1 /* evp.c
2 *
3 * Copyright (C) 2006-2021 wolfSSL Inc.
4 *
5 * This file is part of wolfSSL.
6 *
7 * wolfSSL is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * wolfSSL is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
20 */
21
22
23 #ifdef HAVE_CONFIG_H
24 #include <config.h>
25 #endif
26
27 #include <wolfssl/wolfcrypt/settings.h>
28
29 #if !defined(WOLFSSL_EVP_INCLUDED)
30 #ifndef WOLFSSL_IGNORE_FILE_WARN
31 #warning evp.c does not need to be compiled separately from ssl.c
32 #endif
33 #elif defined(WOLFCRYPT_ONLY)
34 #else
35
36 #if defined(OPENSSL_EXTRA)
37
38 #if !defined(HAVE_PKCS7) && \
39 ((defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \
40 (HAVE_FIPS_VERSION == 2)) || defined(HAVE_SELFTEST))
41 #include <wolfssl/wolfcrypt/aes.h>
42 #endif
43
44
45 #include <wolfssl/openssl/ecdsa.h>
46 #include <wolfssl/openssl/evp.h>
47 #include <wolfssl/wolfcrypt/integer.h>
48
49 #ifndef NO_AES
50 #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
51 #ifdef WOLFSSL_AES_128
52 static const char EVP_AES_128_CBC[] = "AES-128-CBC";
53 #endif
54 #ifdef WOLFSSL_AES_192
55 static const char EVP_AES_192_CBC[] = "AES-192-CBC";
56 #endif
57 #ifdef WOLFSSL_AES_256
58 static const char EVP_AES_256_CBC[] = "AES-256-CBC";
59 #endif
60 #endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */
61
62 #ifdef WOLFSSL_AES_OFB
63 #ifdef WOLFSSL_AES_128
64 static const char EVP_AES_128_OFB[] = "AES-128-OFB";
65 #endif
66 #ifdef WOLFSSL_AES_192
67 static const char EVP_AES_192_OFB[] = "AES-192-OFB";
68 #endif
69 #ifdef WOLFSSL_AES_256
70 static const char EVP_AES_256_OFB[] = "AES-256-OFB";
71 #endif
72 #endif /* WOLFSSL_AES_OFB */
73
74 #ifdef WOLFSSL_AES_XTS
75 #ifdef WOLFSSL_AES_128
76 static const char EVP_AES_128_XTS[] = "AES-128-XTS";
77 #endif
78 #ifdef WOLFSSL_AES_256
79 static const char EVP_AES_256_XTS[] = "AES-256-XTS";
80 #endif
81 #endif /* WOLFSSL_AES_XTS */
82
83 #ifdef WOLFSSL_AES_CFB
84 #ifdef WOLFSSL_AES_128
85 static const char EVP_AES_128_CFB1[] = "AES-128-CFB1";
86 #endif
87 #ifdef WOLFSSL_AES_192
88 static const char EVP_AES_192_CFB1[] = "AES-192-CFB1";
89 #endif
90 #ifdef WOLFSSL_AES_256
91 static const char EVP_AES_256_CFB1[] = "AES-256-CFB1";
92 #endif
93
94 #ifdef WOLFSSL_AES_128
95 static const char EVP_AES_128_CFB8[] = "AES-128-CFB8";
96 #endif
97 #ifdef WOLFSSL_AES_192
98 static const char EVP_AES_192_CFB8[] = "AES-192-CFB8";
99 #endif
100 #ifdef WOLFSSL_AES_256
101 static const char EVP_AES_256_CFB8[] = "AES-256-CFB8";
102 #endif
103
104 #ifdef WOLFSSL_AES_128
105 static const char EVP_AES_128_CFB128[] = "AES-128-CFB128";
106 #endif
107 #ifdef WOLFSSL_AES_192
108 static const char EVP_AES_192_CFB128[] = "AES-192-CFB128";
109 #endif
110 #ifdef WOLFSSL_AES_256
111 static const char EVP_AES_256_CFB128[] = "AES-256-CFB128";
112 #endif
113 #endif /* WOLFSSL_AES_CFB */
114
115 #ifdef HAVE_AESGCM
116 #ifdef WOLFSSL_AES_128
117 static const char EVP_AES_128_GCM[] = "AES-128-GCM";
118 #endif
119 #ifdef WOLFSSL_AES_192
120 static const char EVP_AES_192_GCM[] = "AES-192-GCM";
121 #endif
122 #ifdef WOLFSSL_AES_256
123 static const char EVP_AES_256_GCM[] = "AES-256-GCM";
124 #endif
125 #endif /* HAVE_AESGCM */
126
127 #ifdef WOLFSSL_AES_COUNTER
128 #ifdef WOLFSSL_AES_128
129 static const char EVP_AES_128_CTR[] = "AES-128-CTR";
130 #endif
131 #ifdef WOLFSSL_AES_192
132 static const char EVP_AES_192_CTR[] = "AES-192-CTR";
133 #endif
134 #ifdef WOLFSSL_AES_256
135 static const char EVP_AES_256_CTR[] = "AES-256-CTR";
136 #endif
137 #endif
138
139 #ifdef HAVE_AES_ECB
140 #ifdef WOLFSSL_AES_128
141 static const char EVP_AES_128_ECB[] = "AES-128-ECB";
142 #endif
143 #ifdef WOLFSSL_AES_192
144 static const char EVP_AES_192_ECB[] = "AES-192-ECB";
145 #endif
146 #ifdef WOLFSSL_AES_256
147 static const char EVP_AES_256_ECB[] = "AES-256-ECB";
148 #endif
149 #endif
150 #define EVP_AES_SIZE 11
151 #ifdef WOLFSSL_AES_CFB
152 #define EVP_AESCFB_SIZE 14
153 #endif
154 #endif
155
156 #ifndef NO_DES3
157 static const char EVP_DES_CBC[] = "DES-CBC";
158 static const char EVP_DES_ECB[] = "DES-ECB";
159
160 static const char EVP_DES_EDE3_CBC[] = "DES-EDE3-CBC";
161 static const char EVP_DES_EDE3_ECB[] = "DES-EDE3-ECB";
162
163 #define EVP_DES_SIZE 7
164 #define EVP_DES_EDE3_SIZE 12
165 #endif
166
167 #ifdef HAVE_IDEA
168 static const char EVP_IDEA_CBC[] = "IDEA-CBC";
169 #define EVP_IDEA_SIZE 8
170 #endif
171
172 #ifndef NO_RC4
173 static const char EVP_ARC4[] = "ARC4";
174 #define EVP_ARC4_SIZE 4
175 #endif
176
177 static const char EVP_NULL[] = "NULL";
178 #define EVP_NULL_SIZE 4
179
180 #define EVP_PKEY_PRINT_LINE_WIDTH_MAX 80
181 #define EVP_PKEY_PRINT_DIGITS_PER_LINE 15
182
183 static unsigned int cipherType(const WOLFSSL_EVP_CIPHER *cipher);
184
185
186 /* Getter function for cipher key length
187 *
188 * c WOLFSSL_EVP_CIPHER structure to get key length from
189 *
190 * NOTE: OpenSSL_add_all_ciphers() should be called first before using this
191 * function
192 *
193 * Returns size of key in bytes
194 */
wolfSSL_EVP_Cipher_key_length(const WOLFSSL_EVP_CIPHER * c)195 int wolfSSL_EVP_Cipher_key_length(const WOLFSSL_EVP_CIPHER* c)
196 {
197 WOLFSSL_ENTER("wolfSSL_EVP_Cipher_key_length");
198
199 if (c == NULL) {
200 return 0;
201 }
202
203 switch (cipherType(c)) {
204 #if !defined(NO_AES)
205 #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
206 case AES_128_CBC_TYPE: return 16;
207 case AES_192_CBC_TYPE: return 24;
208 case AES_256_CBC_TYPE: return 32;
209 #endif
210 #if defined(WOLFSSL_AES_CFB)
211 case AES_128_CFB1_TYPE: return 16;
212 case AES_192_CFB1_TYPE: return 24;
213 case AES_256_CFB1_TYPE: return 32;
214 case AES_128_CFB8_TYPE: return 16;
215 case AES_192_CFB8_TYPE: return 24;
216 case AES_256_CFB8_TYPE: return 32;
217 case AES_128_CFB128_TYPE: return 16;
218 case AES_192_CFB128_TYPE: return 24;
219 case AES_256_CFB128_TYPE: return 32;
220 #endif
221 #if defined(WOLFSSL_AES_OFB)
222 case AES_128_OFB_TYPE: return 16;
223 case AES_192_OFB_TYPE: return 24;
224 case AES_256_OFB_TYPE: return 32;
225 #endif
226 #if defined(WOLFSSL_AES_XTS)
227 /* Two keys for XTS. */
228 case AES_128_XTS_TYPE: return 16 * 2;
229 case AES_256_XTS_TYPE: return 32 * 2;
230 #endif
231 #if defined(HAVE_AESGCM)
232 case AES_128_GCM_TYPE: return 16;
233 case AES_192_GCM_TYPE: return 24;
234 case AES_256_GCM_TYPE: return 32;
235 #endif
236 #if defined(WOLFSSL_AES_COUNTER)
237 case AES_128_CTR_TYPE: return 16;
238 case AES_192_CTR_TYPE: return 24;
239 case AES_256_CTR_TYPE: return 32;
240 #endif
241 #if defined(HAVE_AES_ECB)
242 case AES_128_ECB_TYPE: return 16;
243 case AES_192_ECB_TYPE: return 24;
244 case AES_256_ECB_TYPE: return 32;
245 #endif
246 #endif /* !NO_AES */
247 #ifndef NO_DES3
248 case DES_CBC_TYPE: return 8;
249 case DES_EDE3_CBC_TYPE: return 24;
250 case DES_ECB_TYPE: return 8;
251 case DES_EDE3_ECB_TYPE: return 24;
252 #endif
253 default:
254 return 0;
255 }
256 }
257
258
wolfSSL_EVP_EncryptInit(WOLFSSL_EVP_CIPHER_CTX * ctx,const WOLFSSL_EVP_CIPHER * type,const unsigned char * key,const unsigned char * iv)259 int wolfSSL_EVP_EncryptInit(WOLFSSL_EVP_CIPHER_CTX* ctx,
260 const WOLFSSL_EVP_CIPHER* type,
261 const unsigned char* key,
262 const unsigned char* iv)
263 {
264 return wolfSSL_EVP_CipherInit(ctx, type, (byte*)key, (byte*)iv, 1);
265 }
266
wolfSSL_EVP_EncryptInit_ex(WOLFSSL_EVP_CIPHER_CTX * ctx,const WOLFSSL_EVP_CIPHER * type,WOLFSSL_ENGINE * impl,const unsigned char * key,const unsigned char * iv)267 int wolfSSL_EVP_EncryptInit_ex(WOLFSSL_EVP_CIPHER_CTX* ctx,
268 const WOLFSSL_EVP_CIPHER* type,
269 WOLFSSL_ENGINE *impl,
270 const unsigned char* key,
271 const unsigned char* iv)
272 {
273 (void) impl;
274 return wolfSSL_EVP_CipherInit(ctx, type, (byte*)key, (byte*)iv, 1);
275 }
276
wolfSSL_EVP_DecryptInit(WOLFSSL_EVP_CIPHER_CTX * ctx,const WOLFSSL_EVP_CIPHER * type,const unsigned char * key,const unsigned char * iv)277 int wolfSSL_EVP_DecryptInit(WOLFSSL_EVP_CIPHER_CTX* ctx,
278 const WOLFSSL_EVP_CIPHER* type,
279 const unsigned char* key,
280 const unsigned char* iv)
281 {
282 WOLFSSL_ENTER("wolfSSL_EVP_CipherInit");
283 return wolfSSL_EVP_CipherInit(ctx, type, (byte*)key, (byte*)iv, 0);
284 }
285
wolfSSL_EVP_DecryptInit_ex(WOLFSSL_EVP_CIPHER_CTX * ctx,const WOLFSSL_EVP_CIPHER * type,WOLFSSL_ENGINE * impl,const unsigned char * key,const unsigned char * iv)286 int wolfSSL_EVP_DecryptInit_ex(WOLFSSL_EVP_CIPHER_CTX* ctx,
287 const WOLFSSL_EVP_CIPHER* type,
288 WOLFSSL_ENGINE *impl,
289 const unsigned char* key,
290 const unsigned char* iv)
291 {
292 (void) impl;
293 WOLFSSL_ENTER("wolfSSL_EVP_DecryptInit");
294 return wolfSSL_EVP_CipherInit(ctx, type, (byte*)key, (byte*)iv, 0);
295 }
296
297
wolfSSL_EVP_CIPHER_CTX_new(void)298 WOLFSSL_EVP_CIPHER_CTX *wolfSSL_EVP_CIPHER_CTX_new(void)
299 {
300 WOLFSSL_EVP_CIPHER_CTX *ctx = (WOLFSSL_EVP_CIPHER_CTX*)XMALLOC(sizeof *ctx,
301 NULL, DYNAMIC_TYPE_TMP_BUFFER);
302 if (ctx) {
303 WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_new");
304 wolfSSL_EVP_CIPHER_CTX_init(ctx);
305 }
306 return ctx;
307 }
308
wolfSSL_EVP_CIPHER_CTX_free(WOLFSSL_EVP_CIPHER_CTX * ctx)309 void wolfSSL_EVP_CIPHER_CTX_free(WOLFSSL_EVP_CIPHER_CTX *ctx)
310 {
311 if (ctx) {
312 WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_free");
313 wolfSSL_EVP_CIPHER_CTX_cleanup(ctx);
314 XFREE(ctx, NULL, DYNAMIC_TYPE_TMP_BUFFER);
315 }
316 }
317
wolfSSL_EVP_CIPHER_CTX_reset(WOLFSSL_EVP_CIPHER_CTX * ctx)318 int wolfSSL_EVP_CIPHER_CTX_reset(WOLFSSL_EVP_CIPHER_CTX *ctx)
319 {
320 int ret = WOLFSSL_FAILURE;
321
322 if (ctx != NULL) {
323 WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_reset");
324 wolfSSL_EVP_CIPHER_CTX_cleanup(ctx);
325 ret = WOLFSSL_SUCCESS;
326 }
327
328 return ret;
329 }
330
wolfSSL_EVP_CIPHER_CTX_mode(const WOLFSSL_EVP_CIPHER_CTX * ctx)331 unsigned long wolfSSL_EVP_CIPHER_CTX_mode(const WOLFSSL_EVP_CIPHER_CTX *ctx)
332 {
333 if (ctx == NULL) return 0;
334 return ctx->flags & WOLFSSL_EVP_CIPH_MODE;
335 }
336
wolfSSL_EVP_EncryptFinal(WOLFSSL_EVP_CIPHER_CTX * ctx,unsigned char * out,int * outl)337 int wolfSSL_EVP_EncryptFinal(WOLFSSL_EVP_CIPHER_CTX *ctx,
338 unsigned char *out, int *outl)
339 {
340 if (ctx && ctx->enc) {
341 WOLFSSL_ENTER("wolfSSL_EVP_EncryptFinal");
342 return wolfSSL_EVP_CipherFinal(ctx, out, outl);
343 }
344 else
345 return WOLFSSL_FAILURE;
346 }
347
348
wolfSSL_EVP_CipherInit_ex(WOLFSSL_EVP_CIPHER_CTX * ctx,const WOLFSSL_EVP_CIPHER * type,WOLFSSL_ENGINE * impl,const unsigned char * key,const unsigned char * iv,int enc)349 int wolfSSL_EVP_CipherInit_ex(WOLFSSL_EVP_CIPHER_CTX* ctx,
350 const WOLFSSL_EVP_CIPHER* type,
351 WOLFSSL_ENGINE *impl,
352 const unsigned char* key,
353 const unsigned char* iv,
354 int enc)
355 {
356 (void)impl;
357 return wolfSSL_EVP_CipherInit(ctx, type, key, iv, enc);
358 }
359
wolfSSL_EVP_EncryptFinal_ex(WOLFSSL_EVP_CIPHER_CTX * ctx,unsigned char * out,int * outl)360 int wolfSSL_EVP_EncryptFinal_ex(WOLFSSL_EVP_CIPHER_CTX *ctx,
361 unsigned char *out, int *outl)
362 {
363 if (ctx && ctx->enc) {
364 WOLFSSL_ENTER("wolfSSL_EVP_EncryptFinal_ex");
365 return wolfSSL_EVP_CipherFinal(ctx, out, outl);
366 }
367 else
368 return WOLFSSL_FAILURE;
369 }
370
wolfSSL_EVP_DecryptFinal(WOLFSSL_EVP_CIPHER_CTX * ctx,unsigned char * out,int * outl)371 int wolfSSL_EVP_DecryptFinal(WOLFSSL_EVP_CIPHER_CTX *ctx,
372 unsigned char *out, int *outl)
373 {
374 if (ctx && !ctx->enc) {
375 WOLFSSL_ENTER("wolfSSL_EVP_DecryptFinal");
376 return wolfSSL_EVP_CipherFinal(ctx, out, outl);
377 }
378 else {
379 return WOLFSSL_FAILURE;
380 }
381 }
382
wolfSSL_EVP_DecryptFinal_ex(WOLFSSL_EVP_CIPHER_CTX * ctx,unsigned char * out,int * outl)383 int wolfSSL_EVP_DecryptFinal_ex(WOLFSSL_EVP_CIPHER_CTX *ctx,
384 unsigned char *out, int *outl)
385 {
386 if (ctx && !ctx->enc) {
387 WOLFSSL_ENTER("wolfSSL_EVP_DecryptFinal_ex");
388 return wolfSSL_EVP_CipherFinal(ctx, out, outl);
389 }
390 else {
391 return WOLFSSL_FAILURE;
392 }
393 }
394
395
wolfSSL_EVP_DigestInit_ex(WOLFSSL_EVP_MD_CTX * ctx,const WOLFSSL_EVP_MD * type,WOLFSSL_ENGINE * impl)396 int wolfSSL_EVP_DigestInit_ex(WOLFSSL_EVP_MD_CTX* ctx,
397 const WOLFSSL_EVP_MD* type,
398 WOLFSSL_ENGINE *impl)
399 {
400 (void) impl;
401 WOLFSSL_ENTER("wolfSSL_EVP_DigestInit_ex");
402 return wolfSSL_EVP_DigestInit(ctx, type);
403 }
404
405 #ifdef DEBUG_WOLFSSL_EVP
406 #define PRINT_BUF(b, sz) { int _i; for(_i=0; _i<(sz); _i++) { \
407 printf("%02x(%c),", (b)[_i], (b)[_i]); if ((_i+1)%8==0)printf("\n");}}
408 #else
409 #define PRINT_BUF(b, sz)
410 #endif
411
fillBuff(WOLFSSL_EVP_CIPHER_CTX * ctx,const unsigned char * in,int sz)412 static int fillBuff(WOLFSSL_EVP_CIPHER_CTX *ctx, const unsigned char *in, int sz)
413 {
414 int fill;
415
416 if (sz > 0) {
417 if ((sz+ctx->bufUsed) > ctx->block_size) {
418 fill = ctx->block_size - ctx->bufUsed;
419 } else {
420 fill = sz;
421 }
422 XMEMCPY(&(ctx->buf[ctx->bufUsed]), in, fill);
423 ctx->bufUsed += fill;
424 return fill;
425 } else return 0;
426 }
427
evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX * ctx,unsigned char * out,const unsigned char * in,int inl)428 static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx,
429 unsigned char *out,
430 const unsigned char *in, int inl)
431 {
432 int ret = 0;
433
434 switch (ctx->cipherType) {
435 #if !defined(NO_AES)
436 #if defined(HAVE_AES_CBC)
437 case AES_128_CBC_TYPE:
438 case AES_192_CBC_TYPE:
439 case AES_256_CBC_TYPE:
440 if (ctx->enc)
441 ret = wc_AesCbcEncrypt(&ctx->cipher.aes, out, in, inl);
442 else
443 ret = wc_AesCbcDecrypt(&ctx->cipher.aes, out, in, inl);
444 break;
445 #endif
446 #if defined(WOLFSSL_AES_COUNTER)
447 case AES_128_CTR_TYPE:
448 case AES_192_CTR_TYPE:
449 case AES_256_CTR_TYPE:
450 ret = wc_AesCtrEncrypt(&ctx->cipher.aes, out, in, inl);
451 break;
452 #endif
453 #if defined(HAVE_AES_ECB)
454 case AES_128_ECB_TYPE:
455 case AES_192_ECB_TYPE:
456 case AES_256_ECB_TYPE:
457 if (ctx->enc)
458 ret = wc_AesEcbEncrypt(&ctx->cipher.aes, out, in, inl);
459 else
460 ret = wc_AesEcbDecrypt(&ctx->cipher.aes, out, in, inl);
461 break;
462 #endif
463 #if defined(WOLFSSL_AES_OFB)
464 case AES_128_OFB_TYPE:
465 case AES_192_OFB_TYPE:
466 case AES_256_OFB_TYPE:
467 if (ctx->enc)
468 ret = wc_AesOfbEncrypt(&ctx->cipher.aes, out, in, inl);
469 else
470 ret = wc_AesOfbDecrypt(&ctx->cipher.aes, out, in, inl);
471 break;
472 #endif
473 #if defined(WOLFSSL_AES_CFB)
474 #if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
475 case AES_128_CFB1_TYPE:
476 case AES_192_CFB1_TYPE:
477 case AES_256_CFB1_TYPE:
478 if (ctx->enc)
479 ret = wc_AesCfb1Encrypt(&ctx->cipher.aes, out, in,
480 inl * WOLFSSL_BIT_SIZE);
481 else
482 ret = wc_AesCfb1Decrypt(&ctx->cipher.aes, out, in,
483 inl * WOLFSSL_BIT_SIZE);
484 break;
485
486 case AES_128_CFB8_TYPE:
487 case AES_192_CFB8_TYPE:
488 case AES_256_CFB8_TYPE:
489 if (ctx->enc)
490 ret = wc_AesCfb8Encrypt(&ctx->cipher.aes, out, in, inl);
491 else
492 ret = wc_AesCfb8Decrypt(&ctx->cipher.aes, out, in, inl);
493 break;
494 #endif /* !HAVE_SELFTEST && !HAVE_FIPS */
495
496 case AES_128_CFB128_TYPE:
497 case AES_192_CFB128_TYPE:
498 case AES_256_CFB128_TYPE:
499 if (ctx->enc)
500 ret = wc_AesCfbEncrypt(&ctx->cipher.aes, out, in, inl);
501 else
502 ret = wc_AesCfbDecrypt(&ctx->cipher.aes, out, in, inl);
503 break;
504 #endif
505 #if defined(WOLFSSL_AES_XTS)
506 case AES_128_XTS_TYPE:
507 case AES_256_XTS_TYPE:
508 if (ctx->enc)
509 ret = wc_AesXtsEncrypt(&ctx->cipher.xts, out, in, inl,
510 ctx->iv, ctx->ivSz);
511 else
512 ret = wc_AesXtsDecrypt(&ctx->cipher.xts, out, in, inl,
513 ctx->iv, ctx->ivSz);
514 break;
515 #endif
516 #endif /* !NO_AES */
517 #ifndef NO_DES3
518 case DES_CBC_TYPE:
519 if (ctx->enc)
520 ret = wc_Des_CbcEncrypt(&ctx->cipher.des, out, in, inl);
521 else
522 ret = wc_Des_CbcDecrypt(&ctx->cipher.des, out, in, inl);
523 break;
524 case DES_EDE3_CBC_TYPE:
525 if (ctx->enc)
526 ret = wc_Des3_CbcEncrypt(&ctx->cipher.des3, out, in, inl);
527 else
528 ret = wc_Des3_CbcDecrypt(&ctx->cipher.des3, out, in, inl);
529 break;
530 #if defined(WOLFSSL_DES_ECB)
531 case DES_ECB_TYPE:
532 ret = wc_Des_EcbEncrypt(&ctx->cipher.des, out, in, inl);
533 break;
534 case DES_EDE3_ECB_TYPE:
535 ret = wc_Des3_EcbEncrypt(&ctx->cipher.des3, out, in, inl);
536 break;
537 #endif
538 #endif
539 #ifndef NO_RC4
540 case ARC4_TYPE:
541 wc_Arc4Process(&ctx->cipher.arc4, out, in, inl);
542 break;
543 #endif
544 default:
545 return WOLFSSL_FAILURE;
546 }
547
548 if (ret != 0)
549 return WOLFSSL_FAILURE; /* failure */
550
551 (void)in;
552 (void)inl;
553 (void)out;
554
555 return WOLFSSL_SUCCESS; /* success */
556 }
557
558 #if defined(HAVE_AESGCM)
559 #ifndef WOLFSSL_AESGCM_STREAM
wolfSSL_EVP_CipherUpdate_GCM_AAD(WOLFSSL_EVP_CIPHER_CTX * ctx,const unsigned char * in,int inl)560 static int wolfSSL_EVP_CipherUpdate_GCM_AAD(WOLFSSL_EVP_CIPHER_CTX *ctx,
561 const unsigned char *in, int inl) {
562 if (in && inl > 0) {
563 byte* tmp = (byte*)XREALLOC(ctx->gcmAuthIn,
564 ctx->gcmAuthInSz + inl, NULL, DYNAMIC_TYPE_OPENSSL);
565 if (tmp) {
566 ctx->gcmAuthIn = tmp;
567 XMEMCPY(ctx->gcmAuthIn + ctx->gcmAuthInSz, in, inl);
568 ctx->gcmAuthInSz += inl;
569 }
570 else {
571 WOLFSSL_MSG("realloc error");
572 return MEMORY_E;
573 }
574 }
575 return 0;
576 }
577 #endif /* WOLFSSL_AESGCM_STREAM */
578
wolfSSL_EVP_CipherUpdate_GCM(WOLFSSL_EVP_CIPHER_CTX * ctx,unsigned char * out,int * outl,const unsigned char * in,int inl)579 static int wolfSSL_EVP_CipherUpdate_GCM(WOLFSSL_EVP_CIPHER_CTX *ctx,
580 unsigned char *out, int *outl,
581 const unsigned char *in, int inl)
582 {
583 #ifndef WOLFSSL_AESGCM_STREAM
584 int ret = 0;
585
586 *outl = inl;
587 if (out) {
588 /* Buffer input for one-shot API */
589 if (inl > 0) {
590 byte* tmp;
591 tmp = (byte*)XREALLOC(ctx->gcmBuffer,
592 ctx->gcmBufferLen + inl, NULL,
593 DYNAMIC_TYPE_OPENSSL);
594 if (tmp) {
595 XMEMCPY(tmp + ctx->gcmBufferLen, in, inl);
596 ctx->gcmBufferLen += inl;
597 ctx->gcmBuffer = tmp;
598 *outl = 0;
599 }
600 else {
601 ret = MEMORY_E;
602 }
603 }
604 }
605 else {
606 ret = wolfSSL_EVP_CipherUpdate_GCM_AAD(ctx, in, inl);
607 }
608
609 if (ret != 0) {
610 *outl = 0;
611 return WOLFSSL_FAILURE;
612 }
613
614 return WOLFSSL_SUCCESS;
615 #else
616 int ret;
617
618 /* When out is NULL then this is AAD. */
619 if (out == NULL) {
620 if (ctx->enc) {
621 ret = wc_AesGcmEncryptUpdate(&ctx->cipher.aes, NULL, NULL, 0, in,
622 inl);
623 }
624 else {
625 ret = wc_AesGcmDecryptUpdate(&ctx->cipher.aes, NULL, NULL, 0, in,
626 inl);
627 }
628 }
629 /* When out is not NULL then this is plaintext/cipher text. */
630 else {
631 if (ctx->enc) {
632 ret = wc_AesGcmEncryptUpdate(&ctx->cipher.aes, out, in, inl, NULL,
633 0);
634 }
635 else {
636 ret = wc_AesGcmDecryptUpdate(&ctx->cipher.aes, out, in, inl, NULL,
637 0);
638 }
639 }
640 *outl = inl;
641 if (ret == 0) {
642 ret = WOLFSSL_SUCCESS;
643 }
644 else {
645 ret = WOLFSSL_FAILURE;
646 }
647 return ret;
648 #endif /* WOLFSSL_AESGCM_STREAM */
649 }
650 #endif /* HAVE_AESGCM */
651
652 /* returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure */
wolfSSL_EVP_CipherUpdate(WOLFSSL_EVP_CIPHER_CTX * ctx,unsigned char * out,int * outl,const unsigned char * in,int inl)653 int wolfSSL_EVP_CipherUpdate(WOLFSSL_EVP_CIPHER_CTX *ctx,
654 unsigned char *out, int *outl,
655 const unsigned char *in, int inl)
656 {
657 int blocks;
658 int fill;
659
660 WOLFSSL_ENTER("wolfSSL_EVP_CipherUpdate");
661 if (inl == 0 && in == NULL ) {
662 /* Nothing to do in this case. Just return. */
663 return WOLFSSL_SUCCESS;
664 }
665
666 if ((ctx == NULL) || (inl < 0) || (outl == NULL)|| (in == NULL)) {
667 WOLFSSL_MSG("Bad argument");
668 return WOLFSSL_FAILURE;
669 }
670
671 *outl = 0;
672
673 #if !defined(NO_AES) && defined(HAVE_AESGCM)
674 switch (ctx->cipherType) {
675 case AES_128_GCM_TYPE:
676 case AES_192_GCM_TYPE:
677 case AES_256_GCM_TYPE:
678 /* if out == NULL, in/inl contains the additional authenticated data * for GCM */
679 return wolfSSL_EVP_CipherUpdate_GCM(ctx, out, outl, in, inl);
680 default:
681 /* fall-through */
682 break;
683 }
684 #endif /* !defined(NO_AES) && defined(HAVE_AESGCM) */
685
686 if (out == NULL) {
687 return WOLFSSL_FAILURE;
688 }
689
690 /* if(inl == 0)wolfSSL_EVP_CipherUpdate_GCM to get tag */
691 if (inl == 0) {
692 return WOLFSSL_SUCCESS;
693 }
694 if (ctx->bufUsed > 0) { /* concatenate them if there is anything */
695 fill = fillBuff(ctx, in, inl);
696 inl -= fill;
697 in += fill;
698 }
699
700 /* check if the buff is full, and if so flash it out */
701 if (ctx->bufUsed == ctx->block_size) {
702 byte* output = out;
703
704 /* During decryption we save the last block to check padding on Final.
705 * Update the last block stored if one has already been stored */
706 if (ctx->enc == 0) {
707 if (ctx->lastUsed == 1) {
708 XMEMCPY(out, ctx->lastBlock, ctx->block_size);
709 *outl+= ctx->block_size;
710 out += ctx->block_size;
711 }
712 output = ctx->lastBlock; /* redirect output to last block buffer */
713 ctx->lastUsed = 1;
714 }
715
716 PRINT_BUF(ctx->buf, ctx->block_size);
717 if (evpCipherBlock(ctx, output, ctx->buf, ctx->block_size) == 0) {
718 return WOLFSSL_FAILURE;
719 }
720 PRINT_BUF(out, ctx->block_size);
721 ctx->bufUsed = 0;
722
723 /* if doing encryption update the new output block, decryption will
724 * always have the last block saved for when Final is called */
725 if ((ctx->enc != 0)) {
726 *outl+= ctx->block_size;
727 out += ctx->block_size;
728 }
729 }
730
731 blocks = inl / ctx->block_size;
732 if (blocks > 0) {
733 /* During decryption we save the last block to check padding on Final.
734 * Update the last block stored if one has already been stored */
735 if ((ctx->enc == 0) && (ctx->lastUsed == 1)) {
736 PRINT_BUF(ctx->lastBlock, ctx->block_size);
737 XMEMCPY(out, ctx->lastBlock, ctx->block_size);
738 *outl += ctx->block_size;
739 out += ctx->block_size;
740 ctx->lastUsed = 0;
741 }
742
743 /* process blocks */
744 if (evpCipherBlock(ctx, out, in, blocks * ctx->block_size) == 0) {
745 return WOLFSSL_FAILURE;
746 }
747 PRINT_BUF(in, ctx->block_size*blocks);
748 PRINT_BUF(out,ctx->block_size*blocks);
749 inl -= ctx->block_size * blocks;
750 in += ctx->block_size * blocks;
751 if (ctx->enc == 0) {
752 if ((ctx->flags & WOLFSSL_EVP_CIPH_NO_PADDING) ||
753 (ctx->block_size == 1)) {
754 ctx->lastUsed = 0;
755 *outl += ctx->block_size * blocks;
756 } else {
757 /* in the case of decryption and padding, store the last block
758 * here in order to verify the padding when Final is called */
759 if (inl == 0) { /* if not 0 then we know leftovers are checked*/
760 ctx->lastUsed = 1;
761 blocks = blocks - 1; /* save last block to check padding in
762 * EVP_CipherFinal call */
763 XMEMCPY(ctx->lastBlock, &out[ctx->block_size * blocks],
764 ctx->block_size);
765 }
766 *outl += ctx->block_size * blocks;
767 }
768 } else {
769 *outl += ctx->block_size * blocks;
770 }
771 }
772
773
774 if (inl > 0) {
775 /* put fraction into buff */
776 fillBuff(ctx, in, inl);
777 /* no increase of outl */
778 }
779 (void)out; /* silence warning in case not read */
780
781 return WOLFSSL_SUCCESS;
782 }
783
padBlock(WOLFSSL_EVP_CIPHER_CTX * ctx)784 static void padBlock(WOLFSSL_EVP_CIPHER_CTX *ctx)
785 {
786 int i;
787 for (i = ctx->bufUsed; i < ctx->block_size; i++)
788 ctx->buf[i] = (byte)(ctx->block_size - ctx->bufUsed);
789 }
790
checkPad(WOLFSSL_EVP_CIPHER_CTX * ctx,unsigned char * buff)791 static int checkPad(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *buff)
792 {
793 int i;
794 int n;
795 n = buff[ctx->block_size-1];
796 if (n > ctx->block_size) return -1;
797 for (i = 0; i < n; i++) {
798 if (buff[ctx->block_size-i-1] != n)
799 return -1;
800 }
801 return ctx->block_size - n;
802 }
803
wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX * ctx,unsigned char * out,int * outl)804 int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx,
805 unsigned char *out, int *outl)
806 {
807 int fl;
808 int ret = WOLFSSL_SUCCESS;
809 if (!ctx || !outl)
810 return WOLFSSL_FAILURE;
811
812 WOLFSSL_ENTER("wolfSSL_EVP_CipherFinal");
813 switch (ctx->cipherType) {
814 #if !defined(NO_AES) && defined(HAVE_AESGCM)
815 case AES_128_GCM_TYPE:
816 case AES_192_GCM_TYPE:
817 case AES_256_GCM_TYPE:
818 #ifndef WOLFSSL_AESGCM_STREAM
819 if ((ctx->gcmBuffer && ctx->gcmBufferLen > 0)
820 || (ctx->gcmBufferLen == 0)) {
821 if (ctx->enc)
822 ret = wc_AesGcmEncrypt(&ctx->cipher.aes, out,
823 ctx->gcmBuffer, ctx->gcmBufferLen,
824 ctx->iv, ctx->ivSz, ctx->authTag, ctx->authTagSz,
825 ctx->gcmAuthIn, ctx->gcmAuthInSz);
826 else
827 ret = wc_AesGcmDecrypt(&ctx->cipher.aes, out,
828 ctx->gcmBuffer, ctx->gcmBufferLen,
829 ctx->iv, ctx->ivSz, ctx->authTag, ctx->authTagSz,
830 ctx->gcmAuthIn, ctx->gcmAuthInSz);
831
832 if (ret == 0) {
833 ret = WOLFSSL_SUCCESS;
834 *outl = ctx->gcmBufferLen;
835 }
836 else {
837 ret = WOLFSSL_FAILURE;
838 *outl = 0;
839 }
840
841 XFREE(ctx->gcmBuffer, NULL, DYNAMIC_TYPE_OPENSSL);
842 ctx->gcmBuffer = NULL;
843 ctx->gcmBufferLen = 0;
844 }
845 else {
846 *outl = 0;
847 }
848 #else
849 /* No data to return - all handled in Update. */
850 *outl = 0;
851 if (ctx->enc) {
852 ret = wc_AesGcmEncryptFinal(&ctx->cipher.aes, ctx->authTag,
853 ctx->authTagSz);
854 }
855 else {
856 ret = wc_AesGcmDecryptFinal(&ctx->cipher.aes, ctx->authTag,
857 ctx->authTagSz);
858 }
859 if (ret == 0) {
860 ret = WOLFSSL_SUCCESS;
861 }
862 else {
863 ret = WOLFSSL_FAILURE;
864 }
865 #endif /* WOLFSSL_AESGCM_STREAM */
866 /* Clear IV, since IV reuse is not recommended for AES GCM. */
867 XMEMSET(ctx->iv, 0, AES_BLOCK_SIZE);
868 break;
869 #endif /* !NO_AES && HAVE_AESGCM */
870 default:
871 if (!out)
872 return WOLFSSL_FAILURE;
873
874 if (ctx->flags & WOLFSSL_EVP_CIPH_NO_PADDING) {
875 if (ctx->bufUsed != 0) return WOLFSSL_FAILURE;
876 *outl = 0;
877 }
878 else if (ctx->enc) {
879 if (ctx->block_size == 1) {
880 *outl = 0;
881 }
882 else if ((ctx->bufUsed >= 0) && (ctx->block_size != 1)) {
883 padBlock(ctx);
884 PRINT_BUF(ctx->buf, ctx->block_size);
885 if (evpCipherBlock(ctx, out, ctx->buf, ctx->block_size) == 0) {
886 WOLFSSL_MSG("Final Cipher Block failed");
887 ret = WOLFSSL_FAILURE;
888 }
889 else {
890 PRINT_BUF(out, ctx->block_size);
891 *outl = ctx->block_size;
892 }
893 }
894 }
895 else {
896 if (ctx->block_size == 1) {
897 *outl = 0;
898 }
899 else if ((ctx->bufUsed % ctx->block_size) != 0) {
900 *outl = 0;
901 /* not enough padding for decrypt */
902 WOLFSSL_MSG("Final Cipher Block not enough padding");
903 ret = WOLFSSL_FAILURE;
904 }
905 else if (ctx->lastUsed) {
906 PRINT_BUF(ctx->lastBlock, ctx->block_size);
907 if ((fl = checkPad(ctx, ctx->lastBlock)) >= 0) {
908 XMEMCPY(out, ctx->lastBlock, fl);
909 *outl = fl;
910 if (ctx->lastUsed == 0 && ctx->bufUsed == 0) {
911 /* return error in cases where the block length is
912 * incorrect */
913 WOLFSSL_MSG("Final Cipher Block bad length");
914 ret = WOLFSSL_FAILURE;
915 }
916 }
917 else {
918 ret = WOLFSSL_FAILURE;
919 }
920 }
921 else if (ctx->lastUsed == 0 && ctx->bufUsed == 0) {
922 /* return error in cases where the block length is
923 * incorrect */
924 ret = WOLFSSL_FAILURE;
925 }
926 }
927 break;
928 }
929
930 if (ret == WOLFSSL_SUCCESS) {
931 /* reset cipher state after final */
932 ret = wolfSSL_EVP_CipherInit(ctx, NULL, NULL, NULL, -1);
933 }
934 return ret;
935 }
936
937
938 #ifdef WOLFSSL_EVP_DECRYPT_LEGACY
939 /* This is a version of DecryptFinal to work with data encrypted with
940 * wolfSSL_EVP_EncryptFinal() with the broken padding. (pre-v3.12.0)
941 * Only call this after wolfSSL_EVP_CipherFinal() fails on a decrypt.
