Fixes for minor sniffer and async issues:
* Sniffer: Remove old restrictions for max strength, encrypt-then-mac and forcing openssl-extra. * Fix bound warning with strncpy in sniffer.c. * Fix for async DH issue. * Fix for SP math all not initializing raw big int. * Fix for array bounds warning with "-O3" on SetEccPublicKey. * Fix a sniffer async edge case with TLS v1.2 static RSA and extended master. * Improved the sniffer test script detection of features. * Disable ECC custom curve test with Intel QuickAssist.
This commit is contained in:
David Garske
parent
567ae7ca55
commit
659d33fdaf
10
configure.ac
10
configure.ac
@ -1679,12 +1679,6 @@ AC_ARG_WITH([se050],
|
||||
]
|
||||
)
|
||||
|
||||
# sniffer doesn't work in maxstrength mode
|
||||
if test "$ENABLED_SNIFFER" = "yes" && test "$ENABLED_MAXSTRENGTH" = "yes"
|
||||
then
|
||||
AC_MSG_ERROR([cannot enable maxstrength in sniffer mode.])
|
||||
fi
|
||||
|
||||
ENABLED_SNIFFTEST=no
|
||||
AS_IF([ test "x$ENABLED_SNIFFER" = "xyes" ],
|
||||
[
|
||||
@ -5245,8 +5239,6 @@ then
|
||||
ENABLED_ENCRYPT_THEN_MAC=yes
|
||||
fi
|
||||
|
||||
AS_IF([test "x$ENABLED_SNIFFER" = "xyes"],[ENABLED_ENCRYPT_THEN_MAC="no"])
|
||||
|
||||
if test "x$ENABLED_ENCRYPT_THEN_MAC" = "xyes"
|
||||
then
|
||||
AM_CFLAGS="$AM_CFLAGS -DHAVE_ENCRYPT_THEN_MAC"
|
||||
@ -7099,7 +7091,7 @@ AS_IF([test "x$ENABLED_MCAPI" = "xyes"],
|
||||
if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_NGINX" = "yes" || \
|
||||
test "$ENABLED_SIGNAL" = "yes" || test "$ENABLED_WPAS" = "yes" || \
|
||||
test "$ENABLED_FORTRESS" = "yes" || test "$ENABLED_BUMP" = "yes" || \
|
||||
test "$ENABLED_SNIFFER" = "yes" || test "$ENABLED_OPENSSLALL" = "yes" || \
|
||||
test "$ENABLED_OPENSSLALL" = "yes" || \
|
||||
test "$ENABLED_LIBWEBSOCKETS" = "yes" || \
|
||||
test "x$ENABLED_LIGHTY" = "xyes" || test "$ENABLED_LIBSSH2" = "yes" || \
|
||||
test "x$ENABLED_NTP" = "xyes" || test "$ENABLED_RSYSLOG" = "yes"
|
||||
|
||||
@ -87,7 +87,7 @@ noinst_SCRIPTS+= scripts/unit.test.in
|
||||
endif
|
||||
endif
|
||||
|
||||
EXTRA_DIST += scripts/testsuite.pcap \
|
||||
EXTRA_DIST += scripts/sniffer-static-rsa.pcap \
|
||||
scripts/sniffer-ipv6.pcap \
|
||||
scripts/sniffer-tls13-dh.pcap \
|
||||
scripts/sniffer-tls13-dh-resume.pcap \
|
||||
@ -95,8 +95,8 @@ EXTRA_DIST += scripts/testsuite.pcap \
|
||||
scripts/sniffer-tls13-ecc-resume.pcap \
|
||||
scripts/sniffer-tls13-x25519.pcap \
|
||||
scripts/sniffer-tls13-x25519-resume.pcap \
|
||||
scripts/sniffer-tls13-gen.sh \
|
||||
scripts/sniffer-tls13-hrr.pcap \
|
||||
scripts/sniffer-gen.sh \
|
||||
scripts/ping.test \
|
||||
scripts/benchmark.test \
|
||||
scripts/memtest.sh \
|
||||
|
||||
@ -12,6 +12,36 @@ if [ "${AM_BWRAPPED-}" != "yes" ]; then
|
||||
unset AM_BWRAPPED
