diff --git a/.github/workflows/openvpn.yml b/.github/workflows/openvpn.yml index 5e731d0310..9746301451 100644 --- a/.github/workflows/openvpn.yml +++ b/.github/workflows/openvpn.yml @@ -43,7 +43,7 @@ jobs: fail-fast: false matrix: # List of refs to test - ref: [ release/2.6, v2.6.0, master ] + ref: [ release/2.6, master ] name: ${{ matrix.ref }} if: github.repository_owner == 'wolfssl' runs-on: ubuntu-22.04 diff --git a/.github/workflows/softhsm.yml b/.github/workflows/softhsm.yml new file mode 100644 index 0000000000..1f30a7cff6 --- /dev/null +++ b/.github/workflows/softhsm.yml @@ -0,0 +1,94 @@ +name: SoftHSMv2 Tests + +# START OF COMMON SECTION +on: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION + +jobs: + build_wolfssl: + name: Build wolfSSL + if: github.repository_owner == 'wolfssl' + # Just to keep it the same as the testing target + runs-on: ubuntu-latest + # This should be a safe limit for the tests to run. + timeout-minutes: 10 + steps: + - name: Build wolfSSL + uses: wolfSSL/actions-build-autotools-project@v1 + with: + path: wolfssl + configure: --enable-all CFLAGS=-DRSA_MIN_SIZE=1024 + install: true + check: false + + - name: tar build-dir + run: tar -zcf build-dir.tgz build-dir + + - name: Upload built lib + uses: actions/upload-artifact@v4 + with: + name: wolf-install-softhsm + path: build-dir.tgz + retention-days: 5 + + softhsm_check: + strategy: + fail-fast: false + matrix: + # List of releases to test + ref: [ 2.6.1 ] + name: ${{ matrix.ref }} + if: github.repository_owner == 'wolfssl' + runs-on: ubuntu-latest + # This should be a safe limit for the tests to run. + timeout-minutes: 20 + needs: build_wolfssl + steps: + - name: Install dependencies + run: | + # Don't prompt for anything + export DEBIAN_FRONTEND=noninteractive + sudo apt-get update + sudo apt-get install -y libcppunit-dev + + - name: Download lib + uses: actions/download-artifact@v4 + with: + name: wolf-install-softhsm + + - name: untar build-dir + run: tar -xf build-dir.tgz + + - name: Checkout OSP + uses: actions/checkout@v4 + with: + repository: wolfssl/osp + path: osp + + - name: Checkout SoftHSMv2 + uses: actions/checkout@v4 + with: + repository: opendnssec/SoftHSMv2 + path: softhsm + ref: ${{ matrix.ref }} + + # Not using wolfSSL/actions-build-autotools-project@v1 because autogen.sh doesn't work + - name: Build softhsm + working-directory: softhsm + run: | + patch -p1 < $GITHUB_WORKSPACE/osp/softhsm/${{ matrix.ref }}.patch + autoreconf -if + ./configure --with-crypto-backend=wolfssl WOLFSSL_INSTALL_DIR=$GITHUB_WORKSPACE/build-dir + make -j + + - name: Test softhsm + working-directory: softhsm + run: make -j check diff --git a/.gitignore b/.gitignore index aa54f7486b..9986ac406e 100644 --- a/.gitignore +++ b/.gitignore @@ -10,6 +10,7 @@ ctaocrypt/src/src/ *.cache .dirstamp *.user +!*-VS2022.vcxproj.user configure config.* !cmake/config.in diff --git a/Docker/Dockerfile b/Docker/Dockerfile index e6c3cd35d3..1d17aae4ea 100644 --- a/Docker/Dockerfile +++ b/Docker/Dockerfile @@ -10,7 +10,7 @@ ARG DEPS_WOLFSSL="build-essential autoconf libtool clang clang-tools zlib1g-dev ARG DEPS_LIBOQS="astyle cmake gcc ninja-build libssl-dev python3-pytest python3-pytest-xdist unzip xsltproc doxygen graphviz python3-yaml valgrind git" ARG DEPS_UDP_PROXY="wget libevent-dev" ARG DEPS_TESTS="abi-dumper libcurl4-openssl-dev tcpdump libpsl-dev python3-pandas python3-tabulate libnl-genl-3-dev libcap-ng-dev python3-virtualenv curl jq" -ARG DEPS_TOOLS="ccache clang-tidy maven" +ARG DEPS_TOOLS="ccache clang-tidy maven libfile-util-perl" RUN DEBIAN_FRONTEND=noninteractive apt update && apt install -y apt-utils \ && apt install -y ${DEPS_WOLFSSL} ${DEPS_LIBOQS} ${DEPS_UDP_PROXY} ${DEPS_TESTS} ${DEPS_TOOLS} \ && apt clean -y && rm -rf /var/lib/apt/lists/* diff --git a/IDE/Espressif/ESP-IDF/README.md b/IDE/Espressif/ESP-IDF/README.md index a66157f785..01a860fd9d 100644 --- a/IDE/Espressif/ESP-IDF/README.md +++ b/IDE/Espressif/ESP-IDF/README.md @@ -1,11 +1,12 @@ # ESP-IDF Port -These Espressif examples have been created and tested with the latest stable release branch of -[ESP-IDF v5.2](https://docs.espressif.com/projects/esp-idf/en/release-v5.2/esp32/get-started/index.html). -The prior version 4.4 ESP-IDF is still supported, however version 5.1 or greater is recommended. -Espressif has [a list of all ESP-IDF versions](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/versions.html). +These Espressif examples have been created and tested with the latest stable release branch of +ESP-IDF v5.2, v5.3 and the master branch -See the latest [Espressif Migration Guides](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/migration-guides/index.html). +The prior version 4.4 ESP-IDF is still supported, however version 5.2 or greater is recommended. +Espressif has [a list of all ESP-IDF versions](Espressifversions.html). + +See the latest Espressif Migration Guides. ## Examples @@ -34,7 +35,7 @@ looks for the wolfSSL `user_settings.h` in the project as described below. ### File: `sdkconfig.h` The Espressif `sdkconfig.h`, generated automatically from your `sdkconfig` -file at [build](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/build-system.html) +file at [build](Espressif api-guides/build-system.html) time, should be included before any other files. ### File: `user_settings.h` @@ -101,7 +102,7 @@ of your source code, particularly before the `#include git clone -b v5.0.2 --recursive https://github.com/espre ## Configuration - 1. The `user_settings.h` can be found in `[project]/components/wolfssl/include/user_settings.h`. + 1. The `user_settings.h` can be found in `[project]/components/wolfssl/include/user_settings.h`. ## Configuration (Legacy IDF install) @@ -191,7 +192,7 @@ C:\SysGCC\esp32\esp-idf>git clone -b v5.0.2 --recursive https://github.com/espre For question please email [support@wolfssl.com] - Note: This is tested with : + Note: This is tested with : - OS: Ubuntu 20.04.3 LTS - Microsoft Windows 10 Pro 10.0.19041 / Windows 11 Pro 22H2 22621.2715 - Visual Studio 2022 17.7.6 with VisualGDB 5.6R9 (build 4777) @@ -239,7 +240,7 @@ reset_config srst_push_pull trst_push_pull Check "Long Paths Enabled" in Windows registry. -Please set registry HKLM\SYSTEM\CurrentControlSet\Control\FileSystem\LongPathsEnabled to 1. +Please set registry HKLM\SYSTEM\CurrentControlSet\Control\FileSystem\LongPathsEnabled to 1. The operation requires Administrator privileges. Command: diff --git a/IDE/Espressif/ESP-IDF/README_32se.md b/IDE/Espressif/ESP-IDF/README_32se.md index af440a8b5a..438723c6b2 100644 --- a/IDE/Espressif/ESP-IDF/README_32se.md +++ b/IDE/Espressif/ESP-IDF/README_32se.md @@ -10,7 +10,7 @@ Including the following examples: The `user_settings.h` file enables some of the hardened settings. ## Requirements -1. ESP-IDF development framework: https://docs.espressif.com/projects/esp-idf/en/latest/get-started/ +1. ESP-IDF development framework: https://github.com/espressif/esp-idf 2. Microchip CryptoAuthentication Library: https://github.com/MicrochipTech/cryptoauthlib diff --git a/IDE/Espressif/ESP-IDF/examples/README.md b/IDE/Espressif/ESP-IDF/examples/README.md index d4a0ad696a..a25289432c 100644 --- a/IDE/Espressif/ESP-IDF/examples/README.md +++ b/IDE/Espressif/ESP-IDF/examples/README.md @@ -78,7 +78,7 @@ wolfSSL to be installed. If you want to install wolfSSL, see the setup for [wolfSSL](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF#setup-for-linux) and [wolfSSH](https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif#setup-for-linux). -The [Espressif Managed Component for wolfSSL](https://components.espressif.com/components/wolfssl/wolfssl) +The [Espressif Managed Component for wolfSSL](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/) also installs source code locally, instead of pointing to a source repository. ## VisualGDB @@ -114,7 +114,4 @@ It may be helpful to also delete the `sdkconfig` file. (Save a backup if you've - esp32.com: [GPIO6,GPIO7,GPIO8,and GPIO9 changed for ESP32-WROOM-32E](https://esp32.com/viewtopic.php?t=29058) -See also [this ESP-FAQ Handbook](https://docs.espressif.com/projects/esp-faq/en/latest/esp-faq-en-master.pdf). - - - +See also the `ESP-FAQ Handbook`. diff --git a/IDE/Espressif/ESP-IDF/examples/template/README.md b/IDE/Espressif/ESP-IDF/examples/template/README.md index f0ccd23ed3..9e82e72806 100644 --- a/IDE/Espressif/ESP-IDF/examples/template/README.md +++ b/IDE/Espressif/ESP-IDF/examples/template/README.md @@ -7,7 +7,7 @@ For general information on [wolfSSL examples for Espressif](../README.md), see t ### Prerequisites -It is assumed the [ESP-IDF environment](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/get-started/) has been installed. +It is assumed the [ESP-IDF environment](Espressifget-started/) has been installed. ### Files Included @@ -30,7 +30,7 @@ set(WOLFSSL_ROOT "~/workspace/wolfssl-other-source") ## Getting Started: -Here's an example using the command-line [idf.py](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/tools/idf-py.html). +Here's an example using the command-line [idf.py](Espressifapi-guides/tools/idf-py.html). Edit your `WRK_IDF_PATH`to point to your ESP-IDF install directory. @@ -53,7 +53,7 @@ idf.py flash -p /dev/ttyS19 -b 115200 idf.py flash -p /dev/ttyS19 -b 115200 monitor ``` -Press `Ctrl+]` to exit `idf.py monitor`. See [additional monitor keyboard commands](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/tools/idf-monitor.html). +Press `Ctrl+]` to exit `idf.py monitor`. See [additional monitor keyboard commands](Espressifapi-guides/tools/idf-monitor.html). ## Other Examples: diff --git a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/README.md b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/README.md index a763b95c21..d779124162 100644 --- a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/README.md +++ b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/README.md @@ -2,12 +2,12 @@ This is the directory for wolfSSL as an Espressif ESP-IDF component. -Other options are available, such as installing wolfSSL as a local _project_ component using the [Managed Component](https://components.espressif.com/components/wolfssl/wolfssl). +Other options are available, such as installing wolfSSL as a local _project_ component using the [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/). Enabling this wolfSSL ESP-IDF component allows other ESP-IDF libraries such as those that depend on [ESP-TLS](https://github.com/espressif/esp-idf/tree/master/components/esp-tls) -to also use the wolfSSL library. (See [github.com/wolfSSL/wolfssl](https://github.com/wolfSSL/wolfssl)) +to also use the wolfSSL library. (See [github.com/wolfSSL/wolfssl](https://github.com/wolfSSL/wolfssl)) -The wolfSSL source code is not included here. Instead, the `idf.py menuconfig` option can be used to configure the +The wolfSSL source code is not included here. Instead, the `idf.py menuconfig` option can be used to configure the `sdkconfig` file setting: `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` to point to the desired wolfSSL code. ## Directory Contents @@ -21,7 +21,7 @@ The directory should also contain: - `Kconfig` - `component.mk` -The directory may contain wolfSSL source, for example with a [Managed Component](https://components.espressif.com/components/wolfssl/wolfssl), +The directory may contain wolfSSL source, for example with a [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/), or if the `setup.sh` script was used from [wolfSSL/IDE/Espressif/ESP-IDF](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF). @@ -41,7 +41,7 @@ While recursing up the directory tree, the following names of wolfSSL directorie ## Getting Started -See the [Espressif Get STarted Guide](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/get-started/index.html). +See the `Espressif Getting Started Guide`. ``` # Set environment variable to ESP-IDF location diff --git a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h index dfadc15a0f..71b82c68ea 100644 --- a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h +++ b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h @@ -260,7 +260,9 @@ #endif #define HAVE_ALPN #ifndef CONFIG_IDF_TARGET_ESP8266 - /* SNI Not supported on ESP8266 at this time */ + /* Unless installed in the ESP8266 RTOS SDK locally, the wolfSSL + * API for SNI will not be seen in the components/esp-tls layer. + * Only enable SNI for non-ESP8266 targets by default: */ #define HAVE_SNI #endif #define OPENSSL_EXTRA_X509_SMALL @@ -763,8 +765,7 @@ #define WOLFSSL_ESP8266 /* There's no hardware encryption on the ESP8266 */ - /* Consider using the ESP32-C2/C3/C6 - * See https://www.espressif.com/en/products/socs/esp32-c2 */ + /* Consider using the ESP32-C2/C3/C6 */ #define NO_ESP32_CRYPT #define NO_WOLFSSL_ESP32_CRYPT_HASH #define NO_WOLFSSL_ESP32_CRYPT_AES diff --git a/IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults.esp8266 b/IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults.esp8266 index 2447de5c26..77299dfe4a 100644 --- a/IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults.esp8266 +++ b/IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults.esp8266 @@ -20,3 +20,11 @@ CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y CONFIG_HEAP_DISABLE_IRAM=y +# ESP8266 Watchdog: +CONFIG_TASK_WDT=n +CONFIG_TASK_WDT_PANIC=n + +# ESP8266 WDT +# CONFIG_ESP_PANIC_PRINT_REBOOT is not set +CONFIG_ESP_PANIC_PRINT_REBOOT=n +CONFIG_ESP_PANIC_PRINT_HALT=y diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md index e004e8a105..e760db5f99 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md @@ -7,8 +7,9 @@ For general information on [wolfSSL examples for Espressif](../README.md), see t ## Espressif ESP Component Registry -See the wolfSSL namespace at [components.espressif.com](https://components.espressif.com/components?q=wolfssl) +See the wolfSSL namespace and additional details: +https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/ ## Windows COM Port diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/README.md index 4f88129db2..d779124162 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/README.md +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/README.md @@ -2,7 +2,7 @@ This is the directory for wolfSSL as an Espressif ESP-IDF component. -Other options are available, such as installing wolfSSL as a local _project_ component using the [Managed Component](https://components.espressif.com/components/wolfssl/wolfssl). +Other options are available, such as installing wolfSSL as a local _project_ component using the [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/). Enabling this wolfSSL ESP-IDF component allows other ESP-IDF libraries such as those that depend on [ESP-TLS](https://github.com/espressif/esp-idf/tree/master/components/esp-tls) to also use the wolfSSL library. (See [github.com/wolfSSL/wolfssl](https://github.com/wolfSSL/wolfssl)) @@ -21,7 +21,7 @@ The directory should also contain: - `Kconfig` - `component.mk` -The directory may contain wolfSSL source, for example with a [Managed Component](https://components.espressif.com/components/wolfssl/wolfssl), +The directory may contain wolfSSL source, for example with a [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/), or if the `setup.sh` script was used from [wolfSSL/IDE/Espressif/ESP-IDF](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF). diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h index dfadc15a0f..0ce13530b2 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h @@ -260,7 +260,9 @@ #endif #define HAVE_ALPN #ifndef CONFIG_IDF_TARGET_ESP8266 - /* SNI Not supported on ESP8266 at this time */ + /* Unless installed in the ESP8266 RTOS SDK locally, the wolfSSL + * API for SNI will not be seen in the components/esp-tls layer. + * Only enable SNI for non-ESP8266 targets by default: */ #define HAVE_SNI #endif #define OPENSSL_EXTRA_X509_SMALL @@ -763,8 +765,7 @@ #define WOLFSSL_ESP8266 /* There's no hardware encryption on the ESP8266 */ - /* Consider using the ESP32-C2/C3/C6 - * See https://www.espressif.com/en/products/socs/esp32-c2 */ + /* Consider using the ESP32-C2/C3/C6 */ #define NO_ESP32_CRYPT #define NO_WOLFSSL_ESP32_CRYPT_HASH #define NO_WOLFSSL_ESP32_CRYPT_AES diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults.esp8266 b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults.esp8266 index 2447de5c26..77299dfe4a 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults.esp8266 +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults.esp8266 @@ -20,3 +20,11 @@ CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y CONFIG_HEAP_DISABLE_IRAM=y +# ESP8266 Watchdog: +CONFIG_TASK_WDT=n +CONFIG_TASK_WDT_PANIC=n + +# ESP8266 WDT +# CONFIG_ESP_PANIC_PRINT_REBOOT is not set +CONFIG_ESP_PANIC_PRINT_REBOOT=n +CONFIG_ESP_PANIC_PRINT_HALT=y diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md index 43961ec9be..ff275c7117 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md @@ -10,9 +10,7 @@ For general information on [wolfSSL examples for Espressif](../README.md), see t ## Quick Start -Use the [ESP-IDF](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/get-started/index.html) -for ESP32 or [RTOS SDK](https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/get-started/index.html) -for the ESP8266. +Use the `ESP-IDF` for ESP32 or `RTOS SDK` for the ESP8266. Run `menuconfig` utility (`idf.py menuconfig` for ESP32 or `make menuconfig` for the ESP8266) and set the various parameters for the target device, along with local WiFi settings: @@ -49,7 +47,7 @@ Difficulty flashing: * Check that quality USB cables are being used. * Try lowering the flash baud rate in the `menuconfig`. The 115200 is typically reliable. * Review board specifications: some require manual boot mode via on-board buttons. -* See [Espressif ESP Frequently Asked Questions](https://docs.espressif.com/projects/esp-faq/en/latest/esp-faq-en-master.pdf) +* See Espressif ESP Frequently Asked Questions `esp-faq-en-master.pdf`. ## ESP-IDF Commandline v5.x diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/README.md index 35958cd1c4..d779124162 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/README.md +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/README.md @@ -1,43 +1,162 @@ -# wolfSSL Espressif Component - -This is the wolfSSL directory for a an Espressif ESP-IDF component. - -## Directory Contents - -This directory must contain, at a minimum: - -- CMakeLists.txt -- ./include/user_settings.h - -The directory should also contain: -- Kconfig -- component.mk - -The directory may contain wolfSSL source, for example with a [Managed Component](https://components.espressif.com/components/wolfssl/wolfssl). - - -If the wolfSSL source is not included here, the `CMakeLists.txt` will search for it in this order: - -- A hard-coded `WOLFSSL_ROOT` cmake variable. -- `WOLFSSL_ROOT` Environment Variable -- The `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` value in the `sdkconfig` file, from the `Kconfig` option. -- Any parent directories, up to the root (if this directory is in the ESP-IDF components) -- Any parent directories, up to the root (if this directory is a project component) - -While recursing up the directory tree, the following names of wolfSSL directories will be considered: - -- `wolfssl-[current user name]` -- `wolfssl-master` -- `wolfssl` - -## Contact - -Have a specific request or questions? We'd love to hear from you! Please contact us at support@wolfssl.com or open an issue on GitHub. - -## Licensing and Support - -wolfSSL (formerly known as CyaSSL) and wolfCrypt are either licensed for use under the GPLv2 (or at your option any later version) or a standard commercial license. For our users who cannot use wolfSSL under GPLv2 (or any later version), a commercial license to wolfSSL and wolfCrypt is available. - -See the LICENSE.txt, visit wolfssl.com/license, contact us at licensing@wolfssl.com or call +1 425 245 8247 - -View Commercial Support Options: wolfssl.com/products/support-and-maintenance +# wolfSSL Espressif Component + +This is the directory for wolfSSL as an Espressif ESP-IDF component. + +Other options are available, such as installing wolfSSL as a local _project_ component using the [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/). + +Enabling this wolfSSL ESP-IDF component allows other ESP-IDF libraries such as those that depend on [ESP-TLS](https://github.com/espressif/esp-idf/tree/master/components/esp-tls) +to also use the wolfSSL library. (See [github.com/wolfSSL/wolfssl](https://github.com/wolfSSL/wolfssl)) + +The wolfSSL source code is not included here. Instead, the `idf.py menuconfig` option can be used to configure the +`sdkconfig` file setting: `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` to point to the desired wolfSSL code. + +## Directory Contents + +This directory must contain, at a minimum: + +- `CMakeLists.txt` +- `./include/user_settings.h` + +The directory should also contain: +- `Kconfig` +- `component.mk` + +The directory may contain wolfSSL source, for example with a [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/), +or if the `setup.sh` script was used from [wolfSSL/IDE/Espressif/ESP-IDF](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF). + + +Under normal circumstances when the wolfSSL source is not included here, the `CMakeLists.txt` will search for it in this order: + +- A hard-coded `WOLFSSL_ROOT` cmake variable. +- `WOLFSSL_ROOT` Environment Variable +- The `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` value in the `sdkconfig` file, from the `Kconfig` option. +- Any parent directories, up to the root (if this directory is in the ESP-IDF components) +- Any parent directories, up to the root (if this directory is a project component) + +While recursing up the directory tree, the following names of wolfSSL directories will be considered: + +- `wolfssl-[current user name]` +- `wolfssl-master` +- `wolfssl` + +## Getting Started + +See the `Espressif Getting Started Guide`. + +``` +# Set environment variable to ESP-IDF location +# For example, VisualGDB in WSL +WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2 +WRK_IDF_PATH=/mnt/c/SysGCC/esp32-master/esp-idf/v5.3-master + +# Or wherever the ESP-IDF is installed: +WRK_IDF_PATH=~/esp/esp-idf + +echo "Run export.sh from ${WRK_IDF_PATH}" +. ${WRK_IDF_PATH}/export.sh + +cd [your project] + +idf.py menuconfig +``` + +Enable wolfSSL to be used in the ESP-TLS: + +``` +Component config ---> + ESP-TLS ---> + Choose SSL/TLS library for ESP-TLS (See help for more Info) + (X) wolfSSL (License info in wolfSSL directory README) +``` + +Adjust wolfSSL settings, such as path to source code as needed: + +``` +Component config ---> + wolfSSL ---> + [*] Include wolfSSL in ESP-TLS + [*] Use the specified wolfssl for ESP-TLS + (~/workspace/wolfssl) Enter a path for wolfSSL source code +``` + +## Configuration + +All settings for wolfSSL are adjusted in the [include/user_settings.h](./include/user_settings.h) file. + +The `user_settings.h` file should not be included directly. Instead, `#include ` +before any other wolfSSL headers, like this: + + +```c +/* ESP-IDF */ +#include +#include "sdkconfig.h" + +/* wolfSSL */ +/* Always include wolfcrypt/settings.h before any other wolfSSL file. */ +/* Reminder: settings.h pulls in user_settings.h; don't include it here. */ +#if defined(WOLFSSL_USER_SETTINGS) + #include + #if defined(WOLFSSL_ESPIDF) + #include + #include + #include + #include + #include + #else + #error "Problem with wolfSSL user_settings. " \ + "Check components/wolfssl/include " \ + "and confirm WOLFSSL_USER_SETTINGS is defined, " \ + "typically in the component CMakeLists.txt" + #endif +#else + /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include */ + /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */ + #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\ + CFLAGS +=-DWOLFSSL_USER_SETTINGS" +#endif +``` + +## Examples + +See the wolfSSL examples: + +- [wolfSSL Core Examples](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples) +- [wolfSSL Additional Examples](https://github.com/wolfSSL/wolfssl-examples/tree/master/ESP32) +- [wolfSSH Core Examples](https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples) +- [wolfSSH Additional Examples](https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif) +- [wolfMQTT Examples](https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples) + +## Platforms + +The ESP-IDF wolfSSL is also available for PlatformIO: + +- [Release wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl) +- [Staging / Preview wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl-staging) + +The wolfSSL library can also be used for Espressif with Arduino: + +- [arduino.cc/reference/en/libraries/wolfssl](https://www.arduino.cc/reference/en/libraries/wolfssl/) +- [github.com/wolfSSL/Arduino-wolfSSL](https://github.com/wolfSSL/Arduino-wolfSSL) + + +## Additional Information + +- [wolfSSL Documentation](https://www.wolfssl.com/documentation/manuals/wolfssl/index.html) and [docs/espressif](https://www.wolfssl.com/docs/espressif/) +- [wolfSSL FAQ](https://www.wolfssl.com/docs/frequently-asked-questions-faq/) +- [wolfSSL Products](https://www.wolfssl.com/products/) +- [www.wolfssl.com/espressif](https://www.wolfssl.com/espressif/) +- [More...](https://www.wolfssl.com/?s=espressif) + +## Contact + +Have a specific request or questions? We'd love to hear from you! Please contact us at support@wolfssl.com or open an issue on GitHub. + +## Licensing and Support + +wolfSSL (formerly known as CyaSSL) and wolfCrypt are either licensed for use under the GPLv2 (or at your option any later version) or a standard commercial license. For our users who cannot use wolfSSL under GPLv2 (or any later version), a commercial license to wolfSSL and wolfCrypt is available. + +See the LICENSE.txt, visit wolfssl.com/license, contact us at licensing@wolfssl.com or call +1 425 245 8247 + +View Commercial Support Options: [wolfssl.com/products/support-and-maintenance](wolfssl.com/products/support-and-maintenance) + diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h index b795f6463d..71b82c68ea 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h @@ -765,8 +765,7 @@ #define WOLFSSL_ESP8266 /* There's no hardware encryption on the ESP8266 */ - /* Consider using the ESP32-C2/C3/C6 - * See https://www.espressif.com/en/products/socs/esp32-c2 */ + /* Consider using the ESP32-C2/C3/C6 */ #define NO_ESP32_CRYPT #define NO_WOLFSSL_ESP32_CRYPT_HASH #define NO_WOLFSSL_ESP32_CRYPT_AES diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c index 9169374519..2883f2f25d 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c @@ -18,7 +18,7 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ - + #include "client-tls.h" /* Espressif FreeRTOS */ @@ -37,6 +37,8 @@ /* wolfSSL */ #include +/* This project not yet using the library */ +#undef USE_WOLFSSL_ESP_SDK_WIFI #include #if defined(WOLFSSL_WC_KYBER) @@ -573,7 +575,7 @@ WOLFSSL_ESP_TASK tls_smp_client_init(void* args) #else xTaskHandle _handle; #endif - /* See https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/freertos_idf.html#functions */ + /* See Espressif api-reference/system/freertos_idf.html#functions */ if (TLS_SMP_CLIENT_TASK_BYTES < (6 * 1024)) { /* Observed approximately 6KB limit for the RTOS task stack size. * Reminder parameter is bytes, not words as with generic FreeRTOS. */ @@ -585,8 +587,7 @@ WOLFSSL_ESP_TASK tls_smp_client_init(void* args) #endif /* Note that despite vanilla FreeRTOS using WORDS for a parameter, - * Espressif uses BYTES for the task stack size here. - * See https://docs.espressif.com/projects/esp-idf/en/v4.3/esp32/api-reference/system/freertos.html */ + * Espressif uses BYTES for the task stack size here. */ ret = xTaskCreate(tls_smp_client_task, TLS_SMP_CLIENT_TASK_NAME, TLS_SMP_CLIENT_TASK_BYTES, diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/main.