wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 02:37:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4270 from dgarske/zd12586

Browse Source 
Fixes for various PKCS7 and SRP build issues
This commit is contained in:
Sean Parkinson
2021-08-19 08:12:15 +10:00
committed by GitHub
parent ef77cd05d4 c5f9e55567
commit 8df65c3fa7
20 changed files with 582 additions and 263 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
IDE/GCC-ARM/Makefile
View File

@ -1,6 +1,6 @@
BUILD_DIR = ./Build
all: WolfSSLStaticLib WolfCryptTest WolfCryptBench WolfSSLClient
all: WolfSSLStaticLib WolfCryptTest WolfCryptBench WolfSSLClient WolfSSLServer
WolfCryptTest:
$(MAKE) -f Makefile.test
@ -8,6 +8,8 @@ WolfCryptBench:
$(MAKE) -f Makefile.bench
WolfSSLClient:
$(MAKE) -f Makefile.client
WolfSSLServer:
$(MAKE) -f Makefile.server
WolfSSLStaticLib:
$(MAKE) -f Makefile.static

7
IDE/GCC-ARM/Makefile.server Normal file
View File

@ -0,0 +1,7 @@
# Project name
BIN = WolfSSLServer
SRC_C = ./Source/tls_server.c
all: build_hex
include Makefile.common

2
IDE/GCC-ARM/Source/armtarget.c
View File

@ -71,7 +71,7 @@ void reset_handler(void)
/* Init heap */
__heap_start__[0] = 0;
__heap_start__[1] = ((uint32_t)__heap_end__ - (uint32_t)__heap_start__);
__heap_start__[1] = ((uintptr_t)__heap_end__ - (uintptr_t)__heap_start__);
#endif /* USE_WOLF_ARM_STARTUP */
/* Start main */

22
IDE/GCC-ARM/Source/tls_client.c
View File

@ -23,7 +23,7 @@
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#ifndef WOLFCRYPT_ONLY
#if !defined(WOLFCRYPT_ONLY) && !defined(NO_WOLFSSL_CLIENT)
#include <wolfssl/ssl.h>
#include <wolfssl/wolfcrypt/logging.h>
@ -100,11 +100,11 @@ static int tls_client(void)
/*---------------------*/
/* for no peer auth: */
/*---------------------*/
wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, 0);
/*---------------------*/
/* end peer auth option*/
/*---------------------*/
if ((ret = wolfSSL_CTX_set_cipher_list(ctx, "ECDHE-ECDSA-AES128-SHA256")) != SSL_SUCCESS) {
if ((ret = wolfSSL_CTX_set_cipher_list(ctx, "ECDHE-ECDSA-AES128-SHA256")) != WOLFSSL_SUCCESS) {
wolfSSL_CTX_free(ctx);
printf("CTXset_cipher_list failed, error: %d\n", ret);
goto fail;
@ -123,14 +123,14 @@ static int tls_client(void)
}
/* non blocking accept and connect */
ret = SSL_FAILURE;
ret = WOLFSSL_FAILURE;
while (ret != SSL_SUCCESS) {
while (ret != WOLFSSL_SUCCESS) {
/* client connect */
ret = wolfSSL_connect(ssl);
error = wolfSSL_get_error(ssl, 0);
if (ret != SSL_SUCCESS) {
if (error != SSL_ERROR_WANT_READ && error != SSL_ERROR_WANT_WRITE) {
if (ret != WOLFSSL_SUCCESS) {
if (error != WOLFSSL_ERROR_WANT_READ && error != WOLFSSL_ERROR_WANT_WRITE) {
/* Fail */
printf("wolfSSL connect failed with return code %d\n", error);
goto fail;
@ -146,7 +146,7 @@ static int tls_client(void)
ret = wolfSSL_write(ssl, msg, msgSz);
error = wolfSSL_get_error(ssl, 0);
if (ret != msgSz) {
if (error != SSL_ERROR_WANT_READ && error != SSL_ERROR_WANT_WRITE) {
if (error != WOLFSSL_ERROR_WANT_READ && error != WOLFSSL_ERROR_WANT_WRITE) {
/* Write failed */
goto fail;
}
@ -159,7 +159,7 @@ static int tls_client(void)
ret = wolfSSL_read(ssl, reply, sizeof(reply) - 1);
error = wolfSSL_get_error(ssl, 0);
if (ret < 0) {
if (error != SSL_ERROR_WANT_READ && error != SSL_ERROR_WANT_WRITE) {
if (error != WOLFSSL_ERROR_WANT_READ && error != WOLFSSL_ERROR_WANT_WRITE) {
/* Can put print here, the server enters a loop waiting to read
* a confirmation message at this point */
// printf("client read failed\n");
@ -186,14 +186,14 @@ fail:
return -1;
}
#endif
#endif /* !WOLFCRYPT_ONLY && !NO_WOLFSSL_CLIENT */
int main(void)
{
int ret;
#ifndef WOLFCRYPT_ONLY
#if !defined(WOLFCRYPT_ONLY) && !defined(NO_WOLFSSL_CLIENT)
wolfSSL_Init();
ret = tls_client();

206
IDE/GCC-ARM/Source/tls_server.c Normal file
View File

@ -0,0 +1,206 @@
/* tls_server.c
*
* Copyright (C) 2006-2021 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#include <wolfssl/wolfcrypt/settings.h>
#include <wolfssl/wolfcrypt/error-crypt.h>
#if !defined(WOLFCRYPT_ONLY) && !defined(NO_WOLFSSL_SERVER)
#include <wolfssl/ssl.h>
#include <wolfssl/wolfcrypt/logging.h>
#include <stdio.h>
#define MAXSZ 1024
/*------------------------------------------------------------------------*/
/* TLS SERVER */
/*------------------------------------------------------------------------*/
static int CbIORecv(WOLFSSL *ssl, char *buf, int sz, void *ctx)
{
int ret = WOLFSSL_CBIO_ERR_GENERAL;
(void)ssl;
(void)ctx;
/* TODO: Exchange data over your own transport */
#warning TODO: Implement your own recv data transport
#if 0
ret = usart_read_buffer_wait(&cdc_uart_module, buf, sz);
if (ret == STATUS_ERR_TIMEOUT)
return WOLFSSL_CBIO_ERR_WANT_READ;
return (ret == STATUS_OK) ? sz : WOLFSSL_CBIO_ERR_GENERAL;
#else
return ret;
#endif
}
static int CbIOSend(WOLFSSL *ssl, char *buf, int sz, void *ctx)
{
int ret = WOLFSSL_CBIO_ERR_GENERAL;
(void)ssl;
(void)ctx;
/* TODO: Exchange data over your own transport */
#warning TODO: Implement your own send data transport
#if 0
ret = usart_write_buffer_wait(&cdc_uart_module, buf, sz);
if (ret == STATUS_ERR_TIMEOUT)
return WOLFSSL_CBIO_ERR_WANT_WRITE;
return (ret == STATUS_OK) ? sz : WOLFSSL_CBIO_ERR_GENERAL;
#else
return ret;
#endif
}
static int tls_server(void)
{
char reply[MAXSZ];
int ret, error;
WOLFSSL* ssl = NULL;
WOLFSSL_CTX* ctx = NULL;
if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method())) == NULL) {
printf("CTXnew failed.\n");
goto fail;
}
/*------------------------------------------------------------------------*/
/* ECDHE-ECDSA */
/*------------------------------------------------------------------------*/
/*--------------------*/
/* for peer auth use: */
/*--------------------*/
// wolfSSL_CTX_load_verify_buffer(ctx, rsa_key_der_1024,
// sizeof_rsa_key_der_1024, SSL_FILETYPE_ASN1);
// wolfSSL_CTX_load_verify_buffer(ctx, server_cert_der_1024,
// sizeof_server_cert_der_1024, SSL_FILETYPE_ASN1);
/*---------------------*/
/* for no peer auth: */
/*---------------------*/
wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, 0);
/*---------------------*/
/* end peer auth option*/
/*---------------------*/
if ((ret = wolfSSL_CTX_set_cipher_list(ctx, "ECDHE-ECDSA-AES128-SHA256")) != WOLFSSL_SUCCESS) {
wolfSSL_CTX_free(ctx);
printf("CTXset_cipher_list failed, error: %d\n", ret);
goto fail;
}
/*------------------------------------------------------------------------*/
/* END CIPHER SUITE OPTIONS */
/*------------------------------------------------------------------------*/
wolfSSL_CTX_SetIORecv(ctx, CbIORecv);
wolfSSL_CTX_SetIOSend(ctx, CbIOSend);
if ((ssl = wolfSSL_new(ctx)) == NULL) {
error = wolfSSL_get_error(ssl, 0);
printf("wolfSSL_new failed %d\n", error);
wolfSSL_CTX_free(ctx);
return -1;
}
/* non blocking accept and connect */
ret = WOLFSSL_FAILURE;
while (ret != WOLFSSL_SUCCESS) {
/* server accept */
ret = wolfSSL_accept(ssl);
error = wolfSSL_get_error(ssl, 0);
if (ret != WOLFSSL_SUCCESS) {
if (error != WOLFSSL_ERROR_WANT_READ && error != WOLFSSL_ERROR_WANT_WRITE) {
/* Fail */
printf("wolfSSL accept failed with return code %d\n", error);
goto fail;
}
}
/* Success */
}
/* read and write */
while (1) {
/* server read */
ret = wolfSSL_read(ssl, reply, sizeof(reply) - 1);
error = wolfSSL_get_error(ssl, 0);
if (ret < 0) {
if (error != WOLFSSL_ERROR_WANT_READ && error != WOLFSSL_ERROR_WANT_WRITE) {
/* Can put print here, the server enters a loop waiting to read
* a confirmation message at this point */
// printf("server read failed\n");
goto fail;
}
continue;
}
else {
/* Can put print here, the server enters a loop waiting to read
* a confirmation message at this point */
reply[ret] = '\0';
// printf("Server Received Reply: %s\n", reply);
break;
}
}
while (1) {
/* server write / echo */
ret = wolfSSL_write(ssl, reply, XSTRLEN(reply));
error = wolfSSL_get_error(ssl, 0);
if (ret != XSTRLEN(reply)) {
if (error != WOLFSSL_ERROR_WANT_READ && error != WOLFSSL_ERROR_WANT_WRITE) {
/* Write failed */
goto fail;
}
}
/* Write succeeded */
break;
}
return 0;
fail:
wolfSSL_shutdown(ssl);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
return -1;
}
#endif /* !WOLFCRYPT_ONLY && !NO_WOLFSSL_SERVER */
int main(void)
{
int ret;
#if !defined(WOLFCRYPT_ONLY) && !defined(NO_WOLFSSL_SERVER)
wolfSSL_Init();
ret = tls_server();
wolfSSL_Cleanup();
#else
ret = NOT_COMPILED_IN;
#endif
return ret;
}

