Compare commits

...

13 Commits

Author SHA1 Message Date
Daniel Pouzzner
b7220aeb4b wolfcrypt/src/random.c: backport changes to random.[ch] from #9595 "20251229-linuxkm-rng-wolfentropy" (450b0b46c6, 299ca1cfef, 0621615b15) and #9616 "20251230-persistent-drbg" (3c15be6610, c1d2828daf, 0059f1647e, 1e0351a69b). 2026-01-08 16:07:38 -06:00
Daniel Pouzzner
db29dac762 backport 6f95a9c58e and a944575e4b, and fix in 20251226-fixes, to wolfcrypt/src/random.c:
* in _InitRng(), remove "drbg_instantiated" conditional cleanup logic (Coverity true-benign-positive: DEADCODE because drbg_instantiated is always false when ret != DRBG_SUCCESS);
* fix clang-diagnostic-unreachable-code in wc_GenerateSeed();
* in wc_GenerateSeed(), move the gate closures for !FORCE_FAILURE_RDSEED and !ENTROPY_MEMUSE_FORCE_FAILURE to follow the /dev/urandom fallback method.
2025-12-26 14:23:41 -06:00
Daniel Pouzzner
3e64c2f9be backport b2ef89b2db, cd88a8ae88, and b66f1b78a7 to wolfcrypt/src/rsa.c and wolfssl/wolfcrypt/rsa.h: make RsaKey.rng and wc_RsaSetRNG() available unconditionally, rather than only if WC_RSA_BLINDING, for use by wc_CheckRsaKey(). 2025-12-24 09:31:37 -06:00
Daniel Pouzzner
b45bcd5d71 backport 5030484bcf to wolfcrypt/src/random.c and wolfssl/wolfcrypt/random.h:
* add WC_DRBG_{NOT_INIT,OK,FAILED,CONT_FAILED} in public header file, and
* move setup for RNG_SECURITY_STRENGTH, ENTROPY_SCALE_FACTOR, SEED_BLOCK_SZ, SEED_SZ, MAX_SEED_SZ, and RNG_HEALTH_TEST_CHECK_SIZE from random.c to random.h, with public WC_DRBG_SEED_SZ and WC_DRBG_MAX_SEED_SZ.
2025-12-23 22:32:37 -06:00
Daniel Pouzzner
350a37f85c backport missed prototype for wc_HmacCopy() from 50b51adc93. 2025-12-18 17:49:36 -06:00
Daniel Pouzzner
97244920bb wolfcrypt/src/hmac.c: fix FIPS version gate on wc_HmacFree() in wc_HmacSetKey(). 2025-12-18 17:38:46 -06:00
Daniel Pouzzner
fd14f3f346 backport 2b28931855 "wolfcrypt/src/sha256.c and wolfcrypt/src/sha512.c: in WOLFSSL_SMALL_STACK_CACHE builds, allocate shafoo->W at init or context copy time, rather than in the transform function. for the SHA512 family, allocate additional space in W for "buffer" in wc_Sha512Transform()." 2025-12-18 17:35:53 -06:00
Daniel Pouzzner
6561bef66a backport HmacKeyCopyHash() from bfd52decb6 and wc_HmacCopy() from 50b51adc93. 2025-12-18 17:32:08 -06:00
Daniel Pouzzner
b8f1399233 backport random.c and random.h from #9545 "20251211-DRBG-SHA2-smallstackcache-prealloc", full replacement. 2025-12-18 17:28:50 -06:00
Daniel Pouzzner
116388ad17 backport smallstackcache fix in wc_ecc_mulmod_ex2() from 401868908a (#8779)
backport WC_FLAG_DONT_USE_AESNI fixes from 8705d28d48 (from #8614)

backport wc_DhGeneratePublic() from f6f3b0a1ee (#8707)

backport WC_SHA3_NO_ASM implementation from 245042a342 (#8817)

backport linuxkm-focused tweaks to random.c & random.h in b25d484a4e and dc05c4c01b (from #8943)

backport macro renames (generic gates replacing WOLFSSL_LINUXKM etc) from 7ea66aeffe (#9254)

backport WolfEntropy migration from random.c in dc6fa0ad4e (#9451)
2025-12-08 17:17:29 -06:00
kaleb-himes
184c8128ac XTS streaming support on aarch64 2025-03-10 13:34:13 -06:00
kaleb-himes
81beda3f40 FIPS 140-3 disable XTS-384 in FIPS mode 2025-02-26 07:34:39 -07:00
kaleb-himes
9a411ca710 FIPS 140-3 v6.0.0 SRTP-KDF RC3 2025-01-02 11:05:25 -07:00
21 changed files with 1194 additions and 1266 deletions

1
README
View File

@@ -1,4 +1,5 @@
*** Description ***
*** FIPS 140-3 module v6.0.0 SRTP-KDF Release Candidate 3 ***
The wolfSSL embedded SSL library (formerly CyaSSL) is a lightweight SSL/TLS
library written in ANSI C and targeted for embedded, RTOS, and

View File

@@ -1,4 +1,5 @@
# wolfSSL Embedded SSL/TLS Library
# FIPS 140-3 module v6.0.0 SRTP-KDF Release Candidate 3
The [wolfSSL embedded SSL library](https://www.wolfssl.com/products/wolfssl/)
(formerly CyaSSL) is a lightweight SSL/TLS library written in ANSI C and

