wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-31 19:24:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

add better comments and update return values

Browse Source
This commit is contained in:
Jacob Barthelmeh
2018-01-09 18:38:41 -07:00
parent 89973a7eaf
commit 9839809c99
4 changed files with 375 additions and 128 deletions
Download Patch File Download Diff File Expand all files Collapse all files

244
src/ssl.c
View File

@@ -6839,6 +6839,15 @@ int wolfSSL_CTX_SetTmpDH_file(WOLFSSL_CTX* ctx, const char* fname, int format)
#ifdef OPENSSL_EXTRA
/* put SSL type in extra for now, not very common */
/* Converts a DER format key read from "bio" to a PKCS8 structure.
*
* bio input bio to read DER from
* pkey If not NULL then this pointer will be overwritten with a new PKCS8
* structure.
*
* returns a WOLFSSL_PKCS8_PRIV_KEY_INFO pointer on success and NULL in fail
* case.
*/
WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY_bio(WOLFSSL_BIO* bio,
WOLFSSL_PKCS8_PRIV_KEY_INFO** pkey)
{
@@ -6883,7 +6892,14 @@ WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY_bio(WOLFSSL_BIO* bio,
}
/* expecting DER format public key */
/* expecting DER format public key
*
* bio input bio to read DER from
* out If not NULL then this pointer will be overwritten with a new
* WOLFSSL_EVP_PKEY pointer
*
* returns a WOLFSSL_EVP_PKEY pointer on success and NULL in fail case.
*/
WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY_bio(WOLFSSL_BIO* bio,
WOLFSSL_EVP_PKEY** out)
{
@@ -12119,7 +12135,14 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
/* for complete compatibility a bio memory write allocs its own memory
* untill the application runs out ....
* until the application runs out ....
*
* bio structure to hold incoming data
* data buffer holding the data to be written
* len length of data buffer
*
* returns the amount of data written on success and WOLFSSL_FAILURE or
* WOLFSSL_BIO_ERROR for failure cases.
*/
static int wolfSSL_BIO_MEMORY_write(WOLFSSL_BIO* bio, const void* data,
int len)
@@ -12140,7 +12163,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
DYNAMIC_TYPE_OPENSSL);
if (bio->mem == NULL) {
WOLFSSL_MSG("Error on malloc");
return SSL_FAILURE;
return WOLFSSL_FAILURE;
}
bio->memLen = len;
}
@@ -12155,7 +12178,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
DYNAMIC_TYPE_OPENSSL);
if (bio->mem == NULL) {
WOLFSSL_MSG("Error on realloc");
return SSL_FAILURE;
return WOLFSSL_FAILURE;
}
bio->memLen = sz + len;
}
@@ -12985,22 +13008,30 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
}
}
/* returns the type of message digest used by the ctx */
int wolfSSL_EVP_MD_CTX_type(const WOLFSSL_EVP_MD_CTX *ctx) {
WOLFSSL_ENTER("EVP_MD_CTX_type");
return ctx->macType;
WOLFSSL_ENTER("EVP_MD_CTX_type");
return ctx->macType;
}
/* returns WOLFSSL_SUCCESS on success */
int wolfSSL_EVP_MD_CTX_copy(WOLFSSL_EVP_MD_CTX *out, const WOLFSSL_EVP_MD_CTX *in)
{
return EVP_MD_CTX_copy_ex(out, in);
return wolfSSL_EVP_MD_CTX_copy_ex(out, in);
}
/* copies structure in to the structure out
*
* returns WOLFSSL_SUCCESS on success */
int wolfSSL_EVP_MD_CTX_copy_ex(WOLFSSL_EVP_MD_CTX *out, const WOLFSSL_EVP_MD_CTX *in)
{
if((out == NULL) || (in == NULL))return 0;
if ((out == NULL) || (in == NULL)) return WOLFSSL_FAILURE;
WOLFSSL_ENTER("EVP_CIPHER_MD_CTX_copy_ex");
XMEMCPY(out, in, sizeof(WOLFSSL_EVP_MD_CTX));
return 1;
return WOLFSSL_SUCCESS;
}
void wolfSSL_EVP_MD_CTX_init(WOLFSSL_EVP_MD_CTX* ctx)
@@ -14295,6 +14326,12 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
}
/* returns the unsigned error value and increments the pointer into the
* error queue.
*
* file pointer to file name
* line gets set to line number of error when not NULL
*/
unsigned long wolfSSL_ERR_get_error_line(const char** file, int* line)
{
#ifdef DEBUG_WOLFSSL
@@ -14843,6 +14880,10 @@ static void ExternalFreeX509(WOLFSSL_X509* x509)
}
/* Creates a new WOLFSSL_ASN1_STRING structure.
*
* returns a pointer to the new structure created on success or NULL if fail
*/
WOLFSSL_ASN1_STRING* wolfSSL_ASN1_STRING_new()
{
WOLFSSL_ASN1_STRING* asn1;
@@ -14859,6 +14900,7 @@ static void ExternalFreeX509(WOLFSSL_X509* x509)
}
/* used to free a WOLFSSL_ASN1_STRING structure */
void wolfSSL_ASN1_STRING_free(WOLFSSL_ASN1_STRING* asn1)
{
WOLFSSL_ENTER("wolfSSL_ASN1_STRING_free");
@@ -14872,6 +14914,12 @@ static void ExternalFreeX509(WOLFSSL_X509* x509)
}
/* Creates a new WOLFSSL_ASN1_STRING structure given the input type.
