diff --git a/IDE/MQX/Makefile b/IDE/MQX/Makefile new file mode 100644 index 000000000..64c00f11f --- /dev/null +++ b/IDE/MQX/Makefile @@ -0,0 +1,153 @@ +WOLF_ROOT = ../.. +MQX_ROOT = /mnt/c/Freescale/Freescale_MQX_4_1 +CC = arm-none-eabi-gcc +AR = arm-none-eabi-ar + +WOLFLIB = ./libwolfssl.a +MQXLIB = + +OPTIMIZE = -O2 + +WORNING = \ + -Wno-int-to-pointer-cast\ + -Wno-incompatible-pointer-types\ + -Wno-discarded-qualifiers\ + -Wno-int-conversion\ + -Wno-implicit-function-declaration\ + -Wno-pointer-to-int-cast + +USER_SETTINGS_H = -I./ -DWOLFSSL_USER_SETTINGS +CFLAGS = $(OPTIMIZE) -I$(WOLF_ROOT)/. $(USER_SETTINGS_H) $(MQX_INCLUDE) $(WORNING) + +MQX_INCLUDE = -I$(MQX_ROOT)/mqx/source/include\ +-I$(MQX_ROOT)/mqx/source/psp/cortex_m\ +-I$(MQX_ROOT)/mqx/source/psp/cortex_a/compiler/gcc_arm\ +-I$(MQX_ROOT)/mqx/source/psp/cortex_m/cpu\ +-I$(MQX_ROOT)/mfs/source/include\ +-I$(MQX_ROOT)/mqx/source/bsp/twrk70f120m\ +-I$(MQX_ROOT)/mqx/source/io/cm\ +-I$(MQX_ROOT)/mqx/source/io/lpm\ +-I$(MQX_ROOT)/mqx/source/io/serial\ +-I$(MQX_ROOT)/mqx/source/io/dma\ +-I$(MQX_ROOT)/mqx/source/io/spi\ +-I$(MQX_ROOT)/mqx/source/io/i2c\ +-I$(MQX_ROOT)/mqx/source/io/io_mem\ +-I$(MQX_ROOT)/mqx/source/io/io_null\ +-I$(MQX_ROOT)/mqx/source/io/enet\ +-I$(MQX_ROOT)/mqx/source/io/enet/macnet\ +-I$(MQX_ROOT)/mqx/source/io/lwgpio\ +-I$(MQX_ROOT)/mqx/source/io/gpio\ +-I$(MQX_ROOT)/mqx/source/io/gpio/kgpio\ +-I$(MQX_ROOT)/mqx/source/io/esdhc\ +-I$(MQX_ROOT)/mqx/source/io/sdcard\ +-I$(MQX_ROOT)/mqx/source/io/sdcard/sdcard_spi\ +-I$(MQX_ROOT)/mqx/source/io/sdcard/sdcard_esdhc\ +-I$(MQX_ROOT)/mqx/source/io/pccard\ +-I$(MQX_ROOT)/mqx/source/io/pcflash\ +-I$(MQX_ROOT)/mqx/source/io/adc/kadc\ +-I$(MQX_ROOT)/mqx/source/io/adc\ +-I$(MQX_ROOT)/mqx/source/io/lwadc\ +-I$(MQX_ROOT)/mqx/source/io/flashx\ +-I$(MQX_ROOT)/mqx/source/io/flashx/freescale\ +-I$(MQX_ROOT)/mqx/source/io/hwtimer\ +-I$(MQX_ROOT)/mqx/source/io/rtc\ +-I$(MQX_ROOT)/mqx/source/io/debug\ +-I$(MQX_ROOT)/mqx/source/io/tchres\ +-I$(MQX_ROOT)/mqx/source/io/nandflash\ +-I$(MQX_ROOT)/mqx/source/io/timer\ +-I$(MQX_ROOT)/mqx/source/io/usb\ +-I$(MQX_ROOT)/mqx/source/io/hmi\ +-I$(MQX_ROOT)/mqx/source/io/sai\ +-I$(MQX_ROOT)/mqx/source/io/rtcs\ +-I$(MQX_ROOT)/rtcs/source/include + +OBJ =\ +$(WOLF_ROOT)/src/crl.o\ +$(WOLF_ROOT)/src/internal.o\ +$(WOLF_ROOT)/src/keys.o\ +$(WOLF_ROOT)/src/ocsp.o\ +$(WOLF_ROOT)/src/sniffer.o\ +$(WOLF_ROOT)/src/ssl.o\ +$(WOLF_ROOT)/src/tls13.o\ +$(WOLF_ROOT)/src/tls.o\ +$(WOLF_ROOT)/src/wolfio.o\ +$(WOLF_ROOT)/wolfcrypt/src/aes.o\ +$(WOLF_ROOT)/wolfcrypt/src/arc4.o\ +$(WOLF_ROOT)/wolfcrypt/src/asm.o\ +$(WOLF_ROOT)/wolfcrypt/src/asn.o\ +$(WOLF_ROOT)/wolfcrypt/src/blake2b.o\ +$(WOLF_ROOT)/wolfcrypt/src/blake2s.o\ +$(WOLF_ROOT)/wolfcrypt/src/camellia.o\ +$(WOLF_ROOT)/wolfcrypt/src/chacha20_poly1305.o\ +$(WOLF_ROOT)/wolfcrypt/src/chacha.o\ +$(WOLF_ROOT)/wolfcrypt/src/cmac.o\ +$(WOLF_ROOT)/wolfcrypt/src/coding.o\ +$(WOLF_ROOT)/wolfcrypt/src/compress.o\ +$(WOLF_ROOT)/wolfcrypt/src/cpuid.o\ +$(WOLF_ROOT)/wolfcrypt/src/cryptocb.o\ +$(WOLF_ROOT)/wolfcrypt/src/curve25519.o\ +$(WOLF_ROOT)/wolfcrypt/src/des3.o\ +$(WOLF_ROOT)/wolfcrypt/src/dh.o\ +$(WOLF_ROOT)/wolfcrypt/src/dsa.o\ +$(WOLF_ROOT)/wolfcrypt/src/ecc.o\ +$(WOLF_ROOT)/wolfcrypt/src/ecc_fp.o\ +$(WOLF_ROOT)/wolfcrypt/src/ed25519.o\ +$(WOLF_ROOT)/wolfcrypt/src/error.o\ +$(WOLF_ROOT)/wolfcrypt/src/fe_low_mem.o\ +$(WOLF_ROOT)/wolfcrypt/src/fe_operations.o\ +$(WOLF_ROOT)/wolfcrypt/src/ge_low_mem.o\ +$(WOLF_ROOT)/wolfcrypt/src/ge_operations.o\ +$(WOLF_ROOT)/wolfcrypt/src/hash.o\ +$(WOLF_ROOT)/wolfcrypt/src/hc128.o\ +$(WOLF_ROOT)/wolfcrypt/src/hmac.o\ +$(WOLF_ROOT)/wolfcrypt/src/idea.o\ +$(WOLF_ROOT)/wolfcrypt/src/integer.o\ +$(WOLF_ROOT)/wolfcrypt/src/logging.o\ +$(WOLF_ROOT)/wolfcrypt/src/md2.o\ +$(WOLF_ROOT)/wolfcrypt/src/md4.o\ +$(WOLF_ROOT)/wolfcrypt/src/md5.o\ +$(WOLF_ROOT)/wolfcrypt/src/memory.o\ +$(WOLF_ROOT)/wolfcrypt/src/pkcs12.o\ +$(WOLF_ROOT)/wolfcrypt/src/pkcs7.o\ +$(WOLF_ROOT)/wolfcrypt/src/poly1305.o\ +$(WOLF_ROOT)/wolfcrypt/src/pwdbased.o\ +$(WOLF_ROOT)/wolfcrypt/src/rabbit.o\ +$(WOLF_ROOT)/wolfcrypt/src/random.o\ +$(WOLF_ROOT)/wolfcrypt/src/ripemd.o\ +$(WOLF_ROOT)/wolfcrypt/src/rsa.o\ +$(WOLF_ROOT)/wolfcrypt/src/sha256.o\ +$(WOLF_ROOT)/wolfcrypt/src/sha3.o\ +$(WOLF_ROOT)/wolfcrypt/src/sha512.o\ +$(WOLF_ROOT)/wolfcrypt/src/sha.o\ +$(WOLF_ROOT)/wolfcrypt/src/signature.o\ +$(WOLF_ROOT)/wolfcrypt/src/sp_arm32.o\ +$(WOLF_ROOT)/wolfcrypt/src/sp_arm64.o\ +$(WOLF_ROOT)/wolfcrypt/src/sp_armthumb.o\ +$(WOLF_ROOT)/wolfcrypt/src/sp_c32.o\ +$(WOLF_ROOT)/wolfcrypt/src/sp_c64.o\ +$(WOLF_ROOT)/wolfcrypt/src/sp_cortexm.o\ +$(WOLF_ROOT)/wolfcrypt/src/sp_int.o\ +$(WOLF_ROOT)/wolfcrypt/src/sp_x86_64.o\ +$(WOLF_ROOT)/wolfcrypt/src/srp.o\ +$(WOLF_ROOT)/wolfcrypt/src/tfm.o\ +$(WOLF_ROOT)/wolfcrypt/src/wc_encrypt.o\ +$(WOLF_ROOT)/wolfcrypt/src/wc_pkcs11.o\ +$(WOLF_ROOT)/wolfcrypt/src/wc_port.o\ +$(WOLF_ROOT)/wolfcrypt/src/wolfevent.o\ +$(WOLF_ROOT)/wolfcrypt/src/wolfmath.o + + +all : wolfssllib client server test benchmark + +wolfssllib : $(OBJ) + $(AR) r $(WOLFLIB) $(OBJ) +test : wolfssllib ./user_settings.h + $(CC) -o test $(CFLAGS) $(WOLF_ROOT)/wolfcrypt/test/test.c $(WOLFLIB) $(MQXLIB) +benchmark : wolfssllib ./user_settings.h + $(CC) -o benchmark $(CFLAGS) $(WOLF_ROOT)/wolfcrypt/benchmark/benchmark.c $(WOLFLIB) $(WOLFLIB) $(MQXLIB) +server : wolfssllib ./user_settings.h + $(CC) -o server $(CFLAGS) $(WOLF_ROOT)/IDE/KDS/server-tls.c $(WOLFLIB) $(MQXLIB) +client : wolfssllib ./user_settings.h + $(CC) -o client $(CFLAGS) $(WOLF_ROOT)/IDE/KDS/client-tls.c $(WOLFLIB) $(MQXLIB) +clean : + rm $(OBJ) $(WOLFLIB) diff --git a/IDE/MQX/README-jp.md b/IDE/MQX/README-jp.md new file mode 100644 index 000000000..2e1eb893c --- /dev/null +++ b/IDE/MQX/README-jp.md @@ -0,0 +1,25 @@ +# MQX向けビルド方法 +## 概要 +このMakefileはwolfSSLライブラリーとサンプルプログラムをMQX向けにビルドするためのものです。 +以下のターゲットを含んでいます。 + - wolfssllib: wolfSSL静的ライブラリー + - test: 暗号アルゴリズムのテスト + - benchmark: 暗号アルゴリズムのベンチマーク + - client: TLS クライアントサンプルプログラム + - server: TLS サーバサンプルプログラム + + +## 準備 +- 事前にMQXをインストールしておいてください。 + +## 設定 +- wolfSSL コンフィグレーションオプション + /IDE/MQX/user_settings.hファイルに必要なオプションを追加または削除してください。 + +- Makefileの設定 + MQX_ROOT: MQX のインストールパス + MQXLIB: リンクするMQX ライブラリのパス + CC: コンパイラコマンド + AR: ARコマンド + WOLF_ROOT: Makefileの格納位置を変える場合はこの定義を変更してください + \ No newline at end of file diff --git a/IDE/MQX/README.md b/IDE/MQX/README.md new file mode 100644 index 000000000..0a31fccd5 --- /dev/null +++ b/IDE/MQX/README.md @@ -0,0 +1,23 @@ +#How to build with MQX +## Overview +This Makefile is for building wolfSSL library and sample programs running with MQX. +It has following tartes. + - wolfssllib: wolfSSL static library + - test: crypt test + - benchmark: cypher benchmark + - client: TLS client example + - server: TLS server example + +## Prerequisites +- Installed MQX + +## Setup +- wolfSSL configuration parameters + You can add or remove configuration options in /IDE/MQX/user_settings.h. + +- Setup Makefile + MQX_ROOT: MQX source code installed path + MQXLIB: MQX library path to like with + CC: compiler + AR: archiver + WOLF_ROOT: change this if you move this Makefile location diff --git a/IDE/MQX/client-tls.c b/IDE/MQX/client-tls.c new file mode 100644 index 000000000..b16987624 --- /dev/null +++ b/IDE/MQX/client-tls.c @@ -0,0 +1,163 @@ +/* client-tls.c + * + * Copyright (C) 2006-2020 wolfSSL Inc. + * + * This file is part of wolfSSL. (formerly known as CyaSSL) + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + + +/* wolfSSL */ +#include +#include + +#define DEFAULT_PORT 11111 + +#define CERT_FILE "../certs/ca-cert.pem" + + + +int main(int argc, char** argv) +{ + int sockfd; + struct sockaddr_in servAddr; + char buff[256]; + size_t len; + int ret; + + /* declare wolfSSL objects */ + WOLFSSL_CTX* ctx; + WOLFSSL* ssl; + + + + /* Check for proper calling convention */ + if (argc != 2) { + printf("usage: %s \n", argv[0]); + return 0; + } + + /* Create a socket that uses an internet IPv4 address, + * Sets the socket to be stream based (TCP), + * 0 means choose the default protocol. */ + if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) { + fprintf(stderr, "ERROR: failed to create the socket\n"); + ret = -1; + goto end; + } + + /* Initialize the server address struct with zeros */ + memset(&servAddr, 0, sizeof(servAddr)); + + /* Fill in the server address */ + servAddr.sin_family = AF_INET; /* using IPv4 */ + servAddr.sin_port = htons(DEFAULT_PORT); /* on DEFAULT_PORT */ + + /* Get the server IPv4 address from the command line call */ + if (inet_pton(AF_INET, argv[1], &servAddr.sin_addr, sizeof(servAddr.sin_addr)) != 1) { + fprintf(stderr, "ERROR: invalid address\n"); + ret = -1; + goto end; + } + + /* Connect to the server */ + if ((ret = connect(sockfd, (struct sockaddr*) &servAddr, sizeof(servAddr))) + == -1) { + fprintf(stderr, "ERROR: failed to connect\n"); + goto end; + } + + /*---------------------------------*/ + /* Start of security */ + /*---------------------------------*/ + /* Initialize wolfSSL */ + if ((ret = wolfSSL_Init()) != WOLFSSL_SUCCESS) { + fprintf(stderr, "ERROR: Failed to initialize the library\n"); + goto socket_cleanup; + } + + /* Create and initialize WOLFSSL_CTX */ + if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())) == NULL) { + fprintf(stderr, "ERROR: failed to create WOLFSSL_CTX\n"); + ret = -1; + goto socket_cleanup; + } + + /* Load client certificates into WOLFSSL_CTX */ + if ((ret = wolfSSL_CTX_load_verify_locations(ctx, CERT_FILE, NULL)) + != SSL_SUCCESS) { + fprintf(stderr, "ERROR: failed to load %s, please check the file.\n", + CERT_FILE); + goto ctx_cleanup; + } + + /* Create a WOLFSSL object */ + if ((ssl = wolfSSL_new(ctx)) == NULL) { + fprintf(stderr, "ERROR: failed to create WOLFSSL object\n"); + ret = -1; + goto ctx_cleanup; + } + + /* Attach wolfSSL to the socket */ + if ((ret = wolfSSL_set_fd(ssl, sockfd)) != WOLFSSL_SUCCESS) { + fprintf(stderr, "ERROR: Failed to set the file descriptor\n"); + goto cleanup; + } + + /* Connect to wolfSSL on the server side */ + if ((ret = wolfSSL_connect(ssl)) != SSL_SUCCESS) { + fprintf(stderr, "ERROR: failed to connect to wolfSSL\n"); + goto cleanup; + } + + /* Get a message for the server from stdin */ + printf("Message for server: "); + memset(buff, 0, sizeof(buff)); + if (fgets(buff, sizeof(buff), stdin) == NULL) { + fprintf(stderr, "ERROR: failed to get message for server\n"); + ret = -1; + goto cleanup; + } + len = strnlen(buff, sizeof(buff)); + + /* Send the message to the server */ + if ((ret = wolfSSL_write(ssl, buff, len)) != len) { + fprintf(stderr, "ERROR: failed to write entire message\n"); + fprintf(stderr, "%d bytes of %d bytes were sent", ret, (int) len); + goto cleanup; + } + + /* Read the server data into our buff array */ + memset(buff, 0, sizeof(buff)); + if ((ret = wolfSSL_read(ssl, buff, sizeof(buff)-1)) == -1) { + fprintf(stderr, "ERROR: failed to read\n"); + goto cleanup; + } + + /* Print to stdout any data the server sends */ + printf("Server: %s\n", buff); + + /* Cleanup and return */ +cleanup: + wolfSSL_free(ssl); /* Free the wolfSSL object */ +ctx_cleanup: + wolfSSL_CTX_free(ctx); /* Free the wolfSSL context object */ + wolfSSL_Cleanup(); /* Cleanup the wolfSSL environment */ +socket_cleanup: + close(sockfd); /* Close the connection to the server */ +end: + return ret; /* Return reporting a success */ +} diff --git a/IDE/MQX/include.am b/IDE/MQX/include.am new file mode 100644 index 000000000..27687d33e --- /dev/null +++ b/IDE/MQX/include.am @@ -0,0 +1,11 @@ +# vim:ft=automake +# included from Top Level Makefile.am +# All paths should be given relative to the root + +EXTRA_DIST+= IDE/MQX/client-tls.c +EXTRA_DIST+= IDE/MQX/Makefile +EXTRA_DIST+= IDE/MQX/README-jp.md +EXTRA_DIST+= IDE/MQX/README.md +EXTRA_DIST+= IDE/MQX/server-tls.c +EXTRA_DIST+= IDE/MQX/user_config.h +EXTRA_DIST+= IDE/MQX/user_settings.h \ No newline at end of file diff --git a/IDE/MQX/server-tls.c b/IDE/MQX/server-tls.c new file mode 100644 index 000000000..47f1a05c3 --- /dev/null +++ b/IDE/MQX/server-tls.c @@ -0,0 +1,194 @@ +/* server-tls.c + * + * Copyright (C) 2006-2020 wolfSSL Inc. + * + * This file is part of wolfSSL. (formerly known as CyaSSL) + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +/* wolfSSL */ +#include +#include +#include + +#define DEFAULT_PORT 11111 + +#define CERT_FILE "../certs/server-cert.pem" +#define KEY_FILE "../certs/server-key.pem" + + + +int main() +{ + int sockfd; + int connd; + struct sockaddr_in servAddr; + struct sockaddr_in clientAddr; + socklen_t size = sizeof(clientAddr); + char buff[256]; + size_t len; + int shutdown = 0; + int ret; + const char* reply = "I hear ya fa shizzle!\n"; + + /* declare wolfSSL objects */ + WOLFSSL_CTX* ctx; + WOLFSSL* ssl; + + + + /* Initialize wolfSSL */ + wolfSSL_Init(); + + + + /* Create a socket that uses an internet IPv4 address, + * Sets the socket to be stream based (TCP), + * 0 means choose the default protocol. */ + if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) { + fprintf(stderr, "ERROR: failed to create the socket\n"); + return -1; + } + + + + /* Create and initialize WOLFSSL_CTX */ + if ((ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method())) == NULL) { + fprintf(stderr, "ERROR: failed to create WOLFSSL_CTX\n"); + return -1; + } + + /* Load server certificates into WOLFSSL_CTX */ + if (wolfSSL_CTX_use_certificate_file(ctx, CERT_FILE, SSL_FILETYPE_PEM) + != SSL_SUCCESS) { + fprintf(stderr, "ERROR: failed to load %s, please check the file.\n", + CERT_FILE); + return -1; + } + + /* Load server key into WOLFSSL_CTX */ + if (wolfSSL_CTX_use_PrivateKey_file(ctx, KEY_FILE, SSL_FILETYPE_PEM) + != SSL_SUCCESS) { + fprintf(stderr, "ERROR: failed to load %s, please check the file.\n", + KEY_FILE); + return -1; + } + + + + /* Initialize the server address struct with zeros */ + memset(&servAddr, 0, sizeof(servAddr)); + + /* Fill in the server address */ + servAddr.sin_family = AF_INET; /* using IPv4 */ + servAddr.sin_port = htons(DEFAULT_PORT); /* on DEFAULT_PORT */ + servAddr.sin_addr.s_addr = INADDR_ANY; /* from anywhere */ + + + + /* Bind the server socket to our port */ + if (bind(sockfd, (struct sockaddr*)&servAddr, sizeof(servAddr)) == -1) { + fprintf(stderr, "ERROR: failed to bind\n"); + return -1; + } + + /* Listen for a new connection, allow 5 pending connections */ + if (listen(sockfd, 5) == -1) { + fprintf(stderr, "ERROR: failed to listen\n"); + return -1; + } + + + + /* Continue to accept clients until shutdown is issued */ + while (!shutdown) { + printf("Waiting for a connection...\n"); + + /* Accept client connections */ + if ((connd = accept(sockfd, (struct sockaddr*)&clientAddr, &size)) + == -1) { + fprintf(stderr, "ERROR: failed to accept the connection\n\n"); + return -1; + } + + /* Create a WOLFSSL object */ + if ((ssl = wolfSSL_new(ctx)) == NULL) { + fprintf(stderr, "ERROR: failed to create WOLFSSL object\n"); + return -1; + } + + /* Attach wolfSSL to the socket */ + wolfSSL_set_fd(ssl, connd); + + /* Establish TLS connection */ + ret = wolfSSL_accept(ssl); + if (ret != SSL_SUCCESS) { + fprintf(stderr, "wolfSSL_accept error = %d\n", + wolfSSL_get_error(ssl, ret)); + return -1; + } + + + printf("Client connected successfully\n"); + + + + /* Read the client data into our buff array */ + memset(buff, 0, sizeof(buff)); + if (wolfSSL_read(ssl, buff, sizeof(buff)-1) == -1) { + fprintf(stderr, "ERROR: failed to read\n"); + return -1; + } + + /* Print to stdout any data the client sends */ + printf("Client: %s\n", buff); + + /* Check for server shutdown command */ + if (strncmp(buff, "shutdown", 8) == 0) { + printf("Shutdown command issued!\n"); + shutdown = 1; + } + + + + /* Write our reply into buff */ + memset(buff, 0, sizeof(buff)); + memcpy(buff, reply, strlen(reply)); + len = strnlen(buff, sizeof(buff)); + + /* Reply back to the client */ + if (wolfSSL_write(ssl, buff, len) != len) { + fprintf(stderr, "ERROR: failed to write\n"); + return -1; + } + + + + /* Cleanup after this connection */ + wolfSSL_free(ssl); /* Free the wolfSSL object */ + close(connd); /* Close the connection to the client */ + } + + printf("Shutdown complete\n"); + + + + /* Cleanup and return */ + wolfSSL_CTX_free(ctx); /* Free the wolfSSL context object */ + wolfSSL_Cleanup(); /* Cleanup the wolfSSL environment */ + close(sockfd); /* Close the socket listening for clients */ + return 0; /* Return reporting a success */ +} \ No newline at end of file diff --git a/IDE/MQX/user_config.h b/IDE/MQX/user_config.h new file mode 100644 index 000000000..d66e53235 --- /dev/null +++ b/IDE/MQX/user_config.h @@ -0,0 +1 @@ +#define MQX_CPU PSP_CPU_MK60DN512Z \ No newline at end of file diff --git a/IDE/MQX/user_settings.h b/IDE/MQX/user_settings.h new file mode 100644 index 000000000..c8431116b --- /dev/null +++ b/IDE/MQX/user_settings.h @@ -0,0 +1,63 @@ + +/* wolfSSH */ +#define WOLFSSL_PUBLIC_MP + +/* TLS1.3 */ +#define WOLFSSL_TLS13 +#define HAVE_TLS_EXTENSIONS +#define HAVE_SUPPORTED_CURVES +#define HAVE_FFDHE_2048 +#define HAVE_THREAD_LS + +/* SP optimization */ +#define WOLFSSL_HAVE_SP_RSA +#define WOLFSSL_HAVE_SP_DH +#define WOLFSSL_SP_4096 +#define WOLFSSL_HAVE_SP_ECC +#define HAVE_ECC384 +#define WOLFSSL_SP_384 + +/* Hardening */ +#define TFM_TIMING_RESISTANT +#define ECC_TIMING_RESISTANT +#define WC_RSA_BLINDING + +/* Default Cyphers */ +#define HAVE_AESGCM +#define WOLFSSL_SHA512 +#define WOLFSSL_SHA384 +#define HAVE_HKDF +#define NO_DSA +#define HAVE_ECC +#define TFM_ECC256 +#define ECC_SHAMIR +#define WC_RSA_PSS +#define WOLFSSL_BASE64_ENCODE +#define NO_RC4 +#define NO_HC128 +#define NO_RABBIT +#define WOLFSSL_SHA224 +#define WOLFSSL_SHA3 +#define WOLFSSL_SHAKE256 +#define HAVE_POLY1305 +#define HAVE_ONE_TIME_AUTH +#define HAVE_CHACHA +#define HAVE_HASHDRBG +#define HAVE_TLS_EXTENSIONS +#define HAVE_SUPPORTED_CURVES +#define HAVE_EXTENDED_MASTER +#define NO_RC4 +#define HAVE_ENCRYPT_THEN_MAC +#define NO_PSK +#define NO_MD4 +#define NO_PWDBASED +#define USE_FAST_MATH +#define WC_NO_ASYNC_THREADING +#define HAVE_DH_DEFAULT_PARAMS +#define NO_DES +#define WOLFSSL_DH_CONST + +/* MQX */ +#define FREESCALE_MQX +#define FREESCALE_NO_RNG + diff --git a/IDE/include.am b/IDE/include.am index 5af057d6b..c9de0cbc4 100644 --- a/IDE/include.am +++ b/IDE/include.am @@ -20,6 +20,7 @@ include IDE/CSBENCH/include.am include IDE/ECLIPSE/DEOS/include.am include IDE/ECLIPSE/MICRIUM/include.am include IDE/ECLIPSE/SIFIVE/include.am +include IDE/MQX/include.am include IDE/mynewt/include.am include IDE/Renesas/e2studio/DK-S7G2/include.am include IDE/Renesas/cs+/Projects/include.am diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c deleted file mode 100644 index a909325f8..000000000 --- a/wolfcrypt/src/evp.c +++ /dev/null @@ -1,6768 +0,0 @@ -/* evp.c - * - * Copyright (C) 2006-2020 wolfSSL Inc. - * - * This file is part of wolfSSL. - * - * wolfSSL is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * wolfSSL is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA - */ - - -#ifdef HAVE_CONFIG_H - #include -#endif - -#include - -#if !defined(WOLFSSL_EVP_INCLUDED) - #ifndef WOLFSSL_IGNORE_FILE_WARN - #warning evp.c does not need to be compiled separately from ssl.c - #endif -#elif defined(WOLFCRYPT_ONLY) -#else - -#if defined(OPENSSL_EXTRA) - -#if !defined(HAVE_PKCS7) && \ - ((defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \ - (HAVE_FIPS_VERSION == 2)) || defined(HAVE_SELFTEST)) - #include -#endif - - -#include -#include - -#ifndef NO_AES - #ifdef HAVE_AES_CBC - #ifdef WOLFSSL_AES_128 - static const char EVP_AES_128_CBC[] = "AES-128-CBC"; - #endif - #ifdef WOLFSSL_AES_192 - static const char EVP_AES_192_CBC[] = "AES-192-CBC"; - #endif - #ifdef WOLFSSL_AES_256 - static const char EVP_AES_256_CBC[] = "AES-256-CBC"; - #endif - #endif /* HAVE_AES_CBC */ - - #ifdef WOLFSSL_AES_OFB - #ifdef WOLFSSL_AES_128 - static const char EVP_AES_128_OFB[] = "AES-128-OFB"; - #endif - #ifdef WOLFSSL_AES_192 - static const char EVP_AES_192_OFB[] = "AES-192-OFB"; - #endif - #ifdef WOLFSSL_AES_256 - static const char EVP_AES_256_OFB[] = "AES-256-OFB"; - #endif - #endif /* WOLFSSL_AES_OFB */ - - #ifdef WOLFSSL_AES_XTS - #ifdef WOLFSSL_AES_128 - static const char EVP_AES_128_XTS[] = "AES-128-XTS"; - #endif - #ifdef WOLFSSL_AES_256 - static const char EVP_AES_256_XTS[] = "AES-256-XTS"; - #endif - #endif /* WOLFSSL_AES_XTS */ - - #ifdef WOLFSSL_AES_CFB - #ifdef WOLFSSL_AES_128 - static const char EVP_AES_128_CFB1[] = "AES-128-CFB1"; - #endif - #ifdef WOLFSSL_AES_192 - static const char EVP_AES_192_CFB1[] = "AES-192-CFB1"; - #endif - #ifdef WOLFSSL_AES_256 - static const char EVP_AES_256_CFB1[] = "AES-256-CFB1"; - #endif - - #ifdef WOLFSSL_AES_128 - static const char EVP_AES_128_CFB8[] = "AES-128-CFB8"; - #endif - #ifdef WOLFSSL_AES_192 - static const char EVP_AES_192_CFB8[] = "AES-192-CFB8"; - #endif - #ifdef WOLFSSL_AES_256 - static const char EVP_AES_256_CFB8[] = "AES-256-CFB8"; - #endif - - #ifdef WOLFSSL_AES_128 - static const char EVP_AES_128_CFB128[] = "AES-128-CFB128"; - #endif - #ifdef WOLFSSL_AES_192 - static const char EVP_AES_192_CFB128[] = "AES-192-CFB128"; - #endif - #ifdef WOLFSSL_AES_256 - static const char EVP_AES_256_CFB128[] = "AES-256-CFB128"; - #endif - #endif /* WOLFSSL_AES_CFB */ - - #ifdef HAVE_AESGCM - #ifdef WOLFSSL_AES_128 - static const char EVP_AES_128_GCM[] = "AES-128-GCM"; - #endif - #ifdef WOLFSSL_AES_192 - static const char EVP_AES_192_GCM[] = "AES-192-GCM"; - #endif - #ifdef WOLFSSL_AES_256 - static const char EVP_AES_256_GCM[] = "AES-256-GCM"; - #endif - #endif /* HAVE_AESGCM */ - - #ifdef WOLFSSL_AES_COUNTER - #ifdef WOLFSSL_AES_128 - static const char EVP_AES_128_CTR[] = "AES-128-CTR"; - #endif - #ifdef WOLFSSL_AES_192 - static const char EVP_AES_192_CTR[] = "AES-192-CTR"; - #endif - #ifdef WOLFSSL_AES_256 - static const char EVP_AES_256_CTR[] = "AES-256-CTR"; - #endif - #endif - - #ifdef HAVE_AES_ECB - #ifdef WOLFSSL_AES_128 - static const char EVP_AES_128_ECB[] = "AES-128-ECB"; - #endif - #ifdef WOLFSSL_AES_192 - static const char EVP_AES_192_ECB[] = "AES-192-ECB"; - #endif - #ifdef WOLFSSL_AES_256 - static const char EVP_AES_256_ECB[] = "AES-256-ECB"; - #endif - #endif - #define EVP_AES_SIZE 11 - #ifdef WOLFSSL_AES_CFB - #define EVP_AESCFB_SIZE 14 - #endif -#endif - -#ifndef NO_DES3 - static const char EVP_DES_CBC[] = "DES-CBC"; - static const char EVP_DES_ECB[] = "DES-ECB"; - - static const char EVP_DES_EDE3_CBC[] = "DES-EDE3-CBC"; - static const char EVP_DES_EDE3_ECB[] = "DES-EDE3-ECB"; - - #define EVP_DES_SIZE 7 - #define EVP_DES_EDE3_SIZE 12 -#endif - -#ifdef HAVE_IDEA - static const char EVP_IDEA_CBC[] = "IDEA-CBC"; - #define EVP_IDEA_SIZE 8 -#endif - -#ifndef NO_RC4 - static const char EVP_ARC4[] = "ARC4"; - #define EVP_ARC4_SIZE 4 -#endif - -static const char EVP_NULL[] = "NULL"; -#define EVP_NULL_SIZE 4 - - -static unsigned int cipherType(const WOLFSSL_EVP_CIPHER *cipher); - - -/* Getter function for cipher key length - * - * c WOLFSSL_EVP_CIPHER structure to get key length from - * - * NOTE: OpenSSL_add_all_ciphers() should be called first before using this - * function - * - * Returns size of key in bytes - */ -int wolfSSL_EVP_Cipher_key_length(const WOLFSSL_EVP_CIPHER* c) -{ - WOLFSSL_ENTER("wolfSSL_EVP_Cipher_key_length"); - - if (c == NULL) { - return 