Fix compiler warnings from mingw. Add portability macro `WOLFPKCS11_N…

…O_ENV` when setenv/getenv is not available. Only require `-ldl` for non-static builds.

configure.ac

@@ -322,6 +322,8 @@ fi
 
 if test "$enable_shared" = "no"; then
     AM_CFLAGS="$AM_CFLAGS -DHAVE_PKCS11_STATIC"
+else
+    LIBS="$LIBS -ldl"
 fi
 
 
@@ -347,7 +349,7 @@ AX_HARDEN_CC_COMPILER_FLAGS
 
 OPTION_FLAGS="$CFLAGS $CPPFLAGS $AM_CFLAGS"
 
-LIBS="$LIBS -lwolfssl -ldl -lm"
+LIBS="$LIBS -lwolfssl -lm"
 
 CREATE_HEX_VERSION
 AC_SUBST([AM_CPPFLAGS])

src/internal.c

@@ -53,6 +53,11 @@
     #endif
 #endif
 
+#if defined(WC_RSA_BLINDING) && (!defined(HAVE_FIPS) || \
+    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
+#define WOLFPKCS11_NEED_RSA_RNG
+#endif
+
 /* Size of hash calculated from PIN. */
 #define PIN_HASH_SZ                    32
 /* Size of seed used when calculating hash from PIN. */
@@ -6503,26 +6508,23 @@ int WP11_RsaPkcs15_PrivateDecrypt(unsigned char* in, word32 inLen,
                                   WP11_Object* priv, WP11_Slot* slot)
 {
     int ret = 0;
-#if defined(WC_RSA_BLINDING) && (!defined(HAVE_FIPS) || \
-    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
+#ifdef WOLFPKCS11_NEED_RSA_RNG
     WC_RNG rng;
 #endif
     /* A random number generator is needed for blinding. */
     if (priv->onToken)
         WP11_Lock_LockRW(priv->lock);
-#if defined(WC_RSA_BLINDING) && (!defined(HAVE_FIPS) || \
-    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
+#ifdef WOLFPKCS11_NEED_RSA_RNG
     ret = Rng_New(&slot->token.rng, &slot->token.rngLock, &rng);
-    if (ret == 0) {
-        priv->data.rsaKey.rng = &rng;
-    }
 #endif
     if (ret == 0) {
+    #ifdef WOLFPKCS11_NEED_RSA_RNG
+        priv->data.rsaKey.rng = &rng;
+    #endif
         ret = wc_RsaPrivateDecrypt_ex(in, inLen, out, *outLen,
                                        &priv->data.rsaKey, WC_RSA_PKCSV15_PAD,
                                        WC_HASH_TYPE_NONE, WC_MGF1NONE, NULL, 0);
-    #if defined(WC_RSA_BLINDING) && (!defined(HAVE_FIPS) || \
-        (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
+    #ifdef WOLFPKCS11_NEED_RSA_RNG
         priv->data.rsaKey.rng = NULL;
         Rng_Free(&rng);
     #endif
@@ -6607,28 +6609,25 @@ int WP11_RsaOaep_PrivateDecrypt(unsigned char* in, word32 inLen,
     int ret = 0;
     WP11_OaepParams* oaep = &session->params.oaep;
     WP11_Slot* slot = WP11_Session_GetSlot(session);
-#if defined(WC_RSA_BLINDING) && (!defined(HAVE_FIPS) || \
-    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
+#ifdef WOLFPKCS11_NEED_RSA_RNG
     WC_RNG rng;
 #endif
 
