- Timestamp:
- Jun 22, 2021, 9:00:19 PM (3 years ago)
- Location:
- azure_iot_hub_f767zi/trunk/wolfssl-4.7.0
- Files:
-
- 1 edited
- 1 moved
Legend:
- Unmodified
- Added
- Removed
-
azure_iot_hub_f767zi/trunk/wolfssl-4.7.0/wolfcrypt/src/evp.c
r457 r464 20 20 */ 21 21 22 23 #ifdef HAVE_CONFIG_H 24 #include <config.h> 25 #endif 26 27 #include <wolfssl/wolfcrypt/settings.h> 28 22 29 #if !defined(WOLFSSL_EVP_INCLUDED) 23 30 #ifndef WOLFSSL_IGNORE_FILE_WARN … … 27 34 #else 28 35 29 #ifdef HAVE_CONFIG_H 30 #include <config.h> 31 #endif 32 33 #include <wolfssl/wolfcrypt/settings.h> 36 #if defined(OPENSSL_EXTRA) 37 38 #if !defined(HAVE_PKCS7) && \ 39 ((defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \ 40 (HAVE_FIPS_VERSION == 2)) || defined(HAVE_SELFTEST)) 41 #include <wolfssl/wolfcrypt/aes.h> 42 #endif 43 34 44 35 45 #include <wolfssl/openssl/ecdsa.h> 36 46 #include <wolfssl/openssl/evp.h> 37 38 #if defined(OPENSSL_EXTRA)39 47 40 48 #ifndef NO_AES 41 49 #ifdef HAVE_AES_CBC 42 50 #ifdef WOLFSSL_AES_128 43 static c har *EVP_AES_128_CBC = NULL;51 static const char EVP_AES_128_CBC[] = "AES-128-CBC"; 44 52 #endif 45 53 #ifdef WOLFSSL_AES_192 46 static c har *EVP_AES_192_CBC = NULL;54 static const char EVP_AES_192_CBC[] = "AES-192-CBC"; 47 55 #endif 48 56 #ifdef WOLFSSL_AES_256 49 static c har *EVP_AES_256_CBC = NULL;57 static const char EVP_AES_256_CBC[] = "AES-256-CBC"; 50 58 #endif 51 59 #endif /* HAVE_AES_CBC */ … … 53 61 #ifdef WOLFSSL_AES_OFB 54 62 #ifdef WOLFSSL_AES_128 55 static c har *EVP_AES_128_OFB = NULL;63 static const char EVP_AES_128_OFB[] = "AES-128-OFB"; 56 64 #endif 57 65 #ifdef WOLFSSL_AES_192 58 static c har *EVP_AES_192_OFB = NULL;66 static const char EVP_AES_192_OFB[] = "AES-192-OFB"; 59 67 #endif 60 68 #ifdef WOLFSSL_AES_256 61 static c har *EVP_AES_256_OFB = NULL;69 static const char EVP_AES_256_OFB[] = "AES-256-OFB"; 62 70 #endif 63 71 #endif /* WOLFSSL_AES_OFB */ … … 65 73 #ifdef WOLFSSL_AES_XTS 66 74 #ifdef WOLFSSL_AES_128 67 static c har *EVP_AES_128_XTS = NULL;75 static const char EVP_AES_128_XTS[] = "AES-128-XTS"; 68 76 #endif 69 77 #ifdef WOLFSSL_AES_256 70 static c har *EVP_AES_256_XTS = NULL;78 static const char EVP_AES_256_XTS[] = "AES-256-XTS"; 71 79 #endif 72 80 #endif /* WOLFSSL_AES_XTS */ … … 74 82 #ifdef WOLFSSL_AES_CFB 75 83 #ifdef WOLFSSL_AES_128 76 static c har *EVP_AES_128_CFB1 = NULL;84 static const char EVP_AES_128_CFB1[] = "AES-128-CFB1"; 77 85 #endif 78 86 #ifdef WOLFSSL_AES_192 79 static c har *EVP_AES_192_CFB1 = NULL;87 static const char EVP_AES_192_CFB1[] = "AES-192-CFB1"; 80 88 #endif 81 89 #ifdef WOLFSSL_AES_256 82 static c har *EVP_AES_256_CFB1 = NULL;90 static const char EVP_AES_256_CFB1[] = "AES-256-CFB1"; 83 91 #endif 84 92 85 93 #ifdef WOLFSSL_AES_128 86 static c har *EVP_AES_128_CFB8 = NULL;94 static const char EVP_AES_128_CFB8[] = "AES-128-CFB8"; 87 95 #endif 88 96 #ifdef WOLFSSL_AES_192 89 static c har *EVP_AES_192_CFB8 = NULL;97 static const char EVP_AES_192_CFB8[] = "AES-192-CFB8"; 90 98 #endif 91 99 #ifdef WOLFSSL_AES_256 92 static c har *EVP_AES_256_CFB8 = NULL;100 static const char EVP_AES_256_CFB8[] = "AES-256-CFB8"; 93 101 #endif 94 102 95 103 #ifdef WOLFSSL_AES_128 96 static c har *EVP_AES_128_CFB128 = NULL;104 static const char EVP_AES_128_CFB128[] = "AES-128-CFB128"; 97 105 #endif 98 106 #ifdef WOLFSSL_AES_192 99 static c har *EVP_AES_192_CFB128 = NULL;107 static const char EVP_AES_192_CFB128[] = "AES-192-CFB128"; 100 108 #endif 101 109 #ifdef WOLFSSL_AES_256 102 static c har *EVP_AES_256_CFB128 = NULL;110 static const char EVP_AES_256_CFB128[] = "AES-256-CFB128"; 103 111 #endif 104 112 #endif /* WOLFSSL_AES_CFB */ … … 106 114 #ifdef HAVE_AESGCM 107 115 #ifdef WOLFSSL_AES_128 108 static c har *EVP_AES_128_GCM = NULL;116 static const char EVP_AES_128_GCM[] = "AES-128-GCM"; 109 117 #endif 110 118 #ifdef WOLFSSL_AES_192 111 static c har *EVP_AES_192_GCM = NULL;119 static const char EVP_AES_192_GCM[] = "AES-192-GCM"; 112 120 #endif 113 121 #ifdef WOLFSSL_AES_256 114 static c har *EVP_AES_256_GCM = NULL;122 static const char EVP_AES_256_GCM[] = "AES-256-GCM"; 115 123 #endif 116 124 #endif /* HAVE_AESGCM */ 125 126 #ifdef WOLFSSL_AES_COUNTER 117 127 #ifdef WOLFSSL_AES_128 118 static c har *EVP_AES_128_CTR = NULL;128 static const char EVP_AES_128_CTR[] = "AES-128-CTR"; 119 129 #endif 120 130 #ifdef WOLFSSL_AES_192 121 static c har *EVP_AES_192_CTR = NULL;131 static const char EVP_AES_192_CTR[] = "AES-192-CTR"; 122 132 #endif 123 133 #ifdef WOLFSSL_AES_256 124 static char *EVP_AES_256_CTR = NULL; 125 #endif 126 134 static const char EVP_AES_256_CTR[] = "AES-256-CTR"; 135 #endif 136 #endif 137 138 #ifdef HAVE_AES_ECB 127 139 #ifdef WOLFSSL_AES_128 128 static c har *EVP_AES_128_ECB = NULL;140 static const char EVP_AES_128_ECB[] = "AES-128-ECB"; 129 141 #endif 130 142 #ifdef WOLFSSL_AES_192 131 static c har *EVP_AES_192_ECB = NULL;143 static const char EVP_AES_192_ECB[] = "AES-192-ECB"; 132 144 #endif 133 145 #ifdef WOLFSSL_AES_256 134 static char *EVP_AES_256_ECB = NULL; 146 static const char EVP_AES_256_ECB[] = "AES-256-ECB"; 147 #endif 135 148 #endif 136 149 #define EVP_AES_SIZE 11 … … 141 154 142 155 #ifndef NO_DES3 143 static c har *EVP_DES_CBC = NULL;144 static c har *EVP_DES_ECB = NULL;145 146 static c har *EVP_DES_EDE3_CBC = NULL;147 static c har *EVP_DES_EDE3_ECB = NULL;156 static const char EVP_DES_CBC[] = "DES-CBC"; 157 static const char EVP_DES_ECB[] = "DES-ECB"; 158 159 static const char EVP_DES_EDE3_CBC[] = "DES-EDE3-CBC"; 160 static const char EVP_DES_EDE3_ECB[] = "DES-EDE3-ECB"; 148 161 149 162 #define EVP_DES_SIZE 7 … … 152 165 153 166 #ifdef HAVE_IDEA 154 static c har *EVP_IDEA_CBC;167 static const char EVP_IDEA_CBC[] = "IDEA-CBC"; 155 168 #define EVP_IDEA_SIZE 8 156 169 #endif 170 171 #ifndef NO_RC4 172 static const char EVP_ARC4[] = "ARC4"; 173 #define EVP_ARC4_SIZE 4 174 #endif 175 176 static const char EVP_NULL[] = "NULL"; 177 #define EVP_NULL_SIZE 4 178 157 179 158 180 static unsigned int cipherType(const WOLFSSL_EVP_CIPHER *cipher); … … 200 222 #endif 201 223 #if defined(WOLFSSL_AES_XTS) 202 case AES_128_XTS_TYPE: return 16; 203 case AES_256_XTS_TYPE: return 32; 224 /* Two keys for XTS. */ 225 case AES_128_XTS_TYPE: return 16 * 2; 226 case AES_256_XTS_TYPE: return 32 * 2; 204 227 #endif 205 228 #if defined(HAVE_AESGCM) … … 418 441 break; 419 442 #endif 420 #if defined(HAVE_AESGCM)421 case AES_128_GCM_TYPE:422 case AES_192_GCM_TYPE:423 case AES_256_GCM_TYPE:424 if (ctx->enc) {425 if (out){426 /* encrypt confidential data*/427 ret = wc_AesGcmEncrypt(&ctx->cipher.aes, out, in, inl,428 ctx->iv, ctx->ivSz, ctx->authTag, ctx->authTagSz,429 NULL, 0);430 }431 else {432 /* authenticated, non-confidential data */433 ret = wc_AesGcmEncrypt(&ctx->cipher.aes, NULL, NULL, 0,434 ctx->iv, ctx->ivSz, ctx->authTag, ctx->authTagSz,435 in, inl);436 /* Reset partial authTag error for AAD*/437 if (ret == AES_GCM_AUTH_E)438 ret = 0;439 }440 }441 else {442 if (out){443 /* decrypt confidential data*/444 ret = wc_AesGcmDecrypt(&ctx->cipher.aes, out, in, inl,445 ctx->iv, ctx->ivSz, ctx->authTag, ctx->authTagSz,446 NULL, 0);447 }448 else {449 /* authenticated, non-confidential data*/450 ret = wc_AesGcmDecrypt(&ctx->cipher.aes, NULL, NULL, 0,451 ctx->iv, ctx->ivSz,452 ctx->authTag, ctx->authTagSz,453 in, inl);454 /* Reset partial authTag error for AAD*/455 if (ret == AES_GCM_AUTH_E)456 ret = 0;457 }458 }459 break;460 #endif461 443 #if defined(WOLFSSL_AES_COUNTER) 462 444 case AES_128_CTR_TYPE: … … 572 554 573 555 #if defined(HAVE_AESGCM) 556 static int wolfSSL_EVP_CipherUpdate_GCM_AAD(WOLFSSL_EVP_CIPHER_CTX *ctx, 557 const unsigned char *in, int inl) { 558 if (in && inl > 0) { 559 byte* tmp = (byte*)XREALLOC(ctx->gcmAuthIn, 560 ctx->gcmAuthInSz + inl, NULL, DYNAMIC_TYPE_OPENSSL); 561 if (tmp) { 562 ctx->gcmAuthIn = tmp; 563 XMEMCPY(ctx->gcmAuthIn + ctx->gcmAuthInSz, in, inl); 564 ctx->gcmAuthInSz += inl; 565 } 566 else { 567 WOLFSSL_MSG("realloc error"); 568 return MEMORY_E; 569 } 570 } 571 return 0; 572 } 573 574 574 static int wolfSSL_EVP_CipherUpdate_GCM(WOLFSSL_EVP_CIPHER_CTX *ctx, 575 575 unsigned char *out, int *outl, 576 576 const unsigned char *in, int inl) 577 577 { 578 /* process blocks */ 579 if (evpCipherBlock(ctx, out, in, inl) == 0) 578 int ret = 0; 579 580 *outl = inl; 581 if (out) { 582 /* Buffer input for one-shot API */ 583 if (inl > 0) { 584 byte* tmp; 585 tmp = (byte*)XREALLOC(ctx->gcmBuffer, 586 ctx->gcmBufferLen + inl, NULL, 587 DYNAMIC_TYPE_OPENSSL); 588 if (tmp) { 589 XMEMCPY(tmp + ctx->gcmBufferLen, in, inl); 590 ctx->gcmBufferLen += inl; 591 ctx->gcmBuffer = tmp; 592 *outl = 0; 593 } 594 else { 595 ret = MEMORY_E; 596 } 597 } 598 } 599 else { 600 ret = wolfSSL_EVP_CipherUpdate_GCM_AAD(ctx, in, inl); 601 } 602 603 if (ret != 0) { 604 *outl = 0; 580 605 return WOLFSSL_FAILURE; 581 *outl = inl; 606 } 607 582 608 return WOLFSSL_SUCCESS; 583 609 } … … 599 625 600 626 *outl = 0; 601 if (inl == 0) {602 return WOLFSSL_SUCCESS;603 }604 627 605 628 #if !defined(NO_AES) && defined(HAVE_AESGCM) … … 620 643 } 621 644 622 645 /* if(inl == 0)wolfSSL_EVP_CipherUpdate_GCM to get tag */ 646 if (inl == 0) { 647 return WOLFSSL_SUCCESS; 648 } 623 649 if (ctx->bufUsed > 0) { /* concatenate them if there is anything */ 624 650 fill = fillBuff(ctx, in, inl); … … 740 766 741 767 WOLFSSL_ENTER("wolfSSL_EVP_CipherFinal"); 742 768 switch (ctx->cipherType) { 743 769 #if !defined(NO_AES) && defined(HAVE_AESGCM) 744 switch (ctx->cipherType) { 745 case AES_128_GCM_TYPE: 746 case AES_192_GCM_TYPE: 747 case AES_256_GCM_TYPE: 770 case AES_128_GCM_TYPE: 771 case AES_192_GCM_TYPE: 772 case AES_256_GCM_TYPE: 773 if ((ctx->gcmBuffer && ctx->gcmBufferLen > 0) 774 || (ctx->gcmBufferLen == 0)) { 775 if (ctx->enc) 776 ret = wc_AesGcmEncrypt(&ctx->cipher.aes, out, 777 ctx->gcmBuffer, ctx->gcmBufferLen, 778 ctx->iv, ctx->ivSz, ctx->authTag, ctx->authTagSz, 779 ctx->gcmAuthIn, ctx->gcmAuthInSz); 780 else 781 ret = wc_AesGcmDecrypt(&ctx->cipher.aes, out, 782 ctx->gcmBuffer, ctx->gcmBufferLen, 783 ctx->iv, ctx->ivSz, ctx->authTag, ctx->authTagSz, 784 ctx->gcmAuthIn, ctx->gcmAuthInSz); 785 786 if (ret == 0) { 787 ret = WOLFSSL_SUCCESS; 788 *outl = ctx->gcmBufferLen; 789 } 790 else { 791 ret = WOLFSSL_FAILURE; 792 *outl = 0; 793 } 794 795 XFREE(ctx->gcmBuffer, NULL, DYNAMIC_TYPE_OPENSSL); 796 ctx->gcmBuffer = NULL; 797 ctx->gcmBufferLen = 0; 798 } 799 else { 748 800 *outl = 0; 749 /* Clear IV, since IV reuse is not recommended for AES GCM. */ 750 XMEMSET(ctx->iv, 0, AES_BLOCK_SIZE); 751 return WOLFSSL_SUCCESS; 752 default: 753 /* fall-through */ 754 break; 755 } 801 } 802 /* Clear IV, since IV reuse is not recommended for AES GCM. */ 803 XMEMSET(ctx->iv, 0, AES_BLOCK_SIZE); 804 break; 756 805 #endif /* !NO_AES && HAVE_AESGCM */ 757 758 if (!out) 759 return WOLFSSL_FAILURE; 760 761 if (ctx->flags & WOLFSSL_EVP_CIPH_NO_PADDING) { 762 if (ctx->bufUsed != 0) return WOLFSSL_FAILURE; 763 *outl = 0; 764 } 765 else if (ctx->enc) { 766 if (ctx->block_size == 1) { 767 *outl = 0; 768 } 769 else if ((ctx->bufUsed >= 0) && (ctx->block_size != 1)) { 770 padBlock(ctx); 771 PRINT_BUF(ctx->buf, ctx->block_size); 772 if (evpCipherBlock(ctx, out, ctx->buf, ctx->block_size) == 0) { 773 WOLFSSL_MSG("Final Cipher Block failed"); 774 ret = WOLFSSL_FAILURE; 806 default: 807 if (!out) 808 return WOLFSSL_FAILURE; 809 810 if (ctx->flags & WOLFSSL_EVP_CIPH_NO_PADDING) { 811 if (ctx->bufUsed != 0) return WOLFSSL_FAILURE; 812 *outl = 0; 813 } 814 else if (ctx->enc) { 815 if (ctx->block_size == 1) { 816 *outl = 0; 817 } 818 else if ((ctx->bufUsed >= 0) && (ctx->block_size != 1)) { 819 padBlock(ctx); 820 PRINT_BUF(ctx->buf, ctx->block_size); 821 if (evpCipherBlock(ctx, out, ctx->buf, ctx->block_size) == 0) { 822 WOLFSSL_MSG("Final Cipher Block failed"); 823 ret = WOLFSSL_FAILURE; 824 } 825 else { 826 PRINT_BUF(out, ctx->block_size); 827 *outl = ctx->block_size; 828 } 829 } 775 830 } 776 831 else { 777 PRINT_BUF(out, ctx->block_size); 778 *outl = ctx->block_size; 779 } 780 } 781 } 782 else { 783 if (ctx->block_size == 1) { 784 *outl = 0; 785 } 786 else if ((ctx->bufUsed % ctx->block_size) != 0) { 787 *outl = 0; 788 /* not enough padding for decrypt */ 789 WOLFSSL_MSG("Final Cipher Block not enough padding"); 790 ret = WOLFSSL_FAILURE; 791 } 792 else if (ctx->lastUsed) { 793 PRINT_BUF(ctx->lastBlock, ctx->block_size); 794 if ((fl = checkPad(ctx, ctx->lastBlock)) >= 0) { 795 XMEMCPY(out, ctx->lastBlock, fl); 796 *outl = fl; 797 if (ctx->lastUsed == 0 && ctx->bufUsed == 0) { 798 /* return error in cases where the block length is incorrect */ 799 WOLFSSL_MSG("Final Cipher Block bad length"); 832 if (ctx->block_size == 1) { 833 *outl = 0; 834 } 835 else if ((ctx->bufUsed % ctx->block_size) != 0) { 836 *outl = 0; 837 /* not enough padding for decrypt */ 838 WOLFSSL_MSG("Final Cipher Block not enough padding"); 800 839 ret = WOLFSSL_FAILURE; 801 840 } 802 } 803 else { 804 ret = WOLFSSL_FAILURE; 805 } 806 } 807 else if (ctx->lastUsed == 0 && ctx->bufUsed == 0) { 808 /* return error in cases where the block length is incorrect */ 809 ret = WOLFSSL_FAILURE; 810 } 811 } 841 else if (ctx->lastUsed) { 842 PRINT_BUF(ctx->lastBlock, ctx->block_size); 843 if ((fl = checkPad(ctx, ctx->lastBlock)) >= 0) { 844 XMEMCPY(out, ctx->lastBlock, fl); 845 *outl = fl; 846 if (ctx->lastUsed == 0 && ctx->bufUsed == 0) { 847 /* return error in cases where the block length is 848 * incorrect */ 849 WOLFSSL_MSG("Final Cipher Block bad length"); 850 ret = WOLFSSL_FAILURE; 851 } 852 } 853 else { 854 ret = WOLFSSL_FAILURE; 855 } 856 } 857 else if (ctx->lastUsed == 0 && ctx->bufUsed == 0) { 858 /* return error in cases where the block length is 859 * incorrect */ 860 ret = WOLFSSL_FAILURE; 861 } 862 } 863 break; 864 } 865 812 866 if (ret == WOLFSSL_SUCCESS) { 813 867 /* reset cipher state after final */ 814 wolfSSL_EVP_CipherInit(ctx, NULL, NULL, NULL, -1);868 ret = wolfSSL_EVP_CipherInit(ctx, NULL, NULL, NULL, -1); 815 869 } 816 870 return ret; … … 867 921 #endif 868 922 869 870 923 int wolfSSL_EVP_CIPHER_CTX_block_size(const WOLFSSL_EVP_CIPHER_CTX *ctx) 871 924 { … … 931 984 if (cipher == NULL) return 0; /* dummy for #ifdef */ 932 985 #ifndef NO_DES3 933 else if ( EVP_DES_CBC &&XSTRNCMP(cipher, EVP_DES_CBC, EVP_DES_SIZE) == 0)986 else if (XSTRNCMP(cipher, EVP_DES_CBC, EVP_DES_SIZE) == 0) 934 987 return DES_CBC_TYPE; 935 else if ( EVP_DES_EDE3_CBC &&XSTRNCMP(cipher, EVP_DES_EDE3_CBC, EVP_DES_EDE3_SIZE) == 0)988 else if (XSTRNCMP(cipher, EVP_DES_EDE3_CBC, EVP_DES_EDE3_SIZE) == 0) 936 989 return DES_EDE3_CBC_TYPE; 937 990 #if !defined(NO_DES3) 938 else if ( EVP_DES_ECB &&XSTRNCMP(cipher, EVP_DES_ECB, EVP_DES_SIZE) == 0)991 else if (XSTRNCMP(cipher, EVP_DES_ECB, EVP_DES_SIZE) == 0) 939 992 return DES_ECB_TYPE; 940 else if ( EVP_DES_EDE3_ECB &&XSTRNCMP(cipher, EVP_DES_EDE3_ECB, EVP_DES_EDE3_SIZE) == 0)993 else if (XSTRNCMP(cipher, EVP_DES_EDE3_ECB, EVP_DES_EDE3_SIZE) == 0) 941 994 return DES_EDE3_ECB_TYPE; 942 995 #endif /* NO_DES3 && HAVE_AES_ECB */ … … 945 998 #if defined(HAVE_AES_CBC) 946 999 #ifdef WOLFSSL_AES_128 947 else if ( EVP_AES_128_CBC &&XSTRNCMP(cipher, EVP_AES_128_CBC, EVP_AES_SIZE) == 0)1000 else if (XSTRNCMP(cipher, EVP_AES_128_CBC, EVP_AES_SIZE) == 0) 948 1001 return AES_128_CBC_TYPE; 949 1002 #endif 950 1003 #ifdef WOLFSSL_AES_192 951 else if ( EVP_AES_192_CBC &&XSTRNCMP(cipher, EVP_AES_192_CBC, EVP_AES_SIZE) == 0)1004 else if (XSTRNCMP(cipher, EVP_AES_192_CBC, EVP_AES_SIZE) == 0) 952 1005 return AES_192_CBC_TYPE; 953 1006 #endif 954 1007 #ifdef WOLFSSL_AES_256 955 else if ( EVP_AES_256_CBC &&XSTRNCMP(cipher, EVP_AES_256_CBC, EVP_AES_SIZE) == 0)1008 else if (XSTRNCMP(cipher, EVP_AES_256_CBC, EVP_AES_SIZE) == 0) 956 1009 return AES_256_CBC_TYPE; 957 1010 #endif … … 959 1012 #if defined(HAVE_AESGCM) 960 1013 #ifdef WOLFSSL_AES_128 961 else if ( EVP_AES_128_GCM &&XSTRNCMP(cipher, EVP_AES_128_GCM, EVP_AES_SIZE) == 0)1014 else if (XSTRNCMP(cipher, EVP_AES_128_GCM, EVP_AES_SIZE) == 0) 962 1015 return AES_128_GCM_TYPE; 963 1016 #endif 964 1017 #ifdef WOLFSSL_AES_192 965 else if ( EVP_AES_192_GCM &&XSTRNCMP(cipher, EVP_AES_192_GCM, EVP_AES_SIZE) == 0)1018 else if (XSTRNCMP(cipher, EVP_AES_192_GCM, EVP_AES_SIZE) == 0) 966 1019 return AES_192_GCM_TYPE; 967 1020 #endif 968 1021 #ifdef WOLFSSL_AES_256 969 else if ( EVP_AES_256_GCM &&XSTRNCMP(cipher, EVP_AES_256_GCM, EVP_AES_SIZE) == 0)1022 else if (XSTRNCMP(cipher, EVP_AES_256_GCM, EVP_AES_SIZE) == 0) 970 1023 return AES_256_GCM_TYPE; 971 1024 #endif … … 973 1026 #if defined(WOLFSSL_AES_COUNTER) 974 1027 #ifdef WOLFSSL_AES_128 975 else if ( EVP_AES_128_CTR &&XSTRNCMP(cipher, EVP_AES_128_CTR, EVP_AES_SIZE) == 0)1028 else if (XSTRNCMP(cipher, EVP_AES_128_CTR, EVP_AES_SIZE) == 0) 976 1029 return AES_128_CTR_TYPE; 977 1030 #endif 978 1031 #ifdef WOLFSSL_AES_192 979 else if ( EVP_AES_192_CTR &&XSTRNCMP(cipher, EVP_AES_192_CTR, EVP_AES_SIZE) == 0)1032 else if (XSTRNCMP(cipher, EVP_AES_192_CTR, EVP_AES_SIZE) == 0) 980 1033 return AES_192_CTR_TYPE; 981 1034 #endif 982 1035 #ifdef WOLFSSL_AES_256 983 else if ( EVP_AES_256_CTR &&XSTRNCMP(cipher, EVP_AES_256_CTR, EVP_AES_SIZE) == 0)1036 else if (XSTRNCMP(cipher, EVP_AES_256_CTR, EVP_AES_SIZE) == 0) 984 1037 return AES_256_CTR_TYPE; 985 1038 #endif … … 987 1040 #if defined(HAVE_AES_ECB) 988 1041 #ifdef WOLFSSL_AES_128 989 else if ( EVP_AES_128_ECB &&XSTRNCMP(cipher, EVP_AES_128_ECB, EVP_AES_SIZE) == 0)1042 else if (XSTRNCMP(cipher, EVP_AES_128_ECB, EVP_AES_SIZE) == 0) 990 1043 return AES_128_ECB_TYPE; 991 1044 #endif 992 1045 #ifdef WOLFSSL_AES_192 993 else if ( EVP_AES_192_ECB &&XSTRNCMP(cipher, EVP_AES_192_ECB, EVP_AES_SIZE) == 0)1046 else if (XSTRNCMP(cipher, EVP_AES_192_ECB, EVP_AES_SIZE) == 0) 994 1047 return AES_192_ECB_TYPE; 995 1048 #endif 996 1049 #ifdef WOLFSSL_AES_256 997 else if ( EVP_AES_256_ECB &&XSTRNCMP(cipher, EVP_AES_256_ECB, EVP_AES_SIZE) == 0)1050 else if (XSTRNCMP(cipher, EVP_AES_256_ECB, EVP_AES_SIZE) == 0) 998 1051 return AES_256_ECB_TYPE; 999 1052 #endif … … 1001 1054 #if defined(WOLFSSL_AES_XTS) 1002 1055 #ifdef WOLFSSL_AES_128 1003 else if ( EVP_AES_128_XTS &&XSTRNCMP(cipher, EVP_AES_128_XTS, EVP_AES_SIZE) == 0)1056 else if (XSTRNCMP(cipher, EVP_AES_128_XTS, EVP_AES_SIZE) == 0) 1004 1057 return AES_128_XTS_TYPE; 1005 1058 #endif 1006 1059 #ifdef WOLFSSL_AES_256 1007 else if ( EVP_AES_256_XTS &&XSTRNCMP(cipher, EVP_AES_256_XTS, EVP_AES_SIZE) == 0)1060 else if (XSTRNCMP(cipher, EVP_AES_256_XTS, EVP_AES_SIZE) == 0) 1008 1061 return AES_256_XTS_TYPE; 1009 1062 #endif … … 1011 1064 #if defined(WOLFSSL_AES_CFB) 1012 1065 #ifdef WOLFSSL_AES_128 1013 else if ( EVP_AES_128_CFB1 &&XSTRNCMP(cipher, EVP_AES_128_CFB1, EVP_AESCFB_SIZE) == 0)1066 else if (XSTRNCMP(cipher, EVP_AES_128_CFB1, EVP_AESCFB_SIZE) == 0) 1014 1067 return AES_128_CFB1_TYPE; 1015 1068 #endif 1016 1069 #ifdef WOLFSSL_AES_192 1017 else if ( EVP_AES_192_CFB1 &&XSTRNCMP(cipher, EVP_AES_192_CFB1, EVP_AESCFB_SIZE) == 0)1070 else if (XSTRNCMP(cipher, EVP_AES_192_CFB1, EVP_AESCFB_SIZE) == 0) 1018 1071 return AES_192_CFB1_TYPE; 1019 1072 #endif 1020 1073 #ifdef WOLFSSL_AES_256 1021 else if ( EVP_AES_256_CFB1 &&XSTRNCMP(cipher, EVP_AES_256_CFB1, EVP_AESCFB_SIZE) == 0)1074 else if (XSTRNCMP(cipher, EVP_AES_256_CFB1, EVP_AESCFB_SIZE) == 0) 1022 1075 return AES_256_CFB1_TYPE; 1023 1076 #endif 1024 1077 #ifdef WOLFSSL_AES_128 1025 else if ( EVP_AES_128_CFB8 &&XSTRNCMP(cipher, EVP_AES_128_CFB8, EVP_AESCFB_SIZE) == 0)1078 else if (XSTRNCMP(cipher, EVP_AES_128_CFB8, EVP_AESCFB_SIZE) == 0) 1026 1079 return AES_128_CFB8_TYPE; 1027 1080 #endif 1028 1081 #ifdef WOLFSSL_AES_192 1029 else if ( EVP_AES_192_CFB8 &&XSTRNCMP(cipher, EVP_AES_192_CFB8, EVP_AESCFB_SIZE) == 0)1082 else if (XSTRNCMP(cipher, EVP_AES_192_CFB8, EVP_AESCFB_SIZE) == 0) 1030 1083 return AES_192_CFB8_TYPE; 1031 1084 #endif 1032 1085 #ifdef WOLFSSL_AES_256 1033 else if ( EVP_AES_256_CFB8 &&XSTRNCMP(cipher, EVP_AES_256_CFB8, EVP_AESCFB_SIZE) == 0)1086 else if (XSTRNCMP(cipher, EVP_AES_256_CFB8, EVP_AESCFB_SIZE) == 0) 1034 1087 return AES_256_CFB8_TYPE; 1035 1088 #endif 1036 1089 #ifdef WOLFSSL_AES_128 1037 else if ( EVP_AES_128_CFB128 &&XSTRNCMP(cipher, EVP_AES_128_CFB128, EVP_AESCFB_SIZE) == 0)1090 else if (XSTRNCMP(cipher, EVP_AES_128_CFB128, EVP_AESCFB_SIZE) == 0) 1038 1091 return AES_128_CFB128_TYPE; 1039 1092 #endif 1040 1093 #ifdef WOLFSSL_AES_192 1041 else if ( EVP_AES_192_CFB128 &&XSTRNCMP(cipher, EVP_AES_192_CFB128, EVP_AESCFB_SIZE) == 0)1094 else if (XSTRNCMP(cipher, EVP_AES_192_CFB128, EVP_AESCFB_SIZE) == 0) 1042 1095 return AES_192_CFB128_TYPE; 1043 1096 #endif 1044 1097 #ifdef WOLFSSL_AES_256 1045 else if ( EVP_AES_256_CFB128 &&XSTRNCMP(cipher, EVP_AES_256_CFB128, EVP_AESCFB_SIZE) == 0)1098 else if (XSTRNCMP(cipher, EVP_AES_256_CFB128, EVP_AESCFB_SIZE) == 0) 1046 1099 return AES_256_CFB128_TYPE; 1047 1100 #endif 1048 1101 #endif /*HAVE_AES_CBC */ 1102 #if defined(WOLFSSL_AES_OFB) 1103 #ifdef WOLFSSL_AES_128 1104 else if (XSTRNCMP(cipher, EVP_AES_128_OFB, EVP_AES_SIZE) == 0) 1105 return AES_128_OFB_TYPE; 1106 #endif 1107 #ifdef WOLFSSL_AES_192 1108 else if (XSTRNCMP(cipher, EVP_AES_192_OFB, EVP_AES_SIZE) == 0) 1109 return AES_192_OFB_TYPE; 1110 #endif 1111 #ifdef WOLFSSL_AES_256 1112 else if (XSTRNCMP(cipher, EVP_AES_256_OFB, EVP_AES_SIZE) == 0) 1113 return AES_256_OFB_TYPE; 1114 #endif 1115 #endif 1049 1116 #endif /* !NO_AES */ 1117 1118 #ifndef NO_RC4 1119 else if (XSTRNCMP(cipher, EVP_ARC4, EVP_ARC4_SIZE) == 0) 1120 return ARC4_TYPE; 1121 #endif 1050 1122 else return 0; 1051 1123 } … … 1066 1138 case AES_192_GCM_TYPE: 1067 1139 case AES_256_GCM_TYPE: 1068 return AES_BLOCK_SIZE;1140 return 1; 1069 1141 #endif 1070 1142 #if defined(WOLFSSL_AES_COUNTER) … … 1072 1144 case AES_192_CTR_TYPE: 1073 1145 case AES_256_CTR_TYPE: 1074 return AES_BLOCK_SIZE;1146 return 1; 1075 1147 #endif 1076 1148 #if defined(HAVE_AES_ECB) … … 1080 1152 return AES_BLOCK_SIZE; 1081 1153 #endif 1154 #if defined(WOLFSSL_AES_CFB) 1155 case AES_128_CFB1_TYPE: 1156 case AES_192_CFB1_TYPE: 1157 case AES_256_CFB1_TYPE: 1158 case AES_128_CFB8_TYPE: 1159 case AES_192_CFB8_TYPE: 1160 case AES_256_CFB8_TYPE: 1161 case AES_128_CFB128_TYPE: 1162 case AES_192_CFB128_TYPE: 1163 case AES_256_CFB128_TYPE: 1164 return 1; 1165 #endif 1166 #if defined(WOLFSSL_AES_OFB) 1167 case AES_128_OFB_TYPE: 1168 case AES_192_OFB_TYPE: 1169 case AES_256_OFB_TYPE: 1170 return 1; 1171 #endif 1172 #if defined(WOLFSSL_AES_XTS) 1173 case AES_128_XTS_TYPE: 1174 case AES_256_XTS_TYPE: 1175 return 1; 1176 #endif 1082 1177 #endif /* NO_AES */ 1083 #ifndef NO_DES3 1178 1179 #ifndef NO_RC4 1180 case ARC4_TYPE: 1181 return 1; 1182 #endif 1183 1184 #ifndef NO_DES3 1084 1185 case DES_CBC_TYPE: return 8; 1085 1186 case DES_EDE3_CBC_TYPE: return 8; 1086 1187 case DES_ECB_TYPE: return 8; 1087 1188 case DES_EDE3_ECB_TYPE: return 8; 1088 1189 #endif 1089 1190 default: 1090 1191 return 0; … … 1106 1207 case AES_192_GCM_TYPE: 1107 1208 case AES_256_GCM_TYPE: 1108 return WOLFSSL_EVP_CIPH_GCM_MODE; 1209 return WOLFSSL_EVP_CIPH_GCM_MODE & 1210 WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER; 1109 1211 #endif 1110 1212 #if defined(WOLFSSL_AES_COUNTER) … … 1114 1216 return WOLFSSL_EVP_CIPH_CTR_MODE; 1115 1217 #endif 1218 #if defined(WOLFSSL_AES_CFB) 1219 case AES_128_CFB1_TYPE: 1220 case AES_192_CFB1_TYPE: 1221 case AES_256_CFB1_TYPE: 1222 case AES_128_CFB8_TYPE: 1223 case AES_192_CFB8_TYPE: 1224 case AES_256_CFB8_TYPE: 1225 case AES_128_CFB128_TYPE: 1226 case AES_192_CFB128_TYPE: 1227 case AES_256_CFB128_TYPE: 1228 return WOLFSSL_EVP_CIPH_CFB_MODE; 1229 #endif 1230 #if defined(WOLFSSL_AES_OFB) 1231 case AES_128_OFB_TYPE: 1232 case AES_192_OFB_TYPE: 1233 case AES_256_OFB_TYPE: 1234 return WOLFSSL_EVP_CIPH_OFB_MODE; 1235 #endif 1236 #if defined(WOLFSSL_AES_XTS) 1237 case AES_128_XTS_TYPE: 1238 case AES_256_XTS_TYPE: 1239 return WOLFSSL_EVP_CIPH_XTS_MODE; 1240 #endif 1116 1241 case AES_128_ECB_TYPE: 1117 1242 case AES_192_ECB_TYPE: 1118 1243 case AES_256_ECB_TYPE: 1119 1244 return WOLFSSL_EVP_CIPH_ECB_MODE; 1120 #endif /* NO_A SE*/1245 #endif /* NO_AES */ 1121 1246 #ifndef NO_DES3 1122 1247 case DES_CBC_TYPE: … … 1209 1334 { 1210 1335 WOLFSSL_EVP_PKEY_CTX* ctx; 1211 int type = NID_undef;1212 1336 1213 1337 if (pkey == NULL) return 0; … … 1223 1347 ctx->padding = RSA_PKCS1_PADDING; 1224 1348 #endif 1225 type = wolfSSL_EVP_PKEY_type(pkey->type); 1226 1227 if (type != NID_undef) { 1228 if (wc_LockMutex(&pkey->refMutex) != 0) { 1229 WOLFSSL_MSG("Couldn't lock pkey mutex"); 1230 } 1231 pkey->references++; 1232 1233 wc_UnLockMutex(&pkey->refMutex); 1349 if (wolfSSL_EVP_PKEY_up_ref(pkey) != WOLFSSL_SUCCESS) { 1350 WOLFSSL_MSG("Couldn't increase key reference count"); 1234 1351 } 1235 1352 return ctx; … … 1264 1381 pkey->type = id; 1265 1382 ctx = wolfSSL_EVP_PKEY_CTX_new(pkey, e); 1266 if (ctx == NULL) { 1267 wolfSSL_EVP_PKEY_free(pkey); 1268 } 1383 /* wolfSSL_EVP_PKEY_CTX_new calls wolfSSL_EVP_PKEY_up_ref so we need 1384 * to always call wolfSSL_EVP_PKEY_free (either to free it if an 1385 * error occured in the previous function or to decrease the reference 1386 * count so that pkey is actually free'd when wolfSSL_EVP_PKEY_CTX_free 1387 * is called) */ 1388 wolfSSL_EVP_PKEY_free(pkey); 1269 1389 } 1270 1390 return ctx; … … 1311 1431 } 1312 1432 1433 #ifndef NO_WOLFSSL_STUB 1434 int wolfSSL_EVP_PKEY_CTX_ctrl_str(WOLFSSL_EVP_PKEY_CTX *ctx, 1435 const char *name, const char *value) 1436 { 1437 WOLFSSL_STUB("wolfSSL_EVP_PKEY_CTX_ctrl_str"); 1438 (void)ctx; 1439 (void)name; 1440 (void)value; 1441 return WOLFSSL_FAILURE; 1442 } 1443 #endif /* NO_WOLFSSL_STUB */ 1444 1313 1445 #if !defined(NO_DH) && defined(HAVE_ECC) 1446 #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION!=2)) 1314 1447 int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen) 1315 1448 { … … 1336 1469 return WOLFSSL_FAILURE; 1337 1470 } 1471 /* computed DH agreement can be less than DH size if leading zeros */ 1338 1472 if (wolfSSL_DH_compute_key(key, ctx->peerKey->dh->pub_key, 1339 ctx->pkey->dh) != len) {1473 ctx->pkey->dh) <= 0) { 1340 1474 return WOLFSSL_FAILURE; 1341 1475 } … … 1368 1502 if (key) { 1369 1503 word32 len32 = (word32)len; 1504 #if defined(ECC_TIMING_RESISTANT) && !defined(HAVE_SELFTEST) \ 1505 && (!defined(HAVE_FIPS) || \ 1506 (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2)) 1507 1508 WC_RNG rng; 1509 if (wc_InitRng(&rng) != MP_OKAY) { 1510 WOLFSSL_MSG("Init RNG failed"); 1511 return WOLFSSL_FAILURE; 1512 } 1513 ((ecc_key*)ctx->pkey->ecc->internal)->rng = &rng; 1514 #endif 1370 1515 if (*keylen < len32) { 1371 1516 WOLFSSL_MSG("buffer too short"); 1517 #if defined(ECC_TIMING_RESISTANT) && !defined(HAVE_SELFTEST) \ 1518 && (!defined(HAVE_FIPS) || \ 1519 (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2)) 1520 ((ecc_key*)ctx->pkey->ecc->internal)->rng = NULL; 1521 wc_FreeRng(&rng); 1522 #endif 1372 1523 return WOLFSSL_FAILURE; 1373 1524 } … … 1376 1527 key, &len32) != MP_OKAY) { 1377 1528 WOLFSSL_MSG("wc_ecc_shared_secret failed"); 1529 #if defined(ECC_TIMING_RESISTANT) && !defined(HAVE_SELFTEST) \ 1530 && (!defined(HAVE_FIPS) || \ 1531 (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2)) 1532 ((ecc_key*)ctx->pkey->ecc->internal)->rng = NULL; 1533 wc_FreeRng(&rng); 1534 #endif 1378 1535 return WOLFSSL_FAILURE; 1379 1536 } 1537 #if defined(ECC_TIMING_RESISTANT) && !defined(HAVE_SELFTEST) \ 1538 && (!defined(HAVE_FIPS) || \ 1539 (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2)) 1540 ((ecc_key*)ctx->pkey->ecc->internal)->rng = NULL; 1541 wc_FreeRng(&rng); 1542 #endif 1380 1543 len = (int)len32; 1381 1544 } … … 1389 1552 return WOLFSSL_SUCCESS; 1390 1553 } 1391 #endif 1554 #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ 1555 #endif /* !NO_DH || HAVE_ECC */ 1392 1556 1393 1557 /* Uses the WOLFSSL_EVP_PKEY_CTX to decrypt a buffer. … … 1720 1884 } 1721 1885 1886 1887 int wolfSSL_EVP_PKEY_copy_parameters(WOLFSSL_EVP_PKEY *to, 1888 const WOLFSSL_EVP_PKEY *from) 1889 { 1890 WOLFSSL_ENTER("wolfSSL_EVP_PKEY_copy_parameters"); 1891 1892 if (!to || !from) { 1893 WOLFSSL_MSG("Bad parameter"); 1894 return WOLFSSL_FAILURE; 1895 } 1896 1897 if (to->type == EVP_PKEY_NONE) { 1898 to->type = from->type; 1899 } 1900 else if (to->type != from->type) { 1901 WOLFSSL_MSG("Different key types"); 1902 return WOLFSSL_FAILURE; 1903 } 1904 1905 switch(from->type) { 1906 #ifdef HAVE_ECC 1907 case EVP_PKEY_EC: 1908 if (from->ecc) { 1909 if (!to->ecc && !(to->ecc = wolfSSL_EC_KEY_new())) { 1910 WOLFSSL_MSG("wolfSSL_EC_KEY_new error"); 1911 return WOLFSSL_FAILURE; 1912 } 1913 to->ownEcc = 1; 1914 to->ecc->group->curve_idx = from->ecc->group->curve_idx; 1915 to->ecc->group->curve_nid = from->ecc->group->curve_nid; 1916 to->ecc->group->curve_oid = from->ecc->group->curve_oid; 1917 } 1918 else { 1919 WOLFSSL_MSG("Missing ECC struct"); 1920 return WOLFSSL_FAILURE; 1921 } 1922 break; 1923 #endif 1924 #ifndef NO_DSA 1925 case EVP_PKEY_DSA: 1926 if (from->dsa) { 1927 WOLFSSL_BIGNUM* cpy; 1928 if (!to->dsa && !(to->dsa = wolfSSL_DSA_new())) { 1929 WOLFSSL_MSG("wolfSSL_DSA_new error"); 1930 return WOLFSSL_FAILURE; 1931 } 1932 if (!(cpy = wolfSSL_BN_dup(from->dsa->p))) { 1933 WOLFSSL_MSG("wolfSSL_BN_dup error"); 1934 return WOLFSSL_FAILURE; 1935 } 1936 to->dsa->p = cpy; 1937 if (!(cpy = wolfSSL_BN_dup(from->dsa->q))) { 1938 WOLFSSL_MSG("wolfSSL_BN_dup error"); 1939 return WOLFSSL_FAILURE; 1940 } 1941 to->dsa->q = cpy; 1942 if (!(cpy = wolfSSL_BN_dup(from->dsa->g))) { 1943 WOLFSSL_MSG("wolfSSL_BN_dup error"); 1944 return WOLFSSL_FAILURE; 1945 } 1946 to->dsa->g = cpy; 1947 } 1948 else { 1949 WOLFSSL_MSG("Missing DSA struct"); 1950 return WOLFSSL_FAILURE; 1951 } 1952 break; 1953 #endif 1954 #ifndef NO_RSA 1955 case EVP_PKEY_RSA: 1956 #endif 1957 #ifndef NO_DH 1958 case EVP_PKEY_DH: 1959 #endif 1960 default: 1961 WOLFSSL_MSG("Copy parameters not available for this key type"); 1962 return WOLFSSL_FAILURE; 1963 } 1964 #if defined(HAVE_ECC) || !defined(NO_DSA) 1965 return WOLFSSL_SUCCESS; 1966 #endif 1967 } 1968 1722 1969 #ifndef NO_WOLFSSL_STUB 1723 1970 WOLFSSL_API int wolfSSL_EVP_PKEY_missing_parameters(WOLFSSL_EVP_PKEY *pkey) … … 1760 2007 #endif /* HAVE_ECC */ 1761 2008 default: 1762 break;2009 return ret; 1763 2010 } /* switch (a->type) */ 1764 2011 … … 1824 2071 1825 2072 static const struct s_ent { 1826 const intmacType;2073 const enum wc_HashType macType; 1827 2074 const int nid; 1828 2075 const char *name; … … 1837 2084 1838 2085 #ifndef NO_SHA 1839 {WC_HASH_TYPE_SHA, NID_sha1, "SHA"}, 2086 {WC_HASH_TYPE_SHA, NID_sha1, "SHA1"}, 2087 {WC_HASH_TYPE_SHA, NID_sha1, "SHA"}, /* Leave for backwards compatibility */ 1840 2088 #endif /* NO_SHA */ 1841 2089 … … 1859 2107 {WC_HASH_TYPE_SHA3_256, NID_sha3_256, "SHA3_256"}, 1860 2108 #endif 2109 #ifndef WOLFSSL_NOSHA3_384 1861 2110 {WC_HASH_TYPE_SHA3_384, NID_sha3_384, "SHA3_384"}, 2111 #endif 1862 2112 #ifndef WOLFSSL_NOSHA3_512 1863 2113 {WC_HASH_TYPE_SHA3_512, NID_sha3_512, "SHA3_512"}, 1864 2114 #endif 1865 { 0, 0, NULL}2115 {WC_HASH_TYPE_NONE, 0, NULL} 1866 2116 }; 1867 2117 1868 static intwolfSSL_EVP_md2macType(const WOLFSSL_EVP_MD *md)2118 static enum wc_HashType wolfSSL_EVP_md2macType(const WOLFSSL_EVP_MD *md) 1869 2119 { 1870 2120 const struct s_ent *ent ; … … 2047 2297 } 2048 2298 2049 2050 2299 /* Initialize an EVP_DigestSign/Verify operation. 2051 2300 * Initialize a digest for RSA and ECC keys, or HMAC for HMAC key. … … 2057 2306 WOLFSSL_EVP_PKEY *pkey) 2058 2307 { 2308 if (!type) { 2309 int default_digest; 2310 if (wolfSSL_EVP_PKEY_get_default_digest_nid(pkey, &default_digest) 2311 != WOLFSSL_SUCCESS) { 2312 WOLFSSL_MSG("Could not get default digest"); 2313 return WOLFSSL_FAILURE; 2314 } 2315 type = wolfSSL_EVP_get_digestbynid(default_digest); 2316 if (!type) { 2317 return BAD_FUNC_ARG; 2318 } 2319 } 2320 2059 2321 if (pkey->type == EVP_PKEY_HMAC) { 2060 2322 int hashType; 2061 2323 const unsigned char* key; 2062 size_t keySz;2063 2324 2064 2325 if (XSTRNCMP(type, "SHA256", 6) == 0) { … … 2080 2341 } 2081 2342 #endif 2343 #ifdef WOLFSSL_SHA3 2344 #ifndef WOLFSSL_NOSHA3_224 2345 else if (XSTRNCMP(type, "SHA3_224", 8) == 0) { 2346 hashType = WC_SHA3_224; 2347 } 2348 #endif 2349 #ifndef WOLFSSL_NOSHA3_256 2350 else if (XSTRNCMP(type, "SHA3_256", 8) == 0) { 2351 hashType = WC_SHA3_256; 2352 } 2353 #endif 2354 else if (XSTRNCMP(type, "SHA3_384", 8) == 0) { 2355 hashType = WC_SHA3_384; 2356 } 2357 #ifndef WOLFSSL_NOSHA3_512 2358 else if (XSTRNCMP(type, "SHA3_512", 8) == 0) { 2359 hashType = WC_SHA3_512; 2360 } 2361 #endif 2362 #endif 2082 2363 #ifndef NO_MD5 2083 2364 else if (XSTRNCMP(type, "MD5", 3) == 0) { … … 2088 2369 /* has to be last since would pick or 224, 256, 384, or 512 too */ 2089 2370 else if (XSTRNCMP(type, "SHA", 3) == 0) { 2090 2371 hashType = WC_SHA; 2091 2372 } 2092 2373 #endif /* NO_SHA */ … … 2094 2375 return BAD_FUNC_ARG; 2095 2376 2096 key = wolfSSL_EVP_PKEY_get0_hmac(pkey, &keySz); 2097 2098 if (wc_HmacInit(&ctx->hash.hmac, NULL, INVALID_DEVID) != 0) 2377 { 2378 size_t keySz = 0; 2379 2380 key = wolfSSL_EVP_PKEY_get0_hmac(pkey, &keySz); 2381 2382 if (wc_HmacInit(&ctx->hash.hmac, NULL, INVALID_DEVID) != 0) 2383 return WOLFSSL_FAILURE; 2384 2385 if (wc_HmacSetKey(&ctx->hash.hmac, hashType, key, (word32)keySz) != 0) 2386 return WOLFSSL_FAILURE; 2387 } 2388 2389 ctx->isHMAC = 1; 2390 } 2391 else if (wolfSSL_EVP_DigestInit(ctx, type) != 1) 2099 2392 return WOLFSSL_FAILURE; 2100 2393 2101 if (wc_HmacSetKey(&ctx->hash.hmac, hashType, key, (word32)keySz) != 0) 2394 if (ctx->pctx == NULL) { 2395 ctx->pctx = wolfSSL_EVP_PKEY_CTX_new(pkey, e); 2396 if (ctx->pctx == NULL) 2102 2397 return WOLFSSL_FAILURE; 2103 2104 ctx->macType = NID_hmac; 2105 } 2106 else { 2107 int ret; 2108 2109 if (ctx->pctx == NULL) { 2110 ctx->pctx = wolfSSL_EVP_PKEY_CTX_new(pkey, e); 2111 if (ctx->pctx == NULL) 2112 return WOLFSSL_FAILURE; 2113 } 2114 2115 ret = wolfSSL_EVP_DigestInit(ctx, type); 2116 if (ret == WOLFSSL_SUCCESS && pctx != NULL) 2117 *pctx = ctx->pctx; 2118 return ret; 2119 } 2120 2398 } 2399 if (pctx != NULL) 2400 *pctx = ctx->pctx; 2121 2401 return WOLFSSL_SUCCESS; 2122 2402 } … … 2128 2408 const void *d, unsigned int cnt) 2129 2409 { 2130 if (ctx->pctx == NULL) { 2131 if (ctx->macType != NID_hmac) 2132 return WOLFSSL_FAILURE; 2133 2410 if (ctx->isHMAC) { 2134 2411 if (wc_HmacUpdate(&ctx->hash.hmac, (const byte *)d, cnt) != 0) 2135 2412 return WOLFSSL_FAILURE; … … 2150 2427 int ret; 2151 2428 2152 if (ctx-> pctx == NULL) {2429 if (ctx->isHMAC) { 2153 2430 Hmac hmacCopy; 2154 2155 if (ctx->macType != NID_hmac)2156 return WOLFSSL_FAILURE;2157 2431 2158 2432 if (wolfSSL_HmacCopy(&hmacCopy, &ctx->hash.hmac) != WOLFSSL_SUCCESS) … … 2221 2495 #endif /* HAVE_BLAKE2 */ 2222 2496 2497 #ifdef WOLFSSL_SHA3 2498 #ifndef WOLFSSL_NOSHA3_224 2499 case WC_SHA3_224: 2500 hashLen = WC_SHA3_224_DIGEST_SIZE; 2501 break; 2502 #endif 2503 #ifndef WOLFSSL_NOSHA3_256 2504 case WC_SHA3_256: 2505 hashLen = WC_SHA3_256_DIGEST_SIZE; 2506 break; 2507 #endif 2508 #ifndef WOLFSSL_NOSHA3_384 2509 case WC_SHA3_384: 2510 hashLen = WC_SHA3_384_DIGEST_SIZE; 2511 break; 2512 #endif 2513 #ifndef WOLFSSL_NOSHA3_512 2514 case WC_SHA3_512: 2515 hashLen = WC_SHA3_512_DIGEST_SIZE; 2516 break; 2517 #endif 2518 #endif 2519 2223 2520 default: 2224 2521 hashLen = 0; … … 2236 2533 WOLFSSL_ENTER("EVP_DigestSignInit"); 2237 2534 2238 if (ctx == NULL || type == NULL ||pkey == NULL)2535 if (ctx == NULL || pkey == NULL) 2239 2536 return BAD_FUNC_ARG; 2240 2537 … … 2267 2564 2268 2565 /* Return the maximum size of the signaure when sig is NULL. */ 2269 if (ctx->pctx == NULL) { 2270 if (ctx->macType != NID_hmac) 2271 return WOLFSSL_FAILURE; 2272 2566 if (ctx->isHMAC) { 2273 2567 hashLen = wolfssl_mac_len(ctx->hash.hmac.macType); 2274 2568 … … 2300 2594 return WOLFSSL_FAILURE; 2301 2595 2302 if (ctx-> pctx == NULL) {2596 if (ctx->isHMAC) { 2303 2597 /* Copy the HMAC result as signature. */ 2304 2598 if ((unsigned int)(*siglen) > hashLen) … … 2318 2612 if (nid < 0) 2319 2613 break; 2320 ret = wolfSSL_RSA_sign (nid, digest, hashLen, sig, &sigSz,2321 ctx->pctx->pkey->rsa);2614 ret = wolfSSL_RSA_sign_generic_padding(nid, digest, hashLen, 2615 sig, &sigSz, ctx->pctx->pkey->rsa, 1, ctx->pctx->padding); 2322 2616 if (ret >= 0) 2323 2617 *siglen = sigSz; … … 2385 2679 return WOLFSSL_FAILURE; 2386 2680 2387 if (ctx->pctx == NULL) { 2388 if (ctx->macType != NID_hmac) 2389 return WOLFSSL_FAILURE; 2681 if (ctx->isHMAC) { 2390 2682 2391 2683 hashLen = wolfssl_mac_len(ctx->hash.hmac.macType); … … 2399 2691 return WOLFSSL_FAILURE; 2400 2692 2401 if (ctx-> pctx == NULL) {2693 if (ctx->isHMAC) { 2402 2694 /* Check HMAC result matches the signature. */ 2403 2695 if (XMEMCMP(sig, digest, siglen) == 0) … … 2413 2705 if (nid < 0) 2414 2706 return WOLFSSL_FAILURE; 2415 return