From a03ed32380fb369c70bdcb499cff85c8db66bd8a Mon Sep 17 00:00:00 2001 From: David Garske Date: Thu, 14 Oct 2021 14:38:57 -0700 Subject: [PATCH] Support for Android KeyStore compatibility API's: * Adds `EVP_PKCS82PKEY` and `d2i_PKCS8_PRIV_KEY_INFO`. * Adds `EVP_PKEY2PKCS8` and `i2d_PKCS8_PRIV_KEY_INFO`. * Adds `ECDSA_verify`. * Fix to allow `SHA256()` and `MD5()` with FIPSv2. * Decouple crypto callbacks and hash flags * Fix for possible use of uninitialized when building TLS bench without TLS v1.3. * Fix for building with `NO_CHECK_PRIVATE_KEY`. Test `./configure --disable-pkcs12 --enable-opensslextra CFLAGS="-DNO_CHECK_PRIVATE_KEY"`. * Fix to support `RSA_public_decrypt` for PKCSv15 only with FIPS. * Cleanup `RSA_public_encrypt`, `RSA_public_decrypt` and `RSA_private_decrypt`. * Added instructions for building wolfSSL with Android kernel. --- IDE/Android/Android.bp | 115 +++++++++ IDE/Android/README.md | 37 +++ IDE/Android/include.am | 8 + IDE/Android/user_settings.h | 101 ++++++++ IDE/include.am | 1 + examples/benchmark/tls_bench.c | 12 +- src/internal.c | 12 +- src/ssl.c | 337 ++++++++++++++++---------- tests/api.c | 78 +++--- wolfcrypt/src/evp.c | 19 ++ wolfcrypt/src/hash.c | 4 +- wolfcrypt/src/md5.c | 6 +- wolfcrypt/src/port/arm/armv8-sha256.c | 4 +- wolfcrypt/src/port/arm/armv8-sha512.c | 24 +- wolfcrypt/src/port/nxp/dcp_port.c | 8 +- wolfcrypt/src/sha.c | 6 +- wolfcrypt/src/sha256.c | 12 +- wolfcrypt/src/sha3.c | 6 +- wolfcrypt/src/sha512.c | 26 +- wolfssl/openssl/ec.h | 5 + wolfssl/openssl/evp.h | 6 + wolfssl/openssl/md5.h | 28 ++- wolfssl/openssl/sha.h | 17 +- wolfssl/openssl/ssl.h | 2 + wolfssl/ssl.h | 5 +- wolfssl/wolfcrypt/hash.h | 2 +- wolfssl/wolfcrypt/md5.h | 4 +- wolfssl/wolfcrypt/settings.h | 10 + wolfssl/wolfcrypt/sha.h | 4 +- wolfssl/wolfcrypt/sha256.h | 6 +- wolfssl/wolfcrypt/sha3.h | 4 +- wolfssl/wolfcrypt/sha512.h | 10 +- 32 files changed, 682 insertions(+), 237 deletions(-) create mode 100644 IDE/Android/Android.bp create mode 100644 IDE/Android/README.md create mode 100644 IDE/Android/include.am create mode 100644 IDE/Android/user_settings.h diff --git a/IDE/Android/Android.bp b/IDE/Android/Android.bp new file mode 100644 index 000000000..3be3b13c6 --- /dev/null +++ b/IDE/Android/Android.bp @@ -0,0 +1,115 @@ +cc_library_shared { + + name: "libwolfssl", + + arch: { + arm: { + instruction_set: "arm", + }, + arm64: { + cflags: ["-DARM64"], + }, + }, + compile_multilib: "both", + export_include_dirs: ["."], + shared_libs: ["liblog"], + cflags: [ + "-DWOLFSSL_USER_SETTINGS", + "-Os", + "-fomit-frame-pointer", + ], + include_dirs: [ + "external/wolfssl/wolfssl", + "external/wolfssl", + ], + + srcs: [ + "./src/crl.c", + "./src/internal.c", + "./src/keys.c", + "./src/ocsp.c", + "./src/sniffer.c", + "./src/ssl.c", + "./src/tls.c", + "./src/tls13.c", + "./src/wolfio.c", + ] + [ + "./wolfcrypt/src/aes.c", + "./wolfcrypt/src/arc4.c", + "./wolfcrypt/src/asm.c", + "./wolfcrypt/src/asn.c", + "./wolfcrypt/src/blake2b.c", + "./wolfcrypt/src/blake2s.c", + "./wolfcrypt/src/camellia.c", + "./wolfcrypt/src/chacha.c", + "./wolfcrypt/src/chacha20_poly1305.c", + "./wolfcrypt/src/cmac.c", + "./wolfcrypt/src/coding.c", + "./wolfcrypt/src/compress.c", + "./wolfcrypt/src/cpuid.c", + "./wolfcrypt/src/cryptocb.c", + "./wolfcrypt/src/curve25519.c", + "./wolfcrypt/src/curve448.c", + "./wolfcrypt/src/des3.c", + "./wolfcrypt/src/dh.c", + "./wolfcrypt/src/dsa.c", + "./wolfcrypt/src/ecc.c", + "./wolfcrypt/src/ecc_fp.c", + "./wolfcrypt/src/ed25519.c", + "./wolfcrypt/src/ed448.c", + "./wolfcrypt/src/error.c", + "./wolfcrypt/src/fe_448.c", + "./wolfcrypt/src/fe_low_mem.c", + "./wolfcrypt/src/fe_operations.c", + "./wolfcrypt/src/fips.c", + "./wolfcrypt/src/fips_test.c", + "./wolfcrypt/src/ge_448.c", + "./wolfcrypt/src/ge_low_mem.c", + "./wolfcrypt/src/ge_operations.c", + "./wolfcrypt/src/hash.c", + "./wolfcrypt/src/hc128.c", + "./wolfcrypt/src/hmac.c", + "./wolfcrypt/src/idea.c", + "./wolfcrypt/src/integer.c", + "./wolfcrypt/src/logging.c", + "./wolfcrypt/src/md2.c", + "./wolfcrypt/src/md4.c", + "./wolfcrypt/src/md5.c", + "./wolfcrypt/src/memory.c", + "./wolfcrypt/src/pkcs12.c", + "./wolfcrypt/src/pkcs7.c", + "./wolfcrypt/src/poly1305.c", + "./wolfcrypt/src/pwdbased.c", + "./wolfcrypt/src/rabbit.c", + "./wolfcrypt/src/random.c", + "./wolfcrypt/src/rc2.c", + "./wolfcrypt/src/ripemd.c", + "./wolfcrypt/src/rsa.c", + "./wolfcrypt/src/selftest.c", + "./wolfcrypt/src/sha256.c", + "./wolfcrypt/src/sha3.c", + "./wolfcrypt/src/sha512.c", + "./wolfcrypt/src/sha.c", + "./wolfcrypt/src/signature.c", + "./wolfcrypt/src/sp_arm32.c", + "./wolfcrypt/src/sp_arm64.c", + "./wolfcrypt/src/sp_armthumb.c", + "./wolfcrypt/src/sp_c32.c", + "./wolfcrypt/src/sp_c64.c", + "./wolfcrypt/src/sp_cortexm.c", + "./wolfcrypt/src/sp_dsp32.c", + "./wolfcrypt/src/sp_int.c", + "./wolfcrypt/src/sp_x86_64.c", + "./wolfcrypt/src/srp.c", + "./wolfcrypt/src/tfm.c", + "./wolfcrypt/src/wc_dsp.c", + "./wolfcrypt/src/wc_encrypt.c", + "./wolfcrypt/src/wc_pkcs11.c", + "./wolfcrypt/src/wc_port.c", + "./wolfcrypt/src/wolfcrypt_first.c", + "./wolfcrypt/src/wolfcrypt_last.c", + "./wolfcrypt/src/wolfevent.c", + "./wolfcrypt/src/wolfmath.c", + ], + +} diff --git a/IDE/Android/README.md b/IDE/Android/README.md new file mode 100644 index 000000000..49806b545 --- /dev/null +++ b/IDE/Android/README.md @@ -0,0 +1,37 @@ +# Android wolfSSL Support + +Tested on Android v8.1 with WPA Supplicant and KeyStore to replace BoringSSL. + +## Files + +* `Android.bp`: Template build system file for wolfSSL. +* `user_settings.h`: Template build settings for wolfSSL + +## Installation + +1) Place the wolfSSL library into `./external/wolfssl` +2) Copy `Android.bp` into `./external/wolfssl` +3) Copy `user_settings.h` into `./external/wolfssl` +4) Add `PRODUCT_PACKAGES += libwolfssl` to your device .mk. + +## Typical Android build instruction + +```sh +source build/envsetup.sh +lunch [num] +mm -j8 +``` + +## Using wolfSSL in your Application + +In your `Android.mk` build file for your application add the following: + +```makefile +# Crypto Provider - wolfSSL +LOCAL_CFLAGS += -DWOLFSSL_USER_SETTINGS -Iexternal/wolfssl -Iexternal/wolfssl/wolfssl +LOCAL_SHARED_LIBRARIES += libwolfssl +``` + +## Support + +For questions please email support@wolfssl.com diff --git a/IDE/Android/include.am b/IDE/Android/include.am new file mode 100644 index 000000000..961d9e054 --- /dev/null +++ b/IDE/Android/include.am @@ -0,0 +1,8 @@ +# vim:ft=automake +# included from Top Level Makefile.am +# All paths should be given relative to the root + +EXTRA_DIST += \ + IDE/Android/Android.bp \ + IDE/Android/README.md \ + IDE/Android/user_settings.h diff --git a/IDE/Android/user_settings.h b/IDE/Android/user_settings.h new file mode 100644 index 000000000..f21920f8c --- /dev/null +++ b/IDE/Android/user_settings.h @@ -0,0 +1,101 @@ +/* Custom build settings for Android */ + +#ifndef _WOLF_USER_SETTINGS_H_ +#define _WOLF_USER_SETTINGS_H_ + +#if 0 + #define HAVE_FIPS_VERSION 2 + #define HAVE_FIPS +#endif + +/* WPA Supplicant Support */ +#define WOLFSSL_WPAS_SMALL +#define OPENSSL_ALL +#define HAVE_THREAD_LS + +#define USE_FAST_MATH +#define TFM_TIMING_RESISTANT +#define ECC_TIMING_RESISTANT +#define WC_RSA_BLINDING + +#define HAVE_HASHDRBG + +#define WOLFSSL_TLS13 +#define HAVE_SESSION_TICKET +#define HAVE_TLS_EXTENSIONS +#define HAVE_SUPPORTED_CURVES +#define HAVE_EXTENDED_MASTER +#define HAVE_ENCRYPT_THEN_MAC +#define WOLFSSL_ENCRYPTED_KEYS +#define HAVE_KEYING_MATERIAL +#define NO_OLD_TLS +#define NO_CHECK_PRIVATE_KEY + +#define WOLF_CRYPTO_CB +#define HAVE_PK_CALLBACKS + +#define KEEP_OUR_CERT +#define KEEP_PEER_CERT +#define WOLFSSL_ALWAYS_VERIFY_CB +#define WOLFSSL_ALWAYS_KEEP_SNI +#define HAVE_EX_DATA +#define HAVE_EXT_CACHE +#define WOLFSSL_EITHER_SIDE +#define WOLFSSL_PUBLIC_MP +#define WOLFSSL_DER_LOAD + +#define WOLFSSL_KEY_GEN +#define WC_RSA_PSS +#define WC_RSA_NO_PADDING + +#define HAVE_FFDHE_2048 +#define HAVE_DH_DEFAULT_PARAMS +#ifdef HAVE_FIPS + #define WOLFSSL_VALIDATE_FFC_IMPORT + #define HAVE_FFDHE_Q +#endif + +#define WOLFSSL_SHA224 +#define WOLFSSL_SHA512 +#define WOLFSSL_SHA384 + +#define HAVE_HKDF +#define HAVE_PKCS8 + +#define HAVE_ECC +#define TFM_ECC256 +#define ECC_SHAMIR +#ifdef HAVE_FIPS + #define HAVE_ECC_CDH + #define WOLFSSL_VALIDATE_ECC_IMPORT +#endif + +#define HAVE_AESGCM +#define HAVE_AESCCM +#define WOLFSSL_AES_DIRECT +#define WOLFSSL_AES_COUNTER +#define HAVE_AES_ECB +#define WOLFSSL_CMAC + +#define WOLFSSL_BASE64_ENCODE +#define HAVE_CRL + +#define NO_DSA +#define NO_RC4 +#define NO_HC128 +#define NO_RABBIT +#define NO_RC4 +#define NO_PSK +#define WOLFSSL_NO_SHAKE256 +#define NO_MD4 +#define NO_OLD_MD5_NAME +#define NO_OLD_SHA_NAMES +#define NO_OLD_SHA256_NAMES +#define NO_OLD_WC_NAMES + +#if 0 + #define DEBUG_WOLFSSL + #define WOLFSSL_ANDROID_DEBUG +#endif + +#endif /* _WOLF_USER_SETTINGS_H_ */ diff --git a/IDE/include.am b/IDE/include.am index ccd1dd34d..a75942f1e 100644 --- a/IDE/include.am +++ b/IDE/include.am @@ -40,6 +40,7 @@ include IDE/VisualDSP/include.am include IDE/QNX/include.am include IDE/WINCE/include.am include IDE/iotsafe/include.am +include IDE/Android/include.am EXTRA_DIST+= IDE/IAR-EWARM IDE/MDK-ARM IDE/MDK5-ARM IDE/MYSQL IDE/LPCXPRESSO IDE/HEXIWEAR IDE/Espressif EXTRA_DIST+= IDE/OPENSTM32/README.md diff --git a/examples/benchmark/tls_bench.c b/examples/benchmark/tls_bench.c index a3ebf122d..41268aaa2 100644 --- a/examples/benchmark/tls_bench.c +++ b/examples/benchmark/tls_bench.c @@ -243,6 +243,7 @@ static const unsigned char dhg[] = #endif /* !NO_WOLFSSL_SERVER */ #endif /* !NO_DH */ +#ifdef WOLFSSL_TLS13 struct group_info { word16 group; const char *name; @@ -300,6 +301,7 @@ static struct group_info groups[] = { #endif { 0, NULL } }; +#endif /* WOLFSSL_TLS13 */ #ifdef HAVE_PTHREAD typedef struct { @@ -1707,7 +1709,9 @@ int bench_tls(void* args) info_t *theadInfo = NULL, *info; stats_t cli_comb, srv_comb; int i; - int group_index; +#ifdef WOLFSSL_TLS13 + int group_index = 0; +#endif char *cipher, *next_cipher, *ciphers = NULL; int argc = 0; char** argv = NULL; @@ -1932,6 +1936,7 @@ int bench_tls(void* args) /* parse by : */ while ((cipher != NULL) && (cipher[0] != '\0')) { + const char *gname = "N/A"; next_cipher = strchr(cipher, ':'); if (next_cipher != NULL) { cipher[next_cipher - cipher] = '\0'; @@ -1943,6 +1948,7 @@ int bench_tls(void* args) #ifdef WOLFSSL_TLS13 for (group_index = 0; groups[group_index].name != NULL; group_index++) { + gname = theadInfo[0].group == 0 ? "N/A" : groups[group_index].name; if (argDoGroups && groups[group_index].group == 0) { /* Skip unsupported group. */ @@ -2041,15 +2047,13 @@ int bench_tls(void* args) } #endif /* HAVE_PTHREAD */ - const char *gname = theadInfo[0].group == 0 ? - "N/A" : groups[group_index].name; if (argShowVerbose) { /* print results */ for (i = 0; i < argThreadPairs; ++i) { info = &theadInfo[i]; fprintf(stderr, "\nThread %d\n", i); - #ifndef NO_WOLFSSL_SERVER + #ifndef NO_WOLFSSL_SERVER if (!argClientOnly) print_stats(&info->server_stats, "Server", info->cipher, gname, 1); #endif diff --git a/src/internal.c b/src/internal.c index 4e839613c..47f809a0f 100644 --- a/src/internal.c +++ b/src/internal.c @@ -6024,7 +6024,7 @@ int InitHandshakeHashes(WOLFSSL* ssl) ret = wc_InitMd5_ex(&ssl->hsHashes->hashMd5, ssl->heap, ssl->devId); if (ret != 0) return ret; - #if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) + #ifdef WOLFSSL_HASH_FLAGS wc_Md5SetFlags(&ssl->hsHashes->hashMd5, WC_HASH_FLAG_WILLCOPY); #endif #endif @@ -6032,7 +6032,7 @@ int InitHandshakeHashes(WOLFSSL* ssl) ret = wc_InitSha_ex(&ssl->hsHashes->hashSha, ssl->heap, ssl->devId); if (ret != 0) return ret; - #if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) + #ifdef WOLFSSL_HASH_FLAGS wc_ShaSetFlags(&ssl->hsHashes->hashSha, WC_HASH_FLAG_WILLCOPY); #endif #endif @@ -6041,7 +6041,7 @@ int InitHandshakeHashes(WOLFSSL* ssl) ret = wc_InitSha256_ex(&ssl->hsHashes->hashSha256, ssl->heap, ssl->devId); if (ret != 0) return ret; - #if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) + #ifdef WOLFSSL_HASH_FLAGS wc_Sha256SetFlags(&ssl->hsHashes->hashSha256, WC_HASH_FLAG_WILLCOPY); #endif #endif @@ -6049,7 +6049,7 @@ int InitHandshakeHashes(WOLFSSL* ssl) ret = wc_InitSha384_ex(&ssl->hsHashes->hashSha384, ssl->heap, ssl->devId); if (ret != 0) return ret; - #if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) + #ifdef WOLFSSL_HASH_FLAGS wc_Sha384SetFlags(&ssl->hsHashes->hashSha384, WC_HASH_FLAG_WILLCOPY); #endif #endif @@ -6057,7 +6057,7 @@ int InitHandshakeHashes(WOLFSSL* ssl) ret = wc_InitSha512_ex(&ssl->hsHashes->hashSha512, ssl->heap, ssl->devId); if (ret != 0) return ret; - #if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) + #ifdef WOLFSSL_HASH_FLAGS wc_Sha512SetFlags(&ssl->hsHashes->hashSha512, WC_HASH_FLAG_WILLCOPY); #endif #endif @@ -21902,7 +21902,7 @@ int PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, word32 hashSigAlgoSz) #if !defined(NO_CERTS) -#ifdef WOLF_CRYPTO_CB +#if defined(WOLF_CRYPTO_CB) && !defined(NO_CHECK_PRIVATE_KEY) /* Create a private key for a device. * * pkey Key object. diff --git a/src/ssl.c b/src/ssl.c index 2c4a6706c..033f2caa7 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -7868,6 +7868,72 @@ WOLFSSL_EVP_PKEY* wolfSSL_CTX_get0_privatekey(const WOLFSSL_CTX* ctx) #ifdef OPENSSL_EXTRA +WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY( + WOLFSSL_PKCS8_PRIV_KEY_INFO** pkey, const unsigned char** keyBuf, long keyLen) +{ + WOLFSSL_PKCS8_PRIV_KEY_INFO* pkcs8 = NULL; +#ifdef WOLFSSL_PEM_TO_DER + int ret; + DerBuffer* der = NULL; + + if (keyBuf == NULL || *keyBuf == NULL || keyLen <= 0) { + WOLFSSL_MSG("Bad key PEM/DER args"); + return NULL; + } + + ret = PemToDer(*keyBuf, keyLen, PRIVATEKEY_TYPE, &der, NULL, NULL, NULL); + if (ret < 0) { + WOLFSSL_MSG("Not PEM format"); + ret = AllocDer(&der, (word32)keyLen, PRIVATEKEY_TYPE, NULL); + if (ret == 0) { + XMEMCPY(der->buffer, *keyBuf, keyLen); + } + } + + if (ret == 0) { + /* Verify this is PKCS8 Key */ + word32 inOutIdx = 0; + word32 algId; + ret = ToTraditionalInline_ex(der->buffer, &inOutIdx, der->length, &algId); + if (ret >= 0) { + ret = 0; /* good DER */ + } + } + + if (ret == 0) { + pkcs8 = wolfSSL_EVP_PKEY_new(); + if (pkcs8 == NULL) + ret = MEMORY_E; + } + if (ret == 0) { + pkcs8->pkey.ptr = (char*)XMALLOC(der->length, NULL, + DYNAMIC_TYPE_PUBLIC_KEY); + if (pkcs8->pkey.ptr == NULL) + ret = MEMORY_E; + } + if (ret == 0) { + XMEMCPY(pkcs8->pkey.ptr, der->buffer, der->length); + pkcs8->pkey_sz = der->length; + } + + FreeDer(&der); + if (ret != 0) { + wolfSSL_EVP_PKEY_free(pkcs8); + pkcs8 = NULL; + } + if (pkey != NULL) { + *pkey = pkcs8; + } + +#else + (void)bio; + (void)pkey; +#endif /* WOLFSSL_PEM_TO_DER */ + + return pkcs8; +} + + #ifndef NO_BIO /* put SSL type in extra for now, not very common */ @@ -7887,10 +7953,8 @@ WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY_bio(WOLFSSL_BIO* bio, #ifdef WOLFSSL_PEM_TO_DER unsigned char* mem = NULL; int memSz; - int keySz; - word32 algId; - WOLFSSL_MSG("wolfSSL_d2i_PKCS8_PKEY_bio()"); + WOLFSSL_ENTER("wolfSSL_d2i_PKCS8_PKEY_bio"); if (bio == NULL) { return NULL; @@ -7900,30 +7964,7 @@ WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY_bio(WOLFSSL_BIO* bio, return NULL; } - if ((keySz = wc_KeyPemToDer(mem, memSz, mem, memSz, NULL)) < 0) { - WOLFSSL_MSG("Not PEM format"); - keySz = memSz; - if ((keySz = ToTraditional_ex((byte*)mem, (word32)keySz, &algId)) < 0) { - return NULL; - } - } - - pkcs8 = wolfSSL_EVP_PKEY_new(); - if (pkcs8 == NULL) { - return NULL; - } - - pkcs8->pkey.ptr = (char*)XMALLOC(keySz, NULL, DYNAMIC_TYPE_PUBLIC_KEY); - if (pkcs8->pkey.ptr == NULL) { - wolfSSL_EVP_PKEY_free(pkcs8); - return NULL; - } - XMEMCPY(pkcs8->pkey.ptr, mem, keySz); - pkcs8->pkey_sz = keySz; - - if (pkey != NULL) { - *pkey = pkcs8; - } + pkcs8 = wolfSSL_d2i_PKCS8_PKEY(pkey, (const unsigned char**)&mem, memSz); #else (void)bio; (void)pkey; @@ -8576,6 +8617,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_id(int type, WOLFSSL_EVP_PKEY** out, #ifndef NO_CERTS +#ifndef NO_CHECK_PRIVATE_KEY int wolfSSL_check_private_key(const WOLFSSL* ssl) { DecodedCert der; @@ -8657,6 +8699,7 @@ int wolfSSL_check_private_key(const WOLFSSL* ssl) FreeDecodedCert(&der); return ret; } +#endif /* !NO_CHECK_PRIVATE_KEY */ #if defined(OPENSSL_ALL) unsigned int wolfSSL_X509_get_extension_flags(WOLFSSL_X509* x509) @@ -19271,7 +19314,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, ssl->devId) != 0) { return WOLFSSL_FAILURE; } - #if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) + #ifdef WOLFSSL_HASH_FLAGS