diff --git a/src/ssl.c b/src/ssl.c index 1a5b0086c4..578c7a0880 100755 --- a/src/ssl.c +++ b/src/ssl.c @@ -128,11 +128,6 @@ #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) int SetIndividualInternal(WOLFSSL_BIGNUM* bn, mp_int* mpi); int SetIndividualExternal(WOLFSSL_BIGNUM** bn, mp_int* mpi); - #if !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA) && \ - !defined(NO_RSA) - int SetRsaExternal(WOLFSSL_RSA* rsa); - int SetRsaInternal(WOLFSSL_RSA* rsa); - #endif int oid2nid(word32 oid, int grp); #endif @@ -145,6 +140,9 @@ #endif #endif /* !WOLFCRYPT_ONLY || OPENSSL_EXTRA */ +#define WOLFSSL_EVP_INCLUDED +#include "wolfcrypt/src/evp.c" + #ifdef OPENSSL_EXTRA /* Global pointer to constant BN on */ static WOLFSSL_BIGNUM* bn_one = NULL; @@ -3834,606 +3832,6 @@ int wolfSSL_CertManagerUnload_trust_peers(WOLFSSL_CERT_MANAGER* cm) #endif /* NO_CERTS */ -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ - defined(HAVE_WEBSERVER) - -static const struct cipher{ - unsigned char type; - const char *name; - int nid; -} cipher_tbl[] = { - -#ifndef NO_AES - #ifdef WOLFSSL_AES_128 - {AES_128_CBC_TYPE, "AES-128-CBC", NID_aes_128_cbc}, - #endif - #ifdef WOLFSSL_AES_192 - {AES_192_CBC_TYPE, "AES-192-CBC", NID_aes_192_cbc}, - #endif - #ifdef WOLFSSL_AES_256 - {AES_256_CBC_TYPE, "AES-256-CBC", NID_aes_256_cbc}, - #endif - - #ifdef WOLFSSL_AES_128 - {AES_128_CFB1_TYPE, "AES-128-CFB1", NID_aes_128_cfb1}, - #endif - #ifdef WOLFSSL_AES_192 - {AES_192_CFB1_TYPE, "AES-192-CFB1", NID_aes_192_cfb1}, - #endif - #ifdef WOLFSSL_AES_256 - {AES_256_CFB1_TYPE, "AES-256-CFB1", NID_aes_256_cfb1}, - #endif - - #ifdef WOLFSSL_AES_128 - {AES_128_CFB8_TYPE, "AES-128-CFB8", NID_aes_128_cfb8}, - #endif - #ifdef WOLFSSL_AES_192 - {AES_192_CFB8_TYPE, "AES-192-CFB8", NID_aes_192_cfb8}, - #endif - #ifdef WOLFSSL_AES_256 - {AES_256_CFB8_TYPE, "AES-256-CFB8", NID_aes_256_cfb8}, - #endif - - #ifdef WOLFSSL_AES_128 - {AES_128_CFB128_TYPE, "AES-128-CFB128", NID_aes_128_cfb128}, - #endif - #ifdef WOLFSSL_AES_192 - {AES_192_CFB128_TYPE, "AES-192-CFB128", NID_aes_192_cfb128}, - #endif - #ifdef WOLFSSL_AES_256 - {AES_256_CFB128_TYPE, "AES-256-CFB128", NID_aes_256_cfb128}, - #endif - - #ifdef WOLFSSL_AES_128 - {AES_128_OFB_TYPE, "AES-128-OFB", NID_aes_128_ofb}, - #endif - #ifdef WOLFSSL_AES_192 - {AES_192_OFB_TYPE, "AES-192-OFB", NID_aes_192_ofb}, - #endif - #ifdef WOLFSSL_AES_256 - {AES_256_OFB_TYPE, "AES-256-OFB", NID_aes_256_ofb}, - #endif - - #ifdef WOLFSSL_AES_128 - {AES_128_XTS_TYPE, "AES-128-XTS", NID_aes_128_xts}, - #endif - #ifdef WOLFSSL_AES_256 - {AES_256_XTS_TYPE, "AES-256-XTS", NID_aes_256_xts}, - #endif - -#if defined(OPENSSL_EXTRA) - #ifdef WOLFSSL_AES_128 - {AES_128_GCM_TYPE, "AES-128-GCM", NID_aes_128_gcm}, - #endif - #ifdef WOLFSSL_AES_192 - {AES_192_GCM_TYPE, "AES-192-GCM", NID_aes_192_gcm}, - #endif - #ifdef WOLFSSL_AES_256 - {AES_256_GCM_TYPE, "AES-256-GCM", NID_aes_256_gcm}, - #endif - #ifdef WOLFSSL_AES_128 - {AES_128_CTR_TYPE, "AES-128-CTR", NID_aes_128_ctr}, - #endif - #ifdef WOLFSSL_AES_192 - {AES_192_CTR_TYPE, "AES-192-CTR", NID_aes_192_ctr}, - #endif - #ifdef WOLFSSL_AES_256 - {AES_256_CTR_TYPE, "AES-256-CTR", NID_aes_256_ctr}, - #endif - - #ifdef WOLFSSL_AES_128 - {AES_128_ECB_TYPE, "AES-128-ECB", NID_aes_128_ecb}, - #endif - #ifdef WOLFSSL_AES_192 - {AES_192_ECB_TYPE, "AES-192-ECB", NID_aes_192_ecb}, - #endif - #ifdef WOLFSSL_AES_256 - {AES_256_ECB_TYPE, "AES-256-ECB", NID_aes_256_ecb}, - #endif -#endif - -#endif - -#ifndef NO_DES3 - {DES_CBC_TYPE, "DES-CBC", NID_des_cbc}, - {DES_ECB_TYPE, "DES-ECB", NID_des_ecb}, - - {DES_EDE3_CBC_TYPE, "DES-EDE3-CBC", NID_des_ede3_cbc}, - {DES_EDE3_ECB_TYPE, "DES-EDE3-ECB", NID_des_ede3_ecb}, -#endif - -#ifndef NO_RC4 - {ARC4_TYPE, "ARC4", NID_undef}, -#endif - -#ifdef HAVE_IDEA - {IDEA_CBC_TYPE, "IDEA-CBC", NID_idea_cbc}, -#endif - { 0, NULL, 0} -}; - -#ifdef OPENSSL_EXTRA - -/* returns cipher using provided ctx type */ -const WOLFSSL_EVP_CIPHER *wolfSSL_EVP_CIPHER_CTX_cipher( - const WOLFSSL_EVP_CIPHER_CTX *ctx) -{ - const struct cipher* c; - - if (!ctx || !ctx->cipherType) { - return NULL; - } - - for (c = cipher_tbl; c->type != 0; c++) { - if (ctx->cipherType == c->type) { - return wolfSSL_EVP_get_cipherbyname(c->name); - } - } - - return NULL; -} - -int wolfSSL_EVP_CIPHER_nid(const WOLFSSL_EVP_CIPHER *cipher) -{ - const struct cipher* c; - - if (!cipher) { - return 0; - } - - for (c = cipher_tbl; c->type != 0; c++) { - if (XSTRNCMP(cipher, c->name, XSTRLEN(c->name)+1) == 0) { - return c->nid; - } - } - - return 0; -} - -#endif /* OPENSSL_EXTRA */ - -const WOLFSSL_EVP_CIPHER *wolfSSL_EVP_get_cipherbyname(const char *name) -{ - - static const struct alias { - const char *name; - const char *alias; - } alias_tbl[] = - { -#ifndef NO_DES3 - {"DES-CBC", "DES"}, - {"DES-CBC", "des"}, - {"DES-ECB", "DES-ECB"}, - {"DES-ECB", "des-ecb"}, - {"DES-EDE3-CBC", "DES3"}, - {"DES-EDE3-CBC", "des3"}, - {"DES-EDE3-ECB", "DES-EDE3"}, - {"DES-EDE3-ECB", "des-ede3"}, - {"DES-EDE3-ECB", "des-ede3-ecb"}, -#endif -#ifdef HAVE_IDEA - {"IDEA-CBC", "IDEA"}, - {"IDEA-CBC", "idea"}, -#endif -#ifndef NO_AES - #ifdef HAVE_AES_CBC - #ifdef WOLFSSL_AES_128 - {"AES-128-CBC", "AES128-CBC"}, - {"AES-128-CBC", "aes128-cbc"}, - #endif - #ifdef WOLFSSL_AES_192 - {"AES-192-CBC", "AES192-CBC"}, - {"AES-192-CBC", "aes192-cbc"}, - #endif - #ifdef WOLFSSL_AES_256 - {"AES-256-CBC", "AES256-CBC"}, - {"AES-256-CBC", "aes256-cbc"}, - #endif - #endif - #ifdef WOLFSSL_AES_128 - {"AES-128-ECB", "AES128-ECB"}, - {"AES-128-ECB", "aes128-ecb"}, - #endif - #ifdef WOLFSSL_AES_192 - {"AES-192-ECB", "AES192-ECB"}, - {"AES-192-ECB", "aes192-ecb"}, - #endif - #ifdef WOLFSSL_AES_256 - {"AES-256-ECB", "AES256-ECB"}, - #endif - #ifdef HAVE_AESGCM - #ifdef WOLFSSL_AES_128 - {"AES-128-GCM", "aes-128-gcm"}, - {"AES-128-GCM", "id-aes128-GCM"}, - #endif - #ifdef WOLFSSL_AES_192 - {"AES-192-GCM", "aes-192-gcm"}, - {"AES-192-GCM", "id-aes192-GCM"}, - #endif - #ifdef WOLFSSL_AES_256 - {"AES-256-GCM", "aes-256-gcm"}, - {"AES-256-GCM", "id-aes256-GCM"}, - #endif - #endif -#endif -#ifndef NO_RC4 - {"ARC4", "RC4"}, -#endif - { NULL, NULL} - }; - - const struct cipher *ent; - const struct alias *al; - - WOLFSSL_ENTER("EVP_get_cipherbyname"); - - for( al = alias_tbl; al->name != NULL; al++) - if(XSTRNCMP(name, al->alias, XSTRLEN(al->alias)+1) == 0) { - name = al->name; - break; - } - - for( ent = cipher_tbl; ent->name != NULL; ent++) - if(XSTRNCMP(name, ent->name, XSTRLEN(ent->name)+1) == 0) { - return (WOLFSSL_EVP_CIPHER *)ent->name; - } - - return NULL; -} - -/* - * return an EVP_CIPHER structure when cipher NID is passed. - * - * id cipher NID - * - * return WOLFSSL_EVP_CIPHER -*/ -const WOLFSSL_EVP_CIPHER *wolfSSL_EVP_get_cipherbynid(int id) -{ - WOLFSSL_ENTER("EVP_get_cipherbynid"); - - switch(id) { - -#if defined(OPENSSL_EXTRA) -#ifndef NO_AES - #ifdef HAVE_AES_CBC - #ifdef WOLFSSL_AES_128 - case NID_aes_128_cbc: - return wolfSSL_EVP_aes_128_cbc(); - #endif - #ifdef WOLFSSL_AES_192 - case NID_aes_192_cbc: - return wolfSSL_EVP_aes_192_cbc(); - #endif - #ifdef WOLFSSL_AES_256 - case NID_aes_256_cbc: - return wolfSSL_EVP_aes_256_cbc(); - #endif - #endif - #ifdef WOLFSSL_AES_COUNTER - #ifdef WOLFSSL_AES_128 - case NID_aes_128_ctr: - return wolfSSL_EVP_aes_128_ctr(); - #endif - #ifdef WOLFSSL_AES_192 - case NID_aes_192_ctr: - return wolfSSL_EVP_aes_192_ctr(); - #endif - #ifdef WOLFSSL_AES_256 - case NID_aes_256_ctr: - return wolfSSL_EVP_aes_256_ctr(); - #endif - #endif /* WOLFSSL_AES_COUNTER */ - #ifdef HAVE_AES_ECB - #ifdef WOLFSSL_AES_128 - case NID_aes_128_ecb: - return wolfSSL_EVP_aes_128_ecb(); - #endif - #ifdef WOLFSSL_AES_192 - case NID_aes_192_ecb: - return wolfSSL_EVP_aes_192_ecb(); - #endif - #ifdef WOLFSSL_AES_256 - case NID_aes_256_ecb: - return wolfSSL_EVP_aes_256_ecb(); - #endif - #endif /* HAVE_AES_ECB */ - #ifdef HAVE_AESGCM - #ifdef WOLFSSL_AES_128 - case NID_aes_128_gcm: - return wolfSSL_EVP_aes_128_gcm(); - #endif - #ifdef WOLFSSL_AES_192 - case NID_aes_192_gcm: - return wolfSSL_EVP_aes_192_gcm(); - #endif - #ifdef WOLFSSL_AES_256 - case NID_aes_256_gcm: - return wolfSSL_EVP_aes_256_gcm(); - #endif - #endif -#endif - -#ifndef NO_DES3 - case NID_des_cbc: - return wolfSSL_EVP_des_cbc(); -#ifdef WOLFSSL_DES_ECB - case NID_des_ecb: - return wolfSSL_EVP_des_ecb(); -#endif - case NID_des_ede3_cbc: - return wolfSSL_EVP_des_ede3_cbc(); -#ifdef WOLFSSL_DES_ECB - case NID_des_ede3_ecb: - return wolfSSL_EVP_des_ede3_ecb(); -#endif -#endif /*NO_DES3*/ - -#ifdef HAVE_IDEA - case NID_idea_cbc: - return wolfSSL_EVP_idea_cbc(); -#endif -#endif /*OPENSSL_EXTRA*/ - - default: - WOLFSSL_MSG("Bad cipher id value"); - } - - return NULL; -} - -#ifndef NO_AES - #ifdef HAVE_AES_CBC - #ifdef WOLFSSL_AES_128 - static char *EVP_AES_128_CBC; - #endif - #ifdef WOLFSSL_AES_192 - static char *EVP_AES_192_CBC; - #endif - #ifdef WOLFSSL_AES_256 - static char *EVP_AES_256_CBC; - #endif - #endif /* HAVE_AES_CBC */ - - #ifdef WOLFSSL_AES_OFB - #ifdef WOLFSSL_AES_128 - static char *EVP_AES_128_OFB; - #endif - #ifdef WOLFSSL_AES_192 - static char *EVP_AES_192_OFB; - #endif - #ifdef WOLFSSL_AES_256 - static char *EVP_AES_256_OFB; - #endif - #endif /* WOLFSSL_AES_OFB */ - - #ifdef WOLFSSL_AES_XTS - #ifdef WOLFSSL_AES_128 - static char *EVP_AES_128_XTS; - #endif - #ifdef WOLFSSL_AES_256 - static char *EVP_AES_256_XTS; - #endif - #endif /* WOLFSSL_AES_XTS */ - - #ifdef WOLFSSL_AES_CFB - #ifdef WOLFSSL_AES_128 - static char *EVP_AES_128_CFB1; - #endif - #ifdef WOLFSSL_AES_192 - static char *EVP_AES_192_CFB1; - #endif - #ifdef WOLFSSL_AES_256 - static char *EVP_AES_256_CFB1; - #endif - - #ifdef WOLFSSL_AES_128 - static char *EVP_AES_128_CFB8; - #endif - #ifdef WOLFSSL_AES_192 - static char *EVP_AES_192_CFB8; - #endif - #ifdef WOLFSSL_AES_256 - static char *EVP_AES_256_CFB8; - #endif - - #ifdef WOLFSSL_AES_128 - static char *EVP_AES_128_CFB128; - #endif - #ifdef WOLFSSL_AES_192 - static char *EVP_AES_192_CFB128; - #endif - #ifdef WOLFSSL_AES_256 - static char *EVP_AES_256_CFB128; - #endif - #endif /* WOLFSSL_AES_CFB */ - - #if defined(OPENSSL_EXTRA) -#ifdef HAVE_AESGCM - #ifdef WOLFSSL_AES_128 - static char *EVP_AES_128_GCM; - #endif - #ifdef WOLFSSL_AES_192 - static char *EVP_AES_192_GCM; - #endif - #ifdef WOLFSSL_AES_256 - static char *EVP_AES_256_GCM; - #endif -#endif /* HAVE_AESGCM */ - #ifdef WOLFSSL_AES_128 - static char *EVP_AES_128_CTR; - #endif - #ifdef WOLFSSL_AES_192 - static char *EVP_AES_192_CTR; - #endif - #ifdef WOLFSSL_AES_256 - static char *EVP_AES_256_CTR; - #endif - - #ifdef WOLFSSL_AES_128 - static char *EVP_AES_128_ECB; - #endif - #ifdef WOLFSSL_AES_192 - static char *EVP_AES_192_ECB; - #endif - #ifdef WOLFSSL_AES_256 - static char *EVP_AES_256_ECB; - #endif - static const int EVP_AES_SIZE = 11; - #ifdef WOLFSSL_AES_CFB - static const int EVP_AESCFB_SIZE = 14; - #endif -#endif -#endif - -#ifndef NO_DES3 -static char *EVP_DES_CBC; -static char *EVP_DES_ECB; - -static char *EVP_DES_EDE3_CBC; -static char *EVP_DES_EDE3_ECB; - -#ifdef OPENSSL_EXTRA -static const int EVP_DES_SIZE = 7; -static const int EVP_DES_EDE3_SIZE = 12; -#endif - -#endif - -#ifdef HAVE_IDEA -static char *EVP_IDEA_CBC; -#if defined(OPENSSL_EXTRA) -static const int EVP_IDEA_SIZE = 8; -#endif -#endif - -void wolfSSL_EVP_init(void) -{ -#ifndef NO_AES - #ifdef HAVE_AES_CBC - #ifdef WOLFSSL_AES_128 - EVP_AES_128_CBC = (char *)EVP_get_cipherbyname("AES-128-CBC"); - #endif - #ifdef WOLFSSL_AES_192 - EVP_AES_192_CBC = (char *)EVP_get_cipherbyname("AES-192-CBC"); - #endif - #ifdef WOLFSSL_AES_256 - EVP_AES_256_CBC = (char *)EVP_get_cipherbyname("AES-256-CBC"); - #endif - #endif /* HAVE_AES_CBC */ - - #ifdef WOLFSSL_AES_CFB - #ifdef WOLFSSL_AES_128 - EVP_AES_128_CFB1 = (char *)EVP_get_cipherbyname("AES-128-CFB1"); - #endif - - #ifdef WOLFSSL_AES_192 - EVP_AES_192_CFB1 = (char *)EVP_get_cipherbyname("AES-192-CFB1"); - #endif - - #ifdef WOLFSSL_AES_256 - EVP_AES_256_CFB1 = (char *)EVP_get_cipherbyname("AES-256-CFB1"); - #endif - - #ifdef WOLFSSL_AES_128 - EVP_AES_128_CFB8 = (char *)EVP_get_cipherbyname("AES-128-CFB8"); - #endif - - #ifdef WOLFSSL_AES_192 - EVP_AES_192_CFB8 = (char *)EVP_get_cipherbyname("AES-192-CFB8"); - #endif - - #ifdef WOLFSSL_AES_256 - EVP_AES_256_CFB8 = (char *)EVP_get_cipherbyname("AES-256-CFB8"); - #endif - - #ifdef WOLFSSL_AES_128 - EVP_AES_128_CFB128 = (char *)EVP_get_cipherbyname("AES-128-CFB128"); - #endif - - #ifdef WOLFSSL_AES_192 - EVP_AES_192_CFB128 = (char *)EVP_get_cipherbyname("AES-192-CFB128"); - #endif - - #ifdef WOLFSSL_AES_256 - EVP_AES_256_CFB128 = (char *)EVP_get_cipherbyname("AES-256-CFB128"); - #endif - #endif /* WOLFSSL_AES_CFB */ - - #ifdef WOLFSSL_AES_OFB - #ifdef WOLFSSL_AES_128 - EVP_AES_128_OFB = (char *)EVP_get_cipherbyname("AES-128-OFB"); - #endif - - #ifdef WOLFSSL_AES_192 - EVP_AES_192_OFB = (char *)EVP_get_cipherbyname("AES-192-OFB"); - #endif - - #ifdef WOLFSSL_AES_256 - EVP_AES_256_OFB = (char *)EVP_get_cipherbyname("AES-256-OFB"); - #endif - #endif /* WOLFSSL_AES_OFB */ - - #ifdef WOLFSSL_AES_XTS - #ifdef WOLFSSL_AES_128 - EVP_AES_128_XTS = (char *)EVP_get_cipherbyname("AES-128-XTS"); - #endif - - #ifdef WOLFSSL_AES_256 - EVP_AES_256_XTS = (char *)EVP_get_cipherbyname("AES-256-XTS"); - #endif - #endif /* WOLFSSL_AES_XTS */ - -#if defined(OPENSSL_EXTRA) - #ifdef HAVE_AESGCM - #ifdef WOLFSSL_AES_128 - EVP_AES_128_GCM = (char *)EVP_get_cipherbyname("AES-128-GCM"); - #endif - #ifdef WOLFSSL_AES_192 - EVP_AES_192_GCM = (char *)EVP_get_cipherbyname("AES-192-GCM"); - #endif - #ifdef WOLFSSL_AES_256 - EVP_AES_256_GCM = (char *)EVP_get_cipherbyname("AES-256-GCM"); - #endif - #endif /* HAVE_AESGCM*/ - #ifdef WOLFSSL_AES_128 - EVP_AES_128_CTR = (char *)EVP_get_cipherbyname("AES-128-CTR"); - #endif - #ifdef WOLFSSL_AES_192 - EVP_AES_192_CTR = (char *)EVP_get_cipherbyname("AES-192-CTR"); - #endif - #ifdef WOLFSSL_AES_256 - EVP_AES_256_CTR = (char *)EVP_get_cipherbyname("AES-256-CTR"); - #endif - - #ifdef WOLFSSL_AES_128 - EVP_AES_128_ECB = (char *)EVP_get_cipherbyname("AES-128-ECB"); - #endif - #ifdef WOLFSSL_AES_192 - EVP_AES_192_ECB = (char *)EVP_get_cipherbyname("AES-192-ECB"); - #endif - #ifdef WOLFSSL_AES_256 - EVP_AES_256_ECB = (char *)EVP_get_cipherbyname("AES-256-ECB"); - #endif -#endif -#endif /* ifndef NO_AES*/ - -#ifndef NO_DES3 - EVP_DES_CBC = (char *)EVP_get_cipherbyname("DES-CBC"); - EVP_DES_ECB = (char *)EVP_get_cipherbyname("DES-ECB"); - - EVP_DES_EDE3_CBC = (char *)EVP_get_cipherbyname("DES-EDE3-CBC"); - EVP_DES_EDE3_ECB = (char *)EVP_get_cipherbyname("DES-EDE3-ECB"); -#endif - -#ifdef HAVE_IDEA - EVP_IDEA_CBC = (char *)EVP_get_cipherbyname("IDEA-CBC"); -#endif -} - -#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL || HAVE_WEBSERVER */ - - #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) void wolfSSL_ERR_print_errors_fp(XFILE fp, int err) @@ -7841,82 +7239,6 @@ int wolfSSL_CTX_SetTmpDH_file(WOLFSSL_CTX* ctx, const char* fname, int format) #endif /* NO_FILESYSTEM */ - -#if defined(OPENSSL_EXTRA) || !defined(NO_PWDBASED) && \ - (defined(OPENSSL_EXTRA_X509_SMALL) || defined(HAVE_WEBSERVER)) - -static int wolfSSL_EVP_get_hashinfo(const WOLFSSL_EVP_MD* evp, - int* pHash, int* pHashSz) -{ - enum wc_HashType hash = WC_HASH_TYPE_NONE; - int hashSz; - - if (XSTRLEN(evp) < 3) { - /* do not try comparing strings if size is too small */ - return WOLFSSL_FAILURE; - } - - if (XSTRNCMP("SHA", evp, 3) == 0) { - if (XSTRLEN(evp) > 3) { - #ifndef NO_SHA256 - if (XSTRNCMP("SHA256", evp, 6) == 0) { - hash = WC_HASH_TYPE_SHA256; - } - else - #endif - #ifdef WOLFSSL_SHA384 - if (XSTRNCMP("SHA384", evp, 6) == 0) { - hash = WC_HASH_TYPE_SHA384; - } - else - #endif - #ifdef WOLFSSL_SHA512 - if (XSTRNCMP("SHA512", evp, 6) == 0) { - hash = WC_HASH_TYPE_SHA512; - } - else - #endif - { - WOLFSSL_MSG("Unknown SHA hash"); - } - } - else { - hash = WC_HASH_TYPE_SHA; - } - } -#ifdef WOLFSSL_MD2 - else if (XSTRNCMP("MD2", evp, 3) == 0) { - hash = WC_HASH_TYPE_MD2; - } -#endif -#ifndef NO_MD4 - else if (XSTRNCMP("MD4", evp, 3) == 0) { - hash = WC_HASH_TYPE_MD4; - } -#endif -#ifndef NO_MD5 - else if (XSTRNCMP("MD5", evp, 3) == 0) { - hash = WC_HASH_TYPE_MD5; - } -#endif - - if (pHash) - *pHash = hash; - - hashSz = wc_HashGetDigestSize(hash); - if (pHashSz) - *pHashSz = hashSz; - - if (hashSz < 0) { - return WOLFSSL_FAILURE; - } - - return WOLFSSL_SUCCESS; -} - -#endif - - #ifdef OPENSSL_EXTRA /* put SSL type in extra for now, not very common */ @@ -7957,7 +7279,7 @@ WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY_bio(WOLFSSL_BIO* bio, } } - pkcs8 = wolfSSL_PKEY_new(); + pkcs8 = wolfSSL_EVP_PKEY_new(); if (pkcs8 == NULL) { return NULL; } @@ -8060,7 +7382,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** out, unsigned char** in, if (wc_InitRsaKey(&rsa, NULL) == 0 && wc_RsaPublicKeyDecode(mem, &keyIdx, &rsa, (word32)memSz) == 0) { wc_FreeRsaKey(&rsa); - pkey = wolfSSL_PKEY_new(); + pkey = wolfSSL_EVP_PKEY_new(); if (pkey != NULL) { pkey->pkey_sz = keyIdx; pkey->pkey.ptr = (char*)XMALLOC(memSz, NULL, @@ -8104,7 +7426,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** out, unsigned char** in, if (wc_ecc_init(&ecc) == 0 && wc_EccPublicKeyDecode(mem, &keyIdx, &ecc, (word32)memSz) == 0) { wc_ecc_free(&ecc); - pkey = wolfSSL_PKEY_new(); + pkey = wolfSSL_EVP_PKEY_new(); if (pkey != NULL) { pkey->pkey_sz = keyIdx; pkey->pkey.ptr = (char*)XMALLOC(keyIdx, NULL, @@ -8149,7 +7471,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** out, unsigned char** in, if (wc_InitDsaKey(&dsa) == 0 && wc_DsaPublicKeyDecode(mem, &keyIdx, &dsa, (word32)memSz) == 0) { wc_FreeDsaKey(&dsa); - pkey = wolfSSL_PKEY_new(); + pkey = wolfSSL_EVP_PKEY_new(); if (pkey != NULL) { pkey->pkey_sz = keyIdx; @@ -8196,7 +7518,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** out, unsigned char** in, if (wc_InitDhKey(&dh) == 0 && wc_DhKeyDecode(mem, &keyIdx, &dh, (word32)memSz) == 0) { wc_FreeDhKey(&dh); - pkey = wolfSSL_PKEY_new(); + pkey = wolfSSL_EVP_PKEY_new(); if (pkey != NULL) { pkey->pkey_sz = (int)memSz; @@ -8279,7 +7601,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey(int type, WOLFSSL_EVP_PKEY** out, wolfSSL_EVP_PKEY_free(*out); *out = NULL; } - local = wolfSSL_PKEY_new(); + local = wolfSSL_EVP_PKEY_new(); if (local == NULL) { return NULL; } @@ -10229,37 +9551,7 @@ WOLFSSL_ASN1_STRING* wolfSSL_X509_EXTENSION_get_data(WOLFSSL_X509_EXTENSION* ext return &ext->value; } -/* this function makes the assumption that out buffer is big enough for digest*/ -int wolfSSL_EVP_Digest(const unsigned char* in, int inSz, unsigned char* out, - unsigned int* outSz, const WOLFSSL_EVP_MD* evp, - WOLFSSL_ENGINE* eng) -{ - int err; - int hashType = WC_HASH_TYPE_NONE; - int hashSz; - - WOLFSSL_ENTER("wolfSSL_EVP_Digest"); - if (in == NULL || out == NULL || evp == NULL) { - WOLFSSL_MSG("Null argument passed in"); - return WOLFSSL_FAILURE; - } - - err = wolfSSL_EVP_get_hashinfo(evp, &hashType, &hashSz); - if (err != WOLFSSL_SUCCESS) - return err; - - if (wc_Hash((enum wc_HashType)hashType, in, inSz, out, hashSz) != 0) { - return WOLFSSL_FAILURE; - } - - if (outSz != NULL) - *outSz = hashSz; - - (void)eng; - return WOLFSSL_SUCCESS; -} - - +#if !defined(NO_PWDBASED) int wolfSSL_X509_digest(const WOLFSSL_X509* x509, const WOLFSSL_EVP_MD* digest, unsigned char* buf, unsigned int* len) { @@ -10282,7 +9574,7 @@ int wolfSSL_X509_digest(const WOLFSSL_X509* x509, const WOLFSSL_EVP_MD* digest, WOLFSSL_LEAVE("wolfSSL_X509_digest", ret); return ret; } - +#endif int wolfSSL_use_PrivateKey(WOLFSSL* ssl, WOLFSSL_EVP_PKEY* pkey) { @@ -15777,61 +15069,6 @@ int wolfSSL_set_compression(WOLFSSL* ssl) return ctx->passwd_userdata; } -#if !defined(NO_PWDBASED) && (defined(OPENSSL_EXTRA) || \ - defined(OPENSSL_EXTRA_X509_SMALL) || defined(HAVE_WEBSERVER)) - - int wolfSSL_EVP_BytesToKey(const WOLFSSL_EVP_CIPHER* type, - const WOLFSSL_EVP_MD* md, const byte* salt, - const byte* data, int sz, int count, byte* key, byte* iv) - { - int ret; - int hashType = WC_HASH_TYPE_NONE; - #ifdef WOLFSSL_SMALL_STACK - EncryptedInfo* info; - #else - EncryptedInfo info[1]; - #endif - - #ifdef WOLFSSL_SMALL_STACK - info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL, - DYNAMIC_TYPE_ENCRYPTEDINFO); - if (info == NULL) { - WOLFSSL_MSG("malloc failed"); - return WOLFSSL_FAILURE; - } - #endif - - XMEMSET(info, 0, sizeof(EncryptedInfo)); - - ret = wc_EncryptedInfoGet(info, type); - if (ret < 0) - goto end; - - if (data == NULL) { - ret = info->keySz; - goto end; - } - - ret = wolfSSL_EVP_get_hashinfo(md, &hashType, NULL); - if (ret == WOLFSSL_FAILURE) - goto end; - - ret = wc_PBKDF1_ex(key, info->keySz, iv, info->ivSz, data, sz, salt, - EVP_SALT_SIZE, count, hashType, NULL); - if (ret == 0) - ret = info->keySz; - - end: - #ifdef WOLFSSL_SMALL_STACK - XFREE(info, NULL, DYNAMIC_TYPE_ENCRYPTEDINFO); - #endif - if (ret < 0) - return 0; /* failure - for compatibility */ - - return ret; - } - -#endif /* !NO_PWDBASED && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL || HAVE_WEBSERVER) */ #endif /* WOLFSSL_ENCRYPTED_KEYS */ @@ -16682,2110 +15919,6 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, #endif /* WOLFSSL_NOSHA3_512 */ #endif /* WOLFSSL_SHA3 */ - static const struct s_ent { - const unsigned char macType; - const char *name; - } md_tbl[] = { - #ifndef NO_MD4 - {WC_HASH_TYPE_MD4, "MD4"}, - #endif /* NO_MD4 */ - - #ifndef NO_MD5 - {WC_HASH_TYPE_MD5, "MD5"}, - #endif /* NO_MD5 */ - - #ifndef NO_SHA - {WC_HASH_TYPE_SHA, "SHA"}, - #endif /* NO_SHA */ - - #ifdef WOLFSSL_SHA224 - {WC_HASH_TYPE_SHA224, "SHA224"}, - #endif /* WOLFSSL_SHA224 */ - #ifndef NO_SHA256 - {WC_HASH_TYPE_SHA256, "SHA256"}, - #endif - - #ifdef WOLFSSL_SHA384 - {WC_HASH_TYPE_SHA384, "SHA384"}, - #endif /* WOLFSSL_SHA384 */ - #ifdef WOLFSSL_SHA512 - {WC_HASH_TYPE_SHA512, "SHA512"}, - #endif /* WOLFSSL_SHA512 */ -#ifndef WOLFSSL_NOSHA3_224 - {WC_HASH_TYPE_SHA3_224, "SHA3_224"}, -#endif -#ifndef WOLFSSL_NOSHA3_256 - {WC_HASH_TYPE_SHA3_256, "SHA3_256"}, -#endif - {WC_HASH_TYPE_SHA3_384, "SHA3_384"}, -#ifndef WOLFSSL_NOSHA3_512 - {WC_HASH_TYPE_SHA3_512, "SHA3_512"}, -#endif - {0, NULL} - }; - -const WOLFSSL_EVP_MD *wolfSSL_EVP_get_digestbyname(const char *name) -{ - static const struct alias { - const char *name; - const char *alias; - } alias_tbl[] = - { - {"MD4", "ssl3-md4"}, - {"MD5", "ssl3-md5"}, - {"SHA", "ssl3-sha1"}, - {"SHA", "SHA1"}, - { NULL, NULL} - }; - - const struct alias *al; - const struct s_ent *ent; - - - for (al = alias_tbl; al->name != NULL; al++) - if(XSTRNCMP(name, al->alias, XSTRLEN(al->alias)+1) == 0) { - name = al->name; - break; - } - - for (ent = md_tbl; ent->name != NULL; ent++) - if(XSTRNCMP(name, ent->name, XSTRLEN(ent->name)+1) == 0) { - return (EVP_MD *)ent->name; - } - return NULL; -} - -static WOLFSSL_EVP_MD *wolfSSL_EVP_get_md(const unsigned char type) -{ - const struct s_ent *ent ; - WOLFSSL_ENTER("EVP_get_md"); - for( ent = md_tbl; ent->name != NULL; ent++){ - if(type == ent->macType) { - return (WOLFSSL_EVP_MD *)ent->name; - } - } - return (WOLFSSL_EVP_MD *)""; -} - -int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) -{ - const struct s_ent *ent ; - WOLFSSL_ENTER("EVP_MD_type"); - for( ent = md_tbl; ent->name != NULL; ent++){ - if(XSTRNCMP((const char *)md, ent->name, XSTRLEN(ent->name)+1) == 0) { - return ent->macType; - } - } - return 0; -} - - -#ifndef NO_MD4 - - /* return a pointer to MD4 EVP type */ - const WOLFSSL_EVP_MD* wolfSSL_EVP_md4(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_md4"); - return EVP_get_digestbyname("MD4"); - } - -#endif /* !NO_MD4 */ - - -#ifndef NO_MD5 - - const WOLFSSL_EVP_MD* wolfSSL_EVP_md5(void) - { - WOLFSSL_ENTER("EVP_md5"); - return EVP_get_digestbyname("MD5"); - } - -#endif /* !NO_MD5 */ - - -#ifndef NO_WOLFSSL_STUB - const WOLFSSL_EVP_MD* wolfSSL_EVP_mdc2(void) - { - WOLFSSL_STUB("EVP_mdc2"); - return NULL; - } -#endif - -#ifndef NO_SHA - const WOLFSSL_EVP_MD* wolfSSL_EVP_sha1(void) - { - WOLFSSL_ENTER("EVP_sha1"); - return EVP_get_digestbyname("SHA"); - } -#endif /* NO_SHA */ - -#ifdef WOLFSSL_SHA224 - - const WOLFSSL_EVP_MD* wolfSSL_EVP_sha224(void) - { - WOLFSSL_ENTER("EVP_sha224"); - return EVP_get_digestbyname("SHA224"); - } - -#endif /* WOLFSSL_SHA224 */ - - - const WOLFSSL_EVP_MD* wolfSSL_EVP_sha256(void) - { - WOLFSSL_ENTER("EVP_sha256"); - return EVP_get_digestbyname("SHA256"); - } - -#ifdef WOLFSSL_SHA384 - - const WOLFSSL_EVP_MD* wolfSSL_EVP_sha384(void) - { - WOLFSSL_ENTER("EVP_sha384"); - return EVP_get_digestbyname("SHA384"); - } - -#endif /* WOLFSSL_SHA384 */ - -#ifdef WOLFSSL_SHA512 - - const WOLFSSL_EVP_MD* wolfSSL_EVP_sha512(void) - { - WOLFSSL_ENTER("EVP_sha512"); - return EVP_get_digestbyname("SHA512"); - } - -#endif /* WOLFSSL_SHA512 */ - -#ifdef WOLFSSL_SHA3 -#ifndef WOLFSSL_NOSHA3_224 - const WOLFSSL_EVP_MD* wolfSSL_EVP_sha3_224(void) - { - WOLFSSL_ENTER("EVP_sha3_224"); - return EVP_get_digestbyname("SHA3_224"); - } -#endif /* WOLFSSL_NOSHA3_224 */ - - -#ifndef WOLFSSL_NOSHA3_256 - const WOLFSSL_EVP_MD* wolfSSL_EVP_sha3_256(void) - { - WOLFSSL_ENTER("EVP_sha3_256"); - return EVP_get_digestbyname("SHA3_256"); - } -#endif /* WOLFSSL_NOSHA3_256 */ - - const WOLFSSL_EVP_MD* wolfSSL_EVP_sha3_384(void) - { - WOLFSSL_ENTER("EVP_sha3_384"); - return EVP_get_digestbyname("SHA3_384"); - } - -#ifndef WOLFSSL_NOSHA3_512 - const WOLFSSL_EVP_MD* wolfSSL_EVP_sha3_512(void) - { - WOLFSSL_ENTER("EVP_sha3_512"); - return EVP_get_digestbyname("SHA3_512"); - } -#endif /* WOLFSSL_NOSHA3_512 */ -#endif /* WOLFSSL_SHA3 */ - - WOLFSSL_EVP_MD_CTX *wolfSSL_EVP_MD_CTX_new(void) - { - WOLFSSL_EVP_MD_CTX* ctx; - WOLFSSL_ENTER("EVP_MD_CTX_new"); - ctx = (WOLFSSL_EVP_MD_CTX*)XMALLOC(sizeof *ctx, NULL, - DYNAMIC_TYPE_OPENSSL); - if (ctx){ - wolfSSL_EVP_MD_CTX_init(ctx); - } - return ctx; - } - - WOLFSSL_API void wolfSSL_EVP_MD_CTX_free(WOLFSSL_EVP_MD_CTX *ctx) - { - if (ctx) { - WOLFSSL_ENTER("EVP_MD_CTX_free"); - wolfSSL_EVP_MD_CTX_cleanup(ctx); - XFREE(ctx, NULL, DYNAMIC_TYPE_OPENSSL); - } - } - - - /* returns the type of message digest used by the ctx */ - int wolfSSL_EVP_MD_CTX_type(const WOLFSSL_EVP_MD_CTX *ctx) { - WOLFSSL_ENTER("EVP_MD_CTX_type"); - return ctx->macType; - } - - - /* returns WOLFSSL_SUCCESS on success */ - int wolfSSL_EVP_MD_CTX_copy(WOLFSSL_EVP_MD_CTX *out, const WOLFSSL_EVP_MD_CTX *in) - { - return wolfSSL_EVP_MD_CTX_copy_ex(out, in); - } - - /* returns digest size */ - int wolfSSL_EVP_MD_CTX_size(const WOLFSSL_EVP_MD_CTX *ctx) { - return(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(ctx))); - } - /* returns block size */ - int wolfSSL_EVP_MD_CTX_block_size(const WOLFSSL_EVP_MD_CTX *ctx) { - return(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(ctx))); - } - - /* Deep copy of EVP_MD hasher - * return WOLFSSL_SUCCESS on success */ - static int wolfSSL_EVP_MD_Copy_Hasher(WOLFSSL_EVP_MD_CTX* des, - const WOLFSSL_EVP_MD_CTX* src) - { - if (src->macType == (NID_hmac & 0xFF)) { - wolfSSL_HmacCopy(&des->hash.hmac, (Hmac*)&src->hash.hmac); - } - else { - switch (src->macType) { - #ifndef NO_MD5 - case WC_HASH_TYPE_MD5: - wc_Md5Copy((wc_Md5*)&src->hash.digest, - (wc_Md5*)&des->hash.digest); - break; - #endif /* !NO_MD5 */ - - #ifndef NO_SHA - case WC_HASH_TYPE_SHA: - wc_ShaCopy((wc_Sha*)&src->hash.digest, - (wc_Sha*)&des->hash.digest); - break; - #endif /* !NO_SHA */ - - #ifdef WOLFSSL_SHA224 - case WC_HASH_TYPE_SHA224: - wc_Sha224Copy((wc_Sha224*)&src->hash.digest, - (wc_Sha224*)&des->hash.digest); - break; - #endif /* WOLFSSL_SHA224 */ - - #ifndef NO_SHA256 - case WC_HASH_TYPE_SHA256: - wc_Sha256Copy((wc_Sha256*)&src->hash.digest, - (wc_Sha256*)&des->hash.digest); - break; - #endif /* !NO_SHA256 */ - - #ifdef WOLFSSL_SHA384 - case WC_HASH_TYPE_SHA384: - wc_Sha384Copy((wc_Sha384*)&src->hash.digest, - (wc_Sha384*)&des->hash.digest); - break; - #endif /* WOLFSSL_SHA384 */ - #ifdef WOLFSSL_SHA512 - case WC_HASH_TYPE_SHA512: - wc_Sha512Copy((wc_Sha512*)&src->hash.digest, - (wc_Sha512*)&des->hash.digest); - break; - #endif /* WOLFSSL_SHA512 */ - #ifdef WOLFSSL_SHA3 - #ifndef WOLFSSL_NOSHA3_224 - case WC_HASH_TYPE_SHA3_224: - wc_Sha3_224_Copy((wc_Sha3*)&src->hash.digest, - (wc_Sha3*)&des->hash.digest); - break; - #endif - - #ifndef WOLFSSL_NOSHA3_256 - case WC_HASH_TYPE_SHA3_256: - wc_Sha3_256_Copy((wc_Sha3*)&src->hash.digest, - (wc_Sha3*)&des->hash.digest); - break; - #endif - - case WC_HASH_TYPE_SHA3_384: - wc_Sha3_384_Copy((wc_Sha3*)&src->hash.digest, - (wc_Sha3*)&des->hash.digest); - break; - - #ifndef WOLFSSL_NOSHA3_512 - case WC_HASH_TYPE_SHA3_512: - wc_Sha3_512_Copy((wc_Sha3*)&src->hash.digest, - (wc_Sha3*)&des->hash.digest); - break; - #endif - #endif - default: - return WOLFSSL_FAILURE; - } - } - return WOLFSSL_SUCCESS; - } - - - /* copies structure in to the structure out - * - * returns WOLFSSL_SUCCESS on success */ - int wolfSSL_EVP_MD_CTX_copy_ex(WOLFSSL_EVP_MD_CTX *out, const WOLFSSL_EVP_MD_CTX *in) - { - if ((out == NULL) || (in == NULL)) return WOLFSSL_FAILURE; - WOLFSSL_ENTER("EVP_CIPHER_MD_CTX_copy_ex"); - XMEMCPY(out, in, sizeof(WOLFSSL_EVP_MD_CTX)); - if (in->pctx != NULL) { - out->pctx = wolfSSL_EVP_PKEY_CTX_new(in->pctx->pkey, NULL); - if (out->pctx == NULL) - return WOLFSSL_FAILURE; - } - return wolfSSL_EVP_MD_Copy_Hasher(out, (WOLFSSL_EVP_MD_CTX*)in); - } - - void wolfSSL_EVP_MD_CTX_init(WOLFSSL_EVP_MD_CTX* ctx) - { - WOLFSSL_ENTER("EVP_CIPHER_MD_CTX_init"); - XMEMSET(ctx, 0, sizeof(WOLFSSL_EVP_MD_CTX)); - } - - const WOLFSSL_EVP_MD *wolfSSL_EVP_MD_CTX_md(const WOLFSSL_EVP_MD_CTX *ctx) - { - if (ctx == NULL) - return NULL; - WOLFSSL_ENTER("EVP_MD_CTX_md"); - return (const WOLFSSL_EVP_MD *)wolfSSL_EVP_get_md(ctx->macType); - } - - #ifndef NO_AES - - #ifdef HAVE_AES_CBC - #ifdef WOLFSSL_AES_128 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cbc(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_128_cbc"); - if (EVP_AES_128_CBC == NULL) - wolfSSL_EVP_init(); - return EVP_AES_128_CBC; - } - #endif /* WOLFSSL_AES_128 */ - - - #ifdef WOLFSSL_AES_192 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_cbc(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_192_cbc"); - if (EVP_AES_192_CBC == NULL) - wolfSSL_EVP_init(); - return EVP_AES_192_CBC; - } - #endif /* WOLFSSL_AES_192 */ - - - #ifdef WOLFSSL_AES_256 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_cbc(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_256_cbc"); - if (EVP_AES_256_CBC == NULL) - wolfSSL_EVP_init(); - return EVP_AES_256_CBC; - } - #endif /* WOLFSSL_AES_256 */ - #endif /* HAVE_AES_CBC */ - - #ifdef WOLFSSL_AES_CFB -#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) - #ifdef WOLFSSL_AES_128 