2
IDE/GCC-ARM/include.am
View File

@ -8,11 +8,13 @@ EXTRA_DIST+= IDE/GCC-ARM/Source/wolf_main.c
EXTRA_DIST+= IDE/GCC-ARM/Source/benchmark_main.c
EXTRA_DIST+= IDE/GCC-ARM/Source/test_main.c
EXTRA_DIST+= IDE/GCC-ARM/Source/tls_client.c
EXTRA_DIST+= IDE/GCC-ARM/Source/tls_server.c
EXTRA_DIST+= IDE/GCC-ARM/linker.ld
EXTRA_DIST+= IDE/GCC-ARM/linker_fips.ld
EXTRA_DIST+= IDE/GCC-ARM/Makefile
EXTRA_DIST+= IDE/GCC-ARM/Makefile.bench
EXTRA_DIST+= IDE/GCC-ARM/Makefile.client
EXTRA_DIST+= IDE/GCC-ARM/Makefile.server
EXTRA_DIST+= IDE/GCC-ARM/Makefile.common
EXTRA_DIST+= IDE/GCC-ARM/Makefile.test
EXTRA_DIST+= IDE/GCC-ARM/Makefile.static

16
src/ssl.c
View File

@ -33841,7 +33841,8 @@ const WOLFSSL_EVP_MD *wolfSSL_HMAC_CTX_get_md(const WOLFSSL_HMAC_CTX *ctx)
return wolfSSL_macType2EVP_md((enum wc_HashType)ctx->type);
}
#if defined(WOLFSSL_CMAC) && defined(OPENSSL_EXTRA)
#if defined(WOLFSSL_CMAC) && defined(OPENSSL_EXTRA) && \
defined(WOLFSSL_AES_DIRECT)
WOLFSSL_CMAC_CTX* wolfSSL_CMAC_CTX_new(void)
{
WOLFSSL_CMAC_CTX* ctx = NULL;
@ -33900,8 +33901,10 @@ int wolfSSL_CMAC_Init(WOLFSSL_CMAC_CTX* ctx, const void *key, size_t keyLen,
WOLFSSL_ENTER("wolfSSL_CMAC_Init");
if (ctx == NULL || cipher == NULL || (cipher != EVP_AES_128_CBC &&
cipher != EVP_AES_192_CBC && cipher != EVP_AES_256_CBC)) {
if (ctx == NULL || cipher == NULL || (
cipher != EVP_AES_128_CBC &&
cipher != EVP_AES_192_CBC &&
cipher != EVP_AES_256_CBC)) {
ret = WOLFSSL_FAILURE;
}
@ -33987,7 +33990,7 @@ int wolfSSL_CMAC_Final(WOLFSSL_CMAC_CTX* ctx, unsigned char* out,
return ret;
}
#endif /* WOLFSSL_CMAC && OPENSSL_EXTRA */
#endif /* WOLFSSL_CMAC && OPENSSL_EXTRA && WOLFSSL_AES_DIRECT */
/* Free the dynamically allocated data.
*
@ -57288,9 +57291,8 @@ int wolfSSL_RAND_poll(void)
}
switch (ctx->cipherType) {
#ifndef NO_AES
#ifdef HAVE_AES_CBC
#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
case AES_128_CBC_TYPE :
case AES_192_CBC_TYPE :
case AES_256_CBC_TYPE :
@ -57411,7 +57413,7 @@ int wolfSSL_RAND_poll(void)
switch (ctx->cipherType) {
#ifndef NO_AES
#ifdef HAVE_AES_CBC
#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
case AES_128_CBC_TYPE :
case AES_192_CBC_TYPE :
case AES_256_CBC_TYPE :