|
||||
fi
|
||||
|
||||
has_tlsv13=no
|
||||
./sslSniffer/sslSnifferTest/snifftest -? 2>&1 | grep -- 'tls_v13 '
|
||||
if [ $? -eq 0 ]; then
|
||||
has_tlsv13=yes
|
||||
fi
|
||||
has_tlsv12=no
|
||||
./sslSniffer/sslSnifferTest/snifftest -? 2>&1 | grep -- 'tls_v12 '
|
||||
if [ $? -eq 0 ]; then
|
||||
has_tlsv12=yes
|
||||
fi
|
||||
has_rsa=no
|
||||
./sslSniffer/sslSnifferTest/snifftest -? 2>&1 | grep -- 'rsa '
|
||||
if [ $? -eq 0 ]; then
|
||||
has_rsa=yes
|
||||
fi
|
||||
has_ecc=no
|
||||
./sslSniffer/sslSnifferTest/snifftest -? 2>&1 | grep -- 'ecc '
|
||||
if [ $? -eq 0 ]; then
|
||||
has_ecc=yes
|
||||
fi
|
||||
has_x22519=no
|
||||
./sslSniffer/sslSnifferTest/snifftest -? 2>&1 | grep -- 'x22519 '
|
||||
if [ $? -eq 0 ]; then
|
||||
has_x22519=yes
|
||||
fi
|
||||
has_dh=no
|
||||
./sslSniffer/sslSnifferTest/snifftest -? 2>&1 | grep -- 'dh '
|
||||
if [ $? -eq 0 ]; then
|
||||
has_dh=yes
|
||||
fi
|
||||
# ./configure --enable-sniffer [--enable-session-ticket]
|
||||
# Resumption tests require "--enable-session-ticket"
|
||||
session_ticket=no
|
||||
@ -19,94 +49,27 @@ session_ticket=no
|
||||
if [ $? -eq 0 ]; then
|
||||
session_ticket=yes
|
||||
fi
|
||||
has_rsa=no
|
||||
./sslSniffer/sslSnifferTest/snifftest -? 2>&1 | grep -- 'rsa '
|
||||
has_static_rsa=no
|
||||
./sslSniffer/sslSnifferTest/snifftest -? 2>&1 | grep -- 'rsa_static '
|
||||
if [ $? -eq 0 ]; then
|
||||
has_rsa=yes
|
||||
has_static_rsa=yes
|
||||
fi
|
||||
|
||||
|
||||
RESULT=0
|
||||
|
||||
if test $session_ticket == yes
|
||||
# TLS v1.2 Static RSA Test
|
||||
if test $RESULT -eq 0 && test $has_rsa == yes && test $has_tlsv12 == yes && test $has_static_rsa == yes
|
||||
then
|
||||
# TLS v1.2 Static RSA Test
|
||||
echo -e "\nStaring snifftest on testsuite.pcap...\n"
|
||||
./sslSniffer/sslSnifferTest/snifftest ./scripts/testsuite.pcap ./certs/server-key.pem 127.0.0.1 11111
|
||||
./sslSniffer/sslSnifferTest/snifftest ./scripts/sniffer-static-rsa.pcap ./certs/server-key.pem 127.0.0.1 11111
|
||||
|
||||
RESULT=$?
|
||||
[ $RESULT -ne 0 ] && echo -e "\nsnifftest failed\n" && exit 1
|
||||
[ $RESULT -ne 0 ] && echo -e "\nsnifftest static RSA failed\n" && exit 1
|
||||
fi
|
||||
|
||||
# TLS v1.3 sniffer test ECC
|
||||
if test $RESULT -eq 0
|
||||
then
|
||||
./sslSniffer/sslSnifferTest/snifftest ./scripts/sniffer-tls13-ecc.pcap ./certs/statickeys/ecc-secp256r1.pem 127.0.0.1 11111
|
||||
|
||||
RESULT=$?
|
||||
[ $RESULT -ne 0 ] && echo -e "\nsnifftest TLS v1.3 ECC failed\n" && exit 1
|
||||
fi
|
||||
|
||||
# TLS v1.3 sniffer test DH
|
||||
if test $RESULT -eq 0
|
||||
then
|
||||
./sslSniffer/sslSnifferTest/snifftest ./scripts/sniffer-tls13-dh.pcap ./certs/statickeys/dh-ffdhe2048.pem 127.0.0.1 11111
|
||||
|
||||
RESULT=$?