wc_Md5SetFlags(&ssl->hsHashes->hashMd5, WC_HASH_FLAG_WILLCOPY); #endif #endif @@ -19280,7 +19323,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, ssl->devId) != 0) { return WOLFSSL_FAILURE; } - #if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) + #ifdef WOLFSSL_HASH_FLAGS wc_ShaSetFlags(&ssl->hsHashes->hashSha, WC_HASH_FLAG_WILLCOPY); #endif #endif @@ -19290,7 +19333,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, ssl->devId) != 0) { return WOLFSSL_FAILURE; } - #if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) + #ifdef WOLFSSL_HASH_FLAGS wc_Sha256SetFlags(&ssl->hsHashes->hashSha256, WC_HASH_FLAG_WILLCOPY); #endif #endif @@ -19299,7 +19342,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, ssl->devId) != 0) { return WOLFSSL_FAILURE; } - #if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) + #ifdef WOLFSSL_HASH_FLAGS wc_Sha384SetFlags(&ssl->hsHashes->hashSha384, WC_HASH_FLAG_WILLCOPY); #endif #endif @@ -19308,7 +19351,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, ssl->devId) != 0) { return WOLFSSL_FAILURE; } - #if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) + #ifdef WOLFSSL_HASH_FLAGS wc_Sha512SetFlags(&ssl->hsHashes->hashSha512, WC_HASH_FLAG_WILLCOPY); #endif #endif @@ -36822,9 +36865,9 @@ int wolfSSL_ECDSA_size(const WOLFSSL_EC_KEY *key) 2; } -int wolfSSL_ECDSA_sign(int type, const unsigned char *digest, - int digestSz, unsigned char *sig, - unsigned int *sigSz, WOLFSSL_EC_KEY *key) +int wolfSSL_ECDSA_sign(int type, + const unsigned char *digest, int digestSz, + unsigned char *sig, unsigned int *sigSz, WOLFSSL_EC_KEY *key) { int ret = WOLFSSL_SUCCESS; WC_RNG* rng = NULL; @@ -36861,7 +36904,8 @@ int wolfSSL_ECDSA_sign(int type, const unsigned char *digest, } } if (rng) { - if (wc_ecc_sign_hash(digest, digestSz, sig, sigSz, rng, (ecc_key*)key->internal) != MP_OKAY) { + if (wc_ecc_sign_hash(digest, digestSz, sig, sigSz, rng, + (ecc_key*)key->internal) != 0) { ret = WOLFSSL_FAILURE; } if (initTmpRng) { @@ -36880,6 +36924,32 @@ int wolfSSL_ECDSA_sign(int type, const unsigned char *digest, return ret; } +int wolfSSL_ECDSA_verify(int type, + const unsigned char *digest, int digestSz, + const unsigned char *sig, int sigSz, WOLFSSL_EC_KEY *key) +{ + int ret = WOLFSSL_SUCCESS; + int verify = 0; + + WOLFSSL_ENTER("wolfSSL_ECDSA_verify"); + + if (key == NULL) { + return WOLFSSL_FAILURE; + } + + if (wc_ecc_verify_hash(sig, sigSz, digest, digestSz, + &verify, (ecc_key*)key->internal) != 0) { + ret = WOLFSSL_FAILURE; + } + if (ret == WOLFSSL_SUCCESS && verify != 1) { + WOLFSSL_MSG("wolfSSL_ECDSA_verify failed"); + ret = WOLFSSL_FAILURE; + } + + (void)type; + return ret; +} + #ifndef HAVE_SELFTEST /* ECC point compression types were not included in selftest ecc.h */ @@ -44827,10 +44897,15 @@ err: return WOLFSSL_FAILURE; } + #ifndef NO_CHECK_PRIVATE_KEY return wc_CheckPrivateKey((byte*)key->pkey.ptr, key->pkey_sz, x509->pubKey.buffer, x509->pubKey.length, (enum Key_Sum)x509->pubKeyOID) == 1 ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE; + #else + /* not compiled in */ + return WOLFSSL_SUCCESS; + #endif } /* wolfSSL uses negative values for error states. This function returns an @@ -46218,6 +46293,11 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_bio(WOLFSSL_BIO* bio, } #endif /* !NO_BIO */ +#endif /* OPENSSL_ALL || WOLFSSL_ASIO || WOLFSSL_HAPROXY || WOLFSSL_QT */ + + +#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) || \ + defined(WOLFSSL_NGINX) || defined(WOLFSSL_QT) || defined(WOLFSSL_WPAS_SMALL) /* Converts a DER encoded private key to a WOLFSSL_EVP_PKEY structure. * returns a pointer to a new WOLFSSL_EVP_PKEY structure on success and NULL @@ -46326,7 +46406,8 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_EVP(WOLFSSL_EVP_PKEY** out, #endif /* HAVE_ECC */ return pkey; } -#endif /* OPENSSL_ALL || WOLFSSL_ASIO || WOLFSSL_HAPROXY || WOLFSSL_QT */ + +#endif /* OPENSSL_ALL || WOLFSSL_ASIO || WOLFSSL_HAPROXY || WOLFSSL_QT || WOLFSSL_WPAS_SMALL*/ /* stunnel compatibility functions*/ @@ -51268,67 +51349,63 @@ int wolfSSL_RSA_public_encrypt(int len, const unsigned char* fr, #if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA) int mgf = WC_MGF1NONE; enum wc_HashType hash = WC_HASH_TYPE_NONE; + int pad_type; #endif - WOLFSSL_MSG("wolfSSL_RSA_public_encrypt"); + WOLFSSL_ENTER("RSA_public_encrypt"); - /* Check and remap the padding to internal values, if needed. */ #if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA) - if (padding == RSA_PKCS1_PADDING) - padding = WC_RSA_PKCSV15_PAD; - else if (padding == RSA_PKCS1_OAEP_PADDING) { - padding = WC_RSA_OAEP_PAD; + switch (padding) { + case RSA_PKCS1_PADDING: + pad_type = WC_RSA_PKCSV15_PAD; + break; + case RSA_PKCS1_OAEP_PADDING: + pad_type = WC_RSA_OAEP_PAD; hash = WC_HASH_TYPE_SHA; mgf = WC_MGF1SHA1; - } - else if (padding == RSA_PKCS1_PSS_PADDING) { - padding = WC_RSA_PSS_PAD; + break; + case RSA_PKCS1_PSS_PADDING: + pad_type = WC_RSA_PSS_PAD; hash = WC_HASH_TYPE_SHA256; mgf = WC_MGF1SHA256; + break; + case RSA_NO_PADDING: + pad_type = WC_RSA_NO_PAD; + break; + default: + WOLFSSL_MSG("RSA_public_encrypt unsupported padding"); + return WOLFSSL_FAILURE; } - else if (padding == RSA_NO_PADDING) { - padding = WC_RSA_NO_PAD; - } -#else - if (padding == RSA_PKCS1_PADDING) - ; #endif - else { - WOLFSSL_MSG("wolfSSL_RSA_public_encrypt unsupported padding"); - return 0; - } - if (rsa->inSet == 0) - { + if (rsa->inSet == 0) { if (SetRsaInternal(rsa) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("SetRsaInternal failed"); - return 0; + return WOLFSSL_FAILURE; } } outLen = wolfSSL_RSA_size(rsa); - - rng = WOLFSSL_RSA_GetRNG(rsa, (WC_RNG**)&tmpRNG, &initTmpRng); - if (outLen == 0) { WOLFSSL_MSG("Bad RSA size"); } + rng = WOLFSSL_RSA_GetRNG(rsa, (WC_RNG**)&tmpRNG, &initTmpRng); if (rng) { #if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA) ret = wc_RsaPublicEncrypt_ex(fr, len, to, outLen, - (RsaKey*)rsa->internal, rng, padding, + (RsaKey*)rsa->internal, rng, pad_type, hash, mgf, NULL, 0); #else - ret = wc_RsaPublicEncrypt(fr, len, to, outLen, - (RsaKey*)rsa->internal, rng); + if (padding == RSA_PKCS1_PADDING) { + ret = wc_RsaPublicEncrypt(fr, len, to, outLen, + (RsaKey*)rsa->internal, rng); + } + else { + WOLFSSL_MSG("RSA_public_encrypt pad type not supported in FIPS"); + ret = WOLFSSL_FAILURE; + } #endif - if (ret <= 0) { - WOLFSSL_MSG("Bad Rsa Encrypt"); - } - if (len <= 0) { - WOLFSSL_MSG("Bad Rsa Encrypt"); - } } if (initTmpRng) @@ -51338,18 +51415,16 @@ int wolfSSL_RSA_public_encrypt(int len, const unsigned char* fr, XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif - if (ret >= 0) - WOLFSSL_MSG("wolfSSL_RSA_public_encrypt success"); - else { - WOLFSSL_MSG("wolfSSL_RSA_public_encrypt failed"); - ret = WOLFSSL_FATAL_ERROR; /* return -1 on error case */ + WOLFSSL_LEAVE("RSA_public_encrypt", ret); + + if (ret <= 0) { + ret = WOLFSSL_FAILURE; } return ret; } - /* return compliant with OpenSSL * size of plain recovered data if success , -1 if error */ @@ -51361,40 +51436,39 @@ int wolfSSL_RSA_private_decrypt(int len, const unsigned char* fr, #if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA) int mgf = WC_MGF1NONE; enum wc_HashType hash = WC_HASH_TYPE_NONE; + int pad_type; #endif - WOLFSSL_MSG("wolfSSL_RSA_private_decrypt"); + WOLFSSL_ENTER("RSA_private_decrypt"); #if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA) - if (padding == RSA_PKCS1_PADDING) - padding = WC_RSA_PKCSV15_PAD; - else if (padding == RSA_PKCS1_OAEP_PADDING) { - padding = WC_RSA_OAEP_PAD; + switch (padding) { + case RSA_PKCS1_PADDING: + pad_type = WC_RSA_PKCSV15_PAD; + break; + case RSA_PKCS1_OAEP_PADDING: + pad_type = WC_RSA_OAEP_PAD; hash = WC_HASH_TYPE_SHA; mgf = WC_MGF1SHA1; - } - else if (padding == RSA_PKCS1_PSS_PADDING) { - padding = WC_RSA_PSS_PAD; + break; + case RSA_PKCS1_PSS_PADDING: + pad_type = WC_RSA_PSS_PAD; hash = WC_HASH_TYPE_SHA256; mgf = WC_MGF1SHA256; + break; + case RSA_NO_PADDING: + pad_type = WC_RSA_NO_PAD; + break; + default: + WOLFSSL_MSG("RSA_private_decrypt unsupported padding"); + return WOLFSSL_FAILURE; } - else if (padding == RSA_NO_PADDING) { - padding = WC_RSA_NO_PAD; - } -#else - if (padding == RSA_PKCS1_PADDING) - ; #endif - else { - WOLFSSL_MSG("wolfSSL_RSA_private_decrypt unsupported padding"); - return 