*
* type is the type of set when WOLFSSL_ASN1_STRING is created
*
* returns a pointer to the new structure created on success or NULL if fail
*/
WOLFSSL_ASN1_STRING* wolfSSL_ASN1_STRING_type_new(int type)
{
WOLFSSL_ASN1_STRING* asn1;
@@ -14889,7 +14937,7 @@ static void ExternalFreeX509(WOLFSSL_X509* x509)
/* if dataSz is negative then use XSTRLEN to find length of data
* return SSL_SUCCESS on success and SSL_FAILURE on failure */
* return WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure */
int wolfSSL_ASN1_STRING_set(WOLFSSL_ASN1_STRING* asn1, const void* data,
int dataSz)
{
@@ -14898,7 +14946,7 @@ static void ExternalFreeX509(WOLFSSL_X509* x509)
WOLFSSL_ENTER("wolfSSL_ASN1_STRING_set");
if (data == NULL || asn1 == NULL) {
return SSL_FAILURE;
return WOLFSSL_FAILURE;
}
if (dataSz < 0) {
@@ -14909,7 +14957,7 @@ static void ExternalFreeX509(WOLFSSL_X509* x509)
}
if (sz < 0) {
return SSL_FAILURE;
return WOLFSSL_FAILURE;
}
/* free any existing data before copying */
@@ -14920,12 +14968,12 @@ static void ExternalFreeX509(WOLFSSL_X509* x509)
/* create new data buffer and copy over */
asn1->data = (char*)XMALLOC(sz, NULL, DYNAMIC_TYPE_OPENSSL);
if (asn1->data == NULL) {
return SSL_FAILURE;
return WOLFSSL_FAILURE;
}
XMEMCPY(asn1->data, data, sz);
asn1->length = sz;
return SSL_SUCCESS;
return WOLFSSL_SUCCESS;
}
@@ -15270,6 +15318,10 @@ void wolfSSL_sk_X509_free(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk) {
#endif /* NO_CERTS && OPENSSL_EXTRA */
/* Wraps wolfSSL_X509_d2i
*
* returns a WOLFSSL_X509 structure pointer on success and NULL on fail
*/
WOLFSSL_X509* wolfSSL_d2i_X509(WOLFSSL_X509** x509, const unsigned char** in,
int len)
{
@@ -16177,6 +16229,9 @@ void wolfSSL_X509_free(WOLFSSL_X509* x509)
}
/* returns a pointer to a new WOLFSSL_X509 structure on success and NULL on
* fail
*/
WOLFSSL_X509* wolfSSL_X509_new()
{
WOLFSSL_X509* x509;
@@ -16502,12 +16557,19 @@ WOLFSSL_X509_LOOKUP* wolfSSL_X509_STORE_add_lookup(WOLFSSL_X509_STORE* store,
#ifndef NO_CERTS
/* Converts the X509 to DER format and outputs it into bio.
*
* bio is the structure to hold output DER
* x509 certificate to create DER from
*
* returns WOLFSSL_SUCCESS on success
*/
int wolfSSL_i2d_X509_bio(WOLFSSL_BIO* bio, WOLFSSL_X509* x509)
{
WOLFSSL_ENTER("wolfSSL_i2d_X509_bio");
if (bio == NULL || x509 == NULL) {
return SSL_FAILURE;
return WOLFSSL_FAILURE;
}
if (bio->mem != NULL) {
@@ -16521,17 +16583,24 @@ int wolfSSL_i2d_X509_bio(WOLFSSL_BIO* bio, WOLFSSL_X509* x509)
bio->mem = (byte*)XMALLOC(len, NULL, DYNAMIC_TYPE_OPENSSL);
if (bio->mem == NULL) {
WOLFSSL_MSG("Memory allocation error");
return SSL_FAILURE;
return WOLFSSL_FAILURE;
}
bio->memLen = len;
XMEMCPY(bio->mem, der, len);
return SSL_SUCCESS;
return WOLFSSL_SUCCESS;
}
return SSL_FAILURE;
return WOLFSSL_FAILURE;
}
/* Converts the DER from bio and creates a WOLFSSL_X509 structure from it.
*
* bio is the structure holding DER
* x509 certificate to create from DER. Can be NULL
*
* returns pointer to WOLFSSL_X509 structure on success and NULL on fail
*/
WOLFSSL_X509* wolfSSL_d2i_X509_bio(WOLFSSL_BIO* bio, WOLFSSL_X509** x509)
{
WOLFSSL_X509* localX509 = NULL;
@@ -16626,6 +16695,21 @@ static int wolfSSL_i2d_PrivateKey(WOLFSSL_EVP_PKEY* key, unsigned char** der)
/* Creates a new WC_PKCS12 structure
*
* pass password to use
* name friendlyName to use
* pkey private key to go into PKCS12 bundle
* cert certificate to go into PKCS12 bundle
* ca extra certificates that can be added to bundle. Can be NULL
* keyNID type of encryption to use on the key (-1 means no encryption)
* certNID type of ecnryption to use on the certificate
* itt number of iterations with encryption
* macItt number of iterations with mac creation
* keyType flag for signature and/or encryption key
*
* returns a pointer to a new WC_PKCS12 structure on success and NULL on fail
*/
WC_PKCS12* wolfSSL_PKCS12_create(char* pass, char* name,
WOLFSSL_EVP_PKEY* pkey, WOLFSSL_X509* cert,
WOLF_STACK_OF(WOLFSSL_X509)* ca,
@@ -16707,7 +16791,7 @@ WC_PKCS12* wolfSSL_PKCS12_create(char* pass, char* name,
}
/* return 1 on success, 0 on failure */
/* return WOLFSSL_SUCCESS on success, WOLFSSL_FAILURE on failure */
int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
WOLFSSL_EVP_PKEY** pkey, WOLFSSL_X509** cert, WOLF_STACK_OF(WOLFSSL_X509)** ca)
{
@@ -16724,7 +16808,7 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
if (pkcs12 == NULL || psw == NULL || pkey == NULL || cert == NULL) {
WOLFSSL_MSG("Bad argument value");
return 0;
return WOLFSSL_FAILURE;
}
heap = wc_PKCS12_GetHeap(pkcs12);
@@ -16742,7 +16826,7 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
}
if (ret < 0) {
WOLFSSL_LEAVE("wolfSSL_PKCS12_parse", ret);
return 0;
