Merge pull request #4469 from dgarske/android_keystore

Support for Android KeyStore compatibility API's
This commit is contained in:
Sean Parkinson
2021-10-21 08:30:08 +10:00
committed by GitHub
34 changed files with 746 additions and 258 deletions
+115
View File
@@ -0,0 +1,115 @@
cc_library_shared {
name: "libwolfssl",
arch: {
arm: {
instruction_set: "arm",
},
arm64: {
cflags: ["-DARM64"],
},
},
compile_multilib: "both",
export_include_dirs: ["."],
shared_libs: ["liblog"],
cflags: [
"-DWOLFSSL_USER_SETTINGS",
"-Os",
"-fomit-frame-pointer",
],
include_dirs: [
"external/wolfssl/wolfssl",
"external/wolfssl",
],
srcs: [
"./src/crl.c",
"./src/internal.c",
"./src/keys.c",
"./src/ocsp.c",
"./src/sniffer.c",
"./src/ssl.c",
"./src/tls.c",
"./src/tls13.c",
"./src/wolfio.c",
] + [
"./wolfcrypt/src/aes.c",
"./wolfcrypt/src/arc4.c",
"./wolfcrypt/src/asm.c",
"./wolfcrypt/src/asn.c",
"./wolfcrypt/src/blake2b.c",
"./wolfcrypt/src/blake2s.c",
"./wolfcrypt/src/camellia.c",
"./wolfcrypt/src/chacha.c",
"./wolfcrypt/src/chacha20_poly1305.c",
"./wolfcrypt/src/cmac.c",
"./wolfcrypt/src/coding.c",
"./wolfcrypt/src/compress.c",
"./wolfcrypt/src/cpuid.c",
"./wolfcrypt/src/cryptocb.c",
"./wolfcrypt/src/curve25519.c",
"./wolfcrypt/src/curve448.c",
"./wolfcrypt/src/des3.c",
"./wolfcrypt/src/dh.c",
"./wolfcrypt/src/dsa.c",
"./wolfcrypt/src/ecc.c",
"./wolfcrypt/src/ecc_fp.c",
"./wolfcrypt/src/ed25519.c",
"./wolfcrypt/src/ed448.c",
"./wolfcrypt/src/error.c",
"./wolfcrypt/src/fe_448.c",
"./wolfcrypt/src/fe_low_mem.c",
"./wolfcrypt/src/fe_operations.c",
"./wolfcrypt/src/fips.c",
"./wolfcrypt/src/fips_test.c",
"./wolfcrypt/src/ge_448.c",
"./wolfcrypt/src/ge_low_mem.c",
"./wolfcrypt/src/ge_operations.c",
"./wolfcrypt/src/hash.c",
"./wolfcrypt/src/hc128.c",
"./wolfcrypt/src/hmac.c",
"./wolfcrypt/src/idea.c",
"./wolfcrypt/src/integer.c",
"./wolfcrypt/src/logging.c",
"./wolfcrypt/src/md2.c",
"./wolfcrypt/src/md4.c",
"./wolfcrypt/src/md5.c",
"./wolfcrypt/src/memory.c",
"./wolfcrypt/src/pkcs12.c",
"./wolfcrypt/src/pkcs7.c",
"./wolfcrypt/src/poly1305.c",
"./wolfcrypt/src/pwdbased.c",
"./wolfcrypt/src/rabbit.c",
"./wolfcrypt/src/random.c",
"./wolfcrypt/src/rc2.c",
"./wolfcrypt/src/ripemd.c",
"./wolfcrypt/src/rsa.c",
"./wolfcrypt/src/selftest.c",
"./wolfcrypt/src/sha256.c",
"./wolfcrypt/src/sha3.c",
"./wolfcrypt/src/sha512.c",
"./wolfcrypt/src/sha.c",
"./wolfcrypt/src/signature.c",
"./wolfcrypt/src/sp_arm32.c",
"./wolfcrypt/src/sp_arm64.c",
"./wolfcrypt/src/sp_armthumb.c",
"./wolfcrypt/src/sp_c32.c",
"./wolfcrypt/src/sp_c64.c",
"./wolfcrypt/src/sp_cortexm.c",
"./wolfcrypt/src/sp_dsp32.c",
"./wolfcrypt/src/sp_int.c",
"./wolfcrypt/src/sp_x86_64.c",
"./wolfcrypt/src/srp.c",
"./wolfcrypt/src/tfm.c",
"./wolfcrypt/src/wc_dsp.c",
"./wolfcrypt/src/wc_encrypt.c",
"./wolfcrypt/src/wc_pkcs11.c",
"./wolfcrypt/src/wc_port.c",
"./wolfcrypt/src/wolfcrypt_first.c",
"./wolfcrypt/src/wolfcrypt_last.c",
"./wolfcrypt/src/wolfevent.c",
"./wolfcrypt/src/wolfmath.c",
],
}
+37
View File
@@ -0,0 +1,37 @@
# Android wolfSSL Support
Tested on Android v8.1 with WPA Supplicant and KeyStore to replace BoringSSL.
## Files
* `Android.bp`: Template build system file for wolfSSL.
* `user_settings.h`: Template build settings for wolfSSL
## Installation
1) Place the wolfSSL library into `./external/wolfssl`
2) Copy `Android.bp` into `./external/wolfssl`
3) Copy `user_settings.h` into `./external/wolfssl`
4) Add `PRODUCT_PACKAGES += libwolfssl` to your device .mk.
## Typical Android build instruction
```sh
source build/envsetup.sh
lunch [num]
mm -j8
```
## Using wolfSSL in your Application
In your `Android.mk` build file for your application add the following:
```makefile
# Crypto Provider - wolfSSL
LOCAL_CFLAGS += -DWOLFSSL_USER_SETTINGS -Iexternal/wolfssl -Iexternal/wolfssl/wolfssl
LOCAL_SHARED_LIBRARIES += libwolfssl
```
## Support
For questions please email support@wolfssl.com
+8
View File
@@ -0,0 +1,8 @@
# vim:ft=automake
# included from Top Level Makefile.am
# All paths should be given relative to the root
EXTRA_DIST += \
IDE/Android/Android.bp \
IDE/Android/README.md \
IDE/Android/user_settings.h
+112
View File
@@ -0,0 +1,112 @@
/* Custom build settings for Android */
#ifndef _WOLF_USER_SETTINGS_H_
#define _WOLF_USER_SETTINGS_H_
#if 0
#define HAVE_FIPS_VERSION 2
#define HAVE_FIPS
#endif
/* WPA Supplicant Support */
#define WOLFSSL_WPAS_SMALL
#define OPENSSL_ALL
#define HAVE_THREAD_LS
#define USE_FAST_MATH
#define TFM_TIMING_RESISTANT
#define ECC_TIMING_RESISTANT
#define WC_RSA_BLINDING
#define HAVE_HASHDRBG
#if 1
#define WOLFSSL_TLS13
#define WC_RSA_PSS
#endif
#define HAVE_SESSION_TICKET
#define HAVE_TLS_EXTENSIONS
#define HAVE_SUPPORTED_CURVES
#define HAVE_EXTENDED_MASTER
#define HAVE_ENCRYPT_THEN_MAC
#define WOLFSSL_ENCRYPTED_KEYS
#define HAVE_KEYING_MATERIAL
#define NO_OLD_TLS
#define NO_CHECK_PRIVATE_KEY
/* enable PK callback support for signing operations to key store */
#define HAVE_PK_CALLBACKS
/* crypto callback support is not in FIPS 3389 */
#ifndef HAVE_FIPS
#define WOLF_CRYPTO_CB
#endif
#define KEEP_OUR_CERT
#define KEEP_PEER_CERT
#define WOLFSSL_ALWAYS_VERIFY_CB
#define WOLFSSL_ALWAYS_KEEP_SNI
#define HAVE_EX_DATA
#define HAVE_EXT_CACHE
#define WOLFSSL_EITHER_SIDE
#define WOLFSSL_PUBLIC_MP
#define WOLFSSL_DER_LOAD
#define WOLFSSL_CERT_GEN
#define WOLFSSL_CERT_EXT
#define WOLFSSL_CERT_REQ
#define WOLFSSL_KEY_GEN
#define WC_RSA_NO_PADDING
#define HAVE_FFDHE_2048
#define HAVE_DH_DEFAULT_PARAMS
#ifdef HAVE_FIPS
#define WOLFSSL_VALIDATE_FFC_IMPORT
#define HAVE_FFDHE_Q
#endif
#define WOLFSSL_SHA224
#define WOLFSSL_SHA512
#define WOLFSSL_SHA384
#define HAVE_HKDF
#define HAVE_PKCS8
#define HAVE_ECC
#define TFM_ECC256
#define ECC_SHAMIR
#define HAVE_COMP_KEY
#ifdef HAVE_FIPS
#define HAVE_ECC_CDH
#define WOLFSSL_VALIDATE_ECC_IMPORT
#endif
#define HAVE_AESGCM
#define HAVE_AESCCM
#define WOLFSSL_AES_DIRECT
#define WOLFSSL_AES_COUNTER
#define HAVE_AES_ECB
#define WOLFSSL_CMAC
#define WOLFSSL_BASE64_ENCODE
#define HAVE_CRL
#define NO_DSA
#define NO_RC4
#define NO_HC128
#define NO_RABBIT
#define NO_RC4
#define NO_PSK
#define WOLFSSL_NO_SHAKE256
#define NO_MD4
#define NO_OLD_MD5_NAME
#define NO_OLD_SHA_NAMES
#define NO_OLD_SHA256_NAMES
#define NO_OLD_WC_NAMES
#if 0
#define DEBUG_WOLFSSL
#define WOLFSSL_ANDROID_DEBUG
#endif
#endif /* _WOLF_USER_SETTINGS_H_ */
+1
View File
@@ -40,6 +40,7 @@ include IDE/VisualDSP/include.am
include IDE/QNX/include.am
include IDE/WINCE/include.am
include IDE/iotsafe/include.am
include IDE/Android/include.am
EXTRA_DIST+= IDE/IAR-EWARM IDE/MDK-ARM IDE/MDK5-ARM IDE/MYSQL IDE/LPCXPRESSO IDE/HEXIWEAR IDE/Espressif
EXTRA_DIST+= IDE/OPENSTM32/README.md
+5 -3
View File
@@ -908,8 +908,9 @@ WOLFSSL_API int wolfSSL_CTX_use_certificate_file(WOLFSSL_CTX*, const char*, int)
If using an external key store and do not have the private key you can
instead provide the public key and register the crypro callback to handle
the signing. For this you can build with --enable-cryptocb or
WOLF_CRYPTO_CB and register a crypto callback using
the signing. For this you can build with either build with crypto callbacks
or PK callbacks. To enable crypto callbacks use --enable-cryptocb
or WOLF_CRYPTO_CB and register a crypto callback using
wc_CryptoCb_RegisterDevice and set the associated devId using
wolfSSL_CTX_SetDevId.
