diff --git a/configure.ac b/configure.ac index 0c427d4ca7..606ed24118 100644 --- a/configure.ac +++ b/configure.ac @@ -12316,7 +12316,7 @@ AM_CONDITIONAL([BUILD_MLDSA],[test "x$ENABLED_MLDSA" != "xno" || test "x$ENABLED AM_CONDITIONAL([BUILD_ECCSI],[test "x$ENABLED_ECCSI" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_SAKKE],[test "x$ENABLED_SAKKE" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_MEMORY],[test "x$ENABLED_MEMORY" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) -AM_CONDITIONAL([BUILD_MEMUSE],[test "x$ENABLED_ENTROPY_MEMUSE" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) +AM_CONDITIONAL([BUILD_MEMUSE],[test "x$ENABLED_ENTROPY_MEMUSE" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_RNG_BANK],[test "$ENABLED_RNG_BANK" = "yes" || test "$ENABLED_USERSETTINGS" = "yes"]) AM_CONDITIONAL([BUILD_RSA],[test "x$ENABLED_RSA" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_DH],[test "x$ENABLED_DH" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"]) diff --git a/src/internal.c b/src/internal.c index dcd8fa8ab6..75bc485128 100644 --- a/src/internal.c +++ b/src/internal.c @@ -7329,6 +7329,9 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) #endif #else if (ctx->privateKey != NULL) { + if (ssl->buffers.key != NULL) { + FreeDer(&ssl->buffers.key); + } ret = AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer, ctx->privateKey->length, ctx->privateKey->type, ctx->privateKey->heap); diff --git a/src/ssl.c b/src/ssl.c index 4593496a52..9d34fed324 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -3294,7 +3294,8 @@ int wolfSSL_UseSupportedCurve(WOLFSSL* ssl, word16 name) #if defined(NO_TLS) return WOLFSSL_FAILURE; #else - return TLSX_UseSupportedCurve(&ssl->extensions, name, ssl->heap); + return TLSX_UseSupportedCurve(&ssl->extensions, name, ssl->heap, + ssl->options.side); #endif /* NO_TLS */ } @@ -3308,7 +3309,8 @@ int wolfSSL_CTX_UseSupportedCurve(WOLFSSL_CTX* ctx, word16 name) #if defined(NO_TLS) return WOLFSSL_FAILURE; #else - return TLSX_UseSupportedCurve(&ctx->extensions, name, ctx->heap); + return TLSX_UseSupportedCurve(&ctx->extensions, name, ctx->heap, + ctx->method->side); #endif /* NO_TLS */ } @@ -16071,6 +16073,9 @@ WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx) #endif #else if (ctx->privateKey != NULL) { + if (ssl->buffers.key != NULL && ssl->buffers.weOwnKey) { + FreeDer(&ssl->buffers.key); + } ret = AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer, ctx->privateKey->length, ctx->privateKey->type, ctx->privateKey->heap); diff --git a/src/ssl_asn1.c b/src/ssl_asn1.c index 8dd158ef19..cbc0b94303 100644 --- a/src/ssl_asn1.c +++ b/src/ssl_asn1.c @@ -3760,8 +3760,6 @@ int wolfSSL_ASN1_GENERALIZEDTIME_print(WOLFSSL_BIO* bio, * ASN1_TIME APIs ******************************************************************************/ -#ifndef NO_ASN_TIME - #ifdef OPENSSL_EXTRA /* Allocate a new ASN.1 TIME object. * @@ -3811,6 +3809,7 @@ WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_set(WOLFSSL_ASN1_TIME *a, time_t t) } #endif /* !NO_WOLFSSL_STUB */ +#ifndef NO_ASN_TIME /* Convert time to Unix time (GMT). * * @param [in] sec Second in minute. 0-59. @@ -4005,6 +4004,7 @@ WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_adj(WOLFSSL_ASN1_TIME* a, time_t t, return ret; } #endif /* !USER_TIME && !TIME_OVERRIDES */ +#endif /* !NO_ASN_TIME */ /* Get the length of the ASN.1 TIME data. * @@ -4048,6 +4048,7 @@ unsigned char* wolfSSL_ASN1_TIME_get_data(const WOLFSSL_ASN1_TIME *t) return data; } +#ifndef NO_ASN_TIME /* Check format of string in ASN.1 TIME object. * * @param [in] a ASN.1 TIME object. @@ -4069,6 +4070,7 @@ int wolfSSL_ASN1_TIME_check(const WOLFSSL_ASN1_TIME* a) return ret; } +#endif /* !NO_ASN_TIME */ /* Set the time as a string into ASN.1 TIME object. * @@ -4112,6 +4114,7 @@ int wolfSSL_ASN1_TIME_set_string(WOLFSSL_ASN1_TIME *t, const char *str) return ret; } +#ifndef NO_ASN_TIME int wolfSSL_ASN1_TIME_set_string_X509(WOLFSSL_ASN1_TIME *t, const char *str) { int ret = WOLFSSL_SUCCESS; @@ -4126,6 +4129,7 @@ int wolfSSL_ASN1_TIME_set_string_X509(WOLFSSL_ASN1_TIME *t, const char *str) ret = wolfSSL_ASN1_TIME_check(t); return ret; } +#endif /* !NO_ASN_TIME */ /* Convert ASN.1 TIME object to ASN.1 GENERALIZED TIME object. * @@ -4199,7 +4203,7 @@ WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_to_generalizedtime(WOLFSSL_ASN1_TIME *t, return ret; } -#if !defined(USER_TIME) && !defined(TIME_OVERRIDES) +#if !defined(NO_ASN_TIME) && !defined(USER_TIME) && !defined(TIME_OVERRIDES) WOLFSSL_ASN1_TIME* wolfSSL_ASN1_UTCTIME_set(WOLFSSL_ASN1_TIME *s, time_t t) { WOLFSSL_ASN1_TIME* ret = s; @@ -4228,7 +4232,8 @@ WOLFSSL_ASN1_TIME* wolfSSL_ASN1_UTCTIME_set(WOLFSSL_ASN1_TIME *s, time_t t) #endif /* !USER_TIME && !TIME_OVERRIDES */ #endif /* OPENSSL_EXTRA */ -#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA) +#if !defined(NO_ASN_TIME) && \ + (defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA)) /* Get string from ASN.1 TIME object. * * Not an OpenSSL compatibility API. @@ -4607,9 +4612,9 @@ int wolfSSL_ASN1_TIME_print(WOLFSSL_BIO* bio, const WOLFSSL_ASN1_TIME* asnTime) } #endif /* !NO_BIO */ -#endif /* WOLFSSL_MYSQL_COMPATIBLE || OPENSSL_EXTRA */ +#endif /* !NO_ASN_TIME && (WOLFSSL_MYSQL_COMPATIBLE || OPENSSL_EXTRA) */ -#ifdef OPENSSL_EXTRA +#if !defined(NO_ASN_TIME) && defined(OPENSSL_EXTRA) #ifndef NO_BIO /* Print the ASN.1 UTC TIME object as a string to BIO. @@ -4647,9 +4652,7 @@ int wolfSSL_ASN1_UTCTIME_print(WOLFSSL_BIO* bio, const WOLFSSL_ASN1_UTCTIME* a) } #endif /* !NO_BIO */ -#endif /* OPENSSL_EXTRA */ - -#endif /* !NO_ASN_TIME */ +#endif /* !NO_ASN_TIME && OPENSSL_EXTRA */ /******************************************************************************* * ASN1_TYPE APIs diff --git a/src/tls.c b/src/tls.c index 62118d0678..5af3d672dc 100644 --- a/src/tls.c +++ b/src/tls.c @@ -4584,16 +4584,72 @@ int TLSX_UseCertificateStatusRequestV2(TLSX** extensions, byte status_type, #endif /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */ +/* ML-KEM client support requires generating a key pair (encapsulation key) and + * decapsulating the server's ciphertext. */ +#if defined(WOLFSSL_HAVE_MLKEM) && !defined(WOLFSSL_MLKEM_NO_MAKE_KEY) && \ + !defined(WOLFSSL_MLKEM_NO_DECAPSULATE) + #define WOLFSSL_HAVE_MLKEM_CLIENT_SUPPORT +#endif +/* ML-KEM server support requires encapsulating to the client's key. */ +#if defined(WOLFSSL_HAVE_MLKEM) && !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) + #define WOLFSSL_HAVE_MLKEM_SERVER_SUPPORT +#endif + #if defined(HAVE_SUPPORTED_CURVES) || \ (defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES)) +#ifdef WOLFSSL_HAVE_MLKEM +/* Returns whether ML-KEM groups are supported for the given side. + * + * ML-KEM groups require side specific crypto support. The client needs to + * generate a key and decapsulate, while the server needs to encapsulate. + * + * side The side of the connection the check is for: WOLFSSL_CLIENT_END, + * WOLFSSL_SERVER_END or WOLFSSL_NEITHER_END when the side is not known. + * returns 1 when supported or 0 otherwise. + */ +static int TLSX_IsMlKemGroupSupported(int side) +{ + if (side == WOLFSSL_CLIENT_END) { + #ifdef WOLFSSL_HAVE_MLKEM_CLIENT_SUPPORT + return 1; + #else + return 0; + #endif + } + else if (side == WOLFSSL_SERVER_END) { + #ifdef WOLFSSL_HAVE_MLKEM_SERVER_SUPPORT + return 1; + #else + return 0; + #endif + } + else { + /* Side not known - supported if either side has the crypto support. */ + #if defined(WOLFSSL_HAVE_MLKEM_CLIENT_SUPPORT) || \ + defined(WOLFSSL_HAVE_MLKEM_SERVER_SUPPORT) + return 1; + #else + return 0; + #endif + } +} +#endif /* WOLFSSL_HAVE_MLKEM */ + /* Returns whether this group is supported. * * namedGroup The named group to check. + * side The side of the connection the check is for: WOLFSSL_CLIENT_END, + * WOLFSSL_SERVER_END or WOLFSSL_NEITHER_END when the side is not + * known. Used to determine whether the local side has the crypto + * support required to use the group (e.g. ML-KEM requires + * decapsulation on the client and encapsulation on the server). * returns 1 when supported or 0 otherwise. */ -int TLSX_IsGroupSupported(int namedGroup) +int TLSX_IsGroupSupported(int namedGroup, int side) { + (void)side; + switch (namedGroup) { #ifdef HAVE_FFDHE_2048 case WOLFSSL_FFDHE_2048: @@ -4705,14 +4761,14 @@ int TLSX_IsGroupSupported(int namedGroup) #ifndef WOLFSSL_NO_ML_KEM_512 #ifndef WOLFSSL_TLS_NO_MLKEM_STANDALONE case WOLFSSL_ML_KEM_512: - break; + return TLSX_IsMlKemGroupSupported(side); #endif /* !WOLFSSL_TLS_NO_MLKEM_STANDALONE */ #ifdef WOLFSSL_EXTRA_PQC_HYBRIDS case WOLFSSL_SECP256R1MLKEM512: #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256 case WOLFSSL_X25519MLKEM512: #endif /* HAVE_CURVE25519 */ - break; + return TLSX_IsMlKemGroupSupported(side); #endif /* WOLFSSL_EXTRA_PQC_HYBRIDS */ #endif /* WOLFSSL_NO_ML_KEM_512 */ #ifndef WOLFSSL_NO_ML_KEM_768 @@ -4731,7 +4787,7 @@ int TLSX_IsGroupSupported(int namedGroup) case WOLFSSL_X448MLKEM768: #endif /* HAVE_CURVE448 */ #endif /* WOLFSSL_EXTRA_PQC_HYBRIDS */ - break; + return TLSX_IsMlKemGroupSupported(side); #endif /* WOLFSSL_NO_ML_KEM_768 */ #ifndef WOLFSSL_NO_ML_KEM_1024 #ifndef WOLFSSL_TLS_NO_MLKEM_STANDALONE @@ -4743,14 +4799,14 @@ int TLSX_IsGroupSupported(int namedGroup) #ifdef WOLFSSL_EXTRA_PQC_HYBRIDS case WOLFSSL_SECP521R1MLKEM1024: #endif /* WOLFSSL_EXTRA_PQC_HYBRIDS */ - break; + return TLSX_IsMlKemGroupSupported(side); #endif #if defined(WOLFSSL_ML_KEM_USE_OLD_IDS) && \ defined (WOLFSSL_EXTRA_PQC_HYBRIDS) case WOLFSSL_P256_ML_KEM_512_OLD: case WOLFSSL_P384_ML_KEM_768_OLD: case WOLFSSL_P521_ML_KEM_1024_OLD: - break; + return TLSX_IsMlKemGroupSupported(side); #endif /* WOLFSSL_ML_KEM_USE_OLD_IDS && WOLFSSL_EXTRA_PQC_HYBRIDS */ #endif /* WOLFSSL_NO_ML_KEM */ #ifdef WOLFSSL_MLKEM_KYBER @@ -4776,7 +4832,7 @@ int TLSX_IsGroupSupported(int namedGroup) case WOLFSSL_KYBER_LEVEL5: case WOLFSSL_P521_KYBER_LEVEL5: #endif - break; + return TLSX_IsMlKemGroupSupported(side); #endif #endif /* WOLFSSL_HAVE_MLKEM */ default: @@ -5144,7 +5200,8 @@ int TLSX_SupportedCurve_Parse(const WOLFSSL* ssl, const byte* input, for (; offset < length; offset += OPAQUE16_LEN) { ato16(input + offset, &name); - ret = TLSX_UseSupportedCurve(extensions, name, ssl->heap); + ret = TLSX_UseSupportedCurve(extensions, name, ssl->heap, + ssl->options.side); /* If it is BAD_FUNC_ARG then it is a group we do not support, but * that is fine. */ if (ret != WOLFSSL_SUCCESS && @@ -5533,7 +5590,8 @@ int TLSX_SupportedCurve_Preferred(WOLFSSL* ssl, int checkSupported) curve = (SupportedCurve*)extension->data; while (curve != NULL) { - if (!checkSupported || TLSX_IsGroupSupported(curve->name)) + if (!checkSupported || + TLSX_IsGroupSupported(curve->name, ssl->options.side)) return curve->name; curve = curve->next; } @@ -5936,7 +5994,10 @@ int TLSX_SupportedCurve_Copy(TLSX* src, TLSX** dst, void* heap) SupportedCurve* curve; for (curve = (SupportedCurve*)extension->data; curve != NULL; curve = curve->next) { - ret = TLSX_UseSupportedCurve(dst, curve->name, heap); + /* Copying an already validated list - don't drop a group based on + * the side, so accept when either side has the crypto support. */ + ret = TLSX_UseSupportedCurve(dst, curve->name, heap, + WOLFSSL_NEITHER_END); if (ret != WOLFSSL_SUCCESS) return MEMORY_E; } @@ -5945,7 +6006,7 @@ int TLSX_SupportedCurve_Copy(TLSX* src, TLSX** dst, void* heap) return 0; } -int TLSX_UseSupportedCurve(TLSX** extensions, word16 name, void* heap) +int TLSX_UseSupportedCurve(TLSX** extensions, word16 name, void* heap, int side) { TLSX* extension = NULL; SupportedCurve* curve = NULL; @@ -5955,7 +6016,7 @@ int TLSX_UseSupportedCurve(TLSX** extensions, word16 name, void* heap) return BAD_FUNC_ARG; } - if (! TLSX_IsGroupSupported(name)) { + if (!TLSX_IsGroupSupported(name, side)) { return BAD_FUNC_ARG; } @@ -7936,7 +7997,8 @@ static int TLSX_SetSignatureAlgorithmsCert(TLSX** extensions, /******************************************************************************/ #ifndef MAX_KEYSHARE_NAMED_GROUPS - #if defined(WOLFSSL_HAVE_MLKEM) && !defined(WOLFSSL_MLKEM_NO_MAKE_KEY) + #if defined(WOLFSSL_HAVE_MLKEM) && !defined(WOLFSSL_MLKEM_NO_MAKE_KEY) && \ + !defined(WOLFSSL_MLKEM_NO_DECAPSULATE) #define MAX_KEYSHARE_NAMED_GROUPS 24 #else #define MAX_KEYSHARE_NAMED_GROUPS 12 @@ -8595,7 +8657,8 @@ static int TLSX_KeyShare_GenEccKey(WOLFSSL *ssl, KeyShareEntry* kse) "WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ" #endif -#if !defined(WOLFSSL_MLKEM_NO_MAKE_KEY) || \ +#if (!defined(WOLFSSL_MLKEM_NO_MAKE_KEY) && \ + !defined(WOLFSSL_MLKEM_NO_DECAPSULATE)) || \ !