From e7153e243302a170a603658ce0cb4b19e6050c2c Mon Sep 17 00:00:00 2001 From: Kareem Date: Mon, 11 May 2026 15:26:57 -0700 Subject: [PATCH 1/5] Send correct alert type when server requests certificate and client has none set. Thanks to Cal Page for the report. --- src/tls13.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/tls13.c b/src/tls13.c index 794e3e068d..e2d69c9f60 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -6139,7 +6139,10 @@ static int DoTls13CertificateRequest(WOLFSSL* ssl, const byte* input, ssl->options.sendVerify = SEND_BLANK_CERT; #else WOLFSSL_MSG("Certificate required but none set on client"); - SendAlert(ssl, alert_fatal, illegal_parameter); + /* RFC 8446 Section 4.4.2.4: send certificate_required when a + * peer (here, the client) cannot provide a certificate that the + * other peer required. */ + SendAlert(ssl, alert_fatal, certificate_required); WOLFSSL_ERROR_VERBOSE(NO_CERT_ERROR); return NO_CERT_ERROR; #endif From 9a0e0f3fd3ce46de6f83463c3fa44c053de0a0f6 Mon Sep 17 00:00:00 2001 From: Kareem Date: Mon, 11 May 2026 15:44:34 -0700 Subject: [PATCH 2/5] Prevent building with RNG disabled and RSA blinding enabled by default. Fixes F-2624. --- .wolfssl_known_macro_extras | 1 + wolfssl/wolfcrypt/settings.h | 13 +++++++++++++ 2 files changed, 14 insertions(+) diff --git a/.wolfssl_known_macro_extras b/.wolfssl_known_macro_extras index 583422bea4..68c5379765 100644 --- a/.wolfssl_known_macro_extras +++ b/.wolfssl_known_macro_extras @@ -672,6 +672,7 @@ WC_RNG_BANK_NO_DEFAULT_SUPPORT WC_RNG_BLOCKING WC_RSA_NONBLOCK_TIME WC_RSA_NO_FERMAT_CHECK +WC_RSA_NO_RNG_ACKNOWLEDGE_WEAKNESS WC_RWLOCK_OPS_INLINE WC_SKIP_INCLUDED_C_FILES WC_SLHDSA_KERNEL_ASM diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 12f25cc534..7deb294b5a 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -4222,6 +4222,19 @@ extern void uITRON4_free(void *p) ; #endif #endif +/* WC_NO_RNG silently removes RSA blinding, as blinding depends on the RNG. + * Refuse to build until the conflict is resolved or the loss of hardening is + * explicitly acknowledged via WC_RSA_NO_RNG_ACKNOWLEDGE_WEAKNESS. */ +#if defined(WC_NO_RNG) && defined(WC_RSA_BLINDING) && !defined(NO_RSA) && \ + !defined(WC_RSA_NO_RNG_ACKNOWLEDGE_WEAKNESS) + #error "WC_NO_RNG combined with WC_RSA_BLINDING silently disables RSA \ +blinding as well as OAEP and PSS padding support, weakening RSA against \ +side-channel and chosen-ciphertext attacks. Resolve the conflict by \ +removing WC_NO_RNG, undefining WC_RSA_BLINDING, or defining NO_RSA. \ +To proceed anyway and accept the loss of RSA hardening, \ +define WC_RSA_NO_RNG_ACKNOWLEDGE_WEAKNESS." +#endif + #ifdef OPENSSL_COEXIST /* make sure old names are disabled */ #ifndef NO_OLD_SSL_NAMES From fbc236872178ec7f2a1fb98ee6a9a12d28993ed3 Mon Sep 17 00:00:00 2001 From: Kareem Date: Mon, 11 May 2026 15:56:33 -0700 Subject: [PATCH 3/5] Extend check to cover ECC and Curve25519 blinding + no RNG as well. --- wolfssl/wolfcrypt/settings.h | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 7deb294b5a..c433dcb4de 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -4202,7 +4202,8 @@ extern void uITRON4_free(void *p) ; #if defined(HAVE_CURVE25519) && !defined(CURVE25519_SMALL) && \ !defined(FREESCALE_LTC_ECC) && !defined(WOLFSSL_ARMASM) && \ (!defined(USE_INTEL_SPEEDUP) || defined(NO_CURVED25519_X64)) && \ - !defined(WOLFSSL_CURVE25519_BLINDING) && !defined(NO_CURVE25519_BLINDING) + !defined(WOLFSSL_CURVE25519_BLINDING) && !defined(NO_CURVE25519_BLINDING) \ + && !defined(WC_NO_RNG) #define WOLFSSL_CURVE25519_BLINDING #endif @@ -4225,14 +4226,14 @@ extern void uITRON4_free(void *p) ; /* WC_NO_RNG silently removes RSA blinding, as blinding depends on the RNG. * Refuse to build until the conflict is resolved or the loss of hardening is * explicitly acknowledged via WC_RSA_NO_RNG_ACKNOWLEDGE_WEAKNESS. */ -#if defined(WC_NO_RNG) && defined(WC_RSA_BLINDING) && !defined(NO_RSA) && \ - !defined(WC_RSA_NO_RNG_ACKNOWLEDGE_WEAKNESS) - #error "WC_NO_RNG combined with WC_RSA_BLINDING silently disables RSA \ -blinding as well as OAEP and PSS padding support, weakening RSA against \ -side-channel and chosen-ciphertext attacks. Resolve the conflict by \ -removing WC_NO_RNG, undefining WC_RSA_BLINDING, or defining NO_RSA. \ -To proceed anyway and accept the loss of RSA hardening, \ -define WC_RSA_NO_RNG_ACKNOWLEDGE_WEAKNESS." +#if defined(WC_NO_RNG) && ((defined(WC_RSA_BLINDING) && !defined(NO_RSA)) || \ + (defined(HAVE_CURVE25519) && defined(WOLFSSL_CURVE25519_BLINDING)) || \ + (defined(HAVE_ECC) && defined(WOLFSSL_ECC_BLIND_K))) && \ + !defined(WC_BLINDING_NO_RNG_ACKNOWLEDGE_WEAKNESS) + #error "Blinding is enabled but the RNG is disabled. Either remove \ +WC_NO_RNG to enable the RNG, disable blinding by removing WC_RSA_BLINDING/\ +WOLFSSL_CURVE25519_BLINDING/WOLFSSL_ECC_BLIND_K, or acknowledge the loss of \ +blinding by defining WC_BLINDING_NO_RNG_ACKNOWLEDGE_WEAKNESS." #endif #ifdef OPENSSL_COEXIST From caac4f29b3a852319bcdd8d929d0137083b790a2 Mon Sep 17 00:00:00 2001 From: Kareem Date: Mon, 11 May 2026 16:25:57 -0700 Subject: [PATCH 4/5] Require that the AES CMAC mac size is inside of the range [WC_CMAC_TAG_MIN_SZ, WC_AES_BLOCK_SIZE]. Fixes F-3084. --- doc/dox_comments/header_files/cmac.h | 21 +- doc/formats/html/doxygen_warnings | 314 +++++++++++++++++++++++++++ tests/api/test_cmac.c | 40 ++++ wolfcrypt/src/cmac.c | 23 +- 4 files changed, 381 insertions(+), 17 deletions(-) create mode 100644 doc/formats/html/doxygen_warnings diff --git a/doc/dox_comments/header_files/cmac.h b/doc/dox_comments/header_files/cmac.h index 4de7810a8a..1c6de51423 100644 --- a/doc/dox_comments/header_files/cmac.h +++ b/doc/dox_comments/header_files/cmac.h @@ -174,8 +174,11 @@ int wc_AesCmacGenerate(byte* out, word32* outSz, \ingroup CMAC \brief Single shot function for validating a CMAC \return 0 on success - \param check CMAC value to verify - \param checkSz size of check buffer + \return BAD_FUNC_ARG if parameters are invalid + \return MAC_CMP_FAILED_E if the supplied tag does not match + \param check Expected MAC value to verify + \param checkSz size of expected MAC value; must be in + [\c WC_CMAC_TAG_MIN_SZ, \c WC_AES_BLOCK_SIZE] \param in input data to process \param inSz size of input data \param key key pointer @@ -211,10 +214,8 @@ int wc_CMAC_Grow(Cmac* cmac, const byte* in, int inSz); \ingroup CMAC \brief Single shot AES-CMAC generation with extended parameters including heap and device ID. - \return 0 on success \return BAD_FUNC_ARG if parameters are invalid - \param cmac Pointer to Cmac structure (can be NULL for one-shot) \param out Buffer to store MAC output \param outSz Pointer to output size (in/out) @@ -249,14 +250,13 @@ int wc_AesCmacGenerate_ex(Cmac *cmac, byte* out, word32* outSz, \ingroup CMAC \brief Single shot AES-CMAC verification with extended parameters including heap and device ID. - \return 0 on success \return BAD_FUNC_ARG if parameters are invalid \return MAC_CMP_FAILED_E if MAC verification fails - - \param cmac Pointer to Cmac structure (can be NULL for one-shot) + \param cmac Pointer to Cmac structure \param check Expected MAC value to verify - \param checkSz Size of expected MAC + \param checkSz Size of expected MAC; must be in + [\c WC_CMAC_TAG_MIN_SZ, \c WC_AES_BLOCK_SIZE] \param in Input data to authenticate \param inSz Length of input data \param key AES key @@ -267,10 +267,11 @@ int wc_AesCmacGenerate_ex(Cmac *cmac, byte* out, word32* outSz, _Example_ \code - byte mac[AES_BLOCK_SIZE]; + Cmac cmac; + byte mac[WC_AES_BLOCK_SIZE]; byte key[16], msg[64]; - int ret = wc_AesCmacVerify_ex(NULL, mac, sizeof(mac), msg, + int ret = wc_AesCmacVerify_ex(&cmac, mac, sizeof(mac), msg, sizeof(msg), key, sizeof(key), NULL, INVALID_DEVID); if (ret == MAC_CMP_FAILED_E) { diff --git a/doc/formats/html/doxygen_warnings b/doc/formats/html/doxygen_warnings new file mode 100644 index 0000000000..2938e104fa --- /dev/null +++ b/doc/formats/html/doxygen_warnings @@ -0,0 +1,314 @@ +warning: source '../../mainpage.dox' is not a readable file or directory... skipping. +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ascon.h:572: warning: no matching file member found for +wc_AsconAEAD128 * wc_AsconAEAD128_New(void) +Possible candidates: + 'wc_AsconAEAD128 * wc_AsconAEAD128_New(void)' at line 110 of file /home/work/wkdir/wolfssl/doc/dox_comments/header_files/ascon.h +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ssl.h:5565: warning: no matching file member found for +long wolfSSL_CTX_set_tlsext_status_arg(WOLFSSL_CTX *ctx, void *arg) +Possible candidates: + 'long wolfSSL_CTX_set_tlsext_status_arg(WOLFSSL_CTX *ctx, void *arg)' at line 5462 of file /home/work/wkdir/wolfssl/doc/dox_comments/header_files/ssl.h +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/wolfio.h:1376: warning: no matching file member found for +void * wolfSSL_GetCookieCtx(WOLFSSL *ssl) +Possible candidates: + 'void * wolfSSL_GetCookieCtx(WOLFSSL *ssl)' at line 539 of file /home/work/wkdir/wolfssl/doc/dox_comments/header_files/wolfio.h +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ascon.h:65: warning: The following parameters of wc_AsconHash256_Final(wc_AsconHash256 *a, byte *hash) are not documented: + parameter 'a' + parameter 'hash' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ascon.h:34: warning: The following parameters of wc_AsconHash256_Update(wc_AsconHash256 *a, const byte *data, word32 dataSz) are not documented: + parameter 'a' + parameter 