@@ -1322,7 +1323,8 @@ WOLFSSL_API int wolfSSL_use_certificate_file(WOLFSSL*, const char*, int);
If using an external key store and do not have the private key you can
instead provide the public key and register the crypro callback to handle
the signing. For this you can build with --enable-cryptocb or
the signing. For this you can build with either build with crypto callbacks
or PK callbacks. To enable crypto callbacks use --enable-cryptocb or
WOLF_CRYPTO_CB and register a crypto callback using
wc_CryptoCb_RegisterDevice and set the associated devId using
wolfSSL_SetDevId.
+8 -4
View File
@@ -243,6 +243,7 @@ static const unsigned char dhg[] =
#endif /* !NO_WOLFSSL_SERVER */
#endif /* !NO_DH */
#ifdef WOLFSSL_TLS13
struct group_info {
word16 group;
const char *name;
@@ -300,6 +301,7 @@ static struct group_info groups[] = {
#endif
{ 0, NULL }
};
#endif /* WOLFSSL_TLS13 */
#ifdef HAVE_PTHREAD
typedef struct {
@@ -1707,7 +1709,9 @@ int bench_tls(void* args)
info_t *theadInfo = NULL, *info;
stats_t cli_comb, srv_comb;
int i;
int group_index;
#ifdef WOLFSSL_TLS13
int group_index = 0;
#endif
char *cipher, *next_cipher, *ciphers = NULL;
int argc = 0;
char** argv = NULL;
@@ -1932,6 +1936,7 @@ int bench_tls(void* args)
/* parse by : */
while ((cipher != NULL) && (cipher[0] != '\0')) {
const char *gname = "N/A";
next_cipher = strchr(cipher, ':');
if (next_cipher != NULL) {
cipher[next_cipher - cipher] = '\0';
@@ -1943,6 +1948,7 @@ int bench_tls(void* args)
#ifdef WOLFSSL_TLS13
for (group_index = 0; groups[group_index].name != NULL; group_index++) {
gname = theadInfo[0].group == 0 ? "N/A" : groups[group_index].name;
if (argDoGroups && groups[group_index].group == 0) {
/* Skip unsupported group. */
@@ -2041,15 +2047,13 @@ int bench_tls(void* args)
}
#endif /* HAVE_PTHREAD */
const char *gname = theadInfo[0].group == 0 ?
"N/A" : groups[group_index].name;
if (argShowVerbose) {
/* print results */
for (i = 0; i < argThreadPairs; ++i) {
info = &theadInfo[i];
fprintf(stderr, "\nThread %d\n", i);
#ifndef NO_WOLFSSL_SERVER
#ifndef NO_WOLFSSL_SERVER
if (!argClientOnly)
print_stats(&info->server_stats, "Server", info->cipher, gname, 1);
#endif
+12 -12
View File
@@ -6024,7 +6024,7 @@ int InitHandshakeHashes(WOLFSSL* ssl)
ret = wc_InitMd5_ex(&ssl->hsHashes->hashMd5, ssl->heap, ssl->devId);
if (ret != 0)
return ret;
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
wc_Md5SetFlags(&ssl->hsHashes->hashMd5, WC_HASH_FLAG_WILLCOPY);
#endif
#endif
@@ -6032,7 +6032,7 @@ int InitHandshakeHashes(WOLFSSL* ssl)
ret = wc_InitSha_ex(&ssl->hsHashes->hashSha, ssl->heap, ssl->devId);
if (ret != 0)
return ret;
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
wc_ShaSetFlags(&ssl->hsHashes->hashSha, WC_HASH_FLAG_WILLCOPY);
#endif
#endif
@@ -6041,7 +6041,7 @@ int InitHandshakeHashes(WOLFSSL* ssl)
ret = wc_InitSha256_ex(&ssl->hsHashes->hashSha256, ssl->heap, ssl->devId);
if (ret != 0)
return ret;
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
wc_Sha256SetFlags(&ssl->hsHashes->hashSha256, WC_HASH_FLAG_WILLCOPY);
#endif
#endif
@@ -6049,7 +6049,7 @@ int InitHandshakeHashes(WOLFSSL* ssl)
ret = wc_InitSha384_ex(&ssl->hsHashes->hashSha384, ssl->heap, ssl->devId);
if (ret != 0)
return ret;
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
wc_Sha384SetFlags(&ssl->hsHashes->hashSha384, WC_HASH_FLAG_WILLCOPY);
#endif
#endif
@@ -6057,7 +6057,7 @@ int InitHandshakeHashes(WOLFSSL* ssl)
ret = wc_InitSha512_ex(&ssl->hsHashes->hashSha512, ssl->heap, ssl->devId);
if (ret != 0)
return ret;
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
wc_Sha512SetFlags(&ssl->hsHashes->hashSha512, WC_HASH_FLAG_WILLCOPY);
#endif
#endif
@@ -21902,7 +21902,7 @@ int PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, word32 hashSigAlgoSz)
#if !defined(NO_CERTS)
#ifdef WOLF_CRYPTO_CB
#if defined(WOLF_CRYPTO_CB) && !defined(NO_CHECK_PRIVATE_KEY)
/* Create a private key for a device.
*
* pkey Key object.
@@ -22084,8 +22084,8 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length)
/* Decode the key assuming it is an RSA private key. */
ret = wc_RsaPrivateKeyDecode(ssl->buffers.key->buffer, &idx,
(RsaKey*)ssl->hsKey, ssl->buffers.key->length);
#ifdef WOLF_CRYPTO_CB
/* if using crypto callbacks allow using a public key */
#if defined(WOLF_CRYPTO_CB) || defined(HAVE_PK_CALLBACKS)
/* if using crypto or PK callbacks allow using a public key */
if (ret != 0 && ssl->devId != INVALID_DEVID) {
WOLFSSL_MSG("Trying RSA public key with crypto callbacks");
idx = 0;
@@ -22139,8 +22139,8 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length)
ret = wc_EccPrivateKeyDecode(ssl->buffers.key->buffer, &idx,
(ecc_key*)ssl->hsKey,
ssl->buffers.key->length);
#ifdef WOLF_CRYPTO_CB
/* if using crypto callbacks allow using a public key */
#if defined(WOLF_CRYPTO_CB) || defined(HAVE_PK_CALLBACKS)
/* if using crypto or PK callbacks allow using a public key */
if (ret != 0 && ssl->devId != INVALID_DEVID) {
WOLFSSL_MSG("Trying ECC public key with crypto callbacks");
idx = 0;
@@ -22192,8 +22192,8 @@ int DecodePrivateKey(WOLFSSL *ssl, word16* length)
ret = wc_Ed25519PrivateKeyDecode(ssl->buffers.key->buffer, &idx,
(ed25519_key*)ssl->hsKey,
ssl->buffers.key->length);
#ifdef WOLF_CRYPTO_CB
/* if using crypto callbacks allow using a public key */
#if defined(WOLF_CRYPTO_CB) || defined(HAVE_PK_CALLBACKS)
/* if using crypto or PK callbacks allow using a public key */
if (ret != 0 && ssl->devId != INVALID_DEVID) {
WOLFSSL_MSG("Trying ED25519 public key with crypto callbacks");
idx = 0;
+220 -129
View File
@@ -5383,9 +5383,9 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der
if (ret == 0) {
*idx = 0;
ret = wc_RsaPrivateKeyDecode(der->buffer, idx, key, der->length);
#ifdef WOLF_CRYPTO_CB
#if defined(WOLF_CRYPTO_CB) || defined(HAVE_PK_CALLBACKS)
if (ret != 0 && devId != INVALID_DEVID) {
/* if using crypto callbacks, try public key decode */
/* if using crypto or PK callbacks, try public key decode */
*idx = 0;
ret = wc_RsaPublicKeyDecode(der->buffer, idx, key, der->length);
}
@@ -5453,9 +5453,9 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der
if (wc_ecc_init_ex(key, heap, devId) == 0) {
*idx = 0;
ret = wc_EccPrivateKeyDecode(der->buffer, idx, key, der->length);
#ifdef WOLF_CRYPTO_CB
#if defined(WOLF_CRYPTO_CB) || defined(HAVE_PK_CALLBACKS)
if (ret != 0 && devId != INVALID_DEVID) {
/* if using crypto callbacks, try public key decode */
/* if using crypto or PK callbacks, try public key decode */
*idx = 0;
ret = wc_EccPublicKeyDecode(der->buffer, idx, key, der->length);
}
@@ -5518,9 +5518,9 @@ static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der
if (ret == 0) {
*idx = 0;
ret = wc_Ed25519PrivateKeyDecode(der->buffer, idx, key, der->length);
#ifdef WOLF_CRYPTO_CB
#if defined(WOLF_CRYPTO_CB) || defined(HAVE_PK_CALLBACKS)