|
||||
[ $RESULT -ne 0 ] && echo -e "\nsnifftest TLS v1.3 DH failed\n" && exit 1
|
||||
fi
|
||||
|
||||
# TLS v1.3 sniffer test X25519
|
||||
if test $RESULT -eq 0
|
||||
then
|
||||
./sslSniffer/sslSnifferTest/snifftest ./scripts/sniffer-tls13-x25519.pcap ./certs/statickeys/x25519.pem 127.0.0.1 11111
|
||||
|
||||
RESULT=$?
|
||||
[ $RESULT -ne 0 ] && echo -e "\nsnifftest TLS v1.3 X25519 failed\n" && exit 1
|
||||
fi
|
||||
|
||||
# TLS v1.3 Resumption Tests
|
||||
if test $session_ticket == yes
|
||||
then
|
||||
# TLS v1.3 sniffer test ECC resumption
|
||||
if test $RESULT -eq 0
|
||||
then
|
||||
./sslSniffer/sslSnifferTest/snifftest ./scripts/sniffer-tls13-ecc-resume.pcap ./certs/statickeys/ecc-secp256r1.pem 127.0.0.1 11111
|
||||
|
||||
RESULT=$?
|
||||
[ $RESULT -ne 0 ] && echo -e "\nsnifftest TLS v1.3 ECC failed\n" && exit 1
|
||||
fi
|
||||
|
||||
# TLS v1.3 sniffer test DH
|
||||
if test $RESULT -eq 0
|
||||
then
|
||||
./sslSniffer/sslSnifferTest/snifftest ./scripts/sniffer-tls13-dh-resume.pcap ./certs/statickeys/dh-ffdhe2048.pem 127.0.0.1 11111
|
||||
|
||||
RESULT=$?
|
||||
[ $RESULT -ne 0 ] && echo -e "\nsnifftest TLS v1.3 DH failed\n" && exit 1
|
||||
fi
|
||||
|
||||
# TLS v1.3 sniffer test X25519
|
||||
if test $RESULT -eq 0
|
||||
then
|
||||
./sslSniffer/sslSnifferTest/snifftest ./scripts/sniffer-tls13-x25519-resume.pcap ./certs/statickeys/x25519.pem 127.0.0.1 11111
|
||||
|
||||
RESULT=$?
|
||||
[ $RESULT -ne 0 ] && echo -e "\nsnifftest TLS v1.3 X25519 failed\n" && exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
# TLS v1.3 sniffer test hello_retry_request (HRR) with ECDHE
|
||||
if test $RESULT -eq 0
|
||||
then
|
||||
./sslSniffer/sslSnifferTest/snifftest ./scripts/sniffer-tls13-hrr.pcap ./certs/statickeys/ecc-secp256r1.pem 127.0.0.1 11111
|
||||
|
||||
RESULT=$?
|
||||
[ $RESULT -ne 0 ] && echo -e "\nsnifftest TLS v1.3 HRR failed\n" && exit 1
|
||||
fi
|
||||
|
||||
|
||||
# IPv6
|
||||
if test $RESULT -eq 0 && test "x$1" = "x-6";
|
||||
# TLS v1.2 Static RSA Test (IPv6)
|
||||
if test $RESULT -eq 0 && test $has_rsa == yes && test $has_tlsv12 == yes && test $has_static_rsa == yes
|
||||
then
|
||||
echo -e "\nStaring snifftest on sniffer-ipv6.pcap...\n"
|
||||
./sslSniffer/sslSnifferTest/snifftest ./scripts/sniffer-ipv6.pcap ./certs/server-key.pem ::1 11111
|
||||
@ -115,6 +78,69 @@ then
|
||||
[ $RESULT -ne 0 ] && echo -e "\nsnifftest (ipv6) failed\n" && exit 1
|
||||
fi
|
||||
|
||||
# TLS v1.3 sniffer test ECC
|
||||
if test $RESULT -eq 0 && test $has_tlsv13 == yes && test $has_ecc == yes
|
||||
then
|
||||
./sslSniffer/sslSnifferTest/snifftest ./scripts/sniffer-tls13-ecc.pcap ./certs/statickeys/ecc-secp256r1.pem 127.0.0.1 11111
|
||||
|
||||
RESULT=$?
