Merge pull request #105 from LinuxJedi/older-wolfSSL

wolfSSL 5.6.6 support

Author: dgarske

.github/workflows/unit-test.yml

@@ -88,6 +88,9 @@ jobs:
     with:
       config: --enable-debug
 
+  wolfssl_v5_6_6:
+    uses: ./.github/workflows/wolfssl-v5.6.6-build-workflow.yml
+
   #TODO: --disable-aes            Enable AES (default: enabled)
   #TODO: --disable-aescbc         Enable AES-CBC (default: enabled)
   #TODO: --disable-sha256         Enable SHA-256 (default: enabled)

.github/workflows/wolfssl-v5.6.6-build-workflow.yml

@@ -0,0 +1,97 @@
+name: wolfPKCS11 Build Workflow with wolfSSL v5.6.6-stable
+
+on:
+
+    workflow_call:
+      inputs:
+        config:
+          required: false
+          type: string
+        check:
+          required: false
+          type: string
+          default: 'make check'
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+
+    steps:
+#pull wolfPKCS11
+    - uses: actions/checkout@v4
+      with:
+        submodules: true
+
+#setup wolfssl at v5.6.6-stable tag
+    - uses: actions/checkout@v4
+      with:
+        repository: wolfssl/wolfssl
+        ref: v5.6.6-stable
+        path: wolfssl
+
+    # Cache wolfSSL build
+    - name: Cache wolfSSL build
+      id: cache-wolfssl
+      uses: actions/cache@v4
+      with:
+        path: |
+          wolfssl/src/.libs
+          wolfssl/wolfcrypt/src/.libs
+          wolfssl/wolfssl/*.h
+          wolfssl/wolfcrypt/wolfcrypt/*.h
+          /usr/local/lib/libwolfssl*
+          /usr/local/include/wolfssl
+        key: wolfssl-v5.6.6-stable-${{ hashFiles('wolfssl/configure.ac', 'wolfssl/wolfssl/version.h') }}
+        restore-keys: |
+          wolfssl-v5.6.6-stable-
+
+    # Build wolfSSL only if cache miss
+    - name: wolfssl autogen
+      if: steps.cache-wolfssl.outputs.cache-hit != 'true'
+      working-directory: ./wolfssl
+      run: ./autogen.sh
+    - name: wolfssl configure
+      if: steps.cache-wolfssl.outputs.cache-hit != 'true'
+      working-directory: ./wolfssl
+      run: |
+        ./configure --enable-cryptocb --enable-aescfb --enable-rsapss --enable-keygen --enable-pwdbased --enable-scrypt \
+            C_EXTRA_FLAGS="-DWOLFSSL_PUBLIC_MP -DWC_RSA_DIRECT"
+    - name: wolfssl make install
+      if: steps.cache-wolfssl.outputs.cache-hit != 'true'
+      working-directory: ./wolfssl
+      run: make
+    - name: wolfssl make install
+      if: steps.cache-wolfssl.outputs.cache-hit != 'true'
+      working-directory: ./wolfssl
+      run: |
+          sudo make install
+          sudo ldconfig
+
+    # Restore wolfSSL from cache if available
+    - name: Restore wolfSSL from cache
+      if: steps.cache-wolfssl.outputs.cache-hit == 'true'
+      run: sudo ldconfig
+
+
+
+#setup wolfPKCS11
+    - name: wolfpkcs11 autogen
+      run: ./autogen.sh
+    - name: wolfpkcs11 configure
+      run: ./configure ${{inputs.config}}
+    - name: wolfpkcs11 make
+      run: make
+    - name: wolfpkcs11 make check
+      run: ${{inputs.check}}
+
+
+# capture logs on failure
+    - name: Upload failure logs
+      if: failure() || cancelled()
+      uses: actions/upload-artifact@v4
+      with:
+        name: wolfpkcs11-v5.6.6-test-logs
+        path: |
+          test-suite.log
+        retention-days: 5

src/crypto.c

@@ -2061,8 +2061,8 @@ CK_RV C_Encrypt(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pData,
             }
 
