diff --git a/src/bio.c b/src/bio.c index 7a8e7db27..c13479801 100644 --- a/src/bio.c +++ b/src/bio.c @@ -161,8 +161,7 @@ static int wolfSSL_BIO_MD_read(WOLFSSL_BIO* bio, void* buf, int sz) { int ret = sz; - if (wolfSSL_EVP_MD_CTX_type((WOLFSSL_EVP_MD_CTX*)bio->ptr) == - (NID_hmac & 0xFF)) { + if (wolfSSL_EVP_MD_CTX_type((WOLFSSL_EVP_MD_CTX*)bio->ptr) == NID_hmac) { if (wolfSSL_EVP_DigestSignUpdate((WOLFSSL_EVP_MD_CTX*)bio->ptr, buf, sz) != WOLFSSL_SUCCESS) { @@ -470,8 +469,7 @@ static int wolfSSL_BIO_MD_write(WOLFSSL_BIO* bio, const void* data, int len) return BAD_FUNC_ARG; } - if (wolfSSL_EVP_MD_CTX_type((WOLFSSL_EVP_MD_CTX*)bio->ptr) == - (NID_hmac & 0xFF)) { + if (wolfSSL_EVP_MD_CTX_type((WOLFSSL_EVP_MD_CTX*)bio->ptr) == NID_hmac) { if (wolfSSL_EVP_DigestSignUpdate((WOLFSSL_EVP_MD_CTX*)bio->ptr, data, len) != WOLFSSL_SUCCESS) { ret = WOLFSSL_BIO_ERROR; diff --git a/src/ssl.c b/src/ssl.c index 578c7a088..e7d6efdb1 100755 --- a/src/ssl.c +++ b/src/ssl.c @@ -16039,7 +16039,6 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, return WOLFSSL_SUCCESS; } - /* set internal IV from external, WOLFSSL_SUCCESS on success */ int wolfSSL_SetInternalIV(WOLFSSL_EVP_CIPHER_CTX* ctx) { @@ -29245,7 +29244,7 @@ static void show(const char *title, const unsigned char *out, unsigned int outle #define show(a,b,c) #endif -/* return SSL_SUCCES on ok, 0 otherwise */ +/* return SSL_SUCCESS on ok, 0 otherwise */ int wolfSSL_RSA_sign(int type, const unsigned char* m, unsigned int mLen, unsigned char* sigRet, unsigned int* sigLen, WOLFSSL_RSA* rsa) @@ -29296,6 +29295,18 @@ int wolfSSL_RSA_sign_ex(int type, const unsigned char* m, #endif #ifdef WOLFSSL_SHA512 case NID_sha512: type = SHA512h; break; + #endif + #ifndef WOLFSSL_NOSHA3_224 + case NID_sha3_224: type = SHA3_224h; break; + #endif + #ifndef WOLFSSL_NOSHA3_256 + case NID_sha3_256: type = SHA3_256h; break; + #endif + #ifndef WOLFSSL_NOSHA3_384 + case NID_sha3_384: type = SHA3_384h; break; + #endif + #ifndef WOLFSSL_NOSHA3_512 + case NID_sha3_512: type = SHA3_512h; break; #endif default: WOLFSSL_MSG("This NID (md type) not configured or not implemented"); diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 5fd7ad8ab..180e98514 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -1709,91 +1709,61 @@ int wolfSSL_EVP_SignUpdate(WOLFSSL_EVP_MD_CTX *ctx, const void *data, size_t len } static const struct s_ent { - const unsigned char macType; + const int macType; + const int nid; const char *name; } md_tbl[] = { #ifndef NO_MD4 - {WC_HASH_TYPE_MD4, "MD4"}, + {WC_HASH_TYPE_MD4, NID_md4, "MD4"}, #endif /* NO_MD4 */ #ifndef NO_MD5 - {WC_HASH_TYPE_MD5, "MD5"}, + {WC_HASH_TYPE_MD5, NID_md5, "MD5"}, #endif /* NO_MD5 */ #ifndef NO_SHA - {WC_HASH_TYPE_SHA, "SHA"}, + {WC_HASH_TYPE_SHA, NID_sha1, "SHA"}, #endif /* NO_SHA */ #ifdef WOLFSSL_SHA224 - {WC_HASH_TYPE_SHA224, "SHA224"}, + {WC_HASH_TYPE_SHA224, NID_sha224, "SHA224"}, #endif /* WOLFSSL_SHA224 */ #ifndef NO_SHA256 - {WC_HASH_TYPE_SHA256, "SHA256"}, + {WC_HASH_TYPE_SHA256, NID_sha256, "SHA256"}, #endif #ifdef WOLFSSL_SHA384 - {WC_HASH_TYPE_SHA384, "SHA384"}, + {WC_HASH_TYPE_SHA384, NID_sha384, "SHA384"}, #endif /* WOLFSSL_SHA384 */ #ifdef WOLFSSL_SHA512 - {WC_HASH_TYPE_SHA512, "SHA512"}, + {WC_HASH_TYPE_SHA512, NID_sha512, "SHA512"}, #endif /* WOLFSSL_SHA512 */ #ifndef WOLFSSL_NOSHA3_224 - {WC_HASH_TYPE_SHA3_224, "SHA3_224"}, + {WC_HASH_TYPE_SHA3_224, NID_sha3_224, "SHA3_224"}, #endif #ifndef WOLFSSL_NOSHA3_256 - {WC_HASH_TYPE_SHA3_256, "SHA3_256"}, + {WC_HASH_TYPE_SHA3_256, NID_sha3_256, "SHA3_256"}, #endif - {WC_HASH_TYPE_SHA3_384, "SHA3_384"}, + {WC_HASH_TYPE_SHA3_384, NID_sha3_384, "SHA3_384"}, #ifndef WOLFSSL_NOSHA3_512 - {WC_HASH_TYPE_SHA3_512, "SHA3_512"}, + {WC_HASH_TYPE_SHA3_512, NID_sha3_512, "SHA3_512"}, #endif - {0, NULL} + {0, 0, NULL} }; -static WOLFSSL_EVP_MD *wolfSSL_EVP_get_md(const unsigned char type) +static int wolfSSL_EVP_md2macType(const WOLFSSL_EVP_MD *md) { const struct s_ent *ent ; - WOLFSSL_ENTER("EVP_get_md"); - for( ent = md_tbl; ent->name != NULL; ent++){ - if(type == ent->macType) { - return (WOLFSSL_EVP_MD *)ent->name; - } - } - return (WOLFSSL_EVP_MD *)""; -} -/* macro guard because currently only used with RSA */ -#if !defined(NO_RSA) && !defined(HAVE_USER_RSA) -/* Helper function for getting the NID value from md - * - * returns the NID value associated with md on success */ -static int md2nid(const unsigned char md) -{ - const char * d; - d = (const char *)wolfSSL_EVP_get_md(md); - if (XSTRNCMP(d, "SHA", 3) == 0) { - if (XSTRLEN(d) > 3) { - if (XSTRNCMP(d, "SHA256", 6) == 0) { - return NID_sha256; + if (md != NULL) { + for( ent = md_tbl; ent->name != NULL; ent++) { + if(XSTRNCMP((const char *)md, ent->name, XSTRLEN(ent->name)+1) == 0) { + return ent->macType; } - if (XSTRNCMP(d, "SHA384", 6) == 0) { - return NID_sha384; - } - if (XSTRNCMP(d, "SHA512", 6) == 0) { - return NID_sha512; - } - WOLFSSL_MSG("Unknown SHA type"); - return 0; - } - else { - return NID_sha1; } } - if (XSTRNCMP(d, "MD5", 3) == 0) - return NID_md5; - return 0; + return WC_HASH_TYPE_NONE; } -#endif /* NO_RSA */ /* Finalize structure for signing * @@ -1822,7 +1792,7 @@ int wolfSSL_EVP_SignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sigret, switch (pkey->type) { #if !defined(NO_RSA) && !defined(HAVE_USER_RSA) case EVP_PKEY_RSA: { - int nid = md2nid(ctx->macType); + int nid = wolfSSL_EVP_MD_type(wolfSSL_EVP_MD_CTX_md(ctx)); if (nid < 0) break; return wolfSSL_RSA_sign(nid, md, mdsize, sigret, siglen, pkey->rsa); @@ -1898,7 +1868,7 @@ int wolfSSL_EVP_VerifyFinal(WOLFSSL_EVP_MD_CTX *ctx, switch (pkey->type) { #if !defined(NO_RSA) && !defined(HAVE_USER_RSA) case EVP_PKEY_RSA: { - int nid = md2nid(ctx->macType); + int nid = wolfSSL_EVP_MD_type(wolfSSL_EVP_MD_CTX_md(ctx)); if (nid < 0) break; return