feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #5018 from haydenroche5/libspdm

Browse Source 
Make changes to compatibility layer to support libspdm.
This commit is contained in:
Sean Parkinson
2022-04-26 09:55:22 +10:00
committed by GitHub
parent d362b6dd08 0ef7435580
commit 8737d46bb1
14 changed files with 1045 additions and 104 deletions
Download Patch File Download Diff File Expand all files Collapse all files

253
src/ssl.c
View File

@@ -24582,6 +24582,43 @@ int wolfSSL_ASN1_TIME_diff(int *days, int *secs, const WOLFSSL_ASN1_TIME *from,
return WOLFSSL_SUCCESS; return WOLFSSL_SUCCESS;
} }
int wolfSSL_ASN1_TIME_compare(const WOLFSSL_ASN1_TIME *a,
const WOLFSSL_ASN1_TIME *b)
{
int ret;
int days;
int secs;
WOLFSSL_ENTER("wolfSSL_ASN1_TIME_compare");
if (wolfSSL_ASN1_TIME_diff(&days, &secs, a, b) != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("Failed to get time difference.");
ret = -2;
}
else {
if (days == 0 && secs == 0) {
/* a and b are the same time. */
ret = 0;
}
else if (days >= 0 && secs >= 0) {
/* a is before b. */
ret = -1;
}
else if (days <= 0 && secs <= 0) {
/* a is after b. */
ret = 1;
}
else {
WOLFSSL_MSG("Incoherent time difference.");
ret = -2;
}
}
WOLFSSL_LEAVE("wolfSSL_ASN1_TIME_compare", ret);
return ret;
}
#endif /* !NO_ASN_TIME */ #endif /* !NO_ASN_TIME */
#ifndef NO_WOLFSSL_STUB #ifndef NO_WOLFSSL_STUB
@@ -26414,6 +26451,152 @@ WOLFSSL_DH* wolfSSL_DH_new(void)
return external; return external;
} }
WOLFSSL_DH* wolSSL_DH_new_by_nid(int nid)
{
WOLFSSL_DH* dh;
int err = 0;
#if defined(HAVE_PUBLIC_FFDHE) || (defined(HAVE_FIPS) && FIPS_VERSION_EQ(2,0))
const DhParams* params = NULL;
WOLFSSL_BIGNUM* pBn = NULL;
WOLFSSL_BIGNUM* gBn = NULL;
WOLFSSL_BIGNUM* qBn = NULL;
#elif !defined(HAVE_PUBLIC_FFDHE) && (!defined(HAVE_FIPS) || \
FIPS_VERSION_GT(2,0))
int name = 0;
#ifdef HAVE_FFDHE_Q
int elements = ELEMENT_P | ELEMENT_G | ELEMENT_Q;
#else
int elements = ELEMENT_P | ELEMENT_G;
#endif /* HAVE_FFDHE_Q */
#endif /* HAVE_PUBLIC_FFDHE || (HAVE_FIPS && HAVE_FIPS_VERSION == 2) */
WOLFSSL_ENTER("wolfSSL_DH_new_by_nid");
dh = wolfSSL_DH_new();
if (dh == NULL) {
WOLFSSL_MSG("Failed to create WOLFSSL_DH.");
err = 1;
}
/* HAVE_PUBLIC_FFDHE not required to expose wc_Dh_ffdhe* functions in FIPS v2
* module */
#if defined(HAVE_PUBLIC_FFDHE) || (defined(HAVE_FIPS) && FIPS_VERSION_EQ(2,0))
if (err == 0) {
switch (nid) {
#ifdef HAVE_FFDHE_2048
case NID_ffdhe2048:
params = wc_Dh_ffdhe2048_Get();
break;
#endif /* HAVE_FFDHE_2048 */
#ifdef HAVE_FFDHE_3072
case NID_ffdhe3072:
params = wc_Dh_ffdhe3072_Get();
break;
#endif /* HAVE_FFDHE_3072 */
#ifdef HAVE_FFDHE_4096
case NID_ffdhe4096:
params = wc_Dh_ffdhe4096_Get();
break;
#endif /* HAVE_FFDHE_4096 */
default:
break;
}
}
if (err == 0 && params == NULL) {
WOLFSSL_MSG("Unable to find DH params for nid.");
err = 1;
}
if (err == 0) {
pBn = wolfSSL_BN_bin2bn(params->p, params->p_len, NULL);
if (pBn == NULL) {
WOLFSSL_MSG("Error converting p hex to WOLFSSL_BIGNUM.");
err = 1;
}
}
if (err == 0) {
gBn = wolfSSL_BN_bin2bn(params->g, params->g_len, NULL);
if (gBn == NULL) {
WOLFSSL_MSG("Error converting g hex to WOLFSSL_BIGNUM.");
err = 1;
}
}
#ifdef HAVE_FFDHE_Q
if (err == 0) {
qBn = wolfSSL_BN_bin2bn(params->q, params->q_len, NULL);
if (qBn == NULL) {
WOLFSSL_MSG("Error converting q hex to WOLFSSL_BIGNUM.");
err = 1;
}
}
#endif
#if defined(OPENSSL_ALL) || defined(OPENSSL_VERSION_NUMBER) && \
OPENSSL_VERSION_NUMBER >= 0x10100000L
if (err == 0 && wolfSSL_DH_set0_pqg(dh, pBn, qBn, gBn) != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("Failed to set DH params.");
err = 1;
}
#else
dh->p = pBn;
dh->q = qBn;
dh->g = gBn;
if (err == 0 && SetDhInternal(dh) != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("Failed to set internal DH params.");
err = 1;
}
#endif /* OPENSSL_ALL || OPENSSL_VERSION_NUMBER >= 0x10100000L */
if (err == 1) {
wolfSSL_BN_free(pBn);
wolfSSL_BN_free(gBn);
wolfSSL_BN_free(qBn);
}
/* FIPS v2 and lower doesn't support wc_DhSetNamedKey. */
#elif !defined(HAVE_PUBLIC_FFDHE) && (!defined(HAVE_FIPS) || \
FIPS_VERSION_GT(2,0))
if (err == 0) {
switch (nid) {
#ifdef HAVE_FFDHE_2048
case NID_ffdhe2048:
name = WC_FFDHE_2048;
break;
#endif /* HAVE_FFDHE_2048 */
#ifdef HAVE_FFDHE_3072
case NID_ffdhe3072:
name = WC_FFDHE_3072;
break;
#endif /* HAVE_FFDHE_3072 */
#ifdef HAVE_FFDHE_4096
case NID_ffdhe4096:
name = WC_FFDHE_4096;
break;
#endif /* HAVE_FFDHE_4096 */
default:
err = 1;
WOLFSSL_MSG("Unable to find DH params for nid.");
break;
}
}
if (err == 0 && wc_DhSetNamedKey((DhKey*)dh->internal, name) != 0) {
WOLFSSL_MSG("wc_DhSetNamedKey failed.");
err = 1;
}
if (err == 0 && SetDhExternal_ex(dh, elements) != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("Failed to set external DH params.");
err = 1;
}
#else
/* Unsupported configuration. */
err = 1;
#endif /* HAVE_PUBLIC_FFDHE || (HAVE_FIPS && HAVE_FIPS_VERSION == 2) */
if (err == 1 && dh != NULL) {
wolfSSL_DH_free(dh);
dh = NULL;
}
return dh;
}
void wolfSSL_DH_free(WOLFSSL_DH* dh) void wolfSSL_DH_free(WOLFSSL_DH* dh)
{ {
int doFree = 0; int doFree = 0;
@@ -35190,9 +35373,9 @@ int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *EM,
goto cleanup; goto cleanup;
} }
hashType = wolfSSL_EVP_md2macType(hashAlg); hashType = EvpMd2MacType(hashAlg);
if (hashType > WC_HASH_TYPE_MAX) { if (hashType > WC_HASH_TYPE_MAX) {
WOLFSSL_MSG("wolfSSL_EVP_md2macType error"); WOLFSSL_MSG("EvpMd2MacType error");
goto cleanup; goto cleanup;
} }
@@ -35297,9 +35480,9 @@ int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash,
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
} }
hashType = wolfSSL_EVP_md2macType(hashAlg); hashType = EvpMd2MacType(hashAlg);
if (hashType > WC_HASH_TYPE_MAX) { if (hashType > WC_HASH_TYPE_MAX) {
WOLFSSL_MSG("wolfSSL_EVP_md2macType error"); WOLFSSL_MSG("EvpMd2MacType error");
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
} }
@@ -37500,6 +37683,58 @@ int wolfSSL_ASN1_STRING_canon(WOLFSSL_ASN1_STRING* asn_out,
} }
#endif #endif
size_t wolfSSL_OBJ_length(const WOLFSSL_ASN1_OBJECT* o)
{
size_t ret = 0;
int err = 0;
word32 idx = 0;
int len = 0;
WOLFSSL_ENTER("wolfSSL_OBJ_length");
if (o == NULL || o->obj == NULL) {
WOLFSSL_MSG("Bad argument.");
err = 1;
}
if (err == 0 && GetASNObjectId(o->obj, &idx, &len, o->objSz)) {
WOLFSSL_MSG("Error parsing ASN.1 header.");
err = 1;
}
if (err == 0) {
ret = len;
}
WOLFSSL_LEAVE("wolfSSL_OBJ_length", ret);
return ret;
}
const unsigned char* wolfSSL_OBJ_get0_data(const WOLFSSL_ASN1_OBJECT* o)
{
const unsigned char* ret = NULL;
int err = 0;
word32 idx = 0;
int len = 0;
WOLFSSL_ENTER("wolfSSL_OBJ_get0_data");
if (o == NULL || o->obj == NULL) {
WOLFSSL_MSG("Bad argument.");
err = 1;
}
if (err == 0 && GetASNObjectId(o->obj, &idx, &len, o->objSz)) {
WOLFSSL_MSG("Error parsing ASN.1 header.");
err = 1;
}
if (err == 0) {
ret = o->obj + idx;
}
return ret;
}
/* Gets the NID value that corresponds with the ASN1 object. /* Gets the NID value that corresponds with the ASN1 object.
* *
@@ -47533,6 +47768,11 @@ int wolfSSL_RAND_poll(void)
WOLFSSL_MSG("ARC4"); WOLFSSL_MSG("ARC4");
break; break;
#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
case CHACHA20_POLY1305_TYPE:
break;
#endif
case NULL_CIPHER_TYPE : case NULL_CIPHER_TYPE :
WOLFSSL_MSG("NULL"); WOLFSSL_MSG("NULL");
break; break;
@@ -47617,6 +47857,11 @@ int wolfSSL_RAND_poll(void)
WOLFSSL_MSG("ARC4"); WOLFSSL_MSG("ARC4");
break; break;
#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
case CHACHA20_POLY1305_TYPE:
break;
#endif
case NULL_CIPHER_TYPE : case NULL_CIPHER_TYPE :
WOLFSSL_MSG("NULL"); WOLFSSL_MSG("NULL");
break; break;

