feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge branch 'master' of github.com:wolfssl/wolfssl

Browse Source
This commit is contained in:
toddouska
2015-03-26 14:28:16 -07:00
parent 2935234484 d4a3e83582
commit 9adbf41baa
6 changed files with 364 additions and 212 deletions
Download Patch File Download Diff File Expand all files Collapse all files

148
src/ssl.c
View File

@@ -2430,7 +2430,9 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
#else #else
char password[80]; char password[80];
byte key[AES_256_KEY_SIZE]; byte key[AES_256_KEY_SIZE];
#ifndef NO_MD5
byte iv[AES_IV_SIZE]; byte iv[AES_IV_SIZE];
#endif
#endif #endif
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
@@ -2460,10 +2462,12 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
!= 0) { != 0) {
ret = ASN_INPUT_E; ret = ASN_INPUT_E;
} }
#ifndef NO_MD5
else if ((ret = EVP_BytesToKey(info->name, "MD5", info->iv, else if ((ret = EVP_BytesToKey(info->name, "MD5", info->iv,
(byte*)password, passwordSz, 1, key, iv)) <= 0) { (byte*)password, passwordSz, 1, key, iv)) <= 0) {
/* empty */ /* empty */
} }
#endif
#ifndef NO_DES3 #ifndef NO_DES3
else if (XSTRNCMP(info->name, "DES-CBC", 7) == 0) { else if (XSTRNCMP(info->name, "DES-CBC", 7) == 0) {
ret = wc_Des_CbcDecryptWithKey(der.buffer, der.buffer, der.length, ret = wc_Des_CbcDecryptWithKey(der.buffer, der.buffer, der.length,
@@ -7031,6 +7035,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
return 0; return 0;
} }
#ifndef NO_MD5
int wolfSSL_EVP_BytesToKey(const WOLFSSL_EVP_CIPHER* type, int wolfSSL_EVP_BytesToKey(const WOLFSSL_EVP_CIPHER* type,
const WOLFSSL_EVP_MD* md, const byte* salt, const WOLFSSL_EVP_MD* md, const byte* salt,
const byte* data, int sz, int count, byte* key, byte* iv) const byte* data, int sz, int count, byte* key, byte* iv)
@@ -7133,6 +7139,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
return keyOutput == (keyLen + ivLen) ? keyOutput : 0; return keyOutput == (keyLen + ivLen) ? keyOutput : 0;
} }
#endif /* NO_MD5 */
#endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */ #endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */
@@ -7152,6 +7160,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
} }
#ifndef NO_MD5
void wolfSSL_MD5_Init(WOLFSSL_MD5_CTX* md5) void wolfSSL_MD5_Init(WOLFSSL_MD5_CTX* md5)
{ {
typedef char md5_test[sizeof(MD5_CTX) >= sizeof(Md5) ? 1 : -1]; typedef char md5_test[sizeof(MD5_CTX) >= sizeof(Md5) ? 1 : -1];
@@ -7175,6 +7184,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
WOLFSSL_ENTER("MD5_Final"); WOLFSSL_ENTER("MD5_Final");
wc_Md5Final((Md5*)md5, input); wc_Md5Final((Md5*)md5, input);
} }
#endif /* NO_MD5 */
void wolfSSL_SHA_Init(WOLFSSL_SHA_CTX* sha) void wolfSSL_SHA_Init(WOLFSSL_SHA_CTX* sha)
@@ -7313,6 +7323,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
#endif /* WOLFSSL_SHA512 */ #endif /* WOLFSSL_SHA512 */
#ifndef NO_MD5
const WOLFSSL_EVP_MD* wolfSSL_EVP_md5(void) const WOLFSSL_EVP_MD* wolfSSL_EVP_md5(void)
{ {
static const char* type = "MD5"; static const char* type = "MD5";
@@ -7320,6 +7332,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