130
tests/api.c
View File

@ -3508,7 +3508,8 @@ static void test_wolfSSL_EVP_get_cipherbynid(void)
const WOLFSSL_EVP_CIPHER* c;
c = wolfSSL_EVP_get_cipherbynid(419);
#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
#if (defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)) && \
defined(WOLFSSL_AES_128)
AssertNotNull(c);
AssertNotNull(strcmp("EVP_AES_128_CBC", c));
#else
@ -3516,7 +3517,8 @@ static void test_wolfSSL_EVP_get_cipherbynid(void)
#endif
c = wolfSSL_EVP_get_cipherbynid(423);
#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_192)
#if (defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)) && \
defined(WOLFSSL_AES_192)
AssertNotNull(c);
AssertNotNull(strcmp("EVP_AES_192_CBC", c));
#else
@ -3524,7 +3526,8 @@ static void test_wolfSSL_EVP_get_cipherbynid(void)
#endif
c = wolfSSL_EVP_get_cipherbynid(427);
#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256)
#if (defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)) && \
defined(WOLFSSL_AES_256)
AssertNotNull(c);
AssertNotNull(strcmp("EVP_AES_256_CBC", c));
#else
@ -3733,9 +3736,8 @@ static int nonblocking_accept_read(void* args, WOLFSSL* ssl, SOCKET_T* sockfd)
#endif /* WOLFSSL_SESSION_EXPORT */
/* TODO: Expand and enable this when EVP_chacha20_poly1305 is supported */
#if defined(HAVE_SESSION_TICKET) && \
defined(HAVE_AESGCM) && \
defined(OPENSSL_EXTRA)
#if defined(HAVE_SESSION_TICKET) && defined(OPENSSL_EXTRA) && \
defined(HAVE_AES_CBC)
typedef struct openssl_key_ctx {
byte name[WOLFSSL_TICKET_NAME_SZ]; /* server name */
@ -3847,7 +3849,7 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args)
#if defined(HAVE_SESSION_TICKET) && \
((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || defined(HAVE_AESGCM))
#if defined(OPENSSL_EXTRA) && defined(HAVE_AESGCM)
#if defined(OPENSSL_EXTRA) && defined(HAVE_AES_CBC)
OpenSSLTicketInit();
wolfSSL_CTX_set_tlsext_ticket_key_cb(ctx, myTicketEncCbOpenSSL);
#elif defined(WOLFSSL_NO_DEF_TICKET_ENC_CB)
@ -4039,7 +4041,7 @@ done:
#if defined(HAVE_SESSION_TICKET) && \
((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || defined(HAVE_AESGCM))
#if defined(OPENSSL_EXTRA) && defined(HAVE_AESGCM)
#if defined(OPENSSL_EXTRA) && defined(HAVE_AES_CBC)
OpenSSLTicketCleanup();
#elif defined(WOLFSSL_NO_DEF_TICKET_ENC_CB)
TicketCleanup();
@ -6994,7 +6996,7 @@ static void test_wolfSSL_PKCS8(void)
static void test_wolfSSL_PKCS8_ED25519(void)
{
#if !defined(NO_ASN) && defined(HAVE_PKCS8) && \
#if !defined(NO_ASN) && defined(HAVE_PKCS8) && defined(HAVE_AES_CBC) && \
defined(WOLFSSL_ENCRYPTED_KEYS) && defined(HAVE_ED25519) && \
defined(HAVE_ED25519_KEY_IMPORT)
const byte encPrivKey[] = \
@ -7026,7 +7028,7 @@ static void test_wolfSSL_PKCS8_ED25519(void)
static void test_wolfSSL_PKCS8_ED448(void)
{
#if !defined(NO_ASN) && defined(HAVE_PKCS8) && \
#if !defined(NO_ASN) && defined(HAVE_PKCS8) && defined(HAVE_AES_CBC) && \
defined(WOLFSSL_ENCRYPTED_KEYS) && defined(HAVE_ED448) && \
defined(HAVE_ED448_KEY_IMPORT)
const byte encPrivKey[] = \
@ -23169,8 +23171,8 @@ static int test_wc_ecc_encryptDecrypt (void)
{
int ret = 0;
#if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && defined(WOLFSSL_AES_128) \
&& !defined(WC_NO_RNG)
#if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG) && \
defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
ecc_key srvKey, cliKey, tmpKey;
WC_RNG rng;
const char* msg = "EccBlock Size 16";
@ -25535,7 +25537,8 @@ static void test_wc_PKCS7_VerifySignedData(void)
} /* END test_wc_PKCS7_VerifySignedData() */
#if defined(HAVE_PKCS7) && !defined(NO_AES) && !defined(NO_AES_256)
#if defined(HAVE_PKCS7) && !defined(NO_AES) && defined(HAVE_AES_CBC) && \
!defined(NO_AES_256)
static const byte defKey[] = {
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
@ -25634,7 +25637,7 @@ static int myCEKwrapFunc(PKCS7* pkcs7, byte* cek, word32 cekSz, byte* keyId,
(void)orginKeySz;
return ret;
}
#endif /* HAVE_PKCS7 && !NO_AES && !NO_AES_256 */
#endif /* HAVE_PKCS7 && !NO_AES && HAVE_AES_CBC && !NO_AES_256 */
/*
@ -25777,7 +25780,7 @@ static void test_wc_PKCS7_EncodeDecodeEnvelopedData (void)
{(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, DES3b, 0, 0,
rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz},
#endif /* NO_DES3 */
#ifndef NO_AES
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
#ifndef NO_AES_128
{(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES128CBCb,
0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz},
@ -25790,11 +25793,11 @@ static void test_wc_PKCS7_EncodeDecodeEnvelopedData (void)
{(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES256CBCb,
0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz},
#endif
#endif /* NO_AES */
#endif /* NO_AES && HAVE_AES_CBC */
#endif /* NO_RSA */
#if defined(HAVE_ECC)
#ifndef NO_AES
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
#if !defined(NO_SHA) && !defined(NO_AES_128)
{(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES128CBCb,
AES128_WRAP, dhSinglePass_stdDH_sha1kdf_scheme, eccCert,
@ -25810,7 +25813,7 @@ static void test_wc_PKCS7_EncodeDecodeEnvelopedData (void)
AES256_WRAP, dhSinglePass_stdDH_sha512kdf_scheme, eccCert,
eccCertSz, eccPrivKey, eccPrivKeySz},
#endif
#endif /* NO_AES */
#endif /* NO_AES && HAVE_AES_CBC*/
#endif /* END HAVE_ECC */
}; /* END pkcs7EnvelopedVector */
@ -25877,7 +25880,7 @@ static void test_wc_PKCS7_EncodeDecodeEnvelopedData (void)
AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output, 0, decoded,
(word32)sizeof(decoded)), BAD_FUNC_ARG);
/* Should get a return of BAD_FUNC_ARG with structure data. Order matters.*/
#if defined(HAVE_ECC) && !defined(NO_AES)
#if defined(HAVE_ECC) && !defined(NO_AES) && defined(HAVE_AES_CBC)
/* only a failure for KARI test cases */
tempWrd32 = pkcs7->singleCertSz;
pkcs7->singleCertSz = 0;
@ -25893,6 +25896,7 @@ static void test_wc_PKCS7_EncodeDecodeEnvelopedData (void)
#endif
tempWrd32 = pkcs7->privateKeySz;
pkcs7->privateKeySz = 0;
AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
(word32)sizeof(output), decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG);
pkcs7->privateKeySz = tempWrd32;
@ -25902,9 +25906,10 @@ static void test_wc_PKCS7_EncodeDecodeEnvelopedData (void)
AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
(word32)sizeof(output), decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG);
pkcs7->privateKey = tmpBytePtr;
wc_PKCS7_Free(pkcs7);
#if !defined(NO_AES) && !defined(NO_AES_256)
#if !defined(NO_AES) && defined(HAVE_AES_CBC) && !defined(NO_AES_256)
/* test of decrypt callback with KEKRI enveloped data */
{
int envelopedSz;
@ -26021,7 +26026,7 @@ static void test_wc_PKCS7_EncodeEncryptedData (void)
};
#endif
#ifndef NO_AES
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
#ifndef NO_AES_128
byte aes128Key[] = {
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
@ -26043,15 +26048,15 @@ static void test_wc_PKCS7_EncodeEncryptedData (void)
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
};
#endif
#endif
#endif /* !NO_AES && HAVE_AES_CBC */
const pkcs7EncryptedVector testVectors[] =
{
#ifndef NO_DES3
{data, (word32)sizeof(data), DATA, DES3b, des3Key, sizeof(des3Key)},
{data, (word32)sizeof(data), DATA, DESb, desKey, sizeof(desKey)},
#endif /* NO_DES3 */
#ifndef NO_AES
#endif /* !NO_DES3 */
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
#ifndef NO_AES_128
{data, (word32)sizeof(data), DATA, AES128CBCb, aes128Key,
sizeof(aes128Key)},
@ -26067,7 +26072,7 @@ static void test_wc_PKCS7_EncodeEncryptedData (void)
sizeof(aes256Key)},
#endif
#endif /* NO_AES */
#endif /* !NO_AES && HAVE_AES_CBC */
};
testSz = sizeof(testVectors) / sizeof(pkcs7EncryptedVector);
@ -26088,7 +26093,7 @@ static void test_wc_PKCS7_EncodeEncryptedData (void)
sizeof(encrypted));
AssertIntGT(encryptedSz, 0);
/* Decode encryptedData */
/* Decode encryptedData */
decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz,
decoded, sizeof(decoded));
@ -26098,6 +26103,10 @@ static void test_wc_PKCS7_EncodeEncryptedData (void)
wc_PKCS7_Free(pkcs7);
}
}
if (pkcs7 == NULL || testSz == 0) {
AssertNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, devId));
AssertIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, devId), 0);
}
printf(testingFmt, "wc_PKCS7_EncodeEncryptedData()");
AssertIntEQ(wc_PKCS7_EncodeEncryptedData(NULL, encrypted,
@ -26473,11 +26482,13 @@ static void test_wc_PKCS7_BER(void)
static void test_PKCS7_signed_enveloped(void)
{
#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) \
&& !defined(NO_AES)
#if defined(HAVE_PKCS7) && !defined(NO_RSA) && !defined(NO_AES) && \
!defined(NO_FILESYSTEM)
XFILE f;
PKCS7* pkcs7;
#ifdef HAVE_AES_CBC
PKCS7* inner;
#endif
void* pt;
WC_RNG rng;
unsigned char key[FOURK_BUF/2];
@ -26489,8 +26500,10 @@ static void test_PKCS7_signed_enveloped(void)
unsigned char sig[FOURK_BUF * 2];
int sigSz = FOURK_BUF * 2;
#ifdef HAVE_AES_CBC
unsigned char decoded[FOURK_BUF];
int decodedSz = FOURK_BUF;
#endif
printf(testingFmt, "PKCS7_signed_enveloped");
@ -26521,6 +26534,7 @@ static void test_PKCS7_signed_enveloped(void)
wc_PKCS7_Free(pkcs7);
wc_FreeRng(&rng);
#ifdef HAVE_AES_CBC
/* create envelope */
AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
@ -26532,6 +26546,7 @@ static void test_PKCS7_signed_enveloped(void)
pkcs7->privateKeySz = keySz;
AssertIntGT((envSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, env, envSz)), 0);
wc_PKCS7_Free(pkcs7);
#endif
/* create bad signed enveloped data */
sigSz = FOURK_BUF * 2;
@ -26610,6 +26625,7 @@ static void test_PKCS7_signed_enveloped(void)
AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, sigSz), 0);
AssertNotNull(pkcs7->content);
#ifdef HAVE_AES_CBC
/* check decode */
AssertNotNull(inner = wc_PKCS7_New(NULL, 0));
AssertIntEQ(wc_PKCS7_InitWithCert(inner, cert, certSz), 0);
@ -26618,8 +26634,10 @@ static void test_PKCS7_signed_enveloped(void)
AssertIntGT((decodedSz = wc_PKCS7_DecodeEnvelopedData(inner, pkcs7->content,
pkcs7->contentSz, decoded, decodedSz)), 0);
wc_PKCS7_Free(inner);
#endif
wc_PKCS7_Free(pkcs7);
#ifdef HAVE_AES_CBC
/* check cert set */
AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
@ -26627,10 +26645,11 @@ static void test_PKCS7_signed_enveloped(void)
AssertNotNull(pkcs7->singleCert);
AssertIntNE(pkcs7->singleCertSz, 0);
wc_PKCS7_Free(pkcs7);
#endif
printf(resultFmt, passed);
#endif
#endif /* HAVE_PKCS7 && !NO_RSA && !NO_AES */
}
static void test_wc_PKCS7_NoDefaultSignedAttribs (void)
{
@ -34152,7 +34171,8 @@ static void test_wolfSSL_PKCS8_d2i(void)
file)), 0);
XFCLOSE(file);
#if defined(OPENSSL_ALL) && \
!defined(NO_BIO) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8)
!defined(NO_BIO) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8) && \
defined(HAVE_AES_CBC)
AssertNotNull(bio = BIO_new(BIO_s_mem()));
/* Write PKCS#8 PEM to BIO. */
AssertIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL,
@ -34170,7 +34190,7 @@ static void test_wolfSSL_PKCS8_d2i(void)
(void*)"yassl123"));
EVP_PKEY_free(evpPkey);
BIO_free(bio);
#endif /* OPENSSL_ALL && !NO_BIO && !NO_PWDBASED && HAVE_PKCS8 */
#endif /* OPENSSL_ALL && !NO_BIO && !NO_PWDBASED && HAVE_PKCS8 && HAVE_AES_CBC */
EVP_PKEY_free(pkey);
/* PKCS#8 encrypted EC key */
@ -34576,9 +34596,9 @@ static void test_wolfSSL_HMAC(void)
static void test_wolfSSL_CMAC(void)
{
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_CMAC)
int i = 0;
#if defined(WOLFSSL_CMAC) && defined(OPENSSL_EXTRA) && \
defined(WOLFSSL_AES_DIRECT)
int i;
byte key[AES_128_KEY_SIZE];
CMAC_CTX* cmacCtx = NULL;
byte out[AES_BLOCK_SIZE];
@ -34586,7 +34606,7 @@ static void test_wolfSSL_CMAC(void)
printf(testingFmt, "test_wolfSSL_CMAC()");
for (; i < AES_128_KEY_SIZE; ++i) {
for (i=0; i < AES_128_KEY_SIZE; ++i) {
key[i] = i;
}
AssertNotNull(cmacCtx = CMAC_CTX_new());
@ -34602,7 +34622,7 @@ static void test_wolfSSL_CMAC(void)
CMAC_CTX_free(cmacCtx);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && WOLFSSL_CMAC */
#endif /* WOLFSSL_CMAC && OPENSSL_EXTRA && WOLFSSL_AES_DIRECT */
}
@ -40281,9 +40301,9 @@ static void test_wolfSSL_EVP_CIPHER_iv_length(void)
int enumArray[] = {
#ifdef HAVE_AES_CBC
NID_aes_128_cbc,
#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
#ifdef WOLFSSL_AES_128
NID_aes_128_cbc,
#endif
#ifdef WOLFSSL_AES_192
NID_aes_192_cbc,
@ -40291,6 +40311,7 @@ static void test_wolfSSL_EVP_CIPHER_iv_length(void)
#ifdef WOLFSSL_AES_256
NID_aes_256_cbc,
#endif
#endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */
#if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
#ifdef HAVE_AESGCM
@ -40324,8 +40345,10 @@ static void test_wolfSSL_EVP_CIPHER_iv_length(void)
NID_idea_cbc,
#endif
};
int iv_lengths[] = {
#ifdef HAVE_AES_CBC
#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
#ifdef WOLFSSL_AES_128
AES_BLOCK_SIZE,
#endif
#ifdef WOLFSSL_AES_192
@ -40334,6 +40357,7 @@ static void test_wolfSSL_EVP_CIPHER_iv_length(void)
#ifdef WOLFSSL_AES_256
AES_BLOCK_SIZE,
#endif
#endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */
#if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
#ifdef HAVE_AESGCM
@ -40372,8 +40396,8 @@ static void test_wolfSSL_EVP_CIPHER_iv_length(void)
enumlen = (sizeof(enumArray)/sizeof(int));
for(i = 0; i < enumlen; i++)
{
const EVP_CIPHER *c = wolfSSL_EVP_get_cipherbynid(enumArray[i]);
AssertIntEQ(wolfSSL_EVP_CIPHER_iv_length(c), iv_lengths[i]);
const EVP_CIPHER *c = EVP_get_cipherbynid(enumArray[i]);
AssertIntEQ(EVP_CIPHER_iv_length(c), iv_lengths[i]);
}
printf(resultFmt, passed);
@ -40553,7 +40577,7 @@ static void test_wolfSSL_EVP_PKEY_param_check(void)
}
static void test_wolfSSL_EVP_BytesToKey(void)
{
#if defined(OPENSSL_ALL) && !defined(NO_DES3)
#if defined(OPENSSL_ALL) && !defined(NO_AES) && defined(HAVE_AES_CBC)
byte key[AES_BLOCK_SIZE] = {0};
byte iv[AES_BLOCK_SIZE] = {0};
int sz = 5;
@ -40569,20 +40593,20 @@ static void test_wolfSSL_EVP_BytesToKey(void)
type = wolfSSL_EVP_get_cipherbynid(NID_aes_128_cbc);
printf(testingFmt, "wolfSSL_EVP_BytesToKey");
printf(testingFmt, "EVP_BytesToKey");
/* Bad cases */
AssertIntEQ(wolfSSL_EVP_BytesToKey(NULL, md, salt, data, sz, count, key, iv),
AssertIntEQ(EVP_BytesToKey(NULL, md, salt, data, sz, count, key, iv),
0);
AssertIntEQ(wolfSSL_EVP_BytesToKey(type, md, salt, NULL, sz, count, key, iv),
AssertIntEQ(EVP_BytesToKey(type, md, salt, NULL, sz, count, key, iv),
16);
md = "2";
AssertIntEQ(wolfSSL_EVP_BytesToKey(type, md, salt, data, sz, count, key, iv),
AssertIntEQ(EVP_BytesToKey(type, md, salt, data, sz, count, key, iv),
WOLFSSL_FAILURE);
/* Good case */
md = "SHA256";
AssertIntEQ(wolfSSL_EVP_BytesToKey(type, md, salt, data, sz, count, key, iv),
AssertIntEQ(EVP_BytesToKey(type, md, salt, data, sz, count, key, iv),
16);
printf(resultFmt, passed);
@ -43669,7 +43693,8 @@ static int test_tls13_apis(void)
#if defined(HAVE_PK_CALLBACKS) && (!defined(WOLFSSL_NO_TLS12) || \
!defined(NO_OLD_TLS))
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
!defined(NO_WOLFSSL_CLIENT) && !defined(NO_DH) && !defined(NO_AES) && \
!defined(NO_WOLFSSL_CLIENT) && !defined(NO_DH) && \
!defined(NO_AES) && defined(HAVE_AES_CBC) && \
defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(SINGLE_THREADED)
static int my_DhCallback(WOLFSSL* ssl, struct DhKey* key,
const unsigned char* priv, unsigned int privSz,
@ -43689,11 +43714,11 @@ static int my_DhCallback(WOLFSSL* ssl, struct DhKey* key,
static void test_dh_ctx_setup(WOLFSSL_CTX* ctx) {
wolfSSL_CTX_SetDhAgreeCb(ctx, my_DhCallback);
#ifdef WOLFSSL_AES_128
#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
AssertIntEQ(wolfSSL_CTX_set_cipher_list(ctx, "DHE-RSA-AES128-SHA256"),
WOLFSSL_SUCCESS);
#endif
#ifdef WOLFSSL_AES_256
#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256)
AssertIntEQ(wolfSSL_CTX_set_cipher_list(ctx, "DHE-RSA-AES256-SHA256"),
WOLFSSL_SUCCESS);
#endif
@ -43728,7 +43753,8 @@ static void test_dh_ssl_setup_fail(WOLFSSL* ssl)
static void test_DhCallbacks(void)
{
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
!defined(NO_WOLFSSL_CLIENT) && !defined(NO_DH) && !defined(NO_AES) && \
!defined(NO_WOLFSSL_CLIENT) && !defined(NO_DH) && \
!defined(NO_AES) && defined(HAVE_AES_CBC) && \
defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(SINGLE_THREADED)
WOLFSSL_CTX *ctx;
WOLFSSL *ssl;