return WOLFSSL_FAILURE;
}
/* Decode cert and place in X509 stack struct */
@@ -16766,7 +16850,7 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
XFREE(current, heap, DYNAMIC_TYPE_PKCS);
current = next;
}
return 0;
return WOLFSSL_FAILURE;
}
XMEMSET(*ca, 0, sizeof(WOLF_STACK_OF(WOLFSSL_X509)));
@@ -16804,7 +16888,7 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
XFREE(current, heap, DYNAMIC_TYPE_PKCS);
current = next;
}
return 0;
return WOLFSSL_FAILURE;
}
FreeDecodedCert(&DeCert);
@@ -16827,7 +16911,7 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
XFREE(current, heap, DYNAMIC_TYPE_PKCS);
current = next;
}
return 0;
return WOLFSSL_FAILURE;
}
}
current = current->next;
@@ -16849,7 +16933,7 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
wolfSSL_sk_X509_free(*ca); *ca = NULL;
}
XFREE(certData, heap, DYNAMIC_TYPE_PKCS);
return 0;
return WOLFSSL_FAILURE;
}
InitX509(*cert, 1, heap);
InitDecodedCert(&DeCert, certData, certDataSz, heap);
@@ -16866,7 +16950,7 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
wolfSSL_sk_X509_free(*ca); *ca = NULL;
}
wolfSSL_X509_free(*cert); *cert = NULL;
return 0;
return WOLFSSL_FAILURE;
}
FreeDecodedCert(&DeCert);
XFREE(certData, heap, DYNAMIC_TYPE_PKCS);
@@ -16883,7 +16967,7 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
wolfSSL_sk_X509_free(*ca); *ca = NULL;
}
XFREE(pk, heap, DYNAMIC_TYPE_PUBLIC_KEY);
return 0;
return WOLFSSL_FAILURE;
}
#ifndef NO_RSA
{
@@ -16907,7 +16991,7 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
}
wolfSSL_EVP_PKEY_free(*pkey); *pkey = NULL;
XFREE(pk, heap, DYNAMIC_TYPE_PKCS);
return SSL_FAILURE;
return WOLFSSL_FAILURE;
}
if ((ret = wolfSSL_RSA_LoadDer_ex((*pkey)->rsa, pk, pkSz,
WOLFSSL_RSA_LOAD_PRIVATE)) != SSL_SUCCESS) {
@@ -16918,7 +17002,7 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
}
wolfSSL_EVP_PKEY_free(*pkey); *pkey = NULL;
XFREE(pk, heap, DYNAMIC_TYPE_PKCS);
return SSL_FAILURE;
return WOLFSSL_FAILURE;
}
WOLFSSL_MSG("Found PKCS12 RSA key");
@@ -16942,7 +17026,7 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
}
wolfSSL_EVP_PKEY_free(*pkey); *pkey = NULL;
XFREE(pk, heap, DYNAMIC_TYPE_PKCS);
return 0;
return WOLFSSL_FAILURE;
}
if ((ret = wc_EccPrivateKeyDecode(pk, &keyIdx, &key, pkSz))
@@ -16954,7 +17038,7 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
wolfSSL_EVP_PKEY_free(*pkey); *pkey = NULL;
XFREE(pk, heap, DYNAMIC_TYPE_PKCS);
WOLFSSL_MSG("Bad PKCS12 key format");
return 0;
return WOLFSSL_FAILURE;
}
(*pkey)->type = ECDSAk;
(*pkey)->pkey_curve = key.dp->oidSum;
@@ -16971,7 +17055,7 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
wolfSSL_EVP_PKEY_free(*pkey); *pkey = NULL;
XFREE(pk, heap, DYNAMIC_TYPE_PKCS);
WOLFSSL_MSG("Bad PKCS12 key format");
return 0;
return WOLFSSL_FAILURE;
}
#endif /* HAVE_ECC */
@@ -16983,7 +17067,7 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
(void)ret;
(void)ca;
return 1;
return WOLFSSL_SUCCESS;
}
#endif /* !defined(NO_ASN) && !defined(NO_PWDBASED) */
@@ -19451,7 +19535,7 @@ int wolfSSL_BN_rand(WOLFSSL_BIGNUM* bn, int bits, int top, int bottom)
}
/* SSL_SUCCESS on ok
/* WOLFSSL_SUCCESS on ok
* code is same as wolfSSL_BN_rand except for how top and bottom is handled.
* top -1 then leave most sig bit alone
* top 0 then most sig is set to 1
@@ -19520,7 +19604,7 @@ int wolfSSL_BN_pseudo_rand(WOLFSSL_BIGNUM* bn, int bits, int top, int bottom)
if (mp_read_unsigned_bin((mp_int*)bn->internal,buff,len) != MP_OKAY)
WOLFSSL_MSG("mp read bin failed");
else
ret = SSL_SUCCESS;
ret = WOLFSSL_SUCCESS;
}
}
@@ -21240,6 +21324,8 @@ int wolfSSL_DSA_generate_key(WOLFSSL_DSA* dsa)
}
/* Returns a pointer to a new WOLFSSL_DSA structure on success and NULL on fail
*/
WOLFSSL_DSA* wolfSSL_DSA_generate_parameters(int bits, unsigned char* seed,
int seedLen, int* counterRet, unsigned long* hRet,
WOLFSSL_BN_CB cb, void* CBArg)
@@ -21593,7 +21679,9 @@ int wolfSSL_RSA_sign_ex(int type, const unsigned char* m,
return ret;
}
WOLFSSL_API int wolfSSL_RSA_verify(int type, const unsigned char* m,
/* returns WOLFSSL_SUCCESS on successful verify and WOLFSSL_FAILURE on fail */
int wolfSSL_RSA_verify(int type, const unsigned char* m,
unsigned int mLen, const unsigned char* sig,
unsigned int sigLen, WOLFSSL_RSA* rsa)
{
@@ -21605,19 +21693,19 @@ WOLFSSL_API int wolfSSL_RSA_verify(int type, const unsigned char* m,
WOLFSSL_ENTER("wolfSSL_RSA_verify");
if((m == NULL) || (sig == NULL)) {
WOLFSSL_MSG("Bad function arguments");
return 0;
return WOLFSSL_FAILURE;
}
sigRet = (unsigned char *)XMALLOC(sigLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if(sigRet == NULL){
WOLFSSL_MSG("Memory failure");
return 0;
return WOLFSSL_FAILURE;
}
sigDec = (unsigned char *)XMALLOC(sigLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if(sigRet == NULL){