0; - } - - switch (cipherType(c)) { -#if !defined(NO_AES) - #if defined(HAVE_AES_CBC) - case AES_128_CBC_TYPE: return 16; - case AES_192_CBC_TYPE: return 24; - case AES_256_CBC_TYPE: return 32; - #endif - #if defined(WOLFSSL_AES_CFB) - case AES_128_CFB1_TYPE: return 16; - case AES_192_CFB1_TYPE: return 24; - case AES_256_CFB1_TYPE: return 32; - case AES_128_CFB8_TYPE: return 16; - case AES_192_CFB8_TYPE: return 24; - case AES_256_CFB8_TYPE: return 32; - case AES_128_CFB128_TYPE: return 16; - case AES_192_CFB128_TYPE: return 24; - case AES_256_CFB128_TYPE: return 32; - #endif - #if defined(WOLFSSL_AES_OFB) - case AES_128_OFB_TYPE: return 16; - case AES_192_OFB_TYPE: return 24; - case AES_256_OFB_TYPE: return 32; - #endif - #if defined(WOLFSSL_AES_XTS) - /* Two keys for XTS. */ - case AES_128_XTS_TYPE: return 16 * 2; - case AES_256_XTS_TYPE: return 32 * 2; - #endif - #if defined(HAVE_AESGCM) - case AES_128_GCM_TYPE: return 16; - case AES_192_GCM_TYPE: return 24; - case AES_256_GCM_TYPE: return 32; - #endif - #if defined(WOLFSSL_AES_COUNTER) - case AES_128_CTR_TYPE: return 16; - case AES_192_CTR_TYPE: return 24; - case AES_256_CTR_TYPE: return 32; - #endif - #if defined(HAVE_AES_ECB) - case AES_128_ECB_TYPE: return 16; - case AES_192_ECB_TYPE: return 24; - case AES_256_ECB_TYPE: return 32; - #endif -#endif /* !NO_AES */ - #ifndef NO_DES3 - case DES_CBC_TYPE: return 8; - case DES_EDE3_CBC_TYPE: return 24; - case DES_ECB_TYPE: return 8; - case DES_EDE3_ECB_TYPE: return 24; - #endif - default: - return 0; - } -} - - -int wolfSSL_EVP_EncryptInit(WOLFSSL_EVP_CIPHER_CTX* ctx, - const WOLFSSL_EVP_CIPHER* type, - const unsigned char* key, - const unsigned char* iv) -{ - return wolfSSL_EVP_CipherInit(ctx, type, (byte*)key, (byte*)iv, 1); -} - -int wolfSSL_EVP_EncryptInit_ex(WOLFSSL_EVP_CIPHER_CTX* ctx, - const WOLFSSL_EVP_CIPHER* type, - WOLFSSL_ENGINE *impl, - const unsigned char* key, - const unsigned char* iv) -{ - (void) impl; - return wolfSSL_EVP_CipherInit(ctx, type, (byte*)key, (byte*)iv, 1); -} - -int wolfSSL_EVP_DecryptInit(WOLFSSL_EVP_CIPHER_CTX* ctx, - const WOLFSSL_EVP_CIPHER* type, - const unsigned char* key, - const unsigned char* iv) -{ - WOLFSSL_ENTER("wolfSSL_EVP_CipherInit"); - return wolfSSL_EVP_CipherInit(ctx, type, (byte*)key, (byte*)iv, 0); -} - -int wolfSSL_EVP_DecryptInit_ex(WOLFSSL_EVP_CIPHER_CTX* ctx, - const WOLFSSL_EVP_CIPHER* type, - WOLFSSL_ENGINE *impl, - const unsigned char* key, - const unsigned char* iv) -{ - (void) impl; - WOLFSSL_ENTER("wolfSSL_EVP_DecryptInit"); - return wolfSSL_EVP_CipherInit(ctx, type, (byte*)key, (byte*)iv, 0); -} - - -WOLFSSL_EVP_CIPHER_CTX *wolfSSL_EVP_CIPHER_CTX_new(void) -{ - WOLFSSL_EVP_CIPHER_CTX *ctx = (WOLFSSL_EVP_CIPHER_CTX*)XMALLOC(sizeof *ctx, - NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (ctx) { - WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_new"); - wolfSSL_EVP_CIPHER_CTX_init(ctx); - } - return ctx; -} - -void wolfSSL_EVP_CIPHER_CTX_free(WOLFSSL_EVP_CIPHER_CTX *ctx) -{ - if (ctx) { - WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_free"); - wolfSSL_EVP_CIPHER_CTX_cleanup(ctx); - XFREE(ctx, NULL, DYNAMIC_TYPE_TMP_BUFFER); - } -} - -int wolfSSL_EVP_CIPHER_CTX_reset(WOLFSSL_EVP_CIPHER_CTX *ctx) -{ - int ret = WOLFSSL_FAILURE; - - if (ctx != NULL) { - WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_reset"); - wolfSSL_EVP_CIPHER_CTX_cleanup(ctx); - ret = WOLFSSL_SUCCESS; - } - - return ret; -} - -unsigned long wolfSSL_EVP_CIPHER_CTX_mode(const WOLFSSL_EVP_CIPHER_CTX *ctx) -{ - if (ctx == NULL) return 0; - return ctx->flags & WOLFSSL_EVP_CIPH_MODE; -} - -int wolfSSL_EVP_EncryptFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, - unsigned char *out, int *outl) -{ - if (ctx && ctx->enc) { - WOLFSSL_ENTER("wolfSSL_EVP_EncryptFinal"); - return wolfSSL_EVP_CipherFinal(ctx, out, outl); - } - else - return WOLFSSL_FAILURE; -} - - -int wolfSSL_EVP_CipherInit_ex(WOLFSSL_EVP_CIPHER_CTX* ctx, - const WOLFSSL_EVP_CIPHER* type, - WOLFSSL_ENGINE *impl, - const unsigned char* key, - const unsigned char* iv, - int enc) -{ - (void)impl; - return wolfSSL_EVP_CipherInit(ctx, type, key, iv, enc); -} - -int wolfSSL_EVP_EncryptFinal_ex(WOLFSSL_EVP_CIPHER_CTX *ctx, - unsigned char *out, int *outl) -{ - if (ctx && ctx->enc) { - WOLFSSL_ENTER("wolfSSL_EVP_EncryptFinal_ex"); - return wolfSSL_EVP_CipherFinal(ctx, out, outl); - } - else - return WOLFSSL_FAILURE; -} - -int wolfSSL_EVP_DecryptFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, - unsigned char *out, int *outl) -{ - if (ctx && !ctx->enc) { - WOLFSSL_ENTER("wolfSSL_EVP_DecryptFinal"); - return wolfSSL_EVP_CipherFinal(ctx, out, outl); - } - else { - return WOLFSSL_FAILURE; - } -} - -int wolfSSL_EVP_DecryptFinal_ex(WOLFSSL_EVP_CIPHER_CTX *ctx, - unsigned char *out, int *outl) -{ - if (ctx && !ctx->enc) { - WOLFSSL_ENTER("wolfSSL_EVP_DecryptFinal_ex"); - return wolfSSL_EVP_CipherFinal(ctx, out, outl); - } - else { - return WOLFSSL_FAILURE; - } -} - - -int wolfSSL_EVP_DigestInit_ex(WOLFSSL_EVP_MD_CTX* ctx, - const WOLFSSL_EVP_MD* type, - WOLFSSL_ENGINE *impl) -{ - (void) impl; - WOLFSSL_ENTER("wolfSSL_EVP_DigestInit_ex"); - return wolfSSL_EVP_DigestInit(ctx, type); -} - -#ifdef DEBUG_WOLFSSL_EVP -#define PRINT_BUF(b, sz) { int _i; for(_i=0; _i<(sz); _i++) { \ - printf("%02x(%c),", (b)[_i], (b)[_i]); if ((_i+1)%8==0)printf("\n");}} -#else -#define PRINT_BUF(b, sz) -#endif - -static int fillBuff(WOLFSSL_EVP_CIPHER_CTX *ctx, const unsigned char *in, int sz) -{ - int fill; - - if (sz > 0) { - if ((sz+ctx->bufUsed) > ctx->block_size) { - fill = ctx->block_size - ctx->bufUsed; - } else { - fill = sz; - } - XMEMCPY(&(ctx->buf[ctx->bufUsed]), in, fill); - ctx->bufUsed += fill; - return fill; - } else return 0; -} - -static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx, - unsigned char *out, - const unsigned char *in, int inl) -{ - int ret = 0; - - switch (ctx->cipherType) { -#if !defined(NO_AES) - #if defined(HAVE_AES_CBC) - case AES_128_CBC_TYPE: - case AES_192_CBC_TYPE: - case AES_256_CBC_TYPE: - if (ctx->enc) - ret = wc_AesCbcEncrypt(&ctx->cipher.aes, out, in, inl); - else - ret = wc_AesCbcDecrypt(&ctx->cipher.aes, out, in, inl); - break; - #endif - #if defined(WOLFSSL_AES_COUNTER) - case AES_128_CTR_TYPE: - case AES_192_CTR_TYPE: - case AES_256_CTR_TYPE: - ret = wc_AesCtrEncrypt(&ctx->cipher.aes, out, in, inl); - break; - #endif - #if defined(HAVE_AES_ECB) - case AES_128_ECB_TYPE: - case AES_192_ECB_TYPE: - case AES_256_ECB_TYPE: - if (ctx->enc) - ret = wc_AesEcbEncrypt(&ctx->cipher.aes, out, in, inl); - else - ret = wc_AesEcbDecrypt(&ctx->cipher.aes, out, in, inl); - break; - #endif - #if defined(WOLFSSL_AES_OFB) - case AES_128_OFB_TYPE: - case AES_192_OFB_TYPE: - case AES_256_OFB_TYPE: - if (ctx->enc) - ret = wc_AesOfbEncrypt(&ctx->cipher.aes, out, in, inl); - else - ret = wc_AesOfbDecrypt(&ctx->cipher.aes, out, in, inl); - break; - #endif - #if defined(WOLFSSL_AES_CFB) - #if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) - case AES_128_CFB1_TYPE: - case AES_192_CFB1_TYPE: - case AES_256_CFB1_TYPE: - if (ctx->enc) - ret = wc_AesCfb1Encrypt(&ctx->cipher.aes, out, in, - inl * WOLFSSL_BIT_SIZE); - else - ret = wc_AesCfb1Decrypt(&ctx->cipher.aes, out, in, - inl * WOLFSSL_BIT_SIZE); - break; - - case AES_128_CFB8_TYPE: - case AES_192_CFB8_TYPE: - case AES_256_CFB8_TYPE: - if (ctx->enc) - ret = wc_AesCfb8Encrypt(&ctx->cipher.aes, out, in, inl); - else - ret = wc_AesCfb8Decrypt(&ctx->cipher.aes, out, in, inl); - break; - #endif /* !HAVE_SELFTEST && !HAVE_FIPS */ - - case AES_128_CFB128_TYPE: - case AES_192_CFB128_TYPE: - case AES_256_CFB128_TYPE: - if (ctx->enc) - ret = wc_AesCfbEncrypt(&ctx->cipher.aes, out, in, inl); - else - ret = wc_AesCfbDecrypt(&ctx->cipher.aes, out, in, inl); - break; - #endif -#if defined(WOLFSSL_AES_XTS) - case AES_128_XTS_TYPE: - case AES_256_XTS_TYPE: - if (ctx->enc) - ret = wc_AesXtsEncrypt(&ctx->cipher.xts, out, in, inl, - ctx->iv, ctx->ivSz); - else - ret = wc_AesXtsDecrypt(&ctx->cipher.xts, out, in, inl, - ctx->iv, ctx->ivSz); - break; -#endif -#endif /* !NO_AES */ - #ifndef NO_DES3 - case DES_CBC_TYPE: - if (ctx->enc) - ret = wc_Des_CbcEncrypt(&ctx->cipher.des, out, in, inl); - else - ret = wc_Des_CbcDecrypt(&ctx->cipher.des, out, in, inl); - break; - case DES_EDE3_CBC_TYPE: - if (ctx->enc) - ret = wc_Des3_CbcEncrypt(&ctx->cipher.des3, out, in, inl); - else - ret = wc_Des3_CbcDecrypt(&ctx->cipher.des3, out, in, inl); - break; - #if defined(WOLFSSL_DES_ECB) - case DES_ECB_TYPE: - ret = wc_Des_EcbEncrypt(&ctx->cipher.des, out, in, inl); - break; - case DES_EDE3_ECB_TYPE: - ret = wc_Des3_EcbEncrypt(&ctx->cipher.des3, out, in, inl); - break; - #endif - #endif - #ifndef NO_RC4 - case ARC4_TYPE: - wc_Arc4Process(&ctx->cipher.arc4, out, in, inl); - break; - #endif - default: - return WOLFSSL_FAILURE; - } - - if (ret != 0) - return WOLFSSL_FAILURE; /* failure */ - - (void)in; - (void)inl; - (void)out; - - return WOLFSSL_SUCCESS; /* success */ -} - -#if defined(HAVE_AESGCM) -static int wolfSSL_EVP_CipherUpdate_GCM_AAD(WOLFSSL_EVP_CIPHER_CTX *ctx, - const unsigned char *in, int inl) { - if (in && inl > 0) { - byte* tmp = (byte*)XREALLOC(ctx->gcmAuthIn, - ctx->gcmAuthInSz + inl, NULL, DYNAMIC_TYPE_OPENSSL); - if (tmp) { - ctx->gcmAuthIn = tmp; - XMEMCPY(ctx->gcmAuthIn + ctx->gcmAuthInSz, in, inl); - ctx->gcmAuthInSz += inl; - } - else { - WOLFSSL_MSG("realloc error"); - return MEMORY_E; - } - } - return 0; -} - -static int wolfSSL_EVP_CipherUpdate_GCM(WOLFSSL_EVP_CIPHER_CTX *ctx, - unsigned char *out, int *outl, - const unsigned char *in, int inl) -{ - int ret = 0; - - *outl = inl; - if (out) { - /* Buffer input for one-shot API */ - if (ret == 0) { - byte* tmp; - tmp = (byte*)XREALLOC(ctx->gcmBuffer, - ctx->gcmBufferLen + inl, NULL, - DYNAMIC_TYPE_OPENSSL); - if (tmp) { - XMEMCPY(tmp + ctx->gcmBufferLen, in, inl); - ctx->gcmBufferLen += inl; - ctx->gcmBuffer = tmp; - *outl = 0; - } - else { - ret = MEMORY_E; - } - } - } - else { - ret = wolfSSL_EVP_CipherUpdate_GCM_AAD(ctx, in, inl); - } - - if (ret != 0) { - *outl = 0; - return WOLFSSL_FAILURE; - } - - return WOLFSSL_SUCCESS; -} -#endif - -/* returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure */ -WOLFSSL_API int wolfSSL_EVP_CipherUpdate(WOLFSSL_EVP_CIPHER_CTX *ctx, - unsigned char *out, int *outl, - const unsigned char *in, int inl) -{ - int blocks; - int fill; - - WOLFSSL_ENTER("wolfSSL_EVP_CipherUpdate"); - if ((ctx == NULL) || (inl < 0) || (outl == NULL)|| (in == NULL)) { - WOLFSSL_MSG("Bad argument"); - return WOLFSSL_FAILURE; - } - - *outl = 0; - -#if !defined(NO_AES) && defined(HAVE_AESGCM) - switch (ctx->cipherType) { - case AES_128_GCM_TYPE: - case AES_192_GCM_TYPE: - case AES_256_GCM_TYPE: -/* if out == NULL, in/inl contains the additional authenticated data for GCM */ - return wolfSSL_EVP_CipherUpdate_GCM(ctx, out, outl, in, inl); - default: - /* fall-through */ - break; - } -#endif /* !defined(NO_AES) && defined(HAVE_AESGCM) */ - - if (out == NULL) { - return WOLFSSL_FAILURE; - } - - /* if(inl == 0)wolfSSL_EVP_CipherUpdate_GCM to get tag */ - if (inl == 0) { - return WOLFSSL_SUCCESS; - } - if (ctx->bufUsed > 0) { /* concatenate them if there is anything */ - fill = fillBuff(ctx, in, inl); - inl -= fill; - in += fill; - } - - /* check if the buff is full, and if so flash it out */ - if (ctx->bufUsed == ctx->block_size) { - byte* output = out; - - /* During decryption we save the last block to check padding on Final. - * Update the last block stored if one has already been stored */ - if (ctx->enc == 0) { - if (ctx->lastUsed == 1) { - XMEMCPY(out, ctx->lastBlock, ctx->block_size); - *outl+= ctx->block_size; - out += ctx->block_size; - } - output = ctx->lastBlock; /* redirect output to last block buffer */ - ctx->lastUsed = 1; - } - - PRINT_BUF(ctx->buf, ctx->block_size); - if (evpCipherBlock(ctx, output, ctx->buf, ctx->block_size) == 0) { - return WOLFSSL_FAILURE; - } - PRINT_BUF(out, ctx->block_size); - ctx->bufUsed = 0; - - /* if doing encryption update the new output block, decryption will - * always have the last block saved for when Final is called */ - if ((ctx->enc != 0)) { - *outl+= ctx->block_size; - out += ctx->block_size; - } - } - - blocks = inl / ctx->block_size; - if (blocks > 0) { - /* During decryption we save the last block to check padding on Final. - * Update the last block stored if one has already been stored */ - if ((ctx->enc == 0) && (ctx->lastUsed == 1)) { - PRINT_BUF(ctx->lastBlock, ctx->block_size); - XMEMCPY(out, ctx->lastBlock, ctx->block_size); - *outl += ctx->block_size; - out += ctx->block_size; - ctx->lastUsed = 0; - } - - /* process blocks */ - if (evpCipherBlock(ctx, out, in, blocks * ctx->block_size) == 0) { - return WOLFSSL_FAILURE; - } - PRINT_BUF(in, ctx->block_size*blocks); - PRINT_BUF(out,ctx->block_size*blocks); - inl -= ctx->block_size * blocks; - in += ctx->block_size * blocks; - if (ctx->enc == 0) { - if ((ctx->flags & WOLFSSL_EVP_CIPH_NO_PADDING) || - (ctx->block_size == 1)) { - ctx->lastUsed = 0; - *outl += ctx->block_size * blocks; - } else { - /* in the case of decryption and padding, store the last block - * here in order to verify the padding when Final is called */ - if (inl == 0) { /* if not 0 then we know leftovers are checked*/ - ctx->lastUsed = 1; - blocks = blocks - 1; /* save last block to check padding in - * EVP_CipherFinal call */ - XMEMCPY(ctx->lastBlock, &out[ctx->block_size * blocks], - ctx->block_size); - } - *outl += ctx->block_size * blocks; - } - } else { - *outl += ctx->block_size * blocks; - } - } - - - if (inl > 0) { - /* put fraction into buff */ - fillBuff(ctx, in, inl); - /* no increase of outl */ - } - (void)out; /* silence warning in case not read */ - - return WOLFSSL_SUCCESS; -} - -static void padBlock(WOLFSSL_EVP_CIPHER_CTX *ctx) -{ - int i; - for (i = ctx->bufUsed; i < ctx->block_size; i++) - ctx->buf[i] = (byte)(ctx->block_size - ctx->bufUsed); -} - -static int checkPad(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *buff) -{ - int i; - int n; - n = buff[ctx->block_size-1]; - if (n > ctx->block_size) return -1; - for (i = 0; i < n; i++) { - if (buff[ctx->block_size-i-1] != n) - return -1; - } - return ctx->block_size - n; -} - -int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, - unsigned char *out, int *outl) -{ - int fl; - int ret = WOLFSSL_SUCCESS; - if (!ctx || !outl) - return WOLFSSL_FAILURE; - - WOLFSSL_ENTER("wolfSSL_EVP_CipherFinal"); - switch (ctx->cipherType) { -#if !defined(NO_AES) && defined(HAVE_AESGCM) - case AES_128_GCM_TYPE: - case AES_192_GCM_TYPE: - case AES_256_GCM_TYPE: - if ((ctx->gcmBuffer && ctx->gcmBufferLen > 0) - || (ctx->gcmBufferLen == 0)) { - ret = 0; - if (ctx->gcmAuthIn) { - /* authenticated, non-confidential data*/ - if (ctx->enc) { - XMEMSET(ctx->authTag, 0, ctx->authTagSz); - ret = wc_AesGcmEncrypt(&ctx->cipher.aes, NULL, NULL, 0, - ctx->iv, ctx->ivSz, ctx->authTag, ctx->authTagSz, - ctx->gcmAuthIn, ctx->gcmAuthInSz); - } - else { - ret = wc_AesGcmDecrypt(&ctx->cipher.aes, NULL, NULL, 0, - ctx->iv, ctx->ivSz, ctx->authTag, ctx->authTagSz, - ctx->gcmAuthIn, ctx->gcmAuthInSz); - /* Reset partial authTag error for AAD*/ - if (ret == AES_GCM_AUTH_E) - ret = 0; - } - } - - if (ret == 0) { - if (ctx->enc) - /* encrypt confidential data*/ - ret = wc_AesGcmEncrypt(&ctx->cipher.aes, out, - ctx->gcmBuffer, ctx->gcmBufferLen, - ctx->iv, ctx->ivSz, ctx->authTag, ctx->authTagSz, - NULL, 0); - else - /* decrypt confidential data*/ - ret = wc_AesGcmDecrypt(&ctx->cipher.aes, out, - ctx->gcmBuffer, ctx->gcmBufferLen, - ctx->iv, ctx->ivSz, ctx->authTag, ctx->authTagSz, - NULL, 0); - } - - if (ret == 0) { - ret = WOLFSSL_SUCCESS; - *outl = ctx->gcmBufferLen; - } - else { - ret = WOLFSSL_FAILURE; - *outl = 0; - } - - XFREE(ctx->gcmBuffer, NULL, DYNAMIC_TYPE_OPENSSL); - ctx->gcmBuffer = NULL; - ctx->gcmBufferLen = 0; - } - else { - *outl = 0; - } - /* Clear IV, since IV reuse is not recommended for AES GCM. */ - XMEMSET(ctx->iv, 0, AES_BLOCK_SIZE); - break; -#endif /* !NO_AES && HAVE_AESGCM */ - default: - if (!out) - return WOLFSSL_FAILURE; - - if (ctx->flags & WOLFSSL_EVP_CIPH_NO_PADDING) { - if (ctx->bufUsed != 0) return WOLFSSL_FAILURE; - *outl = 0; - } - else if (ctx->enc) { - if (ctx->block_size == 1) { - *outl = 0; - } - else if ((ctx->bufUsed >= 0) && (ctx->block_size != 1)) { - padBlock(ctx); - PRINT_BUF(ctx->buf, ctx->block_size); - if (evpCipherBlock(ctx, out, ctx->buf, ctx->block_size) == 0) { - WOLFSSL_MSG("Final Cipher Block failed"); - ret = WOLFSSL_FAILURE; - } - else { - PRINT_BUF(out, ctx->block_size); - *outl = ctx->block_size; - } - } - } - else { - if (ctx->block_size == 1) { - *outl = 0; - } - else if ((ctx->bufUsed % ctx->block_size) != 0) { - *outl = 0; - /* not enough padding for decrypt */ - WOLFSSL_MSG("Final Cipher Block not enough padding"); - ret = WOLFSSL_FAILURE; - } - else if (ctx->lastUsed) { - PRINT_BUF(ctx->lastBlock, ctx->block_size); - if ((fl = checkPad(ctx, ctx->lastBlock)) >= 0) { - XMEMCPY(out, ctx->lastBlock, fl); - *outl = fl; - if (ctx->lastUsed == 0 && ctx->bufUsed == 0) { - /* return error in cases where the block length is - * incorrect */ - WOLFSSL_MSG("Final Cipher Block bad length"); - ret = WOLFSSL_FAILURE; - } - } - else { - ret = WOLFSSL_FAILURE; - } - } - else if (ctx->lastUsed == 0 && ctx->bufUsed == 0) { - /* return error in cases where the block length is - * incorrect */ - ret = WOLFSSL_FAILURE; - } - } - break; - } - - if (ret == WOLFSSL_SUCCESS) { - /* reset cipher state after final */ - ret = wolfSSL_EVP_CipherInit(ctx, NULL, NULL, NULL, -1); - } - return ret; -} - - -#ifdef WOLFSSL_EVP_DECRYPT_LEGACY -/* This is a version of DecryptFinal to work with data encrypted with - * wolfSSL_EVP_EncryptFinal() with the broken padding. (pre-v3.12.0) - * Only call this after wolfSSL_EVP_CipherFinal() fails on a decrypt. - * Note, you don't know if the padding is good or bad with the old - * encrypt, but it is likely to be or bad. It will update the output - * length with the block_size so the last block is still captured. */ -WOLFSSL_API int wolfSSL_EVP_DecryptFinal_legacy(WOLFSSL_EVP_CIPHER_CTX *ctx, - unsigned char *out, int *outl) -{ - int fl; - if (ctx == NULL || out == NULL || outl == NULL) - return BAD_FUNC_ARG; - - WOLFSSL_ENTER("wolfSSL_EVP_DecryptFinal_legacy"); - if (ctx->block_size == 1) { - *outl = 0; - return WOLFSSL_SUCCESS; - } - if ((ctx->bufUsed % ctx->block_size) != 0) { - *outl = 0; - /* not enough padding for decrypt */ - return WOLFSSL_FAILURE; - } - /* The original behavior of CipherFinal() was like it is now, - * but checkPad would return 0 in case of a bad pad. It would - * treat the pad as 0, and leave the data in the output buffer, - * and not try to copy anything. This converts checkPad's -1 error - * code to block_size. - */ - if (ctx->lastUsed) { - PRINT_BUF(ctx->lastBlock, ctx->block_size); - if ((fl = checkPad(ctx, ctx->lastBlock)) < 0) { - fl = ctx->block_size; - } - else { - XMEMCPY(out, ctx->lastBlock, fl); - } - *outl = fl; - } - /* return error in cases where the block length is incorrect */ - if (ctx->lastUsed == 0 && ctx->bufUsed == 0) { - return WOLFSSL_FAILURE; - } - - return WOLFSSL_SUCCESS; -} -#endif - -int wolfSSL_EVP_CIPHER_CTX_block_size(const WOLFSSL_EVP_CIPHER_CTX *ctx) -{ - if (ctx == NULL) return BAD_FUNC_ARG; - switch (ctx->cipherType) { -#if !defined(NO_AES) || !defined(NO_DES3) -#if !defined(NO_AES) -#if defined(HAVE_AES_CBC) - case AES_128_CBC_TYPE: - case AES_192_CBC_TYPE: - case AES_256_CBC_TYPE: -#endif -#if defined(HAVE_AESGCM) - case AES_128_GCM_TYPE: - case AES_192_GCM_TYPE: - case AES_256_GCM_TYPE: -#endif -#if defined(WOLFSSL_AES_COUNTER) - case AES_128_CTR_TYPE: - case AES_192_CTR_TYPE: - case AES_256_CTR_TYPE: -#endif -#if defined(WOLFSSL_AES_CFB) - case AES_128_CFB1_TYPE: - case AES_192_CFB1_TYPE: - case AES_256_CFB1_TYPE: - case AES_128_CFB8_TYPE: - case AES_192_CFB8_TYPE: - case AES_256_CFB8_TYPE: - case AES_128_CFB128_TYPE: - case AES_192_CFB128_TYPE: - case AES_256_CFB128_TYPE: -#endif -#if defined(WOLFSSL_AES_OFB) - case AES_128_OFB_TYPE: - case AES_192_OFB_TYPE: - case AES_256_OFB_TYPE: -#endif -#if defined(WOLFSSL_AES_XTS) - case AES_128_XTS_TYPE: - case AES_256_XTS_TYPE: -#endif - - case AES_128_ECB_TYPE: - case AES_192_ECB_TYPE: - case AES_256_ECB_TYPE: -#endif /* !NO_AES */ -#ifndef NO_DES3 - case DES_CBC_TYPE: - case DES_ECB_TYPE: - case DES_EDE3_CBC_TYPE: - case DES_EDE3_ECB_TYPE: -#endif - return ctx->block_size; -#endif /* !NO_AES || !NO_DES3 */ - default: - return 0; - } -} - -static unsigned int cipherType(const WOLFSSL_EVP_CIPHER *cipher) -{ - if (cipher == NULL) return 0; /* dummy for #ifdef */ -#ifndef NO_DES3 - else if (XSTRNCMP(cipher, EVP_DES_CBC, EVP_DES_SIZE) == 0) - return DES_CBC_TYPE; - else if (XSTRNCMP(cipher, EVP_DES_EDE3_CBC, EVP_DES_EDE3_SIZE) == 0) - return DES_EDE3_CBC_TYPE; -#if !defined(NO_DES3) - else if (XSTRNCMP(cipher, EVP_DES_ECB, EVP_DES_SIZE) == 0) - return DES_ECB_TYPE; - else if (XSTRNCMP(cipher, EVP_DES_EDE3_ECB, EVP_DES_EDE3_SIZE) == 0) - return DES_EDE3_ECB_TYPE; -#endif /* NO_DES3 && HAVE_AES_ECB */ -#endif -#if !defined(NO_AES) -#if defined(HAVE_AES_CBC) - #ifdef WOLFSSL_AES_128 - else if (XSTRNCMP(cipher, EVP_AES_128_CBC, EVP_AES_SIZE) == 0) - return AES_128_CBC_TYPE; - #endif - #ifdef WOLFSSL_AES_192 - else if (XSTRNCMP(cipher, EVP_AES_192_CBC, EVP_AES_SIZE) == 0) - return AES_192_CBC_TYPE; - #endif - #ifdef WOLFSSL_AES_256 - else if (XSTRNCMP(cipher, EVP_AES_256_CBC, EVP_AES_SIZE) == 0) - return AES_256_CBC_TYPE; - #endif -#endif /* HAVE_AES_CBC */ -#if defined(HAVE_AESGCM) - #ifdef WOLFSSL_AES_128 - else if (XSTRNCMP(cipher, EVP_AES_128_GCM, EVP_AES_SIZE) == 0) - return AES_128_GCM_TYPE; - #endif - #ifdef WOLFSSL_AES_192 - else if (XSTRNCMP(cipher, EVP_AES_192_GCM, EVP_AES_SIZE) == 0) - return AES_192_GCM_TYPE; - #endif - #ifdef WOLFSSL_AES_256 - else if (XSTRNCMP(cipher, EVP_AES_256_GCM, EVP_AES_SIZE) == 0) - return AES_256_GCM_TYPE; - #endif -#endif /* HAVE_AESGCM */ -#if defined(WOLFSSL_AES_COUNTER) - #ifdef WOLFSSL_AES_128 - else if (XSTRNCMP(cipher, EVP_AES_128_CTR, EVP_AES_SIZE) == 0) - return AES_128_CTR_TYPE; - #endif - #ifdef WOLFSSL_AES_192 - else if (XSTRNCMP(cipher, EVP_AES_192_CTR, EVP_AES_SIZE) == 0) - return AES_192_CTR_TYPE; - #endif - #ifdef WOLFSSL_AES_256 - else if (XSTRNCMP(cipher, EVP_AES_256_CTR, EVP_AES_SIZE) == 0) - return AES_256_CTR_TYPE; - #endif -#endif /* HAVE_AES_CBC */ -#if defined(HAVE_AES_ECB) - #ifdef WOLFSSL_AES_128 - else if (XSTRNCMP(cipher, EVP_AES_128_ECB, EVP_AES_SIZE) == 0) - return AES_128_ECB_TYPE; - #endif - #ifdef WOLFSSL_AES_192 - else if (XSTRNCMP(cipher, EVP_AES_192_ECB, EVP_AES_SIZE) == 0) - return AES_192_ECB_TYPE; - #endif - #ifdef WOLFSSL_AES_256 - else if (XSTRNCMP(cipher, EVP_AES_256_ECB, EVP_AES_SIZE) == 0) - return AES_256_ECB_TYPE; - #endif -#endif /*HAVE_AES_CBC */ -#if defined(WOLFSSL_AES_XTS) - #ifdef WOLFSSL_AES_128 - else if (XSTRNCMP(cipher, EVP_AES_128_XTS, EVP_AES_SIZE) == 0) - return AES_128_XTS_TYPE; - #endif - #ifdef WOLFSSL_AES_256 - else if (XSTRNCMP(cipher, EVP_AES_256_XTS, EVP_AES_SIZE) == 0) - return AES_256_XTS_TYPE; - #endif -#endif /* WOLFSSL_AES_XTS */ -#if defined(WOLFSSL_AES_CFB) - #ifdef WOLFSSL_AES_128 - else if (XSTRNCMP(cipher, EVP_AES_128_CFB1, EVP_AESCFB_SIZE) == 