return type; return type;
} }
#endif /* NO_MD5 */
const WOLFSSL_EVP_MD* wolfSSL_EVP_sha1(void) const WOLFSSL_EVP_MD* wolfSSL_EVP_sha1(void)
{ {
@@ -7828,7 +7842,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
case DES_EDE3_CBC_TYPE : case DES_EDE3_CBC_TYPE :
WOLFSSL_MSG("DES EDE3 CBC"); WOLFSSL_MSG("DES EDE3 CBC");
memcpy(ctx->iv, &ctx->cipher.des.reg, DES_BLOCK_SIZE); memcpy(ctx->iv, &ctx->cipher.des3.reg, DES_BLOCK_SIZE);
break; break;
#endif #endif
@@ -7889,7 +7903,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
case DES_EDE3_CBC_TYPE : case DES_EDE3_CBC_TYPE :
WOLFSSL_MSG("DES EDE3 CBC"); WOLFSSL_MSG("DES EDE3 CBC");
memcpy(&ctx->cipher.des.reg, ctx->iv, DES_BLOCK_SIZE); memcpy(&ctx->cipher.des3.reg, ctx->iv, DES_BLOCK_SIZE);
break; break;
#endif #endif
@@ -7914,11 +7928,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
int wolfSSL_EVP_DigestInit(WOLFSSL_EVP_MD_CTX* ctx, const WOLFSSL_EVP_MD* type) int wolfSSL_EVP_DigestInit(WOLFSSL_EVP_MD_CTX* ctx, const WOLFSSL_EVP_MD* type)
{ {
WOLFSSL_ENTER("EVP_DigestInit"); WOLFSSL_ENTER("EVP_DigestInit");
if (XSTRNCMP(type, "MD5", 3) == 0) { if (XSTRNCMP(type, "SHA256", 6) == 0) {
ctx->macType = MD5;
wolfSSL_MD5_Init((MD5_CTX*)&ctx->hash);
}
else if (XSTRNCMP(type, "SHA256", 6) == 0) {
ctx->macType = SHA256; ctx->macType = SHA256;
wolfSSL_SHA256_Init((SHA256_CTX*)&ctx->hash); wolfSSL_SHA256_Init((SHA256_CTX*)&ctx->hash);
} }
@@ -7933,6 +7943,12 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
ctx->macType = SHA512; ctx->macType = SHA512;
wolfSSL_SHA512_Init((SHA512_CTX*)&ctx->hash); wolfSSL_SHA512_Init((SHA512_CTX*)&ctx->hash);
} }
#endif
#ifndef NO_MD5
else if (XSTRNCMP(type, "MD5", 3) == 0) {
ctx->macType = MD5;
wolfSSL_MD5_Init((MD5_CTX*)&ctx->hash);
}
#endif #endif
/* has to be last since would pick or 256, 384, or 512 too */ /* has to be last since would pick or 256, 384, or 512 too */
else if (XSTRNCMP(type, "SHA", 3) == 0) { else if (XSTRNCMP(type, "SHA", 3) == 0) {
@@ -7951,25 +7967,41 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
unsigned long sz) unsigned long sz)
{ {
WOLFSSL_ENTER("EVP_DigestUpdate"); WOLFSSL_ENTER("EVP_DigestUpdate");
if (ctx->macType == MD5)
wolfSSL_MD5_Update((MD5_CTX*)&ctx->hash, data, (unsigned long)sz); switch (ctx->macType) {
else if (ctx->macType == SHA) #ifndef NO_MD5
wolfSSL_SHA_Update((SHA_CTX*)&ctx->hash, data, (unsigned long)sz); case MD5:
else if (ctx->macType == SHA256) wolfSSL_MD5_Update((MD5_CTX*)&ctx->hash, data,
wolfSSL_SHA256_Update((SHA256_CTX*)&ctx->hash, data, (unsigned long)sz);
(unsigned long)sz); break;
#ifdef WOLFSSL_SHA384 #endif
else if (ctx->macType == SHA384) #ifndef NO_SHA
wolfSSL_SHA384_Update((SHA384_CTX*)&ctx->hash, data, case SHA:
(unsigned long)sz); wolfSSL_SHA_Update((SHA_CTX*)&ctx->hash, data,
#endif (unsigned long)sz);
#ifdef WOLFSSL_SHA512 break;
else if (ctx->macType == SHA512) #endif
wolfSSL_SHA512_Update((SHA512_CTX*)&ctx->hash, data, #ifndef NO_SHA256
(unsigned long)sz); case SHA256:
#endif wolfSSL_SHA256_Update((SHA256_CTX*)&ctx->hash, data,
else (unsigned long)sz);
return BAD_FUNC_ARG; break;
#endif
