From be437c0bd276da04a84bd8154df606d2c7e8ec61 Mon Sep 17 00:00:00 2001 From: Eric Blankenhorn Date: Wed, 8 Apr 2020 17:09:16 -0500 Subject: [PATCH 1/4] Fix EVP API to use NID instead of WC_ types --- wolfssl/openssl/evp.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/wolfssl/openssl/evp.h b/wolfssl/openssl/evp.h index 8aca5382a..fa2c0ce89 100644 --- a/wolfssl/openssl/evp.h +++ b/wolfssl/openssl/evp.h @@ -185,7 +185,7 @@ struct WOLFSSL_EVP_MD_CTX { Hmac hmac; #endif } hash; - unsigned char macType; + int macType; WOLFSSL_EVP_PKEY_CTX *pctx; }; @@ -239,6 +239,7 @@ enum { NID_sha1 = 64, NID_sha224 = 65, NID_md2 = 77, + NID_md4 = 257, NID_md5 = 4, NID_hmac = 855, NID_dhKeyAgreement= 28, From 1487917214a6b396bc4f75dd22388595ac2f58d6 Mon Sep 17 00:00:00 2001 From: Eric Blankenhorn Date: Thu, 9 Apr 2020 09:49:29 -0500 Subject: [PATCH 2/4] Fix EVP_MD_CTX_type to return NID --- src/bio.c | 6 +-- wolfcrypt/src/evp.c | 111 +++++++++++++------------------------------- 2 files changed, 34 insertions(+), 83 deletions(-) diff --git a/src/bio.c b/src/bio.c index 7a8e7db27..c13479801 100644 --- a/src/bio.c +++ b/src/bio.c @@ -161,8 +161,7 @@ static int wolfSSL_BIO_MD_read(WOLFSSL_BIO* bio, void* buf, int sz) { int ret = sz; - if (wolfSSL_EVP_MD_CTX_type((WOLFSSL_EVP_MD_CTX*)bio->ptr) == - (NID_hmac & 0xFF)) { + if (wolfSSL_EVP_MD_CTX_type((WOLFSSL_EVP_MD_CTX*)bio->ptr) == NID_hmac) { if (wolfSSL_EVP_DigestSignUpdate((WOLFSSL_EVP_MD_CTX*)bio->ptr, buf, sz) != WOLFSSL_SUCCESS) { @@ -470,8 +469,7 @@ static int wolfSSL_BIO_MD_write(WOLFSSL_BIO* bio, const void* data, int len) return BAD_FUNC_ARG; } - if (wolfSSL_EVP_MD_CTX_type((WOLFSSL_EVP_MD_CTX*)bio->ptr) == - (NID_hmac & 0xFF)) { + if (wolfSSL_EVP_MD_CTX_type((WOLFSSL_EVP_MD_CTX*)bio->ptr) == NID_hmac) { if (wolfSSL_EVP_DigestSignUpdate((WOLFSSL_EVP_MD_CTX*)bio->ptr, data, len) != WOLFSSL_SUCCESS) { ret = WOLFSSL_BIO_ERROR; diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 5fd7ad8ab..e943278d7 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -1709,92 +1709,48 @@ int wolfSSL_EVP_SignUpdate(WOLFSSL_EVP_MD_CTX *ctx, const void *data, size_t len } static const struct s_ent { - const unsigned char macType; + const int macType; + const int nid; const char *name; } md_tbl[] = { #ifndef NO_MD4 - {WC_HASH_TYPE_MD4, "MD4"}, + {WC_HASH_TYPE_MD4, NID_md4, "MD4"}, #endif /* NO_MD4 */ #ifndef NO_MD5 - {WC_HASH_TYPE_MD5, "MD5"}, + {WC_HASH_TYPE_MD5, NID_md5, "MD5"}, #endif /* NO_MD5 */ #ifndef NO_SHA - {WC_HASH_TYPE_SHA, "SHA"}, + {WC_HASH_TYPE_SHA, NID_sha1, "SHA"}, #endif /* NO_SHA */ #ifdef WOLFSSL_SHA224 - {WC_HASH_TYPE_SHA224, "SHA224"}, + {WC_HASH_TYPE_SHA224, NID_sha224, "SHA224"}, #endif /* WOLFSSL_SHA224 */ #ifndef NO_SHA256 - {WC_HASH_TYPE_SHA256, "SHA256"}, + {WC_HASH_TYPE_SHA256, NID_sha256, "SHA256"}, #endif #ifdef WOLFSSL_SHA384 - {WC_HASH_TYPE_SHA384, "SHA384"}, + {WC_HASH_TYPE_SHA384, NID_sha384, "SHA384"}, #endif /* WOLFSSL_SHA384 */ #ifdef WOLFSSL_SHA512 - {WC_HASH_TYPE_SHA512, "SHA512"}, + {WC_HASH_TYPE_SHA512, NID_sha512, "SHA512"}, #endif /* WOLFSSL_SHA512 */ #ifndef WOLFSSL_NOSHA3_224 - {WC_HASH_TYPE_SHA3_224, "SHA3_224"}, + {WC_HASH_TYPE_SHA3_224, NID_sha3_224, "SHA3_224"}, #endif #ifndef WOLFSSL_NOSHA3_256 - {WC_HASH_TYPE_SHA3_256, "SHA3_256"}, + {WC_HASH_TYPE_SHA3_256, NID_sha3_256, "SHA3_256"}, #endif - {WC_HASH_TYPE_SHA3_384, "SHA3_384"}, + {WC_HASH_TYPE_SHA3_384, NID_sha3_384, "SHA3_384"}, #ifndef WOLFSSL_NOSHA3_512 - {WC_HASH_TYPE_SHA3_512, "SHA3_512"}, + {WC_HASH_TYPE_SHA3_512, NID_sha3_512, "SHA3_512"}, #endif - {0, NULL} + {0, 0, NULL} }; -static WOLFSSL_EVP_MD *wolfSSL_EVP_get_md(const unsigned char type) -{ - const struct s_ent *ent ; - WOLFSSL_ENTER("EVP_get_md"); - for( ent = md_tbl; ent->name != NULL; ent++){ - if(type == ent->macType) { - return (WOLFSSL_EVP_MD *)ent->name; - } - } - return (WOLFSSL_EVP_MD *)""; -} - -/* macro guard because currently only used with RSA */ -#if !defined(NO_RSA) && !defined(HAVE_USER_RSA) -/* Helper function for getting the NID value from md - * - * returns the NID value associated with md on success */ -static int md2nid(const unsigned char md) -{ - const char * d; - d = (const char *)wolfSSL_EVP_get_md(md); - if (XSTRNCMP(d, "SHA", 3) == 0) { - if (XSTRLEN(d) > 3) { - if (XSTRNCMP(d, "SHA256", 6) == 0) { - return NID_sha256; - } - if (XSTRNCMP(d, "SHA384", 6) == 0) { - return NID_sha384; - } - if (XSTRNCMP(d, "SHA512", 6) == 0) { - return NID_sha512; - } - WOLFSSL_MSG("Unknown SHA type"); - return 0; - } - else { - return NID_sha1; - } - } - if (XSTRNCMP(d, "MD5", 3) == 0) - return NID_md5; - return 0; -} -#endif /* NO_RSA */ - /* Finalize structure for signing * * ctx WOLFSSL_EVP_MD_CTX structure to finalize @@ -1822,7 +1778,7 @@ int wolfSSL_EVP_SignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sigret, switch (pkey->type) { #if !defined(NO_RSA) && !defined(HAVE_USER_RSA) case EVP_PKEY_RSA: { - int nid = md2nid(ctx->macType); + int nid = wolfSSL_EVP_MD_type(wolfSSL_EVP_MD_CTX_md(ctx)); if (nid < 0) break; return wolfSSL_RSA_sign(nid, md, mdsize, sigret, siglen, pkey->rsa); @@ -1898,7 +1854,7 @@ int wolfSSL_EVP_VerifyFinal(WOLFSSL_EVP_MD_CTX *ctx, switch (pkey->type) { #if !defined(NO_RSA) && !defined(HAVE_USER_RSA) case EVP_PKEY_RSA: { - int nid = md2nid(ctx->macType); + int nid = wolfSSL_EVP_MD_type(wolfSSL_EVP_MD_CTX_md(ctx)); if (nid < 0) break; return wolfSSL_RSA_verify(nid, md, mdsize, sig, (unsigned int)siglen, pkey->rsa); @@ -2017,7 +1973,7 @@ static int wolfSSL_evp_digest_pk_init(WOLFSSL_EVP_MD_CTX *ctx, if (wc_HmacSetKey(&ctx->hash.hmac, hashType, key, (word32)keySz) != 0) return WOLFSSL_FAILURE; - ctx->macType = NID_hmac & 0xFF; + ctx->macType = NID_hmac; } else { int ret; @@ -2044,7 +2000,7 @@ static int wolfssl_evp_digest_pk_update(WOLFSSL_EVP_MD_CTX *ctx, const void *d, unsigned int cnt) { if (ctx->pctx == NULL) { - if (ctx->macType != (NID_hmac & 0xFF)) + if (ctx->macType != NID_hmac) return WOLFSSL_FAILURE; if (wc_HmacUpdate(&ctx->hash.hmac, (const byte *)d, cnt) != 0) @@ -2068,7 +2024,7 @@ static int wolfssl_evp_digest_pk_final(WOLFSSL_EVP_MD_CTX *ctx, if (ctx->pctx == NULL) { Hmac hmacCopy; - if (ctx->macType != (NID_hmac & 0xFF)) + if (ctx->macType != NID_hmac) return WOLFSSL_FAILURE; if (wolfSSL_HmacCopy(&hmacCopy, &ctx->hash.hmac) != WOLFSSL_SUCCESS) @@ -2183,7 +2139,7 @@ int wolfSSL_EVP_DigestSignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sig, /* Return the maximum size of the signaure when sig is NULL. */ if (ctx->pctx == NULL) { - if (ctx->macType != (NID_hmac & 0xFF)) + if (ctx->macType != NID_hmac) return WOLFSSL_FAILURE; hashLen = wolfssl_mac_len(ctx->hash.hmac.macType); @@ -2230,7 +2186,7 @@ int wolfSSL_EVP_DigestSignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sig, #if !defined(NO_RSA) && !defined(HAVE_USER_RSA) case EVP_PKEY_RSA: { unsigned int sigSz; - int nid = md2nid(ctx->macType); + int nid = wolfSSL_EVP_MD_type(wolfSSL_EVP_MD_CTX_md(ctx)); if (nid < 0) break; ret = wolfSSL_RSA_sign(nid, digest, hashLen, sig, &sigSz, @@ -2325,7 +2281,7 @@ int wolfSSL_EVP_DigestVerifyFinal(WOLFSSL_EVP_MD_CTX *ctx, switch (ctx->pctx->pkey->type) { #if !defined(NO_RSA) && !defined(HAVE_USER_RSA) case EVP_PKEY_RSA: { - int nid = md2nid(ctx->macType); + int nid = wolfSSL_EVP_MD_type(wolfSSL_EVP_MD_CTX_md(ctx)); if (nid < 0) return WOLFSSL_FAILURE; return wolfSSL_RSA_verify(nid, digest, hashLen, sig, @@ -3079,7 +3035,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) WOLFSSL_ENTER("EVP_MD_type"); for( ent = md_tbl; ent->name != NULL; ent++){ if(XSTRNCMP((const char *)md, ent->name, XSTRLEN(ent->name)+1) == 0) { - return ent->macType; + return ent->nid; } } return 0; @@ -3346,10 +3302,16 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) const WOLFSSL_EVP_MD *wolfSSL_EVP_MD_CTX_md(const WOLFSSL_EVP_MD_CTX *ctx) { + const struct s_ent *ent; if (ctx == NULL) return NULL; WOLFSSL_ENTER("EVP_MD_CTX_md"); - return (const WOLFSSL_EVP_MD *)wolfSSL_EVP_get_md(ctx->macType); + for(ent = md_tbl; ent->name != NULL; ent++) { + if(ctx->macType == ent->macType) { + return (const WOLFSSL_EVP_MD *)ent->name; + } + } + return (WOLFSSL_EVP_MD *)NULL; } #ifndef NO_AES @@ -5156,60 +5118,52 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) (void)sizeof(async_test); #endif + /* Set to 0 if no match */ + ctx->macType = wolfSSL_EVP_MD_type(type); if (XSTRNCMP(type, "SHA256", 6) == 0) { - ctx->macType = WC_HASH_TYPE_SHA256; ret = wolfSSL_SHA256_Init(&(ctx->hash.digest.sha256)); } #ifdef WOLFSSL_SHA224 else if (XSTRNCMP(type, "SHA224", 6) == 0) { - ctx->macType = WC_HASH_TYPE_SHA224; ret = wolfSSL_SHA224_Init(&(ctx->hash.digest.sha224)); } #endif #ifdef WOLFSSL_SHA384 else if (XSTRNCMP(type, "SHA384", 6) == 0) { - ctx->macType = WC_HASH_TYPE_SHA384; ret = wolfSSL_SHA384_Init(&(ctx->hash.digest.sha384)); } #endif #ifdef WOLFSSL_SHA512 else if (XSTRNCMP(type, "SHA512", 6) == 0) { - ctx->macType = WC_HASH_TYPE_SHA512; ret = wolfSSL_SHA512_Init(&(ctx->hash.digest.sha512)); } #endif #ifndef NO_MD4 else