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/main.h index 12c452d6e2..fee34cbc43 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/main.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/main.h @@ -18,7 +18,10 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ + #ifndef _MAIN_H_ #define _MAIN_H_ +void app_main(void); + #endif diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/time_helper.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/time_helper.h index 3586ac65a8..ab73b24391 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/time_helper.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/time_helper.h @@ -24,8 +24,8 @@ #ifndef _TIME_HELPER_H_ #define _TIME_HELPER_H_ -/* ESP-IDF uses a 64-bit signed integer to represent time_t starting from release v5.0 - * See: https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#year-2036-and-2038-overflow-issues +/* ESP-IDF uses a 64-bit signed integer to represent time_t starting from + * release v5.0 See Espressif api-reference/system/system_time */ #ifdef __cplusplus diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/main.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/main.c index 7b4c067a41..376c853fc2 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/main.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/main.c @@ -35,6 +35,8 @@ #warning "Problem with wolfSSL user_settings." #warning "Check components/wolfssl/include" #endif + /* This project not yet using the library */ + #undef USE_WOLFSSL_ESP_SDK_WIFI #include #else /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include */ @@ -131,8 +133,12 @@ void my_atmel_free(int slotId) /* Entry for FreeRTOS */ void app_main(void) { +#if !defined(SINGLE_THREADED) && INCLUDE_uxTaskGetStackHighWaterMark int stack_start = 0; +#endif +#if !defined(SINGLE_THREADED) int this_heap = 0; +#endif esp_err_t ret = 0; ESP_LOGI(TAG, "---------------- wolfSSL TLS Client Example ------------"); ESP_LOGI(TAG, "--------------------------------------------------------"); @@ -166,7 +172,7 @@ void app_main(void) * the minimum free stack space there has been (in bytes not words, unlike * vanilla FreeRTOS) since the task started. The smaller the returned * number the closer the task has come to overflowing its stack. - * see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/freertos_idf.html + * see Espressif api-reference/system/freertos_idf */ stack_start = uxTaskGetStackHighWaterMark(NULL); #ifdef ESP_SDK_MEM_LIB_VERSION diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/time_helper.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/time_helper.c index 0adfefcbce..1ff6af4174 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/time_helper.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/time_helper.c @@ -19,11 +19,29 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -/* See https://tf.nist.gov/tf-cgi/servers.cgi */ +/* common Espressif time_helper */ +#include "time_helper.h" + -/* common Espressif time_helper v5.6.6.001 */ #include "sdkconfig.h" -#include "time_helper.h" +/* wolfSSL */ +/* Always include wolfcrypt/settings.h before any other wolfSSL file. */ +/* Reminder: settings.h pulls in user_settings.h; don't include it here. */ +#ifdef WOLFSSL_USER_SETTINGS + #include + #ifndef WOLFSSL_ESPIDF + #warning "Problem with wolfSSL user_settings." + #warning "Check components/wolfssl/include" + #endif + /* This project not yet using the library */ + #undef USE_WOLFSSL_ESP_SDK_WIFI + #include +#else + /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include */ + /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */ + #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\ + CFLAGS +=-DWOLFSSL_USER_SETTINGS" +#endif #include #include @@ -41,8 +59,8 @@ /* TODO Consider non ESP-IDF environments */ #endif -/* ESP-IDF uses a 64-bit signed integer to represent time_t starting from release v5.0 - * See: https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#year-2036-and-2038-overflow-issues +/* ESP-IDF uses a 64-bit signed integer to represent time_t starting from + * release v5.0. See: Espressif api-reference/system/system_time */ /* see https://www.gnu.org/software/libc/manual/html_node/TZ-Variable.html */ @@ -285,7 +303,7 @@ int set_time(void) if (NTP_SERVER_COUNT) { /* next, let's setup NTP time servers * - * see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#sntp-time-synchronization + * see Espressif api-reference/system/system_time * * WARNING: do not set operating mode while SNTP client is running! */ diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/wifi_connect.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/wifi_connect.c index 7de90b93a1..f2e13afc19 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/wifi_connect.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/wifi_connect.c @@ -39,8 +39,9 @@ #warning "Problem with wolfSSL user_settings." #warning "Check components/wolfssl/include" #endif - #include - #include + /* This project not yet using the library */ + #undef USE_WOLFSSL_ESP_SDK_WIFI + #include #else /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include */ /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */ @@ -207,7 +208,7 @@ static esp_err_t wifi_event_handler(void *ctx, system_event_t *event) ESP_LOGI(TAG, "got ip:%s", ip4addr_ntoa(&event->event_info.got_ip.ip_info.ip)); #endif - /* see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/freertos_idf.html */ + /* see Espressif api-reference/system/freertos_idf */ xEventGroupSetBits(wifi_event_group, CONNECTED_BIT); break; case SYSTEM_EVENT_STA_DISCONNECTED: diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults.esp8266 b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults.esp8266 index 2447de5c26..77299dfe4a 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults.esp8266 +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults.esp8266 @@ -20,3 +20,11 @@ CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y CONFIG_HEAP_DISABLE_IRAM=y +# ESP8266 Watchdog: +CONFIG_TASK_WDT=n +CONFIG_TASK_WDT_PANIC=n + +# ESP8266 WDT +# CONFIG_ESP_PANIC_PRINT_REBOOT is not set +CONFIG_ESP_PANIC_PRINT_REBOOT=n +CONFIG_ESP_PANIC_PRINT_HALT=y diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/README.md new file mode 100644 index 0000000000..d779124162 --- /dev/null +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/README.md @@ -0,0 +1,162 @@ +# wolfSSL Espressif Component + +This is the directory for wolfSSL as an Espressif ESP-IDF component. + +Other options are available, such as installing wolfSSL as a local _project_ component using the [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/). + +Enabling this wolfSSL ESP-IDF component allows other ESP-IDF libraries such as those that depend on [ESP-TLS](https://github.com/espressif/esp-idf/tree/master/components/esp-tls) +to also use the wolfSSL library. (See [github.com/wolfSSL/wolfssl](https://github.com/wolfSSL/wolfssl)) + +The wolfSSL source code is not included here. Instead, the `idf.py menuconfig` option can be used to configure the +`sdkconfig` file setting: `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` to point to the desired wolfSSL code. + +## Directory Contents + +This directory must contain, at a minimum: + +- `CMakeLists.txt` +- `./include/user_settings.h` + +The directory should also contain: +- `Kconfig` +- `component.mk` + +The directory may contain wolfSSL source, for example with a [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/), +or if the `setup.sh` script was used from [wolfSSL/IDE/Espressif/ESP-IDF](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF). + + +Under normal circumstances when the wolfSSL source is not included here, the `CMakeLists.txt` will search for it in this order: + +- A hard-coded `WOLFSSL_ROOT` cmake variable. +- `WOLFSSL_ROOT` Environment Variable +- The `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` value in the `sdkconfig` file, from the `Kconfig` option. +- Any parent directories, up to the root (if this directory is in the ESP-IDF components) +- Any parent directories, up to the root (if this directory is a project component) + +While recursing up the directory tree, the following names of wolfSSL directories will be considered: + +- `wolfssl-[current user name]` +- `wolfssl-master` +- `wolfssl` + +## Getting Started + +See the `Espressif Getting Started Guide`. + +``` +# Set environment variable to ESP-IDF location +# For example, VisualGDB in WSL +WRK_IDF_PATH=/mnt/c/SysGCC/esp32/esp-idf/v5.2 +WRK_IDF_PATH=/mnt/c/SysGCC/esp32-master/esp-idf/v5.3-master + +# Or wherever the ESP-IDF is installed: +WRK_IDF_PATH=~/esp/esp-idf + +echo "Run export.sh from ${WRK_IDF_PATH}" +. ${WRK_IDF_PATH}/export.sh + +cd [your project] + +idf.py menuconfig +``` + +Enable wolfSSL to be used in the ESP-TLS: + +``` +Component config ---> + ESP-TLS ---> + Choose SSL/TLS library for ESP-TLS (See help for more Info) + (X) wolfSSL (License info in wolfSSL directory README) +``` + +Adjust wolfSSL settings, such as path to source code as needed: + +``` +Component config ---> + wolfSSL ---> + [*] Include wolfSSL in ESP-TLS + [*] Use the specified wolfssl for ESP-TLS + (~/workspace/wolfssl) Enter a path for wolfSSL source code +``` + +## Configuration + +All settings for wolfSSL are adjusted in the [include/user_settings.h](./include/user_settings.h) file. + +The `user_settings.h` file should not be included directly. Instead, `#include ` +before any other wolfSSL headers, like this: + + +```c +/* ESP-IDF */ +#include +#include "sdkconfig.h" + +/* wolfSSL */ +/* Always include wolfcrypt/settings.h before any other wolfSSL file. */ +/* Reminder: settings.h pulls in user_settings.h; don't include it here. */ +#if defined(WOLFSSL_USER_SETTINGS) + #include + #if defined(WOLFSSL_ESPIDF) + #include + #include + #include + #include + #include + #else + #error "Problem with wolfSSL user_settings. " \ + "Check components/wolfssl/include " \ + "and confirm WOLFSSL_USER_SETTINGS is defined, " \ + "typically in the component CMakeLists.txt" + #endif +#else + /* Define WOLFSSL_USER_SETTINGS project wide for settings.h to include */ + /* wolfSSL user settings in ./components/wolfssl/include/user_settings.h */ + #error "Missing WOLFSSL_USER_SETTINGS in CMakeLists or Makefile:\ + CFLAGS +=-DWOLFSSL_USER_SETTINGS" +#endif +``` + +## Examples + +See the wolfSSL examples: + +- [wolfSSL Core Examples](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples) +- [wolfSSL Additional Examples](https://github.com/wolfSSL/wolfssl-examples/tree/master/ESP32) +- [wolfSSH Core Examples](https://github.com/wolfSSL/wolfssh/tree/master/ide/Espressif/ESP-IDF/examples) +- [wolfSSH Additional Examples](https://github.com/wolfSSL/wolfssh-examples/tree/main/Espressif) +- [wolfMQTT Examples](https://github.com/wolfSSL/wolfMQTT/tree/master/IDE/Espressif/ESP-IDF/examples) + +## Platforms + +The ESP-IDF wolfSSL is also available for PlatformIO: + +- [Release wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl) +- [Staging / Preview wolfSSL](https://registry.platformio.org/search?q=owner%3Awolfssl-staging) + +The wolfSSL library can also be used for Espressif with Arduino: + +- [arduino.cc/reference/en/libraries/wolfssl](https://www.arduino.cc/reference/en/libraries/wolfssl/) +- [github.com/wolfSSL/Arduino-wolfSSL](https://github.com/wolfSSL/Arduino-wolfSSL) + + +## Additional Information + +- [wolfSSL Documentation](https://www.wolfssl.com/documentation/manuals/wolfssl/index.html) and [docs/espressif](https://www.wolfssl.com/docs/espressif/) +- [wolfSSL FAQ](https://www.wolfssl.com/docs/frequently-asked-questions-faq/) +- [wolfSSL Products](https://www.wolfssl.com/products/) +- [www.wolfssl.com/espressif](https://www.wolfssl.com/espressif/) +- [More...](https://www.wolfssl.com/?s=espressif) + +## Contact + +Have a specific request or questions? We'd love to hear from you! Please contact us at support@wolfssl.com or open an issue on GitHub. + +## Licensing and Support + +wolfSSL (formerly known as CyaSSL) and wolfCrypt are either licensed for use under the GPLv2 (or at your option any later version) or a standard commercial license. For our users who cannot use wolfSSL under GPLv2 (or any later version), a commercial license to wolfSSL and wolfCrypt is available. + +See the LICENSE.txt, visit wolfssl.com/license, contact us at licensing@wolfssl.com or call +1 425 245 8247 + +View Commercial Support Options: [wolfssl.com/products/support-and-maintenance](wolfssl.com/products/support-and-maintenance) + diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h index b795f6463d..71b82c68ea 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h @@ -765,8 +765,7 @@ #define WOLFSSL_ESP8266 /* There's no hardware encryption on the ESP8266 */ - /* Consider using the ESP32-C2/C3/C6 - * See https://www.espressif.com/en/products/socs/esp32-c2 */ + /* Consider using the ESP32-C2/C3/C6 */ #define NO_ESP32_CRYPT #define NO_WOLFSSL_ESP32_CRYPT_HASH #define NO_WOLFSSL_ESP32_CRYPT_AES diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/time_helper.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/time_helper.h index 85837f76a1..3d335c652a 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/time_helper.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/time_helper.h @@ -24,8 +24,8 @@ #ifndef _TIME_HELPER_H_ #define _TIME_HELPER_H_ -/* ESP-IDF uses a 64-bit signed integer to represent time_t starting from release v5.0 - * See: https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#year-2036-and-2038-overflow-issues +/* ESP-IDF uses a 64-bit signed integer to represent time_t starting from + * release v5.0 See: Espressif api-reference/system/system_time */ #ifdef __cplusplus diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/main.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/main.c index 9bebbf1f3b..e8195416f4 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/main.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/main.c @@ -166,7 +166,7 @@ void app_main(void) * the minimum free stack space there has been (in bytes not words, unlike * vanilla FreeRTOS) since the task started. The smaller the returned * number the closer the task has come to overflowing its stack. - * see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/freertos_idf.html + * see Espressif api-reference/system/freertos_idf */ stack_start = uxTaskGetStackHighWaterMark(NULL); #ifdef ESP_SDK_MEM_LIB_VERSION diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c index cf2df087ab..8e1a14e91d 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/server-tls.c @@ -424,8 +424,7 @@ WOLFSSL_ESP_TASK tls_smp_server_init(void* args) xTaskHandle _handle; #endif /* Note that despite vanilla FreeRTOS using WORDS for a parameter, - * Espressif uses BYTES for the task stack size here. - * See https://docs.espressif.com/projects/esp-idf/en/v4.3/esp32/api-reference/system/freertos.html */ + * Espressif uses BYTES for the task stack size here. */ ESP_LOGI(TAG, "Creating tls_smp_server_task with stack size = %d", TLS_SMP_SERVER_TASK_BYTES); ret_i = xTaskCreate(tls_smp_server_task, diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/time_helper.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/time_helper.c index 7aa6e788fb..75ab617b41 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/time_helper.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/time_helper.c @@ -41,9 +41,8 @@ /* TODO Consider non ESP-IDF environments */ #endif -/* ESP-IDF uses a 64-bit signed integer to represent time_t starting from release v5.0 - * See: https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#year-2036-and-2038-overflow-issues - */ +/* ESP-IDF uses a 64-bit signed integer to represent time_t starting from + * release v5.0. See: Espressif api-reference/system/system_time */ /* see https://www.gnu.org/software/libc/manual/html_node/TZ-Variable.html */ #ifndef TIME_ZONE @@ -285,7 +284,7 @@ int set_time(void) if (NTP_SERVER_COUNT) { /* next, let's setup NTP time servers * - * see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#sntp-time-synchronization + * see Espressifapi-reference/system/system_time.html#sntp-time-synchronization * * WARNING: do not set operating mode while SNTP client is running! */ diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c index 7de90b93a1..2c66126d97 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/wifi_connect.c @@ -207,7 +207,7 @@ static esp_err_t wifi_event_handler(void *ctx, system_event_t *event) ESP_LOGI(TAG, "got ip:%s", ip4addr_ntoa(&event->event_info.got_ip.ip_info.ip)); #endif - /* see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/freertos_idf.html */ + /* see Espressif api-reference/system/freertos_idf.html */ xEventGroupSetBits(wifi_event_group, CONNECTED_BIT); break; case SYSTEM_EVENT_STA_DISCONNECTED: diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults.esp8266 b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults.esp8266 index 2447de5c26..77299dfe4a 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults.esp8266 +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults.esp8266 @@ -20,3 +20,11 @@ CONFIG_MBEDTLS_CERTIFICATE_BUNDLE=n CONFIG_FREERTOS_GLOBAL_DATA_LINK_IRAM=y CONFIG_HEAP_DISABLE_IRAM=y +# ESP8266 Watchdog: +CONFIG_TASK_WDT=n +CONFIG_TASK_WDT_PANIC=n + +# ESP8266 WDT +# CONFIG_ESP_PANIC_PRINT_REBOOT is not set +CONFIG_ESP_PANIC_PRINT_REBOOT=n +CONFIG_ESP_PANIC_PRINT_HALT=y diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/README.md index f36879bf3f..298ea015ce 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/README.md +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/README.md @@ -9,7 +9,7 @@ For general information on [wolfSSL examples for Espressif](../README.md), see t ## ESP Registry The easiest way to get started with wolfSSL is by using the -[ESP Registry](https://components.espressif.com/components/wolfssl/wolfssl/) examples. +[ESP Registry](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/) examples. ``` . ~/esp/esp-idf/export.sh diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/README.md b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/README.md index a763b95c21..d779124162 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/README.md +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/README.md @@ -2,12 +2,12 @@ This is the directory for wolfSSL as an Espressif ESP-IDF component. -Other options are available, such as installing wolfSSL as a local _project_ component using the [Managed Component](https://components.espressif.com/components/wolfssl/wolfssl). +Other options are available, such as installing wolfSSL as a local _project_ component using the [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/). Enabling this wolfSSL ESP-IDF component allows other ESP-IDF libraries such as those that depend on [ESP-TLS](https://github.com/espressif/esp-idf/tree/master/components/esp-tls) -to also use the wolfSSL library. (See [github.com/wolfSSL/wolfssl](https://github.com/wolfSSL/wolfssl)) +to also use the wolfSSL library. (See [github.com/wolfSSL/wolfssl](https://github.com/wolfSSL/wolfssl)) -The wolfSSL source code is not included here. Instead, the `idf.py menuconfig` option can be used to configure the +The wolfSSL source code is not included here. Instead, the `idf.py menuconfig` option can be used to configure the `sdkconfig` file setting: `CONFIG_CUSTOM_SETTING_WOLFSSL_ROOT` to point to the desired wolfSSL code. ## Directory Contents @@ -21,7 +21,7 @@ The directory should also contain: - `Kconfig` - `component.mk` -The directory may contain wolfSSL source, for example with a [Managed Component](https://components.espressif.com/components/wolfssl/wolfssl), +The directory may contain wolfSSL source, for example with a [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/), or if the `setup.sh` script was used from [wolfSSL/IDE/Espressif/ESP-IDF](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF). @@ -41,7 +41,7 @@ While recursing up the directory tree, the following names of wolfSSL directorie ## Getting Started -See the [Espressif Get STarted Guide](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/get-started/index.html). +See the `Espressif Getting Started Guide`. ``` # Set environment variable to ESP-IDF location diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h index dfadc15a0f..71b82c68ea 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h @@ -260,7 +260,9 @@ #endif #define HAVE_ALPN #ifndef CONFIG_IDF_TARGET_ESP8266 - /* SNI Not supported on ESP8266 at this time */ + /* Unless installed in the ESP8266 RTOS SDK locally, the wolfSSL + * API for SNI will not be seen in the components/esp-tls layer. + * Only enable SNI for non-ESP8266 targets by default: */ #define HAVE_SNI #endif #define OPENSSL_EXTRA_X509_SMALL @@ -763,8 +765,7 @@ #define WOLFSSL_ESP8266 /* There's no hardware encryption on the ESP8266 */ - /* Consider using the ESP32-C2/C3/C6 - * See https://www.espressif.com/en/products/socs/esp32-c2 */ + /* Consider using the ESP32-C2/C3/C6 */ #define NO_ESP32_CRYPT #define NO_WOLFSSL_ESP32_CRYPT_HASH #define NO_WOLFSSL_ESP32_CRYPT_AES diff --git a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.c b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.c index 70a6cb816e..95977ee9c1 100644 --- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.c +++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test_idf/main/time_helper.c @@ -94,7 +94,7 @@ int set_time(void) if (NTP_SERVER_COUNT) { /* next, let's setup NTP time servers * - * see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#sntp-time-synchronization + * see Espressif api-reference/system/system_time */ sntp_setoperatingmode(SNTP_OPMODE_POLL); diff --git a/IDE/Espressif/ESP-IDF/test/README.md b/IDE/Espressif/ESP-IDF/test/README.md index 8a12a50fea..e499c970e0 100644 --- a/IDE/Espressif/ESP-IDF/test/README.md +++ b/IDE/Espressif/ESP-IDF/test/README.md @@ -7,4 +7,4 @@ When you want to run the app 2. `idf.py menuconfig` to configure unit test app. 3. `idf.py -T wolfssl build` to build wolfssl unit test app. -See [https://docs.espressif.com/projects/esp-idf/en/latest/api-guides/unit-tests.html] for more information about unit test app. +See Espressif for more information about unit test app. diff --git a/IDE/Espressif/README.md b/IDE/Espressif/README.md index 1eacdeb851..bba75d4613 100644 --- a/IDE/Espressif/README.md +++ b/IDE/Espressif/README.md @@ -72,18 +72,16 @@ resource. ## Requirements The wolfSSL Espressif code requires the ESP-IDF to be installed for -[Windows](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/get-started/windows-setup.html) -or [Linux / MacOS](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/get-started/linux-macos-setup.html). +Windows or Linux / MacOS. -See the [Espressif Getting Started Guide](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/get-started/). +See the Espressif Getting Started Guide. -Any editor can be used. See also the [Espressif Third-Party Tools](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/resources.html) -for a list of feature-rich Integrated Development Environments. +Any editor can be used. The [wolfSSL examples](./ESP-IDF/examples/README.md) all include a `./VisualGDB` directory with SoC-specific configurations to help get started quickly. -Although not required, a [JTAG Adapter](https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-guides/jtag-debugging/index.html) -can be helpful for development. When not using a built-in JTAG from Espressif, the examples typically +Although not required, a JTAG Adapter can be helpful for development. +When not using a built-in JTAG from Espressif, the examples typically use the open source [Tigard board](https://github.com/tigard-tools/tigard#readme). ## Environments @@ -134,7 +132,7 @@ There are a variety of examples to help get started: The wolfSSL library can be installed as a managed component: -* [Espressif Managed Component Registry](https://components.espressif.com/components/wolfssl/wolfssl) +* [Espressif Managed Component Registry](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/) @@ -261,7 +259,6 @@ the reset-program hardware properly, causing devices to not be programmed with t Connecting...................................... A fatal error occurred: Failed to connect to ESP32: Wrong boot mode detected (0x13)! The chip needs to be in download mode. -For troubleshooting steps visit: https://docs.espressif.com/projects/esptool/en/latest/troubleshooting.html CMake Error at run_serial_tool.cmake:56 (message): /home/gojimmypi/.espressif/python_env/idf4.4_py3.8_env/bin/python /mnt/c/SysGCC/esp32/esp-idf/v4.4.2/components/esptool_py/esptool/esptool.py @@ -304,7 +301,7 @@ Task watchdog got triggered. Guru Meditation Error: Core 0 panic'ed (unknown). Exception was unhandled. ``` -The watchdog needs to be [fed](https://docs.espressif.com/projects/esp8266-rtos-sdk/en/latest/api-reference/system/wdts.html?highlight=watchdog#_CPPv418esp_task_wdt_resetv) on a regular basis +The watchdog needs to be fed on a regular basis with `void esp_task_wdt_reset(void)` from `esp8266/include/esp_task_wdt.h`. Try turning off the WDT in menuconfig, or for Makefiles: @@ -315,4 +312,4 @@ EXTRA_CFLAGS += -DNO_WATCHDOG #### Other Solutions -See also [this ESP-FAQ Handbook](https://docs.espressif.com/projects/esp-faq/en/latest/esp-faq-en-master.pdf) +See also Espressif `esp-faq-en-master.pdf` diff --git a/IDE/Espressif/include.am b/IDE/Espressif/include.am index 477cd6280d..eea296f2c2 100644 --- a/IDE/Espressif/include.am +++ b/IDE/Espressif/include.am @@ -22,7 +22,14 @@ EXTRA_DIST+= IDE/Espressif/ESP-IDF/user_settings.h # Template EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/CMakeLists.txt EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/Kconfig +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/component.mk +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/Kconfig +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/README.md +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/main EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/main/Kconfig.projbuild EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/partitions_singleapp_large.csv @@ -30,10 +37,6 @@ EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/README.md EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/sdkconfig.defaults.esp8266 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/VisualGDB -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/main/CMakeLists.txt EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/main/include EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/main/main.c @@ -44,24 +47,27 @@ EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/template/VisualGDB/wolfssl_template_ # Benchmark EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/CMakeLists.txt EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/Makefile -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/partitions_singleapp_large.csv -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults.esp8266 -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/Kconfig EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/component.mk +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/Kconfig +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/README.md EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/include/user_settings.h +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/CMakeLists.txt EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/component.mk EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/include EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/Kconfig.projbuild EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/main.c EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/main/include/main.h +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/Makefile +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/partitions_singleapp_large.csv +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/README.md +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/sdkconfig.defaults.esp8266 +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB/wolfssl_benchmark_IDF_v4.4_ESP32.sln EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB/wolfssl_benchmark_IDF_v5_ESP32.sln EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB/wolfssl_benchmark_IDF_v5_ESP32C3.sln @@ -74,19 +80,18 @@ EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/VisualGDB/wolfssl_ # TLS Client EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/CMakeLists.txt EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/Makefile -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/partitions_singleapp_large.csv -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/README_server_sm.md -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults.espc2c2 -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults.esp8266 EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/Kconfig EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/component.mk +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/Kconfig +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/README.md EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/include/user_settings.h +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults.esp32c2 +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/sdkconfig.defaults.esp8266 +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/client-tls.c EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/CMakeLists.txt EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/component.mk @@ -99,6 +104,10 @@ EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/client-t EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/main.h EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/time_helper.h EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/main/include/wifi_connect.h +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/Makefile +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/partitions_singleapp_large.csv +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/README.md +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/README_server_sm.md EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/README.md EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/wolfssl_client_ESP8266.vgdbproj @@ -109,20 +118,15 @@ EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_client/VisualGDB/wolfssl_cli EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/CMakeLists.txt EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/Makefile -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/partitions_singleapp_large.csv -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/README_server_sm.md -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults.espc2c2 -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults.esp8266 -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/Kconfig EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/component.mk +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/Kconfig +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/README.md EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/include/user_settings.h +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/CMakeLists.txt EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/component.mk EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include @@ -135,6 +139,14 @@ EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/main.h EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/server-tls.h EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/time_helper.h EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/main/include/wifi_connect.h +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/Makefile +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/partitions_singleapp_large.csv +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/README.md +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/README_server_sm.md +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults.esp32c2 +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/sdkconfig.defaults.esp8266 +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB/README.md EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_server/VisualGDB/wolfssl_server_IDF_v5_ESP32.sln @@ -145,25 +157,28 @@ EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/testAll.sh EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/testMonitor.sh EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/CMakeLists.txt -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/Makefile -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/partitions_singleapp_large.csv -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/README.md -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults.esp8266 -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/VisualGDB EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl -EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/Kconfig EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/component.mk +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/Kconfig +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/README.md EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/include/user_settings.h + +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/CMakeLists.txt EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/component.mk EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/Kconfig.projbuild EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/main.c EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/main/include/main.h +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/Makefile +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/partitions_singleapp_large.csv +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/README.md +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/sdkconfig.defaults.esp8266 +EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/VisualGDB EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/wolfssl_test_ESP8266.vgdbproj EXTRA_DIST+= IDE/Espressif/ESP-IDF/examples/wolfssl_test/VisualGDB/wolfssl_test-IDF_v5_ESP32.sln @@ -181,7 +196,7 @@ EXTRA_DIST+= IDE/Espressif/ESP-IDF/libs/component.mk EXTRA_DIST+= IDE/Espressif/ESP-IDF/libs/README.md EXTRA_DIST+= IDE/Espressif/ESP-IDF/libs/tigard.cfg -# Other test +# Other test for wolfSSL installed in the ESP-IDF EXTRA_DIST+= IDE/Espressif/ESP-IDF/test/CMakeLists.txt EXTRA_DIST+= IDE/Espressif/ESP-IDF/test/component.mk EXTRA_DIST+= IDE/Espressif/ESP-IDF/test/README.md diff --git a/Makefile.am b/Makefile.am index 1d4f26c6b4..d8e4b6ddf3 100644 --- a/Makefile.am +++ b/Makefile.am @@ -141,6 +141,7 @@ ACLOCAL_AMFLAGS= -I m4 EXTRA_DIST+= .cyignore EXTRA_DIST+= wolfssl.vcproj EXTRA_DIST+= wolfssl.vcxproj +EXTRA_DIST+= wolfssl-VS2022.vcxproj EXTRA_DIST+= wolfssl64.sln EXTRA_DIST+= valgrind-error.sh EXTRA_DIST+= valgrind-bash.supp diff --git a/examples/configs/user_settings_platformio.h b/examples/configs/user_settings_platformio.h index 25babd2113..020a81b468 100644 --- a/examples/configs/user_settings_platformio.h +++ b/examples/configs/user_settings_platformio.h @@ -513,8 +513,7 @@ #define WOLFSSL_ESP8266 /* There's no hardware encryption on the ESP8266 */ - /* Consider using the ESP32-C2/C3/C6 - * See www.espressif.com/en/products/socs/esp32-c2 */ + /* Consider using the ESP32-C2/C3/C6 */ #define NO_ESP32_CRYPT #define NO_WOLFSSL_ESP32_CRYPT_HASH #define NO_WOLFSSL_ESP32_CRYPT_AES diff --git a/src/dtls13.c b/src/dtls13.c index f091ed62ff..6f2f014895 100644 --- a/src/dtls13.c +++ b/src/dtls13.c @@ -495,22 +495,25 @@ int Dtls13HashClientHello(const WOLFSSL* ssl, byte* hash, int* hashSz, wc_HashAlg hashCtx; int type = wolfSSL_GetHmacType_ex(specs); + if (type < 0) + return type; + header[0] = (byte)client_hello; c32to24(length, header + 1); - ret = wc_HashInit_ex(&hashCtx, type, ssl->heap, ssl->devId); + ret = wc_HashInit_ex(&hashCtx, (enum wc_HashType)type, ssl->heap, ssl->devId); if (ret == 0) { - ret = wc_HashUpdate(&hashCtx, type, header, OPAQUE32_LEN); + ret = wc_HashUpdate(&hashCtx, (enum wc_HashType)type, header, OPAQUE32_LEN); if (ret == 0) - ret = wc_HashUpdate(&hashCtx, type, body, length); + ret = wc_HashUpdate(&hashCtx, (enum wc_HashType)type, body, length); if (ret == 0) - ret = wc_HashFinal(&hashCtx, type, hash); + ret = wc_HashFinal(&hashCtx, (enum wc_HashType)type, hash); if (ret == 0) { - *hashSz = wc_HashGetDigestSize(type); + *hashSz = wc_HashGetDigestSize((enum wc_HashType)type); if (*hashSz < 0) ret = *hashSz; } - wc_HashFree(&hashCtx, type); + wc_HashFree(&hashCtx, (enum wc_HashType)type); } return ret; } @@ -568,9 +571,6 @@ static int Dtls13SendFragment(WOLFSSL* ssl, byte* output, word16 output_size, else { msg = output + recordHeaderLength; - if (length <= recordHeaderLength) - return BUFFER_ERROR; - if (hashOutput) { ret = Dtls13HashHandshake(ssl, msg, recordLength); if (ret != 0) @@ -1713,7 +1713,7 @@ static int _Dtls13HandshakeRecv(WOLFSSL* ssl, byte* input, word32 size, isFirst = fragOff == 0; isComplete = isFirst && fragLength == messageLength; - if (!isComplete && !Dtls13AcceptFragmented(ssl, handshakeType)) { + if (!isComplete && !Dtls13AcceptFragmented(ssl, (enum HandShakeType)handshakeType)) { #ifdef WOLFSSL_DTLS_CH_FRAG byte tls13 = 0; /* check if the first CH fragment contains a valid cookie */ diff --git a/src/internal.c b/src/internal.c index 38a79997a9..005075f88d 100644 --- a/src/internal.c +++ b/src/internal.c @@ -11471,8 +11471,8 @@ static int GetDtlsRecordHeader(WOLFSSL* ssl, word32* inOutIdx, if (ssl->options.tls1_3) { ret = GetDtls13RecordHeader(ssl, inOutIdx, rh, size); if (ret == 0 || - ret != WC_NO_ERR_TRACE(SEQUENCE_ERROR) || - ret != WC_NO_ERR_TRACE(DTLS_CID_ERROR)) + ((ret != WC_NO_ERR_TRACE(SEQUENCE_ERROR)) && + (ret != WC_NO_ERR_TRACE(DTLS_CID_ERROR)))) return ret; } @@ -13587,21 +13587,28 @@ static int ProcessCSR_ex(WOLFSSL* ssl, byte* input, word32* inOutIdx, #ifdef WOLFSSL_SMALL_STACK status = (CertStatus*)XMALLOC(sizeof(CertStatus), ssl->heap, - DYNAMIC_TYPE_OCSP_STATUS); + DYNAMIC_TYPE_OCSP_STATUS); single = (OcspEntry*)XMALLOC(sizeof(OcspEntry), ssl->heap, - DYNAMIC_TYPE_OCSP_ENTRY); + DYNAMIC_TYPE_OCSP_ENTRY); response = (OcspResponse*)XMALLOC(sizeof(OcspResponse), ssl->heap, - DYNAMIC_TYPE_OCSP_REQUEST); + DYNAMIC_TYPE_OCSP_REQUEST); if (status == NULL || single == NULL || response == NULL) { - XFREE(status, ssl->heap, DYNAMIC_TYPE_OCSP_STATUS); - XFREE(single, ssl->heap, DYNAMIC_TYPE_OCSP_ENTRY); - XFREE(response, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST); + if (status != NULL) { + XFREE(status, ssl->heap, DYNAMIC_TYPE_OCSP_STATUS); + } + if (single != NULL) { + XFREE(single, ssl->heap, DYNAMIC_TYPE_OCSP_ENTRY); + } + if (response != NULL) { + XFREE(response, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST); + } return MEMORY_ERROR; } #endif + /* InitOcspResponse sets single and status to response struct. */ InitOcspResponse(response, single, status, input +*inOutIdx, status_length, ssl->heap); if (OcspResponseDecode(response, SSL_CM(ssl), ssl->heap, 0) != 0) @@ -13622,12 +13629,14 @@ static int ProcessCSR_ex(WOLFSSL* ssl, byte* input, word32* inOutIdx, *inOutIdx += status_length; + /* FreeOcspResponse frees status and single only if + * single->isDynamic is set. */ FreeOcspResponse(response); #ifdef WOLFSSL_SMALL_STACK - XFREE(status, ssl->heap, DYNAMIC_TYPE_OCSP_STATUS); - XFREE(single, ssl->heap, DYNAMIC_TYPE_OCSP_ENTRY); - XFREE(response, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST); + XFREE(status, ssl->heap, DYNAMIC_TYPE_OCSP_STATUS); + XFREE(single, ssl->heap, DYNAMIC_TYPE_OCSP_ENTRY); + XFREE(response, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST); #endif WOLFSSL_LEAVE("ProcessCSR", ret); diff --git a/src/keys.c b/src/keys.c index b13fbdf5b8..b5b982c1b3 100644 --- a/src/keys.c +++ b/src/keys.c @@ -3318,9 +3318,7 @@ int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, DYNAMIC_TYPE_CIPHER); if (enc->hmac == NULL) return MEMORY_E; - } - if (enc) { if (wc_HmacInit(enc->hmac, heap, devId) != 0) { WOLFSSL_MSG("HmacInit failed in SetKeys"); XFREE(enc->hmac, heap, DYNAMIC_TYPE_CIPHER); @@ -3334,9 +3332,7 @@ int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, DYNAMIC_TYPE_CIPHER); if (dec->hmac == NULL) return MEMORY_E; - } - if (dec) { if (wc_HmacInit(dec->hmac, heap, devId) != 0) { WOLFSSL_MSG("HmacInit failed in SetKeys"); XFREE(dec->hmac, heap, DYNAMIC_TYPE_CIPHER); diff --git a/src/pk.c b/src/pk.c index 325e8b5089..42468bfed4 100644 --- a/src/pk.c +++ b/src/pk.c @@ -2598,6 +2598,7 @@ int SetRsaExternal(WOLFSSL_RSA* rsa) } if (key->type == RSA_PRIVATE) { + #ifndef WOLFSSL_RSA_PUBLIC_ONLY if (ret == 1) { /* Copy private exponent. */ ret = wolfssl_bn_set_value(&rsa->d, &key->d); @@ -2619,7 +2620,8 @@ int SetRsaExternal(WOLFSSL_RSA* rsa) WOLFSSL_ERROR_MSG("rsa q error"); } } - #ifndef RSA_LOW_MEM + #if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || \ + !defined(RSA_LOW_MEM) if (ret == 1) { /* Copy d mod p-1. */ ret = wolfssl_bn_set_value(&rsa->dmp1, &key->dP); @@ -2641,7 +2643,11 @@ int SetRsaExternal(WOLFSSL_RSA* rsa) WOLFSSL_ERROR_MSG("rsa u error"); } } - #endif /* !RSA_LOW_MEM */ + #endif + #else + WOLFSSL_ERROR_MSG("rsa private key not compiled in "); + ret = 0; + #endif /* !WOLFSSL_RSA_PUBLIC_ONLY */ } } if (ret == 1) { @@ -2696,6 +2702,7 @@ int SetRsaInternal(WOLFSSL_RSA* rsa) /* Enough numbers for public key */ key->type = RSA_PUBLIC; +#ifndef WOLFSSL_RSA_PUBLIC_ONLY /* Copy down private exponent if available. */ if ((ret == 1) && (rsa->d != NULL)) { if (wolfssl_bn_get_value(rsa->d, &key->d) != 1) { @@ -2722,7 +2729,7 @@ int SetRsaInternal(WOLFSSL_RSA* rsa) ret = WOLFSSL_FATAL_ERROR; } - #ifndef RSA_LOW_MEM +#if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || !defined(RSA_LOW_MEM) /* Copy down d mod p-1 if available. */ if ((ret == 1) && (rsa->dmp1 != NULL) && (wolfssl_bn_get_value(rsa->dmp1, &key->dP) != 1)) { @@ -2743,7 +2750,8 @@ int SetRsaInternal(WOLFSSL_RSA* rsa) WOLFSSL_ERROR_MSG("rsa u key error"); ret = WOLFSSL_FATAL_ERROR; } - #endif /* !RSA_LOW_MEM */ +#endif +#endif if (ret == 1) { /* All available numbers have been set down. */ @@ -3523,12 +3531,15 @@ int wolfSSL_RSA_generate_key_ex(WOLFSSL_RSA* rsa, int bits, WOLFSSL_BIGNUM* e, * @param [out] em Encoded message. * @param [in[ mHash Message hash. * @param [in] hashAlg Hash algorithm. + * @param [in] mgf1Hash MGF algorithm. * @param [in] saltLen Length of salt to generate. * @return 1 on success. * @return 0 on failure. */ -int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *em, - const unsigned char *mHash, const WOLFSSL_EVP_MD *hashAlg, int saltLen) + +int wolfSSL_RSA_padding_add_PKCS1_PSS_mgf1(WOLFSSL_RSA *rsa, unsigned char *em, + const unsigned char *mHash, const WOLFSSL_EVP_MD *hashAlg, + const WOLFSSL_EVP_MD *mgf1Hash, int saltLen) { int ret = 1; enum wc_HashType hashType; @@ -3551,6 +3562,9 @@ int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *em, ret = 0; } + if (mgf1Hash == NULL) + mgf1Hash = hashAlg; + if (ret == 1) { /* Get/create an RNG. */ rng = WOLFSSL_RSA_GetRNG(rsa, (WC_RNG**)&tmpRng, &initTmpRng); @@ -3576,7 +3590,7 @@ int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *em, } if (ret == 1) { /* Get the wolfCrypt MGF algorithm from hash algorithm. */ - mgf = wc_hash2mgf(hashType); + mgf = wc_hash2mgf(EvpMd2MacType(mgf1Hash)); if (mgf == WC_MGF1NONE) { WOLFSSL_ERROR_MSG("wc_hash2mgf error"); ret = 0; @@ -3647,6 +3661,13 @@ int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *em, return ret; } +int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *em, + const unsigned char *mHash, const WOLFSSL_EVP_MD *hashAlg, int saltLen) +{ + return wolfSSL_RSA_padding_add_PKCS1_PSS_mgf1(rsa, em, mHash, hashAlg, NULL, + saltLen); +} + /* Checks that the hash is valid for the RSA PKCS#1 PSS encoded message. * * Refer to wolfSSL_RSA_padding_add_PKCS1_PSS for a diagram. @@ -3654,14 +3675,15 @@ int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *em, * @param [in] rsa RSA key. * @param [in[ mHash Message hash. * @param [in] hashAlg Hash algorithm. + * @param [in] mgf1Hash MGF algorithm. * @param [in] em Encoded message. * @param [in] saltLen Length of salt to generate. * @return 1 on success. * @return 0 on failure. */ -int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash, - const WOLFSSL_EVP_MD *hashAlg, - const unsigned char *em, int saltLen) +int wolfSSL_RSA_verify_PKCS1_PSS_mgf1(WOLFSSL_RSA *rsa, + const unsigned char *mHash, const WOLFSSL_EVP_MD *hashAlg, + const WOLFSSL_EVP_MD *mgf1Hash, const unsigned char *em, int saltLen) { int ret = 1; int hashLen = 0; @@ -3679,6 +3701,9 @@ int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash, ret = 0; } + if (mgf1Hash == NULL) + mgf1Hash = hashAlg; + /* TODO: use wolfCrypt RSA key to get emLen and bits? */ /* Set the external data from the wolfCrypt RSA key if not done. */ if ((ret == 1) && (!rsa->exSet)) { @@ -3741,7 +3766,7 @@ int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash, if (ret == 1) { /* Get the wolfCrypt MGF algorithm from hash algorithm. */ - if ((mgf = wc_hash2mgf(hashType)) == WC_MGF1NONE) { + if ((mgf = wc_hash2mgf(EvpMd2MacType(mgf1Hash))) == WC_MGF1NONE) { WOLFSSL_ERROR_MSG("wc_hash2mgf error"); ret = 0; } @@ -3784,6 +3809,14 @@ int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash, XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); return ret; } + +int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash, + const WOLFSSL_EVP_MD *hashAlg, + const unsigned char *em, int saltLen) +{ + return wolfSSL_RSA_verify_PKCS1_PSS_mgf1(rsa, mHash, hashAlg, NULL, em, + saltLen); +} #endif /* !HAVE_FIPS || FIPS_VERSION_GT(2,0) */ #endif /* WC_RSA_PSS && (OPENSSL_ALL || WOLFSSL_ASIO || WOLFSSL_HAPROXY || * WOLFSSL_NGINX) */ @@ -5434,11 +5467,11 @@ WOLFSSL_DSA_SIG* wolfSSL_d2i_DSA_SIG(WOLFSSL_DSA_SIG **sig, return ret; } -#endif /* HAVE_SELFTEST */ -/* return 1 on success, < 0 otherwise */ -int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet, - WOLFSSL_DSA* dsa) +#endif /* !HAVE_SELFTEST */ + +static int dsa_do_sign(const unsigned char* d, int dLen, unsigned char* sigRet, + WOLFSSL_DSA* dsa) { int ret = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR); int initTmpRng = 0; @@ -5449,8 +5482,6 @@ int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet, WC_RNG tmpRng[1]; #endif - WOLFSSL_ENTER("wolfSSL_DSA_do_sign"); - if (d == NULL || sigRet == NULL || dsa == NULL) { WOLFSSL_MSG("Bad function arguments"); return WOLFSSL_FATAL_ERROR; @@ -5486,10 +5517,18 @@ int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet, } if (rng) { - if (wc_DsaSign(d, sigRet, (DsaKey*)dsa->internal, rng) < 0) { - WOLFSSL_MSG("DsaSign failed"); +#ifdef HAVE_SELFTEST + if (dLen != WC_SHA_DIGEST_SIZE || + wc_DsaSign(d, sigRet, (DsaKey*)dsa->internal, rng) < 0) { + WOLFSSL_MSG("wc_DsaSign failed or dLen wrong length"); + ret = WOLFSSL_FATAL_ERROR; + } +#else + if (wc_DsaSign_ex(d, dLen, sigRet, (DsaKey*)dsa->internal, rng) < 0) { + WOLFSSL_MSG("wc_DsaSign_ex failed"); ret = WOLFSSL_FATAL_ERROR; } +#endif else ret = WOLFSSL_SUCCESS; } @@ -5503,6 +5542,15 @@ int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet, return ret; } +/* return 1 on success, < 0 otherwise */ +int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet, + WOLFSSL_DSA* dsa) +{ + WOLFSSL_ENTER("wolfSSL_DSA_do_sign"); + + return dsa_do_sign(d, WC_SHA_DIGEST_SIZE, sigRet, dsa); +} + #ifndef HAVE_SELFTEST WOLFSSL_DSA_SIG* wolfSSL_DSA_do_sign_ex(const unsigned char* digest, int inLen, WOLFSSL_DSA* dsa) @@ -5513,12 +5561,12 @@ WOLFSSL_DSA_SIG* wolfSSL_DSA_do_sign_ex(const unsigned char* digest, WOLFSSL_ENTER("wolfSSL_DSA_do_sign_ex"); - if (!digest || !dsa || inLen != WC_SHA_DIGEST_SIZE) { + if (!digest || !dsa) { WOLFSSL_MSG("Bad function arguments"); return NULL; } - if (wolfSSL_DSA_do_sign(digest, sigBin, dsa) != 1) { + if (dsa_do_sign(digest, inLen, sigBin, dsa) != 1) { WOLFSSL_MSG("wolfSSL_DSA_do_sign error"); return NULL; } @@ -5537,15 +5585,13 @@ WOLFSSL_DSA_SIG* wolfSSL_DSA_do_sign_ex(const unsigned char* digest, /* 2 * sigLen for the two points r and s */ return wolfSSL_d2i_DSA_SIG(NULL, &tmp, 2 * sigLen); } -#endif /* !HAVE_SELFTEST */ +#endif -int wolfSSL_DSA_do_verify(const unsigned char* d, unsigned char* sig, +static int dsa_do_verify(const unsigned char* d, int dLen, unsigned char* sig, WOLFSSL_DSA* dsa, int *dsacheck) { int ret; - WOLFSSL_ENTER("wolfSSL_DSA_do_verify"); - if (d == NULL || sig == NULL || dsa == NULL) { WOLFSSL_MSG("Bad function arguments"); return WOLFSSL_FATAL_ERROR; @@ -5560,13 +5606,30 @@ int wolfSSL_DSA_do_verify(const unsigned char* d, unsigned char* sig, } } - ret = DsaVerify(d, sig, (DsaKey*)dsa->internal, dsacheck); - if (ret != 0 || *dsacheck != 1) { +#ifdef HAVE_SELFTEST + ret = dLen == WC_SHA_DIGEST_SIZE ? + wc_DsaVerify(d, sig, (DsaKey*)dsa->internal, dsacheck) : BAD_FUNC_ARG; +#else + ret = wc_DsaVerify_ex(d, dLen, sig, (DsaKey*)dsa->internal, dsacheck); +#endif + if (ret != 0) { WOLFSSL_MSG("DsaVerify failed"); - return ret; + return WOLFSSL_FATAL_ERROR; + } + if (*dsacheck != 1) { + WOLFSSL_MSG("DsaVerify sig failed"); + return WOLFSSL_FAILURE; } - return 1; + return WOLFSSL_SUCCESS; +} + +int wolfSSL_DSA_do_verify(const unsigned char* d, unsigned char* sig, + WOLFSSL_DSA* dsa, int *dsacheck) +{ + WOLFSSL_ENTER("wolfSSL_DSA_do_verify"); + + return dsa_do_verify(d, WC_SHA_DIGEST_SIZE, sig, dsa, dsacheck); } @@ -5591,7 +5654,7 @@ int wolfSSL_DSA_do_verify_ex(const unsigned char* digest, int digest_len, WOLFSSL_ENTER("wolfSSL_DSA_do_verify_ex"); - if (!digest || !sig || !dsa || digest_len != WC_SHA_DIGEST_SIZE) { + if (!digest || !sig || !dsa) { WOLFSSL_MSG("Bad function arguments"); return 0; } @@ -5643,14 +5706,14 @@ int wolfSSL_DSA_do_verify_ex(const unsigned char* digest, int digest_len, if (wolfSSL_BN_bn2bin(sig->s, sigBinPtr) == -1) return 0; - if ((wolfSSL_DSA_do_verify(digest, sigBin, dsa, &dsacheck) + if ((dsa_do_verify(digest, digest_len, sigBin, dsa, &dsacheck) != 1) || dsacheck != 1) { return 0; } return 1; } -#endif /* !HAVE_SELFTEST */ +#endif int wolfSSL_i2d_DSAparams(const WOLFSSL_DSA* dsa, unsigned char** out) @@ -8606,6 +8669,10 @@ int wolfSSL_DH_generate_key(WOLFSSL_DH* dh) /* Private key size can be as much as the size of the prime. */ if (dh->length) { privSz = (word32)(dh->length / 8); /* to bytes */ + /* Special case where priv key is larger than dh->length / 8 + * See GeneratePrivateDh */ + if (dh->length == 128) + privSz = 21; } else { privSz = pubSz; @@ -9373,6 +9440,47 @@ WOLFSSL_EC_GROUP *wolfSSL_d2i_ECPKParameters(WOLFSSL_EC_GROUP **out, { return wolfssl_ec_group_d2i(out, in, len); } + +int wolfSSL_i2d_ECPKParameters(const WOLFSSL_EC_GROUP* grp, unsigned char** pp) +{ + unsigned char* out = NULL; + int len = 0; + int idx; + const byte* oid = NULL; + word32 oidSz = 0; + + if (grp == NULL || !wc_ecc_is_valid_idx(grp->curve_idx) || + grp->curve_idx < 0) + return WOLFSSL_FATAL_ERROR; + + /* Get the actual DER encoding of the OID. ecc_sets[grp->curve_idx].oid + * is just the numerical representation. */ + if (wc_ecc_get_oid(grp->curve_oid, &oid, &oidSz) < 0) + return WOLFSSL_FATAL_ERROR; + + len = SetObjectId(oidSz, NULL) + oidSz; + + if (pp == NULL) + return len; + + if (*pp == NULL) { + out = (unsigned char*)XMALLOC(len, NULL, DYNAMIC_TYPE_ASN1); + if (out == NULL) + return WOLFSSL_FATAL_ERROR; + } + else { + out = *pp; + } + + idx = SetObjectId(oidSz, out); + XMEMCPY(out + idx, oid, oidSz); + if (*pp == NULL) + *pp = out; + else + *pp += len; + + return len; +} #endif /* !NO_BIO */ #if defined(OPENSSL_ALL) && !defined(NO_CERTS) @@ -9663,6 +9771,12 @@ int wolfSSL_EC_GROUP_get_order(const WOLFSSL_EC_GROUP *group, ret = 0; } + if (ret == 1 && + (group->curve_idx < 0 || !wc_ecc_is_valid_idx(group->curve_idx))) { + WOLFSSL_MSG("wolfSSL_EC_GROUP_get_order Bad group idx"); + ret = 0; + } + if (ret == 1) { mp = (mp_int*)order->internal; } @@ -15645,6 +15759,13 @@ WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio, return pkey; } + + +PKCS8_PRIV_KEY_INFO* wolfSSL_PEM_read_bio_PKCS8_PRIV_KEY_INFO(WOLFSSL_BIO* bio, + PKCS8_PRIV_KEY_INFO** key, wc_pem_password_cb* cb, void* arg) +{ + return wolfSSL_PEM_read_bio_PrivateKey(bio, key, cb, arg); +} #endif /* !NO_BIO */ #if !defined(NO_FILESYSTEM) @@ -16278,8 +16399,6 @@ int wolfSSL_PEM_do_header(EncryptedInfo* cipher, unsigned char* data, long* len, #ifdef OPENSSL_ALL #if !defined(NO_PWDBASED) && defined(HAVE_PKCS8) -#if !defined(NO_BIO) || (!defined(NO_FILESYSTEM) && \ - !defined(NO_STDIO_FILESYSTEM)) /* Encrypt the key into a buffer using PKCS$8 and a password. * * @param [in] pkey Private key to encrypt. @@ -16292,7 +16411,7 @@ int wolfSSL_PEM_do_header(EncryptedInfo* cipher, unsigned char* data, long* len, * @return 0 on success. * @return BAD_FUNC_ARG when EVP cipher not supported. */ -static int pem_pkcs8_encrypt(WOLFSSL_EVP_PKEY* pkey, +int pkcs8_encrypt(WOLFSSL_EVP_PKEY* pkey, const WOLFSSL_EVP_CIPHER* enc, char* passwd, int passwdSz, byte* key, word32* keySz) { @@ -16356,7 +16475,7 @@ static int pem_pkcs8_encrypt(WOLFSSL_EVP_PKEY* pkey, * @param On out, size of encoded key in bytes. * @return 0 on success. */ -static int pem_pkcs8_encode(WOLFSSL_EVP_PKEY* pkey, byte* key, word32* keySz) +int pkcs8_encode(WOLFSSL_EVP_PKEY* pkey, byte* key, word32* keySz) { int ret = 0; int algId; @@ -16379,6 +16498,34 @@ static int pem_pkcs8_encode(WOLFSSL_EVP_PKEY* pkey, byte* key, word32* keySz) curveOid = NULL; oidSz = 0; } + else if (pkey->type == EVP_PKEY_DSA) { + /* DSA has no curve information. */ + algId = DSAk; + curveOid = NULL; + oidSz = 0; + } + else if (pkey->type == EVP_PKEY_DH) { + if (pkey->dh == NULL) + return BAD_FUNC_ARG; + + if (pkey->dh->priv_key != NULL || pkey->dh->pub_key != NULL) { + /* Special case. DH buffer is always in PKCS8 format */ + if (keySz == NULL) + return BAD_FUNC_ARG; + + *keySz = pkey->pkey_sz; + if (key == NULL) + return LENGTH_ONLY_E; + + XMEMCPY(key, pkey->pkey.ptr, pkey->pkey_sz); + return pkey->pkey_sz; + } + + /* DH has no curve information. */ + algId = DHk; + curveOid = NULL; + oidSz = 0; + } else { ret = NOT_COMPILED_IN; } @@ -16392,6 +16539,8 @@ static int pem_pkcs8_encode(WOLFSSL_EVP_PKEY* pkey, byte* key, word32* keySz) return ret; } +#if !defined(NO_BIO) || (!defined(NO_FILESYSTEM) && \ + !defined(NO_STDIO_FILESYSTEM)) /* Write PEM encoded, PKCS#8 formatted private key to BIO. * * @param [out] pem Buffer holding PEM encoding. @@ -16424,7 +16573,7 @@ static int pem_write_mem_pkcs8privatekey(byte** pem, int* pemSz, if (res == 1) { /* Guestimate key size and PEM size. */ - if (pem_pkcs8_encode(pkey, NULL, &keySz) != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) { + if (pkcs8_encode(pkey, NULL, &keySz) != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) { res = 0; } } @@ -16472,7 +16621,7 @@ static int pem_write_mem_pkcs8privatekey(byte** pem, int* pemSz, if (res == 1) { /* Encrypt the private key. */ - ret = pem_pkcs8_encrypt(pkey, enc, passwd, passwdSz, key, &keySz); + ret = pkcs8_encrypt(pkey, enc, passwd, passwdSz, key, &keySz); if (ret <= 0) { res = 0; } @@ -16488,7 +16637,7 @@ static int pem_write_mem_pkcs8privatekey(byte** pem, int* pemSz, type = PKCS8_PRIVATEKEY_TYPE; /* Encode private key in PKCS#8 format. */ - ret = pem_pkcs8_encode(pkey, key, &keySz); + ret = pkcs8_encode(pkey, key, &keySz); if (ret < 0) { res = 0; } @@ -16554,6 +16703,13 @@ int wolfSSL_PEM_write_bio_PKCS8PrivateKey(WOLFSSL_BIO* bio, XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); return res; } + +int wolfSSL_PEM_write_bio_PKCS8_PRIV_KEY_INFO(WOLFSSL_BIO* bio, + PKCS8_PRIV_KEY_INFO* keyInfo) +{ + return wolfSSL_PEM_write_bio_PKCS8PrivateKey(bio, keyInfo, NULL, NULL, 0, + NULL, NULL); +} #endif /* !NO_BIO */ #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) diff --git a/src/ssl.c b/src/ssl.c index 2fe5e93d99..1bdcc8be6c 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -6347,7 +6347,7 @@ static int check_cert_key(DerBuffer* cert, DerBuffer* key, DerBuffer* altKey, if (ret == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) #endif /* WOLF_PRIVATE_KEY_ID */ { - ret = wc_CheckPrivateKeyCert(buff, size, der, 0); + ret = wc_CheckPrivateKeyCert(buff, size, der, 0, heap); ret = (ret == 1) ? WOLFSSL_SUCCESS: WOLFSSL_FAILURE; } @@ -6407,7 +6407,7 @@ static int check_cert_key(DerBuffer* cert, DerBuffer* key, DerBuffer* altKey, if (ret == WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) #endif /* WOLF_PRIVATE_KEY_ID */ { - ret = wc_CheckPrivateKeyCert(buff, size, der, 1); + ret = wc_CheckPrivateKeyCert(buff, size, der, 1, heap); ret = (ret == 1) ? WOLFSSL_SUCCESS: WOLFSSL_FAILURE; } } @@ -7241,29 +7241,51 @@ WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY( WOLFSSL_PKCS8_PRIV_KEY_INFO* pkcs8 = NULL; #ifdef WOLFSSL_PEM_TO_DER int ret; - DerBuffer* der = NULL; + DerBuffer* pkcs8Der = NULL; + DerBuffer rawDer; + EncryptedInfo info; + int advanceLen = 0; + + XMEMSET(&info, 0, sizeof(info)); + XMEMSET(&rawDer, 0, sizeof(rawDer)); if (keyBuf == NULL || *keyBuf == NULL || keyLen <= 0) { WOLFSSL_MSG("Bad key PEM/DER args"); return NULL; } - ret = PemToDer(*keyBuf, keyLen, PRIVATEKEY_TYPE, &der, NULL, NULL, NULL); + ret = PemToDer(*keyBuf, keyLen, PRIVATEKEY_TYPE, &pkcs8Der, NULL, &info, + NULL); if (ret < 0) { WOLFSSL_MSG("Not PEM format"); - ret = AllocDer(&der, (word32)keyLen, PRIVATEKEY_TYPE, NULL); + ret = AllocDer(&pkcs8Der, (word32)keyLen, PRIVATEKEY_TYPE, NULL); if (ret == 0) { - XMEMCPY(der->buffer, *keyBuf, keyLen); + XMEMCPY(pkcs8Der->buffer, *keyBuf, keyLen); } } + else { + advanceLen = (int)info.consumed; + } if (ret == 0) { /* Verify this is PKCS8 Key */ word32 inOutIdx = 0; word32 algId; - ret = ToTraditionalInline_ex(der->buffer, &inOutIdx, der->length, - &algId); + ret = ToTraditionalInline_ex(pkcs8Der->buffer, &inOutIdx, + pkcs8Der->length, &algId); if (ret >= 0) { + if (advanceLen == 0) /* Set only if not PEM */ + advanceLen = inOutIdx + ret; + if (algId == DHk) { + /* Special case for DH as we expect the DER buffer to be always + * be in PKCS8 format */ + rawDer.buffer = pkcs8Der->buffer; + rawDer.length = inOutIdx + ret; + } + else { + rawDer.buffer = pkcs8Der->buffer + inOutIdx; + rawDer.length = ret; + } ret = 0; /* good DER */ } } @@ -7274,21 +7296,24 @@ WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY( ret = MEMORY_E; } if (ret == 0) { - pkcs8->pkey.ptr = (char*)XMALLOC(der->length, NULL, + pkcs8->pkey.ptr = (char*)XMALLOC(rawDer.length, NULL, DYNAMIC_TYPE_PUBLIC_KEY); if (pkcs8->pkey.ptr == NULL) ret = MEMORY_E; } if (ret == 0) { - XMEMCPY(pkcs8->pkey.ptr, der->buffer, der->length); - pkcs8->pkey_sz = (int)der->length; + XMEMCPY(pkcs8->pkey.ptr, rawDer.buffer, rawDer.length); + pkcs8->pkey_sz = (int)rawDer.length; } - FreeDer(&der); + FreeDer(&pkcs8Der); if (ret != 0) { wolfSSL_EVP_PKEY_free(pkcs8); pkcs8 = NULL; } + else { + *keyBuf += advanceLen; + } if (pkey != NULL) { *pkey = pkcs8; } @@ -7301,6 +7326,48 @@ WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY( return pkcs8; } +#ifdef OPENSSL_ALL +int wolfSSL_i2d_PKCS8_PKEY(WOLFSSL_PKCS8_PRIV_KEY_INFO* key, unsigned char** pp) +{ + word32 keySz = 0; + unsigned char* out; + int len; + + WOLFSSL_ENTER("wolfSSL_i2d_PKCS8_PKEY"); + + if (key == NULL) + return WOLFSSL_FATAL_ERROR; + + if (pkcs8_encode(key, NULL, &keySz) != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) + return WOLFSSL_FATAL_ERROR; + len = (int)keySz; + + if (pp == NULL) + return len; + + if (*pp == NULL) { + out = (unsigned char*)XMALLOC(len, NULL, DYNAMIC_TYPE_ASN1); + if (out == NULL) + return WOLFSSL_FATAL_ERROR; + } + else { + out = *pp; + } + + if (pkcs8_encode(key, out, &keySz) != len) { + if (*pp == NULL) + XFREE(out, NULL, DYNAMIC_TYPE_ASN1); + return WOLFSSL_FATAL_ERROR; + } + + if (*pp == NULL) + *pp = out; + else + *pp += len; + + return len; +} +#endif #ifndef NO_BIO /* put SSL type in extra for now, not very common */ diff --git a/src/ssl_bn.c b/src/ssl_bn.c index 74eadcead2..227fc71606 100644 --- a/src/ssl_bn.c +++ b/src/ssl_bn.c @@ -1312,7 +1312,7 @@ static int wolfssl_bn_add_word_int(WOLFSSL_BIGNUM *bn, WOLFSSL_BN_ULONG w, #endif /* Validate parameters. */ - if (BN_IS_NULL(bn)) { + if (ret == 1 && BN_IS_NULL(bn)) { WOLFSSL_MSG("bn NULL error"); ret = 0; } @@ -1419,6 +1419,85 @@ int wolfSSL_BN_sub_word(WOLFSSL_BIGNUM* bn, WOLFSSL_BN_ULONG w) return ret; } +int wolfSSL_BN_mul_word(WOLFSSL_BIGNUM *bn, WOLFSSL_BN_ULONG w) +{ + int ret = 1; +#if DIGIT_BIT < (SIZEOF_LONG * CHAR_BIT) +#ifdef WOLFSSL_SMALL_STACK + mp_int* w_mp = NULL; +#else + mp_int w_mp[1]; +#endif /* WOLFSSL_SMALL_STACK */ +#endif + + WOLFSSL_ENTER("wolfSSL_BN_mul_word"); + +#if DIGIT_BIT < (SIZEOF_LONG * CHAR_BIT) +#ifdef WOLFSSL_SMALL_STACK + /* Allocate temporary MP integer. */ + w_mp = (mp_int*)XMALLOC(sizeof(*w_mp), NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (w_mp == NULL) { + ret = 0; + } + else +#endif /* WOLFSSL_SMALL_STACK */ + { + /* Clear out MP integer so it can be freed. */ + XMEMSET(w_mp, 0, sizeof(*w_mp)); + } +#endif + + /* Validate parameters. */ + if (ret == 1 && BN_IS_NULL(bn)) { + WOLFSSL_MSG("bn NULL error"); + ret = 0; + } + + if (ret == 1) { + int rc = 0; +#if DIGIT_BIT < (SIZEOF_LONG * CHAR_BIT) + if (w > (WOLFSSL_BN_ULONG)MP_MASK) { + /* Initialize temporary MP integer. */ + if (mp_init(w_mp) != MP_OKAY) { + ret = 0; + } + /* Set value into temporary MP integer. */ + if ((ret == 1) && (mp_set_int(w_mp, w) != MP_OKAY)) { + ret = 0; + } + if (ret == 1) { + rc = mp_mul((mp_int*)bn->internal, w_mp, + (mp_int*)bn->internal); + if (rc != MP_OKAY) { + WOLFSSL_MSG("mp_mul error"); + ret = 0; + } + } + } + else +#endif + { + rc = mp_mul_d((mp_int*)bn->internal, (mp_digit)w, + (mp_int*)bn->internal); + if (rc != MP_OKAY) { + WOLFSSL_MSG("mp_mul_d error"); + ret = 0; + } + } + } + +#if DIGIT_BIT < (SIZEOF_LONG * CHAR_BIT) + mp_free(w_mp); +#ifdef WOLFSSL_SMALL_STACK + XFREE(w_mp, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif /* WOLFSSL_SMALL_STACK */ +#endif + + WOLFSSL_LEAVE("wolfSSL_BN_mul_word", ret); + + return ret; +} + #if defined(WOLFSSL_KEY_GEN) && (!defined(NO_RSA) || !defined(NO_DH) || \ !defined(NO_DSA)) /* Calculate bn modulo word w. bn % w diff --git a/src/tls13.c b/src/tls13.c index 90e4568f40..e8268939ba 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -2534,7 +2534,6 @@ static int Tls13IntegrityOnly_Encrypt(WOLFSSL* ssl, byte* output, /* Copy the input to output if not the same buffer */ if (ret == 0 && output != input) XMEMCPY(output, input, sz); - return ret; } #endif @@ -2930,7 +2929,6 @@ static int Tls13IntegrityOnly_Decrypt(WOLFSSL* ssl, byte* output, /* Copy the input to output if not the same buffer */ if (ret == 0 && output != input) XMEMCPY(output, input, sz); - return ret; } #endif @@ -3612,7 +3610,7 @@ int CreateCookieExt(const WOLFSSL* ssl, byte* hash, word16 hashSz, macSz = WC_SHA256_DIGEST_SIZE; #endif /* NO_SHA256 */ - ret = wc_HmacInit(&cookieHmac, ssl->heap, INVALID_DEVID); + ret = wc_HmacInit(&cookieHmac, ssl->heap, ssl->devId); if (ret == 0) { ret = wc_HmacSetKey(&cookieHmac, cookieType, ssl->buffers.tls13CookieSecret.buffer, @@ -6394,7 +6392,7 @@ int TlsCheckCookie(const WOLFSSL* ssl, const byte* cookie, word16 cookieSz) return HRR_COOKIE_ERROR; cookieSz -= macSz; - ret = wc_HmacInit(&cookieHmac, ssl->heap, INVALID_DEVID); + ret = wc_HmacInit(&cookieHmac, ssl->heap, ssl->devId); if (ret == 0) { ret = wc_HmacSetKey(&cookieHmac, cookieType, ssl->buffers.tls13CookieSecret.buffer, diff --git a/src/x509.c b/src/x509.c index 51e73ccf63..bb6a1b9eea 100644 --- a/src/x509.c +++ b/src/x509.c @@ -2445,6 +2445,7 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c, sk = NULL; } } + obj = wolfSSL_ASN1_OBJECT_new(); if (obj == NULL) { WOLFSSL_MSG("Issue creating WOLFSSL_ASN1_OBJECT struct"); @@ -2455,6 +2456,15 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c, obj->grp = oidCertExtType; obj->obj = (byte*)(x509->certPolicies[i]); obj->objSz = MAX_CERTPOL_SZ; + + if (wolfSSL_sk_ASN1_OBJECT_push(sk, obj) <= 0) { + WOLFSSL_MSG("Error pushing ASN1 object onto stack"); + wolfSSL_ASN1_OBJECT_free(obj); + wolfSSL_sk_ASN1_OBJECT_pop_free(sk, NULL); + sk = NULL; + } + + obj = NULL; } else { WOLFSSL_MSG("No Cert Policy set"); @@ -12984,7 +12994,7 @@ WOLFSSL_ASN1_OBJECT* wolfSSL_X509_NAME_ENTRY_get_object( #ifndef NO_CHECK_PRIVATE_KEY return wc_CheckPrivateKey((byte*)key->pkey.ptr, key->pkey_sz, x509->pubKey.buffer, x509->pubKey.length, - (enum Key_Sum)x509->pubKeyOID) == 1 ? + (enum Key_Sum)x509->pubKeyOID, key->heap) == 1 ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE; #else /* not compiled in */ diff --git a/tests/api.c b/tests/api.c index 8ce4bb97f1..b334a1c7f0 100644 --- a/tests/api.c +++ b/tests/api.c @@ -57416,13 +57416,22 @@ static int test_wolfSSL_PEM_PrivateKey_dsa(void) ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); #if defined(OPENSSL_ALL) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8) +#ifdef WOLFSSL_ASN_TEMPLATE ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL, - NULL), 0); + NULL), 1216); +#else + ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL, + NULL), 1212); +#endif #endif #ifdef WOLFSSL_KEY_GEN ExpectIntEQ(PEM_write_bio_PUBKEY(bio, pkey), 1); - ExpectIntEQ(BIO_pending(bio), 1178); +#ifdef WOLFSSL_ASN_TEMPLATE + ExpectIntEQ(BIO_pending(bio), 2394); +#else + ExpectIntEQ(BIO_pending(bio), 2390); +#endif BIO_reset(bio); #endif @@ -57451,6 +57460,7 @@ static int test_wolfSSL_PEM_PrivateKey_dh(void) (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) BIO* bio = NULL; EVP_PKEY* pkey = NULL; + int expectedBytes = 0; ExpectNotNull(bio = BIO_new_file("./certs/dh-priv-2048.pem", "rb")); /* Private DH EVP_PKEY */ @@ -57462,8 +57472,9 @@ static int test_wolfSSL_PEM_PrivateKey_dh(void) ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); #if defined(OPENSSL_ALL) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8) + expectedBytes += 806; ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL, - NULL), 0); + NULL), expectedBytes); #endif #ifdef WOLFSSL_KEY_GEN ExpectIntEQ(PEM_write_bio_PUBKEY(bio, pkey), 0); @@ -57471,7 +57482,8 @@ static int test_wolfSSL_PEM_PrivateKey_dh(void) ExpectIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL), 1); - ExpectIntEQ(BIO_pending(bio), 806); + expectedBytes += 806; + ExpectIntEQ(BIO_pending(bio), expectedBytes); BIO_free(bio); bio = NULL; @@ -65194,6 +65206,7 @@ static int test_wolfSSL_PKCS8_Compat(void) #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && defined(HAVE_ECC) && \ !defined(NO_BIO) PKCS8_PRIV_KEY_INFO* pt = NULL; + PKCS8_PRIV_KEY_INFO* pt2 = NULL; BIO* bio = NULL; XFILE f = XBADFILE; int bytes = 0; @@ -65216,13 +65229,14 @@ static int test_wolfSSL_PKCS8_Compat(void) ExpectIntEQ(EVP_PKEY_type(pkey->type), EVP_PKEY_EC); /* gets PKCS8 pointer to pkey */ - ExpectNotNull(EVP_PKEY2PKCS8(pkey)); + ExpectNotNull(pt2 = EVP_PKEY2PKCS8(pkey)); EVP_PKEY_free(pkey); #endif BIO_free(bio); PKCS8_PRIV_KEY_INFO_free(pt); + PKCS8_PRIV_KEY_INFO_free(pt2); #endif return EXPECT_RESULT(); } @@ -83723,10 +83737,11 @@ static int test_wolfSSL_RSA_GenAdd(void) ExpectNotNull(d2i_RSAPrivateKey(&rsa, &der, privDerSz)); ExpectIntEQ(wolfSSL_RSA_GenAdd(NULL), -1); -#ifndef RSA_LOW_MEM +#if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || \ + !defined(RSA_LOW_MEM) ExpectIntEQ(wolfSSL_RSA_GenAdd(rsa), 1); #else - /* dmp1 and dmq1 are not set (allocated) when RSA_LOW_MEM. */ + /* dmp1 and dmq1 are not set (allocated) in this config */ ExpectIntEQ(wolfSSL_RSA_GenAdd(rsa), -1); #endif @@ -85319,6 +85334,28 @@ static int test_wolfSSL_PEM_read_bio_ECPKParameters(void) return EXPECT_RESULT(); } +static int test_wolfSSL_i2d_ECPKParameters(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) + EC_GROUP* grp = NULL; + unsigned char p256_oid[] = { + 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07 + }; + unsigned char *der = p256_oid; + unsigned char out_der[sizeof(p256_oid)]; + + XMEMSET(out_der, 0, sizeof(out_der)); + ExpectNotNull(d2i_ECPKParameters(&grp, (const unsigned char **)&der, + sizeof(p256_oid))); + der = out_der; + ExpectIntEQ(i2d_ECPKParameters(grp, &der), sizeof(p256_oid)); + ExpectBufEQ(p256_oid, out_der, sizeof(p256_oid)); + EC_GROUP_free(grp); +#endif + return EXPECT_RESULT(); +} + static int test_wolfSSL_EC_POINT(void) { EXPECT_DECLS; @@ -87647,6 +87684,7 @@ static void test_AEAD_limit_client(WOLFSSL* ssl) /* Test the sending limit for AEAD ciphers */ Dtls13GetEpoch(ssl, ssl->dtls13Epoch)->nextSeqNumber = sendLimit; test_AEAD_seq_num = 1; + XMEMSET(msgBuf, 0, sizeof(msgBuf)); ret = wolfSSL_write(ssl, msgBuf, sizeof(msgBuf)); AssertIntGT(ret, 0); didReKey = 0; @@ -90812,12 +90850,13 @@ static int test_wolfSSL_dtls_stateless_maxfrag(void) XMEMSET(&test_ctx, 0, sizeof(test_ctx)); ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method), 0); + ExpectNotNull(ssl_s); ExpectNotNull(ssl_c2 = wolfSSL_new(ctx_c)); ExpectIntEQ(wolfSSL_UseMaxFragment(ssl_c2, WOLFSSL_MFL_2_8), WOLFSSL_SUCCESS); wolfSSL_SetIOWriteCtx(ssl_c2, &test_ctx); wolfSSL_SetIOReadCtx(ssl_c2, &test_ctx); - if (ssl_s != NULL) { + if (EXPECT_SUCCESS()) { max_fragment = ssl_s->max_fragment; } /* send CH */ @@ -95173,11 +95212,12 @@ static int test_dtls_frag_ch(void) /* Limit options to make the CH a fixed length */ /* See wolfSSL_parse_cipher_list for reason why we provide 1.3 AND 1.2 * ciphersuite. This is only necessary when building with OPENSSL_EXTRA. */ - ExpectTrue(wolfSSL_set_cipher_list(ssl_c, "TLS13-AES256-GCM-SHA384" #ifdef OPENSSL_EXTRA - ":DHE-RSA-AES256-GCM-SHA384" + ExpectTrue(wolfSSL_set_cipher_list(ssl_c, "TLS13-AES256-GCM-SHA384" + ":DHE-RSA-AES256-GCM-SHA384")); +#else + ExpectTrue(wolfSSL_set_cipher_list(ssl_c, "TLS13-AES256-GCM-SHA384")); #endif - )); /* CH1 */ ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); @@ -97845,6 +97885,7 @@ TEST_CASE testCases[] = { #if defined(HAVE_ECC) && !defined(OPENSSL_NO_PK) TEST_DECL(test_wolfSSL_EC_GROUP), + TEST_DECL(test_wolfSSL_i2d_ECPKParameters), TEST_DECL(test_wolfSSL_PEM_read_bio_ECPKParameters), TEST_DECL(test_wolfSSL_EC_POINT), TEST_DECL(test_wolfSSL_SPAKE), diff --git a/wolfcrypt/benchmark/benchmark-VS2022.sln b/wolfcrypt/benchmark/benchmark-VS2022.sln new file mode 100644 index 0000000000..2831db510a --- /dev/null +++ b/wolfcrypt/benchmark/benchmark-VS2022.sln @@ -0,0 +1,87 @@ + +Microsoft Visual Studio Solution File, Format Version 12.00 +# Visual Studio Version 17 +VisualStudioVersion = 17.11.35327.3 +MinimumVisualStudioVersion = 10.0.40219.1 +Project("{60CBE13D-37D2-4754-A1DE-788003549EDA}") = "benchmark-VS2022", "benchmark-VS2022.vcxproj", "{D04BDF66-664A-4D59-BEAC-8AB2D5809C21}" +EndProject +Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "settings", "settings", "{0D4D8E54-F32D-4056-A415-2362A55972FD}" + ProjectSection(SolutionItems) = preProject + ..\..\wolfssl\wolfcrypt\settings.h = ..\..\wolfssl\wolfcrypt\settings.h + ..\..\IDE\WIN\user_settings.h = ..\..\IDE\WIN\user_settings.h + EndProjectSection +EndProject +Project("{60CBE13D-37D2-4754-A1DE-788003549EDA}") = "wolfssl-VS2022", "..\..\wolfssl-VS2022.vcxproj", "{12226DBE-7278-4DFA-A119-5A0294CF0B33}" +EndProject +Global + GlobalSection(SolutionConfigurationPlatforms) = preSolution + Debug|ARM64 = Debug|ARM64 + Debug|x64 = Debug|x64 + Debug|x86 = Debug|x86 + DLL Debug|ARM64 = DLL Debug|ARM64 + DLL Debug|x64 = DLL Debug|x64 + DLL Debug|x86 = DLL Debug|x86 + DLL Release|ARM64 = DLL Release|ARM64 + DLL Release|x64 = DLL Release|x64 + DLL Release|x86 = DLL Release|x86 + Release|ARM64 = Release|ARM64 + Release|x64 = Release|x64 + Release|x86 = Release|x86 + EndGlobalSection + GlobalSection(ProjectConfigurationPlatforms) = postSolution + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|ARM64.ActiveCfg = Debug|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|ARM64.Build.0 = Debug|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|x64.ActiveCfg = Debug|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|x64.Build.0 = Debug|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|x86.ActiveCfg = Debug|Win32 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Debug|x86.Build.0 = Debug|Win32 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|ARM64.ActiveCfg = Debug|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|ARM64.Build.0 = Debug|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|x64.ActiveCfg = Debug|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|x64.Build.0 = Debug|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|x86.ActiveCfg = Debug|Win32 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Debug|x86.Build.0 = Debug|Win32 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|ARM64.ActiveCfg = Release|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|ARM64.Build.0 = Release|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|x64.ActiveCfg = Release|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|x64.Build.0 = Release|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|x86.ActiveCfg = Release|Win32 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.DLL Release|x86.Build.0 = Release|Win32 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|ARM64.ActiveCfg = Release|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|ARM64.Build.0 = Release|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|x64.ActiveCfg = Release|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|x64.Build.0 = Release|x64 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|x86.ActiveCfg = Release|Win32 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21}.Release|x86.Build.0 = Release|Win32 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.Debug|ARM64.ActiveCfg = Debug|ARM64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.Debug|ARM64.Build.0 = Debug|ARM64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.Debug|x64.ActiveCfg = Debug|x64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.Debug|x64.Build.0 = Debug|x64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.Debug|x86.ActiveCfg = Debug|Win32 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.Debug|x86.Build.0 = Debug|Win32 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Debug|ARM64.ActiveCfg = DLL Debug|ARM64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Debug|ARM64.Build.0 = DLL Debug|ARM64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Debug|x64.ActiveCfg = DLL Debug|x64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Debug|x64.Build.0 = DLL Debug|x64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Debug|x86.ActiveCfg = DLL Debug|Win32 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Debug|x86.Build.0 = DLL Debug|Win32 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Release|ARM64.ActiveCfg = DLL Release|ARM64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Release|ARM64.Build.0 = DLL Release|ARM64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Release|x64.ActiveCfg = DLL Release|x64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Release|x64.Build.0 = DLL Release|x64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Release|x86.ActiveCfg = DLL Release|Win32 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.DLL Release|x86.Build.0 = DLL Release|Win32 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.Release|ARM64.ActiveCfg = Release|ARM64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.Release|ARM64.Build.0 = Release|ARM64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.Release|x64.ActiveCfg = Release|x64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.Release|x64.Build.0 = Release|x64 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.Release|x86.ActiveCfg = Release|Win32 + {12226DBE-7278-4DFA-A119-5A0294CF0B33}.Release|x86.Build.0 = Release|Win32 + EndGlobalSection + GlobalSection(SolutionProperties) = preSolution + HideSolutionNode = FALSE + EndGlobalSection + GlobalSection(ExtensibilityGlobals) = postSolution + SolutionGuid = {667F2496-F8F1-4DBD-8AAA-78BAD16ED1BA} + EndGlobalSection +EndGlobal diff --git a/wolfcrypt/benchmark/benchmark-VS2022.vcxproj b/wolfcrypt/benchmark/benchmark-VS2022.vcxproj new file mode 100644 index 0000000000..ce5937e29c --- /dev/null +++ b/wolfcrypt/benchmark/benchmark-VS2022.vcxproj @@ -0,0 +1,162 @@ + + + + + Debug + Win32 + + + Debug + x64 + + + Release + Win32 + + + Release + x64 + + + + 17.0 + {D04BDF66-664A-4D59-BEAC-8AB2D5809C21} + Win32Proj + + + + Application + v143 + + + Application + v143 + + + Application + v143 + + + Application + v143 + + + + + + + + + + + + + + + + + + + <_ProjectFileVersion>17.0.35327.3 + + + Debug\ + Debug\ + true + + + true + + + Release\ + Release\ + true + + + true + + + + Disabled + ../..;../../IDE/WIN;%(AdditionalIncludeDirectories) + WIN32;_DEBUG;_CONSOLE;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + true + EnableFastChecks + MultiThreadedDebugDLL + + Level3 + EditAndContinue + + + Ws2_32.lib;%(AdditionalDependencies) + true + Console + MachineX86 + + + + + Disabled + ../..;../../IDE/WIN;%(AdditionalIncludeDirectories) + WIN32;_DEBUG;_CONSOLE;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + EnableFastChecks + MultiThreadedDebugDLL + + + Level3 + ProgramDatabase + + + Ws2_32.lib;%(AdditionalDependencies) + true + Console + + + + + ../..;../../IDE/WIN;%(AdditionalIncludeDirectories) + WIN32;NDEBUG;_CONSOLE;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + MultiThreadedDLL + + Level3 + ProgramDatabase + + + Ws2_32.lib;%(AdditionalDependencies) + true + Console + true + true + MachineX86 + + + + + ../..;../../IDE/WIN;%(AdditionalIncludeDirectories) + WIN32;NDEBUG;_CONSOLE;WOLFSSL_LIB;WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + MultiThreadedDLL + + + Level3 + ProgramDatabase + + + Ws2_32.lib;%(AdditionalDependencies) + true + Console + true + true + + + + + + + + {12226dbe-7278-4dfa-a119-5a0294cf0b33} + + + + + + diff --git a/wolfcrypt/benchmark/benchmark-VS2022.vcxproj.user b/wolfcrypt/benchmark/benchmark-VS2022.vcxproj.user new file mode 100644 index 0000000000..2219efc160 --- /dev/null +++ b/wolfcrypt/benchmark/benchmark-VS2022.vcxproj.user @@ -0,0 +1,7 @@ + + + + $(ProjectDir)../../ + WindowsLocalDebugger + + diff --git a/wolfcrypt/benchmark/include.am b/wolfcrypt/benchmark/include.am index dc2b71c416..22cecbdaef 100644 --- a/wolfcrypt/benchmark/include.am +++ b/wolfcrypt/benchmark/include.am @@ -23,5 +23,8 @@ endif EXTRA_DIST += wolfcrypt/benchmark/benchmark.sln EXTRA_DIST += wolfcrypt/benchmark/benchmark.vcproj +EXTRA_DIST += wolfcrypt/benchmark/benchmark-VS2022.sln +EXTRA_DIST += wolfcrypt/benchmark/benchmark-VS2022.vcxproj +EXTRA_DIST += wolfcrypt/benchmark/benchmark-VS2022.vcxproj.user EXTRA_DIST += wolfcrypt/benchmark/README.md DISTCLEANFILES+= wolfcrypt/benchmark/.libs/benchmark diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 89af92a030..acd8c017ce 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -3726,8 +3726,8 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt( #if !defined(WOLFSSL_STM32_CUBEMX) || defined(STM32_HAL_V2) ByteReverseWords(rk, rk, keylen); #endif - #if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) || \ - defined(WOLFSSL_AES_OFB) + #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ + defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) aes->left = 0; #endif return wc_AesSetIV(aes, iv); @@ -3807,8 +3807,8 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt( if (iv) XMEMCPY(aes->reg, iv, AES_BLOCK_SIZE); - #if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) || \ - defined(WOLFSSL_AES_OFB) + #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ + defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) aes->left = 0; #endif @@ -3838,8 +3838,8 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt( aes->rounds = keylen/4 + 6; XMEMCPY(aes->key, userKey, keylen); - #if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) || \ - defined(WOLFSSL_AES_OFB) + #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ + defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) aes->left = 0; #endif @@ -3890,8 +3890,8 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt( if (rk == NULL) return BAD_FUNC_ARG; - #if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) || \ - defined(WOLFSSL_AES_OFB) + #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ + defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) aes->left = 0; #endif @@ -3971,8 +3971,8 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt( XMEMCPY(aes->key, userKey, keylen); ret = nrf51_aes_set_key(userKey); - #if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) || \ - defined(WOLFSSL_AES_OFB) + #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ + defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) aes->left = 0; #endif @@ -4028,7 +4028,8 @@ static WARN_UNUSED_RESULT int wc_AesDecrypt( aes->rounds = keylen/4 + 6; XMEMCPY(aes->key, userKey, keylen); - #if defined(WOLFSSL_AES_COUNTER) + #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ + defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) aes->left = 0; #endif return wc_AesSetIV(aes, iv); @@ -4520,8 +4521,8 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir) #endif } - #if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) || \ - defined(WOLFSSL_AES_OFB) + #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ + defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) aes->left = 0; #endif @@ -10026,7 +10027,8 @@ int wc_AesGcmInit(Aes* aes, const byte* key, word32 len, const byte* iv, #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_AESNI) if ((ret == 0) && (aes->streamData == NULL)) { /* Allocate buffers for streaming. */ - aes->streamData = (byte*)XMALLOC(5 * AES_BLOCK_SIZE, aes->heap, + aes->streamData_sz = 5 * AES_BLOCK_SIZE; + aes->streamData = (byte*)XMALLOC(aes->streamData_sz, aes->heap, DYNAMIC_TYPE_AES); if (aes->streamData == NULL) { ret = MEMORY_E; @@ -10513,7 +10515,7 @@ int wc_Gmac(const byte* key, word32 keySz, byte* iv, word32 ivSz, byte* authTag, word32 authTagSz, WC_RNG* rng) { #ifdef WOLFSSL_SMALL_STACK - Aes *aes = NULL; + Aes *aes; #else Aes aes[1]; #endif @@ -10526,25 +10528,24 @@ int wc_Gmac(const byte* key, word32 keySz, byte* iv, word32 ivSz, } #ifdef WOLFSSL_SMALL_STACK - if ((aes = (Aes *)XMALLOC(sizeof *aes, NULL, - DYNAMIC_TYPE_AES)) == NULL) - return MEMORY_E; + aes = wc_AesNew(NULL, INVALID_DEVID, &ret); +#else + ret = wc_AesInit(aes, NULL, INVALID_DEVID); #endif + if (ret != 0) + return ret; - ret = wc_AesInit(aes, NULL, INVALID_DEVID); - if (ret == 0) { - ret = wc_AesGcmSetKey(aes, key, keySz); - if (ret == 0) - ret = wc_AesGcmSetIV(aes, ivSz, NULL, 0, rng); - if (ret == 0) - ret = wc_AesGcmEncrypt_ex(aes, NULL, NULL, 0, iv, ivSz, + ret = wc_AesGcmSetKey(aes, key, keySz); + if (ret == 0) + ret = wc_AesGcmSetIV(aes, ivSz, NULL, 0, rng); + if (ret == 0) + ret = wc_AesGcmEncrypt_ex(aes, NULL, NULL, 0, iv, ivSz, authTag, authTagSz, authIn, authInSz); - aes->isAllocated = 0; - wc_AesFree(aes); - } - ForceZero(aes, sizeof *aes); + #ifdef WOLFSSL_SMALL_STACK - XFREE(aes, NULL, DYNAMIC_TYPE_AES); + wc_AesDelete(aes, NULL); +#else + wc_AesFree(aes); #endif return ret; @@ -10570,24 +10571,21 @@ int wc_GmacVerify(const byte* key, word32 keySz, } #ifdef WOLFSSL_SMALL_STACK - if ((aes = (Aes *)XMALLOC(sizeof *aes, NULL, - DYNAMIC_TYPE_AES)) == NULL) - return MEMORY_E; -#endif - + aes = wc_AesNew(NULL, INVALID_DEVID, &ret); +#else ret = wc_AesInit(aes, NULL, INVALID_DEVID); +#endif if (ret == 0) { ret = wc_AesGcmSetKey(aes, key, keySz); if (ret == 0) ret = wc_AesGcmDecrypt(aes, NULL, NULL, 0, iv, ivSz, authTag, authTagSz, authIn, authInSz); - aes->isAllocated = 0; - wc_AesFree(aes); } - ForceZero(aes, sizeof *aes); #ifdef WOLFSSL_SMALL_STACK - XFREE(aes, NULL, DYNAMIC_TYPE_AES); + wc_AesDelete(aes, NULL); +#else + wc_AesFree(aes); #endif #else (void)key; @@ -11299,22 +11297,41 @@ int wc_AesCcmEncrypt_ex(Aes* aes, byte* out, const byte* in, word32 sz, #endif /* HAVE_AESCCM */ -Aes* wc_AesNew(void* heap, int devId) +#ifndef WC_NO_CONSTRUCTORS +Aes* wc_AesNew(void* heap, int devId, int *result_code) { + int ret; Aes* aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_AES); - if (aes != NULL) { - if (wc_AesInit(aes, heap, devId) != 0) { + if (aes == NULL) { + ret = MEMORY_E; + } + else { + ret = wc_AesInit(aes, heap, devId); + if (ret != 0) { XFREE(aes, heap, DYNAMIC_TYPE_AES); aes = NULL; } - else { - aes->isAllocated = 1; - } } + + if (result_code != NULL) + *result_code = ret; + return aes; } -/* Initialize Aes for use with async hardware */ +int wc_AesDelete(Aes *aes, Aes** aes_p) +{ + if (aes == NULL) + return BAD_FUNC_ARG; + wc_AesFree(aes); + XFREE(aes, aes->heap, DYNAMIC_TYPE_AES); + if (aes_p != NULL) + *aes_p = NULL; + return 0; +} +#endif /* !WC_NO_CONSTRUCTORS */ + +/* Initialize Aes */ int wc_AesInit(Aes* aes, void* heap, int devId) { int ret = 0; @@ -11322,18 +11339,12 @@ int wc_AesInit(Aes* aes, void* heap, int devId) if (aes == NULL) return BAD_FUNC_ARG; - aes->isAllocated = 0; - aes->heap = heap; - aes->rounds = 0; + XMEMSET(aes, 0, sizeof(*aes)); -#ifdef WOLFSSL_AESNI - /* clear here for the benefit of wc_AesGcmInit(). */ - aes->use_aesni = 0; -#endif + aes->heap = heap; #ifdef WOLF_CRYPTO_CB aes->devId = devId; - aes->devCtx = NULL; #else (void)devId; #endif @@ -11346,51 +11357,18 @@ int wc_AesInit(Aes* aes, void* heap, int devId) aes->alFd = WC_SOCK_NOTSET; aes->rdFd = WC_SOCK_NOTSET; #endif -#ifdef WOLFSSL_KCAPI_AES - aes->handle = NULL; - aes->init = 0; -#endif #if defined(WOLFSSL_DEVCRYPTO) && \ (defined(WOLFSSL_DEVCRYPTO_AES) || defined(WOLFSSL_DEVCRYPTO_CBC)) aes->ctx.cfd = -1; #endif -#if defined(WOLFSSL_CRYPTOCELL) && defined(WOLFSSL_CRYPTOCELL_AES) - XMEMSET(&aes->ctx, 0, sizeof(aes->ctx)); -#endif #if defined(WOLFSSL_IMXRT_DCP) DCPAesInit(aes); #endif -#ifdef WOLFSSL_MAXQ10XX_CRYPTO - XMEMSET(&aes->maxq_ctx, 0, sizeof(aes->maxq_ctx)); -#endif - -#ifdef HAVE_AESGCM -#ifdef OPENSSL_EXTRA - XMEMSET(aes->gcm.aadH, 0, sizeof(aes->gcm.aadH)); - aes->gcm.aadLen = 0; -#endif -#endif - -#ifdef WOLFSSL_AESGCM_STREAM -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_AESNI) - aes->streamData = NULL; -#endif - aes->keylen = 0; - aes->nonceSz = 0; - aes->gcmKeySet = 0; - aes->nonceSet = 0; - aes->ctrSet = 0; -#endif - #if defined(WOLFSSL_HAVE_PSA) && !defined(WOLFSSL_PSA_NO_AES) ret = wc_psa_aes_init(aes); #endif -#if defined(WOLFSSL_RENESAS_FSPSM) - XMEMSET(&aes->ctx, 0, sizeof(aes->ctx)); -#endif - #ifdef WC_DEBUG_CIPHER_LIFECYCLE if (ret == 0) ret = wc_debug_CipherLifecycleInit(&aes->CipherLifecycleTag, aes->heap); @@ -11445,21 +11423,15 @@ int wc_AesInit_Label(Aes* aes, const char* label, void* heap, int devId) } #endif -/* Free Aes from use with async hardware */ +/* Free Aes resources */ void wc_AesFree(Aes* aes) { - void* heap; - byte isAllocated; - if (aes == NULL) { return; } - heap = aes->heap; - isAllocated = aes->isAllocated; - #ifdef WC_DEBUG_CIPHER_LIFECYCLE - (void)wc_debug_CipherLifecycleFree(&aes->CipherLifecycleTag, heap, 1); + (void)wc_debug_CipherLifecycleFree(&aes->CipherLifecycleTag, aes->heap, 1); #endif #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_AES) @@ -11497,8 +11469,11 @@ void wc_AesFree(Aes* aes) #endif #if defined(WOLFSSL_AESGCM_STREAM) && defined(WOLFSSL_SMALL_STACK) && \ !defined(WOLFSSL_AESNI) - XFREE(aes->streamData, heap, DYNAMIC_TYPE_AES); - aes->streamData = NULL; + if (aes->streamData != NULL) { + ForceZero(aes->streamData, aes->streamData_sz); + XFREE(aes->streamData, aes->heap, DYNAMIC_TYPE_AES); + aes->streamData = NULL; + } #endif #if defined(WOLFSSL_SE050) && defined(WOLFSSL_SE050_CRYPT) @@ -11521,14 +11496,11 @@ void wc_AesFree(Aes* aes) wc_fspsm_Aesfree(aes); #endif + ForceZero(aes, sizeof(Aes)); + #ifdef WOLFSSL_CHECK_MEM_ZERO wc_MemZero_Check(aes, sizeof(Aes)); #endif - - if (isAllocated) { - XFREE(aes, heap, DYNAMIC_TYPE_AES); - } - } int wc_AesGetKeySize(Aes* aes, word32* keySize) @@ -14017,29 +13989,17 @@ static WARN_UNUSED_RESULT int AesSivCipher( } } -#ifdef WOLFSSL_SMALL_STACK - if (ret == 0) { - aes = (Aes*)XMALLOC(sizeof(Aes), NULL, DYNAMIC_TYPE_AES); - if (aes == NULL) { - ret = MEMORY_E; - } - } -#endif - if (ret == 0) { +#ifdef WOLFSSL_SMALL_STACK + aes = wc_AesNew(NULL, INVALID_DEVID, &ret); +#else ret = wc_AesInit(aes, NULL, INVALID_DEVID); +#endif if (ret != 0) { WOLFSSL_MSG("Failed to initialized AES object."); } } -#ifndef WOLFSSL_SMALL_STACK - /* make aes has heap hint and isAllocated initialized for cleanup below */ - if (ret != 0) { - XMEMSET(aes, 0, sizeof(Aes)); - } -#endif - if (ret == 0 && dataSz > 0) { sivTmp[12] &= 0x7f; sivTmp[8] &= 0x7f; @@ -14070,14 +14030,10 @@ static WARN_UNUSED_RESULT int AesSivCipher( } #ifdef WOLFSSL_SMALL_STACK - if (aes != NULL) + wc_AesDelete(aes, NULL); +#else + wc_AesFree(aes); #endif - { - wc_AesFree(aes); - #ifdef WOLFSSL_SMALL_STACK - XFREE(aes, NULL, DYNAMIC_TYPE_AES); - #endif - } return ret; } diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 9ec233855e..0ead2f4643 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -7174,6 +7174,15 @@ int ToTraditionalInline_ex2(const byte* input, word32* inOutIdx, word32 sz, ret = ASN_PARSE_E; } break; + #endif + #ifndef NO_DH + case DHk: + /* Neither NULL item nor OBJECT_ID item allowed. */ + if ((dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_NULL].tag != 0) || + (dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_OID_CURVE].tag != 0)) { + ret = ASN_PARSE_E; + } + break; #endif /* DSAk not supported. */ /* Falcon, Dilithium and Sphincs not supported. */ @@ -7446,9 +7455,11 @@ int wc_CreatePKCS8Key(byte* out, word32* outSz, byte* key, word32 keySz, * privKeySz : size of private key buffer * pubKey : buffer holding DER format public key * pubKeySz : size of public key buffer - * ks : type of key */ + * ks : type of key + * heap : heap hint to use */ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz, - const byte* pubKey, word32 pubKeySz, enum Key_Sum ks) + const byte* pubKey, word32 pubKeySz, enum Key_Sum ks, + void* heap) { int ret; (void)privKeySz; @@ -7485,14 +7496,14 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz, } #endif - if ((ret = wc_InitRsaKey(a, NULL)) < 0) { + if ((ret = wc_InitRsaKey(a, heap)) < 0) { #ifdef WOLFSSL_SMALL_STACK XFREE(b, NULL, DYNAMIC_TYPE_RSA); XFREE(a, NULL, DYNAMIC_TYPE_RSA); #endif return ret; } - if ((ret = wc_InitRsaKey(b, NULL)) < 0) { + if ((ret = wc_InitRsaKey(b, heap)) < 0) { wc_FreeRsaKey(a); #ifdef WOLFSSL_SMALL_STACK XFREE(b, NULL, DYNAMIC_TYPE_RSA); @@ -7553,7 +7564,7 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz, } #endif - if ((ret = wc_ecc_init(key_pair)) < 0) { + if ((ret = wc_ecc_init_ex(key_pair, heap, INVALID_DEVID)) < 0) { #ifdef WOLFSSL_SMALL_STACK XFREE(privDer, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(key_pair, NULL, DYNAMIC_TYPE_ECC); @@ -7571,7 +7582,7 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz, wc_MemZero_Add("wc_CheckPrivateKey privDer", privDer, privSz); #endif wc_ecc_free(key_pair); - ret = wc_ecc_init(key_pair); + ret = wc_ecc_init_ex(key_pair, heap, INVALID_DEVID); if (ret == 0) { ret = wc_ecc_import_private_key(privDer, privSz, pubKey, @@ -7622,7 +7633,7 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz, return MEMORY_E; #endif - if ((ret = wc_ed25519_init(key_pair)) < 0) { + if ((ret = wc_ed25519_init_ex(key_pair, heap, INVALID_DEVID)) < 0) { #ifdef WOLFSSL_SMALL_STACK XFREE(key_pair, NULL, DYNAMIC_TYPE_ED25519); #endif @@ -7672,7 +7683,7 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz, return MEMORY_E; #endif - if ((ret = wc_ed448_init(key_pair)) < 0) { + if ((ret = wc_ed448_init_ex(key_pair, heap, INVALID_DEVID)) < 0) { #ifdef WOLFSSL_SMALL_STACK XFREE(key_pair, NULL, DYNAMIC_TYPE_ED448); #endif @@ -7919,6 +7930,7 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz, ret = 0; } (void)ks; + (void)heap; return ret; } @@ -7933,7 +7945,7 @@ int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz, * checkAlt : indicate if we check primary or alternative key */ int wc_CheckPrivateKeyCert(const byte* key, word32 keySz, DecodedCert* der, - int checkAlt) + int checkAlt, void* heap) { int ret = 0; @@ -7947,7 +7959,7 @@ int wc_CheckPrivateKeyCert(const byte* key, word32 keySz, DecodedCert* der, word32 idx = 0; /* Dilithium has the largest public key at the moment */ word32 pubKeyLen = DILITHIUM_MAX_PUB_KEY_SIZE; - byte* decodedPubKey = (byte*)XMALLOC(pubKeyLen, NULL, + byte* decodedPubKey = (byte*)XMALLOC(pubKeyLen, heap, DYNAMIC_TYPE_PUBLIC_KEY); if (decodedPubKey == NULL) { ret = MEMORY_E; @@ -7966,15 +7978,15 @@ int wc_CheckPrivateKeyCert(const byte* key, word32 keySz, DecodedCert* der, } if (ret == 0) { ret = wc_CheckPrivateKey(key, keySz, decodedPubKey, pubKeyLen, - (enum Key_Sum) der->sapkiOID); + (enum Key_Sum) der->sapkiOID, heap); } - XFREE(decodedPubKey, NULL, DYNAMIC_TYPE_PUBLIC_KEY); + XFREE(decodedPubKey, heap, DYNAMIC_TYPE_PUBLIC_KEY); } else #endif { ret = wc_CheckPrivateKey(key, keySz, der->publicKey, - der->pubKeySize, (enum Key_Sum) der->keyOID); + der->pubKeySize, (enum Key_Sum) der->keyOID, heap); } (void)checkAlt; diff --git a/wolfcrypt/src/curve25519.c b/wolfcrypt/src/curve25519.c index db3205a041..7641055b44 100644 --- a/wolfcrypt/src/curve25519.c +++ b/wolfcrypt/src/curve25519.c @@ -655,22 +655,40 @@ int wc_curve25519_import_private_ex(const byte* priv, word32 privSz, #endif /* HAVE_CURVE25519_KEY_IMPORT */ -curve25519_key* wc_curve25519_new(void* heap, int devId) +#ifndef WC_NO_CONSTRUCTORS +curve25519_key* wc_curve25519_new(void* heap, int devId, int *result_code) { + int ret; curve25519_key* key = (curve25519_key*)XMALLOC(sizeof(curve25519_key), heap, DYNAMIC_TYPE_CURVE25519); - if (key != NULL) { - if (wc_curve25519_init_ex(key, heap, devId) != 0) { + if (key == NULL) { + ret = MEMORY_E; + } + else { + ret = wc_curve25519_init_ex(key, heap, devId); + if (ret != 0) { XFREE(key, heap, DYNAMIC_TYPE_CURVE25519); key = NULL; } - else { - key->isAllocated = 1; - } } + + if (result_code != NULL) + *result_code = ret; + return key; } +int wc_curve25519_delete(curve25519_key* key, curve25519_key** key_p) { + if (key == NULL) + return BAD_FUNC_ARG; + wc_curve25519_free(key); + XFREE(key, key->heap, DYNAMIC_TYPE_CURVE25519); + if (key_p != NULL) + *key_p = NULL; + return 0; +} +#endif /* !WC_NO_CONSTRUCTORS */ + int wc_curve25519_init_ex(curve25519_key* key, void* heap, int devId) { if (key == NULL) @@ -707,33 +725,18 @@ int wc_curve25519_init(curve25519_key* key) /* Clean the memory of a key */ void wc_curve25519_free(curve25519_key* key) { - void* heap; - byte isAllocated = 0; - if (key == NULL) return; - heap = key->heap; - isAllocated = key->isAllocated; - #ifdef WOLFSSL_SE050 se050_curve25519_free_key(key); #endif - key->dp = NULL; - ForceZero(key->k, sizeof(key->k)); - XMEMSET(&key->p, 0, sizeof(key->p)); - key->pubSet = 0; - key->privSet = 0; + ForceZero(key, sizeof(*key)); #ifdef WOLFSSL_CHECK_MEM_ZERO wc_MemZero_Check(key, sizeof(curve25519_key)); #endif - - if (isAllocated) { - XFREE(key, heap, DYNAMIC_TYPE_CURVE25519); - (void)heap; - } } /* get key size */ diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index 8a9b7a58a6..fe8b360afc 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -4262,7 +4262,7 @@ int wc_ecc_get_curve_idx(int curve_id) int wc_ecc_get_curve_id(int curve_idx) { - if (wc_ecc_is_valid_idx(curve_idx)) { + if (wc_ecc_is_valid_idx(curve_idx) && curve_idx >= 0) { return ecc_sets[curve_idx].id; } return ECC_CURVE_INVALID; diff --git a/wolfcrypt/src/ed25519.c b/wolfcrypt/src/ed25519.c index a000453880..09777dde76 100644 --- a/wolfcrypt/src/ed25519.c +++ b/wolfcrypt/src/ed25519.c @@ -968,23 +968,39 @@ int wc_ed25519ph_verify_msg(const byte* sig, word32 sigLen, const byte* msg, } #endif /* HAVE_ED25519_VERIFY */ -#ifndef WOLFSSL_NO_MALLOC -ed25519_key* wc_ed25519_new(void* heap, int devId) +#ifndef WC_NO_CONSTRUCTORS +ed25519_key* wc_ed25519_new(void* heap, int devId, int *result_code) { + int ret; ed25519_key* key = (ed25519_key*)XMALLOC(sizeof(ed25519_key), heap, DYNAMIC_TYPE_ED25519); - if (key != NULL) { - if (wc_ed25519_init_ex(key, heap, devId) != 0) { + if (key == NULL) { + ret = MEMORY_E; + } + else { + ret = wc_ed25519_init_ex(key, heap, devId); + if (ret != 0) { XFREE(key, heap, DYNAMIC_TYPE_ED25519); key = NULL; } - else { - key->isAllocated = 1; - } } + + if (result_code != NULL) + *result_code = ret; + return key; } -#endif + +int wc_ed25519_delete(ed25519_key* key, ed25519_key** key_p) { + if (key == NULL) + return BAD_FUNC_ARG; + wc_ed25519_free(key); + XFREE(key, key->heap, DYNAMIC_TYPE_ED25519); + if (key_p != NULL) + *key_p = NULL; + return 0; +} +#endif /* !WC_NO_CONSTRUCTORS */ /* initialize information and memory for key */ int wc_ed25519_init_ex(ed25519_key* key, void* heap, int devId) @@ -1025,15 +1041,9 @@ int wc_ed25519_init(ed25519_key* key) /* clear memory of key */ void wc_ed25519_free(ed25519_key* key) { - void* heap; - byte isAllocated = 0; - if (key == NULL) return; - heap = key->heap; - isAllocated = key->isAllocated; - #ifdef WOLFSSL_ED25519_PERSISTENT_SHA ed25519_hash_free(key, &key->sha); #endif @@ -1046,12 +1056,6 @@ void wc_ed25519_free(ed25519_key* key) #ifdef WOLFSSL_CHECK_MEM_ZERO wc_MemZero_Check(key, sizeof(ed25519_key)); #endif - - if (isAllocated) { - XFREE(key, heap, DYNAMIC_TYPE_ED25519); - (void)heap; - } - } diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 2312224044..808aa0461d 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -9051,7 +9051,7 @@ int wolfSSL_EVP_PKEY_set1_DH(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_DH *key) /* Get size of DER buffer only */ if (havePublic && !havePrivate) { ret = wc_DhPubKeyToDer(dhkey, NULL, &derSz); - } else if (havePrivate && !havePublic) { + } else if (havePrivate) { ret = wc_DhPrivKeyToDer(dhkey, NULL, &derSz); } else { ret = wc_DhParamsToDer(dhkey,NULL,&derSz); @@ -9071,7 +9071,7 @@ int wolfSSL_EVP_PKEY_set1_DH(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_DH *key) /* Fill DER buffer */ if (havePublic && !havePrivate) { ret = wc_DhPubKeyToDer(dhkey, derBuf, &derSz); - } else if (havePrivate && !havePublic) { + } else if (havePrivate) { ret = wc_DhPrivKeyToDer(dhkey, derBuf, &derSz); } else { ret = wc_DhParamsToDer(dhkey,derBuf,&derSz); @@ -9770,7 +9770,12 @@ WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKCS82PKEY(const WOLFSSL_PKCS8_PRIV_KEY_INFO* p8) /* this function just casts and returns pointer */ WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_EVP_PKEY2PKCS8(const WOLFSSL_EVP_PKEY* pkey) { - return (WOLFSSL_PKCS8_PRIV_KEY_INFO*)pkey; + if (pkey == NULL || pkey->pkey.ptr == NULL) { + return NULL; + } + + return wolfSSL_d2i_PrivateKey_EVP(NULL, (unsigned char**)&pkey->pkey.ptr, + pkey->pkey_sz); } #endif diff --git a/wolfcrypt/src/hash.c b/wolfcrypt/src/hash.c index 4249c39ea9..b16c47dcb1 100644 --- a/wolfcrypt/src/hash.c +++ b/wolfcrypt/src/hash.c @@ -686,23 +686,43 @@ int wc_Hash(enum wc_HashType hash_type, const byte* data, NULL, INVALID_DEVID); } -#ifndef WOLFSSL_NO_MALLOC -wc_HashAlg* wc_HashNew(enum wc_HashType type, void* heap, int devId) +#ifndef WC_NO_CONSTRUCTORS +wc_HashAlg* wc_HashNew(enum wc_HashType type, void* heap, int devId, + int *result_code) { + int ret; wc_HashAlg* hash = (wc_HashAlg*)XMALLOC(sizeof(wc_HashAlg), heap, DYNAMIC_TYPE_HASHES); - if (hash != NULL) { - if (wc_HashInit_ex(hash, type, heap, devId) != 0) { + if (hash == NULL) { + ret = MEMORY_E; + } + else { + ret = wc_HashInit_ex(hash, type, heap, devId); + if (ret != 0) { XFREE(hash, heap, DYNAMIC_TYPE_HASHES); hash = NULL; } - else { - hash->isAllocated = 1; - } } + + if (result_code != NULL) + *result_code = ret; + return hash; } -#endif + +int wc_HashDelete(wc_HashAlg *hash, wc_HashAlg **hash_p) { + int ret; + if (hash == NULL) + return BAD_FUNC_ARG; + ret = wc_HashFree(hash, hash->type); + if (ret < 0) + return ret; + XFREE(hash, hash->heap, DYNAMIC_TYPE_HASHES); + if (hash_p != NULL) + *hash_p = NULL; + return 0; +} +#endif /* !WC_NO_CONSTRUCTORS */ int wc_HashInit_ex(wc_HashAlg* hash, enum wc_HashType type, void* heap, int devId) @@ -712,9 +732,14 @@ int wc_HashInit_ex(wc_HashAlg* hash, enum wc_HashType type, void* heap, if (hash == NULL) return BAD_FUNC_ARG; - hash->isAllocated = 0; hash->type = type; +#ifdef WC_NO_CONSTRUCTORS + (void)heap; +#else + hash->heap = heap; +#endif + switch (type) { case WC_HASH_TYPE_MD5: #ifndef NO_MD5 @@ -808,7 +833,6 @@ int wc_HashInit_ex(wc_HashAlg* hash, enum wc_HashType type, void* heap, ret = BAD_FUNC_ARG; }; - (void)heap; (void)devId; return ret; @@ -1043,8 +1067,6 @@ int wc_HashFinal(wc_HashAlg* hash, enum wc_HashType type, byte* out) int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type) { int ret = WC_NO_ERR_TRACE(HASH_TYPE_E); /* Default to hash type error */ - void* heap = NULL; - byte isAllocated = 0; if (hash == NULL) return BAD_FUNC_ARG; @@ -1056,47 +1078,39 @@ int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type) } #endif - isAllocated = hash->isAllocated; - switch (type) { case WC_HASH_TYPE_MD5: #ifndef NO_MD5 - heap = hash->alg.md5.heap; wc_Md5Free(&hash->alg.md5); ret = 0; #endif break; case WC_HASH_TYPE_SHA: #ifndef NO_SHA - heap = hash->alg.sha.heap; wc_ShaFree(&hash->alg.sha); ret = 0; #endif break; case WC_HASH_TYPE_SHA224: #ifdef WOLFSSL_SHA224 - heap = hash->alg.sha224.heap; wc_Sha224Free(&hash->alg.sha224); ret = 0; #endif break; case WC_HASH_TYPE_SHA256: #ifndef NO_SHA256 - heap = hash->alg.sha256.heap; wc_Sha256Free(&hash->alg.sha256); ret = 0; #endif break; case WC_HASH_TYPE_SHA384: #ifdef WOLFSSL_SHA384 - heap = hash->alg.sha384.heap; wc_Sha384Free(&hash->alg.sha384); ret = 0; #endif break; case WC_HASH_TYPE_SHA512: #ifdef WOLFSSL_SHA512 - heap = hash->alg.sha512.heap; wc_Sha512Free(&hash->alg.sha512); ret = 0; #endif @@ -1123,7 +1137,6 @@ int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type) #endif case WC_HASH_TYPE_SHA3_224: #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224) - heap = hash->alg.sha3.heap; wc_Sha3_224_Free(&hash->alg.sha3); ret = 0; #endif @@ -1149,7 +1162,6 @@ int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type) #ifdef WOLFSSL_SM3 case WC_HASH_TYPE_SM3: - heap = hash->alg.sm3.heap; wc_Sm3Free(&hash->alg.sm3); ret = 0; break; @@ -1172,11 +1184,6 @@ int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type) ret = BAD_FUNC_ARG; }; - if (isAllocated) { - XFREE(hash, heap, DYNAMIC_TYPE_HASHES); - (void)heap; - } - return ret; } diff --git a/wolfcrypt/src/pkcs12.c b/wolfcrypt/src/pkcs12.c index 3cddc646b4..e8cc11e9eb 100644 --- a/wolfcrypt/src/pkcs12.c +++ b/wolfcrypt/src/pkcs12.c @@ -1112,7 +1112,7 @@ static WARN_UNUSED_RESULT int freeDecCertList(WC_DerCertList** list, InitDecodedCert(DeCert, current->buffer, current->bufferSz, heap); if (ParseCertRelative(DeCert, CERT_TYPE, NO_VERIFY, NULL, NULL) == 0) { - if (wc_CheckPrivateKeyCert(*pkey, *pkeySz, DeCert, 0) == 1) { + if (wc_CheckPrivateKeyCert(*pkey, *pkeySz, DeCert, 0, heap) == 1) { WOLFSSL_MSG("Key Pair found"); *cert = current->buffer; *certSz = current->bufferSz; diff --git a/wolfcrypt/src/port/Espressif/README.md b/wolfcrypt/src/port/Espressif/README.md index a95d86ff24..3c27d83739 100644 --- a/wolfcrypt/src/port/Espressif/README.md +++ b/wolfcrypt/src/port/Espressif/README.md @@ -14,18 +14,18 @@ Support for the ESP32 on-board cryptographic hardware acceleration for symmetric More details about ESP32 HW Acceleration can be found in: -* [ESP32 Technical Reference Manual](https://espressif.com/sites/default/files/documentation/esp32_technical_reference_manual_en.pdf) -* [ESP32-S2 Technical Reference Manual](https://www.espressif.com/sites/default/files/documentation/esp32-s2_technical_reference_manual_en.pdf) -* [ESP32-S3 Technical Reference Manual](https://www.espressif.com/sites/default/files/documentation/esp32-s3_technical_reference_manual_en.pdf) -* [ESP32-C2 (aka ESP8684 Technical Reference Manual](https://www.espressif.com/sites/default/files/documentation/esp8684_technical_reference_manual_en.pdf) -* [ESP32-C3 Technical Reference Manual](https://www.espressif.com/sites/default/files/documentation/esp32-c3_technical_reference_manual_en.pdf) -* [ESP32-C6 Technical Reference Manual](https://www.espressif.com/sites/default/files/documentation/esp32-c6_technical_reference_manual_en.pdf) -* [ESP32-H2 Technical Reference Manual](https://www.espressif.com/sites/default/files/documentation/esp32-h2_technical_reference_manual_en.pdf) +* `esp32_technical_reference_manual_en.pdf` +* `esp32-s2_technical_reference_manual_en.pdf` +* `esp32-s3_technical_reference_manual_en.pdf` +* `esp8684_technical_reference_manual_en.pdf` +* `esp32-c3_technical_reference_manual_en.pdf` +* `esp32-c6_technical_reference_manual_en.pdf` +* `esp32-h2_technical_reference_manual_en.pdf` ### Building Simply run `ESP-IDF.py` in any of the [Espressif/ESP-IDF/Examples](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples). -See the respective project README files. Examples are also available using wolfssl as a [Managed Component](https://components.espressif.com/components/wolfssl/wolfssl). +See the respective project README files. Examples are also available using wolfssl as a [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/). Hardware acceleration is enabled by default. All settings should be adjusted in the respective project component `user_settings.h` file. See the example in [template example](https://github.com/wolfSSL/wolfssl/blob/master/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/include/user_settings.h). diff --git a/wolfcrypt/src/port/Espressif/esp32_sha.c b/wolfcrypt/src/port/Espressif/esp32_sha.c index 7b736ae0b8..318aa8f368 100644 --- a/wolfcrypt/src/port/Espressif/esp32_sha.c +++ b/wolfcrypt/src/port/Espressif/esp32_sha.c @@ -20,7 +20,7 @@ */ /* - * ESP32-C3: https://www.espressif.com/sites/default/files/documentation/esp32-c3_technical_reference_manual_en.pdf + * ESP32-C3: esp32-c3_technical_reference_manual_en.pdf * see page 335: no SHA-512 * */ diff --git a/wolfcrypt/src/port/Espressif/esp_crt_bundle/README.md b/wolfcrypt/src/port/Espressif/esp_crt_bundle/README.md index 55635e89ee..9f52338e9b 100644 --- a/wolfcrypt/src/port/Espressif/esp_crt_bundle/README.md +++ b/wolfcrypt/src/port/Espressif/esp_crt_bundle/README.md @@ -6,7 +6,7 @@ and with the intention of using Certificate Bundles in the esp-tls component. See the ESP-IDF `idf.py menuconfig`. A recent version of the [wolfSSL Kconfig](https://github.com/wolfSSL/wolfssl/blob/master/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/Kconfig) file is needed. The [template example](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/template) can be use for creating a project-specific [wolfSSL component](https://github.com/wolfSSL/wolfssl/tree/master/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl) -when not using a [Managed Component](https://components.espressif.com/components/wolfssl/wolfssl). +when not using a [Managed Component](https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/). ## Getting Started diff --git a/wolfcrypt/src/port/Espressif/esp_crt_bundle/esp_crt_bundle.c b/wolfcrypt/src/port/Espressif/esp_crt_bundle/esp_crt_bundle.c index 09af023daf..023b373a6a 100644 --- a/wolfcrypt/src/port/Espressif/esp_crt_bundle/esp_crt_bundle.c +++ b/wolfcrypt/src/port/Espressif/esp_crt_bundle/esp_crt_bundle.c @@ -71,8 +71,8 @@ esp_err_t esp_crt_bundle_attach(void *conf) /* There's a minimum version of wolfSSL needed for Certificate