#ifdef WOLFSSL_SHA384
case SHA384:
wolfSSL_SHA384_Update((SHA384_CTX*)&ctx->hash, data,
(unsigned long)sz);
break;
#endif
#ifdef WOLFSSL_SHA512
case SHA512:
wolfSSL_SHA512_Update((SHA512_CTX*)&ctx->hash, data,
(unsigned long)sz);
break;
#endif
default:
return BAD_FUNC_ARG;
}
return SSL_SUCCESS; return SSL_SUCCESS;
} }
@@ -7980,32 +8012,40 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
unsigned int* s) unsigned int* s)
{ {
WOLFSSL_ENTER("EVP_DigestFinal"); WOLFSSL_ENTER("EVP_DigestFinal");
if (ctx->macType == MD5) { switch (ctx->macType) {
wolfSSL_MD5_Final(md, (MD5_CTX*)&ctx->hash); #ifndef NO_MD5
if (s) *s = MD5_DIGEST_SIZE; case MD5:
wolfSSL_MD5_Final(md, (MD5_CTX*)&ctx->hash);
if (s) *s = MD5_DIGEST_SIZE;
break;
#endif
#ifndef NO_SHA
case SHA:
wolfSSL_SHA_Final(md, (SHA_CTX*)&ctx->hash);
if (s) *s = SHA_DIGEST_SIZE;
break;
#endif
#ifndef NO_SHA256
case SHA256:
wolfSSL_SHA256_Final(md, (SHA256_CTX*)&ctx->hash);
if (s) *s = SHA256_DIGEST_SIZE;
break;
#endif
#ifdef WOLFSSL_SHA384
case SHA384:
wolfSSL_SHA384_Final(md, (SHA384_CTX*)&ctx->hash);
if (s) *s = SHA384_DIGEST_SIZE;
break;
#endif
#ifdef WOLFSSL_SHA512
case SHA512:
wolfSSL_SHA512_Final(md, (SHA512_CTX*)&ctx->hash);
if (s) *s = SHA512_DIGEST_SIZE;
break;
#endif
default:
return BAD_FUNC_ARG;
} }
else if (ctx->macType == SHA) {
wolfSSL_SHA_Final(md, (SHA_CTX*)&ctx->hash);
if (s) *s = SHA_DIGEST_SIZE;
}
else if (ctx->macType == SHA256) {
wolfSSL_SHA256_Final(md, (SHA256_CTX*)&ctx->hash);
if (s) *s = SHA256_DIGEST_SIZE;
}
#ifdef WOLFSSL_SHA384
else if (ctx->macType == SHA384) {
wolfSSL_SHA384_Final(md, (SHA384_CTX*)&ctx->hash);
if (s) *s = SHA384_DIGEST_SIZE;
}
#endif
#ifdef WOLFSSL_SHA512
else if (ctx->macType == SHA512) {
wolfSSL_SHA512_Final(md, (SHA512_CTX*)&ctx->hash);
if (s) *s = SHA512_DIGEST_SIZE;
}
#endif
else
return BAD_FUNC_ARG;
return SSL_SUCCESS; return SSL_SUCCESS;
} }
@@ -11926,12 +11966,14 @@ const WOLFSSL_EVP_MD* wolfSSL_EVP_get_digestbynid(int id)
WOLFSSL_MSG("wolfSSL_get_digestbynid"); WOLFSSL_MSG("wolfSSL_get_digestbynid");
switch(id) { switch(id) {
#ifndef NO_MD5
case NID_md5: case NID_md5:
return wolfSSL_EVP_md5(); return wolfSSL_EVP_md5();
#endif
#ifndef NO_SHA
case NID_sha1: case NID_sha1:
return wolfSSL_EVP_sha1(); return wolfSSL_EVP_sha1();
#endif
default: default:
WOLFSSL_MSG("Bad digest id value"); WOLFSSL_MSG("Bad digest id value");
} }

387
wolfcrypt/src/pwdbased.c
View File

@@ -28,19 +28,19 @@
#ifndef NO_PWDBASED #ifndef NO_PWDBASED
#ifdef WOLFSSL_PIC32MZ_HASH #ifdef WOLFSSL_PIC32MZ_HASH
#ifndef NO_MD5
#define wc_InitMd5 wc_InitMd5_sw
#define wc_Md5Update wc_Md5Update_sw
#define wc_Md5Final wc_Md5Final_sw
#endif /* NO_MD5 */
#define wc_InitMd5 wc_InitMd5_sw #define wc_InitSha wc_InitSha_sw
#define wc_Md5Update wc_Md5Update_sw #define wc_ShaUpdate wc_ShaUpdate_sw
#define wc_Md5Final wc_Md5Final_sw #define wc_ShaFinal wc_ShaFinal_sw
#define wc_InitSha wc_InitSha_sw
#define wc_ShaUpdate wc_ShaUpdate_sw
#define wc_ShaFinal wc_ShaFinal_sw
#define wc_InitSha256 wc_InitSha256_sw
#define wc_Sha256Update wc_Sha256Update_sw
#define wc_Sha256Final wc_Sha256Final_sw