942 * Note, you don't know if the padding is good or bad with the old
943 * encrypt, but it is likely to be or bad. It will update the output
944 * length with the block_size so the last block is still captured. */
wolfSSL_EVP_DecryptFinal_legacy(WOLFSSL_EVP_CIPHER_CTX * ctx,unsigned char * out,int * outl)945 int wolfSSL_EVP_DecryptFinal_legacy(WOLFSSL_EVP_CIPHER_CTX *ctx,
946 unsigned char *out, int *outl)
947 {
948 int fl;
949 if (ctx == NULL || out == NULL || outl == NULL)
950 return BAD_FUNC_ARG;
951
952 WOLFSSL_ENTER("wolfSSL_EVP_DecryptFinal_legacy");
953 if (ctx->block_size == 1) {
954 *outl = 0;
955 return WOLFSSL_SUCCESS;
956 }
957 if ((ctx->bufUsed % ctx->block_size) != 0) {
958 *outl = 0;
959 /* not enough padding for decrypt */
960 return WOLFSSL_FAILURE;
961 }
962 /* The original behavior of CipherFinal() was like it is now,
963 * but checkPad would return 0 in case of a bad pad. It would
964 * treat the pad as 0, and leave the data in the output buffer,
965 * and not try to copy anything. This converts checkPad's -1 error
966 * code to block_size.
967 */
968 if (ctx->lastUsed) {
969 PRINT_BUF(ctx->lastBlock, ctx->block_size);
970 if ((fl = checkPad(ctx, ctx->lastBlock)) < 0) {
971 fl = ctx->block_size;
972 }
973 else {
974 XMEMCPY(out, ctx->lastBlock, fl);
975 }
976 *outl = fl;
977 }
978 /* return error in cases where the block length is incorrect */
979 if (ctx->lastUsed == 0 && ctx->bufUsed == 0) {
980 return WOLFSSL_FAILURE;
981 }
982
983 return WOLFSSL_SUCCESS;
984 }
985 #endif
986
wolfSSL_EVP_CIPHER_CTX_block_size(const WOLFSSL_EVP_CIPHER_CTX * ctx)987 int wolfSSL_EVP_CIPHER_CTX_block_size(const WOLFSSL_EVP_CIPHER_CTX *ctx)
988 {
989 if (ctx == NULL) return BAD_FUNC_ARG;
990 switch (ctx->cipherType) {
991 #if !defined(NO_AES) || !defined(NO_DES3)
992 #if !defined(NO_AES)
993 #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
994 case AES_128_CBC_TYPE:
995 case AES_192_CBC_TYPE:
996 case AES_256_CBC_TYPE:
997 #endif
998 #if defined(HAVE_AESGCM)
999 case AES_128_GCM_TYPE:
1000 case AES_192_GCM_TYPE:
1001 case AES_256_GCM_TYPE:
1002 #endif
1003 #if defined(WOLFSSL_AES_COUNTER)
1004 case AES_128_CTR_TYPE:
1005 case AES_192_CTR_TYPE:
1006 case AES_256_CTR_TYPE:
1007 #endif
1008 #if defined(WOLFSSL_AES_CFB)
1009 case AES_128_CFB1_TYPE:
1010 case AES_192_CFB1_TYPE:
1011 case AES_256_CFB1_TYPE:
1012 case AES_128_CFB8_TYPE:
1013 case AES_192_CFB8_TYPE:
1014 case AES_256_CFB8_TYPE:
1015 case AES_128_CFB128_TYPE:
1016 case AES_192_CFB128_TYPE:
1017 case AES_256_CFB128_TYPE:
1018 #endif
1019 #if defined(WOLFSSL_AES_OFB)
1020 case AES_128_OFB_TYPE:
1021 case AES_192_OFB_TYPE:
1022 case AES_256_OFB_TYPE:
1023 #endif
1024 #if defined(WOLFSSL_AES_XTS)
1025 case AES_128_XTS_TYPE:
1026 case AES_256_XTS_TYPE:
1027 #endif
1028
1029 case AES_128_ECB_TYPE:
1030 case AES_192_ECB_TYPE:
1031 case AES_256_ECB_TYPE:
1032 #endif /* !NO_AES */
1033 #ifndef NO_DES3
1034 case DES_CBC_TYPE:
1035 case DES_ECB_TYPE:
1036 case DES_EDE3_CBC_TYPE:
1037 case DES_EDE3_ECB_TYPE:
1038 #endif
1039 return ctx->block_size;
1040 #endif /* !NO_AES || !NO_DES3 */
1041 default:
1042 return 0;
1043 }
1044 }
1045
cipherType(const WOLFSSL_EVP_CIPHER * cipher)1046 static unsigned int cipherType(const WOLFSSL_EVP_CIPHER *cipher)
1047 {
1048 if (cipher == NULL) return 0; /* dummy for #ifdef */
1049 #ifndef NO_DES3
1050 else if (XSTRNCMP(cipher, EVP_DES_CBC, EVP_DES_SIZE) == 0)
1051 return DES_CBC_TYPE;
1052 else if (XSTRNCMP(cipher, EVP_DES_EDE3_CBC, EVP_DES_EDE3_SIZE) == 0)
1053 return DES_EDE3_CBC_TYPE;
1054 #if !defined(NO_DES3)
1055 else if (XSTRNCMP(cipher, EVP_DES_ECB, EVP_DES_SIZE) == 0)
1056 return DES_ECB_TYPE;
1057 else if (XSTRNCMP(cipher, EVP_DES_EDE3_ECB, EVP_DES_EDE3_SIZE) == 0)
1058 return DES_EDE3_ECB_TYPE;
1059 #endif /* NO_DES3 && HAVE_AES_ECB */
1060 #endif
1061 #if !defined(NO_AES)
1062 #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
1063 #ifdef WOLFSSL_AES_128
1064 else if (XSTRNCMP(cipher, EVP_AES_128_CBC, EVP_AES_SIZE) == 0)
1065 return AES_128_CBC_TYPE;
1066 #endif
1067 #ifdef WOLFSSL_AES_192
1068 else if (XSTRNCMP(cipher, EVP_AES_192_CBC, EVP_AES_SIZE) == 0)
1069 return AES_192_CBC_TYPE;
1070 #endif
1071 #ifdef WOLFSSL_AES_256
1072 else if (XSTRNCMP(cipher, EVP_AES_256_CBC, EVP_AES_SIZE) == 0)
1073 return AES_256_CBC_TYPE;
1074 #endif
1075 #endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */
1076 #if defined(HAVE_AESGCM)
1077 #ifdef WOLFSSL_AES_128
1078 else if (XSTRNCMP(cipher, EVP_AES_128_GCM, EVP_AES_SIZE) == 0)
1079 return AES_128_GCM_TYPE;
1080 #endif
1081 #ifdef WOLFSSL_AES_192
1082 else if (XSTRNCMP(cipher, EVP_AES_192_GCM, EVP_AES_SIZE) == 0)
1083 return AES_192_GCM_TYPE;
1084 #endif
1085 #ifdef WOLFSSL_AES_256
1086 else if (XSTRNCMP(cipher, EVP_AES_256_GCM, EVP_AES_SIZE) == 0)
1087 return AES_256_GCM_TYPE;
1088 #endif
1089 #endif /* HAVE_AESGCM */
1090 #if defined(WOLFSSL_AES_COUNTER)
1091 #ifdef WOLFSSL_AES_128
1092 else if (XSTRNCMP(cipher, EVP_AES_128_CTR, EVP_AES_SIZE) == 0)
1093 return AES_128_CTR_TYPE;
1094 #endif
1095 #ifdef WOLFSSL_AES_192
1096 else if (XSTRNCMP(cipher, EVP_AES_192_CTR, EVP_AES_SIZE) == 0)
1097 return AES_192_CTR_TYPE;
1098 #endif
1099 #ifdef WOLFSSL_AES_256
1100 else if (XSTRNCMP(cipher, EVP_AES_256_CTR, EVP_AES_SIZE) == 0)
1101 return AES_256_CTR_TYPE;
1102 #endif
1103 #endif /* HAVE_AES_CBC */
1104 #if defined(HAVE_AES_ECB)
1105 #ifdef WOLFSSL_AES_128
1106 else if (XSTRNCMP(cipher, EVP_AES_128_ECB, EVP_AES_SIZE) == 0)
1107 return AES_128_ECB_TYPE;
1108 #endif
1109 #ifdef WOLFSSL_AES_192
1110 else if (XSTRNCMP(cipher, EVP_AES_192_ECB, EVP_AES_SIZE) == 0)
1111 return AES_192_ECB_TYPE;
1112 #endif
1113 #ifdef WOLFSSL_AES_256
1114 else if (XSTRNCMP(cipher, EVP_AES_256_ECB, EVP_AES_SIZE) == 0)
1115 return AES_256_ECB_TYPE;
1116 #endif
1117 #endif /*HAVE_AES_CBC */
1118 #if defined(WOLFSSL_AES_XTS)
1119 #ifdef WOLFSSL_AES_128
1120 else if (XSTRNCMP(cipher, EVP_AES_128_XTS, EVP_AES_SIZE) == 0)
1121 return AES_128_XTS_TYPE;
1122 #endif
1123 #ifdef WOLFSSL_AES_256
1124 else if (XSTRNCMP(cipher, EVP_AES_256_XTS, EVP_AES_SIZE) == 0)
1125 return AES_256_XTS_TYPE;
1126 #endif
1127 #endif /* WOLFSSL_AES_XTS */
1128 #if defined(WOLFSSL_AES_CFB)
1129 #ifdef WOLFSSL_AES_128
1130 else if (XSTRNCMP(cipher, EVP_AES_128_CFB1, EVP_AESCFB_SIZE) == 0)
1131 return AES_128_CFB1_TYPE;
1132 #endif
1133 #ifdef WOLFSSL_AES_192
1134 else if (XSTRNCMP(cipher, EVP_AES_192_CFB1, EVP_AESCFB_SIZE) == 0)
1135 return AES_192_CFB1_TYPE;
1136 #endif
1137 #ifdef WOLFSSL_AES_256
1138 else if (XSTRNCMP(cipher, EVP_AES_256_CFB1, EVP_AESCFB_SIZE) == 0)
1139 return AES_256_CFB1_TYPE;
1140 #endif
1141 #ifdef WOLFSSL_AES_128
1142 else if (XSTRNCMP(cipher, EVP_AES_128_CFB8, EVP_AESCFB_SIZE) == 0)
1143 return AES_128_CFB8_TYPE;
1144 #endif
1145 #ifdef WOLFSSL_AES_192
1146 else if (XSTRNCMP(cipher, EVP_AES_192_CFB8, EVP_AESCFB_SIZE) == 0)
1147 return AES_192_CFB8_TYPE;
1148 #endif
1149 #ifdef WOLFSSL_AES_256
1150 else if (XSTRNCMP(cipher, EVP_AES_256_CFB8, EVP_AESCFB_SIZE) == 0)
1151 return AES_256_CFB8_TYPE;
1152 #endif
1153 #ifdef WOLFSSL_AES_128
1154 else if (XSTRNCMP(cipher, EVP_AES_128_CFB128, EVP_AESCFB_SIZE) == 0)
1155 return AES_128_CFB128_TYPE;
1156 #endif
1157 #ifdef WOLFSSL_AES_192
1158 else if (XSTRNCMP(cipher, EVP_AES_192_CFB128, EVP_AESCFB_SIZE) == 0)
1159 return AES_192_CFB128_TYPE;
1160 #endif
1161 #ifdef WOLFSSL_AES_256
1162 else if (XSTRNCMP(cipher, EVP_AES_256_CFB128, EVP_AESCFB_SIZE) == 0)
1163 return AES_256_CFB128_TYPE;
1164 #endif
1165 #endif /*HAVE_AES_CBC */
1166 #if defined(WOLFSSL_AES_OFB)
1167 #ifdef WOLFSSL_AES_128
1168 else if (XSTRNCMP(cipher, EVP_AES_128_OFB, EVP_AES_SIZE) == 0)
1169 return AES_128_OFB_TYPE;
1170 #endif
1171 #ifdef WOLFSSL_AES_192
1172 else if (XSTRNCMP(cipher, EVP_AES_192_OFB, EVP_AES_SIZE) == 0)
1173 return AES_192_OFB_TYPE;
1174 #endif
1175 #ifdef WOLFSSL_AES_256
1176 else if (XSTRNCMP(cipher, EVP_AES_256_OFB, EVP_AES_SIZE) == 0)
1177 return AES_256_OFB_TYPE;
1178 #endif
1179 #endif
1180 #endif /* !NO_AES */
1181
1182 #ifndef NO_RC4
1183 else if (XSTRNCMP(cipher, EVP_ARC4, EVP_ARC4_SIZE) == 0)
1184 return ARC4_TYPE;
1185 #endif
1186 else return 0;
1187 }
1188
wolfSSL_EVP_CIPHER_block_size(const WOLFSSL_EVP_CIPHER * cipher)1189 int wolfSSL_EVP_CIPHER_block_size(const WOLFSSL_EVP_CIPHER *cipher)
1190 {
1191 if (cipher == NULL) return BAD_FUNC_ARG;
1192 switch (cipherType(cipher)) {
1193 #if !defined(NO_AES)
1194 #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
1195 case AES_128_CBC_TYPE:
1196 case AES_192_CBC_TYPE:
1197 case AES_256_CBC_TYPE:
1198 return AES_BLOCK_SIZE;
1199 #endif
1200 #if defined(HAVE_AESGCM)
1201 case AES_128_GCM_TYPE:
1202 case AES_192_GCM_TYPE:
1203 case AES_256_GCM_TYPE:
1204 return 1;
1205 #endif
1206 #if defined(WOLFSSL_AES_COUNTER)
1207 case AES_128_CTR_TYPE:
1208 case AES_192_CTR_TYPE:
1209 case AES_256_CTR_TYPE:
1210 return 1;
1211 #endif
1212 #if defined(HAVE_AES_ECB)
1213 case AES_128_ECB_TYPE:
1214 case AES_192_ECB_TYPE:
1215 case AES_256_ECB_TYPE:
1216 return AES_BLOCK_SIZE;
1217 #endif
1218 #if defined(WOLFSSL_AES_CFB)
1219 case AES_128_CFB1_TYPE:
1220 case AES_192_CFB1_TYPE:
1221 case AES_256_CFB1_TYPE:
1222 case AES_128_CFB8_TYPE:
1223 case AES_192_CFB8_TYPE:
1224 case AES_256_CFB8_TYPE:
1225 case AES_128_CFB128_TYPE:
1226 case AES_192_CFB128_TYPE:
1227 case AES_256_CFB128_TYPE:
1228 return 1;
1229 #endif
1230 #if defined(WOLFSSL_AES_OFB)
1231 case AES_128_OFB_TYPE:
1232 case AES_192_OFB_TYPE:
1233 case AES_256_OFB_TYPE:
1234 return 1;
1235 #endif
1236 #if defined(WOLFSSL_AES_XTS)
1237 case AES_128_XTS_TYPE:
1238 case AES_256_XTS_TYPE:
1239 return 1;
1240 #endif
1241 #endif /* NO_AES */
1242
1243 #ifndef NO_RC4
1244 case ARC4_TYPE:
1245 return 1;
1246 #endif
1247
1248 #ifndef NO_DES3
1249 case DES_CBC_TYPE: return 8;
1250 case DES_EDE3_CBC_TYPE: return 8;
1251 case DES_ECB_TYPE: return 8;
1252 case DES_EDE3_ECB_TYPE: return 8;
1253 #endif
1254 default:
1255 return 0;
1256 }
1257 }
1258
WOLFSSL_CIPHER_mode(const WOLFSSL_EVP_CIPHER * cipher)1259 unsigned long WOLFSSL_CIPHER_mode(const WOLFSSL_EVP_CIPHER *cipher)
1260 {
1261 switch (cipherType(cipher)) {
1262 #if !defined(NO_AES)
1263 #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
1264 case AES_128_CBC_TYPE:
1265 case AES_192_CBC_TYPE:
1266 case AES_256_CBC_TYPE:
1267 return WOLFSSL_EVP_CIPH_CBC_MODE;
1268 #endif
1269 #if defined(HAVE_AESGCM)
1270 case AES_128_GCM_TYPE:
1271 case AES_192_GCM_TYPE:
1272 case AES_256_GCM_TYPE:
1273 return WOLFSSL_EVP_CIPH_GCM_MODE |
1274 WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER;
1275 #endif
1276 #if defined(WOLFSSL_AES_COUNTER)
1277 case AES_128_CTR_TYPE:
1278 case AES_192_CTR_TYPE:
1279 case AES_256_CTR_TYPE:
1280 return WOLFSSL_EVP_CIPH_CTR_MODE;
1281 #endif
1282 #if defined(WOLFSSL_AES_CFB)
1283 case AES_128_CFB1_TYPE:
1284 case AES_192_CFB1_TYPE:
1285 case AES_256_CFB1_TYPE:
1286 case AES_128_CFB8_TYPE:
1287 case AES_192_CFB8_TYPE:
1288 case AES_256_CFB8_TYPE:
1289 case AES_128_CFB128_TYPE:
1290 case AES_192_CFB128_TYPE:
1291 case AES_256_CFB128_TYPE:
1292 return WOLFSSL_EVP_CIPH_CFB_MODE;
1293 #endif
1294 #if defined(WOLFSSL_AES_OFB)
1295 case AES_128_OFB_TYPE:
1296 case AES_192_OFB_TYPE:
1297 case AES_256_OFB_TYPE:
1298 return WOLFSSL_EVP_CIPH_OFB_MODE;
1299 #endif
1300 #if defined(WOLFSSL_AES_XTS)
1301 case AES_128_XTS_TYPE:
1302 case AES_256_XTS_TYPE:
1303 return WOLFSSL_EVP_CIPH_XTS_MODE;
1304 #endif
1305 case AES_128_ECB_TYPE:
1306 case AES_192_ECB_TYPE:
1307 case AES_256_ECB_TYPE:
1308 return WOLFSSL_EVP_CIPH_ECB_MODE;
1309 #endif /* !NO_AES */
1310 #ifndef NO_DES3
1311 case DES_CBC_TYPE:
1312 case DES_EDE3_CBC_TYPE:
1313 return WOLFSSL_EVP_CIPH_CBC_MODE;
1314 case DES_ECB_TYPE:
1315 case DES_EDE3_ECB_TYPE:
1316 return WOLFSSL_EVP_CIPH_ECB_MODE;
1317 #endif
1318 #ifndef NO_RC4
1319 case ARC4_TYPE:
1320 return EVP_CIPH_STREAM_CIPHER;
1321 #endif
1322 default:
1323 return 0;
1324 }
1325 }
1326
WOLFSSL_EVP_CIPHER_mode(const WOLFSSL_EVP_CIPHER * cipher)1327 unsigned long WOLFSSL_EVP_CIPHER_mode(const WOLFSSL_EVP_CIPHER *cipher)
1328 {
1329 if (cipher == NULL) return 0;
1330 return WOLFSSL_CIPHER_mode(cipher) & WOLFSSL_EVP_CIPH_MODE;
1331 }
1332
wolfSSL_EVP_CIPHER_CTX_set_flags(WOLFSSL_EVP_CIPHER_CTX * ctx,int flags)1333 void wolfSSL_EVP_CIPHER_CTX_set_flags(WOLFSSL_EVP_CIPHER_CTX *ctx, int flags)
1334 {
1335 if (ctx != NULL) {
1336 ctx->flags |= flags;
1337 }
1338 }
1339
wolfSSL_EVP_CIPHER_CTX_clear_flags(WOLFSSL_EVP_CIPHER_CTX * ctx,int flags)1340 void wolfSSL_EVP_CIPHER_CTX_clear_flags(WOLFSSL_EVP_CIPHER_CTX *ctx, int flags)
1341 {
1342 if (ctx != NULL) {
1343 ctx->flags &= ~flags;
1344 }
1345 }
1346
wolfSSL_EVP_CIPHER_flags(const WOLFSSL_EVP_CIPHER * cipher)1347 unsigned long wolfSSL_EVP_CIPHER_flags(const WOLFSSL_EVP_CIPHER *cipher)
1348 {
1349 if (cipher == NULL) return 0;
1350 return WOLFSSL_CIPHER_mode(cipher);
1351 }
1352
wolfSSL_EVP_CIPHER_CTX_set_padding(WOLFSSL_EVP_CIPHER_CTX * ctx,int padding)1353 int wolfSSL_EVP_CIPHER_CTX_set_padding(WOLFSSL_EVP_CIPHER_CTX *ctx, int padding)
1354 {
1355 if (ctx == NULL) return BAD_FUNC_ARG;
1356 if (padding) {
1357 ctx->flags &= ~WOLFSSL_EVP_CIPH_NO_PADDING;
1358 }
1359 else {
1360 ctx->flags |= WOLFSSL_EVP_CIPH_NO_PADDING;
1361 }
1362 return 1;
1363 }
1364
wolfSSL_EVP_add_digest(const WOLFSSL_EVP_MD * digest)1365 int wolfSSL_EVP_add_digest(const WOLFSSL_EVP_MD *digest)
1366 {
1367 (void)digest;
1368 /* nothing to do */
1369 return 0;
1370 }
1371
1372
1373 /* Frees the WOLFSSL_EVP_PKEY_CTX passed in.
1374 *
1375 * return WOLFSSL_SUCCESS on success
1376 */
1377 #if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
wolfSSL_EVP_PKEY_CTX_free(WOLFSSL_EVP_PKEY_CTX * ctx)1378 void wolfSSL_EVP_PKEY_CTX_free(WOLFSSL_EVP_PKEY_CTX *ctx)
1379 #else
1380 int wolfSSL_EVP_PKEY_CTX_free(WOLFSSL_EVP_PKEY_CTX *ctx)
1381 #endif
1382 {
1383 if (ctx == NULL)
1384 #if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
1385 return;
1386 #else
1387 return 0;
1388 #endif
1389 WOLFSSL_ENTER("EVP_PKEY_CTX_free");
1390 if (ctx->pkey != NULL)
1391 wolfSSL_EVP_PKEY_free(ctx->pkey);
1392 if (ctx->peerKey != NULL)
1393 wolfSSL_EVP_PKEY_free(ctx->peerKey);
1394 XFREE(ctx, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
1395 #if !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100000L
1396 return WOLFSSL_SUCCESS;
1397 #endif
1398 }
1399
1400
1401 /* Creates a new WOLFSSL_EVP_PKEY_CTX structure.
1402 *
1403 * pkey key structure to use with new WOLFSSL_EVP_PEKY_CTX
1404 * e engine to use. It should be NULL at this time.
1405 *
1406 * return the new structure on success and NULL if failed.
1407 */
wolfSSL_EVP_PKEY_CTX_new(WOLFSSL_EVP_PKEY * pkey,WOLFSSL_ENGINE * e)1408 WOLFSSL_EVP_PKEY_CTX *wolfSSL_EVP_PKEY_CTX_new(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_ENGINE *e)
1409 {
1410 WOLFSSL_EVP_PKEY_CTX* ctx;
1411
1412 if (pkey == NULL) return 0;
1413 if (e != NULL) return 0;
1414 WOLFSSL_ENTER("EVP_PKEY_CTX_new");
1415
1416 ctx = (WOLFSSL_EVP_PKEY_CTX*)XMALLOC(sizeof(WOLFSSL_EVP_PKEY_CTX), NULL,
1417 DYNAMIC_TYPE_PUBLIC_KEY);
1418 if (ctx == NULL) return NULL;
1419 XMEMSET(ctx, 0, sizeof(WOLFSSL_EVP_PKEY_CTX));
1420 ctx->pkey = pkey;
1421 #if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
1422 ctx->padding = RSA_PKCS1_PADDING;
1423 #endif
1424 #ifdef HAVE_ECC
1425 ctx->curveNID = ECC_CURVE_DEF;
1426 #endif
1427 if (wolfSSL_EVP_PKEY_up_ref(pkey) != WOLFSSL_SUCCESS) {
1428 WOLFSSL_MSG("Couldn't increase key reference count");
1429 }
1430 return ctx;
1431 }
1432
1433
1434 /* Sets the type of RSA padding to use.
1435 *
1436 * ctx structure to set padding in.
1437 * padding RSA padding type
1438 *
1439 * returns WOLFSSL_SUCCESS on success.
1440 */
wolfSSL_EVP_PKEY_CTX_set_rsa_padding(WOLFSSL_EVP_PKEY_CTX * ctx,int padding)1441 int wolfSSL_EVP_PKEY_CTX_set_rsa_padding(WOLFSSL_EVP_PKEY_CTX *ctx, int padding)
1442 {
1443 if (ctx == NULL) return 0;
1444 WOLFSSL_ENTER("EVP_PKEY_CTX_set_rsa_padding");
1445 ctx->padding = padding;
1446 return WOLFSSL_SUCCESS;
1447 }
1448
1449 /* create a PKEY contxt and return it */
wolfSSL_EVP_PKEY_CTX_new_id(int id,WOLFSSL_ENGINE * e)1450 WOLFSSL_EVP_PKEY_CTX *wolfSSL_EVP_PKEY_CTX_new_id(int id, WOLFSSL_ENGINE *e)
1451 {
1452 WOLFSSL_EVP_PKEY* pkey;
1453 WOLFSSL_EVP_PKEY_CTX* ctx = NULL;
1454
1455 WOLFSSL_ENTER("wolfSSL_EVP_PKEY_CTX_new_id");
1456
1457 pkey = wolfSSL_EVP_PKEY_new_ex(NULL);
1458 if (pkey) {
1459 pkey->type = id;
1460 ctx = wolfSSL_EVP_PKEY_CTX_new(pkey, e);
1461 /* wolfSSL_EVP_PKEY_CTX_new calls wolfSSL_EVP_PKEY_up_ref so we need
1462 * to always call wolfSSL_EVP_PKEY_free (either to free it if an
1463 * error occured in the previous function or to decrease the reference
1464 * count so that pkey is actually free'd when wolfSSL_EVP_PKEY_CTX_free
1465 * is called) */
1466 wolfSSL_EVP_PKEY_free(pkey);
1467 }
1468 return ctx;
1469 }
1470
1471 /* Returns WOLFSSL_SUCCESS or error */
wolfSSL_EVP_PKEY_CTX_set_rsa_keygen_bits(WOLFSSL_EVP_PKEY_CTX * ctx,int bits)1472 int wolfSSL_EVP_PKEY_CTX_set_rsa_keygen_bits(WOLFSSL_EVP_PKEY_CTX *ctx, int bits)
1473 {
1474 if (ctx) {
1475 ctx->nbits = bits;
1476 }
1477 return WOLFSSL_SUCCESS;
1478 }
1479
1480
wolfSSL_EVP_PKEY_derive_init(WOLFSSL_EVP_PKEY_CTX * ctx)1481 int wolfSSL_EVP_PKEY_derive_init(WOLFSSL_EVP_PKEY_CTX *ctx)
1482 {
1483 WOLFSSL_ENTER("wolfSSL_EVP_PKEY_derive_init");
1484
1485 if (!ctx) {
1486 return WOLFSSL_FAILURE;
1487 }
1488 wolfSSL_EVP_PKEY_free(ctx->peerKey);
1489 ctx->op = EVP_PKEY_OP_DERIVE;
1490 ctx->padding = 0;
1491 ctx->nbits = 0;
1492 return WOLFSSL_SUCCESS;
1493 }
1494
wolfSSL_EVP_PKEY_derive_set_peer(WOLFSSL_EVP_PKEY_CTX * ctx,WOLFSSL_EVP_PKEY * peer)1495 int wolfSSL_EVP_PKEY_derive_set_peer(WOLFSSL_EVP_PKEY_CTX *ctx, WOLFSSL_EVP_PKEY *peer)
1496 {
1497 WOLFSSL_ENTER("wolfSSL_EVP_PKEY_derive_set_peer");
1498
1499 if (!ctx || ctx->op != EVP_PKEY_OP_DERIVE) {
1500 return WOLFSSL_FAILURE;
1501 }
1502 wolfSSL_EVP_PKEY_free(ctx->peerKey);
1503 ctx->peerKey = peer;
1504 if (!wolfSSL_EVP_PKEY_up_ref(peer)) {
1505 ctx->peerKey = NULL;
1506 return WOLFSSL_FAILURE;
1507 }
1508 return WOLFSSL_SUCCESS;
1509 }
1510
1511 #ifndef NO_WOLFSSL_STUB
wolfSSL_EVP_PKEY_CTX_ctrl_str(WOLFSSL_EVP_PKEY_CTX * ctx,const char * name,const char * value)1512 int wolfSSL_EVP_PKEY_CTX_ctrl_str(WOLFSSL_EVP_PKEY_CTX *ctx,
1513 const char *name, const char *value)
1514 {
1515 WOLFSSL_STUB("wolfSSL_EVP_PKEY_CTX_ctrl_str");
1516 (void)ctx;
1517 (void)name;
1518 (void)value;
1519 return WOLFSSL_FAILURE;
1520 }
1521 #endif /* NO_WOLFSSL_STUB */
1522
1523 #if (!defined(NO_DH) && defined(WOLFSSL_DH_EXTRA)) || defined(HAVE_ECC)
1524 #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX * ctx,unsigned char * key,size_t * keylen)1525 int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
1526 {
1527 int len;
1528
1529 WOLFSSL_ENTER("wolfSSL_EVP_PKEY_derive");
1530
1531 if (!ctx || ctx->op != EVP_PKEY_OP_DERIVE || !ctx->pkey || !ctx->peerKey || !keylen
1532 || ctx->pkey->type != ctx->peerKey->type) {
1533 return WOLFSSL_FAILURE;
1534 }
1535 switch (ctx->pkey->type) {
1536 #ifndef NO_DH
1537 case EVP_PKEY_DH:
1538 /* Use DH */
1539 if (!ctx->pkey->dh || !ctx->peerKey->dh || !ctx->peerKey->dh->pub_key) {
1540 return WOLFSSL_FAILURE;
1541 }
1542 if ((len = wolfSSL_DH_size(ctx->pkey->dh)) <= 0) {
1543 return WOLFSSL_FAILURE;
1544 }
1545 if (key) {
1546 if (*keylen < (size_t)len) {
1547 return WOLFSSL_FAILURE;
1548 }
1549 /* computed DH agreement can be less than DH size if leading zeros */
1550 if (wolfSSL_DH_compute_key(key, ctx->peerKey->dh->pub_key,
1551 ctx->pkey->dh) <= 0) {
1552 return WOLFSSL_FAILURE;
1553 }
1554 }
1555 *keylen = (size_t)len;
1556 break;
1557 #endif
1558 #ifdef HAVE_ECC
1559 case EVP_PKEY_EC:
1560 /* Use ECDH */
1561 if (!ctx->pkey->ecc || !ctx->peerKey->ecc) {
1562 return WOLFSSL_FAILURE;
1563 }
1564 /* set internal key if not done */
1565 if (!ctx->pkey->ecc->inSet) {
1566 if (SetECKeyInternal(ctx->pkey->ecc) != WOLFSSL_SUCCESS) {
1567 WOLFSSL_MSG("SetECKeyInternal failed");
1568 return WOLFSSL_FAILURE;
1569 }
1570 }
1571 if (!ctx->peerKey->ecc->exSet || !ctx->peerKey->ecc->pub_key->internal) {
1572 if (SetECKeyExternal(ctx->peerKey->ecc) != WOLFSSL_SUCCESS) {
1573 WOLFSSL_MSG("SetECKeyExternal failed");
1574 return WOLFSSL_FAILURE;
1575 }
1576 }
1577 if (!(len = wc_ecc_size((ecc_key*)ctx->pkey->ecc->internal))) {
1578 return WOLFSSL_FAILURE;
1579 }
1580 if (key) {
1581 word32 len32 = (word32)len;
1582 #if defined(ECC_TIMING_RESISTANT) && !defined(HAVE_SELFTEST) \
1583 && (!defined(HAVE_FIPS) || \
1584 (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2))
1585
1586 WC_RNG rng;
1587 if (wc_InitRng(&rng) != MP_OKAY) {
1588 WOLFSSL_MSG("Init RNG failed");
1589 return WOLFSSL_FAILURE;
1590 }
1591 ((ecc_key*)ctx->pkey->ecc->internal)->rng = &rng;
1592 #endif
1593 if (*keylen < len32) {
1594 WOLFSSL_MSG("buffer too short");
1595 #if defined(ECC_TIMING_RESISTANT) && !defined(HAVE_SELFTEST) \
1596 && (!defined(HAVE_FIPS) || \
1597 (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2))
1598 ((ecc_key*)ctx->pkey->ecc->internal)->rng = NULL;
1599 wc_FreeRng(&rng);
1600 #endif
1601 return WOLFSSL_FAILURE;
1602 }
1603 if (wc_ecc_shared_secret_ssh((ecc_key*)ctx->pkey->ecc->internal,
1604 (ecc_point*)ctx->peerKey->ecc->pub_key->internal,
1605 key, &len32) != MP_OKAY) {
1606 WOLFSSL_MSG("wc_ecc_shared_secret failed");
1607 #if defined(ECC_TIMING_RESISTANT) && !defined(HAVE_SELFTEST) \
1608 && (!defined(HAVE_FIPS) || \
1609 (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2))
1610 ((ecc_key*)ctx->pkey->ecc->internal)->rng = NULL;
1611 wc_FreeRng(&rng);
1612 #endif
1613 return WOLFSSL_FAILURE;
1614 }
1615 #if defined(ECC_TIMING_RESISTANT) && !defined(HAVE_SELFTEST) \
1616 && (!defined(HAVE_FIPS) || \
1617 (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2))
1618 ((ecc_key*)ctx->pkey->ecc->internal)->rng = NULL;
1619 wc_FreeRng(&rng);
1620 #endif
1621 len = (int)len32;
1622 }
1623 *keylen = (size_t)len;
1624 break;
1625 #endif
1626 default:
1627 WOLFSSL_MSG("Unknown key type");
1628 return WOLFSSL_FAILURE;
1629 }
1630 return WOLFSSL_SUCCESS;
1631 }
1632 #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
1633 #endif /* (!NO_DH && WOLFSSL_DH_EXTRA) || HAVE_ECC */
1634
1635 /* Uses the WOLFSSL_EVP_PKEY_CTX to decrypt a buffer.
1636 *
1637 * ctx EVP_PKEY context of operation.
1638 * out Decrypted output buffer. If NULL, puts the maximum output buffer size
1639 in outLen and returns success.
1640 * outLen If out is NULL, see above. If out is non-NULL, on input outLen holds
1641 * the size of out. On output holds the length of actual decryption.
1642 * in Encrypted input buffer.
1643 * inLen Length of encrypted data.
1644 *
1645 * Returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure.