0; - } - if (rsa->inSet == 0) - { + if (rsa->inSet == 0) { if (SetRsaInternal(rsa) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("SetRsaInternal failed"); - return 0; + return WOLFSSL_FAILURE; } } @@ -51406,41 +51480,45 @@ int wolfSSL_RSA_private_decrypt(int len, const unsigned char* fr, /* size of 'to' buffer must be size of RSA key */ #if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA) ret = wc_RsaPrivateDecrypt_ex(fr, len, to, outLen, - (RsaKey*)rsa->internal, padding, + (RsaKey*)rsa->internal, pad_type, hash, mgf, NULL, 0); #else - ret = wc_RsaPrivateDecrypt(fr, len, to, outLen, - (RsaKey*)rsa->internal); + if (padding == RSA_PKCS1_PADDING) { + ret = wc_RsaPrivateDecrypt(fr, len, to, outLen, + (RsaKey*)rsa->internal); + } + else { + WOLFSSL_MSG("RSA_private_decrypt pad type not supported in FIPS"); + ret = WOLFSSL_FAILURE; + } #endif - if (len <= 0) { - WOLFSSL_MSG("Bad Rsa Decrypt"); + if (ret <= 0) { + ret = WOLFSSL_FAILURE; } + WOLFSSL_LEAVE("RSA_private_decrypt", ret); - if (ret > 0) - WOLFSSL_MSG("wolfSSL_RSA_private_decrypt success"); - else { - WOLFSSL_MSG("wolfSSL_RSA_private_decrypt failed"); - ret = WOLFSSL_FATAL_ERROR; - } return ret; } -#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \ - (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2)) int wolfSSL_RSA_public_decrypt(int flen, const unsigned char* from, unsigned char* to, WOLFSSL_RSA* rsa, int padding) { - int tlen = 0; + int ret = 0; +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2)) int pad_type; +#endif - WOLFSSL_ENTER("wolfSSL_RSA_public_decrypt"); + WOLFSSL_ENTER("RSA_public_decrypt"); if (rsa == NULL || rsa->internal == NULL || from == NULL) { WOLFSSL_MSG("Bad function arguments"); return WOLFSSL_FAILURE; } +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2)) switch (padding) { case RSA_PKCS1_PADDING: pad_type = WC_RSA_PKCSV15_PAD; @@ -51455,12 +51533,12 @@ int wolfSSL_RSA_public_decrypt(int flen, const unsigned char* from, pad_type = WC_RSA_NO_PAD; break; default: - WOLFSSL_MSG("wolfSSL_RSA_public_decrypt unsupported padding"); + WOLFSSL_MSG("RSA_public_decrypt unsupported padding"); return WOLFSSL_FAILURE; } +#endif - if (rsa->inSet == 0) - { + if (rsa->inSet == 0) { WOLFSSL_MSG("No RSA internal set, do it"); if (SetRsaInternal(rsa) != WOLFSSL_SUCCESS) { @@ -51469,17 +51547,30 @@ int wolfSSL_RSA_public_decrypt(int flen, const unsigned char* from, } } +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2)) /* size of 'to' buffer must be size of RSA key */ - tlen = wc_RsaSSL_Verify_ex(from, flen, to, wolfSSL_RSA_size(rsa), + ret = wc_RsaSSL_Verify_ex(from, flen, to, wolfSSL_RSA_size(rsa), (RsaKey*)rsa->internal, pad_type); - if (tlen <= 0) - WOLFSSL_MSG("wolfSSL_RSA_public_decrypt failed"); - else { - WOLFSSL_MSG("wolfSSL_RSA_public_decrypt success"); +#else + /* For FIPS v1/v2 only PKCSV15 padding is supported */ + if (padding == RSA_PKCS1_PADDING) { + ret = wc_RsaSSL_Verify(from, flen, to, wolfSSL_RSA_size(rsa), + (RsaKey*)rsa->internal); } - return tlen; + else { + WOLFSSL_MSG("RSA_public_decrypt pad type not supported in FIPS"); + ret = WOLFSSL_FAILURE; + } +#endif + + WOLFSSL_LEAVE("RSA_public_decrypt", ret); + + if (ret <= 0) { + ret = WOLFSSL_FAILURE; + } + return ret; } -#endif /* !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) */ /* RSA private encrypt calls wc_RsaSSL_Sign. Similar function set up as RSA * public decrypt. diff --git a/tests/api.c b/tests/api.c index fad880d66..7a9a69f5f 100644 --- a/tests/api.c +++ b/tests/api.c @@ -2637,10 +2637,9 @@ static void test_ECDSA_size_sign(void) EC_KEY *key; int id; byte hash[WC_MAX_DIGEST_SIZE]; - byte sig[ECC_BUFSIZE]; + byte sig[ECC_MAX_SIG_SIZE]; unsigned int sigSz = sizeof(sig); - XMEMSET(hash, 123, sizeof(hash)); id = wc_ecc_get_curve_id_from_name("SECP256R1"); @@ -2650,6 +2649,8 @@ static void test_ECDSA_size_sign(void) AssertIntEQ(EC_KEY_generate_key(key), 1); AssertIntEQ(ECDSA_sign(0, hash, sizeof(hash), sig, &sigSz, key), 1); AssertIntGE(ECDSA_size(key), sigSz); + AssertIntEQ(ECDSA_verify(0, hash, sizeof(hash), sig, sigSz, key), 1); + EC_KEY_free(key); #endif /* HAVE_ECC && !NO_ECC256 && !NO_ECC_SECP */ @@ -9340,8 +9341,7 @@ static int test_wc_Sha256FinalRaw (void) static int test_wc_Sha256GetFlags (void) { int flag = 0; -#if !defined(NO_SHA256) && \ - (defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)) +#if !defined(NO_SHA256) && defined(WOLFSSL_HASH_FLAGS) wc_Sha256 sha256; word32 flags = 0; @@ -9796,8 +9796,7 @@ static int test_wc_Sha512Final (void) static int test_wc_Sha512GetFlags (void) { int flag = 0; -#if defined(WOLFSSL_SHA512) && \ - (defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)) +#if defined(WOLFSSL_SHA512) && defined(WOLFSSL_HASH_FLAGS) wc_Sha512 sha512; word32 flags = 0; @@ -10221,8 +10220,7 @@ static int test_wc_Sha512_224GetFlags (void) { int flag = 0; #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) -#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) && \ - (defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)) +#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) && defined(WOLFSSL_HASH_FLAGS) wc_Sha512 sha512, copy; word32 flags = 0; @@ -10490,8 +10488,7 @@ static int test_wc_Sha512_256GetFlags (void) { int flag = 0; #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) -#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) && \ - (defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)) +#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) && defined(WOLFSSL_HASH_FLAGS) wc_Sha512 sha512, copy; word32 flags = 0; @@ -10834,8 +10831,7 @@ static int test_wc_Sha384Final (void) static int test_wc_Sha384GetFlags (void) { int flag = 0; -#if defined(WOLFSSL_SHA384) && \ - (defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)) +#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_HASH_FLAGS) wc_Sha384 sha384; word32 flags = 0; @@ -11261,8 +11257,7 @@ static int test_wc_Sha224Final (void) static int test_wc_Sha224SetFlags (void) { int flag = 0; -#if defined(WOLFSSL_SHA224) && \ - (defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)) +#if defined(WOLFSSL_SHA224) && defined(WOLFSSL_HASH_FLAGS) wc_Sha224 sha224; word32 flags = 0; @@ -11294,8 +11289,7 @@ static int test_wc_Sha224SetFlags (void) static int test_wc_Sha224GetFlags (void) { int flag = 0; -#if defined(WOLFSSL_SHA224) && \ - (defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)) +#if defined(WOLFSSL_SHA224) && defined(WOLFSSL_HASH_FLAGS) wc_Sha224 sha224; word32 flags = 0; @@ -12565,8 +12559,7 @@ static int test_wc_Sha3_512_Copy (void) static int test_wc_Sha3_GetFlags (void) { int ret = 0; -#if defined(WOLFSSL_SHA3) && \ - (defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)) +#if defined(WOLFSSL_SHA3) && defined(WOLFSSL_HASH_FLAGS) wc_Sha3 sha3; word32 flags = 0; @@ -28683,7 +28676,7 @@ static int test_wc_HashInit(void) static int test_wc_HashSetFlags(void) { int ret = 0; -#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) +#ifdef WOLFSSL_HASH_FLAGS wc_HashAlg hash; word32 flags = 0; int i, j; @@ -28785,7 +28778,7 @@ static int test_wc_HashSetFlags(void) static int test_wc_HashGetFlags(void) { int ret = 0; -#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) +#ifdef WOLFSSL_HASH_FLAGS wc_HashAlg hash; word32 flags = 0; int i, j; @@ -29418,15 +29411,19 @@ static void test_wolfSSL_certs(void) #endif AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM)); AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM)); - #ifndef HAVE_USER_RSA AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM)); + #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY) AssertIntEQ(SSL_CTX_check_private_key(ctx), SSL_FAILURE); + #endif AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM)); + #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY) AssertIntEQ(SSL_CTX_check_private_key(ctx), SSL_SUCCESS); #endif AssertNotNull(ssl = SSL_new(ctx)); - + + #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY) AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS); + #endif #ifdef HAVE_PK_CALLBACKS AssertIntEQ((int)SSL_set_tlsext_debug_arg(ssl, NULL), WOLFSSL_SUCCESS); @@ -29441,7 +29438,7 @@ static void test_wolfSSL_certs(void) AssertNotNull(x509ext); AssertIntEQ(SSL_use_certificate(ssl, x509ext), WOLFSSL_SUCCESS); - #ifndef