wolfSSL_RSA_verify (nid, digest, hashLen, sig,2707 return wolfSSL_RSA_verify_ex(nid, digest, hashLen, sig, 2416 2708 (unsigned int)siglen, 2417 ctx->pctx->pkey->rsa );2709 ctx->pctx->pkey->rsa, ctx->pctx->padding); 2418 2710 } 2419 2711 #endif /* NO_RSA */ … … 2574 2866 2575 2867 #ifndef NO_AES 2868 #ifdef HAVE_AES_CBC 2576 2869 #ifdef WOLFSSL_AES_128 2577 {AES_128_CBC_TYPE, "AES-128-CBC", NID_aes_128_cbc},2870 {AES_128_CBC_TYPE, EVP_AES_128_CBC, NID_aes_128_cbc}, 2578 2871 #endif 2579 2872 #ifdef WOLFSSL_AES_192 2580 {AES_192_CBC_TYPE, "AES-192-CBC", NID_aes_192_cbc},2873 {AES_192_CBC_TYPE, EVP_AES_192_CBC, NID_aes_192_cbc}, 2581 2874 #endif 2582 2875 #ifdef WOLFSSL_AES_256 2583 {AES_256_CBC_TYPE, "AES-256-CBC", NID_aes_256_cbc}, 2584 #endif 2585 2876 {AES_256_CBC_TYPE, EVP_AES_256_CBC, NID_aes_256_cbc}, 2877 #endif 2878 #endif 2879 2880 #ifdef WOLFSSL_AES_CFB 2586 2881 #ifdef WOLFSSL_AES_128 2587 {AES_128_CFB1_TYPE, "AES-128-CFB1", NID_aes_128_cfb1},2882 {AES_128_CFB1_TYPE, EVP_AES_128_CFB1, NID_aes_128_cfb1}, 2588 2883 #endif 2589 2884 #ifdef WOLFSSL_AES_192 2590 {AES_192_CFB1_TYPE, "AES-192-CFB1", NID_aes_192_cfb1},2885 {AES_192_CFB1_TYPE, EVP_AES_192_CFB1, NID_aes_192_cfb1}, 2591 2886 #endif 2592 2887 #ifdef WOLFSSL_AES_256 2593 {AES_256_CFB1_TYPE, "AES-256-CFB1", NID_aes_256_cfb1},2888 {AES_256_CFB1_TYPE, EVP_AES_256_CFB1, NID_aes_256_cfb1}, 2594 2889 #endif 2595 2890 2596 2891 #ifdef WOLFSSL_AES_128 2597 {AES_128_CFB8_TYPE, "AES-128-CFB8", NID_aes_128_cfb8},2892 {AES_128_CFB8_TYPE, EVP_AES_128_CFB8, NID_aes_128_cfb8}, 2598 2893 #endif 2599 2894 #ifdef WOLFSSL_AES_192 2600 {AES_192_CFB8_TYPE, "AES-192-CFB8", NID_aes_192_cfb8},2895 {AES_192_CFB8_TYPE, EVP_AES_192_CFB8, NID_aes_192_cfb8}, 2601 2896 #endif 2602 2897 #ifdef WOLFSSL_AES_256 2603 {AES_256_CFB8_TYPE, "AES-256-CFB8", NID_aes_256_cfb8},2898 {AES_256_CFB8_TYPE, EVP_AES_256_CFB8, NID_aes_256_cfb8}, 2604 2899 #endif 2605 2900 2606 2901 #ifdef WOLFSSL_AES_128 2607 {AES_128_CFB128_TYPE, "AES-128-CFB128", NID_aes_128_cfb128},2902 {AES_128_CFB128_TYPE, EVP_AES_128_CFB128, NID_aes_128_cfb128}, 2608 2903 #endif 2609 2904 #ifdef WOLFSSL_AES_192 2610 {AES_192_CFB128_TYPE, "AES-192-CFB128", NID_aes_192_cfb128},2905 {AES_192_CFB128_TYPE, EVP_AES_192_CFB128, NID_aes_192_cfb128}, 2611 2906 #endif 2612 2907 #ifdef WOLFSSL_AES_256 2613 {AES_256_CFB128_TYPE, "AES-256-CFB128", NID_aes_256_cfb128}, 2614 #endif 2615 2908 {AES_256_CFB128_TYPE, EVP_AES_256_CFB128, NID_aes_256_cfb128}, 2909 #endif 2910 #endif 2911 2912 #ifdef HAVE_AES_OFB 2616 2913 #ifdef WOLFSSL_AES_128 2617 {AES_128_OFB_TYPE, "AES-128-OFB", NID_aes_128_ofb},2914 {AES_128_OFB_TYPE, EVP_AES_128_OFB, NID_aes_128_ofb}, 2618 2915 #endif 2619 2916 #ifdef WOLFSSL_AES_192 2620 {AES_192_OFB_TYPE, "AES-192-OFB", NID_aes_192_ofb},2917 {AES_192_OFB_TYPE, EVP_AES_192_OFB, NID_aes_192_ofb}, 2621 2918 #endif 2622 2919 #ifdef WOLFSSL_AES_256 2623 {AES_256_OFB_TYPE, "AES-256-OFB", NID_aes_256_ofb}, 2624 #endif 2625 2920 {AES_256_OFB_TYPE, EVP_AES_256_OFB, NID_aes_256_ofb}, 2921 #endif 2922 #endif 2923 2924 #ifdef HAVE_AES_XTS 2626 2925 #ifdef WOLFSSL_AES_128 2627 {AES_128_XTS_TYPE, "AES-128-XTS", NID_aes_128_xts},2926 {AES_128_XTS_TYPE, EVP_AES_128_XTS, NID_aes_128_xts}, 2628 2927 #endif 2629 2928 #ifdef WOLFSSL_AES_256 2630 {AES_256_XTS_TYPE, "AES-256-XTS", NID_aes_256_xts}, 2631 #endif 2632 2929 {AES_256_XTS_TYPE, EVP_AES_256_XTS, NID_aes_256_xts}, 2930 #endif 2931 #endif 2932 2933 #ifdef HAVE_AESGCM 2633 2934 #ifdef WOLFSSL_AES_128 2634 {AES_128_GCM_TYPE, "AES-128-GCM", NID_aes_128_gcm},2935 {AES_128_GCM_TYPE, EVP_AES_128_GCM, NID_aes_128_gcm}, 2635 2936 #endif 2636 2937 #ifdef WOLFSSL_AES_192 2637 {AES_192_GCM_TYPE, "AES-192-GCM", NID_aes_192_gcm},2938 {AES_192_GCM_TYPE, EVP_AES_192_GCM, NID_aes_192_gcm}, 2638 2939 #endif 2639 2940 #ifdef WOLFSSL_AES_256 2640 {AES_256_GCM_TYPE, "AES-256-GCM", NID_aes_256_gcm}, 2641 #endif 2941 {AES_256_GCM_TYPE, EVP_AES_256_GCM, NID_aes_256_gcm}, 2942 #endif 2943 #endif 2944 2945 #ifdef WOLFSSL_AES_COUNTER 2642 2946 #ifdef WOLFSSL_AES_128 2643 {AES_128_CTR_TYPE, "AES-128-CTR", NID_aes_128_ctr},2947 {AES_128_CTR_TYPE, EVP_AES_128_CTR, NID_aes_128_ctr}, 2644 2948 #endif 2645 2949 #ifdef WOLFSSL_AES_192 2646 {AES_192_CTR_TYPE, "AES-192-CTR", NID_aes_192_ctr},2950 {AES_192_CTR_TYPE, EVP_AES_192_CTR, NID_aes_192_ctr}, 2647 2951 #endif 2648 2952 #ifdef WOLFSSL_AES_256 2649 {AES_256_CTR_TYPE, "AES-256-CTR", NID_aes_256_ctr}, 2650 #endif 2651 2953 {AES_256_CTR_TYPE, EVP_AES_256_CTR, NID_aes_256_ctr}, 2954 #endif 2955 #endif 2956 2957 #ifdef HAVE_AES_ECB 2652 2958 #ifdef WOLFSSL_AES_128 2653 {AES_128_ECB_TYPE, "AES-128-ECB", NID_aes_128_ecb},2959 {AES_128_ECB_TYPE, EVP_AES_128_ECB, NID_aes_128_ecb}, 2654 2960 #endif 2655 2961 #ifdef WOLFSSL_AES_192 2656 {AES_192_ECB_TYPE, "AES-192-ECB", NID_aes_192_ecb},2962 {AES_192_ECB_TYPE, EVP_AES_192_ECB, NID_aes_192_ecb}, 2657 2963 #endif 2658 2964 #ifdef WOLFSSL_AES_256 2659 {AES_256_ECB_TYPE, "AES-256-ECB", NID_aes_256_ecb},2660 #endif 2661 2965 {AES_256_ECB_TYPE, EVP_AES_256_ECB, NID_aes_256_ecb}, 2966 #endif 2967 #endif 2662 2968 #endif 2663 2969 2664 2970 #ifndef NO_DES3 2665 {DES_CBC_TYPE, "DES-CBC", NID_des_cbc},2666 {DES_ECB_TYPE, "DES-ECB", NID_des_ecb},2667 2668 {DES_EDE3_CBC_TYPE, "DES-EDE3-CBC", NID_des_ede3_cbc},2669 {DES_EDE3_ECB_TYPE, "DES-EDE3-ECB", NID_des_ede3_ecb},2971 {DES_CBC_TYPE, EVP_DES_CBC, NID_des_cbc}, 2972 {DES_ECB_TYPE, EVP_DES_ECB, NID_des_ecb}, 2973 2974 {DES_EDE3_CBC_TYPE, EVP_DES_EDE3_CBC, NID_des_ede3_cbc}, 2975 {DES_EDE3_ECB_TYPE, EVP_DES_EDE3_ECB, NID_des_ede3_ecb}, 2670 2976 #endif 2671 2977 2672 2978 #ifndef NO_RC4 2673 {ARC4_TYPE, "ARC4", NID_undef},2979 {ARC4_TYPE, EVP_ARC4, NID_undef}, 2674 2980 #endif 2675 2981 2676 2982 #ifdef HAVE_IDEA 2677 {IDEA_CBC_TYPE, "IDEA-CBC", NID_idea_cbc},2983 {IDEA_CBC_TYPE, EVP_IDEA_CBC, NID_idea_cbc}, 2678 2984 #endif 2679 2985 { 0, NULL, 0} … … 2719 3025 { 2720 3026 2721 staticconst struct alias {3027 const struct alias { 2722 3028 const char *name; 2723 3029 const char *alias; … … 2725 3031 { 2726 3032 #ifndef NO_DES3 2727 { "DES-CBC", "DES"},2728 { "DES-CBC", "des"},2729 { "DES-ECB", "DES-ECB"},2730 { "DES-ECB", "des-ecb"},2731 { "DES-EDE3-CBC", "DES3"},2732 { "DES-EDE3-CBC", "des3"},2733 { "DES-EDE3-ECB", "DES-EDE3"},2734 { "DES-EDE3-ECB", "des-ede3"},2735 { "DES-EDE3-ECB", "des-ede3-ecb"},3033 {EVP_DES_CBC, "DES"}, 3034 {EVP_DES_CBC, "des"}, 3035 {EVP_DES_ECB, "DES-ECB"}, 3036 {EVP_DES_ECB, "des-ecb"}, 3037 {EVP_DES_EDE3_CBC, "DES3"}, 3038 {EVP_DES_EDE3_CBC, "des3"}, 3039 {EVP_DES_EDE3_ECB, "DES-EDE3"}, 3040 {EVP_DES_EDE3_ECB, "des-ede3"}, 3041 {EVP_DES_EDE3_ECB, "des-ede3-ecb"}, 2736 3042 #endif 2737 3043 #ifdef HAVE_IDEA 2738 { "IDEA-CBC", "IDEA"},2739 { "IDEA-CBC", "idea"},3044 {EVP_IDEA_CBC, "IDEA"}, 3045 {EVP_IDEA_CBC, "idea"}, 2740 3046 #endif 2741 3047 #ifndef NO_AES 2742 3048 #ifdef HAVE_AES_CBC 2743 3049 #ifdef WOLFSSL_AES_128 2744 {"AES-128-CBC", "AES128-CBC"},2745 {"AES-128-CBC", "aes128-cbc"},3050 {EVP_AES_128_CBC, "AES128-CBC"}, 3051 {EVP_AES_128_CBC, "aes128-cbc"}, 2746 3052 #endif 2747 3053 #ifdef WOLFSSL_AES_192 2748 {"AES-192-CBC", "AES192-CBC"},2749 {"AES-192-CBC", "aes192-cbc"},3054 {EVP_AES_192_CBC, "AES192-CBC"}, 3055 {EVP_AES_192_CBC, "aes192-cbc"}, 2750 3056 #endif 2751 3057 #ifdef WOLFSSL_AES_256 2752 {"AES-256-CBC", "AES256-CBC"},2753 {"AES-256-CBC", "aes256-cbc"},3058 {EVP_AES_256_CBC, "AES256-CBC"}, 3059 {EVP_AES_256_CBC, "aes256-cbc"}, 2754 3060 #endif 2755 3061 #endif 2756 #ifdef WOLFSSL_AES_128 2757 {"AES-128-ECB", "AES128-ECB"}, 2758 {"AES-128-ECB", "aes128-ecb"}, 2759 #endif 2760 #ifdef WOLFSSL_AES_192 2761 {"AES-192-ECB", "AES192-ECB"}, 2762 {"AES-192-ECB", "aes192-ecb"}, 2763 #endif 2764 #ifdef WOLFSSL_AES_256 2765 {"AES-256-ECB", "AES256-ECB"}, 3062 #ifdef HAVE_AES_ECB 3063 #ifdef WOLFSSL_AES_128 3064 {EVP_AES_128_ECB, "AES128-ECB"}, 3065 {EVP_AES_128_ECB, "aes128-ecb"}, 3066 #endif 3067 #ifdef WOLFSSL_AES_192 3068 {EVP_AES_192_ECB, "AES192-ECB"}, 3069 {EVP_AES_192_ECB, "aes192-ecb"}, 3070 #endif 3071 #ifdef WOLFSSL_AES_256 3072 {EVP_AES_256_ECB, "AES256-ECB"}, 3073 #endif 2766 3074 #endif 2767 3075 #ifdef HAVE_AESGCM 2768 3076 #ifdef WOLFSSL_AES_128 2769 {"AES-128-GCM", "aes-128-gcm"},2770 {"AES-128-GCM", "id-aes128-GCM"},3077 {EVP_AES_128_GCM, "aes-128-gcm"}, 3078 {EVP_AES_128_GCM, "id-aes128-GCM"}, 2771 3079 #endif 2772 3080 #ifdef WOLFSSL_AES_192 2773 {"AES-192-GCM", "aes-192-gcm"},2774 {"AES-192-GCM", "id-aes192-GCM"},3081 {EVP_AES_192_GCM, "aes-192-gcm"}, 3082 {EVP_AES_192_GCM, "id-aes192-GCM"}, 2775 3083 #endif 2776 3084 #ifdef WOLFSSL_AES_256 2777 {"AES-256-GCM", "aes-256-gcm"},2778 {"AES-256-GCM", "id-aes256-GCM"},3085 {EVP_AES_256_GCM, "aes-256-gcm"}, 3086 {EVP_AES_256_GCM, "id-aes256-GCM"}, 2779 3087 #endif 2780 3088 #endif 2781 3089 #endif 2782 3090 #ifndef NO_RC4 2783 { "ARC4", "RC4"},3091 {EVP_ARC4, "RC4"}, 2784 3092 #endif 2785 3093 { NULL, NULL} … … 2906 3214 void wolfSSL_EVP_init(void) 2907 3215 { 2908 #ifndef NO_AES 2909 #ifdef HAVE_AES_CBC 2910 #ifdef WOLFSSL_AES_128 2911 EVP_AES_128_CBC = (char *)EVP_get_cipherbyname("AES-128-CBC"); 2912 #endif 2913 #ifdef WOLFSSL_AES_192 2914 EVP_AES_192_CBC = (char *)EVP_get_cipherbyname("AES-192-CBC"); 2915 #endif 2916 #ifdef WOLFSSL_AES_256 2917 EVP_AES_256_CBC = (char *)EVP_get_cipherbyname("AES-256-CBC"); 2918 #endif 2919 #endif /* HAVE_AES_CBC */ 2920 2921 #ifdef WOLFSSL_AES_CFB 2922 #ifdef WOLFSSL_AES_128 2923 EVP_AES_128_CFB1 = (char *)EVP_get_cipherbyname("AES-128-CFB1"); 2924 #endif 2925 2926 #ifdef WOLFSSL_AES_192 2927 EVP_AES_192_CFB1 = (char *)EVP_get_cipherbyname("AES-192-CFB1"); 2928 #endif 2929 2930 #ifdef WOLFSSL_AES_256 2931 EVP_AES_256_CFB1 = (char *)EVP_get_cipherbyname("AES-256-CFB1"); 2932 #endif 2933 2934 #ifdef WOLFSSL_AES_128 2935 EVP_AES_128_CFB8 = (char *)EVP_get_cipherbyname("AES-128-CFB8"); 2936 #endif 2937 2938 #ifdef WOLFSSL_AES_192 2939 EVP_AES_192_CFB8 = (char *)EVP_get_cipherbyname("AES-192-CFB8"); 2940 #endif 2941 2942 #ifdef WOLFSSL_AES_256 2943 EVP_AES_256_CFB8 = (char *)EVP_get_cipherbyname("AES-256-CFB8"); 2944 #endif 2945 2946 #ifdef WOLFSSL_AES_128 2947 EVP_AES_128_CFB128 = (char *)EVP_get_cipherbyname("AES-128-CFB128"); 2948 #endif 2949 2950 #ifdef WOLFSSL_AES_192 2951 EVP_AES_192_CFB128 = (char *)EVP_get_cipherbyname("AES-192-CFB128"); 2952 #endif 2953 2954 #ifdef WOLFSSL_AES_256 2955 EVP_AES_256_CFB128 = (char *)EVP_get_cipherbyname("AES-256-CFB128"); 2956 #endif 2957 #endif /* WOLFSSL_AES_CFB */ 2958 2959 #ifdef WOLFSSL_AES_OFB 2960 #ifdef WOLFSSL_AES_128 2961 EVP_AES_128_OFB = (char *)EVP_get_cipherbyname("AES-128-OFB"); 2962 #endif 2963 2964 #ifdef WOLFSSL_AES_192 2965 EVP_AES_192_OFB = (char *)EVP_get_cipherbyname("AES-192-OFB"); 2966 #endif 2967 2968 #ifdef WOLFSSL_AES_256 2969 EVP_AES_256_OFB = (char *)EVP_get_cipherbyname("AES-256-OFB"); 2970 #endif 2971 #endif /* WOLFSSL_AES_OFB */ 2972 2973 #ifdef WOLFSSL_AES_XTS 2974 #ifdef WOLFSSL_AES_128 2975 EVP_AES_128_XTS = (char *)EVP_get_cipherbyname("AES-128-XTS"); 2976 #endif 2977 2978 #ifdef WOLFSSL_AES_256 2979 EVP_AES_256_XTS = (char *)EVP_get_cipherbyname("AES-256-XTS"); 2980 #endif 2981 #endif /* WOLFSSL_AES_XTS */ 2982 2983 #ifdef HAVE_AESGCM 2984 #ifdef WOLFSSL_AES_128 2985 EVP_AES_128_GCM = (char *)EVP_get_cipherbyname("AES-128-GCM"); 2986 #endif 2987 #ifdef WOLFSSL_AES_192 2988 EVP_AES_192_GCM = (char *)EVP_get_cipherbyname("AES-192-GCM"); 2989 #endif 2990 #ifdef WOLFSSL_AES_256 2991 EVP_AES_256_GCM = (char *)EVP_get_cipherbyname("AES-256-GCM"); 2992 #endif 2993 #endif /* HAVE_AESGCM*/ 2994 #ifdef WOLFSSL_AES_128 2995 EVP_AES_128_CTR = (char *)EVP_get_cipherbyname("AES-128-CTR"); 2996 #endif 2997 #ifdef WOLFSSL_AES_192 2998 EVP_AES_192_CTR = (char *)EVP_get_cipherbyname("AES-192-CTR"); 2999 #endif 3000 #ifdef WOLFSSL_AES_256 3001 EVP_AES_256_CTR = (char *)EVP_get_cipherbyname("AES-256-CTR"); 3002 #endif 3003 3004 #ifdef WOLFSSL_AES_128 3005 EVP_AES_128_ECB = (char *)EVP_get_cipherbyname("AES-128-ECB"); 3006 #endif 3007 #ifdef WOLFSSL_AES_192 3008 EVP_AES_192_ECB = (char *)EVP_get_cipherbyname("AES-192-ECB"); 3009 #endif 3010 #ifdef WOLFSSL_AES_256 3011 EVP_AES_256_ECB = (char *)EVP_get_cipherbyname("AES-256-ECB"); 3012 #endif 3013 #endif /* ifndef NO_AES*/ 3014 3015 #ifndef NO_DES3 