feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

ssl.c: Move out crypto compat APIs

Browse Source 
ssl_crypto.c contains OpenSSL compatibility APIS for:
 - MD4, MD5, SHA/SHA-1, SHA2, SHA3
 - HMAC, CMAC
 - DES, DES3, AES, RC4
API implementations reworked.
Tests added for coverage.
TODOs for future enhancements.
This commit is contained in:
Sean Parkinson
2023-10-31 10:03:21 +10:00
parent 1a3f3aa5f0
commit 54f2d56300
15 changed files with 5621 additions and 4100 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
IDE/Espressif/ESP-IDF/UPDATE.md
View File

@ -21,3 +21,4 @@ Updates to Espressif ESP-IDF wolfssl_benchmark and wolfssl_test examples:
- Added VisualGDB Project file & Visual Studio solution file.
- Added optional `time_helper` for wolfssl_test
- Exclude `ssl_misc.c` in component cmake to fix warning: #warning ssl_misc.c does not need to be compiled separately from ssl.c
- Exclude `ssl_crypto.c` in component cmake to fix warning: #warning ssl_crypto.c does not need to be compiled separately from ssl.c

3
IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt
View File

@ -353,8 +353,9 @@ else()
"\"${WOLFSSL_ROOT}/src/misc.c\""
"\"${WOLFSSL_ROOT}/src/pk.c\""
"\"${WOLFSSL_ROOT}/src/ssl_asn1.c\"" # included by ssl.c
"\"${WOLFSSL_ROOT}/src/ssl_certman.c\"" # included by ssl.c
"\"${WOLFSSL_ROOT}/src/ssl_bn.c\"" # included by ssl.c
"\"${WOLFSSL_ROOT}/src/ssl_certman.c\"" # included by ssl.c
"\"${WOLFSSL_ROOT}/src/ssl_crypto.c\"" # included by ssl.c
"\"${WOLFSSL_ROOT}/src/ssl_misc.c\"" # included by ssl.c
"\"${WOLFSSL_ROOT}/src/x509.c\""
"\"${WOLFSSL_ROOT}/src/x509_str.c\""

1
IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt
View File

@ -353,6 +353,7 @@ else()
"\"${WOLFSSL_ROOT}/src/ssl_asn1.c\"" # included by ssl.c
"\"${WOLFSSL_ROOT}/src/ssl_bn.c\"" # included by ssl.c
"\"${WOLFSSL_ROOT}/src/ssl_certman.c\"" # included by ssl.c
"\"${WOLFSSL_ROOT}/src/ssl_crypto.c\"" # included by ssl.c
"\"${WOLFSSL_ROOT}/src/ssl_misc.c\"" # included by ssl.c
"\"${WOLFSSL_ROOT}/src/x509.c\""
"\"${WOLFSSL_ROOT}/src/x509_str.c\""

1
IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt
View File

@ -393,6 +393,7 @@ else()
"\"${WOLFSSL_ROOT}/src/ssl_asn1.c\"" # included by ssl.c
"\"${WOLFSSL_ROOT}/src/ssl_bn.c\"" # included by ssl.c
"\"${WOLFSSL_ROOT}/src/ssl_certman.c\"" # included by ssl.c
"\"${WOLFSSL_ROOT}/src/ssl_crypto.c\"" # included by ssl.c
"\"${WOLFSSL_ROOT}/src/ssl_misc.c\"" # included by ssl.c
"\"${WOLFSSL_ROOT}/src/x509.c\""
"\"${WOLFSSL_ROOT}/src/x509_str.c\""

1
IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt
View File

@ -393,6 +393,7 @@ else()
"\"${WOLFSSL_ROOT}/src/ssl_asn1.c\"" # included by ssl.c
"\"${WOLFSSL_ROOT}/src/ssl_bn.c\"" # included by ssl.c
"\"${WOLFSSL_ROOT}/src/ssl_certman.c\"" # included by ssl.c
"\"${WOLFSSL_ROOT}/src/ssl_crypto.c\"" # included by ssl.c
"\"${WOLFSSL_ROOT}/src/ssl_misc.c\"" # included by ssl.c
"\"${WOLFSSL_ROOT}/src/x509.c\""
"\"${WOLFSSL_ROOT}/src/x509_str.c\""

1
IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt
View File

@ -482,6 +482,7 @@ endif()
"\"${WOLFSSL_ROOT}/src/ssl_asn1.c\"" # included by ssl.c
"\"${WOLFSSL_ROOT}/src/ssl_bn.c\"" # included by ssl.c
"\"${WOLFSSL_ROOT}/src/ssl_certman.c\"" # included by ssl.c
"\"${WOLFSSL_ROOT}/src/ssl_crypto.c\"" # included by ssl.c
"\"${WOLFSSL_ROOT}/src/ssl_misc.c\"" # included by ssl.c
"\"${WOLFSSL_ROOT}/src/x509.c\""
"\"${WOLFSSL_ROOT}/src/x509_str.c\""

