; @@ -1255,17 +1727,38 @@ static int wc_lms_leaf_hash(LmsState* state, const byte* seed, word32 i, static int wc_lms_interior_hash(LmsState* state, byte* sp, word32 r, byte* node) { + int ret; byte* buffer = state->buffer; byte* rp = buffer + LMS_I_LEN; byte* left = rp + LMS_R_LEN + LMS_D_LEN; /* I || u32str(r) || u16str(D_INTR) || ... || temp */ c32toa(r, rp); - /* left_side = pop(data stack) - * I || u32str(r) || u16str(D_INTR) || left_side || temp */ - XMEMCPY(left, sp, LMS_MAX_NODE_LEN); - /* temp = H(I || u32str(r) || u16str(D_INTR) || left_side || temp) */ - return wc_lms_hash(&state->hash, buffer, LMS_NODE_HASH_LEN, node); +#ifdef WOLFSSL_LMS_SHA256_192 + if ((state->params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + /* left_side = pop(data stack) + * I || u32str(r) || u16str(D_INTR) || left_side || temp */ + XMEMCPY(left, sp, WC_SHA256_192_DIGEST_SIZE); + /* temp = H(I || u32str(r) || u16str(D_INTR) || left_side || temp) */ + ret = wc_lms_hash_sha256_192(&state->hash, buffer, + LMS_NODE_HASH_LEN(WC_SHA256_192_DIGEST_SIZE), node); + } + else +#endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + /* left_side = pop(data stack) + * I || u32str(r) || u16str(D_INTR) || left_side || temp */ + XMEMCPY(left, sp, WC_SHA256_DIGEST_SIZE); + /* temp = H(I || u32str(r) || u16str(D_INTR) || left_side || temp) */ + ret = wc_lms_hash(&state->hash, buffer, + LMS_NODE_HASH_LEN(WC_SHA256_DIGEST_SIZE), node); + #else + ret = NOT_COMPILED_IN; + #endif + } + + return ret; } #ifdef WOLFSSL_WC_LMS_SMALL @@ -1306,7 +1799,7 @@ static int wc_lms_treehash(LmsState* state, const byte* id, const byte* seed, byte* rp = buffer + LMS_I_LEN; byte* dp = rp + LMS_R_LEN; byte* left = dp + LMS_D_LEN; - byte* temp = left + LMS_MAX_NODE_LEN; + byte* temp = left + params->hash_len; #ifdef WOLFSSL_SMALL_STACK byte* stack = NULL; #else @@ -1320,7 +1813,7 @@ static int wc_lms_treehash(LmsState* state, const byte* id, const byte* seed, #ifdef WOLFSSL_SMALL_STACK /* Allocate stack of left side hashes. */ - stack = XMALLOC((params->height + 1) * LMS_MAX_NODE_LEN, NULL, + stack = XMALLOC((params->height + 1) * params->hash_len, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (stack == NULL) { ret = MEMORY_E; @@ -1340,7 +1833,7 @@ static int wc_lms_treehash(LmsState* state, const byte* id, const byte* seed, /* Store the node if on the authentication path. */ if ((ret == 0) && (auth_path != NULL) && ((q ^ 0x1) == i)) { - XMEMCPY(auth_path, temp, LMS_MAX_NODE_LEN); + XMEMCPY(auth_path, temp, params->hash_len); } /* I || ... || u16str(D_INTR) || ... || temp */ @@ -1355,23 +1848,23 @@ static int wc_lms_treehash(LmsState* state, const byte* id, const byte* seed, /* Calculate interior node hash. * temp = H(I || u32str(r) || u16str(D_INTR) || left_side || temp) */ - sp -= LMS_MAX_NODE_LEN; + sp -= params->hash_len; ret = wc_lms_interior_hash(state, sp, r, temp); /* Copy out node to authentication path if on path. */ if ((ret == 0) && (auth_path != NULL) && ((q >> h) ^ 0x1) == j) { - XMEMCPY(auth_path + h * LMS_MAX_NODE_LEN, temp, - LMS_MAX_NODE_LEN); + XMEMCPY(auth_path + h * params->hash_len, temp, + params->hash_len); } } /* Push temp onto the data stack. */ - XMEMCPY(sp, temp, LMS_MAX_NODE_LEN); - sp += LMS_MAX_NODE_LEN; + XMEMCPY(sp, temp, params->hash_len); + sp += params->hash_len; } if ((ret == 0) && (pub != NULL)) { /* Public key, root node, is top of data stack. */ - XMEMCPY(pub, stack, LMS_MAX_NODE_LEN); + XMEMCPY(pub, stack, params->hash_len); } #ifdef WOLFSSL_SMALL_STACK XFREE(stack, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -1445,7 +1938,7 @@ static int wc_lms_treehash_init(LmsState* state, LmsPrivState* privState, byte* rp = buffer + LMS_I_LEN; byte* dp = rp + LMS_R_LEN; byte* left = dp + LMS_D_LEN; - byte* temp = left + LMS_MAX_NODE_LEN; + byte* temp = left + params->hash_len; #ifdef WOLFSSL_SMALL_STACK byte* stack = NULL; #else @@ -1469,7 +1962,7 @@ static int wc_lms_treehash_init(LmsState* state, LmsPrivState* privState, #ifdef WOLFSSL_SMALL_STACK /* Allocate stack of left side hashes. */ - stack = XMALLOC((params->height + 1) * LMS_MAX_NODE_LEN, NULL, + stack = XMALLOC((params->height + 1) * params->hash_len, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (stack == NULL) { ret = MEMORY_E; @@ -1488,12 +1981,12 @@ static int wc_lms_treehash_init(LmsState* state, LmsPrivState* privState, /* Cache leaf node if in range. */ if ((ret == 0) && (i >= leaf->idx) && (i < leaf->idx + max_cb)) { - XMEMCPY(leaf->cache + i * LMS_MAX_NODE_LEN, temp, LMS_MAX_NODE_LEN); + XMEMCPY(leaf->cache + i * params->hash_len, temp, params->hash_len); } /* Store the node if on the authentication path. */ if ((ret == 0) && (auth_path != NULL) && ((q ^ 0x1) == i)) { - XMEMCPY(auth_path, temp, LMS_MAX_NODE_LEN); + XMEMCPY(auth_path, temp, params->hash_len); } /* I || ... || u16str(D_INTR) || ... || temp */ @@ -1508,25 +2001,25 @@ static int wc_lms_treehash_init(LmsState* state, LmsPrivState* privState, /* Calculate interior node hash. * temp = H(I || u32str(r) || u16str(D_INTR) || left_side || temp) */ - spi -= LMS_MAX_NODE_LEN; + spi -= params->hash_len; ret = wc_lms_interior_hash(state, stack + spi, r, temp); /* Copy out top root nodes. */ if ((h > params->height - params->rootLevels) && ((i >> (h-1)) != ((i + 1) >> (h - 1)))) { int off = (1 << (params->height - h)) + (i >> h) - 1; - XMEMCPY(root + off * LMS_MAX_NODE_LEN, temp, LMS_MAX_NODE_LEN); + XMEMCPY(root + off * params->hash_len, temp, params->hash_len); } /* Copy out node to authentication path if on path. */ if ((ret == 0) && (auth_path != NULL) && ((q >> h) ^ 0x1) == j) { - XMEMCPY(auth_path + h * LMS_MAX_NODE_LEN, temp, - LMS_MAX_NODE_LEN); + XMEMCPY(auth_path + h * params->hash_len, temp, + params->hash_len); } } /* Push temp onto the data stack. */ - XMEMCPY(stack + spi, temp, LMS_MAX_NODE_LEN); - spi += LMS_MAX_NODE_LEN; + XMEMCPY(stack + spi, temp, params->hash_len); + spi += params->hash_len; if (i == q - 1) { XMEMCPY(privState->stack.stack, stack, spi); @@ -1580,7 +2073,7 @@ static int wc_lms_treehash_update(LmsState* state, LmsPrivState* privState, byte* rp = buffer + LMS_I_LEN; byte* dp = rp + LMS_R_LEN; byte* left = dp + LMS_D_LEN; - byte* temp = left + LMS_MAX_NODE_LEN; + byte* temp = left + params->hash_len; #ifdef WOLFSSL_SMALL_STACK byte* stack = NULL; #else @@ -1595,7 +2088,7 @@ static int wc_lms_treehash_update(LmsState* state, LmsPrivState* privState, #ifdef WOLFSSL_SMALL_STACK /* Allocate stack of left side hashes. */ - stack = XMALLOC((params->height + 1) * LMS_MAX_NODE_LEN, NULL, + stack = XMALLOC((params->height + 1) * params->hash_len, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (stack == NULL) { ret = MEMORY_E; @@ -1603,7 +2096,7 @@ static int wc_lms_treehash_update(LmsState* state, LmsPrivState* privState, #endif /* WOLFSSL_SMALL_STACK */ /* Public key, root node, is top of data stack. */ - XMEMCPY(stack, stackCache->stack, params->height * LMS_MAX_NODE_LEN); + XMEMCPY(stack, stackCache->stack, params->height * params->hash_len); sp = stack + stackCache->offset; /* Compute all nodes requested. */ @@ -1616,9 +2109,9 @@ static int wc_lms_treehash_update(LmsState* state, LmsPrivState* privState, if ((i >= leaf->idx) && (i < leaf->idx + max_cb)) { /* Calculate offset of node in cache. */ word32 off = ((i - (leaf->idx + max_cb) + leaf->offset) % max_cb) * - LMS_MAX_NODE_LEN; + params->hash_len; /* Copy cached node into working buffer. */ - XMEMCPY(temp, leaf->cache + off, LMS_MAX_NODE_LEN); + XMEMCPY(temp, leaf->cache + off, params->hash_len); /* I || u32str(i) || ... */ c32toa(i, rp); } @@ -1630,8 +2123,8 @@ static int wc_lms_treehash_update(LmsState* state, LmsPrivState* privState, * the number of leaf nodes. */ if ((i == leaf->idx + max_cb) && (i < (q + max_cb))) { /* Copy working node into cache over old first node. */ - XMEMCPY(leaf->cache + leaf->offset * LMS_MAX_NODE_LEN, temp, - LMS_MAX_NODE_LEN); + XMEMCPY(leaf->cache + leaf->offset * params->hash_len, temp, + params->hash_len); /* Increase start index as first node replaced. */ leaf->idx++; /* Update offset of first leaf node. */ @@ -1641,7 +2134,7 @@ static int wc_lms_treehash_update(LmsState* state, LmsPrivState* privState, /* Store the node if on the authentication path. */ if ((ret == 0) && ((q ^ 0x1) == i)) { - XMEMCPY(auth_path, temp, LMS_MAX_NODE_LEN); + XMEMCPY(auth_path, temp, params->hash_len); } /* I || ... || u16str(D_INTR) || ... || temp */ @@ -1653,14 +2146,14 @@ static int wc_lms_treehash_update(LmsState* state, LmsPrivState* privState, j >>= 1; h++; - sp -= LMS_MAX_NODE_LEN; + sp -= params->hash_len; if (useRoot && (h > params->height - params->rootLevels) && (h <= params->height)) { /* Calculate offset of cached root node. */ word32 off = ((word32)1U << (params->height - h)) + (i >> h) - 1; - XMEMCPY(temp, privState->root + (off * LMS_MAX_NODE_LEN), - LMS_MAX_NODE_LEN); + XMEMCPY(temp, privState->root + (off * params->hash_len), + params->hash_len); } else { /* Calculate interior node hash. @@ -1675,20 +2168,20 @@ static int wc_lms_treehash_update(LmsState* state, LmsPrivState* privState, (h > params->height - params->rootLevels) && ((i >> (h-1)) != ((i + 1) >> (h - 1)))) { int off = (1 << (params->height - h)) + (i >> h) - 1; - XMEMCPY(privState->root + off * LMS_MAX_NODE_LEN, temp, - LMS_MAX_NODE_LEN); + XMEMCPY(privState->root + off * params->hash_len, temp, + params->hash_len); } /* Copy out node to authentication path if on path. */ if ((ret == 0) && (((q >> h) ^ 0x1) == j)) { - XMEMCPY(auth_path + h * LMS_MAX_NODE_LEN, temp, - LMS_MAX_NODE_LEN); + XMEMCPY(auth_path + h * params->hash_len, temp, + params->hash_len); } } if (ret == 0) { /* Push temp onto the data stack. */ - XMEMCPY(sp, temp, LMS_MAX_NODE_LEN); - sp += LMS_MAX_NODE_LEN; + XMEMCPY(sp, temp, params->hash_len); + sp += params->hash_len; /* Save stack after updating first node. */ if (i == min_idx) { @@ -1701,7 +2194,7 @@ static int wc_lms_treehash_update(LmsState* state, LmsPrivState* privState, if (!useRoot) { /* Copy stack back. */ - XMEMCPY(stackCache->stack, stack, params->height * LMS_MAX_NODE_LEN); + XMEMCPY(stackCache->stack, stack, params->height * params->hash_len); stackCache->offset = (word32)((size_t)sp - (size_t)stack); } @@ -1742,7 +2235,7 @@ static int wc_lms_sign(LmsState* state, const byte* priv, const byte* msg, byte* s = sig; const byte* priv_q = priv; const byte* priv_seed = priv_q + LMS_Q_LEN; - const byte* priv_i = priv_seed + LMS_SEED_LEN; + const byte* priv_i = priv_seed + params->hash_len; /* Setup for hashing: I || Q */ XMEMCPY(buffer, priv_i, LMS_I_LEN); @@ -1761,7 +2254,7 @@ static int wc_lms_sign(LmsState* state, const byte* priv, const byte* msg, ret = wc_lmots_sign(state, priv_seed, msg, msgSz, s); if (ret == 0) { /* Skip over ots_signature. */ - s += LMS_MAX_NODE_LEN + params->p * LMS_MAX_NODE_LEN; + s += params->hash_len + params->p * params->hash_len; /* S = u32str(q) || ots_signature || u32str(type) || ... */ c32toa(params->lmsType, s); } @@ -1787,8 +2280,8 @@ static void wc_lms_sig_copy(const LmsParams* params, const byte* y, c32toa(params->lmOtsType, sig); sig += LMS_TYPE_LEN; /* S = u32str(q) || ots_signature || ... */ - XMEMCPY(sig, y, LMS_MAX_NODE_LEN + params->p * LMS_MAX_NODE_LEN); - sig += LMS_MAX_NODE_LEN + params->p * LMS_MAX_NODE_LEN; + XMEMCPY(sig, y, params->hash_len + params->p * params->hash_len); + sig += params->hash_len + params->p * params->hash_len; /* S = u32str(q) || ots_signature || u32str(type) || ... */ c32toa(params->lmsType, sig); } @@ -1831,22 +2324,64 @@ static int wc_lms_compute_root(LmsState* state, word32 q, const byte* kc, byte* rp = buffer + LMS_I_LEN; byte* ip = rp + LMS_Q_LEN; byte* node = ip + LMS_P_LEN; - byte* b[2][2] = { { node, node + LMS_MAX_NODE_LEN }, - { node + LMS_MAX_NODE_LEN, node } }; + byte* b[2][2]; /* node_num = 2^h + q */ word32 r = (1 << params->height) + q; /* tmp = H(I || u32str(node_num) || u16str(D_LEAF) || Kc) */ c32toa(r, rp); c16toa(LMS_D_LEAF, ip); - XMEMCPY(node, kc, LMS_MAX_NODE_LEN); + XMEMCPY(node, kc, params->hash_len); /* Put tmp into offset required for first iteration. */ #ifndef WC_LMS_FULL_HASH /* Put in padding for final block. */ - LMS_SHA256_SET_LEN_54(buffer); - ret = wc_lms_hash_block(&state->hash, buffer, b[r & 1][0]); +#ifdef WOLFSSL_LMS_SHA256_192 + if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + b[0][0] = node; + b[0][1] = node + WC_SHA256_192_DIGEST_SIZE; + b[1][0] = node + WC_SHA256_192_DIGEST_SIZE; + b[1][1] = node; + LMS_SHA256_SET_LEN_46(buffer); + ret = wc_lms_sha256_192_hash_block(&state->hash, buffer, b[r & 1][0]); + } + else +#endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + b[0][0] = node; + b[0][1] = node + WC_SHA256_DIGEST_SIZE; + b[1][0] = node + WC_SHA256_DIGEST_SIZE; + b[1][1] = node; + LMS_SHA256_SET_LEN_54(buffer); + ret = wc_lms_hash_block(&state->hash, buffer, b[r & 1][0]); + #else + ret = NOT_COMPILED_IN; + #endif + } #else - ret = wc_lms_hash(&state->hash, buffer, LMS_SEED_HASH_LEN, b[r & 1][0]); +#ifdef WOLFSSL_LMS_SHA256_192 + if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + b[0][0] = node; + b[0][1] = node + WC_SHA256_192_DIGEST_SIZE; + b[1][0] = node + WC_SHA256_192_DIGEST_SIZE; + b[1][1] = node; + ret = wc_lms_hash_sha256_192(&state->hash, buffer, + LMS_SEED_HASH_LEN(WC_SHA256_192_DIGEST_SIZE), b[r & 1][0]); + } + else +#endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + b[0][0] = node; + b[0][1] = node + WC_SHA256_DIGEST_SIZE; + b[1][0] = node + WC_SHA256_DIGEST_SIZE; + b[1][1] = node; + ret = wc_lms_hash(&state->hash, buffer, + LMS_SEED_HASH_LEN(WC_SHA256_DIGEST_SIZE), b[r & 1][0]); + #else + ret = NOT_COMPILED_IN; + #endif + } #endif /* !WC_LMS_FULL_HASH */ if (ret == 0) { @@ -1856,33 +2391,78 @@ static int wc_lms_compute_root(LmsState* state, word32 q, const byte* kc, c16toa(LMS_D_INTR, ip); /* Do all but last height. */ - for (i = 0; (ret == 0) && (i < params->height - 1); i++) { - /* Put path into offset required. */ - XMEMCPY(b[r & 1][1], path, LMS_MAX_NODE_LEN); - path += LMS_MAX_NODE_LEN; - - /* node_num = node_num / 2 */ - r >>= 1; - /* H(...||u32str(node_num/2)||..) */ - c32toa(r, rp); - /* tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||path[i]||tmp) or - * tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||tmp||path[i]) - * Put tmp result into offset required for next iteration. */ - ret = wc_lms_hash(&state->hash, buffer, LMS_NODE_HASH_LEN, - b[r & 1][0]); + #ifdef WOLFSSL_LMS_SHA256_192 + if ((params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + for (i = 0; (ret == 0) && (i < params->height - 1); i++) { + /* Put path into offset required. */ + XMEMCPY(b[r & 1][1], path, WC_SHA256_192_DIGEST_SIZE); + path += WC_SHA256_192_DIGEST_SIZE; + + /* node_num = node_num / 2 */ + r >>= 1; + /* H(...||u32str(node_num/2)||..) */ + c32toa(r, rp); + /* tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||path[i]||tmp) + * or + * tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||tmp||path[i]) + * Put tmp result into offset required for next iteration. */ + ret = wc_lms_hash_sha256_192(&state->hash, buffer, + LMS_NODE_HASH_LEN(WC_SHA256_192_DIGEST_SIZE), b[r & 1][0]); + } + if (ret == 0) { + /* Last height. */ + /* Put path into offset required. */ + XMEMCPY(b[r & 1][1], path, WC_SHA256_192_DIGEST_SIZE); + /* node_num = node_num / 2 */ + r >>= 1; + /* H(...||u32str(node_num/2)||..) */ + c32toa(r, rp); + /* tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||path[i]||tmp) + * or + * tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||tmp||path[i]) + * Put tmp result into Tc.*/ + ret = wc_lms_hash_sha256_192(&state->hash, buffer, + LMS_NODE_HASH_LEN(WC_SHA256_192_DIGEST_SIZE), tc); + } } - if (ret == 0) { - /* Last height. */ - /* Put path into offset required. */ - XMEMCPY(b[r & 1][1], path, LMS_MAX_NODE_LEN); - /* node_num = node_num / 2 */ - r >>= 1; - /* H(...||u32str(node_num/2)||..) */ - c32toa(r, rp); - /* tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||path[i]||tmp) or - * tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||tmp||path[i]) - * Put tmp result into Tc.*/ - ret = wc_lms_hash(&state->hash, buffer, LMS_NODE_HASH_LEN, tc); + else + #endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + for (i = 0; (ret == 0) && (i < params->height - 1); i++) { + /* Put path into offset required. */ + XMEMCPY(b[r & 1][1], path, WC_SHA256_DIGEST_SIZE); + path += WC_SHA256_DIGEST_SIZE; + + /* node_num = node_num / 2 */ + r >>= 1; + /* H(...||u32str(node_num/2)||..) */ + c32toa(r, rp); + /* tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||path[i]||tmp) + * or + * tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||tmp||path[i]) + * Put tmp result into offset required for next iteration. */ + ret = wc_lms_hash(&state->hash, buffer, + LMS_NODE_HASH_LEN(WC_SHA256_DIGEST_SIZE), b[r & 1][0]); + } + if (ret == 0) { + /* Last height. */ + /* Put path into offset required. */ + XMEMCPY(b[r & 1][1], path, WC_SHA256_DIGEST_SIZE); + /* node_num = node_num / 2 */ + r >>= 1; + /* H(...||u32str(node_num/2)||..) */ + c32toa(r, rp); + /* tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||path[i]||tmp) + * or + * tmp = H(I||u32str(node_num/2)||u16str(D_INTR)||tmp||path[i]) + * Put tmp result into Tc.*/ + ret = wc_lms_hash(&state->hash, buffer, + LMS_NODE_HASH_LEN(WC_SHA256_DIGEST_SIZE), tc); + } + #else + ret = NOT_COMPILED_IN; + #endif } } @@ -1955,7 +2535,7 @@ static int wc_lms_verify(LmsState* state, const byte* pub, const byte* msg, if (ret == 0) { /* Algorithm 6a. Step 2.j. */ const byte* sig_path = sig + LMS_Q_LEN + LMS_TYPE_LEN + - LMS_MAX_NODE_LEN + params->p * LMS_MAX_NODE_LEN + LMS_TYPE_LEN; + params->hash_len + params->p * params->hash_len + LMS_TYPE_LEN; word32 q; /* Algorithm 6a. Step 2.a. */ @@ -1965,7 +2545,7 @@ static int wc_lms_verify(LmsState* state, const byte* pub, const byte* msg, ret = wc_lms_compute_root(state, q, kc, sig_path, tc); } /* Algorithm 6. Step 4. */ - if ((ret == 0) && (XMEMCMP(pub_k, tc, LMS_MAX_NODE_LEN) != 0)) { + if ((ret == 0) && (XMEMCMP(pub_k, tc, params->hash_len) != 0)) { ret = SIG_VERIFY_E; } @@ -2006,26 +2586,85 @@ static int wc_hss_derive_seed_i(LmsState* state, const byte* id, /* parent's I || q || D_CHILD_SEED || D_FIXED || ... */ *jp = LMS_D_FIXED; /* parent's I || q || D_CHILD_SEED || D_FIXED || parent's SEED */ - XMEMCPY(tmp, seed, LMS_SEED_LEN); + XMEMCPY(tmp, seed, state->params->hash_len); /* SEED = H(parent's I || q || D_CHILD_SEED || D_FIXED || parent's SEED) */ #ifndef WC_LMS_FULL_HASH - /* Put in padding for final block. */ - LMS_SHA256_SET_LEN_55(buffer); - ret = wc_lms_hash_block(&state->hash, buffer, seed_i); +#ifdef WOLFSSL_LMS_SHA256_192 + if ((state->params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + /* Put in padding for final block. */ + LMS_SHA256_SET_LEN_47(buffer); + ret = wc_lms_sha256_192_hash_block(&state->hash, buffer, seed_i); + if (ret == 0) { + seed_i += WC_SHA256_192_DIGEST_SIZE; + } + } + else +#endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + /* Put in padding for final block. */ + LMS_SHA256_SET_LEN_55(buffer); + ret = wc_lms_hash_block(&state->hash, buffer, seed_i); + if (ret == 0) { + seed_i += WC_SHA256_DIGEST_SIZE; + } + #else + ret = NOT_COMPILED_IN; + #endif + } #else - ret = wc_lms_hash(&state->hash, buffer, LMS_HASH_BUFFER_LEN, seed_i); +#ifdef WOLFSSL_LMS_SHA256_192 + if ((state->params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + ret = wc_lms_hash_sha256_192(&state->hash, buffer, + LMS_HASH_BUFFER_LEN(WC_SHA256_192_DIGEST_SIZE), seed_i); + } + else +#endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + ret = wc_lms_hash(&state->hash, buffer, + LMS_HASH_BUFFER_LEN(WC_SHA256_DIGEST_SIZE), seed_i); + #else + ret = NOT_COMPILED_IN; + #endif + } #endif /* !WC_LMS_FULL_HASH */ if (ret == 0) { - seed_i += LMS_SEED_LEN; /* parent's I || q || D_CHILD_I || D_FIXED || parent's SEED */ c16toa(LMS_D_CHILD_I, ip); /* I = H(parent's I || q || D_CHILD_I || D_FIXED || parent's SEED) */ - #ifndef WC_LMS_FULL_HASH - ret = wc_lms_hash_block(&state->hash, buffer, tmp); - #else - ret = wc_lms_hash(&state->hash, buffer, LMS_HASH_BUFFER_LEN, tmp); - #endif /* !WC_LMS_FULL_HASH */ +#ifndef WC_LMS_FULL_HASH + #ifdef WOLFSSL_LMS_SHA256_192 + if ((state->params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + ret = wc_lms_sha256_192_hash_block(&state->hash, buffer, tmp); + } + else + #endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + ret = wc_lms_hash_block(&state->hash, buffer, tmp); + #else + ret = NOT_COMPILED_IN; + #endif + } +#else + #ifdef WOLFSSL_LMS_SHA256_192 + if ((state->params->lmOtsType & LMS_HASH_MASK) == LMS_SHA256_192) { + ret = wc_lms_hash_sha256_192(&state->hash, buffer, + LMS_HASH_BUFFER_LEN(WC_SHA256_192_DIGEST_SIZE), tmp); + } + else + #endif + { + #ifndef WOLFSSL_NO_LMS_SHA256_256 + ret = wc_lms_hash(&state->hash, buffer, + LMS_HASH_BUFFER_LEN(WC_SHA256_DIGEST_SIZE), tmp); + #else + ret = NOT_COMPILED_IN; + #endif + } +#endif /* !WC_LMS_FULL_HASH */ /* Copy part of hash as new I into private key. */ XMEMCPY(seed_i, tmp, LMS_I_LEN); } @@ -2076,7 +2715,7 @@ static int wc_hss_expand_private_key(LmsState* state, byte* priv, } else { /* Copy out SEED and I into private key. */ - XMEMCPY(priv + LMS_Q_LEN, priv_raw, LMS_SEED_I_LEN); + XMEMCPY(priv + LMS_Q_LEN, priv_raw, params->hash_len + LMS_I_LEN); } /* Compute SEED and I for rest of levels. */ @@ -2100,7 +2739,7 @@ static int wc_hss_expand_private_key(LmsState* state, byte* priv, priv_q = priv; priv += LMS_Q_LEN; priv_seed_i = priv; - priv += LMS_SEED_I_LEN; + priv += params->hash_len + LMS_I_LEN; /* Get q for level from 64-bit composite. */ q32 = w64GetLow32(w64ShiftRight(q, (params->levels - 1 - i) * @@ -2110,7 +2749,7 @@ static int wc_hss_expand_private_key(LmsState* state, byte* priv, if (!skip) { /* Derive SEED and I into private key. */ - ret = wc_hss_derive_seed_i(state, priv_seed_i + LMS_SEED_LEN, + ret = wc_hss_derive_seed_i(state, priv_seed_i + params->hash_len, priv_seed_i, priv_q, priv + LMS_Q_LEN); } } @@ -2142,8 +2781,8 @@ static int wc_lms_next_subtree_init(LmsState* state, LmsPrivState* privState, priv_q = priv; priv += LMS_Q_LEN; priv_seed = curr + LMS_Q_LEN; - priv += LMS_SEED_LEN; - priv_i = curr + LMS_Q_LEN + LMS_SEED_LEN; + priv += params->hash_len; + priv_i = curr + LMS_Q_LEN + params->hash_len; priv += LMS_I_LEN; ato32(curr, &pq); @@ -2160,7 +2799,7 @@ static int wc_lms_next_subtree_init(LmsState* state, LmsPrivState* privState, if (ret == 0) { /* Update treehash for first leaf. */ ret = wc_lms_treehash_update(state, privState, - priv + LMS_Q_LEN + LMS_SEED_LEN, priv + LMS_Q_LEN, 0, q, 0, 0); + priv + LMS_Q_LEN + params->hash_len, priv + LMS_Q_LEN, 0, q, 0, 0); } return ret; @@ -2182,7 +2821,7 @@ static int wc_hss_next_subtree_inc(LmsState* state, HssPrivKey* priv_key, byte* priv = priv_key->next_priv; int i; w64wrapper p64 = q64; - byte tmp_priv[LMS_PRIV_LEN]; + byte tmp_priv[LMS_PRIV_LEN(LMS_MAX_NODE_LEN)]; int use_tmp = 0; int lastQMax = 0; w64wrapper p64_hi; @@ -2202,7 +2841,7 @@ static int wc_hss_next_subtree_inc(LmsState* state, HssPrivKey* priv_key, cp64_hi = w64ShiftRight(p64, (params->levels - i - 1) * params->height); cq64_hi = w64ShiftRight(q64, (params->levels - i - 1) * params->height); /* Get the q for the child. */ - ato32(curr + LMS_PRIV_LEN, &qc); + ato32(curr + LMS_PRIV_LEN(params->hash_len), &qc); /* Compare index of parent node with previous value. */ if (w64LT(p64_hi, q64_hi)) { @@ -2221,25 +2860,25 @@ static int wc_hss_next_subtree_inc(LmsState* state, HssPrivKey* priv_key, if (lastQMax) { /* Calculate new SEED and I based on new subtree. */ ret = wc_hss_derive_seed_i(state, - priv + LMS_Q_LEN + LMS_SEED_LEN, priv + LMS_Q_LEN, tmp_priv, - tmp_priv + LMS_Q_LEN); + priv + LMS_Q_LEN + params->hash_len, priv + LMS_Q_LEN, + tmp_priv, tmp_priv + LMS_Q_LEN); } else { /* Calculate new SEED and I based on parent. */ ret = wc_hss_derive_seed_i(state, - curr + LMS_Q_LEN + LMS_SEED_LEN, curr + LMS_Q_LEN, priv, + curr + LMS_Q_LEN + params->hash_len, curr + LMS_Q_LEN, priv, tmp_priv + LMS_Q_LEN); } /* Values not stored so note that they are in temporary. */ use_tmp = 1; /* Set the the q. */ - XMEMCPY(tmp_priv, curr + LMS_PRIV_LEN, LMS_Q_LEN); + XMEMCPY(tmp_priv, curr + LMS_PRIV_LEN(params->hash_len), LMS_Q_LEN); } lastQMax = (qc == ((word32)1 << params->height) - 1); - curr += LMS_PRIV_LEN; - priv += LMS_PRIV_LEN; + curr += LMS_PRIV_LEN(params->hash_len); + priv += LMS_PRIV_LEN(params->hash_len); p64_hi = cp64_hi; q64_hi = cq64_hi; } @@ -2261,18 +2900,18 @@ static int wc_hss_next_subtrees_init(LmsState* state, HssPrivKey* priv_key) byte* priv = priv_key->next_priv; int i; - XMEMCPY(priv, curr, LMS_PRIV_LEN); + XMEMCPY(priv, curr, LMS_PRIV_LEN(params->hash_len)); wc_lms_idx_inc(priv, LMS_Q_LEN); for (i = 1; (ret == 0) && (i < params->levels); i++) { word32 q; - ato32(curr + LMS_PRIV_LEN, &q); + ato32(curr + LMS_PRIV_LEN(params->hash_len), &q); ret = wc_lms_next_subtree_init(state, &priv_key->next_state[i - 1], curr, priv, q); - curr += LMS_PRIV_LEN; - priv += LMS_PRIV_LEN; + curr += LMS_PRIV_LEN(params->hash_len); + priv += LMS_PRIV_LEN(params->hash_len); } return ret; @@ -2292,14 +2931,15 @@ static int wc_hss_init_auth_path(LmsState* state, HssPrivKey* priv_key, { int ret = 0; int levels = state->params->levels; - byte* priv = priv_key->priv + LMS_PRIV_LEN * (levels - 1); + byte* priv = priv_key->priv + + LMS_PRIV_LEN(state->params->hash_len) * (levels - 1); int l; for (l = levels - 1; (ret == 0) && (l >= 0); l--) { word32 q; const byte* priv_q = priv; const byte* priv_seed = priv_q + LMS_Q_LEN; - const byte* priv_i = priv_seed + LMS_SEED_LEN; + const byte* priv_i = priv_seed + state->params->hash_len; /* Get current q for tree at level. */ ato32(priv_q, &q); @@ -2308,11 +2948,11 @@ static int wc_hss_init_auth_path(LmsState* state, HssPrivKey* priv_key, priv_seed, q); /* Move onto next level's data. */ - priv -= LMS_PRIV_LEN; + priv -= LMS_PRIV_LEN(state->params->hash_len); } if ((ret == 0) && (pub_root != NULL)) { - XMEMCPY(pub_root, priv_key->state[0].root, LMS_MAX_NODE_LEN); + XMEMCPY(pub_root, priv_key->state[0].root, state->params->hash_len); } return ret; @@ -2339,7 +2979,7 @@ static int wc_hss_update_auth_path(LmsState* state, HssPrivKey* priv_key, { const LmsParams* params = state->params; int ret = 0; - byte* priv = priv_key->priv + LMS_PRIV_LEN * (levels - 1); + byte* priv = priv_key->priv + LMS_PRIV_LEN(params->hash_len) * (levels - 1); int i; #ifndef WOLFSSL_LMS_NO_SIGN_SMOOTHING w64wrapper q64; @@ -2354,13 +2994,12 @@ static int wc_hss_update_auth_path(LmsState* state, HssPrivKey* priv_key, word32 q; const byte* priv_q = priv; const byte* priv_seed = priv_q + LMS_Q_LEN; - const byte* priv_i = priv_seed + LMS_SEED_LEN; + const byte* priv_i = priv_seed + params->hash_len; LmsPrivState* privState = &priv_key->state[i]; /* Get q for tree at level. */ ato32(priv_q, &q); #ifndef WOLFSSL_LMS_NO_SIGN_SMOOTHING - if ((levels > 1) && (i == levels - 1) && (q == 0)) { /* New sub-tree. */ ret = wc_hss_next_subtree_inc(state, priv_key, q64); @@ -2395,9 +3034,9 @@ static int wc_hss_update_auth_path(LmsState* state, HssPrivKey* priv_key, /* If different then copy in cached hash. */ if ((qa != qm1a) && (qa > maxq)) { int off = (1 << (params->height - h)) + (qa >> h) - 1; - XMEMCPY(privState->auth_path + h * LMS_MAX_NODE_LEN, - privState->root + off * LMS_MAX_NODE_LEN, - LMS_MAX_NODE_LEN); + XMEMCPY(privState->auth_path + h * params->hash_len, + privState->root + off * params->hash_len, + params->hash_len); } } /* Update the treehash and calculate the extra indices for @@ -2411,9 +3050,9 @@ static int wc_hss_update_auth_path(LmsState* state, HssPrivKey* priv_key, w64Increment(&tmp64); tmp64 = w64ShiftLeft(tmp64, 64 - (i * params->height)); if (!w64IsZero(tmp64)) { - priv_seed = priv_key->next_priv + i * LMS_PRIV_LEN + - LMS_Q_LEN; - priv_i = priv_seed + LMS_SEED_LEN; + priv_seed = priv_key->next_priv + + i * LMS_PRIV_LEN(params->hash_len) + LMS_Q_LEN; + priv_i = priv_seed + params->hash_len; privState = &priv_key->next_state[i - 1]; ret = wc_lms_treehash_update(state, privState, priv_i, @@ -2425,7 +3064,7 @@ static int wc_hss_update_auth_path(LmsState* state, HssPrivKey* priv_key, } /* Move onto next level's data. */ - priv -= LMS_PRIV_LEN; + priv -= LMS_PRIV_LEN(params->hash_len); } return ret; @@ -2442,21 +3081,21 @@ static int wc_hss_presign(LmsState* state, HssPrivKey* priv_key) int ret = 0; const LmsParams* params = state->params; byte* buffer = state->buffer; - byte pub[LMS_PUBKEY_LEN]; - byte* root = pub + LMS_PUBKEY_LEN - LMS_MAX_NODE_LEN; + byte pub[LMS_PUBKEY_LEN(LMS_MAX_NODE_LEN)]; + byte* root = pub + LMS_PUBKEY_LEN(LMS_MAX_NODE_LEN) - params->hash_len; byte* priv = priv_key->priv; int i; for (i = params->levels - 2; i >= 0; i--) { - const byte* p = priv + i * (LMS_Q_LEN + LMS_SEED_LEN + LMS_I_LEN); + const byte* p = priv + i * (LMS_Q_LEN + params->hash_len + LMS_I_LEN); const byte* priv_q = p; const byte* priv_seed = priv_q + LMS_Q_LEN; - const byte* priv_i = priv_seed + LMS_SEED_LEN; + const byte* priv_i = priv_seed + params->hash_len; /* ... || T(1) */ - XMEMCPY(root, priv_key->state[i + 1].root, LMS_MAX_NODE_LEN); + XMEMCPY(root, priv_key->state[i + 1].root, params->hash_len); /* u32str(type) || u32str(otstype) || I || T(1) */ - p = priv + (i + 1) * (LMS_Q_LEN + LMS_SEED_LEN + LMS_I_LEN); + p = priv + (i + 1) * (LMS_Q_LEN + params->hash_len + LMS_I_LEN); wc_lmots_public_key_encode(params, p, pub); /* Setup for hashing: I || Q || ... */ @@ -2464,8 +3103,9 @@ static int wc_hss_presign(LmsState* state, HssPrivKey* priv_key) XMEMCPY(buffer + LMS_I_LEN, priv_q, LMS_Q_LEN); /* LM-OTS Sign this level. */ - ret = wc_lmots_sign(state, priv_seed, pub, LMS_PUBKEY_LEN, - priv_key->y + i * LMS_PRIV_Y_TREE_LEN(params->p)); + ret = wc_lmots_sign(state, priv_seed, pub, + LMS_PUBKEY_LEN(params->hash_len), + priv_key->y + i * LMS_PRIV_Y_TREE_LEN(params->p, params->hash_len)); } return ret; @@ -2488,25 +3128,25 @@ static void wc_hss_priv_data_load(const LmsParams* params, HssPrivKey* key, /* Expanded private keys. */ key->priv = priv_data; - priv_data += LMS_PRIV_KEY_LEN(params->levels); + priv_data += LMS_PRIV_KEY_LEN(params->levels, params->hash_len); #ifndef WOLFSSL_WC_LMS_SMALL for (l = 0; l < params->levels; l++) { /* Caches for subtree. */ wc_lms_priv_state_load(params, &key->state[l], priv_data); priv_data += LMS_PRIV_STATE_LEN(params->height, params->rootLevels, - params->cacheBits); + params->cacheBits, params->hash_len); } #ifndef WOLFSSL_LMS_NO_SIGN_SMOOTHING /* Next subtree's expanded private keys. */ key->next_priv = priv_data; - priv_data += LMS_PRIV_KEY_LEN(params->levels); + priv_data += LMS_PRIV_KEY_LEN(params->levels, params->hash_len); for (l = 0; l < params->levels - 1; l++) { /* Next subtree's caches. */ wc_lms_priv_state_load(params, &key->next_state[l], priv_data); priv_data += LMS_PRIV_STATE_LEN(params->height, params->rootLevels, - params->cacheBits); + params->cacheBits, params->hash_len); } #endif /* WOLFSSL_LMS_NO_SIGN_SMOOTHING */ @@ -2532,22 +3172,22 @@ static void wc_hss_priv_data_store(const LmsParams* params, HssPrivKey* key, (void)key; /* Expanded private keys. */ - priv_data += LMS_PRIV_KEY_LEN(params->levels); + priv_data += LMS_PRIV_KEY_LEN(params->levels, params->hash_len); for (l = 0; l < params->levels; l++) { /* Caches for subtrees. */ wc_lms_priv_state_store(params, &key->state[l], priv_data); priv_data += LMS_PRIV_STATE_LEN(params->height, params->rootLevels, - params->cacheBits); + params->cacheBits, params->hash_len); } #ifndef WOLFSSL_LMS_NO_SIGN_SMOOTHING /* Next subtree's expanded private keys. */ - priv_data += LMS_PRIV_KEY_LEN(params->levels); + priv_data += LMS_PRIV_KEY_LEN(params->levels, params->hash_len); for (l = 0; l < params->levels - 1; l++) { /* Next subtree's caches. */ wc_lms_priv_state_store(params, &key->next_state[l], priv_data); priv_data += LMS_PRIV_STATE_LEN(params->height, params->rootLevels, - params->cacheBits); + params->cacheBits, params->hash_len); } #endif /* WOLFSSL_LMS_NO_SIGN_SMOOTHING */ @@ -2628,7 +3268,8 @@ int wc_hss_make_key(LmsState* state, WC_RNG* rng, byte* priv_raw, /* Set the LMS and LM-OTS types for each level. */ for (i = 0; i < params->levels; i++) { - p[i] = (params->lmsType << 4) + params->lmOtsType; + p[i] = ((params->lmsType & LMS_H_W_MASK) << 4) + + (params->lmOtsType & LMS_H_W_MASK); } /* Set rest of levels to an invalid value. */ for (; i < HSS_MAX_LEVELS; i++) { @@ -2637,7 +3278,7 @@ int wc_hss_make_key(LmsState* state, WC_RNG* rng, byte* priv_raw, p += HSS_PRIV_KEY_PARAM_SET_LEN; /* Make the private key. */ - ret = wc_lmots_make_private_key(rng, p); + ret = wc_lmots_make_private_key(rng, params->hash_len, p); if (ret == 0) { /* Set the levels into the public key data. */ @@ -2649,7 +3290,7 @@ int wc_hss_make_key(LmsState* state, WC_RNG* rng, byte* priv_raw, #ifdef WOLFSSL_WC_LMS_SMALL if (ret == 0) { byte* priv_seed = priv_key->priv + LMS_Q_LEN; - byte* priv_i = priv_seed + LMS_SEED_LEN; + byte* priv_i = priv_seed + params->hash_len; /* Compute the root of the highest tree to get the root for public key. */ @@ -2738,24 +3379,24 @@ int wc_hss_sign(LmsState* state, byte* priv_raw, HssPrivKey* priv_key, /* Build from bottom up. */ for (i = params->levels - 1; (ret == 0) && (i >= 0); i--) { - byte* p = priv + i * (LMS_Q_LEN + LMS_SEED_LEN + LMS_I_LEN); + byte* p = priv + i * (LMS_Q_LEN + params->hash_len + LMS_I_LEN); byte* root = NULL; /* Move to start of next signature at this level. */ - sig -= LMS_SIG_LEN(params->height, params->p); + sig -= LMS_SIG_LEN(params->height, params->p, params->hash_len); if (i != 0) { /* Put root node into signature at this index. */ - root = sig - LMS_MAX_NODE_LEN; + root = sig - params->hash_len; } /* Sign using LMS for this level. */ ret = wc_lms_sign(state, p, msg, msgSz, sig); if (ret == 0) { - byte* s = sig + LMS_Q_LEN + LMS_TYPE_LEN + LMS_MAX_NODE_LEN + - params->p * LMS_MAX_NODE_LEN + LMS_TYPE_LEN; + byte* s = sig + LMS_Q_LEN + LMS_TYPE_LEN + params->hash_len + + params->p * params->hash_len + LMS_TYPE_LEN; byte* priv_q = p; byte* priv_seed = priv_q + LMS_Q_LEN; - byte* priv_i = priv_seed + LMS_SEED_LEN; + byte* priv_i = priv_seed + params->hash_len; word32 q32; /* Get Q from private key as a number. */ @@ -2765,9 +3406,9 @@ int wc_hss_sign(LmsState* state, byte* priv_raw, HssPrivKey* priv_key, } if ((ret == 0) && (i != 0)) { /* Create public data for this level if there is another. */ - sig -= LMS_PUBKEY_LEN; + sig -= LMS_PUBKEY_LEN(params->hash_len); msg = sig; - msgSz = LMS_PUBKEY_LEN; + msgSz = LMS_PUBKEY_LEN(params->hash_len); wc_lmots_public_key_encode(params, p, sig); } } @@ -2835,7 +3476,7 @@ static int wc_hss_sign_build_sig(LmsState* state, byte* priv_raw, /* Build from bottom up. */ for (i = params->levels - 1; (ret == 0) && (i >= 0); i--) { - byte* p = priv + i * (LMS_Q_LEN + LMS_SEED_LEN + LMS_I_LEN); + byte* p = priv + i * (LMS_Q_LEN + params->hash_len + LMS_I_LEN); byte* root = NULL; #ifndef WOLFSSL_LMS_NO_SIG_CACHE int store_p = 0; @@ -2846,10 +3487,10 @@ static int wc_hss_sign_build_sig(LmsState* state, byte* priv_raw, #endif /* !WOLFSSL_LMS_NO_SIG_CACHE */ /* Move to start of next signature at this level. */ - sig -= LMS_SIG_LEN(params->height, params->p); + sig -= LMS_SIG_LEN(params->height, params->p, params->hash_len); if (i != 0) { /* Put root node into signature at this index. */ - root = sig - LMS_MAX_NODE_LEN; + root = sig - params->hash_len; } #ifndef WOLFSSL_LMS_NO_SIG_CACHE @@ -2857,7 +3498,7 @@ static int wc_hss_sign_build_sig(LmsState* state, byte* priv_raw, * can reuse. */ if ((i < params->levels - 1) && (q_32 == qm1_32)) { wc_lms_sig_copy(params, priv_key->y + - i * LMS_PRIV_Y_TREE_LEN(params->p), p, sig); + i * LMS_PRIV_Y_TREE_LEN(params->p, params->hash_len), p, sig); } else #endif /* !WOLFSSL_LMS_NO_SIG_CACHE */ @@ -2875,26 +3516,27 @@ static int wc_hss_sign_build_sig(LmsState* state, byte* priv_raw, /* Check if we computed new C and p hashes. */ if (store_p) { /* Cache the C and p hashes. */ - XMEMCPY(priv_key->y + i * LMS_PRIV_Y_TREE_LEN(params->p), s, - LMS_PRIV_Y_TREE_LEN(params->p)); + XMEMCPY(priv_key->y + + i * LMS_PRIV_Y_TREE_LEN(params->p, params->hash_len), s, + LMS_PRIV_Y_TREE_LEN(params->p, params->hash_len)); } #endif /* !WOLFSSL_LMS_NO_SIG_CACHE */ - s += LMS_MAX_NODE_LEN + params->p * LMS_MAX_NODE_LEN + + s += params->hash_len + params->p * params->hash_len + LMS_TYPE_LEN; /* Copy the authentication path out of the private key. */ XMEMCPY(s, priv_key->state[i].auth_path, - params->height * LMS_MAX_NODE_LEN); + params->height * params->hash_len); /* Copy the root node into signature unless at top. */ if (i != 0) { - XMEMCPY(root, priv_key->state[i].root, LMS_MAX_NODE_LEN); + XMEMCPY(root, priv_key->state[i].root, params->hash_len); } } if ((ret == 0) && (i != 0)) { /* Create public data for this level if there is another. */ - sig -= LMS_PUBKEY_LEN; + sig -= LMS_PUBKEY_LEN(params->hash_len); msg = sig; - msgSz = LMS_PUBKEY_LEN; + msgSz = LMS_PUBKEY_LEN(params->hash_len); wc_lmots_public_key_encode(params, p, sig); } } @@ -3070,14 +3712,15 @@ int wc_hss_verify(LmsState* state, const byte* pub, const byte* msg, for (i = 0; (ret == 0) && (i < nspk); i++) { /* Line 7: Get start of public key in signature. */ const byte* pubList = sig + LMS_Q_LEN + LMS_TYPE_LEN + - LMS_MAX_NODE_LEN + params->p * LMS_MAX_NODE_LEN + LMS_TYPE_LEN + - params->height * LMS_MAX_NODE_LEN; + params->hash_len + params->p * params->hash_len + LMS_TYPE_LEN + + params->height * params->hash_len; /* Line 8: Verify the LMS signature with public key as message. */ - ret = wc_lms_verify(state, key, pubList, LMS_PUBKEY_LEN, sig); + ret = wc_lms_verify(state, key, pubList, + LMS_PUBKEY_LEN(params->hash_len), sig); /* Line 10: Next key is from signature. */ key = pubList; /* Line 6: Move to start of next signature. */ - sig = pubList + LMS_PUBKEY_LEN; + sig = pubList + LMS_PUBKEY_LEN(params->hash_len); } } if (ret == 0) { diff --git a/src/wolfcrypt/src/wc_pkcs11.c b/src/wolfcrypt/src/wc_pkcs11.c index e248d8e..4a3b28a 100644 --- a/src/wolfcrypt/src/wc_pkcs11.c +++ b/src/wolfcrypt/src/wc_pkcs11.c @@ -1,6 +1,6 @@ /* wc_pkcs11.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -531,22 +531,36 @@ void wc_Pkcs11_Finalize(Pkcs11Dev* dev) static int Pkcs11Slot_FindByTokenName(Pkcs11Dev* dev, const char* tokenName, size_t tokenNameSz) { + int ret = -1; CK_RV rv; CK_ULONG slotCnt = 0; CK_TOKEN_INFO tinfo; - int slotId = -1; + int index = -1; + CK_SLOT_ID* slot = NULL; + rv = dev->func->C_GetSlotList(CK_TRUE, NULL, &slotCnt); if (rv == CKR_OK) { - for (slotId = 0; slotId < (int)slotCnt; slotId++) { - rv = dev->func->C_GetTokenInfo(slotId, &tinfo); + slot = (CK_SLOT_ID*)XMALLOC(slotCnt * sizeof(*slot), dev->heap, + DYNAMIC_TYPE_TMP_BUFFER); + if (slot == NULL) + goto out; + rv = dev->func->C_GetSlotList(CK_TRUE, slot, &slotCnt); + if (rv != CKR_OK) + goto out; + for (index = 0; index < (int)slotCnt; index++) { + rv = dev->func->C_GetTokenInfo(slot[index], &tinfo); PKCS11_RV("C_GetTokenInfo", rv); if (rv == CKR_OK && XMEMCMP(tinfo.label, tokenName, tokenNameSz) == 0) { - return slotId; + ret = (int)slot[index]; + break; } } } - return -1; + +out: + XFREE(slot, dev->heap, DYNAMIC_TYPE_TMP_BUFFER); + return ret; } /* lookup by slotId or tokenName */ @@ -613,9 +627,7 @@ static int Pkcs11Token_Init(Pkcs11Token* token, Pkcs11Dev* dev, int slotId, token->userPinLogin = 0; } - if (slot != NULL) { - XFREE(slot, dev->heap, DYNAMIC_TYPE_TMP_BUFFER); - } + XFREE(slot, dev->heap, DYNAMIC_TYPE_TMP_BUFFER); return ret; } @@ -645,7 +657,7 @@ int wc_Pkcs11Token_Init(Pkcs11Token* token, Pkcs11Dev* dev, int slotId, tokenNameSz = XSTRLEN(tokenName); } ret = Pkcs11Token_Init(token, dev, slotId, tokenName, tokenNameSz); - if (ret == 0) { + if (ret == 0 && userPin != NULL) { token->userPin = (CK_UTF8CHAR_PTR)userPin; token->userPinSz = (CK_ULONG)userPinSz; token->userPinLogin = 1; @@ -696,7 +708,7 @@ int wc_Pkcs11Token_InitName(Pkcs11Token* token, Pkcs11Dev* dev, const unsigned char* userPin, int userPinSz) { int ret = Pkcs11Token_Init(token, dev, -1, tokenName, (size_t)tokenNameSz); - if (ret == 0) { + if (ret == 0 && userPin != NULL) { token->userPin = (CK_UTF8CHAR_PTR)userPin; token->userPinSz = (CK_ULONG)userPinSz; token->userPinLogin = 1; @@ -947,7 +959,7 @@ static int Pkcs11CreateSecretKey(CK_OBJECT_HANDLE* key, Pkcs11Session* session, } #endif -#ifndef NO_RSA +#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) /** * Create a PKCS#11 object containing the RSA private key data. * @@ -1024,7 +1036,7 @@ static int Pkcs11CreateRsaPrivateKey(CK_OBJECT_HANDLE* privateKey, return ret; } -#endif +#endif /* !NO_RSA && WOLFSSL_KEY_GEN */ #ifdef HAVE_ECC /** @@ -1138,8 +1150,7 @@ static int Pkcs11CreateEccPublicKey(CK_OBJECT_HANDLE* publicKey, } } - if (ecPoint != NULL) - XFREE(ecPoint, public_key->heap, DYNAMIC_TYPE_ECC); + XFREE(ecPoint, public_key->heap, DYNAMIC_TYPE_ECC); return ret; } @@ -1380,7 +1391,7 @@ int wc_Pkcs11StoreKey(Pkcs11Token* token, int type, int clear, void* key) break; } #endif - #ifndef NO_RSA + #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) case PKCS11_KEY_TYPE_RSA: { RsaKey* rsaKey = (RsaKey*)key; @@ -1402,7 +1413,7 @@ int wc_Pkcs11StoreKey(Pkcs11Token* token, int type, int clear, void* key) #ifdef HAVE_ECC case PKCS11_KEY_TYPE_EC: { ecc_key* eccKey = (ecc_key*)key; - int ret2 = NOT_COMPILED_IN; + int ret2 = WC_NO_ERR_TRACE(NOT_COMPILED_IN); #ifndef NO_PKCS11_ECDH if ((eccKey->flags & WC_ECC_FLAG_DEC_SIGN) == 0) { @@ -1716,10 +1727,8 @@ static int Pkcs11GetRsaPublicKey(RsaKey* key, Pkcs11Session* session, if (ret == 0) ret = wc_RsaPublicKeyDecodeRaw(mod, modSz, exp, expSz, key); - if (exp != NULL) - XFREE(exp, key->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (mod != NULL) - XFREE(mod, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(exp, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(mod, key->heap, DYNAMIC_TYPE_TMP_BUFFER); return ret; } @@ -1774,7 +1783,12 @@ static int Pkcs11RsaPrivateKey(Pkcs11Session* session, RsaKey* rsaKey, int ret; if (sessionKey) { + #ifdef WOLFSSL_KEY_GEN ret = Pkcs11CreateRsaPrivateKey(privateKey, session, rsaKey, 0); + #else + /* RSA Key Generation support not compiled in */ + ret = NOT_COMPILED_IN; + #endif } else if (rsaKey->labelLen > 0) { ret = Pkcs11FindKeyByLabel(privateKey, CKO_PRIVATE_KEY, CKK_RSA, @@ -1795,6 +1809,84 @@ static int Pkcs11RsaPrivateKey(Pkcs11Session* session, RsaKey* rsaKey, return ret; } +/** + * Get the hash length associated with the WolfCrypt hash type. + * + * @param [in] hType Hash Type. + * @return -1 if hash type not recognized. + * @return hash length on success. + */ +int wc_hash2sz(int hType) +{ + switch(hType) { + case WC_HASH_TYPE_SHA: + return 20; + case WC_HASH_TYPE_SHA224: + return 24; + case WC_HASH_TYPE_SHA256: + return 32; + case WC_HASH_TYPE_SHA384: + return 48; + case WC_HASH_TYPE_SHA512: + return 64; + default: + /* unsupported WC_HASH_TYPE_XXXX */ + return -1; + } +} + +/** + * Get PKCS11 hash mechanism associated with the WolfCrypt hash type. + * + * @param [in] hType Hash Type. + * @return 0 if hash type not recognized. + * @return PKCS11 mechanism on success. + */ +CK_MECHANISM_TYPE wc_hash2ckm(int hType) +{ + switch(hType) { + case WC_HASH_TYPE_SHA: + return CKM_SHA_1; + case WC_HASH_TYPE_SHA224: + return CKM_SHA224; + case WC_HASH_TYPE_SHA256: + return CKM_SHA256; + case WC_HASH_TYPE_SHA384: + return CKM_SHA384; + case WC_HASH_TYPE_SHA512: + return CKM_SHA512; + default: + /* unsupported WC_HASH_TYPE_XXXX */ + return 0UL; + } +} + +/** + * Get PKCS11 MGF hash mechanism associated with the WolfCrypt MGF hash type. + * + * @param [in] mgf MGF Type. + * @return 0 if MGF type not recognized. + * @return PKCS11 MGF hash mechanism on success. + */ +CK_MECHANISM_TYPE wc_mgf2ckm(int mgf) +{ + switch(mgf) { + case WC_MGF1SHA1: + return CKG_MGF1_SHA1; + case WC_MGF1SHA224: + return CKG_MGF1_SHA224; + case WC_MGF1SHA256: + return CKG_MGF1_SHA256; + case WC_MGF1SHA384: + return CKG_MGF1_SHA384; + case WC_MGF1SHA512: + return CKG_MGF1_SHA512; + default: + /* unsupported WC_MGF1XXXX */ + return 0x0UL; + } +} + /** * Exponentiate the input with the public part of the RSA key. * Used in public encrypt and decrypt. @@ -1808,9 +1900,13 @@ static int Pkcs11RsaEncrypt(Pkcs11Session* session, wc_CryptoInfo* info, CK_OBJECT_HANDLE key) { int ret = 0; + CK_MECHANISM_TYPE mechanism = 0x0UL; CK_RV rv; CK_MECHANISM mech; CK_ULONG outLen; +#ifdef WOLF_CRYPTO_CB_RSA_PAD + CK_RSA_PKCS_OAEP_PARAMS oaepParams; +#endif WOLFSSL_MSG("PKCS#11: RSA Public Key Operation"); @@ -1818,12 +1914,37 @@ static int Pkcs11RsaEncrypt(Pkcs11Session* session, wc_CryptoInfo* info, ret = BAD_FUNC_ARG; } + switch(info->pk.type) { +#ifdef WOLF_CRYPTO_CB_RSA_PAD + case WC_PK_TYPE_RSA_PKCS: + mechanism = CKM_RSA_PKCS; + break; + case WC_PK_TYPE_RSA_OAEP: + mechanism = CKM_RSA_PKCS_OAEP; + break; +#endif + case WC_PK_TYPE_RSA: + mechanism = CKM_RSA_X_509; + break; + } + if (ret == 0) { /* Raw RSA encrypt/decrypt operation. */ - mech.mechanism = CKM_RSA_X_509; + mech.mechanism = mechanism; mech.ulParameterLen = 0; mech.pParameter = NULL; +#ifdef WOLF_CRYPTO_CB_RSA_PAD + if (mechanism == CKM_RSA_PKCS_OAEP) { + XMEMSET(&oaepParams, 0, sizeof(oaepParams)); + mech.ulParameterLen = sizeof(CK_RSA_PKCS_OAEP_PARAMS); + mech.pParameter = &oaepParams; + oaepParams.source = CKZ_DATA_SPECIFIED; + oaepParams.hashAlg = wc_hash2ckm(info->pk.rsa.padding->hash); + oaepParams.mgf = wc_mgf2ckm(info->pk.rsa.padding->mgf); + } +#endif + rv = session->func->C_EncryptInit(session->handle, &mech, key); PKCS11_RV("C_EncryptInit", rv); if (rv != CKR_OK) { @@ -1861,9 +1982,13 @@ static int Pkcs11RsaDecrypt(Pkcs11Session* session, wc_CryptoInfo* info, CK_OBJECT_HANDLE key) { int ret = 0; + CK_MECHANISM_TYPE mechanism = 0x0UL; CK_RV rv; CK_MECHANISM mech; CK_ULONG outLen; +#ifdef WOLF_CRYPTO_CB_RSA_PAD + CK_RSA_PKCS_OAEP_PARAMS oaepParams; +#endif WOLFSSL_MSG("PKCS#11: RSA Private Key Operation"); @@ -1871,12 +1996,37 @@ static int Pkcs11RsaDecrypt(Pkcs11Session* session, wc_CryptoInfo* info, ret = BAD_FUNC_ARG; } + switch(info->pk.type) { +#ifdef WOLF_CRYPTO_CB_RSA_PAD + case WC_PK_TYPE_RSA_PKCS: + mechanism = CKM_RSA_PKCS; + break; + case WC_PK_TYPE_RSA_OAEP: + mechanism = CKM_RSA_PKCS_OAEP; + break; +#endif + case WC_PK_TYPE_RSA: + mechanism = CKM_RSA_X_509; + break; + } + if (ret == 0) { /* Raw RSA encrypt/decrypt operation. */ - mech.mechanism = CKM_RSA_X_509; + mech.mechanism = mechanism; mech.ulParameterLen = 0; mech.pParameter = NULL; +#ifdef WOLF_CRYPTO_CB_RSA_PAD + if (mechanism == CKM_RSA_PKCS_OAEP) { + XMEMSET(&oaepParams, 0, sizeof(oaepParams)); + mech.ulParameterLen = sizeof(CK_RSA_PKCS_OAEP_PARAMS); + mech.pParameter = &oaepParams; + oaepParams.source = CKZ_DATA_SPECIFIED; + oaepParams.hashAlg = wc_hash2ckm(info->pk.rsa.padding->hash); + oaepParams.mgf = wc_mgf2ckm(info->pk.rsa.padding->mgf); + } +#endif + rv = session->func->C_DecryptInit(session->handle, &mech, key); PKCS11_RV("C_DecryptInit", rv); if (rv != CKR_OK) { @@ -1919,6 +2069,12 @@ static int Pkcs11RsaSign(Pkcs11Session* session, wc_CryptoInfo* info, CK_RV rv; CK_MECHANISM mech; CK_ULONG outLen; + CK_MECHANISM_TYPE mechanism; +#ifdef WOLF_CRYPTO_CB_RSA_PAD + CK_RSA_PKCS_PSS_PARAMS pssParams; + int hLen; + int saltLen; +#endif WOLFSSL_MSG("PKCS#11: RSA Private Key Operation"); @@ -1926,12 +2082,67 @@ static int Pkcs11RsaSign(Pkcs11Session* session, wc_CryptoInfo* info, ret = BAD_FUNC_ARG; } + switch(info->pk.type) { +#ifdef WOLF_CRYPTO_CB_RSA_PAD + case WC_PK_TYPE_RSA_PKCS: + mechanism = CKM_RSA_PKCS; + break; + case WC_PK_TYPE_RSA_PSS: + mechanism = CKM_RSA_PKCS_PSS; + break; +#endif /* WOLF_CRYPTO_CB_RSA_PAD */ + default: + mechanism = CKM_RSA_X_509; + break; + } + if (ret == 0) { /* Raw RSA encrypt/decrypt operation. */ - mech.mechanism = CKM_RSA_X_509; + mech.mechanism = mechanism; mech.ulParameterLen = 0; mech.pParameter = NULL; +#ifdef WOLF_CRYPTO_CB_RSA_PAD + if (mechanism == CKM_RSA_PKCS_PSS) { + mech.ulParameterLen = sizeof(CK_RSA_PKCS_PSS_PARAMS); + mech.pParameter = &pssParams; + pssParams.hashAlg = wc_hash2ckm(info->pk.rsa.padding->hash); + pssParams.mgf = wc_mgf2ckm(info->pk.rsa.padding->mgf); + + saltLen = info->pk.rsa.padding->saltLen; + hLen = wc_hash2sz(info->pk.rsa.padding->hash); + + /* Same salt length code as rsa.c */ + if (saltLen == RSA_PSS_SALT_LEN_DEFAULT) + saltLen = hLen; +#ifndef WOLFSSL_PSS_LONG_SALT + else if (saltLen > hLen) { + return PSS_SALTLEN_E; + } +#endif +#ifndef WOLFSSL_PSS_SALT_LEN_DISCOVER + else if (saltLen < RSA_PSS_SALT_LEN_DEFAULT) { + return PSS_SALTLEN_E; + } +#else + else if (saltLen == RSA_PSS_SALT_LEN_DISCOVER) { + saltLen = *(info->pk.rsa.outLen) - hLen - 2; + if (saltLen < 0) { + return PSS_SALTLEN_E; + } + } + else if (saltLen < RSA_PSS_SALT_LEN_DISCOVER) { + return PSS_SALTLEN_E; + } +#endif + if (*(info->pk.rsa.outLen) - hLen < (word32)(saltLen + 2)) { + return PSS_SALTLEN_E; + } + + pssParams.sLen = saltLen; + } +#endif /* WOLF_CRYPTO_CB_RSA_PAD */ + rv = session->func->C_SignInit(session->handle, &mech, key); PKCS11_RV("C_SignInit", rv); if (rv != CKR_OK) { @@ -1970,13 +2181,31 @@ static int Pkcs11Rsa(Pkcs11Session* session, wc_CryptoInfo* info) int ret = 0; CK_RV rv; CK_MECHANISM_INFO mechInfo; + CK_MECHANISM_TYPE mechanism = 0x0UL; int sessionKey = 0; CK_OBJECT_HANDLE key; RsaKey* rsaKey = info->pk.rsa.key; int type = info->pk.rsa.type; + switch(info->pk.type) { +#ifndef NO_PKCS11_RSA_PKCS + case WC_PK_TYPE_RSA_PKCS: + mechanism = CKM_RSA_PKCS; + break; + case WC_PK_TYPE_RSA_PSS: + mechanism = CKM_RSA_PKCS_PSS; + break; + case WC_PK_TYPE_RSA_OAEP: + mechanism = CKM_RSA_PKCS_OAEP; + break; +#endif /* NO_PKCS11_RSA_PKCS */ + case WC_PK_TYPE_RSA: + mechanism = CKM_RSA_X_509; + break; + } + /* Check operation is supported. */ - rv = session->func->C_GetMechanismInfo(session->slotId, CKM_RSA_X_509, + rv = session->func->C_GetMechanismInfo(session->slotId, mechanism, &mechInfo); PKCS11_RV("C_GetMechanismInfo", rv); if (rv != CKR_OK) { @@ -1996,7 +2225,8 @@ static int Pkcs11Rsa(Pkcs11Session* session, wc_CryptoInfo* info) /* Make a handle to a private key. */ ret = Pkcs11RsaPrivateKey(session, rsaKey, sessionKey, &key); } - + } + if (ret == 0) { if (type == RSA_PUBLIC_ENCRYPT) { WOLFSSL_MSG("PKCS#11: Public Encrypt"); if ((mechInfo.flags & CKF_ENCRYPT) != 0) { @@ -2008,7 +2238,7 @@ static int Pkcs11Rsa(Pkcs11Session* session, wc_CryptoInfo* info) } else if (type == RSA_PUBLIC_DECRYPT) { WOLFSSL_MSG("PKCS#11: Public Decrypt"); - if ((mechInfo.flags & CKF_DECRYPT) != 0) { + if ((mechInfo.flags & CKF_ENCRYPT) != 0) { ret = Pkcs11RsaEncrypt(session, info, key); } else { @@ -2216,8 +2446,7 @@ static int Pkcs11FindEccKey(CK_OBJECT_HANDLE* key, CK_OBJECT_CLASS keyClass, } } - if (ecPoint != NULL) - XFREE(ecPoint, eccKey->heap, DYNAMIC_TYPE_ECC); + XFREE(ecPoint, eccKey->heap, DYNAMIC_TYPE_ECC); return ret; } @@ -2300,8 +2529,7 @@ static int Pkcs11GetEccPublicKey(ecc_key* key, Pkcs11Session* session, key->type = ECC_PUBLICKEY; } - if (point != NULL) - XFREE(point, key->heap, DYNAMIC_TYPE_ECC); + XFREE(point, key->heap, DYNAMIC_TYPE_ECC); return ret; } @@ -2986,9 +3214,7 @@ static int wc_Pkcs11CheckPrivKey_Rsa(RsaKey* priv, wc_FreeRsaKey(pub); } #ifdef WOLFSSL_SMALL_STACK - if (pub != NULL) { - XFREE(pub, NULL, DYNAMIC_TYPE_RSA); - } + XFREE(pub, NULL, DYNAMIC_TYPE_RSA); #endif return ret; @@ -3133,9 +3359,7 @@ static int wc_Pkcs11CheckPrivKey_Ecc(ecc_key* priv, wc_ecc_free(pub); } #ifdef WOLFSSL_SMALL_STACK - if (pub != NULL) { - XFREE(pub, NULL, DYNAMIC_TYPE_ECC); - } + XFREE(pub, NULL, DYNAMIC_TYPE_ECC); #endif return ret; @@ -3774,6 +3998,11 @@ int wc_Pkcs11_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx) switch (info->pk.type) { #ifndef NO_RSA case WC_PK_TYPE_RSA: + #ifdef WOLF_CRYPTO_CB_RSA_PAD + case WC_PK_TYPE_RSA_PKCS: + case WC_PK_TYPE_RSA_PSS: + case WC_PK_TYPE_RSA_OAEP: + #endif ret = Pkcs11OpenSession(token, &session, readWrite); if (ret == 0) { ret = Pkcs11Rsa(&session, info); diff --git a/src/wolfcrypt/src/wc_port.c b/src/wolfcrypt/src/wc_port.c index 32ffb9e..7fe2d35 100644 --- a/src/wolfcrypt/src/wc_port.c +++ b/src/wolfcrypt/src/wc_port.c @@ -1,6 +1,6 @@ /* port.