3016 EVP_DES_CBC = (char *)EVP_get_cipherbyname("DES-CBC"); 3017 EVP_DES_ECB = (char *)EVP_get_cipherbyname("DES-ECB"); 3018 3019 EVP_DES_EDE3_CBC = (char *)EVP_get_cipherbyname("DES-EDE3-CBC"); 3020 EVP_DES_EDE3_ECB = (char *)EVP_get_cipherbyname("DES-EDE3-ECB"); 3021 #endif 3022 3023 #ifdef HAVE_IDEA 3024 EVP_IDEA_CBC = (char *)EVP_get_cipherbyname("IDEA-CBC"); 3025 #endif 3216 /* Does nothing. */ 3026 3217 } 3027 3218 3028 3219 #if !defined(NO_PWDBASED) 3029 int wolfSSL_EVP_get_hashinfo(const WOLFSSL_EVP_MD* evp,3030 int* pHash, int* pHashSz)3031 {3032 enum wc_HashType hash = WC_HASH_TYPE_NONE;3033 int hashSz;3034 3035 if (XSTRLEN(evp) < 3) {3036 /* do not try comparing strings if size is too small */3037 return WOLFSSL_FAILURE;3038 }3039 3040 if (XSTRNCMP("SHA", evp, 3) == 0) {3041 if (XSTRLEN(evp) > 3) {3042 #ifndef NO_SHA2563043 if (XSTRNCMP("SHA256", evp, 6) == 0) {3044 hash = WC_HASH_TYPE_SHA256;3045 }3046 else3047 #endif3048 #ifdef WOLFSSL_SHA3843049 if (XSTRNCMP("SHA384", evp, 6) == 0) {3050 hash = WC_HASH_TYPE_SHA384;3051 }3052 else3053 #endif3054 #ifdef WOLFSSL_SHA5123055 if (XSTRNCMP("SHA512", evp, 6) == 0) {3056 hash = WC_HASH_TYPE_SHA512;3057 }3058 else3059 #endif3060 {3061 WOLFSSL_MSG("Unknown SHA hash");3062 }3063 }3064 else {3065 hash = WC_HASH_TYPE_SHA;3066 }3067 }3068 #ifdef WOLFSSL_MD23069 else if (XSTRNCMP("MD2", evp, 3) == 0) {3070 hash = WC_HASH_TYPE_MD2;3071 }3072 #endif3073 #ifndef NO_MD43074 else if (XSTRNCMP("MD4", evp, 3) == 0) {3075 hash = WC_HASH_TYPE_MD4;3076 }3077 #endif3078 #ifndef NO_MD53079 else if (XSTRNCMP("MD5", evp, 3) == 0) {3080 hash = WC_HASH_TYPE_MD5;3081 }3082 #endif3083 3084 if (pHash)3085 *pHash = hash;3086 3087 hashSz = wc_HashGetDigestSize(hash);3088 if (pHashSz)3089 *pHashSz = hashSz;3090 3091 if (hashSz < 0) {3092 return WOLFSSL_FAILURE;3093 }3094 3095 return WOLFSSL_SUCCESS;3096 }3097 3098 3220 /* this function makes the assumption that out buffer is big enough for digest*/ 3099 3221 int wolfSSL_EVP_Digest(const unsigned char* in, int inSz, unsigned char* out, … … 3136 3258 {"MD4", "ssl3-md4"}, 3137 3259 {"MD5", "ssl3-md5"}, 3138 {"SHA ", "ssl3-sha1"},3139 {"SHA ", "SHA1"},3260 {"SHA1", "ssl3-sha1"}, 3261 {"SHA1", "SHA"}, 3140 3262 { NULL, NULL} 3141 3263 }; 3264 char nameUpper[15]; /* 15 bytes should be enough for any name */ 3265 size_t i; 3142 3266 3143 3267 const struct alias *al; 3144 3268 const struct s_ent *ent; 3145 3269 3146 3270 for (i = 0; i < sizeof(nameUpper) && name[i] != '\0'; i++) { 3271 nameUpper[i] = (char)XTOUPPER(name[i]); 3272 } 3273 if (i < sizeof(nameUpper)) 3274 nameUpper[i] = '\0'; 3275 else 3276 return NULL; 3277 3278 name = nameUpper; 3147 3279 for (al = alias_tbl; al->name != NULL; al++) 3148 3280 if(XSTRNCMP(name, al->alias, XSTRLEN(al->alias)+1) == 0) { … … 3205 3337 { 3206 3338 WOLFSSL_ENTER("EVP_sha1"); 3207 return EVP_get_digestbyname("SHA ");3339 return EVP_get_digestbyname("SHA1"); 3208 3340 } 3209 3341 #endif /* NO_SHA */ … … 3295 3427 if (ctx) { 3296 3428 WOLFSSL_ENTER("EVP_MD_CTX_free"); 3297 3298 3299 3429 wolfSSL_EVP_MD_CTX_cleanup(ctx); 3430 XFREE(ctx, NULL, DYNAMIC_TYPE_OPENSSL); 3431 } 3300 3432 } 3301 3433 3302 3434 /* returns the NID of message digest used by the ctx */ 3303 int wolfSSL_EVP_MD_CTX_type(const WOLFSSL_EVP_MD_CTX *ctx) { 3435 int wolfSSL_EVP_MD_CTX_type(const WOLFSSL_EVP_MD_CTX *ctx) 3436 { 3304 3437 const struct s_ent *ent; 3305 3438 … … 3307 3440 3308 3441 if (ctx) { 3442 if (ctx->isHMAC) { 3443 return NID_hmac; 3444 } 3445 3309 3446 for(ent = md_tbl; ent->name != NULL; ent++) { 3310 3447 if (ctx->macType == ent->macType) { … … 3339 3476 const WOLFSSL_EVP_MD_CTX* src) 3340 3477 { 3341 if (src->macType == NID_hmac) { 3342 wolfSSL_HmacCopy(&des->hash.hmac, (Hmac*)&src->hash.hmac); 3478 int ret; 3479 if (src->isHMAC) { 3480 ret = wolfSSL_HmacCopy(&des->hash.hmac, (Hmac*)&src->hash.hmac); 3343 3481 } 3344 3482 else { 3345 3483 switch (src->macType) { 3484 case WC_HASH_TYPE_MD5: 3346 3485 #ifndef NO_MD5 3347 case WC_HASH_TYPE_MD5: 3348 wc_Md5Copy((wc_Md5*)&src->hash.digest, 3486 ret = wc_Md5Copy((wc_Md5*)&src->hash.digest, 3349 3487 (wc_Md5*)&des->hash.digest); 3488 #else 3489 ret = NOT_COMPILED_IN; 3490 #endif /* !NO_MD5 */ 3350 3491 break; 3351 #endif /* !NO_MD5 */ 3352 3492 case WC_HASH_TYPE_SHA: 3353 3493 #ifndef NO_SHA 3354 case WC_HASH_TYPE_SHA: 3355 wc_ShaCopy((wc_Sha*)&src->hash.digest, 3494 ret = wc_ShaCopy((wc_Sha*)&src->hash.digest, 3356 3495 (wc_Sha*)&des->hash.digest); 3496 #else 3497 ret = NOT_COMPILED_IN; 3498 #endif /* !NO_SHA */ 3357 3499 break; 3358 #endif /* !NO_SHA */ 3359 3500 case WC_HASH_TYPE_SHA224: 3360 3501 #ifdef WOLFSSL_SHA224 3361 case WC_HASH_TYPE_SHA224: 3362 wc_Sha224Copy((wc_Sha224*)&src->hash.digest, 3502 ret = wc_Sha224Copy((wc_Sha224*)&src->hash.digest, 3363 3503 (wc_Sha224*)&des->hash.digest); 3504 #else 3505 ret = NOT_COMPILED_IN; 3506 #endif /* WOLFSSL_SHA224 */ 3364 3507 break; 3365 #endif /* WOLFSSL_SHA224 */ 3366 3508 case WC_HASH_TYPE_SHA256: 3367 3509 #ifndef NO_SHA256 3368 case WC_HASH_TYPE_SHA256: 3369 wc_Sha256Copy((wc_Sha256*)&src->hash.digest, 3510 ret = wc_Sha256Copy((wc_Sha256*)&src->hash.digest, 3370 3511 (wc_Sha256*)&des->hash.digest); 3512 #else 3513 ret = NOT_COMPILED_IN; 3514 #endif /* !NO_SHA256 */ 3371 3515 break; 3372 #endif /* !NO_SHA256 */ 3373 3516 case WC_HASH_TYPE_SHA384: 3374 3517 #ifdef WOLFSSL_SHA384 3375 case WC_HASH_TYPE_SHA384: 3376 wc_Sha384Copy((wc_Sha384*)&src->hash.digest, 3518 ret = wc_Sha384Copy((wc_Sha384*)&src->hash.digest, 3377 3519 (wc_Sha384*)&des->hash.digest); 3520 #else 3521 ret = NOT_COMPILED_IN; 3522 #endif /* WOLFSSL_SHA384 */ 3378 3523 break; 3379 #endif /* WOLFSSL_SHA384 */3524 case WC_HASH_TYPE_SHA512: 3380 3525 #ifdef WOLFSSL_SHA512 3381 case WC_HASH_TYPE_SHA512: 3382 wc_Sha512Copy((wc_Sha512*)&src->hash.digest, 3526 ret = wc_Sha512Copy((wc_Sha512*)&src->hash.digest, 3383 3527 (wc_Sha512*)&des->hash.digest); 3528 #else 3529 ret = NOT_COMPILED_IN; 3530 #endif /* WOLFSSL_SHA512 */ 3384 3531 break; 3385 #endif /* WOLFSSL_SHA512 */3386 #ifdef WOLFSSL_SHA33387 #ifndef WOLFSSL_NOSHA3_2243388 3532 case WC_HASH_TYPE_SHA3_224: 3389 wc_Sha3_224_Copy((wc_Sha3*)&src->hash.digest, 3533 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224) 3534 ret = wc_Sha3_224_Copy((wc_Sha3*)&src->hash.digest, 3390 3535 (wc_Sha3*)&des->hash.digest); 3536 #else 3537 ret = NOT_COMPILED_IN; 3538 #endif 3391 3539 break; 3540 case WC_HASH_TYPE_SHA3_256: 3541 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) 3542 ret = wc_Sha3_256_Copy((wc_Sha3*)&src->hash.digest, 3543 (wc_Sha3*)&des->hash.digest); 3544 #else 3545 ret = NOT_COMPILED_IN; 3392 3546 #endif 3393 3394 #ifndef WOLFSSL_NOSHA3_2563395 case WC_HASH_TYPE_SHA3_256:3396 wc_Sha3_256_Copy((wc_Sha3*)&src->hash.digest,3547 break; 3548 case WC_HASH_TYPE_SHA3_384: 3549 #if defined(WOLFSSL_SHA3) 3550 ret = wc_Sha3_384_Copy((wc_Sha3*)&src->hash.digest, 3397 3551 (wc_Sha3*)&des->hash.digest); 3552 #else 3553 ret = NOT_COMPILED_IN; 3554 #endif 3398 3555 break; 3556 case WC_HASH_TYPE_SHA3_512: 3557 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512) 3558 ret = wc_Sha3_512_Copy((wc_Sha3*)&src->hash.digest, 3559 (wc_Sha3*)&des->hash.digest); 3560 #else 3561 ret = NOT_COMPILED_IN; 3399 3562 #endif 3400 3401 case WC_HASH_TYPE_SHA3_384:3402 wc_Sha3_384_Copy((wc_Sha3*)&src->hash.digest,3403 (wc_Sha3*)&des->hash.digest);3404 3563 break; 3405 3406 #ifndef WOLFSSL_NOSHA3_512 3407 case WC_HASH_TYPE_SHA3_512: 3408 wc_Sha3_512_Copy((wc_Sha3*)&src->hash.digest, 3409 (wc_Sha3*)&des->hash.digest); 3564 case WC_HASH_TYPE_NONE: 3565 case WC_HASH_TYPE_MD2: 3566 case WC_HASH_TYPE_MD4: 3567 case WC_HASH_TYPE_MD5_SHA: 3568 case WC_HASH_TYPE_BLAKE2B: 3569 case WC_HASH_TYPE_BLAKE2S: 3570 default: 3571 ret = BAD_FUNC_ARG; 3410 3572 break; 3411 #endif 3412 #endif 3413 default: 3414 return WOLFSSL_FAILURE; 3415 } 3416 } 3417 return WOLFSSL_SUCCESS; 3573 } 3574 } 3575 return ret == 0 ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE; 3418 3576 } 3419 3577 … … 3446 3604 return NULL; 3447 3605 WOLFSSL_ENTER("EVP_MD_CTX_md"); 3606 if (ctx->isHMAC) { 3607 return "HMAC"; 3608 } 3448 3609 for(ent = md_tbl; ent->name != NULL; ent++) { 3449 3610 if(ctx->macType == ent->macType) { … … 3461 3622 { 3462 3623 WOLFSSL_ENTER("wolfSSL_EVP_aes_128_cbc"); 3463 if (EVP_AES_128_CBC == NULL)3464 wolfSSL_EVP_init();3465 3624 return EVP_AES_128_CBC; 3466 3625 } … … 3472 3631 { 3473 3632 WOLFSSL_ENTER("wolfSSL_EVP_aes_192_cbc"); 3474 if (EVP_AES_192_CBC == NULL)3475 wolfSSL_EVP_init();3476 3633 return EVP_AES_192_CBC; 3477 3634 } … … 3483 3640 { 3484 3641 WOLFSSL_ENTER("wolfSSL_EVP_aes_256_cbc"); 3485 if (EVP_AES_256_CBC == NULL)3486 wolfSSL_EVP_init();3487 3642 return EVP_AES_256_CBC; 3488 3643 } … … 3496 3651 { 3497 3652 WOLFSSL_ENTER("wolfSSL_EVP_aes_128_cfb1"); 3498 if (EVP_AES_128_CFB1 == NULL)3499 wolfSSL_EVP_init();3500 3653 return EVP_AES_128_CFB1; 3501 3654 } … … 3506 3659 { 3507 3660 WOLFSSL_ENTER("wolfSSL_EVP_aes_192_cfb1"); 3508 if (EVP_AES_192_CFB1 == NULL)3509 wolfSSL_EVP_init();3510 3661 return EVP_AES_192_CFB1; 3511 3662 } … … 3516 3667 { 3517 3668 WOLFSSL_ENTER("wolfSSL_EVP_aes_256_cfb1"); 3518 if (EVP_AES_256_CFB1 == NULL)3519 wolfSSL_EVP_init();3520 3669 return EVP_AES_256_CFB1; 3521 3670 } … … 3526 3675 { 3527 3676 WOLFSSL_ENTER("wolfSSL_EVP_aes_128_cfb8"); 3528 if (EVP_AES_128_CFB8 == NULL)3529 wolfSSL_EVP_init();3530 3677 return EVP_AES_128_CFB8; 3531 3678 } … … 3536 3683 { 3537 3684 WOLFSSL_ENTER("wolfSSL_EVP_aes_192_cfb8"); 3538 if (EVP_AES_192_CFB8 == NULL)3539 wolfSSL_EVP_init();3540 3685 return EVP_AES_192_CFB8; 3541 3686 } … … 3546 3691 { 3547 3692 WOLFSSL_ENTER("wolfSSL_EVP_aes_256_cfb8"); 3548 if (EVP_AES_256_CFB8 == NULL)3549 wolfSSL_EVP_init();3550 3693 return EVP_AES_256_CFB8; 3551 3694 } … … 3557 3700 { 3558 3701 WOLFSSL_ENTER("wolfSSL_EVP_aes_128_cfb128"); 3559 if (EVP_AES_128_CFB128 == NULL)3560 wolfSSL_EVP_init();3561 3702 return EVP_AES_128_CFB128; 3562 3703 } … … 3567 3708 { 3568 3709 WOLFSSL_ENTER("wolfSSL_EVP_aes_192_cfb128"); 3569 if (EVP_AES_192_CFB128 == NULL)3570 wolfSSL_EVP_init();3571 3710 return EVP_AES_192_CFB128; 3572 3711 } … … 3577 3716 { 3578 3717 WOLFSSL_ENTER("wolfSSL_EVP_aes_256_cfb128"); 3579 if (EVP_AES_256_CFB128 == NULL)3580 wolfSSL_EVP_init();3581 3718 return EVP_AES_256_CFB128; 3582 3719 } … … 3589 3726 { 3590 3727 WOLFSSL_ENTER("wolfSSL_EVP_aes_128_ofb"); 3591 if (EVP_AES_128_OFB == NULL)3592 wolfSSL_EVP_init();3593 3728 return EVP_AES_128_OFB; 3594 3729 } … … 3599 3734 { 3600 3735 WOLFSSL_ENTER("wolfSSL_EVP_aes_192_ofb"); 3601 if (EVP_AES_192_OFB == NULL)3602 wolfSSL_EVP_init();3603 3736 return EVP_AES_192_OFB; 3604 3737 } … … 3609 3742 { 3610 3743 WOLFSSL_ENTER("wolfSSL_EVP_aes_256_ofb"); 3611 if (EVP_AES_256_OFB == NULL)3612 wolfSSL_EVP_init();3613 3744 return EVP_AES_256_OFB; 3614 3745 } … … 3621 3752 { 3622 3753 WOLFSSL_ENTER("wolfSSL_EVP_aes_128_xts"); 3623 if (EVP_AES_128_XTS == NULL)3624 wolfSSL_EVP_init();3625 3754 return EVP_AES_128_XTS; 3626 3755 } … … 3631 3760 { 3632 3761 WOLFSSL_ENTER("wolfSSL_EVP_aes_256_xts"); 3633 if (EVP_AES_256_XTS == NULL)3634 wolfSSL_EVP_init();3635 3762 return EVP_AES_256_XTS; 3636 3763 } … … 3643 3770 { 3644 3771 WOLFSSL_ENTER("wolfSSL_EVP_aes_128_gcm"); 3645 if (EVP_AES_128_GCM == NULL)3646 wolfSSL_EVP_init();3647 3772 return EVP_AES_128_GCM; 3648 3773 } … … 3653 3778 { 3654 3779 WOLFSSL_ENTER("wolfSSL_EVP_aes_192_gcm"); 3655 if (EVP_AES_192_GCM == NULL)3656 wolfSSL_EVP_init();3657 3780 return EVP_AES_192_GCM; 3658 3781 } … … 3663 3786 { 3664 3787 WOLFSSL_ENTER("wolfSSL_EVP_aes_256_gcm"); 3665 if (EVP_AES_256_GCM == NULL)3666 wolfSSL_EVP_init();3667 3788 return EVP_AES_256_GCM; 3668 3789 } … … 3670 3791 #endif /* HAVE_AESGCM */ 3671 3792 3793 #ifdef WOLFSSL_AES_COUNTER 3672 3794 #ifdef WOLFSSL_AES_128 3673 3795 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_ctr(void) 3674 3796 { 3675 3797 WOLFSSL_ENTER("wolfSSL_EVP_aes_128_ctr"); 3676 if (EVP_AES_128_CTR == NULL)3677 wolfSSL_EVP_init();3678 3798 return EVP_AES_128_CTR; 3679 3799 } … … 3685 3805 { 3686 3806 WOLFSSL_ENTER("wolfSSL_EVP_aes_192_ctr"); 3687 if (EVP_AES_192_CTR == NULL)3688 wolfSSL_EVP_init();3689 3807 return EVP_AES_192_CTR; 3690 3808 } … … 3696 3814 { 3697 3815 