Use wolfSSL 5.4.0 for tests

The 5.4.0 update changed the default bignum implementation to what
could explicitly be enabled via `--enable-sp-math-all`.  Since this uses
fixed-sized buffers sufficient for key sizes of SP_INT_BITS, with a default
of 4096, modp6144 and modp8192 didn't work anymore (wc_DhGenerateKeyPair()
returned MP_EXPTMOD_E).  So we have to adapt the feature checks for this.

To support the larger DH groups we can either increase the buffer size
via `--with-max-rsa-bits` or add `--enable-heapmath` so buffers get
(re-)allocated as needed.  We go with the latter for now.

diff --git a/scripts/test.sh b/scripts/test.sh
index 443a56fbdcbb14c0e9820ac5ac92f1bfced8db04..0b1c4859b4630a45af6bcb783f02cfce58810201 100755 (executable)
--- a/scripts/test.sh
+++ b/scripts/test.sh
@@ -37,7 +37,7 @@ build_botan()
 
 build_wolfssl()
 {
-       WOLFSSL_REV=v5.3.0-stable
+       WOLFSSL_REV=v5.4.0-stable
        WOLFSSL_DIR=$DEPS_BUILD_DIR/wolfssl
 
        if test -d "$WOLFSSL_DIR"; then
@@ -53,8 +53,8 @@ build_wolfssl()
                                        --enable-aesccm --enable-aesctr --enable-camellia
                                        --enable-curve25519 --enable-curve448 --enable-des3
                                        --enable-ecccustcurves --enable-ed25519 --enable-ed448
-                                       --enable-keygen --enable-md4 --enable-rsapss --enable-sha3
-                                       --enable-shake256"
+                                       --enable-heapmath --enable-keygen --enable-md4
+                                       --enable-rsapss --enable-sha3 --enable-shake256"
 
        git clone https://github.com/wolfSSL/wolfssl.git $WOLFSSL_DIR &&
        cd $WOLFSSL_DIR &&