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -24,6 +24,10 @@ #include #endif +#ifdef __APPLE__ + #include +#endif + #include #include #include @@ -40,6 +44,13 @@ #include #endif +#if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD) + #include +#ifdef WOLF_CRYPTO_CB + #include +#endif +#endif + #ifdef WOLFSSL_PSOC6_CRYPTO #include #endif @@ -132,6 +143,13 @@ #include #endif +#if defined(WOLFSSL_ZEPHYR) +#if defined(CONFIG_BOARD_NATIVE_POSIX) +#include "native_rtc.h" +#define CONFIG_RTC +#endif +#endif + /* prevent multiple mutex initializations */ static volatile int initRefCount = 0; @@ -240,6 +258,22 @@ int wolfCrypt_Init(void) } #endif + /* Crypto Callbacks only works on AES for MAX32666/5 HW */ + #if defined(MAX3266X_AES) && defined(WOLF_CRYPTO_CB) + ret = wc_CryptoCb_RegisterDevice(WOLFSSL_MAX3266X_DEVID, wc_MxcCryptoCb, + NULL); + if(ret != 0) { + return ret; + } + #endif + #if defined(MAX3266X_RTC) + ret = wc_MXC_RTC_Init(); + if (ret != 0) { + WOLFSSL_MSG("MXC RTC Init Failed"); + return WC_HW_E; + } + #endif + #if defined(WOLFSSL_ATMEL) || defined(WOLFSSL_ATECC508A) || \ defined(WOLFSSL_ATECC608A) ret = atmel_init(); @@ -331,6 +365,13 @@ int wolfCrypt_Init(void) return ret; } #endif + #if defined(HAVE_OID_ENCODING) && (!defined(HAVE_FIPS) || \ + (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(6,0))) + if ((ret = wc_ecc_oid_cache_init()) != 0) { + WOLFSSL_MSG("Error creating ECC oid cache"); + return ret; + } + #endif #endif #ifdef WOLFSSL_SCE @@ -422,6 +463,10 @@ int wolfCrypt_Cleanup(void) #ifdef ECC_CACHE_CURVE wc_ecc_curve_cache_free(); #endif + #if defined(HAVE_OID_ENCODING) && (!defined(HAVE_FIPS) || \ + (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(6,0))) + wc_ecc_oid_cache_free(); + #endif #endif /* HAVE_ECC */ #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) @@ -1170,6 +1215,23 @@ int wc_strncasecmp(const char *s1, const char *s2, size_t n) } #endif /* USE_WOLF_STRNCASECMP */ +#ifdef USE_WOLF_STRDUP +char* wc_strdup_ex(const char *src, int memType) { + char *ret = NULL; + word32 len = 0; + + if (src) { + len = (word32)XSTRLEN(src) + 1; /* Add one for null terminator */ + ret = (char*)XMALLOC(len, NULL, memType); + if (ret != NULL) { + XMEMCPY(ret, src, len); + } + } + + return ret; +} +#endif + #ifdef WOLFSSL_ATOMIC_OPS #ifdef HAVE_C___ATOMIC @@ -1322,6 +1384,196 @@ int wolfSSL_CryptHwMutexUnLock(void) #endif /* WOLFSSL_CRYPT_HW_MUTEX */ +#if WOLFSSL_CRYPT_HW_MUTEX && defined(WOLFSSL_ALGO_HW_MUTEX) +/* Mutex for protection of cryptography hardware */ +#ifndef NO_RNG_MUTEX +static wolfSSL_Mutex wcCryptHwRngMutex \ + WOLFSSL_MUTEX_INITIALIZER_CLAUSE(wcCryptHwRngMutex); +#endif /* NO_RNG_MUTEX */ +#ifndef NO_AES_MUTEX +static wolfSSL_Mutex wcCryptHwAesMutex \ + WOLFSSL_MUTEX_INITIALIZER_CLAUSE(wcCryptHwAesMutex); +#endif /* NO_AES_MUTEX */ +#ifndef NO_HASH_MUTEX +static wolfSSL_Mutex wcCryptHwHashMutex \ + WOLFSSL_MUTEX_INITIALIZER_CLAUSE(wcCryptHwHashMutex); +#endif /* NO_HASH_MUTEX */ +#ifndef NO_PK_MUTEX +static wolfSSL_Mutex wcCryptHwPkMutex \ + WOLFSSL_MUTEX_INITIALIZER_CLAUSE(wcCryptHwPkMutex); +#endif /* NO_PK_MUTEX */ + +#ifndef WOLFSSL_MUTEX_INITIALIZER +#ifndef NO_RNG_MUTEX +static int wcCryptHwRngMutexInit = 0; +#endif /* NO_RNG_MUTEX */ +#ifndef NO_AES_MUTEX +static int wcCryptHwAesMutexInit = 0; +#endif /* NO_AES_MUTEX */ +#ifndef NO_HASH_MUTEX +static int wcCryptHwHashMutexInit = 0; +#endif /* NO_HASH_MUTEX */ +#ifndef NO_PK_MUTEX +static int wcCryptHwPkMutexInit = 0; +#endif /* NO_PK_MUTEX */ +#endif /* WOLFSSL_MUTEX_INITIALIZER */ + + +/* Allows ability to switch to different mutex based on enum type */ +/* hw_mutex_algo, expects the dereferenced Ptrs to be set to NULL */ +static int hwAlgoPtrSet(hw_mutex_algo hwAlgo, wolfSSL_Mutex** wcHwAlgoMutexPtr, + int** wcHwAlgoInitPtr) +{ + if (*wcHwAlgoMutexPtr != NULL || *wcHwAlgoInitPtr != NULL) { + return BAD_FUNC_ARG; + } + switch (hwAlgo) { + #ifndef NO_RNG_MUTEX + case rng_mutex: + *wcHwAlgoMutexPtr = &wcCryptHwRngMutex; + *wcHwAlgoInitPtr = &wcCryptHwRngMutexInit; + break; + #endif + #ifndef NO_AES_MUTEX + case aes_mutex: + *wcHwAlgoMutexPtr = &wcCryptHwAesMutex; + *wcHwAlgoInitPtr = &wcCryptHwAesMutexInit; + break; + #endif + #ifndef NO_HASH_MUTEX + case hash_mutex: + *wcHwAlgoMutexPtr = &wcCryptHwHashMutex; + *wcHwAlgoInitPtr = &wcCryptHwHashMutexInit; + break; + #endif + #ifndef NO_PK_MUTEX + case pk_mutex: + *wcHwAlgoMutexPtr = &wcCryptHwPkMutex; + *wcHwAlgoInitPtr = &wcCryptHwPkMutexInit; + break; + #endif + default: + return BAD_FUNC_ARG; + } + return 0; +} + +static int hwAlgoMutexInit(hw_mutex_algo hwAlgo) +{ + int ret = 0; +#ifndef WOLFSSL_MUTEX_INITIALIZER + wolfSSL_Mutex* wcHwAlgoMutexPtr = NULL; + int* wcHwAlgoInitPtr = NULL; + ret = hwAlgoPtrSet(hwAlgo, &wcHwAlgoMutexPtr, &wcHwAlgoInitPtr); + if (ret != 0) { + return ret; + } + if (*wcHwAlgoInitPtr == 0) { + ret = wc_InitMutex(wcHwAlgoMutexPtr); + if (ret == 0) { + *wcHwAlgoInitPtr = 1; + } + } +#endif + return ret; +} + +static int hwAlgoMutexLock(hw_mutex_algo hwAlgo) +{ + /* Make sure HW Mutex has been initialized */ + int ret = 0; + wolfSSL_Mutex* wcHwAlgoMutexPtr = NULL; + int* wcHwAlgoInitPtr = NULL; + ret = hwAlgoPtrSet(hwAlgo, &wcHwAlgoMutexPtr, &wcHwAlgoInitPtr); + if (ret != 0) { + return ret; + } + ret = hwAlgoMutexInit(hwAlgo); + if (ret == 0) { + ret = wc_LockMutex(wcHwAlgoMutexPtr); + } + return ret; +} + +static int hwAlgoMutexUnLock(hw_mutex_algo hwAlgo) +{ + wolfSSL_Mutex* wcHwAlgoMutexPtr = NULL; + int* wcHwAlgoInitPtr = NULL; + if (hwAlgoPtrSet(hwAlgo, &wcHwAlgoMutexPtr, &wcHwAlgoInitPtr) != 0) { + return BAD_FUNC_ARG; + } + if (*wcHwAlgoInitPtr) { + return wc_UnLockMutex(wcHwAlgoMutexPtr); + } + else { + return BAD_MUTEX_E; + } +} + +/* Wrap around generic hwAlgo* functions and use correct */ +/* global mutex to determine if it can be unlocked/locked */ +#ifndef NO_RNG_MUTEX +int wolfSSL_HwRngMutexInit(void) +{ + return hwAlgoMutexInit(rng_mutex); +} +int wolfSSL_HwRngMutexLock(void) +{ + return hwAlgoMutexLock(rng_mutex); +} +int wolfSSL_HwRngMutexUnLock(void) +{ + return hwAlgoMutexUnLock(rng_mutex); +} +#endif /* NO_RNG_MUTEX */ + +#ifndef NO_AES_MUTEX +int wolfSSL_HwAesMutexInit(void) +{ + return hwAlgoMutexInit(aes_mutex); +} +int wolfSSL_HwAesMutexLock(void) +{ + return hwAlgoMutexLock(aes_mutex); +} +int wolfSSL_HwAesMutexUnLock(void) +{ + return hwAlgoMutexUnLock(aes_mutex); +} +#endif /* NO_AES_MUTEX */ + +#ifndef NO_HASH_MUTEX +int wolfSSL_HwHashMutexInit(void) +{ + return hwAlgoMutexInit(hash_mutex); +} +int wolfSSL_HwHashMutexLock(void) +{ + return hwAlgoMutexLock(hash_mutex); +} +int wolfSSL_HwHashMutexUnLock(void) +{ + return hwAlgoMutexUnLock(hash_mutex); +} +#endif /* NO_HASH_MUTEX */ + +#ifndef NO_PK_MUTEX +int wolfSSL_HwPkMutexInit(void) +{ + return hwAlgoMutexInit(pk_mutex); +} +int wolfSSL_HwPkMutexLock(void) +{ + return hwAlgoMutexLock(pk_mutex); +} +int wolfSSL_HwPkMutexUnLock(void) +{ + return hwAlgoMutexUnLock(pk_mutex); +} +#endif /* NO_PK_MUTEX */ + +#endif /* WOLFSSL_CRYPT_HW_MUTEX && defined(WOLFSSL_ALGO_HW_MUTEX) */ + /* ---------------------------------------------------------------------------*/ /* Mutex Ports */ /* ---------------------------------------------------------------------------*/ @@ -3121,6 +3373,9 @@ time_t mqx_time(time_t* timer) #endif /* FREESCALE_MQX || FREESCALE_KSDK_MQX */ +#if defined(MAX3266X_RTC) + #define XTIME wc_MXC_RTC_Time +#endif #if defined(WOLFSSL_TIRTOS) && defined(USER_TIME) @@ -3173,6 +3428,21 @@ time_t z_time(time_t * timer) #if defined(CONFIG_RTC) && \ (defined(CONFIG_PICOLIBC) || defined(CONFIG_NEWLIB_LIBC)) + + #if defined(CONFIG_BOARD_NATIVE_POSIX) + + /* When using native sim, get time from simulator rtc */ + uint32_t nsec = 0; + uint64_t sec = 0; + native_rtc_gettime(RTC_CLOCK_PSEUDOHOSTREALTIME, &nsec, &sec); + + if (timer != NULL) + *timer = sec; + + return sec; + + #else + /* Try to obtain the actual time from an RTC */ static const struct device *rtc = DEVICE_DT_GET(DT_NODELABEL(rtc)); @@ -3191,6 +3461,7 @@ time_t z_time(time_t * timer) return epochTime; } } + #endif /* defined(CONFIG_BOARD_NATIVE_POSIX) */ #endif /* Fallback to uptime since boot. This works for relative times, but @@ -3353,6 +3624,7 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n) } #endif + /* custom memory wrappers */ #ifdef WOLFSSL_NUCLEUS_1_2 @@ -3774,20 +4046,25 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n) } #ifdef WOLFSSL_COND - #ifndef __MACH__ - /* Generic POSIX conditional */ + #if defined(__APPLE__) && MAC_OS_X_VERSION_MIN_REQUIRED >= 1060 \ + && !defined(__ppc__) + /* Apple style dispatch semaphore */ int wolfSSL_CondInit(COND_TYPE* cond) { if (cond == NULL) return BAD_FUNC_ARG; - if (pthread_mutex_init(&cond->mutex, NULL) != 0) + /* dispatch_release() fails hard, with Trace/BPT trap signal, if the + * sem's internal count is less than the value passed in with + * dispatch_semaphore_create(). work around this by initing + * with 0, then incrementing it afterwards. + */ + cond->cond = dispatch_semaphore_create(0); + if (cond->cond == NULL) return MEMORY_E; - if (pthread_cond_init(&cond->cond, NULL) != 0) { - /* Keep compilers happy that we are using the return code */ - if (pthread_mutex_destroy(&cond->mutex) != 0) - return MEMORY_E; + if (wc_InitMutex(&cond->mutex) != 0) { + dispatch_release(cond->cond); return MEMORY_E; } @@ -3796,18 +4073,17 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n) int wolfSSL_CondFree(COND_TYPE* cond) { - int ret = 0; - if (cond == NULL) return BAD_FUNC_ARG; - if (pthread_mutex_destroy(&cond->mutex) != 0) - ret = MEMORY_E; + dispatch_release(cond->cond); + cond->cond = NULL; - if (pthread_cond_destroy(&cond->cond) != 0) - ret = MEMORY_E; + if (wc_FreeMutex(&cond->mutex) != 0) { + return MEMORY_E; + } - return ret; + return 0; } int wolfSSL_CondStart(COND_TYPE* cond) @@ -3815,7 +4091,7 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n) if (cond == NULL) return BAD_FUNC_ARG; - if (pthread_mutex_lock(&cond->mutex) != 0) + if (wc_LockMutex(&cond->mutex) != 0) return BAD_MUTEX_E; return 0; @@ -3826,8 +4102,13 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n) if (cond == NULL) return BAD_FUNC_ARG; - if (pthread_cond_signal(&cond->cond) != 0) - return MEMORY_E; + if (wc_UnLockMutex(&cond->mutex) != 0) + return BAD_MUTEX_E; + + dispatch_semaphore_signal(cond->cond); + + if (wc_LockMutex(&cond->mutex) != 0) + return BAD_MUTEX_E; return 0; } @@ -3837,8 +4118,13 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n) if (cond == NULL) return BAD_FUNC_ARG; - if (pthread_cond_wait(&cond->cond, &cond->mutex) != 0) - return MEMORY_E; + if (wc_UnLockMutex(&cond->mutex) != 0) + return BAD_MUTEX_E; + + dispatch_semaphore_wait(cond->cond, DISPATCH_TIME_FOREVER); + + if (wc_LockMutex(&cond->mutex) != 0) + return BAD_MUTEX_E; return 0; } @@ -3848,29 +4134,26 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n) if (cond == NULL) return BAD_FUNC_ARG; - if (pthread_mutex_unlock(&cond->mutex) != 0) + if (wc_UnLockMutex(&cond->mutex) != 0) return BAD_MUTEX_E; return 0; } - #else /* __MACH__ */ - /* Apple style dispatch semaphore */ + + #else /* Generic POSIX conditional */ + int wolfSSL_CondInit(COND_TYPE* cond) { if (cond == NULL) return BAD_FUNC_ARG; - /* dispatch_release() fails hard, with Trace/BPT trap signal, if the - * sem's internal count is less than the value passed in with - * dispatch_semaphore_create(). work around this by initing - * with 0, then incrementing it afterwards. - */ - cond->cond = dispatch_semaphore_create(0); - if (cond->cond == NULL) + if (pthread_mutex_init(&cond->mutex, NULL) != 0) return MEMORY_E; - if (wc_InitMutex(&cond->mutex) != 0) { - dispatch_release(cond->cond); + if (pthread_cond_init(&cond->cond, NULL) != 0) { + /* Keep compilers happy that we are using the return code */ + if (pthread_mutex_destroy(&cond->mutex) != 0) + return MEMORY_E; return MEMORY_E; } @@ -3879,17 +4162,18 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n) int wolfSSL_CondFree(COND_TYPE* cond) { + int ret = 0; + if (cond == NULL) return BAD_FUNC_ARG; - dispatch_release(cond->cond); - cond->cond = NULL; + if (pthread_mutex_destroy(&cond->mutex) != 0) + ret = MEMORY_E; - if (wc_FreeMutex(&cond->mutex) != 0) { - return MEMORY_E; - } + if (pthread_cond_destroy(&cond->cond) != 0) + ret = MEMORY_E; - return 0; + return ret; } int wolfSSL_CondStart(COND_TYPE* cond) @@ -3897,7 +4181,7 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n) if (cond == NULL) return BAD_FUNC_ARG; - if (wc_LockMutex(&cond->mutex) != 0) + if (pthread_mutex_lock(&cond->mutex) != 0) return BAD_MUTEX_E; return 0; @@ -3908,13 +4192,8 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n) if (cond == NULL) return BAD_FUNC_ARG; - if (wc_UnLockMutex(&cond->mutex) != 0) - return BAD_MUTEX_E; - - dispatch_semaphore_signal(cond->cond); - - if (wc_LockMutex(&cond->mutex) != 0) - return BAD_MUTEX_E; + if (pthread_cond_signal(&cond->cond) != 0) + return MEMORY_E; return 0; } @@ -3924,13 +4203,8 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n) if (cond == NULL) return BAD_FUNC_ARG; - if (wc_UnLockMutex(&cond->mutex) != 0) - return BAD_MUTEX_E; - - dispatch_semaphore_wait(cond->cond, DISPATCH_TIME_FOREVER); - - if (wc_LockMutex(&cond->mutex) != 0) - return BAD_MUTEX_E; + if (pthread_cond_wait(&cond->cond, &cond->mutex) != 0) + return MEMORY_E; return 0; } @@ -3940,11 +4214,12 @@ char* mystrnstr(const char* s1, const char* s2, unsigned int n) if (cond == NULL) return BAD_FUNC_ARG; - if (wc_UnLockMutex(&cond->mutex) != 0) + if (pthread_mutex_unlock(&cond->mutex) != 0) return BAD_MUTEX_E; return 0; } + #endif /* __MACH__ */ #endif /* WOLFSSL_COND */ diff --git a/src/wolfcrypt/src/wc_xmss.c b/src/wolfcrypt/src/wc_xmss.c index 0e63722..5c016db 100644 --- a/src/wolfcrypt/src/wc_xmss.c +++ b/src/wolfcrypt/src/wc_xmss.c @@ -1,6 +1,6 @@ /* wc_xmss.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfcrypt/src/wc_xmss_impl.c b/src/wolfcrypt/src/wc_xmss_impl.c index b45bc59..80ca967 100644 --- a/src/wolfcrypt/src/wc_xmss_impl.c +++ b/src/wolfcrypt/src/wc_xmss_impl.c @@ -1,6 +1,6 @@ /* wc_xmss_impl.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfcrypt/src/wolfevent.c b/src/wolfcrypt/src/wolfevent.c index 4ed7b8f..bf155c1 100644 --- a/src/wolfcrypt/src/wolfevent.c +++ b/src/wolfcrypt/src/wolfevent.c @@ -1,6 +1,6 @@ /* wolfevent.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfcrypt/src/wolfmath.c b/src/wolfcrypt/src/wolfmath.c index df5f0f8..ce36b60 100644 --- a/src/wolfcrypt/src/wolfmath.c +++ b/src/wolfcrypt/src/wolfmath.c @@ -1,6 +1,6 @@ /* wolfmath.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -149,10 +149,10 @@ int mp_cond_copy(mp_int* a, int copy, mp_int* b) for (; i < b->used; i++) { b->dp[i] ^= (get_digit(a, (int)i) ^ get_digit(b, (int)i)) & mask; } - b->used ^= (a->used ^ b->used) & (unsigned int)mask; + b->used ^= (a->used ^ b->used) & (mp_size_t)mask; #if (!defined(WOLFSSL_SP_MATH) && !defined(WOLFSSL_SP_MATH_ALL)) || \ defined(WOLFSSL_SP_INT_NEGATIVE) - b->sign ^= (a->sign ^ b->sign) & (unsigned int)mask; + b->sign ^= (mp_sign_t)(a->sign ^ b->sign) & (mp_sign_t)mask; #endif } @@ -196,7 +196,7 @@ int mp_rand(mp_int* a, int digits, WC_RNG* rng) ret = BAD_FUNC_ARG; } if (ret == MP_OKAY) { - a->used = (word32)digits; + a->used = (mp_size_t)digits; } #endif /* fill the data with random bytes */ @@ -358,9 +358,7 @@ void wc_bigint_zero(WC_BIGINT* a) void wc_bigint_free(WC_BIGINT* a) { if (a) { - if (a->buf) { - XFREE(a->buf, a->heap, DYNAMIC_TYPE_WOLF_BIGINT); - } + XFREE(a->buf, a->heap, DYNAMIC_TYPE_WOLF_BIGINT); a->buf = NULL; a->len = 0; } diff --git a/src/wolfssl/bio.c b/src/wolfssl/bio.c index 340cbfd..ac4eb03 100644 --- a/src/wolfssl/bio.c +++ b/src/wolfssl/bio.c @@ -1,6 +1,6 @@ /* bio.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -24,10 +24,9 @@ #endif #include -#if defined(OPENSSL_EXTRA) && !defined(_WIN32) +#if defined(OPENSSL_EXTRA) && !defined(_WIN32) && !defined(_GNU_SOURCE) /* turn on GNU extensions for XVASPRINTF with wolfSSL_BIO_printf */ - #undef _GNU_SOURCE - #define _GNU_SOURCE + #define _GNU_SOURCE 1 #endif #if !defined(WOLFSSL_BIO_INCLUDED) @@ -161,7 +160,7 @@ static int wolfSSL_BIO_MEMORY_read(WOLFSSL_BIO* bio, void* buf, int len) bio->wrSz = 0; bio->mem_buf->length = 0; } - bio->ptr = bio->mem_buf->data; + bio->ptr.mem_buf_data = (byte *)bio->mem_buf->data; } else if (bio->rdIdx >= WOLFSSL_BIO_RESIZE_THRESHOLD && !(bio->flags & BIO_FLAGS_MEM_RDONLY)) { @@ -180,7 +179,7 @@ static int wolfSSL_BIO_MEMORY_read(WOLFSSL_BIO* bio, void* buf, int len) return WOLFSSL_BIO_ERROR; } bio->mem_buf->length = (size_t)bio->wrSz; - bio->ptr = bio->mem_buf->data; + bio->ptr.mem_buf_data = (byte *)bio->mem_buf->data; } } else { @@ -217,11 +216,11 @@ static int wolfSSL_BIO_SSL_read(WOLFSSL_BIO* bio, void* buf, return WOLFSSL_FATAL_ERROR; bio->flags &= ~(WOLFSSL_BIO_FLAG_RETRY); /* default no retry */ - ret = wolfSSL_read((WOLFSSL*)bio->ptr, buf, len); + ret = wolfSSL_read(bio->ptr.ssl, buf, len); if (ret == 0) front->eof = 1; else if (ret < 0) { - int err = wolfSSL_get_error((WOLFSSL*)bio->ptr, 0); + int err = wolfSSL_get_error(bio->ptr.ssl, 0); if ( !(err == WOLFSSL_ERROR_WANT_READ || err == WOLFSSL_ERROR_WANT_WRITE) ) { front->eof = 1; } @@ -235,15 +234,15 @@ static int wolfSSL_BIO_SSL_read(WOLFSSL_BIO* bio, void* buf, static int wolfSSL_BIO_MD_read(WOLFSSL_BIO* bio, void* buf, int sz) { - if (wolfSSL_EVP_MD_CTX_type((WOLFSSL_EVP_MD_CTX*)bio->ptr) == NID_hmac) { - if (wolfSSL_EVP_DigestSignUpdate((WOLFSSL_EVP_MD_CTX*)bio->ptr, buf, + if (wolfSSL_EVP_MD_CTX_type(bio->ptr.md_ctx) == NID_hmac) { + if (wolfSSL_EVP_DigestSignUpdate(bio->ptr.md_ctx, buf, (unsigned int)sz) != WOLFSSL_SUCCESS) { return WOLFSSL_FATAL_ERROR; } } else { - if (wolfSSL_EVP_DigestUpdate((WOLFSSL_EVP_MD_CTX*)bio->ptr, buf, (size_t)sz) + if (wolfSSL_EVP_DigestUpdate(bio->ptr.md_ctx, buf, (size_t)sz) != WOLFSSL_SUCCESS) { return WOLFSSL_FATAL_ERROR; } @@ -290,6 +289,9 @@ int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len) } while (bio != NULL && ret >= 0) { +#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS + int inhibit_flow_increment = 0; +#endif /* check for custom read */ if (bio->method && bio->method->readCb) { ret = bio->method->readCb(bio, (char*)buf, len); @@ -302,19 +304,22 @@ int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len) break; case WOLFSSL_BIO_BIO: /* read BIOs */ ret = wolfSSL_BIO_BIO_read(bio, buf, len); +#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS + inhibit_flow_increment = 1; +#endif break; case WOLFSSL_BIO_MEMORY: ret = wolfSSL_BIO_MEMORY_read(bio, buf, len); break; case WOLFSSL_BIO_FILE: #ifndef NO_FILESYSTEM - if (bio->ptr) { - ret = (int)XFREAD(buf, 1, (size_t)len, (XFILE)bio->ptr); + if (bio->ptr.fh) { + ret = (int)XFREAD(buf, 1, (size_t)len, bio->ptr.fh); } else { #if defined(XREAD) && !defined(NO_WOLFSSL_DIR) && \ !defined(WOLFSSL_NUCLEUS) && !defined(WOLFSSL_NUCLEUS_1_2) - ret = (int)XREAD(bio->num, buf, (size_t)len); + ret = (int)XREAD(bio->num.fd, buf, (size_t)len); #else WOLFSSL_MSG("No file pointer and XREAD not enabled"); ret = NOT_COMPILED_IN; @@ -345,14 +350,52 @@ int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len) #ifdef USE_WOLFSSL_IO /* BIO requires built-in socket support * (cannot be used with WOLFSSL_USER_IO) */ - ret = wolfIO_Recv(bio->num, (char*)buf, len, 0); + bio->flags &= ~WOLFSSL_BIO_FLAG_RETRY; + ret = wolfIO_Recv(bio->num.fd, (char*)buf, len, 0); + if (ret == WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_WANT_READ)) { + bio->flags |= WOLFSSL_BIO_FLAG_RETRY; + } + if (ret < 0) { + ret = WOLFSSL_BIO_ERROR; + } #else ret = NOT_COMPILED_IN; #endif break; + + case WOLFSSL_BIO_DGRAM: + #if defined(WOLFSSL_HAVE_BIO_ADDR) && defined(WOLFSSL_DTLS) && \ + defined(USE_WOLFSSL_IO) + /* BIO requires built-in socket support + * (cannot be used with WOLFSSL_USER_IO) */ + bio->flags &= ~WOLFSSL_BIO_FLAG_RETRY; + if (bio->connected) + ret = wolfIO_Recv(bio->num.fd, (char*)buf, len, 0); + else { + wolfSSL_BIO_ADDR_clear(&bio->peer_addr); + ret = wolfIO_RecvFrom(bio->num.fd, &bio->peer_addr, + (char*)buf, len, 0); + } + if (ret == WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_WANT_READ)) { + bio->flags |= WOLFSSL_BIO_FLAG_RETRY; + } + if (ret < 0) { + ret = WOLFSSL_BIO_ERROR; + } + #else + ret = NOT_COMPILED_IN; + #endif + break; + } /* switch */ } +#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS + if ((ret > 0) && (!inhibit_flow_increment)) { + bio->bytes_read += (word32)ret; + } +#endif + /* case where front of list is done */ if (bio == front) { break; /* at front of list so be done */ @@ -409,8 +452,9 @@ static int wolfSSL_BIO_BASE64_write(WOLFSSL_BIO* bio, const void* data, } } else { - if (Base64_Encode((const byte*)data, inLen, NULL, &sz) != - LENGTH_ONLY_E) { + if (Base64_Encode((const byte*)data, inLen, NULL, &sz) + != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) + { WOLFSSL_MSG("Error with base64 get length"); return WOLFSSL_FATAL_ERROR; } @@ -468,16 +512,16 @@ static int wolfSSL_BIO_SSL_write(WOLFSSL_BIO* bio, const void* data, WOLFSSL_ENTER("wolfSSL_BIO_SSL_write"); - if (bio->ptr == NULL) { + if (bio->ptr.ssl == NULL) { return BAD_FUNC_ARG; } bio->flags &= ~(WOLFSSL_BIO_FLAG_RETRY); /* default no retry */ - ret = wolfSSL_write((WOLFSSL*)bio->ptr, data, len); + ret = wolfSSL_write(bio->ptr.ssl, data, len); if (ret == 0) front->eof = 1; else if (ret < 0) { - int err = wolfSSL_get_error((WOLFSSL*)bio->ptr, 0); + int err = wolfSSL_get_error(bio->ptr.ssl, 0); if ( !(err == WOLFSSL_ERROR_WANT_READ || err == WOLFSSL_ERROR_WANT_WRITE) ) { front->eof = 1; } @@ -576,8 +620,8 @@ static int wolfSSL_BIO_MEMORY_write(WOLFSSL_BIO* bio, const void* data, } XMEMCPY(bio->mem_buf->data + bio->wrSz, data, len); - bio->ptr = bio->mem_buf->data; - bio->num = (int)bio->mem_buf->max; + bio->ptr.mem_buf_data = (byte *)bio->mem_buf->data; + bio->num.length = bio->mem_buf->max; bio->wrSz += len; bio->wrIdx += len; @@ -598,14 +642,14 @@ static int wolfSSL_BIO_MD_write(WOLFSSL_BIO* bio, const void* data, int len) return BAD_FUNC_ARG; } - if (wolfSSL_EVP_MD_CTX_type((WOLFSSL_EVP_MD_CTX*)bio->ptr) == NID_hmac) { - if (wolfSSL_EVP_DigestSignUpdate((WOLFSSL_EVP_MD_CTX*)bio->ptr, data, + if (wolfSSL_EVP_MD_CTX_type(bio->ptr.md_ctx) == NID_hmac) { + if (wolfSSL_EVP_DigestSignUpdate(bio->ptr.md_ctx, data, (unsigned int)len) != WOLFSSL_SUCCESS) { ret = WOLFSSL_BIO_ERROR; } } else { - if (wolfSSL_EVP_DigestUpdate((WOLFSSL_EVP_MD_CTX*)bio->ptr, data, (size_t)len) + if (wolfSSL_EVP_DigestUpdate(bio->ptr.md_ctx, data, (size_t)len) != WOLFSSL_SUCCESS) { ret = WOLFSSL_BIO_ERROR; } @@ -647,6 +691,9 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len) } while (bio != NULL && ret >= 0) { +#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS + int inhibit_flow_increment = 0; +#endif /* check for custom write */ if (bio->method && bio->method->writeCb) { ret = bio->method->writeCb(bio, (const char*)data, len); @@ -672,19 +719,22 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len) } case WOLFSSL_BIO_BIO: /* write bios */ ret = wolfSSL_BIO_BIO_write(bio, data, len); +#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS + inhibit_flow_increment = 1; +#endif break; case WOLFSSL_BIO_MEMORY: ret = wolfSSL_BIO_MEMORY_write(bio, data, len); break; case WOLFSSL_BIO_FILE: #ifndef NO_FILESYSTEM - if (bio->ptr) { - ret = (int)XFWRITE(data, 1, (size_t)len, (XFILE)bio->ptr); + if (bio->ptr.fh) { + ret = (int)XFWRITE(data, 1, (size_t)len, bio->ptr.fh); } else { #if defined(XWRITE) && !defined(NO_WOLFSSL_DIR) && \ !defined(WOLFSSL_NUCLEUS) && !defined(WOLFSSL_NUCLEUS_1_2) - ret = (int)XWRITE(bio->num, data, (size_t)len); + ret = (int)XWRITE(bio->num.fd, data, (size_t)len); #else WOLFSSL_MSG("No file pointer and XWRITE not enabled"); ret = NOT_COMPILED_IN; @@ -725,14 +775,50 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len) #ifdef USE_WOLFSSL_IO /* BIO requires built-in socket support * (cannot be used with WOLFSSL_USER_IO) */ - ret = wolfIO_Send(bio->num, (char*)data, len, 0); + bio->flags &= ~WOLFSSL_BIO_FLAG_RETRY; + ret = wolfIO_Send(bio->num.fd, (char*)data, len, 0); + if (ret == WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_WANT_WRITE)) { + bio->flags |= WOLFSSL_BIO_FLAG_RETRY; + } + if (ret < 0) { + ret = WOLFSSL_BIO_ERROR; + } #else ret = NOT_COMPILED_IN; #endif break; + + case WOLFSSL_BIO_DGRAM: + #if defined(WOLFSSL_HAVE_BIO_ADDR) && defined(WOLFSSL_DTLS) && \ + defined(USE_WOLFSSL_IO) + /* BIO requires built-in socket support + * (cannot be used with WOLFSSL_USER_IO) */ + bio->flags &= ~WOLFSSL_BIO_FLAG_RETRY; + if (bio->connected) + ret = wolfIO_Send(bio->num.fd, (char*)data, len, 0); + else if (bio->peer_addr.sa.sa_family == AF_UNSPEC) + ret = SOCKET_ERROR_E; + else + ret = wolfIO_SendTo(bio->num.fd, &bio->peer_addr, (char*)data, len, 0); + if (ret == WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_WANT_WRITE)) { + bio->flags |= WOLFSSL_BIO_FLAG_RETRY; + } + if (ret < 0) { + ret = WOLFSSL_BIO_ERROR; + } + #else + ret = NOT_COMPILED_IN; + #endif + break; + } /* switch */ } +#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS + if ((ret > 0) && (! inhibit_flow_increment)) + bio->bytes_written += (word32)ret; +#endif + /* advance to the next bio in list */ bio = bio->next; } @@ -748,7 +834,7 @@ int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len) (const char*)data, len, 0, ret); } - if (frmt != NULL) { + if (front != NULL) { XFREE(frmt, front->heap, DYNAMIC_TYPE_TMP_BUFFER); } @@ -793,6 +879,49 @@ long wolfSSL_BIO_ctrl(WOLFSSL_BIO *bio, int cmd, long larg, void *parg) case BIO_CTRL_RESET: ret = (long)wolfSSL_BIO_reset(bio); break; + +#ifdef WOLFSSL_HAVE_BIO_ADDR + case BIO_CTRL_DGRAM_CONNECT: + case BIO_CTRL_DGRAM_SET_PEER: + { + socklen_t addr_size; + if (parg == NULL) { + ret = WOLFSSL_FAILURE; + break; + } + addr_size = wolfSSL_BIO_ADDR_size((WOLFSSL_BIO_ADDR *)parg); + if (addr_size == 0) { + ret = WOLFSSL_FAILURE; + break; + } + XMEMCPY(&bio->peer_addr, parg, addr_size); + ret = WOLFSSL_SUCCESS; + break; + } + + case BIO_CTRL_DGRAM_SET_CONNECTED: + if (parg == NULL) { + wolfSSL_BIO_ADDR_clear(&bio->peer_addr); + bio->connected = 0; + } + else { + socklen_t addr_size = wolfSSL_BIO_ADDR_size((WOLFSSL_BIO_ADDR *)parg); + if (addr_size == 0) { + ret = WOLFSSL_FAILURE; + break; + } + XMEMCPY(&bio->peer_addr, parg, addr_size); + bio->connected = 1; + } + ret = WOLFSSL_SUCCESS; + break; + + case BIO_CTRL_DGRAM_QUERY_MTU: + ret = 0; /* not implemented */ + break; + +#endif /* WOLFSSL_HAVE_BIO_ADDR */ + default: WOLFSSL_MSG("CMD not yet implemented"); ret = WOLFSSL_FAILURE; @@ -826,8 +955,51 @@ int wolfSSL_BIO_up_ref(WOLFSSL_BIO* bio) return WOLFSSL_FAILURE; } + +#ifdef WOLFSSL_HAVE_BIO_ADDR +WOLFSSL_BIO_ADDR *wolfSSL_BIO_ADDR_new(void) { + WOLFSSL_BIO_ADDR *addr = + (WOLFSSL_BIO_ADDR *)XMALLOC(sizeof(*addr), NULL, DYNAMIC_TYPE_BIO); + if (addr) + addr->sa.sa_family = AF_UNSPEC; + return addr; +} + +void wolfSSL_BIO_ADDR_free(WOLFSSL_BIO_ADDR *addr) { + XFREE(addr, NULL, DYNAMIC_TYPE_BIO); +} + +void wolfSSL_BIO_ADDR_clear(WOLFSSL_BIO_ADDR *addr) { + if (addr == NULL) + return; + XMEMSET(addr, 0, sizeof(*addr)); + addr->sa.sa_family = AF_UNSPEC; +} + +socklen_t wolfSSL_BIO_ADDR_size(const WOLFSSL_BIO_ADDR *addr) { + switch (addr->sa.sa_family) { +#ifndef WOLFSSL_NO_BIO_ADDR_IN + case AF_INET: + return sizeof(addr->sa_in); +#endif +#ifdef WOLFSSL_IPV6 + case AF_INET6: + return sizeof(addr->sa_in6); #endif +#if defined(HAVE_SYS_UN_H) && !defined(WOLFSSL_NO_SOCKADDR_UN) + case AF_UNIX: + return sizeof(addr->sa_un); +#endif + default: + /* must return zero if length can't be determined, to avoid buffer + * overruns in callers. + */ + return 0; + } +} +#endif /* WOLFSSL_HAVE_BIO_ADDR */ +#endif /* OPENSSL_ALL || OPENSSL_EXTRA */ /* helper function for wolfSSL_BIO_gets * size till a newline is hit @@ -888,15 +1060,15 @@ int wolfSSL_BIO_gets(WOLFSSL_BIO* bio, char* buf, int sz) switch (bio->type) { #ifndef NO_FILESYSTEM case WOLFSSL_BIO_FILE: - if (((XFILE)bio->ptr) == XBADFILE) { + if (bio->ptr.fh == XBADFILE) { return WOLFSSL_BIO_ERROR; } #if defined(MICRIUM) || defined(LSR_FS) || defined(EBSNET) WOLFSSL_MSG("XFGETS not ported for this system yet"); - ret = XFGETS(buf, sz, (XFILE)bio->ptr); + ret = XFGETS(buf, sz, bio->ptr.fh); #else - if (XFGETS(buf, sz, (XFILE)bio->ptr) != NULL) { + if (XFGETS(buf, sz, bio->ptr.fh) != NULL) { ret = (int)XSTRLEN(buf); } else { @@ -972,13 +1144,13 @@ int wolfSSL_BIO_gets(WOLFSSL_BIO* bio, char* buf, int sz) #ifndef WOLFCRYPT_ONLY /* call final on hash */ case WOLFSSL_BIO_MD: - if (wolfSSL_EVP_MD_CTX_size((WOLFSSL_EVP_MD_CTX*)bio->ptr) > sz) { + if (wolfSSL_EVP_MD_CTX_size(bio->ptr.md_ctx) > sz) { WOLFSSL_MSG("Output buffer was too small for digest"); ret = WOLFSSL_FAILURE; } else { unsigned int szOut = 0; - ret = wolfSSL_EVP_DigestFinal((WOLFSSL_EVP_MD_CTX*)bio->ptr, + ret = wolfSSL_EVP_DigestFinal(bio->ptr.md_ctx, (unsigned char*)buf, &szOut); if (ret == WOLFSSL_SUCCESS) { ret = (int)szOut; @@ -1133,8 +1305,8 @@ size_t wolfSSL_BIO_ctrl_pending(WOLFSSL_BIO *bio) } #ifndef WOLFCRYPT_ONLY - if (bio->type == WOLFSSL_BIO_SSL && bio->ptr != NULL) { - return (long)wolfSSL_pending((WOLFSSL*)bio->ptr); + if (bio->type == WOLFSSL_BIO_SSL && bio->ptr.ssl != NULL) { + return (long)wolfSSL_pending(bio->ptr.ssl); } #endif @@ -1162,7 +1334,7 @@ size_t wolfSSL_BIO_ctrl_pending(WOLFSSL_BIO *bio) long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *bio, WOLFSSL_BUF_MEM **ptr) { WOLFSSL_BIO* front = bio; - long ret = WOLFSSL_FAILURE; + long ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); WOLFSSL_ENTER("wolfSSL_BIO_get_mem_ptr"); @@ -1188,7 +1360,10 @@ long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *bio, WOLFSSL_BUF_MEM **ptr) bio = bio->prev; } - return ret; + if (ret == WOLFSSL_SUCCESS) + return ret; + else + return WOLFSSL_FAILURE; } #ifdef OPENSSL_ALL @@ -1208,8 +1383,8 @@ long wolfSSL_BIO_get_mem_ptr(WOLFSSL_BIO *bio, WOLFSSL_BUF_MEM **ptr) bio->wrSz = (int)bio->mem_buf->length; bio->wrSzReset = bio->wrSz; - bio->num = (int)bio->mem_buf->max; - bio->ptr = bio->mem_buf->data; + bio->num.length = bio->mem_buf->max; + bio->ptr.mem_buf_data = (byte *)bio->mem_buf->data; bio->wrIdx = 0; bio->rdIdx = 0; @@ -1242,15 +1417,16 @@ int wolfSSL_BIO_set_write_buf_size(WOLFSSL_BIO *bio, long size) return WOLFSSL_FAILURE; } - if (bio->ptr != NULL) { - XFREE(bio->ptr, bio->heap, DYNAMIC_TYPE_OPENSSL); + if (bio->ptr.mem_buf_data != NULL) { + XFREE(bio->ptr.mem_buf_data, bio->heap, DYNAMIC_TYPE_OPENSSL); } - bio->ptr = (byte*)XMALLOC(size, bio->heap, DYNAMIC_TYPE_OPENSSL); - if (bio->ptr == NULL) { + bio->ptr.mem_buf_data = (byte*)XMALLOC(size, bio->heap, + DYNAMIC_TYPE_OPENSSL); + if (bio->ptr.mem_buf_data == NULL) { WOLFSSL_MSG("Memory allocation error"); bio->wrSz = 0; - bio->num = 0; + bio->num.length = 0; bio->wrIdx = 0; bio->rdIdx = 0; if (bio->mem_buf != NULL) { @@ -1261,13 +1437,13 @@ int wolfSSL_BIO_set_write_buf_size(WOLFSSL_BIO *bio, long size) return WOLFSSL_FAILURE; } bio->wrSz = (int)size; - bio->num = (int)size; + bio->num.length = size; bio->wrIdx = 0; bio->rdIdx = 0; if (bio->mem_buf != NULL) { - bio->mem_buf->data = (char*)bio->ptr; - bio->mem_buf->length = (size_t)bio->num; - bio->mem_buf->max = (size_t)bio->num; + bio->mem_buf->data = (char*)bio->ptr.mem_buf_data; + bio->mem_buf->length = bio->num.length; + bio->mem_buf->max = bio->num.length; } return WOLFSSL_SUCCESS; @@ -1295,12 +1471,12 @@ int wolfSSL_BIO_make_bio_pair(WOLFSSL_BIO *b1, WOLFSSL_BIO *b2) } /* set default write size if not already set */ - if (b1->ptr == NULL && wolfSSL_BIO_set_write_buf_size(b1, + if (b1->ptr.mem_buf_data == NULL && wolfSSL_BIO_set_write_buf_size(b1, WOLFSSL_BIO_SIZE) != WOLFSSL_SUCCESS) { return WOLFSSL_FAILURE; } - if (b2->ptr == NULL && wolfSSL_BIO_set_write_buf_size(b2, + if (b2->ptr.mem_buf_data == NULL && wolfSSL_BIO_set_write_buf_size(b2, WOLFSSL_BIO_SIZE) != WOLFSSL_SUCCESS) { return WOLFSSL_FAILURE; } @@ -1341,7 +1517,7 @@ int wolfSSL_BIO_nread0(WOLFSSL_BIO *bio, char **buf) WOLFSSL_BIO* pair = bio->pair; /* case where have wrapped around write buffer */ - *buf = (char*)pair->ptr + pair->rdIdx; + *buf = (char*)pair->ptr.mem_buf_data + pair->rdIdx; if (pair->wrIdx > 0 && pair->rdIdx >= pair->wrIdx) { return pair->wrSz - pair->rdIdx; } @@ -1373,7 +1549,7 @@ int wolfSSL_BIO_nread(WOLFSSL_BIO *bio, char **buf, int num) if (bio->pair != NULL) { /* special case if asking to read 0 bytes */ if (num == 0) { - *buf = (char*)bio->pair->ptr + bio->pair->rdIdx; + *buf = (char*)bio->pair->ptr.mem_buf_data + bio->pair->rdIdx; return 0; } @@ -1387,6 +1563,9 @@ int wolfSSL_BIO_nread(WOLFSSL_BIO *bio, char **buf, int num) sz = num; } bio->pair->rdIdx += sz; +#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS + bio->pair->bytes_read += (word32)sz; +#endif /* check if have read to the end of the buffer and need to reset */ if (bio->pair->rdIdx == bio->pair->wrSz) { @@ -1424,7 +1603,7 @@ int wolfSSL_BIO_nwrite(WOLFSSL_BIO *bio, char **buf, int num) if (bio->pair != NULL) { if (num == 0) { - *buf = (char*)bio->ptr + bio->wrIdx; + *buf = (char*)bio->ptr.mem_buf_data + bio->wrIdx; return 0; } @@ -1463,8 +1642,11 @@ int wolfSSL_BIO_nwrite(WOLFSSL_BIO *bio, char **buf, int num) if (num < sz) { sz = num; } - *buf = (char*)bio->ptr + bio->wrIdx; + *buf = (char*)bio->ptr.mem_buf_data + bio->wrIdx; bio->wrIdx += sz; +#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS + bio->bytes_written += (word32)sz; +#endif /* if at the end of the buffer and space for wrap around then set * write index back to 0 */ @@ -1476,6 +1658,37 @@ int wolfSSL_BIO_nwrite(WOLFSSL_BIO *bio, char **buf, int num) return sz; } +#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS +word64 wolfSSL_BIO_number_read(WOLFSSL_BIO *bio) +{ + word64 ret = 0; + if (bio == NULL) { + WOLFSSL_MSG("NULL argument passed in"); + return 0; + } + while (bio) { + ret += bio->bytes_read; + bio = bio->next; + } + + return ret; +} + +word64 wolfSSL_BIO_number_written(WOLFSSL_BIO *bio) +{ + word64 ret = 0; + if (bio == NULL) { + WOLFSSL_MSG("NULL argument passed in"); + return 0; + } + while (bio) { + ret += bio->bytes_written; + bio = bio->next; + } + + return ret; +} +#endif /* WOLFSSL_BIO_HAVE_FLOW_STATS */ /* Reset BIO to initial state */ int wolfSSL_BIO_reset(WOLFSSL_BIO *bio) @@ -1491,16 +1704,16 @@ int wolfSSL_BIO_reset(WOLFSSL_BIO *bio) switch (bio->type) { #ifndef NO_FILESYSTEM case WOLFSSL_BIO_FILE: - if (XFSEEK((XFILE)bio->ptr, 0, XSEEK_SET) != 0) + if (XFSEEK(bio->ptr.fh, 0, XSEEK_SET) != 0) return WOLFSSL_BIO_ERROR; else - return 0; + return WOLFSSL_SUCCESS; #endif case WOLFSSL_BIO_BIO: bio->rdIdx = 0; bio->wrIdx = 0; - return 0; + return WOLFSSL_SUCCESS; case WOLFSSL_BIO_MEMORY: bio->rdIdx = 0; @@ -1510,27 +1723,27 @@ int wolfSSL_BIO_reset(WOLFSSL_BIO *bio) } else { bio->wrSz = 0; - XFREE(bio->ptr, bio->heap, DYNAMIC_TYPE_OPENSSL); - bio->ptr = NULL; - bio->num = 0; + XFREE(bio->ptr.mem_buf_data, bio->heap, DYNAMIC_TYPE_OPENSSL); + bio->ptr.mem_buf_data = NULL; + bio->num.length = 0; if (bio->mem_buf != NULL) { bio->mem_buf->data = NULL; bio->mem_buf->length = 0; bio->mem_buf->max = 0; } } - return 0; + return WOLFSSL_SUCCESS; #ifndef WOLFCRYPT_ONLY case WOLFSSL_BIO_MD: - if (bio->ptr != NULL) { + if (bio->ptr.md_ctx != NULL) { const WOLFSSL_EVP_MD* md = - wolfSSL_EVP_MD_CTX_md((WOLFSSL_EVP_MD_CTX*)bio->ptr); - wolfSSL_EVP_MD_CTX_cleanup((WOLFSSL_EVP_MD_CTX*)bio->ptr); - wolfSSL_EVP_MD_CTX_init((WOLFSSL_EVP_MD_CTX*)bio->ptr); - wolfSSL_EVP_DigestInit((WOLFSSL_EVP_MD_CTX*)bio->ptr, md); + wolfSSL_EVP_MD_CTX_md(bio->ptr.md_ctx); + wolfSSL_EVP_MD_CTX_cleanup(bio->ptr.md_ctx); + wolfSSL_EVP_MD_CTX_init(bio->ptr.md_ctx); + wolfSSL_EVP_DigestInit(bio->ptr.md_ctx, md); } - return 0; + return WOLFSSL_SUCCESS; #endif /* WOLFCRYPT_ONLY */ default: @@ -1580,7 +1793,7 @@ long wolfSSL_BIO_set_fp(WOLFSSL_BIO *bio, XFILE fp, int c) } bio->shutdown = (byte)c; - bio->ptr = (XFILE)fp; + bio->ptr.fh = fp; return WOLFSSL_SUCCESS; } @@ -1598,7 +1811,7 @@ long wolfSSL_BIO_get_fp(WOLFSSL_BIO *bio, XFILE* fp) return WOLFSSL_FAILURE; } - *fp = (XFILE)bio->ptr; + *fp = bio->ptr.fh; return WOLFSSL_SUCCESS; } @@ -1613,8 +1826,8 @@ int wolfSSL_BIO_write_filename(WOLFSSL_BIO *bio, char *name) } if (bio->type == WOLFSSL_BIO_FILE) { - if (((XFILE)bio->ptr) != XBADFILE && bio->shutdown == BIO_CLOSE) { - XFCLOSE((XFILE)bio->ptr); + if (bio->ptr.fh != XBADFILE && bio->shutdown == BIO_CLOSE) { + XFCLOSE(bio->ptr.fh); } /* 'b' flag is ignored on POSIX targets, but on Windows it assures @@ -1622,8 +1835,8 @@ int wolfSSL_BIO_write_filename(WOLFSSL_BIO *bio, char *name) * between the size and contents of the representation in memory and on * disk. */ - bio->ptr = XFOPEN(name, "wb"); - if (((XFILE)bio->ptr) == XBADFILE) { + bio->ptr.fh = XFOPEN(name, "wb"); + if (bio->ptr.fh == XBADFILE) { return WOLFSSL_FAILURE; } bio->shutdown = BIO_CLOSE; @@ -1640,13 +1853,13 @@ int wolfSSL_BIO_seek(WOLFSSL_BIO *bio, int ofs) WOLFSSL_ENTER("wolfSSL_BIO_seek"); if (bio == NULL) { - return -1; + return WOLFSSL_FATAL_ERROR; } /* offset ofs from beginning of file */ if (bio->type == WOLFSSL_BIO_FILE && - XFSEEK((XFILE)bio->ptr, ofs, SEEK_SET) < 0) { - return -1; + XFSEEK(bio->ptr.fh, ofs, SEEK_SET) < 0) { + return WOLFSSL_FATAL_ERROR; } return 0; @@ -1663,16 +1876,16 @@ int wolfSSL_BIO_tell(WOLFSSL_BIO* bio) WOLFSSL_ENTER("wolfSSL_BIO_tell"); if (bio == NULL) { - return -1; + return WOLFSSL_FATAL_ERROR; } if (bio->type != WOLFSSL_BIO_FILE) { return 0; } - pos = (int)XFTELL((XFILE)bio->ptr); + pos = (int)XFTELL(bio->ptr.fh); if (pos < 0) - return -1; + return WOLFSSL_FATAL_ERROR; else return pos; } @@ -1799,15 +2012,16 @@ long wolfSSL_BIO_set_nbio(WOLFSSL_BIO* bio, long on) if (bio) { switch (bio->type) { case WOLFSSL_BIO_SOCKET: + case WOLFSSL_BIO_DGRAM: #ifdef XFCNTL { int ret; - int flag = XFCNTL(bio->num, F_GETFL, 0); + int flag = XFCNTL(bio->num.fd, F_GETFL, 0); if (on) { - ret = XFCNTL(bio->num, F_SETFL, flag | O_NONBLOCK); + ret = XFCNTL(bio->num.fd, F_SETFL, flag | O_NONBLOCK); } else { - ret = XFCNTL(bio->num, F_SETFL, flag & ~O_NONBLOCK); + ret = XFCNTL(bio->num.fd, F_SETFL, flag & ~O_NONBLOCK); } if (ret == -1) { @@ -1818,7 +2032,7 @@ long wolfSSL_BIO_set_nbio(WOLFSSL_BIO* bio, long on) break; case WOLFSSL_BIO_SSL: #ifdef WOLFSSL_DTLS - wolfSSL_dtls_set_using_nonblock((WOLFSSL*)bio->ptr, (int)on); + wolfSSL_dtls_set_using_nonblock(bio->ptr.ssl, (int)on); #endif break; @@ -1966,7 +2180,7 @@ int wolfSSL_BIO_get_mem_data(WOLFSSL_BIO* bio, void* p) } if (p) { - *(byte**)p = (byte*)mem_bio->ptr + mem_bio->rdIdx; + *(byte**)p = mem_bio->ptr.mem_buf_data + mem_bio->rdIdx; } return mem_bio->wrSz - mem_bio->rdIdx; @@ -1991,7 +2205,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) } else if (bio->type == WOLFSSL_BIO_FILE) { #if !defined(NO_FILESYSTEM) && defined(XFFLUSH) - if (XFFLUSH((FILE *)bio->ptr) != 0) + if (XFFLUSH(bio->ptr.fh) != 0) return WOLFSSL_FAILURE; #endif /* !NO_FILESYSTEM && XFFLUSH */ @@ -2015,14 +2229,17 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) /* return the context and initialize the BIO state */ int wolfSSL_BIO_get_md_ctx(WOLFSSL_BIO *bio, WOLFSSL_EVP_MD_CTX **mdcp) { - int ret = WOLFSSL_FAILURE; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); if ((bio != NULL) && (mdcp != NULL)) { - *mdcp = (WOLFSSL_EVP_MD_CTX*)bio->ptr; + *mdcp = bio->ptr.md_ctx; ret = WOLFSSL_SUCCESS; } - return ret; + if (ret == WOLFSSL_SUCCESS) + return ret; + else + return WOLFSSL_FAILURE; } WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_buffer(void) @@ -2110,11 +2327,39 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) if (bio) { bio->type = WOLFSSL_BIO_SOCKET; bio->shutdown = (byte)closeF; - bio->num = sfd; + bio->num.fd = (SOCKET_T)sfd; } return bio; } + +#if defined(WOLFSSL_HAVE_BIO_ADDR) && defined(WOLFSSL_DTLS) + WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_datagram(void) + { + static WOLFSSL_BIO_METHOD meth = + WOLFSSL_BIO_METHOD_INIT(WOLFSSL_BIO_DGRAM); + + WOLFSSL_ENTER("wolfSSL_BIO_s_datagram"); + + return &meth; + } + + + WOLFSSL_BIO* wolfSSL_BIO_new_dgram(int fd, int closeF) + { + WOLFSSL_BIO* bio = wolfSSL_BIO_new(wolfSSL_BIO_s_datagram()); + + WOLFSSL_ENTER("wolfSSL_BIO_new_dgram"); + if (bio) { + bio->type = WOLFSSL_BIO_DGRAM; + bio->shutdown = (byte)closeF; + bio->num.fd = (SOCKET_T)fd; + } + return bio; + } +#endif + + /** * Create new socket BIO object. This is a pure TCP connection with * no SSL or TLS protection. @@ -2231,7 +2476,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) return WOLFSSL_FAILURE; } - b->num = (int)sfd; + b->num.fd = sfd; b->shutdown = BIO_CLOSE; return WOLFSSL_SUCCESS; } @@ -2255,17 +2500,17 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) return WOLFSSL_FAILURE; } - if (b->num == WOLFSSL_BIO_ERROR) { + if (b->num.fd == SOCKET_INVALID) { if (wolfIO_TcpBind(&sfd, b->port) < 0) { WOLFSSL_MSG("wolfIO_TcpBind error"); return WOLFSSL_FAILURE; } - b->num = (int)sfd; + b->num.fd = sfd; b->shutdown = BIO_CLOSE; } else { WOLFSSL_BIO* new_bio; - int newfd = wolfIO_TcpAccept(b->num, NULL, NULL); + int newfd = wolfIO_TcpAccept(b->num.fd, NULL, NULL); if (newfd < 0) { WOLFSSL_MSG("wolfIO_TcpBind error"); return WOLFSSL_FAILURE; @@ -2322,8 +2567,8 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) WOLFSSL_MSG("Bad parameter"); return WOLFSSL_FAILURE; } - if (b->type == WOLFSSL_BIO_SSL && b->ptr != NULL) { - return wolfSSL_negotiate((WOLFSSL*)b->ptr); + if (b->type == WOLFSSL_BIO_SSL && b->ptr.ssl != NULL) { + return wolfSSL_negotiate(b->ptr.ssl); } else { WOLFSSL_MSG("Not SSL BIO or no SSL object set"); @@ -2348,12 +2593,12 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) return; } - if (b->ptr != NULL) { - int rc = wolfSSL_shutdown((WOLFSSL*)b->ptr); + if (b->ptr.ssl != NULL) { + int rc = wolfSSL_shutdown(b->ptr.ssl); if (rc == SSL_SHUTDOWN_NOT_DONE) { /* In this case, call again to give us a chance to read the * close notify alert from the other end. */ - wolfSSL_shutdown((WOLFSSL*)b->ptr); + wolfSSL_shutdown(b->ptr.ssl); } } else { @@ -2363,12 +2608,12 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) long wolfSSL_BIO_set_ssl(WOLFSSL_BIO* b, WOLFSSL* ssl, int closeF) { - long ret = WOLFSSL_FAILURE; + long ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); WOLFSSL_ENTER("wolfSSL_BIO_set_ssl"); if (b != NULL) { - b->ptr = ssl; + b->ptr.ssl = ssl; b->shutdown = (byte)closeF; if (b->next != NULL) wolfSSL_set_bio(ssl, b->next, b->next); @@ -2376,7 +2621,10 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) ret = WOLFSSL_SUCCESS; } - return ret; + if (ret == WOLFSSL_SUCCESS) + return ret; + else + return WOLFSSL_FAILURE; } long wolfSSL_BIO_get_ssl(WOLFSSL_BIO* bio, WOLFSSL** ssl) @@ -2396,7 +2644,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) return WOLFSSL_FAILURE; } - *ssl = (WOLFSSL*)bio->ptr; + *ssl = bio->ptr.ssl; return WOLFSSL_SUCCESS; } @@ -2540,7 +2788,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) WOLFSSL_ENTER("wolfSSL_BIO_set_fd"); if (b != NULL) { - b->num = fd; + b->num.fd = (SOCKET_T)fd; b->shutdown = (byte)closeF; } @@ -2584,7 +2832,14 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) bio->method = method; #endif bio->shutdown = BIO_CLOSE; /* default to close things */ - bio->num = WOLFSSL_BIO_ERROR; + + if ((bio->type == WOLFSSL_BIO_SOCKET) || + (bio->type == WOLFSSL_BIO_DGRAM)) + { + bio->num.fd = SOCKET_INVALID; + } else { + bio->num.length = 0; + } bio->init = 1; #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) @@ -2616,8 +2871,8 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) } if (method->type == WOLFSSL_BIO_MD) { - bio->ptr = wolfSSL_EVP_MD_CTX_new(); - if (bio->ptr == NULL) { + bio->ptr.md_ctx = wolfSSL_EVP_MD_CTX_new(); + if (bio->ptr.md_ctx == NULL) { WOLFSSL_MSG("Memory error"); wolfSSL_BIO_free(bio); return NULL; @@ -2656,11 +2911,11 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) return NULL; } - bio->num = (int)bio->mem_buf->max; + bio->num.length = bio->mem_buf->max; bio->wrSz = len; - bio->ptr = bio->mem_buf->data; - if (len > 0 && bio->ptr != NULL) { - XMEMCPY(bio->ptr, buf, len); + bio->ptr.mem_buf_data = (byte *)bio->mem_buf->data; + if (len > 0 && bio->ptr.mem_buf_data != NULL) { + XMEMCPY(bio->ptr.mem_buf_data, buf, len); bio->flags |= BIO_FLAGS_MEM_RDONLY; bio->wrSzReset = bio->wrSz; } @@ -2723,44 +2978,51 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) bio->pair->pair = NULL; } - if (bio->ip != NULL) { - XFREE(bio->ip, bio->heap, DYNAMIC_TYPE_OPENSSL); - } + XFREE(bio->ip, bio->heap, DYNAMIC_TYPE_OPENSSL); if (bio->shutdown) { - if (bio->type == WOLFSSL_BIO_SSL && bio->ptr) - wolfSSL_free((WOLFSSL*)bio->ptr); + if (bio->type == WOLFSSL_BIO_SSL && bio->ptr.ssl) + wolfSSL_free(bio->ptr.ssl); #ifdef CloseSocket - if ((bio->type == WOLFSSL_BIO_SOCKET) && (bio->num > 0)) - CloseSocket(bio->num); + if (((bio->type == WOLFSSL_BIO_SOCKET) || + (bio->type == WOLFSSL_BIO_DGRAM)) && + (bio->num.fd != SOCKET_INVALID)) + { + CloseSocket(bio->num.fd); + } #endif } #ifndef NO_FILESYSTEM if (bio->type == WOLFSSL_BIO_FILE && bio->shutdown == BIO_CLOSE) { - if (bio->ptr) { - XFCLOSE((XFILE)bio->ptr); + if (bio->ptr.fh) { + XFCLOSE(bio->ptr.fh); } #if !defined(USE_WINDOWS_API) && !defined(NO_WOLFSSL_DIR)\ && !defined(WOLFSSL_NUCLEUS) && !defined(WOLFSSL_NUCLEUS_1_2) - else if (bio->num != WOLFSSL_BIO_ERROR) { - XCLOSE(bio->num); + else if (bio->num.fd != SOCKET_INVALID) { + XCLOSE(bio->num.fd); } #endif } #endif if (bio->shutdown != BIO_NOCLOSE) { - if (bio->type == WOLFSSL_BIO_MEMORY && bio->ptr != NULL) { + if (bio->type == WOLFSSL_BIO_MEMORY && + bio->ptr.mem_buf_data != NULL) + { if (bio->mem_buf != NULL) { - if (bio->mem_buf->data != (char*)bio->ptr) { - XFREE(bio->ptr, bio->heap, DYNAMIC_TYPE_OPENSSL); - bio->ptr = NULL; + if ((byte *)bio->mem_buf->data != bio->ptr.mem_buf_data) + { + XFREE(bio->ptr.mem_buf_data, bio->heap, + DYNAMIC_TYPE_OPENSSL); + bio->ptr.mem_buf_data = NULL; } } else { - XFREE(bio->ptr, bio->heap, DYNAMIC_TYPE_OPENSSL); - bio->ptr = NULL; + XFREE(bio->ptr.mem_buf_data, bio->heap, + DYNAMIC_TYPE_OPENSSL); + bio->ptr.mem_buf_data = NULL; } } if (bio->mem_buf != NULL) { @@ -2770,7 +3032,7 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) } if (bio->type == WOLFSSL_BIO_MD) { - wolfSSL_EVP_MD_CTX_free((WOLFSSL_EVP_MD_CTX*)bio->ptr); + wolfSSL_EVP_MD_CTX_free(bio->ptr.md_ctx); } XFREE(bio, 0, DYNAMIC_TYPE_OPENSSL); @@ -2809,8 +3071,8 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio) } /* SSL BIO's should use the next object in the chain for IO */ - if (top->type == WOLFSSL_BIO_SSL && top->ptr) - wolfSSL_set_bio((WOLFSSL*)top->ptr, append, append); + if (top->type == WOLFSSL_BIO_SSL && top->ptr.ssl) + wolfSSL_set_bio(top->ptr.ssl, append, append); return top; } @@ -2914,9 +3176,11 @@ int wolfSSL_BIO_get_fd(WOLFSSL_BIO *bio, int* fd) WOLFSSL_ENTER("wolfSSL_BIO_get_fd"); if (bio != NULL) { + if (bio->num.fd == SOCKET_INVALID) + return WOLFSSL_BIO_ERROR; if (fd != NULL) - *fd = bio->num; - return bio->num; + *fd = (int)bio->num.fd; + return (int)bio->num.fd; } return WOLFSSL_BIO_ERROR; @@ -2991,10 +3255,10 @@ int wolfSSL_BIO_vprintf(WOLFSSL_BIO* bio, const char* format, va_list args) switch (bio->type) { #if !defined(NO_FILESYSTEM) case WOLFSSL_BIO_FILE: - if (bio->ptr == NULL) { - return -1; + if (bio->ptr.fh == XBADFILE) { + return WOLFSSL_FATAL_ERROR; } - ret = XVFPRINTF((XFILE)bio->ptr, format, args); + ret = XVFPRINTF(bio->ptr.fh, format, args); break; #endif @@ -3088,21 +3352,22 @@ int wolfSSL_BIO_dump(WOLFSSL_BIO *bio, const char *buf, int length) return wolfSSL_BIO_write(bio, "\tNULL", 5); } - XSPRINTF(line, "%04x - ", lineOffset); + (void)XSNPRINTF(line, sizeof(line), "%04x - ", lineOffset); o = 7; for (i = 0; i < BIO_DUMP_LINE_LEN; i++) { if (i < length) - XSPRINTF(line + o,"%02x ", (unsigned char)buf[i]); + (void)XSNPRINTF(line + o, (int)sizeof(line) - o, + "%02x ", (unsigned char)buf[i]); else - XSPRINTF(line + o, " "); + (void)XSNPRINTF(line + o, (int)sizeof(line) - o, " "); if (i == 7) - XSPRINTF(line + o + 2, "-"); + (void)XSNPRINTF(line + o + 2, (int)sizeof(line) - (o + 2), "-"); o += 3; } - XSPRINTF(line + o, " "); + (void)XSNPRINTF(line + o, (int)sizeof(line) - o, " "); o += 2; for (i = 0; (i < BIO_DUMP_LINE_LEN) && (i < length); i++) { - XSPRINTF(line + o, "%c", + (void)XSNPRINTF(line + o, (int)sizeof(line) - o, "%c", ((31 < buf[i]) && (buf[i] < 127)) ? buf[i] : '.'); o++; } diff --git a/src/wolfssl/callbacks.h b/src/wolfssl/callbacks.h index bf996fa..1010eca 100644 --- a/src/wolfssl/callbacks.h +++ b/src/wolfssl/callbacks.h @@ -1,6 +1,6 @@ /* callbacks.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/crl.h b/src/wolfssl/crl.h index 4b4dcc2..5e5205e 100644 --- a/src/wolfssl/crl.h +++ b/src/wolfssl/crl.h @@ -1,6 +1,6 @@ /* crl.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/error-ssl.h b/src/wolfssl/error-ssl.h index 724d7de..3130780 100644 --- a/src/wolfssl/error-ssl.h +++ b/src/wolfssl/error-ssl.h @@ -1,6 +1,6 @@ /* error-ssl.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -35,6 +35,19 @@ #endif enum wolfSSL_ErrorCodes { + WOLFSSL_FATAL_ERROR = -1, /* must be -1 for backward compat. */ + + /* negative counterparts to namesake positive constants in ssl.h */ + WOLFSSL_ERROR_WANT_READ_E = -2, + WOLFSSL_ERROR_WANT_WRITE_E = -3, + WOLFSSL_ERROR_WANT_X509_LOOKUP_E = -4, + WOLFSSL_ERROR_SYSCALL_E = -5, + WOLFSSL_ERROR_ZERO_RETURN_E = -6, + WOLFSSL_ERROR_WANT_CONNECT_E = -7, + WOLFSSL_ERROR_WANT_ACCEPT_E = -8, + + WOLFSSL_FIRST_E = -301, /* start of native TLS codes */ + INPUT_CASE_ERROR = -301, /* process input state error */ PREFIX_ERROR = -302, /* bad index to key rounds */ MEMORY_ERROR = -303, /* out of memory */ @@ -79,12 +92,14 @@ enum wolfSSL_ErrorCodes { ZERO_RETURN = -343, /* peer sent close notify */ SIDE_ERROR = -344, /* wrong client/server type */ NO_PEER_CERT = -345, /* peer didn't send key */ + ECC_CURVETYPE_ERROR = -350, /* Bad ECC Curve Type */ ECC_CURVE_ERROR = -351, /* Bad ECC Curve */ ECC_PEERKEY_ERROR = -352, /* Bad Peer ECC Key */ ECC_MAKEKEY_ERROR = -353, /* Bad Make ECC Key */ ECC_EXPORT_ERROR = -354, /* Bad ECC Export Key */ ECC_SHARED_ERROR = -355, /* Bad ECC Shared Secret */ + NOT_CA_ERROR = -357, /* Not a CA cert error */ BAD_CERT_MANAGER_ERROR = -359, /* Bad Cert Manager */ @@ -100,7 +115,7 @@ enum wolfSSL_ErrorCodes { COOKIE_ERROR = -369, /* dtls cookie error */ SEQUENCE_ERROR = -370, /* dtls sequence error */ SUITES_ERROR = -371, /* suites pointer error */ - + MAX_CERT_EXTENSIONS_ERR = -372, /* max cert extension exceeded */ OUT_OF_ORDER_E = -373, /* out of order message */ BAD_KEA_TYPE_E = -374, /* bad KEA type found */ SANITY_CIPHER_E = -375, /* sanity check on cipher error */ @@ -185,24 +200,40 @@ enum wolfSSL_ErrorCodes { DTLS_CID_ERROR = -454, /* Wrong or missing CID */ DTLS_TOO_MANY_FRAGMENTS_E = -455, /* Received too many fragments */ QUIC_WRONG_ENC_LEVEL = -456, /* QUIC data received on wrong encryption level */ - DUPLICATE_TLS_EXT_E = -457, /* Duplicate TLS extension in msg. */ - /* add strings to wolfSSL_ERR_reason_error_string in internal.c !!!!! */ - /* begin negotiation parameter errors */ + /* legacy CyaSSL compat layer error codes */ + WOLFSSL_ALPN_NOT_FOUND = -458, /* TLS extension not found */ + WOLFSSL_BAD_CERTTYPE = -459, /* Certificate type not supported */ + WOLFSSL_BAD_STAT = -460, /* not used */ + WOLFSSL_BAD_PATH = -461, /* No certificates found at designated path */ + WOLFSSL_BAD_FILETYPE = -462, /* Data format not supported */ + WOLFSSL_BAD_FILE = -463, /* Input/output error on file */ + WOLFSSL_NOT_IMPLEMENTED = -464, /* Function not implemented */ + WOLFSSL_UNKNOWN = -465, /* Unknown algorithm (EVP) */ + + /* negotiation parameter errors */ UNSUPPORTED_SUITE = -500, /* unsupported cipher suite */ MATCH_SUITE_ERROR = -501, /* can't match cipher suite */ COMPRESSION_ERROR = -502, /* compression mismatch */ KEY_SHARE_ERROR = -503, /* key share mismatch */ POST_HAND_AUTH_ERROR = -504, /* client won't do post-hand auth */ HRR_COOKIE_ERROR = -505, /* HRR msg cookie mismatch */ - UNSUPPORTED_CERTIFICATE = -506 /* unsupported certificate type */ - /* end negotiation parameter errors only 10 for now */ - /* add strings to wolfSSL_ERR_reason_error_string in internal.c !!!!! */ + UNSUPPORTED_CERTIFICATE = -506, /* unsupported certificate type */ - /* no error strings go down here, add above negotiation errors !!!! */ + WOLFSSL_LAST_E = -506 }; +/* I/O Callback default errors */ +enum IOerrors { + WOLFSSL_CBIO_ERR_GENERAL = -1, /* general unexpected err */ + WOLFSSL_CBIO_ERR_WANT_READ = -2, /* need to call read again */ + WOLFSSL_CBIO_ERR_WANT_WRITE = -2, /* need to call write again */ + WOLFSSL_CBIO_ERR_CONN_RST = -3, /* connection reset */ + WOLFSSL_CBIO_ERR_ISR = -4, /* interrupt */ + WOLFSSL_CBIO_ERR_CONN_CLOSE = -5, /* connection closed or epipe */ + WOLFSSL_CBIO_ERR_TIMEOUT = -6 /* socket timeout */ +}; #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA) enum { @@ -215,7 +246,9 @@ enum wolfSSL_ErrorCodes { WOLFSSL_LOCAL void SetErrorString(int err, char* buff); -#ifdef WOLFSSL_DEBUG_TRACE_ERROR_CODES +#if defined(WOLFSSL_DEBUG_TRACE_ERROR_CODES) && \ + (defined(BUILDING_WOLFSSL) || \ + defined(WOLFSSL_DEBUG_TRACE_ERROR_CODES_ALWAYS)) #include #endif diff --git a/src/wolfssl/evp.c b/src/wolfssl/evp.c index 42949fc..808aa04 100644 --- a/src/wolfssl/evp.c +++ b/src/wolfssl/evp.c @@ -1,6 +1,6 @@ /* evp.c * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -283,6 +283,40 @@ static const struct s_ent { static const char EVP_NULL[] = "NULL"; +static const struct pkey_type_name_ent { + int type; + const char *name; +} pkey_type_names[] = { + { EVP_PKEY_RSA, "RSA" }, + { EVP_PKEY_EC, "EC" }, + { EVP_PKEY_DH, "DH" }, + { EVP_PKEY_DSA, "DSA" } +}; + +static int pkey_type_by_name(const char *name) { + unsigned int i; + if (name == NULL) + return EVP_PKEY_NONE; + for (i = 0; i < XELEM_CNT(pkey_type_names); ++i) { + if (XSTRCMP(name, pkey_type_names[i].name) == 0) + return pkey_type_names[i].type; + } + return EVP_PKEY_NONE; +} + +int wolfSSL_EVP_PKEY_is_a(const WOLFSSL_EVP_PKEY *pkey, const char *name) { + int type; + + if (pkey == NULL) + return WOLFSSL_FAILURE; + + type = pkey_type_by_name(name); + if (type == EVP_PKEY_NONE) + return WOLFSSL_FAILURE; + + return (pkey->type == type) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE; +} + #define EVP_CIPHER_TYPE_MATCHES(x, y) (XSTRCMP(x,y) == 0) #define EVP_PKEY_PRINT_LINE_WIDTH_MAX 80 @@ -364,6 +398,9 @@ int wolfSSL_EVP_Cipher_key_length(const WOLFSSL_EVP_CIPHER* c) case DES_ECB_TYPE: return 8; case DES_EDE3_ECB_TYPE: return 24; #endif + #ifndef NO_RC4 + case ARC4_TYPE: return 16; + #endif #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) case CHACHA20_POLY1305_TYPE: return 32; #endif @@ -452,7 +489,7 @@ void wolfSSL_EVP_CIPHER_CTX_free(WOLFSSL_EVP_CIPHER_CTX *ctx) int wolfSSL_EVP_CIPHER_CTX_reset(WOLFSSL_EVP_CIPHER_CTX *ctx) { - int ret = WOLFSSL_FAILURE; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); if (ctx != NULL) { WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_reset"); @@ -1688,7 +1725,7 @@ int wolfSSL_EVP_DecryptFinal_legacy(WOLFSSL_EVP_CIPHER_CTX *ctx, { int fl; if (ctx == NULL || out == NULL || outl == NULL) - return BAD_FUNC_ARG; + return WOLFSSL_FAILURE; WOLFSSL_ENTER("wolfSSL_EVP_DecryptFinal_legacy"); if (ctx->block_size == 1) { @@ -1727,7 +1764,7 @@ int wolfSSL_EVP_DecryptFinal_legacy(WOLFSSL_EVP_CIPHER_CTX *ctx, int wolfSSL_EVP_CIPHER_CTX_block_size(const WOLFSSL_EVP_CIPHER_CTX *ctx) { - if (ctx == NULL) return BAD_FUNC_ARG; + if (ctx == NULL) return WOLFSSL_FAILURE; switch (ctx->cipherType) { #if !defined(NO_AES) || !defined(NO_DES3) || defined(WOLFSSL_SM4) #if !defined(NO_AES) @@ -2009,7 +2046,7 @@ static unsigned int cipherType(const WOLFSSL_EVP_CIPHER *cipher) int wolfSSL_EVP_CIPHER_block_size(const WOLFSSL_EVP_CIPHER *cipher) { if (cipher == NULL) - return BAD_FUNC_ARG; + return WOLFSSL_FAILURE; switch (cipherType(cipher)) { #if !defined(NO_AES) @@ -2269,7 +2306,7 @@ int wolfSSL_EVP_CIPHER_CTX_set_padding(WOLFSSL_EVP_CIPHER_CTX *ctx, int padding) { if (ctx == NULL) - return BAD_FUNC_ARG; + return WOLFSSL_FAILURE; if (padding) { ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_NO_PADDING; } @@ -2281,9 +2318,10 @@ int wolfSSL_EVP_CIPHER_CTX_set_padding(WOLFSSL_EVP_CIPHER_CTX *ctx, int wolfSSL_EVP_add_digest(const WOLFSSL_EVP_MD *digest) { - (void)digest; /* nothing to do */ - return 0; + if (digest == NULL) + return WOLFSSL_FAILURE; + return WOLFSSL_SUCCESS; } @@ -2679,9 +2717,7 @@ int wolfSSL_EVP_PKEY_CTX_set1_hkdf_salt(WOLFSSL_EVP_PKEY_CTX* ctx, } if (ret == WOLFSSL_SUCCESS && salt != NULL && saltSz > 0) { - if (ctx->pkey->hkdfSalt != NULL) { - XFREE(ctx->pkey->hkdfSalt, NULL, DYNAMIC_TYPE_SALT); - } + XFREE(ctx->pkey->hkdfSalt, NULL, DYNAMIC_TYPE_SALT); ctx->pkey->hkdfSalt = (byte*)XMALLOC((size_t)saltSz, NULL, DYNAMIC_TYPE_SALT); if (ctx->pkey->hkdfSalt == NULL) { @@ -2716,9 +2752,7 @@ int wolfSSL_EVP_PKEY_CTX_set1_hkdf_key(WOLFSSL_EVP_PKEY_CTX* ctx, } if (ret == WOLFSSL_SUCCESS) { - if (ctx->pkey->hkdfKey != NULL) { - XFREE(ctx->pkey->hkdfKey, NULL, DYNAMIC_TYPE_KEY); - } + XFREE(ctx->pkey->hkdfKey, NULL, DYNAMIC_TYPE_KEY); ctx->pkey->hkdfKey = (byte*)XMALLOC((size_t)keySz, NULL, DYNAMIC_TYPE_KEY); if (ctx->pkey->hkdfKey == NULL) { @@ -3110,7 +3144,7 @@ int wolfSSL_EVP_PKEY_sign(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *sig, if (!ctx->pkey->dsa) return WOLFSSL_FAILURE; bytes = wolfSSL_BN_num_bytes(ctx->pkey->dsa->q); - if (bytes == WOLFSSL_FAILURE) + if (bytes == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) return WOLFSSL_FAILURE; bytes *= 2; if (!sig) { @@ -3123,7 +3157,7 @@ int wolfSSL_EVP_PKEY_sign(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *sig, /* wolfSSL_DSA_do_sign() can return WOLFSSL_FATAL_ERROR */ if (ret != WOLFSSL_SUCCESS) return ret; - if (bytes == WOLFSSL_FAILURE) + if (bytes == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) return WOLFSSL_FAILURE; *siglen = (size_t)bytes; return WOLFSSL_SUCCESS; @@ -3404,14 +3438,14 @@ int wolfSSL_EVP_PKEY_keygen_init(WOLFSSL_EVP_PKEY_CTX *ctx) int wolfSSL_EVP_PKEY_keygen(WOLFSSL_EVP_PKEY_CTX *ctx, WOLFSSL_EVP_PKEY **ppkey) { - int ret = WOLFSSL_FAILURE; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); int ownPkey = 0; WOLFSSL_EVP_PKEY* pkey; WOLFSSL_ENTER("wolfSSL_EVP_PKEY_keygen"); if (ctx == NULL || ppkey == NULL) { - return BAD_FUNC_ARG; + return WOLFSSL_FAILURE; } pkey = *ppkey; @@ -3421,7 +3455,7 @@ int wolfSSL_EVP_PKEY_keygen(WOLFSSL_EVP_PKEY_CTX *ctx, ctx->pkey->type != EVP_PKEY_RSA && ctx->pkey->type != EVP_PKEY_DH)) { WOLFSSL_MSG("Key not set or key type not supported"); - return BAD_FUNC_ARG; + return WOLFSSL_FAILURE; } pkey = wolfSSL_EVP_PKEY_new(); if (pkey == NULL) { @@ -3802,14 +3836,15 @@ static int DH_param_check(WOLFSSL_DH* dh_key) dh_key->q != NULL) { if (ret == WOLFSSL_SUCCESS && - wolfSSL_BN_mod_exp(num1, dh_key->g, dh_key->q, dh_key->p, ctx) == - WOLFSSL_FAILURE) { + wolfSSL_BN_mod_exp(num1, dh_key->g, dh_key->q, dh_key->p, ctx) + == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) + { WOLFSSL_MSG("BN_mod_exp failed"); ret = WOLFSSL_FAILURE; } else if (ret == WOLFSSL_SUCCESS && - wolfSSL_BN_is_one(num1) == WOLFSSL_FAILURE) { + wolfSSL_BN_is_one(num1) == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) { WOLFSSL_MSG("dh_key->g is not suitable generator"); ret = WOLFSSL_FAILURE; } @@ -3957,7 +3992,7 @@ int wolfSSL_EVP_SignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sigret, (void)siglen; WOLFSSL_ENTER("EVP_SignFinal"); - if (ctx == NULL) + if (ctx == NULL || sigret == NULL || siglen == NULL || pkey == NULL) return WOLFSSL_FAILURE; ret = wolfSSL_EVP_DigestFinal(ctx, md, &mdsize); @@ -3989,15 +4024,32 @@ int wolfSSL_EVP_SignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sigret, if (ret != WOLFSSL_SUCCESS) return ret; bytes = wolfSSL_BN_num_bytes(pkey->dsa->q); - if (bytes == WOLFSSL_FAILURE || (int)*siglen < bytes * 2) + if (bytes == WC_NO_ERR_TRACE(WOLFSSL_FAILURE) || + (int)*siglen < bytes * 2) + { return WOLFSSL_FAILURE; + } *siglen = (unsigned int)(bytes * 2); return WOLFSSL_SUCCESS; } #endif - case EVP_PKEY_EC: - WOLFSSL_MSG("not implemented"); - FALL_THROUGH; +#ifdef HAVE_ECC + case EVP_PKEY_EC: { + WOLFSSL_ECDSA_SIG *ecdsaSig = wolfSSL_ECDSA_do_sign(md, (int)mdsize, + pkey->ecc); + if (ecdsaSig == NULL) + return WOLFSSL_FAILURE; + ret = wolfSSL_i2d_ECDSA_SIG(ecdsaSig, NULL); + if (ret <= 0 || ret > (int)*siglen) + return WOLFSSL_FAILURE; + ret = wolfSSL_i2d_ECDSA_SIG(ecdsaSig, &sigret); + wolfSSL_ECDSA_SIG_free(ecdsaSig); + if (ret <= 0 || ret > (int)*siglen) + return WOLFSSL_FAILURE; + *siglen = (unsigned int)ret; + return WOLFSSL_SUCCESS; + } +#endif default: break; } @@ -4055,7 +4107,8 @@ int wolfSSL_EVP_VerifyFinal(WOLFSSL_EVP_MD_CTX *ctx, if (ctx == NULL) return WOLFSSL_FAILURE; WOLFSSL_ENTER("EVP_VerifyFinal"); ret = wolfSSL_EVP_DigestFinal(ctx, md, &mdsize); - if (ret <= 0) return ret; + if (ret <= 0) + return ret; (void)sig; (void)siglen; @@ -4072,9 +4125,19 @@ int wolfSSL_EVP_VerifyFinal(WOLFSSL_EVP_MD_CTX *ctx, (unsigned int)siglen, pkey->rsa); } #endif /* NO_RSA */ - +#ifdef HAVE_ECC + case EVP_PKEY_EC: { + WOLFSSL_ECDSA_SIG *ecdsaSig = wolfSSL_d2i_ECDSA_SIG( + NULL, (const unsigned char **)&sig, (long)siglen); + if (ecdsaSig == NULL) + return WOLFSSL_FAILURE; + ret = wolfSSL_ECDSA_do_verify(md, (int)mdsize, ecdsaSig, + pkey->ecc); + wolfSSL_ECDSA_SIG_free(ecdsaSig); + return ret; + } +#endif case EVP_PKEY_DSA: - case EVP_PKEY_EC: WOLFSSL_MSG("not implemented"); FALL_THROUGH; default: @@ -4085,9 +4148,10 @@ int wolfSSL_EVP_VerifyFinal(WOLFSSL_EVP_MD_CTX *ctx, int wolfSSL_EVP_add_cipher(const WOLFSSL_EVP_CIPHER *cipher) { - (void)cipher; /* nothing to do */ - return 0; + if (cipher == NULL) + return WOLFSSL_FAILURE; + return WOLFSSL_SUCCESS; } @@ -4144,7 +4208,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_CMAC_key(WOLFSSL_ENGINE* e, } ret = wolfSSL_CMAC_Init(ctx, priv, len, cipher, e); - if (ret == WOLFSSL_FAILURE) { + if (ret == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) { wolfSSL_CMAC_CTX_free(ctx); WOLFSSL_LEAVE("wolfSSL_EVP_PKEY_new_CMAC_key", 0); return NULL; @@ -4286,7 +4350,7 @@ static int wolfSSL_evp_digest_pk_init(WOLFSSL_EVP_MD_CTX *ctx, } type = wolfSSL_EVP_get_digestbynid(default_digest); if (type == NULL) { - return BAD_FUNC_ARG; + return WOLFSSL_FAILURE; } } @@ -4478,7 +4542,7 @@ int wolfSSL_EVP_DigestSignInit(WOLFSSL_EVP_MD_CTX *ctx, WOLFSSL_ENTER("EVP_DigestSignInit"); if (ctx == NULL || pkey == NULL) - return BAD_FUNC_ARG; + return WOLFSSL_FAILURE; return wolfSSL_evp_digest_pk_init(ctx, pctx, type, e, pkey); } @@ -4490,7 +4554,7 @@ int wolfSSL_EVP_DigestSignUpdate(WOLFSSL_EVP_MD_CTX *ctx, const void *d, WOLFSSL_ENTER("EVP_DigestSignUpdate"); if (ctx == NULL || d == NULL) - return BAD_FUNC_ARG; + return WOLFSSL_FAILURE; return wolfssl_evp_digest_pk_update(ctx, d, cnt); } @@ -4500,7 +4564,7 @@ int wolfSSL_EVP_DigestSignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sig, { unsigned char digest[WC_MAX_DIGEST_SIZE]; unsigned int hashLen; - int ret = WOLFSSL_FAILURE; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); WOLFSSL_ENTER("EVP_DigestSignFinal"); @@ -4603,7 +4667,7 @@ int wolfSSL_EVP_DigestVerifyInit(WOLFSSL_EVP_MD_CTX *ctx, WOLFSSL_ENTER("EVP_DigestVerifyInit"); if (ctx == NULL || type == NULL || pkey == NULL) - return BAD_FUNC_ARG; + return WOLFSSL_FAILURE; return wolfSSL_evp_digest_pk_init(ctx, pctx, type, e, pkey); } @@ -4615,7 +4679,7 @@ int wolfSSL_EVP_DigestVerifyUpdate(WOLFSSL_EVP_MD_CTX *ctx, const void *d, WOLFSSL_ENTER("EVP_DigestVerifyUpdate"); if (ctx == NULL || d == NULL) - return BAD_FUNC_ARG; + return WOLFSSL_FAILURE; return wolfssl_evp_digest_pk_update(ctx, d, (unsigned int)cnt); } @@ -4756,7 +4820,7 @@ int wolfSSL_EVP_DigestVerifyFinal(WOLFSSL_EVP_MD_CTX *ctx, int wolfSSL_EVP_read_pw_string(char* buf, int bufSz, const char* banner, int v) { printf("%s", banner); - if (XGETPASSWD(buf, bufSz) == WOLFSSL_FAILURE) { + if (XGETPASSWD(buf, bufSz) == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) { return -1; } (void)v; /* fgets always sanity checks size of input vs buffer */ @@ -5913,7 +5977,7 @@ void wolfSSL_EVP_init(void) int wolfSSL_EVP_CIPHER_CTX_ctrl(WOLFSSL_EVP_CIPHER_CTX *ctx, int type, \ int arg, void *ptr) { - int ret = WOLFSSL_FAILURE; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); #if defined(HAVE_AESGCM) || (defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) #ifndef WC_NO_RNG WC_RNG rng; @@ -6298,15 +6362,11 @@ void wolfSSL_EVP_init(void) ctx->keyLen = 0; #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) || defined(HAVE_ARIA) || \ defined(WOLFSSL_SM4_GCM) || defined(WOLFSSL_SM4_CCM) - if (ctx->authBuffer) { - XFREE(ctx->authBuffer, NULL, DYNAMIC_TYPE_OPENSSL); - ctx->authBuffer = NULL; - } + XFREE(ctx->authBuffer, NULL, DYNAMIC_TYPE_OPENSSL); + ctx->authBuffer = NULL; ctx->authBufferLen = 0; - if (ctx->authIn) { - XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL); - ctx->authIn = NULL; - } + XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL); + ctx->authIn = NULL; ctx->authInSz = 0; ctx->authIvGenEnable = 0; ctx->authIncIv = 0; @@ -6361,7 +6421,7 @@ void wolfSSL_EVP_init(void) } ret = wolfSSL_EVP_get_hashinfo(md, &hashType, NULL); - if (ret == WOLFSSL_FAILURE) + if (ret == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) goto end; ret = wc_PBKDF1_ex(key, (int)info->keySz, iv, (int)info->ivSz, data, sz, @@ -6428,10 +6488,8 @@ void wolfSSL_EVP_init(void) { int ret = WOLFSSL_SUCCESS; - if (ctx->authIn) { - XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL); - ctx->authIn = NULL; - } + XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL); + ctx->authIn = NULL; ctx->authInSz = 0; ctx->block_size = AES_BLOCK_SIZE; @@ -6520,7 +6578,7 @@ void wolfSSL_EVP_init(void) static int EvpCipherAesGCM(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* dst, byte* src, word32 len) { - int ret = WOLFSSL_FAILURE; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); #ifndef WOLFSSL_AESGCM_STREAM /* No destination means only AAD. */ @@ -6635,10 +6693,8 @@ void wolfSSL_EVP_init(void) { int ret = WOLFSSL_SUCCESS; - if (ctx->authIn) { - XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL); - ctx->authIn = NULL; - } + XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL); + ctx->authIn = NULL; ctx->authInSz = 0; ctx->block_size = AES_BLOCK_SIZE; @@ -6714,7 +6770,7 @@ void wolfSSL_EVP_init(void) static int EvpCipherAesCCM(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* dst, byte* src, word32 len) { - int ret = WOLFSSL_FAILURE; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); /* No destination means only AAD. */ if (src != NULL && dst == NULL) { @@ -6786,10 +6842,8 @@ void wolfSSL_EVP_init(void) return WOLFSSL_FAILURE; } - if (ctx->authIn) { - XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL); - ctx->authIn = NULL; - } + XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL); + ctx->authIn = NULL; ctx->authInSz = 0; ctx->block_size = AES_BLOCK_SIZE; @@ -7821,10 +7875,8 @@ void wolfSSL_EVP_init(void) ctx->ivSz = GCM_NONCE_MID_SZ; } ctx->authTagSz = SM4_BLOCK_SIZE; - if (ctx->authIn) { - XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL); - ctx->authIn = NULL; - } + XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL); + ctx->authIn = NULL; ctx->authInSz = 0; if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; @@ -7853,10 +7905,8 @@ void wolfSSL_EVP_init(void) ctx->ivSz = GCM_NONCE_MID_SZ; } ctx->authTagSz = SM4_BLOCK_SIZE; - if (ctx->authIn) { - XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL); - ctx->authIn = NULL; - } + XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL); + ctx->authIn = NULL; ctx->authInSz = 0; if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; @@ -8224,7 +8274,7 @@ void wolfSSL_EVP_init(void) int wolfSSL_EVP_Cipher(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* dst, byte* src, word32 len) { - int ret = WOLFSSL_FAILURE; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); WOLFSSL_ENTER("wolfSSL_EVP_Cipher"); @@ -9001,7 +9051,7 @@ int wolfSSL_EVP_PKEY_set1_DH(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_DH *key) /* Get size of DER buffer only */ if (havePublic && !havePrivate) { ret = wc_DhPubKeyToDer(dhkey, NULL, &derSz); - } else if (havePrivate && !havePublic) { + } else if (havePrivate) { ret = wc_DhPrivKeyToDer(dhkey, NULL, &derSz); } else { ret = wc_DhParamsToDer(dhkey,NULL,&derSz); @@ -9021,7 +9071,7 @@ int wolfSSL_EVP_PKEY_set1_DH(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_DH *key) /* Fill DER buffer */ if (havePublic && !havePrivate) { ret = wc_DhPubKeyToDer(dhkey, derBuf, &derSz); - } else if (havePrivate && !havePublic) { + } else if (havePrivate) { ret = wc_DhPrivKeyToDer(dhkey, derBuf, &derSz); } else { ret = wc_DhParamsToDer(dhkey,derBuf,&derSz); @@ -9304,7 +9354,7 @@ const WOLFSSL_EVP_MD* wolfSSL_EVP_ripemd160(void) int wolfSSL_EVP_MD_pkey_type(const WOLFSSL_EVP_MD* type) { - int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG); + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); WOLFSSL_ENTER("wolfSSL_EVP_MD_pkey_type"); @@ -9329,7 +9379,7 @@ int wolfSSL_EVP_MD_pkey_type(const WOLFSSL_EVP_MD* type) } } else { - ret = BAD_FUNC_ARG; + ret = WOLFSSL_FAILURE; } WOLFSSL_LEAVE("wolfSSL_EVP_MD_pkey_type", ret); @@ -9720,7 +9770,12 @@ WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKCS82PKEY(const WOLFSSL_PKCS8_PRIV_KEY_INFO* p8) /* this function just casts and returns pointer */ WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_EVP_PKEY2PKCS8(const WOLFSSL_EVP_PKEY* pkey) { - return (WOLFSSL_PKCS8_PRIV_KEY_INFO*)pkey; + if (pkey == NULL || pkey->pkey.ptr == NULL) { + return NULL; + } + + return wolfSSL_d2i_PrivateKey_EVP(NULL, (unsigned char**)&pkey->pkey.ptr, + pkey->pkey_sz); } #endif @@ -9873,10 +9928,24 @@ static const struct alias { const char *alias; } digest_alias_tbl[] = { - {"MD4", "ssl3-md4"}, - {"MD5", "ssl3-md5"}, - {"SHA1", "ssl3-sha1"}, + {"MD4", "md4"}, + {"MD5", "md5"}, + {"SHA1", "sha1"}, {"SHA1", "SHA"}, + {"SHA224", "sha224"}, + {"SHA256", "sha256"}, + {"SHA384", "sha384"}, + {"SHA512", "sha512"}, + {"SHA512_224", "sha512_224"}, + {"SHA3_224", "sha3_224"}, + {"SHA3_256", "sha3_256"}, + {"SHA3_384", "sha3_384"}, + {"SHA3_512", "sha3_512"}, + {"SM3", "sm3"}, + {"BLAKE2B512", "blake2b512"}, + {"BLAKE2S256", "blake2s256"}, + {"SHAKE128", "shake128"}, + {"SHAKE256", "shake256"}, { NULL, NULL} }; @@ -10205,7 +10274,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) * @param n message digest type name * @return alias name, otherwise NULL */ - static const char* hasAliasName(const char* n) + static const char* getMdAliasName(const char* n) { const char* aliasnm = NULL; @@ -10236,23 +10305,15 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) { struct do_all_md *md = (struct do_all_md*)arg; - const struct s_ent *ent; - /* sanity check */ if (md == NULL || nm == NULL || md->fn == NULL || nm->type != WOLFSSL_OBJ_NAME_TYPE_MD_METH) return; - /* loop all md */ - for (ent = md_tbl; ent->name != NULL; ent++){ - /* check if the md has alias */ - if(hasAliasName(ent->name) != NULL) { - md->fn(NULL, ent->name, ent->name, md->arg); - } - else { - md->fn(ent->name, ent->name, NULL, md->arg); - } - } + if (nm->alias) + md->fn(NULL, nm->name, nm->data, md->arg); + else + md->fn((const EVP_MD *)nm->data, nm->name, NULL, md->arg); } /* call md_do_all function to do all md algorithm via a callback function @@ -10287,11 +10348,30 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) if (!fn) return; - objnm.type = type; - switch(type) { case WOLFSSL_OBJ_NAME_TYPE_MD_METH: - fn(&objnm, arg); + { + const struct s_ent *ent; + /* loop all md */ + for (ent = md_tbl; ent->name != NULL; ent++){ + XMEMSET(&objnm, 0, sizeof(objnm)); + + /* populate objnm with info about the md */ + objnm.type = WOLFSSL_OBJ_NAME_TYPE_MD_METH; + objnm.name = ent->name; + objnm.data = (const char*) + wolfSSL_EVP_get_digestbyname(ent->name); + fn(&objnm, arg); + + /* check if the md has alias and also call fn with it */ + objnm.name = getMdAliasName(ent->name); + if (objnm.name != NULL) { + objnm.alias |= WOLFSSL_OBJ_NAME_ALIAS; + objnm.data = ent->name; + fn(&objnm, arg); + } + } + } break; case WOLFSSL_OBJ_NAME_TYPE_CIPHER_METH: case WOLFSSL_OBJ_NAME_TYPE_PKEY_METH: @@ -10420,20 +10500,17 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) const WOLFSSL_EVP_MD* md) { int ret = WOLFSSL_SUCCESS; + #ifdef WOLFSSL_ASYNC_CRYPT + wc_static_assert(WC_ASYNC_DEV_SIZE >= sizeof(WC_ASYNC_DEV)); + #endif WOLFSSL_ENTER("EVP_DigestInit"); if (ctx == NULL) { - return BAD_FUNC_ARG; + return WOLFSSL_FAILURE; } - - #ifdef WOLFSSL_ASYNC_CRYPT - /* compile-time validation of ASYNC_CTX_SIZE */ - typedef char async_test[WC_ASYNC_DEV_SIZE >= sizeof(WC_ASYNC_DEV) ? - 1 : -1]; - (void)sizeof(async_test); - #endif + wolfSSL_EVP_MD_CTX_init(ctx); /* Set to 0 if no match */ ctx->macType = EvpMd2MacType(md); @@ -10522,7 +10599,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) #endif { ctx->macType = WC_HASH_TYPE_NONE; - return BAD_FUNC_ARG; + return WOLFSSL_FAILURE; } return ret; @@ -10532,7 +10609,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) int wolfSSL_EVP_DigestUpdate(WOLFSSL_EVP_MD_CTX* ctx, const void* data, size_t sz) { - int ret = WOLFSSL_FAILURE; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); enum wc_HashType macType; WOLFSSL_ENTER("EVP_DigestUpdate"); @@ -10660,7 +10737,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) int wolfSSL_EVP_DigestFinal(WOLFSSL_EVP_MD_CTX* ctx, unsigned char* md, unsigned int* s) { - int ret = WOLFSSL_FAILURE; + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); enum wc_HashType macType; WOLFSSL_ENTER("EVP_DigestFinal"); @@ -10839,7 +10916,7 @@ int wolfSSL_EVP_MD_block_size(const WOLFSSL_EVP_MD* type) if (type == NULL) { WOLFSSL_MSG("No md type arg"); - return BAD_FUNC_ARG; + return WOLFSSL_FAILURE; } #ifndef NO_SHA @@ -10905,7 +10982,7 @@ int wolfSSL_EVP_MD_block_size(const WOLFSSL_EVP_MD* type) } else #endif - return BAD_FUNC_ARG; + return WOLFSSL_FAILURE; } int wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* type) @@ -10914,7 +10991,7 @@ int wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* type) if (type == NULL) { WOLFSSL_MSG("No md type arg"); - return BAD_FUNC_ARG; + return WOLFSSL_FAILURE; } #ifndef NO_SHA @@ -10990,7 +11067,7 @@ int wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* type) } #endif - return BAD_FUNC_ARG; + return WOLFSSL_FAILURE; } #endif /* OPENSSL_EXTRA || HAVE_CURL */ @@ -11108,18 +11185,12 @@ void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY* key) #ifdef HAVE_HKDF case EVP_PKEY_HKDF: - if (key->hkdfSalt != NULL) { - XFREE(key->hkdfSalt, NULL, DYNAMIC_TYPE_SALT); - key->hkdfSalt = NULL; - } - if (key->hkdfKey != NULL) { - XFREE(key->hkdfKey, NULL, DYNAMIC_TYPE_KEY); - key->hkdfKey = NULL; - } - if (key->hkdfInfo != NULL) { - XFREE(key->hkdfInfo, NULL, DYNAMIC_TYPE_INFO); - key->hkdfInfo = NULL; - } + XFREE(key->hkdfSalt, NULL, DYNAMIC_TYPE_SALT); + key->hkdfSalt = NULL; + XFREE(key->hkdfKey, NULL, DYNAMIC_TYPE_KEY); + key->hkdfKey = NULL; + XFREE(key->hkdfInfo, NULL, DYNAMIC_TYPE_INFO); + key->hkdfInfo = NULL; key->hkdfSaltSz = 0; key->hkdfKeySz = 0; key->hkdfInfoSz = 0; @@ -11279,7 +11350,7 @@ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, int indent, int bitlen, ASN1_PCTX* pctx) { byte buff[8] = { 0 }; - int res = WOLFSSL_FAILURE; + int res = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); word32 inOutIdx = 0; word32 nSz; /* size of modulus */ word32 eSz; /* size of public exponent */ @@ -11598,10 +11669,8 @@ static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, res = wolfSSL_BIO_write(out, "\n", 1) > 0; } - if (pub != NULL) { - XFREE(pub, NULL, DYNAMIC_TYPE_ECC_BUFFER); - pub = NULL; - } + XFREE(pub, NULL, DYNAMIC_TYPE_ECC_BUFFER); + pub = NULL; wc_ecc_free(key); mp_free(a); @@ -11633,7 +11702,7 @@ static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, byte buff[8] = { 0 }; int length; - int res = WOLFSSL_FAILURE; + int res = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); word32 inOutIdx = 0; word32 oid; byte tagFound; @@ -11851,7 +11920,7 @@ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, { byte buff[8] = { 0 }; - int res = WOLFSSL_FAILURE; + int res = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); word32 length; word32 inOutIdx; word32 oid; diff --git a/src/wolfssl/internal.h b/src/wolfssl/internal.h index 390b21b..c62ef35 100644 --- a/src/wolfssl/internal.h +++ b/src/wolfssl/internal.h @@ -1,6 +1,6 @@ /* internal.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -1329,6 +1329,10 @@ enum { #endif #endif +#ifndef MAX_PSK_KEY_LEN + #define MAX_PSK_KEY_LEN 64 +#endif + #ifndef MAX_EARLY_DATA_SZ /* maximum early data size */ #define MAX_EARLY_DATA_SZ 4096 @@ -1421,15 +1425,15 @@ enum { #define ENCRYPT_BASE_BITS (256 * 2) #else /* No secret from public key operation but PSK key plus length used. */ - #define ENCRYPT_BASE_BITS ((MAX_PSK_ID_LEN + 2) * 8) + #define ENCRYPT_BASE_BITS ((MAX_PSK_KEY_LEN + 2) * 8) #endif #ifdef WOLFSSL_DTLS_CID #ifndef DTLS_CID_MAX_SIZE -/* DTLSv1.3 parsing code copies the record header in a static buffer to decrypt +/* DTLS parsing code copies the record header in a static buffer to decrypt * the record. Increasing the CID max size does increase also this buffer, * impacting on per-session runtime memory footprint. */ -#define DTLS_CID_MAX_SIZE 2 +#define DTLS_CID_MAX_SIZE 10 #endif #else #undef DTLS_CID_MAX_SIZE @@ -1440,6 +1444,30 @@ enum { #error "Max size for DTLS CID is 255 bytes" #endif +/* Record Payload Protection Section 5 + * https://www.rfc-editor.org/rfc/rfc9146.html#section-5 */ +#define WOLFSSL_TLS_HMAC_CID_INNER_SZ \ + (8 + /* seq_num_placeholder */ \ + 1 + /* tls12_cid */ \ + 1 + /* cid_length */ \ + 1 + /* tls12_cid */ \ + 2 + /* DTLSCiphertext.version */ \ + 2 + /* epoch */ \ + 6 + /* sequence_number */ \ + DTLS_CID_MAX_SIZE + /* cid */ \ + 2) /* length_of_DTLSInnerPlaintext */ + +#define WOLFSSL_TLS_AEAD_CID_AAD_SZ \ + (8 + /* seq_num_placeholder */ \ + 1 + /* tls12_cid */ \ + 1 + /* cid_length */ \ + 1 + /* tls12_cid */ \ + 2 + /* DTLSCiphertext.version */ \ + 2 + /* epoch */ \ + 6 + /* sequence_number */ \ + DTLS_CID_MAX_SIZE + /* cid */ \ + 2) /* length_of_DTLSInnerPlaintext */ + #ifndef MAX_TICKET_AGE_DIFF /* maximum ticket age difference in seconds, 10 seconds */ #define MAX_TICKET_AGE_DIFF 10 @@ -1561,7 +1589,7 @@ enum Misc { * hybridization with other algs. */ #else #ifndef NO_PSK - ENCRYPT_LEN = (ENCRYPT_BASE_BITS / 8) + MAX_PSK_ID_LEN + 2, + ENCRYPT_LEN = (ENCRYPT_BASE_BITS / 8) + MAX_PSK_KEY_LEN + 2, #else ENCRYPT_LEN = (ENCRYPT_BASE_BITS / 8), #endif @@ -1633,6 +1661,7 @@ enum Misc { #endif HANDSHAKE_HEADER_SZ = 4, /* type + length(3) */ + DTLS13_HANDSHAKE_HEADER_SZ = 12, /* sizeof(Dtls13HandshakeHeader) */ RECORD_HEADER_SZ = 5, /* type + version + len(2) */ CERT_HEADER_SZ = 3, /* always 3 bytes */ REQ_HEADER_SZ = 2, /* cert request header sz */ @@ -1645,6 +1674,7 @@ enum Misc { DTLS_HANDSHAKE_HEADER_SZ = 12, /* normal + seq(2) + offset(3) + length(3) */ DTLS_RECORD_HEADER_SZ = 13, /* normal + epoch(2) + seq_num(6) */ + DTLS12_CID_OFFSET = 11, DTLS_UNIFIED_HEADER_MIN_SZ = 2, /* flags + seq_number(2) + length(2) + CID */ DTLS_RECVD_RL_HEADER_MAX_SZ = 5 + DTLS_CID_MAX_SIZE, @@ -1745,6 +1775,7 @@ enum Misc { CHACHA20_IMP_IV_SZ = 12, /* Size of ChaCha20 AEAD implicit IV */ CHACHA20_NONCE_SZ = 12, /* Size of ChacCha20 nonce */ CHACHA20_OLD_OFFSET = 4, /* Offset for seq # in old poly1305 */ + CHACHA20_OFFSET = 4, /* Offset for seq # in poly1305 */ /* For any new implicit/explicit IV size adjust AEAD_MAX_***_SZ */ @@ -1828,7 +1859,6 @@ enum Misc { DTLS_TIMEOUT_MULTIPLIER = 2, /* default timeout multiplier for DTLS recv */ NULL_TERM_LEN = 1, /* length of null '\0' termination character */ - MAX_PSK_KEY_LEN = 64, /* max psk key supported */ MIN_PSK_ID_LEN = 6, /* min length of identities */ MIN_PSK_BINDERS_LEN = 33, /* min length of binders */ @@ -1855,6 +1885,14 @@ enum Misc { READ_PROTO = 0 /* reading a protocol message */ }; + +/* Size of the data to authenticate */ +#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID) +#define AEAD_AUTH_DATA_SZ WOLFSSL_TLS_AEAD_CID_AAD_SZ +#else +#define AEAD_AUTH_DATA_SZ 13 +#endif + #define WOLFSSL_NAMED_GROUP_IS_FFHDE(group) \ (MIN_FFHDE_GROUP <= (group) && (group) <= MAX_FFHDE_GROUP) #ifdef WOLFSSL_HAVE_KYBER @@ -1986,6 +2024,22 @@ enum Misc { #define MAX_CHAIN_DEPTH 9 #endif +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \ + defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) + #if !defined(HAVE_OCSP) + #error OCSP Stapling and Stapling V2 needs OCSP. Please define HAVE_OCSP. + #endif +#endif + +/* Max certificate extensions in TLS1.3 */ +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) + /* Number of extensions to set each OCSP response */ + #define MAX_CERT_EXTENSIONS (1 + MAX_CHAIN_DEPTH) +#else + /* Only empty extensions */ + #define MAX_CERT_EXTENSIONS 1 +#endif + /* max size of a certificate message payload */ /* assumes MAX_CHAIN_DEPTH number of certificates at 2kb per certificate */ #ifndef MAX_CERTIFICATE_SZ @@ -2033,18 +2087,9 @@ enum Misc { #define MAX_ENCRYPT_SZ ENCRYPT_LEN -/* A static check to assert a relation between x and y */ -#define WOLFSSL_ASSERT_TEST(x, y, op) do { \ - typedef char _args_test_[(x) op (y) ? 1 : -1]; \ - (void)sizeof(_args_test_); \ -} while(0) - -#define WOLFSSL_ASSERT_EQ(x, y) WOLFSSL_ASSERT_TEST(x, y, ==) +#define WOLFSSL_ASSERT_EQ(x, y) wc_static_assert((x) == (y)) -#define WOLFSSL_ASSERT_SIZEOF_TEST(x, y, op) \ - WOLFSSL_ASSERT_TEST(sizeof((x)), sizeof((y)), op) - -#define WOLFSSL_ASSERT_SIZEOF_GE(x, y) WOLFSSL_ASSERT_SIZEOF_TEST(x, y, >=) +#define WOLFSSL_ASSERT_SIZEOF_GE(x, y) wc_static_assert(sizeof(x) >= sizeof(y)) /* states. Adding state before HANDSHAKE_DONE will break session importing */ enum states { @@ -2211,9 +2256,13 @@ WOLFSSL_LOCAL void FreeAsyncCtx(WOLFSSL* ssl, byte freeAsync); WOLFSSL_LOCAL void FreeKeyExchange(WOLFSSL* ssl); WOLFSSL_LOCAL void FreeSuites(WOLFSSL* ssl); WOLFSSL_LOCAL int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 totalSz); -WOLFSSL_LOCAL int MatchDomainName(const char* pattern, int len, const char* str, word32 strLen); -#ifndef NO_CERTS -WOLFSSL_LOCAL int CheckForAltNames(DecodedCert* dCert, const char* domain, word32 domainLen, int* checkCN); +WOLFSSL_LOCAL int MatchDomainName(const char* pattern, int len, + const char* str, word32 strLen, + unsigned int flags); +#if !defined(NO_CERTS) && !defined(NO_ASN) +WOLFSSL_LOCAL int CheckForAltNames(DecodedCert* dCert, const char* domain, + word32 domainLen, int* checkCN, + unsigned int flags); WOLFSSL_LOCAL int CheckIPAddr(DecodedCert* dCert, const char* ipasc); WOLFSSL_LOCAL void CopyDecodedName(WOLFSSL_X509_NAME* name, DecodedCert* dCert, int nameType); #endif @@ -2235,7 +2284,7 @@ WOLFSSL_LOCAL int ALPN_Select(WOLFSSL* ssl); #endif WOLFSSL_LOCAL int ChachaAEADEncrypt(WOLFSSL* ssl, byte* out, const byte* input, - word16 sz); /* needed by sniffer */ + word16 sz, byte type); /* needed by sniffer */ WOLFSSL_LOCAL int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input, word16 sz); /* needed by sniffer */ @@ -2614,6 +2663,8 @@ struct WOLFSSL_CERT_MANAGER { #endif CallbackCACache caCacheCallback; /* CA cache addition callback */ CbMissingCRL cbMissingCRL; /* notify thru cb of missing crl */ + crlErrorCb crlCb; /* Allow user to override error */ + void* crlCbCtx; CbOCSPIO ocspIOCb; /* I/O callback for OCSP lookup */ CbOCSPRespFree ocspRespFreeCb; /* Frees OCSP Response from IO Cb */ wolfSSL_Mutex caLock; /* CA list lock */ @@ -2647,8 +2698,7 @@ struct WOLFSSL_CERT_MANAGER { #ifdef HAVE_DILITHIUM short minDilithiumKeySz; /* minimum allowed Dilithium key size */ #endif -#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \ - && defined(HAVE_OID_DECODING) +#ifdef WC_ASN_UNKNOWN_EXT_CB wc_UnknownExtCallback unknownExtCallback; #endif }; @@ -2673,7 +2723,9 @@ typedef struct ProcPeerCertArgs { #ifdef WOLFSSL_TLS13 buffer* exts; /* extensions */ #endif +#ifndef NO_ASN DecodedCert* dCert; +#endif word32 idx; word32 begin; int totalCerts; /* number of certs in certs buffer */ @@ -2704,6 +2756,8 @@ WOLFSSL_LOCAL int SetupStoreCtxCallback(WOLFSSL_X509_STORE_CTX** store_pt, WOLFSSL_LOCAL void CleanupStoreCtxCallback(WOLFSSL_X509_STORE_CTX* store, WOLFSSL* ssl, void* heap, int x509Free); #endif /* !defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH) */ +WOLFSSL_LOCAL int X509StoreLoadCertBuffer(WOLFSSL_X509_STORE *str, + byte *buf, word32 bufLen, int type); #endif /* !defined NO_CERTS */ /* wolfSSL Sock Addr */ @@ -2743,6 +2797,70 @@ typedef struct WOLFSSL_DTLS_PEERSEQ { #endif } WOLFSSL_DTLS_PEERSEQ; +struct WOLFSSL_BIO { + WOLFSSL_BUF_MEM* mem_buf; + WOLFSSL_BIO_METHOD* method; + WOLFSSL_BIO* prev; /* previous in chain */ + WOLFSSL_BIO* next; /* next in chain */ + WOLFSSL_BIO* pair; /* BIO paired with */ + void* heap; /* user heap hint */ + union { + byte* mem_buf_data; +#ifndef WOLFCRYPT_ONLY + WOLFSSL* ssl; + WOLFSSL_EVP_MD_CTX* md_ctx; +#endif +#ifndef NO_FILESYSTEM + XFILE fh; +#endif + } ptr; + void* usrCtx; /* user set pointer */ + char* ip; /* IP address for wolfIO_TcpConnect */ + word16 port; /* Port for wolfIO_TcpConnect */ + char* infoArg; /* BIO callback argument */ + wolf_bio_info_cb infoCb; /* BIO callback */ + int wrSz; /* write buffer size (mem) */ + int wrSzReset; /* First buffer size (mem) - read ONLY data */ + int wrIdx; /* current index for write buffer */ + int rdIdx; /* current read index */ + int readRq; /* read request */ + union { + SOCKET_T fd; + size_t length; + } num; + int eof; /* eof flag */ + int flags; + byte type; /* method type */ + byte init:1; /* bio has been initialized */ + byte shutdown:1; /* close flag */ + byte connected:1; /* connected state, for datagram BIOs -- as for + * struct WOLFSSL_DTLS_CTX, when set, sendto and + * recvfrom leave the peer_addr unchanged. */ +#ifdef WOLFSSL_HAVE_BIO_ADDR + union WOLFSSL_BIO_ADDR peer_addr; /* for datagram BIOs, the socket address stored + * with BIO_CTRL_DGRAM_CONNECT, + * BIO_CTRL_DGRAM_SET_CONNECTED, or + * BIO_CTRL_DGRAM_SET_PEER, or stored when a + * packet was received on an unconnected BIO. */ +#endif + +#if defined(WORD64_AVAILABLE) && !defined(WOLFSSL_BIO_NO_FLOW_STATS) + #define WOLFSSL_BIO_HAVE_FLOW_STATS + word64 bytes_read; + word64 bytes_written; +#endif + +#ifdef HAVE_EX_DATA + WOLFSSL_CRYPTO_EX_DATA ex_data; +#endif +#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) + wolfSSL_Ref ref; +#endif +}; + +#if defined(WOLFSSL_HAVE_BIO_ADDR) && defined(OPENSSL_EXTRA) +WOLFSSL_LOCAL socklen_t wolfSSL_BIO_ADDR_size(const WOLFSSL_BIO_ADDR *addr); +#endif #define MAX_WRITE_IV_SZ 16 /* max size of client/server write_IV */ @@ -2804,8 +2922,8 @@ typedef struct Keys { byte encryptionOn; /* true after change cipher spec */ byte decryptedCur; /* only decrypt current record once */ #ifdef WOLFSSL_TLS13 - byte updateResponseReq:1; /* KeyUpdate response from peer required. */ - byte keyUpdateRespond:1; /* KeyUpdate is to be responded to. */ + byte updateResponseReq; /* KeyUpdate response from peer required. */ + byte keyUpdateRespond; /* KeyUpdate is to be responded to. */ #endif #ifdef WOLFSSL_RENESAS_TSIP_TLS @@ -2889,9 +3007,6 @@ typedef enum { TLSX_EXTENDED_MASTER_SECRET = TLSXT_EXTENDED_MASTER_SECRET, TLSX_SESSION_TICKET = TLSXT_SESSION_TICKET, #ifdef WOLFSSL_TLS13 - #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) - TLSX_PRE_SHARED_KEY = TLSXT_PRE_SHARED_KEY, - #endif #ifdef WOLFSSL_EARLY_DATA TLSX_EARLY_DATA = TLSXT_EARLY_DATA, #endif @@ -2911,7 +3026,6 @@ typedef enum { #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_SIGALG) TLSX_SIGNATURE_ALGORITHMS_CERT = TLSXT_SIGNATURE_ALGORITHMS_CERT, #endif - TLSX_KEY_SHARE = TLSXT_KEY_SHARE, #if defined(WOLFSSL_DTLS_CID) TLSX_CONNECTION_ID = TLSXT_CONNECTION_ID, #endif /* defined(WOLFSSL_DTLS_CID) */ @@ -2922,6 +3036,12 @@ typedef enum { TLSX_ECH = TLSXT_ECH, #endif #endif +#if defined(WOLFSSL_TLS13) || !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS) + #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) + TLSX_PRE_SHARED_KEY = TLSXT_PRE_SHARED_KEY, + #endif + TLSX_KEY_SHARE = TLSXT_KEY_SHARE, +#endif #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_DUAL_ALG_CERTS) TLSX_CKS = TLSXT_CKS, #endif @@ -3022,6 +3142,8 @@ WOLFSSL_LOCAL int GetEchConfig(WOLFSSL_EchConfig* config, byte* output, WOLFSSL_LOCAL int GetEchConfigsEx(WOLFSSL_EchConfig* configs, byte* output, word32* outputLen); + +WOLFSSL_LOCAL void FreeEchConfigs(WOLFSSL_EchConfig* configs, void* heap); #endif struct TLSX { @@ -3165,10 +3287,11 @@ typedef struct { byte options; WOLFSSL* ssl; union { - OcspRequest ocsp; + OcspRequest ocsp[MAX_CERT_EXTENSIONS]; } request; + word16 requests; #ifdef WOLFSSL_TLS13 - buffer response; + buffer responses[MAX_CERT_EXTENSIONS]; #endif } CertificateStatusRequest; @@ -3177,12 +3300,25 @@ WOLFSSL_LOCAL int TLSX_UseCertificateStatusRequest(TLSX** extensions, #ifndef NO_CERTS WOLFSSL_LOCAL int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert, void* heap); +WOLFSSL_LOCAL int TLSX_CSR_InitRequest_ex(TLSX* extensions, DecodedCert* cert, + void* heap, int idx); #endif WOLFSSL_LOCAL void* TLSX_CSR_GetRequest(TLSX* extensions); WOLFSSL_LOCAL int TLSX_CSR_ForceRequest(WOLFSSL* ssl); +WOLFSSL_LOCAL word16 TLSX_CSR_GetSize_ex(CertificateStatusRequest* csr, + byte isRequest, + int idx); +WOLFSSL_LOCAL int TLSX_CSR_Write_ex(CertificateStatusRequest* csr, byte* output, + byte isRequest, int idx); +WOLFSSL_LOCAL void* TLSX_CSR_GetRequest_ex(TLSX* extensions, int idx); #endif - +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \ + defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) +WOLFSSL_LOCAL int CreateOcspRequest(WOLFSSL* ssl, OcspRequest* request, + DecodedCert* cert, byte* certData, word32 length, + byte *ctxOwnsRequest); +#endif /** Certificate Status Request v2 - RFC 6961 */ #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 @@ -3334,6 +3470,13 @@ typedef struct InternalTicket { #endif /* OPENSSL_EXTRA */ } InternalTicket; +#ifndef WOLFSSL_TICKET_ENC_CBC_HMAC + #define WOLFSSL_INTERNAL_TICKET_LEN sizeof(InternalTicket) +#else + #define WOLFSSL_INTERNAL_TICKET_LEN \ + (((sizeof(InternalTicket) + 15) / 16) * 16) +#endif + #ifndef WOLFSSL_TICKET_EXTRA_PADDING_SZ #define WOLFSSL_TICKET_EXTRA_PADDING_SZ 32 #endif @@ -3578,6 +3721,8 @@ WOLFSSL_LOCAL void DtlsCIDOnExtensionsParsed(WOLFSSL* ssl); WOLFSSL_LOCAL byte DtlsCIDCheck(WOLFSSL* ssl, const byte* input, word16 inputSize); #endif /* WOLFSSL_DTLS_CID */ +WOLFSSL_LOCAL byte DtlsGetCidTxSize(WOLFSSL* ssl); +WOLFSSL_LOCAL byte DtlsGetCidRxSize(WOLFSSL* ssl); #ifdef OPENSSL_EXTRA enum SetCBIO { @@ -3733,6 +3878,9 @@ struct WOLFSSL_CTX { #endif #if defined(WOLFSSL_DTLS) && defined(WOLFSSL_SCTP) byte dtlsSctp:1; /* DTLS-over-SCTP mode */ +#endif +#if defined(WOLFSSL_TLS13) && defined(HAVE_ECH) + byte disableECH:1; #endif word16 minProto:1; /* sets min to min available */ word16 maxProto:1; /* sets max to max available */ @@ -4598,10 +4746,34 @@ enum AcceptStateTls13 { TLS13_TICKET_SENT }; +#ifdef WOLFSSL_THREADED_CRYPT + +#include + +typedef struct ThreadCrypt { + Ciphers encrypt; + bufferStatic buffer; + unsigned char nonce[AESGCM_NONCE_SZ]; + unsigned char additional[AEAD_AUTH_DATA_SZ]; + int init; + int offset; + int cryptLen; + int done; + int avail; + int stop; + WOLFSSL_THREAD_SIGNAL signal; + void* signalCtx; +} ThreadCrypt; + +#endif + /* buffers for struct WOLFSSL */ typedef struct Buffers { bufferStatic inputBuffer; bufferStatic outputBuffer; +#ifdef WOLFSSL_THREADED_CRYPT + ThreadCrypt encrypt[WOLFSSL_THREADED_CRYPT_CNT]; +#endif buffer domainName; /* for client check */ buffer clearOutputBuffer; buffer sig; /* signature data */ @@ -4650,7 +4822,7 @@ typedef struct Buffers { /* chain after self, in DER, with leading size for each cert */ #ifdef WOLFSSL_TLS13 int certChainCnt; - DerBuffer* certExts; + DerBuffer* certExts[MAX_CERT_EXTENSIONS]; #endif #endif #ifdef WOLFSSL_SEND_HRR_COOKIE @@ -4755,7 +4927,6 @@ struct Options { word16 tls:1; /* using TLS ? */ word16 tls1_1:1; /* using TLSv1.1+ ? */ word16 tls1_3:1; /* using TLSv1.3+ ? */ - word16 seenUnifiedHdr:1; /* received msg with unified header */ word16 dtls:1; /* using datagrams ? */ #ifdef WOLFSSL_DTLS word16 dtlsStateful:1; /* allow stateful processing ? */ @@ -4764,7 +4935,6 @@ struct Options { word16 isClosed:1; /* if we consider conn closed */ word16 closeNotify:1; /* we've received a close notify */ word16 sentNotify:1; /* we've sent a close notify */ - word16 shutdownDone:1; /* we've completed a shutdown */ word16 usingCompression:1; /* are we using compression */ word16 haveRSA:1; /* RSA available */ word16 haveECC:1; /* ECC available */ @@ -4812,7 +4982,6 @@ struct Options { #endif word16 dtlsUseNonblock:1; /* are we using nonblocking socket */ word16 dtlsHsRetain:1; /* DTLS retaining HS data */ - word16 haveMcast:1; /* using multicast ? */ #ifdef WOLFSSL_SCTP word16 dtlsSctp:1; /* DTLS-over-SCTP mode */ #endif @@ -4865,8 +5034,6 @@ struct Options { word16 buildArgsSet:1; /* buildArgs are set and need to * be free'd */ #endif - word16 buildingMsg:1; /* If set then we need to re-enter the - * handshake logic. */ #ifdef WOLFSSL_DTLS13 word16 dtls13SendMoreAcks:1; /* Send more acks during the * handshake process */ @@ -4884,7 +5051,8 @@ struct Options { word16 useDtlsCID:1; #endif /* WOLFSSL_DTLS_CID */ #if defined(WOLFSSL_TLS13) && defined(HAVE_ECH) - word16 useEch:1; + word16 useEch:1; /* Do we have a valid config */ + byte disableECH:1; /* Did the user disable ech */ #endif #ifdef WOLFSSL_SEND_HRR_COOKIE word16 cookieGood:1; @@ -4892,6 +5060,14 @@ struct Options { #if defined(HAVE_DANE) word16 useDANE:1; #endif /* HAVE_DANE */ +#ifdef WOLFSSL_DTLS + byte haveMcast; /* using multicast ? */ +#endif + byte buildingMsg; /* If set then we need to re-enter the + * handshake logic. */ + byte seenUnifiedHdr; /* received msg with unified header */ + byte shutdownDone; /* we've completed a shutdown */ + byte sendKeyUpdate; /* Key Update to write */ #if defined(HAVE_RPK) RpkConfig rpkConfig; RpkState rpkState; @@ -5102,13 +5278,9 @@ struct WOLFSSL_X509 { byte hwType[EXTERNAL_SERIAL_SIZE]; int hwSerialNumSz; byte hwSerialNum[EXTERNAL_SERIAL_SIZE]; -#endif /* WOLFSSL_SEP */ -#if (defined(WOLFSSL_SEP) || defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || \ - defined (OPENSSL_EXTRA)) && \ - (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) byte certPolicySet; byte certPolicyCrit; -#endif /* (WOLFSSL_SEP || WOLFSSL_QT) && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */ +#endif /* WOLFSSL_SEP */ #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) WOLFSSL_STACK* ext_sk; /* Store X509_EXTENSIONS from wolfSSL_X509_get_ext */ WOLFSSL_STACK* ext_sk_full; /* Store X509_EXTENSIONS from wolfSSL_X509_get0_extensions */ @@ -5149,6 +5321,7 @@ struct WOLFSSL_X509 { byte* authKeyId; /* Points into authKeyIdSrc */ byte* authKeyIdSrc; byte* subjKeyId; + WOLFSSL_ASN1_STRING* subjKeyIdStr; byte* extKeyUsageSrc; #ifdef OPENSSL_ALL byte* subjAltNameSrc; @@ -5241,6 +5414,30 @@ struct WOLFSSL_X509 { #endif /* WOLFSSL_DUAL_ALG_CERTS */ }; +#if defined(WOLFSSL_ACERT) +struct WOLFSSL_X509_ACERT { + int version; + int serialSz; + byte serial[EXTERNAL_SERIAL_SIZE]; + WOLFSSL_ASN1_TIME notBefore; + WOLFSSL_ASN1_TIME notAfter; + buffer sig; + int sigOID; +#ifndef NO_CERTS + DerBuffer * derCert; +#endif + void * heap; + int dynamic; /* whether struct was dynamically allocated */ + /* copy of raw Attributes field from */ + byte holderSerial[EXTERNAL_SERIAL_SIZE]; + int holderSerialSz; + DNS_entry * holderEntityName; /* Holder entityName from ACERT */ + DNS_entry * holderIssuerName; /* issuerName from ACERT */ + DNS_entry * AttCertIssuerName; /* AttCertIssuer name from ACERT */ + byte * rawAttr; + word32 rawAttrLen; +}; +#endif /* WOLFSSL_ACERT */ /* record layer header for PlainText, Compressed, and CipherText */ typedef struct RecordLayerHeader { @@ -5376,6 +5573,7 @@ typedef struct BuildMsgArgs { word32 headerSz; word16 size; word32 ivSz; /* TLSv1.1 IV */ + byte type; byte* iv; ALIGN16 byte staticIvBuffer[MAX_IV_SZ]; } BuildMsgArgs; @@ -5509,20 +5707,37 @@ typedef struct Dtls13RecordNumber { } Dtls13RecordNumber; typedef struct Dtls13Rtx { - enum Dtls13RtxFsmState state; +#ifdef WOLFSSL_RW_THREADED + wolfSSL_Mutex mutex; +#endif + enum Dtls13RtxFsmState state; /* Unused? */ Dtls13RtxRecord *rtxRecords; Dtls13RtxRecord **rtxRecordTailPtr; Dtls13RecordNumber *seenRecords; word32 lastRtx; - byte triggeredRtxs; - byte sendAcks:1; - byte retransmit:1; + byte triggeredRtxs; /* Unused? */ + byte sendAcks; + byte retransmit; } Dtls13Rtx; #endif /* WOLFSSL_DTLS13 */ #ifdef WOLFSSL_DTLS_CID -typedef struct CIDInfo CIDInfo; +typedef struct ConnectionID { + byte length; +/* Ignore "nonstandard extension used : zero-sized array in struct/union" + * MSVC warning */ +#ifdef _MSC_VER +#pragma warning(disable: 4200) +#endif + byte id[]; +} ConnectionID; + +typedef struct CIDInfo { + ConnectionID* tx; + ConnectionID* rx; + byte negotiated : 1; +} CIDInfo; #endif /* WOLFSSL_DTLS_CID */ /* The idea is to reuse the context suites object whenever possible to save @@ -5780,10 +5995,10 @@ struct WOLFSSL { /* used to store the message if it needs to be fragmented */ buffer dtls13FragmentsBuffer; byte dtls13SendingFragments:1; - byte dtls13SendingAckOrRtx:1; + byte dtls13SendingAckOrRtx; byte dtls13FastTimeout:1; - byte dtls13WaitKeyUpdateAck:1; - byte dtls13DoKeyUpdate:1; + byte dtls13WaitKeyUpdateAck; + byte dtls13DoKeyUpdate; word32 dtls13MessageLength; word32 dtls13FragOffset; byte dtls13FragHandshakeType; @@ -5883,6 +6098,9 @@ struct WOLFSSL { char* url; #endif #endif +#if defined(WOLFSSL_TLS13) && defined(HAVE_CERTIFICATE_STATUS_REQUEST) + word32 response_idx; +#endif #endif #ifdef HAVE_NETX NetX_Ctx nxCtx; /* NetX IO Context */ @@ -6102,8 +6320,10 @@ WOLFSSL_API void SSL_ResourceFree(WOLFSSL* ssl); /* Micrium uses */ int type, WOLFSSL* ssl, int userChain, WOLFSSL_CRL* crl, int verify); + #ifndef NO_ASN WOLFSSL_LOCAL int CheckHostName(DecodedCert* dCert, const char *domainName, - size_t domainNameLen); + size_t domainNameLen, unsigned int flags); + #endif #endif @@ -6130,6 +6350,7 @@ enum ContentType { alert = 21, handshake = 22, application_data = 23, + dtls12_cid = 25, #ifdef WOLFSSL_DTLS13 ack = 26, #endif /* WOLFSSL_DTLS13 */ @@ -6234,6 +6455,9 @@ WOLFSSL_LOCAL int DoClientTicket_ex(const WOLFSSL* ssl, PreSharedKey* psk, WOLFSSL_LOCAL int DoClientTicket(WOLFSSL* ssl, const byte* input, word32 len); #endif /* HAVE_SESSION_TICKET */ WOLFSSL_LOCAL int SendData(WOLFSSL* ssl, const void* data, int sz); +#ifdef WOLFSSL_THREADED_CRYPT +WOLFSSL_LOCAL int SendAsyncData(WOLFSSL* ssl); +#endif #ifdef WOLFSSL_TLS13 WOLFSSL_LOCAL int SendTls13ServerHello(WOLFSSL* ssl, byte extMsgType); #endif @@ -6386,10 +6610,13 @@ WOLFSSL_LOCAL WC_RNG* WOLFSSL_RSA_GetRNG(WOLFSSL_RSA *rsa, WC_RNG **tmpRNG, #ifndef GetCA WOLFSSL_LOCAL Signer* GetCA(void* vp, byte* hash); #endif - #ifdef WOLFSSL_AKID_NAME + #if defined(WOLFSSL_AKID_NAME) && !defined(GetCAByAKID) WOLFSSL_LOCAL Signer* GetCAByAKID(void* vp, const byte* issuer, word32 issuerSz, const byte* serial, word32 serialSz); #endif + #if defined(HAVE_OCSP) && !defined(GetCAByKeyHash) + WOLFSSL_LOCAL Signer* GetCAByKeyHash(void* vp, const byte* keyHash); + #endif #if !defined(NO_SKID) && !defined(GetCAByName) WOLFSSL_LOCAL Signer* GetCAByName(void* cm, byte* hash); #endif @@ -6416,6 +6643,7 @@ WOLFSSL_LOCAL void DoCertFatalAlert(WOLFSSL* ssl, int ret); #endif WOLFSSL_LOCAL int cipherExtraData(WOLFSSL* ssl); +WOLFSSL_LOCAL word32 MacSize(const WOLFSSL* ssl); #ifndef NO_WOLFSSL_CLIENT WOLFSSL_LOCAL int HaveUniqueSessionObj(WOLFSSL* ssl); @@ -6434,6 +6662,10 @@ WOLFSSL_LOCAL int cipherExtraData(WOLFSSL* ssl); WOLFSSL_LOCAL int SendServerHelloDone(WOLFSSL* ssl); #endif /* NO_WOLFSSL_SERVER */ +#ifdef WOLFSSL_TLS13 + WOLFSSL_LOCAL int SendTls13KeyUpdate(WOLFSSL* ssl); +#endif + #ifdef WOLFSSL_DTLS WOLFSSL_LOCAL DtlsMsg* DtlsMsgNew(word32 sz, byte tx, void* heap); WOLFSSL_LOCAL void DtlsMsgDelete(DtlsMsg* item, void* heap); @@ -6512,10 +6744,18 @@ WOLFSSL_LOCAL enum wc_HashType HashAlgoToType(int hashAlgo); WOLFSSL_LOCAL void InitX509(WOLFSSL_X509* x509, int dynamicFlag, void* heap); WOLFSSL_LOCAL void FreeX509(WOLFSSL_X509* x509); + #ifndef NO_ASN WOLFSSL_LOCAL int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert); + #endif #endif +#if defined(WOLFSSL_ACERT) + WOLFSSL_LOCAL int CopyDecodedAcertToX509(WOLFSSL_X509_ACERT* x509, + DecodedAcert* dAcert); +#endif /* WOLFSSL_ACERT */ + + #ifndef MAX_CIPHER_NAME #define MAX_CIPHER_NAME 50 #endif @@ -6533,7 +6773,7 @@ typedef struct CipherSuiteInfo { #endif byte cipherSuite0; byte cipherSuite; -#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || \ +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_QT) || \ defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX) byte minor; byte major; @@ -6563,7 +6803,7 @@ WOLFSSL_LOCAL const char* GetCipherNameIana(byte cipherSuite0, byte cipherSuite) WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl); WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_iana(WOLFSSL* ssl); WOLFSSL_LOCAL int GetCipherSuiteFromName(const char* name, byte* cipherSuite0, - byte* cipherSuite, int* flags); + byte* cipherSuite, byte* major, byte* minor, int* flags); enum encrypt_side { @@ -6572,6 +6812,9 @@ enum encrypt_side { ENCRYPT_AND_DECRYPT_SIDE }; +WOLFSSL_LOCAL int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, + CipherSpecs* specs, int side, void* heap, int devId, WC_RNG* rng, + int tls13); WOLFSSL_LOCAL int SetKeysSide(WOLFSSL* ssl, enum encrypt_side side); /* Set*Internal and Set*External functions */ @@ -6714,6 +6957,7 @@ WOLFSSL_LOCAL int Dtls13RlAddCiphertextHeader(WOLFSSL* ssl, byte* out, word16 length); WOLFSSL_LOCAL int Dtls13RlAddPlaintextHeader(WOLFSSL* ssl, byte* out, enum ContentType content_type, word16 length); +WOLFSSL_LOCAL int Dtls13MinimumRecordLength(WOLFSSL* ssl); WOLFSSL_LOCAL int Dtls13EncryptRecordNumber(WOLFSSL* ssl, byte* hdr, word16 recordLength); WOLFSSL_LOCAL int Dtls13IsUnifiedHeader(byte header_flags); @@ -6731,6 +6975,7 @@ WOLFSSL_LOCAL int Dtls13HandshakeAddHeader(WOLFSSL* ssl, byte* output, enum HandShakeType msg_type, word32 length); #define EE_MASK (0x3) WOLFSSL_LOCAL int Dtls13FragmentsContinue(WOLFSSL* ssl); +WOLFSSL_LOCAL int DoDtls13KeyUpdateAck(WOLFSSL* ssl); WOLFSSL_LOCAL int DoDtls13Ack(WOLFSSL* ssl, const byte* input, word32 inputSize, word32* processedSize); WOLFSSL_LOCAL int Dtls13ReconstructEpochNumber(WOLFSSL* ssl, byte epochBits, @@ -6863,10 +7108,20 @@ WOLFSSL_LOCAL int CreateCookieExt(const WOLFSSL* ssl, byte* hash, WOLFSSL_LOCAL int TranslateErrorToAlert(int err); #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) -void* wolfssl_sk_pop_type(WOLFSSL_STACK* sk, WOLF_STACK_TYPE type); -WOLFSSL_STACK* wolfssl_sk_new_type(WOLF_STACK_TYPE type); +WOLFSSL_LOCAL void* wolfssl_sk_pop_type(WOLFSSL_STACK* sk, + WOLF_STACK_TYPE type); +WOLFSSL_LOCAL WOLFSSL_STACK* wolfssl_sk_new_type(WOLF_STACK_TYPE type); + +WOLFSSL_LOCAL int wolfssl_asn1_obj_set(WOLFSSL_ASN1_OBJECT* obj, + const byte* der, word32 len, int addHdr); #endif +WOLFSSL_LOCAL int pkcs8_encode(WOLFSSL_EVP_PKEY* pkey, byte* key, + word32* keySz); +WOLFSSL_LOCAL int pkcs8_encrypt(WOLFSSL_EVP_PKEY* pkey, + const WOLFSSL_EVP_CIPHER* enc, char* passwd, int passwdSz, byte* key, + word32* keySz); + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/src/wolfssl/ocsp.h b/src/wolfssl/ocsp.h index 4dff068..f2e234f 100644 --- a/src/wolfssl/ocsp.h +++ b/src/wolfssl/ocsp.h @@ -1,6 +1,6 @@ /* ocsp.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -48,6 +48,16 @@ typedef struct OcspEntry WOLFSSL_OCSP_SINGLERESP; typedef struct OcspRequest WOLFSSL_OCSP_ONEREQ; typedef struct OcspRequest WOLFSSL_OCSP_REQUEST; + +typedef struct { + WOLFSSL_BIO *bio; + WOLFSSL_BIO *reqResp; /* First used for request then for response */ + byte* buf; + int bufLen; + int state; + int ioState; + int sent; +} WOLFSSL_OCSP_REQ_CTX; #endif WOLFSSL_LOCAL int InitOCSP(WOLFSSL_OCSP* ocsp, WOLFSSL_CERT_MANAGER* cm); @@ -67,13 +77,11 @@ WOLFSSL_LOCAL int CheckOcspResponse(WOLFSSL_OCSP *ocsp, byte *response, int resp WOLFSSL_LOCAL int CheckOcspResponder(OcspResponse *bs, DecodedCert *cert, void* vp); -#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \ - defined(WOLFSSL_APACHE_HTTPD) || defined(HAVE_LIGHTY) - - WOLFSSL_API int wolfSSL_OCSP_resp_find_status(WOLFSSL_OCSP_BASICRESP *bs, - WOLFSSL_OCSP_CERTID *id, int *status, int *reason, - WOLFSSL_ASN1_TIME **revtime, WOLFSSL_ASN1_TIME **thisupd, - WOLFSSL_ASN1_TIME **nextupd); +#ifdef OPENSSL_EXTRA +WOLFSSL_API int wolfSSL_OCSP_resp_find_status(WOLFSSL_OCSP_BASICRESP *bs, + WOLFSSL_OCSP_CERTID *id, int *status, int *reason, + WOLFSSL_ASN1_TIME **revtime, WOLFSSL_ASN1_TIME **thisupd, + WOLFSSL_ASN1_TIME **nextupd); WOLFSSL_API const char *wolfSSL_OCSP_cert_status_str(long s); WOLFSSL_API int wolfSSL_OCSP_check_validity(WOLFSSL_ASN1_TIME* thisupd, WOLFSSL_ASN1_TIME* nextupd, long sec, long maxsec); @@ -132,8 +140,21 @@ WOLFSSL_API int wolfSSL_OCSP_resp_count(WOLFSSL_OCSP_BASICRESP *bs); WOLFSSL_API WOLFSSL_OCSP_SINGLERESP* wolfSSL_OCSP_resp_get0( WOLFSSL_OCSP_BASICRESP *bs, int idx); -#endif -#ifdef OPENSSL_EXTRA +WOLFSSL_API WOLFSSL_OCSP_REQ_CTX* wolfSSL_OCSP_REQ_CTX_new(WOLFSSL_BIO *bio, + int maxline); +WOLFSSL_API void wolfSSL_OCSP_REQ_CTX_free(WOLFSSL_OCSP_REQ_CTX *ctx); +WOLFSSL_API WOLFSSL_OCSP_REQ_CTX *wolfSSL_OCSP_sendreq_new(WOLFSSL_BIO *bio, + const char *path, OcspRequest *req, int maxline); +WOLFSSL_API int wolfSSL_OCSP_REQ_CTX_set1_req(WOLFSSL_OCSP_REQ_CTX *ctx, + OcspRequest *req); +WOLFSSL_API int wolfSSL_OCSP_REQ_CTX_add1_header(WOLFSSL_OCSP_REQ_CTX *ctx, + const char *name, const char *value); +WOLFSSL_API int wolfSSL_OCSP_REQ_CTX_http(WOLFSSL_OCSP_REQ_CTX *ctx, + const char *op, const char *path); +WOLFSSL_API int wolfSSL_OCSP_REQ_CTX_nbio(WOLFSSL_OCSP_REQ_CTX *ctx); +WOLFSSL_API int wolfSSL_OCSP_sendreq_nbio(OcspResponse **presp, + WOLFSSL_OCSP_REQ_CTX *rctx); + WOLFSSL_API int wolfSSL_OCSP_REQUEST_add_ext(OcspRequest* req, WOLFSSL_X509_EXTENSION* ext, int idx); WOLFSSL_API OcspResponse* wolfSSL_OCSP_response_create(int status, @@ -148,7 +169,7 @@ WOLFSSL_API int wolfSSL_OCSP_request_add1_nonce(OcspRequest* req, unsigned char* val, int sz); WOLFSSL_API int wolfSSL_OCSP_check_nonce(OcspRequest* req, WOLFSSL_OCSP_BASICRESP* bs); -#endif +#endif /* OPENSSL_EXTRA */ #ifdef __cplusplus diff --git a/src/wolfssl/openssl/aes.h b/src/wolfssl/openssl/aes.h index 38e71ae..2991ff0 100644 --- a/src/wolfssl/openssl/aes.h +++ b/src/wolfssl/openssl/aes.h @@ -1,6 +1,6 @@ /* aes.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/asn1.h b/src/wolfssl/openssl/asn1.h index 12ad369..5fbb726 100644 --- a/src/wolfssl/openssl/asn1.h +++ b/src/wolfssl/openssl/asn1.h @@ -1,6 +1,6 @@ /* asn1.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -38,7 +38,6 @@ #define c2i_ASN1_OBJECT wolfSSL_c2i_ASN1_OBJECT #define V_ASN1_INTEGER 0x02 -#define V_ASN1_OCTET_STRING 0x04 /* tag for ASN1_OCTET_STRING */ #define V_ASN1_NEG 0x100 #define V_ASN1_NEG_INTEGER (2 | V_ASN1_NEG) #define V_ASN1_NEG_ENUMERATED (10 | V_ASN1_NEG) @@ -73,6 +72,8 @@ #define ASN1_TIME_set wolfSSL_ASN1_TIME_set #define V_ASN1_EOC 0 +#define V_ASN1_BOOLEAN 1 +#define V_ASN1_OCTET_STRING 4 #define V_ASN1_NULL 5 #define V_ASN1_OBJECT 6 #define V_ASN1_UTF8STRING 12 @@ -111,6 +112,7 @@ WOLFSSL_API WOLFSSL_ASN1_INTEGER *wolfSSL_BN_to_ASN1_INTEGER( const WOLFSSL_BIGNUM *bn, WOLFSSL_ASN1_INTEGER *ai); WOLFSSL_API void wolfSSL_ASN1_TYPE_set(WOLFSSL_ASN1_TYPE *a, int type, void *value); +WOLFSSL_API int wolfSSL_ASN1_TYPE_get(const WOLFSSL_ASN1_TYPE *a); WOLFSSL_API int wolfSSL_ASN1_get_object(const unsigned char **in, long *len, int *tag, int *cls, long inLen); @@ -122,50 +124,165 @@ WOLFSSL_API WOLFSSL_ASN1_OBJECT *wolfSSL_c2i_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT **a /* IMPLEMENT_ASN1_FUNCTIONS is strictly for external use only. Internally * we don't use this. Some projects use OpenSSL to implement ASN1 types and * this section is only to provide those projects with ASN1 functionality. */ -typedef struct { + +typedef void* (*WolfsslAsn1NewCb)(void); +typedef void (*WolfsslAsn1FreeCb)(void*); +typedef int (*WolfsslAsn1i2dCb)(const void*, unsigned char**); +typedef void* (*WolfsslAsn1d2iCb)(void**, const byte **, long); + +struct WOLFSSL_ASN1_TEMPLATE { + /* Type functions */ + WolfsslAsn1NewCb new_func; + WolfsslAsn1FreeCb free_func; + WolfsslAsn1i2dCb i2d_func; + WolfsslAsn1d2iCb d2i_func; + /* Member info */ size_t offset; /* Offset of this field in structure */ - byte type; /* The type of the member as defined in - * WOLFSSL_ASN1_TYPES */ -} WOLFSSL_ASN1_TEMPLATE; - -typedef struct { - byte type; /* One of the ASN_Tags types */ - const WOLFSSL_ASN1_TEMPLATE *members; /* If SEQUENCE or CHOICE this - * contains the contents */ + /* DER info */ + int tag; + byte first_byte; /* First expected byte. Required for + * IMPLICIT types. */ + byte ex:1; /* explicit, name conflicts with C++ keyword */ + byte sequence:1; +}; + +enum WOLFSSL_ASN1_TYPES { + WOLFSSL_ASN1_SEQUENCE = 0, + WOLFSSL_ASN1_CHOICE, + WOLFSSL_ASN1_OBJECT_TYPE, +}; + +struct WOLFSSL_ASN1_ITEM { + enum WOLFSSL_ASN1_TYPES type; + const struct WOLFSSL_ASN1_TEMPLATE* members; /* If SEQUENCE or CHOICE this + * contains the contents */ size_t mcount; /* Number of members if SEQUENCE * or CHOICE */ size_t size; /* Structure size */ -} WOLFSSL_ASN1_ITEM; + size_t toffset; /* Type offset */ +}; -typedef enum { - WOLFSSL_X509_ALGOR_ASN1 = 0, - WOLFSSL_ASN1_BIT_STRING_ASN1, - WOLFSSL_ASN1_INTEGER_ASN1, -} WOLFSSL_ASN1_TYPES; +typedef struct WOLFSSL_ASN1_TEMPLATE WOLFSSL_ASN1_TEMPLATE; +typedef struct WOLFSSL_ASN1_ITEM WOLFSSL_ASN1_ITEM; -#define ASN1_SEQUENCE(type) \ - static const WOLFSSL_ASN1_TEMPLATE type##_member_data[] +#define ASN1_BIT_STRING_FIRST_BYTE ASN_BIT_STRING +#define ASN1_TFLG_EXPLICIT (0x1 << 0) +#define ASN1_TFLG_SEQUENCE_OF (0x1 << 1) +#define ASN1_TFLG_IMPTAG (0x1 << 2) +#define ASN1_TFLG_EXPTAG (0x1 << 3) -#define ASN1_SIMPLE(type, member, member_type) \ - { OFFSETOF(type, member), \ - WOLFSSL_##member_type##_ASN1 } +#define ASN1_TFLG_TAG_MASK (ASN1_TFLG_IMPTAG|ASN1_TFLG_EXPTAG) + +#define ASN1_ITEM_TEMPLATE(mtype) \ + static const WOLFSSL_ASN1_TEMPLATE mtype##_member_data + +#define ASN1_ITEM_TEMPLATE_END(mtype) \ + ; \ + const WOLFSSL_ASN1_ITEM mtype##_template_data = { \ + WOLFSSL_ASN1_OBJECT_TYPE, \ + &mtype##_member_data, \ + 1, \ + 0, \ + 0 \ + }; + +#define ASN1_SEQUENCE(mtype) \ + static const WOLFSSL_ASN1_TEMPLATE mtype##_member_data[] + +#define ASN1_SEQUENCE_END(mtype) \ + ; \ + const WOLFSSL_ASN1_ITEM mtype##_template_data = { \ + WOLFSSL_ASN1_SEQUENCE, \ + mtype##_member_data, \ + sizeof(mtype##_member_data) / sizeof(WOLFSSL_ASN1_TEMPLATE), \ + sizeof(mtype), \ + 0 \ + }; \ + static WC_MAYBE_UNUSED const byte mtype##_FIRST_BYTE = \ + ASN_CONSTRUCTED | ASN_SEQUENCE; + +/* This is what a ASN1_CHOICE type should look like + * typedef struct { + * int type; + * union { + * ASN1_SOMETHING *opt1; + * ASN1_SOMEOTHER *opt2; + * } value; + * } chname; + */ + +#define ASN1_CHOICE(mtype) \ + static const WOLFSSL_ASN1_TEMPLATE mtype##_member_data[] -#define ASN1_SEQUENCE_END(type) \ +#define ASN1_CHOICE_END(mtype) \ ; \ - const WOLFSSL_ASN1_ITEM type##_template_data = { \ - ASN_SEQUENCE, \ - type##_member_data, \ - sizeof(type##_member_data) / sizeof(WOLFSSL_ASN1_TEMPLATE), \ - sizeof(type) \ + const WOLFSSL_ASN1_ITEM mtype##_template_data = { \ + WOLFSSL_ASN1_CHOICE, \ + mtype##_member_data, \ + sizeof(mtype##_member_data) / sizeof(WOLFSSL_ASN1_TEMPLATE), \ + sizeof(mtype) ,\ + OFFSETOF(mtype, type) \ }; +#define ASN1_TYPE(type, member, tag, first_byte, exp, seq) \ + OFFSETOF(type, member), tag, first_byte, exp, seq + +/* Function callbacks need to be defined immediately otherwise we will + * incorrectly expand the type. Ex: ASN1_INTEGER -> WOLFSSL_ASN1_INTEGER */ + +#define ASN1_SIMPLE(type, member, member_type) \ + { (WolfsslAsn1NewCb)member_type##_new, \ + (WolfsslAsn1FreeCb)member_type##_free, \ + (WolfsslAsn1i2dCb)i2d_##member_type, \ + (WolfsslAsn1d2iCb)d2i_##member_type, \ + ASN1_TYPE(type, member, -1, 0, 0, 0) } + +#define ASN1_IMP(type, member, member_type, tag) \ + { (WolfsslAsn1NewCb)member_type##_new, \ + (WolfsslAsn1FreeCb)member_type##_free, \ + (WolfsslAsn1i2dCb)i2d_##member_type, \ + (WolfsslAsn1d2iCb)d2i_##member_type, \ + ASN1_TYPE(type, member, tag, member_type##_FIRST_BYTE, 0, 0) } + +#define ASN1_EXP(type, member, member_type, tag) \ + { (WolfsslAsn1NewCb)member_type##_new, \ + (WolfsslAsn1FreeCb)member_type##_free, \ + (WolfsslAsn1i2dCb)i2d_##member_type, \ + (WolfsslAsn1d2iCb)d2i_##member_type, \ + ASN1_TYPE(type, member, tag, 0, 1, 0) } + +#define ASN1_SEQUENCE_OF(type, member, member_type) \ + { (WolfsslAsn1NewCb)member_type##_new, \ + (WolfsslAsn1FreeCb)member_type##_free, \ + (WolfsslAsn1i2dCb)i2d_##member_type, \ + (WolfsslAsn1d2iCb)d2i_##member_type, \ + ASN1_TYPE(type, member, -1, 0, 0, 1) } + +#define ASN1_EXP_SEQUENCE_OF(type, member, member_type, tag) \ + { (WolfsslAsn1NewCb)member_type##_new, \ + (WolfsslAsn1FreeCb)member_type##_free, \ + (WolfsslAsn1i2dCb)i2d_##member_type, \ + (WolfsslAsn1d2iCb)d2i_##member_type, \ + ASN1_TYPE(type, member, tag, 0, 1, 1) } + +#define ASN1_EX_TEMPLATE_TYPE(flags, tag, name, member_type) \ + { (WolfsslAsn1NewCb)member_type##_new, \ + (WolfsslAsn1FreeCb)member_type##_free, \ + (WolfsslAsn1i2dCb)i2d_##member_type, \ + (WolfsslAsn1d2iCb)d2i_##member_type, \ + 0, (flags) & ASN1_TFLG_TAG_MASK ? (tag) : -1, 0, \ + !!((flags) & ASN1_TFLG_EXPLICIT), TRUE } + WOLFSSL_API void *wolfSSL_ASN1_item_new(const WOLFSSL_ASN1_ITEM *tpl); -WOLFSSL_API void wolfSSL_ASN1_item_free(void *val, const WOLFSSL_ASN1_ITEM *tpl); +WOLFSSL_API void wolfSSL_ASN1_item_free(void *obj, + const WOLFSSL_ASN1_ITEM *item); WOLFSSL_API int wolfSSL_ASN1_item_i2d(const void *src, byte **dest, const WOLFSSL_ASN1_ITEM *tpl); +WOLFSSL_API void* wolfSSL_ASN1_item_d2i(void** dst, const byte **src, long len, + const WOLFSSL_ASN1_ITEM* item); /* Need function declaration otherwise compiler complains */ -/* // NOLINTBEGIN(readability-named-parameter) */ +/* // NOLINTBEGIN(readability-named-parameter,bugprone-macro-parentheses) */ #define IMPLEMENT_ASN1_FUNCTIONS(type) \ type *type##_new(void); \ type *type##_new(void){ \ @@ -178,15 +295,23 @@ WOLFSSL_API int wolfSSL_ASN1_item_i2d(const void *src, byte **dest, int i2d_##type(type *src, byte **dest); \ int i2d_##type(type *src, byte **dest) \ { \ - return wolfSSL_ASN1_item_i2d(src, dest, &type##_template_data);\ + return wolfSSL_ASN1_item_i2d(src, dest, &type##_template_data); \ + } \ + type* d2i_##type(type **dst, const byte **src, long len); \ + type* d2i_##type(type **dst, const byte **src, long len) \ + { \ + return (type*)wolfSSL_ASN1_item_d2i((void**)dst, src, len, \ + &type##_template_data); \ } -/* // NOLINTEND(readability-named-parameter) */ +/* // NOLINTEND(readability-named-parameter,bugprone-macro-parentheses) */ #endif /* OPENSSL_ALL */ #define BN_to_ASN1_INTEGER wolfSSL_BN_to_ASN1_INTEGER #define ASN1_TYPE_set wolfSSL_ASN1_TYPE_set +#define ASN1_TYPE_get wolfSSL_ASN1_TYPE_get #define ASN1_TYPE_new wolfSSL_ASN1_TYPE_new #define ASN1_TYPE_free wolfSSL_ASN1_TYPE_free +#define i2d_ASN1_TYPE wolfSSL_i2d_ASN1_TYPE #endif /* WOLFSSL_ASN1_H_ */ diff --git a/src/wolfssl/openssl/asn1t.h b/src/wolfssl/openssl/asn1t.h index e7d5aff..e74ee26 100644 --- a/src/wolfssl/openssl/asn1t.h +++ b/src/wolfssl/openssl/asn1t.h @@ -1,6 +1,6 @@ /* asn1t.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/bio.h b/src/wolfssl/openssl/bio.h index 9206b09..198ca4e 100644 --- a/src/wolfssl/openssl/bio.h +++ b/src/wolfssl/openssl/bio.h @@ -1,6 +1,6 @@ /* bio.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -61,6 +61,7 @@ #define BIO_s_file wolfSSL_BIO_s_file #define BIO_s_bio wolfSSL_BIO_s_bio #define BIO_s_socket wolfSSL_BIO_s_socket +#define BIO_s_datagram wolfSSL_BIO_s_datagram #define BIO_s_accept wolfSSL_BIO_s_socket #define BIO_set_fd wolfSSL_BIO_set_fd #define BIO_set_close wolfSSL_BIO_set_close @@ -168,7 +169,10 @@ #define BIO_C_SET_WRITE_BUF_SIZE 136 #define BIO_C_MAKE_BIO_PAIR 138 -#define BIO_CTRL_DGRAM_QUERY_MTU 40 +#define BIO_CTRL_DGRAM_CONNECT 31 +#define BIO_CTRL_DGRAM_SET_CONNECTED 32 +#define BIO_CTRL_DGRAM_QUERY_MTU 40 +#define BIO_CTRL_DGRAM_SET_PEER 44 #define BIO_FP_TEXT 0x00 #define BIO_NOCLOSE 0x00 diff --git a/src/wolfssl/openssl/bn.h b/src/wolfssl/openssl/bn.h index d5ad52b..a3afd61 100644 --- a/src/wolfssl/openssl/bn.h +++ b/src/wolfssl/openssl/bn.h @@ -1,6 +1,6 @@ /* bn.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -150,6 +150,7 @@ WOLFSSL_API int wolfSSL_BN_lshift(WOLFSSL_BIGNUM* r, const WOLFSSL_BIGNUM* bn, int n); WOLFSSL_API int wolfSSL_BN_add_word(WOLFSSL_BIGNUM* bn, WOLFSSL_BN_ULONG w); WOLFSSL_API int wolfSSL_BN_sub_word(WOLFSSL_BIGNUM* bn, WOLFSSL_BN_ULONG w); +WOLFSSL_API int wolfSSL_BN_mul_word(WOLFSSL_BIGNUM *bn, WOLFSSL_BN_ULONG w); WOLFSSL_API int wolfSSL_BN_set_bit(WOLFSSL_BIGNUM* bn, int n); WOLFSSL_API int wolfSSL_BN_clear_bit(WOLFSSL_BIGNUM* bn, int n); WOLFSSL_API int wolfSSL_BN_set_word(WOLFSSL_BIGNUM* bn, WOLFSSL_BN_ULONG w); @@ -254,6 +255,7 @@ typedef WOLFSSL_BN_GENCB BN_GENCB; #define BN_lshift wolfSSL_BN_lshift #define BN_add_word wolfSSL_BN_add_word +#define BN_mul_word wolfSSL_BN_mul_word #define BN_sub_word wolfSSL_BN_sub_word #define BN_add wolfSSL_BN_add #define BN_mod_add wolfSSL_BN_mod_add diff --git a/src/wolfssl/openssl/buffer.h b/src/wolfssl/openssl/buffer.h index 52a7813..c9f2790 100644 --- a/src/wolfssl/openssl/buffer.h +++ b/src/wolfssl/openssl/buffer.h @@ -1,6 +1,6 @@ /* buffer.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/camellia.h b/src/wolfssl/openssl/camellia.h index aa830f5..0cad9c9 100644 --- a/src/wolfssl/openssl/camellia.h +++ b/src/wolfssl/openssl/camellia.h @@ -1,6 +1,6 @@ /* camellia.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/cmac.h b/src/wolfssl/openssl/cmac.h index 5ae013c..dd08497 100644 --- a/src/wolfssl/openssl/cmac.h +++ b/src/wolfssl/openssl/cmac.h @@ -1,6 +1,6 @@ /* cmac.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/cms.h b/src/wolfssl/openssl/cms.h index 5355c61..7febb67 100644 --- a/src/wolfssl/openssl/cms.h +++ b/src/wolfssl/openssl/cms.h @@ -1,6 +1,6 @@ /* cms.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/compat_types.h b/src/wolfssl/openssl/compat_types.h index c1afd62..61cc80a 100644 --- a/src/wolfssl/openssl/compat_types.h +++ b/src/wolfssl/openssl/compat_types.h @@ -1,6 +1,6 @@ /* compat_types.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -50,6 +50,8 @@ typedef struct WOLFSSL_EVP_PKEY_CTX WOLFSSL_EVP_PKEY_CTX; typedef struct WOLFSSL_EVP_CIPHER_CTX WOLFSSL_EVP_CIPHER_CTX; typedef struct WOLFSSL_ASN1_PCTX WOLFSSL_ASN1_PCTX; +typedef struct WOLFSSL_BIO WOLFSSL_BIO; + #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) typedef WOLFSSL_EVP_MD EVP_MD; typedef WOLFSSL_EVP_MD_CTX EVP_MD_CTX; diff --git a/src/wolfssl/openssl/conf.h b/src/wolfssl/openssl/conf.h index 7c3d721..4e9115f 100644 --- a/src/wolfssl/openssl/conf.h +++ b/src/wolfssl/openssl/conf.h @@ -1,6 +1,6 @@ /* conf.