diff --git a/.wolfssl_known_macro_extras b/.wolfssl_known_macro_extras index 618b679755..9c32e038da 100644 --- a/.wolfssl_known_macro_extras +++ b/.wolfssl_known_macro_extras @@ -681,6 +681,7 @@ WOLFSSL_MULTICIRCULATE_ALTNAMELIST WOLFSSL_NONBLOCK_OCSP WOLFSSL_NOSHA3_384 WOLFSSL_NOT_WINDOWS_API +WOLFSSL_NO_AES_CFB_1_8 WOLFSSL_NO_BIO_ADDR_IN WOLFSSL_NO_CLIENT WOLFSSL_NO_CLIENT_CERT_ERROR @@ -722,6 +723,7 @@ WOLFSSL_NRF51_AES WOLFSSL_OLDTLS_AEAD_CIPHERSUITES WOLFSSL_OLDTLS_SHA2_CIPHERSUITES WOLFSSL_OLD_SET_CURVES_LIST +WOLFSSL_OLD_TIMINGPADVERIFY WOLFSSL_OLD_UNSUPPORTED_EXTENSION WOLFSSL_OPTIONS_IGNORE_SYS WOLFSSL_PASSTHRU_ERR @@ -813,7 +815,6 @@ WOLFSSL_XILINX_PATCH WOLFSSL_XIL_MSG_NO_SLEEP WOLFSSL_XMSS_LARGE_SECRET_KEY WOLFSSL_ZEPHYR -WOLFSS_SP_MATH_ALL WOLF_ALLOW_BUILTIN WOLF_CONF_IO WOLF_CONF_KYBER @@ -826,7 +827,6 @@ WOLF_CRYPTO_CB_ONLY_ECC WOLF_CRYPTO_CB_ONLY_RSA WOLF_CRYPTO_DEV WOLF_NO_TRAILING_ENUM_COMMAS -WOLSSL_OLD_TIMINGPADVERIFY XGETPASSWD XMSS_CALL_PRF_KEYGEN XPAR_VERSAL_CIPS_0_PSPMC_0_PSV_CORTEXA72_0_TIMESTAMP_CLK_FREQ diff --git a/IDE/GCC-ARM/Source/benchmark_main.c b/IDE/GCC-ARM/Source/benchmark_main.c index 1151bbc32c..44acc6967a 100644 --- a/IDE/GCC-ARM/Source/benchmark_main.c +++ b/IDE/GCC-ARM/Source/benchmark_main.c @@ -39,16 +39,16 @@ int main(void) { int ret; #ifndef NO_CRYPT_BENCHMARK - wolfCrypt_Init(); + wolfCrypt_Init(); - printf("\nBenchmark Test\n"); - benchmark_test(&args); + printf("\nBenchmark Test\n"); + benchmark_test(&args); ret = args.return_code; - printf("Benchmark Test: Return code %d\n", ret); + printf("Benchmark Test: Return code %d\n", ret); - wolfCrypt_Cleanup(); + wolfCrypt_Cleanup(); #else ret = NOT_COMPILED_IN; #endif - return ret; + return ret; } diff --git a/IDE/GCC-ARM/Source/test_main.c b/IDE/GCC-ARM/Source/test_main.c index c63246368b..2e6236d89a 100644 --- a/IDE/GCC-ARM/Source/test_main.c +++ b/IDE/GCC-ARM/Source/test_main.c @@ -40,16 +40,16 @@ int main(void) { int ret; #ifndef NO_CRYPT_TEST - wolfCrypt_Init(); + wolfCrypt_Init(); - printf("\nCrypt Test\n"); - wolfcrypt_test(&args); + printf("\nCrypt Test\n"); + wolfcrypt_test(&args); ret = args.return_code; - printf("Crypt Test: Return code %d\n", ret); + printf("Crypt Test: Return code %d\n", ret); - wolfCrypt_Cleanup(); + wolfCrypt_Cleanup(); #else ret = NOT_COMPILED_IN; #endif - return ret; + return ret; } diff --git a/configure.ac b/configure.ac index 76490b1217..3186640901 100644 --- a/configure.ac +++ b/configure.ac @@ -1514,6 +1514,7 @@ then fi # XMSS +ENABLED_WC_XMSS=no AC_ARG_ENABLE([xmss], [AS_HELP_STRING([--enable-xmss],[Enable stateful XMSS/XMSS^MT signatures (default: disabled)])], [ ENABLED_XMSS=$enableval ], @@ -1605,6 +1606,7 @@ then fi # LMS +ENABLED_WC_LMS=no AC_ARG_ENABLE([lms], [AS_HELP_STRING([--enable-lms],[Enable stateful LMS/HSS signatures (default: disabled)])], [ ENABLED_LMS=$enableval ], @@ -4555,7 +4557,7 @@ fi if test "$ENABLED_STACKSIZE" = "verbose" then - if test "$thread_ls_on" != "yes" + if test "$thread_ls_on" != "yes" && test "x$ENABLED_SINGLETHREADED" = "xno" then AC_MSG_ERROR(stacksize-verbose needs thread-local storage.) fi diff --git a/src/internal.c b/src/internal.c index 8f5babacfb..0a4b366006 100644 --- a/src/internal.c +++ b/src/internal.c @@ -20198,7 +20198,7 @@ static int SanityCheckCipherText(WOLFSSL* ssl, word32 