diff --git a/.github/workflows/python.yml b/.github/workflows/python.yml new file mode 100644 index 0000000000..4080b1528c --- /dev/null +++ b/.github/workflows/python.yml @@ -0,0 +1,142 @@ +name: Python Tests + +# START OF COMMON SECTION +on: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION + +jobs: + build_wolfssl: + name: Build wolfSSL + if: github.repository_owner == 'wolfssl' + runs-on: ubuntu-24.04 + timeout-minutes: 10 + steps: + - name: Build wolfSSL + uses: wolfSSL/actions-build-autotools-project@v1 + with: + path: wolfssl + configure: >- + --enable-all --enable-tlsv10 + 'CPPFLAGS=-DHAVE_SECRET_CALLBACK -DWOLFSSL_PYTHON' + check: false + install: true + + - name: tar build-dir + run: tar -zcf build-dir.tgz build-dir + + - name: Upload built lib + uses: actions/upload-artifact@v4 + with: + name: wolf-install-python + path: build-dir.tgz + retention-days: 5 + + python_check: + strategy: + fail-fast: false + matrix: + include: + - python_ver: 3.12.11 + tests: >- + test_ssl + test.test_asyncio.test_ssl + test.test_asyncio.test_sslproto + test_hashlib + test_hmac + test_secrets + test_ftplib + test_imaplib + test_poplib + test_smtplib + test_httplib + test_urllib2_localnet + test_xmlrpc + test_docxmlrpc + - python_ver: 3.13.4 + tests: >- + test_ssl + test.test_asyncio.test_ssl + test.test_asyncio.test_sslproto + test_hashlib + test_hmac + test_secrets + test_ftplib + test_imaplib + test_poplib + test_smtplib + test_httplib + test_urllib2_localnet + test_xmlrpc + test_docxmlrpc + - python_ver: 3.13.7 + tests: >- + test_ssl + test.test_asyncio.test_ssl + test.test_asyncio.test_sslproto + test_hashlib + test_hmac + test_secrets + test_ftplib + test_imaplib + test_poplib + test_smtplib + test_httplib + test_urllib2_localnet + test_xmlrpc + test_docxmlrpc + name: Python ${{ matrix.python_ver }} + if: github.repository_owner == 'wolfssl' + runs-on: ubuntu-24.04 + timeout-minutes: 60 + needs: build_wolfssl + steps: + - name: Install dependencies + run: | + sudo apt-get update + sudo apt-get install -y \ + build-essential autoconf automake autoconf-archive pkgconf \ + libffi-dev libbz2-dev libreadline-dev libsqlite3-dev \ + zlib1g-dev libncursesw5-dev libgdbm-dev libnss3-dev \ + liblzma-dev uuid-dev pkg-config + + - name: Download wolfSSL + uses: actions/download-artifact@v4 + with: + name: wolf-install-python + + - name: Untar wolfSSL build + run: tar -xf build-dir.tgz + + - name: Checkout OSP + uses: actions/checkout@v4 + with: + repository: wolfssl/osp + path: osp + + - name: Checkout CPython + uses: actions/checkout@v4 + with: + repository: python/cpython + ref: v${{ matrix.python_ver }} + path: cpython + + - name: Apply wolfSSL patch + working-directory: cpython + run: patch -p1 < $GITHUB_WORKSPACE/osp/Python/wolfssl-python-${{ matrix.python_ver }}.patch + + - name: Build CPython and run SSL and crypto tests + working-directory: cpython + run: | + export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH + rm -f aclocal.m4 + autoreconf -if + ./configure --with-wolfssl=$GITHUB_WORKSPACE/build-dir + make -j test TESTOPTS="-v ${{ matrix.tests }}" diff --git a/.github/workflows/softhsm.yml b/.github/workflows/softhsm.yml index 