1646 */
wolfSSL_EVP_PKEY_decrypt(WOLFSSL_EVP_PKEY_CTX * ctx,unsigned char * out,size_t * outLen,const unsigned char * in,size_t inLen)1647 int wolfSSL_EVP_PKEY_decrypt(WOLFSSL_EVP_PKEY_CTX *ctx,
1648 unsigned char *out, size_t *outLen,
1649 const unsigned char *in, size_t inLen)
1650 {
1651 int len = 0;
1652
1653 WOLFSSL_ENTER("EVP_PKEY_decrypt");
1654
1655 if (ctx == NULL || ctx->pkey == NULL) {
1656 WOLFSSL_MSG("Bad parameter.");
1657 return 0;
1658 }
1659
1660 (void)out;
1661 (void)outLen;
1662 (void)in;
1663 (void)inLen;
1664 (void)len;
1665
1666 switch (ctx->pkey->type) {
1667 #if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
1668 case EVP_PKEY_RSA:
1669 if (out == NULL) {
1670 if (ctx->pkey->rsa == NULL) {
1671 WOLFSSL_MSG("Internal wolfCrypt RSA object is NULL.");
1672 return WOLFSSL_FAILURE;
1673 }
1674 len = wolfSSL_RSA_size(ctx->pkey->rsa);
1675 if (len <= 0) {
1676 WOLFSSL_MSG("Error getting RSA size.");
1677 return WOLFSSL_FAILURE;
1678 }
1679 if (outLen == NULL) {
1680 WOLFSSL_MSG("outLen is NULL.");
1681 return WOLFSSL_FAILURE;
1682 }
1683
1684 *outLen = len;
1685 return WOLFSSL_SUCCESS;
1686 }
1687
1688 len = wolfSSL_RSA_private_decrypt((int)inLen, (unsigned char*)in, out,
1689 ctx->pkey->rsa, ctx->padding);
1690 if (len < 0) break;
1691 else {
1692 *outLen = len;
1693 return WOLFSSL_SUCCESS;
1694 }
1695 #endif /* NO_RSA */
1696
1697 case EVP_PKEY_EC:
1698 WOLFSSL_MSG("EVP_PKEY_EC not implemented.");
1699 FALL_THROUGH;
1700 default:
1701 break;
1702 }
1703
1704 return WOLFSSL_FAILURE;
1705 }
1706
1707
1708 /* Initialize a WOLFSSL_EVP_PKEY_CTX structure for decryption
1709 *
1710 * ctx WOLFSSL_EVP_PKEY_CTX structure to use with decryption
1711 *
1712 * Returns WOLFSSL_FAILURE on failure and WOLFSSL_SUCCESS on success
1713 */
wolfSSL_EVP_PKEY_decrypt_init(WOLFSSL_EVP_PKEY_CTX * ctx)1714 int wolfSSL_EVP_PKEY_decrypt_init(WOLFSSL_EVP_PKEY_CTX *ctx)
1715 {
1716 if (ctx == NULL) return WOLFSSL_FAILURE;
1717 WOLFSSL_ENTER("EVP_PKEY_decrypt_init");
1718 switch (ctx->pkey->type) {
1719 case EVP_PKEY_RSA:
1720 ctx->op = EVP_PKEY_OP_DECRYPT;
1721 return WOLFSSL_SUCCESS;
1722 case EVP_PKEY_EC:
1723 WOLFSSL_MSG("not implemented");
1724 FALL_THROUGH;
1725 default:
1726 break;
1727 }
1728 return WOLFSSL_FAILURE;
1729 }
1730
1731
1732 /* Uses the WOLFSSL_EVP_PKEY_CTX to encrypt a buffer.
1733 *
1734 * ctx EVP_PKEY context of operation.
1735 * out Encrypted output buffer. If NULL, puts the maximum output buffer size
1736 * in outlen and returns success.
1737 * outLen If out is NULL, see above. If out is non-NULL, on input outLen holds
1738 * the size of out. On output holds the length of actual encryption.
1739 * in Plaintext input buffer.
1740 * inLen Length of plaintext.
1741 *
1742 * Returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure.
1743 */
wolfSSL_EVP_PKEY_encrypt(WOLFSSL_EVP_PKEY_CTX * ctx,unsigned char * out,size_t * outLen,const unsigned char * in,size_t inLen)1744 int wolfSSL_EVP_PKEY_encrypt(WOLFSSL_EVP_PKEY_CTX *ctx,
1745 unsigned char *out, size_t *outLen,
1746 const unsigned char *in, size_t inLen)
1747 {
1748 int len = 0;
1749
1750 WOLFSSL_ENTER("EVP_PKEY_encrypt");
1751
1752 if (ctx == NULL || ctx->pkey == NULL) {
1753 WOLFSSL_MSG("Bad parameter.");
1754 return 0;
1755 }
1756
1757 if (ctx->op != EVP_PKEY_OP_ENCRYPT) {
1758 WOLFSSL_MSG("ctx->op must be set to EVP_PKEY_OP_ENCRYPT. Use "
1759 "wolfSSL_EVP_PKEY_encrypt_init.");
1760 return WOLFSSL_FAILURE;
1761 }
1762
1763 (void)out;
1764 (void)outLen;
1765 (void)in;
1766 (void)inLen;
1767 (void)len;
1768
1769 switch (ctx->pkey->type) {
1770 #if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
1771 case EVP_PKEY_RSA:
1772 if (out == NULL) {
1773 if (ctx->pkey->rsa == NULL) {
1774 WOLFSSL_MSG("Internal wolfCrypt RSA object is NULL.");
1775 return WOLFSSL_FAILURE;
1776 }
1777 len = wolfSSL_RSA_size(ctx->pkey->rsa);
1778 if (len <= 0) {
1779 WOLFSSL_MSG("Error getting RSA size.");
1780 return WOLFSSL_FAILURE;
1781 }
1782 if (outLen == NULL) {
1783 WOLFSSL_MSG("outLen is NULL.");
1784 return WOLFSSL_FAILURE;
1785 }
1786
1787 *outLen = len;
1788 return WOLFSSL_SUCCESS;
1789 }
1790
1791 len = wolfSSL_RSA_public_encrypt((int)inLen, (unsigned char *)in, out,
1792 ctx->pkey->rsa, ctx->padding);
1793 if (len < 0)
1794 break;
1795 else {
1796 *outLen = len;
1797 return WOLFSSL_SUCCESS;
1798 }
1799 #endif /* NO_RSA */
1800
1801 case EVP_PKEY_EC:
1802 WOLFSSL_MSG("EVP_PKEY_EC not implemented");
1803 FALL_THROUGH;
1804 default:
1805 break;
1806 }
1807
1808 return WOLFSSL_FAILURE;
1809 }
1810
1811
1812 /* Initialize a WOLFSSL_EVP_PKEY_CTX structure to encrypt data
1813 *
1814 * ctx WOLFSSL_EVP_PKEY_CTX structure to use with encryption
1815 *
1816 * Returns WOLFSSL_FAILURE on failure and WOLFSSL_SUCCESS on success
1817 */
wolfSSL_EVP_PKEY_encrypt_init(WOLFSSL_EVP_PKEY_CTX * ctx)1818 int wolfSSL_EVP_PKEY_encrypt_init(WOLFSSL_EVP_PKEY_CTX *ctx)
1819 {
1820 if (ctx == NULL) return WOLFSSL_FAILURE;
1821 WOLFSSL_ENTER("EVP_PKEY_encrypt_init");
1822
1823 switch (ctx->pkey->type) {
1824 case EVP_PKEY_RSA:
1825 ctx->op = EVP_PKEY_OP_ENCRYPT;
1826 return WOLFSSL_SUCCESS;
1827 case EVP_PKEY_EC:
1828 WOLFSSL_MSG("not implemented");
1829 FALL_THROUGH;
1830 default:
1831 break;
1832 }
1833 return WOLFSSL_FAILURE;
1834 }
1835 /******************************************************************************
1836 * wolfSSL_EVP_PKEY_sign_init - initializes a public key algorithm context for
1837 * a signing operation.
1838 *
1839 * RETURNS:
1840 * returns WOLFSSL_SUCCESS on success, otherwise returns -2
1841 */
wolfSSL_EVP_PKEY_sign_init(WOLFSSL_EVP_PKEY_CTX * ctx)1842 int wolfSSL_EVP_PKEY_sign_init(WOLFSSL_EVP_PKEY_CTX *ctx)
1843 {
1844 int ret = -2;
1845
1846 WOLFSSL_MSG("wolfSSL_EVP_PKEY_sign_init");
1847 if (!ctx || !ctx->pkey)
1848 return ret;
1849
1850 switch (ctx->pkey->type) {
1851 case EVP_PKEY_RSA:
1852 ctx->op = EVP_PKEY_OP_SIGN;
1853 ret = WOLFSSL_SUCCESS;
1854 break;
1855 case EVP_PKEY_EC:
1856 WOLFSSL_MSG("not implemented");
1857 FALL_THROUGH;
1858 default:
1859 ret = -2;
1860 }
1861 return ret;
1862 }
1863 /******************************************************************************
1864 * wolfSSL_EVP_PKEY_sign - performs a public key signing operation using ctx
1865 * The data to be signed should be hashed since the function does not hash the data.
1866 *
1867 * RETURNS:
1868 * returns WOLFSSL_SUCCESS on success, otherwise returns WOLFSSL_FAILURE
1869 */
1870
wolfSSL_EVP_PKEY_sign(WOLFSSL_EVP_PKEY_CTX * ctx,unsigned char * sig,size_t * siglen,const unsigned char * tbs,size_t tbslen)1871 int wolfSSL_EVP_PKEY_sign(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *sig,
1872 size_t *siglen, const unsigned char *tbs, size_t tbslen)
1873 {
1874 int len = 0;
1875
1876 WOLFSSL_MSG("wolfSSL_EVP_PKEY_sign");
1877
1878 if (!ctx || ctx->op != EVP_PKEY_OP_SIGN || !ctx->pkey)
1879 return WOLFSSL_FAILURE;
1880
1881 (void)sig;
1882 (void)siglen;
1883 (void)tbs;
1884 (void)tbslen;
1885 (void)len;
1886
1887 switch (ctx->pkey->type) {
1888 #if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
1889 case EVP_PKEY_RSA:
1890 len = wolfSSL_RSA_private_encrypt((int)tbslen, tbs, sig,
1891 ctx->pkey->rsa, ctx->padding);
1892 if (len < 0)
1893 break;
1894 else {
1895 *siglen = len;
1896 return WOLFSSL_SUCCESS;
1897 }
1898 #endif /* NO_RSA */
1899
1900 case EVP_PKEY_EC:
1901 WOLFSSL_MSG("not implemented");
1902 FALL_THROUGH;
1903 default:
1904 break;
1905 }
1906 return WOLFSSL_FAILURE;
1907 }
1908
1909 /* Get the size in bits for WOLFSSL_EVP_PKEY key
1910 *
1911 * pkey WOLFSSL_EVP_PKEY structure to get key size of
1912 *
1913 * returns the size in bits of key on success
1914 */
wolfSSL_EVP_PKEY_bits(const WOLFSSL_EVP_PKEY * pkey)1915 int wolfSSL_EVP_PKEY_bits(const WOLFSSL_EVP_PKEY *pkey)
1916 {
1917 int bytes;
1918
1919 if (pkey == NULL) return 0;
1920 WOLFSSL_ENTER("EVP_PKEY_bits");
1921 if ((bytes = wolfSSL_EVP_PKEY_size((WOLFSSL_EVP_PKEY*)pkey)) ==0) return 0;
1922 return bytes*8;
1923 }
1924
1925
wolfSSL_EVP_PKEY_paramgen_init(WOLFSSL_EVP_PKEY_CTX * ctx)1926 int wolfSSL_EVP_PKEY_paramgen_init(WOLFSSL_EVP_PKEY_CTX *ctx)
1927 {
1928 (void)ctx;
1929 return WOLFSSL_SUCCESS;
1930 }
1931
wolfSSL_EVP_PKEY_CTX_set_ec_paramgen_curve_nid(WOLFSSL_EVP_PKEY_CTX * ctx,int nid)1932 int wolfSSL_EVP_PKEY_CTX_set_ec_paramgen_curve_nid(WOLFSSL_EVP_PKEY_CTX *ctx,
1933 int nid)
1934 {
1935 WOLFSSL_ENTER("wolfSSL_EVP_PKEY_CTX_set_ec_paramgen_curve_nid");
1936 #ifdef HAVE_ECC
1937 if (ctx != NULL && ctx->pkey != NULL && ctx->pkey->type == EVP_PKEY_EC) {
1938 ctx->curveNID = nid;
1939 return WOLFSSL_SUCCESS;
1940 }
1941 else
1942 #endif
1943 {
1944 #ifndef HAVE_ECC
1945 (void)ctx;
1946 (void)nid;
1947 WOLFSSL_MSG("Support not compiled in");
1948 #else
1949 WOLFSSL_MSG("Bad parameter");
1950 #endif
1951 return WOLFSSL_FAILURE;
1952 }
1953 }
1954
1955 /* wolfSSL only supports writing out named curves so no need to store the flag.
1956 * In short, it is preferred to write out the name of the curve chosen instead
1957 * of the explicit parameters.
1958 * The difference is nicely explained and illustrated in section
1959 * "ECDH and Named Curves" of
1960 * https://wiki.openssl.org/index.php/Elliptic_Curve_Diffie_Hellman */
EVP_PKEY_CTX_set_ec_param_enc(WOLFSSL_EVP_PKEY_CTX * ctx,int flag)1961 int EVP_PKEY_CTX_set_ec_param_enc(WOLFSSL_EVP_PKEY_CTX *ctx,
1962 int flag)
1963 {
1964 (void)ctx;
1965 (void)flag;
1966 return WOLFSSL_SUCCESS;
1967 }
1968
wolfSSL_EVP_PKEY_keygen_init(WOLFSSL_EVP_PKEY_CTX * ctx)1969 int wolfSSL_EVP_PKEY_keygen_init(WOLFSSL_EVP_PKEY_CTX *ctx)
1970 {
1971 (void)ctx;
1972 return WOLFSSL_SUCCESS;
1973 }
1974
wolfSSL_EVP_PKEY_keygen(WOLFSSL_EVP_PKEY_CTX * ctx,WOLFSSL_EVP_PKEY ** ppkey)1975 int wolfSSL_EVP_PKEY_keygen(WOLFSSL_EVP_PKEY_CTX *ctx,
1976 WOLFSSL_EVP_PKEY **ppkey)
1977 {
1978 int ret = WOLFSSL_FAILURE;
1979 int ownPkey = 0;
1980 WOLFSSL_EVP_PKEY* pkey;
1981
1982 WOLFSSL_ENTER("wolfSSL_EVP_PKEY_keygen");
1983
1984 if (ctx == NULL || ppkey == NULL) {
1985 return BAD_FUNC_ARG;
1986 }
1987
1988 pkey = *ppkey;
1989 if (pkey == NULL) {
1990 if (ctx->pkey == NULL ||
1991 (ctx->pkey->type != EVP_PKEY_EC &&
1992 ctx->pkey->type != EVP_PKEY_RSA)) {
1993 WOLFSSL_MSG("Key not set or key type not supported");
1994 return BAD_FUNC_ARG;
1995 }
1996 ownPkey = 1;
1997 pkey = wolfSSL_EVP_PKEY_new();
1998 pkey->type = ctx->pkey->type;
1999
2000 if (pkey == NULL)
2001 return ret;
2002 }
2003
2004 switch (pkey->type) {
2005 #if !defined(HAVE_FAST_RSA) && defined(WOLFSSL_KEY_GEN) && \
2006 !defined(NO_RSA) && !defined(HAVE_USER_RSA)
2007 case EVP_PKEY_RSA:
2008 pkey->rsa = wolfSSL_RSA_generate_key(ctx->nbits, WC_RSA_EXPONENT,
2009 NULL, NULL);
2010 if (pkey->rsa) {
2011 pkey->ownRsa = 1;
2012 pkey->pkey_sz = wolfSSL_i2d_RSAPrivateKey(pkey->rsa,
2013 (unsigned char**)&pkey->pkey.ptr);
2014 ret = WOLFSSL_SUCCESS;
2015 }
2016 break;
2017 #endif
2018 #ifdef HAVE_ECC
2019 case EVP_PKEY_EC:
2020 pkey->ecc = wolfSSL_EC_KEY_new_by_curve_name(ctx->curveNID);
2021 if (pkey->ecc) {
2022 ret = wolfSSL_EC_KEY_generate_key(pkey->ecc);
2023 if (ret == WOLFSSL_SUCCESS) {
2024 pkey->ownEcc = 1;
2025 }
2026 }
2027 break;
2028 #endif
2029 default:
2030 break;
2031 }
2032
2033 if (ret != WOLFSSL_SUCCESS && ownPkey) {
2034 wolfSSL_EVP_PKEY_free(pkey);
2035 pkey = NULL;
2036 }
2037
2038 *ppkey = pkey;
2039
2040 return ret;
2041 }
2042
2043 /* Get the size in bytes for WOLFSSL_EVP_PKEY key
2044 *
2045 * pkey WOLFSSL_EVP_PKEY structure to get key size of
2046 *
2047 * returns the size of a key on success which is the maximum size of a
2048 * signature
2049 */
wolfSSL_EVP_PKEY_size(WOLFSSL_EVP_PKEY * pkey)2050 int wolfSSL_EVP_PKEY_size(WOLFSSL_EVP_PKEY *pkey)
2051 {
2052 if (pkey == NULL) return 0;
2053 WOLFSSL_ENTER("EVP_PKEY_size");
2054
2055 switch (pkey->type) {
2056 #ifndef NO_RSA
2057 case EVP_PKEY_RSA:
2058 return (int)wolfSSL_RSA_size((const WOLFSSL_RSA*)(pkey->rsa));
2059 #endif /* !NO_RSA */
2060
2061 #ifndef NO_DSA
2062 case EVP_PKEY_DSA:
2063 if (pkey->dsa == NULL ||
2064 (!pkey->dsa->exSet &&
2065 SetDsaExternal(pkey->dsa) != WOLFSSL_SUCCESS))
2066 return WOLFSSL_FAILURE;
2067 return wolfSSL_BN_num_bytes(pkey->dsa->p);
2068 #endif
2069
2070 #ifdef HAVE_ECC
2071 case EVP_PKEY_EC:
2072 if (pkey->ecc == NULL || pkey->ecc->internal == NULL) {
2073 WOLFSSL_MSG("No ECC key has been set");
2074 break;
2075 }
2076 return wc_ecc_size((ecc_key*)(pkey->ecc->internal));
2077 #endif /* HAVE_ECC */
2078
2079 default:
2080 break;
2081 }
2082 return 0;
2083 }
2084
2085
wolfSSL_EVP_PKEY_copy_parameters(WOLFSSL_EVP_PKEY * to,const WOLFSSL_EVP_PKEY * from)2086 int wolfSSL_EVP_PKEY_copy_parameters(WOLFSSL_EVP_PKEY *to,
2087 const WOLFSSL_EVP_PKEY *from)
2088 {
2089 WOLFSSL_ENTER("wolfSSL_EVP_PKEY_copy_parameters");
2090
2091 if (!to || !from) {
2092 WOLFSSL_MSG("Bad parameter");
2093 return WOLFSSL_FAILURE;
2094 }
2095
2096 if (to->type == EVP_PKEY_NONE) {
2097 to->type = from->type;
2098 }
2099 else if (to->type != from->type) {
2100 WOLFSSL_MSG("Different key types");
2101 return WOLFSSL_FAILURE;
2102 }
2103
2104 switch(from->type) {
2105 #ifdef HAVE_ECC
2106 case EVP_PKEY_EC:
2107 if (from->ecc) {
2108 if (!to->ecc && !(to->ecc = wolfSSL_EC_KEY_new())) {
2109 WOLFSSL_MSG("wolfSSL_EC_KEY_new error");
2110 return WOLFSSL_FAILURE;
2111 }
2112 to->ownEcc = 1;
2113 to->ecc->group->curve_idx = from->ecc->group->curve_idx;
2114 to->ecc->group->curve_nid = from->ecc->group->curve_nid;
2115 to->ecc->group->curve_oid = from->ecc->group->curve_oid;
2116 }
2117 else {
2118 WOLFSSL_MSG("Missing ECC struct");
2119 return WOLFSSL_FAILURE;
2120 }
2121 break;
2122 #endif
2123 #ifndef NO_DSA
2124 case EVP_PKEY_DSA:
2125 if (from->dsa) {
2126 WOLFSSL_BIGNUM* cpy;
2127 if (!to->dsa && !(to->dsa = wolfSSL_DSA_new())) {
2128 WOLFSSL_MSG("wolfSSL_DSA_new error");
2129 return WOLFSSL_FAILURE;
2130 }
2131 if (!(cpy = wolfSSL_BN_dup(from->dsa->p))) {
2132 WOLFSSL_MSG("wolfSSL_BN_dup error");
2133 return WOLFSSL_FAILURE;
2134 }
2135 to->dsa->p = cpy;
2136 if (!(cpy = wolfSSL_BN_dup(from->dsa->q))) {
2137 WOLFSSL_MSG("wolfSSL_BN_dup error");
2138 return WOLFSSL_FAILURE;
2139 }
2140 to->dsa->q = cpy;
2141 if (!(cpy = wolfSSL_BN_dup(from->dsa->g))) {
2142 WOLFSSL_MSG("wolfSSL_BN_dup error");
2143 return WOLFSSL_FAILURE;
2144 }
2145 to->dsa->g = cpy;
2146 }
2147 else {
2148 WOLFSSL_MSG("Missing DSA struct");
2149 return WOLFSSL_FAILURE;
2150 }
2151 break;
2152 #endif
2153 #ifndef NO_RSA
2154 case EVP_PKEY_RSA:
2155 #endif
2156 #ifndef NO_DH
2157 case EVP_PKEY_DH:
2158 #endif
2159 default:
2160 WOLFSSL_MSG("Copy parameters not available for this key type");
2161 return WOLFSSL_FAILURE;
2162 }
2163 #if defined(HAVE_ECC) || !defined(NO_DSA)
2164 return WOLFSSL_SUCCESS;
2165 #endif
2166 }
2167
2168 #ifndef NO_WOLFSSL_STUB
wolfSSL_EVP_PKEY_missing_parameters(WOLFSSL_EVP_PKEY * pkey)2169 int wolfSSL_EVP_PKEY_missing_parameters(WOLFSSL_EVP_PKEY *pkey)
2170 {
2171 (void)pkey;
2172 /* not using missing params callback and returning zero to indicate success */
2173 return 0;
2174 }
2175 #endif
2176
2177 /* wolfSSL_EVP_PKEY_cmp
2178 * returns 0 on success, -1 on failure.
2179 *
2180 * This behavior is different from openssl.
2181 * EVP_PKEY_cmp returns:
2182 * 1 : two keys match
2183 * 0 : do not match
2184 * -1: key types are different
2185 * -2: the operation is not supported
2186 * If you want this function behave the same as openSSL,
2187 * define WOLFSSL_ERROR_CODE_OPENSSL so that WS_RETURN_CODE translates return
2188 * codes to match OpenSSL equivalent behavior.
2189 */
wolfSSL_EVP_PKEY_cmp(const WOLFSSL_EVP_PKEY * a,const WOLFSSL_EVP_PKEY * b)2190 int wolfSSL_EVP_PKEY_cmp(const WOLFSSL_EVP_PKEY *a, const WOLFSSL_EVP_PKEY *b)
2191 {
2192 int ret = -1; /* failure */
2193 int a_sz = 0, b_sz = 0;
2194
2195 if (a == NULL || b == NULL)
2196 return WS_RETURN_CODE(ret, WOLFSSL_FAILURE);
2197
2198 /* check its the same type of key */
2199 if (a->type != b->type)
2200 return WS_RETURN_CODE(ret, -1);
2201
2202 /* get size based on key type */
2203 switch (a->type) {
2204 #ifndef NO_RSA
2205 case EVP_PKEY_RSA:
2206 a_sz = (int)wolfSSL_RSA_size((const WOLFSSL_RSA*)(a->rsa));
2207 b_sz = (int)wolfSSL_RSA_size((const WOLFSSL_RSA*)(b->rsa));
2208 break;
2209 #endif /* !NO_RSA */
2210 #ifdef HAVE_ECC
2211 case EVP_PKEY_EC:
2212 if (a->ecc == NULL || a->ecc->internal == NULL ||
2213 b->ecc == NULL || b->ecc->internal == NULL) {
2214 return ret;
2215 }
2216 a_sz = wc_ecc_size((ecc_key*)(a->ecc->internal));
2217 b_sz = wc_ecc_size((ecc_key*)(b->ecc->internal));
2218 break;
2219 #endif /* HAVE_ECC */
2220 default:
2221 return WS_RETURN_CODE(ret, -2);
2222 } /* switch (a->type) */
2223
2224 /* check size */
2225 if (a_sz <= 0 || b_sz <= 0 || a_sz != b_sz) {
2226 return WS_RETURN_CODE(ret, WOLFSSL_FAILURE);
2227 }
2228
2229 /* check public key size */
2230 if (a->pkey_sz > 0 && b->pkey_sz > 0 && a->pkey_sz != b->pkey_sz) {
2231 return WS_RETURN_CODE(ret, WOLFSSL_FAILURE);
2232 }
2233
2234 /* check public key */
2235 if (a->pkey.ptr && b->pkey.ptr) {
2236 if (XMEMCMP(a->pkey.ptr, b->pkey.ptr, a->pkey_sz) != 0) {
2237 return WS_RETURN_CODE(ret, WOLFSSL_FAILURE);
2238 }
2239 }
2240 #if defined(WOLFSSL_ERROR_CODE_OPENSSL)
2241 ret = 1; /* the keys match */
2242 #else
2243 ret = 0; /* success */
2244 #endif
2245 return ret;
2246 }
2247
2248 /**
2249 * validate DH algorithm parameters
2250 * @param dh_key a pointer to WOLFSSL_EVP_PKEY_CTX structure
2251 * @return WOLFSSL_SUCCESS on success, otherwise failure
2252 */
DH_param_check(WOLFSSL_DH * dh_key)2253 static int DH_param_check(WOLFSSL_DH* dh_key)
2254 {
2255 int ret = WOLFSSL_SUCCESS;
2256 WOLFSSL_BN_CTX* ctx = NULL;
2257 WOLFSSL_BIGNUM *num1 = NULL;
2258 WOLFSSL_BIGNUM *num2 = NULL;
2259
2260 WOLFSSL_ENTER("DH_param_check");
2261
2262 ctx = wolfSSL_BN_CTX_new();
2263 if (ctx == NULL) {
2264 WOLFSSL_MSG("failed to allocate memory");
2265 return WOLFSSL_FAILURE;
2266 }
2267
2268 num1 = wolfSSL_BN_new();
2269 num2 = wolfSSL_BN_new();
2270 if (num1 == NULL || num2 == NULL) {
2271 WOLFSSL_MSG("failed to assign big number");
2272 ret = WOLFSSL_FAILURE;
2273 }
2274
2275 /* prime check */
2276 if (ret == WOLFSSL_SUCCESS &&
2277 wolfSSL_BN_is_odd(dh_key->p) == 0){
2278 WOLFSSL_MSG("dh_key->p is not prime");
2279 ret = WOLFSSL_FAILURE;
2280 } /* TODO safe prime check. need BN_rshift1 */
2281
2282 /* generator check */
2283 if (ret == WOLFSSL_SUCCESS &&
2284 (wolfSSL_BN_is_one(dh_key->g) ||
2285 wolfSSL_BN_is_negative(dh_key->g) ||
2286 wolfSSL_BN_is_zero(dh_key->g))) {
2287 WOLFSSL_MSG("dh_key->g is not suitable generator");
2288 ret = WOLFSSL_FAILURE;
2289 }
2290
2291 if (ret == WOLFSSL_SUCCESS &&
2292 wolfSSL_BN_cmp(dh_key->p, dh_key->g) <= 0) {
2293 WOLFSSL_MSG("dh_key->g is not suitable generator");
2294 ret = WOLFSSL_FAILURE;
2295 }
2296
2297 if (ret == WOLFSSL_SUCCESS &&
2298 dh_key->q != NULL)
2299 {
2300 if (ret == WOLFSSL_SUCCESS &&
2301 wolfSSL_BN_mod_exp(num1, dh_key->g, dh_key->q, dh_key->p, ctx) ==
2302 WOLFSSL_FAILURE) {
2303 WOLFSSL_MSG("BN_mod_exp failed");
2304 ret = WOLFSSL_FAILURE;
2305 }
2306 else
2307 if (ret == WOLFSSL_SUCCESS &&
2308 wolfSSL_BN_is_one(num1) == WOLFSSL_FAILURE) {
2309 WOLFSSL_MSG("dh_key->g is not suitable generator");
2310 ret = WOLFSSL_FAILURE;
2311 }
2312 #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
2313 /* test if the number q is prime. */
2314 if (ret == WOLFSSL_SUCCESS &&
2315 (wolfSSL_BN_is_prime_ex(dh_key->q, 64, ctx, NULL) <= 0)) {
2316 WOLFSSL_MSG("dh_key->q is not prime or error during check.");
2317 ret = WOLFSSL_FAILURE;
2318 } /* else TODO check q div q - 1. need BN_div */
2319 #endif
2320 }
2321
2322 /* clean up */
2323 wolfSSL_BN_CTX_free(ctx);
2324 wolfSSL_BN_free(num1);
2325 wolfSSL_BN_free(num2);
2326
2327 WOLFSSL_LEAVE("DH_param_check", WOLFSSL_SUCCESS);
2328 return ret;
2329 }
2330 /**
2331 * validate the algorithm parameters
2332 * @param ctx a pointer to WOLFSSL_EVP_PKEY_CTX structure
2333 * @return WOLFSSL_SUCCESS on success, otherwise failure
2334 */
wolfSSL_EVP_PKEY_param_check(WOLFSSL_EVP_PKEY_CTX * ctx)2335 int wolfSSL_EVP_PKEY_param_check(WOLFSSL_EVP_PKEY_CTX* ctx)
2336 {
2337 int type;
2338 int ret;
2339 WOLFSSL_DH* dh_key = NULL;
2340
2341 /* sanity check */
2342 if (ctx == NULL) {
2343 return WOLFSSL_FAILURE;
2344 }
2345
2346 type = wolfSSL_EVP_PKEY_type(wolfSSL_EVP_PKEY_base_id(ctx->pkey));
2347 switch (type) {
2348 #if !defined(NO_RSA)
2349 case EVP_PKEY_RSA:
2350 WOLFSSL_MSG("EVP_PKEY_RSA not yet implemented");
2351 return WOLFSSL_FAILURE;
2352 #endif
2353 #if defined(HAVE_ECC)
2354 case EVP_PKEY_EC:
2355 WOLFSSL_MSG("EVP_PKEY_EC not yet implemented");
2356 return WOLFSSL_FAILURE;
2357 #endif
2358 #if !defined(NO_DSA)
2359 case EVP_PKEY_DSA:
2360 WOLFSSL_MSG("EVP_PKEY_DSA not yet implemented");
2361 return WOLFSSL_FAILURE;
2362 #endif
2363 #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || defined(WOLFSSL_OPENSSH)
2364 #if !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA) && !defined(NO_FILESYSTEM)
2365 case EVP_PKEY_DH:
2366 dh_key = wolfSSL_EVP_PKEY_get1_DH(ctx->pkey);
2367 if (dh_key != NULL) {
2368 ret = DH_param_check(dh_key);
2369 wolfSSL_DH_free(dh_key);
2370 }
2371 else
2372 ret = WOLFSSL_FAILURE;
2373 return ret;
2374 #endif
2375 #endif
2376 default:
2377 WOLFSSL_MSG("Unknown PKEY type");
2378 break;
2379 }
2380
2381 (void)ret;
2382 (void)DH_param_check;
2383 (void)dh_key;
2384 return WOLFSSL_FAILURE;
2385 }
2386
2387 /* Initialize structure for signing
2388 *
2389 * ctx WOLFSSL_EVP_MD_CTX structure to initialize
2390 * type is the type of message digest to use
2391 *
2392 * returns WOLFSSL_SUCCESS on success
2393 */
wolfSSL_EVP_SignInit(WOLFSSL_EVP_MD_CTX * ctx,const WOLFSSL_EVP_MD * type)2394 int wolfSSL_EVP_SignInit(WOLFSSL_EVP_MD_CTX *ctx, const WOLFSSL_EVP_MD *type)
2395 {
2396 if (ctx == NULL) return WOLFSSL_FAILURE;
2397 WOLFSSL_ENTER("EVP_SignInit");
2398 return wolfSSL_EVP_DigestInit(ctx,type);
2399 }
2400
wolfSSL_EVP_SignInit_ex(WOLFSSL_EVP_MD_CTX * ctx,const WOLFSSL_EVP_MD * type,WOLFSSL_ENGINE * impl)2401 int wolfSSL_EVP_SignInit_ex(WOLFSSL_EVP_MD_CTX* ctx,
2402 const WOLFSSL_EVP_MD* type,
2403 WOLFSSL_ENGINE *impl)
2404 {
2405 if (ctx == NULL) return WOLFSSL_FAILURE;
2406 WOLFSSL_ENTER("EVP_SignInit");
2407 return wolfSSL_EVP_DigestInit_ex(ctx,type,impl);
2408 }
2409
2410
2411 /* Update structure with data for signing
2412 *
2413 * ctx WOLFSSL_EVP_MD_CTX structure to update
2414 * data buffer holding data to update with for sign
2415 * len length of data buffer
2416 *
2417 * returns WOLFSSL_SUCCESS on success
2418 */
wolfSSL_EVP_SignUpdate(WOLFSSL_EVP_MD_CTX * ctx,const void * data,size_t len)2419 int wolfSSL_EVP_SignUpdate(WOLFSSL_EVP_MD_CTX *ctx, const void *data, size_t len)
2420 {
2421 if (ctx == NULL) return 0;
2422 WOLFSSL_ENTER("EVP_SignUpdate(");
2423 return wolfSSL_EVP_DigestUpdate(ctx, data, len);
2424 }
2425
2426 static const struct s_ent {
2427 const enum wc_HashType macType;
2428 const int nid;
2429 const char *name;
2430 } md_tbl[] = {
2431 #ifndef NO_MD4
2432 {WC_HASH_TYPE_MD4, NID_md4, "MD4"},
2433 #endif /* NO_MD4 */
2434
2435 #ifndef NO_MD5
2436 {WC_HASH_TYPE_MD5, NID_md5, "MD5"},
2437 #endif /* NO_MD5 */
2438
2439 #ifndef NO_SHA
2440 {WC_HASH_TYPE_SHA, NID_sha1, "SHA1"},
2441 {WC_HASH_TYPE_SHA, NID_sha1, "SHA"}, /* Leave for backwards compatibility */
2442 #endif /* NO_SHA */
2443
2444 #ifdef WOLFSSL_SHA224
2445 {WC_HASH_TYPE_SHA224, NID_sha224, "SHA224"},
2446 #endif /* WOLFSSL_SHA224 */
2447 #ifndef NO_SHA256
2448 {WC_HASH_TYPE_SHA256, NID_sha256, "SHA256"},
2449 #endif
2450
2451 #ifdef WOLFSSL_SHA384
2452 {WC_HASH_TYPE_SHA384, NID_sha384, "SHA384"},
2453 #endif /* WOLFSSL_SHA384 */
2454
2455 #ifdef WOLFSSL_SHA512
2456 {WC_HASH_TYPE_SHA512, NID_sha512, "SHA512"},
2457 #endif /* WOLFSSL_SHA512 */
2458
2459 #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
2460 {WC_HASH_TYPE_SHA512_224, NID_sha512_224, "SHA512_224"},
2461 #endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_224 */
2462
2463 #if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
2464 {WC_HASH_TYPE_SHA512_256, NID_sha512_256, "SHA512_256"},
2465 #endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_256 */
2466
2467 #ifndef WOLFSSL_NOSHA3_224
2468 {WC_HASH_TYPE_SHA3_224, NID_sha3_224, "SHA3_224"},
2469 #endif
2470 #ifndef WOLFSSL_NOSHA3_256
2471 {WC_HASH_TYPE_SHA3_256, NID_sha3_256, "SHA3_256"},
2472 #endif
2473 #ifndef WOLFSSL_NOSHA3_384
2474 {WC_HASH_TYPE_SHA3_384, NID_sha3_384, "SHA3_384"},
2475 #endif
2476 #ifndef WOLFSSL_NOSHA3_512
2477 {WC_HASH_TYPE_SHA3_512, NID_sha3_512, "SHA3_512"},
2478 #endif
2479 #ifdef HAVE_BLAKE2
2480 {WC_HASH_TYPE_BLAKE2B, NID_blake2b512, "BLAKE2B512"},
2481 #endif
2482 #ifdef HAVE_BLAKE2S
2483 {WC_HASH_TYPE_BLAKE2S, NID_blake2s256, "BLAKE2S256"},
2484 #endif
2485 #ifdef WOLFSSL_SHAKE128
2486 {WC_HASH_TYPE_SHAKE128, NID_shake128, "SHAKE128"},
2487 #endif
2488 #ifdef WOLFSSL_SHAKE256
2489 {WC_HASH_TYPE_SHAKE256, NID_shake256, "SHAKE256"},
2490 #endif
2491 {WC_HASH_TYPE_NONE, 0, NULL}
2492 };
2493
wolfSSL_EVP_md2macType(const WOLFSSL_EVP_MD * md)2494 static enum wc_HashType wolfSSL_EVP_md2macType(const WOLFSSL_EVP_MD *md)
2495 {
2496 const struct s_ent *ent ;
2497
2498 if (md != NULL) {
2499 for (ent = md_tbl; ent->name != NULL; ent++) {
2500 if (XSTRNCMP((const char *)md, ent->name, XSTRLEN(ent->name)+1) == 0) {
2501 return ent->macType;
2502 }
2503 }
2504 }
2505 return WC_HASH_TYPE_NONE;
2506 }
2507
wolfSSL_macType2EVP_md(enum wc_HashType type)2508 static const WOLFSSL_EVP_MD* wolfSSL_macType2EVP_md(enum wc_HashType type)
2509 {
2510 const struct s_ent *ent ;
2511
2512 for (ent = md_tbl; ent->name != NULL; ent++) {
2513 if (ent->macType == type) {
2514 return ent->name;
2515 }
2516 }
2517 return NULL;
2518 }
2519
2520 /* Finalize structure for signing
2521 *
2522 * ctx WOLFSSL_EVP_MD_CTX structure to finalize
2523 * sigret buffer to hold resulting signature
2524 * siglen length of sigret buffer
2525 * pkey key to sign with
2526 *
2527 * returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure
2528 */
wolfSSL_EVP_SignFinal(WOLFSSL_EVP_MD_CTX * ctx,unsigned char * sigret,unsigned int * siglen,WOLFSSL_EVP_PKEY * pkey)2529 int wolfSSL_EVP_SignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sigret,
2530 unsigned int *siglen, WOLFSSL_EVP_PKEY *pkey)
2531 {
2532 unsigned int mdsize;
2533 unsigned char md[WC_MAX_DIGEST_SIZE];
2534 int ret;
2535 (void)sigret;
2536 (void)siglen;
2537
2538 WOLFSSL_ENTER("EVP_SignFinal");
2539 if (ctx == NULL)
2540 return WOLFSSL_FAILURE;
2541
2542 ret = wolfSSL_EVP_DigestFinal(ctx, md, &mdsize);
2543 if (ret <= 0)
2544 return ret;
2545
2546 switch (pkey->type) {
2547 #if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
2548 case EVP_PKEY_RSA: {
2549 int nid;
2550 const WOLFSSL_EVP_MD *ctxmd;
2551
2552 ctxmd = wolfSSL_EVP_MD_CTX_md(ctx);
2553 if (ctxmd == NULL)
2554 return WOLFSSL_FAILURE;
2555
2556 nid = wolfSSL_EVP_MD_type(ctxmd);
2557 if (nid < 0)
2558 return WOLFSSL_FAILURE;
2559 return wolfSSL_RSA_sign(nid, md, mdsize, sigret,
2560 siglen, pkey->rsa);
2561 }
2562 #endif /* NO_RSA */
2563 #ifndef NO_DSA
2564 case EVP_PKEY_DSA:
2565 if (wolfSSL_DSA_do_sign(md, sigret, pkey->dsa) == WOLFSSL_SUCCESS) {
2566 *siglen = wolfSSL_BN_num_bytes(pkey->dsa->q);
2567 return WOLFSSL_SUCCESS;
2568 }
2569 else {
2570 return WOLFSSL_FAILURE;
2571 }
2572 #endif
2573 case EVP_PKEY_EC:
2574 WOLFSSL_MSG("not implemented");
2575 FALL_THROUGH;
2576 default:
2577 break;
2578 }
2579 return WOLFSSL_FAILURE;
2580 }
2581
2582
2583 /* Initialize structure for verifying signature
2584 *
2585 * ctx WOLFSSL_EVP_MD_CTX structure to initialize
2586 * type is the type of message digest to use
2587 *
2588 * returns WOLFSSL_SUCCESS on success
2589 */
wolfSSL_EVP_VerifyInit(WOLFSSL_EVP_MD_CTX * ctx,const WOLFSSL_EVP_MD * type)2590 int wolfSSL_EVP_VerifyInit(WOLFSSL_EVP_MD_CTX *ctx, const WOLFSSL_EVP_MD *type)
2591 {
2592 if (ctx == NULL) return WOLFSSL_FAILURE;
2593 WOLFSSL_ENTER("EVP_VerifyInit");
2594 return wolfSSL_EVP_DigestInit(ctx,type);
2595 }
2596
2597
2598 /* Update structure for verifying signature
2599 *
2600 * ctx WOLFSSL_EVP_MD_CTX structure to update
2601 * data buffer holding data to update with for verify
2602 * len length of data buffer
2603 *
2604 * returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure
2605 */
wolfSSL_EVP_VerifyUpdate(WOLFSSL_EVP_MD_CTX * ctx,const void * data,size_t len)2606 int wolfSSL_EVP_VerifyUpdate(WOLFSSL_EVP_MD_CTX *ctx, const void *data, size_t len)
2607 {
2608 if (ctx == NULL) return WOLFSSL_FAILURE;
2609 WOLFSSL_ENTER("EVP_VerifyUpdate");
2610 return wolfSSL_EVP_DigestUpdate(ctx, data, len);
2611 }
2612
2613
2614 /* Finalize structure for verifying signature
2615 *
2616 * ctx WOLFSSL_EVP_MD_CTX structure to finalize
2617 * sig buffer holding signature
2618 * siglen length of sig buffer
2619 * pkey key to verify with
2620 *
2621 * returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure
2622 */
wolfSSL_EVP_VerifyFinal(WOLFSSL_EVP_MD_CTX * ctx,const unsigned char * sig,unsigned int siglen,WOLFSSL_EVP_PKEY * pkey)2623 int wolfSSL_EVP_VerifyFinal(WOLFSSL_EVP_MD_CTX *ctx,
2624 const unsigned char*sig, unsigned int siglen, WOLFSSL_EVP_PKEY *pkey)
2625 {
2626 int ret;
2627 unsigned char md[WC_MAX_DIGEST_SIZE];
2628 unsigned int mdsize;
2629
2630 if (ctx == NULL) return WOLFSSL_FAILURE;
2631 WOLFSSL_ENTER("EVP_VerifyFinal");
2632 ret = wolfSSL_EVP_DigestFinal(ctx, md, &mdsize);
2633 if (ret <= 0) return ret;
2634
2635 (void)sig;
2636 (void)siglen;
2637
2638 switch (pkey->type) {
2639 #if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
2640 case EVP_PKEY_RSA: {
2641 int nid;
2642 const WOLFSSL_EVP_MD *ctxmd = wolfSSL_EVP_MD_CTX_md(ctx);
2643 if (ctxmd == NULL) break;
2644 nid = wolfSSL_EVP_MD_type(ctxmd);
2645 if (nid < 0) break;
2646 return wolfSSL_RSA_verify(nid, md, mdsize, sig,
2647 (unsigned int)siglen, pkey->rsa);
2648 }
2649 #endif /* NO_RSA */
2650
2651 case EVP_PKEY_DSA:
2652 case EVP_PKEY_EC:
2653 WOLFSSL_MSG("not implemented");
2654 FALL_THROUGH;
2655 default:
2656 break;
2657 }
2658 return WOLFSSL_FAILURE;
2659 }
2660
wolfSSL_EVP_add_cipher(const WOLFSSL_EVP_CIPHER * cipher)2661 int wolfSSL_EVP_add_cipher(const WOLFSSL_EVP_CIPHER *cipher)
2662 {
2663 (void)cipher;
2664 /* nothing to do */
2665 return 0;
2666 }
2667
2668
wolfSSL_EVP_PKEY_new_mac_key(int type,ENGINE * e,const unsigned char * key,int keylen)2669 WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_mac_key(int type, ENGINE* e,
2670 const unsigned char* key, int keylen)
2671 {
2672 WOLFSSL_EVP_PKEY* pkey;
2673
2674 (void)e;
2675
2676 if (type != EVP_PKEY_HMAC || (key == NULL && keylen != 0))
2677 return NULL;
2678
2679 pkey = wolfSSL_EVP_PKEY_new();
2680 if (pkey != NULL) {
2681 pkey->pkey.ptr = (char*)XMALLOC(keylen, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
2682 if (pkey->pkey.ptr == NULL && keylen > 0) {
2683 wolfSSL_EVP_PKEY_free(pkey);
2684 pkey = NULL;
2685 }
2686 else {
2687 if (keylen) {
2688 XMEMCPY(pkey->pkey.ptr, key, keylen);
2689 }
2690 pkey->pkey_sz = keylen;
2691 pkey->type = pkey->save_type = type;
2692 }
2693 }
2694
2695 return pkey;
2696 }
2697
2698
wolfSSL_EVP_PKEY_get0_hmac(const WOLFSSL_EVP_PKEY * pkey,size_t * len)2699 const unsigned char* wolfSSL_EVP_PKEY_get0_hmac(const WOLFSSL_EVP_PKEY* pkey,
2700 size_t* len)
2701 {
2702 if (pkey == NULL || len == NULL)
2703 return NULL;
2704
2705 *len = (size_t)pkey->pkey_sz;
2706
2707 return (const unsigned char*)pkey->pkey.ptr;
2708 }
2709
2710 /* Initialize an EVP_DigestSign/Verify operation.
