From b5dd3aef8d99a2077c411232868d519667056f0c Mon Sep 17 00:00:00 2001 From: dgsga <181612+dgsga@users.noreply.github.com> Date: Thu, 23 May 2024 20:55:59 +0100 Subject: [PATCH] meson: Reduce footprint of embedded SSL --- bin/afppasswd/afppasswd.c | 1 - etc/uams/uams_dhx_pam.c | 1 - etc/uams/uams_dhx_passwd.c | 1 - etc/uams/uams_pgp.c | 1 - etc/uams/uams_randnum.c | 1 - include/meson.build | 1 - include/wolfssl/meson.build | 7 - include/wolfssl/ocsp.h | 162 -------- include/wolfssl/options_aarch64.in | 211 ---------- include/wolfssl/options_arm.in | 193 --------- include/wolfssl/options_x86_64.in | 217 ---------- libatalk/ssl/src/meson.build | 9 +- libatalk/ssl/wolfcrypt/src/cpuid.c | 138 ------- libatalk/ssl/wolfcrypt/src/meson.build | 2 - libatalk/ssl/wolfcrypt/src/signature.c | 541 ------------------------- meson_config.h | 23 +- 16 files changed, 30 insertions(+), 1479 deletions(-) delete mode 100644 include/wolfssl/meson.build delete mode 100644 include/wolfssl/ocsp.h delete mode 100644 include/wolfssl/options_aarch64.in delete mode 100644 include/wolfssl/options_arm.in delete mode 100644 include/wolfssl/options_x86_64.in delete mode 100644 libatalk/ssl/wolfcrypt/src/cpuid.c delete mode 100644 libatalk/ssl/wolfcrypt/src/signature.c diff --git a/bin/afppasswd/afppasswd.c b/bin/afppasswd/afppasswd.c index fdac034c18..a5dbf3d17b 100644 --- a/bin/afppasswd/afppasswd.c +++ b/bin/afppasswd/afppasswd.c @@ -40,7 +40,6 @@ #endif /* USE_CRACKLIB */ #if defined(EMBEDDED_SSL) -#include #include #elif defined(OPENSSL_DHX) #include diff --git a/etc/uams/uams_dhx_pam.c b/etc/uams/uams_dhx_pam.c index 838303101f..650059f1e0 100644 --- a/etc/uams/uams_dhx_pam.c +++ b/etc/uams/uams_dhx_pam.c @@ -27,7 +27,6 @@ #endif #if defined(EMBEDDED_SSL) -#include #include #include #include diff --git a/etc/uams/uams_dhx_passwd.c b/etc/uams/uams_dhx_passwd.c index 7d794875ac..07a893c3ba 100644 --- a/etc/uams/uams_dhx_passwd.c +++ b/etc/uams/uams_dhx_passwd.c @@ -26,7 +26,6 @@ #endif /* SHADOWPW */ #if defined(EMBEDDED_SSL) -#include #include #include #include diff --git a/etc/uams/uams_pgp.c b/etc/uams/uams_pgp.c index d2ed54882e..838868a9d1 100644 --- a/etc/uams/uams_pgp.c +++ b/etc/uams/uams_pgp.c @@ -22,7 +22,6 @@ #endif /* HAVE_CRYPT_H */ #if defined(EMBEDDED_SSL) -#include #include #include #include diff --git a/etc/uams/uams_randnum.c b/etc/uams/uams_randnum.c index 038afd790e..8115569de5 100644 --- a/etc/uams/uams_randnum.c +++ b/etc/uams/uams_randnum.c @@ -26,7 +26,6 @@ #endif /* USE_CRACKLIB */ #if defined(EMBEDDED_SSL) -#include #include #elif defined(OPENSSL_DHX) #include diff --git a/include/meson.build b/include/meson.build index b4040553fa..b88e5205c6 100644 --- a/include/meson.build +++ b/include/meson.build @@ -1,2 +1 @@ subdir('atalk') -subdir('wolfssl') diff --git a/include/wolfssl/meson.build b/include/wolfssl/meson.build deleted file mode 100644 index 95907f936b..0000000000 --- a/include/wolfssl/meson.build +++ /dev/null @@ -1,7 +0,0 @@ -if host_machine.cpu_family() == 'aarch64' - wolfssl_options = configure_file(input: 'options_aarch64.in', output: 'options.h', configuration: cdata) -elif host_machine.cpu_family() == 'arm' - wolfssl_options = configure_file(input: 'options_arm.in', output: 'options.h', configuration: cdata) -elif host_machine.cpu_family() == 'x86_64' - wolfssl_options = configure_file(input: 'options_x86_64.in', output: 'options.h', configuration: cdata) -endif diff --git a/include/wolfssl/ocsp.h b/include/wolfssl/ocsp.h deleted file mode 100644 index 4dff068b9b..0000000000 --- a/include/wolfssl/ocsp.h +++ /dev/null @@ -1,162 +0,0 @@ -/* ocsp.h - * - * Copyright (C) 2006-2023 wolfSSL Inc. - * - * This file is part of wolfSSL. - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA - */ - - - -/* wolfSSL OCSP API */ - -#ifndef WOLFSSL_OCSP_H -#define WOLFSSL_OCSP_H - -#ifdef HAVE_OCSP - -#include -#include - -#ifdef __cplusplus - extern "C" { -#endif - -typedef struct WOLFSSL_OCSP WOLFSSL_OCSP; - -#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || defined(WOLFSSL_NGINX) ||\ - defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY) -typedef struct OcspResponse WOLFSSL_OCSP_BASICRESP; - -typedef struct OcspEntry WOLFSSL_OCSP_CERTID; - -typedef struct OcspEntry WOLFSSL_OCSP_SINGLERESP; - -typedef struct OcspRequest WOLFSSL_OCSP_ONEREQ; - -typedef struct OcspRequest WOLFSSL_OCSP_REQUEST; -#endif - -WOLFSSL_LOCAL int InitOCSP(WOLFSSL_OCSP* ocsp, WOLFSSL_CERT_MANAGER* cm); -WOLFSSL_LOCAL void FreeOCSP(WOLFSSL_OCSP* ocsp, int dynamic); - -WOLFSSL_LOCAL int CheckCertOCSP(WOLFSSL_OCSP* ocsp, DecodedCert* cert); -WOLFSSL_LOCAL int CheckCertOCSP_ex(WOLFSSL_OCSP* ocsp, DecodedCert* cert, - WOLFSSL* ssl); -WOLFSSL_LOCAL int CheckOcspRequest(WOLFSSL_OCSP* ocsp, - OcspRequest* ocspRequest, WOLFSSL_BUFFER_INFO* responseBuffer, - void* heap); -WOLFSSL_LOCAL