View File

@@ -4574,19 +4574,31 @@ static void AesSetKey_C(Aes* aes, const byte* key, word32 keySz, int dir)
#endif /* WC_C_DYNAMIC_FALLBACK */
#ifdef WOLFSSL_AESNI
aes->use_aesni = 0;
if (checkedAESNI == 0) {
haveAESNI = Check_CPU_support_AES();
checkedAESNI = 1;
#if defined(WC_FLAG_DONT_USE_VECTOR_OPS)
if (aes->use_aesni == WC_FLAG_DONT_USE_VECTOR_OPS) {
aes->use_aesni = 0;
}
else
#endif
{
if (checkedAESNI == 0) {
haveAESNI = Check_CPU_support_AES();
checkedAESNI = 1;
}
aes->use_aesni = haveAESNI;
}
if (haveAESNI) {
#ifdef WOLFSSL_LINUXKM
if (aes->use_aesni) {
#ifdef WOLFSSL_KERNEL_MODE
/* runtime alignment check */
if ((wc_ptr_t)&aes->key & (wc_ptr_t)0xf) {
return BAD_ALIGN_E;
ret = BAD_ALIGN_E;
}
else
#endif /* WOLFSSL_KERNEL_MODE */
{
ret = SAVE_VECTOR_REGISTERS2();
}
#endif /* WOLFSSL_LINUXKM */
ret = SAVE_VECTOR_REGISTERS2();
if (ret == 0) {
if (dir == AES_ENCRYPTION)
ret = AES_set_encrypt_key_AESNI(userKey, (int)keylen * 8, aes);
@@ -11832,7 +11844,13 @@ static WARN_UNUSED_RESULT int _AesEcbEncrypt(
#elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \
!defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
if (aes->use_aes_hw_crypto) {
AES_encrypt_AARCH64(in, out, (byte*)aes->key, (int)aes->rounds);
word32 i;
for (i = 0; i < sz; i += WC_AES_BLOCK_SIZE) {
AES_encrypt_AARCH64(in, out, (byte*)aes->key, (int)aes->rounds);
in += WC_AES_BLOCK_SIZE;
out += WC_AES_BLOCK_SIZE;
}
}
else
#endif
@@ -11890,7 +11908,13 @@ static WARN_UNUSED_RESULT int _AesEcbDecrypt(
#elif defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \
!defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)
if (aes->use_aes_hw_crypto) {
AES_decrypt_AARCH64(in, out, (byte*)aes->key, (int)aes->rounds);
word32 i;
for (i = 0; i < sz; i += WC_AES_BLOCK_SIZE) {
AES_decrypt_AARCH64(in, out, (byte*)aes->key, (int)aes->rounds);
in += WC_AES_BLOCK_SIZE;
out += WC_AES_BLOCK_SIZE;
}
}
else
#endif
@@ -12753,7 +12777,12 @@ int wc_AesXtsSetKeyNoInit(XtsAes* aes, const byte* key, word32 len, int dir)
}
if ((len != (AES_128_KEY_SIZE*2)) &&
#ifndef HAVE_FIPS
/* XTS-384 not allowed by FIPS and can not be treated like
* RSA-4096 bit keys back in the day, can not vendor affirm
* the use of 2 concatenated 192-bit keys (XTS-384) */
(len != (AES_192_KEY_SIZE*2)) &&
#endif
(len != (AES_256_KEY_SIZE*2)))
{
WOLFSSL_MSG("Unsupported key size");
@@ -12936,6 +12965,10 @@ int wc_AesXtsDecryptSector(XtsAes* aes, byte* out, const byte* in, word32 sz,
#ifdef WOLFSSL_AESNI
#if defined(USE_INTEL_SPEEDUP_FOR_AES) && !defined(USE_INTEL_SPEEDUP)
#define USE_INTEL_SPEEDUP
#endif
#if defined(USE_INTEL_SPEEDUP)
#define HAVE_INTEL_AVX1
#define HAVE_INTEL_AVX2

View File

@@ -51,12 +51,12 @@
#include <wolfssl/wolfcrypt/cryptocb.h>
#endif
#if defined(WOLFSSL_LINUXKM) && !defined(USE_INTEL_SPEEDUP)
#if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS) && !defined(USE_INTEL_SPEEDUP)
/* force off unneeded vector register save/restore. */
#undef SAVE_VECTOR_REGISTERS
#define SAVE_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING
#define SAVE_VECTOR_REGISTERS(fail_clause) SAVE_NO_VECTOR_REGISTERS(fail_clause)
#undef RESTORE_VECTOR_REGISTERS
#define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING
#define RESTORE_VECTOR_REGISTERS() RESTORE_NO_VECTOR_REGISTERS()
#endif
const curve25519_set_type curve25519_sets[] = {

View File

@@ -64,12 +64,12 @@
}
#endif
#if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_SP_ASM)
#if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS) && !defined(WOLFSSL_SP_ASM)
/* force off unneeded vector register save/restore. */
#undef SAVE_VECTOR_REGISTERS
#define SAVE_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING
#define SAVE_VECTOR_REGISTERS(fail_clause) SAVE_NO_VECTOR_REGISTERS(fail_clause)
#undef RESTORE_VECTOR_REGISTERS
#define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING
#define RESTORE_VECTOR_REGISTERS() RESTORE_NO_VECTOR_REGISTERS()
#endif
/*
@@ -1380,6 +1380,36 @@ static int GeneratePublicDh(DhKey* key, byte* priv, word32 privSz,
return ret;
}
/**
* Given a DhKey with set params and a priv key, generate the corresponding
* public key. If fips, does pub key validation.
* */
WOLFSSL_API int wc_DhGeneratePublic(DhKey* key, byte* priv, word32 privSz,
byte* pub, word32* pubSz)
{
int ret = 0;
if (key == NULL || priv == NULL || privSz == 0 ||
pub == NULL || pubSz == NULL) {
return BAD_FUNC_ARG;
}
SAVE_VECTOR_REGISTERS(return _svr_ret;);
ret = GeneratePublicDh(key, priv, privSz, pub, pubSz);
#if FIPS_VERSION_GE(5,0) || defined(WOLFSSL_VALIDATE_DH_KEYGEN)
if (ret == 0)
ret = _ffc_validate_public_key(key, pub, *pubSz, NULL, 0, 0);
if (ret == 0)
ret = _ffc_pairwise_consistency_test(key, pub, *pubSz, priv, privSz);
#endif /* FIPS V5 or later || WOLFSSL_VALIDATE_DH_KEYGEN */
RESTORE_VECTOR_REGISTERS();
return ret;
}
static int wc_DhGenerateKeyPair_Sync(DhKey* key, WC_RNG* rng,
byte* priv, word32* privSz, byte* pub, word32* pubSz)
{

View File

@@ -231,12 +231,12 @@ ECC Curve Sizes:
#include <wolfssl/wolfcrypt/hmac.h>
#endif
#if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_SP_ASM)
#if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS) && !defined(WOLFSSL_SP_ASM)
/* force off unneeded vector register save/restore. */
#undef SAVE_VECTOR_REGISTERS
#define SAVE_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING
#define SAVE_VECTOR_REGISTERS(fail_clause) SAVE_NO_VECTOR_REGISTERS(fail_clause)
#undef RESTORE_VECTOR_REGISTERS
#define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING
#define RESTORE_VECTOR_REGISTERS() RESTORE_NO_VECTOR_REGISTERS()
#endif
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
@@ -3919,7 +3919,7 @@ int wc_ecc_mulmod_ex2(const mp_int* k, ecc_point* G, ecc_point* R, mp_int* a,
#endif
int i, err;
#ifdef WOLFSSL_SMALL_STACK_CACHE
ecc_key key;
ecc_key *key = NULL;
#endif
mp_digit mp;
@@ -3946,10 +3946,13 @@ int wc_ecc_mulmod_ex2(const mp_int* k, ecc_point* G, ecc_point* R, mp_int* a,
XMEMSET(M, 0, sizeof(M));
#ifdef WOLFSSL_SMALL_STACK_CACHE
err = ecc_key_tmp_init(&key, heap);
key = (ecc_key *)XMALLOC(sizeof(*key), heap, DYNAMIC_TYPE_ECC);
if (key == NULL)
return MEMORY_E;
err = ecc_key_tmp_init(key, heap);
if (err != MP_OKAY)
goto exit;
R->key = &key;
R->key = key;
#endif /* WOLFSSL_SMALL_STACK_CACHE */
/* alloc ram for window temps */
@@ -3962,7 +3965,7 @@ int wc_ecc_mulmod_ex2(const mp_int* k, ecc_point* G, ecc_point* R, mp_int* a,
goto exit;
}
#ifdef WOLFSSL_SMALL_STACK_CACHE
M[i]->key = &key;
M[i]->key = key;
#endif
}
@@ -4004,7 +4007,8 @@ exit:
}
#ifdef WOLFSSL_SMALL_STACK_CACHE
R->key = NULL;
ecc_key_tmp_final(&key, heap);
ecc_key_tmp_final(key, heap);
XFREE(key, heap, DYNAMIC_TYPE_ECC);
#endif /* WOLFSSL_SMALL_STACK_CACHE */
return err;

