From aeaac15682d00c63e894aa20fc97cec99b322e05 Mon Sep 17 00:00:00 2001 From: David Garske Date: Fri, 12 Feb 2016 13:16:39 -0800 Subject: [PATCH] Fixed compile errors in signature.c if ECC on but ECC sign/verify disabled. Added new NO_ASN_TIME option to reduce ASN size for space constrained or missing RTC. Added check to make sure ASN is enabled if ECC sign/verify is enabled. --- wolfcrypt/src/asn.c | 31 +++++++++++++++++++++---------- wolfcrypt/src/ecc.c | 4 ++++ wolfcrypt/src/signature.c | 7 ++++--- wolfcrypt/test/test.c | 4 ++-- 4 files changed, 31 insertions(+), 15 deletions(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index d0d5a6ae8..4ec81b25c 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -25,6 +25,13 @@ #include +/* +ASN Options: + * NO_ASN_TIME: Disables time parts of the ASN code for systems without an RTC + or wishing to save space. + * IGNORE_NAME_CONSTRAINTS: Skip ASN name checks. +*/ + #ifndef NO_ASN #ifdef HAVE_RTP_SYS @@ -94,7 +101,7 @@ #define FALSE 0 #endif - +#ifndef NO_ASN_TIME #if defined(HAVE_RTP_SYS) /* uses parital structures */ #define XTIME(tl) (0) @@ -491,6 +498,7 @@ time_t idirect_time(time_t * timer) #endif /* IDIRECT_DEV_TIME */ +#endif /* !NO_ASN_TIME */ WOLFSSL_LOCAL int GetLength(const byte* input, word32* inOutIdx, int* len, word32 maxIdx) @@ -617,7 +625,7 @@ static int GetShortInt(const byte* input, word32* inOutIdx, int* number) } #endif /* !NO_PWDBASED */ - +#ifndef NO_ASN_TIME /* May not have one, not an error */ static int GetExplicitVersion(const byte* input, word32* inOutIdx, int* version) { @@ -634,7 +642,7 @@ static int GetExplicitVersion(const byte* input, word32* inOutIdx, int* version) return 0; } - +#endif /* !NO_ASN_TIME */ WOLFSSL_LOCAL int GetInt(mp_int* mpi, const byte* input, word32* inOutIdx, word32 maxIdx) @@ -2212,7 +2220,7 @@ void FreeDecodedCert(DecodedCert* cert) #endif /* OPENSSL_EXTRA */ } - +#ifndef NO_ASN_TIME static int GetCertHeader(DecodedCert* cert) { int ret = 0, len; @@ -2264,6 +2272,7 @@ static int GetCertHeader(DecodedCert* cert) return ret; } +#endif /* !NO_ASN_TIME */ #if !defined(NO_RSA) /* Store Rsa Key, may save later, Dsa could use in future */ @@ -2327,7 +2336,7 @@ static int StoreRsaKey(DecodedCert* cert) #endif /* HAVE_ECC */ - +#ifndef NO_ASN_TIME static int GetKey(DecodedCert* cert) { int length; @@ -3184,7 +3193,7 @@ static int GetSignature(DecodedCert* cert) return 0; } - +#endif /* !NO_ASN_TIME */ static word32 SetDigest(const byte* digest, word32 digSz, byte* output) { @@ -3444,7 +3453,7 @@ int wc_GetCTC_HashOID(int type) }; } - +#ifndef NO_ASN_TIME /* return true (1) or false (0) for Confirmation */ static int ConfirmSignature(const byte* buf, word32 bufSz, const byte* key, word32 keySz, word32 keyOID, @@ -4494,6 +4503,7 @@ static int DecodeNameConstraints(byte* input, int sz, DecodedCert* cert) return 0; } #endif /* IGNORE_NAME_CONSTRAINTS */ +#endif /* NO_ASN_TIME */ #if defined(WOLFSSL_CERT_EXT) && !defined(WOLFSSL_SEP) @@ -4670,7 +4680,7 @@ static int DecodePolicyOID(char *out, word32 outSz, byte *in, word32 inSz) } #endif /* WOLFSSL_SEP */ - +#ifndef NO_ASN_TIME static int DecodeCertExtensions(DecodedCert* cert) /* * Processing the Certificate Extensions. This does not modify the current @@ -4884,6 +4894,7 @@ int ParseCert(DecodedCert* cert, int type, int verify, void* cm) return ret; } +#endif /* !NO_ASN_TIME */ /* from SSL proper, for locking can't do find here anymore */ @@ -4920,7 +4931,7 @@ Signer* GetCAByName(void* signers, byte* hash) #endif /* WOLFCRYPT_ONLY */ - +#ifndef NO_ASN_TIME int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) { word32 confirmOID; @@ -5043,7 +5054,7 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm) return 0; } - +#endif /* !NO_ASN_TIME */ /* Create and init an new signer */ Signer* MakeSigner(void* heap) diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index 82dc2d9e7..3376b9252 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -57,6 +57,10 @@ ECC Curves: #ifdef HAVE_ECC +#if (defined(HAVE_ECC_SIGN) || defined(HAVE_ECC_VERIFY)) && defined(NO_ASN) + #error ASN must be enabled for ECC sign/verify +#endif + #include #include #include diff --git a/wolfcrypt/src/signature.c b/wolfcrypt/src/signature.c index c9b9223b5..b3c57142b 100644 --- a/wolfcrypt/src/signature.c +++ b/wolfcrypt/src/signature.c @@ -38,7 +38,8 @@ #endif /* If ECC and RSA are disabled then disable signature wrapper */ -#if (!defined(HAVE_ECC) || (defined(HAVE_ECC) && !defined(NO_ASN))) && defined(NO_RSA) +#if (!defined(HAVE_ECC) || (defined(HAVE_ECC) && !defined(HAVE_ECC_SIGN) \ + && !defined(HAVE_ECC_VERIFY))) && defined(NO_RSA) #undef NO_SIG_WRAPPER #define NO_SIG_WRAPPER #endif @@ -169,7 +170,7 @@ int wc_SignatureVerify( switch(sig_type) { case WC_SIGNATURE_TYPE_ECC: { -#ifdef HAVE_ECC +#if defined(HAVE_ECC) && defined(HAVE_ECC_VERIFY) int is_valid_sig = 0; /* Perform verification of signature using provided ECC key */ @@ -292,7 +293,7 @@ int wc_SignatureGenerate( /* Create signature using hash as data */ switch(sig_type) { case WC_SIGNATURE_TYPE_ECC: -#ifdef HAVE_ECC +#if defined(HAVE_ECC) && defined(HAVE_ECC_SIGN) /* Create signature using provided ECC key */ ret = wc_ecc_sign_hash(hash_data, hash_len, sig, sig_len, rng, (ecc_key*)key); #else diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 199f13c33..95fbba485 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -6172,8 +6172,8 @@ int ecc_test(void) WC_RNG rng; byte sharedA[1024]; byte sharedB[1024]; -#if !defined(NO_ASN) || (!defined(NO_SHA) && \ - ((defined(HAVE_ECC192) && defined(HAVE_ECC224)) || defined(HAVE_ALL_CURVES))) +#if !defined(NO_SHA) && \ + ((defined(HAVE_ECC192) && defined(HAVE_ECC224)) || defined(HAVE_ALL_CURVES)) byte sig[1024]; int verify; #endif