WOLFSSL_MSG("Memory failure");
XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return 0;
return WOLFSSL_FAILURE;
}
/* get non-encrypted signature to be compared with decrypted sugnature*/
ret = wolfSSL_RSA_sign_ex(type, m, mLen, sigRet, &len, rsa, 0);
@@ -21625,7 +21713,7 @@ WOLFSSL_API int wolfSSL_RSA_verify(int type, const unsigned char* m,
WOLFSSL_MSG("Message Digest Error");
XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(sigDec, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return 0;
return WOLFSSL_FAILURE;
}
show("Encoded Message", sigRet, len);
/* decrypt signature */
@@ -21634,7 +21722,7 @@ WOLFSSL_API int wolfSSL_RSA_verify(int type, const unsigned char* m,
WOLFSSL_MSG("RSA Decrypt error");
XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(sigDec, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return 0;
return WOLFSSL_FAILURE;
}
show("Decrypted Signature", sigDec, ret);
@@ -21642,12 +21730,12 @@ WOLFSSL_API int wolfSSL_RSA_verify(int type, const unsigned char* m,
WOLFSSL_MSG("wolfSSL_RSA_verify success");
XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(sigDec, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return 1;
return WOLFSSL_SUCCESS;
} else {
WOLFSSL_MSG("wolfSSL_RSA_verify failed");
XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(sigDec, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return 0;
return WOLFSSL_FAILURE;
}
}
@@ -21927,10 +22015,13 @@ WOLFSSL_RSA* wolfSSL_EVP_PKEY_get1_RSA(WOLFSSL_EVP_PKEY* key)
#ifndef NO_RSA
/* with set1 functions the pkey struct does not own the RSA structure */
WOLFSSL_API int wolfSSL_EVP_PKEY_set1_RSA(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_RSA *key)
/* with set1 functions the pkey struct does not own the RSA structure
*
* returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure
*/
int wolfSSL_EVP_PKEY_set1_RSA(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_RSA *key)
{
if((pkey == NULL) || (key ==NULL))return 0;
if((pkey == NULL) || (key ==NULL))return WOLFSSL_FAILURE;
WOLFSSL_ENTER("wolfSSL_EVP_PKEY_set1_RSA");
if (pkey->rsa != NULL && pkey->ownRsa == 1) {
wolfSSL_RSA_free(pkey->rsa);
@@ -21946,7 +22037,7 @@ WOLFSSL_API int wolfSSL_EVP_PKEY_set1_RSA(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_RSA *k
}
}
#endif
return 1;
return WOLFSSL_SUCCESS;
}
#endif /* NO_RSA */
@@ -24454,6 +24545,10 @@ int wolfSSL_EC_KEY_LoadDer(WOLFSSL_EC_KEY* key,
#endif /* HAVE_ECC */
/* Creates a new WOLFSSL_EVP_PKEY structure that has the public key from x509
*
* returns a pointer to the created WOLFSSL_EVP_PKEY on success and NULL on fail
*/
WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509)
{
WOLFSSL_EVP_PKEY* key = NULL;
@@ -25282,7 +25377,11 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
#endif /* ifndef NO_CERTS */
/* NID variables are dependent on compatibility header files currently */
/* NID variables are dependent on compatibility header files currently
*
* returns a pointer to a new WOLFSSL_ASN1_OBJECT struct on success and NULL
* on fail
*/
WOLFSSL_ASN1_OBJECT* wolfSSL_OBJ_nid2obj(int id)
{
word32 oidSz = 0;
@@ -25703,7 +25802,10 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
}
/* if no_name is one than use numerical form otherwise can be short name. */
/* if no_name is one than use numerical form otherwise can be short name.
*
* returns the buffer size on success
*/
int wolfSSL_OBJ_obj2txt(char *buf, int bufLen, WOLFSSL_ASN1_OBJECT *a, int no_name)
{
int bufSz;
@@ -25712,7 +25814,7 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
if (buf == NULL || bufLen <= 1 || a == NULL) {
WOLFSSL_MSG("Bad input argument");
return SSL_FAILURE;
return WOLFSSL_FAILURE;
}
if (no_name == 1) {
@@ -25721,7 +25823,7 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
if (a->obj[idx++] != ASN_OBJECT_ID) {
WOLFSSL_MSG("Bad ASN1 Object");
return SSL_FAILURE;
return WOLFSSL_FAILURE;
}
if (GetLength((const byte*)a->obj, &idx, &length,
@@ -25739,7 +25841,7 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
if ((bufSz = DecodePolicyOID(buf, (word32)bufSz, a->obj + idx,
(word32)length)) <= 0) {
WOLFSSL_MSG("Error decoding OID");
return SSL_FAILURE;
return WOLFSSL_FAILURE;
}
}
@@ -26261,6 +26363,8 @@ WOLFSSL_BUF_MEM* wolfSSL_BUF_MEM_new(void)
return buf;
}
/* returns length of buffer on success */
int wolfSSL_BUF_MEM_grow(WOLFSSL_BUF_MEM* buf, size_t len)
{
int len_int = (int)len;
@@ -26481,6 +26585,10 @@ end:
#ifdef WOLFSSL_CERT_GEN
#ifdef WOLFSSL_CERT_REQ
/* writes the x509 from x to the WOLFSSL_BIO bp
*
* returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on fail
*/
int wolfSSL_PEM_write_bio_X509_REQ(WOLFSSL_BIO *bp, WOLFSSL_X509 *x)
{
byte* pem;