View File

@@ -243,6 +243,95 @@ int _InitHmac(Hmac* hmac, int type, void* heap)
return ret;
}
static int HmacKeyCopyHash(byte macType, wc_HmacHash* src, wc_HmacHash* dst)
{
int ret = 0;
switch (macType) {
#ifndef NO_MD5
case WC_MD5:
ret = wc_Md5Copy(&src->md5, &dst->md5);
break;
#endif /* !NO_MD5 */
#ifndef NO_SHA
case WC_SHA:
ret = wc_ShaCopy(&src->sha, &dst->sha);
break;
#endif /* !NO_SHA */
#ifdef WOLFSSL_SHA224
case WC_SHA224:
ret = wc_Sha224Copy(&src->sha224, &dst->sha224);
break;
#endif /* WOLFSSL_SHA224 */
#ifndef NO_SHA256
case WC_SHA256:
ret = wc_Sha256Copy(&src->sha256, &dst->sha256);
break;
#endif /* !NO_SHA256 */
#ifdef WOLFSSL_SHA384
case WC_SHA384:
ret = wc_Sha384Copy(&src->sha384, &dst->sha384);
break;
#endif /* WOLFSSL_SHA384 */
#ifdef WOLFSSL_SHA512
case WC_SHA512:
ret = wc_Sha512Copy(&src->sha512, &dst->sha512);
break;
#endif /* WOLFSSL_SHA512 */
#ifdef WOLFSSL_SHA3
#ifndef WOLFSSL_NOSHA3_224
case WC_SHA3_224:
ret = wc_Sha3_224_Copy(&src->sha3, &dst->sha3);
break;
#endif
#ifndef WOLFSSL_NOSHA3_256
case WC_SHA3_256:
ret = wc_Sha3_256_Copy(&src->sha3, &dst->sha3);
break;
#endif
#ifndef WOLFSSL_NOSHA3_384
case WC_SHA3_384:
ret = wc_Sha3_384_Copy(&src->sha3, &dst->sha3);
break;
#endif
#ifndef WOLFSSL_NOSHA3_512
case WC_SHA3_512:
ret = wc_Sha3_512_Copy(&src->sha3, &dst->sha3);
break;
#endif
#endif /* WOLFSSL_SHA3 */
#ifdef WOLFSSL_SM3
case WC_SM3:
ret = wc_Sm3Copy(&src->sm3, &dst->sm3);
break;
#endif
default:
break;
}
return ret;
}
int wc_HmacCopy(Hmac* src, Hmac* dst) {
int ret;
if ((src == NULL) || (dst == NULL))
return BAD_FUNC_ARG;
XMEMCPY(dst, src, sizeof(*dst));
ret = HmacKeyCopyHash(src->macType, &src->hash, &dst->hash);
if (ret != 0)
XMEMSET(dst, 0, sizeof(*dst));
return ret;
}
int wc_HmacSetKey_ex(Hmac* hmac, int type, const byte* key, word32 length,
int allowFlag)
@@ -268,7 +357,7 @@ int wc_HmacSetKey_ex(Hmac* hmac, int type, const byte* key, word32 length,
}
heap = hmac->heap;
#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0)
#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(5,0,0)
/* if set key has already been run then make sure and free existing */
/* This is for async and PIC32MZ situations, and just normally OK,
provided the user calls wc_HmacInit() first. That function is not

File diff suppressed because it is too large Load Diff

View File

@@ -60,12 +60,12 @@ RSA keys can be used to encrypt, decrypt, sign and verify data.
#include <wolfssl/wolfcrypt/sp.h>
#endif
#if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_SP_ASM)
#if defined(WOLFSSL_KERNEL_MODE) && !defined(WOLFSSL_SP_ASM)
/* force off unneeded vector register save/restore. */
#undef SAVE_VECTOR_REGISTERS
#define SAVE_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING
#define SAVE_VECTOR_REGISTERS(fail_clause) SAVE_NO_VECTOR_REGISTERS(fail_clause)
#undef RESTORE_VECTOR_REGISTERS
#define RESTORE_VECTOR_REGISTERS() WC_DO_NOTHING
#define RESTORE_VECTOR_REGISTERS() RESTORE_NO_VECTOR_REGISTERS()
#endif
/*
@@ -207,7 +207,7 @@ int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId)
#endif
key->data = NULL;
key->dataLen = 0;
#ifdef WC_RSA_BLINDING
#ifndef WC_NO_RNG
key->rng = NULL;
#endif
@@ -705,10 +705,9 @@ static int _ifc_pairwise_consistency_test(RsaKey* key, WC_RNG* rng)
int wc_CheckRsaKey(RsaKey* key)
{
#ifdef WOLFSSL_SMALL_STACK
WC_RNG *rng = NULL;
#else
WC_RNG rng[1];
#ifndef WOLFSSL_SMALL_STACK
WC_RNG rng_buf;
#endif
int ret = 0;
DECL_MP_INT_SIZE_DYN(tmp, (key)? mp_bitsused(&key->n) : 0, RSA_MAX_SIZE);
@@ -724,21 +723,34 @@ int wc_CheckRsaKey(RsaKey* key)
}
#endif
#ifdef WOLFSSL_SMALL_STACK
rng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG);
if (rng == NULL) {
return MEMORY_E;
}
#endif
NEW_MP_INT_SIZE(tmp, mp_bitsused(&key->n), NULL, DYNAMIC_TYPE_RSA);
#ifdef MP_INT_SIZE_CHECK_NULL
if (tmp == NULL) {
XFREE(rng, NULL, DYNAMIC_TYPE_RNG);
return MEMORY_E;
}
#endif
ret = wc_InitRng(rng);
if (key->rng)
rng = key->rng;
else {
#ifndef WOLFSSL_SMALL_STACK
rng = &rng_buf;
#else
rng = (WC_RNG *)XMALLOC(sizeof(*rng), NULL, DYNAMIC_TYPE_RNG);
if (rng == NULL) {
FREE_MP_INT_SIZE(tmp, NULL, DYNAMIC_TYPE_RSA);
return MEMORY_E;
}
#endif
ret = wc_InitRng(rng);
if (ret != 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(rng, NULL, DYNAMIC_TYPE_RNG);
FREE_MP_INT_SIZE(tmp, NULL, DYNAMIC_TYPE_RSA);
#endif
return ret;
}
}
SAVE_VECTOR_REGISTERS(ret = _svr_ret;);
@@ -856,11 +868,14 @@ int wc_CheckRsaKey(RsaKey* key)
RESTORE_VECTOR_REGISTERS();
wc_FreeRng(rng);
FREE_MP_INT_SIZE(tmp, NULL, DYNAMIC_TYPE_RSA);
if ((rng != NULL) && (rng != key->rng)) {
wc_FreeRng(rng);
#ifdef WOLFSSL_SMALL_STACK
XFREE(rng, NULL, DYNAMIC_TYPE_RNG);
#elif defined(WOLFSSL_CHECK_MEM_ZERO)
XFREE(rng, NULL, DYNAMIC_TYPE_RNG);
#endif
}
FREE_MP_INT_SIZE(tmp, NULL, DYNAMIC_TYPE_RSA);
#ifdef WOLFSSL_CHECK_MEM_ZERO
mp_memzero_check(tmp);
#endif
@@ -5197,7 +5212,7 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
#endif /* WOLFSSL_KEY_GEN */
#ifdef WC_RSA_BLINDING
#ifndef WC_NO_RNG
int wc_RsaSetRNG(RsaKey* key, WC_RNG* rng)
{
if (key == NULL || rng == NULL)
@@ -5207,7 +5222,7 @@ int wc_RsaSetRNG(RsaKey* key, WC_RNG* rng)
return 0;
}
#endif /* WC_RSA_BLINDING */
#endif /* !WC_NO_RNG */
#ifdef WC_RSA_NONBLOCK
int wc_RsaSetNonBlock(RsaKey* key, RsaNb* nb)

