diff --git a/configure.ac b/configure.ac index bfe400287c..59ae80a721 100644 --- a/configure.ac +++ b/configure.ac @@ -511,9 +511,14 @@ fi if test "$ENABLED_OPENSSLEXTRA" = "yes" && test "$ENABLED_SMALL" = "yes" then - AC_MSG_ERROR([cannot enable small and opensslextra, only one or the other.]) + AC_MSG_ERROR([cannot enable small and opensslextra, only one or the other.]) fi +if test "$ENABLED_OPENSSLEXTRA" = "x509small" +then + AC_MSG_NOTICE([Enabling only a subset of X509 opensslextra]) + AM_CFLAGS="-DOPENSSL_EXTRA_X509_SMALL" +fi # High Strength Build AC_ARG_ENABLE([maxstrength], diff --git a/src/internal.c b/src/internal.c index c462742fbb..ad4c8651f3 100644 --- a/src/internal.c +++ b/src/internal.c @@ -2750,7 +2750,7 @@ void InitX509Name(WOLFSSL_X509_NAME* name, int dynamicFlag) if (name != NULL) { name->name = name->staticName; name->dynamicName = 0; -#ifdef OPENSSL_EXTRA +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) XMEMSET(&name->fullName, 0, sizeof(DecodedName)); XMEMSET(&name->cnEntry, 0, sizeof(WOLFSSL_X509_NAME_ENTRY)); XMEMSET(&name->extra, 0, sizeof(name->extra)); @@ -2767,7 +2767,7 @@ void FreeX509Name(WOLFSSL_X509_NAME* name, void* heap) if (name != NULL) { if (name->dynamicName) XFREE(name->name, heap, DYNAMIC_TYPE_SUBJECT_CN); -#ifdef OPENSSL_EXTRA +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) { int i; if (name->fullName.fullName != NULL) { @@ -2781,7 +2781,7 @@ void FreeX509Name(WOLFSSL_X509_NAME* name, void* heap) } } } -#endif /* OPENSSL_EXTRA */ +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ } (void)heap; } @@ -2800,40 +2800,7 @@ void InitX509(WOLFSSL_X509* x509, int dynamicFlag, void* heap) x509->heap = heap; InitX509Name(&x509->issuer, 0); InitX509Name(&x509->subject, 0); - x509->version = 0; - x509->pubKey.buffer = NULL; - x509->sig.buffer = NULL; - x509->derCert = NULL; - x509->altNames = NULL; - x509->altNamesNext = NULL; x509->dynamicMemory = (byte)dynamicFlag; - x509->isCa = 0; -#ifdef HAVE_ECC - x509->pkCurveOID = 0; -#endif /* HAVE_ECC */ -#ifdef OPENSSL_EXTRA - x509->pathLength = 0; - x509->basicConstSet = 0; - x509->basicConstCrit = 0; - x509->basicConstPlSet = 0; - x509->subjAltNameSet = 0; - x509->subjAltNameCrit = 0; - x509->authKeyIdSet = 0; - x509->authKeyIdCrit = 0; - x509->authKeyId = NULL; - x509->authKeyIdSz = 0; - x509->subjKeyIdSet = 0; - x509->subjKeyIdCrit = 0; - x509->subjKeyId = NULL; - x509->subjKeyIdSz = 0; - x509->keyUsageSet = 0; - x509->keyUsageCrit = 0; - x509->keyUsage = 0; - #ifdef WOLFSSL_SEP - x509->certPolicySet = 0; - x509->certPolicyCrit = 0; - #endif /* WOLFSSL_SEP */ -#endif /* OPENSSL_EXTRA */ } @@ -2849,7 +2816,7 @@ void FreeX509(WOLFSSL_X509* x509) XFREE(x509->pubKey.buffer, x509->heap, DYNAMIC_TYPE_PUBLIC_KEY); FreeDer(&x509->derCert); XFREE(x509->sig.buffer, x509->heap, DYNAMIC_TYPE_SIGNATURE); - #ifdef OPENSSL_EXTRA + #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) XFREE(x509->authKeyId, x509->heap, DYNAMIC_TYPE_X509_EXT); XFREE(x509->subjKeyId, x509->heap, DYNAMIC_TYPE_X509_EXT); if (x509->authInfo != NULL) { @@ -2858,7 +2825,7 @@ void FreeX509(WOLFSSL_X509* x509) if (x509->extKeyUsageSrc != NULL) { XFREE(x509->extKeyUsageSrc, x509->heap, DYNAMIC_TYPE_X509_EXT); } - #endif /* OPENSSL_EXTRA */ + #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ if (x509->altNames) FreeAltNames(x509->altNames, x509->heap); } @@ -7509,7 +7476,8 @@ static void AddSessionCertToChain(WOLFSSL_X509_CHAIN* chain, } #endif -#if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) +#if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) || \ + defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) /* Copy parts X509 needs from Decoded cert, 0 on success */ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) { @@ -7524,7 +7492,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) XSTRNCPY(x509->issuer.name, dCert->issuer, ASN_NAME_MAX); x509->issuer.name[ASN_NAME_MAX - 1] = '\0'; x509->issuer.sz = (int)XSTRLEN(x509->issuer.name) + 1; -#ifdef OPENSSL_EXTRA +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) if (dCert->issuerName.fullName != NULL) { XMEMCPY(&x509->issuer.fullName, &dCert->issuerName, sizeof(DecodedName)); @@ -7536,12 +7504,12 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) dCert->issuerName.fullName, dCert->issuerName.fullNameLen); } x509->issuer.x509 = x509; -#endif /* OPENSSL_EXTRA */ +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ XSTRNCPY(x509->subject.name, dCert->subject, ASN_NAME_MAX); x509->subject.name[ASN_NAME_MAX - 1] = '\0'; x509->subject.sz = (int)XSTRLEN(x509->subject.name) + 1; -#ifdef OPENSSL_EXTRA +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) if (dCert->subjectName.fullName != NULL) { XMEMCPY(&x509->subject.fullName, &dCert->subjectName, sizeof(DecodedName)); @@ -7552,7 +7520,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) dCert->subjectName.fullName, dCert->subjectName.fullNameLen); } x509->subject.x509 = x509; -#endif /* OPENSSL_EXTRA */ +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ #ifdef WOLFSSL_NGINX XMEMCPY(x509->subject.raw, dCert->subjectRaw, dCert->subjectRawLen); x509->subject.rawLen = dCert->subjectRawLen; @@ -7647,7 +7615,8 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) dCert->weOwnAltNames = 0; x509->altNamesNext = x509->altNames; /* index hint */ -#if defined(OPENSSL_EXTRA) && !defined(IGNORE_NAME_CONSTRAINTS) +#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ + !defined(IGNORE_NAME_CONSTRAINTS) /* add copies of alternate emails from dCert to X509 */ if (dCert->altEmailNames != NULL) { DNS_entry* cur = dCert->altEmailNames; @@ -7682,10 +7651,10 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) cur = cur->next; } } -#endif +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ x509->isCa = dCert->isCA; -#ifdef OPENSSL_EXTRA +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) x509->pathLength = dCert->pathLength; x509->keyUsage = dCert->extKeyUsage; @@ -7766,7 +7735,7 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) x509->certPoliciesNb = dCert->extCertPoliciesNb; } #endif /* WOLFSSL_CERT_EXT */ -#endif /* OPENSSL_EXTRA */ +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ #ifdef HAVE_ECC x509->pkCurveOID = dCert->pkCurveOID; #endif /* HAVE_ECC */ @@ -7800,7 +7769,7 @@ typedef struct ProcPeerCertArgs { #ifdef WOLFSSL_TRUST_PEER_CERT byte haveTrustPeer; /* was cert verified by loaded trusted peer cert */ #endif -#ifdef OPENSSL_EXTRA +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) char untrustedDepth; #endif } ProcPeerCertArgs; diff --git a/src/ssl.c b/src/ssl.c index fb4bb034fa..53f905de04 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -2643,7 +2643,7 @@ int wolfSSL_want_write(WOLFSSL* ssl) char* wolfSSL_ERR_error_string(unsigned long errNumber, char* data) { - static const char* msg = "Please supply a buffer for error string"; + static const char* const msg = "Please supply a buffer for error string"; WOLFSSL_ENTER("ERR_error_string"); if (data) { @@ -3193,17 +3193,35 @@ static struct cipher{ } cipher_tbl[] = { #ifndef NO_AES + #ifdef WOLFSSL_AES_128 {AES_128_CBC_TYPE, "AES-128-CBC"}, + #endif + #ifdef WOLFSSL_AES_192 {AES_192_CBC_TYPE, "AES-192-CBC"}, + #endif + #ifdef WOLFSSL_AES_256 {AES_256_CBC_TYPE, "AES-256-CBC"}, + #endif #if defined(OPENSSL_EXTRA) + #ifdef WOLFSSL_AES_128 {AES_128_CTR_TYPE, "AES-128-CTR"}, + #endif + #ifdef WOLFSSL_AES_192 {AES_192_CTR_TYPE, "AES-192-CTR"}, + #endif + #ifdef WOLFSSL_AES_256 {AES_256_CTR_TYPE, "AES-256-CTR"}, + #endif + #ifdef WOLFSSL_AES_128 {AES_128_ECB_TYPE, "AES-128-ECB"}, + #endif + #ifdef WOLFSSL_AES_192 {AES_192_ECB_TYPE, "AES-192-ECB"}, + #endif + #ifdef WOLFSSL_AES_256 {AES_256_ECB_TYPE, "AES-256-ECB"}, + #endif #endif #endif @@ -3234,6 +3252,7 @@ const WOLFSSL_EVP_CIPHER *wolfSSL_EVP_get_cipherbyname(const char *name) const char *alias; } alias_tbl[] = { +#ifndef NO_DES3 {"DES-CBC", "DES"}, {"DES-CBC", "des"}, {"DES-ECB", "DES-ECB"}, @@ -3243,21 +3262,42 @@ const WOLFSSL_EVP_CIPHER *wolfSSL_EVP_get_cipherbyname(const char *name) {"DES-EDE3-ECB", "DES-EDE3"}, {"DES-EDE3-ECB", "des-ede3"}, {"DES-EDE3-ECB", "des-ede3-ecb"}, +#endif +#ifdef HAVE_IDEA {"IDEA-CBC", "IDEA"}, {"IDEA-CBC", "idea"}, - {"AES-128-CBC", "AES128-ECB"}, - {"AES-128-CBC", "aes128-ecb"}, - {"AES-192-CBC", "AES192-ECB"}, - {"AES-192-CBC", "aes192-ecb"}, - {"AES-256-CBC", "AES256-ECB"}, - {"AES-256-CBC", "aes256-ecb"}, +#endif +#ifndef NO_AES + #ifdef HAVE_AES_CBC + #ifdef WOLFSSL_AES_128 + {"AES-128-CBC", "AES128-CBC"}, + {"AES-128-CBC", "aes128-cbc"}, + #endif + #ifdef WOLFSSL_AES_192 + {"AES-192-CBC", "AES192-CBC"}, + {"AES-192-CBC", "aes192-cbc"}, + #endif + #ifdef WOLFSSL_AES_256 + {"AES-256-CBC", "AES256-CBC"}, + {"AES-256-CBC", "aes256-cbc"}, + #endif + #endif + #ifdef WOLFSSL_AES_128 {"AES-128-ECB", "AES128-ECB"}, {"AES-128-ECB", "aes128-ecb"}, + #endif + #ifdef WOLFSSL_AES_192 {"AES-192-ECB", "AES192-ECB"}, {"AES-192-ECB", "aes192-ecb"}, + #endif + #ifdef WOLFSSL_AES_256 {"AES-256-ECB", "AES256-ECB"}, {"AES-256-EBC", "aes256-ecb"}, + #endif +#endif +#ifndef NO_RC4 {"ARC4", "RC4"}, +#endif { NULL, NULL} }; @@ -3295,24 +3335,48 @@ const WOLFSSL_EVP_CIPHER *wolfSSL_EVP_get_cipherbynid(int id) #if defined(OPENSSL_EXTRA) #ifndef NO_AES + #ifdef HAVE_AES_CBC + #ifdef WOLFSSL_AES_128 case NID_aes_128_cbc: return wolfSSL_EVP_aes_128_cbc(); + #endif + #ifdef WOLFSSL_AES_192 case NID_aes_192_cbc: return wolfSSL_EVP_aes_192_cbc(); + #endif + #ifdef WOLFSSL_AES_256 case NID_aes_256_cbc: return wolfSSL_EVP_aes_256_cbc(); + #endif + #endif + #ifdef WOLFSSL_AES_COUNTER + #ifdef WOLFSSL_AES_128 case NID_aes_128_ctr: return wolfSSL_EVP_aes_128_ctr(); + #endif + #ifdef WOLFSSL_AES_192 case NID_aes_192_ctr: return wolfSSL_EVP_aes_192_ctr(); + #endif + #ifdef WOLFSSL_AES_256 case NID_aes_256_ctr: return wolfSSL_EVP_aes_256_ctr(); + #endif + #endif /* WOLFSSL_AES_COUNTER */ + #ifdef HAVE_AES_ECB + #ifdef WOLFSSL_AES_128 case NID_aes_128_ecb: return wolfSSL_EVP_aes_128_ecb(); + #endif + #ifdef WOLFSSL_AES_192 case NID_aes_192_ecb: return wolfSSL_EVP_aes_192_ecb(); + #endif + #ifdef WOLFSSL_AES_256 case NID_aes_256_ecb: return wolfSSL_EVP_aes_256_ecb(); + #endif + #endif /* HAVE_AES_ECB */ #endif #ifndef NO_DES3 @@ -3344,17 +3408,37 @@ const WOLFSSL_EVP_CIPHER *wolfSSL_EVP_get_cipherbynid(int id) } #ifndef NO_AES -static char *EVP_AES_128_CBC; -static char *EVP_AES_192_CBC; -static char *EVP_AES_256_CBC; + #ifdef HAVE_AES_CBC + #ifdef WOLFSSL_AES_128 + static char *EVP_AES_128_CBC; + #endif + #ifdef WOLFSSL_AES_192 + static char *EVP_AES_192_CBC; + #endif + #ifdef WOLFSSL_AES_256 + static char *EVP_AES_256_CBC; + #endif + #endif /* HAVE_AES_CBC */ #if defined(OPENSSL_EXTRA) + #ifdef WOLFSSL_AES_128 static char *EVP_AES_128_CTR; + #endif + #ifdef WOLFSSL_AES_192 static char *EVP_AES_192_CTR; + #endif + #ifdef WOLFSSL_AES_256 static char *EVP_AES_256_CTR; + #endif + #ifdef WOLFSSL_AES_128 static char *EVP_AES_128_ECB; + #endif + #ifdef WOLFSSL_AES_192 static char *EVP_AES_192_ECB; + #endif + #ifdef WOLFSSL_AES_256 static char *EVP_AES_256_ECB; + #endif #endif static const int EVP_AES_SIZE = 11; #endif @@ -3379,18 +3463,38 @@ static const int EVP_IDEA_SIZE = 8; void wolfSSL_EVP_init(void) { #ifndef NO_AES - EVP_AES_128_CBC = (char *)EVP_get_cipherbyname("AES-128-CBC"); - EVP_AES_192_CBC = (char *)EVP_get_cipherbyname("AES-192-CBC"); - EVP_AES_256_CBC = (char *)EVP_get_cipherbyname("AES-256-CBC"); + #ifdef HAVE_AES_CBC + #ifdef WOLFSSL_AES_128 + EVP_AES_128_CBC = (char *)EVP_get_cipherbyname("AES-128-CBC"); + #endif + #ifdef WOLFSSL_AES_192 + EVP_AES_192_CBC = (char *)EVP_get_cipherbyname("AES-192-CBC"); + #endif + #ifdef WOLFSSL_AES_256 + EVP_AES_256_CBC = (char *)EVP_get_cipherbyname("AES-256-CBC"); + #endif + #endif /* HAVE_AES_CBC */ #if defined(OPENSSL_EXTRA) + #ifdef WOLFSSL_AES_128 EVP_AES_128_CTR = (char *)EVP_get_cipherbyname("AES-128-CTR"); + #endif + #ifdef WOLFSSL_AES_192 EVP_AES_192_CTR = (char *)EVP_get_cipherbyname("AES-192-CTR"); + #endif + #ifdef WOLFSSL_AES_256 EVP_AES_256_CTR = (char *)EVP_get_cipherbyname("AES-256-CTR"); + #endif + #ifdef WOLFSSL_AES_128 EVP_AES_128_ECB = (char *)EVP_get_cipherbyname("AES-128-ECB"); + #endif + #ifdef WOLFSSL_AES_192 EVP_AES_192_ECB = (char *)EVP_get_cipherbyname("AES-192-ECB"); + #endif + #ifdef WOLFSSL_AES_256 EVP_AES_256_ECB = (char *)EVP_get_cipherbyname("AES-256-ECB"); + #endif #endif #endif @@ -4421,15 +4525,23 @@ static int wolfssl_decrypt_buffer_key(DerBuffer* der, byte* password, key, info->iv); #endif /* NO_DES3 */ #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(HAVE_AES_DECRYPT) + #ifdef WOLFSSL_AES_128 if (XSTRNCMP(info->name, EVP_AES_128_CBC, EVP_AES_SIZE) == 0) ret = wc_AesCbcDecryptWithKey(der->buffer, der->buffer, der->length, key, AES_128_KEY_SIZE, info->iv); - else if (XSTRNCMP(info->name, EVP_AES_192_CBC, EVP_AES_SIZE) == 0) + else + #endif /* WOLFSSL_AES_128 */ + #ifdef WOLFSSL_AES_192 + if (XSTRNCMP(info->name, EVP_AES_192_CBC, EVP_AES_SIZE) == 0) ret = wc_AesCbcDecryptWithKey(der->buffer, der->buffer, der->length, key, AES_192_KEY_SIZE, info->iv); - else if (XSTRNCMP(info->name, EVP_AES_256_CBC, EVP_AES_SIZE) == 0) + else + #endif /* WOLFSSL_AES_192 */ + #ifdef WOLFSSL_AES_256 + if (XSTRNCMP(info->name, EVP_AES_256_CBC, EVP_AES_SIZE) == 0) ret = wc_AesCbcDecryptWithKey(der->buffer, der->buffer, der->length, key, AES_256_KEY_SIZE, info->iv); + #endif /* WOLFSSL_AES_256 */ #endif /* !NO_AES && HAVE_AES_CBC && HAVE_AES_DECRYPT */ #ifdef WOLFSSL_SMALL_STACK @@ -4491,24 +4603,36 @@ static int wolfssl_encrypt_buffer_key(byte* der, word32 derSz, byte* password, #endif /* NO_MD5 */ if (ret > 0) { - ret = WOLFSSL_BAD_FILE; /* Reset error return */ #ifndef NO_DES3 if (XSTRNCMP(info->name, EVP_DES_CBC, EVP_DES_SIZE) == 0) ret = wc_Des_CbcEncryptWithKey(der, der, derSz, key, info->iv); else if (XSTRNCMP(info->name, EVP_DES_EDE3_CBC, EVP_DES_EDE3_SIZE) == 0) ret = wc_Des3_CbcEncryptWithKey(der, der, derSz, key, info->iv); + else #endif /* NO_DES3 */ #ifndef NO_AES + #ifdef WOLFSSL_AES_128 if (XSTRNCMP(info->name, EVP_AES_128_CBC, EVP_AES_SIZE) == 0) ret = wc_AesCbcEncryptWithKey(der, der, derSz, key, AES_128_KEY_SIZE, info->iv); - else if (XSTRNCMP(info->name, EVP_AES_192_CBC, EVP_AES_SIZE) == 0) + else + #endif + #ifdef WOLFSSL_AES_192 + if (XSTRNCMP(info->name, EVP_AES_192_CBC, EVP_AES_SIZE) == 0) ret = wc_AesCbcEncryptWithKey(der, der, derSz, key, AES_192_KEY_SIZE, info->iv); - else if (XSTRNCMP(info->name, EVP_AES_256_CBC, EVP_AES_SIZE) == 0) + else + #endif + #ifdef WOLFSSL_AES_256 + if (XSTRNCMP(info->name, EVP_AES_256_CBC, EVP_AES_SIZE) == 0) ret = wc_AesCbcEncryptWithKey(der, der, derSz, key, AES_256_KEY_SIZE, info->iv); + else + #endif #endif /* NO_AES */ + { + ret = WOLFSSL_BAD_FILE; /* Reset error return */ + } } #ifdef WOLFSSL_SMALL_STACK @@ -4553,20 +4677,30 @@ int PemToDer(const unsigned char* buff, long longSz, int type, break; case CRL_TYPE: header=BEGIN_X509_CRL; footer=END_X509_CRL; break; +#ifndef NO_DH case DH_PARAM_TYPE: header=BEGIN_DH_PARAM; footer=END_DH_PARAM; break; +#endif +#ifndef NO_DSA case DSA_PARAM_TYPE: header=BEGIN_DSA_PARAM; footer=END_DSA_PARAM; break; +#endif +#ifdef WOLFSSL_CERT_REQ case CERTREQ_TYPE: header=BEGIN_CERT_REQ; footer=END_CERT_REQ; break; +#endif case DSA_TYPE: header=BEGIN_DSA_PRIV; footer=END_DSA_PRIV; break; +#ifdef HAVE_ECC case ECC_TYPE: header=BEGIN_EC_PRIV; footer=END_EC_PRIV; break; +#endif case RSA_TYPE: header=BEGIN_RSA_PRIV; footer=END_RSA_PRIV; break; +#ifdef HAVE_ED25519 case ED25519_TYPE: header=BEGIN_EDDSA_PRIV; footer=END_EDDSA_PRIV; break; +#endif case PUBLICKEY_TYPE: header=BEGIN_PUB_KEY; footer=END_PUB_KEY; break; default: header=BEGIN_RSA_PRIV; footer=END_RSA_PRIV; @@ -4579,18 +4713,29 @@ int PemToDer(const unsigned char* buff, long longSz, int type, if (headerEnd || type != PRIVATEKEY_TYPE) { break; - } else if (header == BEGIN_RSA_PRIV) { - header = BEGIN_PRIV_KEY; footer = END_PRIV_KEY; - } else if (header == BEGIN_PRIV_KEY) { - header = BEGIN_ENC_PRIV_KEY; footer = END_ENC_PRIV_KEY; - } else if (header == BEGIN_ENC_PRIV_KEY) { - header = BEGIN_EC_PRIV; footer = END_EC_PRIV; - } else if (header == BEGIN_EC_PRIV) { - header = BEGIN_DSA_PRIV; footer = END_DSA_PRIV; - } else if (header == BEGIN_DSA_PRIV) { - header = BEGIN_EDDSA_PRIV; footer = END_EDDSA_PRIV; } else + if (header == BEGIN_RSA_PRIV) { + header = BEGIN_PRIV_KEY; footer = END_PRIV_KEY; + } else + if (header == BEGIN_PRIV_KEY) { + header = BEGIN_ENC_PRIV_KEY; footer = END_ENC_PRIV_KEY; + } else +#ifdef HAVE_ECC + if (header == BEGIN_ENC_PRIV_KEY) { + header = BEGIN_EC_PRIV; footer = END_EC_PRIV; + } else + if (header == BEGIN_EC_PRIV) { + header = BEGIN_DSA_PRIV; footer = END_DSA_PRIV; + } else +#endif +#ifdef HAVE_ED25519 + if (header == BEGIN_DSA_PRIV) { + header = BEGIN_EDDSA_PRIV; footer = END_EDDSA_PRIV; + } else +#endif + { break; + } } if (!headerEnd) { @@ -4615,11 +4760,17 @@ int PemToDer(const unsigned char* buff, long longSz, int type, } if (type == PRIVATEKEY_TYPE) { - if (eccKey) + if (eccKey) { + #ifdef HAVE_ECC *eccKey = header == BEGIN_EC_PRIV; + #else + *eccKey = 0; + #endif + } } -#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ + defined(HAVE_WEBSERVER) { /* remove encrypted header if there */ const char* const encHeader = "Proc-Type"; @@ -4694,7 +4845,7 @@ int PemToDer(const unsigned char* buff, long longSz, int type, encrypted_key = 1; } } -#endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */ +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL || HAVE_WEBSERVER */ /* find footer */ footerEnd = XSTRNSTR((char*)buff, footer, sz); @@ -7617,16 +7768,25 @@ static int wolfSSL_EVP_Digest(unsigned char* in, int inSz, unsigned char* out, if (XSTRNCMP("SHA", evp, 3) == 0) { if (XSTRLEN(evp) > 3) { + #ifndef NO_SHA256 if (XSTRNCMP("SHA256", evp, 6) == 0) { hash = WC_HASH_TYPE_SHA256; } - else if (XSTRNCMP("SHA384", evp, 6) == 0) { + else + #endif + #ifdef WOLFSSL_SHA384 + if (XSTRNCMP("SHA384", evp, 6) == 0) { hash = WC_HASH_TYPE_SHA384; } - else if (XSTRNCMP("SHA512", evp, 6) == 0) { + else + #endif + #ifdef WOLFSSL_SHA512 + if (XSTRNCMP("SHA512", evp, 6) == 0) { hash = WC_HASH_TYPE_SHA512; } - else { + else + #endif + { WOLFSSL_MSG("Unknown SHA hash"); } } @@ -7634,15 +7794,21 @@ static int wolfSSL_EVP_Digest(unsigned char* in, int inSz, unsigned char* out, hash = WC_HASH_TYPE_SHA; } } +#ifdef WOLFSSL_MD2 else if (XSTRNCMP("MD2", evp, 3) == 0) { hash = WC_HASH_TYPE_MD2; } +#endif +#ifndef NO_MD4 else if (XSTRNCMP("MD4", evp, 3) == 0) { hash = WC_HASH_TYPE_MD4; } +#endif +#ifndef NO_MD5 else if (XSTRNCMP("MD5", evp, 3) == 0) { hash = WC_HASH_TYPE_MD5; } +#endif hashSz = wc_HashGetDigestSize(hash); if (hashSz < 0) { @@ -12426,19 +12592,29 @@ int wolfSSL_set_compression(WOLFSSL* ssl) else #endif /* NO_DES3 */ #ifndef NO_AES - if (XSTRNCMP(type, EVP_AES_128_CBC, EVP_AES_SIZE) == 0) { - keyLen = AES_128_KEY_SIZE; - ivLen = AES_IV_SIZE; - } - else if (XSTRNCMP(type, EVP_AES_192_CBC, EVP_AES_SIZE) == 0) { - keyLen = AES_192_KEY_SIZE; - ivLen = AES_IV_SIZE; - } - else if (XSTRNCMP(type, EVP_AES_256_CBC, EVP_AES_SIZE) == 0) { - keyLen = AES_256_KEY_SIZE; - ivLen = AES_IV_SIZE; - } - else + #ifdef HAVE_AES_CBC + #ifdef WOLFSSL_AES_128 + if (XSTRNCMP(type, EVP_AES_128_CBC, EVP_AES_SIZE) == 0) { + keyLen = AES_128_KEY_SIZE; + ivLen = AES_IV_SIZE; + } + else + #endif + #ifdef WOLFSSL_AES_192 + if (XSTRNCMP(type, EVP_AES_192_CBC, EVP_AES_SIZE) == 0) { + keyLen = AES_192_KEY_SIZE; + ivLen = AES_IV_SIZE; + } + else + #endif + #ifdef WOLFSSL_AES_256 + if (XSTRNCMP(type, EVP_AES_256_CBC, EVP_AES_SIZE) == 0) { + keyLen = AES_256_KEY_SIZE; + ivLen = AES_IV_SIZE; + } + else + #endif + #endif /* HAVE_AES_CBC */ #endif /* NO_AES */ { #ifdef WOLFSSL_SMALL_STACK @@ -13134,6 +13310,8 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) #ifndef NO_AES + #ifdef HAVE_AES_CBC + #ifdef WOLFSSL_AES_128 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cbc(void) { WOLFSSL_ENTER("wolfSSL_EVP_aes_128_cbc"); @@ -13141,8 +13319,10 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) wolfSSL_EVP_init(); return EVP_AES_128_CBC; } + #endif /* WOLFSSL_AES_128 */ + #ifdef WOLFSSL_AES_192 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_cbc(void) { WOLFSSL_ENTER("wolfSSL_EVP_aes_192_cbc"); @@ -13150,8 +13330,10 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) wolfSSL_EVP_init(); return EVP_AES_192_CBC; } + #endif /* WOLFSSL_AES_192 */ + #ifdef WOLFSSL_AES_256 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_cbc(void) { WOLFSSL_ENTER("wolfSSL_EVP_aes_256_cbc"); @@ -13159,8 +13341,11 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) wolfSSL_EVP_init(); return EVP_AES_256_CBC; } + #endif /* WOLFSSL_AES_256 */ + #endif /* HAVE_AES_CBC */ + #ifdef WOLFSSL_AES_128 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_ctr(void) { WOLFSSL_ENTER("wolfSSL_EVP_aes_128_ctr"); @@ -13168,8 +13353,10 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) wolfSSL_EVP_init(); return EVP_AES_128_CTR; } + #endif /* WOLFSSL_AES_2128 */ + #ifdef WOLFSSL_AES_192 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_ctr(void) { WOLFSSL_ENTER("wolfSSL_EVP_aes_192_ctr"); @@ -13177,8 +13364,10 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) wolfSSL_EVP_init(); return EVP_AES_192_CTR; } + #endif /* WOLFSSL_AES_192 */ + #ifdef WOLFSSL_AES_256 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_ctr(void) { WOLFSSL_ENTER("wolfSSL_EVP_aes_256_ctr"); @@ -13186,7 +13375,9 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) wolfSSL_EVP_init(); return EVP_AES_256_CTR; } + #endif /* WOLFSSL_AES_256 */ + #ifdef WOLFSSL_AES_128 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_ecb(void) { WOLFSSL_ENTER("wolfSSL_EVP_aes_128_ecb"); @@ -13194,8 +13385,10 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) wolfSSL_EVP_init(); return EVP_AES_128_ECB; } + #endif /* WOLFSSL_AES_128 */ + #ifdef WOLFSSL_AES_192 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_ecb(void) { WOLFSSL_ENTER("wolfSSL_EVP_aes_192_ecb"); @@ -13203,8 +13396,10 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) wolfSSL_EVP_init(); return EVP_AES_192_ECB; } + #endif /* WOLFSSL_AES_192*/ + #ifdef WOLFSSL_AES_256 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_ecb(void) { WOLFSSL_ENTER("wolfSSL_EVP_aes_256_ecb"); @@ -13212,6 +13407,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) wolfSSL_EVP_init(); return EVP_AES_256_ECB; } + #endif /* WOLFSSL_AES_256 */ #endif /* NO_AES */ #ifndef NO_DES3 @@ -13249,12 +13445,14 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) #endif #endif /* NO_DES3 */ +#ifndef NO_RC4 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_rc4(void) { static const char* type = "ARC4"; WOLFSSL_ENTER("wolfSSL_EVP_rc4"); return type; } +#endif #ifdef HAVE_IDEA const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_idea_cbc(void) @@ -13335,6 +13533,8 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) } ret = 0; #ifndef NO_AES + #ifdef HAVE_AES_CBC + #ifdef WOLFSSL_AES_128 if (ctx->cipherType == AES_128_CBC_TYPE || (type && XSTRNCMP(type, EVP_AES_128_CBC, EVP_AES_SIZE) == 0)) { WOLFSSL_MSG("EVP_AES_128_CBC"); @@ -13358,7 +13558,9 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) } ret = 0; } - else if (ctx->cipherType == AES_192_CBC_TYPE || + #endif /* WOLFSSL_AES_128 */ + #ifdef WOLFSSL_AES_192 + if (ctx->cipherType == AES_192_CBC_TYPE || (type && XSTRNCMP(type, EVP_AES_192_CBC, EVP_AES_SIZE) == 0)) { WOLFSSL_MSG("EVP_AES_192_CBC"); ctx->cipherType = AES_192_CBC_TYPE; @@ -13381,7 +13583,9 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) } ret = 0; } - else if (ctx->cipherType == AES_256_CBC_TYPE || + #endif /* WOLFSSL_AES_192 */ + #ifdef WOLFSSL_AES_256 + if (ctx->cipherType == AES_256_CBC_TYPE || (type && XSTRNCMP(type, EVP_AES_256_CBC, EVP_AES_SIZE) == 0)) { WOLFSSL_MSG("EVP_AES_256_CBC"); ctx->cipherType = AES_256_CBC_TYPE; @@ -13408,8 +13612,11 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) } ret = 0; } + #endif /* WOLFSSL_AES_256 */ + #endif /* HAVE_AES_CBC */ #ifdef WOLFSSL_AES_COUNTER - else if (ctx->cipherType == AES_128_CTR_TYPE || + #ifdef WOLFSSL_AES_128 + if (ctx->cipherType == AES_128_CTR_TYPE || (type && XSTRNCMP(type, EVP_AES_128_CTR, EVP_AES_SIZE) == 0)) { WOLFSSL_MSG("EVP_AES_128_CTR"); ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; @@ -13432,7 +13639,9 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) } ret = 0; } - else if (ctx->cipherType == AES_192_CTR_TYPE || + #endif /* WOLFSSL_AES_128 */ + #ifdef WOLFSSL_AES_192 + if (ctx->cipherType == AES_192_CTR_TYPE || (type && XSTRNCMP(type, EVP_AES_192_CTR, EVP_AES_SIZE) == 0)) { WOLFSSL_MSG("EVP_AES_192_CTR"); ctx->cipherType = AES_192_CTR_TYPE; @@ -13455,7 +13664,9 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) } ret = 0; } - else if (ctx->cipherType == AES_256_CTR_TYPE || + #endif /* WOLFSSL_AES_192 */ + #ifdef WOLFSSL_AES_256 + if (ctx->cipherType == AES_256_CTR_TYPE || (type && XSTRNCMP(type, EVP_AES_256_CTR, EVP_AES_SIZE) == 0)) { WOLFSSL_MSG("EVP_AES_256_CTR"); ctx->cipherType = AES_256_CTR_TYPE; @@ -13478,8 +13689,10 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) } ret = 0; } + #endif /* WOLFSSL_AES_256 */ #endif /* WOLFSSL_AES_CTR */ - else if (ctx->cipherType == AES_128_ECB_TYPE || + #ifdef WOLFSSL_AES_128 + if (ctx->cipherType == AES_128_ECB_TYPE || (type && XSTRNCMP(type, EVP_AES_128_ECB, EVP_AES_SIZE) == 0)) { WOLFSSL_MSG("EVP_AES_128_ECB"); ctx->cipherType = AES_128_ECB_TYPE; @@ -13497,7 +13710,9 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) return ret; ret = 0; } - else if (ctx->cipherType == AES_192_ECB_TYPE || + #endif /* WOLFSSL_AES_128 */ + #ifdef WOLFSSL_AES_192 + if (ctx->cipherType == AES_192_ECB_TYPE || (type && XSTRNCMP(type, EVP_AES_192_ECB, EVP_AES_SIZE) == 0)) { WOLFSSL_MSG("EVP_AES_192_ECB"); ctx->cipherType = AES_192_ECB_TYPE; @@ -13515,7 +13730,9 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) return ret; ret = 0; } - else if (ctx->cipherType == AES_256_ECB_TYPE || + #endif /* WOLFSSL_AES_192 */ + #ifdef WOLFSSL_AES_256 + if (ctx->cipherType == AES_256_ECB_TYPE || (type && XSTRNCMP(type, EVP_AES_256_ECB, EVP_AES_SIZE) == 0)) { WOLFSSL_MSG("EVP_AES_256_ECB"); ctx->cipherType = AES_256_ECB_TYPE; @@ -13533,6 +13750,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) return ret; ret = 0; } + #endif /* WOLFSSL_AES_256 */ #endif /* NO_AES */ #ifndef NO_DES3 @@ -14157,12 +14375,19 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) return NULL; /* no static buffer support */ } +#ifndef NO_MD5 if (XSTRNCMP(evp_md, "MD5", 3) == 0) type = WC_MD5; - else if (XSTRNCMP(evp_md, "SHA", 3) == 0) + else +#endif +#ifndef NO_SHA + if (XSTRNCMP(evp_md, "SHA", 3) == 0) type = WC_SHA; else +#endif + { return NULL; + } #ifdef WOLFSSL_SMALL_STACK hmac = (Hmac*)XMALLOC(sizeof(Hmac), heap, DYNAMIC_TYPE_HMAC); @@ -14188,6 +14413,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) XFREE(hmac, heap, DYNAMIC_TYPE_HMAC); #endif + (void)evp_md; return ret; } @@ -14820,7 +15046,8 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) #ifndef NO_CERTS -#if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) || defined(OPENSSL_EXTRA) +#if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) || \ + defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) /* user externally called free X509, if dynamic go ahead with free, otherwise * don't */ @@ -14837,16 +15064,110 @@ static void ExternalFreeX509(WOLFSSL_X509* x509) } } -#endif /* KEEP_PEER_CERT || SESSION_CERTS || OPENSSL_EXTRA */ +/* Frees an external WOLFSSL_X509 structure */ +void wolfSSL_X509_free(WOLFSSL_X509* x509) +{ + WOLFSSL_ENTER("wolfSSL_FreeX509"); + ExternalFreeX509(x509); +} -#if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) - void wolfSSL_FreeX509(WOLFSSL_X509* x509) - { - WOLFSSL_ENTER("wolfSSL_FreeX509"); - ExternalFreeX509(x509); +/* copy name into in buffer, at most sz bytes, if buffer is null will + malloc buffer, call responsible for freeing */ +char* wolfSSL_X509_NAME_oneline(WOLFSSL_X509_NAME* name, char* in, int sz) +{ + int copySz; + + if (name == NULL) { + WOLFSSL_MSG("WOLFSSL_X509_NAME pointer was NULL"); + return NULL; } + copySz = min(sz, name->sz); + + WOLFSSL_ENTER("wolfSSL_X509_NAME_oneline"); + if (!name->sz) return in; + + if (!in) { + #ifdef WOLFSSL_STATIC_MEMORY + WOLFSSL_MSG("Using static memory -- please pass in a buffer"); + return NULL; + #else + in = (char*)XMALLOC(name->sz, NULL, DYNAMIC_TYPE_OPENSSL); + if (!in ) return in; + copySz = name->sz; + #endif + } + + if (copySz <= 0) + return in; + + XMEMCPY(in, name->name, copySz - 1); + in[copySz - 1] = 0; + + return in; +} + + +/* Wraps wolfSSL_X509_d2i + * + * returns a WOLFSSL_X509 structure pointer on success and NULL on fail + */ +WOLFSSL_X509* wolfSSL_d2i_X509(WOLFSSL_X509** x509, const unsigned char** in, + int len) +{ + return wolfSSL_X509_d2i(x509, *in, len); +} + + +WOLFSSL_X509* wolfSSL_X509_d2i(WOLFSSL_X509** x509, const byte* in, int len) +{ + WOLFSSL_X509 *newX509 = NULL; + + WOLFSSL_ENTER("wolfSSL_X509_d2i"); + + if (in != NULL && len != 0) { + #ifdef WOLFSSL_SMALL_STACK + DecodedCert* cert = NULL; + #else + DecodedCert cert[1]; + #endif + + #ifdef WOLFSSL_SMALL_STACK + cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, + DYNAMIC_TYPE_DCERT); + if (cert == NULL) + return NULL; + #endif + + InitDecodedCert(cert, (byte*)in, len, NULL); + if (ParseCertRelative(cert, CERT_TYPE, 0, NULL) == 0) { + newX509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL, + DYNAMIC_TYPE_X509); + if (newX509 != NULL) { + InitX509(newX509, 1, NULL); + if (CopyDecodedToX509(newX509, cert) != 0) { + XFREE(newX509, NULL, DYNAMIC_TYPE_X509); + newX509 = NULL; + } + } + } + FreeDecodedCert(cert); + #ifdef WOLFSSL_SMALL_STACK + XFREE(cert, NULL, DYNAMIC_TYPE_DCERT); + #endif + } + + if (x509 != NULL) + *x509 = newX509; + + return newX509; +} + +#endif /* KEEP_PEER_CERT || SESSION_CERTS || OPENSSL_EXTRA || + OPENSSL_EXTRA_X509_SMALL */ + +#if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) /* return the next, if any, altname from the peer cert */ char* wolfSSL_X509_get_next_altname(WOLFSSL_X509* cert) { @@ -14868,24 +15189,6 @@ static void ExternalFreeX509(WOLFSSL_X509* x509) } - WOLFSSL_X509_NAME* wolfSSL_X509_get_issuer_name(WOLFSSL_X509* cert) - { - WOLFSSL_ENTER("X509_get_issuer_name"); - if (cert && cert->issuer.sz != 0) - return &cert->issuer; - return NULL; - } - - - WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name(WOLFSSL_X509* cert) - { - WOLFSSL_ENTER("wolfSSL_X509_get_subject_name"); - if (cert && cert->subject.sz != 0) - return &cert->subject; - return NULL; - } - - int wolfSSL_X509_get_isCA(WOLFSSL_X509* x509) { int isCA = 0; @@ -14901,7 +15204,1255 @@ static void ExternalFreeX509(WOLFSSL_X509* x509) } + + + + + + int wolfSSL_X509_get_signature(WOLFSSL_X509* x509, + unsigned char* buf, int* bufSz) + { + WOLFSSL_ENTER("wolfSSL_X509_get_signature"); + if (x509 == NULL || bufSz == NULL || *bufSz < (int)x509->sig.length) + return WOLFSSL_FATAL_ERROR; + + if (buf != NULL) + XMEMCPY(buf, x509->sig.buffer, x509->sig.length); + *bufSz = x509->sig.length; + + return WOLFSSL_SUCCESS; + } + + + /* write X509 serial number in unsigned binary to buffer + buffer needs to be at least EXTERNAL_SERIAL_SIZE (32) for all cases + return WOLFSSL_SUCCESS on success */ + int wolfSSL_X509_get_serial_number(WOLFSSL_X509* x509, + byte* in, int* inOutSz) + { + WOLFSSL_ENTER("wolfSSL_X509_get_serial_number"); + if (x509 == NULL || in == NULL || + inOutSz == NULL || *inOutSz < x509->serialSz) + return BAD_FUNC_ARG; + + XMEMCPY(in, x509->serial, x509->serialSz); + *inOutSz = x509->serialSz; + + return WOLFSSL_SUCCESS; + } + + + const byte* wolfSSL_X509_get_der(WOLFSSL_X509* x509, int* outSz) + { + WOLFSSL_ENTER("wolfSSL_X509_get_der"); + + if (x509 == NULL || x509->derCert == NULL || outSz == NULL) + return NULL; + + *outSz = (int)x509->derCert->length; + return x509->derCert->buffer; + } + + + int wolfSSL_X509_version(WOLFSSL_X509* x509) + { + WOLFSSL_ENTER("wolfSSL_X509_version"); + + if (x509 == NULL) + return 0; + + return x509->version; + } + + + const byte* wolfSSL_X509_notBefore(WOLFSSL_X509* x509) + { + WOLFSSL_ENTER("wolfSSL_X509_notBefore"); + + if (x509 == NULL) + return NULL; + + return x509->notBefore; + } + + + const byte* wolfSSL_X509_notAfter(WOLFSSL_X509* x509) + { + WOLFSSL_ENTER("wolfSSL_X509_notAfter"); + + if (x509 == NULL) + return NULL; + + return x509->notAfter; + } + + +#ifdef WOLFSSL_SEP + +/* copy oid into in buffer, at most *inOutSz bytes, if buffer is null will + malloc buffer, call responsible for freeing. Actual size returned in + *inOutSz. Requires inOutSz be non-null */ +byte* wolfSSL_X509_get_device_type(WOLFSSL_X509* x509, byte* in, int *inOutSz) +{ + int copySz; + + WOLFSSL_ENTER("wolfSSL_X509_get_dev_type"); + if (inOutSz == NULL) return NULL; + if (!x509->deviceTypeSz) return in; + + copySz = min(*inOutSz, x509->deviceTypeSz); + + if (!in) { + #ifdef WOLFSSL_STATIC_MEMORY + WOLFSSL_MSG("Using static memory -- please pass in a buffer"); + return NULL; + #else + in = (byte*)XMALLOC(x509->deviceTypeSz, 0, DYNAMIC_TYPE_OPENSSL); + if (!in) return in; + copySz = x509->deviceTypeSz; + #endif + } + + XMEMCPY(in, x509->deviceType, copySz); + *inOutSz = copySz; + + return in; +} + + +byte* wolfSSL_X509_get_hw_type(WOLFSSL_X509* x509, byte* in, int* inOutSz) +{ + int copySz; + + WOLFSSL_ENTER("wolfSSL_X509_get_hw_type"); + if (inOutSz == NULL) return NULL; + if (!x509->hwTypeSz) return in; + + copySz = min(*inOutSz, x509->hwTypeSz); + + if (!in) { + #ifdef WOLFSSL_STATIC_MEMORY + WOLFSSL_MSG("Using static memory -- please pass in a buffer"); + return NULL; + #else + in = (byte*)XMALLOC(x509->hwTypeSz, 0, DYNAMIC_TYPE_OPENSSL); + if (!in) return in; + copySz = x509->hwTypeSz; + #endif + } + + XMEMCPY(in, x509->hwType, copySz); + *inOutSz = copySz; + + return in; +} + + +byte* wolfSSL_X509_get_hw_serial_number(WOLFSSL_X509* x509,byte* in, + int* inOutSz) +{ + int copySz; + + WOLFSSL_ENTER("wolfSSL_X509_get_hw_serial_number"); + if (inOutSz == NULL) return NULL; + if (!x509->hwTypeSz) return in; + + copySz = min(*inOutSz, x509->hwSerialNumSz); + + if (!in) { + #ifdef WOLFSSL_STATIC_MEMORY + WOLFSSL_MSG("Using static memory -- please pass in a buffer"); + return NULL; + #else + in = (byte*)XMALLOC(x509->hwSerialNumSz, 0, DYNAMIC_TYPE_OPENSSL); + if (!in) return in; + copySz = x509->hwSerialNumSz; + #endif + } + + XMEMCPY(in, x509->hwSerialNum, copySz); + *inOutSz = copySz; + + return in; +} + +#endif /* WOLFSSL_SEP */ + +/* require OPENSSL_EXTRA since wolfSSL_X509_free is wrapped by OPENSSL_EXTRA */ +#if !defined(NO_CERTS) && defined(OPENSSL_EXTRA) +/* return 1 on success 0 on fail */ +int wolfSSL_sk_X509_push(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk, WOLFSSL_X509* x509) +{ + WOLFSSL_STACK* node; + + if (sk == NULL || x509 == NULL) { + return WOLFSSL_FAILURE; + } + + /* no previous values in stack */ + if (sk->data.x509 == NULL) { + sk->data.x509 = x509; + sk->num += 1; + return WOLFSSL_SUCCESS; + } + + /* stack already has value(s) create a new node and add more */ + node = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), NULL, + DYNAMIC_TYPE_X509); + if (node == NULL) { + WOLFSSL_MSG("Memory error"); + return WOLFSSL_FAILURE; + } + XMEMSET(node, 0, sizeof(WOLFSSL_STACK)); + + /* push new x509 onto head of stack */ + node->data.x509 = sk->data.x509; + node->next = sk->next; + sk->next = node; + sk->data.x509 = x509; + sk->num += 1; + + return WOLFSSL_SUCCESS; +} + + +WOLFSSL_X509* wolfSSL_sk_X509_pop(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk) { + WOLFSSL_STACK* node; + WOLFSSL_X509* x509; + + if (sk == NULL) { + return NULL; + } + + node = sk->next; + x509 = sk->data.x509; + + if (node != NULL) { /* update sk and remove node from stack */ + sk->data.x509 = node->data.x509; + sk->next = node->next; + XFREE(node, NULL, DYNAMIC_TYPE_X509); + } + else { /* last x509 in stack */ + sk->data.x509 = NULL; + } + + if (sk->num > 0) { + sk->num -= 1; + } + + return x509; +} + + +/* Getter function for WOLFSSL_X509_NAME pointer + * + * sk is the stack to retrieve pointer from + * i is the index value in stack + * + * returns a pointer to a WOLFSSL_X509_NAME structure on success and NULL on + * fail + */ +void* wolfSSL_sk_X509_NAME_value(const STACK_OF(WOLFSSL_X509_NAME)* sk, int i) +{ + WOLFSSL_ENTER("wolfSSL_sk_X509_NAME_value"); + + for (; sk != NULL && i > 0; i--) + sk = sk->next; + + if (i != 0 || sk == NULL) + return NULL; + return sk->data.name; +} + + +/* Getter function for WOLFSSL_X509 pointer + * + * sk is the stack to retrieve pointer from + * i is the index value in stack + * + * returns a pointer to a WOLFSSL_X509 structure on success and NULL on + * fail + */ +void* wolfSSL_sk_X509_value(STACK_OF(WOLFSSL_X509)* sk, int i) +{ + WOLFSSL_ENTER("wolfSSL_sk_X509_value"); + + for (; sk != NULL && i > 0; i--) + sk = sk->next; + + if (i != 0 || sk == NULL) + return NULL; + return sk->data.x509; +} + + +/* Free's all nodes in X509 stack. This is different then wolfSSL_sk_X509_free + * in that it allows for choosing the function to use when freeing an X509s. + * + * sk stack to free nodes in + * f X509 free function + */ +void wolfSSL_sk_X509_pop_free(STACK_OF(WOLFSSL_X509)* sk, void f (WOLFSSL_X509*)){ + WOLFSSL_STACK* node; + + WOLFSSL_ENTER("wolfSSL_sk_X509_pop_free"); + + if (sk == NULL) { + return; + } + + /* parse through stack freeing each node */ + node = sk->next; + while (sk->num > 1) { + WOLFSSL_STACK* tmp = node; + node = node->next; + + f(tmp->data.x509); + XFREE(tmp, NULL, DYNAMIC_TYPE_X509); + sk->num -= 1; + } + + /* free head of stack */ + if (sk->num == 1) { + f(sk->data.x509); + } + XFREE(sk, NULL, DYNAMIC_TYPE_X509); +} + + +/* free structure for x509 stack */ +void wolfSSL_sk_X509_free(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk) { + WOLFSSL_STACK* node; + + if (sk == NULL) { + return; + } + + /* parse through stack freeing each node */ + node = sk->next; + while (sk->num > 1) { + WOLFSSL_STACK* tmp = node; + node = node->next; + + wolfSSL_X509_free(tmp->data.x509); + XFREE(tmp, NULL, DYNAMIC_TYPE_X509); + sk->num -= 1; + } + + /* free head of stack */ + if (sk->num == 1) { + wolfSSL_X509_free(sk->data.x509); + } + XFREE(sk, NULL, DYNAMIC_TYPE_X509); +} + +#endif /* NO_CERTS && OPENSSL_EXTRA */ + #ifdef OPENSSL_EXTRA + +/* Returns the general name at index i from the stack + * + * sk stack to get general name from + * i index to get + * + * return a pointer to the internal node of the stack + */ +WOLFSSL_ASN1_OBJECT* wolfSSL_sk_GENERAL_NAME_value(WOLFSSL_STACK* sk, int i) +{ + WOLFSSL_STACK* cur; + int j; + + WOLFSSL_ENTER("wolfSSL_sk_GENERAL_NAME_value"); + + if (i < 0 || sk == NULL) { + return NULL; + } + + cur = sk; + for (j = 0; j < i && cur != NULL; j++) { + cur = cur->next; + } + + if (cur == NULL) { + return NULL; + } + + return cur->data.obj; +} + + +/* Gets the number of nodes in the stack + * + * sk stack to get the number of nodes from + * + * returns the number of nodes, -1 if no nodes + */ +int wolfSSL_sk_GENERAL_NAME_num(WOLFSSL_STACK* sk) +{ + WOLFSSL_ENTER("wolfSSL_sk_GENERAL_NAME_num"); + + if (sk == NULL) { + return -1; + } + + return (int)sk->num; +} + +/* Frees all nodes in a GENERAL NAME stack + * + * sk stack of nodes to free + * f free function to use, not called with wolfSSL + */ +void wolfSSL_sk_GENERAL_NAME_pop_free(WOLFSSL_STACK* sk, + void f (WOLFSSL_ASN1_OBJECT*)) +{ + WOLFSSL_STACK* node; + + WOLFSSL_ENTER("wolfSSL_sk_GENERAL_NAME_pop_free"); + + (void)f; + if (sk == NULL) { + return; + } + + /* parse through stack freeing each node */ + node = sk->next; + while (sk->num > 1) { + WOLFSSL_STACK* tmp = node; + node = node->next; + + wolfSSL_ASN1_OBJECT_free(tmp->data.obj); + XFREE(tmp, NULL, DYNAMIC_TYPE_ASN1); + sk->num -= 1; + } + + /* free head of stack */ + if (sk->num == 1) { + wolfSSL_ASN1_OBJECT_free(sk->data.obj); + } + XFREE(sk, NULL, DYNAMIC_TYPE_ASN1); + + +} +#endif /* OPENSSL_EXTRA */ + +#ifndef NO_FILESYSTEM + +#ifndef NO_STDIO_FILESYSTEM + +WOLFSSL_X509* wolfSSL_X509_d2i_fp(WOLFSSL_X509** x509, XFILE file) +{ + WOLFSSL_X509* newX509 = NULL; + + WOLFSSL_ENTER("wolfSSL_X509_d2i_fp"); + + if (file != XBADFILE) { + byte* fileBuffer = NULL; + long sz = 0; + + XFSEEK(file, 0, XSEEK_END); + sz = XFTELL(file); + XREWIND(file); + + if (sz < 0) { + WOLFSSL_MSG("Bad tell on FILE"); + return NULL; + } + + fileBuffer = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE); + if (fileBuffer != NULL) { + int ret = (int)XFREAD(fileBuffer, 1, sz, file); + if (ret == sz) { + newX509 = wolfSSL_X509_d2i(NULL, fileBuffer, (int)sz); + } + XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE); + } + } + + if (x509 != NULL) + *x509 = newX509; + + return newX509; +} + +#endif /* NO_STDIO_FILESYSTEM */ + +WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format) +{ +#ifdef WOLFSSL_SMALL_STACK + byte staticBuffer[1]; /* force heap usage */ +#else + byte staticBuffer[FILE_BUFFER_SIZE]; +#endif + byte* fileBuffer = staticBuffer; + int dynamic = 0; + int ret; + long sz = 0; + XFILE file; + + WOLFSSL_X509* x509 = NULL; + + /* Check the inputs */ + if ((fname == NULL) || + (format != WOLFSSL_FILETYPE_ASN1 && format != WOLFSSL_FILETYPE_PEM)) + return NULL; + + file = XFOPEN(fname, "rb"); + if (file == XBADFILE) + return NULL; + + XFSEEK(file, 0, XSEEK_END); + sz = XFTELL(file); + XREWIND(file); + + if (sz > (long)sizeof(staticBuffer)) { + fileBuffer = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE); + if (fileBuffer == NULL) { + XFCLOSE(file); + return NULL; + } + dynamic = 1; + } + else if (sz < 0) { + XFCLOSE(file); + return NULL; + } + + ret = (int)XFREAD(fileBuffer, 1, sz, file); + if (ret != sz) { + XFCLOSE(file); + if (dynamic) + XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE); + return NULL; + } + + XFCLOSE(file); + + x509 = wolfSSL_X509_load_certificate_buffer(fileBuffer, (int)sz, format); + + if (dynamic) + XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE); + + return x509; +} + +#endif /* NO_FILESYSTEM */ + + +WOLFSSL_X509* wolfSSL_X509_load_certificate_buffer( + const unsigned char* buf, int sz, int format) +{ + int ret; + WOLFSSL_X509* x509 = NULL; + DerBuffer* der = NULL; + + WOLFSSL_ENTER("wolfSSL_X509_load_certificate_ex"); + + if (format == WOLFSSL_FILETYPE_PEM) { + int ecc = 0; + #ifdef WOLFSSL_SMALL_STACK + EncryptedInfo* info = NULL; + #else + EncryptedInfo info[1]; + #endif + + #ifdef WOLFSSL_SMALL_STACK + info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL, + DYNAMIC_TYPE_ENCRYPTEDINFO); + if (info == NULL) { + return NULL; + } + #endif + + info->set = 0; + info->ctx = NULL; + info->consumed = 0; + + if (PemToDer(buf, sz, CERT_TYPE, &der, NULL, info, &ecc) != 0) { + FreeDer(&der); + } + + #ifdef WOLFSSL_SMALL_STACK + XFREE(info, NULL, DYNAMIC_TYPE_ENCRYPTEDINFO); + #endif + } + else { + ret = AllocDer(&der, (word32)sz, CERT_TYPE, NULL); + if (ret == 0) { + XMEMCPY(der->buffer, buf, sz); + } + } + + /* At this point we want `der` to have the certificate in DER format */ + /* ready to be decoded. */ + if (der != NULL && der->buffer != NULL) { + #ifdef WOLFSSL_SMALL_STACK + DecodedCert* cert = NULL; + #else + DecodedCert cert[1]; + #endif + + #ifdef WOLFSSL_SMALL_STACK + cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, + DYNAMIC_TYPE_DCERT); + if (cert != NULL) + #endif + { + InitDecodedCert(cert, der->buffer, der->length, NULL); + if (ParseCertRelative(cert, CERT_TYPE, 0, NULL) == 0) { + x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL, + DYNAMIC_TYPE_X509); + if (x509 != NULL) { + InitX509(x509, 1, NULL); + if (CopyDecodedToX509(x509, cert) != 0) { + XFREE(x509, NULL, DYNAMIC_TYPE_X509); + x509 = NULL; + } + } + } + + FreeDecodedCert(cert); + #ifdef WOLFSSL_SMALL_STACK + XFREE(cert, NULL, DYNAMIC_TYPE_DCERT); + #endif + } + + FreeDer(&der); + } + + return x509; +} + +#endif /* KEEP_PEER_CERT || SESSION_CERTS */ + +/* OPENSSL_EXTRA is needed for wolfSSL_X509_d21 function + KEEP_OUR_CERT is to insure ability for returning ssl certificate */ +#if defined(OPENSSL_EXTRA) && defined(KEEP_OUR_CERT) +WOLFSSL_X509* wolfSSL_get_certificate(WOLFSSL* ssl) +{ + if (ssl == NULL) { + return NULL; + } + + if (ssl->buffers.weOwnCert) { + if (ssl->ourCert == NULL) { + if (ssl->buffers.certificate == NULL) { + WOLFSSL_MSG("Certificate buffer not set!"); + return NULL; + } + ssl->ourCert = wolfSSL_X509_d2i(NULL, + ssl->buffers.certificate->buffer, + ssl->buffers.certificate->length); + } + return ssl->ourCert; + } + else { /* if cert not owned get parent ctx cert or return null */ + if (ssl->ctx) { + if (ssl->ctx->ourCert == NULL) { + if (ssl->ctx->certificate == NULL) { + WOLFSSL_MSG("Ctx Certificate buffer not set!"); + return NULL; + } + ssl->ctx->ourCert = wolfSSL_X509_d2i(NULL, + ssl->ctx->certificate->buffer, + ssl->ctx->certificate->length); + ssl->ctx->ownOurCert = 1; + } + return ssl->ctx->ourCert; + } + } + + return NULL; +} +#endif /* OPENSSL_EXTRA && KEEP_OUR_CERT */ +#endif /* NO_CERTS */ + + +#ifdef OPENSSL_EXTRA +/* return 1 on success 0 on fail */ +int wolfSSL_sk_ASN1_OBJECT_push(WOLF_STACK_OF(WOLFSSL_ASN1_OBJEXT)* sk, + WOLFSSL_ASN1_OBJECT* obj) +{ + WOLFSSL_STACK* node; + + if (sk == NULL || obj == NULL) { + return WOLFSSL_FAILURE; + } + + /* no previous values in stack */ + if (sk->data.obj == NULL) { + sk->data.obj = obj; + sk->num += 1; + return WOLFSSL_SUCCESS; + } + + /* stack already has value(s) create a new node and add more */ + node = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), NULL, + DYNAMIC_TYPE_ASN1); + if (node == NULL) { + WOLFSSL_MSG("Memory error"); + return WOLFSSL_FAILURE; + } + XMEMSET(node, 0, sizeof(WOLFSSL_STACK)); + + /* push new obj onto head of stack */ + node->data.obj = sk->data.obj; + node->next = sk->next; + sk->next = node; + sk->data.obj = obj; + sk->num += 1; + + return WOLFSSL_SUCCESS; +} + + +WOLFSSL_ASN1_OBJECT* wolfSSL_sk_ASN1_OBJCET_pop( + WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk) +{ + WOLFSSL_STACK* node; + WOLFSSL_ASN1_OBJECT* obj; + + if (sk == NULL) { + return NULL; + } + + node = sk->next; + obj = sk->data.obj; + + if (node != NULL) { /* update sk and remove node from stack */ + sk->data.obj = node->data.obj; + sk->next = node->next; + XFREE(node, NULL, DYNAMIC_TYPE_ASN1); + } + else { /* last obj in stack */ + sk->data.obj = NULL; + } + + if (sk->num > 0) { + sk->num -= 1; + } + + return obj; +} + + +#ifndef NO_ASN +WOLFSSL_ASN1_OBJECT* wolfSSL_ASN1_OBJECT_new(void) +{ + WOLFSSL_ASN1_OBJECT* obj; + + obj = (WOLFSSL_ASN1_OBJECT*)XMALLOC(sizeof(WOLFSSL_ASN1_OBJECT), NULL, + DYNAMIC_TYPE_ASN1); + if (obj == NULL) { + return NULL; + } + + XMEMSET(obj, 0, sizeof(WOLFSSL_ASN1_OBJECT)); + obj->d.ia5 = &(obj->d.ia5_internal); + return obj; +} + + +void wolfSSL_ASN1_OBJECT_free(WOLFSSL_ASN1_OBJECT* obj) +{ + if (obj == NULL) { + return; + } + + if (obj->dynamic == 1) { + if (obj->obj != NULL) { + WOLFSSL_MSG("Freeing ASN1 OBJECT data"); + XFREE(obj->obj, obj->heap, DYNAMIC_TYPE_ASN1); + } + } + + XFREE(obj, NULL, DYNAMIC_TYPE_ASN1); +} + + +/* free structure for x509 stack */ +void wolfSSL_sk_ASN1_OBJECT_free(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk) +{ + WOLFSSL_STACK* node; + + if (sk == NULL) { + return; + } + + /* parse through stack freeing each node */ + node = sk->next; + while (sk->num > 1) { + WOLFSSL_STACK* tmp = node; + node = node->next; + + wolfSSL_ASN1_OBJECT_free(tmp->data.obj); + XFREE(tmp, NULL, DYNAMIC_TYPE_ASN1); + sk->num -= 1; + } + + /* free head of stack */ + if (sk->num == 1) { + wolfSSL_ASN1_OBJECT_free(sk->data.obj); + } + XFREE(sk, NULL, DYNAMIC_TYPE_ASN1); +} + +int wolfSSL_ASN1_STRING_to_UTF8(unsigned char **out, WOLFSSL_ASN1_STRING *in) +{ + /* + ASN1_STRING_to_UTF8() converts the string in to UTF8 format, + the converted data is allocated in a buffer in *out. + The length of out is returned or a negative error code. + The buffer *out should be free using OPENSSL_free(). + */ + (void)out; + (void)in; + WOLFSSL_STUB("ASN1_STRING_to_UTF8"); + return -1; +} +#endif /* NO_ASN */ + +void wolfSSL_set_connect_state(WOLFSSL* ssl) +{ + word16 haveRSA = 1; + word16 havePSK = 0; + + if (ssl == NULL) { + WOLFSSL_MSG("WOLFSSL struct pointer passed in was null"); + return; + } + + #ifndef NO_DH + /* client creates its own DH parameters on handshake */ + if (ssl->buffers.serverDH_P.buffer && ssl->buffers.weOwnDH) { + XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, + DYNAMIC_TYPE_PUBLIC_KEY); + } + ssl->buffers.serverDH_P.buffer = NULL; + if (ssl->buffers.serverDH_G.buffer && ssl->buffers.weOwnDH) { + XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap, + DYNAMIC_TYPE_PUBLIC_KEY); + } + ssl->buffers.serverDH_G.buffer = NULL; + #endif + + if (ssl->options.side == WOLFSSL_SERVER_END) { + #ifdef NO_RSA + haveRSA = 0; + #endif + #ifndef NO_PSK + havePSK = ssl->options.havePSK; + #endif + InitSuites(ssl->suites, ssl->version, ssl->buffers.keySz, haveRSA, + havePSK, ssl->options.haveDH, ssl->options.haveNTRU, + ssl->options.haveECDSAsig, ssl->options.haveECC, + ssl->options.haveStaticECC, ssl->options.side); + } + ssl->options.side = WOLFSSL_CLIENT_END; +} +#endif /* OPENSSL_EXTRA || WOLFSSL_EXTRA */ + + +int wolfSSL_get_shutdown(const WOLFSSL* ssl) +{ + WOLFSSL_ENTER("wolfSSL_get_shutdown"); + /* in OpenSSL, WOLFSSL_SENT_SHUTDOWN = 1, when closeNotifySent * + * WOLFSSL_RECEIVED_SHUTDOWN = 2, from close notify or fatal err */ + return ((ssl->options.closeNotify||ssl->options.connReset) << 1) + | (ssl->options.sentNotify); +} + + +int wolfSSL_session_reused(WOLFSSL* ssl) +{ + return ssl->options.resuming; +} + +#ifdef OPENSSL_EXTRA +void wolfSSL_SESSION_free(WOLFSSL_SESSION* session) +{ + if (session == NULL) + return; + +#ifdef HAVE_EXT_CACHE + if (session->isAlloced) { + #ifdef HAVE_SESSION_TICKET + if (session->isDynamic) + XFREE(session->ticket, NULL, DYNAMIC_TYPE_SESSION_TICK); + #endif + XFREE(session, NULL, DYNAMIC_TYPE_OPENSSL); + } +#else + /* No need to free since cache is static */ + (void)session; +#endif +} +#endif + +const char* wolfSSL_get_version(WOLFSSL* ssl) +{ + WOLFSSL_ENTER("SSL_get_version"); + if (ssl->version.major == SSLv3_MAJOR) { + switch (ssl->version.minor) { + case SSLv3_MINOR : + return "SSLv3"; + case TLSv1_MINOR : + return "TLSv1"; + case TLSv1_1_MINOR : + return "TLSv1.1"; + case TLSv1_2_MINOR : + return "TLSv1.2"; + case TLSv1_3_MINOR : + return "TLSv1.3"; + default: + return "unknown"; + } + } + else if (ssl->version.major == DTLS_MAJOR) { + switch (ssl->version.minor) { + case DTLS_MINOR : + return "DTLS"; + case DTLSv1_2_MINOR : + return "DTLSv1.2"; + default: + return "unknown"; + } + } + return "unknown"; +} + + +/* current library version */ +const char* wolfSSL_lib_version(void) +{ + return LIBWOLFSSL_VERSION_STRING; +} + + +/* current library version in hex */ +word32 wolfSSL_lib_version_hex(void) +{ + return LIBWOLFSSL_VERSION_HEX; +} + + +int wolfSSL_get_current_cipher_suite(WOLFSSL* ssl) +{ + WOLFSSL_ENTER("SSL_get_current_cipher_suite"); + if (ssl) + return (ssl->options.cipherSuite0 << 8) | ssl->options.cipherSuite; + return 0; +} + +WOLFSSL_CIPHER* wolfSSL_get_current_cipher(WOLFSSL* ssl) +{ + WOLFSSL_ENTER("SSL_get_current_cipher"); + if (ssl) + return &ssl->cipher; + else + return NULL; +} + + +const char* wolfSSL_CIPHER_get_name(const WOLFSSL_CIPHER* cipher) +{ + WOLFSSL_ENTER("SSL_CIPHER_get_name"); + + if (cipher == NULL || cipher->ssl == NULL) { + return NULL; + } + + return wolfSSL_get_cipher_name_from_suite(cipher->ssl->options.cipherSuite, + cipher->ssl->options.cipherSuite0); +} + +const char* wolfSSL_SESSION_CIPHER_get_name(WOLFSSL_SESSION* session) +{ + if (session == NULL) { + return NULL; + } + +#ifdef SESSION_CERTS + return wolfSSL_get_cipher_name_from_suite(session->cipherSuite, + session->cipherSuite0); +#else + return NULL; +#endif +} + +const char* wolfSSL_get_cipher(WOLFSSL* ssl) +{ + WOLFSSL_ENTER("wolfSSL_get_cipher"); + return wolfSSL_CIPHER_get_name(wolfSSL_get_current_cipher(ssl)); +} + +/* gets cipher name in the format DHE-RSA-... rather then TLS_DHE... */ +const char* wolfSSL_get_cipher_name(WOLFSSL* ssl) +{ + /* get access to cipher_name_idx in internal.c */ + return wolfSSL_get_cipher_name_internal(ssl); +} + +#ifdef HAVE_ECC +/* Return the name of the curve used for key exchange as a printable string. + * + * ssl The SSL/TLS object. + * returns NULL if ECDH was not used, otherwise the name as a string. + */ +const char* wolfSSL_get_curve_name(WOLFSSL* ssl) +{ + if (ssl == NULL) + return NULL; + if (!IsAtLeastTLSv1_3(ssl->version) && ssl->specs.kea != ecdhe_psk_kea && + ssl->specs.kea != ecc_diffie_hellman_kea) + return NULL; + if (ssl->ecdhCurveOID == 0) + return NULL; + if (ssl->ecdhCurveOID == ECC_X25519_OID) + return "X25519"; + return wc_ecc_get_name(wc_ecc_get_oid(ssl->ecdhCurveOID, NULL, NULL)); +} +#endif + + +#if defined(OPENSSL_EXTRA_X509_SMALL) || defined(KEEP_PEER_CERT) || \ + defined(SESSION_CERTS) +/* Smaller subset of X509 compatibility functions. Avoid increasing the size of + * this subset and its memory usage */ + +#if !defined(NO_CERTS) +/* returns a pointer to a new WOLFSSL_X509 structure on success and NULL on + * fail + */ +WOLFSSL_X509* wolfSSL_X509_new() +{ + WOLFSSL_X509* x509; + + x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL, + DYNAMIC_TYPE_X509); + if (x509 != NULL) { + InitX509(x509, 1, NULL); + } + + return x509; +} + +WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name(WOLFSSL_X509* cert) +{ + WOLFSSL_ENTER("wolfSSL_X509_get_subject_name"); + if (cert && cert->subject.sz != 0) + return &cert->subject; + return NULL; +} + + + +WOLFSSL_X509_NAME* wolfSSL_X509_get_issuer_name(WOLFSSL_X509* cert) +{ + WOLFSSL_ENTER("X509_get_issuer_name"); + if (cert && cert->issuer.sz != 0) + return &cert->issuer; + return NULL; +} + + +int wolfSSL_X509_get_signature_type(WOLFSSL_X509* x509) +{ + int type = 0; + + WOLFSSL_ENTER("wolfSSL_X509_get_signature_type"); + + if (x509 != NULL) + type = x509->sigOID; + + return type; +} + +#if defined(OPENSSL_EXTRA_X509_SMALL) +#ifdef HAVE_ECC + static int SetECKeyExternal(WOLFSSL_EC_KEY* eckey); +#endif + +/* Used to get a string from the WOLFSSL_X509_NAME structure that + * corresponds with the NID value passed in. + * + * name structure to get string from + * nid NID value to search for + * buf [out] buffer to hold results. If NULL then the buffer size minus the + * null char is returned. + * len size of "buf" passed in + * + * returns the length of string found, not including the NULL terminator. + * It's possible the function could return a negative value in the + * case that len is less than or equal to 0. A negative value is + * considered an error case. + */ +int wolfSSL_X509_NAME_get_text_by_NID(WOLFSSL_X509_NAME* name, + int nid, char* buf, int len) +{ + char *text = NULL; + int textSz = 0; + + WOLFSSL_ENTER("wolfSSL_X509_NAME_get_text_by_NID"); + + switch (nid) { + case ASN_COMMON_NAME: + text = name->fullName.fullName + name->fullName.cnIdx; + textSz = name->fullName.cnLen; + break; + case ASN_SUR_NAME: + text = name->fullName.fullName + name->fullName.snIdx; + textSz = name->fullName.snLen; + break; + case ASN_SERIAL_NUMBER: + text = name->fullName.fullName + name->fullName.serialIdx; + textSz = name->fullName.serialLen; + break; + case ASN_COUNTRY_NAME: + text = name->fullName.fullName + name->fullName.cIdx; + textSz = name->fullName.cLen; + break; + case ASN_LOCALITY_NAME: + text = name->fullName.fullName + name->fullName.lIdx; + textSz = name->fullName.lLen; + break; + case ASN_STATE_NAME: + text = name->fullName.fullName + name->fullName.stIdx; + textSz = name->fullName.stLen; + break; + case ASN_ORG_NAME: + text = name->fullName.fullName + name->fullName.oIdx; + textSz = name->fullName.oLen; + break; + case ASN_ORGUNIT_NAME: + text = name->fullName.fullName + name->fullName.ouIdx; + textSz = name->fullName.ouLen; + break; + case ASN_DOMAIN_COMPONENT: + text = name->fullName.fullName + name->fullName.dcIdx[0]; + textSz = name->fullName.dcLen[0]; + break; + default: + WOLFSSL_MSG("Entry type not found"); + return SSL_FATAL_ERROR; + } + + /* if buf is NULL return size of buffer needed (minus null char) */ + if (buf == NULL) { + return textSz; + } + + if (buf != NULL && text != NULL) { + textSz = min(textSz + 1, len); /* + 1 to account for null char */ + if (textSz > 0) { + XMEMCPY(buf, text, textSz - 1); + buf[textSz - 1] = '\0'; + } + } + + WOLFSSL_LEAVE("wolfSSL_X509_NAME_get_text_by_NID", textSz); + return (textSz - 1); /* do not include null character in size */ +} + + +/* Creates a new WOLFSSL_EVP_PKEY structure that has the public key from x509 + * + * returns a pointer to the created WOLFSSL_EVP_PKEY on success and NULL on fail + */ +WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509) +{ + WOLFSSL_EVP_PKEY* key = NULL; + WOLFSSL_ENTER("X509_get_pubkey"); + if (x509 != NULL) { + key = (WOLFSSL_EVP_PKEY*)XMALLOC( + sizeof(WOLFSSL_EVP_PKEY), x509->heap, + DYNAMIC_TYPE_PUBLIC_KEY); + if (key != NULL) { + XMEMSET(key, 0, sizeof(WOLFSSL_EVP_PKEY)); + if (x509->pubKeyOID == RSAk) { + key->type = EVP_PKEY_RSA; + } + else { + key->type = EVP_PKEY_EC; + } + key->save_type = 0; + key->pkey.ptr = (char*)XMALLOC( + x509->pubKey.length, x509->heap, + DYNAMIC_TYPE_PUBLIC_KEY); + if (key->pkey.ptr == NULL) { + XFREE(key, x509->heap, DYNAMIC_TYPE_PUBLIC_KEY); + return NULL; + } + XMEMCPY(key->pkey.ptr, x509->pubKey.buffer, x509->pubKey.length); + key->pkey_sz = x509->pubKey.length; + + #ifdef HAVE_ECC + key->pkey_curve = (int)x509->pkCurveOID; + #endif /* HAVE_ECC */ + + /* decode RSA key */ + #ifndef NO_RSA + if (key->type == EVP_PKEY_RSA) { + key->ownRsa = 1; + key->rsa = wolfSSL_RSA_new(); + if (key->rsa == NULL) { + XFREE(key, x509->heap, DYNAMIC_TYPE_PUBLIC_KEY); + return NULL; + } + + if (wolfSSL_RSA_LoadDer_ex(key->rsa, + (const unsigned char*)key->pkey.ptr, key->pkey_sz, + WOLFSSL_RSA_LOAD_PUBLIC) != SSL_SUCCESS) { + XFREE(key, x509->heap, DYNAMIC_TYPE_PUBLIC_KEY); + wolfSSL_RSA_free(key->rsa); + return NULL; + } + } + #endif /* NO_RSA */ + + /* decode ECC key */ + #ifdef HAVE_ECC + if (key->type == EVP_PKEY_EC) { + key->ownEcc = 1; + key->ecc = wolfSSL_EC_KEY_new(); + if (key->ecc == NULL || key->ecc->internal == NULL) { + XFREE(key, x509->heap, DYNAMIC_TYPE_PUBLIC_KEY); + return NULL; + } + + /* not using wolfSSL_EC_KEY_LoadDer because public key in x509 + * is in the format of x963 (no sequence at start of buffer) */ + if (wc_ecc_import_x963((const unsigned char*)key->pkey.ptr, + key->pkey_sz, (ecc_key*)key->ecc->internal) < 0) { + WOLFSSL_MSG("wc_ecc_import_x963 failed"); + XFREE(key, x509->heap, DYNAMIC_TYPE_PUBLIC_KEY); + wolfSSL_EC_KEY_free(key->ecc); + return NULL; + } + + if (SetECKeyExternal(key->ecc) != SSL_SUCCESS) { + WOLFSSL_MSG("SetECKeyExternal failed"); + XFREE(key, x509->heap, DYNAMIC_TYPE_PUBLIC_KEY); + wolfSSL_EC_KEY_free(key->ecc); + return NULL; + } + + key->ecc->inSet = 1; + } + #endif /* HAVE_ECC */ + } + } + return key; +} +#endif /* OPENSSL_EXTRA_X509_SMALL */ +#endif /* !NO_CERTS */ + +/* End of smaller subset of X509 compatibility functions. Avoid increasing the + * size of this subset and its memory usage */ +#endif /* OPENSSL_EXTRA_X509_SMALL */ + +#if defined(OPENSSL_EXTRA) +#if !defined(NO_CERTS) int wolfSSL_X509_ext_isSet_by_NID(WOLFSSL_X509* x509, int nid) { int isSet = 0; @@ -15067,86 +16618,6 @@ static void ExternalFreeX509(WOLFSSL_X509* x509) } - /* Used to get a string from the WOLFSSL_X509_NAME structure that - * corresponds with the NID value passed in. - * - * name structure to get string from - * nid NID value to search for - * buf [out] buffer to hold results. If NULL then the buffer size minus the - * null char is returned. - * len size of "buf" passed in - * - * returns the length of string found, not including the NULL terminator. - * It's possible the function could return a negative value in the - * case that len is less than or equal to 0. A negative value is - * considered an error case. - */ - int wolfSSL_X509_NAME_get_text_by_NID(WOLFSSL_X509_NAME* name, - int nid, char* buf, int len) - { - char *text = NULL; - int textSz = 0; - - WOLFSSL_ENTER("wolfSSL_X509_NAME_get_text_by_NID"); - - switch (nid) { - case ASN_COMMON_NAME: - text = name->fullName.fullName + name->fullName.cnIdx; - textSz = name->fullName.cnLen; - break; - case ASN_SUR_NAME: - text = name->fullName.fullName + name->fullName.snIdx; - textSz = name->fullName.snLen; - break; - case ASN_SERIAL_NUMBER: - text = name->fullName.fullName + name->fullName.serialIdx; - textSz = name->fullName.serialLen; - break; - case ASN_COUNTRY_NAME: - text = name->fullName.fullName + name->fullName.cIdx; - textSz = name->fullName.cLen; - break; - case ASN_LOCALITY_NAME: - text = name->fullName.fullName + name->fullName.lIdx; - textSz = name->fullName.lLen; - break; - case ASN_STATE_NAME: - text = name->fullName.fullName + name->fullName.stIdx; - textSz = name->fullName.stLen; - break; - case ASN_ORG_NAME: - text = name->fullName.fullName + name->fullName.oIdx; - textSz = name->fullName.oLen; - break; - case ASN_ORGUNIT_NAME: - text = name->fullName.fullName + name->fullName.ouIdx; - textSz = name->fullName.ouLen; - break; - case ASN_DOMAIN_COMPONENT: - text = name->fullName.fullName + name->fullName.dcIdx[0]; - textSz = name->fullName.dcLen[0]; - break; - default: - WOLFSSL_MSG("Entry type not found"); - return SSL_FATAL_ERROR; - } - - /* if buf is NULL return size of buffer needed (minus null char) */ - if (buf == NULL) { - return textSz; - } - - if (buf != NULL && text != NULL) { - textSz = min(textSz + 1, len); /* + 1 to account for null char */ - if (textSz > 0) { - XMEMCPY(buf, text, textSz - 1); - buf[textSz - 1] = '\0'; - } - } - - WOLFSSL_LEAVE("wolfSSL_X509_NAME_get_text_by_NID", textSz); - return (textSz - 1); /* do not include null character in size */ - } int wolfSSL_X509_NAME_get_index_by_NID(WOLFSSL_X509_NAME* name, int nid, int pos) @@ -15960,1122 +17431,9 @@ static void ExternalFreeX509(WOLFSSL_X509* x509) return WOLFSSL_SUCCESS; } #endif /* XSNPRINTF */ -#endif /* OPENSSL_EXTRA */ - - /* copy name into in buffer, at most sz bytes, if buffer is null will - malloc buffer, call responsible for freeing */ - char* wolfSSL_X509_NAME_oneline(WOLFSSL_X509_NAME* name, char* in, int sz) - { - int copySz; - - if (name == NULL) { - WOLFSSL_MSG("WOLFSSL_X509_NAME pointer was NULL"); - return NULL; - } - - copySz = min(sz, name->sz); - - WOLFSSL_ENTER("wolfSSL_X509_NAME_oneline"); - if (!name->sz) return in; - - if (!in) { - #ifdef WOLFSSL_STATIC_MEMORY - WOLFSSL_MSG("Using static memory -- please pass in a buffer"); - return NULL; - #else - in = (char*)XMALLOC(name->sz, NULL, DYNAMIC_TYPE_OPENSSL); - if (!in ) return in; - copySz = name->sz; - #endif - } - - if (copySz <= 0) - return in; - - XMEMCPY(in, name->name, copySz - 1); - in[copySz - 1] = 0; - - return in; - } - - - int wolfSSL_X509_get_signature_type(WOLFSSL_X509* x509) - { - int type = 0; - - WOLFSSL_ENTER("wolfSSL_X509_get_signature_type"); - - if (x509 != NULL) - type = x509->sigOID; - - return type; - } - - - int wolfSSL_X509_get_signature(WOLFSSL_X509* x509, - unsigned char* buf, int* bufSz) - { - WOLFSSL_ENTER("wolfSSL_X509_get_signature"); - if (x509 == NULL || bufSz == NULL || *bufSz < (int)x509->sig.length) - return WOLFSSL_FATAL_ERROR; - - if (buf != NULL) - XMEMCPY(buf, x509->sig.buffer, x509->sig.length); - *bufSz = x509->sig.length; - - return WOLFSSL_SUCCESS; - } - - - /* write X509 serial number in unsigned binary to buffer - buffer needs to be at least EXTERNAL_SERIAL_SIZE (32) for all cases - return WOLFSSL_SUCCESS on success */ - int wolfSSL_X509_get_serial_number(WOLFSSL_X509* x509, - byte* in, int* inOutSz) - { - WOLFSSL_ENTER("wolfSSL_X509_get_serial_number"); - if (x509 == NULL || in == NULL || - inOutSz == NULL || *inOutSz < x509->serialSz) - return BAD_FUNC_ARG; - - XMEMCPY(in, x509->serial, x509->serialSz); - *inOutSz = x509->serialSz; - - return WOLFSSL_SUCCESS; - } - - - const byte* wolfSSL_X509_get_der(WOLFSSL_X509* x509, int* outSz) - { - WOLFSSL_ENTER("wolfSSL_X509_get_der"); - - if (x509 == NULL || x509->derCert == NULL || outSz == NULL) - return NULL; - - *outSz = (int)x509->derCert->length; - return x509->derCert->buffer; - } - - - int wolfSSL_X509_version(WOLFSSL_X509* x509) - { - WOLFSSL_ENTER("wolfSSL_X509_version"); - - if (x509 == NULL) - return 0; - - return x509->version; - } - - - const byte* wolfSSL_X509_notBefore(WOLFSSL_X509* x509) - { - WOLFSSL_ENTER("wolfSSL_X509_notBefore"); - - if (x509 == NULL) - return NULL; - - return x509->notBefore; - } - - - const byte* wolfSSL_X509_notAfter(WOLFSSL_X509* x509) - { - WOLFSSL_ENTER("wolfSSL_X509_notAfter"); - - if (x509 == NULL) - return NULL; - - return x509->notAfter; - } - - -#ifdef WOLFSSL_SEP - -/* copy oid into in buffer, at most *inOutSz bytes, if buffer is null will - malloc buffer, call responsible for freeing. Actual size returned in - *inOutSz. Requires inOutSz be non-null */ -byte* wolfSSL_X509_get_device_type(WOLFSSL_X509* x509, byte* in, int *inOutSz) -{ - int copySz; - - WOLFSSL_ENTER("wolfSSL_X509_get_dev_type"); - if (inOutSz == NULL) return NULL; - if (!x509->deviceTypeSz) return in; - - copySz = min(*inOutSz, x509->deviceTypeSz); - - if (!in) { - #ifdef WOLFSSL_STATIC_MEMORY - WOLFSSL_MSG("Using static memory -- please pass in a buffer"); - return NULL; - #else - in = (byte*)XMALLOC(x509->deviceTypeSz, 0, DYNAMIC_TYPE_OPENSSL); - if (!in) return in; - copySz = x509->deviceTypeSz; - #endif - } - - XMEMCPY(in, x509->deviceType, copySz); - *inOutSz = copySz; - - return in; -} - - -byte* wolfSSL_X509_get_hw_type(WOLFSSL_X509* x509, byte* in, int* inOutSz) -{ - int copySz; - - WOLFSSL_ENTER("wolfSSL_X509_get_hw_type"); - if (inOutSz == NULL) return NULL; - if (!x509->hwTypeSz) return in; - - copySz = min(*inOutSz, x509->hwTypeSz); - - if (!in) { - #ifdef WOLFSSL_STATIC_MEMORY - WOLFSSL_MSG("Using static memory -- please pass in a buffer"); - return NULL; - #else - in = (byte*)XMALLOC(x509->hwTypeSz, 0, DYNAMIC_TYPE_OPENSSL); - if (!in) return in; - copySz = x509->hwTypeSz; - #endif - } - - XMEMCPY(in, x509->hwType, copySz); - *inOutSz = copySz; - - return in; -} - - -byte* wolfSSL_X509_get_hw_serial_number(WOLFSSL_X509* x509,byte* in, - int* inOutSz) -{ - int copySz; - - WOLFSSL_ENTER("wolfSSL_X509_get_hw_serial_number"); - if (inOutSz == NULL) return NULL; - if (!x509->hwTypeSz) return in; - - copySz = min(*inOutSz, x509->hwSerialNumSz); - - if (!in) { - #ifdef WOLFSSL_STATIC_MEMORY - WOLFSSL_MSG("Using static memory -- please pass in a buffer"); - return NULL; - #else - in = (byte*)XMALLOC(x509->hwSerialNumSz, 0, DYNAMIC_TYPE_OPENSSL); - if (!in) return in; - copySz = x509->hwSerialNumSz; - #endif - } - - XMEMCPY(in, x509->hwSerialNum, copySz); - *inOutSz = copySz; - - return in; -} - -#endif /* WOLFSSL_SEP */ - -/* require OPENSSL_EXTRA since wolfSSL_X509_free is wrapped by OPENSSL_EXTRA */ -#if !defined(NO_CERTS) && defined(OPENSSL_EXTRA) -/* return 1 on success 0 on fail */ -int wolfSSL_sk_X509_push(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk, WOLFSSL_X509* x509) -{ - WOLFSSL_STACK* node; - - if (sk == NULL || x509 == NULL) { - return WOLFSSL_FAILURE; - } - - /* no previous values in stack */ - if (sk->data.x509 == NULL) { - sk->data.x509 = x509; - sk->num += 1; - return WOLFSSL_SUCCESS; - } - - /* stack already has value(s) create a new node and add more */ - node = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), NULL, - DYNAMIC_TYPE_X509); - if (node == NULL) { - WOLFSSL_MSG("Memory error"); - return WOLFSSL_FAILURE; - } - XMEMSET(node, 0, sizeof(WOLFSSL_STACK)); - - /* push new x509 onto head of stack */ - node->data.x509 = sk->data.x509; - node->next = sk->next; - sk->next = node; - sk->data.x509 = x509; - sk->num += 1; - - return WOLFSSL_SUCCESS; -} - - -WOLFSSL_X509* wolfSSL_sk_X509_pop(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk) { - WOLFSSL_STACK* node; - WOLFSSL_X509* x509; - - if (sk == NULL) { - return NULL; - } - - node = sk->next; - x509 = sk->data.x509; - - if (node != NULL) { /* update sk and remove node from stack */ - sk->data.x509 = node->data.x509; - sk->next = node->next; - XFREE(node, NULL, DYNAMIC_TYPE_X509); - } - else { /* last x509 in stack */ - sk->data.x509 = NULL; - } - - if (sk->num > 0) { - sk->num -= 1; - } - - return x509; -} - - -/* Getter function for WOLFSSL_X509_NAME pointer - * - * sk is the stack to retrieve pointer from - * i is the index value in stack - * - * returns a pointer to a WOLFSSL_X509_NAME structure on success and NULL on - * fail - */ -void* wolfSSL_sk_X509_NAME_value(const STACK_OF(WOLFSSL_X509_NAME)* sk, int i) -{ - WOLFSSL_ENTER("wolfSSL_sk_X509_NAME_value"); - - for (; sk != NULL && i > 0; i--) - sk = sk->next; - - if (i != 0 || sk == NULL) - return NULL; - return sk->data.name; -} - - -/* Getter function for WOLFSSL_X509 pointer - * - * sk is the stack to retrieve pointer from - * i is the index value in stack - * - * returns a pointer to a WOLFSSL_X509 structure on success and NULL on - * fail - */ -void* wolfSSL_sk_X509_value(STACK_OF(WOLFSSL_X509)* sk, int i) -{ - WOLFSSL_ENTER("wolfSSL_sk_X509_value"); - - for (; sk != NULL && i > 0; i--) - sk = sk->next; - - if (i != 0 || sk == NULL) - return NULL; - return sk->data.x509; -} - - -/* Free's all nodes in X509 stack. This is different then wolfSSL_sk_X509_free - * in that it allows for choosing the function to use when freeing an X509s. - * - * sk stack to free nodes in - * f X509 free function - */ -void wolfSSL_sk_X509_pop_free(STACK_OF(WOLFSSL_X509)* sk, void f (WOLFSSL_X509*)){ - WOLFSSL_STACK* node; - - WOLFSSL_ENTER("wolfSSL_sk_X509_pop_free"); - - if (sk == NULL) { - return; - } - - /* parse through stack freeing each node */ - node = sk->next; - while (sk->num > 1) { - WOLFSSL_STACK* tmp = node; - node = node->next; - - f(tmp->data.x509); - XFREE(tmp, NULL, DYNAMIC_TYPE_X509); - sk->num -= 1; - } - - /* free head of stack */ - if (sk->num == 1) { - f(sk->data.x509); - } - XFREE(sk, NULL, DYNAMIC_TYPE_X509); -} - - -/* free structure for x509 stack */ -void wolfSSL_sk_X509_free(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk) { - WOLFSSL_STACK* node; - - if (sk == NULL) { - return; - } - - /* parse through stack freeing each node */ - node = sk->next; - while (sk->num > 1) { - WOLFSSL_STACK* tmp = node; - node = node->next; - - wolfSSL_X509_free(tmp->data.x509); - XFREE(tmp, NULL, DYNAMIC_TYPE_X509); - sk->num -= 1; - } - - /* free head of stack */ - if (sk->num == 1) { - wolfSSL_X509_free(sk->data.x509); - } - XFREE(sk, NULL, DYNAMIC_TYPE_X509); -} - -#endif /* NO_CERTS && OPENSSL_EXTRA */ - -#ifdef OPENSSL_EXTRA - -/* Returns the general name at index i from the stack - * - * sk stack to get general name from - * i index to get - * - * return a pointer to the internal node of the stack - */ -WOLFSSL_ASN1_OBJECT* wolfSSL_sk_GENERAL_NAME_value(WOLFSSL_STACK* sk, int i) -{ - WOLFSSL_STACK* cur; - int j; - - WOLFSSL_ENTER("wolfSSL_sk_GENERAL_NAME_value"); - - if (i < 0 || sk == NULL) { - return NULL; - } - - cur = sk; - for (j = 0; j < i && cur != NULL; j++) { - cur = cur->next; - } - - if (cur == NULL) { - return NULL; - } - - return cur->data.obj; -} - - -/* Gets the number of nodes in the stack - * - * sk stack to get the number of nodes from - * - * returns the number of nodes, -1 if no nodes - */ -int wolfSSL_sk_GENERAL_NAME_num(WOLFSSL_STACK* sk) -{ - WOLFSSL_ENTER("wolfSSL_sk_GENERAL_NAME_num"); - - if (sk == NULL) { - return -1; - } - - return (int)sk->num; -} - -/* Frees all nodes in a GENERAL NAME stack - * - * sk stack of nodes to free - * f free function to use, not called with wolfSSL - */ -void wolfSSL_sk_GENERAL_NAME_pop_free(WOLFSSL_STACK* sk, - void f (WOLFSSL_ASN1_OBJECT*)) -{ - WOLFSSL_STACK* node; - - WOLFSSL_ENTER("wolfSSL_sk_GENERAL_NAME_pop_free"); - - (void)f; - if (sk == NULL) { - return; - } - - /* parse through stack freeing each node */ - node = sk->next; - while (sk->num > 1) { - WOLFSSL_STACK* tmp = node; - node = node->next; - - wolfSSL_ASN1_OBJECT_free(tmp->data.obj); - XFREE(tmp, NULL, DYNAMIC_TYPE_ASN1); - sk->num -= 1; - } - - /* free head of stack */ - if (sk->num == 1) { - wolfSSL_ASN1_OBJECT_free(sk->data.obj); - } - XFREE(sk, NULL, DYNAMIC_TYPE_ASN1); - - -} -#endif /* OPENSSL_EXTRA */ - -/* Wraps wolfSSL_X509_d2i - * - * returns a WOLFSSL_X509 structure pointer on success and NULL on fail - */ -WOLFSSL_X509* wolfSSL_d2i_X509(WOLFSSL_X509** x509, const unsigned char** in, - int len) -{ - return wolfSSL_X509_d2i(x509, *in, len); -} - - -WOLFSSL_X509* wolfSSL_X509_d2i(WOLFSSL_X509** x509, const byte* in, int len) -{ - WOLFSSL_X509 *newX509 = NULL; - - WOLFSSL_ENTER("wolfSSL_X509_d2i"); - - if (in != NULL && len != 0) { - #ifdef WOLFSSL_SMALL_STACK - DecodedCert* cert = NULL; - #else - DecodedCert cert[1]; - #endif - - #ifdef WOLFSSL_SMALL_STACK - cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, - DYNAMIC_TYPE_DCERT); - if (cert == NULL) - return NULL; - #endif - - InitDecodedCert(cert, (byte*)in, len, NULL); - if (ParseCertRelative(cert, CERT_TYPE, 0, NULL) == 0) { - newX509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL, - DYNAMIC_TYPE_X509); - if (newX509 != NULL) { - InitX509(newX509, 1, NULL); - if (CopyDecodedToX509(newX509, cert) != 0) { - XFREE(newX509, NULL, DYNAMIC_TYPE_X509); - newX509 = NULL; - } - } - } - FreeDecodedCert(cert); - #ifdef WOLFSSL_SMALL_STACK - XFREE(cert, NULL, DYNAMIC_TYPE_DCERT); - #endif - } - - if (x509 != NULL) - *x509 = newX509; - - return newX509; -} - - -#ifndef NO_FILESYSTEM - -#ifndef NO_STDIO_FILESYSTEM - -WOLFSSL_X509* wolfSSL_X509_d2i_fp(WOLFSSL_X509** x509, XFILE file) -{ - WOLFSSL_X509* newX509 = NULL; - - WOLFSSL_ENTER("wolfSSL_X509_d2i_fp"); - - if (file != XBADFILE) { - byte* fileBuffer = NULL; - long sz = 0; - - XFSEEK(file, 0, XSEEK_END); - sz = XFTELL(file); - XREWIND(file); - - if (sz < 0) { - WOLFSSL_MSG("Bad tell on FILE"); - return NULL; - } - - fileBuffer = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE); - if (fileBuffer != NULL) { - int ret = (int)XFREAD(fileBuffer, 1, sz, file); - if (ret == sz) { - newX509 = wolfSSL_X509_d2i(NULL, fileBuffer, (int)sz); - } - XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE); - } - } - - if (x509 != NULL) - *x509 = newX509; - - return newX509; -} - -#endif /* NO_STDIO_FILESYSTEM */ - -WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format) -{ -#ifdef WOLFSSL_SMALL_STACK - byte staticBuffer[1]; /* force heap usage */ -#else - byte staticBuffer[FILE_BUFFER_SIZE]; -#endif - byte* fileBuffer = staticBuffer; - int dynamic = 0; - int ret; - long sz = 0; - XFILE file; - - WOLFSSL_X509* x509 = NULL; - - /* Check the inputs */ - if ((fname == NULL) || - (format != WOLFSSL_FILETYPE_ASN1 && format != WOLFSSL_FILETYPE_PEM)) - return NULL; - - file = XFOPEN(fname, "rb"); - if (file == XBADFILE) - return NULL; - - XFSEEK(file, 0, XSEEK_END); - sz = XFTELL(file); - XREWIND(file); - - if (sz > (long)sizeof(staticBuffer)) { - fileBuffer = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE); - if (fileBuffer == NULL) { - XFCLOSE(file); - return NULL; - } - dynamic = 1; - } - else if (sz < 0) { - XFCLOSE(file); - return NULL; - } - - ret = (int)XFREAD(fileBuffer, 1, sz, file); - if (ret != sz) { - XFCLOSE(file); - if (dynamic) - XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE); - return NULL; - } - - XFCLOSE(file); - - x509 = wolfSSL_X509_load_certificate_buffer(fileBuffer, (int)sz, format); - - if (dynamic) - XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE); - - return x509; -} - -#endif /* NO_FILESYSTEM */ - - -WOLFSSL_X509* wolfSSL_X509_load_certificate_buffer( - const unsigned char* buf, int sz, int format) -{ - int ret; - WOLFSSL_X509* x509 = NULL; - DerBuffer* der = NULL; - - WOLFSSL_ENTER("wolfSSL_X509_load_certificate_ex"); - - if (format == WOLFSSL_FILETYPE_PEM) { - int ecc = 0; - #ifdef WOLFSSL_SMALL_STACK - EncryptedInfo* info = NULL; - #else - EncryptedInfo info[1]; - #endif - - #ifdef WOLFSSL_SMALL_STACK - info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL, - DYNAMIC_TYPE_ENCRYPTEDINFO); - if (info == NULL) { - return NULL; - } - #endif - - info->set = 0; - info->ctx = NULL; - info->consumed = 0; - - if (PemToDer(buf, sz, CERT_TYPE, &der, NULL, info, &ecc) != 0) { - FreeDer(&der); - } - - #ifdef WOLFSSL_SMALL_STACK - XFREE(info, NULL, DYNAMIC_TYPE_ENCRYPTEDINFO); - #endif - } - else { - ret = AllocDer(&der, (word32)sz, CERT_TYPE, NULL); - if (ret == 0) { - XMEMCPY(der->buffer, buf, sz); - } - } - - /* At this point we want `der` to have the certificate in DER format */ - /* ready to be decoded. */ - if (der != NULL && der->buffer != NULL) { - #ifdef WOLFSSL_SMALL_STACK - DecodedCert* cert = NULL; - #else - DecodedCert cert[1]; - #endif - - #ifdef WOLFSSL_SMALL_STACK - cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, - DYNAMIC_TYPE_DCERT); - if (cert != NULL) - #endif - { - InitDecodedCert(cert, der->buffer, der->length, NULL); - if (ParseCertRelative(cert, CERT_TYPE, 0, NULL) == 0) { - x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL, - DYNAMIC_TYPE_X509); - if (x509 != NULL) { - InitX509(x509, 1, NULL); - if (CopyDecodedToX509(x509, cert) != 0) { - XFREE(x509, NULL, DYNAMIC_TYPE_X509); - x509 = NULL; - } - } - } - - FreeDecodedCert(cert); - #ifdef WOLFSSL_SMALL_STACK - XFREE(cert, NULL, DYNAMIC_TYPE_DCERT); - #endif - } - - FreeDer(&der); - } - - return x509; -} - -#endif /* KEEP_PEER_CERT || SESSION_CERTS */ - -/* OPENSSL_EXTRA is needed for wolfSSL_X509_d21 function - KEEP_OUR_CERT is to insure ability for returning ssl certificate */ -#if defined(OPENSSL_EXTRA) && defined(KEEP_OUR_CERT) -WOLFSSL_X509* wolfSSL_get_certificate(WOLFSSL* ssl) -{ - if (ssl == NULL) { - return NULL; - } - - if (ssl->buffers.weOwnCert) { - if (ssl->ourCert == NULL) { - if (ssl->buffers.certificate == NULL) { - WOLFSSL_MSG("Certificate buffer not set!"); - return NULL; - } - ssl->ourCert = wolfSSL_X509_d2i(NULL, - ssl->buffers.certificate->buffer, - ssl->buffers.certificate->length); - } - return ssl->ourCert; - } - else { /* if cert not owned get parent ctx cert or return null */ - if (ssl->ctx) { - if (ssl->ctx->ourCert == NULL) { - if (ssl->ctx->certificate == NULL) { - WOLFSSL_MSG("Ctx Certificate buffer not set!"); - return NULL; - } - ssl->ctx->ourCert = wolfSSL_X509_d2i(NULL, - ssl->ctx->certificate->buffer, - ssl->ctx->certificate->length); - ssl->ctx->ownOurCert = 1; - } - return ssl->ctx->ourCert; - } - } - - return NULL; -} -#endif /* OPENSSL_EXTRA && KEEP_OUR_CERT */ #endif /* NO_CERTS */ - -#ifdef OPENSSL_EXTRA -/* return 1 on success 0 on fail */ -int wolfSSL_sk_ASN1_OBJECT_push(WOLF_STACK_OF(WOLFSSL_ASN1_OBJEXT)* sk, - WOLFSSL_ASN1_OBJECT* obj) -{ - WOLFSSL_STACK* node; - - if (sk == NULL || obj == NULL) { - return WOLFSSL_FAILURE; - } - - /* no previous values in stack */ - if (sk->data.obj == NULL) { - sk->data.obj = obj; - sk->num += 1; - return WOLFSSL_SUCCESS; - } - - /* stack already has value(s) create a new node and add more */ - node = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), NULL, - DYNAMIC_TYPE_ASN1); - if (node == NULL) { - WOLFSSL_MSG("Memory error"); - return WOLFSSL_FAILURE; - } - XMEMSET(node, 0, sizeof(WOLFSSL_STACK)); - - /* push new obj onto head of stack */ - node->data.obj = sk->data.obj; - node->next = sk->next; - sk->next = node; - sk->data.obj = obj; - sk->num += 1; - - return WOLFSSL_SUCCESS; -} - - -WOLFSSL_ASN1_OBJECT* wolfSSL_sk_ASN1_OBJCET_pop( - WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk) -{ - WOLFSSL_STACK* node; - WOLFSSL_ASN1_OBJECT* obj; - - if (sk == NULL) { - return NULL; - } - - node = sk->next; - obj = sk->data.obj; - - if (node != NULL) { /* update sk and remove node from stack */ - sk->data.obj = node->data.obj; - sk->next = node->next; - XFREE(node, NULL, DYNAMIC_TYPE_ASN1); - } - else { /* last obj in stack */ - sk->data.obj = NULL; - } - - if (sk->num > 0) { - sk->num -= 1; - } - - return obj; -} - - -#ifndef NO_ASN -WOLFSSL_ASN1_OBJECT* wolfSSL_ASN1_OBJECT_new(void) -{ - WOLFSSL_ASN1_OBJECT* obj; - - obj = (WOLFSSL_ASN1_OBJECT*)XMALLOC(sizeof(WOLFSSL_ASN1_OBJECT), NULL, - DYNAMIC_TYPE_ASN1); - if (obj == NULL) { - return NULL; - } - - XMEMSET(obj, 0, sizeof(WOLFSSL_ASN1_OBJECT)); - obj->d.ia5 = &(obj->d.ia5_internal); - return obj; -} - - -void wolfSSL_ASN1_OBJECT_free(WOLFSSL_ASN1_OBJECT* obj) -{ - if (obj == NULL) { - return; - } - - if (obj->dynamic == 1) { - if (obj->obj != NULL) { - WOLFSSL_MSG("Freeing ASN1 OBJECT data"); - XFREE(obj->obj, obj->heap, DYNAMIC_TYPE_ASN1); - } - } - - XFREE(obj, NULL, DYNAMIC_TYPE_ASN1); -} - - -/* free structure for x509 stack */ -void wolfSSL_sk_ASN1_OBJECT_free(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk) -{ - WOLFSSL_STACK* node; - - if (sk == NULL) { - return; - } - - /* parse through stack freeing each node */ - node = sk->next; - while (sk->num > 1) { - WOLFSSL_STACK* tmp = node; - node = node->next; - - wolfSSL_ASN1_OBJECT_free(tmp->data.obj); - XFREE(tmp, NULL, DYNAMIC_TYPE_ASN1); - sk->num -= 1; - } - - /* free head of stack */ - if (sk->num == 1) { - wolfSSL_ASN1_OBJECT_free(sk->data.obj); - } - XFREE(sk, NULL, DYNAMIC_TYPE_ASN1); -} - -int wolfSSL_ASN1_STRING_to_UTF8(unsigned char **out, WOLFSSL_ASN1_STRING *in) -{ - /* - ASN1_STRING_to_UTF8() converts the string in to UTF8 format, - the converted data is allocated in a buffer in *out. - The length of out is returned or a negative error code. - The buffer *out should be free using OPENSSL_free(). - */ - (void)out; - (void)in; - WOLFSSL_STUB("ASN1_STRING_to_UTF8"); - return -1; -} -#endif /* NO_ASN */ - -void wolfSSL_set_connect_state(WOLFSSL* ssl) -{ - word16 haveRSA = 1; - word16 havePSK = 0; - - if (ssl == NULL) { - WOLFSSL_MSG("WOLFSSL struct pointer passed in was null"); - return; - } - - #ifndef NO_DH - /* client creates its own DH parameters on handshake */ - if (ssl->buffers.serverDH_P.buffer && ssl->buffers.weOwnDH) { - XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, - DYNAMIC_TYPE_PUBLIC_KEY); - } - ssl->buffers.serverDH_P.buffer = NULL; - if (ssl->buffers.serverDH_G.buffer && ssl->buffers.weOwnDH) { - XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap, - DYNAMIC_TYPE_PUBLIC_KEY); - } - ssl->buffers.serverDH_G.buffer = NULL; - #endif - - if (ssl->options.side == WOLFSSL_SERVER_END) { - #ifdef NO_RSA - haveRSA = 0; - #endif - #ifndef NO_PSK - havePSK = ssl->options.havePSK; - #endif - InitSuites(ssl->suites, ssl->version, ssl->buffers.keySz, haveRSA, - havePSK, ssl->options.haveDH, ssl->options.haveNTRU, - ssl->options.haveECDSAsig, ssl->options.haveECC, - ssl->options.haveStaticECC, ssl->options.side); - } - ssl->options.side = WOLFSSL_CLIENT_END; -} -#endif /* OPENSSL_EXTRA || WOLFSSL_EXTRA */ - - -int wolfSSL_get_shutdown(const WOLFSSL* ssl) -{ - WOLFSSL_ENTER("wolfSSL_get_shutdown"); - /* in OpenSSL, WOLFSSL_SENT_SHUTDOWN = 1, when closeNotifySent * - * WOLFSSL_RECEIVED_SHUTDOWN = 2, from close notify or fatal err */ - return ((ssl->options.closeNotify||ssl->options.connReset) << 1) - | (ssl->options.sentNotify); -} - - -int wolfSSL_session_reused(WOLFSSL* ssl) -{ - return ssl->options.resuming; -} - -#ifdef OPENSSL_EXTRA -void wolfSSL_SESSION_free(WOLFSSL_SESSION* session) -{ - if (session == NULL) - return; - -#ifdef HAVE_EXT_CACHE - if (session->isAlloced) { - #ifdef HAVE_SESSION_TICKET - if (session->isDynamic) - XFREE(session->ticket, NULL, DYNAMIC_TYPE_SESSION_TICK); - #endif - XFREE(session, NULL, DYNAMIC_TYPE_OPENSSL); - } -#else - /* No need to free since cache is static */ - (void)session; -#endif -} -#endif - -const char* wolfSSL_get_version(WOLFSSL* ssl) -{ - WOLFSSL_ENTER("SSL_get_version"); - if (ssl->version.major == SSLv3_MAJOR) { - switch (ssl->version.minor) { - case SSLv3_MINOR : - return "SSLv3"; - case TLSv1_MINOR : - return "TLSv1"; - case TLSv1_1_MINOR : - return "TLSv1.1"; - case TLSv1_2_MINOR : - return "TLSv1.2"; - case TLSv1_3_MINOR : - return "TLSv1.3"; - default: - return "unknown"; - } - } - else if (ssl->version.major == DTLS_MAJOR) { - switch (ssl->version.minor) { - case DTLS_MINOR : - return "DTLS"; - case DTLSv1_2_MINOR : - return "DTLSv1.2"; - default: - return "unknown"; - } - } - return "unknown"; -} - - -/* current library version */ -const char* wolfSSL_lib_version(void) -{ - return LIBWOLFSSL_VERSION_STRING; -} - - -/* current library version in hex */ -word32 wolfSSL_lib_version_hex(void) -{ - return LIBWOLFSSL_VERSION_HEX; -} - - -int wolfSSL_get_current_cipher_suite(WOLFSSL* ssl) -{ - WOLFSSL_ENTER("SSL_get_current_cipher_suite"); - if (ssl) - return (ssl->options.cipherSuite0 << 8) | ssl->options.cipherSuite; - return 0; -} - -WOLFSSL_CIPHER* wolfSSL_get_current_cipher(WOLFSSL* ssl) -{ - WOLFSSL_ENTER("SSL_get_current_cipher"); - if (ssl) - return &ssl->cipher; - else - return NULL; -} - - -const char* wolfSSL_CIPHER_get_name(const WOLFSSL_CIPHER* cipher) -{ - WOLFSSL_ENTER("SSL_CIPHER_get_name"); - - if (cipher == NULL || cipher->ssl == NULL) { - return NULL; - } - - return wolfSSL_get_cipher_name_from_suite(cipher->ssl->options.cipherSuite, - cipher->ssl->options.cipherSuite0); -} - -const char* wolfSSL_SESSION_CIPHER_get_name(WOLFSSL_SESSION* session) -{ - if (session == NULL) { - return NULL; - } - -#ifdef SESSION_CERTS - return wolfSSL_get_cipher_name_from_suite(session->cipherSuite, - session->cipherSuite0); -#else - return NULL; -#endif -} - -const char* wolfSSL_get_cipher(WOLFSSL* ssl) -{ - WOLFSSL_ENTER("wolfSSL_get_cipher"); - return wolfSSL_CIPHER_get_name(wolfSSL_get_current_cipher(ssl)); -} - -/* gets cipher name in the format DHE-RSA-... rather then TLS_DHE... */ -const char* wolfSSL_get_cipher_name(WOLFSSL* ssl) -{ - /* get access to cipher_name_idx in internal.c */ - return wolfSSL_get_cipher_name_internal(ssl); -} - -#ifdef HAVE_ECC -/* Return the name of the curve used for key exchange as a printable string. - * - * ssl The SSL/TLS object. - * returns NULL if ECDH was not used, otherwise the name as a string. - */ -const char* wolfSSL_get_curve_name(WOLFSSL* ssl) -{ - if (ssl == NULL) - return NULL; - if (!IsAtLeastTLSv1_3(ssl->version) && ssl->specs.kea != ecdhe_psk_kea && - ssl->specs.kea != ecc_diffie_hellman_kea) - return NULL; - if (ssl->ecdhCurveOID == 0) - return NULL; - if (ssl->ecdhCurveOID == ECC_X25519_OID) - return "X25519"; - return wc_ecc_get_name(wc_ecc_get_oid(ssl->ecdhCurveOID, NULL, NULL)); -} -#endif - -#ifdef OPENSSL_EXTRA - char* wolfSSL_CIPHER_description(const WOLFSSL_CIPHER* cipher, char* in, int len) { @@ -17330,30 +17688,6 @@ WOLFSSL_SESSION* wolfSSL_get1_session(WOLFSSL* ssl) #endif /* NO_SESSION_CACHE */ -#ifndef NO_CERTS -void wolfSSL_X509_free(WOLFSSL_X509* x509) -{ - WOLFSSL_ENTER("wolfSSL_X509_free"); - ExternalFreeX509(x509); -} - - -/* returns a pointer to a new WOLFSSL_X509 structure on success and NULL on - * fail - */ -WOLFSSL_X509* wolfSSL_X509_new() -{ - WOLFSSL_X509* x509; - - x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL, - DYNAMIC_TYPE_X509); - if (x509 != NULL) { - InitX509(x509, 1, NULL); - } - - return x509; -} -#endif /* NO_CERTS */ /* was do nothing */ @@ -18501,31 +18835,11 @@ int wolfSSL_X509_CRL_verify(WOLFSSL_X509_CRL* crl, WOLFSSL_EVP_PKEY* key) return 0; } #endif +#endif /* OPENSSL_EXTRA */ - -#ifdef OPENSSL_EXTRA -void wolfSSL_X509_STORE_CTX_set_time(WOLFSSL_X509_STORE_CTX* ctx, - unsigned long flags, - time_t t) -{ - (void)flags; - - if (ctx == NULL) - return; - - ctx->param->check_time = t; - ctx->param->flags |= WOLFSSL_USE_CHECK_TIME; -} -#endif - -#ifndef NO_WOLFSSL_STUB -void wolfSSL_X509_OBJECT_free_contents(WOLFSSL_X509_OBJECT* obj) -{ - (void)obj; - WOLFSSL_STUB("X509_OBJECT_free_contents"); -} -#endif - +#if defined(OPENSSL_EXTRA_X509_SMALL) +/* Subset of OPENSSL_EXTRA for PKEY operations PKEY free is needed by the + * subset of X509 API */ WOLFSSL_EVP_PKEY* wolfSSL_PKEY_new(){ return wolfSSL_PKEY_new_ex(NULL); @@ -18595,6 +18909,32 @@ void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY* key) XFREE(key, key->heap, DYNAMIC_TYPE_PUBLIC_KEY); } } +#endif /* OPENSSL_EXTRA_X509_SMALL */ + +#ifdef OPENSSL_EXTRA +void wolfSSL_X509_STORE_CTX_set_time(WOLFSSL_X509_STORE_CTX* ctx, + unsigned long flags, + time_t t) +{ + (void)flags; + + if (ctx == NULL) + return; + + ctx->param->check_time = t; + ctx->param->flags |= WOLFSSL_USE_CHECK_TIME; +} + +#ifndef NO_WOLFSSL_STUB +void wolfSSL_X509_OBJECT_free_contents(WOLFSSL_X509_OBJECT* obj) +{ + (void)obj; + WOLFSSL_STUB("X509_OBJECT_free_contents"); +} +#endif + + + #ifndef NO_WOLFSSL_STUB int wolfSSL_X509_cmp_current_time(const WOLFSSL_ASN1_TIME* asnTime) @@ -21366,11 +21706,15 @@ int wolfSSL_cmp_peer_cert_to_file(WOLFSSL* ssl, const char *fname) return ret; } #endif +#endif /* OPENSSL_EXTRA */ - +#if defined(OPENSSL_EXTRA) || \ + (defined(OPENSSL_EXTRA_X509_SMALL) && !defined(NO_RSA)) static WC_RNG globalRNG; static int initGlobalRNG = 0; +#endif +#ifdef OPENSSL_EXTRA /* Not thread safe! Can be called multiple times. * Checks if the global RNG has been created. If not then one is created. @@ -21786,8 +22130,10 @@ void wolfSSL_BN_CTX_free(WOLFSSL_BN_CTX* ctx) WOLFSSL_MSG("wolfSSL_BN_CTX_free"); /* do free since static ctx that does nothing */ } +#endif /* OPENSSL_EXTRA */ +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) static void InitwolfSSL_BigNum(WOLFSSL_BIGNUM* bn) { if (bn) { @@ -21797,7 +22143,6 @@ static void InitwolfSSL_BigNum(WOLFSSL_BIGNUM* bn) } } - WOLFSSL_BIGNUM* wolfSSL_BN_new(void) { WOLFSSL_BIGNUM* external; @@ -21843,7 +22188,9 @@ void wolfSSL_BN_free(WOLFSSL_BIGNUM* bn) bn = NULL; } } +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ +#ifdef OPENSSL_EXTRA void wolfSSL_BN_clear_free(WOLFSSL_BIGNUM* bn) { @@ -23201,7 +23548,8 @@ void wolfSSL_DSA_free(WOLFSSL_DSA* dsa) #endif /* NO_DSA */ -#ifndef NO_RSA +#endif /* OPENSSL_EXTRA */ +#if !defined(NO_RSA) && defined(OPENSSL_EXTRA_X509_SMALL) static void InitwolfSSL_Rsa(WOLFSSL_RSA* rsa) { if (rsa) { @@ -23209,6 +23557,51 @@ static void InitwolfSSL_Rsa(WOLFSSL_RSA* rsa) } } +void wolfSSL_RSA_free(WOLFSSL_RSA* rsa) +{ + WOLFSSL_ENTER("wolfSSL_RSA_free"); + + if (rsa) { + if (rsa->internal) { +#if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && \ + !defined(HAVE_FAST_RSA) && defined(WC_RSA_BLINDING) + WC_RNG* rng; + + /* check if RNG is owned before freeing it */ + if (rsa->ownRng) { + rng = ((RsaKey*)rsa->internal)->rng; + if (rng != NULL && rng != &globalRNG) { + wc_FreeRng(rng); + XFREE(rng, NULL, DYNAMIC_TYPE_RNG); + } + } +#endif /* WC_RSA_BLINDING */ + wc_FreeRsaKey((RsaKey*)rsa->internal); + XFREE(rsa->internal, NULL, DYNAMIC_TYPE_RSA); + rsa->internal = NULL; + } + wolfSSL_BN_free(rsa->iqmp); + wolfSSL_BN_free(rsa->dmq1); + wolfSSL_BN_free(rsa->dmp1); + wolfSSL_BN_free(rsa->q); + wolfSSL_BN_free(rsa->p); + wolfSSL_BN_free(rsa->d); + wolfSSL_BN_free(rsa->e); + wolfSSL_BN_free(rsa->n); + + #ifdef WC_RSA_BLINDING + if (wc_FreeRng(rsa->rng) != 0) { + WOLFSSL_MSG("Issue freeing rng"); + } + XFREE(rsa->rng, NULL, DYNAMIC_TYPE_RNG); + #endif + + InitwolfSSL_Rsa(rsa); /* set back to NULLs for safety */ + + XFREE(rsa, NULL, DYNAMIC_TYPE_RSA); + rsa = NULL; + } +} WOLFSSL_RSA* wolfSSL_RSA_new(void) { @@ -23272,60 +23665,14 @@ WOLFSSL_RSA* wolfSSL_RSA_new(void) external->inSet = 0; return external; } - - -void wolfSSL_RSA_free(WOLFSSL_RSA* rsa) -{ - WOLFSSL_ENTER("wolfSSL_RSA_free"); - - if (rsa) { - if (rsa->internal) { -#if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && \ - !defined(HAVE_FAST_RSA) && defined(WC_RSA_BLINDING) - WC_RNG* rng; - - /* check if RNG is owned before freeing it */ - if (rsa->ownRng) { - rng = ((RsaKey*)rsa->internal)->rng; - if (rng != NULL && rng != &globalRNG) { - wc_FreeRng(rng); - XFREE(rng, NULL, DYNAMIC_TYPE_RNG); - } - } -#endif /* WC_RSA_BLINDING */ - wc_FreeRsaKey((RsaKey*)rsa->internal); - XFREE(rsa->internal, NULL, DYNAMIC_TYPE_RSA); - rsa->internal = NULL; - } - wolfSSL_BN_free(rsa->iqmp); - wolfSSL_BN_free(rsa->dmq1); - wolfSSL_BN_free(rsa->dmp1); - wolfSSL_BN_free(rsa->q); - wolfSSL_BN_free(rsa->p); - wolfSSL_BN_free(rsa->d); - wolfSSL_BN_free(rsa->e); - wolfSSL_BN_free(rsa->n); - - #ifdef WC_RSA_BLINDING - if (wc_FreeRng(rsa->rng) != 0) { - WOLFSSL_MSG("Issue freeing rng"); - } - XFREE(rsa->rng, NULL, DYNAMIC_TYPE_RNG); - #endif - - InitwolfSSL_Rsa(rsa); /* set back to NULLs for safety */ - - XFREE(rsa, NULL, DYNAMIC_TYPE_RSA); - rsa = NULL; - } -} -#endif /* NO_RSA */ - +#endif /* !NO_RSA && OPENSSL_EXTRA_X509_SMALL */ /* these defines are to make sure the functions SetIndividualExternal is not * declared and then not used. */ #if !defined(NO_ASN) || !defined(NO_DSA) || defined(HAVE_ECC) || \ (!defined(NO_RSA) && !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA)) + +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) /* when calling SetIndividualExternal, mpi should be cleared by caller if no * longer used. ie mp_clear(mpi). This is to free data when fastmath is * disabled since a copy of mpi is made by this function and placed into bn. @@ -23360,7 +23707,9 @@ static int SetIndividualExternal(WOLFSSL_BIGNUM** bn, mp_int* mpi) return WOLFSSL_SUCCESS; } +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ +#ifdef OPENSSL_EXTRA /* only without X509_SMALL */ static int SetIndividualInternal(WOLFSSL_BIGNUM* bn, mp_int* mpi) { WOLFSSL_MSG("Entering SetIndividualInternal"); @@ -23383,7 +23732,6 @@ static int SetIndividualInternal(WOLFSSL_BIGNUM* bn, mp_int* mpi) return WOLFSSL_SUCCESS; } - #ifndef NO_ASN WOLFSSL_BIGNUM *wolfSSL_ASN1_INTEGER_to_BN(const WOLFSSL_ASN1_INTEGER *ai, WOLFSSL_BIGNUM *bn) @@ -23462,8 +23810,10 @@ WOLFSSL_DH *wolfSSL_DSA_dup_DH(const WOLFSSL_DSA *dsa) } #endif /* !defined(NO_DSA) && !defined(NO_DH) */ +#endif /* OPENSSL_EXTRA */ #endif /* !NO_RSA && !NO_DSA */ +#ifdef OPENSSL_EXTRA #ifndef NO_DSA /* wolfSSL -> OpenSSL */ @@ -23565,10 +23915,10 @@ static int SetDsaInternal(WOLFSSL_DSA* dsa) return WOLFSSL_SUCCESS; } #endif /* NO_DSA */ +#endif /* OPENSSL_EXTRA */ - -#if !defined(NO_RSA) -#if !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA) +#if !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA) && \ + !defined(NO_RSA) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) /* WolfSSL -> OpenSSL */ static int SetRsaExternal(WOLFSSL_RSA* rsa) { @@ -23627,7 +23977,11 @@ static int SetRsaExternal(WOLFSSL_RSA* rsa) return WOLFSSL_SUCCESS; } +#endif +#ifdef OPENSSL_EXTRA +#if !defined(NO_RSA) +#if !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA) /* Openssl -> WolfSSL */ static int SetRsaInternal(WOLFSSL_RSA* rsa) { @@ -25322,12 +25676,13 @@ int wolfSSL_EVP_CIPHER_CTX_iv_length(const WOLFSSL_EVP_CIPHER_CTX* ctx) switch (ctx->cipherType) { +#ifdef HAVE_AES_CBC case AES_128_CBC_TYPE : case AES_192_CBC_TYPE : case AES_256_CBC_TYPE : WOLFSSL_MSG("AES CBC"); return AES_BLOCK_SIZE; - +#endif #ifdef WOLFSSL_AES_COUNTER case AES_128_CTR_TYPE : case AES_192_CTR_TYPE : @@ -25335,7 +25690,7 @@ int wolfSSL_EVP_CIPHER_CTX_iv_length(const WOLFSSL_EVP_CIPHER_CTX* ctx) WOLFSSL_MSG("AES CTR"); return AES_BLOCK_SIZE; #endif - +#ifndef NO_DES3 case DES_CBC_TYPE : WOLFSSL_MSG("DES CBC"); return DES_BLOCK_SIZE; @@ -25343,14 +25698,17 @@ int wolfSSL_EVP_CIPHER_CTX_iv_length(const WOLFSSL_EVP_CIPHER_CTX* ctx) case DES_EDE3_CBC_TYPE : WOLFSSL_MSG("DES EDE3 CBC"); return DES_BLOCK_SIZE; +#endif #ifdef HAVE_IDEA case IDEA_CBC_TYPE : WOLFSSL_MSG("IDEA CBC"); return IDEA_BLOCK_SIZE; #endif +#ifndef NO_RC4 case ARC4_TYPE : WOLFSSL_MSG("ARC4"); return 0; +#endif case NULL_CIPHER_TYPE : WOLFSSL_MSG("NULL"); @@ -25369,17 +25727,31 @@ int wolfSSL_EVP_CIPHER_iv_length(const WOLFSSL_EVP_CIPHER* cipher) WOLFSSL_MSG("wolfSSL_EVP_CIPHER_iv_length"); #ifndef NO_AES - if ((XSTRNCMP(name, EVP_AES_128_CBC, XSTRLEN(EVP_AES_128_CBC)) == 0) || - (XSTRNCMP(name, EVP_AES_192_CBC, XSTRLEN(EVP_AES_192_CBC)) == 0) || - (XSTRNCMP(name, EVP_AES_256_CBC, XSTRLEN(EVP_AES_256_CBC)) == 0)) { + #ifdef WOLFSSL_AES_128 + if (XSTRNCMP(name, EVP_AES_128_CBC, XSTRLEN(EVP_AES_128_CBC)) == 0) return AES_BLOCK_SIZE; - } + #endif + #ifdef WOLFSSL_AES_192 + if (XSTRNCMP(name, EVP_AES_192_CBC, XSTRLEN(EVP_AES_192_CBC)) == 0) + return AES_BLOCK_SIZE; + #endif + #ifdef WOLFSSL_AES_256 + if (XSTRNCMP(name, EVP_AES_256_CBC, XSTRLEN(EVP_AES_256_CBC)) == 0) + return AES_BLOCK_SIZE; + #endif #ifdef WOLFSSL_AES_COUNTER - if ((XSTRNCMP(name, EVP_AES_128_CTR, XSTRLEN(EVP_AES_128_CTR)) == 0) || - (XSTRNCMP(name, EVP_AES_192_CTR, XSTRLEN(EVP_AES_192_CTR)) == 0) || - (XSTRNCMP(name, EVP_AES_256_CTR, XSTRLEN(EVP_AES_256_CTR)) == 0)) { + #ifdef WOLFSSL_AES_128 + if (XSTRNCMP(name, EVP_AES_128_CTR, XSTRLEN(EVP_AES_128_CTR)) == 0) return AES_BLOCK_SIZE; - } + #endif + #ifdef WOLFSSL_AES_192 + if (XSTRNCMP(name, EVP_AES_192_CTR, XSTRLEN(EVP_AES_192_CTR)) == 0) + return AES_BLOCK_SIZE; + #endif + #ifdef WOLFSSL_AES_256 + if (XSTRNCMP(name, EVP_AES_256_CTR, XSTRLEN(EVP_AES_256_CTR)) == 0) + return AES_BLOCK_SIZE; + #endif #endif #endif @@ -25447,11 +25819,17 @@ static int EncryptDerKey(byte *der, int *derSz, const EVP_CIPHER* cipher, info->consumed = 0; /* set iv size */ +#ifndef NO_DES3 if (XSTRNCMP(cipher, "DES", 3) == 0) info->ivSz = DES_IV_SIZE; - else if (XSTRNCMP(cipher, "AES", 3) == 0) + else +#endif +#ifndef NO_AES + if (XSTRNCMP(cipher, "AES", 3) == 0) info->ivSz = AES_IV_SIZE; - else { + else +#endif + { WOLFSSL_MSG("unsupported cipher"); #ifdef WOLFSSL_SMALL_STACK XFREE(info, NULL, DYNAMIC_TYPE_ENCRYPTEDINFO); @@ -25851,6 +26229,10 @@ static int SetECPointInternal(WOLFSSL_EC_POINT *p) return WOLFSSL_SUCCESS; } +#endif /* HAVE_ECC */ +#endif /* OPENSSL_EXTRA */ + +#if defined(HAVE_ECC) && defined(OPENSSL_EXTRA_X509_SMALL) /* EC_POINT WolfSSL -> OpenSSL */ static int SetECPointExternal(WOLFSSL_EC_POINT *p) @@ -25886,6 +26268,7 @@ static int SetECPointExternal(WOLFSSL_EC_POINT *p) return WOLFSSL_SUCCESS; } + /* EC_KEY wolfSSL -> OpenSSL */ static int SetECKeyExternal(WOLFSSL_EC_KEY* eckey) { @@ -25932,7 +26315,10 @@ static int SetECKeyExternal(WOLFSSL_EC_KEY* eckey) return WOLFSSL_SUCCESS; } +#endif /* HAVE_ECC && OPENSSL_EXTRA_X509_SMALL */ +#ifdef OPENSSL_EXTRA +#ifdef HAVE_ECC /* EC_KEY Openssl -> WolfSSL */ static int SetECKeyInternal(WOLFSSL_EC_KEY* eckey) { @@ -26082,6 +26468,10 @@ WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new_by_curve_name(int nid) return key; } +#endif /* HAVE_ECC */ +#endif /* OPENSSL_EXTRA */ + +#if defined(HAVE_ECC) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) static void InitwolfSSL_ECKey(WOLFSSL_EC_KEY* key) { if (key) { @@ -26180,6 +26570,10 @@ void wolfSSL_EC_KEY_free(WOLFSSL_EC_KEY *key) key = NULL; } } +#endif /* HAVE_ECC && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */ + +#ifdef OPENSSL_EXTRA +#ifdef HAVE_ECC #ifndef NO_WOLFSSL_STUB int wolfSSL_EC_KEY_set_group(WOLFSSL_EC_KEY *key, WOLFSSL_EC_GROUP *group) @@ -26384,6 +26778,10 @@ int wolfSSL_EC_GROUP_cmp(const WOLFSSL_EC_GROUP *a, const WOLFSSL_EC_GROUP *b, return 1; } +#endif /* HAVE_ECC */ +#endif /* OPENSSL_EXTRA */ + +#if defined(HAVE_ECC) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) void wolfSSL_EC_GROUP_free(WOLFSSL_EC_GROUP *group) { WOLFSSL_ENTER("wolfSSL_EC_GROUP_free"); @@ -26391,7 +26789,10 @@ void wolfSSL_EC_GROUP_free(WOLFSSL_EC_GROUP *group) XFREE(group, NULL, DYNAMIC_TYPE_ECC); group = NULL; } +#endif +#ifdef OPENSSL_EXTRA +#ifdef HAVE_ECC #ifndef NO_WOLFSSL_STUB void wolfSSL_EC_GROUP_set_asn1_flag(WOLFSSL_EC_GROUP *group, int flag) { @@ -26762,7 +27163,10 @@ int wolfSSL_EC_POINT_cmp(const WOLFSSL_EC_GROUP *group, return WOLFSSL_FATAL_ERROR; } +#endif /* HAVE_ECC */ +#endif /* OPENSSL_EXTRA */ +#if defined(HAVE_ECC) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) void wolfSSL_EC_POINT_free(WOLFSSL_EC_POINT *p) { WOLFSSL_ENTER("wolfSSL_EC_POINT_free"); @@ -26785,7 +27189,10 @@ void wolfSSL_EC_POINT_free(WOLFSSL_EC_POINT *p) p = NULL; } } +#endif +#ifdef OPENSSL_EXTRA +#ifdef HAVE_ECC /* return code compliant with OpenSSL : * 1 if point at infinity, 0 else */ @@ -27718,6 +28125,10 @@ int wolfSSL_PEM_write_RSA_PUBKEY(FILE *fp, WOLFSSL_RSA *x) #endif /* NO_FILESYSTEM */ +#endif /* !NO_RSA */ +#endif /* OPENSSL_EXTRA */ + +#if !defined(NO_RSA) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) /* return WOLFSSL_SUCCESS if success, WOLFSSL_FATAL_ERROR if error */ int wolfSSL_RSA_LoadDer(WOLFSSL_RSA* rsa, const unsigned char* derBuf, int derSz) { @@ -27766,7 +28177,7 @@ int wolfSSL_RSA_LoadDer_ex(WOLFSSL_RSA* rsa, const unsigned char* derBuf, } #endif /* NO_RSA */ - +#ifdef OPENSSL_EXTRA #ifndef NO_DSA /* return WOLFSSL_SUCCESS if success, WOLFSSL_FATAL_ERROR if error */ int wolfSSL_DSA_LoadDer(WOLFSSL_DSA* dsa, const unsigned char* derBuf, int derSz) @@ -27831,95 +28242,6 @@ int wolfSSL_EC_KEY_LoadDer(WOLFSSL_EC_KEY* key, #endif /* HAVE_ECC */ -/* Creates a new WOLFSSL_EVP_PKEY structure that has the public key from x509 - * - * returns a pointer to the created WOLFSSL_EVP_PKEY on success and NULL on fail - */ -WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509) -{ - WOLFSSL_EVP_PKEY* key = NULL; - WOLFSSL_ENTER("X509_get_pubkey"); - if (x509 != NULL) { - key = (WOLFSSL_EVP_PKEY*)XMALLOC( - sizeof(WOLFSSL_EVP_PKEY), x509->heap, - DYNAMIC_TYPE_PUBLIC_KEY); - if (key != NULL) { - XMEMSET(key, 0, sizeof(WOLFSSL_EVP_PKEY)); - if (x509->pubKeyOID == RSAk) { - key->type = EVP_PKEY_RSA; - } - else { - key->type = EVP_PKEY_EC; - } - key->save_type = 0; - key->pkey.ptr = (char*)XMALLOC( - x509->pubKey.length, x509->heap, - DYNAMIC_TYPE_PUBLIC_KEY); - if (key->pkey.ptr == NULL) { - XFREE(key, x509->heap, DYNAMIC_TYPE_PUBLIC_KEY); - return NULL; - } - XMEMCPY(key->pkey.ptr, x509->pubKey.buffer, x509->pubKey.length); - key->pkey_sz = x509->pubKey.length; - - #ifdef HAVE_ECC - key->pkey_curve = (int)x509->pkCurveOID; - #endif /* HAVE_ECC */ - - /* decode RSA key */ - #ifndef NO_RSA - if (key->type == EVP_PKEY_RSA) { - key->ownRsa = 1; - key->rsa = wolfSSL_RSA_new(); - if (key->rsa == NULL) { - XFREE(key, x509->heap, DYNAMIC_TYPE_PUBLIC_KEY); - return NULL; - } - - if (wolfSSL_RSA_LoadDer_ex(key->rsa, - (const unsigned char*)key->pkey.ptr, key->pkey_sz, - WOLFSSL_RSA_LOAD_PUBLIC) != SSL_SUCCESS) { - XFREE(key, x509->heap, DYNAMIC_TYPE_PUBLIC_KEY); - wolfSSL_RSA_free(key->rsa); - return NULL; - } - } - #endif /* NO_RSA */ - - /* decode ECC key */ - #ifdef HAVE_ECC - if (key->type == EVP_PKEY_EC) { - key->ownEcc = 1; - key->ecc = wolfSSL_EC_KEY_new(); - if (key->ecc == NULL || key->ecc->internal == NULL) { - XFREE(key, x509->heap, DYNAMIC_TYPE_PUBLIC_KEY); - return NULL; - } - - /* not using wolfSSL_EC_KEY_LoadDer because public key in x509 - * is in the format of x963 (no sequence at start of buffer) */ - if (wc_ecc_import_x963((const unsigned char*)key->pkey.ptr, - key->pkey_sz, (ecc_key*)key->ecc->internal) < 0) { - WOLFSSL_MSG("wc_ecc_import_x963 failed"); - XFREE(key, x509->heap, DYNAMIC_TYPE_PUBLIC_KEY); - wolfSSL_EC_KEY_free(key->ecc); - return NULL; - } - - if (SetECKeyExternal(key->ecc) != SSL_SUCCESS) { - WOLFSSL_MSG("SetECKeyExternal failed"); - XFREE(key, x509->heap, DYNAMIC_TYPE_PUBLIC_KEY); - wolfSSL_EC_KEY_free(key->ecc); - return NULL; - } - - key->ecc->inSet = 1; - } - #endif /* HAVE_ECC */ - } - } - return key; -} #endif /* OPENSSL_EXTRA */ @@ -28956,36 +29278,45 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) type = oidSigType; break; + #ifndef NO_MD5 case CTC_MD5wRSA: sName = "md5WithRSA"; type = oidSigType; break; + #endif case CTC_SHAwRSA: sName = "shaWithRSA"; type = oidSigType; break; + #ifdef WOLFSSL_SHA224 case CTC_SHA224wRSA: sName = "sha224WithRSA"; type = oidSigType; break; + #endif + #ifndef NO_SHA256 case CTC_SHA256wRSA: sName = "sha256WithRSA"; type = oidSigType; break; + #endif + #ifdef WOLFSSL_SHA384 case CTC_SHA384wRSA: sName = "sha384WithRSA"; type = oidSigType; break; + #endif + #ifdef WOLFSSL_SHA512 case CTC_SHA512wRSA: sName = "sha512WithRSA"; type = oidSigType; break; - + #endif #endif /* NO_RSA */ #ifdef HAVE_ECC case CTC_SHAwECDSA: @@ -29227,31 +29558,37 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) break; /* oidCmsKeyAgreeType */ + #ifndef NO_SHA case dhSinglePass_stdDH_sha1kdf_scheme: sName = "DH-SHA kdf"; type = oidCmsKeyAgreeType; break; - + #endif + #ifdef WOLFSSL_SHA224 case dhSinglePass_stdDH_sha224kdf_scheme: sName = "DH-SHA224 kdf"; type = oidCmsKeyAgreeType; break; - + #endif + #ifndef NO_SHA256 case dhSinglePass_stdDH_sha256kdf_scheme: sName = "DH-SHA256 kdf"; type = oidCmsKeyAgreeType; break; + #endif + #ifdef WOLFSSL_SHA384 case dhSinglePass_stdDH_sha384kdf_scheme: sName = "DH-SHA384 kdf"; type = oidCmsKeyAgreeType; break; - + #endif + #ifdef WOLFSSL_SHA512 case dhSinglePass_stdDH_sha512kdf_scheme: sName = "DH-SHA512 kdf"; type = oidCmsKeyAgreeType; break; - + #endif default: WOLFSSL_MSG("NID not in table"); return NULL; @@ -29759,16 +30096,26 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) /* oidCmsKeyAgreeType */ case oidCmsKeyAgreeType: switch (oid) { + #ifndef NO_SHA case dhSinglePass_stdDH_sha1kdf_scheme: return dhSinglePass_stdDH_sha1kdf_scheme; + #endif + #ifdef WOLFSSL_SHA224 case dhSinglePass_stdDH_sha224kdf_scheme: return dhSinglePass_stdDH_sha224kdf_scheme; + #endif + #ifndef NO_SHA256 case dhSinglePass_stdDH_sha256kdf_scheme: return dhSinglePass_stdDH_sha256kdf_scheme; + #endif + #ifdef WOLFSSL_SHA384 case dhSinglePass_stdDH_sha384kdf_scheme: return dhSinglePass_stdDH_sha384kdf_scheme; + #endif + #ifdef WOLFSSL_SHA512 case dhSinglePass_stdDH_sha512kdf_scheme: return dhSinglePass_stdDH_sha512kdf_scheme; + #endif } break; diff --git a/src/wolfio.c b/src/wolfio.c index e057d02b77..8b7d1c1a25 100644 --- a/src/wolfio.c +++ b/src/wolfio.c @@ -102,6 +102,7 @@ static INLINE int wolfSSL_LastError(void) #endif /* USE_WOLFSSL_IO || HAVE_HTTP_CLIENT */ +#ifdef OPENSSL_EXTRA /* Use the WOLFSSL read BIO for receiving data. This is set by the fucntion wolfSSL_set_bio and can also be set by wolfSSL_SetIORecv. * * ssl WOLFSSL struct passed in that has this function set as the receive callback. @@ -116,7 +117,7 @@ int BioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx) int recvd = WOLFSSL_CBIO_ERR_GENERAL; WOLFSSL_ENTER("BioReceive"); -#ifdef OPENSSL_EXTRA + if (ssl->biord == NULL) { WOLFSSL_MSG("WOLFSSL biord not set"); return WOLFSSL_CBIO_ERR_GENERAL; @@ -137,12 +138,7 @@ int BioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx) WOLFSSL_MSG("This BIO type is unknown / unsupported"); return WOLFSSL_CBIO_ERR_GENERAL; } -#else - (void)ssl; - (void)buf; - (void)sz; - WOLFSSL_MSG("OPENSSL_EXTRA not compiled in"); -#endif + (void)ctx; return recvd; } @@ -161,7 +157,6 @@ int BioSend(WOLFSSL* ssl, char *buf, int sz, void *ctx) { int sent = WOLFSSL_CBIO_ERR_GENERAL; -#ifdef OPENSSL_EXTRA if (ssl->biowr == NULL) { WOLFSSL_MSG("WOLFSSL biowr not set\n"); return WOLFSSL_CBIO_ERR_GENERAL; @@ -179,16 +174,11 @@ int BioSend(WOLFSSL* ssl, char *buf, int sz, void *ctx) WOLFSSL_MSG("This BIO type is unknown / unsupported"); return WOLFSSL_CBIO_ERR_GENERAL; } -#else - (void)ssl; - (void)buf; - (void)sz; - WOLFSSL_MSG("OPENSSL_EXTRA not compiled in"); -#endif (void)ctx; return sent; } +#endif #ifdef USE_WOLFSSL_IO diff --git a/tests/api.c b/tests/api.c index a217bc234b..0c749a1ef7 100644 --- a/tests/api.c +++ b/tests/api.c @@ -247,9 +247,15 @@ #include #endif +#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) + #include + #ifndef NO_ASN + /* for ASN_COMMON_NAME DN_tags enum */ + #include + #endif +#endif #ifdef OPENSSL_EXTRA #include - #include #include #include #include @@ -265,10 +271,6 @@ #ifndef NO_DES3 #include #endif -#ifndef NO_ASN - /* for ASN_COMMON_NAME DN_tags enum */ - #include -#endif #endif /* OPENSSL_EXTRA */ #if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) \ @@ -955,15 +957,79 @@ static void test_wolfSSL_EC(void) static void test_wolfSSL_EVP_get_cipherbynid(void) { #ifndef NO_AES - AssertNotNull(strcmp("EVP_AES_128_CBC", wolfSSL_EVP_get_cipherbynid(419))); - AssertNotNull(strcmp("EVP_AES_192_CBC", wolfSSL_EVP_get_cipherbynid(423))); - AssertNotNull(strcmp("EVP_AES_256_CBC", wolfSSL_EVP_get_cipherbynid(427))); - AssertNotNull(strcmp("EVP_AES_128_CTR", wolfSSL_EVP_get_cipherbynid(904))); - AssertNotNull(strcmp("EVP_AES_192_CTR", wolfSSL_EVP_get_cipherbynid(905))); - AssertNotNull(strcmp("EVP_AES_256_CTR", wolfSSL_EVP_get_cipherbynid(906))); - AssertNotNull(strcmp("EVP_AES_128_ECB", wolfSSL_EVP_get_cipherbynid(418))); - AssertNotNull(strcmp("EVP_AES_192_ECB", wolfSSL_EVP_get_cipherbynid(422))); - AssertNotNull(strcmp("EVP_AES_256_ECB", wolfSSL_EVP_get_cipherbynid(426))); + const WOLFSSL_EVP_CIPHER* c; + + c = wolfSSL_EVP_get_cipherbynid(419); + #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) + AssertNotNull(c); + AssertNotNull(strcmp("EVP_AES_128_CBC", c)); + #else + AssertNull(c); + #endif + + c = wolfSSL_EVP_get_cipherbynid(423); + #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_192) + AssertNotNull(c); + AssertNotNull(strcmp("EVP_AES_192_CBC", c)); + #else + AssertNull(c); + #endif + + c = wolfSSL_EVP_get_cipherbynid(427); + #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256) + AssertNotNull(c); + AssertNotNull(strcmp("EVP_AES_256_CBC", c)); + #else + AssertNull(c); + #endif + + c = wolfSSL_EVP_get_cipherbynid(904); + #if defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_128) + AssertNotNull(c); + AssertNotNull(strcmp("EVP_AES_128_CTR", c)); + #else + AssertNull(c); + #endif + + c = wolfSSL_EVP_get_cipherbynid(905); + #if defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_192) + AssertNotNull(c); + AssertNotNull(strcmp("EVP_AES_192_CTR", c)); + #else + AssertNull(c); + #endif + + c = wolfSSL_EVP_get_cipherbynid(906); + #if defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_256) + AssertNotNull(c); + AssertNotNull(strcmp("EVP_AES_256_CTR", c)); + #else + AssertNull(c); + #endif + + c = wolfSSL_EVP_get_cipherbynid(418); + #if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_128) + AssertNotNull(c); + AssertNotNull(strcmp("EVP_AES_128_ECB", c)); + #else + AssertNull(c); + #endif + + c = wolfSSL_EVP_get_cipherbynid(422); + #if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_192) + AssertNotNull(c); + AssertNotNull(strcmp("EVP_AES_192_ECB", c)); + #else + AssertNull(c); + #endif + + c = wolfSSL_EVP_get_cipherbynid(426); + #if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_256) + AssertNotNull(c); + AssertNotNull(strcmp("EVP_AES_256_ECB", c)); + #else + AssertNull(c); + #endif #endif #ifndef NO_DES3 @@ -6811,13 +6877,18 @@ static int test_wc_InitCmac (void) printf(testingFmt, "wc_InitCmac()"); +#ifdef WOLFSSL_AES_128 ret = wc_InitCmac(&cmac1, key1, key1Sz, type, NULL); - if (ret == 0) { +#endif +#ifdef WOLFSSL_AES_192 + if (ret == 0) ret = wc_InitCmac(&cmac2, key2, key2Sz, type, NULL); - } - if (ret == 0) { +#endif +#ifdef WOLFSSL_AES_256 + if (ret == 0) ret = wc_InitCmac(&cmac3, key3, key3Sz, type, NULL); - } +#endif + /* Test bad args. */ if (ret == 0) { ret = wc_InitCmac(NULL, key3, key3Sz, type, NULL); @@ -6837,6 +6908,13 @@ static int test_wc_InitCmac (void) } } + (void)key1; + (void)key1Sz; + (void)key2; + (void)key2Sz; + (void)cmac1; + (void)cmac2; + printf(resultFmt, ret == 0 ? passed : failed); #endif @@ -6852,7 +6930,7 @@ static int test_wc_CmacUpdate (void) { int ret = 0; -#if defined(WOLFSSL_CMAC) && !defined(NO_AES) +#if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_128) Cmac cmac; byte key[] = { @@ -6906,7 +6984,7 @@ static int test_wc_CmacFinal (void) { int ret = 0; -#if defined(WOLFSSL_CMAC) && !defined(NO_AES) +#if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_128) Cmac cmac; byte key[] = { @@ -6982,7 +7060,7 @@ static int test_wc_CmacFinal (void) static int test_wc_AesCmacGenerate (void) { int ret = 0; -#if