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cfb1(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_128_cfb1"); - if (EVP_AES_128_CFB1 == NULL) - wolfSSL_EVP_init(); - return EVP_AES_128_CFB1; - } - #endif /* WOLFSSL_AES_128 */ - - #ifdef WOLFSSL_AES_192 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_cfb1(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_192_cfb1"); - if (EVP_AES_192_CFB1 == NULL) - wolfSSL_EVP_init(); - return EVP_AES_192_CFB1; - } - #endif /* WOLFSSL_AES_192 */ - - #ifdef WOLFSSL_AES_256 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_cfb1(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_256_cfb1"); - if (EVP_AES_256_CFB1 == NULL) - wolfSSL_EVP_init(); - return EVP_AES_256_CFB1; - } - #endif /* WOLFSSL_AES_256 */ - - #ifdef WOLFSSL_AES_128 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cfb8(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_128_cfb8"); - if (EVP_AES_128_CFB8 == NULL) - wolfSSL_EVP_init(); - return EVP_AES_128_CFB8; - } - #endif /* WOLFSSL_AES_128 */ - - #ifdef WOLFSSL_AES_192 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_cfb8(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_192_cfb8"); - if (EVP_AES_192_CFB8 == NULL) - wolfSSL_EVP_init(); - return EVP_AES_192_CFB8; - } - #endif /* WOLFSSL_AES_192 */ - - #ifdef WOLFSSL_AES_256 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_cfb8(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_256_cfb8"); - if (EVP_AES_256_CFB8 == NULL) - wolfSSL_EVP_init(); - return EVP_AES_256_CFB8; - } - #endif /* WOLFSSL_AES_256 */ -#endif /* !HAVE_SELFTEST && !HAVE_FIPS */ - - #ifdef WOLFSSL_AES_128 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cfb128(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_128_cfb128"); - if (EVP_AES_128_CFB128 == NULL) - wolfSSL_EVP_init(); - return EVP_AES_128_CFB128; - } - #endif /* WOLFSSL_AES_128 */ - - #ifdef WOLFSSL_AES_192 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_cfb128(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_192_cfb128"); - if (EVP_AES_192_CFB128 == NULL) - wolfSSL_EVP_init(); - return EVP_AES_192_CFB128; - } - #endif /* WOLFSSL_AES_192 */ - - #ifdef WOLFSSL_AES_256 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_cfb128(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_256_cfb128"); - if (EVP_AES_256_CFB128 == NULL) - wolfSSL_EVP_init(); - return EVP_AES_256_CFB128; - } - #endif /* WOLFSSL_AES_256 */ - #endif /* WOLFSSL_AES_CFB */ - - #ifdef WOLFSSL_AES_OFB - #ifdef WOLFSSL_AES_128 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_ofb(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_128_ofb"); - if (EVP_AES_128_OFB == NULL) - wolfSSL_EVP_init(); - return EVP_AES_128_OFB; - } - #endif /* WOLFSSL_AES_128 */ - - #ifdef WOLFSSL_AES_192 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_ofb(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_192_ofb"); - if (EVP_AES_192_OFB == NULL) - wolfSSL_EVP_init(); - return EVP_AES_192_OFB; - } - #endif /* WOLFSSL_AES_192 */ - - #ifdef WOLFSSL_AES_256 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_ofb(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_256_ofb"); - if (EVP_AES_256_OFB == NULL) - wolfSSL_EVP_init(); - return EVP_AES_256_OFB; - } - #endif /* WOLFSSL_AES_256 */ - #endif /* WOLFSSL_AES_OFB */ - - #ifdef WOLFSSL_AES_XTS - #ifdef WOLFSSL_AES_128 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_xts(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_128_xts"); - if (EVP_AES_128_XTS == NULL) - wolfSSL_EVP_init(); - return EVP_AES_128_XTS; - } - #endif /* WOLFSSL_AES_128 */ - - #ifdef WOLFSSL_AES_256 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_xts(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_256_xts"); - if (EVP_AES_256_XTS == NULL) - wolfSSL_EVP_init(); - return EVP_AES_256_XTS; - } - #endif /* WOLFSSL_AES_256 */ - #endif /* WOLFSSL_AES_XTS */ - - #ifdef HAVE_AESGCM - #ifdef WOLFSSL_AES_128 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_gcm(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_128_gcm"); - if (EVP_AES_128_GCM == NULL) - wolfSSL_EVP_init(); - return EVP_AES_128_GCM; - } - #endif /* WOLFSSL_GCM_128 */ - - #ifdef WOLFSSL_AES_192 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_gcm(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_192_gcm"); - if (EVP_AES_192_GCM == NULL) - wolfSSL_EVP_init(); - return EVP_AES_192_GCM; - } - #endif /* WOLFSSL_AES_192 */ - - #ifdef WOLFSSL_AES_256 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_gcm(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_256_gcm"); - if (EVP_AES_256_GCM == NULL) - wolfSSL_EVP_init(); - return EVP_AES_256_GCM; - } - #endif /* WOLFSSL_AES_256 */ - #endif /* HAVE_AESGCM */ - - #ifdef WOLFSSL_AES_128 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_ctr(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_128_ctr"); - if (EVP_AES_128_CTR == NULL) - wolfSSL_EVP_init(); - return EVP_AES_128_CTR; - } - #endif /* WOLFSSL_AES_2128 */ - - - #ifdef WOLFSSL_AES_192 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_ctr(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_192_ctr"); - if (EVP_AES_192_CTR == NULL) - wolfSSL_EVP_init(); - return EVP_AES_192_CTR; - } - #endif /* WOLFSSL_AES_192 */ - - - #ifdef WOLFSSL_AES_256 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_ctr(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_256_ctr"); - if (EVP_AES_256_CTR == NULL) - wolfSSL_EVP_init(); - return EVP_AES_256_CTR; - } - #endif /* WOLFSSL_AES_256 */ - - #ifdef WOLFSSL_AES_128 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_ecb(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_128_ecb"); - if (EVP_AES_128_ECB == NULL) - wolfSSL_EVP_init(); - return EVP_AES_128_ECB; - } - #endif /* WOLFSSL_AES_128 */ - - - #ifdef WOLFSSL_AES_192 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_ecb(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_192_ecb"); - if (EVP_AES_192_ECB == NULL) - wolfSSL_EVP_init(); - return EVP_AES_192_ECB; - } - #endif /* WOLFSSL_AES_192*/ - - - #ifdef WOLFSSL_AES_256 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_ecb(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_256_ecb"); - if (EVP_AES_256_ECB == NULL) - wolfSSL_EVP_init(); - return EVP_AES_256_ECB; - } - #endif /* WOLFSSL_AES_256 */ - #endif /* NO_AES */ - -#ifndef NO_DES3 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_cbc(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_des_cbc"); - if (EVP_DES_CBC == NULL) - wolfSSL_EVP_init(); - return EVP_DES_CBC; - } -#ifdef WOLFSSL_DES_ECB - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_ecb(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_des_ecb"); - if (EVP_DES_ECB == NULL) - wolfSSL_EVP_init(); - return EVP_DES_ECB; - } -#endif - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_ede3_cbc(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_des_ede3_cbc"); - if (EVP_DES_EDE3_CBC == NULL) - wolfSSL_EVP_init(); - return EVP_DES_EDE3_CBC; - } -#ifdef WOLFSSL_DES_ECB - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_ede3_ecb(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_des_ede3_ecb"); - if (EVP_DES_EDE3_ECB == NULL) - wolfSSL_EVP_init(); - return EVP_DES_EDE3_ECB; - } -#endif -#endif /* NO_DES3 */ - -#ifndef NO_RC4 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_rc4(void) - { - static const char* type = "ARC4"; - WOLFSSL_ENTER("wolfSSL_EVP_rc4"); - return type; - } -#endif - -#ifdef HAVE_IDEA - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_idea_cbc(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_idea_cbc"); - if (EVP_IDEA_CBC == NULL) - wolfSSL_EVP_init(); - return EVP_IDEA_CBC; - } -#endif - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_enc_null(void) - { - static const char* type = "NULL"; - WOLFSSL_ENTER("wolfSSL_EVP_enc_null"); - return type; - } - - int wolfSSL_EVP_MD_CTX_cleanup(WOLFSSL_EVP_MD_CTX* ctx) - { - WOLFSSL_ENTER("EVP_MD_CTX_cleanup"); - if (ctx->pctx != NULL) - wolfSSL_EVP_PKEY_CTX_free(ctx->pctx); - - if (ctx->macType == (NID_hmac & 0xFF)) { - wc_HmacFree(&ctx->hash.hmac); - } - else { - switch (ctx->macType) { - #ifndef NO_MD5 - case WC_HASH_TYPE_MD5: - wc_Md5Free((wc_Md5*)&ctx->hash.digest); - break; - #endif /* !NO_MD5 */ - - #ifndef NO_SHA - case WC_HASH_TYPE_SHA: - wc_ShaFree((wc_Sha*)&ctx->hash.digest); - break; - #endif /* !NO_SHA */ - - #ifdef WOLFSSL_SHA224 - case WC_HASH_TYPE_SHA224: - wc_Sha224Free((wc_Sha224*)&ctx->hash.digest); - break; - #endif /* WOLFSSL_SHA224 */ - - #ifndef NO_SHA256 - case WC_HASH_TYPE_SHA256: - wc_Sha256Free((wc_Sha256*)&ctx->hash.digest); - break; - #endif /* !NO_SHA256 */ - - #ifdef WOLFSSL_SHA384 - case WC_HASH_TYPE_SHA384: - wc_Sha384Free((wc_Sha384*)&ctx->hash.digest); - break; - #endif /* WOLFSSL_SHA384 */ - #ifdef WOLFSSL_SHA512 - case WC_HASH_TYPE_SHA512: - wc_Sha512Free((wc_Sha512*)&ctx->hash.digest); - break; - #endif /* WOLFSSL_SHA512 */ - #ifdef WOLFSSL_SHA3 - #ifndef WOLFSSL_NOSHA3_224 - case WC_HASH_TYPE_SHA3_224: - wc_Sha3_224_Free((wc_Sha3*)&ctx->hash.digest); - break; - #endif - - #ifndef WOLFSSL_NOSHA3_256 - case WC_HASH_TYPE_SHA3_256: - wc_Sha3_256_Free((wc_Sha3*)&ctx->hash.digest); - break; - #endif - - case WC_HASH_TYPE_SHA3_384: - wc_Sha3_384_Free((wc_Sha3*)&ctx->hash.digest); - break; - - #ifndef WOLFSSL_NOSHA3_512 - case WC_HASH_TYPE_SHA3_512: - wc_Sha3_512_Free((wc_Sha3*)&ctx->hash.digest); - break; - #endif - #endif - default: - return WOLFSSL_FAILURE; - } - } - ForceZero(ctx, sizeof(*ctx)); - ctx->macType = 0xFF; - return 1; - } - - void wolfSSL_EVP_CIPHER_CTX_init(WOLFSSL_EVP_CIPHER_CTX* ctx) - { - WOLFSSL_ENTER("EVP_CIPHER_CTX_init"); - if (ctx) { - XMEMSET(ctx, 0, sizeof(WOLFSSL_EVP_CIPHER_CTX)); - ctx->cipherType = WOLFSSL_EVP_CIPH_TYPE_INIT; /* not yet initialized */ - ctx->keyLen = 0; - ctx->enc = 1; /* start in encrypt mode */ - } - } - -#if defined(HAVE_AESGCM) && !defined(HAVE_SELFTEST) - static WC_INLINE void IncCtr(byte* ctr, word32 ctrSz) - { - int i; - for (i = ctrSz-1; i >= 0; i--) { - if (++ctr[i]) - break; - } - } -#endif - - /* This function allows cipher specific parameters to be - determined and set. */ - int wolfSSL_EVP_CIPHER_CTX_ctrl(WOLFSSL_EVP_CIPHER_CTX *ctx, int type, \ - int arg, void *ptr) - { - int ret = WOLFSSL_FAILURE; -#if defined(HAVE_AESGCM) && !defined(HAVE_SELFTEST) - WC_RNG rng; -#endif - if (ctx == NULL) - return WOLFSSL_FAILURE; - - (void)arg; - (void)ptr; - - WOLFSSL_ENTER("EVP_CIPHER_CTX_ctrl"); - - switch(type) { - case EVP_CTRL_INIT: - wolfSSL_EVP_CIPHER_CTX_init(ctx); - if(ctx) - ret = WOLFSSL_SUCCESS; - break; - case EVP_CTRL_SET_KEY_LENGTH: - ret = wolfSSL_EVP_CIPHER_CTX_set_key_length(ctx, arg); - break; -#if defined(HAVE_AESGCM) && !defined(HAVE_SELFTEST) - case EVP_CTRL_GCM_SET_IVLEN: - if(arg <= 0 || arg > 16) - return WOLFSSL_FAILURE; - ret = wolfSSL_EVP_CIPHER_CTX_set_iv_length(ctx, arg); - break; - case EVP_CTRL_AEAD_SET_IV_FIXED: - if (arg == -1) { - /* arg == -1 copies ctx->ivSz from ptr */ - ret = wolfSSL_EVP_CIPHER_CTX_set_iv(ctx, (byte*)ptr, ctx->ivSz); - } - else { - /* - * Fixed field must be at least 4 bytes and invocation - * field at least 8. - */ - if ((arg < 4) || (ctx->ivSz - arg) < 8) { - WOLFSSL_MSG("Fixed field or invocation field too short"); - ret = WOLFSSL_FAILURE; - break; - } - if (wc_InitRng(&rng) != 0) { - WOLFSSL_MSG("wc_InitRng failed"); - ret = WOLFSSL_FAILURE; - break; - } - if (arg) { - XMEMCPY(ctx->iv, ptr, arg); - } - if (wc_RNG_GenerateBlock(&rng, ctx->iv + arg, - ctx->ivSz - arg) != 0) { - /* rng is freed immediately after if block so no need - * to do it here - */ - WOLFSSL_MSG("wc_RNG_GenerateBlock failed"); - ret = WOLFSSL_FAILURE; - } - - if (wc_FreeRng(&rng) != 0) { - WOLFSSL_MSG("wc_FreeRng failed"); - ret = WOLFSSL_FAILURE; - break; - } - } - break; -#if !defined(_WIN32) && !defined(HAVE_FIPS) - case EVP_CTRL_GCM_IV_GEN: - if (ctx->cipher.aes.keylen == 0 || ctx->ivSz == 0) { - ret = WOLFSSL_FAILURE; - WOLFSSL_MSG("Key or IV not set"); - break; - } - if ((ret = wc_AesGcmSetExtIV(&ctx->cipher.aes, ctx->iv, ctx->ivSz)) != 0) { - WOLFSSL_MSG("wc_AesGcmSetIV failed"); - ret = WOLFSSL_FAILURE; - } - /* OpenSSL increments the IV. Not sure why */ - IncCtr(ctx->iv, ctx->ivSz); - break; -#endif - case EVP_CTRL_AEAD_SET_TAG: - if(arg <= 0 || arg > 16 || (ptr == NULL)) - return WOLFSSL_FAILURE; - - XMEMCPY(ctx->authTag, ptr, arg); - ctx->authTagSz = arg; - ret = WOLFSSL_SUCCESS; - - break; - case EVP_CTRL_AEAD_GET_TAG: - if(arg <= 0 || arg > 16) - return WOLFSSL_FAILURE; - - XMEMCPY(ptr, ctx->authTag, arg); - ret = WOLFSSL_SUCCESS; - break; -#endif /* HAVE_AESGCM && !HAVE_SELFTEST */ - default: - WOLFSSL_MSG("EVP_CIPHER_CTX_ctrl operation not yet handled"); - ret = WOLFSSL_FAILURE; - } - return ret; - } - - /* WOLFSSL_SUCCESS on ok */ - int wolfSSL_EVP_CIPHER_CTX_cleanup(WOLFSSL_EVP_CIPHER_CTX* ctx) - { - WOLFSSL_ENTER("EVP_CIPHER_CTX_cleanup"); - if (ctx) { - ctx->cipherType = WOLFSSL_EVP_CIPH_TYPE_INIT; /* not yet initialized */ - ctx->keyLen = 0; - } - - return WOLFSSL_SUCCESS; - } - - /* Permanent stub for Qt compilation. */ - #if defined(WOLFSSL_QT) && !defined(NO_WOLFSSL_STUB) - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_rc2_cbc(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_rc2_cbc"); - WOLFSSL_STUB("EVP_rc2_cbc"); - return NULL; - } - #endif - -#ifndef NO_AES - static int AesSetKey_ex(Aes* aes, const byte* key, word32 len, - const byte* iv, int dir, int direct) - { - int ret; - /* wc_AesSetKey clear aes.reg if iv == NULL. - Keep IV for openSSL compatibility */ - if (iv == NULL) - XMEMCPY((byte *)aes->tmp, (byte *)aes->reg, AES_BLOCK_SIZE); - if (direct) { - #if defined(WOLFSSL_AES_DIRECT) - ret = wc_AesSetKeyDirect(aes, key, len, iv, dir); - #else - ret = NOT_COMPILED_IN; - #endif - } - else { - ret = wc_AesSetKey(aes, key, len, iv, dir); - } - if (iv == NULL) - XMEMCPY((byte *)aes->reg, (byte *)aes->tmp, AES_BLOCK_SIZE); - return ret; - } -#endif - - /* return WOLFSSL_SUCCESS on ok, 0 on failure to match API compatibility */ - int wolfSSL_EVP_CipherInit(WOLFSSL_EVP_CIPHER_CTX* ctx, - const WOLFSSL_EVP_CIPHER* type, const byte* key, - const byte* iv, int enc) - { - int ret = 0; - (void)key; - (void)iv; - (void)enc; - - WOLFSSL_ENTER("wolfSSL_EVP_CipherInit"); - if (ctx == NULL) { - WOLFSSL_MSG("no ctx"); - return 0; /* failure */ - } - - if (type == NULL && ctx->cipherType == WOLFSSL_EVP_CIPH_TYPE_INIT) { - WOLFSSL_MSG("no type set"); - return 0; /* failure */ - } - if (ctx->cipherType == WOLFSSL_EVP_CIPH_TYPE_INIT){ - /* only first EVP_CipherInit invoke. ctx->cipherType is set below */ - XMEMSET(&ctx->cipher, 0, sizeof(ctx->cipher)); - ctx->flags = 0; - } - /* always clear buffer state */ - ctx->bufUsed = 0; - ctx->lastUsed = 0; - -#ifdef HAVE_WOLFSSL_EVP_CIPHER_CTX_IV - if (!iv && ctx->ivSz) { - iv = ctx->iv; - } -#endif - -#ifndef NO_AES - #ifdef HAVE_AES_CBC - #ifdef WOLFSSL_AES_128 - if (ctx->cipherType == AES_128_CBC_TYPE || - (type && XSTRNCMP(type, EVP_AES_128_CBC, EVP_AES_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_128_CBC"); - ctx->cipherType = AES_128_CBC_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_CBC_MODE; - ctx->keyLen = 16; - ctx->block_size = AES_BLOCK_SIZE; - ctx->ivSz = AES_BLOCK_SIZE; - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, - ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION, 0); - if (ret != 0) - return ret; - } - if (iv && key == NULL) { - ret = wc_AesSetIV(&ctx->cipher.aes, iv); - if (ret != 0) - return ret; - } - } - #endif /* WOLFSSL_AES_128 */ - #ifdef WOLFSSL_AES_192 - if (ctx->cipherType == AES_192_CBC_TYPE || - (type && XSTRNCMP(type, EVP_AES_192_CBC, EVP_AES_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_192_CBC"); - ctx->cipherType = AES_192_CBC_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_CBC_MODE; - ctx->keyLen = 24; - ctx->block_size = AES_BLOCK_SIZE; - ctx->ivSz = AES_BLOCK_SIZE; - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, - ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION, 0); - if (ret != 0) - return ret; - } - if (iv && key == NULL) { - ret = wc_AesSetIV(&ctx->cipher.aes, iv); - if (ret != 0) - return ret; - } - } - #endif /* WOLFSSL_AES_192 */ - #ifdef WOLFSSL_AES_256 - if (ctx->cipherType == AES_256_CBC_TYPE || - (type && XSTRNCMP(type, EVP_AES_256_CBC, EVP_AES_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_256_CBC"); - ctx->cipherType = AES_256_CBC_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_CBC_MODE; - ctx->keyLen = 32; - ctx->block_size = AES_BLOCK_SIZE; - ctx->ivSz = AES_BLOCK_SIZE; - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, - ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION, 0); - if (ret != 0){ - WOLFSSL_MSG("AesSetKey() failed"); - return ret; - } - } - if (iv && key == NULL) { - ret = wc_AesSetIV(&ctx->cipher.aes, iv); - if (ret != 0){ - WOLFSSL_MSG("wc_AesSetIV() failed"); - return ret; - } - } - } - #endif /* WOLFSSL_AES_256 */ - #endif /* HAVE_AES_CBC */ - #ifdef HAVE_AESGCM - #ifdef WOLFSSL_AES_128 - if (ctx->cipherType == AES_128_GCM_TYPE || - (type && XSTRNCMP(type, EVP_AES_128_GCM, EVP_AES_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_128_GCM"); - ctx->cipherType = AES_128_GCM_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_GCM_MODE; - ctx->keyLen = 16; - ctx->block_size = AES_BLOCK_SIZE; - ctx->authTagSz = AES_BLOCK_SIZE; - ctx->ivSz = GCM_NONCE_MID_SZ; - - XMEMSET(ctx->authTag, 0, ctx->authTagSz); - if (iv) - XMEMCPY(ctx->iv, iv, ctx->ivSz); - else - XMEMSET(ctx->iv, 0, AES_BLOCK_SIZE); - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = wc_AesGcmSetKey(&ctx->cipher.aes, key, ctx->keyLen); - if (ret != 0) - return ret; - } - } - #endif /* WOLFSSL_AES_128 */ - #ifdef WOLFSSL_AES_192 - if (ctx->cipherType == AES_192_GCM_TYPE || - (type && XSTRNCMP(type, EVP_AES_192_GCM, EVP_AES_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_192_GCM"); - ctx->cipherType = AES_192_GCM_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_GCM_MODE; - ctx->keyLen = 24; - ctx->block_size = AES_BLOCK_SIZE; - ctx->authTagSz = AES_BLOCK_SIZE; - ctx->ivSz = GCM_NONCE_MID_SZ; - - XMEMSET(ctx->authTag, 0, ctx->authTagSz); - if (iv) - XMEMCPY(ctx->iv, iv, ctx->ivSz); - else - XMEMSET(ctx->iv, 0, AES_BLOCK_SIZE); - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = wc_AesGcmSetKey(&ctx->cipher.aes, key, ctx->keyLen); - if (ret != 0) - return ret; - } - } - #endif /* WOLFSSL_AES_192 */ - #ifdef WOLFSSL_AES_256 - if (ctx->cipherType == AES_256_GCM_TYPE || - (type && XSTRNCMP(type, EVP_AES_256_GCM, EVP_AES_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_256_GCM"); - ctx->cipherType = AES_256_GCM_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_GCM_MODE; - ctx->keyLen = 32; - ctx->block_size = AES_BLOCK_SIZE; - ctx->authTagSz = AES_BLOCK_SIZE; - ctx->ivSz = GCM_NONCE_MID_SZ; - - XMEMSET(ctx->authTag, 0, ctx->authTagSz); - if (iv) - XMEMCPY(ctx->iv, iv, ctx->ivSz); - else - XMEMSET(ctx->iv, 0, AES_BLOCK_SIZE); - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = wc_AesGcmSetKey(&ctx->cipher.aes, key, ctx->keyLen); - if (ret != 0){ - WOLFSSL_MSG("AesSetKey() failed"); - return ret; - } - } - } - #endif /* WOLFSSL_AES_256 */ - #endif /* HAVE_AESGCM */ -#ifdef WOLFSSL_AES_COUNTER - #ifdef WOLFSSL_AES_128 - if (ctx->cipherType == AES_128_CTR_TYPE || - (type && XSTRNCMP(type, EVP_AES_128_CTR, EVP_AES_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_128_CTR"); - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->cipherType = AES_128_CTR_TYPE; - ctx->flags |= WOLFSSL_EVP_CIPH_CTR_MODE; - ctx->keyLen = 16; - ctx->block_size = NO_PADDING_BLOCK_SIZE; - ctx->ivSz = AES_BLOCK_SIZE; -#if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) - ctx->cipher.aes.left = 0; -#endif - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, - AES_ENCRYPTION, 1); - if (ret != 0) - return ret; - } - if (iv && key == NULL) { - ret = wc_AesSetIV(&ctx->cipher.aes, iv); - if (ret != 0) - return ret; - } - } - #endif /* WOLFSSL_AES_128 */ - #ifdef WOLFSSL_AES_192 - if (ctx->cipherType == AES_192_CTR_TYPE || - (type && XSTRNCMP(type, EVP_AES_192_CTR, EVP_AES_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_192_CTR"); - ctx->cipherType = AES_192_CTR_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_CTR_MODE; - ctx->keyLen = 24; - ctx->block_size = NO_PADDING_BLOCK_SIZE; - ctx->ivSz = AES_BLOCK_SIZE; -#if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) - ctx->cipher.aes.left = 0; -#endif - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, - AES_ENCRYPTION, 1); - if (ret != 0) - return ret; - } - if (iv && key == NULL) { - ret = wc_AesSetIV(&ctx->cipher.aes, iv); - if (ret != 0) - return ret; - } - } - #endif /* WOLFSSL_AES_192 */ - #ifdef WOLFSSL_AES_256 - if (ctx->cipherType == AES_256_CTR_TYPE || - (type && XSTRNCMP(type, EVP_AES_256_CTR, EVP_AES_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_256_CTR"); - ctx->cipherType = AES_256_CTR_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_CTR_MODE; - ctx->keyLen = 32; - ctx->block_size = NO_PADDING_BLOCK_SIZE; - ctx->ivSz = AES_BLOCK_SIZE; -#if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) - ctx->cipher.aes.left = 0; -#endif - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, - AES_ENCRYPTION, 1); - if (ret != 0) - return ret; - } - if (iv && key == NULL) { - ret = wc_AesSetIV(&ctx->cipher.aes, iv); - if (ret != 0) - return ret; - } - } - #endif /* WOLFSSL_AES_256 */ -#endif /* WOLFSSL_AES_COUNTER */ - #ifdef WOLFSSL_AES_128 - if (ctx->cipherType == AES_128_ECB_TYPE || - (type && XSTRNCMP(type, EVP_AES_128_ECB, EVP_AES_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_128_ECB"); - ctx->cipherType = AES_128_ECB_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_ECB_MODE; - ctx->keyLen = 16; - ctx->block_size = AES_BLOCK_SIZE; - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, NULL, - ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION, 1); - } - if (ret != 0) - return ret; - } - #endif /* WOLFSSL_AES_128 */ - #ifdef WOLFSSL_AES_192 - if (ctx->cipherType == AES_192_ECB_TYPE || - (type && XSTRNCMP(type, EVP_AES_192_ECB, EVP_AES_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_192_ECB"); - ctx->cipherType = AES_192_ECB_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_ECB_MODE; - ctx->keyLen = 24; - ctx->block_size = AES_BLOCK_SIZE; - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, NULL, - ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION, 1); - } - if (ret != 0) - return ret; - } - #endif /* WOLFSSL_AES_192 */ - #ifdef WOLFSSL_AES_256 - if (ctx->cipherType == AES_256_ECB_TYPE || - (type && XSTRNCMP(type, EVP_AES_256_ECB, EVP_AES_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_256_ECB"); - ctx->cipherType = AES_256_ECB_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_ECB_MODE; - ctx->keyLen = 32; - ctx->block_size = AES_BLOCK_SIZE; - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, NULL, - ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION, 1); - } - if (ret != 0) - return ret; - } - #endif /* WOLFSSL_AES_256 */ - #ifdef WOLFSSL_AES_CFB - #ifdef WOLFSSL_AES_128 - if (ctx->cipherType == AES_128_CFB1_TYPE || - (type && XSTRNCMP(type, EVP_AES_128_CFB1, EVP_AESCFB_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_128_CFB1"); - ctx->cipherType = AES_128_CFB1_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE; - ctx->keyLen = 16; - ctx->block_size = 1; - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, - AES_ENCRYPTION, 0); - if (ret != 0) - return ret; - } - if (iv && key == NULL) { - ret = wc_AesSetIV(&ctx->cipher.aes, iv); - if (ret != 0) - return ret; - } - } - #endif /* WOLFSSL_AES_128 */ - #ifdef WOLFSSL_AES_192 - if (ctx->cipherType == AES_192_CFB1_TYPE || - (type && XSTRNCMP(type, EVP_AES_192_CFB1, EVP_AESCFB_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_192_CFB1"); - ctx->cipherType = AES_192_CFB1_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE; - ctx->keyLen = 24; - ctx->block_size = 1; - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, - AES_ENCRYPTION, 0); - if (ret != 0) - return ret; - } - if (iv && key == NULL) { - ret = wc_AesSetIV(&ctx->cipher.aes, iv); - if (ret != 0) - return ret; - } - } - #endif /* WOLFSSL_AES_192 */ - #ifdef WOLFSSL_AES_256 - if (ctx->cipherType == AES_256_CFB1_TYPE || - (type && XSTRNCMP(type, EVP_AES_256_CFB1, EVP_AESCFB_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_256_CFB1"); - ctx->cipherType = AES_256_CFB1_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE; - ctx->keyLen = 32; - ctx->block_size = 1; - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, - AES_ENCRYPTION, 0); - if (ret != 0){ - WOLFSSL_MSG("AesSetKey() failed"); - return ret; - } - } - if (iv && key == NULL) { - ret = wc_AesSetIV(&ctx->cipher.aes, iv); - if (ret != 0){ - WOLFSSL_MSG("wc_AesSetIV() failed"); - return ret; - } - } - } - #endif /* WOLFSSL_AES_256 */ - #ifdef WOLFSSL_AES_128 - if (ctx->cipherType == AES_128_CFB8_TYPE || - (type && XSTRNCMP(type, EVP_AES_128_CFB8, EVP_AESCFB_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_128_CFB8"); - ctx->cipherType = AES_128_CFB8_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE; - ctx->keyLen = 16; - ctx->block_size = 1; - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, - AES_ENCRYPTION, 0); - if (ret != 0) - return ret; - } - if (iv && key == NULL) { - ret = wc_AesSetIV(&ctx->cipher.aes, iv); - if (ret != 0) - return ret; - } - } - #endif /* WOLFSSL_AES_128 */ - #ifdef WOLFSSL_AES_192 - if (ctx->cipherType == AES_192_CFB8_TYPE || - (type && XSTRNCMP(type, EVP_AES_192_CFB8, EVP_AESCFB_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_192_CFB8"); - ctx->cipherType = AES_192_CFB8_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE; - ctx->keyLen = 24; - ctx->block_size = 1; - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, - AES_ENCRYPTION, 0); - if (ret != 0) - return ret; - } - if (iv && key == NULL) { - ret = wc_AesSetIV(&ctx->cipher.aes, iv); - if (ret != 0) - return ret; - } - } - #endif /* WOLFSSL_AES_192 */ - #ifdef WOLFSSL_AES_256 - if (ctx->cipherType == AES_256_CFB8_TYPE || - (type && XSTRNCMP(type, EVP_AES_256_CFB8, EVP_AESCFB_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_256_CFB8"); - ctx->cipherType = AES_256_CFB8_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE; - ctx->keyLen = 32; - ctx->block_size = 1; - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, - AES_ENCRYPTION, 0); - if (ret != 0){ - WOLFSSL_MSG("AesSetKey() failed"); - return ret; - } - } - if (iv && key == NULL) { - ret = wc_AesSetIV(&ctx->cipher.aes, iv); - if (ret != 0){ - WOLFSSL_MSG("wc_AesSetIV() failed"); - return ret; - } - } - } - #endif /* WOLFSSL_AES_256 */ - #ifdef WOLFSSL_AES_128 - if (ctx->cipherType == AES_128_CFB128_TYPE || - (type && XSTRNCMP(type, EVP_AES_128_CFB128, EVP_AESCFB_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_128_CFB128"); - ctx->cipherType = AES_128_CFB128_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE; - ctx->keyLen = 16; - ctx->block_size = 1; - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, - AES_ENCRYPTION, 0); - if (ret != 0) - return ret; - } - if (iv && key == NULL) { - ret = wc_AesSetIV(&ctx->cipher.aes, iv); - if (ret != 0) - return ret; - } - } - #endif /* WOLFSSL_AES_128 */ - #ifdef WOLFSSL_AES_192 - if (ctx->cipherType == AES_192_CFB128_TYPE || - (type && XSTRNCMP(type, EVP_AES_192_CFB128, EVP_AESCFB_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_192_CFB128"); - ctx->cipherType = AES_192_CFB128_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE; - ctx->keyLen = 24; - ctx->block_size = 1; - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, - AES_ENCRYPTION, 0); - if (ret != 0) - return ret; - } - if (iv && key == NULL) { - ret = wc_AesSetIV(&ctx->cipher.aes, iv); - if (ret != 0) - return ret; - } - } - #endif /* WOLFSSL_AES_192 */ - #ifdef WOLFSSL_AES_256 - if (ctx->cipherType == AES_256_CFB128_TYPE || - (type && XSTRNCMP(type, EVP_AES_256_CFB128, EVP_AESCFB_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_256_CFB128"); - ctx->cipherType = AES_256_CFB128_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE; - ctx->keyLen = 32; - ctx->block_size = 1; - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, - AES_ENCRYPTION, 0); - if (ret != 0){ - WOLFSSL_MSG("AesSetKey() failed"); - return ret; - } - } - if (iv && key == NULL) { - ret = wc_AesSetIV(&ctx->cipher.aes, iv); - if (ret != 0){ - WOLFSSL_MSG("wc_AesSetIV() failed"); - return ret; - } - } - } - #endif /* WOLFSSL_AES_256 */ - #endif /* HAVE_AES_CFB */ - #ifdef WOLFSSL_AES_OFB - #ifdef WOLFSSL_AES_128 - if (ctx->cipherType == AES_128_OFB_TYPE || - (type && XSTRNCMP(type, EVP_AES_128_OFB, EVP_AES_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_128_OFB"); - ctx->cipherType = AES_128_OFB_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_OFB_MODE; - ctx->keyLen = 16; - ctx->block_size = 1; - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, - AES_ENCRYPTION, 0); - if (ret != 0) - return ret; - } - if (iv && key == NULL) { - ret = wc_AesSetIV(&ctx->cipher.aes, iv); - if (ret != 0) - return ret; - } - } - #endif /* WOLFSSL_AES_128 */ - #ifdef WOLFSSL_AES_192 - if (ctx->cipherType == AES_192_OFB_TYPE || - (type && XSTRNCMP(type, EVP_AES_192_OFB, EVP_AES_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_192_OFB"); - ctx->cipherType = AES_192_OFB_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_OFB_MODE; - ctx->keyLen = 24; - ctx->block_size = 1; - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, - AES_ENCRYPTION, 0); - if (ret != 0) - return ret; - } - if (iv && key == NULL) { - ret = wc_AesSetIV(&ctx->cipher.aes, iv); - if (ret != 0) - return ret; - } - } - #endif /* WOLFSSL_AES_192 */ - #ifdef WOLFSSL_AES_256 - if (ctx->cipherType == AES_256_OFB_TYPE || - (type && XSTRNCMP(type, EVP_AES_256_OFB, EVP_AES_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_256_OFB"); - ctx->cipherType = AES_256_OFB_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_OFB_MODE; - ctx->keyLen = 32; - ctx->block_size = 1; - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, - AES_ENCRYPTION, 0); - if (ret != 0){ - WOLFSSL_MSG("AesSetKey() failed"); - return ret; - } - } - if (iv && key == NULL) { - ret = wc_AesSetIV(&ctx->cipher.aes, iv); - if (ret != 0){ - WOLFSSL_MSG("wc_AesSetIV() failed"); - return ret; - } - } - } - #endif /* WOLFSSL_AES_256 */ - #endif /* HAVE_AES_OFB */ - #ifdef WOLFSSL_AES_XTS - #ifdef WOLFSSL_AES_128 - if (ctx->cipherType == AES_128_XTS_TYPE || - (type && XSTRNCMP(type, EVP_AES_128_XTS, EVP_AES_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_128_XTS"); - ctx->cipherType = AES_128_XTS_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_XTS_MODE; - ctx->keyLen = 32; - ctx->block_size = 1; - ctx->ivSz = AES_BLOCK_SIZE; - - if (iv != NULL) { - if (iv != ctx->iv) /* Valgrind error when src == dst */ - XMEMCPY(ctx->iv, iv, ctx->ivSz); - } - else - XMEMSET(ctx->iv, 0, AES_BLOCK_SIZE); - - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = wc_AesXtsSetKey(&ctx->cipher.xts, key, ctx->keyLen, - ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION, NULL, 0); - if (ret != 0) { - WOLFSSL_MSG("wc_AesXtsSetKey() failed"); - return ret; - } - } - } - #endif /* WOLFSSL_AES_128 */ - #ifdef WOLFSSL_AES_256 - if (ctx->cipherType == AES_256_XTS_TYPE || - (type && XSTRNCMP(type, EVP_AES_256_XTS, EVP_AES_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_256_XTS"); - ctx->cipherType = AES_256_XTS_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_XTS_MODE; - ctx->keyLen = 64; - ctx->block_size = 1; - ctx->ivSz = AES_BLOCK_SIZE; - - if (iv != NULL) { - if (iv != ctx->iv) /* Valgrind error when src == dst */ - XMEMCPY(ctx->iv, iv, ctx->ivSz); - } - else - XMEMSET(ctx->iv, 0, AES_BLOCK_SIZE); - - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = wc_AesXtsSetKey(&ctx->cipher.xts, key, ctx->keyLen, - ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION, NULL, 0); - if (ret != 0) { - WOLFSSL_MSG("wc_AesXtsSetKey() failed"); - return ret; - } - } - } - #endif /* WOLFSSL_AES_256 */ - #endif /* HAVE_AES_XTS */ -#endif /* NO_AES */ - -#ifndef NO_DES3 - if (ctx->cipherType == DES_CBC_TYPE || - (type && XSTRNCMP(type, EVP_DES_CBC, EVP_DES_SIZE) == 0)) { - WOLFSSL_MSG("EVP_DES_CBC"); - ctx->cipherType = DES_CBC_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_CBC_MODE; - ctx->keyLen = 8; - ctx->block_size = DES_BLOCK_SIZE; - ctx->ivSz = DES_BLOCK_SIZE; - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = wc_Des_SetKey(&ctx->cipher.des, key, iv, - ctx->enc ? DES_ENCRYPTION : DES_DECRYPTION); - if (ret != 0) - return ret; - } - - if (iv && key == NULL) - wc_Des_SetIV(&ctx->cipher.des, iv); - } -#ifdef WOLFSSL_DES_ECB - else if (ctx->cipherType == DES_ECB_TYPE || - (type && XSTRNCMP(type, EVP_DES_ECB, EVP_DES_SIZE) == 0)) { - WOLFSSL_MSG("EVP_DES_ECB"); - ctx->cipherType = DES_ECB_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_ECB_MODE; - ctx->keyLen = 8; - ctx->block_size = DES_BLOCK_SIZE; - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - WOLFSSL_MSG("Des_SetKey"); - ret = wc_Des_SetKey(&ctx->cipher.des, key, NULL, - ctx->enc ? DES_ENCRYPTION : DES_DECRYPTION); - if (ret != 0) - return ret; - } - } -#endif - else if (ctx->cipherType == DES_EDE3_CBC_TYPE || - (type && - XSTRNCMP(type, EVP_DES_EDE3_CBC, EVP_DES_EDE3_SIZE) == 0)) { - WOLFSSL_MSG("EVP_DES_EDE3_CBC"); - ctx->cipherType = DES_EDE3_CBC_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_CBC_MODE; - ctx->keyLen = 24; - ctx->block_size = DES_BLOCK_SIZE; - ctx->ivSz = DES_BLOCK_SIZE; - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = wc_Des3_SetKey(&ctx->cipher.des3, key, iv, - ctx->enc ? DES_ENCRYPTION : DES_DECRYPTION); - if (ret != 0) - return ret; - } - - if (iv && key == NULL) { - ret = wc_Des3_SetIV(&ctx->cipher.des3, iv); - if (ret != 0) - return ret; - } - } - else if (ctx->cipherType == DES_EDE3_ECB_TYPE || - (type && - XSTRNCMP(type, EVP_DES_EDE3_ECB, EVP_DES_EDE3_SIZE) == 0)) { - WOLFSSL_MSG("EVP_DES_EDE3_ECB"); - ctx->cipherType = DES_EDE3_ECB_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_ECB_MODE; - ctx->keyLen = 24; - ctx->block_size = DES_BLOCK_SIZE; - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = wc_Des3_SetKey(&ctx->cipher.des3, key, NULL, - ctx->enc ? DES_ENCRYPTION : DES_DECRYPTION); - if (ret != 0) - return ret; - } - } -#endif /* NO_DES3 */ -#ifndef NO_RC4 - if (ctx->cipherType == ARC4_TYPE || (type && - XSTRNCMP(type, "ARC4", 4) == 0)) { - WOLFSSL_MSG("ARC4"); - ctx->cipherType = ARC4_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_STREAM_CIPHER; - ctx->block_size = 1; - if (ctx->keyLen == 0) /* user may have already set */ - ctx->keyLen = 16; /* default to 128 */ - if (key) - wc_Arc4SetKey(&ctx->cipher.arc4, key, ctx->keyLen); - } -#endif /* NO_RC4 */ -#ifdef HAVE_IDEA - if (ctx->cipherType == IDEA_CBC_TYPE || - (type && XSTRNCMP(type, EVP_IDEA_CBC, EVP_IDEA_SIZE) == 0)) { - WOLFSSL_MSG("EVP_IDEA_CBC"); - ctx->cipherType = IDEA_CBC_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_CBC_MODE; - ctx->keyLen = IDEA_KEY_SIZE; - ctx->block_size = 8; - ctx->ivSz = IDEA_BLOCK_SIZE; - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = wc_IdeaSetKey(&ctx->cipher.idea, key, (word16)ctx->keyLen, - iv, ctx->enc ? IDEA_ENCRYPTION : - IDEA_DECRYPTION); - if (ret != 0) - return ret; - } - - if (iv && key == NULL) - wc_IdeaSetIV(&ctx->cipher.idea, iv); - } -#endif /* HAVE_IDEA */ - if (ctx->cipherType == NULL_CIPHER_TYPE || (type && - XSTRNCMP(type, "NULL", 4) == 0)) { - WOLFSSL_MSG("NULL cipher"); - ctx->cipherType = NULL_CIPHER_TYPE; - ctx->keyLen = 0; - ctx->block_size = 16; - } -#ifdef HAVE_WOLFSSL_EVP_CIPHER_CTX_IV - if (iv && iv != ctx->iv) { - if (wolfSSL_StoreExternalIV(ctx) != WOLFSSL_SUCCESS) { - return WOLFSSL_FAILURE; - } - } -#endif - (void)ret; /* remove warning. If execution reaches this point, ret=0 */ - return WOLFSSL_SUCCESS; - } - - - /* WOLFSSL_SUCCESS on ok */ - int wolfSSL_EVP_CIPHER_CTX_key_length(WOLFSSL_EVP_CIPHER_CTX* ctx) - { - WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_key_length"); - if (ctx) - return ctx->keyLen; - - return 0; /* failure */ - } - - - /* WOLFSSL_SUCCESS on ok */ - int wolfSSL_EVP_CIPHER_CTX_set_key_length(WOLFSSL_EVP_CIPHER_CTX* ctx, - int keylen) - { - WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_set_key_length"); - if (ctx) - ctx->keyLen = keylen; - else - return 0; /* failure */ - - return WOLFSSL_SUCCESS; - } -#if defined(HAVE_AESGCM) - /* returns WOLFSSL_SUCCESS on success, otherwise returns WOLFSSL_FAILURE */ - int wolfSSL_EVP_CIPHER_CTX_set_iv_length(WOLFSSL_EVP_CIPHER_CTX* ctx, - int ivLen) - { - WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_set_iv_length"); - if (ctx) - ctx->ivSz= ivLen; - else - return WOLFSSL_FAILURE; - - return WOLFSSL_SUCCESS; - } - - /* returns WOLFSSL_SUCCESS on success, otherwise returns WOLFSSL_FAILURE */ - int wolfSSL_EVP_CIPHER_CTX_set_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* iv, - int ivLen) - { - int expectedIvLen; - - WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_set_iv_length"); - if (!ctx || !iv || !ivLen) { - return WOLFSSL_FAILURE; - } - - expectedIvLen = wolfSSL_EVP_CIPHER_CTX_iv_length(ctx); - - if (expectedIvLen == 0 || expectedIvLen != ivLen) { - WOLFSSL_MSG("Wrong ivLen value"); - return WOLFSSL_FAILURE; - } - - return wolfSSL_EVP_CipherInit(ctx, NULL, NULL, iv, -1); - } -#endif - - /* WOLFSSL_SUCCESS on ok */ - int wolfSSL_EVP_Cipher(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* dst, byte* src, - word32 len) - { - int ret = 0; - WOLFSSL_ENTER("wolfSSL_EVP_Cipher"); - - if (ctx == NULL || src == NULL || - (dst == NULL && - ctx->cipherType != AES_128_GCM_TYPE && - ctx->cipherType != AES_192_GCM_TYPE && - ctx->cipherType != AES_256_GCM_TYPE)) { - WOLFSSL_MSG("Bad function argument"); - return 0; /* failure */ - } - - if (ctx->cipherType == 0xff) { - WOLFSSL_MSG("no init"); - return 0; /* failure */ - } - - switch (ctx->cipherType) { - -#ifndef NO_AES -#ifdef HAVE_AES_CBC - case AES_128_CBC_TYPE : - case AES_192_CBC_TYPE : - case AES_256_CBC_TYPE : - WOLFSSL_MSG("AES CBC"); - if (ctx->enc) - ret = wc_AesCbcEncrypt(&ctx->cipher.aes, dst, src, len); - else - ret = wc_AesCbcDecrypt(&ctx->cipher.aes, dst, src, len); - break; -#endif /* HAVE_AES_CBC */ - -#ifdef WOLFSSL_AES_CFB -#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) - case AES_128_CFB1_TYPE: - case AES_192_CFB1_TYPE: - case AES_256_CFB1_TYPE: - WOLFSSL_MSG("AES CFB1"); - if (ctx->enc) - ret = wc_AesCfb1Encrypt(&ctx->cipher.aes, dst, src, len); - else - ret = wc_AesCfb1Decrypt(&ctx->cipher.aes, dst, src, len); - break; - case AES_128_CFB8_TYPE: - case AES_192_CFB8_TYPE: - case AES_256_CFB8_TYPE: - WOLFSSL_MSG("AES CFB8"); - if (ctx->enc) - ret = wc_AesCfb8Encrypt(&ctx->cipher.aes, dst, src, len); - else - ret = wc_AesCfb8Decrypt(&ctx->cipher.aes, dst, src, len); - break; -#endif /* !HAVE_SELFTEST && !HAVE_FIPS */ - case AES_128_CFB128_TYPE: - case AES_192_CFB128_TYPE: - case AES_256_CFB128_TYPE: - WOLFSSL_MSG("AES CFB128"); - if (ctx->enc) - ret = wc_AesCfbEncrypt(&ctx->cipher.aes, dst, src, len); - else - ret = wc_AesCfbDecrypt(&ctx->cipher.aes, dst, src, len); - break; -#endif /* WOLFSSL_AES_CFB */ -#if defined(WOLFSSL_AES_OFB) - case AES_128_OFB_TYPE: - case AES_192_OFB_TYPE: - case AES_256_OFB_TYPE: - WOLFSSL_MSG("AES OFB"); - if (ctx->enc) - ret = wc_AesOfbEncrypt(&ctx->cipher.aes, dst, src, len); - else - ret = wc_AesOfbDecrypt(&ctx->cipher.aes, dst, src, len); - break; -#endif /* WOLFSSL_AES_OFB */ -#if defined(WOLFSSL_AES_XTS) - case AES_128_XTS_TYPE: - case AES_256_XTS_TYPE: - WOLFSSL_MSG("AES XTS"); - if (ctx->enc) - ret = wc_AesXtsEncrypt(&ctx->cipher.xts, dst, src, len, - ctx->iv, ctx->ivSz); - else - ret = wc_AesXtsDecrypt(&ctx->cipher.xts, dst, src, len, - ctx->iv, ctx->ivSz); - break; -#endif /* WOLFSSL_AES_XTS */ - -#ifdef HAVE_AESGCM - case AES_128_GCM_TYPE : - case AES_192_GCM_TYPE : - case AES_256_GCM_TYPE : - WOLFSSL_MSG("AES GCM"); - if (ctx->enc) { - if (dst){ - /* encrypt confidential data*/ - ret = wc_AesGcmEncrypt(&ctx->cipher.aes, dst, src, len, - ctx->iv, ctx->ivSz, ctx->authTag, ctx->authTagSz, - NULL, 0); - } - else { - /* authenticated, non-confidential data */ - ret = wc_AesGcmEncrypt(&ctx->cipher.aes, NULL, NULL, 0, - ctx->iv, ctx->ivSz, ctx->authTag, ctx->authTagSz, - src, len); - /* Reset partial authTag error for AAD*/ - if (ret == AES_GCM_AUTH_E) - ret = 0; - } - } - else { - if (dst){ - /* decrypt confidential data*/ - ret = wc_AesGcmDecrypt(&ctx->cipher.aes, dst, src, len, - ctx->iv, ctx->ivSz, ctx->authTag, ctx->authTagSz, - NULL, 0); - } - else { - /* authenticated, non-confidential data*/ - ret = wc_AesGcmDecrypt(&ctx->cipher.aes, NULL, NULL, 0, - ctx->iv, ctx->ivSz, - ctx->authTag, ctx->authTagSz, - src, len); - /* Reset partial authTag error for AAD*/ - if (ret == AES_GCM_AUTH_E) - ret = 0; - } - } - break; -#endif /* HAVE_AESGCM */ -#ifdef HAVE_AES_ECB - case AES_128_ECB_TYPE : - case AES_192_ECB_TYPE : - case AES_256_ECB_TYPE : - WOLFSSL_MSG("AES ECB"); - if (ctx->enc) - ret = wc_AesEcbEncrypt(&ctx->cipher.aes, dst, src, len); - else - ret = wc_AesEcbDecrypt(&ctx->cipher.aes, dst, src, len); - break; -#endif -#ifdef WOLFSSL_AES_COUNTER - case AES_128_CTR_TYPE : - case AES_192_CTR_TYPE : - case AES_256_CTR_TYPE : - WOLFSSL_MSG("AES CTR"); - ret = wc_AesCtrEncrypt(&ctx->cipher.aes, dst, src, len); - break; -#endif /* WOLFSSL_AES_COUNTER */ -#endif /* NO_AES */ - -#ifndef NO_DES3 - case DES_CBC_TYPE : - WOLFSSL_MSG("DES CBC"); - if (ctx->enc) - wc_Des_CbcEncrypt(&ctx->cipher.des, dst, src, len); - else - wc_Des_CbcDecrypt(&ctx->cipher.des, dst, src, len); - break; - case DES_EDE3_CBC_TYPE : - WOLFSSL_MSG("DES3 CBC"); - if (ctx->enc) - ret = wc_Des3_CbcEncrypt(&ctx->cipher.des3, dst, src, len); - else - ret = wc_Des3_CbcDecrypt(&ctx->cipher.des3, dst, src, len); - break; -#ifdef WOLFSSL_DES_ECB - case DES_ECB_TYPE : - WOLFSSL_MSG("DES ECB"); - ret = wc_Des_EcbEncrypt(&ctx->cipher.des, dst, src, len); - break; - case DES_EDE3_ECB_TYPE : - WOLFSSL_MSG("DES3 ECB"); - ret = wc_Des3_EcbEncrypt(&ctx->cipher.des3, dst, src, len); - break; -#endif -#endif /* !NO_DES3 */ - -#ifndef NO_RC4 - case ARC4_TYPE : - WOLFSSL_MSG("ARC4"); - wc_Arc4Process(&ctx->cipher.arc4, dst, src, len); - break; -#endif - -#ifdef HAVE_IDEA - case IDEA_CBC_TYPE : - WOLFSSL_MSG("IDEA CBC"); - if (ctx->enc) - wc_IdeaCbcEncrypt(&ctx->cipher.idea, dst, src, len); - else - wc_IdeaCbcDecrypt(&ctx->cipher.idea, dst, src, len); - break; -#endif - case NULL_CIPHER_TYPE : - WOLFSSL_MSG("NULL CIPHER"); - XMEMCPY(dst, src, len); - break; - - default: { - WOLFSSL_MSG("bad type"); - return 0; /* failure */ - } - } - - if (ret != 0) { - WOLFSSL_MSG("wolfSSL_EVP_Cipher failure"); - return 0; /* failure */ - } - - if (wolfSSL_StoreExternalIV(ctx) != WOLFSSL_SUCCESS) { - return WOLFSSL_FAILURE; - } - - WOLFSSL_MSG("wolfSSL_EVP_Cipher success"); - return WOLFSSL_SUCCESS; /* success */ - } - -#define WOLFSSL_EVP_INCLUDED -#include "wolfcrypt/src/evp.c" - - /* store for external read of iv, WOLFSSL_SUCCESS on success */ int wolfSSL_StoreExternalIV(WOLFSSL_EVP_CIPHER_CTX* ctx) { @@ -18997,271 +16130,6 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) return WOLFSSL_SUCCESS; } - - /* WOLFSSL_SUCCESS on ok */ - int wolfSSL_EVP_DigestInit(WOLFSSL_EVP_MD_CTX* ctx, - const WOLFSSL_EVP_MD* type) - { - int ret = WOLFSSL_SUCCESS; - - WOLFSSL_ENTER("EVP_DigestInit"); - - if (ctx == NULL || type == NULL) { - return BAD_FUNC_ARG; - } - - - #ifdef WOLFSSL_ASYNC_CRYPT - /* compile-time validation of ASYNC_CTX_SIZE */ - typedef char async_test[WC_ASYNC_DEV_SIZE >= sizeof(WC_ASYNC_DEV) ? - 1 : -1]; - (void)sizeof(async_test); - #endif - - if (XSTRNCMP(type, "SHA256", 6) == 0) { - ctx->macType = WC_HASH_TYPE_SHA256; - ret = wolfSSL_SHA256_Init(&(ctx->hash.digest.sha256)); - } - #ifdef WOLFSSL_SHA224 - else if (XSTRNCMP(type, "SHA224", 6) == 0) { - ctx->macType = WC_HASH_TYPE_SHA224; - ret = wolfSSL_SHA224_Init(&(ctx->hash.digest.sha224)); - } - #endif - #ifdef WOLFSSL_SHA384 - else if (XSTRNCMP(type, "SHA384", 6) == 0) { - ctx->macType = WC_HASH_TYPE_SHA384; - ret = wolfSSL_SHA384_Init(&(ctx->hash.digest.sha384)); - } - #endif - #ifdef WOLFSSL_SHA512 - else if (XSTRNCMP(type, "SHA512", 6) == 0) { - ctx->macType = WC_HASH_TYPE_SHA512; - ret = wolfSSL_SHA512_Init(&(ctx->hash.digest.sha512)); - } - #endif - #ifndef NO_MD4 - else if (XSTRNCMP(type, "MD4", 3) == 0) { - ctx->macType = WC_HASH_TYPE_MD4; - wolfSSL_MD4_Init(&(ctx->hash.digest.md4)); - } - #endif - #ifndef NO_MD5 - else if (XSTRNCMP(type, "MD5", 3) == 0) { - ctx->macType = WC_HASH_TYPE_MD5; - ret = wolfSSL_MD5_Init(&(ctx->hash.digest.md5)); - } - #endif -#ifdef WOLFSSL_SHA3 - #ifndef WOLFSSL_NOSHA3_224 - else if (XSTRNCMP(type, "SHA3_224", 8) == 0) { - ctx->macType = WC_HASH_TYPE_SHA3_224; - ret = wolfSSL_SHA3_224_Init(&(ctx->hash.digest.sha3_224)); - } - #endif - #ifndef WOLFSSL_NOSHA3_256 - else if (XSTRNCMP(type, "SHA3_256", 8) == 0) { - ctx->macType = WC_HASH_TYPE_SHA3_256; - ret = wolfSSL_SHA3_256_Init(&(ctx->hash.digest.sha3_256)); - } - #endif - else if (XSTRNCMP(type, "SHA3_384", 8) == 0) { - ctx->macType = WC_HASH_TYPE_SHA3_384; - ret = wolfSSL_SHA3_384_Init(&(ctx->hash.digest.sha3_384)); - } - #ifndef WOLFSSL_NOSHA3_512 - else if (XSTRNCMP(type, "SHA3_512", 8) == 0) { - ctx->macType = WC_HASH_TYPE_SHA3_512; - ret = wolfSSL_SHA3_512_Init(&(ctx->hash.digest.sha3_512)); - } - #endif -#endif - #ifndef NO_SHA - /* has to be last since would pick or 224, 256, 384, or 512 too */ - else if (XSTRNCMP(type, "SHA", 3) == 0) { - ctx->macType = WC_HASH_TYPE_SHA; - ret = wolfSSL_SHA_Init(&(ctx->hash.digest.sha)); - } - #endif /* NO_SHA */ - else { - ctx->macType = WC_HASH_TYPE_NONE; - return BAD_FUNC_ARG; - } - - return ret; - } - - - /* WOLFSSL_SUCCESS on ok, WOLFSSL_FAILURE on failure */ - int wolfSSL_EVP_DigestUpdate(WOLFSSL_EVP_MD_CTX* ctx, const void* data, - size_t sz) - { - WOLFSSL_ENTER("EVP_DigestUpdate"); - - switch (ctx->macType) { -#ifndef NO_MD4 - case WC_HASH_TYPE_MD4: - wolfSSL_MD4_Update((MD4_CTX*)&ctx->hash, data, - (unsigned long)sz); - break; -#endif -#ifndef NO_MD5 - case WC_HASH_TYPE_MD5: - wolfSSL_MD5_Update((MD5_CTX*)&ctx->hash, data, - (unsigned long)sz); - break; -#endif -#ifndef NO_SHA - case WC_HASH_TYPE_SHA: - wolfSSL_SHA_Update((SHA_CTX*)&ctx->hash, data, - (unsigned long)sz); - break; -#endif -#ifdef WOLFSSL_SHA224 - case WC_HASH_TYPE_SHA224: - wolfSSL_SHA224_Update((SHA224_CTX*)&ctx->hash, data, - (unsigned long)sz); - break; -#endif -#ifndef NO_SHA256 - case WC_HASH_TYPE_SHA256: - wolfSSL_SHA256_Update((SHA256_CTX*)&ctx->hash, data, - (unsigned long)sz); - break; -#endif /* !NO_SHA256 */ -#ifdef WOLFSSL_SHA384 - case WC_HASH_TYPE_SHA384: - wolfSSL_SHA384_Update((SHA384_CTX*)&ctx->hash, data, - (unsigned long)sz); - break; -#endif -#ifdef WOLFSSL_SHA512 - case WC_HASH_TYPE_SHA512: - wolfSSL_SHA512_Update((SHA512_CTX*)&ctx->hash, data, - (unsigned long)sz); - break; -#endif /* WOLFSSL_SHA512 */ - #ifdef WOLFSSL_SHA3 - #ifndef WOLFSSL_NOSHA3_224 - case WC_HASH_TYPE_SHA3_224: - wolfSSL_SHA3_224_Update((SHA3_224_CTX*)&ctx->hash, data, - (unsigned long)sz); - break; - #endif - #ifndef WOLFSSL_NOSHA3_256 - case WC_HASH_TYPE_SHA3_256: - wolfSSL_SHA3_256_Update((SHA3_256_CTX*)&ctx->hash, data, - (unsigned long)sz); - break; - #endif - case WC_HASH_TYPE_SHA3_384: - wolfSSL_SHA3_384_Update((SHA3_384_CTX*)&ctx->hash, data, - (unsigned long)sz); - break; - #ifndef WOLFSSL_NOSHA3_512 - case WC_HASH_TYPE_SHA3_512: - wolfSSL_SHA3_512_Update((SHA3_512_CTX*)&ctx->hash, data, - (unsigned long)sz); - break; - #endif - #endif - default: - return WOLFSSL_FAILURE; - } - - return WOLFSSL_SUCCESS; - } - - - /* WOLFSSL_SUCCESS on ok */ - int wolfSSL_EVP_DigestFinal(WOLFSSL_EVP_MD_CTX* ctx, unsigned char* md, - unsigned int* s) - { - WOLFSSL_ENTER("EVP_DigestFinal"); - switch (ctx->macType) { -#ifndef NO_MD4 - case WC_HASH_TYPE_MD4: - wolfSSL_MD4_Final(md, (MD4_CTX*)&ctx->hash); - if (s) *s = MD4_DIGEST_SIZE; - break; -#endif -#ifndef NO_MD5 - case WC_HASH_TYPE_MD5: - wolfSSL_MD5_Final(md, (MD5_CTX*)&ctx->hash); - if (s) *s = WC_MD5_DIGEST_SIZE; - break; -#endif -#ifndef NO_SHA - case WC_HASH_TYPE_SHA: - wolfSSL_SHA_Final(md, (SHA_CTX*)&ctx->hash); - if (s) *s = WC_SHA_DIGEST_SIZE; - break; -#endif -#ifdef WOLFSSL_SHA224 - case WC_HASH_TYPE_SHA224: - wolfSSL_SHA224_Final(md, (SHA224_CTX*)&ctx->hash); - if (s) *s = WC_SHA224_DIGEST_SIZE; - break; -#endif -#ifndef NO_SHA256 - case WC_HASH_TYPE_SHA256: - wolfSSL_SHA256_Final(md, (SHA256_CTX*)&ctx->hash); - if (s) *s = WC_SHA256_DIGEST_SIZE; - break; -#endif /* !NO_SHA256 */ -#ifdef WOLFSSL_SHA384 - case WC_HASH_TYPE_SHA384: - wolfSSL_SHA384_Final(md, (SHA384_CTX*)&ctx->hash); - if (s) *s = WC_SHA384_DIGEST_SIZE; - break; -#endif -#ifdef WOLFSSL_SHA512 - case WC_HASH_TYPE_SHA512: - wolfSSL_SHA512_Final(md, (SHA512_CTX*)&ctx->hash); - if (s) *s = WC_SHA512_DIGEST_SIZE; - break; -#endif /* WOLFSSL_SHA512 */ - #ifdef WOLFSSL_SHA3 - #ifndef WOLFSSL_NOSHA3_224 - case WC_HASH_TYPE_SHA3_224: - wolfSSL_SHA3_224_Final(md, (SHA3_224_CTX*)&ctx->hash); - if (s) *s = WC_SHA3_224_DIGEST_SIZE; - break; - #endif - #ifndef WOLFSSL_NOSHA3_256 - case WC_HASH_TYPE_SHA3_256: - wolfSSL_SHA3_256_Final(md, (SHA3_256_CTX*)&ctx->hash); - if (s) *s = WC_SHA3_256_DIGEST_SIZE; - break; - #endif - case WC_HASH_TYPE_SHA3_384: - wolfSSL_SHA3_384_Final(md, (SHA3_384_CTX*)&ctx->hash); - if (s) *s = WC_SHA3_384_DIGEST_SIZE; - break; - #ifndef WOLFSSL_NOSHA3_512 - case WC_HASH_TYPE_SHA3_512: - wolfSSL_SHA3_512_Final(md, (SHA3_512_CTX*)&ctx->hash); - if (s) *s = WC_SHA3_512_DIGEST_SIZE; - break; - #endif - #endif - default: - return WOLFSSL_FAILURE; - } - - return WOLFSSL_SUCCESS; - } - - - /* WOLFSSL_SUCCESS on ok */ - int wolfSSL_EVP_DigestFinal_ex(WOLFSSL_EVP_MD_CTX* ctx, unsigned char* md, - unsigned int* s) - { - WOLFSSL_ENTER("EVP_DigestFinal_ex"); - return EVP_DigestFinal(ctx, md, s); - } - - unsigned char* wolfSSL_HMAC(const WOLFSSL_EVP_MD* evp_md, const void* key, int key_len, const unsigned char* d, int n, unsigned char* md, unsigned int* md_len) @@ -19631,19 +16499,11 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) #endif /* NO_DES3 */ - void wolfSSL_ERR_free_strings(void) { /* handled internally */ } - - void wolfSSL_EVP_cleanup(void) - { - /* nothing to do here */ - } - - void wolfSSL_cleanup_all_ex_data(void) { /* nothing to do here */ @@ -22796,9 +19656,6 @@ int wolfSSL_X509_get_signature_type(WOLFSSL_X509* x509) } #if defined(OPENSSL_EXTRA_X509_SMALL) -#ifdef HAVE_ECC - static int SetECKeyExternal(WOLFSSL_EC_KEY* eckey); -#endif /* Used to get a string from the WOLFSSL_X509_NAME structure that * corresponds with the NID value passed in. @@ -22891,7 +19748,9 @@ int wolfSSL_X509_NAME_get_text_by_NID(WOLFSSL_X509_NAME* name, return (textSz - 1); /* do not include null character in size */ } - +#ifdef HAVE_ECC + static int SetECKeyExternal(WOLFSSL_EC_KEY* eckey); +#endif /* Creates a new WOLFSSL_EVP_PKEY structure that has the public key from x509 * * returns a pointer to the created WOLFSSL_EVP_PKEY on success and NULL on fail @@ -22901,7 +19760,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509) WOLFSSL_EVP_PKEY* key = NULL; WOLFSSL_ENTER("X509_get_pubkey"); if (x509 != NULL) { - key = wolfSSL_PKEY_new_ex(x509->heap); + key = wolfSSL_EVP_PKEY_new_ex(x509->heap); if (key != NULL) { if (x509->pubKeyOID == RSAk) { key->type = EVP_PKEY_RSA; @@ -25137,25 +21996,21 @@ static int wolfSSL_EVP_PKEY_get_der(WOLFSSL_EVP_PKEY* key, unsigned char** der) */ int wolfSSL_i2d_PrivateKey(WOLFSSL_EVP_PKEY* key, unsigned char** der) { - unsigned char* pt; - int sz; - if (key == NULL) { return WOLFSSL_FATAL_ERROR; } - sz = wolfSSL_EVP_PKEY_get_der(key, &pt); - if (sz <= 0) { + if (key->pkey_sz <= 0 || !key->pkey.ptr) { return WOLFSSL_FATAL_ERROR; } if (der != NULL) { /* since this function signature has no size value passed in it is * assumed that the user has allocated a large enough buffer */ - XMEMCPY(*der, pt, sz); - *der += sz; + XMEMCPY(*der, key->pkey.ptr, key->pkey_sz); + *der += key->pkey_sz; } - return sz; + return key->pkey_sz; } /* Creates a new WC_PKCS12 structure @@ -25428,7 +22283,7 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, /* get key type */ ret = BAD_STATE_E; if (pk != NULL) { /* decode key if present */ - *pkey = wolfSSL_PKEY_new_ex(heap); + *pkey = wolfSSL_EVP_PKEY_new_ex(heap); if (*pkey == NULL) { wolfSSL_X509_free(*cert); *cert = NULL; if (ca != NULL) { @@ -26265,122 +23120,6 @@ int wolfSSL_X509_CRL_verify(WOLFSSL_X509_CRL* crl, WOLFSSL_EVP_PKEY* key) #endif #endif /* OPENSSL_EXTRA */ -#if defined(OPENSSL_EXTRA_X509_SMALL) -/* Subset of OPENSSL_EXTRA for PKEY operations PKEY free is needed by the - * subset of X509 API */ - -WOLFSSL_EVP_PKEY* wolfSSL_PKEY_new(void){ - return wolfSSL_PKEY_new_ex(NULL); -} - - -WOLFSSL_EVP_PKEY* wolfSSL_PKEY_new_ex(void* heap) -{ - WOLFSSL_EVP_PKEY* pkey; - int ret; - WOLFSSL_ENTER("wolfSSL_PKEY_new"); - pkey = (WOLFSSL_EVP_PKEY*)XMALLOC(sizeof(WOLFSSL_EVP_PKEY), heap, - DYNAMIC_TYPE_PUBLIC_KEY); - if (pkey != NULL) { - XMEMSET(pkey, 0, sizeof(WOLFSSL_EVP_PKEY)); - pkey->heap = heap; - pkey->type = WOLFSSL_EVP_PKEY_DEFAULT; -#ifndef HAVE_FIPS - ret = wc_InitRng_ex(&pkey->rng, heap, INVALID_DEVID); -#else - ret = wc_InitRng(&pkey->rng); -#endif - if (ret != 0){ - wolfSSL_EVP_PKEY_free(pkey); - WOLFSSL_MSG("memory failure"); - return NULL; - } - pkey->references = 1; - wc_InitMutex(&pkey->refMutex); - } - else { - WOLFSSL_MSG("memory failure"); - } - - return pkey; -} - - -void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY* key) -{ - int doFree = 0; - WOLFSSL_ENTER("wolfSSL_EVP_PKEY_free"); - if (key != NULL) { - if (wc_LockMutex(&key->refMutex) != 0) { - WOLFSSL_MSG("Couldn't lock pkey mutex"); - } - - /* only free if all references to it are done */ - key->references--; - if (key->references == 0) { - doFree = 1; - } - wc_UnLockMutex(&key->refMutex); - - if (doFree) { - wc_FreeRng(&key->rng); - - if (key->pkey.ptr != NULL) { - XFREE(key->pkey.ptr, key->heap, DYNAMIC_TYPE_PUBLIC_KEY); - key->pkey.ptr = NULL; - } - switch(key->type) - { - #ifndef NO_RSA - case EVP_PKEY_RSA: - if (key->rsa != NULL && key->ownRsa == 1) { - wolfSSL_RSA_free(key->rsa); - key->rsa = NULL; - } - break; - #endif /* NO_RSA */ - - #ifdef HAVE_ECC - case EVP_PKEY_EC: - if (key->ecc != NULL && key->ownEcc == 1) { - wolfSSL_EC_KEY_free(key->ecc); - key->ecc = NULL; - } - break; - #endif /* HAVE_ECC */ - - #ifndef NO_DSA - case EVP_PKEY_DSA: - if (key->dsa != NULL && key->ownDsa == 1) { - wolfSSL_DSA_free(key->dsa); - key->dsa = NULL; - } - break; - #endif /* NO_DSA */ - - #if !defined(NO_DH) && (defined(WOLFSSL_QT) || defined(OPENSSL_ALL)) - case EVP_PKEY_DH: - if (key->dh != NULL && key->ownDh == 1) { - wolfSSL_DH_free(key->dh); - key->dh = NULL; - } - break; - #endif /* ! NO_DH ... */ - - default: - break; - } - - if (wc_FreeMutex(&key->refMutex) != 0) { - WOLFSSL_MSG("Couldn't free pkey mutex"); - } - XFREE(key, key->heap, DYNAMIC_TYPE_PUBLIC_KEY); - } - } -} -#endif /* OPENSSL_EXTRA_X509_SMALL */ - - #ifdef OPENSSL_EXTRA /* Gets pointer to X509_STORE that was used to create context. @@ -31043,7 +27782,7 @@ void wolfSSL_DH_free(WOLFSSL_DH* dh) } -static int SetDhInternal(WOLFSSL_DH* dh) +int SetDhInternal(WOLFSSL_DH* dh) { int ret = WOLFSSL_FATAL_ERROR; int pSz = 1024; @@ -31882,7 +28621,7 @@ void wolfSSL_DSA_free(WOLFSSL_DSA* dsa) #ifndef NO_DSA /* wolfSSL -> OpenSSL */ -static int SetDsaExternal(WOLFSSL_DSA* dsa) +int SetDsaExternal(WOLFSSL_DSA* dsa) { DsaKey* key; WOLFSSL_MSG("Entering SetDsaExternal"); @@ -31925,7 +28664,7 @@ static int SetDsaExternal(WOLFSSL_DSA* dsa) } /* Openssl -> WolfSSL */ -static int SetDsaInternal(WOLFSSL_DSA* dsa) +int SetDsaInternal(WOLFSSL_DSA* dsa) { DsaKey* key; WOLFSSL_MSG("Entering SetDsaInternal"); @@ -33222,607 +29961,6 @@ size_t wolfSSL_HMAC_size(const WOLFSSL_HMAC_CTX *ctx) return (size_t)wc_HashGetDigestSize((enum wc_HashType)ctx->hmac.macType); } -const WOLFSSL_EVP_MD* wolfSSL_EVP_get_digestbynid(int id) -{ - WOLFSSL_MSG("wolfSSL_get_digestbynid"); - - switch(id) { -#ifndef NO_MD5 - case NID_md5: - return wolfSSL_EVP_md5(); -#endif -#ifndef NO_SHA - case NID_sha1: - return wolfSSL_EVP_sha1(); -#endif - default: - WOLFSSL_MSG("Bad digest id value"); - } - - return NULL; -} - - -#ifndef NO_RSA -WOLFSSL_RSA* wolfSSL_EVP_PKEY_get0_RSA(WOLFSSL_EVP_PKEY *pkey) -{ - if (!pkey) { - return NULL; - } - return pkey->rsa; -} - -WOLFSSL_RSA* wolfSSL_EVP_PKEY_get1_RSA(WOLFSSL_EVP_PKEY* key) -{ - WOLFSSL_RSA* local; - - WOLFSSL_MSG("wolfSSL_EVP_PKEY_get1_RSA"); - - if (key == NULL) { - return NULL; - } - - local = wolfSSL_RSA_new(); - if (local == NULL) { - WOLFSSL_MSG("Error creating a new WOLFSSL_RSA structure"); - return NULL; - } - - if (key->type == EVP_PKEY_RSA) { - if (wolfSSL_RSA_LoadDer(local, (const unsigned char*)key->pkey.ptr, - key->pkey_sz) != SSL_SUCCESS) { - /* now try public key */ - if (wolfSSL_RSA_LoadDer_ex(local, - (const unsigned char*)key->pkey.ptr, key->pkey_sz, - WOLFSSL_RSA_LOAD_PUBLIC) != SSL_SUCCESS) { - wolfSSL_RSA_free(local); - local = NULL; - } - } - } - else { - WOLFSSL_MSG("WOLFSSL_EVP_PKEY does not hold an RSA key"); - wolfSSL_RSA_free(local); - local = NULL; - } - return local; -} - - -/* with set1 functions the pkey struct does not own the RSA structure - * - * returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure - */ -int wolfSSL_EVP_PKEY_set1_RSA(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_RSA *key) -{ -#if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA) - int derMax = 0; - int derSz = 0; - byte* derBuf = NULL; - RsaKey* rsa = NULL; -#endif - WOLFSSL_ENTER("wolfSSL_EVP_PKEY_set1_RSA"); - if ((pkey == NULL) || (key == NULL)) - return WOLFSSL_FAILURE; - - if (pkey->rsa != NULL && pkey->ownRsa == 1) { - wolfSSL_RSA_free(pkey->rsa); - } - pkey->rsa = key; - pkey->ownRsa = 0; /* pkey does not own RSA */ - pkey->type = EVP_PKEY_RSA; - if (key->inSet == 0) { - if (SetRsaInternal(key) != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("SetRsaInternal failed"); - return WOLFSSL_FAILURE; - } - } - -#if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA) - rsa = (RsaKey*)key->internal; - /* 5 > size of n, d, p, q, d%(p-1), d(q-1), 1/q%p, e + ASN.1 additional - * information */ - derMax = 5 * wolfSSL_RSA_size(key) + (2 * AES_BLOCK_SIZE); - - derBuf = (byte*)XMALLOC(derMax, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (derBuf == NULL) { - WOLFSSL_MSG("malloc failed"); - return WOLFSSL_FAILURE; - } - - if (rsa->type == RSA_PRIVATE) { - /* Private key to DER */ - derSz = wc_RsaKeyToDer(rsa, derBuf, derMax); - } - else { - /* Public key to DER */ - derSz = wc_RsaKeyToPublicDer(rsa, derBuf, derMax); - } - - if (derSz < 0) { - if (rsa->type == RSA_PRIVATE) { - WOLFSSL_MSG("wc_RsaKeyToDer failed"); - } - else { - WOLFSSL_MSG("wc_RsaKeyToPublicDer failed"); - } - XFREE(derBuf, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER); - return WOLFSSL_FAILURE; - } - - pkey->pkey.ptr = (char*)XMALLOC(derSz, pkey->heap, DYNAMIC_TYPE_DER); - if (pkey->pkey.ptr == NULL) { - WOLFSSL_MSG("key malloc failed"); - XFREE(derBuf, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER); - return WOLFSSL_FAILURE; - } - pkey->pkey_sz = derSz; - XMEMCPY(pkey->pkey.ptr, derBuf, derSz); - XFREE(derBuf, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER); -#endif /* WOLFSSL_KEY_GEN && !HAVE_USER_RSA */ - -#ifdef WC_RSA_BLINDING - if (key->ownRng == 0) { - if (wc_RsaSetRNG((RsaKey*)(pkey->rsa->internal), &(pkey->rng)) != 0) { - WOLFSSL_MSG("Error setting RSA rng"); - return WOLFSSL_FAILURE; - } - } -#endif - return WOLFSSL_SUCCESS; -} -#endif /* !NO_RSA */ - -#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || defined(OPENSSL_EXTRA) -#if !defined (NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN) -/* with set1 functions the pkey struct does not own the DSA structure - * - * returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure - */ -int wolfSSL_EVP_PKEY_set1_DSA(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_DSA *key) -{ - int derMax = 0; - int derSz = 0; - DsaKey* dsa = NULL; - byte* derBuf = NULL; - - WOLFSSL_ENTER("wolfSSL_EVP_PKEY_set1_DSA"); - - if((pkey == NULL) || (key == NULL))return WOLFSSL_FAILURE; - if (pkey->dsa != NULL && pkey->ownDsa == 1) { - wolfSSL_DSA_free(pkey->dsa); - } - pkey->dsa = key; - pkey->ownDsa = 0; /* pkey does not own DSA */ - pkey->type = EVP_PKEY_DSA; - if (key->inSet == 0) { - if (SetDsaInternal(key) != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("SetDsaInternal failed"); - return WOLFSSL_FAILURE; - } - } - dsa = (DsaKey*)key->internal; - - /* 4 > size of pub, priv, p, q, g + ASN.1 additional information */ - derMax = 4 * wolfSSL_BN_num_bytes(key->g) + AES_BLOCK_SIZE; - - derBuf = (byte*)XMALLOC(derMax, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (derBuf == NULL) { - WOLFSSL_MSG("malloc failed"); - return WOLFSSL_FAILURE; - } - - if (dsa->type == DSA_PRIVATE) { - /* Private key to DER */ - derSz = wc_DsaKeyToDer(dsa, derBuf, derMax); - } - else { - /* Public key to DER */ - derSz = wc_DsaKeyToPublicDer(dsa, derBuf, derMax); - } - - if (derSz < 0) { - if (dsa->type == DSA_PRIVATE) { - WOLFSSL_MSG("wc_DsaKeyToDer failed"); - } - else { - WOLFSSL_MSG("wc_DsaKeyToPublicDer failed"); - } - XFREE(derBuf, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER); - return WOLFSSL_FAILURE; - } - - pkey->pkey.ptr = (char*)XMALLOC(derSz, pkey->heap, DYNAMIC_TYPE_DER); - if (pkey->pkey.ptr == NULL) { - WOLFSSL_MSG("key malloc failed"); - XFREE(derBuf, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER); - return WOLFSSL_FAILURE; - } - pkey->pkey_sz = derSz; - XMEMCPY(pkey->pkey.ptr, derBuf, derSz); - XFREE(derBuf, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER); - - return WOLFSSL_SUCCESS; -} - -WOLFSSL_DSA* wolfSSL_EVP_PKEY_get1_DSA(WOLFSSL_EVP_PKEY* key) -{ - WOLFSSL_DSA* local; - - WOLFSSL_ENTER("wolfSSL_EVP_PKEY_get1_DSA"); - - if (key == NULL) { - WOLFSSL_MSG("Bad function argument"); - return NULL; - } - - local = wolfSSL_DSA_new(); - if (local == NULL) { - WOLFSSL_MSG("Error creating a new WOLFSSL_DSA structure"); - return NULL; - } - - if (key->type == EVP_PKEY_DSA) { - if (wolfSSL_DSA_LoadDer(local, (const unsigned char*)key->pkey.ptr, - key->pkey_sz) != SSL_SUCCESS) { - /* now try public key */ - if (wolfSSL_DSA_LoadDer_ex(local, - (const unsigned char*)key->pkey.ptr, key->pkey_sz, - WOLFSSL_DSA_LOAD_PUBLIC) != SSL_SUCCESS) { - wolfSSL_DSA_free(local); - local = NULL; - } - } - } - else { - WOLFSSL_MSG("WOLFSSL_EVP_PKEY does not hold a DSA key"); - wolfSSL_DSA_free(local); - local = NULL; - } - return local; -} -#endif /* !NO_DSA && !HAVE_SELFTEST && WOLFSSL_KEY_GEN */ - -#ifdef HAVE_ECC -WOLFSSL_EC_KEY *wolfSSL_EVP_PKEY_get0_EC_KEY(WOLFSSL_EVP_PKEY *pkey) -{ - WOLFSSL_EC_KEY *eckey = NULL; - if (pkey) { -#ifdef HAVE_ECC - eckey = pkey->ecc; -#endif - } - return eckey; -} - -WOLFSSL_EC_KEY* wolfSSL_EVP_PKEY_get1_EC_KEY(WOLFSSL_EVP_PKEY* key) -{ - WOLFSSL_EC_KEY* local; - WOLFSSL_ENTER("wolfSSL_EVP_PKEY_get1_EC_KEY"); - - if (key == NULL) { - return NULL; - } - - local = wolfSSL_EC_KEY_new(); - if (local == NULL) { - WOLFSSL_MSG("Error creating a new WOLFSSL_EC_KEY structure"); - return NULL; - } - - if (key->type == EVP_PKEY_EC) { - if (wolfSSL_EC_KEY_LoadDer(local, (const unsigned char*)key->pkey.ptr, - key->pkey_sz) != SSL_SUCCESS) { - /* now try public key */ - if (wolfSSL_EC_KEY_LoadDer_ex(local, - (const unsigned char*)key->pkey.ptr, - key->pkey_sz, WOLFSSL_EC_KEY_LOAD_PUBLIC) != SSL_SUCCESS) { - - wolfSSL_EC_KEY_free(local); - local = NULL; - } - } - } - else { - WOLFSSL_MSG("WOLFSSL_EVP_PKEY does not hold an EC key"); - wolfSSL_EC_KEY_free(local); - local = NULL; - } -#ifdef OPENSSL_ALL - if (!local && key->ecc) { - local = wolfSSL_EC_KEY_dup(key->ecc); - } -#endif - return local; -} -#endif /* HAVE_ECC */ -#endif /* OPENSSL_ALL || WOLFSSL_QT || OPENSSL_EXTRA */ - -#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) -#if !defined(NO_DH) && !defined(NO_FILESYSTEM) -/* with set1 functions the pkey struct does not own the DH structure - * Build the following DH Key format from the passed in WOLFSSL_DH - * then store in WOLFSSL_EVP_PKEY in DER format. - * - * returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure - */ -int wolfSSL_EVP_PKEY_set1_DH(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_DH *key) -{ - byte havePublic = 0, havePrivate = 0; - int ret; - word32 derSz = 0; - byte* derBuf = NULL; - DhKey* dhkey = NULL; - mp_int pubKey; - mp_int privKey; - - WOLFSSL_ENTER("wolfSSL_EVP_PKEY_set1_DH"); - - if (pkey == NULL || key == NULL) - return WOLFSSL_FAILURE; - - if (pkey->dh != NULL && pkey->ownDh == 1) - wolfSSL_DH_free(pkey->dh); - - pkey->dh = key; - pkey->ownDh = 0; /* pkey does not own DH */ - pkey->type = EVP_PKEY_DH; - if (key->inSet == 0) { - if (SetDhInternal(key) != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("SetDhInternal failed"); - return WOLFSSL_FAILURE; - } - } - - dhkey = (DhKey*)key->internal; - - pubKey = dhkey->pub; - privKey = dhkey->priv; - - havePublic = mp_unsigned_bin_size(&pubKey) > 0; - havePrivate = mp_unsigned_bin_size(&privKey) > 0; - - /* Get size of DER buffer only */ - if (havePublic && !havePrivate) { - ret = wc_DhPubKeyToDer(dhkey, NULL, &derSz); - } else if (havePrivate && !havePublic) { - ret = wc_DhPrivKeyToDer(dhkey, NULL, &derSz); - } else { - ret = wc_DhParamsToDer(dhkey,NULL,&derSz); - } - - if (derSz <= 0 || ret != LENGTH_ONLY_E) { - WOLFSSL_MSG("Failed to get size of DH Key"); - return WOLFSSL_FAILURE; - } - - derBuf = (byte*)XMALLOC(derSz, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (derBuf == NULL) { - WOLFSSL_MSG("malloc failed"); - return WOLFSSL_FAILURE; - } - - /* Fill DER buffer */ - if (havePublic && !havePrivate) { - ret = wc_DhPubKeyToDer(dhkey, derBuf, &derSz); - } else if (havePrivate && !havePublic) { - ret = wc_DhPrivKeyToDer(dhkey, derBuf, &derSz); - } else { - ret = wc_DhParamsToDer(dhkey,derBuf,&derSz); - } - - if (ret <= 0) { - WOLFSSL_MSG("Failed to export DH Key"); - XFREE(derBuf, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER); - return WOLFSSL_FAILURE; - } - - /* Store DH key into pkey (DER format) */ - pkey->pkey.ptr = (char*)XMALLOC(derSz, pkey->heap, DYNAMIC_TYPE_DER); - if (pkey->pkey.ptr == NULL) { - WOLFSSL_MSG("key malloc failed"); - XFREE(derBuf, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER); - return WOLFSSL_FAILURE; - } - pkey->pkey_sz = derSz; - XMEMCPY(pkey->pkey.ptr, derBuf, derSz); - XFREE(derBuf, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER); - - return WOLFSSL_SUCCESS; -} - -WOLFSSL_DH* wolfSSL_EVP_PKEY_get1_DH(WOLFSSL_EVP_PKEY* key) -{ - WOLFSSL_DH* local = NULL; - - WOLFSSL_ENTER("wolfSSL_EVP_PKEY_get1_DH"); - - if (key == NULL || key->dh == NULL) { - WOLFSSL_MSG("Bad function argument"); - return NULL; - } - - if (key->type == EVP_PKEY_DH) { - - local = wolfSSL_DH_new(); - if (local == NULL) { - WOLFSSL_MSG("Error creating a new WOLFSSL_DH structure"); - return NULL; - } - - if (wolfSSL_DH_LoadDer(local, (const unsigned char*)key->pkey.ptr, - key->pkey_sz) != SSL_SUCCESS) { - wolfSSL_DH_free(local); - WOLFSSL_MSG("Error wolfSSL_DH_LoadDer"); - local = NULL; - } - } - else { - WOLFSSL_MSG("WOLFSSL_EVP_PKEY does not hold a DH key"); - wolfSSL_DH_free(local); - return NULL; - } - - return local; -} -#endif /* NO_DH && NO_FILESYSTEM */ - -int wolfSSL_EVP_PKEY_assign(WOLFSSL_EVP_PKEY *pkey, int type, void *key) -{ - int ret; - - WOLFSSL_ENTER("wolfSSL_EVP_PKEY_assign"); - - /* pkey and key checked if NULL in subsequent assign functions */ - switch(type) { - #ifndef NO_RSA - case EVP_PKEY_RSA: - ret = wolfSSL_EVP_PKEY_assign_RSA(pkey, (WOLFSSL_RSA*)key); - break; - #endif - #ifndef NO_DSA - case EVP_PKEY_DSA: - ret = wolfSSL_EVP_PKEY_assign_DSA(pkey, (WOLFSSL_DSA*)key); - break; - #endif - #ifdef HAVE_ECC - case EVP_PKEY_EC: - ret = wolfSSL_EVP_PKEY_assign_EC_KEY(pkey, (WOLFSSL_EC_KEY*)key); - break; - #endif - #ifdef NO_DH - case EVP_PKEY_DH: - ret = wolfSSL_EVP_PKEY_assign_DH(pkey, (WOLFSSL_DH*)key); - break; - #endif - default: - WOLFSSL_MSG("Unknown EVP_PKEY type in wolfSSL_EVP_PKEY_assign."); - ret = WOLFSSL_FAILURE; - } - - return ret; -} -#endif /* WOLFSSL_QT || OPENSSL_ALL */ - -#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) -/* try and populate public pkey_sz and pkey.ptr */ -static void ECC_populate_EVP_PKEY(EVP_PKEY* pkey, ecc_key* ecc) -{ - int ret; - if (!pkey || !ecc) - return; - if ((ret = wc_EccPublicKeyDerSize(ecc, 1)) > 0) { - int derSz = ret; - char* derBuf = (char*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (derBuf) { - ret = wc_EccPublicKeyToDer(ecc, (byte*)derBuf, derSz, 1); - if (ret >= 0) { - if (pkey->pkey.ptr) { - XFREE(pkey->pkey.ptr, NULL, DYNAMIC_TYPE_OPENSSL); - } - pkey->pkey_sz = ret; - pkey->pkey.ptr = derBuf; - } - else { /* failure - okay to ignore */ - XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); - derBuf = NULL; - } - } - } -} - -WOLFSSL_API int wolfSSL_EVP_PKEY_set1_EC_KEY(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_EC_KEY *key) -{ -#ifdef HAVE_ECC - if((pkey == NULL) || (key ==NULL))return WOLFSSL_FAILURE; - WOLFSSL_ENTER("wolfSSL_EVP_PKEY_set1_EC_KEY"); -#ifndef NO_RSA - if (pkey->rsa != NULL && pkey->ownRsa == 1) { - wolfSSL_RSA_free(pkey->rsa); - } - pkey->ownRsa = 0; -#endif -#ifndef NO_DSA - if (pkey->dsa != NULL && pkey->ownDsa == 1) { - wolfSSL_DSA_free(pkey->dsa); - } - pkey->ownDsa = 0; -#endif -#ifndef NO_DH - if (pkey->dh != NULL && pkey->ownDh == 1) { - wolfSSL_DH_free(pkey->dh); - } - pkey->ownDh = 0; -#endif - if (pkey->ecc != NULL && pkey->ownEcc == 1) { - wolfSSL_EC_KEY_free(pkey->ecc); - } - pkey->ecc = key; - pkey->ownEcc = 0; /* pkey does not own EC key */ - pkey->type = EVP_PKEY_EC; - ECC_populate_EVP_PKEY(pkey, (ecc_key*)key->internal); - return WOLFSSL_SUCCESS; -#else - (void)pkey; - (void)key; - return WOLFSSL_FAILURE; -#endif -} - -void* wolfSSL_EVP_X_STATE(const WOLFSSL_EVP_CIPHER_CTX* ctx) -{ - WOLFSSL_MSG("wolfSSL_EVP_X_STATE"); - - if (ctx) { - switch (ctx->cipherType) { - case ARC4_TYPE: - WOLFSSL_MSG("returning arc4 state"); - return (void*)&ctx->cipher.arc4.x; - - default: - WOLFSSL_MSG("bad x state type"); - return 0; - } - } - - return NULL; -} -int wolfSSL_EVP_PKEY_assign_EC_KEY(EVP_PKEY* pkey, WOLFSSL_EC_KEY* key) -{ - if (pkey == NULL || key == NULL) - return WOLFSSL_FAILURE; - - pkey->type = EVP_PKEY_EC; - pkey->ecc = key; - pkey->ownEcc = 1; - - /* try and populate public pkey_sz and pkey.ptr */ - ECC_populate_EVP_PKEY(pkey, (ecc_key*)key->internal); - - return WOLFSSL_SUCCESS; -} -#endif /* OPENSSL_EXTRA || HAVE_ECC */ - -int wolfSSL_EVP_X_STATE_LEN(const WOLFSSL_EVP_CIPHER_CTX* ctx) -{ - WOLFSSL_MSG("wolfSSL_EVP_X_STATE_LEN"); - - if (ctx) { - switch (ctx->cipherType) { - case ARC4_TYPE: - WOLFSSL_MSG("returning arc4 state size"); - return sizeof(Arc4); - - default: - WOLFSSL_MSG("bad x state type"); - return 0; - } - } - - return 0; -} - - #ifndef NO_DES3 void wolfSSL_3des_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, int doset, @@ -33868,269 +30006,6 @@ void wolfSSL_aes_ctr_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, int doset, #endif /* NO_AES */ -#ifndef NO_WOLFSSL_STUB -const WOLFSSL_EVP_MD* wolfSSL_EVP_ripemd160(void) -{ - WOLFSSL_MSG("wolfSSL_ripemd160"); - WOLFSSL_STUB("EVP_ripemd160"); - return NULL; -} -#endif - - -int wolfSSL_EVP_MD_block_size(const WOLFSSL_EVP_MD* type) -{ - WOLFSSL_MSG("wolfSSL_EVP_MD_block_size"); - - if (type == NULL) { - WOLFSSL_MSG("No md type arg"); - return BAD_FUNC_ARG; - } - - if (XSTRNCMP(type, "SHA256", 6) == 0) { - return WC_SHA256_BLOCK_SIZE; - } -#ifndef NO_MD5 - else if (XSTRNCMP(type, "MD5", 3) == 0) { - return WC_MD5_BLOCK_SIZE; - } -#endif -#ifdef WOLFSSL_SHA224 - else if (XSTRNCMP(type, "SHA224", 6) == 0) { - return WC_SHA224_BLOCK_SIZE; - } -#endif -#ifdef WOLFSSL_SHA384 - else if (XSTRNCMP(type, "SHA384", 6) == 0) { - return WC_SHA384_BLOCK_SIZE; - } -#endif -#ifdef WOLFSSL_SHA512 - else if (XSTRNCMP(type, "SHA512", 6) == 0) { - return WC_SHA512_BLOCK_SIZE; - } -#endif -#ifndef NO_SHA - /* has to be last since would pick or 256, 384, or 512 too */ - else if (XSTRNCMP(type, "SHA", 3) == 0) { - return WC_SHA_BLOCK_SIZE; - } -#endif - - return BAD_FUNC_ARG; -} - -int wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* type) -{ - WOLFSSL_MSG("wolfSSL_EVP_MD_size"); - - if (type == NULL) { - WOLFSSL_MSG("No md type arg"); - return BAD_FUNC_ARG; - } - - if (XSTRNCMP(type, "SHA256", 6) == 0) { - return WC_SHA256_DIGEST_SIZE; - } -#ifndef NO_MD5 - else if (XSTRNCMP(type, "MD5", 3) == 0) { - return WC_MD5_DIGEST_SIZE; - } -#endif -#ifdef WOLFSSL_SHA224 - else if (XSTRNCMP(type, "SHA224", 6) == 0) { - return WC_SHA224_DIGEST_SIZE; - } -#endif -#ifdef WOLFSSL_SHA384 - else if (XSTRNCMP(type, "SHA384", 6) == 0) { - return WC_SHA384_DIGEST_SIZE; - } -#endif -#ifdef WOLFSSL_SHA512 - else if (XSTRNCMP(type, "SHA512", 6) == 0) { - return WC_SHA512_DIGEST_SIZE; - } -#endif -#ifndef NO_SHA - /* has to be last since would pick or 256, 384, or 512 too */ - else if (XSTRNCMP(type, "SHA", 3) == 0) { - return WC_SHA_DIGEST_SIZE; - } -#endif - - return BAD_FUNC_ARG; -} - - -int wolfSSL_EVP_CIPHER_CTX_iv_length(const WOLFSSL_EVP_CIPHER_CTX* ctx) -{ - WOLFSSL_MSG("wolfSSL_EVP_CIPHER_CTX_iv_length"); - - switch (ctx->cipherType) { - -#ifdef HAVE_AES_CBC - case AES_128_CBC_TYPE : - case AES_192_CBC_TYPE : - case AES_256_CBC_TYPE : - WOLFSSL_MSG("AES CBC"); - return AES_BLOCK_SIZE; -#endif -#ifdef HAVE_AESGCM - case AES_128_GCM_TYPE : - case AES_192_GCM_TYPE : - case AES_256_GCM_TYPE : - WOLFSSL_MSG("AES GCM"); - return GCM_NONCE_MID_SZ; -#endif -#ifdef WOLFSSL_AES_COUNTER - case AES_128_CTR_TYPE : - case AES_192_CTR_TYPE : - case AES_256_CTR_TYPE : - WOLFSSL_MSG("AES CTR"); - return AES_BLOCK_SIZE; -#endif -#ifndef NO_DES3 - case DES_CBC_TYPE : - WOLFSSL_MSG("DES CBC"); - return DES_BLOCK_SIZE; - - case DES_EDE3_CBC_TYPE : - WOLFSSL_MSG("DES EDE3 CBC"); - return DES_BLOCK_SIZE; -#endif -#ifdef HAVE_IDEA - case IDEA_CBC_TYPE : - WOLFSSL_MSG("IDEA CBC"); - return IDEA_BLOCK_SIZE; -#endif -#ifndef NO_RC4 - case ARC4_TYPE : - WOLFSSL_MSG("ARC4"); - return 0; -#endif -#ifdef WOLFSSL_AES_CFB -#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) - case AES_128_CFB1_TYPE: - case AES_192_CFB1_TYPE: - case AES_256_CFB1_TYPE: - WOLFSSL_MSG("AES CFB1"); - return AES_BLOCK_SIZE; - case AES_128_CFB8_TYPE: - case AES_192_CFB8_TYPE: - case AES_256_CFB8_TYPE: - WOLFSSL_MSG("AES CFB8"); - return AES_BLOCK_SIZE; -#endif /* !HAVE_SELFTEST && !HAVE_FIPS */ - case AES_128_CFB128_TYPE: - case AES_192_CFB128_TYPE: - case AES_256_CFB128_TYPE: - WOLFSSL_MSG("AES CFB128"); - return AES_BLOCK_SIZE; -#endif /* WOLFSSL_AES_CFB */ -#if defined(WOLFSSL_AES_OFB) - case AES_128_OFB_TYPE: - case AES_192_OFB_TYPE: - case AES_256_OFB_TYPE: - WOLFSSL_MSG("AES OFB"); - return AES_BLOCK_SIZE; -#endif /* WOLFSSL_AES_OFB */ -#ifdef WOLFSSL_AES_XTS - case AES_128_XTS_TYPE: - case AES_256_XTS_TYPE: - WOLFSSL_MSG("AES XTS"); - return AES_BLOCK_SIZE; -#endif /* WOLFSSL_AES_XTS */ - - case NULL_CIPHER_TYPE : - WOLFSSL_MSG("NULL"); - return 0; - - default: { - WOLFSSL_MSG("bad type"); - } - } - return 0; -} - -int wolfSSL_EVP_CIPHER_iv_length(const WOLFSSL_EVP_CIPHER* cipher) -{ - const char *name = (const char *)cipher; - WOLFSSL_MSG("wolfSSL_EVP_CIPHER_iv_length"); - -#ifndef NO_AES -#ifdef HAVE_AES_CBC - #ifdef WOLFSSL_AES_128 - if (XSTRNCMP(name, EVP_AES_128_CBC, XSTRLEN(EVP_AES_128_CBC)) == 0) - return AES_BLOCK_SIZE; - #endif - #ifdef WOLFSSL_AES_192 - if (XSTRNCMP(name, EVP_AES_192_CBC, XSTRLEN(EVP_AES_192_CBC)) == 0) - return AES_BLOCK_SIZE; - #endif - #ifdef WOLFSSL_AES_256 - if (XSTRNCMP(name, EVP_AES_256_CBC, XSTRLEN(EVP_AES_256_CBC)) == 0) - return AES_BLOCK_SIZE; - #endif -#endif /* HAVE_AES_CBC */ -#ifdef HAVE_AESGCM - #ifdef WOLFSSL_AES_128 - if (XSTRNCMP(name, EVP_AES_128_GCM, XSTRLEN(EVP_AES_128_GCM)) == 0) - return GCM_NONCE_MID_SZ; - #endif - #ifdef WOLFSSL_AES_192 - if (XSTRNCMP(name, EVP_AES_192_GCM, XSTRLEN(EVP_AES_192_GCM)) == 0) - return GCM_NONCE_MID_SZ; - #endif - #ifdef WOLFSSL_AES_256 - if (XSTRNCMP(name, EVP_AES_256_GCM, XSTRLEN(EVP_AES_256_GCM)) == 0) - return GCM_NONCE_MID_SZ; - #endif -#endif /* HAVE_AESGCM */ -#ifdef WOLFSSL_AES_COUNTER - #ifdef WOLFSSL_AES_128 - if (XSTRNCMP(name, EVP_AES_128_CTR, XSTRLEN(EVP_AES_128_CTR)) == 0) - return AES_BLOCK_SIZE; - #endif - #ifdef WOLFSSL_AES_192 - if (XSTRNCMP(name, EVP_AES_192_CTR, XSTRLEN(EVP_AES_192_CTR)) == 0) - return AES_BLOCK_SIZE; - #endif - #ifdef WOLFSSL_AES_256 - if (XSTRNCMP(name, EVP_AES_256_CTR, XSTRLEN(EVP_AES_256_CTR)) == 0) - return AES_BLOCK_SIZE; - #endif -#endif -#ifdef WOLFSSL_AES_XTS - #ifdef WOLFSSL_AES_128 - if (XSTRNCMP(name, EVP_AES_128_XTS, XSTRLEN(EVP_AES_128_XTS)) == 0) - return AES_BLOCK_SIZE; - #endif /* WOLFSSL_AES_128 */ - - #ifdef WOLFSSL_AES_256 - if (XSTRNCMP(name, EVP_AES_256_XTS, XSTRLEN(EVP_AES_256_XTS)) == 0) - return AES_BLOCK_SIZE; - #endif /* WOLFSSL_AES_256 */ -#endif /* WOLFSSL_AES_XTS */ - -#endif - -#ifndef NO_DES3 - if ((XSTRNCMP(name, EVP_DES_CBC, XSTRLEN(EVP_DES_CBC)) == 0) || - (XSTRNCMP(name, EVP_DES_EDE3_CBC, XSTRLEN(EVP_DES_EDE3_CBC)) == 0)) { - return DES_BLOCK_SIZE; - } -#endif - -#ifdef HAVE_IDEA - if (XSTRNCMP(name, EVP_IDEA_CBC, XSTRLEN(EVP_IDEA_CBC)) == 0) - return IDEA_BLOCK_SIZE; -#endif - - (void)name; - - return 0; -} /* Free the dynamically allocated data. * @@ -34347,9 +30222,9 @@ int wolfSSL_PEM_write_bio_RSAPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_RSA* key, return WOLFSSL_FAILURE; } - pkey = wolfSSL_PKEY_new_ex(bio->heap); + pkey = wolfSSL_EVP_PKEY_new_ex(bio->heap); if (pkey == NULL) { - WOLFSSL_MSG("wolfSSL_PKEY_new_ex failed"); + WOLFSSL_MSG("wolfSSL_EVP_PKEY_new_ex failed"); return WOLFSSL_FAILURE; } @@ -34407,9 +30282,9 @@ int wolfSSL_PEM_write_bio_RSA_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa) } /* Initialize pkey structure */ - pkey = wolfSSL_PKEY_new_ex(bio->heap); + pkey = wolfSSL_EVP_PKEY_new_ex(bio->heap); if (pkey == NULL) { - WOLFSSL_MSG("wolfSSL_PKEY_new_ex failed"); + WOLFSSL_MSG("wolfSSL_EVP_PKEY_new_ex failed"); return WOLFSSL_FAILURE; } @@ -36800,9 +32675,9 @@ int wolfSSL_PEM_write_bio_EC_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_EC_KEY* ec) } /* Initialize pkey structure */ - pkey = wolfSSL_PKEY_new_ex(bio->heap); + pkey = wolfSSL_EVP_PKEY_new_ex(bio->heap); if (pkey == NULL) { - WOLFSSL_MSG("wolfSSL_PKEY_new_ex failed"); + WOLFSSL_MSG("wolfSSL_EVP_PKEY_new_ex failed"); return WOLFSSL_FAILURE; } @@ -36870,9 +32745,9 @@ int wolfSSL_PEM_write_bio_ECPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EC_KEY* ec, } /* Initialize pkey structure */ - pkey = wolfSSL_PKEY_new_ex(bio->heap); + pkey = wolfSSL_EVP_PKEY_new_ex(bio->heap); if (pkey == NULL) { - WOLFSSL_MSG("wolfSSL_PKEY_new_ex failed"); + WOLFSSL_MSG("wolfSSL_EVP_PKEY_new_ex failed"); return WOLFSSL_FAILURE; } @@ -37111,9 +32986,9 @@ int wolfSSL_PEM_write_bio_DSAPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_DSA* dsa, return WOLFSSL_FAILURE; } - pkey = wolfSSL_PKEY_new_ex(bio->heap); + pkey = wolfSSL_EVP_PKEY_new_ex(bio->heap); if (pkey == NULL) { - WOLFSSL_MSG("wolfSSL_PKEY_new_ex failed"); + WOLFSSL_MSG("wolfSSL_EVP_PKEY_new_ex failed"); return WOLFSSL_FAILURE; } @@ -37177,9 +33052,9 @@ int wolfSSL_PEM_write_bio_DSA_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_DSA* dsa) return WOLFSSL_FAILURE; } - pkey = wolfSSL_PKEY_new_ex(bio->heap); + pkey = wolfSSL_EVP_PKEY_new_ex(bio->heap); if (pkey == NULL) { - WOLFSSL_MSG("wolfSSL_PKEY_new_ex failed"); + WOLFSSL_MSG("wolfSSL_EVP_PKEY_new_ex failed"); return WOLFSSL_FAILURE; } @@ -37768,47 +33643,6 @@ WOLFSSL_EC_GROUP* wolfSSL_PEM_read_bio_ECPKParameters(WOLFSSL_BIO* bio, } #endif /* HAVE_ECC */ -/* return of pkey->type which will be EVP_PKEY_RSA for example. - * - * type type of EVP_PKEY - * - * returns type or if type is not found then NID_undef - */ -int wolfSSL_EVP_PKEY_type(int type) -{ - WOLFSSL_MSG("wolfSSL_EVP_PKEY_type"); - - switch (type) { - #ifdef OPENSSL_EXTRA - case EVP_PKEY_RSA: - return EVP_PKEY_RSA; - case EVP_PKEY_DSA: - return EVP_PKEY_DSA; - case EVP_PKEY_EC: - return EVP_PKEY_EC; - #endif - default: - return NID_undef; - } -} - - -int wolfSSL_EVP_PKEY_id(const EVP_PKEY *pkey) -{ - if (pkey != NULL) - return pkey->type; - return 0; -} - - -int wolfSSL_EVP_PKEY_base_id(const EVP_PKEY *pkey) -{ - if (pkey == NULL) - return NID_undef; - return wolfSSL_EVP_PKEY_type(pkey->type); -} - - #if !defined(NO_FILESYSTEM) WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_PUBKEY(XFILE fp, EVP_PKEY **x, pem_password_cb *cb, void *u) @@ -38566,21 +34400,6 @@ int wolfSSL_X509_up_ref(WOLFSSL_X509* x509) return 0; } -/* increments ref count of WOLFSSL_EVP_PKEY. Return 1 on success, 0 on error */ -int wolfSSL_EVP_PKEY_up_ref(WOLFSSL_EVP_PKEY* pkey) -{ - if (pkey) { - if (wc_LockMutex(&pkey->refMutex) != 0) { - WOLFSSL_MSG("Failed to lock pkey mutex"); - } - pkey->references++; - wc_UnLockMutex(&pkey->refMutex); - - return 1; - } - - return 0; -} #endif /* OPENSSL_EXTRA || OPENSSL_ALL */ @@ -44169,7 +39988,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_EVP(WOLFSSL_EVP_PKEY** out, if (wc_InitRsaKey(&rsa, NULL) == 0 && wc_RsaPrivateKeyDecode(mem, &keyIdx, &rsa, (word32)memSz) == 0) { wc_FreeRsaKey(&rsa); - pkey = wolfSSL_PKEY_new(); + pkey = wolfSSL_EVP_PKEY_new(); if (pkey != NULL) { pkey->pkey_sz = keyIdx; pkey->pkey.ptr = (char*)XMALLOC(memSz, NULL, @@ -44214,7 +40033,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_EVP(WOLFSSL_EVP_PKEY** out, if (wc_ecc_init(&ecc) == 0 && wc_EccPrivateKeyDecode(mem, &keyIdx, &ecc, (word32)memSz) == 0) { wc_ecc_free(&ecc); - pkey = wolfSSL_PKEY_new(); + pkey = wolfSSL_EVP_PKEY_new(); if (pkey != NULL) { pkey->pkey_sz = keyIdx; pkey->pkey.ptr = (char*)XMALLOC(keyIdx, NULL, @@ -46401,7 +42220,7 @@ int wolfSSL_X509_NAME_digest(const WOLFSSL_X509_NAME *name, if (name == NULL || type == NULL) return WOLFSSL_FAILURE; -#ifndef NO_FILESYSTEM +#if !defined(NO_FILESYSTEM) && !defined(NO_PWDBASED) return wolfSSL_EVP_Digest((unsigned char*)name->fullName.fullName, name->fullName.fullNameLen, md, len, type, NULL); #else @@ -49702,41 +45521,8 @@ int wolfSSL_RSA_size(const WOLFSSL_RSA* rsa) } return wc_RsaEncryptSize((RsaKey*)rsa->internal); } - - -int wolfSSL_EVP_PKEY_assign_RSA(EVP_PKEY* pkey, WOLFSSL_RSA* key) -{ - if (pkey == NULL || key == NULL) - return WOLFSSL_FAILURE; - - pkey->type = EVP_PKEY_RSA; - pkey->rsa = key; - pkey->ownRsa = 1; - - /* try and populate public pkey_sz and pkey.ptr */ - if (key->internal) { - RsaKey* rsa = (RsaKey*)key->internal; - int ret = wc_RsaPublicKeyDerSize(rsa, 1); - if (ret > 0) { - int derSz = ret; - char* derBuf = (char*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (derBuf) { - ret = wc_RsaKeyToPublicDer(rsa, (byte*)derBuf, derSz); - if (ret >= 0) { - pkey->pkey_sz = ret; - pkey->pkey.ptr = derBuf; - } - else { /* failure - okay to ignore */ - XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); - derBuf = NULL; - } - } - } - } - - return WOLFSSL_SUCCESS; -} #endif + #if !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA) && \ !defined(NO_RSA) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) /* WolfSSL -> OpenSSL */ @@ -50090,34 +45876,6 @@ WOLFSSL_RSA* wolfSSL_RSA_new(void) } #endif /* !NO_RSA && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */ -#if defined(OPENSSL_EXTRA) && !defined(NO_DSA) -int wolfSSL_EVP_PKEY_assign_DSA(EVP_PKEY* pkey, WOLFSSL_DSA* key) -{ - if (pkey == NULL || key == NULL) - return WOLFSSL_FAILURE; - - pkey->type = EVP_PKEY_DSA; - pkey->dsa = key; - pkey->ownDsa = 1; - - return WOLFSSL_SUCCESS; -} -#endif - -#if defined(OPENSSL_EXTRA) && !defined(NO_DH) -int wolfSSL_EVP_PKEY_assign_DH(EVP_PKEY* pkey, WOLFSSL_DH* key) -{ - if (pkey == NULL || key == NULL) - return WOLFSSL_FAILURE; - - pkey->type = EVP_PKEY_DH; - pkey->dh = key; - pkey->ownDh = 1; - - return WOLFSSL_SUCCESS; -} -#endif - #if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) PKCS7* wolfSSL_PKCS7_new(void) { @@ -51032,3 +46790,5 @@ int wolfSSL_X509_REQ_set_pubkey(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey) return wolfSSL_X509_set_pubkey(req, pkey); } #endif /* OPENSSL_EXTRA && !NO_CERTS && WOLFSSL_CERT_GEN && WOLFSSL_CERT_REQ */ + + diff --git a/tests/api.c b/tests/api.c index 544e269adc..0f6e12f837 100644 --- a/tests/api.c +++ b/tests/api.c @@ -27460,7 +27460,7 @@ static void test_wolfSSL_EVP_PKEY_set1_get1_DSA(void) AssertIntNE(wolfSSL_EVP_PKEY_set1_DSA(set1Pkey, dsa), WOLFSSL_SUCCESS); /* Initialize set1Pkey */ - set1Pkey = wolfSSL_PKEY_new(); + set1Pkey = wolfSSL_EVP_PKEY_new(); /* Should Fail Verify: setDsa not initialized from set1Pkey */ AssertIntNE(wolfSSL_DSA_do_verify(hash,signature,setDsa,&answer), @@ -27487,7 +27487,7 @@ static void test_wolfSSL_EVP_PKEY_set1_get1_EC_KEY (void) printf(testingFmt, "wolfSSL_EVP_PKEY_set1_EC_KEY and wolfSSL_EVP_PKEY_get1_EC_KEY"); AssertNotNull(ecKey = wolfSSL_EC_KEY_new()); - AssertNotNull(pkey = wolfSSL_PKEY_new()); + AssertNotNull(pkey = wolfSSL_EVP_PKEY_new()); /* Test wolfSSL_EVP_PKEY_set1_EC_KEY */ AssertIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(NULL, ecKey), WOLFSSL_FAILURE); @@ -27537,7 +27537,7 @@ static void test_wolfSSL_EVP_PKEY_set1_get1_DH (void) AssertIntEQ(code, 0); code = -1; - pkey = wolfSSL_PKEY_new(); + pkey = wolfSSL_EVP_PKEY_new(); /* Set DH into PKEY */ AssertIntEQ(wolfSSL_EVP_PKEY_set1_DH(pkey, setDh), WOLFSSL_SUCCESS); @@ -27789,7 +27789,7 @@ static void test_wolfSSL_EVP_PKEY_assign(void) printf(testingFmt, "wolfSSL_EVP_PKEY_assign"); #ifndef NO_RSA type = EVP_PKEY_RSA; - AssertNotNull(pkey = wolfSSL_PKEY_new()); + AssertNotNull(pkey = wolfSSL_EVP_PKEY_new()); AssertNotNull(rsa = wolfSSL_RSA_new()); AssertIntEQ(wolfSSL_EVP_PKEY_assign(NULL,type,rsa), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,NULL), WOLFSSL_FAILURE); @@ -27800,7 +27800,7 @@ static void test_wolfSSL_EVP_PKEY_assign(void) #ifndef NO_DSA type = EVP_PKEY_DSA; - AssertNotNull(pkey = wolfSSL_PKEY_new()); + AssertNotNull(pkey = wolfSSL_EVP_PKEY_new()); AssertNotNull(dsa = wolfSSL_DSA_new()); AssertIntEQ(wolfSSL_EVP_PKEY_assign(NULL,type,dsa), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,NULL), WOLFSSL_FAILURE); @@ -27811,7 +27811,7 @@ static void test_wolfSSL_EVP_PKEY_assign(void) #ifdef HAVE_ECC type = EVP_PKEY_EC; - AssertNotNull(pkey = wolfSSL_PKEY_new()); + AssertNotNull(pkey = wolfSSL_EVP_PKEY_new()); AssertNotNull(ecKey = wolfSSL_EC_KEY_new()); AssertIntEQ(wolfSSL_EVP_PKEY_assign(NULL,type,ecKey), WOLFSSL_FAILURE); AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,NULL), WOLFSSL_FAILURE); @@ -28963,7 +28963,7 @@ static void test_wolfSSL_EVP_PKEY_encrypt(void) XMEMSET(outDec, 0, rsaKeySz); AssertNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL)); - AssertNotNull(pkey = wolfSSL_PKEY_new()); + AssertNotNull(pkey = wolfSSL_EVP_PKEY_new()); AssertIntEQ(EVP_PKEY_assign_RSA(pkey, rsa), WOLFSSL_SUCCESS); AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL)); AssertIntEQ(EVP_PKEY_encrypt_init(ctx), WOLFSSL_SUCCESS); @@ -29046,7 +29046,7 @@ static void test_wolfSSL_EVP_PKEY_sign(void) SHA256_Final(hash, &c); AssertNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL)); - AssertNotNull(pkey = wolfSSL_PKEY_new()); + AssertNotNull(pkey = wolfSSL_EVP_PKEY_new()); AssertIntEQ(EVP_PKEY_assign_RSA(pkey, rsa), WOLFSSL_SUCCESS); AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL)); AssertIntEQ(EVP_PKEY_sign_init(ctx), WOLFSSL_SUCCESS); @@ -29098,7 +29098,7 @@ static void test_EVP_PKEY_rsa(void) WOLFSSL_EVP_PKEY* pkey; AssertNotNull(rsa = wolfSSL_RSA_new()); - AssertNotNull(pkey = wolfSSL_PKEY_new()); + AssertNotNull(pkey = wolfSSL_EVP_PKEY_new()); AssertIntEQ(EVP_PKEY_assign_RSA(NULL, rsa), WOLFSSL_FAILURE); AssertIntEQ(EVP_PKEY_assign_RSA(pkey, NULL), WOLFSSL_FAILURE); AssertIntEQ(EVP_PKEY_assign_RSA(pkey, rsa), WOLFSSL_SUCCESS); @@ -29117,7 +29117,7 @@ static void test_EVP_PKEY_ec(void) WOLFSSL_EVP_PKEY* pkey; AssertNotNull(ecKey = wolfSSL_EC_KEY_new()); - AssertNotNull(pkey = wolfSSL_PKEY_new()); + AssertNotNull(pkey = wolfSSL_EVP_PKEY_new()); AssertIntEQ(EVP_PKEY_assign_EC_KEY(NULL, ecKey), WOLFSSL_FAILURE); AssertIntEQ(EVP_PKEY_assign_EC_KEY(pkey, NULL), WOLFSSL_FAILURE); AssertIntEQ(EVP_PKEY_assign_EC_KEY(pkey, ecKey), WOLFSSL_SUCCESS); diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index ef5de299e8..5fd7ad8ab0 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -19,14 +19,142 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -#include - #if !defined(WOLFSSL_EVP_INCLUDED) #ifndef WOLFSSL_IGNORE_FILE_WARN #warning evp.c does not need to be compiled separately from ssl.c #endif +#elif defined(WOLFCRYPT_ONLY) #else +#if defined(OPENSSL_EXTRA) + +#ifdef HAVE_CONFIG_H + #include +#endif + +#include + +#include +#include + +#ifndef NO_AES + #ifdef HAVE_AES_CBC + #ifdef WOLFSSL_AES_128 + static char *EVP_AES_128_CBC = NULL; + #endif + #ifdef WOLFSSL_AES_192 + static char *EVP_AES_192_CBC = NULL; + #endif + #ifdef WOLFSSL_AES_256 + static char *EVP_AES_256_CBC = NULL; + #endif + #endif /* HAVE_AES_CBC */ + + #ifdef WOLFSSL_AES_OFB + #ifdef WOLFSSL_AES_128 + static char *EVP_AES_128_OFB = NULL; + #endif + #ifdef WOLFSSL_AES_192 + static char *EVP_AES_192_OFB = NULL; + #endif + #ifdef WOLFSSL_AES_256 + static char *EVP_AES_256_OFB = NULL; + #endif + #endif /* WOLFSSL_AES_OFB */ + + #ifdef WOLFSSL_AES_XTS + #ifdef WOLFSSL_AES_128 + static char *EVP_AES_128_XTS = NULL; + #endif + #ifdef WOLFSSL_AES_256 + static char *EVP_AES_256_XTS = NULL; + #endif + #endif /* WOLFSSL_AES_XTS */ + + #ifdef WOLFSSL_AES_CFB + #ifdef WOLFSSL_AES_128 + static char *EVP_AES_128_CFB1 = NULL; + #endif + #ifdef WOLFSSL_AES_192 + static char *EVP_AES_192_CFB1 = NULL; + #endif + #ifdef WOLFSSL_AES_256 + static char *EVP_AES_256_CFB1 = NULL; + #endif + + #ifdef WOLFSSL_AES_128 + static char *EVP_AES_128_CFB8 = NULL; + #endif + #ifdef WOLFSSL_AES_192 + static char *EVP_AES_192_CFB8 = NULL; + #endif + #ifdef WOLFSSL_AES_256 + static char *EVP_AES_256_CFB8 = NULL; + #endif + + #ifdef WOLFSSL_AES_128 + static char *EVP_AES_128_CFB128 = NULL; + #endif + #ifdef WOLFSSL_AES_192 + static char *EVP_AES_192_CFB128 = NULL; + #endif + #ifdef WOLFSSL_AES_256 + static char *EVP_AES_256_CFB128 = NULL; + #endif + #endif /* WOLFSSL_AES_CFB */ + + #ifdef HAVE_AESGCM + #ifdef WOLFSSL_AES_128 + static char *EVP_AES_128_GCM = NULL; + #endif + #ifdef WOLFSSL_AES_192 + static char *EVP_AES_192_GCM = NULL; + #endif + #ifdef WOLFSSL_AES_256 + static char *EVP_AES_256_GCM = NULL; + #endif + #endif /* HAVE_AESGCM */ + #ifdef WOLFSSL_AES_128 + static char *EVP_AES_128_CTR = NULL; + #endif + #ifdef WOLFSSL_AES_192 + static char *EVP_AES_192_CTR = NULL; + #endif + #ifdef WOLFSSL_AES_256 + static char *EVP_AES_256_CTR = NULL; + #endif + + #ifdef WOLFSSL_AES_128 + static char *EVP_AES_128_ECB = NULL; + #endif + #ifdef WOLFSSL_AES_192 + static char *EVP_AES_192_ECB = NULL; + #endif + #ifdef WOLFSSL_AES_256 + static char *EVP_AES_256_ECB = NULL; + #endif + #define EVP_AES_SIZE 11 + #ifdef WOLFSSL_AES_CFB + #define EVP_AESCFB_SIZE 14 + #endif +#endif + +#ifndef NO_DES3 + static char *EVP_DES_CBC = NULL; + static char *EVP_DES_ECB = NULL; + + static char *EVP_DES_EDE3_CBC = NULL; + static char *EVP_DES_EDE3_ECB = NULL; + + #define EVP_DES_SIZE 7 + #define EVP_DES_EDE3_SIZE 12 +#endif + +#ifdef