99
wolfcrypt/src/cmac.c
View File

@ -88,10 +88,10 @@ int wc_InitCmac_ex(Cmac* cmac, const byte* key, word32 keySz,
(void)unused;
(void)heap;
(void)devId;
if (cmac == NULL || keySz == 0 || type != WC_CMAC_AES)
if (cmac == NULL || keySz == 0 || type != WC_CMAC_AES) {
return BAD_FUNC_ARG;
}
XMEMSET(cmac, 0, sizeof(Cmac));
@ -106,10 +106,13 @@ int wc_InitCmac_ex(Cmac* cmac, const byte* key, word32 keySz,
return ret;
/* fall-through when unavailable */
}
#else
(void)devId;
#endif
if (key == NULL)
if (key == NULL) {
return BAD_FUNC_ARG;
}
ret = wc_AesSetKey(&cmac->aes, key, keySz, NULL, AES_ENCRYPTION);
if (ret == 0) {
@ -129,23 +132,22 @@ int wc_InitCmac(Cmac* cmac, const byte* key, word32 keySz,
int type, void* unused)
{
#ifdef WOLFSSL_QNX_CAAM
return wc_InitCmac_ex(cmac, key, keySz, type, unused, NULL,
WOLFSSL_CAAM_DEVID);
int devId = WOLFSSL_CAAM_DEVID;
#else
return wc_InitCmac_ex(cmac, key, keySz, type, unused, NULL, INVALID_DEVID);
#endif
int devId = INVALID_DEVID;
#endif
return wc_InitCmac_ex(cmac, key, keySz, type, unused, NULL, devId);
}
int wc_CmacUpdate(Cmac* cmac, const byte* in, word32 inSz)
{
#ifdef WOLF_CRYPTO_CB
int ret;
#endif
int ret = 0;
if ((cmac == NULL) || (in == NULL && inSz != 0))
if ((cmac == NULL) || (in == NULL && inSz != 0)) {
return BAD_FUNC_ARG;
}
#ifdef WOLF_CRYPTO_CB
if (cmac->devId != INVALID_DEVID) {
@ -154,8 +156,10 @@ int wc_CmacUpdate(Cmac* cmac, const byte* in, word32 inSz)
if (ret != CRYPTOCB_UNAVAILABLE)
return ret;
/* fall-through when unavailable */
ret = 0; /* reset error code */
}
#endif
while (inSz != 0) {
word32 add = min(inSz, AES_BLOCK_SIZE - cmac->bufferSz);
XMEMCPY(&cmac->buffer[cmac->bufferSz], in, add);
@ -165,32 +169,30 @@ int wc_CmacUpdate(Cmac* cmac, const byte* in, word32 inSz)
inSz -= add;
if (cmac->bufferSz == AES_BLOCK_SIZE && inSz != 0) {
if (cmac->totalSz != 0)
if (cmac->totalSz != 0) {
xorbuf(cmac->buffer, cmac->digest, AES_BLOCK_SIZE);
wc_AesEncryptDirect(&cmac->aes,
cmac->digest,
cmac->buffer);
}
wc_AesEncryptDirect(&cmac->aes, cmac->digest, cmac->buffer);
cmac->totalSz += AES_BLOCK_SIZE;
cmac->bufferSz = 0;
}
}
return 0;
return ret;
}
int wc_CmacFinal(Cmac* cmac, byte* out, word32* outSz)
{
#ifdef WOLF_CRYPTO_CB
int ret;
#endif
int ret = 0;
const byte* subKey;
if (cmac == NULL || out == NULL || outSz == NULL)
if (cmac == NULL || out == NULL || outSz == NULL) {
return BAD_FUNC_ARG;
if (*outSz < WC_CMAC_TAG_MIN_SZ || *outSz > WC_CMAC_TAG_MAX_SZ)
}
if (*outSz < WC_CMAC_TAG_MIN_SZ || *outSz > WC_CMAC_TAG_MAX_SZ) {
return BUFFER_E;
}
#ifdef WOLF_CRYPTO_CB
if (cmac->devId != INVALID_DEVID) {
@ -198,6 +200,7 @@ int wc_CmacFinal(Cmac* cmac, byte* out, word32* outSz)
if (ret != CRYPTOCB_UNAVAILABLE)
return ret;
/* fall-through when unavailable */
ret = 0; /* reset error code */
}
#endif
@ -207,11 +210,12 @@ int wc_CmacFinal(Cmac* cmac, byte* out, word32* outSz)
else {
word32 remainder = AES_BLOCK_SIZE - cmac->bufferSz;
if (remainder == 0)
if (remainder == 0) {
remainder = AES_BLOCK_SIZE;
if (remainder > 1)
}
if (remainder > 1) {
XMEMSET(cmac->buffer + AES_BLOCK_SIZE - remainder, 0, remainder);
}
cmac->buffer[AES_BLOCK_SIZE - remainder] = 0x80;
subKey = cmac->k2;
}
@ -223,7 +227,7 @@ int wc_CmacFinal(Cmac* cmac, byte* out, word32* outSz)
ForceZero(cmac, sizeof(Cmac));
return 0;
return ret;
}
@ -231,39 +235,36 @@ int wc_AesCmacGenerate(byte* out, word32* outSz,
const byte* in, word32 inSz,
const byte* key, word32 keySz)
{
int ret;
#ifdef WOLFSSL_SMALL_STACK
Cmac *cmac;
#else
Cmac cmac[1];
#endif
int ret;
if (out == NULL || (in == NULL && inSz > 0) || key == NULL || keySz == 0)
if (out == NULL || (in == NULL && inSz > 0) || key == NULL || keySz == 0) {
return BAD_FUNC_ARG;
}
#ifdef WOLFSSL_SMALL_STACK
if ((cmac = (Cmac *)XMALLOC(sizeof *cmac, NULL,
DYNAMIC_TYPE_CMAC)) == NULL)
DYNAMIC_TYPE_CMAC)) == NULL) {
return MEMORY_E;
}
#endif
ret = wc_InitCmac(cmac, key, keySz, WC_CMAC_AES, NULL);
if (ret != 0)
goto out;
ret = wc_CmacUpdate(cmac, in, inSz);
if (ret != 0)
goto out;
ret = wc_CmacFinal(cmac, out, outSz);
if (ret != 0)
goto out;
out:
if (ret == 0) {
ret = wc_CmacUpdate(cmac, in, inSz);
}
if (ret == 0) {
ret = wc_CmacFinal(cmac, out, outSz);
}
#ifdef WOLFSSL_SMALL_STACK
if (cmac)
if (cmac) {
XFREE(cmac, NULL, DYNAMIC_TYPE_CMAC);
}
#endif
return ret;
@ -274,24 +275,24 @@ int wc_AesCmacVerify(const byte* check, word32 checkSz,
const byte* in, word32 inSz,
const byte* key, word32 keySz)
{
int ret;
byte a[AES_BLOCK_SIZE];
word32 aSz = sizeof(a);
int result;
int compareRet;
if (check == NULL || checkSz == 0 || (in == NULL && inSz != 0) ||
key == NULL || keySz == 0)
key == NULL || keySz == 0) {
return BAD_FUNC_ARG;
}
XMEMSET(a, 0, aSz);
result = wc_AesCmacGenerate(a, &aSz, in, inSz, key, keySz);
ret = wc_AesCmacGenerate(a, &aSz, in, inSz, key, keySz);
compareRet = ConstantCompare(check, a, min(checkSz, aSz));
if (result == 0)
result = compareRet ? 1 : 0;
if (ret == 0)
ret = compareRet ? 1 : 0;
return result;
return ret;
}

63
wolfcrypt/src/ecc.c
View File

@ -11414,39 +11414,40 @@ int wc_ecc_encrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
#endif
switch (ctx->encAlgo) {
case ecAES_128_CBC:
{
#ifdef WOLFSSL_SMALL_STACK
Aes *aes = (Aes *)XMALLOC(sizeof *aes, ctx->heap,
DYNAMIC_TYPE_AES);
if (aes == NULL) {
ret = MEMORY_E;
break;
}
case ecAES_128_CBC:
{
#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
#ifdef WOLFSSL_SMALL_STACK
Aes *aes = (Aes *)XMALLOC(sizeof *aes, ctx->heap,
DYNAMIC_TYPE_AES);
if (aes == NULL) {
ret = MEMORY_E;
break;
}
#else
Aes aes[1];
#endif
ret = wc_AesInit(aes, NULL, INVALID_DEVID);
if (ret == 0) {
ret = wc_AesSetKey(aes, encKey, KEY_SIZE_128, encIv,
AES_ENCRYPTION);
if (ret == 0) {
ret = wc_AesCbcEncrypt(aes, out, msg, msgSz);
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_AES)
ret = wc_AsyncWait(ret, &aes->asyncDev,
WC_ASYNC_FLAG_NONE);
#endif
}
wc_AesFree(aes);
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(aes, ctx->heap, DYNAMIC_TYPE_AES);
#endif
#else
Aes aes[1];
ret = NOT_COMPILED_IN;
#endif
ret = wc_AesInit(aes, NULL, INVALID_DEVID);
if (ret == 0) {
ret = wc_AesSetKey(aes, encKey, KEY_SIZE_128, encIv,
AES_ENCRYPTION);
if (ret == 0) {
ret = wc_AesCbcEncrypt(aes, out, msg, msgSz);
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_AES)
ret = wc_AsyncWait(ret, &aes->asyncDev,
WC_ASYNC_FLAG_NONE);
#endif
}
wc_AesFree(aes);
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(aes, ctx->heap, DYNAMIC_TYPE_AES);
#endif
if (ret != 0)
break;
}
break;
break;
}
default:
ret = BAD_FUNC_ARG;
break;

34
wolfcrypt/src/evp.c
View File

@ -47,7 +47,7 @@
#include <wolfssl/wolfcrypt/integer.h>
#ifndef NO_AES
#ifdef HAVE_AES_CBC
#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
#ifdef WOLFSSL_AES_128
static const char EVP_AES_128_CBC[] = "AES-128-CBC";
#endif
@ -57,7 +57,7 @@
#ifdef WOLFSSL_AES_256
static const char EVP_AES_256_CBC[] = "AES-256-CBC";
#endif
#endif /* HAVE_AES_CBC */
#endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */
#ifdef WOLFSSL_AES_OFB
#ifdef WOLFSSL_AES_128
@ -202,7 +202,7 @@ int wolfSSL_EVP_Cipher_key_length(const WOLFSSL_EVP_CIPHER* c)
switch (cipherType(c)) {
#if !defined(NO_AES)
#if defined(HAVE_AES_CBC)
#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
case AES_128_CBC_TYPE: return 16;
case AES_192_CBC_TYPE: return 24;
case AES_256_CBC_TYPE: return 32;
@ -985,7 +985,7 @@ int wolfSSL_EVP_CIPHER_CTX_block_size(const WOLFSSL_EVP_CIPHER_CTX *ctx)
switch (ctx->cipherType) {
#if !defined(NO_AES) || !defined(NO_DES3)
#if !defined(NO_AES)
#if defined(HAVE_AES_CBC)
#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
case AES_128_CBC_TYPE:
case AES_192_CBC_TYPE:
case AES_256_CBC_TYPE:
@ -1054,7 +1054,7 @@ static unsigned int cipherType(const WOLFSSL_EVP_CIPHER *cipher)
#endif /* NO_DES3 && HAVE_AES_ECB */
#endif
#if !defined(NO_AES)
#if defined(HAVE_AES_CBC)
#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
#ifdef WOLFSSL_AES_128
else if (XSTRNCMP(cipher, EVP_AES_128_CBC, EVP_AES_SIZE) == 0)
return AES_128_CBC_TYPE;
@ -1067,7 +1067,7 @@ static unsigned int cipherType(const WOLFSSL_EVP_CIPHER *cipher)
else if (XSTRNCMP(cipher, EVP_AES_256_CBC, EVP_AES_SIZE) == 0)
return AES_256_CBC_TYPE;
#endif
#endif /* HAVE_AES_CBC */
#endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */
#if defined(HAVE_AESGCM)
#ifdef WOLFSSL_AES_128
else if (XSTRNCMP(cipher, EVP_AES_128_GCM, EVP_AES_SIZE) == 0)
@ -1186,7 +1186,7 @@ int wolfSSL_EVP_CIPHER_block_size(const WOLFSSL_EVP_CIPHER *cipher)
if (cipher == NULL) return BAD_FUNC_ARG;
switch (cipherType(cipher)) {
#if !defined(NO_AES)
#if defined(HAVE_AES_CBC)
#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
case AES_128_CBC_TYPE:
case AES_192_CBC_TYPE:
case AES_256_CBC_TYPE:
@ -1255,7 +1255,7 @@ unsigned long WOLFSSL_CIPHER_mode(const WOLFSSL_EVP_CIPHER *cipher)
{
switch (cipherType(cipher)) {
#if !defined(NO_AES)
#if defined(HAVE_AES_CBC)
#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
case AES_128_CBC_TYPE:
case AES_192_CBC_TYPE:
case AES_256_CBC_TYPE:
@ -1301,7 +1301,7 @@ unsigned long WOLFSSL_CIPHER_mode(const WOLFSSL_EVP_CIPHER *cipher)
case AES_192_ECB_TYPE:
case AES_256_ECB_TYPE:
return WOLFSSL_EVP_CIPH_ECB_MODE;
#endif /* NO_AES */
#endif /* !NO_AES */
#ifndef NO_DES3
case DES_CBC_TYPE:
case DES_EDE3_CBC_TYPE:
@ -3215,7 +3215,7 @@ static const struct cipher{
} cipher_tbl[] = {
#ifndef NO_AES
#ifdef HAVE_AES_CBC
#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
#ifdef WOLFSSL_AES_128
{AES_128_CBC_TYPE, EVP_AES_128_CBC, NID_aes_128_cbc},
#endif
@ -3479,7 +3479,7 @@ const WOLFSSL_EVP_CIPHER *wolfSSL_EVP_get_cipherbynid(int id)
switch(id) {
#ifndef NO_AES
#ifdef HAVE_AES_CBC
#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
#ifdef WOLFSSL_AES_128
case NID_aes_128_cbc:
return wolfSSL_EVP_aes_128_cbc();
@ -4130,7 +4130,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
#ifndef NO_AES
#ifdef HAVE_AES_CBC
#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
#ifdef WOLFSSL_AES_128
const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cbc(void)
{
@ -4818,7 +4818,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
#endif
#ifndef NO_AES
#ifdef HAVE_AES_CBC
#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
#ifdef WOLFSSL_AES_128
if (ctx->cipherType == AES_128_CBC_TYPE ||
(type && XSTRNCMP(type, EVP_AES_128_CBC, EVP_AES_SIZE) == 0)) {
@ -4898,7 +4898,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
}
}
#endif /* WOLFSSL_AES_256 */
#endif /* HAVE_AES_CBC */
#endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */
#if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
#ifdef HAVE_AESGCM
@ -7152,7 +7152,7 @@ int wolfSSL_EVP_CIPHER_CTX_iv_length(const WOLFSSL_EVP_CIPHER_CTX* ctx)
switch (ctx->cipherType) {
#ifdef HAVE_AES_CBC
#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
case AES_128_CBC_TYPE :
case AES_192_CBC_TYPE :
case AES_256_CBC_TYPE :
@ -7245,7 +7245,7 @@ int wolfSSL_EVP_CIPHER_iv_length(const WOLFSSL_EVP_CIPHER* cipher)
WOLFSSL_MSG("wolfSSL_EVP_CIPHER_iv_length");
#ifndef NO_AES
#ifdef HAVE_AES_CBC
#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
#ifdef WOLFSSL_AES_128
if (XSTRNCMP(name, EVP_AES_128_CBC, XSTRLEN(EVP_AES_128_CBC)) == 0)
return AES_BLOCK_SIZE;
@ -7258,7 +7258,7 @@ int wolfSSL_EVP_CIPHER_iv_length(const WOLFSSL_EVP_CIPHER* cipher)
if (XSTRNCMP(name, EVP_AES_256_CBC, XSTRLEN(EVP_AES_256_CBC)) == 0)
return AES_BLOCK_SIZE;
#endif
#endif /* HAVE_AES_CBC */
#endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */
#if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
#ifdef HAVE_AESGCM

2
wolfcrypt/src/hmac.c
View File

@ -271,7 +271,7 @@ int _InitHmac(Hmac* hmac, int type, void* heap)
/* default to NULL heap hint or test value */
#ifdef WOLFSSL_HEAP_TEST
hmac->heap = (void)WOLFSSL_HEAP_TEST;
hmac->heap = (void*)WOLFSSL_HEAP_TEST;
#else
hmac->heap = heap;
#endif /* WOLFSSL_HEAP_TEST */

4
wolfcrypt/src/memory.c
View File

@ -670,7 +670,7 @@ void* wolfSSL_Malloc(size_t size, void* heap, int type)
/* general static memory */
if (pt == NULL) {
for (i = 0; i < WOLFMEM_MAX_BUCKETS; i++) {
if ((word32)size < mem->sizeList[i]) {
if ((word32)size <= mem->sizeList[i]) {
if (mem->ava[i] != NULL) {
pt = mem->ava[i];
mem->ava[i] = pt->next;
@ -905,7 +905,7 @@ void* wolfSSL_Realloc(void *ptr, size_t size, void* heap, int type)
else {
/* general memory */
for (i = 0; i < WOLFMEM_MAX_BUCKETS; i++) {
if ((word32)size < mem->sizeList[i]) {
if ((word32)size <= mem->sizeList[i]) {
if (mem->ava[i] != NULL) {
pt = mem->ava[i];
mem->ava[i] = pt->next;

59
wolfcrypt/src/pkcs7.c
View File

@ -643,23 +643,42 @@ static int wc_PKCS7_GetOIDBlockSize(int oid)
switch (oid) {
#ifndef NO_AES
#ifdef WOLFSSL_AES_128
#ifdef HAVE_AES_CBC
case AES128CBCb:
#endif
#ifdef HAVE_AESGCM
case AES128GCMb:
#endif
#ifdef HAVE_AESCCM
case AES128CCMb:
#endif
#endif
#ifdef WOLFSSL_AES_192
#ifdef HAVE_AES_CBC
case AES192CBCb:
#endif
#ifdef HAVE_AESGCM
case AES192GCMb:
#endif
#ifdef HAVE_AESCCM
case AES192CCMb:
#endif
#endif
#ifdef WOLFSSL_AES_256
#ifdef HAVE_AES_CBC
case AES256CBCb:
#endif
#ifdef HAVE_AESGCM
case AES256GCMb:
#endif
#ifdef HAVE_AESCCM
case AES256CCMb:
#endif
#endif
blockSz = AES_BLOCK_SIZE;
break;
#endif
#endif /* !NO_AES */
#ifndef NO_DES3
case DESb:
case DES3b:
@ -683,35 +702,53 @@ static int wc_PKCS7_GetOIDKeySize(int oid)
switch (oid) {
#ifndef NO_AES
#ifdef WOLFSSL_AES_128
#ifdef HAVE_AES_CBC
case AES128CBCb:
#endif
#ifdef HAVE_AESGCM
case AES128GCMb:
#endif
#ifdef HAVE_AESCCM
case AES128CCMb:
#endif
case AES128_WRAP:
blockKeySz = 16;
break;
#endif
#ifdef WOLFSSL_AES_192
#ifdef HAVE_AES_CBC
case AES192CBCb:
#endif
#ifdef HAVE_AESGCM
case AES192GCMb:
#endif
#ifdef HAVE_AESCCM
case AES192CCMb:
#endif
case AES192_WRAP:
blockKeySz = 24;
break;
#endif
#ifdef WOLFSSL_AES_256
#ifdef HAVE_AES_CBC
case AES256CBCb:
#endif
#ifdef HAVE_AESGCM
case AES256GCMb:
#endif
#ifdef HAVE_AESCCM
case AES256CCMb:
#endif
case AES256_WRAP:
blockKeySz = 32;
break;
#endif
#endif
#endif /* !NO_AES */
#ifndef NO_DES3
case DESb:
blockKeySz = DES_KEYLEN;
break;
case DES3b:
blockKeySz = DES3_KEYLEN;
break;
@ -6707,7 +6744,7 @@ static int wc_PKCS7_EncryptContent(int encryptOID, byte* key, int keySz,
int ret;
#ifndef NO_AES
#ifdef WOLFSSL_SMALL_STACK
Aes *aes;
Aes* aes;
#else
Aes aes[1];
#endif
@ -6722,6 +6759,7 @@ static int wc_PKCS7_EncryptContent(int encryptOID, byte* key, int keySz,
switch (encryptOID) {
#ifndef NO_AES
#ifdef HAVE_AES_CBC
#ifdef WOLFSSL_AES_128
case AES128CBCb:
#endif
@ -6760,6 +6798,7 @@ static int wc_PKCS7_EncryptContent(int encryptOID, byte* key, int keySz,
XFREE(aes, NULL, DYNAMIC_TYPE_AES);
#endif
break;
#endif /* HAVE_AES_CBC */
#ifdef HAVE_AESGCM
#ifdef WOLFSSL_AES_128
case AES128GCMb:
@ -6828,7 +6867,7 @@ static int wc_PKCS7_EncryptContent(int encryptOID, byte* key, int keySz,
break;
#endif
#endif /* HAVE_AESCCM */
#endif /* NO_AES */
#endif /* !NO_AES */
#ifndef NO_DES3
case DESb:
if (keySz != DES_KEYLEN || ivSz != DES_BLOCK_SIZE)
@ -6852,7 +6891,7 @@ static int wc_PKCS7_EncryptContent(int encryptOID, byte* key, int keySz,
wc_Des3Free(&des3);
}
break;
#endif
#endif /* !NO_DES3 */
default:
WOLFSSL_MSG("Unsupported content cipher type");
return ALGO_ID_E;
@ -6901,6 +6940,7 @@ static int wc_PKCS7_DecryptContent(PKCS7* pkcs7, int encryptOID, byte* key,
switch (encryptOID) {
#ifndef NO_AES
#ifdef HAVE_AES_CBC
#ifdef WOLFSSL_AES_128
case AES128CBCb:
#endif
@ -6938,6 +6978,7 @@ static int wc_PKCS7_DecryptContent(PKCS7* pkcs7, int encryptOID, byte* key,
XFREE(aes, NULL, DYNAMIC_TYPE_AES);
#endif
break;
#endif /* HAVE_AES_CBC */
#ifdef HAVE_AESGCM
#ifdef WOLFSSL_AES_128
case AES128GCMb:
@ -7006,7 +7047,7 @@ static int wc_PKCS7_DecryptContent(PKCS7* pkcs7, int encryptOID, byte* key,
break;
#endif
#endif /* HAVE_AESCCM */
#endif /* NO_AES */
#endif /* !NO_AES */
#ifndef NO_DES3
case DESb:
if (keySz != DES_KEYLEN || ivSz != DES_BLOCK_SIZE)
@ -7030,7 +7071,7 @@ static int wc_PKCS7_DecryptContent(PKCS7* pkcs7, int encryptOID, byte* key,
}
break;
#endif
#endif /* !NO_DES3 */
default:
WOLFSSL_MSG("Unsupported content cipher type");
return ALGO_ID_E;
@ -7509,7 +7550,7 @@ int wc_PKCS7_AddRecipient_PWRI(PKCS7* pkcs7, byte* passwd, word32 pLen,
word32 kdfAlgoIdSeqSz, kdfAlgoIdSz;
word32 kdfParamsSeqSz, kdfSaltOctetStrSz, kdfIterationsSz;
/* OPTIONAL: keyLength, not supported yet */
/* OPTIONAL: prf AlgorithIdentifier, not supported yet */
/* OPTIONAL: prf AlgorithmIdentifier, not supported yet */
/* KeyEncryptionAlgorithmIdentifier */
byte keyEncAlgoIdSeq[MAX_SEQ_SZ];

45
wolfcrypt/src/srp.c
View File

@ -42,35 +42,35 @@
/** Computes the session key using the Mask Generation Function 1. */
static int wc_SrpSetKey(Srp* srp, byte* secret, word32 size);
static int SrpHashInit(SrpHash* hash, SrpType type)
static int SrpHashInit(SrpHash* hash, SrpType type, void* heap)
{
hash->type = type;
switch (type) {
case SRP_TYPE_SHA:
#ifndef NO_SHA
return wc_InitSha(&hash->data.sha);
return wc_InitSha_ex(&hash->data.sha, heap, INVALID_DEVID);
#else
return BAD_FUNC_ARG;
#endif
case SRP_TYPE_SHA256:
#ifndef NO_SHA256
return wc_InitSha256(&hash->data.sha256);
return wc_InitSha256_ex(&hash->data.sha256, heap, INVALID_DEVID);
#else
return BAD_FUNC_ARG;
#endif
case SRP_TYPE_SHA384:
#ifdef WOLFSSL_SHA384
return wc_InitSha384(&hash->data.sha384);
return wc_InitSha384_ex(&hash->data.sha384, heap, INVALID_DEVID);
#else
return BAD_FUNC_ARG;
#endif
case SRP_TYPE_SHA512:
#ifdef WOLFSSL_SHA512
return wc_InitSha512(&hash->data.sha512);
return wc_InitSha512_ex(&hash->data.sha512, heap, INVALID_DEVID);
#else
return BAD_FUNC_ARG;
#endif
@ -217,7 +217,7 @@ static void SrpHashFree(SrpHash* hash)
}
int wc_SrpInit(Srp* srp, SrpType type, SrpSide side)
int wc_SrpInit_ex(Srp* srp, SrpType type, SrpSide side, void* heap, int devId)
{
int r;
@ -265,10 +265,10 @@ int wc_SrpInit(Srp* srp, SrpType type, SrpSide side)
/* initializing variables */
XMEMSET(srp, 0, sizeof(Srp));
if ((r = SrpHashInit(&srp->client_proof, type)) != 0)
if ((r = SrpHashInit(&srp->client_proof, type, srp->heap)) != 0)
return r;
if ((r = SrpHashInit(&srp->server_proof, type)) != 0) {
if ((r = SrpHashInit(&srp->server_proof, type, srp->heap)) != 0) {
SrpHashFree(&srp->client_proof);
return r;
}
@ -290,12 +290,19 @@ int wc_SrpInit(Srp* srp, SrpType type, SrpSide side)
#ifdef WOLFSSL_HEAP_TEST
srp->heap = (void*)WOLFSSL_HEAP_TEST;
#else
srp->heap = NULL;
#endif
srp->heap = heap;
#endif /* WOLFSSL_HEAP_TEST */
(void)devId; /* future */
return 0;
}
int wc_SrpInit(Srp* srp, SrpType type, SrpSide side)
{
return wc_SrpInit_ex(srp, type, side, NULL, INVALID_DEVID);
}
void wc_SrpTerm(Srp* srp)
{
if (srp) {
@ -382,7 +389,7 @@ int wc_SrpSetParams(Srp* srp, const byte* N, word32 nSz,
srp->saltSz = saltSz;
/* Set k = H(N, g) */
r = SrpHashInit(&hash, srp->type);
r = SrpHashInit(&hash, srp->type, srp->heap);
if (!r) r = SrpHashUpdate(&hash, (byte*) N, nSz);
for (i = 0; (word32)i < nSz - gSz; i++) {
if (!r) r = SrpHashUpdate(&hash, &pad, 1);
@ -394,13 +401,13 @@ int wc_SrpSetParams(Srp* srp, const byte* N, word32 nSz,
/* update client proof */
/* digest1 = H(N) */
if (!r) r = SrpHashInit(&hash, srp->type);
if (!r) r = SrpHashInit(&hash, srp->type, srp->heap);
if (!r) r = SrpHashUpdate(&hash, (byte*) N, nSz);
if (!r) r = SrpHashFinal(&hash, digest1);
SrpHashFree(&hash);
/* digest2 = H(g) */
if (!r) r = SrpHashInit(&hash, srp->type);
if (!r) r = SrpHashInit(&hash, srp->type, srp->heap);
if (!r) r = SrpHashUpdate(&hash, (byte*) g, gSz);
if (!r) r = SrpHashFinal(&hash, digest2);
SrpHashFree(&hash);
@ -412,7 +419,7 @@ int wc_SrpSetParams(Srp* srp, const byte* N, word32 nSz,
}
/* digest2 = H(user) */
if (!r) r = SrpHashInit(&hash, srp->type);
if (!r) r = SrpHashInit(&hash, srp->type, srp->heap);
if (!r) r = SrpHashUpdate(&hash, srp->user, srp->userSz);
if (!r) r = SrpHashFinal(&hash, digest2);
SrpHashFree(&hash);
@ -441,7 +448,7 @@ int wc_SrpSetPassword(Srp* srp, const byte* password, word32 size)
digestSz = SrpHashSize(srp->type);
/* digest = H(username | ':' | password) */
r = SrpHashInit(&hash, srp->type);
r = SrpHashInit(&hash, srp->type, srp->heap);
if (!r) r = SrpHashUpdate(&hash, srp->user, srp->userSz);
if (!r) r = SrpHashUpdate(&hash, (const byte*) ":", 1);
if (!r) r = SrpHashUpdate(&hash, password, size);
@ -449,7 +456,7 @@ int wc_SrpSetPassword(Srp* srp, const byte* password, word32 size)
SrpHashFree(&hash);
/* digest = H(salt | H(username | ':' | password)) */
if (!r) r = SrpHashInit(&hash, srp->type);
if (!r) r = SrpHashInit(&hash, srp->type, srp->heap);
if (!r) r = SrpHashUpdate(&hash, srp->salt, srp->saltSz);
if (!r) r = SrpHashUpdate(&hash, digest, digestSz);
if (!r) r = SrpHashFinal(&hash, digest);
@ -524,7 +531,7 @@ int wc_SrpSetPrivate(Srp* srp, const byte* priv, word32 size)
static int wc_SrpGenPrivate(Srp* srp, byte* priv, word32 size)
{
WC_RNG rng;
int r = wc_InitRng(&rng);
int r = wc_InitRng_ex(&rng, srp->heap, INVALID_DEVID);
if (!r) r = wc_RNG_GenerateBlock(&rng, priv, size);
if (!r) r = wc_SrpSetPrivate(srp, priv, size);
@ -608,7 +615,7 @@ static int wc_SrpSetKey(Srp* srp, byte* secret, word32 size)
counter[2] = (i >> 8) & 0xFF;
counter[3] = i & 0xFF;
r = SrpHashInit(&hash, srp->type);
r = SrpHashInit(&hash, srp->type, srp->heap);
if (!r) r = SrpHashUpdate(&hash, secret, size);
if (!r) r = SrpHashUpdate(&hash, counter, 4);
@ -688,7 +695,7 @@ int wc_SrpComputeKey(Srp* srp, byte* clientPubKey, word32 clientPubKeySz,
/* initializing variables */
if ((r = SrpHashInit(hash, srp->type)) != 0)
if ((r = SrpHashInit(hash, srp->type, srp->heap)) != 0)
goto out;
digestSz = SrpHashSize(srp->type);

