diff --git a/configure.ac b/configure.ac index e066dacfb..9cae885d7 100644 --- a/configure.ac +++ b/configure.ac @@ -1466,7 +1466,7 @@ fi if test "$ENABLED_ECC" = "yes" then AM_CFLAGS="$AM_CFLAGS -DHAVE_ECC -DTFM_ECC256" - if test "$ENABLED_ECC_SHAMIR" = "yes" + if test "$ENABLED_ECC_SHAMIR" = "yes" && test "$ENABLED_LOWRESOURCE" = "no" then AM_CFLAGS="$AM_CFLAGS -DECC_SHAMIR" fi @@ -4202,6 +4202,10 @@ then then AC_MSG_ERROR([please use --enable-fastmath if enabling staticmemory.]) fi + if test "$ENABLED_LOWRESOURCE" = "yes" && test "$ENABLED_RSA" = "no" + then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_STATIC_MEMORY_SMALL" + fi fi diff --git a/examples/client/client.c b/examples/client/client.c index 339f1722c..e04bda22e 100644 --- a/examples/client/client.c +++ b/examples/client/client.c @@ -1304,7 +1304,7 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args) char resumeMsg[32] = "resuming wolfssl!\n"; #endif - char reply[80]; + char reply[128]; int msgSz = (int)XSTRLEN(msg); int resumeSz = (int)XSTRLEN(resumeMsg); @@ -3183,6 +3183,11 @@ exit: wolfAsync_DevClose(&devId); #endif +#if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS) \ + && defined(HAVE_STACK_SIZE) + wc_ecc_fp_free(); /* free per thread cache */ +#endif + /* There are use cases when these assignments are not read. To avoid * potential confusion those warnings have been handled here. */ diff --git a/examples/server/server.c b/examples/server/server.c index a3272b4ef..666a0cc10 100644 --- a/examples/server/server.c +++ b/examples/server/server.c @@ -2279,8 +2279,8 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args) exit: -#if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \ - && defined(HAVE_THREAD_LS) +#if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS) \ + && (defined(NO_MAIN_DRIVER) || defined(HAVE_STACK_SIZE)) wc_ecc_fp_free(); /* free per thread cache */ #endif diff --git a/tests/api.c b/tests/api.c index 6a4748ffe..c21f6539f 100644 --- a/tests/api.c +++ b/tests/api.c @@ -1284,11 +1284,16 @@ static void test_wolfSSL_SetTmpDH_file(void) WOLFSSL_FILETYPE_PEM)); AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM)); -#else +#elif defined(HAVE_ECC) AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, eccCertFile, WOLFSSL_FILETYPE_PEM)); AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, eccKeyFile, WOLFSSL_FILETYPE_PEM)); +#elif defined(HAVE_ED25519) + AssertTrue(wolfSSL_CTX_use_certificate_file(ctx, edCertFile, + WOLFSSL_FILETYPE_PEM)); + AssertTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, edKeyFile, + WOLFSSL_FILETYPE_PEM)); #endif AssertNotNull(ssl = wolfSSL_new(ctx)); @@ -21587,9 +21592,11 @@ static void test_CheckCertSignature(void) #endif #endif +#if !defined(NO_FILESYSTEM) && (!defined(NO_RSA) || defined(HAVE_ECC)) (void)fp; (void)cert; (void)certSz; +#endif wolfSSL_CertManagerFree(cm); #endif diff --git a/tests/suites.c b/tests/suites.c index 7f37a0b8b..414ffa62c 100644 --- a/tests/suites.c +++ b/tests/suites.c @@ -193,6 +193,36 @@ static int IsValidCert(const char* line) return ret; } +static int IsValidCA(const char* line) +{ + int ret = 1; +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) + WOLFSSL_CTX* ctx; + size_t i; + const char* begin; + char cert[80]; + + begin = XSTRSTR(line, "-A "); + if (begin == NULL) + return 1; + + begin += 3; + for (i = 0; i < sizeof(cert) - 1 && *begin != ' ' && *begin != '\0'; i++) + cert[i] = *(begin++); + cert[i] = '\0'; + + ctx = wolfSSL_CTX_new(wolfSSLv23_server_method_ex(NULL)); + if (ctx == NULL) + return 0; + ret = wolfSSL_CTX_use_certificate_chain_file(ctx, cert) == WOLFSSL_SUCCESS; + wolfSSL_CTX_free(ctx); +#endif /* !NO_FILESYSTEM && !NO_CERTS */ + + (void)line; + + return ret; +} + static int execute_test_case(int svr_argc, char** svr_argv, int cli_argc, char** cli_argv, int addNoVerify, int addNonBlocking, @@ -392,6 +422,12 @@ static int execute_test_case(int svr_argc, char** svr_argv, strcat(commandLine, cli_argv[i]); strcat(commandLine, flagSep); } + if (!IsValidCA(commandLine)) { + #ifdef DEBUG_SUITE_TESTS + printf("certificate %s not supported in build\n", commandLine); + #endif + return NOT_BUILT_IN; + } printf("trying client command line[%d]: %s\n", tests, commandLine); /* determine based on args if this test is expected to fail */ diff --git a/wolfcrypt/src/memory.c b/wolfcrypt/src/memory.c index 72c88a195..76234d583 100644 --- a/wolfcrypt/src/memory.c +++ b/wolfcrypt/src/memory.c @@ -669,6 +669,12 @@ void* wolfSSL_Malloc(size_t size, void* heap, int type) mem->ava[i] = pt->next; break; } + #ifdef WOLFSSL_DEBUG_STATIC_MEMORY + else { + printf("Size: %ld, Empty: %d\n", size, + mem->sizeList[i]); + } + #endif } } } @@ -864,6 +870,14 @@ void* wolfSSL_Realloc(void *ptr, size_t size, void* heap, int type) WOLFSSL_HEAP* mem = hint->memory; word32 padSz = -(int)sizeof(wc_Memory) & (WOLFSSL_STATIC_ALIGN - 1); + if (ptr == NULL) { + #ifdef WOLFSSL_DEBUG_MEMORY + return wolfSSL_Malloc(size, heap, type, func, line); + #else + return wolfSSL_Malloc(size, heap, type); + #endif + } + if (wc_LockMutex(&(mem->memory_mutex)) != 0) { WOLFSSL_MSG("Bad memory_mutex lock"); return NULL; diff --git a/wolfssl/certs_test.h b/wolfssl/certs_test.h index 62ef41847..a137e7938 100644 --- a/wolfssl/certs_test.h +++ b/wolfssl/certs_test.h @@ -3036,6 +3036,17 @@ static const unsigned char server_ed25519_cert[] = }; static const int sizeof_server_ed25519_cert = sizeof(server_ed25519_cert); +static const unsigned char server_ed25519_key[] = +{ + 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, + 0x03, 0x2b, 0x65, 0x70, 0x04, 0x22, 0x04, 0x20, + 0x02, 0x2f, 0xc5, 0xff, 0xba, 0x8e, 0xd0, 0xd2, + 0xbf, 0x03, 0x8e, 0x76, 0x8f, 0xc8, 0x86, 0x80, + 0x71, 0x87, 0x97, 0x31, 0xe2, 0x40, 0xac, 0xdf, + 0xbb, 0x90, 0x15, 0x52, 0x6e, 0x24, 0xa1, 0x39 +}; +static const int sizeof_server_ed25519_key = sizeof(server_ed25519_key); + /* ./certs/ed25519/ca-ed25519.der, ED25519 */ static const unsigned char ca_ed25519_cert[] = { @@ -3104,6 +3115,100 @@ static const unsigned char ca_ed25519_cert[] = }; static const int sizeof_ca_ed25519_cert = sizeof(ca_ed25519_cert); +/* ./certs/ed25519/client-ed25519.der, ED25519 */ +static unsigned char client_ed25519_cert[] = +{ + 0x30, 0x82, 0x02, 0x58, 0x30, 0x82, 0x02, 0x0a, + 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x10, 0x00, + 0x8f, 0x2f, 0x35, 0xb2, 0x53, 0xbd, 0x4f, 0x92, + 0xd1, 0xff, 0x1d, 0x4b, 0x40, 0xa5, 0x49, 0x30, + 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x30, 0x81, + 0xa1, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, + 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, + 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, + 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, + 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, + 0x07, 0x0c, 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d, + 0x61, 0x6e, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x03, + 0x55, 0x04, 0x04, 0x0c, 0x06, 0x63, 0x6c, 0x69, + 0x65, 0x6e, 0x74, 0x31, 0x10, 0x30, 0x0e, 0x06, + 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, + 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x10, 0x30, + 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x07, + 0x45, 0x44, 0x32, 0x35, 0x35, 0x31, 0x39, 0x31, + 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, + 0x0c, 0x0f, 0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, + 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, + 0x6d, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, + 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, + 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, + 0x6f, 0x6d, 0x30, 0x22, 0x18, 0x0f, 0x32, 0x30, + 0x31, 0x38, 0x30, 0x34, 0x31, 0x32, 0x31, 0x36, + 0x32, 0x32, 0x31, 0x37, 0x5a, 0x18, 0x0f, 0x32, + 0x30, 0x32, 0x31, 0x30, 0x31, 0x30, 0x37, 0x31, + 0x35, 0x32, 0x32, 0x31, 0x37, 0x5a, 0x30, 0x81, + 0xa1, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, + 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, + 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, + 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, + 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, + 0x07, 0x0c, 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d, + 0x61, 