248
tests/api.c
View File

@@ -305,6 +305,7 @@
#include <wolfssl/openssl/rand.h> #include <wolfssl/openssl/rand.h>
#include <wolfssl/openssl/modes.h> #include <wolfssl/openssl/modes.h>
#include <wolfssl/openssl/fips_rand.h> #include <wolfssl/openssl/fips_rand.h>
#include <wolfssl/openssl/kdf.h>
#ifdef OPENSSL_ALL #ifdef OPENSSL_ALL
#include <wolfssl/openssl/txt_db.h> #include <wolfssl/openssl/txt_db.h>
#include <wolfssl/openssl/lhash.h> #include <wolfssl/openssl/lhash.h>
@@ -30962,7 +30963,7 @@ static void test_wolfSSL_ASN1_UTCTIME_print(void)
#endif /* OPENSSL_EXTRA && !NO_ASN_TIME && !NO_BIO */ #endif /* OPENSSL_EXTRA && !NO_ASN_TIME && !NO_BIO */
} }
static void test_wolfSSL_ASN1_TIME_diff(void) static void test_wolfSSL_ASN1_TIME_diff_compare(void)
{ {
#if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) #if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME)
ASN1_TIME* fromTime; ASN1_TIME* fromTime;
@@ -30980,8 +30981,46 @@ static void test_wolfSSL_ASN1_TIME_diff(void)
AssertIntEQ(ASN1_TIME_set_string(toTime, "101219181011Z"), WOLFSSL_SUCCESS); AssertIntEQ(ASN1_TIME_set_string(toTime, "101219181011Z"), WOLFSSL_SUCCESS);
AssertIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, fromTime, toTime), WOLFSSL_SUCCESS); AssertIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, fromTime, toTime), WOLFSSL_SUCCESS);
/* Error conditions. */
AssertIntEQ(ASN1_TIME_diff(NULL, &secsDiff, fromTime, toTime),
WOLFSSL_FAILURE);
AssertIntEQ(ASN1_TIME_diff(&daysDiff, NULL, fromTime, toTime),
WOLFSSL_FAILURE);
/* If both times are NULL, difference is 0. */
AssertIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, NULL, NULL),
WOLFSSL_SUCCESS);
AssertIntEQ(daysDiff, 0);
AssertIntEQ(secsDiff, 0);
/* If one time is NULL, it defaults to the current time. */
AssertIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, NULL, toTime),
WOLFSSL_SUCCESS);
AssertIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, fromTime, NULL),
WOLFSSL_SUCCESS);
/* Normal operation. Both times non-NULL. */
AssertIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, fromTime, toTime),
WOLFSSL_SUCCESS);
AssertIntEQ(daysDiff, 2856); AssertIntEQ(daysDiff, 2856);
AssertIntEQ(secsDiff, 75296); AssertIntEQ(secsDiff, 75296);
/* Swapping the times should return negative values. */
AssertIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, toTime, fromTime),
WOLFSSL_SUCCESS);
AssertIntEQ(daysDiff, -2856);
AssertIntEQ(secsDiff, -75296);
AssertIntEQ(ASN1_TIME_compare(fromTime, toTime), -1);
AssertIntEQ(ASN1_TIME_compare(toTime, fromTime), 1);
AssertIntEQ(ASN1_TIME_compare(fromTime, fromTime), 0);
/* Compare regression test: No seconds difference, just difference in days.
*/
ASN1_TIME_set_string(fromTime, "19700101000000Z");
ASN1_TIME_set_string(toTime, "19800101000000Z");
AssertIntEQ(ASN1_TIME_compare(fromTime, toTime), -1);
AssertIntEQ(ASN1_TIME_compare(toTime, fromTime), 1);
AssertIntEQ(ASN1_TIME_compare(fromTime, fromTime), 0);
/* Edge case with Unix epoch. */ /* Edge case with Unix epoch. */
AssertNotNull(ASN1_TIME_set_string(fromTime, "19700101000000Z")); AssertNotNull(ASN1_TIME_set_string(fromTime, "19700101000000Z"));
@@ -46179,7 +46218,7 @@ static void test_wolfSSL_OCSP_resp_get0(void)
static void test_wolfSSL_EVP_PKEY_derive(void) static void test_wolfSSL_EVP_PKEY_derive(void)
{ {
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || defined(WOLFSSL_OPENSSH) #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || defined(WOLFSSL_OPENSSH)
#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) #if !defined(HAVE_FIPS) || FIPS_VERSION_GT(2, 0)
#if (!defined(NO_DH) && defined(WOLFSSL_DH_EXTRA)) || defined(HAVE_ECC) #if (!defined(NO_DH) && defined(WOLFSSL_DH_EXTRA)) || defined(HAVE_ECC)
EVP_PKEY_CTX *ctx; EVP_PKEY_CTX *ctx;
@@ -50150,6 +50189,188 @@ static void test_wolfssl_EVP_aes_gcm(void)
#endif /* OPENSSL_EXTRA && !NO_AES && HAVE_AESGCM */ #endif /* OPENSSL_EXTRA && !NO_AES && HAVE_AESGCM */
} }
static void test_wolfssl_EVP_chacha20_poly1305(void)
{
#if defined(OPENSSL_EXTRA) && defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
byte key[CHACHA20_POLY1305_AEAD_KEYSIZE];
byte iv [CHACHA20_POLY1305_AEAD_IV_SIZE];
byte plainText[] = {0xDE, 0xAD, 0xBE, 0xEF};
byte aad[] = {0xAA, 0XBB, 0xCC, 0xDD, 0xEE, 0xFF};
byte cipherText[sizeof(plainText)];
byte decryptedText[sizeof(plainText)];
byte tag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE];
EVP_CIPHER_CTX* ctx;
int outSz;
printf(testingFmt, "test_wolfssl_EVP_chacha20_poly1305");
/* Encrypt. */
AssertNotNull((ctx = EVP_CIPHER_CTX_new()));
AssertIntEQ(EVP_EncryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL, NULL,
NULL), WOLFSSL_SUCCESS);
/* Invalid IV length. */
AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN,
CHACHA20_POLY1305_AEAD_IV_SIZE-1, NULL), WOLFSSL_FAILURE);
/* Valid IV length. */
AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN,
CHACHA20_POLY1305_AEAD_IV_SIZE, NULL), WOLFSSL_SUCCESS);
/* Invalid tag length. */
AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE-1, NULL), WOLFSSL_FAILURE);
/* Valid tag length. */
AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE, NULL), WOLFSSL_SUCCESS);
AssertIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv), WOLFSSL_SUCCESS);
AssertIntEQ(EVP_EncryptUpdate(ctx, NULL, &outSz, aad, sizeof(aad)),
WOLFSSL_SUCCESS);
AssertIntEQ(EVP_EncryptUpdate(ctx, cipherText, &outSz, plainText,
sizeof(plainText)), WOLFSSL_SUCCESS);
AssertIntEQ(EVP_EncryptFinal_ex(ctx, cipherText, &outSz), WOLFSSL_SUCCESS);
/* Invalid tag length. */
AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE-1, tag), WOLFSSL_FAILURE);
/* Valid tag length. */
AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG,
CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE, tag), WOLFSSL_SUCCESS);
EVP_CIPHER_CTX_free(ctx);
/* Decrypt. */
AssertNotNull((ctx = EVP_CIPHER_CTX_new()));
AssertIntEQ(EVP_DecryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL, NULL,
NULL), WOLFSSL_SUCCESS);
AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN,
CHACHA20_POLY1305_AEAD_IV_SIZE, NULL), WOLFSSL_SUCCESS);
AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE, tag), WOLFSSL_SUCCESS);
AssertIntEQ(EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv), WOLFSSL_SUCCESS);
AssertIntEQ(EVP_DecryptUpdate(ctx, NULL, &outSz, aad, sizeof(aad)),
WOLFSSL_SUCCESS);
AssertIntEQ(EVP_DecryptUpdate(ctx, decryptedText, &outSz, cipherText,
sizeof(cipherText)), WOLFSSL_SUCCESS);
AssertIntEQ(EVP_DecryptFinal_ex(ctx, decryptedText, &outSz),
WOLFSSL_SUCCESS);
EVP_CIPHER_CTX_free(ctx);
printf(resultFmt, passed);
#endif
}
static void test_wolfSSL_EVP_PKEY_hkdf(void)
{
#if defined(OPENSSL_EXTRA) && defined(HAVE_HKDF) && (!defined(HAVE_FIPS) || \
FIPS_VERSION_GT(2,0))
EVP_PKEY_CTX* ctx;
byte salt[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F};
byte key[] = {0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F};
byte info[] = {0X01, 0x02, 0x03, 0x04, 0x05};
byte info2[] = {0X06, 0x07, 0x08, 0x09, 0x0A};
byte outKey[34];
size_t outKeySz = sizeof(outKey);
/* These expected outputs were gathered by running the same test below using
* OpenSSL. */
const byte extractAndExpand[] = {
0x8B, 0xEB, 0x90, 0xA9, 0x04, 0xFF, 0x05, 0x10, 0xE4, 0xB5, 0xB1, 0x10,
0x31, 0x34, 0xFF, 0x07, 0x5B, 0xE3, 0xC6, 0x93, 0xD4, 0xF8, 0xC7, 0xEE,
0x96, 0xDA, 0x78, 0x7A, 0xE2, 0x9A, 0x2D, 0x05, 0x4B, 0xF6
};
const byte extractOnly[] = {
0xE7, 0x6B, 0x9E, 0x0F, 0xE4, 0x02, 0x1D, 0x62, 0xEA, 0x97, 0x74, 0x5E,
0xF4, 0x3C, 0x65, 0x4D, 0xC1, 0x46, 0x98, 0xAA, 0x79, 0x9A, 0xCB, 0x9C,
0xCC, 0x3E, 0x7F, 0x2A, 0x2B, 0x41, 0xA1, 0x9E
};
const byte expandOnly[] = {
0xFF, 0x29, 0x29, 0x56, 0x9E, 0xA7, 0x66, 0x02, 0xDB, 0x4F, 0xDB, 0x53,
0x7D, 0x21, 0x67, 0x52, 0xC3, 0x0E, 0xF3, 0xFC, 0x71, 0xCE, 0x67, 0x2B,
0xEA, 0x3B, 0xE9, 0xFC, 0xDD, 0xC8, 0xCC, 0xB7, 0x42, 0x74
};
const byte extractAndExpandAddInfo[] = {
0x5A, 0x74, 0x79, 0x83, 0xA3, 0xA4, 0x2E, 0xB7, 0xD4, 0x08, 0xC2, 0x6A,
0x2F, 0xA5, 0xE3, 0x4E, 0xF1, 0xF4, 0x87, 0x3E, 0xA6, 0xC7, 0x88, 0x45,
0xD7, 0xE2, 0x15, 0xBC, 0xB8, 0x10, 0xEF, 0x6C, 0x4D, 0x7A
};
printf(testingFmt, "test_wolfSSL_EVP_PKEY_hkdf");
AssertNotNull((ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL)));
AssertIntEQ(EVP_PKEY_derive_init(ctx), WOLFSSL_SUCCESS);
/* NULL ctx. */
AssertIntEQ(EVP_PKEY_CTX_set_hkdf_md(NULL, EVP_sha256()), WOLFSSL_FAILURE);
/* NULL md. */
AssertIntEQ(EVP_PKEY_CTX_set_hkdf_md(ctx, NULL), WOLFSSL_FAILURE);
AssertIntEQ(EVP_PKEY_CTX_set_hkdf_md(ctx, EVP_sha256()), WOLFSSL_SUCCESS);
/* NULL ctx. */
AssertIntEQ(EVP_PKEY_CTX_set1_hkdf_salt(NULL, salt, sizeof(salt)),
WOLFSSL_FAILURE);
/* NULL salt is ok. */
AssertIntEQ(EVP_PKEY_CTX_set1_hkdf_salt(ctx, NULL, sizeof(salt)),
WOLFSSL_SUCCESS);
/* Salt length <= 0. */
/* Length 0 salt is ok. */
AssertIntEQ(EVP_PKEY_CTX_set1_hkdf_salt(ctx, salt, 0), WOLFSSL_SUCCESS);
AssertIntEQ(EVP_PKEY_CTX_set1_hkdf_salt(ctx, salt, -1), WOLFSSL_FAILURE);
AssertIntEQ(EVP_PKEY_CTX_set1_hkdf_salt(ctx, salt, sizeof(salt)),
WOLFSSL_SUCCESS);
/* NULL ctx. */
AssertIntEQ(EVP_PKEY_CTX_set1_hkdf_key(NULL, key, sizeof(key)),
WOLFSSL_FAILURE);
/* NULL key. */
AssertIntEQ(EVP_PKEY_CTX_set1_hkdf_key(ctx, NULL, sizeof(key)),
WOLFSSL_FAILURE);
/* Key length <= 0 */
AssertIntEQ(EVP_PKEY_CTX_set1_hkdf_key(ctx, key, 0), WOLFSSL_FAILURE);
AssertIntEQ(EVP_PKEY_CTX_set1_hkdf_key(ctx, key, -1), WOLFSSL_FAILURE);
AssertIntEQ(EVP_PKEY_CTX_set1_hkdf_key(ctx, key, sizeof(key)),
WOLFSSL_SUCCESS);
/* NULL ctx. */
AssertIntEQ(EVP_PKEY_CTX_add1_hkdf_info(NULL, info, sizeof(info)),
WOLFSSL_FAILURE);
/* NULL info is ok. */
AssertIntEQ(EVP_PKEY_CTX_add1_hkdf_info(ctx, NULL, sizeof(info)),
WOLFSSL_SUCCESS);
/* Info length <= 0 */
/* Length 0 info is ok. */
AssertIntEQ(EVP_PKEY_CTX_add1_hkdf_info(ctx, info, 0), WOLFSSL_SUCCESS);
AssertIntEQ(EVP_PKEY_CTX_add1_hkdf_info(ctx, info, -1), WOLFSSL_FAILURE);
AssertIntEQ(EVP_PKEY_CTX_add1_hkdf_info(ctx, info, sizeof(info)),
WOLFSSL_SUCCESS);
/* NULL ctx. */
AssertIntEQ(EVP_PKEY_CTX_hkdf_mode(NULL, EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY),
WOLFSSL_FAILURE);
/* Extract and expand (default). */
AssertIntEQ(EVP_PKEY_derive(ctx, outKey, &outKeySz), WOLFSSL_SUCCESS);
AssertIntEQ(outKeySz, sizeof(extractAndExpand));
AssertIntEQ(XMEMCMP(outKey, extractAndExpand, outKeySz), 0);
/* Extract only. */
AssertIntEQ(EVP_PKEY_CTX_hkdf_mode(ctx, EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY),
WOLFSSL_SUCCESS);
AssertIntEQ(EVP_PKEY_derive(ctx, outKey, &outKeySz), WOLFSSL_SUCCESS);
AssertIntEQ(outKeySz, sizeof(extractOnly));
AssertIntEQ(XMEMCMP(outKey, extractOnly, outKeySz), 0);
outKeySz = sizeof(outKey);
/* Expand only. */
AssertIntEQ(EVP_PKEY_CTX_hkdf_mode(ctx, EVP_PKEY_HKDEF_MODE_EXPAND_ONLY),
WOLFSSL_SUCCESS);
AssertIntEQ(EVP_PKEY_derive(ctx, outKey, &outKeySz), WOLFSSL_SUCCESS);
AssertIntEQ(outKeySz, sizeof(expandOnly));
AssertIntEQ(XMEMCMP(outKey, expandOnly, outKeySz), 0);
outKeySz = sizeof(outKey);
/* Extract and expand with appended additional info. */
AssertIntEQ(EVP_PKEY_CTX_add1_hkdf_info(ctx, info2, sizeof(info2)),
WOLFSSL_SUCCESS);
AssertIntEQ(EVP_PKEY_CTX_hkdf_mode(ctx,
EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND), WOLFSSL_SUCCESS);
AssertIntEQ(EVP_PKEY_derive(ctx, outKey, &outKeySz), WOLFSSL_SUCCESS);
AssertIntEQ(outKeySz, sizeof(extractAndExpandAddInfo));
AssertIntEQ(XMEMCMP(outKey, extractAndExpandAddInfo, outKeySz), 0);
EVP_PKEY_CTX_free(ctx);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && HAVE_HKDF && (!HAVE_FIPS || HAVE_FIPS_VERSION > 2) */
}
#ifndef NO_BIO #ifndef NO_BIO
static void test_wolfSSL_PEM_X509_INFO_read_bio(void) static void test_wolfSSL_PEM_X509_INFO_read_bio(void)
{ {
@@ -52597,6 +52818,25 @@ static void test_wolfSSL_DH(void)
DH_free(dh); /* decrease ref count */ DH_free(dh); /* decrease ref count */
DH_free(dh); /* free WOLFSSL_DH */ DH_free(dh); /* free WOLFSSL_DH */
#if (defined(HAVE_PUBLIC_FFDHE) || (defined(HAVE_FIPS) && \
FIPS_VERSION_EQ(2,0))) || (!defined(HAVE_PUBLIC_FFDHE) && \
(!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)))
#ifdef HAVE_FFDHE_2048
AssertNotNull((dh = DH_new_by_nid(NID_ffdhe2048)));
DH_free(dh);
#endif
#ifdef HAVE_FFDHE_3072
AssertNotNull((dh = DH_new_by_nid(NID_ffdhe3072)));
DH_free(dh);
#endif
#ifdef HAVE_FFDHE_4096
AssertNotNull((dh = DH_new_by_nid(NID_ffdhe4096)));
DH_free(dh);
#endif
#else
AssertNull((dh = DH_new_by_nid(NID_ffdhe2048)));
#endif /* (HAVE_PUBLIC_FFDHE || (HAVE_FIPS && HAVE_FIPS_VERSION == 2)) ||
* (!HAVE_PUBLIC_FFDHE && (!HAVE_FIPS || HAVE_FIPS_VERSION > 2))*/
printf(resultFmt, passed); printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && !NO_DH */ #endif /* OPENSSL_EXTRA && !NO_DH */
} }
@@ -53707,7 +53947,7 @@ void ApiTest(void)
test_wolfSSL_X509_check_private_key(); test_wolfSSL_X509_check_private_key();
test_wolfSSL_ASN1_TIME_print(); test_wolfSSL_ASN1_TIME_print();
test_wolfSSL_ASN1_UTCTIME_print(); test_wolfSSL_ASN1_UTCTIME_print();
test_wolfSSL_ASN1_TIME_diff(); test_wolfSSL_ASN1_TIME_diff_compare();
test_wolfSSL_ASN1_GENERALIZEDTIME_free(); test_wolfSSL_ASN1_GENERALIZEDTIME_free();
test_wolfSSL_private_keys(); test_wolfSSL_private_keys();
test_wolfSSL_PEM_read_PrivateKey(); test_wolfSSL_PEM_read_PrivateKey();
@@ -53914,6 +54154,8 @@ void ApiTest(void)
test_wolfSSL_CRYPTO_cts128(); test_wolfSSL_CRYPTO_cts128();
test_wolfssl_EVP_aes_gcm_AAD_2_parts(); test_wolfssl_EVP_aes_gcm_AAD_2_parts();
test_wolfssl_EVP_aes_gcm(); test_wolfssl_EVP_aes_gcm();
test_wolfssl_EVP_chacha20_poly1305();
test_wolfSSL_EVP_PKEY_hkdf();
test_wolfSSL_PKEY_up_ref(); test_wolfSSL_PKEY_up_ref();
test_wolfSSL_EVP_Cipher_extra(); test_wolfSSL_EVP_Cipher_extra();
test_wolfSSL_d2i_and_i2d_PublicKey(); test_wolfSSL_d2i_and_i2d_PublicKey();