if (ret != 0 && devId != INVALID_DEVID) {
/* if using crypto callbacks, try public key decode */
/* if using crypto or PK callbacks, try public key decode */
*idx = 0;
ret = wc_Ed25519PublicKeyDecode(der->buffer, idx, key, der->length);
}
@@ -7878,6 +7878,72 @@ WOLFSSL_EVP_PKEY* wolfSSL_CTX_get0_privatekey(const WOLFSSL_CTX* ctx)
#ifdef OPENSSL_EXTRA
WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY(
WOLFSSL_PKCS8_PRIV_KEY_INFO** pkey, const unsigned char** keyBuf, long keyLen)
{
WOLFSSL_PKCS8_PRIV_KEY_INFO* pkcs8 = NULL;
#ifdef WOLFSSL_PEM_TO_DER
int ret;
DerBuffer* der = NULL;
if (keyBuf == NULL || *keyBuf == NULL || keyLen <= 0) {
WOLFSSL_MSG("Bad key PEM/DER args");
return NULL;
}
ret = PemToDer(*keyBuf, keyLen, PRIVATEKEY_TYPE, &der, NULL, NULL, NULL);
if (ret < 0) {
WOLFSSL_MSG("Not PEM format");
ret = AllocDer(&der, (word32)keyLen, PRIVATEKEY_TYPE, NULL);
if (ret == 0) {
XMEMCPY(der->buffer, *keyBuf, keyLen);
}
}
if (ret == 0) {
/* Verify this is PKCS8 Key */
word32 inOutIdx = 0;
word32 algId;
ret = ToTraditionalInline_ex(der->buffer, &inOutIdx, der->length, &algId);
if (ret >= 0) {
ret = 0; /* good DER */
}
}
if (ret == 0) {
pkcs8 = wolfSSL_EVP_PKEY_new();
if (pkcs8 == NULL)
ret = MEMORY_E;
}
if (ret == 0) {
pkcs8->pkey.ptr = (char*)XMALLOC(der->length, NULL,
DYNAMIC_TYPE_PUBLIC_KEY);
if (pkcs8->pkey.ptr == NULL)
ret = MEMORY_E;
}
if (ret == 0) {
XMEMCPY(pkcs8->pkey.ptr, der->buffer, der->length);
pkcs8->pkey_sz = der->length;
}
FreeDer(&der);
if (ret != 0) {
wolfSSL_EVP_PKEY_free(pkcs8);
pkcs8 = NULL;
}
if (pkey != NULL) {
*pkey = pkcs8;
}
#else
(void)bio;
(void)pkey;
#endif /* WOLFSSL_PEM_TO_DER */
return pkcs8;
}
#ifndef NO_BIO
/* put SSL type in extra for now, not very common */
@@ -7897,10 +7963,8 @@ WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY_bio(WOLFSSL_BIO* bio,
#ifdef WOLFSSL_PEM_TO_DER
unsigned char* mem = NULL;
int memSz;
int keySz;
word32 algId;
WOLFSSL_MSG("wolfSSL_d2i_PKCS8_PKEY_bio()");
WOLFSSL_ENTER("wolfSSL_d2i_PKCS8_PKEY_bio");
if (bio == NULL) {
return NULL;
@@ -7910,30 +7974,7 @@ WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY_bio(WOLFSSL_BIO* bio,
return NULL;
}
if ((keySz = wc_KeyPemToDer(mem, memSz, mem, memSz, NULL)) < 0) {
WOLFSSL_MSG("Not PEM format");
keySz = memSz;
if ((keySz = ToTraditional_ex((byte*)mem, (word32)keySz, &algId)) < 0) {
return NULL;
}
}
pkcs8 = wolfSSL_EVP_PKEY_new();
if (pkcs8 == NULL) {
return NULL;
}
pkcs8->pkey.ptr = (char*)XMALLOC(keySz, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
if (pkcs8->pkey.ptr == NULL) {
wolfSSL_EVP_PKEY_free(pkcs8);
return NULL;
}
XMEMCPY(pkcs8->pkey.ptr, mem, keySz);
pkcs8->pkey_sz = keySz;
if (pkey != NULL) {
*pkey = pkcs8;
}
pkcs8 = wolfSSL_d2i_PKCS8_PKEY(pkey, (const unsigned char**)&mem, memSz);
#else
(void)bio;
(void)pkey;
@@ -8586,6 +8627,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_id(int type, WOLFSSL_EVP_PKEY** out,
#ifndef NO_CERTS
#ifndef NO_CHECK_PRIVATE_KEY
int wolfSSL_check_private_key(const WOLFSSL* ssl)
{
DecodedCert der;
@@ -8667,6 +8709,7 @@ int wolfSSL_check_private_key(const WOLFSSL* ssl)
FreeDecodedCert(&der);
return ret;
}
#endif /* !NO_CHECK_PRIVATE_KEY */
#if defined(OPENSSL_ALL)
unsigned int wolfSSL_X509_get_extension_flags(WOLFSSL_X509* x509)
@@ -19281,7 +19324,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
ssl->devId) != 0) {
return WOLFSSL_FAILURE;
}
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
wc_Md5SetFlags(&ssl->hsHashes->hashMd5, WC_HASH_FLAG_WILLCOPY);
#endif
#endif
@@ -19290,7 +19333,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
ssl->devId) != 0) {
return WOLFSSL_FAILURE;
}
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
wc_ShaSetFlags(&ssl->hsHashes->hashSha, WC_HASH_FLAG_WILLCOPY);
#endif
#endif
@@ -19300,7 +19343,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
ssl->devId) != 0) {
return WOLFSSL_FAILURE;
}
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
wc_Sha256SetFlags(&ssl->hsHashes->hashSha256, WC_HASH_FLAG_WILLCOPY);
#endif
#endif
@@ -19309,7 +19352,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
ssl->devId) != 0) {
return WOLFSSL_FAILURE;
}
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
wc_Sha384SetFlags(&ssl->hsHashes->hashSha384, WC_HASH_FLAG_WILLCOPY);
#endif
#endif
@@ -19318,7 +19361,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
ssl->devId) != 0) {
return WOLFSSL_FAILURE;
}
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
wc_Sha512SetFlags(&ssl->hsHashes->hashSha512, WC_HASH_FLAG_WILLCOPY);
#endif
#endif
@@ -36832,9 +36875,9 @@ int wolfSSL_ECDSA_size(const WOLFSSL_EC_KEY *key)
2;
}
int wolfSSL_ECDSA_sign(int type, const unsigned char *digest,
int digestSz, unsigned char *sig,
unsigned int *sigSz, WOLFSSL_EC_KEY *key)
int wolfSSL_ECDSA_sign(int type,
const unsigned char *digest, int digestSz,
unsigned char *sig, unsigned int *sigSz, WOLFSSL_EC_KEY *key)
{
int ret = WOLFSSL_SUCCESS;
WC_RNG* rng = NULL;
@@ -36871,7 +36914,8 @@ int wolfSSL_ECDSA_sign(int type, const unsigned char *digest,
}
}
if (rng) {
if (wc_ecc_sign_hash(digest, digestSz, sig, sigSz, rng, (ecc_key*)key->internal) != MP_OKAY) {
if (wc_ecc_sign_hash(digest, digestSz, sig, sigSz, rng,
(ecc_key*)key->internal) != 0) {
ret = WOLFSSL_FAILURE;
}
if (initTmpRng) {
@@ -36890,6 +36934,32 @@ int wolfSSL_ECDSA_sign(int type, const unsigned char *digest,
return ret;
}
int wolfSSL_ECDSA_verify(int type,
const unsigned char *digest, int digestSz,
const unsigned char *sig, int sigSz, WOLFSSL_EC_KEY *key)
{
int ret = WOLFSSL_SUCCESS;
int verify = 0;
WOLFSSL_ENTER("wolfSSL_ECDSA_verify");
if (key == NULL) {
return WOLFSSL_FAILURE;
}
if (wc_ecc_verify_hash(sig, sigSz, digest, digestSz,
&verify, (ecc_key*)key->internal) != 0) {
ret = WOLFSSL_FAILURE;
}
if (ret == WOLFSSL_SUCCESS && verify != 1) {
WOLFSSL_MSG("wolfSSL_ECDSA_verify failed");
ret = WOLFSSL_FAILURE;
}
(void)type;
return ret;
}
#ifndef HAVE_SELFTEST
/* ECC point compression types were not included in selftest ecc.h */
@@ -44837,10 +44907,15 @@ err:
return WOLFSSL_FAILURE;
}
#ifndef NO_CHECK_PRIVATE_KEY
return wc_CheckPrivateKey((byte*)key->pkey.ptr, key->pkey_sz,
x509->pubKey.buffer, x509->pubKey.length,
(enum Key_Sum)x509->pubKeyOID) == 1 ?
WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
#else
/* not compiled in */
return WOLFSSL_SUCCESS;
#endif
}
/* wolfSSL uses negative values for error states. This function returns an
@@ -46228,6 +46303,11 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_bio(WOLFSSL_BIO* bio,
}
#endif /* !NO_BIO */
#endif /* OPENSSL_ALL || WOLFSSL_ASIO || WOLFSSL_HAPROXY || WOLFSSL_QT */
#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) || \
defined(WOLFSSL_NGINX) || defined(WOLFSSL_QT) || defined(WOLFSSL_WPAS_SMALL)
/* Converts a DER encoded private key to a WOLFSSL_EVP_PKEY structure.