2711 * Initialize a digest for RSA and ECC keys, or HMAC for HMAC key.
2712 */
wolfSSL_evp_digest_pk_init(WOLFSSL_EVP_MD_CTX * ctx,WOLFSSL_EVP_PKEY_CTX ** pctx,const WOLFSSL_EVP_MD * type,WOLFSSL_ENGINE * e,WOLFSSL_EVP_PKEY * pkey)2713 static int wolfSSL_evp_digest_pk_init(WOLFSSL_EVP_MD_CTX *ctx,
2714 WOLFSSL_EVP_PKEY_CTX **pctx,
2715 const WOLFSSL_EVP_MD *type,
2716 WOLFSSL_ENGINE *e,
2717 WOLFSSL_EVP_PKEY *pkey)
2718 {
2719 if (!type) {
2720 int default_digest;
2721 if (wolfSSL_EVP_PKEY_get_default_digest_nid(pkey, &default_digest)
2722 != WOLFSSL_SUCCESS) {
2723 WOLFSSL_MSG("Could not get default digest");
2724 return WOLFSSL_FAILURE;
2725 }
2726 type = wolfSSL_EVP_get_digestbynid(default_digest);
2727 if (!type) {
2728 return BAD_FUNC_ARG;
2729 }
2730 }
2731
2732 if (pkey->type == EVP_PKEY_HMAC) {
2733 int hashType;
2734 const unsigned char* key;
2735
2736 if (XSTRNCMP(type, "SHA256", 6) == 0) {
2737 hashType = WC_SHA256;
2738 }
2739 #ifdef WOLFSSL_SHA224
2740 else if (XSTRNCMP(type, "SHA224", 6) == 0) {
2741 hashType = WC_SHA224;
2742 }
2743 #endif
2744 #ifdef WOLFSSL_SHA384
2745 else if (XSTRNCMP(type, "SHA384", 6) == 0) {
2746 hashType = WC_SHA384;
2747 }
2748 #endif
2749 #ifdef WOLFSSL_SHA512
2750 else if (XSTRNCMP(type, "SHA512", 6) == 0) {
2751 hashType = WC_SHA512;
2752 }
2753 #endif
2754 #ifdef WOLFSSL_SHA3
2755 #ifndef WOLFSSL_NOSHA3_224
2756 else if (XSTRNCMP(type, "SHA3_224", 8) == 0) {
2757 hashType = WC_SHA3_224;
2758 }
2759 #endif
2760 #ifndef WOLFSSL_NOSHA3_256
2761 else if (XSTRNCMP(type, "SHA3_256", 8) == 0) {
2762 hashType = WC_SHA3_256;
2763 }
2764 #endif
2765 #ifndef WOLFSSL_NOSHA3_384
2766 else if (XSTRNCMP(type, "SHA3_384", 8) == 0) {
2767 hashType = WC_SHA3_384;
2768 }
2769 #endif
2770 #ifndef WOLFSSL_NOSHA3_512
2771 else if (XSTRNCMP(type, "SHA3_512", 8) == 0) {
2772 hashType = WC_SHA3_512;
2773 }
2774 #endif
2775 #endif
2776 #ifndef NO_MD5
2777 else if (XSTRNCMP(type, "MD5", 3) == 0) {
2778 hashType = WC_MD5;
2779 }
2780 #endif
2781 #ifndef NO_SHA
2782 /* has to be last since would pick or 224, 256, 384, or 512 too */
2783 else if (XSTRNCMP(type, "SHA", 3) == 0) {
2784 hashType = WC_SHA;
2785 }
2786 #endif /* NO_SHA */
2787 else
2788 return BAD_FUNC_ARG;
2789
2790 {
2791 size_t keySz = 0;
2792
2793 key = wolfSSL_EVP_PKEY_get0_hmac(pkey, &keySz);
2794
2795 if (wc_HmacInit(&ctx->hash.hmac, NULL, INVALID_DEVID) != 0)
2796 return WOLFSSL_FAILURE;
2797
2798 if (wc_HmacSetKey(&ctx->hash.hmac, hashType, key, (word32)keySz) != 0)
2799 return WOLFSSL_FAILURE;
2800 }
2801
2802 ctx->isHMAC = 1;
2803 }
2804 else if (wolfSSL_EVP_DigestInit(ctx, type) != 1)
2805 return WOLFSSL_FAILURE;
2806
2807 if (ctx->pctx == NULL) {
2808 ctx->pctx = wolfSSL_EVP_PKEY_CTX_new(pkey, e);
2809 if (ctx->pctx == NULL)
2810 return WOLFSSL_FAILURE;
2811 }
2812 if (pctx != NULL)
2813 *pctx = ctx->pctx;
2814 return WOLFSSL_SUCCESS;
2815 }
2816
2817 /* Update an EVP_DigestSign/Verify operation.
2818 * Update a digest for RSA and ECC keys, or HMAC for HMAC key.
2819 */
wolfssl_evp_digest_pk_update(WOLFSSL_EVP_MD_CTX * ctx,const void * d,unsigned int cnt)2820 static int wolfssl_evp_digest_pk_update(WOLFSSL_EVP_MD_CTX *ctx,
2821 const void *d, unsigned int cnt)
2822 {
2823 if (ctx->isHMAC) {
2824 if (wc_HmacUpdate(&ctx->hash.hmac, (const byte *)d, cnt) != 0)
2825 return WOLFSSL_FAILURE;
2826
2827 return WOLFSSL_SUCCESS;
2828 }
2829 else
2830 return wolfSSL_EVP_DigestUpdate(ctx, d, cnt);
2831 }
2832
2833 /* Finalize an EVP_DigestSign/Verify operation - common part only.
2834 * Finalize a digest for RSA and ECC keys, or HMAC for HMAC key.
2835 * Copies the digest so that you can keep updating.
2836 */
wolfssl_evp_digest_pk_final(WOLFSSL_EVP_MD_CTX * ctx,unsigned char * md,unsigned int * mdlen)2837 static int wolfssl_evp_digest_pk_final(WOLFSSL_EVP_MD_CTX *ctx,
2838 unsigned char *md, unsigned int* mdlen)
2839 {
2840 int ret;
2841
2842 if (ctx->isHMAC) {
2843 Hmac hmacCopy;
2844
2845 if (wolfSSL_HmacCopy(&hmacCopy, &ctx->hash.hmac) != WOLFSSL_SUCCESS)
2846 return WOLFSSL_FAILURE;
2847 ret = wc_HmacFinal(&hmacCopy, md) == 0;
2848 wc_HmacFree(&hmacCopy);
2849 return ret;
2850 }
2851 else {
2852 WOLFSSL_EVP_MD_CTX ctxCopy;
2853
2854 if (wolfSSL_EVP_MD_CTX_copy_ex(&ctxCopy, ctx) != WOLFSSL_SUCCESS)
2855 return WOLFSSL_FAILURE;
2856
2857 ret = wolfSSL_EVP_DigestFinal(&ctxCopy, md, mdlen);
2858 wolfSSL_EVP_MD_CTX_cleanup(&ctxCopy);
2859 return ret;
2860 }
2861 }
2862
2863 /* Get the length of the mac based on the digest algorithm. */
wolfssl_mac_len(unsigned char macType)2864 static int wolfssl_mac_len(unsigned char macType)
2865 {
2866 int hashLen;
2867
2868 switch (macType) {
2869 #ifndef NO_MD5
2870 case WC_MD5:
2871 hashLen = WC_MD5_DIGEST_SIZE;
2872 break;
2873 #endif /* !NO_MD5 */
2874
2875 #ifndef NO_SHA
2876 case WC_SHA:
2877 hashLen = WC_SHA_DIGEST_SIZE;
2878 break;
2879 #endif /* !NO_SHA */
2880
2881 #ifdef WOLFSSL_SHA224
2882 case WC_SHA224:
2883 hashLen = WC_SHA224_DIGEST_SIZE;
2884 break;
2885 #endif /* WOLFSSL_SHA224 */
2886
2887 #ifndef NO_SHA256
2888 case WC_SHA256:
2889 hashLen = WC_SHA256_DIGEST_SIZE;
2890 break;
2891 #endif /* !NO_SHA256 */
2892
2893 #ifdef WOLFSSL_SHA384
2894 case WC_SHA384:
2895 hashLen = WC_SHA384_DIGEST_SIZE;
2896 break;
2897 #endif /* WOLFSSL_SHA384 */
2898 #ifdef WOLFSSL_SHA512
2899 case WC_SHA512:
2900 hashLen = WC_SHA512_DIGEST_SIZE;
2901 break;
2902 #endif /* WOLFSSL_SHA512 */
2903
2904 #ifdef HAVE_BLAKE2
2905 case BLAKE2B_ID:
2906 hashLen = BLAKE2B_OUTBYTES;
2907 break;
2908 #endif /* HAVE_BLAKE2 */
2909
2910 #ifdef WOLFSSL_SHA3
2911 #ifndef WOLFSSL_NOSHA3_224
2912 case WC_SHA3_224:
2913 hashLen = WC_SHA3_224_DIGEST_SIZE;
2914 break;
2915 #endif
2916 #ifndef WOLFSSL_NOSHA3_256
2917 case WC_SHA3_256:
2918 hashLen = WC_SHA3_256_DIGEST_SIZE;
2919 break;
2920 #endif
2921 #ifndef WOLFSSL_NOSHA3_384
2922 case WC_SHA3_384:
2923 hashLen = WC_SHA3_384_DIGEST_SIZE;
2924 break;
2925 #endif
2926 #ifndef WOLFSSL_NOSHA3_512
2927 case WC_SHA3_512:
2928 hashLen = WC_SHA3_512_DIGEST_SIZE;
2929 break;
2930 #endif
2931 #endif
2932
2933 default:
2934 hashLen = 0;
2935 }
2936
2937 return hashLen;
2938 }
2939
wolfSSL_EVP_DigestSignInit(WOLFSSL_EVP_MD_CTX * ctx,WOLFSSL_EVP_PKEY_CTX ** pctx,const WOLFSSL_EVP_MD * type,WOLFSSL_ENGINE * e,WOLFSSL_EVP_PKEY * pkey)2940 int wolfSSL_EVP_DigestSignInit(WOLFSSL_EVP_MD_CTX *ctx,
2941 WOLFSSL_EVP_PKEY_CTX **pctx,
2942 const WOLFSSL_EVP_MD *type,
2943 WOLFSSL_ENGINE *e,
2944 WOLFSSL_EVP_PKEY *pkey)
2945 {
2946 WOLFSSL_ENTER("EVP_DigestSignInit");
2947
2948 if (ctx == NULL || pkey == NULL)
2949 return BAD_FUNC_ARG;
2950
2951 return wolfSSL_evp_digest_pk_init(ctx, pctx, type, e, pkey);
2952 }
2953
2954
wolfSSL_EVP_DigestSignUpdate(WOLFSSL_EVP_MD_CTX * ctx,const void * d,unsigned int cnt)2955 int wolfSSL_EVP_DigestSignUpdate(WOLFSSL_EVP_MD_CTX *ctx, const void *d,
2956 unsigned int cnt)
2957 {
2958 WOLFSSL_ENTER("EVP_DigestSignUpdate");
2959
2960 if (ctx == NULL || d == NULL)
2961 return BAD_FUNC_ARG;
2962
2963 return wolfssl_evp_digest_pk_update(ctx, d, cnt);
2964 }
2965
wolfSSL_EVP_DigestSignFinal(WOLFSSL_EVP_MD_CTX * ctx,unsigned char * sig,size_t * siglen)2966 int wolfSSL_EVP_DigestSignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sig,
2967 size_t *siglen)
2968 {
2969 unsigned char digest[WC_MAX_DIGEST_SIZE];
2970 unsigned int hashLen;
2971 int ret = WOLFSSL_FAILURE;
2972
2973 WOLFSSL_ENTER("EVP_DigestSignFinal");
2974
2975 if (ctx == NULL || siglen == NULL)
2976 return WOLFSSL_FAILURE;
2977
2978 /* Return the maximum size of the signature when sig is NULL. */
2979 if (ctx->isHMAC) {
2980 hashLen = wolfssl_mac_len(ctx->hash.hmac.macType);
2981
2982 if (sig == NULL) {
2983 *siglen = hashLen;
2984 return WOLFSSL_SUCCESS;
2985 }
2986 }
2987 #ifndef NO_RSA
2988 else if (ctx->pctx->pkey->type == EVP_PKEY_RSA) {
2989 if (sig == NULL) {
2990 *siglen = wolfSSL_RSA_size(ctx->pctx->pkey->rsa);
2991 return WOLFSSL_SUCCESS;
2992 }
2993 }
2994 #endif /* !NO_RSA */
2995 #ifdef HAVE_ECC
2996 else if (ctx->pctx->pkey->type == EVP_PKEY_EC) {
2997 if (sig == NULL) {
2998 /* SEQ + INT + INT */
2999 *siglen = ecc_sets[ctx->pctx->pkey->ecc->group->curve_idx].size * 2
3000 + 8;
3001 return WOLFSSL_SUCCESS;
3002 }
3003 }
3004 #endif
3005
3006 if (wolfssl_evp_digest_pk_final(ctx, digest, &hashLen) <= 0)
3007 return WOLFSSL_FAILURE;
3008
3009 if (ctx->isHMAC) {
3010 /* Copy the HMAC result as signature. */
3011 if ((unsigned int)(*siglen) > hashLen)
3012 *siglen = hashLen;
3013 /* May be a truncated signature. */
3014
3015 XMEMCPY(sig, digest, *siglen);
3016 ret = WOLFSSL_SUCCESS;
3017 }
3018 else {
3019 /* Sign the digest. */
3020 switch (ctx->pctx->pkey->type) {
3021 #if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
3022 case EVP_PKEY_RSA: {
3023 unsigned int sigSz;
3024 int nid;
3025 const WOLFSSL_EVP_MD *md = wolfSSL_EVP_MD_CTX_md(ctx);
3026 if (md == NULL)
3027 break;
3028 nid = wolfSSL_EVP_MD_type(md);
3029 if (nid < 0)
3030 break;
3031 ret = wolfSSL_RSA_sign_generic_padding(nid, digest, hashLen,
3032 sig, &sigSz, ctx->pctx->pkey->rsa, 1, ctx->pctx->padding);
3033 if (ret >= 0)
3034 *siglen = sigSz;
3035 break;
3036 }
3037 #endif /* NO_RSA */
3038
3039 #ifdef HAVE_ECC
3040 case EVP_PKEY_EC: {
3041 WOLFSSL_ECDSA_SIG *ecdsaSig;
3042 ecdsaSig = wolfSSL_ECDSA_do_sign(digest, hashLen,
3043 ctx->pctx->pkey->ecc);
3044 if (ecdsaSig == NULL)
3045 break;
3046 *siglen = wolfSSL_i2d_ECDSA_SIG(ecdsaSig, &sig);
3047 wolfSSL_ECDSA_SIG_free(ecdsaSig);
3048 ret = WOLFSSL_SUCCESS;
3049 break;
3050 }
3051 #endif
3052 default:
3053 break;
3054 }
3055 }
3056
3057 ForceZero(digest, sizeof(digest));
3058 return ret;
3059 }
wolfSSL_EVP_DigestVerifyInit(WOLFSSL_EVP_MD_CTX * ctx,WOLFSSL_EVP_PKEY_CTX ** pctx,const WOLFSSL_EVP_MD * type,WOLFSSL_ENGINE * e,WOLFSSL_EVP_PKEY * pkey)3060 int wolfSSL_EVP_DigestVerifyInit(WOLFSSL_EVP_MD_CTX *ctx,
3061 WOLFSSL_EVP_PKEY_CTX **pctx,
3062 const WOLFSSL_EVP_MD *type,
3063 WOLFSSL_ENGINE *e,
3064 WOLFSSL_EVP_PKEY *pkey)
3065 {
3066 WOLFSSL_ENTER("EVP_DigestVerifyInit");
3067
3068 if (ctx == NULL || type == NULL || pkey == NULL)
3069 return BAD_FUNC_ARG;
3070
3071 return wolfSSL_evp_digest_pk_init(ctx, pctx, type, e, pkey);
3072 }
3073
3074
wolfSSL_EVP_DigestVerifyUpdate(WOLFSSL_EVP_MD_CTX * ctx,const void * d,size_t cnt)3075 int wolfSSL_EVP_DigestVerifyUpdate(WOLFSSL_EVP_MD_CTX *ctx, const void *d,
3076 size_t cnt)
3077 {
3078 WOLFSSL_ENTER("EVP_DigestVerifyUpdate");
3079
3080 if (ctx == NULL || d == NULL)
3081 return BAD_FUNC_ARG;
3082
3083 return wolfssl_evp_digest_pk_update(ctx, d, (unsigned int)cnt);
3084 }
3085
3086
wolfSSL_EVP_DigestVerifyFinal(WOLFSSL_EVP_MD_CTX * ctx,const unsigned char * sig,size_t siglen)3087 int wolfSSL_EVP_DigestVerifyFinal(WOLFSSL_EVP_MD_CTX *ctx,
3088 const unsigned char *sig, size_t siglen)
3089 {
3090 unsigned char digest[WC_MAX_DIGEST_SIZE];
3091 unsigned int hashLen;
3092
3093 WOLFSSL_ENTER("EVP_DigestVerifyFinal");
3094
3095 if (ctx == NULL || sig == NULL)
3096 return WOLFSSL_FAILURE;
3097
3098 if (ctx->isHMAC) {
3099
3100 hashLen = wolfssl_mac_len(ctx->hash.hmac.macType);
3101
3102 if (siglen > hashLen)
3103 return WOLFSSL_FAILURE;
3104 /* May be a truncated signature. */
3105 }
3106
3107 if (wolfssl_evp_digest_pk_final(ctx, digest, &hashLen) <= 0)
3108 return WOLFSSL_FAILURE;
3109
3110 if (ctx->isHMAC) {
3111 /* Check HMAC result matches the signature. */
3112 if (XMEMCMP(sig, digest, siglen) == 0)
3113 return WOLFSSL_SUCCESS;
3114 return WOLFSSL_FAILURE;
3115 }
3116 else {
3117 /* Verify the signature with the digest. */
3118 switch (ctx->pctx->pkey->type) {
3119 #if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
3120 case EVP_PKEY_RSA: {
3121 int nid;
3122 const WOLFSSL_EVP_MD *md = wolfSSL_EVP_MD_CTX_md(ctx);
3123 if (md == NULL)
3124 return WOLFSSL_FAILURE;
3125 nid = wolfSSL_EVP_MD_type(md);
3126 if (nid < 0)
3127 return WOLFSSL_FAILURE;
3128 return wolfSSL_RSA_verify_ex(nid, digest, hashLen, sig,
3129 (unsigned int)siglen,
3130 ctx->pctx->pkey->rsa, ctx->pctx->padding);
3131 }
3132 #endif /* NO_RSA */
3133
3134 #ifdef HAVE_ECC
3135 case EVP_PKEY_EC: {
3136 int ret;
3137 WOLFSSL_ECDSA_SIG *ecdsaSig;
3138 ecdsaSig = wolfSSL_d2i_ECDSA_SIG(NULL, &sig, (long)siglen);
3139 if (ecdsaSig == NULL)
3140 return WOLFSSL_FAILURE;
3141 ret = wolfSSL_ECDSA_do_verify(digest, hashLen, ecdsaSig,
3142 ctx->pctx->pkey->ecc);
3143 wolfSSL_ECDSA_SIG_free(ecdsaSig);
3144 return ret;
3145 }
3146 #endif
3147 default:
3148 break;
3149 }
3150 }
3151
3152 return WOLFSSL_FAILURE;
3153 }
3154
3155
3156 #ifdef WOLFSSL_APACHE_HTTPD
3157 #if !defined(USE_WINDOWS_API) && !defined(MICROCHIP_PIC32)
3158 #include <termios.h>
3159 #endif
3160
3161 #ifndef XGETPASSWD
XGETPASSWD(char * buf,int bufSz)3162 static int XGETPASSWD(char* buf, int bufSz) {
3163 int ret = WOLFSSL_SUCCESS;
3164
3165 /* turn off echo for passwords */
3166 #ifdef USE_WINDOWS_API
3167 DWORD originalTerm;
3168 DWORD newTerm;
3169 CONSOLE_SCREEN_BUFFER_INFO screenOrig;
3170 HANDLE stdinHandle = GetStdHandle(STD_INPUT_HANDLE);
3171 if (GetConsoleMode(stdinHandle, &originalTerm) == 0) {
3172 WOLFSSL_MSG("Couldn't get the original terminal settings");
3173 return WOLFSSL_FAILURE;
3174 }
3175 newTerm = originalTerm;
3176 newTerm &= ~ENABLE_ECHO_INPUT;
3177 if (SetConsoleMode(stdinHandle, newTerm) == 0) {
3178 WOLFSSL_MSG("Couldn't turn off echo");
3179 return WOLFSSL_FAILURE;
3180 }
3181 #else
3182 struct termios originalTerm;
3183 struct termios newTerm;
3184 if (tcgetattr(STDIN_FILENO, &originalTerm) != 0) {
3185 WOLFSSL_MSG("Couldn't get the original terminal settings");
3186 return WOLFSSL_FAILURE;
3187 }
3188 XMEMCPY(&newTerm, &originalTerm, sizeof(struct termios));
3189
3190 newTerm.c_lflag &= ~ECHO;
3191 newTerm.c_lflag |= (ICANON | ECHONL);
3192 if (tcsetattr(STDIN_FILENO, TCSANOW, &newTerm) != 0) {
3193 WOLFSSL_MSG("Couldn't turn off echo");
3194 return WOLFSSL_FAILURE;
3195 }
3196 #endif
3197
3198 if (XFGETS(buf, bufSz, stdin) == NULL) {
3199 ret = WOLFSSL_FAILURE;
3200 }
3201
3202 /* restore default echo */
3203 #ifdef USE_WINDOWS_API
3204 if (SetConsoleMode(stdinHandle, originalTerm) == 0) {
3205 WOLFSSL_MSG("Couldn't restore the terminal settings");
3206 return WOLFSSL_FAILURE;
3207 }
3208 #else
3209 if (tcsetattr(STDIN_FILENO, TCSANOW, &originalTerm) != 0) {
3210 WOLFSSL_MSG("Couldn't restore the terminal settings");
3211 return WOLFSSL_FAILURE;
3212 }
3213 #endif
3214 return ret;
3215 }
3216 #endif
3217
3218 /* returns 0 on success and -2 or -1 on failure */
wolfSSL_EVP_read_pw_string(char * buf,int bufSz,const char * banner,int v)3219 int wolfSSL_EVP_read_pw_string(char* buf, int bufSz, const char* banner, int v)
3220 {
3221 printf("%s", banner);
3222 if (XGETPASSWD(buf, bufSz) == WOLFSSL_FAILURE) {
3223 return -1;
3224 }
3225 (void)v; /* fgets always sanity checks size of input vs buffer */
3226 return 0;
3227 }
3228 #endif /* WOLFSSL_APACHE_HTTPD */
3229
3230 #if !defined(NO_PWDBASED) && !defined(NO_SHA)
wolfSSL_PKCS5_PBKDF2_HMAC_SHA1(const char * pass,int passlen,const unsigned char * salt,int saltlen,int iter,int keylen,unsigned char * out)3231 int wolfSSL_PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
3232 const unsigned char *salt,
3233 int saltlen, int iter,
3234 int keylen, unsigned char *out)
3235 {
3236 const char *nostring = "";
3237 int ret = 0;
3238
3239 if (pass == NULL) {
3240 passlen = 0;
3241 pass = nostring;
3242 }
3243 else if (passlen == -1) {
3244 passlen = (int)XSTRLEN(pass);
3245 }
3246
3247 ret = wc_PBKDF2((byte*)out, (byte*)pass, passlen, (byte*)salt, saltlen,
3248 iter, keylen, WC_SHA);
3249 if (ret == 0)
3250 return WOLFSSL_SUCCESS;
3251 else
3252 return WOLFSSL_FAILURE;
3253 }
3254 #endif /* !NO_PWDBASED !NO_SHA*/
3255
3256 #if !defined(NO_PWDBASED)
wolfSSL_PKCS5_PBKDF2_HMAC(const char * pass,int passlen,const unsigned char * salt,int saltlen,int iter,const WOLFSSL_EVP_MD * digest,int keylen,unsigned char * out)3257 int wolfSSL_PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
3258 const unsigned char *salt,
3259 int saltlen, int iter,
3260 const WOLFSSL_EVP_MD *digest,
3261 int keylen, unsigned char *out)
3262 {
3263 const char *nostring = "";
3264 int ret = 0;
3265
3266 if (pass == NULL) {
3267 passlen = 0;
3268 pass = nostring;
3269 } else if (passlen == -1) {
3270 passlen = (int)XSTRLEN(pass);
3271 }
3272
3273 ret = wc_PBKDF2((byte*)out, (byte*)pass, passlen, (byte*)salt, saltlen,
3274 iter, keylen, wolfSSL_EVP_md2macType(digest));
3275 if (ret == 0)
3276 return WOLFSSL_SUCCESS;
3277 else
3278 return WOLFSSL_FAILURE;
3279 }
3280 #endif /* !NO_PWDBASED */
3281
3282
3283 #if defined(HAVE_SCRYPT) && defined(HAVE_PBKDF2) && !defined(NO_PWDBASED) && \
3284 !defined(NO_SHA256)
3285 /**
3286 * Derives a key from the specified password and the salt using SCRYPT
3287 * algorithm.
3288 *
3289 * Parameters:
3290 * - pass :password data. no need to be null-terminated. NULL is accepted.
3291 * - passlen :length of the password. Must be 0 when pass is NULL.
3292 * - salt :salt. NULL is accepted.
3293 * - saltlen :length of the salt. Must be 0 when salt is NULL.
3294 * - N :cost parameter. Must be grater or equal to 2 and be a power of 2.
3295 * - r :block size. Must 1 or greater.
3296 * - p :parallelism
3297 * - maxmem :maximum size of buffer used for calculation in definition,
3298 * Not referred in this implementation.
3299 * - key :derived key.
3300 * - keylen :length of the derived key
3301 *
3302 * Returns:
3303 * 1 on success, otherwise 0.
3304 */
wolfSSL_EVP_PBE_scrypt(const char * pass,size_t passlen,const unsigned char * salt,size_t saltlen,word64 N,word64 r,word64 p,word64 maxmem,unsigned char * key,size_t keylen)3305 int wolfSSL_EVP_PBE_scrypt(const char *pass, size_t passlen,
3306 const unsigned char *salt, size_t saltlen,
3307 word64 N, word64 r, word64 p,
3308 word64 maxmem, unsigned char *key, size_t keylen)
3309 {
3310 (void)maxmem;
3311 int ret;
3312 int exp = 0;
3313
3314 WOLFSSL_ENTER("wolfSSL_EVP_PBE_scrypt");
3315
3316 if (r > INT32_MAX || p > INT32_MAX) {
3317 WOLFSSL_MSG("Doesn't support greater than 32 bit values of r and p");
3318 return WOLFSSL_FAILURE;
3319 }
3320 /* N must be a power of 2 and > 2.
3321 if (N & (N-1)) is zero, it means N is a power of 2.
