diff --git a/src/ssl.c b/src/ssl.c index 5568112ff..f2451329c 100755 --- a/src/ssl.c +++ b/src/ssl.c @@ -15919,2107 +15919,6 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, #endif /* WOLFSSL_NOSHA3_512 */ #endif /* WOLFSSL_SHA3 */ - static const struct s_ent { - const unsigned char macType; - const char *name; - } md_tbl[] = { - #ifndef NO_MD4 - {WC_HASH_TYPE_MD4, "MD4"}, - #endif /* NO_MD4 */ - - #ifndef NO_MD5 - {WC_HASH_TYPE_MD5, "MD5"}, - #endif /* NO_MD5 */ - - #ifndef NO_SHA - {WC_HASH_TYPE_SHA, "SHA"}, - #endif /* NO_SHA */ - - #ifdef WOLFSSL_SHA224 - {WC_HASH_TYPE_SHA224, "SHA224"}, - #endif /* WOLFSSL_SHA224 */ - #ifndef NO_SHA256 - {WC_HASH_TYPE_SHA256, "SHA256"}, - #endif - - #ifdef WOLFSSL_SHA384 - {WC_HASH_TYPE_SHA384, "SHA384"}, - #endif /* WOLFSSL_SHA384 */ - #ifdef WOLFSSL_SHA512 - {WC_HASH_TYPE_SHA512, "SHA512"}, - #endif /* WOLFSSL_SHA512 */ -#ifndef WOLFSSL_NOSHA3_224 - {WC_HASH_TYPE_SHA3_224, "SHA3_224"}, -#endif -#ifndef WOLFSSL_NOSHA3_256 - {WC_HASH_TYPE_SHA3_256, "SHA3_256"}, -#endif - {WC_HASH_TYPE_SHA3_384, "SHA3_384"}, -#ifndef WOLFSSL_NOSHA3_512 - {WC_HASH_TYPE_SHA3_512, "SHA3_512"}, -#endif - {0, NULL} - }; - -const WOLFSSL_EVP_MD *wolfSSL_EVP_get_digestbyname(const char *name) -{ - static const struct alias { - const char *name; - const char *alias; - } alias_tbl[] = - { - {"MD4", "ssl3-md4"}, - {"MD5", "ssl3-md5"}, - {"SHA", "ssl3-sha1"}, - {"SHA", "SHA1"}, - { NULL, NULL} - }; - - const struct alias *al; - const struct s_ent *ent; - - - for (al = alias_tbl; al->name != NULL; al++) - if(XSTRNCMP(name, al->alias, XSTRLEN(al->alias)+1) == 0) { - name = al->name; - break; - } - - for (ent = md_tbl; ent->name != NULL; ent++) - if(XSTRNCMP(name, ent->name, XSTRLEN(ent->name)+1) == 0) { - return (EVP_MD *)ent->name; - } - return NULL; -} - -static WOLFSSL_EVP_MD *wolfSSL_EVP_get_md(const unsigned char type) -{ - const struct s_ent *ent ; - WOLFSSL_ENTER("EVP_get_md"); - for( ent = md_tbl; ent->name != NULL; ent++){ - if(type == ent->macType) { - return (WOLFSSL_EVP_MD *)ent->name; - } - } - return (WOLFSSL_EVP_MD *)""; -} - -int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) -{ - const struct s_ent *ent ; - WOLFSSL_ENTER("EVP_MD_type"); - for( ent = md_tbl; ent->name != NULL; ent++){ - if(XSTRNCMP((const char *)md, ent->name, XSTRLEN(ent->name)+1) == 0) { - return ent->macType; - } - } - return 0; -} - - -#ifndef NO_MD4 - - /* return a pointer to MD4 EVP type */ - const WOLFSSL_EVP_MD* wolfSSL_EVP_md4(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_md4"); - return EVP_get_digestbyname("MD4"); - } - -#endif /* !NO_MD4 */ - - -#ifndef NO_MD5 - - const WOLFSSL_EVP_MD* wolfSSL_EVP_md5(void) - { - WOLFSSL_ENTER("EVP_md5"); - return EVP_get_digestbyname("MD5"); - } - -#endif /* !NO_MD5 */ - - -#ifndef NO_WOLFSSL_STUB - const WOLFSSL_EVP_MD* wolfSSL_EVP_mdc2(void) - { - WOLFSSL_STUB("EVP_mdc2"); - return NULL; - } -#endif - -#ifndef NO_SHA - const WOLFSSL_EVP_MD* wolfSSL_EVP_sha1(void) - { - WOLFSSL_ENTER("EVP_sha1"); - return EVP_get_digestbyname("SHA"); - } -#endif /* NO_SHA */ - -#ifdef WOLFSSL_SHA224 - - const WOLFSSL_EVP_MD* wolfSSL_EVP_sha224(void) - { - WOLFSSL_ENTER("EVP_sha224"); - return EVP_get_digestbyname("SHA224"); - } - -#endif /* WOLFSSL_SHA224 */ - - - const WOLFSSL_EVP_MD* wolfSSL_EVP_sha256(void) - { - WOLFSSL_ENTER("EVP_sha256"); - return EVP_get_digestbyname("SHA256"); - } - -#ifdef WOLFSSL_SHA384 - - const WOLFSSL_EVP_MD* wolfSSL_EVP_sha384(void) - { - WOLFSSL_ENTER("EVP_sha384"); - return EVP_get_digestbyname("SHA384"); - } - -#endif /* WOLFSSL_SHA384 */ - -#ifdef WOLFSSL_SHA512 - - const WOLFSSL_EVP_MD* wolfSSL_EVP_sha512(void) - { - WOLFSSL_ENTER("EVP_sha512"); - return EVP_get_digestbyname("SHA512"); - } - -#endif /* WOLFSSL_SHA512 */ - -#ifdef WOLFSSL_SHA3 -#ifndef WOLFSSL_NOSHA3_224 - const WOLFSSL_EVP_MD* wolfSSL_EVP_sha3_224(void) - { - WOLFSSL_ENTER("EVP_sha3_224"); - return EVP_get_digestbyname("SHA3_224"); - } -#endif /* WOLFSSL_NOSHA3_224 */ - - -#ifndef WOLFSSL_NOSHA3_256 - const WOLFSSL_EVP_MD* wolfSSL_EVP_sha3_256(void) - { - WOLFSSL_ENTER("EVP_sha3_256"); - return EVP_get_digestbyname("SHA3_256"); - } -#endif /* WOLFSSL_NOSHA3_256 */ - - const WOLFSSL_EVP_MD* wolfSSL_EVP_sha3_384(void) - { - WOLFSSL_ENTER("EVP_sha3_384"); - return EVP_get_digestbyname("SHA3_384"); - } - -#ifndef WOLFSSL_NOSHA3_512 - const WOLFSSL_EVP_MD* wolfSSL_EVP_sha3_512(void) - { - WOLFSSL_ENTER("EVP_sha3_512"); - return EVP_get_digestbyname("SHA3_512"); - } -#endif /* WOLFSSL_NOSHA3_512 */ -#endif /* WOLFSSL_SHA3 */ - - WOLFSSL_EVP_MD_CTX *wolfSSL_EVP_MD_CTX_new(void) - { - WOLFSSL_EVP_MD_CTX* ctx; - WOLFSSL_ENTER("EVP_MD_CTX_new"); - ctx = (WOLFSSL_EVP_MD_CTX*)XMALLOC(sizeof *ctx, NULL, - DYNAMIC_TYPE_OPENSSL); - if (ctx){ - wolfSSL_EVP_MD_CTX_init(ctx); - } - return ctx; - } - - WOLFSSL_API void wolfSSL_EVP_MD_CTX_free(WOLFSSL_EVP_MD_CTX *ctx) - { - if (ctx) { - WOLFSSL_ENTER("EVP_MD_CTX_free"); - wolfSSL_EVP_MD_CTX_cleanup(ctx); - XFREE(ctx, NULL, DYNAMIC_TYPE_OPENSSL); - } - } - - - /* returns the type of message digest used by the ctx */ - int wolfSSL_EVP_MD_CTX_type(const WOLFSSL_EVP_MD_CTX *ctx) { - WOLFSSL_ENTER("EVP_MD_CTX_type"); - return ctx->macType; - } - - - /* returns WOLFSSL_SUCCESS on success */ - int wolfSSL_EVP_MD_CTX_copy(WOLFSSL_EVP_MD_CTX *out, const WOLFSSL_EVP_MD_CTX *in) - { - return wolfSSL_EVP_MD_CTX_copy_ex(out, in); - } - - /* returns digest size */ - int wolfSSL_EVP_MD_CTX_size(const WOLFSSL_EVP_MD_CTX *ctx) { - return(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(ctx))); - } - /* returns block size */ - int wolfSSL_EVP_MD_CTX_block_size(const WOLFSSL_EVP_MD_CTX *ctx) { - return(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(ctx))); - } - - /* Deep copy of EVP_MD hasher - * return WOLFSSL_SUCCESS on success */ - static int wolfSSL_EVP_MD_Copy_Hasher(WOLFSSL_EVP_MD_CTX* des, - const WOLFSSL_EVP_MD_CTX* src) - { - if (src->macType == (NID_hmac & 0xFF)) { - wolfSSL_HmacCopy(&des->hash.hmac, (Hmac*)&src->hash.hmac); - } - else { - switch (src->macType) { - #ifndef NO_MD5 - case WC_HASH_TYPE_MD5: - wc_Md5Copy((wc_Md5*)&src->hash.digest, - (wc_Md5*)&des->hash.digest); - break; - #endif /* !NO_MD5 */ - - #ifndef NO_SHA - case WC_HASH_TYPE_SHA: - wc_ShaCopy((wc_Sha*)&src->hash.digest, - (wc_Sha*)&des->hash.digest); - break; - #endif /* !NO_SHA */ - - #ifdef WOLFSSL_SHA224 - case WC_HASH_TYPE_SHA224: - wc_Sha224Copy((wc_Sha224*)&src->hash.digest, - (wc_Sha224*)&des->hash.digest); - break; - #endif /* WOLFSSL_SHA224 */ - - #ifndef NO_SHA256 - case WC_HASH_TYPE_SHA256: - wc_Sha256Copy((wc_Sha256*)&src->hash.digest, - (wc_Sha256*)&des->hash.digest); - break; - #endif /* !NO_SHA256 */ - - #ifdef WOLFSSL_SHA384 - case WC_HASH_TYPE_SHA384: - wc_Sha384Copy((wc_Sha384*)&src->hash.digest, - (wc_Sha384*)&des->hash.digest); - break; - #endif /* WOLFSSL_SHA384 */ - #ifdef WOLFSSL_SHA512 - case WC_HASH_TYPE_SHA512: - wc_Sha512Copy((wc_Sha512*)&src->hash.digest, - (wc_Sha512*)&des->hash.digest); - break; - #endif /* WOLFSSL_SHA512 */ - #ifdef WOLFSSL_SHA3 - #ifndef WOLFSSL_NOSHA3_224 - case WC_HASH_TYPE_SHA3_224: - wc_Sha3_224_Copy((wc_Sha3*)&src->hash.digest, - (wc_Sha3*)&des->hash.digest); - break; - #endif - - #ifndef WOLFSSL_NOSHA3_256 - case WC_HASH_TYPE_SHA3_256: - wc_Sha3_256_Copy((wc_Sha3*)&src->hash.digest, - (wc_Sha3*)&des->hash.digest); - break; - #endif - - case WC_HASH_TYPE_SHA3_384: - wc_Sha3_384_Copy((wc_Sha3*)&src->hash.digest, - (wc_Sha3*)&des->hash.digest); - break; - - #ifndef WOLFSSL_NOSHA3_512 - case WC_HASH_TYPE_SHA3_512: - wc_Sha3_512_Copy((wc_Sha3*)&src->hash.digest, - (wc_Sha3*)&des->hash.digest); - break; - #endif - #endif - default: - return WOLFSSL_FAILURE; - } - } - return WOLFSSL_SUCCESS; - } - - - /* copies structure in to the structure out - * - * returns WOLFSSL_SUCCESS on success */ - int wolfSSL_EVP_MD_CTX_copy_ex(WOLFSSL_EVP_MD_CTX *out, const WOLFSSL_EVP_MD_CTX *in) - { - if ((out == NULL) || (in == NULL)) return WOLFSSL_FAILURE; - WOLFSSL_ENTER("EVP_CIPHER_MD_CTX_copy_ex"); - XMEMCPY(out, in, sizeof(WOLFSSL_EVP_MD_CTX)); - if (in->pctx != NULL) { - out->pctx = wolfSSL_EVP_PKEY_CTX_new(in->pctx->pkey, NULL); - if (out->pctx == NULL) - return WOLFSSL_FAILURE; - } - return wolfSSL_EVP_MD_Copy_Hasher(out, (WOLFSSL_EVP_MD_CTX*)in); - } - - void wolfSSL_EVP_MD_CTX_init(WOLFSSL_EVP_MD_CTX* ctx) - { - WOLFSSL_ENTER("EVP_CIPHER_MD_CTX_init"); - XMEMSET(ctx, 0, sizeof(WOLFSSL_EVP_MD_CTX)); - } - - const WOLFSSL_EVP_MD *wolfSSL_EVP_MD_CTX_md(const WOLFSSL_EVP_MD_CTX *ctx) - { - if (ctx == NULL) - return NULL; - WOLFSSL_ENTER("EVP_MD_CTX_md"); - return (const WOLFSSL_EVP_MD *)wolfSSL_EVP_get_md(ctx->macType); - } - - #ifndef NO_AES - - #ifdef HAVE_AES_CBC - #ifdef WOLFSSL_AES_128 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cbc(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_128_cbc"); - if (EVP_AES_128_CBC == NULL) - wolfSSL_EVP_init(); - return EVP_AES_128_CBC; - } - #endif /* WOLFSSL_AES_128 */ - - - #ifdef WOLFSSL_AES_192 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_cbc(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_192_cbc"); - if (EVP_AES_192_CBC == NULL) - wolfSSL_EVP_init(); - return EVP_AES_192_CBC; - } - #endif /* WOLFSSL_AES_192 */ - - - #ifdef WOLFSSL_AES_256 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_cbc(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_256_cbc"); - if (EVP_AES_256_CBC == NULL) - wolfSSL_EVP_init(); - return EVP_AES_256_CBC; - } - #endif /* WOLFSSL_AES_256 */ - #endif /* HAVE_AES_CBC */ - - #ifdef WOLFSSL_AES_CFB -#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) - #ifdef WOLFSSL_AES_128 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cfb1(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_128_cfb1"); - if (EVP_AES_128_CFB1 == NULL) - wolfSSL_EVP_init(); - return EVP_AES_128_CFB1; - } - #endif /* WOLFSSL_AES_128 */ - - #ifdef WOLFSSL_AES_192 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_cfb1(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_192_cfb1"); - if (EVP_AES_192_CFB1 == NULL) - wolfSSL_EVP_init(); - return EVP_AES_192_CFB1; - } - #endif /* WOLFSSL_AES_192 */ - - #ifdef WOLFSSL_AES_256 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_cfb1(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_256_cfb1"); - if (EVP_AES_256_CFB1 == NULL) - wolfSSL_EVP_init(); - return EVP_AES_256_CFB1; - } - #endif /* WOLFSSL_AES_256 */ - - #ifdef WOLFSSL_AES_128 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cfb8(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_128_cfb8"); - if (EVP_AES_128_CFB8 == NULL) - wolfSSL_EVP_init(); - return EVP_AES_128_CFB8; - } - #endif /* WOLFSSL_AES_128 */ - - #ifdef WOLFSSL_AES_192 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_cfb8(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_192_cfb8"); - if (EVP_AES_192_CFB8 == NULL) - wolfSSL_EVP_init(); - return EVP_AES_192_CFB8; - } - #endif /* WOLFSSL_AES_192 */ - - #ifdef WOLFSSL_AES_256 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_cfb8(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_256_cfb8"); - if (EVP_AES_256_CFB8 == NULL) - wolfSSL_EVP_init(); - return EVP_AES_256_CFB8; - } - #endif /* WOLFSSL_AES_256 */ -#endif /* !HAVE_SELFTEST && !HAVE_FIPS */ - - #ifdef WOLFSSL_AES_128 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cfb128(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_128_cfb128"); - if (EVP_AES_128_CFB128 == NULL) - wolfSSL_EVP_init(); - return EVP_AES_128_CFB128; - } - #endif /* WOLFSSL_AES_128 */ - - #ifdef WOLFSSL_AES_192 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_cfb128(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_192_cfb128"); - if (EVP_AES_192_CFB128 == NULL) - wolfSSL_EVP_init(); - return EVP_AES_192_CFB128; - } - #endif /* WOLFSSL_AES_192 */ - - #ifdef WOLFSSL_AES_256 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_cfb128(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_256_cfb128"); - if (EVP_AES_256_CFB128 == NULL) - wolfSSL_EVP_init(); - return EVP_AES_256_CFB128; - } - #endif /* WOLFSSL_AES_256 */ - #endif /* WOLFSSL_AES_CFB */ - - #ifdef WOLFSSL_AES_OFB - #ifdef WOLFSSL_AES_128 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_ofb(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_128_ofb"); - if (EVP_AES_128_OFB == NULL) - wolfSSL_EVP_init(); - return EVP_AES_128_OFB; - } - #endif /* WOLFSSL_AES_128 */ - - #ifdef WOLFSSL_AES_192 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_ofb(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_192_ofb"); - if (EVP_AES_192_OFB == NULL) - wolfSSL_EVP_init(); - return EVP_AES_192_OFB; - } - #endif /* WOLFSSL_AES_192 */ - - #ifdef WOLFSSL_AES_256 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_ofb(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_256_ofb"); - if (EVP_AES_256_OFB == NULL) - wolfSSL_EVP_init(); - return EVP_AES_256_OFB; - } - #endif /* WOLFSSL_AES_256 */ - #endif /* WOLFSSL_AES_OFB */ - - #ifdef WOLFSSL_AES_XTS - #ifdef WOLFSSL_AES_128 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_xts(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_128_xts"); - if (EVP_AES_128_XTS == NULL) - wolfSSL_EVP_init(); - return EVP_AES_128_XTS; - } - #endif /* WOLFSSL_AES_128 */ - - #ifdef WOLFSSL_AES_256 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_xts(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_256_xts"); - if (EVP_AES_256_XTS == NULL) - wolfSSL_EVP_init(); - return EVP_AES_256_XTS; - } - #endif /* WOLFSSL_AES_256 */ - #endif /* WOLFSSL_AES_XTS */ - - #ifdef HAVE_AESGCM - #ifdef WOLFSSL_AES_128 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_gcm(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_128_gcm"); - if (EVP_AES_128_GCM == NULL) - wolfSSL_EVP_init(); - return EVP_AES_128_GCM; - } - #endif /* WOLFSSL_GCM_128 */ - - #ifdef WOLFSSL_AES_192 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_gcm(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_192_gcm"); - if (EVP_AES_192_GCM == NULL) - wolfSSL_EVP_init(); - return EVP_AES_192_GCM; - } - #endif /* WOLFSSL_AES_192 */ - - #ifdef WOLFSSL_AES_256 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_gcm(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_256_gcm"); - if (EVP_AES_256_GCM == NULL) - wolfSSL_EVP_init(); - return EVP_AES_256_GCM; - } - #endif /* WOLFSSL_AES_256 */ - #endif /* HAVE_AESGCM */ - - #ifdef WOLFSSL_AES_128 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_ctr(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_128_ctr"); - if (EVP_AES_128_CTR == NULL) - wolfSSL_EVP_init(); - return EVP_AES_128_CTR; - } - #endif /* WOLFSSL_AES_2128 */ - - - #ifdef WOLFSSL_AES_192 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_ctr(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_192_ctr"); - if (EVP_AES_192_CTR == NULL) - wolfSSL_EVP_init(); - return EVP_AES_192_CTR; - } - #endif /* WOLFSSL_AES_192 */ - - - #ifdef WOLFSSL_AES_256 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_ctr(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_256_ctr"); - if (EVP_AES_256_CTR == NULL) - wolfSSL_EVP_init(); - return EVP_AES_256_CTR; - } - #endif /* WOLFSSL_AES_256 */ - - #ifdef WOLFSSL_AES_128 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_ecb(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_128_ecb"); - if (EVP_AES_128_ECB == NULL) - wolfSSL_EVP_init(); - return EVP_AES_128_ECB; - } - #endif /* WOLFSSL_AES_128 */ - - - #ifdef WOLFSSL_AES_192 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_ecb(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_192_ecb"); - if (EVP_AES_192_ECB == NULL) - wolfSSL_EVP_init(); - return EVP_AES_192_ECB; - } - #endif /* WOLFSSL_AES_192*/ - - - #ifdef WOLFSSL_AES_256 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_ecb(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_256_ecb"); - if (EVP_AES_256_ECB == NULL) - wolfSSL_EVP_init(); - return EVP_AES_256_ECB; - } - #endif /* WOLFSSL_AES_256 */ - #endif /* NO_AES */ - -#ifndef NO_DES3 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_cbc(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_des_cbc"); - if (EVP_DES_CBC == NULL) - wolfSSL_EVP_init(); - return EVP_DES_CBC; - } -#ifdef WOLFSSL_DES_ECB - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_ecb(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_des_ecb"); - if (EVP_DES_ECB == NULL) - wolfSSL_EVP_init(); - return EVP_DES_ECB; - } -#endif - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_ede3_cbc(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_des_ede3_cbc"); - if (EVP_DES_EDE3_CBC == NULL) - wolfSSL_EVP_init(); - return EVP_DES_EDE3_CBC; - } -#ifdef WOLFSSL_DES_ECB - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_ede3_ecb(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_des_ede3_ecb"); - if (EVP_DES_EDE3_ECB == NULL) - wolfSSL_EVP_init(); - return EVP_DES_EDE3_ECB; - } -#endif -#endif /* NO_DES3 */ - -#ifndef NO_RC4 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_rc4(void) - { - static const char* type = "ARC4"; - WOLFSSL_ENTER("wolfSSL_EVP_rc4"); - return type; - } -#endif - -#ifdef HAVE_IDEA - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_idea_cbc(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_idea_cbc"); - if (EVP_IDEA_CBC == NULL) - wolfSSL_EVP_init(); - return EVP_IDEA_CBC; - } -#endif - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_enc_null(void) - { - static const char* type = "NULL"; - WOLFSSL_ENTER("wolfSSL_EVP_enc_null"); - return type; - } - - int wolfSSL_EVP_MD_CTX_cleanup(WOLFSSL_EVP_MD_CTX* ctx) - { - WOLFSSL_ENTER("EVP_MD_CTX_cleanup"); - if (ctx->pctx != NULL) - wolfSSL_EVP_PKEY_CTX_free(ctx->pctx); - - if (ctx->macType == (NID_hmac & 0xFF)) { - wc_HmacFree(&ctx->hash.hmac); - } - else { - switch (ctx->macType) { - #ifndef NO_MD5 - case WC_HASH_TYPE_MD5: - wc_Md5Free((wc_Md5*)&ctx->hash.digest); - break; - #endif /* !NO_MD5 */ - - #ifndef NO_SHA - case WC_HASH_TYPE_SHA: - wc_ShaFree((wc_Sha*)&ctx->hash.digest); - break; - #endif /* !NO_SHA */ - - #ifdef WOLFSSL_SHA224 - case WC_HASH_TYPE_SHA224: - wc_Sha224Free((wc_Sha224*)&ctx->hash.digest); - break; - #endif /* WOLFSSL_SHA224 */ - - #ifndef NO_SHA256 - case WC_HASH_TYPE_SHA256: - wc_Sha256Free((wc_Sha256*)&ctx->hash.digest); - break; - #endif /* !NO_SHA256 */ - - #ifdef WOLFSSL_SHA384 - case WC_HASH_TYPE_SHA384: - wc_Sha384Free((wc_Sha384*)&ctx->hash.digest); - break; - #endif /* WOLFSSL_SHA384 */ - #ifdef WOLFSSL_SHA512 - case WC_HASH_TYPE_SHA512: - wc_Sha512Free((wc_Sha512*)&ctx->hash.digest); - break; - #endif /* WOLFSSL_SHA512 */ - #ifdef WOLFSSL_SHA3 - #ifndef WOLFSSL_NOSHA3_224 - case WC_HASH_TYPE_SHA3_224: - wc_Sha3_224_Free((wc_Sha3*)&ctx->hash.digest); - break; - #endif - - #ifndef WOLFSSL_NOSHA3_256 - case WC_HASH_TYPE_SHA3_256: - wc_Sha3_256_Free((wc_Sha3*)&ctx->hash.digest); - break; - #endif - - case WC_HASH_TYPE_SHA3_384: - wc_Sha3_384_Free((wc_Sha3*)&ctx->hash.digest); - break; - - #ifndef WOLFSSL_NOSHA3_512 - case WC_HASH_TYPE_SHA3_512: - wc_Sha3_512_Free((wc_Sha3*)&ctx->hash.digest); - break; - #endif - #endif - default: - return WOLFSSL_FAILURE; - } - } - ForceZero(ctx, sizeof(*ctx)); - ctx->macType = 0xFF; - return 1; - } - - void wolfSSL_EVP_CIPHER_CTX_init(WOLFSSL_EVP_CIPHER_CTX* ctx) - { - WOLFSSL_ENTER("EVP_CIPHER_CTX_init"); - if (ctx) { - XMEMSET(ctx, 0, sizeof(WOLFSSL_EVP_CIPHER_CTX)); - ctx->cipherType = WOLFSSL_EVP_CIPH_TYPE_INIT; /* not yet initialized */ - ctx->keyLen = 0; - ctx->enc = 1; /* start in encrypt mode */ - } - } - -#if defined(HAVE_AESGCM) && !defined(HAVE_SELFTEST) - static WC_INLINE void IncCtr(byte* ctr, word32 ctrSz) - { - int i; - for (i = ctrSz-1; i >= 0; i--) { - if (++ctr[i]) - break; - } - } -#endif - - /* This function allows cipher specific parameters to be - determined and set. */ - int wolfSSL_EVP_CIPHER_CTX_ctrl(WOLFSSL_EVP_CIPHER_CTX *ctx, int type, \ - int arg, void *ptr) - { - int ret = WOLFSSL_FAILURE; -#if defined(HAVE_AESGCM) && !defined(HAVE_SELFTEST) - WC_RNG rng; -#endif - if (ctx == NULL) - return WOLFSSL_FAILURE; - - (void)arg; - (void)ptr; - - WOLFSSL_ENTER("EVP_CIPHER_CTX_ctrl"); - - switch(type) { - case EVP_CTRL_INIT: - wolfSSL_EVP_CIPHER_CTX_init(ctx); - if(ctx) - ret = WOLFSSL_SUCCESS; - break; - case EVP_CTRL_SET_KEY_LENGTH: - ret = wolfSSL_EVP_CIPHER_CTX_set_key_length(ctx, arg); - break; -#if defined(HAVE_AESGCM) && !defined(HAVE_SELFTEST) - case EVP_CTRL_GCM_SET_IVLEN: - if(arg <= 0 || arg > 16) - return WOLFSSL_FAILURE; - ret = wolfSSL_EVP_CIPHER_CTX_set_iv_length(ctx, arg); - break; - case EVP_CTRL_AEAD_SET_IV_FIXED: - if (arg == -1) { - /* arg == -1 copies ctx->ivSz from ptr */ - ret = wolfSSL_EVP_CIPHER_CTX_set_iv(ctx, (byte*)ptr, ctx->ivSz); - } - else { - /* - * Fixed field must be at least 4 bytes and invocation - * field at least 8. - */ - if ((arg < 4) || (ctx->ivSz - arg) < 8) { - WOLFSSL_MSG("Fixed field or invocation field too short"); - ret = WOLFSSL_FAILURE; - break; - } - if (wc_InitRng(&rng) != 0) { - WOLFSSL_MSG("wc_InitRng failed"); - ret = WOLFSSL_FAILURE; - break; - } - if (arg) { - XMEMCPY(ctx->iv, ptr, arg); - } - if (wc_RNG_GenerateBlock(&rng, ctx->iv + arg, - ctx->ivSz - arg) != 0) { - /* rng is freed immediately after if block so no need - * to do it here - */ - WOLFSSL_MSG("wc_RNG_GenerateBlock failed"); - ret = WOLFSSL_FAILURE; - } - - if (wc_FreeRng(&rng) != 0) { - WOLFSSL_MSG("wc_FreeRng failed"); - ret = WOLFSSL_FAILURE; - break; - } - } - break; -#if !defined(_WIN32) && !defined(HAVE_FIPS) - case EVP_CTRL_GCM_IV_GEN: - if (ctx->cipher.aes.keylen == 0 || ctx->ivSz == 0) { - ret = WOLFSSL_FAILURE; - WOLFSSL_MSG("Key or IV not set"); - break; - } - if ((ret = wc_AesGcmSetExtIV(&ctx->cipher.aes, ctx->iv, ctx->ivSz)) != 0) { - WOLFSSL_MSG("wc_AesGcmSetIV failed"); - ret = WOLFSSL_FAILURE; - } - /* OpenSSL increments the IV. Not sure why */ - IncCtr(ctx->iv, ctx->ivSz); - break; -#endif - case EVP_CTRL_AEAD_SET_TAG: - if(arg <= 0 || arg > 16 || (ptr == NULL)) - return WOLFSSL_FAILURE; - - XMEMCPY(ctx->authTag, ptr, arg); - ctx->authTagSz = arg; - ret = WOLFSSL_SUCCESS; - - break; - case EVP_CTRL_AEAD_GET_TAG: - if(arg <= 0 || arg > 16) - return WOLFSSL_FAILURE; - - XMEMCPY(ptr, ctx->authTag, arg); - ret = WOLFSSL_SUCCESS; - break; -#endif /* HAVE_AESGCM && !HAVE_SELFTEST */ - default: - WOLFSSL_MSG("EVP_CIPHER_CTX_ctrl operation not yet handled"); - ret = WOLFSSL_FAILURE; - } - return ret; - } - - /* WOLFSSL_SUCCESS on ok */ - int wolfSSL_EVP_CIPHER_CTX_cleanup(WOLFSSL_EVP_CIPHER_CTX* ctx) - { - WOLFSSL_ENTER("EVP_CIPHER_CTX_cleanup"); - if (ctx) { - ctx->cipherType = WOLFSSL_EVP_CIPH_TYPE_INIT; /* not yet initialized */ - ctx->keyLen = 0; - } - - return WOLFSSL_SUCCESS; - } - - /* Permanent