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/crypto.h b/src/wolfssl/openssl/crypto.h index a787da2..e436e93 100644 --- a/src/wolfssl/openssl/crypto.h +++ b/src/wolfssl/openssl/crypto.h @@ -1,6 +1,6 @@ /* crypto.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/des.h b/src/wolfssl/openssl/des.h index ca0be35..0f385a6 100644 --- a/src/wolfssl/openssl/des.h +++ b/src/wolfssl/openssl/des.h @@ -1,6 +1,6 @@ /* des.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/dh.h b/src/wolfssl/openssl/dh.h index eacd033..7ea0f62 100644 --- a/src/wolfssl/openssl/dh.h +++ b/src/wolfssl/openssl/dh.h @@ -1,6 +1,6 @@ /* dh.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -26,6 +26,7 @@ #define WOLFSSL_DH_H_ #include +#include #include #ifdef __cplusplus @@ -67,6 +68,9 @@ WOLFSSL_API int wolfSSL_DH_size(WOLFSSL_DH* dh); WOLFSSL_API int wolfSSL_DH_generate_key(WOLFSSL_DH* dh); WOLFSSL_API int wolfSSL_DH_compute_key(unsigned char* key, const WOLFSSL_BIGNUM* pub, WOLFSSL_DH* dh); +WOLFSSL_API int wolfSSL_DH_compute_key_padded(unsigned char* key, + const WOLFSSL_BIGNUM* otherPub, WOLFSSL_DH* dh); + WOLFSSL_API int wolfSSL_DH_LoadDer(WOLFSSL_DH* dh, const unsigned char* derBuf, int derSz); WOLFSSL_API int wolfSSL_DH_set_length(WOLFSSL_DH* dh, long len); @@ -91,6 +95,7 @@ typedef WOLFSSL_DH DH; #define DH_size wolfSSL_DH_size #define DH_generate_key wolfSSL_DH_generate_key #define DH_compute_key wolfSSL_DH_compute_key +#define DH_compute_key_padded wolfSSL_DH_compute_key_padded #define DH_set_length wolfSSL_DH_set_length #define DH_set0_pqg wolfSSL_DH_set0_pqg #define DH_get0_pqg wolfSSL_DH_get0_pqg @@ -98,6 +103,8 @@ typedef WOLFSSL_DH DH; #define DH_set0_key wolfSSL_DH_set0_key #define DH_bits(x) (BN_num_bits((x)->p)) +#define OPENSSL_DH_MAX_MODULUS_BITS DH_MAX_SIZE + #define DH_GENERATOR_2 2 #define DH_CHECK_P_NOT_PRIME 0x01 #define DH_CHECK_P_NOT_SAFE_PRIME 0x02 diff --git a/src/wolfssl/openssl/dsa.h b/src/wolfssl/openssl/dsa.h index 5a8c31c..6acb59e 100644 --- a/src/wolfssl/openssl/dsa.h +++ b/src/wolfssl/openssl/dsa.h @@ -1,6 +1,6 @@ /* dsa.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -26,6 +26,7 @@ #define WOLFSSL_DSA_H_ #include +#include #ifdef __cplusplus extern "C" { @@ -119,6 +120,8 @@ WOLFSSL_API WOLFSSL_DSA* wolfSSL_d2i_DSAparams( typedef WOLFSSL_DSA DSA; +#define OPENSSL_DSA_MAX_MODULUS_BITS 3072 + #define WOLFSSL_DSA_LOAD_PRIVATE 1 #define WOLFSSL_DSA_LOAD_PUBLIC 2 diff --git a/src/wolfssl/openssl/ec.h b/src/wolfssl/openssl/ec.h index da988c6..bd81894 100644 --- a/src/wolfssl/openssl/ec.h +++ b/src/wolfssl/openssl/ec.h @@ -1,6 +1,6 @@ /* ec.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -25,7 +25,9 @@ #define WOLFSSL_EC_H_ #include +#include #include +#include #include #include @@ -205,6 +207,9 @@ WOLFSSL_API int wolfSSL_EC_KEY_LoadDer_ex(WOLFSSL_EC_KEY* key, const unsigned char* der, int derSz, int opt); WOLFSSL_API +WOLFSSL_EC_KEY *wolfSSL_d2i_EC_PUBKEY_bio(WOLFSSL_BIO *bio, + WOLFSSL_EC_KEY **out); +WOLFSSL_API void wolfSSL_EC_KEY_free(WOLFSSL_EC_KEY *key); WOLFSSL_API WOLFSSL_EC_POINT *wolfSSL_EC_KEY_get0_public_key(const WOLFSSL_EC_KEY *key); @@ -371,6 +376,8 @@ typedef WOLFSSL_EC_KEY_METHOD EC_KEY_METHOD; #define EC_KEY_check_key wolfSSL_EC_KEY_check_key #define EC_KEY_print_fp wolfSSL_EC_KEY_print_fp +#define d2i_EC_PUBKEY_bio wolfSSL_d2i_EC_PUBKEY_bio + #define ECDSA_size wolfSSL_ECDSA_size #define ECDSA_sign wolfSSL_ECDSA_sign #define ECDSA_verify wolfSSL_ECDSA_verify @@ -424,6 +431,8 @@ typedef WOLFSSL_EC_KEY_METHOD EC_KEY_METHOD; #define i2d_ECPrivateKey wolfSSL_i2d_ECPrivateKey #define EC_KEY_set_conv_form wolfSSL_EC_KEY_set_conv_form #define EC_KEY_get_conv_form wolfSSL_EC_KEY_get_conv_form +#define d2i_ECPKParameters wolfSSL_d2i_ECPKParameters +#define i2d_ECPKParameters wolfSSL_i2d_ECPKParameters #define EC_POINT_point2hex wolfSSL_EC_POINT_point2hex #define EC_POINT_hex2point wolfSSL_EC_POINT_hex2point diff --git a/src/wolfssl/openssl/ec25519.h b/src/wolfssl/openssl/ec25519.h index 6090311..0421ce8 100644 --- a/src/wolfssl/openssl/ec25519.h +++ b/src/wolfssl/openssl/ec25519.h @@ -1,6 +1,6 @@ /* ec25519.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/ec448.h b/src/wolfssl/openssl/ec448.h index 06ce1dd..89a9e1c 100644 --- a/src/wolfssl/openssl/ec448.h +++ b/src/wolfssl/openssl/ec448.h @@ -1,6 +1,6 @@ /* ec448.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/ecdh.h b/src/wolfssl/openssl/ecdh.h index 9f816b2..74b8c91 100644 --- a/src/wolfssl/openssl/ecdh.h +++ b/src/wolfssl/openssl/ecdh.h @@ -1,6 +1,6 @@ /* ecdh.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/ecdsa.h b/src/wolfssl/openssl/ecdsa.h index 385e5c0..704f56d 100644 --- a/src/wolfssl/openssl/ecdsa.h +++ b/src/wolfssl/openssl/ecdsa.h @@ -1,6 +1,6 @@ /* ecdsa.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/ed25519.h b/src/wolfssl/openssl/ed25519.h index a4f2a3a..d4c1b1b 100644 --- a/src/wolfssl/openssl/ed25519.h +++ b/src/wolfssl/openssl/ed25519.h @@ -1,6 +1,6 @@ /* ed25519.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/ed448.h b/src/wolfssl/openssl/ed448.h index 2d2b4b7..3c97862 100644 --- a/src/wolfssl/openssl/ed448.h +++ b/src/wolfssl/openssl/ed448.h @@ -1,6 +1,6 @@ /* ed448.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/err.h b/src/wolfssl/openssl/err.h index 178afa5..2af6407 100644 --- a/src/wolfssl/openssl/err.h +++ b/src/wolfssl/openssl/err.h @@ -1,6 +1,6 @@ /* err.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/evp.h b/src/wolfssl/openssl/evp.h index 346cefc..fbfea20 100644 --- a/src/wolfssl/openssl/evp.h +++ b/src/wolfssl/openssl/evp.h @@ -1,6 +1,6 @@ /* evp.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -722,6 +722,8 @@ WOLFSSL_API int wolfSSL_EVP_PKEY_keygen_init(WOLFSSL_EVP_PKEY_CTX *ctx); WOLFSSL_API int wolfSSL_EVP_PKEY_keygen(WOLFSSL_EVP_PKEY_CTX *ctx, WOLFSSL_EVP_PKEY **ppkey); WOLFSSL_API int wolfSSL_EVP_PKEY_bits(const WOLFSSL_EVP_PKEY *pkey); +WOLFSSL_API int wolfSSL_EVP_PKEY_is_a(const WOLFSSL_EVP_PKEY *pkey, + const char *name); #if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L WOLFSSL_API void wolfSSL_EVP_PKEY_CTX_free(WOLFSSL_EVP_PKEY_CTX *ctx); #else @@ -1111,6 +1113,7 @@ WOLFSSL_API int wolfSSL_EVP_SignInit_ex(WOLFSSL_EVP_MD_CTX* ctx, #define EVP_PKEY_keygen wolfSSL_EVP_PKEY_keygen #define EVP_PKEY_keygen_init wolfSSL_EVP_PKEY_keygen_init #define EVP_PKEY_bits wolfSSL_EVP_PKEY_bits +#define EVP_PKEY_is_a wolfSSL_EVP_PKEY_is_a #define EVP_PKEY_CTX_free wolfSSL_EVP_PKEY_CTX_free #define EVP_PKEY_CTX_new wolfSSL_EVP_PKEY_CTX_new #define EVP_PKEY_CTX_set_rsa_padding wolfSSL_EVP_PKEY_CTX_set_rsa_padding diff --git a/src/wolfssl/openssl/fips_rand.h b/src/wolfssl/openssl/fips_rand.h index 586a957..58f21b3 100644 --- a/src/wolfssl/openssl/fips_rand.h +++ b/src/wolfssl/openssl/fips_rand.h @@ -1,6 +1,6 @@ /* fips_rand.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/hmac.h b/src/wolfssl/openssl/hmac.h index 818c860..71a473b 100644 --- a/src/wolfssl/openssl/hmac.h +++ b/src/wolfssl/openssl/hmac.h @@ -1,6 +1,6 @@ /* hmac.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/include.am b/src/wolfssl/openssl/include.am index dee416c..84e0dbb 100644 --- a/src/wolfssl/openssl/include.am +++ b/src/wolfssl/openssl/include.am @@ -46,6 +46,7 @@ nobase_include_HEADERS+= \ wolfssl/openssl/pkcs7.h \ wolfssl/openssl/rand.h \ wolfssl/openssl/rsa.h \ + wolfssl/openssl/safestack.h \ wolfssl/openssl/sha.h \ wolfssl/openssl/sha3.h \ wolfssl/openssl/srp.h \ diff --git a/src/wolfssl/openssl/kdf.h b/src/wolfssl/openssl/kdf.h index 29537df..08d8327 100644 --- a/src/wolfssl/openssl/kdf.h +++ b/src/wolfssl/openssl/kdf.h @@ -1,6 +1,6 @@ /* kdf.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/lhash.h b/src/wolfssl/openssl/lhash.h index 06c62a2..4c1637a 100644 --- a/src/wolfssl/openssl/lhash.h +++ b/src/wolfssl/openssl/lhash.h @@ -1,6 +1,6 @@ /* lhash.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/md4.h b/src/wolfssl/openssl/md4.h index e1f8b9e..d478e96 100644 --- a/src/wolfssl/openssl/md4.h +++ b/src/wolfssl/openssl/md4.h @@ -1,6 +1,6 @@ /* md4.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/md5.h b/src/wolfssl/openssl/md5.h index 81b6000..62533a9 100644 --- a/src/wolfssl/openssl/md5.h +++ b/src/wolfssl/openssl/md5.h @@ -1,6 +1,6 @@ /* md5.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/modes.h b/src/wolfssl/openssl/modes.h index 3288f50..e6a584c 100644 --- a/src/wolfssl/openssl/modes.h +++ b/src/wolfssl/openssl/modes.h @@ -1,6 +1,6 @@ /* modes.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/obj_mac.h b/src/wolfssl/openssl/obj_mac.h index f3fcd85..b083f04 100644 --- a/src/wolfssl/openssl/obj_mac.h +++ b/src/wolfssl/openssl/obj_mac.h @@ -1,6 +1,6 @@ /* obj_mac.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/objects.h b/src/wolfssl/openssl/objects.h index 5f8d8f7..08640fb 100644 --- a/src/wolfssl/openssl/objects.h +++ b/src/wolfssl/openssl/objects.h @@ -1,6 +1,6 @@ /* objects.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/ocsp.h b/src/wolfssl/openssl/ocsp.h index 8cd3372..28eb159 100644 --- a/src/wolfssl/openssl/ocsp.h +++ b/src/wolfssl/openssl/ocsp.h @@ -1,6 +1,6 @@ /* ocsp.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -27,12 +27,16 @@ #ifdef HAVE_OCSP #include -#define OCSP_REQUEST OcspRequest -#define OCSP_RESPONSE OcspResponse -#define OCSP_BASICRESP WOLFSSL_OCSP_BASICRESP -#define OCSP_SINGLERESP WOLFSSL_OCSP_SINGLERESP -#define OCSP_CERTID WOLFSSL_OCSP_CERTID -#define OCSP_ONEREQ WOLFSSL_OCSP_ONEREQ +#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || defined(WOLFSSL_NGINX) ||\ + defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY) +typedef OcspRequest OCSP_REQUEST; +typedef OcspResponse OCSP_RESPONSE; +typedef WOLFSSL_OCSP_BASICRESP OCSP_BASICRESP; +typedef WOLFSSL_OCSP_SINGLERESP OCSP_SINGLERESP; +typedef WOLFSSL_OCSP_CERTID OCSP_CERTID; +typedef WOLFSSL_OCSP_ONEREQ OCSP_ONEREQ; +typedef WOLFSSL_OCSP_REQ_CTX OCSP_REQ_CTX; +#endif #define OCSP_REVOKED_STATUS_NOSTATUS (-1) @@ -85,6 +89,15 @@ #define OCSP_resp_count wolfSSL_OCSP_resp_count #define OCSP_resp_get0 wolfSSL_OCSP_resp_get0 +#define OCSP_REQ_CTX_new wolfSSL_OCSP_REQ_CTX_new +#define OCSP_REQ_CTX_free wolfSSL_OCSP_REQ_CTX_free +#define OCSP_sendreq_new wolfSSL_OCSP_sendreq_new +#define OCSP_REQ_CTX_set1_req wolfSSL_OCSP_REQ_CTX_set1_req +#define OCSP_REQ_CTX_add1_header wolfSSL_OCSP_REQ_CTX_add1_header +#define OCSP_REQ_CTX_http wolfSSL_OCSP_REQ_CTX_http +#define OCSP_REQ_CTX_nbio wolfSSL_OCSP_REQ_CTX_nbio +#define OCSP_sendreq_nbio wolfSSL_OCSP_sendreq_nbio + #endif /* HAVE_OCSP */ #endif /* WOLFSSL_OCSP_H_ */ diff --git a/src/wolfssl/openssl/opensslv.h b/src/wolfssl/openssl/opensslv.h index f68b6ca..481f74e 100644 --- a/src/wolfssl/openssl/opensslv.h +++ b/src/wolfssl/openssl/opensslv.h @@ -1,6 +1,6 @@ /* opensslv.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -34,32 +34,41 @@ defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER == 0x0090810fL) ||\ defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER == 0x10100000L) ||\ defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER == 0x10001040L) - /* valid version */ + /* valid version */ +#elif defined(OPENSSL_VERSION_NUMBER) + /* unrecognized version, but continue. */ + #define WOLFSSL_OPENSSL_VERSION_NUMBER_UNRECOGNIZED +#elif defined(HAVE_MOSQUITTO) + #define OPENSSL_VERSION_NUMBER 0x10100000L #elif defined(WOLFSSL_APACHE_HTTPD) || defined(HAVE_LIBEST) || \ defined(WOLFSSL_BIND) || defined(WOLFSSL_NGINX) || \ defined(WOLFSSL_RSYSLOG) || defined(WOLFSSL_KRB) || defined(HAVE_STUNNEL) || \ defined(WOLFSSL_OPENSSH) /* For Apache httpd, Use 1.1.0 compatibility */ - #define OPENSSL_VERSION_NUMBER 0x10100003L -#elif defined(WOLFSSL_QT) || defined(WOLFSSL_PYTHON) || defined(WOLFSSL_KRB) + #define OPENSSL_VERSION_NUMBER 0x10100003L +#elif defined(WOLFSSL_QT) || defined(WOLFSSL_PYTHON) /* For Qt and Python 3.8.5 compatibility */ - #define OPENSSL_VERSION_NUMBER 0x10101000L + #define OPENSSL_VERSION_NUMBER 0x10101000L #elif defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_FFMPEG) - #define OPENSSL_VERSION_NUMBER 0x1010000fL + #define OPENSSL_VERSION_NUMBER 0x1010000fL #elif defined(OPENSSL_ALL) || defined(HAVE_LIGHTY) || \ - defined(WOLFSSL_NGINX) || defined(WOLFSSL_OPENVPN) - /* version number can be increased for Lighty after compatibility for ECDH - is added */ - #define OPENSSL_VERSION_NUMBER 0x10001040L + defined(WOLFSSL_NGINX) || defined(WOLFSSL_OPENSSH) || defined(WOLFSSL_OPENVPN) + /* version number can be increased for Lighty after compatibility for ECDH + is added */ + #define OPENSSL_VERSION_NUMBER 0x10001040L #else - #define OPENSSL_VERSION_NUMBER 0x0090810fL + #define OPENSSL_VERSION_NUMBER 0x0090810fL #endif -#define OPENSSL_VERSION_TEXT "wolfSSL " LIBWOLFSSL_VERSION_STRING -#define OPENSSL_VERSION 0 +#ifndef OPENSSL_VERSION_TEXT + #define OPENSSL_VERSION_TEXT "wolfSSL " LIBWOLFSSL_VERSION_STRING +#endif +#ifndef OPENSSL_VERSION + #define OPENSSL_VERSION 0 +#endif #ifndef OPENSSL_IS_WOLFSSL -#define OPENSSL_IS_WOLFSSL + #define OPENSSL_IS_WOLFSSL #endif #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ diff --git a/src/wolfssl/openssl/ossl_typ.h b/src/wolfssl/openssl/ossl_typ.h index 85b83c3..8214fa3 100644 --- a/src/wolfssl/openssl/ossl_typ.h +++ b/src/wolfssl/openssl/ossl_typ.h @@ -1,6 +1,6 @@ /* ossl_typ.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/pem.h b/src/wolfssl/openssl/pem.h index 221e8d6..8ecc02c 100644 --- a/src/wolfssl/openssl/pem.h +++ b/src/wolfssl/openssl/pem.h @@ -1,6 +1,6 @@ /* pem.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -56,6 +56,8 @@ WOLFSSL_API WOLFSSL_RSA *wolfSSL_PEM_read_bio_RSA_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_RSA** rsa, wc_pem_password_cb* cb, void *u); +WOLFSSL_API +WOLFSSL_RSA *wolfSSL_d2i_RSA_PUBKEY_bio(WOLFSSL_BIO *bio, WOLFSSL_RSA **out); WOLFSSL_API WOLFSSL_EC_GROUP* wolfSSL_PEM_read_bio_ECPKParameters(WOLFSSL_BIO* bio, @@ -63,6 +65,12 @@ WOLFSSL_EC_GROUP* wolfSSL_PEM_read_bio_ECPKParameters(WOLFSSL_BIO* bio, wc_pem_password_cb* cb, void* pass); WOLFSSL_API +WOLFSSL_EC_GROUP *wolfSSL_d2i_ECPKParameters(WOLFSSL_EC_GROUP **out, + const unsigned char **in, + long len); +WOLFSSL_API +int wolfSSL_i2d_ECPKParameters(const WOLFSSL_EC_GROUP* grp, unsigned char** pp); +WOLFSSL_API int wolfSSL_PEM_write_mem_RSAPrivateKey(WOLFSSL_RSA* rsa, const WOLFSSL_EVP_CIPHER* cipher, unsigned char* passwd, int len, @@ -173,6 +181,11 @@ WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY** key, wc_pem_password_cb* cb, void* pass); +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +WOLFSSL_API +PKCS8_PRIV_KEY_INFO* wolfSSL_PEM_read_bio_PKCS8_PRIV_KEY_INFO(WOLFSSL_BIO* bio, + PKCS8_PRIV_KEY_INFO** key, wc_pem_password_cb* cb, void* arg); +#endif WOLFSSL_API WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_bio_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY **key, @@ -243,12 +256,12 @@ int wolfSSL_PEM_write_DHparams(XFILE fp, WOLFSSL_DH* dh); #define PEM_write_bio_RSA_PUBKEY wolfSSL_PEM_write_bio_RSA_PUBKEY #define PEM_read_bio_RSA_PUBKEY wolfSSL_PEM_read_bio_RSA_PUBKEY #define PEM_read_bio_RSAPublicKey wolfSSL_PEM_read_bio_RSA_PUBKEY -#define PEM_read_bio_ECPKParameters wolfSSL_PEM_read_bio_ECPKParameters #define PEM_write_RSAPrivateKey wolfSSL_PEM_write_RSAPrivateKey #define PEM_write_RSA_PUBKEY wolfSSL_PEM_write_RSA_PUBKEY #define PEM_read_RSA_PUBKEY wolfSSL_PEM_read_RSA_PUBKEY #define PEM_write_RSAPublicKey wolfSSL_PEM_write_RSAPublicKey #define PEM_read_RSAPublicKey wolfSSL_PEM_read_RSAPublicKey +#define d2i_RSA_PUBKEY_bio wolfSSL_d2i_RSA_PUBKEY_bio /* DSA */ #define PEM_write_bio_DSAPrivateKey wolfSSL_PEM_write_bio_DSAPrivateKey #define PEM_write_DSAPrivateKey wolfSSL_PEM_write_DSAPrivateKey @@ -263,6 +276,7 @@ int wolfSSL_PEM_write_DHparams(XFILE fp, WOLFSSL_DH* dh); #define PEM_write_ECPrivateKey wolfSSL_PEM_write_ECPrivateKey #define PEM_read_bio_ECPrivateKey wolfSSL_PEM_read_bio_ECPrivateKey #define PEM_read_bio_EC_PUBKEY wolfSSL_PEM_read_bio_EC_PUBKEY +#define PEM_read_bio_ECPKParameters wolfSSL_PEM_read_bio_ECPKParameters #ifndef NO_WOLFSSL_STUB #define PEM_write_bio_ECPKParameters(...) 0 #endif @@ -272,6 +286,9 @@ int wolfSSL_PEM_write_DHparams(XFILE fp, WOLFSSL_DH* dh); #define PEM_read_bio_PUBKEY wolfSSL_PEM_read_bio_PUBKEY #define PEM_write_bio_PUBKEY wolfSSL_PEM_write_bio_PUBKEY +#define PEM_write_bio_PKCS8_PRIV_KEY_INFO wolfSSL_PEM_write_bio_PKCS8_PRIV_KEY_INFO +#define PEM_read_bio_PKCS8_PRIV_KEY_INFO wolfSSL_PEM_read_bio_PKCS8_PRIV_KEY_INFO + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/src/wolfssl/openssl/pkcs12.h b/src/wolfssl/openssl/pkcs12.h index 28a0a37..d82954d 100644 --- a/src/wolfssl/openssl/pkcs12.h +++ b/src/wolfssl/openssl/pkcs12.h @@ -1,6 +1,6 @@ /* pkcs12.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/pkcs7.h b/src/wolfssl/openssl/pkcs7.h index 41f8901..9a53b89 100644 --- a/src/wolfssl/openssl/pkcs7.h +++ b/src/wolfssl/openssl/pkcs7.h @@ -1,6 +1,6 @@ /* pkcs7.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/rand.h b/src/wolfssl/openssl/rand.h index cc0d72a..c88cd12 100644 --- a/src/wolfssl/openssl/rand.h +++ b/src/wolfssl/openssl/rand.h @@ -1,6 +1,6 @@ /* rand.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/rc4.h b/src/wolfssl/openssl/rc4.h index ca56ac8..cef9330 100644 --- a/src/wolfssl/openssl/rc4.h +++ b/src/wolfssl/openssl/rc4.h @@ -1,6 +1,6 @@ /* rc4.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/ripemd.h b/src/wolfssl/openssl/ripemd.h index 7ba600d..a7c4247 100644 --- a/src/wolfssl/openssl/ripemd.h +++ b/src/wolfssl/openssl/ripemd.h @@ -1,6 +1,6 @@ /* ripemd.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/rsa.h b/src/wolfssl/openssl/rsa.h index 7284948..9311283 100644 --- a/src/wolfssl/openssl/rsa.h +++ b/src/wolfssl/openssl/rsa.h @@ -1,6 +1,6 @@ /* rsa.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -27,7 +27,9 @@ #include #include +#include #include +#include #ifdef __cplusplus extern "C" { @@ -189,6 +191,8 @@ WOLFSSL_API int wolfSSL_RSA_set_ex_data_with_cleanup( #endif #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +#define OPENSSL_RSA_MAX_MODULUS_BITS RSA_MAX_SIZE + #define WOLFSSL_RSA_LOAD_PRIVATE 1 #define WOLFSSL_RSA_LOAD_PUBLIC 2 #define WOLFSSL_RSA_F4 0x10001L @@ -240,6 +244,9 @@ WOLFSSL_API int wolfSSL_RSA_set_ex_data_with_cleanup( #define RSA_F4 WOLFSSL_RSA_F4 +#define OPENSSL_RSA_MAX_MODULUS_BITS RSA_MAX_SIZE +#define OPENSSL_RSA_MAX_PUBEXP_BITS RSA_MAX_SIZE + #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ #ifdef __cplusplus diff --git a/src/wolfssl/openssl/safestack.h b/src/wolfssl/openssl/safestack.h new file mode 100644 index 0000000..ee1f872 --- /dev/null +++ b/src/wolfssl/openssl/safestack.h @@ -0,0 +1,40 @@ +/* safestack.h + * + * Copyright (C) 2006-2023 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* stack.h for openSSL */ + +#ifndef WOLFSSL_SAFESTACK_H_ +#define WOLFSSL_SAFESTACK_H_ + +#include +#include + + +#ifdef __cplusplus +extern "C" { +#endif + +#ifdef __cplusplus +} +#endif + +#endif + diff --git a/src/wolfssl/openssl/sha.h b/src/wolfssl/openssl/sha.h index ab38c5c..f9bc1a5 100644 --- a/src/wolfssl/openssl/sha.h +++ b/src/wolfssl/openssl/sha.h @@ -1,6 +1,6 @@ /* sha.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/sha3.h b/src/wolfssl/openssl/sha3.h index 4407bca..c2f5535 100644 --- a/src/wolfssl/openssl/sha3.h +++ b/src/wolfssl/openssl/sha3.h @@ -1,6 +1,6 @@ /* sha3.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/srp.h b/src/wolfssl/openssl/srp.h index b60981d..097cf51 100644 --- a/src/wolfssl/openssl/srp.h +++ b/src/wolfssl/openssl/srp.h @@ -1,6 +1,6 @@ /* srp.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/ssl.h b/src/wolfssl/openssl/ssl.h index 0fbf621..f6d29f0 100644 --- a/src/wolfssl/openssl/ssl.h +++ b/src/wolfssl/openssl/ssl.h @@ -1,6 +1,6 @@ /* ssl.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -82,6 +82,7 @@ typedef WOLFSSL_CTX SSL_CTX; typedef WOLFSSL_X509 X509; typedef WOLFSSL_X509 X509_REQ; +typedef WOLFSSL_X509 X509_REQ_INFO; typedef WOLFSSL_X509_NAME X509_NAME; typedef WOLFSSL_X509_INFO X509_INFO; typedef WOLFSSL_X509_CHAIN X509_CHAIN; @@ -99,6 +100,7 @@ typedef WOLFSSL_CIPHER SSL_CIPHER; typedef WOLFSSL_X509_LOOKUP X509_LOOKUP; typedef WOLFSSL_X509_LOOKUP_METHOD X509_LOOKUP_METHOD; typedef WOLFSSL_X509_CRL X509_CRL; +typedef WOLFSSL_X509_ACERT X509_ACERT; typedef WOLFSSL_X509_EXTENSION X509_EXTENSION; typedef WOLFSSL_X509_PUBKEY X509_PUBKEY; typedef WOLFSSL_X509_ALGOR X509_ALGOR; @@ -205,7 +207,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define SSL_use_certificate_ASN1 wolfSSL_use_certificate_ASN1 #define d2i_PKCS8_PRIV_KEY_INFO_bio wolfSSL_d2i_PKCS8_PKEY_bio #define d2i_PKCS8_PRIV_KEY_INFO wolfSSL_d2i_PKCS8_PKEY -#define i2d_PKCS8_PRIV_KEY_INFO wolfSSL_i2d_PrivateKey +#define i2d_PKCS8_PRIV_KEY_INFO wolfSSL_i2d_PKCS8_PKEY #define d2i_PKCS8PrivateKey_bio wolfSSL_d2i_PKCS8PrivateKey_bio #define i2d_PKCS8PrivateKey_bio wolfSSL_PEM_write_bio_PKCS8PrivateKey #define PKCS8_PRIV_KEY_INFO_free wolfSSL_EVP_PKEY_free @@ -214,6 +216,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define SSL_CTX_set_ecdh_auto wolfSSL_CTX_set_ecdh_auto #define i2d_PUBKEY wolfSSL_i2d_PUBKEY +#define i2d_X509_PUBKEY wolfSSL_i2d_X509_PUBKEY #define d2i_PUBKEY wolfSSL_d2i_PUBKEY #define d2i_PUBKEY_bio wolfSSL_d2i_PUBKEY_bio #define d2i_PublicKey wolfSSL_d2i_PublicKey @@ -254,6 +257,8 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define X509_F_X509_CHECK_PRIVATE_KEY 128 #ifdef WOLFSSL_DTLS + #define DTLS_client_method wolfDTLS_client_method + #define DTLS_server_method wolfDTLS_server_method #define DTLSv1_client_method wolfDTLSv1_client_method #define DTLSv1_server_method wolfDTLSv1_server_method #define DTLSv1_2_client_method wolfDTLSv1_2_client_method @@ -265,13 +270,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #ifndef NO_FILESYSTEM #define SSL_CTX_use_certificate_file wolfSSL_CTX_use_certificate_file #define SSL_CTX_use_PrivateKey_file wolfSSL_CTX_use_PrivateKey_file -#ifdef WOLFSSL_APACHE_HTTPD - #define SSL_CTX_load_verify_locations(ctx,file,path) \ - wolfSSL_CTX_load_verify_locations_ex(ctx,file,path,\ - WOLFSSL_LOAD_FLAG_IGNORE_ERR) -#else - #define SSL_CTX_load_verify_locations wolfSSL_CTX_load_verify_locations -#endif + #define SSL_CTX_load_verify_locations wolfSSL_CTX_load_verify_locations_compat #define SSL_CTX_set_default_verify_paths wolfSSL_CTX_set_default_verify_paths #define SSL_CTX_use_certificate_chain_file wolfSSL_CTX_use_certificate_chain_file #define SSL_CTX_use_RSAPrivateKey_file wolfSSL_CTX_use_RSAPrivateKey_file @@ -400,7 +399,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define SSL_SESSION_get_master_key_length wolfSSL_SESSION_get_master_key_length #define SSL_SESSION_get_max_early_data wolfSSL_SESSION_get_max_early_data -#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) +#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) #define SSL_MODE_RELEASE_BUFFERS 0x00000010U #define ASN1_BOOLEAN WOLFSSL_ASN1_BOOLEAN #define X509_get_ext wolfSSL_X509_get_ext @@ -429,6 +428,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define d2i_X509_fp wolfSSL_d2i_X509_fp #define i2d_X509 wolfSSL_i2d_X509 #define d2i_X509 wolfSSL_d2i_X509 +#define d2i_X509_REQ_INFO wolfSSL_d2i_X509_REQ_INFO #define PEM_read_bio_X509 wolfSSL_PEM_read_bio_X509 #define PEM_read_bio_X509_REQ wolfSSL_PEM_read_bio_X509_REQ #define PEM_read_X509_REQ wolfSSL_PEM_read_X509_REQ @@ -446,6 +446,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define d2i_X509_REQ wolfSSL_d2i_X509_REQ #define X509_REQ_new wolfSSL_X509_REQ_new #define X509_REQ_free wolfSSL_X509_REQ_free +#define X509_REQ_INFO_free wolfSSL_X509_REQ_free #define X509_REQ_sign wolfSSL_X509_REQ_sign #define X509_REQ_sign_ctx wolfSSL_X509_REQ_sign_ctx #define X509_REQ_add_extensions wolfSSL_X509_REQ_add_extensions @@ -491,6 +492,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define X509_get0_notAfter wolfSSL_X509_get_notAfter #define X509_getm_notAfter wolfSSL_X509_get_notAfter #define X509_get_serialNumber wolfSSL_X509_get_serialNumber +#define X509_get0_serialNumber wolfSSL_X509_get_serialNumber #define X509_get0_pubkey_bitstr wolfSSL_X509_get0_pubkey_bitstr #define X509_get_ex_new_index wolfSSL_X509_get_ex_new_index #define X509_get_ex_data wolfSSL_X509_get_ex_data @@ -533,6 +535,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define X509_dup wolfSSL_X509_dup #define X509_add_ext wolfSSL_X509_add_ext #define X509_delete_ext wolfSSL_X509_delete_ext +#define X509_get0_subject_key_id wolfSSL_X509_get0_subject_key_id #define X509_EXTENSION_get_object wolfSSL_X509_EXTENSION_get_object #define X509_EXTENSION_get_data wolfSSL_X509_EXTENSION_get_data @@ -566,6 +569,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define sk_X509_EXTENSION_new_null wolfSSL_sk_X509_EXTENSION_new_null #define sk_X509_EXTENSION_pop_free wolfSSL_sk_X509_EXTENSION_pop_free #define sk_X509_EXTENSION_push wolfSSL_sk_X509_EXTENSION_push +#define sk_X509_EXTENSION_free wolfSSL_sk_X509_EXTENSION_free #define X509_INFO_new wolfSSL_X509_INFO_new #define X509_INFO_free wolfSSL_X509_INFO_free @@ -639,14 +643,15 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define X509_V_FLAG_CRL_CHECK WOLFSSL_CRL_CHECK #define X509_V_FLAG_CRL_CHECK_ALL WOLFSSL_CRL_CHECKALL -#define X509_V_FLAG_PARTIAL_CHAIN 0 -#define X509_V_FLAG_TRUSTED_FIRST 0 +#define X509_V_FLAG_PARTIAL_CHAIN WOLFSSL_PARTIAL_CHAIN +#define X509_V_FLAG_TRUSTED_FIRST 0 /* dummy value needed for gRPC port */ #define X509_V_FLAG_USE_CHECK_TIME WOLFSSL_USE_CHECK_TIME #define X509_V_FLAG_NO_CHECK_TIME WOLFSSL_NO_CHECK_TIME #define X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT WOLFSSL_ALWAYS_CHECK_SUBJECT #define X509_CHECK_FLAG_NO_WILDCARDS WOLFSSL_NO_WILDCARDS #define X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS WOLFSSL_NO_PARTIAL_WILDCARDS +#define X509_CHECK_FLAG_MULTI_LABEL_WILDCARDS WOLFSSL_MULTI_LABEL_WILDCARDS #define X509_VP_FLAG_DEFAULT WOLFSSL_VPARAM_DEFAULT #define X509_VP_FLAG_OVERWRITE WOLFSSL_VPARAM_OVERWRITE @@ -698,6 +703,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define X509_STORE_set_ex_data wolfSSL_X509_STORE_set_ex_data #define X509_STORE_get_ex_data wolfSSL_X509_STORE_get_ex_data #define X509_STORE_get0_param wolfSSL_X509_STORE_get0_param +#define X509_STORE_set1_param wolfSSL_X509_STORE_set1_param #define X509_STORE_CTX_get1_issuer wolfSSL_X509_STORE_CTX_get1_issuer #define X509_STORE_CTX_set_time wolfSSL_X509_STORE_CTX_set_time #define X509_STORE_CTX_get0_param wolfSSL_X509_STORE_CTX_get0_param @@ -712,7 +718,10 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define X509_VERIFY_PARAM_set1_ip_asc wolfSSL_X509_VERIFY_PARAM_set1_ip_asc #define X509_VERIFY_PARAM_set1_ip wolfSSL_X509_VERIFY_PARAM_set1_ip #define X509_VERIFY_PARAM_set1 wolfSSL_X509_VERIFY_PARAM_set1 +#define X509_VERIFY_PARAM_lookup wolfSSL_X509_VERIFY_PARAM_lookup +#define X509_VERIFY_PARAM_inherit wolfSSL_X509_VERIFY_PARAM_inherit #define X509_STORE_load_locations wolfSSL_X509_STORE_load_locations +#define X509_STORE_get0_param wolfSSL_X509_STORE_get0_param #define X509_LOOKUP_add_dir wolfSSL_X509_LOOKUP_add_dir #define X509_LOOKUP_load_file wolfSSL_X509_LOOKUP_load_file @@ -737,6 +746,14 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define X509_CRL_get_version wolfSSL_X509_CRL_version #define X509_load_crl_file wolfSSL_X509_load_crl_file +#define X509_ACERT_free wolfSSL_X509_ACERT_free +#define X509_ACERT_get_version wolfSSL_X509_ACERT_get_version +#define X509_ACERT_get_signature_nid wolfSSL_X509_ACERT_get_signature_nid +#define X509_ACERT_print wolfSSL_X509_ACERT_print +#define X509_ACERT_verify wolfSSL_X509_ACERT_verify +#define X509_ACERT_sign wolfSSL_X509_ACERT_sign +#define PEM_read_bio_X509_ACERT wolfSSL_PEM_read_bio_X509_ACERT + #define X509_get_X509_PUBKEY wolfSSL_X509_get_X509_PUBKEY #define X509_REQ_get_X509_PUBKEY wolfSSL_X509_get_X509_PUBKEY #define X509_get0_tbs_sigalg wolfSSL_X509_get0_tbs_sigalg @@ -748,6 +765,8 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define X509_ALGOR_new wolfSSL_X509_ALGOR_new #define X509_ALGOR_free wolfSSL_X509_ALGOR_free +#define i2d_X509_ALGOR wolfSSL_i2d_X509_ALGOR +#define d2i_X509_ALGOR wolfSSL_d2i_X509_ALGOR #define X509_PUBKEY_new wolfSSL_X509_PUBKEY_new #define X509_PUBKEY_free wolfSSL_X509_PUBKEY_free @@ -784,7 +803,9 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define BIO_pop wolfSSL_BIO_pop #define BIO_flush wolfSSL_BIO_flush #define BIO_pending wolfSSL_BIO_pending - +#define BIO_number_read wolfSSL_BIO_number_read +#define BIO_number_written wolfSSL_BIO_number_written +#define BIO_reset wolfSSL_BIO_reset #define BIO_get_mem_data wolfSSL_BIO_get_mem_data #define BIO_new_mem_buf wolfSSL_BIO_new_mem_buf @@ -792,6 +813,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define BIO_set_write_buffer_size wolfSSL_BIO_set_write_buffer_size #define BIO_f_ssl wolfSSL_BIO_f_ssl #define BIO_new_socket wolfSSL_BIO_new_socket +#define BIO_new_dgram wolfSSL_BIO_new_dgram #define BIO_new_connect wolfSSL_BIO_new_connect #define BIO_new_accept wolfSSL_BIO_new_accept #define BIO_set_conn_port wolfSSL_BIO_set_conn_port @@ -800,6 +822,8 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define BIO_do_handshake wolfSSL_BIO_do_handshake #define BIO_ssl_shutdown wolfSSL_BIO_ssl_shutdown #define SSL_set_bio wolfSSL_set_bio +#define SSL_set0_rbio wolfSSL_set_rbio +#define SSL_set0_wbio wolfSSL_set_wbio #define BIO_method_type wolfSSL_BIO_method_type #define BIO_set_ssl wolfSSL_BIO_set_ssl #define BIO_get_ssl wolfSSL_BIO_get_ssl @@ -835,10 +859,9 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define COMP_zlib wolfSSL_COMP_zlib #define COMP_rle wolfSSL_COMP_rle #define SSL_COMP_add_compression_method wolfSSL_COMP_add_compression_method - -#define SSL_get_current_compression(ssl) 0 -#define SSL_get_current_expansion(ssl) 0 #define SSL_COMP_get_name wolfSSL_COMP_get_name +#define SSL_get_current_compression wolfSSL_get_current_compression +#define SSL_get_current_expansion wolfSSL_get_current_expansion #define SSL_get_ex_new_index wolfSSL_get_ex_new_index #define RSA_get_ex_new_index wolfSSL_get_ex_new_index @@ -847,6 +870,8 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define ASN1_BIT_STRING_free wolfSSL_ASN1_BIT_STRING_free #define ASN1_BIT_STRING_get_bit wolfSSL_ASN1_BIT_STRING_get_bit #define ASN1_BIT_STRING_set_bit wolfSSL_ASN1_BIT_STRING_set_bit +#define i2d_ASN1_BIT_STRING wolfSSL_i2d_ASN1_BIT_STRING +#define d2i_ASN1_BIT_STRING wolfSSL_d2i_ASN1_BIT_STRING #define sk_ASN1_OBJECT_free wolfSSL_sk_ASN1_OBJECT_free @@ -866,6 +891,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #endif #define ASN1_TIME_set wolfSSL_ASN1_TIME_set #define ASN1_TIME_set_string wolfSSL_ASN1_TIME_set_string +#define ASN1_TIME_set_string_X509 wolfSSL_ASN1_TIME_set_string_X509 #define ASN1_GENERALIZEDTIME_set_string wolfSSL_ASN1_TIME_set_string #define ASN1_GENERALIZEDTIME_print wolfSSL_ASN1_GENERALIZEDTIME_print @@ -903,6 +929,22 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define ASN1_STRING_set_default_mask_asc(...) 1 #endif +#define ASN1_GENERALSTRING WOLFSSL_ASN1_STRING +#define ASN1_GENERALSTRING_new wolfSSL_ASN1_STRING_new +#define ASN1_GENERALSTRING_free wolfSSL_ASN1_STRING_free +#define ASN1_GENERALSTRING_set wolfSSL_ASN1_STRING_set +#define i2d_ASN1_GENERALSTRING wolfSSL_i2d_ASN1_GENERALSTRING +#define i2d_ASN1_OCTET_STRING wolfSSL_i2d_ASN1_OCTET_STRING +#define i2d_ASN1_UTF8STRING wolfSSL_i2d_ASN1_UTF8STRING +#define i2d_ASN1_SEQUENCE wolfSSL_i2d_ASN1_SEQUENCE +#define d2i_ASN1_GENERALSTRING wolfSSL_d2i_ASN1_GENERALSTRING +#define d2i_ASN1_OCTET_STRING wolfSSL_d2i_ASN1_OCTET_STRING +#define d2i_ASN1_UTF8STRING wolfSSL_d2i_ASN1_UTF8STRING + +#define sk_ASN1_GENERALSTRING_num wolfSSL_sk_num +#define sk_ASN1_GENERALSTRING_value wolfSSL_sk_value +#define sk_ASN1_GENERALSTRING_push wolfSSL_sk_push + #define ASN1_OCTET_STRING WOLFSSL_ASN1_STRING #define ASN1_OCTET_STRING_new wolfSSL_ASN1_STRING_new #define ASN1_OCTET_STRING_free wolfSSL_ASN1_STRING_free @@ -967,7 +1009,9 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define RSA_print_fp wolfSSL_RSA_print_fp #define RSA_bits wolfSSL_RSA_bits #define RSA_up_ref wolfSSL_RSA_up_ref +#define RSA_padding_add_PKCS1_PSS_mgf1 wolfSSL_RSA_padding_add_PKCS1_PSS_mgf1 #define RSA_padding_add_PKCS1_PSS wolfSSL_RSA_padding_add_PKCS1_PSS +#define RSA_verify_PKCS1_PSS_mgf1 wolfSSL_RSA_verify_PKCS1_PSS_mgf1 #define RSA_verify_PKCS1_PSS wolfSSL_RSA_verify_PKCS1_PSS #define PEM_def_callback wolfSSL_PEM_def_callback @@ -1149,6 +1193,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define DTLSv1_get_timeout(ssl, timeleft) wolfSSL_DTLSv1_get_timeout((ssl), (WOLFSSL_TIMEVAL*)(timeleft)) #define DTLSv1_handle_timeout wolfSSL_DTLSv1_handle_timeout #define DTLSv1_set_initial_timeout_duration wolfSSL_DTLSv1_set_initial_timeout_duration +#define SSL_set_mtu wolfSSL_set_mtu_compat /* DTLS SRTP */ #ifdef WOLFSSL_SRTP @@ -1201,6 +1246,10 @@ typedef WOLFSSL_SRTP_PROTECTION_PROFILE SRTP_PROTECTION_PROFILE; #define sk_SSL_CIPHER_free wolfSSL_sk_SSL_CIPHER_free #define sk_SSL_CIPHER_find wolfSSL_sk_SSL_CIPHER_find +#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) +#define SSL_get0_peername wolfSSL_get0_peername +#endif + #if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \ || defined(WOLFSSL_NGINX) #include @@ -1209,7 +1258,6 @@ typedef WOLFSSL_SRTP_PROTECTION_PROFILE SRTP_PROTECTION_PROFILE; #define SSL_R_SHORT_READ 10 #define ERR_R_PEM_LIB 9 #define SSL_CTRL_MODE 33 - #define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83 #define SSL_CTX_clear_chain_certs(ctx) SSL_CTX_set0_chain(ctx,NULL) @@ -1229,6 +1277,7 @@ typedef WOLFSSL_SRTP_PROTECTION_PROFILE SRTP_PROTECTION_PROFILE; (char *)(arg)) #endif /* OPENSSL_ALL || WOLFSSL_ASIO || WOLFSSL_HAPROXY */ +#define SSL_CTX_set_dh_auto wolfSSL_CTX_set_dh_auto #define SSL_CTX_set_tmp_dh wolfSSL_CTX_set_tmp_dh #define TLSEXT_STATUSTYPE_ocsp 1 @@ -1515,10 +1564,8 @@ typedef WOLFSSL_SRTP_PROTECTION_PROFILE SRTP_PROTECTION_PROFILE; #define PEM_R_BAD_DECRYPT (-MIN_CODE_E + 4) #define ASN1_R_HEADER_TOO_LONG (-MIN_CODE_E + 5) +#define ERR_LIB_SYS 2 #define ERR_LIB_RSA 4 -#define ERR_LIB_EC 16 -#define ERR_LIB_SSL 20 -#define ERR_LIB_PKCS12 35 #define ERR_LIB_PEM 9 #define ERR_LIB_X509 10 #define ERR_LIB_EVP 11 @@ -1526,6 +1573,9 @@ typedef WOLFSSL_SRTP_PROTECTION_PROFILE SRTP_PROTECTION_PROFILE; #define ERR_LIB_DIGEST 13 #define ERR_LIB_CIPHER 14 #define ERR_LIB_USER 15 +#define ERR_LIB_EC 16 +#define ERR_LIB_SSL 20 +#define ERR_LIB_PKCS12 35 #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \ defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA) || \ @@ -1692,11 +1742,16 @@ typedef WOLFSSL_SRTP_PROTECTION_PROFILE SRTP_PROTECTION_PROFILE; #define OpenSSL_version(x) wolfSSL_OpenSSL_version() #endif +#define X509_OBJECT_retrieve_by_subject wolfSSL_X509_OBJECT_retrieve_by_subject + #ifndef NO_WOLFSSL_STUB #define OBJ_create_objects(...) WC_DO_NOTHING #define sk_SSL_COMP_free(...) WC_DO_NOTHING #endif +#define ASN1_OBJECT_new wolfSSL_ASN1_OBJECT_new +#define ASN1_OBJECT_free wolfSSL_ASN1_OBJECT_free +#define i2d_ASN1_OBJECT wolfSSL_i2d_ASN1_OBJECT #define OBJ_dup wolfSSL_ASN1_OBJECT_dup #define SSL_set_psk_use_session_callback wolfSSL_set_psk_use_session_callback diff --git a/src/wolfssl/openssl/stack.h b/src/wolfssl/openssl/stack.h index cee7cfc..fe697c4 100644 --- a/src/wolfssl/openssl/stack.h +++ b/src/wolfssl/openssl/stack.h @@ -1,6 +1,6 @@ /* stack.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/tls1.h b/src/wolfssl/openssl/tls1.h index 843696a..933ed5d 100644 --- a/src/wolfssl/openssl/tls1.h +++ b/src/wolfssl/openssl/tls1.h @@ -1,6 +1,6 @@ /* tls1.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/txt_db.h b/src/wolfssl/openssl/txt_db.h index 511235b..b8aa56f 100644 --- a/src/wolfssl/openssl/txt_db.h +++ b/src/wolfssl/openssl/txt_db.h @@ -1,6 +1,6 @@ /* txt_db.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/x509.h b/src/wolfssl/openssl/x509.h index 9afb8e0..eb03578 100644 --- a/src/wolfssl/openssl/x509.h +++ b/src/wolfssl/openssl/x509.h @@ -1,6 +1,6 @@ /* x509.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/openssl/x509_vfy.h b/src/wolfssl/openssl/x509_vfy.h index 025f526..977e0c0 100644 --- a/src/wolfssl/openssl/x509_vfy.h +++ b/src/wolfssl/openssl/x509_vfy.h @@ -1,6 +1,6 @@ /* x509_vfy.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -33,10 +33,13 @@ #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) WOLFSSL_API int wolfSSL_X509_STORE_CTX_set_purpose(WOLFSSL_X509_STORE_CTX *ctx, int purpose); +#endif +#ifdef OPENSSL_EXTRA WOLFSSL_API void wolfSSL_X509_STORE_CTX_set_flags(WOLFSSL_X509_STORE_CTX *ctx, unsigned long flags); #endif + #define X509_STORE_CTX_set_purpose wolfSSL_X509_STORE_CTX_set_purpose #define X509_STORE_CTX_set_flags wolfSSL_X509_STORE_CTX_set_flags diff --git a/src/wolfssl/openssl/x509v3.h b/src/wolfssl/openssl/x509v3.h index 51b4e65..401f8e8 100644 --- a/src/wolfssl/openssl/x509v3.h +++ b/src/wolfssl/openssl/x509v3.h @@ -1,6 +1,6 @@ /* x509v3.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -137,10 +137,24 @@ WOLFSSL_API WOLFSSL_v3_ext_method* wolfSSL_X509V3_EXT_get( WOLFSSL_API void* wolfSSL_X509V3_EXT_d2i(WOLFSSL_X509_EXTENSION* ex); WOLFSSL_API char* wolfSSL_i2s_ASN1_STRING(WOLFSSL_v3_ext_method *method, const WOLFSSL_ASN1_STRING *s); +WOLFSSL_API int wolfSSL_i2d_ASN1_GENERALSTRING(WOLFSSL_ASN1_STRING* s, + unsigned char **pp); +WOLFSSL_API int wolfSSL_i2d_ASN1_SEQUENCE(WOLFSSL_ASN1_STRING* s, + unsigned char **pp); +WOLFSSL_API int wolfSSL_i2d_ASN1_OCTET_STRING(WOLFSSL_ASN1_STRING* s, + unsigned char **pp); +WOLFSSL_API int wolfSSL_i2d_ASN1_UTF8STRING(WOLFSSL_ASN1_STRING* s, + unsigned char **pp); +WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_d2i_ASN1_GENERALSTRING( + WOLFSSL_ASN1_STRING** out, const byte** src, long len); +WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_d2i_ASN1_OCTET_STRING( + WOLFSSL_ASN1_STRING** out, const byte** src, long len); +WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_d2i_ASN1_UTF8STRING( + WOLFSSL_ASN1_STRING** out, const byte** src, long len); WOLFSSL_API int wolfSSL_X509V3_EXT_print(WOLFSSL_BIO *out, WOLFSSL_X509_EXTENSION *ext, unsigned long flag, int indent); -WOLFSSL_API int wolfSSL_X509V3_EXT_add_nconf(WOLFSSL_CONF *conf, WOLFSSL_X509V3_CTX *ctx, - const char *section, WOLFSSL_X509 *cert); +WOLFSSL_API int wolfSSL_X509V3_EXT_add_nconf(WOLFSSL_CONF *conf, + WOLFSSL_X509V3_CTX *ctx, const char *section, WOLFSSL_X509 *cert); WOLFSSL_API WOLFSSL_ASN1_STRING* wolfSSL_a2i_IPADDRESS(const char* ipa); #define BASIC_CONSTRAINTS_free wolfSSL_BASIC_CONSTRAINTS_free diff --git a/src/wolfssl/quic.h b/src/wolfssl/quic.h index d415242..70ae61c 100644 --- a/src/wolfssl/quic.h +++ b/src/wolfssl/quic.h @@ -1,6 +1,6 @@ /* quic.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/sniffer.h b/src/wolfssl/sniffer.h index 3b5f237..3eabd42 100644 --- a/src/wolfssl/sniffer.h +++ b/src/wolfssl/sniffer.h @@ -1,6 +1,6 @@ /* sniffer.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/sniffer_error.h b/src/wolfssl/sniffer_error.h index 841241d..1794ba8 100644 --- a/src/wolfssl/sniffer_error.h +++ b/src/wolfssl/sniffer_error.h @@ -1,6 +1,6 @@ /* sniffer_error.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/ssl.h b/src/wolfssl/ssl.h index d1a88bd..4bbdf65 100644 --- a/src/wolfssl/ssl.h +++ b/src/wolfssl/ssl.h @@ -1,6 +1,6 @@ /* ssl.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -32,8 +32,8 @@ /* for users not using preprocessor flags*/ #include #include +#include #include -#include #include #include #include @@ -67,6 +67,15 @@ #undef OCSP_RESPONSE #endif +#ifdef OPENSSL_ALL + #ifndef WOLFSSL_HAVE_BIO_ADDR + #define WOLFSSL_HAVE_BIO_ADDR + #endif + #if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_DTLS_MTU) + #define WOLFSSL_DTLS_MTU + #endif +#endif + #ifdef OPENSSL_COEXIST /* mode to allow wolfSSL and OpenSSL to exist together */ #ifdef TEST_OPENSSL_COEXIST @@ -140,6 +149,7 @@ typedef struct WOLFSSL_CTX WOLFSSL_CTX; typedef struct WOLFSSL_STACK WOLFSSL_STACK; typedef struct WOLFSSL_X509 WOLFSSL_X509; +typedef struct WOLFSSL_X509_ACERT WOLFSSL_X509_ACERT; typedef struct WOLFSSL_X509_NAME WOLFSSL_X509_NAME; typedef struct WOLFSSL_X509_NAME_ENTRY WOLFSSL_X509_NAME_ENTRY; typedef struct WOLFSSL_X509_PUBKEY WOLFSSL_X509_PUBKEY; @@ -199,11 +209,11 @@ typedef struct WOLFSSL_X509_LOOKUP_METHOD WOLFSSL_X509_LOOKUP_METHOD; typedef struct WOLFSSL_CRL WOLFSSL_X509_CRL; typedef struct WOLFSSL_X509_STORE WOLFSSL_X509_STORE; typedef struct WOLFSSL_X509_VERIFY_PARAM WOLFSSL_X509_VERIFY_PARAM; -typedef struct WOLFSSL_BIO WOLFSSL_BIO; typedef struct WOLFSSL_BIO_METHOD WOLFSSL_BIO_METHOD; typedef struct WOLFSSL_X509_EXTENSION WOLFSSL_X509_EXTENSION; typedef struct WOLFSSL_ASN1_OBJECT WOLFSSL_ASN1_OBJECT; typedef struct WOLFSSL_ASN1_OTHERNAME WOLFSSL_ASN1_OTHERNAME; +typedef struct WOLFSSL_ASN1_OTHERNAME OTHERNAME; typedef struct WOLFSSL_X509V3_CTX WOLFSSL_X509V3_CTX; typedef struct WOLFSSL_v3_ext_method WOLFSSL_v3_ext_method; typedef struct WOLFSSL_OBJ_NAME WOLFSSL_OBJ_NAME; @@ -237,6 +247,9 @@ typedef int (*WOLFSSL_X509_STORE_CTX_check_crl_cb)(WOLFSSL_X509_STORE_CTX *, struct WOLFSSL_OBJ_NAME { int type; + int alias; + const char *name; + const char *data; }; struct WOLFSSL_AUTHORITY_KEYID { @@ -474,7 +487,8 @@ enum BIO_TYPE { WOLFSSL_BIO_BIO = 5, WOLFSSL_BIO_FILE = 6, WOLFSSL_BIO_BASE64 = 7, - WOLFSSL_BIO_MD = 8 + WOLFSSL_BIO_MD = 8, + WOLFSSL_BIO_DGRAM = 9 }; enum BIO_FLAGS { @@ -537,38 +551,6 @@ struct WOLFSSL_BIO_METHOD { typedef long (*wolf_bio_info_cb)(WOLFSSL_BIO *bio, int event, const char *parg, int iarg, long larg, long return_value); -struct WOLFSSL_BIO { - WOLFSSL_BUF_MEM* mem_buf; - WOLFSSL_BIO_METHOD* method; - WOLFSSL_BIO* prev; /* previous in chain */ - WOLFSSL_BIO* next; /* next in chain */ - WOLFSSL_BIO* pair; /* BIO paired with */ - void* heap; /* user heap hint */ - void* ptr; /* WOLFSSL, file descriptor, MD, or mem buf */ - void* usrCtx; /* user set pointer */ - char* ip; /* IP address for wolfIO_TcpConnect */ - word16 port; /* Port for wolfIO_TcpConnect */ - char* infoArg; /* BIO callback argument */ - wolf_bio_info_cb infoCb; /* BIO callback */ - int wrSz; /* write buffer size (mem) */ - int wrSzReset; /* First buffer size (mem) - read ONLY data */ - int wrIdx; /* current index for write buffer */ - int rdIdx; /* current read index */ - int readRq; /* read request */ - int num; /* socket num or length */ - int eof; /* eof flag */ - int flags; - byte type; /* method type */ - byte init:1; /* bio has been initialized */ - byte shutdown:1; /* close flag */ -#ifdef HAVE_EX_DATA - WOLFSSL_CRYPTO_EX_DATA ex_data; -#endif -#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) - wolfSSL_Ref ref; -#endif -}; - typedef struct WOLFSSL_COMP_METHOD { int type; /* stunnel dereference */ } WOLFSSL_COMP_METHOD; @@ -618,15 +600,23 @@ struct WOLFSSL_X509_STORE { WOLFSSL_X509_CRL *crl; /* points to cm->crl */ #endif wolfSSL_Ref ref; + WOLF_STACK_OF(WOLFSSL_X509)* certs; + WOLF_STACK_OF(WOLFSSL_X509)* trusted; + WOLF_STACK_OF(WOLFSSL_X509)* owned; + word32 numAdded; /* Number of objs in objs that are in certs sk */ }; #define WOLFSSL_ALWAYS_CHECK_SUBJECT 0x1 #define WOLFSSL_NO_WILDCARDS 0x2 #define WOLFSSL_NO_PARTIAL_WILDCARDS 0x4 +#define WOLFSSL_MULTI_LABEL_WILDCARDS 0x8 +/* Custom to wolfSSL, OpenSSL compat goes up to 0x20 */ +#define WOLFSSL_LEFT_MOST_WILDCARD_ONLY 0x40 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) #define WOLFSSL_USE_CHECK_TIME 0x2 #define WOLFSSL_NO_CHECK_TIME 0x200000 +#define WOLFSSL_PARTIAL_CHAIN 0x80000 #define WOLFSSL_HOST_NAME_MAX 256 #define WOLFSSL_VPARAM_DEFAULT 0x1 @@ -640,12 +630,13 @@ struct WOLFSSL_X509_STORE { #endif struct WOLFSSL_X509_VERIFY_PARAM { + const char *name; time_t check_time; unsigned int inherit_flags; unsigned long flags; char hostName[WOLFSSL_HOST_NAME_MAX]; - unsigned int hostFlags; - char ipasc[WOLFSSL_MAX_IPSTR]; + unsigned int hostFlags; + char ipasc[WOLFSSL_MAX_IPSTR]; }; #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ @@ -688,7 +679,7 @@ typedef struct WOLFSSL_BUFFER_INFO { struct WOLFSSL_X509_STORE_CTX { WOLFSSL_X509_STORE* store; /* Store full of a CA cert chain */ WOLFSSL_X509* current_cert; /* current X509 (OPENSSL_EXTRA) */ -#ifdef WOLFSSL_ASIO +#if defined(WOLFSSL_ASIO) || defined(OPENSSL_EXTRA) WOLFSSL_X509* current_issuer; /* asio dereference */ #endif WOLFSSL_X509_CHAIN* sesChain; /* pointer to WOLFSSL_SESSION peer chain */ @@ -711,6 +702,13 @@ struct WOLFSSL_X509_STORE_CTX { WOLFSSL_BUFFER_INFO* certs; /* peer certs */ WOLFSSL_X509_STORE_CTX_verify_cb verify_cb; /* verify callback */ void* heap; + int flags; + WOLF_STACK_OF(WOLFSSL_X509)* owned; /* Certs owned by this CTX */ + WOLF_STACK_OF(WOLFSSL_X509)* ctxIntermediates; /* Intermediates specified + * on store ctx init */ + WOLF_STACK_OF(WOLFSSL_X509)* setTrustedSk;/* A trusted stack override + * set with + * X509_STORE_CTX_trusted_stack*/ }; typedef char* WOLFSSL_STRING; @@ -992,6 +990,10 @@ WOLFSSL_API WOLFSSL_METHOD *wolfSSLv23_method(void); #ifndef NO_WOLFSSL_SERVER WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_3_server_method_ex(void* heap); WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_3_server_method(void); +#endif +#if defined(WOLFSSL_EITHER_SIDE) || defined(OPENSSL_EXTRA) + WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_3_method_ex(void* heap); + WOLFSSL_API WOLFSSL_METHOD *wolfDTLSv1_3_method(void); #endif WOLFSSL_API int wolfSSL_dtls13_has_pending_msg(WOLFSSL *ssl); #endif /* WOLFSSL_DTLS13 */ @@ -1005,6 +1007,8 @@ WOLFSSL_API int wolfSSL_CTX_GenerateEchConfig(WOLFSSL_CTX* ctx, WOLFSSL_API int wolfSSL_CTX_GetEchConfigs(WOLFSSL_CTX* ctx, byte* output, word32* outputLen); +WOLFSSL_API void wolfSSL_CTX_SetEchEnable(WOLFSSL_CTX* ctx, byte enable); + WOLFSSL_API int wolfSSL_SetEchConfigsBase64(WOLFSSL* ssl, char* echConfigs64, word32 echConfigs64Len); @@ -1013,6 +1017,8 @@ WOLFSSL_API int wolfSSL_SetEchConfigs(WOLFSSL* ssl, const byte* echConfigs, WOLFSSL_API int wolfSSL_GetEchConfigs(WOLFSSL* ssl, byte* echConfigs, word32* echConfigsLen); + +WOLFSSL_API void wolfSSL_SetEchEnable(WOLFSSL* ssl, byte enable); #endif /* WOLFSSL_TLS13 && HAVE_ECH */ #ifdef HAVE_POLY1305 @@ -1103,6 +1109,8 @@ WOLFSSL_API int wolfSSL_CTX_load_verify_locations_ex( WOLFSSL_CTX* ctx, const char* file, const char* path, word32 flags); WOLFSSL_ABI WOLFSSL_API int wolfSSL_CTX_load_verify_locations( WOLFSSL_CTX* ctx, const char* file, const char* path); +WOLFSSL_API int wolfSSL_CTX_load_verify_locations_compat( + WOLFSSL_CTX* ctx, const char* file, const char* path); #ifndef _WIN32 WOLFSSL_API const char** wolfSSL_get_system_CA_dirs(word32* num); #endif /* !_WIN32 */ @@ -1143,6 +1151,7 @@ WOLFSSL_API int wolfSSL_CTX_up_ref(WOLFSSL_CTX* ctx); #ifdef OPENSSL_EXTRA WOLFSSL_API int wolfSSL_set_ecdh_auto(WOLFSSL* ssl, int onoff); WOLFSSL_API int wolfSSL_CTX_set_ecdh_auto(WOLFSSL_CTX* ctx, int onoff); +WOLFSSL_API int wolfSSL_CTX_set_dh_auto(WOLFSSL_CTX* ctx, int onoff); WOLFSSL_API int wolfSSL_get_signature_nid(WOLFSSL* ssl, int* nid); WOLFSSL_API int wolfSSL_get_signature_type_nid(const WOLFSSL* ssl, int* nid); WOLFSSL_API int wolfSSL_get_peer_signature_nid(WOLFSSL* ssl, int* nid); @@ -1272,11 +1281,18 @@ WOLFSSL_API int wolfSSL_SetServerID(WOLFSSL* ssl, const unsigned char* id, int WOLFSSL_API int wolfSSL_BIO_new_bio_pair(WOLFSSL_BIO** bio1_p, size_t writebuf1, WOLFSSL_BIO** bio2_p, size_t writebuf2); +WOLFSSL_API int wolfSSL_RSA_padding_add_PKCS1_PSS_mgf1(WOLFSSL_RSA *rsa, + unsigned char *em, const unsigned char *mHash, + const WOLFSSL_EVP_MD *hashAlg, const WOLFSSL_EVP_MD *mgf1Hash, + int saltLen); WOLFSSL_API int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *EM, const unsigned char *mHash, const WOLFSSL_EVP_MD *hashAlg, int saltLen); +WOLFSSL_API int wolfSSL_RSA_verify_PKCS1_PSS_mgf1(WOLFSSL_RSA *rsa, + const unsigned char *mHash, const WOLFSSL_EVP_MD *hashAlg, + const WOLFSSL_EVP_MD *mgf1Hash, const unsigned char *em, int saltLen); WOLFSSL_API int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash, const WOLFSSL_EVP_MD *hashAlg, const unsigned char *EM, int saltLen); @@ -1482,10 +1498,18 @@ WOLFSSL_API int wolfSSL_dtls_free_peer(void* addr); WOLFSSL_API int wolfSSL_dtls_set_peer(WOLFSSL* ssl, void* peer, unsigned int peerSz); WOLFSSL_API int wolfSSL_dtls_get_peer(WOLFSSL* ssl, void* peer, unsigned int* peerSz); +#if defined(WOLFSSL_SCTP) && defined(WOLFSSL_DTLS) WOLFSSL_API int wolfSSL_CTX_dtls_set_sctp(WOLFSSL_CTX* ctx); WOLFSSL_API int wolfSSL_dtls_set_sctp(WOLFSSL* ssl); -WOLFSSL_API int wolfSSL_CTX_dtls_set_mtu(WOLFSSL_CTX* ctx, unsigned short); -WOLFSSL_API int wolfSSL_dtls_set_mtu(WOLFSSL* ssl, unsigned short); +#endif +#if (defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)) && \ + defined(WOLFSSL_DTLS) +WOLFSSL_API int wolfSSL_CTX_dtls_set_mtu(WOLFSSL_CTX* ctx, unsigned short mtu); +WOLFSSL_API int wolfSSL_dtls_set_mtu(WOLFSSL* ssl, unsigned short mtu); +#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) +WOLFSSL_API int wolfSSL_set_mtu_compat(WOLFSSL* ssl, unsigned short mtu); +#endif +#endif #ifdef WOLFSSL_SRTP @@ -1562,6 +1586,7 @@ WOLFSSL_API WOLFSSL_STACK* wolfSSL_shallow_sk_dup(WOLFSSL_STACK* sk); WOLFSSL_API int wolfSSL_sk_push_node(WOLFSSL_STACK** stack, WOLFSSL_STACK* in); WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_get_node(WOLFSSL_STACK* sk, int idx); WOLFSSL_API int wolfSSL_sk_push(WOLFSSL_STACK *st, const void *data); +WOLFSSL_API int wolfSSL_sk_insert(WOLFSSL_STACK *sk, const void *data, int idx); #if defined(HAVE_OCSP) || defined(HAVE_CRL) || (defined(WOLFSSL_CUSTOM_OID) && \ defined(WOLFSSL_ASN_TEMPLATE) && defined(HAVE_OID_DECODING)) @@ -1647,6 +1672,8 @@ WOLFSSL_API void wolfSSL_ACCESS_DESCRIPTION_free(WOLFSSL_ACCESS_DESCRIPTION* a); WOLFSSL_API void wolfSSL_sk_X509_EXTENSION_pop_free( WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk, void (*f) (WOLFSSL_X509_EXTENSION*)); +WOLFSSL_API void wolfSSL_sk_X509_EXTENSION_free( + WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk); WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* wolfSSL_sk_X509_EXTENSION_new_null(void); WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_ASN1_OBJECT_new(void); WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_ASN1_OBJECT_dup(WOLFSSL_ASN1_OBJECT* obj); @@ -1664,7 +1691,7 @@ WOLFSSL_API int wolfSSL_ASN1_STRING_to_UTF8(unsigned char **out, WOLFSSL_ASN1_ST WOLFSSL_API int wolfSSL_ASN1_UNIVERSALSTRING_to_string(WOLFSSL_ASN1_STRING *s); WOLFSSL_API int wolfSSL_sk_X509_EXTENSION_num(WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk); WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_sk_X509_EXTENSION_value( - WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk, int idx); + const WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk, int idx); WOLFSSL_API int wolfSSL_set_ex_data(WOLFSSL* ssl, int idx, void* data); #ifdef HAVE_EX_DATA_CLEANUP_HOOKS WOLFSSL_API int wolfSSL_set_ex_data_with_cleanup( @@ -1728,8 +1755,8 @@ WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_chain_up_ref(WOLF_STACK_OF(WOLFSSL_X509)* chain); #endif -WOLFSSL_API int wolfSSL_OCSP_parse_url(char* url, char** host, char** port, - char** path, int* ssl); +WOLFSSL_API int wolfSSL_OCSP_parse_url(const char* url, char** host, + char** port, char** path, int* ssl); #ifndef NO_BIO #if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L @@ -1764,6 +1791,7 @@ WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_buffer(void); WOLFSSL_API long wolfSSL_BIO_set_write_buffer_size(WOLFSSL_BIO* bio, long size); WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_ssl(void); WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_socket(int sfd, int flag); +WOLFSSL_API WOLFSSL_BIO* wolfSSL_BIO_new_dgram(int fd, int closeF); WOLFSSL_API int wolfSSL_BIO_eof(WOLFSSL_BIO* b); WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_s_mem(void); @@ -1812,6 +1840,8 @@ WOLFSSL_API long wolfSSL_BIO_set_fd(WOLFSSL_BIO* b, int fd, int flag); #endif WOLFSSL_API int wolfSSL_BIO_set_close(WOLFSSL_BIO *b, long flag); WOLFSSL_API void wolfSSL_set_bio(WOLFSSL* ssl, WOLFSSL_BIO* rd, WOLFSSL_BIO* wr); +WOLFSSL_API void wolfSSL_set_rbio(WOLFSSL* ssl, WOLFSSL_BIO* rd); +WOLFSSL_API void wolfSSL_set_wbio(WOLFSSL* ssl, WOLFSSL_BIO* wr); WOLFSSL_API int wolfSSL_BIO_method_type(const WOLFSSL_BIO *b); #ifndef NO_FILESYSTEM @@ -1821,6 +1851,7 @@ WOLFSSL_API WOLFSSL_BIO *wolfSSL_BIO_new_fd(int fd, int close_flag); WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_bio(void); WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_socket(void); +WOLFSSL_API WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_datagram(void); WOLFSSL_API WOLFSSL_BIO *wolfSSL_BIO_new_connect(const char *str); WOLFSSL_API WOLFSSL_BIO *wolfSSL_BIO_new_accept(const char *port); @@ -1844,6 +1875,10 @@ WOLFSSL_API int wolfSSL_BIO_ctrl_reset_read_request(WOLFSSL_BIO *b); WOLFSSL_API int wolfSSL_BIO_nread0(WOLFSSL_BIO *bio, char **buf); WOLFSSL_API int wolfSSL_BIO_nread(WOLFSSL_BIO *bio, char **buf, int num); WOLFSSL_API int wolfSSL_BIO_nwrite(WOLFSSL_BIO *bio, char **buf, int num); +#if defined(WORD64_AVAILABLE) && !defined(WOLFSSL_BIO_NO_FLOW_STATS) +WOLFSSL_API word64 wolfSSL_BIO_number_read(WOLFSSL_BIO *bio); +WOLFSSL_API word64 wolfSSL_BIO_number_written(WOLFSSL_BIO *bio); +#endif WOLFSSL_API int wolfSSL_BIO_reset(WOLFSSL_BIO *bio); WOLFSSL_API int wolfSSL_BIO_seek(WOLFSSL_BIO *bio, int ofs); @@ -1856,7 +1891,14 @@ WOLFSSL_API int wolfSSL_BIO_set_mem_buf(WOLFSSL_BIO* bio, WOLFSSL_BUF_MEM* bufMe int closeFlag); #endif WOLFSSL_API int wolfSSL_BIO_get_len(WOLFSSL_BIO *bio); -#endif + +#ifdef WOLFSSL_HAVE_BIO_ADDR +WOLFSSL_API WOLFSSL_BIO_ADDR *wolfSSL_BIO_ADDR_new(void); +WOLFSSL_API void wolfSSL_BIO_ADDR_free(WOLFSSL_BIO_ADDR *addr); +WOLFSSL_API void wolfSSL_BIO_ADDR_clear(WOLFSSL_BIO_ADDR *addr); +#endif /* WOLFSSL_HAVE_BIO_ADDR */ + +#endif /* !NO_BIO */ WOLFSSL_API void wolfSSL_RAND_screen(void); WOLFSSL_API const char* wolfSSL_RAND_file_name(char* fname, unsigned long len); @@ -1868,9 +1910,14 @@ WOLFSSL_API void wolfSSL_RAND_Cleanup(void); WOLFSSL_API void wolfSSL_RAND_add(const void* add, int len, double entropy); WOLFSSL_API int wolfSSL_RAND_poll(void); +#ifndef NO_WOLFSSL_STUB WOLFSSL_API WOLFSSL_COMP_METHOD* wolfSSL_COMP_zlib(void); WOLFSSL_API WOLFSSL_COMP_METHOD* wolfSSL_COMP_rle(void); WOLFSSL_API int wolfSSL_COMP_add_compression_method(int method, void* data); +WOLFSSL_API const char *wolfSSL_COMP_get_name(const WOLFSSL_COMP_METHOD *comp); +WOLFSSL_API const WOLFSSL_COMP_METHOD* wolfSSL_get_current_compression(const WOLFSSL *ssl); +WOLFSSL_API const WOLFSSL_COMP_METHOD* wolfSSL_get_current_expansion(const WOLFSSL *ssl); +#endif /* !NO_WOLFSSL_STUB */ WOLFSSL_API unsigned long wolfSSL_thread_id(void); WOLFSSL_API void wolfSSL_set_id_callback(unsigned long (*f)(void)); @@ -1948,6 +1995,8 @@ WOLFSSL_API unsigned char* wolfSSL_X509_get_authorityKeyID( WOLFSSL_X509* x509, unsigned char* dst, int* dstLen); WOLFSSL_API unsigned char* wolfSSL_X509_get_subjectKeyID( WOLFSSL_X509* x509, unsigned char* dst, int* dstLen); +WOLFSSL_API const WOLFSSL_ASN1_STRING *wolfSSL_X509_get0_subject_key_id( + WOLFSSL_X509 *x509); WOLFSSL_API int wolfSSL_X509_verify(WOLFSSL_X509* x509, WOLFSSL_EVP_PKEY* pkey); #ifdef WOLFSSL_CERT_REQ @@ -1996,7 +2045,7 @@ WOLFSSL_API int wolfSSL_ASN1_STRING_set(WOLFSSL_ASN1_STRING* asn1, WOLFSSL_API unsigned char* wolfSSL_ASN1_STRING_data(WOLFSSL_ASN1_STRING* asn); WOLFSSL_API const unsigned char* wolfSSL_ASN1_STRING_get0_data( const WOLFSSL_ASN1_STRING* asn); -WOLFSSL_API int wolfSSL_ASN1_STRING_length(WOLFSSL_ASN1_STRING* asn); +WOLFSSL_API int wolfSSL_ASN1_STRING_length(const WOLFSSL_ASN1_STRING* asn); WOLFSSL_API int wolfSSL_ASN1_STRING_copy(WOLFSSL_ASN1_STRING* dst, const WOLFSSL_ASN1_STRING* src); WOLFSSL_API int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx); @@ -2024,6 +2073,8 @@ WOLFSSL_API int wolfSSL_X509_STORE_add_cert( WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509); WOLFSSL_API WOLFSSL_X509_VERIFY_PARAM *wolfSSL_X509_STORE_get0_param( const WOLFSSL_X509_STORE *ctx); +WOLFSSL_API int wolfSSL_X509_STORE_set1_param(WOLFSSL_X509_STORE *ctx, + WOLFSSL_X509_VERIFY_PARAM *param); WOLFSSL_API WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get_chain( WOLFSSL_X509_STORE_CTX* ctx); WOLFSSL_API WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get1_chain( @@ -2056,11 +2107,15 @@ WOLFSSL_API WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY_bio( WOLFSSL_BIO* bio, WOLFSSL_PKCS8_PRIV_KEY_INFO** pkey); WOLFSSL_API WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY( WOLFSSL_PKCS8_PRIV_KEY_INFO** pkey, const unsigned char** keyBuf, long keyLen); +WOLFSSL_API int wolfSSL_i2d_PKCS8_PKEY(WOLFSSL_PKCS8_PRIV_KEY_INFO* key, + unsigned char** pp); WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY_bio(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY** out); WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** key, const unsigned char** in, long inSz); WOLFSSL_API int wolfSSL_i2d_PUBKEY(const WOLFSSL_EVP_PKEY *key, unsigned char **der); +WOLFSSL_API int wolfSSL_i2d_X509_PUBKEY(WOLFSSL_X509_PUBKEY* x509_PubKey, + unsigned char** der); WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PublicKey(int type, WOLFSSL_EVP_PKEY** pkey, const unsigned char ** in, long inSz); WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey(int