Merge pull request #6935 from SparkiDev/ssl_crypto_extract

ssl.c: Move out crypto compat APIs
2025-07-30 18:57:27 +02:00 · 2023-11-16 11:58:14 -07:00
parent 8e05b5a9ab 54f2d56300
commit 6945093221
15 changed files with 5621 additions and 4100 deletions
--- a/IDE/Espressif/ESP-IDF/UPDATE.md
+++ b/IDE/Espressif/ESP-IDF/UPDATE.md
@ -21,3 +21,4 @@ Updates to Espressif ESP-IDF wolfssl_benchmark and wolfssl_test examples:
 - Added VisualGDB Project file & Visual Studio solution file.
 - Added optional `time_helper` for wolfssl_test
 - Exclude `ssl_misc.c` in component cmake to fix warning:  #warning ssl_misc.c does not need to be compiled separately from ssl.c
 - Exclude `ssl_crypto.c` in component cmake to fix warning:  #warning ssl_crypto.c does not need to be compiled separately from ssl.c
--- a/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/template/components/wolfssl/CMakeLists.txt
@ -353,8 +353,9 @@ else()
        "\"${WOLFSSL_ROOT}/src/misc.c\""
        "\"${WOLFSSL_ROOT}/src/pk.c\""
        "\"${WOLFSSL_ROOT}/src/ssl_asn1.c\""    # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/ssl_certman.c\"" # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/ssl_bn.c\""      # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/ssl_certman.c\"" # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/ssl_crypto.c\""  # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/ssl_misc.c\""    # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/x509.c\""
        "\"${WOLFSSL_ROOT}/src/x509_str.c\""
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_benchmark/components/wolfssl/CMakeLists.txt
@ -353,6 +353,7 @@ else()
        "\"${WOLFSSL_ROOT}/src/ssl_asn1.c\""    # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/ssl_bn.c\""      # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/ssl_certman.c\"" # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/ssl_crypto.c\""  # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/ssl_misc.c\""    # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/x509.c\""
        "\"${WOLFSSL_ROOT}/src/x509_str.c\""
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_client/components/wolfssl/CMakeLists.txt
@ -393,6 +393,7 @@ else()
        "\"${WOLFSSL_ROOT}/src/ssl_asn1.c\""    # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/ssl_bn.c\""      # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/ssl_certman.c\"" # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/ssl_crypto.c\""  # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/ssl_misc.c\""    # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/x509.c\""
        "\"${WOLFSSL_ROOT}/src/x509_str.c\""
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_server/components/wolfssl/CMakeLists.txt
@ -393,6 +393,7 @@ else()
        "\"${WOLFSSL_ROOT}/src/ssl_asn1.c\""    # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/ssl_bn.c\""      # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/ssl_certman.c\"" # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/ssl_crypto.c\""  # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/ssl_misc.c\""    # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/x509.c\""
        "\"${WOLFSSL_ROOT}/src/x509_str.c\""
--- a/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/examples/wolfssl_test/components/wolfssl/CMakeLists.txt
@ -482,6 +482,7 @@ endif()
        "\"${WOLFSSL_ROOT}/src/ssl_asn1.c\""    # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/ssl_bn.c\""      # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/ssl_certman.c\"" # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/ssl_crypto.c\""  # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/ssl_misc.c\""    # included by ssl.c
        "\"${WOLFSSL_ROOT}/src/x509.c\""
        "\"${WOLFSSL_ROOT}/src/x509_str.c\""
--- a/IDE/Espressif/ESP-IDF/libs/CMakeLists.txt
