Skip to content

Commit 5c21e40

Browse files
dgarskedgarske
authored
Merge pull request #5899 from SparkiDev/regression_fixes_5
Fixes from regression testing.
2 parents 07dcd52 + 45e3c72 commit 5c21e40

4 files changed

Lines changed: 83 additions & 27 deletions

File tree

configure.ac

Lines changed: 11 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3911,7 +3911,7 @@ then
39113911
fi
39123912

39133913
# No Big Int (ASN, DSA, RSA, DH and ECC need bigint)
3914-
if test "$ENABLED_ASN" = "no" && test "$ENABLED_DSA" = no && \
3914+
if test "$ENABLED_ASN" = "no" && test "$ENABLED_DSA" = "no" && \
39153915
test "$ENABLED_DH" = "no" && test "$ENABLED_ECC" = "no" && \
39163916
test "$ENABLED_RSA" = "no"
39173917
then
@@ -6731,6 +6731,7 @@ do
67316731
esac
67326732
done
67336733

6734+
ENABLED_SP_LINE="$ENABLE_SP"
67346735
ENABLED_SP=no
67356736
if test "$ENABLED_RSA" = "yes" && test "$ENABLED_SP_RSA" = "yes"; then
67366737
ENABLED_SP=yes
@@ -6800,7 +6801,15 @@ fi
68006801

68016802
if test "$ENABLED_SP_MATH" = "yes"; then
68026803
if test "$ENABLED_SP" = "no"; then
6803-
AC_MSG_ERROR([Must have SP enabled with SP math: --enable-sp])
6804+
if test "$ENABLED_RSA" != "no"; then
6805+
AC_MSG_ERROR([Must have SP enabled with SP math for RSA: --enable-sp])
6806+
fi
6807+
if test "$ENABLED_DH" != "no"; then
6808+
AC_MSG_ERROR([Must have SP enabled with SP math for DH: --enable-sp])
6809+
fi
6810+
if test "$ENABLED_ECC" != "no"; then
6811+
AC_MSG_ERROR([Must have SP enabled with SP math for ECC: --enable-sp])
6812+
fi
68046813
fi
68056814
if test "$ENABLED_ECCCUSTCURVES" != "no"; then
68066815
AC_MSG_ERROR([Cannot use single precision math and custom curves])

wolfcrypt/src/sp_int.c

Lines changed: 38 additions & 24 deletions
Original file line numberDiff line numberDiff line change
@@ -4706,7 +4706,8 @@ void sp_free(sp_int* a)
47064706
}
47074707
}
47084708

4709-
#if !defined(WOLFSSL_RSA_VERIFY_ONLY) || !defined(NO_DH) || defined(HAVE_ECC)
4709+
#if (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
4710+
!defined(NO_DH) || defined(HAVE_ECC)
47104711
/* Grow multi-precision number to be able to hold l digits.
47114712
* This function does nothing as the number of digits is fixed.
47124713
*
@@ -4739,9 +4740,10 @@ int sp_grow(sp_int* a, int l)
47394740

47404741
return err;
47414742
}
4742-
#endif /* !WOLFSSL_RSA_VERIFY_ONLY || !NO_DH || HAVE_ECC */
4743+
#endif /* (!NO_RSA && !WOLFSSL_RSA_VERIFY_ONLY) || !NO_DH || HAVE_ECC */
47434744

4744-
#if !defined(WOLFSSL_RSA_VERIFY_ONLY) || defined(HAVE_ECC)
4745+
#if (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
4746+
defined(HAVE_ECC)
47454747
/* Set the multi-precision number to zero.
47464748
*
47474749
* @param [out] a SP integer to set to zero.
@@ -4753,7 +4755,7 @@ void sp_zero(sp_int* a)
47534755
_sp_zero(a);
47544756
}
47554757
}
4756-
#endif /* !WOLFSSL_RSA_VERIFY_ONLY */
4758+
#endif /* (!NO_RSA && !WOLFSSL_RSA_VERIFY_ONLY) || HAVE_ECC */
47574759

47584760
/* Clear the data from the multi-precision number, set to zero and free.
47594761
*
@@ -5166,8 +5168,8 @@ int sp_cmp(const sp_int* a, const sp_int* b)
51665168
* Bit check/set functions
51675169
*************************/
51685170