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) || \ (!defined(WOLFSSL_MLKEM_NO_DECAPSULATE) && \ !defined(WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ)) @@ -8732,7 +8795,8 @@ static void findEccPqc(int *ecc, int *pqc, int *pqc_first, int group) } } -#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY +#if !defined(WOLFSSL_MLKEM_NO_MAKE_KEY) && \ + !defined(WOLFSSL_MLKEM_NO_DECAPSULATE) /* Create a key share entry using pqc parameters group on the client side. * Generates a key pair. * @@ -9052,7 +9116,7 @@ static int TLSX_KeyShare_GenPqcHybridKeyClient(WOLFSSL *ssl, KeyShareEntry* kse) return ret; } -#endif /* !WOLFSSL_MLKEM_NO_MAKE_KEY */ +#endif /* !WOLFSSL_MLKEM_NO_MAKE_KEY && !WOLFSSL_MLKEM_NO_DECAPSULATE */ #endif /* WOLFSSL_HAVE_MLKEM */ /* Generate a secret/key using the key share entry. @@ -9070,7 +9134,8 @@ int TLSX_KeyShare_GenKey(WOLFSSL *ssl, KeyShareEntry *kse) ret = TLSX_KeyShare_GenX25519Key(ssl, kse); else if (kse->group == WOLFSSL_ECC_X448) ret = TLSX_KeyShare_GenX448Key(ssl, kse); -#if defined(WOLFSSL_HAVE_MLKEM) && !defined(WOLFSSL_MLKEM_NO_MAKE_KEY) +#if defined(WOLFSSL_HAVE_MLKEM) && !defined(WOLFSSL_MLKEM_NO_MAKE_KEY) && \ + !defined(WOLFSSL_MLKEM_NO_DECAPSULATE) else if (WOLFSSL_NAMED_GROUP_IS_PQC(kse->group)) ret = TLSX_KeyShare_GenPqcKeyClient(ssl, kse); else if (WOLFSSL_NAMED_GROUP_IS_PQC_HYBRID(kse->group)) @@ -11394,18 +11459,18 @@ static const word16 preferredGroup[] = { * directly into an assignment, so wrap non-trivial expressions in parentheses. */ #ifndef WOLFSSL_KEY_SHARE_DEFAULT_GROUP -#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_HAVE_MLKEM) && \ +#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_HAVE_MLKEM_CLIENT_SUPPORT) && \ !defined(WOLFSSL_NO_ML_KEM) && defined(WOLFSSL_PQC_HYBRIDS) && \ !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_CURVE25519) && \ ECC_MIN_KEY_SZ <= 256 #define WOLFSSL_KEY_SHARE_DEFAULT_GROUP WOLFSSL_X25519MLKEM768 -#elif defined(WOLFSSL_TLS13) && defined(WOLFSSL_HAVE_MLKEM) && \ +#elif defined(WOLFSSL_TLS13) && defined(WOLFSSL_HAVE_MLKEM_CLIENT_SUPPORT) && \ !defined(WOLFSSL_NO_ML_KEM) && defined(WOLFSSL_PQC_HYBRIDS) && \ !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_ECC) && \ (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && \ ECC_MIN_KEY_SZ <= 256 #define WOLFSSL_KEY_SHARE_DEFAULT_GROUP WOLFSSL_SECP256R1MLKEM768 -#elif defined(WOLFSSL_TLS13) && defined(WOLFSSL_HAVE_MLKEM) && \ +#elif defined(WOLFSSL_TLS13) && defined(WOLFSSL_HAVE_MLKEM_CLIENT_SUPPORT) && \ !defined(WOLFSSL_NO_ML_KEM) && defined(WOLFSSL_PQC_HYBRIDS) && \ !defined(WOLFSSL_NO_ML_KEM_1024) && defined(HAVE_ECC) && \ (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && \ @@ -11499,7 +11564,7 @@ int TLSX_KeyShare_SetSupported(const WOLFSSL* ssl, TLSX** extensions) for (; curve != NULL; curve = curve->next) { /* Use server's preference order. Common group was found but key share * was missing */ - if (!TLSX_IsGroupSupported(curve->name)) + if (!TLSX_IsGroupSupported(curve->name, ssl->options.side)) continue; if (wolfSSL_curve_is_disabled(ssl, curve->name)) continue; @@ -11778,7 +11843,7 @@ int TLSX_KeyShare_Choose(const WOLFSSL *ssl, TLSX* extensions, if (wolfSSL_curve_is_disabled(ssl, clientKSE->group)) continue; } - if (!TLSX_IsGroupSupported(clientKSE->group)) + if (!TLSX_IsGroupSupported(clientKSE->group, ssl->options.side)) continue; rank = TLSX_KeyShare_GroupRank(ssl, clientKSE->group); @@ -15602,14 +15667,15 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions) #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK) if (ssl->options.resuming && ssl->session->namedGroup != 0) { return TLSX_UseSupportedCurve(extensions, ssl->session->namedGroup, - ssl->heap); + ssl->heap, ssl->options.side); } #endif if (ssl->numGroups != 0) { int i; for (i = 0; i < ssl->numGroups; i++) { - ret = TLSX_UseSupportedCurve(extensions, ssl->group[i], ssl->heap); + ret = TLSX_UseSupportedCurve(extensions, ssl->group[i], ssl->heap, + ssl->options.side); if (ret != WOLFSSL_SUCCESS) return ret; } @@ -15617,39 +15683,41 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions) } #endif /* WOLFSSL_TLS13 */ -#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_HAVE_MLKEM) && \ +#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_HAVE_MLKEM_CLIENT_SUPPORT) && \ !defined(WOLFSSL_NO_ML_KEM) && defined(WOLFSSL_PQC_HYBRIDS) /* Prefer non-experimental PQ/T hybrid groups (only for TLS 1.3) */ - if (IsAtLeastTLSv1_3(ssl->version)) { + if (IsAtLeastTLSv1_3(ssl->version) && + TLSX_IsMlKemGroupSupported(ssl->options.side)) { #if !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_CURVE25519) && \ ECC_MIN_KEY_SZ <= 256 ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X25519MLKEM768, - ssl->heap); + ssl->heap, ssl->options.side); if (ret != WOLFSSL_SUCCESS) return ret; #endif #if !defined(WOLFSSL_NO_ML_KEM_1024) && defined(HAVE_ECC) && \ (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && \ ECC_MIN_KEY_SZ <= 384 ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_SECP384R1MLKEM1024, - ssl->heap); + ssl->heap, ssl->options.side); if (ret != WOLFSSL_SUCCESS) return ret; #endif #if !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_ECC) && \ (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && \ ECC_MIN_KEY_SZ <= 256 ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_SECP256R1MLKEM768, - ssl->heap); + ssl->heap, ssl->options.side); if (ret != WOLFSSL_SUCCESS) return ret; #endif } #endif -#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_HAVE_MLKEM) && \ +#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_HAVE_MLKEM_CLIENT_SUPPORT) && \ !defined(WOLFSSL_NO_ML_KEM) && !defined(WOLFSSL_NO_ML_KEM_1024) && \ !defined(WOLFSSL_TLS_NO_MLKEM_STANDALONE) - if (IsAtLeastTLSv1_3(ssl->version)) { + if (IsAtLeastTLSv1_3(ssl->version) && + TLSX_IsMlKemGroupSupported(ssl->options.side)) { ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_1024, - ssl->heap); + ssl->heap, ssl->options.side); if (ret != WOLFSSL_SUCCESS) return ret; } #endif @@ -15658,8 +15726,8 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions) /* list in order by strength, since not all servers choose by strength */ #if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 521 #ifndef NO_ECC_SECP - ret = TLSX_UseSupportedCurve(extensions, - WOLFSSL_ECC_SECP521R1, ssl->heap); + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ECC_SECP521R1, + ssl->heap, ssl->options.side); if (ret != WOLFSSL_SUCCESS) return ret; #endif #endif @@ -15668,7 +15736,7 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions) if (IsAtLeastTLSv1_3(ssl->version)) { /* TLS 1.3 BrainpoolP512 curve */ ret = TLSX_UseSupportedCurve(extensions, - WOLFSSL_ECC_BRAINPOOLP512R1TLS13, ssl->heap); + WOLFSSL_ECC_BRAINPOOLP512R1TLS13, ssl->heap, ssl->options.side); if (ret != WOLFSSL_SUCCESS) return ret; /* If TLS 1.2 is allowed, also add the TLS 1.2 curve */ @@ -15676,14 +15744,14 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions) (ssl->options.minDowngrade <= TLSv1_2_MINOR || ssl->options.minDowngrade <= DTLSv1_2_MINOR)) { ret = TLSX_UseSupportedCurve(extensions, - WOLFSSL_ECC_BRAINPOOLP512R1, ssl->heap); + WOLFSSL_ECC_BRAINPOOLP512R1, ssl->heap, ssl->options.side); if (ret != WOLFSSL_SUCCESS) return ret; } } else { /* TLS 1.2 only */ ret = TLSX_UseSupportedCurve(extensions, - WOLFSSL_ECC_BRAINPOOLP512R1, ssl->heap); + WOLFSSL_ECC_BRAINPOOLP512R1, ssl->heap, ssl->options.side); if (ret != WOLFSSL_SUCCESS) return ret; } #endif @@ -15693,9 +15761,10 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions) #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_HAVE_MLKEM) && \ !defined(WOLFSSL_NO_ML_KEM) && !defined(WOLFSSL_NO_ML_KEM_768) && \ !defined(WOLFSSL_TLS_NO_MLKEM_STANDALONE) - if (IsAtLeastTLSv1_3(ssl->version)) { + if (IsAtLeastTLSv1_3(ssl->version) && + TLSX_IsMlKemGroupSupported(ssl->options.side)) { ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_768, - ssl->heap); + ssl->heap, ssl->options.side); if (ret != WOLFSSL_SUCCESS) return ret; } #endif @@ -15703,15 +15772,15 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions) #if defined(HAVE_ECC) #if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 384 #ifndef NO_ECC_SECP - ret = TLSX_UseSupportedCurve(extensions, - WOLFSSL_ECC_SECP384R1, ssl->heap); + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ECC_SECP384R1, + ssl->heap, ssl->options.side); if (ret != WOLFSSL_SUCCESS) return ret; #endif #ifdef HAVE_ECC_BRAINPOOL if (IsAtLeastTLSv1_3(ssl->version)) { /* TLS 1.3 BrainpoolP384 curve */ ret = TLSX_UseSupportedCurve(extensions, - WOLFSSL_ECC_BRAINPOOLP384R1TLS13, ssl->heap); + WOLFSSL_ECC_BRAINPOOLP384R1TLS13, ssl->heap, ssl->options.side); if (ret != WOLFSSL_SUCCESS) return ret; /* If TLS 1.2 is allowed, also add the TLS 1.2 curve */ @@ -15719,14 +15788,14 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions) (ssl->options.minDowngrade <= TLSv1_2_MINOR || ssl->options.minDowngrade <= DTLSv1_2_MINOR)) { ret = TLSX_UseSupportedCurve(extensions, - WOLFSSL_ECC_BRAINPOOLP384R1, ssl->heap); + WOLFSSL_ECC_BRAINPOOLP384R1, ssl->heap, ssl->options.side); if (ret != WOLFSSL_SUCCESS) return ret; } } else { /* TLS 1.2 only */ ret = TLSX_UseSupportedCurve(extensions, - WOLFSSL_ECC_BRAINPOOLP384R1, ssl->heap); + WOLFSSL_ECC_BRAINPOOLP384R1, ssl->heap, ssl->options.side); if (ret != WOLFSSL_SUCCESS) return ret; } #endif @@ -15735,8 +15804,8 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions) #ifndef HAVE_FIPS #if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448 - ret = TLSX_UseSupportedCurve(extensions, - WOLFSSL_ECC_X448, ssl->heap); + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ECC_X448, ssl->heap, + ssl->options.side); if (ret != WOLFSSL_SUCCESS) return ret; #endif #endif /* HAVE_FIPS */ @@ -15744,9 +15813,10 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions) #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_HAVE_MLKEM) && \ !defined(WOLFSSL_NO_ML_KEM) && !defined(WOLFSSL_NO_ML_KEM_512) && \ !defined(WOLFSSL_TLS_NO_MLKEM_STANDALONE) - if (IsAtLeastTLSv1_3(ssl->version)) { - ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_512, - ssl->heap); + if (IsAtLeastTLSv1_3(ssl->version) && + TLSX_IsMlKemGroupSupported(ssl->options.side)) { + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ML_KEM_512, ssl->heap, + ssl->options.side); if (ret != WOLFSSL_SUCCESS) return ret; } #endif @@ -15754,20 +15824,20 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions) #if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES) #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256 #ifndef NO_ECC_SECP - ret = TLSX_UseSupportedCurve(extensions, - WOLFSSL_ECC_SECP256R1, ssl->heap); + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ECC_SECP256R1, + ssl->heap, ssl->options.side); if (ret != WOLFSSL_SUCCESS) return ret; #endif #ifdef HAVE_ECC_KOBLITZ - ret = TLSX_UseSupportedCurve(extensions, - WOLFSSL_ECC_SECP256K1, ssl->heap); + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ECC_SECP256K1, + ssl->heap, ssl->options.side); if (ret != WOLFSSL_SUCCESS) return ret; #endif #ifdef HAVE_ECC_BRAINPOOL if (IsAtLeastTLSv1_3(ssl->version)) { /* TLS 1.3 BrainpoolP256 curve */ ret = TLSX_UseSupportedCurve(extensions, - WOLFSSL_ECC_BRAINPOOLP256R1TLS13, ssl->heap); + WOLFSSL_ECC_BRAINPOOLP256R1TLS13, ssl->heap, ssl->options.side); if (ret != WOLFSSL_SUCCESS) return ret; /* If TLS 1.2 is allowed, also add the TLS 1.2 curve */ @@ -15775,20 +15845,20 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions) (ssl->options.minDowngrade <= TLSv1_2_MINOR || ssl->options.minDowngrade <= DTLSv1_2_MINOR)) { ret = TLSX_UseSupportedCurve(extensions, - WOLFSSL_ECC_BRAINPOOLP256R1, ssl->heap); + WOLFSSL_ECC_BRAINPOOLP256R1, ssl->heap, ssl->options.side); if (ret != WOLFSSL_SUCCESS) return ret; } } else { /* TLS 1.2 only */ ret = TLSX_UseSupportedCurve(extensions, - WOLFSSL_ECC_BRAINPOOLP256R1, ssl->heap); + WOLFSSL_ECC_BRAINPOOLP256R1, ssl->heap, ssl->options.side); if (ret != WOLFSSL_SUCCESS) return ret; } #endif #if !defined(HAVE_FIPS) && defined(WOLFSSL_SM2) - ret = TLSX_UseSupportedCurve(extensions, - WOLFSSL_ECC_SM2P256V1, ssl->heap); + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ECC_SM2P256V1, + ssl->heap, ssl->options.side); if (ret != WOLFSSL_SUCCESS) return ret; #endif #endif @@ -15796,8 +15866,8 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions) #ifndef HAVE_FIPS #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256 - ret = TLSX_UseSupportedCurve(extensions, - WOLFSSL_ECC_X25519, ssl->heap); + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ECC_X25519, + ssl->heap, ssl->options.side); if (ret != WOLFSSL_SUCCESS) return ret; #endif #endif /* HAVE_FIPS */ @@ -15805,13 +15875,13 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions) #if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES) #if (defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 224 #ifndef NO_ECC_SECP - ret = TLSX_UseSupportedCurve(extensions, - WOLFSSL_ECC_SECP224R1, ssl->heap); + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ECC_SECP224R1, + ssl->heap, ssl->options.side); if (ret != WOLFSSL_SUCCESS) return ret; #endif #ifdef HAVE_ECC_KOBLITZ - ret = TLSX_UseSupportedCurve(extensions, - WOLFSSL_ECC_SECP224K1, ssl->heap); + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ECC_SECP224K1, + ssl->heap, ssl->options.side); if (ret != WOLFSSL_SUCCESS) return ret; #endif #endif @@ -15819,30 +15889,30 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions) #ifndef HAVE_FIPS #if (defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 192 #ifndef NO_ECC_SECP - ret = TLSX_UseSupportedCurve(extensions, - WOLFSSL_ECC_SECP192R1, ssl->heap); + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ECC_SECP192R1, + ssl->heap, ssl->options.side); if (ret != WOLFSSL_SUCCESS) return ret; #endif #ifdef HAVE_ECC_KOBLITZ - ret = TLSX_UseSupportedCurve(extensions, - WOLFSSL_ECC_SECP192K1, ssl->heap); + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ECC_SECP192K1, + ssl->heap, ssl->options.side); if (ret != WOLFSSL_SUCCESS) return ret; #endif #endif #if (defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 160 #ifndef NO_ECC_SECP - ret = TLSX_UseSupportedCurve(extensions, - WOLFSSL_ECC_SECP160R1, ssl->heap); + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ECC_SECP160R1, + ssl->heap, ssl->options.side); if (ret != WOLFSSL_SUCCESS) return ret; #endif #ifdef HAVE_ECC_SECPR2 - ret = TLSX_UseSupportedCurve(extensions, - WOLFSSL_ECC_SECP160R2, ssl->heap); + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ECC_SECP160R2, + ssl->heap, ssl->options.side); if (ret != WOLFSSL_SUCCESS) return ret; #endif #ifdef HAVE_ECC_KOBLITZ - ret = TLSX_UseSupportedCurve(extensions, - WOLFSSL_ECC_SECP160K1, ssl->heap); + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_ECC_SECP160K1, + ssl->heap, ssl->options.side); if (ret != WOLFSSL_SUCCESS) return ret; #endif #endif @@ -15854,8 +15924,8 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions) #ifdef HAVE_FFDHE_8192 if (8192/8 >= ssl->options.minDhKeySz && 8192/8 <= ssl->options.maxDhKeySz) { - ret = TLSX_UseSupportedCurve(extensions, - WOLFSSL_FFDHE_8192, ssl->heap); + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_FFDHE_8192, + ssl->heap, ssl->options.side); if (ret != WOLFSSL_SUCCESS) return ret; } @@ -15863,8 +15933,8 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions) #ifdef HAVE_FFDHE_6144 if (6144/8 >= ssl->options.minDhKeySz && 6144/8 <= ssl->options.maxDhKeySz) { - ret = TLSX_UseSupportedCurve(extensions, - WOLFSSL_FFDHE_6144, ssl->heap); + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_FFDHE_6144, + ssl->heap, ssl->options.side); if (ret != WOLFSSL_SUCCESS) return ret; } @@ -15872,8 +15942,8 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions) #ifdef HAVE_FFDHE_4096 if (4096/8 >= ssl->options.minDhKeySz && 4096/8 <= ssl->options.maxDhKeySz) { - ret = TLSX_UseSupportedCurve(extensions, - WOLFSSL_FFDHE_4096, ssl->heap); + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_FFDHE_4096, + ssl->heap, ssl->options.side); if (ret != WOLFSSL_SUCCESS) return ret; } @@ -15881,8 +15951,8 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions) #ifdef HAVE_FFDHE_3072 if (3072/8 >= ssl->options.minDhKeySz && 3072/8 <= ssl->options.maxDhKeySz) { - ret = TLSX_UseSupportedCurve(extensions, - WOLFSSL_FFDHE_3072, ssl->heap); + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_FFDHE_3072, + ssl->heap, ssl->options.side); if (ret != WOLFSSL_SUCCESS) return ret; } @@ -15890,8 +15960,8 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions) #ifdef HAVE_FFDHE_2048 if (2048/8 >= ssl->options.minDhKeySz && 2048/8 <= ssl->options.maxDhKeySz) { - ret = TLSX_UseSupportedCurve(extensions, - WOLFSSL_FFDHE_2048, ssl->heap); + ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_FFDHE_2048, + ssl->heap, ssl->options.side); if (ret != WOLFSSL_SUCCESS) return ret; } @@ -15900,35 +15970,36 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions) #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_HAVE_MLKEM) && \ !defined(WOLFSSL_NO_ML_KEM) && defined(WOLFSSL_EXTRA_PQC_HYBRIDS) - if (IsAtLeastTLSv1_3(ssl->version)) { + if (IsAtLeastTLSv1_3(ssl->version) && + TLSX_IsMlKemGroupSupported(ssl->options.side)) { #if !defined(WOLFSSL_NO_ML_KEM_1024) && defined(HAVE_ECC) && \ (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 521 ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_SECP521R1MLKEM1024, - ssl->heap); + ssl->heap, ssl->options.side); if (ret != WOLFSSL_SUCCESS) return ret; #endif #if !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_ECC) && \ (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 384 ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_SECP384R1MLKEM768, - ssl->heap); + ssl->heap, ssl->options.side); if (ret != WOLFSSL_SUCCESS) return ret; #endif #if !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_CURVE448) && \ ECC_MIN_KEY_SZ <= 448 ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X448MLKEM768, - ssl->heap); + ssl->heap, ssl->options.side); if (ret != WOLFSSL_SUCCESS) return ret; #endif #if !defined(WOLFSSL_NO_ML_KEM_512) && defined(HAVE_ECC) && \ (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256 ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_SECP256R1MLKEM512, - ssl->heap); + ssl->heap, ssl->options.side); if (ret != WOLFSSL_SUCCESS) return ret; #endif #if !defined(WOLFSSL_NO_ML_KEM_512) && defined(HAVE_CURVE25519) && \ ECC_MIN_KEY_SZ <= 256 ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X25519MLKEM512, - ssl->heap); + ssl->heap, ssl->options.side); if (ret != WOLFSSL_SUCCESS) return ret; #endif } @@ -15936,58 +16007,59 @@ static int TLSX_PopulateSupportedGroups(WOLFSSL* ssl, TLSX** extensions) #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_HAVE_MLKEM) && \ defined(WOLFSSL_MLKEM_KYBER) - if (IsAtLeastTLSv1_3(ssl->version)) { + if (IsAtLeastTLSv1_3(ssl->version) && + TLSX_IsMlKemGroupSupported(ssl->options.side)) { #ifdef WOLFSSL_KYBER1024 ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_KYBER_LEVEL5, - ssl->heap); + ssl->heap, ssl->options.side); if (ret != WOLFSSL_SUCCESS) return ret; #if defined(HAVE_ECC) && (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && \ ECC_MIN_KEY_SZ <= 521 ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P521_KYBER_LEVEL5, - ssl->heap); + ssl->heap, ssl->options.side); if (ret != WOLFSSL_SUCCESS) return ret; #endif #endif #ifdef WOLFSSL_KYBER768 ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_KYBER_LEVEL3, - ssl->heap); + ssl->heap, ssl->options.side); if (ret != WOLFSSL_SUCCESS) return ret; #if defined(HAVE_ECC) && (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && \ ECC_MIN_KEY_SZ <= 384 ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P384_KYBER_LEVEL3, - ssl->heap); + ssl->heap, ssl->options.side); if (ret != WOLFSSL_SUCCESS) return ret; #endif #if defined(HAVE_ECC) && (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && \ ECC_MIN_KEY_SZ <= 256 ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P256_KYBER_LEVEL3, - ssl->heap); + ssl->heap, ssl->options.side); if (ret != WOLFSSL_SUCCESS) return ret; #endif #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256 ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X25519_KYBER_LEVEL3, - ssl->heap); + ssl->heap, ssl->options.side); if (ret != WOLFSSL_SUCCESS) return ret; #endif #if defined(HAVE_CURVE448) && ECC_MIN_KEY_SZ <= 448 ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X448_KYBER_LEVEL3, - ssl->heap); + ssl->heap, ssl->options.side); if (ret != WOLFSSL_SUCCESS) return ret; #endif #endif #ifdef WOLFSSL_KYBER512 ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_KYBER_LEVEL1, - ssl->heap); + ssl->heap, ssl->options.side); if (ret != WOLFSSL_SUCCESS) return ret; #if defined(HAVE_ECC) && (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && \ ECC_MIN_KEY_SZ <= 256 ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_P256_KYBER_LEVEL1, - ssl->heap); + ssl->heap, ssl->options.side); if (ret != WOLFSSL_SUCCESS) return ret; #endif #if defined(HAVE_CURVE25519) && ECC_MIN_KEY_SZ <= 256 ret = TLSX_UseSupportedCurve(extensions, WOLFSSL_X25519_KYBER_LEVEL1, - ssl->heap); + ssl->heap, ssl->options.side); if (ret != WOLFSSL_SUCCESS) return ret; #endif #endif diff --git a/src/tls13.c b/src/tls13.c index 8d7efb9df4..416c3334c2 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -14663,7 +14663,7 @@ int wolfSSL_UseKeyShare(WOLFSSL* ssl, word16 group) (void)group; #else /* Check if the group is supported. */ - if (!TLSX_IsGroupSupported(group)) { + if (!TLSX_IsGroupSupported(group, ssl->options.side)) { WOLFSSL_MSG("Group not supported."); return BAD_FUNC_ARG; } diff --git a/tests/api.c b/tests/api.c index 54dd016512..f49bbaaab0 100644 --- a/tests/api.c +++ b/tests/api.c @@ -23505,7 +23505,7 @@ static int test_sk_X509_CRL_decode(void) } #if (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)) && !defined(NO_CERTS) && \ - defined(HAVE_CRL) && defined(WOLFSSL_CERT_GEN) + defined(HAVE_CRL) && defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME) /* Ensure oversized caller-provided revocationDate is rejected. */ static int test_wolfSSL_X509_CRL_add_revoked_oversized_revocation_date(void) { @@ -33276,7 +33276,8 @@ static int test_DhAgree_rejects_p_minus_1(void) static int test_ed448_rejects_identity_key(void) { EXPECT_DECLS; -#if defined(HAVE_ED448) && !defined(HAVE_SELFTEST) && \ +#if defined(HAVE_ED448) && defined(HAVE_ED448_VERIFY) && \ + defined(HAVE_ED448_KEY_IMPORT) && !defined(HAVE_SELFTEST) && \ (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7,0)) ed448_key key; byte identity[ED448_PUB_KEY_SIZE]; @@ -34534,7 +34535,7 @@ TEST_CASE testCases[] = { /* OpenSSL sk_X509_CRL API test */ TEST_DECL(test_sk_X509_CRL_decode), #if (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)) && !defined(NO_CERTS) && \ - defined(HAVE_CRL) && defined(WOLFSSL_CERT_GEN) + defined(HAVE_CRL) && defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME) TEST_DECL(test_wolfSSL_X509_CRL_add_revoked_oversized_revocation_date), #endif #if (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)) && !defined(NO_CERTS) && \ diff --git a/tests/api/test_certman.c b/tests/api/test_certman.c index 1c73e64a73..5a258f9129 100644 --- a/tests/api/test_certman.c +++ b/tests/api/test_certman.c @@ -3508,7 +3508,7 @@ int test_wolfSSL_CertManagerRejectMD5Cert(void) #if !defined(NO_CERTS) && !defined(NO_RSA) && !defined(NO_MD5) && \ !defined(WOLFSSL_ALLOW_MD5_CERT_SIGS) && defined(WOLFSSL_CERT_GEN) && \ !defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_ASN_CRYPT) && \ - !defined(USE_CERT_BUFFERS_1024) + !defined(USE_CERT_BUFFERS_1024) && !defined(NO_ASN_TIME) WOLFSSL_CERT_MANAGER* cm = NULL; RsaKey caKey; WC_RNG rng; diff --git a/tests/api/test_ed25519.c b/tests/api/test_ed25519.c index e68505b862..1858f4d71a 100644 --- a/tests/api/test_ed25519.c +++ b/tests/api/test_ed25519.c @@ -811,6 +811,7 @@ int test_wc_ed25519_reject_small_order_keys(void) 0x2a,0x20,0x53,0xfa,0x2c,0x39,0xcc,0xc6, 0x4e,0xc7,0xfd,0x77,0x92,0xac,0x03,0xfa}, }; +#ifndef NO_ED25519_VERIFY /* Forged signature: R = B (base point), S = 1. * With public key A = identity, S*B - h*A = B = R for any message. */ static const byte forged_sig[ED25519_SIG_SIZE] = { @@ -823,6 +824,7 @@ int test_wc_ed25519_reject_small_order_keys(void) 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }; +#endif ed25519_key key; word32 i; word32 num_keys = (word32)(sizeof(small_order_keys) / ED25519_PUB_KEY_SIZE); @@ -864,6 +866,7 @@ int test_wc_ed25519_reject_small_order_keys(void) wc_ed25519_free(&key); } +#ifndef NO_ED25519_VERIFY /* (3) Even a "trusted" import (which bypasses wc_ed25519_check_key) * must not let wc_ed25519_verify_msg accept a forged signature against * an identity public key. Test both the canonical encoding (y = 1, @@ -902,6 +905,7 @@ int test_wc_ed25519_reject_small_order_keys(void) wc_ed25519_free(&key); } } +#endif #endif return EXPECT_RESULT(); } diff --git a/tests/api/test_ed448.c b/tests/api/test_ed448.c index 6bb7934615..4d98b02f93 100644 --- a/tests/api/test_ed448.c +++ b/tests/api/test_ed448.c @@ -760,6 +760,7 @@ int test_wc_ed448_reject_small_order_keys(void) 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, 0x80}, }; +#ifndef NO_ED448_VERIFY /* Arbitrary signature bytes: S = 1 (must be below the Ed448 group * order or wc_ed448_verify_msg() returns BAD_FUNC_ARG before the * small-order check has a chance to fire). The R bytes do not need @@ -788,6 +789,7 @@ int test_wc_ed448_reject_small_order_keys(void) 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, 0x00 }; +#endif ed448_key key; word32 i; word32 num_keys = (word32)(sizeof(small_order_keys) / ED448_PUB_KEY_SIZE); @@ -829,6 +831,7 @@ int test_wc_ed448_reject_small_order_keys(void) wc_ed448_free(&key); } +#ifndef NO_ED448_VERIFY /* (3) Even a "trusted" import (which bypasses wc_ed448_check_key) * must not let wc_ed448_verify_msg accept a forged signature against * an identity public key. Test both the canonical encoding (y = 1, @@ -866,6 +869,7 @@ int test_wc_ed448_reject_small_order_keys(void) wc_ed448_free(&key); } } +#endif #endif return EXPECT_RESULT(); } diff --git a/tests/api/test_evp_pkey.c b/tests/api/test_evp_pkey.c index 6b15f38d96..9bdd5b9339 