3322 */
3323 if (N < 2 || (N & (N-1)) || r <= 0 || p <= 0)
3324 return WOLFSSL_FAILURE;
3325
3326 if (key == NULL)
3327 return WOLFSSL_SUCCESS;
3328
3329 /* get exponent of power of 2. Confirmed N is power of 2. */
3330 while (N != 1) {
3331 N >>= 1;
3332 exp++;
3333 }
3334
3335 ret = wc_scrypt(key, (const byte*)pass, (int)passlen, salt, (int)saltlen,
3336 exp, (int)r, (int)p, (int)keylen);
3337
3338 WOLFSSL_LEAVE("wolfSSL_EVP_PBE_scrypt", ret);
3339
3340 if (ret == 0)
3341 return WOLFSSL_SUCCESS;
3342 else
3343 return WOLFSSL_FAILURE;
3344 }
3345 #endif /* HAVE_SCRYPT && HAVE_PBKDF2 && !NO_PWDBASED && !NO_SHA */
3346
3347 static const struct cipher{
3348 unsigned char type;
3349 const char *name;
3350 int nid;
3351 } cipher_tbl[] = {
3352
3353 #ifndef NO_AES
3354 #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
3355 #ifdef WOLFSSL_AES_128
3356 {AES_128_CBC_TYPE, EVP_AES_128_CBC, NID_aes_128_cbc},
3357 #endif
3358 #ifdef WOLFSSL_AES_192
3359 {AES_192_CBC_TYPE, EVP_AES_192_CBC, NID_aes_192_cbc},
3360 #endif
3361 #ifdef WOLFSSL_AES_256
3362 {AES_256_CBC_TYPE, EVP_AES_256_CBC, NID_aes_256_cbc},
3363 #endif
3364 #endif
3365
3366 #ifdef WOLFSSL_AES_CFB
3367 #ifdef WOLFSSL_AES_128
3368 {AES_128_CFB1_TYPE, EVP_AES_128_CFB1, NID_aes_128_cfb1},
3369 #endif
3370 #ifdef WOLFSSL_AES_192
3371 {AES_192_CFB1_TYPE, EVP_AES_192_CFB1, NID_aes_192_cfb1},
3372 #endif
3373 #ifdef WOLFSSL_AES_256
3374 {AES_256_CFB1_TYPE, EVP_AES_256_CFB1, NID_aes_256_cfb1},
3375 #endif
3376
3377 #ifdef WOLFSSL_AES_128
3378 {AES_128_CFB8_TYPE, EVP_AES_128_CFB8, NID_aes_128_cfb8},
3379 #endif
3380 #ifdef WOLFSSL_AES_192
3381 {AES_192_CFB8_TYPE, EVP_AES_192_CFB8, NID_aes_192_cfb8},
3382 #endif
3383 #ifdef WOLFSSL_AES_256
3384 {AES_256_CFB8_TYPE, EVP_AES_256_CFB8, NID_aes_256_cfb8},
3385 #endif
3386
3387 #ifdef WOLFSSL_AES_128
3388 {AES_128_CFB128_TYPE, EVP_AES_128_CFB128, NID_aes_128_cfb128},
3389 #endif
3390 #ifdef WOLFSSL_AES_192
3391 {AES_192_CFB128_TYPE, EVP_AES_192_CFB128, NID_aes_192_cfb128},
3392 #endif
3393 #ifdef WOLFSSL_AES_256
3394 {AES_256_CFB128_TYPE, EVP_AES_256_CFB128, NID_aes_256_cfb128},
3395 #endif
3396 #endif
3397
3398 #ifdef HAVE_AES_OFB
3399 #ifdef WOLFSSL_AES_128
3400 {AES_128_OFB_TYPE, EVP_AES_128_OFB, NID_aes_128_ofb},
3401 #endif
3402 #ifdef WOLFSSL_AES_192
3403 {AES_192_OFB_TYPE, EVP_AES_192_OFB, NID_aes_192_ofb},
3404 #endif
3405 #ifdef WOLFSSL_AES_256
3406 {AES_256_OFB_TYPE, EVP_AES_256_OFB, NID_aes_256_ofb},
3407 #endif
3408 #endif
3409
3410 #ifdef HAVE_AES_XTS
3411 #ifdef WOLFSSL_AES_128
3412 {AES_128_XTS_TYPE, EVP_AES_128_XTS, NID_aes_128_xts},
3413 #endif
3414 #ifdef WOLFSSL_AES_256
3415 {AES_256_XTS_TYPE, EVP_AES_256_XTS, NID_aes_256_xts},
3416 #endif
3417 #endif
3418
3419 #ifdef HAVE_AESGCM
3420 #ifdef WOLFSSL_AES_128
3421 {AES_128_GCM_TYPE, EVP_AES_128_GCM, NID_aes_128_gcm},
3422 #endif
3423 #ifdef WOLFSSL_AES_192
3424 {AES_192_GCM_TYPE, EVP_AES_192_GCM, NID_aes_192_gcm},
3425 #endif
3426 #ifdef WOLFSSL_AES_256
3427 {AES_256_GCM_TYPE, EVP_AES_256_GCM, NID_aes_256_gcm},
3428 #endif
3429 #endif
3430
3431 #ifdef WOLFSSL_AES_COUNTER
3432 #ifdef WOLFSSL_AES_128
3433 {AES_128_CTR_TYPE, EVP_AES_128_CTR, NID_aes_128_ctr},
3434 #endif
3435 #ifdef WOLFSSL_AES_192
3436 {AES_192_CTR_TYPE, EVP_AES_192_CTR, NID_aes_192_ctr},
3437 #endif
3438 #ifdef WOLFSSL_AES_256
3439 {AES_256_CTR_TYPE, EVP_AES_256_CTR, NID_aes_256_ctr},
3440 #endif
3441 #endif
3442
3443 #ifdef HAVE_AES_ECB
3444 #ifdef WOLFSSL_AES_128
3445 {AES_128_ECB_TYPE, EVP_AES_128_ECB, NID_aes_128_ecb},
3446 #endif
3447 #ifdef WOLFSSL_AES_192
3448 {AES_192_ECB_TYPE, EVP_AES_192_ECB, NID_aes_192_ecb},
3449 #endif
3450 #ifdef WOLFSSL_AES_256
3451 {AES_256_ECB_TYPE, EVP_AES_256_ECB, NID_aes_256_ecb},
3452 #endif
3453 #endif
3454 #endif
3455
3456 #ifndef NO_DES3
3457 {DES_CBC_TYPE, EVP_DES_CBC, NID_des_cbc},
3458 {DES_ECB_TYPE, EVP_DES_ECB, NID_des_ecb},
3459
3460 {DES_EDE3_CBC_TYPE, EVP_DES_EDE3_CBC, NID_des_ede3_cbc},
3461 {DES_EDE3_ECB_TYPE, EVP_DES_EDE3_ECB, NID_des_ede3_ecb},
3462 #endif
3463
3464 #ifndef NO_RC4
3465 {ARC4_TYPE, EVP_ARC4, NID_undef},
3466 #endif
3467
3468 #ifdef HAVE_IDEA
3469 {IDEA_CBC_TYPE, EVP_IDEA_CBC, NID_idea_cbc},
3470 #endif
3471 { 0, NULL, 0}
3472 };
3473
3474 /* returns cipher using provided ctx type */
wolfSSL_EVP_CIPHER_CTX_cipher(const WOLFSSL_EVP_CIPHER_CTX * ctx)3475 const WOLFSSL_EVP_CIPHER *wolfSSL_EVP_CIPHER_CTX_cipher(
3476 const WOLFSSL_EVP_CIPHER_CTX *ctx)
3477 {
3478 const struct cipher* c;
3479
3480 if (!ctx || !ctx->cipherType) {
3481 return NULL;
3482 }
3483
3484 for (c = cipher_tbl; c->type != 0; c++) {
3485 if (ctx->cipherType == c->type) {
3486 return wolfSSL_EVP_get_cipherbyname(c->name);
3487 }
3488 }
3489
3490 return NULL;
3491 }
3492
wolfSSL_EVP_CIPHER_nid(const WOLFSSL_EVP_CIPHER * cipher)3493 int wolfSSL_EVP_CIPHER_nid(const WOLFSSL_EVP_CIPHER *cipher)
3494 {
3495 const struct cipher* c;
3496
3497 if (!cipher) {
3498 return 0;
3499 }
3500
3501 for (c = cipher_tbl; c->type != 0; c++) {
3502 if (XSTRNCMP(cipher, c->name, XSTRLEN(c->name)+1) == 0) {
3503 return c->nid;
3504 }
3505 }
3506
3507 return 0;
3508 }
3509
wolfSSL_EVP_get_cipherbyname(const char * name)3510 const WOLFSSL_EVP_CIPHER *wolfSSL_EVP_get_cipherbyname(const char *name)
3511 {
3512
3513 const struct alias {
3514 const char *name;
3515 const char *alias;
3516 } alias_tbl[] =
3517 {
3518 #ifndef NO_DES3
3519 {EVP_DES_CBC, "DES"},
3520 {EVP_DES_CBC, "des"},
3521 {EVP_DES_ECB, "DES-ECB"},
3522 {EVP_DES_ECB, "des-ecb"},
3523 {EVP_DES_EDE3_CBC, "DES3"},
3524 {EVP_DES_EDE3_CBC, "des3"},
3525 {EVP_DES_EDE3_CBC, "3des"},
3526 {EVP_DES_EDE3_ECB, "DES-EDE3"},
3527 {EVP_DES_EDE3_ECB, "des-ede3"},
3528 {EVP_DES_EDE3_ECB, "des-ede3-ecb"},
3529 #endif
3530 #ifdef HAVE_IDEA
3531 {EVP_IDEA_CBC, "IDEA"},
3532 {EVP_IDEA_CBC, "idea"},
3533 #endif
3534 #ifndef NO_AES
3535 #ifdef HAVE_AES_CBC
3536 #ifdef WOLFSSL_AES_128
3537 {EVP_AES_128_CBC, "AES128-CBC"},
3538 {EVP_AES_128_CBC, "aes128-cbc"},
3539 {EVP_AES_128_CBC, "aes128"},
3540 #endif
3541 #ifdef WOLFSSL_AES_192
3542 {EVP_AES_192_CBC, "AES192-CBC"},
3543 {EVP_AES_192_CBC, "aes192-cbc"},
3544 #endif
3545 #ifdef WOLFSSL_AES_256
3546 {EVP_AES_256_CBC, "AES256-CBC"},
3547 {EVP_AES_256_CBC, "aes256-cbc"},
3548 {EVP_AES_256_CBC, "aes256"},
3549 #endif
3550 #endif
3551 #ifdef HAVE_AES_ECB
3552 #ifdef WOLFSSL_AES_128
3553 {EVP_AES_128_ECB, "AES128-ECB"},
3554 {EVP_AES_128_ECB, "aes128-ecb"},
3555 #endif
3556 #ifdef WOLFSSL_AES_192
3557 {EVP_AES_192_ECB, "AES192-ECB"},
3558 {EVP_AES_192_ECB, "aes192-ecb"},
3559 #endif
3560 #ifdef WOLFSSL_AES_256
3561 {EVP_AES_256_ECB, "AES256-ECB"},
3562 #endif
3563 #endif
3564 #ifdef HAVE_AESGCM
3565 #ifdef WOLFSSL_AES_128
3566 {EVP_AES_128_GCM, "aes-128-gcm"},
3567 {EVP_AES_128_GCM, "id-aes128-GCM"},
3568 #endif
3569 #ifdef WOLFSSL_AES_192
3570 {EVP_AES_192_GCM, "aes-192-gcm"},
3571 {EVP_AES_192_GCM, "id-aes192-GCM"},
3572 #endif
3573 #ifdef WOLFSSL_AES_256
3574 {EVP_AES_256_GCM, "aes-256-gcm"},
3575 {EVP_AES_256_GCM, "id-aes256-GCM"},
3576 #endif
3577 #endif
3578 #endif
3579 #ifndef NO_RC4
3580 {EVP_ARC4, "RC4"},
3581 #endif
3582 { NULL, NULL}
3583 };
3584
3585 const struct cipher *ent;
3586 const struct alias *al;
3587
3588 WOLFSSL_ENTER("EVP_get_cipherbyname");
3589
3590 for( al = alias_tbl; al->name != NULL; al++)
3591 if(XSTRNCMP(name, al->alias, XSTRLEN(al->alias)+1) == 0) {
3592 name = al->name;
3593 break;
3594 }
3595
3596 for( ent = cipher_tbl; ent->name != NULL; ent++)
3597 if(XSTRNCMP(name, ent->name, XSTRLEN(ent->name)+1) == 0) {
3598 return (WOLFSSL_EVP_CIPHER *)ent->name;
3599 }
3600
3601 return NULL;
3602 }
3603
3604 /*
3605 * return an EVP_CIPHER structure when cipher NID is passed.
3606 *
3607 * id cipher NID
3608 *
3609 * return WOLFSSL_EVP_CIPHER
3610 */
wolfSSL_EVP_get_cipherbynid(int id)3611 const WOLFSSL_EVP_CIPHER *wolfSSL_EVP_get_cipherbynid(int id)
3612 {
3613 WOLFSSL_ENTER("EVP_get_cipherbynid");
3614
3615 switch(id) {
3616
3617 #ifndef NO_AES
3618 #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
3619 #ifdef WOLFSSL_AES_128
3620 case NID_aes_128_cbc:
3621 return wolfSSL_EVP_aes_128_cbc();
3622 #endif
3623 #ifdef WOLFSSL_AES_192
3624 case NID_aes_192_cbc:
3625 return wolfSSL_EVP_aes_192_cbc();
3626 #endif
3627 #ifdef WOLFSSL_AES_256
3628 case NID_aes_256_cbc:
3629 return wolfSSL_EVP_aes_256_cbc();
3630 #endif
3631 #endif
3632 #ifdef WOLFSSL_AES_COUNTER
3633 #ifdef WOLFSSL_AES_128
3634 case NID_aes_128_ctr:
3635 return wolfSSL_EVP_aes_128_ctr();
3636 #endif
3637 #ifdef WOLFSSL_AES_192
3638 case NID_aes_192_ctr:
3639 return wolfSSL_EVP_aes_192_ctr();
3640 #endif
3641 #ifdef WOLFSSL_AES_256
3642 case NID_aes_256_ctr:
3643 return wolfSSL_EVP_aes_256_ctr();
3644 #endif
3645 #endif /* WOLFSSL_AES_COUNTER */
3646 #ifdef HAVE_AES_ECB
3647 #ifdef WOLFSSL_AES_128
3648 case NID_aes_128_ecb:
3649 return wolfSSL_EVP_aes_128_ecb();
3650 #endif
3651 #ifdef WOLFSSL_AES_192
3652 case NID_aes_192_ecb:
3653 return wolfSSL_EVP_aes_192_ecb();
3654 #endif
3655 #ifdef WOLFSSL_AES_256
3656 case NID_aes_256_ecb:
3657 return wolfSSL_EVP_aes_256_ecb();
3658 #endif
3659 #endif /* HAVE_AES_ECB */
3660 #ifdef HAVE_AESGCM
3661 #ifdef WOLFSSL_AES_128
3662 case NID_aes_128_gcm:
3663 return wolfSSL_EVP_aes_128_gcm();
3664 #endif
3665 #ifdef WOLFSSL_AES_192
3666 case NID_aes_192_gcm:
3667 return wolfSSL_EVP_aes_192_gcm();
3668 #endif
3669 #ifdef WOLFSSL_AES_256
3670 case NID_aes_256_gcm:
3671 return wolfSSL_EVP_aes_256_gcm();
3672 #endif
3673 #endif
3674 #endif
3675
3676 #ifndef NO_DES3
3677 case NID_des_cbc:
3678 return wolfSSL_EVP_des_cbc();
3679 #ifdef WOLFSSL_DES_ECB
3680 case NID_des_ecb:
3681 return wolfSSL_EVP_des_ecb();
3682 #endif
3683 case NID_des_ede3_cbc:
3684 return wolfSSL_EVP_des_ede3_cbc();
3685 #ifdef WOLFSSL_DES_ECB
3686 case NID_des_ede3_ecb:
3687 return wolfSSL_EVP_des_ede3_ecb();
3688 #endif
3689 #endif /*NO_DES3*/
3690
3691 #ifdef HAVE_IDEA
3692 case NID_idea_cbc:
3693 return wolfSSL_EVP_idea_cbc();
3694 #endif
3695
3696 default:
3697 WOLFSSL_MSG("Bad cipher id value");
3698 }
3699
3700 return NULL;
3701 }
3702
wolfSSL_EVP_init(void)3703 void wolfSSL_EVP_init(void)
3704 {
3705 /* Does nothing. */
3706 }
3707
3708 /* this function makes the assumption that out buffer is big enough for digest*/
wolfSSL_EVP_Digest(const unsigned char * in,int inSz,unsigned char * out,unsigned int * outSz,const WOLFSSL_EVP_MD * evp,WOLFSSL_ENGINE * eng)3709 int wolfSSL_EVP_Digest(const unsigned char* in, int inSz, unsigned char* out,
3710 unsigned int* outSz, const WOLFSSL_EVP_MD* evp,
3711 WOLFSSL_ENGINE* eng)
3712 {
3713 int err;
3714 int hashType = WC_HASH_TYPE_NONE;
3715 int hashSz;
3716
3717 WOLFSSL_ENTER("wolfSSL_EVP_Digest");
3718 if (in == NULL || out == NULL || evp == NULL) {
3719 WOLFSSL_MSG("Null argument passed in");
3720 return WOLFSSL_FAILURE;
3721 }
3722
3723 err = wolfSSL_EVP_get_hashinfo(evp, &hashType, &hashSz);
3724 if (err != WOLFSSL_SUCCESS)
3725 return err;
3726
3727 if (wc_Hash((enum wc_HashType)hashType, in, inSz, out, hashSz) != 0) {
3728 return WOLFSSL_FAILURE;
3729 }
3730
3731 if (outSz != NULL)
3732 *outSz = hashSz;
3733
3734 (void)eng;
3735 return WOLFSSL_SUCCESS;
3736 }
3737
3738 static const struct alias {
3739 const char *name;
3740 const char *alias;
3741 } alias_tbl[] =
3742 {
3743 {"MD4", "ssl3-md4"},
3744 {"MD5", "ssl3-md5"},
3745 {"SHA1", "ssl3-sha1"},
3746 {"SHA1", "SHA"},
3747 { NULL, NULL}
3748 };
3749
wolfSSL_EVP_get_digestbyname(const char * name)3750 const WOLFSSL_EVP_MD *wolfSSL_EVP_get_digestbyname(const char *name)
3751 {
3752 char nameUpper[15]; /* 15 bytes should be enough for any name */
3753 size_t i;
3754
3755 const struct alias *al;
3756 const struct s_ent *ent;
3757
3758 for (i = 0; i < sizeof(nameUpper) && name[i] != '\0'; i++) {
3759 nameUpper[i] = (char)XTOUPPER((unsigned char) name[i]);
3760 }
3761 if (i < sizeof(nameUpper))
3762 nameUpper[i] = '\0';
3763 else
3764 return NULL;
3765
3766 name = nameUpper;
3767 for (al = alias_tbl; al->name != NULL; al++)
3768 if(XSTRNCMP(name, al->alias, XSTRLEN(al->alias)+1) == 0) {
3769 name = al->name;
3770 break;
3771 }
3772
3773 for (ent = md_tbl; ent->name != NULL; ent++)
3774 if(XSTRNCMP(name, ent->name, XSTRLEN(ent->name)+1) == 0) {
3775 return (EVP_MD *)ent->name;
3776 }
3777 return NULL;
3778 }
3779
3780 /* Returns the NID of the WOLFSSL_EVP_MD passed in.
3781 *
3782 * type - pointer to WOLFSSL_EVP_MD for which to return NID value
3783 *
3784 * Returns NID on success, or NID_undef if none exists.
3785 */
wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD * type)3786 int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
3787 {
3788 const struct s_ent *ent ;
3789 WOLFSSL_ENTER("EVP_MD_type");
3790
3791 if (type == NULL) {
3792 WOLFSSL_MSG("MD type arg is NULL");
3793 return NID_undef;
3794 }
3795
3796 for( ent = md_tbl; ent->name != NULL; ent++){
3797 if(XSTRNCMP((const char *)type, ent->name, XSTRLEN(ent->name)+1) == 0) {
3798 return ent->nid;
3799 }
3800 }
3801 return NID_undef;
3802 }
3803
3804 #ifndef NO_MD4
3805
3806 /* return a pointer to MD4 EVP type */
wolfSSL_EVP_md4(void)3807 const WOLFSSL_EVP_MD* wolfSSL_EVP_md4(void)
3808 {
3809 WOLFSSL_ENTER("wolfSSL_EVP_md4");
3810 return EVP_get_digestbyname("MD4");
3811 }
3812
3813 #endif /* !NO_MD4 */
3814
3815
3816 #ifndef NO_MD5
3817
wolfSSL_EVP_md5(void)3818 const WOLFSSL_EVP_MD* wolfSSL_EVP_md5(void)
3819 {
3820 WOLFSSL_ENTER("EVP_md5");
3821 return EVP_get_digestbyname("MD5");
3822 }
3823
3824 #endif /* !NO_MD5 */
3825
3826 #ifdef HAVE_BLAKE2
3827 /* return EVP_MD
3828 * @param none
3829 * @return "blake2b512"
3830 */
wolfSSL_EVP_blake2b512()3831 const WOLFSSL_EVP_MD* wolfSSL_EVP_blake2b512()
3832 {
3833 WOLFSSL_ENTER("EVP_blake2b512");
3834 return EVP_get_digestbyname("BLAKE2b512");
3835 }
3836
3837 #endif
3838
3839 #ifdef HAVE_BLAKE2S
3840 /* return EVP_MD
3841 * @param none
3842 * @return "blake2s256"
3843 */
wolfSSL_EVP_blake2s256()3844 const WOLFSSL_EVP_MD* wolfSSL_EVP_blake2s256()
3845 {
3846 WOLFSSL_ENTER("EVP_blake2s256");
3847 return EVP_get_digestbyname("BLAKE2s256");
3848 }
3849
3850 #endif
3851
3852
3853 #ifndef NO_WOLFSSL_STUB
wolfSSL_EVP_set_pw_prompt(const char * prompt)3854 void wolfSSL_EVP_set_pw_prompt(const char *prompt)
3855 {
3856 (void)prompt;
3857 WOLFSSL_STUB("EVP_set_pw_prompt");
3858 }
3859 #endif
3860
3861 #ifndef NO_WOLFSSL_STUB
wolfSSL_EVP_mdc2(void)3862 const WOLFSSL_EVP_MD* wolfSSL_EVP_mdc2(void)
3863 {
3864 WOLFSSL_STUB("EVP_mdc2");
3865 return NULL;
3866 }
3867 #endif
3868
3869 #ifndef NO_SHA
wolfSSL_EVP_sha1(void)3870 const WOLFSSL_EVP_MD* wolfSSL_EVP_sha1(void)
3871 {
3872 WOLFSSL_ENTER("EVP_sha1");
3873 return EVP_get_digestbyname("SHA1");
3874 }
3875 #endif /* NO_SHA */
3876
3877 #ifdef WOLFSSL_SHA224
3878
wolfSSL_EVP_sha224(void)3879 const WOLFSSL_EVP_MD* wolfSSL_EVP_sha224(void)
3880 {
3881 WOLFSSL_ENTER("EVP_sha224");
3882 return EVP_get_digestbyname("SHA224");
3883 }
3884
3885 #endif /* WOLFSSL_SHA224 */
3886
3887
wolfSSL_EVP_sha256(void)3888 const WOLFSSL_EVP_MD* wolfSSL_EVP_sha256(void)
3889 {
3890 WOLFSSL_ENTER("EVP_sha256");
3891 return EVP_get_digestbyname("SHA256");
3892 }
3893
3894 #ifdef WOLFSSL_SHA384
3895
wolfSSL_EVP_sha384(void)3896 const WOLFSSL_EVP_MD* wolfSSL_EVP_sha384(void)
3897 {
3898 WOLFSSL_ENTER("EVP_sha384");
3899 return EVP_get_digestbyname("SHA384");
3900 }
3901
3902 #endif /* WOLFSSL_SHA384 */
3903
3904 #ifdef WOLFSSL_SHA512
3905
wolfSSL_EVP_sha512(void)3906 const WOLFSSL_EVP_MD* wolfSSL_EVP_sha512(void)
3907 {
3908 WOLFSSL_ENTER("EVP_sha512");
3909 return EVP_get_digestbyname("SHA512");
3910 }
3911
3912 #ifndef WOLFSSL_NOSHA512_224
3913
wolfSSL_EVP_sha512_224(void)3914 const WOLFSSL_EVP_MD* wolfSSL_EVP_sha512_224(void)
3915 {
3916 WOLFSSL_ENTER("EVP_sha512_224");
3917 return EVP_get_digestbyname("SHA512_224");
3918 }
3919
3920 #endif /* !WOLFSSL_NOSHA512_224 */
3921
3922 #ifndef WOLFSSL_NOSHA512_224
wolfSSL_EVP_sha512_256(void)3923 const WOLFSSL_EVP_MD* wolfSSL_EVP_sha512_256(void)
3924 {
3925 WOLFSSL_ENTER("EVP_sha512_256");
3926 return EVP_get_digestbyname("SHA512_256");
3927 }
3928
3929 #endif /* !WOLFSSL_NOSHA512_224 */
3930
3931 #endif /* WOLFSSL_SHA512 */
3932
3933 #ifdef WOLFSSL_SHA3
3934 #ifndef WOLFSSL_NOSHA3_224
wolfSSL_EVP_sha3_224(void)3935 const WOLFSSL_EVP_MD* wolfSSL_EVP_sha3_224(void)
3936 {
3937 WOLFSSL_ENTER("EVP_sha3_224");
3938 return EVP_get_digestbyname("SHA3_224");
3939 }
3940 #endif /* WOLFSSL_NOSHA3_224 */
3941
3942
3943 #ifndef WOLFSSL_NOSHA3_256
wolfSSL_EVP_sha3_256(void)3944 const WOLFSSL_EVP_MD* wolfSSL_EVP_sha3_256(void)
3945 {
3946 WOLFSSL_ENTER("EVP_sha3_256");
3947 return EVP_get_digestbyname("SHA3_256");
3948 }
3949 #endif /* WOLFSSL_NOSHA3_256 */
3950
3951 #ifndef WOLFSSL_NOSHA3_384
wolfSSL_EVP_sha3_384(void)3952 const WOLFSSL_EVP_MD* wolfSSL_EVP_sha3_384(void)
3953 {
3954 WOLFSSL_ENTER("EVP_sha3_384");
3955 return EVP_get_digestbyname("SHA3_384");
3956 }
3957 #endif /* WOLFSSL_NOSHA3_384 */
3958
3959 #ifndef WOLFSSL_NOSHA3_512
wolfSSL_EVP_sha3_512(void)3960 const WOLFSSL_EVP_MD* wolfSSL_EVP_sha3_512(void)
3961 {
3962 WOLFSSL_ENTER("EVP_sha3_512");
3963 return EVP_get_digestbyname("SHA3_512");
3964 }
3965 #endif /* WOLFSSL_NOSHA3_512 */
3966
3967 #ifdef WOLFSSL_SHAKE128
wolfSSL_EVP_shake128(void)3968 const WOLFSSL_EVP_MD* wolfSSL_EVP_shake128(void)
3969 {
3970 WOLFSSL_ENTER("EVP_shake128");
3971 return EVP_get_digestbyname("SHAKE128");
3972 }
3973 #endif /* WOLFSSL_SHAKE128 */
3974
3975 #ifdef WOLFSSL_SHAKE256
wolfSSL_EVP_shake256(void)3976 const WOLFSSL_EVP_MD* wolfSSL_EVP_shake256(void)
3977 {
3978 WOLFSSL_ENTER("EVP_shake256");
3979 return EVP_get_digestbyname("SHAKE256");
3980 }
3981 #endif /* WOLFSSL_SHAKE256 */
3982
3983 #endif /* WOLFSSL_SHA3 */
3984
3985
3986
wolfSSL_EVP_MD_CTX_new(void)3987 WOLFSSL_EVP_MD_CTX *wolfSSL_EVP_MD_CTX_new(void)
3988 {
3989 WOLFSSL_EVP_MD_CTX* ctx;
3990 WOLFSSL_ENTER("EVP_MD_CTX_new");
3991 ctx = (WOLFSSL_EVP_MD_CTX*)XMALLOC(sizeof *ctx, NULL,
3992 DYNAMIC_TYPE_OPENSSL);
3993 if (ctx){
3994 wolfSSL_EVP_MD_CTX_init(ctx);
3995 }
3996 return ctx;
3997 }
3998
wolfSSL_EVP_MD_CTX_free(WOLFSSL_EVP_MD_CTX * ctx)3999 void wolfSSL_EVP_MD_CTX_free(WOLFSSL_EVP_MD_CTX *ctx)
4000 {
4001 if (ctx) {
4002 WOLFSSL_ENTER("EVP_MD_CTX_free");
4003 wolfSSL_EVP_MD_CTX_cleanup(ctx);
4004 XFREE(ctx, NULL, DYNAMIC_TYPE_OPENSSL);
4005 }
4006 }
4007
4008 /* returns the NID of message digest used by the ctx */
wolfSSL_EVP_MD_CTX_type(const WOLFSSL_EVP_MD_CTX * ctx)4009 int wolfSSL_EVP_MD_CTX_type(const WOLFSSL_EVP_MD_CTX *ctx)
4010 {
4011 const struct s_ent *ent;
4012
4013 WOLFSSL_ENTER("EVP_MD_CTX_type");
4014
4015 if (ctx) {
4016 if (ctx->isHMAC) {
4017 return NID_hmac;
4018 }
4019
4020 for(ent = md_tbl; ent->name != NULL; ent++) {
4021 if (ctx->macType == ent->macType) {
4022 return ent->nid;
4023 }
4024 }
4025 /* Return whatever we got */
4026 return ctx->macType;
4027 }
4028 return 0;
4029 }
4030
4031
4032 /* returns WOLFSSL_SUCCESS on success */
wolfSSL_EVP_MD_CTX_copy(WOLFSSL_EVP_MD_CTX * out,const WOLFSSL_EVP_MD_CTX * in)4033 int wolfSSL_EVP_MD_CTX_copy(WOLFSSL_EVP_MD_CTX *out, const WOLFSSL_EVP_MD_CTX *in)
4034 {
4035 return wolfSSL_EVP_MD_CTX_copy_ex(out, in);
4036 }
4037
4038 /* returns digest size */
wolfSSL_EVP_MD_CTX_size(const WOLFSSL_EVP_MD_CTX * ctx)4039 int wolfSSL_EVP_MD_CTX_size(const WOLFSSL_EVP_MD_CTX *ctx) {
4040 return(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(ctx)));
4041 }
4042 /* returns block size */
wolfSSL_EVP_MD_CTX_block_size(const WOLFSSL_EVP_MD_CTX * ctx)4043 int wolfSSL_EVP_MD_CTX_block_size(const WOLFSSL_EVP_MD_CTX *ctx) {
4044 return(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(ctx)));
4045 }
4046
4047 /* Deep copy of EVP_MD hasher
4048 * return WOLFSSL_SUCCESS on success */
wolfSSL_EVP_MD_Copy_Hasher(WOLFSSL_EVP_MD_CTX * des,const WOLFSSL_EVP_MD_CTX * src)4049 static int wolfSSL_EVP_MD_Copy_Hasher(WOLFSSL_EVP_MD_CTX* des,
4050 const WOLFSSL_EVP_MD_CTX* src)
4051 {
4052 int ret;
4053 if (src->isHMAC) {
4054 return wolfSSL_HmacCopy(&des->hash.hmac, (Hmac*)&src->hash.hmac);
4055 }
4056 else {
4057 switch (src->macType) {
4058 case WC_HASH_TYPE_MD5:
4059 #ifndef NO_MD5
4060 ret = wc_Md5Copy((wc_Md5*)&src->hash.digest,
4061 (wc_Md5*)&des->hash.digest);
4062 #else
4063 ret = NOT_COMPILED_IN;
4064 #endif /* !NO_MD5 */
4065 break;
4066 case WC_HASH_TYPE_SHA:
4067 #ifndef NO_SHA
4068 ret = wc_ShaCopy((wc_Sha*)&src->hash.digest,
4069 (wc_Sha*)&des->hash.digest);
4070 #else
4071 ret = NOT_COMPILED_IN;
4072 #endif /* !NO_SHA */
4073 break;
4074 case WC_HASH_TYPE_SHA224:
4075 #ifdef WOLFSSL_SHA224
4076 ret = wc_Sha224Copy((wc_Sha224*)&src->hash.digest,
4077 (wc_Sha224*)&des->hash.digest);
4078 #else
4079 ret = NOT_COMPILED_IN;
4080 #endif /* WOLFSSL_SHA224 */
4081 break;
4082 case WC_HASH_TYPE_SHA256:
4083 #ifndef NO_SHA256
4084 ret = wc_Sha256Copy((wc_Sha256*)&src->hash.digest,
4085 (wc_Sha256*)&des->hash.digest);
4086 #else
4087 ret = NOT_COMPILED_IN;
4088 #endif /* !NO_SHA256 */
4089 break;
4090 case WC_HASH_TYPE_SHA384:
4091 #ifdef WOLFSSL_SHA384
4092 ret = wc_Sha384Copy((wc_Sha384*)&src->hash.digest,
4093 (wc_Sha384*)&des->hash.digest);
4094 #else
4095 ret = NOT_COMPILED_IN;
4096 #endif /* WOLFSSL_SHA384 */
4097 break;
4098 case WC_HASH_TYPE_SHA512:
4099 #ifdef WOLFSSL_SHA512
4100 ret = wc_Sha512Copy((wc_Sha512*)&src->hash.digest,
4101 (wc_Sha512*)&des->hash.digest);
4102 #else
4103 ret = NOT_COMPILED_IN;
4104 #endif /* WOLFSSL_SHA512 */
4105 break;
4106 #ifndef WOLFSSL_NOSHA512_224
4107 case WC_HASH_TYPE_SHA512_224:
4108 #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
4109 defined(WOLFSSL_SHA512)
4110 ret = wc_Sha512_224Copy((wc_Sha512*)&src->hash.digest,
4111 (wc_Sha512*)&des->hash.digest);
4112 #else
4113 ret = NOT_COMPILED_IN;
4114 #endif
4115 break;
4116 #endif /* !WOLFSSL_NOSHA512_224 */
4117 #ifndef WOLFSSL_NOSHA512_256
4118 case WC_HASH_TYPE_SHA512_256:
4119 #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
4120 defined(WOLFSSL_SHA512)
4121 ret = wc_Sha512_256Copy((wc_Sha512*)&src->hash.digest,
4122 (wc_Sha512*)&des->hash.digest);
4123 #else
4124 ret = NOT_COMPILED_IN;
4125 #endif
4126 break;
4127 #endif /* !WOLFSSL_NOSHA512_256 */
4128 case WC_HASH_TYPE_SHA3_224:
4129 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224)
4130 ret = wc_Sha3_224_Copy((wc_Sha3*)&src->hash.digest,
4131 (wc_Sha3*)&des->hash.digest);
4132 #else
4133 ret = NOT_COMPILED_IN;
4134 #endif
4135 break;
4136 case WC_HASH_TYPE_SHA3_256:
4137 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
4138 ret = wc_Sha3_256_Copy((wc_Sha3*)&src->hash.digest,
4139 (wc_Sha3*)&des->hash.digest);
4140 #else
4141 ret = NOT_COMPILED_IN;
4142 #endif
4143 break;
4144 case WC_HASH_TYPE_SHA3_384:
4145 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384)
4146 ret = wc_Sha3_384_Copy((wc_Sha3*)&src->hash.digest,
4147 (wc_Sha3*)&des->hash.digest);
4148 #else
4149 ret = NOT_COMPILED_IN;
4150 #endif
4151 break;
4152 case WC_HASH_TYPE_SHA3_512:
4153 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512)
4154 ret = wc_Sha3_512_Copy((wc_Sha3*)&src->hash.digest,
4155 (wc_Sha3*)&des->hash.digest);
4156 #else
4157 ret = NOT_COMPILED_IN;
4158 #endif
4159 break;
4160 case WC_HASH_TYPE_NONE:
4161 case WC_HASH_TYPE_MD2:
4162 case WC_HASH_TYPE_MD4:
4163 case WC_HASH_TYPE_MD5_SHA:
4164 case WC_HASH_TYPE_BLAKE2B:
4165 case WC_HASH_TYPE_BLAKE2S:
4166 #ifndef WOLFSSL_NO_SHAKE256
4167 case WC_HASH_TYPE_SHAKE128:
4168 case WC_HASH_TYPE_SHAKE256:
4169 #endif
4170 default:
4171 ret = BAD_FUNC_ARG;
4172 break;
4173 }
4174 return ret == 0 ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
4175 }
4176 }
4177
4178 /* copies structure in to the structure out
4179 *
4180 * returns WOLFSSL_SUCCESS on success */
wolfSSL_EVP_MD_CTX_copy_ex(WOLFSSL_EVP_MD_CTX * out,const WOLFSSL_EVP_MD_CTX * in)4181 int wolfSSL_EVP_MD_CTX_copy_ex(WOLFSSL_EVP_MD_CTX *out, const WOLFSSL_EVP_MD_CTX *in)
4182 {
4183 if ((out == NULL) || (in == NULL)) return WOLFSSL_FAILURE;
4184 WOLFSSL_ENTER("EVP_CIPHER_MD_CTX_copy_ex");
4185 XMEMCPY(out, in, sizeof(WOLFSSL_EVP_MD_CTX));
4186 if (in->pctx != NULL) {
4187 out->pctx = wolfSSL_EVP_PKEY_CTX_new(in->pctx->pkey, NULL);
4188 if (out->pctx == NULL)
4189 return WOLFSSL_FAILURE;