4
wolfcrypt/src/asn.c
View File

@@ -2035,7 +2035,7 @@ static int GetASN_BitString_Int16Bit(ASNGetData* dataASN, word16* val)
* On out, end of parsed length. * On out, end of parsed length.
* @param [out] len Length value decoded. * @param [out] len Length value decoded.
* @param [in] maxIdx Maximum index of input data. * @param [in] maxIdx Maximum index of input data.
* @return 0 on success. * @return Length on success.
* @return ASN_PARSE_E if the encoding is invalid. * @return ASN_PARSE_E if the encoding is invalid.
* @return BUFFER_E when not enough data to complete decode. * @return BUFFER_E when not enough data to complete decode.
*/ */
@@ -2060,7 +2060,7 @@ int GetLength(const byte* input, word32* inOutIdx, int* len, word32 maxIdx)
* @param [in] maxIdx Maximum index of input data. * @param [in] maxIdx Maximum index of input data.
* @param [in] check Whether to check the buffer has at least the * @param [in] check Whether to check the buffer has at least the
* decoded length of bytes remaining. * decoded length of bytes remaining.
* @return 0 on success. * @return Length on success.
* @return ASN_PARSE_E if the encoding is invalid. * @return ASN_PARSE_E if the encoding is invalid.
* @return BUFFER_E when not enough data to complete decode. * @return BUFFER_E when not enough data to complete decode.
*/ */