4
IDE/Espressif/ESP-IDF/libs/CMakeLists.txt
View File

@ -71,6 +71,10 @@ set(COMPONENT_SRCEXCLUDE
"./src/conf.c"
"./src/misc.c"
"./src/pk.c"
"./src/ssl_asn1.c" # included by ssl.c
"./src/ssl_bn.c" # included by ssl.c
"./src/ssl_certman.c" # included by ssl.c
"./src/ssl_crypto.c" # included by ssl.c
"./src/ssl_misc.c" # included by ssl.c
"./src/x509.c"
"./src/x509_str.c"

4
IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/CMakeLists.txt
View File

@ -37,6 +37,10 @@ list( REMOVE_ITEM SSL_SOURCES ../../../src/conf.c )
list( REMOVE_ITEM SSL_SOURCES ../../../src/x509.c )
list( REMOVE_ITEM SSL_SOURCES ../../../src/x509_str.c )
list( REMOVE_ITEM SSL_SOURCES ../../../src/pk.c )
list( REMOVE_ITEM SSL_SOURCES ../../../src/ssl_asn1.c )
list( REMOVE_ITEM SSL_SOURCES ../../../src/ssl_bn.c )
list( REMOVE_ITEM SSL_SOURCES ../../../src/ssl_certman.c )
list( REMOVE_ITEM SSL_SOURCES ../../../src/ssl_crypto.c )
list( REMOVE_ITEM SSL_SOURCES ../../../src/ssl_misc.c )
aux_source_directory( ${CRYPTO_SRC_DIR} CRYPTO_SOURCES )
list( REMOVE_ITEM CRYPTO_SOURCES ../../../wolfcrypt/src/evp.c )

1
src/include.am
View File

@ -20,6 +20,7 @@ EXTRA_DIST += src/pk.c
EXTRA_DIST += src/ssl_asn1.c
EXTRA_DIST += src/ssl_bn.c
EXTRA_DIST += src/ssl_certman.c
EXTRA_DIST += src/ssl_crypto.c
EXTRA_DIST += src/ssl_misc.c
EXTRA_DIST += src/x509.c
EXTRA_DIST += src/x509_str.c

2768
src/ssl.c
View File

File diff suppressed because it is too large Load Diff

2
src/ssl_certman.c
View File

@ -844,8 +844,10 @@ int wolfSSL_CertManagerVerify(WOLFSSL_CERT_MANAGER* cm, const char* fname,
if (buff != staticBuffer)
#endif
{
if (cm != NULL) {
XFREE(buff, cm->heap, DYNAMIC_TYPE_FILE);
}
}
return ret;
}
#endif