defined(WOLFSSL_CMAC) && !defined(NO_AES) +#if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_128) Cmac cmac; byte key[] = { @@ -7660,7 +7738,7 @@ static int test_wc_ChaCha20Poly1305_aead (void) static int test_wc_AesSetIV (void) { int ret = 0; -#ifndef NO_AES +#if !defined(NO_AES) && defined(WOLFSSL_AES_128) Aes aes; byte key16[] = { @@ -7714,12 +7792,15 @@ static int test_wc_AesSetKey (void) 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 }; +#ifdef WOLFSSL_AES_192 byte key24[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37 }; +#endif +#ifdef WOLFSSL_AES_256 byte key32[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, @@ -7727,6 +7808,7 @@ static int test_wc_AesSetKey (void) 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 }; +#endif byte badKey16[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, @@ -7740,16 +7822,23 @@ static int test_wc_AesSetKey (void) if (ret != 0) return ret; +#ifdef WOLFSSL_AES_128 ret = wc_AesSetKey(&aes, key16, (word32) sizeof(key16) / sizeof(byte), iv, AES_ENCRYPTION); +#endif +#ifdef WOLFSSL_AES_192 if (ret == 0) { ret = wc_AesSetKey (&aes, key24, (word32) sizeof(key24) / sizeof(byte), iv, AES_ENCRYPTION); } +#endif +#ifdef WOLFSSL_AES_256 if (ret == 0) { ret = wc_AesSetKey (&aes, key32, (word32) sizeof(key32) / sizeof(byte), iv, AES_ENCRYPTION); } +#endif + /* Pass in bad args. */ if (ret == 0) { ret = wc_AesSetKey (NULL, key16, (word32) sizeof(key16) / sizeof(byte), @@ -7783,7 +7872,8 @@ static int test_wc_AesSetKey (void) static int test_wc_AesCbcEncryptDecrypt (void) { int ret = 0; -#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(HAVE_AES_DECRYPT) +#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(HAVE_AES_DECRYPT)&& \ + defined(WOLFSSL_AES_256) Aes aes; byte key32[] = { @@ -7929,7 +8019,7 @@ static int test_wc_AesCbcEncryptDecrypt (void) static int test_wc_AesCtrEncryptDecrypt (void) { int ret = 0; -#if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) +#if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_256) Aes aesEnc, aesDec; byte key32[] = { @@ -8016,17 +8106,22 @@ static int test_wc_AesGcmSetKey (void) #if !defined(NO_AES) && defined(HAVE_AESGCM) Aes aes; +#ifdef WOLFSSL_AES_128 byte key16[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 }; +#endif +#ifdef WOLFSSL_AES_192 byte key24[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37 }; +#endif +#ifdef WOLFSSL_AES_256 byte key32[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, @@ -8034,6 +8129,7 @@ static int test_wc_AesGcmSetKey (void) 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 }; +#endif byte badKey16[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, @@ -8059,13 +8155,19 @@ static int test_wc_AesGcmSetKey (void) if (ret != 0) return ret; +#ifdef WOLFSSL_AES_128 ret = wc_AesGcmSetKey(&aes, key16, sizeof(key16)/sizeof(byte)); +#endif +#ifdef WOLFSSL_AES_192 if (ret == 0) { ret = wc_AesGcmSetKey(&aes, key24, sizeof(key24)/sizeof(byte)); } +#endif +#ifdef WOLFSSL_AES_256 if (ret == 0) { ret = wc_AesGcmSetKey(&aes, key32, sizeof(key32)/sizeof(byte)); } +#endif /* Pass in bad args. */ if (ret == 0) { @@ -8097,7 +8199,7 @@ static int test_wc_AesGcmSetKey (void) static int test_wc_AesGcmEncryptDecrypt (void) { int ret = 0; -#if !defined(NO_AES) && defined(HAVE_AESGCM) +#if !defined(NO_AES) && defined(HAVE_AESGCM) && defined(WOLFSSL_AES_256) Aes aes; byte key32[] = @@ -8248,12 +8350,15 @@ static int test_wc_GmacSetKey (void) 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 }; +#ifdef WOLFSSL_AES_192 byte key24[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37 }; +#endif +#ifdef WOLFSSL_AES_256 byte key32[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, @@ -8261,6 +8366,7 @@ static int test_wc_GmacSetKey (void) 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 }; +#endif byte badKey16[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, @@ -8286,13 +8392,19 @@ static int test_wc_GmacSetKey (void) if (ret != 0) return ret; +#ifdef WOLFSSL_AES_128 ret = wc_GmacSetKey(&gmac, key16, sizeof(key16)/sizeof(byte)); +#endif +#ifdef WOLFSSL_AES_192 if (ret == 0) { ret = wc_GmacSetKey(&gmac, key24, sizeof(key24)/sizeof(byte)); } +#endif +#ifdef WOLFSSL_AES_256 if (ret == 0) { ret = wc_GmacSetKey(&gmac, key32, sizeof(key32)/sizeof(byte)); } +#endif /* Pass in bad args. */ if (ret == 0) { @@ -8333,17 +8445,22 @@ static int test_wc_GmacUpdate (void) int ret = 0; #if !defined(NO_AES) && defined(HAVE_AESGCM) Gmac gmac; +#ifdef WOLFSSL_AES_128 const byte key16[] = { 0x89, 0xc9, 0x49, 0xe9, 0xc8, 0x04, 0xaf, 0x01, 0x4d, 0x56, 0x04, 0xb3, 0x94, 0x59, 0xf2, 0xc8 }; +#endif +#ifdef WOLFSSL_AES_192 byte key24[] = { 0x41, 0xc5, 0xda, 0x86, 0x67, 0xef, 0x72, 0x52, 0x20, 0xff, 0xe3, 0x9a, 0xe0, 0xac, 0x59, 0x0a, 0xc9, 0xfc, 0xa7, 0x29, 0xab, 0x60, 0xad, 0xa0 }; +#endif +#ifdef WOLFSSL_AES_256 byte key32[] = { 0x78, 0xdc, 0x4e, 0x0a, 0xaf, 0x52, 0xd9, 0x35, @@ -8351,46 +8468,59 @@ static int test_wc_GmacUpdate (void) 0xca, 0x1f, 0xd4, 0x75, 0xf5, 0xda, 0x86, 0xa4, 0x9c, 0x8d, 0xd7, 0x3d, 0x68, 0xc8, 0xe2, 0x23 }; +#endif +#ifdef WOLFSSL_AES_128 const byte authIn[] = { 0x82, 0xad, 0xcd, 0x63, 0x8d, 0x3f, 0xa9, 0xd9, 0xf3, 0xe8, 0x41, 0x00, 0xd6, 0x1e, 0x07, 0x77 }; +#endif +#ifdef WOLFSSL_AES_192 const byte authIn2[] = { 0x8b, 0x5c, 0x12, 0x4b, 0xef, 0x6e, 0x2f, 0x0f, 0xe4, 0xd8, 0xc9, 0x5c, 0xd5, 0xfa, 0x4c, 0xf1 }; +#endif const byte authIn3[] = { 0xb9, 0x6b, 0xaa, 0x8c, 0x1c, 0x75, 0xa6, 0x71, 0xbf, 0xb2, 0xd0, 0x8d, 0x06, 0xbe, 0x5f, 0x36 }; +#ifdef WOLFSSL_AES_128 const byte tag1[] = /* Known. */ { 0x88, 0xdb, 0x9d, 0x62, 0x17, 0x2e, 0xd0, 0x43, 0xaa, 0x10, 0xf1, 0x6d, 0x22, 0x7d, 0xc4, 0x1b }; +#endif +#ifdef WOLFSSL_AES_192 const byte tag2[] = /* Known */ { 0x20, 0x4b, 0xdb, 0x1b, 0xd6, 0x21, 0x54, 0xbf, 0x08, 0x92, 0x2a, 0xaa, 0x54, 0xee, 0xd7, 0x05 }; +#endif const byte tag3[] = /* Known */ { 0x3e, 0x5d, 0x48, 0x6a, 0xa2, 0xe3, 0x0b, 0x22, 0xe0, 0x40, 0xb8, 0x57, 0x23, 0xa0, 0x6e, 0x76 }; +#ifdef WOLFSSL_AES_128 const byte iv[] = { 0xd1, 0xb1, 0x04, 0xc8, 0x15, 0xbf, 0x1e, 0x94, 0xe2, 0x8c, 0x8f, 0x16 }; +#endif +#ifdef WOLFSSL_AES_192 const byte iv2[] = { 0x05, 0xad, 0x13, 0xa5, 0xe2, 0xc2, 0xab, 0x66, 0x7e, 0x1a, 0x6f, 0xbc }; +#endif const byte iv3[] = { 0xd7, 0x9c, 0xf2, 0x2d, 0x50, 0x4c, 0xc7, 0x93, @@ -8411,6 +8541,7 @@ static int test_wc_GmacUpdate (void) if (ret != 0) return ret; +#ifdef WOLFSSL_AES_128 ret = wc_GmacSetKey(&gmac, key16, sizeof(key16)); if (ret == 0) { ret = wc_GmacUpdate(&gmac, iv, sizeof(iv), authIn, sizeof(authIn), @@ -8418,29 +8549,36 @@ static int test_wc_GmacUpdate (void) if (ret == 0) { ret = XMEMCMP(tag1, tagOut, sizeof(tag1)); } - if (ret == 0) { - XMEMSET(&gmac, 0, sizeof(Gmac)); - ret = wc_GmacSetKey(&gmac, key24, sizeof(key24)/sizeof(byte)); - } - if (ret == 0) { - ret = wc_GmacUpdate(&gmac, iv2, sizeof(iv2), authIn2, - sizeof(authIn2), tagOut2, sizeof(tag2)); - } - if (ret == 0) { - ret = XMEMCMP(tagOut2, tag2, sizeof(tag2)); - } - if (ret == 0) { - XMEMSET(&gmac, 0, sizeof(Gmac)); - ret = wc_GmacSetKey(&gmac, key32, sizeof(key32)/sizeof(byte)); - } - if (ret == 0) { - ret = wc_GmacUpdate(&gmac, iv3, sizeof(iv3), authIn3, - sizeof(authIn3), tagOut3, sizeof(tag3)); - } - if (ret == 0) { - ret = XMEMCMP(tag3, tagOut3, sizeof(tag3)); - } } +#endif + +#ifdef WOLFSSL_AES_192 + if (ret == 0) { + XMEMSET(&gmac, 0, sizeof(Gmac)); + ret = wc_GmacSetKey(&gmac, key24, sizeof(key24)/sizeof(byte)); + } + if (ret == 0) { + ret = wc_GmacUpdate(&gmac, iv2, sizeof(iv2), authIn2, + sizeof(authIn2), tagOut2, sizeof(tag2)); + } + if (ret == 0) { + ret = XMEMCMP(tagOut2, tag2, sizeof(tag2)); + } +#endif + +#ifdef WOLFSSL_AES_256 + if (ret == 0) { + XMEMSET(&gmac, 0, sizeof(Gmac)); + ret = wc_GmacSetKey(&gmac, key32, sizeof(key32)/sizeof(byte)); + } + if (ret == 0) { + ret = wc_GmacUpdate(&gmac, iv3, sizeof(iv3), authIn3, + sizeof(authIn3), tagOut3, sizeof(tag3)); + } + if (ret == 0) { + ret = XMEMCMP(tag3, tagOut3, sizeof(tag3)); + } +#endif /*Pass bad args. */ if (ret == 0) { @@ -10139,13 +10277,19 @@ static int test_wc_AesCcmSetKey (void) if (ret != 0) return ret; +#ifdef WOLFSSL_AES_128 ret = wc_AesCcmSetKey(&aes, key16, sizeof(key16)); +#endif +#ifdef WOLFSSL_AES_192 if (ret == 0) { ret = wc_AesCcmSetKey(&aes, key24, sizeof(key24)); - if (ret == 0) { - ret = wc_AesCcmSetKey(&aes, key32, sizeof(key32)); - } } +#endif +#ifdef WOLFSSL_AES_256 + if (ret == 0) { + ret = wc_AesCcmSetKey(&aes, key32, sizeof(key32)); + } +#endif /* Test bad args. */ if (ret == 0) { @@ -10178,7 +10322,7 @@ static int test_wc_AesCcmSetKey (void) static int test_wc_AesCcmEncryptDecrypt (void) { int ret = 0; -#ifdef HAVE_AESCCM +#if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128) Aes aes; const byte key16[] = { @@ -12881,7 +13025,7 @@ static int test_wc_ecc_encryptDecrypt (void) { int ret = 0; -#if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) +#if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && defined(WOLFSSL_AES_128) ecc_key srvKey, cliKey; WC_RNG rng; const char* msg = "EccBlock Size 16"; @@ -14659,8 +14803,8 @@ static void test_wolfSSL_CTX_add_client_CA(void) static void test_wolfSSL_X509_NID(void) { - #if defined(OPENSSL_EXTRA) && !defined(NO_RSA)\ - && defined(USE_CERT_BUFFERS_2048) && !defined(NO_ASN) + #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ + !defined(NO_RSA) && defined(USE_CERT_BUFFERS_2048) && !defined(NO_ASN) int sigType; int nameSz; @@ -17005,8 +17149,14 @@ static int my_DhCallback(WOLFSSL* ssl, struct DhKey* key, static void test_dh_ctx_setup(WOLFSSL_CTX* ctx) { wolfSSL_CTX_SetDhAgreeCb(ctx, my_DhCallback); +#ifdef WOLFSSL_AES_128 AssertIntEQ(wolfSSL_CTX_set_cipher_list(ctx, "DHE-RSA-AES128-SHA256"), WOLFSSL_SUCCESS); +#endif +#ifdef WOLFSSL_AES_256 + AssertIntEQ(wolfSSL_CTX_set_cipher_list(ctx, "DHE-RSA-AES256-SHA256"), + WOLFSSL_SUCCESS); +#endif } diff --git a/wolfcrypt/benchmark/benchmark.c b/wolfcrypt/benchmark/benchmark.c index 6bfe0a54ee..a4655c09ff 100644 --- a/wolfcrypt/benchmark/benchmark.c +++ b/wolfcrypt/benchmark/benchmark.c @@ -1694,6 +1694,7 @@ exit_aes_dec: #endif /* HAVE_AES_DECRYPT */ + (void)decLabel; exit: for (i = 0; i < BENCH_MAX_PENDING; i++) { @@ -1703,12 +1704,18 @@ exit: void bench_aescbc(int doAsync) { +#ifdef WOLFSSL_AES_128 bench_aescbc_internal(doAsync, bench_key, 16, bench_iv, "AES-128-CBC-enc", "AES-128-CBC-dec"); +#endif +#ifdef WOLFSSL_AES_192 bench_aescbc_internal(doAsync, bench_key, 24, bench_iv, "AES-192-CBC-enc", "AES-192-CBC-dec"); +#endif +#ifdef WOLFSSL_AES_256 bench_aescbc_internal(doAsync, bench_key, 32, bench_iv, "AES-256-CBC-enc", "AES-256-CBC-dec"); +#endif } #endif /* HAVE_AES_CBC */ @@ -1775,6 +1782,7 @@ static void bench_aesgcm_internal(int doAsync, const byte* key, word32 keySz, exit_aes_gcm: bench_stats_sym_finish(encLabel, doAsync, count, bench_size, start, ret); +#ifdef HAVE_AES_DECRYPT /* GCM uses same routine in backend for both encrypt and decrypt */ bench_stats_start(&count, &start); do { @@ -1798,6 +1806,9 @@ exit_aes_gcm: } while (bench_stats_sym_check(start)); exit_aes_gcm_dec: bench_stats_sym_finish(decLabel, doAsync, count, bench_size, start, ret); +#endif /* HAVE_AES_DECRYPT */ + + (void)decLabel; exit: @@ -1815,12 +1826,18 @@ exit: void bench_aesgcm(int doAsync) { +#ifdef WOLFSSL_AES_128 bench_aesgcm_internal(doAsync, bench_key, 16, bench_iv, 12, "AES-128-GCM-enc", "AES-128-GCM-dec"); +#endif +#ifdef WOLFSSL_AES_192 bench_aesgcm_internal(doAsync, bench_key, 24, bench_iv, 12, "AES-192-GCM-enc", "AES-192-GCM-dec"); +#endif +#ifdef WOLFSSL_AES_256 bench_aesgcm_internal(doAsync, bench_key, 32, bench_iv, 12, "AES-256-GCM-enc", "AES-256-GCM-dec"); +#endif } #endif /* HAVE_AESGCM */ @@ -1917,12 +1934,18 @@ exit: void bench_aesecb(int doAsync) { +#ifdef WOLFSSL_AES_128 bench_aesecb_internal(doAsync, bench_key, 16, "AES-128-ECB-enc", "AES-128-ECB-dec"); +#endif +#ifdef WOLFSSL_AES_192 bench_aesecb_internal(doAsync, bench_key, 24, "AES-192-ECB-enc", "AES-192-ECB-dec"); +#endif +#ifdef WOLFSSL_AES_256 bench_aesecb_internal(doAsync, bench_key, 32, "AES-256-ECB-enc", "AES-256-ECB-dec"); +#endif } #endif /* WOLFSSL_AES_DIRECT */ @@ -1956,9 +1979,15 @@ static void bench_aescfb_internal(const byte* key, word32 keySz, const byte* iv, void bench_aescfb(void) { +#ifdef WOLFSSL_AES_128 bench_aescfb_internal(bench_key, 16, bench_iv, "AES-128-CFB"); +#endif +#ifdef WOLFSSL_AES_192 bench_aescfb_internal(bench_key, 24, bench_iv, "AES-192-CFB"); +#endif +#ifdef WOLFSSL_AES_256 bench_aescfb_internal(bench_key, 32, bench_iv, "AES-256-CFB"); +#endif } #endif /* WOLFSSL_AES_CFB */ @@ -2053,9 +2082,15 @@ static void bench_aesctr_internal(const byte* key, word32 keySz, const byte* iv, void bench_aesctr(void) { +#ifdef WOLFSSL_AES_128 bench_aesctr_internal(bench_key, 16, bench_iv, "AES-128-CTR"); +#endif +#ifdef WOLFSSL_AES_192 bench_aesctr_internal(bench_key, 24, bench_iv, "AES-192-CTR"); +#endif +#ifdef WOLFSSL_AES_256 bench_aesctr_internal(bench_key, 32, bench_iv, "AES-256-CTR"); +#endif } #endif /* WOLFSSL_AES_COUNTER */ diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 7fad50a646..f0f3c51a88 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -2031,7 +2031,8 @@ static void wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock) #ifdef NEED_AES_TABLES switch (keylen) { - #if defined(AES_MAX_KEY_SIZE) && AES_MAX_KEY_SIZE >= 128 + #if defined(AES_MAX_KEY_SIZE) && AES_MAX_KEY_SIZE >= 128 && \ + defined(WOLFSSL_AES_128) case 16: while (1) { @@ -2052,7 +2053,8 @@ static void wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock) break; #endif /* 128 */ - #if defined(AES_MAX_KEY_SIZE) && AES_MAX_KEY_SIZE >= 192 + #if defined(AES_MAX_KEY_SIZE) && AES_MAX_KEY_SIZE >= 192 && \ + defined(WOLFSSL_AES_192) case 24: /* for (;;) here triggers a bug in VC60 SP4 w/ Pro Pack */ while (1) @@ -2076,7 +2078,8 @@ static void wc_AesDecrypt(Aes* aes, const byte* inBlock, byte* outBlock) break; #endif /* 192 */ - #if defined(AES_MAX_KEY_SIZE) && AES_MAX_KEY_SIZE >= 256 + #if defined(AES_MAX_KEY_SIZE) && AES_MAX_KEY_SIZE >= 256 && \ + defined(WOLFSSL_AES_256) case 32: while (1) { diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index e21c66e588..6aba14dedf 100755 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -395,24 +395,48 @@ static int GetInteger7Bit(const byte* input, word32* inOutIdx, word32 maxIdx) } -#ifndef NO_DSA +#if !defined(NO_DSA) && !defined(NO_SHA) static char sigSha1wDsaName[] = "SHAwDSA"; #endif /* NO_DSA */ #ifndef NO_RSA -static char sigMd2wRsaName[] = "MD2wRSA"; -static char sigMd5wRsaName[] = "MD5wRSA"; -static char sigSha1wRsaName[] = "SHAwRSA"; -static char sigSha224wRsaName[] = "SHA224wRSA"; -static char sigSha256wRsaName[] = "SHA256wRSA"; -static char sigSha384wRsaName[] = "SHA384wRSA"; -static char sigSha512wRsaName[] = "SHA512wRSA"; +#ifdef WOLFSSL_MD2 + static char sigMd2wRsaName[] = "MD2wRSA"; +#endif +#ifndef NO_MD5 + static char sigMd5wRsaName[] = "MD5wRSA"; +#endif +#ifndef NO_SHA + static char sigSha1wRsaName[] = "SHAwRSA"; +#endif +#ifdef WOLFSSL_SHA224 + static char sigSha224wRsaName[] = "SHA224wRSA"; +#endif +#ifndef NO_SHA256 + static char sigSha256wRsaName[] = "SHA256wRSA"; +#endif +#ifdef WOLFSSL_SHA384 + static char sigSha384wRsaName[] = "SHA384wRSA"; +#endif +#ifdef WOLFSSL_SHA512 + static char sigSha512wRsaName[] = "SHA512wRSA"; +#endif #endif /* NO_RSA */ #ifdef HAVE_ECC -static char sigSha1wEcdsaName[] = "SHAwECDSA"; -static char sigSha224wEcdsaName[] = "SHA224wECDSA"; -static char sigSha256wEcdsaName[] = "SHA256wECDSA"; -static char sigSha384wEcdsaName[] = "SHA384wECDSA"; -static char sigSha512wEcdsaName[] = "SHA512wECDSA"; +#ifndef NO_SHA + static char sigSha1wEcdsaName[] = "SHAwECDSA"; +#endif +#ifdef WOLFSSL_SHA224 + static char sigSha224wEcdsaName[] = "SHA224wECDSA"; +#endif +#ifndef NO_SHA256 + static char sigSha256wEcdsaName[] = "SHA256wECDSA"; +#endif +#ifdef WOLFSSL_SHA384 + static char sigSha384wEcdsaName[] = "SHA384wECDSA"; +#endif +#ifdef WOLFSSL_SHA512 + static char sigSha512wEcdsaName[] = "SHA512wECDSA"; +#endif #endif /* HAVE_ECC */ static char sigUnknownName[] = "Unknown"; @@ -423,38 +447,62 @@ static char sigUnknownName[] = "Unknown"; */ char* GetSigName(int oid) { switch (oid) { - #ifndef NO_DSA + #if !defined(NO_DSA) && !defined(NO_SHA) case CTC_SHAwDSA: return sigSha1wDsaName; - #endif /* NO_DSA */ - #ifndef NO_RSA + #endif /* NO_DSA && NO_SHA */ + #ifndef NO_RSA + #ifdef WOLFSSL_MD2 case CTC_MD2wRSA: return sigMd2wRsaName; + #endif + #ifndef NO_MD5 case CTC_MD5wRSA: return sigMd5wRsaName; + #endif + #ifndef NO_SHA case CTC_SHAwRSA: return sigSha1wRsaName; + #endif + #ifdef WOLFSSL_SHA224 case CTC_SHA224wRSA: return sigSha224wRsaName; + #endif + #ifndef NO_SHA256 case CTC_SHA256wRSA: return sigSha256wRsaName; + #endif + #ifdef WOLFSSL_SHA384 case CTC_SHA384wRSA: return sigSha384wRsaName; + #endif + #ifdef WOLFSSL_SHA512 case CTC_SHA512wRSA: return sigSha512wRsaName; - #endif /* NO_RSA */ - #ifdef HAVE_ECC + #endif + #endif /* NO_RSA */ + #ifdef HAVE_ECC + #ifndef NO_SHA case CTC_SHAwECDSA: return sigSha1wEcdsaName; + #endif + #ifdef WOLFSSL_SHA224 case CTC_SHA224wECDSA: return sigSha224wEcdsaName; + #endif + #ifndef NO_SHA256 case CTC_SHA256wECDSA: return sigSha256wEcdsaName; + #endif + #ifdef WOLFSSL_SHA384 case CTC_SHA384wECDSA: return sigSha384wEcdsaName; + #endif + #ifdef WOLFSSL_SHA512 case CTC_SHA512wECDSA: return sigSha512wEcdsaName; - #endif /* HAVE_ECC */ + #endif + #endif /* HAVE_ECC */ default: return sigUnknownName; } @@ -783,39 +831,87 @@ static word32 SetBitString16Bit(word16 val, byte* output) /* hashType */ -static const byte hashMd2hOid[] = {42, 134, 72, 134, 247, 13, 2, 2}; -static const byte hashMd5hOid[] = {42, 134, 72, 134, 247, 13, 2, 5}; -static const byte hashSha1hOid[] = {43, 14, 3, 2, 26}; -static const byte hashSha224hOid[] = {96, 134, 72, 1, 101, 3, 4, 2, 4}; -static const byte hashSha256hOid[] = {96, 134, 72, 1, 101, 3, 4, 2, 1}; -static const byte hashSha384hOid[] = {96, 134, 72, 1, 101, 3, 4, 2, 2}; -static const byte hashSha512hOid[] = {96, 134, 72, 1, 101, 3, 4, 2, 3}; +#ifdef WOLFSSL_MD2 + static const byte hashMd2hOid[] = {42, 134, 72, 134, 247, 13, 2, 2}; +#endif +#ifndef NO_MD5 + static const byte hashMd5hOid[] = {42, 134, 72, 134, 247, 13, 2, 5}; +#endif +#ifndef NO_SHA + static const byte hashSha1hOid[] = {43, 14, 3, 2, 26}; +#endif +#ifdef WOLFSSL_SHA224 + static const byte hashSha224hOid[] = {96, 134, 72, 1, 101, 3, 4, 2, 4}; +#endif +#ifndef NO_SHA256 + static const byte hashSha256hOid[] = {96, 134, 72, 1, 101, 3, 4, 2, 1}; +#endif +#ifdef WOLFSSL_SHA384 + static const byte hashSha384hOid[] = {96, 134, 72, 1, 101, 3, 4, 2, 2}; +#endif +#ifdef WOLFSSL_SHA512 + static const byte hashSha512hOid[] = {96, 134, 72, 1, 101, 3, 4, 2, 3}; +#endif /* hmacType */ -static const byte hmacSha224Oid[] = {42, 134, 72, 134, 247, 13, 2, 8}; -static const byte hmacSha256Oid[] = {42, 134, 72, 134, 247, 13, 2, 9}; -static const byte hmacSha384Oid[] = {42, 134, 72, 134, 247, 13, 2, 10}; -static const byte hmacSha512Oid[] = {42, 134, 72, 134, 247, 13, 2, 11}; +#ifndef NO_HMAC + #ifdef WOLFSSL_SHA224 + static const byte hmacSha224Oid[] = {42, 134, 72, 134, 247, 13, 2, 8}; + #endif + #ifndef NO_SHA256 + static const byte hmacSha256Oid[] = {42, 134, 72, 134, 247, 13, 2, 9}; + #endif + #ifdef WOLFSSL_SHA384 + static const byte hmacSha384Oid[] = {42, 134, 72, 134, 247, 13, 2, 10}; + #endif + #ifdef WOLFSSL_SHA512 + static const byte hmacSha512Oid[] = {42, 134, 72, 134, 247, 13, 2, 11}; + #endif +#endif /* sigType */ -#ifndef NO_DSA +#if !defined(NO_DSA) && !defined(NO_SHA) static const byte sigSha1wDsaOid[] = {42, 134, 72, 206, 56, 4, 3}; #endif /* NO_DSA */ #ifndef NO_RSA + #ifdef WOLFSSL_MD2 static const byte sigMd2wRsaOid[] = {42, 134, 72, 134, 247, 13, 1, 1, 2}; + #endif + #ifndef NO_MD5 static const byte sigMd5wRsaOid[] = {42, 134, 72, 134, 247, 13, 1, 1, 4}; + #endif + #ifndef NO_SHA static const byte sigSha1wRsaOid[] = {42, 134, 72, 134, 247, 13, 1, 1, 5}; + #endif + #ifdef WOLFSSL_SHA224 static const byte sigSha224wRsaOid[] = {42, 134, 72, 134, 247, 13, 1, 1,14}; + #endif + #ifndef NO_SHA256 static const byte sigSha256wRsaOid[] = {42, 134, 72, 134, 247, 13, 1, 1,11}; + #endif + #ifdef WOLFSSL_SHA384 static const byte sigSha384wRsaOid[] = {42, 134, 72, 134, 247, 13, 1, 1,12}; + #endif + #ifdef WOLFSSL_SHA512 static const byte sigSha512wRsaOid[] = {42, 134, 72, 134, 247, 13, 1, 1,13}; + #endif #endif /* NO_RSA */ #ifdef HAVE_ECC + #ifndef NO_SHA static const byte sigSha1wEcdsaOid[] = {42, 134, 72, 206, 61, 4, 1}; + #endif + #ifdef WOLFSSL_SHA224 static const byte sigSha224wEcdsaOid[] = {42, 134, 72, 206, 61, 4, 3, 1}; + #endif + #ifndef NO_SHA256 static const byte sigSha256wEcdsaOid[] = {42, 134, 72, 206, 61, 4, 3, 2}; + #endif + #ifdef WOLFSSL_SHA384 static const byte sigSha384wEcdsaOid[] = {42, 134, 72, 206, 61, 4, 3, 3}; + #endif + #ifdef WOLFSSL_SHA512 static const byte sigSha512wEcdsaOid[] = {42, 134, 72, 206, 61, 4, 3, 4}; + #endif #endif /* HAVE_ECC */ #ifdef HAVE_ED25519 static const byte sigEd25519Oid[] = {43, 101, 112}; @@ -843,25 +939,52 @@ static const byte hmacSha512Oid[] = {42, 134, 72, 134, 247, 13, 2, 11}; /* See "ecc_sets" table in ecc.c */ #endif /* HAVE_ECC */ +#ifdef HAVE_AES_CBC /* blkType */ -static const byte blkAes128CbcOid[] = {96, 134, 72, 1, 101, 3, 4, 1, 2}; -static const byte blkAes192CbcOid[] = {96, 134, 72, 1, 101, 3, 4, 1, 22}; -static const byte blkAes256CbcOid[] = {96, 134, 72, 1, 101, 3, 4, 1, 42}; -static const byte blkDesCbcOid[] = {43, 14, 3, 2, 7}; -static const byte blkDes3CbcOid[] = {42, 134, 72, 134, 247, 13, 3, 7}; + #ifdef WOLFSSL_AES_128 + static const byte blkAes128CbcOid[] = {96, 134, 72, 1, 101, 3, 4, 1, 2}; + #endif + #ifdef WOLFSSL_AES_192 + static const byte blkAes192CbcOid[] = {96, 134, 72, 1, 101, 3, 4, 1, 22}; + #endif + #ifdef WOLFSSL_AES_256 + static const byte blkAes256CbcOid[] = {96, 134, 72, 1, 101, 3, 4, 1, 42}; + #endif +#endif /* HAVE_AES_CBC */ + +#ifndef NO_DES3 + static const byte blkDesCbcOid[] = {43, 14, 3, 2, 7}; + static const byte blkDes3CbcOid[] = {42, 134, 72, 134, 247, 13, 3, 7}; +#endif /* keyWrapType */ -static const byte wrapAes128Oid[] = {96, 134, 72, 1, 101, 3, 4, 1, 5}; -static const byte wrapAes192Oid[] = {96, 134, 72, 1, 101, 3, 4, 1, 25}; -static const byte wrapAes256Oid[] = {96, 134, 72, 1, 101, 3, 4, 1, 45}; +#ifdef WOLFSSL_AES_128 + static const byte wrapAes128Oid[] = {96, 134, 72, 1, 101, 3, 4, 1, 5}; +#endif +#ifdef WOLFSSL_AES_192 + static const byte wrapAes192Oid[] = {96, 134, 72, 1, 101, 3, 4, 1, 25}; +#endif +#ifdef WOLFSSL_AES_256 + static const byte wrapAes256Oid[] = {96, 134, 72, 1, 101, 3, 4, 1, 45}; +#endif /* cmsKeyAgreeType */ -static const byte dhSinglePass_stdDH_sha1kdf_Oid[] = +#ifndef NO_SHA + static const byte dhSinglePass_stdDH_sha1kdf_Oid[] = {43, 129, 5, 16, 134, 72, 63, 0, 2}; -static const byte dhSinglePass_stdDH_sha224kdf_Oid[] = {43, 129, 4, 1, 11, 0}; -static const byte dhSinglePass_stdDH_sha256kdf_Oid[] = {43, 129, 4, 1, 11, 1}; -static const byte dhSinglePass_stdDH_sha384kdf_Oid[] = {43, 129, 4, 1, 11, 2}; -static const byte dhSinglePass_stdDH_sha512kdf_Oid[] = {43, 129, 4, 1, 11, 3}; +#endif +#ifdef WOLFSSL_SHA224 + static const byte dhSinglePass_stdDH_sha224kdf_Oid[] = {43, 129, 4, 1, 11, 0}; +#endif +#ifndef NO_SHA256 + static const byte dhSinglePass_stdDH_sha256kdf_Oid[] = {43, 129, 4, 1, 11, 1}; +#endif +#ifdef WOLFSSL_SHA384 + static const byte dhSinglePass_stdDH_sha384kdf_Oid[] = {43, 129, 4, 1, 11, 2}; +#endif +#ifdef WOLFSSL_SHA512 + static const byte dhSinglePass_stdDH_sha512kdf_Oid[] = {43, 129, 4, 1, 11, 3}; +#endif /* ocspType */ #ifdef HAVE_OCSP @@ -905,11 +1028,17 @@ static const byte extExtKeyUsageOcspSignOid[] = {43, 6, 1, 5, 5, 7, 3, 9}; static const byte pbkdf2Oid[] = {42, 134, 72, 134, 247, 13, 1, 5, 12}; /* PKCS5 */ +#if !defined(NO_DES3) && !defined(NO_SHA) static const byte pbeSha1Des[] = {42, 134, 72, 134, 247, 13, 1, 5, 10}; +#endif /* PKCS12 */ +#if !defined(NO_RC4) && !defined(NO_SHA) static const byte pbeSha1RC4128[] = {42, 134, 72, 134, 247, 13, 1, 12, 1, 1}; +#endif +#if !defined(NO_DES3) && !defined(NO_SHA) static const byte pbeSha1Des3[] = {42, 134, 72, 134, 247, 13, 1, 12, 1, 3}; +#endif /* returns a pointer to the OID string on success and NULL on fail */ @@ -923,96 +1052,134 @@ const byte* OidFromId(word32 id, word32 type, word32* oidSz) case oidHashType: switch (id) { + #ifdef WOLFSSL_MD2 case MD2h: oid = hashMd2hOid; *oidSz = sizeof(hashMd2hOid); break; + #endif + #ifndef NO_MD5 case MD5h: oid = hashMd5hOid; *oidSz = sizeof(hashMd5hOid); break; + #endif + #ifndef NO_SHA case SHAh: oid = hashSha1hOid; *oidSz = sizeof(hashSha1hOid); break; + #endif + #ifdef WOLFSSL_SHA224 case SHA224h: oid = hashSha224hOid; *oidSz = sizeof(hashSha224hOid); break; + #endif + #ifndef NO_SHA256 case SHA256h: oid = hashSha256hOid; *oidSz = sizeof(hashSha256hOid); break; + #endif + #ifdef WOLFSSL_SHA384 case SHA384h: oid = hashSha384hOid; *oidSz = sizeof(hashSha384hOid); break; + #endif + #ifdef WOLFSSL_SHA512 case SHA512h: oid = hashSha512hOid; *oidSz = sizeof(hashSha512hOid); break; + #endif } break; case oidSigType: switch (id) { - #ifndef NO_DSA + #if !defined(NO_DSA) && !defined(NO_SHA) case CTC_SHAwDSA: oid = sigSha1wDsaOid; *oidSz = sizeof(sigSha1wDsaOid); break; #endif /* NO_DSA */ #ifndef NO_RSA + #ifdef WOLFSSL_MD2 case CTC_MD2wRSA: oid = sigMd2wRsaOid; *oidSz = sizeof(sigMd2wRsaOid); break; + #endif + #ifndef NO_MD5 case CTC_MD5wRSA: oid = sigMd5wRsaOid; *oidSz = sizeof(sigMd5wRsaOid); break; + #endif + #ifndef NO_SHA case CTC_SHAwRSA: oid = sigSha1wRsaOid; *oidSz = sizeof(sigSha1wRsaOid); break; + #endif + #ifdef WOLFSSL_SHA224 case CTC_SHA224wRSA: oid = sigSha224wRsaOid; *oidSz = sizeof(sigSha224wRsaOid); break; + #endif + #ifndef NO_SHA256 case CTC_SHA256wRSA: oid = sigSha256wRsaOid; *oidSz = sizeof(sigSha256wRsaOid); break; + #endif + #ifdef WOLFSSL_SHA384 case CTC_SHA384wRSA: oid = sigSha384wRsaOid; *oidSz = sizeof(sigSha384wRsaOid); break; + #endif + #ifdef WOLFSSL_SHA512 case CTC_SHA512wRSA: oid = sigSha512wRsaOid; *oidSz = sizeof(sigSha512wRsaOid); break; + #endif /* WOLFSSL_SHA512 */ #endif /* NO_RSA */ #ifdef HAVE_ECC + #ifndef NO_SHA case CTC_SHAwECDSA: oid = sigSha1wEcdsaOid; *oidSz = sizeof(sigSha1wEcdsaOid); break; + #endif + #ifdef WOLFSSL_SHA224 case CTC_SHA224wECDSA: oid = sigSha224wEcdsaOid; *oidSz = sizeof(sigSha224wEcdsaOid); break; + #endif + #ifndef NO_SHA256 case CTC_SHA256wECDSA: oid = sigSha256wEcdsaOid; *oidSz = sizeof(sigSha256wEcdsaOid); break; + #endif + #ifdef WOLFSSL_SHA384 case CTC_SHA384wECDSA: oid = sigSha384wEcdsaOid; *oidSz = sizeof(sigSha384wEcdsaOid); break; + #endif + #ifdef WOLFSSL_SHA512 case CTC_SHA512wECDSA: oid = sigSha512wEcdsaOid; *oidSz = sizeof(sigSha512wEcdsaOid); break; + #endif #endif /* HAVE_ECC */ #ifdef HAVE_ED25519 case CTC_ED25519: @@ -1072,18 +1239,27 @@ const byte* OidFromId(word32 id, word32 type, word32* oidSz) case oidBlkType: switch (id) { + #ifdef HAVE_AES_CBC + #ifdef WOLFSSL_AES_128 case AES128CBCb: oid = blkAes128CbcOid; *oidSz = sizeof(blkAes128CbcOid); break; + #endif + #ifdef WOLFSSL_AES_192 case AES192CBCb: oid = blkAes192CbcOid; *oidSz = sizeof(blkAes192CbcOid); break; + #endif + #ifdef WOLFSSL_AES_256 case AES256CBCb: oid = blkAes256CbcOid; *oidSz = sizeof(blkAes256CbcOid); break; + #endif + #endif /* HAVE_AES_CBC */ + #ifndef NO_DES3 case DESb: oid = blkDesCbcOid; *oidSz = sizeof(blkDesCbcOid); @@ -1092,6 +1268,7 @@ const byte* OidFromId(word32 id, word32 type, word32* oidSz) oid = blkDes3CbcOid; *oidSz = sizeof(blkDes3CbcOid); break; + #endif /* !NO_DES3 */ } break; @@ -1234,85 +1411,116 @@ const byte* OidFromId(word32 id, word32 type, word32* oidSz) case oidPBEType: switch (id) { + #if !defined(NO_SHA) && !defined(NO_RC4) case PBE_SHA1_RC4_128: oid = pbeSha1RC4128; *oidSz = sizeof(pbeSha1RC4128); break; - + #endif + #if !defined(NO_SHA) && !defined(NO_DES3) case PBE_SHA1_DES: oid = pbeSha1Des; *oidSz = sizeof(pbeSha1Des); break; + #endif + #if !defined(NO_SHA) && !defined(NO_DES3) case PBE_SHA1_DES3: oid = pbeSha1Des3; *oidSz = sizeof(pbeSha1Des3); break; + #endif } break; case oidKeyWrapType: switch (id) { + #ifdef WOLFSSL_AES_128 case AES128_WRAP: oid = wrapAes128Oid; *oidSz = sizeof(wrapAes128Oid); break; + #endif + #ifdef WOLFSSL_AES_192 case AES192_WRAP: oid = wrapAes192Oid; *oidSz = sizeof(wrapAes192Oid); break; + #endif + #ifdef WOLFSSL_AES_256 case AES256_WRAP: oid = wrapAes256Oid; *oidSz = sizeof(wrapAes256Oid); break; + #endif } break; case oidCmsKeyAgreeType: switch (id) { + #ifndef NO_SHA case dhSinglePass_stdDH_sha1kdf_scheme: oid = dhSinglePass_stdDH_sha1kdf_Oid; *oidSz = sizeof(dhSinglePass_stdDH_sha1kdf_Oid); break; + #endif + #ifdef WOLFSSL_SHA224 case dhSinglePass_stdDH_sha224kdf_scheme: oid = dhSinglePass_stdDH_sha224kdf_Oid; *oidSz = sizeof(dhSinglePass_stdDH_sha224kdf_Oid); break; + #endif + #ifndef NO_SHA256 case dhSinglePass_stdDH_sha256kdf_scheme: oid = dhSinglePass_stdDH_sha256kdf_Oid; *oidSz = sizeof(dhSinglePass_stdDH_sha256kdf_Oid); break; + #endif + #ifdef WOLFSSL_SHA384 case dhSinglePass_stdDH_sha384kdf_scheme: oid = dhSinglePass_stdDH_sha384kdf_Oid; *oidSz = sizeof(dhSinglePass_stdDH_sha384kdf_Oid); break; + #endif + #ifdef WOLFSSL_SHA512 case dhSinglePass_stdDH_sha512kdf_scheme: oid = dhSinglePass_stdDH_sha512kdf_Oid; *oidSz = sizeof(dhSinglePass_stdDH_sha512kdf_Oid); break; + #endif } break; +#ifndef NO_HMAC case oidHmacType: switch (id) { + #ifdef WOLFSSL_SHA224 case HMAC_SHA224_OID: oid = hmacSha224Oid; *oidSz = sizeof(hmacSha224Oid); break; + #endif + #ifndef NO_SHA256 case HMAC_SHA256_OID: oid = hmacSha256Oid; *oidSz = sizeof(hmacSha256Oid); break; + #endif + #ifdef WOLFSSL_SHA384 case HMAC_SHA384_OID: oid = hmacSha384Oid; *oidSz = sizeof(hmacSha384Oid); break; + #endif + #ifdef WOLFSSL_SHA512 case HMAC_SHA512_OID: oid = hmacSha512Oid; *oidSz = sizeof(hmacSha512Oid); break; + #endif } break; +#endif /* !NO_HMAC */ case oidIgnoreType: default: @@ -3426,7 +3634,7 @@ void FreeDecodedCert(DecodedCert* cert) XFREE(cert->hwType, cert->heap, DYNAMIC_TYPE_X509_EXT); XFREE(cert->hwSerialNum, cert->heap, DYNAMIC_TYPE_X509_EXT); #endif /* WOLFSSL_SEP */ -#ifdef OPENSSL_EXTRA +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) if (cert->issuerName.fullName != NULL) XFREE(cert->issuerName.fullName, cert->heap, DYNAMIC_TYPE_X509); if (cert->subjectName.fullName != NULL) @@ -3664,7 +3872,7 @@ static int GetName(DecodedCert* cert, int nameType) char* full; byte* hash; word32 idx; - #ifdef OPENSSL_EXTRA + #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) DecodedName* dName = (nameType == ISSUER) ? &cert->issuerName : &cert->subjectName; int dcnum = 0; @@ -3776,7 +3984,7 @@ static int GetName(DecodedCert* cert, int nameType) idx += 4; copy = TRUE; } - #ifdef OPENSSL_EXTRA + #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) dName->cnIdx = cert->srcIdx; dName->cnLen = strLen; #endif /* OPENSSL_EXTRA */ @@ -3794,7 +4002,7 @@ static int GetName(DecodedCert* cert, int nameType) cert->subjectSNEnc = b; } #endif /* WOLFSSL_CERT_GEN */ - #ifdef OPENSSL_EXTRA + #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) dName->snIdx = cert->srcIdx; dName->snLen = strLen; #endif /* OPENSSL_EXTRA */ @@ -3812,7 +4020,7 @@ static int GetName(DecodedCert* cert, int nameType) cert->subjectCEnc = b; } #endif /* WOLFSSL_CERT_GEN */ - #ifdef OPENSSL_EXTRA + #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) dName->cIdx = cert->srcIdx; dName->cLen = strLen; #endif /* OPENSSL_EXTRA */ @@ -3830,7 +4038,7 @@ static int GetName(DecodedCert* cert, int nameType) cert->subjectLEnc = b; } #endif /* WOLFSSL_CERT_GEN */ - #ifdef OPENSSL_EXTRA + #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) dName->lIdx = cert->srcIdx; dName->lLen = strLen; #endif /* OPENSSL_EXTRA */ @@ -3848,7 +4056,7 @@ static int GetName(DecodedCert* cert, int nameType) cert->subjectSTEnc = b; } #endif /* WOLFSSL_CERT_GEN */ - #ifdef OPENSSL_EXTRA + #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) dName->stIdx = cert->srcIdx; dName->stLen = strLen; #endif /* OPENSSL_EXTRA */ @@ -3866,7 +4074,7 @@ static int GetName(DecodedCert* cert, int nameType) cert->subjectOEnc = b; } #endif /* WOLFSSL_CERT_GEN */ - #ifdef OPENSSL_EXTRA + #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) dName->oIdx = cert->srcIdx; dName->oLen = strLen; #endif /* OPENSSL_EXTRA */ @@ -3884,7 +4092,7 @@ static int GetName(DecodedCert* cert, int nameType) cert->subjectOUEnc = b; } #endif /* WOLFSSL_CERT_GEN */ - #ifdef OPENSSL_EXTRA + #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) dName->ouIdx = cert->srcIdx; dName->ouLen = strLen; #endif /* OPENSSL_EXTRA */ @@ -3895,7 +4103,7 @@ static int GetName(DecodedCert* cert, int nameType) idx += 14; copy = TRUE; } - #ifdef OPENSSL_EXTRA + #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) dName->snIdx = cert->srcIdx; dName->snLen = strLen; #endif /* OPENSSL_EXTRA */ @@ -3949,7 +4157,7 @@ static int GetName(DecodedCert* cert, int nameType) cert->subjectEmailLen = adv; } #endif /* WOLFSSL_CERT_GEN */ - #ifdef OPENSSL_EXTRA + #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) dName->emailIdx = cert->srcIdx; dName->emailLen = adv; #endif /* OPENSSL_EXTRA */ @@ -3995,7 +4203,8 @@ static int GetName(DecodedCert* cert, int nameType) case ASN_USER_ID: XMEMCPY(&full[idx], "/UID=", 5); idx += 5; - #ifdef OPENSSL_EXTRA + #if defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL) dName->uidIdx = cert->srcIdx; dName->uidLen = adv; #endif /* OPENSSL_EXTRA */ @@ -4004,7 +4213,8 @@ static int GetName(DecodedCert* cert, int nameType) case ASN_DOMAIN_COMPONENT: XMEMCPY(&full[idx], "/DC=", 4); idx += 4; - #ifdef OPENSSL_EXTRA + #if defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL) dName->dcIdx[dcnum] = cert->srcIdx; dName->dcLen[dcnum] = adv; dName->dcNum = dcnum + 1; @@ -4026,7 +4236,7 @@ static int GetName(DecodedCert* cert, int nameType) } full[idx++] = 0; - #ifdef OPENSSL_EXTRA + #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) { int totalLen = 0; int i = 0; @@ -5760,7 +5970,7 @@ static int DecodeAuthKeyId(byte* input, int sz, DecodedCert* cert) return ASN_PARSE_E; } -#ifdef OPENSSL_EXTRA +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) cert->extAuthKeyIdSrc = &input[idx]; cert->extAuthKeyIdSz = length; #endif /* OPENSSL_EXTRA */ @@ -5794,7 +6004,7 @@ static int DecodeSubjKeyId(byte* input, int sz, DecodedCert* cert) if (ret < 0) return ret; - #ifdef OPENSSL_EXTRA + #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) cert->extSubjKeyIdSrc = &input[idx]; cert->extSubjKeyIdSz = length; #endif /* OPENSSL_EXTRA */ @@ -5845,7 +6055,7 @@ static int DecodeExtKeyUsage(byte* input, int sz, DecodedCert* cert) return ASN_PARSE_E; } -#ifdef OPENSSL_EXTRA +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) cert->extExtKeyUsageSrc = input + idx; cert->extExtKeyUsageSz = length; #endif @@ -5878,7 +6088,7 @@ static int DecodeExtKeyUsage(byte* input, int sz, DecodedCert* cert) break; } - #ifdef OPENSSL_EXTRA + #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) cert->extExtKeyUsageCount++; #endif } @@ -6262,7 +6472,7 @@ static int DecodeCertExtensions(DecodedCert* cert) switch (oid) { case BASIC_CA_OID: VERIFY_AND_SET_OID(cert->extBasicConstSet); - #ifdef OPENSSL_EXTRA + #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) cert->extBasicConstCrit = critical; #endif if (DecodeBasicCaConstraint(&input[idx], length, cert) < 0) @@ -6271,7 +6481,7 @@ static int DecodeCertExtensions(DecodedCert* cert) case CRL_DIST_OID: VERIFY_AND_SET_OID(cert->extCRLdistSet); - #ifdef OPENSSL_EXTRA + #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) cert->extCRLdistCrit = critical; #endif if (DecodeCrlDist(&input[idx], length, cert) < 0) @@ -6280,7 +6490,7 @@ static int DecodeCertExtensions(DecodedCert* cert) case AUTH_INFO_OID: VERIFY_AND_SET_OID(cert->extAuthInfoSet); - #ifdef OPENSSL_EXTRA + #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) cert->extAuthInfoCrit = critical; #endif if (DecodeAuthInfo(&input[idx], length, cert) < 0) @@ -6289,7 +6499,7 @@ static int DecodeCertExtensions(DecodedCert* cert) case ALT_NAMES_OID: VERIFY_AND_SET_OID(cert->extSubjAltNameSet); - #ifdef OPENSSL_EXTRA + #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) cert->extSubjAltNameCrit = critical; #endif ret = DecodeAltNames(&input[idx], length, cert); @@ -6299,7 +6509,7 @@ static int DecodeCertExtensions(DecodedCert* cert) case AUTH_KEY_OID: VERIFY_AND_SET_OID(cert->extAuthKeyIdSet); - #ifdef OPENSSL_EXTRA + #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) cert->extAuthKeyIdCrit = critical; #endif if (DecodeAuthKeyId(&input[idx], length, cert) < 0) @@ -6308,7 +6518,7 @@ static int DecodeCertExtensions(DecodedCert* cert) case SUBJ_KEY_OID: VERIFY_AND_SET_OID(cert->extSubjKeyIdSet); - #ifdef OPENSSL_EXTRA + #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) cert->extSubjKeyIdCrit = critical; #endif #ifndef WOLFSSL_ALLOW_CRIT_SKID @@ -6330,7 +6540,8 @@ static int DecodeCertExtensions(DecodedCert* cert) case CERT_POLICY_OID: #ifdef WOLFSSL_SEP VERIFY_AND_SET_OID(cert->extCertPolicySet); - #ifdef OPENSSL_EXTRA + #if defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL) cert->extCertPolicyCrit = critical; #endif #endif @@ -6345,7 +6556,7 @@ static int DecodeCertExtensions(DecodedCert* cert) case KEY_USAGE_OID: VERIFY_AND_SET_OID(cert->extKeyUsageSet); - #ifdef OPENSSL_EXTRA + #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) cert->extKeyUsageCrit = critical; #endif if (DecodeKeyUsage(&input[idx], length, cert) < 0) @@ -6354,7 +6565,7 @@ static int DecodeCertExtensions(DecodedCert* cert) case EXT_KEY_USAGE_OID: VERIFY_AND_SET_OID(cert->extExtKeyUsageSet); - #ifdef OPENSSL_EXTRA + #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) cert->extExtKeyUsageCrit = critical; #endif if (DecodeExtKeyUsage(&input[idx], length, cert) < 0) @@ -6373,7 +6584,7 @@ static int DecodeCertExtensions(DecodedCert* cert) } #endif VERIFY_AND_SET_OID(cert->extNameConstraintSet); - #ifdef OPENSSL_EXTRA + #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) cert->extNameConstraintCrit = critical; #endif if (DecodeNameConstraints(&input[idx], length, cert) < 0) @@ -6864,30 +7075,40 @@ WOLFSSL_LOCAL int GetSerialNumber(const byte* input, word32* inOutIdx, -const char* BEGIN_CERT = "-----BEGIN CERTIFICATE-----"; -const char* END_CERT = "-----END CERTIFICATE-----"; -const char* BEGIN_CERT_REQ = "-----BEGIN CERTIFICATE REQUEST-----"; -const char* END_CERT_REQ = "-----END CERTIFICATE REQUEST-----"; -const char* BEGIN_DH_PARAM = "-----BEGIN DH PARAMETERS-----"; -const char* END_DH_PARAM = "-----END DH PARAMETERS-----"; -const char* BEGIN_DSA_PARAM = "-----BEGIN DSA PARAMETERS-----"; -const char* END_DSA_PARAM = "-----END DSA PARAMETERS-----"; -const char* BEGIN_X509_CRL = "-----BEGIN X509 CRL-----"; -const char* END_X509_CRL = "-----END X509 CRL-----"; -const char* BEGIN_RSA_PRIV = "-----BEGIN RSA PRIVATE KEY-----"; -const char* END_RSA_PRIV = "-----END RSA PRIVATE KEY-----"; -const char* BEGIN_PRIV_KEY = "-----BEGIN PRIVATE KEY-----"; -const char* END_PRIV_KEY = "-----END PRIVATE KEY-----"; -const char* BEGIN_ENC_PRIV_KEY = "-----BEGIN ENCRYPTED PRIVATE KEY-----"; -const char* END_ENC_PRIV_KEY = "-----END ENCRYPTED PRIVATE KEY-----"; -const char* BEGIN_EC_PRIV = "-----BEGIN EC PRIVATE KEY-----"; -const char* END_EC_PRIV = "-----END EC PRIVATE KEY-----"; -const char* BEGIN_DSA_PRIV = "-----BEGIN DSA PRIVATE KEY-----"; -const char* END_DSA_PRIV = "-----END DSA PRIVATE KEY-----"; -const char* BEGIN_PUB_KEY = "-----BEGIN PUBLIC KEY-----"; -const char* END_PUB_KEY = "-----END PUBLIC KEY-----"; -const char* BEGIN_EDDSA_PRIV = "-----BEGIN EDDSA PRIVATE KEY-----"; -const char* END_EDDSA_PRIV = "-----END EDDSA PRIVATE KEY-----"; +const char* const BEGIN_CERT = "-----BEGIN CERTIFICATE-----"; +const char* const END_CERT = "-----END CERTIFICATE-----"; +#ifdef WOLFSSL_CERT_REQ + const char* const BEGIN_CERT_REQ = "-----BEGIN CERTIFICATE REQUEST-----"; + const char* const END_CERT_REQ = "-----END CERTIFICATE REQUEST-----"; +#endif +#ifndef NO_DH + const char* const BEGIN_DH_PARAM = "-----BEGIN DH PARAMETERS-----"; + const char* const END_DH_PARAM = "-----END DH PARAMETERS-----"; +#endif +#ifndef NO_DSA + const char* const BEGIN_DSA_PARAM = "-----BEGIN DSA PARAMETERS-----"; + const char* const END_DSA_PARAM = "-----END DSA PARAMETERS-----"; +#endif +const char* const BEGIN_X509_CRL = "-----BEGIN X509 CRL-----"; +const char* const END_X509_CRL = "-----END X509 CRL-----"; +const char* const BEGIN_RSA_PRIV = "-----BEGIN RSA PRIVATE KEY-----"; +const char* const END_RSA_PRIV = "-----END RSA PRIVATE KEY-----"; +const char* const BEGIN_PRIV_KEY = "-----BEGIN PRIVATE KEY-----"; +const char* const END_PRIV_KEY = "-----END PRIVATE KEY-----"; +const char* const BEGIN_ENC_PRIV_KEY = "-----BEGIN ENCRYPTED PRIVATE KEY-----"; +const char* const END_ENC_PRIV_KEY = "-----END ENCRYPTED PRIVATE KEY-----"; +#ifdef HAVE_ECC + const char* const BEGIN_EC_PRIV = "-----BEGIN EC PRIVATE KEY-----"; + const char* const END_EC_PRIV = "-----END EC PRIVATE KEY-----"; +#endif +const char* const BEGIN_DSA_PRIV = "-----BEGIN DSA PRIVATE KEY-----"; +const char* const END_DSA_PRIV = "-----END DSA PRIVATE KEY-----"; +const char* const BEGIN_PUB_KEY = "-----BEGIN PUBLIC KEY-----"; +const char* const END_PUB_KEY = "-----END PUBLIC KEY-----"; +#ifdef HAVE_ED25519 + const char* const BEGIN_EDDSA_PRIV = "-----BEGIN EDDSA PRIVATE KEY-----"; + const char* const END_EDDSA_PRIV = "-----END EDDSA PRIVATE KEY-----"; +#endif #if defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN) || defined(OPENSSL_EXTRA) diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 2ce630ff74..502e8a3bf6 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -493,28 +493,46 @@ static unsigned int cipherType(const WOLFSSL_EVP_CIPHER *cipher) #endif #if !defined(NO_AES) && defined(HAVE_AES_CBC) + #ifdef WOLFSSL_AES_128 else if (XSTRNCMP(cipher, EVP_AES_128_CBC, EVP_AES_SIZE) == 0) return AES_128_CBC_TYPE; + #endif + #ifdef WOLFSSL_AES_192 else if (XSTRNCMP(cipher, EVP_AES_192_CBC, EVP_AES_SIZE) == 0) return AES_192_CBC_TYPE; + #endif + #ifdef WOLFSSL_AES_256 else if (XSTRNCMP(cipher, EVP_AES_256_CBC, EVP_AES_SIZE) == 0) return AES_256_CBC_TYPE; + #endif #endif /* !NO_AES && HAVE_AES_CBC */ #if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) + #ifdef WOLFSSL_AES_128 else if (XSTRNCMP(cipher, EVP_AES_128_CTR, EVP_AES_SIZE) == 0) return AES_128_CTR_TYPE; + #endif + #ifdef WOLFSSL_AES_192 else if (XSTRNCMP(cipher, EVP_AES_192_CTR, EVP_AES_SIZE) == 0) return AES_192_CTR_TYPE; + #endif + #ifdef WOLFSSL_AES_256 else if (XSTRNCMP(cipher, EVP_AES_256_CTR, EVP_AES_SIZE) == 0) return AES_256_CTR_TYPE; + #endif #endif /* !NO_AES && HAVE_AES_CBC */ #if !defined(NO_AES) && defined(HAVE_AES_ECB) + #ifdef WOLFSSL_AES_128 else if (XSTRNCMP(cipher, EVP_AES_128_ECB, EVP_AES_SIZE) == 0) return AES_128_ECB_TYPE; + #endif + #ifdef WOLFSSL_AES_192 else if (XSTRNCMP(cipher, EVP_AES_192_ECB, EVP_AES_SIZE) == 0) return AES_192_ECB_TYPE; + #endif + #ifdef WOLFSSL_AES_256 else if (XSTRNCMP(cipher, EVP_AES_256_ECB, EVP_AES_SIZE) == 0) return AES_256_ECB_TYPE; + #endif #endif /* !NO_AES && HAVE_AES_CBC */ else return 0; } diff --git a/wolfcrypt/src/port/arm/armv8-aes.c b/wolfcrypt/src/port/arm/armv8-aes.c index 6838ffcb6c..e0575a4a4f 100644 --- a/wolfcrypt/src/port/arm/armv8-aes.c +++ b/wolfcrypt/src/port/arm/armv8-aes.c @@ -181,7 +181,8 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen, switch(keylen) { -#if defined(AES_MAX_KEY_SIZE) && AES_MAX_KEY_SIZE >= 128 +#if defined(AES_MAX_KEY_SIZE) && AES_MAX_KEY_SIZE >= 128 && \ + defined(WOLFSSL_AES_128) case 16: while (1) { @@ -199,7 +200,8 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen, break; #endif /* 128 */ -#if defined(AES_MAX_KEY_SIZE) && AES_MAX_KEY_SIZE >= 192 +#if defined(AES_MAX_KEY_SIZE) && AES_MAX_KEY_SIZE >= 192 && \ + defined(WOLFSSL_AES_192) case 24: /* for (;;) here triggers a bug in VC60 SP4 w/ Pro Pack */ while (1) @@ -220,7 +222,8 @@ int wc_AesSetKey(Aes* aes, const byte* userKey, word32 keylen, break; #endif /* 192 */ -#if defined(AES_MAX_KEY_SIZE) && AES_MAX_KEY_SIZE >= 256 +#if defined(AES_MAX_KEY_SIZE) && AES_MAX_KEY_SIZE >= 256 && \ + defined(WOLFSSL_AES_256) case 32: while (1) { @@ -492,6 +495,7 @@ void wc_AesFree(Aes* aes) note: grouping AESE & AESMC together as pairs reduces latency */ switch(aes->rounds) { +#ifdef WOLFSSL_AES_128 case 10: /* AES 128 BLOCK */ __asm__ __volatile__ ( "MOV w11, %w[blocks] \n" @@ -542,7 +546,8 @@ void wc_AesFree(Aes* aes) "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13" ); break; - +#endif /* WOLFSSL_AES_128 */ +#ifdef WOLFSSL_AES_192 case 12: /* AES 192 BLOCK */ __asm__ __volatile__ ( "MOV w11, %w[blocks] \n" @@ -599,7 +604,8 @@ void wc_AesFree(Aes* aes) "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14" ); break; - +#endif /* WOLFSSL_AES_192*/ +#ifdef WOLFSSL_AES_256 case 14: /* AES 256 BLOCK */ __asm__ __volatile__ ( "MOV w11, %w[blocks] \n" @@ -662,7 +668,7 @@ void wc_AesFree(Aes* aes) "v16" ); break; - +#endif /* WOLFSSL_AES_256 */ default: WOLFSSL_MSG("Bad AES-CBC round value"); return BAD_FUNC_ARG; @@ -688,6 +694,7 @@ void wc_AesFree(Aes* aes) word32* reg = aes->reg; switch(aes->rounds) { +#ifdef WOLFSSL_AES_128 case 10: /* AES 128 BLOCK */ __asm__ __volatile__ ( "MOV w11, %w[blocks] \n" @@ -739,7 +746,8 @@ void wc_AesFree(Aes* aes) "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13" ); break; - +#endif /* WOLFSSL_AES_128 */ +#ifdef WOLFSSL_AES_192 case 12: /* AES 192 BLOCK */ __asm__ __volatile__ ( "MOV w11, %w[blocks] \n" @@ -797,7 +805,8 @@ void wc_AesFree(Aes* aes) "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14", "v15" ); break; - +#endif /* WOLFSSL_AES_192 */ +#ifdef WOLFSSL_AES_256 case 14: /* AES 256 BLOCK */ __asm__ __volatile__ ( "MOV w11, %w[blocks] \n" @@ -860,7 +869,7 @@ void wc_AesFree(Aes* aes) "v16", "v17" ); break; - +#endif /* WOLFSSL_AES_256 */ default: WOLFSSL_MSG("Bad AES-CBC round value"); return BAD_FUNC_ARG; @@ -914,6 +923,7 @@ void wc_AesFree(Aes* aes) byte* keyPt = (byte*)aes->key; sz -= numBlocks * AES_BLOCK_SIZE; switch(aes->rounds) { +#ifdef WOLFSSL_AES_128 case 10: /* AES 128 BLOCK */ __asm__ __volatile__ ( "MOV w11, %w[blocks] \n" @@ -1053,7 +1063,8 @@ void wc_AesFree(Aes* aes) "v6", "v7", "v8", "v9", "v10","v11","v12","v13","v14","v15" ); break; - +#endif /* WOLFSSL_AES_128 */ +#ifdef WOLFSSL_AES_192 case 12: /* AES 192 BLOCK */ __asm__ __volatile__ ( "MOV w11, %w[blocks] \n" @@ -1209,7 +1220,8 @@ void wc_AesFree(Aes* aes) "v16", "v17" ); break; - +#endif /* WOLFSSL_AES_192 */ +#ifdef WOLFSSL_AES_256 case 14: /* AES 256 BLOCK */ __asm__ __volatile__ ( "MOV w11, %w[blocks] \n" @@ -1378,7 +1390,7 @@ void wc_AesFree(Aes* aes) "v16", "v17", "v18", "v19" ); break; - +#endif /* WOLFSSL_AES_256 */ default: WOLFSSL_MSG("Bad AES-CTR round value"); return BAD_FUNC_ARG; @@ -1517,6 +1529,7 @@ void GHASH(Aes* aes, const byte* a, word32 aSz, } +#ifdef WOLFSSL_AES_128 /* internal function : see wc_AesGcmEncrypt */ static int Aes128GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz, const byte* iv, word32 ivSz, @@ -1832,8 +1845,9 @@ static int Aes128GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz, } return 0; } +#endif /* WOLFSSL_AES_128 */ - +#ifdef WOLFSSL_AES_192 /* internal function : see wc_AesGcmEncrypt */ static int Aes192GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz, const byte* iv, word32 ivSz, @@ -2164,8 +2178,9 @@ static int Aes192GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz, return 0; } +#endif /* WOLFSSL_AES_192 */ - +#ifdef WOLFSSL_AES_256 /* internal function : see wc_AesGcmEncrypt */ static int Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz, const byte* iv, word32 ivSz, @@ -2508,6 +2523,7 @@ static int Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz, return 0; } +#endif /* WOLFSSL_AES_256 */ /* aarch64 with PMULL and PMULL2 @@ -2552,18 +2568,21 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz, } switch (aes->rounds) { +#ifdef WOLFSSL_AES_128 case 10: return Aes128GcmEncrypt(aes, out, in, sz, iv, ivSz, authTag, authTagSz, authIn, authInSz); - +#endif +#ifdef WOLFSSL_AES_192 case 12: return Aes192GcmEncrypt(aes, out, in, sz, iv, ivSz, authTag, authTagSz, authIn, authInSz); - +#endif +#ifdef WOLFSSL_AES_256 case 14: return Aes256GcmEncrypt(aes, out, in, sz, iv, ivSz, authTag, authTagSz, authIn, authInSz); - +#endif default: WOLFSSL_MSG("AES-GCM invalid round number"); return BAD_FUNC_ARG; @@ -2644,6 +2663,7 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, * an issue with call to encrypt/decrypt leftovers */ byte* keyPt = (byte*)aes->key; switch(aes->rounds) { +#ifdef WOLFSSL_AES_128 case 10: /* AES 128 BLOCK */ __asm__ __volatile__ ( "MOV w11, %w[blocks] \n" @@ -2707,7 +2727,8 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, "v6", "v7", "v8", "v9", "v10", "v11", "v12", "v13", "v14" ); break; - +#endif +#ifdef WOLFSSL_AES_192 case 12: /* AES 192 BLOCK */ __asm__ __volatile__ ( "MOV w11, %w[blocks] \n" @@ -2777,6 +2798,8 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, "v16" ); break; +#endif /* WOLFSSL_AES_192 */ +#ifdef WOLFSSL_AES_256 case 14: /* AES 256 BLOCK */ __asm__ __volatile__ ( "MOV w11, %w[blocks] \n" @@ -2850,7 +2873,7 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, "v16", "v17", "v18", "v19" ); break; - +#endif /* WOLFSSL_AES_256 */ default: WOLFSSL_MSG("Bad AES-GCM round value"); return BAD_FUNC_ARG; @@ -3057,6 +3080,7 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, note: grouping AESE & AESMC together as pairs reduces latency */ switch(aes->rounds) { +#ifdef WOLFSSL_AES_128 case 10: /* AES 128 BLOCK */ __asm__ __volatile__ ( "MOV r11, %[blocks] \n" @@ -3116,7 +3140,8 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, "q6", "q7", "q8", "q9", "q10", "q11", "q12" ); break; - +#endif /* WOLFSSL_AES_128 */ +#ifdef WOLFSSL_AES_192 case 12: /* AES 192 BLOCK */ __asm__ __volatile__ ( "MOV r11, %[blocks] \n" @@ -3182,7 +3207,8 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, "q6", "q7", "q8", "q9", "q10", "q11", "q12", "q13", "q14" ); break; - +#endif /* WOLFSSL_AES_192 */ +#ifdef WOLFSSL_AES_256 case 14: /* AES 256 BLOCK */ __asm__ __volatile__ ( "MOV r11, %[blocks] \n" @@ -3255,7 +3281,7 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, "q6", "q7", "q8", "q9", "q10", "q11", "q12", "q13", "q14", "q15" ); break; - +#endif /* WOLFSSL_AES_256 */ default: WOLFSSL_MSG("Bad AES-CBC round value"); return BAD_FUNC_ARG; @@ -3280,6 +3306,7 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, word32* keyPt = aes->key; word32* regPt = aes->reg; switch(aes->rounds) { +#ifdef WOLFSSL_AES_128 case 10: /* AES 128 BLOCK */ __asm__ __volatile__ ( "MOV r11, %[blocks] \n" @@ -3341,7 +3368,8 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, "q6", "q7", "q8", "q9", "q10", "q11", "q12", "q13" ); break; - +#endif /* WOLFSSL_AES_128 */ +#ifdef WOLFSSL_AES_192 case 12: /* AES 192 BLOCK */ __asm__ __volatile__ ( "MOV r11, %[blocks] \n" @@ -3409,7 +3437,8 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, "q6", "q7", "q8", "q9", "q10", "q11", "q12", "q13", "q14", "q15" ); break; - +#endif /* WOLFSSL_AES_192 */ +#ifdef WOLFSSL_AES_256 case 14: /* AES 256 BLOCK */ __asm__ __volatile__ ( "MOV r11, %[blocks] \n" @@ -3484,7 +3513,7 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, "q6", "q7", "q8", "q9", "q10", "q11", "q12", "q13", "q14", "q15" ); break; - +#endif /* WOLFSSL_AES_256 */ default: WOLFSSL_MSG("Bad AES-CBC round value"); return BAD_FUNC_ARG; @@ -3539,6 +3568,7 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, word32* regPt = aes->reg; sz -= numBlocks * AES_BLOCK_SIZE; switch(aes->rounds) { +#ifdef WOLFSSL_AES_128 case 10: /* AES 128 BLOCK */ __asm__ __volatile__ ( "MOV r11, %[blocks] \n" @@ -3674,7 +3704,8 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, "q6", "q7", "q8", "q9", "q10","q11","q12","q13","q14", "q15" ); break; - +#endif /* WOLFSSL_AES_128 */ +#ifdef WOLFSSL_AES_192 case 12: /* AES 192 BLOCK */ __asm__ __volatile__ ( "MOV r11, %[blocks] \n" @@ -3833,7 +3864,8 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, "q6", "q7", "q8", "q9", "q10","q11","q12","q13","q14" ); break; - +#endif /* WOLFSSL_AES_192 */ +#ifdef WOLFSSL_AES_256 case 14: /* AES 256 BLOCK */ __asm__ __volatile__ ( "MOV r11, %[blocks] \n" @@ -4009,7 +4041,7 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, "q6", "q7", "q8", "q9", "q10","q11","q12","q13","q14" ); break; - +#endif /* WOLFSSL_AES_256 */ default: WOLFSSL_MSG("Bad AES-CTR round qalue"); return BAD_FUNC_ARG; diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 9875d18e24..f9d58ed215 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -602,7 +602,7 @@ int wolfcrypt_test(void* args) printf( "X963-KDF test passed!\n"); #endif -#ifdef HAVE_AESGCM +#if defined(HAVE_AESGCM) && defined(WOLFSSL_AES_128) if ( (ret = gmac_test()) != 0) return err_sys("GMAC test failed!\n", ret); else @@ -671,16 +671,19 @@ int wolfcrypt_test(void* args) else printf( "AES test passed!\n"); +#ifdef WOLFSSL_AES_192 if ( (ret = aes192_test()) != 0) return err_sys("AES192 test failed!\n", ret); else printf( "AES192 test passed!\n"); +#endif +#ifdef WOLFSSL_AES_256 if ( (ret = aes256_test()) != 0) return err_sys("AES256 test failed!\n", ret); else printf( "AES256 test passed!\n"); - +#endif #ifdef HAVE_AESGCM if ( (ret = aesgcm_test()) != 0) return err_sys("AES-GCM test failed!\n", ret); @@ -688,7 +691,7 @@ int wolfcrypt_test(void* args) printf( "AES-GCM test passed!\n"); #endif -#ifdef HAVE_AESCCM +#if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128) if ( (ret = aesccm_test()) != 0) return err_sys("AES-CCM test failed!\n", ret); else @@ -798,7 +801,7 @@ int wolfcrypt_test(void* args) return err_sys("ECC test failed!\n", ret); else printf( "ECC test passed!\n"); - #ifdef HAVE_ECC_ENCRYPT + #if defined(HAVE_ECC_ENCRYPT) && defined(WOLFSSL_AES_128) if ( (ret = ecc_encrypt_test()) != 0) return err_sys("ECC Enc test failed!