593cd69135..ea9b3e5aa4 100644 --- a/.github/workflows/softhsm.yml +++ b/.github/workflows/softhsm.yml @@ -25,7 +25,7 @@ jobs: uses: wolfSSL/actions-build-autotools-project@v1 with: path: wolfssl - configure: --enable-all CFLAGS=-DRSA_MIN_SIZE=1024 + configure: --enable-all --disable-oldnames CFLAGS=-DRSA_MIN_SIZE=1024 install: true check: false diff --git a/configure.ac b/configure.ac index c3cbbb5be6..41be187d7d 100644 --- a/configure.ac +++ b/configure.ac @@ -1300,9 +1300,6 @@ then test "$enable_openvpn" = "" && enable_openvpn=yes test "$enable_asio" = "" && enable_asio=yes test "$enable_libwebsockets" = "" && enable_libwebsockets=yes - if test "$ENABLED_FIPS" = "no" || test "$HAVE_FIPS_VERSION" -le 5; then - test "$enable_qt" = "" && enable_qt=yes - fi fi fi diff --git a/src/internal.c b/src/internal.c index 2034f107d8..afd9bfc79c 100644 --- a/src/internal.c +++ b/src/internal.c @@ -26278,6 +26278,11 @@ int SendData(WOLFSSL* ssl, const void* data, size_t sz) if (sent == (word32)sz) break; buffSz = (word32)sz - sent; + { + int maxFrag = wolfSSL_GetMaxFragSize(ssl); + if (maxFrag > 0 && (int)buffSz > maxFrag) + buffSz = (word32)maxFrag; + } outputSz = wolfssl_local_GetRecordSize(ssl, (word32)buffSz, 1); #if defined(WOLFSSL_DTLS) if (ssl->options.dtls) { diff --git a/src/ocsp.c b/src/ocsp.c index ce42b4d65a..bf37e3c012 100644 --- a/src/ocsp.c +++ b/src/ocsp.c @@ -2007,7 +2007,6 @@ int wolfSSL_OCSP_id_get0_info(WOLFSSL_ASN1_STRING **name, (size_t)cid->status->serialSz); ser->length = i + cid->status->serialSz; #endif - cid->status->serialInt = ser; *serial = ser; } diff --git a/src/ssl.c b/src/ssl.c index 8f693bba1b..2979f321a0 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -10457,8 +10457,7 @@ const char* wolfSSL_CIPHER_get_name(const WOLFSSL_CIPHER* cipher) return NULL; } - #if !defined(WOLFSSL_CIPHER_INTERNALNAME) && !defined(NO_ERROR_STRINGS) && \ - !defined(WOLFSSL_QT) + #if !defined(WOLFSSL_CIPHER_INTERNALNAME) && !defined(NO_ERROR_STRINGS) return GetCipherNameIana(cipher->cipherSuite0, cipher->cipherSuite); #else return wolfSSL_get_cipher_name_from_suite(cipher->cipherSuite0, @@ -16022,9 +16021,8 @@ static WC_INLINE int sslCipherMinMaxCheck(const WOLFSSL *ssl, byte suite0, */ WOLF_STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl) { - WOLF_STACK_OF(WOLFSSL_CIPHER)* ret = NULL; const Suites* suites; -#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) +#if defined(OPENSSL_ALL) const CipherSuiteInfo* cipher_names = GetCipherNames(); int cipherSz = GetCipherNamesSize(); #endif @@ -16040,15 +16038,20 @@ WOLF_STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl) /* check if stack needs populated */ if (ssl->suitesStack == NULL) { int i; -#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) - int j; + + ((WOLFSSL*)ssl)->suitesStack = + wolfssl_sk_new_type_ex(STACK_TYPE_CIPHER, ssl->heap); + if (ssl->suitesStack == NULL) + return NULL; /* higher priority of cipher suite will be on top of stack */ - for (i = suites->suiteSz - 2; i >=0; i-=2) { +#if defined(OPENSSL_ALL) + for (i = suites->suiteSz - 2; i >=0; i-=2) #else - for (i = 0; i < suites->suiteSz; i+=2) { + for (i = 0; i < suites->suiteSz; i+=2) #endif - WOLFSSL_STACK* add; + { + struct WOLFSSL_CIPHER cipher; /* A couple of suites are placeholders for special options, * skip those. */ @@ -16058,39 +16061,30 @@ WOLF_STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl) continue; } - add = wolfSSL_sk_new_node(ssl->heap); - if (add != NULL) { - add->type = STACK_TYPE_CIPHER; - add->data.cipher.cipherSuite0 = suites->suites[i]; - add->data.cipher.cipherSuite = suites->suites[i+1]; - add->data.cipher.ssl = ssl; -#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) + XMEMSET(&cipher, 0, sizeof(cipher)); + cipher.cipherSuite0 = suites->suites[i]; + cipher.cipherSuite = suites->suites[i+1]; + cipher.ssl = ssl; +#if defined(OPENSSL_ALL) + cipher.in_stack = 1; + { + int j; for (j = 0; j < cipherSz; j++) { - if (cipher_names[j].cipherSuite0 == - add->data.cipher.cipherSuite0 && - cipher_names[j].cipherSuite == - add->data.cipher.cipherSuite) { - add->data.cipher.offset = (unsigned long)j; + if (cipher_names[j].cipherSuite0 == cipher.cipherSuite0 && + cipher_names[j].cipherSuite == cipher.cipherSuite) { + cipher.offset = (unsigned long)j; break; } } + } #endif - #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) - /* in_stack is checked in wolfSSL_CIPHER_description */ - add->data.cipher.in_stack = 1; - #endif - - add->next = ret; - if (ret != NULL) { - add->num = ret->num + 1; - } - else { - add->num = 1; - } - ret = add; + if (wolfSSL_sk_insert(ssl->suitesStack, &cipher, 0) <= 0) { + WOLFSSL_MSG("Error inserting cipher onto stack"); + wolfSSL_sk_CIPHER_free(ssl->suitesStack); + ((WOLFSSL*)ssl)->suitesStack = NULL; + break; } } - ((WOLFSSL*)ssl)->suitesStack = ret; } return ssl->suitesStack; } diff --git a/src/ssl_sk.c b/src/ssl_sk.c index a8cf68d52e..31fa966e2d 100644 --- a/src/ssl_sk.c +++ b/src/ssl_sk.c @@ -113,24 +113,6 @@ WOLFSSL_STACK* wolfSSL_sk_get_node(WOLFSSL_STACK* stack, int idx) #endif /* !NO_CERT && OPENSSL_EXTRA*/ #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) -/* Copy all fields from src into dst. - * - * Shallow copy only. - * - * @param [in, out] dst Node to copy into. - * @param [in] src Node to copy. - */ -static void wolfssl_sk_node_copy(WOLFSSL_STACK* dst, WOLFSSL_STACK* src) -{ - dst->data.generic = src->data.generic; - dst->next = src->next; -#ifdef OPENSSL_ALL - dst->hash_fn = src->hash_fn; - dst->hash = src->hash; -#endif - dst->type = src->type; - dst->num = src->num; -} #ifndef NO_CERTS /* Get data pointer from node. @@ -188,13 +170,12 @@ static void wolfssl_sk_node_set_data(WOLFSSL_STACK* node, WOLF_STACK_TYPE type, { switch (type) { case STACK_TYPE_CIPHER: -#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) node->data.cipher = *(WOLFSSL_CIPHER*)data; - if (node->hash_fn != NULL) { +#ifdef OPENSSL_ALL + if (node->hash_fn != NULL) node->hash = node->hash_fn(&node->data.cipher); - } - break; #endif + break; case STACK_TYPE_X509: case STACK_TYPE_GEN_NAME: case STACK_TYPE_BIO: @@ -331,7 +312,7 @@ void* wolfSSL_sk_pop_node(WOLFSSL_STACK* stack, int idx) if (stack->next) { /* Keep the first node as it is the pointer passed in. */ tmp = stack->next; - wolfssl_sk_node_copy(stack, stack->next); + XMEMCPY(stack, stack->next, sizeof(WOLFSSL_STACK)); wolfSSL_sk_free_node(tmp); } } @@ -374,7 +355,12 @@ void* wolfSSL_sk_pop_node(WOLFSSL_STACK* stack, int idx) */ WOLFSSL_STACK* wolfssl_sk_new_type(WOLF_STACK_TYPE type) { - WOLFSSL_STACK* stack = wolfSSL_sk_new_node(NULL); + return wolfssl_sk_new_type_ex(type, NULL); +} + +WOLFSSL_STACK* wolfssl_sk_new_type_ex(WOLF_STACK_TYPE type, void* heap) +{ + WOLFSSL_STACK* stack = wolfSSL_sk_new_node(heap); if (stack != NULL) { stack->type = type; } @@ -546,7 +532,7 @@ WOLFSSL_STACK* wolfSSL_sk_dup(WOLFSSL_STACK* stack) /* Update last node in linked list. */ last = cur; - wolfssl_sk_node_copy(cur, stack); + XMEMCPY(cur, stack, sizeof(WOLFSSL_STACK)); /* We will allocate new memory for this */ XMEMSET(&cur->data, 0, sizeof(cur->data)); cur->next = NULL; @@ -588,7 +574,7 @@ WOLFSSL_STACK* wolfSSL_shallow_sk_dup(WOLFSSL_STACK* stack) break; } - wolfssl_sk_node_copy(cur, stack); + XMEMCPY(cur, stack, sizeof(WOLFSSL_STACK)); cur->next = NULL; *prev = cur; @@ -756,7 +742,7 @@ int wolfSSL_sk_insert(WOLFSSL_STACK *stack, const void *data, int idx) if (idx == 0) { /* Special case where we need to change the values in the head * element to avoid changing the initial pointer. */ - wolfssl_sk_node_copy(node, stack); + XMEMCPY(node, stack, sizeof(WOLFSSL_STACK)); wolfssl_sk_node_set_data(stack, stack->type, data); stack->num++; stack->next = node; diff --git a/src/x509.c b/src/x509.c index fd46e89c40..18de5f759c 100644 --- a/src/x509.c +++ b/src/x509.c @@ -661,17 +661,25 @@ static int DNS_to_GENERAL_NAME(WOLFSSL_GENERAL_NAME* gn, DNS_entry* dns) if (gn->d.registeredID == NULL) { return WOLFSSL_FAILURE; } - gn->d.registeredID->obj = (const unsigned char*)XMALLOC(dns->len, - gn->d.registeredID->heap, DYNAMIC_TYPE_ASN1); - if (gn->d.registeredID->obj == NULL) { - /* registeredID gets free'd up by caller after failure */ - return WOLFSSL_FAILURE; + { + /* Store DER-encoded OID (tag + length + content) in obj */ + word32 derSz = 1 + SetLength(dns->len, NULL) + dns->len; + byte* der = (byte*)XMALLOC(derSz, + gn->d.registeredID->heap, DYNAMIC_TYPE_ASN1); + if (der == NULL) { + return WOLFSSL_FAILURE; + } + { + word32 idx = 0; + der[idx++] = ASN_OBJECT_ID; + idx += SetLength(dns->len, der + idx); + XMEMCPY(der + idx, dns->name, dns->len); + } + gn->d.registeredID->obj = der; + gn->d.registeredID->objSz = derSz; } gn->d.registeredID->dynamic |= WOLFSSL_ASN1_DYNAMIC_DATA; - XMEMCPY((byte*)gn->d.registeredID->obj, dns->ridString, dns->len); - gn->d.registeredID->objSz = dns->len; gn->d.registeredID->grp = oidCertExtType; - gn->d.registeredID->nid = WC_NID_registeredAddress; break; #endif @@ -2533,19 +2541,28 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c, if (gn->d.registeredID == NULL) { goto err; } - gn->d.registeredID->obj = - (const unsigned char*)XMALLOC(dns->len, - gn->d.registeredID->heap, DYNAMIC_TYPE_ASN1); - if (gn->d.registeredID->obj == NULL) { - goto err; + { + /* Store DER-encoded OID (tag+length+content) */ + word32 derSz = 1 + SetLength(dns->len, NULL) + + dns->len; + byte* der = (byte*)XMALLOC(derSz, + gn->d.registeredID->heap, + DYNAMIC_TYPE_ASN1); + if (der == NULL) { + goto err; + } + { + word32 derIdx = 0; + der[derIdx++] = ASN_OBJECT_ID; + derIdx += SetLength(dns->len, der + derIdx); + XMEMCPY(der + derIdx, dns->name, dns->len); + } + gn->d.registeredID->obj = der; + gn->d.registeredID->objSz = derSz; } gn->d.registeredID->dynamic |= WOLFSSL_ASN1_DYNAMIC_DATA; - XMEMCPY((byte*)gn->d.registeredID->obj, - dns->ridString, dns->len); - gn->d.registeredID->objSz = dns->len; gn->d.registeredID->grp = oidCertExtType; - gn->d.registeredID->nid = WC_NID_registeredAddress; break; #endif /* WOLFSSL_RID_ALT_NAME */ diff --git a/tests/api.c b/tests/api.c index 0cda4e114a..8ab7009ca7 100644 --- a/tests/api.c +++ b/tests/api.c @@ -13582,8 +13582,7 @@ static int test_wolfSSL_get_client_ciphers_on_result(WOLFSSL* ssl) { ExpectIntEQ(sk_SSL_CIPHER_num(ciphers), 1); current = sk_SSL_CIPHER_value(ciphers, 0); ExpectNotNull(current); - #if !defined(WOLFSSL_CIPHER_INTERNALNAME) && !defined(NO_ERROR_STRINGS) && \ - !defined(WOLFSSL_QT) + #if !defined(WOLFSSL_CIPHER_INTERNALNAME) && !defined(NO_ERROR_STRINGS) ExpectStrEQ("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", SSL_CIPHER_get_name(current)); #else @@ -25561,7 +25560,7 @@ static int test_wolfSSL_crypto_policy_ciphers(void) /* We return a different cipher string depending on build settings. */ #if !defined(WOLFSSL_CIPHER_INTERNALNAME) && \ - !defined(NO_ERROR_STRINGS) && !defined(WOLFSSL_QT) + !defined(NO_ERROR_STRINGS) found = crypto_policy_cipher_found(ssl, "AES_128", 0); ExpectIntEQ(found, !is_future); diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index cc2bb3a73b..ac212a1c1d 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -5818,11 +5818,19 @@ void wolfSSL_EVP_init(void) case WC_HASH_TYPE_MD5_SHA: case WC_HASH_TYPE_BLAKE2B: case WC_HASH_TYPE_BLAKE2S: + ret = BAD_FUNC_ARG; + break; #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE128) case WC_HASH_TYPE_SHAKE128: + ret = wc_Shake128_Copy((wc_Shake*)&src->hash.digest.shake, + (wc_Shake*)&des->hash.digest.shake); + break; #endif #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256) case WC_HASH_TYPE_SHAKE256: + ret = wc_Shake256_Copy((wc_Shake*)&src->hash.digest.shake, + (wc_Shake*)&des->hash.digest.shake); + break; #endif default: ret = BAD_FUNC_ARG; @@ -10861,6 +10869,22 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) ret = WOLFSSL_FAILURE; } } else + #endif + #ifdef HAVE_BLAKE2 + if (XSTRCMP(md, WC_SN_blake2b512) == 0) { + if (wc_InitBlake2b(&ctx->hash.digest.blake2b, + WC_BLAKE2B_DIGEST_SIZE) != 0) { + ret = WOLFSSL_FAILURE; + } + } else + #endif + #ifdef HAVE_BLAKE2S + if (XSTRCMP(md, WC_SN_blake2s256) == 0) { + if (wc_InitBlake2s(&ctx->hash.digest.blake2s, + WC_BLAKE2S_DIGEST_SIZE) != 0) { + ret = WOLFSSL_FAILURE; + } + } else #endif { ctx->macType = WC_HASH_TYPE_NONE; @@ -10996,12 +11020,32 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) ret = WOLFSSL_SUCCESS; } break; + #endif + #ifdef HAVE_BLAKE2 + case WC_HASH_TYPE_BLAKE2B: + if (wc_Blake2bUpdate(&ctx->hash.digest.blake2b, + (const byte*)data, (word32)sz) == 0) { + ret = WOLFSSL_SUCCESS; + } + break; + #endif + #ifdef HAVE_BLAKE2S + case WC_HASH_TYPE_BLAKE2S: + if (wc_Blake2sUpdate(&ctx->hash.digest.blake2s, + (const byte*)data, (word32)sz) == 0) { + ret = WOLFSSL_SUCCESS; + } + break; #endif case