HAVE_IDEA + static char *EVP_IDEA_CBC; + #define EVP_IDEA_SIZE 8 +#endif + static unsigned int cipherType(const WOLFSSL_EVP_CIPHER *cipher); @@ -798,123 +926,123 @@ int wolfSSL_EVP_CIPHER_CTX_block_size(const WOLFSSL_EVP_CIPHER_CTX *ctx) static unsigned int cipherType(const WOLFSSL_EVP_CIPHER *cipher) { if (cipher == NULL) return 0; /* dummy for #ifdef */ - #ifndef NO_DES3 - else if (XSTRNCMP(cipher, EVP_DES_CBC, EVP_DES_SIZE) == 0) - return DES_CBC_TYPE; - else if (XSTRNCMP(cipher, EVP_DES_EDE3_CBC, EVP_DES_EDE3_SIZE) == 0) - return DES_EDE3_CBC_TYPE; - #if !defined(NO_DES3) - else if (XSTRNCMP(cipher, EVP_DES_ECB, EVP_DES_SIZE) == 0) - return DES_ECB_TYPE; - else if (XSTRNCMP(cipher, EVP_DES_EDE3_ECB, EVP_DES_EDE3_SIZE) == 0) - return DES_EDE3_ECB_TYPE; - #endif /* NO_DES3 && HAVE_AES_ECB */ - #endif - #if !defined(NO_AES) - #if defined(HAVE_AES_CBC) - #ifdef WOLFSSL_AES_128 - else if (XSTRNCMP(cipher, EVP_AES_128_CBC, EVP_AES_SIZE) == 0) - return AES_128_CBC_TYPE; - #endif - #ifdef WOLFSSL_AES_192 - else if (XSTRNCMP(cipher, EVP_AES_192_CBC, EVP_AES_SIZE) == 0) - return AES_192_CBC_TYPE; - #endif - #ifdef WOLFSSL_AES_256 - else if (XSTRNCMP(cipher, EVP_AES_256_CBC, EVP_AES_SIZE) == 0) - return AES_256_CBC_TYPE; - #endif - #endif /* HAVE_AES_CBC */ - #if defined(HAVE_AESGCM) - #ifdef WOLFSSL_AES_128 - else if (XSTRNCMP(cipher, EVP_AES_128_GCM, EVP_AES_SIZE) == 0) - return AES_128_GCM_TYPE; - #endif - #ifdef WOLFSSL_AES_192 - else if (XSTRNCMP(cipher, EVP_AES_192_GCM, EVP_AES_SIZE) == 0) - return AES_192_GCM_TYPE; - #endif - #ifdef WOLFSSL_AES_256 - else if (XSTRNCMP(cipher, EVP_AES_256_GCM, EVP_AES_SIZE) == 0) - return AES_256_GCM_TYPE; - #endif - #endif /* HAVE_AESGCM */ - #if defined(WOLFSSL_AES_COUNTER) - #ifdef WOLFSSL_AES_128 - else if (XSTRNCMP(cipher, EVP_AES_128_CTR, EVP_AES_SIZE) == 0) - return AES_128_CTR_TYPE; - #endif - #ifdef WOLFSSL_AES_192 - else if (XSTRNCMP(cipher, EVP_AES_192_CTR, EVP_AES_SIZE) == 0) - return AES_192_CTR_TYPE; - #endif - #ifdef WOLFSSL_AES_256 - else if (XSTRNCMP(cipher, EVP_AES_256_CTR, EVP_AES_SIZE) == 0) - return AES_256_CTR_TYPE; - #endif - #endif /* HAVE_AES_CBC */ - #if defined(HAVE_AES_ECB) - #ifdef WOLFSSL_AES_128 - else if (XSTRNCMP(cipher, EVP_AES_128_ECB, EVP_AES_SIZE) == 0) - return AES_128_ECB_TYPE; - #endif - #ifdef WOLFSSL_AES_192 - else if (XSTRNCMP(cipher, EVP_AES_192_ECB, EVP_AES_SIZE) == 0) - return AES_192_ECB_TYPE; - #endif - #ifdef WOLFSSL_AES_256 - else if (XSTRNCMP(cipher, EVP_AES_256_ECB, EVP_AES_SIZE) == 0) - return AES_256_ECB_TYPE; - #endif - #endif /*HAVE_AES_CBC */ - #if defined(WOLFSSL_AES_XTS) - #ifdef WOLFSSL_AES_128 - else if (XSTRNCMP(cipher, EVP_AES_128_XTS, EVP_AES_SIZE) == 0) - return AES_128_XTS_TYPE; - #endif - #ifdef WOLFSSL_AES_256 - else if (XSTRNCMP(cipher, EVP_AES_256_XTS, EVP_AES_SIZE) == 0) - return AES_256_XTS_TYPE; - #endif - #endif /* WOLFSSL_AES_XTS */ - #if defined(WOLFSSL_AES_CFB) - #ifdef WOLFSSL_AES_128 - else if (XSTRNCMP(cipher, EVP_AES_128_CFB1, EVP_AESCFB_SIZE) == 0) - return AES_128_CFB1_TYPE; - #endif - #ifdef WOLFSSL_AES_192 - else if (XSTRNCMP(cipher, EVP_AES_192_CFB1, EVP_AESCFB_SIZE) == 0) - return AES_192_CFB1_TYPE; - #endif - #ifdef WOLFSSL_AES_256 - else if (XSTRNCMP(cipher, EVP_AES_256_CFB1, EVP_AESCFB_SIZE) == 0) - return AES_256_CFB1_TYPE; - #endif - #ifdef WOLFSSL_AES_128 - else if (XSTRNCMP(cipher, EVP_AES_128_CFB8, EVP_AESCFB_SIZE) == 0) - return AES_128_CFB8_TYPE; - #endif - #ifdef WOLFSSL_AES_192 - else if (XSTRNCMP(cipher, EVP_AES_192_CFB8, EVP_AESCFB_SIZE) == 0) - return AES_192_CFB8_TYPE; - #endif - #ifdef WOLFSSL_AES_256 - else if (XSTRNCMP(cipher, EVP_AES_256_CFB8, EVP_AESCFB_SIZE) == 0) - return AES_256_CFB8_TYPE; - #endif - #ifdef WOLFSSL_AES_128 - else if (XSTRNCMP(cipher, EVP_AES_128_CFB128, EVP_AESCFB_SIZE) == 0) - return AES_128_CFB128_TYPE; - #endif - #ifdef WOLFSSL_AES_192 - else if (XSTRNCMP(cipher, EVP_AES_192_CFB128, EVP_AESCFB_SIZE) == 0) - return AES_192_CFB128_TYPE; - #endif - #ifdef WOLFSSL_AES_256 - else if (XSTRNCMP(cipher, EVP_AES_256_CFB128, EVP_AESCFB_SIZE) == 0) - return AES_256_CFB128_TYPE; - #endif - #endif /*HAVE_AES_CBC */ +#ifndef NO_DES3 + else if (EVP_DES_CBC && XSTRNCMP(cipher, EVP_DES_CBC, EVP_DES_SIZE) == 0) + return DES_CBC_TYPE; + else if (EVP_DES_EDE3_CBC && XSTRNCMP(cipher, EVP_DES_EDE3_CBC, EVP_DES_EDE3_SIZE) == 0) + return DES_EDE3_CBC_TYPE; +#if !defined(NO_DES3) + else if (EVP_DES_ECB && XSTRNCMP(cipher, EVP_DES_ECB, EVP_DES_SIZE) == 0) + return DES_ECB_TYPE; + else if (EVP_DES_EDE3_ECB && XSTRNCMP(cipher, EVP_DES_EDE3_ECB, EVP_DES_EDE3_SIZE) == 0) + return DES_EDE3_ECB_TYPE; +#endif /* NO_DES3 && HAVE_AES_ECB */ +#endif +#if !defined(NO_AES) +#if defined(HAVE_AES_CBC) + #ifdef WOLFSSL_AES_128 + else if (EVP_AES_128_CBC && XSTRNCMP(cipher, EVP_AES_128_CBC, EVP_AES_SIZE) == 0) + return AES_128_CBC_TYPE; + #endif + #ifdef WOLFSSL_AES_192 + else if (EVP_AES_192_CBC && XSTRNCMP(cipher, EVP_AES_192_CBC, EVP_AES_SIZE) == 0) + return AES_192_CBC_TYPE; + #endif + #ifdef WOLFSSL_AES_256 + else if (EVP_AES_256_CBC && XSTRNCMP(cipher, EVP_AES_256_CBC, EVP_AES_SIZE) == 0) + return AES_256_CBC_TYPE; + #endif +#endif /* HAVE_AES_CBC */ +#if defined(HAVE_AESGCM) + #ifdef WOLFSSL_AES_128 + else if (EVP_AES_128_GCM && XSTRNCMP(cipher, EVP_AES_128_GCM, EVP_AES_SIZE) == 0) + return AES_128_GCM_TYPE; + #endif + #ifdef WOLFSSL_AES_192 + else if (EVP_AES_192_GCM && XSTRNCMP(cipher, EVP_AES_192_GCM, EVP_AES_SIZE) == 0) + return AES_192_GCM_TYPE; + #endif + #ifdef WOLFSSL_AES_256 + else if (EVP_AES_256_GCM && XSTRNCMP(cipher, EVP_AES_256_GCM, EVP_AES_SIZE) == 0) + return AES_256_GCM_TYPE; + #endif +#endif /* HAVE_AESGCM */ +#if defined(WOLFSSL_AES_COUNTER) + #ifdef WOLFSSL_AES_128 + else if (EVP_AES_128_CTR && XSTRNCMP(cipher, EVP_AES_128_CTR, EVP_AES_SIZE) == 0) + return AES_128_CTR_TYPE; + #endif + #ifdef WOLFSSL_AES_192 + else if (EVP_AES_192_CTR && XSTRNCMP(cipher, EVP_AES_192_CTR, EVP_AES_SIZE) == 0) + return AES_192_CTR_TYPE; + #endif + #ifdef WOLFSSL_AES_256 + else if (EVP_AES_256_CTR && XSTRNCMP(cipher, EVP_AES_256_CTR, EVP_AES_SIZE) == 0) + return AES_256_CTR_TYPE; + #endif +#endif /* HAVE_AES_CBC */ +#if defined(HAVE_AES_ECB) + #ifdef WOLFSSL_AES_128 + else if (EVP_AES_128_ECB && XSTRNCMP(cipher, EVP_AES_128_ECB, EVP_AES_SIZE) == 0) + return AES_128_ECB_TYPE; + #endif + #ifdef WOLFSSL_AES_192 + else if (EVP_AES_192_ECB && XSTRNCMP(cipher, EVP_AES_192_ECB, EVP_AES_SIZE) == 0) + return AES_192_ECB_TYPE; + #endif + #ifdef WOLFSSL_AES_256 + else if (EVP_AES_256_ECB && XSTRNCMP(cipher, EVP_AES_256_ECB, EVP_AES_SIZE) == 0) + return AES_256_ECB_TYPE; + #endif +#endif /*HAVE_AES_CBC */ +#if defined(WOLFSSL_AES_XTS) + #ifdef WOLFSSL_AES_128 + else if (EVP_AES_128_XTS && XSTRNCMP(cipher, EVP_AES_128_XTS, EVP_AES_SIZE) == 0) + return AES_128_XTS_TYPE; + #endif + #ifdef WOLFSSL_AES_256 + else if (EVP_AES_256_XTS && XSTRNCMP(cipher, EVP_AES_256_XTS, EVP_AES_SIZE) == 0) + return AES_256_XTS_TYPE; + #endif +#endif /* WOLFSSL_AES_XTS */ +#if defined(WOLFSSL_AES_CFB) + #ifdef WOLFSSL_AES_128 + else if (EVP_AES_128_CFB1 && XSTRNCMP(cipher, EVP_AES_128_CFB1, EVP_AESCFB_SIZE) == 0) + return AES_128_CFB1_TYPE; + #endif + #ifdef WOLFSSL_AES_192 + else if (EVP_AES_192_CFB1 && XSTRNCMP(cipher, EVP_AES_192_CFB1, EVP_AESCFB_SIZE) == 0) + return AES_192_CFB1_TYPE; + #endif + #ifdef WOLFSSL_AES_256 + else if (EVP_AES_256_CFB1 && XSTRNCMP(cipher, EVP_AES_256_CFB1, EVP_AESCFB_SIZE) == 0) + return AES_256_CFB1_TYPE; + #endif + #ifdef WOLFSSL_AES_128 + else if (EVP_AES_128_CFB8 && XSTRNCMP(cipher, EVP_AES_128_CFB8, EVP_AESCFB_SIZE) == 0) + return AES_128_CFB8_TYPE; + #endif + #ifdef WOLFSSL_AES_192 + else if (EVP_AES_192_CFB8 && XSTRNCMP(cipher, EVP_AES_192_CFB8, EVP_AESCFB_SIZE) == 0) + return AES_192_CFB8_TYPE; + #endif + #ifdef WOLFSSL_AES_256 + else if (EVP_AES_256_CFB8 && XSTRNCMP(cipher, EVP_AES_256_CFB8, EVP_AESCFB_SIZE) == 0) + return AES_256_CFB8_TYPE; + #endif + #ifdef WOLFSSL_AES_128 + else if (EVP_AES_128_CFB128 && XSTRNCMP(cipher, EVP_AES_128_CFB128, EVP_AESCFB_SIZE) == 0) + return AES_128_CFB128_TYPE; + #endif + #ifdef WOLFSSL_AES_192 + else if (EVP_AES_192_CFB128 && XSTRNCMP(cipher, EVP_AES_192_CFB128, EVP_AESCFB_SIZE) == 0) + return AES_192_CFB128_TYPE; + #endif + #ifdef WOLFSSL_AES_256 + else if (EVP_AES_256_CFB128 && XSTRNCMP(cipher, EVP_AES_256_CFB128, EVP_AESCFB_SIZE) == 0) + return AES_256_CFB128_TYPE; + #endif +#endif /*HAVE_AES_CBC */ #endif /* !NO_AES */ else return 0; } @@ -1128,7 +1256,7 @@ WOLFSSL_EVP_PKEY_CTX *wolfSSL_EVP_PKEY_CTX_new_id(int id, WOLFSSL_ENGINE *e) WOLFSSL_ENTER("wolfSSL_EVP_PKEY_CTX_new_id"); - pkey = wolfSSL_PKEY_new_ex(NULL); + pkey = wolfSSL_EVP_PKEY_new_ex(NULL); if (pkey) { pkey->type = id; ctx = wolfSSL_EVP_PKEY_CTX_new(pkey, e); @@ -1400,7 +1528,7 @@ int wolfSSL_EVP_PKEY_keygen(WOLFSSL_EVP_PKEY_CTX *ctx, pkey = *ppkey; if (pkey == NULL) { ownPkey = 1; - pkey = wolfSSL_PKEY_new(); + pkey = wolfSSL_EVP_PKEY_new(); if (pkey == NULL) return ret; @@ -1541,7 +1669,6 @@ WOLFSSL_API int wolfSSL_EVP_PKEY_cmp(const WOLFSSL_EVP_PKEY *a, const WOLFSSL_EV return ret; } - /* Initialize structure for signing * * ctx WOLFSSL_EVP_MD_CTX structure to initialize @@ -1581,6 +1708,60 @@ int wolfSSL_EVP_SignUpdate(WOLFSSL_EVP_MD_CTX *ctx, const void *data, size_t len return wolfSSL_EVP_DigestUpdate(ctx, data, len); } +static const struct s_ent { + const unsigned char macType; + const char *name; +} md_tbl[] = { +#ifndef NO_MD4 + {WC_HASH_TYPE_MD4, "MD4"}, +#endif /* NO_MD4 */ + +#ifndef NO_MD5 + {WC_HASH_TYPE_MD5, "MD5"}, +#endif /* NO_MD5 */ + +#ifndef NO_SHA + {WC_HASH_TYPE_SHA, "SHA"}, +#endif /* NO_SHA */ + +#ifdef WOLFSSL_SHA224 + {WC_HASH_TYPE_SHA224, "SHA224"}, +#endif /* WOLFSSL_SHA224 */ +#ifndef NO_SHA256 + {WC_HASH_TYPE_SHA256, "SHA256"}, +#endif + +#ifdef WOLFSSL_SHA384 + {WC_HASH_TYPE_SHA384, "SHA384"}, +#endif /* WOLFSSL_SHA384 */ +#ifdef WOLFSSL_SHA512 + {WC_HASH_TYPE_SHA512, "SHA512"}, +#endif /* WOLFSSL_SHA512 */ +#ifndef WOLFSSL_NOSHA3_224 + {WC_HASH_TYPE_SHA3_224, "SHA3_224"}, +#endif +#ifndef WOLFSSL_NOSHA3_256 + {WC_HASH_TYPE_SHA3_256, "SHA3_256"}, +#endif + {WC_HASH_TYPE_SHA3_384, "SHA3_384"}, +#ifndef WOLFSSL_NOSHA3_512 + {WC_HASH_TYPE_SHA3_512, "SHA3_512"}, +#endif + {0, NULL} +}; + +static WOLFSSL_EVP_MD *wolfSSL_EVP_get_md(const unsigned char type) +{ + const struct s_ent *ent ; + WOLFSSL_ENTER("EVP_get_md"); + for( ent = md_tbl; ent->name != NULL; ent++){ + if(type == ent->macType) { + return (WOLFSSL_EVP_MD *)ent->name; + } + } + return (WOLFSSL_EVP_MD *)""; +} + /* macro guard because currently only used with RSA */ #if !defined(NO_RSA) && !defined(HAVE_USER_RSA) /* Helper function for getting the NID value from md @@ -1752,7 +1933,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_mac_key(int type, ENGINE* e, if (type != EVP_PKEY_HMAC || (key == NULL && keylen != 0)) return NULL; - pkey = wolfSSL_PKEY_new(); + pkey = wolfSSL_EVP_PKEY_new(); if (pkey != NULL) { pkey->pkey.ptr = (char*)XMALLOC(keylen, NULL, DYNAMIC_TYPE_PUBLIC_KEY); if (pkey->pkey.ptr == NULL && keylen > 0) { @@ -2081,7 +2262,6 @@ int wolfSSL_EVP_DigestSignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sig, ForceZero(digest, sizeof(digest)); return ret; } - int wolfSSL_EVP_DigestVerifyInit(WOLFSSL_EVP_MD_CTX *ctx, WOLFSSL_EVP_PKEY_CTX **pctx, const WOLFSSL_EVP_MD *type, @@ -2175,6 +2355,7 @@ int wolfSSL_EVP_DigestVerifyFinal(WOLFSSL_EVP_MD_CTX *ctx, return WOLFSSL_FAILURE; } + #ifdef WOLFSSL_APACHE_HTTPD #if !defined(USE_WINDOWS_API) && !defined(MICROCHIP_PIC32) #include @@ -2249,7 +2430,7 @@ int wolfSSL_EVP_read_pw_string(char* buf, int bufSz, const char* banner, int v) } #endif /* WOLFSSL_APACHE_HTTPD */ -#if defined(OPENSSL_EXTRA) && !defined(NO_PWDBASED) && !defined(NO_SHA) +#if !defined(NO_PWDBASED) && !defined(NO_SHA) int wolfSSL_PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, const unsigned char *salt, int saltlen, int iter, @@ -2273,9 +2454,9 @@ int wolfSSL_PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, else return WOLFSSL_FAILURE; } -#endif /* OPENSSL_EXTRA && !NO_PWDBASED !NO_SHA*/ +#endif /* !NO_PWDBASED !NO_SHA*/ -#if defined(OPENSSL_EXTRA) && !defined(NO_PWDBASED) +#if !defined(NO_PWDBASED) WOLFSSL_API int wolfSSL_PKCS5_PBKDF2_HMAC(const char *pass, int passlen, const unsigned char *salt, int saltlen, int iter, @@ -2299,6 +2480,4020 @@ WOLFSSL_API int wolfSSL_PKCS5_PBKDF2_HMAC(const char *pass, int passlen, else return WOLFSSL_FAILURE; } -#endif /* OPENSSL_EXTRA && !NO_PWDBASED */ +#endif /* !NO_PWDBASED */ + +static const struct cipher{ + unsigned char type; + const char *name; + int nid; +} cipher_tbl[] = { + +#ifndef NO_AES + #ifdef WOLFSSL_AES_128 + {AES_128_CBC_TYPE, "AES-128-CBC", NID_aes_128_cbc}, + #endif + #ifdef WOLFSSL_AES_192 + {AES_192_CBC_TYPE, "AES-192-CBC", NID_aes_192_cbc}, + #endif + #ifdef WOLFSSL_AES_256 + {AES_256_CBC_TYPE, "AES-256-CBC", NID_aes_256_cbc}, + #endif + + #ifdef WOLFSSL_AES_128 + {AES_128_CFB1_TYPE, "AES-128-CFB1", NID_aes_128_cfb1}, + #endif + #ifdef WOLFSSL_AES_192 + {AES_192_CFB1_TYPE, "AES-192-CFB1", NID_aes_192_cfb1}, + #endif + #ifdef WOLFSSL_AES_256 + {AES_256_CFB1_TYPE, "AES-256-CFB1", NID_aes_256_cfb1}, + #endif + + #ifdef WOLFSSL_AES_128 + {AES_128_CFB8_TYPE, "AES-128-CFB8", NID_aes_128_cfb8}, + #endif + #ifdef WOLFSSL_AES_192 + {AES_192_CFB8_TYPE, "AES-192-CFB8", NID_aes_192_cfb8}, + #endif + #ifdef WOLFSSL_AES_256 + {AES_256_CFB8_TYPE, "AES-256-CFB8", NID_aes_256_cfb8}, + #endif + + #ifdef WOLFSSL_AES_128 + {AES_128_CFB128_TYPE, "AES-128-CFB128", NID_aes_128_cfb128}, + #endif + #ifdef WOLFSSL_AES_192 + {AES_192_CFB128_TYPE, "AES-192-CFB128", NID_aes_192_cfb128}, + #endif + #ifdef WOLFSSL_AES_256 + {AES_256_CFB128_TYPE, "AES-256-CFB128", NID_aes_256_cfb128}, + #endif + + #ifdef WOLFSSL_AES_128 + {AES_128_OFB_TYPE, "AES-128-OFB", NID_aes_128_ofb}, + #endif + #ifdef WOLFSSL_AES_192 + {AES_192_OFB_TYPE, "AES-192-OFB", NID_aes_192_ofb}, + #endif + #ifdef WOLFSSL_AES_256 + {AES_256_OFB_TYPE, "AES-256-OFB", NID_aes_256_ofb}, + #endif + + #ifdef WOLFSSL_AES_128 + {AES_128_XTS_TYPE, "AES-128-XTS", NID_aes_128_xts}, + #endif + #ifdef WOLFSSL_AES_256 + {AES_256_XTS_TYPE, "AES-256-XTS", NID_aes_256_xts}, + #endif + + #ifdef WOLFSSL_AES_128 + {AES_128_GCM_TYPE, "AES-128-GCM", NID_aes_128_gcm}, + #endif + #ifdef WOLFSSL_AES_192 + {AES_192_GCM_TYPE, "AES-192-GCM", NID_aes_192_gcm}, + #endif + #ifdef WOLFSSL_AES_256 + {AES_256_GCM_TYPE, "AES-256-GCM", NID_aes_256_gcm}, + #endif + #ifdef WOLFSSL_AES_128 + {AES_128_CTR_TYPE, "AES-128-CTR", NID_aes_128_ctr}, + #endif + #ifdef WOLFSSL_AES_192 + {AES_192_CTR_TYPE, "AES-192-CTR", NID_aes_192_ctr}, + #endif + #ifdef WOLFSSL_AES_256 + {AES_256_CTR_TYPE, "AES-256-CTR", NID_aes_256_ctr}, + #endif + + #ifdef WOLFSSL_AES_128 + {AES_128_ECB_TYPE, "AES-128-ECB", NID_aes_128_ecb}, + #endif + #ifdef WOLFSSL_AES_192 + {AES_192_ECB_TYPE, "AES-192-ECB", NID_aes_192_ecb}, + #endif + #ifdef WOLFSSL_AES_256 + {AES_256_ECB_TYPE, "AES-256-ECB", NID_aes_256_ecb}, + #endif + +#endif + +#ifndef NO_DES3 + {DES_CBC_TYPE, "DES-CBC", NID_des_cbc}, + {DES_ECB_TYPE, "DES-ECB", NID_des_ecb}, + + {DES_EDE3_CBC_TYPE, "DES-EDE3-CBC", NID_des_ede3_cbc}, + {DES_EDE3_ECB_TYPE, "DES-EDE3-ECB", NID_des_ede3_ecb}, +#endif + +#ifndef NO_RC4 + {ARC4_TYPE, "ARC4", NID_undef}, +#endif + +#ifdef HAVE_IDEA + {IDEA_CBC_TYPE, "IDEA-CBC", NID_idea_cbc}, +#endif + { 0, NULL, 0} +}; + +/* returns cipher using provided ctx type */ +const WOLFSSL_EVP_CIPHER *wolfSSL_EVP_CIPHER_CTX_cipher( + const WOLFSSL_EVP_CIPHER_CTX *ctx) +{ + const struct cipher* c; + + if (!ctx || !ctx->cipherType) { + return NULL; + } + + for (c = cipher_tbl; c->type != 0; c++) { + if (ctx->cipherType == c->type) { + return wolfSSL_EVP_get_cipherbyname(c->name); + } + } + + return NULL; +} + +int wolfSSL_EVP_CIPHER_nid(const WOLFSSL_EVP_CIPHER *cipher) +{ + const struct cipher* c; + + if (!cipher) { + return 0; + } + + for (c = cipher_tbl; c->type != 0; c++) { + if (XSTRNCMP(cipher, c->name, XSTRLEN(c->name)+1) == 0) { + return c->nid; + } + } + + return 0; +} + +const WOLFSSL_EVP_CIPHER *wolfSSL_EVP_get_cipherbyname(const char *name) +{ + + static const struct alias { + const char *name; + const char *alias; + } alias_tbl[] = + { +#ifndef NO_DES3 + {"DES-CBC", "DES"}, + {"DES-CBC", "des"}, + {"DES-ECB", "DES-ECB"}, + {"DES-ECB", "des-ecb"}, + {"DES-EDE3-CBC", "DES3"}, + {"DES-EDE3-CBC", "des3"}, + {"DES-EDE3-ECB", "DES-EDE3"}, + {"DES-EDE3-ECB", "des-ede3"}, + {"DES-EDE3-ECB", "des-ede3-ecb"}, +#endif +#ifdef HAVE_IDEA + {"IDEA-CBC", "IDEA"}, + {"IDEA-CBC", "idea"}, +#endif +#ifndef NO_AES + #ifdef HAVE_AES_CBC + #ifdef WOLFSSL_AES_128 + {"AES-128-CBC", "AES128-CBC"}, + {"AES-128-CBC", "aes128-cbc"}, + #endif + #ifdef WOLFSSL_AES_192 + {"AES-192-CBC", "AES192-CBC"}, + {"AES-192-CBC", "aes192-cbc"}, + #endif + #ifdef WOLFSSL_AES_256 + {"AES-256-CBC", "AES256-CBC"}, + {"AES-256-CBC", "aes256-cbc"}, + #endif + #endif + #ifdef WOLFSSL_AES_128 + {"AES-128-ECB", "AES128-ECB"}, + {"AES-128-ECB", "aes128-ecb"}, + #endif + #ifdef WOLFSSL_AES_192 + {"AES-192-ECB", "AES192-ECB"}, + {"AES-192-ECB", "aes192-ecb"}, + #endif + #ifdef WOLFSSL_AES_256 + {"AES-256-ECB", "AES256-ECB"}, + #endif + #ifdef HAVE_AESGCM + #ifdef WOLFSSL_AES_128 + {"AES-128-GCM", "aes-128-gcm"}, + {"AES-128-GCM", "id-aes128-GCM"}, + #endif + #ifdef WOLFSSL_AES_192 + {"AES-192-GCM", "aes-192-gcm"}, + {"AES-192-GCM", "id-aes192-GCM"}, + #endif + #ifdef WOLFSSL_AES_256 + {"AES-256-GCM", "aes-256-gcm"}, + {"AES-256-GCM", "id-aes256-GCM"}, + #endif + #endif +#endif +#ifndef NO_RC4 + {"ARC4", "RC4"}, +#endif + { NULL, NULL} + }; + + const struct cipher *ent; + const struct alias *al; + + WOLFSSL_ENTER("EVP_get_cipherbyname"); + + for( al = alias_tbl; al->name != NULL; al++) + if(XSTRNCMP(name, al->alias, XSTRLEN(al->alias)+1) == 0) { + name = al->name; + break; + } + + for( ent = cipher_tbl; ent->name != NULL; ent++) + if(XSTRNCMP(name, ent->name, XSTRLEN(ent->name)+1) == 0) { + return (WOLFSSL_EVP_CIPHER *)ent->name; + } + + return NULL; +} + +/* + * return an EVP_CIPHER structure when cipher NID is passed. + * + * id cipher NID + * + * return WOLFSSL_EVP_CIPHER +*/ +const WOLFSSL_EVP_CIPHER *wolfSSL_EVP_get_cipherbynid(int id) +{ + WOLFSSL_ENTER("EVP_get_cipherbynid"); + + switch(id) { + +#ifndef NO_AES + #ifdef HAVE_AES_CBC + #ifdef WOLFSSL_AES_128 + case NID_aes_128_cbc: + return wolfSSL_EVP_aes_128_cbc(); + #endif + #ifdef WOLFSSL_AES_192 + case NID_aes_192_cbc: + return wolfSSL_EVP_aes_192_cbc(); + #endif + #ifdef WOLFSSL_AES_256 + case NID_aes_256_cbc: + return wolfSSL_EVP_aes_256_cbc(); + #endif + #endif + #ifdef WOLFSSL_AES_COUNTER + #ifdef WOLFSSL_AES_128 + case NID_aes_128_ctr: + return wolfSSL_EVP_aes_128_ctr(); + #endif + #ifdef WOLFSSL_AES_192 + case NID_aes_192_ctr: + return wolfSSL_EVP_aes_192_ctr(); + #endif + #ifdef WOLFSSL_AES_256 + case NID_aes_256_ctr: + return wolfSSL_EVP_aes_256_ctr(); + #endif + #endif /* WOLFSSL_AES_COUNTER */ + #ifdef HAVE_AES_ECB + #ifdef WOLFSSL_AES_128 + case NID_aes_128_ecb: + return wolfSSL_EVP_aes_128_ecb(); + #endif + #ifdef WOLFSSL_AES_192 + case NID_aes_192_ecb: + return wolfSSL_EVP_aes_192_ecb(); + #endif + #ifdef WOLFSSL_AES_256 + case NID_aes_256_ecb: + return wolfSSL_EVP_aes_256_ecb(); + #endif + #endif /* HAVE_AES_ECB */ + #ifdef HAVE_AESGCM + #ifdef WOLFSSL_AES_128 + case NID_aes_128_gcm: + return wolfSSL_EVP_aes_128_gcm(); + #endif + #ifdef WOLFSSL_AES_192 + case NID_aes_192_gcm: + return wolfSSL_EVP_aes_192_gcm(); + #endif + #ifdef WOLFSSL_AES_256 + case NID_aes_256_gcm: + return wolfSSL_EVP_aes_256_gcm(); + #endif + #endif +#endif + +#ifndef NO_DES3 + case NID_des_cbc: + return wolfSSL_EVP_des_cbc(); +#ifdef WOLFSSL_DES_ECB + case NID_des_ecb: + return wolfSSL_EVP_des_ecb(); +#endif + case NID_des_ede3_cbc: + return wolfSSL_EVP_des_ede3_cbc(); +#ifdef WOLFSSL_DES_ECB + case NID_des_ede3_ecb: + return wolfSSL_EVP_des_ede3_ecb(); +#endif +#endif /*NO_DES3*/ + +#ifdef HAVE_IDEA + case NID_idea_cbc: + return wolfSSL_EVP_idea_cbc(); +#endif + + default: + WOLFSSL_MSG("Bad cipher id value"); + } + + return NULL; +} + +void wolfSSL_EVP_init(void) +{ +#ifndef NO_AES + #ifdef HAVE_AES_CBC + #ifdef WOLFSSL_AES_128 + EVP_AES_128_CBC = (char *)EVP_get_cipherbyname("AES-128-CBC"); + #endif + #ifdef WOLFSSL_AES_192 + EVP_AES_192_CBC = (char *)EVP_get_cipherbyname("AES-192-CBC"); + #endif + #ifdef WOLFSSL_AES_256 + EVP_AES_256_CBC = (char *)EVP_get_cipherbyname("AES-256-CBC"); + #endif + #endif /* HAVE_AES_CBC */ + + #ifdef WOLFSSL_AES_CFB + #ifdef WOLFSSL_AES_128 + EVP_AES_128_CFB1 = (char *)EVP_get_cipherbyname("AES-128-CFB1"); + #endif + + #ifdef WOLFSSL_AES_192 + EVP_AES_192_CFB1 = (char *)EVP_get_cipherbyname("AES-192-CFB1"); + #endif + + #ifdef WOLFSSL_AES_256 + EVP_AES_256_CFB1 = (char *)EVP_get_cipherbyname("AES-256-CFB1"); + #endif + + #ifdef WOLFSSL_AES_128 + EVP_AES_128_CFB8 = (char *)EVP_get_cipherbyname("AES-128-CFB8"); + #endif + + #ifdef WOLFSSL_AES_192 + EVP_AES_192_CFB8 = (char *)EVP_get_cipherbyname("AES-192-CFB8"); + #endif + + #ifdef WOLFSSL_AES_256 + EVP_AES_256_CFB8 = (char *)EVP_get_cipherbyname("AES-256-CFB8"); + #endif + + #ifdef WOLFSSL_AES_128 + EVP_AES_128_CFB128 = (char *)EVP_get_cipherbyname("AES-128-CFB128"); + #endif + + #ifdef WOLFSSL_AES_192 + EVP_AES_192_CFB128 = (char *)EVP_get_cipherbyname("AES-192-CFB128"); + #endif + + #ifdef WOLFSSL_AES_256 + EVP_AES_256_CFB128 = (char *)EVP_get_cipherbyname("AES-256-CFB128"); + #endif + #endif /* WOLFSSL_AES_CFB */ + + #ifdef WOLFSSL_AES_OFB + #ifdef WOLFSSL_AES_128 + EVP_AES_128_OFB = (char *)EVP_get_cipherbyname("AES-128-OFB"); + #endif + + #ifdef WOLFSSL_AES_192 + EVP_AES_192_OFB = (char *)EVP_get_cipherbyname("AES-192-OFB"); + #endif + + #ifdef WOLFSSL_AES_256 + EVP_AES_256_OFB = (char *)EVP_get_cipherbyname("AES-256-OFB"); + #endif + #endif /* WOLFSSL_AES_OFB */ + + #ifdef WOLFSSL_AES_XTS + #ifdef WOLFSSL_AES_128 + EVP_AES_128_XTS = (char *)EVP_get_cipherbyname("AES-128-XTS"); + #endif + + #ifdef WOLFSSL_AES_256 + EVP_AES_256_XTS = (char *)EVP_get_cipherbyname("AES-256-XTS"); + #endif + #endif /* WOLFSSL_AES_XTS */ + + #ifdef HAVE_AESGCM + #ifdef WOLFSSL_AES_128 + EVP_AES_128_GCM = (char *)EVP_get_cipherbyname("AES-128-GCM"); + #endif + #ifdef WOLFSSL_AES_192 + EVP_AES_192_GCM = (char *)EVP_get_cipherbyname("AES-192-GCM"); + #endif + #ifdef WOLFSSL_AES_256 + EVP_AES_256_GCM = (char *)EVP_get_cipherbyname("AES-256-GCM"); + #endif + #endif /* HAVE_AESGCM*/ + #ifdef WOLFSSL_AES_128 + EVP_AES_128_CTR = (char *)EVP_get_cipherbyname("AES-128-CTR"); + #endif + #ifdef WOLFSSL_AES_192 + EVP_AES_192_CTR = (char *)EVP_get_cipherbyname("AES-192-CTR"); + #endif + #ifdef WOLFSSL_AES_256 + EVP_AES_256_CTR = (char *)EVP_get_cipherbyname("AES-256-CTR"); + #endif + + #ifdef WOLFSSL_AES_128 + EVP_AES_128_ECB = (char *)EVP_get_cipherbyname("AES-128-ECB"); + #endif + #ifdef WOLFSSL_AES_192 + EVP_AES_192_ECB = (char *)EVP_get_cipherbyname("AES-192-ECB"); + #endif + #ifdef WOLFSSL_AES_256 + EVP_AES_256_ECB = (char *)EVP_get_cipherbyname("AES-256-ECB"); + #endif +#endif /* ifndef NO_AES*/ + +#ifndef NO_DES3 + EVP_DES_CBC = (char *)EVP_get_cipherbyname("DES-CBC"); + EVP_DES_ECB = (char *)EVP_get_cipherbyname("DES-ECB"); + + EVP_DES_EDE3_CBC = (char *)EVP_get_cipherbyname("DES-EDE3-CBC"); + EVP_DES_EDE3_ECB = (char *)EVP_get_cipherbyname("DES-EDE3-ECB"); +#endif + +#ifdef HAVE_IDEA + EVP_IDEA_CBC = (char *)EVP_get_cipherbyname("IDEA-CBC"); +#endif +} + +#if !defined(NO_PWDBASED) +int wolfSSL_EVP_get_hashinfo(const WOLFSSL_EVP_MD* evp, + int* pHash, int* pHashSz) +{ + enum wc_HashType hash = WC_HASH_TYPE_NONE; + int hashSz; + + if (XSTRLEN(evp) < 3) { + /* do not try comparing strings if size is too small */ + return WOLFSSL_FAILURE; + } + + if (XSTRNCMP("SHA", evp, 3) == 0) { + if (XSTRLEN(evp) > 3) { + #ifndef NO_SHA256 + if (XSTRNCMP("SHA256", evp, 6) == 0) { + hash = WC_HASH_TYPE_SHA256; + } + else + #endif + #ifdef WOLFSSL_SHA384 + if (XSTRNCMP("SHA384", evp, 6) == 0) { + hash = WC_HASH_TYPE_SHA384; + } + else + #endif + #ifdef WOLFSSL_SHA512 + if (XSTRNCMP("SHA512", evp, 6) == 0) { + hash = WC_HASH_TYPE_SHA512; + } + else + #endif + { + WOLFSSL_MSG("Unknown SHA hash"); + } + } + else { + hash = WC_HASH_TYPE_SHA; + } + } +#ifdef WOLFSSL_MD2 + else if (XSTRNCMP("MD2", evp, 3) == 0) { + hash = WC_HASH_TYPE_MD2; + } +#endif +#ifndef NO_MD4 + else if (XSTRNCMP("MD4", evp, 3) == 0) { + hash = WC_HASH_TYPE_MD4; + } +#endif +#ifndef NO_MD5 + else if (XSTRNCMP("MD5", evp, 3) == 0) { + hash = WC_HASH_TYPE_MD5; + } +#endif + + if (pHash) + *pHash = hash; + + hashSz = wc_HashGetDigestSize(hash); + if (pHashSz) + *pHashSz = hashSz; + + if (hashSz < 0) { + return WOLFSSL_FAILURE; + } + + return WOLFSSL_SUCCESS; +} + +/* this function makes the assumption that out buffer is big enough for digest*/ +int wolfSSL_EVP_Digest(const unsigned char* in, int inSz, unsigned char* out, + unsigned int* outSz, const WOLFSSL_EVP_MD* evp, + WOLFSSL_ENGINE* eng) +{ + int err; + int hashType = WC_HASH_TYPE_NONE; + int hashSz; + + WOLFSSL_ENTER("wolfSSL_EVP_Digest"); + if (in == NULL || out == NULL || evp == NULL) { + WOLFSSL_MSG("Null argument passed in"); + return WOLFSSL_FAILURE; + } + + err = wolfSSL_EVP_get_hashinfo(evp, &hashType, &hashSz); + if (err != WOLFSSL_SUCCESS) + return err; + + if (wc_Hash((enum wc_HashType)hashType, in, inSz, out, hashSz) != 0) { + return WOLFSSL_FAILURE; + } + + if (outSz != NULL) + *outSz = hashSz; + + (void)eng; + return WOLFSSL_SUCCESS; +} +#endif + +const WOLFSSL_EVP_MD *wolfSSL_EVP_get_digestbyname(const char *name) +{ + static const struct alias { + const char *name; + const char *alias; + } alias_tbl[] = + { + {"MD4", "ssl3-md4"}, + {"MD5", "ssl3-md5"}, + {"SHA", "ssl3-sha1"}, + {"SHA", "SHA1"}, + { NULL, NULL} + }; + + const struct alias *al; + const struct s_ent *ent; + + + for (al = alias_tbl; al->name != NULL; al++) + if(XSTRNCMP(name, al->alias, XSTRLEN(al->alias)+1) == 0) { + name = al->name; + break; + } + + for (ent = md_tbl; ent->name != NULL; ent++) + if(XSTRNCMP(name, ent->name, XSTRLEN(ent->name)+1) == 0) { + return (EVP_MD *)ent->name; + } + return NULL; +} + +int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) +{ + const struct s_ent *ent ; + WOLFSSL_ENTER("EVP_MD_type"); + for( ent = md_tbl; ent->name != NULL; ent++){ + if(XSTRNCMP((const char *)md, ent->name, XSTRLEN(ent->name)+1) == 0) { + return ent->macType; + } + } + return 0; +} + +#ifndef NO_MD4 + + /* return a pointer to MD4 EVP type */ + const WOLFSSL_EVP_MD* wolfSSL_EVP_md4(void) + { + WOLFSSL_ENTER("wolfSSL_EVP_md4"); + return EVP_get_digestbyname("MD4"); + } + +#endif /* !NO_MD4 */ + + +#ifndef NO_MD5 + + const WOLFSSL_EVP_MD* wolfSSL_EVP_md5(void) + { + WOLFSSL_ENTER("EVP_md5"); + return EVP_get_digestbyname("MD5"); + } + +#endif /* !NO_MD5 */ + + +#ifndef NO_WOLFSSL_STUB + const WOLFSSL_EVP_MD* wolfSSL_EVP_mdc2(void) + { + WOLFSSL_STUB("EVP_mdc2"); + return NULL; + } +#endif + +#ifndef NO_SHA + const WOLFSSL_EVP_MD* wolfSSL_EVP_sha1(void) + { + WOLFSSL_ENTER("EVP_sha1"); + return EVP_get_digestbyname("SHA"); + } +#endif /* NO_SHA */ + +#ifdef WOLFSSL_SHA224 + + const WOLFSSL_EVP_MD* wolfSSL_EVP_sha224(void) + { + WOLFSSL_ENTER("EVP_sha224"); + return EVP_get_digestbyname("SHA224"); + } + +#endif /* WOLFSSL_SHA224 */ + + + const WOLFSSL_EVP_MD* wolfSSL_EVP_sha256(void) + { + WOLFSSL_ENTER("EVP_sha256"); + return EVP_get_digestbyname("SHA256"); + } + +#ifdef WOLFSSL_SHA384 + + const WOLFSSL_EVP_MD* wolfSSL_EVP_sha384(void) + { + WOLFSSL_ENTER("EVP_sha384"); + return EVP_get_digestbyname("SHA384"); + } + +#endif /* WOLFSSL_SHA384 */ + +#ifdef WOLFSSL_SHA512 + + const WOLFSSL_EVP_MD* wolfSSL_EVP_sha512(void) + { + WOLFSSL_ENTER("EVP_sha512"); + return EVP_get_digestbyname("SHA512"); + } + +#endif /* WOLFSSL_SHA512 */ + +#ifdef WOLFSSL_SHA3 +#ifndef WOLFSSL_NOSHA3_224 + const WOLFSSL_EVP_MD* wolfSSL_EVP_sha3_224(void) + { + WOLFSSL_ENTER("EVP_sha3_224"); + return EVP_get_digestbyname("SHA3_224"); + } +#endif /* WOLFSSL_NOSHA3_224 */ + + +#ifndef WOLFSSL_NOSHA3_256 + const WOLFSSL_EVP_MD* wolfSSL_EVP_sha3_256(void) + { + WOLFSSL_ENTER("EVP_sha3_256"); + return EVP_get_digestbyname("SHA3_256"); + } +#endif /* WOLFSSL_NOSHA3_256 */ + + const WOLFSSL_EVP_MD* wolfSSL_EVP_sha3_384(void) + { + WOLFSSL_ENTER("EVP_sha3_384"); + return EVP_get_digestbyname("SHA3_384"); + } + +#ifndef WOLFSSL_NOSHA3_512 + const WOLFSSL_EVP_MD* wolfSSL_EVP_sha3_512(void) + { + WOLFSSL_ENTER("EVP_sha3_512"); + return EVP_get_digestbyname("SHA3_512"); + } +#endif /* WOLFSSL_NOSHA3_512 */ +#endif /* WOLFSSL_SHA3 */ + + WOLFSSL_EVP_MD_CTX *wolfSSL_EVP_MD_CTX_new(void) + { + WOLFSSL_EVP_MD_CTX* ctx; + WOLFSSL_ENTER("EVP_MD_CTX_new"); + ctx = (WOLFSSL_EVP_MD_CTX*)XMALLOC(sizeof *ctx, NULL, + DYNAMIC_TYPE_OPENSSL); + if (ctx){ + wolfSSL_EVP_MD_CTX_init(ctx); + } + return ctx; + } + + WOLFSSL_API void wolfSSL_EVP_MD_CTX_free(WOLFSSL_EVP_MD_CTX *ctx) + { + if (ctx) { + WOLFSSL_ENTER("EVP_MD_CTX_free"); + wolfSSL_EVP_MD_CTX_cleanup(ctx); + XFREE(ctx, NULL, DYNAMIC_TYPE_OPENSSL); + } + } + + + /* returns the type of message digest used by the ctx */ + int wolfSSL_EVP_MD_CTX_type(const WOLFSSL_EVP_MD_CTX *ctx) { + WOLFSSL_ENTER("EVP_MD_CTX_type"); + return ctx->macType; + } + + + /* returns WOLFSSL_SUCCESS on success */ + int wolfSSL_EVP_MD_CTX_copy(WOLFSSL_EVP_MD_CTX *out, const WOLFSSL_EVP_MD_CTX *in) + { + return wolfSSL_EVP_MD_CTX_copy_ex(out, in); + } + + /* returns digest size */ + int wolfSSL_EVP_MD_CTX_size(const WOLFSSL_EVP_MD_CTX *ctx) { + return(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(ctx))); + } + /* returns block size */ + int wolfSSL_EVP_MD_CTX_block_size(const WOLFSSL_EVP_MD_CTX *ctx) { + return(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(ctx))); + } + + /* Deep copy of EVP_MD hasher + * return WOLFSSL_SUCCESS on success */ + static int wolfSSL_EVP_MD_Copy_Hasher(WOLFSSL_EVP_MD_CTX* des, + const WOLFSSL_EVP_MD_CTX* src) + { + if (src->macType == (NID_hmac & 0xFF)) { + wolfSSL_HmacCopy(&des->hash.hmac, (Hmac*)&src->hash.hmac); + } + else { + switch (src->macType) { + #ifndef NO_MD5 + case WC_HASH_TYPE_MD5: + wc_Md5Copy((wc_Md5*)&src->hash.digest, + (wc_Md5*)&des->hash.digest); + break; + #endif /* !NO_MD5 */ + + #ifndef NO_SHA + case WC_HASH_TYPE_SHA: + wc_ShaCopy((wc_Sha*)&src->hash.digest, + (wc_Sha*)&des->hash.digest); + break; + #endif /* !NO_SHA */ + + #ifdef WOLFSSL_SHA224 + case WC_HASH_TYPE_SHA224: + wc_Sha224Copy((wc_Sha224*)&src->hash.digest, + (wc_Sha224*)&des->hash.digest); + break; + #endif /* WOLFSSL_SHA224 */ + + #ifndef NO_SHA256 + case