|
||||
[ $RESULT -ne 0 ] && echo -e "\nsnifftest TLS v1.3 ECC failed\n" && exit 1
|
||||
fi
|
||||
|
||||
# TLS v1.3 sniffer test DH
|
||||
if test $RESULT -eq 0 && test $has_tlsv13 == yes && test $has_dh == yes
|
||||
then
|
||||
./sslSniffer/sslSnifferTest/snifftest ./scripts/sniffer-tls13-dh.pcap ./certs/statickeys/dh-ffdhe2048.pem 127.0.0.1 11111
|
||||
|
||||
RESULT=$?
|
||||
[ $RESULT -ne 0 ] && echo -e "\nsnifftest TLS v1.3 DH failed\n" && exit 1
|
||||
fi
|
||||
|
||||
# TLS v1.3 sniffer test X25519
|
||||
if test $RESULT -eq 0 && test $has_tlsv13 == yes && test $has_x22519 == yes
|
||||
then
|
||||
./sslSniffer/sslSnifferTest/snifftest ./scripts/sniffer-tls13-x25519.pcap ./certs/statickeys/x25519.pem 127.0.0.1 11111
|
||||
|
||||
RESULT=$?
|
||||
[ $RESULT -ne 0 ] && echo -e "\nsnifftest TLS v1.3 X25519 failed\n" && exit 1
|
||||
fi
|
||||
|
||||
# TLS v1.3 sniffer test ECC resumption
|
||||
if test $RESULT -eq 0 && test $has_tlsv13 == yes && test $has_ecc == yes && test $session_ticket == yes
|
||||
then
|
||||
./sslSniffer/sslSnifferTest/snifftest ./scripts/sniffer-tls13-ecc-resume.pcap ./certs/statickeys/ecc-secp256r1.pem 127.0.0.1 11111
|
||||
|
||||
RESULT=$?
|
||||
[ $RESULT -ne 0 ] && echo -e "\nsnifftest TLS v1.3 ECC failed\n" && exit 1
|
||||
fi
|
||||
|
||||
# TLS v1.3 sniffer test DH
|
||||
if test $RESULT -eq 0 && test $has_tlsv13 == yes && test $has_dh == yes && test $session_ticket == yes
|
||||
then
|
||||
./sslSniffer/sslSnifferTest/snifftest ./scripts/sniffer-tls13-dh-resume.pcap ./certs/statickeys/dh-ffdhe2048.pem 127.0.0.1 11111
|
||||
|
||||
RESULT=$?
|
||||
[ $RESULT -ne 0 ] && echo -e "\nsnifftest TLS v1.3 DH failed\n" && exit 1
|
||||
fi
|
||||
|
||||
# TLS v1.3 sniffer test X25519
|
||||
if test $RESULT -eq 0 && test $has_tlsv13 == yes && test $has_x25519 == yes && test $session_ticket == yes
|
||||
then
|
||||
./sslSniffer/sslSnifferTest/snifftest ./scripts/sniffer-tls13-x25519-resume.pcap ./certs/statickeys/x25519.pem 127.0.0.1 11111
|
||||
|
||||
RESULT=$?
|
||||
[ $RESULT -ne 0 ] && echo -e "\nsnifftest TLS v1.3 X25519 failed\n" && exit 1
|
||||
fi
|
||||
|
||||
# TLS v1.3 sniffer test hello_retry_request (HRR) with ECDHE
|
||||
if test $RESULT -eq 0 && test $has_tlsv13 == yes && test $has_ecc == yes
|
||||
then
|
||||
./sslSniffer/sslSnifferTest/snifftest ./scripts/sniffer-tls13-hrr.pcap ./certs/statickeys/ecc-secp256r1.pem 127.0.0.1 11111
|
||||
|
||||
RESULT=$?