5169-
#if !defined(WOLFSSL_RSA_VERIFY_ONLY) || (defined(WOLFSSL_SP_MATH_ALL) && \
5170-
defined(HAVE_ECC))
5171+
#if (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
5172+
(defined(WOLFSSL_SP_MATH_ALL) && defined(HAVE_ECC))
51715173
/* Check if a bit is set
51725174
*
51735175
* When a is NULL, result is 0.
@@ -5195,7 +5197,8 @@ int sp_is_bit_set(const sp_int* a, unsigned int b)
51955197

51965198
return ret;
51975199
}
5198-
#endif /* WOLFSSL_RSA_VERIFY_ONLY */
5200+
#endif /* (!NO_RSA && !WOLFSSL_RSA_VERIFY_ONLY) ||
5201+
* (WOLFSSL_SP_MATH_ALL && HAVE_ECC) */
51995202

52005203
/* Count the number of bits in the multi-precision number.
52015204
*
@@ -5424,6 +5427,8 @@ int sp_2expt(sp_int* a, int e)
54245427
* Digit/Long functions
54255428
**********************/
54265429

5430+
#if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_RSA) || !defined(NO_DH) || \
5431+
defined(HAVE_ECC)
54275432
/* Set the multi-precision number to be the value of the digit.
54285433
*
54295434
* @param [out] a SP integer to become number.
@@ -5454,6 +5459,7 @@ int sp_set(sp_int* a, sp_int_digit d)
54545459

54555460
return err;
54565461
}
5462+
#endif
54575463

54585464
#if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_RSA) || defined(OPENSSL_EXTRA)
54595465
/* Set a number into the multi-precision number.
@@ -5507,8 +5513,9 @@ int sp_set_int(sp_int* a, unsigned long n)
55075513
}
55085514
#endif /* WOLFSSL_SP_MATH_ALL || !NO_RSA */
55095515

5510-
#if !defined(WOLFSSL_RSA_VERIFY_ONLY) || \
5511-
(defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_DH))
5516+
#if defined(WOLFSSL_SP_MATH_ALL) || \
5517+
(!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
5518+
!defined(NO_DH) || defined(HAVE_ECC)
55125519
/* Compare a one digit number with a multi-precision number.
55135520
*
55145521
* When a is NULL, MP_LT is returned.
@@ -7559,8 +7566,8 @@ int sp_submod_ct(const sp_int* a, const sp_int* b, const sp_int* m, sp_int* r)
75597566
* Shifting functoins
75607567
********************/
75617568

7562-
#if !defined(NO_DH) || defined(HAVE_ECC) || (defined(WC_RSA_BLINDING) && \
7563-
!defined(WOLFSSL_RSA_VERIFY_ONLY))
7569+
#if !defined(NO_DH) || defined(HAVE_ECC) || (!defined(NO_RSA) && \
7570+
defined(WC_RSA_BLINDING) && !defined(WOLFSSL_RSA_VERIFY_ONLY))
75647571
/* Left shift the multi-precision number by a number of digits.
75657572
*
75667573
* @param [in,out] a SP integer to shift.
@@ -8265,6 +8272,9 @@ int sp_mod(const sp_int* a, const sp_int* m, sp_int* r)
82658272
#endif /* WOLFSSL_SP_MATH_ALL || !NO_DH || HAVE_ECC || \
82668273
* (!NO_RSA && !WOLFSSL_RSA_VERIFY_ONLY) */
82678274

8275+
#if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \
8276+
defined(HAVE_ECC) || !defined(NO_RSA)
8277+
82688278
/* START SP_MUL implementations. */
82698279
/* This code is generated.
82708280
* To generate:
@@ -11266,6 +11276,8 @@ int sp_mul(const sp_int* a, const sp_int* b, sp_int* r)
1126611276
}
1126711277
/* END SP_MUL implementations. */
1126811278

11279+
#endif
11280+
1126911281
#if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \
1127011282
defined(WOLFCRYPT_HAVE_ECCSI) || \
1127111283
(!defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)) || defined(OPENSSL_ALL)
@@ -16014,8 +16026,9 @@ int sp_sqr(const sp_int* a, sp_int* r)
1601416026
#endif /* WOLFSSL_SP_MATH_ALL || WOLFSSL_HAVE_SP_DH || HAVE_ECC ||
1601516027
* (!NO_RSA && !WOLFSSL_RSA_VERIFY_ONLY) */
1601616028