0) - return AES_128_CFB1_TYPE; - #endif - #ifdef WOLFSSL_AES_192 - else if (XSTRNCMP(cipher, EVP_AES_192_CFB1, EVP_AESCFB_SIZE) == 0) - return AES_192_CFB1_TYPE; - #endif - #ifdef WOLFSSL_AES_256 - else if (XSTRNCMP(cipher, EVP_AES_256_CFB1, EVP_AESCFB_SIZE) == 0) - return AES_256_CFB1_TYPE; - #endif - #ifdef WOLFSSL_AES_128 - else if (XSTRNCMP(cipher, EVP_AES_128_CFB8, EVP_AESCFB_SIZE) == 0) - return AES_128_CFB8_TYPE; - #endif - #ifdef WOLFSSL_AES_192 - else if (XSTRNCMP(cipher, EVP_AES_192_CFB8, EVP_AESCFB_SIZE) == 0) - return AES_192_CFB8_TYPE; - #endif - #ifdef WOLFSSL_AES_256 - else if (XSTRNCMP(cipher, EVP_AES_256_CFB8, EVP_AESCFB_SIZE) == 0) - return AES_256_CFB8_TYPE; - #endif - #ifdef WOLFSSL_AES_128 - else if (XSTRNCMP(cipher, EVP_AES_128_CFB128, EVP_AESCFB_SIZE) == 0) - return AES_128_CFB128_TYPE; - #endif - #ifdef WOLFSSL_AES_192 - else if (XSTRNCMP(cipher, EVP_AES_192_CFB128, EVP_AESCFB_SIZE) == 0) - return AES_192_CFB128_TYPE; - #endif - #ifdef WOLFSSL_AES_256 - else if (XSTRNCMP(cipher, EVP_AES_256_CFB128, EVP_AESCFB_SIZE) == 0) - return AES_256_CFB128_TYPE; - #endif -#endif /*HAVE_AES_CBC */ -#endif /* !NO_AES */ - else return 0; -} - -int wolfSSL_EVP_CIPHER_block_size(const WOLFSSL_EVP_CIPHER *cipher) -{ - if (cipher == NULL) return BAD_FUNC_ARG; - switch (cipherType(cipher)) { -#if !defined(NO_AES) - #if defined(HAVE_AES_CBC) - case AES_128_CBC_TYPE: - case AES_192_CBC_TYPE: - case AES_256_CBC_TYPE: - return AES_BLOCK_SIZE; - #endif - #if defined(HAVE_AESGCM) - case AES_128_GCM_TYPE: - case AES_192_GCM_TYPE: - case AES_256_GCM_TYPE: - return 1; - #endif - #if defined(WOLFSSL_AES_COUNTER) - case AES_128_CTR_TYPE: - case AES_192_CTR_TYPE: - case AES_256_CTR_TYPE: - return AES_BLOCK_SIZE; - #endif - #if defined(HAVE_AES_ECB) - case AES_128_ECB_TYPE: - case AES_192_ECB_TYPE: - case AES_256_ECB_TYPE: - return AES_BLOCK_SIZE; - #endif - #if defined(WOLFSSL_AES_CFB) - case AES_128_CFB1_TYPE: - case AES_192_CFB1_TYPE: - case AES_256_CFB1_TYPE: - case AES_128_CFB8_TYPE: - case AES_192_CFB8_TYPE: - case AES_256_CFB8_TYPE: - case AES_128_CFB128_TYPE: - case AES_192_CFB128_TYPE: - case AES_256_CFB128_TYPE: - return 1; - #endif - #if defined(WOLFSSL_AES_OFB) - case AES_128_OFB_TYPE: - case AES_192_OFB_TYPE: - case AES_256_OFB_TYPE: - return 1; - #endif - #if defined(WOLFSSL_AES_XTS) - case AES_128_XTS_TYPE: - case AES_256_XTS_TYPE: - return 1; - #endif -#endif /* NO_AES */ - #ifndef NO_DES3 - case DES_CBC_TYPE: return 8; - case DES_EDE3_CBC_TYPE: return 8; - case DES_ECB_TYPE: return 8; - case DES_EDE3_ECB_TYPE: return 8; - #endif - default: - return 0; - } -} - -unsigned long WOLFSSL_CIPHER_mode(const WOLFSSL_EVP_CIPHER *cipher) -{ - switch (cipherType(cipher)) { -#if !defined(NO_AES) - #if defined(HAVE_AES_CBC) - case AES_128_CBC_TYPE: - case AES_192_CBC_TYPE: - case AES_256_CBC_TYPE: - return WOLFSSL_EVP_CIPH_CBC_MODE; - #endif - #if defined(HAVE_AESGCM) - case AES_128_GCM_TYPE: - case AES_192_GCM_TYPE: - case AES_256_GCM_TYPE: - return WOLFSSL_EVP_CIPH_GCM_MODE; - #endif - #if defined(WOLFSSL_AES_COUNTER) - case AES_128_CTR_TYPE: - case AES_192_CTR_TYPE: - case AES_256_CTR_TYPE: - return WOLFSSL_EVP_CIPH_CTR_MODE; - #endif - #if defined(WOLFSSL_AES_CFB) - case AES_128_CFB1_TYPE: - case AES_192_CFB1_TYPE: - case AES_256_CFB1_TYPE: - case AES_128_CFB8_TYPE: - case AES_192_CFB8_TYPE: - case AES_256_CFB8_TYPE: - case AES_128_CFB128_TYPE: - case AES_192_CFB128_TYPE: - case AES_256_CFB128_TYPE: - return WOLFSSL_EVP_CIPH_CFB_MODE; - #endif - #if defined(WOLFSSL_AES_OFB) - case AES_128_OFB_TYPE: - case AES_192_OFB_TYPE: - case AES_256_OFB_TYPE: - return WOLFSSL_EVP_CIPH_OFB_MODE; - #endif - #if defined(WOLFSSL_AES_XTS) - case AES_128_XTS_TYPE: - case AES_256_XTS_TYPE: - return WOLFSSL_EVP_CIPH_XTS_MODE; - #endif - case AES_128_ECB_TYPE: - case AES_192_ECB_TYPE: - case AES_256_ECB_TYPE: - return WOLFSSL_EVP_CIPH_ECB_MODE; -#endif /* NO_AES */ - #ifndef NO_DES3 - case DES_CBC_TYPE: - case DES_EDE3_CBC_TYPE: - return WOLFSSL_EVP_CIPH_CBC_MODE; - case DES_ECB_TYPE: - case DES_EDE3_ECB_TYPE: - return WOLFSSL_EVP_CIPH_ECB_MODE; - #endif - #ifndef NO_RC4 - case ARC4_TYPE: - return EVP_CIPH_STREAM_CIPHER; - #endif - default: - return 0; - } -} - -unsigned long WOLFSSL_EVP_CIPHER_mode(const WOLFSSL_EVP_CIPHER *cipher) -{ - if (cipher == NULL) return 0; - return WOLFSSL_CIPHER_mode(cipher); -} - -void wolfSSL_EVP_CIPHER_CTX_set_flags(WOLFSSL_EVP_CIPHER_CTX *ctx, int flags) -{ - if (ctx != NULL) { - ctx->flags |= flags; - } -} - -void wolfSSL_EVP_CIPHER_CTX_clear_flags(WOLFSSL_EVP_CIPHER_CTX *ctx, int flags) -{ - if (ctx != NULL) { - ctx->flags &= ~flags; - } -} - -unsigned long wolfSSL_EVP_CIPHER_flags(const WOLFSSL_EVP_CIPHER *cipher) -{ - if (cipher == NULL) return 0; - return WOLFSSL_CIPHER_mode(cipher); -} - -int wolfSSL_EVP_CIPHER_CTX_set_padding(WOLFSSL_EVP_CIPHER_CTX *ctx, int padding) -{ - if (ctx == NULL) return BAD_FUNC_ARG; - if (padding) { - ctx->flags &= ~WOLFSSL_EVP_CIPH_NO_PADDING; - } - else { - ctx->flags |= WOLFSSL_EVP_CIPH_NO_PADDING; - } - return 1; -} - -int wolfSSL_EVP_add_digest(const WOLFSSL_EVP_MD *digest) -{ - (void)digest; - /* nothing to do */ - return 0; -} - - -/* Frees the WOLFSSL_EVP_PKEY_CTX passed in. - * - * return WOLFSSL_SUCCESS on success - */ -int wolfSSL_EVP_PKEY_CTX_free(WOLFSSL_EVP_PKEY_CTX *ctx) -{ - if (ctx == NULL) return 0; - WOLFSSL_ENTER("EVP_PKEY_CTX_free"); - if (ctx->pkey != NULL) - wolfSSL_EVP_PKEY_free(ctx->pkey); - if (ctx->peerKey != NULL) - wolfSSL_EVP_PKEY_free(ctx->peerKey); - XFREE(ctx, NULL, DYNAMIC_TYPE_PUBLIC_KEY); - return WOLFSSL_SUCCESS; -} - - -/* Creates a new WOLFSSL_EVP_PKEY_CTX structure. - * - * pkey key structure to use with new WOLFSSL_EVP_PEKY_CTX - * e engine to use. It should be NULL at this time. - * - * return the new structure on success and NULL if failed. - */ -WOLFSSL_EVP_PKEY_CTX *wolfSSL_EVP_PKEY_CTX_new(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_ENGINE *e) -{ - WOLFSSL_EVP_PKEY_CTX* ctx; - int type = NID_undef; - - if (pkey == NULL) return 0; - if (e != NULL) return 0; - WOLFSSL_ENTER("EVP_PKEY_CTX_new"); - - ctx = (WOLFSSL_EVP_PKEY_CTX*)XMALLOC(sizeof(WOLFSSL_EVP_PKEY_CTX), NULL, - DYNAMIC_TYPE_PUBLIC_KEY); - if (ctx == NULL) return NULL; - XMEMSET(ctx, 0, sizeof(WOLFSSL_EVP_PKEY_CTX)); - ctx->pkey = pkey; -#if !defined(NO_RSA) && !defined(HAVE_USER_RSA) - ctx->padding = RSA_PKCS1_PADDING; -#endif - type = wolfSSL_EVP_PKEY_type(pkey->type); - - if (type != NID_undef) { - if (wc_LockMutex(&pkey->refMutex) != 0) { - WOLFSSL_MSG("Couldn't lock pkey mutex"); - } - pkey->references++; - - wc_UnLockMutex(&pkey->refMutex); - } - return ctx; -} - - -/* Sets the type of RSA padding to use. - * - * ctx structure to set padding in. - * padding RSA padding type - * - * returns WOLFSSL_SUCCESS on success. - */ -int wolfSSL_EVP_PKEY_CTX_set_rsa_padding(WOLFSSL_EVP_PKEY_CTX *ctx, int padding) -{ - if (ctx == NULL) return 0; - WOLFSSL_ENTER("EVP_PKEY_CTX_set_rsa_padding"); - ctx->padding = padding; - return WOLFSSL_SUCCESS; -} - -/* create a PKEY contxt and return it */ -WOLFSSL_EVP_PKEY_CTX *wolfSSL_EVP_PKEY_CTX_new_id(int id, WOLFSSL_ENGINE *e) -{ - WOLFSSL_EVP_PKEY* pkey; - WOLFSSL_EVP_PKEY_CTX* ctx = NULL; - - WOLFSSL_ENTER("wolfSSL_EVP_PKEY_CTX_new_id"); - - pkey = wolfSSL_EVP_PKEY_new_ex(NULL); - if (pkey) { - pkey->type = id; - ctx = wolfSSL_EVP_PKEY_CTX_new(pkey, e); - if (ctx == NULL) { - wolfSSL_EVP_PKEY_free(pkey); - } - } - return ctx; -} - -/* Returns WOLFSSL_SUCCESS or error */ -int wolfSSL_EVP_PKEY_CTX_set_rsa_keygen_bits(WOLFSSL_EVP_PKEY_CTX *ctx, int bits) -{ - if (ctx) { - ctx->nbits = bits; - } - return WOLFSSL_SUCCESS; -} - - -int wolfSSL_EVP_PKEY_derive_init(WOLFSSL_EVP_PKEY_CTX *ctx) -{ - WOLFSSL_ENTER("wolfSSL_EVP_PKEY_derive_init"); - - if (!ctx) { - return WOLFSSL_FAILURE; - } - wolfSSL_EVP_PKEY_free(ctx->peerKey); - ctx->op = EVP_PKEY_OP_DERIVE; - ctx->padding = 0; - ctx->nbits = 0; - return WOLFSSL_SUCCESS; -} - -int wolfSSL_EVP_PKEY_derive_set_peer(WOLFSSL_EVP_PKEY_CTX *ctx, WOLFSSL_EVP_PKEY *peer) -{ - WOLFSSL_ENTER("wolfSSL_EVP_PKEY_derive_set_peer"); - - if (!ctx || ctx->op != EVP_PKEY_OP_DERIVE) { - return WOLFSSL_FAILURE; - } - wolfSSL_EVP_PKEY_free(ctx->peerKey); - ctx->peerKey = peer; - if (!wolfSSL_EVP_PKEY_up_ref(peer)) { - ctx->peerKey = NULL; - return WOLFSSL_FAILURE; - } - return WOLFSSL_SUCCESS; -} - -#if !defined(NO_DH) || defined(HAVE_ECC) -#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION!=2)) -int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen) -{ - int len; - - WOLFSSL_ENTER("wolfSSL_EVP_PKEY_derive"); - - if (!ctx || ctx->op != EVP_PKEY_OP_DERIVE || !ctx->pkey || !ctx->peerKey || !keylen - || ctx->pkey->type != ctx->peerKey->type) { - return WOLFSSL_FAILURE; - } - switch (ctx->pkey->type) { -#ifndef NO_DH - case EVP_PKEY_DH: - /* Use DH */ - if (!ctx->pkey->dh || !ctx->peerKey->dh || !ctx->peerKey->dh->pub_key) { - return WOLFSSL_FAILURE; - } - if ((len = wolfSSL_DH_size(ctx->pkey->dh)) <= 0) { - return WOLFSSL_FAILURE; - } - if (key) { - if (*keylen < (size_t)len) { - return WOLFSSL_FAILURE; - } - /* computed DH agreement can be less than DH size if leading zeros */ - if (wolfSSL_DH_compute_key(key, ctx->peerKey->dh->pub_key, - ctx->pkey->dh) <= 0) { - return WOLFSSL_FAILURE; - } - } - *keylen = (size_t)len; - break; -#endif -#ifdef HAVE_ECC - case EVP_PKEY_EC: - /* Use ECDH */ - if (!ctx->pkey->ecc || !ctx->peerKey->ecc) { - return WOLFSSL_FAILURE; - } - /* set internal key if not done */ - if (!ctx->pkey->ecc->inSet) { - if (SetECKeyInternal(ctx->pkey->ecc) != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("SetECKeyInternal failed"); - return WOLFSSL_FAILURE; - } - } - if (!ctx->peerKey->ecc->exSet || !ctx->peerKey->ecc->pub_key->internal) { - if (SetECKeyExternal(ctx->peerKey->ecc) != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("SetECKeyExternal failed"); - return WOLFSSL_FAILURE; - } - } - if (!(len = wc_ecc_size((ecc_key*)ctx->pkey->ecc->internal))) { - return WOLFSSL_FAILURE; - } - if (key) { - word32 len32 = (word32)len; -#if defined(ECC_TIMING_RESISTANT) && !defined(HAVE_SELFTEST) \ - && (!defined(HAVE_FIPS) || \ - (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2)) - - WC_RNG rng; - if (wc_InitRng(&rng) != MP_OKAY) { - WOLFSSL_MSG("Init RNG failed"); - return WOLFSSL_FAILURE; - } - ((ecc_key*)ctx->pkey->ecc->internal)->rng = &rng; -#endif - if (*keylen < len32) { - WOLFSSL_MSG("buffer too short"); -#if defined(ECC_TIMING_RESISTANT) && !defined(HAVE_SELFTEST) \ - && (!defined(HAVE_FIPS) || \ - (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2)) - ((ecc_key*)ctx->pkey->ecc->internal)->rng = NULL; - wc_FreeRng(&rng); -#endif - return WOLFSSL_FAILURE; - } - if (wc_ecc_shared_secret_ssh((ecc_key*)ctx->pkey->ecc->internal, - (ecc_point*)ctx->peerKey->ecc->pub_key->internal, - key, &len32) != MP_OKAY) { - WOLFSSL_MSG("wc_ecc_shared_secret failed"); -#if defined(ECC_TIMING_RESISTANT) && !defined(HAVE_SELFTEST) \ - && (!defined(HAVE_FIPS) || \ - (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2)) - ((ecc_key*)ctx->pkey->ecc->internal)->rng = NULL; - wc_FreeRng(&rng); -#endif - return WOLFSSL_FAILURE; - } -#if defined(ECC_TIMING_RESISTANT) && !defined(HAVE_SELFTEST) \ - && (!defined(HAVE_FIPS) || \ - (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2)) - ((ecc_key*)ctx->pkey->ecc->internal)->rng = NULL; - wc_FreeRng(&rng); -#endif - len = (int)len32; - } - *keylen = (size_t)len; - break; -#endif - default: - WOLFSSL_MSG("Unknown key type"); - return WOLFSSL_FAILURE; - } - return WOLFSSL_SUCCESS; -} -#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ -#endif /* !NO_DH || HAVE_ECC */ - -/* Uses the WOLFSSL_EVP_PKEY_CTX to decrypt a buffer. - * - * ctx structure to decrypt with - * out buffer to hold the results - * outlen initially holds size of out buffer and gets set to decrypt result size - * in buffer decrypt - * inlen length of in buffer - * - * returns WOLFSSL_SUCCESS on success. - */ -int wolfSSL_EVP_PKEY_decrypt(WOLFSSL_EVP_PKEY_CTX *ctx, - unsigned char *out, size_t *outlen, - const unsigned char *in, size_t inlen) -{ - int len = 0; - - if (ctx == NULL) return 0; - WOLFSSL_ENTER("EVP_PKEY_decrypt"); - - (void)out; - (void)outlen; - (void)in; - (void)inlen; - (void)len; - - switch (ctx->pkey->type) { -#if !defined(NO_RSA) && !defined(HAVE_USER_RSA) - case EVP_PKEY_RSA: - len = wolfSSL_RSA_private_decrypt((int)inlen, (unsigned char*)in, out, - ctx->pkey->rsa, ctx->padding); - if (len < 0) break; - else { - *outlen = len; - return WOLFSSL_SUCCESS; - } -#endif /* NO_RSA */ - - case EVP_PKEY_EC: - WOLFSSL_MSG("not implemented"); - FALL_THROUGH; - default: - break; - } - return WOLFSSL_FAILURE; -} - - -/* Initialize a WOLFSSL_EVP_PKEY_CTX structure for decryption - * - * ctx WOLFSSL_EVP_PKEY_CTX structure to use with decryption - * - * Returns WOLFSSL_FAILURE on failure and WOLFSSL_SUCCESS on success - */ -int wolfSSL_EVP_PKEY_decrypt_init(WOLFSSL_EVP_PKEY_CTX *ctx) -{ - if (ctx == NULL) return WOLFSSL_FAILURE; - WOLFSSL_ENTER("EVP_PKEY_decrypt_init"); - switch (ctx->pkey->type) { - case EVP_PKEY_RSA: - ctx->op = EVP_PKEY_OP_DECRYPT; - return WOLFSSL_SUCCESS; - case EVP_PKEY_EC: - WOLFSSL_MSG("not implemented"); - FALL_THROUGH; - default: - break; - } - return WOLFSSL_FAILURE; -} - - -/* Use a WOLFSSL_EVP_PKEY_CTX structure to encrypt data - * - * ctx WOLFSSL_EVP_PKEY_CTX structure to use with encryption - * out buffer to hold encrypted data - * outlen length of out buffer - * in data to be encrypted - * inlen length of in buffer - * - * Returns WOLFSSL_FAILURE on failure and WOLFSSL_SUCCESS on success - */ -int wolfSSL_EVP_PKEY_encrypt(WOLFSSL_EVP_PKEY_CTX *ctx, - unsigned char *out, size_t *outlen, - const unsigned char *in, size_t inlen) -{ - int len = 0; - if (ctx == NULL) return WOLFSSL_FAILURE; - WOLFSSL_ENTER("EVP_PKEY_encrypt"); - if (ctx->op != EVP_PKEY_OP_ENCRYPT) return WOLFSSL_FAILURE; - - (void)out; - (void)outlen; - (void)in; - (void)inlen; - (void)len; - switch (ctx->pkey->type) { -#if !defined(NO_RSA) && !defined(HAVE_USER_RSA) - case EVP_PKEY_RSA: - len = wolfSSL_RSA_public_encrypt((int)inlen, (unsigned char *)in, out, - ctx->pkey->rsa, ctx->padding); - if (len < 0) - break; - else { - *outlen = len; - return WOLFSSL_SUCCESS; - } -#endif /* NO_RSA */ - - case EVP_PKEY_EC: - WOLFSSL_MSG("not implemented"); - FALL_THROUGH; - default: - break; - } - return WOLFSSL_FAILURE; -} - - -/* Initialize a WOLFSSL_EVP_PKEY_CTX structure to encrypt data - * - * ctx WOLFSSL_EVP_PKEY_CTX structure to use with encryption - * - * Returns WOLFSSL_FAILURE on failure and WOLFSSL_SUCCESS on success - */ -int wolfSSL_EVP_PKEY_encrypt_init(WOLFSSL_EVP_PKEY_CTX *ctx) -{ - if (ctx == NULL) return WOLFSSL_FAILURE; - WOLFSSL_ENTER("EVP_PKEY_encrypt_init"); - - switch (ctx->pkey->type) { - case EVP_PKEY_RSA: - ctx->op = EVP_PKEY_OP_ENCRYPT; - return WOLFSSL_SUCCESS; - case EVP_PKEY_EC: - WOLFSSL_MSG("not implemented"); - FALL_THROUGH; - default: - break; - } - return WOLFSSL_FAILURE; -} -/****************************************************************************** -* wolfSSL_EVP_PKEY_sign_init - initializes a public key algorithm context for -* a signing operation. -* -* RETURNS: -* returns WOLFSSL_SUCCESS on success, otherwise returns -2 -*/ -WOLFSSL_API int wolfSSL_EVP_PKEY_sign_init(WOLFSSL_EVP_PKEY_CTX *ctx) -{ - int ret = -2; - - WOLFSSL_MSG("wolfSSL_EVP_PKEY_sign_init"); - if (!ctx || !ctx->pkey) - return ret; - - switch (ctx->pkey->type) { - case EVP_PKEY_RSA: - ctx->op = EVP_PKEY_OP_SIGN; - ret = WOLFSSL_SUCCESS; - break; - case EVP_PKEY_EC: - WOLFSSL_MSG("not implemented"); - FALL_THROUGH; - default: - ret = -2; - } - return ret; -} -/****************************************************************************** -* wolfSSL_EVP_PKEY_sign - performs a public key signing operation using ctx -* The data to be signed should be hashed since the function does not hash the data. -* -* RETURNS: -* returns WOLFSSL_SUCCESS on success, otherwise returns WOLFSSL_FAILURE -*/ - -WOLFSSL_API int wolfSSL_EVP_PKEY_sign(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *sig, - size_t *siglen, const unsigned char *tbs, size_t tbslen) -{ - int len = 0; - - WOLFSSL_MSG("wolfSSL_EVP_PKEY_sign"); - - if (!ctx || ctx->op != EVP_PKEY_OP_SIGN || !ctx->pkey) - return WOLFSSL_FAILURE; - - (void)sig; - (void)siglen; - (void)tbs; - (void)tbslen; - (void)len; - - switch (ctx->pkey->type) { -#if !defined(NO_RSA) && !defined(HAVE_USER_RSA) - case EVP_PKEY_RSA: - len = wolfSSL_RSA_private_encrypt((int)tbslen, (unsigned char*)tbs, sig, - ctx->pkey->rsa, ctx->padding); - if (len < 0) - break; - else { - *siglen = len; - return WOLFSSL_SUCCESS; - } -#endif /* NO_RSA */ - - case EVP_PKEY_EC: - WOLFSSL_MSG("not implemented"); - FALL_THROUGH; - default: - break; - } - return WOLFSSL_FAILURE; -} - -/* Get the size in bits for WOLFSSL_EVP_PKEY key - * - * pkey WOLFSSL_EVP_PKEY structure to get key size of - * - * returns the size in bits of key on success - */ -int wolfSSL_EVP_PKEY_bits(const WOLFSSL_EVP_PKEY *pkey) -{ - int bytes; - - if (pkey == NULL) return 0; - WOLFSSL_ENTER("EVP_PKEY_bits"); - if ((bytes = wolfSSL_EVP_PKEY_size((WOLFSSL_EVP_PKEY*)pkey)) ==0) return 0; - return bytes*8; -} - - -int wolfSSL_EVP_PKEY_keygen_init(WOLFSSL_EVP_PKEY_CTX *ctx) -{ - (void)ctx; - return WOLFSSL_SUCCESS; -} - -int wolfSSL_EVP_PKEY_keygen(WOLFSSL_EVP_PKEY_CTX *ctx, - WOLFSSL_EVP_PKEY **ppkey) -{ - int ret = WOLFSSL_FAILURE; - int ownPkey = 0; - WOLFSSL_EVP_PKEY* pkey; - - if (ctx == NULL || ppkey == NULL) { - return BAD_FUNC_ARG; - } - - pkey = *ppkey; - if (pkey == NULL) { - ownPkey = 1; - pkey = wolfSSL_EVP_PKEY_new(); - - if (pkey == NULL) - return ret; - } - - switch (pkey->type) { -#if !defined(HAVE_FAST_RSA) && defined(WOLFSSL_KEY_GEN) && \ - !defined(NO_RSA) && !defined(HAVE_USER_RSA) - case EVP_PKEY_RSA: - pkey->rsa = wolfSSL_RSA_generate_key(ctx->nbits, WC_RSA_EXPONENT, - NULL, NULL); - if (pkey->rsa) { - pkey->ownRsa = 1; - pkey->pkey_sz = wolfSSL_i2d_RSAPrivateKey(pkey->rsa, - (unsigned char**)&pkey->pkey.ptr); - ret = WOLFSSL_SUCCESS; - } - break; -#endif -#ifdef HAVE_ECC - case EVP_PKEY_EC: - pkey->ecc = wolfSSL_EC_KEY_new(); - if (pkey->ecc) { - ret = wolfSSL_EC_KEY_generate_key(pkey->ecc); - if (ret == WOLFSSL_SUCCESS) { - pkey->ownEcc = 1; - } - } -#endif - default: - break; - } - - if (ret != WOLFSSL_SUCCESS && ownPkey) { - wolfSSL_EVP_PKEY_free(pkey); - pkey = NULL; - } - - *ppkey = pkey; - - return ret; -} - -/* Get the size in bytes for WOLFSSL_EVP_PKEY key - * - * pkey WOLFSSL_EVP_PKEY structure to get key size of - * - * returns the size of a key on success which is the maximum size of a - * signature - */ -int wolfSSL_EVP_PKEY_size(WOLFSSL_EVP_PKEY *pkey) -{ - if (pkey == NULL) return 0; - WOLFSSL_ENTER("EVP_PKEY_size"); - - switch (pkey->type) { -#ifndef NO_RSA - case EVP_PKEY_RSA: - return (int)wolfSSL_RSA_size((const WOLFSSL_RSA*)(pkey->rsa)); -#endif /* !NO_RSA */ - -#ifdef HAVE_ECC - case EVP_PKEY_EC: - if (pkey->ecc == NULL || pkey->ecc->internal == NULL) { - WOLFSSL_MSG("No ECC key has been set"); - break; - } - return wc_ecc_size((ecc_key*)(pkey->ecc->internal)); -#endif /* HAVE_ECC */ - - default: - break; - } - return 0; -} - -#ifndef NO_WOLFSSL_STUB -WOLFSSL_API int wolfSSL_EVP_PKEY_missing_parameters(WOLFSSL_EVP_PKEY *pkey) -{ - (void)pkey; - /* not using missing params callback and returning zero to indicate success */ - return 0; -} -#endif - -WOLFSSL_API int wolfSSL_EVP_PKEY_cmp(const WOLFSSL_EVP_PKEY *a, const WOLFSSL_EVP_PKEY *b) -{ - int ret = -1; /* failure */ - int a_sz = 0, b_sz = 0; - - if (a == NULL || b == NULL) - return ret; - - /* check its the same type of key */ - if (a->type != b->type) - return ret; - - /* get size based on key type */ - switch (a->type) { -#ifndef NO_RSA - case EVP_PKEY_RSA: - a_sz = (int)wolfSSL_RSA_size((const WOLFSSL_RSA*)(a->rsa)); - b_sz = (int)wolfSSL_RSA_size((const WOLFSSL_RSA*)(b->rsa)); - break; -#endif /* !NO_RSA */ -#ifdef HAVE_ECC - case EVP_PKEY_EC: - if (a->ecc == NULL || a->ecc->internal == NULL || - b->ecc == NULL || b->ecc->internal == NULL) { - return ret; - } - a_sz = wc_ecc_size((ecc_key*)(a->ecc->internal)); - b_sz = wc_ecc_size((ecc_key*)(b->ecc->internal)); - break; -#endif /* HAVE_ECC */ - default: - break; - } /* switch (a->type) */ - - /* check size */ - if (a_sz <= 0 || b_sz <= 0 || a_sz != b_sz) { - return ret; - } - - /* check public key size */ - if (a->pkey_sz > 0 && b->pkey_sz > 0 && a->pkey_sz != b->pkey_sz) { - return ret; - } - - /* check public key */ - if (a->pkey.ptr && b->pkey.ptr) { - if (XMEMCMP(a->pkey.ptr, b->pkey.ptr, a->pkey_sz) != 0) { - return ret; - } - } - ret = 0; /* success */ - - return ret; -} - -/* Initialize structure for signing - * - * ctx WOLFSSL_EVP_MD_CTX structure to initialize - * type is the type of message digest to use - * - * returns WOLFSSL_SUCCESS on success - */ -int wolfSSL_EVP_SignInit(WOLFSSL_EVP_MD_CTX *ctx, const WOLFSSL_EVP_MD *type) -{ - if (ctx == NULL) return WOLFSSL_FAILURE; - WOLFSSL_ENTER("EVP_SignInit"); - return wolfSSL_EVP_DigestInit(ctx,type); -} - -WOLFSSL_API int wolfSSL_EVP_SignInit_ex(WOLFSSL_EVP_MD_CTX* ctx, - const WOLFSSL_EVP_MD* type, - WOLFSSL_ENGINE *impl) -{ - if (ctx == NULL) return WOLFSSL_FAILURE; - WOLFSSL_ENTER("EVP_SignInit"); - return wolfSSL_EVP_DigestInit_ex(ctx,type,impl); -} - - -/* Update structure with data for signing - * - * ctx WOLFSSL_EVP_MD_CTX structure to update - * data buffer holding data to update with for sign - * len length of data buffer - * - * returns WOLFSSL_SUCCESS on success - */ -int wolfSSL_EVP_SignUpdate(WOLFSSL_EVP_MD_CTX *ctx, const void *data, size_t len) -{ - if (ctx == NULL) return 0; - WOLFSSL_ENTER("EVP_SignUpdate("); - return wolfSSL_EVP_DigestUpdate(ctx, data, len); -} - -static const struct s_ent { - const enum wc_HashType macType; - const int nid; - const char *name; -} md_tbl[] = { -#ifndef NO_MD4 - {WC_HASH_TYPE_MD4, NID_md4, "MD4"}, -#endif /* NO_MD4 */ - -#ifndef NO_MD5 - {WC_HASH_TYPE_MD5, NID_md5, "MD5"}, -#endif /* NO_MD5 */ - -#ifndef NO_SHA - {WC_HASH_TYPE_SHA, NID_sha1, "SHA"}, -#endif /* NO_SHA */ - -#ifdef WOLFSSL_SHA224 - {WC_HASH_TYPE_SHA224, NID_sha224, "SHA224"}, -#endif /* WOLFSSL_SHA224 */ -#ifndef NO_SHA256 - {WC_HASH_TYPE_SHA256, NID_sha256, "SHA256"}, -#endif - -#ifdef WOLFSSL_SHA384 - {WC_HASH_TYPE_SHA384, NID_sha384, "SHA384"}, -#endif /* WOLFSSL_SHA384 */ -#ifdef WOLFSSL_SHA512 - {WC_HASH_TYPE_SHA512, NID_sha512, "SHA512"}, -#endif /* WOLFSSL_SHA512 */ -#ifndef WOLFSSL_NOSHA3_224 - {WC_HASH_TYPE_SHA3_224, NID_sha3_224, "SHA3_224"}, -#endif -#ifndef WOLFSSL_NOSHA3_256 - {WC_HASH_TYPE_SHA3_256, NID_sha3_256, "SHA3_256"}, -#endif -#ifndef WOLFSSL_NOSHA3_384 - {WC_HASH_TYPE_SHA3_384, NID_sha3_384, "SHA3_384"}, -#endif -#ifndef WOLFSSL_NOSHA3_512 - {WC_HASH_TYPE_SHA3_512, NID_sha3_512, "SHA3_512"}, -#endif - {WC_HASH_TYPE_NONE, 0, NULL} -}; - -static enum wc_HashType wolfSSL_EVP_md2macType(const WOLFSSL_EVP_MD *md) -{ - const struct s_ent *ent ; - - if (md != NULL) { - for( ent = md_tbl; ent->name != NULL; ent++) { - if(XSTRNCMP((const char *)md, ent->name, XSTRLEN(ent->name)+1) == 0) { - return ent->macType; - } - } - } - return WC_HASH_TYPE_NONE; -} - -/* Finalize