4190 }
4191 return wolfSSL_EVP_MD_Copy_Hasher(out, (WOLFSSL_EVP_MD_CTX*)in);
4192 }
4193
wolfSSL_EVP_MD_CTX_init(WOLFSSL_EVP_MD_CTX * ctx)4194 void wolfSSL_EVP_MD_CTX_init(WOLFSSL_EVP_MD_CTX* ctx)
4195 {
4196 WOLFSSL_ENTER("EVP_CIPHER_MD_CTX_init");
4197 XMEMSET(ctx, 0, sizeof(WOLFSSL_EVP_MD_CTX));
4198 }
4199
wolfSSL_EVP_MD_CTX_md(const WOLFSSL_EVP_MD_CTX * ctx)4200 const WOLFSSL_EVP_MD *wolfSSL_EVP_MD_CTX_md(const WOLFSSL_EVP_MD_CTX *ctx)
4201 {
4202 const struct s_ent *ent;
4203 if (ctx == NULL)
4204 return NULL;
4205 WOLFSSL_ENTER("EVP_MD_CTX_md");
4206 if (ctx->isHMAC) {
4207 return "HMAC";
4208 }
4209 for(ent = md_tbl; ent->name != NULL; ent++) {
4210 if(ctx->macType == ent->macType) {
4211 return (const WOLFSSL_EVP_MD *)ent->name;
4212 }
4213 }
4214 return (WOLFSSL_EVP_MD *)NULL;
4215 }
4216
4217 /* return alias name if has
4218 * @param n message digest type name
4219 * @return alias name, otherwise NULL
4220 */
hasAliasName(const char * n)4221 static const char* hasAliasName(const char* n)
4222 {
4223
4224 const char* aliasnm = NULL;
4225 const struct alias *al;
4226
4227 for (al = alias_tbl; al->name != NULL; al++)
4228 if(XSTRNCMP(n, al->name, XSTRLEN(al->name)+1) == 0) {
4229 aliasnm = al->alias;
4230 break;
4231 }
4232
4233 return aliasnm;
4234 }
4235
4236
4237 struct do_all_md {
4238 void *arg;
4239 void (*fn) (const WOLFSSL_EVP_MD *m,
4240 const char* from, const char* to, void *arg);
4241 };
4242
4243 /* do all md algorithm
4244 * @param nm a pointer to WOLFSSL_OBJ_NAME
4245 * @param arg arguments to pass to the callback
4246 * @return none
4247 */
md_do_all_func(const WOLFSSL_OBJ_NAME * nm,void * arg)4248 static void md_do_all_func(const WOLFSSL_OBJ_NAME* nm, void* arg)
4249 {
4250 struct do_all_md *md = (struct do_all_md*)arg;
4251
4252 const struct s_ent *ent;
4253
4254 /* sanity check */
4255 if (md == NULL || nm == NULL || md->fn == NULL ||
4256 nm->type != WOLFSSL_OBJ_NAME_TYPE_MD_METH)
4257 return;
4258
4259 /* loop all md */
4260 for (ent = md_tbl; ent->name != NULL; ent++){
4261 /* check if the md has alias */
4262 if(hasAliasName(ent->name) != NULL) {
4263 md->fn(NULL, ent->name, ent->name, md->arg);
4264 }
4265 else {
4266 md->fn(ent->name, ent->name, NULL, md->arg);
4267 }
4268 }
4269 }
4270
4271 /* call md_do_all function to do all md algorithm via a callback function
4272 * @param fn a callback function to be called with all 'md'
4273 * @param args arguments to pass to the callback
4274 * @return none
4275 */
wolfSSL_EVP_MD_do_all(void (* fn)(const WOLFSSL_EVP_MD * m,const char * from,const char * to,void * xx),void * args)4276 void wolfSSL_EVP_MD_do_all(void (*fn) (const WOLFSSL_EVP_MD *m,
4277 const char* from, const char* to, void* xx), void* args)
4278 {
4279 struct do_all_md md;
4280
4281 md.fn = fn;
4282 md.arg = args;
4283
4284 wolfSSL_OBJ_NAME_do_all(WOLFSSL_OBJ_NAME_TYPE_MD_METH,
4285 md_do_all_func, &md);
4286 }
4287
4288 /* call "fn" based on OBJ_NAME type
4289 * @param type OBJ_NAME type
4290 * @param fn a callback function
4291 * @param args arguments to pass to the callback
4292 * @return none
4293 */
wolfSSL_OBJ_NAME_do_all(int type,void (* fn)(const WOLFSSL_OBJ_NAME *,void * arg),void * arg)4294 void wolfSSL_OBJ_NAME_do_all(int type,
4295 void (*fn)(const WOLFSSL_OBJ_NAME*, void* arg), void* arg)
4296 {
4297 WOLFSSL_OBJ_NAME objnm;
4298
4299 /* sanity check */
4300 if (!fn)
4301 return;
4302
4303 objnm.type = type;
4304
4305 switch(type) {
4306 case WOLFSSL_OBJ_NAME_TYPE_MD_METH:
4307 fn(&objnm, arg);
4308 break;
4309 case WOLFSSL_OBJ_NAME_TYPE_CIPHER_METH:
4310 case WOLFSSL_OBJ_NAME_TYPE_PKEY_METH:
4311 case WOLFSSL_OBJ_NAME_TYPE_COMP_METH:
4312 case WOLFSSL_OBJ_NAME_TYPE_NUM:
4313 WOLFSSL_MSG("not implemented");
4314 FALL_THROUGH;
4315 case WOLFSSL_OBJ_NAME_TYPE_UNDEF:
4316 default:
4317 break;
4318 }
4319 }
4320
4321 #ifndef NO_AES
4322
4323 #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
4324 #ifdef WOLFSSL_AES_128
wolfSSL_EVP_aes_128_cbc(void)4325 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cbc(void)
4326 {
4327 WOLFSSL_ENTER("wolfSSL_EVP_aes_128_cbc");
4328 return EVP_AES_128_CBC;
4329 }
4330 #endif /* WOLFSSL_AES_128 */
4331
4332
4333 #ifdef WOLFSSL_AES_192
wolfSSL_EVP_aes_192_cbc(void)4334 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_cbc(void)
4335 {
4336 WOLFSSL_ENTER("wolfSSL_EVP_aes_192_cbc");
4337 return EVP_AES_192_CBC;
4338 }
4339 #endif /* WOLFSSL_AES_192 */
4340
4341
4342 #ifdef WOLFSSL_AES_256
wolfSSL_EVP_aes_256_cbc(void)4343 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_cbc(void)
4344 {
4345 WOLFSSL_ENTER("wolfSSL_EVP_aes_256_cbc");
4346 return EVP_AES_256_CBC;
4347 }
4348 #endif /* WOLFSSL_AES_256 */
4349 #endif /* HAVE_AES_CBC */
4350
4351 #ifdef WOLFSSL_AES_CFB
4352 #if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
4353 #ifdef WOLFSSL_AES_128
wolfSSL_EVP_aes_128_cfb1(void)4354 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cfb1(void)
4355 {
4356 WOLFSSL_ENTER("wolfSSL_EVP_aes_128_cfb1");
4357 return EVP_AES_128_CFB1;
4358 }
4359 #endif /* WOLFSSL_AES_128 */
4360
4361 #ifdef WOLFSSL_AES_192
wolfSSL_EVP_aes_192_cfb1(void)4362 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_cfb1(void)
4363 {
4364 WOLFSSL_ENTER("wolfSSL_EVP_aes_192_cfb1");
4365 return EVP_AES_192_CFB1;
4366 }
4367 #endif /* WOLFSSL_AES_192 */
4368
4369 #ifdef WOLFSSL_AES_256
wolfSSL_EVP_aes_256_cfb1(void)4370 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_cfb1(void)
4371 {
4372 WOLFSSL_ENTER("wolfSSL_EVP_aes_256_cfb1");
4373 return EVP_AES_256_CFB1;
4374 }
4375 #endif /* WOLFSSL_AES_256 */
4376
4377 #ifdef WOLFSSL_AES_128
wolfSSL_EVP_aes_128_cfb8(void)4378 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cfb8(void)
4379 {
4380 WOLFSSL_ENTER("wolfSSL_EVP_aes_128_cfb8");
4381 return EVP_AES_128_CFB8;
4382 }
4383 #endif /* WOLFSSL_AES_128 */
4384
4385 #ifdef WOLFSSL_AES_192
wolfSSL_EVP_aes_192_cfb8(void)4386 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_cfb8(void)
4387 {
4388 WOLFSSL_ENTER("wolfSSL_EVP_aes_192_cfb8");
4389 return EVP_AES_192_CFB8;
4390 }
4391 #endif /* WOLFSSL_AES_192 */
4392
4393 #ifdef WOLFSSL_AES_256
wolfSSL_EVP_aes_256_cfb8(void)4394 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_cfb8(void)
4395 {
4396 WOLFSSL_ENTER("wolfSSL_EVP_aes_256_cfb8");
4397 return EVP_AES_256_CFB8;
4398 }
4399 #endif /* WOLFSSL_AES_256 */
4400 #endif /* !HAVE_SELFTEST && !HAVE_FIPS */
4401
4402 #ifdef WOLFSSL_AES_128
wolfSSL_EVP_aes_128_cfb128(void)4403 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cfb128(void)
4404 {
4405 WOLFSSL_ENTER("wolfSSL_EVP_aes_128_cfb128");
4406 return EVP_AES_128_CFB128;
4407 }
4408 #endif /* WOLFSSL_AES_128 */
4409
4410 #ifdef WOLFSSL_AES_192
wolfSSL_EVP_aes_192_cfb128(void)4411 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_cfb128(void)
4412 {
4413 WOLFSSL_ENTER("wolfSSL_EVP_aes_192_cfb128");
4414 return EVP_AES_192_CFB128;
4415 }
4416 #endif /* WOLFSSL_AES_192 */
4417
4418 #ifdef WOLFSSL_AES_256
wolfSSL_EVP_aes_256_cfb128(void)4419 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_cfb128(void)
4420 {
4421 WOLFSSL_ENTER("wolfSSL_EVP_aes_256_cfb128");
4422 return EVP_AES_256_CFB128;
4423 }
4424 #endif /* WOLFSSL_AES_256 */
4425 #endif /* WOLFSSL_AES_CFB */
4426
4427 #ifdef WOLFSSL_AES_OFB
4428 #ifdef WOLFSSL_AES_128
wolfSSL_EVP_aes_128_ofb(void)4429 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_ofb(void)
4430 {
4431 WOLFSSL_ENTER("wolfSSL_EVP_aes_128_ofb");
4432 return EVP_AES_128_OFB;
4433 }
4434 #endif /* WOLFSSL_AES_128 */
4435
4436 #ifdef WOLFSSL_AES_192
wolfSSL_EVP_aes_192_ofb(void)4437 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_ofb(void)
4438 {
4439 WOLFSSL_ENTER("wolfSSL_EVP_aes_192_ofb");
4440 return EVP_AES_192_OFB;
4441 }
4442 #endif /* WOLFSSL_AES_192 */
4443
4444 #ifdef WOLFSSL_AES_256
wolfSSL_EVP_aes_256_ofb(void)4445 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_ofb(void)
4446 {
4447 WOLFSSL_ENTER("wolfSSL_EVP_aes_256_ofb");
4448 return EVP_AES_256_OFB;
4449 }
4450 #endif /* WOLFSSL_AES_256 */
4451 #endif /* WOLFSSL_AES_OFB */
4452
4453 #ifdef WOLFSSL_AES_XTS
4454 #ifdef WOLFSSL_AES_128
wolfSSL_EVP_aes_128_xts(void)4455 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_xts(void)
4456 {
4457 WOLFSSL_ENTER("wolfSSL_EVP_aes_128_xts");
4458 return EVP_AES_128_XTS;
4459 }
4460 #endif /* WOLFSSL_AES_128 */
4461
4462 #ifdef WOLFSSL_AES_256
wolfSSL_EVP_aes_256_xts(void)4463 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_xts(void)
4464 {
4465 WOLFSSL_ENTER("wolfSSL_EVP_aes_256_xts");
4466 return EVP_AES_256_XTS;
4467 }
4468 #endif /* WOLFSSL_AES_256 */
4469 #endif /* WOLFSSL_AES_XTS */
4470
4471 #ifdef HAVE_AESGCM
4472 #ifdef WOLFSSL_AES_128
wolfSSL_EVP_aes_128_gcm(void)4473 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_gcm(void)
4474 {
4475 WOLFSSL_ENTER("wolfSSL_EVP_aes_128_gcm");
4476 return EVP_AES_128_GCM;
4477 }
4478 #endif /* WOLFSSL_GCM_128 */
4479
4480 #ifdef WOLFSSL_AES_192
wolfSSL_EVP_aes_192_gcm(void)4481 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_gcm(void)
4482 {
4483 WOLFSSL_ENTER("wolfSSL_EVP_aes_192_gcm");
4484 return EVP_AES_192_GCM;
4485 }
4486 #endif /* WOLFSSL_AES_192 */
4487
4488 #ifdef WOLFSSL_AES_256
wolfSSL_EVP_aes_256_gcm(void)4489 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_gcm(void)
4490 {
4491 WOLFSSL_ENTER("wolfSSL_EVP_aes_256_gcm");
4492 return EVP_AES_256_GCM;
4493 }
4494 #endif /* WOLFSSL_AES_256 */
4495 #endif /* HAVE_AESGCM */
4496
4497 #ifdef WOLFSSL_AES_COUNTER
4498 #ifdef WOLFSSL_AES_128
wolfSSL_EVP_aes_128_ctr(void)4499 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_ctr(void)
4500 {
4501 WOLFSSL_ENTER("wolfSSL_EVP_aes_128_ctr");
4502 return EVP_AES_128_CTR;
4503 }
4504 #endif /* WOLFSSL_AES_2128 */
4505
4506
4507 #ifdef WOLFSSL_AES_192
wolfSSL_EVP_aes_192_ctr(void)4508 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_ctr(void)
4509 {
4510 WOLFSSL_ENTER("wolfSSL_EVP_aes_192_ctr");
4511 return EVP_AES_192_CTR;
4512 }
4513 #endif /* WOLFSSL_AES_192 */
4514
4515
4516 #ifdef WOLFSSL_AES_256
wolfSSL_EVP_aes_256_ctr(void)4517 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_ctr(void)
4518 {
4519 WOLFSSL_ENTER("wolfSSL_EVP_aes_256_ctr");
4520 return EVP_AES_256_CTR;
4521 }
4522 #endif /* WOLFSSL_AES_256 */
4523 #endif /* WOLFSSL_AES_COUNTER */
4524
4525 #ifdef HAVE_AES_ECB
4526 #ifdef WOLFSSL_AES_128
wolfSSL_EVP_aes_128_ecb(void)4527 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_ecb(void)
4528 {
4529 WOLFSSL_ENTER("wolfSSL_EVP_aes_128_ecb");
4530 return EVP_AES_128_ECB;
4531 }
4532 #endif /* WOLFSSL_AES_128 */
4533
4534
4535 #ifdef WOLFSSL_AES_192
wolfSSL_EVP_aes_192_ecb(void)4536 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_ecb(void)
4537 {
4538 WOLFSSL_ENTER("wolfSSL_EVP_aes_192_ecb");
4539 return EVP_AES_192_ECB;
4540 }
4541 #endif /* WOLFSSL_AES_192*/
4542
4543
4544 #ifdef WOLFSSL_AES_256
wolfSSL_EVP_aes_256_ecb(void)4545 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_ecb(void)
4546 {
4547 WOLFSSL_ENTER("wolfSSL_EVP_aes_256_ecb");
4548 return EVP_AES_256_ECB;
4549 }
4550 #endif /* WOLFSSL_AES_256 */
4551 #endif /* HAVE_AES_ECB */
4552 #endif /* NO_AES */
4553
4554 #ifndef NO_DES3
wolfSSL_EVP_des_cbc(void)4555 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_cbc(void)
4556 {
4557 WOLFSSL_ENTER("wolfSSL_EVP_des_cbc");
4558 return EVP_DES_CBC;
4559 }
4560 #ifdef WOLFSSL_DES_ECB
wolfSSL_EVP_des_ecb(void)4561 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_ecb(void)
4562 {
4563 WOLFSSL_ENTER("wolfSSL_EVP_des_ecb");
4564 return EVP_DES_ECB;
4565 }
4566 #endif
wolfSSL_EVP_des_ede3_cbc(void)4567 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_ede3_cbc(void)
4568 {
4569 WOLFSSL_ENTER("wolfSSL_EVP_des_ede3_cbc");
4570 return EVP_DES_EDE3_CBC;
4571 }
4572 #ifdef WOLFSSL_DES_ECB
wolfSSL_EVP_des_ede3_ecb(void)4573 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_ede3_ecb(void)
4574 {
4575 WOLFSSL_ENTER("wolfSSL_EVP_des_ede3_ecb");
4576 return EVP_DES_EDE3_ECB;
4577 }
4578 #endif
4579 #endif /* NO_DES3 */
4580
4581 #ifndef NO_RC4
wolfSSL_EVP_rc4(void)4582 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_rc4(void)
4583 {
4584 WOLFSSL_ENTER("wolfSSL_EVP_rc4");
4585 return EVP_ARC4;
4586 }
4587 #endif
4588
4589 #ifdef HAVE_IDEA
wolfSSL_EVP_idea_cbc(void)4590 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_idea_cbc(void)
4591 {
4592 WOLFSSL_ENTER("wolfSSL_EVP_idea_cbc");
4593 return EVP_IDEA_CBC;
4594 }
4595 #endif
wolfSSL_EVP_enc_null(void)4596 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_enc_null(void)
4597 {
4598 WOLFSSL_ENTER("wolfSSL_EVP_enc_null");
4599 return EVP_NULL;
4600 }
4601
wolfSSL_EVP_MD_CTX_cleanup(WOLFSSL_EVP_MD_CTX * ctx)4602 int wolfSSL_EVP_MD_CTX_cleanup(WOLFSSL_EVP_MD_CTX* ctx)
4603 {
4604 int ret = WOLFSSL_SUCCESS;
4605 WOLFSSL_ENTER("EVP_MD_CTX_cleanup");
4606 if (ctx->pctx != NULL)
4607 wolfSSL_EVP_PKEY_CTX_free(ctx->pctx);
4608
4609 if (ctx->isHMAC) {
4610 wc_HmacFree(&ctx->hash.hmac);
4611 }
4612 else {
4613 switch (ctx->macType) {
4614 case WC_HASH_TYPE_MD5:
4615 #ifndef NO_MD5
4616 wc_Md5Free((wc_Md5*)&ctx->hash.digest);
4617 #endif /* !NO_MD5 */
4618 break;
4619 case WC_HASH_TYPE_SHA:
4620 #ifndef NO_SHA
4621 wc_ShaFree((wc_Sha*)&ctx->hash.digest);
4622 #endif /* !NO_SHA */
4623 break;
4624 case WC_HASH_TYPE_SHA224:
4625 #ifdef WOLFSSL_SHA224
4626 wc_Sha224Free((wc_Sha224*)&ctx->hash.digest);
4627 #endif /* WOLFSSL_SHA224 */
4628 break;
4629 case WC_HASH_TYPE_SHA256:
4630 #ifndef NO_SHA256
4631 wc_Sha256Free((wc_Sha256*)&ctx->hash.digest);
4632 #endif /* !NO_SHA256 */
4633 break;
4634 case WC_HASH_TYPE_SHA384:
4635 #ifdef WOLFSSL_SHA384
4636 wc_Sha384Free((wc_Sha384*)&ctx->hash.digest);
4637 #endif /* WOLFSSL_SHA384 */
4638 break;
4639 case WC_HASH_TYPE_SHA512:
4640 #ifdef WOLFSSL_SHA512
4641 wc_Sha512Free((wc_Sha512*)&ctx->hash.digest);
4642 #endif /* WOLFSSL_SHA512 */
4643 break;
4644 #ifndef WOLFSSL_NOSHA512_224
4645 case WC_HASH_TYPE_SHA512_224:
4646 #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
4647 defined(WOLFSSL_SHA512)
4648 wc_Sha512_224Free((wc_Sha512*)&ctx->hash.digest);
4649 #endif
4650 break;
4651 #endif /* !WOLFSSL_NOSHA512_224 */
4652 #ifndef WOLFSSL_NOSHA512_256
4653 case WC_HASH_TYPE_SHA512_256:
4654 #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
4655 defined(WOLFSSL_SHA512)
4656 wc_Sha512_256Free((wc_Sha512*)&ctx->hash.digest);
4657 #endif
4658 break;
4659 #endif /* !WOLFSSL_NOSHA512_256 */
4660 case WC_HASH_TYPE_SHA3_224:
4661 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224)
4662 wc_Sha3_224_Free((wc_Sha3*)&ctx->hash.digest);
4663 #endif
4664 break;
4665 case WC_HASH_TYPE_SHA3_256:
4666 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
4667 wc_Sha3_256_Free((wc_Sha3*)&ctx->hash.digest);
4668 #endif
4669 break;
4670 case WC_HASH_TYPE_SHA3_384:
4671 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384)
4672 wc_Sha3_384_Free((wc_Sha3*)&ctx->hash.digest);
4673 #endif
4674 break;
4675 case WC_HASH_TYPE_SHA3_512:
4676 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512)
4677 wc_Sha3_512_Free((wc_Sha3*)&ctx->hash.digest);
4678 #endif
4679 break;
4680 case WC_HASH_TYPE_NONE:
4681 /* Not an error since an unused struct could be free'd or
4682 * reset. */
4683 break;
4684 case WC_HASH_TYPE_MD2:
4685 case WC_HASH_TYPE_MD4:
4686 case WC_HASH_TYPE_MD5_SHA:
4687 case WC_HASH_TYPE_BLAKE2B:
4688 case WC_HASH_TYPE_BLAKE2S:
4689 #ifndef WOLFSSL_NO_SHAKE256
4690 case WC_HASH_TYPE_SHAKE128:
4691 case WC_HASH_TYPE_SHAKE256:
4692 #endif
4693 default:
4694 ret = WOLFSSL_FAILURE;
4695 break;
4696 }
4697 }
4698 ForceZero(ctx, sizeof(*ctx));
4699 ctx->macType = WC_HASH_TYPE_NONE;
4700 return ret;
4701 }
4702
wolfSSL_EVP_CIPHER_CTX_init(WOLFSSL_EVP_CIPHER_CTX * ctx)4703 void wolfSSL_EVP_CIPHER_CTX_init(WOLFSSL_EVP_CIPHER_CTX* ctx)
4704 {
4705 WOLFSSL_ENTER("EVP_CIPHER_CTX_init");
4706 if (ctx) {
4707 XMEMSET(ctx, 0, sizeof(WOLFSSL_EVP_CIPHER_CTX));
4708 ctx->cipherType = WOLFSSL_EVP_CIPH_TYPE_INIT; /* not yet initialized */
4709 ctx->keyLen = 0;
4710 ctx->enc = 1; /* start in encrypt mode */
4711 }
4712 }
4713
4714 #if defined(HAVE_AESGCM) && !defined(HAVE_SELFTEST)
IncCtr(byte * ctr,word32 ctrSz)4715 static WC_INLINE void IncCtr(byte* ctr, word32 ctrSz)
4716 {
4717 int i;
4718 for (i = ctrSz-1; i >= 0; i--) {
4719 if (++ctr[i])
4720 break;
4721 }
4722 }
4723 #endif
4724
4725 /* This function allows cipher specific parameters to be
4726 determined and set. */
wolfSSL_EVP_CIPHER_CTX_ctrl(WOLFSSL_EVP_CIPHER_CTX * ctx,int type,int arg,void * ptr)4727 int wolfSSL_EVP_CIPHER_CTX_ctrl(WOLFSSL_EVP_CIPHER_CTX *ctx, int type, \
4728 int arg, void *ptr)
4729 {
4730 int ret = WOLFSSL_FAILURE;
4731 #if defined(HAVE_AESGCM) && !defined(HAVE_SELFTEST) && !defined(WC_NO_RNG)
4732 WC_RNG rng;
4733 #endif
4734 if (ctx == NULL)
4735 return WOLFSSL_FAILURE;
4736
4737 (void)arg;
4738 (void)ptr;
4739
4740 WOLFSSL_ENTER("EVP_CIPHER_CTX_ctrl");
4741
4742 switch(type) {
4743 case EVP_CTRL_INIT:
4744 wolfSSL_EVP_CIPHER_CTX_init(ctx);
4745 if(ctx)
4746 ret = WOLFSSL_SUCCESS;
4747 break;
4748 case EVP_CTRL_SET_KEY_LENGTH:
4749 ret = wolfSSL_EVP_CIPHER_CTX_set_key_length(ctx, arg);
4750 break;
4751 #if defined(HAVE_AESGCM) && !defined(HAVE_SELFTEST) && !defined(WC_NO_RNG)
4752 case EVP_CTRL_GCM_SET_IVLEN:
4753 if ((ctx->flags & WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER) == 0)
4754 break;
4755 if(arg <= 0 || arg > 16)
4756 break;
4757 ret = wolfSSL_EVP_CIPHER_CTX_set_iv_length(ctx, arg);
4758 break;
4759 case EVP_CTRL_AEAD_SET_IV_FIXED:
4760 if ((ctx->flags & WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER) == 0)
4761 break;
4762 if (arg == -1) {
4763 /* arg == -1 copies ctx->ivSz from ptr */
4764 ret = wolfSSL_EVP_CIPHER_CTX_set_iv(ctx, (byte*)ptr, ctx->ivSz);
4765 } else {
4766 /*
4767 * Fixed field must be at least 4 bytes and invocation
4768 * field at least 8.
4769 */
4770 if ((arg < 4) || (ctx->ivSz - arg) < 8) {
4771 WOLFSSL_MSG("Fixed field or invocation field too short");
4772 break;
4773 }
4774 /* arg is 4...(ctx->ivSz - 8) */
4775 XMEMCPY(ctx->iv, ptr, arg);
4776 if (wc_InitRng(&rng) != 0) {
4777 WOLFSSL_MSG("wc_InitRng failed");
4778 break;
4779 }
4780 if (wc_RNG_GenerateBlock(&rng, ctx->iv + arg,
4781 ctx->ivSz - arg) == 0) {
4782 ret = WOLFSSL_SUCCESS;
4783 } else {
4784 /* rng is freed immediately after if block so no need
4785 * to do it here
4786 */
4787 WOLFSSL_MSG("wc_RNG_GenerateBlock failed");
4788 }
4789 if (wc_FreeRng(&rng) != 0) {
4790 WOLFSSL_MSG("wc_FreeRng failed");
4791 ret = WOLFSSL_FAILURE;
4792 break;
4793 }
4794 }
4795 break;
4796 #if !defined(_WIN32) && (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
4797 (HAVE_FIPS_VERSION >= 2)))
4798 case EVP_CTRL_GCM_IV_GEN:
4799 if ((ctx->flags & WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER) == 0)
4800 break;
4801 if (ctx->cipher.aes.keylen == 0 || ctx->ivSz == 0) {
4802 WOLFSSL_MSG("Key or IV not set");
4803 break;
4804 }
4805 if (wc_AesGcmSetExtIV(&ctx->cipher.aes, ctx->iv,
4806 ctx->ivSz) != 0) {
4807 WOLFSSL_MSG("wc_AesGcmSetIV failed");
4808 break;
4809 }
4810 #ifdef WOLFSSL_AESGCM_STREAM
4811 /* Initialize using IV cached in Aes object. */
4812 if (wc_AesGcmInit(&ctx->cipher.aes, NULL, 0, NULL, 0) != 0) {
4813 WOLFSSL_MSG("wc_AesGcmInit failed");
4814 break;
4815 }
4816 #endif /* WOLFSSL_AESGCM_STREAM */
4817 /* OpenSSL increments the IV. Not sure why */
4818 IncCtr(ctx->iv, ctx->ivSz);
4819 /* Clear any leftover AAD. */
4820 if (ctx->gcmAuthIn != NULL)
4821 XMEMSET(ctx->gcmAuthIn, 0, ctx->gcmAuthInSz);
4822 ctx->gcmAuthInSz = 0;
4823 ret = WOLFSSL_SUCCESS;
4824 break;
4825 #endif
4826 case EVP_CTRL_AEAD_SET_TAG:
4827 if ((ctx->flags & WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER) == 0)
4828 break;
4829 if(arg <= 0 || arg > 16 || (ptr == NULL))
4830 break;
4831
4832 XMEMCPY(ctx->authTag, ptr, arg);
4833 ctx->authTagSz = arg;
4834 ret = WOLFSSL_SUCCESS;
4835 break;
4836 case EVP_CTRL_AEAD_GET_TAG:
4837 if ((ctx->flags & WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER) == 0)
4838 break;
4839 if(arg <= 0 || arg > 16)
4840 break;
4841
4842 XMEMCPY(ptr, ctx->authTag, arg);
4843 ret = WOLFSSL_SUCCESS;
4844 break;
4845 #endif /* HAVE_AESGCM && !HAVE_SELFTEST && !WC_NO_RNG */
4846 default:
4847 WOLFSSL_MSG("EVP_CIPHER_CTX_ctrl operation not yet handled");
4848 break;
4849 }
4850 return ret;
4851 }
4852
4853 /* WOLFSSL_SUCCESS on ok */
wolfSSL_EVP_CIPHER_CTX_cleanup(WOLFSSL_EVP_CIPHER_CTX * ctx)4854 int wolfSSL_EVP_CIPHER_CTX_cleanup(WOLFSSL_EVP_CIPHER_CTX* ctx)
4855 {
4856 WOLFSSL_ENTER("EVP_CIPHER_CTX_cleanup");
4857 if (ctx) {
4858 #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
4859 (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
4860 #if defined(HAVE_AESGCM) && defined(WOLFSSL_AESGCM_STREAM)
4861 if ((ctx->cipherType == AES_128_GCM_TYPE) ||
4862 (ctx->cipherType == AES_192_GCM_TYPE) ||
4863 (ctx->cipherType == AES_256_GCM_TYPE)) {
4864 wc_AesFree(&ctx->cipher.aes);
4865 }
4866 #endif /* HAVE_AESGCM && WOLFSSL_AESGCM_STREAM */
4867 #endif /* not FIPS or FIPS v2+ */
4868 ctx->cipherType = WOLFSSL_EVP_CIPH_TYPE_INIT; /* not yet initialized */
4869 ctx->keyLen = 0;
4870 #ifdef HAVE_AESGCM
4871 if (ctx->gcmBuffer) {
4872 XFREE(ctx->gcmBuffer, NULL, DYNAMIC_TYPE_OPENSSL);
4873 ctx->gcmBuffer = NULL;
4874 }
4875 ctx->gcmBufferLen = 0;
4876 if (ctx->gcmAuthIn) {
4877 XFREE(ctx->gcmAuthIn, NULL, DYNAMIC_TYPE_OPENSSL);
4878 ctx->gcmAuthIn = NULL;
4879 }
4880 ctx->gcmAuthInSz = 0;
4881 #endif
4882 }
4883
4884 return WOLFSSL_SUCCESS;
4885 }
4886
4887 /* Permanent stub for Qt compilation. */
4888 #if defined(WOLFSSL_QT) && !defined(NO_WOLFSSL_STUB)
wolfSSL_EVP_rc2_cbc(void)4889 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_rc2_cbc(void)
4890 {
4891 WOLFSSL_ENTER("wolfSSL_EVP_rc2_cbc");
4892 WOLFSSL_STUB("EVP_rc2_cbc");
4893 return NULL;
4894 }
4895 #endif
4896
4897 #if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_PWDBASED)
4898
wolfSSL_EVP_BytesToKey(const WOLFSSL_EVP_CIPHER * type,const WOLFSSL_EVP_MD * md,const byte * salt,const byte * data,int sz,int count,byte * key,byte * iv)4899 int wolfSSL_EVP_BytesToKey(const WOLFSSL_EVP_CIPHER* type,
4900 const WOLFSSL_EVP_MD* md, const byte* salt,
4901 const byte* data, int sz, int count, byte* key, byte* iv)
4902 {
4903 int ret;
4904 int hashType = WC_HASH_TYPE_NONE;
4905 #ifdef WOLFSSL_SMALL_STACK
4906 EncryptedInfo* info;
4907 #else
4908 EncryptedInfo info[1];
4909 #endif
4910
4911 #ifdef WOLFSSL_SMALL_STACK
4912 info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL,
4913 DYNAMIC_TYPE_ENCRYPTEDINFO);
4914 if (info == NULL) {
4915 WOLFSSL_MSG("malloc failed");
4916 return WOLFSSL_FAILURE;
4917 }
4918 #endif
4919
4920 XMEMSET(info, 0, sizeof(EncryptedInfo));
4921
4922 ret = wc_EncryptedInfoGet(info, type);
4923 if (ret < 0)
4924 goto end;
4925
4926 if (data == NULL) {
4927 ret = info->keySz;
4928 goto end;
4929 }
4930
4931 ret = wolfSSL_EVP_get_hashinfo(md, &hashType, NULL);
4932 if (ret == WOLFSSL_FAILURE)
4933 goto end;
4934
4935 ret = wc_PBKDF1_ex(key, info->keySz, iv, info->ivSz, data, sz, salt,
4936 EVP_SALT_SIZE, count, hashType, NULL);
4937 if (ret == 0)
4938 ret = info->keySz;
4939
4940 end:
4941 #ifdef WOLFSSL_SMALL_STACK
4942 XFREE(info, NULL, DYNAMIC_TYPE_ENCRYPTEDINFO);
4943 #endif
4944 if (ret < 0)
4945 return 0; /* failure - for compatibility */
4946
4947 return ret;
4948 }
4949
4950 #endif /* WOLFSSL_ENCRYPTED_KEYS && !NO_PWDBASED */
4951
4952
4953 #ifndef NO_AES
4954 #if defined(WOLFSSL_AES_128) || defined(WOLFSSL_AES_192) || \
4955 defined(WOLFSSL_AES_256)
4956 #define AES_SIZE_ANY
4957 #endif
4958
4959 #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER) || \
4960 defined(HAVE_AES_ECB) || defined(WOLFSSL_AES_CFB) || \
4961 defined(WOLFSSSL_AES_OFB)
4962 #define AES_SET_KEY
4963 #endif
4964
4965 #if defined(AES_SIZE_ANY) && defined(AES_SET_KEY)
AesSetKey_ex(Aes * aes,const byte * key,word32 len,const byte * iv,int dir,int direct)4966 static int AesSetKey_ex(Aes* aes, const byte* key, word32 len,
4967 const byte* iv, int dir, int direct)
4968 {
4969 int ret;
4970 /* wc_AesSetKey clear aes.reg if iv == NULL.