|
||||
[ $RESULT -ne 0 ] && echo -e "\nsnifftest TLS v1.3 HRR failed\n" && exit 1
|
||||
fi
|
||||
|
||||
echo -e "\nSuccess!\n"
|
||||
|
||||
exit 0
|
||||
|
||||
@ -973,6 +973,7 @@ typedef struct TcpPseudoHdr {
|
||||
} TcpPseudoHdr;
|
||||
|
||||
|
||||
#ifdef WOLFSSL_ENCRYPTED_KEYS
|
||||
/* Password Setting Callback */
|
||||
static int SetPassword(char* passwd, int sz, int rw, void* userdata)
|
||||
{
|
||||
@ -980,7 +981,7 @@ static int SetPassword(char* passwd, int sz, int rw, void* userdata)
|
||||
XSTRNCPY(passwd, (const char*)userdata, sz);
|
||||
return (int)XSTRLEN((const char*)userdata);
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
/* Ethernet Header */
|
||||
typedef struct EthernetHdr {
|
||||
@ -2140,7 +2141,7 @@ static void CopySessionInfo(SnifferSession* session, SSLInfo* sslInfo)
|
||||
pCipher = wolfSSL_get_cipher(session->sslServer);
|
||||
if (NULL != pCipher) {
|
||||
XSTRNCPY((char*)sslInfo->serverCipherSuiteName, pCipher,
|
||||
sizeof(sslInfo->serverCipherSuiteName));
|
||||
sizeof(sslInfo->serverCipherSuiteName) - 1);
|
||||
sslInfo->serverCipherSuiteName
|
||||
[sizeof(sslInfo->serverCipherSuiteName) - 1] = '\0';
|
||||
}
|
||||
@ -2148,7 +2149,7 @@ static void CopySessionInfo(SnifferSession* session, SSLInfo* sslInfo)
|
||||
#ifdef HAVE_SNI
|
||||
if (NULL != session->sni) {
|
||||
XSTRNCPY((char*)sslInfo->serverNameIndication,
|
||||
session->sni, sizeof(sslInfo->serverNameIndication));
|
||||
session->sni, sizeof(sslInfo->serverNameIndication) - 1);
|
||||
sslInfo->serverNameIndication
|
||||
[sizeof(sslInfo->serverNameIndication) - 1] = '\0';
|
||||
}
|
||||
@ -4445,27 +4446,32 @@ static int DoHandShake(const byte* input, int* sslBytes,
|
||||
case client_key_exchange:
|
||||
Trace(GOT_CLIENT_KEY_EX_STR);
|
||||
#ifdef HAVE_EXTENDED_MASTER
|
||||
if (session->flags.expectEms && session->hash != NULL) {
|
||||
if (HashCopy(session->sslServer->hsHashes,
|
||||
session->hash) == 0 &&
|
||||
HashCopy(session->sslClient->hsHashes,
|
||||
session->hash) == 0) {
|
||||
#ifdef WOLFSSL_ASYNC_CRYPT
|
||||
if (session->sslServer->error != WC_PENDING_E)
|
||||
#endif
|
||||
{
|
||||
if (session->flags.expectEms && session->hash != NULL) {
|
||||
if (HashCopy(session->sslServer->hsHashes,
|
||||
session->hash) == 0 &&
|
||||
HashCopy(session->sslClient->hsHashes,
|
||||
session->hash) == 0) {
|
||||
|
||||
session->sslServer->options.haveEMS = 1;
|
||||
session->sslClient->options.haveEMS = 1;
|
||||
session->sslServer->options.haveEMS = 1;
|
||||
session->sslClient->options.haveEMS = 1;
|
||||
}
|
||||
else {
|
||||
SetError(EXTENDED_MASTER_HASH_STR, error,
|
||||
session, FATAL_ERROR_STATE);
|
||||
ret = -1;
|
||||
}
|
||||
XMEMSET(session->hash, 0, sizeof(HsHashes));
|
||||
XFREE(session->hash, NULL, DYNAMIC_TYPE_HASHES);
|
||||
session->hash = NULL;
|
||||
}
|
||||
else {
|
||||
SetError(EXTENDED_MASTER_HASH_STR, error,
|
||||
session, FATAL_ERROR_STATE);
|
||||
ret = -1;
|
||||
session->sslServer->options.haveEMS = 0;
|
||||
session->sslClient->options.haveEMS = 0;
|