#define wc_InitSha256 wc_InitSha256_sw
#define wc_Sha256Update wc_Sha256Update_sw
#define wc_Sha256Final wc_Sha256Final_sw
#endif #endif
#include <wolfssl/wolfcrypt/pwdbased.h> #include <wolfssl/wolfcrypt/pwdbased.h>
@@ -57,7 +57,6 @@
#include <wolfcrypt/src/misc.c> #include <wolfcrypt/src/misc.c>
#endif #endif
#ifndef min #ifndef min
static INLINE word32 min(word32 a, word32 b) static INLINE word32 min(word32 a, word32 b)
@@ -68,48 +67,63 @@
#endif /* min */ #endif /* min */
/* PBKDF1 needs at least SHA available */
int wc_PBKDF1(byte* output, const byte* passwd, int pLen, const byte* salt, int wc_PBKDF1(byte* output, const byte* passwd, int pLen, const byte* salt,
int sLen, int iterations, int kLen, int hashType) int sLen, int iterations, int kLen, int hashType)
{ {
Md5 md5;
Sha sha; Sha sha;
int hLen = (hashType == MD5) ? (int)MD5_DIGEST_SIZE : (int)SHA_DIGEST_SIZE; #ifndef NO_MD5
Md5 md5;
#endif
int hLen = (int)SHA_DIGEST_SIZE;
int i, ret = 0; int i, ret = 0;
byte buffer[SHA_DIGEST_SIZE]; /* max size */ byte buffer[SHA_DIGEST_SIZE]; /* max size */
if (hashType != MD5 && hashType != SHA) if (hashType != MD5 && hashType != SHA)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
#ifndef NO_MD5
if (hashType == MD5)
hLen = (int)MD5_DIGEST_SIZE;
#endif
if (kLen > hLen) if (kLen > hLen)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
if (iterations < 1) if (iterations < 1)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
if (hashType == MD5) { switch (hashType) {
wc_InitMd5(&md5); #ifndef NO_MD5
wc_Md5Update(&md5, passwd, pLen); case MD5:
wc_Md5Update(&md5, salt, sLen); wc_InitMd5(&md5);
wc_Md5Final(&md5, buffer); wc_Md5Update(&md5, passwd, pLen);
} wc_Md5Update(&md5, salt, sLen);
else { wc_Md5Final(&md5, buffer);
ret = wc_InitSha(&sha); break;
if (ret != 0) #endif /* NO_MD5 */
return ret; case SHA:
wc_ShaUpdate(&sha, passwd, pLen); default:
wc_ShaUpdate(&sha, salt, sLen); ret = wc_InitSha(&sha);
wc_ShaFinal(&sha, buffer); if (ret != 0)
return ret;
wc_ShaUpdate(&sha, passwd, pLen);
wc_ShaUpdate(&sha, salt, sLen);
wc_ShaFinal(&sha, buffer);
break;
} }
for (i = 1; i < iterations; i++) { for (i = 1; i < iterations; i++) {
if (hashType == MD5) { if (hashType == SHA) {
wc_Md5Update(&md5, buffer, hLen);
wc_Md5Final(&md5, buffer);
}
else {
wc_ShaUpdate(&sha, buffer, hLen); wc_ShaUpdate(&sha, buffer, hLen);
wc_ShaFinal(&sha, buffer); wc_ShaFinal(&sha, buffer);
} }
#ifndef NO_MD5
else {
wc_Md5Update(&md5, buffer, hLen);
wc_Md5Final(&md5, buffer);
}
#endif
} }
XMEMCPY(output, buffer, kLen); XMEMCPY(output, buffer, kLen);
@@ -117,6 +131,37 @@ int wc_PBKDF1(byte* output, const byte* passwd, int pLen, const byte* salt,
} }
int GetDigestSize(int hashType)
{
int hLen;
switch (hashType) {
#ifndef NO_MD5
case MD5:
hLen = MD5_DIGEST_SIZE;
break;
#endif
case SHA:
hLen = SHA_DIGEST_SIZE;
break;
#ifndef NO_SHA256
case SHA256:
hLen = SHA256_DIGEST_SIZE;
break;
#endif
#ifdef WOLFSSL_SHA512
case SHA512:
hLen = SHA512_DIGEST_SIZE;
break;
#endif
default:
return BAD_FUNC_ARG;
}
return hLen;
}
int wc_PBKDF2(byte* output, const byte* passwd, int pLen, const byte* salt, int wc_PBKDF2(byte* output, const byte* passwd, int pLen, const byte* salt,
