From d85c108952ad36b1e5923353c9d14068cfe9c6bf Mon Sep 17 00:00:00 2001 From: Daniel Pouzzner Date: Thu, 21 Nov 2024 21:59:26 -0600 Subject: [PATCH] wolfssl/wolfcrypt/error-crypt.h, wolfcrypt/src/error.c: add WC_FAILURE ("wolfCrypt generic failure") with value -1, for traceable error return of -1 in wolfCrypt. configure.ac: add OPENSSL_EXTRA to --enable-wolfsentry. linuxkm/linuxkm_wc_port.h, linuxkm/module_hooks.c, wolfssl/ssl.h: accommodate backward dependencies for wolfSSL_X509_NAME_add_entry_by_NID, wolfSSL_X509_NAME_free, and wolfSSL_X509_NAME_new_ex. linuxkm/lkcapi_glue.c: if CONFIG_CRYPTO_MANAGER, assert match of CONFIG_CRYPTO_FIPS and HAVE_FIPS. src/ssl_crypto.c, wolfcrypt/src/wc_lms.c, wolfcrypt/src/wc_lms_impl.c, wolfcrypt/src/wc_xmss.c, wolfcrypt/test/test.c: add missing casts for XMALLOC()s. src/ssl_crypto.c: in wolfSSL_AES_decrypt(), fix gate for wc_AesDecryptDirect() return type. wolfcrypt/test/test.c: smallstack refactor in test_dilithium_decode_level(). tests/api.c: fix uninited vars and "embedding a directive within macro arguments is not portable" in test_wc_dilithium_der(). --- configure.ac | 5 +++ linuxkm/linuxkm_wc_port.h | 24 +++++++++++++ linuxkm/lkcapi_glue.c | 8 +++++ linuxkm/module_hooks.c | 5 +++ src/ssl_crypto.c | 10 +++--- tests/api.c | 21 ++++++----- wolfcrypt/src/error.c | 3 ++ wolfcrypt/src/wc_lms.c | 8 ++--- wolfcrypt/src/wc_lms_impl.c | 4 +-- wolfcrypt/src/wc_xmss.c | 6 ++-- wolfcrypt/test/test.c | 63 ++++++++++++++++++++------------- wolfssl/ssl.h | 6 ++++ wolfssl/wolfcrypt/error-crypt.h | 4 +++ wolfssl/wolfcrypt/settings.h | 3 +- 14 files changed, 123 insertions(+), 47 deletions(-) diff --git a/configure.ac b/configure.ac index 4985c20b4c..ff9b61de20 100644 --- a/configure.ac +++ b/configure.ac @@ -4662,6 +4662,11 @@ fi if test "$ENABLED_WOLFSENTRY" = "yes" then AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_WOLFSENTRY_HOOKS -DHAVE_EX_DATA -DHAVE_EX_DATA_CLEANUP_HOOKS" + if test "$ENABLED_OPENSSLEXTRA" = "no" + then + ENABLED_OPENSSLEXTRA="yes" + AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA" + fi WOLFSENTRY_LIB="$WOLFSENTRY_LIB -lwolfsentry" fi diff --git a/linuxkm/linuxkm_wc_port.h b/linuxkm/linuxkm_wc_port.h index 848f0dd7e5..3a861e9aec 100644 --- a/linuxkm/linuxkm_wc_port.h +++ b/linuxkm/linuxkm_wc_port.h @@ -471,6 +471,16 @@ unsigned int serialSz); #endif #endif /* NO_SKID */ + + #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + struct WOLFSSL_X509_NAME; + extern int wolfSSL_X509_NAME_add_entry_by_NID(struct WOLFSSL_X509_NAME *name, int nid, + int type, const unsigned char *bytes, + int len, int loc, int set); + extern void wolfSSL_X509_NAME_free(struct WOLFSSL_X509_NAME* name); + extern struct WOLFSSL_X509_NAME* wolfSSL_X509_NAME_new_ex(void *heap); + #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ + #endif /* !WOLFCRYPT_ONLY && !NO_CERTS */ #if defined(__PIE__) && !defined(USE_WOLFSSL_LINUXKM_PIE_REDIRECT_TABLE) @@ -645,6 +655,13 @@ #ifdef WOLFSSL_AKID_NAME typeof(GetCAByAKID) *GetCAByAKID; #endif /* WOLFSSL_AKID_NAME */ + + #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + typeof(wolfSSL_X509_NAME_add_entry_by_NID) *wolfSSL_X509_NAME_add_entry_by_NID; + typeof(wolfSSL_X509_NAME_free) *wolfSSL_X509_NAME_free; + typeof(wolfSSL_X509_NAME_new_ex) *wolfSSL_X509_NAME_new_ex; + #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ + #endif /* !WOLFCRYPT_ONLY && !NO_CERTS */ #ifdef WOLFSSL_DEBUG_BACKTRACE_ERROR_CODES @@ -800,6 +817,13 @@ #ifdef WOLFSSL_AKID_NAME #define GetCAByAKID (wolfssl_linuxkm_get_pie_redirect_table()->GetCAByAKID) #endif + + #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + #define wolfSSL_X509_NAME_add_entry_by_NID (wolfssl_linuxkm_get_pie_redirect_table()->wolfSSL_X509_NAME_add_entry_by_NID) + #define wolfSSL_X509_NAME_free (wolfssl_linuxkm_get_pie_redirect_table()->wolfSSL_X509_NAME_free) + #define wolfSSL_X509_NAME_new_ex (wolfssl_linuxkm_get_pie_redirect_table()->wolfSSL_X509_NAME_new_ex) + #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ + #endif /* !WOLFCRYPT_ONLY && !NO_CERTS */ #ifdef WOLFSSL_DEBUG_BACKTRACE_ERROR_CODES diff --git a/linuxkm/lkcapi_glue.c b/linuxkm/lkcapi_glue.c index 6adaac5370..082531959a 100644 --- a/linuxkm/lkcapi_glue.c +++ b/linuxkm/lkcapi_glue.c @@ -26,6 +26,14 @@ #error lkcapi_glue.c included in non-LINUXKM_LKCAPI_REGISTER project. #endif +/* kernel crypto self-test includes test setups that have different expected + * results FIPS vs non-FIPS. + */ +#if defined(CONFIG_CRYPTO_MANAGER) && \ + (defined(CONFIG_CRYPTO_FIPS) != defined(HAVE_FIPS)) +#error CONFIG_CRYPTO_MANAGER requires that CONFIG_CRYPTO_FIPS match HAVE_FIPS. +#endif + #ifndef WOLFSSL_LINUXKM_LKCAPI_PRIORITY /* Larger number means higher priority. The highest in-tree priority is 4001, * in the Cavium driver. diff --git a/linuxkm/module_hooks.c b/linuxkm/module_hooks.c index 2972011919..892a2d4321 100644 --- a/linuxkm/module_hooks.c +++ b/linuxkm/module_hooks.c @@ -584,6 +584,11 @@ static int set_up_wolfssl_linuxkm_pie_redirect_table(void) { #ifdef WOLFSSL_AKID_NAME wolfssl_linuxkm_pie_redirect_table.GetCAByAKID = GetCAByAKID; #endif /* WOLFSSL_AKID_NAME */ +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + wolfssl_linuxkm_pie_redirect_table.wolfSSL_X509_NAME_add_entry_by_NID = wolfSSL_X509_NAME_add_entry_by_NID; + wolfssl_linuxkm_pie_redirect_table.wolfSSL_X509_NAME_free = wolfSSL_X509_NAME_free; + wolfssl_linuxkm_pie_redirect_table.wolfSSL_X509_NAME_new_ex = wolfSSL_X509_NAME_new_ex; +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ #endif /* !WOLFCRYPT_ONLY && !NO_CERTS */ #ifdef WOLFSSL_DEBUG_BACKTRACE_ERROR_CODES diff --git a/src/ssl_crypto.c b/src/ssl_crypto.c index 4eda76b220..e5153f258d 100644 --- a/src/ssl_crypto.c +++ b/src/ssl_crypto.c @@ -2614,7 +2614,7 @@ void wolfSSL_DES_cbc_encrypt(const unsigned char* input, unsigned char* output, WOLFSSL_ENTER("wolfSSL_DES_cbc_encrypt"); #ifdef WOLFSSL_SMALL_STACK - des = XMALLOC(sizeof(Des3), NULL, DYNAMIC_TYPE_CIPHER); + des = (Des*)XMALLOC(sizeof(Des3), NULL, DYNAMIC_TYPE_CIPHER); if (des == NULL) { WOLFSSL_MSG("Failed to allocate memory for Des object"); } @@ -2732,7 +2732,7 @@ void wolfSSL_DES_ede3_cbc_encrypt(const unsigned char* input, WOLFSSL_ENTER("wolfSSL_DES_ede3_cbc_encrypt"); #ifdef WOLFSSL_SMALL_STACK - des3 = XMALLOC(sizeof(Des3), NULL, DYNAMIC_TYPE_CIPHER); + des3 = (Des3*)XMALLOC(sizeof(Des3), NULL, DYNAMIC_TYPE_CIPHER); if (des3 == NULL) { WOLFSSL_MSG("Failed to allocate memory for Des3 object"); sz = 0; @@ -2862,7 +2862,9 @@ void wolfSSL_DES_ecb_encrypt(WOLFSSL_DES_cblock* in, WOLFSSL_DES_cblock* out, WOLFSSL_MSG("Bad argument passed to wolfSSL_DES_ecb_encrypt"); } #ifdef WOLFSSL_SMALL_STACK - else if ((des = XMALLOC(sizeof(Des), NULL, DYNAMIC_TYPE_CIPHER)) == NULL) { + else if ((des = (Des*)XMALLOC(sizeof(Des), NULL, DYNAMIC_TYPE_CIPHER)) + == NULL) + { WOLFSSL_MSG("Failed to allocate memory for Des object"); } #endif @@ -3039,7 +3041,7 @@ void wolfSSL_AES_decrypt(const unsigned char* input, unsigned char* output, } else #if !defined(HAVE_SELFTEST) && \ - (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) + (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION3_GE(5,2,1))) /* Decrypt a block with wolfCrypt AES. */ if (wc_AesDecryptDirect((Aes*)key, output, input) != 0) { WOLFSSL_MSG("wc_AesDecryptDirect failed"); diff --git a/tests/api.c b/tests/api.c index 3df31dbd1f..a387ca3353 100644 --- a/tests/api.c +++ b/tests/api.c @@ -34962,7 +34962,7 @@ static int test_wc_dilithium_der(void) int pubDerLen; int privDerLen; int keyDerLen; - word32 idx; + word32 idx = 0; #ifndef WOLFSSL_NO_ML_DSA_44 pubLen = DILITHIUM_LEVEL2_PUB_KEY_SIZE; @@ -34989,6 +34989,9 @@ static int test_wc_dilithium_der(void) if (key != NULL) { XMEMSET(key, 0, sizeof(*key)); } + if (der != NULL) { + XMEMSET(der, 0, sizeof(*der)); + } XMEMSET(&rng, 0, sizeof(WC_RNG)); ExpectIntEQ(wc_InitRng(&rng), 0); ExpectIntEQ(wc_dilithium_init(key), 0); @@ -35002,21 +35005,21 @@ static int test_wc_dilithium_der(void) /* When security level is not set, we attempt to parse it from DER. Since * the supplied DER is invalid, this should fail with ASN parsing error */ idx = 0; - ExpectIntEQ(wc_Dilithium_PublicKeyDecode(der, &idx, key, pubDerLen), #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT - WC_NO_ERR_TRACE(BAD_FUNC_ARG) + ExpectIntEQ(wc_Dilithium_PublicKeyDecode(der, &idx, key, pubDerLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); #else - WC_NO_ERR_TRACE(ASN_PARSE_E) + ExpectIntEQ(wc_Dilithium_PublicKeyDecode(der, &idx, key, pubDerLen), + WC_NO_ERR_TRACE(ASN_PARSE_E)); #endif - ); idx = 0; - ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der, &idx, key, privDerLen), #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT - WC_NO_ERR_TRACE(BAD_FUNC_ARG) + ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der, &idx, key, privDerLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); #else - WC_NO_ERR_TRACE(ASN_PARSE_E) + ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der, &idx, key, privDerLen), + WC_NO_ERR_TRACE(ASN_PARSE_E)); #endif - ); #ifndef WOLFSSL_NO_ML_DSA_44 ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), 0); diff --git a/wolfcrypt/src/error.c b/wolfcrypt/src/error.c index