structure for signing - * - * ctx WOLFSSL_EVP_MD_CTX structure to finalize - * sigret buffer to hold resulting signature - * siglen length of sigret buffer - * pkey key to sign with - * - * returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure - */ -int wolfSSL_EVP_SignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sigret, - unsigned int *siglen, WOLFSSL_EVP_PKEY *pkey) -{ - unsigned int mdsize; - unsigned char md[WC_MAX_DIGEST_SIZE]; - int ret; - if (ctx == NULL) return WOLFSSL_FAILURE; - WOLFSSL_ENTER("EVP_SignFinal"); - - ret = wolfSSL_EVP_DigestFinal(ctx, md, &mdsize); - if (ret <= 0) return ret; - - (void)sigret; - (void)siglen; - - switch (pkey->type) { -#if !defined(NO_RSA) && !defined(HAVE_USER_RSA) - case EVP_PKEY_RSA: { - int nid = wolfSSL_EVP_MD_type(wolfSSL_EVP_MD_CTX_md(ctx)); - if (nid < 0) break; - return wolfSSL_RSA_sign(nid, md, mdsize, sigret, - siglen, pkey->rsa); - } -#endif /* NO_RSA */ - - case EVP_PKEY_DSA: - case EVP_PKEY_EC: - WOLFSSL_MSG("not implemented"); - FALL_THROUGH; - default: - break; - } - return WOLFSSL_FAILURE; -} - - -/* Initialize structure for verifying signature - * - * ctx WOLFSSL_EVP_MD_CTX structure to initialize - * type is the type of message digest to use - * - * returns WOLFSSL_SUCCESS on success - */ -int wolfSSL_EVP_VerifyInit(WOLFSSL_EVP_MD_CTX *ctx, const WOLFSSL_EVP_MD *type) -{ - if (ctx == NULL) return WOLFSSL_FAILURE; - WOLFSSL_ENTER("EVP_VerifyInit"); - return wolfSSL_EVP_DigestInit(ctx,type); -} - - -/* Update structure for verifying signature - * - * ctx WOLFSSL_EVP_MD_CTX structure to update - * data buffer holding data to update with for verify - * len length of data buffer - * - * returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure - */ -int wolfSSL_EVP_VerifyUpdate(WOLFSSL_EVP_MD_CTX *ctx, const void *data, size_t len) -{ - if (ctx == NULL) return WOLFSSL_FAILURE; - WOLFSSL_ENTER("EVP_VerifyUpdate"); - return wolfSSL_EVP_DigestUpdate(ctx, data, len); -} - - -/* Finalize structure for verifying signature - * - * ctx WOLFSSL_EVP_MD_CTX structure to finalize - * sig buffer holding signature - * siglen length of sig buffer - * pkey key to verify with - * - * returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure - */ -int wolfSSL_EVP_VerifyFinal(WOLFSSL_EVP_MD_CTX *ctx, - unsigned char*sig, unsigned int siglen, WOLFSSL_EVP_PKEY *pkey) -{ - int ret; - unsigned char md[WC_MAX_DIGEST_SIZE]; - unsigned int mdsize; - - if (ctx == NULL) return WOLFSSL_FAILURE; - WOLFSSL_ENTER("EVP_VerifyFinal"); - ret = wolfSSL_EVP_DigestFinal(ctx, md, &mdsize); - if (ret <= 0) return ret; - - (void)sig; - (void)siglen; - - switch (pkey->type) { -#if !defined(NO_RSA) && !defined(HAVE_USER_RSA) - case EVP_PKEY_RSA: { - int nid = wolfSSL_EVP_MD_type(wolfSSL_EVP_MD_CTX_md(ctx)); - if (nid < 0) break; - return wolfSSL_RSA_verify(nid, md, mdsize, sig, - (unsigned int)siglen, pkey->rsa); - } -#endif /* NO_RSA */ - - case EVP_PKEY_DSA: - case EVP_PKEY_EC: - WOLFSSL_MSG("not implemented"); - FALL_THROUGH; - default: - break; - } - return WOLFSSL_FAILURE; -} - -int wolfSSL_EVP_add_cipher(const WOLFSSL_EVP_CIPHER *cipher) -{ - (void)cipher; - /* nothing to do */ - return 0; -} - - -WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_mac_key(int type, ENGINE* e, - const unsigned char* key, int keylen) -{ - WOLFSSL_EVP_PKEY* pkey; - - (void)e; - - if (type != EVP_PKEY_HMAC || (key == NULL && keylen != 0)) - return NULL; - - pkey = wolfSSL_EVP_PKEY_new(); - if (pkey != NULL) { - pkey->pkey.ptr = (char*)XMALLOC(keylen, NULL, DYNAMIC_TYPE_PUBLIC_KEY); - if (pkey->pkey.ptr == NULL && keylen > 0) { - wolfSSL_EVP_PKEY_free(pkey); - pkey = NULL; - } - else { - XMEMCPY(pkey->pkey.ptr, key, keylen); - pkey->pkey_sz = keylen; - pkey->type = pkey->save_type = type; - } - } - - return pkey; -} - - -const unsigned char* wolfSSL_EVP_PKEY_get0_hmac(const WOLFSSL_EVP_PKEY* pkey, - size_t* len) -{ - if (pkey == NULL || len == NULL) - return NULL; - - *len = (size_t)pkey->pkey_sz; - - return (const unsigned char*)pkey->pkey.ptr; -} - - -/* Initialize an EVP_DigestSign/Verify operation. - * Initialize a digest for RSA and ECC keys, or HMAC for HMAC key. - */ -static int wolfSSL_evp_digest_pk_init(WOLFSSL_EVP_MD_CTX *ctx, - WOLFSSL_EVP_PKEY_CTX **pctx, - const WOLFSSL_EVP_MD *type, - WOLFSSL_ENGINE *e, - WOLFSSL_EVP_PKEY *pkey) -{ - if (pkey->type == EVP_PKEY_HMAC) { - int hashType; - const unsigned char* key; - - if (XSTRNCMP(type, "SHA256", 6) == 0) { - hashType = WC_SHA256; - } - #ifdef WOLFSSL_SHA224 - else if (XSTRNCMP(type, "SHA224", 6) == 0) { - hashType = WC_SHA224; - } - #endif - #ifdef WOLFSSL_SHA384 - else if (XSTRNCMP(type, "SHA384", 6) == 0) { - hashType = WC_SHA384; - } - #endif - #ifdef WOLFSSL_SHA512 - else if (XSTRNCMP(type, "SHA512", 6) == 0) { - hashType = WC_SHA512; - } - #endif -#ifdef WOLFSSL_SHA3 - #ifndef WOLFSSL_NOSHA3_224 - else if (XSTRNCMP(type, "SHA3_224", 8) == 0) { - hashType = WC_SHA3_224; - } - #endif - #ifndef WOLFSSL_NOSHA3_256 - else if (XSTRNCMP(type, "SHA3_256", 8) == 0) { - hashType = WC_SHA3_256; - } - #endif - else if (XSTRNCMP(type, "SHA3_384", 8) == 0) { - hashType = WC_SHA3_384; - } - #ifndef WOLFSSL_NOSHA3_512 - else if (XSTRNCMP(type, "SHA3_512", 8) == 0) { - hashType = WC_SHA3_512; - } - #endif -#endif - #ifndef NO_MD5 - else if (XSTRNCMP(type, "MD5", 3) == 0) { - hashType = WC_MD5; - } - #endif - #ifndef NO_SHA - /* has to be last since would pick or 224, 256, 384, or 512 too */ - else if (XSTRNCMP(type, "SHA", 3) == 0) { - hashType = WC_SHA; - } - #endif /* NO_SHA */ - else - return BAD_FUNC_ARG; - - { - size_t keySz = 0; - - key = wolfSSL_EVP_PKEY_get0_hmac(pkey, &keySz); - - if (wc_HmacInit(&ctx->hash.hmac, NULL, INVALID_DEVID) != 0) - return WOLFSSL_FAILURE; - - if (wc_HmacSetKey(&ctx->hash.hmac, hashType, key, (word32)keySz) != 0) - return WOLFSSL_FAILURE; - } - - ctx->isHMAC = 1; - } - else { - int ret; - - if (ctx->pctx == NULL) { - ctx->pctx = wolfSSL_EVP_PKEY_CTX_new(pkey, e); - if (ctx->pctx == NULL) - return WOLFSSL_FAILURE; - } - - ret = wolfSSL_EVP_DigestInit(ctx, type); - if (ret == WOLFSSL_SUCCESS && pctx != NULL) - *pctx = ctx->pctx; - return ret; - } - - return WOLFSSL_SUCCESS; -} - -/* Update an EVP_DigestSign/Verify operation. - * Update a digest for RSA and ECC keys, or HMAC for HMAC key. - */ -static int wolfssl_evp_digest_pk_update(WOLFSSL_EVP_MD_CTX *ctx, - const void *d, unsigned int cnt) -{ - if (ctx->pctx == NULL) { - if (!ctx->isHMAC) - return WOLFSSL_FAILURE; - - if (wc_HmacUpdate(&ctx->hash.hmac, (const byte *)d, cnt) != 0) - return WOLFSSL_FAILURE; - - return WOLFSSL_SUCCESS; - } - else - return wolfSSL_EVP_DigestUpdate(ctx, d, cnt); -} - -/* Finalize an EVP_DigestSign/Verify operation - common part only. - * Finalize a digest for RSA and ECC keys, or HMAC for HMAC key. - * Copies the digest so that you can keep updating. - */ -static int wolfssl_evp_digest_pk_final(WOLFSSL_EVP_MD_CTX *ctx, - unsigned char *md, unsigned int* mdlen) -{ - int ret; - - if (ctx->pctx == NULL) { - Hmac hmacCopy; - - if (!ctx->isHMAC) - return WOLFSSL_FAILURE; - - if (wolfSSL_HmacCopy(&hmacCopy, &ctx->hash.hmac) != WOLFSSL_SUCCESS) - return WOLFSSL_FAILURE; - ret = wc_HmacFinal(&hmacCopy, md) == 0; - wc_HmacFree(&hmacCopy); - return ret; - } - else { - WOLFSSL_EVP_MD_CTX ctxCopy; - - if (wolfSSL_EVP_MD_CTX_copy_ex(&ctxCopy, ctx) != WOLFSSL_SUCCESS) - return WOLFSSL_FAILURE; - - ret = wolfSSL_EVP_DigestFinal(&ctxCopy, md, mdlen); - wolfSSL_EVP_MD_CTX_cleanup(&ctxCopy); - return ret; - } -} - -/* Get the length of the mac based on the digest algorithm. */ -static int wolfssl_mac_len(unsigned char macType) -{ - int hashLen; - - switch (macType) { - #ifndef NO_MD5 - case WC_MD5: - hashLen = WC_MD5_DIGEST_SIZE; - break; - #endif /* !NO_MD5 */ - - #ifndef NO_SHA - case WC_SHA: - hashLen = WC_SHA_DIGEST_SIZE; - break; - #endif /* !NO_SHA */ - - #ifdef WOLFSSL_SHA224 - case WC_SHA224: - hashLen = WC_SHA224_DIGEST_SIZE; - break; - #endif /* WOLFSSL_SHA224 */ - - #ifndef NO_SHA256 - case WC_SHA256: - hashLen = WC_SHA256_DIGEST_SIZE; - break; - #endif /* !NO_SHA256 */ - - #ifdef WOLFSSL_SHA384 - case WC_SHA384: - hashLen = WC_SHA384_DIGEST_SIZE; - break; - #endif /* WOLFSSL_SHA384 */ - #ifdef WOLFSSL_SHA512 - case WC_SHA512: - hashLen = WC_SHA512_DIGEST_SIZE; - break; - #endif /* WOLFSSL_SHA512 */ - - #ifdef HAVE_BLAKE2 - case BLAKE2B_ID: - hashLen = BLAKE2B_OUTBYTES; - break; - #endif /* HAVE_BLAKE2 */ - - #ifdef WOLFSSL_SHA3 - #ifndef WOLFSSL_NOSHA3_224 - case WC_SHA3_224: - hashLen = WC_SHA3_224_DIGEST_SIZE; - break; - #endif - #ifndef WOLFSSL_NOSHA3_256 - case WC_SHA3_256: - hashLen = WC_SHA3_256_DIGEST_SIZE; - break; - #endif - #ifndef WOLFSSL_NOSHA3_384 - case WC_SHA3_384: - hashLen = WC_SHA3_384_DIGEST_SIZE; - break; - #endif - #ifndef WOLFSSL_NOSHA3_512 - case WC_SHA3_512: - hashLen = WC_SHA3_512_DIGEST_SIZE; - break; - #endif - #endif - - default: - hashLen = 0; - } - - return hashLen; -} - -int wolfSSL_EVP_DigestSignInit(WOLFSSL_EVP_MD_CTX *ctx, - WOLFSSL_EVP_PKEY_CTX **pctx, - const WOLFSSL_EVP_MD *type, - WOLFSSL_ENGINE *e, - WOLFSSL_EVP_PKEY *pkey) -{ - WOLFSSL_ENTER("EVP_DigestSignInit"); - - if (ctx == NULL || type == NULL || pkey == NULL) - return BAD_FUNC_ARG; - - return wolfSSL_evp_digest_pk_init(ctx, pctx, type, e, pkey); -} - - -int wolfSSL_EVP_DigestSignUpdate(WOLFSSL_EVP_MD_CTX *ctx, const void *d, - unsigned int cnt) -{ - WOLFSSL_ENTER("EVP_DigestSignUpdate"); - - if (ctx == NULL || d == NULL) - return BAD_FUNC_ARG; - - return wolfssl_evp_digest_pk_update(ctx, d, cnt); -} - -int wolfSSL_EVP_DigestSignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sig, - size_t *siglen) -{ - unsigned char digest[WC_MAX_DIGEST_SIZE]; - unsigned int hashLen; - int ret = WOLFSSL_FAILURE; - - WOLFSSL_ENTER("EVP_DigestSignFinal"); - - if (ctx == NULL || siglen == NULL) - return WOLFSSL_FAILURE; - - /* Return the maximum size of the signaure when sig is NULL. */ - if (ctx->pctx == NULL) { - if (!ctx->isHMAC) - return WOLFSSL_FAILURE; - - hashLen = wolfssl_mac_len(ctx->hash.hmac.macType); - - if (sig == NULL) { - *siglen = hashLen; - return WOLFSSL_SUCCESS; - } - } -#ifndef NO_RSA - else if (ctx->pctx->pkey->type == EVP_PKEY_RSA) { - if (sig == NULL) { - *siglen = wolfSSL_RSA_size(ctx->pctx->pkey->rsa); - return WOLFSSL_SUCCESS; - } - } -#endif /* !NO_RSA */ -#ifdef HAVE_ECC - else if (ctx->pctx->pkey->type == EVP_PKEY_EC) { - if (sig == NULL) { - /* SEQ + INT + INT */ - *siglen = ecc_sets[ctx->pctx->pkey->ecc->group->curve_idx].size * 2 - + 8; - return WOLFSSL_SUCCESS; - } - } -#endif - - if (wolfssl_evp_digest_pk_final(ctx, digest, &hashLen) <= 0) - return WOLFSSL_FAILURE; - - if (ctx->pctx == NULL) { - /* Copy the HMAC result as signature. */ - if ((unsigned int)(*siglen) > hashLen) - *siglen = hashLen; - /* May be a truncated signature. */ - - XMEMCPY(sig, digest, *siglen); - ret = WOLFSSL_SUCCESS; - } - else { - /* Sign the digest. */ - switch (ctx->pctx->pkey->type) { - #if !defined(NO_RSA) && !defined(HAVE_USER_RSA) - case EVP_PKEY_RSA: { - unsigned int sigSz; - int nid = wolfSSL_EVP_MD_type(wolfSSL_EVP_MD_CTX_md(ctx)); - if (nid < 0) - break; - ret = wolfSSL_RSA_sign_generic_padding(nid, digest, hashLen, - sig, &sigSz, ctx->pctx->pkey->rsa, 1, ctx->pctx->padding); - if (ret >= 0) - *siglen = sigSz; - break; - } - #endif /* NO_RSA */ - - #ifdef HAVE_ECC - case EVP_PKEY_EC: { - WOLFSSL_ECDSA_SIG *ecdsaSig; - ecdsaSig = wolfSSL_ECDSA_do_sign(digest, hashLen, - ctx->pctx->pkey->ecc); - if (ecdsaSig == NULL) - break; - *siglen = wolfSSL_i2d_ECDSA_SIG(ecdsaSig, &sig); - wolfSSL_ECDSA_SIG_free(ecdsaSig); - ret = WOLFSSL_SUCCESS; - break; - } - #endif - default: - break; - } - } - - ForceZero(digest, sizeof(digest)); - return ret; -} -int wolfSSL_EVP_DigestVerifyInit(WOLFSSL_EVP_MD_CTX *ctx, - WOLFSSL_EVP_PKEY_CTX **pctx, - const WOLFSSL_EVP_MD *type, - WOLFSSL_ENGINE *e, - WOLFSSL_EVP_PKEY *pkey) -{ - WOLFSSL_ENTER("EVP_DigestVerifyInit"); - - if (ctx == NULL || type == NULL || pkey == NULL) - return BAD_FUNC_ARG; - - return wolfSSL_evp_digest_pk_init(ctx, pctx, type, e, pkey); -} - - -int wolfSSL_EVP_DigestVerifyUpdate(WOLFSSL_EVP_MD_CTX *ctx, const void *d, - size_t cnt) -{ - WOLFSSL_ENTER("EVP_DigestVerifyUpdate"); - - if (ctx == NULL || d == NULL) - return BAD_FUNC_ARG; - - return wolfssl_evp_digest_pk_update(ctx, d, (unsigned int)cnt); -} - - -int wolfSSL_EVP_DigestVerifyFinal(WOLFSSL_EVP_MD_CTX *ctx, - const unsigned char *sig, size_t siglen) -{ - unsigned char digest[WC_MAX_DIGEST_SIZE]; - unsigned int hashLen; - - WOLFSSL_ENTER("EVP_DigestVerifyFinal"); - - if (ctx == NULL || sig == NULL) - return WOLFSSL_FAILURE; - - if (ctx->pctx == NULL) { - if (!ctx->isHMAC) - return WOLFSSL_FAILURE; - - hashLen = wolfssl_mac_len(ctx->hash.hmac.macType); - - if (siglen > hashLen) - return WOLFSSL_FAILURE; - /* May be a truncated signature. */ - } - - if (wolfssl_evp_digest_pk_final(ctx, digest, &hashLen) <= 0) - return WOLFSSL_FAILURE; - - if (ctx->pctx == NULL) { - /* Check HMAC result matches the signature. */ - if (XMEMCMP(sig, digest, siglen) == 0) - return WOLFSSL_SUCCESS; - return WOLFSSL_FAILURE; - } - else { - /* Verify the signature with the digest. */ - switch (ctx->pctx->pkey->type) { - #if !defined(NO_RSA) && !defined(HAVE_USER_RSA) - case EVP_PKEY_RSA: { - int nid = wolfSSL_EVP_MD_type(wolfSSL_EVP_MD_CTX_md(ctx)); - if (nid < 0) - return WOLFSSL_FAILURE; - return wolfSSL_RSA_verify_ex(nid, digest, hashLen, sig, - (unsigned int)siglen, - ctx->pctx->pkey->rsa, ctx->pctx->padding); - } - #endif /* NO_RSA */ - - #ifdef HAVE_ECC - case EVP_PKEY_EC: { - int ret; - WOLFSSL_ECDSA_SIG *ecdsaSig; - ecdsaSig = wolfSSL_d2i_ECDSA_SIG(NULL, &sig, (long)siglen); - if (ecdsaSig == NULL) - return WOLFSSL_FAILURE; - ret = wolfSSL_ECDSA_do_verify(digest, hashLen, ecdsaSig, - ctx->pctx->pkey->ecc); - wolfSSL_ECDSA_SIG_free(ecdsaSig); - return ret; - } - #endif - default: - break; - } - } - - return WOLFSSL_FAILURE; -} - - -#ifdef WOLFSSL_APACHE_HTTPD -#if !defined(USE_WINDOWS_API) && !defined(MICROCHIP_PIC32) - #include -#endif - -#ifndef XGETPASSWD - static int XGETPASSWD(char* buf, int bufSz) { - int ret = WOLFSSL_SUCCESS; - - /* turn off echo for passwords */ - #ifdef USE_WINDOWS_API - DWORD originalTerm; - DWORD newTerm; - CONSOLE_SCREEN_BUFFER_INFO screenOrig; - HANDLE stdinHandle = GetStdHandle(STD_INPUT_HANDLE); - if (GetConsoleMode(stdinHandle, &originalTerm) == 0) { - WOLFSSL_MSG("Couldn't get the original terminal settings"); - return WOLFSSL_FAILURE; - } - newTerm = originalTerm; - newTerm &= ~ENABLE_ECHO_INPUT; - if (SetConsoleMode(stdinHandle, newTerm) == 0) { - WOLFSSL_MSG("Couldn't turn off echo"); - return WOLFSSL_FAILURE; - } - #else - struct termios originalTerm; - struct termios newTerm; - if (tcgetattr(STDIN_FILENO, &originalTerm) != 0) { - WOLFSSL_MSG("Couldn't get the original terminal settings"); - return WOLFSSL_FAILURE; - } - XMEMCPY(&newTerm, &originalTerm, sizeof(struct termios)); - - newTerm.c_lflag &= ~ECHO; - newTerm.c_lflag |= (ICANON | ECHONL); - if (tcsetattr(STDIN_FILENO, TCSANOW, &newTerm) != 0) { - WOLFSSL_MSG("Couldn't turn off echo"); - return WOLFSSL_FAILURE; - } - #endif - - if (XFGETS(buf, bufSz, stdin) == NULL) { - ret = WOLFSSL_FAILURE; - } - - /* restore default echo */ - #ifdef USE_WINDOWS_API - if (SetConsoleMode(stdinHandle, originalTerm) == 0) { - WOLFSSL_MSG("Couldn't restore the terminal settings"); - return WOLFSSL_FAILURE; - } - #else - if (tcsetattr(STDIN_FILENO, TCSANOW, &originalTerm) != 0) { - WOLFSSL_MSG("Couldn't restore the terminal settings"); - return WOLFSSL_FAILURE; - } - #endif - return ret; - } -#endif - -/* returns 0 on success and -2 or -1 on failure */ -int wolfSSL_EVP_read_pw_string(char* buf, int bufSz, const char* banner, int v) -{ - printf("%s", banner); - if (XGETPASSWD(buf, bufSz) == WOLFSSL_FAILURE) { - return -1; - } - (void)v; /* fgets always sanity checks size of input vs buffer */ - return 0; -} -#endif /* WOLFSSL_APACHE_HTTPD */ - -#if !defined(NO_PWDBASED) && !defined(NO_SHA) -int wolfSSL_PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, - const unsigned char *salt, - int saltlen, int iter, - int keylen, unsigned char *out) -{ - const char *nostring = ""; - int ret = 0; - - if (pass == NULL) { - passlen = 0; - pass = nostring; - } - else if (passlen == -1) { - passlen = (int)XSTRLEN(pass); - } - - ret = wc_PBKDF2((byte*)out, (byte*)pass, passlen, (byte*)salt, saltlen, - iter, keylen, WC_SHA); - if (ret == 0) - return WOLFSSL_SUCCESS; - else - return WOLFSSL_FAILURE; -} -#endif /* !NO_PWDBASED !NO_SHA*/ - -#if !defined(NO_PWDBASED) -WOLFSSL_API int wolfSSL_PKCS5_PBKDF2_HMAC(const char *pass, int passlen, - const unsigned char *salt, - int saltlen, int iter, - const WOLFSSL_EVP_MD *digest, - int keylen, unsigned char *out) -{ - const char *nostring = ""; - int ret = 0; - - if (pass == NULL) { - passlen = 0; - pass = nostring; - } else if (passlen == -1) { - passlen = (int)XSTRLEN(pass); - } - - ret = wc_PBKDF2((byte*)out, (byte*)pass, passlen, (byte*)salt, saltlen, - iter, keylen, wolfSSL_EVP_md2macType(digest)); - if (ret == 0) - return WOLFSSL_SUCCESS; - else - return WOLFSSL_FAILURE; -} -#endif /* !NO_PWDBASED */ - -static const struct cipher{ - unsigned char type; - const char *name; - int nid; -} cipher_tbl[] = { - -#ifndef NO_AES - #ifdef HAVE_AES_CBC - #ifdef WOLFSSL_AES_128 - {AES_128_CBC_TYPE, EVP_AES_128_CBC, NID_aes_128_cbc}, - #endif - #ifdef WOLFSSL_AES_192 - {AES_192_CBC_TYPE, EVP_AES_192_CBC, NID_aes_192_cbc}, - #endif - #ifdef WOLFSSL_AES_256 - {AES_256_CBC_TYPE, EVP_AES_256_CBC, NID_aes_256_cbc}, - #endif - #endif - - #ifdef WOLFSSL_AES_CFB - #ifdef WOLFSSL_AES_128 - {AES_128_CFB1_TYPE, EVP_AES_128_CFB1, NID_aes_128_cfb1}, - #endif - #ifdef WOLFSSL_AES_192 - {AES_192_CFB1_TYPE, EVP_AES_192_CFB1, NID_aes_192_cfb1}, - #endif - #ifdef WOLFSSL_AES_256 - {AES_256_CFB1_TYPE, EVP_AES_256_CFB1, NID_aes_256_cfb1}, - #endif - - #ifdef WOLFSSL_AES_128 - {AES_128_CFB8_TYPE, EVP_AES_128_CFB8, NID_aes_128_cfb8}, - #endif - #ifdef WOLFSSL_AES_192 - {AES_192_CFB8_TYPE, EVP_AES_192_CFB8, NID_aes_192_cfb8}, - #endif - #ifdef WOLFSSL_AES_256 - {AES_256_CFB8_TYPE, EVP_AES_256_CFB8, NID_aes_256_cfb8}, - #endif - - #ifdef WOLFSSL_AES_128 - {AES_128_CFB128_TYPE, EVP_AES_128_CFB128, NID_aes_128_cfb128}, - #endif - #ifdef WOLFSSL_AES_192 - {AES_192_CFB128_TYPE, EVP_AES_192_CFB128, NID_aes_192_cfb128}, - #endif - #ifdef WOLFSSL_AES_256 - {AES_256_CFB128_TYPE, EVP_AES_256_CFB128, NID_aes_256_cfb128}, - #endif - #endif - - #ifdef HAVE_AES_OFB - #ifdef WOLFSSL_AES_128 - {AES_128_OFB_TYPE, EVP_AES_128_OFB, NID_aes_128_ofb}, - #endif - #ifdef WOLFSSL_AES_192 - {AES_192_OFB_TYPE, EVP_AES_192_OFB, NID_aes_192_ofb}, - #endif - #ifdef WOLFSSL_AES_256 - {AES_256_OFB_TYPE, EVP_AES_256_OFB, NID_aes_256_ofb}, - #endif - #endif - - #ifdef HAVE_AES_XTS - #ifdef WOLFSSL_AES_128 - {AES_128_XTS_TYPE, EVP_AES_128_XTS, NID_aes_128_xts}, - #endif - #ifdef WOLFSSL_AES_256 - {AES_256_XTS_TYPE, EVP_AES_256_XTS, NID_aes_256_xts}, - #endif - #endif - - #ifdef HAVE_AESGCM - #ifdef WOLFSSL_AES_128 - {AES_128_GCM_TYPE, EVP_AES_128_GCM, NID_aes_128_gcm}, - #endif - #ifdef WOLFSSL_AES_192 - {AES_192_GCM_TYPE, EVP_AES_192_GCM, NID_aes_192_gcm}, - #endif - #ifdef WOLFSSL_AES_256 - {AES_256_GCM_TYPE, EVP_AES_256_GCM, NID_aes_256_gcm}, - #endif - #endif - - #ifdef WOLFSSL_AES_COUNTER - #ifdef WOLFSSL_AES_128 - {AES_128_CTR_TYPE, EVP_AES_128_CTR, NID_aes_128_ctr}, - #endif - #ifdef WOLFSSL_AES_192 - {AES_192_CTR_TYPE, EVP_AES_192_CTR, NID_aes_192_ctr}, - #endif - #ifdef WOLFSSL_AES_256 - {AES_256_CTR_TYPE, EVP_AES_256_CTR, NID_aes_256_ctr}, - #endif - #endif - - #ifdef HAVE_AES_ECB - #ifdef WOLFSSL_AES_128 - {AES_128_ECB_TYPE, EVP_AES_128_ECB, NID_aes_128_ecb}, - #endif - #ifdef WOLFSSL_AES_192 - {AES_192_ECB_TYPE, EVP_AES_192_ECB, NID_aes_192_ecb}, - #endif - #ifdef WOLFSSL_AES_256 - {AES_256_ECB_TYPE, EVP_AES_256_ECB, NID_aes_256_ecb}, - #endif - #endif -#endif - -#ifndef NO_DES3 - {DES_CBC_TYPE, EVP_DES_CBC, NID_des_cbc}, - {DES_ECB_TYPE, EVP_DES_ECB, NID_des_ecb}, - - {DES_EDE3_CBC_TYPE, EVP_DES_EDE3_CBC, NID_des_ede3_cbc}, - {DES_EDE3_ECB_TYPE, EVP_DES_EDE3_ECB, NID_des_ede3_ecb}, -#endif - -#ifndef NO_RC4 - {ARC4_TYPE, EVP_ARC4, NID_undef}, -#endif - -#ifdef HAVE_IDEA - {IDEA_CBC_TYPE, EVP_IDEA_CBC, NID_idea_cbc}, -#endif - { 0, NULL, 0} -}; - -/* returns cipher using provided ctx type */ -const WOLFSSL_EVP_CIPHER *wolfSSL_EVP_CIPHER_CTX_cipher( - const WOLFSSL_EVP_CIPHER_CTX *ctx) -{ - const struct cipher* c; - - if (!ctx || !ctx->cipherType) { - return NULL; - } - - for (c = cipher_tbl; c->type != 0; c++) { - if (ctx->cipherType == c->type) { - return wolfSSL_EVP_get_cipherbyname(c->name); - } - } - - return NULL; -} - -int wolfSSL_EVP_CIPHER_nid(const WOLFSSL_EVP_CIPHER *cipher) -{ - const struct cipher* c; - - if (!cipher) { - return 0; - } - - for (c = cipher_tbl; c->type != 0; c++) { - if (XSTRNCMP(cipher, c->name, XSTRLEN(c->name)+1) == 0) { - return c->nid; - } - } - - return 0; -} - -const WOLFSSL_EVP_CIPHER *wolfSSL_EVP_get_cipherbyname(const char *name) -{ - - const struct alias { - const char *name; - const char *alias; - } alias_tbl[] = - { -#ifndef NO_DES3 - {EVP_DES_CBC, "DES"}, - {EVP_DES_CBC, "des"}, - {EVP_DES_ECB, "DES-ECB"}, - {EVP_DES_ECB, "des-ecb"}, - {EVP_DES_EDE3_CBC, "DES3"}, - {EVP_DES_EDE3_CBC, "des3"}, - {EVP_DES_EDE3_ECB, "DES-EDE3"}, - {EVP_DES_EDE3_ECB, "des-ede3"}, - {EVP_DES_EDE3_ECB, "des-ede3-ecb"}, -#endif -#ifdef HAVE_IDEA - {EVP_IDEA_CBC, "IDEA"}, - {EVP_IDEA_CBC, "idea"}, -#endif -#ifndef NO_AES - #ifdef HAVE_AES_CBC - #ifdef WOLFSSL_AES_128 - {EVP_AES_128_CBC, "AES128-CBC"}, - {EVP_AES_128_CBC, "aes128-cbc"}, - #endif - #ifdef WOLFSSL_AES_192 - {EVP_AES_192_CBC, "AES192-CBC"}, - {EVP_AES_192_CBC, "aes192-cbc"}, - #endif - #ifdef WOLFSSL_AES_256 - {EVP_AES_256_CBC, "AES256-CBC"}, - {EVP_AES_256_CBC, "aes256-cbc"}, - #endif - #endif - #ifdef HAVE_AES_ECB - #ifdef WOLFSSL_AES_128 - {EVP_AES_128_ECB, "AES128-ECB"}, - {EVP_AES_128_ECB, "aes128-ecb"}, - #endif - #ifdef WOLFSSL_AES_192 - {EVP_AES_192_ECB, "AES192-ECB"}, - {EVP_AES_192_ECB, "aes192-ecb"}, - #endif - #ifdef WOLFSSL_AES_256 - {EVP_AES_256_ECB, "AES256-ECB"}, - #endif - #endif - #ifdef HAVE_AESGCM - #ifdef WOLFSSL_AES_128 - {EVP_AES_128_GCM, "aes-128-gcm"}, - {EVP_AES_128_GCM, "id-aes128-GCM"}, - #endif - #ifdef WOLFSSL_AES_192 - {EVP_AES_192_GCM, "aes-192-gcm"}, - {EVP_AES_192_GCM, "id-aes192-GCM"}, - #endif - #ifdef WOLFSSL_AES_256 - {EVP_AES_256_GCM, "aes-256-gcm"}, - {EVP_AES_256_GCM, "id-aes256-GCM"}, - #endif - #endif -#endif -#ifndef NO_RC4 - {EVP_ARC4, "RC4"}, -#endif - { NULL, NULL} - }; - - const struct cipher *ent; - const struct alias *al; - - WOLFSSL_ENTER("EVP_get_cipherbyname"); - - for( al = alias_tbl; al->name != NULL; al++) - if(XSTRNCMP(name, al->alias, XSTRLEN(al->alias)+1) == 0) { - name = al->name; - break; - } - - for( ent = cipher_tbl; ent->name != NULL; ent++) - if(XSTRNCMP(name, ent->name, XSTRLEN(ent->name)+1) == 0) { - return (WOLFSSL_EVP_CIPHER *)ent->name; - } - - return NULL; -} - -/* - * return an EVP_CIPHER structure when cipher NID is passed. - * - * id cipher NID - * - * return WOLFSSL_EVP_CIPHER -*/ -const WOLFSSL_EVP_CIPHER *wolfSSL_EVP_get_cipherbynid(int