int sLen, int iterations, int kLen, int hashType) int sLen, int iterations, int kLen, int hashType)
{ {
@@ -130,23 +175,8 @@ int wc_PBKDF2(byte* output, const byte* passwd, int pLen, const byte* salt,
byte buffer[MAX_DIGEST_SIZE]; byte buffer[MAX_DIGEST_SIZE];
#endif #endif
if (hashType == MD5) { hLen = GetDigestSize(hashType);
hLen = MD5_DIGEST_SIZE; if (hLen < 0)
}
else if (hashType == SHA) {
hLen = SHA_DIGEST_SIZE;
}
#ifndef NO_SHA256
else if (hashType == SHA256) {
hLen = SHA256_DIGEST_SIZE;
}
#endif
#ifdef WOLFSSL_SHA512
else if (hashType == SHA512) {
hLen = SHA512_DIGEST_SIZE;
}
#endif
else
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
@@ -213,13 +243,155 @@ int wc_PBKDF2(byte* output, const byte* passwd, int pLen, const byte* salt,
} }
#ifdef WOLFSSL_SHA512 #ifdef WOLFSSL_SHA512
#define PBKDF_DIGEST_SIZE SHA512_BLOCK_SIZE #define PBKDF_DIGEST_SIZE SHA512_BLOCK_SIZE
#elif !defined(NO_SHA256) #elif !defined(NO_SHA256)
#define PBKDF_DIGEST_SIZE SHA256_BLOCK_SIZE #define PBKDF_DIGEST_SIZE SHA256_BLOCK_SIZE
#else #else
#define PBKDF_DIGEST_SIZE SHA_DIGEST_SIZE #define PBKDF_DIGEST_SIZE SHA_DIGEST_SIZE
#endif #endif
/* helper for wc_PKCS12_PBKDF(), sets block and digest sizes */
int GetPKCS12HashSizes(int hashType, word32* v, word32* u)
{
if (!v || !u)
return BAD_FUNC_ARG;
switch (hashType) {
#ifndef NO_MD5
case MD5:
*v = MD5_BLOCK_SIZE;
*u = MD5_DIGEST_SIZE;
break;
#endif
case SHA:
*v = SHA_BLOCK_SIZE;
*u = SHA_DIGEST_SIZE;
break;
#ifndef NO_SHA256
case SHA256:
*v = SHA256_BLOCK_SIZE;
*u = SHA256_DIGEST_SIZE;
break;
#endif
#ifdef WOLFSSL_SHA512
case SHA512:
*v = SHA512_BLOCK_SIZE;
*u = SHA512_DIGEST_SIZE;
break;
#endif
default:
return BAD_FUNC_ARG;
}
return 0;
}
/* helper for PKCS12_PBKDF(), does hash operation */
int DoPKCS12Hash(int hashType, byte* buffer, word32 totalLen,
byte* Ai, word32 u, int iterations)
{
int i;
int ret = 0;
if (buffer == NULL || Ai == NULL)
return BAD_FUNC_ARG;
switch (hashType) {
#ifndef NO_MD5
case MD5:
{
Md5 md5;
wc_InitMd5(&md5);
wc_Md5Update(&md5, buffer, totalLen);
wc_Md5Final(&md5, Ai);
for (i = 1; i < iterations; i++) {
wc_Md5Update(&md5, Ai, u);
wc_Md5Final(&md5, Ai);
}
}
break;
#endif /* NO_MD5 */
case SHA:
{
Sha sha;
ret = wc_InitSha(&sha);
if (ret != 0)
break;
wc_ShaUpdate(&sha, buffer, totalLen);
wc_ShaFinal(&sha, Ai);
for (i = 1; i < iterations; i++) {
wc_ShaUpdate(&sha, Ai, u);
wc_ShaFinal(&sha, Ai);
}
}
break;
#ifndef NO_SHA256
case SHA256:
{
Sha256 sha256;
ret = wc_InitSha256(&sha256);
if (ret != 0)
break;
ret = wc_Sha256Update(&sha256, buffer, totalLen);
if (ret != 0)
break;
ret = wc_Sha256Final(&sha256, Ai);
if (ret != 0)
break;
for (i = 1; i < iterations; i++) {
ret = wc_Sha256Update(&sha256, Ai, u);
if (ret != 0)
break;
ret = wc_Sha256Final(&sha256, Ai);
if (ret != 0)
break;
}
}
break;
#endif /* NO_SHA256 */
#ifdef WOLFSSL_SHA512
case SHA512:
{
Sha512 sha512;
ret = wc_InitSha512(&sha512);
if (ret != 0)
break;
ret = wc_Sha512Update(&sha512, buffer, totalLen);
if (ret != 0)
break;
ret = wc_Sha512Final(&sha512, Ai);
if (ret != 0)
break;
for (i = 1; i < iterations; i++) {
ret = wc_Sha512Update(&sha512, Ai, u);
if (ret != 0)
break;
ret = wc_Sha512Final(&sha512, Ai);
if (ret != 0)
break;
}
}
break;
#endif /* WOLFSSL_SHA512 */
default:
ret = BAD_FUNC_ARG;
break;
}
return ret;
}
int wc_PKCS12_PBKDF(byte* output, const byte* passwd, int passLen,const byte* salt, int wc_PKCS12_PBKDF(byte* output, const byte* passwd, int passLen,const byte* salt,
int saltLen, int iterations, int kLen, int hashType, int id) int saltLen, int iterations, int kLen, int hashType, int id)
{ {
@@ -247,27 +419,8 @@ int wc_PKCS12_PBKDF(byte* output, const byte* passwd, int passLen,const byte* sa
if (!iterations) if (!iterations)
iterations = 1; iterations = 1;
if (hashType == MD5) { ret = GetPKCS12HashSizes(hashType, &v, &u);
v = MD5_BLOCK_SIZE; if (ret < 0)
u = MD5_DIGEST_SIZE;
}
else if (hashType == SHA) {
v = SHA_BLOCK_SIZE;
u = SHA_DIGEST_SIZE;
}
#ifndef NO_SHA256
else if (hashType == SHA256) {
v = SHA256_BLOCK_SIZE;
u = SHA256_DIGEST_SIZE;
}
#endif
#ifdef WOLFSSL_SHA512
else if (hashType == SHA512) {
v = SHA512_BLOCK_SIZE;
u = SHA512_DIGEST_SIZE;
}
#endif
else
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
@@ -282,6 +435,9 @@ int wc_PKCS12_PBKDF(byte* output, const byte* passwd, int passLen,const byte* sa
} }
#endif #endif
XMEMSET(Ai, 0, PBKDF_DIGEST_SIZE);
XMEMSET(B, 0, PBKDF_DIGEST_SIZE);
dLen = v; dLen = v;
sLen = v * ((saltLen + v - 1) / v); sLen = v * ((saltLen + v - 1) / v);
if (passLen) if (passLen)
@@ -302,7 +458,7 @@ int wc_PKCS12_PBKDF(byte* output, const byte* passwd, int passLen,const byte* sa
return MEMORY_E; return MEMORY_E;
} }
dynamic = 1; dynamic = 1;
} }
D = buffer; D = buffer;
S = D + dLen; S = D + dLen;
@@ -320,86 +476,9 @@ int wc_PKCS12_PBKDF(byte* output, const byte* passwd, int passLen,const byte* sa
word32 currentLen; word32 currentLen;
mp_int B1; mp_int B1;
if (hashType == MD5) { ret = DoPKCS12Hash(hashType, buffer, totalLen, Ai, u, iterations);
Md5 md5; if (ret < 0)
break;
wc_InitMd5(&md5);
wc_Md5Update(&md5, buffer, totalLen);
wc_Md5Final(&md5, Ai);
for (i = 1; i < iterations; i++) {
wc_Md5Update(&md5, Ai, u);
wc_Md5Final(&md5, Ai);
}
}
else if (hashType == SHA) {
Sha sha;
ret = wc_InitSha(&sha);
if (ret != 0)
break;
wc_ShaUpdate(&sha, buffer, totalLen);
wc_ShaFinal(&sha, Ai);
for (i = 1; i < iterations; i++) {
wc_ShaUpdate(&sha, Ai, u);
wc_ShaFinal(&sha, Ai);
}
}
#ifndef NO_SHA256
else if (hashType == SHA256) {
Sha256 sha256;
ret = wc_InitSha256(&sha256);
if (ret != 0)
break;
ret = wc_Sha256Update(&sha256, buffer, totalLen);
if (ret != 0)
break;
ret = wc_Sha256Final(&sha256, Ai);
if (ret != 0)
break;
for (i = 1; i < iterations; i++) {
ret = wc_Sha256Update(&sha256, Ai, u);
if (ret != 0)
break;
ret = wc_Sha256Final(&sha256, Ai);
if (ret != 0)
break;
}
}
#endif
#ifdef WOLFSSL_SHA512
else if (hashType == SHA512) {
Sha512 sha512;
ret = wc_InitSha512(&sha512);
if (ret != 0)
break;
ret = wc_Sha512Update(&sha512, buffer, totalLen);
if (ret != 0)
break;
ret = wc_Sha512Final(&sha512, Ai);
if (ret != 0)
break;
for (i = 1; i < iterations; i++) {
ret = wc_Sha512Update(&sha512, Ai, u);
if (ret != 0)
break;