\n", ret); else @@ -4440,6 +4443,7 @@ int des3_test(void) 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f }; +#ifdef WOLFSSL_AES_128 const byte key1[] = { 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6, @@ -4465,7 +4469,9 @@ int des3_test(void) 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11, 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef }; +#endif /* WOLFSSL_AES_128 */ +#ifdef WOLFSSL_AES_192 /* 192 size key test */ const byte key2[] = { @@ -4497,7 +4503,9 @@ int des3_test(void) 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17, 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10 }; +#endif /* WOLFSSL_AES_192 */ +#ifdef WOLFSSL_AES_256 /* 256 size key simple test */ const byte key3[] = { @@ -4530,8 +4538,9 @@ int des3_test(void) 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17, 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10 }; +#endif /* WOLFSSL_AES_256 */ - +#ifdef WOLFSSL_AES_128 /* 128 key tests */ ret = wc_AesSetKey(&enc, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION); if (ret != 0) @@ -4569,7 +4578,9 @@ int des3_test(void) if (XMEMCMP(plain, msg1, AES_BLOCK_SIZE * 3)) return -1110; #endif /* HAVE_AES_DECRYPT */ +#endif /* WOLFSSL_AES_128 */ +#ifdef WOLFSSL_AES_192 /* 192 key size test */ ret = wc_AesSetKey(&enc, key2, sizeof(key2), iv, AES_ENCRYPTION); if (ret != 0) @@ -4597,8 +4608,9 @@ int des3_test(void) if (XMEMCMP(plain, msg2, AES_BLOCK_SIZE * 4)) return -1116; #endif /* HAVE_AES_DECRYPT */ +#endif /* WOLFSSL_AES_192 */ - +#ifdef WOLFSSL_AES_256 /* 256 key size test */ ret = wc_AesSetKey(&enc, key3, sizeof(key3), iv, AES_ENCRYPTION); if (ret != 0) @@ -4661,6 +4673,7 @@ int des3_test(void) if (XMEMCMP(plain, msg3, AES_BLOCK_SIZE * 4)) return -1131; #endif /* HAVE_AES_DECRYPT */ +#endif /* WOLFSSL_AES_256 */ return ret; } @@ -4711,7 +4724,11 @@ static int aes_key_size_test(void) #endif /* NULL IV indicates to use all zeros IV. */ ret = wc_AesSetKey(&aes, key16, sizeof(key16), NULL, AES_ENCRYPTION); +#ifdef WOLFSSL_AES_128 if (ret != 0) +#else + if (ret != BAD_FUNC_ARG) +#endif return -4006; ret = wc_AesSetKey(&aes, key32, sizeof(key32) - 1, iv, AES_ENCRYPTION); if (ret != BAD_FUNC_ARG) @@ -4725,27 +4742,39 @@ static int aes_key_size_test(void) #endif ret = wc_AesSetKey(&aes, key16, sizeof(key16), iv, AES_ENCRYPTION); +#ifdef WOLFSSL_AES_128 if (ret != 0) +#else + if (ret != BAD_FUNC_ARG) +#endif return -4009; -#ifndef HAVE_FIPS +#if !defined(HAVE_FIPS) && defined(WOLFSSL_AES_128) ret = wc_AesGetKeySize(&aes, &keySize); if (ret != 0 || keySize != sizeof(key16)) return -4010; #endif ret = wc_AesSetKey(&aes, key24, sizeof(key24), iv, AES_ENCRYPTION); +#ifdef WOLFSSL_AES_192 if (ret != 0) +#else + if (ret != BAD_FUNC_ARG) +#endif return -4011; -#ifndef HAVE_FIPS +#if !defined(HAVE_FIPS) && defined(WOLFSSL_AES_192) ret = wc_AesGetKeySize(&aes, &keySize); if (ret != 0 || keySize != sizeof(key24)) return -4012; #endif ret = wc_AesSetKey(&aes, key32, sizeof(key32), iv, AES_ENCRYPTION); +#ifdef WOLFSSL_AES_256 if (ret != 0) +#else + if (ret != BAD_FUNC_ARG) +#endif return -4013; -#ifndef HAVE_FIPS +#if !defined(HAVE_FIPS) && defined(WOLFSSL_AES_256) ret = wc_AesGetKeySize(&aes, &keySize); if (ret != 0 || keySize != sizeof(key32)) return -4014; @@ -4756,6 +4785,7 @@ static int aes_key_size_test(void) #if defined(WOLFSSL_AES_XTS) /* test vectors from http://csrc.nist.gov/groups/STM/cavp/block-cipher-modes.html */ +#ifdef WOLFSSL_AES_128 static int aes_xts_128_test(void) { XtsAes aes; @@ -4908,8 +4938,10 @@ static int aes_xts_128_test(void) return ret; } +#endif /* WOLFSSL_AES_128 */ +#ifdef WOLFSSL_AES_256 static int aes_xts_256_test(void) { XtsAes aes; @@ -5066,8 +5098,10 @@ static int aes_xts_256_test(void) return ret; } +#endif /* WOLFSSL_AES_256 */ +#if defined(WOLFSSL_AES_128) && defined(WOLFSSL_AES_256) /* both 128 and 256 bit key test */ static int aes_xts_sector_test(void) { @@ -5180,8 +5214,10 @@ static int aes_xts_sector_test(void) return ret; } +#endif /* WOLFSSL_AES_128 && WOLFSSL_AES_256 */ +#ifdef WOLFSSL_AES_128 /* testing of bad arguments */ static int aes_xts_args_test(void) { @@ -5255,9 +5291,10 @@ static int aes_xts_args_test(void) return 0; } +#endif /* WOLFSSL_AES_128 */ #endif /* WOLFSSL_AES_XTS */ -#if defined(HAVE_AES_CBC) +#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) static int aes_cbc_test(void) { byte cipher[AES_BLOCK_SIZE]; @@ -5275,22 +5312,26 @@ static int aes_cbc_test(void) ret = wc_AesCbcEncryptWithKey(cipher, msg, AES_BLOCK_SIZE, key, 17, NULL); if (ret != BAD_FUNC_ARG) return -4100; +#ifdef HAVE_AES_DECRYPT ret = wc_AesCbcDecryptWithKey(plain, cipher, AES_BLOCK_SIZE, key, 17, NULL); if (ret != BAD_FUNC_ARG) return -4101; +#endif ret = wc_AesCbcEncryptWithKey(cipher, msg, AES_BLOCK_SIZE, key, AES_BLOCK_SIZE, iv); if (ret != 0) return -4102; +#ifdef HAVE_AES_DECRYPT ret = wc_AesCbcDecryptWithKey(plain, cipher, AES_BLOCK_SIZE, key, AES_BLOCK_SIZE, iv); if (ret != 0) return -4103; - if (XMEMCMP(plain, msg, AES_BLOCK_SIZE) != 0) return -4104; +#endif /* HAVE_AES_DECRYPT */ + (void)plain; return 0; } #endif @@ -5308,6 +5349,7 @@ int aes_test(void) int ret = 0; #ifdef HAVE_AES_CBC +#ifdef WOLFSSL_AES_128 const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */ 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, @@ -5358,6 +5400,7 @@ int aes_test(void) #endif /* HAVE_AES_DECRYPT */ if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE)) return -4207; +#endif /* WOLFSSL_AES_128 */ #if defined(WOLFSSL_AESNI) && defined(HAVE_AES_DECRYPT) { @@ -5479,6 +5522,7 @@ int aes_test(void) 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10 }; +#ifdef WOLFSSL_AES_128 const byte oddCipher[] = { 0xb9,0xd7,0xcb,0x08,0xb0,0xe1,0x7b,0xa0, @@ -5502,7 +5546,9 @@ int aes_test(void) 0x1e,0x03,0x1d,0xda,0x2f,0xbe,0x03,0xd1, 0x79,0x21,0x70,0xa0,0xf3,0x00,0x9c,0xee }; +#endif /* WOLFSSL_AES_128 */ +#ifdef WOLFSSL_AES_192 const byte ctr192Key[] = { 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52, @@ -5521,7 +5567,8 @@ int aes_test(void) 0x4f,0x78,0xa7,0xf6,0xd2,0x98,0x09,0x58, 0x5a,0x97,0xda,0xec,0x58,0xc6,0xb0,0x50 }; - +#endif +#ifdef WOLFSSL_AES_256 const byte ctr256Key[] = { 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe, @@ -5541,7 +5588,9 @@ int aes_test(void) 0xdf,0xc9,0xc5,0x8d,0xb6,0x7a,0xad,0xa6, 0x13,0xc2,0xdd,0x08,0x45,0x79,0x41,0xa6 }; +#endif +#ifdef WOLFSSL_AES_128 wc_AesSetKeyDirect(&enc, ctr128Key, sizeof(ctr128Key), ctrIv, AES_ENCRYPTION); /* Ctr only uses encrypt, even on key setup */ @@ -5599,7 +5648,9 @@ int aes_test(void) if (XMEMCMP(cipher, oddCipher, sizeof(oddCipher))) return -4218; +#endif /* WOLFSSL_AES_128 */ +#ifdef WOLFSSL_AES_192 /* 192 bit key */ wc_AesSetKeyDirect(&enc, ctr192Key, sizeof(ctr192Key), ctrIv, AES_ENCRYPTION); @@ -5622,7 +5673,9 @@ int aes_test(void) } if (XMEMCMP(ctr192Cipher, cipher, sizeof(ctr192Cipher))) return -4220; +#endif /* WOLFSSL_AES_192 */ +#ifdef WOLFSSL_AES_256 /* 256 bit key */ wc_AesSetKeyDirect(&enc, ctr256Key, sizeof(ctr256Key), ctrIv, AES_ENCRYPTION); @@ -5645,10 +5698,11 @@ int aes_test(void) } if (XMEMCMP(ctr256Cipher, cipher, sizeof(ctr256Cipher))) return -4222; +#endif /* WOLFSSL_AES_256 */ } #endif /* WOLFSSL_AES_COUNTER */ -#ifdef WOLFSSL_AES_DIRECT +#if defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AES_256) { const byte niPlain[] = { @@ -5686,41 +5740,60 @@ int aes_test(void) if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0) return -4226; } -#endif /* WOLFSSL_AES_DIRECT */ +#endif /* WOLFSSL_AES_DIRECT && WOLFSSL_AES_256 */ ret = aes_key_size_test(); if (ret != 0) return ret; -#if defined(HAVE_AES_CBC) +#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) ret = aes_cbc_test(); if (ret != 0) return ret; #endif #if defined(WOLFSSL_AES_XTS) + #ifdef WOLFSSL_AES_128 ret = aes_xts_128_test(); if (ret != 0) return ret; + #endif + #ifdef WOLFSSL_AES_256 ret = aes_xts_256_test(); if (ret != 0) return ret; + #endif + #if defined(WOLFSSL_AES_128) && defined(WOLFSSL_AES_256) ret = aes_xts_sector_test(); if (ret != 0) return ret; + #endif + #ifdef WOLFSSL_AES_128 ret = aes_xts_args_test(); if (ret != 0) return ret; + #endif #endif +#if defined(WOLFSSL_AES_CFB) + ret = aescfb_test(); + if (ret != 0) + return ret; +#endif + + wc_AesFree(&enc); #ifdef HAVE_AES_DECRYPT wc_AesFree(&dec); + (void)plain; #endif + (void)cipher; + return ret; } +#ifdef WOLFSSL_AES_192 int aes192_test(void) { #ifdef HAVE_AES_CBC @@ -5803,15 +5876,11 @@ int aes192_test(void) #endif /* HAVE_AES_CBC */ -#if defined(WOLFSSL_AES_CFB) - ret = aescfb_test(); - if (ret != 0) - return ret; -#endif - return ret; } +#endif /* WOLFSSL_AES_192 */ +#ifdef WOLFSSL_AES_256 int aes256_test(void) { #ifdef HAVE_AES_CBC @@ -5896,6 +5965,7 @@ int aes256_test(void) return ret; } +#endif /* WOLFSSL_AES_256 */ #ifdef HAVE_AESGCM @@ -5927,6 +5997,7 @@ int aesgcm_test(void) 0xab, 0xad, 0xda, 0xd2 }; +#ifdef WOLFSSL_AES_256 const byte k1[] = { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, @@ -5952,6 +6023,7 @@ int aesgcm_test(void) 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62 }; +#endif /* WOLFSSL_AES_256 */ const byte t1[] = { @@ -5965,7 +6037,7 @@ int aesgcm_test(void) !defined(WOLFSSL_XILINX_CRYPT) #define ENABLE_NON_12BYTE_IV_TEST - +#ifdef WOLFSSL_AES_192 /* Test Case 12, uses same plaintext and AAD data. */ const byte k2[] = { @@ -6003,7 +6075,8 @@ int aesgcm_test(void) 0xdc, 0xf5, 0x66, 0xff, 0x29, 0x1c, 0x25, 0xbb, 0xb8, 0x56, 0x8f, 0xc3, 0xd3, 0x76, 0xa6, 0xd9 }; - +#endif /* WOLFSSL_AES_192 */ +#ifdef WOLFSSL_AES_128 /* The following is an interesting test case from the example * FIPS test vectors for AES-GCM. IVlen = 1 byte */ const byte p3[] = @@ -6040,16 +6113,19 @@ int aesgcm_test(void) 0x06, 0x90, 0xed, 0x01, 0x34, 0xdd, 0xc6, 0x95, 0x31, 0x2e, 0x2a, 0xf9, 0x57, 0x7a, 0x1e, 0xa6 }; +#endif /* WOLFSSL_AES_128 */ +#ifdef WOLFSSL_AES_256 + int ivlen; +#endif #endif byte resultT[sizeof(t1)]; byte resultP[sizeof(p)]; byte resultC[sizeof(p)]; int result; -#if !defined(HAVE_FIPS) && !defined(STM32_CRYPTO) - int ivlen; -#endif +#ifdef WOLFSSL_AES_256 int alen, plen; +#endif #if !defined(BENCH_EMBEDDED) #ifndef BENCH_AESGCM_LARGE @@ -6072,6 +6148,7 @@ int aesgcm_test(void) return -4300; } +#ifdef WOLFSSL_AES_256 result = wc_AesGcmSetKey(&enc, k1, sizeof(k1)); if (result != 0) return -4301; @@ -6089,6 +6166,7 @@ int aesgcm_test(void) if (XMEMCMP(t1, resultT, sizeof(resultT))) return -4304; +#ifdef HAVE_AES_DECRYPT result = wc_AesGcmDecrypt(&enc, resultP, resultC, sizeof(resultC), iv1, sizeof(iv1), resultT, sizeof(resultT), a, sizeof(a)); #if defined(WOLFSSL_ASYNC_CRYPT) @@ -6098,6 +6176,7 @@ int aesgcm_test(void) return -4305; if (XMEMCMP(p, resultP, sizeof(resultP))) return -4306; +#endif /* HAVE_AES_DECRYPT */ /* Large buffer test */ #ifdef BENCH_AESGCM_LARGE @@ -6115,6 +6194,7 @@ int aesgcm_test(void) if (result != 0) return -4307; +#ifdef HAVE_AES_DECRYPT result = wc_AesGcmDecrypt(&enc, large_outdec, large_output, BENCH_AESGCM_LARGE, iv1, sizeof(iv1), resultT, sizeof(resultT), a, sizeof(a)); @@ -6125,8 +6205,8 @@ int aesgcm_test(void) return -4308; if (XMEMCMP(large_input, large_outdec, BENCH_AESGCM_LARGE)) return -4309; +#endif /* HAVE_AES_DECRYPT */ #endif /* BENCH_AESGCM_LARGE */ - #ifdef ENABLE_NON_12BYTE_IV_TEST /* Variable IV length test */ for (ivlen=0; ivlen<(int)sizeof(k1); ivlen++) { @@ -6138,6 +6218,7 @@ int aesgcm_test(void) #endif if (result != 0) return -4310; +#ifdef HAVE_AES_DECRYPT result = wc_AesGcmDecrypt(&enc, resultP, resultC, sizeof(resultC), k1, (word32)ivlen, resultT, sizeof(resultT), a, sizeof(a)); #if defined(WOLFSSL_ASYNC_CRYPT) @@ -6145,6 +6226,7 @@ int aesgcm_test(void) #endif if (result != 0) return -4311; +#endif /* HAVE_AES_DECRYPT */ } #endif @@ -6158,6 +6240,7 @@ int aesgcm_test(void) #endif if (result != 0) return -4312; +#ifdef HAVE_AES_DECRYPT result = wc_AesGcmDecrypt(&enc, resultP, resultC, sizeof(resultC), iv1, sizeof(iv1), resultT, sizeof(resultT), p, (word32)alen); #if defined(WOLFSSL_ASYNC_CRYPT) @@ -6165,6 +6248,7 @@ int aesgcm_test(void) #endif if (result != 0) return -4313; +#endif /* HAVE_AES_DECRYPT */ } #ifdef BENCH_AESGCM_LARGE @@ -6180,6 +6264,7 @@ int aesgcm_test(void) if (result != 0) return -4314; +#ifdef HAVE_AES_DECRYPT result = wc_AesGcmDecrypt(&enc, large_outdec, large_output, plen, iv1, sizeof(iv1), resultT, sizeof(resultT), a, sizeof(a)); @@ -6188,6 +6273,7 @@ int aesgcm_test(void) #endif if (result != 0) return -4315; +#endif /* HAVE_AES_DECRYPT */ } #else /* Variable plain text length test */ @@ -6200,6 +6286,7 @@ int aesgcm_test(void) #endif if (result != 0) return -4314; +#ifdef HAVE_AES_DECRYPT result = wc_AesGcmDecrypt(&enc, resultP, resultC, (word32)plen, iv1, sizeof(iv1), resultT, sizeof(resultT), a, sizeof(a)); #if defined(WOLFSSL_ASYNC_CRYPT) @@ -6207,8 +6294,10 @@ int aesgcm_test(void) #endif if (result != 0) return -4315; +#endif /* HAVE_AES_DECRYPT */ } #endif /* BENCH_AESGCM_LARGE */ +#endif /* WOLFSSL_AES_256 */ /* test with IV != 12 bytes */ #ifdef ENABLE_NON_12BYTE_IV_TEST @@ -6216,6 +6305,7 @@ int aesgcm_test(void) XMEMSET(resultC, 0, sizeof(resultC)); XMEMSET(resultP, 0, sizeof(resultP)); +#ifdef WOLFSSL_AES_192 wc_AesGcmSetKey(&enc, k2, sizeof(k2)); /* AES-GCM encrypt and decrypt both use AES encrypt internally */ result = wc_AesGcmEncrypt(&enc, resultC, p, sizeof(p), iv2, sizeof(iv2), @@ -6230,6 +6320,7 @@ int aesgcm_test(void) if (XMEMCMP(t2, resultT, sizeof(resultT))) return -4318; +#ifdef HAVE_AES_DECRYPT result = wc_AesGcmDecrypt(&enc, resultP, resultC, sizeof(resultC), iv2, sizeof(iv2), resultT, sizeof(resultT), a, sizeof(a)); #if defined(WOLFSSL_ASYNC_CRYPT) @@ -6239,11 +6330,13 @@ int aesgcm_test(void) return -4319; if (XMEMCMP(p, resultP, sizeof(resultP))) return -4320; +#endif /* HAVE_AES_DECRYPT */ XMEMSET(resultT, 0, sizeof(resultT)); XMEMSET(resultC, 0, sizeof(resultC)); XMEMSET(resultP, 0, sizeof(resultP)); - +#endif /* WOLFSSL_AES_192 */ +#ifdef WOLFSSL_AES_128 wc_AesGcmSetKey(&enc, k3, sizeof(k3)); /* AES-GCM encrypt and decrypt both use AES encrypt internally */ result = wc_AesGcmEncrypt(&enc, resultC, p3, sizeof(p3), iv3, sizeof(iv3), @@ -6258,6 +6351,7 @@ int aesgcm_test(void) if (XMEMCMP(t3, resultT, sizeof(t3))) return -8211; +#ifdef HAVE_AES_DECRYPT result = wc_AesGcmDecrypt(&enc, resultP, resultC, sizeof(c3), iv3, sizeof(iv3), resultT, sizeof(t3), a3, sizeof(a3)); #if defined(WOLFSSL_ASYNC_CRYPT) @@ -6267,8 +6361,11 @@ int aesgcm_test(void) return -8212; if (XMEMCMP(p3, resultP, sizeof(p3))) return -8213; +#endif /* HAVE_AES_DECRYPT */ +#endif /* WOLFSSL_AES_128 */ #endif /* ENABLE_NON_12BYTE_IV_TEST */ +#ifdef WOLFSSL_AES_256 XMEMSET(resultT, 0, sizeof(resultT)); XMEMSET(resultC, 0, sizeof(resultC)); XMEMSET(resultP, 0, sizeof(resultP)); @@ -6287,6 +6384,7 @@ int aesgcm_test(void) if (XMEMCMP(t1, resultT + 1, sizeof(resultT) - 1)) return -4323; +#ifdef HAVE_AES_DECRYPT result = wc_AesGcmDecrypt(&enc, resultP, resultC, sizeof(resultC), iv1, sizeof(iv1), resultT + 1, sizeof(resultT) - 1, a, sizeof(a)); #if defined(WOLFSSL_ASYNC_CRYPT) @@ -6296,11 +6394,14 @@ int aesgcm_test(void) return -4324; if (XMEMCMP(p, resultP, sizeof(resultP))) return -4325; +#endif /* HAVE_AES_DECRYPT */ +#endif /* WOLFSSL_AES_256 */ wc_AesFree(&enc); return 0; } +#ifdef WOLFSSL_AES_128 int gmac_test(void) { Gmac gmac; @@ -6364,9 +6465,10 @@ int gmac_test(void) return 0; } +#endif /* WOLFSSL_AES_128 */ #endif /* HAVE_AESGCM */ -#ifdef HAVE_AESCCM +#if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128) int aesccm_test(void) { Aes enc; @@ -6457,7 +6559,7 @@ int aesccm_test(void) return 0; } -#endif /* HAVE_AESCCM */ +#endif /* HAVE_AESCCM WOLFSSL_AES_128 */ #ifdef HAVE_AES_KEYWRAP @@ -6480,6 +6582,7 @@ int aeskeywrap_test(void) /* test vectors from RFC 3394 (kek, data, verify) */ +#ifdef WOLFSSL_AES_128 /* Wrap 128 bits of Key Data with a 128-bit KEK */ const byte k1[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, @@ -6496,7 +6599,9 @@ int aeskeywrap_test(void) 0xAE, 0xF3, 0x4B, 0xD8, 0xFB, 0x5A, 0x7B, 0x82, 0x9D, 0x3E, 0x86, 0x23, 0x71, 0xD2, 0xCF, 0xE5 }; +#endif /* WOLFSSL_AES_128 */ +#ifdef WOLFSSL_AES_192 /* Wrap 128 bits of Key Data with a 192-bit KEK */ const byte k2[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, @@ -6514,7 +6619,9 @@ int aeskeywrap_test(void) 0xF9, 0x2B, 0x5B, 0x97, 0xC0, 0x50, 0xAE, 0xD2, 0x46, 0x8A, 0xB8, 0xA1, 0x7A, 0xD8, 0x4E, 0x5D }; +#endif +#ifdef WOLFSSL_AES_256 /* Wrap 128 bits of Key Data with a 256-bit KEK */ const byte k3[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, @@ -6533,7 +6640,9 @@ int aeskeywrap_test(void) 0x63, 0xE9, 0x77, 0x79, 0x05, 0x81, 0x8A, 0x2A, 0x93, 0xC8, 0x19, 0x1E, 0x7D, 0x6E, 0x8A, 0xE7 }; +#endif +#ifdef WOLFSSL_AES_192 /* Wrap 192 bits of Key Data with a 192-bit KEK */ const byte k4[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, @@ -6553,7 +6662,9 @@ int aeskeywrap_test(void) 0xE1, 0xC6, 0xC7, 0xDD, 0xEE, 0x72, 0x5A, 0x93, 0x6B, 0xA8, 0x14, 0x91, 0x5C, 0x67, 0x62, 0xD2 }; +#endif +#ifdef WOLFSSL_AES_256 /* Wrap 192 bits of Key Data with a 256-bit KEK */ const byte k5[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, @@ -6597,18 +6708,29 @@ int aeskeywrap_test(void) 0xCB, 0xC7, 0xF0, 0xE7, 0x1A, 0x99, 0xF4, 0x3B, 0xFB, 0x98, 0x8B, 0x9B, 0x7A, 0x02, 0xDD, 0x21 }; +#endif /* WOLFSSL_AES_256 */ byte output[MAX_KEYWRAP_TEST_OUTLEN]; byte plain [MAX_KEYWRAP_TEST_PLAINLEN]; const keywrapVector test_wrap[] = { + #ifdef WOLFSSL_AES_128 {k1, d1, v1, sizeof(k1), sizeof(d1), sizeof(v1)}, + #endif + #ifdef WOLFSSL_AES_192 {k2, d2, v2, sizeof(k2), sizeof(d2), sizeof(v2)}, + #endif + #ifdef WOLFSSL_AES_256 {k3, d3, v3, sizeof(k3), sizeof(d3), sizeof(v3)}, + #endif + #ifdef WOLFSSL_AES_192 {k4, d4, v4, sizeof(k4), sizeof(d4), sizeof(v4)}, + #endif + #ifdef WOLFSSL_AES_256 {k5, d5, v5, sizeof(k5), sizeof(d5), sizeof(v5)}, {k6, d6, v6, sizeof(k6), sizeof(d6), sizeof(v6)} + #endif }; testSz = sizeof(test_wrap) / sizeof(keywrapVector); @@ -10325,6 +10447,7 @@ int srp_test(void) static int openssl_aes_test(void) { #ifdef HAVE_AES_CBC +#ifdef WOLFSSL_AES_128 { /* EVP_CipherUpdate test */ const byte cbcPlain[] = @@ -10456,10 +10579,11 @@ static int openssl_aes_test(void) } /* end evp_cipher test: EVP_aes_128_cbc*/ +#endif /* WOLFSSL_AES_128 */ #endif /* HAVE_AES_CBC */ -#ifdef HAVE_AES_ECB - { /* evp_cipher test: EVP_aes_128_ecb*/ +#if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_256) + { /* evp_cipher test: EVP_aes_256_ecb*/ EVP_CIPHER_CTX ctx; const byte msg[] = { @@ -10506,9 +10630,9 @@ static int openssl_aes_test(void) return -186; } /* end evp_cipher test */ -#endif /* HAVE_AES_ECB */ +#endif /* HAVE_AES_ECB && WOLFSSL_AES_256 */ -#ifdef WOLFSSL_AES_DIRECT +#if defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AES_256) /* enable HAVE_AES_DECRYPT for AES_encrypt/decrypt */ { /* Test: AES_encrypt/decrypt/set Key */ @@ -10554,11 +10678,15 @@ static int openssl_aes_test(void) if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE)) return -188; } -#endif /* WOLFSSL_AES_DIRECT */ +#endif /* WOLFSSL_AES_DIRECT && WOLFSSL_AES_256 */ /* EVP_Cipher with EVP_aes_xxx_ctr() */ #ifdef WOLFSSL_AES_COUNTER { + byte plainBuff [64]; + byte cipherBuff[64]; + +#ifdef WOLFSSL_AES_128 const byte ctrKey[] = { 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6, @@ -10596,18 +10724,16 @@ static int openssl_aes_test(void) 0x79,0x21,0x70,0xa0,0xf3,0x00,0x9c,0xee }; - byte plainBuff [64]; - byte cipherBuff[64]; - const byte oddCipher[] = { 0xb9,0xd7,0xcb,0x08,0xb0,0xe1,0x7b,0xa0, 0xc2 }; - +#endif /* test vector from "Recommendation for Block Cipher Modes of Operation" * NIST Special Publication 800-38A */ +#ifdef WOLFSSL_AES_192 const byte ctr192Key[] = { 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52, @@ -10633,7 +10759,9 @@ static int openssl_aes_test(void) 0x1a,0xbc,0x93,0x24,0x17,0x52,0x1c,0xa2, 0x4f,0x2b,0x04,0x59,0xfe,0x7e,0x6e,0x0b }; +#endif /* WOLFSSL_AES_192 */ +#ifdef WOLFSSL_AES_256 /* test vector from "Recommendation for Block Cipher Modes of Operation" * NIST Special Publication 800-38A */ const byte ctr256Key[] = @@ -10662,9 +10790,11 @@ static int openssl_aes_test(void) 0x60,0x1e,0xc3,0x13,0x77,0x57,0x89,0xa5, 0xb7,0xa7,0xf5,0x04,0xbb,0xf3,0xd2,0x28 }; +#endif /* WOLFSSL_AES_256 */ EVP_CIPHER_CTX en; EVP_CIPHER_CTX de; +#ifdef WOLFSSL_AES_128 EVP_CIPHER_CTX *p_en; EVP_CIPHER_CTX *p_de; @@ -10747,7 +10877,9 @@ static int openssl_aes_test(void) return -3314; if (XMEMCMP(cipherBuff, oddCipher, 9)) return -3315; +#endif /* WOLFSSL_AES_128 */ +#ifdef WOLFSSL_AES_192 EVP_CIPHER_CTX_init(&en); if (EVP_CipherInit(&en, EVP_aes_192_ctr(), (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0) @@ -10769,7 +10901,9 @@ static int openssl_aes_test(void) return -3320; if (XMEMCMP(ctr192Cipher, cipherBuff, sizeof(ctr192Cipher))) return -3321; +#endif /* WOLFSSL_AES_192 */ +#ifdef WOLFSSL_AES_256 EVP_CIPHER_CTX_init(&en); if (EVP_CipherInit(&en, EVP_aes_256_ctr(), (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0) @@ -10791,10 +10925,11 @@ static int openssl_aes_test(void) return -3326; if (XMEMCMP(ctr256Cipher, cipherBuff, sizeof(ctr256Cipher))) return -3327; +#endif /* WOLFSSL_AES_256 */ } #endif /* HAVE_AES_COUNTER */ -#ifdef WOLFSSL_AES_CFB +#if defined(WOLFSSL_AES_CFB) && defined(WOLFSSL_AES_128) { AES_KEY enc; AES_KEY dec; @@ -10853,7 +10988,7 @@ static int openssl_aes_test(void) if (num != 0) return -3331; } -#endif /* WOLFSSL_AES_CFB */ +#endif /* WOLFSSL_AES_CFB && WOLFSSL_AES_128 */ return 0; } #endif /* !defined(NO_AES) && !defined(WOLFCRYPT_ONLY) */ @@ -11080,6 +11215,7 @@ int openssl_test(void) if (openssl_aes_test() != 0) return -3429; +#ifdef WOLFSSL_AES_128 { /* evp_cipher test: EVP_aes_128_cbc */ EVP_CIPHER_CTX ctx; int idx, cipherSz, plainSz; @@ -11160,9 +11296,10 @@ int openssl_test(void) return -8112; } /* end evp_cipher test: EVP_aes_128_cbc*/ +#endif /* WOLFSSL_AES_128 */ -#ifdef HAVE_AES_ECB - { /* evp_cipher test: EVP_aes_128_ecb*/ +#if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_256) + { /* evp_cipher test: EVP_aes_256_ecb*/ EVP_CIPHER_CTX ctx; const byte msg[] = { @@ -11211,12 +11348,12 @@ int openssl_test(void) return -5923; } /* end evp_cipher test */ -#endif +#endif /* HAVE_AES_ECB && WOLFSSL_AES_128 */ #define OPENSSL_TEST_ERROR (-10000) -#ifdef WOLFSSL_AES_DIRECT +#if defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AES_256) /* enable HAVE_AES_DECRYPT for AES_encrypt/decrypt */ { @@ -11267,11 +11404,15 @@ int openssl_test(void) return OPENSSL_TEST_ERROR-61; } -#endif +#endif /* WOLFSSL_AES_DIRECT && WOLFSSL_AES_256 */ /* EVP_Cipher with EVP_aes_xxx_ctr() */ #ifdef WOLFSSL_AES_COUNTER { + byte plainBuff [64]; + byte cipherBuff[64]; + +#ifdef WOLFSSL_AES_128 const byte ctrKey[] = { 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6, @@ -11284,7 +11425,6 @@ int openssl_test(void) 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff }; - const byte ctrPlain[] = { 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, @@ -11309,16 +11449,14 @@ int openssl_test(void) 0x79,0x21,0x70,0xa0,0xf3,0x00,0x9c,0xee }; - byte plainBuff [64]; - byte cipherBuff[64]; - const byte oddCipher[] = { 0xb9,0xd7,0xcb,0x08,0xb0,0xe1,0x7b,0xa0, 0xc2 }; +#endif /* WOLFSSL_AES_128 */ - +#ifdef WOLFSSL_AES_192 /* test vector from "Recommendation for Block Cipher Modes of Operation" * NIST Special Publication 800-38A */ const byte ctr192Key[] = @@ -11346,7 +11484,9 @@ int openssl_test(void) 0x1a,0xbc,0x93,0x24,0x17,0x52,0x1c,0xa2, 0x4f,0x2b,0x04,0x59,0xfe,0x7e,0x6e,0x0b }; +#endif /* WOLFSSL_AES_192 */ +#ifdef WOLFSSL_AES_256 /* test vector from "Recommendation for Block Cipher Modes of Operation" * NIST Special Publication 800-38A */ const byte ctr256Key[] = @@ -11375,9 +11515,11 @@ int openssl_test(void) 0x60,0x1e,0xc3,0x13,0x77,0x57,0x89,0xa5, 0xb7,0xa7,0xf5,0x04,0xbb,0xf3,0xd2,0x28 }; +#endif /* WOLFSSL_AES_256 */ EVP_CIPHER_CTX en; EVP_CIPHER_CTX de; +#ifdef WOLFSSL_AES_128 EVP_CIPHER_CTX *p_en; EVP_CIPHER_CTX *p_de; @@ -11458,7 +11600,9 @@ int openssl_test(void) return -5946; if (XMEMCMP(cipherBuff, oddCipher, 9)) return -5947; +#endif /* WOLFSSL_AES_128 */ +#ifdef WOLFSSL_AES_192 EVP_CIPHER_CTX_init(&en); if (EVP_CipherInit(&en, EVP_aes_192_ctr(), (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0) @@ -11480,7 +11624,9 @@ int openssl_test(void) return -5952; if (XMEMCMP(ctr192Cipher, cipherBuff, sizeof(ctr192Cipher))) return -5953; +#endif /* WOLFSSL_AES_192 */ +#ifdef WOLFSSL_AES_256 EVP_CIPHER_CTX_init(&en); if (EVP_CipherInit(&en, EVP_aes_256_ctr(), (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0) @@ -11502,9 +11648,11 @@ int openssl_test(void) return -5958; if (XMEMCMP(ctr256Cipher, cipherBuff, sizeof(ctr256Cipher))) return -5959; +#endif /* WOLFSSL_AES_256 */ } #endif /* HAVE_AES_COUNTER */ +#ifdef WOLFSSL_AES_128 { /* EVP_CipherUpdate test */ @@ -11655,6 +11803,7 @@ int openssl_test(void) return -3448; } +#endif /* WOLFSSL_AES_128 */ #endif /* ifndef NO_AES */ return 0; } @@ -14591,7 +14740,7 @@ done: return ret; } -#ifdef HAVE_ECC_ENCRYPT +#if defined(HAVE_ECC_ENCRYPT) && defined(WOLFSSL_AES_128) int ecc_encrypt_test(void) { @@ -15676,17 +15825,24 @@ typedef struct CMAC_Test_Case { int cmac_test(void) { +#ifdef WOLFSSL_AES_128 const byte k128[] = { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c }; + #define KLEN_128 (sizeof(k128)) +#endif +#ifdef WOLFSSL_AES_192 const byte k192[] = { 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52, 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5, 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b }; + #define KLEN_192 (sizeof(k192)) +#endif +#ifdef WOLFSSL_AES_256 const byte k256[] = { 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe, @@ -15694,9 +15850,8 @@ int cmac_test(void) 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7, 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4 }; - #define KLEN_128 (sizeof(k128)) - #define KLEN_192 (sizeof(k192)) #define KLEN_256 (sizeof(k256)) +#endif const byte m[] = { @@ -15715,6 +15870,7 @@ int cmac_test(void) #define MLEN_319 (MLEN_320 - 1) #define MLEN_512 (512/8) +#ifdef WOLFSSL_AES_128 const byte t128_0[] = { 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28, @@ -15740,7 +15896,8 @@ int cmac_test(void) 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92, 0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe }; - +#endif +#ifdef WOLFSSL_AES_192 const byte t192_0[] = { 0xd1, 0x7d, 0xdf, 0x46, 0xad, 0xaa, 0xcd, 0xe5, @@ -15761,7 +15918,8 @@ int cmac_test(void) 0xa1, 0xd5, 0xdf, 0x0e, 0xed, 0x79, 0x0f, 0x79, 0x4d, 0x77, 0x58, 0x96, 0x59, 0xf3, 0x9a, 0x11 }; - +#endif +#ifdef WOLFSSL_AES_256 const byte t256_0[] = { 0x02, 0x89, 0x62, 0xf6, 0x1b, 0x7b, 0xf8, 0x9e, @@ -15782,23 +15940,31 @@ int cmac_test(void) 0xe1, 0x99, 0x21, 0x90, 0x54, 0x9f, 0x6e, 0xd5, 0x69, 0x6a, 0x2c, 0x05, 0x6c, 0x31, 0x54, 0x10 }; - +#endif const CMAC_Test_Case testCases[] = { +#ifdef WOLFSSL_AES_128 {WC_CMAC_AES, 0, m, MLEN_0, k128, KLEN_128, t128_0, AES_BLOCK_SIZE}, {WC_CMAC_AES, 0, m, MLEN_128, k128, KLEN_128, t128_128, AES_BLOCK_SIZE}, {WC_CMAC_AES, 0, m, MLEN_320, k128, KLEN_128, t128_320, AES_BLOCK_SIZE}, {WC_CMAC_AES, 0, m, MLEN_512, k128, KLEN_128, t128_512, AES_BLOCK_SIZE}, {WC_CMAC_AES, 5, m, MLEN_512, k128, KLEN_128, t128_512, AES_BLOCK_SIZE}, +#endif +#ifdef WOLFSSL_AES_192 {WC_CMAC_AES, 0, m, MLEN_0, k192, KLEN_192, t192_0, AES_BLOCK_SIZE}, {WC_CMAC_AES, 0, m, MLEN_128, k192, KLEN_192, t192_128, AES_BLOCK_SIZE}, {WC_CMAC_AES, 0, m, MLEN_320, k192, KLEN_192, t192_320, AES_BLOCK_SIZE}, {WC_CMAC_AES, 0, m, MLEN_512, k192, KLEN_192, t192_512, AES_BLOCK_SIZE}, +#endif +#ifdef WOLFSSL_AES_256 {WC_CMAC_AES, 0, m, MLEN_0, k256, KLEN_256, t256_0, AES_BLOCK_SIZE}, {WC_CMAC_AES, 0, m, MLEN_128, k256, KLEN_256, t256_128, AES_BLOCK_SIZE}, {WC_CMAC_AES, 0, m, MLEN_320, k256, KLEN_256, t256_320, AES_BLOCK_SIZE}, {WC_CMAC_AES, 0, m, MLEN_512, k256, KLEN_256, t256_512, AES_BLOCK_SIZE}, +#endif +#ifdef WOLFSSL_AES_128 {WC_CMAC_AES, 0, m, MLEN_319, k128, KLEN_128, t128_319, AES_BLOCK_SIZE} +#endif }; Cmac cmac; @@ -16155,7 +16321,8 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, 0x72,0x6c,0x64 }; -#if !defined(NO_AES) && defined(HAVE_ECC) && defined(WOLFSSL_SHA512) +#if !defined(NO_AES) && defined(WOLFSSL_AES_256) && defined(HAVE_ECC) && \ + defined(WOLFSSL_SHA512) byte optionalUkm[] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 }; @@ -16171,35 +16338,39 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, #endif #ifndef NO_AES + #ifdef WOLFSSL_AES_128 {data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz, NULL, 0, "pkcs7envelopedDataAES128CBC.der"}, - + #endif + #ifdef WOLFSSL_AES_192 {data, (word32)sizeof(data), DATA, AES192CBCb, 0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz, NULL, 0, "pkcs7envelopedDataAES192CBC.der"}, - + #endif + #ifdef WOLFSSL_AES_256 {data, (word32)sizeof(data), DATA, AES256CBCb, 0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz, NULL, 0, "pkcs7envelopedDataAES256CBC.der"}, + #endif #endif /* NO_AES */ #endif /* key agreement key encryption technique*/ #ifdef HAVE_ECC #ifndef NO_AES - #ifndef NO_SHA + #if !defined(NO_SHA) && defined(WOLFSSL_AES_128) {data, (word32)sizeof(data), DATA, AES128CBCb, AES128_WRAP, dhSinglePass_stdDH_sha1kdf_scheme, eccCert, eccCertSz, eccPrivKey, eccPrivKeySz, NULL, 0, "pkcs7envelopedDataAES128CBC_ECDH_SHA1KDF.der"}, #endif - #ifndef NO_SHA256 + #if !defined(NO_SHA256) && defined(WOLFSSL_AES_256) {data, (word32)sizeof(data), DATA, AES256CBCb, AES256_WRAP, dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey, eccPrivKeySz, NULL, 0, "pkcs7envelopedDataAES256CBC_ECDH_SHA256KDF.der"}, - #endif /* NO_SHA256 */ + #endif /* NO_SHA256 && WOLFSSL_AES_256 */ - #ifdef