16017-
#if (!defined(WOLFSSL_RSA_VERIFY_ONLY) && \
16018-
!defined(WOLFSSL_RSA_PUBLIC_ONLY)) || !defined(NO_DH)
16029+
#if defined(WOLFSSL_SP_MATH_ALL) || \
16030+
(!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \
16031+
!defined(WOLFSSL_RSA_PUBLIC_ONLY)) || !defined(NO_DH) || defined(HAVE_ECC)
1601916032
/* Square a mod m and store in r: r = (a * a) mod m
1602016033
*
1602116034
* @param [in] a SP integer to square.
@@ -16739,20 +16752,21 @@ int sp_read_unsigned_bin(sp_int* a, const byte* in, word32 inSz)
1673916752
#else
1674016753
/* Construct digit from required number of bytes. */
1674116754
for (i = inSz-1; i >= SP_WORD_SIZEOF - 1; i -= SP_WORD_SIZEOF) {
16742-
a->dp[j] = ((sp_int_digit)in[i - 0] << 0);
16755+
a->dp[j] = ((sp_int_digit)in[i - 0] << 0)
1674316756
#if SP_WORD_SIZE >= 16
16744-
a->dp[j] |= ((sp_int_digit)in[i - 1] << 8);
16757+
| ((sp_int_digit)in[i - 1] << 8)
1674516758
#endif
1674616759
#if SP_WORD_SIZE >= 32
16747-
a->dp[j] |= ((sp_int_digit)in[i - 2] << 16) |
16748-
((sp_int_digit)in[i - 3] << 24);
16760+
| ((sp_int_digit)in[i - 2] << 16) |
16761+
((sp_int_digit)in[i - 3] << 24)
1674916762
#endif
1675016763
#if SP_WORD_SIZE >= 64
16751-
a->dp[j] |= ((sp_int_digit)in[i - 4] << 32) |
16764+
| ((sp_int_digit)in[i - 4] << 32) |
1675216765
((sp_int_digit)in[i - 5] << 40) |
1675316766
((sp_int_digit)in[i - 6] << 48) |
16754-
((sp_int_digit)in[i - 7] << 56);
16767+
((sp_int_digit)in[i - 7] << 56)
1675516768
#endif
16769+
;
1675616770
j++;
1675716771
}
1675816772
#endif
@@ -17536,11 +17550,6 @@ int sp_rand_prime(sp_int* r, int len, WC_RNG* rng, void* heap)
1753617550
#else
1753717551
((byte*)(r->dp + r->used - 1))[0] |= 0x80 | 0x40;
1753817552
#endif /* LITTLE_ENDIAN_ORDER */
17539-
/* Set mandatory low bits
17540-
* - bottom bit to make odd.
17541-
* - For BBS, second lowest too to make Blum integer (3 mod 4).
17542-
*/
17543-
r->dp[0] |= low_bits;
1754417553

1754517554
#ifdef BIG_ENDIAN_ORDER
1754617555
/* Bytes were put into wrong place when less than full digit. */
@@ -17554,6 +17563,11 @@ int sp_rand_prime(sp_int* r, int len, WC_RNG* rng, void* heap)
1755417563
r->dp[r->used - 1] &= ((sp_int_digit)1 << bits) - 1;
1755517564
}
1755617565
#endif /* WOLFSSL_SP_MATH_ALL */
17566+
/* Set mandatory low bits
17567+
* - bottom bit to make odd.
17568+
* - For BBS, second lowest too to make Blum integer (3 mod 4).
17569+
*/
17570+
r->dp[0] |= low_bits;
1755717571

1755817572
/* Running Miller-Rabin up to 3 times gives us a 2^{-80} chance
1755917573
* of a 1024-bit candidate being a false positive, when it is our

wolfssl/certs_test.h

Lines changed: 33 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8320,6 +8320,39 @@ static const unsigned char dh_g[] =
83208320
0x02,
83218321
};
83228322