ret = wc_Sha512Final(&sha512, Ai);
if (ret != 0)
break;
}
}
#endif
for (i = 0; i < (int)v; i++) for (i = 0; i < (int)v; i++)
B[i] = Ai[i % u]; B[i] = Ai[i % u];

9
wolfcrypt/test/test.c
View File

@@ -4393,9 +4393,13 @@ int openssl_test(void)
testVector a, b, c, d, e, f; testVector a, b, c, d, e, f;
byte hash[SHA_DIGEST_SIZE*4]; /* max size */ byte hash[SHA_DIGEST_SIZE*4]; /* max size */
(void)a;
(void)c;
(void)e; (void)e;
(void)f; (void)f;
#ifndef NO_MD5
a.input = "1234567890123456789012345678901234567890123456789012345678" a.input = "1234567890123456789012345678901234567890123456789012345678"
"9012345678901234567890"; "9012345678901234567890";
a.output = "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55\xac\x49\xda\x2e\x21\x07\xb6" a.output = "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55\xac\x49\xda\x2e\x21\x07\xb6"
@@ -4412,6 +4416,8 @@ int openssl_test(void)
if (memcmp(hash, a.output, MD5_DIGEST_SIZE) != 0) if (memcmp(hash, a.output, MD5_DIGEST_SIZE) != 0)
return -71; return -71;
#endif /* NO_MD5 */
b.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" b.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
"aaaaaaaaaa"; "aaaaaaaaaa";
@@ -4493,6 +4499,7 @@ int openssl_test(void)
#endif /* WOLFSSL_SHA512 */ #endif /* WOLFSSL_SHA512 */
#ifndef NO_MD5
if (RAND_bytes(hash, sizeof(hash)) != 1) if (RAND_bytes(hash, sizeof(hash)) != 1)
return -73; return -73;
@@ -4507,6 +4514,8 @@ int openssl_test(void)
if (memcmp(hash, c.output, MD5_DIGEST_SIZE) != 0) if (memcmp(hash, c.output, MD5_DIGEST_SIZE) != 0)
return -74; return -74;
#endif /* NO_MD5 */
#ifndef NO_DES3 #ifndef NO_DES3
{ /* des test */ { /* des test */
const byte vector[] = { /* "now is the time for all " w/o trailing 0 */ const byte vector[] = { /* "now is the time for all " w/o trailing 0 */

18
wolfssl/openssl/evp.h
View File

@@ -34,7 +34,9 @@
#include "prefix_evp.h" #include "prefix_evp.h"
#endif #endif
#include <wolfssl/openssl/md5.h> #ifndef NO_MD5
#include <wolfssl/openssl/md5.h>
#endif
#include <wolfssl/openssl/sha.h> #include <wolfssl/openssl/sha.h>
#include <wolfssl/openssl/ripemd.h> #include <wolfssl/openssl/ripemd.h>
#include <wolfssl/openssl/rsa.h> #include <wolfssl/openssl/rsa.h>
@@ -52,7 +54,9 @@
typedef char WOLFSSL_EVP_MD; typedef char WOLFSSL_EVP_MD;
typedef char WOLFSSL_EVP_CIPHER; typedef char WOLFSSL_EVP_CIPHER;
WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_md5(void); #ifndef NO_MD5
WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_md5(void);
#endif
WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_sha1(void); WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_sha1(void);
WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_sha256(void); WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_sha256(void);
WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_sha384(void); WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_sha384(void);
@@ -72,7 +76,9 @@ WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_enc_null(void);
typedef union { typedef union {
WOLFSSL_MD5_CTX md5; #ifndef NO_MD5
WOLFSSL_MD5_CTX md5;
#endif