* returns a pointer to a new WOLFSSL_EVP_PKEY structure on success and NULL
@@ -46336,7 +46416,8 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_EVP(WOLFSSL_EVP_PKEY** out,
#endif /* HAVE_ECC */
return pkey;
}
#endif /* OPENSSL_ALL || WOLFSSL_ASIO || WOLFSSL_HAPROXY || WOLFSSL_QT */
#endif /* OPENSSL_ALL || WOLFSSL_ASIO || WOLFSSL_HAPROXY || WOLFSSL_QT || WOLFSSL_WPAS_SMALL*/
/* stunnel compatibility functions*/
@@ -51278,67 +51359,63 @@ int wolfSSL_RSA_public_encrypt(int len, const unsigned char* fr,
#if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA)
int mgf = WC_MGF1NONE;
enum wc_HashType hash = WC_HASH_TYPE_NONE;
int pad_type;
#endif
WOLFSSL_MSG("wolfSSL_RSA_public_encrypt");
WOLFSSL_ENTER("RSA_public_encrypt");
/* Check and remap the padding to internal values, if needed. */
#if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA)
if (padding == RSA_PKCS1_PADDING)
padding = WC_RSA_PKCSV15_PAD;
else if (padding == RSA_PKCS1_OAEP_PADDING) {
padding = WC_RSA_OAEP_PAD;
switch (padding) {
case RSA_PKCS1_PADDING:
pad_type = WC_RSA_PKCSV15_PAD;
break;
case RSA_PKCS1_OAEP_PADDING:
pad_type = WC_RSA_OAEP_PAD;
hash = WC_HASH_TYPE_SHA;
mgf = WC_MGF1SHA1;
}
else if (padding == RSA_PKCS1_PSS_PADDING) {
padding = WC_RSA_PSS_PAD;
break;
case RSA_PKCS1_PSS_PADDING:
pad_type = WC_RSA_PSS_PAD;
hash = WC_HASH_TYPE_SHA256;
mgf = WC_MGF1SHA256;
break;
case RSA_NO_PADDING:
pad_type = WC_RSA_NO_PAD;
break;
default:
WOLFSSL_MSG("RSA_public_encrypt unsupported padding");
return WOLFSSL_FAILURE;
}
else if (padding == RSA_NO_PADDING) {
padding = WC_RSA_NO_PAD;
}
#else
if (padding == RSA_PKCS1_PADDING)
;
#endif
else {
WOLFSSL_MSG("wolfSSL_RSA_public_encrypt unsupported padding");
return 0;
}
if (rsa->inSet == 0)
{
if (rsa->inSet == 0) {
if (SetRsaInternal(rsa) != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("SetRsaInternal failed");
return 0;
return WOLFSSL_FAILURE;
}
}
outLen = wolfSSL_RSA_size(rsa);
rng = WOLFSSL_RSA_GetRNG(rsa, (WC_RNG**)&tmpRNG, &initTmpRng);
if (outLen == 0) {
WOLFSSL_MSG("Bad RSA size");
}
rng = WOLFSSL_RSA_GetRNG(rsa, (WC_RNG**)&tmpRNG, &initTmpRng);
if (rng) {
#if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA)
ret = wc_RsaPublicEncrypt_ex(fr, len, to, outLen,
(RsaKey*)rsa->internal, rng, padding,
(RsaKey*)rsa->internal, rng, pad_type,
hash, mgf, NULL, 0);
#else
ret = wc_RsaPublicEncrypt(fr, len, to, outLen,
(RsaKey*)rsa->internal, rng);
if (padding == RSA_PKCS1_PADDING) {
ret = wc_RsaPublicEncrypt(fr, len, to, outLen,
(RsaKey*)rsa->internal, rng);
}
else {
WOLFSSL_MSG("RSA_public_encrypt pad type not supported in FIPS");
ret = WOLFSSL_FAILURE;
}
#endif
if (ret <= 0) {
WOLFSSL_MSG("Bad Rsa Encrypt");
}
if (len <= 0) {
WOLFSSL_MSG("Bad Rsa Encrypt");
}
}
if (initTmpRng)
@@ -51348,18 +51425,16 @@ int wolfSSL_RSA_public_encrypt(int len, const unsigned char* fr,
XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
if (ret >= 0)
WOLFSSL_MSG("wolfSSL_RSA_public_encrypt success");
else {
WOLFSSL_MSG("wolfSSL_RSA_public_encrypt failed");
ret = WOLFSSL_FATAL_ERROR; /* return -1 on error case */
WOLFSSL_LEAVE("RSA_public_encrypt", ret);
if (ret <= 0) {
ret = WOLFSSL_FAILURE;
}
return ret;
}
/* return compliant with OpenSSL
* size of plain recovered data if success , -1 if error
*/
@@ -51371,40 +51446,39 @@ int wolfSSL_RSA_private_decrypt(int len, const unsigned char* fr,
#if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA)
int mgf = WC_MGF1NONE;
enum wc_HashType hash = WC_HASH_TYPE_NONE;
int pad_type;
#endif
WOLFSSL_MSG("wolfSSL_RSA_private_decrypt");
WOLFSSL_ENTER("RSA_private_decrypt");
#if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA)
if (padding == RSA_PKCS1_PADDING)
padding = WC_RSA_PKCSV15_PAD;
else if (padding == RSA_PKCS1_OAEP_PADDING) {
padding = WC_RSA_OAEP_PAD;
switch (padding) {
case RSA_PKCS1_PADDING:
pad_type = WC_RSA_PKCSV15_PAD;
break;
case RSA_PKCS1_OAEP_PADDING:
pad_type = WC_RSA_OAEP_PAD;
hash = WC_HASH_TYPE_SHA;
mgf = WC_MGF1SHA1;
}
else if (padding == RSA_PKCS1_PSS_PADDING) {
padding = WC_RSA_PSS_PAD;
break;
case RSA_PKCS1_PSS_PADDING:
pad_type = WC_RSA_PSS_PAD;
hash = WC_HASH_TYPE_SHA256;
mgf = WC_MGF1SHA256;
break;
case RSA_NO_PADDING:
pad_type = WC_RSA_NO_PAD;
break;
default:
WOLFSSL_MSG("RSA_private_decrypt unsupported padding");
return WOLFSSL_FAILURE;
}
else if (padding == RSA_NO_PADDING) {
padding = WC_RSA_NO_PAD;
}
#else
if (padding == RSA_PKCS1_PADDING)
;
#endif
else {
WOLFSSL_MSG("wolfSSL_RSA_private_decrypt unsupported padding");
return 0;
}
if (rsa->inSet == 0)
{
if (rsa->inSet == 0) {
if (SetRsaInternal(rsa) != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("SetRsaInternal failed");
return 0;
return WOLFSSL_FAILURE;
}
}
@@ -51416,41 +51490,45 @@ int wolfSSL_RSA_private_decrypt(int len, const unsigned char* fr,
/* size of 'to' buffer must be size of RSA key */
#if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA)
ret = wc_RsaPrivateDecrypt_ex(fr, len, to, outLen,
(RsaKey*)rsa->internal, padding,
(RsaKey*)rsa->internal, pad_type,
hash, mgf, NULL, 0);
#else
ret = wc_RsaPrivateDecrypt(fr, len, to, outLen,
(RsaKey*)rsa->internal);
if (padding == RSA_PKCS1_PADDING) {
ret = wc_RsaPrivateDecrypt(fr, len, to, outLen,
(RsaKey*)rsa->internal);
}
else {
WOLFSSL_MSG("RSA_private_decrypt pad type not supported in FIPS");
ret = WOLFSSL_FAILURE;
}
#endif
if (len <= 0) {
WOLFSSL_MSG("Bad Rsa Decrypt");
if (ret <= 0) {
ret = WOLFSSL_FAILURE;
}
WOLFSSL_LEAVE("RSA_private_decrypt", ret);
if (ret > 0)
WOLFSSL_MSG("wolfSSL_RSA_private_decrypt success");
else {
WOLFSSL_MSG("wolfSSL_RSA_private_decrypt failed");
ret = WOLFSSL_FATAL_ERROR;
}
return ret;
}
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2))
int wolfSSL_RSA_public_decrypt(int flen, const unsigned char* from,
unsigned char* to, WOLFSSL_RSA* rsa, int padding)
{
int tlen = 0;
int ret = 0;
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2))
int pad_type;
#endif
WOLFSSL_ENTER("wolfSSL_RSA_public_decrypt");
WOLFSSL_ENTER("RSA_public_decrypt");
if (rsa == NULL || rsa->internal == NULL || from == NULL) {
WOLFSSL_MSG("Bad function arguments");
return WOLFSSL_FAILURE;
}
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2))
switch (padding) {
case RSA_PKCS1_PADDING:
pad_type = WC_RSA_PKCSV15_PAD;
@@ -51465,12 +51543,12 @@ int wolfSSL_RSA_public_decrypt(int flen, const unsigned char* from,
pad_type = WC_RSA_NO_PAD;
break;
default:
WOLFSSL_MSG("wolfSSL_RSA_public_decrypt unsupported padding");
WOLFSSL_MSG("RSA_public_decrypt unsupported padding");
return WOLFSSL_FAILURE;
}
#endif
if (rsa->inSet == 0)
{
if (rsa->inSet == 0) {
WOLFSSL_MSG("No RSA internal set, do it");
if (SetRsaInternal(rsa) != WOLFSSL_SUCCESS) {
@@ -51479,17 +51557,30 @@ int wolfSSL_RSA_public_decrypt(int flen, const unsigned char* from,
}
}
#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2))
/* size of 'to' buffer must be size of RSA key */
tlen = wc_RsaSSL_Verify_ex(from, flen, to, wolfSSL_RSA_size(rsa),
ret = wc_RsaSSL_Verify_ex(from, flen, to, wolfSSL_RSA_size(rsa),
(RsaKey*)rsa->internal, pad_type);
if (tlen <= 0)
WOLFSSL_MSG("wolfSSL_RSA_public_decrypt failed");
else {
WOLFSSL_MSG("wolfSSL_RSA_public_decrypt success");
#else
/* For FIPS v1/v2 only PKCSV15 padding is supported */
if (padding == RSA_PKCS1_PADDING) {
ret = wc_RsaSSL_Verify(from, flen, to, wolfSSL_RSA_size(rsa),
(RsaKey*)rsa->internal);
}
return tlen;
else {
WOLFSSL_MSG("RSA_public_decrypt pad type not supported in FIPS");
ret = WOLFSSL_FAILURE;
}
#endif
WOLFSSL_LEAVE("RSA_public_decrypt", ret);
if (ret <= 0) {
ret = WOLFSSL_FAILURE;
}
return ret;
}
#endif /* !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) */
/* RSA private encrypt calls wc_RsaSSL_Sign. Similar function set up as RSA
* public decrypt.