100644 --- a/tests/api/test_evp_pkey.c +++ b/tests/api/test_evp_pkey.c @@ -2563,7 +2563,8 @@ int test_wolfSSL_EVP_PKEY_print_public(void) int test_wolfSSL_EVP_PKEY_ed25519(void) { EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && defined(HAVE_ED25519) +#if defined(OPENSSL_EXTRA) && defined(HAVE_ED25519) && \ + defined(HAVE_ED25519_KEY_IMPORT) WOLFSSL_EVP_PKEY* pkey = NULL; const unsigned char* p; @@ -2623,7 +2624,8 @@ int test_wolfSSL_CTX_use_PrivateKey_ed25519(void) { EXPECT_DECLS; #if defined(OPENSSL_EXTRA) && defined(HAVE_ED25519) && \ - !defined(NO_WOLFSSL_SERVER) && !defined(NO_TLS) + defined(HAVE_ED25519_KEY_IMPORT) && !defined(NO_WOLFSSL_SERVER) && \ + !defined(NO_TLS) WOLFSSL_CTX* ctx = NULL; WOLFSSL_EVP_PKEY* pkey = NULL; const unsigned char* p; @@ -2653,7 +2655,8 @@ int test_wolfSSL_CTX_use_PrivateKey_ed25519(void) int test_wolfSSL_EVP_PKEY_ed448(void) { EXPECT_DECLS; -#if defined(OPENSSL_EXTRA) && defined(HAVE_ED448) +#if defined(OPENSSL_EXTRA) && defined(HAVE_ED448) && \ + defined(HAVE_ED448_KEY_IMPORT) WOLFSSL_EVP_PKEY* pkey = NULL; const unsigned char* p; diff --git a/tests/api/test_lms_xmss.c b/tests/api/test_lms_xmss.c index 2dc3ff2158..f99b1ed574 100644 --- a/tests/api/test_lms_xmss.c +++ b/tests/api/test_lms_xmss.c @@ -288,8 +288,8 @@ static int rfc9802_load_file(const char* path, byte** out, int* outLen) return EXPECT_RESULT(); } -static int rfc9802_verify_one_cert(const char* path, word32 expectedKeyOID, - word32 expectedSigOID) +static WC_MAYBE_UNUSED int rfc9802_verify_one_cert(const char* path, + word32 expectedKeyOID, word32 expectedSigOID) { EXPECT_DECLS; byte* buf = NULL; @@ -512,6 +512,7 @@ static int rfc9802_xmss_import_negative(void) wc_XmssKey_Free(&key); } +#if !defined(WOLFSSL_XMSS_MIN_HEIGHT) || (WOLFSSL_XMSS_MIN_HEIGHT <= 10) /* Once params have been configured (state != INITED), the OID * prefix in the raw key MUST match key->oid and is_xmssmt MUST * match key->is_xmssmt. Set XMSS-SHA2_10_256 and feed a valid- @@ -561,10 +562,12 @@ static int rfc9802_xmss_import_negative(void) ExpectIntEQ((int)key.is_xmssmt, 0); wc_XmssKey_Free(&key); + #if WOLFSSL_XMSS_MAX_HEIGHT >= 20 ExpectIntEQ(wc_XmssKey_Init(&key, NULL, INVALID_DEVID), 0); ExpectIntEQ(wc_XmssKey_ImportPubRaw_ex(&key, buf, sizeof(buf), 1), 0); ExpectIntEQ((int)key.is_xmssmt, 1); wc_XmssKey_Free(&key); + #endif } /* Lenient state: re-importing the same pub key into a VERIFYONLY @@ -635,6 +638,7 @@ static int rfc9802_xmss_import_negative(void) WC_NO_ERR_TRACE(BAD_STATE_E)); wc_XmssKey_Free(&key); } +#endif return EXPECT_RESULT(); } @@ -833,8 +837,10 @@ static int rfc9802_xmss_chain_verify(void) ExpectNotNull(cm = wolfSSL_CertManagerNew()); ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, caBuf, (long)caLen, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); +#if !defined(WOLFSSL_XMSS_MIN_HEIGHT) || (WOLFSSL_XMSS_MIN_HEIGHT <= 10) ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, leafBuf, (long)leafLen, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); +#endif if (cm != NULL) { wolfSSL_CertManagerFree(cm); @@ -905,24 +911,50 @@ int test_rfc9802_xmss_x509_verify(void) EXPECT_DECLS; #if defined(WOLFSSL_HAVE_XMSS) #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) +#if (!defined(WOLFSSL_XMSS_MIN_HEIGHT) || (WOLFSSL_XMSS_MIN_HEIGHT <= 16)) static const char* const xmssFiles[] = { +#if (!defined(WOLFSSL_XMSS_MAX_HEIGHT) || (WOLFSSL_XMSS_MAX_HEIGHT >= 10)) && \ + (!defined(WOLFSSL_XMSS_MIN_HEIGHT) || (WOLFSSL_XMSS_MIN_HEIGHT <= 10)) "./certs/xmss/bc_xmss_sha2_10_256_root.der", +#endif +#if (!defined(WOLFSSL_XMSS_MAX_HEIGHT) || (WOLFSSL_XMSS_MAX_HEIGHT >= 16)) && \ + (!defined(WOLFSSL_XMSS_MIN_HEIGHT) || (WOLFSSL_XMSS_MIN_HEIGHT <= 16)) "./certs/xmss/bc_xmss_sha2_16_256_root.der", +#endif }; +#endif +#if (!defined(WOLFSSL_XMSS_MAX_HEIGHT) || (WOLFSSL_XMSS_MAX_HEIGHT >= 20)) && \ + (!defined(WOLFSSL_XMSS_MIN_HEIGHT) || (WOLFSSL_XMSS_MIN_HEIGHT <= 40)) static const char* const xmssmtFiles[] = { +#if (!defined(WOLFSSL_XMSS_MAX_HEIGHT) || (WOLFSSL_XMSS_MAX_HEIGHT >= 20)) && \ + (!defined(WOLFSSL_XMSS_MIN_HEIGHT) || (WOLFSSL_XMSS_MIN_HEIGHT <= 20)) "./certs/xmss/bc_xmssmt_sha2_20_2_256_root.der", "./certs/xmss/bc_xmssmt_sha2_20_4_256_root.der", +#endif +#if (!defined(WOLFSSL_XMSS_MAX_HEIGHT) || (WOLFSSL_XMSS_MAX_HEIGHT >= 40)) && \ + (!defined(WOLFSSL_XMSS_MIN_HEIGHT) || (WOLFSSL_XMSS_MIN_HEIGHT <= 40)) "./certs/xmss/bc_xmssmt_sha2_40_8_256_root.der", +#endif }; +#endif +#if (!defined(WOLFSSL_XMSS_MIN_HEIGHT) || (WOLFSSL_XMSS_MIN_HEIGHT <= 16)) || \ + ((!defined(WOLFSSL_XMSS_MAX_HEIGHT) || (WOLFSSL_XMSS_MAX_HEIGHT >= 20)) && \ + (!defined(WOLFSSL_XMSS_MIN_HEIGHT) || (WOLFSSL_XMSS_MIN_HEIGHT <= 40))) size_t i; +#endif +#if (!defined(WOLFSSL_XMSS_MIN_HEIGHT) || (WOLFSSL_XMSS_MIN_HEIGHT <= 16)) for (i = 0; i < sizeof(xmssFiles) / sizeof(xmssFiles[0]); i++) { ExpectIntEQ(rfc9802_verify_one_cert(xmssFiles[i], XMSSk, CTC_XMSS), TEST_SUCCESS); } +#endif +#if (!defined(WOLFSSL_XMSS_MAX_HEIGHT) || (WOLFSSL_XMSS_MAX_HEIGHT >= 20)) && \ + (!defined(WOLFSSL_XMSS_MIN_HEIGHT) || (WOLFSSL_XMSS_MIN_HEIGHT <= 40)) for (i = 0; i < sizeof(xmssmtFiles) / sizeof(xmssmtFiles[0]); i++) { ExpectIntEQ(rfc9802_verify_one_cert(xmssmtFiles[i], XMSSMTk, CTC_XMSSMT), TEST_SUCCESS); } +#endif ExpectIntEQ(rfc9802_xmss_sig_oid_mismatch(), TEST_SUCCESS); ExpectIntEQ(rfc9802_xmss_chain_verify(), TEST_SUCCESS); #endif /* !NO_FILESYSTEM && !NO_CERTS */ diff --git a/tests/api/test_mldsa_legacy.c b/tests/api/test_mldsa_legacy.c index 03d3ce0728..a8f1c131f4 100644 --- a/tests/api/test_mldsa_legacy.c +++ b/tests/api/test_mldsa_legacy.c @@ -207,23 +207,10 @@ wc_static_assert(WC_NO_ERR_TRACE(DILITHIUM_KEY_SIZE_E) == * signature mismatches and defeat the purpose. */ static void mldsa_legacy_shim_symbol_aliases_compile_check(void) { - typedef int (*init_fn)(wc_MlDsaKey*, void*, int); - typedef void (*free_fn)(wc_MlDsaKey*); - typedef int (*set_level_fn)(wc_MlDsaKey*, byte); - typedef int (*get_level_fn)(wc_MlDsaKey*, byte*); typedef int (*size_fn)(wc_MlDsaKey*); typedef int (*check_fn)(wc_MlDsaKey*); typedef int (*export_fn)(wc_MlDsaKey*, byte*, word32*); - init_fn f_init_ex = &wc_dilithium_init_ex; - free_fn f_free = &wc_dilithium_free; - set_level_fn f_set_level = &wc_dilithium_set_level; - get_level_fn f_get_level = &wc_dilithium_get_level; - size_fn f_sig_size = &wc_dilithium_sig_size; - - (void)f_init_ex; (void)f_free; (void)f_set_level; (void)f_get_level; - (void)f_sig_size; - #ifdef WOLFSSL_MLDSA_PRIVATE_KEY { size_fn f_size = &wc_dilithium_size; diff --git a/tests/api/test_tls.c b/tests/api/test_tls.c index ee2e112bfa..f614392144 100644 --- a/tests/api/test_tls.c +++ b/tests/api/test_tls.c @@ -54,6 +54,18 @@ int test_utils_memio_move_message(void) /* send server's flight */ ExpectIntEQ(wolfSSL_accept(ssl_s), -1); ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + /* If the server responded with a HelloRetryRequest it is waiting on a new + * ClientHello, so the buffered flight is just the HRR rather than the real + * ServerHello flight. Drive another connect/accept round so the message + * moving below operates on the real flight. */ + if (EXPECT_SUCCESS() && test_memio_msg_is_hello_retry_request(&test_ctx)) { + /* client processes HRR and sends second ClientHello */ + ExpectIntEQ(wolfSSL_connect(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + /* server processes second ClientHello and sends its flight */ + ExpectIntEQ(wolfSSL_accept(ssl_s), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + } /* Move messages around but they should be the same at the end */ ExpectIntEQ(test_memio_move_message(&test_ctx, 1, 1, 2), 0); ExpectIntEQ(test_memio_move_message(&test_ctx, 1, 2, 1), 0); diff --git a/tests/api/test_tls13.c b/tests/api/test_tls13.c index ca37fb48cc..fcda2298c2 100644 --- a/tests/api/test_tls13.c +++ b/tests/api/test_tls13.c @@ -93,7 +93,10 @@ int test_tls13_apis(void) #endif #if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES) int groups[2] = { WOLFSSL_ECC_SECP256R1, -#ifdef WOLFSSL_HAVE_MLKEM +#if defined(WOLFSSL_HAVE_MLKEM) && \ + !defined(WOLFSSL_MLKEM_NO_MAKE_KEY) && \ + !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) && \ + !defined(WOLFSSL_MLKEM_NO_DECAPSULATE) #ifdef WOLFSSL_MLKEM_KYBER #ifndef WOLFSSL_NO_KYBER512 WOLFSSL_KYBER_LEVEL1 @@ -5348,6 +5351,7 @@ int test_tls13_corrupted_finished(void) WOLFSSL *ssl_c = NULL; WOLFSSL *ssl_s = NULL; struct test_memio_ctx test_ctx; + int ret; XMEMSET(&test_ctx, 0, sizeof(test_ctx)); ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, @@ -5365,7 +5369,29 @@ int test_tls13_corrupted_finished(void) /* Step 3: Client processes server flight, verifies server Finished, * sends client Finished */ - ExpectIntEQ(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS); + ret = wolfSSL_connect(ssl_c); + if (ret == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) { + /* Actually: Server sent HelloRetryRequest */ + ExpectIntEQ(wolfSSL_get_error(ssl_s, WOLFSSL_FATAL_ERROR), + WOLFSSL_ERROR_WANT_READ); + + /* Step 1: Client sends ClientHello */ + ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR), + WOLFSSL_ERROR_WANT_READ); + + /* Step 2: Server processes CH, sends SH + EE + Cert + CV + Finished */ + ExpectIntNE(wolfSSL_accept(ssl_s), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_get_error(ssl_s, WOLFSSL_FATAL_ERROR), + WOLFSSL_ERROR_WANT_READ); + + /* Step 3: Client processes server flight, verifies server Finished, + * sends client Finished */ + ExpectIntEQ(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS); + } + else { + ExpectIntEQ(ret, WOLFSSL_SUCCESS); + } /* Corrupt the server's client_write_MAC_secret so that when it computes * the expected Finished HMAC, the result won't match the client's actual @@ -5448,7 +5474,20 @@ int test_tls13_peerauth_failsafe(void) ExpectIntNE(wolfSSL_accept(ssl_s), WOLFSSL_SUCCESS); ExpectIntEQ(wolfSSL_get_error(ssl_s, WOLFSSL_FATAL_ERROR), WOLFSSL_ERROR_WANT_READ); - ExpectIntEQ(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS); + ret = wolfSSL_connect(ssl_c); + if (ret == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) { + /* HelloRetryRequest sent by server. */ + ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR), + WOLFSSL_ERROR_WANT_READ); + ExpectIntNE(wolfSSL_accept(ssl_s), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_get_error(ssl_s, WOLFSSL_FATAL_ERROR), + WOLFSSL_ERROR_WANT_READ); + ExpectIntEQ(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS); + } + else { + ExpectIntEQ(ret, WOLFSSL_SUCCESS); + } ssl_s->options.peerAuthGood = 0; ret = wolfSSL_accept(ssl_s); @@ -6090,6 +6129,16 @@ static int test_tls13_cipher_fuzz_once(WC_RNG* rng, ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); ExpectIntNE(wolfSSL_accept(ssl_s), WOLFSSL_SUCCESS); ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + /* The default groups can lead the server to respond with a + * HelloRetryRequest, in which case it is waiting on a new ClientHello and + * has not yet sent any encrypted record. Drive another connect/accept round + * so the buffers hold the real flight before fuzzing. */ + if (EXPECT_SUCCESS() && test_memio_msg_is_hello_retry_request(&test_ctx)) { + ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + ExpectIntNE(wolfSSL_accept(ssl_s), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + } if (side == 1) { ExpectIntEQ(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS); buf = test_ctx.s_buff; diff --git a/tests/api/test_x509.c b/tests/api/test_x509.c index 7a16b9616b..61ae6b705c 100644 --- a/tests/api/test_x509.c +++ b/tests/api/test_x509.c @@ -647,7 +647,7 @@ int test_x509_CertFromX509_akid_overflow(void) EXPECT_DECLS; #if defined(WOLFSSL_AKID_NAME) && defined(WOLFSSL_CERT_GEN) && \ defined(WOLFSSL_CERT_EXT) && !defined(NO_BIO) && \ - (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) + (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && defined(HAVE_ECC) /* DER builder helpers -- write into a flat buffer */ #ifdef WOLFSSL_SMALL_STACK unsigned char* buf = NULL; diff --git a/tests/suites.c b/tests/suites.c index 337c169e0f..d6dd4fa44b 100644 --- a/tests/suites.c +++ b/tests/suites.c @@ -214,7 +214,8 @@ static int IsKyberLevelAvailable(const char* line) #endif #endif /* WOLFSSL_TLS_NO_MLKEM_STANDALONE */ #ifdef WOLFSSL_PQC_HYBRIDS - #if !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_ECC) + #if !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_ECC) && \ + (!defined(WOLFSSL_SP_MATH) || !defined(WOLFSSL_SP_NO_256)) if (MATCH_PQC(begin, "SecP256r1MLKEM768", len)) { available = 1; } @@ -224,7 +225,8 @@ static int IsKyberLevelAvailable(const char* line) available = 1; } #endif - #if !defined(WOLFSSL_NO_ML_KEM_1024) && defined(HAVE_ECC) + #if !defined(WOLFSSL_NO_ML_KEM_1024) && defined(HAVE_ECC) && \ + (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_384)) if (MATCH_PQC(begin, "SecP384r1MLKEM1024", len)) { available = 1; } @@ -246,7 +248,8 @@ static int IsKyberLevelAvailable(const char* line) available = 1; } #endif - #if !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_ECC) + #if !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_ECC) && \ + (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_384)) if (MATCH_PQC(begin, "SecP384r1MLKEM768", len)) { available = 1; } @@ -261,7 +264,8 @@ static int IsKyberLevelAvailable(const char* line) available = 1; } #endif - #if !defined(WOLFSSL_NO_ML_KEM_1024) && defined(HAVE_ECC) + #if !defined(WOLFSSL_NO_ML_KEM_1024) && defined(HAVE_ECC) && \ + (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_521)) if (MATCH_PQC(begin, "SecP521r1MLKEM1024", len)) { available = 1; } @@ -290,9 +294,11 @@ static int IsKyberLevelAvailable(const char* line) available = 1; } #ifdef HAVE_ECC + #if !defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_384) if (MATCH_PQC(begin, "P384_KYBER_LEVEL3", len)) { available = 1; } + #endif if (MATCH_PQC(begin, "P256_KYBER_LEVEL3", len)) { available = 1; } @@ -303,9 +309,11 @@ static int IsKyberLevelAvailable(const char* line) available = 1; } #ifdef HAVE_ECC + #if !defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_521) if (MATCH_PQC(begin, "P521_KYBER_LEVEL5", len)) { available = 1; } + #endif #endif #endif #if !defined(WOLFSSL_NO_KYBER512) && defined(HAVE_CURVE25519) @@ -476,6 +484,28 @@ static int IsEcdsaCipherSuiteDefRsaCert(const char* line) } #endif +#ifdef WOLFSSL_STATIC_PSK +/* Check whether the command line forces ephemeral (EC)DHE PSK key exchange. + * + * @param [in] argc Number of arguments. + * @param [in] argv Argument list. + * @return 1 when "--onlyPskDheKe" is present. + * @return 0 otherwise. + */ +static int IsOnlyPskDheKe(int argc, char** argv) +{ + int i; + + for (i = 0; i < argc; i++) { + if (argv[i] != NULL && XSTRCMP(argv[i], "--onlyPskDheKe") == 0) { + return 1; + } + } + + return 0; +} +#endif /* WOLFSSL_STATIC_PSK */ + static int execute_test_case(int svr_argc, char** svr_argv, int cli_argc, char** cli_argv, int addNoVerify, int addNonBlocking, @@ -588,6 +618,18 @@ static int execute_test_case(int svr_argc, char** svr_argv, return NOT_BUILT_IN; } #endif +#ifdef WOLFSSL_STATIC_PSK + /* --onlyPskDheKe forces the psk_dhe_ke key exchange mode, which requires + * ephemeral (EC)DHE. A static PSK build provides only the psk_ke mode, so + * skip these tests. */ + if (IsOnlyPskDheKe(svrArgs.argc, svr_argv) || + IsOnlyPskDheKe(cliArgs.argc, cli_argv)) { + #ifdef DEBUG_SUITE_TESTS + printf("--onlyPskDheKe not supported with WOLFSSL_STATIC_PSK\n"); + #endif + return NOT_BUILT_IN; + } +#endif /* Build Server Command */ if (addNoVerify) { diff --git a/tests/utils.c b/tests/utils.c index a6d37b89d5..f2bf4a06fa 100644 --- a/tests/utils.c +++ b/tests/utils.c @@ -513,6 +513,40 @@ int test_memio_get_message(const struct test_memio_ctx *ctx, int client, return 0; } +/* The random value placed in a ServerHello to mark it as a HelloRetryRequest. + * See RFC 8446 Section 4.1.3. */ +static const byte test_hello_retry_request_random[32] = { + 0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11, + 0xBE, 0x1D, 0x8C, 0x02, 0x1E, 0x65, 0xB8, 0x91, + 0xC2, 0xA2, 0x11, 0x16, 0x7A, 0xBB, 0x8C, 0x5E, + 0x07, 0x9E, 0x09, 0xE2, 0xC8, 0xA8, 0x33, 0x9C +}; + +/* Returns 1 if the first server->client record buffered in ctx is a + * HelloRetryRequest, 0 otherwise. A HelloRetryRequest is sent as a ServerHello + * (handshake type server_hello) carrying the special random above. */ +int test_memio_msg_is_hello_retry_request(const struct test_memio_ctx *ctx) +{ + const char* msg = NULL; + int msg_sz = 0; + /* TLS record header (5) + handshake header (4) + legacy_version (2) is the + * offset of the 32-byte ServerHello random within the record. */ + const int random_off = 5 + 4 + 2; + + /* The server's flight is buffered for the client (client = 1). */ + if (test_memio_get_message(ctx, 1, &msg, &msg_sz, 0) != 0) + return 0; + /* Need a handshake record (0x16) holding a server_hello (0x02) with a full + * random. */ + if (msg_sz < random_off + (int)sizeof(test_hello_retry_request_random)) + return 0; + if ((byte)msg[0] != 0x16 || (byte)msg[5] != 0x02) + return 0; + + return XMEMCMP(msg + random_off, test_hello_retry_request_random, + sizeof(test_hello_retry_request_random)) == 0; +} + int test_memio_move_message(struct test_memio_ctx *ctx, int client, int msg_pos_in, int msg_pos_out) { diff --git a/tests/utils.h b/tests/utils.h index bd9a150e01..624a4b4aa6 100644 --- a/tests/utils.h +++ b/tests/utils.h @@ -80,6 +80,7 @@ int test_memio_copy_message(const struct test_memio_ctx *ctx, int client, char *out, int *out_sz, int msg_pos); int test_memio_get_message(const struct test_memio_ctx *ctx, int client, const char **out, int *out_sz, int msg_pos); +int test_memio_msg_is_hello_retry_request(const struct test_memio_ctx *ctx); int test_memio_move_message(struct test_memio_ctx *ctx, int client, int msg_pos_in, int msg_pos_out); int test_memio_drop_message(struct test_memio_ctx *ctx, int client, int msg_pos); diff --git a/wolfcrypt/src/ed25519.c b/wolfcrypt/src/ed25519.c index b84d7e9b15..0b51638df5 100644 --- a/wolfcrypt/src/ed25519.c +++ b/wolfcrypt/src/ed25519.c @@ -1588,7 +1588,7 @@ int wc_ed25519_check_key(ed25519_key* key) #endif /* HAVE_ED25519_MAKE_KEY */ /* No private key (or ability to make a public key), check Y is valid. */ - if ((ret == 0) + if (ret == 0 #ifdef HAVE_ED25519_MAKE_KEY && (!key->privKeySet) #endif diff --git a/wolfcrypt/src/evp_pk.c b/wolfcrypt/src/evp_pk.c index 9ef4d459bd..7c9f25539c 100644 --- a/wolfcrypt/src/evp_pk.c +++ b/wolfcrypt/src/evp_pk.c @@ -235,7 +235,7 @@ static int d2iTryEccKey(WOLFSSL_EVP_PKEY** out, const unsigned char* mem, } #endif /* HAVE_ECC && OPENSSL_EXTRA */ -#ifdef HAVE_ED25519 +#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT) /** * Try to make an Ed25519 EVP PKEY from data. * @@ -299,9 +299,9 @@ static int d2iTryEd25519Key(WOLFSSL_EVP_PKEY** out, const unsigned char* mem, return ret; } -#endif /* HAVE_ED25519 */ +#endif /* HAVE_ED25519i && HAVE_ED25519_KEY_IMPORT */ -#ifdef HAVE_ED448 +#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT) /** * Try to make an Ed448 EVP PKEY from data. * @@ -398,7 +398,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_raw_public_key(int type, } switch (type) { - #ifdef HAVE_ED25519 + #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT) case WC_EVP_PKEY_ED25519: { ed25519_key* edKey; if (len != ED25519_PUB_KEY_SIZE) { @@ -419,7 +419,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_raw_public_key(int type, break; } #endif - #ifdef HAVE_ED448 + #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT) case WC_EVP_PKEY_ED448: { ed448_key* edKey; if (len != ED448_PUB_KEY_SIZE) { @@ -542,7 +542,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_raw_private_key(int type, } switch (type) { - #ifdef HAVE_ED25519 + #if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT) case WC_EVP_PKEY_ED25519: { ed25519_key* edKey; if (len != ED25519_KEY_SIZE) { @@ -564,7 +564,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_raw_private_key(int type, break; } #endif - #ifdef HAVE_ED448 + #if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT) case WC_EVP_PKEY_ED448: { ed448_key* edKey; if (len != ED448_KEY_SIZE) { @@ -1133,18 +1133,18 @@ static WOLFSSL_EVP_PKEY* d2i_evp_pkey_try(WOLFSSL_EVP_PKEY** out, #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ #endif /* !NO_DH && OPENSSL_EXTRA && WOLFSSL_DH_EXTRA */ -#ifdef HAVE_ED25519 +#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT) if (d2iTryEd25519Key(&pkey, *in, inSz, priv) >= 0) { found = 1; } else -#endif /* HAVE_ED25519 */ -#ifdef HAVE_ED448 +#endif /* HAVE_ED25519 && HAVE_ED25519_KEY_IMPORT */ +#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT) if (d2iTryEd448Key(&pkey, *in, inSz, priv) >= 0) { found = 1; } else -#endif /* HAVE_ED448 */ +#endif /* HAVE_ED448 && HAVE_ED448_KEY_IMPORT */ #ifdef HAVE_FALCON if (d2iTryFalconKey(&pkey, *in, inSz, priv) >= 0) { found = 1; @@ -1494,7 +1494,7 @@ static WOLFSSL_EVP_PKEY* d2i_evp_pkey(int type, WOLFSSL_EVP_PKEY** out, #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ #endif /* HAVE_DH */ #endif /* WOLFSSL_QT || OPENSSL_ALL || WOLFSSL_OPENSSH */ -#ifdef HAVE_ED25519 +#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT) case WC_EVP_PKEY_ED25519: /* local->pkey.ptr already holds the input bytes, so * d2iTryEd25519Key will skip the d2i_make_pkey allocate/copy @@ -1505,7 +1505,7 @@ static WOLFSSL_EVP_PKEY* d2i_evp_pkey(int type, WOLFSSL_EVP_PKEY** out, } break; #endif /* HAVE_ED25519 */ -#ifdef HAVE_ED448 +#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT) case WC_EVP_PKEY_ED448: /* See WC_EVP_PKEY_ED25519 case above. */ if (d2iTryEd448Key(&local, p, local->pkey_sz, priv) != 1) { diff --git a/wolfcrypt/src/ge_operations.c b/wolfcrypt/src/ge_operations.c index 7556594f4b..5d3157628d 100644 --- a/wolfcrypt/src/ge_operations.c +++ b/wolfcrypt/src/ge_operations.c @@ -960,6 +960,8 @@ static WC_INLINE void ge_add(ge_p1p1 *r,const ge_p3 *p,const ge_cached *q) #ifndef CURVED25519_ASM +#if defined(HAVE_ED25519_SIGN) || defined(HAVE_ED25519_MAKE_KEY) || \ + defined(WOLFSSL_CURVE25519_USE_ED25519) /* ge_scalar mult base */ static unsigned char equal(unsigned char b,unsigned char c) { @@ -970,14 +972,10 @@ static unsigned char equal(unsigned char b,unsigned char c) return (unsigned char)y; } -#if defined(HAVE_ED25519_SIGN) || defined(HAVE_ED25519_MAKE_KEY) || \ - defined(WOLFSSL_CURVE25519_USE_ED25519) static unsigned char negative(signed char b) { return ((unsigned char)b) >> 7; } -#endif - static WC_INLINE void cmov(ge_precomp *t,const ge_precomp *u,unsigned char b, unsigned char n) @@ -988,6 +986,7 @@ static WC_INLINE void cmov(ge_precomp *t,const ge_precomp *u,unsigned char b, fe_cmov(t->xy2d,u->xy2d,b); } #endif +#endif #if defined(HAVE_ED25519_SIGN) || defined(HAVE_ED25519_MAKE_KEY) || \ defined(WOLFSSL_CURVE25519_USE_ED25519) diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index e265d69cf4..a2850b57f2 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -978,10 +978,10 @@ int wc_CheckRsaKey(RsaKey* key) XFREE(rng, NULL, DYNAMIC_TYPE_RNG); #endif } - FREE_MP_INT_SIZE(tmp, NULL, DYNAMIC_TYPE_RSA); #ifdef WOLFSSL_CHECK_MEM_ZERO mp_memzero_check(tmp); #endif + FREE_MP_INT_SIZE(tmp, NULL, DYNAMIC_TYPE_RSA); return ret; } diff --git a/wolfcrypt/src/sp_arm32.c b/wolfcrypt/src/sp_arm32.c index dd10cc64ad..e9e5098af5 100644 --- a/wolfcrypt/src/sp_arm32.c +++ b/wolfcrypt/src/sp_arm32.c @@ -62697,13 +62697,10 @@ static const sp_point_256 p256_base = { /* infinity */ 0 }; -#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) || \ - defined(HAVE_COMP_KEY) static const sp_digit p256_b[8] = { 0x27d2604b,0x3bce3c3e,0xcc53b0f6,0x651d06b0,0x769886bc,0xb3ebbd55, 0xaa3a93e7,0x5ac635d8 }; -#endif #ifdef WOLFSSL_SP_SMALL /* Multiply a and b into r. (r = a * b) @@ -80782,7 +80779,6 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, #endif /* WOLFSSL_SP_NONBLOCK */ #endif /* HAVE_ECC_VERIFY */ -#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Check that the x and y ordinates are a valid point on the curve. * * point EC point. @@ -80855,6 +80851,7 @@ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY) return err; } +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Check that the private scalar generates the EC point (px, py), the point is * on the curve and the point has the correct order. * @@ -81282,13 +81279,10 @@ static const sp_point_384 p384_base = { /* infinity */ 0 }; -#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) || \ - defined(HAVE_COMP_KEY) static const sp_digit p384_b[12] = { 0xd3ec2aef,0x2a85c8ed,0x8a2ed19d,0xc656398d,0x5013875a,0x0314088f, 0xfe814112,0x181d9c6e,0xe3f82d19,0x988e056b,0xe23ee7e4,0xb3312fa7 }; -#endif #ifdef WOLFSSL_SP_SMALL /* Multiply a and b into r. (r = a * b) @@ -99065,7 +99059,6 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, #endif /* WOLFSSL_SP_NONBLOCK */ #endif /* HAVE_ECC_VERIFY */ -#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Check that the x and y ordinates are a valid point on the curve. * * point EC point. @@ -99138,6 +99131,7 @@ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY) return err; } +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Check that the private scalar generates the EC point (px, py), the point is * on the curve and the point has the correct order. * @@ -99607,14 +99601,11 @@ static const sp_point_521 p521_base = { /* infinity */ 0 }; -#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) || \ - defined(HAVE_COMP_KEY) static const sp_digit p521_b[17] = { 0x6b503f00,0xef451fd4,0x3d2c34f1,0x3573df88,0x3bb1bf07,0x1652c0bd, 0xec7e937b,0x56193951,0x8ef109e1,0xb8b48991,0x99b315f3,0xa2da725b, 0xb68540ee,0x929a21a0,0x8e1c9a1f,0x953eb961,0x00000051 }; -#endif #ifdef WOLFSSL_SP_SMALL /* Multiply a and b into r. (r = a * b) @@ -128007,7 +127998,6 @@ int sp_ecc_verify_521_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, #endif /* WOLFSSL_SP_NONBLOCK */ #endif /* HAVE_ECC_VERIFY */ -#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Check that the x and y ordinates are a valid point on the curve. * * point EC point. @@ -128080,6 +128070,7 @@ int sp_ecc_is_point_521(const mp_int* pX, const mp_int* pY) return err; } +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Check that the private scalar generates the EC point (px, py), the point is * on the curve and the point has the correct order. * @@ -158404,7 +158395,6 @@ int sp_Pairing_precomp_1024(const ecc_point* pm, const ecc_point* qm, } #endif /* WOLFSSL_SP_SMALL */ -#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Read big endian unsigned byte array into r. * * r A single precision integer. @@ -158528,6 +158518,7 @@ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY) return err; } +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Check that the private scalar generates the EC point (px, py), the point is * on the curve and the point has the correct order. * diff --git a/wolfcrypt/src/sp_arm64.c b/wolfcrypt/src/sp_arm64.c index 59751ebe0c..2045db37fc 100644 --- a/wolfcrypt/src/sp_arm64.c +++ b/wolfcrypt/src/sp_arm64.c @@ -21506,13 +21506,10 @@ static const sp_point_256 p256_base = { 0 }; #endif /* WOLFSSL_SP_SMALL */ -#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) || \ - defined(HAVE_COMP_KEY) static const sp_digit p256_b[4] = { 0x3bce3c3e27d2604bL,0x651d06b0cc53b0f6L,0xb3ebbd55769886bcL, 0x5ac635d8aa3a93e7L }; -#endif #ifdef WOLFSSL_SP_SMALL /* Multiply a and b into r. (r = a * b) @@ -41481,7 +41478,6 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, #endif /* WOLFSSL_SP_NONBLOCK */ #endif /* HAVE_ECC_VERIFY */ -#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Add two Montgomery form numbers (r = a + b % m). * * r Result of addition. @@ -41598,6 +41594,7 @@ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY) return err; } +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Check that the private scalar generates the EC point (px, py), the point is * on the curve and the point has the correct order. * @@ -42024,13 +42021,10 @@ static const sp_point_384 p384_base = { 0 }; #endif /* WOLFSSL_SP_SMALL */ -#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) || \ - defined(HAVE_COMP_KEY) static const sp_digit p384_b[6] = { 0x2a85c8edd3ec2aefL,0xc656398d8a2ed19dL,0x0314088f5013875aL, 0x181d9c6efe814112L,0x988e056be3f82d19L,0xb3312fa7e23ee7e4L }; -#endif #ifdef WOLFSSL_SP_SMALL /* Multiply a and b into r. (r = a * b) @@ -67158,7 +67152,6 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, #endif /* WOLFSSL_SP_NONBLOCK */ #endif /* HAVE_ECC_VERIFY */ -#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Check that the x and y ordinates are a valid point on the curve. * * point EC point. @@ -67231,6 +67224,7 @@ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY) return err; } +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Check that the private scalar generates the EC point (px, py), the point is * on the curve and the point has the correct order. * @@ -67696,14 +67690,11 @@ static const sp_point_521 p521_base = { 0 }; #endif /* WOLFSSL_SP_SMALL */ -#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) || \ - defined(HAVE_COMP_KEY) static const sp_digit p521_b[9] = { 0xef451fd46b503f00L,0x3573df883d2c34f1L,0x1652c0bd3bb1bf07L, 0x56193951ec7e937bL,0xb8b489918ef109e1L,0xa2da725b99b315f3L, 0x929a21a0b68540eeL,0x953eb9618e1c9a1fL,0x0000000000000051L }; -#endif #ifdef WOLFSSL_SP_SMALL /* Multiply a and b into r. (r = a * b) @@ -111666,7 +111657,6 @@ int sp_ecc_verify_521_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, #endif /* WOLFSSL_SP_NONBLOCK */ #endif /* HAVE_ECC_VERIFY */ -#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Check that the x and y ordinates are a valid point on the curve. * * point EC point. @@ -111739,6 +111729,7 @@ int sp_ecc_is_point_521(const mp_int* pX, const mp_int* pY) return err; } +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Check that the private scalar generates the EC point (px, py), the point is * on the curve and the point has the correct order. * @@ -123425,7 +123416,6 @@ int sp_Pairing_precomp_1024(const ecc_point* pm, const ecc_point* qm, } #endif /* WOLFSSL_SP_SMALL */ -#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Read big endian unsigned byte array into r. * * r A single precision integer. @@ -123615,6 +123605,7 @@ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY) return err; } +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Check that the private scalar generates the EC point (px, py), the point is * on the curve and the point has the correct order. * diff --git a/wolfcrypt/src/sp_armthumb.c b/wolfcrypt/src/sp_armthumb.c index f56e1d9091..77ab6cafa1 100644 --- a/wolfcrypt/src/sp_armthumb.c +++ b/wolfcrypt/src/sp_armthumb.c @@ -96590,13 +96590,10 @@ static const sp_point_256 p256_base = { /* infinity */ 0 }; -#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) || \ - defined(HAVE_COMP_KEY) static const sp_digit p256_b[8] = { 0x27d2604b,0x3bce3c3e,0xcc53b0f6,0x651d06b0,0x769886bc,0xb3ebbd55, 0xaa3a93e7,0x5ac635d8 }; -#endif /* Multiply a and b into r. (r = a * b) * @@ -107292,7 +107289,6 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, #endif /* WOLFSSL_SP_NONBLOCK */ #endif /* HAVE_ECC_VERIFY */ -#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Check that the x and y ordinates are a valid point on the curve. * * point EC point. @@ -107365,6 +107361,7 @@ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY) return err; } +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Check that the private scalar generates the EC point (px, py), the point is * on the curve and the point has the correct order. * @@ -107792,13 +107789,10 @@ static const sp_point_384 p384_base = { /* infinity */ 0 }; -#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) || \ - defined(HAVE_COMP_KEY) static const sp_digit p384_b[12] = { 0xd3ec2aef,0x2a85c8ed,0x8a2ed19d,0xc656398d,0x5013875a,0x0314088f, 0xfe814112,0x181d9c6e,0xe3f82d19,0x988e056b,0xe23ee7e4,0xb3312fa7 }; -#endif /* Multiply a and b into r. (r = a * b) * @@ -118083,7 +118077,6 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, #endif /* WOLFSSL_SP_NONBLOCK */ #endif /* HAVE_ECC_VERIFY */ -#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Check that the x and y ordinates are a valid point on the curve. * * point EC point. @@ -118156,6 +118149,7 @@ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY) return err; } +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Check that the private scalar generates the EC point (px, py), the point is * on the curve and the point has the correct order. * @@ -118625,14 +118619,11 @@ static const sp_point_521 p521_base = { /* infinity */ 0 }; -#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) || \ - defined(HAVE_COMP_KEY) static const sp_digit p521_b[17] = { 0x6b503f00,0xef451fd4,0x3d2c34f1,0x3573df88,0x3bb1bf07,0x1652c0bd, 0xec7e937b,0x56193951,0x8ef109e1,0xb8b48991,0x99b315f3,0xa2da725b, 0xb68540ee,0x929a21a0,0x8e1c9a1f,0x953eb961,0x00000051 }; -#endif /* Multiply a and b into r. (r = a * b) * @@ -134651,7 +134642,6 @@ int sp_ecc_verify_521_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, #endif /* WOLFSSL_SP_NONBLOCK */ #endif /* HAVE_ECC_VERIFY */ -#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Check that the x and y ordinates are a valid point on the curve. * * point EC point. @@ -134724,6 +134714,7 @@ int sp_ecc_is_point_521(const mp_int* pX, const mp_int* pY) return err; } +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Check that the private scalar generates the EC point (px, py), the point is * on the curve and the point has the correct order. * @@ -217058,7 +217049,6 @@ int sp_Pairing_precomp_1024(const ecc_point* pm, const ecc_point* qm, } #endif /* WOLFSSL_SP_SMALL */ -#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Read big endian unsigned byte array into r. * * r A single precision integer. @@ -217182,6 +217172,7 @@ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY) return err; } +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Check that the private scalar generates the EC point (px, py), the point is * on the curve and the point has the correct order. * diff --git a/wolfcrypt/src/sp_c32.c b/wolfcrypt/src/sp_c32.c index 8262fb2f73..6cc1a147a3 100644 --- a/wolfcrypt/src/sp_c32.c +++ b/wolfcrypt/src/sp_c32.c @@ -20367,13 +20367,10 @@ static const sp_point_256 p256_base = { /* infinity */ 0 }; -#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) || \ - defined(HAVE_COMP_KEY) static const sp_digit p256_b[9] = { 0x07d2604b,0x1e71e1f1,0x14ec3d8e,0x1a0d6198,0x086bc651,0x1eaabb4c, 0x0f9ecfae,0x1b154752,0x005ac635 }; -#endif #ifdef WOLFSSL_SP_SMALL /* Multiply a and b into r. (r = a * b) @@ -26531,7 +26528,6 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, #endif /* WOLFSSL_SP_NONBLOCK */ #endif /* HAVE_ECC_VERIFY */ -#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Check that the x and y ordinates are a valid point on the curve. * * point EC point. @@ -26604,6 +26600,7 @@ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY) return err; } +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Check that the private scalar generates the EC point (px, py), the point is * on the curve and the point has the correct order. * @@ -27039,14 +27036,11 @@ static const sp_point_384 p384_base = { /* infinity */ 0 }; -#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) || \ - defined(HAVE_COMP_KEY) static const sp_digit p384_b[15] = { 0x3ec2aef,0x1723b74,0x119d2a8,0x23628bb,0x2c65639,0x004e1d6,0x14088f5, 0x104480c,0x06efe81,0x2460767,0x23f82d1,0x23815af,0x2e7e498,0x3e9f88f, 0x00b3312 }; -#endif #ifdef WOLFSSL_SP_SMALL /* Multiply a and b into r. (r = a * b) @@ -34176,7 +34170,6 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, #endif /* WOLFSSL_SP_NONBLOCK */ #endif /* HAVE_ECC_VERIFY */ -#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Check that the x and y ordinates are a valid point on the curve. * * point EC point. @@ -34249,6 +34242,7 @@ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY) return err; } +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Check that the private scalar generates the EC point (px, py), the point is * on the curve and the point has the correct order. * @@ -34721,14 +34715,11 @@ static const sp_point_521 p521_base = { /* infinity */ 0 }; -#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) || \ - defined(HAVE_COMP_KEY) static const sp_digit p521_b[21] = { 0x1503f00,0x08fea35,0x13c7bd1,0x107a586,0x1573df8,0x18df839,0x102f4ee, 0x0f62ca5,0x1ec7e93,0x10c9ca8,0x0427855,0x13231de,0x13b8b48,0x0cd98af, 0x169c96e,0x081dd45,0x1a0b685,0x1c94d10,0x1872687,0x1d72c31,0x0051953 }; -#endif #ifdef WOLFSSL_SP_SMALL /* Multiply a and b into r. (r = a * b) @@ -41927,7 +41918,6 @@ int sp_ecc_verify_521_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, #endif /* WOLFSSL_SP_NONBLOCK */ #endif /* HAVE_ECC_VERIFY */ -#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Check that the x and y ordinates are a valid point on the curve. * * point EC point. @@ -42000,6 +41990,7 @@ int sp_ecc_is_point_521(const mp_int* pX, const mp_int* pY) return err; } +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Check that the private scalar generates the EC point (px, py), the point is * on the curve and the point has the correct order. * @@ -53422,7 +53413,6 @@ int sp_Pairing_precomp_1024(const ecc_point* pm, const ecc_point* qm, } #endif /* WOLFSSL_SP_SMALL */ -#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Read big endian unsigned byte array into r. * * r A single precision integer. @@ -53534,6 +53524,7 @@ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY) return err; } +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Check that the private scalar generates the EC point (px, py), the point is * on the curve and the point has the correct order. * diff --git a/wolfcrypt/src/sp_c64.c b/wolfcrypt/src/sp_c64.c index b0dd93cbd9..65d610d05c 100644 --- a/wolfcrypt/src/sp_c64.c +++ b/wolfcrypt/src/sp_c64.c @@ -21245,13 +21245,10 @@ static const sp_point_256 p256_base = { /* infinity */ 0 }; -#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) || \ - defined(HAVE_COMP_KEY) static const sp_digit p256_b[5] = { 0xe3c3e27d2604bL,0xb0cc53b0f63bcL,0x69886bc651d06L,0x93e7b3ebbd557L, 0x05ac635d8aa3aL }; -#endif #ifdef WOLFSSL_SP_SMALL /* Multiply a and b into r. (r = a * b) @@ -27146,7 +27143,6 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, #endif /* WOLFSSL_SP_NONBLOCK */ #endif /* HAVE_ECC_VERIFY */ -#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Check that the x and y ordinates are a valid point on the curve. * * point EC point. @@ -27219,6 +27215,7 @@ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY) return err; } +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Check that the private scalar generates the EC point (px, py), the point is * on the curve and the point has the correct order. * @@ -27643,13 +27640,10 @@ static const sp_point_384 p384_base = { /* infinity */ 0 }; -#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) || \ - defined(HAVE_COMP_KEY) static const sp_digit p384_b[7] = { 0x05c8edd3ec2aefL,0x731b145da33a55L,0x3d404e1d6b1958L,0x740a089018a044L, 0x02d19181d9c6efL,0x7c9311c0ad7c7fL,0x2ccc4be9f88fb9L }; -#endif #ifdef WOLFSSL_SP_SMALL /* Multiply a and b into r. (r = a * b) @@ -34178,7 +34172,6 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, #endif /* WOLFSSL_SP_NONBLOCK */ #endif /* HAVE_ECC_VERIFY */ -#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Check that the x and y ordinates are a valid point on the curve. * * point EC point. @@ -34251,6 +34244,7 @@ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY) return err; } +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Check that the private scalar generates the EC point (px, py), the point is * on the curve and the point has the correct order. * @@ -34714,14 +34708,11 @@ static const sp_point_521 p521_base = { /* infinity */ 0 }; -#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) || \ - defined(HAVE_COMP_KEY) static const sp_digit p521_b[9] = { 0x3451fd46b503f00L,0x0f7e20f4b0d3c7bL,0x00bd3bb1bf07357L,0x147b1fa4dec594bL, 0x18ef109e1561939L,0x26cc57cee2d2264L,0x0540eea2da725b9L,0x2687e4a688682daL, 0x051953eb9618e1cL }; -#endif #ifdef WOLFSSL_SP_SMALL /* Multiply a and b into r. (r = a * b) @@ -41239,7 +41230,6 @@ int sp_ecc_verify_521_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, #endif /* WOLFSSL_SP_NONBLOCK */ #endif /* HAVE_ECC_VERIFY */ -#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Check that the x and y ordinates are a valid point on the curve. * * point EC point. @@ -41312,6 +41302,7 @@ int sp_ecc_is_point_521(const mp_int* pX, const mp_int* pY) return err; } +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Check that the private scalar generates the EC point (px, py), the point is * on the curve and the point has the correct order. * @@ -51727,7 +51718,6 @@ int sp_Pairing_precomp_1024(const ecc_point* pm, const ecc_point* qm, } #endif /* WOLFSSL_SP_SMALL */ -#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Read big endian unsigned byte array into r. * * r A single precision integer. @@ -51839,6 +51829,7 @@ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY) return err; } +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Check that the private scalar generates the EC point (px, py), the point is * on the curve and the point has the correct order. * diff --git a/wolfcrypt/src/sp_cortexm.c b/wolfcrypt/src/sp_cortexm.c index f9d22092d9..d541e08911 100644 --- a/wolfcrypt/src/sp_cortexm.c +++ b/wolfcrypt/src/sp_cortexm.c @@ -32083,13 +32083,10 @@ static const sp_point_256 p256_base = { /* infinity */ 0 }; -#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) || \ - defined(HAVE_COMP_KEY) static const sp_digit p256_b[8] = { 0x27d2604b,0x3bce3c3e,0xcc53b0f6,0x651d06b0,0x769886bc,0xb3ebbd55, 0xaa3a93e7,0x5ac635d8 }; -#endif #ifdef WOLFSSL_SP_SMALL /* Multiply a and b into r. (r = a * b) @@ -42288,7 +42285,6 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, #endif /* WOLFSSL_SP_NONBLOCK */ #endif /* HAVE_ECC_VERIFY */ -#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Check that the x and y ordinates are a valid point on the curve. * * point EC point. @@ -42361,6 +42357,7 @@ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY) return err; } +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Check that the private scalar generates the EC point (px, py), the point is * on the curve and the point has the correct order. * @@ -42788,13 +42785,10 @@ static const sp_point_384 p384_base = { /* infinity */ 0 }; -#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) || \ - defined(HAVE_COMP_KEY) static const sp_digit p384_b[12] = { 0xd3ec2aef,0x2a85c8ed,0x8a2ed19d,0xc656398d,0x5013875a,0x0314088f, 0xfe814112,0x181d9c6e,0xe3f82d19,0x988e056b,0xe23ee7e4,0xb3312fa7 }; -#endif #ifdef WOLFSSL_SP_SMALL /* Multiply a and b into r. (r = a * b) @@ -52395,7 +52389,6 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, #endif /* WOLFSSL_SP_NONBLOCK */ #endif /* HAVE_ECC_VERIFY */ -#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Check that the x and y ordinates are a valid point on the curve. * * point EC point. @@ -52468,6 +52461,7 @@ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY) return err; } +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Check that the private scalar generates the EC point (px, py), the point is * on the curve and the point has the correct order. * @@ -52937,14 +52931,11 @@ static const sp_point_521 p521_base = { /* infinity */ 0 }; -#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) || \ - defined(HAVE_COMP_KEY) static const sp_digit p521_b[17] = { 0x6b503f00,0xef451fd4,0x3d2c34f1,0x3573df88,0x3bb1bf07,0x1652c0bd, 0xec7e937b,0x56193951,0x8ef109e1,0xb8b48991,0x99b315f3,0xa2da725b, 0xb68540ee,0x929a21a0,0x8e1c9a1f,0x953eb961,0x00000051 }; -#endif #ifdef WOLFSSL_SP_SMALL /* Multiply a and b into r. (r = a * b) @@ -65811,7 +65802,6 @@ int sp_ecc_verify_521_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, #endif /* WOLFSSL_SP_NONBLOCK */ #endif /* HAVE_ECC_VERIFY */ -#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Check that the x and y ordinates are a valid point on the curve. * * point EC point. @@ -65884,6 +65874,7 @@ int sp_ecc_is_point_521(const mp_int* pX, const mp_int* pY) return err; } +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Check that the private scalar generates the EC point (px, py), the point is * on the curve and the point has the correct order. * @@ -82141,7 +82132,6 @@ int sp_Pairing_precomp_1024(const ecc_point* pm, const ecc_point* qm, } #endif /* WOLFSSL_SP_SMALL */ -#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Read big endian unsigned byte array into r. * * r A single precision integer. @@ -82265,6 +82255,7 @@ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY) return err; } +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Check that the private scalar generates the EC point (px, py), the point is * on the curve and the point has the correct order. * diff --git a/wolfcrypt/src/sp_int.c b/wolfcrypt/src/sp_int.c index ff5a33e2e6..53f464282a 100644 --- a/wolfcrypt/src/sp_int.c +++ b/wolfcrypt/src/sp_int.c @@ -7423,7 +7423,8 @@ static void _sp_div_2(const sp_int* a, sp_int* r) /* Last word only needs to be shifted down. */ r->dp[i] = a->dp[i] >> 1; /* Set used to be all words seen. */ - r->used = (sp_size_t)(i + 1 - (int)((r->dp[i] - 1) >> (SP_WORD_SIZE - 1))); + r->used = (sp_size_t)(i + 1 - (int)((sp_int_digit)(r->dp[i] - 1) >> + (SP_WORD_SIZE - 1))); #ifdef WOLFSSL_SP_INT_NEGATIVE /* Same sign in result. */ r->sign = a->sign; diff --git a/wolfcrypt/src/sp_x86_64.c b/wolfcrypt/src/sp_x86_64.c index 7ce9b9ab6a..0ead549d16 100644 --- a/wolfcrypt/src/sp_x86_64.c +++ b/wolfcrypt/src/sp_x86_64.c @@ -7585,13 +7585,10 @@ static const sp_point_256 p256_base = { 0 }; #endif /* WOLFSSL_SP_SMALL */ -#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) || \ - defined(HAVE_COMP_KEY) static const sp_digit p256_b[4] = { 0x3bce3c3e27d2604bL,0x651d06b0cc53b0f6L,0xb3ebbd55769886bcL, 0x5ac635d8aa3a93e7L }; -#endif #ifdef __cplusplus extern "C" { @@ -25637,7 +25634,6 @@ int sp_ecc_verify_256_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, #endif /* WOLFSSL_SP_NONBLOCK */ #endif /* HAVE_ECC_VERIFY */ -#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Check that the x and y ordinates are a valid point on the curve. * * point EC point. @@ -25710,6 +25706,7 @@ int sp_ecc_is_point_256(const mp_int* pX, const mp_int* pY) return err; } +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Check that the private scalar generates the EC point (px, py), the point is * on the curve and the point has the correct order. * @@ -26240,13 +26237,10 @@ static const sp_point_384 p384_base = { 0 }; #endif /* WOLFSSL_SP_SMALL */ -#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) || \ - defined(HAVE_COMP_KEY) static const sp_digit p384_b[6] = { 0x2a85c8edd3ec2aefL,0xc656398d8a2ed19dL,0x0314088f5013875aL, 0x181d9c6efe814112L,0x988e056be3f82d19L,0xb3312fa7e23ee7e4L }; -#endif #ifdef __cplusplus extern "C" { @@ -50181,7 +50175,6 @@ int sp_ecc_verify_384_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, #endif /* WOLFSSL_SP_NONBLOCK */ #endif /* HAVE_ECC_VERIFY */ -#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Check that the x and y ordinates are a valid point on the curve. * * point EC point. @@ -50254,6 +50247,7 @@ int sp_ecc_is_point_384(const mp_int* pX, const mp_int* pY) return err; } +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Check that the private scalar generates the EC point (px, py), the point is * on the curve and the point has the correct order. * @@ -50848,14 +50842,11 @@ static const sp_point_521 p521_base = { 0 }; #endif /* WOLFSSL_SP_SMALL */ -#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) || \ - defined(HAVE_COMP_KEY) static const sp_digit p521_b[9] = { 0xef451fd46b503f00L,0x3573df883d2c34f1L,0x1652c0bd3bb1bf07L, 0x56193951ec7e937bL,0xb8b489918ef109e1L,0xa2da725b99b315f3L, 0x929a21a0b68540eeL,0x953eb9618e1c9a1fL,0x0000000000000051L }; -#endif #ifdef __cplusplus extern "C" { @@ -90927,7 +90918,6 @@ int sp_ecc_verify_521_nb(sp_ecc_ctx_t* sp_ctx, const byte* hash, #endif /* WOLFSSL_SP_NONBLOCK */ #endif /* HAVE_ECC_VERIFY */ -#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Check that the x and y ordinates are a valid point on the curve. * * point EC point. @@ -91000,6 +90990,7 @@ int sp_ecc_is_point_521(const mp_int* pX, const mp_int* pY) return err; } +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Check that the private scalar generates the EC point (px, py), the point is * on the curve and the point has the correct order. * @@ -103475,7 +103466,6 @@ int sp_Pairing_precomp_1024(const ecc_point* pm, const ecc_point* qm, mp_int* re return err; } -#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) #ifdef __cplusplus extern "C" { #endif @@ -103588,6 +103578,7 @@ int sp_ecc_is_point_1024(const mp_int* pX, const mp_int* pY) return err; } +#if defined(HAVE_ECC_CHECK_KEY) || !defined(NO_ECC_CHECK_PUBKEY_ORDER) /* Check that the private scalar generates the EC point (px, py), the point is * on the curve and the point has the correct order. * diff --git a/wolfcrypt/src/wc_mldsa.c b/wolfcrypt/src/wc_mldsa.c index dca96173a6..3e08dad88a 100644 --- a/wolfcrypt/src/wc_mldsa.c +++ b/wolfcrypt/src/wc_mldsa.c @@ -8593,10 +8593,12 @@ static int mldsa_sign_with_seed_mu(wc_MlDsaKey* key, const wc_MlDsaParams* params = key->params; const byte* pub_seed = key->k; const byte* k = pub_seed + MLDSA_PUB_SEED_SZ; +#ifndef WOLFSSL_MLDSA_SIGN_SMALL_MEM_PRECALC const byte* tr = k + MLDSA_K_SZ; const byte* s1p = tr + MLDSA_TR_SZ; const byte* s2p = s1p + params->s1EncSz; const byte* t0p = s2p + params->s2EncSz; +#endif const byte* mu = seedMu + MLDSA_RND_SZ; sword32* a = NULL; sword32* s1 = NULL; @@ -9027,8 +9029,8 @@ static int mldsa_sign_with_seed_mu(wc_MlDsaKey* key, } } if ((ret == 0) && valid) { - const byte* t0pt = t0p; #ifndef WOLFSSL_MLDSA_SIGN_SMALL_MEM_PRECALC + const byte* t0pt = t0p; const byte* s2pt = s2p; #endif sword32* cs2 = ct0; @@ -9112,7 +9114,9 @@ static int mldsa_sign_with_seed_mu(wc_MlDsaKey* key, #endif } + #ifndef WOLFSSL_MLDSA_SIGN_SMALL_MEM_PRECALC t0pt += MLDSA_D * MLDSA_N / 8; + #endif w0t += MLDSA_N; w1t += MLDSA_N; } diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index cd3275650b..07beb6fe59 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -8732,7 +8732,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hash_test(void) #endif WC_HASH_TYPE_NONE }; - int typesBad[] = { WC_HASH_TYPE_NONE, WC_HASH_TYPE_MAX + 1 }; + enum wc_HashType typesBad[] = { WC_HASH_TYPE_NONE }; enum wc_HashType typesHashBad[] = { #ifndef WOLFSSL_MD2 @@ -13509,14 +13509,17 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesofb_test(void) Aes enc[1]; #endif byte cipher[WC_AES_BLOCK_SIZE * 4]; -#ifdef HAVE_AES_DECRYPT +/* dec and plain are used by the HAVE_AES_DECRYPT paths and are also passed to + * aescfb_192_stream_test_0() (which ignores them when HAVE_AES_DECRYPT is not + * defined). */ +#if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_192) #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) Aes *dec = NULL; #else Aes dec[1]; #endif - byte plain [WC_AES_BLOCK_SIZE * 4]; -#endif + byte plain[WC_AES_BLOCK_SIZE * 4]; +#endif /* HAVE_AES_DECRYPT || WOLFSSL_AES_192 */ wc_test_ret_t ret = 0; WOLFSSL_SMALL_STACK_STATIC const byte iv[] = { @@ -15255,12 +15258,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_ctr_test(void) #else wc_AesFree(enc); #endif -#ifdef HAVE_AES_DECRYPT #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) wc_AesDelete(dec, &dec); #else wc_AesFree(dec); -#endif #endif return ret; } @@ -17562,10 +17563,12 @@ static wc_test_ret_t aes_xts_256_vector_test(XtsAes *aes) static wc_test_ret_t aes_xts_256_partial_test(XtsAes *aes) { wc_test_ret_t ret = 0; - byte buf[WC_AES_BLOCK_SIZE * 3]; byte cipher[WC_AES_BLOCK_SIZE * 3]; +#ifdef HAVE_AES_DECRYPT + byte buf[WC_AES_BLOCK_SIZE * 3]; #ifdef WOLFSSL_AESXTS_STREAM struct XtsAesStreamData stream; +#endif #endif WOLFSSL_SMALL_STACK_STATIC const unsigned char k1[] = { 0x1e, 0xa6, 0x61, 0xc5, 0x8d, 0x94, 0x3a, 0x0e, @@ -17587,6 +17590,7 @@ static wc_test_ret_t aes_xts_256_partial_test(XtsAes *aes) 0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c, 0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5 }; +#ifdef HAVE_AES_DECRYPT WOLFSSL_SMALL_STACK_STATIC const unsigned char p1[] = { 0x2e, 0xed, 0xea, 0x52, 0xcd, 0x82, 0x15, 0xe1, 0xac, 0xc6, 0x47, 0xe8, 0x10, 0xbb, 0xc3, 0x64, @@ -17629,6 +17633,7 @@ static wc_test_ret_t aes_xts_256_partial_test(XtsAes *aes) 0xe6, 0x6c, 0xdb, 0xb7, 0x9a, 0xb4, 0x28, 0x9b, 0xc3, 0xea, 0xd8, 0x10, 0xe9, 0xc0, 0xaf, 0x92 }; +#endif /* partial block encryption test */ XMEMSET(cipher, 0, sizeof(cipher)); @@ -19057,8 +19062,9 @@ static wc_test_ret_t aesgcm_setiv_test(Aes* enc, Aes* dec) wc_FreeRng(&rng); #else (void)enc; - (void)dec; #endif /* WOLFSSL_AES_256 && ... */ + + (void)dec; return ret; } @@ -19306,13 +19312,17 @@ static wc_test_ret_t aesgcm_non12iv_test(Aes* enc, Aes* dec) 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39 }; +#if defined(WOLFSSL_AES_192) || \ + (defined(WOLFSSL_AES_128) && defined(BENCH_AESGCM_LARGE)) WOLFSSL_SMALL_STACK_STATIC const byte a[] = { 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2 }; -#ifdef BENCH_AESGCM_LARGE +#endif +#if defined(BENCH_AESGCM_LARGE) && \ + (defined(WOLFSSL_AES_192) || defined(WOLFSSL_AES_128)) WOLFSSL_SMALL_STACK_STATIC const byte iv1[] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, @@ -19402,7 +19412,8 @@ static wc_test_ret_t aesgcm_non12iv_test(Aes* enc, Aes* dec) byte resultT[sizeof(t1) + WC_AES_BLOCK_SIZE]; byte resultP[sizeof(p) + WC_AES_BLOCK_SIZE]; byte resultC[sizeof(p) + WC_AES_BLOCK_SIZE]; -#ifdef BENCH_AESGCM_LARGE +#if defined(BENCH_AESGCM_LARGE) && \ + (defined(WOLFSSL_AES_192) || defined(WOLFSSL_AES_128)) int alen = 0; #endif #if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) @@ -19781,6 +19792,7 @@ static wc_test_ret_t aesgcm_aes128_vector_test(Aes* enc, Aes* dec) #endif /* HAVE_AES_DECRYPT */ out: + (void)dec; return ret; } #endif /* WOLFSSL_AES_128 && !WOLFSSL_AFALG_XILINX_AES */ @@ -19829,7 +19841,6 @@ static wc_test_ret_t aesgcm_aes256_vector_test(Aes* enc, Aes* dec) 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88 }; -#ifdef HAVE_AES_DECRYPT WOLFSSL_SMALL_STACK_STATIC const byte c1[] = { 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, @@ -19841,7 +19852,6 @@ static wc_test_ret_t aesgcm_aes256_vector_test(Aes* enc, Aes* dec) 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62 }; -#endif WOLFSSL_SMALL_STACK_STATIC const byte t1[] = { 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, @@ -19891,6 +19901,7 @@ static wc_test_ret_t aesgcm_aes256_vector_test(Aes* enc, Aes* dec) #endif /* HAVE_AES_DECRYPT */ out: + (void)dec; return ret; } @@ -19932,6 +19943,7 @@ static wc_test_ret_t aesgcm_aes256_large_test(Aes* enc, Aes* dec) 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88 }; +#ifdef HAVE_AES_DECRYPT WOLFSSL_SMALL_STACK_STATIC const byte c1[] = { 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, @@ -19943,6 +19955,7 @@ static wc_test_ret_t aesgcm_aes256_large_test(Aes* enc, Aes* dec) 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62 }; +#endif WOLFSSL_SMALL_STACK_STATIC const byte t1[] = { 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, @@ -20184,6 +20197,7 @@ static wc_test_ret_t aesgcm_aes256_large_test(Aes* enc, Aes* dec) #if defined(WOLFSSL_XILINX_CRYPT_VERSAL) XFREE(large_aad, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); #endif + (void)dec; return ret; } #endif /* WOLFSSL_AES_256 */ @@ -20962,7 +20976,9 @@ static wc_test_ret_t aesccm_128_large_test(Aes* enc) { 0x89, 0xd8, 0xd2, 0x02, 0xc5, 0xcf, 0xae, 0xf4 }; +#ifdef HAVE_AES_DECRYPT byte pl2[sizeof(pl)]; +#endif byte cl2[sizeof(cl)]; byte tl2[sizeof(tl)]; @@ -52097,7 +52113,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mlkem_test(void) #endif #endif #endif -#if !defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_MLKEM_NO_MAKE_KEY) +#if !defined(WOLFSSL_NO_MALLOC) && !defined(WC_NO_CONSTRUCTORS) && \ + !defined(WOLFSSL_MLKEM_NO_MAKE_KEY) MlKemKey *tmpKey = NULL; #endif int key_inited = 0; @@ -52285,7 +52302,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mlkem_test(void) if (XMEMCMP(priv, priv2, testData[i][2]) != 0) ERROR_OUT(WC_TEST_RET_ENC_I(i), out); -#if !defined(WOLFSSL_NO_MALLOC) +#if !defined(WOLFSSL_NO_MALLOC) && !defined(WC_NO_CONSTRUCTORS) tmpKey = wc_MlKemKey_New(testData[i][0], HEAP_HINT, devId); if (tmpKey == NULL) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); @@ -55708,25 +55725,21 @@ static wc_test_ret_t test_mldsa_decode_level(const byte* rawKey, { int ret = 0; #if !defined(WOLFSSL_MLDSA_NO_ASN1) && defined(WOLFSSL_ASN_TEMPLATE) - /* Size the buffer to accommodate the largest encoded key size */ - const word32 maxDerSz = MLDSA_MAX_PRV_KEY_DER_SIZE; word32 derSz; word32 idx; - #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - byte* der = NULL; - #else - byte der[MLDSA_MAX_PRV_KEY_DER_SIZE]; - #endif #endif #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + byte* der = NULL; wc_MlDsaKey *key = NULL; #else + byte der[MLDSA_MAX_PRV_KEY_DER_SIZE]; wc_MlDsaKey key[1]; #endif #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) /* Allocate DER buffer */ - der = (byte*)XMALLOC(maxDerSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + der = (byte*)XMALLOC(MLDSA_MAX_PRV_KEY_DER_SIZE, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); key = (wc_MlDsaKey *)XMALLOC(sizeof(*key), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (der == NULL || key == NULL) { @@ -55762,12 +55775,14 @@ static wc_test_ret_t test_mldsa_decode_level(const byte* rawKey, if (ret == 0) { #ifdef WOLFSSL_MLDSA_PUBLIC_KEY if (isPublicOnlyKey) { - ret = wc_MlDsaKey_PublicKeyToDer(key, der, maxDerSz, 1); + ret = wc_MlDsaKey_PublicKeyToDer(key, der, + MLDSA_MAX_PRV_KEY_DER_SIZE, 1); } #endif #ifdef WOLFSSL_MLDSA_PRIVATE_KEY if (!isPublicOnlyKey) { - ret = wc_MlDsaKey_PrivateKeyToDer(key, der, maxDerSz); + ret = wc_MlDsaKey_PrivateKeyToDer(key, der, + MLDSA_MAX_PRV_KEY_DER_SIZE); } #endif if (ret >= 0) { diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 794808f38b..a918ae2bde 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -3462,11 +3462,11 @@ typedef struct PointFormat { WOLFSSL_LOCAL int TLSX_SupportedCurve_Copy(TLSX* src, TLSX** dst, void* heap); WOLFSSL_LOCAL int TLSX_UseSupportedCurve(TLSX** extensions, word16 name, - void* heap); + void* heap, int side); WOLFSSL_LOCAL int TLSX_UsePointFormat(TLSX** extensions, byte point, void* heap); -WOLFSSL_LOCAL int TLSX_IsGroupSupported(int namedGroup); +WOLFSSL_LOCAL int TLSX_IsGroupSupported(int namedGroup, int side); #ifndef NO_WOLFSSL_SERVER WOLFSSL_LOCAL int TLSX_ValidateSupportedCurves(const WOLFSSL* ssl, byte first, diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 2281bb2f26..11350afd18 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -2545,13 +2545,52 @@ WOLFSSL_API WOLFSSL_ASN1_INTEGER* wolfSSL_d2i_ASN1_INTEGER( WOLFSSL_API int wolfSSL_i2d_ASN1_INTEGER(const WOLFSSL_ASN1_INTEGER* a, unsigned char** pp); -WOLFSSL_API int wolfSSL_ASN1_TIME_print(WOLFSSL_BIO* bio, const WOLFSSL_ASN1_TIME* asnTime); +/* ASN1_TIME APIs */ +/* These ASN1_TIME APIs operate only on the object's stored data and do not + * use system time, so they remain available when NO_ASN_TIME is defined. */ +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +WOLFSSL_API int wolfSSL_ASN1_TIME_get_length(const WOLFSSL_ASN1_TIME *t); +WOLFSSL_API unsigned char* wolfSSL_ASN1_TIME_get_data(const WOLFSSL_ASN1_TIME *t); +WOLFSSL_API WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_to_generalizedtime(WOLFSSL_ASN1_TIME *t, + WOLFSSL_ASN1_TIME **out); +#endif +#ifdef OPENSSL_EXTRA +WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_new(void); +WOLFSSL_API void wolfSSL_ASN1_TIME_free(WOLFSSL_ASN1_TIME* t); +WOLFSSL_API WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_set(WOLFSSL_ASN1_TIME *s, time_t t); +WOLFSSL_API int wolfSSL_ASN1_TIME_set_string(WOLFSSL_ASN1_TIME *s, const char *str); +#endif + +/* These ASN1_TIME APIs use system time or call APIs that are disabled when + * NO_ASN_TIME is defined. */ +#ifndef NO_ASN_TIME +WOLFSSL_API int wolfSSL_ASN1_TIME_print(WOLFSSL_BIO* bio, + const WOLFSSL_ASN1_TIME* asnTime); WOLFSSL_API char* wolfSSL_ASN1_TIME_to_string(WOLFSSL_ASN1_TIME* t, char* buf, int len); -#ifndef NO_ASN_TIME -WOLFSSL_API int wolfSSL_ASN1_TIME_to_tm(const WOLFSSL_ASN1_TIME* asnTime, struct tm* tm); +WOLFSSL_API int wolfSSL_ASN1_TIME_to_tm(const WOLFSSL_ASN1_TIME* asnTime, + struct tm* tm); + +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_ASN1_UTCTIME_set(WOLFSSL_ASN1_TIME *s, + time_t t); #endif + +#ifdef OPENSSL_EXTRA +WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_adj(WOLFSSL_ASN1_TIME* s, + time_t t, int offset_day, + long offset_sec); +WOLFSSL_API int wolfSSL_ASN1_TIME_check(const WOLFSSL_ASN1_TIME* a); +WOLFSSL_API int wolfSSL_ASN1_TIME_diff(int* days, int* secs, const WOLFSSL_ASN1_TIME* from, + const WOLFSSL_ASN1_TIME* to); +WOLFSSL_API int wolfSSL_ASN1_TIME_compare(const WOLFSSL_ASN1_TIME *a, + const WOLFSSL_ASN1_TIME *b); +WOLFSSL_API int wolfSSL_ASN1_TIME_set_string_X509(WOLFSSL_ASN1_TIME *t, + const char *str); +#endif +#endif /* !NO_ASN_TIME */ + WOLFSSL_API int wolfSSL_ASN1_INTEGER_cmp(const WOLFSSL_ASN1_INTEGER* a, const WOLFSSL_ASN1_INTEGER* b); WOLFSSL_API long wolfSSL_ASN1_INTEGER_get(const WOLFSSL_ASN1_INTEGER* a); @@ -2559,10 +2598,6 @@ WOLFSSL_API long wolfSSL_ASN1_INTEGER_get(const WOLFSSL_ASN1_INTEGER* a); #ifdef OPENSSL_EXTRA WOLFSSL_API WOLFSSL_BIGNUM *wolfSSL_ASN1_INTEGER_to_BN(const WOLFSSL_ASN1_INTEGER *ai, WOLFSSL_BIGNUM *bn); -WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_adj(WOLFSSL_ASN1_TIME* s, time_t t, - int offset_day, long offset_sec); -WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_new(void); -WOLFSSL_API void wolfSSL_ASN1_TIME_free(WOLFSSL_ASN1_TIME* t); #endif WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_load_client_CA_file(const char* fname); @@ -3369,15 +3404,6 @@ WOLFSSL_API int wolfSSL_ASN1_UTCTIME_print(WOLFSSL_BIO* bio, WOLFSSL_API int wolfSSL_ASN1_GENERALIZEDTIME_print(WOLFSSL_BIO* bio, const WOLFSSL_ASN1_GENERALIZEDTIME* asnTime); WOLFSSL_API void wolfSSL_ASN1_GENERALIZEDTIME_free(WOLFSSL_ASN1_GENERALIZEDTIME*); -WOLFSSL_API int wolfSSL_ASN1_TIME_check(const WOLFSSL_ASN1_TIME* a); -WOLFSSL_API int wolfSSL_ASN1_TIME_diff(int* days, int* secs, const WOLFSSL_ASN1_TIME* from, - const WOLFSSL_ASN1_TIME* to); -WOLFSSL_API int wolfSSL_ASN1_TIME_compare(const WOLFSSL_ASN1_TIME *a, - const WOLFSSL_ASN1_TIME *b); -WOLFSSL_API WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_set(WOLFSSL_ASN1_TIME *s, time_t t); -WOLFSSL_API int wolfSSL_ASN1_TIME_set_string(WOLFSSL_ASN1_TIME *s, const char *str); -WOLFSSL_API int wolfSSL_ASN1_TIME_set_string_X509(WOLFSSL_ASN1_TIME *t, - const char *str); #endif /* OPENSSL_EXTRA */ @@ -6091,11 +6117,6 @@ WOLFSSL_API void wolfSSL_EC_POINT_dump(const char *msg, const WOLFSSL_EC_POINT * WOLFSSL_API const char *wolfSSL_ASN1_tag2str(int tag); WOLFSSL_API int wolfSSL_ASN1_STRING_print_ex(WOLFSSL_BIO *out, WOLFSSL_ASN1_STRING *str, unsigned long flags); WOLFSSL_API int wolfSSL_ASN1_STRING_print(WOLFSSL_BIO *out, WOLFSSL_ASN1_STRING *str); -WOLFSSL_API int wolfSSL_ASN1_TIME_get_length(const WOLFSSL_ASN1_TIME *t); -WOLFSSL_API unsigned char* wolfSSL_ASN1_TIME_get_data(const WOLFSSL_ASN1_TIME *t); -WOLFSSL_API WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_to_generalizedtime(WOLFSSL_ASN1_TIME *t, - WOLFSSL_ASN1_TIME **out); -WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_ASN1_UTCTIME_set(WOLFSSL_ASN1_TIME *s, time_t t); WOLFSSL_API int wolfSSL_i2c_ASN1_INTEGER(WOLFSSL_ASN1_INTEGER *a, unsigned char **pp); WOLFSSL_API int wolfSSL_a2i_ASN1_INTEGER(WOLFSSL_BIO *bio, WOLFSSL_ASN1_INTEGER *asn1, char *buf, int size); diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index e7d9b568f6..4ec84fb170 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -5248,6 +5248,13 @@ blinding by defining WC_BLINDING_NO_RNG_ACKNOWLEDGE_WEAKNESS." #undef WC_RNG_BANK_SUPPORT #endif +/* The OCSP responder time-stamps every response it generates (producedAt, + * thisUpdate and, for revoked certs, revocationDate), so it needs ASN time + * support. */ +#if defined(HAVE_OCSP_RESPONDER) && defined(NO_ASN_TIME) + #undef HAVE_OCSP_RESPONDER +#endif + #ifdef HAVE_OCSP_RESPONDER #ifndef HAVE_OCSP #error "HAVE_OCSP_RESPONDER requires HAVE_OCSP"