WOLFSSL_SHA_CTX sha; WOLFSSL_SHA_CTX sha;
WOLFSSL_SHA256_CTX sha256; WOLFSSL_SHA256_CTX sha256;
#ifdef WOLFSSL_SHA384 #ifdef WOLFSSL_SHA384
@@ -148,10 +154,12 @@ WOLFSSL_API int wolfSSL_EVP_DigestFinal(WOLFSSL_EVP_MD_CTX* ctx, unsigned char*
unsigned int* s); unsigned int* s);
WOLFSSL_API int wolfSSL_EVP_DigestFinal_ex(WOLFSSL_EVP_MD_CTX* ctx, WOLFSSL_API int wolfSSL_EVP_DigestFinal_ex(WOLFSSL_EVP_MD_CTX* ctx,
unsigned char* md, unsigned int* s); unsigned char* md, unsigned int* s);
#ifndef NO_MD5
WOLFSSL_API int wolfSSL_EVP_BytesToKey(const WOLFSSL_EVP_CIPHER*, WOLFSSL_API int wolfSSL_EVP_BytesToKey(const WOLFSSL_EVP_CIPHER*,
const WOLFSSL_EVP_MD*, const unsigned char*, const WOLFSSL_EVP_MD*, const unsigned char*,
const unsigned char*, int, int, unsigned char*, const unsigned char*, int, int, unsigned char*,
unsigned char*); unsigned char*);
#endif
WOLFSSL_API void wolfSSL_EVP_CIPHER_CTX_init(WOLFSSL_EVP_CIPHER_CTX* ctx); WOLFSSL_API void wolfSSL_EVP_CIPHER_CTX_init(WOLFSSL_EVP_CIPHER_CTX* ctx);
WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_cleanup(WOLFSSL_EVP_CIPHER_CTX* ctx); WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_cleanup(WOLFSSL_EVP_CIPHER_CTX* ctx);
@@ -195,7 +203,9 @@ typedef WOLFSSL_EVP_CIPHER EVP_CIPHER;
typedef WOLFSSL_EVP_MD_CTX EVP_MD_CTX; typedef WOLFSSL_EVP_MD_CTX EVP_MD_CTX;
typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX; typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX;
#define EVP_md5 wolfSSL_EVP_md5 #ifndef NO_MD5
#define EVP_md5 wolfSSL_EVP_md5
#endif
#define EVP_sha1 wolfSSL_EVP_sha1 #define EVP_sha1 wolfSSL_EVP_sha1
#define EVP_sha256 wolfSSL_EVP_sha256 #define EVP_sha256 wolfSSL_EVP_sha256
#define EVP_sha384 wolfSSL_EVP_sha384 #define EVP_sha384 wolfSSL_EVP_sha384

3
wolfssl/openssl/md5.h
View File

@@ -6,6 +6,8 @@
#include <wolfssl/wolfcrypt/settings.h> #include <wolfssl/wolfcrypt/settings.h>
#ifndef NO_MD5
#ifdef WOLFSSL_PREFIX #ifdef WOLFSSL_PREFIX
#include "prefix_md5.h" #include "prefix_md5.h"
#endif #endif
@@ -34,6 +36,7 @@ typedef WOLFSSL_MD5_CTX MD5_CTX;
} /* extern "C" */ } /* extern "C" */
#endif #endif
#endif /* NO_MD5 */
#endif /* WOLFSSL_MD5_H_ */ #endif /* WOLFSSL_MD5_H_ */

11
wolfssl/wolfcrypt/pwdbased.h
View File

@@ -26,7 +26,10 @@
#ifndef NO_PWDBASED #ifndef NO_PWDBASED
#include <wolfssl/wolfcrypt/md5.h> /* for hash type */ #ifndef NO_MD5
#include <wolfssl/wolfcrypt/md5.h> /* for hash type */
#endif
#include <wolfssl/wolfcrypt/sha.h> #include <wolfssl/wolfcrypt/sha.h>
#ifdef __cplusplus #ifdef __cplusplus
@@ -47,6 +50,12 @@ WOLFSSL_API int wc_PKCS12_PBKDF(byte* output, const byte* passwd, int pLen,
const byte* salt, int sLen, int iterations, const byte* salt, int sLen, int iterations,
int kLen, int typeH, int purpose); int kLen, int typeH, int purpose);
/* helper functions */
WOLFSSL_LOCAL int GetDigestSize(int hashType);
WOLFSSL_LOCAL int GetPKCS12HashSizes(int hashType, word32* v, word32* u);
WOLFSSL_LOCAL int DoPKCS12Hash(int hashType, byte* buffer, word32 totalLen,
byte* Ai, word32 u, int iterations);
#ifdef __cplusplus #ifdef __cplusplus
} /* extern "C" */ } /* extern "C" */