id) -{ - WOLFSSL_ENTER("EVP_get_cipherbynid"); - - switch(id) { - -#ifndef NO_AES - #ifdef HAVE_AES_CBC - #ifdef WOLFSSL_AES_128 - case NID_aes_128_cbc: - return wolfSSL_EVP_aes_128_cbc(); - #endif - #ifdef WOLFSSL_AES_192 - case NID_aes_192_cbc: - return wolfSSL_EVP_aes_192_cbc(); - #endif - #ifdef WOLFSSL_AES_256 - case NID_aes_256_cbc: - return wolfSSL_EVP_aes_256_cbc(); - #endif - #endif - #ifdef WOLFSSL_AES_COUNTER - #ifdef WOLFSSL_AES_128 - case NID_aes_128_ctr: - return wolfSSL_EVP_aes_128_ctr(); - #endif - #ifdef WOLFSSL_AES_192 - case NID_aes_192_ctr: - return wolfSSL_EVP_aes_192_ctr(); - #endif - #ifdef WOLFSSL_AES_256 - case NID_aes_256_ctr: - return wolfSSL_EVP_aes_256_ctr(); - #endif - #endif /* WOLFSSL_AES_COUNTER */ - #ifdef HAVE_AES_ECB - #ifdef WOLFSSL_AES_128 - case NID_aes_128_ecb: - return wolfSSL_EVP_aes_128_ecb(); - #endif - #ifdef WOLFSSL_AES_192 - case NID_aes_192_ecb: - return wolfSSL_EVP_aes_192_ecb(); - #endif - #ifdef WOLFSSL_AES_256 - case NID_aes_256_ecb: - return wolfSSL_EVP_aes_256_ecb(); - #endif - #endif /* HAVE_AES_ECB */ - #ifdef HAVE_AESGCM - #ifdef WOLFSSL_AES_128 - case NID_aes_128_gcm: - return wolfSSL_EVP_aes_128_gcm(); - #endif - #ifdef WOLFSSL_AES_192 - case NID_aes_192_gcm: - return wolfSSL_EVP_aes_192_gcm(); - #endif - #ifdef WOLFSSL_AES_256 - case NID_aes_256_gcm: - return wolfSSL_EVP_aes_256_gcm(); - #endif - #endif -#endif - -#ifndef NO_DES3 - case NID_des_cbc: - return wolfSSL_EVP_des_cbc(); -#ifdef WOLFSSL_DES_ECB - case NID_des_ecb: - return wolfSSL_EVP_des_ecb(); -#endif - case NID_des_ede3_cbc: - return wolfSSL_EVP_des_ede3_cbc(); -#ifdef WOLFSSL_DES_ECB - case NID_des_ede3_ecb: - return wolfSSL_EVP_des_ede3_ecb(); -#endif -#endif /*NO_DES3*/ - -#ifdef HAVE_IDEA - case NID_idea_cbc: - return wolfSSL_EVP_idea_cbc(); -#endif - - default: - WOLFSSL_MSG("Bad cipher id value"); - } - - return NULL; -} - -void wolfSSL_EVP_init(void) -{ - /* Does nothing. */ -} - -#if !defined(NO_PWDBASED) -/* this function makes the assumption that out buffer is big enough for digest*/ -int wolfSSL_EVP_Digest(const unsigned char* in, int inSz, unsigned char* out, - unsigned int* outSz, const WOLFSSL_EVP_MD* evp, - WOLFSSL_ENGINE* eng) -{ - int err; - int hashType = WC_HASH_TYPE_NONE; - int hashSz; - - WOLFSSL_ENTER("wolfSSL_EVP_Digest"); - if (in == NULL || out == NULL || evp == NULL) { - WOLFSSL_MSG("Null argument passed in"); - return WOLFSSL_FAILURE; - } - - err = wolfSSL_EVP_get_hashinfo(evp, &hashType, &hashSz); - if (err != WOLFSSL_SUCCESS) - return err; - - if (wc_Hash((enum wc_HashType)hashType, in, inSz, out, hashSz) != 0) { - return WOLFSSL_FAILURE; - } - - if (outSz != NULL) - *outSz = hashSz; - - (void)eng; - return WOLFSSL_SUCCESS; -} -#endif - -const WOLFSSL_EVP_MD *wolfSSL_EVP_get_digestbyname(const char *name) -{ - static const struct alias { - const char *name; - const char *alias; - } alias_tbl[] = - { - {"MD4", "ssl3-md4"}, - {"MD5", "ssl3-md5"}, - {"SHA", "ssl3-sha1"}, - {"SHA", "SHA1"}, - { NULL, NULL} - }; - - const struct alias *al; - const struct s_ent *ent; - - - for (al = alias_tbl; al->name != NULL; al++) - if(XSTRNCMP(name, al->alias, XSTRLEN(al->alias)+1) == 0) { - name = al->name; - break; - } - - for (ent = md_tbl; ent->name != NULL; ent++) - if(XSTRNCMP(name, ent->name, XSTRLEN(ent->name)+1) == 0) { - return (EVP_MD *)ent->name; - } - return NULL; -} - -int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) -{ - const struct s_ent *ent ; - WOLFSSL_ENTER("EVP_MD_type"); - for( ent = md_tbl; ent->name != NULL; ent++){ - if(XSTRNCMP((const char *)md, ent->name, XSTRLEN(ent->name)+1) == 0) { - return ent->nid; - } - } - return 0; -} - -#ifndef NO_MD4 - - /* return a pointer to MD4 EVP type */ - const WOLFSSL_EVP_MD* wolfSSL_EVP_md4(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_md4"); - return EVP_get_digestbyname("MD4"); - } - -#endif /* !NO_MD4 */ - - -#ifndef NO_MD5 - - const WOLFSSL_EVP_MD* wolfSSL_EVP_md5(void) - { - WOLFSSL_ENTER("EVP_md5"); - return EVP_get_digestbyname("MD5"); - } - -#endif /* !NO_MD5 */ - - -#ifndef NO_WOLFSSL_STUB - const WOLFSSL_EVP_MD* wolfSSL_EVP_mdc2(void) - { - WOLFSSL_STUB("EVP_mdc2"); - return NULL; - } -#endif - -#ifndef NO_SHA - const WOLFSSL_EVP_MD* wolfSSL_EVP_sha1(void) - { - WOLFSSL_ENTER("EVP_sha1"); - return EVP_get_digestbyname("SHA"); - } -#endif /* NO_SHA */ - -#ifdef WOLFSSL_SHA224 - - const WOLFSSL_EVP_MD* wolfSSL_EVP_sha224(void) - { - WOLFSSL_ENTER("EVP_sha224"); - return EVP_get_digestbyname("SHA224"); - } - -#endif /* WOLFSSL_SHA224 */ - - - const WOLFSSL_EVP_MD* wolfSSL_EVP_sha256(void) - { - WOLFSSL_ENTER("EVP_sha256"); - return EVP_get_digestbyname("SHA256"); - } - -#ifdef WOLFSSL_SHA384 - - const WOLFSSL_EVP_MD* wolfSSL_EVP_sha384(void) - { - WOLFSSL_ENTER("EVP_sha384"); - return EVP_get_digestbyname("SHA384"); - } - -#endif /* WOLFSSL_SHA384 */ - -#ifdef WOLFSSL_SHA512 - - const WOLFSSL_EVP_MD* wolfSSL_EVP_sha512(void) - { - WOLFSSL_ENTER("EVP_sha512"); - return EVP_get_digestbyname("SHA512"); - } - -#endif /* WOLFSSL_SHA512 */ - -#ifdef WOLFSSL_SHA3 -#ifndef WOLFSSL_NOSHA3_224 - const WOLFSSL_EVP_MD* wolfSSL_EVP_sha3_224(void) - { - WOLFSSL_ENTER("EVP_sha3_224"); - return EVP_get_digestbyname("SHA3_224"); - } -#endif /* WOLFSSL_NOSHA3_224 */ - - -#ifndef WOLFSSL_NOSHA3_256 - const WOLFSSL_EVP_MD* wolfSSL_EVP_sha3_256(void) - { - WOLFSSL_ENTER("EVP_sha3_256"); - return EVP_get_digestbyname("SHA3_256"); - } -#endif /* WOLFSSL_NOSHA3_256 */ - - const WOLFSSL_EVP_MD* wolfSSL_EVP_sha3_384(void) - { - WOLFSSL_ENTER("EVP_sha3_384"); - return EVP_get_digestbyname("SHA3_384"); - } - -#ifndef WOLFSSL_NOSHA3_512 - const WOLFSSL_EVP_MD* wolfSSL_EVP_sha3_512(void) - { - WOLFSSL_ENTER("EVP_sha3_512"); - return EVP_get_digestbyname("SHA3_512"); - } -#endif /* WOLFSSL_NOSHA3_512 */ -#endif /* WOLFSSL_SHA3 */ - - WOLFSSL_EVP_MD_CTX *wolfSSL_EVP_MD_CTX_new(void) - { - WOLFSSL_EVP_MD_CTX* ctx; - WOLFSSL_ENTER("EVP_MD_CTX_new"); - ctx = (WOLFSSL_EVP_MD_CTX*)XMALLOC(sizeof *ctx, NULL, - DYNAMIC_TYPE_OPENSSL); - if (ctx){ - wolfSSL_EVP_MD_CTX_init(ctx); - } - return ctx; - } - - WOLFSSL_API void wolfSSL_EVP_MD_CTX_free(WOLFSSL_EVP_MD_CTX *ctx) - { - if (ctx) { - WOLFSSL_ENTER("EVP_MD_CTX_free"); - wolfSSL_EVP_MD_CTX_cleanup(ctx); - XFREE(ctx, NULL, DYNAMIC_TYPE_OPENSSL); - } - } - - /* returns the NID of message digest used by the ctx */ - int wolfSSL_EVP_MD_CTX_type(const WOLFSSL_EVP_MD_CTX *ctx) - { - const struct s_ent *ent; - - WOLFSSL_ENTER("EVP_MD_CTX_type"); - - if (ctx) { - if (ctx->isHMAC) { - return NID_hmac; - } - - for(ent = md_tbl; ent->name != NULL; ent++) { - if (ctx->macType == ent->macType) { - return ent->nid; - } - } - /* Return whatever we got */ - return ctx->macType; - } - return 0; - } - - - /* returns WOLFSSL_SUCCESS on success */ - int wolfSSL_EVP_MD_CTX_copy(WOLFSSL_EVP_MD_CTX *out, const WOLFSSL_EVP_MD_CTX *in) - { - return wolfSSL_EVP_MD_CTX_copy_ex(out, in); - } - - /* returns digest size */ - int wolfSSL_EVP_MD_CTX_size(const WOLFSSL_EVP_MD_CTX *ctx) { - return(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(ctx))); - } - /* returns block size */ - int wolfSSL_EVP_MD_CTX_block_size(const WOLFSSL_EVP_MD_CTX *ctx) { - return(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(ctx))); - } - - /* Deep copy of EVP_MD hasher - * return WOLFSSL_SUCCESS on success */ - static int wolfSSL_EVP_MD_Copy_Hasher(WOLFSSL_EVP_MD_CTX* des, - const WOLFSSL_EVP_MD_CTX* src) - { - int ret; - if (src->isHMAC) { - ret = wolfSSL_HmacCopy(&des->hash.hmac, (Hmac*)&src->hash.hmac); - } - else { - switch (src->macType) { - case WC_HASH_TYPE_MD5: - #ifndef NO_MD5 - ret = wc_Md5Copy((wc_Md5*)&src->hash.digest, - (wc_Md5*)&des->hash.digest); - #else - ret = NOT_COMPILED_IN; - #endif /* !NO_MD5 */ - break; - case WC_HASH_TYPE_SHA: - #ifndef NO_SHA - ret = wc_ShaCopy((wc_Sha*)&src->hash.digest, - (wc_Sha*)&des->hash.digest); - #else - ret = NOT_COMPILED_IN; - #endif /* !NO_SHA */ - break; - case WC_HASH_TYPE_SHA224: - #ifdef WOLFSSL_SHA224 - ret = wc_Sha224Copy((wc_Sha224*)&src->hash.digest, - (wc_Sha224*)&des->hash.digest); - #else - ret = NOT_COMPILED_IN; - #endif /* WOLFSSL_SHA224 */ - break; - case WC_HASH_TYPE_SHA256: - #ifndef NO_SHA256 - ret = wc_Sha256Copy((wc_Sha256*)&src->hash.digest, - (wc_Sha256*)&des->hash.digest); - #else - ret = NOT_COMPILED_IN; - #endif /* !NO_SHA256 */ - break; - case WC_HASH_TYPE_SHA384: - #ifdef WOLFSSL_SHA384 - ret = wc_Sha384Copy((wc_Sha384*)&src->hash.digest, - (wc_Sha384*)&des->hash.digest); - #else - ret = NOT_COMPILED_IN; - #endif /* WOLFSSL_SHA384 */ - break; - case WC_HASH_TYPE_SHA512: - #ifdef WOLFSSL_SHA512 - ret = wc_Sha512Copy((wc_Sha512*)&src->hash.digest, - (wc_Sha512*)&des->hash.digest); - #else - ret = NOT_COMPILED_IN; - #endif /* WOLFSSL_SHA512 */ - break; - case WC_HASH_TYPE_SHA3_224: - #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224) - ret = wc_Sha3_224_Copy((wc_Sha3*)&src->hash.digest, - (wc_Sha3*)&des->hash.digest); - #else - ret = NOT_COMPILED_IN; - #endif - break; - case WC_HASH_TYPE_SHA3_256: - #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) - ret = wc_Sha3_256_Copy((wc_Sha3*)&src->hash.digest, - (wc_Sha3*)&des->hash.digest); - #else - ret = NOT_COMPILED_IN; - #endif - break; - case WC_HASH_TYPE_SHA3_384: - #if defined(WOLFSSL_SHA3) - ret = wc_Sha3_384_Copy((wc_Sha3*)&src->hash.digest, - (wc_Sha3*)&des->hash.digest); - #else - ret = NOT_COMPILED_IN; - #endif - break; - case WC_HASH_TYPE_SHA3_512: - #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512) - ret = wc_Sha3_512_Copy((wc_Sha3*)&src->hash.digest, - (wc_Sha3*)&des->hash.digest); - #else - ret = NOT_COMPILED_IN; - #endif - break; - case WC_HASH_TYPE_NONE: - case WC_HASH_TYPE_MD2: - case WC_HASH_TYPE_MD4: - case WC_HASH_TYPE_MD5_SHA: - case WC_HASH_TYPE_BLAKE2B: - case WC_HASH_TYPE_BLAKE2S: - default: - ret = BAD_FUNC_ARG; - break; - } - } - return ret == 0 ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE; - } - - /* copies structure in to the structure out - * - * returns WOLFSSL_SUCCESS on success */ - int wolfSSL_EVP_MD_CTX_copy_ex(WOLFSSL_EVP_MD_CTX *out, const WOLFSSL_EVP_MD_CTX *in) - { - if ((out == NULL) || (in == NULL)) return WOLFSSL_FAILURE; - WOLFSSL_ENTER("EVP_CIPHER_MD_CTX_copy_ex"); - XMEMCPY(out, in, sizeof(WOLFSSL_EVP_MD_CTX)); - if (in->pctx != NULL) { - out->pctx = wolfSSL_EVP_PKEY_CTX_new(in->pctx->pkey, NULL); - if (out->pctx == NULL) - return WOLFSSL_FAILURE; - } - return wolfSSL_EVP_MD_Copy_Hasher(out, (WOLFSSL_EVP_MD_CTX*)in); - } - - void wolfSSL_EVP_MD_CTX_init(WOLFSSL_EVP_MD_CTX* ctx) - { - WOLFSSL_ENTER("EVP_CIPHER_MD_CTX_init"); - XMEMSET(ctx, 0, sizeof(WOLFSSL_EVP_MD_CTX)); - } - - const WOLFSSL_EVP_MD *wolfSSL_EVP_MD_CTX_md(const WOLFSSL_EVP_MD_CTX *ctx) - { - const struct s_ent *ent; - if (ctx == NULL) - return NULL; - WOLFSSL_ENTER("EVP_MD_CTX_md"); - if (ctx->isHMAC) { - return "HMAC"; - } - for(ent = md_tbl; ent->name != NULL; ent++) { - if(ctx->macType == ent->macType) { - return (const WOLFSSL_EVP_MD *)ent->name; - } - } - return (WOLFSSL_EVP_MD *)NULL; - } - - #ifndef NO_AES - - #ifdef HAVE_AES_CBC - #ifdef WOLFSSL_AES_128 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cbc(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_128_cbc"); - return EVP_AES_128_CBC; - } - #endif /* WOLFSSL_AES_128 */ - - - #ifdef WOLFSSL_AES_192 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_cbc(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_192_cbc"); - return EVP_AES_192_CBC; - } - #endif /* WOLFSSL_AES_192 */ - - - #ifdef WOLFSSL_AES_256 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_cbc(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_256_cbc"); - return EVP_AES_256_CBC; - } - #endif /* WOLFSSL_AES_256 */ - #endif /* HAVE_AES_CBC */ - - #ifdef WOLFSSL_AES_CFB -#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) - #ifdef WOLFSSL_AES_128 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cfb1(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_128_cfb1"); - return EVP_AES_128_CFB1; - } - #endif /* WOLFSSL_AES_128 */ - - #ifdef WOLFSSL_AES_192 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_cfb1(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_192_cfb1"); - return EVP_AES_192_CFB1; - } - #endif /* WOLFSSL_AES_192 */ - - #ifdef WOLFSSL_AES_256 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_cfb1(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_256_cfb1"); - return EVP_AES_256_CFB1; - } - #endif /* WOLFSSL_AES_256 */ - - #ifdef WOLFSSL_AES_128 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cfb8(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_128_cfb8"); - return EVP_AES_128_CFB8; - } - #endif /* WOLFSSL_AES_128 */ - - #ifdef WOLFSSL_AES_192 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_cfb8(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_192_cfb8"); - return EVP_AES_192_CFB8; - } - #endif /* WOLFSSL_AES_192 */ - - #ifdef WOLFSSL_AES_256 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_cfb8(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_256_cfb8"); - return EVP_AES_256_CFB8; - } - #endif /* WOLFSSL_AES_256 */ -#endif /* !HAVE_SELFTEST && !HAVE_FIPS */ - - #ifdef WOLFSSL_AES_128 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cfb128(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_128_cfb128"); - return EVP_AES_128_CFB128; - } - #endif /* WOLFSSL_AES_128 */ - - #ifdef WOLFSSL_AES_192 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_cfb128(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_192_cfb128"); - return EVP_AES_192_CFB128; - } - #endif /* WOLFSSL_AES_192 */ - - #ifdef WOLFSSL_AES_256 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_cfb128(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_256_cfb128"); - return EVP_AES_256_CFB128; - } - #endif /* WOLFSSL_AES_256 */ - #endif /* WOLFSSL_AES_CFB */ - - #ifdef WOLFSSL_AES_OFB - #ifdef WOLFSSL_AES_128 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_ofb(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_128_ofb"); - return EVP_AES_128_OFB; - } - #endif /* WOLFSSL_AES_128 */ - - #ifdef WOLFSSL_AES_192 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_ofb(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_192_ofb"); - return EVP_AES_192_OFB; - } - #endif /* WOLFSSL_AES_192 */ - - #ifdef WOLFSSL_AES_256 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_ofb(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_256_ofb"); - return EVP_AES_256_OFB; - } - #endif /* WOLFSSL_AES_256 */ - #endif /* WOLFSSL_AES_OFB */ - - #ifdef WOLFSSL_AES_XTS - #ifdef WOLFSSL_AES_128 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_xts(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_128_xts"); - return EVP_AES_128_XTS; - } - #endif /* WOLFSSL_AES_128 */ - - #ifdef WOLFSSL_AES_256 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_xts(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_256_xts"); - return EVP_AES_256_XTS; - } - #endif /* WOLFSSL_AES_256 */ - #endif /* WOLFSSL_AES_XTS */ - - #ifdef HAVE_AESGCM - #ifdef WOLFSSL_AES_128 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_gcm(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_128_gcm"); - return EVP_AES_128_GCM; - } - #endif /* WOLFSSL_GCM_128 */ - - #ifdef WOLFSSL_AES_192 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_gcm(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_192_gcm"); - return EVP_AES_192_GCM; - } - #endif /* WOLFSSL_AES_192 */ - - #ifdef WOLFSSL_AES_256 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_gcm(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_256_gcm"); - return EVP_AES_256_GCM; - } - #endif /* WOLFSSL_AES_256 */ - #endif /* HAVE_AESGCM */ - - #ifdef WOLFSSL_AES_COUNTER - #ifdef WOLFSSL_AES_128 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_ctr(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_128_ctr"); - return EVP_AES_128_CTR; - } - #endif /* WOLFSSL_AES_2128 */ - - - #ifdef WOLFSSL_AES_192 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_ctr(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_192_ctr"); - return EVP_AES_192_CTR; - } - #endif /* WOLFSSL_AES_192 */ - - - #ifdef WOLFSSL_AES_256 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_ctr(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_256_ctr"); - return EVP_AES_256_CTR; - } - #endif /* WOLFSSL_AES_256 */ - #endif /* WOLFSSL_AES_COUNTER */ - - #ifdef HAVE_AES_ECB - #ifdef WOLFSSL_AES_128 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_ecb(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_128_ecb"); - return EVP_AES_128_ECB; - } - #endif /* WOLFSSL_AES_128 */ - - - #ifdef WOLFSSL_AES_192 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_ecb(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_192_ecb"); - return EVP_AES_192_ECB; - } - #endif /* WOLFSSL_AES_192*/ - - - #ifdef WOLFSSL_AES_256 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_ecb(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_aes_256_ecb"); - return EVP_AES_256_ECB; - } - #endif /* WOLFSSL_AES_256 */ - #endif /* HAVE_AES_ECB */ - #endif /* NO_AES */ - -#ifndef NO_DES3 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_cbc(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_des_cbc"); - return EVP_DES_CBC; - } -#ifdef WOLFSSL_DES_ECB - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_ecb(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_des_ecb"); - return EVP_DES_ECB; - } -#endif - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_ede3_cbc(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_des_ede3_cbc"); - return EVP_DES_EDE3_CBC; - } -#ifdef WOLFSSL_DES_ECB - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_ede3_ecb(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_des_ede3_ecb"); - return EVP_DES_EDE3_ECB; - } -#endif -#endif /* NO_DES3 */ - -#ifndef NO_RC4 - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_rc4(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_rc4"); - return EVP_ARC4; - } -#endif - -#ifdef HAVE_IDEA - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_idea_cbc(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_idea_cbc"); - return EVP_IDEA_CBC; - } -#endif - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_enc_null(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_enc_null"); - return EVP_NULL; - } - - int wolfSSL_EVP_MD_CTX_cleanup(WOLFSSL_EVP_MD_CTX* ctx) - { - int ret = WOLFSSL_SUCCESS; - WOLFSSL_ENTER("EVP_MD_CTX_cleanup"); - if (ctx->pctx != NULL) - wolfSSL_EVP_PKEY_CTX_free(ctx->pctx); - - if (ctx->isHMAC) { - wc_HmacFree(&ctx->hash.hmac); - } - else { - switch (ctx->macType) { - case WC_HASH_TYPE_MD5: - #ifndef NO_MD5 - wc_Md5Free((wc_Md5*)&ctx->hash.digest); - #endif /* !NO_MD5 */ - break; - case WC_HASH_TYPE_SHA: - #ifndef NO_SHA - wc_ShaFree((wc_Sha*)&ctx->hash.digest); - #endif /* !NO_SHA */ - break; - case WC_HASH_TYPE_SHA224: - #ifdef WOLFSSL_SHA224 - wc_Sha224Free((wc_Sha224*)&ctx->hash.digest); - #endif /* WOLFSSL_SHA224 */ - break; - case WC_HASH_TYPE_SHA256: - #ifndef NO_SHA256 - wc_Sha256Free((wc_Sha256*)&ctx->hash.digest); - #endif /* !NO_SHA256 */ - break; - case WC_HASH_TYPE_SHA384: - #ifdef WOLFSSL_SHA384 - wc_Sha384Free((wc_Sha384*)&ctx->hash.digest); - #endif /* WOLFSSL_SHA384 */ - break; - case WC_HASH_TYPE_SHA512: - #ifdef WOLFSSL_SHA512 - wc_Sha512Free((wc_Sha512*)&ctx->hash.digest); - #endif /* WOLFSSL_SHA512 */ - break; - case WC_HASH_TYPE_SHA3_224: - #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224) - wc_Sha3_224_Free((wc_Sha3*)&ctx->hash.digest); - #endif - break; - case WC_HASH_TYPE_SHA3_256: - #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) - wc_Sha3_256_Free((wc_Sha3*)&ctx->hash.digest); - #endif - break; - case WC_HASH_TYPE_SHA3_384: - #if defined(WOLFSSL_SHA3) - wc_Sha3_384_Free((wc_Sha3*)&ctx->hash.digest); - #endif - break; - case WC_HASH_TYPE_SHA3_512: - #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512) - wc_Sha3_512_Free((wc_Sha3*)&ctx->hash.digest); - #endif - break; - case WC_HASH_TYPE_NONE: - case WC_HASH_TYPE_MD2: - case WC_HASH_TYPE_MD4: - case WC_HASH_TYPE_MD5_SHA: - case WC_HASH_TYPE_BLAKE2B: - case WC_HASH_TYPE_BLAKE2S: - default: - ret = WOLFSSL_FAILURE; - break; - } - } - ForceZero(ctx, sizeof(*ctx)); - ctx->macType = WC_HASH_TYPE_NONE; - return ret; - } - - void wolfSSL_EVP_CIPHER_CTX_init(WOLFSSL_EVP_CIPHER_CTX* ctx) - { - WOLFSSL_ENTER("EVP_CIPHER_CTX_init"); - if (ctx) { - XMEMSET(ctx, 0, sizeof(WOLFSSL_EVP_CIPHER_CTX)); - ctx->cipherType = WOLFSSL_EVP_CIPH_TYPE_INIT; /* not yet initialized */ - ctx->keyLen = 0; - ctx->enc = 1; /* start in encrypt mode */ - } - } - -#if defined(HAVE_AESGCM) && !defined(HAVE_SELFTEST) - static WC_INLINE void IncCtr(byte* ctr, word32 ctrSz) - { - int i; - for (i = ctrSz-1; i >= 0; i--) { - if (++ctr[i]) - break; - } - } -#endif - - /* This function allows cipher specific parameters to be - determined and set. */ - int wolfSSL_EVP_CIPHER_CTX_ctrl(WOLFSSL_EVP_CIPHER_CTX *ctx, int type, \ - int arg, void *ptr) - { - int ret = WOLFSSL_FAILURE; -#if defined(HAVE_AESGCM) && !defined(HAVE_SELFTEST) && !defined(WC_NO_RNG) - WC_RNG rng; -#endif - if (ctx == NULL) - return WOLFSSL_FAILURE; - - (void)arg; - (void)ptr; - - WOLFSSL_ENTER("EVP_CIPHER_CTX_ctrl"); - - switch(type) { - case EVP_CTRL_INIT: - wolfSSL_EVP_CIPHER_CTX_init(ctx); - if(ctx) - ret = WOLFSSL_SUCCESS; - break; - case EVP_CTRL_SET_KEY_LENGTH: - ret = wolfSSL_EVP_CIPHER_CTX_set_key_length(ctx, arg); - break; -#if defined(HAVE_AESGCM) && !defined(HAVE_SELFTEST) && !defined(WC_NO_RNG) - case EVP_CTRL_GCM_SET_IVLEN: - if(arg <= 0 || arg > 16) - return WOLFSSL_FAILURE; - ret = wolfSSL_EVP_CIPHER_CTX_set_iv_length(ctx, arg); - break; - case EVP_CTRL_AEAD_SET_IV_FIXED: - if (arg == -1) { - /* arg == -1 copies ctx->ivSz from ptr */ - ret = wolfSSL_EVP_CIPHER_CTX_set_iv(ctx, (byte*)ptr, ctx->ivSz); - } - else { - /* - * Fixed field must be at least 4 bytes and invocation - * field at least 8. - */ - if ((arg < 4) || (ctx->ivSz - arg) < 8) { - WOLFSSL_MSG("Fixed field or invocation field too short"); - ret = WOLFSSL_FAILURE; - break; - } - if (wc_InitRng(&rng) != 0) { - WOLFSSL_MSG("wc_InitRng failed"); - ret = WOLFSSL_FAILURE; - break; - } - if (arg) { - XMEMCPY(ctx->iv, ptr, arg); - } - if (wc_RNG_GenerateBlock(&rng, ctx->iv + arg, - ctx->ivSz - arg) != 0) { - /* rng is freed immediately after if block so no need - * to do it here - */ - WOLFSSL_MSG("wc_RNG_GenerateBlock failed"); - ret = WOLFSSL_FAILURE; - } - - if (wc_FreeRng(&rng) != 0) { - WOLFSSL_MSG("wc_FreeRng failed"); - ret = WOLFSSL_FAILURE; - break; - } - } - break; -#if !defined(_WIN32) && !defined(HAVE_FIPS) - case EVP_CTRL_GCM_IV_GEN: - if (ctx->cipher.aes.keylen == 0 || ctx->ivSz == 0) { - ret = WOLFSSL_FAILURE; - WOLFSSL_MSG("Key or IV not set"); - break; - } - if ((ret = wc_AesGcmSetExtIV(&ctx->cipher.aes, ctx->iv, ctx->ivSz)) != 0) { - WOLFSSL_MSG("wc_AesGcmSetIV failed"); - ret = WOLFSSL_FAILURE; - } - /* OpenSSL increments the IV. Not sure why */ - IncCtr(ctx->iv, ctx->ivSz); - break; -#endif - case EVP_CTRL_AEAD_SET_TAG: - if(arg <= 0 || arg > 16 || (ptr == NULL)) - return WOLFSSL_FAILURE; - - XMEMCPY(ctx->authTag, ptr, arg); - ctx->authTagSz = arg; - ret = WOLFSSL_SUCCESS; - - break; - case