+81 -33
View File
@@ -2637,10 +2637,9 @@ static void test_ECDSA_size_sign(void)
EC_KEY *key;
int id;
byte hash[WC_MAX_DIGEST_SIZE];
byte sig[ECC_BUFSIZE];
byte sig[ECC_MAX_SIG_SIZE];
unsigned int sigSz = sizeof(sig);
XMEMSET(hash, 123, sizeof(hash));
id = wc_ecc_get_curve_id_from_name("SECP256R1");
@@ -2650,6 +2649,8 @@ static void test_ECDSA_size_sign(void)
AssertIntEQ(EC_KEY_generate_key(key), 1);
AssertIntEQ(ECDSA_sign(0, hash, sizeof(hash), sig, &sigSz, key), 1);
AssertIntGE(ECDSA_size(key), sigSz);
AssertIntEQ(ECDSA_verify(0, hash, sizeof(hash), sig, sigSz, key), 1);
EC_KEY_free(key);
#endif /* HAVE_ECC && !NO_ECC256 && !NO_ECC_SECP */
@@ -9340,8 +9341,7 @@ static int test_wc_Sha256FinalRaw (void)
static int test_wc_Sha256GetFlags (void)
{
int flag = 0;
#if !defined(NO_SHA256) && \
(defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB))
#if !defined(NO_SHA256) && defined(WOLFSSL_HASH_FLAGS)
wc_Sha256 sha256;
word32 flags = 0;
@@ -9796,8 +9796,7 @@ static int test_wc_Sha512Final (void)
static int test_wc_Sha512GetFlags (void)
{
int flag = 0;
#if defined(WOLFSSL_SHA512) && \
(defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB))
#if defined(WOLFSSL_SHA512) && defined(WOLFSSL_HASH_FLAGS)
wc_Sha512 sha512;
word32 flags = 0;
@@ -10221,8 +10220,7 @@ static int test_wc_Sha512_224GetFlags (void)
{
int flag = 0;
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) && \
(defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB))
#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) && defined(WOLFSSL_HASH_FLAGS)
wc_Sha512 sha512, copy;
word32 flags = 0;
@@ -10490,8 +10488,7 @@ static int test_wc_Sha512_256GetFlags (void)
{
int flag = 0;
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) && \
(defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB))
#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) && defined(WOLFSSL_HASH_FLAGS)
wc_Sha512 sha512, copy;
word32 flags = 0;
@@ -10834,8 +10831,7 @@ static int test_wc_Sha384Final (void)
static int test_wc_Sha384GetFlags (void)
{
int flag = 0;
#if defined(WOLFSSL_SHA384) && \
(defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB))
#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_HASH_FLAGS)
wc_Sha384 sha384;
word32 flags = 0;
@@ -11261,8 +11257,7 @@ static int test_wc_Sha224Final (void)
static int test_wc_Sha224SetFlags (void)
{
int flag = 0;
#if defined(WOLFSSL_SHA224) && \
(defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB))
#if defined(WOLFSSL_SHA224) && defined(WOLFSSL_HASH_FLAGS)
wc_Sha224 sha224;
word32 flags = 0;
@@ -11294,8 +11289,7 @@ static int test_wc_Sha224SetFlags (void)
static int test_wc_Sha224GetFlags (void)
{
int flag = 0;
#if defined(WOLFSSL_SHA224) && \
(defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB))
#if defined(WOLFSSL_SHA224) && defined(WOLFSSL_HASH_FLAGS)
wc_Sha224 sha224;
word32 flags = 0;
@@ -12565,8 +12559,7 @@ static int test_wc_Sha3_512_Copy (void)
static int test_wc_Sha3_GetFlags (void)
{
int ret = 0;
#if defined(WOLFSSL_SHA3) && \
(defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB))
#if defined(WOLFSSL_SHA3) && defined(WOLFSSL_HASH_FLAGS)
wc_Sha3 sha3;
word32 flags = 0;
@@ -28683,7 +28676,7 @@ static int test_wc_HashInit(void)
static int test_wc_HashSetFlags(void)
{
int ret = 0;
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
wc_HashAlg hash;
word32 flags = 0;
int i, j;
@@ -28785,7 +28778,7 @@ static int test_wc_HashSetFlags(void)
static int test_wc_HashGetFlags(void)
{
int ret = 0;
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
wc_HashAlg hash;
word32 flags = 0;
int i, j;
@@ -29418,15 +29411,19 @@ static void test_wolfSSL_certs(void)
#endif
AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM));
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
#ifndef HAVE_USER_RSA
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM));
#if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
AssertIntEQ(SSL_CTX_check_private_key(ctx), SSL_FAILURE);
#endif
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM));
#if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
AssertIntEQ(SSL_CTX_check_private_key(ctx), SSL_SUCCESS);
#endif
AssertNotNull(ssl = SSL_new(ctx));
#if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
#endif
#ifdef HAVE_PK_CALLBACKS
AssertIntEQ((int)SSL_set_tlsext_debug_arg(ssl, NULL), WOLFSSL_SUCCESS);
@@ -29441,7 +29438,7 @@ static void test_wolfSSL_certs(void)
AssertNotNull(x509ext);
AssertIntEQ(SSL_use_certificate(ssl, x509ext), WOLFSSL_SUCCESS);
#ifndef HAVE_USER_RSA
#if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
/* with loading in a new cert the check on private key should now fail */
AssertIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
#endif
@@ -29627,7 +29624,7 @@ static void test_wolfSSL_certs(void)
static void test_wolfSSL_X509_check_private_key(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) && \
defined(USE_CERT_BUFFERS_2048)
defined(USE_CERT_BUFFERS_2048) && !defined(NO_CHECK_PRIVATE_KEY)
X509* x509;
EVP_PKEY* pkey = NULL;
const byte* key;
@@ -29817,12 +29814,18 @@ static void test_wolfSSL_private_keys(void)
AssertTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM));
/* Have to load a cert before you can check the private key against that
* certificates public key! */
#if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
AssertIntEQ(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_FAILURE);
#endif
AssertTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM));
#if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
AssertIntEQ(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_SUCCESS);
#endif
AssertNotNull(ssl = SSL_new(ctx));
#if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
#endif
#ifdef USE_CERT_BUFFERS_2048
{
@@ -29833,33 +29836,36 @@ static void test_wolfSSL_private_keys(void)
AssertIntEQ(SSL_use_RSAPrivateKey_ASN1(ssl,
(unsigned char*)client_key_der_2048,
sizeof_client_key_der_2048), WOLFSSL_SUCCESS);
#ifndef HAVE_USER_RSA
#if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
/* Should mismatch now that a different private key loaded */
AssertIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
#endif
#endif
AssertIntEQ(SSL_use_PrivateKey_ASN1(0, ssl,
(unsigned char*)server_key,
sizeof_server_key_der_2048), WOLFSSL_SUCCESS);
#if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
/* After loading back in DER format of original key, should match */
AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
#endif
/* test loading private key to the WOLFSSL_CTX */
AssertIntEQ(SSL_CTX_use_PrivateKey_ASN1(0, ctx,
(unsigned char*)client_key_der_2048,
sizeof_client_key_der_2048), WOLFSSL_SUCCESS);
#ifndef NO_CHECK_PRIVATE_KEY
#ifndef HAVE_USER_RSA
#if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
/* Should mismatch now that a different private key loaded */
AssertIntNE(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_SUCCESS);
#endif
#endif
AssertIntEQ(SSL_CTX_use_PrivateKey_ASN1(0, ctx,
(unsigned char*)server_key,
sizeof_server_key_der_2048), WOLFSSL_SUCCESS);
#if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
/* After loading back in DER format of original key, should match */
AssertIntEQ(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_SUCCESS);
#endif /* !NO_CHECK_PRIVATE_KEY */
#endif
/* pkey not set yet, expecting to fail */
AssertIntEQ(SSL_use_PrivateKey(ssl, pkey), WOLFSSL_FAILURE);
@@ -29907,7 +29913,9 @@ static void test_wolfSSL_private_keys(void)
WOLFSSL_FILETYPE_PEM));
AssertNotNull(ssl = SSL_new(ctx));
#if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
#endif
SSL_free(ssl);
@@ -29915,7 +29923,9 @@ static void test_wolfSSL_private_keys(void)
WOLFSSL_FILETYPE_PEM));
AssertNotNull(ssl = SSL_new(ctx));
#if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
AssertIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
#endif
SSL_free(ssl);
SSL_CTX_free(ctx);
@@ -29933,7 +29943,9 @@ static void test_wolfSSL_private_keys(void)
WOLFSSL_FILETYPE_PEM));
AssertNotNull(ssl = SSL_new(ctx));
#if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
#endif
SSL_free(ssl);
@@ -29941,7 +29953,9 @@ static void test_wolfSSL_private_keys(void)
WOLFSSL_FILETYPE_PEM));
AssertNotNull(ssl = SSL_new(ctx));
#if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
AssertIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
#endif
SSL_free(ssl);
SSL_CTX_free(ctx);
@@ -29959,7 +29973,9 @@ static void test_wolfSSL_private_keys(void)
WOLFSSL_FILETYPE_PEM));
AssertNotNull(ssl = SSL_new(ctx));
#if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
AssertIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
#endif
SSL_free(ssl);
@@ -29967,7 +29983,9 @@ static void test_wolfSSL_private_keys(void)
WOLFSSL_FILETYPE_PEM));
AssertNotNull(ssl = SSL_new(ctx));
#if !defined(HAVE_USER_RSA) && !defined(NO_CHECK_PRIVATE_KEY)
AssertIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS);
#endif
SSL_free(ssl);
SSL_CTX_free(ctx);
@@ -35889,6 +35907,9 @@ static void test_wolfSSL_PKCS8_Compat(void)
XFILE f;
int bytes;
char pkcs8_buffer[512];
#if defined(OPENSSL_ALL) || defined(WOLFSSL_WPAS_SMALL)
EVP_PKEY *pkey = NULL;