View File

@@ -572,12 +572,12 @@ static int InitSha256(wc_Sha256* sha256)
static WC_INLINE int inline_XTRANSFORM(wc_Sha256* S, const byte* D) {
int ret;
#ifdef WOLFSSL_LINUXKM
#ifdef WOLFSSL_USE_SAVE_VECTOR_REGISTERS
if (Transform_Sha256_is_vectorized)
SAVE_VECTOR_REGISTERS(return _svr_ret;);
#endif
ret = (*Transform_Sha256_p)(S, D);
#ifdef WOLFSSL_LINUXKM
#ifdef WOLFSSL_USE_SAVE_VECTOR_REGISTERS
if (Transform_Sha256_is_vectorized)
RESTORE_VECTOR_REGISTERS();
#endif
@@ -587,12 +587,12 @@ static int InitSha256(wc_Sha256* sha256)
static WC_INLINE int inline_XTRANSFORM_LEN(wc_Sha256* S, const byte* D, word32 L) {
int ret;
#ifdef WOLFSSL_LINUXKM
#ifdef WOLFSSL_USE_SAVE_VECTOR_REGISTERS
if (Transform_Sha256_is_vectorized)
SAVE_VECTOR_REGISTERS(return _svr_ret;);
#endif
ret = (*Transform_Sha256_Len_p)(S, D, L);
#ifdef WOLFSSL_LINUXKM
#ifdef WOLFSSL_USE_SAVE_VECTOR_REGISTERS
if (Transform_Sha256_is_vectorized)
RESTORE_VECTOR_REGISTERS();
#endif
@@ -684,7 +684,10 @@ static int InitSha256(wc_Sha256* sha256)
sha256->devCtx = NULL;
#endif
#ifdef WOLFSSL_SMALL_STACK_CACHE
sha256->W = NULL;
sha256->W = (word32*)XMALLOC(sizeof(word32) * WC_SHA256_BLOCK_SIZE,
sha256->heap, DYNAMIC_TYPE_DIGEST);
if (sha256->W == NULL)
return MEMORY_E;
#endif
ret = InitSha256(sha256);
@@ -1099,7 +1102,10 @@ static int InitSha256(wc_Sha256* sha256)
}
#endif
#ifdef WOLFSSL_SMALL_STACK_CACHE
sha256->W = NULL;
sha256->W = (word32*)XMALLOC(sizeof(word32) * WC_SHA256_BLOCK_SIZE,
sha256->heap, DYNAMIC_TYPE_DIGEST);
if (sha256->W == NULL)
return MEMORY_E;
#endif
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_SHA256)
@@ -1180,13 +1186,8 @@ static int InitSha256(wc_Sha256* sha256)
#ifdef WOLFSSL_SMALL_STACK_CACHE
word32* W = sha256->W;
if (W == NULL) {
W = (word32*)XMALLOC(sizeof(word32) * WC_SHA256_BLOCK_SIZE, NULL,
DYNAMIC_TYPE_DIGEST);
if (W == NULL)
return MEMORY_E;
sha256->W = W;
}
if (W == NULL)
return BAD_FUNC_ARG;
#elif defined(WOLFSSL_SMALL_STACK)
word32* W;
W = (word32*)XMALLOC(sizeof(word32) * WC_SHA256_BLOCK_SIZE, NULL,
@@ -1988,6 +1989,15 @@ static int InitSha256(wc_Sha256* sha256)
{
int ret = 0;
#ifdef WOLFSSL_SMALL_STACK_CACHE
if (sha224->W == NULL) {
sha224->W = (word32*)XMALLOC(sizeof(word32) * WC_SHA256_BLOCK_SIZE,
sha224->heap, DYNAMIC_TYPE_DIGEST);
if (sha224->W == NULL)
return MEMORY_E;
}
#endif
sha224->digest[0] = 0xc1059ed8;
sha224->digest[1] = 0x367cd507;
sha224->digest[2] = 0x3070dd17;
@@ -2413,7 +2423,12 @@ int wc_Sha224_Grow(wc_Sha224* sha224, const byte* in, int inSz)
XMEMCPY(dst, src, sizeof(wc_Sha224));
#ifdef WOLFSSL_SMALL_STACK_CACHE
dst->W = NULL;
dst->W = (word32*)XMALLOC(sizeof(word32) * WC_SHA256_BLOCK_SIZE,
dst->heap, DYNAMIC_TYPE_DIGEST);
if (dst->W == NULL) {
XMEMSET(dst, 0, sizeof(wc_Sha224));
return MEMORY_E;
}
#endif
#if defined(WOLFSSL_SILABS_SE_ACCEL) && defined(WOLFSSL_SILABS_SE_ACCEL_3)
@@ -2561,7 +2576,12 @@ int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst)
#endif
#ifdef WOLFSSL_SMALL_STACK_CACHE
dst->W = NULL;
dst->W = (word32*)XMALLOC(sizeof(word32) * WC_SHA256_BLOCK_SIZE,
dst->heap, DYNAMIC_TYPE_DIGEST);
if (dst->W == NULL) {
XMEMSET(dst, 0, sizeof(wc_Sha256));
return MEMORY_E;
}
#endif
#if defined(WOLFSSL_SILABS_SE_ACCEL) && defined(WOLFSSL_SILABS_SE_ACCEL_3)