EVP_CTRL_AEAD_GET_TAG: - if(arg <= 0 || arg > 16) - return WOLFSSL_FAILURE; - - XMEMCPY(ptr, ctx->authTag, arg); - ret = WOLFSSL_SUCCESS; - break; -#endif /* HAVE_AESGCM && !HAVE_SELFTEST && !WC_NO_RNG */ - default: - WOLFSSL_MSG("EVP_CIPHER_CTX_ctrl operation not yet handled"); - ret = WOLFSSL_FAILURE; - } - return ret; - } - - /* WOLFSSL_SUCCESS on ok */ - int wolfSSL_EVP_CIPHER_CTX_cleanup(WOLFSSL_EVP_CIPHER_CTX* ctx) - { - WOLFSSL_ENTER("EVP_CIPHER_CTX_cleanup"); - if (ctx) { - ctx->cipherType = WOLFSSL_EVP_CIPH_TYPE_INIT; /* not yet initialized */ - ctx->keyLen = 0; -#ifdef HAVE_AESGCM - if (ctx->gcmBuffer) { - XFREE(ctx->gcmBuffer, NULL, DYNAMIC_TYPE_OPENSSL); - ctx->gcmBuffer = NULL; - } - ctx->gcmBufferLen = 0; - if (ctx->gcmAuthIn) { - XFREE(ctx->gcmAuthIn, NULL, DYNAMIC_TYPE_OPENSSL); - ctx->gcmAuthIn = NULL; - } - ctx->gcmAuthInSz = 0; -#endif - } - - return WOLFSSL_SUCCESS; - } - - /* Permanent stub for Qt compilation. */ - #if defined(WOLFSSL_QT) && !defined(NO_WOLFSSL_STUB) - const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_rc2_cbc(void) - { - WOLFSSL_ENTER("wolfSSL_EVP_rc2_cbc"); - WOLFSSL_STUB("EVP_rc2_cbc"); - return NULL; - } - #endif - -#if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_PWDBASED) - - int wolfSSL_EVP_BytesToKey(const WOLFSSL_EVP_CIPHER* type, - const WOLFSSL_EVP_MD* md, const byte* salt, - const byte* data, int sz, int count, byte* key, byte* iv) - { - int ret; - int hashType = WC_HASH_TYPE_NONE; - #ifdef WOLFSSL_SMALL_STACK - EncryptedInfo* info; - #else - EncryptedInfo info[1]; - #endif - - #ifdef WOLFSSL_SMALL_STACK - info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL, - DYNAMIC_TYPE_ENCRYPTEDINFO); - if (info == NULL) { - WOLFSSL_MSG("malloc failed"); - return WOLFSSL_FAILURE; - } - #endif - - XMEMSET(info, 0, sizeof(EncryptedInfo)); - - ret = wc_EncryptedInfoGet(info, type); - if (ret < 0) - goto end; - - if (data == NULL) { - ret = info->keySz; - goto end; - } - - ret = wolfSSL_EVP_get_hashinfo(md, &hashType, NULL); - if (ret == WOLFSSL_FAILURE) - goto end; - - ret = wc_PBKDF1_ex(key, info->keySz, iv, info->ivSz, data, sz, salt, - EVP_SALT_SIZE, count, hashType, NULL); - if (ret == 0) - ret = info->keySz; - - end: - #ifdef WOLFSSL_SMALL_STACK - XFREE(info, NULL, DYNAMIC_TYPE_ENCRYPTEDINFO); - #endif - if (ret < 0) - return 0; /* failure - for compatibility */ - - return ret; - } - -#endif /* WOLFSSL_ENCRYPTED_KEYS && !NO_PWDBASED */ - - -#ifndef NO_AES -#if defined(WOLFSSL_AES_128) || defined(WOLFSSL_AES_192) || \ - defined(WOLFSSL_AES_256) - #define AES_SIZE_ANY -#endif - -#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER) || \ - defined(HAVE_AES_ECB) || defined(WOLFSSL_AES_CFB) || \ - defined(WOLFSSSL_AES_OFB) - #define AES_SET_KEY -#endif - -#if defined(AES_SIZE_ANY) && defined(AES_SET_KEY) - static int AesSetKey_ex(Aes* aes, const byte* key, word32 len, - const byte* iv, int dir, int direct) - { - int ret; - /* wc_AesSetKey clear aes.reg if iv == NULL. - Keep IV for openSSL compatibility */ - if (iv == NULL) - XMEMCPY((byte *)aes->tmp, (byte *)aes->reg, AES_BLOCK_SIZE); - if (direct) { - #if defined(WOLFSSL_AES_DIRECT) - ret = wc_AesSetKeyDirect(aes, key, len, iv, dir); - #else - ret = NOT_COMPILED_IN; - #endif - } - else { - ret = wc_AesSetKey(aes, key, len, iv, dir); - } - if (iv == NULL) - XMEMCPY((byte *)aes->reg, (byte *)aes->tmp, AES_BLOCK_SIZE); - return ret; - } -#endif /* AES_ANY_SIZE && AES_SET_KEY */ -#endif /* NO_AES */ - - /* return WOLFSSL_SUCCESS on ok, 0 on failure to match API compatibility */ - int wolfSSL_EVP_CipherInit(WOLFSSL_EVP_CIPHER_CTX* ctx, - const WOLFSSL_EVP_CIPHER* type, const byte* key, - const byte* iv, int enc) - { - int ret = 0; - (void)key; - (void)iv; - (void)enc; - - WOLFSSL_ENTER("wolfSSL_EVP_CipherInit"); - if (ctx == NULL) { - WOLFSSL_MSG("no ctx"); - return WOLFSSL_FAILURE; - } - - if (type == NULL && ctx->cipherType == WOLFSSL_EVP_CIPH_TYPE_INIT) { - WOLFSSL_MSG("no type set"); - return WOLFSSL_FAILURE; - } - if (ctx->cipherType == WOLFSSL_EVP_CIPH_TYPE_INIT){ - /* only first EVP_CipherInit invoke. ctx->cipherType is set below */ - XMEMSET(&ctx->cipher, 0, sizeof(ctx->cipher)); - ctx->flags = 0; - } - /* always clear buffer state */ - ctx->bufUsed = 0; - ctx->lastUsed = 0; - -#ifdef HAVE_WOLFSSL_EVP_CIPHER_CTX_IV - if (!iv && ctx->ivSz) { - iv = ctx->iv; - } -#endif -#ifdef HAVE_AESGCM - if (ctx->gcmAuthIn) { - XFREE(ctx->gcmAuthIn, NULL, DYNAMIC_TYPE_OPENSSL); - ctx->gcmAuthIn = NULL; - } - ctx->gcmAuthInSz = 0; -#endif - -#ifndef NO_AES - #ifdef HAVE_AES_CBC - #ifdef WOLFSSL_AES_128 - if (ctx->cipherType == AES_128_CBC_TYPE || - (type && XSTRNCMP(type, EVP_AES_128_CBC, EVP_AES_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_128_CBC"); - ctx->cipherType = AES_128_CBC_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_CBC_MODE; - ctx->keyLen = 16; - ctx->block_size = AES_BLOCK_SIZE; - ctx->ivSz = AES_BLOCK_SIZE; - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, - ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION, 0); - if (ret != 0) - return WOLFSSL_FAILURE; - } - if (iv && key == NULL) { - ret = wc_AesSetIV(&ctx->cipher.aes, iv); - if (ret != 0) - return WOLFSSL_FAILURE; - } - } - #endif /* WOLFSSL_AES_128 */ - #ifdef WOLFSSL_AES_192 - if (ctx->cipherType == AES_192_CBC_TYPE || - (type && XSTRNCMP(type, EVP_AES_192_CBC, EVP_AES_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_192_CBC"); - ctx->cipherType = AES_192_CBC_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_CBC_MODE; - ctx->keyLen = 24; - ctx->block_size = AES_BLOCK_SIZE; - ctx->ivSz = AES_BLOCK_SIZE; - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, - ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION, 0); - if (ret != 0) - return WOLFSSL_FAILURE; - } - if (iv && key == NULL) { - ret = wc_AesSetIV(&ctx->cipher.aes, iv); - if (ret != 0) - return WOLFSSL_FAILURE; - } - } - #endif /* WOLFSSL_AES_192 */ - #ifdef WOLFSSL_AES_256 - if (ctx->cipherType == AES_256_CBC_TYPE || - (type && XSTRNCMP(type, EVP_AES_256_CBC, EVP_AES_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_256_CBC"); - ctx->cipherType = AES_256_CBC_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_CBC_MODE; - ctx->keyLen = 32; - ctx->block_size = AES_BLOCK_SIZE; - ctx->ivSz = AES_BLOCK_SIZE; - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, - ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION, 0); - if (ret != 0){ - WOLFSSL_MSG("AesSetKey() failed"); - return WOLFSSL_FAILURE; - } - } - if (iv && key == NULL) { - ret = wc_AesSetIV(&ctx->cipher.aes, iv); - if (ret != 0){ - WOLFSSL_MSG("wc_AesSetIV() failed"); - return WOLFSSL_FAILURE; - } - } - } - #endif /* WOLFSSL_AES_256 */ - #endif /* HAVE_AES_CBC */ -#if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ - (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) - #ifdef HAVE_AESGCM - #ifdef WOLFSSL_AES_128 - if (ctx->cipherType == AES_128_GCM_TYPE || - (type && XSTRNCMP(type, EVP_AES_128_GCM, EVP_AES_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_128_GCM"); - ctx->cipherType = AES_128_GCM_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_GCM_MODE; - ctx->keyLen = 16; - ctx->block_size = AES_BLOCK_SIZE; - ctx->authTagSz = AES_BLOCK_SIZE; - ctx->ivSz = GCM_NONCE_MID_SZ; - - if (key && wc_AesGcmSetKey(&ctx->cipher.aes, key, ctx->keyLen)) { - WOLFSSL_MSG("wc_AesGcmSetKey() failed"); - return WOLFSSL_FAILURE; - } - if (iv && wc_AesGcmSetExtIV(&ctx->cipher.aes, iv, GCM_NONCE_MID_SZ)) { - WOLFSSL_MSG("wc_AesGcmSetExtIV() failed"); - return WOLFSSL_FAILURE; - } - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - } - #endif /* WOLFSSL_AES_128 */ - #ifdef WOLFSSL_AES_192 - if (ctx->cipherType == AES_192_GCM_TYPE || - (type && XSTRNCMP(type, EVP_AES_192_GCM, EVP_AES_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_192_GCM"); - ctx->cipherType = AES_192_GCM_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_GCM_MODE; - ctx->keyLen = 24; - ctx->block_size = AES_BLOCK_SIZE; - ctx->authTagSz = AES_BLOCK_SIZE; - ctx->ivSz = GCM_NONCE_MID_SZ; - - if (key && wc_AesGcmSetKey(&ctx->cipher.aes, key, ctx->keyLen)) { - WOLFSSL_MSG("wc_AesGcmSetKey() failed"); - return WOLFSSL_FAILURE; - } - if (iv && wc_AesGcmSetExtIV(&ctx->cipher.aes, iv, GCM_NONCE_MID_SZ)) { - WOLFSSL_MSG("wc_AesGcmSetExtIV() failed"); - return WOLFSSL_FAILURE; - } - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - } - #endif /* WOLFSSL_AES_192 */ - #ifdef WOLFSSL_AES_256 - if (ctx->cipherType == AES_256_GCM_TYPE || - (type && XSTRNCMP(type, EVP_AES_256_GCM, EVP_AES_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_256_GCM"); - ctx->cipherType = AES_256_GCM_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_GCM_MODE; - ctx->keyLen = 32; - ctx->block_size = AES_BLOCK_SIZE; - ctx->authTagSz = AES_BLOCK_SIZE; - ctx->ivSz = GCM_NONCE_MID_SZ; - - if (key && wc_AesGcmSetKey(&ctx->cipher.aes, key, ctx->keyLen)) { - WOLFSSL_MSG("wc_AesGcmSetKey() failed"); - return WOLFSSL_FAILURE; - } - if (iv && wc_AesGcmSetExtIV(&ctx->cipher.aes, iv, GCM_NONCE_MID_SZ)) { - WOLFSSL_MSG("wc_AesGcmSetExtIV() failed"); - return WOLFSSL_FAILURE; - } - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - } - #endif /* WOLFSSL_AES_256 */ - #endif /* HAVE_AESGCM */ -#endif /*!HAVE_FIPS && !HAVE_SELFTEST ||(HAVE_FIPS_VERSION && HAVE_FIPS_VERSION > 2)*/ -#ifdef WOLFSSL_AES_COUNTER - #ifdef WOLFSSL_AES_128 - if (ctx->cipherType == AES_128_CTR_TYPE || - (type && XSTRNCMP(type, EVP_AES_128_CTR, EVP_AES_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_128_CTR"); - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->cipherType = AES_128_CTR_TYPE; - ctx->flags |= WOLFSSL_EVP_CIPH_CTR_MODE; - ctx->keyLen = 16; - ctx->block_size = NO_PADDING_BLOCK_SIZE; - ctx->ivSz = AES_BLOCK_SIZE; -#if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) - ctx->cipher.aes.left = 0; -#endif - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, - AES_ENCRYPTION, 1); - if (ret != 0) - return WOLFSSL_FAILURE; - } - if (iv && key == NULL) { - ret = wc_AesSetIV(&ctx->cipher.aes, iv); - if (ret != 0) - return WOLFSSL_FAILURE; - } - } - #endif /* WOLFSSL_AES_128 */ - #ifdef WOLFSSL_AES_192 - if (ctx->cipherType == AES_192_CTR_TYPE || - (type && XSTRNCMP(type, EVP_AES_192_CTR, EVP_AES_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_192_CTR"); - ctx->cipherType = AES_192_CTR_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_CTR_MODE; - ctx->keyLen = 24; - ctx->block_size = NO_PADDING_BLOCK_SIZE; - ctx->ivSz = AES_BLOCK_SIZE; -#if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) - ctx->cipher.aes.left = 0; -#endif - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, - AES_ENCRYPTION, 1); - if (ret != 0) - return WOLFSSL_FAILURE; - } - if (iv && key == NULL) { - ret = wc_AesSetIV(&ctx->cipher.aes, iv); - if (ret != 0) - return WOLFSSL_FAILURE; - } - } - #endif /* WOLFSSL_AES_192 */ - #ifdef WOLFSSL_AES_256 - if (ctx->cipherType == AES_256_CTR_TYPE || - (type && XSTRNCMP(type, EVP_AES_256_CTR, EVP_AES_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_256_CTR"); - ctx->cipherType = AES_256_CTR_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_CTR_MODE; - ctx->keyLen = 32; - ctx->block_size = NO_PADDING_BLOCK_SIZE; - ctx->ivSz = AES_BLOCK_SIZE; -#if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) - ctx->cipher.aes.left = 0; -#endif - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, - AES_ENCRYPTION, 1); - if (ret != 0) - return WOLFSSL_FAILURE; - } - if (iv && key == NULL) { - ret = wc_AesSetIV(&ctx->cipher.aes, iv); - if (ret != 0) - return WOLFSSL_FAILURE; - } - } - #endif /* WOLFSSL_AES_256 */ -#endif /* WOLFSSL_AES_COUNTER */ - #ifdef HAVE_AES_ECB - #ifdef WOLFSSL_AES_128 - if (ctx->cipherType == AES_128_ECB_TYPE || - (type && XSTRNCMP(type, EVP_AES_128_ECB, EVP_AES_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_128_ECB"); - ctx->cipherType = AES_128_ECB_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_ECB_MODE; - ctx->keyLen = 16; - ctx->block_size = AES_BLOCK_SIZE; - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, NULL, - ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION, 1); - } - if (ret != 0) - return WOLFSSL_FAILURE; - } - #endif /* WOLFSSL_AES_128 */ - #ifdef WOLFSSL_AES_192 - if (ctx->cipherType == AES_192_ECB_TYPE || - (type && XSTRNCMP(type, EVP_AES_192_ECB, EVP_AES_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_192_ECB"); - ctx->cipherType = AES_192_ECB_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_ECB_MODE; - ctx->keyLen = 24; - ctx->block_size = AES_BLOCK_SIZE; - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, NULL, - ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION, 1); - } - if (ret != 0) - return WOLFSSL_FAILURE; - } - #endif /* WOLFSSL_AES_192 */ - #ifdef WOLFSSL_AES_256 - if (ctx->cipherType == AES_256_ECB_TYPE || - (type && XSTRNCMP(type, EVP_AES_256_ECB, EVP_AES_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_256_ECB"); - ctx->cipherType = AES_256_ECB_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_ECB_MODE; - ctx->keyLen = 32; - ctx->block_size = AES_BLOCK_SIZE; - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, NULL, - ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION, 1); - } - if (ret != 0) - return WOLFSSL_FAILURE; - } - #endif /* WOLFSSL_AES_256 */ - #endif /* HAVE_AES_ECB */ - #ifdef WOLFSSL_AES_CFB - #ifdef WOLFSSL_AES_128 - if (ctx->cipherType == AES_128_CFB1_TYPE || - (type && XSTRNCMP(type, EVP_AES_128_CFB1, EVP_AESCFB_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_128_CFB1"); - ctx->cipherType = AES_128_CFB1_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE; - ctx->keyLen = 16; - ctx->block_size = 1; - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, - AES_ENCRYPTION, 0); - if (ret != 0) - return WOLFSSL_FAILURE; - } - if (iv && key == NULL) { - ret = wc_AesSetIV(&ctx->cipher.aes, iv); - if (ret != 0) - return WOLFSSL_FAILURE; - } - } - #endif /* WOLFSSL_AES_128 */ - #ifdef WOLFSSL_AES_192 - if (ctx->cipherType == AES_192_CFB1_TYPE || - (type && XSTRNCMP(type, EVP_AES_192_CFB1, EVP_AESCFB_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_192_CFB1"); - ctx->cipherType = AES_192_CFB1_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE; - ctx->keyLen = 24; - ctx->block_size = 1; - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, - AES_ENCRYPTION, 0); - if (ret != 0) - return WOLFSSL_FAILURE; - } - if (iv && key == NULL) { - ret = wc_AesSetIV(&ctx->cipher.aes, iv); - if (ret != 0) - return WOLFSSL_FAILURE; - } - } - #endif /* WOLFSSL_AES_192 */ - #ifdef WOLFSSL_AES_256 - if (ctx->cipherType == AES_256_CFB1_TYPE || - (type && XSTRNCMP(type, EVP_AES_256_CFB1, EVP_AESCFB_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_256_CFB1"); - ctx->cipherType = AES_256_CFB1_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE; - ctx->keyLen = 32; - ctx->block_size = 1; - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, - AES_ENCRYPTION, 0); - if (ret != 0){ - WOLFSSL_MSG("AesSetKey() failed"); - return WOLFSSL_FAILURE; - } - } - if (iv && key == NULL) { - ret = wc_AesSetIV(&ctx->cipher.aes, iv); - if (ret != 0){ - WOLFSSL_MSG("wc_AesSetIV() failed"); - return WOLFSSL_FAILURE; - } - } - } - #endif /* WOLFSSL_AES_256 */ - #ifdef WOLFSSL_AES_128 - if (ctx->cipherType == AES_128_CFB8_TYPE || - (type && XSTRNCMP(type, EVP_AES_128_CFB8, EVP_AESCFB_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_128_CFB8"); - ctx->cipherType = AES_128_CFB8_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE; - ctx->keyLen = 16; - ctx->block_size = 1; - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, - AES_ENCRYPTION, 0); - if (ret != 0) - return WOLFSSL_FAILURE; - } - if (iv && key == NULL) { - ret = wc_AesSetIV(&ctx->cipher.aes, iv); - if (ret != 0) - return WOLFSSL_FAILURE; - } - } - #endif /* WOLFSSL_AES_128 */ - #ifdef WOLFSSL_AES_192 - if (ctx->cipherType == AES_192_CFB8_TYPE || - (type && XSTRNCMP(type, EVP_AES_192_CFB8, EVP_AESCFB_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_192_CFB8"); - ctx->cipherType = AES_192_CFB8_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE; - ctx->keyLen = 24; - ctx->block_size = 1; - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, - AES_ENCRYPTION, 0); - if (ret != 0) - return WOLFSSL_FAILURE; - } - if (iv && key == NULL) { - ret = wc_AesSetIV(&ctx->cipher.aes, iv); - if (ret != 0) - return WOLFSSL_FAILURE; - } - } - #endif /* WOLFSSL_AES_192 */ - #ifdef WOLFSSL_AES_256 - if (ctx->cipherType == AES_256_CFB8_TYPE || - (type && XSTRNCMP(type, EVP_AES_256_CFB8, EVP_AESCFB_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_256_CFB8"); - ctx->cipherType = AES_256_CFB8_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE; - ctx->keyLen = 32; - ctx->block_size = 1; - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, - AES_ENCRYPTION, 0); - if (ret != 0){ - WOLFSSL_MSG("AesSetKey() failed"); - return WOLFSSL_FAILURE; - } - } - if (iv && key == NULL) { - ret = wc_AesSetIV(&ctx->cipher.aes, iv); - if (ret != 0){ - WOLFSSL_MSG("wc_AesSetIV() failed"); - return WOLFSSL_FAILURE; - } - } - } - #endif /* WOLFSSL_AES_256 */ - #ifdef WOLFSSL_AES_128 - if (ctx->cipherType == AES_128_CFB128_TYPE || - (type && XSTRNCMP(type, EVP_AES_128_CFB128, EVP_AESCFB_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_128_CFB128"); - ctx->cipherType = AES_128_CFB128_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE; - ctx->keyLen = 16; - ctx->block_size = 1; - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, - AES_ENCRYPTION, 0); - if (ret != 0) - return WOLFSSL_FAILURE; - } - if (iv && key == NULL) { - ret = wc_AesSetIV(&ctx->cipher.aes, iv); - if (ret != 0) - return WOLFSSL_FAILURE; - } - } - #endif /* WOLFSSL_AES_128 */ - #ifdef WOLFSSL_AES_192 - if (ctx->cipherType == AES_192_CFB128_TYPE || - (type && XSTRNCMP(type, EVP_AES_192_CFB128, EVP_AESCFB_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_192_CFB128"); - ctx->cipherType = AES_192_CFB128_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE; - ctx->keyLen = 24; - ctx->block_size = 1; - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, - AES_ENCRYPTION, 0); - if (ret != 0) - return WOLFSSL_FAILURE; - } - if (iv && key == NULL) { - ret = wc_AesSetIV(&ctx->cipher.aes, iv); - if (ret != 0) - return WOLFSSL_FAILURE; - } - } - #endif /* WOLFSSL_AES_192 */ - #ifdef WOLFSSL_AES_256 - if (ctx->cipherType == AES_256_CFB128_TYPE || - (type && XSTRNCMP(type, EVP_AES_256_CFB128, EVP_AESCFB_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_256_CFB128"); - ctx->cipherType = AES_256_CFB128_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE; - ctx->keyLen = 32; - ctx->block_size = 1; - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, - AES_ENCRYPTION, 0); - if (ret != 0){ - WOLFSSL_MSG("AesSetKey() failed"); - return WOLFSSL_FAILURE; - } - } - if (iv && key == NULL) { - ret = wc_AesSetIV(&ctx->cipher.aes, iv); - if (ret != 0){ - WOLFSSL_MSG("wc_AesSetIV() failed"); - return WOLFSSL_FAILURE; - } - } - } - #endif /* WOLFSSL_AES_256 */ - #endif /* WOLFSSL_AES_CFB */ - #ifdef WOLFSSL_AES_OFB - #ifdef WOLFSSL_AES_128 - if (ctx->cipherType == AES_128_OFB_TYPE || - (type && XSTRNCMP(type, EVP_AES_128_OFB, EVP_AES_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_128_OFB"); - ctx->cipherType = AES_128_OFB_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_OFB_MODE; - ctx->keyLen = 16; - ctx->block_size = 1; - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, - AES_ENCRYPTION, 0); - if (ret != 0) - return WOLFSSL_FAILURE; - } - if (iv && key == NULL) { - ret = wc_AesSetIV(&ctx->cipher.aes, iv); - if (ret != 0) - return WOLFSSL_FAILURE; - } - } - #endif /* WOLFSSL_AES_128 */ - #ifdef WOLFSSL_AES_192 - if (ctx->cipherType == AES_192_OFB_TYPE || - (type && XSTRNCMP(type, EVP_AES_192_OFB, EVP_AES_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_192_OFB"); - ctx->cipherType = AES_192_OFB_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_OFB_MODE; - ctx->keyLen = 24; - ctx->block_size = 1; - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, - AES_ENCRYPTION, 0); - if (ret != 0) - return WOLFSSL_FAILURE; - } - if (iv && key == NULL) { - ret = wc_AesSetIV(&ctx->cipher.aes, iv); - if (ret != 0) - return WOLFSSL_FAILURE; - } - } - #endif /* WOLFSSL_AES_192 */ - #ifdef WOLFSSL_AES_256 - if (ctx->cipherType == AES_256_OFB_TYPE || - (type && XSTRNCMP(type, EVP_AES_256_OFB, EVP_AES_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_256_OFB"); - ctx->cipherType = AES_256_OFB_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_OFB_MODE; - ctx->keyLen = 32; - ctx->block_size = 1; - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, - AES_ENCRYPTION, 0); - if (ret != 0){ - WOLFSSL_MSG("AesSetKey() failed"); - return WOLFSSL_FAILURE; - } - } - if (iv && key == NULL) { - ret = wc_AesSetIV(&ctx->cipher.aes, iv); - if (ret != 0){ - WOLFSSL_MSG("wc_AesSetIV() failed"); - return WOLFSSL_FAILURE; - } - } - } - #endif /* WOLFSSL_AES_256 */ - #endif /* HAVE_AES_OFB */ - #ifdef WOLFSSL_AES_XTS - #ifdef WOLFSSL_AES_128 - if (ctx->cipherType == AES_128_XTS_TYPE || - (type && XSTRNCMP(type, EVP_AES_128_XTS, EVP_AES_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_128_XTS"); - ctx->cipherType = AES_128_XTS_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_XTS_MODE; - ctx->keyLen = 32; - ctx->block_size = 1; - ctx->ivSz = AES_BLOCK_SIZE; - - if (iv != NULL) { - if (iv != ctx->iv) /* Valgrind error when src == dst */ - XMEMCPY(ctx->iv, iv, ctx->ivSz); - } - else - XMEMSET(ctx->iv, 0, AES_BLOCK_SIZE); - - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = wc_AesXtsSetKey(&ctx->cipher.xts, key, ctx->keyLen, - ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION, NULL, 0); - if (ret != 0) { - WOLFSSL_MSG("wc_AesXtsSetKey() failed"); - return WOLFSSL_FAILURE; - } - } - } - #endif /* WOLFSSL_AES_128 */ - #ifdef WOLFSSL_AES_256 - if (ctx->cipherType == AES_256_XTS_TYPE || - (type && XSTRNCMP(type, EVP_AES_256_XTS, EVP_AES_SIZE) == 0)) { - WOLFSSL_MSG("EVP_AES_256_XTS"); - ctx->cipherType = AES_256_XTS_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_XTS_MODE; - ctx->keyLen = 64; - ctx->block_size = 1; - ctx->ivSz = AES_BLOCK_SIZE; - - if (iv != NULL) { - if (iv != ctx->iv) /* Valgrind error when src == dst */ - XMEMCPY(ctx->iv, iv, ctx->ivSz); - } - else - XMEMSET(ctx->iv, 0, AES_BLOCK_SIZE); - - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = wc_AesXtsSetKey(&ctx->cipher.xts, key, ctx->keyLen, - ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION, NULL, 0); - if (ret != 0) { - WOLFSSL_MSG("wc_AesXtsSetKey() failed"); - return WOLFSSL_FAILURE; - } - } - } - #endif /* WOLFSSL_AES_256 */ - #endif /* HAVE_AES_XTS */ -#endif /* NO_AES */ - -#ifndef NO_DES3 - if (ctx->cipherType == DES_CBC_TYPE || - (type && XSTRNCMP(type, EVP_DES_CBC, EVP_DES_SIZE) == 0)) { - WOLFSSL_MSG("EVP_DES_CBC"); - ctx->cipherType = DES_CBC_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_CBC_MODE; - ctx->keyLen = 8; - ctx->block_size = DES_BLOCK_SIZE; - ctx->ivSz = DES_BLOCK_SIZE; - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = wc_Des_SetKey(&ctx->cipher.des, key, iv, - ctx->enc ? DES_ENCRYPTION : DES_DECRYPTION); - if (ret != 0) - return WOLFSSL_FAILURE; - } - - if (iv && key == NULL) - wc_Des_SetIV(&ctx->cipher.des, iv); - } -#ifdef WOLFSSL_DES_ECB - else if (ctx->cipherType == DES_ECB_TYPE || - (type && XSTRNCMP(type, EVP_DES_ECB, EVP_DES_SIZE) == 0)) { - WOLFSSL_MSG("EVP_DES_ECB"); - ctx->cipherType = DES_ECB_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_ECB_MODE; - ctx->keyLen = 8; - ctx->block_size = DES_BLOCK_SIZE; - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - WOLFSSL_MSG("Des_SetKey"); - ret = wc_Des_SetKey(&ctx->cipher.des, key, NULL, - ctx->enc ? DES_ENCRYPTION : DES_DECRYPTION); - if (ret != 0) - return WOLFSSL_FAILURE; - } - } -#endif - else if (ctx->cipherType == DES_EDE3_CBC_TYPE || - (type && - XSTRNCMP(type, EVP_DES_EDE3_CBC, EVP_DES_EDE3_SIZE) == 0)) { - WOLFSSL_MSG("EVP_DES_EDE3_CBC"); - ctx->cipherType = DES_EDE3_CBC_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_CBC_MODE; - ctx->keyLen = 24; - ctx->block_size = DES_BLOCK_SIZE; - ctx->ivSz = DES_BLOCK_SIZE; - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = wc_Des3_SetKey(&ctx->cipher.des3, key, iv, - ctx->enc ? DES_ENCRYPTION : DES_DECRYPTION); - if (ret != 0) - return WOLFSSL_FAILURE; - } - - if (iv && key == NULL) { - ret = wc_Des3_SetIV(&ctx->cipher.des3, iv); - if (ret != 0) - return WOLFSSL_FAILURE; - } - } - else if (ctx->cipherType == DES_EDE3_ECB_TYPE || - (type && - XSTRNCMP(type, EVP_DES_EDE3_ECB, EVP_DES_EDE3_SIZE) == 0)) { - WOLFSSL_MSG("EVP_DES_EDE3_ECB"); - ctx->cipherType = DES_EDE3_ECB_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_ECB_MODE; - ctx->keyLen = 24; - ctx->block_size = DES_BLOCK_SIZE; - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = wc_Des3_SetKey(&ctx->cipher.des3, key, NULL, - ctx->enc ? DES_ENCRYPTION : DES_DECRYPTION); - if (ret != 0) - return WOLFSSL_FAILURE; - } - } -#endif /* NO_DES3 */ -#ifndef NO_RC4 - if (ctx->cipherType == ARC4_TYPE || - (type && XSTRNCMP(type, EVP_ARC4, 4) == 0)) { - WOLFSSL_MSG("ARC4"); - ctx->cipherType = ARC4_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_STREAM_CIPHER; - ctx->block_size = 1; - if (ctx->keyLen == 0) /* user may have already set */ - ctx->keyLen = 16; /* default to 128 */ - if (key) - wc_Arc4SetKey(&ctx->cipher.arc4, key, ctx->keyLen); - } -#endif /* NO_RC4 */ -#ifdef HAVE_IDEA - if (ctx->cipherType == IDEA_CBC_TYPE || - (type && XSTRNCMP(type, EVP_IDEA_CBC, EVP_IDEA_SIZE) == 0)) { - WOLFSSL_MSG("EVP_IDEA_CBC"); - ctx->cipherType = IDEA_CBC_TYPE; - ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; - ctx->flags |= WOLFSSL_EVP_CIPH_CBC_MODE; - ctx->keyLen = IDEA_KEY_SIZE; - ctx->block_size = 8; - ctx->ivSz = IDEA_BLOCK_SIZE; - if (enc == 0 || enc == 1) - ctx->enc = enc ? 