type, @@ -2113,6 +2168,10 @@ WOLFSSL_API int wolfSSL_X509_VERIFY_PARAM_set1_ip( WOLFSSL_X509_VERIFY_PARAM* param, const unsigned char* ip, size_t iplen); WOLFSSL_API int wolfSSL_X509_VERIFY_PARAM_set1(WOLFSSL_X509_VERIFY_PARAM* to, const WOLFSSL_X509_VERIFY_PARAM* from); +WOLFSSL_API const WOLFSSL_X509_VERIFY_PARAM *wolfSSL_X509_VERIFY_PARAM_lookup( + const char *name); +WOLFSSL_API int wolfSSL_X509_VERIFY_PARAM_inherit(WOLFSSL_X509_VERIFY_PARAM *to, + const WOLFSSL_X509_VERIFY_PARAM *from); WOLFSSL_API int wolfSSL_X509_load_crl_file(WOLFSSL_X509_LOOKUP *ctx, const char *file, int type); WOLFSSL_API int wolfSSL_X509_load_cert_crl_file(WOLFSSL_X509_LOOKUP *ctx, @@ -2132,7 +2191,7 @@ WOLFSSL_API WOLFSSL_ASN1_INTEGER* wolfSSL_d2i_ASN1_INTEGER( const unsigned char** in, long inSz); WOLFSSL_API int wolfSSL_i2d_ASN1_INTEGER(const WOLFSSL_ASN1_INTEGER* a, - unsigned char** out); + unsigned char** pp); WOLFSSL_API int wolfSSL_ASN1_TIME_print(WOLFSSL_BIO* bio, const WOLFSSL_ASN1_TIME* asnTime); @@ -2440,12 +2499,6 @@ enum { OCSP_TRUSTOTHER = 512, OCSP_RESPID_KEY = 1024, OCSP_NOTIME = 2048, - - /* OCSP Types */ - OCSP_CERTID = 2, - OCSP_REQUEST = 4, - OCSP_RESPONSE = 8, - OCSP_BASICRESP = 16, #endif SSL_ST_CONNECT = 0x1000, @@ -2580,6 +2633,14 @@ WOLFSSL_API void wolfSSL_ERR_print_errors(WOLFSSL_BIO *bio); enum { /* ssl Constants */ WOLFSSL_ERROR_NONE = 0, /* for most functions */ WOLFSSL_FAILURE = 0, /* for some functions */ + + #if defined(WOLFSSL_DEBUG_TRACE_ERROR_CODES) && \ + (defined(BUILDING_WOLFSSL) || \ + defined(WOLFSSL_DEBUG_TRACE_ERROR_CODES_ALWAYS)) + #define WOLFSSL_FAILURE WC_ERR_TRACE(WOLFSSL_FAILURE) + #define CONST_NUM_ERR_WOLFSSL_FAILURE 0 + #endif + WOLFSSL_SUCCESS = 1, /* WOLFSSL_SHUTDOWN_NOT_DONE is returned by wolfSSL_shutdown and @@ -2597,16 +2658,6 @@ enum { /* ssl Constants */ WOLFSSL_SHUTDOWN_NOT_DONE = 2, #endif - WOLFSSL_ALPN_NOT_FOUND = -9, - WOLFSSL_BAD_CERTTYPE = -8, - WOLFSSL_BAD_STAT = -7, - WOLFSSL_BAD_PATH = -6, - WOLFSSL_BAD_FILETYPE = -5, - WOLFSSL_BAD_FILE = -4, - WOLFSSL_NOT_IMPLEMENTED = -3, - WOLFSSL_UNKNOWN = -2, - WOLFSSL_FATAL_ERROR = -1, - WOLFSSL_FILETYPE_ASN1 = CTC_FILETYPE_ASN1, WOLFSSL_FILETYPE_PEM = CTC_FILETYPE_PEM, WOLFSSL_FILETYPE_DEFAULT = CTC_FILETYPE_ASN1, /* ASN1 */ @@ -2630,14 +2681,15 @@ enum { /* ssl Constants */ (WOLFSSL_SESS_CACHE_NO_INTERNAL_STORE | WOLFSSL_SESS_CACHE_NO_INTERNAL_LOOKUP), + /* These values match OpenSSL values for corresponding names. */ + WOLFSSL_ERROR_SSL = 1, WOLFSSL_ERROR_WANT_READ = 2, WOLFSSL_ERROR_WANT_WRITE = 3, - WOLFSSL_ERROR_WANT_CONNECT = 7, - WOLFSSL_ERROR_WANT_ACCEPT = 8, + WOLFSSL_ERROR_WANT_X509_LOOKUP = 4, WOLFSSL_ERROR_SYSCALL = 5, - WOLFSSL_ERROR_WANT_X509_LOOKUP = 83, WOLFSSL_ERROR_ZERO_RETURN = 6, - WOLFSSL_ERROR_SSL = 85, + WOLFSSL_ERROR_WANT_CONNECT = 7, + WOLFSSL_ERROR_WANT_ACCEPT = 8, WOLFSSL_SENT_SHUTDOWN = 1, WOLFSSL_RECEIVED_SHUTDOWN = 2, @@ -2808,6 +2860,8 @@ WOLFSSL_API int wolfSSL_ASN1_TIME_compare(const WOLFSSL_ASN1_TIME *a, #ifdef OPENSSL_EXTRA WOLFSSL_API WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_set(WOLFSSL_ASN1_TIME *s, time_t t); WOLFSSL_API int wolfSSL_ASN1_TIME_set_string(WOLFSSL_ASN1_TIME *s, const char *str); +WOLFSSL_API int wolfSSL_ASN1_TIME_set_string_X509(WOLFSSL_ASN1_TIME *t, + const char *str); #endif WOLFSSL_API int wolfSSL_sk_num(const WOLFSSL_STACK* sk); @@ -2871,6 +2925,10 @@ WOLFSSL_API int wolfSSL_CTX_get_ex_new_index(long idx, void* arg, date check and signature check */ WOLFSSL_ABI WOLFSSL_API int wolfSSL_check_domain_name(WOLFSSL* ssl, const char* dn); +#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) +WOLFSSL_API const char *wolfSSL_get0_peername(WOLFSSL *ssl); +#endif + /* need to call once to load library (session cache) */ WOLFSSL_ABI WOLFSSL_API int wolfSSL_Init(void); /* call when done to cleanup/free session cache mutex / resources */ @@ -2914,6 +2972,7 @@ WOLFSSL_API WOLFSSL_X509* wolfSSL_get_chain_X509(WOLFSSL_X509_CHAIN* chain, int /* free X509 */ #define wolfSSL_FreeX509(x509) wolfSSL_X509_free((x509)) WOLFSSL_ABI WOLFSSL_API void wolfSSL_X509_free(WOLFSSL_X509* x509); + /* get index cert in PEM */ WOLFSSL_API int wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN* chain, int idx, unsigned char* buf, int inLen, int* outLen); @@ -2943,6 +3002,8 @@ WOLFSSL_API WOLFSSL_X509* #ifdef WOLFSSL_CERT_REQ WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_REQ_d2i(WOLFSSL_X509** x509, const unsigned char* in, int len); +WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_REQ_INFO(WOLFSSL_X509** req, + const unsigned char** in, int len); #endif WOLFSSL_API int wolfSSL_i2d_X509(WOLFSSL_X509* x509, unsigned char** out); WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL(WOLFSSL_X509_CRL **crl, @@ -2971,6 +3032,45 @@ WOLFSSL_API WOLFSSL_X509_CRL* wolfSSL_X509_CRL_dup(const WOLFSSL_X509_CRL* crl); WOLFSSL_API void wolfSSL_X509_CRL_free(WOLFSSL_X509_CRL *crl); #endif +#if defined(WOLFSSL_ACERT) && \ + (defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_EXTRA)) +WOLFSSL_API WOLFSSL_X509_ACERT * wolfSSL_X509_ACERT_new_ex(void * heap); +WOLFSSL_API WOLFSSL_X509_ACERT * wolfSSL_X509_ACERT_new(void); +WOLFSSL_API void wolfSSL_X509_ACERT_init(WOLFSSL_X509_ACERT * x509, + int dynamic, void * heap); +WOLFSSL_API void wolfSSL_X509_ACERT_free(WOLFSSL_X509_ACERT* x509); +#ifndef NO_WOLFSSL_STUB +WOLFSSL_API int wolfSSL_X509_ACERT_sign(WOLFSSL_X509_ACERT * x509, + WOLFSSL_EVP_PKEY * pkey, + const WOLFSSL_EVP_MD * md); +#endif /* !NO_WOLFSSL_STUB */ +WOLFSSL_API int wolfSSL_X509_ACERT_verify(WOLFSSL_X509_ACERT* x509, + WOLFSSL_EVP_PKEY* pkey); +#if defined(OPENSSL_EXTRA) +WOLFSSL_API int wolfSSL_X509_ACERT_get_signature_nid( + const WOLFSSL_X509_ACERT* x); +WOLFSSL_API int wolfSSL_X509_ACERT_print(WOLFSSL_BIO* bio, + WOLFSSL_X509_ACERT* x509_acert); +WOLFSSL_API WOLFSSL_X509_ACERT * wolfSSL_PEM_read_bio_X509_ACERT( + WOLFSSL_BIO *bp, WOLFSSL_X509_ACERT **x, wc_pem_password_cb *cb, void *u); +WOLFSSL_API long wolfSSL_X509_ACERT_get_version(const WOLFSSL_X509_ACERT *x); +#endif /* OPENSSL_EXTRA */ +WOLFSSL_API int wolfSSL_X509_ACERT_get_attr_buf(const WOLFSSL_X509_ACERT* x509, + const byte ** rawAttr, + word32 * rawAttrLen); +WOLFSSL_API int wolfSSL_X509_ACERT_get_serial_number(WOLFSSL_X509_ACERT* x509, + unsigned char* in, + int * inOutSz); +WOLFSSL_API int wolfSSL_X509_ACERT_version(WOLFSSL_X509_ACERT* x509); +WOLFSSL_API int wolfSSL_X509_ACERT_get_signature(WOLFSSL_X509_ACERT* x509, + unsigned char* buf, + int* bufSz); +WOLFSSL_API WOLFSSL_X509_ACERT * wolfSSL_X509_ACERT_load_certificate_buffer_ex( + const unsigned char* buf, int sz, int format, void * heap); +WOLFSSL_API WOLFSSL_X509_ACERT * wolfSSL_X509_ACERT_load_certificate_buffer( + const unsigned char* buf, int sz, int format); +#endif /* WOLFSSL_ACERT && (OPENSSL_EXTRA_X509_SMALL || OPENSSL_EXTRA) */ + WOLFSSL_API const WOLFSSL_ASN1_INTEGER* wolfSSL_X509_REVOKED_get0_serial_number(const WOLFSSL_X509_REVOKED *rev); @@ -3089,11 +3189,14 @@ WOLFSSL_API int wolfSSL_make_eap_keys(WOLFSSL* ssl, void* key, unsigned int len, #include #elif defined(ARDUINO) /* TODO board specific */ + #elif defined(NUCLEUS_PLUS_2_3) + #include "services/sys/uio.h" #elif !defined(WOLFSSL_MDK_ARM) && !defined(WOLFSSL_IAR_ARM) && \ !defined(WOLFSSL_PICOTCP) && !defined(WOLFSSL_ROWLEY_ARM) && \ !defined(WOLFSSL_EMBOS) && !defined(WOLFSSL_FROSTED) && \ !defined(WOLFSSL_CHIBIOS) && !defined(WOLFSSL_CONTIKI) && \ - !defined(WOLFSSL_ZEPHYR) && !defined(NETOS) + !defined(WOLFSSL_ZEPHYR) && !defined(NETOS) && \ + !defined(WOLFSSL_NDS) #include #endif /* allow writev style writing */ @@ -3210,18 +3313,6 @@ WOLFSSL_API void wolfSSL_SetFuzzerCb(WOLFSSL* ssl, CallbackFuzzer cbf, void* fCt WOLFSSL_API int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, const byte* secret, word32 secretSz); -/* I/O Callback default errors */ -enum IOerrors { - WOLFSSL_CBIO_ERR_GENERAL = -1, /* general unexpected err */ - WOLFSSL_CBIO_ERR_WANT_READ = -2, /* need to call read again */ - WOLFSSL_CBIO_ERR_WANT_WRITE = -2, /* need to call write again */ - WOLFSSL_CBIO_ERR_CONN_RST = -3, /* connection reset */ - WOLFSSL_CBIO_ERR_ISR = -4, /* interrupt */ - WOLFSSL_CBIO_ERR_CONN_CLOSE = -5, /* connection closed or epipe */ - WOLFSSL_CBIO_ERR_TIMEOUT = -6 /* socket timeout */ -}; - - /* CA cache callbacks */ enum { WOLFSSL_SSLV3 = 0, @@ -3234,7 +3325,9 @@ enum { WOLFSSL_DTLSV1_3 = 7, WOLFSSL_USER_CA = 1, /* user added as trusted */ - WOLFSSL_CHAIN_CA = 2 /* added to cache from trusted chain */ + WOLFSSL_CHAIN_CA = 2, /* added to cache from trusted chain */ + WOLFSSL_TEMP_CA = 3 /* Temp intermediate CA, only for use by + * X509_STORE */ }; WOLFSSL_ABI WOLFSSL_API WC_RNG* wolfSSL_GetRNG(WOLFSSL* ssl); @@ -3259,6 +3352,8 @@ WOLFSSL_API int wolfSSL_SetVersion(WOLFSSL* ssl, int version); typedef void (*CallbackCACache)(unsigned char* der, int sz, int type); typedef void (*CbMissingCRL)(const char* url); +typedef int (*crlErrorCb)(int ret, WOLFSSL_CRL* crl, WOLFSSL_CERT_MANAGER* cm, + void* ctx); typedef int (*CbOCSPIO)(void*, const char*, int, unsigned char*, int, unsigned char**); typedef void (*CbOCSPRespFree)(void*,unsigned char*); @@ -3292,6 +3387,21 @@ WOLFSSL_API void wolfSSL_CTX_SetEncryptMacCb(WOLFSSL_CTX* ctx, CallbackEncryptM WOLFSSL_API void wolfSSL_SetEncryptMacCtx(WOLFSSL* ssl, void *ctx); WOLFSSL_API void* wolfSSL_GetEncryptMacCtx(WOLFSSL* ssl); +#ifdef WOLFSSL_THREADED_CRYPT + #ifndef WOLFSSL_THREADED_CRYPT_CNT + #define WOLFSSL_THREADED_CRYPT_CNT 16 + #endif + +typedef void (*WOLFSSL_THREAD_SIGNAL)(void* ctx, WOLFSSL* ssl); + +WOLFSSL_API int wolfSSL_AsyncEncryptReady(WOLFSSL* ssl, int idx); +WOLFSSL_API int wolfSSL_AsyncEncryptStop(WOLFSSL* ssl, int idx); +WOLFSSL_API int wolfSSL_AsyncEncrypt(WOLFSSL* ssl, int idx); +WOLFSSL_API int wolfSSL_AsyncEncryptSetSignal(WOLFSSL* ssl, int idx, + WOLFSSL_THREAD_SIGNAL signal, void* ctx); +#endif + + typedef int (*CallbackVerifyDecrypt)(WOLFSSL* ssl, unsigned char* decOut, const unsigned char* decIn, unsigned int decSz, int content, int verify, unsigned int* padSz, @@ -3332,7 +3442,7 @@ enum { WOLFSSL_BLOCK_TYPE = 2, WOLFSSL_STREAM_TYPE = 3, WOLFSSL_AEAD_TYPE = 4, - WOLFSSL_TLS_HMAC_INNER_SZ = 13 /* SEQ_SZ + ENUM + VERSION_SZ + LEN_SZ */ + WOLFSSL_TLS_HMAC_INNER_SZ = 13, /* SEQ_SZ + ENUM + VERSION_SZ + LEN_SZ */ }; /* for GetBulkCipher and internal use @@ -3667,8 +3777,7 @@ WOLFSSL_API void wolfSSL_CTX_SetPerformTlsRecordProcessingCb(WOLFSSL_CTX* ctx, WOLFSSL_API void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER* cm); WOLFSSL_API int wolfSSL_CertManager_up_ref(WOLFSSL_CERT_MANAGER* cm); -#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \ - && defined(HAVE_OID_DECODING) +#ifdef WC_ASN_UNKNOWN_EXT_CB WOLFSSL_API void wolfSSL_CertManagerSetUnknownExtCallback( WOLFSSL_CERT_MANAGER* cm, wc_UnknownExtCallback cb); @@ -3708,6 +3817,8 @@ WOLFSSL_API void wolfSSL_CTX_SetPerformTlsRecordProcessingCb(WOLFSSL_CTX* ctx, const unsigned char* buff, long sz, int type); WOLFSSL_API int wolfSSL_CertManagerSetCRL_Cb(WOLFSSL_CERT_MANAGER* cm, CbMissingCRL cb); + WOLFSSL_API int wolfSSL_CertManagerSetCRL_ErrorCb(WOLFSSL_CERT_MANAGER* cm, + crlErrorCb cb, void* ctx); WOLFSSL_API int wolfSSL_CertManagerFreeCRL(WOLFSSL_CERT_MANAGER* cm); #ifdef HAVE_CRL_IO WOLFSSL_API int wolfSSL_CertManagerSetCRL_IOCb(WOLFSSL_CERT_MANAGER* cm, @@ -3751,6 +3862,8 @@ WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_STORE_get1_certs( WOLFSSL_API int wolfSSL_LoadCRLBuffer(WOLFSSL* ssl, const unsigned char* buff, long sz, int type); WOLFSSL_API int wolfSSL_SetCRL_Cb(WOLFSSL* ssl, CbMissingCRL cb); + WOLFSSL_API int wolfSSL_SetCRL_ErrorCb(WOLFSSL* ssl, crlErrorCb cb, + void* ctx); #ifdef HAVE_CRL_IO WOLFSSL_API int wolfSSL_SetCRL_IOCb(WOLFSSL* ssl, CbCrlIO cb); #endif @@ -3768,6 +3881,8 @@ WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_STORE_get1_certs( WOLFSSL_API int wolfSSL_CTX_LoadCRLBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, long sz, int type); WOLFSSL_API int wolfSSL_CTX_SetCRL_Cb(WOLFSSL_CTX* ctx, CbMissingCRL cb); + WOLFSSL_API int wolfSSL_CTX_SetCRL_ErrorCb(WOLFSSL_CTX* ctx, crlErrorCb cb, + void* cbCtx); #ifdef HAVE_CRL_IO WOLFSSL_API int wolfSSL_CTX_SetCRL_IOCb(WOLFSSL_CTX* ctx, CbCrlIO cb); #endif @@ -4046,9 +4161,9 @@ enum { WOLFSSL_FFDHE_8192 = 260, #ifdef HAVE_PQC - /* These group numbers were taken from OQS's openssl fork, see: - * https://github.com/open-quantum-safe/openssl/blob/OQS-OpenSSL_1_1_1-stable/ - * oqs-template/oqs-kem-info.md. + /* These group numbers were taken from OQS's openssl provider, see: + * https://github.com/open-quantum-safe/oqs-provider/blob/main/oqs-template/ + * oqs-kem-info.md. * * The levels in the group name refer to the claimed NIST level of each * parameter set. The associated parameter set name is listed as a comment @@ -4062,6 +4177,7 @@ enum { * algorithms have LEVEL2 and LEVEL4 because none of these submissions * included them. */ +#ifndef WOLFSSL_ML_KEM WOLFSSL_PQC_MIN = 570, WOLFSSL_PQC_SIMPLE_MIN = 570, WOLFSSL_KYBER_LEVEL1 = 570, /* KYBER_512 */ @@ -4075,7 +4191,22 @@ enum { WOLFSSL_P521_KYBER_LEVEL5 = 12093, WOLFSSL_PQC_HYBRID_MAX = 12093, WOLFSSL_PQC_MAX = 12093, -#endif +#else + WOLFSSL_PQC_MIN = 583, + WOLFSSL_PQC_SIMPLE_MIN = 583, + WOLFSSL_KYBER_LEVEL1 = 583, /* ML-KEM 512 */ + WOLFSSL_KYBER_LEVEL3 = 584, /* ML-KEM 768 */ + WOLFSSL_KYBER_LEVEL5 = 585, /* ML-KEM 1024 */ + WOLFSSL_PQC_SIMPLE_MAX = 585, + + WOLFSSL_PQC_HYBRID_MIN = 12103, + WOLFSSL_P256_KYBER_LEVEL1 = 12103, + WOLFSSL_P384_KYBER_LEVEL3 = 12104, + WOLFSSL_P521_KYBER_LEVEL5 = 12105, + WOLFSSL_PQC_HYBRID_MAX = 12105, + WOLFSSL_PQC_MAX = 12105, +#endif /* WOLFSSL_ML_KEM */ +#endif /* HAVE_PQC */ }; enum { @@ -4140,7 +4271,25 @@ WOLFSSL_API long wolfSSL_SSL_get_secure_renegotiation_support(WOLFSSL* ssl); #ifdef HAVE_SESSION_TICKET #if !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && !defined(NO_WOLFSSL_SERVER) - #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && \ + #ifdef WOLFSSL_TICKET_ENC_CBC_HMAC + #if defined(WOLFSSL_TICKET_ENC_HMAC_SHA512) + #define WOLFSSL_TICKET_ENC_HMAC WC_HASH_TYPE_SHA512 + #define WOLFSSL_TICKET_HMAC_KEY_SZ 64 + #elif defined(WOLFSSL_TICKET_ENC_HMAC_SHA384) + #define WOLFSSL_TICKET_ENC_HMAC WC_HASH_TYPE_SHA384 + #define WOLFSSL_TICKET_HMAC_KEY_SZ 48 + #else + #define WOLFSSL_TICKET_ENC_HMAC WC_HASH_TYPE_SHA256 + #define WOLFSSL_TICKET_HMAC_KEY_SZ 32 + #endif + #ifdef WOLFSSL_TICKET_ENC_AES256_CBC + #define WOLFSSL_TICKET_KEY_SZ \ + (AES_256_KEY_SIZE + WOLFSSL_TICKET_HMAC_KEY_SZ) + #else + #define WOLFSSL_TICKET_KEY_SZ \ + (AES_128_KEY_SIZE + WOLFSSL_TICKET_HMAC_KEY_SZ) + #endif + #elif defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && \ !defined(WOLFSSL_TICKET_ENC_AES128_GCM) && \ !defined(WOLFSSL_TICKET_ENC_AES256_GCM) #define WOLFSSL_TICKET_KEY_SZ CHACHA20_POLY1305_AEAD_KEYSIZE @@ -4171,7 +4320,11 @@ WOLFSSL_API int wolfSSL_send_SessionTicket(WOLFSSL* ssl); #define WOLFSSL_TICKET_NAME_SZ 16 #define WOLFSSL_TICKET_IV_SZ 16 -#define WOLFSSL_TICKET_MAC_SZ 32 +#ifndef WOLFSSL_TICKET_ENC_CBC_HMAC + #define WOLFSSL_TICKET_MAC_SZ 32 +#else + #define WOLFSSL_TICKET_MAC_SZ WOLFSSL_TICKET_HMAC_KEY_SZ +#endif enum TicketEncRet { WOLFSSL_TICKET_RET_FATAL = -1, /* fatal error, don't use ticket */ @@ -4448,7 +4601,6 @@ WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509_EXTENSION_dup( WOLFSSL_X509_EXTENSION* src); WOLFSSL_API int wolfSSL_sk_X509_EXTENSION_push(WOLFSSL_STACK* sk, WOLFSSL_X509_EXTENSION* ext); -WOLFSSL_API void wolfSSL_sk_X509_EXTENSION_free(WOLFSSL_STACK* sk); WOLFSSL_API void wolfSSL_X509_EXTENSION_free(WOLFSSL_X509_EXTENSION* ext_to_free); WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_new_x509_ext(void); #endif @@ -4819,6 +4971,10 @@ WOLFSSL_API int wolfSSL_ASN1_BIT_STRING_get_bit( const WOLFSSL_ASN1_BIT_STRING* str, int i); WOLFSSL_API int wolfSSL_ASN1_BIT_STRING_set_bit( WOLFSSL_ASN1_BIT_STRING* str, int pos, int val); +WOLFSSL_API int wolfSSL_i2d_ASN1_BIT_STRING(const WOLFSSL_ASN1_BIT_STRING* bstr, + unsigned char** pp); +WOLFSSL_API WOLFSSL_ASN1_BIT_STRING* wolfSSL_d2i_ASN1_BIT_STRING( + WOLFSSL_ASN1_BIT_STRING** out, const byte** src, long len); #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ WOLFSSL_API int wolfSSL_version(WOLFSSL* ssl); @@ -4919,6 +5075,11 @@ WOLFSSL_API WOLFSSL_X509_OBJECT* wolfSSL_X509_OBJECT_new(void); WOLFSSL_API void wolfSSL_X509_OBJECT_free(WOLFSSL_X509_OBJECT *obj); WOLFSSL_API WOLFSSL_X509 *wolfSSL_X509_OBJECT_get0_X509(const WOLFSSL_X509_OBJECT *obj); WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_X509_OBJECT_get0_X509_CRL(WOLFSSL_X509_OBJECT *obj); + +WOLFSSL_API WOLFSSL_X509_OBJECT *wolfSSL_X509_OBJECT_retrieve_by_subject( + WOLF_STACK_OF(WOLFSSL_X509_OBJECT) *sk, + WOLFSSL_X509_LOOKUP_TYPE type, + WOLFSSL_X509_NAME *name); #endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || HAVE_LIGHTY */ #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) @@ -5191,8 +5352,14 @@ WOLFSSL_API void wolfSSL_X509_ALGOR_free(WOLFSSL_X509_ALGOR *alg); WOLFSSL_API const WOLFSSL_X509_ALGOR* wolfSSL_X509_get0_tbs_sigalg(const WOLFSSL_X509 *x); WOLFSSL_API void wolfSSL_X509_ALGOR_get0(const WOLFSSL_ASN1_OBJECT **paobj, int *pptype, const void **ppval, const WOLFSSL_X509_ALGOR *algor); WOLFSSL_API int wolfSSL_X509_ALGOR_set0(WOLFSSL_X509_ALGOR *algor, WOLFSSL_ASN1_OBJECT *aobj, int ptype, void *pval); +WOLFSSL_API int wolfSSL_i2d_X509_ALGOR(const WOLFSSL_X509_ALGOR* alg, + unsigned char** pp); +WOLFSSL_API WOLFSSL_X509_ALGOR* wolfSSL_d2i_X509_ALGOR(WOLFSSL_X509_ALGOR** out, + const byte** src, long len); WOLFSSL_API WOLFSSL_ASN1_TYPE* wolfSSL_ASN1_TYPE_new(void); WOLFSSL_API void wolfSSL_ASN1_TYPE_free(WOLFSSL_ASN1_TYPE* at); +WOLFSSL_API int wolfSSL_i2d_ASN1_TYPE(WOLFSSL_ASN1_TYPE* at, + unsigned char** pp); WOLFSSL_API WOLFSSL_X509_PUBKEY *wolfSSL_X509_PUBKEY_new(void); WOLFSSL_API void wolfSSL_X509_PUBKEY_free(WOLFSSL_X509_PUBKEY *x); WOLFSSL_API WOLFSSL_X509_PUBKEY *wolfSSL_X509_get_X509_PUBKEY(const WOLFSSL_X509* x509); @@ -5207,7 +5374,6 @@ WOLFSSL_API int wolfSSL_i2a_ASN1_OBJECT(WOLFSSL_BIO *bp, WOLFSSL_ASN1_OBJECT *a) WOLFSSL_API int wolfSSL_i2d_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT *a, unsigned char **pp); WOLFSSL_API void SSL_CTX_set_tmp_dh_callback(WOLFSSL_CTX *ctx, WOLFSSL_DH *(*dh) (WOLFSSL *ssl, int is_export, int keylength)); WOLFSSL_API WOLF_STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); -WOLFSSL_API const char* wolfSSL_COMP_get_name(const void* comp); WOLFSSL_API int wolfSSL_X509_STORE_load_locations(WOLFSSL_X509_STORE *str, const char *file, const char *dir); WOLFSSL_API int wolfSSL_X509_STORE_add_crl(WOLFSSL_X509_STORE *ctx, WOLFSSL_X509_CRL *x); WOLFSSL_API int wolfSSL_sk_SSL_CIPHER_num(const WOLF_STACK_OF(WOLFSSL_CIPHER)* p); @@ -5239,6 +5405,8 @@ WOLFSSL_API int wolfSSL_X509_get_signature_nid(const WOLFSSL_X509* x); WOLFSSL_API int wolfSSL_PEM_write_bio_PKCS8PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* pkey, const WOLFSSL_EVP_CIPHER* enc, char* passwd, int passwdSz, wc_pem_password_cb* cb, void* ctx); +WOLFSSL_API int wolfSSL_PEM_write_bio_PKCS8_PRIV_KEY_INFO(WOLFSSL_BIO* bio, + PKCS8_PRIV_KEY_INFO* keyInfo); #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) WOLFSSL_API int wolfSSL_PEM_write_PKCS8PrivateKey( XFILE fp, WOLFSSL_EVP_PKEY* pkey, const WOLFSSL_EVP_CIPHER* enc, @@ -5358,6 +5526,7 @@ WOLFSSL_API int wolfSSL_dtls_cid_get_tx_size(WOLFSSL* ssl, unsigned int* size); WOLFSSL_API int wolfSSL_dtls_cid_get_tx(WOLFSSL* ssl, unsigned char* buffer, unsigned int bufferSz); +WOLFSSL_API int wolfSSL_dtls_cid_max_size(void); #endif /* defined(WOLFSSL_DTLS_CID) */ #ifdef WOLFSSL_DTLS_CH_FRAG diff --git a/src/wolfssl/test.h b/src/wolfssl/test.h index 4dd6320..bbe7d0f 100644 --- a/src/wolfssl/test.h +++ b/src/wolfssl/test.h @@ -1,6 +1,6 @@ /* test.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -203,7 +203,9 @@ #include #include #include - #include + #ifndef WOLFSSL_NDS + #include + #endif #include #include #ifdef HAVE_PTHREAD @@ -1099,10 +1101,11 @@ static WC_INLINE void ShowX509Ex(WOLFSSL_X509* x509, const char* hdr, char serialMsg[80]; /* testsuite has multiple threads writing to stdout, get output - message ready to write once */ - strLen = sprintf(serialMsg, " %s", words[3]); + * message ready to write once */ + strLen = XSNPRINTF(serialMsg, sizeof(serialMsg), " %s", words[3]); for (i = 0; i < sz; i++) - sprintf(serialMsg + strLen + (i*3), ":%02x ", serial[i]); + strLen = XSNPRINTF(serialMsg + strLen, + sizeof(serialMsg) - (size_t)strLen, ":%02x ", serial[i]); printf("%s\n", serialMsg); } @@ -1850,7 +1853,8 @@ static WC_INLINE unsigned int my_psk_client_cb(WOLFSSL* ssl, const char* hint, /* see internal.h MAX_PSK_ID_LEN for PSK identity limit */ XSTRNCPY(identity, kIdentityStr, id_max_len); - if (wolfSSL_GetVersion(ssl) < WOLFSSL_TLSV1_3) { + if (wolfSSL_GetVersion(ssl) != WOLFSSL_TLSV1_3 && + wolfSSL_GetVersion(ssl) != WOLFSSL_DTLSV1_3) { /* test key in hex is 0x1a2b3c4d , in decimal 439,041,101 , we're using * unsigned binary */ key[0] = 0x1a; @@ -1894,7 +1898,8 @@ static WC_INLINE unsigned int my_psk_server_cb(WOLFSSL* ssl, const char* identit if (XSTRCMP(identity, kIdentityStr) != 0) return 0; - if (wolfSSL_GetVersion(ssl) < WOLFSSL_TLSV1_3) { + if (wolfSSL_GetVersion(ssl) != WOLFSSL_TLSV1_3 && + wolfSSL_GetVersion(ssl) != WOLFSSL_DTLSV1_3) { /* test key in hex is 0x1a2b3c4d , in decimal 439,041,101 , we're using * unsigned binary */ key[0] = 0x1a; @@ -3341,8 +3346,9 @@ static WC_INLINE int myEccSharedSecret(WOLFSSL* ssl, ecc_key* otherKey, ret = BAD_FUNC_ARG; } -#if defined(ECC_TIMING_RESISTANT) && !defined(HAVE_FIPS) && \ - !defined(HAVE_SELFTEST) +#if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \ + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \ + !defined(HAVE_SELFTEST) if (ret == 0) { ret = wc_ecc_set_rng(privKey, wolfSSL_GetRNG(ssl)); } @@ -3901,9 +3907,11 @@ static WC_INLINE int myRsaPssSign(WOLFSSL* ssl, const byte* in, word32 inSz, { enum wc_HashType hashType = WC_HASH_TYPE_NONE; WC_RNG rng; - int ret; + int ret = 0; word32 idx = 0; RsaKey myKey; + byte* inBuf = (byte*)in; + word32 inBufSz = inSz; byte* keyBuf = (byte*)key; PkCbInfo* cbInfo = (PkCbInfo*)ctx; @@ -3941,17 +3949,40 @@ static WC_INLINE int myRsaPssSign(WOLFSSL* ssl, const byte* in, word32 inSz, if (ret != 0) return ret; - ret = wc_InitRsaKey(&myKey, NULL); + #ifdef TLS13_RSA_PSS_SIGN_CB_NO_PREHASH + /* With this defined, RSA-PSS sign callback when used from TLS 1.3 + * does not hash data before giving to this callback. User must + * compute hash themselves. */ + if (wolfSSL_GetVersion(ssl) == WOLFSSL_TLSV1_3) { + inBufSz = wc_HashGetDigestSize(hashType); + inBuf = (byte*)XMALLOC(inBufSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (inBuf == NULL) { + ret = MEMORY_E; + } + if (ret == 0) { + ret = wc_Hash(hashType, in, inSz, inBuf, inBufSz); + } + } + #endif + + if (ret == 0) { + ret = wc_InitRsaKey(&myKey, NULL); + } if (ret == 0) { ret = wc_RsaPrivateKeyDecode(keyBuf, &idx, &myKey, keySz); if (ret == 0) { - ret = wc_RsaPSS_Sign(in, inSz, out, *outSz, hashType, mgf, &myKey, - &rng); + ret = wc_RsaPSS_Sign(inBuf, inBufSz, out, *outSz, hashType, mgf, + &myKey, &rng); } if (ret > 0) { /* save and convert to 0 success */ *outSz = (word32) ret; ret = 0; } + #ifdef TLS13_RSA_PSS_SIGN_CB_NO_PREHASH + if ((inBuf != NULL) && (wolfSSL_GetVersion(ssl) == WOLFSSL_TLSV1_3)) { + XFREE(inBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } + #endif wc_FreeRsaKey(&myKey); } wc_FreeRng(&rng); @@ -4826,4 +4857,23 @@ void DEBUG_WRITE_DER(const byte* der, int derSz, const char* fileName); #define DTLS_CID_BUFFER_SIZE 256 +static WC_MAYBE_UNUSED void *mymemmem(const void *haystack, size_t haystacklen, + const void *needle, size_t needlelen) +{ + size_t i, j; + const char* h = (const char*)haystack; + const char* n = (const char*)needle; + if (needlelen > haystacklen) + return NULL; + for (i = 0; i <= haystacklen - needlelen; i++) { + for (j = 0; j < needlelen; j++) { + if (h[i + j] != n[j]) + break; + } + if (j == needlelen) + return (void*)(h + i); + } + return NULL; +} + #endif /* wolfSSL_TEST_H */ diff --git a/src/wolfssl/version.h b/src/wolfssl/version.h index 2da6e5e..b494238 100644 --- a/src/wolfssl/version.h +++ b/src/wolfssl/version.h @@ -1,6 +1,6 @@ /* wolfssl_version.h.in * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -28,8 +28,8 @@ extern "C" { #endif -#define LIBWOLFSSL_VERSION_STRING "5.7.2" -#define LIBWOLFSSL_VERSION_HEX 0x05007002 +#define LIBWOLFSSL_VERSION_STRING "5.7.4" +#define LIBWOLFSSL_VERSION_HEX 0x05007004 #ifdef __cplusplus } diff --git a/src/wolfssl/wolfcrypt/aes.h b/src/wolfssl/wolfcrypt/aes.h index 46687da..eaa0c47 100644 --- a/src/wolfssl/wolfcrypt/aes.h +++ b/src/wolfssl/wolfcrypt/aes.h @@ -1,6 +1,6 @@ /* aes.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -327,7 +327,7 @@ struct Aes { int alFd; /* server socket to bind to */ int rdFd; /* socket to read from */ struct msghdr msg; - int dir; /* flag for encrpyt or decrypt */ + int dir; /* flag for encrypt or decrypt */ #ifdef WOLFSSL_AFALG_XILINX_AES word32 msgBuf[CMSG_SPACE(4) + CMSG_SPACE(sizeof(struct af_alg_iv) + GCM_NONCE_MID_SZ)]; @@ -382,15 +382,16 @@ struct Aes { ALIGN16 byte streamData[5 * AES_BLOCK_SIZE]; #else byte* streamData; + word32 streamData_sz; #endif word32 aSz; word32 cSz; byte over; byte aOver; byte cOver; - byte gcmKeySet:1; - byte nonceSet:1; - byte ctrSet:1; + WC_BITFIELD gcmKeySet:1; + WC_BITFIELD nonceSet:1; + WC_BITFIELD ctrSet:1; #endif #ifdef WC_DEBUG_CIPHER_LIFECYCLE void *CipherLifecycleTag; /* used for dummy allocation and initialization, @@ -726,8 +727,17 @@ WOLFSSL_API int wc_AesInit_Label(Aes* aes, const char* label, void* heap, int devId); #endif WOLFSSL_API void wc_AesFree(Aes* aes); +#ifndef WC_NO_CONSTRUCTORS +WOLFSSL_API Aes* wc_AesNew(void* heap, int devId, int *result_code); +WOLFSSL_API int wc_AesDelete(Aes* aes, Aes** aes_p); +#endif #ifdef WOLFSSL_AES_SIV +typedef struct AesSivAssoc { + const byte* assoc; + word32 assocSz; +} AesSivAssoc; + WOLFSSL_API int wc_AesSivEncrypt(const byte* key, word32 keySz, const byte* assoc, word32 assocSz, const byte* nonce, word32 nonceSz, @@ -736,6 +746,15 @@ WOLFSSL_API int wc_AesSivDecrypt(const byte* key, word32 keySz, const byte* assoc, word32 assocSz, const byte* nonce, word32 nonceSz, const byte* in, word32 inSz, byte* siv, byte* out); + +WOLFSSL_API +int wc_AesSivEncrypt_ex(const byte* key, word32 keySz, const AesSivAssoc* assoc, + word32 numAssoc, const byte* nonce, word32 nonceSz, + const byte* in, word32 inSz, byte* siv, byte* out); +WOLFSSL_API +int wc_AesSivDecrypt_ex(const byte* key, word32 keySz, const AesSivAssoc* assoc, + word32 numAssoc, const byte* nonce, word32 nonceSz, + const byte* in, word32 inSz, byte* siv, byte* out); #endif #ifdef WOLFSSL_AES_EAX diff --git a/src/wolfssl/wolfcrypt/arc4.h b/src/wolfssl/wolfcrypt/arc4.h index fe58b10..0dc29d3 100644 --- a/src/wolfssl/wolfcrypt/arc4.h +++ b/src/wolfssl/wolfcrypt/arc4.h @@ -1,6 +1,6 @@ /* arc4.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/asn.h b/src/wolfssl/wolfcrypt/asn.h index 503c985..11803d6 100644 --- a/src/wolfssl/wolfcrypt/asn.h +++ b/src/wolfssl/wolfcrypt/asn.h @@ -1,6 +1,6 @@ /* asn.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -76,13 +76,28 @@ that can be serialized and deserialized in a cross-platform way. #endif enum { - ISSUER = 0, - SUBJECT = 1, + ASN_ISSUER = 0, + ASN_SUBJECT = 1, - BEFORE = 0, - AFTER = 1 + ASN_BEFORE = 0, + ASN_AFTER = 1 }; +#ifndef NO_ASN_OLD_TYPE_NAMES + #ifndef ISSUER + #define ISSUER ASN_ISSUER + #endif + #ifndef SUBJECT + #define SUBJECT ASN_SUBJECT + #endif + #ifndef BEFORE + #define BEFORE ASN_BEFORE + #endif + #ifndef AFTER + #define AFTER ASN_AFTER + #endif +#endif + /* ASN Tags */ enum ASN_Tags { ASN_EOC = 0x00, @@ -209,11 +224,11 @@ typedef struct ASNItem { /* BER/DER tag to expect. */ byte tag; /* Whether the ASN.1 item is constructed. */ - byte constructed:1; + WC_BITFIELD constructed:1; /* Whether to parse the header only or skip data. If * ASNSetData.data.buffer.data is supplied then this option gets * overwritten and the child nodes get ignored. */ - byte headerOnly:1; + WC_BITFIELD headerOnly:1; /* Whether ASN.1 item is optional. * - 0 means not optional * - 1 means is optional @@ -351,7 +366,7 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType); #define GetASN_Int8Bit(dataASN, num) \ do { \ (dataASN)->dataType = ASN_DATA_TYPE_WORD8; \ - (dataASN)->data.u8 = num; \ + (dataASN)->data.u8 = (num); \ } while (0) /* Setup ASN data item to get a 16-bit number. @@ -362,7 +377,7 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType); #define GetASN_Int16Bit(dataASN, num) \ do { \ (dataASN)->dataType = ASN_DATA_TYPE_WORD16; \ - (dataASN)->data.u16 = num; \ + (dataASN)->data.u16 = (num); \ } while (0) /* Setup ASN data item to get a 32-bit number. @@ -373,7 +388,7 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType); #define GetASN_Int32Bit(dataASN, num) \ do { \ (dataASN)->dataType = ASN_DATA_TYPE_WORD32; \ - (dataASN)->data.u32 = num; \ + (dataASN)->data.u32 = (num); \ } while (0) /* Setup ASN data item to get data into a buffer of a specific length. @@ -385,8 +400,8 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType); #define GetASN_Buffer(dataASN, d, l) \ do { \ (dataASN)->dataType = ASN_DATA_TYPE_BUFFER; \ - (dataASN)->data.buffer.data = d; \ - (dataASN)->data.buffer.length = l; \ + (dataASN)->data.buffer.data = (d); \ + (dataASN)->data.buffer.length = (l); \ } while (0) /* Setup ASN data item to check parsed data against expected buffer. @@ -398,8 +413,8 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType); #define GetASN_ExpBuffer(dataASN, d, l) \ do { \ (dataASN)->dataType = ASN_DATA_TYPE_EXP_BUFFER; \ - (dataASN)->data.ref.data = d; \ - (dataASN)->data.ref.length = l; \ + (dataASN)->data.ref.data = (d); \ + (dataASN)->data.ref.length = (l); \ } while (0) /* Setup ASN data item to get a number into an mp_int. @@ -410,7 +425,7 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType); #define GetASN_MP(dataASN, num) \ do { \ (dataASN)->dataType = ASN_DATA_TYPE_MP; \ - (dataASN)->data.mp = num; \ + (dataASN)->data.mp = (num); \ } while (0) /* Setup ASN data item to get a number into an mp_int that is initialized. @@ -421,7 +436,7 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType); #define GetASN_MP_Inited(dataASN, num) \ do { \ (dataASN)->dataType = ASN_DATA_TYPE_MP_INITED; \ - (dataASN)->data.mp = num; \ + (dataASN)->data.mp = (num); \ } while (0) /* Setup ASN data item to get a positive or negative number into an mp_int. @@ -432,7 +447,7 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType); #define GetASN_MP_PosNeg(dataASN, num) \ do { \ (dataASN)->dataType = ASN_DATA_TYPE_MP_POS_NEG; \ - (dataASN)->data.mp = num; \ + (dataASN)->data.mp = (num); \ } while (0) /* Setup ASN data item to be a choice of tags. @@ -443,7 +458,7 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType); #define GetASN_Choice(dataASN, options) \ do { \ (dataASN)->dataType = ASN_DATA_TYPE_CHOICE; \ - (dataASN)->data.choice = options; \ + (dataASN)->data.choice = (options); \ } while (0) /* Setup ASN data item to get a boolean value. @@ -454,7 +469,7 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType); #define GetASN_Boolean(dataASN, num) \ do { \ (dataASN)->dataType = ASN_DATA_TYPE_NONE; \ - (dataASN)->data.u8 = num; \ + (dataASN)->data.u8 = (num); \ } while (0) /* Setup ASN data item to be a an OID of a specific type. @@ -463,7 +478,7 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType); * @param [in] oidType Type of OID to expect. */ #define GetASN_OID(dataASN, oidType) \ - (dataASN)->data.oid.type = oidType + (dataASN)->data.oid.type = (oidType) /* Get the data and length from an ASN data item. * @@ -509,7 +524,7 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType); #define SetASN_Boolean(dataASN, val) \ do { \ (dataASN)->dataType = ASN_DATA_TYPE_NONE; \ - (dataASN)->data.u8 = val; \ + (dataASN)->data.u8 = (val); \ } while (0) /* Setup an ASN data item to set an 8-bit number. @@ -520,7 +535,7 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType); #define SetASN_Int8Bit(dataASN, num) \ do { \ (dataASN)->dataType = ASN_DATA_TYPE_WORD8; \ - (dataASN)->data.u8 = num; \ + (dataASN)->data.u8 = (num); \ } while (0) /* Setup an ASN data item to set a 16-bit number. @@ -531,7 +546,7 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType); #define SetASN_Int16Bit(dataASN, num) \ do { \ (dataASN)->dataType = ASN_DATA_TYPE_WORD16; \ - (dataASN)->data.u16 = num; \ + (dataASN)->data.u16 = (num); \ } while (0) /* Setup an ASN data item to set the data in a buffer. @@ -542,8 +557,8 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType); */ #define SetASN_Buffer(dataASN, d, l) \ do { \ - (dataASN)->data.buffer.data = d; \ - (dataASN)->data.buffer.length = l; \ + (dataASN)->data.buffer.data = (d); \ + (dataASN)->data.buffer.length = (word32)(l); \ } while (0) /* Setup an ASN data item to set the DER encode data in a buffer. @@ -555,8 +570,8 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType); #define SetASN_ReplaceBuffer(dataASN, d, l) \ do { \ (dataASN)->dataType = ASN_DATA_TYPE_REPLACE_BUFFER; \ - (dataASN)->data.buffer.data = d; \ - (dataASN)->data.buffer.length = l; \ + (dataASN)->data.buffer.data = (d); \ + (dataASN)->data.buffer.length = (l); \ } while (0) /* Setup an ASN data item to set an muli-precision number. @@ -567,7 +582,7 @@ WOLFSSL_LOCAL void SetASN_OID(ASNSetData *dataASN, int oid, int oidType); #define SetASN_MP(dataASN, num) \ do { \ (dataASN)->dataType = ASN_DATA_TYPE_MP; \ - (dataASN)->data.mp = num; \ + (dataASN)->data.mp = (num); \ } while (0) /* Setup an ASN data item to set an OID based on id and type. @@ -784,7 +799,7 @@ extern const WOLFSSL_ObjectInfo wolfssl_object_info[]; * Any certificate containing more than this number of subject * alternative names will cause an error when attempting to parse. */ #ifndef WOLFSSL_MAX_ALT_NAMES -#define WOLFSSL_MAX_ALT_NAMES 128 +#define WOLFSSL_MAX_ALT_NAMES 1024 #endif /* Maximum number of allowed name constraints in a certificate. @@ -864,6 +879,10 @@ extern const WOLFSSL_ObjectInfo wolfssl_object_info[]; #define NID_X9_62_prime_field 406 /* 1.2.840.10045.1.1 */ #endif /* OPENSSL_EXTRA */ +#define NID_id_GostR3410_2001 811 +#define NID_id_GostR3410_2012_256 979 +#define NID_id_GostR3410_2012_512 980 + enum ECC_TYPES { ECC_PREFIX_0 = 160, @@ -932,13 +951,14 @@ enum Misc_ASN { #else KEYID_SIZE = WC_SHA_DIGEST_SIZE, #endif -#if !defined(WOLFSSL_RSA_PUBLIC_ONLY) && (defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || !defined(RSA_LOW_MEM)) - RSA_INTS = 8, /* RSA ints in private key */ -#elif !defined(WOLFSSL_RSA_PUBLIC_ONLY) - RSA_INTS = 5, /* RSA ints in private key */ -#else - RSA_INTS = 2, /* RSA ints in private key */ + RSA_INTS = 2 /* RSA ints in private key */ +#ifndef WOLFSSL_RSA_PUBLIC_ONLY + + 3 +#if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || !defined(RSA_LOW_MEM) + + 3 +#endif #endif + , DSA_PARAM_INTS = 3, /* DSA parameter ints */ RSA_PUB_INTS = 2, /* RSA ints in public key */ DSA_PUB_INTS = 4, /* DSA ints in public key */ @@ -1167,6 +1187,9 @@ enum Key_Sum { DILITHIUM_LEVEL2k = 218, /* 1.3.6.1.4.1.2.267.12.4.4 */ DILITHIUM_LEVEL3k = 221, /* 1.3.6.1.4.1.2.267.12.6.5 */ DILITHIUM_LEVEL5k = 225, /* 1.3.6.1.4.1.2.267.12.8.7 */ + ML_DSA_LEVEL2k = 431, /* 2.16.840.1.101.3.4.3.17 */ + ML_DSA_LEVEL3k = 432, /* 2.16.840.1.101.3.4.3.18 */ + ML_DSA_LEVEL5k = 433, /* 2.16.840.1.101.3.4.3.19 */ SPHINCS_FAST_LEVEL1k = 281, /* 1 3 9999 6 7 4 */ SPHINCS_FAST_LEVEL3k = 283, /* 1 3 9999 6 8 3 + 2 (See GetOID() in asn.c) */ SPHINCS_FAST_LEVEL5k = 282, /* 1 3 9999 6 9 3 */ @@ -1251,8 +1274,9 @@ enum Extensions_Sum { #ifdef WOLFSSL_DUAL_ALG_CERTS SUBJ_ALT_PUB_KEY_INFO_OID = 186, /* 2.5.29.72 subject alt public key info */ ALT_SIG_ALG_OID = 187, /* 2.5.29.73 alt sig alg */ - ALT_SIG_VAL_OID = 188 /* 2.5.29.74 alt sig val */ + ALT_SIG_VAL_OID = 188, /* 2.5.29.74 alt sig val */ #endif + WOLF_ENUM_DUMMY_LAST_ELEMENT(Extensions_Sum) }; enum CertificatePolicy_Sum { @@ -1399,10 +1423,10 @@ struct DNS_entry { int type; /* i.e. ASN_DNS_TYPE */ int len; /* actual DNS len */ char* name; /* actual DNS name */ -#if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) +#ifdef WOLFSSL_IP_ALT_NAME char* ipString; /* human readable form of IP address */ #endif -#if defined(OPENSSL_ALL) +#ifdef WOLFSSL_RID_ALT_NAME char* ridString; /* human readable form of registeredID */ #endif @@ -1641,10 +1665,12 @@ typedef struct TrustedPeerCert TrustedPeerCert; typedef struct SignatureCtx SignatureCtx; typedef struct CertSignCtx CertSignCtx; -#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \ - && defined(HAVE_OID_DECODING) +#ifdef WC_ASN_UNKNOWN_EXT_CB typedef int (*wc_UnknownExtCallback)(const word16* oid, word32 oidSz, int crit, const unsigned char* der, word32 derSz); +typedef int (*wc_UnknownExtCallbackEx)(const word16* oid, word32 oidSz, + int crit, const unsigned char* der, + word32 derSz, void *ctx); #endif struct DecodedCert { @@ -1692,7 +1718,7 @@ struct DecodedCert { word32 extensionsIdx; /* if want to go back and parse later */ const byte* extAuthInfo; /* Authority Information Access URI */ int extAuthInfoSz; /* length of the URI */ -#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) +#ifdef WOLFSSL_ASN_CA_ISSUER const byte* extAuthInfoCaIssuer; /* Authority Info Access caIssuer URI */ int extAuthInfoCaIssuerSz; /* length of the caIssuer URI */ #endif @@ -1703,7 +1729,9 @@ struct DecodedCert { const byte* extCrlInfo; /* CRL Distribution Points */ int extCrlInfoSz; /* length of the URI */ byte extSubjKeyId[KEYID_SIZE]; /* Subject Key ID */ + word32 extSubjKeyIdSz; byte extAuthKeyId[KEYID_SIZE]; /* Authority Key ID */ + word32 extAuthKeyIdSz; #ifdef WOLFSSL_AKID_NAME const byte* extAuthKeyIdIssuer; /* Authority Key ID authorityCertIssuer */ word32 extAuthKeyIdIssuerSz; /* Authority Key ID authorityCertIssuer length */ @@ -1730,9 +1758,7 @@ struct DecodedCert { word32 extRawAuthKeyIdSz; #endif const byte* extAuthKeyIdSrc; - word32 extAuthKeyIdSz; const byte* extSubjKeyIdSrc; - word32 extSubjKeyIdSz; #endif #ifdef OPENSSL_ALL const byte* extSubjAltNameSrc; @@ -1782,7 +1808,7 @@ struct DecodedCert { char* subjectSN; int subjectSNLen; char subjectSNEnc; - #ifdef WOLFSSL_CERT_NAME_ALL +#ifdef WOLFSSL_CERT_NAME_ALL char* subjectN; int subjectNLen; char subjectNEnc; @@ -1795,7 +1821,7 @@ struct DecodedCert { char* subjectDNQ; int subjectDNQLen; char subjectDNQEnc; - #endif /*WOLFSSL_CERT_NAME_ALL */ +#endif /* WOLFSSL_CERT_NAME_ALL */ char* subjectC; int subjectCLen; char subjectCEnc; @@ -1860,12 +1886,12 @@ struct DecodedCert { char* issuerEmail; int issuerEmailLen; #endif /* WOLFSSL_HAVE_ISSUER_NAMES */ -#endif /* defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT) */ +#endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) /* WOLFSSL_X509_NAME structures (used void* to avoid including ssl.h) */ void* issuerName; void* subjectName; -#endif /* OPENSSL_EXTRA */ +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ #ifdef WOLFSSL_SEP int deviceTypeSz; byte* deviceType; @@ -1917,67 +1943,68 @@ struct DecodedCert { int criticalExt; /* Option Bits */ - byte subjectCNStored : 1; /* have we saved a copy we own */ - byte extSubjKeyIdSet : 1; /* Set when the SKID was read from cert */ - byte extAuthKeyIdSet : 1; /* Set when the AKID was read from cert */ + WC_BITFIELD subjectCNStored:1; /* have we saved a copy we own */ + WC_BITFIELD extSubjKeyIdSet:1; /* Set when the SKID was read from cert */ + WC_BITFIELD extAuthKeyIdSet:1; /* Set when the AKID was read from cert */ #ifndef IGNORE_NAME_CONSTRAINTS - byte extNameConstraintSet : 1; + WC_BITFIELD extNameConstraintSet:1; #endif - byte isCA : 1; /* CA basic constraint true */ - byte pathLengthSet : 1; /* CA basic const path length set */ - byte weOwnAltNames : 1; /* altNames haven't been given to copy */ - byte extKeyUsageSet : 1; - byte extExtKeyUsageSet : 1; /* Extended Key Usage set */ + WC_BITFIELD isCA:1; /* CA basic constraint true */ + WC_BITFIELD pathLengthSet:1; /* CA basic const path length set */ + WC_BITFIELD weOwnAltNames:1; /* altNames haven't been given to copy */ + WC_BITFIELD extKeyUsageSet:1; + WC_BITFIELD extExtKeyUsageSet:1; /* Extended Key Usage set */ #ifdef HAVE_OCSP - byte ocspNoCheckSet : 1; /* id-pkix-ocsp-nocheck set */ -#endif - byte extCRLdistSet : 1; - byte extAuthInfoSet : 1; - byte extBasicConstSet : 1; - byte extPolicyConstSet : 1; - byte extPolicyConstRxpSet : 1; /* requireExplicitPolicy set */ - byte extPolicyConstIpmSet : 1; /* inhibitPolicyMapping set */ - byte extSubjAltNameSet : 1; - byte inhibitAnyOidSet : 1; - byte selfSigned : 1; /* Indicates subject and issuer are same */ -#if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT) - byte extCertPolicySet : 1; -#endif - byte extCRLdistCrit : 1; - byte extAuthInfoCrit : 1; - byte extBasicConstCrit : 1; - byte extPolicyConstCrit : 1; - byte extSubjAltNameCrit : 1; - byte extAuthKeyIdCrit : 1; + WC_BITFIELD ocspNoCheckSet:1; /* id-pkix-ocsp-nocheck set */ +#endif + WC_BITFIELD extCRLdistSet:1; + WC_BITFIELD extAuthInfoSet:1; + WC_BITFIELD extBasicConstSet:1; + WC_BITFIELD extPolicyConstSet:1; + WC_BITFIELD extPolicyConstRxpSet:1; /* requireExplicitPolicy set */ + WC_BITFIELD extPolicyConstIpmSet:1; /* inhibitPolicyMapping set */ + WC_BITFIELD extSubjAltNameSet:1; + WC_BITFIELD inhibitAnyOidSet:1; + WC_BITFIELD selfSigned:1; /* Indicates subject and issuer are same */ +#ifdef WOLFSSL_SEP + WC_BITFIELD extCertPolicySet:1; +#endif + WC_BITFIELD extCRLdistCrit:1; + WC_BITFIELD extAuthInfoCrit:1; + WC_BITFIELD extBasicConstCrit:1; + WC_BITFIELD extPolicyConstCrit:1; + WC_BITFIELD extSubjAltNameCrit:1; + WC_BITFIELD extAuthKeyIdCrit:1; #ifndef IGNORE_NAME_CONSTRAINTS - byte extNameConstraintCrit : 1; + WC_BITFIELD extNameConstraintCrit:1; #endif - byte extSubjKeyIdCrit : 1; - byte extKeyUsageCrit : 1; - byte extExtKeyUsageCrit : 1; + WC_BITFIELD extSubjKeyIdCrit:1; + WC_BITFIELD extKeyUsageCrit:1; + WC_BITFIELD extExtKeyUsageCrit:1; #ifdef WOLFSSL_SUBJ_DIR_ATTR - byte extSubjDirAttrSet : 1; + WC_BITFIELD extSubjDirAttrSet:1; #endif #ifdef WOLFSSL_SUBJ_INFO_ACC - byte extSubjInfoAccSet : 1; + WC_BITFIELD extSubjInfoAccSet:1; #endif #ifdef WOLFSSL_DUAL_ALG_CERTS - byte extSapkiSet : 1; - byte extAltSigAlgSet : 1; - byte extAltSigValSet : 1; + WC_BITFIELD extSapkiSet:1; + WC_BITFIELD extAltSigAlgSet:1; + WC_BITFIELD extAltSigValSet:1; #endif /* WOLFSSL_DUAL_ALG_CERTS */ -#if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT) - byte extCertPolicyCrit : 1; +#ifdef WOLFSSL_SEP + WC_BITFIELD extCertPolicyCrit:1; #endif #ifdef WOLFSSL_CERT_REQ - byte isCSR : 1; /* Do we intend on parsing a CSR? */ + WC_BITFIELD isCSR:1; /* Do we intend on parsing a CSR? */ #endif #ifdef HAVE_RPK - byte isRPK : 1; /* indicate the cert is Raw-Public-Key cert in RFC7250 */ + WC_BITFIELD isRPK:1; /* indicate the cert is Raw-Public-Key cert in RFC7250 */ #endif -#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \ - && defined(HAVE_OID_DECODING) +#ifdef WC_ASN_UNKNOWN_EXT_CB wc_UnknownExtCallback unknownExtCallback; + wc_UnknownExtCallbackEx unknownExtCallbackEx; + void *unknownExtCallbackExCtx; #endif #ifdef WOLFSSL_DUAL_ALG_CERTS /* Subject Alternative Public Key Info */ @@ -2009,14 +2036,14 @@ struct Signer { word32 keyOID; /* key type */ word16 keyUsage; byte maxPathLen; - byte selfSigned : 1; + WC_BITFIELD selfSigned:1; const byte* publicKey; int nameLen; char* name; /* common name */ #ifndef IGNORE_NAME_CONSTRAINTS Base_entry* permittedNames; Base_entry* excludedNames; -#endif /* IGNORE_NAME_CONSTRAINTS */ +#endif /* !IGNORE_NAME_CONSTRAINTS */ byte subjectNameHash[SIGNER_DIGEST_SIZE]; /* sha hash of names in certificate */ #if defined(HAVE_OCSP) || defined(HAVE_CRL) @@ -2117,15 +2144,16 @@ typedef enum MimeStatus } MimeStatus; #endif /* HAVE_SMIME */ - WOLFSSL_LOCAL int HashIdAlg(word32 oidSum); WOLFSSL_LOCAL int CalcHashId(const byte* data, word32 len, byte* hash); WOLFSSL_LOCAL int CalcHashId_ex(const byte* data, word32 len, byte* hash, int hashAlg); WOLFSSL_LOCAL int GetName(DecodedCert* cert, int nameType, int maxIdx); -WOLFSSL_ASN_API int wc_BerToDer(const byte* ber, word32 berSz, byte* der, +#ifdef ASN_BER_TO_DER +WOLFSSL_API int wc_BerToDer(const byte* ber, word32 berSz, byte* der, word32* derSz); +#endif WOLFSSL_LOCAL int StreamOctetString(const byte* inBuf, word32 inBufSz, byte* out, word32* outSz, word32* idx); @@ -2143,10 +2171,12 @@ WOLFSSL_ASN_API void FreeDecodedCert(DecodedCert* cert); WOLFSSL_ASN_API int ParseCert(DecodedCert* cert, int type, int verify, void* cm); -#if defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ASN_TEMPLATE) \ - && defined(HAVE_OID_DECODING) -WOLFSSL_ASN_API int wc_SetUnknownExtCallback(DecodedCert* cert, +#ifdef WC_ASN_UNKNOWN_EXT_CB +WOLFSSL_API int wc_SetUnknownExtCallback(DecodedCert* cert, wc_UnknownExtCallback cb); +WOLFSSL_API int wc_SetUnknownExtCallbackEx(DecodedCert* cert, + wc_UnknownExtCallbackEx cb, + void *ctx); #endif WOLFSSL_LOCAL int DecodePolicyOID(char *out, word32 outSz, const byte *in, @@ -2158,7 +2188,7 @@ WOLFSSL_LOCAL int CheckCertSignaturePubKey(const byte* cert, word32 certSz, #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_SMALL_CERT_VERIFY) WOLFSSL_API int wc_CheckCertSignature(const byte* cert, word32 certSz, void* heap, void* cm); - /* Depricated public API name kept for backwards build compatibility */ + /* Deprecated public API name kept for backwards build compatibility */ #define CheckCertSignature(cert, certSz, heap, cm) \ wc_CheckCertSignature(cert, certSz, heap, cm) @@ -2216,6 +2246,9 @@ WOLFSSL_LOCAL int ToTraditionalInline(const byte* input, word32* inOutIdx, word32 length); WOLFSSL_LOCAL int ToTraditionalInline_ex(const byte* input, word32* inOutIdx, word32 length, word32* algId); +WOLFSSL_LOCAL int ToTraditionalInline_ex2(const byte* input, word32* inOutIdx, + word32 length, word32* algId, + word32* eccOid); WOLFSSL_LOCAL int ToTraditionalEnc(byte* input, word32 sz, const char* password, int passwordSz, word32* algId); WOLFSSL_ASN_API int UnTraditionalEnc(byte* key, word32 keySz, byte* out, @@ -2233,8 +2266,7 @@ WOLFSSL_LOCAL int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz, int* algoID, void* heap); typedef struct tm wolfssl_tm; -#if defined(OPENSSL_ALL) || defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA) || \ - defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) +#ifdef WOLFSSL_ASN_TIME_STRING WOLFSSL_LOCAL int GetTimeString(byte* date, int format, char* buf, int len); #endif #if !defined(NO_ASN_TIME) && !defined(USER_TIME) && \ @@ -2260,10 +2292,12 @@ WOLFSSL_LOCAL int SetShortInt(byte* input, word32* inOutIdx, word32 number, word32 maxIdx); WOLFSSL_LOCAL const char* GetSigName(int oid); -WOLFSSL_LOCAL int GetLength(const byte* input, word32* inOutIdx, int* len, - word32 maxIdx); +WOLFSSL_ASN_API int GetLength(const byte* input, word32* inOutIdx, int* len, + word32 maxIdx); WOLFSSL_LOCAL int GetLength_ex(const byte* input, word32* inOutIdx, int* len, word32 maxIdx, int check); +WOLFSSL_LOCAL int GetASNHeader(const byte* input, byte tag, word32* inOutIdx, + int* len, word32 maxIdx); WOLFSSL_LOCAL int GetSequence(const byte* input, word32* inOutIdx, int* len, word32 maxIdx); WOLFSSL_LOCAL int GetSequence_ex(const byte* input, word32* inOutIdx, int* len, @@ -2301,8 +2335,11 @@ WOLFSSL_LOCAL int GetObjectId(const byte* input, word32* inOutIdx, word32* oid, word32 oidType, word32 maxIdx); WOLFSSL_LOCAL int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid, word32 oidType, word32 maxIdx); -WOLFSSL_LOCAL int GetASNTag(const byte* input, word32* idx, byte* tag, - word32 inputSz); +WOLFSSL_LOCAL int GetAlgoIdEx(const byte* input, word32* inOutIdx, word32* oid, + word32 oidType, word32 maxIdx, byte *absentParams); +WOLFSSL_ASN_API int GetASNTag(const byte* input, word32* idx, byte* tag, + word32 inputSz); +WOLFSSL_LOCAL int GetASN_BitString(const byte* input, word32 idx, int length); WOLFSSL_LOCAL word32 SetASNLength(word32 length, byte* output); WOLFSSL_LOCAL word32 SetASNSequence(word32 len, byte* output); @@ -2314,6 +2351,8 @@ WOLFSSL_LOCAL word32 SetASNSet(word32 len, byte* output); WOLFSSL_LOCAL word32 SetLength(word32 length, byte* output); WOLFSSL_LOCAL word32 SetLengthEx(word32 length, byte* output, byte isIndef); +WOLFSSL_LOCAL word32 SetHeader(byte tag, word32 len, byte* output, + byte isIndef); WOLFSSL_LOCAL word32 SetSequence(word32 len, byte* output); WOLFSSL_LOCAL word32 SetSequenceEx(word32 len, byte* output, byte isIndef); WOLFSSL_LOCAL word32 SetIndefEnd(byte* output); @@ -2327,6 +2366,8 @@ WOLFSSL_LOCAL word32 SetExplicit(byte number, word32 len, byte* output, byte isIndef); WOLFSSL_LOCAL word32 SetSet(word32 len, byte* output); WOLFSSL_API word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz); +WOLFSSL_LOCAL word32 SetAlgoIDEx(int algoOID, byte* output, int type, int curveSz, + byte absentParams); WOLFSSL_LOCAL int SetMyVersion(word32 version, byte* output, int header); WOLFSSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output, word32 outputSz, int maxSnSz); @@ -2342,9 +2383,11 @@ WOLFSSL_LOCAL int GetNameHash(const byte* source, word32* idx, byte* hash, WOLFSSL_LOCAL int GetNameHash_ex(const byte* source, word32* idx, byte* hash, int maxIdx, word32 sigOID); WOLFSSL_LOCAL int wc_CheckPrivateKeyCert(const byte* key, word32 keySz, - DecodedCert* der, int checkAlt); + DecodedCert* der, int checkAlt, + void* heap); WOLFSSL_LOCAL int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz, - const byte* pubKey, word32 pubKeySz, enum Key_Sum ks); + const byte* pubKey, word32 pubKeySz, + enum Key_Sum ks, void* heap); WOLFSSL_LOCAL int StoreDHparams(byte* out, word32* outLen, mp_int* p, mp_int* g); #ifdef WOLFSSL_DH_EXTRA WOLFSSL_API int wc_DhPublicKeyDecode(const byte* input, word32* inOutIdx, @@ -2401,13 +2444,12 @@ WOLFSSL_LOCAL int AllocCopyDer(DerBuffer** der, const unsigned char* buff, word32 length, int type, void* heap); WOLFSSL_LOCAL void FreeDer(DerBuffer** der); -#if (defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT)) || \ - (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)) +#ifdef WOLFSSL_ASN_PARSE_KEYUSAGE WOLFSSL_LOCAL int ParseKeyUsageStr(const char* value, word16* keyUsage, void* heap); WOLFSSL_LOCAL int ParseExtKeyUsageStr(const char* value, byte* extKeyUsage, void* heap); -#endif /* (CERT_GEN && CERT_EXT) || (OPENSSL_ALL || OPENSSL_EXTRA) */ +#endif #endif /* !NO_CERTS */ @@ -2433,6 +2475,9 @@ enum cert_enums { DILITHIUM_LEVEL2_KEY = 18, DILITHIUM_LEVEL3_KEY = 19, DILITHIUM_LEVEL5_KEY = 20, + ML_DSA_LEVEL2_KEY = 21, + ML_DSA_LEVEL3_KEY = 22, + ML_DSA_LEVEL5_KEY = 23, SPHINCS_FAST_LEVEL1_KEY = 24, SPHINCS_FAST_LEVEL3_KEY = 25, SPHINCS_FAST_LEVEL5_KEY = 26, @@ -2499,8 +2544,7 @@ struct CertStatus { byte nextDate[MAX_DATE_SIZE]; byte thisDateFormat; byte nextDateFormat; -#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \ - defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY) +#ifdef WOLFSSL_OCSP_PARSE_STATUS WOLFSSL_ASN1_TIME thisDateParsed; WOLFSSL_ASN1_TIME nextDateParsed; byte* thisDateAsn; @@ -2532,10 +2576,10 @@ struct OcspEntry byte* rawCertId; /* raw bytes of the CertID */ int rawCertIdSize; /* num bytes in raw CertID */ /* option bits - using 32-bit for alignment */ - word32 ownStatus:1; /* do we need to free the status + WC_BITFIELD ownStatus:1; /* do we need to free the status * response list */ - word32 isDynamic:1; /* was dynamically allocated */ - word32 used:1; /* entry used */ + WC_BITFIELD isDynamic:1; /* was dynamically allocated */ + WC_BITFIELD used:1; /* entry used */ }; /* TODO: Long-term, it would be helpful if we made this struct and other OCSP @@ -2585,10 +2629,6 @@ struct OcspRequest { int serialSz; #ifdef OPENSSL_EXTRA WOLFSSL_ASN1_INTEGER* serialInt; -#endif -#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \ - defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_APACHE_HTTPD) || \ - defined(HAVE_LIGHTY) void* cid; /* WOLFSSL_OCSP_CERTID kept to free */ #endif byte* url; /* copy of the extAuthInfo in source cert */ @@ -2677,9 +2717,55 @@ WOLFSSL_LOCAL int ParseCRL(RevokedCert* rcert, DecodedCRL* dcrl, const byte* buff, word32 sz, int verify, void* cm); WOLFSSL_LOCAL void FreeDecodedCRL(DecodedCRL* dcrl); - #endif /* HAVE_CRL */ +#if defined(WOLFSSL_ACERT) +/* Minimal structure for x509 attribute certificate (rfc 5755). + * + * The attributes field is not parsed, but is stored as raw buffer. + * */ +struct DecodedAcert { + word32 certBegin; /* Offset to start of acert. */ + word32 sigIndex; /* Offset to start of signature. */ + word32 sigLength; /* Signature length. */ + word32 signatureOID; /* Sum of algorithm object id. */ +#ifdef WC_RSA_PSS + word32 sigParamsIndex; /* start of signature parameters */ + word32 sigParamsLength; /* length of signature parameters */ +#endif + const byte * signature; /* Not owned, points into raw acert. */ + const byte * source; /* Byte buffer holding acert, NOT owned. */ + word32 srcIdx; /* Current offset into buffer. */ + word32 maxIdx; /* Max allowed offset. Set in init. */ + void * heap; /* For user memory overrides. */ + int version; /* attribute cert version. */ + byte serial[EXTERNAL_SERIAL_SIZE]; /* Raw serial number. */ + int serialSz; + const byte * beforeDate; /* Before and After dates. */ + int beforeDateLen; + const byte * afterDate; + int afterDateLen; + byte holderSerial[EXTERNAL_SERIAL_SIZE]; + int holderSerialSz; + DNS_entry * holderEntityName; /* Holder entityName from ACERT */ + DNS_entry * holderIssuerName; /* Holder issuerName from ACERT */ + DNS_entry * AttCertIssuerName; /* AttCertIssuer name from ACERT */ + const byte * rawAttr; /* Not owned, points into raw acert. */ + word32 rawAttrLen; + SignatureCtx sigCtx; +}; + +typedef struct DecodedAcert DecodedAcert; + +WOLFSSL_LOCAL void InitDecodedAcert(DecodedAcert* acert, + const byte* source, word32 inSz, + void* heap); +WOLFSSL_LOCAL void FreeDecodedAcert(DecodedAcert * acert); +WOLFSSL_LOCAL int ParseX509Acert(DecodedAcert* cert, int verify); +WOLFSSL_LOCAL int VerifyX509Acert(const byte* cert, word32 certSz, + const byte* pubKey, word32 pubKeySz, + int pubKeyOID, void * heap); +#endif /* WOLFSSL_ACERT */ #ifdef __cplusplus } /* extern "C" */ @@ -2739,7 +2825,9 @@ enum PBESTypes { PBES2 = 13, /* algo ID */ PBES1_MD5_DES = 3, - PBES1_SHA1_DES = 10 + PBES1_SHA1_DES = 10, + + PBE_NONE = 999 }; enum PKCSTypes { diff --git a/src/wolfssl/wolfcrypt/asn_public.h b/src/wolfssl/wolfcrypt/asn_public.h index f233004..b8bbce4 100644 --- a/src/wolfssl/wolfcrypt/asn_public.h +++ b/src/wolfssl/wolfcrypt/asn_public.h @@ -1,6 +1,6 @@ /* asn_public.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -148,6 +148,7 @@ enum CertType { CA_TYPE, ECC_PRIVATEKEY_TYPE, DSA_PRIVATEKEY_TYPE, + ACERT_TYPE, CERTREQ_TYPE, DSA_TYPE, ECC_TYPE, @@ -170,6 +171,9 @@ enum CertType { DILITHIUM_LEVEL2_TYPE, DILITHIUM_LEVEL3_TYPE, DILITHIUM_LEVEL5_TYPE, + ML_DSA_LEVEL2_TYPE, + ML_DSA_LEVEL3_TYPE, + ML_DSA_LEVEL5_TYPE, SPHINCS_FAST_LEVEL1_TYPE, SPHINCS_FAST_LEVEL3_TYPE, SPHINCS_FAST_LEVEL5_TYPE, @@ -177,7 +181,8 @@ enum CertType { SPHINCS_SMALL_LEVEL3_TYPE, SPHINCS_SMALL_LEVEL5_TYPE, ECC_PARAM_TYPE, - CHAIN_CERT_TYPE + CHAIN_CERT_TYPE, + PKCS7_TYPE }; @@ -221,6 +226,9 @@ enum Ctc_SigType { CTC_DILITHIUM_LEVEL2 = 218, CTC_DILITHIUM_LEVEL3 = 221, CTC_DILITHIUM_LEVEL5 = 225, + CTC_ML_DSA_LEVEL2 = 431, + CTC_ML_DSA_LEVEL3 = 432, + CTC_ML_DSA_LEVEL5 = 433, CTC_SPHINCS_FAST_LEVEL1 = 281, CTC_SPHINCS_FAST_LEVEL3 = 283, @@ -324,7 +332,7 @@ typedef struct EncryptedInfo { char name[NAME_SZ]; /* cipher name, such as "DES-CBC" */ byte iv[IV_SZ]; /* salt or encrypted IV */ - word16 set:1; /* if encryption set */ + WC_BITFIELD set:1; /* if encryption set */ #endif } EncryptedInfo; @@ -339,7 +347,7 @@ typedef struct WOLFSSL_ASN1_INTEGER { unsigned char* data; unsigned int dataMax; /* max size of data buffer */ - unsigned int isDynamic:1; /* flag for if data pointer dynamic (1 is yes 0 is no) */ + WC_BITFIELD isDynamic:1; /* flag for if data pointer dynamic (1 is yes 0 is no) */ int length; /* Length of DER encoding. */ int type; /* ASN.1 type. Includes negative flag. */ @@ -360,7 +368,6 @@ typedef struct WOLFSSL_ASN1_INTEGER { #endif #endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */ -#if defined(WOLFSSL_CERT_GEN) || defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) #ifdef WOLFSSL_MULTI_ATTRIB #ifndef CTC_MAX_ATTRIB #define CTC_MAX_ATTRIB 4 @@ -374,7 +381,6 @@ typedef struct NameAttrib { char value[CTC_NAME_SIZE]; /* name */ } NameAttrib; #endif /* WOLFSSL_MULTI_ATTRIB */ -#endif /* WOLFSSL_CERT_GEN || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ #ifdef WOLFSSL_CUSTOM_OID typedef struct CertOidField { @@ -543,13 +549,13 @@ typedef struct Cert { void* decodedCert; /* internal DecodedCert allocated from heap */ byte* der; /* Pointer to buffer of current DecodedCert cache */ void* heap; /* heap hint */ - byte basicConstSet:1; /* Indicator for when Basic Constraint is set */ + WC_BITFIELD basicConstSet:1; /* Indicator for when Basic Constraint is set */ #ifdef WOLFSSL_ALLOW_ENCODING_CA_FALSE - byte isCaSet:1; /* Indicator for when isCA is set */ + WC_BITFIELD isCaSet:1; /* Indicator for when isCA is set */ #endif - byte pathLenSet:1; /* Indicator for when path length is set */ + WC_BITFIELD pathLenSet:1; /* Indicator for when path length is set */ #ifdef WOLFSSL_ALT_NAMES - byte altNamesCrit:1; /* Indicator of criticality of SAN extension */ + WC_BITFIELD altNamesCrit:1; /* Indicator of criticality of SAN extension */ #endif } Cert; @@ -931,9 +937,9 @@ typedef struct _wc_CertPIV { word32 signedNonceSz; /* Identiv Only */ /* flags */ - word16 compression:2; - word16 isX509:1; - word16 isIdentiv:1; + WC_BITFIELD compression:2; + WC_BITFIELD isX509:1; + WC_BITFIELD isIdentiv:1; } wc_CertPIV; WOLFSSL_API int wc_ParseCertPIV(wc_CertPIV* cert, const byte* buf, word32 totalSz); @@ -963,6 +969,19 @@ WOLFSSL_API int wc_GeneratePreTBS(struct DecodedCert* cert, byte *der, int derSz); #endif +#if defined(WOLFSSL_ACERT) +/* Forward declaration needed, as DecodedAcert is defined in asn.h.