WOLFSSL_ENTER("wolfSSL_EVP_aes_256_ctr"); 3698 if (EVP_AES_256_CTR == NULL)3699 wolfSSL_EVP_init();3700 3816 return EVP_AES_256_CTR; 3701 3817 } 3702 3818 #endif /* WOLFSSL_AES_256 */ 3703 3819 #endif /* WOLFSSL_AES_COUNTER */ 3820 3821 #ifdef HAVE_AES_ECB 3704 3822 #ifdef WOLFSSL_AES_128 3705 3823 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_ecb(void) 3706 3824 { 3707 3825 WOLFSSL_ENTER("wolfSSL_EVP_aes_128_ecb"); 3708 if (EVP_AES_128_ECB == NULL)3709 wolfSSL_EVP_init();3710 3826 return EVP_AES_128_ECB; 3711 3827 } … … 3717 3833 { 3718 3834 WOLFSSL_ENTER("wolfSSL_EVP_aes_192_ecb"); 3719 if (EVP_AES_192_ECB == NULL)3720 wolfSSL_EVP_init();3721 3835 return EVP_AES_192_ECB; 3722 3836 } … … 3728 3842 { 3729 3843 WOLFSSL_ENTER("wolfSSL_EVP_aes_256_ecb"); 3730 if (EVP_AES_256_ECB == NULL)3731 wolfSSL_EVP_init();3732 3844 return EVP_AES_256_ECB; 3733 3845 } 3734 3846 #endif /* WOLFSSL_AES_256 */ 3847 #endif /* HAVE_AES_ECB */ 3735 3848 #endif /* NO_AES */ 3736 3849 … … 3739 3852 { 3740 3853 WOLFSSL_ENTER("wolfSSL_EVP_des_cbc"); 3741 if (EVP_DES_CBC == NULL)3742 wolfSSL_EVP_init();3743 3854 return EVP_DES_CBC; 3744 3855 } … … 3747 3858 { 3748 3859 WOLFSSL_ENTER("wolfSSL_EVP_des_ecb"); 3749 if (EVP_DES_ECB == NULL)3750 wolfSSL_EVP_init();3751 3860 return EVP_DES_ECB; 3752 3861 } … … 3755 3864 { 3756 3865 WOLFSSL_ENTER("wolfSSL_EVP_des_ede3_cbc"); 3757 if (EVP_DES_EDE3_CBC == NULL)3758 wolfSSL_EVP_init();3759 3866 return EVP_DES_EDE3_CBC; 3760 3867 } … … 3763 3870 { 3764 3871 WOLFSSL_ENTER("wolfSSL_EVP_des_ede3_ecb"); 3765 if (EVP_DES_EDE3_ECB == NULL)3766 wolfSSL_EVP_init();3767 3872 return EVP_DES_EDE3_ECB; 3768 3873 } … … 3773 3878 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_rc4(void) 3774 3879 { 3775 static const char* type = "ARC4";3776 3880 WOLFSSL_ENTER("wolfSSL_EVP_rc4"); 3777 return type;3881 return EVP_ARC4; 3778 3882 } 3779 3883 #endif … … 3783 3887 { 3784 3888 WOLFSSL_ENTER("wolfSSL_EVP_idea_cbc"); 3785 if (EVP_IDEA_CBC == NULL)3786 wolfSSL_EVP_init();3787 3889 return EVP_IDEA_CBC; 3788 3890 } … … 3790 3892 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_enc_null(void) 3791 3893 { 3792 static const char* type = "NULL";3793 3894 WOLFSSL_ENTER("wolfSSL_EVP_enc_null"); 3794 return type;3895 return EVP_NULL; 3795 3896 } 3796 3897 3797 3898 int wolfSSL_EVP_MD_CTX_cleanup(WOLFSSL_EVP_MD_CTX* ctx) 3798 3899 { 3900 int ret = WOLFSSL_SUCCESS; 3799 3901 WOLFSSL_ENTER("EVP_MD_CTX_cleanup"); 3800 3902 if (ctx->pctx != NULL) 3801 3903 wolfSSL_EVP_PKEY_CTX_free(ctx->pctx); 3802 3904 3803 if (ctx-> macType == NID_hmac) {3905 if (ctx->isHMAC) { 3804 3906 wc_HmacFree(&ctx->hash.hmac); 3805 3907 } 3806 3908 else { 3807 3909 switch (ctx->macType) { 3910 case WC_HASH_TYPE_MD5: 3808 3911 #ifndef NO_MD5 3809 case WC_HASH_TYPE_MD5:3810 3912 wc_Md5Free((wc_Md5*)&ctx->hash.digest); 3913 #endif /* !NO_MD5 */ 3811 3914 break; 3812 #endif /* !NO_MD5 */ 3813 3915 case WC_HASH_TYPE_SHA: 3814 3916 #ifndef NO_SHA 3815 case WC_HASH_TYPE_SHA:3816 3917 wc_ShaFree((wc_Sha*)&ctx->hash.digest); 3918 #endif /* !NO_SHA */ 3817 3919 break; 3818 #endif /* !NO_SHA */ 3819 3920 case WC_HASH_TYPE_SHA224: 3820 3921 #ifdef WOLFSSL_SHA224 3821 case WC_HASH_TYPE_SHA224:3822 3922 wc_Sha224Free((wc_Sha224*)&ctx->hash.digest); 3923 #endif /* WOLFSSL_SHA224 */ 3823 3924 break; 3824 #endif /* WOLFSSL_SHA224 */ 3825 3925 case WC_HASH_TYPE_SHA256: 3826 3926 #ifndef NO_SHA256 3827 case WC_HASH_TYPE_SHA256:3828 3927 wc_Sha256Free((wc_Sha256*)&ctx->hash.digest); 3928 #endif /* !NO_SHA256 */ 3829 3929 break; 3830 #endif /* !NO_SHA256 */ 3831 3930 case WC_HASH_TYPE_SHA384: 3832 3931 #ifdef WOLFSSL_SHA384 3833 case WC_HASH_TYPE_SHA384:3834 3932 wc_Sha384Free((wc_Sha384*)&ctx->hash.digest); 3933 #endif /* WOLFSSL_SHA384 */ 3835 3934 break; 3836 #endif /* WOLFSSL_SHA384 */3935 case WC_HASH_TYPE_SHA512: 3837 3936 #ifdef WOLFSSL_SHA512 3838 case WC_HASH_TYPE_SHA512:3839 3937 wc_Sha512Free((wc_Sha512*)&ctx->hash.digest); 3938 #endif /* WOLFSSL_SHA512 */ 3840 3939 break; 3841 #endif /* WOLFSSL_SHA512 */3842 #ifdef WOLFSSL_SHA33843 #ifndef WOLFSSL_NOSHA3_2243844 3940 case WC_HASH_TYPE_SHA3_224: 3941 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224) 3845 3942 wc_Sha3_224_Free((wc_Sha3*)&ctx->hash.digest); 3943 #endif 3846 3944 break; 3945 case WC_HASH_TYPE_SHA3_256: 3946 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) 3947 wc_Sha3_256_Free((wc_Sha3*)&ctx->hash.digest); 3847 3948 #endif 3848 3849 #ifndef WOLFSSL_NOSHA3_2563850 case WC_HASH_TYPE_SHA3_256:3851 wc_Sha3_256_Free((wc_Sha3*)&ctx->hash.digest);3852 3949 break; 3950 case WC_HASH_TYPE_SHA3_384: 3951 #if defined(WOLFSSL_SHA3) 3952 wc_Sha3_384_Free((wc_Sha3*)&ctx->hash.digest); 3853 3953 #endif 3854 3855 case WC_HASH_TYPE_SHA3_384:3856 wc_Sha3_384_Free((wc_Sha3*)&ctx->hash.digest);3857 3954 break; 3858 3859 #ifndef WOLFSSL_NOSHA3_5123860 3955 case WC_HASH_TYPE_SHA3_512: 3956 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512) 3861 3957 wc_Sha3_512_Free((wc_Sha3*)&ctx->hash.digest); 3958 #endif 3862 3959 break; 3863 #endif 3864 #endif 3960 case WC_HASH_TYPE_NONE: 3961 case WC_HASH_TYPE_MD2: 3962 case WC_HASH_TYPE_MD4: 3963 case WC_HASH_TYPE_MD5_SHA: 3964 case WC_HASH_TYPE_BLAKE2B: 3965 case WC_HASH_TYPE_BLAKE2S: 3865 3966 default: 3866 return WOLFSSL_FAILURE; 3967 ret = WOLFSSL_FAILURE; 3968 break; 3867 3969 } 3868 3970 } 3869 3971 ForceZero(ctx, sizeof(*ctx)); 3870 3972 ctx->macType = WC_HASH_TYPE_NONE; 3871 return 1;3973 return ret; 3872 3974 } 3873 3975 … … 4011 4113 ctx->cipherType = WOLFSSL_EVP_CIPH_TYPE_INIT; /* not yet initialized */ 4012 4114 ctx->keyLen = 0; 4115 #ifdef HAVE_AESGCM 4116 if (ctx->gcmBuffer) { 4117 XFREE(ctx->gcmBuffer, NULL, DYNAMIC_TYPE_OPENSSL); 4118 ctx->gcmBuffer = NULL; 4119 } 4120 ctx->gcmBufferLen = 0; 4121 if (ctx->gcmAuthIn) { 4122 XFREE(ctx->gcmAuthIn, NULL, DYNAMIC_TYPE_OPENSSL); 4123 ctx->gcmAuthIn = NULL; 4124 } 4125 ctx->gcmAuthInSz = 0; 4126 #endif 4013 4127 } 4014 4128 … … 4081 4195 #endif /* WOLFSSL_ENCRYPTED_KEYS && !NO_PWDBASED */ 4082 4196 4197 4083 4198 #ifndef NO_AES 4199 #if defined(WOLFSSL_AES_128) || defined(WOLFSSL_AES_192) || \ 4200 defined(WOLFSSL_AES_256) 4201 #define AES_SIZE_ANY 4202 #endif 4203 4204 #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER) || \ 4205 defined(HAVE_AES_ECB) || defined(WOLFSSL_AES_CFB) || \ 4206 defined(WOLFSSSL_AES_OFB) 4207 #define AES_SET_KEY 4208 #endif 4209 4210 #if defined(AES_SIZE_ANY) && defined(AES_SET_KEY) 4084 4211 static int AesSetKey_ex(Aes* aes, const byte* key, word32 len, 4085 4212 const byte* iv, int dir, int direct) … … 4104 4231 return ret; 4105 4232 } 4106 #endif 4233 #endif /* AES_ANY_SIZE && AES_SET_KEY */ 4234 #endif /* NO_AES */ 4107 4235 4108 4236 /* return WOLFSSL_SUCCESS on ok, 0 on failure to match API compatibility */ … … 4139 4267 iv = ctx->iv; 4140 4268 } 4269 #endif 4270 #ifdef HAVE_AESGCM 4271 if (ctx->gcmAuthIn) { 4272 XFREE(ctx->gcmAuthIn, NULL, DYNAMIC_TYPE_OPENSSL); 4273 ctx->gcmAuthIn = NULL; 4274 } 4275 ctx->gcmAuthInSz = 0; 4141 4276 #endif 4142 4277 … … 4223 4358 #endif /* WOLFSSL_AES_256 */ 4224 4359 #endif /* HAVE_AES_CBC */ 4225 #if !defined(_WIN32) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) 4360 #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ 4361 (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) 4226 4362 #ifdef HAVE_AESGCM 4227 4363 #ifdef WOLFSSL_AES_128 … … 4231 4367 ctx->cipherType = AES_128_GCM_TYPE; 4232 4368 ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; 4233 ctx->flags |= WOLFSSL_EVP_CIPH_GCM_MODE; 4369 ctx->flags |= WOLFSSL_EVP_CIPH_GCM_MODE | 4370 WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER; 4234 4371 ctx->keyLen = 16; 4235 4372 ctx->block_size = AES_BLOCK_SIZE; … … 4237 4374 ctx->ivSz = GCM_NONCE_MID_SZ; 4238 4375 4239 XMEMSET(ctx->authTag, 0, ctx->authTagSz);4240 4376 if (key && wc_AesGcmSetKey(&ctx->cipher.aes, key, ctx->keyLen)) { 4241 4377 WOLFSSL_MSG("wc_AesGcmSetKey() failed"); … … 4256 4392 ctx->cipherType = AES_192_GCM_TYPE; 4257 4393 ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; 4258 ctx->flags |= WOLFSSL_EVP_CIPH_GCM_MODE; 4394 ctx->flags |= WOLFSSL_EVP_CIPH_GCM_MODE | 4395 WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER; 4259 4396 ctx->keyLen = 24; 4260 4397 ctx->block_size = AES_BLOCK_SIZE; … … 4262 4399 ctx->ivSz = GCM_NONCE_MID_SZ; 4263 4400 4264 XMEMSET(ctx->authTag, 0, ctx->authTagSz);4265 4401 if (key && wc_AesGcmSetKey(&ctx->cipher.aes, key, ctx->keyLen)) { 4266 4402 WOLFSSL_MSG("wc_AesGcmSetKey() failed"); … … 4281 4417 ctx->cipherType = AES_256_GCM_TYPE; 4282 4418 ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; 4283 ctx->flags |= WOLFSSL_EVP_CIPH_GCM_MODE; 4419 ctx->flags |= WOLFSSL_EVP_CIPH_GCM_MODE | 4420 WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER; 4284 4421 ctx->keyLen = 32; 4285 4422 ctx->block_size = AES_BLOCK_SIZE; … … 4287 4424 ctx->ivSz = GCM_NONCE_MID_SZ; 4288 4425 4289 XMEMSET(ctx->authTag, 0, ctx->authTagSz);4290 4426 if (key && wc_AesGcmSetKey(&ctx->cipher.aes, key, ctx->keyLen)) { 4291 4427 WOLFSSL_MSG("wc_AesGcmSetKey() failed"); … … 4301 4437 #endif /* WOLFSSL_AES_256 */ 4302 4438 #endif /* HAVE_AESGCM */ 4303 #endif /* !defined(_WIN32) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)*/4439 #endif /*!HAVE_FIPS && !HAVE_SELFTEST ||(HAVE_FIPS_VERSION && HAVE_FIPS_VERSION > 2)*/ 4304 4440 #ifdef WOLFSSL_AES_COUNTER 4305 4441 #ifdef WOLFSSL_AES_128 … … 4388 4524 #endif /* WOLFSSL_AES_256 */ 4389 4525 #endif /* WOLFSSL_AES_COUNTER */ 4526 #ifdef HAVE_AES_ECB 4390 4527 #ifdef WOLFSSL_AES_128 4391 4528 if (ctx->cipherType == AES_128_ECB_TYPE || … … 4445 4582 } 4446 4583 #endif /* WOLFSSL_AES_256 */ 4584 #endif /* HAVE_AES_ECB */ 4447 4585 #ifdef WOLFSSL_AES_CFB 4448 4586 #ifdef WOLFSSL_AES_128 … … 4674 4812 } 4675 4813 #endif /* WOLFSSL_AES_256 */ 4676 #endif /* HAVE_AES_CFB */4814 #endif /* WOLFSSL_AES_CFB */ 4677 4815 #ifdef WOLFSSL_AES_OFB 4678 4816 #ifdef WOLFSSL_AES_128 … … 4904 5042 #endif /* NO_DES3 */ 4905 5043 #ifndef NO_RC4 4906 if (ctx->cipherType == ARC4_TYPE || (type &&4907 XSTRNCMP(type, "ARC4", 4) == 0)) {5044 if (ctx->cipherType == ARC4_TYPE || 5045 (type && XSTRNCMP(type, EVP_ARC4, 4) == 0)) { 4908 5046 WOLFSSL_MSG("ARC4"); 4909 5047 ctx->cipherType = ARC4_TYPE; … … 4941 5079 } 4942 5080 #endif /* HAVE_IDEA */ 4943 if (ctx->cipherType == NULL_CIPHER_TYPE || (type &&4944 XSTRNCMP(type, "NULL", 4) == 0)) {5081 if (ctx->cipherType == NULL_CIPHER_TYPE || 5082 (type && XSTRNCMP(type, EVP_NULL, 4) == 0)) { 4945 5083 WOLFSSL_MSG("NULL cipher"); 4946 5084 ctx->cipherType = NULL_CIPHER_TYPE; … … 5017 5155 #endif 5018 5156 5019 /* WOLFSSL_SUCCESSon ok */5157 /* Return length on ok */ 5020 5158 int wolfSSL_EVP_Cipher(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* dst, byte* src, 5021 5159 word32 len) … … 5030 5168 ctx->cipherType != AES_256_GCM_TYPE)) { 5031 5169 WOLFSSL_MSG("Bad function argument"); 5032 return 0; /* failure */5170 return WOLFSSL_FATAL_ERROR; 5033 5171 } 5034 5172 5035 5173 if (ctx->cipherType == 0xff) { 5036 5174 WOLFSSL_MSG("no init"); 5037 return 0; /* failure */5175 return WOLFSSL_FATAL_ERROR; 5038 5176 } 5039 5177 … … 5050 5188 else 5051 5189 ret = wc_AesCbcDecrypt(&ctx->cipher.aes, dst, src, len); 5190 if (ret == 0) 5191 ret = (len / AES_BLOCK_SIZE) * AES_BLOCK_SIZE; 5052 5192 break; 5053 5193 #endif /* HAVE_AES_CBC */ … … 5063 5203 else 5064 5204 ret = wc_AesCfb1Decrypt(&ctx->cipher.aes, dst, src, len); 5205 if (ret == 0) 5206 ret = len; 5065 5207 break; 5066 5208 case AES_128_CFB8_TYPE: … … 5072 5214 else 5073 5215 ret = wc_AesCfb8Decrypt(&ctx->cipher.aes, dst, src, len); 5216 if (ret == 0) 5217 ret = len; 5074 5218 break; 5075 5219 #endif /* !HAVE_SELFTEST && !HAVE_FIPS */ … … 5082 5226 else 5083 5227 ret = wc_AesCfbDecrypt(&ctx->cipher.aes, dst, src, len); 5228 if (ret == 0) 5229 ret = len; 5084 5230 break; 5085 5231 #endif /* WOLFSSL_AES_CFB */ … … 5093 5239 else 5094 5240 ret = wc_AesOfbDecrypt(&ctx->cipher.aes, dst, src, len); 5241 if (ret == 0) 5242 ret = len; 5095 5243 break; 5096 5244 #endif /* WOLFSSL_AES_OFB */ … … 5105 5253 ret = wc_AesXtsDecrypt(&ctx->cipher.xts, dst, src, len, 5106 5254 ctx->iv, ctx->ivSz); 5255 if (ret == 0) 5256 ret = len; 5107 5257 break; 5108 5258 #endif /* WOLFSSL_AES_XTS */ … … 5113 5263 case AES_256_GCM_TYPE : 5114 5264 WOLFSSL_MSG("AES GCM"); 5115 if (ctx->enc) { 5116 if (dst){ 5117 /* encrypt confidential data*/ 5118 ret = wc_AesGcmEncrypt(&ctx->cipher.aes, dst, src, len, 5119 ctx->iv, ctx->ivSz, ctx->authTag, ctx->authTagSz, 5120 NULL, 0); 5121 } 5122 else { 5123 /* authenticated, non-confidential data */ 5124 ret = wc_AesGcmEncrypt(&ctx->cipher.aes, NULL, NULL, 0, 5125 ctx->iv, ctx->ivSz, ctx->authTag, ctx->authTagSz, 5126 src, len); 5127 /* Reset partial authTag error for AAD*/ 5128 if (ret == AES_GCM_AUTH_E) 5129 ret = 0; 5130 } 5265 if (!dst) { 5266 ret = wolfSSL_EVP_CipherUpdate_GCM_AAD(ctx, src, len); 5131 5267 } 5132 5268 else { 5133 if (dst){ 5134 /* decrypt confidential data*/ 5135 ret = wc_AesGcmDecrypt(&ctx->cipher.aes, dst, src, len, 5136 ctx->iv, ctx->ivSz, ctx->authTag, ctx->authTagSz, 5137 NULL, 0); 5138 } 5139 else { 5140 /* authenticated, non-confidential data*/ 5141 ret = wc_AesGcmDecrypt(&ctx->cipher.aes, NULL, NULL, 0, 5142 ctx->iv, ctx->ivSz, 5143 ctx->authTag, ctx->authTagSz, 5144 src, len); 5145 /* Reset partial authTag error for AAD*/ 5146 if (ret == AES_GCM_AUTH_E) 5147 ret = 0; 5148 } 5269 if (ctx->enc) 5270 ret = wc_AesGcmEncrypt(&ctx->cipher.aes, dst, src, 5271 len, ctx->iv, ctx->ivSz, ctx->authTag, 5272 ctx->authTagSz, ctx->gcmAuthIn, ctx->gcmAuthInSz); 5273 else 5274 ret = wc_AesGcmDecrypt(&ctx->cipher.aes, dst, src, 5275 len, ctx->iv, ctx->ivSz, ctx->authTag, 5276 ctx->authTagSz, ctx->gcmAuthIn, ctx->gcmAuthInSz); 5149 5277 } 5278 if (ret == 0) 5279 ret = len; 5150 5280 break; 5151 5281 #endif /* HAVE_AESGCM */ … … 5159 5289 else 5160 5290 ret = wc_AesEcbDecrypt(&ctx->cipher.aes, dst, src, len); 5291 if (ret == 0) 5292 ret = (len / AES_BLOCK_SIZE) * AES_BLOCK_SIZE; 5161 5293 break; 5162 5294 #endif … … 5165 5297 case AES_192_CTR_TYPE : 5166 5298 case AES_256_CTR_TYPE : 5167 WOLFSSL_MSG("AES CTR"); 5168 ret = wc_AesCtrEncrypt(&ctx->cipher.aes, dst, src, len); 5299 WOLFSSL_MSG("AES CTR"); 5300 ret = wc_AesCtrEncrypt(&ctx->cipher.aes, dst, src, len); 5301 if (ret == 0) 5302 ret = len; 5169 5303 break; 5170 5304 #endif /* WOLFSSL_AES_COUNTER */ … … 5178 5312 else 5179 5313 wc_Des_CbcDecrypt(&ctx->cipher.des, dst, src, len); 5314 if (ret == 0) 5315 ret = (len / DES_BLOCK_SIZE) * DES_BLOCK_SIZE; 5180 5316 break; 5181 5317 case DES_EDE3_CBC_TYPE : … … 5185 5321 else 5186 5322 ret = wc_Des3_CbcDecrypt(&ctx->cipher.des3, dst, src, len); 5323 if (ret == 0) 5324 ret = (len / DES_BLOCK_SIZE) * DES_BLOCK_SIZE; 5187 5325 break; 5188 5326 #ifdef WOLFSSL_DES_ECB … … 5190 5328 WOLFSSL_MSG("DES ECB"); 5191 5329 ret = wc_Des_EcbEncrypt(&ctx->cipher.des, dst, src, len); 5330 if (ret == 0) 5331 ret = (len / DES_BLOCK_SIZE) * DES_BLOCK_SIZE; 5192 5332 break; 5193 5333 case DES_EDE3_ECB_TYPE : 5194 5334 WOLFSSL_MSG("DES3 ECB"); 5195 5335 ret = wc_Des3_EcbEncrypt(&ctx->cipher.des3, dst, src, len); 5336 if (ret == 0) 5337 ret = (len / DES_BLOCK_SIZE) * DES_BLOCK_SIZE; 5196 5338 break; 5197 5339 #endif … … 5202 5344 WOLFSSL_MSG("ARC4"); 5203 5345 wc_Arc4Process(&ctx->cipher.arc4, dst, src, len); 5346 if (ret == 0) 5347 ret = len; 5204 5348 break; 5205 5349 #endif … … 5212 5356 else 5213 5357 wc_IdeaCbcDecrypt(&ctx->cipher.idea, dst, src, len); 5358 if (ret == 0) 5359 ret = (len / IDEA_BLOCK_SIZE) * IDEA_BLOCK_SIZE; 5214 5360 break; 5215 5361 #endif … … 5217 5363 WOLFSSL_MSG("NULL CIPHER"); 5218 5364 XMEMCPY(dst, src, len); 5365 ret = len; 5219 5366 break; 5220 5367 5221 5368 default: { 5222 5369 WOLFSSL_MSG("bad type"); 5223 return 0; /* failure */5224 } 5225 } 5226 5227 if (ret !=0) {5370 return WOLFSSL_FATAL_ERROR; 5371 } 5372 } 5373 5374 if (ret < 0) { 5228 5375 WOLFSSL_MSG("wolfSSL_EVP_Cipher failure"); 5229 return 0; /* failure */5376 return WOLFSSL_FATAL_ERROR; 5230 5377 } 5231 5378 5232 5379 if (wolfSSL_StoreExternalIV(ctx) != WOLFSSL_SUCCESS) { 5233 return WOLFSSL_FA ILURE;5380 return WOLFSSL_FATAL_ERROR; 5234 5381 } 5235 5382 5236 5383 WOLFSSL_MSG("wolfSSL_EVP_Cipher success"); 5237 return WOLFSSL_SUCCESS; /* success */5384 return ret; 5238 5385 } 5239 5386 … … 5246 5393 WOLFSSL_ENTER("EVP_DigestInit"); 5247 5394 5248 if (ctx == NULL || md == NULL) {5395 if (ctx == NULL) { 5249 5396 return BAD_FUNC_ARG; 5250 5397 } … … 5260 5407 /* Set to 0 if no match */ 5261 5408 ctx->macType = wolfSSL_EVP_md2macType(md); 5262 if (XSTRNCMP(md, "SHA256", 6) == 0) { 5409 if (md == NULL) { 5410 XMEMSET(&ctx->hash.digest, 0, sizeof(WOLFSSL_Hasher)); 5411 } 5412 else if (XSTRNCMP(md, "SHA256", 6) == 0) { 5263 5413 ret = wolfSSL_SHA256_Init(&(ctx->hash.digest.sha256)); 5264 5414 } … … 5326 5476 size_t sz) 5327 5477 { 5328 int macType; 5478 int ret = WOLFSSL_FAILURE; 5479 enum wc_HashType macType; 5329 5480 5330 5481 WOLFSSL_ENTER("EVP_DigestUpdate"); … … 5332 5483 macType = wolfSSL_EVP_md2macType(EVP_MD_CTX_md(ctx)); 5333 5484 switch (macType) { 5334 #ifndef NO_MD45335 5485 case WC_HASH_TYPE_MD4: 5486 #ifndef NO_MD4 5336 5487 wolfSSL_MD4_Update((MD4_CTX*)&ctx->hash, data, 5337 5488 (unsigned long)sz); 5489 ret = WOLFSSL_SUCCESS; 5490 #endif 5338 5491 break; 5339 #endif5340 #ifndef NO_MD55341 5492 case WC_HASH_TYPE_MD5: 5342 wolfSSL_MD5_Update((MD5_CTX*)&ctx->hash, data, 5493 #ifndef NO_MD5 5494 ret = wolfSSL_MD5_Update((MD5_CTX*)&ctx->hash, data, 5343 5495 (unsigned long)sz); 5496 #endif 5344 5497 break; 5345 #endif5346 #ifndef NO_SHA5347 5498 case WC_HASH_TYPE_SHA: 5348 wolfSSL_SHA_Update((SHA_CTX*)&ctx->hash, data, 5499 #ifndef NO_SHA 5500 ret = wolfSSL_SHA_Update((SHA_CTX*)&ctx->hash, data, 5349 5501 (unsigned long)sz); 5502 #endif 5350 5503 break; 5351 #endif5352 #ifdef WOLFSSL_SHA2245353 5504 case WC_HASH_TYPE_SHA224: 5354 wolfSSL_SHA224_Update((SHA224_CTX*)&ctx->hash, data, 5505 #ifdef WOLFSSL_SHA224 5506 ret = wolfSSL_SHA224_Update((SHA224_CTX*)&ctx->hash, data, 5355 5507 (unsigned long)sz); 5508 #endif 5356 5509 break; 5357 #endif5358 #ifndef NO_SHA2565359 5510 case WC_HASH_TYPE_SHA256: 5360 wolfSSL_SHA256_Update((SHA256_CTX*)&ctx->hash, data, 5511 #ifndef NO_SHA256 5512 ret = wolfSSL_SHA256_Update((SHA256_CTX*)&ctx->hash, data, 5361 5513 (unsigned long)sz); 5514 #endif /* !NO_SHA256 */ 5362 5515 break; 5363 #endif /* !NO_SHA256 */5364 #ifdef WOLFSSL_SHA3845365 5516 case WC_HASH_TYPE_SHA384: 5366 wolfSSL_SHA384_Update((SHA384_CTX*)&ctx->hash, data, 5517 #ifdef WOLFSSL_SHA384 5518 ret = wolfSSL_SHA384_Update((SHA384_CTX*)&ctx->hash, data, 5367 5519 (unsigned long)sz); 5520 #endif 5368 5521 break; 5369 #endif5370 #ifdef WOLFSSL_SHA5125371 5522 case WC_HASH_TYPE_SHA512: 5372 wolfSSL_SHA512_Update((SHA512_CTX*)&ctx->hash, data, 5523 #ifdef WOLFSSL_SHA512 5524 ret = wolfSSL_SHA512_Update((SHA512_CTX*)&ctx->hash, data, 5373 5525 (unsigned long)sz); 5526 #endif /* WOLFSSL_SHA512 */ 5374 5527 break; 5375 #endif /* WOLFSSL_SHA512 */5376 #ifdef WOLFSSL_SHA35377 #ifndef WOLFSSL_NOSHA3_2245378 5528 case WC_HASH_TYPE_SHA3_224: 5379 wolfSSL_SHA3_224_Update((SHA3_224_CTX*)&ctx->hash, data, 5529 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224) 5530 ret = wolfSSL_SHA3_224_Update((SHA3_224_CTX*)&ctx->hash, data, 5380 5531 (unsigned long)sz); 5532 #endif 5381 5533 break; 5534 case WC_HASH_TYPE_SHA3_256: 5535 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) 5536 ret = wolfSSL_SHA3_256_Update((SHA3_256_CTX*)&ctx->hash, data, 5537 (unsigned long)sz); 5382 5538 #endif 5383 #ifndef WOLFSSL_NOSHA3_256 5384 case WC_HASH_TYPE_SHA3_256: 5385 wolfSSL_SHA3_256_Update((SHA3_256_CTX*)&ctx->hash, data, 5539 break; 5540 case WC_HASH_TYPE_SHA3_384: 5541 #if defined(WOLFSSL_SHA3) 5542 ret = wolfSSL_SHA3_384_Update((SHA3_384_CTX*)&ctx->hash, data, 5386 5543 (unsigned long)sz); 5544 #endif 5387 5545 break; 5546 case WC_HASH_TYPE_SHA3_512: 5547 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512) 5548 ret = wolfSSL_SHA3_512_Update((SHA3_512_CTX*)&ctx->hash, data, 5549 (unsigned long)sz); 5388 5550 #endif 5389 case WC_HASH_TYPE_SHA3_384:5390 wolfSSL_SHA3_384_Update((SHA3_384_CTX*)&ctx->hash, data,5391 (unsigned long)sz);5392 5551 break; 5393 #ifndef WOLFSSL_NOSHA3_512 5394 case WC_HASH_TYPE_SHA3_512: 5395 wolfSSL_SHA3_512_Update((SHA3_512_CTX*)&ctx->hash, data, 5396 (unsigned long)sz); 5397 break; 5398 #endif 5399 #endif 5552 case WC_HASH_TYPE_NONE: 5553 case WC_HASH_TYPE_MD2: 5554 case WC_HASH_TYPE_MD5_SHA: 5555 case WC_HASH_TYPE_BLAKE2B: 5556 case WC_HASH_TYPE_BLAKE2S: 5400 5557 default: 5401 5558 return WOLFSSL_FAILURE; 5402 5559 } 5403 5560 5404 return WOLFSSL_SUCCESS;5561 return ret; 5405 5562 } 5406 5563 … … 5409 5566 unsigned int* s) 5410 5567 { 5411 int macType; 5568 int ret = WOLFSSL_FAILURE; 5569 enum wc_HashType macType; 5412 5570 5413 5571 WOLFSSL_ENTER("EVP_DigestFinal"); 5414 5572 macType = wolfSSL_EVP_md2macType(EVP_MD_CTX_md(ctx)); 5415 5573 switch (macType) { 5416 #ifndef NO_MD45417 5574 case WC_HASH_TYPE_MD4: 5575 #ifndef NO_MD4 5418 5576 wolfSSL_MD4_Final(md, (MD4_CTX*)&ctx->hash); 5419 5577 if (s) *s = MD4_DIGEST_SIZE; 5578 ret = WOLFSSL_SUCCESS; 5579 #endif 5420 5580 break; 5421 #endif5422 #ifndef NO_MD55423 5581 case WC_HASH_TYPE_MD5: 5424 wolfSSL_MD5_Final(md, (MD5_CTX*)&ctx->hash); 5582 #ifndef NO_MD5 5583 ret = wolfSSL_MD5_Final(md, (MD5_CTX*)&ctx->hash); 5425 5584 if (s) *s = WC_MD5_DIGEST_SIZE; 5585 #endif 5426 5586 break; 5427 #endif5428 #ifndef NO_SHA5429 5587 case WC_HASH_TYPE_SHA: 5430 wolfSSL_SHA_Final(md, (SHA_CTX*)&ctx->hash); 5588 #ifndef NO_SHA 5589 ret = wolfSSL_SHA_Final(md, (SHA_CTX*)&ctx->hash); 5431 5590 if (s) *s = WC_SHA_DIGEST_SIZE; 5591 #endif 5432 5592 break; 5433 #endif5434 #ifdef WOLFSSL_SHA2245435 5593 case WC_HASH_TYPE_SHA224: 5436 wolfSSL_SHA224_Final(md, (SHA224_CTX*)&ctx->hash); 5594 #ifdef WOLFSSL_SHA224 5595 ret = wolfSSL_SHA224_Final(md, (SHA224_CTX*)&ctx->hash); 5437 5596 if (s) *s = WC_SHA224_DIGEST_SIZE; 5597 #endif 5438 5598 break; 5439 #endif5440 #ifndef NO_SHA2565441 5599 case WC_HASH_TYPE_SHA256: 5442 wolfSSL_SHA256_Final(md, (SHA256_CTX*)&ctx->hash); 5600 #ifndef NO_SHA256 5601 ret = wolfSSL_SHA256_Final(md, (SHA256_CTX*)&ctx->hash); 5443 5602 if (s) *s = WC_SHA256_DIGEST_SIZE; 5603 #endif /* !NO_SHA256 */ 5444 5604 break; 5445 #endif /* !NO_SHA256 */5446 #ifdef WOLFSSL_SHA3845447 5605 case WC_HASH_TYPE_SHA384: 5448 wolfSSL_SHA384_Final(md, (SHA384_CTX*)&ctx->hash); 5606 #ifdef WOLFSSL_SHA384 5607 ret = wolfSSL_SHA384_Final(md, (SHA384_CTX*)&ctx->hash); 5449 5608 if (s) *s = WC_SHA384_DIGEST_SIZE; 5609 #endif 5450 5610 break; 5451 #endif5452 #ifdef WOLFSSL_SHA5125453 5611 case WC_HASH_TYPE_SHA512: 5454 wolfSSL_SHA512_Final(md, (SHA512_CTX*)&ctx->hash); 5612 #ifdef WOLFSSL_SHA512 5613 ret = wolfSSL_SHA512_Final(md, (SHA512_CTX*)&ctx->hash); 5455 5614 if (s) *s = WC_SHA512_DIGEST_SIZE; 5615 #endif /* WOLFSSL_SHA512 */ 5456 5616 break; 5457 #endif /* WOLFSSL_SHA512 */5458 #ifdef WOLFSSL_SHA35459 #ifndef WOLFSSL_NOSHA3_2245460 5617 case WC_HASH_TYPE_SHA3_224: 5461 wolfSSL_SHA3_224_Final(md, (SHA3_224_CTX*)&ctx->hash); 5618 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224) 5619 ret = wolfSSL_SHA3_224_Final(md, (SHA3_224_CTX*)&ctx->hash); 5462 5620 if (s) *s = WC_SHA3_224_DIGEST_SIZE; 5621 #endif 5463 5622 break; 5623 case WC_HASH_TYPE_SHA3_256: 5624 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) 5625 ret = wolfSSL_SHA3_256_Final(md, (SHA3_256_CTX*)&ctx->hash); 5626 if (s) *s = WC_SHA3_256_DIGEST_SIZE; 5464 5627 #endif 5465 #ifndef WOLFSSL_NOSHA3_2565466 case WC_HASH_TYPE_SHA3_256:5467 wolfSSL_SHA3_256_Final(md, (SHA3_256_CTX*)&ctx->hash);5468 if (s) *s = WC_SHA3_256_DIGEST_SIZE;5469 5628 break; 5629 case WC_HASH_TYPE_SHA3_384: 5630 #if defined(WOLFSSL_SHA3) 5631 ret = wolfSSL_SHA3_384_Final(md, (SHA3_384_CTX*)&ctx->hash); 5632 if (s) *s = WC_SHA3_384_DIGEST_SIZE; 5470 5633 #endif 5471 case WC_HASH_TYPE_SHA3_384:5472 wolfSSL_SHA3_384_Final(md, (SHA3_384_CTX*)&ctx->hash);5473 if (s) *s = WC_SHA3_384_DIGEST_SIZE;5474 5634 break; 5475 #ifndef WOLFSSL_NOSHA3_5125476 5635 case WC_HASH_TYPE_SHA3_512: 5477 wolfSSL_SHA3_512_Final(md, (SHA3_512_CTX*)&ctx->hash); 5636 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512) 5637 ret = wolfSSL_SHA3_512_Final(md, (SHA3_512_CTX*)&ctx->hash); 5478 5638 if (s) *s = WC_SHA3_512_DIGEST_SIZE; 5639 #endif 5479 5640 break; 5480 #endif 5481 #endif 5641 case WC_HASH_TYPE_NONE: 