if (XSTRNCMP(type, "MD4", 3) == 0) { - ctx->macType = WC_HASH_TYPE_MD4; wolfSSL_MD4_Init(&(ctx->hash.digest.md4)); } #endif #ifndef NO_MD5 else if (XSTRNCMP(type, "MD5", 3) == 0) { - ctx->macType = WC_HASH_TYPE_MD5; ret = wolfSSL_MD5_Init(&(ctx->hash.digest.md5)); } #endif #ifdef WOLFSSL_SHA3 #ifndef WOLFSSL_NOSHA3_224 else if (XSTRNCMP(type, "SHA3_224", 8) == 0) { - ctx->macType = WC_HASH_TYPE_SHA3_224; ret = wolfSSL_SHA3_224_Init(&(ctx->hash.digest.sha3_224)); } #endif #ifndef WOLFSSL_NOSHA3_256 else if (XSTRNCMP(type, "SHA3_256", 8) == 0) { - ctx->macType = WC_HASH_TYPE_SHA3_256; ret = wolfSSL_SHA3_256_Init(&(ctx->hash.digest.sha3_256)); } #endif else if (XSTRNCMP(type, "SHA3_384", 8) == 0) { - ctx->macType = WC_HASH_TYPE_SHA3_384; ret = wolfSSL_SHA3_384_Init(&(ctx->hash.digest.sha3_384)); } #ifndef WOLFSSL_NOSHA3_512 else if (XSTRNCMP(type, "SHA3_512", 8) == 0) { - ctx->macType = WC_HASH_TYPE_SHA3_512; ret = wolfSSL_SHA3_512_Init(&(ctx->hash.digest.sha3_512)); } #endif @@ -5217,7 +5171,6 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) #ifndef NO_SHA /* has to be last since would pick or 224, 256, 384, or 512 too */ else if (XSTRNCMP(type, "SHA", 3) == 0) { - ctx->macType = WC_HASH_TYPE_SHA; ret = wolfSSL_SHA_Init(&(ctx->hash.digest.sha)); } #endif /* NO_SHA */ From 19ca00bcd48fcb0682105d92a9e30ff233aac47a Mon Sep 17 00:00:00 2001 From: Eric Blankenhorn Date: Thu, 9 Apr 2020 14:00:53 -0500 Subject: [PATCH 3/4] Adding support for SHA3 in wolfSSL_RSA_sign_ex --- src/ssl.c | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 578c7a088..e7d6efdb1 100755 --- a/src/ssl.c +++ b/src/ssl.c @@ -16039,7 +16039,6 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, return WOLFSSL_SUCCESS; } - /* set internal IV from external, WOLFSSL_SUCCESS on success */ int wolfSSL_SetInternalIV(WOLFSSL_EVP_CIPHER_CTX* ctx) { @@ -29245,7 +29244,7 @@ static void show(const char *title, const unsigned char *out, unsigned int outle #define show(a,b,c) #endif -/* return SSL_SUCCES on ok, 0 otherwise */ +/* return SSL_SUCCESS on ok, 0 otherwise */ int wolfSSL_RSA_sign(int type, const unsigned char* m, unsigned int mLen, unsigned char* sigRet, unsigned int* sigLen, WOLFSSL_RSA* rsa) @@ -29296,6 +29295,18 @@ int wolfSSL_RSA_sign_ex(int type, const unsigned char* m, #endif #ifdef WOLFSSL_SHA512 case NID_sha512: type = SHA512h; break; + #endif + #ifndef WOLFSSL_NOSHA3_224 + case NID_sha3_224: type = SHA3_224h; break; + #endif + #ifndef WOLFSSL_NOSHA3_256 + case NID_sha3_256: type = SHA3_256h; break; + #endif + #ifndef WOLFSSL_NOSHA3_384 + case NID_sha3_384: type = SHA3_384h; break; + #endif + #ifndef WOLFSSL_NOSHA3_512 + case NID_sha3_512: type = SHA3_512h; break; #endif default: WOLFSSL_MSG("This NID (md type) not configured or not implemented"); From d9472b895fae093431a73520538a0144a09fb077 Mon Sep 17 00:00:00 2001 From: Eric Blankenhorn Date: Tue, 14 Apr 2020 15:24:52 -0500 Subject: [PATCH 4/4] Fix conflicts after rebase --- wolfcrypt/src/evp.c | 70 +++++++++++++++++++++++++++++---------------- 1 file changed, 46 insertions(+), 24 deletions(-) diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index e943278d7..180e98514 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -1751,6 +1751,20 @@ static const struct s_ent { {0, 0, NULL} }; +static int wolfSSL_EVP_md2macType(const WOLFSSL_EVP_MD *md) +{ + const struct s_ent *ent ; + + if (md != NULL) { + for( ent = md_tbl; ent->name != NULL; ent++) { + if(XSTRNCMP((const char *)md, ent->name, XSTRLEN(ent->name)+1) == 0) { + return ent->macType; + } + } + } + return WC_HASH_TYPE_NONE; +} + /* Finalize structure for signing * * ctx WOLFSSL_EVP_MD_CTX structure to finalize @@ -2257,7 +2271,7 @@ int wolfSSL_EVP_DigestVerifyFinal(WOLFSSL_EVP_MD_CTX *ctx, return WOLFSSL_FAILURE; if (ctx->pctx == NULL) { - if (ctx->macType != (NID_hmac & 0xFF)) + if (ctx->macType != NID_hmac) return WOLFSSL_FAILURE; hashLen = wolfssl_mac_len(ctx->hash.hmac.macType); @@ -2430,7 +2444,7 @@ WOLFSSL_API int wolfSSL_PKCS5_PBKDF2_HMAC(const char *pass, int passlen, } ret = wc_PBKDF2((byte*)out, (byte*)pass, passlen, (byte*)salt, saltlen, - iter, keylen, wolfSSL_EVP_MD_type(digest)); + iter, keylen, wolfSSL_EVP_md2macType(digest)); if (ret == 0) return WOLFSSL_SUCCESS; else @@ -3199,11 +3213,12 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) static int wolfSSL_EVP_MD_Copy_Hasher(WOLFSSL_EVP_MD_CTX* des, const WOLFSSL_EVP_MD_CTX* src) { - if (src->macType == (NID_hmac & 0xFF)) { + if (src->macType == NID_hmac) { wolfSSL_HmacCopy(&des->hash.hmac, (Hmac*)&src->hash.hmac); } else { - switch (src->macType) { + int macType = wolfSSL_EVP_md2macType(EVP_MD_CTX_md(src)); + switch (macType) { #ifndef NO_MD5 case WC_HASH_TYPE_MD5: wc_Md5Copy((wc_Md5*)&src->hash.digest, @@ -3307,7 +3322,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) return NULL; WOLFSSL_ENTER("EVP_MD_CTX_md"); for(ent = md_tbl; ent->name != NULL; ent++) { - if(ctx->macType == ent->macType) { + if(ctx->macType == ent->nid) { return (const WOLFSSL_EVP_MD *)ent->name; } } @@ -3661,11 +3676,12 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) if (ctx->pctx != NULL) wolfSSL_EVP_PKEY_CTX_free(ctx->pctx); - if (ctx->macType == (NID_hmac & 0xFF)) { + if (ctx->macType == NID_hmac) { wc_HmacFree(&ctx->hash.hmac); } else { - switch (ctx->macType) { + int macType = wolfSSL_EVP_md2macType(EVP_MD_CTX_md(ctx)); + switch (macType) { #ifndef NO_MD5 case WC_HASH_TYPE_MD5: wc_Md5Free((wc_Md5*)&ctx->hash.digest); @@ -3728,7 +3744,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) } } ForceZero(ctx, sizeof(*ctx)); - ctx->macType = 0xFF; + ctx->macType = WC_HASH_TYPE_NONE; return 1; } @@ -5100,13 +5116,13 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) /* WOLFSSL_SUCCESS on ok */ int wolfSSL_EVP_DigestInit(WOLFSSL_EVP_MD_CTX* ctx, - const WOLFSSL_EVP_MD* type) + const WOLFSSL_EVP_MD* md) { int ret = WOLFSSL_SUCCESS; WOLFSSL_ENTER("EVP_DigestInit"); - if (ctx == NULL || type == NULL) { + if (ctx == NULL || md == NULL) { return