int CheckOcspResponse(WOLFSSL_OCSP *ocsp, byte *response, int responseSz, - WOLFSSL_BUFFER_INFO *responseBuffer, CertStatus *status, - OcspEntry *entry, OcspRequest *ocspRequest, - void* heap); - -WOLFSSL_LOCAL int CheckOcspResponder(OcspResponse *bs, DecodedCert *cert, - void* vp); - -#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \ - defined(WOLFSSL_APACHE_HTTPD) || defined(HAVE_LIGHTY) - - WOLFSSL_API int wolfSSL_OCSP_resp_find_status(WOLFSSL_OCSP_BASICRESP *bs, - WOLFSSL_OCSP_CERTID *id, int *status, int *reason, - WOLFSSL_ASN1_TIME **revtime, WOLFSSL_ASN1_TIME **thisupd, - WOLFSSL_ASN1_TIME **nextupd); -WOLFSSL_API const char *wolfSSL_OCSP_cert_status_str(long s); -WOLFSSL_API int wolfSSL_OCSP_check_validity(WOLFSSL_ASN1_TIME* thisupd, - WOLFSSL_ASN1_TIME* nextupd, long sec, long maxsec); - -WOLFSSL_API void wolfSSL_OCSP_CERTID_free(WOLFSSL_OCSP_CERTID* certId); -WOLFSSL_API WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_cert_to_id( - const WOLFSSL_EVP_MD *dgst, const WOLFSSL_X509 *subject, - const WOLFSSL_X509 *issuer); - -WOLFSSL_API void wolfSSL_OCSP_BASICRESP_free(WOLFSSL_OCSP_BASICRESP* basicResponse); -WOLFSSL_API int wolfSSL_OCSP_basic_verify(WOLFSSL_OCSP_BASICRESP *bs, - WOLF_STACK_OF(WOLFSSL_X509) *certs, WOLFSSL_X509_STORE *st, unsigned long flags); - -WOLFSSL_API void wolfSSL_OCSP_RESPONSE_free(OcspResponse* response); -#ifndef NO_BIO -WOLFSSL_API OcspResponse* wolfSSL_d2i_OCSP_RESPONSE_bio(WOLFSSL_BIO* bio, - OcspResponse** response); -#endif -WOLFSSL_API OcspResponse* wolfSSL_d2i_OCSP_RESPONSE(OcspResponse** response, - const unsigned char** data, int len); -WOLFSSL_API int wolfSSL_i2d_OCSP_RESPONSE(OcspResponse* response, - unsigned char** data); -WOLFSSL_API int wolfSSL_OCSP_response_status(OcspResponse *response); -WOLFSSL_API const char *wolfSSL_OCSP_response_status_str(long s); -WOLFSSL_API WOLFSSL_OCSP_BASICRESP* wolfSSL_OCSP_response_get1_basic( - OcspResponse* response); - -WOLFSSL_API OcspRequest* wolfSSL_OCSP_REQUEST_new(void); -WOLFSSL_API void wolfSSL_OCSP_REQUEST_free(OcspRequest* request); -WOLFSSL_API int wolfSSL_i2d_OCSP_REQUEST(OcspRequest* request, - unsigned char** data); -WOLFSSL_API WOLFSSL_OCSP_ONEREQ* wolfSSL_OCSP_request_add0_id(OcspRequest *req, - WOLFSSL_OCSP_CERTID *cid); -WOLFSSL_API WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_CERTID_dup( - WOLFSSL_OCSP_CERTID* id); -#ifndef NO_BIO -WOLFSSL_API int wolfSSL_i2d_OCSP_REQUEST_bio(WOLFSSL_BIO* out, - WOLFSSL_OCSP_REQUEST *req); -#endif - -WOLFSSL_API int wolfSSL_i2d_OCSP_CERTID(WOLFSSL_OCSP_CERTID* id, - unsigned char** data); -WOLFSSL_API -WOLFSSL_OCSP_CERTID* wolfSSL_d2i_OCSP_CERTID(WOLFSSL_OCSP_CERTID** cidOut, - const unsigned char** derIn, - int length); -WOLFSSL_API const WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_SINGLERESP_get0_id( - const WOLFSSL_OCSP_SINGLERESP *single); -WOLFSSL_API int wolfSSL_OCSP_id_cmp(WOLFSSL_OCSP_CERTID *a, WOLFSSL_OCSP_CERTID *b); -WOLFSSL_API int wolfSSL_OCSP_single_get0_status(WOLFSSL_OCSP_SINGLERESP *single, - int *reason, - WOLFSSL_ASN1_TIME **revtime, - WOLFSSL_ASN1_TIME **thisupd, - WOLFSSL_ASN1_TIME **nextupd); -WOLFSSL_API int wolfSSL_OCSP_resp_count(WOLFSSL_OCSP_BASICRESP *bs); -WOLFSSL_API WOLFSSL_OCSP_SINGLERESP* wolfSSL_OCSP_resp_get0( - WOLFSSL_OCSP_BASICRESP *bs, int idx); - -#endif -#ifdef OPENSSL_EXTRA -WOLFSSL_API int wolfSSL_OCSP_REQUEST_add_ext(OcspRequest* req, - WOLFSSL_X509_EXTENSION* ext, int idx); -WOLFSSL_API OcspResponse* wolfSSL_OCSP_response_create(int status, - WOLFSSL_OCSP_BASICRESP* bs); -WOLFSSL_API const char* wolfSSL_OCSP_crl_reason_str(long s); - -WOLFSSL_API int wolfSSL_OCSP_id_get0_info(WOLFSSL_ASN1_STRING **name, - WOLFSSL_ASN1_OBJECT **pmd, WOLFSSL_ASN1_STRING **keyHash, - WOLFSSL_ASN1_INTEGER **serial, WOLFSSL_OCSP_CERTID *cid); - -WOLFSSL_API int wolfSSL_OCSP_request_add1_nonce(OcspRequest* req, - unsigned char* val, int sz); -WOLFSSL_API int wolfSSL_OCSP_check_nonce(OcspRequest* req, - WOLFSSL_OCSP_BASICRESP* bs); -#endif - - -#ifdef __cplusplus - } /* extern "C" */ -#endif - - -#endif /* HAVE_OCSP */ -#endif /* WOLFSSL_OCSP_H */ - - diff --git a/include/wolfssl/options_aarch64.in b/include/wolfssl/options_aarch64.in deleted file mode 100644 index 58e718b719..0000000000 --- a/include/wolfssl/options_aarch64.in +++ /dev/null @@ -1,211 +0,0 @@ -/* wolfssl options.h - * generated from configure options - * - * Copyright (C) 2006-2023 wolfSSL Inc. - * - * This file is part of wolfSSL. (formerly known as CyaSSL) - * - */ - -#ifndef WOLFSSL_OPTIONS_H -#define WOLFSSL_OPTIONS_H - - -#ifdef __cplusplus -extern "C" { -#endif - -#undef WOLFSSL_HAVE_ATOMIC_H -#define WOLFSSL_HAVE_ATOMIC_H - -#undef HAVE_C___ATOMIC -#define HAVE_C___ATOMIC 1 - -#undef HAVE_THREAD_LS -#define HAVE_THREAD_LS - -#undef NO_DO178 -#define NO_DO178 - -#undef TFM_NO_ASM -#define TFM_NO_ASM - -#undef WOLFSSL_NO_ASM -#define WOLFSSL_NO_ASM - -#undef ERROR_QUEUE_PER_THREAD -#define ERROR_QUEUE_PER_THREAD - -#undef TFM_TIMING_RESISTANT -#define TFM_TIMING_RESISTANT - -#undef ECC_TIMING_RESISTANT -#define ECC_TIMING_RESISTANT - -#undef WC_RSA_BLINDING -#define WC_RSA_BLINDING - -#undef WOLFSSL_USE_ALIGN -#define WOLFSSL_USE_ALIGN - -#undef HAVE_HKDF -#define HAVE_HKDF - -#undef NO_DSA -#define NO_DSA - -#undef NO_ERROR_STRINGS -#define NO_ERROR_STRINGS - -#undef NO_OLD_TLS -#define NO_OLD_TLS - -#undef NO_WOLFSSL_MEMORY -#define NO_WOLFSSL_MEMORY - -#undef WC_NO_RSA_OAEP -#define WC_NO_RSA_OAEP - -#undef WC_RSA_PSS -#define WC_RSA_PSS - -#undef WOLFSSL_PSS_LONG_SALT -#define WOLFSSL_PSS_LONG_SALT - -#undef WOLFSSL_ASN_TEMPLATE -#define WOLFSSL_ASN_TEMPLATE - -#undef WOLFSSL_ASN_PRINT -#define WOLFSSL_ASN_PRINT - -#undef NO_SHA -#define NO_SHA - -#undef NO_OLD_TLS -#define NO_OLD_TLS - -#undef WOLFSSL_NO_SHAKE128 -#define WOLFSSL_NO_SHAKE128 - -#undef WOLFSSL_NO_SHAKE256 -#define WOLFSSL_NO_SHAKE256 - -#undef NO_CHACHA_ASM -#define NO_CHACHA_ASM - -#undef HAVE_HASHDRBG -#define HAVE_HASHDRBG - -#undef NO_FILESYSTEM -#define NO_FILESYSTEM - -#undef HAVE_TLS_EXTENSIONS -#define HAVE_TLS_EXTENSIONS - -#undef HAVE_SNI -#define HAVE_SNI - -#undef HAVE_FFDHE_2048 -#define HAVE_FFDHE_2048 - -#undef HAVE_SUPPORTED_CURVES -#define HAVE_SUPPORTED_CURVES - -#undef WOLFSSL_TLS13 -#define WOLFSSL_TLS13 - -#undef HAVE_TLS_EXTENSIONS -#define HAVE_TLS_EXTENSIONS - -#undef NO_RC4 -#define NO_RC4 - -#undef HAVE_ENCRYPT_THEN_MAC -#define HAVE_ENCRYPT_THEN_MAC - -#undef NO_PSK -#define NO_PSK - -#undef NO_MD4 -#define NO_MD4 - -#undef WOLFSSL_ENCRYPTED_KEYS -#define WOLFSSL_ENCRYPTED_KEYS - -#undef NO_PKCS12 -#define NO_PKCS12 - -#undef WC_NO_ASYNC_THREADING -#define WC_NO_ASYNC_THREADING - -#undef HAVE_DH_DEFAULT_PARAMS -#define HAVE_DH_DEFAULT_PARAMS - -#undef NO_ERROR_QUEUE -#define NO_ERROR_QUEUE - -#undef OPENSSL_ALL -#define OPENSSL_ALL - -#undef WOLFSSL_EITHER_SIDE -#define WOLFSSL_EITHER_SIDE - -#undef WC_RSA_NO_PADDING -#define WC_RSA_NO_PADDING - -#undef WC_RSA_PSS -#define WC_RSA_PSS - -#undef WOLFSSL_PSS_LONG_SALT -#define WOLFSSL_PSS_LONG_SALT - -#undef WOLFSSL_TICKET_HAVE_ID -#define WOLFSSL_TICKET_HAVE_ID - -#undef WOLFSSL_ERROR_CODE_OPENSSL -#define WOLFSSL_ERROR_CODE_OPENSSL - -#undef WOLFSSL_CERT_NAME_ALL -#define WOLFSSL_CERT_NAME_ALL - -#undef NO_MD5 -#define NO_MD5 - -#undef NO_OLD_TLS -#define NO_OLD_TLS - -#undef OPENSSL_EXTRA -#define OPENSSL_EXTRA - -#undef GCM_TABLE_4BIT -#define GCM_TABLE_4BIT - -#undef HAVE_AESGCM -#define HAVE_AESGCM - -#undef HAVE_TLS_EXTENSIONS -#define HAVE_TLS_EXTENSIONS - -#undef HAVE_SERVER_RENEGOTIATION_INFO -#define HAVE_SERVER_RENEGOTIATION_INFO - -#undef HAVE_COMP_KEY -#define HAVE_COMP_KEY - -#undef HAVE___UINT128_T -#define HAVE___UINT128_T 1 - -#undef HAVE_WC_INTROSPECTION -#define HAVE_WC_INTROSPECTION - -#undef WOLFSSL_DES_ECB -#define WOLFSSL_DES_ECB - - -#ifdef __cplusplus -} -#endif - - -#endif /* WOLFSSL_OPTIONS_H */ - diff --git a/include/wolfssl/options_arm.in b/include/wolfssl/options_arm.in deleted file mode 100644 index 3da9ab263a..0000000000 --- a/include/wolfssl/options_arm.in +++ /dev/null @@ -1,193 +0,0 @@ -/* wolfssl options.h - * generated from configure options - * - * Copyright (C) 2006-2023 wolfSSL Inc. - * - * This file is part of wolfSSL. (formerly known as CyaSSL) - * - */ - -#ifndef WOLFSSL_OPTIONS_H -#define WOLFSSL_OPTIONS_H - - -#ifdef __cplusplus -extern "C" { -#endif - -#undef WOLFSSL_HAVE_ATOMIC_H -#define WOLFSSL_HAVE_ATOMIC_H - -#undef HAVE_THREAD_LS -#define HAVE_THREAD_LS - -#undef NO_DO178 -#define NO_DO178 - -#undef TFM_NO_ASM -#define TFM_NO_ASM - -#undef WOLFSSL_NO_ASM -#define WOLFSSL_NO_ASM - -#undef ERROR_QUEUE_PER_THREAD -#define ERROR_QUEUE_PER_THREAD - -#undef TFM_TIMING_RESISTANT -#define TFM_TIMING_RESISTANT - -#undef ECC_TIMING_RESISTANT -#define ECC_TIMING_RESISTANT - -#undef WC_RSA_BLINDING -#define WC_RSA_BLINDING - -#undef WOLFSSL_USE_ALIGN -#define WOLFSSL_USE_ALIGN - -#undef HAVE_HKDF -#define HAVE_HKDF - -#undef NO_DSA -#define NO_DSA - -#undef NO_ERROR_STRINGS -#define NO_ERROR_STRINGS - -#undef NO_OLD_TLS -#define NO_OLD_TLS - -#undef NO_WOLFSSL_MEMORY -#define NO_WOLFSSL_MEMORY - -#undef WC_NO_RSA_OAEP -#define WC_NO_RSA_OAEP - -#undef WC_RSA_PSS -#define WC_RSA_PSS - -#undef WOLFSSL_PSS_LONG_SALT -#define WOLFSSL_PSS_LONG_SALT - -#undef WOLFSSL_ASN_TEMPLATE -#define WOLFSSL_ASN_TEMPLATE - -#undef WOLFSSL_ASN_PRINT -#define WOLFSSL_ASN_PRINT - -#undef WOLFSSL_NO_SHAKE128 -#define WOLFSSL_NO_SHAKE128 - -#undef WOLFSSL_NO_SHAKE256 -#define WOLFSSL_NO_SHAKE256 - -#undef NO_CHACHA_ASM -#define NO_CHACHA_ASM - -#undef HAVE_HASHDRBG -#define HAVE_HASHDRBG - -#undef NO_FILESYSTEM -#define NO_FILESYSTEM - -#undef HAVE_FFDHE_2048 -#define HAVE_FFDHE_2048 - -#undef HAVE_SUPPORTED_CURVES -#define HAVE_SUPPORTED_CURVES - -#undef WOLFSSL_TLS13 -#define WOLFSSL_TLS13 - -#undef HAVE_TLS_EXTENSIONS -#define HAVE_TLS_EXTENSIONS - -#undef NO_RC4 -#define NO_RC4 - -#undef HAVE_ENCRYPT_THEN_MAC -#define HAVE_ENCRYPT_THEN_MAC - -#undef NO_PSK -#define NO_PSK - -#undef NO_MD4 -#define NO_MD4 - -#undef WOLFSSL_ENCRYPTED_KEYS -#define WOLFSSL_ENCRYPTED_KEYS - -#undef NO_PKCS12 -#define NO_PKCS12 - -#undef WC_NO_ASYNC_THREADING -#define WC_NO_ASYNC_THREADING - -#undef HAVE_DH_DEFAULT_PARAMS -#define HAVE_DH_DEFAULT_PARAMS - -#undef NO_ERROR_QUEUE -#define NO_ERROR_QUEUE - -#undef OPENSSL_ALL -#define OPENSSL_ALL - -#undef WOLFSSL_EITHER_SIDE -#define WOLFSSL_EITHER_SIDE - -#undef WC_RSA_NO_PADDING -#define WC_RSA_NO_PADDING - -#undef WC_RSA_PSS -#define WC_RSA_PSS - -#undef WOLFSSL_PSS_LONG_SALT -#define WOLFSSL_PSS_LONG_SALT - -#undef WOLFSSL_TICKET_HAVE_ID -#define WOLFSSL_TICKET_HAVE_ID - -#undef WOLFSSL_ERROR_CODE_OPENSSL -#define WOLFSSL_ERROR_CODE_OPENSSL - -#undef WOLFSSL_CERT_NAME_ALL -#define WOLFSSL_CERT_NAME_ALL - -#undef NO_MD5 -#define NO_MD5 - -#undef NO_OLD_TLS -#define NO_OLD_TLS - -#undef OPENSSL_EXTRA -#define OPENSSL_EXTRA - -#undef GCM_TABLE_4BIT -#define GCM_TABLE_4BIT - -#undef HAVE_AESGCM -#define HAVE_AESGCM - -#undef HAVE_TLS_EXTENSIONS -#define HAVE_TLS_EXTENSIONS - -#undef HAVE_SERVER_RENEGOTIATION_INFO -#define HAVE_SERVER_RENEGOTIATION_INFO - -#undef HAVE_COMP_KEY -#define HAVE_COMP_KEY - -#undef HAVE_WC_INTROSPECTION -#define HAVE_WC_INTROSPECTION - -#undef WOLFSSL_DES_ECB -#define WOLFSSL_DES_ECB - - -#ifdef __cplusplus -} -#endif - - -#endif /* WOLFSSL_OPTIONS_H */ - diff --git a/include/wolfssl/options_x86_64.in b/include/wolfssl/options_x86_64.in deleted file mode 100644 index 022343e819..0000000000 --- a/include/wolfssl/options_x86_64.in +++ /dev/null @@ -1,217 +0,0 @@ -/* wolfssl options.h - * generated from configure options - * - * Copyright (C) 2006-2023 wolfSSL Inc. - * - * This file is part of wolfSSL. (formerly known as CyaSSL) - * - */ - -#ifndef WOLFSSL_OPTIONS_H -#define WOLFSSL_OPTIONS_H - - -#ifdef __cplusplus -extern "C" { -#endif - -#undef WOLFSSL_HAVE_ATOMIC_H -#define WOLFSSL_HAVE_ATOMIC_H - -#undef HAVE_C___ATOMIC -#define HAVE_C___ATOMIC 1 - -#undef HAVE_THREAD_LS -#define HAVE_THREAD_LS - -#undef NO_DO178 -#define NO_DO178 - -#undef TFM_NO_ASM -#define TFM_NO_ASM - -#undef WOLFSSL_NO_ASM -#define WOLFSSL_NO_ASM - -#undef WOLFSSL_X86_64_BUILD -#define WOLFSSL_X86_64_BUILD - -#undef ERROR_QUEUE_PER_THREAD -#define ERROR_QUEUE_PER_THREAD - -#undef TFM_TIMING_RESISTANT -#define TFM_TIMING_RESISTANT - -#undef ECC_TIMING_RESISTANT -#define ECC_TIMING_RESISTANT - -#undef WC_RSA_BLINDING -#define WC_RSA_BLINDING - -#undef WOLFSSL_USE_ALIGN -#define WOLFSSL_USE_ALIGN - -#undef HAVE_HKDF -#define HAVE_HKDF - -#undef NO_DSA -#define NO_DSA - -#undef NO_ERROR_STRINGS -#define NO_ERROR_STRINGS - -#undef NO_OLD_TLS -#define NO_OLD_TLS - -#undef NO_WOLFSSL_MEMORY -#define NO_WOLFSSL_MEMORY - -#undef WC_NO_RSA_OAEP -#define WC_NO_RSA_OAEP - -#undef WC_RSA_PSS -#define WC_RSA_PSS - -#undef WOLFSSL_PSS_LONG_SALT -#define WOLFSSL_PSS_LONG_SALT - -#undef WOLFSSL_ASN_TEMPLATE -#define WOLFSSL_ASN_TEMPLATE - -#undef WOLFSSL_ASN_PRINT -#define WOLFSSL_ASN_PRINT - -#undef WOLFSSL_BASE64_ENCODE -#define WOLFSSL_BASE64_ENCODE - -#undef NO_SHA -#define NO_SHA - -#undef NO_OLD_TLS -#define NO_OLD_TLS - -#undef WOLFSSL_NO_SHAKE128 -#define WOLFSSL_NO_SHAKE128 - -#undef WOLFSSL_NO_SHAKE256 -#define WOLFSSL_NO_SHAKE256 - -#undef NO_CHACHA_ASM -#define NO_CHACHA_ASM - -#undef HAVE_HASHDRBG -#define HAVE_HASHDRBG - -#undef NO_FILESYSTEM -#define NO_FILESYSTEM - -#undef HAVE_TLS_EXTENSIONS -#define HAVE_TLS_EXTENSIONS - -#undef HAVE_SNI -#define HAVE_SNI - -#undef HAVE_FFDHE_2048 -#define HAVE_FFDHE_2048 - -#undef HAVE_SUPPORTED_CURVES -#define HAVE_SUPPORTED_CURVES - -#undef WOLFSSL_TLS13 -#define WOLFSSL_TLS13 - -#undef HAVE_TLS_EXTENSIONS -#define HAVE_TLS_EXTENSIONS - -#undef NO_RC4 -#define NO_RC4 - -#undef HAVE_ENCRYPT_THEN_MAC -#define HAVE_ENCRYPT_THEN_MAC - -#undef NO_PSK -#define NO_PSK - -#undef NO_MD4 -#define NO_MD4 - -#undef WOLFSSL_ENCRYPTED_KEYS -#define WOLFSSL_ENCRYPTED_KEYS - -#undef NO_PKCS12 -#define NO_PKCS12 - -#undef WC_NO_ASYNC_THREADING -#define WC_NO_ASYNC_THREADING - -#undef HAVE_DH_DEFAULT_PARAMS -#define HAVE_DH_DEFAULT_PARAMS - -#undef NO_ERROR_QUEUE -#define NO_ERROR_QUEUE - -#undef OPENSSL_ALL -#define OPENSSL_ALL - -#undef WOLFSSL_EITHER_SIDE -#define WOLFSSL_EITHER_SIDE - -#undef WC_RSA_NO_PADDING -#define WC_RSA_NO_PADDING - -#undef WC_RSA_PSS -#define WC_RSA_PSS - -#undef WOLFSSL_PSS_LONG_SALT -#define WOLFSSL_PSS_LONG_SALT - -#undef WOLFSSL_TICKET_HAVE_ID -#define WOLFSSL_TICKET_HAVE_ID - -#undef WOLFSSL_ERROR_CODE_OPENSSL -#define WOLFSSL_ERROR_CODE_OPENSSL - -#undef WOLFSSL_CERT_NAME_ALL -#define WOLFSSL_CERT_NAME_ALL - -#undef NO_MD5 -#define NO_MD5 - -#undef NO_OLD_TLS -#define NO_OLD_TLS - -#undef OPENSSL_EXTRA -#define OPENSSL_EXTRA - -#undef GCM_TABLE_4BIT -#define GCM_TABLE_4BIT - -#undef HAVE_AESGCM -#define HAVE_AESGCM - -#undef HAVE_TLS_EXTENSIONS -#define HAVE_TLS_EXTENSIONS - -#undef HAVE_SERVER_RENEGOTIATION_INFO -#define HAVE_SERVER_RENEGOTIATION_INFO - -#undef HAVE_COMP_KEY -#define HAVE_COMP_KEY - -#undef HAVE___UINT128_T -#define HAVE___UINT128_T 1 - -#undef HAVE_WC_INTROSPECTION -#define HAVE_WC_INTROSPECTION - -#undef WOLFSSL_DES_ECB -#define WOLFSSL_DES_ECB - - -#ifdef __cplusplus -} -#endif - - -#endif /* WOLFSSL_OPTIONS_H */ - diff --git a/libatalk/ssl/src/meson.build b/libatalk/ssl/src/meson.build index aa48e8b6cf..ecee3cfca3 100644 --- a/libatalk/ssl/src/meson.build +++ b/libatalk/ssl/src/meson.build @@ -1 +1,8 @@ -src_sources = files('internal.c', 'keys.c', 'ssl.c', 'tls.c', 'tls13.c', 'wolfio.c') +src_sources = files( + 'internal.c', + 'keys.c', + 'ssl.c', + 'tls.c', + 'tls13.c', + 'wolfio.c' +) diff --git a/libatalk/ssl/wolfcrypt/src/cpuid.c b/libatalk/ssl/wolfcrypt/src/cpuid.c deleted file mode 100644 index fa7ee43675..0000000000 --- a/libatalk/ssl/wolfcrypt/src/cpuid.c +++ /dev/null @@ -1,138 +0,0 @@ -/* cpuid.c - * - * Copyright (C) 2006-2023 wolfSSL Inc. - * - * This file is part of wolfSSL. - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA - */ - - -#ifdef HAVE_CONFIG_H - #include -#endif - -#include - -#include - -#if defined(HAVE_CPUID) || defined(HAVE_CPUID_INTEL) - static word32 cpuid_check = 0; - static word32 cpuid_flags = 0; -#endif - -#ifdef HAVE_CPUID_INTEL - /* Each platform needs to query info type 1 from cpuid to see if aesni is - * supported. Also, let's setup a macro for proper linkage w/o ABI conflicts - */ - - #ifndef _MSC_VER - #define cpuid(reg, leaf, sub)\ - __asm__ __volatile__ ("cpuid":\ - "=a" ((reg)[0]), "=b" ((reg)[1]), "=c" ((reg)[2]), "=d" ((reg)[3]) :\ - "a" (leaf), "c"(sub)); - #else - #include - - #define cpuid(a,b,c) __cpuidex((int*)a,b,c) - #endif /* _MSC_VER */ - - #define EAX 0 - #define EBX 1 - #define ECX 2 - #define EDX 3 - - static word32 cpuid_flag(word32 leaf, word32 sub, word32 num, word32 bit) - { - int got_intel_cpu = 0; - int got_amd_cpu = 0; - unsigned int reg[5]; - reg[4] = '\0'; - cpuid(reg, 0, 0); - - /* check for Intel cpu */ - if (XMEMCMP((char *)&(reg[EBX]), "Genu", 4) == 0 && - XMEMCMP((char *)&(reg[EDX]), "ineI", 4) == 0 && - XMEMCMP((char *)&(reg[ECX]), "ntel", 4) == 0) { - got_intel_cpu = 1; - } - - /* check for AMD cpu */ - if (XMEMCMP((char *)&(reg[EBX]), "Auth", 4) == 0 && - XMEMCMP((char *)&(reg[EDX]), "enti", 4) == 0 && - XMEMCMP((char *)&(reg[ECX]), "cAMD", 4) == 0) { - got_amd_cpu = 1; - } - - if (got_intel_cpu || got_amd_cpu) { - cpuid(reg, leaf, sub); - return ((reg[num] >> bit) & 0x1); - } - return 0; - } - - - void cpuid_set_flags(void) - { - if (!cpuid_check) { - if (cpuid_flag(1, 0, ECX, 28)) { cpuid_flags |= CPUID_AVX1 ; } - if (cpuid_flag(7, 0, EBX, 5)) { cpuid_flags |= CPUID_AVX2 ; } - if (cpuid_flag(7, 0, EBX, 8)) { cpuid_flags |= CPUID_BMI2 ; } - if (cpuid_flag(1, 0, ECX, 30)) { cpuid_flags |= CPUID_RDRAND; } - if (cpuid_flag(7, 0, EBX, 18)) { cpuid_flags |= CPUID_RDSEED; } - if (cpuid_flag(1, 0, ECX, 25)) { cpuid_flags |= CPUID_AESNI ; } - if (cpuid_flag(7, 0, EBX, 19)) { cpuid_flags |= CPUID_ADX ; } - if (cpuid_flag(1, 0, ECX, 22)) { cpuid_flags |= CPUID_MOVBE ; } - if (cpuid_flag(7, 0, EBX, 3)) { cpuid_flags |= CPUID_BMI1 ; } - if (cpuid_flag(7, 0, EBX, 29)) { cpuid_flags |= CPUID_SHA ; } - - cpuid_check = 1; - } - } -#elif defined(HAVE_CPUID) - void cpuid_set_flags(void) - { - if (!cpuid_check) { - cpuid_flags = 0; - cpuid_check = 1; - } - } -#endif - -#ifdef HAVE_CPUID - - word32 cpuid_get_flags(void) - { - if (!cpuid_check) - cpuid_set_flags(); - return cpuid_flags; - } - - void cpuid_select_flags(word32 flags) - { - cpuid_flags = flags; - } - - void cpuid_set_flag(word32 flag) - { - cpuid_flags |= flag; - } - - void cpuid_clear_flag(word32 flag) - { - cpuid_flags &= ~flag; - } - -#endif /* HAVE_CPUID */ diff --git a/libatalk/ssl/wolfcrypt/src/meson.build b/libatalk/ssl/wolfcrypt/src/meson.build index 0475c5d1c4..9c3559b76b 100644 --- a/libatalk/ssl/wolfcrypt/src/meson.build +++ b/libatalk/ssl/wolfcrypt/src/meson.build @@ -2,7 +2,6 @@ wc_sources = files( 'aes.c', 'asn.c', 'coding.c', - 'cpuid.c', 'des3.c', 'dh.c', 'hash.c', @@ -13,7 +12,6 @@ wc_sources = files( 'random.c', 'rsa.c', 'sha256.c', - 'signature.c', 'sp_int.c', 'wc_encrypt.c', 'wc_port.c', diff --git a/libatalk/ssl/wolfcrypt/src/signature.c b/libatalk/ssl/wolfcrypt/src/signature.c deleted file mode 100644 index efcbd88782..0000000000 --- a/libatalk/ssl/wolfcrypt/src/signature.c +++ /dev/null @@ -1,541 +0,0 @@ -/* signature.c - * - * Copyright (C) 2006-2023 wolfSSL Inc. - * - * This file is part of wolfSSL. - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA - */ - - -#ifdef HAVE_CONFIG_H - #include -#endif - -#include -#include -#include -#include -#ifndef NO_ASN -#include -#endif -#ifdef HAVE_ECC -#include -#endif -#ifndef NO_RSA -#include -#endif - -/* If ECC and RSA are disabled then disable signature wrapper */ -#if (!defined(HAVE_ECC) || (defined(HAVE_ECC) && !defined(HAVE_ECC_SIGN) \ - && !defined(HAVE_ECC_VERIFY))) && defined(NO_RSA) - #undef NO_SIG_WRAPPER - #define NO_SIG_WRAPPER -#endif - -/* Signature wrapper disabled check */ -#ifndef NO_SIG_WRAPPER - -#if !defined(NO_RSA) && defined(WOLFSSL_CRYPTOCELL) - extern int cc310_RsaSSL_Verify(const byte* in, word32 inLen, byte* sig, - RsaKey* key, CRYS_RSA_HASH_OpMode_t mode); - extern int cc310_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, - word32 outLen, RsaKey* key, CRYS_RSA_HASH_OpMode_t mode); -#endif - -#if !defined(NO_RSA) && !defined(NO_ASN) -static int wc_SignatureDerEncode(enum wc_HashType hash_type, byte* hash_data, - word32 hash_len, word32* hash_enc_len) -{ - int ret, oid; - - ret = wc_HashGetOID(hash_type); - if (ret < 0) { - return ret; - } - oid = ret; - - ret = (int)wc_EncodeSignature(hash_data, hash_data, hash_len, oid); - if (ret > 0) { - *hash_enc_len = (word32)ret; - ret = 0; - } - - return ret; -} -#endif /* !NO_RSA && !NO_ASN */ - -int wc_SignatureGetSize(enum wc_SignatureType sig_type, - const void* key, word32 key_len) -{ - int sig_len = BAD_FUNC_ARG; - - /* Suppress possible unused args if all signature types are disabled */ - (void)key; - (void)key_len; - - switch(sig_type) { - case WC_SIGNATURE_TYPE_ECC: -#ifdef HAVE_ECC - /* Sanity check that void* key is at least ecc_key in size */ - if (key_len >= sizeof(ecc_key)) { - sig_len = wc_ecc_sig_size((ecc_key*)key); - } - else { - WOLFSSL_MSG("wc_SignatureGetSize: Invalid ECC key size"); - } -#else - sig_len = SIG_TYPE_E; -#endif - break; - - case WC_SIGNATURE_TYPE_RSA_W_ENC: - case WC_SIGNATURE_TYPE_RSA: -#ifndef NO_RSA - /* Sanity check that void* key is at least RsaKey in size */ - if (key_len >= sizeof(RsaKey)) { - sig_len = wc_RsaEncryptSize((RsaKey*)key); - } - else { - WOLFSSL_MSG("wc_SignatureGetSize: Invalid RsaKey key size"); - } -#else - sig_len = SIG_TYPE_E; -#endif - break; - - case WC_SIGNATURE_TYPE_NONE: - default: - sig_len = BAD_FUNC_ARG; - break; - } - return sig_len; -} - -int wc_SignatureVerifyHash( - enum wc_HashType hash_type, enum wc_SignatureType sig_type, - const byte* hash_data, word32 hash_len, - const byte* sig, word32 sig_len, - const void* key, word32 key_len) -{ - int ret; - - /* Check arguments */ - if (hash_data == NULL || hash_len == 0 || - sig == NULL || sig_len == 0 || - key == NULL || key_len == 0) { - return BAD_FUNC_ARG; - } - - /* Validate signature len (1 to max is okay) */ - if ((int)sig_len > wc_SignatureGetSize(sig_type, key, key_len)) { - WOLFSSL_MSG("wc_SignatureVerify: Invalid sig type/len"); - return BAD_FUNC_ARG; - } - - /* Validate hash size */ - ret = wc_HashGetDigestSize(hash_type); - if (ret < 0) { - WOLFSSL_MSG("wc_SignatureVerify: Invalid hash type/len"); - return ret; - } - ret = 0; - - /* Verify signature using hash */ - switch (sig_type) { - case WC_SIGNATURE_TYPE_ECC: - { -#if defined(HAVE_ECC) && defined(HAVE_ECC_VERIFY) - int is_valid_sig = 0; - - /* Perform verification of signature using provided ECC key */ - do { - #ifdef WOLFSSL_ASYNC_CRYPT - ret = wc_AsyncWait(ret, &((ecc_key*)key)->asyncDev, - WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret >= 0) - ret = wc_ecc_verify_hash(sig, sig_len, hash_data, hash_len, - &is_valid_sig, (ecc_key*)key); - } while (ret == WC_PENDING_E); - if (ret != 0 || is_valid_sig != 1) { - ret = SIG_VERIFY_E; - } -#else - ret = SIG_TYPE_E; -#endif - break; - } - - case WC_SIGNATURE_TYPE_RSA_W_ENC: - case WC_SIGNATURE_TYPE_RSA: - { -#ifndef NO_RSA - #ifdef WOLFSSL_CRYPTOCELL - if (sig_type == WC_SIGNATURE_TYPE_RSA_W_ENC) { - ret = cc310_RsaSSL_Verify(hash_data, hash_len, (byte*)sig, - (RsaKey*)key, cc310_hashModeRSA(hash_type, 0)); - } - else { - ret = cc310_RsaSSL_Verify(hash_data, hash_len, (byte*)sig, - (RsaKey*)key, cc310_hashModeRSA(hash_type, 1)); - } - if (ret != 0) { - ret = SIG_VERIFY_E; - } - #else - - word32 plain_len = hash_len; - #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - byte *plain_data; - #else - ALIGN64 byte plain_data[MAX_ENCODED_SIG_SZ]; - #endif - - /* Make sure the plain text output is at least key size */ - if (plain_len < sig_len) { - plain_len = sig_len; - } - #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - plain_data = (byte*)XMALLOC(plain_len, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (plain_data) - #else - if (plain_len <= sizeof(plain_data)) - #endif - { - byte* plain_ptr = NULL; - XMEMSET(plain_data, 0, plain_len); - XMEMCPY(plain_data, sig, sig_len); - /* Perform verification of signature using provided RSA key */ - do { - #ifdef WOLFSSL_ASYNC_CRYPT - ret = wc_AsyncWait(ret, &((RsaKey*)key)->asyncDev, - WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret >= 0) - ret = wc_RsaSSL_VerifyInline(plain_data, sig_len, &plain_ptr, (RsaKey*)key); - } while (ret == WC_PENDING_E); - if (ret >= 0 && plain_ptr) { - if ((word32)ret == hash_len && - XMEMCMP(plain_ptr, hash_data, hash_len) == 0) { - ret = 0; /* Success */ - } - else { - ret = SIG_VERIFY_E; - } - } - #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) - XFREE(plain_data, NULL, DYNAMIC_TYPE_TMP_BUFFER); - #endif - } - else { - ret = MEMORY_E; - } - #endif /* WOLFSSL_CRYPTOCELL */ - if (ret != 0) { - WOLFSSL_MSG("RSA Signature Verify failed!"); - } -#else - ret = SIG_TYPE_E; -#endif - break; - } - - case WC_SIGNATURE_TYPE_NONE: - default: - ret = BAD_FUNC_ARG; - break; - } - - return ret; -} - -int wc_SignatureVerify( - enum wc_HashType hash_type, enum wc_SignatureType sig_type, - const byte* data, word32 data_len, - const byte* sig, word32 sig_len, - const void* key, word32 key_len) -{ - int ret; - word32 hash_len, hash_enc_len; -#if defined(WOLFSSL_SMALL_STACK) || defined(NO_ASN) - byte *hash_data; -#else - byte hash_data[MAX_DER_DIGEST_SZ]; -#endif - - /* Check arguments */ - if (data == NULL || data_len == 0 || - sig == NULL || sig_len == 0 || - key == NULL || key_len == 0) { - return BAD_FUNC_ARG; - } - - /* Validate signature len (1 to max is okay) */ - if ((int)sig_len > wc_SignatureGetSize(sig_type, key, key_len)) { - WOLFSSL_MSG("wc_SignatureVerify: Invalid sig type/len"); - return BAD_FUNC_ARG; - } - - /* Validate hash size */ - ret = wc_HashGetDigestSize(hash_type); - if (ret < 0) { - WOLFSSL_MSG("wc_SignatureVerify: Invalid hash type/len"); - return ret; - } - hash_enc_len = hash_len = (word32)ret; - -#ifndef NO_RSA - if (sig_type == WC_SIGNATURE_TYPE_RSA_W_ENC) { - /* For RSA with ASN.1 encoding include room */ - hash_enc_len += MAX_DER_DIGEST_ASN_SZ; - } -#endif - -#if defined(WOLFSSL_SMALL_STACK) || defined(NO_ASN) - /* Allocate temporary buffer for hash data */ - hash_data = (byte*)XMALLOC(hash_enc_len, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (hash_data == NULL) { - return MEMORY_E; - } -#endif - - /* Perform hash of data */ - ret = wc_Hash(hash_type, data, data_len, hash_data, hash_len); - if (ret == 0) { - /* Handle RSA with DER encoding */ - if (sig_type == WC_SIGNATURE_TYPE_RSA_W_ENC) { - #if defined(NO_RSA) || defined(NO_ASN) - ret = SIG_TYPE_E; - #else - ret = wc_SignatureDerEncode(hash_type, hash_data, hash_len, - &hash_enc_len); - #endif - } - - if (ret == 0) { - /* Verify signature using hash */ - ret = wc_SignatureVerifyHash(hash_type, sig_type, - hash_data, hash_enc_len, sig, sig_len, key, key_len); - } - } - -#if defined(WOLFSSL_SMALL_STACK) || defined(NO_ASN) - XFREE(hash_data, NULL, DYNAMIC_TYPE_TMP_BUFFER); -#endif - - return ret; -} - - -int wc_SignatureGenerateHash( - enum wc_HashType hash_type, enum wc_SignatureType sig_type, - const byte* hash_data, word32 hash_len, - byte* sig, word32 *sig_len, - const void* key, word32 key_len, WC_RNG* rng) -{ - return wc_SignatureGenerateHash_ex(hash_type, sig_type, hash_data, hash_len, - sig, sig_len, key, key_len, rng, 1); -} - -int wc_SignatureGenerateHash_ex( - enum wc_HashType hash_type, enum wc_SignatureType sig_type, - const byte* hash_data, word32 hash_len, - byte* sig, word32 *sig_len, - const void* key, word32 key_len, WC_RNG* rng, int verify) -{ - int ret; - - /* Suppress possible unused arg if all signature types are disabled */ - (void)rng; - - /* Check arguments */ - if (hash_data == NULL || hash_len == 0 || - sig == NULL || sig_len == NULL || *sig_len == 0 || - key == NULL || key_len == 0) { - return BAD_FUNC_ARG; - } - - /* Validate signature len (needs to be at least max) */ - if ((int)*sig_len < wc_SignatureGetSize(sig_type, key, key_len)) { - WOLFSSL_MSG("wc_SignatureGenerate: Invalid sig type/len"); - return BAD_FUNC_ARG; - } - - /* Validate hash size */ - ret = wc_HashGetDigestSize(hash_type); - if (ret < 0) { - WOLFSSL_MSG("wc_SignatureGenerate: Invalid hash type/len"); - return ret; - } - ret = 0; - - /* Create signature using hash as data */ - switch (sig_type) { - case WC_SIGNATURE_TYPE_ECC: -#if defined(HAVE_ECC) && defined(HAVE_ECC_SIGN) - /* Create signature using provided ECC key */ - do { - #ifdef WOLFSSL_ASYNC_CRYPT - ret = wc_AsyncWait(ret, &((ecc_key*)key)->asyncDev, - WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret >= 0) - ret = wc_ecc_sign_hash(hash_data, hash_len, sig, sig_len, - rng, (ecc_key*)key); - } while (ret == WC_PENDING_E); -#else - ret = SIG_TYPE_E; -#endif - break; - - case WC_SIGNATURE_TYPE_RSA_W_ENC: - case WC_SIGNATURE_TYPE_RSA: -#if !defined(NO_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \ - !defined(WOLFSSL_RSA_VERIFY_ONLY) - #ifdef WOLFSSL_CRYPTOCELL - /* use expected signature size (incoming sig_len could be larger buffer */ - *sig_len = wc_SignatureGetSize(sig_type, key, key_len); - if (sig_type == WC_SIGNATURE_TYPE_RSA_W_ENC) { - ret = cc310_RsaSSL_Sign(hash_data, hash_len, sig, *sig_len, - (RsaKey*)key, cc310_hashModeRSA(hash_type, 0)); - } - else { - ret = cc310_RsaSSL_Sign(hash_data, hash_len, sig, *sig_len, - (RsaKey*)key, cc310_hashModeRSA(hash_type, 1)); - } - #else - /* Create signature using provided RSA key */ - do { - #ifdef WOLFSSL_ASYNC_CRYPT - ret = wc_AsyncWait(ret, &((RsaKey*)key)->asyncDev, - WC_ASYNC_FLAG_CALL_AGAIN); - #endif - if (ret >= 0) - ret = wc_RsaSSL_Sign(hash_data, hash_len, sig, *sig_len, - (RsaKey*)key, rng); - } while (ret == WC_PENDING_E); - #endif /* WOLFSSL_CRYPTOCELL */ - if (ret >= 0) { - *sig_len = (word32)ret; - ret = 0; /* Success */ - } -#else - ret = SIG_TYPE_E; -#endif - break; - - case WC_SIGNATURE_TYPE_NONE: - default: - ret = BAD_FUNC_ARG; - break; - } - - if (ret == 0 && verify) { - ret = wc_SignatureVerifyHash(hash_type, sig_type, hash_data, hash_len, - sig, *sig_len, key, key_len); - } - - return ret; -} - -int wc_SignatureGenerate( - enum wc_HashType hash_type, enum wc_SignatureType sig_type, - const byte* data, word32 data_len, - byte* sig, word32 *sig_len, - const void* key, word32 key_len, WC_RNG* rng) -{ - return wc_SignatureGenerate_ex(hash_type, sig_type, data, data_len, sig, - sig_len, key, key_len, rng, 1); -} - -int wc_SignatureGenerate_ex( - enum wc_HashType hash_type, enum wc_SignatureType sig_type, - const byte* data, word32 data_len, - byte* sig, word32 *sig_len, - const void* key, word32 key_len, WC_RNG* rng, int verify) -{ - int ret; - word32 hash_len, hash_enc_len; -#if defined(WOLFSSL_SMALL_STACK) || defined(NO_ASN) - byte *hash_data; -#else - byte hash_data[MAX_DER_DIGEST_SZ]; -#endif - - /* Check arguments */ - if (data == NULL || data_len == 0 || - sig == NULL || sig_len == NULL || *sig_len == 0 || - key == NULL || key_len == 0) { - return BAD_FUNC_ARG; - } - - /* Validate signature len (needs to be at least max) */ - if ((int)*sig_len < wc_SignatureGetSize(sig_type, key, key_len)) { - WOLFSSL_MSG("wc_SignatureGenerate: Invalid sig type/len"); - return BAD_FUNC_ARG; - } - - /* Validate hash size */ - ret = wc_HashGetDigestSize(hash_type); - if (ret < 0) { - WOLFSSL_MSG("wc_SignatureGenerate: Invalid hash type/len"); - return ret; - } - hash_enc_len = hash_len = (word32)ret; - -#if !defined(NO_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) - if (sig_type == WC_SIGNATURE_TYPE_RSA_W_ENC) { - /* For RSA with ASN.1 encoding include room */ - hash_enc_len += MAX_DER_DIGEST_ASN_SZ; - } -#endif - -#if defined(WOLFSSL_SMALL_STACK) || defined(NO_ASN) - /* Allocate temporary buffer for hash data */ - hash_data = (byte*)XMALLOC(hash_enc_len, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (hash_data == NULL) { - return MEMORY_E; - } -#endif - - /* Perform hash of data */ - ret = wc_Hash(hash_type, data, data_len, hash_data, hash_len); - if (ret == 0) { - /* Handle RSA with DER encoding */ - if (sig_type == WC_SIGNATURE_TYPE_RSA_W_ENC) { - #if defined(NO_RSA) || defined(NO_ASN) || \ - defined(WOLFSSL_RSA_PUBLIC_ONLY) - ret = SIG_TYPE_E; - #else - ret = wc_SignatureDerEncode(hash_type, hash_data, hash_len, - &hash_enc_len); - #endif - } - if (ret == 0) { - /* Generate signature using hash (also handles verify) */ - ret = wc_SignatureGenerateHash_ex(hash_type, sig_type, hash_data, - hash_enc_len, sig, sig_len, key, key_len, rng, verify); - } - } - -#if defined(WOLFSSL_SMALL_STACK) || defined(NO_ASN) - XFREE(hash_data, NULL, DYNAMIC_TYPE_TMP_BUFFER); -#endif - - return ret; -} - -#endif /* NO_SIG_WRAPPER */ diff --git a/meson_config.h b/meson_config.h index 591935ec7f..6709a350c4 100644 --- a/meson_config.h +++ b/meson_config.h @@ -694,7 +694,28 @@ #mesondefine __svr4__ /* WolfSSL configuration */ -#include +#define HAVE_AESGCM 1 +#define HAVE_DH_DEFAULT_PARAMS 1 +#define HAVE_TLS_EXTENSIONS 1 +#define NO_CPUID 1 +#define NO_DSA 1 +#define NO_ERROR_QUEUE 1 +#define NO_ERROR_STRINGS 1 +#define NO_FILESYSTEM 1 +#define NO_MD4 1 +#define NO_MD5 1 +#define NO_OLD_TLS 1 +#define NO_PKCS12 1 +#define NO_PSK 1 +#define NO_SHA 1 +#define NO_WOLFSSL_MEMORY 1 +#define OPENSSL_ALL 1 +#define OPENSSL_EXTRA 1 +#define TFM_TIMING_RESISTANT 1 +#define WC_RSA_BLINDING 1 +#define WC_RSA_PSS +#define WOLFSSL_DES_ECB 1 +#define WOLFSSL_ENCRYPTED_KEYS 1 /* Define to `__inline__' or `__inline' if that's what the C compiler calls it, or to nothing if 'inline' is not supported under any name. */