WC_HASH_TYPE_NONE: case WC_HASH_TYPE_MD2: case WC_HASH_TYPE_MD5_SHA: + #ifndef HAVE_BLAKE2 case WC_HASH_TYPE_BLAKE2B: + #endif + #ifndef HAVE_BLAKE2S case WC_HASH_TYPE_BLAKE2S: + #endif default: return WOLFSSL_FAILURE; } @@ -11126,12 +11170,34 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) ret = WOLFSSL_SUCCESS; } break; + #endif + #ifdef HAVE_BLAKE2 + case WC_HASH_TYPE_BLAKE2B: + if (wc_Blake2bFinal(&ctx->hash.digest.blake2b, md, + WC_BLAKE2B_DIGEST_SIZE) == 0) { + if (s) *s = WC_BLAKE2B_DIGEST_SIZE; + ret = WOLFSSL_SUCCESS; + } + break; + #endif + #ifdef HAVE_BLAKE2S + case WC_HASH_TYPE_BLAKE2S: + if (wc_Blake2sFinal(&ctx->hash.digest.blake2s, md, + WC_BLAKE2S_DIGEST_SIZE) == 0) { + if (s) *s = WC_BLAKE2S_DIGEST_SIZE; + ret = WOLFSSL_SUCCESS; + } + break; #endif case WC_HASH_TYPE_NONE: case WC_HASH_TYPE_MD2: case WC_HASH_TYPE_MD5_SHA: + #ifndef HAVE_BLAKE2 case WC_HASH_TYPE_BLAKE2B: + #endif + #ifndef HAVE_BLAKE2S case WC_HASH_TYPE_BLAKE2S: + #endif default: return WOLFSSL_FAILURE; } @@ -11166,12 +11232,22 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) case WC_HASH_TYPE_SHA3_512: #ifdef WOLFSSL_SM3 case WC_HASH_TYPE_SM3: + #endif + #ifdef HAVE_BLAKE2 + case WC_HASH_TYPE_BLAKE2B: + #endif + #ifdef HAVE_BLAKE2S + case WC_HASH_TYPE_BLAKE2S: #endif case WC_HASH_TYPE_NONE: case WC_HASH_TYPE_MD2: case WC_HASH_TYPE_MD5_SHA: + #ifndef HAVE_BLAKE2 case WC_HASH_TYPE_BLAKE2B: + #endif + #ifndef HAVE_BLAKE2S case WC_HASH_TYPE_BLAKE2S: + #endif break; #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE128) @@ -11361,6 +11437,16 @@ int wolfSSL_EVP_MD_block_size(const WOLFSSL_EVP_MD* type) return WC_SHA3_512_BLOCK_SIZE; } else #endif +#if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE128) + if (XSTRCMP(type, WC_SN_shake128) == 0) { + return WC_SHA3_128_BLOCK_SIZE; + } else +#endif +#if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256) + if (XSTRCMP(type, WC_SN_shake256) == 0) { + return WC_SHA3_256_BLOCK_SIZE; + } else +#endif #endif /* WOLFSSL_SHA3 */ #ifdef WOLFSSL_SM3 if (XSTRCMP(type, WC_SN_sm3) == 0) { diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 18d7d10213..f39be10e2f 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -7340,6 +7340,8 @@ WOLFSSL_LOCAL void* wolfssl_sk_pop_type(WOLFSSL_STACK* sk, WOLF_STACK_TYPE type); WOLFSSL_LOCAL void* wolfSSL_sk_pop_node(WOLFSSL_STACK* sk, int idx); WOLFSSL_LOCAL WOLFSSL_STACK* wolfssl_sk_new_type(WOLF_STACK_TYPE type); +WOLFSSL_LOCAL WOLFSSL_STACK* wolfssl_sk_new_type_ex(WOLF_STACK_TYPE type, + void* heap); WOLFSSL_LOCAL int wolfssl_asn1_obj_set(WOLFSSL_ASN1_OBJECT* obj, const byte* der, word32 len, int addHdr); diff --git a/wolfssl/openssl/evp.h b/wolfssl/openssl/evp.h index dc6394cdff..f4ee44cd00 100644 --- a/wolfssl/openssl/evp.h +++ b/wolfssl/openssl/evp.h @@ -61,6 +61,9 @@ #ifdef WOLFSSL_SM3 #include #endif +#if defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S) + #include +#endif #ifdef WOLFSSL_SM4 #include #endif @@ -224,6 +227,12 @@ typedef union { #if defined(WOLFSSL_SHAKE128) || defined(WOLFSSL_SHAKE256) wc_Shake shake; #endif + #ifdef HAVE_BLAKE2 + Blake2b blake2b; + #endif + #ifdef HAVE_BLAKE2S + Blake2s blake2s; + #endif } WOLFSSL_Hasher;