*/ +struct DecodedAcert; +WOLFSSL_API void wc_InitDecodedAcert(struct DecodedAcert* acert, + const byte* source, word32 inSz, + void* heap); +WOLFSSL_API void wc_FreeDecodedAcert(struct DecodedAcert * acert); +WOLFSSL_API int wc_ParseX509Acert(struct DecodedAcert* acert, int verify); +WOLFSSL_API int wc_VerifyX509Acert(const byte* acert, word32 acertSz, + const byte* pubKey, word32 pubKeySz, + int pubKeyOID, void * heap); +#endif /* WOLFSSL_ACERT */ + #if !defined(XFPRINTF) || defined(NO_FILESYSTEM) || \ defined(NO_STDIO_FILESYSTEM) && defined(WOLFSSL_ASN_PRINT) #undef WOLFSSL_ASN_PRINT @@ -988,7 +1007,7 @@ enum Asn1PrintOpt { /* Don't show text representations of primitive types. */ ASN1_PRINT_OPT_SHOW_NO_TEXT, /* Don't show dump text representations of primitive types. */ - ASN1_PRINT_OPT_SHOW_NO_DUMP_TEXT, + ASN1_PRINT_OPT_SHOW_NO_DUMP_TEXT }; /* ASN.1 print options. */ @@ -1000,17 +1019,17 @@ typedef struct Asn1PrintOptions { /* Number of spaces to indent for each change in depth. */ word8 indent; /* Draw branches instead of indenting. */ - word8 draw_branch:1; + WC_BITFIELD draw_branch:1; /* Show raw data of primitive types as octets. */ - word8 show_data:1; + WC_BITFIELD show_data:1; /* Show header data as octets. */ - word8 show_header_data:1; + WC_BITFIELD show_header_data:1; /* Show the wolfSSL OID value for OBJECT_ID. */ - word8 show_oid:1; + WC_BITFIELD show_oid:1; /* Don't show text representations of primitive types. */ - word8 show_no_text:1; + WC_BITFIELD show_no_text:1; /* Don't show dump text representations of primitive types. */ - word8 show_no_dump_text:1; + WC_BITFIELD show_no_dump_text:1; } Asn1PrintOptions; /* ASN.1 item data. */ diff --git a/src/wolfssl/wolfcrypt/blake2-impl.h b/src/wolfssl/wolfcrypt/blake2-impl.h index 2cdbf40..1a0db32 100644 --- a/src/wolfssl/wolfcrypt/blake2-impl.h +++ b/src/wolfssl/wolfcrypt/blake2-impl.h @@ -12,7 +12,7 @@ */ /* blake2-impl.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/blake2-int.h b/src/wolfssl/wolfcrypt/blake2-int.h index 0ad625e..b048ca5 100644 --- a/src/wolfssl/wolfcrypt/blake2-int.h +++ b/src/wolfssl/wolfcrypt/blake2-int.h @@ -12,7 +12,7 @@ */ /* blake2-int.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/blake2.h b/src/wolfssl/wolfcrypt/blake2.h index 1c62e64..1f4ac77 100644 --- a/src/wolfssl/wolfcrypt/blake2.h +++ b/src/wolfssl/wolfcrypt/blake2.h @@ -1,6 +1,6 @@ /* blake2.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/camellia.h b/src/wolfssl/wolfcrypt/camellia.h index 9283123..bdba23b 100644 --- a/src/wolfssl/wolfcrypt/camellia.h +++ b/src/wolfssl/wolfcrypt/camellia.h @@ -27,7 +27,7 @@ /* camellia.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/chacha.h b/src/wolfssl/wolfcrypt/chacha.h index 6c9577b..1c6ae17 100644 --- a/src/wolfssl/wolfcrypt/chacha.h +++ b/src/wolfssl/wolfcrypt/chacha.h @@ -1,6 +1,6 @@ /* chacha.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -82,7 +82,8 @@ typedef struct ChaCha { byte extra[12]; #endif word32 left; /* number of bytes leftover */ -#if defined(USE_INTEL_CHACHA_SPEEDUP) || defined(WOLFSSL_ARMASM) +#if defined(USE_INTEL_CHACHA_SPEEDUP) || defined(WOLFSSL_ARMASM) || \ + defined(WOLFSSL_RISCV_ASM) word32 over[CHACHA_CHUNK_WORDS]; #endif } ChaCha; @@ -96,16 +97,32 @@ WOLFSSL_API int wc_Chacha_SetIV(ChaCha* ctx, const byte* inIv, word32 counter); WOLFSSL_API int wc_Chacha_Process(ChaCha* ctx, byte* cipher, const byte* plain, word32 msglen); -WOLFSSL_LOCAL void wc_Chacha_purge_current_block(ChaCha* ctx); - WOLFSSL_API int wc_Chacha_SetKey(ChaCha* ctx, const byte* key, word32 keySz); #ifdef HAVE_XCHACHA +WOLFSSL_LOCAL void wc_Chacha_purge_current_block(ChaCha* ctx); + WOLFSSL_API int wc_XChacha_SetKey(ChaCha *ctx, const byte *key, word32 keySz, const byte *nonce, word32 nonceSz, word32 counter); #endif +#if defined(WOLFSSL_ARMASM) + +#ifndef __aarch64__ +void wc_chacha_setiv(word32* x, const byte* iv, word32 counter); +void wc_chacha_setkey(word32* x, const byte* key, word32 keySz); +#endif + +#if defined(WOLFSSL_ARMASM_NO_NEON) || defined(WOLFSSL_ARMASM_THUMB2) +void wc_chacha_use_over(byte* over, byte* output, const byte* input, + word32 len); +void wc_chacha_crypt_bytes(ChaCha* ctx, byte* c, const byte* m, word32 len); +#endif + +#endif + + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/src/wolfssl/wolfcrypt/chacha20_poly1305.h b/src/wolfssl/wolfcrypt/chacha20_poly1305.h index 6c04912..ffa4031 100644 --- a/src/wolfssl/wolfcrypt/chacha20_poly1305.h +++ b/src/wolfssl/wolfcrypt/chacha20_poly1305.h @@ -1,6 +1,6 @@ /* chacha20_poly1305.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -72,7 +72,7 @@ typedef struct ChaChaPoly_Aead { word32 dataLen; byte state; - byte isEncrypt:1; + WC_BITFIELD isEncrypt:1; } ChaChaPoly_Aead; diff --git a/src/wolfssl/wolfcrypt/cmac.h b/src/wolfssl/wolfcrypt/cmac.h index a92e832..a1c05f9 100644 --- a/src/wolfssl/wolfcrypt/cmac.h +++ b/src/wolfssl/wolfcrypt/cmac.h @@ -1,6 +1,6 @@ /* cmac.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -24,9 +24,12 @@ #define WOLF_CRYPT_CMAC_H #include -#include -#if !defined(NO_AES) && defined(WOLFSSL_CMAC) +#ifdef WOLFSSL_CMAC + +#ifndef NO_AES +#include +#endif #if defined(HAVE_FIPS) && \ defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) @@ -40,16 +43,22 @@ /* avoid redefinition of structs */ #if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(2,0,0) +typedef enum CmacType { + WC_CMAC_AES = 1 +} CmacType; + #ifndef WC_CMAC_TYPE_DEFINED typedef struct Cmac Cmac; #define WC_CMAC_TYPE_DEFINED #endif struct Cmac { +#ifndef NO_AES Aes aes; byte buffer[AES_BLOCK_SIZE]; /* partially stored block */ byte digest[AES_BLOCK_SIZE]; /* running digest */ byte k1[AES_BLOCK_SIZE]; byte k2[AES_BLOCK_SIZE]; +#endif word32 bufferSz; word32 totalSz; #ifdef WOLF_CRYPTO_CB @@ -70,16 +79,20 @@ struct Cmac { #ifdef WOLFSSL_SE050 byte useSWCrypt; /* Use SW crypt instead of SE050, before SCP03 auth */ #endif + CmacType type; }; -typedef enum CmacType { - WC_CMAC_AES = 1 -} CmacType; +#ifndef NO_AES #define WC_CMAC_TAG_MAX_SZ AES_BLOCK_SIZE #define WC_CMAC_TAG_MIN_SZ (AES_BLOCK_SIZE/4) +#else +/* Reasonable defaults */ +#define WC_CMAC_TAG_MAX_SZ 16 +#define WC_CMAC_TAG_MIN_SZ 4 +#endif #if FIPS_VERSION3_GE(6,0,0) extern const unsigned int wolfCrypt_FIPS_cmac_ro_sanity[2]; @@ -111,6 +124,7 @@ int wc_CmacFinal(Cmac* cmac, WOLFSSL_API int wc_CmacFree(Cmac* cmac); +#ifndef NO_AES WOLFSSL_API int wc_AesCmacGenerate(byte* out, word32* outSz, const byte* in, word32 inSz, @@ -134,10 +148,11 @@ int wc_AesCmacVerify_ex(Cmac* cmac, const byte* key, word32 keySz, void* heap, int devId); - WOLFSSL_LOCAL void ShiftAndXorRb(byte* out, byte* in); +#endif /* !NO_AES */ + #ifdef WOLFSSL_HASH_KEEP WOLFSSL_API int wc_CMAC_Grow(Cmac* cmac, const byte* in, int inSz); @@ -148,6 +163,6 @@ int wc_CMAC_Grow(Cmac* cmac, const byte* in, int inSz); #endif -#endif /* NO_AES && WOLFSSL_CMAC */ +#endif /* WOLFSSL_CMAC */ #endif /* WOLF_CRYPT_CMAC_H */ diff --git a/src/wolfssl/wolfcrypt/coding.h b/src/wolfssl/wolfcrypt/coding.h index e0aecc6..5aef5b1 100644 --- a/src/wolfssl/wolfcrypt/coding.h +++ b/src/wolfssl/wolfcrypt/coding.h @@ -1,6 +1,6 @@ /* coding.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/compress.h b/src/wolfssl/wolfcrypt/compress.h index a4efc78..2886b2b 100644 --- a/src/wolfssl/wolfcrypt/compress.h +++ b/src/wolfssl/wolfcrypt/compress.h @@ -1,6 +1,6 @@ /* compress.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/cpuid.h b/src/wolfssl/wolfcrypt/cpuid.h index 9d25dcf..c91b628 100644 --- a/src/wolfssl/wolfcrypt/cpuid.h +++ b/src/wolfssl/wolfcrypt/cpuid.h @@ -1,6 +1,6 @@ /* cpuid.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/cryptocb.h b/src/wolfssl/wolfcrypt/cryptocb.h index 29580ea..4ec42ec 100644 --- a/src/wolfssl/wolfcrypt/cryptocb.h +++ b/src/wolfssl/wolfcrypt/cryptocb.h @@ -1,6 +1,6 @@ /* cryptocb.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -75,7 +75,7 @@ #include #ifdef WOLFSSL_WC_KYBER #include -#elif defined(HAVE_LIBOQS) || defined(HAVE_PQM4) +#elif defined(HAVE_LIBOQS) #include #endif #endif @@ -118,6 +118,9 @@ typedef struct wc_CryptoInfo { int type; RsaKey* key; WC_RNG* rng; + #ifdef WOLF_CRYPTO_CB_RSA_PAD + RsaPadding *padding; + #endif } rsa; #ifdef WOLFSSL_KEY_GEN struct { @@ -481,6 +484,11 @@ WOLFSSL_API void wc_CryptoCb_InfoString(wc_CryptoInfo* info); WOLFSSL_LOCAL int wc_CryptoCb_Rsa(const byte* in, word32 inLen, byte* out, word32* outLen, int type, RsaKey* key, WC_RNG* rng); +#ifdef WOLF_CRYPTO_CB_RSA_PAD +WOLFSSL_LOCAL int wc_CryptoCb_RsaPad(const byte* in, word32 inLen, byte* out, + word32* outLen, int type, RsaKey* key, WC_RNG* rng, RsaPadding *padding); +#endif + #ifdef WOLFSSL_KEY_GEN WOLFSSL_LOCAL int wc_CryptoCb_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng); diff --git a/src/wolfssl/wolfcrypt/curve25519.h b/src/wolfssl/wolfcrypt/curve25519.h index 3b25a9d..4d18c56 100644 --- a/src/wolfssl/wolfcrypt/curve25519.h +++ b/src/wolfssl/wolfcrypt/curve25519.h @@ -1,6 +1,6 @@ /* curve25519.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -90,15 +90,15 @@ struct curve25519_key { void* devCtx; int devId; #endif - + void *heap; #ifdef WOLFSSL_SE050 word32 keyId; byte keyIdSet; #endif /* bit fields */ - byte pubSet:1; - byte privSet:1; + WC_BITFIELD pubSet:1; + WC_BITFIELD privSet:1; }; enum { @@ -139,6 +139,13 @@ int wc_curve25519_init_ex(curve25519_key* key, void* heap, int devId); WOLFSSL_API void wc_curve25519_free(curve25519_key* key); +#ifndef WC_NO_CONSTRUCTORS +WOLFSSL_API +curve25519_key* wc_curve25519_new(void* heap, int devId, int *result_code); +WOLFSSL_API +int wc_curve25519_delete(curve25519_key* key, curve25519_key** key_p); +#endif +WOLFSSL_API /* raw key helpers */ WOLFSSL_API diff --git a/src/wolfssl/wolfcrypt/curve448.h b/src/wolfssl/wolfcrypt/curve448.h index aa00e10..b722727 100644 --- a/src/wolfssl/wolfcrypt/curve448.h +++ b/src/wolfssl/wolfcrypt/curve448.h @@ -1,6 +1,6 @@ /* curve448.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -58,8 +58,8 @@ struct curve448_key { #endif /* bit fields */ - byte pubSet:1; - byte privSet:1; + WC_BITFIELD pubSet:1; + WC_BITFIELD privSet:1; }; enum { diff --git a/src/wolfssl/wolfcrypt/des3.h b/src/wolfssl/wolfcrypt/des3.h index d5b1232..78a5164 100644 --- a/src/wolfssl/wolfcrypt/des3.h +++ b/src/wolfssl/wolfcrypt/des3.h @@ -1,6 +1,6 @@ /* des3.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -134,9 +134,16 @@ WOLFSSL_API int wc_Des_EcbEncrypt(Des* des, byte* out, WOLFSSL_API int wc_Des3_EcbEncrypt(Des3* des, byte* out, const byte* in, word32 sz); +#ifdef FREESCALE_MMCAU /* Has separate encrypt/decrypt functions */ +WOLFSSL_API int wc_Des_EcbDecrypt(Des* des, byte* out, + const byte* in, word32 sz); +WOLFSSL_API int wc_Des3_EcbDecrypt(Des3* des, byte* out, + const byte* in, word32 sz); +#else /* ECB decrypt same process as encrypt but with decrypt key */ #define wc_Des_EcbDecrypt wc_Des_EcbEncrypt #define wc_Des3_EcbDecrypt wc_Des3_EcbEncrypt +#endif WOLFSSL_API int wc_Des3_SetKey(Des3* des, const byte* key, const byte* iv,int dir); diff --git a/src/wolfssl/wolfcrypt/dh.h b/src/wolfssl/wolfcrypt/dh.h index 93e8475..865baa3 100644 --- a/src/wolfssl/wolfcrypt/dh.h +++ b/src/wolfssl/wolfcrypt/dh.h @@ -1,6 +1,6 @@ /* dh.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -151,6 +151,9 @@ WOLFSSL_API int wc_DhGenerateKeyPair(DhKey* key, WC_RNG* rng, byte* priv, WOLFSSL_API int wc_DhAgree(DhKey* key, byte* agree, word32* agreeSz, const byte* priv, word32 privSz, const byte* otherPub, word32 pubSz); +WOLFSSL_API int wc_DhAgree_ct(DhKey* key, byte* agree, word32* agreeSz, + const byte* priv, word32 privSz, const byte* otherPub, + word32 pubSz); WOLFSSL_API int wc_DhKeyDecode(const byte* input, word32* inOutIdx, DhKey* key, word32 inSz); /* wc_DhKeyDecode is in asn.c */ diff --git a/src/wolfssl/wolfcrypt/dilithium.h b/src/wolfssl/wolfcrypt/dilithium.h index 8b336cf..6e9cfb6 100644 --- a/src/wolfssl/wolfcrypt/dilithium.h +++ b/src/wolfssl/wolfcrypt/dilithium.h @@ -1,6 +1,6 @@ /* dilithium.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -128,6 +128,26 @@ (DILITHIUM_LEVEL5_PUB_KEY_SIZE + DILITHIUM_LEVEL5_KEY_SIZE) +#define ML_DSA_LEVEL2_KEY_SIZE 2560 +#define ML_DSA_LEVEL2_SIG_SIZE 2420 +#define ML_DSA_LEVEL2_PUB_KEY_SIZE 1312 +#define ML_DSA_LEVEL2_PRV_KEY_SIZE \ + (ML_DSA_LEVEL2_PUB_KEY_SIZE + ML_DSA_LEVEL2_KEY_SIZE) + +#define ML_DSA_LEVEL3_KEY_SIZE 4032 +#define ML_DSA_LEVEL3_SIG_SIZE 3309 +#define ML_DSA_LEVEL3_PUB_KEY_SIZE 1952 +#define ML_DSA_LEVEL3_PRV_KEY_SIZE \ + (ML_DSA_LEVEL3_PUB_KEY_SIZE + ML_DSA_LEVEL3_KEY_SIZE) + +#define ML_DSA_LEVEL5_KEY_SIZE 4896 +#define ML_DSA_LEVEL5_SIG_SIZE 4627 +#define ML_DSA_LEVEL5_PUB_KEY_SIZE 2592 +#define ML_DSA_LEVEL5_PRV_KEY_SIZE \ + (ML_DSA_LEVEL5_PUB_KEY_SIZE + ML_DSA_LEVEL5_KEY_SIZE) + + + /* Modulus. */ #define DILITHIUM_Q 0x7fe001 /* Number of bits in modulus. */ @@ -197,8 +217,8 @@ #define PARAMS_ML_DSA_44_ETA DILITHIUM_ETA_2 /* Number of bits in private key for ML-DSA-44. */ #define PARAMS_ML_DSA_44_ETA_BITS DILITHIUM_ETA_2_BITS -/* Collision strength of c-tilde, LAMBDA, in bytes for ML-DSA-44. */ -#define PARAMS_ML_DSA_44_LAMBDA 16 +/* Collision strength of c-tilde, LAMBDA, in bits for ML-DSA-44. */ +#define PARAMS_ML_DSA_44_LAMBDA 128 /* # +/-1's in polynomial c, TAU, for ML-DSA-44. */ #define PARAMS_ML_DSA_44_TAU 39 /* BETA = TAU * ETA for ML-DSA-44. */ @@ -242,7 +262,7 @@ (DILITHIUM_PUB_SEED_SZ + PARAMS_ML_DSA_44_K * DILITHIUM_N * DILITHIUM_U / 8) /* Encoding size of signature in bytes for ML-DSA-44. */ #define PARAMS_ML_DSA_44_SIG_SIZE \ - ((PARAMS_ML_DSA_44_LAMBDA * 2) + \ + ((PARAMS_ML_DSA_44_LAMBDA / 4) + \ PARAMS_ML_DSA_44_L * DILITHIUM_N/8 * (PARAMS_ML_DSA_44_GAMMA1_BITS + 1) + \ PARAMS_ML_DSA_44_OMEGA + PARAMS_ML_DSA_44_K) @@ -258,8 +278,8 @@ #define PARAMS_ML_DSA_65_ETA DILITHIUM_ETA_4 /* Number of bits in private key for ML-DSA-65. */ #define PARAMS_ML_DSA_65_ETA_BITS DILITHIUM_ETA_4_BITS -/* Collision strength of c-tilde, LAMBDA, in bytes for ML-DSA-65. */ -#define PARAMS_ML_DSA_65_LAMBDA 24 +/* Collision strength of c-tilde, LAMBDA, in bits for ML-DSA-65. */ +#define PARAMS_ML_DSA_65_LAMBDA 192 /* # +/-1's in polynomial c, TAU, for ML-DSA-65. */ #define PARAMS_ML_DSA_65_TAU 49 /* BETA = TAU * ETA for ML-DSA-65. */ @@ -303,7 +323,7 @@ (DILITHIUM_PUB_SEED_SZ + PARAMS_ML_DSA_65_K * DILITHIUM_N * DILITHIUM_U / 8) /* Encoding size of signature in bytes for ML-DSA-65. */ #define PARAMS_ML_DSA_65_SIG_SIZE \ - ((PARAMS_ML_DSA_65_LAMBDA * 2) + \ + ((PARAMS_ML_DSA_65_LAMBDA / 4) + \ PARAMS_ML_DSA_65_L * DILITHIUM_N/8 * (PARAMS_ML_DSA_65_GAMMA1_BITS + 1) + \ PARAMS_ML_DSA_65_OMEGA + PARAMS_ML_DSA_65_K) @@ -319,8 +339,8 @@ #define PARAMS_ML_DSA_87_ETA DILITHIUM_ETA_2 /* Number of bits in private key for ML-DSA-87. */ #define PARAMS_ML_DSA_87_ETA_BITS DILITHIUM_ETA_2_BITS -/* Collision strength of c-tilde, LAMBDA, in bytes for ML-DSA-87. */ -#define PARAMS_ML_DSA_87_LAMBDA 32 +/* Collision strength of c-tilde, LAMBDA, in bits for ML-DSA-87. */ +#define PARAMS_ML_DSA_87_LAMBDA 256 /* # +/-1's in polynomial c, TAU, for ML-DSA-87. */ #define PARAMS_ML_DSA_87_TAU 60 /* BETA = TAU * ETA for ML-DSA-87. */ @@ -365,7 +385,7 @@ (DILITHIUM_PUB_SEED_SZ + PARAMS_ML_DSA_87_K * DILITHIUM_N * DILITHIUM_U / 8) /* Encoding size of signature in bytes for ML-DSA-87. */ #define PARAMS_ML_DSA_87_SIG_SIZE \ - ((PARAMS_ML_DSA_87_LAMBDA * 2) + \ + ((PARAMS_ML_DSA_87_LAMBDA / 4) + \ PARAMS_ML_DSA_87_L * DILITHIUM_N/8 * (PARAMS_ML_DSA_87_GAMMA1_BITS + 1) + \ PARAMS_ML_DSA_87_OMEGA + PARAMS_ML_DSA_87_K) @@ -384,6 +404,9 @@ /* Maximum count of elements of a vector with dimension L. */ #define DILITHIUM_MAX_L_VECTOR_COUNT \ (PARAMS_ML_DSA_87_L * DILITHIUM_N) +/* Maximum count of elements of a matrix with dimension KxL. */ +#define DILITHIUM_MAX_MATRIX_COUNT \ + (PARAMS_ML_DSA_87_K * PARAMS_ML_DSA_87_L * DILITHIUM_N) #elif !defined(WOLFSSL_NO_ML_DSA_65) @@ -398,6 +421,9 @@ /* Maximum count of elements of a vector with dimension L. */ #define DILITHIUM_MAX_L_VECTOR_COUNT \ (PARAMS_ML_DSA_65_L * DILITHIUM_N) +/* Maximum count of elements of a matrix with dimension KxL. */ +#define DILITHIUM_MAX_MATRIX_COUNT \ + (PARAMS_ML_DSA_65_K * PARAMS_ML_DSA_65_L * DILITHIUM_N) #else @@ -412,6 +438,9 @@ /* Maximum count of elements of a vector with dimension L. */ #define DILITHIUM_MAX_L_VECTOR_COUNT \ (PARAMS_ML_DSA_44_L * DILITHIUM_N) +/* Maximum count of elements of a matrix with dimension KxL. */ +#define DILITHIUM_MAX_MATRIX_COUNT \ + (PARAMS_ML_DSA_44_K * PARAMS_ML_DSA_44_L * DILITHIUM_N) #endif @@ -487,6 +516,25 @@ #define DILITHIUM_LEVEL5_PRV_KEY_SIZE \ (DILITHIUM_LEVEL5_PUB_KEY_SIZE+DILITHIUM_LEVEL5_KEY_SIZE) + +#define ML_DSA_LEVEL2_KEY_SIZE OQS_SIG_ml_dsa_44_ipd_length_secret_key +#define ML_DSA_LEVEL2_SIG_SIZE OQS_SIG_ml_dsa_44_ipd_length_signature +#define ML_DSA_LEVEL2_PUB_KEY_SIZE OQS_SIG_ml_dsa_44_ipd_length_public_key +#define ML_DSA_LEVEL2_PRV_KEY_SIZE \ + (ML_DSA_LEVEL2_PUB_KEY_SIZE+ML_DSA_LEVEL2_KEY_SIZE) + +#define ML_DSA_LEVEL3_KEY_SIZE OQS_SIG_ml_dsa_65_ipd_length_secret_key +#define ML_DSA_LEVEL3_SIG_SIZE OQS_SIG_ml_dsa_65_ipd_length_signature +#define ML_DSA_LEVEL3_PUB_KEY_SIZE OQS_SIG_ml_dsa_65_ipd_length_public_key +#define ML_DSA_LEVEL3_PRV_KEY_SIZE \ + (ML_DSA_LEVEL3_PUB_KEY_SIZE+ML_DSA_LEVEL3_KEY_SIZE) + +#define ML_DSA_LEVEL5_KEY_SIZE OQS_SIG_ml_dsa_87_ipd_length_secret_key +#define ML_DSA_LEVEL5_SIG_SIZE OQS_SIG_ml_dsa_87_ipd_length_signature +#define ML_DSA_LEVEL5_PUB_KEY_SIZE OQS_SIG_ml_dsa_87_ipd_length_public_key +#define ML_DSA_LEVEL5_PRV_KEY_SIZE \ + (ML_DSA_LEVEL5_PUB_KEY_SIZE+ML_DSA_LEVEL5_KEY_SIZE) + #endif #define DILITHIUM_MAX_KEY_SIZE DILITHIUM_LEVEL5_KEY_SIZE @@ -511,7 +559,7 @@ typedef struct wc_dilithium_params { byte tau; byte beta; byte omega; - byte lambda; + word16 lambda; byte gamma1_bits; word32 gamma2; word32 w1EncSz; @@ -531,6 +579,8 @@ struct dilithium_key { byte prvKeySet; byte level; /* 2,3 or 5 */ + void* heap; /* heap hint */ + #ifdef WOLF_CRYPTO_CB void* devCtx; int devId; @@ -553,6 +603,7 @@ struct dilithium_key { #ifdef WOLFSSL_WC_DILITHIUM const wc_dilithium_params* params; wc_Shake shake; +#ifndef WC_DILITHIUM_FIXED_ARRAY #ifdef WC_DILITHIUM_CACHE_MATRIX_A sword32* a; byte aSet; @@ -567,6 +618,22 @@ struct dilithium_key { sword32* t1; byte pubVecSet; #endif +#else +#ifdef WC_DILITHIUM_CACHE_MATRIX_A + sword32 a[DILITHIUM_MAX_MATRIX_COUNT]; + byte aSet; +#endif +#ifdef WC_DILITHIUM_CACHE_PRIV_VECTORS + sword32 s1[DILITHIUM_MAX_L_VECTOR_COUNT]; + sword32 s2[DILITHIUM_MAX_K_VECTOR_COUNT]; + sword32 t0[DILITHIUM_MAX_K_VECTOR_COUNT]; + byte privVecsSet; +#endif +#ifdef WC_DILITHIUM_CACHE_PUB_VECTORS + sword32 t1[DILITHIUM_MAX_K_VECTOR_COUNT]; + byte pubVecSet; +#endif +#endif #if defined(WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC) && \ defined(WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM) sword32 z[DILITHIUM_MAX_L_VECTOR_COUNT]; @@ -574,6 +641,9 @@ struct dilithium_key { sword32 w[DILITHIUM_N]; sword32 t1[DILITHIUM_N]; byte w1e[DILITHIUM_MAX_W1_ENC_SZ]; +#ifdef WOLFSSL_DILITHIUM_SMALL_MEM_POLY64 + sword64 t64[DILITHIUM_N]; +#endif byte h[DILITHIUM_REJ_NTT_POLY_H_SIZE]; byte block[DILITHIUM_GEN_C_BLOCK_BYTES]; #endif /* WOLFSSL_DILITHIUM_VERIFY_NO_MALLOC && @@ -595,15 +665,38 @@ WOLFSSL_API int wc_dilithium_make_key_from_seed(dilithium_key* key, const byte* seed); WOLFSSL_API -int wc_dilithium_sign_msg(const byte* in, word32 inLen, byte* out, - word32 *outLen, dilithium_key* key, WC_RNG* rng); +int wc_dilithium_sign_msg(const byte* msg, word32 msgLen, byte* sig, + word32* sigLen, dilithium_key* key, WC_RNG* rng); +WOLFSSL_API +int wc_dilithium_sign_ctx_msg(const byte* ctx, byte ctxLen, const byte* msg, + word32 msgLen, byte* sig, word32* sigLen, dilithium_key* key, WC_RNG* rng); +WOLFSSL_API +int wc_dilithium_sign_ctx_hash(const byte* ctx, byte ctxLen, int hashAlg, + const byte* hash, word32 hashLen, byte* sig, word32* sigLen, + dilithium_key* key, WC_RNG* rng); WOLFSSL_API -int wc_dilithium_sign_msg_with_seed(const byte* in, word32 inLen, byte* out, - word32 *outLen, dilithium_key* key, byte* seed); +int wc_dilithium_sign_msg_with_seed(const byte* msg, word32 msgLen, byte* sig, + word32 *sigLen, dilithium_key* key, const byte* seed); +WOLFSSL_API +int wc_dilithium_sign_ctx_msg_with_seed(const byte* ctx, byte ctxLen, + const byte* msg, word32 msgLen, byte* sig, word32 *sigLen, + dilithium_key* key, const byte* seed); +WOLFSSL_API +int wc_dilithium_sign_ctx_hash_with_seed(const byte* ctx, byte ctxLen, + int hashAlg, const byte* hash, word32 hashLen, byte* sig, word32 *sigLen, + dilithium_key* key, const byte* seed); #endif WOLFSSL_API int wc_dilithium_verify_msg(const byte* sig, word32 sigLen, const byte* msg, word32 msgLen, int* res, dilithium_key* key); +WOLFSSL_API +int wc_dilithium_verify_ctx_msg(const byte* sig, word32 sigLen, const byte* ctx, + word32 ctxLen, const byte* msg, word32 msgLen, int* res, + dilithium_key* key); +WOLFSSL_API +int wc_dilithium_verify_ctx_hash(const byte* sig, word32 sigLen, + const byte* ctx, word32 ctxLen, int hashAlg, const byte* hash, + word32 hashLen, int* res, dilithium_key* key); WOLFSSL_API int wc_dilithium_init(dilithium_key* key); @@ -672,6 +765,7 @@ int wc_dilithium_export_public(dilithium_key* key, byte* out, word32* outLen); #ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY WOLFSSL_API int wc_dilithium_export_private(dilithium_key* key, byte* out, word32* outLen); +#define wc_dilithium_export_private_only wc_dilithium_export_private #endif #ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY WOLFSSL_API @@ -684,11 +778,13 @@ int wc_dilithium_export_key(dilithium_key* key, byte* priv, word32 *privSz, WOLFSSL_API int wc_Dilithium_PrivateKeyDecode(const byte* input, word32* inOutIdx, dilithium_key* key, word32 inSz); #endif +#endif /* WOLFSSL_DILITHIUM_NO_ASN1 */ #ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY WOLFSSL_API int wc_Dilithium_PublicKeyDecode(const byte* input, word32* inOutIdx, dilithium_key* key, word32 inSz); #endif +#ifndef WOLFSSL_DILITHIUM_NO_ASN1 #ifdef WC_ENABLE_ASYM_KEY_EXPORT WOLFSSL_API int wc_Dilithium_PublicKeyToDer(dilithium_key* key, byte* output, word32 inLen, int withAlg); @@ -704,10 +800,14 @@ WOLFSSL_API int wc_Dilithium_PrivateKeyToDer(dilithium_key* key, byte* output, #endif /* WOLFSSL_DILITHIUM_NO_ASN1 */ +#define WC_ML_DSA_DRAFT 10 #define WC_ML_DSA_44 2 #define WC_ML_DSA_65 3 #define WC_ML_DSA_87 5 +#define WC_ML_DSA_44_DRAFT (2 + WC_ML_DSA_DRAFT) +#define WC_ML_DSA_65_DRAFT (3 + WC_ML_DSA_DRAFT) +#define WC_ML_DSA_87_DRAFT (5 + WC_ML_DSA_DRAFT) #define DILITHIUM_ML_DSA_44_KEY_SIZE 2560 #define DILITHIUM_ML_DSA_44_SIG_SIZE 2420 @@ -742,7 +842,7 @@ WOLFSSL_API int wc_Dilithium_PrivateKeyToDer(dilithium_key* key, byte* output, #define wc_MlDsaKey_ExportPrivRaw(key, out, outLen) \ wc_dilithium_export_private_only(key, out, outLen) #define wc_MlDsaKey_ImportPrivRaw(key, in, inLen) \ - wc_dilithium_import_private_only(out, outLen, key) + wc_dilithium_import_private_only(in, inLen, key) #define wc_MlDsaKey_Sign(key, sig, sigSz, msg, msgSz, rng) \ wc_dilithium_sign_msg(msg, msgSz, sig, sigSz, key, rng) #define wc_MlDsaKey_Free(key) \ @@ -750,7 +850,7 @@ WOLFSSL_API int wc_Dilithium_PrivateKeyToDer(dilithium_key* key, byte* output, #define wc_MlDsaKey_ExportPubRaw(key, out, outLen) \ wc_dilithium_export_public(key, out, outLen) #define wc_MlDsaKey_ImportPubRaw(key, in, inLen) \ - wc_dilithium_import_public(out, outLen, key) + wc_dilithium_import_public(in, inLen, key) #define wc_MlDsaKey_Verify(key, sig, sigSz, msg, msgSz, res) \ wc_dilithium_verify_msg(sig, sigSz, msg, msgSz, res, key) diff --git a/src/wolfssl/wolfcrypt/dsa.h b/src/wolfssl/wolfcrypt/dsa.h index d5ae3a4..1e92fd5 100644 --- a/src/wolfssl/wolfcrypt/dsa.h +++ b/src/wolfssl/wolfcrypt/dsa.h @@ -1,6 +1,6 @@ /* dsa.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/ecc.h b/src/wolfssl/wolfcrypt/ecc.h index 4a198a6..71a7a8b 100644 --- a/src/wolfssl/wolfcrypt/ecc.h +++ b/src/wolfssl/wolfcrypt/ecc.h @@ -1,6 +1,6 @@ /* ecc.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -467,6 +467,7 @@ struct ecc_point { #if defined(WOLFSSL_SMALL_STACK_CACHE) && !defined(WOLFSSL_ECC_NO_SMALL_STACK) ecc_key* key; #endif + WC_BITFIELD isAllocated:1; }; /* ECC Flags */ @@ -589,12 +590,13 @@ struct ecc_key { mp_int* sign_k; #else mp_int sign_k[1]; - byte sign_k_set:1; + WC_BITFIELD sign_k_set:1; #endif #endif #if defined(WOLFSSL_ECDSA_DETERMINISTIC_K) || \ defined(WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT) - byte deterministic:1; + WC_BITFIELD deterministic:1; + enum wc_HashType hashType; #endif #if defined(WOLFSSL_SMALL_STACK_CACHE) && !defined(WOLFSSL_ECC_NO_SMALL_STACK) @@ -640,8 +642,15 @@ WOLFSSL_ABI WOLFSSL_API void wc_ecc_key_free(ecc_key* key); /* ECC predefined curve sets */ -extern const ecc_set_type ecc_sets[]; -extern const size_t ecc_sets_count; +#if defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) + extern const ecc_set_type ecc_sets[]; + extern const size_t ecc_sets_count; +#else + WOLFSSL_API const ecc_set_type *wc_ecc_get_sets(void); + WOLFSSL_API size_t wc_ecc_get_sets_count(void); + #define ecc_sets wc_ecc_get_sets() + #define ecc_sets_count wc_ecc_get_sets_count() +#endif WOLFSSL_API const char* wc_ecc_get_name(int curve_id); @@ -719,6 +728,9 @@ int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, WC_RNG* rng, WOLFSSL_API int wc_ecc_set_deterministic(ecc_key* key, byte flag); WOLFSSL_API +int wc_ecc_set_deterministic_ex(ecc_key* key, byte flag, + enum wc_HashType hashType); +WOLFSSL_API int wc_ecc_gen_deterministic_k(const byte* hash, word32 hashSz, enum wc_HashType hashType, mp_int* priv, mp_int* k, mp_int* order, void* heap); @@ -759,7 +771,7 @@ WOLFSSL_API int wc_ecc_set_flags(ecc_key* key, word32 flags); WOLFSSL_ABI WOLFSSL_API void wc_ecc_fp_free(void); -WOLFSSL_LOCAL +WOLFSSL_API void wc_ecc_fp_init(void); WOLFSSL_API int wc_ecc_set_rng(ecc_key* key, WC_RNG* rng); @@ -1016,6 +1028,11 @@ WOLFSSL_API int wc_ecc_curve_cache_init(void); WOLFSSL_API void wc_ecc_curve_cache_free(void); #endif +#ifdef HAVE_OID_ENCODING +WOLFSSL_LOCAL int wc_ecc_oid_cache_init(void); +WOLFSSL_LOCAL void wc_ecc_oid_cache_free(void); +#endif + WOLFSSL_API int wc_ecc_gen_k(WC_RNG* rng, int size, mp_int* k, mp_int* order); diff --git a/src/wolfssl/wolfcrypt/eccsi.h b/src/wolfssl/wolfcrypt/eccsi.h index 8e0124c..34e10bf 100644 --- a/src/wolfssl/wolfcrypt/eccsi.h +++ b/src/wolfssl/wolfcrypt/eccsi.h @@ -1,6 +1,6 @@ /* eccsi.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -62,15 +62,15 @@ typedef struct EccsiKeyParams { ecc_point* base; /** Bit indicates order (q) is set as an MP integer in ECCSI key. */ - byte haveOrder:1; + WC_BITFIELD haveOrder:1; /** Bit indicates A is set as an MP integer in ECCSI key. */ - byte haveA:1; + WC_BITFIELD haveA:1; /** Bit indicates B is set as an MP integer in ECCSI key. */ - byte haveB:1; + WC_BITFIELD haveB:1; /** Bit indicates prime is set as an MP integer in ECCSI key. */ - byte havePrime:1; + WC_BITFIELD havePrime:1; /** Bit indicates base point is set as an MP integer in ECCSI key. */ - byte haveBase:1; + WC_BITFIELD haveBase:1; } EccsiKeyParams; /** @@ -104,7 +104,7 @@ typedef struct EccsiKey { /** Heap hint for dynamic memory allocation. */ void* heap; /** Bit indicates KPAK (public key) is in montgomery form. */ - word16 kpakMont:1; + WC_BITFIELD kpakMont:1; } EccsiKey; #ifdef __cplusplus diff --git a/src/wolfssl/wolfcrypt/ed25519.h b/src/wolfssl/wolfcrypt/ed25519.h index efba650..8c660b2 100644 --- a/src/wolfssl/wolfcrypt/ed25519.h +++ b/src/wolfssl/wolfcrypt/ed25519.h @@ -1,6 +1,6 @@ /* ed25519.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -94,8 +94,9 @@ struct ed25519_key { word32 flags; byte keyIdSet; #endif - word16 privKeySet:1; - word16 pubKeySet:1; + WC_BITFIELD privKeySet:1; + WC_BITFIELD pubKeySet:1; + WC_BITFIELD sha_clean_flag:1; /* only used if WOLFSSL_ED25519_PERSISTENT_SHA */ #ifdef WOLFSSL_ASYNC_CRYPT WC_ASYNC_DEV asyncDev; #endif @@ -106,7 +107,6 @@ struct ed25519_key { void *heap; #ifdef WOLFSSL_ED25519_PERSISTENT_SHA wc_Sha512 sha; - int sha_clean_flag; #endif }; @@ -175,13 +175,20 @@ int wc_ed25519_verify_msg_final(const byte* sig, word32 sigLen, int* res, #endif /* WOLFSSL_ED25519_STREAMING_VERIFY */ #endif /* HAVE_ED25519_VERIFY */ - WOLFSSL_API int wc_ed25519_init(ed25519_key* key); WOLFSSL_API int wc_ed25519_init_ex(ed25519_key* key, void* heap, int devId); WOLFSSL_API void wc_ed25519_free(ed25519_key* key); +#ifndef WC_NO_CONSTRUCTORS +WOLFSSL_API +ed25519_key* wc_ed25519_new(void* heap, int devId, int *result_code); +WOLFSSL_API +int wc_ed25519_delete(ed25519_key* key, ed25519_key** key_p); +#endif +WOLFSSL_API + #ifdef HAVE_ED25519_KEY_IMPORT WOLFSSL_API int wc_ed25519_import_public(const byte* in, word32 inLen, ed25519_key* key); diff --git a/src/wolfssl/wolfcrypt/ed448.h b/src/wolfssl/wolfcrypt/ed448.h index 5884bda..9e2e890 100644 --- a/src/wolfssl/wolfcrypt/ed448.h +++ b/src/wolfssl/wolfcrypt/ed448.h @@ -1,6 +1,6 @@ /* ed448.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -85,8 +85,8 @@ struct ed448_key { byte pointX[ED448_KEY_SIZE]; /* recovered X coordinate */ byte pointY[ED448_KEY_SIZE]; /* Y coordinate is the public key with The most significant bit of the final octet always zero. */ #endif - word16 privKeySet:1; - word16 pubKeySet:1; + WC_BITFIELD privKeySet:1; + WC_BITFIELD pubKeySet:1; #ifdef WOLFSSL_ASYNC_CRYPT WC_ASYNC_DEV asyncDev; #endif @@ -97,7 +97,7 @@ struct ed448_key { void *heap; #ifdef WOLFSSL_ED448_PERSISTENT_SHA wc_Shake sha; - int sha_clean_flag; + unsigned int sha_clean_flag : 1; #endif }; diff --git a/src/wolfssl/wolfcrypt/error-crypt.h b/src/wolfssl/wolfcrypt/error-crypt.h index dbe0553..3f188f7 100644 --- a/src/wolfssl/wolfcrypt/error-crypt.h +++ b/src/wolfssl/wolfcrypt/error-crypt.h @@ -1,6 +1,6 @@ /* error-crypt.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -37,10 +37,25 @@ the error status. extern "C" { #endif +#ifdef WOLFSSL_DEBUG_TRACE_ERROR_CODES_H +#include +#endif /* error codes, add string for new errors !!! */ -enum { - MAX_CODE_E = -100, /* errors -101 - -299 */ +enum wolfCrypt_ErrorCodes { + /* note that WOLFSSL_FATAL_ERROR is defined as -1 in error-ssl.h, for + * reasons of backward compatibility. + */ + + MAX_CODE_E = -96, /* errors -97 - -299 */ + WC_FIRST_E = -97, /* errors -97 - -299 */ + + MP_MEM = -97, /* MP dynamic memory allocation failed. */ + MP_VAL = -98, /* MP value passed is not able to be used. */ + MP_WOULDBLOCK = -99, /* MP non-blocking operation is returning after + * partial completion. */ + MP_NOT_INF = -100, /* MP point not at infinity */ + OPEN_RAN_E = -101, /* opening random device error */ READ_RAN_E = -102, /* reading random device error */ WINCRYPT_E = -103, /* windows crypt init error */ @@ -276,13 +291,12 @@ enum { SM4_CCM_AUTH_E = -299, /* SM4-CCM Authentication check failure */ WC_LAST_E = -299, /* Update this to indicate last error */ - MIN_CODE_E = -300 /* errors -101 - -299 */ + MIN_CODE_E = -300 /* errors -2 - -299 */ /* add new companion error id strings for any new error codes wolfcrypt/src/error.c !!! */ }; - #ifdef NO_ERROR_STRINGS #define wc_GetErrorString(error) "no support for error strings built in" #define wc_ErrorString(err, buf) \ @@ -294,16 +308,35 @@ WOLFSSL_API void wc_ErrorString(int err, char* buff); WOLFSSL_ABI WOLFSSL_API const char* wc_GetErrorString(int error); #endif -#if defined(WOLFSSL_DEBUG_TRACE_ERROR_CODES) && !defined(BUILDING_WOLFSSL) - #undef WOLFSSL_DEBUG_TRACE_ERROR_CODES -#endif -#ifdef WOLFSSL_DEBUG_TRACE_ERROR_CODES +#if defined(WOLFSSL_DEBUG_TRACE_ERROR_CODES) && \ + (defined(BUILDING_WOLFSSL) || \ + defined(WOLFSSL_DEBUG_TRACE_ERROR_CODES_ALWAYS)) + WOLFSSL_API extern void wc_backtrace_render(void); #define WC_NO_ERR_TRACE(label) (CONST_NUM_ERR_ ## label) + #ifndef WOLFSSL_DEBUG_BACKTRACE_RENDER_CLAUSE + #ifdef WOLFSSL_DEBUG_BACKTRACE_ERROR_CODES + #define WOLFSSL_DEBUG_BACKTRACE_RENDER_CLAUSE wc_backtrace_render() + #else + #define WOLFSSL_DEBUG_BACKTRACE_RENDER_CLAUSE (void)0 + #endif + #endif #ifndef WC_ERR_TRACE + #ifdef NO_STDIO_FILESYSTEM + #define WC_ERR_TRACE(label) \ + ( printf("ERR TRACE: %s L %d %s (%d)\n", \ + __FILE__, __LINE__, #label, label), \ + WOLFSSL_DEBUG_BACKTRACE_RENDER_CLAUSE, \ + label \ + ) + #else #define WC_ERR_TRACE(label) \ ( fprintf(stderr, \ - "ERR TRACE: %s L %d " #label " (%d)\n", \ - __FILE__, __LINE__, label), label) + "ERR TRACE: %s L %d %s (%d)\n", \ + __FILE__, __LINE__, #label, label), \ + WOLFSSL_DEBUG_BACKTRACE_RENDER_CLAUSE, \ + label \ + ) + #endif #endif #include #else diff --git a/src/wolfssl/wolfcrypt/ext_kyber.h b/src/wolfssl/wolfcrypt/ext_kyber.h index 0ea7108..6e7f690 100644 --- a/src/wolfssl/wolfcrypt/ext_kyber.h +++ b/src/wolfssl/wolfcrypt/ext_kyber.h @@ -1,6 +1,6 @@ /* ext_kyber.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -29,8 +29,8 @@ #ifdef WOLFSSL_HAVE_KYBER #include -#if !defined(HAVE_LIBOQS) && !defined(HAVE_PQM4) -#error "This code requires liboqs or pqm4" +#if !defined(HAVE_LIBOQS) +#error "This code requires liboqs" #endif #if defined(WOLFSSL_WC_KYBER) @@ -41,15 +41,6 @@ #include #define EXT_KYBER_MAX_PRIV_SZ OQS_KEM_kyber_1024_length_secret_key #define EXT_KYBER_MAX_PUB_SZ OQS_KEM_kyber_1024_length_public_key -#elif defined(HAVE_PQM4) - #include "api_kyber.h" - #define PQM4_PUBLIC_KEY_LENGTH CRYPTO_PUBLICKEYBYTES - #define PQM4_PRIVATE_KEY_LENGTH CRYPTO_SECRETKEYBYTES - #define PQM4_SHARED_SECRET_LENGTH CRYPTO_BYTES - #define PQM4_CIPHERTEXT_LENGTH CRYPTO_CIPHERTEXTBYTES - - #define EXT_KYBER_MAX_PRIV_SZ PQM4_PRIVATE_KEY_LENGTH - #define EXT_KYBER_MAX_PUB_SZ PQM4_PUBLIC_KEY_LENGTH #endif struct KyberKey { diff --git a/src/wolfssl/wolfcrypt/ext_lms.h b/src/wolfssl/wolfcrypt/ext_lms.h index fae812f..4120335 100644 --- a/src/wolfssl/wolfcrypt/ext_lms.h +++ b/src/wolfssl/wolfcrypt/ext_lms.h @@ -1,6 +1,6 @@ /* ext_lms.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -22,12 +22,9 @@ #ifndef EXT_LMS_H #define EXT_LMS_H -#ifdef WOLFSSL_HAVE_LMS -#include +#if defined(WOLFSSL_HAVE_LMS) && defined(HAVE_LIBLMS) -#if !defined(HAVE_LIBLMS) -#error "This code requires liblms" -#endif +#include /* hash-sigs LMS HSS includes */ #include diff --git a/src/wolfssl/wolfcrypt/ext_xmss.h b/src/wolfssl/wolfcrypt/ext_xmss.h index 5f51bf5..cb041bc 100644 --- a/src/wolfssl/wolfcrypt/ext_xmss.h +++ b/src/wolfssl/wolfcrypt/ext_xmss.h @@ -1,6 +1,6 @@ /* ext_xmss.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -22,12 +22,9 @@ #ifndef EXT_XMSS_H #define EXT_XMSS_H -#ifdef WOLFSSL_HAVE_XMSS -#include +#if defined(WOLFSSL_HAVE_XMSS) && defined(HAVE_LIBXMSS) -#if !defined(HAVE_LIBXMSS) - #error "This code requires libxmss" -#endif +#include #include #include diff --git a/src/wolfssl/wolfcrypt/falcon.h b/src/wolfssl/wolfcrypt/falcon.h index 9d4bff8..a103034 100644 --- a/src/wolfssl/wolfcrypt/falcon.h +++ b/src/wolfssl/wolfcrypt/falcon.h @@ -1,6 +1,6 @@ /* falcon.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/fe_448.h b/src/wolfssl/wolfcrypt/fe_448.h index c925d7d..09ff150 100644 --- a/src/wolfssl/wolfcrypt/fe_448.h +++ b/src/wolfssl/wolfcrypt/fe_448.h @@ -1,6 +1,6 @@ /* fe448_448.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/fe_operations.h b/src/wolfssl/wolfcrypt/fe_operations.h index 8a1cab7..23928f2 100644 --- a/src/wolfssl/wolfcrypt/fe_operations.h +++ b/src/wolfssl/wolfcrypt/fe_operations.h @@ -1,6 +1,6 @@ /* fe_operations.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/fips_test.h b/src/wolfssl/wolfcrypt/fips_test.h index 452e651..6523753 100644 --- a/src/wolfssl/wolfcrypt/fips_test.h +++ b/src/wolfssl/wolfcrypt/fips_test.h @@ -1,6 +1,6 @@ /* fips_test.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -114,6 +114,13 @@ WOLFSSL_API int wc_RunCast_fips(int type); WOLFSSL_API int wc_GetCastStatus_fips(int type); WOLFSSL_API int wc_RunAllCast_fips(void); +#ifdef NO_ATTRIBUTE_CONSTRUCTOR + /* NOTE: Must be called in OS initialization section outside user control + * and must prove during operational testing/code review with the lab that + * this is outside user-control if called by the OS */ + void fipsEntry(void); +#endif + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/src/wolfssl/wolfcrypt/ge_448.h b/src/wolfssl/wolfcrypt/ge_448.h index 38ac71a..bbdb067 100644 --- a/src/wolfssl/wolfcrypt/ge_448.h +++ b/src/wolfssl/wolfcrypt/ge_448.h @@ -1,6 +1,6 @@ /* ge_448.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/ge_operations.h b/src/wolfssl/wolfcrypt/ge_operations.h index 0c6ce8d..75d4b07 100644 --- a/src/wolfssl/wolfcrypt/ge_operations.h +++ b/src/wolfssl/wolfcrypt/ge_operations.h @@ -1,6 +1,6 @@ /* ge_operations.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -112,7 +112,6 @@ typedef struct { ge Z; ge T2d; } ge_cached; -#endif /* !ED25519_SMALL */ #ifdef CURVED25519_ASM void ge_p1p1_to_p2(ge_p2 *r, const ge_p1p1 *p); @@ -124,6 +123,7 @@ void ge_msub(ge_p1p1 *r, const ge_p3 *p, const ge_precomp *q); void ge_add(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q); void ge_sub(ge_p1p1 *r, const ge_p3 *p, const ge_cached *q); #endif +#endif /* !ED25519_SMALL */ #ifdef __cplusplus } /* extern "C" */ diff --git a/src/wolfssl/wolfcrypt/hash.h b/src/wolfssl/wolfcrypt/hash.h index 27b1423..edbc949 100644 --- a/src/wolfssl/wolfcrypt/hash.h +++ b/src/wolfssl/wolfcrypt/hash.h @@ -1,6 +1,6 @@ /* hash.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -80,7 +80,7 @@ enum wc_MACAlgorithm { sha512_mac, rmd_mac, blake2b_mac, - sm3_mac, + sm3_mac }; enum wc_HashFlags { @@ -93,32 +93,41 @@ enum wc_HashFlags { WOLF_ENUM_DUMMY_LAST_ELEMENT(WC_HASH) }; -#ifndef NO_HASH_WRAPPER +/* hash union */ typedef union { - #ifndef NO_MD5 - wc_Md5 md5; - #endif - #ifndef NO_SHA - wc_Sha sha; - #endif - #ifdef WOLFSSL_SHA224 - wc_Sha224 sha224; - #endif - #ifndef NO_SHA256 - wc_Sha256 sha256; - #endif - #ifdef WOLFSSL_SHA384 - wc_Sha384 sha384; - #endif - #ifdef WOLFSSL_SHA512 - wc_Sha512 sha512; - #endif - #ifdef WOLFSSL_SHA3 - wc_Sha3 sha3; - #endif - #ifdef WOLFSSL_SM3 - wc_Sm3 sm3; - #endif +#ifndef NO_MD5 + wc_Md5 md5; +#endif +#ifndef NO_SHA + wc_Sha sha; +#endif +#ifdef WOLFSSL_SHA224 + wc_Sha224 sha224; +#endif +#ifndef NO_SHA256 + wc_Sha256 sha256; +#endif +#ifdef WOLFSSL_SHA384 + wc_Sha384 sha384; +#endif +#ifdef WOLFSSL_SHA512 + wc_Sha512 sha512; +#endif +#ifdef WOLFSSL_SHA3 + wc_Sha3 sha3; +#endif +#ifdef WOLFSSL_SM3 + wc_Sm3 sm3; +#endif +} wc_Hashes; + +#ifndef NO_HASH_WRAPPER +typedef struct { + wc_Hashes alg; + enum wc_HashType type; /* sanity check */ +#ifndef WC_NO_CONSTRUCTORS + void *heap; +#endif } wc_HashAlg; #endif /* !NO_HASH_WRAPPER */ @@ -183,6 +192,11 @@ WOLFSSL_API int wc_HashUpdate(wc_HashAlg* hash, enum wc_HashType type, WOLFSSL_API int wc_HashFinal(wc_HashAlg* hash, enum wc_HashType type, byte* out); WOLFSSL_API int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type); +#ifndef WC_NO_CONSTRUCTORS +WOLFSSL_API wc_HashAlg* wc_HashNew(enum wc_HashType type, void* heap, + int devId, int *result_code); +WOLFSSL_API int wc_HashDelete(wc_HashAlg *hash, wc_HashAlg **hash_p); +#endif #ifdef WOLFSSL_HASH_FLAGS WOLFSSL_API int wc_HashSetFlags(wc_HashAlg* hash, enum wc_HashType type, diff --git a/src/wolfssl/wolfcrypt/hmac.h b/src/wolfssl/wolfcrypt/hmac.h index 0d0844e..fd5d8d3 100644 --- a/src/wolfssl/wolfcrypt/hmac.h +++ b/src/wolfssl/wolfcrypt/hmac.h @@ -1,6 +1,6 @@ /* hmac.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -119,34 +119,7 @@ enum { #error "You have to have some kind of hash if you want to use HMAC." #endif - -/* hmac hash union */ -typedef union { -#ifndef NO_MD5 - wc_Md5 md5; -#endif -#ifndef NO_SHA - wc_Sha sha; -#endif -#ifdef WOLFSSL_SHA224 - wc_Sha224 sha224; -#endif -#ifndef NO_SHA256 - wc_Sha256 sha256; -#endif -#ifdef WOLFSSL_SHA384 - wc_Sha384 sha384; -#endif -#ifdef WOLFSSL_SHA512 - wc_Sha512 sha512; -#endif -#ifdef WOLFSSL_SHA3 - wc_Sha3 sha3; -#endif -#ifdef WOLFSSL_SM3 - wc_Sm3 sm3; -#endif -} wc_HmacHash; +typedef wc_Hashes wc_HmacHash; /* Hmac digest */ struct Hmac { diff --git a/src/wolfssl/wolfcrypt/hpke.h b/src/wolfssl/wolfcrypt/hpke.h index 432f574..6e406ba 100644 --- a/src/wolfssl/wolfcrypt/hpke.h +++ b/src/wolfssl/wolfcrypt/hpke.h @@ -1,6 +1,6 @@ /* hpke.h * - * Copyright (C) 2006-2022 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/integer.h b/src/wolfssl/wolfcrypt/integer.h index 243d3f0..927a1f6 100644 --- a/src/wolfssl/wolfcrypt/integer.h +++ b/src/wolfssl/wolfcrypt/integer.h @@ -1,6 +1,6 @@ /* integer.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -42,6 +42,8 @@ #else +#include +#include #include #ifndef CHAR_BIT @@ -162,9 +164,6 @@ extern "C" { #define MP_NEG 1 /* negative */ #define MP_OKAY 0 /* ok result */ -#define MP_MEM (-2) /* out of mem */ -#define MP_VAL (-3) /* invalid input */ -#define MP_NOT_INF (-4) /* point not at infinity */ #define MP_RANGE MP_NOT_INF #define MP_YES 1 /* yes response */ @@ -223,6 +222,9 @@ typedef int mp_err; #define WOLF_BIGINT_DEFINED #endif +#define mp_size_t int +#define mp_sign_t int + /* the mp_int structure */ typedef struct mp_int { int used, alloc, sign; diff --git a/src/wolfssl/wolfcrypt/kdf.h b/src/wolfssl/wolfcrypt/kdf.h index ad107e5..66b3a7a 100644 --- a/src/wolfssl/wolfcrypt/kdf.h +++ b/src/wolfssl/wolfcrypt/kdf.h @@ -1,6 +1,6 @@ /* kdf.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -140,7 +140,7 @@ WOLFSSL_API int wc_SSH_KDF(byte hashId, byte keyId, /* Indicators */ enum { WC_SRTCP_32BIT_IDX = 0, - WC_SRTCP_48BIT_IDX = 1, + WC_SRTCP_48BIT_IDX = 1 }; /* Maximum length of salt that can be used with SRTP/SRTCP. */ diff --git a/src/wolfssl/wolfcrypt/kyber.h b/src/wolfssl/wolfcrypt/kyber.h index 8e9a7b3..93b5022 100644 --- a/src/wolfssl/wolfcrypt/kyber.h +++ b/src/wolfssl/wolfcrypt/kyber.h @@ -1,6 +1,6 @@ /* kyber.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -213,6 +213,58 @@ WOLFSSL_API int wc_KyberKey_EncodePrivateKey(KyberKey* key, unsigned char* out, WOLFSSL_API int wc_KyberKey_EncodePublicKey(KyberKey* key, unsigned char* out, word32 len); + + +#define WC_ML_KEM_512_K KYBER512_K +#define WC_ML_KEM_512_PUBLIC_KEY_SIZE KYBER512_PUBLIC_KEY_SIZE +#define wC_ML_KEM_512_PRIVATE_KEY_SIZE KYBER512_PRIVATE_KEY_SIZE +#define wC_ML_KEM_512_CIPHER_TEXT_SIZE KYBER512_CIPHER_TEXT_SIZE + +#define WC_ML_KEM_768_K KYBER768_K +#define WC_ML_KEM_768_PUBLIC_KEY_SIZE KYBER768_PUBLIC_KEY_SIZE +#define wC_ML_KEM_768_PRIVATE_KEY_SIZE KYBER768_PRIVATE_KEY_SIZE +#define wC_ML_KEM_768_CIPHER_TEXT_SIZE KYBER768_CIPHER_TEXT_SIZE + +#define WC_ML_KEM_1024_K KYBER1024_K +#define WC_ML_KEM_1024_PUBLIC_KEY_SIZE KYBER1024_PUBLIC_KEY_SIZE +#define wC_ML_KEM_1024_PRIVATE_KEY_SIZE KYBER1024_PRIVATE_KEY_SIZE +#define wC_ML_KEM_1024_CIPHER_TEXT_SIZE KYBER1024_CIPHER_TEXT_SIZE + +#define WC_ML_KEM_MAX_K KYBER_MAX_K +#define WC_ML_KEM_MAX_PRIVATE_KEY_SIZE KYBER_MAX_PRIVATE_KEY_SIZE +#define WC_ML_KEM_MAX_PUBLIC_KEY_SIZE KYBER_MAX_PUBLIC_KEY_SIZE +#define WC_ML_KEM_MAX_CIPHER_TEXT_SIZE KYBER_MAX_CIPHER_TEXT_SIZE + +#define WC_ML_KEM_512 KYBER512 +#define WC_ML_KEM_768 KYBER768 +#define WC_ML_KEM_1024 KYBER1024 + +#define WC_ML_KEM_SYM_SZ KYBER_SYM_SZ +#define WC_ML_KEM_SS_SZ KYBER_SS_SZ +#define WC_ML_KEM_MAKEKEY_RAND_SZ KYBER_MAKEKEY_RAND_SZ +#define WC_ML_KEM_ENC_RAND_SZ KYBER_ENC_RAND_SZ +#define WC_ML_KEM_POLY_SIZE KYBER_POLY_SIZE + +#define MlKemKey KyberKey + +#define wc_MlKemKey_Init(key, type, heap, devId) \ + wc_KyberKey_Init(type, key, heap, devId) +#define wc_MlKemKey_Free wc_KyberKey_Free +#define wc_MlKemKey_MakeKey wc_KyberKey_MakeKey +#define wc_MlKemKey_MakeKeyWithRandom wc_KyberKey_MakeKeyWithRandom +#define wc_MlKemKey_CipherTextSize wc_KyberKey_CipherTextSize +#define wc_MlKemKey_SharedSecretSize wc_KyberKey_SharedSecretSize +#define wc_MlKemKey_Encapsulate wc_KyberKey_Encapsulate +#define wc_MlKemKey_EncapsulateWithRandom wc_KyberKey_EncapsulateWithRandom +#define wc_MlKemKey_Decapsulate wc_KyberKey_Encapsulate +#define wc_MlKemKey_DecodePrivateKey wc_KyberKey_DecodePrivateKey +#define wc_MlKemKey_DecodePublicKey wc_KyberKey_DecodePublicKey +#define wc_MlKemKey_PrivateKeySize wc_KyberKey_PrivateKeySize +#define wc_MlKemKey_PublicKeySize wc_KyberKey_PublicKeySize +#define wc_MlKemKey_EncodePrivateKey wc_KyberKey_EncodePrivateKey +#define wc_MlKemKey_EncodePublicKey wc_KyberKey_EncodePublicKey + + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/src/wolfssl/wolfcrypt/lms.h b/src/wolfssl/wolfcrypt/lms.h index fe87388..1534fb1 100644 --- a/src/wolfssl/wolfcrypt/lms.h +++ b/src/wolfssl/wolfcrypt/lms.h @@ -1,6 +1,6 @@ /* lms.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -78,6 +78,7 @@ enum wc_LmsRc { * Not predefining many sets with Winternitz=1, because the signatures * will be large. */ enum wc_LmsParm { +#ifndef WOLFSSL_NO_LMS_SHA256_256 WC_LMS_PARM_NONE = 0, WC_LMS_PARM_L1_H5_W1 = 1, WC_LMS_PARM_L1_H5_W2 = 2, @@ -114,6 +115,27 @@ enum wc_LmsParm { WC_LMS_PARM_L4_H5_W8 = 33, WC_LMS_PARM_L4_H10_W4 = 34, WC_LMS_PARM_L4_H10_W8 = 35, +#endif + +#ifdef WOLFSSL_LMS_SHA256_192 + WC_LMS_PARM_SHA256_192_L1_H5_W1 = 36, + WC_LMS_PARM_SHA256_192_L1_H5_W2 = 37, + WC_LMS_PARM_SHA256_192_L1_H5_W4 = 38, + WC_LMS_PARM_SHA256_192_L1_H5_W8 = 39, + WC_LMS_PARM_SHA256_192_L1_H10_W2 = 40, + WC_LMS_PARM_SHA256_192_L1_H10_W4 = 41, + WC_LMS_PARM_SHA256_192_L1_H10_W8 = 42, + WC_LMS_PARM_SHA256_192_L1_H15_W2 = 43, + WC_LMS_PARM_SHA256_192_L1_H15_W4 = 44, + WC_LMS_PARM_SHA256_192_L2_H10_W2 = 45, + WC_LMS_PARM_SHA256_192_L2_H10_W4 = 46, + WC_LMS_PARM_SHA256_192_L2_H10_W8 = 47, + WC_LMS_PARM_SHA256_192_L3_H5_W2 = 48, + WC_LMS_PARM_SHA256_192_L3_H5_W4 = 49, + WC_LMS_PARM_SHA256_192_L3_H5_W8 = 50, + WC_LMS_PARM_SHA256_192_L3_H10_W4 = 51, + WC_LMS_PARM_SHA256_192_L4_H5_W8 = 52, +#endif }; /* enum wc_LmsState is to help track the state of an LMS/HSS Key. */ diff --git a/src/wolfssl/wolfcrypt/logging.h b/src/wolfssl/wolfcrypt/logging.h index d17f834..7d349fe 100644 --- a/src/wolfssl/wolfcrypt/logging.h +++ b/src/wolfssl/wolfcrypt/logging.h @@ -1,6 +1,6 @@ /* logging.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/md2.h b/src/wolfssl/wolfcrypt/md2.h index e326a4d..fe92756 100644 --- a/src/wolfssl/wolfcrypt/md2.h +++ b/src/wolfssl/wolfcrypt/md2.h @@ -1,6 +1,6 @@ /* md2.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/md4.h b/src/wolfssl/wolfcrypt/md4.h index f367cde..c4bd266 100644 --- a/src/wolfssl/wolfcrypt/md4.h +++ b/src/wolfssl/wolfcrypt/md4.h @@ -1,6 +1,6 @@ /* md4.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/md5.h b/src/wolfssl/wolfcrypt/md5.h index 6506be9..c19f6c1 100644 --- a/src/wolfssl/wolfcrypt/md5.h +++ b/src/wolfssl/wolfcrypt/md5.h @@ -1,6 +1,6 @@ /* md5.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/mem_track.h b/src/wolfssl/wolfcrypt/mem_track.h index c6d8163..b45bf23 100644 --- a/src/wolfssl/wolfcrypt/mem_track.h +++ b/src/wolfssl/wolfcrypt/mem_track.h @@ -1,6 +1,6 @@ /* mem_track.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/memory.h b/src/wolfssl/wolfcrypt/memory.h index 31b6a28..481f8aa 100644 --- a/src/wolfssl/wolfcrypt/memory.h +++ b/src/wolfssl/wolfcrypt/memory.h @@ -1,6 +1,6 @@ /* memory.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/misc.h b/src/wolfssl/wolfcrypt/misc.h index 9761d68..9acc31b 100644 --- a/src/wolfssl/wolfcrypt/misc.h +++ b/src/wolfssl/wolfcrypt/misc.h @@ -1,6 +1,6 @@ /* misc.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -76,6 +76,14 @@ int ConstantCompare(const byte* a, const byte* b, int length); #ifdef WORD64_AVAILABLE WOLFSSL_LOCAL +word64 readUnalignedWord64(const byte *in); +WOLFSSL_LOCAL +word64 writeUnalignedWord64(void *out, word64 in); +WOLFSSL_LOCAL +void readUnalignedWords64(word64 *out, const byte *in, size_t count); +WOLFSSL_LOCAL +void writeUnalignedWords64(byte *out, const word64 *in, size_t count); +WOLFSSL_LOCAL word64 rotlFixed64(word64 x, word64 y); WOLFSSL_LOCAL word64 rotrFixed64(word64 x, word64 y); @@ -145,6 +153,7 @@ WOLFSSL_LOCAL word32 w64GetLow32(w64wrapper n); WOLFSSL_LOCAL word32 w64GetHigh32(w64wrapper n); WOLFSSL_LOCAL void w64SetLow32(w64wrapper *n, word32 low); WOLFSSL_LOCAL w64wrapper w64Add32(w64wrapper a, word32 b, byte *wrap); +WOLFSSL_LOCAL w64wrapper w64Add(w64wrapper a, w64wrapper b, byte *wrap); WOLFSSL_LOCAL w64wrapper w64Sub32(w64wrapper a, word32 b, byte *wrap); WOLFSSL_LOCAL byte w64GT(w64wrapper a, w64wrapper b); WOLFSSL_LOCAL byte w64IsZero(w64wrapper a); @@ -157,6 +166,7 @@ WOLFSSL_LOCAL w64wrapper w64Sub(w64wrapper a, w64wrapper b); WOLFSSL_LOCAL void w64Zero(w64wrapper *a); WOLFSSL_LOCAL w64wrapper w64ShiftRight(w64wrapper a, int shift); WOLFSSL_LOCAL w64wrapper w64ShiftLeft(w64wrapper a, int shift); +WOLFSSL_LOCAL w64wrapper w64Mul(word32 a, word32 b); #else /* !NO_INLINE */ diff --git a/src/wolfssl/wolfcrypt/mpi_class.h b/src/wolfssl/wolfcrypt/mpi_class.h index 0736d6f..831fae3 100644 --- a/src/wolfssl/wolfcrypt/mpi_class.h +++ b/src/wolfssl/wolfcrypt/mpi_class.h @@ -1,6 +1,6 @@ /* mpi_class.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/mpi_superclass.h b/src/wolfssl/wolfcrypt/mpi_superclass.h index abfac6a..f27f61a 100644 --- a/src/wolfssl/wolfcrypt/mpi_superclass.h +++ b/src/wolfssl/wolfcrypt/mpi_superclass.h @@ -1,6 +1,6 @@ /* mpi_superclass.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/pkcs11.h b/src/wolfssl/wolfcrypt/pkcs11.h index c754784..7a53710 100644 --- a/src/wolfssl/wolfcrypt/pkcs11.h +++ b/src/wolfssl/wolfcrypt/pkcs11.h @@ -1,6 +1,6 @@ /* pkcs11.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -138,14 +138,22 @@ extern "C" { #define CKA_HAS_RESET 0x00000302UL #define CKM_RSA_PKCS_KEY_PAIR_GEN 0x00000000UL +#define CKM_RSA_PKCS 0x00000001UL #define CKM_RSA_X_509 0x00000003UL +#define CKM_RSA_PKCS_OAEP 0x00000009UL +#define CKM_RSA_PKCS_PSS 0x0000000DUL #define CKM_DH_PKCS_KEY_PAIR_GEN 0x00000020UL #define CKM_DH_PKCS_DERIVE 0x00000021UL #define CKM_MD5_HMAC 0x00000211UL +#define CKM_SHA_1 0x00000220UL #define CKM_SHA_1_HMAC 0x00000221UL +#define CKM_SHA256 0x00000250UL #define CKM_SHA256_HMAC 0x00000251UL +#define CKM_SHA224 0x00000255UL #define CKM_SHA224_HMAC 0x00000256UL +#define CKM_SHA384 0x00000260UL #define CKM_SHA384_HMAC 0x00000261UL +#define CKM_SHA512 0x00000270UL #define CKM_SHA512_HMAC 0x00000271UL #define CKM_GENERIC_SECRET_KEY_GEN 0x00000350UL #define CKM_EC_KEY_PAIR_GEN 0x00001040UL @@ -156,12 +164,26 @@ extern "C" { #define CKM_AES_CBC 0x00001082UL #define CKM_AES_GCM 0x00001087UL +/* full data RSA PK callbacks */ +#define CKM_SHA1_RSA_PKCS_PSS 0x0000000EUL +#define CKM_SHA256_RSA_PKCS_PSS 0x00000043UL +#define CKM_SHA384_RSA_PKCS_PSS 0x00000044UL +#define CKM_SHA512_RSA_PKCS_PSS 0x00000045UL +#define CKM_SHA224_RSA_PKCS_PSS 0x00000047UL + +#define CKG_MGF1_SHA1 0x00000001UL +#define CKG_MGF1_SHA224 0x00000005UL +#define CKG_MGF1_SHA256 0x00000002UL +#define CKG_MGF1_SHA384 0x00000003UL +#define CKG_MGF1_SHA512 0x00000004UL + + #define CKR_OK 0x00000000UL #define CKR_MECHANISM_INVALID 0x00000070UL #define CKR_SIGNATURE_INVALID 0x000000C0UL #define CKD_NULL 0x00000001UL - +#define CKZ_DATA_SPECIFIED 0x00000001UL typedef unsigned char CK_BYTE; typedef CK_BYTE CK_CHAR; @@ -339,6 +361,26 @@ typedef struct CK_GCM_PARAMS { } CK_GCM_PARAMS; typedef CK_GCM_PARAMS* CK_GCM_PARAMS_PTR; +typedef CK_ULONG CK_RSA_PKCS_MGF_TYPE; + +typedef struct CK_RSA_PKCS_PSS_PARAMS { + CK_MECHANISM_TYPE hashAlg; + CK_RSA_PKCS_MGF_TYPE mgf; + CK_ULONG sLen; +} CK_RSA_PKCS_PSS_PARAMS; +typedef CK_RSA_PKCS_PSS_PARAMS *CK_RSA_PKCS_PSS_PARAMS_PTR; + +typedef CK_ULONG CK_RSA_PKCS_OAEP_SOURCE_TYPE; + +typedef struct CK_RSA_PKCS_OAEP_PARAMS { + CK_MECHANISM_TYPE hashAlg; + CK_RSA_PKCS_MGF_TYPE mgf; + CK_RSA_PKCS_OAEP_SOURCE_TYPE source; + CK_VOID_PTR pSourceData; + CK_ULONG ulSourceDataLen; +} CK_RSA_PKCS_OAEP_PARAMS; +typedef CK_RSA_PKCS_OAEP_PARAMS *CK_RSA_PKCS_OAEP_PARAMS_PTR; + /* Function list types. */ typedef struct CK_FUNCTION_LIST CK_FUNCTION_LIST; typedef CK_FUNCTION_LIST* CK_FUNCTION_LIST_PTR; @@ -538,4 +580,3 @@ struct CK_FUNCTION_LIST { #endif #endif /* _PKCS11_H_ */ - diff --git a/src/wolfssl/wolfcrypt/pkcs12.h b/src/wolfssl/wolfcrypt/pkcs12.h index dc06c9d..d7bf967 100644 --- a/src/wolfssl/wolfcrypt/pkcs12.h +++ b/src/wolfssl/wolfcrypt/pkcs12.h @@ -1,6 +1,6 @@ /* pkcs12.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/pkcs7.h b/src/wolfssl/wolfcrypt/pkcs7.h index 2af117d..80c687b 100644 --- a/src/wolfssl/wolfcrypt/pkcs7.h +++ b/src/wolfssl/wolfcrypt/pkcs7.h @@ -1,6 +1,6 @@ /* pkcs7.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -257,8 +257,8 @@ struct PKCS7 { CallbackStreamOut streamOutCb; void* streamCtx; /* passed to getcontentCb and streamOutCb */ #endif - byte encodeStream:1; /* use BER when encoding */ - byte noCerts:1; /* if certificates should be added into bundle + WC_BITFIELD encodeStream:1; /* use BER when encoding */ + WC_BITFIELD noCerts:1; /* if certificates should be added into bundle during creation */ byte* cert[MAX_PKCS7_CERTS]; /* array of certs parsed from bundle */ byte* verifyCert; /* cert from array used for verify */ @@ -296,9 +296,9 @@ struct PKCS7 { word32 certSz[MAX_PKCS7_CERTS]; /* flags - up to 16-bits */ - word16 isDynamic:1; - word16 noDegenerate:1; /* allow degenerate case in verify function */ - word16 detached:1; /* generate detached SignedData signature bundles */ + WC_BITFIELD isDynamic:1; + WC_BITFIELD noDegenerate:1; /* allow degenerate case in verify function */ + WC_BITFIELD detached:1; /* generate detached SignedData signature bundles */ byte contentType[MAX_OID_SZ]; /* custom contentType byte array */ word32 contentTypeSz; /* size of contentType, bytes */ @@ -345,6 +345,10 @@ struct PKCS7 { word32 plainDigestSz; word32 pkcs7DigestSz; +#ifdef WC_ASN_UNKNOWN_EXT_CB + wc_UnknownExtCallback unknownExtCallback; +#endif + #if defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && !defined(NO_RSA) CallbackRsaSignRawDigest rsaSignRawDigestCb; #endif @@ -352,12 +356,25 @@ struct PKCS7 { /* used by DecodeEnvelopedData with multiple encrypted contents */ byte* cachedEncryptedContent; word32 cachedEncryptedContentSz; - word16 contentCRLF:1; /* have content line endings been converted to CRLF */ - word16 contentIsPkcs7Type:1; /* eContent follows PKCS#7 RFC not CMS */ + WC_BITFIELD contentCRLF:1; /* have content line endings been converted to CRLF */ + WC_BITFIELD contentIsPkcs7Type:1; /* eContent follows PKCS#7 RFC not CMS */ + WC_BITFIELD hashParamsAbsent:1; + + /* RFC 5280 section-4.2.1.2 lists a possible method for creating the SKID as + * a SHA1 hash of the public key, but leaves it open to other methods as + * long as it is a unique ID. This allows for setting a custom SKID when + * creating PKCS7 bundles*/ + byte* customSKID; + word16 customSKIDSz; + /* !! NEW DATA MEMBERS MUST BE ADDED AT END !! */ }; WOLFSSL_API PKCS7* wc_PKCS7_New(void* heap, int devId); +#ifdef WC_ASN_UNKNOWN_EXT_CB + WOLFSSL_API void wc_PKCS7_SetUnknownExtCallback(PKCS7* pkcs7, + wc_UnknownExtCallback cb); +#endif WOLFSSL_API int wc_PKCS7_Init(PKCS7* pkcs7, void* heap, int devId); WOLFSSL_API int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* der, word32 derSz); WOLFSSL_API int wc_PKCS7_AddCertificate(PKCS7* pkcs7, byte* der, word32 derSz); @@ -378,6 +395,8 @@ WOLFSSL_API int wc_PKCS7_EncodeData(PKCS7* pkcs7, byte* output, word32 outputSz); /* CMS/PKCS#7 SignedData */ +WOLFSSL_API int wc_PKCS7_SetCustomSKID(PKCS7* pkcs7, const byte* in, + word16 inSz); WOLFSSL_API int wc_PKCS7_SetDetached(PKCS7* pkcs7, word16 flag); WOLFSSL_API int wc_PKCS7_NoDefaultSignedAttribs(PKCS7* pkcs7); WOLFSSL_API int wc_PKCS7_SetDefaultSignedAttribs(PKCS7* pkcs7, word16 flag); diff --git a/src/wolfssl/wolfcrypt/poly1305.h b/src/wolfssl/wolfcrypt/poly1305.h index cc31254..d4db487 100644 --- a/src/wolfssl/wolfcrypt/poly1305.h +++ b/src/wolfssl/wolfcrypt/poly1305.h @@ -1,6 +1,6 @@ /* poly1305.