WC_HASH_TYPE_SHA256: + wc_Sha256Copy((wc_Sha256*)&src->hash.digest, + (wc_Sha256*)&des->hash.digest); + break; + #endif /* !NO_SHA256 */ + + #ifdef WOLFSSL_SHA384 + case WC_HASH_TYPE_SHA384: + wc_Sha384Copy((wc_Sha384*)&src->hash.digest, + (wc_Sha384*)&des->hash.digest); + break; + #endif /* WOLFSSL_SHA384 */ + #ifdef WOLFSSL_SHA512 + case WC_HASH_TYPE_SHA512: + wc_Sha512Copy((wc_Sha512*)&src->hash.digest, + (wc_Sha512*)&des->hash.digest); + break; + #endif /* WOLFSSL_SHA512 */ + #ifdef WOLFSSL_SHA3 + #ifndef WOLFSSL_NOSHA3_224 + case WC_HASH_TYPE_SHA3_224: + wc_Sha3_224_Copy((wc_Sha3*)&src->hash.digest, + (wc_Sha3*)&des->hash.digest); + break; + #endif + + #ifndef WOLFSSL_NOSHA3_256 + case WC_HASH_TYPE_SHA3_256: + wc_Sha3_256_Copy((wc_Sha3*)&src->hash.digest, + (wc_Sha3*)&des->hash.digest); + break; + #endif + + case WC_HASH_TYPE_SHA3_384: + wc_Sha3_384_Copy((wc_Sha3*)&src->hash.digest, + (wc_Sha3*)&des->hash.digest); + break; + + #ifndef WOLFSSL_NOSHA3_512 + case WC_HASH_TYPE_SHA3_512: + wc_Sha3_512_Copy((wc_Sha3*)&src->hash.digest, + (wc_Sha3*)&des->hash.digest); + break; + #endif + #endif + default: + return WOLFSSL_FAILURE; + } + } + return WOLFSSL_SUCCESS; + } + + /* copies structure in to the structure out + * + * returns WOLFSSL_SUCCESS on success */ + int wolfSSL_EVP_MD_CTX_copy_ex(WOLFSSL_EVP_MD_CTX *out, const WOLFSSL_EVP_MD_CTX *in) + { + if ((out == NULL) || (in == NULL)) return WOLFSSL_FAILURE; + WOLFSSL_ENTER("EVP_CIPHER_MD_CTX_copy_ex"); + XMEMCPY(out, in, sizeof(WOLFSSL_EVP_MD_CTX)); + if (in->pctx != NULL) { + out->pctx = wolfSSL_EVP_PKEY_CTX_new(in->pctx->pkey, NULL); + if (out->pctx == NULL) + return WOLFSSL_FAILURE; + } + return wolfSSL_EVP_MD_Copy_Hasher(out, (WOLFSSL_EVP_MD_CTX*)in); + } + + void wolfSSL_EVP_MD_CTX_init(WOLFSSL_EVP_MD_CTX* ctx) + { + WOLFSSL_ENTER("EVP_CIPHER_MD_CTX_init"); + XMEMSET(ctx, 0, sizeof(WOLFSSL_EVP_MD_CTX)); + } + + const WOLFSSL_EVP_MD *wolfSSL_EVP_MD_CTX_md(const WOLFSSL_EVP_MD_CTX *ctx) + { + if (ctx == NULL) + return NULL; + WOLFSSL_ENTER("EVP_MD_CTX_md"); + return (const WOLFSSL_EVP_MD *)wolfSSL_EVP_get_md(ctx->macType); + } + + #ifndef NO_AES + + #ifdef HAVE_AES_CBC + #ifdef WOLFSSL_AES_128 + const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cbc(void) + { + WOLFSSL_ENTER("wolfSSL_EVP_aes_128_cbc"); + if (EVP_AES_128_CBC == NULL) + wolfSSL_EVP_init(); + return EVP_AES_128_CBC; + } + #endif /* WOLFSSL_AES_128 */ + + + #ifdef WOLFSSL_AES_192 + const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_cbc(void) + { + WOLFSSL_ENTER("wolfSSL_EVP_aes_192_cbc"); + if (EVP_AES_192_CBC == NULL) + wolfSSL_EVP_init(); + return EVP_AES_192_CBC; + } + #endif /* WOLFSSL_AES_192 */ + + + #ifdef WOLFSSL_AES_256 + const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_cbc(void) + { + WOLFSSL_ENTER("wolfSSL_EVP_aes_256_cbc"); + if (EVP_AES_256_CBC == NULL) + wolfSSL_EVP_init(); + return EVP_AES_256_CBC; + } + #endif /* WOLFSSL_AES_256 */ + #endif /* HAVE_AES_CBC */ + + #ifdef WOLFSSL_AES_CFB +#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) + #ifdef WOLFSSL_AES_128 + const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cfb1(void) + { + WOLFSSL_ENTER("wolfSSL_EVP_aes_128_cfb1"); + if (EVP_AES_128_CFB1 == NULL) + wolfSSL_EVP_init(); + return EVP_AES_128_CFB1; + } + #endif /* WOLFSSL_AES_128 */ + + #ifdef WOLFSSL_AES_192 + const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_cfb1(void) + { + WOLFSSL_ENTER("wolfSSL_EVP_aes_192_cfb1"); + if (EVP_AES_192_CFB1 == NULL) + wolfSSL_EVP_init(); + return EVP_AES_192_CFB1; + } + #endif /* WOLFSSL_AES_192 */ + + #ifdef WOLFSSL_AES_256 + const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_cfb1(void) + { + WOLFSSL_ENTER("wolfSSL_EVP_aes_256_cfb1"); + if (EVP_AES_256_CFB1 == NULL) + wolfSSL_EVP_init(); + return EVP_AES_256_CFB1; + } + #endif /* WOLFSSL_AES_256 */ + + #ifdef WOLFSSL_AES_128 + const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cfb8(void) + { + WOLFSSL_ENTER("wolfSSL_EVP_aes_128_cfb8"); + if (EVP_AES_128_CFB8 == NULL) + wolfSSL_EVP_init(); + return EVP_AES_128_CFB8; + } + #endif /* WOLFSSL_AES_128 */ + + #ifdef WOLFSSL_AES_192 + const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_cfb8(void) + { + WOLFSSL_ENTER("wolfSSL_EVP_aes_192_cfb8"); + if (EVP_AES_192_CFB8 == NULL) + wolfSSL_EVP_init(); + return EVP_AES_192_CFB8; + } + #endif /* WOLFSSL_AES_192 */ + + #ifdef WOLFSSL_AES_256 + const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_cfb8(void) + { + WOLFSSL_ENTER("wolfSSL_EVP_aes_256_cfb8"); + if (EVP_AES_256_CFB8 == NULL) + wolfSSL_EVP_init(); + return EVP_AES_256_CFB8; + } + #endif /* WOLFSSL_AES_256 */ +#endif /* !HAVE_SELFTEST && !HAVE_FIPS */ + + #ifdef WOLFSSL_AES_128 + const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cfb128(void) + { + WOLFSSL_ENTER("wolfSSL_EVP_aes_128_cfb128"); + if (EVP_AES_128_CFB128 == NULL) + wolfSSL_EVP_init(); + return EVP_AES_128_CFB128; + } + #endif /* WOLFSSL_AES_128 */ + + #ifdef WOLFSSL_AES_192 + const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_cfb128(void) + { + WOLFSSL_ENTER("wolfSSL_EVP_aes_192_cfb128"); + if (EVP_AES_192_CFB128 == NULL) + wolfSSL_EVP_init(); + return EVP_AES_192_CFB128; + } + #endif /* WOLFSSL_AES_192 */ + + #ifdef WOLFSSL_AES_256 + const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_cfb128(void) + { + WOLFSSL_ENTER("wolfSSL_EVP_aes_256_cfb128"); + if (EVP_AES_256_CFB128 == NULL) + wolfSSL_EVP_init(); + return EVP_AES_256_CFB128; + } + #endif /* WOLFSSL_AES_256 */ + #endif /* WOLFSSL_AES_CFB */ + + #ifdef WOLFSSL_AES_OFB + #ifdef WOLFSSL_AES_128 + const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_ofb(void) + { + WOLFSSL_ENTER("wolfSSL_EVP_aes_128_ofb"); + if (EVP_AES_128_OFB == NULL) + wolfSSL_EVP_init(); + return EVP_AES_128_OFB; + } + #endif /* WOLFSSL_AES_128 */ + + #ifdef WOLFSSL_AES_192 + const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_ofb(void) + { + WOLFSSL_ENTER("wolfSSL_EVP_aes_192_ofb"); + if (EVP_AES_192_OFB == NULL) + wolfSSL_EVP_init(); + return EVP_AES_192_OFB; + } + #endif /* WOLFSSL_AES_192 */ + + #ifdef WOLFSSL_AES_256 + const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_ofb(void) + { + WOLFSSL_ENTER("wolfSSL_EVP_aes_256_ofb"); + if (EVP_AES_256_OFB == NULL) + wolfSSL_EVP_init(); + return EVP_AES_256_OFB; + } + #endif /* WOLFSSL_AES_256 */ + #endif /* WOLFSSL_AES_OFB */ + + #ifdef WOLFSSL_AES_XTS + #ifdef WOLFSSL_AES_128 + const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_xts(void) + { + WOLFSSL_ENTER("wolfSSL_EVP_aes_128_xts"); + if (EVP_AES_128_XTS == NULL) + wolfSSL_EVP_init(); + return EVP_AES_128_XTS; + } + #endif /* WOLFSSL_AES_128 */ + + #ifdef WOLFSSL_AES_256 + const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_xts(void) + { + WOLFSSL_ENTER("wolfSSL_EVP_aes_256_xts"); + if (EVP_AES_256_XTS == NULL) + wolfSSL_EVP_init(); + return EVP_AES_256_XTS; + } + #endif /* WOLFSSL_AES_256 */ + #endif /* WOLFSSL_AES_XTS */ + + #ifdef HAVE_AESGCM + #ifdef WOLFSSL_AES_128 + const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_gcm(void) + { + WOLFSSL_ENTER("wolfSSL_EVP_aes_128_gcm"); + if (EVP_AES_128_GCM == NULL) + wolfSSL_EVP_init(); + return EVP_AES_128_GCM; + } + #endif /* WOLFSSL_GCM_128 */ + + #ifdef WOLFSSL_AES_192 + const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_gcm(void) + { + WOLFSSL_ENTER("wolfSSL_EVP_aes_192_gcm"); + if (EVP_AES_192_GCM == NULL) + wolfSSL_EVP_init(); + return EVP_AES_192_GCM; + } + #endif /* WOLFSSL_AES_192 */ + + #ifdef WOLFSSL_AES_256 + const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_gcm(void) + { + WOLFSSL_ENTER("wolfSSL_EVP_aes_256_gcm"); + if (EVP_AES_256_GCM == NULL) + wolfSSL_EVP_init(); + return EVP_AES_256_GCM; + } + #endif /* WOLFSSL_AES_256 */ + #endif /* HAVE_AESGCM */ + + #ifdef WOLFSSL_AES_128 + const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_ctr(void) + { + WOLFSSL_ENTER("wolfSSL_EVP_aes_128_ctr"); + if (EVP_AES_128_CTR == NULL) + wolfSSL_EVP_init(); + return EVP_AES_128_CTR; + } + #endif /* WOLFSSL_AES_2128 */ + + + #ifdef WOLFSSL_AES_192 + const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_ctr(void) + { + WOLFSSL_ENTER("wolfSSL_EVP_aes_192_ctr"); + if (EVP_AES_192_CTR == NULL) + wolfSSL_EVP_init(); + return EVP_AES_192_CTR; + } + #endif /* WOLFSSL_AES_192 */ + + + #ifdef WOLFSSL_AES_256 + const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_ctr(void) + { + WOLFSSL_ENTER("wolfSSL_EVP_aes_256_ctr"); + if (EVP_AES_256_CTR == NULL) + wolfSSL_EVP_init(); + return EVP_AES_256_CTR; + } + #endif /* WOLFSSL_AES_256 */ + + #ifdef WOLFSSL_AES_128 + const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_ecb(void) + { + WOLFSSL_ENTER("wolfSSL_EVP_aes_128_ecb"); + if (EVP_AES_128_ECB == NULL) + wolfSSL_EVP_init(); + return EVP_AES_128_ECB; + } + #endif /* WOLFSSL_AES_128 */ + + + #ifdef WOLFSSL_AES_192 + const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_ecb(void) + { + WOLFSSL_ENTER("wolfSSL_EVP_aes_192_ecb"); + if (EVP_AES_192_ECB == NULL) + wolfSSL_EVP_init(); + return EVP_AES_192_ECB; + } + #endif /* WOLFSSL_AES_192*/ + + + #ifdef WOLFSSL_AES_256 + const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_ecb(void) + { + WOLFSSL_ENTER("wolfSSL_EVP_aes_256_ecb"); + if (EVP_AES_256_ECB == NULL) + wolfSSL_EVP_init(); + return EVP_AES_256_ECB; + } + #endif /* WOLFSSL_AES_256 */ + #endif /* NO_AES */ + +#ifndef NO_DES3 + const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_cbc(void) + { + WOLFSSL_ENTER("wolfSSL_EVP_des_cbc"); + if (EVP_DES_CBC == NULL) + wolfSSL_EVP_init(); + return EVP_DES_CBC; + } +#ifdef WOLFSSL_DES_ECB + const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_ecb(void) + { + WOLFSSL_ENTER("wolfSSL_EVP_des_ecb"); + if (EVP_DES_ECB == NULL) + wolfSSL_EVP_init(); + return EVP_DES_ECB; + } +#endif + const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_ede3_cbc(void) + { + WOLFSSL_ENTER("wolfSSL_EVP_des_ede3_cbc"); + if (EVP_DES_EDE3_CBC == NULL) + wolfSSL_EVP_init(); + return EVP_DES_EDE3_CBC; + } +#ifdef WOLFSSL_DES_ECB + const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_ede3_ecb(void) + { + WOLFSSL_ENTER("wolfSSL_EVP_des_ede3_ecb"); + if (EVP_DES_EDE3_ECB == NULL) + wolfSSL_EVP_init(); + return EVP_DES_EDE3_ECB; + } +#endif +#endif /* NO_DES3 */ + +#ifndef NO_RC4 + const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_rc4(void) + { + static const char* type = "ARC4"; + WOLFSSL_ENTER("wolfSSL_EVP_rc4"); + return type; + } +#endif + +#ifdef HAVE_IDEA + const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_idea_cbc(void) + { + WOLFSSL_ENTER("wolfSSL_EVP_idea_cbc"); + if (EVP_IDEA_CBC == NULL) + wolfSSL_EVP_init(); + return EVP_IDEA_CBC; + } +#endif + const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_enc_null(void) + { + static const char* type = "NULL"; + WOLFSSL_ENTER("wolfSSL_EVP_enc_null"); + return type; + } + + int wolfSSL_EVP_MD_CTX_cleanup(WOLFSSL_EVP_MD_CTX* ctx) + { + WOLFSSL_ENTER("EVP_MD_CTX_cleanup"); + if (ctx->pctx != NULL) + wolfSSL_EVP_PKEY_CTX_free(ctx->pctx); + + if (ctx->macType == (NID_hmac & 0xFF)) { + wc_HmacFree(&ctx->hash.hmac); + } + else { + switch (ctx->macType) { + #ifndef NO_MD5 + case WC_HASH_TYPE_MD5: + wc_Md5Free((wc_Md5*)&ctx->hash.digest); + break; + #endif /* !NO_MD5 */ + + #ifndef NO_SHA + case WC_HASH_TYPE_SHA: + wc_ShaFree((wc_Sha*)&ctx->hash.digest); + break; + #endif /* !NO_SHA */ + + #ifdef WOLFSSL_SHA224 + case WC_HASH_TYPE_SHA224: + wc_Sha224Free((wc_Sha224*)&ctx->hash.digest); + break; + #endif /* WOLFSSL_SHA224 */ + + #ifndef NO_SHA256 + case WC_HASH_TYPE_SHA256: + wc_Sha256Free((wc_Sha256*)&ctx->hash.digest); + break; + #endif /* !NO_SHA256 */ + + #ifdef WOLFSSL_SHA384 + case WC_HASH_TYPE_SHA384: + wc_Sha384Free((wc_Sha384*)&ctx->hash.digest); + break; + #endif /* WOLFSSL_SHA384 */ + #ifdef WOLFSSL_SHA512 + case WC_HASH_TYPE_SHA512: + wc_Sha512Free((wc_Sha512*)&ctx->hash.digest); + break; + #endif /* WOLFSSL_SHA512 */ + #ifdef WOLFSSL_SHA3 + #ifndef WOLFSSL_NOSHA3_224 + case WC_HASH_TYPE_SHA3_224: + wc_Sha3_224_Free((wc_Sha3*)&ctx->hash.digest); + break; + #endif + + #ifndef WOLFSSL_NOSHA3_256 + case WC_HASH_TYPE_SHA3_256: + wc_Sha3_256_Free((wc_Sha3*)&ctx->hash.digest); + break; + #endif + + case WC_HASH_TYPE_SHA3_384: + wc_Sha3_384_Free((wc_Sha3*)&ctx->hash.digest); + break; + + #ifndef WOLFSSL_NOSHA3_512 + case WC_HASH_TYPE_SHA3_512: + wc_Sha3_512_Free((wc_Sha3*)&ctx->hash.digest); + break; + #endif + #endif + default: + return WOLFSSL_FAILURE; + } + } + ForceZero(ctx, sizeof(*ctx)); + ctx->macType = 0xFF; + return 1; + } + + void wolfSSL_EVP_CIPHER_CTX_init(WOLFSSL_EVP_CIPHER_CTX* ctx) + { + WOLFSSL_ENTER("EVP_CIPHER_CTX_init"); + if (ctx) { + XMEMSET(ctx, 0, sizeof(WOLFSSL_EVP_CIPHER_CTX)); + ctx->cipherType = WOLFSSL_EVP_CIPH_TYPE_INIT; /* not yet initialized */ + ctx->keyLen = 0; + ctx->enc = 1; /* start in encrypt mode */ + } + } + +#if defined(HAVE_AESGCM) && !defined(HAVE_SELFTEST) + static WC_INLINE void IncCtr(byte* ctr, word32 ctrSz) + { + int i; + for (i = ctrSz-1; i >= 0; i--) { + if (++ctr[i]) + break; + } + } +#endif + + /* This function allows cipher specific parameters to be + determined and set. */ + int wolfSSL_EVP_CIPHER_CTX_ctrl(WOLFSSL_EVP_CIPHER_CTX *ctx, int type, \ + int arg, void *ptr) + { + int ret = WOLFSSL_FAILURE; +#if defined(HAVE_AESGCM) && !defined(HAVE_SELFTEST) && !defined(WC_NO_RNG) + WC_RNG rng; +#endif + if (ctx == NULL) + return WOLFSSL_FAILURE; + + (void)arg; + (void)ptr; + + WOLFSSL_ENTER("EVP_CIPHER_CTX_ctrl"); + + switch(type) { + case EVP_CTRL_INIT: + wolfSSL_EVP_CIPHER_CTX_init(ctx); + if(ctx) + ret = WOLFSSL_SUCCESS; + break; + case EVP_CTRL_SET_KEY_LENGTH: + ret = wolfSSL_EVP_CIPHER_CTX_set_key_length(ctx, arg); + break; +#if defined(HAVE_AESGCM) && !defined(HAVE_SELFTEST) && !defined(WC_NO_RNG) + case EVP_CTRL_GCM_SET_IVLEN: + if(arg <= 0 || arg > 16) + return WOLFSSL_FAILURE; + ret = wolfSSL_EVP_CIPHER_CTX_set_iv_length(ctx, arg); + break; + case EVP_CTRL_AEAD_SET_IV_FIXED: + if (arg == -1) { + /* arg == -1 copies ctx->ivSz from ptr */ + ret = wolfSSL_EVP_CIPHER_CTX_set_iv(ctx, (byte*)ptr, ctx->ivSz); + } + else { + /* + * Fixed field must be at least 4 bytes and invocation + * field at least 8. + */ + if ((arg < 4) || (ctx->ivSz - arg) < 8) { + WOLFSSL_MSG("Fixed field or invocation field too short"); + ret = WOLFSSL_FAILURE; + break; + } + if (wc_InitRng(&rng) != 0) { + WOLFSSL_MSG("wc_InitRng failed"); + ret = WOLFSSL_FAILURE; + break; + } + if (arg) { + XMEMCPY(ctx->iv, ptr, arg); + } + if (wc_RNG_GenerateBlock(&rng, ctx->iv + arg, + ctx->ivSz - arg) != 0) { + /* rng is freed immediately after if block so no need + * to do it here + */ + WOLFSSL_MSG("wc_RNG_GenerateBlock failed"); + ret = WOLFSSL_FAILURE; + } + wc_FreeRng(&rng); + } + break; +#if !defined(_WIN32) && !defined(HAVE_FIPS) + case EVP_CTRL_GCM_IV_GEN: + if (ctx->cipher.aes.keylen == 0 || ctx->ivSz == 0) { + ret = WOLFSSL_FAILURE; + WOLFSSL_MSG("Key or IV not set"); + break; + } + if ((ret = wc_AesGcmSetExtIV(&ctx->cipher.aes, ctx->iv, ctx->ivSz)) != 0) { + WOLFSSL_MSG("wc_AesGcmSetIV failed"); + ret = WOLFSSL_FAILURE; + } + /* OpenSSL increments the IV. Not sure why */ + IncCtr(ctx->iv, ctx->ivSz); + break; +#endif + case EVP_CTRL_AEAD_SET_TAG: + if(arg <= 0 || arg > 16 || (ptr == NULL)) + return WOLFSSL_FAILURE; + + XMEMCPY(ctx->authTag, ptr, arg); + ctx->authTagSz = arg; + ret = WOLFSSL_SUCCESS; + + break; + case EVP_CTRL_AEAD_GET_TAG: + if(arg <= 0 || arg > 16) + return WOLFSSL_FAILURE; + + XMEMCPY(ptr, ctx->authTag, arg); + ret = WOLFSSL_SUCCESS; + break; +#endif /* HAVE_AESGCM && !HAVE_SELFTEST && !WC_NO_RNG */ + default: + WOLFSSL_MSG("EVP_CIPHER_CTX_ctrl operation not yet handled"); + ret = WOLFSSL_FAILURE; + } + return ret; + } + + /* WOLFSSL_SUCCESS on ok */ + int wolfSSL_EVP_CIPHER_CTX_cleanup(WOLFSSL_EVP_CIPHER_CTX* ctx) + { + WOLFSSL_ENTER("EVP_CIPHER_CTX_cleanup"); + if (ctx) { + ctx->cipherType = WOLFSSL_EVP_CIPH_TYPE_INIT; /* not yet initialized */ + ctx->keyLen = 0; + } + + return WOLFSSL_SUCCESS; + } + + /* Permanent stub for Qt compilation. */ + #if defined(WOLFSSL_QT) && !defined(NO_WOLFSSL_STUB) + const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_rc2_cbc(void) + { + WOLFSSL_ENTER("wolfSSL_EVP_rc2_cbc"); + WOLFSSL_STUB("EVP_rc2_cbc"); + return NULL; + } + #endif + +#if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_PWDBASED) + + int wolfSSL_EVP_BytesToKey(const WOLFSSL_EVP_CIPHER* type, + const WOLFSSL_EVP_MD* md, const byte* salt, + const byte* data, int sz, int count, byte* key, byte* iv) + { + int ret; + int hashType = WC_HASH_TYPE_NONE; + #ifdef WOLFSSL_SMALL_STACK + EncryptedInfo* info; + #else + EncryptedInfo info[1]; + #endif + + #ifdef WOLFSSL_SMALL_STACK + info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL, + DYNAMIC_TYPE_ENCRYPTEDINFO); + if (info == NULL) { + WOLFSSL_MSG("malloc failed"); + return WOLFSSL_FAILURE; + } + #endif + + XMEMSET(info, 0, sizeof(EncryptedInfo)); + + ret = wc_EncryptedInfoGet(info, type); + if (ret < 0) + goto end; + + if (data == NULL) { + ret = info->keySz; + goto end; + } + + ret = wolfSSL_EVP_get_hashinfo(md, &hashType, NULL); + if (ret == WOLFSSL_FAILURE) + goto end; + + ret = wc_PBKDF1_ex(key, info->keySz, iv, info->ivSz, data, sz, salt, + EVP_SALT_SIZE, count, hashType, NULL); + if (ret == 0) + ret = info->keySz; + + end: + #ifdef WOLFSSL_SMALL_STACK + XFREE(info, NULL, DYNAMIC_TYPE_ENCRYPTEDINFO); + #endif + if (ret < 0) + return 0; /* failure - for compatibility */ + + return ret; + } + +#endif /* WOLFSSL_ENCRYPTED_KEYS && !NO_PWDBASED */ + +#ifndef NO_AES + static int AesSetKey_ex(Aes* aes, const byte* key, word32 len, + const byte* iv, int dir, int direct) + { + int ret; + /* wc_AesSetKey clear aes.reg if iv == NULL. + Keep IV for openSSL compatibility */ + if (iv == NULL) + XMEMCPY((byte *)aes->tmp, (byte *)aes->reg, AES_BLOCK_SIZE); + if (direct) { + #if defined(WOLFSSL_AES_DIRECT) + ret = wc_AesSetKeyDirect(aes, key, len, iv, dir); + #else + ret = NOT_COMPILED_IN; + #endif + } + else { + ret = wc_AesSetKey(aes, key, len, iv, dir); + } + if (iv == NULL) + XMEMCPY((byte *)aes->reg, (byte *)aes->tmp, AES_BLOCK_SIZE); + return ret; + } +#endif + + /* return WOLFSSL_SUCCESS on ok, 0 on failure to match API compatibility */ + int wolfSSL_EVP_CipherInit(WOLFSSL_EVP_CIPHER_CTX* ctx, + const WOLFSSL_EVP_CIPHER* type, const byte* key, + const byte* iv, int enc) + { + int ret = 0; + (void)key; + (void)iv; + (void)enc; + + WOLFSSL_ENTER("wolfSSL_EVP_CipherInit"); + if (ctx == NULL) { + WOLFSSL_MSG("no ctx"); + return 0; /* failure */ + } + + if (type == NULL && ctx->cipherType == WOLFSSL_EVP_CIPH_TYPE_INIT) { + WOLFSSL_MSG("no type set"); + return 0; /* failure */ + } + if (ctx->cipherType == WOLFSSL_EVP_CIPH_TYPE_INIT){ + /* only first EVP_CipherInit invoke. ctx->cipherType is set below */ + XMEMSET(&ctx->cipher, 0, sizeof(ctx->cipher)); + ctx->flags = 0; + } + /* always clear buffer state */ + ctx->bufUsed = 0; + ctx->lastUsed = 0; + +#ifdef HAVE_WOLFSSL_EVP_CIPHER_CTX_IV + if (!iv && ctx->ivSz) { + iv = ctx->iv; + } +#endif + +#ifndef NO_AES + #ifdef HAVE_AES_CBC + #ifdef WOLFSSL_AES_128 + if (ctx->cipherType == AES_128_CBC_TYPE || + (type && XSTRNCMP(type, EVP_AES_128_CBC, EVP_AES_SIZE) == 0)) { + WOLFSSL_MSG("EVP_AES_128_CBC"); + ctx->cipherType = AES_128_CBC_TYPE; + ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; + ctx->flags |= WOLFSSL_EVP_CIPH_CBC_MODE; + ctx->keyLen = 16; + ctx->block_size = AES_BLOCK_SIZE; + ctx->ivSz = AES_BLOCK_SIZE; + if (enc == 0 || enc == 1) + ctx->enc = enc ? 1 : 0; + if (key) { + ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, + ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION, 0); + if (ret != 0) + return ret; + } + if (iv && key == NULL) { + ret = wc_AesSetIV(&ctx->cipher.aes, iv); + if (ret != 0) + return ret; + } + } + #endif /* WOLFSSL_AES_128 */ + #ifdef WOLFSSL_AES_192 + if (ctx->cipherType == AES_192_CBC_TYPE || + (type && XSTRNCMP(type, EVP_AES_192_CBC, EVP_AES_SIZE) == 0)) { + WOLFSSL_MSG("EVP_AES_192_CBC"); + ctx->cipherType = AES_192_CBC_TYPE; + ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; + ctx->flags |= WOLFSSL_EVP_CIPH_CBC_MODE; + ctx->keyLen = 24; + ctx->block_size = AES_BLOCK_SIZE; + ctx->ivSz = AES_BLOCK_SIZE; + if (enc == 0 || enc == 1) + ctx->enc = enc ? 1 : 0; + if (key) { + ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, + ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION, 0); + if (ret != 0) + return ret; + } + if (iv && key == NULL) { + ret = wc_AesSetIV(&ctx->cipher.aes, iv); + if (ret != 0) + return ret; + } + } + #endif /* WOLFSSL_AES_192 */ + #ifdef WOLFSSL_AES_256 + if (ctx->cipherType == AES_256_CBC_TYPE || + (type && XSTRNCMP(type, EVP_AES_256_CBC, EVP_AES_SIZE) == 0)) { + WOLFSSL_MSG("EVP_AES_256_CBC"); + ctx->cipherType = AES_256_CBC_TYPE; + ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; + ctx->flags |= WOLFSSL_EVP_CIPH_CBC_MODE; + ctx->keyLen = 32; + ctx->block_size = AES_BLOCK_SIZE; + ctx->ivSz = AES_BLOCK_SIZE; + if (enc == 0 || enc == 1) + ctx->enc = enc ? 1 : 0; + if (key) { + ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, + ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION, 0); + if (ret != 0){ + WOLFSSL_MSG("AesSetKey() failed"); + return ret; + } + } + if (iv && key == NULL) { + ret = wc_AesSetIV(&ctx->cipher.aes, iv); + if (ret != 0){ + WOLFSSL_MSG("wc_AesSetIV() failed"); + return ret; + } + } + } + #endif /* WOLFSSL_AES_256 */ + #endif /* HAVE_AES_CBC */ + #ifdef HAVE_AESGCM + #ifdef WOLFSSL_AES_128 + if (ctx->cipherType == AES_128_GCM_TYPE || + (type && XSTRNCMP(type, EVP_AES_128_GCM, EVP_AES_SIZE) == 0)) { + WOLFSSL_MSG("EVP_AES_128_GCM"); + ctx->cipherType = AES_128_GCM_TYPE; + ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; + ctx->flags |= WOLFSSL_EVP_CIPH_GCM_MODE; + ctx->keyLen = 16; + ctx->block_size = AES_BLOCK_SIZE; + ctx->authTagSz = AES_BLOCK_SIZE; + ctx->ivSz = GCM_NONCE_MID_SZ; + + XMEMSET(ctx->authTag, 0, ctx->authTagSz); + if (iv) + XMEMCPY(ctx->iv, iv, ctx->ivSz); + else + XMEMSET(ctx->iv, 0, AES_BLOCK_SIZE); + if (enc == 0 || enc == 1) + ctx->enc = enc ? 1 : 0; + if (key) { + ret = wc_AesGcmSetKey(&ctx->cipher.aes, key, ctx->keyLen); + if (ret != 0) + return ret; + } + } + #endif /* WOLFSSL_AES_128 */ + #ifdef WOLFSSL_AES_192 + if (ctx->cipherType == AES_192_GCM_TYPE || + (type && XSTRNCMP(type, EVP_AES_192_GCM, EVP_AES_SIZE) == 0)) { + WOLFSSL_MSG("EVP_AES_192_GCM"); + ctx->cipherType = AES_192_GCM_TYPE; + ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; + ctx->flags |= WOLFSSL_EVP_CIPH_GCM_MODE; + ctx->keyLen = 24; + ctx->block_size = AES_BLOCK_SIZE; + ctx->authTagSz = AES_BLOCK_SIZE; + ctx->ivSz = GCM_NONCE_MID_SZ; + + XMEMSET(ctx->authTag, 0, ctx->authTagSz); + if (iv) + XMEMCPY(ctx->iv, iv, ctx->ivSz); + else + XMEMSET(ctx->iv, 0, AES_BLOCK_SIZE); + if (enc == 0 || enc == 1) + ctx->enc = enc ? 1 : 0; + if (key) { + ret = wc_AesGcmSetKey(&ctx->cipher.aes, key, ctx->keyLen); + if (ret != 0) + return ret; + } + } + #endif /* WOLFSSL_AES_192 */ + #ifdef WOLFSSL_AES_256 + if (ctx->cipherType == AES_256_GCM_TYPE || + (type && XSTRNCMP(type, EVP_AES_256_GCM, EVP_AES_SIZE) == 0)) { + WOLFSSL_MSG("EVP_AES_256_GCM"); + ctx->cipherType = AES_256_GCM_TYPE; + ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; + ctx->flags |= WOLFSSL_EVP_CIPH_GCM_MODE; + ctx->keyLen = 32; + ctx->block_size = AES_BLOCK_SIZE; + ctx->authTagSz = AES_BLOCK_SIZE; + ctx->ivSz = GCM_NONCE_MID_SZ; + + XMEMSET(ctx->authTag, 0, ctx->authTagSz); + if (iv) + XMEMCPY(ctx->iv, iv, ctx->ivSz); + else + XMEMSET(ctx->iv, 0, AES_BLOCK_SIZE); + if (enc == 0 || enc == 1) + ctx->enc = enc ? 1 : 0; + if (key) { + ret = wc_AesGcmSetKey(&ctx->cipher.aes, key, ctx->keyLen); + if (ret != 0){ + WOLFSSL_MSG("AesSetKey() failed"); + return ret; + } + } + } + #endif /* WOLFSSL_AES_256 */ + #endif /* HAVE_AESGCM */ +#ifdef WOLFSSL_AES_COUNTER + #ifdef WOLFSSL_AES_128 + if (ctx->cipherType == AES_128_CTR_TYPE || + (type && XSTRNCMP(type, EVP_AES_128_CTR, EVP_AES_SIZE) == 0)) { + WOLFSSL_MSG("EVP_AES_128_CTR"); + ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; + ctx->cipherType = AES_128_CTR_TYPE; + ctx->flags |= WOLFSSL_EVP_CIPH_CTR_MODE; + ctx->keyLen = 16; + ctx->block_size = NO_PADDING_BLOCK_SIZE; + ctx->ivSz = AES_BLOCK_SIZE; +#if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) + ctx->cipher.aes.left = 0; +#endif + if (enc == 0 || enc == 1) + ctx->enc = enc ? 1 : 0; + if (key) { + ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, + AES_ENCRYPTION, 1); + if (ret != 0) + return ret; + } + if (iv && key == NULL) { + ret = wc_AesSetIV(&ctx->cipher.aes, iv); + if (ret != 0) + return ret; + } + } + #endif /* WOLFSSL_AES_128 */ + #ifdef WOLFSSL_AES_192 + if (ctx->cipherType == AES_192_CTR_TYPE || + (type && XSTRNCMP(type, EVP_AES_192_CTR, EVP_AES_SIZE) == 0)) { + WOLFSSL_MSG("EVP_AES_192_CTR"); + ctx->cipherType = AES_192_CTR_TYPE; + ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; + ctx->flags |= WOLFSSL_EVP_CIPH_CTR_MODE; + ctx->keyLen = 24; + ctx->block_size = NO_PADDING_BLOCK_SIZE; + ctx->ivSz = AES_BLOCK_SIZE; +#if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) + ctx->cipher.aes.left = 0; +#endif + if (enc == 0 || enc == 1) + ctx->enc = enc ? 1 : 0; + if (key) { + ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, + AES_ENCRYPTION, 1); + if (ret != 0) + return ret; + } + if (iv && key == NULL) { + ret = wc_AesSetIV(&ctx->cipher.aes, iv); + if (ret != 0) + return ret; + } + } + #endif /* WOLFSSL_AES_192 */ + #ifdef WOLFSSL_AES_256 + if (ctx->cipherType == AES_256_CTR_TYPE || + (type && XSTRNCMP(type, EVP_AES_256_CTR, EVP_AES_SIZE) == 0)) { + WOLFSSL_MSG("EVP_AES_256_CTR"); + ctx->cipherType = AES_256_CTR_TYPE; + ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; + ctx->flags |= WOLFSSL_EVP_CIPH_CTR_MODE; + ctx->keyLen = 32; + ctx->block_size = NO_PADDING_BLOCK_SIZE; + ctx->ivSz = AES_BLOCK_SIZE; +#if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) + ctx->cipher.aes.left = 0; +#endif + if (enc == 0 || enc == 1) + ctx->enc = enc ? 1 : 0; + if (key) { + ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, + AES_ENCRYPTION, 1); + if (ret != 0) + return ret; + } + if (iv && key == NULL) { + ret = wc_AesSetIV(&ctx->cipher.aes, iv); + if (ret != 0) + return ret; + } + } + #endif /* WOLFSSL_AES_256 */ +#endif /* WOLFSSL_AES_COUNTER */ + #ifdef WOLFSSL_AES_128 + if (ctx->cipherType == AES_128_ECB_TYPE || + (type && XSTRNCMP(type, EVP_AES_128_ECB, EVP_AES_SIZE) == 0)) { + WOLFSSL_MSG("EVP_AES_128_ECB"); + ctx->cipherType = AES_128_ECB_TYPE; + ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; + ctx->flags |= WOLFSSL_EVP_CIPH_ECB_MODE; + ctx->keyLen = 16; + ctx->block_size = AES_BLOCK_SIZE; + if (enc == 0 || enc == 1) + ctx->enc = enc ? 1 : 0; + if (key) { + ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, NULL, + ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION, 1); + } + if (ret != 0) + return ret; + } + #endif /* WOLFSSL_AES_128 */ + #ifdef WOLFSSL_AES_192 + if (ctx->cipherType == AES_192_ECB_TYPE || + (type && XSTRNCMP(type, EVP_AES_192_ECB, EVP_AES_SIZE) == 0)) { + WOLFSSL_MSG("EVP_AES_192_ECB"); + ctx->cipherType = AES_192_ECB_TYPE; + ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; + ctx->flags |= WOLFSSL_EVP_CIPH_ECB_MODE; + ctx->keyLen = 24; + ctx->block_size = AES_BLOCK_SIZE; + if (enc == 0 || enc == 1) + ctx->enc = enc ? 1 : 0; + if (key) { + ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, NULL, + ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION, 1); + } + if (ret != 0) + return ret; + } + #endif /* WOLFSSL_AES_192 */ + #ifdef WOLFSSL_AES_256 + if (ctx->cipherType == AES_256_ECB_TYPE || + (type && XSTRNCMP(type, EVP_AES_256_ECB, EVP_AES_SIZE) == 0)) { + WOLFSSL_MSG("EVP_AES_256_ECB"); + ctx->cipherType = AES_256_ECB_TYPE; + ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; + ctx->flags |= WOLFSSL_EVP_CIPH_ECB_MODE; + ctx->keyLen = 32; + ctx->block_size = AES_BLOCK_SIZE; + if (enc == 0 || enc == 1) + ctx->enc = enc ? 1 : 0; + if (key) { + ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, NULL, + ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION, 1); + } + if (ret != 0) + return ret; + } + #endif /* WOLFSSL_AES_256 */ + #ifdef WOLFSSL_AES_CFB + #ifdef WOLFSSL_AES_128 + if (ctx->cipherType == AES_128_CFB1_TYPE || + (type && XSTRNCMP(type, EVP_AES_128_CFB1, EVP_AESCFB_SIZE) == 0)) { + WOLFSSL_MSG("EVP_AES_128_CFB1"); + ctx->cipherType = AES_128_CFB1_TYPE; + ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; + ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE; + ctx->keyLen = 16; + ctx->block_size = 1; + if (enc == 0 || enc == 1) + ctx->enc = enc ? 1 : 0; + if (key) { + ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, + AES_ENCRYPTION, 0); + if (ret != 0) + return ret; + } + if (iv && key == NULL) { + ret = wc_AesSetIV(&ctx->cipher.aes, iv); + if (ret != 0) + return ret; + } + } + #endif /* WOLFSSL_AES_128 */ + #ifdef WOLFSSL_AES_192 + if (ctx->cipherType == AES_192_CFB1_TYPE || + (type && XSTRNCMP(type, EVP_AES_192_CFB1, EVP_AESCFB_SIZE) == 0)) { + WOLFSSL_MSG("EVP_AES_192_CFB1"); + ctx->cipherType = AES_192_CFB1_TYPE; + ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; + ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE; + ctx->keyLen = 24; + ctx->block_size = 1; + if (enc == 0 || enc == 1) + ctx->enc = enc ? 1 : 0; + if (key) { + ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, + AES_ENCRYPTION, 0); + if (ret != 0) + return ret; + } + if (iv && key == NULL) { + ret = wc_AesSetIV(&ctx->cipher.aes, iv); + if (ret != 0) + return ret; + } + } + #endif /* WOLFSSL_AES_192 */ + #ifdef WOLFSSL_AES_256 + if (ctx->cipherType == AES_256_CFB1_TYPE || + (type && XSTRNCMP(type, EVP_AES_256_CFB1, EVP_AESCFB_SIZE) == 0)) { + WOLFSSL_MSG("EVP_AES_256_CFB1"); + ctx->cipherType = AES_256_CFB1_TYPE; + ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; + ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE; + ctx->keyLen = 32; + ctx->block_size = 1; + if (enc == 0 || enc == 1) + ctx->enc = enc ? 1 : 0; + if (key) { + ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, + AES_ENCRYPTION, 0); + if (ret != 0){ + WOLFSSL_MSG("AesSetKey() failed"); + return ret; + } + } + if (iv && key == NULL) { + ret = wc_AesSetIV(&ctx->cipher.aes, iv); + if (ret != 0){ + WOLFSSL_MSG("wc_AesSetIV() failed"); + return ret; + } + } + } + #endif /* WOLFSSL_AES_256 */ + #ifdef WOLFSSL_AES_128 + if (ctx->cipherType == AES_128_CFB8_TYPE || + (type && XSTRNCMP(type, EVP_AES_128_CFB8, EVP_AESCFB_SIZE) == 0)) { + WOLFSSL_MSG("EVP_AES_128_CFB8"); + ctx->cipherType = AES_128_CFB8_TYPE; + ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; + ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE; + ctx->keyLen = 16; + ctx->block_size = 1; + if (enc == 0 || enc == 1) + ctx->enc = enc ? 