View File

@@ -39,6 +39,12 @@
#endif
#endif
#ifdef WC_SHA3_NO_ASM
#undef USE_INTEL_SPEEDUP
#undef WOLFSSL_ARMASM
#undef WOLFSSL_RISCV_ASM
#endif
#include <wolfssl/wolfcrypt/sha3.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#include <wolfssl/wolfcrypt/hash.h>
@@ -705,7 +711,7 @@ static int Sha3Update(wc_Sha3* sha3, const byte* data, word32 len, byte p)
word32 i;
word32 blocks;
#if defined(WOLFSSL_LINUXKM) && defined(USE_INTEL_SPEEDUP)
#if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS) && defined(USE_INTEL_SPEEDUP)
if (SHA3_BLOCK == sha3_block_avx2)
SAVE_VECTOR_REGISTERS(return _svr_ret;);
#endif
@@ -757,7 +763,7 @@ static int Sha3Update(wc_Sha3* sha3, const byte* data, word32 len, byte p)
len -= p * 8U;
data += p * 8U;
}
#if defined(WOLFSSL_LINUXKM) && defined(USE_INTEL_SPEEDUP)
#if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS) && defined(USE_INTEL_SPEEDUP)
if (SHA3_BLOCK == sha3_block_avx2)
RESTORE_VECTOR_REGISTERS();
#endif
@@ -795,7 +801,7 @@ static int Sha3Final(wc_Sha3* sha3, byte padChar, byte* hash, byte p, word32 l)
sha3->s[i] ^= Load64BitBigEndian(sha3->t + 8 * i);
}
#if defined(WOLFSSL_LINUXKM) && defined(USE_INTEL_SPEEDUP)
#if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS) && defined(USE_INTEL_SPEEDUP)
if (SHA3_BLOCK == sha3_block_avx2)
SAVE_VECTOR_REGISTERS(return _svr_ret;);
#endif
@@ -823,7 +829,7 @@ static int Sha3Final(wc_Sha3* sha3, byte padChar, byte* hash, byte p, word32 l)
#endif
XMEMCPY(hash + j, sha3->s, l - j);
}
#if defined(WOLFSSL_LINUXKM) && defined(USE_INTEL_SPEEDUP)
#if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS) && defined(USE_INTEL_SPEEDUP)
if (SHA3_BLOCK == sha3_block_avx2)
RESTORE_VECTOR_REGISTERS();
#endif
@@ -1526,7 +1532,7 @@ int wc_Shake128_Absorb(wc_Shake* shake, const byte* data, word32 len)
*/
int wc_Shake128_SqueezeBlocks(wc_Shake* shake, byte* out, word32 blockCnt)
{
#if defined(WOLFSSL_LINUXKM) && defined(USE_INTEL_SPEEDUP)
#if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS) && defined(USE_INTEL_SPEEDUP)
if (SHA3_BLOCK == sha3_block_avx2)
SAVE_VECTOR_REGISTERS(return _svr_ret;);
#endif
@@ -1543,7 +1549,7 @@ int wc_Shake128_SqueezeBlocks(wc_Shake* shake, byte* out, word32 blockCnt)
#endif
out += WC_SHA3_128_COUNT * 8;
}
#if defined(WOLFSSL_LINUXKM) && defined(USE_INTEL_SPEEDUP)
#if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS) && defined(USE_INTEL_SPEEDUP)
if (SHA3_BLOCK == sha3_block_avx2)
RESTORE_VECTOR_REGISTERS();
#endif
@@ -1664,7 +1670,7 @@ int wc_Shake256_Absorb(wc_Shake* shake, const byte* data, word32 len)
*/
int wc_Shake256_SqueezeBlocks(wc_Shake* shake, byte* out, word32 blockCnt)
{
#if defined(WOLFSSL_LINUXKM) && defined(USE_INTEL_SPEEDUP)
#if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS) && defined(USE_INTEL_SPEEDUP)
if (SHA3_BLOCK == sha3_block_avx2)
SAVE_VECTOR_REGISTERS(return _svr_ret;);
#endif
@@ -1681,7 +1687,7 @@ int wc_Shake256_SqueezeBlocks(wc_Shake* shake, byte* out, word32 blockCnt)
#endif
out += WC_SHA3_256_COUNT * 8;
}
#if defined(WOLFSSL_LINUXKM) && defined(USE_INTEL_SPEEDUP)
#if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS) && defined(USE_INTEL_SPEEDUP)
if (SHA3_BLOCK == sha3_block_avx2)
RESTORE_VECTOR_REGISTERS();
#endif