'data' + parameter 'dataSz' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/cryptocb.h:8: warning: The following parameter of wc_CryptoCb_RegisterDevice(int devId, CryptoDevCallbackFunc cb, void *ctx) is not documented: + parameter 'ctx' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/quic.h:555: warning: The following parameter of wolfSSL_quic_aead_decrypt(uint8_t *dest, WOLFSSL_EVP_CIPHER_CTX *ctx, const uint8_t *enc, size_t enclen, const uint8_t *iv, const uint8_t *aad, size_t aadlen) is not documented: + parameter 'enclen' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/quic.h:428: warning: The following parameter of wolfSSL_quic_aead_is_ccm(const WOLFSSL_EVP_CIPHER *aead_cipher) is not documented: + parameter 'aead_cipher' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/quic.h:449: warning: The following parameter of wolfSSL_quic_aead_is_chacha20(const WOLFSSL_EVP_CIPHER *aead_cipher) is not documented: + parameter 'aead_cipher' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/quic.h:407: warning: The following parameter of wolfSSL_quic_aead_is_gcm(const WOLFSSL_EVP_CIPHER *aead_cipher) is not documented: + parameter 'aead_cipher' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/quic.h:470: warning: The following parameter of wolfSSL_quic_get_aead_tag_len(const WOLFSSL_EVP_CIPHER *aead_cipher) is not documented: + parameter 'aead_cipher' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/quic.h:217: warning: The following parameter of wolfSSL_set_quic_transport_params(WOLFSSL *ssl, const uint8_t *params, size_t params_len) is not documented: + parameter 'params_len' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ssl.h:6130: warning: The following parameter of wolfSSL_CTX_set_psk_server_callback(WOLFSSL_CTX *ctx, wc_psk_server_callback cb) is not documented: + parameter 'ctx' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ssl.h:9505: warning: The following parameter of wolfSSL_CTX_SetEccSignCtx(WOLFSSL_CTX *ctx, void *userCtx) is not documented: + parameter 'userCtx' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ssl.h:11264: warning: The following parameter of wolfSSL_CTX_SetOCSP_Cb(WOLFSSL_CTX *ctx, CbOCSPIO ioCb, CbOCSPRespFree respFreeCb, void *ioCbCtx) is not documented: + parameter 'ctx' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ssl.h:15184: warning: The following parameters of wolfSSL_RSA_sign_generic_padding(int hashAlg, const unsigned char *hash, unsigned int hLen, unsigned char *sigRet, unsigned int *sigLen, WOLFSSL_RSA *rsa, int flag, int padding) are not documented: + parameter 'hashAlg' + parameter 'hash' + parameter 'hLen' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ssl.h:9419: warning: The following parameters of wolfSSL_SetTlsHmacInner(WOLFSSL *ssl, byte *inner, word32 sz, int content, int verify) are not documented: + parameter 'ssl' + parameter 'inner' + parameter 'sz' + parameter 'content' + parameter 'verify' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ssl.h:11566: warning: The following parameters of wolfSSL_SNI_GetFromBuffer(const unsigned char *clientHello, unsigned int helloSz, unsigned char type, unsigned char *sni, unsigned int *inOutSz) are not documented: + parameter 'clientHello' + parameter 'helloSz' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/wolfio.h:490: warning: The following parameter of wolfSSL_CTX_SetGenCookie(WOLFSSL_CTX *ctx, CallbackGenCookie cb) is not documented: + parameter 'ctx' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/wolfio.h:226: warning: The following parameter of wolfSSL_CTX_SetIORecv(WOLFSSL_CTX *ctx, CallbackIORecv CBIORecv) is not documented: + parameter 'CBIORecv' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/wolfio.h:261: warning: The following parameter of wolfSSL_SetIOReadCtx(WOLFSSL *ssl, void *ctx) is not documented: + parameter 'ctx' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/wolfio.h:292: warning: The following parameter of wolfSSL_SetIOWriteCtx(WOLFSSL *ssl, void *ctx) is not documented: + parameter 'ctx' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/des3.h:165: warning: The following parameter of wc_Des3_EcbEncrypt(Des3 *des, byte *out, const byte *in, word32 sz) is not documented: + parameter 'des' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/des3.h:199: warning: The following parameter of wc_Des3_SetKey(Des3 *des, const byte *key, const byte *iv, int dir) is not documented: + parameter 'des' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/wc_encrypt.h:10: warning: The following parameter of wc_AesCbcDecryptWithKey(byte *out, const byte *in, word32 inSz, const byte *key, word32 keySz, const byte *iv) is not documented: + parameter 'iv' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/aes.h:618: warning: The following parameter of wc_AesCcmDecrypt(Aes *aes, byte *out, const byte *in, word32 inSz, const byte *nonce, word32 nonceSz, const byte *authTag, word32 authTagSz, const byte *authIn, word32 authInSz) is not documented: + parameter 'inSz' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/aes.h:567: warning: The following parameter of wc_AesCcmEncrypt(Aes *aes, byte *out, const byte *in, word32 inSz, const byte *nonce, word32 nonceSz, byte *authTag, word32 authTagSz, const byte *authIn, word32 authInSz) is not documented: + parameter 'inSz' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/aes.h:1713: warning: The following parameter of wc_AesEaxFree(AesEax *eax) is not documented: + parameter 'eax' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/chacha.h:41: warning: The following parameters of wc_Chacha_Process(ChaCha *ctx, byte *cipher, const byte *plain, word32 msglen) are not documented: + parameter 'cipher' + parameter 'plain' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/chacha20_poly1305.h:69: warning: The following parameters of wc_ChaCha20Poly1305_Decrypt(const byte inKey[CHACHA20_POLY1305_AEAD_KEYSIZE], const byte inIV[CHACHA20_POLY1305_AEAD_IV_SIZE], const byte *inAAD, word32 inAADLen, const byte *inCiphertext, word32 inCiphertextLen, const byte inAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE], byte *outPlaintext) are not documented: + parameter 'inIV' + parameter 'inCiphertextLen' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/chacha20_poly1305.h:9: warning: The following parameter of wc_ChaCha20Poly1305_Encrypt(const byte inKey[CHACHA20_POLY1305_AEAD_KEYSIZE], const byte inIV[CHACHA20_POLY1305_AEAD_IV_SIZE], const byte *inAAD, word32 inAADLen, const byte *inPlaintext, word32 inPlaintextLen, byte *outCiphertext, byte outAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]) is not documented: + parameter 'inIV' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/cmac.h:198: warning: The following parameter of wc_CMAC_Grow(Cmac *cmac, const byte *in, int inSz) is not documented: + parameter 'cmac' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ecc.h:2131: warning: The following parameter of wc_ecc_set_curve(ecc_key *key, int keysize, int curve_id) is not documented: + parameter 'key' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ecc.h:1578: warning: The following parameter of wc_ecc_sig_size_calc(int sz) is not documented: + parameter 'sz' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ecc.h:408: warning: The following parameter of wc_ecc_sign_hash(const byte *in, word32 inlen, byte *out, word32 *outlen, WC_RNG *rng, ecc_key *key) is not documented: + parameter 'rng' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/hmac.h:78: warning: The following parameter of wc_HmacFinal(Hmac *hmac, byte *out) is not documented: + parameter 'out' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/hmac.h:7: warning: The following parameter of wc_HmacSetKey(Hmac *hmac, int type, const byte *key, word32 keySz) is not documented: + parameter 'keySz' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/hmac.h:46: warning: The following parameters of wc_HmacUpdate(Hmac *hmac, const byte *in, word32 sz) are not documented: + parameter 'in' + parameter 'sz' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/hmac.h:539: warning: The following parameters of wc_Tls13_HKDF_Expand_Label(byte *okm, word32 okmLen, const byte *prk, word32 prkLen, const byte *protocol, word32 protocolLen, const byte *label, word32 labelLen, const byte *info, word32 infoLen, int digest) are not documented: + parameter 'label' + parameter 'labelLen' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/hmac.h:579: warning: The following parameters of wc_Tls13_HKDF_Expand_Label_Alloc(byte *okm, word32 okmLen, const byte *prk, word32 prkLen, const byte *protocol, word32 protocolLen, const byte *label, word32 labelLen, const byte *info, word32 infoLen, int digest, void *heap) are not documented: + parameter 'label' + parameter 'labelLen' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/hmac.h:498: warning: The following parameters of wc_Tls13_HKDF_Expand_Label_ex(byte *okm, word32 okmLen, const byte *prk, word32 prkLen, const byte *protocol, word32 protocolLen, const byte *label, word32 labelLen, const byte *info, word32 infoLen, int digest, void *heap, int devId) are not documented: + parameter 'label' + parameter 'labelLen' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/poly1305.h:70: warning: The following parameters of wc_Poly1305Final(Poly1305 *poly1305, byte *tag) are not documented: + parameter 'poly1305' + parameter 'tag' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/poly1305.h:8: warning: The following parameters of wc_Poly1305SetKey(Poly1305 *poly1305, const byte *key, word32 kySz) are not documented: + parameter 'poly1305' + parameter 'kySz' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/poly1305.h:36: warning: The following parameter of wc_Poly1305Update(Poly1305 *poly1305, const byte *m, word32 bytes) is not documented: + parameter 'poly1305' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/rsa.h:1440: warning: The following parameter of wc_RsaKeyToPublicDer_ex(RsaKey *key, byte *output, word32 inLen, int with_header) is not documented: + parameter 'with_header' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/rsa.h:880: warning: The following parameter of wc_RsaPSS_CheckPadding(const byte *in, word32 inLen, const byte *sig, word32 sigSz, enum wc_HashType hashType) is not documented: + parameter 'inLen' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/rsa.h:942: warning: The following parameter of wc_RsaPSS_CheckPadding_ex(const byte *in, word32 inLen, const byte *sig, word32 sigSz, enum wc_HashType hashType, int saltLen, int bits) is not documented: + parameter 'inLen' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/rsa.h:432: warning: The following parameter of wc_RsaPSS_Sign(const byte *in, word32 inLen, byte *out, word32 outLen, enum wc_HashType hash, int mgf, RsaKey *key, WC_RNG *rng) is not documented: + parameter 'rng' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/rsa.h:742: warning: The following parameter of wc_RsaPSS_VerifyCheckInline(byte *in, word32 inLen, byte **out, const byte *digest, word32 digentLen, enum wc_HashType hash, int mgf, RsaKey *key) is not documented: + parameter 'digentLen' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/rsa.h:810: warning: The following parameter of wc_RsaPSS_VerifyCheckInline_ex(byte *in, word32 inLen, byte **out, const byte *digest, word32 digentLen, enum wc_HashType hash, int mgf, int saltLen, RsaKey *key) is not documented: + parameter 'digentLen' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/rsa.h:317: warning: The following parameter of wc_RsaSSL_Sign(const byte *in, word32 inLen, byte *out, word32 outLen, RsaKey *key, WC_RNG *rng) is not documented: + parameter 'rng' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/sha256.h:7: warning: The following parameter of wc_InitSha256(wc_Sha256 *sha) is not documented: + parameter 'sha' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/sha512.h:99: warning: The following parameter of wc_InitSha384(wc_Sha384 *sha) is not documented: + parameter 'sha' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/sha3.h:7: warning: The following parameters of wc_InitSha3_224(wc_Sha3 *sha3, void *heap, int devId) are not documented: + parameter 'heap' + parameter 'devId' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/sha3.h:192: warning: The following parameters of wc_InitSha3_256(wc_Sha3 *sha3, void *heap, int devId) are not documented: + parameter 'heap' + parameter 'devId' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/sha3.h:377: warning: The following parameters of wc_InitSha3_384(wc_Sha3 *sha3, void *heap, int devId) are not documented: + parameter 'heap' + parameter 'devId' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/sha3.h:562: warning: The following parameters of wc_InitSha3_512(wc_Sha3 *sha3, void *heap, int devId) are not documented: + parameter 'heap' + parameter 'devId' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/sha512.h:7: warning: The following parameter of wc_InitSha512(wc_Sha512 *sha) is not documented: + parameter 'sha' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/sha3.h:747: warning: The following parameters of wc_InitShake128(wc_Shake *shake, void *heap, int devId) are not documented: + parameter 'heap' + parameter 'devId' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/sha3.h:1002: warning: The following parameters of wc_InitShake256(wc_Shake *shake, void *heap, int devId) are not documented: + parameter 'heap' + parameter 'devId' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/sha256.h:35: warning: The following parameter of wc_Sha256Update(wc_Sha256 *sha, const byte *data, word32 len) is not documented: + parameter 'sha' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/sha512.h:127: warning: The following parameter of wc_Sha384Update(wc_Sha384 *sha, const byte *data, word32 len) is not documented: + parameter 'sha' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/sha3.h:35: warning: The following parameter of wc_Sha3_224_Update(wc_Sha3 *sha, const byte *data, word32 len) is not documented: + parameter 'sha' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/sha3.h:220: warning: The following parameter of wc_Sha3_256_Update(wc_Sha3 *sha, const byte *data, word32 len) is not documented: + parameter 'sha' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/sha3.h:405: warning: The following parameter of wc_Sha3_384_Update(wc_Sha3 *sha, const byte *data, word32 len) is not documented: + parameter 'sha' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/sha3.h:590: warning: The following parameter of wc_Sha3_512_Update(wc_Sha3 *sha, const byte *data, word32 len) is not documented: + parameter 'sha' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/sha512.h:35: warning: The following parameter of wc_Sha512Update(wc_Sha512 *sha, const byte *data, word32 len) is not documented: + parameter 'sha' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/sha3.h:841: warning: The following parameter of wc_Shake128_Absorb(wc_Shake *sha, const byte *data, word32 len) is not documented: + parameter 'sha' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/sha3.h:971: warning: The following parameter of wc_Shake128_Copy(wc_Shake *src, wc_Sha3 *dst) is not documented: + parameter 'src' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/sha3.h:875: warning: The following parameters of wc_Shake128_SqueezeBlocks(wc_Shake *shake, byte *out, word32 blockCnt) are not documented: + parameter 'out' + parameter 'blockCnt' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/sha3.h:775: warning: The following parameter of wc_Shake128_Update(wc_Shake *sha, const byte *data, word32 len) is not documented: + parameter 'sha' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/hash.h:352: warning: The following parameter of wc_Shake128Hash(const byte *data, word32 len, byte *hash, word32 hashLen) is not documented: + parameter 'hashLen' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/sha3.h:1096: warning: The following parameter of wc_Shake256_Absorb(wc_Shake *sha, const byte *data, word32 len) is not documented: + parameter 'sha' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/sha3.h:1226: warning: The following parameter of wc_Shake256_Copy(wc_Shake *src, wc_Sha3 *dst) is not documented: + parameter 'src' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/sha3.h:1130: warning: The following parameters of wc_Shake256_SqueezeBlocks(wc_Shake *shake, byte *out, word32 blockCnt) are not documented: + parameter 'out' + parameter 'blockCnt' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/sha3.h:1030: warning: The following parameter of wc_Shake256_Update(wc_Shake *sha, const byte *data, word32 len) is not documented: + parameter 'sha' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/asn_public.h:87: warning: The following parameter of wc_CertFree(Cert *cert) is not documented: + parameter 'cert' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/asn_public.h:33: warning: The following parameter of wc_CertNew(void *heap) is not documented: + parameter 'heap' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/asn_public.h:505: warning: The following parameters of wc_MakeSelfCert(Cert *cert, byte *derBuffer, word32 derSz, RsaKey *key, WC_RNG *rng) are not documented: + parameter 'derBuffer' + parameter 'derSz' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/asn_public.h:451: warning: The following parameters of wc_SignCert(int requestSz, int sigType, byte *derBuffer, word32 derSz, RsaKey *rsaKey, ecc_key *eccKey, WC_RNG *rng) are not documented: + parameter 'sigType' + parameter 'derBuffer' + parameter 'derSz' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ssl.h:9971: warning: The following parameters of wolfSSL_CertManagerLoadCA(WOLFSSL_CERT_MANAGER *cm, const char *f, const char *d) are not documented: + parameter 'f' + parameter 'd' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ssl.h:10013: warning: The following parameter of wolfSSL_CertManagerLoadCABuffer(WOLFSSL_CERT_MANAGER *cm, const unsigned char *buff, long sz, int format) is not documented: + parameter 'buff' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ssl.h:10703: warning: The following parameters of wolfSSL_CertManagerSetOCSPOverrideURL(WOLFSSL_CERT_MANAGER *cm, const char *url) are not documented: + parameter 'cm' + parameter 'url' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ssl.h:10134: warning: The following parameter of wolfSSL_CertManagerVerify(WOLFSSL_CERT_MANAGER *cm, const char *f, int format) is not documented: + parameter 'f' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/error-crypt.h:7: warning: The following parameters of wc_ErrorString(int err, char *buff) are not documented: + parameter 'err' + parameter 'buff' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/iotsafe.h:350: warning: The following parameter of wc_iotsafe_ecc_export_private(ecc_key *key, byte key_id) is