HAVE_USER_RSA + #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY) /* with loading in a new cert the check on private key should now fail */ AssertIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS); #endif @@ -29627,7 +29624,7 @@ static void test_wolfSSL_certs(void) static void test_wolfSSL_X509_check_private_key(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) && \ - defined(USE_CERT_BUFFERS_2048) + defined(USE_CERT_BUFFERS_2048) && !defined(NO_CHECK_PRIVATE_KEY) X509* x509; EVP_PKEY* pkey = NULL; const byte* key; @@ -29817,12 +29814,18 @@ static void test_wolfSSL_private_keys(void) AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM)); /* Have to load a cert before you can check the private key against that * certificates public key! */ + #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY) AssertIntEQ(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_FAILURE); + #endif AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM)); + #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY) AssertIntEQ(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_SUCCESS); + #endif AssertNotNull(ssl = SSL_new(ctx)); + #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY) AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS); + #endif #ifdef USE_CERT_BUFFERS_2048 { @@ -29833,33 +29836,36 @@ static void test_wolfSSL_private_keys(void) AssertIntEQ(SSL_use_RSAPrivateKey_ASN1(ssl, (unsigned char*)client_key_der_2048, sizeof_client_key_der_2048), WOLFSSL_SUCCESS); -#ifndef HAVE_USER_RSA + #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY) /* Should mismatch now that a different private key loaded */ AssertIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS); -#endif + #endif AssertIntEQ(SSL_use_PrivateKey_ASN1(0, ssl, (unsigned char*)server_key, sizeof_server_key_der_2048), WOLFSSL_SUCCESS); + #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY) /* After loading back in DER format of original key, should match */ AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS); + #endif /* test loading private key to the WOLFSSL_CTX */ AssertIntEQ(SSL_CTX_use_PrivateKey_ASN1(0, ctx, (unsigned char*)client_key_der_2048, sizeof_client_key_der_2048), WOLFSSL_SUCCESS); -#ifndef NO_CHECK_PRIVATE_KEY -#ifndef HAVE_USER_RSA + + #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY) /* Should mismatch now that a different private key loaded */ AssertIntNE(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_SUCCESS); -#endif + #endif AssertIntEQ(SSL_CTX_use_PrivateKey_ASN1(0, ctx, (unsigned char*)server_key, sizeof_server_key_der_2048), WOLFSSL_SUCCESS); + #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY) /* After loading back in DER format of original key, should match */ AssertIntEQ(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_SUCCESS); -#endif /* !NO_CHECK_PRIVATE_KEY */ + #endif /* pkey not set yet, expecting to fail */ AssertIntEQ(SSL_use_PrivateKey(ssl, pkey), WOLFSSL_FAILURE); @@ -29907,7 +29913,9 @@ static void test_wolfSSL_private_keys(void) WOLFSSL_FILETYPE_PEM)); AssertNotNull(ssl = SSL_new(ctx)); + #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY) AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS); + #endif SSL_free(ssl); @@ -29915,7 +29923,9 @@ static void test_wolfSSL_private_keys(void) WOLFSSL_FILETYPE_PEM)); AssertNotNull(ssl = SSL_new(ctx)); + #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY) AssertIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS); + #endif SSL_free(ssl); SSL_CTX_free(ctx); @@ -29933,7 +29943,9 @@ static void test_wolfSSL_private_keys(void) WOLFSSL_FILETYPE_PEM)); AssertNotNull(ssl = SSL_new(ctx)); + #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY) AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS); + #endif SSL_free(ssl); @@ -29941,7 +29953,9 @@ static void test_wolfSSL_private_keys(void) WOLFSSL_FILETYPE_PEM)); AssertNotNull(ssl = SSL_new(ctx)); + #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY) AssertIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS); + #endif SSL_free(ssl); SSL_CTX_free(ctx); @@ -29959,7 +29973,9 @@ static void test_wolfSSL_private_keys(void) WOLFSSL_FILETYPE_PEM)); AssertNotNull(ssl = SSL_new(ctx)); + #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY) AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS); + #endif SSL_free(ssl); @@ -29967,7 +29983,9 @@ static void test_wolfSSL_private_keys(void) WOLFSSL_FILETYPE_PEM)); AssertNotNull(ssl = SSL_new(ctx)); + #if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY) AssertIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS); + #endif SSL_free(ssl); SSL_CTX_free(ctx); diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 1d30b02ce..0c49018be 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -7590,6 +7590,25 @@ int wolfSSL_EVP_PKEY_get_default_digest_nid(WOLFSSL_EVP_PKEY *pkey, int *pnid) } } +#if defined(OPENSSL_ALL) || defined(WOLFSSL_WPAS_SMALL) +WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKCS82PKEY(const WOLFSSL_PKCS8_PRIV_KEY_INFO* p8) +{ + if (p8 == NULL || p8->pkey.ptr == NULL) { + return NULL; + } + + return wolfSSL_d2i_PrivateKey_EVP(NULL, (unsigned char**)&p8->pkey.ptr, + p8->pkey_sz); +} + +/* in wolf PKCS8_PRIV_KEY_INFO and WOLFSSL_EVP_PKEY are same type */ +/* this function just casts and returns pointer */ +WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_EVP_PKEY2PKCS8(const WOLFSSL_EVP_PKEY* pkey) +{ + return (WOLFSSL_PKCS8_PRIV_KEY_INFO*)pkey; +} +#endif + /* increments ref count of WOLFSSL_EVP_PKEY. Return 1 on success, 0 on error */ int wolfSSL_EVP_PKEY_up_ref(WOLFSSL_EVP_PKEY* pkey) { diff --git a/wolfcrypt/src/hash.c b/wolfcrypt/src/hash.c index c34ef0528..50ca1e208 100644 --- a/wolfcrypt/src/hash.c +++ b/wolfcrypt/src/hash.c @@ -996,7 +996,7 @@ int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type) return ret; } -#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) +#ifdef WOLFSSL_HASH_FLAGS int wc_HashSetFlags(wc_HashAlg* hash, enum wc_HashType type, word32 flags) { int ret = HASH_TYPE_E; /* Default to hash type error */ @@ -1127,7 +1127,7 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags) return ret; } -#endif +#endif /* WOLFSSL_HASH_FLAGS */ #if !defined(WOLFSSL_TI_HASH) diff --git a/wolfcrypt/src/md5.c b/wolfcrypt/src/md5.c index f0868da05..88e6d334d 100644 --- a/wolfcrypt/src/md5.c +++ b/wolfcrypt/src/md5.c @@ -303,7 +303,7 @@ static int _InitMd5(wc_Md5* md5) md5->buffLen = 0; md5->loLen = 0; md5->hiLen = 0; -#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) +#ifdef WOLFSSL_HASH_FLAGS md5->flags = 0; #endif @@ -545,7 +545,7 @@ int wc_Md5Copy(wc_Md5* src, wc_Md5* dst) #ifdef WOLFSSL_PIC32MZ_HASH ret = wc_Pic32HashCopy(&src->cache, &dst->cache); #endif -#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) +#ifdef WOLFSSL_HASH_FLAGS dst->flags |= WC_HASH_FLAG_ISCOPY; #endif @@ -565,7 +565,7 @@ int wc_Md5Transform(wc_Md5* md5, const byte* data) return Transform(md5, data); } #endif -#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) +#ifdef WOLFSSL_HASH_FLAGS int wc_Md5SetFlags(wc_Md5* md5, word32 flags) { if (md5) { diff --git a/wolfcrypt/src/port/arm/armv8-sha256.c b/wolfcrypt/src/port/arm/armv8-sha256.c index d2acf9edb..05da4cd91 100644 --- a/wolfcrypt/src/port/arm/armv8-sha256.c +++ b/wolfcrypt/src/port/arm/armv8-sha256.c @@ -1390,7 +1390,7 @@ int wc_Sha256GetHash(wc_Sha256* sha256, byte* hash) return ret; } -#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) +#ifdef WOLFSSL_HASH_FLAGS int wc_Sha256SetFlags(wc_Sha256* sha256, word32 flags) { if (sha256) { @@ -1532,7 +1532,7 @@ int wc_Sha256Transform(wc_Sha256* sha256, const unsigned char* data) return ret; } -#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) +#ifdef WOLFSSL_HASH_FLAGS int wc_Sha224SetFlags(wc_Sha224* sha224, word32 flags) { if (sha224) { diff --git a/wolfcrypt/src/port/arm/armv8-sha512.c b/wolfcrypt/src/port/arm/armv8-sha512.c index d9db65aa6..c6c0147da 100644 --- a/wolfcrypt/src/port/arm/armv8-sha512.c +++ b/wolfcrypt/src/port/arm/armv8-sha512.c @@ -67,7 +67,7 @@ static int InitSha512(wc_Sha512* sha512) sha512->buffLen = 0; sha512->loLen = 0; sha512->hiLen = 0; -#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) +#ifdef WOLFSSL_HASH_FLAGS sha512->flags = 0; #endif @@ -99,7 +99,7 @@ static