417
wolfcrypt/src/evp.c
View File

@@ -44,6 +44,7 @@
#include <wolfssl/openssl/ecdsa.h> #include <wolfssl/openssl/ecdsa.h>
#include <wolfssl/openssl/evp.h> #include <wolfssl/openssl/evp.h>
#include <wolfssl/openssl/kdf.h>
#include <wolfssl/wolfcrypt/integer.h> #include <wolfssl/wolfcrypt/integer.h>
#ifndef NO_AES #ifndef NO_AES
@@ -161,6 +162,10 @@
static const char EVP_ARC4[] = "ARC4"; static const char EVP_ARC4[] = "ARC4";
#endif #endif
#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
static const char EVP_CHACHA20_POLY1305[] = "CHACHA20-POLY1305";
#endif
static const char EVP_NULL[] = "NULL"; static const char EVP_NULL[] = "NULL";
#define EVP_CIPHER_TYPE_MATCHES(x, y) (XSTRCMP(x,y) == 0) #define EVP_CIPHER_TYPE_MATCHES(x, y) (XSTRCMP(x,y) == 0)
@@ -170,6 +175,7 @@ static const char EVP_NULL[] = "NULL";
static unsigned int cipherType(const WOLFSSL_EVP_CIPHER *cipher); static unsigned int cipherType(const WOLFSSL_EVP_CIPHER *cipher);
static enum wc_HashType EvpMd2MacType(const WOLFSSL_EVP_MD *md);
/* Getter function for cipher key length /* Getter function for cipher key length
* *
@@ -657,25 +663,48 @@ int wolfSSL_EVP_CipherUpdate(WOLFSSL_EVP_CIPHER_CTX *ctx,
return WOLFSSL_SUCCESS; return WOLFSSL_SUCCESS;
} }
if ((ctx == NULL) || (inl < 0) || (outl == NULL)|| (in == NULL)) { if ((ctx == NULL) || (inl < 0) || (outl == NULL) || (in == NULL)) {
WOLFSSL_MSG("Bad argument"); WOLFSSL_MSG("Bad argument");
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
} }
*outl = 0; *outl = 0;
#if !defined(NO_AES) && defined(HAVE_AESGCM)
switch (ctx->cipherType) { switch (ctx->cipherType) {
#if !defined(NO_AES) && defined(HAVE_AESGCM)
case AES_128_GCM_TYPE: case AES_128_GCM_TYPE:
case AES_192_GCM_TYPE: case AES_192_GCM_TYPE:
case AES_256_GCM_TYPE: case AES_256_GCM_TYPE:
/* if out == NULL, in/inl contains the additional authenticated data * for GCM */ /* if out == NULL, in/inl contains the additional authenticated data * for GCM */
return wolfSSL_EVP_CipherUpdate_GCM(ctx, out, outl, in, inl); return wolfSSL_EVP_CipherUpdate_GCM(ctx, out, outl, in, inl);
#endif /* !defined(NO_AES) && defined(HAVE_AESGCM) */
#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
case CHACHA20_POLY1305_TYPE:
if (out == NULL) {
if (wc_ChaCha20Poly1305_UpdateAad(&ctx->cipher.chachaPoly, in,
inl) != 0) {
WOLFSSL_MSG("wc_ChaCha20Poly1305_UpdateAad failed");
return WOLFSSL_FAILURE;
}
else {
return WOLFSSL_SUCCESS;
}
}
else {
if (wc_ChaCha20Poly1305_UpdateData(&ctx->cipher.chachaPoly, in,
out, inl) != 0) {
WOLFSSL_MSG("wc_ChaCha20Poly1305_UpdateData failed");
return WOLFSSL_FAILURE;
}
else {
return WOLFSSL_SUCCESS;
}
}
#endif
default: default:
/* fall-through */ /* fall-through */
break; break;
} }
#endif /* !defined(NO_AES) && defined(HAVE_AESGCM) */
if (out == NULL) { if (out == NULL) {
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
@@ -861,6 +890,17 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx,
XMEMSET(ctx->iv, 0, AES_BLOCK_SIZE); XMEMSET(ctx->iv, 0, AES_BLOCK_SIZE);
break; break;
#endif /* !NO_AES && HAVE_AESGCM */ #endif /* !NO_AES && HAVE_AESGCM */
#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
case CHACHA20_POLY1305_TYPE:
if (wc_ChaCha20Poly1305_Final(&ctx->cipher.chachaPoly,
ctx->authTag) != 0) {
WOLFSSL_MSG("wc_ChaCha20Poly1305_Final failed");
return WOLFSSL_FAILURE;
}
else {
return WOLFSSL_SUCCESS;
}
#endif
default: default:
if (!out) if (!out)
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
@@ -1446,7 +1486,7 @@ int wolfSSL_EVP_PKEY_CTX_set_rsa_padding(WOLFSSL_EVP_PKEY_CTX *ctx, int padding)
return WOLFSSL_SUCCESS; return WOLFSSL_SUCCESS;
} }
/* create a PKEY contxt and return it */ /* create a PKEY context and return it */
WOLFSSL_EVP_PKEY_CTX *wolfSSL_EVP_PKEY_CTX_new_id(int id, WOLFSSL_ENGINE *e) WOLFSSL_EVP_PKEY_CTX *wolfSSL_EVP_PKEY_CTX_new_id(int id, WOLFSSL_ENGINE *e)
{ {
WOLFSSL_EVP_PKEY* pkey; WOLFSSL_EVP_PKEY* pkey;
@@ -1520,16 +1560,22 @@ int wolfSSL_EVP_PKEY_CTX_ctrl_str(WOLFSSL_EVP_PKEY_CTX *ctx,
} }
#endif /* NO_WOLFSSL_STUB */ #endif /* NO_WOLFSSL_STUB */
#if (!defined(NO_DH) && defined(WOLFSSL_DH_EXTRA)) || defined(HAVE_ECC) #if (!defined(NO_DH) && defined(WOLFSSL_DH_EXTRA)) || defined(HAVE_ECC) || \
#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) defined(HAVE_HKDF)
#if !defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)
int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen) int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
{ {
int len; int len;
#ifdef HAVE_HKDF
enum wc_HashType hkdfHashType;
int hkdfHashSz;
#endif
WOLFSSL_ENTER("wolfSSL_EVP_PKEY_derive"); WOLFSSL_ENTER("wolfSSL_EVP_PKEY_derive");
if (!ctx || ctx->op != EVP_PKEY_OP_DERIVE || !ctx->pkey || !ctx->peerKey || !keylen if (!ctx || ctx->op != EVP_PKEY_OP_DERIVE || !ctx->pkey || (!ctx->peerKey
|| ctx->pkey->type != ctx->peerKey->type) { && ctx->pkey->type != EVP_PKEY_HKDF) || !keylen || (ctx->pkey->type
!= EVP_PKEY_HKDF && ctx->pkey->type != ctx->peerKey->type)) {
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
} }
switch (ctx->pkey->type) { switch (ctx->pkey->type) {
@@ -1634,6 +1680,56 @@ int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_
*keylen = (size_t)len; *keylen = (size_t)len;
break; break;
#endif #endif
#ifdef HAVE_HKDF
case EVP_PKEY_HKDF:
(void)len;
hkdfHashType = EvpMd2MacType(ctx->pkey->hkdfMd);
if (hkdfHashType == WC_HASH_TYPE_NONE) {
WOLFSSL_MSG("Invalid hash type for HKDF.");
return WOLFSSL_FAILURE;
}
if (ctx->pkey->hkdfMode == EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND) {
if (wc_HKDF(hkdfHashType, ctx->pkey->hkdfKey, ctx->pkey->hkdfKeySz,
ctx->pkey->hkdfSalt, ctx->pkey->hkdfSaltSz,
ctx->pkey->hkdfInfo, ctx->pkey->hkdfInfoSz, key,
(word32)*keylen) != 0) {
WOLFSSL_MSG("wc_HKDF failed.");
return WOLFSSL_FAILURE;
}
}
else if (ctx->pkey->hkdfMode == EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY) {
if (wc_HKDF_Extract(hkdfHashType, ctx->pkey->hkdfSalt,
ctx->pkey->hkdfSaltSz, ctx->pkey->hkdfKey,
ctx->pkey->hkdfKeySz, key) != 0) {
WOLFSSL_MSG("wc_HKDF_Extract failed.");
return WOLFSSL_FAILURE;
}
else {
hkdfHashSz = wolfSSL_EVP_MD_size(ctx->pkey->hkdfMd);
if (hkdfHashSz <= 0) {
WOLFSSL_MSG("Failed to get block size for HKDF hash.");
return WOLFSSL_FAILURE;
}
/* Length of extract only is always the length of the hash. */
*keylen = hkdfHashSz;
}
}
else if (ctx->pkey->hkdfMode == EVP_PKEY_HKDEF_MODE_EXPAND_ONLY) {
if (wc_HKDF_Expand(hkdfHashType, ctx->pkey->hkdfKey,
ctx->pkey->hkdfKeySz, ctx->pkey->hkdfInfo,
ctx->pkey->hkdfInfoSz, key,
(word32)*keylen) != 0) {
WOLFSSL_MSG("wc_HKDF_Expand failed.");
return WOLFSSL_FAILURE;
}
}
else {
WOLFSSL_MSG("Invalid HKDF mode.");
return WOLFSSL_FAILURE;
}
break;
#endif /* HAVE_HKDF */
default: default:
WOLFSSL_MSG("Unknown key type"); WOLFSSL_MSG("Unknown key type");
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
@@ -1641,7 +1737,166 @@ int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_
return WOLFSSL_SUCCESS; return WOLFSSL_SUCCESS;
} }
#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
#endif /* (!NO_DH && WOLFSSL_DH_EXTRA) || HAVE_ECC */ #endif /* (!NO_DH && WOLFSSL_DH_EXTRA) || HAVE_ECC || HAVE_HKDF */
#ifdef HAVE_HKDF
int wolfSSL_EVP_PKEY_CTX_set_hkdf_md(WOLFSSL_EVP_PKEY_CTX* ctx,
const WOLFSSL_EVP_MD* md)
{
int ret = WOLFSSL_SUCCESS;
WOLFSSL_ENTER("wolfSSL_EVP_PKEY_CTX_set_hkdf_md");
if (ctx == NULL || ctx->pkey == NULL || md == NULL) {
WOLFSSL_MSG("Bad argument.");
ret = WOLFSSL_FAILURE;
}
if (ret == WOLFSSL_SUCCESS) {
ctx->pkey->hkdfMd = md;
}
WOLFSSL_LEAVE("wolfSSL_EVP_PKEY_CTX_set_hkdf_md", ret);
return ret;
}
int wolfSSL_EVP_PKEY_CTX_set1_hkdf_salt(WOLFSSL_EVP_PKEY_CTX* ctx, byte* salt,
int saltSz)
{
int ret = WOLFSSL_SUCCESS;
WOLFSSL_ENTER("wolfSSL_EVP_PKEY_CTX_set1_hkdf_salt");
if (ctx == NULL || ctx->pkey == NULL || saltSz < 0) {
WOLFSSL_MSG("Bad argument.");
ret = WOLFSSL_FAILURE;
}
if (ret == WOLFSSL_SUCCESS && ctx->pkey->type != EVP_PKEY_HKDF) {
WOLFSSL_MSG("WOLFSSL_EVP_PKEY type is not HKDF.");
ret = WOLFSSL_FAILURE;
}
if (ret == WOLFSSL_SUCCESS && salt != NULL && saltSz > 0) {
if (ctx->pkey->hkdfSalt != NULL) {
XFREE(ctx->pkey->hkdfSalt, NULL, DYNAMIC_TYPE_SALT);
}
ctx->pkey->hkdfSalt = (byte*)XMALLOC(saltSz, NULL, DYNAMIC_TYPE_SALT);
if (ctx->pkey->hkdfSalt == NULL) {
WOLFSSL_MSG("Failed to allocate HKDF salt buffer.");
ret = WOLFSSL_FAILURE;
}
else {
XMEMCPY(ctx->pkey->hkdfSalt, salt, saltSz);
ctx->pkey->hkdfSaltSz = saltSz;
}
}
WOLFSSL_LEAVE("wolfSSL_EVP_PKEY_CTX_set1_hkdf_salt", ret);
return ret;
}
int wolfSSL_EVP_PKEY_CTX_set1_hkdf_key(WOLFSSL_EVP_PKEY_CTX* ctx, byte* key,
int keySz)
{
int ret = WOLFSSL_SUCCESS;
WOLFSSL_ENTER("wolfSSL_EVP_PKEY_CTX_set1_hkdf_key");
if (ctx == NULL || ctx->pkey == NULL || key == NULL || keySz <= 0) {
WOLFSSL_MSG("Bad argument.");
ret = WOLFSSL_FAILURE;
}
if (ret == WOLFSSL_SUCCESS && ctx->pkey->type != EVP_PKEY_HKDF) {
WOLFSSL_MSG("WOLFSSL_EVP_PKEY type is not HKDF.");
ret = WOLFSSL_FAILURE;
}
if (ret == WOLFSSL_SUCCESS) {
if (ctx->pkey->hkdfKey != NULL) {
XFREE(ctx->pkey->hkdfKey, NULL, DYNAMIC_TYPE_KEY);
}
ctx->pkey->hkdfKey = (byte*)XMALLOC(keySz, NULL, DYNAMIC_TYPE_KEY);
if (ctx->pkey->hkdfKey == NULL) {
WOLFSSL_MSG("Failed to allocate HKDF key buffer.");
ret = WOLFSSL_FAILURE;
}
else {
XMEMCPY(ctx->pkey->hkdfKey, key, keySz);
ctx->pkey->hkdfKeySz = keySz;
}
}
WOLFSSL_LEAVE("wolfSSL_EVP_PKEY_CTX_set1_hkdf_key", ret);
return ret;
}
int wolfSSL_EVP_PKEY_CTX_add1_hkdf_info(WOLFSSL_EVP_PKEY_CTX* ctx, byte* info,
int infoSz)
{
int ret = WOLFSSL_SUCCESS;
WOLFSSL_ENTER("wolfSSL_EVP_PKEY_CTX_add1_hkdf_info");
if (ctx == NULL || ctx->pkey == NULL || infoSz < 0) {
WOLFSSL_MSG("Bad argument.");
ret = WOLFSSL_FAILURE;
}
if (ret == WOLFSSL_SUCCESS && ctx->pkey->type != EVP_PKEY_HKDF) {
WOLFSSL_MSG("WOLFSSL_EVP_PKEY type is not HKDF.");
ret = WOLFSSL_FAILURE;
}
if (ret == WOLFSSL_SUCCESS && info != NULL && infoSz > 0) {
/* If there's already info in the buffer, append. */
ctx->pkey->hkdfInfo = (byte*)XREALLOC(ctx->pkey->hkdfInfo,
ctx->pkey->hkdfInfoSz + infoSz, NULL, DYNAMIC_TYPE_INFO);
if (ctx->pkey->hkdfInfo == NULL) {
WOLFSSL_MSG("Failed to reallocate larger HKDF info buffer.");
ret = WOLFSSL_FAILURE;
}
else {
XMEMCPY(ctx->pkey->hkdfInfo + ctx->pkey->hkdfInfoSz, info,
infoSz);
ctx->pkey->hkdfInfoSz += infoSz;
}
}
WOLFSSL_LEAVE("wolfSSL_EVP_PKEY_CTX_add1_hkdf_info", ret);
return ret;
}