#endif
printf(testingFmt, "wolfSSL_pkcs8()");
@@ -35899,6 +35920,17 @@ static void test_wolfSSL_PKCS8_Compat(void)
XFCLOSE(f);
AssertNotNull(bio = BIO_new_mem_buf((void*)pkcs8_buffer, bytes));
AssertNotNull(pt = d2i_PKCS8_PRIV_KEY_INFO_bio(bio, NULL));
#if defined(OPENSSL_ALL) || defined(WOLFSSL_WPAS_SMALL)
AssertNotNull(pkey = EVP_PKCS82PKEY(pt));
AssertIntEQ(EVP_PKEY_type(pkey->type), EVP_PKEY_EC);
/* gets PKCS8 pointer to pkey */
AssertNotNull(EVP_PKEY2PKCS8(pkey));
EVP_PKEY_free(pkey);
#endif
BIO_free(bio);
PKCS8_PRIV_KEY_INFO_free(pt);
@@ -41138,18 +41170,23 @@ static void test_wolfSSL_X509_PUBKEY_get(void)
static void test_wolfSSL_d2i_DHparams(void)
{
#if !defined(NO_DH)
#if !defined(NO_DH) && (defined(HAVE_FFDHE_2048) || defined(HAVE_FFDHE_3072))
#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
FILE* f = NULL;
unsigned char buf[4096];
const unsigned char* pt = buf;
#ifdef HAVE_FFDHE_2048
const char* params1 = "./certs/dh2048.der";
#endif
#ifdef HAVE_FFDHE_3072
const char* params2 = "./certs/dh3072.der";
#endif
long len = 0;
WOLFSSL_DH* dh = NULL;
XMEMSET(buf, 0, sizeof(buf));
/* Test 2048 bit parameters */
#ifdef HAVE_FFDHE_2048
printf(testingFmt, "wolfSSL_d2i_DHparams() 2048-bit");
f = XFOPEN(params1, "rb");
AssertTrue(f != XBADFILE);
@@ -41176,8 +41213,10 @@ static void test_wolfSSL_d2i_DHparams(void)
*buf = 0;
pt = buf;
#endif /* HAVE_FFDHE_2048 */
/* Test 3072 bit parameters */
#ifdef HAVE_FFDHE_3072
printf(testingFmt, "wolfSSL_d2i_DHparams() 3072-bit");
f = XFOPEN(params2, "rb");
AssertTrue(f != XBADFILE);
@@ -41197,24 +41236,30 @@ static void test_wolfSSL_d2i_DHparams(void)
DH_free(dh);
printf(resultFmt, passed);
#endif /* HAVE_FFDHE_3072 */
#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
#endif /* !NO_DH */
}
static void test_wolfSSL_i2d_DHparams(void)
{
#if !defined(NO_DH)
#if !defined(NO_DH) && (defined(HAVE_FFDHE_2048) || defined(HAVE_FFDHE_3072))
#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
FILE* f;
unsigned char buf[4096];
const unsigned char* pt = buf;
unsigned char* pt2 = buf;
#ifdef HAVE_FFDHE_2048
const char* params1 = "./certs/dh2048.der";
#endif
#ifdef HAVE_FFDHE_3072
const char* params2 = "./certs/dh3072.der";
#endif
long len;
WOLFSSL_DH* dh;
/* Test 2048 bit parameters */
#ifdef HAVE_FFDHE_2048
printf(testingFmt, "wolfSSL_i2d_DHparams() 2048-bit");
f = XFOPEN(params1, "rb");
AssertTrue(f != XBADFILE);
@@ -41239,8 +41284,10 @@ static void test_wolfSSL_i2d_DHparams(void)
*buf = 0;
pt = buf;
pt2 = buf;
#endif
/* Test 3072 bit parameters */
#ifdef HAVE_FFDHE_3072
printf(testingFmt, "wolfSSL_i2d_DHparams() 3072-bit");
f = XFOPEN(params2, "rb");
AssertTrue(f != XBADFILE);
@@ -41261,6 +41308,7 @@ static void test_wolfSSL_i2d_DHparams(void)
DH_free(dh);
printf(resultFmt, passed);
#endif
#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
#endif
}
@@ -49347,7 +49395,7 @@ static void test_CONF_CTX_FILE(void)
/* cmd DH parameter */
{
#if !defined(NO_DH) && !defined(NO_BIO)
#if !defined(NO_DH) && !defined(NO_BIO) && defined(HAVE_FFDHE_3072)
const char* ourdhcert = "./certs/dh3072.pem";
AssertIntEQ(SSL_CONF_cmd(cctx, "DHParameters", NULL), -3);
+3 -3
View File
@@ -18826,8 +18826,8 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
}
#endif
else {
#ifdef WOLF_CRYPTO_CB
/* allow loading a public key for use with crypto callbacks */
#if defined(WOLF_CRYPTO_CB) || defined(HAVE_PK_CALLBACKS)
/* allow loading a public key for use with crypto or PK callbacks */
type = PUBLICKEY_TYPE;
header = BEGIN_PUB_KEY;
footer = END_PUB_KEY;
@@ -18950,7 +18950,7 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
*keyFormat = DSAk;
#endif
}
#ifdef WOLF_CRYPTO_CB
#if defined(WOLF_CRYPTO_CB) || defined(HAVE_PK_CALLBACKS)
else if (type == PUBLICKEY_TYPE) {
#ifndef NO_RSA
if (header == BEGIN_RSA_PUB)
+19
View File
@@ -7590,6 +7590,25 @@ int wolfSSL_EVP_PKEY_get_default_digest_nid(WOLFSSL_EVP_PKEY *pkey, int *pnid)
}
}
#if defined(OPENSSL_ALL) || defined(WOLFSSL_WPAS_SMALL)
WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKCS82PKEY(const WOLFSSL_PKCS8_PRIV_KEY_INFO* p8)
{
if (p8 == NULL || p8->pkey.ptr == NULL) {
return NULL;
}
return wolfSSL_d2i_PrivateKey_EVP(NULL, (unsigned char**)&p8->pkey.ptr,
p8->pkey_sz);
}
/* in wolf PKCS8_PRIV_KEY_INFO and WOLFSSL_EVP_PKEY are same type */
/* this function just casts and returns pointer */
WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_EVP_PKEY2PKCS8(const WOLFSSL_EVP_PKEY* pkey)
{
return (WOLFSSL_PKCS8_PRIV_KEY_INFO*)pkey;
}
#endif
/* increments ref count of WOLFSSL_EVP_PKEY. Return 1 on success, 0 on error */
int wolfSSL_EVP_PKEY_up_ref(WOLFSSL_EVP_PKEY* pkey)
{
+2 -2
View File
@@ -996,7 +996,7 @@ int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type)
return ret;
}
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
int wc_HashSetFlags(wc_HashAlg* hash, enum wc_HashType type, word32 flags)
{
int ret = HASH_TYPE_E; /* Default to hash type error */
@@ -1127,7 +1127,7 @@ int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type, word32* flags)
return ret;
}
#endif
#endif /* WOLFSSL_HASH_FLAGS */
#if !defined(WOLFSSL_TI_HASH)
+3 -3
View File
@@ -303,7 +303,7 @@ static int _InitMd5(wc_Md5* md5)
md5->buffLen = 0;
md5->loLen = 0;
md5->hiLen = 0;
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
md5->flags = 0;
#endif
@@ -545,7 +545,7 @@ int wc_Md5Copy(wc_Md5* src, wc_Md5* dst)
#ifdef WOLFSSL_PIC32MZ_HASH
ret = wc_Pic32HashCopy(&src->cache, &dst->cache);
#endif
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
dst->flags |= WC_HASH_FLAG_ISCOPY;
#endif
@@ -565,7 +565,7 @@ int wc_Md5Transform(wc_Md5* md5, const byte* data)
return Transform(md5, data);
}
#endif
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
int wc_Md5SetFlags(wc_Md5* md5, word32 flags)
{
if (md5) {
+2 -2
View File
@@ -1390,7 +1390,7 @@ int wc_Sha256GetHash(wc_Sha256* sha256, byte* hash)
return ret;
}
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
int wc_Sha256SetFlags(wc_Sha256* sha256, word32 flags)
{
if (sha256) {
@@ -1532,7 +1532,7 @@ int wc_Sha256Transform(wc_Sha256* sha256, const unsigned char* data)
return ret;
}
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
int wc_Sha224SetFlags(wc_Sha224* sha224, word32 flags)
{
if (sha224) {
+12 -12
View File
@@ -67,7 +67,7 @@ static int InitSha512(wc_Sha512* sha512)
sha512->buffLen = 0;
sha512->loLen = 0;
sha512->hiLen = 0;
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
sha512->flags = 0;
#endif
@@ -99,7 +99,7 @@ static int InitSha512_224(wc_Sha512* sha512)
sha512->buffLen = 0;
sha512->loLen = 0;
sha512->hiLen = 0;
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
sha512->flags = 0;
#endif
@@ -133,7 +133,7 @@ static int InitSha512_256(wc_Sha512* sha512)
sha512->buffLen = 0;
sha512->loLen = 0;
sha512->hiLen = 0;
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
sha512->flags = 0;
#endif
@@ -693,7 +693,7 @@ static int InitSha384(wc_Sha384* sha384)
sha384->buffLen = 0;
sha384->loLen = 0;
sha384->hiLen = 0;
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
sha384->flags = 0;
#endif
@@ -856,14 +856,14 @@ int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst)
dst->W = NULL;
#endif
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
dst->flags |= WC_HASH_FLAG_ISCOPY;
#endif
return ret;
}
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
int wc_Sha512SetFlags(wc_Sha512* sha512, word32 flags)
{
if (sha512) {
@@ -912,7 +912,7 @@ int wc_Sha512_224Copy(wc_Sha512* src, wc_Sha512* dst)
return wc_Sha512Copy(src, dst);
}
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
int wc_Sha512_224SetFlags(wc_Sha512* sha, word32 flags)
{
return wc_Sha512SetFlags(sha, flags);
@@ -921,7 +921,7 @@ int wc_Sha512_224GetFlags(wc_Sha512* sha, word32* flags)
{
return wc_Sha512GetFlags(sha, flags);
}
#endif /* WOLFSSL_HASH_FLAGS || WOLF_CRYPTO_CB */
#endif /* WOLFSSL_HASH_FLAGS */
#if defined(OPENSSL_EXTRA)
int wc_Sha512_224Transform(wc_Sha512* sha, const unsigned char* data)
@@ -962,7 +962,7 @@ int wc_Sha512_256Copy(wc_Sha512* src, wc_Sha512* dst)
return wc_Sha512Copy(src, dst);
}
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
int wc_Sha512_256SetFlags(wc_Sha512* sha, word32 flags)
{
return wc_Sha512SetFlags(sha, flags);
@@ -971,7 +971,7 @@ int wc_Sha512_256GetFlags(wc_Sha512* sha, word32* flags)
{
return wc_Sha512GetFlags(sha, flags);
}
#endif /* WOLFSSL_HASH_FLAGS || WOLF_CRYPTO_CB */
#endif /* WOLFSSL_HASH_FLAGS */
#if defined(OPENSSL_EXTRA)
int wc_Sha512_256Transform(wc_Sha512* sha, const unsigned char* data)
@@ -1013,14 +1013,14 @@ int wc_Sha384Copy(wc_Sha384* src, wc_Sha384* dst)
dst->W = NULL;
#endif
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
dst->flags |= WC_HASH_FLAG_ISCOPY;
#endif
return ret;
}
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
int wc_Sha384SetFlags(wc_Sha384* sha384, word32 flags)
{
if (sha384) {
+4 -4
View File
@@ -386,7 +386,7 @@ int wc_Sha256Final(wc_Sha256* sha256, byte* hash)
return ret;
}
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
int wc_Sha256SetFlags(wc_Sha256* sha256, word32 flags)
{
if (sha256) {
@@ -401,7 +401,7 @@ int wc_Sha256GetFlags(wc_Sha256* sha256, word32* flags)
