diff --git a/.github/membrowse-targets.json b/.github/membrowse-targets.json new file mode 100644 index 00000000000..43e088ad7e7 --- /dev/null +++ b/.github/membrowse-targets.json @@ -0,0 +1,42 @@ +[ + { + "target_name": "gcc-arm-cortex-m4", + "port": "gcc-arm", + "board": "cortex-m4", + "setup_cmd": "sudo apt-get update && sudo apt-get install -y gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib", + "build_cmd": "test -f IDE/GCC-ARM/Header/user_settings.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat IDE/GCC-ARM/Header/user_settings.h; printf '#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen CFLAGS_EXTRA='-Wno-cpp -DWOLFCRYPT_ONLY -DWOLFSSL_NO_SOCK' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'", + "elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf", + "ld": "IDE/GCC-ARM/linker.ld", + "linker_vars": "" + }, + { + "target_name": "gcc-arm-cortex-m4-min-ecc", + "port": "gcc-arm", + "board": "cortex-m4-min-ecc", + "setup_cmd": "sudo apt-get update && sudo apt-get install -y gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib", + "build_cmd": "test -f examples/configs/user_settings_min_ecc.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_min_ecc.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define USE_WOLF_ARM_STARTUP\\n#define WOLFSSL_USER_CURRTIME\\n#define WOLFSSL_GMTIME\\n#define USER_TICKS\\nextern unsigned long my_time(unsigned long* timer);\\n#define XTIME my_time\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK -DWOLFCRYPT_ONLY' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'", + "elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf", + "ld": "IDE/GCC-ARM/linker.ld", + "linker_vars": "" + }, + { + "target_name": "gcc-arm-cortex-m4-tls12", + "port": "gcc-arm", + "board": "cortex-m4-tls12", + "setup_cmd": "sudo apt-get update && sudo apt-get install -y gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib", + "build_cmd": "test -f examples/configs/user_settings_tls12.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_tls12.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define USE_CERT_BUFFERS_2048\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define USE_WOLF_ARM_STARTUP\\n#define WOLFSSL_USER_CURRTIME\\n#define WOLFSSL_GMTIME\\n#define USER_TICKS\\nextern unsigned long my_time(unsigned long* timer);\\n#define XTIME my_time\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'", + "elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf", + "ld": "IDE/GCC-ARM/linker.ld", + "linker_vars": "" + }, + { + "target_name": "gcc-arm-cortex-m4-baremetal", + "port": "gcc-arm", + "board": "cortex-m4-baremetal", + "setup_cmd": "sudo apt-get update && sudo apt-get install -y gcc-arm-none-eabi libnewlib-arm-none-eabi libstdc++-arm-none-eabi-newlib", + "build_cmd": "test -f examples/configs/user_settings_baremetal.h && mkdir -p IDE/GCC-ARM/Header-gen && { cat examples/configs/user_settings_baremetal.h; printf '#define WOLFSSL_GENERAL_ALIGNMENT 4\\n#define SINGLE_THREADED\\n#define WOLFSSL_SMALL_STACK\\n#define NO_FILESYSTEM\\n#define NO_WRITEV\\n#define NO_MAIN_DRIVER\\n#define NO_DEV_RANDOM\\n#define BENCH_EMBEDDED\\n#define USE_CERT_BUFFERS_256\\n#define USE_CERT_BUFFERS_2048\\n#define WOLFSSL_IGNORE_FILE_WARN\\n#define USE_WOLF_ARM_STARTUP\\n#define WOLFSSL_USER_CURRTIME\\n#define WOLFSSL_GMTIME\\n#define USER_TICKS\\nextern unsigned long my_time(unsigned long* timer);\\n#define XTIME my_time\\n#define CUSTOM_RAND_TYPE unsigned int\\nextern unsigned int my_rng_seed_gen(void);\\n#undef CUSTOM_RAND_GENERATE\\n#define CUSTOM_RAND_GENERATE my_rng_seed_gen\\n#define HAVE_HASHDRBG\\n#define NO_CRYPT_TEST\\n#define NO_CRYPT_BENCHMARK\\n'; } > IDE/GCC-ARM/Header-gen/user_settings.h && cd IDE/GCC-ARM && make -f Makefile.test TOOLCHAIN=arm-none-eabi- FIPS=0 USER_SETTINGS_DIR=./Header-gen CFLAGS_EXTRA='-Wno-cpp -DWOLFSSL_NO_SOCK -DWOLFCRYPT_ONLY' LDFLAGS='-mcpu=cortex-m4 -mthumb -mabi=aapcs --specs=nosys.specs --specs=nano.specs -Wl,-Map=./Build/WolfCryptTest.map -Wl,-ereset_handler -flto -Wl,--defsym=__stack_process_end__=0x20010000'", + "elf": "IDE/GCC-ARM/Build/WolfCryptTest.elf", + "ld": "IDE/GCC-ARM/linker.ld", + "linker_vars": "" + } +] diff --git a/.github/workflows/membrowse-comment.yml b/.github/workflows/membrowse-comment.yml new file mode 100644 index 00000000000..5d885d7c757 --- /dev/null +++ b/.github/workflows/membrowse-comment.yml @@ -0,0 +1,31 @@ +name: Membrowse Comment + +on: + workflow_run: + workflows: [Membrowse Memory Report] + types: + - completed + +jobs: + post-comment: + runs-on: ubuntu-24.04 + # Run the comment job even if some of the builds fail + if: > + github.event.workflow_run.event == 'pull_request' && + github.event.workflow_run.conclusion != 'cancelled' + permissions: + contents: read + pull-requests: write + steps: + - name: Checkout repository + uses: actions/checkout@v5 + + - name: Post Membrowse PR comment + if: ${{ env.MEMBROWSE_API_KEY != '' }} + uses: membrowse/membrowse-action/comment-action@v1 + with: + api_key: ${{ secrets.MEMBROWSE_API_KEY }} + commit: ${{ github.event.workflow_run.head_sha }} + env: + MEMBROWSE_API_KEY: ${{ secrets.MEMBROWSE_API_KEY }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/membrowse-onboard.yml b/.github/workflows/membrowse-onboard.yml new file mode 100644 index 00000000000..2a16e5d08be --- /dev/null +++ b/.github/workflows/membrowse-onboard.yml @@ -0,0 +1,54 @@ +name: Onboard to Membrowse + +on: + workflow_dispatch: + inputs: + num_commits: + description: 'Number of commits to process' + required: true + default: '100' + type: string + +jobs: + load-targets: + runs-on: ubuntu-24.04 + outputs: + matrix: ${{ steps.set-matrix.outputs.matrix }} + steps: + - name: Checkout repository + uses: actions/checkout@v5 + + - name: Load target matrix + id: set-matrix + run: echo "matrix=$(jq -c '.' .github/membrowse-targets.json)" >> $GITHUB_OUTPUT + + onboard: + needs: load-targets + runs-on: ubuntu-24.04 + strategy: + fail-fast: false + matrix: + include: ${{ fromJson(needs.load-targets.outputs.matrix) }} + + steps: + - name: Checkout repository + uses: actions/checkout@v5 + with: + fetch-depth: 0 + submodules: recursive + + - name: Install packages + run: ${{ matrix.setup_cmd }} + + - name: Run Membrowse Onboard Action + uses: membrowse/membrowse-action/onboard-action@v1 + with: + target_name: ${{ matrix.target_name }} + num_commits: ${{ github.event.inputs.num_commits }} + build_script: ${{ matrix.build_cmd }} + elf: ${{ matrix.elf }} + ld: ${{ matrix.ld }} + linker_vars: ${{ matrix.linker_vars }} + binary_search: 'true' + api_key: ${{ secrets.MEMBROWSE_API_KEY }} + api_url: ${{ vars.MEMBROWSE_API_URL }} diff --git a/.github/workflows/membrowse-report.yml b/.github/workflows/membrowse-report.yml new file mode 100644 index 00000000000..d0e0f29235e --- /dev/null +++ b/.github/workflows/membrowse-report.yml @@ -0,0 +1,58 @@ +name: Membrowse Memory Report + +on: + pull_request: + push: + branches: + - master + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: ${{ github.event_name == 'pull_request' }} + +jobs: + load-targets: + runs-on: ubuntu-24.04 + outputs: + matrix: ${{ steps.set-matrix.outputs.matrix }} + steps: + - name: Checkout repository + uses: actions/checkout@v5 + + - name: Load target matrix + id: set-matrix + run: echo "matrix=$(jq -c '.' .github/membrowse-targets.json)" >> $GITHUB_OUTPUT + + analyze: + needs: load-targets + runs-on: ubuntu-24.04 + strategy: + fail-fast: false + matrix: + include: ${{ fromJson(needs.load-targets.outputs.matrix) }} + + steps: + - name: Checkout repository + uses: actions/checkout@v5 + with: + fetch-depth: 0 + submodules: recursive + + - name: Install packages + run: ${{ matrix.setup_cmd }} + + - name: Build firmware + run: ${{ matrix.build_cmd }} + + - name: Run Membrowse PR Action + id: analyze + uses: membrowse/membrowse-action@v1 + with: + target_name: ${{ matrix.target_name }} + elf: ${{ matrix.elf }} + ld: ${{ matrix.ld }} + linker_vars: ${{ matrix.linker_vars }} + api_key: ${{ secrets.MEMBROWSE_API_KEY }} + api_url: ${{ vars.MEMBROWSE_API_URL }} + verbose: INFO + diff --git a/README.md b/README.md index 36642e26ef9..31c963dbfb0 100644 --- a/README.md +++ b/README.md @@ -299,6 +299,8 @@ More info can be found on-line at: https://wolfssl.com/wolfSSL/Docs.html [Additional wolfSSL Examples](https://github.com/wolfssl/wolfssl-examples) +[wolfSSL MemBrowse Dashboard](https://membrowse.com/public/wolfSSL/wolfssl) + # Directory structure ``` diff --git a/examples/ocsp_responder/ocsp_responder.c b/examples/ocsp_responder/ocsp_responder.c index 79c9c0e2867..54d1d9886cd 100644 --- a/examples/ocsp_responder/ocsp_responder.c +++ b/examples/ocsp_responder/ocsp_responder.c @@ -434,7 +434,7 @@ static int PopulateResponderFromIndex(OcspResponder* responder, word32 serialLen = 0; enum Ocsp_Cert_Status status; time_t revTime = 0; - enum WC_CRL_Reason revReason = CRL_REASON_UNSPECIFIED; + enum WC_CRL_Reason revReason = WC_CRL_REASON_UNSPECIFIED; word32 validity = 86400; char* p = entry->serial; word32 i; @@ -487,7 +487,7 @@ static int PopulateResponderFromIndex(OcspResponder* responder, else if (entry->status == 'R') { status = CERT_REVOKED; revTime = entry->revocationTime; - revReason = CRL_REASON_UNSPECIFIED; + revReason = WC_CRL_REASON_UNSPECIFIED; validity = 0; } else { diff --git a/src/dtls13.c b/src/dtls13.c index 644af226172..6f0fda11cd4 100644 --- a/src/dtls13.c +++ b/src/dtls13.c @@ -1042,6 +1042,10 @@ static int Dtls13SendFragmentedInternal(WOLFSSL* ssl) Dtls13FreeFragmentsBuffer(ssl); return outputSz; } + if ((word32)outputSz > WOLFSSL_MAX_16BIT) { + Dtls13FreeFragmentsBuffer(ssl); + return BUFFER_E; + } ret = CheckAvailableSize(ssl, outputSz); if (ret != 0) { @@ -1636,6 +1640,10 @@ static int Dtls13RtxSendBuffered(WOLFSSL* ssl) if (!w64IsZero(r->epoch)) sendSz += MAX_MSG_EXTRA; + if ((word32)sendSz > WOLFSSL_MAX_16BIT) { + return BUFFER_E; + } + ret = CheckAvailableSize(ssl, sendSz); if (ret != 0) return ret; diff --git a/src/internal.c b/src/internal.c index 19d7e999730..067b7a6c084 100644 --- a/src/internal.c +++ b/src/internal.c @@ -13360,6 +13360,9 @@ int MatchDomainName(const char* pattern, int patternLen, const char* str, wildcardEligible = 0; } + if (strLen == 0) + return 0; + /* Simple case, pattern match exactly */ if (p != (char)XTOLOWER((unsigned char) *str)) return 0; @@ -31027,7 +31030,7 @@ static void MakePSKPreMasterSecret(Arrays* arrays, byte use_psk_key) XMEMSET(pms, 0, sz); pms += sz; } - c16toa(arrays->psk_keySz, pms); + c16toa((word16)arrays->psk_keySz, pms); pms += OPAQUE16_LEN; XMEMCPY(pms, arrays->psk_key, arrays->psk_keySz); arrays->preMasterSz = sz + arrays->psk_keySz + OPAQUE16_LEN * 2; diff --git a/src/ocsp.c b/src/ocsp.c index 30db41c0ce1..2fff7ced503 100644 --- a/src/ocsp.c +++ b/src/ocsp.c @@ -89,7 +89,7 @@ int wc_CheckCertOcspResponse(WOLFSSL_OCSP *ocsp, DecodedCert *cert, ocspRequest = (OcspRequest*)XMALLOC(sizeof(OcspRequest), NULL, DYNAMIC_TYPE_TMP_BUFFER); if (ocspRequest == NULL) { - WOLFSSL_LEAVE("CheckCertOCSP", MEMORY_ERROR); + WOLFSSL_LEAVE("wc_CheckCertOcspResponse", MEMORY_ERROR); return MEMORY_E; } #endif @@ -105,7 +105,7 @@ int wc_CheckCertOcspResponse(WOLFSSL_OCSP *ocsp, DecodedCert *cert, XFREE(ocspRequest, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif - WOLFSSL_LEAVE("CheckCertOCSP", ret); + WOLFSSL_LEAVE("wc_CheckCertOcspResponse", ret); return ret; } @@ -171,19 +171,20 @@ static void FreeOcspEntry(OcspEntry* entry, void* heap) void FreeOCSP(WOLFSSL_OCSP* ocsp, int dynamic) { OcspEntry *entry, *next; + void* heap = (ocsp->cm != NULL) ? ocsp->cm->heap : NULL; WOLFSSL_ENTER("FreeOCSP"); for (entry = ocsp->ocspList; entry; entry = next) { next = entry->next; - FreeOcspEntry(entry, ocsp->cm->heap); - XFREE(entry, ocsp->cm->heap, DYNAMIC_TYPE_OCSP_ENTRY); + FreeOcspEntry(entry, heap); + XFREE(entry, heap, DYNAMIC_TYPE_OCSP_ENTRY); } wc_FreeMutex(&ocsp->ocspLock); if (dynamic) - XFREE(ocsp, ocsp->cm->heap, DYNAMIC_TYPE_OCSP); + XFREE(ocsp, heap, DYNAMIC_TYPE_OCSP); } @@ -244,7 +245,7 @@ static int GetOcspEntry(WOLFSSL_OCSP* ocsp, OcspRequest* request, *entry = NULL; if (wc_LockMutex(&ocsp->ocspLock) != 0) { - WOLFSSL_LEAVE("CheckCertOCSP", BAD_MUTEX_E); + WOLFSSL_LEAVE("GetOcspEntry", BAD_MUTEX_E); return BAD_MUTEX_E; } @@ -287,7 +288,7 @@ static int GetOcspStatus(WOLFSSL_OCSP* ocsp, OcspRequest* request, *status = NULL; if (wc_LockMutex(&ocsp->ocspLock) != 0) { - WOLFSSL_LEAVE("CheckCertOCSP", BAD_MUTEX_E); + WOLFSSL_LEAVE("GetOcspStatus", BAD_MUTEX_E); return BAD_MUTEX_E; } @@ -374,7 +375,7 @@ int CheckOcspResponse(WOLFSSL_OCSP *ocsp, byte *response, int responseSz, XFREE(newSingle, NULL, DYNAMIC_TYPE_OCSP_ENTRY); XFREE(ocspResponse, NULL, DYNAMIC_TYPE_OCSP_REQUEST); - WOLFSSL_LEAVE("CheckCertOCSP", MEMORY_ERROR); + WOLFSSL_LEAVE("CheckOcspResponse", MEMORY_ERROR); return MEMORY_E; } #endif @@ -550,7 +551,7 @@ int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest, request = (byte*)XMALLOC((size_t)requestSz, ocsp->cm->heap, DYNAMIC_TYPE_OCSP); if (request == NULL) { - WOLFSSL_LEAVE("CheckCertOCSP", MEMORY_ERROR); + WOLFSSL_LEAVE("CheckOcspRequest", MEMORY_ERROR); return MEMORY_ERROR; } @@ -1285,7 +1286,7 @@ OcspResponse* wolfSSL_d2i_OCSP_RESPONSE(OcspResponse** response, } if (GetSequence(*data, &idx, &length, (word32)len) >= 0) - (*data) += (unsigned char) ((int)idx + length); + (*data) += idx + length; if (response != NULL && *response == NULL) *response = resp; @@ -1296,6 +1297,9 @@ OcspResponse* wolfSSL_d2i_OCSP_RESPONSE(OcspResponse** response, int wolfSSL_i2d_OCSP_RESPONSE(OcspResponse* response, unsigned char** data) { + if (response == NULL) + return BAD_FUNC_ARG; + if (data == NULL) return (int)response->maxIdx; @@ -1366,7 +1370,11 @@ int wolfSSL_i2d_OCSP_REQUEST(OcspRequest* request, unsigned char** data) if (size <= 0 || data == NULL) return size; - return EncodeOcspRequest(request, *data, (word32) size); + size = EncodeOcspRequest(request, *data, (word32) size); + if (size > 0) + *data += size; + + return size; } WOLFSSL_OCSP_ONEREQ* wolfSSL_OCSP_request_add0_id(OcspRequest *req, @@ -1405,9 +1413,35 @@ WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_CERTID_dup(WOLFSSL_OCSP_CERTID* id) certId = (WOLFSSL_OCSP_CERTID*)XMALLOC(sizeof(WOLFSSL_OCSP_CERTID), NULL, DYNAMIC_TYPE_OPENSSL); - if (certId) { - XMEMCPY(certId, id, sizeof(WOLFSSL_OCSP_CERTID)); + if (certId == NULL) + return NULL; + + XMEMCPY(certId, id, sizeof(WOLFSSL_OCSP_CERTID)); + certId->next = NULL; + certId->rawCertId = NULL; + certId->rawCertIdSize = 0; + + /* Deep-copy the status to avoid double-free */ + if (id->status != NULL) { + certId->status = (CertStatus*)XMALLOC(sizeof(CertStatus), + NULL, DYNAMIC_TYPE_OCSP_STATUS); + if (certId->status == NULL) { + XFREE(certId, NULL, DYNAMIC_TYPE_OPENSSL); + return NULL; + } + XMEMCPY(certId->status, id->status, sizeof(CertStatus)); + certId->status->next = NULL; + /* Don't share dynamically allocated fields */ + certId->status->rawOcspResponse = NULL; + certId->status->rawOcspResponseSz = 0; + certId->status->serialInt = NULL; +#ifdef WOLFSSL_OCSP_PARSE_STATUS + certId->status->thisDateAsn = NULL; + certId->status->nextDateAsn = NULL; +#endif } + certId->ownStatus = 1; + return certId; } @@ -1429,7 +1463,9 @@ int wolfSSL_i2d_OCSP_REQUEST_bio(WOLFSSL_BIO* out, } if (data != NULL) { + unsigned char* dataOrig = data; size = wolfSSL_i2d_OCSP_REQUEST(req, &data); + data = dataOrig; } if (size <= 0) { @@ -2520,8 +2556,8 @@ int wc_OcspResponder_SetCertStatus(OcspResponder* responder, if (status == CERT_REVOKED) { if (revocationTime <= 0) goto out; - if (revocationReason < CRL_REASON_UNSPECIFIED || - revocationReason > CRL_REASON_AA_COMPROMISE) + if (revocationReason < WC_CRL_REASON_UNSPECIFIED || + revocationReason > WC_CRL_REASON_AA_COMPROMISE) goto out; /* Skip value 7 which is not used */ if (revocationReason == 7) diff --git a/src/tls13.c b/src/tls13.c index 8bce848a50e..a591532be27 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -9291,7 +9291,7 @@ static int SendTls13Certificate(WOLFSSL* ssl) break; #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) && \ !defined(NO_WOLFSSL_SERVER) - if (MAX_CERT_EXTENSIONS > extIdx) + if (extIdx + 1 < MAX_CERT_EXTENSIONS) extIdx++; #endif } @@ -9324,6 +9324,10 @@ static int SendTls13Certificate(WOLFSSL* ssl) /* DTLS1.3 uses a separate variable and logic for fragments */ ssl->options.buildingMsg = 0; ssl->fragOffset = 0; + if ((word32)sendSz > WOLFSSL_MAX_16BIT || i > WOLFSSL_MAX_16BIT) { + WOLFSSL_MSG("Send Cert DTLS size exceeds word16"); + return BUFFER_E; + } ret = Dtls13HandshakeSend(ssl, output, (word16)sendSz, (word16)i, certificate, 1); } diff --git a/src/x509.c b/src/x509.c index 3593cd82f47..f4006ffe3ac 100644 --- a/src/x509.c +++ b/src/x509.c @@ -11870,25 +11870,28 @@ static int CertFromX509(Cert* cert, WOLFSSL_X509* x509) return WOLFSSL_FAILURE; } - if (x509->authKeyIdSz < sizeof(cert->akid)) { #ifdef WOLFSSL_AKID_NAME - cert->rawAkid = 0; - if (x509->authKeyIdSrc) { - XMEMCPY(cert->akid, x509->authKeyIdSrc, x509->authKeyIdSrcSz); - cert->akidSz = (int)x509->authKeyIdSrcSz; - cert->rawAkid = 1; + cert->rawAkid = 0; + if (x509->authKeyIdSrc) { + if (x509->authKeyIdSrcSz > sizeof(cert->akid)) { + WOLFSSL_MSG("Auth Key ID too large"); + WOLFSSL_ERROR_VERBOSE(BUFFER_E); + return WOLFSSL_FAILURE; } - else + XMEMCPY(cert->akid, x509->authKeyIdSrc, x509->authKeyIdSrcSz); + cert->akidSz = (int)x509->authKeyIdSrcSz; + cert->rawAkid = 1; + } + else #endif - if (x509->authKeyId) { - XMEMCPY(cert->akid, x509->authKeyId, x509->authKeyIdSz); - cert->akidSz = (int)x509->authKeyIdSz; + if (x509->authKeyId) { + if (x509->authKeyIdSz > sizeof(cert->akid)) { + WOLFSSL_MSG("Auth Key ID too large"); + WOLFSSL_ERROR_VERBOSE(BUFFER_E); + return WOLFSSL_FAILURE; } - } - else { - WOLFSSL_MSG("Auth Key ID too large"); - WOLFSSL_ERROR_VERBOSE(BUFFER_E); - return WOLFSSL_FAILURE; + XMEMCPY(cert->akid, x509->authKeyId, x509->authKeyIdSz); + cert->akidSz = (int)x509->authKeyIdSz; } for (i = 0; i < x509->certPoliciesNb; i++) { diff --git a/tests/api.c b/tests/api.c index 0459c09fd97..8f561b0648e 100644 --- a/tests/api.c +++ b/tests/api.c @@ -2989,6 +2989,7 @@ static int test_wolfSSL_CheckOCSPResponse(void) pt = data; ExpectNotNull(res = wolfSSL_d2i_OCSP_RESPONSE(NULL, &pt, dataSz)); + ExpectPtrEq(pt, data + dataSz); ExpectNotNull(issuer = wolfSSL_X509_load_certificate_file(caFile, SSL_FILETYPE_PEM)); ExpectNotNull(st = wolfSSL_X509_STORE_new()); @@ -3013,6 +3014,7 @@ static int test_wolfSSL_CheckOCSPResponse(void) pt = data; ExpectNotNull(res = wolfSSL_d2i_OCSP_RESPONSE(NULL, &pt, dataSz)); + ExpectPtrEq(pt, data + dataSz); wolfSSL_OCSP_RESPONSE_free(res); res = NULL; @@ -3124,6 +3126,7 @@ static int test_wolfSSL_CheckOCSPResponse(void) pt = data; ExpectNotNull(res = wolfSSL_d2i_OCSP_RESPONSE(NULL, &pt, dataSz)); + ExpectPtrEq(pt, data + dataSz); /* try to verify the response */ ExpectNotNull(issuer = wolfSSL_X509_load_certificate_file(caFile, @@ -35489,6 +35492,7 @@ TEST_CASE testCases[] = { TEST_DECL(test_ocsp_basic_verify), TEST_DECL(test_ocsp_response_parsing), TEST_DECL(test_ocsp_certid_enc_dec), + TEST_DECL(test_ocsp_certid_dup), TEST_DECL(test_ocsp_tls_cert_cb), TEST_DECL(test_ocsp_cert_unknown_crl_fallback), TEST_DECL(test_ocsp_cert_unknown_crl_fallback_nonleaf), diff --git a/tests/api/test_blake2.c b/tests/api/test_blake2.c index 9cbd11de85d..2067997fa23 100644 --- a/tests/api/test_blake2.c +++ b/tests/api/test_blake2.c @@ -50,6 +50,12 @@ int test_wc_InitBlake2b(void) ExpectIntEQ(wc_InitBlake2b(&blake, 128), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_InitBlake2b(NULL, WC_BLAKE2B_DIGEST_SIZE), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* digestSz values that truncate via (byte) cast to a valid size must be + * rejected: 257 mod 256 = 1, 