@@ -26492,40 +26600,44 @@ int wolfSSL_PEM_write_bio_X509_REQ(WOLFSSL_BIO *bp, WOLFSSL_X509 *x)
WOLFSSL_ENTER("wolfSSL_PEM_write_bio_X509_REQ()");
if (x == NULL || bp == NULL) {
return SSL_FAILURE;
return WOLFSSL_FAILURE;
}
der = wolfSSL_X509_get_der(x, &derSz);
if (der == NULL) {
return SSL_FAILURE;
return WOLFSSL_FAILURE;
}
/* get PEM size */
pemSz = wc_DerToPemEx(der, derSz, NULL, 0, NULL, CERTREQ_TYPE);
if (pemSz < 0) {
return SSL_FAILURE;
return WOLFSSL_FAILURE;
}
/* create PEM buffer and convert from DER */
pem = (byte*)XMALLOC(pemSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (pem == NULL) {
return SSL_FAILURE;
return WOLFSSL_FAILURE;
}
if (wc_DerToPemEx(der, derSz, pem, pemSz, NULL, CERTREQ_TYPE) < 0) {
XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return SSL_FAILURE;
return WOLFSSL_FAILURE;
}
/* write the PEM to BIO */
ret = wolfSSL_BIO_write(bp, pem, pemSz);
XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (ret <= 0) return SSL_FAILURE;
return SSL_SUCCESS;
if (ret <= 0) return WOLFSSL_FAILURE;
return WOLFSSL_SUCCESS;
}
#endif /* WOLFSSL_CERT_REQ */
/* writes the x509 from x to the WOLFSSL_BIO bp
*
* returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on fail
*/
int wolfSSL_PEM_write_bio_X509_AUX(WOLFSSL_BIO *bp, WOLFSSL_X509 *x)
{
byte* pem;
@@ -26538,36 +26650,36 @@ int wolfSSL_PEM_write_bio_X509_AUX(WOLFSSL_BIO *bp, WOLFSSL_X509 *x)
if (bp == NULL || x == NULL) {
WOLFSSL_MSG("NULL argument passed in");
return SSL_FAILURE;
return WOLFSSL_FAILURE;
}
der = wolfSSL_X509_get_der(x, &derSz);
if (der == NULL) {
return SSL_FAILURE;
return WOLFSSL_FAILURE;
}
/* get PEM size */
pemSz = wc_DerToPemEx(der, derSz, NULL, 0, NULL, CERT_TYPE);
if (pemSz < 0) {
return SSL_FAILURE;
return WOLFSSL_FAILURE;
}
/* create PEM buffer and convert from DER */
pem = (byte*)XMALLOC(pemSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (pem == NULL) {
return SSL_FAILURE;
return WOLFSSL_FAILURE;
}
if (wc_DerToPemEx(der, derSz, pem, pemSz, NULL, CERT_TYPE) < 0) {
XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return SSL_FAILURE;
return WOLFSSL_FAILURE;
}
/* write the PEM to BIO */
ret = wolfSSL_BIO_write(bp, pem, pemSz);
XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (ret <= 0) return SSL_FAILURE;
return SSL_SUCCESS;
if (ret <= 0) return WOLFSSL_FAILURE;
return WOLFSSL_SUCCESS;
}
#endif /* WOLFSSL_CERT_GEN */

38
wolfcrypt/src/asn.c
View File

@@ -2606,7 +2606,27 @@ exit_tte:
}
/* encrypt PKCS 12 content */
/* encrypt PKCS 12 content
*
* NOTE: if out is NULL then outSz is set with the total buffer size needed and
* the error value LENGTH_ONLY_E is returned.
*
* input data to encrypt
* inputSz size of input buffer
* out buffer to hold the result
* outSz size of out buffer
* password password if used. Can be NULL for no password
* passwordSz size of password buffer
* vPKCS version of PKCS i.e. PKCS5v2
* vAlgo algorithm version
* salt buffer holding salt if used. If NULL then a random salt is created
* saltSz size of salt buffer if it is not NULL
* itt number of iterations used
* rng random number generator to use
* heap possible heap hint for mallocs/frees
*
* returns the total size of encrypted content on success.
*/
int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz,
const char* password, int passwordSz, int vPKCS, int vAlgo,
byte* salt, word32 saltSz, int itt, WC_RNG* rng, void* heap)
@@ -2641,6 +2661,10 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz,
if (saltSz > MAX_SALT_SIZE)
return ASN_PARSE_E;
if (outSz == NULL) {
return BAD_FUNC_ARG;
}
if (out == NULL) {
sz = inputSz;
switch (id) {
@@ -2769,7 +2793,17 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz,
}
/* decrypt PKCS */
/* decrypt PKCS
*
* NOTE: input buffer is overwritten with decrypted data!
*
* input[in/out] data to decrypt and results are written to
* sz size of input buffer
* password password if used. Can be NULL for no password
* passwordSz size of password buffer
*
* returns the total size of decrypted content on success.
*/
int DecryptContent(byte* input, word32 sz,const char* password,int passwordSz)
{
word32 inOutIdx = 0, seqEnd, oid;

164
wolfcrypt/src/evp.c
View File

@@ -136,7 +136,7 @@ WOLFSSL_API int wolfSSL_EVP_EncryptFinal(WOLFSSL_EVP_CIPHER_CTX *ctx,
return wolfSSL_EVP_CipherFinal(ctx, out, outl);
}
else
return 0;
return WOLFSSL_FAILURE;
}
@@ -158,14 +158,14 @@ WOLFSSL_API int wolfSSL_EVP_EncryptFinal_ex(WOLFSSL_EVP_CIPHER_CTX *ctx,
return wolfSSL_EVP_CipherFinal(ctx, out, outl);
}
else
return 0;
return WOLFSSL_FAILURE;
}
WOLFSSL_API int wolfSSL_EVP_DecryptFinal(WOLFSSL_EVP_CIPHER_CTX *ctx,
unsigned char *out, int *outl)
{
if (ctx && ctx->enc)
return 0;
return WOLFSSL_FAILURE;
else{
WOLFSSL_ENTER("wolfSSL_EVP_DecryptFinal");