View File

@@ -693,12 +693,12 @@ static int InitSha512_256(wc_Sha512* sha512)
static WC_INLINE int Transform_Sha512(wc_Sha512 *sha512) {
int ret;
#ifdef WOLFSSL_LINUXKM
#ifdef WOLFSSL_USE_SAVE_VECTOR_REGISTERS
if (Transform_Sha512_is_vectorized)
SAVE_VECTOR_REGISTERS(return _svr_ret;);
#endif
ret = (*Transform_Sha512_p)(sha512);
#ifdef WOLFSSL_LINUXKM
#ifdef WOLFSSL_USE_SAVE_VECTOR_REGISTERS
if (Transform_Sha512_is_vectorized)
RESTORE_VECTOR_REGISTERS();
#endif
@@ -706,12 +706,12 @@ static int InitSha512_256(wc_Sha512* sha512)
}
static WC_INLINE int Transform_Sha512_Len(wc_Sha512 *sha512, word32 len) {
int ret;
#ifdef WOLFSSL_LINUXKM
#ifdef WOLFSSL_USE_SAVE_VECTOR_REGISTERS
if (Transform_Sha512_is_vectorized)
SAVE_VECTOR_REGISTERS(return _svr_ret;);
#endif
ret = (*Transform_Sha512_Len_p)(sha512, len);
#ifdef WOLFSSL_LINUXKM
#ifdef WOLFSSL_USE_SAVE_VECTOR_REGISTERS
if (Transform_Sha512_is_vectorized)
RESTORE_VECTOR_REGISTERS();
#endif
@@ -791,7 +791,10 @@ static int InitSha512_Family(wc_Sha512* sha512, void* heap, int devId,
sha512->heap = heap;
#ifdef WOLFSSL_SMALL_STACK_CACHE
sha512->W = NULL;
sha512->W = (word64 *)XMALLOC((sizeof(word64) * 16) + WC_SHA512_BLOCK_SIZE,
sha512->heap, DYNAMIC_TYPE_DIGEST);
if (sha512->W == NULL)
return MEMORY_E;
#endif
#ifdef WOLF_CRYPTO_CB
sha512->devId = devId;
@@ -951,14 +954,10 @@ static int _Transform_Sha512(wc_Sha512* sha512)
word32 j;
word64 T[8];
#ifdef WOLFSSL_SMALL_STACK_CACHE
#if defined(WOLFSSL_SMALL_STACK_CACHE)
word64* W = sha512->W;
if (W == NULL) {
W = (word64*)XMALLOC(sizeof(word64) * 16, sha512->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (W == NULL)
return MEMORY_E;
sha512->W = W;
}
if (W == NULL)
return BAD_FUNC_ARG;
#elif defined(WOLFSSL_SMALL_STACK)
word64* W;
W = (word64*) XMALLOC(sizeof(word64) * 16, sha512->heap, DYNAMIC_TYPE_TMP_BUFFER);
@@ -1504,7 +1503,7 @@ void wc_Sha512Free(wc_Sha512* sha512)
#ifdef WOLFSSL_SMALL_STACK_CACHE
if (sha512->W != NULL) {
ForceZero(sha512->W, sizeof(word64) * 16);
ForceZero(sha512->W, (sizeof(word64) * 16) + WC_SHA512_BLOCK_SIZE);
XFREE(sha512->W, sha512->heap, DYNAMIC_TYPE_TMP_BUFFER);
sha512->W = NULL;
}
@@ -1555,7 +1554,12 @@ int wc_Sha512Transform(wc_Sha512* sha, const unsigned char* data)
return BAD_FUNC_ARG;
}
#ifdef WOLFSSL_SMALL_STACK
#if defined(WOLFSSL_SMALL_STACK_CACHE)
if (sha->W == NULL)
return BAD_FUNC_ARG;
buffer = sha->W + 16;
#elif defined(WOLFSSL_SMALL_STACK)
buffer = (word64*)XMALLOC(WC_SHA512_BLOCK_SIZE, sha->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (buffer == NULL)
@@ -1583,7 +1587,7 @@ int wc_Sha512Transform(wc_Sha512* sha, const unsigned char* data)
ret = Transform_Sha512(sha);
XMEMCPY(sha->buffer, buffer, WC_SHA512_BLOCK_SIZE);
#ifdef WOLFSSL_SMALL_STACK
#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_SMALL_STACK_CACHE)
ForceZero(buffer, WC_SHA512_BLOCK_SIZE);
XFREE(buffer, sha->heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif
@@ -1721,6 +1725,15 @@ static int InitSha384(wc_Sha384* sha384)
return BAD_FUNC_ARG;
}
#ifdef WOLFSSL_SMALL_STACK_CACHE
if (sha384->W == NULL) {
sha384->W = (word64 *)XMALLOC((sizeof(word64) * 16) + WC_SHA512_BLOCK_SIZE,
sha384->heap, DYNAMIC_TYPE_DIGEST);
if (sha384->W == NULL)
return MEMORY_E;
}
#endif
sha384->digest[0] = W64LIT(0xcbbb9d5dc1059ed8);
sha384->digest[1] = W64LIT(0x629a292a367cd507);
sha384->digest[2] = W64LIT(0x9159015a3070dd17);
@@ -1941,7 +1954,7 @@ void wc_Sha384Free(wc_Sha384* sha384)
#ifdef WOLFSSL_SMALL_STACK_CACHE
if (sha384->W != NULL) {
ForceZero(sha384->W, sizeof(word64) * 16);
ForceZero(sha384->W, (sizeof(word64) * 16) + WC_SHA512_BLOCK_SIZE);
XFREE(sha384->W, sha384->heap, DYNAMIC_TYPE_TMP_BUFFER);
sha384->W = NULL;
}
@@ -2049,7 +2062,12 @@ int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst)
XMEMCPY(dst, src, sizeof(wc_Sha512));
#ifdef WOLFSSL_SMALL_STACK_CACHE
dst->W = NULL;
dst->W = (word64 *)XMALLOC((sizeof(word64) * 16) + WC_SHA512_BLOCK_SIZE,
dst->heap, DYNAMIC_TYPE_DIGEST);
if (dst->W == NULL) {
XMEMSET(dst, 0, sizeof(wc_Sha512));
return MEMORY_E;
}
#endif
#if defined(WOLFSSL_SILABS_SE_ACCEL) && defined(WOLFSSL_SILABS_SE_ACCEL_3) && \
@@ -2463,7 +2481,12 @@ int wc_Sha384Copy(wc_Sha384* src, wc_Sha384* dst)
XMEMCPY(dst, src, sizeof(wc_Sha384));
#ifdef WOLFSSL_SMALL_STACK_CACHE
dst->W = NULL;
dst->W = (word64 *)XMALLOC((sizeof(word64) * 16) + WC_SHA384_BLOCK_SIZE,
dst->heap, DYNAMIC_TYPE_DIGEST);
if (dst->W == NULL) {
XMEMSET(dst, 0, sizeof(wc_Sha384));
return MEMORY_E;
}
#endif
#if defined(WOLFSSL_SILABS_SE_ACCEL) && defined(WOLFSSL_SILABS_SE_ACCEL_3) && \

View File

@@ -116,7 +116,7 @@ This library provides single precision (SP) integer math functions.
#include <wolfssl/wolfcrypt/sp_int.h>
#if defined(WOLFSSL_LINUXKM) && !defined(WOLFSSL_SP_ASM)
#if defined(WOLFSSL_USE_SAVE_VECTOR_REGISTERS) && !defined(WOLFSSL_SP_ASM)
/* force off unneeded vector register save/restore. */
#undef SAVE_VECTOR_REGISTERS
#define SAVE_VECTOR_REGISTERS(fail_clause) WC_DO_NOTHING

View File

@@ -303,6 +303,13 @@ struct Aes {
#endif
#ifdef WOLFSSL_AESNI
byte use_aesni;
#if defined(WOLFSSL_KERNEL_MODE) || defined(WC_WANT_FLAG_DONT_USE_AESNI)
/* Note, we can't define WC_FLAG_DONT_USE_VECTOR_OPS by default because we
* need to support legacy applications that call wc_AesSetKey() on
* uninited struct Aes.
*/
#define WC_FLAG_DONT_USE_VECTOR_OPS 2
#endif
#endif /* WOLFSSL_AESNI */
#if defined(__aarch64__) && defined(WOLFSSL_ARMASM) && \
!defined(WOLFSSL_ARMASM_NO_HW_CRYPTO)

View File

@@ -173,6 +173,10 @@ WOLFSSL_API int wc_DhCmpNamedKey(int name, int noQ,
WOLFSSL_API int wc_DhCopyNamedKey(int name,
byte* p, word32* pSz, byte* g, word32* gSz, byte* q, word32* qSz);
WOLFSSL_API int wc_DhGeneratePublic(DhKey* key, byte* priv,
word32 privSz, byte* pub,
word32* pubSz);
#ifdef WOLFSSL_DH_EXTRA
WOLFSSL_API int wc_DhImportKeyPair(DhKey* key, const byte* priv, word32 privSz,
const byte* pub, word32 pubSz);