int wolfSSL_EVP_PKEY_CTX_hkdf_mode(WOLFSSL_EVP_PKEY_CTX* ctx, int mode)
{
int ret = WOLFSSL_SUCCESS;
WOLFSSL_ENTER("wolfSSL_EVP_PKEY_CTX_hkdf_mode");
if (ctx == NULL || ctx->pkey == NULL) {
WOLFSSL_MSG("Bad argument.");
ret = WOLFSSL_FAILURE;
}
if (ret == WOLFSSL_SUCCESS &&
mode != EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND &&
mode != EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY &&
mode != EVP_PKEY_HKDEF_MODE_EXPAND_ONLY) {
WOLFSSL_MSG("Invalid HKDF mode.");
ret = WOLFSSL_FAILURE;
}
if (ret == WOLFSSL_SUCCESS) {
ctx->pkey->hkdfMode = mode;
}
WOLFSSL_LEAVE("wolfSSL_EVP_PKEY_CTX_hkdf_mode", ret);
return ret;
}
#endif /* HAVE_HKDF */
/* Uses the WOLFSSL_EVP_PKEY_CTX to decrypt a buffer. /* Uses the WOLFSSL_EVP_PKEY_CTX to decrypt a buffer.
* *
@@ -2822,7 +3077,7 @@ static const struct s_ent {
{WC_HASH_TYPE_NONE, 0, NULL} {WC_HASH_TYPE_NONE, 0, NULL}
}; };
static enum wc_HashType wolfSSL_EVP_md2macType(const WOLFSSL_EVP_MD *md) static enum wc_HashType EvpMd2MacType(const WOLFSSL_EVP_MD *md)
{ {
const struct s_ent *ent ; const struct s_ent *ent ;
@@ -3610,7 +3865,7 @@ int wolfSSL_PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
} }
ret = wc_PBKDF2((byte*)out, (byte*)pass, passlen, (byte*)salt, saltlen, ret = wc_PBKDF2((byte*)out, (byte*)pass, passlen, (byte*)salt, saltlen,
iter, keylen, wolfSSL_EVP_md2macType(digest)); iter, keylen, EvpMd2MacType(digest));
if (ret == 0) if (ret == 0)
return WOLFSSL_SUCCESS; return WOLFSSL_SUCCESS;
else else
@@ -4908,6 +5163,14 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
} }
#endif #endif
#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_chacha20_poly1305(void)
{
WOLFSSL_ENTER("wolfSSL_EVP_chacha20_poly1305");
return EVP_CHACHA20_POLY1305;
}
#endif
const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_enc_null(void) const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_enc_null(void)
{ {
WOLFSSL_ENTER("wolfSSL_EVP_enc_null"); WOLFSSL_ENTER("wolfSSL_EVP_enc_null");
@@ -5043,7 +5306,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
int arg, void *ptr) int arg, void *ptr)
{ {
int ret = WOLFSSL_FAILURE; int ret = WOLFSSL_FAILURE;
#if defined(HAVE_AESGCM) && !defined(HAVE_SELFTEST) && !defined(WC_NO_RNG) #ifndef WC_NO_RNG
WC_RNG rng; WC_RNG rng;
#endif #endif
if (ctx == NULL) if (ctx == NULL)
@@ -5063,21 +5326,34 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
case EVP_CTRL_SET_KEY_LENGTH: case EVP_CTRL_SET_KEY_LENGTH:
ret = wolfSSL_EVP_CIPHER_CTX_set_key_length(ctx, arg); ret = wolfSSL_EVP_CIPHER_CTX_set_key_length(ctx, arg);
break; break;
#if defined(HAVE_AESGCM) && !defined(HAVE_SELFTEST) && !defined(WC_NO_RNG) #if defined(HAVE_AESGCM) || (defined(HAVE_CHACHA) && defined(HAVE_POLY1305))
case EVP_CTRL_GCM_SET_IVLEN: case EVP_CTRL_AEAD_SET_IVLEN:
if ((ctx->flags & WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER) == 0) if ((ctx->flags & WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER) == 0)
break; break;
if(arg <= 0 || arg > 16) #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
break; if (ctx->cipherType == CHACHA20_POLY1305_TYPE) {
if (arg != CHACHA20_POLY1305_AEAD_IV_SIZE) {
break;
}
}
else
#endif /* HAVE_CHACHA && HAVE_POLY1305 */
{
if (arg <= 0 || arg > AES_BLOCK_SIZE)
break;
}
ret = wolfSSL_EVP_CIPHER_CTX_set_iv_length(ctx, arg); ret = wolfSSL_EVP_CIPHER_CTX_set_iv_length(ctx, arg);
break; break;
case EVP_CTRL_AEAD_SET_IV_FIXED: case EVP_CTRL_AEAD_SET_IV_FIXED:
if ((ctx->flags & WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER) == 0) if ((ctx->flags & WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER) == 0)
break; break;
if (arg == -1) { if (arg == -1) {
/* arg == -1 copies ctx->ivSz from ptr */ /* arg == -1 copies ctx->ivSz from ptr */
ret = wolfSSL_EVP_CIPHER_CTX_set_iv(ctx, (byte*)ptr, ctx->ivSz); ret = wolfSSL_EVP_CIPHER_CTX_set_iv(ctx, (byte*)ptr, ctx->ivSz);
} else { }
#ifndef WC_NO_RNG
else {
/* /*
* Fixed field must be at least 4 bytes and invocation * Fixed field must be at least 4 bytes and invocation
* field at least 8. * field at least 8.
@@ -5107,9 +5383,10 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
break; break;
} }
} }
#endif /* !WC_NO_RNG */
break; break;
#if !defined(_WIN32) && (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \ #if defined(HAVE_AESGCM) && !defined(_WIN32) && !defined(HAVE_SELFTEST) && \
(HAVE_FIPS_VERSION >= 2))) (!defined(HAVE_FIPS) || FIPS_VERSION_GE(2,0))
case EVP_CTRL_GCM_IV_GEN: case EVP_CTRL_GCM_IV_GEN:
if ((ctx->flags & WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER) == 0) if ((ctx->flags & WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER) == 0)
break; break;
@@ -5137,27 +5414,57 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
ctx->gcmAuthInSz = 0; ctx->gcmAuthInSz = 0;
ret = WOLFSSL_SUCCESS; ret = WOLFSSL_SUCCESS;
break; break;
#endif #endif /* HAVE_AESGCM && !_WIN32 && !HAVE_SELFTEST && (!HAVE_FIPS ||
* FIPS_VERSION >= 2)*/
case EVP_CTRL_AEAD_SET_TAG: case EVP_CTRL_AEAD_SET_TAG:
if ((ctx->flags & WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER) == 0) if ((ctx->flags & WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER) == 0)
break; break;
if(arg <= 0 || arg > 16 || (ptr == NULL)) #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
if (ctx->cipherType == CHACHA20_POLY1305_TYPE) {
if (arg != CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE) {
break;
}
ctx->authTagSz = arg;
ret = WOLFSSL_SUCCESS;
if (ptr != NULL) {
XMEMCPY(ctx->authTag, ptr, arg);
}
break; break;
}
else
#endif /* HAVE_CHACHA && HAVE_POLY1305 */
{
if(arg <= 0 || arg > 16 || (ptr == NULL))
break;
XMEMCPY(ctx->authTag, ptr, arg); XMEMCPY(ctx->authTag, ptr, arg);
ctx->authTagSz = arg; ctx->authTagSz = arg;
ret = WOLFSSL_SUCCESS; ret = WOLFSSL_SUCCESS;
break; break;
}
case EVP_CTRL_AEAD_GET_TAG: case EVP_CTRL_AEAD_GET_TAG:
if ((ctx->flags & WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER) == 0) if ((ctx->flags & WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER) == 0)
break; break;
if(arg <= 0 || arg > 16)
break;
XMEMCPY(ptr, ctx->authTag, arg); #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
ret = WOLFSSL_SUCCESS; if (ctx->cipherType == CHACHA20_POLY1305_TYPE) {
if (arg != CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE) {
break;
}
}
else
#endif /* HAVE_CHACHA && HAVE_POLY1305 */
{
if (arg <= 0 || arg > AES_BLOCK_SIZE)
break;
}
if (ptr != NULL) {
XMEMCPY(ptr, ctx->authTag, arg);
ret = WOLFSSL_SUCCESS;
}
break; break;
#endif /* HAVE_AESGCM && !HAVE_SELFTEST && !WC_NO_RNG */ #endif /* HAVE_AESGCM || (HAVE_CHACHA && HAVE_POLY1305) */
default: default:
WOLFSSL_MSG("EVP_CIPHER_CTX_ctrl operation not yet handled"); WOLFSSL_MSG("EVP_CIPHER_CTX_ctrl operation not yet handled");
break; break;
@@ -6062,7 +6369,28 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
#endif /* WOLFSSL_AES_256 */ #endif /* WOLFSSL_AES_256 */
#endif /* HAVE_AES_XTS */ #endif /* HAVE_AES_XTS */
#endif /* NO_AES */ #endif /* NO_AES */
#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
if (ctx->cipherType == CHACHA20_POLY1305_TYPE ||
(type && EVP_CIPHER_TYPE_MATCHES(type, EVP_CHACHA20_POLY1305))) {
WOLFSSL_MSG("EVP_CHACHA20_POLY1305");
ctx->cipherType = CHACHA20_POLY1305_TYPE;
ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE;
ctx->flags |= WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER;
ctx->keyLen = CHACHA20_POLY1305_AEAD_KEYSIZE;
ctx->block_size = CHACHA_CHUNK_BYTES;
ctx->authTagSz = CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE;
ctx->ivSz = CHACHA20_POLY1305_AEAD_IV_SIZE;
if (enc == 0 || enc == 1) {
ctx->enc = enc;
}
if (key != NULL && iv != NULL && wc_ChaCha20Poly1305_Init(
&ctx->cipher.chachaPoly, key, iv, enc) != 0) {
WOLFSSL_MSG("wc_ChaCha20Poly1305_Init() failed");
return WOLFSSL_FAILURE;
}
}
#endif
#ifndef NO_DES3 #ifndef NO_DES3
if (ctx->cipherType == DES_CBC_TYPE || if (ctx->cipherType == DES_CBC_TYPE ||
(type && EVP_CIPHER_TYPE_MATCHES(type, EVP_DES_CBC))) { (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_DES_CBC))) {
@@ -6219,7 +6547,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
} }
#endif #endif
#if defined(HAVE_AESGCM) #if defined(HAVE_AESGCM) || (defined(HAVE_CHACHA) && defined(HAVE_POLY1305))
/* returns WOLFSSL_SUCCESS on success, otherwise returns WOLFSSL_FAILURE */ /* returns WOLFSSL_SUCCESS on success, otherwise returns WOLFSSL_FAILURE */
int wolfSSL_EVP_CIPHER_CTX_set_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* iv, int wolfSSL_EVP_CIPHER_CTX_set_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* iv,
int ivLen) int ivLen)
@@ -6566,7 +6894,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
#endif #endif
/* Set to 0 if no match */ /* Set to 0 if no match */
ctx->macType = wolfSSL_EVP_md2macType(md); ctx->macType = EvpMd2MacType(md);
if (md == NULL) { if (md == NULL) {
XMEMSET(&ctx->hash.digest, 0, sizeof(WOLFSSL_Hasher)); XMEMSET(&ctx->hash.digest, 0, sizeof(WOLFSSL_Hasher));
} }
@@ -6655,7 +6983,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
WOLFSSL_ENTER("EVP_DigestUpdate"); WOLFSSL_ENTER("EVP_DigestUpdate");
macType = wolfSSL_EVP_md2macType(EVP_MD_CTX_md(ctx)); macType = EvpMd2MacType(EVP_MD_CTX_md(ctx));
switch (macType) { switch (macType) {
case WC_HASH_TYPE_MD4: case WC_HASH_TYPE_MD4:
#ifndef NO_MD4 #ifndef NO_MD4
@@ -6769,7 +7097,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
enum wc_HashType macType; enum wc_HashType macType;
WOLFSSL_ENTER("EVP_DigestFinal"); WOLFSSL_ENTER("EVP_DigestFinal");
macType = wolfSSL_EVP_md2macType(EVP_MD_CTX_md(ctx)); macType = EvpMd2MacType(EVP_MD_CTX_md(ctx));
switch (macType) { switch (macType) {
case WC_HASH_TYPE_MD4: case WC_HASH_TYPE_MD4:
#ifndef NO_MD4 #ifndef NO_MD4
@@ -8263,8 +8591,27 @@ void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY* key)
break; break;
#endif /* ! NO_DH ... */ #endif /* ! NO_DH ... */
#ifdef HAVE_HKDF
case EVP_PKEY_HKDF:
if (key->hkdfSalt != NULL) {
XFREE(key->hkdfSalt, NULL, DYNAMIC_TYPE_SALT);
key->hkdfSalt = NULL;
}
if (key->hkdfKey != NULL) {
XFREE(key->hkdfKey, NULL, DYNAMIC_TYPE_KEY);
key->hkdfKey = NULL;
}
if (key->hkdfInfo != NULL) {
XFREE(key->hkdfInfo, NULL, DYNAMIC_TYPE_INFO);
key->hkdfInfo = NULL;
}
key->hkdfSaltSz = 0;
key->hkdfKeySz = 0;
key->hkdfInfoSz = 0;
#endif /* HAVE_HKDF */
default: default:
break; break;
} }
#ifndef SINGLE_THREADED #ifndef SINGLE_THREADED