1 : 0; - if (key) { - ret = wc_IdeaSetKey(&ctx->cipher.idea, key, (word16)ctx->keyLen, - iv, ctx->enc ? IDEA_ENCRYPTION : - IDEA_DECRYPTION); - if (ret != 0) - return WOLFSSL_FAILURE; - } - - if (iv && key == NULL) - wc_IdeaSetIV(&ctx->cipher.idea, iv); - } -#endif /* HAVE_IDEA */ - if (ctx->cipherType == NULL_CIPHER_TYPE || - (type && XSTRNCMP(type, EVP_NULL, 4) == 0)) { - WOLFSSL_MSG("NULL cipher"); - ctx->cipherType = NULL_CIPHER_TYPE; - ctx->keyLen = 0; - ctx->block_size = 16; - } -#ifdef HAVE_WOLFSSL_EVP_CIPHER_CTX_IV - if (iv && iv != ctx->iv) { - if (wolfSSL_StoreExternalIV(ctx) != WOLFSSL_SUCCESS) { - return WOLFSSL_FAILURE; - } - } -#endif - (void)ret; /* remove warning. If execution reaches this point, ret=0 */ - return WOLFSSL_SUCCESS; - } - - /* WOLFSSL_SUCCESS on ok */ - int wolfSSL_EVP_CIPHER_CTX_key_length(WOLFSSL_EVP_CIPHER_CTX* ctx) - { - WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_key_length"); - if (ctx) - return ctx->keyLen; - - return 0; /* failure */ - } - - /* WOLFSSL_SUCCESS on ok */ - int wolfSSL_EVP_CIPHER_CTX_set_key_length(WOLFSSL_EVP_CIPHER_CTX* ctx, - int keylen) - { - WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_set_key_length"); - if (ctx) - ctx->keyLen = keylen; - else - return 0; /* failure */ - - return WOLFSSL_SUCCESS; - } -#if defined(HAVE_AESGCM) - /* returns WOLFSSL_SUCCESS on success, otherwise returns WOLFSSL_FAILURE */ - int wolfSSL_EVP_CIPHER_CTX_set_iv_length(WOLFSSL_EVP_CIPHER_CTX* ctx, - int ivLen) - { - WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_set_iv_length"); - if (ctx) - ctx->ivSz= ivLen; - else - return WOLFSSL_FAILURE; - - return WOLFSSL_SUCCESS; - } - - /* returns WOLFSSL_SUCCESS on success, otherwise returns WOLFSSL_FAILURE */ - int wolfSSL_EVP_CIPHER_CTX_set_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* iv, - int ivLen) - { - int expectedIvLen; - - WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_set_iv_length"); - if (!ctx || !iv || !ivLen) { - return WOLFSSL_FAILURE; - } - - expectedIvLen = wolfSSL_EVP_CIPHER_CTX_iv_length(ctx); - - if (expectedIvLen == 0 || expectedIvLen != ivLen) { - WOLFSSL_MSG("Wrong ivLen value"); - return WOLFSSL_FAILURE; - } - - return wolfSSL_EVP_CipherInit(ctx, NULL, NULL, iv, -1); - } -#endif - - /* Return length on ok */ - int wolfSSL_EVP_Cipher(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* dst, byte* src, - word32 len) - { - int ret = 0; - WOLFSSL_ENTER("wolfSSL_EVP_Cipher"); - - if (ctx == NULL || src == NULL || - (dst == NULL && - ctx->cipherType != AES_128_GCM_TYPE && - ctx->cipherType != AES_192_GCM_TYPE && - ctx->cipherType != AES_256_GCM_TYPE)) { - WOLFSSL_MSG("Bad function argument"); - return WOLFSSL_FATAL_ERROR; - } - - if (ctx->cipherType == 0xff) { - WOLFSSL_MSG("no init"); - return WOLFSSL_FATAL_ERROR; - } - - switch (ctx->cipherType) { - -#ifndef NO_AES -#ifdef HAVE_AES_CBC - case AES_128_CBC_TYPE : - case AES_192_CBC_TYPE : - case AES_256_CBC_TYPE : - WOLFSSL_MSG("AES CBC"); - if (ctx->enc) - ret = wc_AesCbcEncrypt(&ctx->cipher.aes, dst, src, len); - else - ret = wc_AesCbcDecrypt(&ctx->cipher.aes, dst, src, len); - if (ret == 0) - ret = (len / AES_BLOCK_SIZE) * AES_BLOCK_SIZE; - break; -#endif /* HAVE_AES_CBC */ - -#ifdef WOLFSSL_AES_CFB -#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) - case AES_128_CFB1_TYPE: - case AES_192_CFB1_TYPE: - case AES_256_CFB1_TYPE: - WOLFSSL_MSG("AES CFB1"); - if (ctx->enc) - ret = wc_AesCfb1Encrypt(&ctx->cipher.aes, dst, src, len); - else - ret = wc_AesCfb1Decrypt(&ctx->cipher.aes, dst, src, len); - if (ret == 0) - ret = len; - break; - case AES_128_CFB8_TYPE: - case AES_192_CFB8_TYPE: - case AES_256_CFB8_TYPE: - WOLFSSL_MSG("AES CFB8"); - if (ctx->enc) - ret = wc_AesCfb8Encrypt(&ctx->cipher.aes, dst, src, len); - else - ret = wc_AesCfb8Decrypt(&ctx->cipher.aes, dst, src, len); - if (ret == 0) - ret = len; - break; -#endif /* !HAVE_SELFTEST && !HAVE_FIPS */ - case AES_128_CFB128_TYPE: - case AES_192_CFB128_TYPE: - case AES_256_CFB128_TYPE: - WOLFSSL_MSG("AES CFB128"); - if (ctx->enc) - ret = wc_AesCfbEncrypt(&ctx->cipher.aes, dst, src, len); - else - ret = wc_AesCfbDecrypt(&ctx->cipher.aes, dst, src, len); - if (ret == 0) - ret = len; - break; -#endif /* WOLFSSL_AES_CFB */ -#if defined(WOLFSSL_AES_OFB) - case AES_128_OFB_TYPE: - case AES_192_OFB_TYPE: - case AES_256_OFB_TYPE: - WOLFSSL_MSG("AES OFB"); - if (ctx->enc) - ret = wc_AesOfbEncrypt(&ctx->cipher.aes, dst, src, len); - else - ret = wc_AesOfbDecrypt(&ctx->cipher.aes, dst, src, len); - if (ret == 0) - ret = len; - break; -#endif /* WOLFSSL_AES_OFB */ -#if defined(WOLFSSL_AES_XTS) - case AES_128_XTS_TYPE: - case AES_256_XTS_TYPE: - WOLFSSL_MSG("AES XTS"); - if (ctx->enc) - ret = wc_AesXtsEncrypt(&ctx->cipher.xts, dst, src, len, - ctx->iv, ctx->ivSz); - else - ret = wc_AesXtsDecrypt(&ctx->cipher.xts, dst, src, len, - ctx->iv, ctx->ivSz); - if (ret == 0) - ret = len; - break; -#endif /* WOLFSSL_AES_XTS */ - -#ifdef HAVE_AESGCM - case AES_128_GCM_TYPE : - case AES_192_GCM_TYPE : - case AES_256_GCM_TYPE : - WOLFSSL_MSG("AES GCM"); - if (!dst) { - ret = wolfSSL_EVP_CipherUpdate_GCM_AAD(ctx, src, len); - } - else { - ret = 0; - if (ctx->gcmAuthIn) { - /* authenticated, non-confidential data*/ - if (ctx->enc) { - XMEMSET(ctx->authTag, 0, ctx->authTagSz); - ret = wc_AesGcmEncrypt(&ctx->cipher.aes, NULL, - NULL, 0, ctx->iv, ctx->ivSz, ctx->authTag, - ctx->authTagSz, ctx->gcmAuthIn, - ctx->gcmAuthInSz); - } - else { - ret = wc_AesGcmDecrypt(&ctx->cipher.aes, NULL, - NULL, 0, ctx->iv, ctx->ivSz, ctx->authTag, - ctx->authTagSz, ctx->gcmAuthIn, - ctx->gcmAuthInSz); - /* Reset partial authTag error for AAD*/ - if (ret == AES_GCM_AUTH_E) - ret = 0; - } - } - - if (ret == 0) { - if (ctx->enc) - /* encrypt confidential data*/ - ret = wc_AesGcmEncrypt(&ctx->cipher.aes, dst, src, - len, ctx->iv, ctx->ivSz, ctx->authTag, - ctx->authTagSz, NULL, 0); - else - /* decrypt confidential data*/ - ret = wc_AesGcmDecrypt(&ctx->cipher.aes, dst, src, - len, ctx->iv, ctx->ivSz, ctx->authTag, - ctx->authTagSz, NULL, 0); - } - } - if (ret == 0) - ret = len; - break; -#endif /* HAVE_AESGCM */ -#ifdef HAVE_AES_ECB - case AES_128_ECB_TYPE : - case AES_192_ECB_TYPE : - case AES_256_ECB_TYPE : - WOLFSSL_MSG("AES ECB"); - if (ctx->enc) - ret = wc_AesEcbEncrypt(&ctx->cipher.aes, dst, src, len); - else - ret = wc_AesEcbDecrypt(&ctx->cipher.aes, dst, src, len); - if (ret == 0) - ret = (len / AES_BLOCK_SIZE) * AES_BLOCK_SIZE; - break; -#endif -#ifdef WOLFSSL_AES_COUNTER - case AES_128_CTR_TYPE : - case AES_192_CTR_TYPE : - case AES_256_CTR_TYPE : - WOLFSSL_MSG("AES CTR"); - ret = wc_AesCtrEncrypt(&ctx->cipher.aes, dst, src, len); - if (ret == 0) - ret = len; - break; -#endif /* WOLFSSL_AES_COUNTER */ -#endif /* NO_AES */ - -#ifndef NO_DES3 - case DES_CBC_TYPE : - WOLFSSL_MSG("DES CBC"); - if (ctx->enc) - wc_Des_CbcEncrypt(&ctx->cipher.des, dst, src, len); - else - wc_Des_CbcDecrypt(&ctx->cipher.des, dst, src, len); - if (ret == 0) - ret = (len / DES_BLOCK_SIZE) * DES_BLOCK_SIZE; - break; - case DES_EDE3_CBC_TYPE : - WOLFSSL_MSG("DES3 CBC"); - if (ctx->enc) - ret = wc_Des3_CbcEncrypt(&ctx->cipher.des3, dst, src, len); - else - ret = wc_Des3_CbcDecrypt(&ctx->cipher.des3, dst, src, len); - if (ret == 0) - ret = (len / DES_BLOCK_SIZE) * DES_BLOCK_SIZE; - break; -#ifdef WOLFSSL_DES_ECB - case DES_ECB_TYPE : - WOLFSSL_MSG("DES ECB"); - ret = wc_Des_EcbEncrypt(&ctx->cipher.des, dst, src, len); - if (ret == 0) - ret = (len / DES_BLOCK_SIZE) * DES_BLOCK_SIZE; - break; - case DES_EDE3_ECB_TYPE : - WOLFSSL_MSG("DES3 ECB"); - ret = wc_Des3_EcbEncrypt(&ctx->cipher.des3, dst, src, len); - if (ret == 0) - ret = (len / DES_BLOCK_SIZE) * DES_BLOCK_SIZE; - break; -#endif -#endif /* !NO_DES3 */ - -#ifndef NO_RC4 - case ARC4_TYPE : - WOLFSSL_MSG("ARC4"); - wc_Arc4Process(&ctx->cipher.arc4, dst, src, len); - if (ret == 0) - ret = len; - break; -#endif - -#ifdef HAVE_IDEA - case IDEA_CBC_TYPE : - WOLFSSL_MSG("IDEA CBC"); - if (ctx->enc) - wc_IdeaCbcEncrypt(&ctx->cipher.idea, dst, src, len); - else - wc_IdeaCbcDecrypt(&ctx->cipher.idea, dst, src, len); - if (ret == 0) - ret = (len / IDEA_BLOCK_SIZE) * IDEA_BLOCK_SIZE; - break; -#endif - case NULL_CIPHER_TYPE : - WOLFSSL_MSG("NULL CIPHER"); - XMEMCPY(dst, src, len); - ret = len; - break; - - default: { - WOLFSSL_MSG("bad type"); - return WOLFSSL_FATAL_ERROR; - } - } - - if (ret < 0) { - WOLFSSL_MSG("wolfSSL_EVP_Cipher failure"); - return WOLFSSL_FATAL_ERROR; - } - - if (wolfSSL_StoreExternalIV(ctx) != WOLFSSL_SUCCESS) { - return WOLFSSL_FATAL_ERROR; - } - - WOLFSSL_MSG("wolfSSL_EVP_Cipher success"); - return ret; - } - - /* WOLFSSL_SUCCESS on ok */ - int wolfSSL_EVP_DigestInit(WOLFSSL_EVP_MD_CTX* ctx, - const WOLFSSL_EVP_MD* md) - { - int ret = WOLFSSL_SUCCESS; - - WOLFSSL_ENTER("EVP_DigestInit"); - - if (ctx == NULL || md == NULL) { - return BAD_FUNC_ARG; - } - - - #ifdef WOLFSSL_ASYNC_CRYPT - /* compile-time validation of ASYNC_CTX_SIZE */ - typedef char async_test[WC_ASYNC_DEV_SIZE >= sizeof(WC_ASYNC_DEV) ? - 1 : -1]; - (void)sizeof(async_test); - #endif - - /* Set to 0 if no match */ - ctx->macType = wolfSSL_EVP_md2macType(md); - if (XSTRNCMP(md, "SHA256", 6) == 0) { - ret = wolfSSL_SHA256_Init(&(ctx->hash.digest.sha256)); - } - #ifdef WOLFSSL_SHA224 - else if (XSTRNCMP(md, "SHA224", 6) == 0) { - ret = wolfSSL_SHA224_Init(&(ctx->hash.digest.sha224)); - } - #endif - #ifdef WOLFSSL_SHA384 - else if (XSTRNCMP(md, "SHA384", 6) == 0) { - ret = wolfSSL_SHA384_Init(&(ctx->hash.digest.sha384)); - } - #endif - #ifdef WOLFSSL_SHA512 - else if (XSTRNCMP(md, "SHA512", 6) == 0) { - ret = wolfSSL_SHA512_Init(&(ctx->hash.digest.sha512)); - } - #endif - #ifndef NO_MD4 - else if (XSTRNCMP(md, "MD4", 3) == 0) { - wolfSSL_MD4_Init(&(ctx->hash.digest.md4)); - } - #endif - #ifndef NO_MD5 - else if (XSTRNCMP(md, "MD5", 3) == 0) { - ret = wolfSSL_MD5_Init(&(ctx->hash.digest.md5)); - } - #endif -#ifdef WOLFSSL_SHA3 - #ifndef WOLFSSL_NOSHA3_224 - else if (XSTRNCMP(md, "SHA3_224", 8) == 0) { - ret = wolfSSL_SHA3_224_Init(&(ctx->hash.digest.sha3_224)); - } - #endif - #ifndef WOLFSSL_NOSHA3_256 - else if (XSTRNCMP(md, "SHA3_256", 8) == 0) { - ret = wolfSSL_SHA3_256_Init(&(ctx->hash.digest.sha3_256)); - } - #endif - else if (XSTRNCMP(md, "SHA3_384", 8) == 0) { - ret = wolfSSL_SHA3_384_Init(&(ctx->hash.digest.sha3_384)); - } - #ifndef WOLFSSL_NOSHA3_512 - else if (XSTRNCMP(md, "SHA3_512", 8) == 0) { - ret = wolfSSL_SHA3_512_Init(&(ctx->hash.digest.sha3_512)); - } - #endif -#endif - #ifndef NO_SHA - /* has to be last since would pick or 224, 256, 384, or 512 too */ - else if (XSTRNCMP(md, "SHA", 3) == 0) { - ret = wolfSSL_SHA_Init(&(ctx->hash.digest.sha)); - } - #endif /* NO_SHA */ - else { - ctx->macType = WC_HASH_TYPE_NONE; - return BAD_FUNC_ARG; - } - - return ret; - } - - /* WOLFSSL_SUCCESS on ok, WOLFSSL_FAILURE on failure */ - int wolfSSL_EVP_DigestUpdate(WOLFSSL_EVP_MD_CTX* ctx, const void* data, - size_t sz) - { - int ret = WOLFSSL_FAILURE; - enum wc_HashType macType; - - WOLFSSL_ENTER("EVP_DigestUpdate"); - - macType = wolfSSL_EVP_md2macType(EVP_MD_CTX_md(ctx)); - switch (macType) { - case WC_HASH_TYPE_MD4: - #ifndef NO_MD4 - wolfSSL_MD4_Update((MD4_CTX*)&ctx->hash, data, - (unsigned long)sz); - ret = WOLFSSL_SUCCESS; - #endif - break; - case WC_HASH_TYPE_MD5: - #ifndef NO_MD5 - ret = wolfSSL_MD5_Update((MD5_CTX*)&ctx->hash, data, - (unsigned long)sz); - #endif - break; - case WC_HASH_TYPE_SHA: - #ifndef NO_SHA - ret = wolfSSL_SHA_Update((SHA_CTX*)&ctx->hash, data, - (unsigned long)sz); - #endif - break; - case WC_HASH_TYPE_SHA224: - #ifdef WOLFSSL_SHA224 - ret = wolfSSL_SHA224_Update((SHA224_CTX*)&ctx->hash, data, - (unsigned long)sz); - #endif - break; - case WC_HASH_TYPE_SHA256: - #ifndef NO_SHA256 - ret = wolfSSL_SHA256_Update((SHA256_CTX*)&ctx->hash, data, - (unsigned long)sz); - #endif /* !NO_SHA256 */ - break; - case WC_HASH_TYPE_SHA384: - #ifdef WOLFSSL_SHA384 - ret = wolfSSL_SHA384_Update((SHA384_CTX*)&ctx->hash, data, - (unsigned long)sz); - #endif - break; - case WC_HASH_TYPE_SHA512: - #ifdef WOLFSSL_SHA512 - ret = wolfSSL_SHA512_Update((SHA512_CTX*)&ctx->hash, data, - (unsigned long)sz); - #endif /* WOLFSSL_SHA512 */ - break; - case WC_HASH_TYPE_SHA3_224: - #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224) - ret = wolfSSL_SHA3_224_Update((SHA3_224_CTX*)&ctx->hash, data, - (unsigned long)sz); - #endif - break; - case WC_HASH_TYPE_SHA3_256: - #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) - ret = wolfSSL_SHA3_256_Update((SHA3_256_CTX*)&ctx->hash, data, - (unsigned long)sz); - #endif - break; - case WC_HASH_TYPE_SHA3_384: - #if defined(WOLFSSL_SHA3) - ret = wolfSSL_SHA3_384_Update((SHA3_384_CTX*)&ctx->hash, data, - (unsigned long)sz); - #endif - break; - case WC_HASH_TYPE_SHA3_512: - #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512) - ret = wolfSSL_SHA3_512_Update((SHA3_512_CTX*)&ctx->hash, data, - (unsigned long)sz); - #endif - break; - case WC_HASH_TYPE_NONE: - case WC_HASH_TYPE_MD2: - case WC_HASH_TYPE_MD5_SHA: - case WC_HASH_TYPE_BLAKE2B: - case WC_HASH_TYPE_BLAKE2S: - default: - return WOLFSSL_FAILURE; - } - - return ret; - } - - /* WOLFSSL_SUCCESS on ok */ - int wolfSSL_EVP_DigestFinal(WOLFSSL_EVP_MD_CTX* ctx, unsigned char* md, - unsigned int* s) - { - int ret = WOLFSSL_FAILURE; - enum wc_HashType macType; - - WOLFSSL_ENTER("EVP_DigestFinal"); - macType = wolfSSL_EVP_md2macType(EVP_MD_CTX_md(ctx)); - switch (macType) { - case WC_HASH_TYPE_MD4: - #ifndef NO_MD4 - wolfSSL_MD4_Final(md, (MD4_CTX*)&ctx->hash); - if (s) *s = MD4_DIGEST_SIZE; - ret = WOLFSSL_SUCCESS; - #endif - break; - case WC_HASH_TYPE_MD5: - #ifndef NO_MD5 - ret = wolfSSL_MD5_Final(md, (MD5_CTX*)&ctx->hash); - if (s) *s = WC_MD5_DIGEST_SIZE; - #endif - break; - case WC_HASH_TYPE_SHA: - #ifndef NO_SHA - ret = wolfSSL_SHA_Final(md, (SHA_CTX*)&ctx->hash); - if (s) *s = WC_SHA_DIGEST_SIZE; - #endif - break; - case WC_HASH_TYPE_SHA224: - #ifdef WOLFSSL_SHA224 - ret = wolfSSL_SHA224_Final(md, (SHA224_CTX*)&ctx->hash); - if (s) *s = WC_SHA224_DIGEST_SIZE; - #endif - break; - case WC_HASH_TYPE_SHA256: - #ifndef NO_SHA256 - ret = wolfSSL_SHA256_Final(md, (SHA256_CTX*)&ctx->hash); - if (s) *s = WC_SHA256_DIGEST_SIZE; - #endif /* !NO_SHA256 */ - break; - case WC_HASH_TYPE_SHA384: - #ifdef WOLFSSL_SHA384 - ret = wolfSSL_SHA384_Final(md, (SHA384_CTX*)&ctx->hash); - if (s) *s = WC_SHA384_DIGEST_SIZE; - #endif - break; - case WC_HASH_TYPE_SHA512: - #ifdef WOLFSSL_SHA512 - ret = wolfSSL_SHA512_Final(md, (SHA512_CTX*)&ctx->hash); - if (s) *s = WC_SHA512_DIGEST_SIZE; - #endif /* WOLFSSL_SHA512 */ - break; - case WC_HASH_TYPE_SHA3_224: - #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224) - ret = wolfSSL_SHA3_224_Final(md, (SHA3_224_CTX*)&ctx->hash); - if (s) *s = WC_SHA3_224_DIGEST_SIZE; - #endif - break; - case WC_HASH_TYPE_SHA3_256: - #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) - ret = wolfSSL_SHA3_256_Final(md, (SHA3_256_CTX*)&ctx->hash); - if (s) *s = WC_SHA3_256_DIGEST_SIZE; - #endif - break; - case WC_HASH_TYPE_SHA3_384: - #if defined(WOLFSSL_SHA3) - ret = wolfSSL_SHA3_384_Final(md, (SHA3_384_CTX*)&ctx->hash); - if (s) *s = WC_SHA3_384_DIGEST_SIZE; - #endif - break; - case WC_HASH_TYPE_SHA3_512: - #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512) - ret = wolfSSL_SHA3_512_Final(md, (SHA3_512_CTX*)&ctx->hash); - if (s) *s = WC_SHA3_512_DIGEST_SIZE; - #endif - break; - case WC_HASH_TYPE_NONE: - case WC_HASH_TYPE_MD2: - case WC_HASH_TYPE_MD5_SHA: - case WC_HASH_TYPE_BLAKE2B: - case WC_HASH_TYPE_BLAKE2S: - default: - return WOLFSSL_FAILURE; - } - - return ret; - } - - /* WOLFSSL_SUCCESS on ok */ - int wolfSSL_EVP_DigestFinal_ex(WOLFSSL_EVP_MD_CTX* ctx, unsigned char* md, - unsigned int* s) - { - WOLFSSL_ENTER("EVP_DigestFinal_ex"); - return EVP_DigestFinal(ctx, md, s); - } - - void wolfSSL_EVP_cleanup(void) - { - /* nothing to do here */ - } - -const WOLFSSL_EVP_MD* wolfSSL_EVP_get_digestbynid(int id) -{ - WOLFSSL_MSG("wolfSSL_get_digestbynid"); - - switch(id) { -#ifndef NO_MD5 - case NID_md5: - return wolfSSL_EVP_md5(); -#endif -#ifndef NO_SHA - case NID_sha1: - return wolfSSL_EVP_sha1(); -#endif - default: - WOLFSSL_MSG("Bad digest id value"); - } - - return NULL; -} - -#ifndef NO_RSA -WOLFSSL_RSA* wolfSSL_EVP_PKEY_get0_RSA(WOLFSSL_EVP_PKEY *pkey) -{ - if (!pkey) { - return NULL; - } - return pkey->rsa; -} - -WOLFSSL_RSA* wolfSSL_EVP_PKEY_get1_RSA(WOLFSSL_EVP_PKEY* key) -{ - WOLFSSL_RSA* local; - - WOLFSSL_MSG("wolfSSL_EVP_PKEY_get1_RSA"); - - if (key == NULL) { - return NULL; - } - - local = wolfSSL_RSA_new(); - if (local == NULL) { - WOLFSSL_MSG("Error creating a new WOLFSSL_RSA structure"); - return NULL; - } - - if (key->type == EVP_PKEY_RSA) { - if (wolfSSL_RSA_LoadDer(local, (const unsigned char*)key->pkey.ptr, - key->pkey_sz) != SSL_SUCCESS) { - /* now try public key */ - if (wolfSSL_RSA_LoadDer_ex(local, - (const unsigned char*)key->pkey.ptr, key->pkey_sz, - WOLFSSL_RSA_LOAD_PUBLIC) != SSL_SUCCESS) { - wolfSSL_RSA_free(local); - local = NULL; - } - } - } - else { - WOLFSSL_MSG("WOLFSSL_EVP_PKEY does not hold an RSA key"); - wolfSSL_RSA_free(local); - local = NULL; - } - return local; -} - -/* with set1 functions the pkey struct does not own the RSA structure - * - * returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure - */ -int wolfSSL_EVP_PKEY_set1_RSA(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_RSA *key) -{ -#if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA) - int derMax = 0; - int derSz = 0; - byte* derBuf = NULL; - RsaKey* rsa = NULL; -#endif - WOLFSSL_ENTER("wolfSSL_EVP_PKEY_set1_RSA"); - if ((pkey == NULL) || (key == NULL)) - return WOLFSSL_FAILURE; - - if (pkey->rsa != NULL && pkey->ownRsa == 1) { - wolfSSL_RSA_free(pkey->rsa); - } - pkey->rsa = key; - pkey->ownRsa = 0; /* pkey does not own RSA */ - pkey->type = EVP_PKEY_RSA; - if (key->inSet == 0) { - if (SetRsaInternal(key) != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("SetRsaInternal failed"); - return WOLFSSL_FAILURE; - } - } - -#if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA) - rsa = (RsaKey*)key->internal; - /* 5 > size of n, d, p, q, d%(p-1), d(q-1), 1/q%p, e + ASN.1 additional - * information */ - derMax = 5 * wolfSSL_RSA_size(key) + (2 * AES_BLOCK_SIZE); - - derBuf = (byte*)XMALLOC(derMax, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (derBuf == NULL) { - WOLFSSL_MSG("malloc failed"); - return WOLFSSL_FAILURE; - } - - if (rsa->type == RSA_PRIVATE) { - /* Private key to DER */ - derSz = wc_RsaKeyToDer(rsa, derBuf, derMax); - } - else { - /* Public key to DER */ - derSz = wc_RsaKeyToPublicDer(rsa, derBuf, derMax); - } - - if (derSz < 0) { - if (rsa->type == RSA_PRIVATE) { - WOLFSSL_MSG("wc_RsaKeyToDer failed"); - } - else { - WOLFSSL_MSG("wc_RsaKeyToPublicDer failed"); - } - XFREE(derBuf, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER); - return WOLFSSL_FAILURE; - } - - pkey->pkey.ptr = (char*)XMALLOC(derSz, pkey->heap, DYNAMIC_TYPE_DER); - if (pkey->pkey.ptr == NULL) { - WOLFSSL_MSG("key malloc failed"); - XFREE(derBuf, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER); - return WOLFSSL_FAILURE; - } - pkey->pkey_sz = derSz; - XMEMCPY(pkey->pkey.ptr, derBuf, derSz); - XFREE(derBuf, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER); -#endif /* WOLFSSL_KEY_GEN && !HAVE_USER_RSA */ - -#ifdef WC_RSA_BLINDING - if (key->ownRng == 0) { - if (wc_RsaSetRNG((RsaKey*)(pkey->rsa->internal), &(pkey->rng)) != 0) { - WOLFSSL_MSG("Error setting RSA rng"); - return WOLFSSL_FAILURE; - } - } -#endif - return WOLFSSL_SUCCESS; -} -#endif /* !NO_RSA */ - -#if !defined (NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN) -/* with set1 functions the pkey struct does not own the DSA structure - * - * returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure - */ -int wolfSSL_EVP_PKEY_set1_DSA(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_DSA *key) -{ - int derMax = 0; - int derSz = 0; - DsaKey* dsa = NULL; - byte* derBuf = NULL; - - WOLFSSL_ENTER("wolfSSL_EVP_PKEY_set1_DSA"); - - if((pkey == NULL) || (key == NULL))return WOLFSSL_FAILURE; - if (pkey->dsa != NULL && pkey->ownDsa == 1) { - wolfSSL_DSA_free(pkey->dsa); - } - pkey->dsa = key; - pkey->ownDsa = 0; /* pkey does not own DSA */ - pkey->type = EVP_PKEY_DSA; - if (key->inSet == 0) { - if (SetDsaInternal(key) != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("SetDsaInternal failed"); - return WOLFSSL_FAILURE; - } - } - dsa = (DsaKey*)key->internal; - - /* 4 > size of pub, priv, p, q, g + ASN.1 additional information */ - derMax = 4 * wolfSSL_BN_num_bytes(key->g) + AES_BLOCK_SIZE; - - derBuf = (byte*)XMALLOC(derMax, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (derBuf == NULL) { - WOLFSSL_MSG("malloc failed"); - return WOLFSSL_FAILURE; - } - - if (dsa->type == DSA_PRIVATE) { - /* Private key to DER */ - derSz = wc_DsaKeyToDer(dsa, derBuf, derMax); - } - else { - /* Public key to DER */ - derSz = wc_DsaKeyToPublicDer(dsa, derBuf, derMax); - } - - if (derSz < 0) { - if (dsa->type == DSA_PRIVATE) { - WOLFSSL_MSG("wc_DsaKeyToDer failed"); - } - else { - WOLFSSL_MSG("wc_DsaKeyToPublicDer failed"); - } - XFREE(derBuf, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER); - return WOLFSSL_FAILURE; - } - - pkey->pkey.ptr = (char*)XMALLOC(derSz, pkey->heap, DYNAMIC_TYPE_DER); - if (pkey->pkey.ptr == NULL) { - WOLFSSL_MSG("key malloc failed"); - XFREE(derBuf, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER); - return WOLFSSL_FAILURE; - } - pkey->pkey_sz = derSz; - XMEMCPY(pkey->pkey.ptr, derBuf, derSz); - XFREE(derBuf, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER); - - return WOLFSSL_SUCCESS; -} - -WOLFSSL_DSA* wolfSSL_EVP_PKEY_get0_DSA(struct WOLFSSL_EVP_PKEY *pkey) -{ - if (!pkey) { - return NULL; - } - return pkey->dsa; -} - -WOLFSSL_DSA* wolfSSL_EVP_PKEY_get1_DSA(WOLFSSL_EVP_PKEY* key) -{ - WOLFSSL_DSA* local; - - WOLFSSL_ENTER("wolfSSL_EVP_PKEY_get1_DSA"); - - if (key == NULL) { - WOLFSSL_MSG("Bad function argument"); - return NULL; - } - - local = wolfSSL_DSA_new(); - if (local == NULL) { - WOLFSSL_MSG("Error creating a new WOLFSSL_DSA structure"); - return NULL; - } - - if (key->type == EVP_PKEY_DSA) { - if (wolfSSL_DSA_LoadDer(local, (const unsigned char*)key->pkey.ptr, - key->pkey_sz) != SSL_SUCCESS) { - /* now try public key */ - if (wolfSSL_DSA_LoadDer_ex(local, - (const unsigned char*)key->pkey.ptr, key->pkey_sz, - WOLFSSL_DSA_LOAD_PUBLIC) != SSL_SUCCESS) { - wolfSSL_DSA_free(local); - local = NULL; - } - } - } - else { - WOLFSSL_MSG("WOLFSSL_EVP_PKEY does not hold a DSA key"); - wolfSSL_DSA_free(local); - local = NULL; - } - return local; -} -#endif /* !NO_DSA && !HAVE_SELFTEST && WOLFSSL_KEY_GEN */ - -#ifdef HAVE_ECC -WOLFSSL_EC_KEY *wolfSSL_EVP_PKEY_get0_EC_KEY(WOLFSSL_EVP_PKEY *pkey) -{ - WOLFSSL_EC_KEY *eckey = NULL; - if (pkey) { -#ifdef HAVE_ECC - eckey = pkey->ecc; -#endif - } - return eckey; -} - -WOLFSSL_EC_KEY* wolfSSL_EVP_PKEY_get1_EC_KEY(WOLFSSL_EVP_PKEY* key) -{ - WOLFSSL_EC_KEY* local; - WOLFSSL_ENTER("wolfSSL_EVP_PKEY_get1_EC_KEY"); - - if (key == NULL) { - return NULL; - } - - local = wolfSSL_EC_KEY_new(); - if (local == NULL) { - WOLFSSL_MSG("Error creating a new WOLFSSL_EC_KEY structure"); - return NULL; - } - - if (key->type == EVP_PKEY_EC) { - if (wolfSSL_EC_KEY_LoadDer(local, (const unsigned char*)key->pkey.ptr, - key->pkey_sz) != SSL_SUCCESS) { - /* now try public key */ - if (wolfSSL_EC_KEY_LoadDer_ex(local, - (const unsigned char*)key->pkey.ptr, - key->pkey_sz, WOLFSSL_EC_KEY_LOAD_PUBLIC) != SSL_SUCCESS) { - - wolfSSL_EC_KEY_free(local); - local = NULL; - } - } - } - else { - WOLFSSL_MSG("WOLFSSL_EVP_PKEY does not hold an EC key"); - wolfSSL_EC_KEY_free(local); - local = NULL; - } -#ifdef OPENSSL_ALL - if (!local && key->ecc) { - local = wolfSSL_EC_KEY_dup(key->ecc); - } -#endif - return local; -} -#endif /* HAVE_ECC */ - -#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) -#if !defined(NO_DH) && !defined(NO_FILESYSTEM) -#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) -/* with set1 functions the pkey struct does not own the DH structure - * Build the following DH Key format from the passed in WOLFSSL_DH - * then store in WOLFSSL_EVP_PKEY in DER format. - * - * returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure - */ -int wolfSSL_EVP_PKEY_set1_DH(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_DH *key) -{ - byte havePublic = 0, havePrivate = 0; - int ret; - word32 derSz = 0; - byte* derBuf = NULL; - DhKey* dhkey = NULL; - - WOLFSSL_ENTER("wolfSSL_EVP_PKEY_set1_DH"); - - if (pkey == NULL || key == NULL) - return WOLFSSL_FAILURE; - - if (pkey->dh != NULL && pkey->ownDh == 1) - wolfSSL_DH_free(pkey->dh); - - pkey->dh = key; - pkey->ownDh = 0; /* pkey does not own DH */ - pkey->type = EVP_PKEY_DH; - if (key->inSet == 0) { - if (SetDhInternal(key) != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("SetDhInternal failed"); - return WOLFSSL_FAILURE; - } - } - - dhkey = (DhKey*)key->internal; - - havePublic = mp_unsigned_bin_size(&dhkey->pub) > 0; - havePrivate = mp_unsigned_bin_size(&dhkey->priv) > 0; - - /* Get size of DER buffer only */ - if (havePublic && !havePrivate) { - ret = wc_DhPubKeyToDer(dhkey, NULL, &derSz); - } else if (havePrivate && !havePublic) { - ret = wc_DhPrivKeyToDer(dhkey, NULL, &derSz); - } else { - ret = wc_DhParamsToDer(dhkey,NULL,&derSz); - } - - if (derSz <= 0 || ret != LENGTH_ONLY_E) { - WOLFSSL_MSG("Failed to get size of DH Key"); - return WOLFSSL_FAILURE; - } - - derBuf = (byte*)XMALLOC(derSz, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (derBuf == NULL) { - WOLFSSL_MSG("malloc failed"); - return WOLFSSL_FAILURE; - } - - /* Fill DER buffer */ - if (havePublic && !havePrivate) { - ret = wc_DhPubKeyToDer(dhkey, derBuf, &derSz); - } else if (havePrivate && !havePublic) { - ret = wc_DhPrivKeyToDer(dhkey, derBuf, &derSz); - } else { - ret = wc_DhParamsToDer(dhkey,derBuf,&derSz); - } - - if (ret <= 0) { - WOLFSSL_MSG("Failed to export DH Key"); - XFREE(derBuf, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER); - return WOLFSSL_FAILURE; - } - - /* Store DH key into pkey (DER format) */ - pkey->pkey.ptr = (char*)derBuf; - pkey->pkey_sz = derSz; - - return WOLFSSL_SUCCESS; -} -#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ - -WOLFSSL_DH* wolfSSL_EVP_PKEY_get0_DH(WOLFSSL_EVP_PKEY* key) -{ - if (!key) { - return NULL; - } - return key->dh; -} - -#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) -WOLFSSL_DH* wolfSSL_EVP_PKEY_get1_DH(WOLFSSL_EVP_PKEY* key) -{ - WOLFSSL_DH* local = NULL; - - WOLFSSL_ENTER("wolfSSL_EVP_PKEY_get1_DH"); - - if (key == NULL || key->dh == NULL) { - WOLFSSL_MSG("Bad function argument"); - return NULL; - } - - if (key->type == EVP_PKEY_DH) { - local = wolfSSL_DH_new(); - if (local == NULL) { - WOLFSSL_MSG("Error creating a new WOLFSSL_DH structure"); - return NULL; - } - - if (wolfSSL_DH_LoadDer(local, (const unsigned char*)key->pkey.ptr, - key->pkey_sz) != SSL_SUCCESS) { - wolfSSL_DH_free(local); - WOLFSSL_MSG("Error wolfSSL_DH_LoadDer"); - local = NULL; - } - } - else { - WOLFSSL_MSG("WOLFSSL_EVP_PKEY does not hold a DH key"); - wolfSSL_DH_free(local); - return NULL; - } - - return local; -} -#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ -#endif /* NO_DH && NO_FILESYSTEM */ - -int wolfSSL_EVP_PKEY_assign(WOLFSSL_EVP_PKEY *pkey, int type, void *key) -{ - int ret; - - WOLFSSL_ENTER("wolfSSL_EVP_PKEY_assign"); - - /* pkey and key checked if NULL in subsequent assign functions */ - switch(type) { - #ifndef NO_RSA - case EVP_PKEY_RSA: - ret = wolfSSL_EVP_PKEY_assign_RSA(pkey, (WOLFSSL_RSA*)key); - break; - #endif - #ifndef NO_DSA - case EVP_PKEY_DSA: - ret = wolfSSL_EVP_PKEY_assign_DSA(pkey, (WOLFSSL_DSA*)key); - break; - #endif - #ifdef HAVE_ECC - case EVP_PKEY_EC: - ret = wolfSSL_EVP_PKEY_assign_EC_KEY(pkey, (WOLFSSL_EC_KEY*)key); - break; - #endif - #ifndef NO_DH - case EVP_PKEY_DH: - ret = wolfSSL_EVP_PKEY_assign_DH(pkey, (WOLFSSL_DH*)key); - break; - #endif - default: - WOLFSSL_MSG("Unknown EVP_PKEY type in wolfSSL_EVP_PKEY_assign."); - ret = WOLFSSL_FAILURE; - } - - return ret; -} -#endif /* WOLFSSL_QT || OPENSSL_ALL */ - -#if defined(HAVE_ECC) -/* try and populate public pkey_sz and pkey.ptr */ -static void ECC_populate_EVP_PKEY(EVP_PKEY* pkey, ecc_key* ecc) -{ - int ret; - if (!pkey || !ecc) - return; - if ((ret = wc_EccPublicKeyDerSize(ecc, 1)) > 0) { - int derSz = ret; - char* derBuf = (char*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (derBuf) { - ret = wc_EccPublicKeyToDer(ecc, (byte*)derBuf, derSz, 1); - if (ret >= 0) { - if (pkey->pkey.ptr) { - XFREE(pkey->pkey.ptr, NULL, DYNAMIC_TYPE_OPENSSL); - } - pkey->pkey_sz = ret; - pkey->pkey.ptr = derBuf; - } - else { /* failure - okay to ignore */ - XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); - derBuf = NULL; - } - } - } -} - -WOLFSSL_API int wolfSSL_EVP_PKEY_set1_EC_KEY(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_EC_KEY *key) -{ -#ifdef HAVE_ECC - if((pkey == NULL) || (key ==NULL))return WOLFSSL_FAILURE; - WOLFSSL_ENTER("wolfSSL_EVP_PKEY_set1_EC_KEY"); -#ifndef NO_RSA - if (pkey->rsa != NULL && pkey->ownRsa == 1) { - wolfSSL_RSA_free(pkey->rsa); - } - pkey->ownRsa = 0; -#endif -#ifndef NO_DSA - if (pkey->dsa != NULL && pkey->ownDsa == 1) { - wolfSSL_DSA_free(pkey->dsa); - } - pkey->ownDsa = 0; -#endif -#ifndef NO_DH - if (pkey->dh != NULL && pkey->ownDh == 1) { - wolfSSL_DH_free(pkey->dh); - } - pkey->ownDh = 0; -#endif - if (pkey->ecc != NULL && pkey->ownEcc == 1) { - wolfSSL_EC_KEY_free(pkey->ecc); - } - pkey->ecc = key; - pkey->ownEcc = 0; /* pkey does not own EC key */ - pkey->type = EVP_PKEY_EC; - ECC_populate_EVP_PKEY(pkey, (ecc_key*)key->internal); - return WOLFSSL_SUCCESS; -#else - (void)pkey; - (void)key; - return WOLFSSL_FAILURE; -#endif -} - -void* wolfSSL_EVP_X_STATE(const WOLFSSL_EVP_CIPHER_CTX* ctx) -{ - WOLFSSL_MSG("wolfSSL_EVP_X_STATE"); - - if (ctx) { - switch (ctx->cipherType) { - case ARC4_TYPE: - WOLFSSL_MSG("returning arc4 state"); - return (void*)&ctx->cipher.arc4.x; - - default: - WOLFSSL_MSG("bad x state type"); - return 0; - } - } - - return NULL; -} -int wolfSSL_EVP_PKEY_assign_EC_KEY(EVP_PKEY* pkey, WOLFSSL_EC_KEY* key) -{ - if (pkey == NULL || key == NULL) - return WOLFSSL_FAILURE; - - pkey->type = EVP_PKEY_EC; - pkey->ecc = key; - pkey->ownEcc = 1; - - /* try and populate public pkey_sz and pkey.ptr */ - ECC_populate_EVP_PKEY(pkey, (ecc_key*)key->internal); - - return WOLFSSL_SUCCESS; -} -#endif /* HAVE_ECC */ - -#ifndef NO_WOLFSSL_STUB -const WOLFSSL_EVP_MD* wolfSSL_EVP_ripemd160(void) -{ - WOLFSSL_MSG("wolfSSL_ripemd160"); - WOLFSSL_STUB("EVP_ripemd160"); - return NULL; -} -#endif - - -int wolfSSL_EVP_MD_block_size(const WOLFSSL_EVP_MD* type) -{ - WOLFSSL_MSG("wolfSSL_EVP_MD_block_size"); - - if (type == NULL) { - WOLFSSL_MSG("No md type arg"); - return BAD_FUNC_ARG; - } - - if (XSTRNCMP(type, "SHA256", 6) == 0) { - return WC_SHA256_BLOCK_SIZE; - } -#ifndef NO_MD5 - else if (XSTRNCMP(type, "MD5", 3) == 0) { - return WC_MD5_BLOCK_SIZE; - } -#endif -#ifdef WOLFSSL_SHA224 - else if (XSTRNCMP(type, "SHA224", 6) == 0) { - return WC_SHA224_BLOCK_SIZE; - } -#endif -#ifdef WOLFSSL_SHA384 - else if (XSTRNCMP(type, "SHA384", 6) == 0) { - return WC_SHA384_BLOCK_SIZE; - } -#endif -#ifdef WOLFSSL_SHA512 - else if (XSTRNCMP(type, "SHA512", 6) == 0) { - return WC_SHA512_BLOCK_SIZE; - } -#endif -#ifndef NO_SHA - /* has to be last since would pick or 256, 384, or 512 too */ - else if (XSTRNCMP(type, "SHA", 3) == 0) { - return WC_SHA_BLOCK_SIZE; - } -#endif - - return BAD_FUNC_ARG; -} - -int wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* type) -{ - WOLFSSL_MSG("wolfSSL_EVP_MD_size"); - - if (type == NULL) { - WOLFSSL_MSG("No md type arg"); - return BAD_FUNC_ARG; - } - - if (XSTRNCMP(type, "SHA256", 6) == 0) { - return WC_SHA256_DIGEST_SIZE; - } -#ifndef NO_MD5 - else if (XSTRNCMP(type, "MD5", 3) == 0) { - return WC_MD5_DIGEST_SIZE; - } -#endif -#ifdef WOLFSSL_SHA224 - else if (XSTRNCMP(type, "SHA224", 6) == 0) { - return WC_SHA224_DIGEST_SIZE; - } -#endif -#ifdef WOLFSSL_SHA384 - else if (XSTRNCMP(type, "SHA384", 6) == 0) { - return WC_SHA384_DIGEST_SIZE; - } -#endif -#ifdef WOLFSSL_SHA512 - else if (XSTRNCMP(type, "SHA512", 6) == 0) { - return WC_SHA512_DIGEST_SIZE; - } -#endif -#ifndef NO_SHA - /* has to be last since would pick or 256, 384, or 512 too */ - else if (XSTRNCMP(type, "SHA", 3) == 0) { - return WC_SHA_DIGEST_SIZE; - } -#endif - - return BAD_FUNC_ARG; -} - - -int wolfSSL_EVP_CIPHER_CTX_iv_length(const WOLFSSL_EVP_CIPHER_CTX* ctx) -{ - WOLFSSL_MSG("wolfSSL_EVP_CIPHER_CTX_iv_length"); - - switch (ctx->cipherType) { - -#ifdef HAVE_AES_CBC - case AES_128_CBC_TYPE : - case AES_192_CBC_TYPE : - case AES_256_CBC_TYPE : - WOLFSSL_MSG("AES CBC"); - return AES_BLOCK_SIZE; -#endif -#if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ - (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) -#ifdef HAVE_AESGCM - case AES_128_GCM_TYPE : - case AES_192_GCM_TYPE : - case AES_256_GCM_TYPE : - WOLFSSL_MSG("AES GCM"); - return GCM_NONCE_MID_SZ; -#endif -#endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION > 2 */ -#ifdef WOLFSSL_AES_COUNTER - case AES_128_CTR_TYPE : - case AES_192_CTR_TYPE : - case AES_256_CTR_TYPE : - WOLFSSL_MSG("AES CTR"); - return AES_BLOCK_SIZE; -#endif -#ifndef NO_DES3 - case DES_CBC_TYPE : - WOLFSSL_MSG("DES CBC"); - return DES_BLOCK_SIZE; - - case DES_EDE3_CBC_TYPE : - WOLFSSL_MSG("DES EDE3 CBC"); - return DES_BLOCK_SIZE; -#endif -#ifdef HAVE_IDEA - case IDEA_CBC_TYPE : - WOLFSSL_MSG("IDEA CBC"); - return IDEA_BLOCK_SIZE; -#endif -#ifndef NO_RC4 - case ARC4_TYPE : - WOLFSSL_MSG("ARC4"); - return 0; -#endif -#ifdef WOLFSSL_AES_CFB -#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) - case AES_128_CFB1_TYPE: - case AES_192_CFB1_TYPE: - case AES_256_CFB1_TYPE: - WOLFSSL_MSG("AES CFB1"); - return AES_BLOCK_SIZE; - case AES_128_CFB8_TYPE: - case AES_192_CFB8_TYPE: - case AES_256_CFB8_TYPE: - WOLFSSL_MSG("AES CFB8"); - return AES_BLOCK_SIZE; -#endif /* !HAVE_SELFTEST && !HAVE_FIPS */ - case AES_128_CFB128_TYPE: - case AES_192_CFB128_TYPE: - case AES_256_CFB128_TYPE: - WOLFSSL_MSG("AES CFB128"); - return AES_BLOCK_SIZE; -#endif /* WOLFSSL_AES_CFB */ -#if defined(WOLFSSL_AES_OFB) - case AES_128_OFB_TYPE: - case AES_192_OFB_TYPE: - case AES_256_OFB_TYPE: - WOLFSSL_MSG("AES OFB"); - return AES_BLOCK_SIZE; -#endif /* WOLFSSL_AES_OFB */ -#ifdef WOLFSSL_AES_XTS - case AES_128_XTS_TYPE: - case AES_256_XTS_TYPE: - WOLFSSL_MSG("AES XTS"); - return AES_BLOCK_SIZE; -#endif /* WOLFSSL_AES_XTS */ - - case NULL_CIPHER_TYPE : - WOLFSSL_MSG("NULL"); - return 0; - - default: { - WOLFSSL_MSG("bad type"); - } - } - return 0; -} - -int wolfSSL_EVP_CIPHER_iv_length(const WOLFSSL_EVP_CIPHER* cipher) -{ - const char *name = (const char *)cipher; - WOLFSSL_MSG("wolfSSL_EVP_CIPHER_iv_length"); - -#ifndef NO_AES -#ifdef HAVE_AES_CBC - #ifdef WOLFSSL_AES_128 - if (XSTRNCMP(name, EVP_AES_128_CBC, XSTRLEN(EVP_AES_128_CBC)) == 0) - return AES_BLOCK_SIZE; - #endif - #ifdef WOLFSSL_AES_192 - if (XSTRNCMP(name, EVP_AES_192_CBC, XSTRLEN(EVP_AES_192_CBC)) == 0) - return AES_BLOCK_SIZE; - #endif - #ifdef WOLFSSL_AES_256 - if (XSTRNCMP(name, EVP_AES_256_CBC, XSTRLEN(EVP_AES_256_CBC)) == 0) - return AES_BLOCK_SIZE; - #endif -#endif /* HAVE_AES_CBC */ -#if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ - (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) -#ifdef HAVE_AESGCM - #ifdef WOLFSSL_AES_128 - if (XSTRNCMP(name, EVP_AES_128_GCM, XSTRLEN(EVP_AES_128_GCM)) == 0) - return GCM_NONCE_MID_SZ; - #endif - #ifdef WOLFSSL_AES_192 - if (XSTRNCMP(name, EVP_AES_192_GCM, XSTRLEN(EVP_AES_192_GCM)) == 0) - return GCM_NONCE_MID_SZ; - #endif - #ifdef WOLFSSL_AES_256 - if (XSTRNCMP(name, EVP_AES_256_GCM, XSTRLEN(EVP_AES_256_GCM)) == 0) - return GCM_NONCE_MID_SZ; - #endif -#endif /* HAVE_AESGCM */ -#endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION > 2 */ -#ifdef WOLFSSL_AES_COUNTER - #ifdef WOLFSSL_AES_128 - if (XSTRNCMP(name, EVP_AES_128_CTR, XSTRLEN(EVP_AES_128_CTR)) == 0) - return AES_BLOCK_SIZE; - #endif - #ifdef WOLFSSL_AES_192 - if (XSTRNCMP(name, EVP_AES_192_CTR, XSTRLEN(EVP_AES_192_CTR)) == 0) - return AES_BLOCK_SIZE; - #endif - #ifdef WOLFSSL_AES_256 - if (XSTRNCMP(name, EVP_AES_256_CTR, XSTRLEN(EVP_AES_256_CTR)) == 0) - return AES_BLOCK_SIZE; - #endif -#endif -#ifdef WOLFSSL_AES_XTS - #ifdef WOLFSSL_AES_128 - if (XSTRNCMP(name, EVP_AES_128_XTS, XSTRLEN(EVP_AES_128_XTS)) == 0) - return AES_BLOCK_SIZE; - #endif /* WOLFSSL_AES_128 */ - - #ifdef WOLFSSL_AES_256 - if (XSTRNCMP(name, EVP_AES_256_XTS, XSTRLEN(EVP_AES_256_XTS)) == 0) - return AES_BLOCK_SIZE; - #endif /* WOLFSSL_AES_256 */ -#endif /* WOLFSSL_AES_XTS */ - -#endif - -#ifndef NO_DES3 - if ((XSTRNCMP(name, EVP_DES_CBC, XSTRLEN(EVP_DES_CBC)) == 0) || - (XSTRNCMP(name, EVP_DES_EDE3_CBC, XSTRLEN(EVP_DES_EDE3_CBC)) == 0)) { - return DES_BLOCK_SIZE; - } -#endif - -#ifdef HAVE_IDEA - if (XSTRNCMP(name, EVP_IDEA_CBC, XSTRLEN(EVP_IDEA_CBC)) == 0) - return IDEA_BLOCK_SIZE; -#endif - - (void)name; - - return 0; -} - - -int wolfSSL_EVP_X_STATE_LEN(const WOLFSSL_EVP_CIPHER_CTX* ctx) -{ - WOLFSSL_MSG("wolfSSL_EVP_X_STATE_LEN"); - - if (ctx) { - switch (ctx->cipherType) { - case ARC4_TYPE: - WOLFSSL_MSG("returning arc4 state size"); - return sizeof(Arc4); - - default: - WOLFSSL_MSG("bad x state type"); - return 0; - } - } - - return 0; -} - - -/* return of pkey->type which will be EVP_PKEY_RSA for example. - * - * type type of EVP_PKEY - * - * returns type or if type is not found then NID_undef - */ -int wolfSSL_EVP_PKEY_type(int type) -{ - WOLFSSL_MSG("wolfSSL_EVP_PKEY_type"); - - switch (type) { - case EVP_PKEY_RSA: - return EVP_PKEY_RSA; - case EVP_PKEY_DSA: - return EVP_PKEY_DSA; - case EVP_PKEY_EC: - return EVP_PKEY_EC; - case EVP_PKEY_DH: - return EVP_PKEY_DH; - default: - return NID_undef; - } -} - - -int wolfSSL_EVP_PKEY_id(const EVP_PKEY *pkey) -{ - if (pkey != NULL) - return pkey->type; - return 0; -} - - -int wolfSSL_EVP_PKEY_base_id(const EVP_PKEY *pkey) -{ - if (pkey == NULL) - return NID_undef; - return wolfSSL_EVP_PKEY_type(pkey->type); -} - - -/* increments ref count of WOLFSSL_EVP_PKEY. Return 1 on success, 0 on error */ -int wolfSSL_EVP_PKEY_up_ref(WOLFSSL_EVP_PKEY* pkey) -{ - if (pkey) { - if (wc_LockMutex(&pkey->refMutex) != 0) { - WOLFSSL_MSG("Failed to lock pkey mutex"); - } - pkey->references++; - wc_UnLockMutex(&pkey->refMutex); - - return 1; - } - - return 0; -} - -#ifndef NO_RSA -int wolfSSL_EVP_PKEY_assign_RSA(EVP_PKEY* pkey, WOLFSSL_RSA* key) -{ - if (pkey == NULL || key == NULL) - return WOLFSSL_FAILURE; - - pkey->type = EVP_PKEY_RSA; - pkey->rsa = key; - pkey->ownRsa = 1; - - /* try and populate public pkey_sz and pkey.ptr */ - if (key->internal) { - RsaKey* rsa = (RsaKey*)key->internal; - int ret = wc_RsaPublicKeyDerSize(rsa, 1); - if (ret > 0) { - int derSz = ret; - char* derBuf = (char*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (derBuf) { - ret = wc_RsaKeyToPublicDer(rsa, (byte*)derBuf, derSz); - if (ret >= 0) { - pkey->pkey_sz = ret; - pkey->pkey.ptr = derBuf; - } - else { /* failure - okay to ignore */ - XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); - derBuf = NULL; - } - } - } - } - - return WOLFSSL_SUCCESS; -} -#endif /* !NO_RSA */ - -#ifndef NO_DSA -int wolfSSL_EVP_PKEY_assign_DSA(EVP_PKEY* pkey, WOLFSSL_DSA* key) -{ - if (pkey == NULL || key == NULL) - return WOLFSSL_FAILURE; - - pkey->type = EVP_PKEY_DSA; - pkey->dsa = key; - pkey->ownDsa = 1; - - return WOLFSSL_SUCCESS; -} -#endif /* !NO_DSA */ - -#ifndef NO_DH -int wolfSSL_EVP_PKEY_assign_DH(EVP_PKEY* pkey, WOLFSSL_DH* key) -{ - if (pkey == NULL || key == NULL) - return WOLFSSL_FAILURE; - - pkey->type = EVP_PKEY_DH; - pkey->dh = key; - pkey->ownDh = 1; - - return WOLFSSL_SUCCESS; -} -#endif /* !NO_DH */ - -#endif /* OPENSSL_EXTRA */ - -#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) -/* Subset of OPENSSL_EXTRA for PKEY operations PKEY free is needed by the - * subset of X509 API */ - -WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new(void){ - return wolfSSL_EVP_PKEY_new_ex(NULL); -} - -WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_ex(void* heap) -{ - WOLFSSL_EVP_PKEY* pkey; - int ret; - WOLFSSL_ENTER("wolfSSL_EVP_PKEY_new_ex"); - pkey = (WOLFSSL_EVP_PKEY*)XMALLOC(sizeof(WOLFSSL_EVP_PKEY), heap, - DYNAMIC_TYPE_PUBLIC_KEY); - if (pkey != NULL) { - XMEMSET(pkey, 0, sizeof(WOLFSSL_EVP_PKEY)); - pkey->heap = heap; - pkey->type = WOLFSSL_EVP_PKEY_DEFAULT; -#ifndef HAVE_FIPS - ret = wc_InitRng_ex(&pkey->rng, heap, INVALID_DEVID); -#else - ret = wc_InitRng(&pkey->rng); -#endif - pkey->references = 1; - wc_InitMutex(&pkey->refMutex); /* init of mutex needs to come before - * wolfSSL_EVP_PKEY_free */ - if (ret != 0){ - wolfSSL_EVP_PKEY_free(pkey); - WOLFSSL_MSG("memory failure"); - return NULL; - } - } - else { - WOLFSSL_MSG("memory failure"); - } - - return pkey; -} - -void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY* key) -{ - int doFree = 0; - WOLFSSL_ENTER("wolfSSL_EVP_PKEY_free"); - if (key != NULL) { - if (wc_LockMutex(&key->refMutex) != 0) { - WOLFSSL_MSG("Couldn't lock pkey mutex"); - } - - /* only free if all references to it are done */ - key->references--; - if (key->references == 0) { - doFree = 1; - } - wc_UnLockMutex(&key->refMutex); - - if (doFree) { - wc_FreeRng(&key->rng); - - if (key->pkey.ptr != NULL) { - XFREE(key->pkey.ptr, key->heap, DYNAMIC_TYPE_PUBLIC_KEY); - key->pkey.ptr = NULL; - } - switch(key->type) - { - #ifndef NO_RSA - case EVP_PKEY_RSA: - if (key->rsa != NULL && key->ownRsa == 1) { - wolfSSL_RSA_free(key->rsa); - key->rsa = NULL; - } - break; - #endif /* NO_RSA */ - - #if defined(HAVE_ECC) && defined(OPENSSL_EXTRA) - case EVP_PKEY_EC: - if (key->ecc != NULL && key->ownEcc == 1) { - wolfSSL_EC_KEY_free(key->ecc); - key->ecc = NULL; - } - break; - #endif /* HAVE_ECC && OPENSSL_EXTRA */ - - #ifndef NO_DSA - case EVP_PKEY_DSA: - if (key->dsa != NULL && key->ownDsa == 1) { - wolfSSL_DSA_free(key->dsa); - key->dsa = NULL; - } - break; - #endif /* NO_DSA */ - - #if !defined(NO_DH) && (defined(WOLFSSL_QT) || defined(OPENSSL_ALL)) - case EVP_PKEY_DH: - if (key->dh != NULL && key->ownDh == 1) { - wolfSSL_DH_free(key->dh); - key->dh = NULL; - } - break; - #endif /* ! NO_DH ... */ - - default: - break; - } - - if (wc_FreeMutex(&key->refMutex) != 0) { - WOLFSSL_MSG("Couldn't free pkey mutex"); - } - XFREE(key, key->heap, DYNAMIC_TYPE_PUBLIC_KEY); - } - } -} - -#if !defined(NO_PWDBASED) -int wolfSSL_EVP_get_hashinfo(const WOLFSSL_EVP_MD* evp, - int* pHash, int* pHashSz) -{ - enum wc_HashType hash = WC_HASH_TYPE_NONE; - int hashSz; - - if (XSTRLEN(evp) < 3) { - /* do not try comparing strings if size is too small */ - return WOLFSSL_FAILURE; - } - - if (XSTRNCMP("SHA", evp, 3) == 0) { - if (XSTRLEN(evp) > 3) { - #ifndef NO_SHA256 - if (XSTRNCMP("SHA256", evp, 6) == 0) { - hash = WC_HASH_TYPE_SHA256; - } - else - #endif - #ifdef WOLFSSL_SHA384 - if (XSTRNCMP("SHA384", evp, 6) == 0) { - hash = WC_HASH_TYPE_SHA384; - } - else - #endif - #ifdef WOLFSSL_SHA512 - if (XSTRNCMP("SHA512", evp, 6) == 0) { - hash = WC_HASH_TYPE_SHA512; - } - else - #endif - { - WOLFSSL_MSG("Unknown SHA hash"); - } - } - else { - hash = WC_HASH_TYPE_SHA; - } - } -#ifdef WOLFSSL_MD2 - else if (XSTRNCMP("MD2", evp, 3) == 0) { - hash = WC_HASH_TYPE_MD2; - } -#endif -#ifndef NO_MD4 - else if (XSTRNCMP("MD4", evp, 3) == 0) { - hash = WC_HASH_TYPE_MD4; - } -#endif -#ifndef NO_MD5 - else if (XSTRNCMP("MD5", evp, 3) == 0) { - hash = WC_HASH_TYPE_MD5; - } -#endif - - if (pHash) - *pHash = hash; - - hashSz = wc_HashGetDigestSize(hash); - if (pHashSz) - *pHashSz = hashSz; - - if (hashSz < 0) { - return WOLFSSL_FAILURE; - } - - return WOLFSSL_SUCCESS; -} -#endif /* !defined(NO_PWDBASED) */ - -#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ - -#endif /* WOLFSSL_EVP_INCLUDED */