not documented: + parameter 'key_id' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/iotsafe.h:370: warning: The following parameter of wc_iotsafe_ecc_export_private_ex(ecc_key *key, byte *key_id, word16 id_size) is not documented: + parameter 'key_id' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/iotsafe.h:278: warning: The following parameter of wc_iotsafe_ecc_export_public(ecc_key *key, byte key_id) is not documented: + parameter 'key_id' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/iotsafe.h:264: warning: The following parameter of wc_iotsafe_ecc_import_public(ecc_key *key, byte key_id) is not documented: + parameter 'key_id' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/iotsafe.h:331: warning: The following parameter of wc_iotsafe_ecc_import_public_ex(ecc_key *key, byte *key_id, word16 id_size) is not documented: + parameter 'key_id' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/iotsafe.h:389: warning: The following parameter of wc_iotsafe_ecc_sign_hash(byte *in, word32 inlen, byte *out, word32 *outlen, byte key_id) is not documented: + parameter 'key_id' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/iotsafe.h:411: warning: The following parameter of wc_iotsafe_ecc_sign_hash_ex(byte *in, word32 inlen, byte *out, word32 *outlen, byte *key_id, word16 id_size) is not documented: + parameter 'key_id' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/iotsafe.h:434: warning: The following parameter of wc_iotsafe_ecc_verify_hash(byte *sig, word32 siglen, byte *hash, word32 hashlen, int *res, byte key_id) is not documented: + parameter 'siglen' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/iotsafe.h:458: warning: The following parameter of wc_iotsafe_ecc_verify_hash_ex(byte *sig, word32 siglen, byte *hash, word32 hashlen, int *res, byte *key_id, word16 id_size) is not documented: + parameter 'siglen' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/iotsafe.h:148: warning: The following parameter of wolfIoTSafe_SetCSIM_write_cb(wolfSSL_IOTSafe_CSIM_write_cb wf) is not documented: + parameter 'wf' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/memory.h:574: warning: The following parameter of wc_UnloadStaticMemory(WOLFSSL_HEAP_HINT *heap) is not documented: + parameter 'heap' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/memory.h:114: warning: The following parameters of wolfSSL_SetAllocators(wolfSSL_Malloc_cb mf, wolfSSL_Free_cb ff, wolfSSL_Realloc_cb rf) are not documented: + parameter 'mf' + parameter 'ff' + parameter 'rf' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/memory.h:165: warning: The following parameters of wolfSSL_StaticBufferSz(byte *buffer, word32 sz, int flag) are not documented: + parameter 'sz' + parameter 'flag' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/memory.h:612: warning: The following parameters of wolfSSL_StaticBufferSz_ex(unsigned int listSz, const word32 *sizeList, const word32 *distList, byte *buffer, word32 sz, int flag) are not documented: + parameter 'listSz' + parameter 'sizeList' + parameter 'distList' + parameter 'buffer' + parameter 'sz' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/types.h:123: warning: The following parameters of XFREE(void *p, void *heap, int type) are not documented: + parameter 'heap' + parameter 'type' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/types.h:27: warning: The following parameters of XMALLOC(size_t n, void *heap, int type) are not documented: + parameter 'n' + parameter 'heap' + parameter 'type' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/types.h:76: warning: The following parameters of XREALLOC(void *p, size_t n, void *heap, int type) are not documented: + parameter 'heap' + parameter 'type' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/random.h:106: warning: The following parameter of wc_RNG_GenerateBlock(WC_RNG *rng, byte *b, word32 sz) is not documented: + parameter 'b' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/random.h:219: warning: The following parameter of wc_RNG_HealthTest(int reseed, const byte *seedA, word32 seedASz, const byte *seedB, word32 seedBSz, byte *output, word32 outputSz) is not documented: + parameter 'reseed' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/evp.h:383: warning: The following parameter of wolfSSL_EVP_CIPHER_CTX_clear_flags(WOLFSSL_EVP_CIPHER_CTX *ctx, int flags) is not documented: + parameter 'flags' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/evp.h:360: warning: The following parameter of wolfSSL_EVP_CIPHER_CTX_set_flags(WOLFSSL_EVP_CIPHER_CTX *ctx, int flags) is not documented: + parameter 'flags' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/evp.h:406: warning: The following parameters of wolfSSL_EVP_CIPHER_CTX_set_padding(WOLFSSL_EVP_CIPHER_CTX *c, int pad) are not documented: + parameter 'c' + parameter 'pad' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/evp.h:271: warning: The following parameter of wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) is not documented: + parameter 'outl' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ssl.h:6877: warning: The following parameters of wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN *chain, int idx, unsigned char *buf, int inLen, int *outLen) are not documented: + parameter 'buf' + parameter 'inLen' + parameter 'outLen' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ssl.h:6903: warning: The following parameter of wolfSSL_get_sessionID(const WOLFSSL_SESSION *s) is not documented: + parameter 's' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ssl.h:7385: warning: The following parameters of wolfSSL_PKCS12_parse(WC_PKCS12 *pkcs12, const char *psw, WOLFSSL_EVP_PKEY **pkey, WOLFSSL_X509 **cert, WOLF_STACK_OF(WOLFSSL_X509) **ca) are not documented: + parameter 'psw' + parameter 'ca' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ssl.h:6924: warning: The following parameter of wolfSSL_X509_get_serial_number(WOLFSSL_X509 *x509, unsigned char *in, int *inOutSz) is not documented: + parameter 'x509' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ssl.h:7592: warning: The following parameter of wolfSSL_CTX_SetTmpDH_buffer(WOLFSSL_CTX *ctx, const unsigned char *b, long sz, int format) is not documented: + parameter 'b' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ssl.h:7638: warning: The following parameter of wolfSSL_CTX_SetTmpDH_file(WOLFSSL_CTX *ctx, const char *f, int format) is not documented: + parameter 'f' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ssl.h:13130: warning: The following parameter of wolfSSL_DSA_dup_DH(const WOLFSSL_DSA *r) is not documented: + parameter 'r' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ssl.h:13499: warning: The following parameter of wolfSSL_PEM_read_bio_DSAparams(WOLFSSL_BIO *bp, WOLFSSL_DSA **x, wc_pem_password_cb *cb, void *u) is not documented: + parameter 'bp' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ssl.h:7785: warning: The following parameter of wolfSSL_SetMaxDhKey_Sz(WOLFSSL *ssl, word16 keySz_bits) is not documented: + parameter 'keySz_bits' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ssl.h:7452: warning: The following parameter of wolfSSL_SetTmpDH_buffer(WOLFSSL *ssl, const unsigned char *b, long sz, int format) is not documented: + parameter 'b' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ssl.h:7503: warning: The following parameter of wolfSSL_SetTmpDH_file(WOLFSSL *ssl, const char *f, int format) is not documented: + parameter 'f' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ssl.h:5240: warning: The following parameter of wolfSSL_X509_STORE_set_flags(WOLFSSL_X509_STORE *store, unsigned long flag) is not documented: + parameter 'store' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ssl.h:13579: warning: The following parameter of wolfSSL_CTX_clear_options(WOLFSSL_CTX *ctx, long opt) is not documented: + parameter 'opt' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ssl.h:8149: warning: The following parameters of wolfSSL_CTX_trust_peer_buffer(WOLFSSL_CTX *ctx, const unsigned char *in, long sz, int format) are not documented: + parameter 'in' + parameter 'format' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ssl.h:13324: warning: The following parameter of wolfSSL_get_server_random(const WOLFSSL *ssl, unsigned char *out, size_t outlen) is not documented: + parameter 'outlen' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ssl.h:13656: warning: The following parameter of wolfSSL_set_msg_callback(WOLFSSL *ssl, SSL_Msg_Cb cb) is not documented: + parameter 'cb' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ssl.h:13681: warning: The following parameter of wolfSSL_set_msg_callback_arg(WOLFSSL *ssl, void *arg) is not documented: + parameter 'arg' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ssl.h:15379: warning: The following parameter of wolfSSL_set_server_cert_type(WOLFSSL *ssl, const char *buf, int len) is not documented: + parameter 'ssl' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ssl.h:13299: warning: The following parameter of wolfSSL_BIO_ctrl_pending(WOLFSSL_BIO *b) is not documented: + parameter 'b' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/wolfio.h:456: warning: The following parameters of wolfSSL_SetIO_NetX(WOLFSSL *ssl, NX_TCP_SOCKET *nxsocket, ULONG waitoption) are not documented: + parameter 'nxsocket' + parameter 'waitoption' +/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ssl.h:4100: warning: The following parameter