             /* PKCS#5 pad makes the output a multiple of 16 */
-            encDataLen = (word32)((ulDataLen + WC_AES_BLOCK_SIZE - 1) /
-                        WC_AES_BLOCK_SIZE) * WC_AES_BLOCK_SIZE;
+            encDataLen = (word32)((ulDataLen + AES_BLOCK_SIZE - 1) /
+                        AES_BLOCK_SIZE) * AES_BLOCK_SIZE;
             if (pEncryptedData == NULL) {
                 *pulEncryptedDataLen = encDataLen;
                 return CKR_OK;
@@ -2407,7 +2407,7 @@ CK_RV C_EncryptUpdate(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pPart,
                 return CKR_OPERATION_NOT_INITIALIZED;
 
             if (pEncryptedPart == NULL) {
-                *pulEncryptedPartLen = ulPartLen + WC_AES_BLOCK_SIZE * 2;
+                *pulEncryptedPartLen = ulPartLen + AES_BLOCK_SIZE * 2;
                 return CKR_OK;
             }
 
@@ -2571,7 +2571,7 @@ CK_RV C_EncryptFinal(CK_SESSION_HANDLE hSession,
                 return CKR_OPERATION_NOT_INITIALIZED;
 
             if (pLastEncryptedPart == NULL) {
-                *pulLastEncryptedPartLen = WC_AES_BLOCK_SIZE * 2;
+                *pulLastEncryptedPartLen = AES_BLOCK_SIZE * 2;
                 return CKR_OK;
             }
 
@@ -3323,7 +3323,7 @@ CK_RV C_DecryptUpdate(CK_SESSION_HANDLE hSession,
                 return CKR_OPERATION_NOT_INITIALIZED;
 
             if (pPart == NULL) {
-                *pulPartLen = ulEncryptedPartLen + WC_AES_BLOCK_SIZE * 2;
+                *pulPartLen = ulEncryptedPartLen + AES_BLOCK_SIZE * 2;
                 return CKR_OK;
             }
 
@@ -3484,7 +3484,7 @@ CK_RV C_DecryptFinal(CK_SESSION_HANDLE hSession, CK_BYTE_PTR pLastPart,
                 return CKR_OPERATION_NOT_INITIALIZED;
 
             if (pLastPart == NULL) {
-                *pulLastPartLen = WC_AES_BLOCK_SIZE * 2;
+                *pulLastPartLen = AES_BLOCK_SIZE * 2;
                 return CKR_OK;
             }
 
@@ -4072,7 +4072,7 @@ CK_RV C_SignInit(CK_SESSION_HANDLE hSession, CK_MECHANISM_PTR pMechanism,
                                               pMechanism->ulParameterLen != 0) {
                 return CKR_MECHANISM_PARAM_INVALID;
             }
-            ret = WP11_Aes_Cmac_Init(obj, session, WC_AES_BLOCK_SIZE/2);
+            ret = WP11_Aes_Cmac_Init(obj, session, AES_BLOCK_SIZE/2);
             if (ret != 0)
                 return CKR_FUNCTION_FAILED;
             init = WP11_INIT_AES_CMAC_SIGN;
@@ -5091,7 +5091,7 @@ CK_RV C_VerifyInit(CK_SESSION_HANDLE hSession,
                                               pMechanism->ulParameterLen != 0) {
                 return CKR_MECHANISM_PARAM_INVALID;
             }
-            ret = WP11_Aes_Cmac_Init(obj, session, WC_AES_BLOCK_SIZE/2);
+            ret = WP11_Aes_Cmac_Init(obj, session, AES_BLOCK_SIZE/2);
             if (ret != 0)
                 return CKR_FUNCTION_FAILED;
             init = WP11_INIT_AES_CMAC_VERIFY;

src/internal.c

@@ -11570,6 +11570,11 @@ int WP11_GetOperationState(WP11_Session* session, unsigned char* stateData,
 {
     unsigned long bufferAvailable = *stateDataLen;
     unsigned long mechSize = 0;
+#if defined(LIBWOLFSSL_VERSION_HEX) && LIBWOLFSSL_VERSION_HEX < 0x05007004
+    wc_HashAlg* hashAlg;
+#else
+    wc_Hashes* hashAlg;
+#endif
 
     *stateDataLen = sizeof(session->mechanism);
 
@@ -11613,35 +11618,37 @@ int WP11_GetOperationState(WP11_Session* session, unsigned char* stateData,
     XMEMCPY(stateData, &session->mechanism, sizeof(session->mechanism));
     stateData += sizeof(session->mechanism);
 
