20241102-fixes #8141
Merged
20241102-fixes #8141
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…p from wolfssl/internal.h to wolfssl/wolfcrypt/asn.h. rename WOLFSSL_MAX_RSA_BITS to WC_MAX_RSA_BITS, and move its setup from wolfssl/internal.h to wolfssl/wolfcrypt/asn.h, preceding setup for WC_MAX_CERT_VERIFY_SZ. configure.ac: restore opensslextra-linuxkm assertion, with a twist: "--enable-opensslextra with --enable-linuxkm-pie and without --enable-cryptonly is incompatible with --enable-linuxkm." wolfcrypt/src/asn.c: fix trailing comma in enum. wolfcrypt/src/port/arm/armv8-aes.c: fix wc_AesCcmEncrypt() and wc_AesCcmDecrypt() for test_wolfssl_EVP_aes_ccm_zeroLen().
SparkiDev
previously requested changes
Nov 4, 2024
| #ifndef WC_MAX_RSA_BITS | ||
| #ifdef USE_FAST_MATH | ||
| /* FP implementation support numbers up to FP_MAX_BITS / 2 bits. */ | ||
| #define WC_MAX_RSA_BITS (FP_MAX_BITS / 2) |
There was a problem hiding this comment.
Not a good place for this. asn.h is private.
Try types.h
There was a problem hiding this comment.
we're moving this from internal.h -- it was already private, and until we have a reason to make it non-private we should keep it private.
There was a problem hiding this comment.
oh and also, we can't put the setup for WC_MAX_RSA_BITS in types.h or settings.h because it depends on tfm.h or sp_int.h, and since WC_MAX_CERT_VERIFY_SZ depends on WC_MAX_RSA_BITS, we can't put setup for WC_MAX_CERT_VERIFY_SZ in types.h or settings.h either.
the setup for this is very finicky, I discovered during dev -- if it's defined wrong, the result is buffer overruns. lost quite a few cycles chasing that down...
dgarske
approved these changes
Nov 4, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
rename
MAX_CERT_VERIFY_SZtoWC_MAX_CERT_VERIFY_SZ, and move its setup fromwolfssl/internal.htowolfssl/wolfcrypt/asn.h.rename
WOLFSSL_MAX_RSA_BITStoWC_MAX_RSA_BITS, and move its setup fromwolfssl/internal.htowolfssl/wolfcrypt/asn.h, preceding setup forWC_MAX_CERT_VERIFY_SZ.configure.ac: restore opensslextra-linuxkm assertion, with a twist: "--enable-opensslextra with --enable-linuxkm-pie and without --enable-cryptonly is incompatible with --enable-linuxkm."wolfcrypt/src/asn.c: fix trailing comma inenum.wolfcrypt/src/port/arm/armv8-aes.c: fixwc_AesCcmEncrypt()andwc_AesCcmDecrypt()fortest_wolfssl_EVP_aes_ccm_zeroLen().tested with
wolfssl-multi-test.sh ... super-quick-check allcryptonly-gcc-c89 fips-140-2-optest fips-140-2-openssl-all quantum-safe-wolfssl-all-cross-armv7a-armasm-unittest quantum-safe-wolfssl-all-cross-armv7a-armasm-unittest-Os quantum-safe-wolfssl-all-cross-armv7a-armasm-unittest-Os-smallstack