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -57,7 +57,7 @@ #if defined(USE_INTEL_POLY1305_SPEEDUP) #elif (defined(WC_HAS_SIZEOF_INT128_64BIT) || defined(WC_HAS_MSVC_64BIT) || \ - defined(WC_HAS_GCC_4_4_64BIT)) + defined(WC_HAS_GCC_4_4_64BIT)) && !defined(WOLFSSL_W64_WRAPPER_TEST) #define POLY130564 #else #define POLY130532 @@ -88,14 +88,31 @@ typedef struct Poly1305 { size_t leftover; unsigned char finished; unsigned char started; -#else -#if defined(WOLFSSL_ARMASM) && defined(__aarch64__) +#elif defined(WOLFSSL_ARMASM) && defined(__aarch64__) + ALIGN128 word64 r64[2]; ALIGN128 word32 r[5]; ALIGN128 word32 r_2[5]; /* r^2 */ ALIGN128 word32 r_4[5]; /* r^4 */ ALIGN128 word32 h[5]; word32 pad[4]; word64 leftover; + unsigned char buffer[POLY1305_BLOCK_SIZE]; + unsigned char finished; +#elif defined(WOLFSSL_ARMASM) + word32 r[4]; + word32 h[5]; + word32 pad[4]; + word32 leftover; + unsigned char buffer[POLY1305_BLOCK_SIZE]; +#elif defined(WOLFSSL_RISCV_ASM) + word64 r[2]; +#ifdef WOLFSSL_RISCV_VECTOR + word64 r2[6]; +#endif + word64 h[3]; + word64 pad[2]; + size_t leftover; + unsigned char buffer[POLY1305_BLOCK_SIZE]; #else #if defined(POLY130564) word64 r[3]; @@ -107,10 +124,9 @@ typedef struct Poly1305 { word32 pad[4]; #endif size_t leftover; -#endif /* WOLFSSL_ARMASM */ unsigned char buffer[POLY1305_BLOCK_SIZE]; unsigned char finished; -#endif +#endif /* WOLFSSL_ARMASM */ } Poly1305; /* does init */ @@ -131,10 +147,47 @@ WOLFSSL_API int wc_Poly1305_EncodeSizes64(Poly1305* ctx, word64 aadSz, WOLFSSL_API int wc_Poly1305_MAC(Poly1305* ctx, const byte* additional, word32 addSz, const byte* input, word32 sz, byte* tag, word32 tagSz); -#if defined(__aarch64__ ) && defined(WOLFSSL_ARMASM) -void poly1305_blocks(Poly1305* ctx, const unsigned char *m, - size_t bytes); -void poly1305_block(Poly1305* ctx, const unsigned char *m); +#if defined(WOLFSSL_ARMASM) +#if defined(__aarch64__ ) +#define poly1305_blocks poly1305_blocks_aarch64 +#define poly1305_block poly1305_block_aarch64 + +void poly1305_blocks_aarch64(Poly1305* ctx, const unsigned char *m, + size_t bytes); +void poly1305_block_aarch64(Poly1305* ctx, const unsigned char *m); +#else +#if defined(WOLFSSL_ARMASM_THUMB2) +#define poly1305_blocks poly1305_blocks_thumb2 +#define poly1305_block poly1305_block_thumb2 + +void poly1305_blocks_thumb2(Poly1305* ctx, const unsigned char *m, + size_t bytes); +void poly1305_block_thumb2(Poly1305* ctx, const unsigned char *m); + +void poly1305_blocks_thumb2_16(Poly1305* ctx, const unsigned char* m, + word32 len, int notLast); +#else +#define poly1305_blocks poly1305_blocks_arm32 +#define poly1305_block poly1305_block_arm32 + +void poly1305_blocks_arm32(Poly1305* ctx, const unsigned char *m, size_t bytes); +void poly1305_block_arm32(Poly1305* ctx, const unsigned char *m); + +void poly1305_blocks_arm32_16(Poly1305* ctx, const unsigned char* m, word32 len, + int notLast); +#endif +void poly1305_set_key(Poly1305* ctx, const byte* key); +void poly1305_final(Poly1305* ctx, byte* mac); +#endif +#endif /* WOLFSSL_ARMASM */ + +#if defined(WOLFSSL_RISCV_ASM) +#define poly1305_blocks poly1305_blocks_riscv64 +#define poly1305_block poly1305_block_riscv64 + +void poly1305_blocks_riscv64(Poly1305* ctx, const unsigned char *m, + size_t bytes); +void poly1305_block_riscv64(Poly1305* ctx, const unsigned char *m); #endif #ifdef __cplusplus diff --git a/src/wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h b/src/wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h index 55ff661..85b4ed1 100644 --- a/src/wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h +++ b/src/wolfssl/wolfcrypt/port/Espressif/esp-sdk-lib.h @@ -116,7 +116,7 @@ ** the config you want - ie #define EXAMPLE_WIFI_SSID "mywifissid" */ #if defined(CONFIG_ESP_WIFI_SSID) - /* tyically from ESP32 with ESP-IDF v4 ot v5 */ + /* tyically from ESP32 with ESP-IDF v4 or v5 */ #define EXAMPLE_ESP_WIFI_SSID CONFIG_ESP_WIFI_SSID #elif defined(CONFIG_EXAMPLE_WIFI_SSID) /* typically from ESP8266 rtos-sdk/v3.4 */ @@ -148,9 +148,13 @@ WOLFSSL_LOCAL esp_err_t sdk_var_whereis(const char* v_name, void* v); WOLFSSL_LOCAL intptr_t esp_sdk_stack_pointer(void); +#if defined(USE_WOLFSSL_ESP_SDK_TIME) + /****************************************************************************** * Time helpers ******************************************************************************/ +WOLFSSL_LOCAL esp_err_t esp_sdk_time_mem_init(void); + WOLFSSL_LOCAL esp_err_t esp_sdk_time_lib_init(void); /* a function to show the current data and time */ @@ -168,8 +172,9 @@ WOLFSSL_LOCAL esp_err_t set_time(void); /* wait NTP_RETRY_COUNT seconds before giving up on NTP time */ WOLFSSL_LOCAL esp_err_t set_time_wait_for_ntp(void); +#endif -#ifndef NO_ESP_SDK_WIFI +#if defined(USE_WOLFSSL_ESP_SDK_WIFI) /****************************************************************************** * WiFi helpers @@ -201,8 +206,7 @@ WOLFSSL_LOCAL esp_err_t esp_sdk_wifi_init_sta(void); WOLFSSL_LOCAL esp_err_t esp_sdk_wifi_show_ip(void); -#endif /* !NO_ESP_SDK_WIFI */ - +#endif /* USE_WOLFSSL_ESP_SDK_WIFI */ /****************************************************************************** * Debug helpers diff --git a/src/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h b/src/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h index 9a33bf5..99d2ca2 100644 --- a/src/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h +++ b/src/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h @@ -216,6 +216,10 @@ enum { ** Turns on diagnostic messages for SHA mutex. Note that given verbosity, ** there may be TLS timing issues encountered. Use with caution. ** +** DEBUG_WOLFSSL_ESP32_UNFINISHED_HW +** This may be interesting in that HW may have been unnessearily locked +** for hash that was never completed. (typically encountered at `free1` time) +** ** LOG_LOCAL_LEVEL ** Debugging. Default value is ESP_LOG_DEBUG ** @@ -229,6 +233,14 @@ enum { ** WOLFSSL_DEBUG_ESP_RSA_MULM_BITS ** Shows a warning when mulm falls back for minimum number of bits. ** +** WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS +** Shows a marning when multiplication math bits have exceeded hardware +** capabilities and will fall back to slower software. +** +** WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS +** Shows a marning when modular math bits have exceeded hardware capabilities +** and will fall back to slower software. +** ** NO_HW_MATH_TEST ** Even if HW is enabled, do not run HW math tests. See HW_MATH_ENABLED. ** @@ -563,6 +575,95 @@ enum { defined(WOLFSSL_ESP32_CRYPT_DEBUG) #endif +/* +****************************************************************************** +** wolfssl component Kconfig file settings +****************************************************************************** + * Naming convention: + * + * CONFIG_ + * This prefix indicates the setting came from the sdkconfig / Kconfig. + * + * May or may not be related to wolfSSL. + * + * The name after this prefix must exactly match that in the Kconfig file. + * + * WOLFSSL_ + * Typical of many, but not all wolfSSL macro names. + * + * Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc. + * + * May or may not have a corresponding sdkconfig / Kconfig control. + * + * ESP_WOLFSSL_ + * These are NOT valid wolfSSL macro names. These are names only used in + * the ESP-IDF Kconfig files. When parsed, they will have a "CONFIG_" + * suffix added. See next section. + * + * CONFIG_ESP_WOLFSSL_ + * This is a wolfSSL-specific macro that has been defined in the ESP-IDF + * via the sdkconfig / menuconfig. Any text after this prefix should + * exactly match an existing wolfSSL macro name. + * + * Applies to all wolfSSL products such as wolfSSH, wolfMQTT, etc. + * + * These macros may also be specific to only the project or environment, + * and possibly not used anywhere else in the wolfSSL libraries. + */ + + + +/* Pre-set some hardware acceleration from Kconfig / menuconfig settings */ +#ifdef CONFIG_ESP_WOLFSSL_NO_ESP32_CRYPT + #define NO_ESP32_CRYPT + #define NO_WOLFSSL_ESP32_CRYPT_AES + #define NO_WOLFSSL_ESP32_CRYPT_HASH + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD +#endif +#ifdef CONFIG_ESP_WOLFSSL_NO_HW_AES + #define NO_WOLFSSL_ESP32_CRYPT_AES +#endif +#ifdef CONFIG_ESP_WOLFSSL_NO_HW_HASH + #define NO_WOLFSSL_ESP32_CRYPT_HASH +#endif +#ifdef CONFIG_ESP_WOLFSSL_NO_HW_RSA_PRI + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD +#endif +#ifdef CONFIG_ESP_WOLFSSL_NO_HW_RSA_PRI_MP_MUL + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MP_MUL +#endif +#ifdef CONFIG_ESP_WOLFSSL_NO_HW_RSA_PRI_MULMOD + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_MULMOD +#endif +#ifdef CONFIG_ESP_WOLFSSL_NO_HW_RSA_PRI_EXPTMOD + #define NO_WOLFSSL_ESP32_CRYPT_RSA_PRI_EXPTMOD +#endif + +/* wolfCrypt test settings */ +#ifdef CONFIG_ESP_WOLFSSL_ENABLE_TEST + #ifdef CONFIG_WOLFSSL_HAVE_WOLFCRYPT_TEST_OPTIONS + #define HAVE_WOLFCRYPT_TEST_OPTIONS + #endif +#endif + +/* debug options */ +#if defined(CONFIG_ESP_WOLFSSL_DEBUG_WOLFSSL) + /* wolfSSH debugging enabled via Kconfig / menuconfig */ + #define DEBUG_WOLFSSL +#endif + +/* +****************************************************************************** +** END wolfssl component Kconfig file settings +****************************************************************************** +*/ + #ifdef __cplusplus extern "C" { @@ -623,7 +724,8 @@ extern "C" #elif defined(CONFIG_IDF_TARGET_ESP8266) /* no hardware includes for ESP8266*/ #else - #include "rom/aes.h" + /* TODO: Confirm for older versions: */ + /* #include "rom/aes.h" */ #endif typedef enum tagES32_AES_PROCESS /* TODO what's this ? */ @@ -759,7 +861,7 @@ extern "C" #if defined(WOLFSSL_STACK_CHECK) word32 last_word; #endif - } WC_ESP32SHA; + } WC_ESP32SHA __attribute__((aligned(4))); WOLFSSL_LOCAL int esp_sha_need_byte_reversal(WC_ESP32SHA* ctx); WOLFSSL_LOCAL int esp_sha_init(WC_ESP32SHA* ctx, @@ -907,9 +1009,9 @@ WOLFSSL_LOCAL int esp_sha_stack_check(WC_ESP32SHA* sha); /* * Errata Mitigation. See - * https://www.espressif.com/sites/default/files/documentation/esp32_errata_en.pdf - * https://www.espressif.com/sites/default/files/documentation/esp32-c3_errata_en.pdf - * https://www.espressif.com/sites/default/files/documentation/esp32-s3_errata_en.pdf + * esp32_errata_en.pdf + * esp32-c3_errata_en.pdf + * esp32-s3_errata_en.pdf */ #define ESP_MP_HW_LOCK_MAX_DELAY ( TickType_t ) 0xffUL @@ -986,6 +1088,29 @@ WOLFSSL_LOCAL int esp_sha_stack_check(WC_ESP32SHA* sha); } #endif +/****************************************************************************** +** Sanity Checks +******************************************************************************/ +#if defined(CONFIG_ESP_MAIN_TASK_STACK_SIZE) + #if defined(WOLFCRYPT_HAVE_SRP) + #if defined(FP_MAX_BITS) + #if FP_MAX_BITS < (8192 * 2) + #define ESP_SRP_MINIMUM_STACK_8K (24 * 1024) + #else + #define ESP_SRP_MINIMUM_STACK_8K (28 * 1024) + #endif + #else + #error "Please define FP_MAX_BITS when using WOLFCRYPT_HAVE_SRP." + #endif + + #if (CONFIG_ESP_MAIN_TASK_STACK_SIZE < ESP_SRP_MINIMUM_STACK) + #warning "WOLFCRYPT_HAVE_SRP enabled with small stack size" + #endif + #endif +#else + #warning "CONFIG_ESP_MAIN_TASK_STACK_SIZE not defined!" +#endif + #endif /* WOLFSSL_ESPIDF (entire contents excluded when not Espressif ESP-IDF) */ #endif /* __ESP32_CRYPT_H__ */ diff --git a/src/wolfssl/wolfcrypt/port/Espressif/esp_crt_bundle.h b/src/wolfssl/wolfcrypt/port/Espressif/esp_crt_bundle.h new file mode 100644 index 0000000..afeb352 --- /dev/null +++ b/src/wolfssl/wolfcrypt/port/Espressif/esp_crt_bundle.h @@ -0,0 +1,242 @@ +/* esp_crt_bundle.h + * + * Copyright (C) 2006-2024 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifdef HAVE_CONFIG_H + #include +#endif + +#ifndef __ESP_CRT_BUNDLE_wolfssl_LIB_H__ + +#define __ESP_CRT_BUNDLE_wolfssl_LIB_H__ + +/* This file is typically NOT directly used by applications utilizing the + * wolfSSL libraries. It is used when the wolfssl library component is + * configured to be utilized by the Espressif ESP-IDF, specifically the + * esp-tls layer. + * + * See: esp-idf api-reference for esp_tls. + * https://github.com/espressif/esp-idf/blob/master/components/esp-tls/esp_tls.h + * + ******************************************************************************* + ** Optional Settings: + ******************************************************************************* + * WOLFSSL_DEBUG_CERT_BUNDLE_NAME + * Optionally show certificate bundle debugging info. + * + * WOLFSSL_DEBUG_CERT_BUNDLE_NAME + * Optionally show certificate bundle name debugging info. + * + * WOLFSSL_EXAMPLE_VERBOSITY + * Optionally print example application information that may be interesting. + * + * IS_WOLFSSL_CERT_BUNDLE_FORMAT + * This should be left on as no other bundle format is supported at this time. + * + * CB_INLINE + * Normally on, this uses the compiler `inline` decorator for bundle functions + * to be optimized, since they are called during a TLS connection. + * + * See Kconfig file (or use idy.py menuconfig) for other bundle settings. + * + ******************************************************************************* + ** Other Settings: + ******************************************************************************* + * WOLFSSL_CMAKE_REQUIRED_ESP_TLS + * This is defined in the wolfssl component cmake file when the esp-tls + * component is required. This is typically when Certificate Bundles are + * enabled, and the esp_tls_free_global_ca_store() in the esp-tls needs + * to be called from the wolfSSL wolfSSL_bundle_cleanup(). + */ + +/* wolfSSL */ +/* Always include wolfcrypt/settings.h before any other wolfSSL file. */ +/* Be sure to define WOLFSSL_USER_SETTINGS, typically in CMakeLists.txt */ +/* Reminder: settings.h pulls in user_settings.h */ +/* Do not explicitly include user_settings.h here. */ +#include + +#if defined(WOLFSSL_ESPIDF) /* Entire file is only for Espressif EDP-IDF */ + +#ifndef WOLFSSL_USER_SETTINGS + #error "WOLFSSL_USER_SETTINGS must be defined for Espressif targts" +#endif + +#if defined(CONFIG_ESP_TLS_USING_WOLFSSL) || \ + defined(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE) + + +#ifdef __cplusplus +extern "C" { +#endif + +#define WOLFSSL_X509_VERIFY_CALLBACK (void *, WOLFSSL_X509 *, int, uint32_t *) +#include + +typedef struct wolfssl_ssl_config wolfssl_ssl_config; + +struct wolfssl_ssl_config +{ + WOLFSSL_X509* ca_chain; + WOLFSSL_X509_CRL* ca_crl; + void *priv_ctx; + void *priv_ssl; +}; + +/** + * @brief Attach and enable use of a bundle for certificate verification + * + * Attach and enable use of a bundle for certificate verification through a + * verification callback.If no specific bundle has been set through + * esp_crt_bundle_set() it will default to the bundle defined in menuconfig + * and embedded in the binary. + * + * Note this must be visible for both the regular bundles, as well as the + *"none" option. + * + * Other code gated out, below, when the "none" option is selected. + * + * @param[in] conf The config struct for the SSL connection. + * + * @return + * - ESP_OK if adding certificates was successful. + * - Other if an error occurred or an action must be taken by the + * calling process. + */ +esp_err_t esp_crt_bundle_attach(void *conf); + + +#if defined(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE) && \ + defined(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE) && \ + (CONFIG_WOLFSSL_CERTIFICATE_BUNDLE_DEFAULT_NONE == 1) + +/* Certificate bundles are enabled, but the "none" option selected */ + +#else +/** + * @brief Return ESP_OK for valid bundle, otherwise ESP_FAIL. + * + * Specific to wolfSSL. Not used by ESP-IDF esp-tls layer. + */ +esp_err_t esp_crt_bundle_is_valid(void); + +/** + * @brief Return 1 if Cert Bundle loaded, otherwise 0. + * + * Specific to wolfSSL. Not used by ESP-IDF esp-tls layer. + */ +int wolfssl_cert_bundle_loaded(void); + +/** + * @brief Return 1 is a cert from the bundle was needed + * at connection time, otherwise 0. + * + * Specific to wolfSSL. Not used by ESP-IDF esp-tls layer. + */ +int wolfssl_need_bundle_cert(void); + +/** + * @brief Disable and dealloc the certification bundle + * + * Used by ESP-IDF esp-tls layer. + * + * Removes the certificate verification callback and deallocates used resources + * + * @param[in] conf The config struct for the SSL connection. + */ +void esp_crt_bundle_detach(wolfssl_ssl_config *conf); + +/** + * @brief Set the default certificate bundle used for verification + * + * Used by ESP-IDF esp-tls layer. + * + * Overrides the default certificate bundle only in case of successful + * initialization. In most use cases the bundle should be set through + * menuconfig. The bundle needs to be sorted by subject name since binary + * search is used to find certificates. + * + * @param[in] x509_bundle A pointer to the certificate bundle. + * + * @param[in] bundle_size Size of the certificate bundle in bytes. + * + * @return + * - ESP_OK if adding certificates was successful. + * - Other if an error occurred or an action must be taken + * by the calling process. + */ +esp_err_t esp_crt_bundle_set(const uint8_t *x509_bundle, size_t bundle_size); + + +/** + * @brief Set the issuer and subject values given the current cert. + * + * Used internally by ESP-IDF esp-tls layer. Also helpful for debugging + * and general visibility to certificate attributes. + * + * The CERT_TAG can be used at the esp-tls or application layer to indicate + * the usage of the respective cert (e.g. the string "peer"). + * + * Turn on WOLFSSL_DEBUG_CERT_BUNDLE to also see ASN1 before/after values. + * + * @return + * - WOLFSSL_SUCCESS (1) + * - WOLFSSL_FAILURE (0) if unable to get issues and/or subject. + */ +int wolfSSL_X509_get_cert_items(char* CERT_TAG, + WOLFSSL_X509* cert, + WOLFSSL_X509_NAME** issuer, + WOLFSSL_X509_NAME** subject); + +esp_err_t wolfSSL_bundle_cleanup(void); + +WOLFSSL_LOCAL void wolfssl_ssl_conf_verify(wolfssl_ssl_config *conf, + int (*f_vrfy) WOLFSSL_X509_VERIFY_CALLBACK, + void *p_vrfy); + +WOLFSSL_LOCAL void wolfssl_ssl_conf_authmode(wolfssl_ssl_config *conf, + int authmode); + +WOLFSSL_LOCAL void wolfssl_ssl_conf_ca_chain(wolfssl_ssl_config *conf, + WOLFSSL_X509 *ca_chain, + WOLFSSL_X509_CRL *ca_crl); + +WOLFSSL_LOCAL void wolfssl_x509_crt_init(WOLFSSL_X509 *crt); + +WOLFSSL_LOCAL int esp_crt_verify_callback(void *buf, WOLFSSL_X509 *crt, + int depth, uint32_t *flags); + +#ifdef __cplusplus +} +#endif + +/* Detect if wolfSSL is enabled, but so are mbedTLS bundles */ +#if defined(CONFIG_MBEDTLS_CERTIFICATE_BUNDLE) && \ + CONFIG_MBEDTLS_CERTIFICATE_BUNDLE + #error "wolfSSL cannot use mbedTLS certificate bundles. Please disable them" +#endif + +#endif /* CONFIG_WOLFSSL_CERTIFICATE_BUNDLE */ + +#endif /* CONFIG_ESP_TLS_USING_WOLFSSL */ + +#endif /* WOLFSSL_ESPIDF */ + +#endif /* __ESP_CRT_BUNDLE_wolfssl_LIB_H__ */ diff --git a/src/wolfssl/wolfcrypt/port/atmel/atmel.h b/src/wolfssl/wolfcrypt/port/atmel/atmel.h index 4f92236..c2f9940 100644 --- a/src/wolfssl/wolfcrypt/port/atmel/atmel.h +++ b/src/wolfssl/wolfcrypt/port/atmel/atmel.h @@ -1,6 +1,6 @@ /* atmel.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/pwdbased.h b/src/wolfssl/wolfcrypt/pwdbased.h index bcf0939..9535b0a 100644 --- a/src/wolfssl/wolfcrypt/pwdbased.h +++ b/src/wolfssl/wolfcrypt/pwdbased.h @@ -1,6 +1,6 @@ /* pwdbased.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/random.h b/src/wolfssl/wolfcrypt/random.h index 9dd6163..cc4c797 100644 --- a/src/wolfssl/wolfcrypt/random.h +++ b/src/wolfssl/wolfcrypt/random.h @@ -1,6 +1,6 @@ /* random.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/rc2.h b/src/wolfssl/wolfcrypt/rc2.h index 2d1950e..22b2ad1 100644 --- a/src/wolfssl/wolfcrypt/rc2.h +++ b/src/wolfssl/wolfcrypt/rc2.h @@ -1,6 +1,6 @@ /* rc2.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/ripemd.h b/src/wolfssl/wolfcrypt/ripemd.h index 3e1d5b4..d1a0e6f 100644 --- a/src/wolfssl/wolfcrypt/ripemd.h +++ b/src/wolfssl/wolfcrypt/ripemd.h @@ -1,6 +1,6 @@ /* ripemd.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/rsa.h b/src/wolfssl/wolfcrypt/rsa.h index f73974d..3f39d5b 100644 --- a/src/wolfssl/wolfcrypt/rsa.h +++ b/src/wolfssl/wolfcrypt/rsa.h @@ -1,6 +1,6 @@ /* rsa.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -103,7 +103,11 @@ RSA keys can be used to encrypt, decrypt, sign and verify data. #endif #ifndef RSA_MIN_SIZE -#define RSA_MIN_SIZE 512 + #if defined(HAVE_WOLFENGINE) || defined(HAVE_WOLFPROVIDER) + #define RSA_MIN_SIZE 1024 + #else + #define RSA_MIN_SIZE 2048 + #endif #endif #ifndef RSA_MAX_SIZE @@ -274,9 +278,28 @@ struct RsaKey { #endif /* HAVE_FIPS */ +#if defined(WOLF_CRYPTO_CB) && defined(WOLF_CRYPTO_CB_RSA_PAD) +struct RsaPadding { + byte pad_value; + int pad_type; + enum wc_HashType hash; + int mgf; + byte* label; + word32 labelSz; + int saltLen; + int unpadded; +}; +typedef struct RsaPadding RsaPadding; +#endif + WOLFSSL_API int wc_InitRsaKey(RsaKey* key, void* heap); WOLFSSL_API int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId); WOLFSSL_API int wc_FreeRsaKey(RsaKey* key); +#ifndef WC_NO_CONSTRUCTORS +WOLFSSL_API RsaKey* wc_NewRsaKey(void* heap, int devId, int *result_code); +WOLFSSL_API int wc_DeleteRsaKey(RsaKey* key, RsaKey** key_p); +#endif + #ifdef WOLF_PRIVATE_KEY_ID WOLFSSL_API int wc_InitRsaKey_Id(RsaKey* key, unsigned char* id, int len, void* heap, int devId); diff --git a/src/wolfssl/wolfcrypt/sakke.h b/src/wolfssl/wolfcrypt/sakke.h index 173c33b..0f7a75c 100644 --- a/src/wolfssl/wolfcrypt/sakke.h +++ b/src/wolfssl/wolfcrypt/sakke.h @@ -1,6 +1,6 @@ /* sakke.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -64,15 +64,15 @@ typedef struct SakkeKeyParams { ecc_point* base; /** Bit indicate prime is set as an MP integer in SAKKE key. */ - byte havePrime:1; + WC_BITFIELD havePrime:1; /** Bit indicates q (order) is set as an MP integer in SAKKE key. */ - byte haveQ:1; + WC_BITFIELD haveQ:1; /** Bit indicates g (pairing base) is set as an MP integer in SAKKE key. */ - byte haveG:1; + WC_BITFIELD haveG:1; /** Bit indicates a is set as an MP integer in SAKKE key. */ - byte haveA:1; + WC_BITFIELD haveA:1; /** Bit indicates base point is set as an ECC point in SAKKE key. */ - byte haveBase:1; + WC_BITFIELD haveBase:1; } SakkeKeyParams; /** Temporary values to use in SAKKE calculations. */ @@ -116,7 +116,7 @@ typedef struct SakkeKeyRsk { /** Length of table */ word32 tableLen; /** Indicates whether an RSK value has been set. */ - byte set:1; + WC_BITFIELD set:1; } SakkeKeyRsk; #endif @@ -153,9 +153,9 @@ typedef struct SakkeKey { void* heap; /** Bit indicates Z, public key, is in montgomery form. */ - byte zMont:1; + WC_BITFIELD zMont:1; /** Bit indicate MP integers have been initialized. */ - byte mpInit:1; + WC_BITFIELD mpInit:1; } SakkeKey; #ifdef __cplusplus diff --git a/src/wolfssl/wolfcrypt/selftest.h b/src/wolfssl/wolfcrypt/selftest.h index a0c7c0e..198013b 100644 --- a/src/wolfssl/wolfcrypt/selftest.h +++ b/src/wolfssl/wolfcrypt/selftest.h @@ -1,6 +1,6 @@ /* selftest.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/settings.h b/src/wolfssl/wolfcrypt/settings.h index a4302c7..e02870c 100644 --- a/src/wolfssl/wolfcrypt/settings.h +++ b/src/wolfssl/wolfcrypt/settings.h @@ -20,24 +20,17 @@ */ /* - * ************************************************************************ + * Note, this file should not be edited to activate/deactivate features. * - * ******************************** NOTICE ******************************** - * - * ************************************************************************ - * - * This method of uncommenting a line in settings.h is outdated. - * - * Please use user_settings.h / WOLFSSL_USER_SETTINGS + * Instead, add/edit user_settings.h, and compile with -DWOLFSSL_USER_SETTINGS * * or * - * ./configure CFLAGS="-DFLAG" + * ./configure CFLAGS="-DFEATURE_FLAG_TO_DEFINE -UFEATURE_FLAG_TO_CLEAR [...]" * * For more information see: * * https://www.wolfssl.com/how-do-i-manage-the-build-configuration-of-wolfssl/ - * */ @@ -55,7 +48,7 @@ /* This flag allows wolfSSL to include options.h instead of having client * projects do it themselves. This should *NEVER* be defined when building * wolfSSL as it can cause hard to debug problems. */ -#ifdef EXTERNAL_OPTS_OPENVPN +#if defined(EXTERNAL_OPTS_OPENVPN) || defined(WOLFSSL_USE_OPTIONS_H) #include #endif @@ -212,6 +205,9 @@ /* Uncomment next line if building for Nucleus 1.2 */ /* #define WOLFSSL_NUCLEUS_1_2 */ +/* Uncomment next line if building for Nucleus Plus 2.3 */ +/* #define NUCLEUS_PLUS_2_3 */ + /* Uncomment next line if building for using Apache mynewt */ /* #define WOLFSSL_APACHE_MYNEWT */ @@ -259,6 +255,9 @@ /* Uncomment next line if building for Dolphin Emulator */ /* #define DOLPHIN_EMULATOR */ +/* Uncomment next line if building for WOLFSSL_NDS */ +/* #define WOLFSSL_NDS */ + /* Uncomment next line if using MAXQ1065 */ /* #define WOLFSSL_MAXQ1065 */ @@ -269,6 +268,7 @@ #ifdef PLATFORMIO #ifdef ESP_PLATFORM /* Turn on the wolfSSL ESPIDF flag for the PlatformIO ESP-IDF detect */ + #undef WOLFSSL_ESPIDF #define WOLFSSL_ESPIDF #endif /* ESP_PLATFORM */ @@ -319,11 +319,27 @@ #elif defined(USE_HAL_DRIVER) && !defined(HAVE_CONFIG_H) /* STM Configuration File (generated by CubeMX) */ #include "wolfSSL.I-CUBE-wolfSSL_conf.h" +#elif defined(NUCLEUS_PLUS_2_3) + /* NOTE: cyassl_nucleus_defs.h is akin to user_settings.h */ + #include "nucleus.h" + #include "os/networking/ssl/lite/cyassl_nucleus_defs.h" #endif #include /*------------------------------------------------------------*/ +#if defined(WOLFSSL_FIPS_READY) || defined(WOLFSSL_FIPS_DEV) + #undef HAVE_FIPS_VERSION_MAJOR + #define HAVE_FIPS_VERSION_MAJOR 7 /* always one more than major version */ + /* of most recent FIPS certificate */ + #undef HAVE_FIPS_VERSION + #define HAVE_FIPS_VERSION HAVE_FIPS_VERSION_MAJOR + #undef HAVE_FIPS_VERSION_MINOR + #define HAVE_FIPS_VERSION_MINOR 0 /* always 0 */ + #undef HAVE_FIPS_VERSION_PATCH + #define HAVE_FIPS_VERSION_PATCH 0 /* always 0 */ +#endif + #define WOLFSSL_MAKE_FIPS_VERSION3(major, minor, patch) \ (((major) * 65536) + ((minor) * 256) + (patch)) #define WOLFSSL_MAKE_FIPS_VERSION(major, minor) \ @@ -408,36 +424,31 @@ * --------------------------------------------------------------------------- */ #ifdef WOLFSSL_DUAL_ALG_CERTS + #ifdef NO_RSA + #error "Need RSA or else dual alg cert example will not work." + #endif -#ifndef WOLFSSL_ASN_TEMPLATE - #error "Dual alg cert support requires the ASN.1 template feature." -#endif - -#ifdef NO_RSA - #error "Need RSA or else dual alg cert example will not work." -#endif - -#ifndef HAVE_ECC - #error "Need ECDSA or else dual alg cert example will not work." -#endif + #ifndef HAVE_ECC + #error "Need ECDSA or else dual alg cert example will not work." + #endif -#undef WOLFSSL_CERT_GEN -#define WOLFSSL_CERT_GEN + #undef WOLFSSL_CERT_GEN + #define WOLFSSL_CERT_GEN -#undef WOLFSSL_CUSTOM_OID -#define WOLFSSL_CUSTOM_OID + #undef WOLFSSL_CUSTOM_OID + #define WOLFSSL_CUSTOM_OID -#undef HAVE_OID_ENCODING -#define HAVE_OID_ENCODING + #undef HAVE_OID_ENCODING + #define HAVE_OID_ENCODING -#undef WOLFSSL_CERT_EXT -#define WOLFSSL_CERT_EXT + #undef WOLFSSL_CERT_EXT + #define WOLFSSL_CERT_EXT -#undef OPENSSL_EXTRA -#define OPENSSL_EXTRA + #undef OPENSSL_EXTRA + #define OPENSSL_EXTRA -#undef HAVE_OID_DECODING -#define HAVE_OID_DECODING + #undef HAVE_OID_DECODING + #define HAVE_OID_DECODING #endif /* WOLFSSL_DUAL_ALG_CERTS */ @@ -467,6 +478,16 @@ #include #endif + +#ifdef WOLFSSL_NDS + #include + #define SIZEOF_LONG_LONG 8 + #define socklen_t int + #define IPPROTO_UDP 17 + #define IPPROTO_TCP 6 + #define NO_WRITEV +#endif + #if defined(ARDUINO) #if defined(ESP32) #ifndef NO_ARDUINO_DEFAULT @@ -496,6 +517,316 @@ #if defined(WOLFSSL_ESPIDF) #define SIZEOF_LONG_LONG 8 + + #ifndef WOLFSSL_MAX_ERROR_SZ + /* Espressif paths can be quite long. Ensure error prints full path. */ + #define WOLFSSL_MAX_ERROR_SZ 200 + #endif + + /* Parse any Kconfig / menuconfig items into wolfSSL macro equivalents. + * Macros may or may not be defined. If defined, they may have a value of + * + * 0 - not enabled (also the equivalent of not defined) + * 1 - enabled + * + * The naming convention is generally an exact match of wolfSSL macros + * in the Kconfig file. At cmake time, the Kconfig is processed and an + * sdkconfig.h file is created by the ESP-IDF. Any configured options are + * named CONFIG_[Kconfig name] and thus CONFIG_[macro name]. Those that + * are expected to be ESP-IDF specific and may be ambiguous can named + * with an ESP prefix, for example CONFIG_[ESP_(Kconfig name)] + * + * Note there are some inconsistent macro names that may have been + * used in the esp-wolfssl or other places in the ESP-IDF. They should + * be always be included for backward compatibility. + * + * See also: Espressif api-reference kconfig docs. + * + * These settings should be checked and assigned wolfssl equivalents before + * any others. + * + * Only the actual config settings should be defined here. Any others that + * may be application specific should be conditionally defined in the + * respective user_settings.h file. + * + * See the template example for reference: + * https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/template + * + * Reminder that by the time we are here, the user_settings.h has already + * been processed. The following settings are additive; Enabled settings + * from user_settings are not disabled here. + */ + #if defined(CONFIG_ESP_WOLFSSL_TEST_LOOP) && \ + CONFIG_ESP_WOLFSSL_TEST_LOOP + #define WOLFSSL_TEST_LOOP 1 + #else + #define WOLFSSL_TEST_LOOP 0 + #endif + #if (defined(CONFIG_DEBUG_WOLFSSL) && \ + CONFIG_DEBUG_WOLFSSL) || \ + (defined(CONFIG_ESP_WOLFSSL_DEBUG_WOLFSSL) && \ + CONFIG_ESP_WOLFSSL_DEBUG_WOLFSSL ) + #define DEBUG_WOLFSSL + #endif + #if defined(CONFIG_ESP_WOLFSSL_ENABLE_WOLFSSH) && \ + CONFIG_ESP_WOLFSSL_ENABLE_WOLFSSH + #define WOLFSSL_ENABLE_WOLFSSH + #endif + #if (defined(CONFIG_TEST_ESPIDF_ALL_WOLFSSL) && \ + CONFIG_TEST_ESPIDF_ALL_WOLFSSL ) + #define TEST_ESPIDF_ALL_WOLFSSL + #endif + #if (defined(CONFIG_WOLFSSL_ALT_CERT_CHAINS) && \ + CONFIG_WOLFSSL_ALT_CERT_CHAINS ) + #define WOLFSSL_ALT_CERT_CHAINS + #endif + #if defined(CONFIG_WOLFSSL_ASN_ALLOW_0_SERIAL) && \ + CONFIG_WOLFSSL_ASN_ALLOW_0_SERIAL + #define WOLFSSL_ASN_ALLOW_0_SERIAL + #endif + #if defined(CONFIG_WOLFSSL_NO_ASN_STRICT) && \ + CONFIG_WOLFSSL_NO_ASN_STRICT + #define WOLFSSL_NO_ASN_STRICT + #endif + #if defined(CONFIG_WOLFSSL_DEBUG_CERT_BUNDLE) && \ + CONFIG_WOLFSSL_DEBUG_CERT_BUNDLE + #define WOLFSSL_DEBUG_CERT_BUNDLE + #endif + #if defined(CONFIG_USE_WOLFSSL_ESP_SDK_TIME) && \ + CONFIG_USE_WOLFSSL_ESP_SDK_TIME + #define USE_WOLFSSL_ESP_SDK_TIME + #endif + #if defined(CONFIG_USE_WOLFSSL_ESP_SDK_WIFI) && \ + CONFIG_USE_WOLFSSL_ESP_SDK_WIFI + #define USE_WOLFSSL_ESP_SDK_WIFI + #endif + #if defined(CONFIG_WOLFSSL_APPLE_HOMEKIT) && \ + CONFIG_WOLFSSL_APPLE_HOMEKIT + #define WOLFSSL_APPLE_HOMEKIT + #endif + #if defined(CONFIG_ESP_WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS) && \ + CONFIG_ESP_WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS + #define WOLFSSL_DEBUG_ESP_HW_MULTI_RSAMAX_BITS + #endif + #if defined(CONFIG_ESP_WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS) && \ + CONFIG_ESP_WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS + #define WOLFSSL_DEBUG_ESP_HW_MOD_RSAMAX_BITS + #endif + + #if defined(CONFIG_TLS_STACK_WOLFSSL) && (CONFIG_TLS_STACK_WOLFSSL) + /* When using ESP-TLS, some old algorithms such as SHA1 are no longer + * enabled in wolfSSL, except for the OpenSSL compatibility. So enable + * that here: */ + #define OPENSSL_EXTRA + #endif + + /* Optional Apple HomeKit support. See below for related sanity checks. */ + #if defined(WOLFSSL_APPLE_HOMEKIT) + /* SRP is known to need 8K; slow on some devices */ + #undef FP_MAX_BITS + #define FP_MAX_BITS (8192 * 2) + #define WOLFCRYPT_HAVE_SRP + #define HAVE_CHACHA + #define HAVE_POLY1305 + #define WOLFSSL_BASE64_ENCODE + #define HAVE_HKDF + #define WOLFSSL_SHA512 + #endif + + /* Enable benchmark code via menuconfig, or when not otherwise disable: */ + #ifdef CONFIG_ESP_WOLFSSL_ENABLE_BENCHMARK + #ifdef NO_CRYPT_BENCHMARK + #pragma message("Benchmark conflict:") + #pragma message("-- NO_CRYPT_BENCHMARK defined.") + #pragma message("-- CONFIG_WOLFSSL_ENABLE_BENCHMARK also defined.") + #pragma message("-- NO_CRYPT_BENCHMARK will be undefined.") + #undef NO_CRYPT_BENCHMARK + #endif + #endif + + #if !defined(NO_CRYPT_BENCHMARK) || \ + defined(CONFIG_ESP_WOLFSSL_ENABLE_BENCHMARK) + + #define BENCH_EMBEDDED + #define WOLFSSL_BENCHMARK_FIXED_UNITS_KB + + /* See wolfcrypt/benchmark/benchmark.c for debug and other settings: */ + + /* Turn on benchmark timing debugging (CPU Cycles, RTOS ticks, etc) */ + #ifdef CONFIG_ESP_DEBUG_WOLFSSL_BENCHMARK_TIMING + #define DEBUG_WOLFSSL_BENCHMARK_TIMING + #endif + + /* Turn on timer debugging (used when CPU cycles not available) */ + #ifdef CONFIG_ESP_WOLFSSL_BENCHMARK_TIMER_DEBUG + #define WOLFSSL_BENCHMARK_TIMER_DEBUG + #endif + #endif + + /* Typically only used in tests, but available to all apps is + * the "enable all" feature: */ + #if defined(TEST_ESPIDF_ALL_WOLFSSL) + #define WOLFSSL_MD2 + #define HAVE_BLAKE2 + #define HAVE_BLAKE2B + #define HAVE_BLAKE2S + + #define WC_RC2 + #define WOLFSSL_ALLOW_RC4 + + #define HAVE_POLY1305 + + #define WOLFSSL_AES_128 + #define WOLFSSL_AES_OFB + #define WOLFSSL_AES_CFB + #define WOLFSSL_AES_XTS + + /* #define WC_SRTP_KDF */ + /* TODO Causes failure with Espressif AES HW Enabled */ + /* #define HAVE_AES_ECB */ + /* #define HAVE_AESCCM */ + /* TODO sanity check when missing HAVE_AES_ECB */ + #define WOLFSSL_WOLFSSH + + #define HAVE_AESGCM + #define WOLFSSL_AES_COUNTER + + #define HAVE_FFDHE + #define HAVE_FFDHE_2048 + #if defined(CONFIG_IDF_TARGET_ESP8266) + /* TODO Full size SRP is disabled on the ESP8266 at this time. + * Low memory issue? */ + #define WOLFCRYPT_HAVE_SRP + /* MIN_FFDHE_FP_MAX_BITS = (MIN_FFDHE_BITS * 2); see settings.h */ + #define FP_MAX_BITS MIN_FFDHE_FP_MAX_BITS + #elif defined(CONFIG_IDF_TARGET_ESP32) || \ + defined(CONFIG_IDF_TARGET_ESP32S2) || \ + defined(CONFIG_IDF_TARGET_ESP32S3) + #define WOLFCRYPT_HAVE_SRP + #define FP_MAX_BITS (8192 * 2) + #elif defined(CONFIG_IDF_TARGET_ESP32C3) || \ + defined(CONFIG_IDF_TARGET_ESP32H2) + /* SRP Known to be working on this target::*/ + #define WOLFCRYPT_HAVE_SRP + #define FP_MAX_BITS (8192 * 2) + #else + /* For everything else, give a try and see if SRP working: */ + #define WOLFCRYPT_HAVE_SRP + #define FP_MAX_BITS (8192 * 2) + #endif + + #define HAVE_DH + + /* TODO: there may be a problem with HAVE_CAMELLIA with HW AES disabled. + * Do not define NO_WOLFSSL_ESP32_CRYPT_AES when enabled: */ + /* #define HAVE_CAMELLIA */ + + /* DSA requires old SHA */ + #define HAVE_DSA + + /* Needs SHA512 ? */ + #define HAVE_HPKE + + /* Not for Espressif? */ + #if defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP8684) || \ + defined(CONFIG_IDF_TARGET_ESP32H2) || \ + defined(CONFIG_IDF_TARGET_ESP8266) + + #if defined(CONFIG_IDF_TARGET_ESP8266) + #undef HAVE_ECC + #undef HAVE_ECC_CDH + #undef HAVE_CURVE25519 + + #ifdef HAVE_CHACHA + #error "HAVE_CHACHA not supported on ESP8266" + #endif + #ifdef HAVE_XCHACHA + #error "HAVE_XCHACHA not supported on ESP8266" + #endif + #else + #define HAVE_XCHACHA + #define HAVE_CHACHA + /* TODO Not enabled at this time, needs further testing: + * #define WC_SRTP_KDF + * #define HAVE_COMP_KEY + * #define WOLFSSL_HAVE_XMSS + */ + #endif + /* TODO AES-EAX needs stesting on this platform */ + + /* Optionally disable DH + * #undef HAVE_DH + * #undef HAVE_FFDHE + */ + + /* ECC_SHAMIR out of memory on ESP32-C2 during ECC */ + #ifndef HAVE_ECC + #define ECC_SHAMIR + #endif + #else + #define WOLFSSL_AES_EAX + + #define ECC_SHAMIR + #endif + + /* Only for WOLFSSL_IMX6_CAAM / WOLFSSL_QNX_CAAM ? */ + /* #define WOLFSSL_CAAM */ + /* #define WOLFSSL_CAAM_BLOB */ + + #define WOLFSSL_AES_SIV + #define WOLFSSL_CMAC + + #define WOLFSSL_CERT_PIV + + /* HAVE_SCRYPT may turn on HAVE_PBKDF2 see settings.h */ + /* #define HAVE_SCRYPT */ + #define SCRYPT_TEST_ALL + #define HAVE_X963_KDF + #endif + + /* Optionally enable some wolfSSH settings via compiler def or Kconfig */ + #if defined(ESP_ENABLE_WOLFSSH) + /* The default SSH Windows size is massive for an embedded target. + * Limit it: */ + #define DEFAULT_WINDOW_SZ 2000 + + /* These may be defined in cmake for other examples: */ + #undef WOLFSSH_TERM + #define WOLFSSH_TERM + + #if defined(CONFIG_ESP_WOLFSSL_DEBUG_WOLFSSH) + /* wolfSSH debugging enabled via Kconfig / menuconfig */ + #undef DEBUG_WOLFSSH + #define DEBUG_WOLFSSH + #endif + + #undef WOLFSSL_KEY_GEN + #define WOLFSSL_KEY_GEN + + #undef WOLFSSL_PTHREADS + #define WOLFSSL_PTHREADS + + #define WOLFSSH_TEST_SERVER + #define WOLFSSH_TEST_THREADING + + #endif /* ESP_ENABLE_WOLFSSH */ + + /* Experimental Kyber. */ + #ifdef CONFIG_ESP_WOLFSSL_ENABLE_KYBER + /* Kyber typically needs a minimum 10K stack */ + #define WOLFSSL_EXPERIMENTAL_SETTINGS + #define WOLFSSL_HAVE_KYBER + #define WOLFSSL_WC_KYBER + #define WOLFSSL_SHA3 + #if defined(CONFIG_IDF_TARGET_ESP8266) + /* With limited RAM, we'll disable some of the Kyber sizes: */ + #define WOLFSSL_NO_KYBER1024 + #define WOLFSSL_NO_KYBER768 + #define NO_SESSION_CACHE + #endif + #endif + #ifndef NO_ESPIDF_DEFAULT #define FREERTOS #define WOLFSSL_LWIP @@ -605,7 +936,58 @@ #undef HAVE_AESGCM #define HAVE_AESGCM #endif /* SM */ + #endif /* defined(WOLFSSL_ESP32) || defined(WOLFSSL_ESPWROOM32SE) */ + /* Final device-specific hardware settings. user_settings.h loaded above. */ + + /* Counters for RSA wait timeout. CPU and frequency specific. */ + #define ESP_RSA_WAIT_TIMEOUT_CNT 0x000020 + #if defined(CONFIG_IDF_TARGET_ESP32) || defined(WOLFSSL_ESPWROOM32SE) + #ifndef ESP_RSA_TIMEOUT_CNT + #define ESP_RSA_TIMEOUT_CNT 0x349F00 + #endif + #elif defined(CONFIG_IDF_TARGET_ESP32S2) + #ifndef ESP_RSA_TIMEOUT_CNT + #define ESP_RSA_TIMEOUT_CNT 0x349F00 + #endif + #elif defined(CONFIG_IDF_TARGET_ESP32S3) + #ifndef ESP_RSA_TIMEOUT_CNT + /* Observed: 0xAE8C8F @ 80MHz */ + #define ESP_RSA_TIMEOUT_CNT 0xAF0000 + #endif + #elif defined(CONFIG_IDF_TARGET_ESP32C2) + /* See also CONFIG_IDF_TARGET_ESP8684 equivalent */ + #ifndef ESP_RSA_TIMEOUT_CNT + #define ESP_RSA_TIMEOUT_CNT 0x349F00 + #endif + #elif defined(CONFIG_IDF_TARGET_ESP32C3) + #ifndef ESP_RSA_TIMEOUT_CNT + /* Observed: 0x2624B2 @ 80MHz */ + #define ESP_RSA_TIMEOUT_CNT 0x280000 + #endif + #elif defined(CONFIG_IDF_TARGET_ESP32C6) + #ifndef ESP_RSA_TIMEOUT_CNT + /* Observed: 144323 @ 80MHz */ + #define ESP_RSA_TIMEOUT_CNT 0x160000 + #endif + #elif defined(CONFIG_IDF_TARGET_ESP32H2) + #ifndef ESP_RSA_TIMEOUT_CNT + #define ESP_RSA_TIMEOUT_CNT 0x349F00 + #endif + #elif defined(CONFIG_IDF_TARGET_ESP8266) + #ifndef ESP_RSA_TIMEOUT_CNT + #define ESP_RSA_TIMEOUT_CNT 0x349F00 + #endif + #elif defined(CONFIG_IDF_TARGET_ESP8684) + /* See also CONFIG_IDF_TARGET_ESP8684 equivalent */ + #ifndef ESP_RSA_TIMEOUT_CNT + #define ESP_RSA_TIMEOUT_CNT 0x349F00 + #endif + #else + #ifndef ESP_RSA_TIMEOUT_CNT + #define ESP_RSA_TIMEOUT_CNT 0x349F00 + #endif + #endif #endif /* WOLFSSL_ESPIDF */ #if defined(WOLFSSL_RENESAS_TSIP) @@ -693,7 +1075,6 @@ #define NO_DEV_RANDOM #define NO_FILESYSTEM #define TFM_TIMING_RESISTANT - #define NO_BIG_INT #endif #ifdef WOLFSSL_MICROCHIP_PIC32MZ @@ -1087,7 +1468,8 @@ extern void uITRON4_free(void *p) ; * heap_caps_realloc(p, s, MALLOC_CAP_8BIT) * There's no pvPortRealloc available: */ #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), realloc((p), (n))) - #elif defined(USE_INTEGER_HEAP_MATH) || defined(OPENSSL_EXTRA) + #elif defined(USE_INTEGER_HEAP_MATH) || defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_ALL) /* FreeRTOS pvPortRealloc() implementation can be found here: * https://github.com/wolfSSL/wolfssl-freertos/pull/3/files */ #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), pvPortRealloc((p), (n))) @@ -1099,7 +1481,7 @@ extern void uITRON4_free(void *p) ; #ifndef NO_WRITEV #define NO_WRITEV #endif - #ifndef HAVE_SHA512 + #ifndef WOLFSSL_SHA512 #ifndef NO_SHA512 #define NO_SHA512 #endif @@ -1640,6 +2022,7 @@ extern void uITRON4_free(void *p) ; #define WOLFSSL_STATIC_PSK /* Server side support to be added at a later date. */ #define NO_WOLFSSL_SERVER + /* Need WOLFSSL_PUBLIC_ASN to use ProcessPeerCert callback. */ #define WOLFSSL_PUBLIC_ASN @@ -1671,7 +2054,8 @@ extern void uITRON4_free(void *p) ; defined(WOLFSSL_STM32L4) || defined(WOLFSSL_STM32L5) || \ defined(WOLFSSL_STM32WB) || defined(WOLFSSL_STM32H7) || \ defined(WOLFSSL_STM32G0) || defined(WOLFSSL_STM32U5) || \ - defined(WOLFSSL_STM32H5) || defined(WOLFSSL_STM32WL) + defined(WOLFSSL_STM32H5) || defined(WOLFSSL_STM32WL) || \ + defined(WOLFSSL_STM32G4) #define SIZEOF_LONG_LONG 8 #ifndef CHAR_BIT @@ -1727,6 +2111,8 @@ extern void uITRON4_free(void *p) ; #include "stm32wlxx_hal.h" #elif defined(WOLFSSL_STM32G0) #include "stm32g0xx_hal.h" + #elif defined(WOLFSSL_STM32G4) + #include "stm32g4xx_hal.h" #elif defined(WOLFSSL_STM32U5) #include "stm32u5xx_hal.h" #elif defined(WOLFSSL_STM32H5) @@ -1785,10 +2171,7 @@ extern void uITRON4_free(void *p) ; #include "stm32f1xx.h" #endif #endif /* WOLFSSL_STM32_CUBEMX */ -#endif /* WOLFSSL_STM32F2 || WOLFSSL_STM32F4 || WOLFSSL_STM32L4 || - WOLFSSL_STM32L5 || WOLFSSL_STM32F7 || WOLFSSL_STMWB || - WOLFSSL_STM32H7 || WOLFSSL_STM32G0 || WOLFSSL_STM32U5 || - WOLFSSL_STM32H5 */ +#endif /* WOLFSSL_STM32* */ #ifdef WOLFSSL_DEOS #include #include @@ -2020,6 +2403,15 @@ extern void uITRON4_free(void *p) ; #define HAVE_AESGCM #endif +/* Detect Cortex M3 (no UMAAL) */ +#if defined(__ARM_ARCH_7M__) && !defined(WOLFSSL_ARM_ARCH_7M) + #define WOLFSSL_ARM_ARCH_7M +#endif +#if defined(WOLFSSL_SP_ARM_CORTEX_M_ASM) && defined(WOLFSSL_ARM_ARCH_7M) + #undef WOLFSSL_SP_NO_UMAAL + #define WOLFSSL_SP_NO_UMAAL +#endif + #if defined(WOLFSSL_XILINX_CRYPT) || defined(WOLFSSL_AFALG_XILINX) #if defined(WOLFSSL_ARMASM) #error can not use both ARMv8 instructions and XILINX hardened crypto @@ -2032,6 +2424,12 @@ extern void uITRON4_free(void *p) ; #define WOLFSSL_NOSHA3_224 #define WOLFSSL_NOSHA3_256 #define WOLFSSL_NOSHA3_512 + #ifndef WOLFSSL_NO_SHAKE128 + #define WOLFSSL_NO_SHAKE128 + #endif + #ifndef WOLFSSL_NO_SHAKE256 + #define WOLFSSL_NO_SHAKE256 + #endif #endif #ifdef WOLFSSL_AFALG_XILINX_AES #undef WOLFSSL_AES_DIRECT @@ -2112,6 +2510,7 @@ extern void uITRON4_free(void *p) ; void *z_realloc(void *ptr, size_t size); #define realloc z_realloc + #define max MAX #if !defined(CONFIG_NET_SOCKETS_POSIX_NAMES) && !defined(CONFIG_POSIX_API) #define CONFIG_NET_SOCKETS_POSIX_NAMES @@ -2344,7 +2743,7 @@ extern void uITRON4_free(void *p) ; #undef WOLFSSL_SP_INT_DIGIT_ALIGN #define WOLFSSL_SP_INT_DIGIT_ALIGN #endif -#ifdef __APPLE__ +#if defined(__APPLE__) || defined(WOLF_C89) #define WOLFSSL_SP_NO_DYN_STACK #endif @@ -2878,6 +3277,167 @@ extern void uITRON4_free(void *p) ; #define WOLFSSL_ASN_TEMPLATE #endif +#if defined(WOLFSSL_DUAL_ALG_CERTS) && !defined(WOLFSSL_ASN_TEMPLATE) + #error "Dual alg cert support requires the ASN.1 template feature." +#endif + +#if defined(WOLFSSL_ACERT) && !defined(WOLFSSL_ASN_TEMPLATE) + #error "Attribute Certificate support requires the ASN.1 template feature." +#endif + +#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) + #undef WOLFSSL_ASN_ALL + #define WOLFSSL_ASN_ALL +#endif + +/* Enable all parsing features for ASN */ +#ifdef WOLFSSL_ASN_ALL + /* Alternate Names */ + #undef WOLFSSL_ALT_NAMES + #define WOLFSSL_ALT_NAMES + + /* Alternate Name: human readable form of IP address*/ + #undef WOLFSSL_IP_ALT_NAME + #define WOLFSSL_IP_ALT_NAME + + /* Alternate name: human readable form of registered ID */ + #undef WOLFSSL_RID_ALT_NAME + #define WOLFSSL_RID_ALT_NAME + + /* CA Issuer URI */ + #undef WOLFSSL_ASN_CA_ISSUER + #define WOLFSSL_ASN_CA_ISSUER + + /* FPKI (Federal PKI) extensions */ + #undef WOLFSSL_FPKI + #define WOLFSSL_FPKI + + /* Certificate policies */ + #undef WOLFSSL_SEP + #define WOLFSSL_SEP + + /* Support for full AuthorityKeyIdentifier extension. + * Only supports copying full AKID from an existing certificate */ + #undef WOLFSSL_AKID_NAME + #define WOLFSSL_AKID_NAME + + /* Extended ASN.1 parsing support (typically used with cert gen) */ + #undef WOLFSSL_CERT_EXT + #define WOLFSSL_CERT_EXT + + /* Support for SubjectDirectoryAttributes extension */ + #undef WOLFSSL_SUBJ_DIR_ATTR + #define WOLFSSL_SUBJ_DIR_ATTR + + /* Support for SubjectInfoAccess extension */ + #undef WOLFSSL_SUBJ_INFO_ACC + #define WOLFSSL_SUBJ_INFO_ACC + + #undef WOLFSSL_CERT_NAME_ALL + #define WOLFSSL_CERT_NAME_ALL + + /* Store pointers to issuer name components (lengths and encodings) */ + #undef WOLFSSL_HAVE_ISSUER_NAMES + #define WOLFSSL_HAVE_ISSUER_NAMES + + /* Additional ASN.1 encoded name fields. See CTC_MAX_ATTRIB for max limit */ + #undef WOLFSSL_MULTI_ATTRIB + #define WOLFSSL_MULTI_ATTRIB + + /* Parsing of indefinite length encoded ASN.1 + * Optionally used by PKCS7/PKCS12 */ + #undef ASN_BER_TO_DER + #define ASN_BER_TO_DER + + /* Enable custom OID support for subject and request extensions */ + #undef WOLFSSL_CUSTOM_OID + #define WOLFSSL_CUSTOM_OID + + /* Support for full OID (not just sum) encoding */ + #undef HAVE_OID_ENCODING + #define HAVE_OID_ENCODING + + /* Support for full OID (not just sum) decoding */ + #undef HAVE_OID_DECODING + #define HAVE_OID_DECODING + + /* S/MIME - Secure Multipurpose Internet Mail Extension (used with PKCS7) */ + #undef HAVE_SMIME + #define HAVE_SMIME + + /* Enable compatibility layer function for getting time string */ + #undef WOLFSSL_ASN_TIME_STRING + #define WOLFSSL_ASN_TIME_STRING + + /* Support for parsing key usage */ + #undef WOLFSSL_ASN_PARSE_KEYUSAGE + #define WOLFSSL_ASN_PARSE_KEYUSAGE + + /* Support for parsing OCSP status */ + #undef WOLFSSL_OCSP_PARSE_STATUS + #define WOLFSSL_OCSP_PARSE_STATUS + + /* Extended Key Usage */ + #undef WOLFSSL_EKU_OID + #define WOLFSSL_EKU_OID + + /* Attribute Certificate support */ + #if defined(WOLFSSL_ASN_TEMPLATE) && !defined(WOLFSSL_ACERT) + #define WOLFSSL_ACERT + #endif +#endif + +#if defined(OPENSSL_ALL) || defined(WOLFSSL_MYSQL_COMPATIBLE) || \ + defined(OPENSSL_EXTRA) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) + #undef WOLFSSL_ASN_TIME_STRING + #define WOLFSSL_ASN_TIME_STRING +#endif + +#if (defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT)) || \ + (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)) + #undef WOLFSSL_ASN_PARSE_KEYUSAGE + #define WOLFSSL_ASN_PARSE_KEYUSAGE +#endif + +#if defined(HAVE_OCSP) && !defined(WOLFCRYPT_ONLY) && \ + (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \ + defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY) || \ + defined(WOLFSSL_APACHE_HTTPD)) + #undef WOLFSSL_OCSP_PARSE_STATUS + #define WOLFSSL_OCSP_PARSE_STATUS +#endif + +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ + defined(WOLFSSL_CERT_GEN) + #undef WOLFSSL_MULTI_ATTRIB + #define WOLFSSL_MULTI_ATTRIB +#endif + +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + #undef WOLFSSL_EKU_OID + #define WOLFSSL_EKU_OID +#endif + +/* Disable time checking if no timer */ +#if defined(NO_ASN_TIME) + #define NO_ASN_TIME_CHECK +#endif + +/* ASN Unknown Extension Callback support */ +#if defined(WOLFSSL_CUSTOM_OID) && defined(HAVE_OID_DECODING) && \ + defined(WOLFSSL_ASN_TEMPLATE) + #undef WC_ASN_UNKNOWN_EXT_CB + #define WC_ASN_UNKNOWN_EXT_CB +#else + /* if user supplied build option and not using ASN template, raise error */ + #if defined(WC_ASN_UNKNOWN_EXT_CB) && !defined(WOLFSSL_ASN_TEMPLATE) + #error ASN unknown extension callback is only supported \ + with ASN template + #endif +#endif + + +/* Linux Kernel Module */ #ifdef WOLFSSL_LINUXKM #ifdef HAVE_CONFIG_H #include @@ -3003,30 +3563,15 @@ extern void uITRON4_free(void *p) ; #define WOLFSSL_SESSION_ID_CTX #endif /* OPENSSL_EXTRA && !OPENSSL_COEXIST */ -/* --------------------------------------------------------------------------- - * Special small OpenSSL compat layer for certs - * --------------------------------------------------------------------------- - */ #ifdef OPENSSL_EXTRA_X509_SMALL - #undef WOLFSSL_EKU_OID - #define WOLFSSL_EKU_OID - - #undef WOLFSSL_MULTI_ATTRIB - #define WOLFSSL_MULTI_ATTRIB - #undef WOLFSSL_NO_OPENSSL_RAND_CB #define WOLFSSL_NO_OPENSSL_RAND_CB -#endif /* OPENSSL_EXTRA_X509_SMALL */ +#endif #ifdef HAVE_SNI #define SSL_CTRL_SET_TLSEXT_HOSTNAME 55 #endif -/* Disable time checking if no timer */ -#if defined(NO_ASN_TIME) - #define NO_ASN_TIME_CHECK -#endif - /* both CURVE and ED small math should be enabled */ #ifdef CURVED25519_SMALL #define CURVE25519_SMALL @@ -3117,6 +3662,22 @@ extern void uITRON4_free(void *p) ; #define KEEP_PEER_CERT #endif +/* Always copy certificate(s) from SSL CTX to each SSL object on creation, + * if this is not defined then each SSL object shares a pointer to the + * original certificate buffer owned by the SSL CTX. */ +#if defined(OPENSSL_ALL) && !defined(WOLFSSL_NO_COPY_CERT) + #undef WOLFSSL_COPY_CERT + #define WOLFSSL_COPY_CERT +#endif + +/* Always copy private key from SSL CTX to each SSL object on creation, + * if this is not defined then each SSL object shares a pointer to the + * original key buffer owned by the SSL CTX. */ +#if defined(OPENSSL_ALL) && !defined(WOLFSSL_NO_COPY_KEY) + #undef WOLFSSL_COPY_KEY + #define WOLFSSL_COPY_KEY +#endif + /* * Keeps the "Finished" messages after a TLS handshake for use as the so-called * "tls-unique" channel binding. See comment in internal.h around clientFinished @@ -3133,8 +3694,8 @@ extern void uITRON4_free(void *p) ; #define WOLFSSL_NO_HASH_RAW #endif -/* XChacha not implemented with ARM assembly ChaCha */ -#if defined(WOLFSSL_ARMASM) +#if defined(HAVE_XCHACHA) && !defined(HAVE_CHACHA) + /* XChacha requires ChaCha */ #undef HAVE_XCHACHA #endif @@ -3366,17 +3927,7 @@ extern void uITRON4_free(void *p) ; #endif #endif -#ifdef HAVE_PQM4 -#define HAVE_PQC -#define WOLFSSL_HAVE_KYBER -#define WOLFSSL_KYBER512 -#define WOLFSSL_NO_KYBER768 -#define WOLFSSL_NO_KYBER1024 -#endif - #if (defined(HAVE_LIBOQS) || \ - defined(WOLFSSL_WC_KYBER) || \ - defined(WOLFSSL_WC_DILITHIUM) || \ defined(HAVE_LIBXMSS) || \ defined(HAVE_LIBLMS) || \ defined(WOLFSSL_DUAL_ALG_CERTS)) && \ @@ -3384,15 +3935,10 @@ extern void uITRON4_free(void *p) ; #error Experimental settings without WOLFSSL_EXPERIMENTAL_SETTINGS #endif -#if defined(HAVE_PQC) && !defined(HAVE_LIBOQS) && !defined(HAVE_PQM4) && \ - !defined(WOLFSSL_HAVE_KYBER) +#if defined(HAVE_PQC) && !defined(HAVE_LIBOQS) && !defined(WOLFSSL_HAVE_KYBER) #error Please do not define HAVE_PQC yourself. #endif -#if defined(HAVE_PQC) && defined(HAVE_LIBOQS) && defined(HAVE_PQM4) -#error Please do not define both HAVE_LIBOQS and HAVE_PQM4. -#endif - #if defined(HAVE_PQC) && defined(WOLFSSL_DTLS13) && \ !defined(WOLFSSL_DTLS_CH_FRAG) #warning "Using DTLS 1.3 + pqc without WOLFSSL_DTLS_CH_FRAG will probably" \ @@ -3475,22 +4021,28 @@ extern void uITRON4_free(void *p) ; #define WOLFSSL_RSA_KEY_CHECK #endif -/* SHAKE - Not allowed in FIPS */ -#if defined(WOLFSSL_SHA3) && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) - #ifndef WOLFSSL_NO_SHAKE128 - #undef WOLFSSL_SHAKE128 - #define WOLFSSL_SHAKE128 - #endif - #ifndef WOLFSSL_NO_SHAKE256 - #undef WOLFSSL_SHAKE256 - #define WOLFSSL_SHAKE256 - #endif -#else +/* ED448 Requires Shake256 */ +#if defined(HAVE_ED448) && defined(WOLFSSL_SHA3) + #undef WOLFSSL_SHAKE256 + #define WOLFSSL_SHAKE256 +#endif + +/* SHAKE - Not allowed in FIPS v5.2 or older */ +#if defined(WOLFSSL_SHA3) && (defined(HAVE_SELFTEST) || \ + (defined(HAVE_FIPS) && FIPS_VERSION_LE(5,2))) #undef WOLFSSL_NO_SHAKE128 #define WOLFSSL_NO_SHAKE128 #undef WOLFSSL_NO_SHAKE256 #define WOLFSSL_NO_SHAKE256 #endif +/* SHAKE Disable */ +#ifdef WOLFSSL_NO_SHAKE128 + #undef WOLFSSL_SHAKE128 +#endif +#ifdef WOLFSSL_NO_SHAKE256 + #undef WOLFSSL_SHAKE256 +#endif + /* Encrypted Client Hello - requires HPKE */ #if defined(HAVE_ECH) && !defined(HAVE_HPKE) @@ -3559,8 +4111,8 @@ extern void uITRON4_free(void *p) ; /* Ciphersuite check done in internal.h */ #endif -/* Some final sanity checks */ -#ifdef WOLFSSL_APPLE_HOMEKIT +/* Some final sanity checks. See esp32-crypt.h for Apple HomeKit config. */ +#if defined(WOLFSSL_APPLE_HOMEKIT) || defined(CONFIG_WOLFSSL_APPLE_HOMEKIT) #ifndef WOLFCRYPT_HAVE_SRP #error "WOLFCRYPT_HAVE_SRP is required for Apple Homekit" #endif @@ -3578,10 +4130,23 @@ extern void uITRON4_free(void *p) ; #endif #endif +#if defined(CONFIG_WOLFSSL_NO_ASN_STRICT) && !defined(WOLFSSL_NO_ASN_STRICT) + /* The settings.h and/or user_settings.h should have detected config + * values from Kconfig and set the appropriate wolfSSL macro: */ + #error "CONFIG_WOLFSSL_NO_ASN_STRICT found without WOLFSSL_NO_ASN_STRICT" +#endif + #if defined(WOLFSSL_ESPIDF) && defined(ARDUINO) #error "Found both ESPIDF and ARDUINO. Pick one." #endif +#if defined(CONFIG_MBEDTLS_CERTIFICATE_BUNDLE) && \ + defined(CONFIG_WOLFSSL_CERTIFICATE_BUNDLE) && \ + CONFIG_MBEDTLS_CERTIFICATE_BUNDLE && \ + CONFIG_WOLFSSL_CERTIFICATE_BUNDLE + #error "mbedTLS and wolfSSL Certificate Bundles both enabled. Pick one". +#endif + #if defined(HAVE_FIPS) && defined(HAVE_PKCS11) #error "PKCS11 not allowed with FIPS enabled (Crypto outside boundary)" #endif diff --git a/src/wolfssl/wolfcrypt/sha.h b/src/wolfssl/wolfcrypt/sha.h index eb599ab..063784e 100644 --- a/src/wolfssl/wolfcrypt/sha.h +++ b/src/wolfssl/wolfcrypt/sha.h @@ -1,6 +1,6 @@ /* sha.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -76,6 +76,9 @@ #if defined(WOLFSSL_SILABS_SE_ACCEL) #include #endif +#if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD) + #include +#endif #if !defined(NO_OLD_SHA_NAMES) #define SHA WC_SHA @@ -148,8 +151,8 @@ struct wc_Sha { #else word32 digest[WC_SHA_DIGEST_SIZE / sizeof(word32)]; #endif - void* heap; #endif + void* heap; #ifdef WOLFSSL_PIC32MZ_HASH hashUpdCache cache; /* cache for updates */ #endif @@ -160,6 +163,9 @@ struct wc_Sha { int devId; void* devCtx; /* generic crypto callback context */ #endif +#if defined(MAX3266X_SHA_CB) || defined(MAX3266X_SHA) + wc_MXC_Sha mxcCtx; +#endif #ifdef WOLFSSL_IMXRT1170_CAAM caam_hash_ctx_t ctx; caam_handle_t hndl; diff --git a/src/wolfssl/wolfcrypt/sha256.h b/src/wolfssl/wolfcrypt/sha256.h index a6c4ea4..b5534d4 100644 --- a/src/wolfssl/wolfcrypt/sha256.h +++ b/src/wolfssl/wolfcrypt/sha256.h @@ -1,6 +1,6 @@ /* sha256.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -146,6 +146,10 @@ enum { #include "wolfssl/wolfcrypt/port/Renesas/renesas-rx64-hw-crypt.h" #else +#if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD) + #include "wolfssl/wolfcrypt/port/maxim/max3266x.h" +#endif + #if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_HASH) #include "wolfssl/wolfcrypt/port/nxp/se050_port.h" #endif @@ -190,13 +194,13 @@ struct wc_Sha256 { word32 buffLen; /* in bytes */ word32 loLen; /* length in bytes */ word32 hiLen; /* length in bytes */ - void* heap; #ifdef WC_C_DYNAMIC_FALLBACK int sha_method; #endif #endif + void* heap; #ifdef WOLFSSL_PIC32MZ_HASH hashUpdCache cache; /* cache for updates */ #endif @@ -209,6 +213,9 @@ struct wc_Sha256 { #ifdef WOLFSSL_DEVCRYPTO_HASH WC_CRYPTODEV ctx; #endif +#if defined(MAX3266X_SHA_CB) || defined(MAX3266X_SHA) + wc_MXC_Sha mxcCtx; +#endif #if defined(WOLFSSL_DEVCRYPTO_HASH) || defined(WOLFSSL_HASH_KEEP) byte* msg; word32 used; diff --git a/src/wolfssl/wolfcrypt/sha3.h b/src/wolfssl/wolfcrypt/sha3.h index e1ce33a..f65c41d 100644 --- a/src/wolfssl/wolfcrypt/sha3.h +++ b/src/wolfssl/wolfcrypt/sha3.h @@ -1,6 +1,6 @@ /* sha3.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -220,8 +220,7 @@ WOLFSSL_LOCAL void sha3_block_bmi2(word64* s); WOLFSSL_LOCAL void sha3_block_avx2(word64* s); WOLFSSL_LOCAL void BlockSha3(word64 *s); #endif -#if defined(WOLFSSL_ARMASM) && (defined(__arm__) || \ - defined(WOLFSSL_ARMASM_CRYPTO_SHA3)) +#if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM) WOLFSSL_LOCAL void BlockSha3(word64 *s); #endif diff --git a/src/wolfssl/wolfcrypt/sha512.h b/src/wolfssl/wolfcrypt/sha512.h index bf3cff6..e971a8d 100644 --- a/src/wolfssl/wolfcrypt/sha512.h +++ b/src/wolfssl/wolfcrypt/sha512.h @@ -1,6 +1,6 @@ /* sha512.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -135,12 +135,16 @@ enum { #include "mcapi.h" #include "mcapi_error.h" #endif +#if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD) + #include "wolfssl/wolfcrypt/port/maxim/max3266x.h" +#endif /* wc_Sha512 digest */ struct wc_Sha512 { #ifdef WOLFSSL_PSOC6_CRYPTO cy_stc_crypto_sha_state_t hash_state; cy_en_crypto_sha_mode_t sha_mode; cy_stc_crypto_v2_sha512_buffers_t sha_buffers; + void* heap; #else word64 digest[WC_SHA512_DIGEST_SIZE / sizeof(word64)]; word64 buffer[WC_SHA512_BLOCK_SIZE / sizeof(word64)]; @@ -185,6 +189,9 @@ struct wc_Sha512 { int devId; void* devCtx; /* generic crypto callback context */ #endif +#if defined(MAX3266X_SHA_CB) || defined(MAX3266X_SHA) + wc_MXC_Sha mxcCtx; +#endif #ifdef WOLFSSL_HASH_FLAGS word32 flags; /* enum wc_HashFlags in hash.h */ #endif diff --git a/src/wolfssl/wolfcrypt/signature.h b/src/wolfssl/wolfcrypt/signature.h index f712c04..51c07af 100644 --- a/src/wolfssl/wolfcrypt/signature.h +++ b/src/wolfssl/wolfcrypt/signature.h @@ -1,6 +1,6 @@ /* signature.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/siphash.h b/src/wolfssl/wolfcrypt/siphash.h index ebb1302..6b75a46 100644 --- a/src/wolfssl/wolfcrypt/siphash.h +++ b/src/wolfssl/wolfcrypt/siphash.h @@ -1,6 +1,6 @@ /* siphash.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/sm2.h b/src/wolfssl/wolfcrypt/sm2.h index 87167f4..ae9885e 100644 --- a/src/wolfssl/wolfcrypt/sm2.h +++ b/src/wolfssl/wolfcrypt/sm2.h @@ -1,6 +1,6 @@ /* sm2.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/sm3.h b/src/wolfssl/wolfcrypt/sm3.h index 2b3fc50..b24fcf4 100644 --- a/src/wolfssl/wolfcrypt/sm3.h +++ b/src/wolfssl/wolfcrypt/sm3.h @@ -1,6 +1,6 @@ /* sm3.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/sm4.h b/src/wolfssl/wolfcrypt/sm4.h index f3e66cb..84a8166 100644 --- a/src/wolfssl/wolfcrypt/sm4.h +++ b/src/wolfssl/wolfcrypt/sm4.h @@ -1,6 +1,6 @@ /* sm4.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/sp.h b/src/wolfssl/wolfcrypt/sp.h index 88e9a06..3ede752 100644 --- a/src/wolfssl/wolfcrypt/sp.h +++ b/src/wolfssl/wolfcrypt/sp.h @@ -1,6 +1,6 @@ /* sp.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/sp_int.h b/src/wolfssl/wolfcrypt/sp_int.h index ba16895..2a9a880 100644 --- a/src/wolfssl/wolfcrypt/sp_int.h +++ b/src/wolfssl/wolfcrypt/sp_int.h @@ -1,6 +1,6 @@ /* sp_int.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -178,13 +178,6 @@ extern "C" { #define WOLFSSL_SP_DIV_WORD_HALF #endif -/* Detect Cortex M3 (no UMAAL) */ -#if defined(WOLFSSL_SP_ARM_CORTEX_M_ASM) && defined(__ARM_ARCH_7M__) - #undef WOLFSSL_SP_NO_UMAAL - #define WOLFSSL_SP_NO_UMAAL -#endif - - /* Make sure WOLFSSL_SP_ASM build option defined when requested */ #if !defined(WOLFSSL_SP_ASM) && ( \ defined(WOLFSSL_SP_X86_64_ASM) || defined(WOLFSSL_SP_ARM32_ASM) || \ @@ -692,14 +685,14 @@ typedef struct sp_ecc_ctx { * * @param [in] a SP integer to update. */ -#define sp_clamp(a) \ - do { \ - int ii; \ - if ((a)->used > 0) { \ +#define sp_clamp(a) \ + do { \ + int ii; \ + if ((a)->used > 0) { \ for (ii = (int)(a)->used - 1; ii >= 0 && (a)->dp[ii] == 0; ii--) { \ - } \ - (a)->used = (unsigned int)ii + 1; \ - } \ + } \ + (a)->used = (mp_size_t)(ii + 1); \ + } \ } while (0) /* Check the compiled and linked math implementation are the same. @@ -742,24 +735,18 @@ typedef struct sp_ecc_ctx { #define MP_LT (-1) /* ERROR VALUES */ + +/* MP_MEM, MP_VAL, MP_WOULDBLOCK, and MP_NOT_INF are defined in error-crypt.h */ + /** Error value on success. */ #define MP_OKAY 0 -/** Error value when dynamic memory allocation fails. */ -#define MP_MEM (-2) -/** Error value when value passed is not able to be used. */ -#define MP_VAL (-3) -/** Error value when non-blocking operation is returning after partial - * completion. - */ -#define FP_WOULDBLOCK (-4) -/* Unused error. Defined for backward compatibility. */ -#define MP_NOT_INF (-5) + +#define FP_WOULDBLOCK MP_WOULDBLOCK /* Unused error. Defined for backward compatibility. */ #define MP_RANGE MP_NOT_INF - #ifdef USE_FAST_MATH /* For old FIPS, need FP_MEM defined for old implementation. */ -#define FP_MEM (-2) +#define FP_MEM MP_MEM #endif /* Number of bits in each word/digit. */ @@ -776,8 +763,8 @@ typedef struct sp_ecc_ctx { /* The number of bytes to a sp_int with 'cnt' digits. * Must have at least one digit. */ -#define MP_INT_SIZEOF(cnt) \ - (sizeof(sp_int_minimal) + (((cnt) <= 1) ? 0 : ((cnt) - 1)) * \ +#define MP_INT_SIZEOF(cnt) \ + (sizeof(sp_int_minimal) + (((cnt) <= 1) ? 0 : ((size_t)((cnt) - 1))) * \ sizeof(sp_int_digit)) /* The address of the next sp_int after one with 'cnt' digits. */ #define MP_INT_NEXT(t, cnt) \ @@ -786,7 +773,7 @@ typedef struct sp_ecc_ctx { /* Calculate the number of words required to support a number of bits. */ #define MP_BITS_CNT(bits) \ - ((((bits) + SP_WORD_SIZE - 1) / SP_WORD_SIZE) * 2 + 1) + ((unsigned int)(((((bits) + SP_WORD_SIZE - 1) / SP_WORD_SIZE) * 2 + 1))) #ifdef WOLFSSL_SMALL_STACK /* @@ -871,6 +858,20 @@ while (0) #define WOLF_BIGINT_DEFINED #endif +#if SP_INT_DIGITS < (65536 / SP_WORD_SIZEOF) +/* Type for number of digits. */ +typedef word16 sp_size_t; +#else +/* Type for number of digits. */ +typedef unsigned int sp_size_t; +#endif + +/* Type for number of digits. */ +#define mp_size_t sp_size_t +#ifdef WOLFSSL_SP_INT_NEGATIVE + typedef sp_uint8 sp_sign_t; + #define mp_sign_t sp_sign_t +#endif /** * SP integer. @@ -879,12 +880,12 @@ while (0) */ typedef struct sp_int { /** Number of words that contain data. */ - unsigned int used; + sp_size_t used; /** Maximum number of words in data. */ - unsigned int size; + sp_size_t size; #ifdef WOLFSSL_SP_INT_NEGATIVE /** Indicates whether number is 0/positive or negative. */ - unsigned int sign; + sp_sign_t sign; #endif #ifdef HAVE_WOLF_BIGINT /** Unsigned binary (big endian) representation of number. */ @@ -895,12 +896,16 @@ typedef struct sp_int { } sp_int; typedef struct sp_int_minimal { - unsigned int used; - unsigned int size; + /** Number of words that contain data. */ + sp_size_t used; + /** Maximum number of words in data. */ + sp_size_t size; #ifdef WOLFSSL_SP_INT_NEGATIVE - unsigned int sign; + /** Indicates whether number is 0/positive or negative. */ + sp_uint8 sign; #endif #ifdef HAVE_WOLF_BIGINT + /** Unsigned binary (big endian) representation of number. */ struct WC_BIGINT raw; #endif /** First digit of number. */ @@ -1145,27 +1150,22 @@ WOLFSSL_LOCAL void sp_memzero_check(sp_int* sp); #define mp_div_2 sp_div_2 #define mp_add sp_add #define mp_sub sp_sub -#define mp_addmod sp_addmod -#define mp_submod sp_submod + #define mp_addmod_ct sp_addmod_ct #define mp_submod_ct sp_submod_ct #define mp_xor_ct sp_xor_ct #define mp_lshd sp_lshd #define mp_rshd sp_rshd #define mp_div sp_div -#define mp_mod sp_mod #define mp_mul sp_mul -#define mp_mulmod sp_mulmod #define mp_invmod sp_invmod #define mp_invmod_mont_ct sp_invmod_mont_ct #define mp_exptmod_ex sp_exptmod_ex -#define mp_exptmod sp_exptmod #define mp_exptmod_nct sp_exptmod_nct #define mp_div_2d sp_div_2d #define mp_mod_2d sp_mod_2d #define mp_mul_2d sp_mul_2d #define mp_sqr sp_sqr -#define mp_sqrmod sp_sqrmod #define mp_unsigned_bin_size sp_unsigned_bin_size #define mp_read_unsigned_bin sp_read_unsigned_bin @@ -1188,6 +1188,17 @@ WOLFSSL_LOCAL void sp_memzero_check(sp_int* sp); #define mp_memzero_add sp_memzero_add #define mp_memzero_check sp_memzero_check +/* Allow for Hardware Based Mod Math */ +/* Avoid redeclaration warnings */ +#ifndef WOLFSSL_USE_HW_MP + #define mp_mod sp_mod + #define mp_addmod sp_addmod + #define mp_submod sp_submod + #define mp_mulmod sp_mulmod + #define mp_exptmod sp_exptmod + #define mp_sqrmod sp_sqrmod +#endif + #ifdef WOLFSSL_DEBUG_MATH #define mp_dump(d, a, v) sp_print(a, d) #endif diff --git a/src/wolfssl/wolfcrypt/sphincs.h b/src/wolfssl/wolfcrypt/sphincs.h index 84871f5..6dd3a8e 100644 --- a/src/wolfssl/wolfcrypt/sphincs.h +++ b/src/wolfssl/wolfcrypt/sphincs.h @@ -1,6 +1,6 @@ /* sphincs.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/srp.h b/src/wolfssl/wolfcrypt/srp.h index 7832113..d1307c7 100644 --- a/src/wolfssl/wolfcrypt/srp.h +++ b/src/wolfssl/wolfcrypt/srp.h @@ -1,6 +1,6 @@ /* srp.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/tfm.h b/src/wolfssl/wolfcrypt/tfm.h index 915a335..a9b0df2 100644 --- a/src/wolfssl/wolfcrypt/tfm.h +++ b/src/wolfssl/wolfcrypt/tfm.h @@ -1,6 +1,6 @@ /* tfm.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -40,6 +40,7 @@ #define WOLF_CRYPT_TFM_H #include +#include #ifndef CHAR_BIT #include #endif @@ -305,10 +306,10 @@ /* return codes */ #define FP_OKAY 0 -#define FP_VAL (-1) -#define FP_MEM (-2) -#define FP_NOT_INF (-3) -#define FP_WOULDBLOCK (-4) +#define FP_VAL MP_VAL +#define FP_MEM MP_MEM +#define FP_NOT_INF MP_NOT_INF +#define FP_WOULDBLOCK MP_WOULDBLOCK /* equalities */ #define FP_LT (-1) /* less than */ @@ -378,6 +379,9 @@ while (0) #define WOLF_BIGINT_DEFINED #endif +#define mp_size_t int +#define mp_sign_t int + /* a FP type */ typedef struct fp_int { int used; @@ -776,9 +780,7 @@ int fp_sqr_comba64(fp_int *a, fp_int *b); #define MP_LT FP_LT /* less than */ #define MP_EQ FP_EQ /* equal to */ #define MP_GT FP_GT /* greater than */ -#define MP_VAL FP_VAL /* invalid */ -#define MP_MEM FP_MEM /* memory error */ -#define MP_NOT_INF FP_NOT_INF /* point not at infinity */ +#define MP_RANGE MP_NOT_INF #define MP_OKAY FP_OKAY /* ok result */ #define MP_NO FP_NO /* yes/no result */ #define MP_YES FP_YES /* yes/no result */ diff --git a/src/wolfssl/wolfcrypt/types.h b/src/wolfssl/wolfcrypt/types.h index 9dd2f75..1b437c1 100644 --- a/src/wolfssl/wolfcrypt/types.h +++ b/src/wolfssl/wolfcrypt/types.h @@ -1,6 +1,6 @@ /* types.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -34,6 +34,10 @@ decouple library dependencies with standard string, memory and so on. #include #include + #ifdef __APPLE__ + #include + #endif + #ifdef __cplusplus extern "C" { #endif @@ -108,6 +112,10 @@ decouple library dependencies with standard string, memory and so on. typedef const char* const wcchar; #endif + #ifndef WC_BITFIELD + #define WC_BITFIELD byte + #endif + #ifndef HAVE_ANONYMOUS_INLINE_AGGREGATES /* if a version is available, pivot on the version, otherwise guess it's * allowed, subject to override. @@ -158,16 +166,16 @@ decouple library dependencies with standard string, memory and so on. #elif !defined(__BCPLUSPLUS__) && !defined(__EMSCRIPTEN__) #if !defined(SIZEOF_LONG_LONG) && !defined(SIZEOF_LONG) #if (defined(__alpha__) || defined(__ia64__) || \ - defined(_ARCH_PPC64) || defined(__mips64) || \ + defined(_ARCH_PPC64) || defined(__ppc64__) || \ defined(__x86_64__) || defined(__s390x__ ) || \ ((defined(sun) || defined(__sun)) && \ (defined(LP64) || defined(_LP64))) || \ (defined(__riscv_xlen) && (__riscv_xlen == 64)) || \ - defined(__aarch64__) || \ + defined(__aarch64__) || defined(__mips64) || \ (defined(__DCC__) && (defined(__LP64) || defined(__LP64__)))) /* long should be 64bit */ #define SIZEOF_LONG 8 - #elif defined(__i386__) || defined(__CORTEX_M3__) + #elif defined(__i386__) || defined(__CORTEX_M3__) || defined(__ppc__) /* long long should be 64bit */ #define SIZEOF_LONG_LONG 8 #endif @@ -230,7 +238,7 @@ decouple library dependencies with standard string, memory and so on. defined(__x86_64__) || defined(_M_X64)) || \ defined(__aarch64__) || defined(__sparc64__) || defined(__s390x__ ) || \ (defined(__riscv_xlen) && (__riscv_xlen == 64)) || defined(_M_ARM64) || \ - defined(__aarch64__) || \ + defined(__aarch64__) || defined(__ppc64__) || \ (defined(__DCC__) && (defined(__LP64) || defined(__LP64__))) #define WC_64BIT_CPU #elif (defined(sun) || defined(__sun)) && \ @@ -420,10 +428,13 @@ typedef struct w64wrapper { #define FALL_THROUGH #endif - /* Micrium will use Visual Studio for compilation but not the Win32 API */ + /* For platforms where the target OS is not Windows, but compilation is + * done on Windows/Visual Studio, enable a way to disable USE_WINDOWS_API. + * Examples: Micrium, TenAsus INtime, uTasker, FreeRTOS simulator */ #if defined(_WIN32) && !defined(MICRIUM) && !defined(FREERTOS) && \ !defined(FREERTOS_TCP) && !defined(EBSNET) && \ - !defined(WOLFSSL_UTASKER) && !defined(INTIME_RTOS) + !defined(WOLFSSL_UTASKER) && !defined(INTIME_RTOS) && \ + !defined(WOLFSSL_NOT_WINDOWS_API) #define USE_WINDOWS_API #endif @@ -437,7 +448,13 @@ typedef struct w64wrapper { /* idea to add global alloc override by Moises Guimaraes */ /* default to libc stuff */ /* XREALLOC is used once in normal math lib, not in fast math lib */ - /* XFREE on some embedded systems doesn't like free(0) so test */ + /* XFREE on some embedded systems doesn't like free(0) so test for NULL + * explicitly. + * + * For example: + * #define XFREE(p, h, t) \ + * {void* xp = (p); if (xp != NULL) free(xp, h, t);} + */ #if defined(HAVE_IO_POOL) WOLFSSL_API void* XMALLOC(size_t n, void* heap, int type); WOLFSSL_API void* XREALLOC(void *p, size_t n, void* heap, int type); @@ -498,25 +515,33 @@ typedef struct w64wrapper { #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK #define XFREE(p, h, t) m2mb_os_free(xp) #else - #define XFREE(p, h, t) {void* xp = (p); if (xp) m2mb_os_free(xp);} + #define XFREE(p, h, t) do { void* xp = (p); if (xp) m2mb_os_free(xp); } while (0) #endif #define XREALLOC(p, n, h, t) m2mb_os_realloc((p), (n)) #elif defined(NO_WOLFSSL_MEMORY) #ifdef WOLFSSL_NO_MALLOC /* this platform does not support heap use */ + #ifdef WOLFSSL_SMALL_STACK + #error WOLFSSL_SMALL_STACK requires a heap implementation. + #endif + #ifndef WC_NO_CONSTRUCTORS + #define WC_NO_CONSTRUCTORS + #endif #ifdef WOLFSSL_MALLOC_CHECK + #ifndef NO_STDIO_FILESYSTEM #include + #endif static inline void* malloc_check(size_t sz) { fprintf(stderr, "wolfSSL_malloc failed"); return NULL; }; #define XMALLOC(s, h, t) ((void)(h), (void)(t), malloc_check((s))) - #define XFREE(p, h, t) (void)(h); (void)(t) + #define XFREE(p, h, t) do { (void)(h); (void)(t); } while (0) #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), NULL) #else #define XMALLOC(s, h, t) ((void)(s), (void)(h), (void)(t), NULL) - #define XFREE(p, h, t) (void)(p); (void)(h); (void)(t) + #define XFREE(p, h, t) do { (void)(p); (void)(h); (void)(t); } while(0) #define XREALLOC(p, n, h, t) ((void)(p), (void)(n), (void)(h), (void)(t), NULL) #endif #else @@ -524,9 +549,9 @@ typedef struct w64wrapper { #include #define XMALLOC(s, h, t) ((void)(h), (void)(t), malloc((size_t)(s))) #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK - #define XFREE(p, h, t) ((void)(h), (void)(t), free(p)) + #define XFREE(p, h, t) do { (void)(h); (void)(t); free(p); } while (0) #else - #define XFREE(p, h, t) {void* xp = (p); (void)(h); if (xp) free(xp);} + #define XFREE(p, h, t) do { void* xp = (p); (void)(h); if (xp) free(xp); } while (0) #endif #define XREALLOC(p, n, h, t) \ ((void)(h), (void)(t), realloc((p), (size_t)(n))) @@ -550,7 +575,7 @@ typedef struct w64wrapper { #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK #define XFREE(p, h, t) wolfSSL_Free(xp, h, t, __func__, __LINE__) #else - #define XFREE(p, h, t) {void* xp = (p); if (xp) wolfSSL_Free(xp, h, t, __func__, __LINE__);} + #define XFREE(p, h, t) do { void* xp = (p); if (xp) wolfSSL_Free(xp, h, t, __func__, __LINE__); } while (0) #endif #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), (h), (t), __func__, __LINE__) #else @@ -558,7 +583,7 @@ typedef struct w64wrapper { #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK #define XFREE(p, h, t) wolfSSL_Free(xp, h, t) #else - #define XFREE(p, h, t) {void* xp = (p); if (xp) wolfSSL_Free(xp, h, t);} + #define XFREE(p, h, t) do { void* xp = (p); if (xp) wolfSSL_Free(xp, h, t); } while (0) #endif #define XREALLOC(p, n, h, t) wolfSSL_Realloc((p), (n), (h), (t)) #endif /* WOLFSSL_DEBUG_MEMORY */ @@ -570,23 +595,29 @@ typedef struct w64wrapper { #ifdef WOLFSSL_DEBUG_MEMORY #define XMALLOC(s, h, t) ((void)(h), (void)(t), wolfSSL_Malloc((s), __func__, __LINE__)) #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK - #define XFREE(p, h, t) ((void)(h), (void)(t), wolfSSL_Free(xp, __func__, __LINE__)) + #define XFREE(p, h, t) do { (void)(h); (void)(t); wolfSSL_Free(xp, __func__, __LINE__); } while (0) #else - #define XFREE(p, h, t) {void* xp = (p); (void)(h); (void)(t); if (xp) wolfSSL_Free(xp, __func__, __LINE__);} + #define XFREE(p, h, t) do { void* xp = (p); (void)(h); (void)(t); if (xp) wolfSSL_Free(xp, __func__, __LINE__); } while (0) #endif #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), wolfSSL_Realloc((p), (n), __func__, __LINE__)) #else #define XMALLOC(s, h, t) ((void)(h), (void)(t), wolfSSL_Malloc((s))) #ifdef WOLFSSL_XFREE_NO_NULLNESS_CHECK - #define XFREE(p, h, t) ((void)(h), (void)(t), wolfSSL_Free(p)) + #define XFREE(p, h, t) do { (void)(h); (void)(t); wolfSSL_Free(p); } while (0) #else - #define XFREE(p, h, t) {void* xp = (p); (void)(h); (void)(t); if (xp) wolfSSL_Free(xp);} + #define XFREE(p, h, t) do { void* xp = (p); (void)(h); (void)(t); if (xp) wolfSSL_Free(xp); } while (0) #endif #define XREALLOC(p, n, h, t) ((void)(h), (void)(t), wolfSSL_Realloc((p), (n))) #endif /* WOLFSSL_DEBUG_MEMORY */ #endif /* WOLFSSL_STATIC_MEMORY */ #endif + #if defined(WOLFSSL_SMALL_STACK) && defined(WC_NO_CONSTRUCTORS) + #error WOLFSSL_SMALL_STACK requires constructors. + #endif + + #include + /* declare/free variable handling for async and smallstack */ #ifndef WC_ALLOC_DO_ON_FAILURE #define WC_ALLOC_DO_ON_FAILURE() WC_DO_NOTHING @@ -711,10 +742,10 @@ typedef struct w64wrapper { #include #endif - #define XMEMCPY(d,s,l) memcpy((d),(s),(l)) - #define XMEMSET(b,c,l) memset((b),(c),(l)) - #define XMEMCMP(s1,s2,n) memcmp((s1),(s2),(n)) - #define XMEMMOVE(d,s,l) memmove((d),(s),(l)) + #define XMEMCPY(d,s,l) memcpy((d),(s),(l)) + #define XMEMSET(b,c,l) memset((b),(c),(l)) + #define XMEMCMP(s1,s2,n) memcmp((s1),(s2),(n)) + #define XMEMMOVE(d,s,l) memmove((d),(s),(l)) #define XSTRLEN(s1) strlen((s1)) #define XSTRNCPY(s1,s2,n) strncpy((s1),(s2),(n)) @@ -740,7 +771,6 @@ typedef struct w64wrapper { defined(WOLFSSL_ZEPHYR) || defined(MICROCHIP_PIC24) /* XC32 version < 1.0 does not support strcasecmp. */ #define USE_WOLF_STRCASECMP - #define XSTRCASECMP(s1,s2) wc_strcasecmp(s1,s2) #elif defined(USE_WINDOWS_API) || defined(FREERTOS_TCP_WINSIM) #define XSTRCASECMP(s1,s2) _stricmp((s1),(s2)) #else @@ -753,13 +783,16 @@ typedef struct w64wrapper { #elif defined(WOLFSSL_CMSIS_RTOSv2) || defined(WOLFSSL_AZSPHERE) \ || defined(WOLF_C89) #define USE_WOLF_STRCASECMP - #define XSTRCASECMP(s1,s2) wc_strcasecmp(s1, s2) #elif defined(WOLF_C89) #define XSTRCASECMP(s1,s2) strcmp((s1),(s2)) #else #define XSTRCASECMP(s1,s2) strcasecmp((s1),(s2)) #endif #endif + #ifdef USE_WOLF_STRCASECMP + #undef XSTRCASECMP + #define XSTRCASECMP(s1,s2) wc_strcasecmp((s1), (s2)) + #endif #endif /* !XSTRCASECMP */ #ifndef XSTRNCASECMP @@ -770,7 +803,6 @@ typedef struct w64wrapper { defined(WOLFSSL_ZEPHYR) || defined(MICROCHIP_PIC24) /* XC32 version < 1.0 does not support strncasecmp. */ #define USE_WOLF_STRNCASECMP - #define XSTRNCASECMP(s1,s2,n) wc_strncasecmp((s1),(s2),(n)) #elif defined(USE_WINDOWS_API) || defined(FREERTOS_TCP_WINSIM) #define XSTRNCASECMP(s1,s2,n) _strnicmp((s1),(s2),(n)) #else @@ -783,13 +815,16 @@ typedef struct w64wrapper { #elif defined(WOLFSSL_CMSIS_RTOSv2) || defined(WOLFSSL_AZSPHERE) \ || defined(WOLF_C89) #define USE_WOLF_STRNCASECMP - #define XSTRNCASECMP(s1,s2,n) wc_strncasecmp(s1, s2 ,n) #elif defined(WOLF_C89) #define XSTRNCASECMP(s1,s2,n) strncmp((s1),(s2),(n)) #else #define XSTRNCASECMP(s1,s2,n) strncasecmp((s1),(s2),(n)) #endif #endif + #ifdef USE_WOLF_STRNCASECMP + #undef XSTRNCASECMP + #define XSTRNCASECMP(s1,s2,n) wc_strncasecmp((s1),(s2),(n)) + #endif #endif /* !XSTRNCASECMP */ /* snprintf is used in asn.c for GetTimeString, PKCS7 test, and when @@ -829,10 +864,16 @@ typedef struct w64wrapper { have stdio.h available, so it needs its own section. */ #define XSNPRINTF snprintf #elif defined(WOLF_C89) + #ifndef NO_STDIO_FILESYSTEM #include + #endif #define XSPRINTF sprintf + /* snprintf not available for C89, so remap using macro */ + #define XSNPRINTF(f, len, ...) sprintf(f, __VA_ARGS__) #else + #ifndef NO_STDIO_FILESYSTEM #include + #endif #define XSNPRINTF snprintf #endif #else @@ -873,7 +914,8 @@ typedef struct w64wrapper { #endif /* !XSNPRINTF */ #if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) || \ - defined(HAVE_ALPN) || defined(WOLFSSL_SNIFFER) + defined(HAVE_ALPN) || defined(WOLFSSL_SNIFFER) || \ + defined(WOLFSSL_ASN_PARSE_KEYUSAGE) /* use only Thread Safe version of strtok */ #if defined(USE_WOLF_STRTOK) #define XSTRTOK(s1,d,ptr) wc_strtok((s1),(d),(ptr)) @@ -917,6 +959,15 @@ typedef struct w64wrapper { WOLFSSL_API int wc_strncasecmp(const char *s1, const char *s2, size_t n); #endif + #if !defined(XSTRDUP) && !defined(USE_WOLF_STRDUP) + #define USE_WOLF_STRDUP + #endif + #ifdef USE_WOLF_STRDUP + WOLFSSL_LOCAL char* wc_strdup_ex(const char *src, int memType); + #define wc_strdup(src) wc_strdup_ex(src, DYNAMIC_TYPE_TMP_BUFFER) + #define XSTRDUP(src) wc_strdup(src) + #endif + #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) #ifndef XGETENV #ifdef NO_GETENV @@ -1061,6 +1112,8 @@ typedef struct w64wrapper { DYNAMIC_TYPE_SM4_BUFFER = 99, DYNAMIC_TYPE_DEBUG_TAG = 100, DYNAMIC_TYPE_LMS = 101, + DYNAMIC_TYPE_BIO = 102, + DYNAMIC_TYPE_X509_ACERT = 103, DYNAMIC_TYPE_SNIFFER_SERVER = 1000, DYNAMIC_TYPE_SNIFFER_SESSION = 1001, DYNAMIC_TYPE_SNIFFER_PB = 1002, @@ -1069,7 +1122,7 @@ typedef struct w64wrapper { DYNAMIC_TYPE_SNIFFER_NAMED_KEY = 1005, DYNAMIC_TYPE_SNIFFER_KEY = 1006, DYNAMIC_TYPE_SNIFFER_KEYLOG_NODE = 1007, - DYNAMIC_TYPE_AES_EAX = 1008, + DYNAMIC_TYPE_AES_EAX = 1008 }; /* max error buffer string size */ @@ -1231,6 +1284,9 @@ typedef struct w64wrapper { #undef _WC_PK_TYPE_MAX #define _WC_PK_TYPE_MAX WC_PK_TYPE_PQC_SIG_CHECK_PRIV_KEY #endif + WC_PK_TYPE_RSA_PKCS = 25, + WC_PK_TYPE_RSA_PSS = 26, + WC_PK_TYPE_RSA_OAEP = 27, WC_PK_TYPE_MAX = _WC_PK_TYPE_MAX }; @@ -1458,18 +1514,19 @@ typedef struct w64wrapper { typedef size_t THREAD_TYPE; #define WOLFSSL_THREAD #elif defined(WOLFSSL_PTHREADS) - #ifndef __MACH__ - #include - typedef struct COND_TYPE { - pthread_mutex_t mutex; - pthread_cond_t cond; - } COND_TYPE; - #else + #if defined(__APPLE__) && MAC_OS_X_VERSION_MIN_REQUIRED >= 1060 \ + && !defined(__ppc__) #include typedef struct COND_TYPE { wolfSSL_Mutex mutex; dispatch_semaphore_t cond; } COND_TYPE; + #else + #include + typedef struct COND_TYPE { + pthread_mutex_t mutex; + pthread_cond_t cond; + } COND_TYPE; #endif typedef void* THREAD_RETURN; typedef pthread_t THREAD_TYPE; @@ -1652,14 +1709,63 @@ typedef struct w64wrapper { #define PRAGMA_DIAG_POP /* null expansion */ #endif + #define WC_CPP_CAT_(a, b) a ## b + #define WC_CPP_CAT(a, b) WC_CPP_CAT_(a, b) + #if defined(WC_NO_STATIC_ASSERT) + #define wc_static_assert(expr) struct wc_static_assert_dummy_struct + #define wc_static_assert2(expr, msg) wc_static_assert(expr) + #elif !defined(wc_static_assert) + #if (defined(__cplusplus) && (__cplusplus >= 201703L)) || \ + (defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 202311L)) || \ + (defined(_MSVC_LANG) && (_MSVC_LANG >= 201103L)) + /* native variadic static_assert() */ + #define wc_static_assert static_assert + #ifndef wc_static_assert2 + #define wc_static_assert2 static_assert + #endif + #elif defined(_MSC_VER) && (__STDC_VERSION__ >= 201112L) + /* native 2-argument static_assert() */ + #define wc_static_assert(expr) static_assert(expr, #expr) + #ifndef wc_static_assert2 + #define wc_static_assert2(expr, msg) static_assert(expr, msg) + #endif + #elif !defined(__cplusplus) && \ + !defined(__STRICT_ANSI__) && \ + !defined(WOLF_C89) && \ + defined(__STDC_VERSION__) && \ + (__STDC_VERSION__ >= 201112L) && \ + ((defined(__GNUC__) && \ + (__GNUC__ >= 5)) || \ + defined(__clang__)) + /* native 2-argument _Static_assert() */ + #define wc_static_assert(expr) _Static_assert(expr, #expr) + #ifndef wc_static_assert2 + #define wc_static_assert2(expr, msg) _Static_assert(expr, msg) + #endif + #else + /* C89-compatible fallback */ + #define wc_static_assert(expr) \ + struct WC_CPP_CAT(wc_static_assert_dummy_struct_L, __LINE__) { \ + char t[(expr) ? 1 : -1]; \ + } + #ifndef wc_static_assert2 + #define wc_static_assert2(expr, msg) wc_static_assert(expr) + #endif + #endif + #elif !defined(wc_static_assert2) + #define wc_static_assert2(expr, msg) wc_static_assert(expr) + #endif + #ifndef SAVE_VECTOR_REGISTERS #define SAVE_VECTOR_REGISTERS(...) WC_DO_NOTHING #endif #ifndef SAVE_VECTOR_REGISTERS2 #define SAVE_VECTOR_REGISTERS2() 0 + #define SAVE_VECTOR_REGISTERS2_DOES_NOTHING #endif #ifndef CAN_SAVE_VECTOR_REGISTERS #define CAN_SAVE_VECTOR_REGISTERS() 1 + #define CAN_SAVE_VECTOR_REGISTERS_ALWAYS_TRUE #endif #ifndef WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL #define WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(x) WC_DO_NOTHING diff --git a/src/wolfssl/wolfcrypt/visibility.h b/src/wolfssl/wolfcrypt/visibility.h index 6ee10df..30a19e2 100644 --- a/src/wolfssl/wolfcrypt/visibility.h +++ b/src/wolfssl/wolfcrypt/visibility.h @@ -1,6 +1,6 @@ /* visibility.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/wc_encrypt.h b/src/wolfssl/wolfcrypt/wc_encrypt.h index b6591ff..e3cf9ad 100644 --- a/src/wolfssl/wolfcrypt/wc_encrypt.h +++ b/src/wolfssl/wolfcrypt/wc_encrypt.h @@ -1,6 +1,6 @@ /* wc_encrypt.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/wc_kyber.h b/src/wolfssl/wolfcrypt/wc_kyber.h index 5491285..79a03cb 100644 --- a/src/wolfssl/wolfcrypt/wc_kyber.h +++ b/src/wolfssl/wolfcrypt/wc_kyber.h @@ -103,6 +103,9 @@ enum { +/* The data type of the hash function. */ +#define KYBER_HASH_T wc_Sha3 + /* The data type of the pseudo-random function. */ #define KYBER_PRF_T wc_Shake @@ -119,6 +122,8 @@ struct KyberKey { /* Flags indicating what is stored in the key. */ int flags; + /* A pseudo-random function object. */ + KYBER_HASH_T hash; /* A pseudo-random function object. */ KYBER_PRF_T prf; @@ -158,10 +163,23 @@ WOLFSSL_LOCAL int kyber_get_noise(KYBER_PRF_T* prf, int kp, sword16* vec1, sword16* vec2, sword16* poly, byte* seed); -#ifdef USE_INTEL_SPEEDUP +#if defined(USE_INTEL_SPEEDUP) || \ + (defined(WOLFSSL_ARMASM) && defined(__aarch64__)) WOLFSSL_LOCAL int kyber_kdf(byte* seed, int seedLen, byte* out, int outLen); #endif +WOLFSSL_LOCAL +void kyber_hash_init(KYBER_HASH_T* hash); +WOLFSSL_LOCAL +int kyber_hash_new(KYBER_HASH_T* hash, void* heap, int devId); +WOLFSSL_LOCAL +void kyber_hash_free(KYBER_HASH_T* hash); +WOLFSSL_LOCAL +int kyber_hash256(wc_Sha3* hash, const byte* data, word32 dataLen, byte* out); +WOLFSSL_LOCAL +int kyber_hash512(wc_Sha3* hash, const byte* data1, word32 data1Len, + const byte* data2, word32 data2Len, byte* out); + WOLFSSL_LOCAL void kyber_prf_init(KYBER_PRF_T* prf); WOLFSSL_LOCAL @@ -271,6 +289,59 @@ void kyber_decompress_5_avx2(sword16* p, const byte* r); WOLFSSL_LOCAL int kyber_cmp_avx2(const byte* a, const byte* b, int sz); +#elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) +WOLFSSL_LOCAL void kyber_ntt(sword16* r); +WOLFSSL_LOCAL void kyber_invntt(sword16* r); +WOLFSSL_LOCAL void kyber_basemul_mont(sword16* r, const sword16* a, + const sword16* b); +WOLFSSL_LOCAL void kyber_basemul_mont_add(sword16* r, const sword16* a, + const sword16* b); +WOLFSSL_LOCAL void kyber_add_reduce(sword16* r, const sword16* a); +WOLFSSL_LOCAL void kyber_add3_reduce(sword16* r, const sword16* a, + const sword16* b); +WOLFSSL_LOCAL void kyber_rsub_reduce(sword16* r, const sword16* a); +WOLFSSL_LOCAL void kyber_to_mont(sword16* p); +WOLFSSL_LOCAL void kyber_sha3_blocksx3_neon(word64* state); +WOLFSSL_LOCAL void kyber_shake128_blocksx3_seed_neon(word64* state, byte* seed); +WOLFSSL_LOCAL void kyber_shake256_blocksx3_seed_neon(word64* state, byte* seed); +WOLFSSL_LOCAL unsigned int kyber_rej_uniform_neon(sword16* p, unsigned int len, + const byte* r, unsigned int rLen); +WOLFSSL_LOCAL int kyber_cmp_neon(const byte* a, const byte* b, int sz); +WOLFSSL_LOCAL void kyber_csubq_neon(sword16* p); +WOLFSSL_LOCAL void kyber_from_msg_neon(sword16* p, const byte* msg); +WOLFSSL_LOCAL void kyber_to_msg_neon(byte* msg, sword16* p); +#elif defined(WOLFSSL_ARMASM_THUMB2) && defined(WOLFSSL_ARMASM) +#define kyber_ntt kyber_thumb2_ntt +#define kyber_invntt kyber_thumb2_invntt +#define kyber_basemul_mont kyber_thumb2_basemul_mont +#define kyber_basemul_mont_add kyber_thumb2_basemul_mont_add +#define kyber_rej_uniform_c kyber_thumb2_rej_uniform + +WOLFSSL_LOCAL void kyber_thumb2_ntt(sword16* r); +WOLFSSL_LOCAL void kyber_thumb2_invntt(sword16* r); +WOLFSSL_LOCAL void kyber_thumb2_basemul_mont(sword16* r, const sword16* a, + const sword16* b); +WOLFSSL_LOCAL void kyber_thumb2_basemul_mont_add(sword16* r, const sword16* a, + const sword16* b); +WOLFSSL_LOCAL void kyber_thumb2_csubq(sword16* p); +WOLFSSL_LOCAL unsigned int kyber_thumb2_rej_uniform(sword16* p, + unsigned int len, const byte* r, unsigned int rLen); +#elif defined(WOLFSSL_ARMASM) +#define kyber_ntt kyber_arm32_ntt +#define kyber_invntt kyber_arm32_invntt +#define kyber_basemul_mont kyber_arm32_basemul_mont +#define kyber_basemul_mont_add kyber_arm32_basemul_mont_add +#define kyber_rej_uniform_c kyber_arm32_rej_uniform + +WOLFSSL_LOCAL void kyber_arm32_ntt(sword16* r); +WOLFSSL_LOCAL void kyber_arm32_invntt(sword16* r); +WOLFSSL_LOCAL void kyber_arm32_basemul_mont(sword16* r, const sword16* a, + const sword16* b); +WOLFSSL_LOCAL void kyber_arm32_basemul_mont_add(sword16* r, const sword16* a, + const sword16* b); +WOLFSSL_LOCAL void kyber_arm32_csubq(sword16* p); +WOLFSSL_LOCAL unsigned int kyber_arm32_rej_uniform(sword16* p, unsigned int len, + const byte* r, unsigned int rLen); #endif #ifdef __cplusplus diff --git a/src/wolfssl/wolfcrypt/wc_lms.h b/src/wolfssl/wolfcrypt/wc_lms.h index 6f90eaa..0f31696 100644 --- a/src/wolfssl/wolfcrypt/wc_lms.h +++ b/src/wolfssl/wolfcrypt/wc_lms.h @@ -134,6 +134,9 @@ /* Length of numeric types when encoding. */ #define LMS_TYPE_LEN 4 +/* Size of digest output when truncatint SHA-256 to 192 bits. */ +#define WC_SHA256_192_DIGEST_SIZE 24 + /* Maximum size of a node hash. */ #define LMS_MAX_NODE_LEN WC_SHA256_DIGEST_SIZE /* Maximum size of SEED (produced by hash). */ @@ -142,8 +145,6 @@ * Value of P when N=32 and W=1. */ #define LMS_MAX_P 265 -/* Length of SEED and I in bytes. */ -#define LMS_SEED_I_LEN (LMS_SEED_LEN + LMS_I_LEN) #ifndef WOLFSSL_LMS_ROOT_LEVELS @@ -192,33 +193,32 @@ (HSS_COMPRESS_PARAM_SET_LEN * HSS_MAX_LEVELS) /* Private key length for one level. */ -#define LMS_PRIV_LEN \ - (LMS_Q_LEN + LMS_SEED_LEN + LMS_I_LEN) +#define LMS_PRIV_LEN(hLen) \ + (LMS_Q_LEN + (hLen) + LMS_I_LEN) /* Public key length in signature. */ -#define LMS_PUBKEY_LEN \ - (LMS_TYPE_LEN + LMS_TYPE_LEN + LMS_I_LEN + LMS_MAX_NODE_LEN) +#define LMS_PUBKEY_LEN(hLen) \ + (LMS_TYPE_LEN + LMS_TYPE_LEN + LMS_I_LEN + (hLen)) /* LMS signature data length. */ -#define LMS_SIG_LEN(h, p) \ - (LMS_Q_LEN + LMS_TYPE_LEN + LMS_MAX_NODE_LEN + (p) * LMS_MAX_NODE_LEN + \ - LMS_TYPE_LEN + (h) * LMS_MAX_NODE_LEN) +#define LMS_SIG_LEN(h, p, hLen) \ + (LMS_Q_LEN + LMS_TYPE_LEN + (hLen) + (p) * (hLen) + LMS_TYPE_LEN + \ + (h) * (hLen)) /* Length of public key. */ -#define HSS_PUBLIC_KEY_LEN (LMS_L_LEN + LMS_PUBKEY_LEN) +#define HSS_PUBLIC_KEY_LEN(hLen) (LMS_L_LEN + LMS_PUBKEY_LEN(hLen)) /* Length of private key. */ -#define HSS_PRIVATE_KEY_LEN \ - (HSS_Q_LEN + HSS_PRIV_KEY_PARAM_SET_LEN + LMS_SEED_LEN + LMS_I_LEN) +#define HSS_PRIVATE_KEY_LEN(hLen) \ + (HSS_Q_LEN + HSS_PRIV_KEY_PARAM_SET_LEN + (hLen) + LMS_I_LEN) /* Maximum public key length - length is constant for all parameters. */ -#define HSS_MAX_PRIVATE_KEY_LEN HSS_PRIVATE_KEY_LEN +#define HSS_MAX_PRIVATE_KEY_LEN HSS_PRIVATE_KEY_LEN(LMS_MAX_NODE_LEN) /* Maximum private key length - length is constant for all parameters. */ -#define HSS_MAX_PUBLIC_KEY_LEN HSS_PUBLIC_KEY_LEN +#define HSS_MAX_PUBLIC_KEY_LEN HSS_PUBLIC_KEY_LEN(LMS_MAX_NODE_LEN) /* Maximum signature length. */ #define HSS_MAX_SIG_LEN \ (LMS_TYPE_LEN + \ LMS_MAX_LEVELS * (LMS_Q_LEN + LMS_TYPE_LEN + LMS_TYPE_LEN + \ LMS_MAX_NODE_LEN * (1 + LMS_MAX_P + LMS_MAX_HEIGHT)) + \ - (LMS_MAX_LEVELS - 1) * LMS_PUBKEY_LEN \ - ) + (LMS_MAX_LEVELS - 1) * LMS_PUBKEY_LEN(LMS_MAX_NODE_LEN)) /* Maximum buffer length required for use when hashing. */ #define LMS_MAX_BUFFER_LEN \ @@ -229,20 +229,20 @@ * * HSSPrivKey.priv */ -#define LMS_PRIV_KEY_LEN(l) \ - ((l) * LMS_PRIV_LEN) +#define LMS_PRIV_KEY_LEN(l, hLen) \ + ((l) * LMS_PRIV_LEN(hLen)) /* Stack of nodes. */ -#define LMS_STACK_CACHE_LEN(h) \ - (((h) + 1) * LMS_MAX_NODE_LEN) +#define LMS_STACK_CACHE_LEN(h, hLen) \ + (((h) + 1) * (hLen)) /* Root cache length. */ -#define LMS_ROOT_CACHE_LEN(rl) \ - (((1 << (rl)) - 1) * LMS_MAX_NODE_LEN) +#define LMS_ROOT_CACHE_LEN(rl, hLen) \ + (((1 << (rl)) - 1) * (hLen)) /* Leaf cache length. */ -#define LMS_LEAF_CACHE_LEN(cb) \ - ((1 << (cb)) * LMS_MAX_NODE_LEN) +#define LMS_LEAF_CACHE_LEN(cb, hLen) \ + ((1 << (cb)) * (hLen)) /* Length of LMS private key state. * @@ -252,75 +252,103 @@ * stack.stack + stack.offset + * cache.leaf + cache.index + cache.offset */ -#define LMS_PRIV_STATE_LEN(h, rl, cb) \ - (((h) * LMS_MAX_NODE_LEN) + \ - LMS_STACK_CACHE_LEN(h) + 4 + \ - LMS_ROOT_CACHE_LEN(rl) + \ - LMS_LEAF_CACHE_LEN(cb) + 4 + 4) +#define LMS_PRIV_STATE_LEN(h, rl, cb, hLen) \ + (((h) * (hLen)) + \ + LMS_STACK_CACHE_LEN(h, hLen) + 4 + \ + LMS_ROOT_CACHE_LEN(rl, hLen) + \ + LMS_LEAF_CACHE_LEN(cb, hLen) + 4 + 4) #ifndef WOLFSSL_WC_LMS_SMALL /* Private key data state for all levels. */ - #define LMS_PRIV_STATE_ALL_LEN(l, h, rl, cb) \ - ((l) * LMS_PRIV_STATE_LEN(h, rl, cb)) + #define LMS_PRIV_STATE_ALL_LEN(l, h, rl, cb, hLen) \ + ((l) * LMS_PRIV_STATE_LEN(h, rl, cb, hLen)) #else /* Private key data state for all levels. */ - #define LMS_PRIV_STATE_ALL_LEN(l, h, rl, cb) 0 + #define LMS_PRIV_STATE_ALL_LEN(l, h, rl, cb, hLen) 0 #endif #ifndef WOLFSSL_LMS_NO_SIGN_SMOOTHING /* Extra private key data for smoothing. */ - #define LMS_PRIV_SMOOTH_LEN(l, h, rl, cb) \ - (LMS_PRIV_KEY_LEN(l) + \ - ((l) - 1) * LMS_PRIV_STATE_LEN(h, rl, cb)) + #define LMS_PRIV_SMOOTH_LEN(l, h, rl, cb, hLen) \ + (LMS_PRIV_KEY_LEN(l, hLen) + \ + ((l) - 1) * LMS_PRIV_STATE_LEN(h, rl, cb, hLen)) #else /* Extra private key data for smoothing. */ - #define LMS_PRIV_SMOOTH_LEN(l, h, rl, cb) 0 + #define LMS_PRIV_SMOOTH_LEN(l, h, rl, cb, hLen) 0 #endif #ifndef WOLFSSL_LMS_NO_SIG_CACHE - #define LMS_PRIV_Y_TREE_LEN(p) \ - (LMS_MAX_NODE_LEN + (p) * LMS_MAX_NODE_LEN) + #define LMS_PRIV_Y_TREE_LEN(p, hLen) \ + ((hLen) + (p) * (hLen)) /* Length of the y data cached in private key data. */ - #define LMS_PRIV_Y_LEN(l, p) \ - (((l) - 1) * (LMS_MAX_NODE_LEN + (p) * LMS_MAX_NODE_LEN)) + #define LMS_PRIV_Y_LEN(l, p, hLen) \ + (((l) - 1) * ((hLen) + (p) * (hLen))) #else /* Length of the y data cached in private key data. */ - #define LMS_PRIV_Y_LEN(l, p) 0 + #define LMS_PRIV_Y_LEN(l, p, hLen) 0 #endif #ifndef WOLFSSL_WC_LMS_SMALL /* Length of private key data. */ -#define LMS_PRIV_DATA_LEN(l, h, p, rl, cb) \ - (LMS_PRIV_KEY_LEN(l) + \ - LMS_PRIV_STATE_ALL_LEN(l, h, rl, cb) + \ - LMS_PRIV_SMOOTH_LEN(l, h, rl, cb) + \ - LMS_PRIV_Y_LEN(l, p)) +#define LMS_PRIV_DATA_LEN(l, h, p, rl, cb, hLen) \ + (LMS_PRIV_KEY_LEN(l, hLen) + \ + LMS_PRIV_STATE_ALL_LEN(l, h, rl, cb, hLen) + \ + LMS_PRIV_SMOOTH_LEN(l, h, rl, cb, hLen) + \ + LMS_PRIV_Y_LEN(l, p, hLen)) #else -#define LMS_PRIV_DATA_LEN(l, h, p, rl, cb) \ - LMS_PRIV_KEY_LEN(l) +#define LMS_PRIV_DATA_LEN(l, h, p, rl, cb, hLen) \ + LMS_PRIV_KEY_LEN(l, hLen) #endif +/* Indicates using SHA-256 for hashing. */ +#define LMS_SHA256 0x00 +/* Indicates using SHA-256/192 for hashing. */ +#define LMS_SHA256_192 0x10 +/* Mask to get hashing algorithm from type. */ +#define LMS_HASH_MASK 0xf0 +/* Mask to get height or Winternitz width from type. */ +#define LMS_H_W_MASK 0x0f /* LMS Parameters. */ /* SHA-256 hash, 32-bytes of hash used, tree height of 5. */ -#define LMS_SHA256_M32_H5 5 +#define LMS_SHA256_M32_H5 0x05 +/* SHA-256 hash, 32-bytes of hash used, tree height of 10. */ +#define LMS_SHA256_M32_H10 0x06 +/* SHA-256 hash, 32-bytes of hash used, tree height of 15. */ +#define LMS_SHA256_M32_H15 0x07 +/* SHA-256 hash, 32-bytes of hash used, tree height of 20. */ +#define LMS_SHA256_M32_H20 0x08 +/* SHA-256 hash, 32-bytes of hash used, tree height of 25. */ +#define LMS_SHA256_M32_H25 0x09 + +/* SHA-256 hash, 32-bytes of hash used, Winternitz width of 1 bit. */ +#define LMOTS_SHA256_N32_W1 0x01 +/* SHA-256 hash, 32-bytes of hash used, Winternitz width of 2 bits. */ +#define LMOTS_SHA256_N32_W2 0x02 +/* SHA-256 hash, 32-bytes of hash used, Winternitz width of 4 bits. */ +#define LMOTS_SHA256_N32_W4 0x03 +/* SHA-256 hash, 32-bytes of hash used, Winternitz width of 8 bits. */ +#define LMOTS_SHA256_N32_W8 0x04 + +/* SHA-256 hash, 32-bytes of hash used, tree height of 5. */ +#define LMS_SHA256_M24_H5 (0x05 | LMS_SHA256_192) /* SHA-256 hash, 32-bytes of hash used, tree height of 10. */ -#define LMS_SHA256_M32_H10 6 +#define LMS_SHA256_M24_H10 (0x06 | LMS_SHA256_192) /* SHA-256 hash, 32-bytes of hash used, tree height of 15. */ -#define LMS_SHA256_M32_H15 7 +#define LMS_SHA256_M24_H15 (0x07 | LMS_SHA256_192) /* SHA-256 hash, 32-bytes of hash used, tree height of 20. */ -#define LMS_SHA256_M32_H20 8 +#define LMS_SHA256_M24_H20 (0x08 | LMS_SHA256_192) /* SHA-256 hash, 32-bytes of hash used, tree height of 25. */ -#define LMS_SHA256_M32_H25 9 +#define LMS_SHA256_M24_H25 (0x09 | LMS_SHA256_192) /* SHA-256 hash, 32-bytes of hash used, Winternitz width of 1 bit. */ -#define LMOTS_SHA256_N32_W1 1 +#define LMOTS_SHA256_N24_W1 (0x01 | LMS_SHA256_192) /* SHA-256 hash, 32-bytes of hash used, Winternitz width of 2 bits. */ -#define LMOTS_SHA256_N32_W2 2 +#define LMOTS_SHA256_N24_W2 (0x02 | LMS_SHA256_192) /* SHA-256 hash, 32-bytes of hash used, Winternitz width of 4 bits. */ -#define LMOTS_SHA256_N32_W4 3 +#define LMOTS_SHA256_N24_W4 (0x03 | LMS_SHA256_192) /* SHA-256 hash, 32-bytes of hash used, Winternitz width of 8 bits. */ -#define LMOTS_SHA256_N32_W8 4 +#define LMOTS_SHA256_N24_W8 (0x04 | LMS_SHA256_192) typedef struct LmsParams { /* Number of tree levels. */ @@ -339,6 +367,8 @@ typedef struct LmsParams { word16 lmOtsType; /* Length of LM-OTS signature. */ word16 sig_len; + /* Length of seed. */ + word16 hash_len; #ifndef WOLFSSL_WC_LMS_SMALL /* Number of root levels of interior nodes to store. */ word8 rootLevels; @@ -426,10 +456,10 @@ typedef struct HssPrivKey { struct LmsKey { /* Public key. */ - ALIGN16 byte pub[HSS_PUBLIC_KEY_LEN]; + ALIGN16 byte pub[HSS_PUBLIC_KEY_LEN(LMS_MAX_NODE_LEN)]; #ifndef WOLFSSL_LMS_VERIFY_ONLY /* Encoded private key. */ - ALIGN16 byte priv_raw[HSS_PRIVATE_KEY_LEN]; + ALIGN16 byte priv_raw[HSS_MAX_PRIVATE_KEY_LEN]; /* Packed private key data. */ byte* priv_data; diff --git a/src/wolfssl/wolfcrypt/wc_pkcs11.h b/src/wolfssl/wolfcrypt/wc_pkcs11.h index 85717c2..0b8942b 100644 --- a/src/wolfssl/wolfcrypt/wc_pkcs11.h +++ b/src/wolfssl/wolfcrypt/wc_pkcs11.h @@ -1,6 +1,6 @@ /* wc_pkcs11.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -97,6 +97,10 @@ WOLFSSL_API int wc_Pkcs11StoreKey(Pkcs11Token* token, int type, int clear, WOLFSSL_API int wc_Pkcs11_CryptoDevCb(int devId, wc_CryptoInfo* info, void* ctx); +WOLFSSL_LOCAL int wc_hash2sz(int); +WOLFSSL_LOCAL CK_MECHANISM_TYPE wc_hash2ckm(int); +WOLFSSL_LOCAL CK_MECHANISM_TYPE wc_mgf2ckm(int); + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/src/wolfssl/wolfcrypt/wc_port.h b/src/wolfssl/wolfcrypt/wc_port.h index 23110b9..6dc7d2c 100644 --- a/src/wolfssl/wolfcrypt/wc_port.h +++ b/src/wolfssl/wolfcrypt/wc_port.h @@ -1,6 +1,6 @@ /* wc_port.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -54,12 +54,18 @@ #endif #endif +#if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD) + #include +#endif + #ifdef WOLFSSL_LINUXKM #include "../../linuxkm/linuxkm_wc_port.h" #endif /* WOLFSSL_LINUXKM */ /* THREADING/MUTEX SECTION */ -#ifdef USE_WINDOWS_API +#if defined(SINGLE_THREADED) && defined(NO_FILESYSTEM) + /* No system headers required for build. */ +#elif defined(USE_WINDOWS_API) #if defined(WOLFSSL_PTHREADS) #include #endif @@ -147,8 +153,8 @@ #elif defined(WOLFSSL_ZEPHYR) #include #ifndef SINGLE_THREADED - #ifndef CONFIG_PTHREAD_IPC - #error "Need CONFIG_PTHREAD_IPC for threading" + #if !defined(CONFIG_PTHREAD_IPC) && !defined(CONFIG_POSIX_THREADS) + #error "Threading needs CONFIG_PTHREAD_IPC / CONFIG_POSIX_THREADS" #endif #if KERNEL_VERSION_NUMBER >= 0x30100 #include @@ -353,11 +359,20 @@ #endif /* WOLFSSL_NO_ATOMICS */ #ifdef WOLFSSL_ATOMIC_OPS - WOLFSSL_LOCAL void wolfSSL_Atomic_Int_Init(wolfSSL_Atomic_Int* c, int i); + WOLFSSL_API void wolfSSL_Atomic_Int_Init(wolfSSL_Atomic_Int* c, int i); /* Fetch* functions return the value of the counter immediately preceding * the effects of the function. */ - WOLFSSL_LOCAL int wolfSSL_Atomic_Int_FetchAdd(wolfSSL_Atomic_Int* c, int i); - WOLFSSL_LOCAL int wolfSSL_Atomic_Int_FetchSub(wolfSSL_Atomic_Int* c, int i); + WOLFSSL_API int wolfSSL_Atomic_Int_FetchAdd(wolfSSL_Atomic_Int* c, int i); + WOLFSSL_API int wolfSSL_Atomic_Int_FetchSub(wolfSSL_Atomic_Int* c, int i); +#else + /* Code using these fallback macros needs to arrange its own fallback for + * wolfSSL_Atomic_Int, which is never defined if + * !defined(WOLFSSL_ATOMIC_OPS). This forces local awareness of + * thread-unsafe semantics. + */ + #define wolfSSL_Atomic_Int_Init(c, i) (*(c) = (i)) + #define wolfSSL_Atomic_Int_FetchAdd(c, i) (*(c) += (i), *(c) - (i)) + #define wolfSSL_Atomic_Int_FetchSub(c, i) (*(c) -= (i), *(c) + (i)) #endif /* Reference counting. */ @@ -372,27 +387,7 @@ typedef struct wolfSSL_Ref { #endif } wolfSSL_Ref; -#ifdef SINGLE_THREADED - -#define wolfSSL_RefInit(ref, err) \ - do { \ - (ref)->count = 1; \ - *(err) = 0; \ - } while(0) -#define wolfSSL_RefFree(ref) WC_DO_NOTHING - #define wolfSSL_RefInc(ref, err) \ - do { \ - (ref)->count++; \ - *(err) = 0; \ - } while(0) -#define wolfSSL_RefDec(ref, isZero, err) \ - do { \ - (ref)->count--; \ - *(isZero) = ((ref)->count == 0); \ - *(err) = 0; \ - } while(0) - -#elif defined(WOLFSSL_ATOMIC_OPS) +#if defined(SINGLE_THREADED) || defined(WOLFSSL_ATOMIC_OPS) #define wolfSSL_RefInit(ref, err) \ do { \ @@ -427,7 +422,8 @@ WOLFSSL_LOCAL void wolfSSL_RefDec(wolfSSL_Ref* ref, int* isZero, int* err); /* Enable crypt HW mutex for Freescale MMCAU, PIC32MZ or STM32 */ #if defined(FREESCALE_MMCAU) || defined(WOLFSSL_MICROCHIP_PIC32MZ) || \ - defined(STM32_CRYPTO) || defined(STM32_HASH) || defined(STM32_RNG) + defined(STM32_CRYPTO) || defined(STM32_HASH) || defined(STM32_RNG) || \ + defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD) #ifndef WOLFSSL_CRYPT_HW_MUTEX #define WOLFSSL_CRYPT_HW_MUTEX 1 #endif @@ -442,9 +438,9 @@ WOLFSSL_LOCAL void wolfSSL_RefDec(wolfSSL_Ref* ref, int* isZero, int* err); however it's recommended to call this directly on Hw init to avoid possible race condition where two calls to wolfSSL_CryptHwMutexLock are made at the same time. */ - int wolfSSL_CryptHwMutexInit(void); - int wolfSSL_CryptHwMutexLock(void); - int wolfSSL_CryptHwMutexUnLock(void); + WOLFSSL_LOCAL int wolfSSL_CryptHwMutexInit(void); + WOLFSSL_LOCAL int wolfSSL_CryptHwMutexLock(void); + WOLFSSL_LOCAL int wolfSSL_CryptHwMutexUnLock(void); #else /* Define stubs, since HW mutex is disabled */ #define wolfSSL_CryptHwMutexInit() 0 /* Success */ @@ -452,6 +448,74 @@ WOLFSSL_LOCAL void wolfSSL_RefDec(wolfSSL_Ref* ref, int* isZero, int* err); #define wolfSSL_CryptHwMutexUnLock() (void)0 /* Success */ #endif /* WOLFSSL_CRYPT_HW_MUTEX */ +#if defined(WOLFSSL_ALGO_HW_MUTEX) && (defined(NO_RNG_MUTEX) && \ + defined(NO_AES_MUTEX) && defined(NO_HASH_MUTEX) && defined(NO_PK_MUTEX)) + #error WOLFSSL_ALGO_HW_MUTEX does not support having all mutexes off +#endif +/* To support HW that can do different Crypto in parallel */ +#if WOLFSSL_CRYPT_HW_MUTEX && defined(WOLFSSL_ALGO_HW_MUTEX) + typedef enum { + #ifndef NO_RNG_MUTEX + rng_mutex, + #endif + #ifndef NO_AES_MUTEX + aes_mutex, + #endif + #ifndef NO_HASH_MUTEX + hash_mutex, + #endif + #ifndef NO_PK_MUTEX + pk_mutex, + #endif + } hw_mutex_algo; +#endif + +/* If algo mutex is off, or WOLFSSL_ALGO_HW_MUTEX is not define, default */ +/* to using the generic wolfSSL_CryptHwMutex */ +#if (!defined(NO_RNG_MUTEX) && defined(WOLFSSL_ALGO_HW_MUTEX)) && \ + WOLFSSL_CRYPT_HW_MUTEX + WOLFSSL_LOCAL int wolfSSL_HwRngMutexInit(void); + WOLFSSL_LOCAL int wolfSSL_HwRngMutexLock(void); + WOLFSSL_LOCAL int wolfSSL_HwRngMutexUnLock(void); +#else + #define wolfSSL_HwRngMutexInit wolfSSL_CryptHwMutexInit + #define wolfSSL_HwRngMutexLock wolfSSL_CryptHwMutexLock + #define wolfSSL_HwRngMutexUnLock wolfSSL_CryptHwMutexUnLock +#endif /* !defined(NO_RNG_MUTEX) && defined(WOLFSSL_ALGO_HW_MUTEX) */ + +#if (!defined(NO_AES_MUTEX) && defined(WOLFSSL_ALGO_HW_MUTEX)) && \ + WOLFSSL_CRYPT_HW_MUTEX + WOLFSSL_LOCAL int wolfSSL_HwAesMutexInit(void); + WOLFSSL_LOCAL int wolfSSL_HwAesMutexLock(void); + WOLFSSL_LOCAL int wolfSSL_HwAesMutexUnLock(void); +#else + #define wolfSSL_HwAesMutexInit wolfSSL_CryptHwMutexInit + #define wolfSSL_HwAesMutexLock wolfSSL_CryptHwMutexLock + #define wolfSSL_HwAesMutexUnLock wolfSSL_CryptHwMutexUnLock +#endif /* !defined(NO_AES_MUTEX) && defined(WOLFSSL_ALGO_HW_MUTEX) */ + +#if (!defined(NO_HASH_MUTEX) && defined(WOLFSSL_ALGO_HW_MUTEX)) && \ + WOLFSSL_CRYPT_HW_MUTEX + WOLFSSL_LOCAL int wolfSSL_HwHashMutexInit(void); + WOLFSSL_LOCAL int wolfSSL_HwHashMutexLock(void); + WOLFSSL_LOCAL int wolfSSL_HwHashMutexUnLock(void); +#else + #define wolfSSL_HwHashMutexInit wolfSSL_CryptHwMutexInit + #define wolfSSL_HwHashMutexLock wolfSSL_CryptHwMutexLock + #define wolfSSL_HwHashMutexUnLock wolfSSL_CryptHwMutexUnLock +#endif /* !defined(NO_HASH_MUTEX) && defined(WOLFSSL_ALGO_HW_MUTEX) */ + +#if (!defined(NO_PK_MUTEX) && defined(WOLFSSL_ALGO_HW_MUTEX)) && \ + WOLFSSL_CRYPT_HW_MUTEX + WOLFSSL_LOCAL int wolfSSL_HwPkMutexInit(void); + WOLFSSL_LOCAL int wolfSSL_HwPkMutexLock(void); + WOLFSSL_LOCAL int wolfSSL_HwPkMutexUnLock(void); +#else + #define wolfSSL_HwPkMutexInit wolfSSL_CryptHwMutexInit + #define wolfSSL_HwPkMutexLock wolfSSL_CryptHwMutexLock + #define wolfSSL_HwPkMutexUnLock wolfSSL_CryptHwMutexUnLock +#endif /* !defined(NO_PK_MUTEX) && defined(WOLFSSL_ALGO_HW_MUTEX) */ + /* Mutex functions */ WOLFSSL_API int wc_InitMutex(wolfSSL_Mutex* m); WOLFSSL_API wolfSSL_Mutex* wc_InitAndAllocMutex(void); @@ -859,6 +923,25 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void); #define XSPRINTF sprintf #endif +#ifdef USE_WINDOWS_API + #ifndef SOCKET_T + #ifdef __MINGW64__ + typedef size_t SOCKET_T; + #else + typedef unsigned int SOCKET_T; + #endif + #endif + #ifndef SOCKET_INVALID + #define SOCKET_INVALID INVALID_SOCKET + #endif +#else + #ifndef SOCKET_T + typedef int SOCKET_T; + #endif + #ifndef SOCKET_INVALID + #define SOCKET_INVALID (-1) + #endif +#endif /* MIN/MAX MACRO SECTION */ /* Windows API defines its own min() macro. */ @@ -1085,7 +1168,7 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void); #endif /* PowerPC time_t is int */ - #ifdef __PPC__ + #if defined(__PPC__) || defined(__ppc__) #define TIME_T_NOT_64BIT #endif @@ -1243,19 +1326,28 @@ WOLFSSL_ABI WOLFSSL_API int wolfCrypt_Cleanup(void); #endif #ifndef WOLFSSL_NO_FENCE - #if defined (__i386__) || defined(__x86_64__) + #ifdef XFENCE + /* use user-supplied XFENCE definition. */ + #elif defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 201112L) + #include + #define XFENCE() atomic_thread_fence(memory_order_seq_cst) + #elif defined(__GNUC__) && (__GNUC__ >= 4) && (__GNUC__ < 5) + #define XFENCE() __sync_synchronize() + #elif (defined(__GNUC__) && (__GNUC__ >= 5)) || defined (__clang__) + #define XFENCE() __atomic_thread_fence(__ATOMIC_SEQ_CST) + #elif defined (__i386__) || defined(__x86_64__) #define XFENCE() XASM_VOLATILE("lfence") #elif (defined (__arm__) && (__ARM_ARCH > 6)) || defined(__aarch64__) #define XFENCE() XASM_VOLATILE("isb") #elif defined(__riscv) #define XFENCE() XASM_VOLATILE("fence") - #elif defined(__PPC__) + #elif defined(__PPC__) || defined(__POWERPC__) #define XFENCE() XASM_VOLATILE("isync; sync") #else - #define XFENCE() do{}while(0) + #define XFENCE() WC_DO_NOTHING #endif #else - #define XFENCE() do{}while(0) + #define XFENCE() WC_DO_NOTHING #endif diff --git a/src/wolfssl/wolfcrypt/wc_xmss.h b/src/wolfssl/wolfcrypt/wc_xmss.h index 9d88fbf..21d5fe8 100644 --- a/src/wolfssl/wolfcrypt/wc_xmss.h +++ b/src/wolfssl/wolfcrypt/wc_xmss.h @@ -1,6 +1,6 @@ /* wc_xmss.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/wolfevent.h b/src/wolfssl/wolfcrypt/wolfevent.h index 31cc7c5..cb3cb58 100644 --- a/src/wolfssl/wolfcrypt/wolfevent.h +++ b/src/wolfssl/wolfcrypt/wolfevent.h @@ -1,6 +1,6 @@ /* wolfevent.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfcrypt/wolfmath.h b/src/wolfssl/wolfcrypt/wolfmath.h index 4ed88b8..e012ff6 100644 --- a/src/wolfssl/wolfcrypt/wolfmath.h +++ b/src/wolfssl/wolfcrypt/wolfmath.h @@ -1,6 +1,6 @@ /* wolfmath.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -52,6 +52,10 @@ This library provides big integer math functions. #include #endif +#if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD) + #include +#endif + #ifndef MIN #define MIN(x,y) ((x)<(y)?(x):(y)) #endif @@ -118,6 +122,28 @@ WOLFSSL_API int wc_export_int(mp_int* mp, byte* buf, word32* len, WOLFSSL_API const char *wc_GetMathInfo(void); #endif +/* Support for generic Hardware based Math Functions */ +#ifdef WOLFSSL_USE_HW_MP + +WOLFSSL_LOCAL int hw_mod(mp_int* multiplier, mp_int* mod, mp_int* result); +WOLFSSL_LOCAL int hw_mulmod(mp_int* multiplier, mp_int* multiplicand, + mp_int* mod, mp_int* result); +WOLFSSL_LOCAL int hw_addmod(mp_int* a, mp_int* b, mp_int* mod, mp_int* result); +WOLFSSL_LOCAL int hw_submod(mp_int* a, mp_int* b, mp_int* mod, mp_int* result); +WOLFSSL_LOCAL int hw_exptmod(mp_int* base, mp_int* exp, mp_int* mod, + mp_int* result); +WOLFSSL_LOCAL int hw_sqrmod(mp_int* base, mp_int* mod, mp_int* result); + +/* One to one mappings */ +#define mp_mod hw_mod +#define mp_addmod hw_addmod +#define mp_submod hw_submod +#define mp_mulmod hw_mulmod +#define mp_exptmod hw_exptmod +#define mp_sqrmod hw_sqrmod + +#endif + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/src/wolfssl/wolfcrypt/xmss.h b/src/wolfssl/wolfcrypt/xmss.h index 37aab34..548700c 100644 --- a/src/wolfssl/wolfcrypt/xmss.h +++ b/src/wolfssl/wolfcrypt/xmss.h @@ -1,6 +1,6 @@ /* xmss.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * diff --git a/src/wolfssl/wolfio.h b/src/wolfssl/wolfio.h index e2a1c88..2cd43c7 100644 --- a/src/wolfssl/wolfio.h +++ b/src/wolfssl/wolfio.h @@ -1,6 +1,6 @@ /* io.h * - * Copyright (C) 2006-2023 wolfSSL Inc. + * Copyright (C) 2006-2024 wolfSSL Inc. * * This file is part of wolfSSL. * @@ -168,6 +168,9 @@ #include "socket.h" #elif defined(NETOS) #include + #elif defined(NUCLEUS_PLUS_2_3) + #define SO_TYPE 17 /* Socket type */ + #define SO_RCVTIMEO 13 /* Recv Timeout */ #elif !defined(DEVKITPRO) && !defined(WOLFSSL_PICOTCP) \ && !defined(WOLFSSL_CONTIKI) && !defined(WOLFSSL_WICED) \ && !defined(WOLFSSL_GNRC) && !defined(WOLFSSL_RIOT_OS) @@ -198,6 +201,9 @@ #include #endif +#define SOCKET_RECEIVING 1 +#define SOCKET_SENDING 2 + #ifdef USE_WINDOWS_API /* no epipe yet */ #ifndef WSAEPIPE @@ -205,6 +211,7 @@ #endif #define SOCKET_EWOULDBLOCK WSAEWOULDBLOCK #define SOCKET_EAGAIN WSAETIMEDOUT + #define SOCKET_ETIMEDOUT WSAETIMEDOUT #define SOCKET_ECONNRESET WSAECONNRESET #define SOCKET_EINTR WSAEINTR #define SOCKET_EPIPE WSAEPIPE @@ -224,6 +231,7 @@ /* RTCS old I/O doesn't have an EWOULDBLOCK */ #define SOCKET_EWOULDBLOCK EAGAIN #define SOCKET_EAGAIN EAGAIN + #define SOCKET_ETIMEDOUT RTCSERR_TCP_TIMED_OUT #define SOCKET_ECONNRESET RTCSERR_TCP_CONN_RESET #define SOCKET_EINTR EINTR #define SOCKET_EPIPE EPIPE @@ -232,6 +240,7 @@ #else #define SOCKET_EWOULDBLOCK NIO_EWOULDBLOCK #define SOCKET_EAGAIN NIO_EAGAIN + #define SOCKET_ETIMEDOUT NIO_ETIMEDOUT #define SOCKET_ECONNRESET NIO_ECONNRESET #define SOCKET_EINTR NIO_EINTR #define SOCKET_EPIPE NIO_EPIPE @@ -249,6 +258,7 @@ #elif defined(WOLFSSL_PICOTCP) #define SOCKET_EWOULDBLOCK PICO_ERR_EAGAIN #define SOCKET_EAGAIN PICO_ERR_EAGAIN + #define SOCKET_ETIMEDOUT PICO_ERR_ETIMEDOUT #define SOCKET_ECONNRESET PICO_ERR_ECONNRESET #define SOCKET_EINTR PICO_ERR_EINTR #define SOCKET_EPIPE PICO_ERR_EIO @@ -257,6 +267,7 @@ #elif defined(FREERTOS_TCP) #define SOCKET_EWOULDBLOCK FREERTOS_EWOULDBLOCK #define SOCKET_EAGAIN FREERTOS_EWOULDBLOCK + #define SOCKET_ETIMEDOUT (-pdFREERTOS_ERRNO_ETIMEDOUT) #define SOCKET_ECONNRESET FREERTOS_SOCKET_ERROR #define SOCKET_EINTR FREERTOS_SOCKET_ERROR #define SOCKET_EPIPE FREERTOS_SOCKET_ERROR @@ -270,6 +281,14 @@ #define SOCKET_EPIPE NU_NOT_CONNECTED #define SOCKET_ECONNREFUSED NU_CONNECTION_REFUSED #define SOCKET_ECONNABORTED NU_NOT_CONNECTED +#elif defined(NUCLEUS_PLUS_2_3) + #define SOCKET_EWOULDBLOCK NU_WOULD_BLOCK + #define SOCKET_EAGAIN NU_NO_DATA + #define SOCKET_ECONNRESET NU_RESET + #define SOCKET_EINTR 0 + #define SOCKET_EPIPE 0 + #define SOCKET_ECONNREFUSED NU_CONNECTION_REFUSED + #define SOCKET_ECONNABORTED NU_CONNECTION_REFUSED #elif defined(WOLFSSL_DEOS) /* `sockaddr_storage` is not defined in DEOS. This workaround will * work for IPV4, but not IPV6 @@ -301,6 +320,7 @@ #elif defined(WOLFSSL_LWIP_NATIVE) #define SOCKET_EWOULDBLOCK ERR_WOULDBLOCK #define SOCKET_EAGAIN ERR_WOULDBLOCK + #define SOCKET_TIMEDOUT ERR_TIMEOUT #define SOCKET_ECONNRESET ERR_RST #define SOCKET_EINTR ERR_CLSD #define SOCKET_EPIPE ERR_CLSD @@ -318,6 +338,7 @@ #else #define SOCKET_EWOULDBLOCK EWOULDBLOCK #define SOCKET_EAGAIN EAGAIN + #define SOCKET_ETIMEDOUT ETIMEDOUT #define SOCKET_ECONNRESET ECONNRESET #define SOCKET_EINTR EINTR #define SOCKET_EPIPE EPIPE @@ -354,6 +375,11 @@ #elif defined(WOLFSSL_NUCLEUS_1_2) #define SEND_FUNCTION NU_Send #define RECV_FUNCTION NU_Recv +#elif defined(NUCLEUS_PLUS_2_3) + #define SEND_FUNCTION nucyassl_send + #define RECV_FUNCTION nucyassl_recv + #define DTLS_RECVFROM_FUNCTION nucyassl_recvfrom + #define DTLS_SENDTO_FUNCTION nucyassl_sendto #elif defined(FUSION_RTOS) #define SEND_FUNCTION FNS_SEND #define RECV_FUNCTION FNS_RECV @@ -378,26 +404,13 @@ #endif #endif -#ifdef USE_WINDOWS_API - #if defined(__MINGW64__) - typedef size_t SOCKET_T; - #else - typedef unsigned int SOCKET_T; - #endif - #ifndef SOCKET_INVALID - #define SOCKET_INVALID INVALID_SOCKET - #endif -#else - typedef int SOCKET_T; - #ifndef SOCKET_INVALID - #define SOCKET_INVALID (-1) - #endif -#endif - #ifndef WOLFSSL_NO_SOCK #ifndef XSOCKLENT #ifdef USE_WINDOWS_API #define XSOCKLENT int + #elif defined(NUCLEUS_PLUS_2_3) + typedef int socklen_t; + #define XSOCKLENT socklen_t #else #define XSOCKLENT socklen_t #endif @@ -420,6 +433,10 @@ #ifdef WOLFSSL_IPV6 typedef struct sockaddr_in6 SOCKADDR_IN6; #endif + #if defined(HAVE_SYS_UN_H) && !defined(WOLFSSL_NO_SOCKADDR_UN) + #include + typedef struct sockaddr_un SOCKADDR_UN; + #endif typedef struct hostent HOSTENT; #endif /* HAVE_SOCKADDR */ @@ -444,6 +461,32 @@ WOLFSSL_API int wolfIO_TcpBind(SOCKET_T* sockfd, word16 port); WOLFSSL_API int wolfIO_Send(SOCKET_T sd, char *buf, int sz, int wrFlags); WOLFSSL_API int wolfIO_Recv(SOCKET_T sd, char *buf, int sz, int rdFlags); +#ifdef WOLFSSL_HAVE_BIO_ADDR + +#ifdef WOLFSSL_NO_SOCK +#error WOLFSSL_HAVE_BIO_ADDR and WOLFSSL_NO_SOCK are mutually incompatible. +#endif + +union WOLFSSL_BIO_ADDR { + SOCKADDR sa; + SOCKADDR_IN sa_in; +#ifdef WOLFSSL_IPV6 + SOCKADDR_IN6 sa_in6; +#endif +#if defined(HAVE_SYS_UN_H) && !defined(WOLFSSL_NO_SOCKADDR_UN) + SOCKADDR_UN sa_un; +#endif +}; + +typedef union WOLFSSL_BIO_ADDR WOLFSSL_BIO_ADDR; + +#if defined(WOLFSSL_DTLS) && defined(OPENSSL_EXTRA) +WOLFSSL_API int wolfIO_SendTo(SOCKET_T sd, WOLFSSL_BIO_ADDR *addr, char *buf, int sz, int wrFlags); +WOLFSSL_API int wolfIO_RecvFrom(SOCKET_T sd, WOLFSSL_BIO_ADDR *addr, char *buf, int sz, int rdFlags); +#endif + +#endif /* WOLFSSL_HAVE_BIO_ADDR */ + #endif /* USE_WOLFSSL_IO || HAVE_HTTP_CLIENT */ #ifndef WOLFSSL_NO_SOCK @@ -465,6 +508,7 @@ WOLFSSL_API int wolfIO_Recv(SOCKET_T sd, char *buf, int sz, int rdFlags); FNS_CLOSE(s, &err); \ } while(0) #endif + #define StartTCP() WC_DO_NOTHING #else #ifndef CloseSocket #define CloseSocket(s) close(s) @@ -476,15 +520,24 @@ WOLFSSL_API int wolfIO_Recv(SOCKET_T sd, char *buf, int sz, int rdFlags); #endif #endif /* WOLFSSL_NO_SOCK */ - +/* Preserve API previously exposed */ WOLFSSL_API int BioSend(WOLFSSL* ssl, char *buf, int sz, void *ctx); WOLFSSL_API int BioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx); + +WOLFSSL_LOCAL int SslBioSend(WOLFSSL* ssl, char *buf, int sz, void *ctx); +WOLFSSL_LOCAL int BioReceiveInternal(WOLFSSL_BIO* biord, WOLFSSL_BIO* biowr, + char* buf, int sz); +WOLFSSL_LOCAL int SslBioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx); #if defined(USE_WOLFSSL_IO) /* default IO callbacks */ WOLFSSL_API int EmbedReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx); WOLFSSL_API int EmbedSend(WOLFSSL* ssl, char* buf, int sz, void* ctx); #ifdef WOLFSSL_DTLS + #ifdef NUCLEUS_PLUS_2_3 + #define SELECT_FUNCTION nucyassl_select + WOLFSSL_LOCAL int nucyassl_select(INT sd, UINT32 timeout); + #endif WOLFSSL_API int EmbedReceiveFrom(WOLFSSL *ssl, char *buf, int sz, void *ctx); WOLFSSL_API int EmbedSendTo(WOLFSSL* ssl, char *buf, int sz, void *ctx); @@ -497,9 +550,14 @@ WOLFSSL_API int BioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx); #endif /* WOLFSSL_DTLS */ #endif /* USE_WOLFSSL_IO */ + +typedef int (*WolfSSLGenericIORecvCb)(char *buf, int sz, void *ctx); #ifdef HAVE_OCSP WOLFSSL_API int wolfIO_HttpBuildRequestOcsp(const char* domainName, const char* path, int ocspReqSz, unsigned char* buf, int bufSize); + WOLFSSL_API int wolfIO_HttpProcessResponseOcspGenericIO( + WolfSSLGenericIORecvCb ioCb, void* ioCbCtx, unsigned char** respBuf, + unsigned char* httpBuf, int httpBufSz, void* heap); WOLFSSL_API int wolfIO_HttpProcessResponseOcsp(int sfd, unsigned char** respBuf, unsigned char* httpBuf, int httpBufSz, void* heap); @@ -530,6 +588,10 @@ WOLFSSL_API int BioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx); WOLFSSL_LOCAL int wolfIO_HttpBuildRequest_ex(const char* reqType, const char* domainName, const char* path, int pathLen, int reqSz, const char* contentType, const char *exHdrs, unsigned char* buf, int bufSize); + WOLFSSL_API int wolfIO_HttpProcessResponseGenericIO( + WolfSSLGenericIORecvCb ioCb, void* ioCbCtx, const char** appStrList, + unsigned char** respBuf, unsigned char* httpBuf, int httpBufSz, + int dynType, void* heap); WOLFSSL_API int wolfIO_HttpProcessResponse(int sfd, const char** appStrList, unsigned char** respBuf, unsigned char* httpBuf, int httpBufSz, int dynType, void* heap); @@ -556,7 +618,6 @@ WOLFSSL_API void* wolfSSL_GetIOWriteCtx(WOLFSSL* ssl); WOLFSSL_API void wolfSSL_SetIOReadFlags( WOLFSSL* ssl, int flags); WOLFSSL_API void wolfSSL_SetIOWriteFlags(WOLFSSL* ssl, int flags); - #ifdef HAVE_NETX WOLFSSL_LOCAL int NetX_Receive(WOLFSSL *ssl, char *buf, int sz, void *ctx); WOLFSSL_LOCAL int NetX_Send(WOLFSSL *ssl, char *buf, int sz, void *ctx);