1
wolfssl/openssl/asn1.h
View File

@@ -69,6 +69,7 @@
#define ASN1_UTCTIME_print wolfSSL_ASN1_UTCTIME_print #define ASN1_UTCTIME_print wolfSSL_ASN1_UTCTIME_print
#define ASN1_TIME_check wolfSSL_ASN1_TIME_check #define ASN1_TIME_check wolfSSL_ASN1_TIME_check
#define ASN1_TIME_diff wolfSSL_ASN1_TIME_diff #define ASN1_TIME_diff wolfSSL_ASN1_TIME_diff
#define ASN1_TIME_compare wolfSSL_ASN1_TIME_compare
#define ASN1_TIME_set wolfSSL_ASN1_TIME_set #define ASN1_TIME_set wolfSSL_ASN1_TIME_set
#define V_ASN1_EOC 0 #define V_ASN1_EOC 0

11
wolfssl/openssl/dh.h
View File

@@ -60,6 +60,7 @@ WOLFSSL_API WOLFSSL_DH *wolfSSL_d2i_DHparams(WOLFSSL_DH **dh,
const unsigned char **pp, long length); const unsigned char **pp, long length);
WOLFSSL_API int wolfSSL_i2d_DHparams(const WOLFSSL_DH *dh, unsigned char **out); WOLFSSL_API int wolfSSL_i2d_DHparams(const WOLFSSL_DH *dh, unsigned char **out);
WOLFSSL_API WOLFSSL_DH* wolfSSL_DH_new(void); WOLFSSL_API WOLFSSL_DH* wolfSSL_DH_new(void);
WOLFSSL_API WOLFSSL_DH* wolSSL_DH_new_by_nid(int nid);
WOLFSSL_API void wolfSSL_DH_free(WOLFSSL_DH* dh); WOLFSSL_API void wolfSSL_DH_free(WOLFSSL_DH* dh);
WOLFSSL_API WOLFSSL_DH* wolfSSL_DH_dup(WOLFSSL_DH* dh); WOLFSSL_API WOLFSSL_DH* wolfSSL_DH_dup(WOLFSSL_DH* dh);
WOLFSSL_API int wolfSSL_DH_up_ref(WOLFSSL_DH* dh); WOLFSSL_API int wolfSSL_DH_up_ref(WOLFSSL_DH* dh);
@@ -81,9 +82,10 @@ WOLFSSL_API WOLFSSL_DH* wolfSSL_DH_get_2048_256(void);
typedef WOLFSSL_DH DH; typedef WOLFSSL_DH DH;
#define DH_new wolfSSL_DH_new #define DH_new wolfSSL_DH_new
#define DH_free wolfSSL_DH_free #define DH_free wolfSSL_DH_free
#define DH_up_ref wolfSSL_DH_up_ref #define DH_up_ref wolfSSL_DH_up_ref
#define DH_new_by_nid wolSSL_DH_new_by_nid
#define d2i_DHparams wolfSSL_d2i_DHparams #define d2i_DHparams wolfSSL_d2i_DHparams
#define i2d_DHparams wolfSSL_i2d_DHparams #define i2d_DHparams wolfSSL_i2d_DHparams
@@ -126,6 +128,9 @@ typedef WOLFSSL_DH DH;
#define DH_generate_parameters_ex wolfSSL_DH_generate_parameters_ex #define DH_generate_parameters_ex wolfSSL_DH_generate_parameters_ex
#endif /* OPENSSL_ALL || HAVE_STUNNEL */ #endif /* OPENSSL_ALL || HAVE_STUNNEL */
#define DH_GENERATOR_2 2
#define DH_GENERATOR_5 5
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
#ifdef __cplusplus #ifdef __cplusplus

4
wolfssl/openssl/ec.h
View File

@@ -359,8 +359,12 @@ typedef WOLFSSL_EC_BUILTIN_CURVE EC_builtin_curve;
#define EC_POINT_free wolfSSL_EC_POINT_free #define EC_POINT_free wolfSSL_EC_POINT_free
#define EC_POINT_get_affine_coordinates_GFp \ #define EC_POINT_get_affine_coordinates_GFp \
wolfSSL_EC_POINT_get_affine_coordinates_GFp wolfSSL_EC_POINT_get_affine_coordinates_GFp
#define EC_POINT_get_affine_coordinates \
wolfSSL_EC_POINT_get_affine_coordinates_GFp
#define EC_POINT_set_affine_coordinates_GFp \ #define EC_POINT_set_affine_coordinates_GFp \
wolfSSL_EC_POINT_set_affine_coordinates_GFp wolfSSL_EC_POINT_set_affine_coordinates_GFp
#define EC_POINT_set_affine_coordinates \
wolfSSL_EC_POINT_set_affine_coordinates_GFp
#define EC_POINT_add wolfSSL_EC_POINT_add #define EC_POINT_add wolfSSL_EC_POINT_add
#define EC_POINT_mul wolfSSL_EC_POINT_mul #define EC_POINT_mul wolfSSL_EC_POINT_mul
#define EC_POINT_invert wolfSSL_EC_POINT_invert #define EC_POINT_invert wolfSSL_EC_POINT_invert