||||
}
|
||||
XMEMSET(session->hash, 0, sizeof(HsHashes));
|
||||
XFREE(session->hash, NULL, DYNAMIC_TYPE_HASHES);
|
||||
session->hash = NULL;
|
||||
}
|
||||
else {
|
||||
session->sslServer->options.haveEMS = 0;
|
||||
session->sslClient->options.haveEMS = 0;
|
||||
}
|
||||
#endif
|
||||
if (ret == 0) {
|
||||
|
||||
@ -411,6 +411,9 @@ static void show_appinfo(void)
|
||||
#ifdef WOLFSSL_TLS13
|
||||
"tls_v13 "
|
||||
#endif
|
||||
#ifndef WOLFSSL_NO_TLS12
|
||||
"tls_v12 "
|
||||
#endif
|
||||
#ifdef HAVE_SESSION_TICKET
|
||||
"session_ticket "
|
||||
#endif
|
||||
@ -447,6 +450,12 @@ static void show_appinfo(void)
|
||||
#ifdef HAVE_CURVE22519
|
||||
"x22519 "
|
||||
#endif
|
||||
#ifdef WOLFSSL_STATIC_RSA
|
||||
"rsa_static "
|
||||
#endif
|
||||
#ifdef WOLFSSL_STATIC_DH
|
||||
"dh_static "
|
||||
#endif
|
||||
"\n\n"
|
||||
);
|
||||
}
|
||||
|
||||
@ -12968,7 +12968,7 @@ static int SetCurve(ecc_key* key, byte* output)
|
||||
#ifdef HAVE_OID_ENCODING
|
||||
int ret;
|
||||
#endif
|
||||
int idx = 0;
|
||||
int idx;
|
||||
word32 oidSz = 0;
|
||||
|
||||
/* validate key */
|
||||
@ -12985,7 +12985,12 @@ static int SetCurve(ecc_key* key, byte* output)
|
||||
oidSz = key->dp->oidSz;
|
||||
#endif
|
||||
|
||||
idx += SetObjectId(oidSz, output);
|
||||
idx = SetObjectId(oidSz, output);
|
||||
|
||||
/* length only */
|
||||
if (output == NULL) {
|
||||
return idx + oidSz;
|
||||
}
|
||||
|
||||
#ifdef HAVE_OID_ENCODING
|
||||
ret = EncodeObjectId(key->dp->oid, key->dp->oidSz, output+idx, &oidSz);
|
||||
@ -21206,7 +21211,6 @@ static int SetEccPublicKey(byte* output, ecc_key* key, int outLen,
|
||||
word32 pubSz;
|
||||
byte bitString[1 + MAX_LENGTH_SZ + 1]; /* 6 */
|
||||
byte algo[MAX_ALGO_SZ]; /* 20 */
|
||||
byte curve[MAX_ALGO_SZ]; /* 20 */
|
||||
|
||||
/* public size */
|
||||
pubSz = key->dp ? key->dp->size : MAX_ECC_BYTES;
|
||||
@ -21219,7 +21223,7 @@ static int SetEccPublicKey(byte* output, ecc_key* key, int outLen,
|
||||
|
||||
/* headers */
|
||||
if (with_header) {
|
||||
curveSz = SetCurve(key, curve);
|
||||
curveSz = SetCurve(key, NULL);
|
||||
if (curveSz <= 0) {
|
||||
return curveSz;
|
||||
}
|
||||
@ -21242,7 +21246,7 @@ static int SetEccPublicKey(byte* output, ecc_key* key, int outLen,
|
||||
idx += algoSz;
|
||||
/* curve */
|
||||
if (output)
|
||||
XMEMCPY(output + idx, curve, curveSz);
|
||||
(void)SetCurve(key, output + idx);
|
||||
idx += curveSz;
|
||||
/* bit string */
|
||||
if (output)
|
||||
|
||||
@ -4385,31 +4385,49 @@ int sp_init_multi(sp_int* n1, sp_int* n2, sp_int* n3, sp_int* n4, sp_int* n5,
|
||||
_sp_zero(n1);
|
||||
n1->dp[0] = 0;
|
||||
n1->size = SP_INT_DIGITS;
|
||||
#ifdef HAVE_WOLF_BIGINT
|
||||
wc_bigint_init(&n1->raw);
|
||||
#endif
|
||||
}
|
||||
if (n2 != NULL) {
|
||||
_sp_zero(n2);
|
||||
n2->dp[0] = 0;
|
||||
n2->size = SP_INT_DIGITS;
|
||||
#ifdef HAVE_WOLF_BIGINT
|
||||
wc_bigint_init(&n2->raw);
|
||||
#endif
|
||||
}
|
||||
if (n3 != NULL) {
|
||||
_sp_zero(n3);
|
||||
n3->dp[0] = 0;
|
||||
n3->size = SP_INT_DIGITS;
|
||||
#ifdef HAVE_WOLF_BIGINT