of wolfSSL_ERR_error_string_n(unsigned long e, char *buf, unsigned long len) is not documented: + parameter 'buf' diff --git a/tests/api/test_cmac.c b/tests/api/test_cmac.c index e30eeefb2e..34e8b05014 100644 --- a/tests/api/test_cmac.c +++ b/tests/api/test_cmac.c @@ -244,6 +244,46 @@ int test_wc_AesCmacGenerate(void) WC_NO_ERR_TRACE(BAD_FUNC_ARG)); ExpectIntEQ(wc_AesCmacVerify(mac, macSz, NULL, msgSz, key, keySz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wc_AesCmacVerify(mac, 1, msg, msgSz, key, keySz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCmacVerify(mac, WC_CMAC_TAG_MIN_SZ - 1, msg, msgSz, + key, keySz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCmacVerify(mac, WC_AES_BLOCK_SIZE + 1, msg, msgSz, + key, keySz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Truncated tags within the supported range must verify correctly when + * the generator was asked to produce the same length */ + { + byte truncMac[WC_AES_BLOCK_SIZE]; + word32 truncSz; + word32 lengths[] = { WC_CMAC_TAG_MIN_SZ, 8, WC_AES_BLOCK_SIZE - 1 }; + word32 li; + for (li = 0; li < sizeof(lengths)/sizeof(lengths[0]); li++) { + XMEMSET(truncMac, 0, sizeof(truncMac)); + truncSz = lengths[li]; + ExpectIntEQ(wc_AesCmacGenerate(truncMac, &truncSz, msg, msgSz, + key, keySz), 0); + ExpectIntEQ(truncSz, lengths[li]); + ExpectIntEQ(wc_AesCmacVerify(truncMac, truncSz, msg, msgSz, + key, keySz), 0); + /* Flipping a bit in the truncated tag must yield + * MAC_CMP_FAILED_E, not silent success from comparing a too + * short prefix. */ + truncMac[0] ^= 0x01; + ExpectIntEQ(wc_AesCmacVerify(truncMac, truncSz, msg, msgSz, + key, keySz), WC_NO_ERR_TRACE(MAC_CMP_FAILED_E)); + } + } + + /* A full-length tag that does not match must return MAC_CMP_FAILED_E. */ + { + byte badMac[WC_AES_BLOCK_SIZE]; + XMEMCPY(badMac, mac, WC_AES_BLOCK_SIZE); + badMac[0] ^= 0x01; + ExpectIntEQ(wc_AesCmacVerify(badMac, WC_AES_BLOCK_SIZE, msg, msgSz, + key, keySz), WC_NO_ERR_TRACE(MAC_CMP_FAILED_E)); + } #endif return EXPECT_RESULT(); diff --git a/wolfcrypt/src/cmac.c b/wolfcrypt/src/cmac.c index b5e23f85b1..0e8a9f7e42 100644 --- a/wolfcrypt/src/cmac.c +++ b/wolfcrypt/src/cmac.c @@ -574,24 +574,32 @@ int wc_AesCmacVerify_ex(Cmac* cmac, { int ret = 0; byte a[WC_AES_BLOCK_SIZE]; - word32 aSz = sizeof(a); + word32 aSz; int compareRet; - if (cmac == NULL || check == NULL || checkSz == 0 || - (in == NULL && inSz != 0)) { + if (cmac == NULL || check == NULL || checkSz < WC_CMAC_TAG_MIN_SZ || + checkSz > WC_AES_BLOCK_SIZE || (in == NULL && inSz != 0)) { return BAD_FUNC_ARG; } - XMEMSET(a, 0, aSz); + aSz = checkSz; + XMEMSET(a, 0, sizeof(a)); ret = wc_AesCmacGenerate_ex(cmac, a, &aSz, in, inSz, key, keySz, heap, devId); + /* aSz is passed by reference to wc_AesCmacGenerate_ex, which on the + * WOLF_CRYPTO_CB path forwards it to a user-supplied callback that may + * write back any value. Reject anything that does not match the user + * provided length. */ + if (ret == 0 && aSz != checkSz) { + ret = BAD_STATE_E; + } if (ret == 0) { - compareRet = ConstantCompare(check, a, (int)min(checkSz, aSz)); - ret = compareRet ? 1 : 0; + compareRet = ConstantCompare(check, a, (int)aSz); + ret = compareRet ? MAC_CMP_FAILED_E : 0; } return ret; @@ -605,7 +613,8 @@ int wc_AesCmacVerify(const byte* check, word32 checkSz, int ret = 0; WC_DECLARE_VAR(cmac, Cmac, 1, 0); - if (check == NULL || checkSz == 0 || (in == NULL && inSz > 0) || + if (check == NULL || checkSz < WC_CMAC_TAG_MIN_SZ || + checkSz > WC_AES_BLOCK_SIZE || (in == NULL && inSz > 0) || key == NULL || keySz == 0) { return BAD_FUNC_ARG; } From 26b3af002d66e6ee6963066d4634907bb54f32ff Mon Sep 17 00:00:00 2001 From: Kareem Date: Wed, 13 May 2026 16:39:38 -0700 Subject: [PATCH 5/5] Code review feedback. Don't error out if WOLFSSL_RSA_PUBLIC_ONLY or WOLFSSL_RSA_VERIFY_ONLY are defined as they don't use blinding. --- .wolfssl_known_macro_extras | 2 +- doc/dox_comments/header_files/cmac.h | 8 +- doc/formats/html/doxygen_warnings | 314 --------------------------- tests/api/test_cmac.c | 3 +- wolfssl/wolfcrypt/settings.h | 8 +- 5 files changed, 15 insertions(+), 320 deletions(-) delete mode 100644 doc/formats/html/doxygen_warnings diff --git a/.wolfssl_known_macro_extras b/.wolfssl_known_macro_extras index 68c5379765..5e30c64b3b 100644 --- a/.wolfssl_known_macro_extras +++ b/.wolfssl_known_macro_extras @@ -651,6 +651,7 @@ WC_ASYNC_NO_SHA384 WC_ASYNC_NO_SHA512 WC_ASYNC_NO_X25519 WC_ASYNC_THREAD_BIND +WC_BLINDING_NO_RNG_ACKNOWLEDGE_WEAKNESS WC_CACHE_RESISTANT_BASE64_TABLE WC_DILITHIUM_FIXED_ARRAY WC_DISABLE_RADIX_ZERO_PAD @@ -672,7 +673,6 @@ WC_RNG_BANK_NO_DEFAULT_SUPPORT WC_RNG_BLOCKING WC_RSA_NONBLOCK_TIME WC_RSA_NO_FERMAT_CHECK -WC_RSA_NO_RNG_ACKNOWLEDGE_WEAKNESS WC_RWLOCK_OPS_INLINE WC_SKIP_INCLUDED_C_FILES WC_SLHDSA_KERNEL_ASM diff --git a/doc/dox_comments/header_files/cmac.h b/doc/dox_comments/header_files/cmac.h index 1c6de51423..b2bac936a4 100644 --- a/doc/dox_comments/header_files/cmac.h +++ b/doc/dox_comments/header_files/cmac.h @@ -270,15 +270,21 @@ int wc_AesCmacGenerate_ex(Cmac *cmac, byte* out, word32* outSz, Cmac cmac; byte mac[WC_AES_BLOCK_SIZE]; byte key[16], msg[64]; + int ret; - int ret = wc_AesCmacVerify_ex(&cmac, mac, sizeof(mac), msg, + ret = wc_InitCmac_ex(&cmac, key, sizeof(key), WC_CMAC_AES, NULL, + NULL, INVALID_DEVID); + if (ret == 0) { + ret = wc_AesCmacVerify_ex(&cmac, mac, sizeof(mac), msg, sizeof(msg), key, sizeof(key), NULL, INVALID_DEVID); + } if (ret == MAC_CMP_FAILED_E) { // MAC verification failed } \endcode + \sa wc_InitCmac_ex \sa wc_AesCmacVerify \sa wc_AesCmacGenerate_ex */ diff --git a/doc/formats/html/doxygen_warnings b/doc/formats/html/doxygen_warnings deleted file mode 100644 index 2938e104fa..0000000000 --- a/doc/formats/html/doxygen_warnings +++ /dev/null @@ -1,314 +0,0 @@ -warning: source '../../mainpage.dox' is not a readable file or directory... skipping. -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ascon.h:572: warning: no matching file member found for -wc_AsconAEAD128 * wc_AsconAEAD128_New(void) -Possible candidates: - 'wc_AsconAEAD128 * wc_AsconAEAD128_New(void)' at line 110 of file /home/work/wkdir/wolfssl/doc/dox_comments/header_files/ascon.h -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ssl.h:5565: warning: no matching file member found for -long wolfSSL_CTX_set_tlsext_status_arg(WOLFSSL_CTX *ctx, void *arg) -Possible candidates: - 'long wolfSSL_CTX_set_tlsext_status_arg(WOLFSSL_CTX *ctx, void *arg)' at line 5462 of file /home/work/wkdir/wolfssl/doc/dox_comments/header_files/ssl.h -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/wolfio.h:1376: warning: no matching file member found for -void * wolfSSL_GetCookieCtx(WOLFSSL *ssl) -Possible candidates: - 'void * wolfSSL_GetCookieCtx(WOLFSSL *ssl)' at line 539 of file /home/work/wkdir/wolfssl/doc/dox_comments/header_files/wolfio.h -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ascon.h:65: warning: The following parameters of wc_AsconHash256_Final(wc_AsconHash256 *a, byte *hash) are not documented: - parameter 'a' - parameter 'hash' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ascon.h:34: warning: The following parameters of wc_AsconHash256_Update(wc_AsconHash256 *a, const byte *data, word32 dataSz) are not documented: - parameter 'a' - parameter 'data' - parameter 'dataSz' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/cryptocb.h:8: warning: The following parameter of wc_CryptoCb_RegisterDevice(int devId, CryptoDevCallbackFunc cb, void *ctx) is not documented: - parameter 'ctx' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/quic.h:555: warning: The following parameter of wolfSSL_quic_aead_decrypt(uint8_t *dest, WOLFSSL_EVP_CIPHER_CTX *ctx, const uint8_t *enc, size_t enclen, const uint8_t *iv, const uint8_t *aad, size_t aadlen) is not documented: - parameter 'enclen' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/quic.h:428: warning: The following parameter of wolfSSL_quic_aead_is_ccm(const WOLFSSL_EVP_CIPHER *aead_cipher) is not documented: - parameter 'aead_cipher' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/quic.h:449: warning: The following parameter of wolfSSL_quic_aead_is_chacha20(const WOLFSSL_EVP_CIPHER *aead_cipher) is not documented: - parameter 'aead_cipher' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/quic.h:407: warning: The following parameter of wolfSSL_quic_aead_is_gcm(const WOLFSSL_EVP_CIPHER *aead_cipher) is not documented: - parameter 'aead_cipher' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/quic.h:470: warning: The following parameter of wolfSSL_quic_get_aead_tag_len(const WOLFSSL_EVP_CIPHER *aead_cipher) is not documented: - parameter 'aead_cipher' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/quic.h:217: warning: The following parameter of wolfSSL_set_quic_transport_params(WOLFSSL *ssl, const uint8_t *params, size_t params_len) is not documented: - parameter 'params_len' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ssl.h:6130: warning: The following parameter of wolfSSL_CTX_set_psk_server_callback(WOLFSSL_CTX *ctx, wc_psk_server_callback cb) is not documented: - parameter 'ctx' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ssl.h:9505: warning: The following parameter of wolfSSL_CTX_SetEccSignCtx(WOLFSSL_CTX *ctx, void *userCtx) is not documented: - parameter 'userCtx' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ssl.h:11264: warning: The following parameter of wolfSSL_CTX_SetOCSP_Cb(WOLFSSL_CTX *ctx, CbOCSPIO