WOLFSSL_SHA512 + #if defined(WOLFSSL_SHA512) && defined(WOLFSSL_AES_256) {data, (word32)sizeof(data), DATA, AES256CBCb, AES256_WRAP, dhSinglePass_stdDH_sha512kdf_scheme, eccCert, eccCertSz, eccPrivKey, eccPrivKeySz, NULL, 0, @@ -16210,7 +16381,7 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, dhSinglePass_stdDH_sha512kdf_scheme, eccCert, eccCertSz, eccPrivKey, eccPrivKeySz, optionalUkm, sizeof(optionalUkm), "pkcs7envelopedDataAES256CBC_ECDH_SHA512KDF_ukm.der"}, - #endif /* WOLFSSL_SHA512 */ + #endif /* WOLFSSL_SHA512 && WOLFSSL_AES_256 */ #endif /* NO_AES */ #endif }; @@ -16425,22 +16596,29 @@ int pkcs7encrypted_test(void) #endif #ifndef NO_AES +#ifdef WOLFSSL_AES_128 byte aes128Key[] = { 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08 }; +#endif +#ifdef WOLFSSL_AES_192 byte aes192Key[] = { 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08 }; +#endif +#ifdef WOLFSSL_AES_256 byte aes256Key[] = { 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08 }; +#endif +#ifdef WOLFSSL_AES_256 /* Attribute example from RFC 4134, Section 7.2 * OID = 1.2.5555 * OCTET STRING = 'This is a test General ASN Attribute, number 1.' */ @@ -16472,6 +16650,7 @@ int pkcs7encrypted_test(void) { genAttrOid, sizeof(genAttrOid), genAttr, sizeof(genAttr) }, { genAttrOid2, sizeof(genAttrOid2), genAttr2, sizeof(genAttr2) } }; +#endif #endif /* NO_AES */ const pkcs7EncryptedVector testVectors[] = @@ -16485,12 +16664,15 @@ int pkcs7encrypted_test(void) #endif /* NO_DES3 */ #ifndef NO_AES + #ifdef WOLFSSL_AES_128 {data, (word32)sizeof(data), DATA, AES128CBCb, aes128Key, sizeof(aes128Key), NULL, 0, "pkcs7encryptedDataAES128CBC.der"}, - + #endif + #ifdef WOLFSSL_AES_192 {data, (word32)sizeof(data), DATA, AES192CBCb, aes192Key, sizeof(aes192Key), NULL, 0, "pkcs7encryptedDataAES192CBC.der"}, - + #endif + #ifdef WOLFSSL_AES_256 {data, (word32)sizeof(data), DATA, AES256CBCb, aes256Key, sizeof(aes256Key), NULL, 0, "pkcs7encryptedDataAES256CBC.der"}, @@ -16504,6 +16686,7 @@ int pkcs7encrypted_test(void) sizeof(aes256Key), multiAttribs, (sizeof(multiAttribs)/sizeof(PKCS7Attrib)), "pkcs7encryptedDataAES256CBC_multi_attribs.der"}, + #endif #endif /* NO_AES */ }; @@ -16638,12 +16821,12 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz, PKCS7Attrib attribs[] = { - { transIdOid, sizeof(transIdOid), - transId, sizeof(transId) - 1 }, /* take off the null */ - { messageTypeOid, sizeof(messageTypeOid), - messageType, sizeof(messageType) }, - { senderNonceOid, sizeof(senderNonceOid), - senderNonce, sizeof(senderNonce) } + { transIdOid, sizeof(transIdOid), transId, + sizeof(transId) - 1 }, /* take off the null */ + { messageTypeOid, sizeof(messageTypeOid), messageType, + sizeof(messageType) }, + { senderNonceOid, sizeof(senderNonceOid), senderNonce, + sizeof(senderNonce) } }; const pkcs7SignedVector testVectors[] = diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 5354a9bb2d..12cb136647 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -277,32 +277,54 @@ #if !defined(NO_RSA) && !defined(NO_AES) && !defined(NO_TLS) #if !defined(NO_SHA) #if defined(WOLFSSL_STATIC_RSA) - #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA - #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA + #ifdef WOLFSSL_AES_128 + #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA + #endif + #ifdef WOLFSSL_AES_256 + #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA + #endif #endif #if defined(HAVE_NTRU) && defined(WOLFSSL_STATIC_RSA) + #ifdef WOLFSSL_AES_128 #define BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA + #endif + #ifdef WOLFSSL_AES_256 #define BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA + #endif #endif #endif #if defined(WOLFSSL_STATIC_RSA) #if !defined (NO_SHA256) - #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256 - #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256 + #ifdef WOLFSSL_AES_128 + #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256 + #endif + #ifdef WOLFSSL_AES_256 + #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256 + #endif #endif #if defined (HAVE_AESGCM) - #define BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256 - #if defined (WOLFSSL_SHA384) + #ifdef WOLFSSL_AES_128 + #define BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256 + #endif + #if defined (WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) #define BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384 #endif #endif #if defined (HAVE_AESCCM) - #define BUILD_TLS_RSA_WITH_AES_128_CCM_8 - #define BUILD_TLS_RSA_WITH_AES_256_CCM_8 + #ifdef WOLFSSL_AES_128 + #define BUILD_TLS_RSA_WITH_AES_128_CCM_8 + #endif + #ifdef WOLFSSL_AES_256 + #define BUILD_TLS_RSA_WITH_AES_256_CCM_8 + #endif #endif #if defined(HAVE_BLAKE2) - #define BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256 - #define BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256 + #ifdef WOLFSSL_AES_128 + #define BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256 + #endif + #ifdef WOLFSSL_AES_256 + #define BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256 + #endif #endif #endif #endif @@ -335,22 +357,32 @@ #if defined(WOLFSSL_STATIC_PSK) #if !defined(NO_PSK) && !defined(NO_AES) && !defined(NO_TLS) #if !defined(NO_SHA) - #define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA - #define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA + #ifdef WOLFSSL_AES_128 + #define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA + #endif + #ifdef WOLFSSL_AES_256 + #define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA + #endif #endif #ifndef NO_SHA256 + #ifdef WOLFSSL_AES_128 #define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256 #ifdef HAVE_AESGCM #define BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256 #endif + #endif /* WOLFSSL_AES_128 */ #ifdef HAVE_AESCCM - #define BUILD_TLS_PSK_WITH_AES_128_CCM_8 - #define BUILD_TLS_PSK_WITH_AES_256_CCM_8 - #define BUILD_TLS_PSK_WITH_AES_128_CCM - #define BUILD_TLS_PSK_WITH_AES_256_CCM + #ifdef WOLFSSL_AES_128 + #define BUILD_TLS_PSK_WITH_AES_128_CCM_8 + #define BUILD_TLS_PSK_WITH_AES_128_CCM + #endif + #ifdef WOLFSSL_AES_256 + #define BUILD_TLS_PSK_WITH_AES_256_CCM_8 + #define BUILD_TLS_PSK_WITH_AES_256_CCM + #endif #endif #endif - #ifdef WOLFSSL_SHA384 + #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) #define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384 #ifdef HAVE_AESGCM #define BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384 @@ -407,26 +439,34 @@ !defined(NO_RSA) #if !defined(NO_SHA) - #define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA - #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA + #ifdef WOLFSSL_AES_128 + #define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA + #endif + #ifdef WOLFSSL_AES_256 + #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA + #endif #if !defined(NO_DES3) #define BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA #endif #endif - #if !defined(NO_SHA256) - #define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 - #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 + #if !defined(NO_SHA256) && defined(HAVE_AES_CBC) + #ifdef WOLFSSL_AES_128 + #define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 + #endif + #ifdef WOLFSSL_AES_256 + #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 + #endif #endif #endif #if defined(HAVE_ANON) && !defined(NO_TLS) && !defined(NO_DH) && \ - !defined(NO_AES) && !defined(NO_SHA) + !defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128) #define BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA #endif #if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS) #ifndef NO_SHA256 - #ifndef NO_AES + #if !defined(NO_AES) && defined(WOLFSSL_AES_128) #define BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 #endif #ifdef HAVE_NULL_CIPHER @@ -434,7 +474,7 @@ #endif #endif #ifdef WOLFSSL_SHA384 - #ifndef NO_AES + #if !defined(NO_AES) && defined(WOLFSSL_AES_256) #define BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 #endif #ifdef HAVE_NULL_CIPHER @@ -447,23 +487,39 @@ #if !defined(NO_AES) #if !defined(NO_SHA) #if !defined(NO_RSA) - #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA + #ifdef WOLFSSL_AES_128 + #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA + #endif + #ifdef WOLFSSL_AES_256 + #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA + #endif #if defined(WOLFSSL_STATIC_DH) - #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA - #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA + #ifdef WOLFSSL_AES_128 + #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA + #endif + #ifdef WOLFSSL_AES_256 + #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA + #endif #endif #endif - #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA + #ifdef WOLFSSL_AES_128 + #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA + #endif + #ifdef WOLFSSL_AES_256 + #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA + #endif #if defined(WOLFSSL_STATIC_DH) - #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA - #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA + #ifdef WOLFSSL_AES_128 + #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA + #endif + #ifdef WOLFSSL_AES_256 + #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA + #endif #endif #endif /* NO_SHA */ - #ifndef NO_SHA256 + #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128) #if !defined(NO_RSA) #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 #if defined(WOLFSSL_STATIC_DH) @@ -476,7 +532,7 @@ #endif #endif - #ifdef WOLFSSL_SHA384 + #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) #if !defined(NO_RSA) #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 #if defined(WOLFSSL_STATIC_DH) @@ -492,21 +548,25 @@ #if defined (HAVE_AESGCM) #if !defined(NO_RSA) #if defined(WOLFSSL_STATIC_DH) - #define BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 + #ifdef WOLFSSL_AES_128 + #define BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 + #endif #endif #if defined(WOLFSSL_SHA384) #if defined(WOLFSSL_STATIC_DH) - #define BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 + #ifdef WOLFSSL_AES_256 + #define BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 + #endif #endif #endif #endif - #if defined(WOLFSSL_STATIC_DH) + #if defined(WOLFSSL_STATIC_DH) && defined(WOLFSSL_AES_128) #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 #endif #if defined(WOLFSSL_SHA384) - #if defined(WOLFSSL_STATIC_DH) + #if defined(WOLFSSL_STATIC_DH) && defined(WOLFSSL_AES_256) #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 #endif #endif @@ -550,7 +610,8 @@ #define BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256 #endif #endif - #if !defined(NO_PSK) && !defined(NO_SHA256) && !defined(NO_AES) + #if !defined(NO_PSK) && !defined(NO_SHA256) && !defined(NO_AES) && \ + defined(WOLFSSL_AES_128) #define BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 #endif #endif @@ -582,39 +643,44 @@ #if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \ !defined(NO_RSA) && defined(HAVE_AESGCM) - #ifndef NO_SHA256 + #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128) #define BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 #endif - #ifdef WOLFSSL_SHA384 + #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) #define BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 #endif #endif #if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS) #ifndef NO_SHA256 - #ifdef HAVE_AESGCM + #if defined(HAVE_AESGCM) && defined(WOLFSSL_AES_128) #define BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 #endif #ifdef HAVE_AESCCM - #define BUILD_TLS_DHE_PSK_WITH_AES_128_CCM - #define BUILD_TLS_DHE_PSK_WITH_AES_256_CCM + #ifdef WOLFSSL_AES_128 + #define BUILD_TLS_DHE_PSK_WITH_AES_128_CCM + #endif + #ifdef WOLFSSL_AES_256 + #define BUILD_TLS_DHE_PSK_WITH_AES_256_CCM + #endif #endif #endif - #if defined(WOLFSSL_SHA384) && defined(HAVE_AESGCM) + #if defined(WOLFSSL_SHA384) && defined(HAVE_AESGCM) && \ + defined(WOLFSSL_AES_256) #define BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 #endif #endif #if defined(HAVE_ECC) && !defined(NO_TLS) && !defined(NO_AES) #ifdef HAVE_AESGCM - #ifndef NO_SHA256 + #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128) #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 #ifndef NO_RSA #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 #endif #endif - #ifdef WOLFSSL_SHA384 + #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 #ifndef NO_RSA #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 @@ -622,9 +688,13 @@ #endif #endif #if defined(HAVE_AESCCM) && !defined(NO_SHA256) - #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM - #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 - #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 + #ifdef WOLFSSL_AES_128 + #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM + #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 + #endif + #ifdef WOLFSSL_AES_256 + #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 + #endif #endif #endif @@ -642,10 +712,10 @@ #if defined(WOLFSSL_TLS13) #ifdef HAVE_AESGCM - #ifndef NO_SHA256 + #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128) #define BUILD_TLS_AES_128_GCM_SHA256 #endif - #ifdef WOLFSSL_SHA384 + #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) #define BUILD_TLS_AES_256_GCM_SHA384 #endif #endif @@ -657,7 +727,7 @@ #endif #ifdef HAVE_AESCCM - #ifndef NO_SHA256 + #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128) #define BUILD_TLS_AES_128_CCM_SHA256 #define BUILD_TLS_AES_128_CCM_8_SHA256 #endif @@ -3044,10 +3114,11 @@ struct WOLFSSL_STACK { struct WOLFSSL_X509_NAME { char *name; - char staticName[ASN_NAME_MAX]; int dynamicName; int sz; -#if defined(OPENSSL_EXTRA) && !defined(NO_ASN) + char staticName[ASN_NAME_MAX]; +#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ + !defined(NO_ASN) DecodedName fullName; WOLFSSL_X509_NAME_ENTRY cnEntry; WOLFSSL_X509_NAME_ENTRY extra[MAX_NAME_ENTRIES]; /* extra entries added */ @@ -3069,83 +3140,85 @@ struct WOLFSSL_X509_NAME { struct WOLFSSL_X509 { int version; - WOLFSSL_X509_NAME issuer; - WOLFSSL_X509_NAME subject; int serialSz; - byte serial[EXTERNAL_SERIAL_SIZE]; - char subjectCN[ASN_NAME_MAX]; /* common name short cut */ -#ifdef WOLFSSL_CERT_REQ - char challengePw[CTC_NAME_SIZE]; /* for REQ certs */ -#endif #ifdef WOLFSSL_SEP int deviceTypeSz; - byte deviceType[EXTERNAL_SERIAL_SIZE]; int hwTypeSz; + byte deviceType[EXTERNAL_SERIAL_SIZE]; byte hwType[EXTERNAL_SERIAL_SIZE]; int hwSerialNumSz; byte hwSerialNum[EXTERNAL_SERIAL_SIZE]; - #ifdef OPENSSL_EXTRA + #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) byte certPolicySet; byte certPolicyCrit; #endif /* OPENSSL_EXTRA */ #endif int notBeforeSz; - byte notBefore[MAX_DATE_SZ]; int notAfterSz; + byte notBefore[MAX_DATE_SZ]; byte notAfter[MAX_DATE_SZ]; - int sigOID; buffer sig; - int pubKeyOID; + int sigOID; + DNS_entry* altNames; /* alt names list */ buffer pubKey; + int pubKeyOID; + DNS_entry* altNamesNext; /* hint for retrieval */ #ifdef HAVE_ECC word32 pkCurveOID; #endif /* HAVE_ECC */ #ifndef NO_CERTS DerBuffer* derCert; /* may need */ #endif - DNS_entry* altNames; /* alt names list */ - DNS_entry* altNamesNext; /* hint for retrieval */ void* heap; /* heap hint */ byte dynamicMemory; /* dynamic memory flag */ - byte isCa; + byte isCa:1; #ifdef WOLFSSL_CERT_EXT char certPolicies[MAX_CERTPOL_NB][MAX_CERTPOL_SZ]; int certPoliciesNb; #endif /* WOLFSSL_CERT_EXT */ -#ifdef OPENSSL_EXTRA +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) #ifdef HAVE_EX_DATA void* ex_data[MAX_EX_DATA]; #endif + byte* authKeyId; + byte* subjKeyId; + byte* extKeyUsageSrc; + byte* CRLInfo; + byte* authInfo; word32 pathLength; word16 keyUsage; - byte CRLdistSet; - byte CRLdistCrit; - byte* CRLInfo; int CRLInfoSz; - byte authInfoSet; - byte authInfoCrit; - byte* authInfo; int authInfoSz; - byte basicConstSet; - byte basicConstCrit; - byte basicConstPlSet; - byte subjAltNameSet; - byte subjAltNameCrit; - byte authKeyIdSet; - byte authKeyIdCrit; - byte* authKeyId; word32 authKeyIdSz; - byte subjKeyIdSet; - byte subjKeyIdCrit; - byte* subjKeyId; word32 subjKeyIdSz; - byte keyUsageSet; - byte keyUsageCrit; - byte extKeyUsageCrit; - byte* extKeyUsageSrc; word32 extKeyUsageSz; word32 extKeyUsageCount; -#endif /* OPENSSL_EXTRA */ + + byte CRLdistSet:1; + byte CRLdistCrit:1; + byte authInfoSet:1; + byte authInfoCrit:1; + byte keyUsageSet:1; + byte keyUsageCrit:1; + byte extKeyUsageCrit:1; + byte subjKeyIdSet:1; + + byte subjKeyIdCrit:1; + byte basicConstSet:1; + byte basicConstCrit:1; + byte basicConstPlSet:1; + byte subjAltNameSet:1; + byte subjAltNameCrit:1; + byte authKeyIdSet:1; + byte authKeyIdCrit:1; +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ + byte serial[EXTERNAL_SERIAL_SIZE]; + char subjectCN[ASN_NAME_MAX]; /* common name short cut */ +#ifdef WOLFSSL_CERT_REQ + char challengePw[CTC_NAME_SIZE]; /* for REQ certs */ +#endif + WOLFSSL_X509_NAME issuer; + WOLFSSL_X509_NAME subject; }; diff --git a/wolfssl/openssl/evp.h b/wolfssl/openssl/evp.h index ee482021d8..1baf063e1b 100644 --- a/wolfssl/openssl/evp.h +++ b/wolfssl/openssl/evp.h @@ -165,7 +165,9 @@ enum { EVP_PKEY_RSA = 16, EVP_PKEY_DSA = 17, EVP_PKEY_EC = 18, +#ifdef HAVE_IDEA IDEA_CBC_TYPE = 19, +#endif NID_sha1 = 64, NID_sha224 = 65, NID_md2 = 77, diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 261e04aab2..327d80856b 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -84,7 +84,7 @@ #define NO_OLD_WC_NAMES #endif -#elif defined(OPENSSL_EXTRA) +#elif (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) #include #include @@ -223,7 +223,7 @@ struct WOLFSSL_EVP_PKEY { union { char* ptr; /* der format of key / or raw for NTRU */ } pkey; - #ifdef OPENSSL_EXTRA + #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) #ifndef NO_RSA WOLFSSL_RSA* rsa; byte ownRsa; /* if struct owns RSA and should free it */ @@ -233,7 +233,7 @@ struct WOLFSSL_EVP_PKEY { byte ownEcc; /* if struct owns ECC and should free it */ #endif WC_RNG rng; - #endif + #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ #ifdef HAVE_ECC int pkey_curve; #endif @@ -733,7 +733,6 @@ WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get1_session(WOLFSSL* ssl); /* what's ref count */ WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_new(void); -WOLFSSL_API void wolfSSL_X509_free(WOLFSSL_X509*); #ifdef OPENSSL_EXTRA WOLFSSL_API void wolfSSL_OPENSSL_free(void*); @@ -1470,7 +1469,8 @@ WOLFSSL_API unsigned char* wolfSSL_get_chain_cert(WOLFSSL_X509_CHAIN*, int idx); /* index cert in X509 */ WOLFSSL_API WOLFSSL_X509* wolfSSL_get_chain_X509(WOLFSSL_X509_CHAIN*, int idx); /* free X509 */ -WOLFSSL_API void wolfSSL_FreeX509(WOLFSSL_X509*); +#define wolfSSL_FreeX509(x509) wolfSSL_X509_free((x509)) +WOLFSSL_API void wolfSSL_X509_free(WOLFSSL_X509*); /* get index cert in PEM */ WOLFSSL_API int wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN*, int idx, unsigned char* buf, int inLen, int* outLen); @@ -1775,7 +1775,9 @@ enum BulkCipherAlgorithm { wolfssl_des, wolfssl_triple_des, /* leading 3 (3des) not valid identifier */ wolfssl_des40, +#ifdef HAVE_IDEA wolfssl_idea, +#endif wolfssl_aes, wolfssl_aes_gcm, wolfssl_aes_ccm, @@ -2414,6 +2416,21 @@ WOLFSSL_API int wolfSSL_accept_ex(WOLFSSL*, HandShakeCallBack, TimeoutCallBack, WOLFSSL_API void wolfSSL_cert_service(void); #endif +#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) +/* Smaller subset of X509 compatibility functions. Avoid increasing the size of + * this subset and its memory usage */ + +#include +struct WOLFSSL_X509_NAME_ENTRY { + WOLFSSL_ASN1_OBJECT* object; /* not defined yet */ + WOLFSSL_ASN1_STRING data; + WOLFSSL_ASN1_STRING* value; /* points to data, for lighttpd port */ + int nid; /* i.e. ASN_COMMON_NAME */ + int set; + int size; +}; +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ + #ifdef OPENSSL_EXTRA enum { @@ -2520,16 +2537,6 @@ struct WOLFSSL_ASN1_BIT_STRING { }; -#include -struct WOLFSSL_X509_NAME_ENTRY { - WOLFSSL_ASN1_OBJECT* object; /* not defined yet */ - WOLFSSL_ASN1_STRING data; - WOLFSSL_ASN1_STRING* value; /* points to data, for lighttpd port */ - int nid; /* i.e. ASN_COMMON_NAME */ - int set; - int size; -}; - #if defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE) \ || defined(HAVE_STUNNEL) \ || defined(WOLFSSL_NGINX) \ diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 1b30172217..5777e1dd9a 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -571,7 +571,7 @@ struct DecodedCert { word16 extKeyUsage; /* Key usage bitfield */ byte extExtKeyUsage; /* Extended Key usage bitfield */ -#ifdef OPENSSL_EXTRA +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) byte* extExtKeyUsageSrc; word32 extExtKeyUsageSz; word32 extExtKeyUsageCount; @@ -619,7 +619,7 @@ struct DecodedCert { char* subjectEmail; int subjectEmailLen; #endif /* WOLFSSL_CERT_GEN */ -#ifdef OPENSSL_EXTRA +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) DecodedName issuerName; DecodedName subjectName; #endif /* OPENSSL_EXTRA */ @@ -659,7 +659,7 @@ struct DecodedCert { #ifdef WOLFSSL_SEP byte extCertPolicySet : 1; #endif -#ifdef OPENSSL_EXTRA +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) byte extCRLdistCrit : 1; byte extAuthInfoCrit : 1; byte extBasicConstCrit : 1; @@ -679,30 +679,30 @@ struct DecodedCert { }; -extern const char* BEGIN_CERT; -extern const char* END_CERT; -extern const char* BEGIN_CERT_REQ; -extern const char* END_CERT_REQ; -extern const char* BEGIN_DSA_PARAM; -extern const char* END_DSA_PARAM; -extern const char* BEGIN_DH_PARAM; -extern const char* END_DH_PARAM; -extern const char* BEGIN_X509_CRL; -extern const char* END_X509_CRL; -extern const char* BEGIN_RSA_PRIV; -extern const char* END_RSA_PRIV; -extern const char* BEGIN_PRIV_KEY; -extern const char* END_PRIV_KEY; -extern const char* BEGIN_ENC_PRIV_KEY; -extern const char* END_ENC_PRIV_KEY; -extern const char* BEGIN_EC_PRIV; -extern const char* END_EC_PRIV; -extern const char* BEGIN_DSA_PRIV; -extern const char* END_DSA_PRIV; -extern const char* BEGIN_PUB_KEY; -extern const char* END_PUB_KEY; -extern const char* BEGIN_EDDSA_PRIV; -extern const char* END_EDDSA_PRIV; +extern const char* const BEGIN_CERT; +extern const char* const END_CERT; +extern const char* const BEGIN_CERT_REQ; +extern const char* const END_CERT_REQ; +extern const char* const BEGIN_DSA_PARAM; +extern const char* const END_DSA_PARAM; +extern const char* const BEGIN_DH_PARAM; +extern const char* const END_DH_PARAM; +extern const char* const BEGIN_X509_CRL; +extern const char* const END_X509_CRL; +extern const char* const BEGIN_RSA_PRIV; +extern const char* const END_RSA_PRIV; +extern const char* const BEGIN_PRIV_KEY; +extern const char* const END_PRIV_KEY; +extern const char* const BEGIN_ENC_PRIV_KEY; +extern const char* const END_ENC_PRIV_KEY; +extern const char* const BEGIN_EC_PRIV; +extern const char* const END_EC_PRIV; +extern const char* const BEGIN_DSA_PRIV; +extern const char* const END_DSA_PRIV; +extern const char* const BEGIN_PUB_KEY; +extern const char* const END_PUB_KEY; +extern const char* const BEGIN_EDDSA_PRIV; +extern const char* const END_EDDSA_PRIV; #ifdef NO_SHA #define SIGNER_DIGEST_SIZE WC_SHA256_DIGEST_SIZE @@ -758,7 +758,8 @@ struct TrustedPeerCert { /* for testing or custom openssl wrappers */ -#if defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) +#if defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL) #define WOLFSSL_ASN_API WOLFSSL_API #else #define WOLFSSL_ASN_API WOLFSSL_LOCAL diff --git a/wolfssl/wolfcrypt/pkcs7.h b/wolfssl/wolfcrypt/pkcs7.h index 1cb37cc845..efa3d7d182 100644 --- a/wolfssl/wolfcrypt/pkcs7.h +++ b/wolfssl/wolfcrypt/pkcs7.h @@ -84,56 +84,53 @@ typedef struct PKCS7Attrib { typedef struct PKCS7DecodedAttrib { + struct PKCS7DecodedAttrib* next; byte* oid; word32 oidSz; byte* value; word32 valueSz; - struct PKCS7DecodedAttrib* next; } PKCS7DecodedAttrib; typedef struct PKCS7 { - byte* content; /* inner content, not owner */ - word32 contentSz; /* content size */ - int contentOID; /* PKCS#7 content type OID sum */ - WC_RNG* rng; - - int hashOID; - int encryptOID; /* key encryption algorithm OID */ - int keyWrapOID; /* key wrap algorithm OID */ - int keyAgreeOID; /* key agreement algorithm OID */ - + PKCS7Attrib* signedAttribs; + byte* content; /* inner content, not owner */ + byte* singleCert; /* recipient cert, DER, not owner */ + byte* issuer; /* issuer name of singleCert */ + byte* privateKey; /* private key, DER, not owner */ void* heap; /* heap hint for dynamic memory */ byte* cert[MAX_PKCS7_CERTS]; - word32 certSz[MAX_PKCS7_CERTS]; - byte* singleCert; /* recipient cert, DER, not owner */ - word32 singleCertSz; /* size of recipient cert buffer, bytes */ - byte issuerHash[KEYID_SIZE]; /* hash of all alt Names */ - byte* issuer; /* issuer name of singleCert */ - word32 issuerSz; /* length of issuer name */ - byte issuerSn[MAX_SN_SZ]; /* singleCert's serial number */ - word32 issuerSnSz; /* length of serial number */ - byte publicKey[MAX_RSA_INT_SZ + MAX_RSA_E_SZ ];/*MAX RSA key size (m + e)*/ - word32 publicKeySz; - word32 publicKeyOID; /* key OID (RSAk, ECDSAk, etc) */ - byte* privateKey; /* private key, DER, not owner */ - word32 privateKeySz; /* size of private key buffer, bytes */ - - PKCS7Attrib* signedAttribs; - word32 signedAttribsSz; + /* Encrypted-data Content Type */ + byte* encryptionKey; /* block cipher encryption key */ + PKCS7Attrib* unprotectedAttribs; /* optional */ + PKCS7DecodedAttrib* decodedAttrib; /* linked list of decoded attribs */ /* Enveloped-data optional ukm, not owner */ byte* ukm; word32 ukmSz; - /* Encrypted-data Content Type */ - byte* encryptionKey; /* block cipher encryption key */ - word32 encryptionKeySz; /* size of key buffer, bytes */ - PKCS7Attrib* unprotectedAttribs; /* optional */ - word32 unprotectedAttribsSz; - PKCS7DecodedAttrib* decodedAttrib; /* linked list of decoded attribs */ + word32 encryptionKeySz; /* size of key buffer, bytes */ + word32 unprotectedAttribsSz; + word32 contentSz; /* content size */ + word32 singleCertSz; /* size of recipient cert buffer, bytes */ + word32 issuerSz; /* length of issuer name */ + word32 issuerSnSz; /* length of serial number */ + + word32 publicKeySz; + word32 publicKeyOID; /* key OID (RSAk, ECDSAk, etc) */ + word32 privateKeySz; /* size of private key buffer, bytes */ + word32 signedAttribsSz; + int contentOID; /* PKCS#7 content type OID sum */ + int hashOID; + int encryptOID; /* key encryption algorithm OID */ + int keyWrapOID; /* key wrap algorithm OID */ + int keyAgreeOID; /* key agreement algorithm OID */ + byte issuerHash[KEYID_SIZE]; /* hash of all alt Names */ + byte issuerSn[MAX_SN_SZ]; /* singleCert's serial number */ + byte publicKey[MAX_RSA_INT_SZ + MAX_RSA_E_SZ ];/*MAX RSA key size (m + e)*/ + word32 certSz[MAX_PKCS7_CERTS]; } PKCS7; diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 7dcc089a05..72e5d22a7f 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -1399,6 +1399,23 @@ extern void uITRON4_free(void *p) ; #undef AES_MAX_KEY_SIZE #define AES_MAX_KEY_SIZE 256 #endif + + #ifndef NO_AES_128 + #undef WOLFSSL_AES_128 + #define WOLFSSL_AES_128 + #endif + #if !defined(NO_AES_192) && AES_MAX_KEY_SIZE >= 192 + #undef WOLFSSL_AES_192 + #define WOLFSSL_AES_192 + #endif + #if !defined(NO_AES_256) && AES_MAX_KEY_SIZE >= 256 + #undef WOLFSSL_AES_256 + #define WOLFSSL_AES_256 + #endif + #if !defined(WOLFSSL_AES_128) && defined(HAVE_ECC_ENCRYPT) + #warning HAVE_ECC_ENCRYPT uses AES 128 bit keys + #endif + #ifndef NO_AES_DECRYPT #undef HAVE_AES_DECRYPT #define HAVE_AES_DECRYPT @@ -1616,6 +1633,13 @@ extern void uITRON4_free(void *p) ; #endif #endif +/* switch for compatibility layer functionality. Has subparts i.e. BIO/X509 + * When opensslextra is enabled all subparts should be turned on. */ +#ifdef OPENSSL_EXTRA + #undef OPENSSL_EXTRA_X509_SMALL + #define OPENSSL_EXTRA_X509_SMALL +#endif /* OPENSSL_EXTRA */ + #ifdef __cplusplus } /* extern "C" */ #endif