}
return 0;
}
#endif /* WOLFSSL_HASH_FLAGS || WOLF_CRYPTO_CB */
#endif /* WOLFSSL_HASH_FLAGS */
int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst)
{
@@ -498,7 +498,7 @@ int wc_ShaFinal(wc_Sha* sha, byte* hash)
return ret;
}
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
int wc_ShaSetFlags(wc_Sha* sha, word32 flags)
{
if (sha) {
@@ -513,7 +513,7 @@ int wc_ShaGetFlags(wc_Sha* sha, word32* flags)
}
return 0;
}
#endif /* WOLFSSL_HASH_FLAGS || WOLF_CRYPTO_CB */
#endif /* WOLFSSL_HASH_FLAGS */
int wc_ShaCopy(wc_Sha* src, wc_Sha* dst)
{
+3 -3
View File
@@ -389,7 +389,7 @@
sha->buffLen = 0;
sha->loLen = 0;
sha->hiLen = 0;
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
sha->flags = 0;
#endif
@@ -924,7 +924,7 @@ int wc_ShaCopy(wc_Sha* src, wc_Sha* dst)
dst->ctx.isfirstblock = src->ctx.isfirstblock;
dst->ctx.sha_type = src->ctx.sha_type;
#endif
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
dst->flags |= WC_HASH_FLAG_ISCOPY;
#endif
return ret;
@@ -933,7 +933,7 @@ int wc_ShaCopy(wc_Sha* src, wc_Sha* dst)
#endif /* !WOLFSSL_TI_HASH && !WOLFSSL_IMXRT_DCP */
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
int wc_ShaSetFlags(wc_Sha* sha, word32 flags)
{
if (sha) {
+6 -6
View File
@@ -207,7 +207,7 @@ static int InitSha256(wc_Sha256* sha256)
sha256->buffLen = 0;
sha256->loLen = 0;
sha256->hiLen = 0;
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
sha256->flags = 0;
#endif
@@ -1497,7 +1497,7 @@ static int InitSha256(wc_Sha256* sha256)
/* choose best Transform function under this runtime environment */
Sha256_SetTransform();
#endif
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
sha224->flags = 0;
#endif
@@ -1715,7 +1715,7 @@ void wc_Sha256Free(wc_Sha256* sha256)
#ifdef WOLFSSL_ASYNC_CRYPT
ret = wolfAsync_DevCopy(&src->asyncDev, &dst->asyncDev);
#endif
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
dst->flags |= WC_HASH_FLAG_ISCOPY;
#endif
@@ -1724,7 +1724,7 @@ void wc_Sha256Free(wc_Sha256* sha256)
#endif /* WOLFSSL_KCAPI_HASH && !WOLFSSL_NO_KCAPI_SHA224 */
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
int wc_Sha224SetFlags(wc_Sha224* sha224, word32 flags)
{
if (sha224) {
@@ -1821,7 +1821,7 @@ int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst)
dst->ctx.isfirstblock = src->ctx.isfirstblock;
dst->ctx.sha_type = src->ctx.sha_type;
#endif
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
dst->flags |= WC_HASH_FLAG_ISCOPY;
#endif
@@ -1829,7 +1829,7 @@ int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst)
}
#endif
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
int wc_Sha256SetFlags(wc_Sha256* sha256, word32 flags)
{
if (sha256) {
+3 -3
View File
@@ -599,7 +599,7 @@ static int InitSha3(wc_Sha3* sha3)
for (i = 0; i < 25; i++)
sha3->s[i] = 0;
sha3->i = 0;
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
sha3->flags = 0;
#endif
@@ -844,7 +844,7 @@ static int wc_Sha3Copy(wc_Sha3* src, wc_Sha3* dst)
#ifdef WOLFSSL_ASYNC_CRYPT
ret = wolfAsync_DevCopy(&src->asyncDev, &dst->asyncDev);
#endif
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
dst->flags |= WC_HASH_FLAG_ISCOPY;
#endif
@@ -1164,7 +1164,7 @@ int wc_Sha3_512_Copy(wc_Sha3* src, wc_Sha3* dst)
return wc_Sha3Copy(src, dst);
}
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
int wc_Sha3_SetFlags(wc_Sha3* sha3, word32 flags)
{
if (sha3) {
+13 -13
View File
@@ -294,7 +294,7 @@ static int InitSha512(wc_Sha512* sha512)
*/
sha512->ctx.mode = ESP32_SHA_INIT;
#endif
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
sha512->flags = 0;
#endif
return 0;
@@ -341,7 +341,7 @@ static int InitSha512_224(wc_Sha512* sha512)
*/
sha512->ctx.mode = ESP32_SHA_INIT;
#endif
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
sha512->flags = 0;
#endif
return 0;
@@ -390,7 +390,7 @@ static int InitSha512_256(wc_Sha512* sha512)
*/
sha512->ctx.mode = ESP32_SHA_INIT;
#endif
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
sha512->flags = 0;
#endif
return 0;
@@ -1313,7 +1313,7 @@ static int InitSha384(wc_Sha384* sha384)
sha384->ctx.mode = ESP32_SHA_INIT;
#endif
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
sha384->flags = 0;
#endif
@@ -1538,7 +1538,7 @@ int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst)
dst->ctx.isfirstblock = src->ctx.isfirstblock;
dst->ctx.sha_type = src->ctx.sha_type;
#endif
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
dst->flags |= WC_HASH_FLAG_ISCOPY;
#endif
@@ -1547,7 +1547,7 @@ int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst)
#endif /* WOLFSSL_KCAPI_HASH */
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
int wc_Sha512SetFlags(wc_Sha512* sha512, word32 flags)
{
if (sha512) {
@@ -1562,7 +1562,7 @@ int wc_Sha512GetFlags(wc_Sha512* sha512, word32* flags)
}
return 0;
}
#endif /* WOLFSSL_HASH_FLAGS || WOLF_CRYPTO_CB */
#endif /* WOLFSSL_HASH_FLAGS */
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
@@ -1611,7 +1611,7 @@ int wc_Sha512_224Copy(wc_Sha512* src, wc_Sha512* dst)
}
#endif
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
int wc_Sha512_224SetFlags(wc_Sha512* sha, word32 flags)
{
return wc_Sha512SetFlags(sha, flags);
@@ -1620,7 +1620,7 @@ int wc_Sha512_224GetFlags(wc_Sha512* sha, word32* flags)
{
return wc_Sha512GetFlags(sha, flags);
}
#endif /* WOLFSSL_HASH_FLAGS || WOLF_CRYPTO_CB */
#endif /* WOLFSSL_HASH_FLAGS */
#if defined(OPENSSL_EXTRA)
int wc_Sha512_224Transform(wc_Sha512* sha, const unsigned char* data)
@@ -1673,7 +1673,7 @@ int wc_Sha512_256Copy(wc_Sha512* src, wc_Sha512* dst)
}
#endif
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
int wc_Sha512_256SetFlags(wc_Sha512* sha, word32 flags)
{
return wc_Sha512SetFlags(sha, flags);
@@ -1682,7 +1682,7 @@ int wc_Sha512_256GetFlags(wc_Sha512* sha, word32* flags)
{
return wc_Sha512GetFlags(sha, flags);
}
#endif /* WOLFSSL_HASH_FLAGS || WOLF_CRYPTO_CB */
#endif /* WOLFSSL_HASH_FLAGS */
#if defined(OPENSSL_EXTRA)
int wc_Sha512_256Transform(wc_Sha512* sha, const unsigned char* data)
@@ -1756,7 +1756,7 @@ int wc_Sha384Copy(wc_Sha384* src, wc_Sha384* dst)
dst->ctx.isfirstblock = src->ctx.isfirstblock;
dst->ctx.sha_type = src->ctx.sha_type;
#endif
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
dst->flags |= WC_HASH_FLAG_ISCOPY;
#endif
@@ -1765,7 +1765,7 @@ int wc_Sha384Copy(wc_Sha384* src, wc_Sha384* dst)
#endif /* WOLFSSL_KCAPI_HASH */
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
int wc_Sha384SetFlags(wc_Sha384* sha384, word32 flags)
{
if (sha384) {
+5
View File
@@ -218,6 +218,10 @@ WOLFSSL_API int wolfSSL_ECDSA_size(const WOLFSSL_EC_KEY *key);
WOLFSSL_API int wolfSSL_ECDSA_sign(int type, const unsigned char *digest,
int digestSz, unsigned char *sig,
unsigned int *sigSz, WOLFSSL_EC_KEY *key);
WOLFSSL_API int wolfSSL_ECDSA_verify(int type, const unsigned char *digest,
int digestSz, const unsigned char *sig,
int sigSz, WOLFSSL_EC_KEY *key);
WOLFSSL_API
void wolfSSL_EC_GROUP_set_asn1_flag(WOLFSSL_EC_GROUP *group, int flag);
WOLFSSL_API
@@ -310,6 +314,7 @@ char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group,
#define ECDSA_size wolfSSL_ECDSA_size
#define ECDSA_sign wolfSSL_ECDSA_sign
#define ECDSA_verify wolfSSL_ECDSA_verify
#define EC_GROUP_free wolfSSL_EC_GROUP_free
#define EC_GROUP_set_asn1_flag wolfSSL_EC_GROUP_set_asn1_flag
+6
View File
@@ -73,6 +73,7 @@ typedef char WOLFSSL_EVP_CIPHER;
typedef char WOLFSSL_EVP_MD;
typedef struct WOLFSSL_EVP_PKEY WOLFSSL_EVP_PKEY;
typedef struct WOLFSSL_EVP_MD_CTX WOLFSSL_EVP_MD_CTX;
typedef struct WOLFSSL_EVP_PKEY WOLFSSL_PKCS8_PRIV_KEY_INFO;
#define WOLFSSL_EVP_TYPE_DEFINED
#endif
@@ -670,6 +671,9 @@ WOLFSSL_API int wolfSSL_EVP_PKEY_type(int type);
WOLFSSL_API int wolfSSL_EVP_PKEY_id(const WOLFSSL_EVP_PKEY *pkey);
WOLFSSL_API int wolfSSL_EVP_PKEY_base_id(const WOLFSSL_EVP_PKEY *pkey);
WOLFSSL_API int wolfSSL_EVP_PKEY_get_default_digest_nid(WOLFSSL_EVP_PKEY *pkey, int *pnid);
WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKCS82PKEY(const WOLFSSL_PKCS8_PRIV_KEY_INFO* p8);
WOLFSSL_API WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_EVP_PKEY2PKCS8(const WOLFSSL_EVP_PKEY* pkey);
WOLFSSL_API int wolfSSL_EVP_SignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sigret,
unsigned int *siglen, WOLFSSL_EVP_PKEY *pkey);
WOLFSSL_API int wolfSSL_EVP_SignInit(WOLFSSL_EVP_MD_CTX *ctx, const WOLFSSL_EVP_MD *type);
@@ -960,6 +964,8 @@ typedef WOLFSSL_ASN1_PCTX ASN1_PCTX;
#define EVP_PKEY_get_default_digest_nid wolfSSL_EVP_PKEY_get_default_digest_nid
#define EVP_PKEY_id wolfSSL_EVP_PKEY_id
#define EVP_PKEY_CTX_ctrl_str wolfSSL_EVP_PKEY_CTX_ctrl_str
#define EVP_PKCS82PKEY wolfSSL_EVP_PKCS82PKEY
#define EVP_PKEY2PKCS8 wolfSSL_EVP_PKEY2PKCS8
#define EVP_SignFinal wolfSSL_EVP_SignFinal
#define EVP_SignInit wolfSSL_EVP_SignInit
#define EVP_SignInit_ex wolfSSL_EVP_SignInit_ex
+21 -7
View File
@@ -69,15 +69,29 @@ typedef WOLFSSL_MD5_CTX MD5_CTX;
#define MD5Final wolfSSL_MD5_Final
#endif
#if (!defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2)) && \
defined(OPENSSL_EXTRA)
/* For fips v1 defined in wolfssl/wolfcrypt/md5.h as
* WC_MD5 for compatibility */
#define MD5 wolfSSL_MD5
/* "MD5" has some conflicts