|
||||
wc_bigint_init(&n3->raw);
|
||||
#endif
|
||||
}
|
||||
if (n4 != NULL) {
|
||||
_sp_zero(n4);
|
||||
n4->dp[0] = 0;
|
||||
n4->size = SP_INT_DIGITS;
|
||||
#ifdef HAVE_WOLF_BIGINT
|
||||
wc_bigint_init(&n4->raw);
|
||||
#endif
|
||||
}
|
||||
if (n5 != NULL) {
|
||||
_sp_zero(n5);
|
||||
n5->dp[0] = 0;
|
||||
n5->size = SP_INT_DIGITS;
|
||||
#ifdef HAVE_WOLF_BIGINT
|
||||
wc_bigint_init(&n5->raw);
|
||||
#endif
|
||||
}
|
||||
if (n6 != NULL) {
|
||||
_sp_zero(n6);
|
||||
n6->dp[0] = 0;
|
||||
n6->size = SP_INT_DIGITS;
|
||||
#ifdef HAVE_WOLF_BIGINT
|
||||
wc_bigint_init(&n6->raw);
|
||||
#endif
|
||||
}
|
||||
|
||||
return MP_OKAY;
|
||||
|
||||
@ -16260,17 +16260,23 @@ static int dh_ffdhe_test(WC_RNG *rng, int name)
|
||||
}
|
||||
|
||||
ret = wc_DhGenerateKeyPair(key, rng, priv, &privSz, pub, &pubSz);
|
||||
#if defined(WOLFSSL_ASYNC_CRYPT)
|
||||
ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
|
||||
#endif
|
||||
if (ret != MP_VAL && ret != MP_EXPTMOD_E) {
|
||||
ERROR_OUT(-8058, done);
|
||||
}
|
||||
|
||||
ret = wc_DhAgree(key, agree, &agreeSz, priv, privSz, pub2, pubSz2);
|
||||
if (ret != MP_VAL && ret != MP_EXPTMOD_E) {
|
||||
#if defined(WOLFSSL_ASYNC_CRYPT)
|
||||
ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE);
|
||||
#endif
|
||||
if (ret != MP_VAL && ret != MP_EXPTMOD_E && ret != ASYNC_OP_E) {
|
||||
ERROR_OUT(-8057, done);
|
||||
}
|
||||
|
||||
ret = wc_DhCheckKeyPair(key, pub, pubSz, priv, privSz);
|
||||
if (ret != MP_VAL && ret != MP_EXPTMOD_E) {
|
||||
if (ret != MP_VAL && ret != MP_EXPTMOD_E && ret != ASYNC_OP_E) {
|
||||
ERROR_OUT(-8057, done);
|
||||
}
|
||||
|
||||
@ -23925,7 +23931,7 @@ static int ecc_test_custom_curves(WC_RNG* rng)
|
||||
#endif
|
||||
|
||||
/* test use of custom curve - using BRAINPOOLP256R1 for test */
|
||||
#ifdef HAVE_ECC_BRAINPOOL
|
||||
#if defined(HAVE_ECC_BRAINPOOL) && !defined(HAVE_INTEL_QA)
|
||||
#ifndef WOLFSSL_ECC_CURVE_STATIC
|
||||
WOLFSSL_SMALL_STACK_STATIC const ecc_oid_t ecc_oid_brainpoolp256r1[] = {
|
||||
0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x07
|
||||
@ -23966,7 +23972,7 @@ static int ecc_test_custom_curves(WC_RNG* rng)
|
||||
|
||||
XMEMSET(key, 0, sizeof *key);
|
||||
|
||||
#ifdef HAVE_ECC_BRAINPOOL
|
||||
#if defined(HAVE_ECC_BRAINPOOL) && !defined(HAVE_INTEL_QA)
|
||||
ret = ecc_test_curve_size(rng, 0, ECC_TEST_VERIFY_COUNT, ECC_CURVE_DEF,
|
||||
&ecc_dp_brainpool256r1);
|
||||
if (ret != 0) {
|
||||
|
||||
@ -728,8 +728,8 @@ decouple library dependencies with standard string, memory and so on.
|
||||
#endif /* _MSC_VER */
|
||||
#endif /* USE_WINDOWS_API */
|
||||
|
||||
#if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) \
|
||||
|| defined(HAVE_ALPN)
|
||||
#if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) || \
|
||||
defined(HAVE_ALPN) || defined(WOLFSSL_SNIFFER)
|
||||
/* use only Thread Safe version of strtok */
|
||||
#if defined(USE_WOLF_STRTOK)
|
||||
#define XSTRTOK(s1,d,ptr) wc_strtok((s1),(d),(ptr))
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user