5642 case WC_HASH_TYPE_MD2: 5643 case WC_HASH_TYPE_MD5_SHA: 5644 case WC_HASH_TYPE_BLAKE2B: 5645 case WC_HASH_TYPE_BLAKE2S: 5482 5646 default: 5483 5647 return WOLFSSL_FAILURE; 5484 5648 } 5485 5649 5486 return WOLFSSL_SUCCESS;5650 return ret; 5487 5651 } 5488 5652 … … 5512 5676 case NID_sha1: 5513 5677 return wolfSSL_EVP_sha1(); 5678 #endif 5679 #ifndef NO_SHA256 5680 case NID_sha256: 5681 return wolfSSL_EVP_sha256(); 5514 5682 #endif 5515 5683 default: … … 5581 5749 return WOLFSSL_FAILURE; 5582 5750 5751 if (wolfSSL_RSA_up_ref(key) != WOLFSSL_SUCCESS) { 5752 WOLFSSL_MSG("wolfSSL_RSA_up_ref failed"); 5753 return WOLFSSL_FAILURE; 5754 } 5583 5755 if (pkey->rsa != NULL && pkey->ownRsa == 1) { 5584 5756 wolfSSL_RSA_free(pkey->rsa); 5585 5757 } 5586 5758 pkey->rsa = key; 5587 pkey->ownRsa = 0; /* pkey does not own RSA*/5759 pkey->ownRsa = 1; /* pkey does not own RSA but needs to call free on it */ 5588 5760 pkey->type = EVP_PKEY_RSA; 5589 5761 if (key->inSet == 0) { … … 5718 5890 5719 5891 return WOLFSSL_SUCCESS; 5892 } 5893 5894 WOLFSSL_DSA* wolfSSL_EVP_PKEY_get0_DSA(struct WOLFSSL_EVP_PKEY *pkey) 5895 { 5896 if (!pkey) { 5897 return NULL; 5898 } 5899 return pkey->dsa; 5720 5900 } 5721 5901 … … 5814 5994 #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) 5815 5995 #if !defined(NO_DH) && !defined(NO_FILESYSTEM) 5996 #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) 5816 5997 /* with set1 functions the pkey struct does not own the DH structure 5817 5998 * Build the following DH Key format from the passed in WOLFSSL_DH … … 5892 6073 return WOLFSSL_SUCCESS; 5893 6074 } 6075 #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ 5894 6076 5895 6077 WOLFSSL_DH* wolfSSL_EVP_PKEY_get0_DH(WOLFSSL_EVP_PKEY* key) … … 5901 6083 } 5902 6084 6085 #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) 5903 6086 WOLFSSL_DH* wolfSSL_EVP_PKEY_get1_DH(WOLFSSL_EVP_PKEY* key) 5904 6087 { … … 5934 6117 return local; 5935 6118 } 6119 #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ 5936 6120 #endif /* NO_DH && NO_FILESYSTEM */ 5937 6121 … … 5959 6143 break; 5960 6144 #endif 5961 #if def NO_DH6145 #ifndef NO_DH 5962 6146 case EVP_PKEY_DH: 5963 6147 ret = wolfSSL_EVP_PKEY_assign_DH(pkey, (WOLFSSL_DH*)key); … … 5975 6159 #if defined(HAVE_ECC) 5976 6160 /* try and populate public pkey_sz and pkey.ptr */ 5977 static voidECC_populate_EVP_PKEY(EVP_PKEY* pkey, ecc_key* ecc)5978 { 5979 int ret;6161 static int ECC_populate_EVP_PKEY(EVP_PKEY* pkey, ecc_key* ecc) 6162 { 6163 word32 derSz = 0; 5980 6164 if (!pkey || !ecc) 5981 return; 5982 if ((ret = wc_EccPublicKeyDerSize(ecc, 1)) > 0) { 5983 int derSz = ret; 5984 char* derBuf = (char*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); 6165 return WOLFSSL_FAILURE; 6166 if (wc_EccKeyToPKCS8(ecc, NULL, &derSz) == LENGTH_ONLY_E) { 6167 byte* derBuf = (byte*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_OPENSSL); 5985 6168 if (derBuf) { 5986 ret = wc_EccPublicKeyToDer(ecc, (byte*)derBuf, derSz, 1); 5987 if (ret >= 0) { 6169 if (wc_EccKeyToPKCS8(ecc, derBuf, &derSz) >= 0) { 5988 6170 if (pkey->pkey.ptr) { 5989 6171 XFREE(pkey->pkey.ptr, NULL, DYNAMIC_TYPE_OPENSSL); 5990 6172 } 5991 pkey->pkey_sz = ret; 5992 pkey->pkey.ptr = derBuf; 5993 } 5994 else { /* failure - okay to ignore */ 5995 XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); 6173 pkey->pkey_sz = (int)derSz; 6174 pkey->pkey.ptr = (char*)derBuf; 6175 return WOLFSSL_SUCCESS; 6176 } 6177 else { 6178 XFREE(derBuf, NULL, DYNAMIC_TYPE_OPENSSL); 5996 6179 derBuf = NULL; 5997 6180 } 5998 6181 } 5999 6182 } 6183 return WOLFSSL_FAILURE; 6000 6184 } 6001 6185 … … 6029 6213 pkey->ownEcc = 0; /* pkey does not own EC key */ 6030 6214 pkey->type = EVP_PKEY_EC; 6031 ECC_populate_EVP_PKEY(pkey, (ecc_key*)key->internal); 6032 return WOLFSSL_SUCCESS; 6215 return ECC_populate_EVP_PKEY(pkey, (ecc_key*)key->internal); 6033 6216 #else 6034 6217 (void)pkey; … … 6066 6249 6067 6250 /* try and populate public pkey_sz and pkey.ptr */ 6068 ECC_populate_EVP_PKEY(pkey, (ecc_key*)key->internal); 6069 6070 return WOLFSSL_SUCCESS; 6251 return ECC_populate_EVP_PKEY(pkey, (ecc_key*)key->internal); 6071 6252 } 6072 6253 #endif /* HAVE_ECC */ … … 6180 6361 return AES_BLOCK_SIZE; 6181 6362 #endif 6363 #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ 6364 (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) 6182 6365 #ifdef HAVE_AESGCM 6183 6366 case AES_128_GCM_TYPE : … … 6187 6370 return GCM_NONCE_MID_SZ; 6188 6371 #endif 6372 #endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION > 2 */ 6189 6373 #ifdef WOLFSSL_AES_COUNTER 6190 6374 case AES_128_CTR_TYPE : … … 6265 6449 #ifdef HAVE_AES_CBC 6266 6450 #ifdef WOLFSSL_AES_128 6267 if ( EVP_AES_128_CBC &&XSTRNCMP(name, EVP_AES_128_CBC, XSTRLEN(EVP_AES_128_CBC)) == 0)6451 if (XSTRNCMP(name, EVP_AES_128_CBC, XSTRLEN(EVP_AES_128_CBC)) == 0) 6268 6452 return AES_BLOCK_SIZE; 6269 6453 #endif 6270 6454 #ifdef WOLFSSL_AES_192 6271 if ( EVP_AES_192_CBC &&XSTRNCMP(name, EVP_AES_192_CBC, XSTRLEN(EVP_AES_192_CBC)) == 0)6455 if (XSTRNCMP(name, EVP_AES_192_CBC, XSTRLEN(EVP_AES_192_CBC)) == 0) 6272 6456 return AES_BLOCK_SIZE; 6273 6457 #endif 6274 6458 #ifdef WOLFSSL_AES_256 6275 if ( EVP_AES_256_CBC &&XSTRNCMP(name, EVP_AES_256_CBC, XSTRLEN(EVP_AES_256_CBC)) == 0)6459 if (XSTRNCMP(name, EVP_AES_256_CBC, XSTRLEN(EVP_AES_256_CBC)) == 0) 6276 6460 return AES_BLOCK_SIZE; 6277 6461 #endif 6278 6462 #endif /* HAVE_AES_CBC */ 6463 #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ 6464 (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) 6279 6465 #ifdef HAVE_AESGCM 6280 6466 #ifdef WOLFSSL_AES_128 6281 if ( EVP_AES_128_GCM &&XSTRNCMP(name, EVP_AES_128_GCM, XSTRLEN(EVP_AES_128_GCM)) == 0)6467 if (XSTRNCMP(name, EVP_AES_128_GCM, XSTRLEN(EVP_AES_128_GCM)) == 0) 6282 6468 return GCM_NONCE_MID_SZ; 6283 6469 #endif 6284 6470 #ifdef WOLFSSL_AES_192 6285 if ( EVP_AES_192_GCM &&XSTRNCMP(name, EVP_AES_192_GCM, XSTRLEN(EVP_AES_192_GCM)) == 0)6471 if (XSTRNCMP(name, EVP_AES_192_GCM, XSTRLEN(EVP_AES_192_GCM)) == 0) 6286 6472 return GCM_NONCE_MID_SZ; 6287 6473 #endif 6288 6474 #ifdef WOLFSSL_AES_256 6289 if ( EVP_AES_256_GCM &&XSTRNCMP(name, EVP_AES_256_GCM, XSTRLEN(EVP_AES_256_GCM)) == 0)6475 if (XSTRNCMP(name, EVP_AES_256_GCM, XSTRLEN(EVP_AES_256_GCM)) == 0) 6290 6476 return GCM_NONCE_MID_SZ; 6291 6477 #endif 6292 6478 #endif /* HAVE_AESGCM */ 6479 #endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION > 2 */ 6293 6480 #ifdef WOLFSSL_AES_COUNTER 6294 6481 #ifdef WOLFSSL_AES_128 6295 if ( EVP_AES_128_CTR &&XSTRNCMP(name, EVP_AES_128_CTR, XSTRLEN(EVP_AES_128_CTR)) == 0)6482 if (XSTRNCMP(name, EVP_AES_128_CTR, XSTRLEN(EVP_AES_128_CTR)) == 0) 6296 6483 return AES_BLOCK_SIZE; 6297 6484 #endif 6298 6485 #ifdef WOLFSSL_AES_192 6299 if ( EVP_AES_192_CTR &&XSTRNCMP(name, EVP_AES_192_CTR, XSTRLEN(EVP_AES_192_CTR)) == 0)6486 if (XSTRNCMP(name, EVP_AES_192_CTR, XSTRLEN(EVP_AES_192_CTR)) == 0) 6300 6487 return AES_BLOCK_SIZE; 6301 6488 #endif 6302 6489 #ifdef WOLFSSL_AES_256 6303 if ( EVP_AES_256_CTR &&XSTRNCMP(name, EVP_AES_256_CTR, XSTRLEN(EVP_AES_256_CTR)) == 0)6490 if (XSTRNCMP(name, EVP_AES_256_CTR, XSTRLEN(EVP_AES_256_CTR)) == 0) 6304 6491 return AES_BLOCK_SIZE; 6305 6492 #endif … … 6307 6494 #ifdef WOLFSSL_AES_XTS 6308 6495 #ifdef WOLFSSL_AES_128 6309 if ( EVP_AES_128_XTS &&XSTRNCMP(name, EVP_AES_128_XTS, XSTRLEN(EVP_AES_128_XTS)) == 0)6496 if (XSTRNCMP(name, EVP_AES_128_XTS, XSTRLEN(EVP_AES_128_XTS)) == 0) 6310 6497 return AES_BLOCK_SIZE; 6311 6498 #endif /* WOLFSSL_AES_128 */ 6312 6499 6313 6500 #ifdef WOLFSSL_AES_256 6314 if ( EVP_AES_256_XTS &&XSTRNCMP(name, EVP_AES_256_XTS, XSTRLEN(EVP_AES_256_XTS)) == 0)6501 if (XSTRNCMP(name, EVP_AES_256_XTS, XSTRLEN(EVP_AES_256_XTS)) == 0) 6315 6502 return AES_BLOCK_SIZE; 6316 6503 #endif /* WOLFSSL_AES_256 */ … … 6320 6507 6321 6508 #ifndef NO_DES3 6322 if (( EVP_DES_CBC &&XSTRNCMP(name, EVP_DES_CBC, XSTRLEN(EVP_DES_CBC)) == 0) ||6323 ( EVP_DES_EDE3_CBC &&XSTRNCMP(name, EVP_DES_EDE3_CBC, XSTRLEN(EVP_DES_EDE3_CBC)) == 0)) {6509 if ((XSTRNCMP(name, EVP_DES_CBC, XSTRLEN(EVP_DES_CBC)) == 0) || 6510 (XSTRNCMP(name, EVP_DES_EDE3_CBC, XSTRLEN(EVP_DES_EDE3_CBC)) == 0)) { 6324 6511 return DES_BLOCK_SIZE; 6325 6512 } … … 6327 6514 6328 6515 #ifdef HAVE_IDEA 6329 if ( EVP_IDEA_CBC &&XSTRNCMP(name, EVP_IDEA_CBC, XSTRLEN(EVP_IDEA_CBC)) == 0)6516 if (XSTRNCMP(name, EVP_IDEA_CBC, XSTRLEN(EVP_IDEA_CBC)) == 0) 6330 6517 return IDEA_BLOCK_SIZE; 6331 6518 #endif … … 6382 6569 6383 6570 6384 int wolfSSL_EVP_PKEY_id(const EVP_PKEY *pkey)6571 int wolfSSL_EVP_PKEY_id(const WOLFSSL_EVP_PKEY *pkey) 6385 6572 { 6386 6573 if (pkey != NULL) … … 6390 6577 6391 6578 6392 int wolfSSL_EVP_PKEY_base_id(const EVP_PKEY *pkey)6579 int wolfSSL_EVP_PKEY_base_id(const WOLFSSL_EVP_PKEY *pkey) 6393 6580 { 6394 6581 if (pkey == NULL) … … 6397 6584 } 6398 6585 6586 int wolfSSL_EVP_PKEY_get_default_digest_nid(WOLFSSL_EVP_PKEY *pkey, int *pnid) 6587 { 6588 WOLFSSL_ENTER("wolfSSL_EVP_PKEY_get_default_digest_nid"); 6589 6590 if (!pkey || !pnid) { 6591 WOLFSSL_MSG("Bad parameter"); 6592 return WOLFSSL_FAILURE; 6593 } 6594 6595 switch (pkey->type) { 6596 case EVP_PKEY_HMAC: 6597 #ifndef NO_DSA 6598 case EVP_PKEY_DSA: 6599 #endif 6600 #ifndef NO_RSA 6601 case EVP_PKEY_RSA: 6602 #endif 6603 #ifdef HAVE_ECC 6604 case EVP_PKEY_EC: 6605 #endif 6606 *pnid = NID_sha256; 6607 return WOLFSSL_SUCCESS; 6608 default: 6609 return WOLFSSL_FAILURE; 6610 } 6611 } 6399 6612 6400 6613 /* increments ref count of WOLFSSL_EVP_PKEY. Return 1 on success, 0 on error */ … … 6408 6621 wc_UnLockMutex(&pkey->refMutex); 6409 6622 6410 return 1;6411 } 6412 6413 return 0;6623 return WOLFSSL_SUCCESS; 6624 } 6625 6626 return WOLFSSL_FAILURE; 6414 6627 } 6415 6628 … … 6479 6692 #endif /* OPENSSL_EXTRA */ 6480 6693 6481 #if defined(OPENSSL_EXTRA _X509_SMALL)6694 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) 6482 6695 /* Subset of OPENSSL_EXTRA for PKEY operations PKEY free is needed by the 6483 6696 * subset of X509 API */ … … 6503 6716 ret = wc_InitRng(&pkey->rng); 6504 6717 #endif 6718 pkey->references = 1; 6719 wc_InitMutex(&pkey->refMutex); /* init of mutex needs to come before 6720 * wolfSSL_EVP_PKEY_free */ 6505 6721 if (ret != 0){ 6506 6722 wolfSSL_EVP_PKEY_free(pkey); … … 6508 6724 return NULL; 6509 6725 } 6510 pkey->references = 1;6511 wc_InitMutex(&pkey->refMutex);6512 6726 } 6513 6727 else { … … 6591 6805 } 6592 6806 6593 #endif /* OPENSSL_EXTRA_X509_SMALL */ 6807 #if !defined(NO_PWDBASED) 6808 int wolfSSL_EVP_get_hashinfo(const WOLFSSL_EVP_MD* evp, 6809 int* pHash, int* pHashSz) 6810 { 6811 enum wc_HashType hash = WC_HASH_TYPE_NONE; 6812 int hashSz; 6813 6814 if (XSTRLEN(evp) < 3) { 6815 /* do not try comparing strings if size is too small */ 6816 return WOLFSSL_FAILURE; 6817 } 6818 6819 if (XSTRNCMP("SHA", evp, 3) == 0) { 6820 if (XSTRLEN(evp) > 3) { 6821 #ifndef NO_SHA256 6822 if (XSTRNCMP("SHA256", evp, 6) == 0) { 6823 hash = WC_HASH_TYPE_SHA256; 6824 } 6825 else 6826 #endif 6827 #ifdef WOLFSSL_SHA384 6828 if (XSTRNCMP("SHA384", evp, 6) == 0) { 6829 hash = WC_HASH_TYPE_SHA384; 6830 } 6831 else 6832 #endif 6833 #ifdef WOLFSSL_SHA512 6834 if (XSTRNCMP("SHA512", evp, 6) == 0) { 6835 hash = WC_HASH_TYPE_SHA512; 6836 } 6837 else 6838 #endif 6839 if (XSTRNCMP("SHA1", evp, 4) == 0) { 6840 hash = WC_HASH_TYPE_SHA; 6841 } 6842 else { 6843 WOLFSSL_MSG("Unknown SHA hash"); 6844 } 6845 } 6846 else { 6847 hash = WC_HASH_TYPE_SHA; 6848 } 6849 } 6850 #ifdef WOLFSSL_MD2 6851 else if (XSTRNCMP("MD2", evp, 3) == 0) { 6852 hash = WC_HASH_TYPE_MD2; 6853 } 6854 #endif 6855 #ifndef NO_MD4 6856 else if (XSTRNCMP("MD4", evp, 3) == 0) { 6857 hash = WC_HASH_TYPE_MD4; 6858 } 6859 #endif 6860 #ifndef NO_MD5 6861 else if (XSTRNCMP("MD5", evp, 3) == 0) { 6862 hash = WC_HASH_TYPE_MD5; 6863 } 6864 #endif 6865 6866 if (pHash) 6867 *pHash = hash; 6868 6869 hashSz = wc_HashGetDigestSize(hash); 6870 if (pHashSz) 6871 *pHashSz = hashSz; 6872 6873 if (hashSz < 0) { 6874 return WOLFSSL_FAILURE; 6875 } 6876 6877 return WOLFSSL_SUCCESS; 6878 } 6879 #endif /* !defined(NO_PWDBASED) */ 6880 6881 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ 6594 6882 6595 6883 #endif /* WOLFSSL_EVP_INCLUDED */
Note:
See TracChangeset
for help on using the changeset viewer.