View File

@@ -185,6 +185,7 @@ WOLFSSL_API int wc_HmacInit_Id(Hmac* hmac, byte* id, int len, void* heap,
WOLFSSL_API int wc_HmacInit_Label(Hmac* hmac, const char* label, void* heap,
int devId);
#endif
WOLFSSL_API int wc_HmacCopy(Hmac* src, Hmac* dst);
WOLFSSL_API void wc_HmacFree(Hmac* hmac);
WOLFSSL_API int wolfSSL_GetHmacMaxSize(void);

View File

@@ -1,12 +1,12 @@
/* random.h
*
* Copyright (C) 2006-2024 wolfSSL Inc.
* Copyright (C) 2006-2025 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
@@ -133,6 +133,12 @@
#else
typedef unsigned long ProviderHandle;
#endif
#ifdef WIN_REUSE_CRYPT_HANDLE
/* called from wolfCrypt_Init() and wolfCrypt_Cleanup() */
WOLFSSL_LOCAL int wc_WinCryptHandleInit(void);
WOLFSSL_LOCAL void wc_WinCryptHandleCleanup(void);
#endif
#endif
#ifndef WC_RNG_TYPE_DEFINED /* guard on redeclaration */
@@ -157,8 +163,92 @@ struct OS_Seed {
};
#ifdef HAVE_HASHDRBG
/* The security strength for the RNG is the target number of bits of
* entropy you are looking for in a seed. */
/* RNG_SECURITY_STRENGTH is unprefixed for backward compat. */
#ifndef RNG_SECURITY_STRENGTH
/* SHA-256 requires a minimum of 256-bits of entropy. */
#define RNG_SECURITY_STRENGTH (256)
#endif
/* wolfentropy.h will define for HAVE_ENTROPY_MEMUSE */
#ifdef HAVE_ENTROPY_MEMUSE
#include <wolfssl/wolfcrypt/wolfentropy.h>
#endif
/* ENTROPY_SCALE_FACTOR is unprefixed for backward compat. */
#ifndef ENTROPY_SCALE_FACTOR
/* The entropy scale factor should be the whole number inverse of the
* minimum bits of entropy per bit of NDRNG output. */
#if defined(HAVE_AMD_RDSEED)
/* This will yield a SEED_SZ of 16kb. Since nonceSz will be 0,
* we'll add an additional 8kb on top.
*
* See "AMD RNG ESV Public Use Document". Version 0.7 of October 24,
* 2024 specifies 0.656 to 1.312 bits of entropy per 128 bit block of
* RDSEED output, depending on CPU family.
*/
#define ENTROPY_SCALE_FACTOR (512)
#elif defined(HAVE_INTEL_RDSEED) || defined(HAVE_INTEL_RDRAND)
/* The value of 2 applies to Intel's RDSEED which provides about
* 0.5 bits minimum of entropy per bit. The value of 4 gives a
* conservative margin for FIPS. */
#if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \
(HAVE_FIPS_VERSION >= 2)
#define ENTROPY_SCALE_FACTOR (2*4)
#else
/* Not FIPS, but Intel RDSEED, only double. */
#define ENTROPY_SCALE_FACTOR (2)
#endif
#elif defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \
(HAVE_FIPS_VERSION >= 2)
/* If doing a FIPS build without a specific scale factor, default
* to 4. This will give 1024 bits of entropy. More is better, but
* more is also slower. */
#define ENTROPY_SCALE_FACTOR (4)
#else
/* Setting the default to 1. */
#define ENTROPY_SCALE_FACTOR (1)
#endif
#endif /* !ENTROPY_SCALE_FACTOR */
/* SEED_BLOCK_SZ is unprefixed for backward compat. */
#ifndef SEED_BLOCK_SZ
/* The seed block size, is the size of the output of the underlying NDRNG.
* This value is used for testing the output of the NDRNG. */
#if defined(HAVE_AMD_RDSEED)
/* AMD's RDSEED instruction works in 128-bit blocks read 64-bits
* at a time. */
#define SEED_BLOCK_SZ (sizeof(word64)*2)
#elif defined(HAVE_INTEL_RDSEED) || defined(HAVE_INTEL_RDRAND)
/* RDSEED outputs in blocks of 64-bits. */
#define SEED_BLOCK_SZ sizeof(word64)
#else
/* Setting the default to 4. */
#define SEED_BLOCK_SZ 4
#endif
#endif
#define WC_DRBG_SEED_BLOCK_SZ SEED_BLOCK_SZ
#define WC_DRBG_SEED_SZ (RNG_SECURITY_STRENGTH*ENTROPY_SCALE_FACTOR/8)
/* The maximum seed size will be the seed size plus a seed block for the
* test, and an additional half of the seed size. This additional half
* is in case the user does not supply a nonce. A nonce will be obtained
* from the NDRNG. */
#define WC_DRBG_MAX_SEED_SZ (WC_DRBG_SEED_SZ + WC_DRBG_SEED_SZ/2 + \
SEED_BLOCK_SZ)
#define RNG_HEALTH_TEST_CHECK_SIZE (WC_SHA256_DIGEST_SIZE * 4)
struct DRBG_internal {
#ifdef WORD64_AVAILABLE
word64 reseedCtr;
#else
word32 reseedCtr;
#endif
byte V[DRBG_SEED_LEN];
byte C[DRBG_SEED_LEN];
void* heap;
@@ -167,21 +257,63 @@ struct DRBG_internal {
#endif
#ifdef WOLFSSL_SMALL_STACK_CACHE
wc_Sha256 sha256;
byte seed_scratch[DRBG_SEED_LEN];
byte digest_scratch[WC_SHA256_DIGEST_SIZE];
#endif
};
#endif /* HAVE_HASHDRBG */
/* RNG health states */
#define WC_DRBG_NOT_INIT 0
#define WC_DRBG_OK 1
#define WC_DRBG_FAILED 2
#define WC_DRBG_CONT_FAILED 3
#ifdef WC_RNG_BANK_SUPPORT
#define WC_DRBG_BANKREF 4 /* Marks the WC_RNG as a ref to a wc_rng_bank,
* with no usable DRBG of its own.
*/
#endif
/* RNG context */
struct WC_RNG {
struct OS_Seed seed;
void* heap;
#ifdef HAVE_HASHDRBG
/* Hash-based Deterministic Random Bit Generator */
struct DRBG* drbg;
#if defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_STATIC_MEMORY)
struct DRBG_internal drbg_data;
#endif
byte status;
#ifdef HAVE_ANONYMOUS_INLINE_AGGREGATES
union {
#endif
#ifdef WC_RNG_BANK_SUPPORT
struct wc_rng_bank *bankref;
#endif
#ifdef HAVE_HASHDRBG
#ifdef HAVE_ANONYMOUS_INLINE_AGGREGATES
struct {
#endif
/* Hash-based Deterministic Random Bit Generator */
struct DRBG* drbg;
#if defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_STATIC_MEMORY)
struct DRBG_internal drbg_data;
#endif
#ifdef WOLFSSL_SMALL_STACK_CACHE
/* Scratch buffers -- all preallocated by _InitRng(). */
struct DRBG_internal *drbg_scratch;
byte *health_check_scratch;
byte *newSeed_buf;
#endif
#ifdef HAVE_ANONYMOUS_INLINE_AGGREGATES
};
#endif
#endif /* HAVE_HASHDRBG */
#ifdef HAVE_ANONYMOUS_INLINE_AGGREGATES
};
#endif
#if defined(HAVE_GETPID) && !defined(WOLFSSL_NO_GETPID)
pid_t pid;
#endif
#ifdef WOLFSSL_ASYNC_CRYPT
WC_ASYNC_DEV asyncDev;
@@ -199,7 +331,7 @@ struct WC_RNG {
#define RNG WC_RNG
#endif
WOLFSSL_API int wc_GenerateSeed(OS_Seed* os, byte* seed, word32 sz);
WOLFSSL_API int wc_GenerateSeed(OS_Seed* os, byte* output, word32 sz);
#ifdef HAVE_WNR
@@ -222,7 +354,7 @@ WOLFSSL_API int wc_InitRng_ex(WC_RNG* rng, void* heap, int devId);
WOLFSSL_API int wc_InitRngNonce(WC_RNG* rng, byte* nonce, word32 nonceSz);
WOLFSSL_API int wc_InitRngNonce_ex(WC_RNG* rng, byte* nonce, word32 nonceSz,
void* heap, int devId);
WOLFSSL_ABI WOLFSSL_API int wc_RNG_GenerateBlock(WC_RNG* rng, byte* b, word32 sz);
WOLFSSL_ABI WOLFSSL_API int wc_RNG_GenerateBlock(WC_RNG* rng, byte* output, word32 sz);
WOLFSSL_API int wc_RNG_GenerateByte(WC_RNG* rng, byte* b);
WOLFSSL_API int wc_FreeRng(WC_RNG* rng);
#else
@@ -235,7 +367,12 @@ WOLFSSL_API int wc_FreeRng(WC_RNG* rng);
/* some older compilers do not like macro function in expression */
#define wc_RNG_GenerateBlock(rng, b, s) NOT_COMPILED_IN
#else
#define wc_RNG_GenerateBlock(rng, b, s) ({(void)rng; (void)b; (void)s; NOT_COMPILED_IN;})
#ifdef _MSC_VER
#define wc_RNG_GenerateBlock(rng, b, s) (int)(NOT_COMPILED_IN)
#else
#define wc_RNG_GenerateBlock(rng, b, s) \
({(void)rng; (void)b; (void)s; NOT_COMPILED_IN;})
#endif
#endif
#define wc_RNG_GenerateByte(rng, b) NOT_COMPILED_IN
#define wc_FreeRng(rng) (void)NOT_COMPILED_IN
@@ -246,34 +383,21 @@ WOLFSSL_API int wc_FreeRng(WC_RNG* rng);
#endif
#ifdef HAVE_HASHDRBG
WOLFSSL_API int wc_RNG_DRBG_Reseed(WC_RNG* rng, const byte* entropy,
word32 entropySz);
WOLFSSL_API int wc_RNG_DRBG_Reseed(WC_RNG* rng, const byte* seed,
word32 seedSz);
WOLFSSL_API int wc_RNG_TestSeed(const byte* seed, word32 seedSz);
WOLFSSL_API int wc_RNG_HealthTest(int reseed,
const byte* entropyA, word32 entropyASz,
const byte* entropyB, word32 entropyBSz,
const byte* seedA, word32 seedASz,
const byte* seedB, word32 seedBSz,
byte* output, word32 outputSz);
WOLFSSL_API int wc_RNG_HealthTest_ex(int reseed,
const byte* nonce, word32 nonceSz,
const byte* entropyA, word32 entropyASz,
const byte* entropyB, word32 entropyBSz,
const byte* seedA, word32 seedASz,
const byte* seedB, word32 seedBSz,
byte* output, word32 outputSz,
void* heap, int devId);
#endif /* HAVE_HASHDRBG */
#ifdef HAVE_ENTROPY_MEMUSE
/* Maximum entropy bits that can be produced. */
#define MAX_ENTROPY_BITS 256
/* For generating data for assessment. */
WOLFSSL_API int wc_Entropy_GetRawEntropy(unsigned char* raw, int cnt);
WOLFSSL_API int wc_Entropy_Get(int bits, unsigned char* entropy, word32 len);
WOLFSSL_API int wc_Entropy_OnDemandTest(void);
WOLFSSL_LOCAL int Entropy_Init(void);
WOLFSSL_LOCAL void Entropy_Final(void);
#endif
#ifdef __cplusplus
} /* extern "C" */
#endif