BAD_FUNC_ARG; } @@ -5119,58 +5135,58 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) #endif /* Set to 0 if no match */ - ctx->macType = wolfSSL_EVP_MD_type(type); - if (XSTRNCMP(type, "SHA256", 6) == 0) { + ctx->macType = wolfSSL_EVP_MD_type(md); + if (XSTRNCMP(md, "SHA256", 6) == 0) { ret = wolfSSL_SHA256_Init(&(ctx->hash.digest.sha256)); } #ifdef WOLFSSL_SHA224 - else if (XSTRNCMP(type, "SHA224", 6) == 0) { + else if (XSTRNCMP(md, "SHA224", 6) == 0) { ret = wolfSSL_SHA224_Init(&(ctx->hash.digest.sha224)); } #endif #ifdef WOLFSSL_SHA384 - else if (XSTRNCMP(type, "SHA384", 6) == 0) { + else if (XSTRNCMP(md, "SHA384", 6) == 0) { ret = wolfSSL_SHA384_Init(&(ctx->hash.digest.sha384)); } #endif #ifdef WOLFSSL_SHA512 - else if (XSTRNCMP(type, "SHA512", 6) == 0) { + else if (XSTRNCMP(md, "SHA512", 6) == 0) { ret = wolfSSL_SHA512_Init(&(ctx->hash.digest.sha512)); } #endif #ifndef NO_MD4 - else if (XSTRNCMP(type, "MD4", 3) == 0) { + else if (XSTRNCMP(md, "MD4", 3) == 0) { wolfSSL_MD4_Init(&(ctx->hash.digest.md4)); } #endif #ifndef NO_MD5 - else if (XSTRNCMP(type, "MD5", 3) == 0) { + else if (XSTRNCMP(md, "MD5", 3) == 0) { ret = wolfSSL_MD5_Init(&(ctx->hash.digest.md5)); } #endif #ifdef WOLFSSL_SHA3 #ifndef WOLFSSL_NOSHA3_224 - else if (XSTRNCMP(type, "SHA3_224", 8) == 0) { + else if (XSTRNCMP(md, "SHA3_224", 8) == 0) { ret = wolfSSL_SHA3_224_Init(&(ctx->hash.digest.sha3_224)); } #endif #ifndef WOLFSSL_NOSHA3_256 - else if (XSTRNCMP(type, "SHA3_256", 8) == 0) { + else if (XSTRNCMP(md, "SHA3_256", 8) == 0) { ret = wolfSSL_SHA3_256_Init(&(ctx->hash.digest.sha3_256)); } #endif - else if (XSTRNCMP(type, "SHA3_384", 8) == 0) { + else if (XSTRNCMP(md, "SHA3_384", 8) == 0) { ret = wolfSSL_SHA3_384_Init(&(ctx->hash.digest.sha3_384)); } #ifndef WOLFSSL_NOSHA3_512 - else if (XSTRNCMP(type, "SHA3_512", 8) == 0) { + else if (XSTRNCMP(md, "SHA3_512", 8) == 0) { ret = wolfSSL_SHA3_512_Init(&(ctx->hash.digest.sha3_512)); } #endif #endif #ifndef NO_SHA /* has to be last since would pick or 224, 256, 384, or 512 too */ - else if (XSTRNCMP(type, "SHA", 3) == 0) { + else if (XSTRNCMP(md, "SHA", 3) == 0) { ret = wolfSSL_SHA_Init(&(ctx->hash.digest.sha)); } #endif /* NO_SHA */ @@ -5186,9 +5202,12 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) int wolfSSL_EVP_DigestUpdate(WOLFSSL_EVP_MD_CTX* ctx, const void* data, size_t sz) { + int macType; + WOLFSSL_ENTER("EVP_DigestUpdate"); - switch (ctx->macType) { + macType = wolfSSL_EVP_md2macType(EVP_MD_CTX_md(ctx)); + switch (macType) { #ifndef NO_MD4 case WC_HASH_TYPE_MD4: wolfSSL_MD4_Update((MD4_CTX*)&ctx->hash, data, @@ -5266,8 +5285,11 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) int wolfSSL_EVP_DigestFinal(WOLFSSL_EVP_MD_CTX* ctx, unsigned char* md, unsigned int* s) { + int macType; + WOLFSSL_ENTER("EVP_DigestFinal"); - switch (ctx->macType) { + macType = wolfSSL_EVP_md2macType(EVP_MD_CTX_md(ctx)); + switch (macType) { #ifndef NO_MD4 case WC_HASH_TYPE_MD4: wolfSSL_MD4_Final(md, (MD4_CTX*)&ctx->hash);