a87289371c..0deb66818e 100644 --- a/wolfcrypt/src/error.c +++ b/wolfcrypt/src/error.c @@ -44,6 +44,9 @@ const char* wc_GetErrorString(int error) { switch ((enum wolfCrypt_ErrorCodes)error) { + case WC_FAILURE: + return "wolfCrypt generic failure"; + case MP_MEM : return "MP integer dynamic memory allocation failed"; diff --git a/wolfcrypt/src/wc_lms.c b/wolfcrypt/src/wc_lms.c index 45590018ae..b2a3bf8b3e 100644 --- a/wolfcrypt/src/wc_lms.c +++ b/wolfcrypt/src/wc_lms.c @@ -765,7 +765,7 @@ int wc_LmsKey_MakeKey(LmsKey* key, WC_RNG* rng) #ifdef WOLFSSL_SMALL_STACK /* Allocate memory for working state. */ - state = XMALLOC(sizeof(LmsState), NULL, DYNAMIC_TYPE_TMP_BUFFER); + state = (LmsState*)XMALLOC(sizeof(LmsState), NULL, DYNAMIC_TYPE_TMP_BUFFER); if (state == NULL) { ret = MEMORY_E; } @@ -880,7 +880,7 @@ int wc_LmsKey_Reload(LmsKey* key) #ifdef WOLFSSL_SMALL_STACK /* Allocate memory for working state. */ - state = XMALLOC(sizeof(LmsState), NULL, DYNAMIC_TYPE_TMP_BUFFER); + state = (LmsState*)XMALLOC(sizeof(LmsState), NULL, DYNAMIC_TYPE_TMP_BUFFER); if (state == NULL) { ret = MEMORY_E; } @@ -978,7 +978,7 @@ int wc_LmsKey_Sign(LmsKey* key, byte* sig, word32* sigSz, const byte* msg, #ifdef WOLFSSL_SMALL_STACK /* Allocate memory for working state. */ - state = XMALLOC(sizeof(LmsState), NULL, DYNAMIC_TYPE_TMP_BUFFER); + state = (LmsState*)XMALLOC(sizeof(LmsState), NULL, DYNAMIC_TYPE_TMP_BUFFER); if (state == NULL) { ret = MEMORY_E; } @@ -1239,7 +1239,7 @@ int wc_LmsKey_Verify(LmsKey* key, const byte* sig, word32 sigSz, #ifdef WOLFSSL_SMALL_STACK /* Allocate memory for working state. */ - state = XMALLOC(sizeof(LmsState), NULL, DYNAMIC_TYPE_TMP_BUFFER); + state = (LmsState*)XMALLOC(sizeof(LmsState), NULL, DYNAMIC_TYPE_TMP_BUFFER); if (state == NULL) { ret = MEMORY_E; } diff --git a/wolfcrypt/src/wc_lms_impl.c b/wolfcrypt/src/wc_lms_impl.c index bb9345c9a2..a27efb414e 100644 --- a/wolfcrypt/src/wc_lms_impl.c +++ b/wolfcrypt/src/wc_lms_impl.c @@ -1962,7 +1962,7 @@ static int wc_lms_treehash_init(LmsState* state, LmsPrivState* privState, #ifdef WOLFSSL_SMALL_STACK /* Allocate stack of left side hashes. */ - stack = XMALLOC((params->height + 1) * params->hash_len, NULL, + stack = (byte*)XMALLOC((params->height + 1) * params->hash_len, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (stack == NULL) { ret = MEMORY_E; @@ -2088,7 +2088,7 @@ static int wc_lms_treehash_update(LmsState* state, LmsPrivState* privState, #ifdef WOLFSSL_SMALL_STACK /* Allocate stack of left side hashes. */ - stack = XMALLOC((params->height + 1) * params->hash_len, NULL, + stack = (byte*)XMALLOC((params->height + 1) * params->hash_len, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (stack == NULL) { ret = MEMORY_E; diff --git a/wolfcrypt/src/wc_xmss.c b/wolfcrypt/src/wc_xmss.c index 5c016dbac2..6546597dc2 100644 --- a/wolfcrypt/src/wc_xmss.c +++ b/wolfcrypt/src/wc_xmss.c @@ -738,7 +738,7 @@ static WC_INLINE int wc_xmsskey_signupdate(XmssKey* key, byte* sig, #endif #ifdef WOLFSSL_SMALL_STACK - state = XMALLOC(sizeof(XmssState), NULL, DYNAMIC_TYPE_TMP_BUFFER); + state = (XmssState*)XMALLOC(sizeof(XmssState), NULL, DYNAMIC_TYPE_TMP_BUFFER); if (state == NULL) { ret = MEMORY_E; } @@ -1109,7 +1109,7 @@ int wc_XmssKey_MakeKey(XmssKey* key, WC_RNG* rng) #endif #ifdef WOLFSSL_SMALL_STACK - state = XMALLOC(sizeof(XmssState), NULL, DYNAMIC_TYPE_TMP_BUFFER); + state = (XmssState*)XMALLOC(sizeof(XmssState), NULL, DYNAMIC_TYPE_TMP_BUFFER); if (state == NULL) { ret = MEMORY_E; } @@ -1645,7 +1645,7 @@ int wc_XmssKey_Verify(XmssKey* key, const byte* sig, word32 sigLen, #endif #ifdef WOLFSSL_SMALL_STACK - state = XMALLOC(sizeof(XmssState), NULL, DYNAMIC_TYPE_TMP_BUFFER); + state = (XmssState*)XMALLOC(sizeof(XmssState), NULL, DYNAMIC_TYPE_TMP_BUFFER); if (state == NULL) { ret = MEMORY_E; } diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 281053773c..bf4824c200 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -33733,9 +33733,9 @@ static wc_test_ret_t ecc_ctx_kdf_salt_test(WC_RNG* rng, ecc_key* a, ecc_key* b) int bInit = 0; #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - plaintext = XMALLOC(MAX_ECIES_TEST_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - encrypted = XMALLOC(MAX_ECIES_TEST_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - decrypted = XMALLOC(MAX_ECIES_TEST_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + plaintext = (byte*)XMALLOC(MAX_ECIES_TEST_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + encrypted = (byte*)XMALLOC(MAX_ECIES_TEST_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + decrypted = (byte*)XMALLOC(MAX_ECIES_TEST_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); #endif wc_ecc_free(a); @@ -45867,8 +45867,12 @@ static wc_test_ret_t test_dilithium_decode_level(const byte* rawKey, int expectedLevel, int isPublicOnlyKey) { - int ret; - dilithium_key key; + int ret = 0; +#ifdef WOLFSSL_SMALL_STACK + dilithium_key *key = NULL; +#else + dilithium_key key[1]; +#endif word32 idx; byte* der; word32 derSz; @@ -45882,23 +45886,31 @@ static wc_test_ret_t test_dilithium_decode_level(const byte* rawKey, return MEMORY_E; } +#ifdef WOLFSSL_SMALL_STACK + key = (dilithium_key *)XMALLOC(sizeof(*key), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (key == NULL) + ret = MEMORY_E; +#endif + /* Initialize key */ - ret = wc_dilithium_init(&key); + if (ret == 0) { + ret = wc_dilithium_init(key); + } /* Import raw key, setting the security level */ if (ret == 0) { - ret = wc_dilithium_set_level(&key, expectedLevel); + ret = wc_dilithium_set_level(key, expectedLevel); } if (ret == 0) { #ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY if (isPublicOnlyKey) { - ret = wc_dilithium_import_public(rawKey, rawKeySz, &key); + ret = wc_dilithium_import_public(rawKey, rawKeySz, key); } #endif #ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY if (!isPublicOnlyKey) { - ret = wc_dilithium_import_private(rawKey, rawKeySz, &key); + ret = wc_dilithium_import_private(rawKey, rawKeySz, key); } #endif } @@ -45907,12 +45919,12 @@ static wc_test_ret_t test_dilithium_decode_level(const byte* rawKey, if (ret == 0) { #ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY if (isPublicOnlyKey) { - ret = wc_Dilithium_PublicKeyToDer(&key, der, maxDerSz, 1); + ret = wc_Dilithium_PublicKeyToDer(key, der, maxDerSz, 1); } #endif #ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY if (!isPublicOnlyKey) { - ret = wc_Dilithium_PrivateKeyToDer(&key, der, maxDerSz); + ret = wc_Dilithium_PrivateKeyToDer(key, der, maxDerSz); } #endif if (ret >= 0) { @@ -45923,33 +45935,33 @@ static wc_test_ret_t test_dilithium_decode_level(const byte* rawKey, /* Free and reinit key to test fresh decode */ if (ret == 0) { - wc_dilithium_free(&key); - ret = wc_dilithium_init(&key); + wc_dilithium_free(key); + ret = wc_dilithium_init(key); } /* First test decoding when security level is set externally */ if (ret == 0) { - ret = wc_dilithium_set_level(&key, expectedLevel); + ret = wc_dilithium_set_level(key, expectedLevel); } if (ret == 0) { idx = 0; #ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY if (isPublicOnlyKey) { - ret = wc_Dilithium_PublicKeyDecode(der, &idx, &key, derSz); + ret = wc_Dilithium_PublicKeyDecode(der, &idx, key, derSz); } #endif #ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY if (!isPublicOnlyKey) { - ret = wc_Dilithium_PrivateKeyDecode(der, &idx, &key, derSz); + ret = wc_Dilithium_PrivateKeyDecode(der, &idx, key, derSz); } #endif } /* Free and reinit key to test fresh decode */ if (ret == 0) { - wc_dilithium_free(&key); - ret = wc_dilithium_init(&key); + wc_dilithium_free(key); + ret = wc_dilithium_init(key); } #ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT @@ -45958,28 +45970,31 @@ static wc_test_ret_t test_dilithium_decode_level(const byte* rawKey, idx = 0; #ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY if (isPublicOnlyKey) { - ret = wc_Dilithium_PublicKeyDecode(der, &idx, &key, derSz); + ret = wc_Dilithium_PublicKeyDecode(der, &idx, key, derSz); } #endif #ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY if (!isPublicOnlyKey) { - ret = wc_Dilithium_PrivateKeyDecode(der, &idx, &key, derSz); + ret = wc_Dilithium_PrivateKeyDecode(der, &idx, key, derSz); } #endif } /* Verify auto-detected security level */ - if (ret == 0 && key.level != expectedLevel) { + if (ret == 0 && key->level != expectedLevel) { printf("Dilithium key decode failed to detect level.\n" "\tExpected level=%d\n\tGot level=%d\n", - expectedLevel, key.level); + expectedLevel, key->level); ret = WC_TEST_RET_ENC_NC; } #endif /* !WOLFSSL_DILITHIUM_FIPS204_DRAFT */ /* Cleanup */ XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_dilithium_free(&key); + wc_dilithium_free(key); +#ifdef WOLFSSL_SMALL_STACK + XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif return ret; } @@ -46827,7 +46842,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test(void) unsigned char priv[HSS_MAX_PRIVATE_KEY_LEN]; unsigned char old_priv[HSS_MAX_PRIVATE_KEY_LEN]; #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - byte * sig = XMALLOC(WC_TEST_LMS_SIG_LEN, HEAP_HINT, + byte * sig = (byte*)XMALLOC(WC_TEST_LMS_SIG_LEN, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (sig == NULL) { return WC_TEST_RET_ENC_ERRNO; diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index ee9b2fbf3c..588e45c0b0 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -4793,15 +4793,19 @@ WOLFSSL_API int wolfSSL_X509_NAME_add_entry(WOLFSSL_X509_NAME* name, WOLFSSL_API int wolfSSL_X509_NAME_add_entry_by_txt(WOLFSSL_X509_NAME *name, const char *field, int type, const unsigned char *bytes, int len, int loc, int set); +#ifndef wolfSSL_X509_NAME_add_entry_by_NID WOLFSSL_API int wolfSSL_X509_NAME_add_entry_by_NID(WOLFSSL_X509_NAME *name, int nid, int type, const unsigned char *bytes, int len, int loc, int set); +#endif WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_delete_entry( WOLFSSL_X509_NAME *name, int loc); WOLFSSL_API int wolfSSL_X509_NAME_cmp(const WOLFSSL_X509_NAME* x, const WOLFSSL_X509_NAME* y); WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_NAME_new(void); +#ifndef wolfSSL_X509_NAME_new_ex WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_NAME_new_ex(void *heap); +#endif WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_NAME_dup(WOLFSSL_X509_NAME* name); WOLFSSL_API int wolfSSL_X509_NAME_copy(WOLFSSL_X509_NAME* from, WOLFSSL_X509_NAME* to); WOLFSSL_API int wolfSSL_check_private_key(const WOLFSSL* ssl); @@ -5012,7 +5016,9 @@ WOLFSSL_API WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(WOLFSSL_X509_NA || defined(OPENSSL_EXTRA_X509_SMALL) WOLFSSL_API void wolfSSL_X509_NAME_ENTRY_free(WOLFSSL_X509_NAME_ENTRY* ne); WOLFSSL_API WOLFSSL_X509_NAME_ENTRY* wolfSSL_X509_NAME_ENTRY_new(void); +#ifndef wolfSSL_X509_NAME_free WOLFSSL_API void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME* name); +#endif WOLFSSL_API int wolfSSL_CTX_use_certificate(WOLFSSL_CTX* ctx, WOLFSSL_X509* x); WOLFSSL_API int wolfSSL_CTX_add0_chain_cert(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509); WOLFSSL_API int wolfSSL_CTX_add1_chain_cert(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509); diff --git a/wolfssl/wolfcrypt/error-crypt.h b/wolfssl/wolfcrypt/error-crypt.h index 337443c129..5668783546 100644 --- a/wolfssl/wolfcrypt/error-crypt.h +++ b/wolfssl/wolfcrypt/error-crypt.h @@ -46,6 +46,10 @@ enum wolfCrypt_ErrorCodes { /* note that WOLFSSL_FATAL_ERROR is defined as -1 in error-ssl.h, for * reasons of backward compatibility. */ + WC_FAILURE = -1, /* Generic but traceable back compat errcode. + * Note, not reflected in MAX_CODE_E or + * WC_FIRST_E. + */ MAX_CODE_E = -96, /* WC_FIRST_E + 1, for backward compat. */ WC_FIRST_E = -97, /* First code used for wolfCrypt */ diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 9efaad22c2..e920e9100b 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -3736,7 +3736,8 @@ extern void uITRON4_free(void *p) ; (defined(OPENSSL_ALL) || defined(WOLFSSL_WPAS_SMALL) || \ defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \ defined(HAVE_LIGHTY) || defined(WOLFSSL_HAPROXY) || \ - defined(WOLFSSL_OPENSSH) || defined(HAVE_SBLIM_SFCB)) + defined(WOLFSSL_OPENSSH) || defined(HAVE_SBLIM_SFCB) || \ + defined(WOLFSSL_WOLFSENTRY_HOOKS)) #define HAVE_EX_DATA_CRYPTO #endif