1 : 0; + if (key) { + ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, + AES_ENCRYPTION, 0); + if (ret != 0) + return ret; + } + if (iv && key == NULL) { + ret = wc_AesSetIV(&ctx->cipher.aes, iv); + if (ret != 0) + return ret; + } + } + #endif /* WOLFSSL_AES_128 */ + #ifdef WOLFSSL_AES_192 + if (ctx->cipherType == AES_192_CFB8_TYPE || + (type && XSTRNCMP(type, EVP_AES_192_CFB8, EVP_AESCFB_SIZE) == 0)) { + WOLFSSL_MSG("EVP_AES_192_CFB8"); + ctx->cipherType = AES_192_CFB8_TYPE; + ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; + ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE; + ctx->keyLen = 24; + ctx->block_size = 1; + if (enc == 0 || enc == 1) + ctx->enc = enc ? 1 : 0; + if (key) { + ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, + AES_ENCRYPTION, 0); + if (ret != 0) + return ret; + } + if (iv && key == NULL) { + ret = wc_AesSetIV(&ctx->cipher.aes, iv); + if (ret != 0) + return ret; + } + } + #endif /* WOLFSSL_AES_192 */ + #ifdef WOLFSSL_AES_256 + if (ctx->cipherType == AES_256_CFB8_TYPE || + (type && XSTRNCMP(type, EVP_AES_256_CFB8, EVP_AESCFB_SIZE) == 0)) { + WOLFSSL_MSG("EVP_AES_256_CFB8"); + ctx->cipherType = AES_256_CFB8_TYPE; + ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; + ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE; + ctx->keyLen = 32; + ctx->block_size = 1; + if (enc == 0 || enc == 1) + ctx->enc = enc ? 1 : 0; + if (key) { + ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, + AES_ENCRYPTION, 0); + if (ret != 0){ + WOLFSSL_MSG("AesSetKey() failed"); + return ret; + } + } + if (iv && key == NULL) { + ret = wc_AesSetIV(&ctx->cipher.aes, iv); + if (ret != 0){ + WOLFSSL_MSG("wc_AesSetIV() failed"); + return ret; + } + } + } + #endif /* WOLFSSL_AES_256 */ + #ifdef WOLFSSL_AES_128 + if (ctx->cipherType == AES_128_CFB128_TYPE || + (type && XSTRNCMP(type, EVP_AES_128_CFB128, EVP_AESCFB_SIZE) == 0)) { + WOLFSSL_MSG("EVP_AES_128_CFB128"); + ctx->cipherType = AES_128_CFB128_TYPE; + ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; + ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE; + ctx->keyLen = 16; + ctx->block_size = 1; + if (enc == 0 || enc == 1) + ctx->enc = enc ? 1 : 0; + if (key) { + ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, + AES_ENCRYPTION, 0); + if (ret != 0) + return ret; + } + if (iv && key == NULL) { + ret = wc_AesSetIV(&ctx->cipher.aes, iv); + if (ret != 0) + return ret; + } + } + #endif /* WOLFSSL_AES_128 */ + #ifdef WOLFSSL_AES_192 + if (ctx->cipherType == AES_192_CFB128_TYPE || + (type && XSTRNCMP(type, EVP_AES_192_CFB128, EVP_AESCFB_SIZE) == 0)) { + WOLFSSL_MSG("EVP_AES_192_CFB128"); + ctx->cipherType = AES_192_CFB128_TYPE; + ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; + ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE; + ctx->keyLen = 24; + ctx->block_size = 1; + if (enc == 0 || enc == 1) + ctx->enc = enc ? 1 : 0; + if (key) { + ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, + AES_ENCRYPTION, 0); + if (ret != 0) + return ret; + } + if (iv && key == NULL) { + ret = wc_AesSetIV(&ctx->cipher.aes, iv); + if (ret != 0) + return ret; + } + } + #endif /* WOLFSSL_AES_192 */ + #ifdef WOLFSSL_AES_256 + if (ctx->cipherType == AES_256_CFB128_TYPE || + (type && XSTRNCMP(type, EVP_AES_256_CFB128, EVP_AESCFB_SIZE) == 0)) { + WOLFSSL_MSG("EVP_AES_256_CFB128"); + ctx->cipherType = AES_256_CFB128_TYPE; + ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; + ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE; + ctx->keyLen = 32; + ctx->block_size = 1; + if (enc == 0 || enc == 1) + ctx->enc = enc ? 1 : 0; + if (key) { + ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, + AES_ENCRYPTION, 0); + if (ret != 0){ + WOLFSSL_MSG("AesSetKey() failed"); + return ret; + } + } + if (iv && key == NULL) { + ret = wc_AesSetIV(&ctx->cipher.aes, iv); + if (ret != 0){ + WOLFSSL_MSG("wc_AesSetIV() failed"); + return ret; + } + } + } + #endif /* WOLFSSL_AES_256 */ + #endif /* HAVE_AES_CFB */ + #ifdef WOLFSSL_AES_OFB + #ifdef WOLFSSL_AES_128 + if (ctx->cipherType == AES_128_OFB_TYPE || + (type && XSTRNCMP(type, EVP_AES_128_OFB, EVP_AES_SIZE) == 0)) { + WOLFSSL_MSG("EVP_AES_128_OFB"); + ctx->cipherType = AES_128_OFB_TYPE; + ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; + ctx->flags |= WOLFSSL_EVP_CIPH_OFB_MODE; + ctx->keyLen = 16; + ctx->block_size = 1; + if (enc == 0 || enc == 1) + ctx->enc = enc ? 1 : 0; + if (key) { + ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, + AES_ENCRYPTION, 0); + if (ret != 0) + return ret; + } + if (iv && key == NULL) { + ret = wc_AesSetIV(&ctx->cipher.aes, iv); + if (ret != 0) + return ret; + } + } + #endif /* WOLFSSL_AES_128 */ + #ifdef WOLFSSL_AES_192 + if (ctx->cipherType == AES_192_OFB_TYPE || + (type && XSTRNCMP(type, EVP_AES_192_OFB, EVP_AES_SIZE) == 0)) { + WOLFSSL_MSG("EVP_AES_192_OFB"); + ctx->cipherType = AES_192_OFB_TYPE; + ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; + ctx->flags |= WOLFSSL_EVP_CIPH_OFB_MODE; + ctx->keyLen = 24; + ctx->block_size = 1; + if (enc == 0 || enc == 1) + ctx->enc = enc ? 1 : 0; + if (key) { + ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, + AES_ENCRYPTION, 0); + if (ret != 0) + return ret; + } + if (iv && key == NULL) { + ret = wc_AesSetIV(&ctx->cipher.aes, iv); + if (ret != 0) + return ret; + } + } + #endif /* WOLFSSL_AES_192 */ + #ifdef WOLFSSL_AES_256 + if (ctx->cipherType == AES_256_OFB_TYPE || + (type && XSTRNCMP(type, EVP_AES_256_OFB, EVP_AES_SIZE) == 0)) { + WOLFSSL_MSG("EVP_AES_256_OFB"); + ctx->cipherType = AES_256_OFB_TYPE; + ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; + ctx->flags |= WOLFSSL_EVP_CIPH_OFB_MODE; + ctx->keyLen = 32; + ctx->block_size = 1; + if (enc == 0 || enc == 1) + ctx->enc = enc ? 1 : 0; + if (key) { + ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, + AES_ENCRYPTION, 0); + if (ret != 0){ + WOLFSSL_MSG("AesSetKey() failed"); + return ret; + } + } + if (iv && key == NULL) { + ret = wc_AesSetIV(&ctx->cipher.aes, iv); + if (ret != 0){ + WOLFSSL_MSG("wc_AesSetIV() failed"); + return ret; + } + } + } + #endif /* WOLFSSL_AES_256 */ + #endif /* HAVE_AES_OFB */ + #ifdef WOLFSSL_AES_XTS + #ifdef WOLFSSL_AES_128 + if (ctx->cipherType == AES_128_XTS_TYPE || + (type && XSTRNCMP(type, EVP_AES_128_XTS, EVP_AES_SIZE) == 0)) { + WOLFSSL_MSG("EVP_AES_128_XTS"); + ctx->cipherType = AES_128_XTS_TYPE; + ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; + ctx->flags |= WOLFSSL_EVP_CIPH_XTS_MODE; + ctx->keyLen = 32; + ctx->block_size = 1; + ctx->ivSz = AES_BLOCK_SIZE; + + if (iv != NULL) { + if (iv != ctx->iv) /* Valgrind error when src == dst */ + XMEMCPY(ctx->iv, iv, ctx->ivSz); + } + else + XMEMSET(ctx->iv, 0, AES_BLOCK_SIZE); + + if (enc == 0 || enc == 1) + ctx->enc = enc ? 1 : 0; + if (key) { + ret = wc_AesXtsSetKey(&ctx->cipher.xts, key, ctx->keyLen, + ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION, NULL, 0); + if (ret != 0) { + WOLFSSL_MSG("wc_AesXtsSetKey() failed"); + return ret; + } + } + } + #endif /* WOLFSSL_AES_128 */ + #ifdef WOLFSSL_AES_256 + if (ctx->cipherType == AES_256_XTS_TYPE || + (type && XSTRNCMP(type, EVP_AES_256_XTS, EVP_AES_SIZE) == 0)) { + WOLFSSL_MSG("EVP_AES_256_XTS"); + ctx->cipherType = AES_256_XTS_TYPE; + ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; + ctx->flags |= WOLFSSL_EVP_CIPH_XTS_MODE; + ctx->keyLen = 64; + ctx->block_size = 1; + ctx->ivSz = AES_BLOCK_SIZE; + + if (iv != NULL) { + if (iv != ctx->iv) /* Valgrind error when src == dst */ + XMEMCPY(ctx->iv, iv, ctx->ivSz); + } + else + XMEMSET(ctx->iv, 0, AES_BLOCK_SIZE); + + if (enc == 0 || enc == 1) + ctx->enc = enc ? 1 : 0; + if (key) { + ret = wc_AesXtsSetKey(&ctx->cipher.xts, key, ctx->keyLen, + ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION, NULL, 0); + if (ret != 0) { + WOLFSSL_MSG("wc_AesXtsSetKey() failed"); + return ret; + } + } + } + #endif /* WOLFSSL_AES_256 */ + #endif /* HAVE_AES_XTS */ +#endif /* NO_AES */ + +#ifndef NO_DES3 + if (ctx->cipherType == DES_CBC_TYPE || + (type && XSTRNCMP(type, EVP_DES_CBC, EVP_DES_SIZE) == 0)) { + WOLFSSL_MSG("EVP_DES_CBC"); + ctx->cipherType = DES_CBC_TYPE; + ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; + ctx->flags |= WOLFSSL_EVP_CIPH_CBC_MODE; + ctx->keyLen = 8; + ctx->block_size = DES_BLOCK_SIZE; + ctx->ivSz = DES_BLOCK_SIZE; + if (enc == 0 || enc == 1) + ctx->enc = enc ? 1 : 0; + if (key) { + ret = wc_Des_SetKey(&ctx->cipher.des, key, iv, + ctx->enc ? DES_ENCRYPTION : DES_DECRYPTION); + if (ret != 0) + return ret; + } + + if (iv && key == NULL) + wc_Des_SetIV(&ctx->cipher.des, iv); + } +#ifdef WOLFSSL_DES_ECB + else if (ctx->cipherType == DES_ECB_TYPE || + (type && XSTRNCMP(type, EVP_DES_ECB, EVP_DES_SIZE) == 0)) { + WOLFSSL_MSG("EVP_DES_ECB"); + ctx->cipherType = DES_ECB_TYPE; + ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; + ctx->flags |= WOLFSSL_EVP_CIPH_ECB_MODE; + ctx->keyLen = 8; + ctx->block_size = DES_BLOCK_SIZE; + if (enc == 0 || enc == 1) + ctx->enc = enc ? 1 : 0; + if (key) { + WOLFSSL_MSG("Des_SetKey"); + ret = wc_Des_SetKey(&ctx->cipher.des, key, NULL, + ctx->enc ? DES_ENCRYPTION : DES_DECRYPTION); + if (ret != 0) + return ret; + } + } +#endif + else if (ctx->cipherType == DES_EDE3_CBC_TYPE || + (type && + XSTRNCMP(type, EVP_DES_EDE3_CBC, EVP_DES_EDE3_SIZE) == 0)) { + WOLFSSL_MSG("EVP_DES_EDE3_CBC"); + ctx->cipherType = DES_EDE3_CBC_TYPE; + ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; + ctx->flags |= WOLFSSL_EVP_CIPH_CBC_MODE; + ctx->keyLen = 24; + ctx->block_size = DES_BLOCK_SIZE; + ctx->ivSz = DES_BLOCK_SIZE; + if (enc == 0 || enc == 1) + ctx->enc = enc ? 1 : 0; + if (key) { + ret = wc_Des3_SetKey(&ctx->cipher.des3, key, iv, + ctx->enc ? DES_ENCRYPTION : DES_DECRYPTION); + if (ret != 0) + return ret; + } + + if (iv && key == NULL) { + ret = wc_Des3_SetIV(&ctx->cipher.des3, iv); + if (ret != 0) + return ret; + } + } + else if (ctx->cipherType == DES_EDE3_ECB_TYPE || + (type && + XSTRNCMP(type, EVP_DES_EDE3_ECB, EVP_DES_EDE3_SIZE) == 0)) { + WOLFSSL_MSG("EVP_DES_EDE3_ECB"); + ctx->cipherType = DES_EDE3_ECB_TYPE; + ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; + ctx->flags |= WOLFSSL_EVP_CIPH_ECB_MODE; + ctx->keyLen = 24; + ctx->block_size = DES_BLOCK_SIZE; + if (enc == 0 || enc == 1) + ctx->enc = enc ? 1 : 0; + if (key) { + ret = wc_Des3_SetKey(&ctx->cipher.des3, key, NULL, + ctx->enc ? DES_ENCRYPTION : DES_DECRYPTION); + if (ret != 0) + return ret; + } + } +#endif /* NO_DES3 */ +#ifndef NO_RC4 + if (ctx->cipherType == ARC4_TYPE || (type && + XSTRNCMP(type, "ARC4", 4) == 0)) { + WOLFSSL_MSG("ARC4"); + ctx->cipherType = ARC4_TYPE; + ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; + ctx->flags |= WOLFSSL_EVP_CIPH_STREAM_CIPHER; + ctx->block_size = 1; + if (ctx->keyLen == 0) /* user may have already set */ + ctx->keyLen = 16; /* default to 128 */ + if (key) + wc_Arc4SetKey(&ctx->cipher.arc4, key, ctx->keyLen); + } +#endif /* NO_RC4 */ +#ifdef HAVE_IDEA + if (ctx->cipherType == IDEA_CBC_TYPE || + (type && XSTRNCMP(type, EVP_IDEA_CBC, EVP_IDEA_SIZE) == 0)) { + WOLFSSL_MSG("EVP_IDEA_CBC"); + ctx->cipherType = IDEA_CBC_TYPE; + ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; + ctx->flags |= WOLFSSL_EVP_CIPH_CBC_MODE; + ctx->keyLen = IDEA_KEY_SIZE; + ctx->block_size = 8; + ctx->ivSz = IDEA_BLOCK_SIZE; + if (enc == 0 || enc == 1) + ctx->enc = enc ? 1 : 0; + if (key) { + ret = wc_IdeaSetKey(&ctx->cipher.idea, key, (word16)ctx->keyLen, + iv, ctx->enc ? IDEA_ENCRYPTION : + IDEA_DECRYPTION); + if (ret != 0) + return ret; + } + + if (iv && key == NULL) + wc_IdeaSetIV(&ctx->cipher.idea, iv); + } +#endif /* HAVE_IDEA */ + if (ctx->cipherType == NULL_CIPHER_TYPE || (type && + XSTRNCMP(type, "NULL", 4) == 0)) { + WOLFSSL_MSG("NULL cipher"); + ctx->cipherType = NULL_CIPHER_TYPE; + ctx->keyLen = 0; + ctx->block_size = 16; + } +#ifdef HAVE_WOLFSSL_EVP_CIPHER_CTX_IV + if (iv && iv != ctx->iv) { + if (wolfSSL_StoreExternalIV(ctx) != WOLFSSL_SUCCESS) { + return WOLFSSL_FAILURE; + } + } +#endif + (void)ret; /* remove warning. If execution reaches this point, ret=0 */ + return WOLFSSL_SUCCESS; + } + + + /* WOLFSSL_SUCCESS on ok */ + int wolfSSL_EVP_CIPHER_CTX_key_length(WOLFSSL_EVP_CIPHER_CTX* ctx) + { + WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_key_length"); + if (ctx) + return ctx->keyLen; + + return 0; /* failure */ + } + + + /* WOLFSSL_SUCCESS on ok */ + int wolfSSL_EVP_CIPHER_CTX_set_key_length(WOLFSSL_EVP_CIPHER_CTX* ctx, + int keylen) + { + WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_set_key_length"); + if (ctx) + ctx->keyLen = keylen; + else + return 0; /* failure */ + + return WOLFSSL_SUCCESS; + } +#if defined(HAVE_AESGCM) + /* returns WOLFSSL_SUCCESS on success, otherwise returns WOLFSSL_FAILURE */ + int wolfSSL_EVP_CIPHER_CTX_set_iv_length(WOLFSSL_EVP_CIPHER_CTX* ctx, + int ivLen) + { + WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_set_iv_length"); + if (ctx) + ctx->ivSz= ivLen; + else + return WOLFSSL_FAILURE; + + return WOLFSSL_SUCCESS; + } + + /* returns WOLFSSL_SUCCESS on success, otherwise returns WOLFSSL_FAILURE */ + int wolfSSL_EVP_CIPHER_CTX_set_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* iv, + int ivLen) + { + int expectedIvLen; + + WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_set_iv_length"); + if (!ctx || !iv || !ivLen) { + return WOLFSSL_FAILURE; + } + + expectedIvLen = wolfSSL_EVP_CIPHER_CTX_iv_length(ctx); + + if (expectedIvLen == 0 || expectedIvLen != ivLen) { + WOLFSSL_MSG("Wrong ivLen value"); + return WOLFSSL_FAILURE; + } + + return wolfSSL_EVP_CipherInit(ctx, NULL, NULL, iv, -1); + } +#endif + + /* WOLFSSL_SUCCESS on ok */ + int wolfSSL_EVP_Cipher(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* dst, byte* src, + word32 len) + { + int ret = 0; + WOLFSSL_ENTER("wolfSSL_EVP_Cipher"); + + if (ctx == NULL || src == NULL || + (dst == NULL && + ctx->cipherType != AES_128_GCM_TYPE && + ctx->cipherType != AES_192_GCM_TYPE && + ctx->cipherType != AES_256_GCM_TYPE)) { + WOLFSSL_MSG("Bad function argument"); + return 0; /* failure */ + } + + if (ctx->cipherType == 0xff) { + WOLFSSL_MSG("no init"); + return 0; /* failure */ + } + + switch (ctx->cipherType) { + +#ifndef NO_AES +#ifdef HAVE_AES_CBC + case AES_128_CBC_TYPE : + case AES_192_CBC_TYPE : + case AES_256_CBC_TYPE : + WOLFSSL_MSG("AES CBC"); + if (ctx->enc) + ret = wc_AesCbcEncrypt(&ctx->cipher.aes, dst, src, len); + else + ret = wc_AesCbcDecrypt(&ctx->cipher.aes, dst, src, len); + break; +#endif /* HAVE_AES_CBC */ + +#ifdef WOLFSSL_AES_CFB +#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) + case AES_128_CFB1_TYPE: + case AES_192_CFB1_TYPE: + case AES_256_CFB1_TYPE: + WOLFSSL_MSG("AES CFB1"); + if (ctx->enc) + ret = wc_AesCfb1Encrypt(&ctx->cipher.aes, dst, src, len); + else + ret = wc_AesCfb1Decrypt(&ctx->cipher.aes, dst, src, len); + break; + case AES_128_CFB8_TYPE: + case AES_192_CFB8_TYPE: + case AES_256_CFB8_TYPE: + WOLFSSL_MSG("AES CFB8"); + if (ctx->enc) + ret = wc_AesCfb8Encrypt(&ctx->cipher.aes, dst, src, len); + else + ret = wc_AesCfb8Decrypt(&ctx->cipher.aes, dst, src, len); + break; +#endif /* !HAVE_SELFTEST && !HAVE_FIPS */ + case AES_128_CFB128_TYPE: + case AES_192_CFB128_TYPE: + case AES_256_CFB128_TYPE: + WOLFSSL_MSG("AES CFB128"); + if (ctx->enc) + ret = wc_AesCfbEncrypt(&ctx->cipher.aes, dst, src, len); + else + ret = wc_AesCfbDecrypt(&ctx->cipher.aes, dst, src, len); + break; +#endif /* WOLFSSL_AES_CFB */ +#if defined(WOLFSSL_AES_OFB) + case AES_128_OFB_TYPE: + case AES_192_OFB_TYPE: + case AES_256_OFB_TYPE: + WOLFSSL_MSG("AES OFB"); + if (ctx->enc) + ret = wc_AesOfbEncrypt(&ctx->cipher.aes, dst, src, len); + else + ret = wc_AesOfbDecrypt(&ctx->cipher.aes, dst, src, len); + break; +#endif /* WOLFSSL_AES_OFB */ +#if defined(WOLFSSL_AES_XTS) + case AES_128_XTS_TYPE: + case AES_256_XTS_TYPE: + WOLFSSL_MSG("AES XTS"); + if (ctx->enc) + ret = wc_AesXtsEncrypt(&ctx->cipher.xts, dst, src, len, + ctx->iv, ctx->ivSz); + else + ret = wc_AesXtsDecrypt(&ctx->cipher.xts, dst, src, len, + ctx->iv, ctx->ivSz); + break; +#endif /* WOLFSSL_AES_XTS */ + +#ifdef HAVE_AESGCM + case AES_128_GCM_TYPE : + case AES_192_GCM_TYPE : + case AES_256_GCM_TYPE : + WOLFSSL_MSG("AES GCM"); + if (ctx->enc) { + if (dst){ + /* encrypt confidential data*/ + ret = wc_AesGcmEncrypt(&ctx->cipher.aes, dst, src, len, + ctx->iv, ctx->ivSz, ctx->authTag, ctx->authTagSz, + NULL, 0); + } + else { + /* authenticated, non-confidential data */ + ret = wc_AesGcmEncrypt(&ctx->cipher.aes, NULL, NULL, 0, + ctx->iv, ctx->ivSz, ctx->authTag, ctx->authTagSz, + src, len); + /* Reset partial authTag error for AAD*/ + if (ret == AES_GCM_AUTH_E) + ret = 0; + } + } + else { + if (dst){ + /* decrypt confidential data*/ + ret = wc_AesGcmDecrypt(&ctx->cipher.aes, dst, src, len, + ctx->iv, ctx->ivSz, ctx->authTag, ctx->authTagSz, + NULL, 0); + } + else { + /* authenticated, non-confidential data*/ + ret = wc_AesGcmDecrypt(&ctx->cipher.aes, NULL, NULL, 0, + ctx->iv, ctx->ivSz, + ctx->authTag, ctx->authTagSz, + src, len); + /* Reset partial authTag error for AAD*/ + if (ret == AES_GCM_AUTH_E) + ret = 0; + } + } + break; +#endif /* HAVE_AESGCM */ +#ifdef HAVE_AES_ECB + case AES_128_ECB_TYPE : + case AES_192_ECB_TYPE : + case AES_256_ECB_TYPE : + WOLFSSL_MSG("AES ECB"); + if (ctx->enc) + ret = wc_AesEcbEncrypt(&ctx->cipher.aes, dst, src, len); + else + ret = wc_AesEcbDecrypt(&ctx->cipher.aes, dst, src, len); + break; +#endif +#ifdef WOLFSSL_AES_COUNTER + case AES_128_CTR_TYPE : + case AES_192_CTR_TYPE : + case AES_256_CTR_TYPE : + WOLFSSL_MSG("AES CTR"); + ret = wc_AesCtrEncrypt(&ctx->cipher.aes, dst, src, len); + break; +#endif /* WOLFSSL_AES_COUNTER */ +#endif /* NO_AES */ + +#ifndef NO_DES3 + case DES_CBC_TYPE : + WOLFSSL_MSG("DES CBC"); + if (ctx->enc) + wc_Des_CbcEncrypt(&ctx->cipher.des, dst, src, len); + else + wc_Des_CbcDecrypt(&ctx->cipher.des, dst, src, len); + break; + case DES_EDE3_CBC_TYPE : + WOLFSSL_MSG("DES3 CBC"); + if (ctx->enc) + ret = wc_Des3_CbcEncrypt(&ctx->cipher.des3, dst, src, len); + else + ret = wc_Des3_CbcDecrypt(&ctx->cipher.des3, dst, src, len); + break; +#ifdef WOLFSSL_DES_ECB + case DES_ECB_TYPE : + WOLFSSL_MSG("DES ECB"); + ret = wc_Des_EcbEncrypt(&ctx->cipher.des, dst, src, len); + break; + case DES_EDE3_ECB_TYPE : + WOLFSSL_MSG("DES3 ECB"); + ret = wc_Des3_EcbEncrypt(&ctx->cipher.des3, dst, src, len); + break; +#endif +#endif /* !NO_DES3 */ + +#ifndef NO_RC4 + case ARC4_TYPE : + WOLFSSL_MSG("ARC4"); + wc_Arc4Process(&ctx->cipher.arc4, dst, src, len); + break; +#endif + +#ifdef HAVE_IDEA + case IDEA_CBC_TYPE : + WOLFSSL_MSG("IDEA CBC"); + if (ctx->enc) + wc_IdeaCbcEncrypt(&ctx->cipher.idea, dst, src, len); + else + wc_IdeaCbcDecrypt(&ctx->cipher.idea, dst, src, len); + break; +#endif + case NULL_CIPHER_TYPE : + WOLFSSL_MSG("NULL CIPHER"); + XMEMCPY(dst, src, len); + break; + + default: { + WOLFSSL_MSG("bad type"); + return 0; /* failure */ + } + } + + if (ret != 0) { + WOLFSSL_MSG("wolfSSL_EVP_Cipher failure"); + return 0; /* failure */ + } + + if (wolfSSL_StoreExternalIV(ctx) != WOLFSSL_SUCCESS) { + return WOLFSSL_FAILURE; + } + + WOLFSSL_MSG("wolfSSL_EVP_Cipher success"); + return WOLFSSL_SUCCESS; /* success */ + } + + /* WOLFSSL_SUCCESS on ok */ + int wolfSSL_EVP_DigestInit(WOLFSSL_EVP_MD_CTX* ctx, + const WOLFSSL_EVP_MD* type) + { + int ret = WOLFSSL_SUCCESS; + + WOLFSSL_ENTER("EVP_DigestInit"); + + if (ctx == NULL || type == NULL) { + return BAD_FUNC_ARG; + } + + + #ifdef WOLFSSL_ASYNC_CRYPT + /* compile-time validation of ASYNC_CTX_SIZE */ + typedef char async_test[WC_ASYNC_DEV_SIZE >= sizeof(WC_ASYNC_DEV) ? + 1 : -1]; + (void)sizeof(async_test); + #endif + + if (XSTRNCMP(type, "SHA256", 6) == 0) { + ctx->macType = WC_HASH_TYPE_SHA256; + ret = wolfSSL_SHA256_Init(&(ctx->hash.digest.sha256)); + } + #ifdef WOLFSSL_SHA224 + else if (XSTRNCMP(type, "SHA224", 6) == 0) { + ctx->macType = WC_HASH_TYPE_SHA224; + ret = wolfSSL_SHA224_Init(&(ctx->hash.digest.sha224)); + } + #endif + #ifdef WOLFSSL_SHA384 + else if (XSTRNCMP(type, "SHA384", 6) == 0) { + ctx->macType = WC_HASH_TYPE_SHA384; + ret = wolfSSL_SHA384_Init(&(ctx->hash.digest.sha384)); + } + #endif + #ifdef WOLFSSL_SHA512 + else if (XSTRNCMP(type, "SHA512", 6) == 0) { + ctx->macType = WC_HASH_TYPE_SHA512; + ret = wolfSSL_SHA512_Init(&(ctx->hash.digest.sha512)); + } + #endif + #ifndef NO_MD4 + else if (XSTRNCMP(type, "MD4", 3) == 0) { + ctx->macType = WC_HASH_TYPE_MD4; + wolfSSL_MD4_Init(&(ctx->hash.digest.md4)); + } + #endif + #ifndef NO_MD5 + else if (XSTRNCMP(type, "MD5", 3) == 0) { + ctx->macType = WC_HASH_TYPE_MD5; + ret = wolfSSL_MD5_Init(&(ctx->hash.digest.md5)); + } + #endif +#ifdef WOLFSSL_SHA3 + #ifndef WOLFSSL_NOSHA3_224 + else if (XSTRNCMP(type, "SHA3_224", 8) == 0) { + ctx->macType = WC_HASH_TYPE_SHA3_224; + ret = wolfSSL_SHA3_224_Init(&(ctx->hash.digest.sha3_224)); + } + #endif + #ifndef WOLFSSL_NOSHA3_256 + else if (XSTRNCMP(type, "SHA3_256", 8) == 0) { + ctx->macType = WC_HASH_TYPE_SHA3_256; + ret = wolfSSL_SHA3_256_Init(&(ctx->hash.digest.sha3_256)); + } + #endif + else if (XSTRNCMP(type, "SHA3_384", 8) == 0) { + ctx->macType = WC_HASH_TYPE_SHA3_384; + ret = wolfSSL_SHA3_384_Init(&(ctx->hash.digest.sha3_384)); + } + #ifndef WOLFSSL_NOSHA3_512 + else if (XSTRNCMP(type, "SHA3_512", 8) == 0) { + ctx->macType = WC_HASH_TYPE_SHA3_512; + ret = wolfSSL_SHA3_512_Init(&(ctx->hash.digest.sha3_512)); + } + #endif +#endif + #ifndef NO_SHA + /* has to be last since would pick or 224, 256, 384, or 512 too */ + else if (XSTRNCMP(type, "SHA", 3) == 0) { + ctx->macType = WC_HASH_TYPE_SHA; + ret = wolfSSL_SHA_Init(&(ctx->hash.digest.sha)); + } + #endif /* NO_SHA */ + else { + ctx->macType = WC_HASH_TYPE_NONE; + return BAD_FUNC_ARG; + } + + return ret; + } + + /* WOLFSSL_SUCCESS on ok, WOLFSSL_FAILURE on failure */ + int wolfSSL_EVP_DigestUpdate(WOLFSSL_EVP_MD_CTX* ctx, const void* data, + size_t sz) + { + WOLFSSL_ENTER("EVP_DigestUpdate"); + + switch (ctx->macType) { +#ifndef NO_MD4 + case WC_HASH_TYPE_MD4: + wolfSSL_MD4_Update((MD4_CTX*)&ctx->hash, data, + (unsigned long)sz); + break; +#endif +#ifndef NO_MD5 + case WC_HASH_TYPE_MD5: + wolfSSL_MD5_Update((MD5_CTX*)&ctx->hash, data, + (unsigned long)sz); + break; +#endif +#ifndef NO_SHA + case WC_HASH_TYPE_SHA: + wolfSSL_SHA_Update((SHA_CTX*)&ctx->hash, data, + (unsigned long)sz); + break; +#endif +#ifdef WOLFSSL_SHA224 + case WC_HASH_TYPE_SHA224: + wolfSSL_SHA224_Update((SHA224_CTX*)&ctx->hash, data, + (unsigned long)sz); + break; +#endif +#ifndef NO_SHA256 + case WC_HASH_TYPE_SHA256: + wolfSSL_SHA256_Update((SHA256_CTX*)&ctx->hash, data, + (unsigned long)sz); + break; +#endif /* !NO_SHA256 */ +#ifdef WOLFSSL_SHA384 + case WC_HASH_TYPE_SHA384: + wolfSSL_SHA384_Update((SHA384_CTX*)&ctx->hash, data, + (unsigned long)sz); + break; +#endif +#ifdef WOLFSSL_SHA512 + case WC_HASH_TYPE_SHA512: + wolfSSL_SHA512_Update((SHA512_CTX*)&ctx->hash, data, + (unsigned long)sz); + break; +#endif /* WOLFSSL_SHA512 */ + #ifdef WOLFSSL_SHA3 + #ifndef WOLFSSL_NOSHA3_224 + case WC_HASH_TYPE_SHA3_224: + wolfSSL_SHA3_224_Update((SHA3_224_CTX*)&ctx->hash, data, + (unsigned long)sz); + break; + #endif + #ifndef WOLFSSL_NOSHA3_256 + case WC_HASH_TYPE_SHA3_256: + wolfSSL_SHA3_256_Update((SHA3_256_CTX*)&ctx->hash, data, + (unsigned long)sz); + break; + #endif + case WC_HASH_TYPE_SHA3_384: + wolfSSL_SHA3_384_Update((SHA3_384_CTX*)&ctx->hash, data, + (unsigned long)sz); + break; + #ifndef WOLFSSL_NOSHA3_512 + case WC_HASH_TYPE_SHA3_512: + wolfSSL_SHA3_512_Update((SHA3_512_CTX*)&ctx->hash, data, + (unsigned long)sz); + break; + #endif + #endif + default: + return WOLFSSL_FAILURE; + } + + return WOLFSSL_SUCCESS; + } + + /* WOLFSSL_SUCCESS on ok */ + int wolfSSL_EVP_DigestFinal(WOLFSSL_EVP_MD_CTX* ctx, unsigned char* md, + unsigned int* s) + { + WOLFSSL_ENTER("EVP_DigestFinal"); + switch (ctx->macType) { +#ifndef NO_MD4 + case WC_HASH_TYPE_MD4: + wolfSSL_MD4_Final(md, (MD4_CTX*)&ctx->hash); + if (s) *s = MD4_DIGEST_SIZE; + break; +#endif +#ifndef NO_MD5 + case WC_HASH_TYPE_MD5: + wolfSSL_MD5_Final(md, (MD5_CTX*)&ctx->hash); + if (s) *s = WC_MD5_DIGEST_SIZE; + break; +#endif +#ifndef NO_SHA + case WC_HASH_TYPE_SHA: + wolfSSL_SHA_Final(md, (SHA_CTX*)&ctx->hash); + if (s) *s = WC_SHA_DIGEST_SIZE; + break; +#endif +#ifdef WOLFSSL_SHA224 + case WC_HASH_TYPE_SHA224: + wolfSSL_SHA224_Final(md, (SHA224_CTX*)&ctx->hash); + if (s) *s = WC_SHA224_DIGEST_SIZE; + break; +#endif +#ifndef NO_SHA256 + case WC_HASH_TYPE_SHA256: + wolfSSL_SHA256_Final(md, (SHA256_CTX*)&ctx->hash); + if (s) *s = WC_SHA256_DIGEST_SIZE; + break; +#endif /* !NO_SHA256 */ +#ifdef WOLFSSL_SHA384 + case WC_HASH_TYPE_SHA384: + wolfSSL_SHA384_Final(md, (SHA384_CTX*)&ctx->hash); + if (s) *s = WC_SHA384_DIGEST_SIZE; + break; +#endif +#ifdef WOLFSSL_SHA512 + case WC_HASH_TYPE_SHA512: + wolfSSL_SHA512_Final(md, (SHA512_CTX*)&ctx->hash); + if (s) *s = WC_SHA512_DIGEST_SIZE; + break; +#endif /* WOLFSSL_SHA512 */ + #ifdef WOLFSSL_SHA3 + #ifndef WOLFSSL_NOSHA3_224 + case WC_HASH_TYPE_SHA3_224: + wolfSSL_SHA3_224_Final(md, (SHA3_224_CTX*)&ctx->hash); + if (s) *s = WC_SHA3_224_DIGEST_SIZE; + break; + #endif + #ifndef WOLFSSL_NOSHA3_256 + case WC_HASH_TYPE_SHA3_256: + wolfSSL_SHA3_256_Final(md, (SHA3_256_CTX*)&ctx->hash); + if (s) *s = WC_SHA3_256_DIGEST_SIZE; + break; + #endif + case WC_HASH_TYPE_SHA3_384: + wolfSSL_SHA3_384_Final(md, (SHA3_384_CTX*)&ctx->hash); + if (s) *s = WC_SHA3_384_DIGEST_SIZE; + break; + #ifndef WOLFSSL_NOSHA3_512 + case WC_HASH_TYPE_SHA3_512: + wolfSSL_SHA3_512_Final(md, (SHA3_512_CTX*)&ctx->hash); + if (s) *s = WC_SHA3_512_DIGEST_SIZE; + break; + #endif + #endif + default: + return WOLFSSL_FAILURE; + } + + return WOLFSSL_SUCCESS; + } + + /* WOLFSSL_SUCCESS on ok */ + int wolfSSL_EVP_DigestFinal_ex(WOLFSSL_EVP_MD_CTX* ctx, unsigned char* md, + unsigned int* s) + { + WOLFSSL_ENTER("EVP_DigestFinal_ex"); + return EVP_DigestFinal(ctx, md, s); + } + + void wolfSSL_EVP_cleanup(void) + { + /* nothing to do here */ + } + +const WOLFSSL_EVP_MD* wolfSSL_EVP_get_digestbynid(int id) +{ + WOLFSSL_MSG("wolfSSL_get_digestbynid"); + + switch(id) { +#ifndef NO_MD5 + case NID_md5: + return wolfSSL_EVP_md5(); +#endif +#ifndef NO_SHA + case NID_sha1: + return wolfSSL_EVP_sha1(); +#endif + default: + WOLFSSL_MSG("Bad digest id value"); + } + + return NULL; +} + +#ifndef NO_RSA +WOLFSSL_RSA* wolfSSL_EVP_PKEY_get0_RSA(WOLFSSL_EVP_PKEY *pkey) +{ + if (!pkey) { + return NULL; + } + return pkey->rsa; +} + +WOLFSSL_RSA* wolfSSL_EVP_PKEY_get1_RSA(WOLFSSL_EVP_PKEY* key) +{ + WOLFSSL_RSA* local; + + WOLFSSL_MSG("wolfSSL_EVP_PKEY_get1_RSA"); + + if (key == NULL) { + return NULL; + } + + local = wolfSSL_RSA_new(); + if (local == NULL) { + WOLFSSL_MSG("Error creating a new WOLFSSL_RSA structure"); + return NULL; + } + + if (key->type == EVP_PKEY_RSA) { + if (wolfSSL_RSA_LoadDer(local, (const unsigned char*)key->pkey.ptr, + key->pkey_sz) != SSL_SUCCESS) { + /* now try public key */ + if (wolfSSL_RSA_LoadDer_ex(local, + (const unsigned char*)key->pkey.ptr, key->pkey_sz, + WOLFSSL_RSA_LOAD_PUBLIC) != SSL_SUCCESS) { + wolfSSL_RSA_free(local); + local = NULL; + } + } + } + else { + WOLFSSL_MSG("WOLFSSL_EVP_PKEY does not hold an RSA key"); + wolfSSL_RSA_free(local); + local = NULL; + } + return local; +} + +/* with set1 functions the pkey struct does not own the RSA structure + * + * returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure + */ +int wolfSSL_EVP_PKEY_set1_RSA(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_RSA *key) +{ +#if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA) + int derMax = 0; + int derSz = 0; + byte* derBuf = NULL; + RsaKey* rsa = NULL; +#endif + WOLFSSL_ENTER("wolfSSL_EVP_PKEY_set1_RSA"); + if ((pkey == NULL) || (key == NULL)) + return WOLFSSL_FAILURE; + + if (pkey->rsa != NULL && pkey->ownRsa == 1) { + wolfSSL_RSA_free(pkey->rsa); + } + pkey->rsa = key; + pkey->ownRsa = 0; /* pkey does not own RSA */ + pkey->type = EVP_PKEY_RSA; + if (key->inSet == 0) { + if (SetRsaInternal(key) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("SetRsaInternal failed"); + return WOLFSSL_FAILURE; + } + } + +#if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA) + rsa = (RsaKey*)key->internal; + /* 5 > size of n, d, p, q, d%(p-1), d(q-1), 1/q%p, e + ASN.1 additional + * information */ + derMax = 5 * wolfSSL_RSA_size(key) + (2 * AES_BLOCK_SIZE); + + derBuf = (byte*)XMALLOC(derMax, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (derBuf == NULL) { + WOLFSSL_MSG("malloc failed"); + return WOLFSSL_FAILURE; + } + + if (rsa->type == RSA_PRIVATE) { + /* Private key to DER */ + derSz = wc_RsaKeyToDer(rsa, derBuf, derMax); + } + else { + /* Public key to DER */ + derSz = wc_RsaKeyToPublicDer(rsa, derBuf, derMax); + } + + if (derSz < 0) { + if (rsa->type == RSA_PRIVATE) { + WOLFSSL_MSG("wc_RsaKeyToDer failed"); + } + else { + WOLFSSL_MSG("wc_RsaKeyToPublicDer failed"); + } + XFREE(derBuf, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER); + return WOLFSSL_FAILURE; + } + + pkey->pkey.ptr = (char*)XMALLOC(derSz, pkey->heap, DYNAMIC_TYPE_DER); + if (pkey->pkey.ptr == NULL) { + WOLFSSL_MSG("key malloc failed"); + XFREE(derBuf, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER); + return WOLFSSL_FAILURE; + } + pkey->pkey_sz = derSz; + XMEMCPY(pkey->pkey.ptr, derBuf, derSz); + XFREE(derBuf, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER); +#endif /* WOLFSSL_KEY_GEN && !HAVE_USER_RSA */ + +#ifdef WC_RSA_BLINDING + if (key->ownRng == 0) { + if (wc_RsaSetRNG((RsaKey*)(pkey->rsa->internal), &(pkey->rng)) != 0) { + WOLFSSL_MSG("Error setting RSA rng"); + return WOLFSSL_FAILURE; + } + } +#endif + return WOLFSSL_SUCCESS; +} +#endif /* !NO_RSA */ + +#if !defined (NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN) +/* with set1 functions the pkey struct does not own the DSA structure + * + * returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure + */ +int wolfSSL_EVP_PKEY_set1_DSA(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_DSA *key) +{ + int derMax = 0; + int derSz = 0; + DsaKey* dsa = NULL; + byte* derBuf = NULL; + + WOLFSSL_ENTER("wolfSSL_EVP_PKEY_set1_DSA"); + + if((pkey == NULL) || (key == NULL))return WOLFSSL_FAILURE; + if (pkey->dsa != NULL && pkey->ownDsa == 1) { + wolfSSL_DSA_free(pkey->dsa); + } + pkey->dsa = key; + pkey->ownDsa = 0; /* pkey does not own DSA */ + pkey->type = EVP_PKEY_DSA; + if (key->inSet == 0) { + if (SetDsaInternal(key) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("SetDsaInternal failed"); + return WOLFSSL_FAILURE; + } + } + dsa = (DsaKey*)key->internal; + + /* 4 > size of pub, priv, p, q, g + ASN.1 additional information */ + derMax = 4 * wolfSSL_BN_num_bytes(key->g) + AES_BLOCK_SIZE; + + derBuf = (byte*)XMALLOC(derMax, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (derBuf == NULL) { + WOLFSSL_MSG("malloc failed"); + return WOLFSSL_FAILURE; + } + + if (dsa->type == DSA_PRIVATE) { + /* Private key to DER */ + derSz = wc_DsaKeyToDer(dsa, derBuf, derMax); + } + else { + /* Public key to DER */ + derSz = wc_DsaKeyToPublicDer(dsa, derBuf, derMax); + } + + if (derSz < 0) { + if (dsa->type == DSA_PRIVATE) { + WOLFSSL_MSG("wc_DsaKeyToDer failed"); + } + else { + WOLFSSL_MSG("wc_DsaKeyToPublicDer failed"); + } + XFREE(derBuf, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER); + return WOLFSSL_FAILURE; + } + + pkey->pkey.ptr = (char*)XMALLOC(derSz, pkey->heap, DYNAMIC_TYPE_DER); + if (pkey->pkey.ptr == NULL) { + WOLFSSL_MSG("key malloc failed"); + XFREE(derBuf, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER); + return WOLFSSL_FAILURE; + } + pkey->pkey_sz = derSz; + XMEMCPY(pkey->pkey.ptr, derBuf, derSz); + XFREE(derBuf, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER); + + return WOLFSSL_SUCCESS; +} + +WOLFSSL_DSA* wolfSSL_EVP_PKEY_get1_DSA(WOLFSSL_EVP_PKEY* key) +{ + WOLFSSL_DSA* local; + + WOLFSSL_ENTER("wolfSSL_EVP_PKEY_get1_DSA"); + + if (key == NULL) { + WOLFSSL_MSG("Bad function argument"); + return NULL; + } + + local = wolfSSL_DSA_new(); + if (local == NULL) { + WOLFSSL_MSG("Error creating a new WOLFSSL_DSA structure"); + return NULL; + } + + if (key->type == EVP_PKEY_DSA) { + if (wolfSSL_DSA_LoadDer(local, (const unsigned char*)key->pkey.ptr, + key->pkey_sz) != SSL_SUCCESS) { + /* now try public key */ + if (wolfSSL_DSA_LoadDer_ex(local, + (const unsigned char*)key->pkey.ptr, key->pkey_sz, + WOLFSSL_DSA_LOAD_PUBLIC) != SSL_SUCCESS) { + wolfSSL_DSA_free(local); + local = NULL; + } + } + } + else { + WOLFSSL_MSG("WOLFSSL_EVP_PKEY does not hold a DSA key"); + wolfSSL_DSA_free(local); + local = NULL; + } + return local; +} +#endif /* !NO_DSA && !HAVE_SELFTEST && WOLFSSL_KEY_GEN */ + +#ifdef HAVE_ECC +WOLFSSL_EC_KEY *wolfSSL_EVP_PKEY_get0_EC_KEY(WOLFSSL_EVP_PKEY *pkey) +{ + WOLFSSL_EC_KEY *eckey = NULL; + if (pkey) { +#ifdef HAVE_ECC + eckey = pkey->ecc; +#endif + } + return eckey; +} + +WOLFSSL_EC_KEY* wolfSSL_EVP_PKEY_get1_EC_KEY(WOLFSSL_EVP_PKEY* key) +{ + WOLFSSL_EC_KEY* local; + WOLFSSL_ENTER("wolfSSL_EVP_PKEY_get1_EC_KEY"); + + if (key == NULL) { + return NULL; + } + + local = wolfSSL_EC_KEY_new(); + if (local == NULL) { + WOLFSSL_MSG("Error creating a new WOLFSSL_EC_KEY structure"); + return NULL; + } + + if (key->type == EVP_PKEY_EC) { + if (wolfSSL_EC_KEY_LoadDer(local, (const unsigned char*)key->pkey.ptr, + key->pkey_sz) != SSL_SUCCESS) { + /* now try public key */ + if (wolfSSL_EC_KEY_LoadDer_ex(local, + (const unsigned char*)key->pkey.ptr, + key->pkey_sz, WOLFSSL_EC_KEY_LOAD_PUBLIC) != SSL_SUCCESS) { + + wolfSSL_EC_KEY_free(local); + local = NULL; + } + } + } + else { + WOLFSSL_MSG("WOLFSSL_EVP_PKEY does not hold an EC key"); + wolfSSL_EC_KEY_free(local); + local = NULL; + } +#ifdef OPENSSL_ALL + if (!local && key->ecc) { + local = wolfSSL_EC_KEY_dup(key->ecc); + } +#endif + return local; +} +#endif /* HAVE_ECC */ + +#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) +#if !defined(NO_DH) && !defined(NO_FILESYSTEM) +/* with set1 functions the pkey struct does not own the DH structure + * Build the following DH Key format from the passed in WOLFSSL_DH + * then store in WOLFSSL_EVP_PKEY in DER format. + * + * returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure + */ +int wolfSSL_EVP_PKEY_set1_DH(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_DH *key) +{ + byte havePublic = 0, havePrivate = 0; + int ret; + word32 derSz = 0; + byte* derBuf = NULL; + DhKey* dhkey = NULL; + mp_int pubKey; + mp_int privKey; + + WOLFSSL_ENTER("wolfSSL_EVP_PKEY_set1_DH"); + + if (pkey == NULL || key == NULL) + return WOLFSSL_FAILURE; + + if (pkey->dh != NULL && pkey->ownDh == 1) + wolfSSL_DH_free(pkey->dh); + + pkey->dh = key; + pkey->ownDh = 0; /* pkey does not own DH */ + pkey->type = EVP_PKEY_DH; + if (key->inSet == 0) { + if (SetDhInternal(key) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("SetDhInternal failed"); + return WOLFSSL_FAILURE; + } + } + + dhkey = (DhKey*)key->internal; + + pubKey = dhkey->pub; + privKey = dhkey->priv; + + havePublic = mp_unsigned_bin_size(&pubKey) > 0; + havePrivate = mp_unsigned_bin_size(&privKey) > 0; + + /* Get size of DER buffer only */ + if (havePublic && !havePrivate) { + ret = wc_DhPubKeyToDer(dhkey, NULL, &derSz); + } else if (havePrivate && !havePublic) { + ret = wc_DhPrivKeyToDer(dhkey, NULL, &derSz); + } else { + ret = wc_DhParamsToDer(dhkey,NULL,&derSz); + } + + if (derSz <= 0 || ret != LENGTH_ONLY_E) { + WOLFSSL_MSG("Failed to get size of DH Key"); + return WOLFSSL_FAILURE; + } + + derBuf = (byte*)XMALLOC(derSz, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (derBuf == NULL) { + WOLFSSL_MSG("malloc failed"); + return WOLFSSL_FAILURE; + } + + /* Fill DER buffer */ + if (havePublic && !havePrivate) { + ret = wc_DhPubKeyToDer(dhkey, derBuf, &derSz); + } else if (havePrivate && !havePublic) { + ret = wc_DhPrivKeyToDer(dhkey, derBuf, &derSz); + } else { + ret = wc_DhParamsToDer(dhkey,derBuf,&derSz); + } + + if (ret <= 0) { + WOLFSSL_MSG("Failed to export DH Key"); + XFREE(derBuf, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER); + return WOLFSSL_FAILURE; + } + + /* Store DH key into pkey (DER format) */ + pkey->pkey.ptr = (char*)XMALLOC(derSz, pkey->heap, DYNAMIC_TYPE_DER); + if (pkey->pkey.ptr == NULL) { + WOLFSSL_MSG("key malloc failed"); + XFREE(derBuf, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER); + return WOLFSSL_FAILURE; + } + pkey->pkey_sz = derSz; + XMEMCPY(pkey->pkey.ptr, derBuf, derSz); + XFREE(derBuf, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER); + + return WOLFSSL_SUCCESS; +} + +WOLFSSL_DH* wolfSSL_EVP_PKEY_get1_DH(WOLFSSL_EVP_PKEY* key) +{ + WOLFSSL_DH* local = NULL; + + WOLFSSL_ENTER("wolfSSL_EVP_PKEY_get1_DH"); + + if (key == NULL || key->dh == NULL) { + WOLFSSL_MSG("Bad function argument"); + return NULL; + } + + if (key->type == EVP_PKEY_DH) { + + local = wolfSSL_DH_new(); + if (local == NULL) { + WOLFSSL_MSG("Error creating a new WOLFSSL_DH structure"); + return NULL; + } + + if (wolfSSL_DH_LoadDer(local, (const unsigned char*)key->pkey.ptr, + key->pkey_sz) != SSL_SUCCESS) { + wolfSSL_DH_free(local); + WOLFSSL_MSG("Error wolfSSL_DH_LoadDer"); + local = NULL; + } + } + else { + WOLFSSL_MSG("WOLFSSL_EVP_PKEY does not hold a DH key"); + wolfSSL_DH_free(local); + return NULL; + } + + return local; +} +#endif /* NO_DH && NO_FILESYSTEM */ + +int wolfSSL_EVP_PKEY_assign(WOLFSSL_EVP_PKEY *pkey, int type, void *key) +{ + int ret; + + WOLFSSL_ENTER("wolfSSL_EVP_PKEY_assign"); + + /* pkey and key checked if NULL in subsequent assign functions */ + switch(type) { + #ifndef NO_RSA + case EVP_PKEY_RSA: + ret = wolfSSL_EVP_PKEY_assign_RSA(pkey, (WOLFSSL_RSA*)key); + break; + #endif + #ifndef NO_DSA + case EVP_PKEY_DSA: + ret = wolfSSL_EVP_PKEY_assign_DSA(pkey, (WOLFSSL_DSA*)key); + break; + #endif + #ifdef HAVE_ECC + case EVP_PKEY_EC: + ret = wolfSSL_EVP_PKEY_assign_EC_KEY(pkey, (WOLFSSL_EC_KEY*)key); + break; + #endif + #ifdef NO_DH + case EVP_PKEY_DH: + ret = wolfSSL_EVP_PKEY_assign_DH(pkey, (WOLFSSL_DH*)key); + break; + #endif + default: + WOLFSSL_MSG("Unknown EVP_PKEY type in wolfSSL_EVP_PKEY_assign."); + ret = WOLFSSL_FAILURE; + } + + return ret; +} +#endif /* WOLFSSL_QT || OPENSSL_ALL */ + +#if defined(HAVE_ECC) +/* try and populate public pkey_sz and pkey.ptr */ +static void ECC_populate_EVP_PKEY(EVP_PKEY* pkey, ecc_key* ecc) +{ + int ret; + if (!pkey || !ecc) + return; + if ((ret = wc_EccPublicKeyDerSize(ecc, 1)) > 0) { + int derSz = ret; + char* derBuf = (char*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (derBuf) { + ret = wc_EccPublicKeyToDer(ecc, (byte*)derBuf, derSz, 1); + if (ret >= 0) { + if (pkey->pkey.ptr) { + XFREE(pkey->pkey.ptr, NULL, DYNAMIC_TYPE_OPENSSL); + } + pkey->pkey_sz = ret; + pkey->pkey.ptr = derBuf; + } + else { /* failure - okay to ignore */ + XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + derBuf = NULL; + } + } + } +} + +WOLFSSL_API int wolfSSL_EVP_PKEY_set1_EC_KEY(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_EC_KEY *key) +{ +#ifdef HAVE_ECC + if((pkey == NULL) || (key ==NULL))return WOLFSSL_FAILURE; + WOLFSSL_ENTER("wolfSSL_EVP_PKEY_set1_EC_KEY"); +#ifndef NO_RSA + if (pkey->rsa != NULL && pkey->ownRsa == 1) { + wolfSSL_RSA_free(pkey->rsa); + } + pkey->ownRsa = 0; +#endif +#ifndef NO_DSA + if (pkey->dsa != NULL && pkey->ownDsa == 1) { + wolfSSL_DSA_free(pkey->dsa); + } + pkey->ownDsa = 0; +#endif +#ifndef NO_DH + if (pkey->dh != NULL && pkey->ownDh == 1) { + wolfSSL_DH_free(pkey->dh); + } + pkey->ownDh = 0; +#endif + if (pkey->ecc != NULL && pkey->ownEcc == 1) { + wolfSSL_EC_KEY_free(pkey->ecc); + } + pkey->ecc = key; + pkey->ownEcc = 0; /* pkey does not own EC key */ + pkey->type = EVP_PKEY_EC; + ECC_populate_EVP_PKEY(pkey, (ecc_key*)key->internal); + return WOLFSSL_SUCCESS; +#else + (void)pkey; + (void)key; + return WOLFSSL_FAILURE; +#endif +} + +void* wolfSSL_EVP_X_STATE(const WOLFSSL_EVP_CIPHER_CTX* ctx) +{ + WOLFSSL_MSG("wolfSSL_EVP_X_STATE"); + + if (ctx) { + switch (ctx->cipherType) { + case ARC4_TYPE: + WOLFSSL_MSG("returning arc4 state"); + return (void*)&ctx->cipher.arc4.x; + + default: + WOLFSSL_MSG("bad x state type"); + return 0; + } + } + + return NULL; +} +int wolfSSL_EVP_PKEY_assign_EC_KEY(EVP_PKEY* pkey, WOLFSSL_EC_KEY* key) +{ + if (pkey == NULL || key == NULL) + return WOLFSSL_FAILURE; + + pkey->type = EVP_PKEY_EC; + pkey->ecc = key; + pkey->ownEcc = 1; + + /* try and populate public pkey_sz and pkey.ptr */ + ECC_populate_EVP_PKEY(pkey, (ecc_key*)key->internal); + + return WOLFSSL_SUCCESS; +} +#endif /* HAVE_ECC */ + +#ifndef NO_WOLFSSL_STUB +const WOLFSSL_EVP_MD* wolfSSL_EVP_ripemd160(void) +{ + WOLFSSL_MSG("wolfSSL_ripemd160"); + WOLFSSL_STUB("EVP_ripemd160"); + return NULL; +} +#endif + + +int wolfSSL_EVP_MD_block_size(const WOLFSSL_EVP_MD* type) +{ + WOLFSSL_MSG("wolfSSL_EVP_MD_block_size"); + + if (type == NULL) { + WOLFSSL_MSG("No md type arg"); + return BAD_FUNC_ARG; + } + + if (XSTRNCMP(type, "SHA256", 6) == 0) { + return WC_SHA256_BLOCK_SIZE; + } +#ifndef NO_MD5 + else if (XSTRNCMP(type, "MD5", 3) == 0) { + return WC_MD5_BLOCK_SIZE; + } +#endif +#ifdef WOLFSSL_SHA224 + else if (XSTRNCMP(type, "SHA224", 6) == 0) { + return WC_SHA224_BLOCK_SIZE; + } +#endif +#ifdef WOLFSSL_SHA384 + else if (XSTRNCMP(type, "SHA384", 6) == 0) { + return WC_SHA384_BLOCK_SIZE; + } +#endif +#ifdef WOLFSSL_SHA512 + else if (XSTRNCMP(type, "SHA512", 6) == 0) { + return WC_SHA512_BLOCK_SIZE; + } +#endif +#ifndef NO_SHA + /* has to be last since would pick or 256, 384, or 512 too */ + else if (XSTRNCMP(type, "SHA", 3) == 0) { + return WC_SHA_BLOCK_SIZE; + } +#endif + + return BAD_FUNC_ARG; +} + +int wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* type) +{ + WOLFSSL_MSG("wolfSSL_EVP_MD_size"); + + if (type == NULL) { + WOLFSSL_MSG("No md type arg"); + return BAD_FUNC_ARG; + } + + if (XSTRNCMP(type, "SHA256", 6) == 0) { + return WC_SHA256_DIGEST_SIZE; + } +#ifndef NO_MD5 + else if (XSTRNCMP(type, "MD5", 3) == 0) { + return WC_MD5_DIGEST_SIZE; + } +#endif +#ifdef WOLFSSL_SHA224 + else if (XSTRNCMP(type, "SHA224", 6) == 0) { + return WC_SHA224_DIGEST_SIZE; + } +#endif +#ifdef WOLFSSL_SHA384 + else if (XSTRNCMP(type, "SHA384", 6) == 0) { + return WC_SHA384_DIGEST_SIZE; + } +#endif +#ifdef WOLFSSL_SHA512 + else if (XSTRNCMP(type, "SHA512", 6) == 0) { + return WC_SHA512_DIGEST_SIZE; + } +#endif +#ifndef NO_SHA + /* has to be last since would pick or 256, 384, or 512 too */ + else if (XSTRNCMP(type, "SHA", 3) == 0) { + return WC_SHA_DIGEST_SIZE; + } +#endif + + return BAD_FUNC_ARG; +} + + +int wolfSSL_EVP_CIPHER_CTX_iv_length(const WOLFSSL_EVP_CIPHER_CTX* ctx) +{ + WOLFSSL_MSG("wolfSSL_EVP_CIPHER_CTX_iv_length"); + + switch (ctx->cipherType) { + +#ifdef HAVE_AES_CBC + case AES_128_CBC_TYPE : + case AES_192_CBC_TYPE : + case AES_256_CBC_TYPE : + WOLFSSL_MSG("AES CBC"); + return AES_BLOCK_SIZE; +#endif +#ifdef HAVE_AESGCM + case AES_128_GCM_TYPE : + case AES_192_GCM_TYPE : + case AES_256_GCM_TYPE : + WOLFSSL_MSG("AES GCM"); + return GCM_NONCE_MID_SZ; +#endif +#ifdef WOLFSSL_AES_COUNTER + case AES_128_CTR_TYPE : + case AES_192_CTR_TYPE : + case AES_256_CTR_TYPE : + WOLFSSL_MSG("AES CTR"); + return AES_BLOCK_SIZE; +#endif +#ifndef NO_DES3 + case DES_CBC_TYPE : + WOLFSSL_MSG("DES CBC"); + return DES_BLOCK_SIZE; + + case DES_EDE3_CBC_TYPE : + WOLFSSL_MSG("DES EDE3 CBC"); + return DES_BLOCK_SIZE; +#endif +#ifdef HAVE_IDEA + case IDEA_CBC_TYPE : + WOLFSSL_MSG("IDEA CBC"); + return IDEA_BLOCK_SIZE; +#endif +#ifndef NO_RC4 + case ARC4_TYPE : + WOLFSSL_MSG("ARC4"); + return 0; +#endif +#ifdef WOLFSSL_AES_CFB +#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) + case AES_128_CFB1_TYPE: + case AES_192_CFB1_TYPE: + case AES_256_CFB1_TYPE: + WOLFSSL_MSG("AES CFB1"); + return AES_BLOCK_SIZE; + case AES_128_CFB8_TYPE: + case AES_192_CFB8_TYPE: + case AES_256_CFB8_TYPE: + WOLFSSL_MSG("AES CFB8"); + return AES_BLOCK_SIZE; +#endif /* !HAVE_SELFTEST && !HAVE_FIPS */ + case AES_128_CFB128_TYPE: + case AES_192_CFB128_TYPE: + case AES_256_CFB128_TYPE: + WOLFSSL_MSG("AES CFB128"); + return AES_BLOCK_SIZE; +#endif /* WOLFSSL_AES_CFB */ +#if defined(WOLFSSL_AES_OFB) + case AES_128_OFB_TYPE: + case AES_192_OFB_TYPE: + case AES_256_OFB_TYPE: + WOLFSSL_MSG("AES OFB"); + return AES_BLOCK_SIZE; +#endif /* WOLFSSL_AES_OFB */ +#ifdef WOLFSSL_AES_XTS + case AES_128_XTS_TYPE: + case AES_256_XTS_TYPE: + WOLFSSL_MSG("AES XTS"); + return AES_BLOCK_SIZE; +#endif /* WOLFSSL_AES_XTS */ + + case NULL_CIPHER_TYPE : + WOLFSSL_MSG("NULL"); + return 0; + + default: { + WOLFSSL_MSG("bad type"); + } + } + return 0; +} + +int wolfSSL_EVP_CIPHER_iv_length(const WOLFSSL_EVP_CIPHER* cipher) +{ + const char *name = (const char *)cipher; + WOLFSSL_MSG("wolfSSL_EVP_CIPHER_iv_length"); + +#ifndef NO_AES +#ifdef HAVE_AES_CBC + #ifdef WOLFSSL_AES_128 + if (EVP_AES_128_CBC && XSTRNCMP(name, EVP_AES_128_CBC, XSTRLEN(EVP_AES_128_CBC)) == 0) + return AES_BLOCK_SIZE; + #endif + #ifdef WOLFSSL_AES_192 + if (EVP_AES_192_CBC && XSTRNCMP(name, EVP_AES_192_CBC, XSTRLEN(EVP_AES_192_CBC)) == 0) + return AES_BLOCK_SIZE; + #endif + #ifdef WOLFSSL_AES_256 + if (EVP_AES_256_CBC && XSTRNCMP(name, EVP_AES_256_CBC, XSTRLEN(EVP_AES_256_CBC)) == 0) + return AES_BLOCK_SIZE; + #endif +#endif /* HAVE_AES_CBC */ +#ifdef HAVE_AESGCM + #ifdef WOLFSSL_AES_128 + if (EVP_AES_128_GCM && XSTRNCMP(name, EVP_AES_128_GCM, XSTRLEN(EVP_AES_128_GCM)) == 0) + return GCM_NONCE_MID_SZ; + #endif + #ifdef WOLFSSL_AES_192 + if (EVP_AES_192_GCM && XSTRNCMP(name, EVP_AES_192_GCM, XSTRLEN(EVP_AES_192_GCM)) == 0) + return GCM_NONCE_MID_SZ; + #endif + #ifdef WOLFSSL_AES_256 + if (EVP_AES_256_GCM && XSTRNCMP(name, EVP_AES_256_GCM, XSTRLEN(EVP_AES_256_GCM)) == 0) + return GCM_NONCE_MID_SZ; + #endif +#endif /* HAVE_AESGCM */ +#ifdef WOLFSSL_AES_COUNTER + #ifdef WOLFSSL_AES_128 + if (EVP_AES_128_CTR && XSTRNCMP(name, EVP_AES_128_CTR, XSTRLEN(EVP_AES_128_CTR)) == 0) + return AES_BLOCK_SIZE; + #endif + #ifdef WOLFSSL_AES_192 + if (EVP_AES_192_CTR && XSTRNCMP(name, EVP_AES_192_CTR, XSTRLEN(EVP_AES_192_CTR)) == 0) + return AES_BLOCK_SIZE; + #endif + #ifdef WOLFSSL_AES_256 + if (EVP_AES_256_CTR && XSTRNCMP(name, EVP_AES_256_CTR, XSTRLEN(EVP_AES_256_CTR)) == 0) + return AES_BLOCK_SIZE; + #endif +#endif +#ifdef WOLFSSL_AES_XTS + #ifdef WOLFSSL_AES_128 + if (EVP_AES_128_XTS && XSTRNCMP(name, EVP_AES_128_XTS, XSTRLEN(EVP_AES_128_XTS)) == 0) + return AES_BLOCK_SIZE; + #endif /* WOLFSSL_AES_128 */ + + #ifdef WOLFSSL_AES_256 + if (EVP_AES_256_XTS && XSTRNCMP(name, EVP_AES_256_XTS, XSTRLEN(EVP_AES_256_XTS)) == 0) + return AES_BLOCK_SIZE; + #endif /* WOLFSSL_AES_256 */ +#endif /* WOLFSSL_AES_XTS */ + +#endif + +#ifndef NO_DES3 + if ((EVP_DES_CBC && XSTRNCMP(name, EVP_DES_CBC, XSTRLEN(EVP_DES_CBC)) == 0) || + (EVP_DES_EDE3_CBC && XSTRNCMP(name, EVP_DES_EDE3_CBC, XSTRLEN(EVP_DES_EDE3_CBC)) == 0)) { + return DES_BLOCK_SIZE; + } +#endif + +#ifdef HAVE_IDEA + if (EVP_IDEA_CBC && XSTRNCMP(name, EVP_IDEA_CBC, XSTRLEN(EVP_IDEA_CBC)) == 0) + return IDEA_BLOCK_SIZE; +#endif + + (void)name; + + return 0; +} + + +int wolfSSL_EVP_X_STATE_LEN(const WOLFSSL_EVP_CIPHER_CTX* ctx) +{ + WOLFSSL_MSG("wolfSSL_EVP_X_STATE_LEN"); + + if (ctx) { + switch (ctx->cipherType) { + case ARC4_TYPE: + WOLFSSL_MSG("returning arc4 state size"); + return sizeof(Arc4); + + default: + WOLFSSL_MSG("bad x state type"); + return 0; + } + } + + return 0; +} + + +/* return of pkey->type which will be EVP_PKEY_RSA for example. + * + * type type of EVP_PKEY + * + * returns type or if type is not found then NID_undef + */ +int wolfSSL_EVP_PKEY_type(int type) +{ + WOLFSSL_MSG("wolfSSL_EVP_PKEY_type"); + + switch (type) { + case EVP_PKEY_RSA: + return EVP_PKEY_RSA; + case EVP_PKEY_DSA: + return EVP_PKEY_DSA; + case EVP_PKEY_EC: + return EVP_PKEY_EC; + default: + return NID_undef; + } +} + + +int wolfSSL_EVP_PKEY_id(const EVP_PKEY *pkey) +{ + if (pkey != NULL) + return pkey->type; + return 0; +} + + +int wolfSSL_EVP_PKEY_base_id(const EVP_PKEY *pkey) +{ + if (pkey == NULL) + return NID_undef; + return wolfSSL_EVP_PKEY_type(pkey->type); +} + + +/* increments ref count of WOLFSSL_EVP_PKEY. Return 1 on success, 0 on error */ +int wolfSSL_EVP_PKEY_up_ref(WOLFSSL_EVP_PKEY* pkey) +{ + if (pkey) { + if (wc_LockMutex(&pkey->refMutex) != 0) { + WOLFSSL_MSG("Failed to lock pkey mutex"); + } + pkey->references++; + wc_UnLockMutex(&pkey->refMutex); + + return 1; + } + + return 0; +} + +#ifndef NO_RSA +int wolfSSL_EVP_PKEY_assign_RSA(EVP_PKEY* pkey, WOLFSSL_RSA* key) +{ + if (pkey == NULL || key == NULL) + return WOLFSSL_FAILURE; + + pkey->type = EVP_PKEY_RSA; + pkey->rsa = key; + pkey->ownRsa = 1; + + /* try and populate public pkey_sz and pkey.ptr */ + if (key->internal) { + RsaKey* rsa = (RsaKey*)key->internal; + int ret = wc_RsaPublicKeyDerSize(rsa, 1); + if (ret > 0) { + int derSz = ret; + char* derBuf = (char*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (derBuf) { + ret = wc_RsaKeyToPublicDer(rsa, (byte*)derBuf, derSz); + if (ret >= 0) { + pkey->pkey_sz = ret; + pkey->pkey.ptr = derBuf; + } + else { /* failure - okay to ignore */ + XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + derBuf = NULL; + } + } + } + } + + return WOLFSSL_SUCCESS; +} +#endif /* !NO_RSA */ + +#ifndef NO_DSA +int wolfSSL_EVP_PKEY_assign_DSA(EVP_PKEY* pkey, WOLFSSL_DSA* key) +{ + if (pkey == NULL || key == NULL) + return WOLFSSL_FAILURE; + + pkey->type = EVP_PKEY_DSA; + pkey->dsa = key; + pkey->ownDsa = 1; + + return WOLFSSL_SUCCESS; +} +#endif /* !NO_DSA */ + +#ifndef NO_DH +int wolfSSL_EVP_PKEY_assign_DH(EVP_PKEY* pkey, WOLFSSL_DH* key) +{ + if (pkey == NULL || key == NULL) + return WOLFSSL_FAILURE; + + pkey->type = EVP_PKEY_DH; + pkey->dh = key; + pkey->ownDh = 1; + + return WOLFSSL_SUCCESS; +} +#endif /* !NO_DH */ + +#endif /* OPENSSL_EXTRA */ + +#ifdef OPENSSL_EXTRA_X509_SMALL + +WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new(void){ + return wolfSSL_EVP_PKEY_new_ex(NULL); +} + + +WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_ex(void* heap) +{ + WOLFSSL_EVP_PKEY* pkey; + int ret; + WOLFSSL_ENTER("wolfSSL_EVP_PKEY_new"); + pkey = (WOLFSSL_EVP_PKEY*)XMALLOC(sizeof(WOLFSSL_EVP_PKEY), heap, + DYNAMIC_TYPE_PUBLIC_KEY); + if (pkey != NULL) { + XMEMSET(pkey, 0, sizeof(WOLFSSL_EVP_PKEY)); + pkey->heap = heap; + pkey->type = WOLFSSL_EVP_PKEY_DEFAULT; +#ifndef HAVE_FIPS + ret = wc_InitRng_ex(&pkey->rng, heap, INVALID_DEVID); +#else + ret = wc_InitRng(&pkey->rng); +#endif + if (ret != 0){ + wolfSSL_EVP_PKEY_free(pkey); + WOLFSSL_MSG("memory failure"); + return NULL; + } + pkey->references = 1; + wc_InitMutex(&pkey->refMutex); + } + else { + WOLFSSL_MSG("memory failure"); + } + + return pkey; +} + +void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY* key) +{ + int doFree = 0; + WOLFSSL_ENTER("wolfSSL_EVP_PKEY_free"); + if (key != NULL) { + if (wc_LockMutex(&key->refMutex) != 0) { + WOLFSSL_MSG("Couldn't lock pkey mutex"); + } + + /* only free if all references to it are done */ + key->references--; + if (key->references == 0) { + doFree = 1; + } + wc_UnLockMutex(&key->refMutex); + + if (doFree) { + wc_FreeRng(&key->rng); + + if (key->pkey.ptr != NULL) { + XFREE(key->pkey.ptr, key->heap, DYNAMIC_TYPE_PUBLIC_KEY); + key->pkey.ptr = NULL; + } + switch(key->type) + { + #ifndef NO_RSA + case EVP_PKEY_RSA: + if (key->rsa != NULL && key->ownRsa == 1) { + wolfSSL_RSA_free(key->rsa); + key->rsa = NULL; + } + break; + #endif /* NO_RSA */ + + #ifdef HAVE_ECC + case EVP_PKEY_EC: + if (key->ecc != NULL && key->ownEcc == 1) { + wolfSSL_EC_KEY_free(key->ecc); + key->ecc = NULL; + } + break; + #endif /* HAVE_ECC */ + + #ifndef NO_DSA + case EVP_PKEY_DSA: + if (key->dsa != NULL && key->ownDsa == 1) { + wolfSSL_DSA_free(key->dsa); + key->dsa = NULL; + } + break; + #endif /* NO_DSA */ + + #if !defined(NO_DH) && (defined(WOLFSSL_QT) || defined(OPENSSL_ALL)) + case EVP_PKEY_DH: + if (key->dh != NULL && key->ownDh == 1) { + wolfSSL_DH_free(key->dh); + key->dh = NULL; + } + break; + #endif /* ! NO_DH ... */ + + default: + break; + } + + if (wc_FreeMutex(&key->refMutex) != 0) { + WOLFSSL_MSG("Couldn't free pkey mutex"); + } + XFREE(key, key->heap, DYNAMIC_TYPE_PUBLIC_KEY); + } + } +} + +#endif /* OPENSSL_EXTRA_X509_SMALL */ #endif /* WOLFSSL_EVP_INCLUDED */ diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index 24548f63e4..087807b71e 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -207,8 +207,7 @@ int wolfCrypt_Init(void) WOLFSSL_MSG("Using AF_ALG for crypto acceleration"); #endif - #if !defined(WOLFCRYPT_ONLY) && \ - ( defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) ) + #if !defined(WOLFCRYPT_ONLY) && defined(OPENSSL_EXTRA) wolfSSL_EVP_init(); #endif diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index fa80b1bff6..5c94d67ff5 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -16758,8 +16758,8 @@ int openssl_pkey0_test(void) } keySz = (size_t)RSA_size(pubRsa); - prvPkey = wolfSSL_PKEY_new(); - pubPkey = wolfSSL_PKEY_new(); + prvPkey = wolfSSL_EVP_PKEY_new(); + pubPkey = wolfSSL_EVP_PKEY_new(); if((prvPkey == NULL) || (pubPkey == NULL)){ printf("error with PKEY_new\n"); ret = ERR_BASE_PKEY-13; @@ -17140,8 +17140,8 @@ int openssl_evpSig_test(void) return ERR_BASE_EVPSIG-6; } - prvPkey = wolfSSL_PKEY_new(); - pubPkey = wolfSSL_PKEY_new(); + prvPkey = wolfSSL_EVP_PKEY_new(); + pubPkey = wolfSSL_EVP_PKEY_new(); if((prvPkey == NULL) || (pubPkey == NULL)){ XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 7c2c6571fb..7c08f7be34 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -4553,6 +4553,15 @@ enum encrypt_side { WOLFSSL_LOCAL int SetKeysSide(WOLFSSL*, enum encrypt_side); +/* Set*Internal and Set*External functions */ +WOLFSSL_LOCAL int SetDsaInternal(WOLFSSL_DSA* dsa); +WOLFSSL_LOCAL int SetDsaExternal(WOLFSSL_DSA* dsa); +#ifndef HAVE_USER_RSA +WOLFSSL_LOCAL int SetRsaExternal(WOLFSSL_RSA* rsa); +WOLFSSL_LOCAL int SetRsaInternal(WOLFSSL_RSA* rsa); +#endif +WOLFSSL_LOCAL int SetDhInternal(WOLFSSL_DH* dh); +WOLFSSL_LOCAL int SetDhExternal(WOLFSSL_DH *dh); #ifndef NO_DH WOLFSSL_LOCAL int DhGenKeyPair(WOLFSSL* ssl, DhKey* dhKey, diff --git a/wolfssl/openssl/dh.h b/wolfssl/openssl/dh.h index d206d6cc01..0a23b8f366 100644 --- a/wolfssl/openssl/dh.h +++ b/wolfssl/openssl/dh.h @@ -64,7 +64,6 @@ WOLFSSL_API int wolfSSL_DH_size(WOLFSSL_DH*); WOLFSSL_API int wolfSSL_DH_generate_key(WOLFSSL_DH*); WOLFSSL_API int wolfSSL_DH_compute_key(unsigned char* key, WOLFSSL_BIGNUM* pub, WOLFSSL_DH*); -WOLFSSL_API int SetDhExternal(WOLFSSL_DH *dh); WOLFSSL_API int wolfSSL_DH_LoadDer(WOLFSSL_DH*, const unsigned char*, int sz); WOLFSSL_API int wolfSSL_DH_set0_pqg(WOLFSSL_DH*, WOLFSSL_BIGNUM*, WOLFSSL_BIGNUM*, WOLFSSL_BIGNUM*); diff --git a/wolfssl/openssl/evp.h b/wolfssl/openssl/evp.h index 1a3da097fa..8aca5382a9 100644 --- a/wolfssl/openssl/evp.h +++ b/wolfssl/openssl/evp.h @@ -543,6 +543,7 @@ WOLFSSL_API int wolfSSL_EVP_PKEY_encrypt(WOLFSSL_EVP_PKEY_CTX *ctx, const unsigned char *in, size_t inlen); WOLFSSL_API int wolfSSL_EVP_PKEY_encrypt_init(WOLFSSL_EVP_PKEY_CTX *ctx); WOLFSSL_API WOLFSSL_EVP_PKEY *wolfSSL_EVP_PKEY_new(void); +WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_ex(void* heap); WOLFSSL_API void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY*); WOLFSSL_API int wolfSSL_EVP_PKEY_size(WOLFSSL_EVP_PKEY *pkey); WOLFSSL_API int wolfSSL_EVP_PKEY_missing_parameters(WOLFSSL_EVP_PKEY *pkey); @@ -602,6 +603,10 @@ WOLFSSL_API int wolfSSL_PKCS5_PBKDF2_HMAC(const char *pass, int passlen, int saltlen, int iter, const WOLFSSL_EVP_MD *digest, int keylen, unsigned char *out); + +WOLFSSL_LOCAL int wolfSSL_EVP_get_hashinfo(const WOLFSSL_EVP_MD* evp, + int* pHash, int* pHashSz); + #define EVP_CIPH_STREAM_CIPHER WOLFSSL_EVP_CIPH_STREAM_CIPHER #define EVP_CIPH_ECB_MODE WOLFSSL_EVP_CIPH_ECB_MODE #define EVP_CIPH_CBC_MODE WOLFSSL_EVP_CIPH_CBC_MODE @@ -763,6 +768,7 @@ typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX; #define EVP_PKEY_assign_EC_KEY wolfSSL_EVP_PKEY_assign_EC_KEY #define EVP_PKEY_get1_DSA wolfSSL_EVP_PKEY_get1_DSA #define EVP_PKEY_set1_DSA wolfSSL_EVP_PKEY_set1_DSA +#define EVP_PKEY_get0_RSA wolfSSL_EVP_PKEY_get0_RSA #define EVP_PKEY_get1_RSA wolfSSL_EVP_PKEY_get1_RSA #define EVP_PKEY_set1_RSA wolfSSL_EVP_PKEY_set1_RSA #define EVP_PKEY_set1_EC_KEY wolfSSL_EVP_PKEY_set1_EC_KEY @@ -788,7 +794,7 @@ typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX; #define EVP_PKEY_decrypt_init wolfSSL_EVP_PKEY_decrypt_init #define EVP_PKEY_encrypt wolfSSL_EVP_PKEY_encrypt #define EVP_PKEY_encrypt_init wolfSSL_EVP_PKEY_encrypt_init -#define EVP_PKEY_new wolfSSL_PKEY_new +#define EVP_PKEY_new wolfSSL_EVP_PKEY_new #define EVP_PKEY_free wolfSSL_EVP_PKEY_free #define EVP_PKEY_up_ref wolfSSL_EVP_PKEY_up_ref #define EVP_PKEY_size wolfSSL_EVP_PKEY_size @@ -875,6 +881,25 @@ typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX; #define EVP_MAX_IV_LENGTH 16 #endif + +#define EVP_R_BAD_DECRYPT (-MIN_CODE_E + 100 + 1) +#define EVP_R_BN_DECODE_ERROR (-MIN_CODE_E + 100 + 2) +#define EVP_R_DECODE_ERROR (-MIN_CODE_E + 100 + 3) +#define EVP_R_PRIVATE_KEY_DECODE_ERROR (-MIN_CODE_E + 100 + 4) + +#define EVP_PKEY_NONE NID_undef +#define EVP_PKEY_RSA 6 +#define EVP_PKEY_RSA2 19 +#define EVP_PKEY_DH 28 +#define EVP_CIPHER_mode WOLFSSL_CIPHER_mode +/* WOLFSSL_EVP_CIPHER is just the string name of the cipher */ +#define EVP_CIPHER_name(x) x +#define EVP_MD_CTX_reset wolfSSL_EVP_MD_CTX_cleanup +/* WOLFSSL_EVP_MD is just the string name of the digest */ +#define EVP_MD_name(x) x +#define EVP_CIPHER_nid wolfSSL_EVP_CIPHER_nid + + WOLFSSL_API void printPKEY(WOLFSSL_EVP_PKEY *k); #ifdef __cplusplus diff --git a/wolfssl/openssl/rsa.h b/wolfssl/openssl/rsa.h index 6db3173b2d..a3fd4edbbf 100644 --- a/wolfssl/openssl/rsa.h +++ b/wolfssl/openssl/rsa.h @@ -157,7 +157,6 @@ WOLFSSL_API int wolfSSL_RSA_set_ex_data(WOLFSSL_RSA *rsa, int idx, void *data); #define RSA_sign wolfSSL_RSA_sign #define RSA_verify wolfSSL_RSA_verify #define RSA_public_decrypt wolfSSL_RSA_public_decrypt -#define EVP_PKEY_get0_RSA wolfSSL_EVP_PKEY_get0_RSA #define RSA_meth_new wolfSSL_RSA_meth_new #define RSA_meth_free wolfSSL_RSA_meth_free diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 25181c6cb5..00eefa5c09 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -1114,11 +1114,6 @@ enum { #define PEM_R_BAD_PASSWORD_READ (-MIN_CODE_E + 3) #define PEM_R_BAD_DECRYPT (-MIN_CODE_E + 4) -#define EVP_R_BAD_DECRYPT (-MIN_CODE_E + 100 + 1) -#define EVP_R_BN_DECODE_ERROR (-MIN_CODE_E + 100 + 2) -#define EVP_R_DECODE_ERROR (-MIN_CODE_E + 100 + 3) -#define EVP_R_PRIVATE_KEY_DECODE_ERROR (-MIN_CODE_E + 100 + 4) - #define ERR_LIB_PEM 9 #define ERR_LIB_X509 10 #define ERR_LIB_EVP 11 @@ -1205,10 +1200,6 @@ enum { #define SSL_get0_param wolfSSL_get0_param #define ERR_NUM_ERRORS 16 -#define EVP_PKEY_NONE NID_undef -#define EVP_PKEY_RSA 6 -#define EVP_PKEY_RSA2 19 -#define EVP_PKEY_DH 28 #define SN_pkcs9_emailAddress "Email" #define LN_pkcs9_emailAddress "emailAddress" #define NID_pkcs9_emailAddress 48 @@ -1229,19 +1220,12 @@ enum { #define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) #define TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9) -#define EVP_CIPHER_mode WOLFSSL_CIPHER_mode -/* WOLFSSL_EVP_CIPHER is just the string name of the cipher */ -#define EVP_CIPHER_name(x) x -#define EVP_MD_CTX_reset wolfSSL_EVP_MD_CTX_cleanup -/* WOLFSSL_EVP_MD is just the string name of the digest */ -#define EVP_MD_name(x) x #define X509_STORE_get0_objects wolfSSL_X509_STORE_get0_objects #define sk_X509_OBJECT_num wolfSSL_sk_X509_OBJECT_num #define sk_X509_OBJECT_value wolfSSL_sk_X509_OBJECT_value #define sk_X509_OBJECT_delete wolfSSL_sk_X509_OBJECT_delete #define X509_OBJECT_free wolfSSL_X509_OBJECT_free #define X509_OBJECT_get_type(x) 0 -#define EVP_CIPHER_nid wolfSSL_EVP_CIPHER_nid #define OpenSSL_version(x) wolfSSL_lib_version() diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index bd97ac23e9..7ab1a15e5c 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1165,7 +1165,7 @@ WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get1_session(WOLFSSL* ssl); /* what's ref count */ WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_new(void); -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) +#if defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_ALL) WOLFSSL_API int wolfSSL_RSA_up_ref(WOLFSSL_RSA* rsa); WOLFSSL_API int wolfSSL_X509_up_ref(WOLFSSL_X509* x509); WOLFSSL_API int wolfSSL_EVP_PKEY_up_ref(WOLFSSL_EVP_PKEY* pkey); @@ -1420,8 +1420,6 @@ WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_EVP(WOLFSSL_EVP_PKEY** key, unsigned char** in, long inSz); WOLFSSL_API int wolfSSL_i2d_PrivateKey(WOLFSSL_EVP_PKEY* key, unsigned char** der); -WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_PKEY_new_ex(void* heap); -WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_PKEY_new(void); WOLFSSL_API int wolfSSL_X509_cmp_current_time(const WOLFSSL_ASN1_TIME*); #ifdef OPENSSL_EXTRA WOLFSSL_API int wolfSSL_X509_cmp_time(const WOLFSSL_ASN1_TIME* asnTime,