ioCb, CbOCSPRespFree respFreeCb, void *ioCbCtx) is not documented: - parameter 'ctx' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ssl.h:15184: warning: The following parameters of wolfSSL_RSA_sign_generic_padding(int hashAlg, const unsigned char *hash, unsigned int hLen, unsigned char *sigRet, unsigned int *sigLen, WOLFSSL_RSA *rsa, int flag, int padding) are not documented: - parameter 'hashAlg' - parameter 'hash' - parameter 'hLen' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ssl.h:9419: warning: The following parameters of wolfSSL_SetTlsHmacInner(WOLFSSL *ssl, byte *inner, word32 sz, int content, int verify) are not documented: - parameter 'ssl' - parameter 'inner' - parameter 'sz' - parameter 'content' - parameter 'verify' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ssl.h:11566: warning: The following parameters of wolfSSL_SNI_GetFromBuffer(const unsigned char *clientHello, unsigned int helloSz, unsigned char type, unsigned char *sni, unsigned int *inOutSz) are not documented: - parameter 'clientHello' - parameter 'helloSz' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/wolfio.h:490: warning: The following parameter of wolfSSL_CTX_SetGenCookie(WOLFSSL_CTX *ctx, CallbackGenCookie cb) is not documented: - parameter 'ctx' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/wolfio.h:226: warning: The following parameter of wolfSSL_CTX_SetIORecv(WOLFSSL_CTX *ctx, CallbackIORecv CBIORecv) is not documented: - parameter 'CBIORecv' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/wolfio.h:261: warning: The following parameter of wolfSSL_SetIOReadCtx(WOLFSSL *ssl, void *ctx) is not documented: - parameter 'ctx' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/wolfio.h:292: warning: The following parameter of wolfSSL_SetIOWriteCtx(WOLFSSL *ssl, void *ctx) is not documented: - parameter 'ctx' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/des3.h:165: warning: The following parameter of wc_Des3_EcbEncrypt(Des3 *des, byte *out, const byte *in, word32 sz) is not documented: - parameter 'des' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/des3.h:199: warning: The following parameter of wc_Des3_SetKey(Des3 *des, const byte *key, const byte *iv, int dir) is not documented: - parameter 'des' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/wc_encrypt.h:10: warning: The following parameter of wc_AesCbcDecryptWithKey(byte *out, const byte *in, word32 inSz, const byte *key, word32 keySz, const byte *iv) is not documented: - parameter 'iv' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/aes.h:618: warning: The following parameter of wc_AesCcmDecrypt(Aes *aes, byte *out, const byte *in, word32 inSz, const byte *nonce, word32 nonceSz, const byte *authTag, word32 authTagSz, const byte *authIn, word32 authInSz) is not documented: - parameter 'inSz' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/aes.h:567: warning: The following parameter of wc_AesCcmEncrypt(Aes *aes, byte *out, const byte *in, word32 inSz, const byte *nonce, word32 nonceSz, byte *authTag, word32 authTagSz, const byte *authIn, word32 authInSz) is not documented: - parameter 'inSz' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/aes.h:1713: warning: The following parameter of wc_AesEaxFree(AesEax *eax) is not documented: - parameter 'eax' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/chacha.h:41: warning: The following parameters of wc_Chacha_Process(ChaCha *ctx, byte *cipher, const byte *plain, word32 msglen) are not documented: - parameter 'cipher' - parameter 'plain' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/chacha20_poly1305.h:69: warning: The following parameters of wc_ChaCha20Poly1305_Decrypt(const byte inKey[CHACHA20_POLY1305_AEAD_KEYSIZE], const byte inIV[CHACHA20_POLY1305_AEAD_IV_SIZE], const byte *inAAD, word32 inAADLen, const byte *inCiphertext, word32 inCiphertextLen, const byte inAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE], byte *outPlaintext) are not documented: - parameter 'inIV' - parameter 'inCiphertextLen' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/chacha20_poly1305.h:9: warning: The following parameter of wc_ChaCha20Poly1305_Encrypt(const byte inKey[CHACHA20_POLY1305_AEAD_KEYSIZE], const byte inIV[CHACHA20_POLY1305_AEAD_IV_SIZE], const byte *inAAD, word32 inAADLen, const byte *inPlaintext, word32 inPlaintextLen, byte *outCiphertext, byte outAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]) is not documented: - parameter 'inIV' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/cmac.h:198: warning: The following parameter of wc_CMAC_Grow(Cmac *cmac, const byte *in, int inSz) is not documented: - parameter 'cmac' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ecc.h:2131: warning: The following parameter of wc_ecc_set_curve(ecc_key *key, int keysize, int curve_id) is not documented: - parameter 'key' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ecc.h:1578: warning: The following parameter of wc_ecc_sig_size_calc(int sz) is not documented: - parameter 'sz' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ecc.h:408: warning: The following parameter of wc_ecc_sign_hash(const byte *in, word32 inlen, byte *out, word32 *outlen, WC_RNG *rng, ecc_key *key) is not documented: - parameter 'rng' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/hmac.h:78: warning: The following parameter of wc_HmacFinal(Hmac *hmac, byte *out) is not documented: - parameter 'out' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/hmac.h:7: warning: The following parameter of wc_HmacSetKey(Hmac *hmac, int type, const byte *key, word32 keySz) is not documented: - parameter 'keySz' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/hmac.h:46: warning: The following parameters of wc_HmacUpdate(Hmac *hmac, const byte *in, word32 sz) are not documented: - parameter 'in' - parameter 'sz' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/hmac.h:539: warning: The following parameters of wc_Tls13_HKDF_Expand_Label(byte *okm, word32 okmLen, const byte *prk, word32 prkLen, const byte *protocol, word32 protocolLen, const byte *label, word32 labelLen, const byte *info, word32 infoLen, int digest) are not documented: - parameter 'label' - parameter 'labelLen' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/hmac.h:579: warning: The following parameters of wc_Tls13_HKDF_Expand_Label_Alloc(byte *okm, word32 okmLen, const byte *prk, word32 prkLen, const byte *protocol, word32 protocolLen, const byte *label, word32 labelLen, const byte *info, word32 infoLen, int digest, void *heap) are not documented: - parameter 'label' - parameter 'labelLen' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/hmac.h:498: warning: The following parameters of wc_Tls13_HKDF_Expand_Label_ex(byte *okm, word32 okmLen, const byte *prk, word32 prkLen, const byte *protocol, word32 protocolLen, const byte *label, word32 labelLen, const byte *info, word32 infoLen, int digest, void *heap, int devId) are not documented: - parameter 'label' - parameter 'labelLen' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/poly1305.h:70: warning: The following parameters of wc_Poly1305Final(Poly1305 *poly1305, byte *tag) are not documented: - parameter 'poly1305' - parameter 'tag' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/poly1305.h:8: warning: The following parameters of wc_Poly1305SetKey(Poly1305 *poly1305, const byte *key, word32 kySz) are not documented: - parameter 'poly1305' - parameter 'kySz' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/poly1305.h:36: warning: The following parameter of wc_Poly1305Update(Poly1305 *poly1305, const byte *m, word32 bytes) is not documented: - parameter 'poly1305' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/rsa.h:1440: warning: The following parameter of wc_RsaKeyToPublicDer_ex(RsaKey *key, byte *output, word32 inLen, int with_header) is not documented: - parameter 'with_header' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/rsa.h:880: warning: The following parameter of wc_RsaPSS_CheckPadding(const byte *in, word32 inLen, const byte *sig, word32 sigSz, enum wc_HashType hashType) is not documented: - parameter 'inLen' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/rsa.h:942: warning: The following parameter of wc_RsaPSS_CheckPadding_ex(const byte *in, word32 inLen, const byte *sig, word32 sigSz, enum wc_HashType hashType, int saltLen, int bits) is not documented: - parameter 'inLen' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/rsa.h:432: warning: The following parameter of wc_RsaPSS_Sign(const byte *in, word32 inLen, byte *out, word32 outLen, enum wc_HashType hash, int mgf, RsaKey *key, WC_RNG *rng) is not documented: - parameter 'rng' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/rsa.h:742: warning: The following parameter of wc_RsaPSS_VerifyCheckInline(byte *in, word32 inLen, byte **out, const byte *digest, word32 digentLen, enum wc_HashType hash, int mgf, RsaKey *key) is not documented: - parameter 'digentLen' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/rsa.h:810: warning: The following parameter of wc_RsaPSS_VerifyCheckInline_ex(byte *in, word32 inLen, byte **out, const byte *digest, word32 digentLen, enum wc_HashType hash, int mgf, int saltLen, RsaKey *key) is not documented: - parameter 'digentLen' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/rsa.h:317: warning: The following parameter of wc_RsaSSL_Sign(const byte *in, word32 inLen, byte *out, word32 outLen, RsaKey *key, WC_RNG *rng) is not