diff --git a/src/ssl.c b/src/ssl.c index 20f403fd0..cd8ae2cb1 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -29478,20 +29478,25 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) #endif /* HAVE_ECC */ /* oidBlkType */ + #ifdef WOLFSSL_AES_128 case AES128CBCb: sName = "AES-128-CBC"; type = oidBlkType; break; - + #endif + #ifdef WOLFSSL_AES_192 case AES192CBCb: sName = "AES-192-CBC"; type = oidBlkType; break; + #endif + #ifdef WOLFSSL_AES_256 case AES256CBCb: sName = "AES-256-CBC"; type = oidBlkType; break; + #endif #ifndef NO_DES3 case NID_des: @@ -29650,20 +29655,26 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) break; /* oidKeyWrapType */ + #ifdef WOLFSSL_AES_128 case AES128_WRAP: sName = "AES-128 wrap"; type = oidKeyWrapType; break; + #endif + #ifdef WOLFSSL_AES_192 case AES192_WRAP: sName = "AES-192 wrap"; type = oidKeyWrapType; break; + #endif + #ifdef WOLFSSL_AES_256 case AES256_WRAP: sName = "AES-256 wrap"; type = oidKeyWrapType; break; + #endif /* oidCmsKeyAgreeType */ #ifndef NO_SHA @@ -30125,16 +30136,24 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) /* oidBlkType */ case oidBlkType: switch (oid) { + #ifdef WOLFSSL_AES_128 case AES128CBCb: return AES128CBCb; + #endif + #ifdef WOLFSSL_AES_192 case AES192CBCb: return AES192CBCb; + #endif + #ifdef WOLFSSL_AES_256 case AES256CBCb: return AES256CBCb; + #endif + #ifndef NO_DES3 case DESb: return NID_des; case DES3b: return NID_des3; + #endif } break; @@ -30238,12 +30257,18 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) /* oidKeyWrapType */ case oidKeyWrapType: switch (oid) { + #ifdef WOLFSSL_AES_128 case AES128_WRAP: return AES128_WRAP; + #endif + #ifdef WOLFSSL_AES_192 case AES192_WRAP: return AES192_WRAP; + #endif + #ifdef WOLFSSL_AES_256 case AES256_WRAP: return AES256_WRAP; + #endif } break; diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 26756b692..be1861dc0 100755 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -2431,16 +2431,21 @@ static int CheckAlgo(int first, int second, int* id, int* version) < 0 on error */ static int CheckAlgoV2(int oid, int* id) { + (void)id; /* not used if AES and DES3 disabled */ switch (oid) { +#ifndef NO_DES3 case DESb: *id = PBE_SHA1_DES; return 0; case DES3b: *id = PBE_SHA1_DES3; return 0; +#endif +#ifdef WOLFSSL_AES_256 case AES256CBCb: *id = PBE_AES256_CBC; return 0; +#endif default: return ALGO_ID_E; diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 2a4335b33..fd8f67b44 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -157,9 +157,15 @@ static int wc_PKCS7_GetOIDBlockSize(int oid) switch (oid) { #ifndef NO_AES + #ifdef WOLFSSL_AES_128 case AES128CBCb: + #endif + #ifdef WOLFSSL_AES_192 case AES192CBCb: + #endif + #ifdef WOLFSSL_AES_256 case AES256CBCb: + #endif blockSz = AES_BLOCK_SIZE; break; #endif @@ -185,20 +191,24 @@ static int wc_PKCS7_GetOIDKeySize(int oid) switch (oid) { #ifndef NO_AES + #ifdef WOLFSSL_AES_128 case AES128CBCb: case AES128_WRAP: blockKeySz = 16; break; - + #endif + #ifdef WOLFSSL_AES_192 case AES192CBCb: case AES192_WRAP: blockKeySz = 24; break; - + #endif + #ifdef WOLFSSL_AES_256 case AES256CBCb: case AES256_WRAP: blockKeySz = 32; break; + #endif #endif #ifndef NO_DES3 case DESb: @@ -727,53 +737,68 @@ static int wc_PKCS7_SignedDataGetEncAlgoId(PKCS7* pkcs7, int* digEncAlgoId, algoType = oidSigType; switch (pkcs7->hashOID) { + #ifndef NO_SHA case SHAh: algoId = CTC_SHAwRSA; break; - + #endif + #ifdef WOLFSSL_SHA224 case SHA224h: algoId = CTC_SHA224wRSA; break; - + #endif + #ifndef NO_SHA256 case SHA256h: algoId = CTC_SHA256wRSA; break; - + #endif + #ifdef WOLFSSL_SHA384 case SHA384h: algoId = CTC_SHA384wRSA; break; - + #endif + #ifdef WOLFSSL_SHA512 case SHA512h: algoId = CTC_SHA512wRSA; break; + #endif } - } else if (pkcs7->publicKeyOID == ECDSAk) { + } +#ifdef HAVE_ECC + else if (pkcs7->publicKeyOID == ECDSAk) { algoType = oidSigType; switch (pkcs7->hashOID) { + #ifndef NO_SHA case SHAh: algoId = CTC_SHAwECDSA; break; - + #endif + #ifdef WOLFSSL_SHA224 case SHA224h: algoId = CTC_SHA224wECDSA; break; - + #endif + #ifndef NO_SHA256 case SHA256h: algoId = CTC_SHA256wECDSA; break; - + #endif + #ifdef WOLFSSL_SHA384 case SHA384h: algoId = CTC_SHA384wECDSA; break; - + #endif + #ifdef WOLFSSL_SHA512 case SHA512h: algoId = CTC_SHA512wECDSA; break; + #endif } } +#endif /* HAVE_ECC */ if (algoId == 0) { WOLFSSL_MSG("Invalid signature algorithm type"); @@ -2165,9 +2190,15 @@ static int wc_PKCS7_KariKeyWrap(byte* cek, word32 cekSz, byte* kek, switch (keyWrapAlgo) { #ifndef NO_AES + #ifdef WOLFSSL_AES_128 case AES128_WRAP: + #endif + #ifdef WOLFSSL_AES_192 case AES192_WRAP: + #endif + #ifdef WOLFSSL_AES_256 case AES256_WRAP: + #endif if (direction == AES_ENCRYPTION) { @@ -2669,9 +2700,15 @@ static int wc_CreateKeyAgreeRecipientInfo(PKCS7* pkcs7, const byte* cert, /* set direction based on keyWrapAlgo */ switch (keyWrapAlgo) { #ifndef NO_AES + #ifdef WOLFSSL_AES_128 case AES128_WRAP: + #endif + #ifdef WOLFSSL_AES_192 case AES192_WRAP: + #endif + #ifdef WOLFSSL_AES_256 case AES256_WRAP: + #endif direction = AES_ENCRYPTION; break; #endif @@ -3104,13 +3141,26 @@ static int wc_PKCS7_EncryptContent(int encryptOID, byte* key, int keySz, switch (encryptOID) { #ifndef NO_AES + #ifdef WOLFSSL_AES_128 case AES128CBCb: + #endif + #ifdef WOLFSSL_AES_192 case AES192CBCb: + #endif + #ifdef WOLFSSL_AES_256 case AES256CBCb: - if ( (encryptOID == AES128CBCb && keySz != 16 ) || - (encryptOID == AES192CBCb && keySz != 24 ) || - (encryptOID == AES256CBCb && keySz != 32 ) || - (ivSz != AES_BLOCK_SIZE) ) + #endif + if ( + #ifdef WOLFSSL_AES_128 + (encryptOID == AES128CBCb && keySz != 16 ) || + #endif + #ifdef WOLFSSL_AES_192 + (encryptOID == AES192CBCb && keySz != 24 ) || + #endif + #ifdef WOLFSSL_AES_256 + (encryptOID == AES256CBCb && keySz != 32 ) || + #endif + (ivSz != AES_BLOCK_SIZE) ) return BAD_FUNC_ARG; ret = wc_AesSetKey(&aes, key, keySz, iv, AES_ENCRYPTION); @@ -3168,13 +3218,26 @@ static int wc_PKCS7_DecryptContent(int encryptOID, byte* key, int keySz, switch (encryptOID) { #ifndef NO_AES + #ifdef WOLFSSL_AES_128 case AES128CBCb: + #endif + #ifdef WOLFSSL_AES_192 case AES192CBCb: + #endif + #ifdef WOLFSSL_AES_256 case AES256CBCb: - if ( (encryptOID == AES128CBCb && keySz != 16 ) || - (encryptOID == AES192CBCb && keySz != 24 ) || - (encryptOID == AES256CBCb && keySz != 32 ) || - (ivSz != AES_BLOCK_SIZE) ) + #endif + if ( + #ifdef WOLFSSL_AES_128 + (encryptOID == AES128CBCb && keySz != 16 ) || + #endif + #ifdef WOLFSSL_AES_192 + (encryptOID == AES192CBCb && keySz != 24 ) || + #endif + #ifdef WOLFSSL_AES_256 + (encryptOID == AES256CBCb && keySz != 32 ) || + #endif + (ivSz != AES_BLOCK_SIZE) ) return BAD_FUNC_ARG; ret = wc_AesSetKey(&aes, key, keySz, iv, AES_DECRYPTION); @@ -4172,9 +4235,15 @@ static int wc_PKCS7_DecodeKari(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz, /* set direction based on key wrap algorithm */ switch (keyWrapOID) { #ifndef NO_AES + #ifdef WOLFSSL_AES_128 case AES128_WRAP: + #endif + #ifdef WOLFSSL_AES_192 case AES192_WRAP: + #endif + #ifdef WOLFSSL_AES_256 case AES256_WRAP: + #endif direction = AES_DECRYPTION; break; #endif @@ -4402,8 +4471,11 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg, return ASN_PARSE_E; /* TODO :: make this more accurate */ - if ((pkcs7->publicKeyOID == RSAk && version != 0) || - (pkcs7->publicKeyOID == ECDSAk && version != 2)) { + if ((pkcs7->publicKeyOID == RSAk && version != 0) + #ifdef HAVE_ECC + || (pkcs7->publicKeyOID == ECDSAk && version != 2) + #endif + ) { WOLFSSL_MSG("PKCS#7 envelopedData needs to be of version 0"); return ASN_VERSION_E; } diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index fcbb2f221..908503449 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -263,13 +263,23 @@ enum Hash_Sum { }; +#if !defined(NO_DES3) || !defined(NO_AES) enum Block_Sum { +#ifdef WOLFSSL_AES_128 AES128CBCb = 414, +#endif +#ifdef WOLFSSL_AES_192 AES192CBCb = 434, +#endif +#ifdef WOLFSSL_AES_256 AES256CBCb = 454, +#endif +#ifndef NO_DES3 DESb = 69, DES3b = 652 +#endif }; +#endif /* !NO_DES3 || !NO_AES */ enum Key_Sum { @@ -281,12 +291,19 @@ enum Key_Sum { }; +#ifndef NO_AES enum KeyWrap_Sum { +#ifdef WOLFSSL_AES_128 AES128_WRAP = 417, +#endif +#ifdef WOLFSSL_AES_192 AES192_WRAP = 437, +#endif +#ifdef WOLFSSL_AES_256 AES256_WRAP = 457 +#endif }; - +#endif /* !NO_AES */ enum Key_Agree { dhSinglePass_stdDH_sha1kdf_scheme = 464,