320 mod 256 = 64 - both within BLAKE2B range */ + ExpectIntEQ(wc_InitBlake2b(&blake, 257), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_InitBlake2b(&blake, 256 + BLAKE2B_OUTBYTES), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); /* Test good arg. */ ExpectIntEQ(wc_InitBlake2b(&blake, WC_BLAKE2B_DIGEST_SIZE), 0); @@ -82,6 +88,12 @@ int test_wc_InitBlake2b_WithKey(void) ExpectIntEQ(wc_InitBlake2b_WithKey(NULL, digestSz, key, keylen), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* digestSz that truncates to a valid byte-sized value must be rejected */ + ExpectIntEQ(wc_InitBlake2b_WithKey(&blake, 257, NULL, keylen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_InitBlake2b_WithKey(&blake, 256 + BLAKE2B_OUTBYTES, NULL, keylen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* Test good arg. */ ExpectIntEQ(wc_InitBlake2b_WithKey(&blake, digestSz, NULL, keylen), 0); ExpectIntEQ(wc_InitBlake2b_WithKey(&blake, digestSz, key, keylen), 0); @@ -127,8 +139,14 @@ int test_wc_Blake2bFinal(void) ExpectIntEQ(wc_Blake2bFinal(&blake, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_Blake2bFinal(NULL, hash, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* requestSz that truncates to valid byte must be rejected */ + ExpectIntEQ(wc_Blake2bFinal(&blake, hash, 257), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Blake2bFinal(&blake, hash, 256 + BLAKE2B_OUTBYTES), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); /* Test good args. */ + ExpectIntEQ(wc_InitBlake2b(&blake, WC_BLAKE2B_DIGEST_SIZE), 0); ExpectIntEQ(wc_Blake2bFinal(&blake, hash, WC_BLAKE2B_DIGEST_SIZE), 0); #endif return EXPECT_RESULT(); @@ -322,6 +340,12 @@ int test_wc_InitBlake2s(void) ExpectIntEQ(wc_InitBlake2s(&blake, 128), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_InitBlake2s(NULL, WC_BLAKE2S_DIGEST_SIZE), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* digestSz that truncates via (byte) cast to a valid size must be rejected: + * 257 mod 256 = 1, 288 mod 256 = 32 - both within BLAKE2S range */ + ExpectIntEQ(wc_InitBlake2s(&blake, 257), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_InitBlake2s(&blake, 256 + BLAKE2S_OUTBYTES), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); /* Test good arg. */ ExpectIntEQ(wc_InitBlake2s(&blake, WC_BLAKE2S_DIGEST_SIZE), 0); @@ -352,6 +376,12 @@ int test_wc_InitBlake2s_WithKey(void) ExpectIntEQ(wc_InitBlake2s_WithKey(NULL, digestSz, key, keylen), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* digestSz that truncates to a valid byte-sized value must be rejected */ + ExpectIntEQ(wc_InitBlake2s_WithKey(&blake, 257, NULL, keylen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_InitBlake2s_WithKey(&blake, 256 + BLAKE2S_OUTBYTES, NULL, keylen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* Test good arg. */ ExpectIntEQ(wc_InitBlake2s_WithKey(&blake, digestSz, NULL, keylen), 0); ExpectIntEQ(wc_InitBlake2s_WithKey(&blake, digestSz, key, keylen), 0); @@ -397,8 +427,14 @@ int test_wc_Blake2sFinal(void) ExpectIntEQ(wc_Blake2sFinal(&blake, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_Blake2sFinal(NULL, hash, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* requestSz that truncates to valid byte must be rejected */ + ExpectIntEQ(wc_Blake2sFinal(&blake, hash, 257), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Blake2sFinal(&blake, hash, 256 + BLAKE2S_OUTBYTES), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); /* Test good args. */ + ExpectIntEQ(wc_InitBlake2s(&blake, WC_BLAKE2S_DIGEST_SIZE), 0); ExpectIntEQ(wc_Blake2sFinal(&blake, hash, WC_BLAKE2S_DIGEST_SIZE), 0); #endif return EXPECT_RESULT(); diff --git a/tests/api/test_dtls.c b/tests/api/test_dtls.c index 5bd296fcbf2..c6e8f7cc286 100644 --- a/tests/api/test_dtls.c +++ b/tests/api/test_dtls.c @@ -2814,3 +2814,98 @@ int test_dtls13_no_session_id_echo(void) #endif return EXPECT_RESULT(); } + +/* Test that a DTLS 1.3 handshake with an oversized certificate chain does + * not crash or cause out-of-bounds access in SendTls13Certificate. */ +int test_dtls13_oversized_cert_chain(void) +{ + EXPECT_DECLS; +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS13) \ + && !defined(NO_FILESYSTEM) && !defined(NO_RSA) + WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; + WOLFSSL *ssl_c = NULL, *ssl_s = NULL; + struct test_memio_ctx test_ctx; + XFILE f = XBADFILE; + long sz = 0; + byte *cert = NULL; + byte *chain = NULL; + int copies, off, i; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + /* Read server cert */ + f = XFOPEN(svrCertFile, "rb"); + ExpectTrue(f != XBADFILE); + if (EXPECT_SUCCESS()) { + (void)XFSEEK(f, 0, XSEEK_END); + sz = XFTELL(f); + (void)XFSEEK(f, 0, XSEEK_SET); + } + ExpectTrue(sz > 0); + cert = (byte*)XMALLOC((size_t)(sz + 1), NULL, DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(cert); + if (EXPECT_SUCCESS()) + ExpectIntEQ((int)XFREAD(cert, 1, (size_t)sz, f), (int)sz); + if (f != XBADFILE) + XFCLOSE(f); + + /* Build an oversized chain by duplicating the cert */ + copies = EXPECT_SUCCESS() ? (int)(70000 / sz) + 2 : 0; + chain = (byte*)XMALLOC((size_t)(sz * copies + 1), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(chain); + off = 0; + if (EXPECT_SUCCESS()) { + for (i = 0; i < copies; i++) { + XMEMCPY(chain + off, cert, (size_t)sz); + off += (int)sz; + } + } + + /* Server context: load the oversized chain */ + ExpectNotNull(ctx_s = wolfSSL_CTX_new(wolfDTLSv1_3_server_method())); + ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer(ctx_s, + chain, (long)off), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_file(ctx_s, svrKeyFile, + WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + if (EXPECT_SUCCESS()) { + wolfSSL_SetIORecv(ctx_s, test_memio_read_cb); + wolfSSL_SetIOSend(ctx_s, test_memio_write_cb); + } + + /* Client context: no verification (chain certs are duplicates) */ + ExpectNotNull(ctx_c = wolfSSL_CTX_new(wolfDTLSv1_3_client_method())); + if (EXPECT_SUCCESS()) { + wolfSSL_CTX_set_verify(ctx_c, WOLFSSL_VERIFY_NONE, NULL); + wolfSSL_SetIORecv(ctx_c, test_memio_read_cb); + wolfSSL_SetIOSend(ctx_c, test_memio_write_cb); + } + + ExpectNotNull(ssl_s = wolfSSL_new(ctx_s)); + if (EXPECT_SUCCESS()) { + wolfSSL_SetIOWriteCtx(ssl_s, &test_ctx); + wolfSSL_SetIOReadCtx(ssl_s, &test_ctx); + } + + ExpectNotNull(ssl_c = wolfSSL_new(ctx_c)); + if (EXPECT_SUCCESS()) { + wolfSSL_SetIOWriteCtx(ssl_c, &test_ctx); + wolfSSL_SetIOReadCtx(ssl_c, &test_ctx); + } + + /* Handshake must not crash. If SendTls13Certificate mishandles the + * oversized chain this will trigger a wild pointer dereference or stack + * overflow resulting with the test failing. + * The correct behaviour either returns BUFFER_E or succeeds + * if the build config truncated the chain during loading. */ + (void)test_memio_do_handshake(ssl_c, ssl_s, 10, NULL); + + wolfSSL_free(ssl_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_c); + wolfSSL_CTX_free(ctx_s); + XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(chain, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return EXPECT_RESULT(); +} diff --git a/tests/api/test_dtls.h b/tests/api/test_dtls.h index 01f47ccda9f..3a1e083a60e 100644 --- a/tests/api/test_dtls.h +++ b/tests/api/test_dtls.h @@ -53,6 +53,7 @@ int test_dtls_mtu_fragment_headroom(void); int test_dtls_mtu_split_messages(void); int test_dtls13_min_rtx_interval(void); int test_dtls13_no_session_id_echo(void); +int test_dtls13_oversized_cert_chain(void); #define TEST_DTLS_DECLS \ TEST_DECL_GROUP("dtls", test_dtls12_basic_connection_id), \ @@ -84,6 +85,7 @@ int test_dtls13_no_session_id_echo(void); TEST_DECL_GROUP("dtls", test_dtls_mtu_fragment_headroom), \ TEST_DECL_GROUP("dtls", test_dtls_mtu_split_messages), \ TEST_DECL_GROUP("dtls", test_dtls_memio_wolfio_stateless), \ - TEST_DECL_GROUP("dtls", test_dtls13_min_rtx_interval), \ - TEST_DECL_GROUP("dtls", test_dtls13_no_session_id_echo) + TEST_DECL_GROUP("dtls", test_dtls13_min_rtx_interval), \ + TEST_DECL_GROUP("dtls", test_dtls13_no_session_id_echo), \ + TEST_DECL_GROUP("dtls", test_dtls13_oversized_cert_chain) #endif /* TESTS_API_DTLS_H */ diff --git a/tests/api/test_ocsp.c b/tests/api/test_ocsp.c index cd01c7372d8..02938adfd3a 100644 --- a/tests/api/test_ocsp.c +++ b/tests/api/test_ocsp.c @@ -215,6 +215,7 @@ int test_ocsp_basic_verify(void) ptr = (const unsigned char*)resp; ExpectNotNull( response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, sizeof(resp))); + ExpectPtrEq(ptr, (const unsigned char*)resp + sizeof(resp)); ExpectIntEQ(response->responseStatus, 0); ExpectIntEQ(response->responderIdType, OCSP_RESPONDER_ID_NAME); ExpectBufEQ(response->responderId.nameHash, cert.subjectHash, @@ -225,6 +226,8 @@ int test_ocsp_basic_verify(void) ptr = (const unsigned char*)resp_rid_bykey; ExpectNotNull(response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, sizeof(resp_rid_bykey))); + ExpectPtrEq(ptr, (const unsigned char*)resp_rid_bykey + + sizeof(resp_rid_bykey)); ExpectIntEQ(response->responseStatus, 0); ExpectIntEQ(response->responderIdType, OCSP_RESPONDER_ID_KEY); ExpectBufEQ(response->responderId.keyHash, cert.subjectKeyHash, @@ -235,6 +238,7 @@ int test_ocsp_basic_verify(void) ptr = (const unsigned char*)resp_nocert; ExpectNotNull( response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, sizeof(resp_nocert))); + ExpectPtrEq(ptr, (const unsigned char*)resp_nocert + sizeof(resp_nocert)); ExpectIntEQ(response->responseStatus, 0); wolfSSL_OCSP_RESPONSE_free(response); @@ -246,6 +250,7 @@ int test_ocsp_basic_verify(void) ptr = (const unsigned char*)resp; ExpectNotNull( response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, sizeof(resp))); + ExpectPtrEq(ptr, (const unsigned char*)resp + sizeof(resp)); /* no verify signer certificate */ ExpectIntEQ(wolfSSL_OCSP_basic_verify(response, NULL, NULL, OCSP_NOVERIFY), WOLFSSL_SUCCESS); @@ -272,6 +277,7 @@ int test_ocsp_basic_verify(void) ptr = (const unsigned