encryptSz) #ifndef WOLFSSL_AEAD_ONLY -#ifdef WOLSSL_OLD_TIMINGPADVERIFY +#ifdef WOLFSSL_OLD_TIMINGPADVERIFY #define COMPRESS_LOWER 64 #define COMPRESS_UPPER 55 #define COMPRESS_CONSTANT 13 @@ -20604,7 +20604,7 @@ int TimingPadVerify(WOLFSSL* ssl, const byte* input, int padLen, int macSz, return ret; } #endif /* !WOLFSSL_NO_TLS12 && !WOLFSSL_AEAD_ONLY */ -#endif /* WOLSSL_OLD_TIMINGPADVERIFY */ +#endif /* WOLFSSL_OLD_TIMINGPADVERIFY */ #endif /* WOLFSSL_AEAD_ONLY */ int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx, int sniff) diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index 7a80981fb1..28e8e9e5f1 100644 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -14703,6 +14703,7 @@ void bench_sphincsKeySign(byte level, byte optim) #else + #include #include double current_time(int reset) diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index f5d9f65ff0..a8b7651835 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -4704,8 +4704,6 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir) } #endif - ret = wc_AesSetIV(aes, iv); - #if defined(WOLFSSL_DEVCRYPTO) && \ (defined(WOLFSSL_DEVCRYPTO_AES) || defined(WOLFSSL_DEVCRYPTO_CBC)) aes->ctx.cfd = -1; @@ -12059,7 +12057,8 @@ static WARN_UNUSED_RESULT int wc_AesFeedbackDecrypt( /* consume any unused bytes left in aes->tmp */ processed = min(aes->left, sz); - xorbufout(out, in, (byte*)aes->tmp + WC_AES_BLOCK_SIZE - aes->left, processed); + xorbufout(out, in, (byte*)aes->tmp + WC_AES_BLOCK_SIZE - aes->left, + processed); aes->left -= processed; out += processed; in += processed; @@ -12153,7 +12152,7 @@ int wc_AesCfbDecrypt(Aes* aes, byte* out, const byte* in, word32 sz) } #endif /* HAVE_AES_DECRYPT */ - +#ifndef WOLFSSL_NO_AES_CFB_1_8 /* shift the whole WC_AES_BLOCK_SIZE array left by 8 or 1 bits */ static void shiftLeftArray(byte* ary, byte shift) { @@ -12371,6 +12370,7 @@ int wc_AesCfb8Decrypt(Aes* aes, byte* out, const byte* in, word32 sz) return wc_AesFeedbackCFB8(aes, out, in, sz, AES_DECRYPTION); } #endif /* HAVE_AES_DECRYPT */ +#endif /* !WOLFSSL_NO_AES_CFB_1_8 */ #endif /* WOLFSSL_AES_CFB */ #ifdef WOLFSSL_AES_OFB diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 519a56ae82..c3eb12edeb 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -157,6 +157,7 @@ static const struct s_ent { (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) */ #ifdef WOLFSSL_AES_CFB + #ifndef WOLFSSL_NO_AES_CFB_1_8 #ifdef WOLFSSL_AES_128 static const char EVP_AES_128_CFB1[] = "AES-128-CFB1"; #endif @@ -176,6 +177,7 @@ static const struct s_ent { #ifdef WOLFSSL_AES_256 static const char EVP_AES_256_CFB8[] = "AES-256-CFB8"; #endif + #endif /* !WOLFSSL_NO_AES_CFB_1_8 */ #ifdef WOLFSSL_AES_128 static const char EVP_AES_128_CFB128[] = "AES-128-CFB128"; @@ -639,7 +641,7 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx, break; #endif #if defined(WOLFSSL_AES_CFB) - #if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) + #if !defined(WOLFSSL_NO_AES_CFB_1_8) case WC_AES_128_CFB1_TYPE: case WC_AES_192_CFB1_TYPE: case WC_AES_256_CFB1_TYPE: @@ -659,7 +661,7 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx, else ret = wc_AesCfb8Decrypt(&ctx->cipher.aes, out, in, inl); break; - #endif /* !HAVE_SELFTEST && !HAVE_FIPS */ + #endif /* !WOLFSSL_NO_AES_CFB_1_8 */ case WC_AES_128_CFB128_TYPE: case WC_AES_192_CFB128_TYPE: @@ -1942,6 +1944,7 @@ static unsigned int cipherType(const WOLFSSL_EVP_CIPHER *cipher) #endif #endif /* WOLFSSL_AES_XTS */ #if defined(WOLFSSL_AES_CFB) +#ifndef WOLFSSL_NO_AES_CFB_1_8 #ifdef WOLFSSL_AES_128 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_CFB1)) return WC_AES_128_CFB1_TYPE; @@ -1966,6 +1969,7 @@ static unsigned int cipherType(const WOLFSSL_EVP_CIPHER *cipher) else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_CFB8)) return WC_AES_256_CFB8_TYPE; #endif +#endif /* !WOLFSSL_NO_AES_CFB_1_8 */ #ifdef WOLFSSL_AES_128 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_CFB128)) return WC_AES_128_CFB128_TYPE; @@ -4966,6 +4970,7 @@ static const struct cipher{ #endif #ifdef WOLFSSL_AES_CFB + #ifndef WOLFSSL_NO_AES_CFB_1_8 #ifdef WOLFSSL_AES_128 {WC_AES_128_CFB1_TYPE, EVP_AES_128_CFB1, WC_NID_aes_128_cfb1}, #endif @@ -4985,6 +4990,7 @@ static const struct cipher{ #ifdef WOLFSSL_AES_256 {WC_AES_256_CFB8_TYPE, EVP_AES_256_CFB8, WC_NID_aes_256_cfb8}, #endif + #endif /* !WOLFSSL_NO_AES_CFB_1_8 */ #ifdef WOLFSSL_AES_128 {WC_AES_128_CFB128_TYPE, EVP_AES_128_CFB128, WC_NID_aes_128_cfb128}, @@ -4995,7 +5001,7 @@ static const struct cipher{ #ifdef WOLFSSL_AES_256 {WC_AES_256_CFB128_TYPE, EVP_AES_256_CFB128, WC_NID_aes_256_cfb128}, #endif - #endif + #endif /* WOLFSSL_AES_CFB */ #ifdef WOLFSSL_AES_OFB #ifdef WOLFSSL_AES_128 @@ -5622,7 +5628,7 @@ void wolfSSL_EVP_init(void) #endif /* HAVE_AES_CBC */ #ifdef WOLFSSL_AES_CFB -#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)) + #ifndef WOLFSSL_NO_AES_CFB_1_8 #ifdef WOLFSSL_AES_128 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cfb1(void) { @@ -5670,7 +5676,7 @@ void wolfSSL_EVP_init(void) return EVP_AES_256_CFB8; } #endif /* WOLFSSL_AES_256 */ -#endif /* !HAVE_SELFTEST && !HAVE_FIPS */ + #endif /* !WOLFSSL_NO_AES_CFB_1_8 */ #ifdef WOLFSSL_AES_128 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cfb128(void) @@ -7249,6 +7255,7 @@ void wolfSSL_EVP_init(void) #endif /* WOLFSSL_AES_256 */ #endif /* HAVE_AES_ECB */ #ifdef WOLFSSL_AES_CFB + #ifndef WOLFSSL_NO_AES_CFB_1_8 #ifdef WOLFSSL_AES_128 if (ctx->cipherType == WC_AES_128_CFB1_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_CFB1))) { @@ -7431,6 +7438,7 @@ void wolfSSL_EVP_init(void) } } #endif /* WOLFSSL_AES_256 */ + #endif /* !WOLFSSL_NO_AES_CFB_1_8 */ #ifdef WOLFSSL_AES_128 if (ctx->cipherType == WC_AES_128_CFB128_TYPE || (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_CFB128))) { @@ -8317,7 +8325,7 @@ void wolfSSL_EVP_init(void) #endif /* HAVE_AES_CBC */ #ifdef WOLFSSL_AES_CFB -#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) +#if !defined(WOLFSSL_NO_AES_CFB_1_8) case WC_AES_128_CFB1_TYPE: case WC_AES_192_CFB1_TYPE: case WC_AES_256_CFB1_TYPE: @@ -8340,7 +8348,7 @@ void wolfSSL_EVP_init(void) if (ret == 0) ret = (int)len; break; -#endif /* !HAVE_SELFTEST && !HAVE_FIPS */ +#endif /* !WOLFSSL_NO_AES_CFB_1_8 */ case WC_AES_128_CFB128_TYPE: case WC_AES_192_CFB128_TYPE: case WC_AES_256_CFB128_TYPE: diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index 4f8b31122f..a3c0292484 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -3110,7 +3110,8 @@ int cc310_RsaSSL_Verify(const byte* in, word32 inLen, byte* sig, #endif /* WOLFSSL_CRYPTOCELL */ #ifndef WOLF_CRYPTO_CB_ONLY_RSA -#if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(TEST_UNPAD_CONSTANT_TIME) && !defined(NO_RSA_BOUNDS_CHECK) +#if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(TEST_UNPAD_CONSTANT_TIME) && \ + !defined(NO_RSA_BOUNDS_CHECK) /* Check that 1 < in < n-1. (Requirement of 800-56B.) */ int RsaFunctionCheckIn(const byte* in, word32 inLen, RsaKey* key, int checkSmallCt) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 9044897169..3decce7b6a 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -9926,7 +9926,7 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key, return ret; } -#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)) +#if !defined(WOLFSSL_NO_AES_CFB_1_8) static wc_test_ret_t aescfb1_test(void) { #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) @@ -10093,7 +10093,7 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key, if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - #ifndef WOLFCRYPT_ONLY + #if !defined(WOLFCRYPT_ONLY) && !defined(HAVE_FIPS) ret = EVP_test(wolfSSL_EVP_aes_128_cfb1(), key1, iv, msg1, sizeof(msg1), cipher, sizeof(msg1)); if (ret != 0) { @@ -10126,7 +10126,7 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key, if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - #ifndef WOLFCRYPT_ONLY + #if !defined(WOLFCRYPT_ONLY) && !defined(HAVE_FIPS) ret = EVP_test(wolfSSL_EVP_aes_192_cfb1(), key2, iv2, msg2, sizeof(msg2), cipher, sizeof(msg2)); if (ret != 0) { @@ -10160,7 +10160,7 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key, if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); - #ifndef WOLFCRYPT_ONLY + #if !defined(WOLFCRYPT_ONLY) && !defined(HAVE_FIPS) ret = EVP_test(wolfSSL_EVP_aes_256_cfb1(), key3, iv3, msg3, sizeof(msg3), cipher, sizeof(msg3)); if (ret != 0) { @@ -10304,7 +10304,8 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key, #ifdef WOLFSSL_AES_128 /* 128 key tests */ - #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) + #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) && \ + !defined(HAVE_FIPS) ret = EVP_test(wolfSSL_EVP_aes_128_cfb8(), key1, iv, msg1, sizeof(msg1), cipher1, sizeof(cipher1)); if (ret != 0) { @@ -10350,7 +10351,8 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key, ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); if (XMEMCMP(cipher, cipher2, sizeof(msg2)) != 0) ERROR_OUT(WC_TEST_RET_ENC_NC, out); -#if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) +#if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) && \ + !defined(HAVE_FIPS) ret = EVP_test(wolfSSL_EVP_aes_192_cfb8(), key2, iv2, msg2, sizeof(msg2), cipher2, sizeof(msg2)); if (ret != 0) { @@ -10373,7 +10375,8 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key, if (XMEMCMP(cipher, cipher3, sizeof(cipher3)) != 0) ERROR_OUT(WC_TEST_RET_ENC_NC, out); - #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) + #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) && \ + !defined(HAVE_FIPS) ret = EVP_test(wolfSSL_EVP_aes_256_cfb8(), key3, iv3, msg3, sizeof(msg3), cipher3, sizeof(msg3)); if (ret != 0) { @@ -10399,7 +10402,7 @@ static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key, return ret; } -#endif /* !HAVE_SELFTEST && !HAVE_FIPS */ +#endif /* !WOLFSSL_NO_AES_CFB_1_8 */ #endif /* WOLFSSL_AES_CFB */ #ifndef HAVE_RENESAS_SYNC @@ -14269,7 +14272,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_cfb_test(void) ret = aescfb_test_0(); if (ret != 0) return ret; -#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) +#if !defined(WOLFSSL_NO_AES_CFB_1_8) ret = aescfb1_test(); if (ret != 0) return ret; @@ -21853,8 +21856,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void) #endif #if !defined(WC_NO_RNG) && !defined(WC_NO_RSA_OAEP) && \ - ((!defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || \ - defined(WOLFSSL_PUBLIC_MP)) && !defined(WOLF_CRYPTO_CB_ONLY_RSA) + !defined(WOLFSSL_RSA_VERIFY_ONLY) && defined(WOLFSSL_PUBLIC_MP) && \ + !defined(WOLF_CRYPTO_CB_ONLY_RSA) idx = (word32)ret; XMEMSET(plain, 0, plainSz); do { @@ -54595,17 +54598,20 @@ static wc_test_ret_t mp_test_shift(mp_int* a, mp_int* r1, WC_RNG* rng) return WC_TEST_RET_ENC_EC(ret); for (i = 0; i < 4; i++) { mp_copy(r1, a); +#if !defined(NO_DH) || defined(HAVE_ECC) || (!defined(NO_RSA) && \ + defined(WC_RSA_BLINDING) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) ret = mp_lshd(r1, i); if (ret != MP_OKAY) return WC_TEST_RET_ENC_EC(ret); -#ifndef WOLFSSL_SP_MATH + #ifndef WOLFSSL_SP_MATH mp_rshd(r1, i); -#else + #else mp_rshb(r1, i * SP_WORD_SIZE); -#endif + #endif ret = mp_cmp(a, r1); if (ret != MP_EQ) return WC_TEST_RET_ENC_NC; +#endif } #ifndef WOLFSSL_SP_MATH for (i = 0; i < DIGIT_BIT+1; i++) { @@ -54970,7 +54976,7 @@ static wc_test_ret_t mp_test_param(mp_int* a, mp_int* b, mp_int* r, WC_RNG* rng) mp_zero(NULL); #if !defined(NO_DH) || defined(HAVE_ECC) || defined(WC_RSA_BLINDING) || \ - !defined(WOLFSSL_RSA_VERIFY_ONLY) + !defined(WOLFSSL_RSA_PUBLIC_ONLY) ret = mp_lshd(NULL, 0); if (ret != WC_NO_ERR_TRACE(MP_VAL)) return WC_TEST_RET_ENC_EC(ret); @@ -55299,7 +55305,8 @@ static wc_test_ret_t mp_test_param(mp_int* a, mp_int* b, mp_int* r, WC_RNG* rng) return WC_TEST_RET_ENC_EC(ret); #endif -#if (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ +#if (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \ + !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || \ defined(HAVE_ECC) || !defined(NO_DSA) || defined(OPENSSL_EXTRA) ret = mp_invmod(NULL, NULL, NULL); if (ret != WC_NO_ERR_TRACE(MP_VAL)) @@ -56002,7 +56009,8 @@ static wc_test_ret_t mp_test_cmp(mp_int* a, mp_int* b) return 0; } -#if !defined(NO_DH) || defined(HAVE_ECC) || !defined(WOLFSSL_RSA_VERIFY_ONLY) +#if !defined(NO_DH) || defined(HAVE_ECC) || (!defined(NO_RSA) && \ + !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)) static wc_test_ret_t mp_test_shbd(mp_int* a, mp_int* b, WC_RNG* rng) { wc_test_ret_t ret; @@ -56071,9 +56079,8 @@ static wc_test_ret_t mp_test_shbd(mp_int* a, mp_int* b, WC_RNG* rng) } #endif -#if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_DH) || defined(HAVE_ECC) || \ - (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \ - !defined(WOLFSSL_RSA_PUBLIC_ONLY)) +#if !defined(NO_DH) || defined(HAVE_ECC) || \ + (!defined(NO_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)) static wc_test_ret_t mp_test_div(mp_int* a, mp_int* d, mp_int* r, mp_int* rem, WC_RNG* rng) { @@ -56624,8 +56631,9 @@ static wc_test_ret_t mp_test_mul_sqr(mp_int* a, mp_int* b, mp_int* r1, mp_int* r return 0; } -#if !defined(NO_RSA) || defined(HAVE_ECC) || !defined(NO_DSA) || \ - defined(OPENSSL_EXTRA) +#if (!defined(NO_RSA) && \ + !