Bundle Support. * * See the latest code at: - * https://github.com/wolfSSL/wolfssl or - * https://components.espressif.com/components/wolfssl/wolfssl + * https://github.com/wolfSSL/wolfssl or Managed Components at + * https://www.wolfssl.com/wolfssl-now-available-in-espressif-component-registry/ */ #if defined(WOLFSSL_ESPIDF_COMPONENT_VERSION) #if (WOLFSSL_ESPIDF_COMPONENT_VERSION > 0) diff --git a/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c b/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c index 9c574451a6..678de3b9a7 100644 --- a/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c +++ b/wolfcrypt/src/port/Espressif/esp_sdk_time_lib.c @@ -74,10 +74,10 @@ esp_err_t esp_sdk_time_lib_init(void) /* ESP-IDF uses a 64-bit signed integer to represent time_t * starting from release v5.0 - * See: https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#year-2036-and-2038-overflow-issues + * See: Espressif api-reference system_time (year-2036-and-2038-overflow-issues) */ -/* see https://www.gnu.org/software/libc/manual/html_node/TZ-Variable.html */ +/* see gnu TZ-Variable */ #ifndef TIME_ZONE /* * PST represents Pacific Standard Time. @@ -379,7 +379,7 @@ int set_time(void) if (NTP_SERVER_COUNT) { /* next, let's setup NTP time servers * - * see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/system_time.html#sntp-time-synchronization + * see Espressif api-reference system_time (sntp-time-synchronization) * * WARNING: do not set operating mode while SNTP client is running! */ diff --git a/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.c b/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.c index 0fc6e198cb..9a200a9217 100644 --- a/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.c +++ b/wolfcrypt/src/port/Espressif/esp_sdk_wifi_lib.c @@ -31,7 +31,7 @@ #include #if defined(WOLFSSL_ESPIDF) /* Entire file is only for Espressif EDP-IDF */ -#if defined(USE_WOLFSSL_ESP_SDK_WIFI) +#if defined(USE_WOLFSSL_ESP_SDK_WIFI) && ESP_IDF_VERSION_MAJOR > 4 /* Espressif */ #include "sdkconfig.h" /* programmatically generated from sdkconfig */ @@ -62,8 +62,8 @@ esp_err_t esp_sdk_wifi_lib_init(void) #if defined(CONFIG_IDF_TARGET_ESP8266) #elif ESP_IDF_VERSION_MAJOR >= 5 && defined(FOUND_PROTOCOL_EXAMPLES_DIR) /* example path set in cmake file */ -#elif ESP_IDF_VERSION_MAJOR >= 4 - #include "protocol_examples_common.h" +#elif ESP_IDF_VERSION_MAJOR > 4 +/* #include "protocol_examples_common.h" */ #else const static int CONNECTED_BIT = BIT0; static EventGroupHandle_t wifi_event_group; @@ -269,7 +269,7 @@ static esp_err_t wifi_event_handler(void *ctx, system_event_t *event) ESP_LOGI(TAG, "got ip:%s", ip4addr_ntoa(&event->event_info.got_ip.ip_info.ip)); #endif - /* see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/api-reference/system/freertos_idf.html */ + /* see Espressif api-reference freertos_idf */ xEventGroupSetBits(wifi_event_group, CONNECTED_BIT); break; case SYSTEM_EVENT_STA_DISCONNECTED: diff --git a/wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c b/wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c index 0028786c57..e1ec04cc5e 100644 --- a/wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c +++ b/wolfcrypt/src/port/Renesas/renesas_fspsm_aes.c @@ -795,7 +795,8 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen, return BAD_FUNC_ARG; } -#ifdef WOLFSSL_AES_COUNTER +#if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ + defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) aes->left = 0; #endif diff --git a/wolfcrypt/src/port/arm/armv8-aes.c b/wolfcrypt/src/port/arm/armv8-aes.c index 87df6f0895..0baa39b5ca 100644 --- a/wolfcrypt/src/port/arm/armv8-aes.c +++ b/wolfcrypt/src/port/arm/armv8-aes.c @@ -201,7 +201,8 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen, } #endif - #ifdef WOLFSSL_AES_COUNTER + #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ + defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) aes->left = 0; #endif /* WOLFSSL_AES_COUNTER */ @@ -16581,9 +16582,10 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen, XMEMCPY(aes->devKey, userKey, keylen); } #endif -#ifdef WOLFSSL_AES_COUNTER +#if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ + defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) aes->left = 0; -#endif /* WOLFSSL_AES_COUNTER */ +#endif aes->keylen = keylen; aes->rounds = keylen/4 + 6; diff --git a/wolfcrypt/src/port/caam/caam_aes.c b/wolfcrypt/src/port/caam/caam_aes.c index b744c12447..20c4068ab2 100644 --- a/wolfcrypt/src/port/caam/caam_aes.c +++ b/wolfcrypt/src/port/caam/caam_aes.c @@ -93,7 +93,8 @@ int wc_AesSetKey(Aes* aes, const byte* key, word32 len, return ret; } -#ifdef WOLFSSL_AES_COUNTER +#if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ + defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) aes->left = 0; #endif diff --git a/wolfcrypt/src/port/devcrypto/devcrypto_aes.c b/wolfcrypt/src/port/devcrypto/devcrypto_aes.c index ba12d2583b..e2f7d6c444 100644 --- a/wolfcrypt/src/port/devcrypto/devcrypto_aes.c +++ b/wolfcrypt/src/port/devcrypto/devcrypto_aes.c @@ -125,7 +125,8 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen, aes->keylen = keylen; aes->rounds = keylen/4 + 6; -#ifdef WOLFSSL_AES_COUNTER +#if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ + defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) aes->left = 0; #endif aes->ctx.cfd = -1; diff --git a/wolfcrypt/src/port/riscv/riscv-64-aes.c b/wolfcrypt/src/port/riscv/riscv-64-aes.c index 292c854d18..3ca35419c2 100644 --- a/wolfcrypt/src/port/riscv/riscv-64-aes.c +++ b/wolfcrypt/src/port/riscv/riscv-64-aes.c @@ -498,8 +498,8 @@ int wc_AesSetKey(Aes* aes, const byte* key, word32 keyLen, const byte* iv, if (ret == 0) { /* Finish setting the AES object. */ aes->keylen = keyLen; -#if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) || \ - defined(WOLFSSL_AES_OFB) +#if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ + defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) aes->left = 0; #endif } @@ -1770,8 +1770,8 @@ int wc_AesSetKey(Aes* aes, const byte* key, word32 keyLen, const byte* iv, if (ret == 0) { /* Finish setting the AES object. */ aes->keylen = keyLen; -#if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) || \ - defined(WOLFSSL_AES_OFB) +#if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ + defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) aes->left = 0; #endif } @@ -2978,8 +2978,8 @@ int wc_AesSetKey(Aes* aes, const byte* key, word32 keyLen, const byte* iv, if (ret == 0) { /* Initialize fields. */ - #if defined(WOLFSSL_AES_CFB) || defined(WOLFSSL_AES_COUNTER) || \ - defined(WOLFSSL_AES_OFB) + #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ + defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) aes->left = 0; #endif aes->keylen = (int)keyLen; diff --git a/wolfcrypt/src/port/ti/ti-aes.c b/wolfcrypt/src/port/ti/ti-aes.c index 8dcd10abce..ed5515ef71 100644 --- a/wolfcrypt/src/port/ti/ti-aes.c +++ b/wolfcrypt/src/port/ti/ti-aes.c @@ -99,7 +99,8 @@ int wc_AesSetKey(Aes* aes, const byte* key, word32 len, const byte* iv, int dir) aes->rounds = len / 4 + 6; XMEMCPY(aes->key, key, len); -#ifdef WOLFSSL_AES_COUNTER +#if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) || \ + defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_XTS) aes->left = 0; #endif return AesSetIV(aes, iv); diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index 48008c169a..662a91139e 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -154,21 +154,40 @@ static void wc_RsaCleanup(RsaKey* key) #endif } -RsaKey* wc_NewRsaKey(void* heap, int devId) +#ifndef WC_NO_CONSTRUCTORS +RsaKey* wc_NewRsaKey(void* heap, int devId, int *result_code) { + int ret; RsaKey* key = (RsaKey*)XMALLOC(sizeof(RsaKey), heap, DYNAMIC_TYPE_RSA); - if (key != NULL) { - if (wc_InitRsaKey_ex(key, heap, devId) != 0) { + if (key == NULL) { + ret = MEMORY_E; + } + else { + ret = wc_InitRsaKey_ex(key, heap, devId); + if (ret != 0) { XFREE(key, heap, DYNAMIC_TYPE_RSA); key = NULL; } - else { - key->isAllocated = 1; - } } + + if (result_code != NULL) + *result_code = ret; + return key; } +int wc_DeleteRsaKey(RsaKey* key, RsaKey** key_p) +{ + if (key == NULL) + return BAD_FUNC_ARG; + wc_FreeRsaKey(key); + XFREE(key, key->heap, DYNAMIC_TYPE_RSA); + if (key_p != NULL) + *key_p = NULL; + return 0; +} +#endif /* !WC_NO_CONSTRUCTORS */ + int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId) { int ret = 0; @@ -542,16 +561,11 @@ int wc_RsaGetKeyId(RsaKey* key, word32* keyId) int wc_FreeRsaKey(RsaKey* key) { int ret = 0; - void* heap; - byte isAllocated = 0; if (key == NULL) { return BAD_FUNC_ARG; } - heap = key->heap; - isAllocated = key->isAllocated; - wc_RsaCleanup(key); #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_RSA) @@ -587,7 +601,7 @@ int wc_FreeRsaKey(RsaKey* key) mp_clear(&key->n); #ifdef WOLFSSL_XILINX_CRYPT - XFREE(key->mod, heap, DYNAMIC_TYPE_KEY); + XFREE(key->mod, key->heap, DYNAMIC_TYPE_KEY); key->mod = NULL; #endif @@ -615,11 +629,6 @@ int wc_FreeRsaKey(RsaKey* key) wc_fspsm_RsaKeyFree(key); #endif - if (isAllocated) { - XFREE(key, heap, DYNAMIC_TYPE_RSA); - (void)heap; - } - return ret; } diff --git a/wolfcrypt/src/sp_int.c b/wolfcrypt/src/sp_int.c index 0f89d31514..d9ac60bca0 100644 --- a/wolfcrypt/src/sp_int.c +++ b/wolfcrypt/src/sp_int.c @@ -5128,6 +5128,12 @@ static void _sp_mont_setup(const sp_int* m, sp_int_digit* rho); #define WOLFSSL_SP_PRIME_GEN #endif +#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ + (defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)) || defined(OPENSSL_EXTRA) +/* Determine when mp_mul_d is required */ +#define WOLFSSL_SP_MUL_D +#endif + /* Set the multi-precision number to zero. * * Assumes a is not NULL. @@ -6553,7 +6559,8 @@ int sp_sub_d(const sp_int* a, sp_int_digit d, sp_int* r) !defined(NO_DH) || defined(HAVE_ECC) || \ (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \ !defined(WOLFSSL_RSA_PUBLIC_ONLY))) || \ - (defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)) + (defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)) || \ + defined(WOLFSSL_SP_MUL_D) /* Multiply a by digit n and put result into r shifting up o digits. * r = (a * n) << (o * SP_WORD_SIZE) * @@ -6636,8 +6643,7 @@ static int _sp_mul_d(const sp_int* a, sp_int_digit d, sp_int* r, unsigned int o) #endif /* (WOLFSSL_SP_MATH_ALL && !WOLFSSL_RSA_VERIFY_ONLY) || * WOLFSSL_SP_SMALL || (WOLFSSL_KEY_GEN && !NO_RSA) */ -#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ - (defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)) +#ifdef WOLFSSL_SP_MUL_D /* Multiply a by digit n and put result into r. r = a * n * * @param [in] a SP integer to multiply. @@ -6675,8 +6681,7 @@ int sp_mul_d(const sp_int* a, sp_int_digit d, sp_int* r) return err; } -#endif /* (WOLFSSL_SP_MATH_ALL && !WOLFSSL_RSA_VERIFY_ONLY) || - * (WOLFSSL_KEY_GEN && !NO_RSA) */ +#endif /* WOLFSSL_SP_MUL_D */ /* Predefine complicated rules of when to compile in sp_div_d and sp_mod_d. */ #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ @@ -12429,8 +12434,10 @@ static int _sp_invmod_div(const sp_int* a, const sp_int* m, sp_int* x, ALLOC_SP_INT(d, m->used + 1, err, NULL); if (err == MP_OKAY) { - sp_init_size(d, m->used + 1); + err = sp_init_size(d, m->used + 1); + } + if (err == MP_OKAY) { /* 1. x = m, y = a, b = 1, c = 0 */ if (a != y) { _sp_copy(a, y); diff --git a/wolfcrypt/test/include.am b/wolfcrypt/test/include.am index 64d0f1a4f1..4e059dfa62 100644 --- a/wolfcrypt/test/include.am +++ b/wolfcrypt/test/include.am @@ -26,5 +26,9 @@ endif EXTRA_DIST += wolfcrypt/test/test.sln EXTRA_DIST += wolfcrypt/test/test.vcproj +EXTRA_DIST += wolfcrypt/test/test-VS2022.sln +EXTRA_DIST += wolfcrypt/test/test-VS2022.vcxproj +EXTRA_DIST += wolfcrypt/test/test-VS2022.vcxproj.user + EXTRA_DIST += wolfcrypt/test/README.md DISTCLEANFILES+= wolfcrypt/test/.libs/testwolfcrypt diff --git a/wolfcrypt/test/test-VS2022.vcxproj b/wolfcrypt/test/test-VS2022.vcxproj index a35c3cfeef..ed79d62efe 100644 --- a/wolfcrypt/test/test-VS2022.vcxproj +++ b/wolfcrypt/test/test-VS2022.vcxproj @@ -159,4 +159,4 @@ - \ No newline at end of file + diff --git a/wolfcrypt/test/test-VS2022.vcxproj.user b/wolfcrypt/test/test-VS2022.vcxproj.user new file mode 100644 index 0000000000..2219efc160 --- /dev/null +++ b/wolfcrypt/test/test-VS2022.vcxproj.user @@ -0,0 +1,7 @@ + + + + $(ProjectDir)../../ + WindowsLocalDebugger + + diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 45fea09fe3..b3a9bccbc7 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -1016,37 +1016,75 @@ static void myFipsCb(int ok, int err, const char* hash) } #endif /* HAVE_FIPS && !WOLFSSL_LINUXKM */ -#if defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) +#if defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) && !defined(WC_NO_CONSTRUCTORS) -#ifndef NO_AES -static struct Aes *wc_AesNew(void *heap, int thisDevId) { +#if !defined(NO_AES) +static WC_MAYBE_UNUSED Aes* wc_AesNew(void* heap, int thisDevId, int *result_code) +{ + int ret; Aes* aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_AES); - if (aes != NULL) { - if (wc_AesInit(aes, heap, thisDevId) != 0) { + if (aes == NULL) { + ret = MEMORY_E; + } + else { + ret = wc_AesInit(aes, heap, thisDevId); + if (ret != 0) { XFREE(aes, heap, DYNAMIC_TYPE_AES); aes = NULL; } } + + if (result_code != NULL) + *result_code = ret; + return aes; } -#endif +static WC_MAYBE_UNUSED int wc_AesDelete(Aes *aes, Aes** aes_p) +{ + if (aes == NULL) + return BAD_FUNC_ARG; + wc_AesFree(aes); + XFREE(aes, aes->heap, DYNAMIC_TYPE_AES); + if (aes_p != NULL) + *aes_p = NULL; + return 0; +} +#endif /* !NO_AES */ -#ifndef NO_RSA -static RsaKey* wc_NewRsaKey(void* heap, int thisDevId) +#if !defined(NO_RSA) +static WC_MAYBE_UNUSED RsaKey* wc_NewRsaKey(void* heap, int thisDevId, int *result_code) { + int ret; RsaKey* key = (RsaKey*)XMALLOC(sizeof(RsaKey), heap, DYNAMIC_TYPE_RSA); - if (key != NULL) { - if (wc_InitRsaKey_ex(key, heap, thisDevId) != 0) { + if (key == NULL) { + ret = MEMORY_E; + } + else { + ret = wc_InitRsaKey_ex(key, heap, thisDevId); + if (ret != 0) { XFREE(key, heap, DYNAMIC_TYPE_RSA); key = NULL; } } + + if (result_code != NULL) + *result_code = ret; + return key; } -#endif - -#endif /* FIPS_VERSION3_LT(6,0,0) */ +static WC_MAYBE_UNUSED int wc_DeleteRsaKey(RsaKey* key, RsaKey** key_p) +{ + if (key == NULL) + return BAD_FUNC_ARG; + wc_FreeRsaKey(key); + XFREE(key, key->heap, DYNAMIC_TYPE_RSA); + if (key_p != NULL) + *key_p = NULL; + return 0; +} +#endif /* !NO_RSA */ +#endif /* FIPS_VERSION3_LT(6,0,0) && !WC_NO_CONSTRUCTORS */ #ifdef WOLFSSL_STATIC_MEMORY #if defined(WOLFSSL_STATIC_MEMORY_TEST_SZ) @@ -8358,12 +8396,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hash_test(void) WOLFSSL_ENTER("hash_test"); #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - hash = wc_HashNew(WC_HASH_TYPE_SHA256, HEAP_HINT, devId); + hash = wc_HashNew(WC_HASH_TYPE_SHA256, HEAP_HINT, devId, &ret); if (hash == NULL) { - ret = MEMORY_E; return WC_TEST_RET_ENC_EC(ret); } - hash->isAllocated = 0; /* free manually */ #else XMEMSET(hash, 0, sizeof(wc_HashAlg)); #endif @@ -8644,10 +8680,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hash_test(void) #endif #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - if (hash != NULL) { - hash->isAllocated = 1; /* free manually */ - (void)wc_HashFree(hash, hash->type); - } + (void)wc_HashDelete(hash, &hash); #endif return 0; @@ -11612,13 +11645,13 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key, WOLFSSL_ENTER("aesofb_test"); #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - enc = wc_AesNew(HEAP_HINT, devId); + enc = wc_AesNew(HEAP_HINT, devId, &ret); if (enc == NULL) - ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #ifdef HAVE_AES_DECRYPT - dec = wc_AesNew(HEAP_HINT, devId); + dec = wc_AesNew(HEAP_HINT, devId, &ret); if (dec == NULL) - ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #endif #else XMEMSET(enc, 0, sizeof(Aes)); @@ -11869,16 +11902,18 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key, out: + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(enc, &enc); + #else wc_AesFree(enc); -#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) - XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); -#endif + #endif #ifdef HAVE_AES_DECRYPT + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(dec, &dec); + #else wc_AesFree(dec); -#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) - XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES); -#endif + #endif #endif #endif /* WOLFSSL_AES_256 */ @@ -12011,13 +12046,13 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key, #endif /* WOLFSSL_AES_256 */ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - enc = wc_AesNew(HEAP_HINT, devId); + enc = wc_AesNew(HEAP_HINT, devId, &ret); if (enc == NULL) - ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #ifdef HAVE_AES_DECRYPT - dec = wc_AesNew(HEAP_HINT, devId); + dec = wc_AesNew(HEAP_HINT, devId, &ret); if (dec == NULL) - ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #endif #else XMEMSET(enc, 0, sizeof(Aes)); @@ -12197,14 +12232,16 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key, out: +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(enc, &enc); +#else wc_AesFree(enc); -#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) - XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); #endif #ifdef HAVE_AES_DECRYPT +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(dec, &dec); +#else wc_AesFree(dec); -#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) - XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES); #endif #endif @@ -12306,13 +12343,13 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key, #endif /* WOLFSSL_AES_256 */ #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - enc = wc_AesNew(HEAP_HINT, devId); + enc = wc_AesNew(HEAP_HINT, devId, &ret); if (enc == NULL) - ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #ifdef HAVE_AES_DECRYPT - dec = wc_AesNew(HEAP_HINT, devId); + dec = wc_AesNew(HEAP_HINT, devId, &ret); if (dec == NULL) - ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #endif #else XMEMSET(enc, 0, sizeof(Aes)); @@ -12457,14 +12494,16 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key, out: +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(enc, &enc); +#else wc_AesFree(enc); -#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) - XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); #endif #ifdef HAVE_AES_DECRYPT +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(dec, &dec); +#else wc_AesFree(dec); -#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) - XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES); #endif #endif @@ -12562,13 +12601,13 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key, #endif #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - enc = wc_AesNew(HEAP_HINT, devId); + enc = wc_AesNew(HEAP_HINT, devId, &ret); if (enc == NULL) - ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #ifdef HAVE_AES_DECRYPT - dec = wc_AesNew(HEAP_HINT, devId); + dec = wc_AesNew(HEAP_HINT, devId, &ret); if (dec == NULL) - ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #endif #else XMEMSET(enc, 0, sizeof(Aes)); @@ -12667,14 +12706,16 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key, out: +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(enc, &enc); +#else wc_AesFree(enc); -#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) - XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); #endif #ifdef HAVE_AES_DECRYPT +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(dec, &dec); +#else wc_AesFree(dec); -#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) - XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES); #endif #endif @@ -12709,9 +12750,9 @@ static wc_test_ret_t aes_key_size_test(void) #endif #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - aes = wc_AesNew(HEAP_HINT, devId); + aes = wc_AesNew(HEAP_HINT, devId, &ret); if (aes == NULL) - return WC_TEST_RET_ENC_ERRNO; + return WC_TEST_RET_ENC_EC(ret); #else ret = wc_AesInit(aes, HEAP_HINT, devId); /* 0 check OK for FIPSv1 */ @@ -12810,9 +12851,10 @@ static wc_test_ret_t aes_key_size_test(void) ret = 0; /* success */ out: +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(aes, &aes); +#else wc_AesFree(aes); -#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) - XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES); #endif return ret; @@ -15719,12 +15761,12 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_ctr_test(void) WOLFSSL_ENTER("aes_ctr_test"); #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - enc = wc_AesNew(HEAP_HINT, devId); + enc = wc_AesNew(HEAP_HINT, devId, &ret); if (enc == NULL) - ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); - dec = wc_AesNew(HEAP_HINT, devId); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + dec = wc_AesNew(HEAP_HINT, devId, &ret); if (dec == NULL) - ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #else XMEMSET(enc, 0, sizeof(Aes)); XMEMSET(dec, 0, sizeof(Aes)); @@ -15850,14 +15892,16 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_ctr_test(void) #endif /* DEBUG_VECTOR_REGISTER_ACCESS && WC_C_DYNAMIC_FALLBACK */ out: +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(enc, &enc); +#else wc_AesFree(enc); -#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) - XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); #endif #ifdef HAVE_AES_DECRYPT +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(dec, &dec); +#else wc_AesFree(dec); -#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) - XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES); #endif #endif return ret; @@ -16065,13 +16109,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_cbc_test(void) WOLFSSL_ENTER("aes_cbc_test"); #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - enc = wc_AesNew(HEAP_HINT, devId); + enc = wc_AesNew(HEAP_HINT, devId, &ret); if (enc == NULL) - ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #ifdef HAVE_AES_DECRYPT - dec = wc_AesNew(HEAP_HINT, devId); + dec = wc_AesNew(HEAP_HINT, devId, &ret); if (dec == NULL) - ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #endif #else XMEMSET(enc, 0, sizeof(Aes)); @@ -16424,14 +16468,16 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_cbc_test(void) out: +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(enc, &enc); +#else wc_AesFree(enc); -#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) - XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); #endif #ifdef HAVE_AES_DECRYPT +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(dec, &dec); +#else wc_AesFree(dec); -#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) - XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES); #endif #endif @@ -16467,13 +16513,13 @@ static wc_test_ret_t aes_ecb_direct_test(void) #endif #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - enc = wc_AesNew(HEAP_HINT, devId); + enc = wc_AesNew(HEAP_HINT, devId, &ret); if (enc == NULL) - ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #ifdef HAVE_AES_DECRYPT - dec = wc_AesNew(HEAP_HINT, devId); + dec = wc_AesNew(HEAP_HINT, devId, &ret); if (dec == NULL) - ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #endif #else ret = wc_AesInit(enc, HEAP_HINT, devId); @@ -16500,13 +16546,12 @@ static wc_test_ret_t aes_ecb_direct_test(void) out: +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(enc, &enc); + wc_AesDelete(dec, &dec); +#else wc_AesFree(enc); -#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) - XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); -#endif wc_AesFree(dec); -#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) - XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES); #endif return ret; @@ -16640,13 +16685,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes192_test(void) WOLFSSL_ENTER("aes192_test"); #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - enc = wc_AesNew(HEAP_HINT, devId); + enc = wc_AesNew(HEAP_HINT, devId, &ret); if (enc == NULL) - ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #ifdef HAVE_AES_DECRYPT - dec = wc_AesNew(HEAP_HINT, devId); + dec = wc_AesNew(HEAP_HINT, devId, &ret); if (dec == NULL) - ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #endif #else XMEMSET(enc, 0, sizeof(Aes)); @@ -16698,14 +16743,16 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes192_test(void) out: +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(enc, &enc); +#else wc_AesFree(enc); -#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) - XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); #endif #ifdef HAVE_AES_DECRYPT +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(dec, &dec); +#else wc_AesFree(dec); -#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) - XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES); #endif #endif #endif /* HAVE_AES_CBC */ @@ -16768,13 +16815,13 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void) WOLFSSL_ENTER("aes256_test"); #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - enc = wc_AesNew(HEAP_HINT, devId); + enc = wc_AesNew(HEAP_HINT, devId, &ret); if (enc == NULL) - ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #ifdef HAVE_AES_DECRYPT - dec = wc_AesNew(HEAP_HINT, devId); + dec = wc_AesNew(HEAP_HINT, devId, &ret); if (dec == NULL) - ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #endif #else XMEMSET(enc, 0, sizeof(Aes)); @@ -16903,14 +16950,16 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void) out: +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(enc, &enc); +#else wc_AesFree(enc); -#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) - XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); #endif #ifdef HAVE_AES_DECRYPT +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(dec, &dec); +#else wc_AesFree(dec); -#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) - XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES); #endif #endif #endif /* HAVE_AES_CBC */ @@ -16945,12 +16994,12 @@ static wc_test_ret_t aesgcm_default_test_helper(byte* key, int keySz, byte* iv, XMEMSET(resultP, 0, sizeof(resultP)); #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - enc = wc_AesNew(HEAP_HINT, devId); + enc = wc_AesNew(HEAP_HINT, devId, &ret); if (enc == NULL) - ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); - dec = wc_AesNew(HEAP_HINT, devId); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + dec = wc_AesNew(HEAP_HINT, devId, &ret); if (dec == NULL) - ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #else XMEMSET(enc, 0, sizeof(Aes)); XMEMSET(dec, 0, sizeof(Aes)); @@ -17038,13 +17087,12 @@ static wc_test_ret_t aesgcm_default_test_helper(byte* key, int keySz, byte* iv, out: +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(enc, &enc); + wc_AesDelete(dec, &dec); +#else wc_AesFree(enc); -#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) - XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); -#endif wc_AesFree(dec); -#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) - XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES); #endif