4971 Keep IV for openSSL compatibility */
4972 if (iv == NULL)
4973 XMEMCPY((byte *)aes->tmp, (byte *)aes->reg, AES_BLOCK_SIZE);
4974 if (direct) {
4975 #if defined(WOLFSSL_AES_DIRECT)
4976 ret = wc_AesSetKeyDirect(aes, key, len, iv, dir);
4977 #else
4978 ret = NOT_COMPILED_IN;
4979 #endif
4980 }
4981 else {
4982 ret = wc_AesSetKey(aes, key, len, iv, dir);
4983 }
4984 if (iv == NULL)
4985 XMEMCPY((byte *)aes->reg, (byte *)aes->tmp, AES_BLOCK_SIZE);
4986 return ret;
4987 }
4988 #endif /* AES_ANY_SIZE && AES_SET_KEY */
4989 #endif /* NO_AES */
4990
4991 /* return WOLFSSL_SUCCESS on ok, 0 on failure to match API compatibility */
wolfSSL_EVP_CipherInit(WOLFSSL_EVP_CIPHER_CTX * ctx,const WOLFSSL_EVP_CIPHER * type,const byte * key,const byte * iv,int enc)4992 int wolfSSL_EVP_CipherInit(WOLFSSL_EVP_CIPHER_CTX* ctx,
4993 const WOLFSSL_EVP_CIPHER* type, const byte* key,
4994 const byte* iv, int enc)
4995 {
4996 int ret = 0;
4997 (void)key;
4998 (void)iv;
4999 (void)enc;
5000
5001 WOLFSSL_ENTER("wolfSSL_EVP_CipherInit");
5002 if (ctx == NULL) {
5003 WOLFSSL_MSG("no ctx");
5004 return WOLFSSL_FAILURE;
5005 }
5006
5007 if (type == NULL && ctx->cipherType == WOLFSSL_EVP_CIPH_TYPE_INIT) {
5008 WOLFSSL_MSG("no type set");
5009 return WOLFSSL_FAILURE;
5010 }
5011 if (ctx->cipherType == WOLFSSL_EVP_CIPH_TYPE_INIT){
5012 /* only first EVP_CipherInit invoke. ctx->cipherType is set below */
5013 XMEMSET(&ctx->cipher, 0, sizeof(ctx->cipher));
5014 ctx->flags = 0;
5015 }
5016 /* always clear buffer state */
5017 ctx->bufUsed = 0;
5018 ctx->lastUsed = 0;
5019
5020 #ifdef HAVE_WOLFSSL_EVP_CIPHER_CTX_IV
5021 if (!iv && ctx->ivSz) {
5022 iv = ctx->iv;
5023 }
5024 #endif
5025 #ifdef HAVE_AESGCM
5026 if (ctx->gcmAuthIn) {
5027 XFREE(ctx->gcmAuthIn, NULL, DYNAMIC_TYPE_OPENSSL);
5028 ctx->gcmAuthIn = NULL;
5029 }
5030 ctx->gcmAuthInSz = 0;
5031 #endif
5032
5033 #ifndef NO_AES
5034 #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
5035 #ifdef WOLFSSL_AES_128
5036 if (ctx->cipherType == AES_128_CBC_TYPE ||
5037 (type && XSTRNCMP(type, EVP_AES_128_CBC, EVP_AES_SIZE) == 0)) {
5038 WOLFSSL_MSG("EVP_AES_128_CBC");
5039 ctx->cipherType = AES_128_CBC_TYPE;
5040 ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE;
5041 ctx->flags |= WOLFSSL_EVP_CIPH_CBC_MODE;
5042 ctx->keyLen = 16;
5043 ctx->block_size = AES_BLOCK_SIZE;
5044 ctx->ivSz = AES_BLOCK_SIZE;
5045 if (enc == 0 || enc == 1)
5046 ctx->enc = enc ? 1 : 0;
5047 if (key) {
5048 ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv,
5049 ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION, 0);
5050 if (ret != 0)
5051 return WOLFSSL_FAILURE;
5052 }
5053 if (iv && key == NULL) {
5054 ret = wc_AesSetIV(&ctx->cipher.aes, iv);
5055 if (ret != 0)
5056 return WOLFSSL_FAILURE;
5057 }
5058 }
5059 #endif /* WOLFSSL_AES_128 */
5060 #ifdef WOLFSSL_AES_192
5061 if (ctx->cipherType == AES_192_CBC_TYPE ||
5062 (type && XSTRNCMP(type, EVP_AES_192_CBC, EVP_AES_SIZE) == 0)) {
5063 WOLFSSL_MSG("EVP_AES_192_CBC");
5064 ctx->cipherType = AES_192_CBC_TYPE;
5065 ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE;
5066 ctx->flags |= WOLFSSL_EVP_CIPH_CBC_MODE;
5067 ctx->keyLen = 24;
5068 ctx->block_size = AES_BLOCK_SIZE;
5069 ctx->ivSz = AES_BLOCK_SIZE;
5070 if (enc == 0 || enc == 1)
5071 ctx->enc = enc ? 1 : 0;
5072 if (key) {
5073 ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv,
5074 ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION, 0);
5075 if (ret != 0)
5076 return WOLFSSL_FAILURE;
5077 }
5078 if (iv && key == NULL) {
5079 ret = wc_AesSetIV(&ctx->cipher.aes, iv);
5080 if (ret != 0)
5081 return WOLFSSL_FAILURE;
5082 }
5083 }
5084 #endif /* WOLFSSL_AES_192 */
5085 #ifdef WOLFSSL_AES_256
5086 if (ctx->cipherType == AES_256_CBC_TYPE ||
5087 (type && XSTRNCMP(type, EVP_AES_256_CBC, EVP_AES_SIZE) == 0)) {
5088 WOLFSSL_MSG("EVP_AES_256_CBC");
5089 ctx->cipherType = AES_256_CBC_TYPE;
5090 ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE;
5091 ctx->flags |= WOLFSSL_EVP_CIPH_CBC_MODE;
5092 ctx->keyLen = 32;
5093 ctx->block_size = AES_BLOCK_SIZE;
5094 ctx->ivSz = AES_BLOCK_SIZE;
5095 if (enc == 0 || enc == 1)
5096 ctx->enc = enc ? 1 : 0;
5097 if (key) {
5098 ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv,
5099 ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION, 0);
5100 if (ret != 0){
5101 WOLFSSL_MSG("AesSetKey() failed");
5102 return WOLFSSL_FAILURE;
5103 }
5104 }
5105 if (iv && key == NULL) {
5106 ret = wc_AesSetIV(&ctx->cipher.aes, iv);
5107 if (ret != 0){
5108 WOLFSSL_MSG("wc_AesSetIV() failed");
5109 return WOLFSSL_FAILURE;
5110 }
5111 }
5112 }
5113 #endif /* WOLFSSL_AES_256 */
5114 #endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */
5115 #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
5116 (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
5117 #ifdef HAVE_AESGCM
5118 #ifdef WOLFSSL_AES_128
5119 if (ctx->cipherType == AES_128_GCM_TYPE ||
5120 (type && XSTRNCMP(type, EVP_AES_128_GCM, EVP_AES_SIZE) == 0)) {
5121 WOLFSSL_MSG("EVP_AES_128_GCM");
5122 ctx->cipherType = AES_128_GCM_TYPE;
5123 ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE;
5124 ctx->flags |= WOLFSSL_EVP_CIPH_GCM_MODE |
5125 WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER;
5126 ctx->keyLen = 16;
5127 ctx->block_size = AES_BLOCK_SIZE;
5128 ctx->authTagSz = AES_BLOCK_SIZE;
5129 ctx->ivSz = GCM_NONCE_MID_SZ;
5130
5131 #ifndef WOLFSSL_AESGCM_STREAM
5132 if (key && wc_AesGcmSetKey(&ctx->cipher.aes, key, ctx->keyLen)) {
5133 WOLFSSL_MSG("wc_AesGcmSetKey() failed");
5134 return WOLFSSL_FAILURE;
5135 }
5136 #endif /* !WOLFSSL_AESGCM_STREAM */
5137 if (iv && wc_AesGcmSetExtIV(&ctx->cipher.aes, iv, GCM_NONCE_MID_SZ)) {
5138 WOLFSSL_MSG("wc_AesGcmSetExtIV() failed");
5139 return WOLFSSL_FAILURE;
5140 }
5141 #ifdef WOLFSSL_AESGCM_STREAM
5142 /* Initialize with key and IV if available. */
5143 if (wc_AesGcmInit(&ctx->cipher.aes, key,
5144 (key == NULL) ? 0 : ctx->keyLen, iv,
5145 (iv == NULL) ? 0 : GCM_NONCE_MID_SZ) != 0) {
5146 WOLFSSL_MSG("wc_AesGcmInit() failed");
5147 return WOLFSSL_FAILURE;
5148 }
5149 #endif /* WOLFSSL_AESGCM_STREAM */
5150 if (enc == 0 || enc == 1)
5151 ctx->enc = enc ? 1 : 0;
5152 }
5153 #endif /* WOLFSSL_AES_128 */
5154 #ifdef WOLFSSL_AES_192
5155 if (ctx->cipherType == AES_192_GCM_TYPE ||
5156 (type && XSTRNCMP(type, EVP_AES_192_GCM, EVP_AES_SIZE) == 0)) {
5157 WOLFSSL_MSG("EVP_AES_192_GCM");
5158 ctx->cipherType = AES_192_GCM_TYPE;
5159 ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE;
5160 ctx->flags |= WOLFSSL_EVP_CIPH_GCM_MODE |
5161 WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER;
5162 ctx->keyLen = 24;
5163 ctx->block_size = AES_BLOCK_SIZE;
5164 ctx->authTagSz = AES_BLOCK_SIZE;
5165 ctx->ivSz = GCM_NONCE_MID_SZ;
5166
5167 #ifndef WOLFSSL_AESGCM_STREAM
5168 if (key && wc_AesGcmSetKey(&ctx->cipher.aes, key, ctx->keyLen)) {
5169 WOLFSSL_MSG("wc_AesGcmSetKey() failed");
5170 return WOLFSSL_FAILURE;
5171 }
5172 #endif /* !WOLFSSL_AESGCM_STREAM */
5173 if (iv && wc_AesGcmSetExtIV(&ctx->cipher.aes, iv, GCM_NONCE_MID_SZ)) {
5174 WOLFSSL_MSG("wc_AesGcmSetExtIV() failed");
5175 return WOLFSSL_FAILURE;
5176 }
5177 #ifdef WOLFSSL_AESGCM_STREAM
5178 /* Initialize with key and IV if available. */
5179 if (wc_AesGcmInit(&ctx->cipher.aes, key,
5180 (key == NULL) ? 0 : ctx->keyLen, iv,
5181 (iv == NULL) ? 0 : GCM_NONCE_MID_SZ) != 0) {
5182 WOLFSSL_MSG("wc_AesGcmInit() failed");
5183 return WOLFSSL_FAILURE;
5184 }
5185 #endif /* WOLFSSL_AESGCM_STREAM */
5186 if (enc == 0 || enc == 1)
5187 ctx->enc = enc ? 1 : 0;
5188 }
5189 #endif /* WOLFSSL_AES_192 */
5190 #ifdef WOLFSSL_AES_256
5191 if (ctx->cipherType == AES_256_GCM_TYPE ||
5192 (type && XSTRNCMP(type, EVP_AES_256_GCM, EVP_AES_SIZE) == 0)) {
5193 WOLFSSL_MSG("EVP_AES_256_GCM");
5194 ctx->cipherType = AES_256_GCM_TYPE;
5195 ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE;
5196 ctx->flags |= WOLFSSL_EVP_CIPH_GCM_MODE |
5197 WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER;
5198 ctx->keyLen = 32;
5199 ctx->block_size = AES_BLOCK_SIZE;
5200 ctx->authTagSz = AES_BLOCK_SIZE;
5201 ctx->ivSz = GCM_NONCE_MID_SZ;
5202
5203 #ifndef WOLFSSL_AESGCM_STREAM
5204 if (key && wc_AesGcmSetKey(&ctx->cipher.aes, key, ctx->keyLen)) {
5205 WOLFSSL_MSG("wc_AesGcmSetKey() failed");
5206 return WOLFSSL_FAILURE;
5207 }
5208 #endif /* !WOLFSSL_AESGCM_STREAM */
5209 if (iv && wc_AesGcmSetExtIV(&ctx->cipher.aes, iv, GCM_NONCE_MID_SZ)) {
5210 WOLFSSL_MSG("wc_AesGcmSetExtIV() failed");
5211 return WOLFSSL_FAILURE;
5212 }
5213 #ifdef WOLFSSL_AESGCM_STREAM
5214 /* Initialize with key and IV if available. */
5215 if (wc_AesGcmInit(&ctx->cipher.aes,
5216 key, (key == NULL) ? 0 : ctx->keyLen,
5217 iv, (iv == NULL) ? 0 : GCM_NONCE_MID_SZ) != 0) {
5218 WOLFSSL_MSG("wc_AesGcmInit() failed");
5219 return WOLFSSL_FAILURE;
5220 }
5221 #endif /* WOLFSSL_AESGCM_STREAM */
5222 if (enc == 0 || enc == 1)
5223 ctx->enc = enc ? 1 : 0;
5224 }
5225 #endif /* WOLFSSL_AES_256 */
5226 #endif /* HAVE_AESGCM */
5227 #endif /* (!HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION >= 2 */
5228 #ifdef WOLFSSL_AES_COUNTER
5229 #ifdef WOLFSSL_AES_128
5230 if (ctx->cipherType == AES_128_CTR_TYPE ||
5231 (type && XSTRNCMP(type, EVP_AES_128_CTR, EVP_AES_SIZE) == 0)) {
5232 WOLFSSL_MSG("EVP_AES_128_CTR");
5233 ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE;
5234 ctx->cipherType = AES_128_CTR_TYPE;
5235 ctx->flags |= WOLFSSL_EVP_CIPH_CTR_MODE;
5236 ctx->keyLen = 16;
5237 ctx->block_size = NO_PADDING_BLOCK_SIZE;
5238 ctx->ivSz = AES_BLOCK_SIZE;
5239 #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB)
5240 ctx->cipher.aes.left = 0;
5241 #endif
5242 if (enc == 0 || enc == 1)
5243 ctx->enc = enc ? 1 : 0;
5244 if (key) {
5245 ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv,
5246 AES_ENCRYPTION, 1);
5247 if (ret != 0)
5248 return WOLFSSL_FAILURE;
5249 }
5250 if (iv && key == NULL) {
5251 ret = wc_AesSetIV(&ctx->cipher.aes, iv);
5252 if (ret != 0)
5253 return WOLFSSL_FAILURE;
5254 }
5255 }
5256 #endif /* WOLFSSL_AES_128 */
5257 #ifdef WOLFSSL_AES_192
5258 if (ctx->cipherType == AES_192_CTR_TYPE ||
5259 (type && XSTRNCMP(type, EVP_AES_192_CTR, EVP_AES_SIZE) == 0)) {
5260 WOLFSSL_MSG("EVP_AES_192_CTR");
5261 ctx->cipherType = AES_192_CTR_TYPE;
5262 ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE;
5263 ctx->flags |= WOLFSSL_EVP_CIPH_CTR_MODE;
5264 ctx->keyLen = 24;
5265 ctx->block_size = NO_PADDING_BLOCK_SIZE;
5266 ctx->ivSz = AES_BLOCK_SIZE;
5267 #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB)
5268 ctx->cipher.aes.left = 0;
5269 #endif
5270 if (enc == 0 || enc == 1)
5271 ctx->enc = enc ? 1 : 0;
5272 if (key) {
5273 ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv,
5274 AES_ENCRYPTION, 1);
5275 if (ret != 0)
5276 return WOLFSSL_FAILURE;
5277 }
5278 if (iv && key == NULL) {
5279 ret = wc_AesSetIV(&ctx->cipher.aes, iv);
5280 if (ret != 0)
5281 return WOLFSSL_FAILURE;
5282 }
5283 }
5284 #endif /* WOLFSSL_AES_192 */
5285 #ifdef WOLFSSL_AES_256
5286 if (ctx->cipherType == AES_256_CTR_TYPE ||
5287 (type && XSTRNCMP(type, EVP_AES_256_CTR, EVP_AES_SIZE) == 0)) {
5288 WOLFSSL_MSG("EVP_AES_256_CTR");
5289 ctx->cipherType = AES_256_CTR_TYPE;
5290 ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE;
5291 ctx->flags |= WOLFSSL_EVP_CIPH_CTR_MODE;
5292 ctx->keyLen = 32;
5293 ctx->block_size = NO_PADDING_BLOCK_SIZE;
5294 ctx->ivSz = AES_BLOCK_SIZE;
5295 #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB)
5296 ctx->cipher.aes.left = 0;
5297 #endif
5298 if (enc == 0 || enc == 1)
5299 ctx->enc = enc ? 1 : 0;
5300 if (key) {
5301 ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv,
5302 AES_ENCRYPTION, 1);
5303 if (ret != 0)
5304 return WOLFSSL_FAILURE;
5305 }
5306 if (iv && key == NULL) {
5307 ret = wc_AesSetIV(&ctx->cipher.aes, iv);
5308 if (ret != 0)
5309 return WOLFSSL_FAILURE;
5310 }
5311 }
5312 #endif /* WOLFSSL_AES_256 */
5313 #endif /* WOLFSSL_AES_COUNTER */
5314 #ifdef HAVE_AES_ECB
5315 #ifdef WOLFSSL_AES_128
5316 if (ctx->cipherType == AES_128_ECB_TYPE ||
5317 (type && XSTRNCMP(type, EVP_AES_128_ECB, EVP_AES_SIZE) == 0)) {
5318 WOLFSSL_MSG("EVP_AES_128_ECB");
5319 ctx->cipherType = AES_128_ECB_TYPE;
5320 ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE;
5321 ctx->flags |= WOLFSSL_EVP_CIPH_ECB_MODE;
5322 ctx->keyLen = 16;
5323 ctx->block_size = AES_BLOCK_SIZE;
5324 if (enc == 0 || enc == 1)
5325 ctx->enc = enc ? 1 : 0;
5326 if (key) {
5327 ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, NULL,
5328 ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION, 1);
5329 }
5330 if (ret != 0)
5331 return WOLFSSL_FAILURE;
5332 }
5333 #endif /* WOLFSSL_AES_128 */
5334 #ifdef WOLFSSL_AES_192
5335 if (ctx->cipherType == AES_192_ECB_TYPE ||
5336 (type && XSTRNCMP(type, EVP_AES_192_ECB, EVP_AES_SIZE) == 0)) {
5337 WOLFSSL_MSG("EVP_AES_192_ECB");
5338 ctx->cipherType = AES_192_ECB_TYPE;
5339 ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE;
5340 ctx->flags |= WOLFSSL_EVP_CIPH_ECB_MODE;
5341 ctx->keyLen = 24;
5342 ctx->block_size = AES_BLOCK_SIZE;
5343 if (enc == 0 || enc == 1)
5344 ctx->enc = enc ? 1 : 0;
5345 if (key) {
5346 ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, NULL,
5347 ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION, 1);
5348 }
5349 if (ret != 0)
5350 return WOLFSSL_FAILURE;
5351 }
5352 #endif /* WOLFSSL_AES_192 */
5353 #ifdef WOLFSSL_AES_256
5354 if (ctx->cipherType == AES_256_ECB_TYPE ||
5355 (type && XSTRNCMP(type, EVP_AES_256_ECB, EVP_AES_SIZE) == 0)) {
5356 WOLFSSL_MSG("EVP_AES_256_ECB");
5357 ctx->cipherType = AES_256_ECB_TYPE;
5358 ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE;
5359 ctx->flags |= WOLFSSL_EVP_CIPH_ECB_MODE;
5360 ctx->keyLen = 32;
5361 ctx->block_size = AES_BLOCK_SIZE;
5362 if (enc == 0 || enc == 1)
5363 ctx->enc = enc ? 1 : 0;
5364 if (key) {
5365 ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, NULL,
5366 ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION, 1);
5367 }
5368 if (ret != 0)
5369 return WOLFSSL_FAILURE;
5370 }
5371 #endif /* WOLFSSL_AES_256 */
5372 #endif /* HAVE_AES_ECB */
5373 #ifdef WOLFSSL_AES_CFB
5374 #ifdef WOLFSSL_AES_128
5375 if (ctx->cipherType == AES_128_CFB1_TYPE ||
5376 (type && XSTRNCMP(type, EVP_AES_128_CFB1, EVP_AESCFB_SIZE) == 0)) {
5377 WOLFSSL_MSG("EVP_AES_128_CFB1");
5378 ctx->cipherType = AES_128_CFB1_TYPE;
5379 ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE;
5380 ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE;
5381 ctx->keyLen = 16;
5382 ctx->block_size = 1;
5383 if (enc == 0 || enc == 1)
5384 ctx->enc = enc ? 1 : 0;
5385 if (key) {
5386 ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv,
5387 AES_ENCRYPTION, 0);
5388 if (ret != 0)
5389 return WOLFSSL_FAILURE;
5390 }
5391 if (iv && key == NULL) {
5392 ret = wc_AesSetIV(&ctx->cipher.aes, iv);
5393 if (ret != 0)
5394 return WOLFSSL_FAILURE;
5395 }
5396 }
5397 #endif /* WOLFSSL_AES_128 */
5398 #ifdef WOLFSSL_AES_192
5399 if (ctx->cipherType == AES_192_CFB1_TYPE ||
5400 (type && XSTRNCMP(type, EVP_AES_192_CFB1, EVP_AESCFB_SIZE) == 0)) {
5401 WOLFSSL_MSG("EVP_AES_192_CFB1");
5402 ctx->cipherType = AES_192_CFB1_TYPE;
5403 ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE;
5404 ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE;
5405 ctx->keyLen = 24;
5406 ctx->block_size = 1;
5407 if (enc == 0 || enc == 1)
5408 ctx->enc = enc ? 1 : 0;
5409 if (key) {
5410 ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv,
5411 AES_ENCRYPTION, 0);
5412 if (ret != 0)
5413 return WOLFSSL_FAILURE;
5414 }
5415 if (iv && key == NULL) {
5416 ret = wc_AesSetIV(&ctx->cipher.aes, iv);
5417 if (ret != 0)
5418 return WOLFSSL_FAILURE;
5419 }
5420 }
5421 #endif /* WOLFSSL_AES_192 */
5422 #ifdef WOLFSSL_AES_256
5423 if (ctx->cipherType == AES_256_CFB1_TYPE ||
5424 (type && XSTRNCMP(type, EVP_AES_256_CFB1, EVP_AESCFB_SIZE) == 0)) {
5425 WOLFSSL_MSG("EVP_AES_256_CFB1");
5426 ctx->cipherType = AES_256_CFB1_TYPE;
5427 ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE;
5428 ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE;
5429 ctx->keyLen = 32;
5430 ctx->block_size = 1;
5431 if (enc == 0 || enc == 1)
5432 ctx->enc = enc ? 1 : 0;
5433 if (key) {
5434 ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv,
5435 AES_ENCRYPTION, 0);
5436 if (ret != 0){
5437 WOLFSSL_MSG("AesSetKey() failed");
5438 return WOLFSSL_FAILURE;
5439 }
5440 }
5441 if (iv && key == NULL) {
5442 ret = wc_AesSetIV(&ctx->cipher.aes, iv);
5443 if (ret != 0){
5444 WOLFSSL_MSG("wc_AesSetIV() failed");
5445 return WOLFSSL_FAILURE;
5446 }
5447 }
5448 }
5449 #endif /* WOLFSSL_AES_256 */
5450 #ifdef WOLFSSL_AES_128
5451 if (ctx->cipherType == AES_128_CFB8_TYPE ||
5452 (type && XSTRNCMP(type, EVP_AES_128_CFB8, EVP_AESCFB_SIZE) == 0)) {
5453 WOLFSSL_MSG("EVP_AES_128_CFB8");
5454 ctx->cipherType = AES_128_CFB8_TYPE;
5455 ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE;
5456 ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE;
5457 ctx->keyLen = 16;
5458 ctx->block_size = 1;
5459 if (enc == 0 || enc == 1)
5460 ctx->enc = enc ? 1 : 0;
5461 if (key) {
5462 ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv,
5463 AES_ENCRYPTION, 0);
5464 if (ret != 0)
5465 return WOLFSSL_FAILURE;
5466 }
5467 if (iv && key == NULL) {
5468 ret = wc_AesSetIV(&ctx->cipher.aes, iv);
5469 if (ret != 0)
5470 return WOLFSSL_FAILURE;
5471 }
5472 }
5473 #endif /* WOLFSSL_AES_128 */
5474 #ifdef WOLFSSL_AES_192
5475 if (ctx->cipherType == AES_192_CFB8_TYPE ||
5476 (type && XSTRNCMP(type, EVP_AES_192_CFB8, EVP_AESCFB_SIZE) == 0)) {
5477 WOLFSSL_MSG("EVP_AES_192_CFB8");
5478 ctx->cipherType = AES_192_CFB8_TYPE;
5479 ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE;
5480 ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE;
5481 ctx->keyLen = 24;
5482 ctx->block_size = 1;
5483 if (enc == 0 || enc == 1)
5484 ctx->enc = enc ? 1 : 0;
5485 if (key) {
5486 ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv,
5487 AES_ENCRYPTION, 0);
5488 if (ret != 0)
5489 return WOLFSSL_FAILURE;
5490 }
5491 if (iv && key == NULL) {
5492 ret = wc_AesSetIV(&ctx->cipher.aes, iv);
5493 if (ret != 0)
5494 return WOLFSSL_FAILURE;
5495 }
5496 }
5497 #endif /* WOLFSSL_AES_192 */
5498 #ifdef WOLFSSL_AES_256
5499 if (ctx->cipherType == AES_256_CFB8_TYPE ||
5500 (type && XSTRNCMP(type, EVP_AES_256_CFB8, EVP_AESCFB_SIZE) == 0)) {
5501 WOLFSSL_MSG("EVP_AES_256_CFB8");
5502 ctx->cipherType = AES_256_CFB8_TYPE;
5503 ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE;
5504 ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE;
5505 ctx->keyLen = 32;
5506 ctx->block_size = 1;
5507 if (enc == 0 || enc == 1)
5508 ctx->enc = enc ? 1 : 0;
5509 if (key) {
5510 ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv,
5511 AES_ENCRYPTION, 0);
5512 if (ret != 0){
5513 WOLFSSL_MSG("AesSetKey() failed");
5514 return WOLFSSL_FAILURE;
5515 }
5516 }
5517 if (iv && key == NULL) {
5518 ret = wc_AesSetIV(&ctx->cipher.aes, iv);
5519 if (ret != 0){
5520 WOLFSSL_MSG("wc_AesSetIV() failed");
5521 return WOLFSSL_FAILURE;
5522 }
5523 }
5524 }
5525 #endif /* WOLFSSL_AES_256 */
5526 #ifdef WOLFSSL_AES_128
5527 if (ctx->cipherType == AES_128_CFB128_TYPE ||
5528 (type && XSTRNCMP(type, EVP_AES_128_CFB128, EVP_AESCFB_SIZE) == 0)) {
5529 WOLFSSL_MSG("EVP_AES_128_CFB128");
5530 ctx->cipherType = AES_128_CFB128_TYPE;
5531 ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE;
5532 ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE;
5533 ctx->keyLen = 16;
5534 ctx->block_size = 1;
5535 if (enc == 0 || enc == 1)
5536 ctx->enc = enc ? 1 : 0;
5537 if (key) {
5538 ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv,
5539 AES_ENCRYPTION, 0);
5540 if (ret != 0)
5541 return WOLFSSL_FAILURE;
5542 }
5543 if (iv && key == NULL) {
5544 ret = wc_AesSetIV(&ctx->cipher.aes, iv);
5545 if (ret != 0)
5546 return WOLFSSL_FAILURE;
5547 }
5548 }
5549 #endif /* WOLFSSL_AES_128 */
5550 #ifdef WOLFSSL_AES_192
5551 if (ctx->cipherType == AES_192_CFB128_TYPE ||
5552 (type && XSTRNCMP(type, EVP_AES_192_CFB128, EVP_AESCFB_SIZE) == 0)) {
5553 WOLFSSL_MSG("EVP_AES_192_CFB128");
5554 ctx->cipherType = AES_192_CFB128_TYPE;
5555 ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE;
5556 ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE;
5557 ctx->keyLen = 24;
5558 ctx->block_size = 1;
5559 if (enc == 0 || enc == 1)
5560 ctx->enc = enc ? 1 : 0;
5561 if (key) {
5562 ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv,
5563 AES_ENCRYPTION, 0);
5564 if (ret != 0)
5565 return WOLFSSL_FAILURE;
5566 }
5567 if (iv && key == NULL) {
5568 ret = wc_AesSetIV(&ctx->cipher.aes, iv);
5569 if (ret != 0)
5570 return WOLFSSL_FAILURE;
5571 }
5572 }
5573 #endif /* WOLFSSL_AES_192 */
5574 #ifdef WOLFSSL_AES_256
5575 if (ctx->cipherType == AES_256_CFB128_TYPE ||
5576 (type && XSTRNCMP(type, EVP_AES_256_CFB128, EVP_AESCFB_SIZE) == 0)) {
5577 WOLFSSL_MSG("EVP_AES_256_CFB128");
5578 ctx->cipherType = AES_256_CFB128_TYPE;
5579 ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE;
5580 ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE;
5581 ctx->keyLen = 32;
5582 ctx->block_size = 1;
5583 if (enc == 0 || enc == 1)
5584 ctx->enc = enc ? 1 : 0;
5585 if (key) {
5586 ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv,
5587 AES_ENCRYPTION, 0);
5588 if (ret != 0){
5589 WOLFSSL_MSG("AesSetKey() failed");
5590 return WOLFSSL_FAILURE;
5591 }
5592 }
5593 if (iv && key == NULL) {
5594 ret = wc_AesSetIV(&ctx->cipher.aes, iv);
5595 if (ret != 0){
5596 WOLFSSL_MSG("wc_AesSetIV() failed");
5597 return WOLFSSL_FAILURE;
5598 }
5599 }
5600 }
5601 #endif /* WOLFSSL_AES_256 */
5602 #endif /* WOLFSSL_AES_CFB */
5603 #ifdef WOLFSSL_AES_OFB
5604 #ifdef WOLFSSL_AES_128
5605 if (ctx->cipherType == AES_128_OFB_TYPE ||
5606 (type && XSTRNCMP(type, EVP_AES_128_OFB, EVP_AES_SIZE) == 0)) {
5607 WOLFSSL_MSG("EVP_AES_128_OFB");
5608 ctx->cipherType = AES_128_OFB_TYPE;
5609 ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE;
5610 ctx->flags |= WOLFSSL_EVP_CIPH_OFB_MODE;
5611 ctx->keyLen = 16;
5612 ctx->block_size = 1;
5613 if (enc == 0 || enc == 1)
5614 ctx->enc = enc ? 1 : 0;
5615 if (key) {
5616 ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv,
5617 AES_ENCRYPTION, 0);
5618 if (ret != 0)
5619 return WOLFSSL_FAILURE;
5620 }
5621 if (iv && key == NULL) {
5622 ret = wc_AesSetIV(&ctx->cipher.aes, iv);
5623 if (ret != 0)
5624 return WOLFSSL_FAILURE;
5625 }
5626 }
5627 #endif /* WOLFSSL_AES_128 */
5628 #ifdef WOLFSSL_AES_192
5629 if (ctx->cipherType == AES_192_OFB_TYPE ||
5630 (type && XSTRNCMP(type, EVP_AES_192_OFB, EVP_AES_SIZE) == 0)) {
5631 WOLFSSL_MSG("EVP_AES_192_OFB");
5632 ctx->cipherType = AES_192_OFB_TYPE;
5633 ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE;
5634 ctx->flags |= WOLFSSL_EVP_CIPH_OFB_MODE;
5635 ctx->keyLen = 24;
5636 ctx->block_size = 1;
5637 if (enc == 0 || enc == 1)
5638 ctx->enc = enc ? 1 : 0;
5639 if (key) {
5640 ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv,
5641 AES_ENCRYPTION, 0);
5642 if (ret != 0)
5643 return WOLFSSL_FAILURE;
5644 }
5645 if (iv && key == NULL) {
5646 ret = wc_AesSetIV(&ctx->cipher.aes, iv);
5647 if (ret != 0)
5648 return WOLFSSL_FAILURE;
5649 }
5650 }
5651 #endif /* WOLFSSL_AES_192 */
5652 #ifdef WOLFSSL_AES_256
5653 if (ctx->cipherType == AES_256_OFB_TYPE ||
5654 (type && XSTRNCMP(type, EVP_AES_256_OFB, EVP_AES_SIZE) == 0)) {
5655 WOLFSSL_MSG("EVP_AES_256_OFB");
5656 ctx->cipherType = AES_256_OFB_TYPE;
5657 ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE;
5658 ctx->flags |= WOLFSSL_EVP_CIPH_OFB_MODE;
5659 ctx->keyLen = 32;
5660 ctx->block_size = 1;
5661 if (enc == 0 || enc == 1)
5662 ctx->enc = enc ? 1 : 0;
5663 if (key) {
5664 ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv,
5665 AES_ENCRYPTION, 0);
5666 if (ret != 0){
5667 WOLFSSL_MSG("AesSetKey() failed");
5668 return WOLFSSL_FAILURE;
5669 }
5670 }
5671 if (iv && key == NULL) {
5672 ret = wc_AesSetIV(&ctx->cipher.aes, iv);
5673 if (ret != 0){
5674 WOLFSSL_MSG("wc_AesSetIV() failed");
5675 return WOLFSSL_FAILURE;
5676 }
5677 }
5678 }
5679 #endif /* WOLFSSL_AES_256 */
5680 #endif /* HAVE_AES_OFB */
5681 #ifdef WOLFSSL_AES_XTS
5682 #ifdef WOLFSSL_AES_128
5683 if (ctx->cipherType == AES_128_XTS_TYPE ||
5684 (type && XSTRNCMP(type, EVP_AES_128_XTS, EVP_AES_SIZE) == 0)) {
5685 WOLFSSL_MSG("EVP_AES_128_XTS");
5686 ctx->cipherType = AES_128_XTS_TYPE;
5687 ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE;
5688 ctx->flags |= WOLFSSL_EVP_CIPH_XTS_MODE;
5689 ctx->keyLen = 32;
5690 ctx->block_size = 1;
5691 ctx->ivSz = AES_BLOCK_SIZE;
5692
5693 if (iv != NULL) {
5694 if (iv != ctx->iv) /* Valgrind error when src == dst */
5695 XMEMCPY(ctx->iv, iv, ctx->ivSz);
5696 }
5697 else
5698 XMEMSET(ctx->iv, 0, AES_BLOCK_SIZE);
5699
5700 if (enc == 0 || enc == 1)
5701 ctx->enc = enc ? 1 : 0;
5702 if (key) {
5703 ret = wc_AesXtsSetKey(&ctx->cipher.xts, key, ctx->keyLen,
5704 ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION, NULL, 0);
5705 if (ret != 0) {
5706 WOLFSSL_MSG("wc_AesXtsSetKey() failed");
5707 return WOLFSSL_FAILURE;
5708 }
5709 }
5710 }
5711 #endif /* WOLFSSL_AES_128 */
5712 #ifdef WOLFSSL_AES_256
5713 if (ctx->cipherType == AES_256_XTS_TYPE ||
5714 (type && XSTRNCMP(type, EVP_AES_256_XTS, EVP_AES_SIZE) == 0)) {
5715 WOLFSSL_MSG("EVP_AES_256_XTS");
5716 ctx->cipherType = AES_256_XTS_TYPE;
5717 ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE;
5718 ctx->flags |= WOLFSSL_EVP_CIPH_XTS_MODE;
5719 ctx->keyLen = 64;
5720 ctx->block_size = 1;
5721 ctx->ivSz = AES_BLOCK_SIZE;
5722
5723 if (iv != NULL) {
5724 if (iv != ctx->iv) /* Valgrind error when src == dst */
5725 XMEMCPY(ctx->iv, iv, ctx->ivSz);
5726 }
5727 else
5728 XMEMSET(ctx->iv, 0, AES_BLOCK_SIZE);
5729
5730 if (enc == 0 || enc == 1)
5731 ctx->enc = enc ? 1 : 0;
5732 if (key) {
5733 ret = wc_AesXtsSetKey(&ctx->cipher.xts, key, ctx->keyLen,
5734 ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION, NULL, 0);
5735 if (ret != 0) {
5736 WOLFSSL_MSG("wc_AesXtsSetKey() failed");
5737 return WOLFSSL_FAILURE;
5738 }
5739 }
5740 }
5741 #endif /* WOLFSSL_AES_256 */
5742 #endif /* HAVE_AES_XTS */
5743 #endif /* NO_AES */
5744
5745 #ifndef NO_DES3
5746 if (ctx->cipherType == DES_CBC_TYPE ||
5747 (type && XSTRNCMP(type, EVP_DES_CBC, EVP_DES_SIZE) == 0)) {
5748 WOLFSSL_MSG("EVP_DES_CBC");
5749 ctx->cipherType = DES_CBC_TYPE;
5750 ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE;
5751 ctx->flags |= WOLFSSL_EVP_CIPH_CBC_MODE;
5752 ctx->keyLen = 8;
5753 ctx->block_size = DES_BLOCK_SIZE;
5754 ctx->ivSz = DES_BLOCK_SIZE;
5755 if (enc == 0 || enc == 1)
5756 ctx->enc = enc ? 1 : 0;
5757 if (key) {
5758 ret = wc_Des_SetKey(&ctx->cipher.des, key, iv,
5759 ctx->enc ? DES_ENCRYPTION : DES_DECRYPTION);
5760 if (ret != 0)
5761 return WOLFSSL_FAILURE;
5762 }
5763
5764 if (iv && key == NULL)
5765 wc_Des_SetIV(&ctx->cipher.des, iv);
5766 }
5767 #ifdef WOLFSSL_DES_ECB
5768 else if (ctx->cipherType == DES_ECB_TYPE ||
5769 (type && XSTRNCMP(type, EVP_DES_ECB, EVP_DES_SIZE) == 0)) {
5770 WOLFSSL_MSG("EVP_DES_ECB");
5771 ctx->cipherType = DES_ECB_TYPE;
5772 ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE;
5773 ctx->flags |= WOLFSSL_EVP_CIPH_ECB_MODE;
5774 ctx->keyLen = 8;