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || \ + defined(HAVE_ECC) || !defined(NO_DSA) || defined(OPENSSL_EXTRA) static wc_test_ret_t mp_test_invmod(mp_int* a, mp_int* m, mp_int* r) { wc_test_ret_t ret; @@ -57026,7 +57034,14 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mp_test(void) #endif WOLFSSL_ENTER("mp_test"); +#if !defined(WOLFSSL_RSA_PUBLIC_ONLY) || !defined(NO_DH) || defined(HAVE_ECC) ret = mp_init_multi(a, b, r1, r2, NULL, NULL); +#else + ret = mp_init(a); + ret |= mp_init(b); + ret |= mp_init(r1); + ret |= mp_init(r2); +#endif if (ret != 0) ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); @@ -57234,7 +57249,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mp_test(void) #endif if ((ret = mp_test_cmp(a, r1)) != 0) goto done; -#if !defined(NO_DH) || defined(HAVE_ECC) || !defined(WOLFSSL_RSA_VERIFY_ONLY) +#if !defined(NO_DH) || defined(HAVE_ECC) || (!defined(NO_RSA) && \ + !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)) if ((ret = mp_test_shbd(a, b, &rng)) != 0) goto done; #endif @@ -57242,9 +57258,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mp_test(void) if ((ret = mp_test_set_is_bit(a)) != 0) goto done; #endif -#if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_DH) || defined(HAVE_ECC) || \ - (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \ - !defined(WOLFSSL_RSA_PUBLIC_ONLY)) +#if !defined(NO_DH) || defined(HAVE_ECC) || \ + (!defined(NO_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)) if ((ret = mp_test_div(a, b, r1, r2, &rng)) != 0) goto done; #endif @@ -57269,8 +57284,9 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mp_test(void) #endif if ((ret = mp_test_mul_sqr(a, b, r1, r2, &rng)) != 0) goto done; -#if !defined(NO_RSA) || defined(HAVE_ECC) || !defined(NO_DSA) || \ - defined(OPENSSL_EXTRA) +#if (!defined(NO_RSA) && \ + !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || \ + defined(HAVE_ECC) || !defined(NO_DSA) || defined(OPENSSL_EXTRA) if ((ret = mp_test_invmod(a, b, r1)) != 0) goto done; #endif diff --git a/wolfssl/test.h b/wolfssl/test.h index d4918f5313..478a9056af 100644 --- a/wolfssl/test.h +++ b/wolfssl/test.h @@ -2575,7 +2575,7 @@ static WC_INLINE void CRL_CallBack(const char* url) #endif #ifndef NO_DH -#if defined(WOLFSSL_SP_MATH) && !defined(WOLFSS_SP_MATH_ALL) +#if defined(WOLFSSL_SP_MATH) && !defined(WOLFSSL_SP_MATH_ALL) /* dh2048 p */ static const unsigned char test_dh_p[] = { diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index cf9884c373..e8337352c4 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -3097,6 +3097,13 @@ extern void uITRON4_free(void *p) ; #endif #endif /* HAVE_ED448 */ +/* FIPS does not support CFB1 or CFB8 */ +#if !defined(WOLFSSL_NO_AES_CFB_1_8) && \ + (defined(HAVE_SELFTEST) || \ + (defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0))) + #define WOLFSSL_NO_AES_CFB_1_8 +#endif + /* AES Config */ #ifndef NO_AES /* By default enable all AES key sizes, decryption and CBC */ diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index 4cb24fec4b..78d85db429 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -1453,7 +1453,7 @@ typedef struct w64wrapper { #endif #ifdef SINGLE_THREADED - #if defined(WC_32BIT_CPU) + #if defined(WC_32BIT_CPU) || defined(HAVE_STACK_SIZE) typedef void* THREAD_RETURN; #else typedef unsigned int THREAD_RETURN;