0x6e, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x03, + 0x55, 0x04, 0x04, 0x0c, 0x06, 0x63, 0x6c, 0x69, + 0x65, 0x6e, 0x74, 0x31, 0x10, 0x30, 0x0e, 0x06, + 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, + 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x10, 0x30, + 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x07, + 0x45, 0x44, 0x32, 0x35, 0x35, 0x31, 0x39, 0x31, + 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, + 0x0c, 0x0f, 0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, + 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, + 0x6d, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, + 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, + 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, + 0x6f, 0x6d, 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, + 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00, 0xa2, 0xf1, + 0x26, 0x40, 0x9b, 0xa2, 0x59, 0xda, 0xdb, 0xe6, + 0x15, 0x7f, 0x9a, 0x11, 0xb5, 0x48, 0x5f, 0x55, + 0xba, 0x5e, 0xed, 0x46, 0xf7, 0x98, 0x67, 0xbe, + 0x0c, 0x93, 0xe3, 0xa4, 0x8e, 0x18, 0xa3, 0x52, + 0x30, 0x50, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, + 0x0e, 0x04, 0x16, 0x04, 0x14, 0xfe, 0x01, 0x46, + 0x7f, 0x6f, 0x2b, 0x3e, 0x1c, 0xb0, 0x6f, 0xe1, + 0xcc, 0x4d, 0x02, 0x25, 0xf7, 0x4d, 0x0a, 0x95, + 0xb8, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, + 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xfe, 0x01, + 0x46, 0x7f, 0x6f, 0x2b, 0x3e, 0x1c, 0xb0, 0x6f, + 0xe1, 0xcc, 0x4d, 0x02, 0x25, 0xf7, 0x4d, 0x0a, + 0x95, 0xb8, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, + 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, + 0x06, 0xc0, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, + 0x70, 0x03, 0x41, 0x00, 0x29, 0xf6, 0x69, 0xe2, + 0xb9, 0x73, 0x12, 0xd1, 0x64, 0xeb, 0x8f, 0xe9, + 0x6b, 0x61, 0xdb, 0x5f, 0xe9, 0xa7, 0x62, 0x6c, + 0x10, 0x89, 0x41, 0x80, 0xe3, 0xe8, 0xfd, 0x1f, + 0xd0, 0x13, 0xae, 0x95, 0x00, 0xaf, 0xf7, 0x77, + 0xe1, 0x22, 0x32, 0xad, 0x46, 0x4f, 0xdc, 0x7e, + 0xfe, 0xae, 0xbc, 0x8a, 0x1f, 0x96, 0x0a, 0xda, + 0x9f, 0xc9, 0x93, 0x52, 0x27, 0x18, 0xb0, 0x8b, + 0xda, 0xbe, 0x81, 0x09 +}; +static const int sizeof_client_ed25519_cert = sizeof(client_ed25519_cert); + +/* ./certs/ed25519/client-ed25519-key.der, ED25519 */ +static unsigned char client_ed25519_key[] = +{ + 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, + 0x03, 0x2b, 0x65, 0x70, 0x04, 0x22, 0x04, 0x20, + 0x27, 0xa3, 0x34, 0x2a, 0x35, 0xd4, 0xbb, 0xb8, + 0xe1, 0xdc, 0xd8, 0xec, 0x0f, 0xc1, 0xa0, 0xd1, + 0xa2, 0x5c, 0xf9, 0x06, 0xf0, 0x44, 0x5d, 0x3b, + 0x97, 0x4d, 0xbd, 0xdf, 0x4a, 0x3b, 0xa3, 0x4e +}; +static const int sizeof_client_ed25519_key = sizeof(client_ed25519_key); + #endif /* HAVE_ED25519 */ #endif /* WOLFSSL_CERTS_TEST_H */ diff --git a/wolfssl/test.h b/wolfssl/test.h index 5ed9e0518..040cd42e7 100644 --- a/wolfssl/test.h +++ b/wolfssl/test.h @@ -327,11 +327,11 @@ #define cliEccCertFile "./certs/client-ecc-cert.pem" #define caEccCertFile "./certs/ca-ecc-cert.pem" #define crlPemDir "./certs/crl" -#define edCertFile "./certs/ed25519/server-ed25519.pem" +#define edCertFile "./certs/ed25519/server-ed25519-cert.pem" #define edKeyFile "./certs/ed25519/server-ed25519-priv.pem" #define cliEdCertFile "./certs/ed25519/client-ed25519.pem" #define cliEdKeyFile "./certs/ed25519/client-ed25519-priv.pem" -#define caEdCertFile "./certs/ed25519/root-ed25519.pem" +#define caEdCertFile "./certs/ed25519/ca-ed25519.pem" #ifdef HAVE_WNR /* Whitewood netRandom default config file */ #define wnrConfig "./wnr-example.conf" diff --git a/wolfssl/wolfcrypt/memory.h b/wolfssl/wolfcrypt/memory.h index 4d5d73308..6851a388c 100644 --- a/wolfssl/wolfcrypt/memory.h +++ b/wolfssl/wolfcrypt/memory.h @@ -110,7 +110,12 @@ WOLFSSL_API int wolfSSL_GetAllocators(wolfSSL_Malloc_cb*, #endif #endif #ifndef WOLFMEM_DIST - #define WOLFMEM_DIST 49,10,6,14,5,6,9,1,1 + #ifndef WOLFSSL_STATIC_MEMORY_SMALL + #define WOLFMEM_DIST 49,10,6,14,5,6,9,1,1 + #else + /* Low resource and not RSA */ + #define WOLFMEM_DIST 29, 7,6, 9,4,4,0,0,0 + #endif #endif /* flags for loading static memory (one hot bit) */