int InitSha512_224(wc_Sha512* sha512) sha512->buffLen = 0; sha512->loLen = 0; sha512->hiLen = 0; -#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) +#ifdef WOLFSSL_HASH_FLAGS sha512->flags = 0; #endif @@ -133,7 +133,7 @@ static int InitSha512_256(wc_Sha512* sha512) sha512->buffLen = 0; sha512->loLen = 0; sha512->hiLen = 0; -#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) +#ifdef WOLFSSL_HASH_FLAGS sha512->flags = 0; #endif @@ -693,7 +693,7 @@ static int InitSha384(wc_Sha384* sha384) sha384->buffLen = 0; sha384->loLen = 0; sha384->hiLen = 0; -#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) +#ifdef WOLFSSL_HASH_FLAGS sha384->flags = 0; #endif @@ -856,14 +856,14 @@ int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst) dst->W = NULL; #endif -#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) +#ifdef WOLFSSL_HASH_FLAGS dst->flags |= WC_HASH_FLAG_ISCOPY; #endif return ret; } -#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) +#ifdef WOLFSSL_HASH_FLAGS int wc_Sha512SetFlags(wc_Sha512* sha512, word32 flags) { if (sha512) { @@ -912,7 +912,7 @@ int wc_Sha512_224Copy(wc_Sha512* src, wc_Sha512* dst) return wc_Sha512Copy(src, dst); } -#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) +#ifdef WOLFSSL_HASH_FLAGS int wc_Sha512_224SetFlags(wc_Sha512* sha, word32 flags) { return wc_Sha512SetFlags(sha, flags); @@ -921,7 +921,7 @@ int wc_Sha512_224GetFlags(wc_Sha512* sha, word32* flags) { return wc_Sha512GetFlags(sha, flags); } -#endif /* WOLFSSL_HASH_FLAGS || WOLF_CRYPTO_CB */ +#endif /* WOLFSSL_HASH_FLAGS */ #if defined(OPENSSL_EXTRA) int wc_Sha512_224Transform(wc_Sha512* sha, const unsigned char* data) @@ -962,7 +962,7 @@ int wc_Sha512_256Copy(wc_Sha512* src, wc_Sha512* dst) return wc_Sha512Copy(src, dst); } -#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) +#ifdef WOLFSSL_HASH_FLAGS int wc_Sha512_256SetFlags(wc_Sha512* sha, word32 flags) { return wc_Sha512SetFlags(sha, flags); @@ -971,7 +971,7 @@ int wc_Sha512_256GetFlags(wc_Sha512* sha, word32* flags) { return wc_Sha512GetFlags(sha, flags); } -#endif /* WOLFSSL_HASH_FLAGS || WOLF_CRYPTO_CB */ +#endif /* WOLFSSL_HASH_FLAGS */ #if defined(OPENSSL_EXTRA) int wc_Sha512_256Transform(wc_Sha512* sha, const unsigned char* data) @@ -1013,14 +1013,14 @@ int wc_Sha384Copy(wc_Sha384* src, wc_Sha384* dst) dst->W = NULL; #endif -#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) +#ifdef WOLFSSL_HASH_FLAGS dst->flags |= WC_HASH_FLAG_ISCOPY; #endif return ret; } -#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) +#ifdef WOLFSSL_HASH_FLAGS int wc_Sha384SetFlags(wc_Sha384* sha384, word32 flags) { if (sha384) { diff --git a/wolfcrypt/src/port/nxp/dcp_port.c b/wolfcrypt/src/port/nxp/dcp_port.c index f00089409..fab43607f 100644 --- a/wolfcrypt/src/port/nxp/dcp_port.c +++ b/wolfcrypt/src/port/nxp/dcp_port.c @@ -386,7 +386,7 @@ int wc_Sha256Final(wc_Sha256* sha256, byte* hash) return ret; } -#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) +#ifdef WOLFSSL_HASH_FLAGS int wc_Sha256SetFlags(wc_Sha256* sha256, word32 flags) { if (sha256) { @@ -401,7 +401,7 @@ int wc_Sha256GetFlags(wc_Sha256* sha256, word32* flags) } return 0; } -#endif /* WOLFSSL_HASH_FLAGS || WOLF_CRYPTO_CB */ +#endif /* WOLFSSL_HASH_FLAGS */ int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst) { @@ -498,7 +498,7 @@ int wc_ShaFinal(wc_Sha* sha, byte* hash) return ret; } -#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) +#ifdef WOLFSSL_HASH_FLAGS int wc_ShaSetFlags(wc_Sha* sha, word32 flags) { if (sha) { @@ -513,7 +513,7 @@ int wc_ShaGetFlags(wc_Sha* sha, word32* flags) } return 0; } -#endif /* WOLFSSL_HASH_FLAGS || WOLF_CRYPTO_CB */ +#endif /* WOLFSSL_HASH_FLAGS */ int wc_ShaCopy(wc_Sha* src, wc_Sha* dst) { diff --git a/wolfcrypt/src/sha.c b/wolfcrypt/src/sha.c index 3952200c1..c5b46d5e5 100644 --- a/wolfcrypt/src/sha.c +++ b/wolfcrypt/src/sha.c @@ -389,7 +389,7 @@ sha->buffLen = 0; sha->loLen = 0; sha->hiLen = 0; - #if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) + #ifdef WOLFSSL_HASH_FLAGS sha->flags = 0; #endif @@ -924,7 +924,7 @@ int wc_ShaCopy(wc_Sha* src, wc_Sha* dst) dst->ctx.isfirstblock = src->ctx.isfirstblock; dst->ctx.sha_type = src->ctx.sha_type; #endif -#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) +#ifdef WOLFSSL_HASH_FLAGS dst->flags |= WC_HASH_FLAG_ISCOPY; #endif return ret; @@ -933,7 +933,7 @@ int wc_ShaCopy(wc_Sha* src, wc_Sha* dst) #endif /* !WOLFSSL_TI_HASH && !WOLFSSL_IMXRT_DCP */ -#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) +#ifdef WOLFSSL_HASH_FLAGS int wc_ShaSetFlags(wc_Sha* sha, word32 flags) { if (sha) { diff --git a/wolfcrypt/src/sha256.c b/wolfcrypt/src/sha256.c index 21b956d55..f4042fa3f 100644 --- a/wolfcrypt/src/sha256.c +++ b/wolfcrypt/src/sha256.c @@ -207,7 +207,7 @@ static int InitSha256(wc_Sha256* sha256) sha256->buffLen = 0; sha256->loLen = 0; sha256->hiLen = 0; -#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) +#ifdef WOLFSSL_HASH_FLAGS sha256->flags = 0; #endif @@ -1497,7 +1497,7 @@ static int InitSha256(wc_Sha256* sha256) /* choose best Transform function under this runtime environment */ Sha256_SetTransform(); #endif - #if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) + #ifdef WOLFSSL_HASH_FLAGS sha224->flags = 0; #endif @@ -1715,7 +1715,7 @@ void wc_Sha256Free(wc_Sha256* sha256) #ifdef WOLFSSL_ASYNC_CRYPT ret = wolfAsync_DevCopy(&src->asyncDev, &dst->asyncDev); #endif - #if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) + #ifdef WOLFSSL_HASH_FLAGS dst->flags |= WC_HASH_FLAG_ISCOPY; #endif @@ -1724,7 +1724,7 @@ void wc_Sha256Free(wc_Sha256* sha256) #endif /* WOLFSSL_KCAPI_HASH && !WOLFSSL_NO_KCAPI_SHA224 */ -#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) +#ifdef WOLFSSL_HASH_FLAGS int wc_Sha224SetFlags(wc_Sha224* sha224, word32 flags) { if (sha224) { @@ -1821,7 +1821,7 @@ int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst) dst->ctx.isfirstblock = src->ctx.isfirstblock; dst->ctx.sha_type = src->ctx.sha_type; #endif -#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) +#ifdef WOLFSSL_HASH_FLAGS dst->flags |= WC_HASH_FLAG_ISCOPY; #endif @@ -1829,7 +1829,7 @@ int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst) } #endif -#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) +#ifdef WOLFSSL_HASH_FLAGS int wc_Sha256SetFlags(wc_Sha256* sha256, word32 flags) { if (sha256) { diff --git a/wolfcrypt/src/sha3.c b/wolfcrypt/src/sha3.c index ffa63bf57..531460e3e 100644 --- a/wolfcrypt/src/sha3.c +++ b/wolfcrypt/src/sha3.c @@ -599,7 +599,7 @@ static int InitSha3(wc_Sha3* sha3) for (i = 0; i < 25; i++) sha3->s[i] = 0; sha3->i = 0; -#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) +#ifdef WOLFSSL_HASH_FLAGS sha3->flags = 0; #endif @@ -844,7 +844,7 @@ static int wc_Sha3Copy(wc_Sha3* src, wc_Sha3* dst) #ifdef WOLFSSL_ASYNC_CRYPT ret = wolfAsync_DevCopy(&src->asyncDev, &dst->asyncDev); #endif -#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) +#ifdef WOLFSSL_HASH_FLAGS dst->flags |= WC_HASH_FLAG_ISCOPY; #endif @@ -1164,7 +1164,7 @@ int wc_Sha3_512_Copy(wc_Sha3* src, wc_Sha3* dst) return wc_Sha3Copy(src, dst); } -#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) +#ifdef WOLFSSL_HASH_FLAGS int wc_Sha3_SetFlags(wc_Sha3* sha3, word32 flags) { if (sha3) { diff --git a/wolfcrypt/src/sha512.c b/wolfcrypt/src/sha512.c index 1792cd626..e638b25d7 100644 --- a/wolfcrypt/src/sha512.c +++ b/wolfcrypt/src/sha512.c @@ -294,7 +294,7 @@ static int InitSha512(wc_Sha512* sha512) */ sha512->ctx.mode = ESP32_SHA_INIT; #endif -#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) +#ifdef WOLFSSL_HASH_FLAGS sha512->flags = 0; #endif return 0; @@ -341,7 +341,7 @@ static int InitSha512_224(wc_Sha512* sha512) */ sha512->ctx.mode = ESP32_SHA_INIT; #endif -#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) +#ifdef WOLFSSL_HASH_FLAGS sha512->flags = 0; #endif return 0; @@ -390,7 +390,7 @@ static int InitSha512_256(wc_Sha512* sha512) */ sha512->ctx.mode = ESP32_SHA_INIT; #endif -#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) +#ifdef WOLFSSL_HASH_FLAGS sha512->flags = 0; #endif return 0; @@ -1313,7 +1313,7 @@ static int InitSha384(wc_Sha384* sha384) sha384->ctx.mode = ESP32_SHA_INIT; #endif -#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) +#ifdef WOLFSSL_HASH_FLAGS sha384->flags = 0; #endif @@ -1538,7 +1538,7 @@ int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst) dst->ctx.isfirstblock = src->ctx.isfirstblock; dst->ctx.sha_type = src->ctx.sha_type; #endif -#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) +#ifdef WOLFSSL_HASH_FLAGS dst->flags |= WC_HASH_FLAG_ISCOPY; #endif @@ -1547,7 +1547,7 @@ int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst) #endif /* WOLFSSL_KCAPI_HASH */ -#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) +#ifdef WOLFSSL_HASH_FLAGS int wc_Sha512SetFlags(wc_Sha512* sha512, word32 flags) { if (sha512) { @@ -1562,7 +1562,7 @@ int wc_Sha512GetFlags(wc_Sha512* sha512, word32* flags) } return 0; } -#endif /* WOLFSSL_HASH_FLAGS || WOLF_CRYPTO_CB */ +#endif /* WOLFSSL_HASH_FLAGS */ #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) @@ -1611,7 +1611,7 @@ int wc_Sha512_224Copy(wc_Sha512* src, wc_Sha512* dst) } #endif -#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) +#ifdef WOLFSSL_HASH_FLAGS int wc_Sha512_224SetFlags(wc_Sha512* sha, word32 flags) { return wc_Sha512SetFlags(sha, flags); @@ -1620,7 +1620,7 @@ int wc_Sha512_224GetFlags(wc_Sha512* sha, word32* flags) { return wc_Sha512GetFlags(sha, flags); } -#endif /* WOLFSSL_HASH_FLAGS || WOLF_CRYPTO_CB */ +#endif /* WOLFSSL_HASH_FLAGS */ #if defined(OPENSSL_EXTRA) int wc_Sha512_224Transform(wc_Sha512* sha, const unsigned char* data) @@ -1673,7 +1673,7 @@ int wc_Sha512_256Copy(wc_Sha512* src, wc_Sha512* dst) } #endif -#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) +#ifdef WOLFSSL_HASH_FLAGS int wc_Sha512_256SetFlags(wc_Sha512* sha, word32 flags) { return wc_Sha512SetFlags(sha, flags); @@ -1682,7 +1682,7 @@ int wc_Sha512_256GetFlags(wc_Sha512* sha, word32* flags) { return wc_Sha512GetFlags(sha, flags); } -#endif /* WOLFSSL_HASH_FLAGS || WOLF_CRYPTO_CB */ +#endif /* WOLFSSL_HASH_FLAGS */ #if defined(OPENSSL_EXTRA) int wc_Sha512_256Transform(wc_Sha512* sha, const unsigned char* data) @@ -1756,7 +1756,7 @@ int wc_Sha384Copy(wc_Sha384* src, wc_Sha384* dst) dst->ctx.isfirstblock = src->ctx.isfirstblock; dst->ctx.sha_type = src->ctx.sha_type; #endif -#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) +#ifdef WOLFSSL_HASH_FLAGS dst->flags |= WC_HASH_FLAG_ISCOPY; #endif @@ -1765,7 +1765,7 @@ int wc_Sha384Copy(wc_Sha384* src, wc_Sha384* dst) #endif /* WOLFSSL_KCAPI_HASH */ -#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) +#ifdef WOLFSSL_HASH_FLAGS int wc_Sha384SetFlags(wc_Sha384* sha384, word32 flags) { if (sha384) { diff --git a/wolfssl/openssl/ec.h b/wolfssl/openssl/ec.h index 7efee174d..cfc3bdb7f 100644 --- a/wolfssl/openssl/ec.h +++ b/wolfssl/openssl/ec.h @@ -218,6 +218,10 @@ WOLFSSL_API int wolfSSL_ECDSA_size(const WOLFSSL_EC_KEY *key); WOLFSSL_API int wolfSSL_ECDSA_sign(int type, const unsigned char *digest, int digestSz, unsigned char *sig, unsigned int *sigSz, WOLFSSL_EC_KEY *key); +WOLFSSL_API int wolfSSL_ECDSA_verify(int type, const unsigned char *digest, + int digestSz, const unsigned char *sig, + int sigSz, WOLFSSL_EC_KEY *key); + WOLFSSL_API void wolfSSL_EC_GROUP_set_asn1_flag(WOLFSSL_EC_GROUP *group, int flag); WOLFSSL_API @@ -310,6 +314,7 @@ char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group, #define ECDSA_size wolfSSL_ECDSA_size #define ECDSA_sign wolfSSL_ECDSA_sign +#define ECDSA_verify wolfSSL_ECDSA_verify #define EC_GROUP_free wolfSSL_EC_GROUP_free #define EC_GROUP_set_asn1_flag wolfSSL_EC_GROUP_set_asn1_flag diff --git a/wolfssl/openssl/evp.h b/wolfssl/openssl/evp.h index 2b5d99cde..86c452627 100644 --- a/wolfssl/openssl/evp.h +++ b/wolfssl/openssl/evp.h @@ -73,6 +73,7 @@ typedef char WOLFSSL_EVP_CIPHER; typedef char WOLFSSL_EVP_MD; typedef struct WOLFSSL_EVP_PKEY WOLFSSL_EVP_PKEY; typedef struct WOLFSSL_EVP_MD_CTX WOLFSSL_EVP_MD_CTX; +typedef struct WOLFSSL_EVP_PKEY WOLFSSL_PKCS8_PRIV_KEY_INFO; #define WOLFSSL_EVP_TYPE_DEFINED #endif @@ -670,6 +671,9 @@ WOLFSSL_API int wolfSSL_EVP_PKEY_type(int type); WOLFSSL_API int wolfSSL_EVP_PKEY_id(const WOLFSSL_EVP_PKEY *pkey); WOLFSSL_API int wolfSSL_EVP_PKEY_base_id(const WOLFSSL_EVP_PKEY *pkey); WOLFSSL_API int wolfSSL_EVP_PKEY_get_default_digest_nid(WOLFSSL_EVP_PKEY *pkey, int *pnid); +WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKCS82PKEY(const WOLFSSL_PKCS8_PRIV_KEY_INFO* p8); +WOLFSSL_API WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_EVP_PKEY2PKCS8(const WOLFSSL_EVP_PKEY* pkey); + WOLFSSL_API int wolfSSL_EVP_SignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen, WOLFSSL_EVP_PKEY *pkey); WOLFSSL_API int wolfSSL_EVP_SignInit(WOLFSSL_EVP_MD_CTX *ctx, const WOLFSSL_EVP_MD *type); @@ -960,6 +964,8 @@ typedef WOLFSSL_ASN1_PCTX ASN1_PCTX; #define EVP_PKEY_get_default_digest_nid wolfSSL_EVP_PKEY_get_default_digest_nid #define EVP_PKEY_id wolfSSL_EVP_PKEY_id #define EVP_PKEY_CTX_ctrl_str wolfSSL_EVP_PKEY_CTX_ctrl_str +#define EVP_PKCS82PKEY wolfSSL_EVP_PKCS82PKEY +#define EVP_PKEY2PKCS8 wolfSSL_EVP_PKEY2PKCS8 #define EVP_SignFinal wolfSSL_EVP_SignFinal #define EVP_SignInit wolfSSL_EVP_SignInit #define EVP_SignInit_ex wolfSSL_EVP_SignInit_ex diff --git a/wolfssl/openssl/md5.h b/wolfssl/openssl/md5.h index fe16dae65..6903e5f81 100644 --- a/wolfssl/openssl/md5.h +++ b/wolfssl/openssl/md5.h @@ -69,15 +69,29 @@ typedef WOLFSSL_MD5_CTX MD5_CTX; #define MD5Final wolfSSL_MD5_Final #endif -#if (!defined(HAVE_FIPS) || \ - (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2)) && \ - defined(OPENSSL_EXTRA) -/* For fips v1 defined in wolfssl/wolfcrypt/md5.h as - * WC_MD5 for compatibility */ -#define MD5 wolfSSL_MD5 +/* "MD5" has some conflicts + * If not FIPS and NO_OLD_SHA_NAMES defined + * If FIPS V2 or higher and NO_OLD_MD5_NAME defined + * If FIPS V2 and NO_OLD_WC_NAMES defined + * If FIPS v1 not allowed + */ +#if (defined(NO_OLD_MD5_NAME) && !defined(HAVE_FIPS)) || \ + (defined(NO_OLD_MD5_NAME) && defined(HAVE_FIPS) && \ + defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION >= 2) || \ + (defined(NO_OLD_WC_NAMES) && defined(HAVE_FIPS) && \ + defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION == 2) + + #define MD5 wolfSSL_MD5 #endif -#define MD5_DIGEST_LENGTH MD5_DIGEST_SIZE +/* FIPS v1 uses old MD5_DIGEST_SIZE naming */ +#if (!defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION >= 2)) && \ + defined(OPENSSL_EXTRA) + #define MD5_DIGEST_LENGTH WC_MD5_DIGEST_SIZE +#else + #define MD5_DIGEST_LENGTH MD5_DIGEST_SIZE +#endif #ifdef __cplusplus } /* extern "C" */ diff --git a/wolfssl/openssl/sha.h b/wolfssl/openssl/sha.h index 9e717d1ca..cd46e43ff 100644 --- a/wolfssl/openssl/sha.h +++ b/wolfssl/openssl/sha.h @@ -147,9 +147,20 @@ typedef WOLFSSL_SHA256_CTX SHA256_CTX; #define SHA256_Final wolfSSL_SHA256_Final #define SHA256_Transform wolfSSL_SHA256_Transform -#if defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) - /* SHA256 is only available in non-fips mode because of SHA256 enum in FIPS - * build. */ +/* "SHA256" has some conflicts + * If not FIPS and NO_OLD_SHA_NAMES defined + * If FIPS V3 or higher and NO_OLD_SHA_NAMES defined + * If FIPS V2 and NO_OLD_SHA256_NAMES defined + * If FIPS v1 not allowed + * If HAVE_SELFTEST not allowed + */ +#if !defined(HAVE_SELFTEST) && \ + (defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS)) || \ + (defined(NO_OLD_SHA_NAMES) && defined(HAVE_FIPS) && \ + defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION >= 3) || \ + (defined(NO_OLD_SHA256_NAMES) && defined(HAVE_FIPS) && \ + defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION == 2) + #define SHA256 wolfSSL_SHA256 #endif diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 556ef0c58..ff9d4c1dc 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -199,6 +199,8 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define SSL_use_certificate wolfSSL_use_certificate #define SSL_use_certificate_ASN1 wolfSSL_use_certificate_ASN1 #define d2i_PKCS8_PRIV_KEY_INFO_bio wolfSSL_d2i_PKCS8_PKEY_bio +#define d2i_PKCS8_PRIV_KEY_INFO wolfSSL_d2i_PKCS8_PKEY +#define i2d_PKCS8_PRIV_KEY_INFO wolfSSL_i2d_PrivateKey #define d2i_PKCS8PrivateKey_bio wolfSSL_d2i_PKCS8PrivateKey_bio #define i2d_PKCS8PrivateKey_bio wolfSSL_PEM_write_bio_PKCS8PrivateKey #define PKCS8_PRIV_KEY_INFO_free wolfSSL_EVP_PKEY_free diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index a411e0563..506dfc0bf 