documented: - parameter 'rng' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/sha256.h:7: warning: The following parameter of wc_InitSha256(wc_Sha256 *sha) is not documented: - parameter 'sha' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/sha512.h:99: warning: The following parameter of wc_InitSha384(wc_Sha384 *sha) is not documented: - parameter 'sha' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/sha3.h:7: warning: The following parameters of wc_InitSha3_224(wc_Sha3 *sha3, void *heap, int devId) are not documented: - parameter 'heap' - parameter 'devId' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/sha3.h:192: warning: The following parameters of wc_InitSha3_256(wc_Sha3 *sha3, void *heap, int devId) are not documented: - parameter 'heap' - parameter 'devId' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/sha3.h:377: warning: The following parameters of wc_InitSha3_384(wc_Sha3 *sha3, void *heap, int devId) are not documented: - parameter 'heap' - parameter 'devId' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/sha3.h:562: warning: The following parameters of wc_InitSha3_512(wc_Sha3 *sha3, void *heap, int devId) are not documented: - parameter 'heap' - parameter 'devId' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/sha512.h:7: warning: The following parameter of wc_InitSha512(wc_Sha512 *sha) is not documented: - parameter 'sha' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/sha3.h:747: warning: The following parameters of wc_InitShake128(wc_Shake *shake, void *heap, int devId) are not documented: - parameter 'heap' - parameter 'devId' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/sha3.h:1002: warning: The following parameters of wc_InitShake256(wc_Shake *shake, void *heap, int devId) are not documented: - parameter 'heap' - parameter 'devId' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/sha256.h:35: warning: The following parameter of wc_Sha256Update(wc_Sha256 *sha, const byte *data, word32 len) is not documented: - parameter 'sha' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/sha512.h:127: warning: The following parameter of wc_Sha384Update(wc_Sha384 *sha, const byte *data, word32 len) is not documented: - parameter 'sha' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/sha3.h:35: warning: The following parameter of wc_Sha3_224_Update(wc_Sha3 *sha, const byte *data, word32 len) is not documented: - parameter 'sha' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/sha3.h:220: warning: The following parameter of wc_Sha3_256_Update(wc_Sha3 *sha, const byte *data, word32 len) is not documented: - parameter 'sha' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/sha3.h:405: warning: The following parameter of wc_Sha3_384_Update(wc_Sha3 *sha, const byte *data, word32 len) is not documented: - parameter 'sha' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/sha3.h:590: warning: The following parameter of wc_Sha3_512_Update(wc_Sha3 *sha, const byte *data, word32 len) is not documented: - parameter 'sha' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/sha512.h:35: warning: The following parameter of wc_Sha512Update(wc_Sha512 *sha, const byte *data, word32 len) is not documented: - parameter 'sha' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/sha3.h:841: warning: The following parameter of wc_Shake128_Absorb(wc_Shake *sha, const byte *data, word32 len) is not documented: - parameter 'sha' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/sha3.h:971: warning: The following parameter of wc_Shake128_Copy(wc_Shake *src, wc_Sha3 *dst) is not documented: - parameter 'src' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/sha3.h:875: warning: The following parameters of wc_Shake128_SqueezeBlocks(wc_Shake *shake, byte *out, word32 blockCnt) are not documented: - parameter 'out' - parameter 'blockCnt' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/sha3.h:775: warning: The following parameter of wc_Shake128_Update(wc_Shake *sha, const byte *data, word32 len) is not documented: - parameter 'sha' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/hash.h:352: warning: The following parameter of wc_Shake128Hash(const byte *data, word32 len, byte *hash, word32 hashLen) is not documented: - parameter 'hashLen' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/sha3.h:1096: warning: The following parameter of wc_Shake256_Absorb(wc_Shake *sha, const byte *data, word32 len) is not documented: - parameter 'sha' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/sha3.h:1226: warning: The following parameter of wc_Shake256_Copy(wc_Shake *src, wc_Sha3 *dst) is not documented: - parameter 'src' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/sha3.h:1130: warning: The following parameters of wc_Shake256_SqueezeBlocks(wc_Shake *shake, byte *out, word32 blockCnt) are not documented: - parameter 'out' - parameter 'blockCnt' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/sha3.h:1030: warning: The following parameter of wc_Shake256_Update(wc_Shake *sha, const byte *data, word32 len) is not documented: - parameter 'sha' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/asn_public.h:87: warning: The following parameter of wc_CertFree(Cert *cert) is not documented: - parameter 'cert' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/asn_public.h:33: warning: The following parameter of wc_CertNew(void *heap) is not documented: - parameter 'heap' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/asn_public.h:505: warning: The following parameters of wc_MakeSelfCert(Cert *cert, byte *derBuffer, word32 derSz, RsaKey *key, WC_RNG *rng) are not documented: - parameter 'derBuffer' - parameter 'derSz' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/asn_public.h:451: warning: The following parameters of wc_SignCert(int requestSz, int sigType, byte *derBuffer, word32 derSz, RsaKey *rsaKey, ecc_key *eccKey, WC_RNG *rng) are not documented: - parameter 'sigType' - parameter 'derBuffer' - parameter 'derSz' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ssl.h:9971: warning: The following parameters of wolfSSL_CertManagerLoadCA(WOLFSSL_CERT_MANAGER *cm, const char *f, const char *d) are not documented: - parameter 'f' - parameter 'd' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ssl.h:10013: warning: The following parameter of wolfSSL_CertManagerLoadCABuffer(WOLFSSL_CERT_MANAGER *cm, const unsigned char *buff, long sz, int format) is not documented: - parameter 'buff' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ssl.h:10703: warning: The following parameters of wolfSSL_CertManagerSetOCSPOverrideURL(WOLFSSL_CERT_MANAGER *cm, const char *url) are not documented: - parameter 'cm' - parameter 'url' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ssl.h:10134: warning: The following parameter of wolfSSL_CertManagerVerify(WOLFSSL_CERT_MANAGER *cm, const char *f, int format) is not documented: - parameter 'f' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/error-crypt.h:7: warning: The following parameters of wc_ErrorString(int err, char *buff) are not documented: - parameter 'err' - parameter 'buff' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/iotsafe.h:350: warning: The following parameter of wc_iotsafe_ecc_export_private(ecc_key *key, byte key_id) is not documented: - parameter 'key_id' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/iotsafe.h:370: warning: The following parameter of wc_iotsafe_ecc_export_private_ex(ecc_key *key, byte *key_id, word16 id_size) is not documented: - parameter 'key_id' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/iotsafe.h:278: warning: The following parameter of wc_iotsafe_ecc_export_public(ecc_key *key, byte key_id) is not documented: - parameter 'key_id' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/iotsafe.h:264: warning: The following parameter of wc_iotsafe_ecc_import_public(ecc_key *key, byte key_id) is not documented: - parameter 'key_id' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/iotsafe.h:331: warning: The following parameter of wc_iotsafe_ecc_import_public_ex(ecc_key *key, byte *key_id, word16 id_size) is not documented: - parameter 'key_id' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/iotsafe.h:389: warning: The following parameter of wc_iotsafe_ecc_sign_hash(byte *in, word32 inlen, byte *out, word32 *outlen, byte key_id) is not documented: - parameter 'key_id' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/iotsafe.h:411: warning: The following parameter of wc_iotsafe_ecc_sign_hash_ex(byte *in, word32 inlen, byte *out, word32 *outlen, byte *key_id, word16 id_size) is not documented: - parameter 'key_id' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/iotsafe.h:434: warning: The following parameter of wc_iotsafe_ecc_verify_hash(byte *sig, word32 siglen, byte *hash, word32 hashlen, int *res, byte key_id) is not documented: - parameter 'siglen' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/iotsafe.h:458: warning: The following parameter of wc_iotsafe_ecc_verify_hash_ex(byte *sig, word32 siglen, byte *hash, word32 hashlen, int *res, byte *key_id, word16 id_size) is not documented: - parameter 'siglen' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/iotsafe.h:148: warning: The following parameter of wolfIoTSafe_SetCSIM_write_cb(wolfSSL_IOTSafe_CSIM_write_cb wf) is not documented: - parameter 'wf' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/memory.h:574: warning: The following parameter of