+#if defined(LIBWOLFSSL_VERSION_HEX) && LIBWOLFSSL_VERSION_HEX < 0x05007004
+    hashAlg = &session->params.digest.hash;
+#else
+    hashAlg = &session->params.digest.hash.alg;
+#endif
+
+
     switch (session->mechanism) {
 #ifndef NO_SHA
         case CKM_SHA1:
-            wc_ShaCopy(&session->params.digest.hash.alg.sha,
-                (wc_Sha*)stateData);
+            wc_ShaCopy(&hashAlg->sha, (wc_Sha*)stateData);
             break;
 #endif
 #ifdef WOLFSSL_SHA224
         case CKM_SHA224:
-            wc_Sha224Copy(&session->params.digest.hash.alg.sha224,
-                (wc_Sha224*)stateData);
+            wc_Sha224Copy(&hashAlg->sha224, (wc_Sha224*)stateData);
             break;
 #endif
 #ifndef NO_SHA256
         case CKM_SHA256:
-            wc_Sha256Copy(&session->params.digest.hash.alg.sha256,
-                (wc_Sha256*)stateData);
+            wc_Sha256Copy(&hashAlg->sha256, (wc_Sha256*)stateData);
             break;
 #endif
 #ifdef WOLFSSL_SHA384
         case CKM_SHA384:
-            wc_Sha384Copy(&session->params.digest.hash.alg.sha384,
-                (wc_Sha384*)stateData);
+            wc_Sha384Copy(&hashAlg->sha384, (wc_Sha384*)stateData);
             break;
 #endif
 #ifdef WOLFSSL_SHA512
         case CKM_SHA512:
-            wc_Sha512Copy(&session->params.digest.hash.alg.sha512,
-                (wc_Sha512*)stateData);
+            wc_Sha512Copy(&hashAlg->sha512, (wc_Sha512*)stateData);
             break;
 #endif
     }
@@ -11655,6 +11662,11 @@ int WP11_SetOperationState(WP11_Session* session, unsigned char* stateData,
     unsigned long mechSize = 0;
     int hashType = WC_HASH_TYPE_NONE;
     int ret;
+#if defined(LIBWOLFSSL_VERSION_HEX) && LIBWOLFSSL_VERSION_HEX < 0x05007004
+    wc_HashAlg* hashAlg;
+#else
+    wc_Hashes* hashAlg;
+#endif
 
     if (stateDataLen < sizeof(session->mechanism))
         return CKR_SAVED_STATE_INVALID;
@@ -11706,35 +11718,36 @@ int WP11_SetOperationState(WP11_Session* session, unsigned char* stateData,
     if (ret != CKR_OK)
         return ret;
 
+    #if defined(LIBWOLFSSL_VERSION_HEX) && LIBWOLFSSL_VERSION_HEX < 0x05007004
+        hashAlg = &session->params.digest.hash;
+    #else
+        hashAlg = &session->params.digest.hash.alg;
+    #endif
+
     switch (session->mechanism) {
 #ifndef NO_SHA
         case CKM_SHA1:
-            wc_ShaCopy((wc_Sha*)stateData,
-                &session->params.digest.hash.alg.sha);
+            wc_ShaCopy((wc_Sha*)stateData, &hashAlg->sha);
             break;
 #endif
 #ifdef WOLFSSL_SHA224
         case CKM_SHA224:
-            wc_Sha224Copy((wc_Sha224*)stateData,
-                &session->params.digest.hash.alg.sha224);
+            wc_Sha224Copy((wc_Sha224*)stateData, &hashAlg->sha224);
             break;
 #endif
 #ifndef NO_SHA256
         case CKM_SHA256:
-            wc_Sha256Copy((wc_Sha256*)stateData,
-                &session->params.digest.hash.alg.sha256);
+            wc_Sha256Copy((wc_Sha256*)stateData, &hashAlg->sha256);
             break;
 #endif
 #ifdef WOLFSSL_SHA384
         case CKM_SHA384:
-            wc_Sha384Copy((wc_Sha384*)stateData,
-                &session->params.digest.hash.alg.sha384);
+            wc_Sha384Copy((wc_Sha384*)stateData, &hashAlg->sha384);
             break;
 #endif
 #ifdef WOLFSSL_SHA512
         case CKM_SHA512:
-            wc_Sha512Copy((wc_Sha512*)stateData,
-                &session->params.digest.hash.alg.sha512);
+            wc_Sha512Copy((wc_Sha512*)stateData, &hashAlg->sha512);
             break;
 #endif
     }