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -412,10 +412,11 @@ struct WOLFSSL_EVP_PKEY { byte ownDsa:1; /* if struct owns DSA and should free it */ byte ownRsa:1; /* if struct owns RSA and should free it */ }; -typedef struct WOLFSSL_EVP_PKEY WOLFSSL_PKCS8_PRIV_KEY_INFO; + #ifndef WOLFSSL_EVP_TYPE_DEFINED /* guard on redeclaration */ typedef struct WOLFSSL_EVP_PKEY WOLFSSL_EVP_PKEY; typedef struct WOLFSSL_EVP_MD_CTX WOLFSSL_EVP_MD_CTX; +typedef struct WOLFSSL_EVP_PKEY WOLFSSL_PKCS8_PRIV_KEY_INFO; typedef char WOLFSSL_EVP_MD; #define WOLFSSL_EVP_TYPE_DEFINED #endif @@ -1777,6 +1778,8 @@ WOLFSSL_API int wolfSSL_X509_CRL_verify(WOLFSSL_X509_CRL*, WOLFSSL_EVP_PKE WOLFSSL_API void wolfSSL_X509_OBJECT_free_contents(WOLFSSL_X509_OBJECT*); WOLFSSL_API WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY_bio( WOLFSSL_BIO* bio, WOLFSSL_PKCS8_PRIV_KEY_INFO** pkey); +WOLFSSL_API WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY( + WOLFSSL_PKCS8_PRIV_KEY_INFO** pkey, const unsigned char** keyBuf, long keyLen); WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY_bio(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY** out); WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** key, diff --git a/wolfssl/wolfcrypt/hash.h b/wolfssl/wolfcrypt/hash.h index 0144eeab5..e37c545e9 100644 --- a/wolfssl/wolfcrypt/hash.h +++ b/wolfssl/wolfcrypt/hash.h @@ -170,7 +170,7 @@ WOLFSSL_API int wc_HashFinal(wc_HashAlg* hash, enum wc_HashType type, byte* out); WOLFSSL_API int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type); -#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) +#ifdef WOLFSSL_HASH_FLAGS WOLFSSL_API int wc_HashSetFlags(wc_HashAlg* hash, enum wc_HashType type, word32 flags); WOLFSSL_API int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, diff --git a/wolfssl/wolfcrypt/md5.h b/wolfssl/wolfcrypt/md5.h index 4d9f881f4..d41ab42e1 100644 --- a/wolfssl/wolfcrypt/md5.h +++ b/wolfssl/wolfcrypt/md5.h @@ -100,7 +100,7 @@ typedef struct wc_Md5 { #ifdef WOLFSSL_ASYNC_CRYPT WC_ASYNC_DEV asyncDev; #endif /* WOLFSSL_ASYNC_CRYPT */ -#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) +#ifdef WOLFSSL_HASH_FLAGS word32 flags; /* enum wc_HashFlags in hash.h */ #endif } wc_Md5; @@ -123,7 +123,7 @@ WOLFSSL_API int wc_Md5Copy(wc_Md5*, wc_Md5*); WOLFSSL_API void wc_Md5SizeSet(wc_Md5* md5, word32 len); #endif -#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) +#ifdef WOLFSSL_HASH_FLAGS WOLFSSL_API int wc_Md5SetFlags(wc_Md5* md5, word32 flags); WOLFSSL_API int wc_Md5GetFlags(wc_Md5* md5, word32* flags); #endif diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index a532867d5..64edb63a9 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -2510,6 +2510,16 @@ extern void uITRON4_free(void *p) ; */ #endif +/* Crypto callbacks should enable hash flag support */ +#if defined(WOLF_CRYPTO_CB) && !defined(WOLFSSL_HASH_FLAGS) + /* FIPS v1 and v2 do not support hash flags, so do not allow it with + * crypto callbacks */ + #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS) && \ + defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION >= 3) + #define WOLFSSL_HASH_FLAGS + #endif +#endif + /* --------------------------------------------------------------------------- * Depricated Algorithm Handling diff --git a/wolfssl/wolfcrypt/sha.h b/wolfssl/wolfcrypt/sha.h index 8fca499fb..6944b1897 100644 --- a/wolfssl/wolfcrypt/sha.h +++ b/wolfssl/wolfcrypt/sha.h @@ -153,7 +153,7 @@ struct wc_Sha { !defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH) WC_ESP32SHA ctx; #endif -#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) +#ifdef WOLFSSL_HASH_FLAGS word32 flags; /* enum wc_HashFlags in hash.h */ #endif }; @@ -185,7 +185,7 @@ WOLFSSL_API int wc_ShaTransform(wc_Sha*, const byte*); WOLFSSL_API void wc_ShaSizeSet(wc_Sha* sha, word32 len); #endif -#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) +#ifdef WOLFSSL_HASH_FLAGS WOLFSSL_API int wc_ShaSetFlags(wc_Sha* sha, word32 flags); WOLFSSL_API int wc_ShaGetFlags(wc_Sha* sha, word32* flags); #endif diff --git a/wolfssl/wolfcrypt/sha256.h b/wolfssl/wolfcrypt/sha256.h index 5dfb3603a..7759823f3 100644 --- a/wolfssl/wolfcrypt/sha256.h +++ b/wolfssl/wolfcrypt/sha256.h @@ -203,7 +203,7 @@ struct wc_Sha256 { int devId; void* devCtx; /* generic crypto callback context */ #endif -#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) +#ifdef WOLFSSL_HASH_FLAGS word32 flags; /* enum wc_HashFlags in hash.h */ #endif }; @@ -233,7 +233,7 @@ WOLFSSL_API int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst); WOLFSSL_API void wc_Sha256SizeSet(wc_Sha256*, word32); #endif -#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) +#ifdef WOLFSSL_HASH_FLAGS WOLFSSL_API int wc_Sha256SetFlags(wc_Sha256* sha256, word32 flags); WOLFSSL_API int wc_Sha256GetFlags(wc_Sha256* sha256, word32* flags); #endif @@ -278,7 +278,7 @@ WOLFSSL_API void wc_Sha224Free(wc_Sha224*); WOLFSSL_API int wc_Sha224GetHash(wc_Sha224*, byte*); WOLFSSL_API int wc_Sha224Copy(wc_Sha224* src, wc_Sha224* dst); -#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) +#ifdef WOLFSSL_HASH_FLAGS WOLFSSL_API int wc_Sha224SetFlags(wc_Sha224* sha224, word32 flags); WOLFSSL_API int wc_Sha224GetFlags(wc_Sha224* sha224, word32* flags); #endif diff --git a/wolfssl/wolfcrypt/sha3.h b/wolfssl/wolfcrypt/sha3.h index f719a5700..2ae5edbef 100644 --- a/wolfssl/wolfcrypt/sha3.h +++ b/wolfssl/wolfcrypt/sha3.h @@ -107,7 +107,7 @@ struct wc_Sha3 { #ifdef WOLFSSL_ASYNC_CRYPT WC_ASYNC_DEV asyncDev; #endif /* WOLFSSL_ASYNC_CRYPT */ -#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) +#ifdef WOLFSSL_HASH_FLAGS word32 flags; /* enum wc_HashFlags in hash.h */ #endif }; @@ -156,7 +156,7 @@ WOLFSSL_API int wc_Shake256_Final(wc_Shake*, byte*, word32); WOLFSSL_API void wc_Shake256_Free(wc_Shake*); WOLFSSL_API int wc_Shake256_Copy(wc_Shake* src, wc_Sha3* dst); -#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) +#ifdef WOLFSSL_HASH_FLAGS WOLFSSL_API int wc_Sha3_SetFlags(wc_Sha3* sha3, word32 flags); WOLFSSL_API int wc_Sha3_GetFlags(wc_Sha3* sha3, word32* flags); #endif diff --git a/wolfssl/wolfcrypt/sha512.h b/wolfssl/wolfcrypt/sha512.h index f821d94ef..9021a0fe3 100644 --- a/wolfssl/wolfcrypt/sha512.h +++ b/wolfssl/wolfcrypt/sha512.h @@ -180,7 +180,7 @@ struct wc_Sha512 { int devId; void* devCtx; /* generic crypto callback context */ #endif -#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) +#ifdef WOLFSSL_HASH_FLAGS word32 flags; /* enum wc_HashFlags in hash.h */ #endif #endif /* WOLFSSL_PSOC6_CRYPTO */ @@ -211,7 +211,7 @@ WOLFSSL_API void wc_Sha512Free(wc_Sha512*); WOLFSSL_API int wc_Sha512GetHash(wc_Sha512*, byte*); WOLFSSL_API int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst); -#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) +#ifdef WOLFSSL_HASH_FLAGS WOLFSSL_API int wc_Sha512SetFlags(wc_Sha512* sha512, word32 flags); WOLFSSL_API int wc_Sha512GetFlags(wc_Sha512* sha512, word32* flags); #endif @@ -229,7 +229,7 @@ WOLFSSL_API int wc_Sha512_224Final(wc_Sha512*, byte*); WOLFSSL_API void wc_Sha512_224Free(wc_Sha512*); WOLFSSL_API int wc_Sha512_224GetHash(wc_Sha512*, byte*); WOLFSSL_API int wc_Sha512_224Copy(wc_Sha512* src, wc_Sha512* dst); -#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) +#ifdef WOLFSSL_HASH_FLAGS WOLFSSL_API int wc_Sha512_224SetFlags(wc_Sha512* sha512, word32 flags); WOLFSSL_API int wc_Sha512_224GetFlags(wc_Sha512* sha512, word32* flags); #endif @@ -249,7 +249,7 @@ WOLFSSL_API int wc_Sha512_256Final(wc_Sha512*, byte*); WOLFSSL_API void wc_Sha512_256Free(wc_Sha512*); WOLFSSL_API int wc_Sha512_256GetHash(wc_Sha512*, byte*); WOLFSSL_API int wc_Sha512_256Copy(wc_Sha512* src, wc_Sha512* dst); -#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) +#ifdef WOLFSSL_HASH_FLAGS WOLFSSL_API int wc_Sha512_256SetFlags(wc_Sha512* sha512, word32 flags); WOLFSSL_API int wc_Sha512_256GetFlags(wc_Sha512* sha512, word32* flags); #endif @@ -306,7 +306,7 @@ WOLFSSL_API void wc_Sha384Free(wc_Sha384*); WOLFSSL_API int wc_Sha384GetHash(wc_Sha384*, byte*); WOLFSSL_API int wc_Sha384Copy(wc_Sha384* src, wc_Sha384* dst); -#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB) +#ifdef WOLFSSL_HASH_FLAGS WOLFSSL_API int wc_Sha384SetFlags(wc_Sha384* sha384, word32 flags); WOLFSSL_API int wc_Sha384GetFlags(wc_Sha384* sha384, word32* flags); #endif