3476
src/ssl_crypto.c Normal file
View File

File diff suppressed because it is too large Load Diff

3285
tests/api.c
View File

File diff suppressed because it is too large Load Diff

151
wolfcrypt/src/evp.c
View File

@ -4112,6 +4112,86 @@ const unsigned char* wolfSSL_EVP_PKEY_get0_hmac(const WOLFSSL_EVP_PKEY* pkey,
return (const unsigned char*)pkey->pkey.ptr;
}
static int wolfssl_evp_md_to_hash_type(const WOLFSSL_EVP_MD *type,
int* hashType)
{
int ret = 0;
#ifndef NO_SHA256
if (XSTRCMP(type, "SHA256") == 0) {
*hashType = WC_SHA256;
}
else
#endif
#ifndef NO_SHA
if ((XSTRCMP(type, "SHA") == 0) || (XSTRCMP(type, "SHA1") == 0)) {
*hashType = WC_SHA;
}
else
#endif /* NO_SHA */
#ifdef WOLFSSL_SHA224
if (XSTRCMP(type, "SHA224") == 0) {
*hashType = WC_SHA224;
}
else
#endif
#ifdef WOLFSSL_SHA384
if (XSTRCMP(type, "SHA384") == 0) {
*hashType = WC_SHA384;
}
else
#endif
#ifdef WOLFSSL_SHA512
if (XSTRCMP(type, "SHA512") == 0) {
*hashType = WC_SHA512;
}
else
#endif
#ifdef WOLFSSL_SHA3
#ifndef WOLFSSL_NOSHA3_224
if (XSTRCMP(type, "SHA3_224") == 0) {
*hashType = WC_SHA3_224;
}
else
#endif
#ifndef WOLFSSL_NOSHA3_256
if (XSTRCMP(type, "SHA3_256") == 0) {
*hashType = WC_SHA3_256;
}
else
#endif
#ifndef WOLFSSL_NOSHA3_384
if (XSTRCMP(type, "SHA3_384") == 0) {
*hashType = WC_SHA3_384;
}
else
#endif
#ifndef WOLFSSL_NOSHA3_512
if (XSTRCMP(type, "SHA3_512") == 0) {
*hashType = WC_SHA3_512;
}
else
#endif
#endif
#ifdef WOLFSSL_SM3
if (XSTRCMP(type, "SM3") == 0) {
*hashType = WC_SM3;
}
else
#endif
#ifndef NO_MD5
if (XSTRCMP(type, "MD5") == 0) {
*hashType = WC_MD5;
}
else
#endif
{
ret = BAD_FUNC_ARG;
}
return ret;
}
/* Initialize an EVP_DigestSign/Verify operation.
* Initialize a digest for RSA and ECC keys, or HMAC for HMAC key.
*/
@ -4129,85 +4209,28 @@ static int wolfSSL_evp_digest_pk_init(WOLFSSL_EVP_MD_CTX *ctx,
return WOLFSSL_FAILURE;
}
type = wolfSSL_EVP_get_digestbynid(default_digest);
if (!type) {
if (type == NULL) {
return BAD_FUNC_ARG;
}
}
if (pkey->type == EVP_PKEY_HMAC) {
int hashType;
#ifndef NO_SHA256
if (XSTRCMP(type, "SHA256") == 0) {
hashType = WC_SHA256;
} else
#endif
#ifndef NO_SHA
if ((XSTRCMP(type, "SHA") == 0) || (XSTRCMP(type, "SHA1") == 0)) {
hashType = WC_SHA;
} else
#endif /* NO_SHA */
#ifdef WOLFSSL_SHA224
if (XSTRCMP(type, "SHA224") == 0) {
hashType = WC_SHA224;
} else
#endif
#ifdef WOLFSSL_SHA384
if (XSTRCMP(type, "SHA384") == 0) {
hashType = WC_SHA384;
} else
#endif
#ifdef WOLFSSL_SHA512
if (XSTRCMP(type, "SHA512") == 0) {
hashType = WC_SHA512;
} else
#endif
#ifdef WOLFSSL_SHA3
#ifndef WOLFSSL_NOSHA3_224
if (XSTRCMP(type, "SHA3_224") == 0) {
hashType = WC_SHA3_224;
} else
#endif
#ifndef WOLFSSL_NOSHA3_256
if (XSTRCMP(type, "SHA3_256") == 0) {
hashType = WC_SHA3_256;
} else
#endif
#ifndef WOLFSSL_NOSHA3_384
if (XSTRCMP(type, "SHA3_384") == 0) {
hashType = WC_SHA3_384;
} else
#endif
#ifndef WOLFSSL_NOSHA3_512
if (XSTRCMP(type, "SHA3_512") == 0) {
hashType = WC_SHA3_512;
} else
#endif
#endif
#ifdef WOLFSSL_SM3
if (XSTRCMP(type, "SM3") == 0) {
hashType = WC_SM3;
} else
#endif
#ifndef NO_MD5
if (XSTRCMP(type, "MD5") == 0) {
hashType = WC_MD5;
} else
#endif
return BAD_FUNC_ARG;
{
int ret;
size_t keySz = 0;
const unsigned char* key;
key = wolfSSL_EVP_PKEY_get0_hmac(pkey, &keySz);
ret = wolfssl_evp_md_to_hash_type(type, &hashType);
if (ret != 0) {
return ret;
}
key = wolfSSL_EVP_PKEY_get0_hmac(pkey, &keySz);
if (wc_HmacInit(&ctx->hash.hmac, NULL, INVALID_DEVID) != 0)
return WOLFSSL_FAILURE;
if (wc_HmacSetKey(&ctx->hash.hmac, hashType, key, (word32)keySz) != 0)
return WOLFSSL_FAILURE;
}
ctx->isHMAC = 1;
}

2
wolfcrypt/test/test.c
View File

@ -15369,7 +15369,7 @@ static void initDefaultName(void)
WOLFSSL_SMALL_STACK_STATIC const char certKeyUsage[] =
"digitalSignature,nonRepudiation";
#endif
#if defined(WOLFSSL_CERT_REQ) && !defined(NO_RSA)
#if defined(WOLFSSL_CERT_REQ) && !defined(NO_RSA) && !defined(NO_ASN_TIME)
WOLFSSL_SMALL_STACK_STATIC const char certKeyUsage2[] =
"digitalSignature,nonRepudiation,keyEncipherment,keyAgreement";
#endif