return ret; @@ -17378,12 +17426,12 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void) XMEMSET(resultP, 0, sizeof(resultP)); #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - enc = wc_AesNew(HEAP_HINT, devId); + enc = wc_AesNew(HEAP_HINT, devId, &ret); if (enc == NULL) - ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); - dec = wc_AesNew(HEAP_HINT, devId); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + dec = wc_AesNew(HEAP_HINT, devId, &ret); if (dec == NULL) - ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #else ret = wc_AesInit(enc, HEAP_HINT, devId); if (ret != 0) @@ -17976,13 +18024,12 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void) XFREE(large_outdec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); #endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(enc, &enc); + wc_AesDelete(dec, &dec); +#else wc_AesFree(enc); -#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) - XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); -#endif wc_AesFree(dec); -#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) - XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES); #endif return ret; @@ -18161,9 +18208,9 @@ static wc_test_ret_t aesccm_256_test(void) byte atag[sizeof(exp_tag)]; #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - Aes* aes = wc_AesNew(HEAP_HINT, devId); + Aes* aes = wc_AesNew(HEAP_HINT, devId, &ret); if (aes == NULL) { - ret = WC_TEST_RET_ENC_EC(MEMORY_E); + ret = WC_TEST_RET_ENC_EC(ret); } #else Aes aes[1]; @@ -18201,9 +18248,10 @@ static wc_test_ret_t aesccm_256_test(void) } #endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(aes, &aes); +#else wc_AesFree(aes); -#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) - XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES); #endif return ret; @@ -18316,9 +18364,9 @@ static wc_test_ret_t aesccm_128_test(void) XMEMSET(p2, 0, sizeof(p2)); #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - enc = wc_AesNew(HEAP_HINT, devId); + enc = wc_AesNew(HEAP_HINT, devId, &ret); if (enc == NULL) - ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), out); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); #else XMEMSET(enc, 0, sizeof(Aes)); ret = wc_AesInit(enc, HEAP_HINT, devId); @@ -18368,19 +18416,9 @@ static wc_test_ret_t aesccm_128_test(void) XMEMSET(iv2, 0, sizeof(iv2)); wc_AesFree(enc); -#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) - XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); -#endif -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - enc = wc_AesNew(HEAP_HINT, devId); - if (enc == NULL) - ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), out); -#else - XMEMSET(enc, 0, sizeof(Aes)); ret = wc_AesInit(enc, HEAP_HINT, devId); if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); -#endif #ifndef HAVE_SELFTEST /* selftest build does not have wc_AesCcmSetNonce() or @@ -18503,9 +18541,10 @@ static wc_test_ret_t aesccm_128_test(void) out: +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(enc, &enc); +#else wc_AesFree(enc); -#if defined(WOLFSSL_SMALL_STACK) && defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) - XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); #endif return ret; @@ -23884,34 +23923,41 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void) #ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC if (in == NULL || out == NULL || plain == NULL) - ERROR_OUT(MEMORY_E, exit_rsa); + ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), exit_rsa); #endif XMEMCPY(in, inStr, inLen); #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - key = wc_NewRsaKey(HEAP_HINT, devId); + key = wc_NewRsaKey(HEAP_HINT, devId, &ret); if (key == NULL) - ERROR_OUT(MEMORY_E, exit_rsa); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN) - keypub = wc_NewRsaKey(HEAP_HINT, devId); + keypub = wc_NewRsaKey(HEAP_HINT, devId, &ret); if (keypub == NULL) - ERROR_OUT(MEMORY_E, exit_rsa); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); #endif #ifdef WOLFSSL_TEST_CERT if (cert == NULL) - ERROR_OUT(MEMORY_E, exit_rsa); + ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), exit_rsa); #endif -#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */ - /* initialize stack structures */ - XMEMSET(&rng, 0, sizeof(rng)); - /* memset also clears isAllocated bit, so free must be called manually */ - XMEMSET(key, 0, sizeof(RsaKey)); +#else /* ! (WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC) */ + + ret = wc_InitRsaKey_ex(key, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN) - XMEMSET(keypub, 0, sizeof(RsaKey)); + ret = wc_InitRsaKey_ex(keypub, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); #endif +#endif /* ! (WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC) */ + + /* initialize stack structures */ + XMEMSET(&rng, 0, sizeof(rng)); + #if !defined(NO_ASN) ret = rsa_decode_test(key); if (ret != 0) @@ -24181,7 +24227,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void) && !defined(WOLF_CRYPTO_CB_ONLY_RSA) ret = rsa_oaep_padding_test(key, &rng); if (ret != 0) - return ret; + goto exit_rsa; #endif /* !HAVE_FIPS */ #endif /* WC_NO_RSA_OAEP && !WC_NO_RNG */ @@ -24191,14 +24237,14 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void) && !defined(WOLFSSL_RSA_VERIFY_ONLY) ret = rsa_export_key_test(key); if (ret != 0) - return ret; + goto exit_rsa; #endif #if !defined(NO_ASN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \ !defined(WOLFSSL_RSA_VERIFY_ONLY) ret = rsa_flatten_test(key); if (ret != 0) - return ret; + goto exit_rsa; #endif #if !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_ASN) && \ @@ -24461,16 +24507,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void) exit_rsa: -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - if (key != NULL) { - wc_FreeRsaKey(key); - XFREE(key, HEAP_HINT, DYNAMIC_TYPE_RSA); - } + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_DeleteRsaKey(key, &key); #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN) - if (keypub != NULL) { - wc_FreeRsaKey(keypub); - XFREE(keypub, HEAP_HINT, DYNAMIC_TYPE_RSA); - } + wc_DeleteRsaKey(keypub, &keypub); #endif #ifdef WOLFSSL_TEST_CERT XFREE(cert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); @@ -36074,6 +36114,8 @@ static wc_test_ret_t ecc_ctx_kdf_salt_test(WC_RNG* rng, ecc_key* a, ecc_key* b) word32 plaintextLen; word32 encryptLen = MAX_ECIES_TEST_SZ; word32 decryptLen = MAX_ECIES_TEST_SZ; + int aInit = 0; + int bInit = 0; #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) plaintext = XMALLOC(MAX_ECIES_TEST_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); @@ -36085,12 +36127,22 @@ static wc_test_ret_t ecc_ctx_kdf_salt_test(WC_RNG* rng, ecc_key* a, ecc_key* b) wc_ecc_free(b); ret = wc_ecc_init(a); - if (ret != 0) + if (ret != 0) { ret = WC_TEST_RET_ENC_EC(ret); + } + else { + aInit = 1; + } + + if (ret == 0) { ret = wc_ecc_init(b); - if (ret != 0) + if (ret != 0) { ret = WC_TEST_RET_ENC_EC(ret); + } + else { + bInit = 1; + } } if (ret == 0) @@ -36152,8 +36204,13 @@ static wc_test_ret_t ecc_ctx_kdf_salt_test(WC_RNG* rng, ecc_key* a, ecc_key* b) if (ret == 0 && XMEMCMP(decrypted, plaintext, plaintextLen) != 0) ret = WC_TEST_RET_ENC_NC; - wc_ecc_free(a); - wc_ecc_free(b); + if (aInit) { + wc_ecc_free(a); + } + + if (bInit) { + wc_ecc_free(b); + } wc_ecc_ctx_free(aCtx); wc_ecc_ctx_free(bCtx); @@ -37442,57 +37499,59 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve25519_test(void) (void)x; WOLFSSL_ENTER("curve25519_test"); -#ifndef HAVE_FIPS - ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); -#else - ret = wc_InitRng(&rng); -#endif - if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); - #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - userA = wc_curve25519_new(HEAP_HINT, devId); - userB = wc_curve25519_new(HEAP_HINT, devId); - pubKey = wc_curve25519_new(HEAP_HINT, devId); - if (userA == NULL || userB == NULL || pubKey == NULL) { - ret = MEMORY_E; - return WC_TEST_RET_ENC_EC(ret); - } + userA = wc_curve25519_new(HEAP_HINT, devId, &ret); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); + userB = wc_curve25519_new(HEAP_HINT, devId, &ret); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); + pubKey = wc_curve25519_new(HEAP_HINT, devId, &ret); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); #else wc_curve25519_init_ex(userA, HEAP_HINT, devId); wc_curve25519_init_ex(userB, HEAP_HINT, devId); wc_curve25519_init_ex(pubKey, HEAP_HINT, devId); #endif +#ifndef HAVE_FIPS + ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); +#else + ret = wc_InitRng(&rng); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); + /* make curve25519 keys */ ret = wc_curve25519_make_key(&rng, 32, userA); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); ret = wc_curve25519_make_key(&rng, 32, userB); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); #ifdef HAVE_CURVE25519_SHARED_SECRET /* find shared secret key */ x = sizeof(sharedA); if ((ret = wc_curve25519_shared_secret(userA, userB, sharedA, &x)) != 0) { printf("wc_curve25519_shared_secret 1 failed\n"); - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); } y = sizeof(sharedB); if ((ret = wc_curve25519_shared_secret(userB, userA, sharedB, &y)) != 0) { printf("wc_curve25519_shared_secret 2 failed\n"); - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); } /* compare shared secret keys to test they are the same */ if (y != x) - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup); if (XMEMCMP(sharedA, sharedB, x)) - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup); #endif #ifdef HAVE_CURVE25519_KEY_EXPORT @@ -37500,12 +37559,12 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve25519_test(void) x = sizeof(exportBuf); ret = wc_curve25519_export_public(userA, exportBuf, &x); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); #ifdef HAVE_CURVE25519_KEY_IMPORT ret = wc_curve25519_import_public(exportBuf, x, pubKey); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); #endif #endif @@ -37515,104 +37574,104 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve25519_test(void) XMEMSET(sharedB, 0, sizeof(sharedB)); y = sizeof(sharedB); if (wc_curve25519_shared_secret(userB, pubKey, sharedB, &y) != 0) { - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup); } if (XMEMCMP(sharedA, sharedB, y)) - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup); /* import RFC test vectors and compare shared key */ ret = wc_curve25519_import_private_raw(sa, sizeof(sa), pa, sizeof(pa), userA); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); ret = wc_curve25519_import_private_raw(sb, sizeof(sb), pb, sizeof(pb), userB); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); /* test against known test vector */ XMEMSET(sharedB, 0, sizeof(sharedB)); y = sizeof(sharedB); ret = wc_curve25519_shared_secret(userA, userB, sharedB, &y); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); if (XMEMCMP(ss, sharedB, y)) - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup); /* test swapping roles of keys and generating same shared key */ XMEMSET(sharedB, 0, sizeof(sharedB)); y = sizeof(sharedB); ret = wc_curve25519_shared_secret(userB, userA, sharedB, &y); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); if (XMEMCMP(ss, sharedB, y)) - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup); /* test with 1 generated key and 1 from known test vector */ ret = wc_curve25519_import_private_raw(sa, sizeof(sa), pa, sizeof(pa), userA); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); wc_curve25519_free(userB); -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - userB = wc_curve25519_new(HEAP_HINT, devId); - if (userB == NULL) { - ret = MEMORY_E; - return WC_TEST_RET_ENC_EC(ret); - } -#else wc_curve25519_init_ex(userB, HEAP_HINT, devId); -#endif ret = wc_curve25519_make_key(&rng, 32, userB); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); x = sizeof(sharedA); ret = wc_curve25519_shared_secret(userA, userB, sharedA, &x); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); y = sizeof(sharedB); ret = wc_curve25519_shared_secret(userB, userA, sharedB, &y); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); /* compare shared secret keys to test they are the same */ if (y != x) - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup); if (XMEMCMP(sharedA, sharedB, x)) - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup); ret = curve25519_overflow_test(); if (ret != 0) - return ret; + goto cleanup; ret = curve25519_check_public_test(); if (ret != 0) - return ret; + goto cleanup; #endif /* HAVE_CURVE25519_SHARED_SECRET && HAVE_CURVE25519_KEY_IMPORT */ #if !defined(NO_ASN) && defined(HAVE_CURVE25519_KEY_EXPORT) && \ defined(HAVE_CURVE25519_KEY_IMPORT) ret = curve255519_der_test(); if (ret != 0) - return ret; + goto cleanup; #endif +cleanup: + /* clean up keys when done */ +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_curve25519_delete(pubKey, &pubKey); + wc_curve25519_delete(userB, &userB); + wc_curve25519_delete(userA, &userA); +#else wc_curve25519_free(pubKey); wc_curve25519_free(userB); wc_curve25519_free(userA); +#endif wc_FreeRng(&rng); - return 0; + return ret; } #endif /* HAVE_CURVE25519 */ @@ -38539,18 +38598,16 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void) return WC_TEST_RET_ENC_EC(ret); #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - key = wc_ed25519_new(HEAP_HINT, devId); - key2 = wc_ed25519_new(HEAP_HINT, devId); - if (key == NULL || key2 == NULL) { - ret = MEMORY_E; - return WC_TEST_RET_ENC_EC(ret); - } + key = wc_ed25519_new(HEAP_HINT, devId, &ret); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); + key2 = wc_ed25519_new(HEAP_HINT, devId, &ret); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); #if !defined(NO_ASN) && defined(HAVE_ED25519_SIGN) - key3 = wc_ed25519_new(HEAP_HINT, devId); - if (key3 == NULL) { - ret = MEMORY_E; - return WC_TEST_RET_ENC_EC(ret); - } + key3 = wc_ed25519_new(HEAP_HINT, devId, &ret); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); #endif #else wc_ed25519_init_ex(key, HEAP_HINT, devId); @@ -38577,70 +38634,70 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void) if (wc_ed25519_import_private_key(sKeys[i], ED25519_KEY_SIZE, pKeys[i], pKeySz[i], key) != 0) - return WC_TEST_RET_ENC_I(i); + ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup); if (wc_ed25519_sign_msg(msgs[i], msgSz[i], out, &outlen, key) != 0) - return WC_TEST_RET_ENC_I(i); + ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup); if (XMEMCMP(out, sigs[i], 64)) - return WC_TEST_RET_ENC_I(i); + ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup); #if defined(HAVE_ED25519_VERIFY) /* test verify on good msg */ if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify, key) != 0 || verify != 1) - return WC_TEST_RET_ENC_I(i); + ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup); #ifdef WOLFSSL_ED25519_STREAMING_VERIFY /* test verify on good msg using streaming interface directly */ if (wc_ed25519_verify_msg_init(out, outlen, key, (byte)Ed25519, NULL, 0) != 0) - return WC_TEST_RET_ENC_I(i); + ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup); for (j = 0; j < msgSz[i]; j += i) { if (wc_ed25519_verify_msg_update(msgs[i] + j, MIN(i, msgSz[i] - j), key) != 0) - return WC_TEST_RET_ENC_I(i); + ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup); } if (wc_ed25519_verify_msg_final(out, outlen, &verify, key) != 0 || verify != 1) - return WC_TEST_RET_ENC_I(i); + ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup); #endif /* WOLFSSL_ED25519_STREAMING_VERIFY */ /* test verify on bad msg */ out[outlen-1] = out[outlen-1] + 1; if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify, key) == 0 || verify == 1) - return WC_TEST_RET_ENC_I(i); + ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup); #endif /* HAVE_ED25519_VERIFY */ /* test api for import/exporting keys */ exportPSz = sizeof(exportPKey); exportSSz = sizeof(exportSKey); if (wc_ed25519_export_public(key, exportPKey, &exportPSz) != 0) - return WC_TEST_RET_ENC_I(i); + ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup); if (wc_ed25519_import_public_ex(exportPKey, exportPSz, key2, 1) != 0) - return WC_TEST_RET_ENC_I(i); + ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup); if (wc_ed25519_export_private_only(key, exportSKey, &exportSSz) != 0) - return WC_TEST_RET_ENC_I(i); + ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup); if (wc_ed25519_import_private_key(exportSKey, exportSSz, exportPKey, exportPSz, key2) != 0) - return WC_TEST_RET_ENC_I(i); + ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup); /* clear "out" buffer and test sign with imported keys */ outlen = sizeof(out); XMEMSET(out, 0, sizeof(out)); if (wc_ed25519_sign_msg(msgs[i], msgSz[i], out, &outlen, key2) != 0) - return WC_TEST_RET_ENC_I(i); + ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup); #if defined(HAVE_ED25519_VERIFY) if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify, key2) != 0 || verify != 1) - return WC_TEST_RET_ENC_I(i); + ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup); if (XMEMCMP(out, sigs[i], 64)) - return WC_TEST_RET_ENC_I(i); + ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup); #endif /* HAVE_ED25519_VERIFY */ } @@ -38694,36 +38751,36 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void) ret = wc_ed25519_import_private_key(sKeys[0], ED25519_KEY_SIZE, pKeys[0], pKeySz[0], key); if (ret != 0) - return ret; + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); ret = wc_ed25519_verify_msg(rareEd1, sizeof(rareEd1), msgs[0], msgSz[0], &verify, key); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) - return ret; + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); ret = wc_ed25519_verify_msg(rareEd2, sizeof(rareEd2), msgs[0], msgSz[0], &verify, key); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) - return ret; + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); ret = wc_ed25519_verify_msg(rareEd3, sizeof(rareEd3), msgs[0], msgSz[0], &verify, key); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) - return ret; + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); ret = wc_ed25519_verify_msg(rareEd4, sizeof(rareEd4), msgs[0], msgSz[0], &verify, key); if (ret != WC_NO_ERR_TRACE(SIG_VERIFY_E)) - return ret; + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); } ret = ed25519ctx_test(); if (ret != 0) - return ret; + goto cleanup; ret = ed25519ph_test(); if (ret != 0) - return ret; + goto cleanup; #ifndef NO_ASN /* Try ASN.1 encoded private-only key and public key. */ @@ -38731,75 +38788,92 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void) ret = wc_Ed25519PrivateKeyDecode(privateEd25519, &idx, key3, sizeof(privateEd25519)); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); idx = 0; if (wc_Ed25519PrivateKeyDecode(badPrivateEd25519, &idx, key3, sizeof(badPrivateEd25519)) == 0) - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup); ret = wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, key3); if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); /* try with a buffer size that is too large */ idx = 0; if (wc_Ed25519PublicKeyDecode(badPublicEd25519, &idx, key3, sizeof(badPublicEd25519)) == 0) - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup); idx = 0; ret = wc_Ed25519PublicKeyDecode(publicEd25519, &idx, key3, sizeof(publicEd25519)); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); ret = wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, key3); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); if (XMEMCMP(out, sigs[0], 64)) - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup); #if defined(HAVE_ED25519_VERIFY) /* test verify on good msg */ ret = wc_ed25519_verify_msg(out, outlen, msgs[0], msgSz[0], &verify, key3); if (ret != 0 || verify != 1) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); #endif /* HAVE_ED25519_VERIFY */ wc_ed25519_free(key3); -#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - key3 = wc_ed25519_new(HEAP_HINT, devId); - if (key3 == NULL) { - ret = MEMORY_E; - return WC_TEST_RET_ENC_EC(ret); - } -#else wc_ed25519_init_ex(key3, HEAP_HINT, devId); -#endif idx = 0; ret = wc_Ed25519PrivateKeyDecode(privPubEd25519, &idx, key3, sizeof(privPubEd25519)); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); ret = wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, key3); if (ret != 0) - return WC_TEST_RET_ENC_EC(ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); if (XMEMCMP(out, sigs[0], 64)) - return WC_TEST_RET_ENC_NC; + ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_ed25519_delete(key3, &key3); +#else wc_ed25519_free(key3); +#endif #endif /* NO_ASN */ #endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */ + ret = ed25519_test_check_key(); + if (ret < 0) + goto cleanup; +#ifdef WOLFSSL_TEST_CERT + ret = ed25519_test_cert(); + if (ret < 0) + goto cleanup; +#if defined(WOLFSSL_CERT_GEN) && defined(HAVE_ED25519_MAKE_KEY) + ret = ed25519_test_make_cert(); + if (ret < 0) + goto cleanup; +#endif /* WOLFSSL_CERT_GEN */ +#endif /* WOLFSSL_TEST_CERT */ + +cleanup: + /* clean up keys when done */ +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_ed25519_delete(key, &key); + wc_ed25519_delete(key2, &key2); +#else wc_ed25519_free(key); wc_ed25519_free(key2); +#endif #if defined(HAVE_HASHDRBG) || defined(NO_RC4) wc_FreeRng(&rng); @@ -38809,21 +38883,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void) (void)keySz; (void)sigSz; - ret = ed25519_test_check_key(); - if (ret < 0) - return ret; -#ifdef WOLFSSL_TEST_CERT - ret = ed25519_test_cert(); - if (ret < 0) - return ret; -#if defined(WOLFSSL_CERT_GEN) && defined(HAVE_ED25519_MAKE_KEY) - ret = ed25519_test_make_cert(); - if (ret < 0) - return ret; -#endif /* WOLFSSL_CERT_GEN */ -#endif /* WOLFSSL_TEST_CERT */ - - return 0; + return ret; } #endif /* HAVE_ED25519 */ diff --git a/wolfssl-VS2022.vcxproj b/wolfssl-VS2022.vcxproj index f2ce04d7b2..a52f42e6df 100644 --- a/wolfssl-VS2022.vcxproj +++ b/wolfssl-VS2022.vcxproj @@ -574,4 +574,4 @@ - \ No newline at end of file + diff --git a/wolfssl/internal.h b/wolfssl/internal.h index ff9c1230d1..1a6c97d8fb 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -7114,6 +7114,12 @@ WOLFSSL_LOCAL int wolfssl_asn1_obj_set(WOLFSSL_ASN1_OBJECT* obj, const byte* der, word32 len, int addHdr); #endif +WOLFSSL_LOCAL int pkcs8_encode(WOLFSSL_EVP_PKEY* pkey, byte* key, + word32* keySz); +WOLFSSL_LOCAL int pkcs8_encrypt(WOLFSSL_EVP_PKEY* pkey, + const WOLFSSL_EVP_CIPHER* enc, char* passwd, int passwdSz, byte* key, + word32* keySz); + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/wolfssl/openssl/bn.h b/wolfssl/openssl/bn.h index 6c0373630a..a3afd61ff4 100644 --- a/wolfssl/openssl/bn.h +++ b/wolfssl/openssl/bn.h @@ -150,6 +150,7 @@ WOLFSSL_API int wolfSSL_BN_lshift(WOLFSSL_BIGNUM* r, const WOLFSSL_BIGNUM* bn, int n); WOLFSSL_API int wolfSSL_BN_add_word(WOLFSSL_BIGNUM* bn, WOLFSSL_BN_ULONG w); WOLFSSL_API int wolfSSL_BN_sub_word(WOLFSSL_BIGNUM* bn, WOLFSSL_BN_ULONG w); +WOLFSSL_API int wolfSSL_BN_mul_word(WOLFSSL_BIGNUM *bn, WOLFSSL_BN_ULONG w); WOLFSSL_API int wolfSSL_BN_set_bit(WOLFSSL_BIGNUM* bn, int n); WOLFSSL_API int wolfSSL_BN_clear_bit(WOLFSSL_BIGNUM* bn, int n); WOLFSSL_API int wolfSSL_BN_set_word(WOLFSSL_BIGNUM* bn, WOLFSSL_BN_ULONG w); @@ -254,6 +255,7 @@ typedef WOLFSSL_BN_GENCB BN_GENCB; #define BN_lshift wolfSSL_BN_lshift #define BN_add_word wolfSSL_BN_add_word +#define BN_mul_word wolfSSL_BN_mul_word #define BN_sub_word wolfSSL_BN_sub_word #define BN_add wolfSSL_BN_add #define BN_mod_add wolfSSL_BN_mod_add diff --git a/wolfssl/openssl/dh.h b/wolfssl/openssl/dh.h index ae0f02683a..7ea0f6223c 100644 --- a/wolfssl/openssl/dh.h +++ b/wolfssl/openssl/dh.h @@ -26,6 +26,7 @@ #define WOLFSSL_DH_H_ #include +#include #include #ifdef __cplusplus @@ -102,6 +103,8 @@ typedef WOLFSSL_DH DH; #define DH_set0_key wolfSSL_DH_set0_key #define DH_bits(x) (BN_num_bits((x)->p)) +#define OPENSSL_DH_MAX_MODULUS_BITS DH_MAX_SIZE + #define DH_GENERATOR_2 2 #define DH_CHECK_P_NOT_PRIME 0x01 #define DH_CHECK_P_NOT_SAFE_PRIME 0x02 diff --git a/wolfssl/openssl/dsa.h b/wolfssl/openssl/dsa.h index 76a1252e1f..6acb59e00c 100644 --- a/wolfssl/openssl/dsa.h +++ b/wolfssl/openssl/dsa.h @@ -26,6 +26,7 @@ #define WOLFSSL_DSA_H_ #include +#include #ifdef __cplusplus extern "C" { @@ -119,6 +120,8 @@ WOLFSSL_API WOLFSSL_DSA* wolfSSL_d2i_DSAparams( typedef WOLFSSL_DSA DSA; +#define OPENSSL_DSA_MAX_MODULUS_BITS 3072 + #define WOLFSSL_DSA_LOAD_PRIVATE 1 #define WOLFSSL_DSA_LOAD_PUBLIC 2 diff --git a/wolfssl/openssl/ec.h b/wolfssl/openssl/ec.h index c7b0cfffa9..bd81894e8d 100644 --- a/wolfssl/openssl/ec.h +++ b/wolfssl/openssl/ec.h @@ -25,6 +25,7 @@ #define WOLFSSL_EC_H_ #include +#include #include #include #include @@ -431,6 +432,7 @@ typedef WOLFSSL_EC_KEY_METHOD EC_KEY_METHOD; #define EC_KEY_set_conv_form wolfSSL_EC_KEY_set_conv_form #define EC_KEY_get_conv_form wolfSSL_EC_KEY_get_conv_form #define d2i_ECPKParameters wolfSSL_d2i_ECPKParameters +#define i2d_ECPKParameters wolfSSL_i2d_ECPKParameters #define EC_POINT_point2hex wolfSSL_EC_POINT_point2hex #define EC_POINT_hex2point wolfSSL_EC_POINT_hex2point diff --git a/wolfssl/openssl/pem.h b/wolfssl/openssl/pem.h index 0cfaedd0d3..8ecc02c6b1 100644 --- a/wolfssl/openssl/pem.h +++ b/wolfssl/openssl/pem.h @@ -69,6 +69,8 @@ WOLFSSL_EC_GROUP *wolfSSL_d2i_ECPKParameters(WOLFSSL_EC_GROUP **out, const unsigned char **in, long len); WOLFSSL_API +int wolfSSL_i2d_ECPKParameters(const WOLFSSL_EC_GROUP* grp, unsigned char** pp); +WOLFSSL_API int wolfSSL_PEM_write_mem_RSAPrivateKey(WOLFSSL_RSA* rsa, const WOLFSSL_EVP_CIPHER* cipher, unsigned char* passwd, int len, @@ -179,6 +181,11 @@ WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY** key, wc_pem_password_cb* cb, void* pass); +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +WOLFSSL_API +PKCS8_PRIV_KEY_INFO* wolfSSL_PEM_read_bio_PKCS8_PRIV_KEY_INFO(WOLFSSL_BIO* bio, + PKCS8_PRIV_KEY_INFO** key, wc_pem_password_cb* cb, void* arg); +#endif WOLFSSL_API WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_bio_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY **key, @@ -279,6 +286,9 @@ int wolfSSL_PEM_write_DHparams(XFILE fp, WOLFSSL_DH* dh); #define PEM_read_bio_PUBKEY wolfSSL_PEM_read_bio_PUBKEY #define PEM_write_bio_PUBKEY wolfSSL_PEM_write_bio_PUBKEY +#define PEM_write_bio_PKCS8_PRIV_KEY_INFO wolfSSL_PEM_write_bio_PKCS8_PRIV_KEY_INFO +#define PEM_read_bio_PKCS8_PRIV_KEY_INFO wolfSSL_PEM_read_bio_PKCS8_PRIV_KEY_INFO + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/wolfssl/openssl/rsa.h b/wolfssl/openssl/rsa.h index a248b23074..9311283976 100644 --- a/wolfssl/openssl/rsa.h +++ b/wolfssl/openssl/rsa.h @@ -27,6 +27,7 @@ #include #include +#include #include #include @@ -190,6 +191,8 @@ WOLFSSL_API int wolfSSL_RSA_set_ex_data_with_cleanup( #endif #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +#define OPENSSL_RSA_MAX_MODULUS_BITS RSA_MAX_SIZE + #define WOLFSSL_RSA_LOAD_PRIVATE 1 #define WOLFSSL_RSA_LOAD_PUBLIC 2 #define WOLFSSL_RSA_F4 0x10001L diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index ef65f60ea9..a08a96db0f 