char*)resp_nocert; ExpectNotNull( response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, sizeof(resp_nocert))); + ExpectPtrEq(ptr, (const unsigned char*)resp_nocert + sizeof(resp_nocert)); ExpectIntEQ(wolfSSL_OCSP_basic_verify(response, certs, store, 0), WOLFSSL_SUCCESS); wolfSSL_OCSP_RESPONSE_free(response); @@ -281,6 +287,7 @@ int test_ocsp_basic_verify(void) ptr = (const unsigned char*)resp; ExpectNotNull( response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, sizeof(resp))); + ExpectPtrEq(ptr, (const unsigned char*)resp + sizeof(resp)); ExpectIntEQ(wolfSSL_OCSP_basic_verify(response, NULL, store, 0), WOLFSSL_SUCCESS); /* make invalid signature */ @@ -311,6 +318,7 @@ int test_ocsp_basic_verify(void) ptr = (const unsigned char*)resp_nocert; ExpectNotNull( response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, sizeof(resp_nocert))); + ExpectPtrEq(ptr, (const unsigned char*)resp_nocert + sizeof(resp_nocert)); ExpectIntNE(wolfSSL_OCSP_basic_verify(response, NULL, store, 0), WOLFSSL_SUCCESS); wolfSSL_OCSP_RESPONSE_free(response); @@ -332,6 +340,7 @@ int test_ocsp_basic_verify(void) ptr = (const unsigned char*)resp_multi; ExpectNotNull( response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, sizeof(resp_multi))); + ExpectPtrEq(ptr, (const unsigned char*)resp_multi + sizeof(resp_multi)); ExpectIntEQ(wolfSSL_OCSP_basic_verify(response, certs, store, 0), WOLFSSL_SUCCESS); wolfSSL_OCSP_RESPONSE_free(response); @@ -342,6 +351,8 @@ int test_ocsp_basic_verify(void) ptr = (const unsigned char*)resp_bad_noauth; ExpectNotNull(response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, sizeof(resp_bad_noauth))); + ExpectPtrEq(ptr, (const unsigned char*)resp_bad_noauth + + sizeof(resp_bad_noauth)); expectedRet = WOLFSSL_FAILURE; #ifdef WOLFSSL_NO_OCSP_ISSUER_CHECK @@ -665,11 +676,51 @@ int test_ocsp_certid_enc_dec(void) wolfSSL_X509_free(issuer); return EXPECT_SUCCESS(); } +int test_ocsp_certid_dup(void) +{ + EXPECT_DECLS; + WOLFSSL_OCSP_CERTID* certId = NULL; + WOLFSSL_OCSP_CERTID* certIdDup = NULL; + WOLFSSL_X509* subject = NULL; + WOLFSSL_X509* issuer = NULL; + + /* Load test certificates */ + ExpectNotNull( + subject = wolfSSL_X509_load_certificate_file( + "./certs/ocsp/intermediate1-ca-cert.pem", WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(issuer = wolfSSL_X509_load_certificate_file( + "./certs/ocsp/root-ca-cert.pem", WOLFSSL_FILETYPE_PEM)); + + /* Create CERTID from certificates */ + ExpectNotNull(certId = wolfSSL_OCSP_cert_to_id(NULL, subject, issuer)); + + /* Dup */ + ExpectNotNull(certIdDup = wolfSSL_OCSP_CERTID_dup(certId)); + + /* Verify the dup compares equal */ + ExpectIntEQ(wolfSSL_OCSP_id_cmp(certId, certIdDup), 0); + + /* Verify status is a distinct allocation (deep copy) */ + ExpectPtrNE(certId->status, certIdDup->status); + + /* Freeing both must not double-free (ASAN will catch it) */ + wolfSSL_OCSP_CERTID_free(certId); + wolfSSL_OCSP_CERTID_free(certIdDup); + + wolfSSL_X509_free(subject); + wolfSSL_X509_free(issuer); + return EXPECT_SUCCESS(); +} + #else /* !NO_SHA && OPENSSL_ALL && HAVE_OCSP && !WOLFSSL_SM3 && !WOLFSSL_SM2 */ int test_ocsp_certid_enc_dec(void) { return TEST_SKIPPED; } +int test_ocsp_certid_dup(void) +{ + return TEST_SKIPPED; +} #endif #if defined(HAVE_OCSP) && defined(WOLFSSL_CERT_SETUP_CB) && \ @@ -1510,7 +1561,7 @@ int test_ocsp_responder(void) "./certs/ca-key.der", "./certs/server-cert.der", CERT_GOOD, - 0, CRL_REASON_UNSPECIFIED, + 0, WC_CRL_REASON_UNSPECIFIED, 86400, /* validityPeriod - 24 hours */ 0, "RSA server cert - GOOD status" @@ -1521,7 +1572,7 @@ int test_ocsp_responder(void) "./certs/ca-key.der", "./certs/server-cert.der", CERT_REVOKED, - now, CRL_REASON_KEY_COMPROMISE, /* Revoked due to key compromise */ + now, WC_CRL_REASON_KEY_COMPROMISE, /* Revoked due to key compromise */ 0, /* validityPeriod (not used for REVOKED) */ OCSP_CERT_REVOKED, "RSA server cert - REVOKED status" @@ -1532,7 +1583,7 @@ int test_ocsp_responder(void) "./certs/ca-key.der", "./certs/server-cert.der", CERT_UNKNOWN, - 0, CRL_REASON_UNSPECIFIED, + 0, WC_CRL_REASON_UNSPECIFIED, 0, /* validityPeriod (not used for UNKNOWN) */ OCSP_CERT_UNKNOWN, "RSA server cert - UNKNOWN status" @@ -1543,7 +1594,7 @@ int test_ocsp_responder(void) "./certs/ocsp/ocsp-responder-key.der", "./certs/ocsp/intermediate1-ca-cert.der", CERT_GOOD, - 0, CRL_REASON_UNSPECIFIED, + 0, WC_CRL_REASON_UNSPECIFIED, 86400, /* validityPeriod - 24 hours */ 0, "RSA int1 cert with responder - GOOD status" @@ -1554,7 +1605,7 @@ int test_ocsp_responder(void) "./certs/ocsp/ocsp-responder-key.der", "./certs/ocsp/intermediate1-ca-cert.der", CERT_REVOKED, - now, CRL_REASON_KEY_COMPROMISE, /* Revoked due to key compromise */ + now, WC_CRL_REASON_KEY_COMPROMISE, /* Revoked due to key compromise */ 0, /* validityPeriod (not used for REVOKED) */ OCSP_CERT_REVOKED, "RSA int1 cert with responder - REVOKED status" @@ -1565,7 +1616,7 @@ int test_ocsp_responder(void) "./certs/ocsp/ocsp-responder-key.der", "./certs/ocsp/intermediate1-ca-cert.der", CERT_UNKNOWN, - 0, CRL_REASON_UNSPECIFIED, + 0, WC_CRL_REASON_UNSPECIFIED, 0, /* validityPeriod (not used for UNKNOWN) */ OCSP_CERT_UNKNOWN, "RSA int1 cert with responder - UNKNOWN status" @@ -1577,7 +1628,7 @@ int test_ocsp_responder(void) "./certs/ca-ecc-key.der", "./certs/server-ecc.der", CERT_GOOD, - 0, CRL_REASON_UNSPECIFIED, + 0, WC_CRL_REASON_UNSPECIFIED, 86400, /* validityPeriod - 24 hours */ 0, "ECC server cert - GOOD status" @@ -1588,7 +1639,7 @@ int test_ocsp_responder(void) "./certs/ca-ecc-key.der", "./certs/server-ecc.der", CERT_REVOKED, - now, CRL_REASON_AFFILIATION_CHANGED, + now, WC_CRL_REASON_AFFILIATION_CHANGED, 0, /* validityPeriod (not used for REVOKED) */ OCSP_CERT_REVOKED, "ECC server cert - REVOKED status" @@ -1599,7 +1650,7 @@ int test_ocsp_responder(void) "./certs/ca-ecc-key.der", "./certs/server-ecc.der", CERT_UNKNOWN, - 0, CRL_REASON_UNSPECIFIED, + 0, WC_CRL_REASON_UNSPECIFIED, 0, /* validityPeriod (not used for UNKNOWN) */ OCSP_CERT_UNKNOWN, "ECC server cert - UNKNOWN status" diff --git a/tests/api/test_ocsp.h b/tests/api/test_ocsp.h index b6e328f2dff..6df114b8730 100644 --- a/tests/api/test_ocsp.h +++ b/tests/api/test_ocsp.h @@ -23,6 +23,7 @@ #define WOLFSSL_TEST_OCSP_H int test_ocsp_certid_enc_dec(void); +int test_ocsp_certid_dup(void); int test_ocsp_status_callback(void); int test_ocsp_basic_verify(void); int test_ocsp_response_parsing(void); diff --git a/tests/api/test_x509.c b/tests/api/test_x509.c index cd0a06241de..47780e6dc4e 100644 --- a/tests/api/test_x509.c +++ b/tests/api/test_x509.c @@ -38,6 +38,7 @@ #include #include +#include #if defined(OPENSSL_ALL) && \ defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) @@ -632,3 +633,245 @@ int test_x509_time_field_overread_via_tls(void) #endif /* compile guards */ return EXPECT_RESULT(); } + + +/* Test that CertFromX509 rejects an oversized raw AuthorityKeyIdentifier + * extension. Before the fix, the guard checked authKeyIdSz (the [0] + * keyIdentifier sub-field) but the WOLFSSL_AKID_NAME branch copied + * authKeyIdSrcSz (the full extension) bytes, causing a heap overflow. */ +int test_x509_CertFromX509_akid_overflow(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_AKID_NAME) && defined(WOLFSSL_CERT_GEN) && \ + defined(WOLFSSL_CERT_EXT) && !defined(NO_BIO) && \ + (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) + /* DER builder helpers -- write into a flat buffer */ +#ifdef WOLFSSL_SMALL_STACK + unsigned char* buf = NULL; +#else + unsigned char buf[16384]; +#endif + size_t pos = 0; + size_t akid_val_len; + unsigned char* akid_val = NULL; + WOLFSSL_X509* x = NULL; + WOLFSSL_BIO* bio = NULL; + +#ifdef WOLFSSL_SMALL_STACK + buf = (unsigned char*)XMALLOC(16384, NULL, DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(buf); + if (buf == NULL) + return EXPECT_RESULT(); +#endif + + #define PUT1(b) do { buf[pos++] = (b); } while(0) + #define PUTN(p, n) do { XMEMCPY(buf + pos, (p), (n)); pos += (n); } while(0) + + /* Emit tag + definite-length header, return header size */ + #define TLV_HDR(tag, n, out, hlen) do { \ + size_t _i = 0; \ + (out)[_i++] = (tag); \ + if ((n) < 0x80u) { (out)[_i++] = (unsigned char)(n); } \ + else if ((n) < 0x100u) { (out)[_i++] = 0x81; \ + (out)[_i++] = (unsigned char)(n); } \ + else if ((n) < 0x10000u) { (out)[_i++] = 0x82; \ + (out)[_i++] = (unsigned char)((n)>>8); \ + (out)[_i++] = (unsigned char)(n); } \ + (hlen) = _i; \ + } while(0) + + /* Wrap [start, pos) in-place with a TLV header */ + #define WRAP(start, tag) do { \ + size_t _len = pos - (start); \ + unsigned char _hdr[6]; size_t _hlen; \ + TLV_HDR((tag), _len, _hdr, _hlen); \ + XMEMMOVE(buf + (start) + _hlen, buf + (start), _len); \ + XMEMCPY(buf + (start), _hdr, _hlen); \ + pos += _hlen; \ + } while(0) + + /* ---- Build AKID extension value ---- */ + { + size_t akid_start = pos; + size_t s; + int i; + + /* [0] keyIdentifier: 20 bytes (small, passes old check) */ + s = pos; + for (i = 0; i < 20; i++) PUT1(0x41); + WRAP(s, 0x80); + + /* [1] authorityCertIssuer: one URI of ~4000 bytes + * This makes authKeyIdSrcSz >> sizeof(cert->akid) (~1628) */ + s = pos; + { + const char* pfx = "http://e/"; + PUTN(pfx, (size_t)XSTRLEN(pfx)); + for (i = 0; i < 4000; i++) PUT1('Z'); + } + WRAP(s, 0x86); /* GeneralName [6] URI */ + WRAP(s, 0xA1); /* [1] IMPLICIT */ + + /* [2] authorityCertSerialNumber */ + s = pos; + PUT1(0x01); + WRAP(s, 0x82); + + WRAP(akid_start, 0x30); /* SEQUENCE */ + akid_val_len = pos - akid_start; + akid_val = (unsigned char*)XMALLOC(akid_val_len, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(akid_val); + if (akid_val != NULL) + XMEMCPY(akid_val, buf + akid_start, akid_val_len); + } + + /* ---- Build minimal self-signed v3 certificate ---- */ + pos = 0; + { + size_t tbs_start = pos; + size_t s; + + /* version [0] EXPLICIT INTEGER 2 (v3) */ + PUT1(0xA0); PUT1(0x03); PUT1(0x02); PUT1(0x01); PUT1(0x02); + + /* serialNumber