diff --git a/src/libstrongswan/plugins/wolfssl/wolfssl_plugin.c b/src/libstrongswan/plugins/wolfssl/wolfssl_plugin.c
index 61c8e8e8191f1ec116132e5513cfe40e1eaa3400..b53bd8b09b50d15417585f831476f660210b318d 100644 (file)
--- a/src/libstrongswan/plugins/wolfssl/wolfssl_plugin.c
+++ b/src/libstrongswan/plugins/wolfssl/wolfssl_plugin.c
@@ -270,31 +270,47 @@ METHOD(plugin_t, get_features, int,
 #ifndef NO_DH
                /* MODP DH groups */
                PLUGIN_REGISTER(KE, wolfssl_diffie_hellman_create),
-       #if !defined(USE_FAST_MATH) || FP_MAX_BITS >= (3072 * 2)
+       #if (defined(USE_FAST_MATH) && FP_MAX_BITS >= (3072 * 2)) || \
+               (defined(WOLFSSL_SP_MATH_ALL) && SP_INT_BITS >= 3072) || \
+               defined(USE_INTEGER_HEAP_MATH)
                        PLUGIN_PROVIDE(KE, MODP_3072_BIT),
        #endif
-       #if !defined(USE_FAST_MATH) || FP_MAX_BITS >= (4096 * 2)
+       #if (defined(USE_FAST_MATH) && FP_MAX_BITS >= (4096 * 2)) || \
+               (defined(WOLFSSL_SP_MATH_ALL) && SP_INT_BITS >= 4096) || \
+               defined(USE_INTEGER_HEAP_MATH)
                        PLUGIN_PROVIDE(KE, MODP_4096_BIT),
        #endif
-       #if !defined(USE_FAST_MATH) || FP_MAX_BITS >= (6144 * 2)
+       #if (defined(USE_FAST_MATH) && FP_MAX_BITS >= (6144 * 2)) || \
+               (defined(WOLFSSL_SP_MATH_ALL) && SP_INT_BITS >= 6144) || \
+               defined(USE_INTEGER_HEAP_MATH)
                        PLUGIN_PROVIDE(KE, MODP_6144_BIT),
        #endif
-       #if !defined(USE_FAST_MATH) || FP_MAX_BITS >= (8192 * 2)
+       #if (defined(USE_FAST_MATH) && FP_MAX_BITS >= (8192 * 2)) || \
+               (defined(WOLFSSL_SP_MATH_ALL) && SP_INT_BITS >= 8192) || \
+               defined(USE_INTEGER_HEAP_MATH)
                        PLUGIN_PROVIDE(KE, MODP_8192_BIT),
        #endif
-       #if !defined(USE_FAST_MATH) || FP_MAX_BITS >= (2048 * 2)
+       #if (defined(USE_FAST_MATH) && FP_MAX_BITS >= (2048 * 2)) || \
+               (defined(WOLFSSL_SP_MATH_ALL) && SP_INT_BITS >= 2048) || \
+               defined(USE_INTEGER_HEAP_MATH)
                        PLUGIN_PROVIDE(KE, MODP_2048_BIT),
                        PLUGIN_PROVIDE(KE, MODP_2048_224),
                        PLUGIN_PROVIDE(KE, MODP_2048_256),
        #endif
-       #if !defined(USE_FAST_MATH) || FP_MAX_BITS >= (1536 * 2)
+       #if (defined(USE_FAST_MATH) && FP_MAX_BITS >= (1536 * 2)) || \
+               (defined(WOLFSSL_SP_MATH_ALL) && SP_INT_BITS >= 1536) || \
+               defined(USE_INTEGER_HEAP_MATH)
                        PLUGIN_PROVIDE(KE, MODP_1536_BIT),
        #endif
-       #if !defined(USE_FAST_MATH) || FP_MAX_BITS >= (1024 * 2)
+       #if (defined(USE_FAST_MATH) && FP_MAX_BITS >= (1024 * 2)) || \
+               (defined(WOLFSSL_SP_MATH_ALL) && SP_INT_BITS >= 1024) || \
+               defined(USE_INTEGER_HEAP_MATH)
                        PLUGIN_PROVIDE(KE, MODP_1024_BIT),
                        PLUGIN_PROVIDE(KE, MODP_1024_160),
        #endif
-       #if !defined(USE_FAST_MATH) || FP_MAX_BITS >= (768 * 2)
+       #if (defined(USE_FAST_MATH) && FP_MAX_BITS >= (768 * 2)) || \
+               (defined(WOLFSSL_SP_MATH_ALL) && SP_INT_BITS >= 768) || \
+               defined(USE_INTEGER_HEAP_MATH)
                        PLUGIN_PROVIDE(KE, MODP_768_BIT),
        #endif
                        PLUGIN_PROVIDE(KE, MODP_CUSTOM),

diff --git a/testing/scripts/recipes/012_wolfssl.mk b/testing/scripts/recipes/012_wolfssl.mk
index 73b91c4015f5e3722aad138de234adcea0b9c2c0..14b12ea3e1f031f7e74fbabe477db1f2ad7c7758 100644 (file)
--- a/testing/scripts/recipes/012_wolfssl.mk
+++ b/testing/scripts/recipes/012_wolfssl.mk
@@ -2,7 +2,7 @@
 
 PKG = wolfssl
 SRC = https://github.com/wolfSSL/$(PKG).git
-REV = v5.3.0-stable
+REV = v5.4.0-stable
 
 NUM_CPUS := $(shell getconf _NPROCESSORS_ONLN)
 
@@ -27,6 +27,7 @@ CONFIG_OPTS = \
        --enable-ecccustcurves \
        --enable-ed25519 \
        --enable-ed448 \
+       --enable-heapmath \
        --enable-keygen \
        --enable-md4 \
        --enable-rsapss \