124
wolfssl/openssl/evp.h
View File

@@ -54,6 +54,7 @@
#include <wolfssl/wolfcrypt/aes.h> #include <wolfssl/wolfcrypt/aes.h>
#include <wolfssl/wolfcrypt/des3.h> #include <wolfssl/wolfcrypt/des3.h>
#include <wolfssl/wolfcrypt/arc4.h> #include <wolfssl/wolfcrypt/arc4.h>
#include <wolfssl/wolfcrypt/chacha20_poly1305.h>
#include <wolfssl/wolfcrypt/hmac.h> #include <wolfssl/wolfcrypt/hmac.h>
#include <wolfssl/wolfcrypt/pwdbased.h> #include <wolfssl/wolfcrypt/pwdbased.h>
@@ -135,6 +136,9 @@ WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_ede3_cbc(void);
WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_rc4(void); WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_rc4(void);
WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_enc_null(void); WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_enc_null(void);
WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_rc2_cbc(void); WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_rc2_cbc(void);
#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_chacha20_poly1305(void);
#endif
typedef union { typedef union {
@@ -205,6 +209,9 @@ typedef union {
#ifdef WOLFSSL_QT #ifdef WOLFSSL_QT
int (*ctrl) (WOLFSSL_EVP_CIPHER_CTX *, int type, int arg, void *ptr); int (*ctrl) (WOLFSSL_EVP_CIPHER_CTX *, int type, int arg, void *ptr);
#endif #endif
#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
ChaChaPoly_Aead chachaPoly;
#endif
} WOLFSSL_Cipher; } WOLFSSL_Cipher;
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
@@ -241,8 +248,12 @@ enum {
NID_hmacWithSHA256 = 799, NID_hmacWithSHA256 = 799,
NID_hmacWithSHA384 = 800, NID_hmacWithSHA384 = 800,
NID_hmacWithSHA512 = 801, NID_hmacWithSHA512 = 801,
NID_hkdf = 1036,
NID_cmac = 894, NID_cmac = 894,
NID_dhKeyAgreement= 28, NID_dhKeyAgreement= 28,
NID_ffdhe2048 = 1126,
NID_ffdhe3072 = 1127,
NID_ffdhe4096 = 1128,
NID_rc4 = 5, NID_rc4 = 5,
NID_bf_cbc = 91, NID_bf_cbc = 91,
NID_bf_ecb = 92, NID_bf_ecb = 92,
@@ -254,6 +265,7 @@ enum {
NID_cast5_ofb64 = 111, NID_cast5_ofb64 = 111,
EVP_PKEY_DH = NID_dhKeyAgreement, EVP_PKEY_DH = NID_dhKeyAgreement,
EVP_PKEY_HMAC = NID_hmac, EVP_PKEY_HMAC = NID_hmac,
EVP_PKEY_HKDF = NID_hkdf,
EVP_PKEY_FALCON = 300, /* Randomly picked value. */ EVP_PKEY_FALCON = 300, /* Randomly picked value. */
AES_128_CFB1_TYPE = 24, AES_128_CFB1_TYPE = 24,
AES_192_CFB1_TYPE = 25, AES_192_CFB1_TYPE = 25,
@@ -268,7 +280,8 @@ enum {
AES_192_OFB_TYPE = 34, AES_192_OFB_TYPE = 34,
AES_256_OFB_TYPE = 35, AES_256_OFB_TYPE = 35,
AES_128_XTS_TYPE = 36, AES_128_XTS_TYPE = 36,
AES_256_XTS_TYPE = 37 AES_256_XTS_TYPE = 37,
CHACHA20_POLY1305_TYPE = 38
}; };
enum { enum {
@@ -393,11 +406,12 @@ struct WOLFSSL_EVP_CIPHER_CTX {
unsigned long flags; unsigned long flags;
unsigned char enc; /* if encrypt side, then true */ unsigned char enc; /* if encrypt side, then true */
unsigned char cipherType; unsigned char cipherType;
#ifndef NO_AES #if !defined(NO_AES)
/* working iv pointer into cipher */ /* working iv pointer into cipher */
ALIGN16 unsigned char iv[AES_BLOCK_SIZE]; ALIGN16 unsigned char iv[AES_BLOCK_SIZE];
#elif defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
ALIGN16 unsigned char iv[CHACHA20_POLY1305_AEAD_IV_SIZE];
#elif !defined(NO_DES3) #elif !defined(NO_DES3)
/* working iv pointer into cipher */
ALIGN16 unsigned char iv[DES_BLOCK_SIZE]; ALIGN16 unsigned char iv[DES_BLOCK_SIZE];
#endif #endif
WOLFSSL_Cipher cipher; WOLFSSL_Cipher cipher;
@@ -406,17 +420,24 @@ struct WOLFSSL_EVP_CIPHER_CTX {
ALIGN16 byte lastBlock[WOLFSSL_EVP_BUF_SIZE]; ALIGN16 byte lastBlock[WOLFSSL_EVP_BUF_SIZE];
int lastUsed; int lastUsed;
#if !defined(NO_AES) || !defined(NO_DES3) || defined(HAVE_AESGCM) || \ #if !defined(NO_AES) || !defined(NO_DES3) || defined(HAVE_AESGCM) || \
defined (WOLFSSL_AES_XTS) defined (WOLFSSL_AES_XTS) || (defined(HAVE_CHACHA) || \
defined(HAVE_POLY1305))
#define HAVE_WOLFSSL_EVP_CIPHER_CTX_IV #define HAVE_WOLFSSL_EVP_CIPHER_CTX_IV
int ivSz; int ivSz;
#ifdef HAVE_AESGCM #ifdef HAVE_AESGCM
byte* gcmBuffer; byte* gcmBuffer;
int gcmBufferLen; int gcmBufferLen;
ALIGN16 unsigned char authTag[AES_BLOCK_SIZE];
int authTagSz;
byte* gcmAuthIn; byte* gcmAuthIn;
int gcmAuthInSz; int gcmAuthInSz;
#endif #endif
#if defined(HAVE_AESGCM) || (defined(HAVE_CHACHA) && defined(HAVE_POLY1305))
#ifdef HAVE_AESGCM
ALIGN16 unsigned char authTag[AES_BLOCK_SIZE];
#else
ALIGN16 unsigned char authTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE];
#endif
int authTagSz;
#endif
#endif #endif
}; };
@@ -711,6 +732,18 @@ WOLFSSL_API void wolfSSL_EVP_MD_do_all(void (*fn) (const WOLFSSL_EVP_MD *md,
const char* from, const char* to, const char* from, const char* to,
void* xx), void* args); void* xx), void* args);
#ifdef HAVE_HKDF
WOLFSSL_API int wolfSSL_EVP_PKEY_CTX_set_hkdf_md(WOLFSSL_EVP_PKEY_CTX* ctx,
const WOLFSSL_EVP_MD* md);
WOLFSSL_API int wolfSSL_EVP_PKEY_CTX_set1_hkdf_salt(WOLFSSL_EVP_PKEY_CTX* ctx,
byte* salt, int saltSz);
WOLFSSL_API int wolfSSL_EVP_PKEY_CTX_set1_hkdf_key(WOLFSSL_EVP_PKEY_CTX* ctx,
byte* key, int keySz);
WOLFSSL_API int wolfSSL_EVP_PKEY_CTX_add1_hkdf_info(WOLFSSL_EVP_PKEY_CTX* ctx,
byte* info, int infoSz);
WOLFSSL_API int wolfSSL_EVP_PKEY_CTX_hkdf_mode(WOLFSSL_EVP_PKEY_CTX* ctx,
int mode);
#endif
#define WOLFSSL_EVP_CIPH_MODE 0x0007 #define WOLFSSL_EVP_CIPH_MODE 0x0007
#define WOLFSSL_EVP_CIPH_STREAM_CIPHER 0x0 #define WOLFSSL_EVP_CIPH_STREAM_CIPHER 0x0
@@ -818,41 +851,42 @@ WOLFSSL_API int wolfSSL_EVP_SignInit_ex(WOLFSSL_EVP_MD_CTX* ctx,
#define EVP_sha3_384 wolfSSL_EVP_sha3_384 #define EVP_sha3_384 wolfSSL_EVP_sha3_384
#define EVP_sha3_512 wolfSSL_EVP_sha3_512 #define EVP_sha3_512 wolfSSL_EVP_sha3_512
#define EVP_aes_128_cbc wolfSSL_EVP_aes_128_cbc #define EVP_aes_128_cbc wolfSSL_EVP_aes_128_cbc
#define EVP_aes_192_cbc wolfSSL_EVP_aes_192_cbc #define EVP_aes_192_cbc wolfSSL_EVP_aes_192_cbc
#define EVP_aes_256_cbc wolfSSL_EVP_aes_256_cbc #define EVP_aes_256_cbc wolfSSL_EVP_aes_256_cbc
#define EVP_aes_128_cfb1 wolfSSL_EVP_aes_128_cfb1 #define EVP_aes_128_cfb1 wolfSSL_EVP_aes_128_cfb1
#define EVP_aes_192_cfb1 wolfSSL_EVP_aes_192_cfb1 #define EVP_aes_192_cfb1 wolfSSL_EVP_aes_192_cfb1
#define EVP_aes_256_cfb1 wolfSSL_EVP_aes_256_cfb1 #define EVP_aes_256_cfb1 wolfSSL_EVP_aes_256_cfb1
#define EVP_aes_128_cfb8 wolfSSL_EVP_aes_128_cfb8 #define EVP_aes_128_cfb8 wolfSSL_EVP_aes_128_cfb8
#define EVP_aes_192_cfb8 wolfSSL_EVP_aes_192_cfb8 #define EVP_aes_192_cfb8 wolfSSL_EVP_aes_192_cfb8
#define EVP_aes_256_cfb8 wolfSSL_EVP_aes_256_cfb8 #define EVP_aes_256_cfb8 wolfSSL_EVP_aes_256_cfb8
#define EVP_aes_128_cfb128 wolfSSL_EVP_aes_128_cfb128 #define EVP_aes_128_cfb128 wolfSSL_EVP_aes_128_cfb128
#define EVP_aes_192_cfb128 wolfSSL_EVP_aes_192_cfb128 #define EVP_aes_192_cfb128 wolfSSL_EVP_aes_192_cfb128
#define EVP_aes_256_cfb128 wolfSSL_EVP_aes_256_cfb128 #define EVP_aes_256_cfb128 wolfSSL_EVP_aes_256_cfb128
#define EVP_aes_128_cfb wolfSSL_EVP_aes_128_cfb128 #define EVP_aes_128_cfb wolfSSL_EVP_aes_128_cfb128
#define EVP_aes_192_cfb wolfSSL_EVP_aes_192_cfb128 #define EVP_aes_192_cfb wolfSSL_EVP_aes_192_cfb128
#define EVP_aes_256_cfb wolfSSL_EVP_aes_256_cfb128 #define EVP_aes_256_cfb wolfSSL_EVP_aes_256_cfb128
#define EVP_aes_128_ofb wolfSSL_EVP_aes_128_ofb #define EVP_aes_128_ofb wolfSSL_EVP_aes_128_ofb
#define EVP_aes_192_ofb wolfSSL_EVP_aes_192_ofb #define EVP_aes_192_ofb wolfSSL_EVP_aes_192_ofb
#define EVP_aes_256_ofb wolfSSL_EVP_aes_256_ofb #define EVP_aes_256_ofb wolfSSL_EVP_aes_256_ofb
#define EVP_aes_128_xts wolfSSL_EVP_aes_128_xts #define EVP_aes_128_xts wolfSSL_EVP_aes_128_xts
#define EVP_aes_256_xts wolfSSL_EVP_aes_256_xts #define EVP_aes_256_xts wolfSSL_EVP_aes_256_xts
#define EVP_aes_128_gcm wolfSSL_EVP_aes_128_gcm #define EVP_aes_128_gcm wolfSSL_EVP_aes_128_gcm
#define EVP_aes_192_gcm wolfSSL_EVP_aes_192_gcm #define EVP_aes_192_gcm wolfSSL_EVP_aes_192_gcm
#define EVP_aes_256_gcm wolfSSL_EVP_aes_256_gcm #define EVP_aes_256_gcm wolfSSL_EVP_aes_256_gcm
#define EVP_aes_128_ecb wolfSSL_EVP_aes_128_ecb #define EVP_aes_128_ecb wolfSSL_EVP_aes_128_ecb
#define EVP_aes_192_ecb wolfSSL_EVP_aes_192_ecb #define EVP_aes_192_ecb wolfSSL_EVP_aes_192_ecb
#define EVP_aes_256_ecb wolfSSL_EVP_aes_256_ecb #define EVP_aes_256_ecb wolfSSL_EVP_aes_256_ecb
#define EVP_aes_128_ctr wolfSSL_EVP_aes_128_ctr #define EVP_aes_128_ctr wolfSSL_EVP_aes_128_ctr
#define EVP_aes_192_ctr wolfSSL_EVP_aes_192_ctr #define EVP_aes_192_ctr wolfSSL_EVP_aes_192_ctr
#define EVP_aes_256_ctr wolfSSL_EVP_aes_256_ctr #define EVP_aes_256_ctr wolfSSL_EVP_aes_256_ctr
#define EVP_des_cbc wolfSSL_EVP_des_cbc #define EVP_des_cbc wolfSSL_EVP_des_cbc
#define EVP_des_ecb wolfSSL_EVP_des_ecb #define EVP_des_ecb wolfSSL_EVP_des_ecb
#define EVP_des_ede3_cbc wolfSSL_EVP_des_ede3_cbc #define EVP_des_ede3_cbc wolfSSL_EVP_des_ede3_cbc
#define EVP_des_ede3_ecb wolfSSL_EVP_des_ede3_ecb #define EVP_des_ede3_ecb wolfSSL_EVP_des_ede3_ecb
#define EVP_rc4 wolfSSL_EVP_rc4 #define EVP_rc4 wolfSSL_EVP_rc4
#define EVP_enc_null wolfSSL_EVP_enc_null #define EVP_chacha20_poly1305 wolfSSL_EVP_chacha20_poly1305
#define EVP_enc_null wolfSSL_EVP_enc_null
#define EVP_MD_size wolfSSL_EVP_MD_size #define EVP_MD_size wolfSSL_EVP_MD_size
#define EVP_MD_pkey_type wolfSSL_EVP_MD_pkey_type #define EVP_MD_pkey_type wolfSSL_EVP_MD_pkey_type
@@ -1109,6 +1143,14 @@ WOLFSSL_API int wolfSSL_EVP_SignInit_ex(WOLFSSL_EVP_MD_CTX* ctx,
#define EVP_blake2s256 wolfSSL_EVP_blake2s256 #define EVP_blake2s256 wolfSSL_EVP_blake2s256
#define EVP_MD_do_all wolfSSL_EVP_MD_do_all #define EVP_MD_do_all wolfSSL_EVP_MD_do_all
#ifdef HAVE_HKDF
#define EVP_PKEY_CTX_set_hkdf_md wolfSSL_EVP_PKEY_CTX_set_hkdf_md
#define EVP_PKEY_CTX_set1_hkdf_salt wolfSSL_EVP_PKEY_CTX_set1_hkdf_salt
#define EVP_PKEY_CTX_set1_hkdf_key wolfSSL_EVP_PKEY_CTX_set1_hkdf_key
#define EVP_PKEY_CTX_add1_hkdf_info wolfSSL_EVP_PKEY_CTX_add1_hkdf_info
#define EVP_PKEY_CTX_hkdf_mode wolfSSL_EVP_PKEY_CTX_hkdf_mode
#endif
WOLFSSL_API void printPKEY(WOLFSSL_EVP_PKEY *k); WOLFSSL_API void printPKEY(WOLFSSL_EVP_PKEY *k);
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */

1
wolfssl/openssl/include.am
View File

@@ -29,6 +29,7 @@ nobase_include_HEADERS+= \
wolfssl/openssl/evp.h \ wolfssl/openssl/evp.h \
wolfssl/openssl/fips_rand.h \ wolfssl/openssl/fips_rand.h \
wolfssl/openssl/hmac.h \ wolfssl/openssl/hmac.h \
wolfssl/openssl/kdf.h \
wolfssl/openssl/lhash.h \ wolfssl/openssl/lhash.h \
wolfssl/openssl/md4.h \ wolfssl/openssl/md4.h \
wolfssl/openssl/md5.h \ wolfssl/openssl/md5.h \

37
wolfssl/openssl/kdf.h Normal file
View File

@@ -0,0 +1,37 @@
/* kdf.h
*
* Copyright (C) 2006-2021 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#ifndef WOLFSSL_KDF_H_
#define WOLFSSL_KDF_H_
#ifdef __cplusplus
extern "C" {
#endif
#define EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND 0
#define EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY 1
#define EVP_PKEY_HKDEF_MODE_EXPAND_ONLY 2
#ifdef __cplusplus
} /* extern "C" */
#endif
#endif /* WOLFSSL_KDF_H_ */

30
wolfssl/openssl/objects.h
View File

@@ -43,21 +43,23 @@
#define OBJ_NAME_TYPE_NUM WOLFSSL_OBJ_NAME_TYPE_NUM #define OBJ_NAME_TYPE_NUM WOLFSSL_OBJ_NAME_TYPE_NUM
#define OBJ_NAME_ALIAS WOLFSSL_OBJ_NAME_ALIAS #define OBJ_NAME_ALIAS WOLFSSL_OBJ_NAME_ALIAS
#define OBJ_nid2sn wolfSSL_OBJ_nid2sn #define OBJ_nid2sn wolfSSL_OBJ_nid2sn
#define OBJ_obj2nid wolfSSL_OBJ_obj2nid #define OBJ_obj2nid wolfSSL_OBJ_obj2nid
#define OBJ_sn2nid wolfSSL_OBJ_sn2nid #define OBJ_sn2nid wolfSSL_OBJ_sn2nid
#define OBJ_nid2ln wolfSSL_OBJ_nid2ln #define OBJ_length wolfSSL_OBJ_length
#define OBJ_ln2nid wolfSSL_OBJ_ln2nid #define OBJ_get0_data wolfSSL_OBJ_get0_data
#define OBJ_txt2nid wolfSSL_OBJ_txt2nid #define OBJ_nid2ln wolfSSL_OBJ_nid2ln
#define OBJ_txt2obj wolfSSL_OBJ_txt2obj #define OBJ_ln2nid wolfSSL_OBJ_ln2nid
#define OBJ_nid2obj wolfSSL_OBJ_nid2obj #define OBJ_txt2nid wolfSSL_OBJ_txt2nid
#define OBJ_obj2txt wolfSSL_OBJ_obj2txt #define OBJ_txt2obj wolfSSL_OBJ_txt2obj
#define OBJ_cleanup wolfSSL_OBJ_cleanup #define OBJ_nid2obj wolfSSL_OBJ_nid2obj
#define OBJ_cmp wolfSSL_OBJ_cmp #define OBJ_obj2txt wolfSSL_OBJ_obj2txt
#define OBJ_create wolfSSL_OBJ_create #define OBJ_cleanup wolfSSL_OBJ_cleanup
#define OBJ_cmp wolfSSL_OBJ_cmp
#define OBJ_create wolfSSL_OBJ_create
#define ASN1_OBJECT_free wolfSSL_ASN1_OBJECT_free #define ASN1_OBJECT_free wolfSSL_ASN1_OBJECT_free
#define OBJ_NAME_do_all wolfSSL_OBJ_NAME_do_all #define OBJ_NAME_do_all wolfSSL_OBJ_NAME_do_all
#define i2t_ASN1_OBJECT wolfSSL_i2t_ASN1_OBJECT #define i2t_ASN1_OBJECT wolfSSL_i2t_ASN1_OBJECT
/* not required for wolfSSL */ /* not required for wolfSSL */
#define OPENSSL_load_builtin_modules() #define OPENSSL_load_builtin_modules()

15
wolfssl/ssl.h
View File

@@ -400,6 +400,16 @@ struct WOLFSSL_EVP_PKEY {
WOLFSSL_DH* dh; WOLFSSL_DH* dh;
#endif #endif
WC_RNG rng; WC_RNG rng;
#ifdef HAVE_HKDF
const WOLFSSL_EVP_MD* hkdfMd;
byte* hkdfSalt;
word32 hkdfSaltSz;
byte* hkdfKey;
word32 hkdfKeySz;
byte* hkdfInfo;
word32 hkdfInfoSz;
int hkdfMode;
#endif
#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
#ifdef HAVE_ECC #ifdef HAVE_ECC
int pkey_curve; int pkey_curve;
@@ -2612,6 +2622,8 @@ WOLFSSL_API void wolfSSL_ASN1_GENERALIZEDTIME_free(WOLFSSL_ASN1_GENERALIZEDTIME*
WOLFSSL_API int wolfSSL_ASN1_TIME_check(const WOLFSSL_ASN1_TIME* a); WOLFSSL_API int wolfSSL_ASN1_TIME_check(const WOLFSSL_ASN1_TIME* a);
WOLFSSL_API int wolfSSL_ASN1_TIME_diff(int* days, int* secs, const WOLFSSL_ASN1_TIME* from, WOLFSSL_API int wolfSSL_ASN1_TIME_diff(int* days, int* secs, const WOLFSSL_ASN1_TIME* from,
const WOLFSSL_ASN1_TIME* to); const WOLFSSL_ASN1_TIME* to);
WOLFSSL_API int wolfSSL_ASN1_TIME_compare(const WOLFSSL_ASN1_TIME *a,
const WOLFSSL_ASN1_TIME *b);
#ifdef OPENSSL_EXTRA #ifdef OPENSSL_EXTRA
WOLFSSL_API WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_set(WOLFSSL_ASN1_TIME *s, time_t t); WOLFSSL_API WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_set(WOLFSSL_ASN1_TIME *s, time_t t);
WOLFSSL_API int wolfSSL_ASN1_TIME_set_string(WOLFSSL_ASN1_TIME *s, const char *str); WOLFSSL_API int wolfSSL_ASN1_TIME_set_string(WOLFSSL_ASN1_TIME *s, const char *str);
@@ -4003,6 +4015,9 @@ WOLFSSL_API const char* wolfSSL_OBJ_nid2sn(int n);
WOLFSSL_API int wolfSSL_OBJ_obj2nid(const WOLFSSL_ASN1_OBJECT *o); WOLFSSL_API int wolfSSL_OBJ_obj2nid(const WOLFSSL_ASN1_OBJECT *o);
WOLFSSL_API int wolfSSL_OBJ_get_type(const WOLFSSL_ASN1_OBJECT *o); WOLFSSL_API int wolfSSL_OBJ_get_type(const WOLFSSL_ASN1_OBJECT *o);
WOLFSSL_API int wolfSSL_OBJ_sn2nid(const char *sn); WOLFSSL_API int wolfSSL_OBJ_sn2nid(const char *sn);
WOLFSSL_API size_t wolfSSL_OBJ_length(const WOLFSSL_ASN1_OBJECT* o);
WOLFSSL_API const unsigned char* wolfSSL_OBJ_get0_data(
const WOLFSSL_ASN1_OBJECT* o);
WOLFSSL_API const char* wolfSSL_OBJ_nid2ln(int n); WOLFSSL_API const char* wolfSSL_OBJ_nid2ln(int n);
WOLFSSL_API int wolfSSL_OBJ_ln2nid(const char *ln); WOLFSSL_API int wolfSSL_OBJ_ln2nid(const char *ln);

2
wolfssl/wolfcrypt/hmac.h
View File

@@ -217,7 +217,7 @@ WOLFSSL_API int wc_HKDF_Extract(int type, const byte* salt, word32 saltSz,
const byte* inKey, word32 inKeySz, byte* out); const byte* inKey, word32 inKeySz, byte* out);
WOLFSSL_API int wc_HKDF_Expand(int type, const byte* inKey, word32 inKeySz, WOLFSSL_API int wc_HKDF_Expand(int type, const byte* inKey, word32 inKeySz,
const byte* info, word32 infoSz, const byte* info, word32 infoSz,
byte* out, word32 outSz); byte* out, word32 outSz);
WOLFSSL_API int wc_HKDF(int type, const byte* inKey, word32 inKeySz, WOLFSSL_API int wc_HKDF(int type, const byte* inKey, word32 inKeySz,
const byte* salt, word32 saltSz, const byte* salt, word32 saltSz,

2
wolfssl/wolfcrypt/settings.h
View File

@@ -2027,7 +2027,7 @@ extern void uITRON4_free(void *p) ;
#if !defined(HAVE_PUBLIC_FFDHE) && !defined(NO_DH) && \ #if !defined(HAVE_PUBLIC_FFDHE) && !defined(NO_DH) && \
!defined(WOLFSSL_NO_PUBLIC_FFDHE) && \ !defined(WOLFSSL_NO_PUBLIC_FFDHE) && \
(defined(HAVE_SELFTEST) || FIPS_VERSION_EQ(2,0)) (defined(HAVE_SELFTEST) || FIPS_VERSION_GE(2,0))
#define HAVE_PUBLIC_FFDHE #define HAVE_PUBLIC_FFDHE
#endif #endif