wc_UnloadStaticMemory(WOLFSSL_HEAP_HINT *heap) is not documented: - parameter 'heap' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/memory.h:114: warning: The following parameters of wolfSSL_SetAllocators(wolfSSL_Malloc_cb mf, wolfSSL_Free_cb ff, wolfSSL_Realloc_cb rf) are not documented: - parameter 'mf' - parameter 'ff' - parameter 'rf' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/memory.h:165: warning: The following parameters of wolfSSL_StaticBufferSz(byte *buffer, word32 sz, int flag) are not documented: - parameter 'sz' - parameter 'flag' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/memory.h:612: warning: The following parameters of wolfSSL_StaticBufferSz_ex(unsigned int listSz, const word32 *sizeList, const word32 *distList, byte *buffer, word32 sz, int flag) are not documented: - parameter 'listSz' - parameter 'sizeList' - parameter 'distList' - parameter 'buffer' - parameter 'sz' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/types.h:123: warning: The following parameters of XFREE(void *p, void *heap, int type) are not documented: - parameter 'heap' - parameter 'type' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/types.h:27: warning: The following parameters of XMALLOC(size_t n, void *heap, int type) are not documented: - parameter 'n' - parameter 'heap' - parameter 'type' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/types.h:76: warning: The following parameters of XREALLOC(void *p, size_t n, void *heap, int type) are not documented: - parameter 'heap' - parameter 'type' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/random.h:106: warning: The following parameter of wc_RNG_GenerateBlock(WC_RNG *rng, byte *b, word32 sz) is not documented: - parameter 'b' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/random.h:219: warning: The following parameter of wc_RNG_HealthTest(int reseed, const byte *seedA, word32 seedASz, const byte *seedB, word32 seedBSz, byte *output, word32 outputSz) is not documented: - parameter 'reseed' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/evp.h:383: warning: The following parameter of wolfSSL_EVP_CIPHER_CTX_clear_flags(WOLFSSL_EVP_CIPHER_CTX *ctx, int flags) is not documented: - parameter 'flags' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/evp.h:360: warning: The following parameter of wolfSSL_EVP_CIPHER_CTX_set_flags(WOLFSSL_EVP_CIPHER_CTX *ctx, int flags) is not documented: - parameter 'flags' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/evp.h:406: warning: The following parameters of wolfSSL_EVP_CIPHER_CTX_set_padding(WOLFSSL_EVP_CIPHER_CTX *c, int pad) are not documented: - parameter 'c' - parameter 'pad' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/evp.h:271: warning: The following parameter of wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) is not documented: - parameter 'outl' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ssl.h:6877: warning: The following parameters of wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN *chain, int idx, unsigned char *buf, int inLen, int *outLen) are not documented: - parameter 'buf' - parameter 'inLen' - parameter 'outLen' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ssl.h:6903: warning: The following parameter of wolfSSL_get_sessionID(const WOLFSSL_SESSION *s) is not documented: - parameter 's' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ssl.h:7385: warning: The following parameters of wolfSSL_PKCS12_parse(WC_PKCS12 *pkcs12, const char *psw, WOLFSSL_EVP_PKEY **pkey, WOLFSSL_X509 **cert, WOLF_STACK_OF(WOLFSSL_X509) **ca) are not documented: - parameter 'psw' - parameter 'ca' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ssl.h:6924: warning: The following parameter of wolfSSL_X509_get_serial_number(WOLFSSL_X509 *x509, unsigned char *in, int *inOutSz) is not documented: - parameter 'x509' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ssl.h:7592: warning: The following parameter of wolfSSL_CTX_SetTmpDH_buffer(WOLFSSL_CTX *ctx, const unsigned char *b, long sz, int format) is not documented: - parameter 'b' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ssl.h:7638: warning: The following parameter of wolfSSL_CTX_SetTmpDH_file(WOLFSSL_CTX *ctx, const char *f, int format) is not documented: - parameter 'f' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ssl.h:13130: warning: The following parameter of wolfSSL_DSA_dup_DH(const WOLFSSL_DSA *r) is not documented: - parameter 'r' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ssl.h:13499: warning: The following parameter of wolfSSL_PEM_read_bio_DSAparams(WOLFSSL_BIO *bp, WOLFSSL_DSA **x, wc_pem_password_cb *cb, void *u) is not documented: - parameter 'bp' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ssl.h:7785: warning: The following parameter of wolfSSL_SetMaxDhKey_Sz(WOLFSSL *ssl, word16 keySz_bits) is not documented: - parameter 'keySz_bits' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ssl.h:7452: warning: The following parameter of wolfSSL_SetTmpDH_buffer(WOLFSSL *ssl, const unsigned char *b, long sz, int format) is not documented: - parameter 'b' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ssl.h:7503: warning: The following parameter of wolfSSL_SetTmpDH_file(WOLFSSL *ssl, const char *f, int format) is not documented: - parameter 'f' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ssl.h:5240: warning: The following parameter of wolfSSL_X509_STORE_set_flags(WOLFSSL_X509_STORE *store, unsigned long flag) is not documented: - parameter 'store' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ssl.h:13579: warning: The following parameter of wolfSSL_CTX_clear_options(WOLFSSL_CTX *ctx, long opt) is not documented: - parameter 'opt' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ssl.h:8149: warning: The following parameters of wolfSSL_CTX_trust_peer_buffer(WOLFSSL_CTX *ctx, const unsigned char *in, long sz, int format) are not documented: - parameter 'in' - parameter 'format' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ssl.h:13324: warning: The following parameter of wolfSSL_get_server_random(const WOLFSSL *ssl, unsigned char *out, size_t outlen) is not documented: - parameter 'outlen' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ssl.h:13656: warning: The following parameter of wolfSSL_set_msg_callback(WOLFSSL *ssl, SSL_Msg_Cb cb) is not documented: - parameter 'cb' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ssl.h:13681: warning: The following parameter of wolfSSL_set_msg_callback_arg(WOLFSSL *ssl, void *arg) is not documented: - parameter 'arg' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ssl.h:15379: warning: The following parameter of wolfSSL_set_server_cert_type(WOLFSSL *ssl, const char *buf, int len) is not documented: - parameter 'ssl' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ssl.h:13299: warning: The following parameter of wolfSSL_BIO_ctrl_pending(WOLFSSL_BIO *b) is not documented: - parameter 'b' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/wolfio.h:456: warning: The following parameters of wolfSSL_SetIO_NetX(WOLFSSL *ssl, NX_TCP_SOCKET *nxsocket, ULONG waitoption) are not documented: - parameter 'nxsocket' - parameter 'waitoption' -/home/work/wkdir/wolfssl/doc/dox_comments/header_files/ssl.h:4100: warning: The following parameter of wolfSSL_ERR_error_string_n(unsigned long e, char *buf, unsigned long len) is not documented: - parameter 'buf' diff --git a/tests/api/test_cmac.c b/tests/api/test_cmac.c index 34e8b05014..b3af844e97 100644 --- a/tests/api/test_cmac.c +++ b/tests/api/test_cmac.c @@ -258,8 +258,9 @@ int test_wc_AesCmacGenerate(void) byte truncMac[WC_AES_BLOCK_SIZE]; word32 truncSz; word32 lengths[] = { WC_CMAC_TAG_MIN_SZ, 8, WC_AES_BLOCK_SIZE - 1 }; + word32 lengthsSz = (word32)(sizeof(lengths)/sizeof(lengths[0])); word32 li; - for (li = 0; li < sizeof(lengths)/sizeof(lengths[0]); li++) { + for (li = 0; li < lengthsSz; li++) { XMEMSET(truncMac, 0, sizeof(truncMac)); truncSz = lengths[li]; ExpectIntEQ(wc_AesCmacGenerate(truncMac, &truncSz, msg, msgSz, diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index c433dcb4de..77d2caa1f7 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -4213,7 +4213,8 @@ extern void uITRON4_free(void *p) ; #if (defined(USE_FAST_MATH) && !defined(TFM_TIMING_RESISTANT)) || \ (defined(HAVE_ECC) && !defined(ECC_TIMING_RESISTANT)) || \ (!defined(NO_RSA) && !defined(WC_RSA_BLINDING) && !defined(HAVE_FIPS) && \ - !defined(WC_NO_RNG)) + !defined(WC_NO_RNG) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \ + !defined(WOLFSSL_RSA_VERIFY_ONLY)) #if !defined(_MSC_VER) && !defined(__TASKING__) #warning "For timing resistance / side-channel attack prevention consider using harden options" @@ -4225,8 +4226,9 @@ extern void uITRON4_free(void *p) ; /* WC_NO_RNG silently removes RSA blinding, as blinding depends on the RNG. * Refuse to build until the conflict is resolved or the loss of hardening is - * explicitly acknowledged via WC_RSA_NO_RNG_ACKNOWLEDGE_WEAKNESS. */ -#if defined(WC_NO_RNG) && ((defined(WC_RSA_BLINDING) && !defined(NO_RSA)) || \ + * explicitly acknowledged via WC_BLINDING_NO_RNG_ACKNOWLEDGE_WEAKNESS. */ +#if defined(WC_NO_RNG) && ((defined(WC_RSA_BLINDING) && !defined(NO_RSA) && \ + !defined(WOLFSSL_RSA_PUBLIC_ONLY) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ (defined(HAVE_CURVE25519) && defined(WOLFSSL_CURVE25519_BLINDING)) || \ (defined(HAVE_ECC) && defined(WOLFSSL_ECC_BLIND_K))) && \ !defined(WC_BLINDING_NO_RNG_ACKNOWLEDGE_WEAKNESS)