View File

@@ -214,8 +214,10 @@ struct RsaKey {
int type; /* public or private */
int state;
word32 dataLen;
#ifdef WC_RSA_BLINDING
WC_RNG* rng; /* for PrivateDecrypt blinding */
#ifndef WC_NO_RNG
WC_RNG* rng; /* for PrivateDecrypt blinding and
* _ifc_pairwise_consistency_test()
*/
#endif
#ifdef WOLFSSL_SE050
word32 keyId;
@@ -400,7 +402,7 @@ WOLFSSL_API int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz,
WOLFSSL_API int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen);
#endif
#ifdef WC_RSA_BLINDING
#ifndef WC_NO_RNG
WOLFSSL_API int wc_RsaSetRNG(RsaKey* key, WC_RNG* rng);
#endif
#ifdef WC_RSA_NONBLOCK

View File

@@ -220,7 +220,9 @@ WOLFSSL_API int wc_Shake256_Copy(wc_Shake* src, wc_Sha3* dst);
WOLFSSL_API int wc_Sha3_GetFlags(wc_Sha3* sha3, word32* flags);
#endif
#ifdef USE_INTEL_SPEEDUP
#ifdef WC_SHA3_NO_ASM
/* asm speedups disabled */
#elif defined(USE_INTEL_SPEEDUP)
WOLFSSL_LOCAL void sha3_block_n_bmi2(word64* s, const byte* data, word32 n,
word64 c);
WOLFSSL_LOCAL void sha3_block_bmi2(word64* s);

View File

@@ -35,7 +35,7 @@
typedef unsigned __int8 uint8_t;
typedef unsigned __int32 uint32_t;
typedef unsigned __int64 uint64_t;
#elif !defined(WOLFSSL_LINUXKM)
#elif !defined(NO_STDINT_H)
#include <stdint.h>
#endif

View File

@@ -27,7 +27,7 @@ This library provides single precision (SP) integer math functions.
#ifndef WOLF_CRYPT_SP_INT_H
#define WOLF_CRYPT_SP_INT_H
#ifndef WOLFSSL_LINUXKM
#ifndef NO_LIMITS_H
#include <limits.h>
#endif
#include <wolfssl/wolfcrypt/settings.h>