wolfSSL_RSA_verify(nid, md, mdsize, sig, (unsigned int)siglen, pkey->rsa); @@ -2017,7 +1987,7 @@ static int wolfSSL_evp_digest_pk_init(WOLFSSL_EVP_MD_CTX *ctx, if (wc_HmacSetKey(&ctx->hash.hmac, hashType, key, (word32)keySz) != 0) return WOLFSSL_FAILURE; - ctx->macType = NID_hmac & 0xFF; + ctx->macType = NID_hmac; } else { int ret; @@ -2044,7 +2014,7 @@ static int wolfssl_evp_digest_pk_update(WOLFSSL_EVP_MD_CTX *ctx, const void *d, unsigned int cnt) { if (ctx->pctx == NULL) { - if (ctx->macType != (NID_hmac & 0xFF)) + if (ctx->macType != NID_hmac) return WOLFSSL_FAILURE; if (wc_HmacUpdate(&ctx->hash.hmac, (const byte *)d, cnt) != 0) @@ -2068,7 +2038,7 @@ static int wolfssl_evp_digest_pk_final(WOLFSSL_EVP_MD_CTX *ctx, if (ctx->pctx == NULL) { Hmac hmacCopy; - if (ctx->macType != (NID_hmac & 0xFF)) + if (ctx->macType != NID_hmac) return WOLFSSL_FAILURE; if (wolfSSL_HmacCopy(&hmacCopy, &ctx->hash.hmac) != WOLFSSL_SUCCESS) @@ -2183,7 +2153,7 @@ int wolfSSL_EVP_DigestSignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sig, /* Return the maximum size of the signaure when sig is NULL. */ if (ctx->pctx == NULL) { - if (ctx->macType != (NID_hmac & 0xFF)) + if (ctx->macType != NID_hmac) return WOLFSSL_FAILURE; hashLen = wolfssl_mac_len(ctx->hash.hmac.macType); @@ -2230,7 +2200,7 @@ int wolfSSL_EVP_DigestSignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sig, #if !defined(NO_RSA) && !defined(HAVE_USER_RSA) case EVP_PKEY_RSA: { unsigned int sigSz; - int nid = md2nid(ctx->macType); + int nid = wolfSSL_EVP_MD_type(wolfSSL_EVP_MD_CTX_md(ctx)); if (nid < 0) break; ret = wolfSSL_RSA_sign(nid, digest, hashLen, sig, &sigSz, @@ -2301,7 +2271,7 @@ int wolfSSL_EVP_DigestVerifyFinal(WOLFSSL_EVP_MD_CTX *ctx, return WOLFSSL_FAILURE; if (ctx->pctx == NULL) { - if (ctx->macType != (NID_hmac & 0xFF)) + if (ctx->macType != NID_hmac) return WOLFSSL_FAILURE; hashLen = wolfssl_mac_len(ctx->hash.hmac.macType); @@ -2325,7 +2295,7 @@ int wolfSSL_EVP_DigestVerifyFinal(WOLFSSL_EVP_MD_CTX *ctx, switch (ctx->pctx->pkey->type) { #if !defined(NO_RSA) && !defined(HAVE_USER_RSA) case EVP_PKEY_RSA: { - int nid = md2nid(ctx->macType); + int nid = wolfSSL_EVP_MD_type(wolfSSL_EVP_MD_CTX_md(ctx)); if (nid < 0) return WOLFSSL_FAILURE; return wolfSSL_RSA_verify(nid, digest, hashLen, sig, @@ -2474,7 +2444,7 @@ WOLFSSL_API int wolfSSL_PKCS5_PBKDF2_HMAC(const char *pass, int passlen, } ret = wc_PBKDF2((byte*)out, (byte*)pass, passlen, (byte*)salt, saltlen, - iter, keylen, wolfSSL_EVP_MD_type(digest)); + iter, keylen, wolfSSL_EVP_md2macType(digest)); if (ret == 0) return WOLFSSL_SUCCESS; else @@ -3079,7 +3049,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) WOLFSSL_ENTER("EVP_MD_type"); for( ent = md_tbl; ent->name != NULL; ent++){ if(XSTRNCMP((const char *)md, ent->name, XSTRLEN(ent->name)+1) == 0) { - return ent->macType; + return ent->nid; } } return 0; @@ -3243,11 +3213,12 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) static int wolfSSL_EVP_MD_Copy_Hasher(WOLFSSL_EVP_MD_CTX* des, const WOLFSSL_EVP_MD_CTX* src) { - if (src->macType == (NID_hmac & 0xFF)) { + if (src->macType == NID_hmac) { wolfSSL_HmacCopy(&des->hash.hmac, (Hmac*)&src->hash.hmac); } else { - switch (src->macType) { + int macType = wolfSSL_EVP_md2macType(EVP_MD_CTX_md(src)); + switch (macType) { #ifndef NO_MD5 case WC_HASH_TYPE_MD5: wc_Md5Copy((wc_Md5*)&src->hash.digest, @@ -3346,10 +3317,16 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) const WOLFSSL_EVP_MD *wolfSSL_EVP_MD_CTX_md(const WOLFSSL_EVP_MD_CTX *ctx) { + const struct s_ent *ent; if (ctx == NULL) return NULL; WOLFSSL_ENTER("EVP_MD_CTX_md"); - return (const WOLFSSL_EVP_MD *)wolfSSL_EVP_get_md(ctx->macType); + for(ent = md_tbl; ent->name != NULL; ent++) { + if(ctx->macType == ent->nid) { + return (const WOLFSSL_EVP_MD *)ent->name; + } + } + return (WOLFSSL_EVP_MD *)NULL; } #ifndef NO_AES @@ -3699,11 +3676,12 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) if (ctx->pctx != NULL) wolfSSL_EVP_PKEY_CTX_free(ctx->pctx); - if (ctx->macType == (NID_hmac & 0xFF)) { + if (ctx->macType == NID_hmac) { wc_HmacFree(&ctx->hash.hmac); } else { - switch (ctx->macType) { + int macType = wolfSSL_EVP_md2macType(EVP_MD_CTX_md(ctx)); + switch (macType) { #ifndef NO_MD5 case WC_HASH_TYPE_MD5: wc_Md5Free((wc_Md5*)&ctx->hash.digest); @@ -3766,7 +3744,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) } } ForceZero(ctx, sizeof(*ctx)); - ctx->macType = 0xFF; + ctx->macType = WC_HASH_TYPE_NONE; return 1; } @@ -5138,13 +5116,13 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) /* WOLFSSL_SUCCESS on ok */ int wolfSSL_EVP_DigestInit(WOLFSSL_EVP_MD_CTX* ctx, - const WOLFSSL_EVP_MD* type) + const WOLFSSL_EVP_MD* md) { int ret = WOLFSSL_SUCCESS; WOLFSSL_ENTER("EVP_DigestInit"); - if (ctx == NULL || type == NULL) { + if (ctx == NULL || md == NULL) { return BAD_FUNC_ARG; } @@ -5156,68 +5134,59 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) (void)sizeof(async_test); #endif - if (XSTRNCMP(type, "SHA256", 6) == 0) { - ctx->macType = WC_HASH_TYPE_SHA256; + /* Set to 0 if no match */ + ctx->macType = wolfSSL_EVP_MD_type(md); + if (XSTRNCMP(md, "SHA256", 6) == 0) { ret = wolfSSL_SHA256_Init(&(ctx->hash.digest.sha256)); } #ifdef WOLFSSL_SHA224 - else if (XSTRNCMP(type, "SHA224", 6) == 0) { - ctx->macType = WC_HASH_TYPE_SHA224; + else if (XSTRNCMP(md, "SHA224", 6) == 0) { ret = wolfSSL_SHA224_Init(&(ctx->hash.digest.sha224)); } #endif #ifdef WOLFSSL_SHA384 - else if (XSTRNCMP(type, "SHA384", 6) == 0) { - ctx->macType = WC_HASH_TYPE_SHA384; + else if (XSTRNCMP(md, "SHA384", 6) == 0) { ret = wolfSSL_SHA384_Init(&(ctx->hash.digest.sha384)); } #endif #ifdef WOLFSSL_SHA512 - else if (XSTRNCMP(type, "SHA512", 6) == 0) { - ctx->macType = WC_HASH_TYPE_SHA512; + else if (XSTRNCMP(md, "SHA512", 