     /* A random number generator is needed for blinding. */
     if (priv->onToken)
         WP11_Lock_LockRW(priv->lock);
-#if defined(WC_RSA_BLINDING) && (!defined(HAVE_FIPS) || \
-    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
+#ifdef WOLFPKCS11_NEED_RSA_RNG
     ret = Rng_New(&slot->token.rng, &slot->token.rngLock, &rng);
-    if (ret == 0) {
-        priv->data.rsaKey.rng = &rng;
-    }
 #endif
     if (ret == 0) {
+    #ifdef WOLFPKCS11_NEED_RSA_RNG
+        priv->data.rsaKey.rng = &rng;
+    #endif
         ret = wc_RsaPrivateDecrypt_ex(in, inLen, out, *outLen,
                                             &priv->data.rsaKey, WC_RSA_OAEP_PAD,
                                             oaep->hashType, oaep->mgf,
                                             oaep->label, oaep->labelSz);
-    #if defined(WC_RSA_BLINDING) && (!defined(HAVE_FIPS) || \
-    (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
+    #ifdef WOLFPKCS11_NEED_RSA_RNG
         priv->data.rsaKey.rng = NULL;
         Rng_Free(&rng);
     #endif

tests/include.am

@@ -4,17 +4,17 @@
 check_PROGRAMS += tests/pkcs11test
 noinst_PROGRAMS += tests/pkcs11test
 tests_pkcs11test_SOURCES = tests/pkcs11test.c
-tests_pkcs11test_LDADD = -lwolfssl -ldl -lm
+tests_pkcs11test_LDADD =
 
 check_PROGRAMS += tests/pkcs11mtt
 noinst_PROGRAMS += tests/pkcs11mtt
 tests_pkcs11mtt_SOURCES = tests/pkcs11mtt.c
-tests_pkcs11mtt_LDADD = -lwolfssl -ldl -lm
+tests_pkcs11mtt_LDADD =
 
 check_PROGRAMS += tests/pkcs11str
 noinst_PROGRAMS += tests/pkcs11str
 tests_pkcs11str_SOURCES = tests/pkcs11str.c
-tests_pkcs11str_LDADD = -lwolfssl -ldl -lm
+tests_pkcs11str_LDADD =
 
 if BUILD_STATIC
 tests_pkcs11test_LDADD +=src/libwolfpkcs11.la

tests/pkcs11mtt.c

@@ -6494,7 +6494,9 @@ int main(int argc, char* argv[])
     int closeDl = 1;
     int i;
 
+#ifndef WOLFPKCS11_NO_ENV
     setenv("WOLFPKCS11_NO_STORE", "1", 1);
+#endif
 
     argc--;
     argv++;

tests/pkcs11test.c

@@ -36,7 +36,6 @@
 #include "unit.h"
 #include "testdata.h"
 
-
 #define TEST_FLAG_INIT                 0x01
 #define TEST_FLAG_TOKEN                0x02
 #define TEST_FLAG_SESSION              0x04
@@ -7908,7 +7907,9 @@ int main(int argc, char* argv[])
     int closeDl = 1;
     int i;
 
+#ifndef WOLFPKCS11_NO_ENV
     setenv("WOLFPKCS11_NO_STORE", "1", 1);
+#endif
 
     argc--;
     argv++;

wolfpkcs11/pkcs11.h

@@ -24,6 +24,12 @@
 
 #include <wolfpkcs11/visibility.h>
 
+#ifndef WOLFPKCS11_NO_ENV
+#include <stdio.h>
+#include <stdlib.h> /* setenv/getenv */
+#include <string.h>
+#endif
+
 #ifdef __cplusplus
 extern "C" {
 #endif
@@ -879,6 +885,25 @@ struct CK_FUNCTION_LIST {
 
 };
 
+#ifndef WOLFPKCS11_NO_ENV
+#if defined(__MINGW32__) || defined(_MSC_VER)
+/* Windows/MinGw does not support setenv, but does have putenv and getenv */
+extern int putenv(const char *);
+static inline int setenv(const char *name, const char *value, int overwrite)
+{
+    char env[255];
+    size_t len = strlen(name) + 1 + strlen(value) + 1;
+    if (len < sizeof(env)) {
+        sprintf(env, "%s=%s", name, value);
+        return putenv(env);
+    }
+    (void)overwrite;
+    return EXIT_FAILURE;
+}
+#endif
+#endif /* !WOLFPKCS11_NO_ENV */
+
+
 #ifdef __cplusplus
 }
 #endif