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -207,7 +207,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define SSL_use_certificate_ASN1 wolfSSL_use_certificate_ASN1 #define d2i_PKCS8_PRIV_KEY_INFO_bio wolfSSL_d2i_PKCS8_PKEY_bio #define d2i_PKCS8_PRIV_KEY_INFO wolfSSL_d2i_PKCS8_PKEY -#define i2d_PKCS8_PRIV_KEY_INFO wolfSSL_i2d_PrivateKey +#define i2d_PKCS8_PRIV_KEY_INFO wolfSSL_i2d_PKCS8_PKEY #define d2i_PKCS8PrivateKey_bio wolfSSL_d2i_PKCS8PrivateKey_bio #define i2d_PKCS8PrivateKey_bio wolfSSL_PEM_write_bio_PKCS8PrivateKey #define PKCS8_PRIV_KEY_INFO_free wolfSSL_EVP_PKEY_free @@ -1009,7 +1009,9 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define RSA_print_fp wolfSSL_RSA_print_fp #define RSA_bits wolfSSL_RSA_bits #define RSA_up_ref wolfSSL_RSA_up_ref +#define RSA_padding_add_PKCS1_PSS_mgf1 wolfSSL_RSA_padding_add_PKCS1_PSS_mgf1 #define RSA_padding_add_PKCS1_PSS wolfSSL_RSA_padding_add_PKCS1_PSS +#define RSA_verify_PKCS1_PSS_mgf1 wolfSSL_RSA_verify_PKCS1_PSS_mgf1 #define RSA_verify_PKCS1_PSS wolfSSL_RSA_verify_PKCS1_PSS #define PEM_def_callback wolfSSL_PEM_def_callback diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index ec6c08fb6f..13abb0bb30 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1269,11 +1269,18 @@ WOLFSSL_API int wolfSSL_SetServerID(WOLFSSL* ssl, const unsigned char* id, int WOLFSSL_API int wolfSSL_BIO_new_bio_pair(WOLFSSL_BIO** bio1_p, size_t writebuf1, WOLFSSL_BIO** bio2_p, size_t writebuf2); +WOLFSSL_API int wolfSSL_RSA_padding_add_PKCS1_PSS_mgf1(WOLFSSL_RSA *rsa, + unsigned char *em, const unsigned char *mHash, + const WOLFSSL_EVP_MD *hashAlg, const WOLFSSL_EVP_MD *mgf1Hash, + int saltLen); WOLFSSL_API int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *EM, const unsigned char *mHash, const WOLFSSL_EVP_MD *hashAlg, int saltLen); +WOLFSSL_API int wolfSSL_RSA_verify_PKCS1_PSS_mgf1(WOLFSSL_RSA *rsa, + const unsigned char *mHash, const WOLFSSL_EVP_MD *hashAlg, + const WOLFSSL_EVP_MD *mgf1Hash, const unsigned char *em, int saltLen); WOLFSSL_API int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash, const WOLFSSL_EVP_MD *hashAlg, const unsigned char *EM, int saltLen); @@ -2088,6 +2095,8 @@ WOLFSSL_API WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY_bio( WOLFSSL_BIO* bio, WOLFSSL_PKCS8_PRIV_KEY_INFO** pkey); WOLFSSL_API WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY( WOLFSSL_PKCS8_PRIV_KEY_INFO** pkey, const unsigned char** keyBuf, long keyLen); +WOLFSSL_API int wolfSSL_i2d_PKCS8_PKEY(WOLFSSL_PKCS8_PRIV_KEY_INFO* key, + unsigned char** pp); WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY_bio(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY** out); WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** key, @@ -5382,6 +5391,8 @@ WOLFSSL_API int wolfSSL_X509_get_signature_nid(const WOLFSSL_X509* x); WOLFSSL_API int wolfSSL_PEM_write_bio_PKCS8PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* pkey, const WOLFSSL_EVP_CIPHER* enc, char* passwd, int passwdSz, wc_pem_password_cb* cb, void* ctx); +WOLFSSL_API int wolfSSL_PEM_write_bio_PKCS8_PRIV_KEY_INFO(WOLFSSL_BIO* bio, + PKCS8_PRIV_KEY_INFO* keyInfo); #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) WOLFSSL_API int wolfSSL_PEM_write_PKCS8PrivateKey( XFILE fp, WOLFSSL_EVP_PKEY* pkey, const WOLFSSL_EVP_CIPHER* enc, diff --git a/wolfssl/wolfcrypt/aes.h b/wolfssl/wolfcrypt/aes.h index c01482c341..eaa0c47150 100644 --- a/wolfssl/wolfcrypt/aes.h +++ b/wolfssl/wolfcrypt/aes.h @@ -327,7 +327,7 @@ struct Aes { int alFd; /* server socket to bind to */ int rdFd; /* socket to read from */ struct msghdr msg; - int dir; /* flag for encrpyt or decrypt */ + int dir; /* flag for encrypt or decrypt */ #ifdef WOLFSSL_AFALG_XILINX_AES word32 msgBuf[CMSG_SPACE(4) + CMSG_SPACE(sizeof(struct af_alg_iv) + GCM_NONCE_MID_SZ)]; @@ -382,6 +382,7 @@ struct Aes { ALIGN16 byte streamData[5 * AES_BLOCK_SIZE]; #else byte* streamData; + word32 streamData_sz; #endif word32 aSz; word32 cSz; @@ -392,7 +393,6 @@ struct Aes { WC_BITFIELD nonceSet:1; WC_BITFIELD ctrSet:1; #endif - WC_BITFIELD isAllocated:1; /* flag indicates if structure was allocated */ #ifdef WC_DEBUG_CIPHER_LIFECYCLE void *CipherLifecycleTag; /* used for dummy allocation and initialization, * trackable by sanitizers. @@ -726,8 +726,11 @@ WOLFSSL_API int wc_AesInit_Id(Aes* aes, unsigned char* id, int len, void* heap, WOLFSSL_API int wc_AesInit_Label(Aes* aes, const char* label, void* heap, int devId); #endif -WOLFSSL_API Aes* wc_AesNew(void* heap, int devId); WOLFSSL_API void wc_AesFree(Aes* aes); +#ifndef WC_NO_CONSTRUCTORS +WOLFSSL_API Aes* wc_AesNew(void* heap, int devId, int *result_code); +WOLFSSL_API int wc_AesDelete(Aes* aes, Aes** aes_p); +#endif #ifdef WOLFSSL_AES_SIV typedef struct AesSivAssoc { diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 6df41eb29d..11803d6b60 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -951,13 +951,14 @@ enum Misc_ASN { #else KEYID_SIZE = WC_SHA_DIGEST_SIZE, #endif -#if !defined(WOLFSSL_RSA_PUBLIC_ONLY) && (defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || !defined(RSA_LOW_MEM)) - RSA_INTS = 8, /* RSA ints in private key */ -#elif !defined(WOLFSSL_RSA_PUBLIC_ONLY) - RSA_INTS = 5, /* RSA ints in private key */ -#else - RSA_INTS = 2, /* RSA ints in private key */ + RSA_INTS = 2 /* RSA ints in private key */ +#ifndef WOLFSSL_RSA_PUBLIC_ONLY + + 3 +#if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || !defined(RSA_LOW_MEM) + + 3 +#endif #endif + , DSA_PARAM_INTS = 3, /* DSA parameter ints */ RSA_PUB_INTS = 2, /* RSA ints in public key */ DSA_PUB_INTS = 4, /* DSA ints in public key */ @@ -2382,9 +2383,11 @@ WOLFSSL_LOCAL int GetNameHash(const byte* source, word32* idx, byte* hash, WOLFSSL_LOCAL int GetNameHash_ex(const byte* source, word32* idx, byte* hash, int maxIdx, word32 sigOID); WOLFSSL_LOCAL int wc_CheckPrivateKeyCert(const byte* key, word32 keySz, - DecodedCert* der, int checkAlt); + DecodedCert* der, int checkAlt, + void* heap); WOLFSSL_LOCAL int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz, - const byte* pubKey, word32 pubKeySz, enum Key_Sum ks); + const byte* pubKey, word32 pubKeySz, + enum Key_Sum ks, void* heap); WOLFSSL_LOCAL int StoreDHparams(byte* out, word32* outLen, mp_int* p, mp_int* g); #ifdef WOLFSSL_DH_EXTRA WOLFSSL_API int wc_DhPublicKeyDecode(const byte* input, word32* inOutIdx, diff --git a/wolfssl/wolfcrypt/curve25519.h b/wolfssl/wolfcrypt/curve25519.h index feb74aa99e..4d18c5678e 100644 --- a/wolfssl/wolfcrypt/curve25519.h +++ b/wolfssl/wolfcrypt/curve25519.h @@ -99,7 +99,6 @@ struct curve25519_key { /* bit fields */ WC_BITFIELD pubSet:1; WC_BITFIELD privSet:1; - WC_BITFIELD isAllocated:1; /* flag indicates if structure was allocated */ }; enum { @@ -132,8 +131,6 @@ int wc_curve25519_shared_secret_ex(curve25519_key* private_key, curve25519_key* public_key, byte* out, word32* outlen, int endian); -WOLFSSL_API -curve25519_key* wc_curve25519_new(void* heap, int devId); WOLFSSL_API int wc_curve25519_init(curve25519_key* key); WOLFSSL_API @@ -142,6 +139,13 @@ int wc_curve25519_init_ex(curve25519_key* key, void* heap, int devId); WOLFSSL_API void wc_curve25519_free(curve25519_key* key); +#ifndef WC_NO_CONSTRUCTORS +WOLFSSL_API +curve25519_key* wc_curve25519_new(void* heap, int devId, int *result_code); +WOLFSSL_API +int wc_curve25519_delete(curve25519_key* key, curve25519_key** key_p); +#endif +WOLFSSL_API /* raw key helpers */ WOLFSSL_API diff --git a/wolfssl/wolfcrypt/ed25519.h b/wolfssl/wolfcrypt/ed25519.h index 1de20133a9..8c660b2189 100644 --- a/wolfssl/wolfcrypt/ed25519.h +++ b/wolfssl/wolfcrypt/ed25519.h @@ -97,8 +97,6 @@ struct ed25519_key { WC_BITFIELD privKeySet:1; WC_BITFIELD pubKeySet:1; WC_BITFIELD sha_clean_flag:1; /* only used if WOLFSSL_ED25519_PERSISTENT_SHA */ - /* flag indicates if structure was allocated */ - WC_BITFIELD isAllocated:1; #ifdef WOLFSSL_ASYNC_CRYPT WC_ASYNC_DEV asyncDev; #endif @@ -177,14 +175,20 @@ int wc_ed25519_verify_msg_final(const byte* sig, word32 sigLen, int* res, #endif /* WOLFSSL_ED25519_STREAMING_VERIFY */ #endif /* HAVE_ED25519_VERIFY */ -WOLFSSL_API -ed25519_key* wc_ed25519_new(void* heap, int devId); WOLFSSL_API int wc_ed25519_init(ed25519_key* key); WOLFSSL_API int wc_ed25519_init_ex(ed25519_key* key, void* heap, int devId); WOLFSSL_API void wc_ed25519_free(ed25519_key* key); +#ifndef WC_NO_CONSTRUCTORS +WOLFSSL_API +ed25519_key* wc_ed25519_new(void* heap, int devId, int *result_code); +WOLFSSL_API +int wc_ed25519_delete(ed25519_key* key, ed25519_key** key_p); +#endif +WOLFSSL_API + #ifdef HAVE_ED25519_KEY_IMPORT WOLFSSL_API int wc_ed25519_import_public(const byte* in, word32 inLen, ed25519_key* key); diff --git a/wolfssl/wolfcrypt/hash.h b/wolfssl/wolfcrypt/hash.h index 2abfafd180..edbc949bcb 100644 --- a/wolfssl/wolfcrypt/hash.h +++ b/wolfssl/wolfcrypt/hash.h @@ -125,7 +125,9 @@ typedef union { typedef struct { wc_Hashes alg; enum wc_HashType type; /* sanity check */ - WC_BITFIELD isAllocated:1; /* flag indicates if structure was allocated */ +#ifndef WC_NO_CONSTRUCTORS + void *heap; +#endif } wc_HashAlg; #endif /* !NO_HASH_WRAPPER */ @@ -182,8 +184,6 @@ WOLFSSL_API int wc_Hash_ex(enum wc_HashType hash_type, byte* hash, word32 hash_len, void* heap, int devId); /* generic hash operation wrappers */ -WOLFSSL_API wc_HashAlg* wc_HashNew(enum wc_HashType type, void* heap, - int devId); WOLFSSL_API int wc_HashInit_ex(wc_HashAlg* hash, enum wc_HashType type, void* heap, int devId); WOLFSSL_API int wc_HashInit(wc_HashAlg* hash, enum wc_HashType type); @@ -192,6 +192,11 @@ WOLFSSL_API int wc_HashUpdate(wc_HashAlg* hash, enum wc_HashType type, WOLFSSL_API int wc_HashFinal(wc_HashAlg* hash, enum wc_HashType type, byte* out); WOLFSSL_API int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type); +#ifndef WC_NO_CONSTRUCTORS +WOLFSSL_API wc_HashAlg* wc_HashNew(enum wc_HashType type, void* heap, + int devId, int *result_code); +WOLFSSL_API int wc_HashDelete(wc_HashAlg *hash, wc_HashAlg **hash_p); +#endif #ifdef WOLFSSL_HASH_FLAGS WOLFSSL_API int wc_HashSetFlags(wc_HashAlg* hash, enum wc_HashType type, diff --git a/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h b/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h index 3d6c4e1de1..99d2ca20ab 100644 --- a/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h +++ b/wolfssl/wolfcrypt/port/Espressif/esp32-crypt.h @@ -1009,9 +1009,9 @@ WOLFSSL_LOCAL int esp_sha_stack_check(WC_ESP32SHA* sha); /* * Errata Mitigation. See - * https://www.espressif.com/sites/default/files/documentation/esp32_errata_en.pdf - * https://www.espressif.com/sites/default/files/documentation/esp32-c3_errata_en.pdf - * https://www.espressif.com/sites/default/files/documentation/esp32-s3_errata_en.pdf + * esp32_errata_en.pdf + * esp32-c3_errata_en.pdf + * esp32-s3_errata_en.pdf */ #define ESP_MP_HW_LOCK_MAX_DELAY ( TickType_t ) 0xffUL diff --git a/wolfssl/wolfcrypt/port/Espressif/esp_crt_bundle.h b/wolfssl/wolfcrypt/port/Espressif/esp_crt_bundle.h index 2bacf2f754..afeb3526b7 100644 --- a/wolfssl/wolfcrypt/port/Espressif/esp_crt_bundle.h +++ b/wolfssl/wolfcrypt/port/Espressif/esp_crt_bundle.h @@ -32,8 +32,7 @@ * configured to be utilized by the Espressif ESP-IDF, specifically the * esp-tls layer. * - * See: - * https://docs.espressif.com/projects/esp-idf/en/stable/esp32/api-reference/protocols/esp_tls.html + * See: esp-idf api-reference for esp_tls. * https://github.com/espressif/esp-idf/blob/master/components/esp-tls/esp_tls.h * ******************************************************************************* diff --git a/wolfssl/wolfcrypt/rsa.h b/wolfssl/wolfcrypt/rsa.h index 8bb0f5fe49..3f39d5b4df 100644 --- a/wolfssl/wolfcrypt/rsa.h +++ b/wolfssl/wolfcrypt/rsa.h @@ -269,7 +269,6 @@ struct RsaKey { #if defined(WOLFSSL_RENESAS_FSPSM) FSPSM_RSA_CTX ctx; #endif - WC_BITFIELD isAllocated:1; /* flag indicates if structure was allocated */ }; #ifndef WC_RSAKEY_TYPE_DEFINED @@ -293,10 +292,14 @@ struct RsaPadding { typedef struct RsaPadding RsaPadding; #endif -WOLFSSL_API RsaKey* wc_NewRsaKey(void* heap, int devId); WOLFSSL_API int wc_InitRsaKey(RsaKey* key, void* heap); WOLFSSL_API int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId); WOLFSSL_API int wc_FreeRsaKey(RsaKey* key); +#ifndef WC_NO_CONSTRUCTORS +WOLFSSL_API RsaKey* wc_NewRsaKey(void* heap, int devId, int *result_code); +WOLFSSL_API int wc_DeleteRsaKey(RsaKey* key, RsaKey** key_p); +#endif + #ifdef WOLF_PRIVATE_KEY_ID WOLFSSL_API int wc_InitRsaKey_Id(RsaKey* key, unsigned char* id, int len, void* heap, int devId); diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index ef9d8500a8..88aac92005 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -540,7 +540,7 @@ * used in the esp-wolfssl or other places in the ESP-IDF. They should * be always be included for backward compatibility. * - * See also: https://docs.espressif.com/projects/esp-idf/en/stable/esp32/api-reference/kconfig.html + * See also: Espressif api-reference kconfig docs. * * These settings should be checked and assigned wolfssl equivalents before * any others. diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index e10f5f8b45..1b437c1000 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -522,6 +522,12 @@ typedef struct w64wrapper { #elif defined(NO_WOLFSSL_MEMORY) #ifdef WOLFSSL_NO_MALLOC /* this platform does not support heap use */ + #ifdef WOLFSSL_SMALL_STACK + #error WOLFSSL_SMALL_STACK requires a heap implementation. + #endif + #ifndef WC_NO_CONSTRUCTORS + #define WC_NO_CONSTRUCTORS + #endif #ifdef WOLFSSL_MALLOC_CHECK #ifndef NO_STDIO_FILESYSTEM #include @@ -606,6 +612,10 @@ typedef struct w64wrapper { #endif /* WOLFSSL_STATIC_MEMORY */ #endif + #if defined(WOLFSSL_SMALL_STACK) && defined(WC_NO_CONSTRUCTORS) + #error WOLFSSL_SMALL_STACK requires constructors. + #endif + #include /* declare/free variable handling for async and smallstack */ diff --git a/wrapper/CSharp/wolfSSL_CSharp/wolfCrypt.cs b/wrapper/CSharp/wolfSSL_CSharp/wolfCrypt.cs index 2e5f30e938..223beafacc 100644 --- a/wrapper/CSharp/wolfSSL_CSharp/wolfCrypt.cs +++ b/wrapper/CSharp/wolfSSL_CSharp/wolfCrypt.cs @@ -119,7 +119,9 @@ public class wolfcrypt * RSA */ [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] - private static extern IntPtr wc_NewRsaKey(IntPtr heap, int devId); + private static extern IntPtr wc_NewRsaKey(IntPtr heap, int devId, IntPtr result_code); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private static extern int wc_DeleteRsaKey(IntPtr key, IntPtr key_p); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static int wc_InitRsaKey(IntPtr key, IntPtr heap); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] @@ -153,7 +155,9 @@ public class wolfcrypt * ED25519 */ [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] - private static extern IntPtr wc_ed25519_new(IntPtr heap, int devId); + private static extern IntPtr wc_ed25519_new(IntPtr heap, int devId, IntPtr result_code); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private static extern int wc_ed25519_delete(IntPtr key, IntPtr key_p); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private static extern int wc_ed25519_init(IntPtr key); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] @@ -194,7 +198,9 @@ public class wolfcrypt * Curve25519 */ [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] - private static extern IntPtr wc_curve25519_new(IntPtr heap, int devId); + private static extern IntPtr wc_curve25519_new(IntPtr heap, int devId, IntPtr result_code); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private static extern int wc_curve25519_delete(IntPtr key, IntPtr key_p); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static int wc_curve25519_init(IntPtr key); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] @@ -235,7 +241,9 @@ public class wolfcrypt * AES-GCM */ [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] - private extern static IntPtr wc_AesNew(IntPtr heap, int devId); + private extern static IntPtr wc_AesNew(IntPtr heap, int devId, IntPtr result_code); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_AesDelete(IntPtr aes, IntPtr aes_p); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static int wc_AesFree(IntPtr aes); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] @@ -254,7 +262,9 @@ public class wolfcrypt * HASH */ [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] - private extern static IntPtr wc_HashNew(uint hashType, IntPtr heap, int devId); + private extern static IntPtr wc_HashNew(uint hashType, IntPtr heap, int devId, IntPtr result_code); + [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] + private extern static int wc_HashDelete(IntPtr hash, IntPtr hash_p); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] private extern static int wc_HashInit(IntPtr hash, uint hashType); [DllImport(wolfssl_dll, CallingConvention = CallingConvention.Cdecl)] @@ -373,7 +383,7 @@ public static int Cleanup() /// Pointer to allocated WC_RNG or null public static IntPtr RandomNew() { - IntPtr rng; + IntPtr rng; try { @@ -386,7 +396,7 @@ public static IntPtr RandomNew() { log(ERROR_LOG, "random new exception " + e.ToString()); rng = IntPtr.Zero; - } + } return rng; } @@ -551,7 +561,7 @@ public static int EccSetRng(IntPtr key, IntPtr rng) public static IntPtr EccImportKey(byte[] keyASN1) { int ret; - IntPtr key = IntPtr.Zero; + IntPtr key = IntPtr.Zero; try { @@ -577,7 +587,7 @@ public static IntPtr EccImportKey(byte[] keyASN1) log(ERROR_LOG, "ECC import key exception " + e.ToString()); EccFreeKey(key); /* make sure its free'd */ key = IntPtr.Zero; - } + } return key; } @@ -713,7 +723,7 @@ public static int EccExportPrivateKeyToDer(IntPtr key, out byte[] derKey) { log(ERROR_LOG, "ECC export private exception " + e.ToString()); ret = EXCEPTION_E; - } + } return ret; } @@ -747,7 +757,7 @@ public static int EccExportPublicKeyToDer(IntPtr key, out byte[] derKey, bool in { log(ERROR_LOG, "ECC export public exception " + e.ToString()); ret = EXCEPTION_E; - } + } return ret; } @@ -1317,12 +1327,12 @@ public static IntPtr RsaMakeKey(IntPtr heap, int devId, int keysize, Int32 expon { int ret; IntPtr key = IntPtr.Zero; - IntPtr rng = IntPtr.Zero; + IntPtr rng = IntPtr.Zero; try { /* Allocate and init new RSA key structure */ - key = wc_NewRsaKey(heap, devId); + key = wc_NewRsaKey(heap, devId, IntPtr.Zero); if (key != IntPtr.Zero) { rng = RandomNew(); @@ -1348,7 +1358,7 @@ public static IntPtr RsaMakeKey(IntPtr heap, int devId, int keysize, Int32 expon if (rng != IntPtr.Zero) RandomFree(rng); if (key != IntPtr.Zero) RsaFreeKey(key); key = IntPtr.Zero; - } + } return key; } @@ -1366,11 +1376,11 @@ public static IntPtr RsaMakeKey(IntPtr heap, int devId, int keysize) public static IntPtr RsaImportKey(byte[] keyASN1) { int ret; - IntPtr key = IntPtr.Zero; + IntPtr key = IntPtr.Zero; try { - key = wc_NewRsaKey(IntPtr.Zero, INVALID_DEVID); + key = wc_NewRsaKey(IntPtr.Zero, INVALID_DEVID, IntPtr.Zero); if (key != IntPtr.Zero) { IntPtr idx = Marshal.AllocHGlobal(sizeof(uint)); @@ -1392,7 +1402,7 @@ public static IntPtr RsaImportKey(byte[] keyASN1) log(ERROR_LOG, "RSA make key exception " + e.ToString()); RsaFreeKey(key); /* make sure its free'd */ key = IntPtr.Zero; - } + } return key; } @@ -1548,7 +1558,8 @@ public static void RsaFreeKey(IntPtr key) { if (key != IntPtr.Zero) { - wc_FreeRsaKey(key); + wc_DeleteRsaKey(key, IntPtr.Zero); + key = IntPtr.Zero; } } /* END RSA */ @@ -1578,7 +1589,7 @@ public static IntPtr Ed25519MakeKey(IntPtr heap, int devId) throw new Exception("Failed to create RNG."); } - key = wc_ed25519_new(heap, devId); + key = wc_ed25519_new(heap, devId, IntPtr.Zero); if (key != IntPtr.Zero) { ret = wc_ed25519_make_key(rng, 32, key); @@ -1595,7 +1606,7 @@ public static IntPtr Ed25519MakeKey(IntPtr heap, int devId) if (rng != IntPtr.Zero) RandomFree(rng); if (ret != 0) { - wc_ed25519_free(key); + wc_ed25519_delete(key, IntPtr.Zero); key = IntPtr.Zero; } } @@ -1611,7 +1622,7 @@ public static IntPtr Ed25519MakeKey(IntPtr heap, int devId) /// Private key used for signing /// 0 on success, otherwise an error code public static int Ed25519SignMsg(byte[] inMsg, out byte[] outMsg, IntPtr key) - { + { int ret; IntPtr inMsgPtr = Marshal.AllocHGlobal(inMsg.Length); IntPtr outMsgPtr = Marshal.AllocHGlobal(ED25519_SIG_SIZE); @@ -1633,7 +1644,7 @@ public static int Ed25519SignMsg(byte[] inMsg, out byte[] outMsg, IntPtr key) /* Clenup */ if (inMsgPtr != IntPtr.Zero) Marshal.FreeHGlobal(inMsgPtr); if (outMsgPtr != IntPtr.Zero) Marshal.FreeHGlobal(outMsgPtr); - } + } return ret; } @@ -1682,7 +1693,7 @@ public static int Ed25519VerifyMsg(byte[] sig, byte[] msg, IntPtr key) /* Cleanup */ if (sigPtr != IntPtr.Zero) Marshal.FreeHGlobal(sigPtr); if (msgPtr != IntPtr.Zero) Marshal.FreeHGlobal(msgPtr); - } + } return ret; } @@ -1700,7 +1711,7 @@ public static IntPtr Ed25519PrivateKeyDecode(byte[] input) try { - key = wc_ed25519_new(IntPtr.Zero, INVALID_DEVID); + key = wc_ed25519_new(IntPtr.Zero, INVALID_DEVID, IntPtr.Zero); if (key != IntPtr.Zero) { ret = wc_Ed25519PrivateKeyDecode(input, ref idx, key, (uint)input.Length); @@ -1734,7 +1745,7 @@ public static IntPtr Ed25519PublicKeyDecode(byte[] input) try { - key = wc_ed25519_new(IntPtr.Zero, INVALID_DEVID); + key = wc_ed25519_new(IntPtr.Zero, INVALID_DEVID, IntPtr.Zero); if (key != IntPtr.Zero) { ret = wc_Ed25519PublicKeyDecode(input, ref idx, key, (uint)input.Length); @@ -1878,7 +1889,8 @@ public static int Ed25519ExportPublicKeyToDer(IntPtr key, out byte[] pubKey, boo /// Key to be freed public static void Ed25519FreeKey(IntPtr key) { - wc_ed25519_free(key); + wc_ed25519_delete(key, IntPtr.Zero); + key = IntPtr.Zero; } /* END ED25519 */ @@ -2104,7 +2116,7 @@ public static IntPtr Curve25519MakeKey(IntPtr heap, int devId) throw new Exception("Failed to create RNG."); } - key = wc_curve25519_new(heap, devId); + key = wc_curve25519_new(heap, devId, IntPtr.Zero); if (key != IntPtr.Zero) { ret = wc_curve25519_make_key(rng, 32, key); @@ -2121,7 +2133,7 @@ public static IntPtr Curve25519MakeKey(IntPtr heap, int devId) if (rng != IntPtr.Zero) RandomFree(rng); if (ret != 0) { - wc_curve25519_free(key); + wc_curve25519_delete(key, IntPtr.Zero); key = IntPtr.Zero; } } @@ -2142,7 +2154,7 @@ public static IntPtr Curve25519PrivateKeyDecode(byte[] input) try { - key = wc_ed25519_new(IntPtr.Zero, INVALID_DEVID); + key = wc_ed25519_new(IntPtr.Zero, INVALID_DEVID, IntPtr.Zero); if (key != IntPtr.Zero) { ret = wc_Ed25519PrivateKeyDecode(input, ref idx, key, (uint)input.Length); @@ -2176,7 +2188,7 @@ public static IntPtr Curve25519PublicKeyDecode(byte[] input) try { - key = wc_curve25519_new(IntPtr.Zero, INVALID_DEVID); + key = wc_curve25519_new(IntPtr.Zero, INVALID_DEVID, IntPtr.Zero); if (key != IntPtr.Zero) { ret = wc_Curve25519PublicKeyDecode(input, ref idx, key, (uint)input.Length); @@ -2280,7 +2292,8 @@ public static int Curve25519ExportPublicKeyToDer(IntPtr key, out byte[] derKey, /// Key to be freed public static void Curve25519FreeKey(IntPtr key) { - wc_curve25519_free(key); + wc_curve25519_delete(key, IntPtr.Zero); + key = IntPtr.Zero; } /* END Curve25519 */ @@ -2313,7 +2326,7 @@ public static int Curve25519SharedSecret(IntPtr privateKey, IntPtr publicKey, by { log(ERROR_LOG, "Curve25519 shared secret exception " + e.ToString()); ret = EXCEPTION_E; - } + } return ret; } @@ -2325,7 +2338,7 @@ public static int Curve25519SharedSecret(IntPtr privateKey, IntPtr publicKey, by /// Allocated Curve25519 key structure or null public static IntPtr Curve25519ImportPrivateKey(byte[] privateKey) { - IntPtr key = IntPtr.Zero; + IntPtr key = IntPtr.Zero; try { @@ -2343,7 +2356,7 @@ public static IntPtr Curve25519ImportPrivateKey(byte[] privateKey) log(ERROR_LOG, "Curve25519 import private key exception " + e.ToString()); if (key != IntPtr.Zero) Marshal.FreeHGlobal(key); key = IntPtr.Zero; - } + } return key; } @@ -2355,7 +2368,7 @@ public static IntPtr Curve25519ImportPrivateKey(byte[] privateKey) /// Allocated Curve25519 key structure or null public static IntPtr Curve25519ImportPublicKey(byte[] publicKey) { - IntPtr key = IntPtr.Zero; + IntPtr key = IntPtr.Zero; try { @@ -2373,7 +2386,7 @@ public static IntPtr Curve25519ImportPublicKey(byte[] publicKey) log(ERROR_LOG, "Curve25519 import public key exception " + e.ToString()); if (key != IntPtr.Zero) Marshal.FreeHGlobal(key); key = IntPtr.Zero; - } + } return key; } @@ -2449,7 +2462,7 @@ public static IntPtr AesNew(IntPtr heap, int devId) try { - aesPtr = wc_AesNew(heap, devId); + aesPtr = wc_AesNew(heap, devId, IntPtr.Zero); if (aesPtr == IntPtr.Zero) { @@ -2460,7 +2473,7 @@ public static IntPtr AesNew(IntPtr heap, int devId) catch (Exception e) { Console.WriteLine($"AES context creation failed: {e.Message}"); - } + } return aesPtr; } @@ -2529,7 +2542,7 @@ public static int AesGcmInit(IntPtr aes, byte[] key, byte[] iv) /* Cleanup */ if (keyPtr != IntPtr.Zero) Marshal.FreeHGlobal(keyPtr); if (ivPtr != IntPtr.Zero) Marshal.FreeHGlobal(ivPtr); - } + } return ret; } @@ -2596,7 +2609,7 @@ public static int AesGcmEncrypt(IntPtr aes, byte[] iv, byte[] plaintext, if (plaintextPtr != IntPtr.Zero) Marshal.FreeHGlobal(plaintextPtr); if (authTagPtr != IntPtr.Zero) Marshal.FreeHGlobal(authTagPtr); if (addAuthPtr != IntPtr.Zero) Marshal.FreeHGlobal(addAuthPtr); - } + } return ret; } @@ -2663,7 +2676,7 @@ public static int AesGcmDecrypt(IntPtr aes, byte[] iv, byte[] ciphertext, if (plaintextPtr != IntPtr.Zero) Marshal.FreeHGlobal(plaintextPtr); if (authTagPtr != IntPtr.Zero) Marshal.FreeHGlobal(authTagPtr); if (addAuthPtr != IntPtr.Zero) Marshal.FreeHGlobal(addAuthPtr); - } + } return ret; } @@ -2676,7 +2689,8 @@ public static void AesGcmFree(IntPtr aes) { if (aes != IntPtr.Zero) { - wc_AesFree(aes); + wc_AesDelete(aes, IntPtr.Zero); + aes = IntPtr.Zero; } } /* END AES-GCM */ @@ -2700,7 +2714,7 @@ public static IntPtr HashNew(uint hashType, IntPtr heap, int devId) try { /* Allocate new hash */ - hash = wc_HashNew(hashType, heap, devId); + hash = wc_HashNew(hashType, heap, devId, IntPtr.Zero); if (hash == IntPtr.Zero) { throw new Exception("Failed to allocate new hash context."); @@ -2709,7 +2723,7 @@ public static IntPtr HashNew(uint hashType, IntPtr heap, int devId) catch (Exception e) { log(ERROR_LOG, "HashNew Exception: " + e.ToString()); - } + } return hash; } @@ -2740,8 +2754,11 @@ public static int InitHash(IntPtr hash, uint hashType) { /* Cleanup */ log(ERROR_LOG, "InitHash Exception: " + e.ToString()); - if (hash != IntPtr.Zero) wc_HashFree(hash, hashType); - } + if (hash != IntPtr.Zero) { + wc_HashDelete(hash, IntPtr.Zero); + hash = IntPtr.Zero; + } + } return ret; } @@ -2856,7 +2873,8 @@ public static int HashFree(IntPtr hash, uint hashType) throw new Exception("Hash context is null, cannot free."); /* Free hash */ - ret = wc_HashFree(hash, hashType); + ret = wc_HashDelete(hash, IntPtr.Zero); + hash = IntPtr.Zero; if (ret != 0) { throw new Exception($"Failed to free hash context. Error code: {ret}"); @@ -2865,7 +2883,7 @@ public static int HashFree(IntPtr hash, uint hashType) catch (Exception e) { log(ERROR_LOG, "HashFree Exception: " + e.ToString()); - } + } return ret; }