6) == 0) { ret = wolfSSL_SHA512_Init(&(ctx->hash.digest.sha512)); } #endif #ifndef NO_MD4 - else if (XSTRNCMP(type, "MD4", 3) == 0) { - ctx->macType = WC_HASH_TYPE_MD4; + else if (XSTRNCMP(md, "MD4", 3) == 0) { wolfSSL_MD4_Init(&(ctx->hash.digest.md4)); } #endif #ifndef NO_MD5 - else if (XSTRNCMP(type, "MD5", 3) == 0) { - ctx->macType = WC_HASH_TYPE_MD5; + else if (XSTRNCMP(md, "MD5", 3) == 0) { ret = wolfSSL_MD5_Init(&(ctx->hash.digest.md5)); } #endif #ifdef WOLFSSL_SHA3 #ifndef WOLFSSL_NOSHA3_224 - else if (XSTRNCMP(type, "SHA3_224", 8) == 0) { - ctx->macType = WC_HASH_TYPE_SHA3_224; + else if (XSTRNCMP(md, "SHA3_224", 8) == 0) { ret = wolfSSL_SHA3_224_Init(&(ctx->hash.digest.sha3_224)); } #endif #ifndef WOLFSSL_NOSHA3_256 - else if (XSTRNCMP(type, "SHA3_256", 8) == 0) { - ctx->macType = WC_HASH_TYPE_SHA3_256; + else if (XSTRNCMP(md, "SHA3_256", 8) == 0) { ret = wolfSSL_SHA3_256_Init(&(ctx->hash.digest.sha3_256)); } #endif - else if (XSTRNCMP(type, "SHA3_384", 8) == 0) { - ctx->macType = WC_HASH_TYPE_SHA3_384; + else if (XSTRNCMP(md, "SHA3_384", 8) == 0) { ret = wolfSSL_SHA3_384_Init(&(ctx->hash.digest.sha3_384)); } #ifndef WOLFSSL_NOSHA3_512 - else if (XSTRNCMP(type, "SHA3_512", 8) == 0) { - ctx->macType = WC_HASH_TYPE_SHA3_512; + else if (XSTRNCMP(md, "SHA3_512", 8) == 0) { ret = wolfSSL_SHA3_512_Init(&(ctx->hash.digest.sha3_512)); } #endif #endif #ifndef NO_SHA /* has to be last since would pick or 224, 256, 384, or 512 too */ - else if (XSTRNCMP(type, "SHA", 3) == 0) { - ctx->macType = WC_HASH_TYPE_SHA; + else if (XSTRNCMP(md, "SHA", 3) == 0) { ret = wolfSSL_SHA_Init(&(ctx->hash.digest.sha)); } #endif /* NO_SHA */ @@ -5233,9 +5202,12 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) int wolfSSL_EVP_DigestUpdate(WOLFSSL_EVP_MD_CTX* ctx, const void* data, size_t sz) { + int macType; + WOLFSSL_ENTER("EVP_DigestUpdate"); - switch (ctx->macType) { + macType = wolfSSL_EVP_md2macType(EVP_MD_CTX_md(ctx)); + switch (macType) { #ifndef NO_MD4 case WC_HASH_TYPE_MD4: wolfSSL_MD4_Update((MD4_CTX*)&ctx->hash, data, @@ -5313,8 +5285,11 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) int wolfSSL_EVP_DigestFinal(WOLFSSL_EVP_MD_CTX* ctx, unsigned char* md, unsigned int* s) { + int macType; + WOLFSSL_ENTER("EVP_DigestFinal"); - switch (ctx->macType) { + macType = wolfSSL_EVP_md2macType(EVP_MD_CTX_md(ctx)); + switch (macType) { #ifndef NO_MD4 case WC_HASH_TYPE_MD4: wolfSSL_MD4_Final(md, (MD4_CTX*)&ctx->hash); diff --git a/wolfssl/openssl/evp.h b/wolfssl/openssl/evp.h index 8aca5382a..fa2c0ce89 100644 --- a/wolfssl/openssl/evp.h +++ b/wolfssl/openssl/evp.h @@ -185,7 +185,7 @@ struct WOLFSSL_EVP_MD_CTX { Hmac hmac; #endif } hash; - unsigned char macType; + int macType; WOLFSSL_EVP_PKEY_CTX *pctx; }; @@ -239,6 +239,7 @@ enum { NID_sha1 = 64, NID_sha224 = 65, NID_md2 = 77, + NID_md4 = 257, NID_md5 = 4, NID_hmac = 855, NID_dhKeyAgreement= 28,