129
wolfcrypt/test/test.c
View File

@ -454,7 +454,8 @@ WOLFSSL_TEST_SUBROUTINE int pbkdf2_test(void);
WOLFSSL_TEST_SUBROUTINE int scrypt_test(void);
#ifdef HAVE_ECC
WOLFSSL_TEST_SUBROUTINE int ecc_test(void);
#ifdef HAVE_ECC_ENCRYPT
#if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_AES_CBC) && \
defined(WOLFSSL_AES_128)
WOLFSSL_TEST_SUBROUTINE int ecc_encrypt_test(void);
#endif
#if defined(USE_CERT_BUFFERS_256) && !defined(WOLFSSL_ATECC508A) && \
@ -503,7 +504,7 @@ WOLFSSL_TEST_SUBROUTINE int scrypt_test(void);
#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM)
WOLFSSL_TEST_SUBROUTINE int pkcs7authenveloped_test(void);
#endif
#ifndef NO_AES
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
WOLFSSL_TEST_SUBROUTINE int pkcs7callback_test(byte* cert, word32 certSz, byte* key,
word32 keySz);
#endif
@ -1215,7 +1216,8 @@ initDefaultName();
return err_sys("ECC test failed!\n", ret);
else
test_pass("ECC test passed!\n");
#if defined(HAVE_ECC_ENCRYPT) && defined(WOLFSSL_AES_128)
#if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_AES_CBC) && \
defined(WOLFSSL_AES_128)
if ( (ret = ecc_encrypt_test()) != 0)
return err_sys("ECC Enc test failed!\n", ret);
else
@ -7878,6 +7880,7 @@ static int aes_key_size_test(void)
ERROR_OUT(-5314, out);
#endif
#endif /* !WOLFSSL_CRYPTOCELL */
ret = 0; /* success */
out:
#ifdef WOLFSSL_SMALL_STACK
@ -8555,15 +8558,15 @@ WOLFSSL_TEST_SUBROUTINE int aes_test(void)
Aes enc[1];
#endif
byte cipher[AES_BLOCK_SIZE * 4];
#if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_DIRECT)
#ifdef HAVE_AES_DECRYPT
#ifdef WOLFSSL_SMALL_STACK
Aes *dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES);
#else
Aes dec[1];
#endif
byte plain [AES_BLOCK_SIZE * 4];
#endif
#endif /* HAVE_AES_CBC || WOLFSSL_AES_COUNTER */
#endif /* HAVE_AES_DECRYPT */
#endif /* HAVE_AES_CBC || WOLFSSL_AES_COUNTER || WOLFSSL_AES_DIRECT */
int ret = 0;
#ifdef HAVE_AES_CBC
@ -9138,7 +9141,7 @@ WOLFSSL_TEST_SUBROUTINE int aes_test(void)
out:
#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER)
#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_DIRECT)
#ifdef WOLFSSL_SMALL_STACK
if (enc) {
if (ret != -5900) /* note this must match ERRROR_OUT() code
@ -9152,7 +9155,7 @@ WOLFSSL_TEST_SUBROUTINE int aes_test(void)
wc_AesFree(enc);
#endif
(void)cipher;
#if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER)
#ifdef HAVE_AES_DECRYPT
#ifdef WOLFSSL_SMALL_STACK
if (dec) {
if ((ret != -5900) && (ret != -5901))
@ -9167,8 +9170,8 @@ WOLFSSL_TEST_SUBROUTINE int aes_test(void)
wc_AesFree(dec);
#endif
(void)plain;
#endif
#endif
#endif /* HAVE_AES_DECRYPT */
#endif /* HAVE_AES_CBC || WOLFSSL_AES_COUNTER || WOLFSSL_AES_DIRECT */
return ret;
}
@ -17262,7 +17265,7 @@ static int srp_test_digest(int dgstType)
/* client knows username and password. */
/* server knows N, g, salt and verifier. */
if (!r) r = wc_SrpInit(cli, dgstType, SRP_CLIENT_SIDE);
if (!r) r = wc_SrpInit_ex(cli, dgstType, SRP_CLIENT_SIDE, HEAP_HINT, devId);
if (!r) r = wc_SrpSetUsername(cli, username, usernameSz);
/* loading N, g and salt in advance to generate the verifier. */
@ -17275,7 +17278,7 @@ static int srp_test_digest(int dgstType)
/* client sends username to server */
if (!r) r = wc_SrpInit(srv, dgstType, SRP_SERVER_SIDE);
if (!r) r = wc_SrpInit_ex(srv, dgstType, SRP_SERVER_SIDE, HEAP_HINT, devId);
if (!r) r = wc_SrpSetUsername(srv, username, usernameSz);
if (!r) r = wc_SrpSetParams(srv, N, sizeof(N),
g, sizeof(g),
@ -17330,17 +17333,17 @@ WOLFSSL_TEST_SUBROUTINE int srp_test(void)
return ret;
#endif
#ifndef NO_SHA256
srp_test_digest(SRP_TYPE_SHA256);
ret = srp_test_digest(SRP_TYPE_SHA256);
if (ret != 0)
return ret;
#endif
#ifdef WOLFSSL_SHA384
srp_test_digest(SRP_TYPE_SHA384);
ret = srp_test_digest(SRP_TYPE_SHA384);
if (ret != 0)
return ret;
#endif
#ifdef WOLFSSL_SHA512
srp_test_digest(SRP_TYPE_SHA512);
ret = srp_test_digest(SRP_TYPE_SHA512);
if (ret != 0)
return ret;
#endif
@ -23103,16 +23106,16 @@ static int ecc_test_cert_gen(WC_RNG* rng)
int ret;
#ifdef WOLFSSL_SMALL_STACK
Cert *myCert = (Cert *)XMALLOC(sizeof *myCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#ifdef WOLFSSL_TEST_CERT
#ifdef WOLFSSL_TEST_CERT
DecodedCert *decode = (DecodedCert *)XMALLOC(sizeof *decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#endif
ecc_key *caEccKey = (ecc_key *)XMALLOC(sizeof *caEccKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
ecc_key *certPubKey = (ecc_key *)XMALLOC(sizeof *certPubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#else
Cert myCert[1];
#ifdef WOLFSSL_TEST_CERT
#ifdef WOLFSSL_TEST_CERT
DecodedCert decode[1];
#endif
#endif
ecc_key caEccKey[1];
ecc_key certPubKey[1];
#endif
@ -23130,9 +23133,9 @@ static int ecc_test_cert_gen(WC_RNG* rng)
#ifdef WOLFSSL_SMALL_STACK
if ((myCert == NULL)
#ifdef WOLFSSL_TEST_CERT
#ifdef WOLFSSL_TEST_CERT
|| (decode == NULL)
#endif
#endif
|| (caEccKey == NULL) || (certPubKey == NULL))
ERROR_OUT(MEMORY_E, exit);
#endif
@ -23242,7 +23245,7 @@ static int ecc_test_cert_gen(WC_RNG* rng)
#endif /* WOLFSSL_CERT_EXT */
#ifdef ENABLE_ECC384_CERT_GEN_TEST
#if defined(USE_CERT_BUFFERS_256)
#if defined(USE_CERT_BUFFERS_256)
ret = wc_SetIssuerBuffer(myCert, ca_ecc_cert_der_384,
sizeof_ca_ecc_cert_der_384);
#else
@ -23255,9 +23258,9 @@ static int ecc_test_cert_gen(WC_RNG* rng)
sizeof_ca_ecc_cert_der_256);
#else
ret = wc_SetIssuer(myCert, eccCaCertFile);
#ifdef ENABLE_ECC384_CERT_GEN_TEST
#ifdef ENABLE_ECC384_CERT_GEN_TEST
(void)eccCaCert384File;
#endif
#endif
#endif
#endif /* ENABLE_ECC384_CERT_GEN_TEST */
if (ret < 0) {
@ -23943,7 +23946,7 @@ WOLFSSL_TEST_SUBROUTINE int ecc_test(void)
goto done;
}
#elif defined(HAVE_ECC_KEY_IMPORT)
(void) ecc_test_make_pub;/* for compiler warning */
(void)ecc_test_make_pub; /* for compiler warning */
#endif
#ifdef WOLFSSL_CERT_GEN
ret = ecc_test_cert_gen(&rng);
@ -23975,7 +23978,8 @@ done:
return ret;
}
#if defined(HAVE_ECC_ENCRYPT) && defined(WOLFSSL_AES_128)
#if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_AES_CBC) && \
defined(WOLFSSL_AES_128)
#if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256
static int ecc_encrypt_kat(WC_RNG *rng)
@ -24430,7 +24434,7 @@ done:
return ret;
}
#endif /* HAVE_ECC_ENCRYPT */
#endif /* HAVE_ECC_ENCRYPT && HAVE_AES_CBC && WOLFSSL_AES_128 */
#if defined(USE_CERT_BUFFERS_256) && !defined(WOLFSSL_ATECC508A) && \
!defined(WOLFSSL_ATECC608A) && !defined(NO_ECC256) && \
@ -24512,7 +24516,8 @@ WOLFSSL_TEST_SUBROUTINE int ecc_test_buffers(void)
#endif
#endif /* !WC_NO_RNG */
#if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_HKDF)
#if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_HKDF) && \
defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
{
word32 y;
/* test encrypt and decrypt if they're available */
@ -30545,7 +30550,7 @@ static int myOriDecryptCb(PKCS7* pkcs7, byte* oriType, word32 oriTypeSz,
}
#ifndef NO_AES
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
/* returns 0 on success */
static int myDecryptionFunc(PKCS7* pkcs7, int encryptOID, byte* iv, int ivSz,
byte* aad, word32 aadSz, byte* authTag, word32 authTagSz,
@ -30641,15 +30646,18 @@ static int myDecryptionFunc(PKCS7* pkcs7, int encryptOID, byte* iv, int ivSz,
}
switch (encryptOID) {
#ifdef WOLFSSL_AES_256
case AES256CBCb:
if ((keySz != 32 ) || (ivSz != AES_BLOCK_SIZE))
ERROR_OUT(BAD_FUNC_ARG, out);
break;
#endif
#ifdef WOLFSSL_AES_128
case AES128CBCb:
if ((keySz != 16 ) || (ivSz != AES_BLOCK_SIZE))
ERROR_OUT(BAD_FUNC_ARG, out);
break;
#endif
default:
printf("Unsupported content cipher type for example");
@ -30676,7 +30684,7 @@ static int myDecryptionFunc(PKCS7* pkcs7, int encryptOID, byte* iv, int ivSz,
(void)authTagSz;
return ret;
}
#endif /* NO_AES */
#endif /* !NO_AES && HAVE_AES_CBC */
#define PKCS7_BUF_SIZE 2048
@ -30704,14 +30712,15 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
0x72,0x6c,0x64
};
#if !defined(NO_AES) && defined(WOLFSSL_AES_256) && defined(HAVE_ECC) && \
defined(WOLFSSL_SHA512)
#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256) && \
defined(HAVE_ECC) && defined(WOLFSSL_SHA512)
byte optionalUkm[] = {
0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
};
#endif /* NO_AES */
#if !defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128)
#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) && \
!defined(NO_SHA)
/* encryption key for kekri recipient types */
byte secretKey[] = {
0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
@ -30724,8 +30733,8 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
};
#endif
#if !defined(NO_PWDBASED) && !defined(NO_AES) && \
!defined(NO_SHA) && defined(WOLFSSL_AES_128)
#if !defined(NO_PWDBASED) && !defined(NO_SHA) && \
!defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
#ifndef HAVE_FIPS
char password[] = "password"; /* NOTE: Password is too short for FIPS */
@ -30749,7 +30758,7 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
"pkcs7envelopedDataDES3.der"},
#endif
#ifndef NO_AES
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
#ifdef WOLFSSL_AES_128
{data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0, rsaCert, rsaCertSz,
rsaPrivKey, rsaPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL,
@ -30780,12 +30789,12 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0,
0, 0, 0, 0, "pkcs7envelopedDataAES256CBC_IANDS.der"},
#endif
#endif /* NO_AES */
#endif /* !NO_AES && HAVE_AES_CBC */
#endif
/* key agreement key encryption technique*/
#ifdef HAVE_ECC
#ifndef NO_AES
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
#if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
{data, (word32)sizeof(data), DATA, AES128CBCb, AES128_WRAP,
dhSinglePass_stdDH_sha1kdf_scheme, eccCert, eccCertSz, eccPrivKey,
@ -30816,11 +30825,11 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
"pkcs7envelopedDataAES256CBC_ECDH_SHA512KDF_ukm.der"},
#endif /* WOLFSSL_SHA512 && WOLFSSL_AES_256 */
#endif /* NO_AES */
#endif /* !NO_AES && HAVE_AES_CBC */
#endif
/* kekri (KEKRecipientInfo) recipient types */
#ifndef NO_AES
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
#if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
{data, (word32)sizeof(data), DATA, AES128CBCb, AES128_WRAP, 0,
NULL, 0, NULL, 0, NULL, 0, 0, 0, secretKey, sizeof(secretKey),
@ -30828,10 +30837,10 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
"pkcs7envelopedDataAES128CBC_KEKRI.der"},
#endif
#endif
#endif /* !NO_AES && HAVE_AES_CBC */
/* pwri (PasswordRecipientInfo) recipient types */
#if !defined(NO_PWDBASED) && !defined(NO_AES)
#if !defined(NO_PWDBASED) && !defined(NO_AES) && defined(HAVE_AES_CBC)
#if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
{data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0,
NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0,
@ -30841,7 +30850,7 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
#endif
#endif
#if !defined(NO_AES) && !defined(NO_AES_128)
#if !defined(NO_AES) && defined(HAVE_AES_CBC) && !defined(NO_AES_128)
/* ori (OtherRecipientInfo) recipient types */
{data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0, NULL, 0, NULL, 0,
NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0,
@ -31287,6 +31296,8 @@ static int pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
};
byte senderNonce[PKCS7_NONCE_SZ + 2];
#ifdef HAVE_ECC
#if !defined(NO_AES) && defined(HAVE_AESGCM)
#if !defined(NO_SHA256) && defined(WOLFSSL_AES_256)
WOLFSSL_SMALL_STACK_STATIC const byte senderNonceOid[] =
{ 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
0x09, 0x05 };
@ -31296,6 +31307,8 @@ static int pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
{ senderNonceOid, sizeof(senderNonceOid), senderNonce,
sizeof(senderNonce) }
};
#endif
#endif
#endif
#if !defined(NO_AES) && defined(WOLFSSL_AES_256) && defined(HAVE_ECC) && \
@ -31319,7 +31332,7 @@ static int pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
#endif
#if !defined(NO_PWDBASED) && !defined(NO_AES) && defined(HAVE_AESGCM) && \
!defined(NO_SHA) && defined(WOLFSSL_AES_128)
!defined(NO_SHA) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
#ifndef HAVE_FIPS
WOLFSSL_SMALL_STACK_STATIC const char password[] = "password";
@ -31492,7 +31505,7 @@ static int pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
/* pwri (PasswordRecipientInfo) recipient types */
#if !defined(NO_PWDBASED) && !defined(NO_AES) && defined(HAVE_AESGCM)
#if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
#if !defined(NO_SHA) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
ADD_PKCS7_TEST_VEC(
{data, (word32)sizeof(data), DATA, AES128GCMb, 0, 0,
NULL, 0, NULL, 0, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0,
@ -31783,11 +31796,11 @@ static int pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
wc_FreeRng(&rng);
#if !defined(HAVE_ECC) || defined(NO_AES)
(void)eccCert;
(void)eccCertSz;
(void)eccPrivKey;
(void)eccPrivKeySz;
#if !defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128)
(void)secretKey;
(void)secretKeyId;
#endif
@ -31898,7 +31911,8 @@ WOLFSSL_TEST_SUBROUTINE int pkcs7authenveloped_test(void)
}
#endif /* HAVE_AESGCM || HAVE_AESCCM */
#ifndef NO_AES
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
static const byte p7DefKey[] = {
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
@ -32314,7 +32328,7 @@ WOLFSSL_TEST_SUBROUTINE int pkcs7callback_test(byte* cert, word32 certSz, byte*
return ret;
}
#endif /* NO_AES */
#endif /* !NO_AES && HAVE_AES_CBC */
#ifndef NO_PKCS7_ENCRYPTED_DATA
@ -32362,7 +32376,7 @@ WOLFSSL_TEST_SUBROUTINE int pkcs7encrypted_test(void)
};
#endif
#ifndef NO_AES
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
#ifdef WOLFSSL_AES_128
byte aes128Key[] = {
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
@ -32430,7 +32444,7 @@ WOLFSSL_TEST_SUBROUTINE int pkcs7encrypted_test(void)
NULL, 0, "pkcs7encryptedDataDES.der"},
#endif /* NO_DES3 */
#ifndef NO_AES
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
#ifdef WOLFSSL_AES_128
{data, (word32)sizeof(data), DATA, AES128CBCb, aes128Key,
sizeof(aes128Key), NULL, 0, "pkcs7encryptedDataAES128CBC.der"},
@ -32459,7 +32473,7 @@ WOLFSSL_TEST_SUBROUTINE int pkcs7encrypted_test(void)
sizeof(aes256Key), NULL, 0,
"pkcs7encryptedDataAES256CBC_firmwarePkgData.der"},
#endif
#endif /* NO_AES */
#endif /* !NO_AES && HAVE_AES_CBC */
};
encrypted = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@ -33267,7 +33281,8 @@ static int pkcs7signed_run_SingleShotVectors(
0x72,0x6c,0x64
};
#if defined(WOLFSSL_AES_256) && !defined(NO_PKCS7_ENCRYPTED_DATA)
#if !defined(NO_PKCS7_ENCRYPTED_DATA) && \
defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256)
static byte aes256Key[] = {
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
@ -33320,7 +33335,8 @@ static int pkcs7signed_run_SingleShotVectors(
"pkcs7signedFirmwarePkgData_RSA_SHA256_with_ca_cert.der", 0, NULL,
0, 0, 0, 0, NULL, 0, NULL, 0, 0},
#if defined(WOLFSSL_AES_256) && !defined(NO_PKCS7_ENCRYPTED_DATA)
#if !defined(NO_PKCS7_ENCRYPTED_DATA) && \
defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256)
/* Signed Encrypted FirmwarePkgData, RSA, SHA256, no attribs */
{data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
@ -33400,7 +33416,8 @@ static int pkcs7signed_run_SingleShotVectors(
"pkcs7signedFirmwarePkgData_ECDSA_SHA256_SKID.der", 0, NULL,
0, CMS_SKID, 0, 0, NULL, 0, NULL, 0, 0},
#if defined(WOLFSSL_AES_256) && !defined(NO_PKCS7_ENCRYPTED_DATA)
#if !defined(NO_PKCS7_ENCRYPTED_DATA) && \
defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256)
/* Signed Encrypted FirmwarePkgData, ECDSA, SHA256, no attribs */
{data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,
@ -33917,7 +33934,7 @@ WOLFSSL_TEST_SUBROUTINE int pkcs7signed_test(void)
eccClientCertBuf, (word32)eccClientCertBufSz,
eccClientPrivKeyBuf, (word32)eccClientPrivKeyBufSz);
#ifndef NO_AES
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
if (ret >= 0)
ret = pkcs7callback_test(
rsaClientCertBuf, (word32)rsaClientCertBufSz,