stub for Qt compilation. */ - #if defined(WOLFSSL_QT) && !defined(NO_WOLFSSL_STUB) - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_rc2_cbc(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_rc2_cbc"); - WOLFSSL_STUB("EVP_rc2_cbc"); - return NULL; - } - #endif - -#ifndef NO_AES - static int AesSetKey_ex(Aes* aes, const byte* key, word32 len, - const byte* iv, int dir, int direct) - { - int ret; - /* wc_AesSetKey clear aes.reg if iv == NULL. - Keep IV for openSSL compatibility */ - if (iv == NULL) - XMEMCPY((byte *)aes->tmp, (byte *)aes->reg, AES_BLOCK_SIZE); - if (direct) { - #if defined(WOLFSSL_AES_DIRECT) - ret = wc_AesSetKeyDirect(aes, key, len, iv, dir); - #else - ret = NOT_COMPILED_IN; - #endif - } - else { - ret = wc_AesSetKey(aes, key, len, iv, dir); - } - if (iv == NULL) - XMEMCPY((byte *)aes->reg, (byte *)aes->tmp, AES_BLOCK_SIZE); - return ret; - } -#endif - - /* return WOLFSSL_SUCCESS on ok, 0 on failure to match API compatibility */ - int wolfSSL_EVP_CipherInit(WOLFSSL_EVP_CIPHER_CTX* ctx, - const WOLFSSL_EVP_CIPHER* type, const byte* key, - const byte* iv, int enc) - { - int ret = 0; - (void)key; - (void)iv; - (void)enc; - - WOLFSSL_ENTER("wolfSSL_EVP_CipherInit"); - if (ctx == NULL) { - WOLFSSL_MSG("no ctx"); - return WOLFSSL_FAILURE; - } - - if (type == NULL && ctx->cipherType == WOLFSSL_EVP_CIPH_TYPE_INIT) { - WOLFSSL_MSG("no type set"); - return WOLFSSL_FAILURE; - } - if (ctx->cipherType == WOLFSSL_EVP_CIPH_TYPE_INIT){ - /* only first EVP_CipherInit invoke. ctx->cipherType is set below */ - XMEMSET(&ctx->cipher, 0, sizeof(ctx->cipher)); - ctx->flags = 0; - } - /* always clear buffer state */ - ctx->bufUsed = 0; - ctx->lastUsed = 0; - -#ifdef HAVE_WOLFSSL_EVP_CIPHER_CTX_IV - if (!iv && ctx->ivSz) { - iv = ctx->iv; - } -#endif - -#ifndef NO_AES - #ifdef HAVE_AES_CBC - #ifdef WOLFSSL_AES_128 - if (ctx->cipherType == AES_128_CBC_TYPE || - (type && XSTRNCMP(type, EVP_AES_128_CBC, EVP_AES_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_128_CBC"); - ctx->cipherType = AES_128_CBC_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_CBC_MODE; - ctx->keyLen = 16; - ctx->block_size = AES_BLOCK_SIZE; - ctx->ivSz = AES_BLOCK_SIZE; - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, - ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION, 0); - if (ret != 0) - return WOLFSSL_FAILURE; - } - if (iv && key == NULL) { - ret = wc_AesSetIV(&ctx->cipher.aes, iv); - if (ret != 0) - return WOLFSSL_FAILURE; - } - } - #endif /* WOLFSSL_AES_128 */ - #ifdef WOLFSSL_AES_192 - if (ctx->cipherType == AES_192_CBC_TYPE || - (type && XSTRNCMP(type, EVP_AES_192_CBC, EVP_AES_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_192_CBC"); - ctx->cipherType = AES_192_CBC_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_CBC_MODE; - ctx->keyLen = 24; - ctx->block_size = AES_BLOCK_SIZE; - ctx->ivSz = AES_BLOCK_SIZE; - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, - ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION, 0); - if (ret != 0) - return WOLFSSL_FAILURE; - } - if (iv && key == NULL) { - ret = wc_AesSetIV(&ctx->cipher.aes, iv); - if (ret != 0) - return WOLFSSL_FAILURE; - } - } - #endif /* WOLFSSL_AES_192 */ - #ifdef WOLFSSL_AES_256 - if (ctx->cipherType == AES_256_CBC_TYPE || - (type && XSTRNCMP(type, EVP_AES_256_CBC, EVP_AES_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_256_CBC"); - ctx->cipherType = AES_256_CBC_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_CBC_MODE; - ctx->keyLen = 32; - ctx->block_size = AES_BLOCK_SIZE; - ctx->ivSz = AES_BLOCK_SIZE; - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, - ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION, 0); - if (ret != 0){ - WOLFSSL_MSG("AesSetKey() failed"); - return WOLFSSL_FAILURE; - } - } - if (iv && key == NULL) { - ret = wc_AesSetIV(&ctx->cipher.aes, iv); - if (ret != 0){ - WOLFSSL_MSG("wc_AesSetIV() failed"); - return WOLFSSL_FAILURE; - } - } - } - #endif /* WOLFSSL_AES_256 */ - #endif /* HAVE_AES_CBC */ -#if !defined(_WIN32) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) - #ifdef HAVE_AESGCM - #ifdef WOLFSSL_AES_128 - if (ctx->cipherType == AES_128_GCM_TYPE || - (type && XSTRNCMP(type, EVP_AES_128_GCM, EVP_AES_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_128_GCM"); - ctx->cipherType = AES_128_GCM_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_GCM_MODE; - ctx->keyLen = 16; - ctx->block_size = AES_BLOCK_SIZE; - ctx->authTagSz = AES_BLOCK_SIZE; - ctx->ivSz = GCM_NONCE_MID_SZ; - - XMEMSET(ctx->authTag, 0, ctx->authTagSz); - if (key && wc_AesGcmSetKey(&ctx->cipher.aes, key, ctx->keyLen)) { - WOLFSSL_MSG("wc_AesGcmSetKey() failed"); - return WOLFSSL_FAILURE; - } - if (iv && wc_AesGcmSetExtIV(&ctx->cipher.aes, iv, GCM_NONCE_MID_SZ)) { - WOLFSSL_MSG("wc_AesGcmSetExtIV() failed"); - return WOLFSSL_FAILURE; - } - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - } - #endif /* WOLFSSL_AES_128 */ - #ifdef WOLFSSL_AES_192 - if (ctx->cipherType == AES_192_GCM_TYPE || - (type && XSTRNCMP(type, EVP_AES_192_GCM, EVP_AES_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_192_GCM"); - ctx->cipherType = AES_192_GCM_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_GCM_MODE; - ctx->keyLen = 24; - ctx->block_size = AES_BLOCK_SIZE; - ctx->authTagSz = AES_BLOCK_SIZE; - ctx->ivSz = GCM_NONCE_MID_SZ; - - XMEMSET(ctx->authTag, 0, ctx->authTagSz); - if (key && wc_AesGcmSetKey(&ctx->cipher.aes, key, ctx->keyLen)) { - WOLFSSL_MSG("wc_AesGcmSetKey() failed"); - return WOLFSSL_FAILURE; - } - if (iv && wc_AesGcmSetExtIV(&ctx->cipher.aes, iv, GCM_NONCE_MID_SZ)) { - WOLFSSL_MSG("wc_AesGcmSetExtIV() failed"); - return WOLFSSL_FAILURE; - } - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - } - #endif /* WOLFSSL_AES_192 */ - #ifdef WOLFSSL_AES_256 - if (ctx->cipherType == AES_256_GCM_TYPE || - (type && XSTRNCMP(type, EVP_AES_256_GCM, EVP_AES_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_256_GCM"); - ctx->cipherType = AES_256_GCM_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_GCM_MODE; - ctx->keyLen = 32; - ctx->block_size = AES_BLOCK_SIZE; - ctx->authTagSz = AES_BLOCK_SIZE; - ctx->ivSz = GCM_NONCE_MID_SZ; - - XMEMSET(ctx->authTag, 0, ctx->authTagSz); - if (key && wc_AesGcmSetKey(&ctx->cipher.aes, key, ctx->keyLen)) { - WOLFSSL_MSG("wc_AesGcmSetKey() failed"); - return WOLFSSL_FAILURE; - } - if (iv && wc_AesGcmSetExtIV(&ctx->cipher.aes, iv, GCM_NONCE_MID_SZ)) { - WOLFSSL_MSG("wc_AesGcmSetExtIV() failed"); - return WOLFSSL_FAILURE; - } - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - } - #endif /* WOLFSSL_AES_256 */ - #endif /* HAVE_AESGCM */ -#endif /* !defined(_WIN32) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) */ -#ifdef WOLFSSL_AES_COUNTER - #ifdef WOLFSSL_AES_128 - if (ctx->cipherType == AES_128_CTR_TYPE || - (type && XSTRNCMP(type, EVP_AES_128_CTR, EVP_AES_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_128_CTR"); - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->cipherType = AES_128_CTR_TYPE; - ctx->flags |= WOLFSSL_EVP_CIPH_CTR_MODE; - ctx->keyLen = 16; - ctx->block_size = NO_PADDING_BLOCK_SIZE; - ctx->ivSz = AES_BLOCK_SIZE; -#if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) - ctx->cipher.aes.left = 0; -#endif - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, - AES_ENCRYPTION, 1); - if (ret != 0) - return WOLFSSL_FAILURE; - } - if (iv && key == NULL) { - ret = wc_AesSetIV(&ctx->cipher.aes, iv); - if (ret != 0) - return WOLFSSL_FAILURE; - } - } - #endif /* WOLFSSL_AES_128 */ - #ifdef WOLFSSL_AES_192 - if (ctx->cipherType == AES_192_CTR_TYPE || - (type && XSTRNCMP(type, EVP_AES_192_CTR, EVP_AES_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_192_CTR"); - ctx->cipherType = AES_192_CTR_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_CTR_MODE; - ctx->keyLen = 24; - ctx->block_size = NO_PADDING_BLOCK_SIZE; - ctx->ivSz = AES_BLOCK_SIZE; -#if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) - ctx->cipher.aes.left = 0; -#endif - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, - AES_ENCRYPTION, 1); - if (ret != 0) - return WOLFSSL_FAILURE; - } - if (iv && key == NULL) { - ret = wc_AesSetIV(&ctx->cipher.aes, iv); - if (ret != 0) - return WOLFSSL_FAILURE; - } - } - #endif /* WOLFSSL_AES_192 */ - #ifdef WOLFSSL_AES_256 - if (ctx->cipherType == AES_256_CTR_TYPE || - (type && XSTRNCMP(type, EVP_AES_256_CTR, EVP_AES_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_256_CTR"); - ctx->cipherType = AES_256_CTR_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_CTR_MODE; - ctx->keyLen = 32; - ctx->block_size = NO_PADDING_BLOCK_SIZE; - ctx->ivSz = AES_BLOCK_SIZE; -#if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) - ctx->cipher.aes.left = 0; -#endif - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, - AES_ENCRYPTION, 1); - if (ret != 0) - return WOLFSSL_FAILURE; - } - if (iv && key == NULL) { - ret = wc_AesSetIV(&ctx->cipher.aes, iv); - if (ret != 0) - return WOLFSSL_FAILURE; - } - } - #endif /* WOLFSSL_AES_256 */ -#endif /* WOLFSSL_AES_COUNTER */ - #ifdef WOLFSSL_AES_128 - if (ctx->cipherType == AES_128_ECB_TYPE || - (type && XSTRNCMP(type, EVP_AES_128_ECB, EVP_AES_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_128_ECB"); - ctx->cipherType = AES_128_ECB_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_ECB_MODE; - ctx->keyLen = 16; - ctx->block_size = AES_BLOCK_SIZE; - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, NULL, - ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION, 1); - } - if (ret != 0) - return WOLFSSL_FAILURE; - } - #endif /* WOLFSSL_AES_128 */ - #ifdef WOLFSSL_AES_192 - if (ctx->cipherType == AES_192_ECB_TYPE || - (type && XSTRNCMP(type, EVP_AES_192_ECB, EVP_AES_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_192_ECB"); - ctx->cipherType = AES_192_ECB_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_ECB_MODE; - ctx->keyLen = 24; - ctx->block_size = AES_BLOCK_SIZE; - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, NULL, - ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION, 1); - } - if (ret != 0) - return WOLFSSL_FAILURE; - } - #endif /* WOLFSSL_AES_192 */ - #ifdef WOLFSSL_AES_256 - if (ctx->cipherType == AES_256_ECB_TYPE || - (type && XSTRNCMP(type, EVP_AES_256_ECB, EVP_AES_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_256_ECB"); - ctx->cipherType = AES_256_ECB_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_ECB_MODE; - ctx->keyLen = 32; - ctx->block_size = AES_BLOCK_SIZE; - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, NULL, - ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION, 1); - } - if (ret != 0) - return WOLFSSL_FAILURE; - } - #endif /* WOLFSSL_AES_256 */ - #ifdef WOLFSSL_AES_CFB - #ifdef WOLFSSL_AES_128 - if (ctx->cipherType == AES_128_CFB1_TYPE || - (type && XSTRNCMP(type, EVP_AES_128_CFB1, EVP_AESCFB_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_128_CFB1"); - ctx->cipherType = AES_128_CFB1_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE; - ctx->keyLen = 16; - ctx->block_size = 1; - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, - AES_ENCRYPTION, 0); - if (ret != 0) - return WOLFSSL_FAILURE; - } - if (iv && key == NULL) { - ret = wc_AesSetIV(&ctx->cipher.aes, iv); - if (ret != 0) - return WOLFSSL_FAILURE; - } - } - #endif /* WOLFSSL_AES_128 */ - #ifdef WOLFSSL_AES_192 - if (ctx->cipherType == AES_192_CFB1_TYPE || - (type && XSTRNCMP(type, EVP_AES_192_CFB1, EVP_AESCFB_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_192_CFB1"); - ctx->cipherType = AES_192_CFB1_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE; - ctx->keyLen = 24; - ctx->block_size = 1; - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, - AES_ENCRYPTION, 0); - if (ret != 0) - return WOLFSSL_FAILURE; - } - if (iv && key == NULL) { - ret = wc_AesSetIV(&ctx->cipher.aes, iv); - if (ret != 0) - return WOLFSSL_FAILURE; - } - } - #endif /* WOLFSSL_AES_192 */ - #ifdef WOLFSSL_AES_256 - if (ctx->cipherType == AES_256_CFB1_TYPE || - (type && XSTRNCMP(type, EVP_AES_256_CFB1, EVP_AESCFB_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_256_CFB1"); - ctx->cipherType = AES_256_CFB1_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE; - ctx->keyLen = 32; - ctx->block_size = 1; - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, - AES_ENCRYPTION, 0); - if (ret != 0){ - WOLFSSL_MSG("AesSetKey() failed"); - return WOLFSSL_FAILURE; - } - } - if (iv && key == NULL) { - ret = wc_AesSetIV(&ctx->cipher.aes, iv); - if (ret != 0){ - WOLFSSL_MSG("wc_AesSetIV() failed"); - return WOLFSSL_FAILURE; - } - } - } - #endif /* WOLFSSL_AES_256 */ - #ifdef WOLFSSL_AES_128 - if (ctx->cipherType == AES_128_CFB8_TYPE || - (type && XSTRNCMP(type, EVP_AES_128_CFB8, EVP_AESCFB_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_128_CFB8"); - ctx->cipherType = AES_128_CFB8_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE; - ctx->keyLen = 16; - ctx->block_size = 1; - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, - AES_ENCRYPTION, 0); - if (ret != 0) - return WOLFSSL_FAILURE; - } - if (iv && key == NULL) { - ret = wc_AesSetIV(&ctx->cipher.aes, iv); - if (ret != 0) - return WOLFSSL_FAILURE; - } - } - #endif /* WOLFSSL_AES_128 */ - #ifdef WOLFSSL_AES_192 - if (ctx->cipherType == AES_192_CFB8_TYPE || - (type && XSTRNCMP(type, EVP_AES_192_CFB8, EVP_AESCFB_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_192_CFB8"); - ctx->cipherType = AES_192_CFB8_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE; - ctx->keyLen = 24; - ctx->block_size = 1; - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, - AES_ENCRYPTION, 0); - if (ret != 0) - return WOLFSSL_FAILURE; - } - if (iv && key == NULL) { - ret = wc_AesSetIV(&ctx->cipher.aes, iv); - if (ret != 0) - return WOLFSSL_FAILURE; - } - } - #endif /* WOLFSSL_AES_192 */ - #ifdef WOLFSSL_AES_256 - if (ctx->cipherType == AES_256_CFB8_TYPE || - (type && XSTRNCMP(type, EVP_AES_256_CFB8, EVP_AESCFB_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_256_CFB8"); - ctx->cipherType = AES_256_CFB8_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE; - ctx->keyLen = 32; - ctx->block_size = 1; - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, - AES_ENCRYPTION, 0); - if (ret != 0){ - WOLFSSL_MSG("AesSetKey() failed"); - return WOLFSSL_FAILURE; - } - } - if (iv && key == NULL) { - ret = wc_AesSetIV(&ctx->cipher.aes, iv); - if (ret != 0){ - WOLFSSL_MSG("wc_AesSetIV() failed"); - return WOLFSSL_FAILURE; - } - } - } - #endif /* WOLFSSL_AES_256 */ - #ifdef WOLFSSL_AES_128 - if (ctx->cipherType == AES_128_CFB128_TYPE || - (type && XSTRNCMP(type, EVP_AES_128_CFB128, EVP_AESCFB_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_128_CFB128"); - ctx->cipherType = AES_128_CFB128_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE; - ctx->keyLen = 16; - ctx->block_size = 1; - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, - AES_ENCRYPTION, 0); - if (ret != 0) - return WOLFSSL_FAILURE; - } - if (iv && key == NULL) { - ret = wc_AesSetIV(&ctx->cipher.aes, iv); - if (ret != 0) - return WOLFSSL_FAILURE; - } - } - #endif /* WOLFSSL_AES_128 */ - #ifdef WOLFSSL_AES_192 - if (ctx->cipherType == AES_192_CFB128_TYPE || - (type && XSTRNCMP(type, EVP_AES_192_CFB128, EVP_AESCFB_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_192_CFB128"); - ctx->cipherType = AES_192_CFB128_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE; - ctx->keyLen = 24; - ctx->block_size = 1; - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, - AES_ENCRYPTION, 0); - if (ret != 0) - return WOLFSSL_FAILURE; - } - if (iv && key == NULL) { - ret = wc_AesSetIV(&ctx->cipher.aes, iv); - if (ret != 0) - return WOLFSSL_FAILURE; - } - } - #endif /* WOLFSSL_AES_192 */ - #ifdef WOLFSSL_AES_256 - if (ctx->cipherType == AES_256_CFB128_TYPE || - (type && XSTRNCMP(type, EVP_AES_256_CFB128, EVP_AESCFB_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_256_CFB128"); - ctx->cipherType = AES_256_CFB128_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE; - ctx->keyLen = 32; - ctx->block_size = 1; - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, - AES_ENCRYPTION, 0); - if (ret != 0){ - WOLFSSL_MSG("AesSetKey() failed"); - return WOLFSSL_FAILURE; - } - } - if (iv && key == NULL) { - ret = wc_AesSetIV(&ctx->cipher.aes, iv); - if (ret != 0){ - WOLFSSL_MSG("wc_AesSetIV() failed"); - return WOLFSSL_FAILURE; - } - } - } - #endif /* WOLFSSL_AES_256 */ - #endif /* HAVE_AES_CFB */ - #ifdef WOLFSSL_AES_OFB - #ifdef WOLFSSL_AES_128 - if (ctx->cipherType == AES_128_OFB_TYPE || - (type && XSTRNCMP(type, EVP_AES_128_OFB, EVP_AES_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_128_OFB"); - ctx->cipherType = AES_128_OFB_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_OFB_MODE; - ctx->keyLen = 16; - ctx->block_size = 1; - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, - AES_ENCRYPTION, 0); - if (ret != 0) - return WOLFSSL_FAILURE; - } - if (iv && key == NULL) { - ret = wc_AesSetIV(&ctx->cipher.aes, iv); - if (ret != 0) - return WOLFSSL_FAILURE; - } - } - #endif /* WOLFSSL_AES_128 */ - #ifdef WOLFSSL_AES_192 - if (ctx->cipherType == AES_192_OFB_TYPE || - (type && XSTRNCMP(type, EVP_AES_192_OFB, EVP_AES_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_192_OFB"); - ctx->cipherType = AES_192_OFB_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_OFB_MODE; - ctx->keyLen = 24; - ctx->block_size = 1; - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, - AES_ENCRYPTION, 0); - if (ret != 0) - return WOLFSSL_FAILURE; - } - if (iv && key == NULL) { - ret = wc_AesSetIV(&ctx->cipher.aes, iv); - if (ret != 0) - return WOLFSSL_FAILURE; - } - } - #endif /* WOLFSSL_AES_192 */ - #ifdef WOLFSSL_AES_256 - if (ctx->cipherType == AES_256_OFB_TYPE || - (type && XSTRNCMP(type, EVP_AES_256_OFB, EVP_AES_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_256_OFB"); - ctx->cipherType = AES_256_OFB_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_OFB_MODE; - ctx->keyLen = 32; - ctx->block_size = 1; - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, - AES_ENCRYPTION, 0); - if (ret != 0){ - WOLFSSL_MSG("AesSetKey() failed"); - return WOLFSSL_FAILURE; - } - } - if (iv && key == NULL) { - ret = wc_AesSetIV(&ctx->cipher.aes, iv); - if (ret != 0){ - WOLFSSL_MSG("wc_AesSetIV() failed"); - return WOLFSSL_FAILURE; - } - } - } - #endif /* WOLFSSL_AES_256 */ - #endif /* HAVE_AES_OFB */ - #ifdef WOLFSSL_AES_XTS - #ifdef WOLFSSL_AES_128 - if (ctx->cipherType == AES_128_XTS_TYPE || - (type && XSTRNCMP(type, EVP_AES_128_XTS, EVP_AES_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_128_XTS"); - ctx->cipherType = AES_128_XTS_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_XTS_MODE; - ctx->keyLen = 32; - ctx->block_size = 1; - ctx->ivSz = AES_BLOCK_SIZE; - - if (iv != NULL) { - if (iv != ctx->iv) /* Valgrind error when src == dst */ - XMEMCPY(ctx->iv, iv, ctx->ivSz); - } - else - XMEMSET(ctx->iv, 0, AES_BLOCK_SIZE); - - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = wc_AesXtsSetKey(&ctx->cipher.xts, key, ctx->keyLen, - ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION, NULL, 0); - if (ret != 0) { - WOLFSSL_MSG("wc_AesXtsSetKey() failed"); - return WOLFSSL_FAILURE; - } - } - } - #endif /* WOLFSSL_AES_128 */ - #ifdef WOLFSSL_AES_256 - if (ctx->cipherType == AES_256_XTS_TYPE || - (type && XSTRNCMP(type, EVP_AES_256_XTS, EVP_AES_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_256_XTS"); - ctx->cipherType = AES_256_XTS_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_XTS_MODE; - ctx->keyLen = 64; - ctx->block_size = 1; - ctx->ivSz = AES_BLOCK_SIZE; - - if (iv != NULL) { - if (iv != ctx->iv) /* Valgrind error when src == dst */ - XMEMCPY(ctx->iv, iv, ctx->ivSz); - } - else - XMEMSET(ctx->iv, 0, AES_BLOCK_SIZE); - - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = wc_AesXtsSetKey(&ctx->cipher.xts, key, ctx->keyLen, - ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION, NULL, 0); - if (ret != 0) { - WOLFSSL_MSG("wc_AesXtsSetKey() failed"); - return WOLFSSL_FAILURE; - } - } - } - #endif /* WOLFSSL_AES_256 */ - #endif /* HAVE_AES_XTS */ -#endif /* NO_AES */ - -#ifndef NO_DES3 - if (ctx->cipherType == DES_CBC_TYPE || - (type && XSTRNCMP(type, EVP_DES_CBC, EVP_DES_SIZE) == 0)) { - WOLFSSL_MSG("EVP_DES_CBC"); - ctx->cipherType = DES_CBC_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_CBC_MODE; - ctx->keyLen = 8; - ctx->block_size = DES_BLOCK_SIZE; - ctx->ivSz = DES_BLOCK_SIZE; - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = wc_Des_SetKey(&ctx->cipher.des, key, iv, - ctx->enc ? DES_ENCRYPTION : DES_DECRYPTION); - if (ret != 0) - return WOLFSSL_FAILURE; - } - - if (iv && key == NULL) - wc_Des_SetIV(&ctx->cipher.des, iv); - } -#ifdef WOLFSSL_DES_ECB - else if (ctx->cipherType == DES_ECB_TYPE || - (type && XSTRNCMP(type, EVP_DES_ECB, EVP_DES_SIZE) == 0)) { - WOLFSSL_MSG("EVP_DES_ECB"); - ctx->cipherType = DES_ECB_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_ECB_MODE; - ctx->keyLen = 8; - ctx->block_size = DES_BLOCK_SIZE; - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - WOLFSSL_MSG("Des_SetKey"); - ret = wc_Des_SetKey(&ctx->cipher.des, key, NULL, - ctx->enc ? DES_ENCRYPTION : DES_DECRYPTION); - if (ret != 0) - return WOLFSSL_FAILURE; - } - } -#endif - else if (ctx->cipherType == DES_EDE3_CBC_TYPE || - (type && - XSTRNCMP(type, EVP_DES_EDE3_CBC, EVP_DES_EDE3_SIZE) == 0)) { - WOLFSSL_MSG("EVP_DES_EDE3_CBC"); - ctx->cipherType = DES_EDE3_CBC_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_CBC_MODE; - ctx->keyLen = 24; - ctx->block_size = DES_BLOCK_SIZE; - ctx->ivSz = DES_BLOCK_SIZE; - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = wc_Des3_SetKey(&ctx->cipher.des3, key, iv, - ctx->enc ? DES_ENCRYPTION : DES_DECRYPTION); - if (ret != 0) - return WOLFSSL_FAILURE; - } - - if (iv && key == NULL) { - ret = wc_Des3_SetIV(&ctx->cipher.des3, iv); - if (ret != 0) - return WOLFSSL_FAILURE; - } - } - else if (ctx->cipherType == DES_EDE3_ECB_TYPE || - (type && - XSTRNCMP(type, EVP_DES_EDE3_ECB, EVP_DES_EDE3_SIZE) == 0)) { - WOLFSSL_MSG("EVP_DES_EDE3_ECB"); - ctx->cipherType = DES_EDE3_ECB_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_ECB_MODE; - ctx->keyLen = 24; - ctx->block_size = DES_BLOCK_SIZE; - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = wc_Des3_SetKey(&ctx->cipher.des3, key, NULL, - ctx->enc ? DES_ENCRYPTION : DES_DECRYPTION); - if (ret != 0) - return WOLFSSL_FAILURE; - } - } -#endif /* NO_DES3 */ -#ifndef NO_RC4 - if (ctx->cipherType == ARC4_TYPE || (type && - XSTRNCMP(type, "ARC4", 4) == 0)) { - WOLFSSL_MSG("ARC4"); - ctx->cipherType = ARC4_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_STREAM_CIPHER; - ctx->block_size = 1; - if (ctx->keyLen == 0) /* user may have already set */ - ctx->keyLen = 16; /* default to 128 */ - if (key) - wc_Arc4SetKey(&ctx->cipher.arc4, key, ctx->keyLen); - } -#endif /* NO_RC4 */ -#ifdef HAVE_IDEA - if (ctx->cipherType == IDEA_CBC_TYPE || - (type && XSTRNCMP(type, EVP_IDEA_CBC, EVP_IDEA_SIZE) == 0)) { - WOLFSSL_MSG("EVP_IDEA_CBC"); - ctx->cipherType = IDEA_CBC_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_CBC_MODE; - ctx->keyLen = IDEA_KEY_SIZE; - ctx->block_size = 8; - ctx->ivSz = IDEA_BLOCK_SIZE; - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = wc_IdeaSetKey(&ctx->cipher.idea, key, (word16)ctx->keyLen, - iv, ctx->enc ? IDEA_ENCRYPTION : - IDEA_DECRYPTION); - if (ret != 0) - return WOLFSSL_FAILURE; - } - - if (iv && key == NULL) - wc_IdeaSetIV(&ctx->cipher.idea, iv); - } -#endif /* HAVE_IDEA */ - if (ctx->cipherType == NULL_CIPHER_TYPE || (type && - XSTRNCMP(type, "NULL", 4) == 0)) { - WOLFSSL_MSG("NULL cipher"); - ctx->cipherType = NULL_CIPHER_TYPE; - ctx->keyLen = 0; - ctx->block_size = 16; - } -#ifdef HAVE_WOLFSSL_EVP_CIPHER_CTX_IV - if (iv && iv != ctx->iv) { - if (wolfSSL_StoreExternalIV(ctx) != WOLFSSL_SUCCESS) { - return WOLFSSL_FAILURE; - } - } -#endif - (void)ret; /* remove warning. If execution reaches this point, ret=0 */ - return WOLFSSL_SUCCESS; - } - - - /* WOLFSSL_SUCCESS on ok */ - int wolfSSL_EVP_CIPHER_CTX_key_length(WOLFSSL_EVP_CIPHER_CTX* ctx) - { - WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_key_length"); - if (ctx) - return ctx->keyLen; - - return 0; /* failure */ - } - - - /* WOLFSSL_SUCCESS on ok */ - int wolfSSL_EVP_CIPHER_CTX_set_key_length(WOLFSSL_EVP_CIPHER_CTX* ctx, - int keylen) - { - WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_set_key_length"); - if (ctx) - ctx->keyLen = keylen; - else - return 0; /* failure */ - - return WOLFSSL_SUCCESS; - } -#if defined(HAVE_AESGCM) - /* returns WOLFSSL_SUCCESS on success, otherwise returns WOLFSSL_FAILURE */ - int wolfSSL_EVP_CIPHER_CTX_set_iv_length(WOLFSSL_EVP_CIPHER_CTX* ctx, - int ivLen) - { - WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_set_iv_length"); - if (ctx) - ctx->ivSz= ivLen; - else - return WOLFSSL_FAILURE; - - return WOLFSSL_SUCCESS; - } - - /* returns WOLFSSL_SUCCESS on success, otherwise returns WOLFSSL_FAILURE */ - int wolfSSL_EVP_CIPHER_CTX_set_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* iv, - int ivLen) - { - int expectedIvLen; - - WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_set_iv_length"); - if (!ctx || !iv || !ivLen) { - return WOLFSSL_FAILURE; - } - - expectedIvLen = wolfSSL_EVP_CIPHER_CTX_iv_length(ctx); - - if (expectedIvLen == 0 || expectedIvLen != ivLen) { - WOLFSSL_MSG("Wrong ivLen value"); - return WOLFSSL_FAILURE; - } - - return wolfSSL_EVP_CipherInit(ctx, NULL, NULL, iv, -1); - } -#endif - - /* WOLFSSL_SUCCESS on ok */ - int wolfSSL_EVP_Cipher(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* dst, byte* src, - word32 len) - { - int ret = 0; - WOLFSSL_ENTER("wolfSSL_EVP_Cipher"); - - if (ctx == NULL || src == NULL || - (dst == NULL && - ctx->cipherType != AES_128_GCM_TYPE && - ctx->cipherType != AES_192_GCM_TYPE && - ctx->cipherType != AES_256_GCM_TYPE)) { - WOLFSSL_MSG("Bad function argument"); - return 0; /* failure */ - } - - if (ctx->cipherType == 0xff) { - WOLFSSL_MSG("no init"); - return 0; /* failure */ - } - - switch (ctx->cipherType) { - -#ifndef NO_AES -#ifdef HAVE_AES_CBC - case AES_128_CBC_TYPE : - case AES_192_CBC_TYPE : - case AES_256_CBC_TYPE : - WOLFSSL_MSG("AES CBC"); - if (ctx->enc) - ret = wc_AesCbcEncrypt(&ctx->cipher.aes, dst, src, len); - else - ret = wc_AesCbcDecrypt(&ctx->cipher.aes, dst, src, len); - break; -#endif /* HAVE_AES_CBC */ - -#ifdef WOLFSSL_AES_CFB -#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) - case AES_128_CFB1_TYPE: - case AES_192_CFB1_TYPE: - case AES_256_CFB1_TYPE: - WOLFSSL_MSG("AES CFB1"); - if (ctx->enc) - ret = wc_AesCfb1Encrypt(&ctx->cipher.aes, dst, src, len); - else - ret = wc_AesCfb1Decrypt(&ctx->cipher.aes, dst, src, len); - break; - case AES_128_CFB8_TYPE: - case AES_192_CFB8_TYPE: - case AES_256_CFB8_TYPE: - WOLFSSL_MSG("AES CFB8"); - if (ctx->enc) - ret = wc_AesCfb8Encrypt(&ctx->cipher.aes, dst, src, len); - else - ret = wc_AesCfb8Decrypt(&ctx->cipher.aes, dst, src, len); - break; -#endif /* !HAVE_SELFTEST && !HAVE_FIPS */ - case AES_128_CFB128_TYPE: - case AES_192_CFB128_TYPE: - case AES_256_CFB128_TYPE: - WOLFSSL_MSG("AES CFB128"); - if (ctx->enc) - ret = wc_AesCfbEncrypt(&ctx->cipher.aes, dst, src, len); - else - ret = wc_AesCfbDecrypt(&ctx->cipher.aes, dst, src, len); - break; -#endif /* WOLFSSL_AES_CFB */ -#if defined(WOLFSSL_AES_OFB) - case AES_128_OFB_TYPE: - case AES_192_OFB_TYPE: - case AES_256_OFB_TYPE: - WOLFSSL_MSG("AES OFB"); - if (ctx->enc) - ret = wc_AesOfbEncrypt(&ctx->cipher.aes, dst, src, len); - else - ret = wc_AesOfbDecrypt(&ctx->cipher.aes, dst, src, len); - break; -#endif /* WOLFSSL_AES_OFB */ -#if defined(WOLFSSL_AES_XTS) - case AES_128_XTS_TYPE: - case AES_256_XTS_TYPE: - WOLFSSL_MSG("AES XTS"); - if (ctx->enc) - ret = wc_AesXtsEncrypt(&ctx->cipher.xts, dst, src, len, - ctx->iv, ctx->ivSz); - else - ret = wc_AesXtsDecrypt(&ctx->cipher.xts, dst, src, len, - ctx->iv, ctx->ivSz); - break; -#endif /* WOLFSSL_AES_XTS */ - -#ifdef HAVE_AESGCM - case AES_128_GCM_TYPE : - case AES_192_GCM_TYPE : - case AES_256_GCM_TYPE : - WOLFSSL_MSG("AES GCM"); - if (ctx->enc) { - if (dst){ - /* encrypt confidential data*/ - ret = wc_AesGcmEncrypt(&ctx->cipher.aes, dst, src, len, - ctx->iv, ctx->ivSz, ctx->authTag, ctx->authTagSz, - NULL, 0); - } - else { - /* authenticated, non-confidential data */ - ret = wc_AesGcmEncrypt(&ctx->cipher.aes, NULL, NULL, 0, - ctx->iv, ctx->ivSz, ctx->authTag, ctx->authTagSz, - src, len); - /* Reset partial authTag error for AAD*/ - if (ret == AES_GCM_AUTH_E) - ret = 0; - } - } - else { - if (dst){ - /* decrypt confidential data*/ - ret = wc_AesGcmDecrypt(&ctx->cipher.aes, dst, src, len, - ctx->iv, ctx->ivSz, ctx->authTag, ctx->authTagSz, - NULL, 0); - } - else { - /* authenticated, non-confidential data*/ - ret = wc_AesGcmDecrypt(&ctx->cipher.aes, NULL, NULL, 0, - ctx->iv, ctx->ivSz, - ctx->authTag, ctx->authTagSz, - src, len); - /* Reset partial authTag error for AAD*/ - if (ret == AES_GCM_AUTH_E) - ret = 0; - } - } - break; -#endif /* HAVE_AESGCM */ -#ifdef HAVE_AES_ECB - case AES_128_ECB_TYPE : - case AES_192_ECB_TYPE : - case AES_256_ECB_TYPE : - WOLFSSL_MSG("AES ECB"); - if (ctx->enc) - ret = wc_AesEcbEncrypt(&ctx->cipher.aes, dst, src, len); - else - ret = wc_AesEcbDecrypt(&ctx->cipher.aes, dst, src, len); - break; -#endif -#ifdef WOLFSSL_AES_COUNTER - case AES_128_CTR_TYPE : - case AES_192_CTR_TYPE : - case AES_256_CTR_TYPE : - WOLFSSL_MSG("AES CTR"); - ret = wc_AesCtrEncrypt(&ctx->cipher.aes, dst, src, len); - break; -#endif /* WOLFSSL_AES_COUNTER */ -#endif /* NO_AES */ - -#ifndef NO_DES3 - case DES_CBC_TYPE : - WOLFSSL_MSG("DES CBC"); - if (ctx->enc) - wc_Des_CbcEncrypt(&ctx->cipher.des, dst, src, len); - else - wc_Des_CbcDecrypt(&ctx->cipher.des, dst, src, len); - break; - case DES_EDE3_CBC_TYPE : - WOLFSSL_MSG("DES3 CBC"); - if (ctx->enc) - ret = wc_Des3_CbcEncrypt(&ctx->cipher.des3, dst, src, len); - else - ret = wc_Des3_CbcDecrypt(&ctx->cipher.des3, dst, src, len); - break; -#ifdef WOLFSSL_DES_ECB - case DES_ECB_TYPE : - WOLFSSL_MSG("DES ECB"); - ret = wc_Des_EcbEncrypt(&ctx->cipher.des, dst, src, len); - break; - case DES_EDE3_ECB_TYPE : - WOLFSSL_MSG("DES3 ECB"); - ret = wc_Des3_EcbEncrypt(&ctx->cipher.des3, dst, src, len); - break; -#endif -#endif /* !NO_DES3 */ - -#ifndef NO_RC4 - case ARC4_TYPE : - WOLFSSL_MSG("ARC4"); - wc_Arc4Process(&ctx->cipher.arc4, dst, src, len); - break; -#endif - -#ifdef HAVE_IDEA - case IDEA_CBC_TYPE : - WOLFSSL_MSG("IDEA CBC"); - if (ctx->enc) - wc_IdeaCbcEncrypt(&ctx->cipher.idea, dst, src, len); - else - wc_IdeaCbcDecrypt(&ctx->cipher.idea, dst, src, len); - break; -#endif - case NULL_CIPHER_TYPE : - WOLFSSL_MSG("NULL CIPHER"); - XMEMCPY(dst, src, len); - break; - - default: { - WOLFSSL_MSG("bad type"); - return 0; /* failure */ - } - } - - if (ret != 0) { - WOLFSSL_MSG("wolfSSL_EVP_Cipher failure"); - return 0; /* failure */ - } - - if (wolfSSL_StoreExternalIV(ctx) != WOLFSSL_SUCCESS) { - return WOLFSSL_FAILURE; - } - - WOLFSSL_MSG("wolfSSL_EVP_Cipher success"); - return WOLFSSL_SUCCESS; /* success */ - } - -#define WOLFSSL_EVP_INCLUDED -#include "wolfcrypt/src/evp.c" - - /* store for external read of iv, WOLFSSL_SUCCESS on success */ int wolfSSL_StoreExternalIV(WOLFSSL_EVP_CIPHER_CTX* ctx) { @@ -19518,7 +17417,6 @@ WOLFSSL_X509* wolfSSL_X509_d2i(WOLFSSL_X509** x509, const byte* in, int len) return x509->pubKeyOID; } - /* write X509 serial number in unsigned binary to buffer buffer needs to be at least EXTERNAL_SERIAL_SIZE (32) for all cases return WOLFSSL_SUCCESS on success */ @@ -21848,9 +19746,6 @@ int wolfSSL_X509_NAME_get_text_by_NID(WOLFSSL_X509_NAME* name, return (textSz - 1); /* do not include null character in size */ } -#ifdef HAVE_ECC - static int SetECKeyExternal(WOLFSSL_EC_KEY* eckey); -#endif /* Creates a new WOLFSSL_EVP_PKEY structure that has the public key from x509 * * returns a pointer to the created WOLFSSL_EVP_PKEY on success and NULL on fail @@ -25222,122 +23117,6 @@ int wolfSSL_X509_CRL_verify(WOLFSSL_X509_CRL* crl, WOLFSSL_EVP_PKEY* key) #endif #endif /* OPENSSL_EXTRA */ -#if defined(OPENSSL_EXTRA_X509_SMALL) -/* Subset of OPENSSL_EXTRA for PKEY operations PKEY free is needed by the - * subset of X509 API */ - -WOLFSSL_EVP_PKEY* wolfSSL_PKEY_new(void){ - return wolfSSL_PKEY_new_ex(NULL); -} - - -WOLFSSL_EVP_PKEY* wolfSSL_PKEY_new_ex(void* heap) -{ - WOLFSSL_EVP_PKEY* pkey; - int ret; - WOLFSSL_ENTER("wolfSSL_PKEY_new"); - pkey = (WOLFSSL_EVP_PKEY*)XMALLOC(sizeof(WOLFSSL_EVP_PKEY), heap, - DYNAMIC_TYPE_PUBLIC_KEY); - if (pkey != NULL) { - XMEMSET(pkey, 0, sizeof(WOLFSSL_EVP_PKEY)); - pkey->heap = heap; - pkey->type = WOLFSSL_EVP_PKEY_DEFAULT; -#ifndef HAVE_FIPS - ret = wc_InitRng_ex(&pkey->rng, heap, INVALID_DEVID); -#else - ret = wc_InitRng(&pkey->rng); -#endif - if (ret != 0){ - wolfSSL_EVP_PKEY_free(pkey); - WOLFSSL_MSG("memory failure"); - return NULL; - } - pkey->references = 1; - wc_InitMutex(&pkey->refMutex); - } - else { - WOLFSSL_MSG("memory failure"); - } - - return pkey; -} - - -void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY* key) -{ - int doFree = 0; - WOLFSSL_ENTER("wolfSSL_EVP_PKEY_free"); - if (key != NULL) { - if (wc_LockMutex(&key->refMutex) != 0) { - WOLFSSL_MSG("Couldn't lock pkey mutex"); - } - - /* only free if all references to it are done */ - key->references--; - if (key->references == 0) { - doFree = 1; - } - wc_UnLockMutex(&key->refMutex); - - if (doFree) { - wc_FreeRng(&key->rng); - - if (key->pkey.ptr != NULL) { - XFREE(key->pkey.ptr, key->heap, DYNAMIC_TYPE_PUBLIC_KEY); - key->pkey.ptr = NULL; - } - switch(key->type) - { - #ifndef NO_RSA - case EVP_PKEY_RSA: - if (key->rsa != NULL && key->ownRsa == 1) { - wolfSSL_RSA_free(key->rsa); - key->rsa = NULL; - } - break; - #endif /* NO_RSA */ - - #if defined(HAVE_ECC) && defined(OPENSSL_EXTRA) - case EVP_PKEY_EC: - if (key->ecc != NULL && key->ownEcc == 1) { - wolfSSL_EC_KEY_free(key->ecc); - key->ecc = NULL; - } - break; - #endif /* HAVE_ECC */ - - #ifndef NO_DSA - case EVP_PKEY_DSA: - if (key->dsa != NULL && key->ownDsa == 1) { - wolfSSL_DSA_free(key->dsa); - key->dsa = NULL; - } - break; - #endif /* NO_DSA */ - - #if !defined(NO_DH) && (defined(WOLFSSL_QT) || defined(OPENSSL_ALL)) - case EVP_PKEY_DH: - if (key->dh != NULL && key->ownDh == 1) { - wolfSSL_DH_free(key->dh); - key->dh = NULL; - } - break; - #endif /* ! NO_DH ... */ - - default: - break; - } - - if (wc_FreeMutex(&key->refMutex) != 0) { - WOLFSSL_MSG("Couldn't free pkey mutex"); - } - XFREE(key, key->heap, DYNAMIC_TYPE_PUBLIC_KEY); - } - } -} -#endif /* OPENSSL_EXTRA_X509_SMALL */ - - #ifdef OPENSSL_EXTRA /* Gets pointer to X509_STORE that was used to create context. @@ -30693,7 +28472,7 @@ void wolfSSL_DH_free(WOLFSSL_DH* dh) } } -static int SetDhInternal(WOLFSSL_DH* dh) +int SetDhInternal(WOLFSSL_DH* dh) { int ret = WOLFSSL_FATAL_ERROR; int pSz = 1024; @@ -32884,614 +30663,6 @@ size_t wolfSSL_HMAC_size(const WOLFSSL_HMAC_CTX *ctx) return (size_t)wc_HashGetDigestSize((enum wc_HashType)ctx->hmac.macType); } -const WOLFSSL_EVP_MD* wolfSSL_EVP_get_digestbynid(int id) -{ - WOLFSSL_MSG("wolfSSL_get_digestbynid"); - - switch(id) { -#ifndef NO_MD5 - case NID_md5: - return wolfSSL_EVP_md5(); -#endif -#ifndef NO_SHA - case NID_sha1: - return wolfSSL_EVP_sha1(); -#endif - default: - WOLFSSL_MSG("Bad digest id value"); - } - - return NULL; -} - - -#ifndef NO_RSA -WOLFSSL_RSA* wolfSSL_EVP_PKEY_get0_RSA(WOLFSSL_EVP_PKEY *pkey) -{ - if (!pkey) { - return NULL; - } - return pkey->rsa; -} - -WOLFSSL_RSA* wolfSSL_EVP_PKEY_get1_RSA(WOLFSSL_EVP_PKEY* key) -{ - WOLFSSL_RSA* local; - - WOLFSSL_MSG("wolfSSL_EVP_PKEY_get1_RSA"); - - if (key == NULL) { - return NULL; - } - - local = wolfSSL_RSA_new(); - if (local == NULL) { - WOLFSSL_MSG("Error creating a new WOLFSSL_RSA structure"); - return NULL; - } - - if (key->type == EVP_PKEY_RSA) { - if (wolfSSL_RSA_LoadDer(local, (const unsigned char*)key->pkey.ptr, - key->pkey_sz) != SSL_SUCCESS) { - /* now try public key */ - if (wolfSSL_RSA_LoadDer_ex(local, - (const unsigned char*)key->pkey.ptr, key->pkey_sz, - WOLFSSL_RSA_LOAD_PUBLIC) != SSL_SUCCESS) { - wolfSSL_RSA_free(local); - local = NULL; - } - } - } - else { - WOLFSSL_MSG("WOLFSSL_EVP_PKEY does not hold an RSA key"); - wolfSSL_RSA_free(local); - local = NULL; - } - return local; -} - - -/* with set1 functions the pkey struct does not own the RSA structure - * - * returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure - */ -int wolfSSL_EVP_PKEY_set1_RSA(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_RSA *key) -{ -#if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA) - int derMax = 0; - int derSz = 0; - byte* derBuf = NULL; - RsaKey* rsa = NULL; -#endif - WOLFSSL_ENTER("wolfSSL_EVP_PKEY_set1_RSA"); - if ((pkey == NULL) || (key == NULL)) - return WOLFSSL_FAILURE; - - if (pkey->rsa != NULL && pkey->ownRsa == 1) { - wolfSSL_RSA_free(pkey->rsa); - } - pkey->rsa = key; - pkey->ownRsa = 0; /* pkey does not own RSA */ - pkey->type = EVP_PKEY_RSA; - if (key->inSet == 0) { - if (SetRsaInternal(key) != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("SetRsaInternal failed"); - return WOLFSSL_FAILURE; - } - } - -#if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA) - rsa = (RsaKey*)key->internal; - /* 5 > size of n, d, p, q, d%(p-1), d(q-1), 1/q%p, e + ASN.1 additional - * information */ - derMax = 5 * wolfSSL_RSA_size(key) + (2 * AES_BLOCK_SIZE); - - derBuf = (byte*)XMALLOC(derMax, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (derBuf == NULL) { - WOLFSSL_MSG("malloc failed"); - return WOLFSSL_FAILURE; - } - - if (rsa->type == RSA_PRIVATE) { - /* Private key to DER */ - derSz = wc_RsaKeyToDer(rsa, derBuf, derMax); - } - else { - /* Public key to DER */ - derSz = wc_RsaKeyToPublicDer(rsa, derBuf, derMax); - } - - if (derSz < 0) { - if (rsa->type == RSA_PRIVATE) { - WOLFSSL_MSG("wc_RsaKeyToDer failed"); - } - else { - WOLFSSL_MSG("wc_RsaKeyToPublicDer failed"); - } - XFREE(derBuf, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER); - return WOLFSSL_FAILURE; - } - - pkey->pkey.ptr = (char*)XMALLOC(derSz, pkey->heap, DYNAMIC_TYPE_DER); - if (pkey->pkey.ptr == NULL) { - WOLFSSL_MSG("key malloc failed"); - XFREE(derBuf, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER); - return WOLFSSL_FAILURE; - } - pkey->pkey_sz = derSz; - XMEMCPY(pkey->pkey.ptr, derBuf, derSz); - XFREE(derBuf, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER); -#endif /* WOLFSSL_KEY_GEN && !HAVE_USER_RSA */ - -#ifdef WC_RSA_BLINDING - if (key->ownRng == 0) { - if (wc_RsaSetRNG((RsaKey*)(pkey->rsa->internal), &(pkey->rng)) != 0) { - WOLFSSL_MSG("Error setting RSA rng"); - return WOLFSSL_FAILURE; - } - } -#endif - return WOLFSSL_SUCCESS; -} -#endif /* !NO_RSA */ - -#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || defined(OPENSSL_EXTRA) -#if !defined (NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN) -/* with set1 functions the pkey struct does not own the DSA structure - * - * returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure - */ -int wolfSSL_EVP_PKEY_set1_DSA(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_DSA *key) -{ - int derMax = 0; - int derSz = 0; - DsaKey* dsa = NULL; - byte* derBuf = NULL; - - WOLFSSL_ENTER("wolfSSL_EVP_PKEY_set1_DSA"); - - if((pkey == NULL) || (key == NULL))return WOLFSSL_FAILURE; - if (pkey->dsa != NULL && pkey->ownDsa == 1) { - wolfSSL_DSA_free(pkey->dsa); - } - pkey->dsa = key; - pkey->ownDsa = 0; /* pkey does not own DSA */ - pkey->type = EVP_PKEY_DSA; - if (key->inSet == 0) { - if (SetDsaInternal(key) != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("SetDsaInternal failed"); - return WOLFSSL_FAILURE; - } - } - dsa = (DsaKey*)key->internal; - - /* 4 > size of pub, priv, p, q, g + ASN.1 additional information */ - derMax = 4 * wolfSSL_BN_num_bytes(key->g) + AES_BLOCK_SIZE; - - derBuf = (byte*)XMALLOC(derMax, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (derBuf == NULL) { - WOLFSSL_MSG("malloc failed"); - return WOLFSSL_FAILURE; - } - - if (dsa->type == DSA_PRIVATE) { - /* Private key to DER */ - derSz = wc_DsaKeyToDer(dsa, derBuf, derMax); - } - else { - /* Public key to DER */ - derSz = wc_DsaKeyToPublicDer(dsa, derBuf, derMax); - } - - if (derSz < 0) { - if (dsa->type == DSA_PRIVATE) { - WOLFSSL_MSG("wc_DsaKeyToDer failed"); - } - else { - WOLFSSL_MSG("wc_DsaKeyToPublicDer failed"); - } - XFREE(derBuf, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER); - return WOLFSSL_FAILURE; - } - - pkey->pkey.ptr = (char*)XMALLOC(derSz, pkey->heap, DYNAMIC_TYPE_DER); - if (pkey->pkey.ptr == NULL) { - WOLFSSL_MSG("key malloc failed"); - XFREE(derBuf, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER); - return WOLFSSL_FAILURE; - } - pkey->pkey_sz = derSz; - XMEMCPY(pkey->pkey.ptr, derBuf, derSz); - XFREE(derBuf, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER); - - return WOLFSSL_SUCCESS; -} - -WOLFSSL_DSA* wolfSSL_EVP_PKEY_get1_DSA(WOLFSSL_EVP_PKEY* key) -{ - WOLFSSL_DSA* local; - - WOLFSSL_ENTER("wolfSSL_EVP_PKEY_get1_DSA"); - - if (key == NULL) { - WOLFSSL_MSG("Bad function argument"); - return NULL; - } - - local = wolfSSL_DSA_new(); - if (local == NULL) { - WOLFSSL_MSG("Error creating a new WOLFSSL_DSA structure"); - return NULL; - } - - if (key->type == EVP_PKEY_DSA) { - if (wolfSSL_DSA_LoadDer(local, (const unsigned char*)key->pkey.ptr, - key->pkey_sz) != SSL_SUCCESS) { - /* now try public key */ - if (wolfSSL_DSA_LoadDer_ex(local, - (const unsigned char*)key->pkey.ptr, key->pkey_sz, - WOLFSSL_DSA_LOAD_PUBLIC) != SSL_SUCCESS) { - wolfSSL_DSA_free(local); - local = NULL; - } - } - } - else { - WOLFSSL_MSG("WOLFSSL_EVP_PKEY does not hold a DSA key"); - wolfSSL_DSA_free(local); - local = NULL; - } - return local; -} -#endif /* !NO_DSA && !HAVE_SELFTEST && WOLFSSL_KEY_GEN */ - -#ifdef HAVE_ECC -WOLFSSL_EC_KEY *wolfSSL_EVP_PKEY_get0_EC_KEY(WOLFSSL_EVP_PKEY *pkey) -{ - WOLFSSL_EC_KEY *eckey = NULL; - if (pkey) { -#ifdef HAVE_ECC - eckey = pkey->ecc; -#endif - } - return eckey; -} - -WOLFSSL_EC_KEY* wolfSSL_EVP_PKEY_get1_EC_KEY(WOLFSSL_EVP_PKEY* key) -{ - WOLFSSL_EC_KEY* local; - WOLFSSL_ENTER("wolfSSL_EVP_PKEY_get1_EC_KEY"); - - if (key == NULL) { - return NULL; - } - - local = wolfSSL_EC_KEY_new(); - if (local == NULL) { - WOLFSSL_MSG("Error creating a new WOLFSSL_EC_KEY structure"); - return NULL; - } - - if (key->type == EVP_PKEY_EC) { - if (wolfSSL_EC_KEY_LoadDer(local, (const unsigned char*)key->pkey.ptr, - key->pkey_sz) != SSL_SUCCESS) { - /* now try public key */ - if (wolfSSL_EC_KEY_LoadDer_ex(local, - (const unsigned char*)key->pkey.ptr, - key->pkey_sz, WOLFSSL_EC_KEY_LOAD_PUBLIC) != SSL_SUCCESS) { - - wolfSSL_EC_KEY_free(local); - local = NULL; - } - } - } - else { - WOLFSSL_MSG("WOLFSSL_EVP_PKEY does not hold an EC key"); - wolfSSL_EC_KEY_free(local); - local = NULL; - } -#ifdef OPENSSL_ALL - if (!local && key->ecc) { - local = wolfSSL_EC_KEY_dup(key->ecc); - } -#endif - return local; -} -#endif /* HAVE_ECC */ -#endif /* OPENSSL_ALL || WOLFSSL_QT || OPENSSL_EXTRA */ - -#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) -#if !defined(NO_DH) && !defined(NO_FILESYSTEM) -/* with set1 functions the pkey struct does not own the DH structure - * Build the following DH Key format from the passed in WOLFSSL_DH - * then store in WOLFSSL_EVP_PKEY in DER format. - * - * returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure - */ -int wolfSSL_EVP_PKEY_set1_DH(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_DH *key) -{ - byte havePublic = 0, havePrivate = 0; - int ret; - word32 derSz = 0; - byte* derBuf = NULL; - DhKey* dhkey = NULL; - mp_int pubKey; - mp_int privKey; - - WOLFSSL_ENTER("wolfSSL_EVP_PKEY_set1_DH"); - - if (pkey == NULL || key == NULL) - return WOLFSSL_FAILURE; - - if (pkey->dh != NULL && pkey->ownDh == 1) - wolfSSL_DH_free(pkey->dh); - - pkey->dh = key; - pkey->ownDh = 0; /* pkey does not own DH */ - pkey->type = EVP_PKEY_DH; - if (key->inSet == 0) { - if (SetDhInternal(key) != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("SetDhInternal failed"); - return WOLFSSL_FAILURE; - } - } - - dhkey = (DhKey*)key->internal; - - pubKey = dhkey->pub; - privKey = dhkey->priv; - - havePublic = mp_unsigned_bin_size(&pubKey) > 0; - havePrivate = mp_unsigned_bin_size(&privKey) > 0; - - /* Get size of DER buffer only */ - if (havePublic && !havePrivate) { - ret = wc_DhPubKeyToDer(dhkey, NULL, &derSz); - } else if (havePrivate && !havePublic) { - ret = wc_DhPrivKeyToDer(dhkey, NULL, &derSz); - } else { - ret = wc_DhParamsToDer(dhkey,NULL,&derSz); - } - - if (derSz <= 0 || ret != LENGTH_ONLY_E) { - WOLFSSL_MSG("Failed to get size of DH Key"); - return WOLFSSL_FAILURE; - } - - derBuf = (byte*)XMALLOC(derSz, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (derBuf == NULL) { - WOLFSSL_MSG("malloc failed"); - return WOLFSSL_FAILURE; - } - - /* Fill DER buffer */ - if (havePublic && !havePrivate) { - ret = wc_DhPubKeyToDer(dhkey, derBuf, &derSz); - } else if (havePrivate && !havePublic) { - ret = wc_DhPrivKeyToDer(dhkey, derBuf, &derSz); - } else { - ret = wc_DhParamsToDer(dhkey,derBuf,&derSz); - } - - if (ret <= 0) { - WOLFSSL_MSG("Failed to export DH Key"); - XFREE(derBuf, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER); - return WOLFSSL_FAILURE; - } - - /* Store DH key into pkey (DER format) */ - pkey->pkey.ptr = (char*)XMALLOC(derSz, pkey->heap, DYNAMIC_TYPE_DER); - if (pkey->pkey.ptr == NULL) { - WOLFSSL_MSG("key malloc failed"); - XFREE(derBuf, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER); - return WOLFSSL_FAILURE; - } - pkey->pkey_sz = derSz; - XMEMCPY(pkey->pkey.ptr, derBuf, derSz); - XFREE(derBuf, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER); - - return WOLFSSL_SUCCESS; -} - -WOLFSSL_DH* wolfSSL_EVP_PKEY_get0_DH(WOLFSSL_EVP_PKEY* key) -{ - if (!key) { - return NULL; - } - return key->dh; -} - -WOLFSSL_DH* wolfSSL_EVP_PKEY_get1_DH(WOLFSSL_EVP_PKEY* key) -{ - WOLFSSL_DH* local = NULL; - - WOLFSSL_ENTER("wolfSSL_EVP_PKEY_get1_DH"); - - if (key == NULL || key->dh == NULL) { - WOLFSSL_MSG("Bad function argument"); - return NULL; - } - - if (key->type == EVP_PKEY_DH) { - local = wolfSSL_DH_new(); - if (local == NULL) { - WOLFSSL_MSG("Error creating a new WOLFSSL_DH structure"); - return NULL; - } - - if (wolfSSL_DH_LoadDer(local, (const unsigned char*)key->pkey.ptr, - key->pkey_sz) != SSL_SUCCESS) { - wolfSSL_DH_free(local); - WOLFSSL_MSG("Error wolfSSL_DH_LoadDer"); - local = NULL; - } - } - else { - WOLFSSL_MSG("WOLFSSL_EVP_PKEY does not hold a DH key"); - wolfSSL_DH_free(local); - return NULL; - } - - return local; -} -#endif /* NO_DH && NO_FILESYSTEM */ - -int wolfSSL_EVP_PKEY_assign(WOLFSSL_EVP_PKEY *pkey, int type, void *key) -{ - int ret; - - WOLFSSL_ENTER("wolfSSL_EVP_PKEY_assign"); - - /* pkey and key checked if NULL in subsequent assign functions */ - switch(type) { - #ifndef NO_RSA - case EVP_PKEY_RSA: - ret = wolfSSL_EVP_PKEY_assign_RSA(pkey, (WOLFSSL_RSA*)key); - break; - #endif - #ifndef NO_DSA - case EVP_PKEY_DSA: - ret = wolfSSL_EVP_PKEY_assign_DSA(pkey, (WOLFSSL_DSA*)key); - break; - #endif - #ifdef HAVE_ECC - case EVP_PKEY_EC: - ret = wolfSSL_EVP_PKEY_assign_EC_KEY(pkey, (WOLFSSL_EC_KEY*)key); - break; - #endif - #ifdef NO_DH - case EVP_PKEY_DH: - ret = wolfSSL_EVP_PKEY_assign_DH(pkey, (WOLFSSL_DH*)key); - break; - #endif - default: - WOLFSSL_MSG("Unknown EVP_PKEY type in wolfSSL_EVP_PKEY_assign."); - ret = WOLFSSL_FAILURE; - } - - return ret; -} -#endif /* WOLFSSL_QT || OPENSSL_ALL */ - -#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) -/* try and populate public pkey_sz and pkey.ptr */ -static void ECC_populate_EVP_PKEY(EVP_PKEY* pkey, ecc_key* ecc) -{ - int ret; - if (!pkey || !ecc) - return; - if ((ret = wc_EccPublicKeyDerSize(ecc, 1)) > 0) { - int derSz = ret; - char* derBuf = (char*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (derBuf) { - ret = wc_EccPublicKeyToDer(ecc, (byte*)derBuf, derSz, 1); - if (ret >= 0) { - if (pkey->pkey.ptr) { - XFREE(pkey->pkey.ptr, NULL, DYNAMIC_TYPE_OPENSSL); - } - pkey->pkey_sz = ret; - pkey->pkey.ptr = derBuf; - } - else { /* failure - okay to ignore */ - XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); - derBuf = NULL; - } - } - } -} - -WOLFSSL_API int wolfSSL_EVP_PKEY_set1_EC_KEY(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_EC_KEY *key) -{ -#ifdef HAVE_ECC - if((pkey == NULL) || (key ==NULL))return WOLFSSL_FAILURE; - WOLFSSL_ENTER("wolfSSL_EVP_PKEY_set1_EC_KEY"); -#ifndef NO_RSA - if (pkey->rsa != NULL && pkey->ownRsa == 1) { - wolfSSL_RSA_free(pkey->rsa); - } - pkey->ownRsa = 0; -#endif -#ifndef NO_DSA - if (pkey->dsa != NULL && pkey->ownDsa == 1) { - wolfSSL_DSA_free(pkey->dsa); - } - pkey->ownDsa = 0; -#endif -#ifndef NO_DH - if (pkey->dh != NULL && pkey->ownDh == 1) { - wolfSSL_DH_free(pkey->dh); - } - pkey->ownDh = 0; -#endif - if (pkey->ecc != NULL && pkey->ownEcc == 1) { - wolfSSL_EC_KEY_free(pkey->ecc); - } - pkey->ecc = key; - pkey->ownEcc = 0; /* pkey does not own EC key */ - pkey->type = EVP_PKEY_EC; - ECC_populate_EVP_PKEY(pkey, (ecc_key*)key->internal); - return WOLFSSL_SUCCESS; -#else - (void)pkey; - (void)key; - return WOLFSSL_FAILURE; -#endif -} - -void* wolfSSL_EVP_X_STATE(const WOLFSSL_EVP_CIPHER_CTX* ctx) -{ - WOLFSSL_MSG("wolfSSL_EVP_X_STATE"); - - if (ctx) { - switch (ctx->cipherType) { - case ARC4_TYPE: - WOLFSSL_MSG("returning arc4 state"); - return (void*)&ctx->cipher.arc4.x; - - default: - WOLFSSL_MSG("bad x state type"); - return 0; - } - } - - return NULL; -} -int wolfSSL_EVP_PKEY_assign_EC_KEY(EVP_PKEY* pkey, WOLFSSL_EC_KEY* key) -{ - if (pkey == NULL || key == NULL) - return WOLFSSL_FAILURE; - - pkey->type = EVP_PKEY_EC; - pkey->ecc = key; - pkey->ownEcc = 1; - - /* try and populate public pkey_sz and pkey.ptr */ - ECC_populate_EVP_PKEY(pkey, (ecc_key*)key->internal); - - return WOLFSSL_SUCCESS; -} -#endif /* OPENSSL_EXTRA || HAVE_ECC */ - -int wolfSSL_EVP_X_STATE_LEN(const WOLFSSL_EVP_CIPHER_CTX* ctx) -{ - WOLFSSL_MSG("wolfSSL_EVP_X_STATE_LEN"); - - if (ctx) { - switch (ctx->cipherType) { - case ARC4_TYPE: - WOLFSSL_MSG("returning arc4 state size"); - return sizeof(Arc4); - - default: - WOLFSSL_MSG("bad x state type"); - return 0; - } - } - - return 0; -} - - #ifndef NO_DES3 void wolfSSL_3des_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, int doset, @@ -37327,49 +34498,6 @@ WOLFSSL_EC_GROUP* wolfSSL_PEM_read_bio_ECPKParameters(WOLFSSL_BIO* bio, } #endif /* HAVE_ECC */ -/* return of pkey->type which will be EVP_PKEY_RSA for example. - * - * type type of EVP_PKEY - * - * returns type or if type is not found then NID_undef - */ -int wolfSSL_EVP_PKEY_type(int type) -{ - WOLFSSL_MSG("wolfSSL_EVP_PKEY_type"); - - switch (type) { - #ifdef OPENSSL_EXTRA - case EVP_PKEY_RSA: - return EVP_PKEY_RSA; - case EVP_PKEY_DSA: - return EVP_PKEY_DSA; - case EVP_PKEY_EC: - return EVP_PKEY_EC; - case EVP_PKEY_DH: - return EVP_PKEY_DH; - #endif - default: - return NID_undef; - } -} - - -int wolfSSL_EVP_PKEY_id(const EVP_PKEY *pkey) -{ - if (pkey != NULL) - return pkey->type; - return 0; -} - - -int wolfSSL_EVP_PKEY_base_id(const EVP_PKEY *pkey) -{ - if (pkey == NULL) - return NID_undef; - return wolfSSL_EVP_PKEY_type(pkey->type); -} - - #if !defined(NO_FILESYSTEM) WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_PUBKEY(XFILE fp, EVP_PKEY **x, pem_password_cb *cb, void *u) @@ -37867,9 +34995,9 @@ int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *EM, goto cleanup; } - hashType = wolfSSL_EVP_MD_type(hashAlg); + hashType = wolfSSL_EVP_md2macType(hashAlg); if (hashType < WC_HASH_TYPE_NONE || hashType > WC_HASH_TYPE_MAX) { - WOLFSSL_MSG("wolfSSL_EVP_MD_type error"); + WOLFSSL_MSG("wolfSSL_EVP_md2macType error"); goto cleanup; } @@ -37907,7 +35035,7 @@ int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *EM, if (wc_RsaPad_ex(mHash, wolfSSL_EVP_MD_size(hashAlg), EM, emLen, RSA_BLOCK_TYPE_1, rng, WC_RSA_PSS_PAD, - wolfSSL_EVP_MD_type(hashAlg), mgf, NULL, 0, saltLen, + wolfSSL_EVP_md2macType(hashAlg), mgf, NULL, 0, saltLen, wolfSSL_BN_num_bits(rsa->n), NULL) != MP_OKAY) { WOLFSSL_MSG("wc_RsaPad_ex error"); goto cleanup; @@ -37974,9 +35102,9 @@ int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash, return WOLFSSL_FAILURE; } - hashType = wolfSSL_EVP_MD_type(hashAlg); + hashType = wolfSSL_EVP_md2macType(hashAlg); if (hashType < WC_HASH_TYPE_NONE || hashType > WC_HASH_TYPE_MAX) { - WOLFSSL_MSG("wolfSSL_EVP_MD_type error"); + WOLFSSL_MSG("wolfSSL_EVP_md2macType error"); return WOLFSSL_FAILURE; } diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 1cd30a9e2..af4129fc4 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -26,8 +26,6 @@ #elif defined(WOLFCRYPT_ONLY) #else -#if defined(OPENSSL_EXTRA) - #ifdef HAVE_CONFIG_H #include #endif @@ -37,6 +35,8 @@ #include #include +#if defined(OPENSSL_EXTRA) + #ifndef NO_AES #ifdef HAVE_AES_CBC #ifdef WOLFSSL_AES_128 @@ -3299,11 +3299,22 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) } } - - /* returns the type of message digest used by the ctx */ + /* returns the NID of message digest used by the ctx */ int wolfSSL_EVP_MD_CTX_type(const WOLFSSL_EVP_MD_CTX *ctx) { + const struct s_ent *ent; + WOLFSSL_ENTER("EVP_MD_CTX_type"); - return ctx->macType; + + if (ctx) { + for(ent = md_tbl; ent->name != NULL; ent++) { + if (ctx->macType == ent->macType) { + return ent->nid; + } + } + /* Return whatever we got */ + return ctx->macType; + } + return 0; } @@ -3331,8 +3342,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) wolfSSL_HmacCopy(&des->hash.hmac, (Hmac*)&src->hash.hmac); } else { - int macType = wolfSSL_EVP_md2macType(EVP_MD_CTX_md(src)); - switch (macType) { + switch (src->macType) { #ifndef NO_MD5 case WC_HASH_TYPE_MD5: wc_Md5Copy((wc_Md5*)&src->hash.digest, @@ -3436,7 +3446,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) return NULL; WOLFSSL_ENTER("EVP_MD_CTX_md"); for(ent = md_tbl; ent->name != NULL; ent++) { - if(ctx->macType == ent->nid) { + if(ctx->macType == ent->macType) { return (const WOLFSSL_EVP_MD *)ent->name; } } @@ -3794,8 +3804,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) wc_HmacFree(&ctx->hash.hmac); } else { - int macType = wolfSSL_EVP_md2macType(EVP_MD_CTX_md(ctx)); - switch (macType) { + switch (ctx->macType) { #ifndef NO_MD5 case WC_HASH_TYPE_MD5: wc_Md5Free((wc_Md5*)&ctx->hash.digest); @@ -3947,7 +3956,12 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) WOLFSSL_MSG("wc_RNG_GenerateBlock failed"); ret = WOLFSSL_FAILURE; } - wc_FreeRng(&rng); + + if (wc_FreeRng(&rng) != 0) { + WOLFSSL_MSG("wc_FreeRng failed"); + ret = WOLFSSL_FAILURE; + break; + } } break; #if !defined(_WIN32) && !defined(HAVE_FIPS) @@ -4104,12 +4118,12 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) WOLFSSL_ENTER("wolfSSL_EVP_CipherInit"); if (ctx == NULL) { WOLFSSL_MSG("no ctx"); - return 0; /* failure */ + return WOLFSSL_FAILURE; } if (type == NULL && ctx->cipherType == WOLFSSL_EVP_CIPH_TYPE_INIT) { WOLFSSL_MSG("no type set"); - return 0; /* failure */ + return WOLFSSL_FAILURE; } if (ctx->cipherType == WOLFSSL_EVP_CIPH_TYPE_INIT){ /* only first EVP_CipherInit invoke. ctx->cipherType is set below */ @@ -4144,12 +4158,12 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION, 0); if (ret != 0) - return ret; + return WOLFSSL_FAILURE; } if (iv && key == NULL) { ret = wc_AesSetIV(&ctx->cipher.aes, iv); if (ret != 0) - return ret; + return WOLFSSL_FAILURE; } } #endif /* WOLFSSL_AES_128 */ @@ -4169,12 +4183,12 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION, 0); if (ret != 0) - return ret; + return WOLFSSL_FAILURE; } if (iv && key == NULL) { ret = wc_AesSetIV(&ctx->cipher.aes, iv); if (ret != 0) - return ret; + return WOLFSSL_FAILURE; } } #endif /* WOLFSSL_AES_192 */ @@ -4195,19 +4209,20 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION, 0); if (ret != 0){ WOLFSSL_MSG("AesSetKey() failed"); - return ret; + return WOLFSSL_FAILURE; } } if (iv && key == NULL) { ret = wc_AesSetIV(&ctx->cipher.aes, iv); if (ret != 0){ WOLFSSL_MSG("wc_AesSetIV() failed"); - return ret; + return WOLFSSL_FAILURE; } } } #endif /* WOLFSSL_AES_256 */ #endif /* HAVE_AES_CBC */ +#if !defined(_WIN32) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #ifdef HAVE_AESGCM #ifdef WOLFSSL_AES_128 if (ctx->cipherType == AES_128_GCM_TYPE || @@ -4222,17 +4237,16 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) ctx->ivSz = GCM_NONCE_MID_SZ; XMEMSET(ctx->authTag, 0, ctx->authTagSz); - if (iv) - XMEMCPY(ctx->iv, iv, ctx->ivSz); - else - XMEMSET(ctx->iv, 0, AES_BLOCK_SIZE); + if (key && wc_AesGcmSetKey(&ctx->cipher.aes, key, ctx->keyLen)) { + WOLFSSL_MSG("wc_AesGcmSetKey() failed"); + return WOLFSSL_FAILURE; + } + if (iv && wc_AesGcmSetExtIV(&ctx->cipher.aes, iv, GCM_NONCE_MID_SZ)) { + WOLFSSL_MSG("wc_AesGcmSetExtIV() failed"); + return WOLFSSL_FAILURE; + } if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; - if (key) { - ret = wc_AesGcmSetKey(&ctx->cipher.aes, key, ctx->keyLen); - if (ret != 0) - return