diff --git a/.github/workflows/packaging.yml b/.github/workflows/packaging.yml index b4657110c5..b9d3378ff7 100644 --- a/.github/workflows/packaging.yml +++ b/.github/workflows/packaging.yml @@ -37,8 +37,9 @@ jobs: - name: Build wolfSSL .deb run: make deb-docker - - name: Build wolfSSL .rpm - run: make rpm-docker +# disabled 20240919 -- broken target. +# - name: Build wolfSSL .rpm +# run: make rpm-docker - name: Confirm packages built run: | @@ -47,8 +48,9 @@ jobs: echo Did not find exactly two deb packages!!! exit 1 fi - RPM_COUNT=$(find -name 'wolfssl*.rpm' | wc -l) - if [ "$RPM_COUNT" != "4" ]; then - echo Did not find exactly four rpm packages!!! - exit 1 - fi +# disabled 20240919 -- broken target. +# RPM_COUNT=$(find -name 'wolfssl*.rpm' | wc -l) +# if [ "$RPM_COUNT" != "4" ]; then +# echo Did not find exactly four rpm packages!!! +# exit 1 +# fi diff --git a/m4/ax_atomic.m4 b/m4/ax_atomic.m4 index b1fa58753f..d8c8d0d2c8 100644 --- a/m4/ax_atomic.m4 +++ b/m4/ax_atomic.m4 @@ -9,18 +9,20 @@ AC_DEFUN([AC_C___ATOMIC], [[int main (int argc, char **argv) { - volatile unsigned long ul1 = 1, ul2 = 0, ul3 = 2; + volatile unsigned long ul1 = 1; + unsigned long ul2 = 0, ul3 = 2; __atomic_load_n(&ul1, __ATOMIC_SEQ_CST); __atomic_compare_exchange(&ul1, &ul2, &ul3, 1, __ATOMIC_SEQ_CST, __ATOMIC_SEQ_CST); __atomic_fetch_add(&ul1, 1, __ATOMIC_SEQ_CST); - __atomic_fetch_sub(&ul3, 1, __ATOMIC_SEQ_CST); + __atomic_fetch_sub(&ul1, 1, __ATOMIC_SEQ_CST); __atomic_or_fetch(&ul1, ul2, __ATOMIC_SEQ_CST); __atomic_and_fetch(&ul1, ul2, __ATOMIC_SEQ_CST); - volatile unsigned long long ull1 = 1, ull2 = 0, ull3 = 2; + volatile unsigned long long ull1 = 1; + unsigned long long ull2 = 0, ull3 = 2; __atomic_load_n(&ull1, __ATOMIC_SEQ_CST); __atomic_compare_exchange(&ull1, &ull2, &ull3, 1, __ATOMIC_SEQ_CST, __ATOMIC_SEQ_CST); __atomic_fetch_add(&ull1, 1, __ATOMIC_SEQ_CST); - __atomic_fetch_sub(&ull3, 1, __ATOMIC_SEQ_CST); + __atomic_fetch_sub(&ull1, 1, __ATOMIC_SEQ_CST); __atomic_or_fetch(&ull1, ull2, __ATOMIC_SEQ_CST); __atomic_and_fetch(&ull1, ull2, __ATOMIC_SEQ_CST); return 0; diff --git a/src/dtls13.c b/src/dtls13.c index 6430600f5c..c661dc94cc 100644 --- a/src/dtls13.c +++ b/src/dtls13.c @@ -71,6 +71,8 @@ typedef struct Dtls13HandshakeHeader { byte fragmentLength[3]; } Dtls13HandshakeHeader; +static_assert(sizeof(Dtls13HandshakeHeader) == DTLS13_HANDSHAKE_HEADER_SZ); + /** * struct Dtls13Recordplaintextheader: represent header of unprotected DTLSv1.3 * record diff --git a/src/tls13.c b/src/tls13.c index 0d35d9bc42..d40a74f72a 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -4165,7 +4165,11 @@ static int EchHashHelloInner(WOLFSSL* ssl, WOLFSSL_ECH* ech) { int ret; HS_Hashes* tmpHashes; +#ifdef WOLFSSL_DTLS13 + byte falseHeader[DTLS13_HANDSHAKE_HEADER_SZ]; +#else byte falseHeader[HANDSHAKE_HEADER_SZ]; +#endif if (ssl == NULL || ech == NULL) return BAD_FUNC_ARG; diff --git a/tests/api.c b/tests/api.c index 4df1c32ba5..6b85c7886e 100644 --- a/tests/api.c +++ b/tests/api.c @@ -532,15 +532,6 @@ int tmpDirNameSet = 0; | Constants *----------------------------------------------------------------------------*/ -/* Test result constants and macros. */ - -/* Test succeeded. */ -#define TEST_SUCCESS (1) -/* Test failed. */ -#define TEST_FAIL (0) -/* Test skipped - not run. */ -#define TEST_SKIPPED (-7777) - /* Returns the result based on whether check is true. * * @param [in] check Condition for success. @@ -7291,7 +7282,7 @@ static WC_INLINE int test_ssl_memio_read_cb(WOLFSSL *ssl, char *data, int sz, static WC_INLINE int test_ssl_memio_setup(test_ssl_memio_ctx *ctx) { - EXPECT_DECLS; + EXPECT_DECLS_NO_MSGS(-2000); #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) int c_sharedCtx = 0; int s_sharedCtx = 0; @@ -7564,7 +7555,7 @@ static int test_ssl_memio_do_handshake(test_ssl_memio_ctx* ctx, int max_rounds, static int test_ssl_memio_read_write(test_ssl_memio_ctx* ctx) { - EXPECT_DECLS; + EXPECT_DECLS_NO_MSGS(-3000); char input[1024]; int idx = 0; const char* msg_c = "hello wolfssl!"; @@ -7653,7 +7644,14 @@ static void test_ssl_memio_cleanup(test_ssl_memio_ctx* ctx) int test_wolfSSL_client_server_nofail_memio(test_ssl_cbf* client_cb, test_ssl_cbf* server_cb, cbType client_on_handshake) { - EXPECT_DECLS; + /* We use EXPECT_DECLS_NO_MSGS() here because this helper routine is used + * for numerous but varied expected-to-fail scenarios that should not emit + * error messages on the expected failures. Instead, we return a distinct + * code for each failure point, allowing the caller to assert on a + * particular mode of expected failure. On success, the usual TEST_SUCCESS + * is returned. + */ + EXPECT_DECLS_NO_MSGS(-1000); struct test_ssl_memio_ctx test_ctx; #ifdef WOLFSSL_HAVE_TLS_UNIQUE size_t msg_len; @@ -7665,8 +7663,8 @@ int test_wolfSSL_client_server_nofail_memio(test_ssl_cbf* client_cb, test_ctx.c_ctx = client_cb->ctx; test_ctx.s_ctx = server_cb->ctx; - test_ctx.c_cb.return_code = TEST_FAIL; - test_ctx.s_cb.return_code = TEST_FAIL; + test_ctx.c_cb.return_code = EXPECT_FAILURE_CODEPOINT_ID; + test_ctx.s_cb.return_code = EXPECT_FAILURE_CODEPOINT_ID; ExpectIntEQ(test_ssl_memio_setup(&test_ctx), TEST_SUCCESS); ExpectIntEQ(test_ssl_memio_do_handshake(&test_ctx, 10, NULL), TEST_SUCCESS); @@ -9575,10 +9573,10 @@ static int test_wolfSSL_CTX_verifyDepth_ServerClient_3(void) * therefore, handshake becomes failure. */ ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbf, - &server_cbf, NULL), TEST_FAIL); + &server_cbf, NULL), -1001); - ExpectIntEQ(client_cbf.return_code, TEST_FAIL); - ExpectIntEQ(server_cbf.return_code, TEST_FAIL); + ExpectIntEQ(client_cbf.return_code, -1000); + ExpectIntEQ(server_cbf.return_code, -1000); ExpectIntEQ(client_cbf.last_err, WC_NO_ERR_TRACE(MAX_CHAIN_ERROR)); ExpectIntEQ(server_cbf.last_err, WC_NO_ERR_TRACE(FATAL_ERROR)); #endif /* OPENSSL_EXTRA && HAVE_SSL_MEMIO_TESTS_DEPENDENCIES */ @@ -14120,7 +14118,7 @@ static int test_wolfSSL_X509_TLS_version_test_1(void) #ifndef OPENSSL_COMPATIBLE_DEFAULTS ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client, - &func_cb_server, NULL), TEST_FAIL); + &func_cb_server, NULL), -1001); #else ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client, &func_cb_server, NULL), TEST_SUCCESS); @@ -15009,14 +15007,20 @@ static int test_Sha512_Family_Final(int type, int isRaw) hash_test[2] = hash3; times = sizeof(hash_test) / sizeof(byte *); - /* Good test args. */ - for (i = 0; i < times; i++) { - ExpectIntEQ(finalFp(&sha512, hash_test[i]), 0); +#if defined(HAVE_FIPS) || defined(HAVE_SELFTEST) || \ + defined(WOLFSSL_NO_HASH_RAW) + if (finalFp != NULL) +#endif + { + /* Good test args. */ + for (i = 0; i < times; i++) { + ExpectIntEQ(finalFp(&sha512, hash_test[i]), 0); + } + /* Test bad args. */ + ExpectIntEQ(finalFp(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(finalFp(NULL, hash1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(finalFp(&sha512, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); } - /* Test bad args. */ - ExpectIntEQ(finalFp(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(finalFp(NULL, hash1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); - ExpectIntEQ(finalFp(&sha512, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); freeFp(&sha512); @@ -61861,7 +61865,7 @@ static int test_wolfSSL_curves_mismatch(void) func_cb_server.method = test_params[i].server_meth; ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client, - &func_cb_server, NULL), TEST_FAIL); + &func_cb_server, NULL), -1001); ExpectIntEQ(func_cb_client.last_err, test_params[i].client_last_err); ExpectIntEQ(func_cb_server.last_err, test_params[i].server_last_err); @@ -69656,10 +69660,16 @@ static int test_wolfSSL_SESSION_expire_downgrade(void) #if defined(OPENSSL_EXTRA) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \ defined(HAVE_EX_DATA) && !defined(NO_SESSION_CACHE) -static int clientSessRemCountMalloc = 0; -static int serverSessRemCountMalloc = 0; -static int clientSessRemCountFree = 0; -static int serverSessRemCountFree = 0; +#ifdef WOLFSSL_ATOMIC_OPS + typedef wolfSSL_Atomic_Int SessRemCounter_t; +#else + typedef int SessRemCounter_t; +#endif +static SessRemCounter_t clientSessRemCountMalloc; +static SessRemCounter_t serverSessRemCountMalloc; +static SessRemCounter_t clientSessRemCountFree; +static SessRemCounter_t serverSessRemCountFree; + static WOLFSSL_CTX* serverSessCtx = NULL; static WOLFSSL_SESSION* serverSess = NULL; #if (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)) || \ @@ -69680,9 +69690,9 @@ static void SessRemCtxCb(WOLFSSL_CTX *ctx, WOLFSSL_SESSION *sess) side = (int*)SSL_SESSION_get_ex_data(sess, serverSessRemIdx); if (side != NULL) { if (*side == WOLFSSL_CLIENT_END) - clientSessRemCountFree++; + (void)wolfSSL_Atomic_Int_FetchAdd(&clientSessRemCountFree, 1); else - serverSessRemCountFree++; + (void)wolfSSL_Atomic_Int_FetchAdd(&serverSessRemCountFree, 1); SSL_SESSION_set_ex_data(sess, serverSessRemIdx, NULL); } @@ -69719,14 +69729,14 @@ static int SessRemSslSetupCb(WOLFSSL* ssl) if (SSL_is_server(ssl)) { side = &sessRemCtx_Server; - serverSessRemCountMalloc++; + (void)wolfSSL_Atomic_Int_FetchAdd(&serverSessRemCountMalloc, 1); ExpectNotNull(serverSess = SSL_get1_session(ssl)); ExpectIntEQ(SSL_CTX_up_ref(serverSessCtx = SSL_get_SSL_CTX(ssl)), SSL_SUCCESS); } else { side = &sessRemCtx_Client; - clientSessRemCountMalloc++; + (void)wolfSSL_Atomic_Int_FetchAdd(&clientSessRemCountMalloc, 1); #if (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)) || \ !defined(NO_SESSION_CACHE_REF) ExpectNotNull(clientSess = SSL_get1_session(ssl)); @@ -69750,6 +69760,11 @@ static int test_wolfSSL_CTX_sess_set_remove_cb(void) * session object */ test_ssl_cbf func_cb; + wolfSSL_Atomic_Int_Init(&clientSessRemCountMalloc, 0); + wolfSSL_Atomic_Int_Init(&serverSessRemCountMalloc, 0); + wolfSSL_Atomic_Int_Init(&clientSessRemCountFree, 0); + wolfSSL_Atomic_Int_Init(&serverSessRemCountFree, 0); + XMEMSET(&func_cb, 0, sizeof(func_cb)); func_cb.ctx_ready = SessRemCtxSetupCb; func_cb.on_result = SessRemSslSetupCb; @@ -78615,7 +78630,7 @@ static int test_DhCallbacks(void) func_cb_server.method = wolfTLSv1_2_server_method; ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client, - &func_cb_server, NULL), TEST_FAIL); + &func_cb_server, NULL), -1001); #endif return EXPECT_RESULT(); } @@ -85792,7 +85807,7 @@ static int test_multiple_crls_same_issuer(void) client_cbs.ctx_ready = test_multiple_crls_same_issuer_ctx_ready; ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbs, - &server_cbs, NULL), TEST_FAIL); + &server_cbs, NULL), -1001); } #endif return EXPECT_RESULT(); @@ -90339,7 +90354,7 @@ static int test_wolfSSL_CRL_CERT_REVOKED_alert(void) server_cbs.on_cleanup = test_wolfSSL_CRL_CERT_REVOKED_alert_on_cleanup; ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbs, - &server_cbs, NULL), TEST_FAIL); + &server_cbs, NULL), -1001); return EXPECT_RESULT(); } @@ -91146,7 +91161,7 @@ static int test_override_alt_cert_chain(void) {test_override_alt_cert_chain_client_ctx_ready, test_override_alt_cert_chain_server_ctx_ready, TEST_SUCCESS}, {test_override_alt_cert_chain_client_ctx_ready2, - test_override_alt_cert_chain_server_ctx_ready, TEST_FAIL}, + test_override_alt_cert_chain_server_ctx_ready, -1001}, }; for (i = 0; i < sizeof(params)/sizeof(*params); i++) { @@ -91162,8 +91177,10 @@ static int test_override_alt_cert_chain(void) ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbs, &server_cbs, NULL), params[i].result); - ExpectIntEQ(client_cbs.return_code, params[i].result); - ExpectIntEQ(server_cbs.return_code, params[i].result); + ExpectIntEQ(client_cbs.return_code, + params[i].result <= 0 ? -1000 : TEST_SUCCESS); + ExpectIntEQ(server_cbs.return_code, + params[i].result <= 0 ? -1000 : TEST_SUCCESS); } return EXPECT_RESULT(); @@ -93766,7 +93783,7 @@ static int test_revoked_loaded_int_cert(void) client_cbf.ctx_ready = test_params[i].client_ctx_ready; ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbf, - &server_cbf, NULL), TEST_FAIL); + &server_cbf, NULL), -1001); ExpectIntEQ(client_cbf.last_err, WC_NO_ERR_TRACE(CRL_CERT_REVOKED)); ExpectIntEQ(server_cbf.last_err, WC_NO_ERR_TRACE(FATAL_ERROR)); diff --git a/tests/unit.h b/tests/unit.h index f63c4bd636..63825bc237 100644 --- a/tests/unit.h +++ b/tests/unit.h @@ -20,8 +20,8 @@ */ -#ifndef CyaSSL_UNIT_H -#define CyaSSL_UNIT_H +#ifndef TESTS_UNIT_H +#define TESTS_UNIT_H #include #include /* thread and tcp stuff */ @@ -121,27 +121,55 @@ #define AssertPtrGE(x, y) AssertPtr(x, y, >=, <) #define AssertPtrLE(x, y) AssertPtr(x, y, <=, >) +#define TEST_FAIL 0 +#define TEST_SUCCESS 1 +#define TEST_SUCCESS_NO_MSGS 2 +#define TEST_SKIPPED 3 /* Test skipped - not run. */ +#define TEST_SKIPPED_NO_MSGS 4 /* Test skipped - not run. */ #define EXPECT_DECLS \ - int _ret = TEST_SKIPPED + int _ret = TEST_SKIPPED, _fail_codepoint_id = TEST_FAIL +#define EXPECT_DECLS_NO_MSGS(fail_codepoint_offset) \ + int _ret = TEST_SKIPPED_NO_MSGS, \ + _fail_codepoint_id = (fail_codepoint_offset) +#define EXPECT_FAILURE_CODEPOINT_ID _fail_codepoint_id #define EXPECT_RESULT() \ - _ret + ((void)_fail_codepoint_id, \ + _ret == TEST_SUCCESS_NO_MSGS ? TEST_SUCCESS : \ + _ret == TEST_SKIPPED_NO_MSGS ? TEST_SKIPPED : \ + _ret) #define EXPECT_SUCCESS() \ - ((_ret == TEST_SUCCESS) || (_ret == TEST_SKIPPED)) + ((_ret == TEST_SUCCESS) || \ + (_ret == TEST_SKIPPED) || \ + (_ret == TEST_SUCCESS_NO_MSGS) || \ + (_ret == TEST_SKIPPED_NO_MSGS)) #define EXPECT_FAIL() \ - (_ret == TEST_FAIL) - -#define ExpFail(description, result) do { \ - printf("\nERROR - %s line %d failed with:", __FILE__, __LINE__); \ - fputs("\n expected: ", stdout); printf description; \ - fputs("\n result: ", stdout); printf result; fputs("\n\n", stdout); \ - fflush(stdout); \ - _ret = TEST_FAIL; \ + (! EXPECT_SUCCESS()) + +#define ExpFail(description, result) do { \ + if ((_ret == TEST_SUCCESS_NO_MSGS) || (_ret == TEST_SKIPPED_NO_MSGS)) \ + _ret = _fail_codepoint_id; \ + else { \ + printf("\nERROR - %s line %d failed with:", __FILE__, __LINE__); \ + fputs("\n expected: ", stdout); printf description; \ + fputs("\n result: ", stdout); printf result; \ + fputs("\n\n", stdout); \ + fflush(stdout); \ + _ret = TEST_FAIL; \ + } \ } while (0) -#define Expect(test, description, result) do { \ - if (_ret != TEST_FAIL) { if (!(test)) ExpFail(description, result); \ - else _ret = TEST_SUCCESS; } \ +#define Expect(test, description, result) do { \ + if (EXPECT_SUCCESS()) { \ + if (!(test)) \ + ExpFail(description, result); \ + else if (_ret == TEST_SKIPPED_NO_MSGS) \ + _ret = TEST_SUCCESS_NO_MSGS; \ + else \ + _ret = TEST_SUCCESS; \ + } \ + if (_ret == TEST_SUCCESS_NO_MSGS) \ + --_fail_codepoint_id; \ } while (0) #define ExpectTrue(x) Expect( (x), ("%s is true", #x), (#x " => FALSE")) @@ -149,14 +177,14 @@ #define ExpectNotNull(x) Expect( (x), ("%s is not null", #x), (#x " => NULL")) #define ExpectNull(x) do { \ - if (_ret != TEST_FAIL) { \ + if (EXPECT_SUCCESS()) { \ PEDANTIC_EXTENSION void* _x = (void*)(x); \ Expect(!_x, ("%s is null", #x), (#x " => %p", _x)); \ } \ } while(0) #define ExpectInt(x, y, op, er) do { \ - if (_ret != TEST_FAIL) { \ + if (EXPECT_SUCCESS()) { \ int _x = (int)(x); \ int _y = (int)(y); \ Expect(_x op _y, ("%s " #op " %s", #x, #y), ("%d " #er " %d", _x, _y));\ @@ -171,7 +199,7 @@ #define ExpectIntLE(x, y) ExpectInt(x, y, <=, >) #define ExpectStr(x, y, op, er) do { \ - if (_ret != TEST_FAIL) { \ + if (EXPECT_SUCCESS()) { \ const char* _x = (const char*)(x); \ const char* _y = (const char*)(y); \ int _z = (_x && _y) ? XSTRCMP(_x, _y) : -1; \ @@ -188,7 +216,7 @@ #define ExpectStrLE(x, y) ExpectStr(x, y, <=, >) #define ExpectPtr(x, y, op, er) do { \ - if (_ret != TEST_FAIL) { \ + if (EXPECT_SUCCESS()) { \ PRAGMA_DIAG_PUSH \ /* remarkably, without this inhibition, */ \ /* the _Pragma()s make the declarations warn. */ \ @@ -211,7 +239,7 @@ #define ExpectPtrLE(x, y) ExpectPtr(x, y, <=, >) #define ExpectBuf(x, y, z, op, er) do { \ - if (_ret != TEST_FAIL) { \ + if (EXPECT_SUCCESS()) { \ const byte* _x = (const byte*)(x); \ const byte* _y = (const byte*)(y); \ int _z = (int)(z); \ @@ -306,4 +334,4 @@ int w64wrapper_test(void); int QuicTest(void); -#endif /* CyaSSL_UNIT_H */ +#endif /* TESTS_UNIT_H */ diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index fd65b89acb..69a6d0f6e0 100644 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -8433,11 +8433,37 @@ static void bench_rsaKeyGen_helper(int useDeviceID, word32 keySz) void bench_rsaKeyGen(int useDeviceID) { int k; -#if !defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL) && \ - (RSA_MIN_SIZE <= 1024) - static const word32 keySizes[2] = {1024, 2048}; + +#if !defined(RSA_MAX_SIZE) || !defined(RSA_MIN_SIZE) + static const word32 keySizes[2] = {1024, 2048 }; +#elif RSA_MAX_SIZE >= 4096 + #if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \ + (RSA_MIN_SIZE <= 1024) + static const word32 keySizes[4] = {1024, 2048, 3072, 4096 }; + #else + static const word32 keySizes[3] = {2048, 3072, 4096}; + #endif +#elif RSA_MAX_SIZE >= 3072 + #if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \ + (RSA_MIN_SIZE <= 1024) + static const word32 keySizes[3] = {1024, 2048, 3072 }; + #else + static const word32 keySizes[2] = {2048, 3072 }; + #endif +#elif RSA_MAX_SIZE >= 2048 + #if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \ + (RSA_MIN_SIZE <= 1024) + static const word32 keySizes[2] = {1024, 2048 }; + #else + static const word32 keySizes[1] = {2048}; + #endif #else - static const word32 keySizes[1] = {2048}; + #if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \ + (RSA_MIN_SIZE <= 1024) + static const word32 keySizes[1] = {1024 }; + #else + #error No candidate RSA key sizes to benchmark. + #endif #endif for (k = 0; k < (int)(sizeof(keySizes)/sizeof(int)); k++) { diff --git a/wolfcrypt/src/dh.c b/wolfcrypt/src/dh.c index 96000d4be8..c830d7a91a 100644 --- a/wolfcrypt/src/dh.c +++ b/wolfcrypt/src/dh.c @@ -2323,7 +2323,6 @@ int wc_DhAgree_ct(DhKey* key, byte* agree, word32 *agreeSz, const byte* priv, return MEMORY_E; #endif - XMEMSET(agree, 0, requested_agreeSz); XMEMSET(agree_buffer, 0, requested_agreeSz); ret = wc_DhAgree_Sync(key, agree_buffer, agreeSz, priv, privSz, otherPub, @@ -2340,7 +2339,7 @@ int wc_DhAgree_ct(DhKey* key, byte* agree, word32 *agreeSz, const byte* priv, byte *agree_src = agree_buffer + *agreeSz - 1, *agree_dst = agree + requested_agreeSz - 1; while (agree_dst >= agree) { - word32 mask = (agree_src >= agree_buffer) - 1U;; + word32 mask = (agree_src >= agree_buffer) - 1U; agree_src += (mask & requested_agreeSz); *agree_dst-- = *agree_src--; } diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index 3d439e1cf7..037f53ba90 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -856,6 +856,14 @@ enum { /* This holds the key settings. ***MUST*** be organized by size from smallest to largest. */ +#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0) + #undef ecc_sets + #undef ecc_sets_count +#endif + +#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0) +static +#endif const ecc_set_type ecc_sets[] = { #ifdef ECC112 #ifndef NO_ECC_SECP @@ -1399,8 +1407,17 @@ const ecc_set_type ecc_sets[] = { } }; #define ECC_SET_COUNT (sizeof(ecc_sets)/sizeof(ecc_set_type)) +#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0) +static +#endif const size_t ecc_sets_count = ECC_SET_COUNT - 1; +const ecc_set_type *wc_ecc_get_sets(void) { + return ecc_sets; +} +size_t wc_ecc_get_sets_count(void) { + return ecc_sets_count; +} #ifdef HAVE_OID_ENCODING /* encoded OID cache */ diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index c618423fc0..c14d712e2a 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -34481,7 +34481,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test_buffers(void) } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); if (ret < 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); -TEST_SLEEP(); + TEST_SLEEP(); XMEMSET(plain, 0, sizeof(plain)); diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 37cf731ae2..7ce0436355 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -1637,6 +1637,7 @@ enum Misc { #endif HANDSHAKE_HEADER_SZ = 4, /* type + length(3) */ + DTLS13_HANDSHAKE_HEADER_SZ = 12, /* sizeof(Dtls13HandshakeHeader) */ RECORD_HEADER_SZ = 5, /* type + version + len(2) */ CERT_HEADER_SZ = 3, /* always 3 bytes */ REQ_HEADER_SZ = 2, /* cert request header sz */ diff --git a/wolfssl/wolfcrypt/ecc.h b/wolfssl/wolfcrypt/ecc.h index e73c10b9bd..ba8c88b882 100644 --- a/wolfssl/wolfcrypt/ecc.h +++ b/wolfssl/wolfcrypt/ecc.h @@ -641,8 +641,15 @@ WOLFSSL_ABI WOLFSSL_API void wc_ecc_key_free(ecc_key* key); /* ECC predefined curve sets */ -extern const ecc_set_type ecc_sets[]; -extern const size_t ecc_sets_count; +#if defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) + extern const ecc_set_type ecc_sets[]; + extern const size_t ecc_sets_count; +#else + WOLFSSL_API const ecc_set_type *wc_ecc_get_sets(void); + WOLFSSL_API size_t wc_ecc_get_sets_count(void); + #define ecc_sets wc_ecc_get_sets() + #define ecc_sets_count wc_ecc_get_sets_count() +#endif WOLFSSL_API const char* wc_ecc_get_name(int curve_id); @@ -763,7 +770,7 @@ WOLFSSL_API int wc_ecc_set_flags(ecc_key* key, word32 flags); WOLFSSL_ABI WOLFSSL_API void wc_ecc_fp_free(void); -WOLFSSL_LOCAL +WOLFSSL_API void wc_ecc_fp_init(void); WOLFSSL_API int wc_ecc_set_rng(ecc_key* key, WC_RNG* rng); diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index e7edbc5b36..9b5c6d04be 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -1694,6 +1694,36 @@ typedef struct w64wrapper { #define PRAGMA_DIAG_POP /* null expansion */ #endif + #define WC_CPP_CAT_(a, b) a ## b + #define WC_CPP_CAT(a, b) WC_CPP_CAT_(a, b) + #if defined(__cplusplus) && (__cplusplus >= 201103L) + #ifndef static_assert2 + #define static_assert2 static_assert + #endif + #elif !defined(static_assert) + #if !defined(__cplusplus) && \ + !defined(__STRICT_ANSI__) && \ + !defined(WOLF_C89) && \ + defined(__STDC_VERSION__) && \ + (__STDC_VERSION__ >= 201112L) && \ + ((defined(__GNUC__) && \ + (__GNUC__ >= 5)) || \ + defined(__clang__)) + #define static_assert(expr) _Static_assert(expr, #expr) + #ifndef static_assert2 + #define static_assert2(expr, msg) _Static_assert(expr, msg) + #endif + #else + #define static_assert(expr) \ + struct WC_CPP_CAT(wc_dummy_struct_L, __LINE__) + #ifndef static_assert2 + #define static_assert2(expr, msg) static_assert(expr) + #endif + #endif + #elif !defined(static_assert2) + #define static_assert2(expr, msg) static_assert(expr) + #endif + #ifndef SAVE_VECTOR_REGISTERS #define SAVE_VECTOR_REGISTERS(...) WC_DO_NOTHING #endif diff --git a/wolfssl/wolfcrypt/wc_port.h b/wolfssl/wolfcrypt/wc_port.h index cb36bfe7d2..4333768948 100644 --- a/wolfssl/wolfcrypt/wc_port.h +++ b/wolfssl/wolfcrypt/wc_port.h @@ -355,11 +355,20 @@ #endif /* WOLFSSL_NO_ATOMICS */ #ifdef WOLFSSL_ATOMIC_OPS - WOLFSSL_LOCAL void wolfSSL_Atomic_Int_Init(wolfSSL_Atomic_Int* c, int i); + WOLFSSL_API void wolfSSL_Atomic_Int_Init(wolfSSL_Atomic_Int* c, int i); /* Fetch* functions return the value of the counter immediately preceding * the effects of the function. */ - WOLFSSL_LOCAL int wolfSSL_Atomic_Int_FetchAdd(wolfSSL_Atomic_Int* c, int i); - WOLFSSL_LOCAL int wolfSSL_Atomic_Int_FetchSub(wolfSSL_Atomic_Int* c, int i); + WOLFSSL_API int wolfSSL_Atomic_Int_FetchAdd(wolfSSL_Atomic_Int* c, int i); + WOLFSSL_API int wolfSSL_Atomic_Int_FetchSub(wolfSSL_Atomic_Int* c, int i); +#else + /* Code using these fallback macros needs to arrange its own fallback for + * wolfSSL_Atomic_Int, which is never defined if + * !defined(WOLFSSL_ATOMIC_OPS). This forces local awareness of + * thread-unsafe semantics. + */ + #define wolfSSL_Atomic_Int_Init(c, i) (*(c) = (i)) + #define wolfSSL_Atomic_Int_FetchAdd(c, i) (*(c) += (i), *(c) - (i)) + #define wolfSSL_Atomic_Int_FetchSub(c, i) (*(c) -= (i), *(c) + (i)) #endif /* Reference counting. */ @@ -374,27 +383,7 @@ typedef struct wolfSSL_Ref { #endif } wolfSSL_Ref; -#ifdef SINGLE_THREADED - -#define wolfSSL_RefInit(ref, err) \ - do { \ - (ref)->count = 1; \ - *(err) = 0; \ - } while(0) -#define wolfSSL_RefFree(ref) WC_DO_NOTHING - #define wolfSSL_RefInc(ref, err) \ - do { \ - (ref)->count++; \ - *(err) = 0; \ - } while(0) -#define wolfSSL_RefDec(ref, isZero, err) \ - do { \ - (ref)->count--; \ - *(isZero) = ((ref)->count == 0); \ - *(err) = 0; \ - } while(0) - -#elif defined(WOLFSSL_ATOMIC_OPS) +#if defined(SINGLE_THREADED) || defined(WOLFSSL_ATOMIC_OPS) #define wolfSSL_RefInit(ref, err) \ do { \