return wolfSSL_EVP_CipherFinal(ctx, out, outl);
@@ -176,7 +176,7 @@ WOLFSSL_API int wolfSSL_EVP_DecryptFinal_ex(WOLFSSL_EVP_CIPHER_CTX *ctx,
unsigned char *out, int *outl)
{
if (ctx && ctx->enc)
return 0;
return WOLFSSL_FAILURE;
else{
WOLFSSL_ENTER("wolfSSL_EVP_CipherFinal_ex");
return wolfSSL_EVP_CipherFinal(ctx, out, outl);
@@ -283,17 +283,17 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx,
break;
#endif
default:
return 0;
return WOLFSSL_FAILURE;
}
if (ret != 0)
return 0; /* failure */
return WOLFSSL_FAILURE; /* failure */
(void)in;
(void)inl;
(void)out;
return 1; /* success */
return WOLFSSL_SUCCESS; /* success */
}
WOLFSSL_API int wolfSSL_EVP_CipherUpdate(WOLFSSL_EVP_CIPHER_CTX *ctx,
@@ -307,7 +307,7 @@ WOLFSSL_API int wolfSSL_EVP_CipherUpdate(WOLFSSL_EVP_CIPHER_CTX *ctx,
if ((ctx == NULL) || (inl < 0))return BAD_FUNC_ARG;
WOLFSSL_ENTER("wolfSSL_EVP_CipherUpdate");
if(inl == 0)return 0;
if (inl == 0) return WOLFSSL_FAILURE;
if (ctx->bufUsed > 0) { /* concatinate them if there is anything */
fill = fillBuff(ctx, in, inl);
inl -= fill;
@@ -323,7 +323,7 @@ WOLFSSL_API int wolfSSL_EVP_CipherUpdate(WOLFSSL_EVP_CIPHER_CTX *ctx,
/* the buff is full, flash out */
PRINT_BUF(ctx->buf, ctx->block_size);
if (evpCipherBlock(ctx, out, ctx->buf, ctx->block_size) == 0)
return 0;
return WOLFSSL_FAILURE;
PRINT_BUF(out, ctx->block_size);
if(ctx->enc == 0){
ctx->lastUsed = 1;
@@ -339,7 +339,7 @@ WOLFSSL_API int wolfSSL_EVP_CipherUpdate(WOLFSSL_EVP_CIPHER_CTX *ctx,
if (blocks > 0) {
/* process blocks */
if (evpCipherBlock(ctx, out, in, blocks * ctx->block_size) == 0)
return 0;
return WOLFSSL_FAILURE;
PRINT_BUF(in, ctx->block_size*blocks);
PRINT_BUF(out,ctx->block_size*blocks);
inl -= ctx->block_size * blocks;
@@ -366,7 +366,7 @@ WOLFSSL_API int wolfSSL_EVP_CipherUpdate(WOLFSSL_EVP_CIPHER_CTX *ctx,
(void)out; /* silence warning in case not read */
return 1;
return WOLFSSL_SUCCESS;
}
static void padBlock(WOLFSSL_EVP_CIPHER_CTX *ctx)
@@ -397,36 +397,36 @@ WOLFSSL_API int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx,
if (ctx == NULL || out == NULL) return BAD_FUNC_ARG;
WOLFSSL_ENTER("wolfSSL_EVP_CipherFinal");
if (ctx->flags & WOLFSSL_EVP_CIPH_NO_PADDING) {
if (ctx->bufUsed != 0) return 0;
if (ctx->bufUsed != 0) return WOLFSSL_FAILURE;
*outl = 0;
return 1;
return WOLFSSL_SUCCESS;
}
if (ctx->enc) {
if (ctx->block_size == 1){
*outl = 0; return 1;
*outl = 0; return WOLFSSL_SUCCESS;
}
if ((ctx->bufUsed >= 0) && (ctx->block_size != 1)) {
padBlock(ctx);
PRINT_BUF(ctx->buf, ctx->block_size);
if (evpCipherBlock(ctx, out, ctx->buf, ctx->block_size) == 0)
return 0;
return WOLFSSL_FAILURE;
PRINT_BUF(out, ctx->block_size);
*outl = ctx->block_size;
}
} else {
if (ctx->block_size == 1){
*outl = 0; return 1;
*outl = 0; return WOLFSSL_SUCCESS;
}
if (ctx->lastUsed){
PRINT_BUF(ctx->lastBlock, ctx->block_size);
if ((fl = checkPad(ctx, ctx->lastBlock)) >= 0) {
XMEMCPY(out, ctx->lastBlock, fl);
*outl = fl;
} else return 0;
} else return WOLFSSL_FAILURE;
}
}
return 1;
return WOLFSSL_SUCCESS;
}
WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_block_size(const WOLFSSL_EVP_CIPHER_CTX *ctx)
@@ -614,14 +614,26 @@ WOLFSSL_API int wolfSSL_EVP_add_digest(const WOLFSSL_EVP_MD *digest)
}
/* Frees the WOLFSSL_EVP_PKEY_CTX passed in.
*
* return WOLFSSL_SUCCESS on success
*/
WOLFSSL_API int wolfSSL_EVP_PKEY_CTX_free(WOLFSSL_EVP_PKEY_CTX *ctx)
{
if (ctx == NULL)return 0;
WOLFSSL_ENTER("EVP_PKEY_CTX_free");
XFREE(ctx, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
return 1;
return WOLFSSL_SUCCESS;
}
/* Creates a new WOLFSSL_EVP_PKEY_CTX structure.
*
* pkey key structure to use with new WOLFSSL_EVP_PEKY_CTX
* e engine to use. It should be NULL at this time.
*
* return the new structure on success and NULL if failed.
*/
WOLFSSL_API WOLFSSL_EVP_PKEY_CTX *wolfSSL_EVP_PKEY_CTX_new(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_ENGINE *e)
{
WOLFSSL_EVP_PKEY_CTX* ctx;
@@ -642,19 +654,38 @@ WOLFSSL_API WOLFSSL_EVP_PKEY_CTX *wolfSSL_EVP_PKEY_CTX_new(WOLFSSL_EVP_PKEY *pke
return ctx;
}
/* Sets the type of RSA padding to use.
*
* ctx structure to set padding in.
* padding RSA padding type
*
* returns WOLFSSL_SUCCESS on success.
*/
WOLFSSL_API int wolfSSL_EVP_PKEY_CTX_set_rsa_padding(WOLFSSL_EVP_PKEY_CTX *ctx, int padding)
{
if (ctx == NULL)return 0;
WOLFSSL_ENTER("EVP_PKEY_CTX_set_rsa_padding");
ctx->padding = padding;
return 1;
return WOLFSSL_SUCCESS;
}
/* Uses the WOLFSSL_EVP_PKEY_CTX to decrypt a buffer.
*
* ctx structure to decrypt with
* out buffer to hold the results
* outlen initially holds size of out buffer and gets set to decrypt result size
* in buffer decrypt
* inlen length of in buffer
*
* returns WOLFSSL_SUCCESS on success.