2
wolfssl/openssl/aes.h
View File

@ -82,7 +82,7 @@ WOLFSSL_API void wolfSSL_AES_decrypt
#define AES_encrypt wolfSSL_AES_encrypt
#define AES_decrypt wolfSSL_AES_decrypt
#endif /* HAVE_AES_DIRECT */
#endif /* WOLFSSL_AES_DIRECT */
#ifndef AES_ENCRYPT
#define AES_ENCRYPT AES_ENCRYPTION

2
wolfssl/openssl/evp.h
View File

@ -105,7 +105,7 @@ WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_ecb(void);
WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_ecb(void);
WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_ecb(void);
WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cbc(void);
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
#if !defined(NO_AES) && (defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT))
WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_cbc(void);
WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_cbc(void);
#endif

15
wolfssl/test.h
View File

@ -3053,7 +3053,7 @@ typedef struct AtomicDecCtx {
Aes aes; /* for aes example */
} AtomicDecCtx;
#if !defined(NO_HMAC) && !defined(NO_AES) && defined(HAVE_AES_CBC)
static WC_INLINE int myMacEncryptCb(WOLFSSL* ssl, unsigned char* macOut,
const unsigned char* macIn, unsigned int macInSz, int macContent,
int macVerify, unsigned char* encOut, const unsigned char* encIn,
@ -3124,7 +3124,6 @@ static WC_INLINE int myMacEncryptCb(WOLFSSL* ssl, unsigned char* macOut,
return wc_AesCbcEncrypt(&encCtx->aes, encOut, encIn, encSz);
}
static WC_INLINE int myDecryptVerifyCb(WOLFSSL* ssl,
unsigned char* decOut, const unsigned char* decIn,
unsigned int decSz, int macContent, int macVerify,
@ -3225,7 +3224,7 @@ static WC_INLINE int myDecryptVerifyCb(WOLFSSL* ssl,
return ret;
}
#if defined(HAVE_ENCRYPT_THEN_MAC)
#ifdef HAVE_ENCRYPT_THEN_MAC
static WC_INLINE int myEncryptMacCb(WOLFSSL* ssl, unsigned char* macOut,
int content, int macVerify, unsigned char* encOut,
@ -3379,7 +3378,8 @@ static WC_INLINE int myVerifyDecryptCb(WOLFSSL* ssl,
return 0;
}
#endif
#endif /* HAVE_ENCRYPT_THEN_MAC */
#endif /* !NO_HMAC && !NO_AES && HAVE_AES_CBC */
static WC_INLINE void SetupAtomicUser(WOLFSSL_CTX* ctx, WOLFSSL* ssl)
@ -3399,18 +3399,23 @@ static WC_INLINE void SetupAtomicUser(WOLFSSL_CTX* ctx, WOLFSSL* ssl)
}
XMEMSET(decCtx, 0, sizeof(AtomicDecCtx));
#if !defined(NO_HMAC) && !defined(NO_AES) && defined(HAVE_AES_CBC)
wolfSSL_CTX_SetMacEncryptCb(ctx, myMacEncryptCb);
wolfSSL_SetMacEncryptCtx(ssl, encCtx);
wolfSSL_CTX_SetDecryptVerifyCb(ctx, myDecryptVerifyCb);
wolfSSL_SetDecryptVerifyCtx(ssl, decCtx);
#if defined(HAVE_ENCRYPT_THEN_MAC)
#ifdef HAVE_ENCRYPT_THEN_MAC
wolfSSL_CTX_SetEncryptMacCb(ctx, myEncryptMacCb);
wolfSSL_SetEncryptMacCtx(ssl, encCtx);
wolfSSL_CTX_SetVerifyDecryptCb(ctx, myVerifyDecryptCb);
wolfSSL_SetVerifyDecryptCtx(ssl, decCtx);
#endif
#else
(void)ctx;
(void)ssl;
#endif
}

2
wolfssl/wolfcrypt/srp.h
View File

@ -137,6 +137,8 @@ typedef struct Srp {
* @return 0 on success, {@literal <} 0 on error. @see error-crypt.h
*/
WOLFSSL_API int wc_SrpInit(Srp* srp, SrpType type, SrpSide side);
WOLFSSL_API int wc_SrpInit_ex(Srp* srp, SrpType type, SrpSide side,
void* heap, int devId);
/**
* Releases the Srp struct resources after usage.