+++ b/IDE/Espressif/ESP-IDF/libs/CMakeLists.txt
@ -71,7 +71,11 @@ set(COMPONENT_SRCEXCLUDE
    "./src/conf.c"
    "./src/misc.c"
    "./src/pk.c"
-    "./src/ssl_misc.c" # included by ssl.c
+    "./src/ssl_asn1.c"    # included by ssl.c
    "./src/ssl_bn.c"      # included by ssl.c
    "./src/ssl_certman.c" # included by ssl.c
    "./src/ssl_crypto.c"  # included by ssl.c
    "./src/ssl_misc.c"    # included by ssl.c
    "./src/x509.c"
    "./src/x509_str.c"
    "./wolfcrypt/src/evp.c"
--- a/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/CMakeLists.txt
+++ b/IDE/MSVS-2019-AZSPHERE/wolfssl_new_azsphere/CMakeLists.txt
@ -37,6 +37,10 @@ list( REMOVE_ITEM SSL_SOURCES ../../../src/conf.c )
 list( REMOVE_ITEM SSL_SOURCES ../../../src/x509.c )
 list( REMOVE_ITEM SSL_SOURCES ../../../src/x509_str.c )
 list( REMOVE_ITEM SSL_SOURCES ../../../src/pk.c )
 list( REMOVE_ITEM SSL_SOURCES ../../../src/ssl_asn1.c )
 list( REMOVE_ITEM SSL_SOURCES ../../../src/ssl_bn.c )
 list( REMOVE_ITEM SSL_SOURCES ../../../src/ssl_certman.c )
 list( REMOVE_ITEM SSL_SOURCES ../../../src/ssl_crypto.c )
 list( REMOVE_ITEM SSL_SOURCES ../../../src/ssl_misc.c )
 aux_source_directory( ${CRYPTO_SRC_DIR} CRYPTO_SOURCES )
 list( REMOVE_ITEM CRYPTO_SOURCES ../../../wolfcrypt/src/evp.c )
--- a/src/include.am
+++ b/src/include.am
@ -20,6 +20,7 @@ EXTRA_DIST += src/pk.c
 EXTRA_DIST += src/ssl_asn1.c
 EXTRA_DIST += src/ssl_bn.c
 EXTRA_DIST += src/ssl_certman.c
 EXTRA_DIST += src/ssl_crypto.c
 EXTRA_DIST += src/ssl_misc.c
 EXTRA_DIST += src/x509.c
 EXTRA_DIST += src/x509_str.c
--- a/src/ssl.c
+++ b/src/ssl.c
--- a/src/ssl_certman.c
+++ b/src/ssl_certman.c
@ -844,7 +844,9 @@ int wolfSSL_CertManagerVerify(WOLFSSL_CERT_MANAGER* cm, const char* fname,
    if (buff != staticBuffer)
 #endif
    {
-        XFREE(buff, cm->heap, DYNAMIC_TYPE_FILE);
+        if (cm != NULL) {
            XFREE(buff, cm->heap, DYNAMIC_TYPE_FILE);
        }
    }
    return ret;
 }
--- a/src/ssl_crypto.c
+++ b/src/ssl_crypto.c
--- a/tests/api.c
+++ b/tests/api.c
--- a/wolfcrypt/src/evp.c
+++ b/wolfcrypt/src/evp.c
@ -4112,6 +4112,86 @@ const unsigned char* wolfSSL_EVP_PKEY_get0_hmac(const WOLFSSL_EVP_PKEY* pkey,
    return (const unsigned char*)pkey->pkey.ptr;
 }
 static int wolfssl_evp_md_to_hash_type(const WOLFSSL_EVP_MD *type,
    int* hashType)
 {
    int ret = 0;
 #ifndef NO_SHA256
    if (XSTRCMP(type, "SHA256") == 0) {
        *hashType = WC_SHA256;
    }
    else
 #endif
 #ifndef NO_SHA
    if ((XSTRCMP(type, "SHA") == 0) || (XSTRCMP(type, "SHA1") == 0)) {
        *hashType = WC_SHA;
    }
    else
 #endif /* NO_SHA */
 #ifdef WOLFSSL_SHA224
    if (XSTRCMP(type, "SHA224") == 0) {
        *hashType = WC_SHA224;
    }
    else
 #endif
 #ifdef WOLFSSL_SHA384
    if (XSTRCMP(type, "SHA384") == 0) {
        *hashType = WC_SHA384;
    }
    else
 #endif
 #ifdef WOLFSSL_SHA512
    if (XSTRCMP(type, "SHA512") == 0) {
        *hashType = WC_SHA512;
    }
    else
 #endif
 #ifdef WOLFSSL_SHA3
    #ifndef WOLFSSL_NOSHA3_224
        if (XSTRCMP(type, "SHA3_224") == 0) {
            *hashType = WC_SHA3_224;
        }
        else
    #endif
    #ifndef WOLFSSL_NOSHA3_256
        if (XSTRCMP(type, "SHA3_256") == 0) {
            *hashType = WC_SHA3_256;
        }
        else
    #endif
    #ifndef WOLFSSL_NOSHA3_384
        if (XSTRCMP(type, "SHA3_384") == 0) {
            *hashType = WC_SHA3_384;
        }
        else
    #endif
    #ifndef WOLFSSL_NOSHA3_512
        if (XSTRCMP(type, "SHA3_512") == 0) {
            *hashType = WC_SHA3_512;
        }
        else
    #endif
 #endif
 #ifdef WOLFSSL_SM3
    if (XSTRCMP(type, "SM3") == 0) {
        *hashType = WC_SM3;
    }
    else
 #endif
 #ifndef NO_MD5
    if (XSTRCMP(type, "MD5") == 0) {
        *hashType = WC_MD5;
    }
    else
 #endif
    {
        ret = BAD_FUNC_ARG;
    }
    return ret;
 }
 /* Initialize an EVP_DigestSign/Verify operation.
 * Initialize a digest for RSA and ECC keys, or HMAC for HMAC key.
 */
@ -4129,86 +4209,29 @@ static int wolfSSL_evp_digest_pk_init(WOLFSSL_EVP_MD_CTX *ctx,
            return WOLFSSL_FAILURE;
        }
        type = wolfSSL_EVP_get_digestbynid(default_digest);
-        if (!type) {
+        if (type == NULL) {
            return BAD_FUNC_ARG;
        }
    }
    if (pkey->type == EVP_PKEY_HMAC) {
-        int                  hashType;
+        int hashType;
        int ret;
        size_t keySz = 0;
        const unsigned char* key;
-    #ifndef NO_SHA256
+        ret = wolfssl_evp_md_to_hash_type(type, &hashType);
-        if (XSTRCMP(type, "SHA256") == 0) {
+        if (ret != 0) {
-            hashType = WC_SHA256;
+             return ret;
        } else
    #endif
    #ifndef NO_SHA
        if ((XSTRCMP(type, "SHA") == 0) || (XSTRCMP(type, "SHA1") == 0)) {
            hashType = WC_SHA;
        } else
    #endif /* NO_SHA */
    #ifdef WOLFSSL_SHA224
        if (XSTRCMP(type, "SHA224") == 0) {
            hashType = WC_SHA224;
        } else
    #endif
    #ifdef WOLFSSL_SHA384
        if (XSTRCMP(type, "SHA384") == 0) {
            hashType = WC_SHA384;
        } else
    #endif
    #ifdef WOLFSSL_SHA512
        if (XSTRCMP(type, "SHA512") == 0) {
            hashType = WC_SHA512;
        } else
    #endif
 #ifdef WOLFSSL_SHA3
    #ifndef WOLFSSL_NOSHA3_224
        if (XSTRCMP(type, "SHA3_224") == 0) {
            hashType = WC_SHA3_224;
        } else
    #endif
    #ifndef WOLFSSL_NOSHA3_256
        if (XSTRCMP(type, "SHA3_256") == 0) {
            hashType = WC_SHA3_256;
        } else
    #endif
    #ifndef WOLFSSL_NOSHA3_384
        if (XSTRCMP(type, "SHA3_384") == 0) {
            hashType = WC_SHA3_384;
        } else
    #endif
    #ifndef WOLFSSL_NOSHA3_512
        if (XSTRCMP(type, "SHA3_512") == 0) {
            hashType = WC_SHA3_512;
        } else
    #endif
 #endif
    #ifdef WOLFSSL_SM3
        if (XSTRCMP(type, "SM3") == 0) {
            hashType = WC_SM3;
        } else
    #endif
    #ifndef NO_MD5
        if (XSTRCMP(type, "MD5") == 0) {
            hashType = WC_MD5;
        } else
    #endif
             return BAD_FUNC_ARG;
        {
            size_t keySz = 0;
            const unsigned char* key;
            key = wolfSSL_EVP_PKEY_get0_hmac(pkey, &keySz);
            if (wc_HmacInit(&ctx->hash.hmac, NULL, INVALID_DEVID) != 0)
                return WOLFSSL_FAILURE;
            if (wc_HmacSetKey(&ctx->hash.hmac, hashType, key, (word32)keySz) != 0)
                return WOLFSSL_FAILURE;
        }
        key = wolfSSL_EVP_PKEY_get0_hmac(pkey, &keySz);
        if (wc_HmacInit(&ctx->hash.hmac, NULL, INVALID_DEVID) != 0)
            return WOLFSSL_FAILURE;
        if (wc_HmacSetKey(&ctx->hash.hmac, hashType, key, (word32)keySz) != 0)
            return WOLFSSL_FAILURE;
        ctx->isHMAC = 1;
    }
    else if (wolfSSL_EVP_DigestInit(ctx, type) != 1)
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@ -15463,7 +15463,7 @@ static void initDefaultName(void)
    WOLFSSL_SMALL_STACK_STATIC const char certKeyUsage[] =
        "digitalSignature,nonRepudiation";
    #endif
-    #if defined(WOLFSSL_CERT_REQ) && !defined(NO_RSA)
+    #if defined(WOLFSSL_CERT_REQ) && !defined(NO_RSA) && !defined(NO_ASN_TIME)
        WOLFSSL_SMALL_STACK_STATIC const char certKeyUsage2[] =
        "digitalSignature,nonRepudiation,keyEncipherment,keyAgreement";
    #endif