ret; - } } #endif /* WOLFSSL_AES_128 */ #ifdef WOLFSSL_AES_192 @@ -4248,17 +4262,16 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) ctx->ivSz = GCM_NONCE_MID_SZ; XMEMSET(ctx->authTag, 0, ctx->authTagSz); - if (iv) - XMEMCPY(ctx->iv, iv, ctx->ivSz); - else - XMEMSET(ctx->iv, 0, AES_BLOCK_SIZE); + if (key && wc_AesGcmSetKey(&ctx->cipher.aes, key, ctx->keyLen)) { + WOLFSSL_MSG("wc_AesGcmSetKey() failed"); + return WOLFSSL_FAILURE; + } + if (iv && wc_AesGcmSetExtIV(&ctx->cipher.aes, iv, GCM_NONCE_MID_SZ)) { + WOLFSSL_MSG("wc_AesGcmSetExtIV() failed"); + return WOLFSSL_FAILURE; + } if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; - if (key) { - ret = wc_AesGcmSetKey(&ctx->cipher.aes, key, ctx->keyLen); - if (ret != 0) - return ret; - } } #endif /* WOLFSSL_AES_192 */ #ifdef WOLFSSL_AES_256 @@ -4274,22 +4287,20 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) ctx->ivSz = GCM_NONCE_MID_SZ; XMEMSET(ctx->authTag, 0, ctx->authTagSz); - if (iv) - XMEMCPY(ctx->iv, iv, ctx->ivSz); - else - XMEMSET(ctx->iv, 0, AES_BLOCK_SIZE); + if (key && wc_AesGcmSetKey(&ctx->cipher.aes, key, ctx->keyLen)) { + WOLFSSL_MSG("wc_AesGcmSetKey() failed"); + return WOLFSSL_FAILURE; + } + if (iv && wc_AesGcmSetExtIV(&ctx->cipher.aes, iv, GCM_NONCE_MID_SZ)) { + WOLFSSL_MSG("wc_AesGcmSetExtIV() failed"); + return WOLFSSL_FAILURE; + } if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; - if (key) { - ret = wc_AesGcmSetKey(&ctx->cipher.aes, key, ctx->keyLen); - if (ret != 0){ - WOLFSSL_MSG("AesSetKey() failed"); - return ret; - } - } } #endif /* WOLFSSL_AES_256 */ #endif /* HAVE_AESGCM */ +#endif /* !defined(_WIN32) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) */ #ifdef WOLFSSL_AES_COUNTER #ifdef WOLFSSL_AES_128 if (ctx->cipherType == AES_128_CTR_TYPE || @@ -4310,12 +4321,12 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, AES_ENCRYPTION, 1); if (ret != 0) - return ret; + return WOLFSSL_FAILURE; } if (iv && key == NULL) { ret = wc_AesSetIV(&ctx->cipher.aes, iv); if (ret != 0) - return ret; + return WOLFSSL_FAILURE; } } #endif /* WOLFSSL_AES_128 */ @@ -4338,12 +4349,12 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, AES_ENCRYPTION, 1); if (ret != 0) - return ret; + return WOLFSSL_FAILURE; } if (iv && key == NULL) { ret = wc_AesSetIV(&ctx->cipher.aes, iv); if (ret != 0) - return ret; + return WOLFSSL_FAILURE; } } #endif /* WOLFSSL_AES_192 */ @@ -4366,12 +4377,12 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, AES_ENCRYPTION, 1); if (ret != 0) - return ret; + return WOLFSSL_FAILURE; } if (iv && key == NULL) { ret = wc_AesSetIV(&ctx->cipher.aes, iv); if (ret != 0) - return ret; + return WOLFSSL_FAILURE; } } #endif /* WOLFSSL_AES_256 */ @@ -4392,7 +4403,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION, 1); } if (ret != 0) - return ret; + return WOLFSSL_FAILURE; } #endif /* WOLFSSL_AES_128 */ #ifdef WOLFSSL_AES_192 @@ -4411,7 +4422,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION, 1); } if (ret != 0) - return ret; + return WOLFSSL_FAILURE; } #endif /* WOLFSSL_AES_192 */ #ifdef WOLFSSL_AES_256 @@ -4430,7 +4441,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION, 1); } if (ret != 0) - return ret; + return WOLFSSL_FAILURE; } #endif /* WOLFSSL_AES_256 */ #ifdef WOLFSSL_AES_CFB @@ -4449,12 +4460,12 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, AES_ENCRYPTION, 0); if (ret != 0) - return ret; + return WOLFSSL_FAILURE; } if (iv && key == NULL) { ret = wc_AesSetIV(&ctx->cipher.aes, iv); if (ret != 0) - return ret; + return WOLFSSL_FAILURE; } } #endif /* WOLFSSL_AES_128 */ @@ -4473,12 +4484,12 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, AES_ENCRYPTION, 0); if (ret != 0) - return ret; + return WOLFSSL_FAILURE; } if (iv && key == NULL) { ret = wc_AesSetIV(&ctx->cipher.aes, iv); if (ret != 0) - return ret; + return WOLFSSL_FAILURE; } } #endif /* WOLFSSL_AES_192 */ @@ -4498,14 +4509,14 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) AES_ENCRYPTION, 0); if (ret != 0){ WOLFSSL_MSG("AesSetKey() failed"); - return ret; + return WOLFSSL_FAILURE; } } if (iv && key == NULL) { ret = wc_AesSetIV(&ctx->cipher.aes, iv); if (ret != 0){ WOLFSSL_MSG("wc_AesSetIV() failed"); - return ret; + return WOLFSSL_FAILURE; } } } @@ -4525,12 +4536,12 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, AES_ENCRYPTION, 0); if (ret != 0) - return ret; + return WOLFSSL_FAILURE; } if (iv && key == NULL) { ret = wc_AesSetIV(&ctx->cipher.aes, iv); if (ret != 0) - return ret; + return WOLFSSL_FAILURE; } } #endif /* WOLFSSL_AES_128 */ @@ -4549,12 +4560,12 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, AES_ENCRYPTION, 0); if (ret != 0) - return ret; + return WOLFSSL_FAILURE; } if (iv && key == NULL) { ret = wc_AesSetIV(&ctx->cipher.aes, iv); if (ret != 0) - return ret; + return WOLFSSL_FAILURE; } } #endif /* WOLFSSL_AES_192 */ @@ -4574,14 +4585,14 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) AES_ENCRYPTION, 0); if (ret != 0){ WOLFSSL_MSG("AesSetKey() failed"); - return ret; + return WOLFSSL_FAILURE; } } if (iv && key == NULL) { ret = wc_AesSetIV(&ctx->cipher.aes, iv); if (ret != 0){ WOLFSSL_MSG("wc_AesSetIV() failed"); - return ret; + return WOLFSSL_FAILURE; } } } @@ -4601,12 +4612,12 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, AES_ENCRYPTION, 0); if (ret != 0) - return ret; + return WOLFSSL_FAILURE; } if (iv && key == NULL) { ret = wc_AesSetIV(&ctx->cipher.aes, iv); if (ret != 0) - return ret; + return WOLFSSL_FAILURE; } } #endif /* WOLFSSL_AES_128 */ @@ -4625,12 +4636,12 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, AES_ENCRYPTION, 0); if (ret != 0) - return ret; + return WOLFSSL_FAILURE; } if (iv && key == NULL) { ret = wc_AesSetIV(&ctx->cipher.aes, iv); if (ret != 0) - return ret; + return WOLFSSL_FAILURE; } } #endif /* WOLFSSL_AES_192 */ @@ -4650,14 +4661,14 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) AES_ENCRYPTION, 0); if (ret != 0){ WOLFSSL_MSG("AesSetKey() failed"); - return ret; + return WOLFSSL_FAILURE; } } if (iv && key == NULL) { ret = wc_AesSetIV(&ctx->cipher.aes, iv); if (ret != 0){ WOLFSSL_MSG("wc_AesSetIV() failed"); - return ret; + return WOLFSSL_FAILURE; } } } @@ -4679,12 +4690,12 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, AES_ENCRYPTION, 0); if (ret != 0) - return ret; + return WOLFSSL_FAILURE; } if (iv && key == NULL) { ret = wc_AesSetIV(&ctx->cipher.aes, iv); if (ret != 0) - return ret; + return WOLFSSL_FAILURE; } } #endif /* WOLFSSL_AES_128 */ @@ -4703,12 +4714,12 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, AES_ENCRYPTION, 0); if (ret != 0) - return ret; + return WOLFSSL_FAILURE; } if (iv && key == NULL) { ret = wc_AesSetIV(&ctx->cipher.aes, iv); if (ret != 0) - return ret; + return WOLFSSL_FAILURE; } } #endif /* WOLFSSL_AES_192 */ @@ -4728,14 +4739,14 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) AES_ENCRYPTION, 0); if (ret != 0){ WOLFSSL_MSG("AesSetKey() failed"); - return ret; + return WOLFSSL_FAILURE; } } if (iv && key == NULL) { ret = wc_AesSetIV(&ctx->cipher.aes, iv); if (ret != 0){ WOLFSSL_MSG("wc_AesSetIV() failed"); - return ret; + return WOLFSSL_FAILURE; } } } @@ -4767,7 +4778,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION, NULL, 0); if (ret != 0) { WOLFSSL_MSG("wc_AesXtsSetKey() failed"); - return ret; + return WOLFSSL_FAILURE; } } } @@ -4797,7 +4808,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION, NULL, 0); if (ret != 0) { WOLFSSL_MSG("wc_AesXtsSetKey() failed"); - return ret; + return WOLFSSL_FAILURE; } } } @@ -4821,7 +4832,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) ret = wc_Des_SetKey(&ctx->cipher.des, key, iv, ctx->enc ? DES_ENCRYPTION : DES_DECRYPTION); if (ret != 0) - return ret; + return WOLFSSL_FAILURE; } if (iv && key == NULL) @@ -4843,7 +4854,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) ret = wc_Des_SetKey(&ctx->cipher.des, key, NULL, ctx->enc ? DES_ENCRYPTION : DES_DECRYPTION); if (ret != 0) - return ret; + return WOLFSSL_FAILURE; } } #endif @@ -4863,13 +4874,13 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) ret = wc_Des3_SetKey(&ctx->cipher.des3, key, iv, ctx->enc ? DES_ENCRYPTION : DES_DECRYPTION); if (ret != 0) - return ret; + return WOLFSSL_FAILURE; } if (iv && key == NULL) { ret = wc_Des3_SetIV(&ctx->cipher.des3, iv); if (ret != 0) - return ret; + return WOLFSSL_FAILURE; } } else if (ctx->cipherType == DES_EDE3_ECB_TYPE || @@ -4887,7 +4898,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) ret = wc_Des3_SetKey(&ctx->cipher.des3, key, NULL, ctx->enc ? DES_ENCRYPTION : DES_DECRYPTION); if (ret != 0) - return ret; + return WOLFSSL_FAILURE; } } #endif /* NO_DES3 */ @@ -4922,7 +4933,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) iv, ctx->enc ? IDEA_ENCRYPTION : IDEA_DECRYPTION); if (ret != 0) - return ret; + return WOLFSSL_FAILURE; } if (iv && key == NULL) @@ -4947,7 +4958,6 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) return WOLFSSL_SUCCESS; } - /* WOLFSSL_SUCCESS on ok */ int wolfSSL_EVP_CIPHER_CTX_key_length(WOLFSSL_EVP_CIPHER_CTX* ctx) { @@ -4958,7 +4968,6 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) return 0; /* failure */ } - /* WOLFSSL_SUCCESS on ok */ int wolfSSL_EVP_CIPHER_CTX_set_key_length(WOLFSSL_EVP_CIPHER_CTX* ctx, int keylen) @@ -5249,7 +5258,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) #endif /* Set to 0 if no match */ - ctx->macType = wolfSSL_EVP_MD_type(md); + ctx->macType = wolfSSL_EVP_md2macType(md); if (XSTRNCMP(md, "SHA256", 6) == 0) { ret = wolfSSL_SHA256_Init(&(ctx->hash.digest.sha256)); } @@ -5895,6 +5904,14 @@ int wolfSSL_EVP_PKEY_set1_DH(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_DH *key) return WOLFSSL_SUCCESS; } +WOLFSSL_DH* wolfSSL_EVP_PKEY_get0_DH(WOLFSSL_EVP_PKEY* key) +{ + if (!key) { + return NULL; + } + return key->dh; +} + WOLFSSL_DH* wolfSSL_EVP_PKEY_get1_DH(WOLFSSL_EVP_PKEY* key) { WOLFSSL_DH* local = NULL; @@ -5907,7 +5924,6 @@ WOLFSSL_DH* wolfSSL_EVP_PKEY_get1_DH(WOLFSSL_EVP_PKEY* key) } if (key->type == EVP_PKEY_DH) { - local = wolfSSL_DH_new(); if (local == NULL) { WOLFSSL_MSG("Error creating a new WOLFSSL_DH structure"); @@ -6369,6 +6385,8 @@ int wolfSSL_EVP_PKEY_type(int type) return EVP_PKEY_DSA; case EVP_PKEY_EC: return EVP_PKEY_EC; + case EVP_PKEY_DH: + return EVP_PKEY_DH; default: return NID_undef; } @@ -6472,18 +6490,19 @@ int wolfSSL_EVP_PKEY_assign_DH(EVP_PKEY* pkey, WOLFSSL_DH* key) #endif /* OPENSSL_EXTRA */ -#ifdef OPENSSL_EXTRA_X509_SMALL +#if defined(OPENSSL_EXTRA_X509_SMALL) +/* Subset of OPENSSL_EXTRA for PKEY operations PKEY free is needed by the + * subset of X509 API */ WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new(void){ return wolfSSL_EVP_PKEY_new_ex(NULL); } - WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_ex(void* heap) { WOLFSSL_EVP_PKEY* pkey; int ret; - WOLFSSL_ENTER("wolfSSL_EVP_PKEY_new"); + WOLFSSL_ENTER("wolfSSL_EVP_PKEY_new_ex"); pkey = (WOLFSSL_EVP_PKEY*)XMALLOC(sizeof(WOLFSSL_EVP_PKEY), heap, DYNAMIC_TYPE_PUBLIC_KEY); if (pkey != NULL) { @@ -6544,14 +6563,14 @@ void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY* key) break; #endif /* NO_RSA */ - #ifdef HAVE_ECC + #if defined(HAVE_ECC) && defined(OPENSSL_EXTRA) case EVP_PKEY_EC: if (key->ecc != NULL && key->ownEcc == 1) { wolfSSL_EC_KEY_free(key->ecc); key->ecc = NULL; } break; - #endif /* HAVE_ECC */ + #endif /* HAVE_ECC && OPENSSL_EXTRA */ #ifndef NO_DSA case EVP_PKEY_DSA: