wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 18:57:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Support for Android KeyStore compatibility API's:

Browse Source 
* Adds `EVP_PKCS82PKEY` and `d2i_PKCS8_PRIV_KEY_INFO`.
* Adds `EVP_PKEY2PKCS8` and `i2d_PKCS8_PRIV_KEY_INFO`.
* Adds `ECDSA_verify`.
* Fix to allow `SHA256()` and `MD5()` with FIPSv2.
* Decouple crypto callbacks and hash flags
* Fix for possible use of uninitialized when building TLS bench without TLS v1.3.
* Fix for building with `NO_CHECK_PRIVATE_KEY`. Test `./configure --disable-pkcs12 --enable-opensslextra CFLAGS="-DNO_CHECK_PRIVATE_KEY"`.
* Fix to support `RSA_public_decrypt` for PKCSv15 only with FIPS.
* Cleanup `RSA_public_encrypt`, `RSA_public_decrypt` and `RSA_private_decrypt`.
* Added instructions for building wolfSSL with Android kernel.
This commit is contained in:
David Garske
2021-10-14 14:38:57 -07:00
parent f04380d624
commit a03ed32380
32 changed files with 682 additions and 237 deletions
Download Patch File Download Diff File Expand all files Collapse all files

115
IDE/Android/Android.bp Normal file
View File

@ -0,0 +1,115 @@
cc_library_shared {
name: "libwolfssl",
arch: {
arm: {
instruction_set: "arm",
},
arm64: {
cflags: ["-DARM64"],
},
},
compile_multilib: "both",
export_include_dirs: ["."],
shared_libs: ["liblog"],
cflags: [
"-DWOLFSSL_USER_SETTINGS",
"-Os",
"-fomit-frame-pointer",
],
include_dirs: [
"external/wolfssl/wolfssl",
"external/wolfssl",
],
srcs: [
"./src/crl.c",
"./src/internal.c",
"./src/keys.c",
"./src/ocsp.c",
"./src/sniffer.c",
"./src/ssl.c",
"./src/tls.c",
"./src/tls13.c",
"./src/wolfio.c",
] + [
"./wolfcrypt/src/aes.c",
"./wolfcrypt/src/arc4.c",
"./wolfcrypt/src/asm.c",
"./wolfcrypt/src/asn.c",
"./wolfcrypt/src/blake2b.c",
"./wolfcrypt/src/blake2s.c",
"./wolfcrypt/src/camellia.c",
"./wolfcrypt/src/chacha.c",
"./wolfcrypt/src/chacha20_poly1305.c",
"./wolfcrypt/src/cmac.c",
"./wolfcrypt/src/coding.c",
"./wolfcrypt/src/compress.c",
"./wolfcrypt/src/cpuid.c",
"./wolfcrypt/src/cryptocb.c",
"./wolfcrypt/src/curve25519.c",
"./wolfcrypt/src/curve448.c",
"./wolfcrypt/src/des3.c",
"./wolfcrypt/src/dh.c",
"./wolfcrypt/src/dsa.c",
"./wolfcrypt/src/ecc.c",
"./wolfcrypt/src/ecc_fp.c",
"./wolfcrypt/src/ed25519.c",
"./wolfcrypt/src/ed448.c",
"./wolfcrypt/src/error.c",
"./wolfcrypt/src/fe_448.c",
"./wolfcrypt/src/fe_low_mem.c",
"./wolfcrypt/src/fe_operations.c",
"./wolfcrypt/src/fips.c",
"./wolfcrypt/src/fips_test.c",
"./wolfcrypt/src/ge_448.c",
"./wolfcrypt/src/ge_low_mem.c",
"./wolfcrypt/src/ge_operations.c",
"./wolfcrypt/src/hash.c",
"./wolfcrypt/src/hc128.c",
"./wolfcrypt/src/hmac.c",
"./wolfcrypt/src/idea.c",
"./wolfcrypt/src/integer.c",
"./wolfcrypt/src/logging.c",
"./wolfcrypt/src/md2.c",
"./wolfcrypt/src/md4.c",
"./wolfcrypt/src/md5.c",
"./wolfcrypt/src/memory.c",
"./wolfcrypt/src/pkcs12.c",
"./wolfcrypt/src/pkcs7.c",
"./wolfcrypt/src/poly1305.c",
"./wolfcrypt/src/pwdbased.c",
"./wolfcrypt/src/rabbit.c",
"./wolfcrypt/src/random.c",
"./wolfcrypt/src/rc2.c",
"./wolfcrypt/src/ripemd.c",
"./wolfcrypt/src/rsa.c",
"./wolfcrypt/src/selftest.c",
"./wolfcrypt/src/sha256.c",
"./wolfcrypt/src/sha3.c",
"./wolfcrypt/src/sha512.c",
"./wolfcrypt/src/sha.c",
"./wolfcrypt/src/signature.c",
"./wolfcrypt/src/sp_arm32.c",
"./wolfcrypt/src/sp_arm64.c",
"./wolfcrypt/src/sp_armthumb.c",
"./wolfcrypt/src/sp_c32.c",
"./wolfcrypt/src/sp_c64.c",
"./wolfcrypt/src/sp_cortexm.c",
"./wolfcrypt/src/sp_dsp32.c",
"./wolfcrypt/src/sp_int.c",
"./wolfcrypt/src/sp_x86_64.c",
"./wolfcrypt/src/srp.c",
"./wolfcrypt/src/tfm.c",
"./wolfcrypt/src/wc_dsp.c",
"./wolfcrypt/src/wc_encrypt.c",
"./wolfcrypt/src/wc_pkcs11.c",
"./wolfcrypt/src/wc_port.c",
"./wolfcrypt/src/wolfcrypt_first.c",
"./wolfcrypt/src/wolfcrypt_last.c",
"./wolfcrypt/src/wolfevent.c",
"./wolfcrypt/src/wolfmath.c",
],
}

37
IDE/Android/README.md Normal file
View File

@ -0,0 +1,37 @@
# Android wolfSSL Support
Tested on Android v8.1 with WPA Supplicant and KeyStore to replace BoringSSL.
## Files
* `Android.bp`: Template build system file for wolfSSL.
* `user_settings.h`: Template build settings for wolfSSL
## Installation
1) Place the wolfSSL library into `./external/wolfssl`
2) Copy `Android.bp` into `./external/wolfssl`
3) Copy `user_settings.h` into `./external/wolfssl`
4) Add `PRODUCT_PACKAGES += libwolfssl` to your device .mk.
## Typical Android build instruction
```sh
source build/envsetup.sh
lunch [num]
mm -j8
```
## Using wolfSSL in your Application
In your `Android.mk` build file for your application add the following:
```makefile
# Crypto Provider - wolfSSL
LOCAL_CFLAGS += -DWOLFSSL_USER_SETTINGS -Iexternal/wolfssl -Iexternal/wolfssl/wolfssl
LOCAL_SHARED_LIBRARIES += libwolfssl
```
## Support
For questions please email support@wolfssl.com

8
IDE/Android/include.am Normal file
View File

@ -0,0 +1,8 @@
# vim:ft=automake
# included from Top Level Makefile.am
# All paths should be given relative to the root
EXTRA_DIST += \
IDE/Android/Android.bp \
IDE/Android/README.md \
IDE/Android/user_settings.h

101
IDE/Android/user_settings.h Normal file
View File

@ -0,0 +1,101 @@
/* Custom build settings for Android */
#ifndef _WOLF_USER_SETTINGS_H_
#define _WOLF_USER_SETTINGS_H_
#if 0
#define HAVE_FIPS_VERSION 2
#define HAVE_FIPS
#endif
/* WPA Supplicant Support */
#define WOLFSSL_WPAS_SMALL
#define OPENSSL_ALL
#define HAVE_THREAD_LS
#define USE_FAST_MATH
#define TFM_TIMING_RESISTANT
#define ECC_TIMING_RESISTANT
#define WC_RSA_BLINDING
#define HAVE_HASHDRBG
#define WOLFSSL_TLS13
#define HAVE_SESSION_TICKET
#define HAVE_TLS_EXTENSIONS
#define HAVE_SUPPORTED_CURVES
#define HAVE_EXTENDED_MASTER
#define HAVE_ENCRYPT_THEN_MAC
#define WOLFSSL_ENCRYPTED_KEYS
#define HAVE_KEYING_MATERIAL
#define NO_OLD_TLS
#define NO_CHECK_PRIVATE_KEY
#define WOLF_CRYPTO_CB
#define HAVE_PK_CALLBACKS
#define KEEP_OUR_CERT
#define KEEP_PEER_CERT
#define WOLFSSL_ALWAYS_VERIFY_CB
#define WOLFSSL_ALWAYS_KEEP_SNI
#define HAVE_EX_DATA
#define HAVE_EXT_CACHE
#define WOLFSSL_EITHER_SIDE
#define WOLFSSL_PUBLIC_MP
#define WOLFSSL_DER_LOAD
#define WOLFSSL_KEY_GEN
#define WC_RSA_PSS
#define WC_RSA_NO_PADDING
#define HAVE_FFDHE_2048
#define HAVE_DH_DEFAULT_PARAMS
#ifdef HAVE_FIPS
#define WOLFSSL_VALIDATE_FFC_IMPORT
#define HAVE_FFDHE_Q
#endif
#define WOLFSSL_SHA224
#define WOLFSSL_SHA512
#define WOLFSSL_SHA384
#define HAVE_HKDF
#define HAVE_PKCS8
#define HAVE_ECC
#define TFM_ECC256
#define ECC_SHAMIR
#ifdef HAVE_FIPS
#define HAVE_ECC_CDH
#define WOLFSSL_VALIDATE_ECC_IMPORT
#endif
#define HAVE_AESGCM
#define HAVE_AESCCM
#define WOLFSSL_AES_DIRECT
#define WOLFSSL_AES_COUNTER
#define HAVE_AES_ECB
#define WOLFSSL_CMAC
#define WOLFSSL_BASE64_ENCODE
#define HAVE_CRL
#define NO_DSA
#define NO_RC4
#define NO_HC128
#define NO_RABBIT
#define NO_RC4
#define NO_PSK
#define WOLFSSL_NO_SHAKE256
#define NO_MD4
#define NO_OLD_MD5_NAME
#define NO_OLD_SHA_NAMES
#define NO_OLD_SHA256_NAMES
#define NO_OLD_WC_NAMES
#if 0
#define DEBUG_WOLFSSL
#define WOLFSSL_ANDROID_DEBUG
#endif
#endif /* _WOLF_USER_SETTINGS_H_ */

1
IDE/include.am
View File

@ -40,6 +40,7 @@ include IDE/VisualDSP/include.am
include IDE/QNX/include.am
include IDE/WINCE/include.am
include IDE/iotsafe/include.am
include IDE/Android/include.am
EXTRA_DIST+= IDE/IAR-EWARM IDE/MDK-ARM IDE/MDK5-ARM IDE/MYSQL IDE/LPCXPRESSO IDE/HEXIWEAR IDE/Espressif
EXTRA_DIST+= IDE/OPENSTM32/README.md

10
examples/benchmark/tls_bench.c
View File

@ -243,6 +243,7 @@ static const unsigned char dhg[] =
#endif /* !NO_WOLFSSL_SERVER */
#endif /* !NO_DH */
#ifdef WOLFSSL_TLS13
struct group_info {
word16 group;
const char *name;
@ -300,6 +301,7 @@ static struct group_info groups[] = {
#endif
{ 0, NULL }
};
#endif /* WOLFSSL_TLS13 */
#ifdef HAVE_PTHREAD
typedef struct {
@ -1707,7 +1709,9 @@ int bench_tls(void* args)
info_t *theadInfo = NULL, *info;
stats_t cli_comb, srv_comb;
int i;
int group_index;
#ifdef WOLFSSL_TLS13
int group_index = 0;
#endif
char *cipher, *next_cipher, *ciphers = NULL;
int argc = 0;
char** argv = NULL;
@ -1932,6 +1936,7 @@ int bench_tls(void* args)
/* parse by : */
while ((cipher != NULL) && (cipher[0] != '\0')) {
const char *gname = "N/A";
next_cipher = strchr(cipher, ':');
if (next_cipher != NULL) {
cipher[next_cipher - cipher] = '\0';
@ -1943,6 +1948,7 @@ int bench_tls(void* args)
#ifdef WOLFSSL_TLS13
for (group_index = 0; groups[group_index].name != NULL; group_index++) {
gname = theadInfo[0].group == 0 ? "N/A" : groups[group_index].name;
if (argDoGroups && groups[group_index].group == 0) {
/* Skip unsupported group. */
@ -2041,8 +2047,6 @@ int bench_tls(void* args)
}
#endif /* HAVE_PTHREAD */
const char *gname = theadInfo[0].group == 0 ?
"N/A" : groups[group_index].name;
if (argShowVerbose) {
/* print results */
for (i = 0; i < argThreadPairs; ++i) {

12
src/internal.c
View File

@ -6024,7 +6024,7 @@ int InitHandshakeHashes(WOLFSSL* ssl)
ret = wc_InitMd5_ex(&ssl->hsHashes->hashMd5, ssl->heap, ssl->devId);
if (ret != 0)
return ret;
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
wc_Md5SetFlags(&ssl->hsHashes->hashMd5, WC_HASH_FLAG_WILLCOPY);
#endif
#endif
@ -6032,7 +6032,7 @@ int InitHandshakeHashes(WOLFSSL* ssl)
ret = wc_InitSha_ex(&ssl->hsHashes->hashSha, ssl->heap, ssl->devId);
if (ret != 0)
return ret;
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
wc_ShaSetFlags(&ssl->hsHashes->hashSha, WC_HASH_FLAG_WILLCOPY);
#endif
#endif
@ -6041,7 +6041,7 @@ int InitHandshakeHashes(WOLFSSL* ssl)
ret = wc_InitSha256_ex(&ssl->hsHashes->hashSha256, ssl->heap, ssl->devId);
if (ret != 0)
return ret;
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
wc_Sha256SetFlags(&ssl->hsHashes->hashSha256, WC_HASH_FLAG_WILLCOPY);
#endif
#endif
@ -6049,7 +6049,7 @@ int InitHandshakeHashes(WOLFSSL* ssl)
ret = wc_InitSha384_ex(&ssl->hsHashes->hashSha384, ssl->heap, ssl->devId);
if (ret != 0)
return ret;
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
wc_Sha384SetFlags(&ssl->hsHashes->hashSha384, WC_HASH_FLAG_WILLCOPY);
#endif
#endif
@ -6057,7 +6057,7 @@ int InitHandshakeHashes(WOLFSSL* ssl)
ret = wc_InitSha512_ex(&ssl->hsHashes->hashSha512, ssl->heap, ssl->devId);
if (ret != 0)
return ret;
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
wc_Sha512SetFlags(&ssl->hsHashes->hashSha512, WC_HASH_FLAG_WILLCOPY);
#endif
#endif
@ -21902,7 +21902,7 @@ int PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, word32 hashSigAlgoSz)
#if !defined(NO_CERTS)
#ifdef WOLF_CRYPTO_CB
#if defined(WOLF_CRYPTO_CB) && !defined(NO_CHECK_PRIVATE_KEY)
/* Create a private key for a device.
*
* pkey Key object.

329
src/ssl.c
View File

@ -7868,6 +7868,72 @@ WOLFSSL_EVP_PKEY* wolfSSL_CTX_get0_privatekey(const WOLFSSL_CTX* ctx)
#ifdef OPENSSL_EXTRA
WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY(
WOLFSSL_PKCS8_PRIV_KEY_INFO** pkey, const unsigned char** keyBuf, long keyLen)
{
WOLFSSL_PKCS8_PRIV_KEY_INFO* pkcs8 = NULL;
#ifdef WOLFSSL_PEM_TO_DER
int ret;
DerBuffer* der = NULL;
if (keyBuf == NULL || *keyBuf == NULL || keyLen <= 0) {
WOLFSSL_MSG("Bad key PEM/DER args");
return NULL;
}
ret = PemToDer(*keyBuf, keyLen, PRIVATEKEY_TYPE, &der, NULL, NULL, NULL);
if (ret < 0) {
WOLFSSL_MSG("Not PEM format");
ret = AllocDer(&der, (word32)keyLen, PRIVATEKEY_TYPE, NULL);
if (ret == 0) {
XMEMCPY(der->buffer, *keyBuf, keyLen);
}
}
if (ret == 0) {
/* Verify this is PKCS8 Key */
word32 inOutIdx = 0;
word32 algId;
ret = ToTraditionalInline_ex(der->buffer, &inOutIdx, der->length, &algId);
if (ret >= 0) {
ret = 0; /* good DER */
}
}
if (ret == 0) {
pkcs8 = wolfSSL_EVP_PKEY_new();
if (pkcs8 == NULL)
ret = MEMORY_E;
}
if (ret == 0) {
pkcs8->pkey.ptr = (char*)XMALLOC(der->length, NULL,
DYNAMIC_TYPE_PUBLIC_KEY);
if (pkcs8->pkey.ptr == NULL)
ret = MEMORY_E;
}
if (ret == 0) {
XMEMCPY(pkcs8->pkey.ptr, der->buffer, der->length);
pkcs8->pkey_sz = der->length;
}
FreeDer(&der);
if (ret != 0) {
wolfSSL_EVP_PKEY_free(pkcs8);
pkcs8 = NULL;
}
if (pkey != NULL) {
*pkey = pkcs8;
}
#else
(void)bio;
(void)pkey;
#endif /* WOLFSSL_PEM_TO_DER */
return pkcs8;
}
#ifndef NO_BIO
/* put SSL type in extra for now, not very common */
@ -7887,10 +7953,8 @@ WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY_bio(WOLFSSL_BIO* bio,
#ifdef WOLFSSL_PEM_TO_DER
unsigned char* mem = NULL;
int memSz;
int keySz;
word32 algId;
WOLFSSL_MSG("wolfSSL_d2i_PKCS8_PKEY_bio()");
WOLFSSL_ENTER("wolfSSL_d2i_PKCS8_PKEY_bio");
if (bio == NULL) {
return NULL;
@ -7900,30 +7964,7 @@ WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY_bio(WOLFSSL_BIO* bio,
return NULL;
}
if ((keySz = wc_KeyPemToDer(mem, memSz, mem, memSz, NULL)) < 0) {
WOLFSSL_MSG("Not PEM format");
keySz = memSz;
if ((keySz = ToTraditional_ex((byte*)mem, (word32)keySz, &algId)) < 0) {
return NULL;
}
}
pkcs8 = wolfSSL_EVP_PKEY_new();
if (pkcs8 == NULL) {
return NULL;
}
pkcs8->pkey.ptr = (char*)XMALLOC(keySz, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
if (pkcs8->pkey.ptr == NULL) {
wolfSSL_EVP_PKEY_free(pkcs8);
return NULL;
}
XMEMCPY(pkcs8->pkey.ptr, mem, keySz);
pkcs8->pkey_sz = keySz;
if (pkey != NULL) {
*pkey = pkcs8;
}
pkcs8 = wolfSSL_d2i_PKCS8_PKEY(pkey, (const unsigned char**)&mem, memSz);
#else
(void)bio;
(void)pkey;
@ -8576,6 +8617,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_id(int type, WOLFSSL_EVP_PKEY** out,
#ifndef NO_CERTS
#ifndef NO_CHECK_PRIVATE_KEY
int wolfSSL_check_private_key(const WOLFSSL* ssl)
{
DecodedCert der;
@ -8657,6 +8699,7 @@ int wolfSSL_check_private_key(const WOLFSSL* ssl)
FreeDecodedCert(&der);
return ret;
}
#endif /* !NO_CHECK_PRIVATE_KEY */
#if defined(OPENSSL_ALL)
unsigned int wolfSSL_X509_get_extension_flags(WOLFSSL_X509* x509)
@ -19271,7 +19314,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
ssl->devId) != 0) {
return WOLFSSL_FAILURE;
}
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
wc_Md5SetFlags(&ssl->hsHashes->hashMd5, WC_HASH_FLAG_WILLCOPY);
#endif
#endif
@ -19280,7 +19323,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
ssl->devId) != 0) {
return WOLFSSL_FAILURE;
}
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
wc_ShaSetFlags(&ssl->hsHashes->hashSha, WC_HASH_FLAG_WILLCOPY);
#endif
#endif
@ -19290,7 +19333,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
ssl->devId) != 0) {
return WOLFSSL_FAILURE;
}
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
wc_Sha256SetFlags(&ssl->hsHashes->hashSha256, WC_HASH_FLAG_WILLCOPY);
#endif
#endif
@ -19299,7 +19342,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
ssl->devId) != 0) {
return WOLFSSL_FAILURE;
}
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
wc_Sha384SetFlags(&ssl->hsHashes->hashSha384, WC_HASH_FLAG_WILLCOPY);
#endif
#endif
@ -19308,7 +19351,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
ssl->devId) != 0) {
return WOLFSSL_FAILURE;
}
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
wc_Sha512SetFlags(&ssl->hsHashes->hashSha512, WC_HASH_FLAG_WILLCOPY);
#endif
#endif
@ -36822,9 +36865,9 @@ int wolfSSL_ECDSA_size(const WOLFSSL_EC_KEY *key)
2;
}
int wolfSSL_ECDSA_sign(int type, const unsigned char *digest,
int digestSz, unsigned char *sig,
unsigned int *sigSz, WOLFSSL_EC_KEY *key)
int wolfSSL_ECDSA_sign(int type,
const unsigned char *digest, int digestSz,
unsigned char *sig, unsigned int *sigSz, WOLFSSL_EC_KEY *key)
{
int ret = WOLFSSL_SUCCESS;
WC_RNG* rng = NULL;
@ -36861,7 +36904,8 @@ int wolfSSL_ECDSA_sign(int type, const unsigned char *digest,
}
}
if (rng) {
if (wc_ecc_sign_hash(digest, digestSz, sig, sigSz, rng, (ecc_key*)key->internal) != MP_OKAY) {
if (wc_ecc_sign_hash(digest, digestSz, sig, sigSz, rng,
(ecc_key*)key->internal) != 0) {
ret = WOLFSSL_FAILURE;
}
if (initTmpRng) {
@ -36880,6 +36924,32 @@ int wolfSSL_ECDSA_sign(int type, const unsigned char *digest,
return ret;
}
int wolfSSL_ECDSA_verify(int type,
const unsigned char *digest, int digestSz,
const unsigned char *sig, int sigSz, WOLFSSL_EC_KEY *key)
{
int ret = WOLFSSL_SUCCESS;
int verify = 0;
WOLFSSL_ENTER("wolfSSL_ECDSA_verify");
if (key == NULL) {
return WOLFSSL_FAILURE;
}
if (wc_ecc_verify_hash(sig, sigSz, digest, digestSz,
&verify, (ecc_key*)key->internal) != 0) {
ret = WOLFSSL_FAILURE;
}
if (ret == WOLFSSL_SUCCESS && verify != 1) {
WOLFSSL_MSG("wolfSSL_ECDSA_verify failed");
ret = WOLFSSL_FAILURE;
}
(void)type;
return ret;
}
#ifndef HAVE_SELFTEST
/* ECC point compression types were not included in selftest ecc.h */
@ -44827,10 +44897,15 @@ err:
return WOLFSSL_FAILURE;
}
#ifndef NO_CHECK_PRIVATE_KEY
return wc_CheckPrivateKey((byte*)key->pkey.ptr, key->pkey_sz,
x509->pubKey.buffer, x509->pubKey.length,
(enum Key_Sum)x509->pubKeyOID) == 1 ?
WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
#else
/* not compiled in */
return WOLFSSL_SUCCESS;
#endif
}
/* wolfSSL uses negative values for error states. This function returns an
@ -46218,6 +46293,11 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_bio(WOLFSSL_BIO* bio,
}
#endif /* !NO_BIO */
#endif /* OPENSSL_ALL || WOLFSSL_ASIO || WOLFSSL_HAPROXY || WOLFSSL_QT */
#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) || \
defined(WOLFSSL_NGINX) || defined(WOLFSSL_QT) || defined(WOLFSSL_WPAS_SMALL)
/* Converts a DER encoded private key to a WOLFSSL_EVP_PKEY structure.
* returns a pointer to a new WOLFSSL_EVP_PKEY structure on success and NULL
@ -46326,7 +46406,8 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_EVP(WOLFSSL_EVP_PKEY** out,
#endif /* HAVE_ECC */
return pkey;
}
#endif /* OPENSSL_ALL || WOLFSSL_ASIO || WOLFSSL_HAPROXY || WOLFSSL_QT */
#endif /* OPENSSL_ALL || WOLFSSL_ASIO || WOLFSSL_HAPROXY || WOLFSSL_QT || WOLFSSL_WPAS_SMALL*/
/* stunnel compatibility functions*/
@ -51268,67 +51349,63 @@ int wolfSSL_RSA_public_encrypt(int len, const unsigned char* fr,
#if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA)
int mgf = WC_MGF1NONE;
enum wc_HashType hash = WC_HASH_TYPE_NONE;
int pad_type;
#endif
WOLFSSL_MSG("wolfSSL_RSA_public_encrypt");
WOLFSSL_ENTER("RSA_public_encrypt");
/* Check and remap the padding to internal values, if needed. */
#if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA)
if (padding == RSA_PKCS1_PADDING)
padding = WC_RSA_PKCSV15_PAD;
else if (padding == RSA_PKCS1_OAEP_PADDING) {
padding = WC_RSA_OAEP_PAD;
switch (padding) {
case RSA_PKCS1_PADDING:
pad_type = WC_RSA_PKCSV15_PAD;
break;
case RSA_PKCS1_OAEP_PADDING:
pad_type = WC_RSA_OAEP_PAD;
hash = WC_HASH_TYPE_SHA;
mgf = WC_MGF1SHA1;
}
else if (padding == RSA_PKCS1_PSS_PADDING) {
padding = WC_RSA_PSS_PAD;
break;
case RSA_PKCS1_PSS_PADDING:
pad_type = WC_RSA_PSS_PAD;
hash = WC_HASH_TYPE_SHA256;
mgf = WC_MGF1SHA256;
break;
case RSA_NO_PADDING:
pad_type = WC_RSA_NO_PAD;
break;
default:
WOLFSSL_MSG("RSA_public_encrypt unsupported padding");
return WOLFSSL_FAILURE;
}
else if (padding == RSA_NO_PADDING) {
padding = WC_RSA_NO_PAD;
}
#else
if (padding == RSA_PKCS1_PADDING)
;
#endif
else {
WOLFSSL_MSG("wolfSSL_RSA_public_encrypt unsupported padding");
return 0;
}
if (rsa->inSet == 0)
{
if (rsa->inSet == 0) {
if (SetRsaInternal(rsa) != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("SetRsaInternal failed");
return 0;
return WOLFSSL_FAILURE;
}
}
outLen = wolfSSL_RSA_size(rsa);
rng = WOLFSSL_RSA_GetRNG(rsa, (WC_RNG**)&tmpRNG, &initTmpRng);
if (outLen == 0) {
WOLFSSL_MSG("Bad RSA size");
}
rng = WOLFSSL_RSA_GetRNG(rsa, (WC_RNG**)&tmpRNG, &initTmpRng);
if (rng) {
#if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA)
ret = wc_RsaPublicEncrypt_ex(fr, len, to, outLen,
(RsaKey*)rsa->internal, rng, padding,
(RsaKey*)rsa->internal, rng, pad_type,
hash, mgf, NULL, 0);
#else
if (padding == RSA_PKCS1_PADDING) {
ret = wc_RsaPublicEncrypt(fr, len, to, outLen,
(RsaKey*)rsa->internal, rng);
}
else {
WOLFSSL_MSG("RSA_public_encrypt pad type not supported in FIPS");
ret = WOLFSSL_FAILURE;
}
#endif
if (ret <= 0) {
WOLFSSL_MSG("Bad Rsa Encrypt");
}
if (len <= 0) {
WOLFSSL_MSG("Bad Rsa Encrypt");
}
}
if (initTmpRng)
@ -51338,18 +51415,16 @@ int wolfSSL_RSA_public_encrypt(int len, const unsigned char* fr,
XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
if (ret >= 0)
WOLFSSL_MSG("wolfSSL_RSA_public_encrypt success");
else {
WOLFSSL_MSG("wolfSSL_RSA_public_encrypt failed");
ret = WOLFSSL_FATAL_ERROR; /* return -1 on error case */
WOLFSSL_LEAVE("RSA_public_encrypt", ret);
if (ret <= 0) {
ret = WOLFSSL_FAILURE;
}
return ret;
}
/* return compliant with OpenSSL
* size of plain recovered data if success , -1 if error
*/
@ -51361,40 +51436,39 @@ int wolfSSL_RSA_private_decrypt(int len, const unsigned char* fr,
#if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA)
int mgf = WC_MGF1NONE;
enum wc_HashType hash = WC_HASH_TYPE_NONE;
int pad_type;
#endif
WOLFSSL_MSG("wolfSSL_RSA_private_decrypt");
WOLFSSL_ENTER("RSA_private_decrypt");
#if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA)
if (padding == RSA_PKCS1_PADDING)
padding = WC_RSA_PKCSV15_PAD;
else if (padding == RSA_PKCS1_OAEP_PADDING) {
padding = WC_RSA_OAEP_PAD;
switch (padding) {
case RSA_PKCS1_PADDING:
pad_type = WC_RSA_PKCSV15_PAD;
break;
case RSA_PKCS1_OAEP_PADDING:
pad_type = WC_RSA_OAEP_PAD;
hash = WC_HASH_TYPE_SHA;
mgf = WC_MGF1SHA1;
}
else if (padding == RSA_PKCS1_PSS_PADDING) {
padding = WC_RSA_PSS_PAD;
break;
case RSA_PKCS1_PSS_PADDING:
pad_type = WC_RSA_PSS_PAD;
hash = WC_HASH_TYPE_SHA256;
mgf = WC_MGF1SHA256;
break;
case RSA_NO_PADDING:
pad_type = WC_RSA_NO_PAD;
break;
default:
WOLFSSL_MSG("RSA_private_decrypt unsupported padding");
return WOLFSSL_FAILURE;
}
else if (padding == RSA_NO_PADDING) {
padding = WC_RSA_NO_PAD;
}
#else
if (padding == RSA_PKCS1_PADDING)
;
#endif
else {
WOLFSSL_MSG("wolfSSL_RSA_private_decrypt unsupported padding");
return 0;
}
if (rsa->inSet == 0)
{
if (rsa->inSet == 0) {
if (SetRsaInternal(rsa) != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("SetRsaInternal failed");
return 0;
return WOLFSSL_FAILURE;
}
}
@ -51406,41 +51480,45 @@ int wolfSSL_RSA_private_decrypt(int len, const unsigned char* fr,
/* size of 'to' buffer must be size of RSA key */
#if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA)
ret = wc_RsaPrivateDecrypt_ex(fr, len, to, outLen,
(RsaKey*)rsa->internal, padding,
(RsaKey*)rsa->internal, pad_type,
hash, mgf, NULL, 0);
#else
if (padding == RSA_PKCS1_PADDING) {
ret = wc_RsaPrivateDecrypt(fr, len, to, outLen,
(RsaKey*)rsa->internal);
}
else {
WOLFSSL_MSG("RSA_private_decrypt pad type not supported in FIPS");
ret = WOLFSSL_FAILURE;
}
#endif
if (len <= 0) {
WOLFSSL_MSG("Bad Rsa Decrypt");
if (ret <= 0) {
ret = WOLFSSL_FAILURE;
}
WOLFSSL_LEAVE("RSA_private_decrypt", ret);
if (ret > 0)
WOLFSSL_MSG("wolfSSL_RSA_private_decrypt success");
else {
WOLFSSL_MSG("wolfSSL_RSA_private_decrypt failed");
ret = WOLFSSL_FATAL_ERROR;
}
return ret;
}
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2))
int wolfSSL_RSA_public_decrypt(int flen, const unsigned char* from,
unsigned char* to, WOLFSSL_RSA* rsa, int padding)
{
int tlen = 0;
int ret = 0;
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2))
int pad_type;
#endif
WOLFSSL_ENTER("wolfSSL_RSA_public_decrypt");
WOLFSSL_ENTER("RSA_public_decrypt");
if (rsa == NULL || rsa->internal == NULL || from == NULL) {
WOLFSSL_MSG("Bad function arguments");
return WOLFSSL_FAILURE;
}
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2))
switch (padding) {
case RSA_PKCS1_PADDING:
pad_type = WC_RSA_PKCSV15_PAD;
@ -51455,12 +51533,12 @@ int wolfSSL_RSA_public_decrypt(int flen, const unsigned char* from,
pad_type = WC_RSA_NO_PAD;
break;
default:
WOLFSSL_MSG("wolfSSL_RSA_public_decrypt unsupported padding");
WOLFSSL_MSG("RSA_public_decrypt unsupported padding");
return WOLFSSL_FAILURE;
}
#endif
if (rsa->inSet == 0)
{
if (rsa->inSet == 0) {
WOLFSSL_MSG("No RSA internal set, do it");
if (SetRsaInternal(rsa) != WOLFSSL_SUCCESS) {
@ -51469,17 +51547,30 @@ int wolfSSL_RSA_public_decrypt(int flen, const unsigned char* from,
}
}
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2))
/* size of 'to' buffer must be size of RSA key */
tlen = wc_RsaSSL_Verify_ex(from, flen, to, wolfSSL_RSA_size(rsa),
ret = wc_RsaSSL_Verify_ex(from, flen, to, wolfSSL_RSA_size(rsa),
(RsaKey*)rsa->internal, pad_type);
if (tlen <= 0)
WOLFSSL_MSG("wolfSSL_RSA_public_decrypt failed");
else {
WOLFSSL_MSG("wolfSSL_RSA_public_decrypt success");
#else
/* For FIPS v1/v2 only PKCSV15 padding is supported */
if (padding == RSA_PKCS1_PADDING) {
ret = wc_RsaSSL_Verify(from, flen, to, wolfSSL_RSA_size(rsa),
(RsaKey*)rsa->internal);
}
return tlen;
else {
WOLFSSL_MSG("RSA_public_decrypt pad type not supported in FIPS");
ret = WOLFSSL_FAILURE;
}
#endif
WOLFSSL_LEAVE("RSA_public_decrypt", ret);
if (ret <= 0) {
ret = WOLFSSL_FAILURE;
}
return ret;
}
#endif /* !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) */
/* RSA private encrypt calls wc_RsaSSL_Sign. Similar function set up as RSA
* public decrypt.

76
tests/api.c
View File

@ -2637,10 +2637,9 @@ static void test_ECDSA_size_sign(void)
EC_KEY *key;
int id;
byte hash[WC_MAX_DIGEST_SIZE];
byte sig[ECC_BUFSIZE];
byte sig[ECC_MAX_SIG_SIZE];
unsigned int sigSz = sizeof(sig);
XMEMSET(hash, 123, sizeof(hash));
id = wc_ecc_get_curve_id_from_name("SECP256R1");
@ -2650,6 +2649,8 @@ static void test_ECDSA_size_sign(void)
AssertIntEQ(EC_KEY_generate_key(key), 1);
AssertIntEQ(ECDSA_sign(0, hash, sizeof(hash), sig, &sigSz, key), 1);
AssertIntGE(ECDSA_size(key), sigSz);
AssertIntEQ(ECDSA_verify(0, hash, sizeof(hash), sig, sigSz, key), 1);
EC_KEY_free(key);
#endif /* HAVE_ECC && !NO_ECC256 && !NO_ECC_SECP */
@ -9340,8 +9341,7 @@ static int test_wc_Sha256FinalRaw (void)
static int test_wc_Sha256GetFlags (void)
{
int flag = 0;
#if !defined(NO_SHA256) && \
(defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB))
#if !defined(NO_SHA256) && defined(WOLFSSL_HASH_FLAGS)
wc_Sha256 sha256;
word32 flags = 0;
@ -9796,8 +9796,7 @@ static int test_wc_Sha512Final (void)
static int test_wc_Sha512GetFlags (void)
{
int flag = 0;
#if defined(WOLFSSL_SHA512) && \
(defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB))
#if defined(WOLFSSL_SHA512) && defined(WOLFSSL_HASH_FLAGS)
wc_Sha512 sha512;
word32 flags = 0;
@ -10221,8 +10220,7 @@ static int test_wc_Sha512_224GetFlags (void)
{
int flag = 0;
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) && \
(defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB))
#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) && defined(WOLFSSL_HASH_FLAGS)
wc_Sha512 sha512, copy;
word32 flags = 0;
@ -10490,8 +10488,7 @@ static int test_wc_Sha512_256GetFlags (void)
{
int flag = 0;
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) && \
(defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB))
#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) && defined(WOLFSSL_HASH_FLAGS)
wc_Sha512 sha512, copy;
word32 flags = 0;
@ -10834,8 +10831,7 @@ static int test_wc_Sha384Final (void)
static int test_wc_Sha384GetFlags (void)
{
int flag = 0;
#if defined(WOLFSSL_SHA384) && \
(defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB))
#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_HASH_FLAGS)
wc_Sha384 sha384;
word32 flags = 0;
@ -11261,8 +11257,7 @@ static int test_wc_Sha224Final (void)
static int test_wc_Sha224SetFlags (void)
{
int flag = 0;
#if defined(WOLFSSL_SHA224) && \
(defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB))
#if defined(WOLFSSL_SHA224) && defined(WOLFSSL_HASH_FLAGS)
wc_Sha224 sha224;
word32 flags = 0;
@ -11294,8 +11289,7 @@ static int test_wc_Sha224SetFlags (void)
static int test_wc_Sha224GetFlags (void)
{
int flag = 0;
#if defined(WOLFSSL_SHA224) && \
(defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB))
#if defined(WOLFSSL_SHA224) && defined(WOLFSSL_HASH_FLAGS)
wc_Sha224 sha224;
word32 flags = 0;
@ -12565,8 +12559,7 @@ static int test_wc_Sha3_512_Copy (void)
static int test_wc_Sha3_GetFlags (void)
{
int ret = 0;
#if defined(WOLFSSL_SHA3) && \
(defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB))
#if defined(WOLFSSL_SHA3) && defined(WOLFSSL_HASH_FLAGS)
wc_Sha3 sha3;
word32 flags = 0;
@ -28683,7 +28676,7 @@ static int test_wc_HashInit(void)
static int test_wc_HashSetFlags(void)
{
int ret = 0;
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
wc_HashAlg hash;
word32 flags = 0;
int i, j;
@ -28785,7 +28778,7 @@ static int test_wc_HashSetFlags(void)
static int test_wc_HashGetFlags(void)
{
int ret = 0;
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
wc_HashAlg hash;
word32 flags = 0;
int i, j;
@ -29418,15 +29411,19 @@ static void test_wolfSSL_certs(void)
#endif
AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM));
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
#ifndef HAVE_USER_RSA
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
#if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
AssertIntEQ(SSL_CTX_check_private_key(ctx), SSL_FAILURE);
#endif
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
#if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
AssertIntEQ(SSL_CTX_check_private_key(ctx), SSL_SUCCESS);
#endif
AssertNotNull(ssl = SSL_new(ctx));
#if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
#endif
#ifdef HAVE_PK_CALLBACKS
AssertIntEQ((int)SSL_set_tlsext_debug_arg(ssl, NULL), WOLFSSL_SUCCESS);
@ -29441,7 +29438,7 @@ static void test_wolfSSL_certs(void)
AssertNotNull(x509ext);
AssertIntEQ(SSL_use_certificate(ssl, x509ext), WOLFSSL_SUCCESS);
#ifndef HAVE_USER_RSA
#if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
/* with loading in a new cert the check on private key should now fail */
AssertIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
#endif
@ -29627,7 +29624,7 @@ static void test_wolfSSL_certs(void)
static void test_wolfSSL_X509_check_private_key(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) && \
defined(USE_CERT_BUFFERS_2048)
defined(USE_CERT_BUFFERS_2048) && !defined(NO_CHECK_PRIVATE_KEY)
X509* x509;
EVP_PKEY* pkey = NULL;
const byte* key;
@ -29817,12 +29814,18 @@ static void test_wolfSSL_private_keys(void)
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM));
/* Have to load a cert before you can check the private key against that
* certificates public key! */
#if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
AssertIntEQ(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_FAILURE);
#endif
AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM));
#if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
AssertIntEQ(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_SUCCESS);
#endif
AssertNotNull(ssl = SSL_new(ctx));
#if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
#endif
#ifdef USE_CERT_BUFFERS_2048
{
@ -29833,33 +29836,36 @@ static void test_wolfSSL_private_keys(void)
AssertIntEQ(SSL_use_RSAPrivateKey_ASN1(ssl,
(unsigned char*)client_key_der_2048,
sizeof_client_key_der_2048), WOLFSSL_SUCCESS);
#ifndef HAVE_USER_RSA
#if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
/* Should mismatch now that a different private key loaded */
AssertIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
#endif
#endif
AssertIntEQ(SSL_use_PrivateKey_ASN1(0, ssl,
(unsigned char*)server_key,
sizeof_server_key_der_2048), WOLFSSL_SUCCESS);
#if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
/* After loading back in DER format of original key, should match */
AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
#endif
/* test loading private key to the WOLFSSL_CTX */
AssertIntEQ(SSL_CTX_use_PrivateKey_ASN1(0, ctx,
(unsigned char*)client_key_der_2048,
sizeof_client_key_der_2048), WOLFSSL_SUCCESS);
#ifndef NO_CHECK_PRIVATE_KEY
#ifndef HAVE_USER_RSA
#if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
/* Should mismatch now that a different private key loaded */
AssertIntNE(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_SUCCESS);
#endif
#endif
AssertIntEQ(SSL_CTX_use_PrivateKey_ASN1(0, ctx,
(unsigned char*)server_key,
sizeof_server_key_der_2048), WOLFSSL_SUCCESS);
#if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
/* After loading back in DER format of original key, should match */
AssertIntEQ(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_SUCCESS);
#endif /* !NO_CHECK_PRIVATE_KEY */
#endif
/* pkey not set yet, expecting to fail */
AssertIntEQ(SSL_use_PrivateKey(ssl, pkey), WOLFSSL_FAILURE);
@ -29907,7 +29913,9 @@ static void test_wolfSSL_private_keys(void)
WOLFSSL_FILETYPE_PEM));
AssertNotNull(ssl = SSL_new(ctx));
#if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
#endif
SSL_free(ssl);
@ -29915,7 +29923,9 @@ static void test_wolfSSL_private_keys(void)
WOLFSSL_FILETYPE_PEM));
AssertNotNull(ssl = SSL_new(ctx));
#if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
AssertIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
#endif
SSL_free(ssl);
SSL_CTX_free(ctx);
@ -29933,7 +29943,9 @@ static void test_wolfSSL_private_keys(void)
WOLFSSL_FILETYPE_PEM));
AssertNotNull(ssl = SSL_new(ctx));
#if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
#endif
SSL_free(ssl);
@ -29941,7 +29953,9 @@ static void test_wolfSSL_private_keys(void)
WOLFSSL_FILETYPE_PEM));
AssertNotNull(ssl = SSL_new(ctx));
#if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
AssertIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
#endif
SSL_free(ssl);
SSL_CTX_free(ctx);
@ -29959,7 +29973,9 @@ static void test_wolfSSL_private_keys(void)
WOLFSSL_FILETYPE_PEM));
AssertNotNull(ssl = SSL_new(ctx));
#if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
#endif
SSL_free(ssl);
@ -29967,7 +29983,9 @@ static void test_wolfSSL_private_keys(void)
WOLFSSL_FILETYPE_PEM));
AssertNotNull(ssl = SSL_new(ctx));
#if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
AssertIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
#endif
SSL_free(ssl);
SSL_CTX_free(ctx);

19
wolfcrypt/src/evp.c
View File

@ -7590,6 +7590,25 @@ int wolfSSL_EVP_PKEY_get_default_digest_nid(WOLFSSL_EVP_PKEY *pkey, int *pnid)
}
}
#if defined(OPENSSL_ALL) || defined(WOLFSSL_WPAS_SMALL)
WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKCS82PKEY(const WOLFSSL_PKCS8_PRIV_KEY_INFO* p8)
{
if (p8 == NULL || p8->pkey.ptr == NULL) {
return NULL;
}
return wolfSSL_d2i_PrivateKey_EVP(NULL, (unsigned char**)&p8->pkey.ptr,
p8->pkey_sz);
}
/* in wolf PKCS8_PRIV_KEY_INFO and WOLFSSL_EVP_PKEY are same type */
/* this function just casts and returns pointer */
WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_EVP_PKEY2PKCS8(const WOLFSSL_EVP_PKEY* pkey)
{
return (WOLFSSL_PKCS8_PRIV_KEY_INFO*)pkey;
}
#endif
/* increments ref count of WOLFSSL_EVP_PKEY. Return 1 on success, 0 on error */
int wolfSSL_EVP_PKEY_up_ref(WOLFSSL_EVP_PKEY* pkey)
{

4
wolfcrypt/src/hash.c
View File

@ -996,7 +996,7 @@ int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type)
return ret;
}
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
int wc_HashSetFlags(wc_HashAlg* hash, enum wc_HashType type, word32 flags)
{
int ret = HASH_TYPE_E; /* Default to hash type error */
@ -1127,7 +1127,7 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
return ret;
}
#endif
#endif /* WOLFSSL_HASH_FLAGS */
#if !defined(WOLFSSL_TI_HASH)

6
wolfcrypt/src/md5.c
View File

@ -303,7 +303,7 @@ static int _InitMd5(wc_Md5* md5)
md5->buffLen = 0;
md5->loLen = 0;
md5->hiLen = 0;
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
md5->flags = 0;
#endif
@ -545,7 +545,7 @@ int wc_Md5Copy(wc_Md5* src, wc_Md5* dst)
#ifdef WOLFSSL_PIC32MZ_HASH
ret = wc_Pic32HashCopy(&src->cache, &dst->cache);
#endif
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
dst->flags |= WC_HASH_FLAG_ISCOPY;
#endif
@ -565,7 +565,7 @@ int wc_Md5Transform(wc_Md5* md5, const byte* data)
return Transform(md5, data);
}
#endif
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
int wc_Md5SetFlags(wc_Md5* md5, word32 flags)
{
if (md5) {

4
wolfcrypt/src/port/arm/armv8-sha256.c
View File

@ -1390,7 +1390,7 @@ int wc_Sha256GetHash(wc_Sha256* sha256, byte* hash)
return ret;
}
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
int wc_Sha256SetFlags(wc_Sha256* sha256, word32 flags)
{
if (sha256) {
@ -1532,7 +1532,7 @@ int wc_Sha256Transform(wc_Sha256* sha256, const unsigned char* data)
return ret;
}
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
int wc_Sha224SetFlags(wc_Sha224* sha224, word32 flags)
{
if (sha224) {

24
wolfcrypt/src/port/arm/armv8-sha512.c
View File

@ -67,7 +67,7 @@ static int InitSha512(wc_Sha512* sha512)
sha512->buffLen = 0;
sha512->loLen = 0;
sha512->hiLen = 0;
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
sha512->flags = 0;
#endif
@ -99,7 +99,7 @@ static int InitSha512_224(wc_Sha512* sha512)
sha512->buffLen = 0;
sha512->loLen = 0;
sha512->hiLen = 0;
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
sha512->flags = 0;
#endif
@ -133,7 +133,7 @@ static int InitSha512_256(wc_Sha512* sha512)
sha512->buffLen = 0;
sha512->loLen = 0;
sha512->hiLen = 0;
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
sha512->flags = 0;
#endif
@ -693,7 +693,7 @@ static int InitSha384(wc_Sha384* sha384)
sha384->buffLen = 0;
sha384->loLen = 0;
sha384->hiLen = 0;
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
sha384->flags = 0;
#endif
@ -856,14 +856,14 @@ int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst)
dst->W = NULL;
#endif
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
dst->flags |= WC_HASH_FLAG_ISCOPY;
#endif
return ret;
}
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
int wc_Sha512SetFlags(wc_Sha512* sha512, word32 flags)
{
if (sha512) {
@ -912,7 +912,7 @@ int wc_Sha512_224Copy(wc_Sha512* src, wc_Sha512* dst)
return wc_Sha512Copy(src, dst);
}
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
int wc_Sha512_224SetFlags(wc_Sha512* sha, word32 flags)
{
return wc_Sha512SetFlags(sha, flags);
@ -921,7 +921,7 @@ int wc_Sha512_224GetFlags(wc_Sha512* sha, word32* flags)
{
return wc_Sha512GetFlags(sha, flags);
}
#endif /* WOLFSSL_HASH_FLAGS || WOLF_CRYPTO_CB */
#endif /* WOLFSSL_HASH_FLAGS */
#if defined(OPENSSL_EXTRA)
int wc_Sha512_224Transform(wc_Sha512* sha, const unsigned char* data)
@ -962,7 +962,7 @@ int wc_Sha512_256Copy(wc_Sha512* src, wc_Sha512* dst)
return wc_Sha512Copy(src, dst);
}
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
int wc_Sha512_256SetFlags(wc_Sha512* sha, word32 flags)
{
return wc_Sha512SetFlags(sha, flags);
@ -971,7 +971,7 @@ int wc_Sha512_256GetFlags(wc_Sha512* sha, word32* flags)
{
return wc_Sha512GetFlags(sha, flags);
}
#endif /* WOLFSSL_HASH_FLAGS || WOLF_CRYPTO_CB */
#endif /* WOLFSSL_HASH_FLAGS */
#if defined(OPENSSL_EXTRA)
int wc_Sha512_256Transform(wc_Sha512* sha, const unsigned char* data)
@ -1013,14 +1013,14 @@ int wc_Sha384Copy(wc_Sha384* src, wc_Sha384* dst)
dst->W = NULL;
#endif
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
dst->flags |= WC_HASH_FLAG_ISCOPY;
#endif
return ret;
}
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
int wc_Sha384SetFlags(wc_Sha384* sha384, word32 flags)
{
if (sha384) {

8
wolfcrypt/src/port/nxp/dcp_port.c
View File

@ -386,7 +386,7 @@ int wc_Sha256Final(wc_Sha256* sha256, byte* hash)
return ret;
}
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
int wc_Sha256SetFlags(wc_Sha256* sha256, word32 flags)
{
if (sha256) {
@ -401,7 +401,7 @@ int wc_Sha256GetFlags(wc_Sha256* sha256, word32* flags)
}
return 0;
}
#endif /* WOLFSSL_HASH_FLAGS || WOLF_CRYPTO_CB */
#endif /* WOLFSSL_HASH_FLAGS */
int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst)
{
@ -498,7 +498,7 @@ int wc_ShaFinal(wc_Sha* sha, byte* hash)
return ret;
}
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
int wc_ShaSetFlags(wc_Sha* sha, word32 flags)
{
if (sha) {
@ -513,7 +513,7 @@ int wc_ShaGetFlags(wc_Sha* sha, word32* flags)
}
return 0;
}
#endif /* WOLFSSL_HASH_FLAGS || WOLF_CRYPTO_CB */
#endif /* WOLFSSL_HASH_FLAGS */
int wc_ShaCopy(wc_Sha* src, wc_Sha* dst)
{

6
wolfcrypt/src/sha.c
View File

@ -389,7 +389,7 @@
sha->buffLen = 0;
sha->loLen = 0;
sha->hiLen = 0;
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
sha->flags = 0;
#endif
@ -924,7 +924,7 @@ int wc_ShaCopy(wc_Sha* src, wc_Sha* dst)
dst->ctx.isfirstblock = src->ctx.isfirstblock;
dst->ctx.sha_type = src->ctx.sha_type;
#endif
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
dst->flags |= WC_HASH_FLAG_ISCOPY;
#endif
return ret;
@ -933,7 +933,7 @@ int wc_ShaCopy(wc_Sha* src, wc_Sha* dst)
#endif /* !WOLFSSL_TI_HASH && !WOLFSSL_IMXRT_DCP */
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
int wc_ShaSetFlags(wc_Sha* sha, word32 flags)
{
if (sha) {

12
wolfcrypt/src/sha256.c
View File

@ -207,7 +207,7 @@ static int InitSha256(wc_Sha256* sha256)
sha256->buffLen = 0;
sha256->loLen = 0;
sha256->hiLen = 0;
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
sha256->flags = 0;
#endif
@ -1497,7 +1497,7 @@ static int InitSha256(wc_Sha256* sha256)
/* choose best Transform function under this runtime environment */
Sha256_SetTransform();
#endif
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
sha224->flags = 0;
#endif
@ -1715,7 +1715,7 @@ void wc_Sha256Free(wc_Sha256* sha256)
#ifdef WOLFSSL_ASYNC_CRYPT
ret = wolfAsync_DevCopy(&src->asyncDev, &dst->asyncDev);
#endif
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
dst->flags |= WC_HASH_FLAG_ISCOPY;
#endif
@ -1724,7 +1724,7 @@ void wc_Sha256Free(wc_Sha256* sha256)
#endif /* WOLFSSL_KCAPI_HASH && !WOLFSSL_NO_KCAPI_SHA224 */
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
int wc_Sha224SetFlags(wc_Sha224* sha224, word32 flags)
{
if (sha224) {
@ -1821,7 +1821,7 @@ int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst)
dst->ctx.isfirstblock = src->ctx.isfirstblock;
dst->ctx.sha_type = src->ctx.sha_type;
#endif
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
dst->flags |= WC_HASH_FLAG_ISCOPY;
#endif
@ -1829,7 +1829,7 @@ int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst)
}
#endif
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
int wc_Sha256SetFlags(wc_Sha256* sha256, word32 flags)
{
if (sha256) {

6
wolfcrypt/src/sha3.c
View File

@ -599,7 +599,7 @@ static int InitSha3(wc_Sha3* sha3)
for (i = 0; i < 25; i++)
sha3->s[i] = 0;
sha3->i = 0;
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
sha3->flags = 0;
#endif
@ -844,7 +844,7 @@ static int wc_Sha3Copy(wc_Sha3* src, wc_Sha3* dst)
#ifdef WOLFSSL_ASYNC_CRYPT
ret = wolfAsync_DevCopy(&src->asyncDev, &dst->asyncDev);
#endif
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
dst->flags |= WC_HASH_FLAG_ISCOPY;
#endif
@ -1164,7 +1164,7 @@ int wc_Sha3_512_Copy(wc_Sha3* src, wc_Sha3* dst)
return wc_Sha3Copy(src, dst);
}
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
int wc_Sha3_SetFlags(wc_Sha3* sha3, word32 flags)
{
if (sha3) {

26
wolfcrypt/src/sha512.c
View File

@ -294,7 +294,7 @@ static int InitSha512(wc_Sha512* sha512)
*/
sha512->ctx.mode = ESP32_SHA_INIT;
#endif
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
sha512->flags = 0;
#endif
return 0;
@ -341,7 +341,7 @@ static int InitSha512_224(wc_Sha512* sha512)
*/
sha512->ctx.mode = ESP32_SHA_INIT;
#endif
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
sha512->flags = 0;
#endif
return 0;
@ -390,7 +390,7 @@ static int InitSha512_256(wc_Sha512* sha512)
*/
sha512->ctx.mode = ESP32_SHA_INIT;
#endif
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
sha512->flags = 0;
#endif
return 0;
@ -1313,7 +1313,7 @@ static int InitSha384(wc_Sha384* sha384)
sha384->ctx.mode = ESP32_SHA_INIT;
#endif
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
sha384->flags = 0;
#endif
@ -1538,7 +1538,7 @@ int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst)
dst->ctx.isfirstblock = src->ctx.isfirstblock;
dst->ctx.sha_type = src->ctx.sha_type;
#endif
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
dst->flags |= WC_HASH_FLAG_ISCOPY;
#endif
@ -1547,7 +1547,7 @@ int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst)
#endif /* WOLFSSL_KCAPI_HASH */
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
int wc_Sha512SetFlags(wc_Sha512* sha512, word32 flags)
{
if (sha512) {
@ -1562,7 +1562,7 @@ int wc_Sha512GetFlags(wc_Sha512* sha512, word32* flags)
}
return 0;
}
#endif /* WOLFSSL_HASH_FLAGS || WOLF_CRYPTO_CB */
#endif /* WOLFSSL_HASH_FLAGS */
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
@ -1611,7 +1611,7 @@ int wc_Sha512_224Copy(wc_Sha512* src, wc_Sha512* dst)
}
#endif
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
int wc_Sha512_224SetFlags(wc_Sha512* sha, word32 flags)
{
return wc_Sha512SetFlags(sha, flags);
@ -1620,7 +1620,7 @@ int wc_Sha512_224GetFlags(wc_Sha512* sha, word32* flags)
{
return wc_Sha512GetFlags(sha, flags);
}
#endif /* WOLFSSL_HASH_FLAGS || WOLF_CRYPTO_CB */
#endif /* WOLFSSL_HASH_FLAGS */
#if defined(OPENSSL_EXTRA)
int wc_Sha512_224Transform(wc_Sha512* sha, const unsigned char* data)
@ -1673,7 +1673,7 @@ int wc_Sha512_256Copy(wc_Sha512* src, wc_Sha512* dst)
}
#endif
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
int wc_Sha512_256SetFlags(wc_Sha512* sha, word32 flags)
{
return wc_Sha512SetFlags(sha, flags);
@ -1682,7 +1682,7 @@ int wc_Sha512_256GetFlags(wc_Sha512* sha, word32* flags)
{
return wc_Sha512GetFlags(sha, flags);
}
#endif /* WOLFSSL_HASH_FLAGS || WOLF_CRYPTO_CB */
#endif /* WOLFSSL_HASH_FLAGS */
#if defined(OPENSSL_EXTRA)
int wc_Sha512_256Transform(wc_Sha512* sha, const unsigned char* data)
@ -1756,7 +1756,7 @@ int wc_Sha384Copy(wc_Sha384* src, wc_Sha384* dst)
dst->ctx.isfirstblock = src->ctx.isfirstblock;
dst->ctx.sha_type = src->ctx.sha_type;
#endif
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
dst->flags |= WC_HASH_FLAG_ISCOPY;
#endif
@ -1765,7 +1765,7 @@ int wc_Sha384Copy(wc_Sha384* src, wc_Sha384* dst)
#endif /* WOLFSSL_KCAPI_HASH */
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
int wc_Sha384SetFlags(wc_Sha384* sha384, word32 flags)
{
if (sha384) {

5
wolfssl/openssl/ec.h
View File

@ -218,6 +218,10 @@ WOLFSSL_API int wolfSSL_ECDSA_size(const WOLFSSL_EC_KEY *key);
WOLFSSL_API int wolfSSL_ECDSA_sign(int type, const unsigned char *digest,
int digestSz, unsigned char *sig,
unsigned int *sigSz, WOLFSSL_EC_KEY *key);
WOLFSSL_API int wolfSSL_ECDSA_verify(int type, const unsigned char *digest,
int digestSz, const unsigned char *sig,
int sigSz, WOLFSSL_EC_KEY *key);
WOLFSSL_API
void wolfSSL_EC_GROUP_set_asn1_flag(WOLFSSL_EC_GROUP *group, int flag);
WOLFSSL_API
@ -310,6 +314,7 @@ char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group,
#define ECDSA_size wolfSSL_ECDSA_size
#define ECDSA_sign wolfSSL_ECDSA_sign
#define ECDSA_verify wolfSSL_ECDSA_verify
#define EC_GROUP_free wolfSSL_EC_GROUP_free
#define EC_GROUP_set_asn1_flag wolfSSL_EC_GROUP_set_asn1_flag

6
wolfssl/openssl/evp.h
View File

@ -73,6 +73,7 @@ typedef char WOLFSSL_EVP_CIPHER;
typedef char WOLFSSL_EVP_MD;
typedef struct WOLFSSL_EVP_PKEY WOLFSSL_EVP_PKEY;
typedef struct WOLFSSL_EVP_MD_CTX WOLFSSL_EVP_MD_CTX;
typedef struct WOLFSSL_EVP_PKEY WOLFSSL_PKCS8_PRIV_KEY_INFO;
#define WOLFSSL_EVP_TYPE_DEFINED
#endif
@ -670,6 +671,9 @@ WOLFSSL_API int wolfSSL_EVP_PKEY_type(int type);
WOLFSSL_API int wolfSSL_EVP_PKEY_id(const WOLFSSL_EVP_PKEY *pkey);
WOLFSSL_API int wolfSSL_EVP_PKEY_base_id(const WOLFSSL_EVP_PKEY *pkey);
WOLFSSL_API int wolfSSL_EVP_PKEY_get_default_digest_nid(WOLFSSL_EVP_PKEY *pkey, int *pnid);
WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKCS82PKEY(const WOLFSSL_PKCS8_PRIV_KEY_INFO* p8);
WOLFSSL_API WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_EVP_PKEY2PKCS8(const WOLFSSL_EVP_PKEY* pkey);
WOLFSSL_API int wolfSSL_EVP_SignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sigret,
unsigned int *siglen, WOLFSSL_EVP_PKEY *pkey);
WOLFSSL_API int wolfSSL_EVP_SignInit(WOLFSSL_EVP_MD_CTX *ctx, const WOLFSSL_EVP_MD *type);
@ -960,6 +964,8 @@ typedef WOLFSSL_ASN1_PCTX ASN1_PCTX;
#define EVP_PKEY_get_default_digest_nid wolfSSL_EVP_PKEY_get_default_digest_nid
#define EVP_PKEY_id wolfSSL_EVP_PKEY_id
#define EVP_PKEY_CTX_ctrl_str wolfSSL_EVP_PKEY_CTX_ctrl_str
#define EVP_PKCS82PKEY wolfSSL_EVP_PKCS82PKEY
#define EVP_PKEY2PKCS8 wolfSSL_EVP_PKEY2PKCS8
#define EVP_SignFinal wolfSSL_EVP_SignFinal
#define EVP_SignInit wolfSSL_EVP_SignInit
#define EVP_SignInit_ex wolfSSL_EVP_SignInit_ex

28
wolfssl/openssl/md5.h
View File

@ -69,15 +69,29 @@ typedef WOLFSSL_MD5_CTX MD5_CTX;
#define MD5Final wolfSSL_MD5_Final
#endif
#if (!defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2)) && \
defined(OPENSSL_EXTRA)
/* For fips v1 defined in wolfssl/wolfcrypt/md5.h as
* WC_MD5 for compatibility */
#define MD5 wolfSSL_MD5
/* "MD5" has some conflicts
* If not FIPS and NO_OLD_SHA_NAMES defined
* If FIPS V2 or higher and NO_OLD_MD5_NAME defined
* If FIPS V2 and NO_OLD_WC_NAMES defined
* If FIPS v1 not allowed
*/
#if (defined(NO_OLD_MD5_NAME) && !defined(HAVE_FIPS)) || \
(defined(NO_OLD_MD5_NAME) && defined(HAVE_FIPS) && \
defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION >= 2) || \
(defined(NO_OLD_WC_NAMES) && defined(HAVE_FIPS) && \
defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION == 2)
#define MD5 wolfSSL_MD5
#endif
#define MD5_DIGEST_LENGTH MD5_DIGEST_SIZE
/* FIPS v1 uses old MD5_DIGEST_SIZE naming */
#if (!defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION >= 2)) && \
defined(OPENSSL_EXTRA)
#define MD5_DIGEST_LENGTH WC_MD5_DIGEST_SIZE
#else
#define MD5_DIGEST_LENGTH MD5_DIGEST_SIZE
#endif
#ifdef __cplusplus
} /* extern "C" */

17
wolfssl/openssl/sha.h
View File

@ -147,9 +147,20 @@ typedef WOLFSSL_SHA256_CTX SHA256_CTX;
#define SHA256_Final wolfSSL_SHA256_Final
#define SHA256_Transform wolfSSL_SHA256_Transform
#if defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
/* SHA256 is only available in non-fips mode because of SHA256 enum in FIPS
* build. */
/* "SHA256" has some conflicts
* If not FIPS and NO_OLD_SHA_NAMES defined
* If FIPS V3 or higher and NO_OLD_SHA_NAMES defined
* If FIPS V2 and NO_OLD_SHA256_NAMES defined
* If FIPS v1 not allowed
* If HAVE_SELFTEST not allowed
*/
#if !defined(HAVE_SELFTEST) && \
(defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS)) || \
(defined(NO_OLD_SHA_NAMES) && defined(HAVE_FIPS) && \
defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION >= 3) || \
(defined(NO_OLD_SHA256_NAMES) && defined(HAVE_FIPS) && \
defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION == 2)
#define SHA256 wolfSSL_SHA256
#endif

2
wolfssl/openssl/ssl.h
View File

@ -199,6 +199,8 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define SSL_use_certificate wolfSSL_use_certificate
#define SSL_use_certificate_ASN1 wolfSSL_use_certificate_ASN1
#define d2i_PKCS8_PRIV_KEY_INFO_bio wolfSSL_d2i_PKCS8_PKEY_bio
#define d2i_PKCS8_PRIV_KEY_INFO wolfSSL_d2i_PKCS8_PKEY
#define i2d_PKCS8_PRIV_KEY_INFO wolfSSL_i2d_PrivateKey
#define d2i_PKCS8PrivateKey_bio wolfSSL_d2i_PKCS8PrivateKey_bio
#define i2d_PKCS8PrivateKey_bio wolfSSL_PEM_write_bio_PKCS8PrivateKey
#define PKCS8_PRIV_KEY_INFO_free wolfSSL_EVP_PKEY_free

5
wolfssl/ssl.h
View File

@ -412,10 +412,11 @@ struct WOLFSSL_EVP_PKEY {
byte ownDsa:1; /* if struct owns DSA and should free it */
byte ownRsa:1; /* if struct owns RSA and should free it */
};
typedef struct WOLFSSL_EVP_PKEY WOLFSSL_PKCS8_PRIV_KEY_INFO;
#ifndef WOLFSSL_EVP_TYPE_DEFINED /* guard on redeclaration */
typedef struct WOLFSSL_EVP_PKEY WOLFSSL_EVP_PKEY;
typedef struct WOLFSSL_EVP_MD_CTX WOLFSSL_EVP_MD_CTX;
typedef struct WOLFSSL_EVP_PKEY WOLFSSL_PKCS8_PRIV_KEY_INFO;
typedef char WOLFSSL_EVP_MD;
#define WOLFSSL_EVP_TYPE_DEFINED
#endif
@ -1777,6 +1778,8 @@ WOLFSSL_API int wolfSSL_X509_CRL_verify(WOLFSSL_X509_CRL*, WOLFSSL_EVP_PKE
WOLFSSL_API void wolfSSL_X509_OBJECT_free_contents(WOLFSSL_X509_OBJECT*);
WOLFSSL_API WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY_bio(
WOLFSSL_BIO* bio, WOLFSSL_PKCS8_PRIV_KEY_INFO** pkey);
WOLFSSL_API WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY(
WOLFSSL_PKCS8_PRIV_KEY_INFO** pkey, const unsigned char** keyBuf, long keyLen);
WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY_bio(WOLFSSL_BIO* bio,
WOLFSSL_EVP_PKEY** out);
WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** key,

2
wolfssl/wolfcrypt/hash.h
View File

@ -170,7 +170,7 @@ WOLFSSL_API int wc_HashFinal(wc_HashAlg* hash, enum wc_HashType type,
byte* out);
WOLFSSL_API int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type);
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
WOLFSSL_API int wc_HashSetFlags(wc_HashAlg* hash, enum wc_HashType type,
word32 flags);
WOLFSSL_API int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type,

4
wolfssl/wolfcrypt/md5.h
View File

@ -100,7 +100,7 @@ typedef struct wc_Md5 {
#ifdef WOLFSSL_ASYNC_CRYPT
WC_ASYNC_DEV asyncDev;
#endif /* WOLFSSL_ASYNC_CRYPT */
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
word32 flags; /* enum wc_HashFlags in hash.h */
#endif
} wc_Md5;
@ -123,7 +123,7 @@ WOLFSSL_API int wc_Md5Copy(wc_Md5*, wc_Md5*);
WOLFSSL_API void wc_Md5SizeSet(wc_Md5* md5, word32 len);
#endif
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
WOLFSSL_API int wc_Md5SetFlags(wc_Md5* md5, word32 flags);
WOLFSSL_API int wc_Md5GetFlags(wc_Md5* md5, word32* flags);
#endif

10
wolfssl/wolfcrypt/settings.h
View File

@ -2510,6 +2510,16 @@ extern void uITRON4_free(void *p) ;
*/
#endif
/* Crypto callbacks should enable hash flag support */
#if defined(WOLF_CRYPTO_CB) && !defined(WOLFSSL_HASH_FLAGS)
/* FIPS v1 and v2 do not support hash flags, so do not allow it with
* crypto callbacks */
#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS) && \
defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION >= 3)
#define WOLFSSL_HASH_FLAGS
#endif
#endif
/* ---------------------------------------------------------------------------
* Depricated Algorithm Handling

4
wolfssl/wolfcrypt/sha.h
View File

@ -153,7 +153,7 @@ struct wc_Sha {
!defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
WC_ESP32SHA ctx;
#endif
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
word32 flags; /* enum wc_HashFlags in hash.h */
#endif
};
@ -185,7 +185,7 @@ WOLFSSL_API int wc_ShaTransform(wc_Sha*, const byte*);
WOLFSSL_API void wc_ShaSizeSet(wc_Sha* sha, word32 len);
#endif
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
WOLFSSL_API int wc_ShaSetFlags(wc_Sha* sha, word32 flags);
WOLFSSL_API int wc_ShaGetFlags(wc_Sha* sha, word32* flags);
#endif

6
wolfssl/wolfcrypt/sha256.h
View File

@ -203,7 +203,7 @@ struct wc_Sha256 {
int devId;
void* devCtx; /* generic crypto callback context */
#endif
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
word32 flags; /* enum wc_HashFlags in hash.h */
#endif
};
@ -233,7 +233,7 @@ WOLFSSL_API int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst);
WOLFSSL_API void wc_Sha256SizeSet(wc_Sha256*, word32);
#endif
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
WOLFSSL_API int wc_Sha256SetFlags(wc_Sha256* sha256, word32 flags);
WOLFSSL_API int wc_Sha256GetFlags(wc_Sha256* sha256, word32* flags);
#endif
@ -278,7 +278,7 @@ WOLFSSL_API void wc_Sha224Free(wc_Sha224*);
WOLFSSL_API int wc_Sha224GetHash(wc_Sha224*, byte*);
WOLFSSL_API int wc_Sha224Copy(wc_Sha224* src, wc_Sha224* dst);
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
WOLFSSL_API int wc_Sha224SetFlags(wc_Sha224* sha224, word32 flags);
WOLFSSL_API int wc_Sha224GetFlags(wc_Sha224* sha224, word32* flags);
#endif

4
wolfssl/wolfcrypt/sha3.h
View File

@ -107,7 +107,7 @@ struct wc_Sha3 {
#ifdef WOLFSSL_ASYNC_CRYPT
WC_ASYNC_DEV asyncDev;
#endif /* WOLFSSL_ASYNC_CRYPT */
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
word32 flags; /* enum wc_HashFlags in hash.h */
#endif
};
@ -156,7 +156,7 @@ WOLFSSL_API int wc_Shake256_Final(wc_Shake*, byte*, word32);
WOLFSSL_API void wc_Shake256_Free(wc_Shake*);
WOLFSSL_API int wc_Shake256_Copy(wc_Shake* src, wc_Sha3* dst);
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
WOLFSSL_API int wc_Sha3_SetFlags(wc_Sha3* sha3, word32 flags);
WOLFSSL_API int wc_Sha3_GetFlags(wc_Sha3* sha3, word32* flags);
#endif

10
wolfssl/wolfcrypt/sha512.h
View File

@ -180,7 +180,7 @@ struct wc_Sha512 {
int devId;
void* devCtx; /* generic crypto callback context */
#endif
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
word32 flags; /* enum wc_HashFlags in hash.h */
#endif
#endif /* WOLFSSL_PSOC6_CRYPTO */
@ -211,7 +211,7 @@ WOLFSSL_API void wc_Sha512Free(wc_Sha512*);
WOLFSSL_API int wc_Sha512GetHash(wc_Sha512*, byte*);
WOLFSSL_API int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst);
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
WOLFSSL_API int wc_Sha512SetFlags(wc_Sha512* sha512, word32 flags);
WOLFSSL_API int wc_Sha512GetFlags(wc_Sha512* sha512, word32* flags);
#endif
@ -229,7 +229,7 @@ WOLFSSL_API int wc_Sha512_224Final(wc_Sha512*, byte*);
WOLFSSL_API void wc_Sha512_224Free(wc_Sha512*);
WOLFSSL_API int wc_Sha512_224GetHash(wc_Sha512*, byte*);
WOLFSSL_API int wc_Sha512_224Copy(wc_Sha512* src, wc_Sha512* dst);
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
WOLFSSL_API int wc_Sha512_224SetFlags(wc_Sha512* sha512, word32 flags);
WOLFSSL_API int wc_Sha512_224GetFlags(wc_Sha512* sha512, word32* flags);
#endif
@ -249,7 +249,7 @@ WOLFSSL_API int wc_Sha512_256Final(wc_Sha512*, byte*);
WOLFSSL_API void wc_Sha512_256Free(wc_Sha512*);
WOLFSSL_API int wc_Sha512_256GetHash(wc_Sha512*, byte*);
WOLFSSL_API int wc_Sha512_256Copy(wc_Sha512* src, wc_Sha512* dst);
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
WOLFSSL_API int wc_Sha512_256SetFlags(wc_Sha512* sha512, word32 flags);
WOLFSSL_API int wc_Sha512_256GetFlags(wc_Sha512* sha512, word32* flags);
#endif
@ -306,7 +306,7 @@ WOLFSSL_API void wc_Sha384Free(wc_Sha384*);
WOLFSSL_API int wc_Sha384GetHash(wc_Sha384*, byte*);
WOLFSSL_API int wc_Sha384Copy(wc_Sha384* src, wc_Sha384* dst);
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
WOLFSSL_API int wc_Sha384SetFlags(wc_Sha384* sha384, word32 flags);
WOLFSSL_API int wc_Sha384GetFlags(wc_Sha384* sha384, word32* flags);
#endif