* If not FIPS and NO_OLD_SHA_NAMES defined
* If FIPS V2 or higher and NO_OLD_MD5_NAME defined
* If FIPS V2 and NO_OLD_WC_NAMES defined
* If FIPS v1 not allowed
*/
#if (defined(NO_OLD_MD5_NAME) && !defined(HAVE_FIPS)) || \
(defined(NO_OLD_MD5_NAME) && defined(HAVE_FIPS) && \
defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION >= 2) || \
(defined(NO_OLD_WC_NAMES) && defined(HAVE_FIPS) && \
defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION == 2)
#define MD5 wolfSSL_MD5
#endif
#define MD5_DIGEST_LENGTH MD5_DIGEST_SIZE
/* FIPS v1 uses old MD5_DIGEST_SIZE naming */
#if (!defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION >= 2)) && \
defined(OPENSSL_EXTRA)
#define MD5_DIGEST_LENGTH WC_MD5_DIGEST_SIZE
#else
#define MD5_DIGEST_LENGTH MD5_DIGEST_SIZE
#endif
#ifdef __cplusplus
} /* extern "C" */
+14 -3
View File
@@ -147,9 +147,20 @@ typedef WOLFSSL_SHA256_CTX SHA256_CTX;
#define SHA256_Final wolfSSL_SHA256_Final
#define SHA256_Transform wolfSSL_SHA256_Transform
#if defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
/* SHA256 is only available in non-fips mode because of SHA256 enum in FIPS
* build. */
/* "SHA256" has some conflicts
* If not FIPS and NO_OLD_SHA_NAMES defined
* If FIPS V3 or higher and NO_OLD_SHA_NAMES defined
* If FIPS V2 and NO_OLD_SHA256_NAMES defined
* If FIPS v1 not allowed
* If HAVE_SELFTEST not allowed
*/
#if !defined(HAVE_SELFTEST) && \
(defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS)) || \
(defined(NO_OLD_SHA_NAMES) && defined(HAVE_FIPS) && \
defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION >= 3) || \
(defined(NO_OLD_SHA256_NAMES) && defined(HAVE_FIPS) && \
defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION == 2)
#define SHA256 wolfSSL_SHA256
#endif
+2
View File
@@ -199,6 +199,8 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define SSL_use_certificate wolfSSL_use_certificate
#define SSL_use_certificate_ASN1 wolfSSL_use_certificate_ASN1
#define d2i_PKCS8_PRIV_KEY_INFO_bio wolfSSL_d2i_PKCS8_PKEY_bio
#define d2i_PKCS8_PRIV_KEY_INFO wolfSSL_d2i_PKCS8_PKEY
#define i2d_PKCS8_PRIV_KEY_INFO wolfSSL_i2d_PrivateKey
#define d2i_PKCS8PrivateKey_bio wolfSSL_d2i_PKCS8PrivateKey_bio
#define i2d_PKCS8PrivateKey_bio wolfSSL_PEM_write_bio_PKCS8PrivateKey
#define PKCS8_PRIV_KEY_INFO_free wolfSSL_EVP_PKEY_free
+4 -1
View File
@@ -412,10 +412,11 @@ struct WOLFSSL_EVP_PKEY {
byte ownDsa:1; /* if struct owns DSA and should free it */
byte ownRsa:1; /* if struct owns RSA and should free it */
};
typedef struct WOLFSSL_EVP_PKEY WOLFSSL_PKCS8_PRIV_KEY_INFO;
#ifndef WOLFSSL_EVP_TYPE_DEFINED /* guard on redeclaration */
typedef struct WOLFSSL_EVP_PKEY WOLFSSL_EVP_PKEY;
typedef struct WOLFSSL_EVP_MD_CTX WOLFSSL_EVP_MD_CTX;
typedef struct WOLFSSL_EVP_PKEY WOLFSSL_PKCS8_PRIV_KEY_INFO;
typedef char WOLFSSL_EVP_MD;
#define WOLFSSL_EVP_TYPE_DEFINED
#endif
@@ -1777,6 +1778,8 @@ WOLFSSL_API int wolfSSL_X509_CRL_verify(WOLFSSL_X509_CRL*, WOLFSSL_EVP_PKE
WOLFSSL_API void wolfSSL_X509_OBJECT_free_contents(WOLFSSL_X509_OBJECT*);
WOLFSSL_API WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY_bio(
WOLFSSL_BIO* bio, WOLFSSL_PKCS8_PRIV_KEY_INFO** pkey);
WOLFSSL_API WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY(
WOLFSSL_PKCS8_PRIV_KEY_INFO** pkey, const unsigned char** keyBuf, long keyLen);
WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY_bio(WOLFSSL_BIO* bio,
WOLFSSL_EVP_PKEY** out);
WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** key,
+1 -1
View File
@@ -170,7 +170,7 @@ WOLFSSL_API int wc_HashFinal(wc_HashAlg* hash, enum wc_HashType type,
byte* out);
WOLFSSL_API int wc_HashFree(wc_HashAlg* hash, enum wc_HashType type);
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
WOLFSSL_API int wc_HashSetFlags(wc_HashAlg* hash, enum wc_HashType type,
word32 flags);
WOLFSSL_API int wc_HashGetFlags(wc_HashAlg* hash, enum wc_HashType type,
+2 -2
View File
@@ -100,7 +100,7 @@ typedef struct wc_Md5 {
#ifdef WOLFSSL_ASYNC_CRYPT
WC_ASYNC_DEV asyncDev;
#endif /* WOLFSSL_ASYNC_CRYPT */
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
word32 flags; /* enum wc_HashFlags in hash.h */
#endif
} wc_Md5;
@@ -123,7 +123,7 @@ WOLFSSL_API int wc_Md5Copy(wc_Md5*, wc_Md5*);
WOLFSSL_API void wc_Md5SizeSet(wc_Md5* md5, word32 len);
#endif
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
WOLFSSL_API int wc_Md5SetFlags(wc_Md5* md5, word32 flags);
WOLFSSL_API int wc_Md5GetFlags(wc_Md5* md5, word32* flags);
#endif
+10
View File
@@ -2510,6 +2510,16 @@ extern void uITRON4_free(void *p) ;
*/
#endif
/* Crypto callbacks should enable hash flag support */
#if defined(WOLF_CRYPTO_CB) && !defined(WOLFSSL_HASH_FLAGS)
/* FIPS v1 and v2 do not support hash flags, so do not allow it with
* crypto callbacks */
#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS) && \
defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION >= 3)
#define WOLFSSL_HASH_FLAGS
#endif
#endif
/* ---------------------------------------------------------------------------
* Depricated Algorithm Handling
+2 -2
View File
@@ -153,7 +153,7 @@ struct wc_Sha {
!defined(NO_WOLFSSL_ESP32WROOM32_CRYPT_HASH)
WC_ESP32SHA ctx;
#endif
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
word32 flags; /* enum wc_HashFlags in hash.h */
#endif
};
@@ -185,7 +185,7 @@ WOLFSSL_API int wc_ShaTransform(wc_Sha*, const byte*);
WOLFSSL_API void wc_ShaSizeSet(wc_Sha* sha, word32 len);
#endif
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
WOLFSSL_API int wc_ShaSetFlags(wc_Sha* sha, word32 flags);
WOLFSSL_API int wc_ShaGetFlags(wc_Sha* sha, word32* flags);
#endif
+3 -3
View File
@@ -203,7 +203,7 @@ struct wc_Sha256 {
int devId;
void* devCtx; /* generic crypto callback context */
#endif
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
word32 flags; /* enum wc_HashFlags in hash.h */
#endif
};
@@ -233,7 +233,7 @@ WOLFSSL_API int wc_Sha256Copy(wc_Sha256* src, wc_Sha256* dst);
WOLFSSL_API void wc_Sha256SizeSet(wc_Sha256*, word32);
#endif
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
WOLFSSL_API int wc_Sha256SetFlags(wc_Sha256* sha256, word32 flags);
WOLFSSL_API int wc_Sha256GetFlags(wc_Sha256* sha256, word32* flags);
#endif
@@ -278,7 +278,7 @@ WOLFSSL_API void wc_Sha224Free(wc_Sha224*);
WOLFSSL_API int wc_Sha224GetHash(wc_Sha224*, byte*);
WOLFSSL_API int wc_Sha224Copy(wc_Sha224* src, wc_Sha224* dst);
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
WOLFSSL_API int wc_Sha224SetFlags(wc_Sha224* sha224, word32 flags);
WOLFSSL_API int wc_Sha224GetFlags(wc_Sha224* sha224, word32* flags);
#endif
+2 -2
View File
@@ -107,7 +107,7 @@ struct wc_Sha3 {
#ifdef WOLFSSL_ASYNC_CRYPT
WC_ASYNC_DEV asyncDev;
#endif /* WOLFSSL_ASYNC_CRYPT */
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
word32 flags; /* enum wc_HashFlags in hash.h */
#endif
};
@@ -156,7 +156,7 @@ WOLFSSL_API int wc_Shake256_Final(wc_Shake*, byte*, word32);
WOLFSSL_API void wc_Shake256_Free(wc_Shake*);
WOLFSSL_API int wc_Shake256_Copy(wc_Shake* src, wc_Sha3* dst);
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
WOLFSSL_API int wc_Sha3_SetFlags(wc_Sha3* sha3, word32 flags);
WOLFSSL_API int wc_Sha3_GetFlags(wc_Sha3* sha3, word32* flags);
#endif
+5 -5
View File
@@ -180,7 +180,7 @@ struct wc_Sha512 {
int devId;
void* devCtx; /* generic crypto callback context */
#endif
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
word32 flags; /* enum wc_HashFlags in hash.h */
#endif
#endif /* WOLFSSL_PSOC6_CRYPTO */
@@ -211,7 +211,7 @@ WOLFSSL_API void wc_Sha512Free(wc_Sha512*);
WOLFSSL_API int wc_Sha512GetHash(wc_Sha512*, byte*);
WOLFSSL_API int wc_Sha512Copy(wc_Sha512* src, wc_Sha512* dst);
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
WOLFSSL_API int wc_Sha512SetFlags(wc_Sha512* sha512, word32 flags);
WOLFSSL_API int wc_Sha512GetFlags(wc_Sha512* sha512, word32* flags);
#endif
@@ -229,7 +229,7 @@ WOLFSSL_API int wc_Sha512_224Final(wc_Sha512*, byte*);
WOLFSSL_API void wc_Sha512_224Free(wc_Sha512*);
WOLFSSL_API int wc_Sha512_224GetHash(wc_Sha512*, byte*);
WOLFSSL_API int wc_Sha512_224Copy(wc_Sha512* src, wc_Sha512* dst);
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
WOLFSSL_API int wc_Sha512_224SetFlags(wc_Sha512* sha512, word32 flags);
WOLFSSL_API int wc_Sha512_224GetFlags(wc_Sha512* sha512, word32* flags);
#endif
@@ -249,7 +249,7 @@ WOLFSSL_API int wc_Sha512_256Final(wc_Sha512*, byte*);
WOLFSSL_API void wc_Sha512_256Free(wc_Sha512*);
WOLFSSL_API int wc_Sha512_256GetHash(wc_Sha512*, byte*);
WOLFSSL_API int wc_Sha512_256Copy(wc_Sha512* src, wc_Sha512* dst);
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
WOLFSSL_API int wc_Sha512_256SetFlags(wc_Sha512* sha512, word32 flags);
WOLFSSL_API int wc_Sha512_256GetFlags(wc_Sha512* sha512, word32* flags);
#endif
@@ -306,7 +306,7 @@ WOLFSSL_API void wc_Sha384Free(wc_Sha384*);
WOLFSSL_API int wc_Sha384GetHash(wc_Sha384*, byte*);
WOLFSSL_API int wc_Sha384Copy(wc_Sha384* src, wc_Sha384* dst);
#if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
#ifdef WOLFSSL_HASH_FLAGS
WOLFSSL_API int wc_Sha384SetFlags(wc_Sha384* sha384, word32 flags);
WOLFSSL_API int wc_Sha384GetFlags(wc_Sha384* sha384, word32* flags);
#endif