8323+
/* dh2048 p */
8324+
static const unsigned char dh2048_p[] =
8325+
{
8326+
0xB0, 0xA1, 0x08, 0x06, 0x9C, 0x08, 0x13, 0xBA, 0x59, 0x06, 0x3C, 0xBC,
8327+
0x30, 0xD5, 0xF5, 0x00, 0xC1, 0x4F, 0x44, 0xA7, 0xD6, 0xEF, 0x4A, 0xC6,
8328+
0x25, 0x27, 0x1C, 0xE8, 0xD2, 0x96, 0x53, 0x0A, 0x5C, 0x91, 0xDD, 0xA2,
8329+
0xC2, 0x94, 0x84, 0xBF, 0x7D, 0xB2, 0x44, 0x9F, 0x9B, 0xD2, 0xC1, 0x8A,
8330+
0xC5, 0xBE, 0x72, 0x5C, 0xA7, 0xE7, 0x91, 0xE6, 0xD4, 0x9F, 0x73, 0x07,
8331+
0x85, 0x5B, 0x66, 0x48, 0xC7, 0x70, 0xFA, 0xB4, 0xEE, 0x02, 0xC9, 0x3D,
8332+
0x9A, 0x4A, 0xDA, 0x3D, 0xC1, 0x46, 0x3E, 0x19, 0x69, 0xD1, 0x17, 0x46,
8333+
0x07, 0xA3, 0x4D, 0x9F, 0x2B, 0x96, 0x17, 0x39, 0x6D, 0x30, 0x8D, 0x2A,
8334+
0xF3, 0x94, 0xD3, 0x75, 0xCF, 0xA0, 0x75, 0xE6, 0xF2, 0x92, 0x1F, 0x1A,
8335+
0x70, 0x05, 0xAA, 0x04, 0x83, 0x57, 0x30, 0xFB, 0xDA, 0x76, 0x93, 0x38,
8336+
0x50, 0xE8, 0x27, 0xFD, 0x63, 0xEE, 0x3C, 0xE5, 0xB7, 0xC8, 0x09, 0xAE,
8337+
0x6F, 0x50, 0x35, 0x8E, 0x84, 0xCE, 0x4A, 0x00, 0xE9, 0x12, 0x7E, 0x5A,
8338+
0x31, 0xD7, 0x33, 0xFC, 0x21, 0x13, 0x76, 0xCC, 0x16, 0x30, 0xDB, 0x0C,
8339+
0xFC, 0xC5, 0x62, 0xA7, 0x35, 0xB8, 0xEF, 0xB7, 0xB0, 0xAC, 0xC0, 0x36,
8340+
0xF6, 0xD9, 0xC9, 0x46, 0x48, 0xF9, 0x40, 0x90, 0x00, 0x2B, 0x1B, 0xAA,
8341+
0x6C, 0xE3, 0x1A, 0xC3, 0x0B, 0x03, 0x9E, 0x1B, 0xC2, 0x46, 0xE4, 0x48,
8342+
0x4E, 0x22, 0x73, 0x6F, 0xC3, 0x5F, 0xD4, 0x9A, 0xD6, 0x30, 0x07, 0x48,
8343+
0xD6, 0x8C, 0x90, 0xAB, 0xD4, 0xF6, 0xF1, 0xE3, 0x48, 0xD3, 0x58, 0x4B,
8344+
0xA6, 0xB9, 0xCD, 0x29, 0xBF, 0x68, 0x1F, 0x08, 0x4B, 0x63, 0x86, 0x2F,
8345+
0x5C, 0x6B, 0xD6, 0xB6, 0x06, 0x65, 0xF7, 0xA6, 0xDC, 0x00, 0x67, 0x6B,
8346+
0xBB, 0xC3, 0xA9, 0x41, 0x83, 0xFB, 0xC7, 0xFA, 0xC8, 0xE2, 0x1E, 0x7E,
8347+
0xAF, 0x00, 0x3F, 0x93
8348+
};
8349+
8350+
/* dh2048 g */
8351+
static const unsigned char dh2048_g[] =
8352+
{
8353+
0x02,
8354+
};
8355+
83238356
#if defined(HAVE_ED25519)
83248357

83258358
/* ./certs/ed25519/server-ed25519.der, ED25519 */

wolfssl/wolfcrypt/sp_int.h

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -398,7 +398,7 @@ typedef struct sp_ecc_ctx {
398398
#define SP_INT_BITS 521
399399
#elif !defined(NO_PWDBASED) && defined(HAVE_PKCS12)
400400
/* wc_PKCS12_PBKDF_ex() */
401-
#define SP_INT_BITS WC_MAX_DIGEST_SIZE * 8
401+
#define SP_INT_BITS (64 * 8)
402402
#else
403403
#define SP_INT_BITS 128
404404
#endif

0 commit comments

Comments
 (0)