*/
WOLFSSL_API int wolfSSL_EVP_PKEY_decrypt(WOLFSSL_EVP_PKEY_CTX *ctx,
unsigned char *out, size_t *outlen,
const unsigned char *in, size_t inlen)
{
if (ctx == NULL)return 0;
if (ctx == NULL)return WOLFSSL_FAILURE;
WOLFSSL_ENTER("EVP_PKEY_decrypt");
(void)out;
@@ -662,43 +693,51 @@ WOLFSSL_API int wolfSSL_EVP_PKEY_decrypt(WOLFSSL_EVP_PKEY_CTX *ctx,
(void)in;
(void)inlen;
switch(ctx->pkey->type){
switch (ctx->pkey->type) {
#if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
case EVP_PKEY_RSA:
*outlen = wolfSSL_RSA_private_decrypt((int)inlen, (unsigned char*)in, out,
ctx->pkey->rsa, ctx->padding);
if(*outlen > 0)
return 1;
return WOLFSSL_SUCCESS;
else
return 0;
return WOLFSSL_FAILURE;
#endif /* NO_RSA */
case EVP_PKEY_EC:
WOLFSSL_MSG("not implemented");
/* not implemented */
default:
return 0;
return WOLFSSL_FAILURE;
}
}
/* Initialize a WOLFSSL_EVP_PKEY_CTX structure for decryption
*
* ctx WOLFSSL_EVP_PKEY_CTX structure to use with decryption
*
* Returns WOLFSSL_FAILURE on failure and WOLFSSL_SUCCESS on success
*/
WOLFSSL_API int wolfSSL_EVP_PKEY_decrypt_init(WOLFSSL_EVP_PKEY_CTX *ctx)
{
if (ctx == NULL)return 0;
if (ctx == NULL) return WOLFSSL_FAILURE;
WOLFSSL_ENTER("EVP_PKEY_decrypt_init");
switch(ctx->pkey->type){
case EVP_PKEY_RSA:
ctx->op = EVP_PKEY_OP_ENCRYPT;
return 1;
return WOLFSSL_SUCCESS;
case EVP_PKEY_EC:
WOLFSSL_MSG("not implemented");
/* not implemented */
default:
return 0;
return WOLFSSL_FAILURE;
}
}
/* Use a WOLFSSL_EVP_PKEY_CTX structure to encrypt data
*
* ctx WOLFSSL_EVP_PKEY_CTX structure to use with encryption
@@ -707,31 +746,31 @@ WOLFSSL_API int wolfSSL_EVP_PKEY_decrypt_init(WOLFSSL_EVP_PKEY_CTX *ctx)
* in data to be encrypted
* inlen length of in buffer
*
* Returns 0 on failure and 1 on success
* Returns WOLFSSL_FAILURE on failure and WOLFSSL_SUCCESS on success
*/
WOLFSSL_API int wolfSSL_EVP_PKEY_encrypt(WOLFSSL_EVP_PKEY_CTX *ctx,
unsigned char *out, size_t *outlen,
const unsigned char *in, size_t inlen)
{
int len;
if (ctx == NULL)return 0;
if (ctx == NULL) return WOLFSSL_FAILURE;
WOLFSSL_ENTER("EVP_PKEY_encrypt");
if(ctx->op != EVP_PKEY_OP_ENCRYPT)return 0;
if (ctx->op != EVP_PKEY_OP_ENCRYPT) return WOLFSSL_FAILURE;
(void)out;
(void)outlen;
(void)in;
(void)inlen;
(void)len;
switch(ctx->pkey->type){
switch (ctx->pkey->type){
#if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
case EVP_PKEY_RSA:
len = wolfSSL_RSA_public_encrypt((int)inlen, (unsigned char *)in, out,
ctx->pkey->rsa, ctx->padding);
if(len < 0)return 0;
if (len < 0) return WOLFSSL_FAILURE;
else {
*outlen = len ;
return 1;
return WOLFSSL_SUCCESS;
}
#endif /* NO_RSA */
@@ -739,25 +778,25 @@ WOLFSSL_API int wolfSSL_EVP_PKEY_encrypt(WOLFSSL_EVP_PKEY_CTX *ctx,
WOLFSSL_MSG("not implemented");
/* not implemented */
default:
return 0;
return WOLFSSL_FAILURE;
}
}
WOLFSSL_API int wolfSSL_EVP_PKEY_encrypt_init(WOLFSSL_EVP_PKEY_CTX *ctx)
{
if (ctx == NULL)return 0;
if (ctx == NULL) return WOLFSSL_FAILURE;
WOLFSSL_ENTER("EVP_PKEY_encrypt_init");
switch(ctx->pkey->type){
case EVP_PKEY_RSA:
ctx->op = EVP_PKEY_OP_ENCRYPT;
return 1;
return WOLFSSL_SUCCESS;
case EVP_PKEY_EC:
WOLFSSL_MSG("not implemented");
/* not implemented */
default:
return 0;
return WOLFSSL_FAILURE;
}
}
@@ -813,12 +852,19 @@ WOLFSSL_API int wolfSSL_EVP_SignUpdate(WOLFSSL_EVP_MD_CTX *ctx, const void *data
/* macro gaurd because currently only used with RSA */
#if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
/* Helper function for getting the NID value from md
*
* returns the NID value associated with md on success */
static int md2nid(int md)
{
const char * d ;
d = (const char *)wolfSSL_EVP_get_md((const unsigned char)md);
if(XSTRNCMP(d, "SHA", 3) == 0)return NID_sha1;
if(XSTRNCMP(d, "MD5", 3) == 0)return NID_md5;
if (d == NULL) {
return MEMORY_E;
}
if (XSTRNCMP(d, "SHA", 3) == 0) return NID_sha1;
if (XSTRNCMP(d, "MD5", 3) == 0) return NID_md5;
return 0;
}
#endif /* NO_RSA */
@@ -829,21 +875,21 @@ WOLFSSL_API int wolfSSL_EVP_SignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *si
unsigned int mdsize;
unsigned char md[MAX_DIGEST_SIZE];
int ret;
if (ctx == NULL)return 0;
if (ctx == NULL) return WOLFSSL_FAILURE;
WOLFSSL_ENTER("EVP_SignFinal");
ret = wolfSSL_EVP_DigestFinal(ctx, md, &mdsize);
if(ret <= 0)return ret;
if (ret <= 0) return ret;
(void)sigret;
(void)siglen;
switch(pkey->type){
switch (pkey->type){
#if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
case EVP_PKEY_RSA:
{
int nid = md2nid(ctx->macType);
if(nid < 0)return 0;
if (nid < 0) return WOLFSSL_FAILURE;
return wolfSSL_RSA_sign(nid, md, mdsize, sigret,
siglen, pkey->rsa);
}
@@ -854,7 +900,7 @@ WOLFSSL_API int wolfSSL_EVP_SignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *si