INTEGER 1 */ + PUT1(0x02); PUT1(0x01); PUT1(0x01); + + /* signature: ecdsa-with-SHA256 */ + s = pos; + { + unsigned char oid[] = {0x06,0x08,0x2A,0x86,0x48,0xCE, + 0x3D,0x04,0x03,0x02}; + PUTN(oid, sizeof(oid)); + } + WRAP(s, 0x30); + + /* issuer: CN=A */ + s = pos; + { + size_t rdn = pos, atv = pos; + unsigned char cn[] = {0x06,0x03,0x55,0x04,0x03}; + PUTN(cn, sizeof(cn)); + PUT1(0x0C); PUT1(0x01); PUT1('A'); + WRAP(atv, 0x30); WRAP(rdn, 0x31); WRAP(s, 0x30); + } + + /* validity */ + s = pos; + { + unsigned char t1[] = {0x17,0x0D,'2','5','0','1','0','1', + '0','0','0','0','0','0','Z'}; + unsigned char t2[] = {0x17,0x0D,'3','5','0','1','0','1', + '0','0','0','0','0','0','Z'}; + PUTN(t1, sizeof(t1)); PUTN(t2, sizeof(t2)); + } + WRAP(s, 0x30); + + /* subject: CN=A */ + s = pos; + { + size_t rdn = pos, atv = pos; + unsigned char cn[] = {0x06,0x03,0x55,0x04,0x03}; + PUTN(cn, sizeof(cn)); + PUT1(0x0C); PUT1(0x01); PUT1('A'); + WRAP(atv, 0x30); WRAP(rdn, 0x31); WRAP(s, 0x30); + } + + /* subjectPublicKeyInfo: EC P-256 with dummy point */ + s = pos; + { + size_t alg = pos, bs; + unsigned char ecpk[] = {0x06,0x07,0x2A,0x86,0x48,0xCE, + 0x3D,0x02,0x01}; + unsigned char p256[] = {0x06,0x08,0x2A,0x86,0x48,0xCE, + 0x3D,0x03,0x01,0x07}; + PUTN(ecpk, sizeof(ecpk)); + PUTN(p256, sizeof(p256)); + WRAP(alg, 0x30); + bs = pos; + PUT1(0x00); PUT1(0x04); + /* Use P-256 generator point (valid on-curve point) so that + * builds with WOLFSSL_VALIDATE_ECC_IMPORT accept the key. */ + { + static const unsigned char p256G[64] = { + 0x6B,0x17,0xD1,0xF2,0xE1,0x2C,0x42,0x47, + 0xF8,0xBC,0xE6,0xE5,0x63,0xA4,0x40,0xF2, + 0x77,0x03,0x7D,0x81,0x2D,0xEB,0x33,0xA0, + 0xF4,0xA1,0x39,0x45,0xD8,0x98,0xC2,0x96, + 0x4F,0xE3,0x42,0xE2,0xFE,0x1A,0x7F,0x9B, + 0x8E,0xE7,0xEB,0x4A,0x7C,0x0F,0x9E,0x16, + 0x2B,0xCE,0x33,0x57,0x6B,0x31,0x5E,0xCE, + 0xCB,0xB6,0x40,0x68,0x37,0xBF,0x51,0xF5 + }; + PUTN(p256G, sizeof(p256G)); + } + WRAP(bs, 0x03); + } + WRAP(s, 0x30); + + /* extensions [3] */ + { + size_t exts_outer = pos, exts_seq = pos, ext = pos, ev; + unsigned char akid_oid[] = {0x06,0x03,0x55,0x1D,0x23}; + PUTN(akid_oid, sizeof(akid_oid)); + ev = pos; + if (akid_val != NULL) + PUTN(akid_val, akid_val_len); + WRAP(ev, 0x04); + WRAP(ext, 0x30); + WRAP(exts_seq, 0x30); + WRAP(exts_outer, 0xA3); + } + + WRAP(tbs_start, 0x30); + + /* signatureAlgorithm */ + s = pos; + { + unsigned char oid[] = {0x06,0x08,0x2A,0x86,0x48,0xCE, + 0x3D,0x04,0x03,0x02}; + PUTN(oid, sizeof(oid)); + } + WRAP(s, 0x30); + + /* signatureValue: dummy */ + s = pos; + { + size_t sig; + PUT1(0x00); + sig = pos; + PUT1(0x02); PUT1(0x01); PUT1(0x01); + PUT1(0x02); PUT1(0x01); PUT1(0x01); + WRAP(sig, 0x30); + } + WRAP(s, 0x03); + + WRAP(0, 0x30); /* outer Certificate SEQUENCE */ + } + + /* Parse the crafted certificate */ + x = wolfSSL_X509_d2i(NULL, buf, (int)pos); + ExpectNotNull(x); + + /* Attempt re-encode via i2d_X509_bio -- must fail gracefully, not + * overflow. Before the fix this would write ~4000 bytes past the + * end of cert->akid[]. */ + bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()); + ExpectNotNull(bio); + ExpectIntEQ(wolfSSL_i2d_X509_bio(bio, x), 0); + + wolfSSL_BIO_free(bio); + wolfSSL_X509_free(x); + XFREE(akid_val, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#ifdef WOLFSSL_SMALL_STACK + XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + #undef PUT1 + #undef PUTN + #undef TLV_HDR + #undef WRAP +#endif + return EXPECT_RESULT(); +} diff --git a/tests/api/test_x509.h b/tests/api/test_x509.h index 09edb60fdb1..adbc980f8bc 100644 --- a/tests/api/test_x509.h +++ b/tests/api/test_x509.h @@ -27,12 +27,14 @@ int test_x509_GetCAByAKID(void); int test_x509_set_serialNumber(void); int test_x509_verify_cert_hostname_check(void); int test_x509_time_field_overread_via_tls(void); +int test_x509_CertFromX509_akid_overflow(void); #define TEST_X509_DECLS \ TEST_DECL_GROUP("x509", test_x509_rfc2818_verification_callback), \ TEST_DECL_GROUP("x509", test_x509_GetCAByAKID), \ TEST_DECL_GROUP("x509", test_x509_set_serialNumber), \ TEST_DECL_GROUP("x509", test_x509_verify_cert_hostname_check), \ - TEST_DECL_GROUP("x509", test_x509_time_field_overread_via_tls) + TEST_DECL_GROUP("x509", test_x509_time_field_overread_via_tls), \ + TEST_DECL_GROUP("x509", test_x509_CertFromX509_akid_overflow) #endif /* WOLFCRYPT_TEST_X509_H */ diff --git a/wolfcrypt/src/ascon.c b/wolfcrypt/src/ascon.c index 8c61f00bf03..8bd1e88d4d6 100644 --- a/wolfcrypt/src/ascon.c +++ b/wolfcrypt/src/ascon.c @@ -45,6 +45,9 @@ #ifndef WORD64_AVAILABLE #error "Ascon implementation requires a 64-bit word" #endif +#ifdef BIG_ENDIAN_ORDER + #error "Ascon not yet supported on big-endian systems" +#endif /* Data block size in bytes */ #define ASCON_HASH256_RATE 8 diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index bb5027570b6..315d594663e 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -23330,6 +23330,15 @@ static wcchar kDecInfoHeader = "DEK-Info"; #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256) static wcchar kEncTypeAesCbc256 = "AES-256-CBC"; #endif +#if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_128) + static wcchar kEncTypeAesCtr128 = "AES-128-CTR"; +#endif +#if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_192) + static wcchar kEncTypeAesCtr192 = "AES-192-CTR"; +#endif +#if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_256) + static wcchar kEncTypeAesCtr256 = "AES-256-CTR"; +#endif int wc_EncryptedInfoGet(EncryptedInfo* info, const char* cipherInfo) { @@ -23385,6 +23394,30 @@ int wc_EncryptedInfoGet(EncryptedInfo* info, const char* cipherInfo) if (info->ivSz == 0) info->ivSz = AES_IV_SIZE; } else +#endif +#if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_128) + if (XSTRCMP(cipherInfo, kEncTypeAesCtr128) == 0) { + info->cipherType = WC_CIPHER_AES_CTR; + info->keySz = AES_128_KEY_SIZE; + if (info->ivSz == 0) info->ivSz = AES_IV_SIZE; + } + else +#endif +#if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_192) + if (XSTRCMP(cipherInfo, kEncTypeAesCtr192) == 0) { + info->cipherType = WC_CIPHER_AES_CTR; + info->keySz = AES_192_KEY_SIZE; + if (info->ivSz == 0) info->ivSz = AES_IV_SIZE; + } + else +#endif +#if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_256) + if (XSTRCMP(cipherInfo, kEncTypeAesCtr256) == 0) { + info->cipherType = WC_CIPHER_AES_CTR; + info->keySz = AES_256_KEY_SIZE; + if (info->ivSz == 0) info->ivSz = AES_IV_SIZE; + } + else #endif { ret = NOT_COMPILED_IN; diff --git a/wolfcrypt/src/blake2b.c b/wolfcrypt/src/blake2b.c index 90776bbef1f..7e7b60bab93 100644 --- a/wolfcrypt/src/blake2b.c +++ b/wolfcrypt/src/blake2b.c @@ -426,6 +426,9 @@ int wc_InitBlake2b(Blake2b* b2b, word32 digestSz) if (b2b == NULL){ return BAD_FUNC_ARG; } + if (digestSz == 0 || digestSz > BLAKE2B_OUTBYTES) { + return BAD_FUNC_ARG; + } b2b->digestSz = digestSz; return blake2b_init(b2b->S, (byte)digestSz); @@ -437,6 +440,9 @@ int wc_InitBlake2b_WithKey(Blake2b* b2b, word32 digestSz, const byte *key, word3 if (b2b == NULL){ return BAD_FUNC_ARG; } + if (digestSz == 0 || digestSz > BLAKE2B_OUTBYTES) { + return BAD_FUNC_ARG; + } b2b->digestSz = digestSz; if (keylen >= 256) @@ -478,6 +484,9 @@ int wc_Blake2bFinal(Blake2b* b2b, byte* final, word32 requestSz) } sz = requestSz ? requestSz : b2b->digestSz; + if (sz == 0 || sz > BLAKE2B_OUTBYTES) { + return BAD_FUNC_ARG; + } return blake2b_final(b2b->S, final, (byte)sz); } diff --git a/wolfcrypt/src/blake2s.c b/wolfcrypt/src/blake2s.c index ee105209bb0..ae48b9b3d8b 100644 --- a/wolfcrypt/src/blake2s.c +++ b/wolfcrypt/src/blake2s.c @@ -421,6 +421,9 @@ int wc_InitBlake2s(Blake2s* b2s, word32 digestSz) if (b2s == NULL){ return BAD_FUNC_ARG; } + if (digestSz == 0 || digestSz > BLAKE2S_OUTBYTES) { + return BAD_FUNC_ARG; + } b2s->digestSz = digestSz; return blake2s_init(b2s->S, (byte)digestSz); @@ -433,6 +436,9 @@ int wc_InitBlake2s_WithKey(Blake2s* b2s, word32 digestSz, const byte *key, word3 if (b2s == NULL){ return BAD_FUNC_ARG; } + if (digestSz == 0 || digestSz > BLAKE2S_OUTBYTES) { + return BAD_FUNC_ARG; + } b2s->digestSz = digestSz; if (keylen >= 256) @@ -475,6 +481,9 @@ int wc_Blake2sFinal(Blake2s* b2s, byte* final, word32 requestSz) } sz = requestSz ? requestSz : b2s->digestSz; + if (sz == 0 || sz > BLAKE2S_OUTBYTES) { + return BAD_FUNC_ARG; + } return blake2s_final(b2s->S, final, (byte)sz); } diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index fc4f68eb9fc..b802958a9ee 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -695,10 +695,16 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx, break; #if defined(WOLFSSL_DES_ECB) case WC_DES_ECB_TYPE: - ret = wc_Des_EcbEncrypt(&ctx->cipher.des, out, in, inl); + if (ctx->enc) + ret = wc_Des_EcbEncrypt(&ctx->cipher.des, out, in, inl); + else + ret = wc_Des_EcbDecrypt(&ctx->cipher.des, out, in, inl); break; case WC_DES_EDE3_ECB_TYPE: - ret = wc_Des3_EcbEncrypt(&ctx->cipher.des3, out, in, inl); + if (ctx->enc) + ret = wc_Des3_EcbEncrypt(&ctx->cipher.des3, out, in, inl); + else + ret = wc_Des3_EcbDecrypt(&ctx->cipher.des3, out, in, inl); break; #endif #endif @@ -8749,13 +8755,19 @@ void wolfSSL_EVP_init(void) #ifdef WOLFSSL_DES_ECB case WC_DES_ECB_TYPE : WOLFSSL_MSG("DES ECB"); - ret = wc_Des_EcbEncrypt(&ctx->cipher.des, dst, src, len); + if (ctx->enc) + ret = wc_Des_EcbEncrypt(&ctx->cipher.des, dst, src, len); + else + ret = wc_Des_EcbDecrypt(&ctx->cipher.des, dst, src, len); if (ret == 0) ret = (int)((len / DES_BLOCK_SIZE) * DES_BLOCK_SIZE); break; case WC_DES_EDE3_ECB_TYPE : WOLFSSL_MSG("DES3 ECB"); - ret = wc_Des3_EcbEncrypt(&ctx->cipher.des3, dst, src, len); + if (ctx->enc) + ret = wc_Des3_EcbEncrypt(&ctx->cipher.des3, dst, src, len); + else + ret = wc_Des3_EcbDecrypt(&ctx->cipher.des3, dst, src, len); if (ret == 0) ret = (int)((len / DES_BLOCK_SIZE) * DES_BLOCK_SIZE); break; diff --git a/wolfcrypt/src/pkcs12.c b/wolfcrypt/src/pkcs12.c index 806b80514c9..f3f51978337 100644 --- a/wolfcrypt/src/pkcs12.c +++ b/wolfcrypt/src/pkcs12.c @@ -1147,7 +1147,7 @@ static byte* PKCS12_ConcatenateContent(WC_PKCS12* pkcs12,byte* mergedData, { byte* oldContent; word32 oldContentSz; - word32 newSz; + word32 newSz = 0; (void)pkcs12; diff --git a/wolfcrypt/src/port/caam/wolfcaam_seco.c b/wolfcrypt/src/port/caam/wolfcaam_seco.c index 374f779aee4..8389d0470d8 100644 --- a/wolfcrypt/src/port/caam/wolfcaam_seco.c +++ b/wolfcrypt/src/port/caam/wolfcaam_seco.c @@ -1075,7 +1075,7 @@ static hsm_err_t wc_SECO_AESGCM(unsigned int args[4], CAAM_BUFFER* buf, int sz) } XFREE(cipherAndTag, NULL, DYNAMIC_TYPE_TMP_BUFFER); (void)sz; - return HSM_NO_ERROR; + return err; } diff --git a/wolfcrypt/src/sp_arm32.c b/wolfcrypt/src/sp_arm32.c index 991f5fc4783..62a7376a53a 100644 --- a/wolfcrypt/src/sp_arm32.c +++ b/wolfcrypt/src/sp_arm32.c @@ -75874,10 +75874,6 @@ static int sp_256_ecc_mulmod_8(sp_point_256* r, const sp_point_256* g, if (cache->cnt == 2) sp_256_gen_stripe_table_8(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_256_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_256_ecc_mulmod_fast_8(r, g, k, map, ct, heap); } @@ -75885,6 +75881,9 @@ static int sp_256_ecc_mulmod_8(sp_point_256* r, const sp_point_256* g, err = sp_256_ecc_mulmod_stripe_8(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_256_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -76256,10 +76255,6 @@ static int sp_256_ecc_mulmod_8(sp_point_256* r, const sp_point_256* g, if (cache->cnt == 2) sp_256_gen_stripe_table_8(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_256_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_256_ecc_mulmod_fast_8(r, g, k, map, ct, heap); } @@ -76267,6 +76262,9 @@ static int sp_256_ecc_mulmod_8(sp_point_256* r, const sp_point_256* g, err = sp_256_ecc_mulmod_stripe_8(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_256_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -93909,10 +93907,6 @@ static int sp_384_ecc_mulmod_12(sp_point_384* r, const sp_point_384* g, if (cache->cnt == 2) sp_384_gen_stripe_table_12(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_384_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_384_ecc_mulmod_fast_12(r, g, k, map, ct, heap); } @@ -93920,6 +93914,9 @@ static int sp_384_ecc_mulmod_12(sp_point_384* r, const sp_point_384* g, err = sp_384_ecc_mulmod_stripe_12(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_384_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -94307,10 +94304,6 @@ static int sp_384_ecc_mulmod_12(sp_point_384* r, const sp_point_384* g, if (cache->cnt == 2) sp_384_gen_stripe_table_12(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_384_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_384_ecc_mulmod_fast_12(r, g, k, map, ct, heap); } @@ -94318,6 +94311,9 @@ static int sp_384_ecc_mulmod_12(sp_point_384* r, const sp_point_384* g, err = sp_384_ecc_mulmod_stripe_12(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_384_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -121070,10 +121066,6 @@ static int sp_521_ecc_mulmod_17(sp_point_521* r, const sp_point_521* g, if (cache->cnt == 2) sp_521_gen_stripe_table_17(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_521_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_521_ecc_mulmod_fast_17(r, g, k, map, ct, heap); } @@ -121081,6 +121073,9 @@ static int sp_521_ecc_mulmod_17(sp_point_521* r, const sp_point_521* g, err = sp_521_ecc_mulmod_stripe_17(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_521_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -121488,10 +121483,6 @@ static int sp_521_ecc_mulmod_17(sp_point_521* r, const sp_point_521* g, if (cache->cnt == 2) sp_521_gen_stripe_table_17(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_521_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_521_ecc_mulmod_fast_17(r, g, k, map, ct, heap); } @@ -121499,6 +121490,9 @@ static int sp_521_ecc_mulmod_17(sp_point_521* r, const sp_point_521* g, err = sp_521_ecc_mulmod_stripe_17(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_521_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -150839,10 +150833,6 @@ static int sp_1024_ecc_mulmod_32(sp_point_1024* r, const sp_point_1024* g, if (cache->cnt == 2) sp_1024_gen_stripe_table_32(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_1024_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_1024_ecc_mulmod_fast_32(r, g, k, map, ct, heap); } @@ -150850,6 +150840,9 @@ static int sp_1024_ecc_mulmod_32(sp_point_1024* r, const sp_point_1024* g, err = sp_1024_ecc_mulmod_stripe_32(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_1024_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -151154,10 +151147,6 @@ static int sp_1024_ecc_mulmod_32(sp_point_1024* r, const sp_point_1024* g, if (cache->cnt == 2) sp_1024_gen_stripe_table_32(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_1024_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_1024_ecc_mulmod_fast_32(r, g, k, map, ct, heap); } @@ -151165,6 +151154,9 @@ static int sp_1024_ecc_mulmod_32(sp_point_1024* r, const sp_point_1024* g, err = sp_1024_ecc_mulmod_stripe_32(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_1024_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); diff --git a/wolfcrypt/src/sp_arm64.c b/wolfcrypt/src/sp_arm64.c index f06ad68f74c..402e75a6db0 100644 --- a/wolfcrypt/src/sp_arm64.c +++ b/wolfcrypt/src/sp_arm64.c @@ -24685,10 +24685,6 @@ static int sp_256_ecc_mulmod_4(sp_point_256* r, const sp_point_256* g, if (cache->cnt == 2) sp_256_gen_stripe_table_4(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_256_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_256_ecc_mulmod_win_add_sub_4(r, g, k, map, ct, heap); } @@ -24696,6 +24692,9 @@ static int sp_256_ecc_mulmod_4(sp_point_256* r, const sp_point_256* g, err = sp_256_ecc_mulmod_stripe_4(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_256_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -25074,10 +25073,6 @@ static int sp_256_ecc_mulmod_4(sp_point_256* r, const sp_point_256* g, if (cache->cnt == 2) sp_256_gen_stripe_table_4(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_256_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_256_ecc_mulmod_win_add_sub_4(r, g, k, map, ct, heap); } @@ -25085,6 +25080,9 @@ static int sp_256_ecc_mulmod_4(sp_point_256* r, const sp_point_256* g, err = sp_256_ecc_mulmod_stripe_4(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_256_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -45189,10 +45187,6 @@ static int sp_384_ecc_mulmod_6(sp_point_384* r, const sp_point_384* g, if (cache->cnt == 2) sp_384_gen_stripe_table_6(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_384_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_384_ecc_mulmod_win_add_sub_6(r, g, k, map, ct, heap); } @@ -45200,6 +45194,9 @@ static int sp_384_ecc_mulmod_6(sp_point_384* r, const sp_point_384* g, err = sp_384_ecc_mulmod_stripe_6(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_384_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -45578,10 +45575,6 @@ static int sp_384_ecc_mulmod_6(sp_point_384* r, const sp_point_384* g, if (cache->cnt == 2) sp_384_gen_stripe_table_6(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_384_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_384_ecc_mulmod_win_add_sub_6(r, g, k, map, ct, heap); } @@ -45589,6 +45582,9 @@ static int sp_384_ecc_mulmod_6(sp_point_384* r, const sp_point_384* g, err = sp_384_ecc_mulmod_stripe_6(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_384_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -73181,10 +73177,6 @@ static int sp_521_ecc_mulmod_9(sp_point_521* r, const sp_point_521* g, if (cache->cnt == 2) sp_521_gen_stripe_table_9(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_521_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_521_ecc_mulmod_win_add_sub_9(r, g, k, map, ct, heap); } @@ -73192,6 +73184,9 @@ static int sp_521_ecc_mulmod_9(sp_point_521* r, const sp_point_521* g, err = sp_521_ecc_mulmod_stripe_9(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_521_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -73588,10 +73583,6 @@ static int sp_521_ecc_mulmod_9(sp_point_521* r, const sp_point_521* g, if (cache->cnt == 2) sp_521_gen_stripe_table_9(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_521_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_521_ecc_mulmod_win_add_sub_9(r, g, k, map, ct, heap); } @@ -73599,6 +73590,9 @@ static int sp_521_ecc_mulmod_9(sp_point_521* r, const sp_point_521* g, err = sp_521_ecc_mulmod_stripe_9(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_521_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -116668,10 +116662,6 @@ static int sp_1024_ecc_mulmod_16(sp_point_1024* r, const sp_point_1024* g, if (cache->cnt == 2) sp_1024_gen_stripe_table_16(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_1024_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_1024_ecc_mulmod_win_add_sub_16(r, g, k, map, ct, heap); } @@ -116679,6 +116669,9 @@ static int sp_1024_ecc_mulmod_16(sp_point_1024* r, const sp_point_1024* g, err = sp_1024_ecc_mulmod_stripe_16(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_1024_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); diff --git a/wolfcrypt/src/sp_armthumb.c b/wolfcrypt/src/sp_armthumb.c index 508dbbfd435..88604d693c8 100644 --- a/wolfcrypt/src/sp_armthumb.c +++ b/wolfcrypt/src/sp_armthumb.c @@ -101326,10 +101326,6 @@ static int sp_256_ecc_mulmod_8(sp_point_256* r, const sp_point_256* g, if (cache->cnt == 2) sp_256_gen_stripe_table_8(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_256_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_256_ecc_mulmod_fast_8(r, g, k, map, ct, heap); } @@ -101337,6 +101333,9 @@ static int sp_256_ecc_mulmod_8(sp_point_256* r, const sp_point_256* g, err = sp_256_ecc_mulmod_stripe_8(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_256_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -101708,10 +101707,6 @@ static int sp_256_ecc_mulmod_8(sp_point_256* r, const sp_point_256* g, if (cache->cnt == 2) sp_256_gen_stripe_table_8(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_256_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_256_ecc_mulmod_fast_8(r, g, k, map, ct, heap); } @@ -101719,6 +101714,9 @@ static int sp_256_ecc_mulmod_8(sp_point_256* r, const sp_point_256* g, err = sp_256_ecc_mulmod_stripe_8(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_256_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -111761,10 +111759,6 @@ static int sp_384_ecc_mulmod_12(sp_point_384* r, const sp_point_384* g, if (cache->cnt == 2) sp_384_gen_stripe_table_12(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_384_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_384_ecc_mulmod_fast_12(r, g, k, map, ct, heap); } @@ -111772,6 +111766,9 @@ static int sp_384_ecc_mulmod_12(sp_point_384* r, const sp_point_384* g, err = sp_384_ecc_mulmod_stripe_12(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_384_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -112159,10 +112156,6 @@ static int sp_384_ecc_mulmod_12(sp_point_384* r, const sp_point_384* g, if (cache->cnt == 2) sp_384_gen_stripe_table_12(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_384_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_384_ecc_mulmod_fast_12(r, g, k, map, ct, heap); } @@ -112170,6 +112163,9 @@ static int sp_384_ecc_mulmod_12(sp_point_384* r, const sp_point_384* g, err = sp_384_ecc_mulmod_stripe_12(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_384_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -124995,10 +124991,6 @@ static int sp_521_ecc_mulmod_17(sp_point_521* r, const sp_point_521* g, if (cache->cnt == 2) sp_521_gen_stripe_table_17(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_521_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_521_ecc_mulmod_fast_17(r, g, k, map, ct, heap); } @@ -125006,6 +124998,9 @@ static int sp_521_ecc_mulmod_17(sp_point_521* r, const sp_point_521* g, err = sp_521_ecc_mulmod_stripe_17(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_521_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -125413,10 +125408,6 @@ static int sp_521_ecc_mulmod_17(sp_point_521* r, const sp_point_521* g, if (cache->cnt == 2) sp_521_gen_stripe_table_17(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_521_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_521_ecc_mulmod_fast_17(r, g, k, map, ct, heap); } @@ -125424,6 +125415,9 @@ static int sp_521_ecc_mulmod_17(sp_point_521* r, const sp_point_521* g, err = sp_521_ecc_mulmod_stripe_17(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_521_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -209206,10 +209200,6 @@ static int sp_1024_ecc_mulmod_32(sp_point_1024* r, const sp_point_1024* g, if (cache->cnt == 2) sp_1024_gen_stripe_table_32(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_1024_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_1024_ecc_mulmod_fast_32(r, g, k, map, ct, heap); } @@ -209217,6 +209207,9 @@ static int sp_1024_ecc_mulmod_32(sp_point_1024* r, const sp_point_1024* g, err = sp_1024_ecc_mulmod_stripe_32(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_1024_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -209521,10 +209514,6 @@ static int sp_1024_ecc_mulmod_32(sp_point_1024* r, const sp_point_1024* g, if (cache->cnt == 2) sp_1024_gen_stripe_table_32(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_1024_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_1024_ecc_mulmod_fast_32(r, g, k, map, ct, heap); } @@ -209532,6 +209521,9 @@ static int sp_1024_ecc_mulmod_32(sp_point_1024* r, const sp_point_1024* g, err = sp_1024_ecc_mulmod_stripe_32(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_1024_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); diff --git a/wolfcrypt/src/sp_c32.c b/wolfcrypt/src/sp_c32.c index 137f69cebc2..16889893c91 100644 --- a/wolfcrypt/src/sp_c32.c +++ b/wolfcrypt/src/sp_c32.c @@ -21573,10 +21573,6 @@ static int sp_256_ecc_mulmod_9(sp_point_256* r, const sp_point_256* g, if (cache->cnt == 2) sp_256_gen_stripe_table_9(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_256_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_256_ecc_mulmod_win_add_sub_9(r, g, k, map, ct, heap); } @@ -21584,6 +21580,9 @@ static int sp_256_ecc_mulmod_9(sp_point_256* r, const sp_point_256* g, err = sp_256_ecc_mulmod_stripe_9(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_256_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -28692,10 +28691,6 @@ static int sp_384_ecc_mulmod_15(sp_point_384* r, const sp_point_384* g, if (cache->cnt == 2) sp_384_gen_stripe_table_15(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_384_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_384_ecc_mulmod_win_add_sub_15(r, g, k, map, ct, heap); } @@ -28703,6 +28698,9 @@ static int sp_384_ecc_mulmod_15(sp_point_384* r, const sp_point_384* g, err = sp_384_ecc_mulmod_stripe_15(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_384_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -35873,10 +35871,6 @@ static int sp_521_ecc_mulmod_21(sp_point_521* r, const sp_point_521* g, if (cache->cnt == 2) sp_521_gen_stripe_table_21(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_521_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_521_ecc_mulmod_win_add_sub_21(r, g, k, map, ct, heap); } @@ -35884,6 +35878,9 @@ static int sp_521_ecc_mulmod_21(sp_point_521* r, const sp_point_521* g, err = sp_521_ecc_mulmod_stripe_21(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_521_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -44014,10 +44011,6 @@ static int sp_1024_ecc_mulmod_42(sp_point_1024* r, const sp_point_1024* g, if (cache->cnt == 2) sp_1024_gen_stripe_table_42(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_1024_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_1024_ecc_mulmod_win_add_sub_42(r, g, k, map, ct, heap); } @@ -44025,6 +44018,9 @@ static int sp_1024_ecc_mulmod_42(sp_point_1024* r, const sp_point_1024* g, err = sp_1024_ecc_mulmod_stripe_42(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_1024_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); diff --git a/wolfcrypt/src/sp_c64.c b/wolfcrypt/src/sp_c64.c index e408e871f44..089b8fca839 100644 --- a/wolfcrypt/src/sp_c64.c +++ b/wolfcrypt/src/sp_c64.c @@ -22066,10 +22066,6 @@ static int sp_256_ecc_mulmod_5(sp_point_256* r, const sp_point_256* g, if (cache->cnt == 2) sp_256_gen_stripe_table_5(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_256_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_256_ecc_mulmod_win_add_sub_5(r, g, k, map, ct, heap); } @@ -22077,6 +22073,9 @@ static int sp_256_ecc_mulmod_5(sp_point_256* r, const sp_point_256* g, err = sp_256_ecc_mulmod_stripe_5(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_256_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -28612,10 +28611,6 @@ static int sp_384_ecc_mulmod_7(sp_point_384* r, const sp_point_384* g, if (cache->cnt == 2) sp_384_gen_stripe_table_7(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_384_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_384_ecc_mulmod_win_add_sub_7(r, g, k, map, ct, heap); } @@ -28623,6 +28618,9 @@ static int sp_384_ecc_mulmod_7(sp_point_384* r, const sp_point_384* g, err = sp_384_ecc_mulmod_stripe_7(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_384_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -35631,10 +35629,6 @@ static int sp_521_ecc_mulmod_9(sp_point_521* r, const sp_point_521* g, if (cache->cnt == 2) sp_521_gen_stripe_table_9(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_521_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_521_ecc_mulmod_win_add_sub_9(r, g, k, map, ct, heap); } @@ -35642,6 +35636,9 @@ static int sp_521_ecc_mulmod_9(sp_point_521* r, const sp_point_521* g, err = sp_521_ecc_mulmod_stripe_9(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_521_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -42954,10 +42951,6 @@ static int sp_1024_ecc_mulmod_18(sp_point_1024* r, const sp_point_1024* g, if (cache->cnt == 2) sp_1024_gen_stripe_table_18(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_1024_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_1024_ecc_mulmod_win_add_sub_18(r, g, k, map, ct, heap); } @@ -42965,6 +42958,9 @@ static int sp_1024_ecc_mulmod_18(sp_point_1024* r, const sp_point_1024* g, err = sp_1024_ecc_mulmod_stripe_18(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_1024_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); diff --git a/wolfcrypt/src/sp_cortexm.c b/wolfcrypt/src/sp_cortexm.c index 5cde3aad8ca..a36602d1952 100644 --- a/wolfcrypt/src/sp_cortexm.c +++ b/wolfcrypt/src/sp_cortexm.c @@ -37260,10 +37260,6 @@ static int sp_256_ecc_mulmod_8(sp_point_256* r, const sp_point_256* g, if (cache->cnt == 2) sp_256_gen_stripe_table_8(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_256_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_256_ecc_mulmod_fast_8(r, g, k, map, ct, heap); } @@ -37271,6 +37267,9 @@ static int sp_256_ecc_mulmod_8(sp_point_256* r, const sp_point_256* g, err = sp_256_ecc_mulmod_stripe_8(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_256_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -37642,10 +37641,6 @@ static int sp_256_ecc_mulmod_8(sp_point_256* r, const sp_point_256* g, if (cache->cnt == 2) sp_256_gen_stripe_table_8(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_256_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_256_ecc_mulmod_fast_8(r, g, k, map, ct, heap); } @@ -37653,6 +37648,9 @@ static int sp_256_ecc_mulmod_8(sp_point_256* r, const sp_point_256* g, err = sp_256_ecc_mulmod_stripe_8(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_256_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -47215,10 +47213,6 @@ static int sp_384_ecc_mulmod_12(sp_point_384* r, const sp_point_384* g, if (cache->cnt == 2) sp_384_gen_stripe_table_12(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_384_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_384_ecc_mulmod_fast_12(r, g, k, map, ct, heap); } @@ -47226,6 +47220,9 @@ static int sp_384_ecc_mulmod_12(sp_point_384* r, const sp_point_384* g, err = sp_384_ecc_mulmod_stripe_12(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_384_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -47613,10 +47610,6 @@ static int sp_384_ecc_mulmod_12(sp_point_384* r, const sp_point_384* g, if (cache->cnt == 2) sp_384_gen_stripe_table_12(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_384_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_384_ecc_mulmod_fast_12(r, g, k, map, ct, heap); } @@ -47624,6 +47617,9 @@ static int sp_384_ecc_mulmod_12(sp_point_384* r, const sp_point_384* g, err = sp_384_ecc_mulmod_stripe_12(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_384_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -59084,10 +59080,6 @@ static int sp_521_ecc_mulmod_17(sp_point_521* r, const sp_point_521* g, if (cache->cnt == 2) sp_521_gen_stripe_table_17(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_521_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_521_ecc_mulmod_fast_17(r, g, k, map, ct, heap); } @@ -59095,6 +59087,9 @@ static int sp_521_ecc_mulmod_17(sp_point_521* r, const sp_point_521* g, err = sp_521_ecc_mulmod_stripe_17(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_521_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -59502,10 +59497,6 @@ static int sp_521_ecc_mulmod_17(sp_point_521* r, const sp_point_521* g, if (cache->cnt == 2) sp_521_gen_stripe_table_17(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_521_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_521_ecc_mulmod_fast_17(r, g, k, map, ct, heap); } @@ -59513,6 +59504,9 @@ static int sp_521_ecc_mulmod_17(sp_point_521* r, const sp_point_521* g, err = sp_521_ecc_mulmod_stripe_17(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_521_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -73371,10 +73365,6 @@ static int sp_1024_ecc_mulmod_32(sp_point_1024* r, const sp_point_1024* g, if (cache->cnt == 2) sp_1024_gen_stripe_table_32(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_1024_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_1024_ecc_mulmod_fast_32(r, g, k, map, ct, heap); } @@ -73382,6 +73372,9 @@ static int sp_1024_ecc_mulmod_32(sp_point_1024* r, const sp_point_1024* g, err = sp_1024_ecc_mulmod_stripe_32(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_1024_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -73686,10 +73679,6 @@ static int sp_1024_ecc_mulmod_32(sp_point_1024* r, const sp_point_1024* g, if (cache->cnt == 2) sp_1024_gen_stripe_table_32(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_1024_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_1024_ecc_mulmod_fast_32(r, g, k, map, ct, heap); } @@ -73697,6 +73686,9 @@ static int sp_1024_ecc_mulmod_32(sp_point_1024* r, const sp_point_1024* g, err = sp_1024_ecc_mulmod_stripe_32(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_1024_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); diff --git a/wolfcrypt/src/sp_dsp32.c b/wolfcrypt/src/sp_dsp32.c index f040894ef6d..885d57643b6 100644 --- a/wolfcrypt/src/sp_dsp32.c +++ b/wolfcrypt/src/sp_dsp32.c @@ -2710,10 +2710,6 @@ static int sp_256_ecc_mulmod_10(sp_point* r, const sp_point* g, const sp_digit* if (cache->cnt == 2) sp_256_gen_stripe_table_10(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_256_ecc_mulmod_fast_10(r, g, k, map, heap); } @@ -2721,6 +2717,9 @@ static int sp_256_ecc_mulmod_10(sp_point* r, const sp_point* g, const sp_digit* err = sp_256_ecc_mulmod_stripe_10(r, g, cache->table, k, map, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_lock); +#endif /* HAVE_THREAD_LS */ } return err; diff --git a/wolfcrypt/src/sp_x86_64.c b/wolfcrypt/src/sp_x86_64.c index ab682df02f1..1f7cd9e3961 100644 --- a/wolfcrypt/src/sp_x86_64.c +++ b/wolfcrypt/src/sp_x86_64.c @@ -10488,10 +10488,6 @@ static int sp_256_ecc_mulmod_4(sp_point_256* r, const sp_point_256* g, if (cache->cnt == 2) sp_256_gen_stripe_table_4(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_256_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_256_ecc_mulmod_win_add_sub_4(r, g, k, map, ct, heap); } @@ -10499,6 +10495,9 @@ static int sp_256_ecc_mulmod_4(sp_point_256* r, const sp_point_256* g, err = sp_256_ecc_mulmod_stripe_4(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_256_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -10827,10 +10826,6 @@ static int sp_256_ecc_mulmod_avx2_4(sp_point_256* r, const sp_point_256* g, if (cache->cnt == 2) sp_256_gen_stripe_table_avx2_4(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_256_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_256_ecc_mulmod_win_add_sub_avx2_4(r, g, k, map, ct, heap); } @@ -10838,6 +10833,9 @@ static int sp_256_ecc_mulmod_avx2_4(sp_point_256* r, const sp_point_256* g, err = sp_256_ecc_mulmod_stripe_avx2_4(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_256_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -29240,10 +29238,6 @@ static int sp_384_ecc_mulmod_6(sp_point_384* r, const sp_point_384* g, if (cache->cnt == 2) sp_384_gen_stripe_table_6(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_384_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_384_ecc_mulmod_win_add_sub_6(r, g, k, map, ct, heap); } @@ -29251,6 +29245,9 @@ static int sp_384_ecc_mulmod_6(sp_point_384* r, const sp_point_384* g, err = sp_384_ecc_mulmod_stripe_6(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_384_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -29582,10 +29579,6 @@ static int sp_384_ecc_mulmod_avx2_6(sp_point_384* r, const sp_point_384* g, if (cache->cnt == 2) sp_384_gen_stripe_table_avx2_6(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_384_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_384_ecc_mulmod_win_add_sub_avx2_6(r, g, k, map, ct, heap); } @@ -29593,6 +29586,9 @@ static int sp_384_ecc_mulmod_avx2_6(sp_point_384* r, const sp_point_384* g, err = sp_384_ecc_mulmod_stripe_avx2_6(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_384_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -53694,10 +53690,6 @@ static int sp_521_ecc_mulmod_9(sp_point_521* r, const sp_point_521* g, if (cache->cnt == 2) sp_521_gen_stripe_table_9(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_521_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_521_ecc_mulmod_win_add_sub_9(r, g, k, map, ct, heap); } @@ -53705,6 +53697,9 @@ static int sp_521_ecc_mulmod_9(sp_point_521* r, const sp_point_521* g, err = sp_521_ecc_mulmod_stripe_9(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_521_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -54036,10 +54031,6 @@ static int sp_521_ecc_mulmod_avx2_9(sp_point_521* r, const sp_point_521* g, if (cache->cnt == 2) sp_521_gen_stripe_table_avx2_9(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_521_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_521_ecc_mulmod_win_add_sub_avx2_9(r, g, k, map, ct, heap); } @@ -54047,6 +54038,9 @@ static int sp_521_ecc_mulmod_avx2_9(sp_point_521* r, const sp_point_521* g, err = sp_521_ecc_mulmod_stripe_avx2_9(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_521_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -94467,10 +94461,6 @@ static int sp_1024_ecc_mulmod_16(sp_point_1024* r, const sp_point_1024* g, if (cache->cnt == 2) sp_1024_gen_stripe_table_16(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_1024_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_1024_ecc_mulmod_win_add_sub_16(r, g, k, map, ct, heap); } @@ -94478,6 +94468,9 @@ static int sp_1024_ecc_mulmod_16(sp_point_1024* r, const sp_point_1024* g, err = sp_1024_ecc_mulmod_stripe_16(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_1024_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); @@ -94792,10 +94785,6 @@ static int sp_1024_ecc_mulmod_avx2_16(sp_point_1024* r, const sp_point_1024* g, if (cache->cnt == 2) sp_1024_gen_stripe_table_avx2_16(g, cache->table, tmp, heap); -#ifndef HAVE_THREAD_LS - wc_UnLockMutex(&sp_cache_1024_lock); -#endif /* HAVE_THREAD_LS */ - if (cache->cnt < 2) { err = sp_1024_ecc_mulmod_win_add_sub_avx2_16(r, g, k, map, ct, heap); } @@ -94803,6 +94792,9 @@ static int sp_1024_ecc_mulmod_avx2_16(sp_point_1024* r, const sp_point_1024* g, err = sp_1024_ecc_mulmod_stripe_avx2_16(r, g, cache->table, k, map, ct, heap); } +#ifndef HAVE_THREAD_LS + wc_UnLockMutex(&sp_cache_1024_lock); +#endif /* HAVE_THREAD_LS */ } SP_FREE_VAR(tmp, heap, DYNAMIC_TYPE_ECC); diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 705143b8f13..b3028c9c99d 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -2921,17 +2921,17 @@ WOLFSSL_LOCAL int OcspDecodeCertID(const byte* input, word32* inOutIdx, word32 i #ifdef HAVE_OCSP_RESPONDER /* Revocation reason codes from RFC 5280 */ enum WC_CRL_Reason { - CRL_REASON_UNSPECIFIED = 0, - CRL_REASON_KEY_COMPROMISE = 1, - CRL_REASON_CA_COMPROMISE = 2, - CRL_REASON_AFFILIATION_CHANGED = 3, - CRL_REASON_SUPERSEDED = 4, - CRL_REASON_CESSATION_OF_OPERATION = 5, - CRL_REASON_CERTIFICATE_HOLD = 6, + WC_CRL_REASON_UNSPECIFIED = 0, + WC_CRL_REASON_KEY_COMPROMISE = 1, + WC_CRL_REASON_CA_COMPROMISE = 2, + WC_CRL_REASON_AFFILIATION_CHANGED = 3, + WC_CRL_REASON_SUPERSEDED = 4, + WC_CRL_REASON_CESSATION_OF_OPERATION = 5, + WC_CRL_REASON_CERTIFICATE_HOLD = 6, /* value 7 is not used */ - CRL_REASON_REMOVE_FROM_CRL = 8, - CRL_REASON_PRIVILEGE_WITHDRAWN = 9, - CRL_REASON_AA_COMPROMISE = 10 + WC_CRL_REASON_REMOVE_FROM_CRL = 8, + WC_CRL_REASON_PRIVILEGE_WITHDRAWN = 9, + WC_CRL_REASON_AA_COMPROMISE = 10 }; /* Certificate status entry for a single certificate */