WOLFSSL_MSG("not implemented");
/* not implemented */
default:
return 0;
return WOLFSSL_FAILURE;
}
}
@@ -879,15 +925,15 @@ WOLFSSL_API int wolfSSL_EVP_VerifyFinal(WOLFSSL_EVP_MD_CTX *ctx,
unsigned char md[MAX_DIGEST_SIZE];
unsigned int mdsize;
if (ctx == NULL)return 0;
if (ctx == NULL) return 0;
WOLFSSL_ENTER("EVP_VerifyFinal");
ret = wolfSSL_EVP_DigestFinal(ctx, md, &mdsize);
if(ret <= 0)return ret;
if (ret <= 0) return ret;
(void)sig;
(void)siglen;
switch(pkey->type){
switch (pkey->type) {
#if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
case EVP_PKEY_RSA:{
int nid = md2nid(ctx->macType);
@@ -1015,14 +1061,14 @@ int wolfSSL_EVP_DigestSignInit(WOLFSSL_EVP_MD_CTX *ctx,
key = wolfSSL_EVP_PKEY_get0_hmac(pkey, &keySz);
if (wc_HmacInit(&ctx->hash.hmac, NULL, INVALID_DEVID) != 0)
return 0;
return WOLFSSL_FAILURE;
if (wc_HmacSetKey(&ctx->hash.hmac, hashType, key, (word32)keySz) != 0)
return 0;
return WOLFSSL_FAILURE;
ctx->macType = NID_hmac & 0xFF;
return 1;
return WOLFSSL_SUCCESS;
}
@@ -1032,12 +1078,12 @@ int wolfSSL_EVP_DigestSignUpdate(WOLFSSL_EVP_MD_CTX *ctx,
WOLFSSL_ENTER("EVP_DigestSignFinal");
if (ctx->macType != (NID_hmac & 0xFF))
return 0;
return WOLFSSL_FAILURE;
if (wc_HmacUpdate(&ctx->hash.hmac, (const byte *)d, cnt) != 0)
return 0;
return WOLFSSL_FAILURE;
return 1;
return WOLFSSL_SUCCESS;
}
@@ -1051,10 +1097,10 @@ int wolfSSL_EVP_DigestSignFinal(WOLFSSL_EVP_MD_CTX *ctx,
WOLFSSL_ENTER("EVP_DigestSignFinal");
if (ctx == NULL || siglen == NULL)
return 0;
return WOLFSSL_FAILURE;
if (ctx->macType != (NID_hmac & 0xFF))
return 0;
return WOLFSSL_FAILURE;
switch (ctx->hash.hmac.macType) {
#ifndef NO_MD5
@@ -1104,7 +1150,7 @@ int wolfSSL_EVP_DigestSignFinal(WOLFSSL_EVP_MD_CTX *ctx,
if (sig == NULL) {
*siglen = hashLen;
return 1;
return WOLFSSL_SUCCESS;
}
if ((int)(*siglen) > hashLen)
@@ -1140,8 +1186,8 @@ WOLFSSL_API int wolfSSL_PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
ret = wc_PBKDF2((byte*)out, (byte*)pass, passlen, (byte*)salt, saltlen,
iter, keylen, WC_SHA);
if (ret == 0)
return SSL_SUCCESS;
return WOLFSSL_SUCCESS;
else
return SSL_FAILURE;
return WOLFSSL_FAILURE;
}
#endif /* OPENSSL_EXTRA && !NO_PWDBASED !NO_SHA*/

57
wolfcrypt/src/pkcs12.c
View File

@@ -1144,7 +1144,21 @@ exit_pk12par:
}
/* Helper function to shroud keys.
*
* pkcs12 structure to use with shrouding key
* rng random number generator used
* out buffer to hold results
* outSz size of out buffer
* key key that is going to be shrouded
* keySz size of key buffer
* vAlgo algorithm version
* pass password to use
* passSz size of pass buffer
* itt number of iterations
*
* returns the size of the shrouded key on success
*/
static int wc_PKCS12_shroud_key(WC_PKCS12* pkcs12, WC_RNG* rng,
byte* out, word32* outSz, byte* key, word32 keySz, int vAlgo,
const char* pass, int passSz, int itt)
@@ -1219,6 +1233,21 @@ static int wc_PKCS12_shroud_key(WC_PKCS12* pkcs12, WC_RNG* rng,
}
/* Helper function to create key bag.
*
* pkcs12 structure to use with key bag
* rng random number generator used
* out buffer to hold results
* outSz size of out buffer
* key key that is going into key bag
* keySz size of key buffer
* algo algorithm version
* iter number of iterations
* pass password to use
* passSz size of pass buffer
*
* returns the size of the key bag on success
*/
static int wc_PKCS12_create_key_bag(WC_PKCS12* pkcs12, WC_RNG* rng,
byte* out, word32* outSz, byte* key, word32 keySz, int algo, int iter,
char* pass, int passSz)
@@ -1293,6 +1322,16 @@ static int wc_PKCS12_create_key_bag(WC_PKCS12* pkcs12, WC_RNG* rng,
}
/* Helper function to create cert bag.
*
* pkcs12 structure to use with cert bag
* out buffer to hold results
* outSz size of out buffer
* cert cert that is going into cert bag
* certSz size of cert buffer
*
* returns the size of the cert bag on success
*/
static int wc_PKCS12_create_cert_bag(WC_PKCS12* pkcs12,
byte* out, word32* outSz, byte* cert, word32 certSz)
{
@@ -1385,6 +1424,22 @@ static int wc_PKCS12_create_cert_bag(WC_PKCS12* pkcs12,
}
/* Helper function to encrypt content.
*
* pkcs12 structure to use with key bag
* rng random number generator used
* out buffer to hold results
* outSz size of out buffer
* content content to encrypt
* contentSz size of content buffer
* vAlgo algorithm version
* pass password to use
* passSz size of pass buffer
* iter number of iterations
* type content type i.e WC_PKCS12_ENCRYPTED_DATA or WC_PKCS12_DATA
*
* returns the size of result on success
*/
static int wc_PKCS12_encrypt_content(WC_PKCS12* pkcs12, WC_RNG* rng,
byte* out, word32* outSz, byte* content, word32 contentSz, int vAlgo,
const char* pass, int passSz, int iter, int type)