5775 ctx->block_size = DES_BLOCK_SIZE;
5776 if (enc == 0 || enc == 1)
5777 ctx->enc = enc ? 1 : 0;
5778 if (key) {
5779 WOLFSSL_MSG("Des_SetKey");
5780 ret = wc_Des_SetKey(&ctx->cipher.des, key, NULL,
5781 ctx->enc ? DES_ENCRYPTION : DES_DECRYPTION);
5782 if (ret != 0)
5783 return WOLFSSL_FAILURE;
5784 }
5785 }
5786 #endif
5787 else if (ctx->cipherType == DES_EDE3_CBC_TYPE ||
5788 (type &&
5789 XSTRNCMP(type, EVP_DES_EDE3_CBC, EVP_DES_EDE3_SIZE) == 0)) {
5790 WOLFSSL_MSG("EVP_DES_EDE3_CBC");
5791 ctx->cipherType = DES_EDE3_CBC_TYPE;
5792 ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE;
5793 ctx->flags |= WOLFSSL_EVP_CIPH_CBC_MODE;
5794 ctx->keyLen = 24;
5795 ctx->block_size = DES_BLOCK_SIZE;
5796 ctx->ivSz = DES_BLOCK_SIZE;
5797 if (enc == 0 || enc == 1)
5798 ctx->enc = enc ? 1 : 0;
5799 if (key) {
5800 ret = wc_Des3_SetKey(&ctx->cipher.des3, key, iv,
5801 ctx->enc ? DES_ENCRYPTION : DES_DECRYPTION);
5802 if (ret != 0)
5803 return WOLFSSL_FAILURE;
5804 }
5805
5806 if (iv && key == NULL) {
5807 ret = wc_Des3_SetIV(&ctx->cipher.des3, iv);
5808 if (ret != 0)
5809 return WOLFSSL_FAILURE;
5810 }
5811 }
5812 else if (ctx->cipherType == DES_EDE3_ECB_TYPE ||
5813 (type &&
5814 XSTRNCMP(type, EVP_DES_EDE3_ECB, EVP_DES_EDE3_SIZE) == 0)) {
5815 WOLFSSL_MSG("EVP_DES_EDE3_ECB");
5816 ctx->cipherType = DES_EDE3_ECB_TYPE;
5817 ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE;
5818 ctx->flags |= WOLFSSL_EVP_CIPH_ECB_MODE;
5819 ctx->keyLen = 24;
5820 ctx->block_size = DES_BLOCK_SIZE;
5821 if (enc == 0 || enc == 1)
5822 ctx->enc = enc ? 1 : 0;
5823 if (key) {
5824 ret = wc_Des3_SetKey(&ctx->cipher.des3, key, NULL,
5825 ctx->enc ? DES_ENCRYPTION : DES_DECRYPTION);
5826 if (ret != 0)
5827 return WOLFSSL_FAILURE;
5828 }
5829 }
5830 #endif /* NO_DES3 */
5831 #ifndef NO_RC4
5832 if (ctx->cipherType == ARC4_TYPE ||
5833 (type && XSTRNCMP(type, EVP_ARC4, 4) == 0)) {
5834 WOLFSSL_MSG("ARC4");
5835 ctx->cipherType = ARC4_TYPE;
5836 ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE;
5837 ctx->flags |= WOLFSSL_EVP_CIPH_STREAM_CIPHER;
5838 ctx->block_size = 1;
5839 if (ctx->keyLen == 0) /* user may have already set */
5840 ctx->keyLen = 16; /* default to 128 */
5841 if (key)
5842 wc_Arc4SetKey(&ctx->cipher.arc4, key, ctx->keyLen);
5843 }
5844 #endif /* NO_RC4 */
5845 #ifdef HAVE_IDEA
5846 if (ctx->cipherType == IDEA_CBC_TYPE ||
5847 (type && XSTRNCMP(type, EVP_IDEA_CBC, EVP_IDEA_SIZE) == 0)) {
5848 WOLFSSL_MSG("EVP_IDEA_CBC");
5849 ctx->cipherType = IDEA_CBC_TYPE;
5850 ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE;
5851 ctx->flags |= WOLFSSL_EVP_CIPH_CBC_MODE;
5852 ctx->keyLen = IDEA_KEY_SIZE;
5853 ctx->block_size = 8;
5854 ctx->ivSz = IDEA_BLOCK_SIZE;
5855 if (enc == 0 || enc == 1)
5856 ctx->enc = enc ? 1 : 0;
5857 if (key) {
5858 ret = wc_IdeaSetKey(&ctx->cipher.idea, key, (word16)ctx->keyLen,
5859 iv, ctx->enc ? IDEA_ENCRYPTION :
5860 IDEA_DECRYPTION);
5861 if (ret != 0)
5862 return WOLFSSL_FAILURE;
5863 }
5864
5865 if (iv && key == NULL)
5866 wc_IdeaSetIV(&ctx->cipher.idea, iv);
5867 }
5868 #endif /* HAVE_IDEA */
5869 if (ctx->cipherType == NULL_CIPHER_TYPE ||
5870 (type && XSTRNCMP(type, EVP_NULL, 4) == 0)) {
5871 WOLFSSL_MSG("NULL cipher");
5872 ctx->cipherType = NULL_CIPHER_TYPE;
5873 ctx->keyLen = 0;
5874 ctx->block_size = 16;
5875 }
5876 #ifdef HAVE_WOLFSSL_EVP_CIPHER_CTX_IV
5877 if (iv && iv != ctx->iv) {
5878 if (wolfSSL_StoreExternalIV(ctx) != WOLFSSL_SUCCESS) {
5879 return WOLFSSL_FAILURE;
5880 }
5881 }
5882 #endif
5883 (void)ret; /* remove warning. If execution reaches this point, ret=0 */
5884 return WOLFSSL_SUCCESS;
5885 }
5886
5887 /* WOLFSSL_SUCCESS on ok */
wolfSSL_EVP_CIPHER_CTX_key_length(WOLFSSL_EVP_CIPHER_CTX * ctx)5888 int wolfSSL_EVP_CIPHER_CTX_key_length(WOLFSSL_EVP_CIPHER_CTX* ctx)
5889 {
5890 WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_key_length");
5891 if (ctx)
5892 return ctx->keyLen;
5893 else
5894 return WOLFSSL_FAILURE;
5895 }
5896
5897 /* WOLFSSL_SUCCESS on ok */
wolfSSL_EVP_CIPHER_CTX_set_key_length(WOLFSSL_EVP_CIPHER_CTX * ctx,int keylen)5898 int wolfSSL_EVP_CIPHER_CTX_set_key_length(WOLFSSL_EVP_CIPHER_CTX* ctx,
5899 int keylen)
5900 {
5901 WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_set_key_length");
5902 if (ctx)
5903 ctx->keyLen = keylen;
5904 else
5905 return WOLFSSL_FAILURE;
5906
5907 return WOLFSSL_SUCCESS;
5908 }
5909
5910 #ifdef HAVE_WOLFSSL_EVP_CIPHER_CTX_IV
5911 /* returns WOLFSSL_SUCCESS on success, otherwise returns WOLFSSL_FAILURE */
wolfSSL_EVP_CIPHER_CTX_set_iv_length(WOLFSSL_EVP_CIPHER_CTX * ctx,int ivLen)5912 int wolfSSL_EVP_CIPHER_CTX_set_iv_length(WOLFSSL_EVP_CIPHER_CTX* ctx,
5913 int ivLen)
5914 {
5915 WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_set_iv_length");
5916 if (ctx)
5917 ctx->ivSz= ivLen;
5918 else
5919 return WOLFSSL_FAILURE;
5920
5921 return WOLFSSL_SUCCESS;
5922 }
5923 #endif
5924
5925 #if defined(HAVE_AESGCM)
5926 /* returns WOLFSSL_SUCCESS on success, otherwise returns WOLFSSL_FAILURE */
wolfSSL_EVP_CIPHER_CTX_set_iv(WOLFSSL_EVP_CIPHER_CTX * ctx,byte * iv,int ivLen)5927 int wolfSSL_EVP_CIPHER_CTX_set_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* iv,
5928 int ivLen)
5929 {
5930 int expectedIvLen;
5931
5932 WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_set_iv_length");
5933 if (!ctx || !iv || !ivLen) {
5934 return WOLFSSL_FAILURE;
5935 }
5936
5937 expectedIvLen = wolfSSL_EVP_CIPHER_CTX_iv_length(ctx);
5938
5939 if (expectedIvLen == 0 || expectedIvLen != ivLen) {
5940 WOLFSSL_MSG("Wrong ivLen value");
5941 return WOLFSSL_FAILURE;
5942 }
5943
5944 return wolfSSL_EVP_CipherInit(ctx, NULL, NULL, iv, -1);
5945 }
5946 #endif
5947
5948 #if !defined(NO_AES) || !defined(NO_DES3) || defined(HAVE_IDEA)
5949 /* returns WOLFSSL_SUCCESS on success, otherwise returns WOLFSSL_FAILURE */
wolfSSL_EVP_CIPHER_CTX_get_iv(WOLFSSL_EVP_CIPHER_CTX * ctx,byte * iv,int ivLen)5950 int wolfSSL_EVP_CIPHER_CTX_get_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* iv,
5951 int ivLen)
5952 {
5953 int expectedIvLen;
5954
5955 WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_get_iv");
5956
5957 if (ctx == NULL || iv == NULL || ivLen == 0) {
5958 WOLFSSL_MSG("Bad parameter");
5959 return WOLFSSL_FAILURE;
5960 }
5961
5962 expectedIvLen = wolfSSL_EVP_CIPHER_CTX_iv_length(ctx);
5963 if (expectedIvLen == 0 || expectedIvLen != ivLen) {
5964 WOLFSSL_MSG("Wrong ivLen value");
5965 return WOLFSSL_FAILURE;
5966 }
5967
5968 XMEMCPY(iv, ctx->iv, ivLen);
5969
5970 return WOLFSSL_SUCCESS;
5971 }
5972 #endif /* !NO_AES || !NO_DES3 || HAVE_IDEA */
5973
5974 /* Return length on ok */
wolfSSL_EVP_Cipher(WOLFSSL_EVP_CIPHER_CTX * ctx,byte * dst,byte * src,word32 len)5975 int wolfSSL_EVP_Cipher(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* dst, byte* src,
5976 word32 len)
5977 {
5978 int ret = 0;
5979 WOLFSSL_ENTER("wolfSSL_EVP_Cipher");
5980
5981 if (ctx == NULL) {
5982 WOLFSSL_MSG("Bad function argument");
5983 return WOLFSSL_FATAL_ERROR;
5984 }
5985
5986 if (src == NULL || dst == NULL) {
5987 if (src != NULL && dst == NULL &&
5988 (ctx->cipherType == AES_128_GCM_TYPE ||
5989 ctx->cipherType == AES_192_GCM_TYPE ||
5990 ctx->cipherType == AES_256_GCM_TYPE)) {
5991 WOLFSSL_MSG("Setting GCM AAD.");
5992 }
5993 else {
5994 WOLFSSL_MSG("Bad function argument");
5995 return WOLFSSL_FATAL_ERROR;
5996 }
5997 }
5998
5999 if (ctx->cipherType == 0xff) {
6000 WOLFSSL_MSG("no init");
6001 return WOLFSSL_FATAL_ERROR;
6002 }
6003
6004 switch (ctx->cipherType) {
6005
6006 #ifndef NO_AES
6007 #ifdef HAVE_AES_CBC
6008 case AES_128_CBC_TYPE :
6009 case AES_192_CBC_TYPE :
6010 case AES_256_CBC_TYPE :
6011 WOLFSSL_MSG("AES CBC");
6012 if (ctx->enc)
6013 ret = wc_AesCbcEncrypt(&ctx->cipher.aes, dst, src, len);
6014 else
6015 ret = wc_AesCbcDecrypt(&ctx->cipher.aes, dst, src, len);
6016 if (ret == 0)
6017 ret = (len / AES_BLOCK_SIZE) * AES_BLOCK_SIZE;
6018 break;
6019 #endif /* HAVE_AES_CBC */
6020
6021 #ifdef WOLFSSL_AES_CFB
6022 #if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
6023 case AES_128_CFB1_TYPE:
6024 case AES_192_CFB1_TYPE:
6025 case AES_256_CFB1_TYPE:
6026 WOLFSSL_MSG("AES CFB1");
6027 if (ctx->enc)
6028 ret = wc_AesCfb1Encrypt(&ctx->cipher.aes, dst, src, len);
6029 else
6030 ret = wc_AesCfb1Decrypt(&ctx->cipher.aes, dst, src, len);
6031 if (ret == 0)
6032 ret = len;
6033 break;
6034 case AES_128_CFB8_TYPE:
6035 case AES_192_CFB8_TYPE:
6036 case AES_256_CFB8_TYPE:
6037 WOLFSSL_MSG("AES CFB8");
6038 if (ctx->enc)
6039 ret = wc_AesCfb8Encrypt(&ctx->cipher.aes, dst, src, len);
6040 else
6041 ret = wc_AesCfb8Decrypt(&ctx->cipher.aes, dst, src, len);
6042 if (ret == 0)
6043 ret = len;
6044 break;
6045 #endif /* !HAVE_SELFTEST && !HAVE_FIPS */
6046 case AES_128_CFB128_TYPE:
6047 case AES_192_CFB128_TYPE:
6048 case AES_256_CFB128_TYPE:
6049 WOLFSSL_MSG("AES CFB128");
6050 if (ctx->enc)
6051 ret = wc_AesCfbEncrypt(&ctx->cipher.aes, dst, src, len);
6052 else
6053 ret = wc_AesCfbDecrypt(&ctx->cipher.aes, dst, src, len);
6054 if (ret == 0)
6055 ret = len;
6056 break;
6057 #endif /* WOLFSSL_AES_CFB */
6058 #if defined(WOLFSSL_AES_OFB)
6059 case AES_128_OFB_TYPE:
6060 case AES_192_OFB_TYPE:
6061 case AES_256_OFB_TYPE:
6062 WOLFSSL_MSG("AES OFB");
6063 if (ctx->enc)
6064 ret = wc_AesOfbEncrypt(&ctx->cipher.aes, dst, src, len);
6065 else
6066 ret = wc_AesOfbDecrypt(&ctx->cipher.aes, dst, src, len);
6067 if (ret == 0)
6068 ret = len;
6069 break;
6070 #endif /* WOLFSSL_AES_OFB */
6071 #if defined(WOLFSSL_AES_XTS)
6072 case AES_128_XTS_TYPE:
6073 case AES_256_XTS_TYPE:
6074 WOLFSSL_MSG("AES XTS");
6075 if (ctx->enc)
6076 ret = wc_AesXtsEncrypt(&ctx->cipher.xts, dst, src, len,
6077 ctx->iv, ctx->ivSz);
6078 else
6079 ret = wc_AesXtsDecrypt(&ctx->cipher.xts, dst, src, len,
6080 ctx->iv, ctx->ivSz);
6081 if (ret == 0)
6082 ret = len;
6083 break;
6084 #endif /* WOLFSSL_AES_XTS */
6085
6086 #ifdef HAVE_AESGCM
6087 case AES_128_GCM_TYPE :
6088 case AES_192_GCM_TYPE :
6089 case AES_256_GCM_TYPE :
6090 WOLFSSL_MSG("AES GCM");
6091 #ifndef WOLFSSL_AESGCM_STREAM
6092 /* No destination means only AAD. */
6093 if (!dst) {
6094 ret = wolfSSL_EVP_CipherUpdate_GCM_AAD(ctx, src, len);
6095 }
6096 else {
6097 if (ctx->enc)
6098 ret = wc_AesGcmEncrypt(&ctx->cipher.aes, dst, src,
6099 len, ctx->iv, ctx->ivSz, ctx->authTag,
6100 ctx->authTagSz, ctx->gcmAuthIn, ctx->gcmAuthInSz);
6101 else
6102 ret = wc_AesGcmDecrypt(&ctx->cipher.aes, dst, src,
6103 len, ctx->iv, ctx->ivSz, ctx->authTag,
6104 ctx->authTagSz, ctx->gcmAuthIn, ctx->gcmAuthInSz);
6105 }
6106 #else
6107 /* Do one shot operation with streaming API as other
6108 * initialization set up for streaming. */
6109 ret = wc_AesGcmInit(&ctx->cipher.aes, NULL, 0, ctx->iv,
6110 ctx->ivSz);
6111 /* No destination means only AAD. */
6112 if ((ret == 0) && (dst == NULL)) {
6113 if (ctx->enc) {
6114 ret = wc_AesGcmEncryptUpdate(&ctx->cipher.aes, NULL,
6115 NULL, 0, src, len);
6116 }
6117 else {
6118 ret = wc_AesGcmDecryptUpdate(&ctx->cipher.aes, NULL,
6119 NULL, 0, src, len);
6120 }
6121 }
6122 /* Only plaintext/cipher text. */
6123 else if (ret == 0) {
6124 if (ctx->enc) {
6125 ret = wc_AesGcmEncryptUpdate(&ctx->cipher.aes, dst, src,
6126 len, NULL, 0);
6127 }
6128 else {
6129 ret = wc_AesGcmDecryptUpdate(&ctx->cipher.aes, dst, src,
6130 len, NULL, 0);
6131 if (ret == 0) {
6132 ret = wc_AesGcmDecryptFinal(&ctx->cipher.aes,
6133 ctx->authTag, ctx->authTagSz);
6134 }
6135 }
6136 }
6137 if (ret == 0) {
6138 if (ctx->enc) {
6139 /* Calculate authentication tag. */
6140 ret = wc_AesGcmEncryptFinal(&ctx->cipher.aes,
6141 ctx->authTag, ctx->authTagSz);
6142 }
6143 else {
6144 /* Calculate authentication tag and compare. */
6145 ret = wc_AesGcmDecryptFinal(&ctx->cipher.aes,
6146 ctx->authTag, ctx->authTagSz);
6147 }
6148 }
6149 #endif /* WOLFSSL_AESGCM_STREAM */
6150 if (ret == 0)
6151 ret = len;
6152 break;
6153 #endif /* HAVE_AESGCM */
6154 #ifdef HAVE_AES_ECB
6155 case AES_128_ECB_TYPE :
6156 case AES_192_ECB_TYPE :
6157 case AES_256_ECB_TYPE :
6158 WOLFSSL_MSG("AES ECB");
6159 if (ctx->enc)
6160 ret = wc_AesEcbEncrypt(&ctx->cipher.aes, dst, src, len);
6161 else
6162 ret = wc_AesEcbDecrypt(&ctx->cipher.aes, dst, src, len);
6163 if (ret == 0)
6164 ret = (len / AES_BLOCK_SIZE) * AES_BLOCK_SIZE;
6165 break;
6166 #endif
6167 #ifdef WOLFSSL_AES_COUNTER
6168 case AES_128_CTR_TYPE :
6169 case AES_192_CTR_TYPE :
6170 case AES_256_CTR_TYPE :
6171 WOLFSSL_MSG("AES CTR");
6172 ret = wc_AesCtrEncrypt(&ctx->cipher.aes, dst, src, len);
6173 if (ret == 0)
6174 ret = len;
6175 break;
6176 #endif /* WOLFSSL_AES_COUNTER */
6177 #endif /* NO_AES */
6178
6179 #ifndef NO_DES3
6180 case DES_CBC_TYPE :
6181 WOLFSSL_MSG("DES CBC");
6182 if (ctx->enc)
6183 wc_Des_CbcEncrypt(&ctx->cipher.des, dst, src, len);
6184 else
6185 wc_Des_CbcDecrypt(&ctx->cipher.des, dst, src, len);
6186 if (ret == 0)
6187 ret = (len / DES_BLOCK_SIZE) * DES_BLOCK_SIZE;
6188 break;
6189 case DES_EDE3_CBC_TYPE :
6190 WOLFSSL_MSG("DES3 CBC");
6191 if (ctx->enc)
6192 ret = wc_Des3_CbcEncrypt(&ctx->cipher.des3, dst, src, len);
6193 else
6194 ret = wc_Des3_CbcDecrypt(&ctx->cipher.des3, dst, src, len);
6195 if (ret == 0)
6196 ret = (len / DES_BLOCK_SIZE) * DES_BLOCK_SIZE;
6197 break;
6198 #ifdef WOLFSSL_DES_ECB
6199 case DES_ECB_TYPE :
6200 WOLFSSL_MSG("DES ECB");
6201 ret = wc_Des_EcbEncrypt(&ctx->cipher.des, dst, src, len);
6202 if (ret == 0)
6203 ret = (len / DES_BLOCK_SIZE) * DES_BLOCK_SIZE;
6204 break;
6205 case DES_EDE3_ECB_TYPE :
6206 WOLFSSL_MSG("DES3 ECB");
6207 ret = wc_Des3_EcbEncrypt(&ctx->cipher.des3, dst, src, len);
6208 if (ret == 0)
6209 ret = (len / DES_BLOCK_SIZE) * DES_BLOCK_SIZE;
6210 break;
6211 #endif
6212 #endif /* !NO_DES3 */
6213
6214 #ifndef NO_RC4
6215 case ARC4_TYPE :
6216 WOLFSSL_MSG("ARC4");
6217 wc_Arc4Process(&ctx->cipher.arc4, dst, src, len);
6218 if (ret == 0)
6219 ret = len;
6220 break;
6221 #endif
6222
6223 #ifdef HAVE_IDEA
6224 case IDEA_CBC_TYPE :
6225 WOLFSSL_MSG("IDEA CBC");
6226 if (ctx->enc)
6227 wc_IdeaCbcEncrypt(&ctx->cipher.idea, dst, src, len);
6228 else
6229 wc_IdeaCbcDecrypt(&ctx->cipher.idea, dst, src, len);
6230 if (ret == 0)
6231 ret = (len / IDEA_BLOCK_SIZE) * IDEA_BLOCK_SIZE;
6232 break;
6233 #endif
6234 case NULL_CIPHER_TYPE :
6235 WOLFSSL_MSG("NULL CIPHER");
6236 XMEMCPY(dst, src, len);
6237 ret = len;
6238 break;
6239
6240 default: {
6241 WOLFSSL_MSG("bad type");
6242 return WOLFSSL_FATAL_ERROR;
6243 }
6244 }
6245
6246 if (ret < 0) {
6247 if (ret == AES_GCM_AUTH_E) {
6248 WOLFSSL_MSG("wolfSSL_EVP_Cipher failure: bad AES-GCM tag.");
6249 }
6250 WOLFSSL_MSG("wolfSSL_EVP_Cipher failure");
6251 return WOLFSSL_FATAL_ERROR;
6252 }
6253
6254 if (wolfSSL_StoreExternalIV(ctx) != WOLFSSL_SUCCESS) {
6255 return WOLFSSL_FATAL_ERROR;
6256 }
6257
6258 WOLFSSL_MSG("wolfSSL_EVP_Cipher success");
6259 return ret;
6260 }
6261
6262 /* WOLFSSL_SUCCESS on ok */
wolfSSL_EVP_DigestInit(WOLFSSL_EVP_MD_CTX * ctx,const WOLFSSL_EVP_MD * md)6263 int wolfSSL_EVP_DigestInit(WOLFSSL_EVP_MD_CTX* ctx,
6264 const WOLFSSL_EVP_MD* md)
6265 {
6266 int ret = WOLFSSL_SUCCESS;
6267
6268 WOLFSSL_ENTER("EVP_DigestInit");
6269
6270 if (ctx == NULL) {
6271 return BAD_FUNC_ARG;
6272 }
6273
6274
6275 #ifdef WOLFSSL_ASYNC_CRYPT
6276 /* compile-time validation of ASYNC_CTX_SIZE */
6277 typedef char async_test[WC_ASYNC_DEV_SIZE >= sizeof(WC_ASYNC_DEV) ?
6278 1 : -1];
6279 (void)sizeof(async_test);
6280 #endif
6281
6282 /* Set to 0 if no match */
6283 ctx->macType = wolfSSL_EVP_md2macType(md);
6284 if (md == NULL) {
6285 XMEMSET(&ctx->hash.digest, 0, sizeof(WOLFSSL_Hasher));
6286 }
6287 else if (XSTRNCMP(md, "SHA256", 6) == 0) {
6288 ret = wolfSSL_SHA256_Init(&(ctx->hash.digest.sha256));
6289 }
6290 #ifdef WOLFSSL_SHA224
6291 else if (XSTRNCMP(md, "SHA224", 6) == 0) {
6292 ret = wolfSSL_SHA224_Init(&(ctx->hash.digest.sha224));
6293 }
6294 #endif
6295 #ifdef WOLFSSL_SHA384
6296 else if (XSTRNCMP(md, "SHA384", 6) == 0) {
6297 ret = wolfSSL_SHA384_Init(&(ctx->hash.digest.sha384));
6298 }
6299 #endif
6300 #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
6301 defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
6302 else if (XSTRNCMP(md, "SHA512_224", 10) == 0) {
6303 ret = wolfSSL_SHA512_224_Init(&(ctx->hash.digest.sha512));
6304 }
6305 #endif
6306 #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
6307 defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
6308 else if (XSTRNCMP(md, "SHA512_256", 10) == 0) {
6309 ret = wolfSSL_SHA512_256_Init(&(ctx->hash.digest.sha512));
6310 }
6311 #endif
6312 #ifdef WOLFSSL_SHA512
6313 else if (XSTRNCMP(md, "SHA512", 6) == 0) {
6314 ret = wolfSSL_SHA512_Init(&(ctx->hash.digest.sha512));
6315 }
6316 #endif
6317 #ifndef NO_MD4
6318 else if (XSTRNCMP(md, "MD4", 3) == 0) {
6319 wolfSSL_MD4_Init(&(ctx->hash.digest.md4));
6320 }
6321 #endif
6322 #ifndef NO_MD5
6323 else if (XSTRNCMP(md, "MD5", 3) == 0) {
6324 ret = wolfSSL_MD5_Init(&(ctx->hash.digest.md5));
6325 }
6326 #endif
6327 #ifdef WOLFSSL_SHA3
6328 #ifndef WOLFSSL_NOSHA3_224
6329 else if (XSTRNCMP(md, "SHA3_224", 8) == 0) {
6330 ret = wolfSSL_SHA3_224_Init(&(ctx->hash.digest.sha3_224));
6331 }
6332 #endif
6333 #ifndef WOLFSSL_NOSHA3_256
6334 else if (XSTRNCMP(md, "SHA3_256", 8) == 0) {
6335 ret = wolfSSL_SHA3_256_Init(&(ctx->hash.digest.sha3_256));
6336 }
6337 #endif
6338 #ifndef WOLFSSL_NOSHA3_384
6339 else if (XSTRNCMP(md, "SHA3_384", 8) == 0) {
6340 ret = wolfSSL_SHA3_384_Init(&(ctx->hash.digest.sha3_384));
6341 }
6342 #endif
6343 #ifndef WOLFSSL_NOSHA3_512
6344 else if (XSTRNCMP(md, "SHA3_512", 8) == 0) {
6345 ret = wolfSSL_SHA3_512_Init(&(ctx->hash.digest.sha3_512));
6346 }
6347 #endif
6348 #endif
6349 #ifndef NO_SHA
6350 /* has to be last since would pick or 224, 256, 384, or 512 too */
6351 else if (XSTRNCMP(md, "SHA", 3) == 0) {
6352 ret = wolfSSL_SHA_Init(&(ctx->hash.digest.sha));
6353 }
6354 #endif /* NO_SHA */
6355 else {
6356 ctx->macType = WC_HASH_TYPE_NONE;
6357 return BAD_FUNC_ARG;
6358 }
6359
6360 return ret;
6361 }
6362
6363 /* WOLFSSL_SUCCESS on ok, WOLFSSL_FAILURE on failure */
wolfSSL_EVP_DigestUpdate(WOLFSSL_EVP_MD_CTX * ctx,const void * data,size_t sz)6364 int wolfSSL_EVP_DigestUpdate(WOLFSSL_EVP_MD_CTX* ctx, const void* data,
6365 size_t sz)
6366 {
6367 int ret = WOLFSSL_FAILURE;
6368 enum wc_HashType macType;
6369
6370 WOLFSSL_ENTER("EVP_DigestUpdate");
6371
6372 macType = wolfSSL_EVP_md2macType(EVP_MD_CTX_md(ctx));
6373 switch (macType) {
6374 case WC_HASH_TYPE_MD4:
6375 #ifndef NO_MD4
6376 wolfSSL_MD4_Update((MD4_CTX*)&ctx->hash, data,
6377 (unsigned long)sz);
6378 ret = WOLFSSL_SUCCESS;
6379 #endif
6380 break;
6381 case WC_HASH_TYPE_MD5:
6382 #ifndef NO_MD5
6383 ret = wolfSSL_MD5_Update((MD5_CTX*)&ctx->hash, data,
6384 (unsigned long)sz);
6385 #endif
6386 break;
6387 case WC_HASH_TYPE_SHA:
6388 #ifndef NO_SHA
6389 ret = wolfSSL_SHA_Update((SHA_CTX*)&ctx->hash, data,
6390 (unsigned long)sz);
6391 #endif
6392 break;
6393 case WC_HASH_TYPE_SHA224:
6394 #ifdef WOLFSSL_SHA224
6395 ret = wolfSSL_SHA224_Update((SHA224_CTX*)&ctx->hash, data,
6396 (unsigned long)sz);
6397 #endif
6398 break;
6399 case WC_HASH_TYPE_SHA256:
6400 #ifndef NO_SHA256
6401 ret = wolfSSL_SHA256_Update((SHA256_CTX*)&ctx->hash, data,
6402 (unsigned long)sz);
6403 #endif /* !NO_SHA256 */
6404 break;
6405 case WC_HASH_TYPE_SHA384:
6406 #ifdef WOLFSSL_SHA384
6407 ret = wolfSSL_SHA384_Update((SHA384_CTX*)&ctx->hash, data,
6408 (unsigned long)sz);
6409 #endif
6410 break;
6411 case WC_HASH_TYPE_SHA512:
6412 #ifdef WOLFSSL_SHA512
6413 ret = wolfSSL_SHA512_Update((SHA512_CTX*)&ctx->hash, data,
6414 (unsigned long)sz);
6415 #endif /* WOLFSSL_SHA512 */
6416 break;
6417
6418 #ifndef WOLFSSL_NOSHA512_224
6419 case WC_HASH_TYPE_SHA512_224:
6420 #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
6421 defined(WOLFSSL_SHA512)
6422 ret = wolfSSL_SHA512_224_Update((SHA512_CTX*)&ctx->hash, data,
6423 (unsigned long)sz);
6424 #endif
6425 break;
6426 #endif /* !WOLFSSL_NOSHA512_224 */
6427
6428 #ifndef WOLFSSL_NOSHA512_256
6429 case WC_HASH_TYPE_SHA512_256:
6430 #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
6431 defined(WOLFSSL_SHA512)
6432 ret = wolfSSL_SHA512_256_Update((SHA512_CTX*)&ctx->hash, data,
6433 (unsigned long)sz);
6434 #endif /* WOLFSSL_SHA512 */
6435 break;
6436 #endif /* !WOLFSSL_NOSHA512_256 */
6437
6438 case WC_HASH_TYPE_SHA3_224:
6439 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224)
6440 ret = wolfSSL_SHA3_224_Update((SHA3_224_CTX*)&ctx->hash, data,
6441 (unsigned long)sz);
6442 #endif
6443 break;
6444 case WC_HASH_TYPE_SHA3_256:
6445 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
6446 ret = wolfSSL_SHA3_256_Update((SHA3_256_CTX*)&ctx->hash, data,
6447 (unsigned long)sz);
6448 #endif
6449 break;
6450 case WC_HASH_TYPE_SHA3_384:
6451 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384)
6452 ret = wolfSSL_SHA3_384_Update((SHA3_384_CTX*)&ctx->hash, data,
6453 (unsigned long)sz);
6454 #endif
6455 break;
6456 case WC_HASH_TYPE_SHA3_512:
6457 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512)
6458 ret = wolfSSL_SHA3_512_Update((SHA3_512_CTX*)&ctx->hash, data,
6459 (unsigned long)sz);
6460 #endif
6461 break;
6462 case WC_HASH_TYPE_NONE:
6463 case WC_HASH_TYPE_MD2:
6464 case WC_HASH_TYPE_MD5_SHA:
6465 case WC_HASH_TYPE_BLAKE2B:
6466 case WC_HASH_TYPE_BLAKE2S:
6467 #ifndef WOLFSSL_NO_SHAKE256
6468 case WC_HASH_TYPE_SHAKE128:
6469 case WC_HASH_TYPE_SHAKE256:
6470 #endif
6471 default:
6472 return WOLFSSL_FAILURE;
6473 }
6474
6475 return ret;
6476 }
6477
6478 /* WOLFSSL_SUCCESS on ok */
wolfSSL_EVP_DigestFinal(WOLFSSL_EVP_MD_CTX * ctx,unsigned char * md,unsigned int * s)6479 int wolfSSL_EVP_DigestFinal(WOLFSSL_EVP_MD_CTX* ctx, unsigned char* md,
6480 unsigned int* s)
6481 {
6482 int ret = WOLFSSL_FAILURE;
6483 enum wc_HashType macType;
6484
6485 WOLFSSL_ENTER("EVP_DigestFinal");
6486 macType = wolfSSL_EVP_md2macType(EVP_MD_CTX_md(ctx));
6487 switch (macType) {
6488 case WC_HASH_TYPE_MD4:
6489 #ifndef NO_MD4
6490 wolfSSL_MD4_Final(md, (MD4_CTX*)&ctx->hash);
6491 if (s) *s = MD4_DIGEST_SIZE;
6492 ret = WOLFSSL_SUCCESS;
6493 #endif
6494 break;
6495 case WC_HASH_TYPE_MD5:
6496 #ifndef NO_MD5
6497 ret = wolfSSL_MD5_Final(md, (MD5_CTX*)&ctx->hash);
6498 if (s) *s = WC_MD5_DIGEST_SIZE;
6499 #endif
6500 break;
6501 case WC_HASH_TYPE_SHA:
6502 #ifndef NO_SHA
6503 ret = wolfSSL_SHA_Final(md, (SHA_CTX*)&ctx->hash);
6504 if (s) *s = WC_SHA_DIGEST_SIZE;
6505 #endif
6506 break;
6507 case WC_HASH_TYPE_SHA224:
6508 #ifdef WOLFSSL_SHA224
6509 ret = wolfSSL_SHA224_Final(md, (SHA224_CTX*)&ctx->hash);
6510 if (s) *s = WC_SHA224_DIGEST_SIZE;
6511 #endif
6512 break;
6513 case WC_HASH_TYPE_SHA256:
6514 #ifndef NO_SHA256
6515 ret = wolfSSL_SHA256_Final(md, (SHA256_CTX*)&ctx->hash);
6516 if (s) *s = WC_SHA256_DIGEST_SIZE;
6517 #endif /* !NO_SHA256 */
6518 break;
6519 case WC_HASH_TYPE_SHA384:
6520 #ifdef WOLFSSL_SHA384
6521 ret = wolfSSL_SHA384_Final(md, (SHA384_CTX*)&ctx->hash);
6522 if (s) *s = WC_SHA384_DIGEST_SIZE;
6523 #endif
6524 break;
6525 case WC_HASH_TYPE_SHA512:
6526 #ifdef WOLFSSL_SHA512
6527 ret = wolfSSL_SHA512_Final(md, (SHA512_CTX*)&ctx->hash);
6528 if (s) *s = WC_SHA512_DIGEST_SIZE;
6529 #endif /* WOLFSSL_SHA512 */
6530 break;
6531 #ifndef WOLFSSL_NOSHA512_224
6532 case WC_HASH_TYPE_SHA512_224:
6533 #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
6534 defined(WOLFSSL_SHA512)
6535 ret = wolfSSL_SHA512_224_Final(md, (SHA512_CTX*)&ctx->hash);
6536 if (s) *s = WC_SHA512_224_DIGEST_SIZE;
6537 #endif
6538 break;
6539 #endif /* !WOLFSSL_NOSHA512_224 */
6540 #ifndef WOLFSSL_NOSHA512_256
6541 case WC_HASH_TYPE_SHA512_256:
6542 #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
6543 defined(WOLFSSL_SHA512)
6544 ret = wolfSSL_SHA512_256_Final(md, (SHA512_CTX*)&ctx->hash);
6545 if (s) *s = WC_SHA512_256_DIGEST_SIZE;
6546 #endif
6547 break;
6548 #endif /* !WOLFSSL_NOSHA512_256 */
6549 case WC_HASH_TYPE_SHA3_224:
6550 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224)
6551 ret = wolfSSL_SHA3_224_Final(md, (SHA3_224_CTX*)&ctx->hash);
6552 if (s) *s = WC_SHA3_224_DIGEST_SIZE;
6553 #endif
6554 break;
6555 case WC_HASH_TYPE_SHA3_256:
6556 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
6557 ret = wolfSSL_SHA3_256_Final(md, (SHA3_256_CTX*)&ctx->hash);
6558 if (s) *s = WC_SHA3_256_DIGEST_SIZE;
6559 #endif
6560 break;
6561 case WC_HASH_TYPE_SHA3_384:
6562 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384)
6563 ret = wolfSSL_SHA3_384_Final(md, (SHA3_384_CTX*)&ctx->hash);
6564 if (s) *s = WC_SHA3_384_DIGEST_SIZE;
6565 #endif
6566 break;
6567 case WC_HASH_TYPE_SHA3_512:
6568 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512)
6569 ret = wolfSSL_SHA3_512_Final(md, (SHA3_512_CTX*)&ctx->hash);
6570 if (s) *s = WC_SHA3_512_DIGEST_SIZE;
6571 #endif
6572 break;
6573 case WC_HASH_TYPE_NONE:
6574 case WC_HASH_TYPE_MD2:
6575 case WC_HASH_TYPE_MD5_SHA:
6576 case WC_HASH_TYPE_BLAKE2B:
6577 case WC_HASH_TYPE_BLAKE2S:
6578 #ifndef WOLFSSL_NO_SHAKE256
6579 case WC_HASH_TYPE_SHAKE128:
6580 case WC_HASH_TYPE_SHAKE256:
6581 #endif
6582 default:
6583 return WOLFSSL_FAILURE;
6584 }
6585
6586 return ret;
6587 }
6588
6589 /* WOLFSSL_SUCCESS on ok */
wolfSSL_EVP_DigestFinal_ex(WOLFSSL_EVP_MD_CTX * ctx,unsigned char * md,unsigned int * s)6590 int wolfSSL_EVP_DigestFinal_ex(WOLFSSL_EVP_MD_CTX* ctx, unsigned char* md,
6591 unsigned int* s)
6592 {
6593 WOLFSSL_ENTER("EVP_DigestFinal_ex");
6594 return EVP_DigestFinal(ctx, md, s);
6595 }
6596
wolfSSL_EVP_cleanup(void)6597 void wolfSSL_EVP_cleanup(void)
6598 {
6599 /* nothing to do here */
6600 }
6601
wolfSSL_EVP_get_digestbynid(int id)6602 const WOLFSSL_EVP_MD* wolfSSL_EVP_get_digestbynid(int id)
6603 {
6604 WOLFSSL_MSG("wolfSSL_get_digestbynid");
6605
6606 switch(id) {
6607 #ifndef NO_MD5
6608 case NID_md5:
6609 return wolfSSL_EVP_md5();
6610 #endif
6611 #ifndef NO_SHA
6612 case NID_sha1:
6613 return wolfSSL_EVP_sha1();
6614 #endif
6615 #ifdef WOLFSSL_SHA224
6616 case NID_sha224:
6617 return wolfSSL_EVP_sha224();
6618 #endif
6619 #ifndef NO_SHA256
6620 case NID_sha256:
6621 return wolfSSL_EVP_sha256();
6622 #endif
6623 #ifdef WOLFSSL_SHA384
6624 case NID_sha384:
6625 return wolfSSL_EVP_sha384();
6626 #endif
6627 #ifdef WOLFSSL_SHA512
6628 case NID_sha512:
6629 return wolfSSL_EVP_sha512();
6630 #endif
6631 default:
6632 WOLFSSL_MSG("Bad digest id value");
6633 }
6634
6635 return NULL;
6636 }
6637
6638 #ifndef NO_RSA
6639 #if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA)
PopulateRSAEvpPkeyDer(WOLFSSL_EVP_PKEY * pkey)6640 static int PopulateRSAEvpPkeyDer(WOLFSSL_EVP_PKEY *pkey)
6641 {
6642 int ret = 0;
6643 int derSz = 0;
6644 word32 pkcs8Sz = 0;
6645 byte* derBuf = NULL;
6646 RsaKey* rsa = NULL;
6647 WOLFSSL_RSA *key = NULL;
6648
6649 if (pkey == NULL || pkey->rsa == NULL || pkey->rsa->internal == NULL) {
6650 WOLFSSL_MSG("bad parameter");
6651 return WOLFSSL_FAILURE;
6652 }
6653
6654 key = pkey->rsa;
6655 rsa = (RsaKey*)pkey->rsa->internal;
6656
6657 /* Get DER size */
6658 if (rsa->type == RSA_PRIVATE) {
6659 ret = wc_RsaKeyToDer(rsa, NULL, 0);
6660 if (ret > 0) {
6661 derSz = ret;
6662 #ifdef HAVE_PKCS8
6663 if (key->pkcs8HeaderSz) {
6664 ret = wc_CreatePKCS8Key(NULL, &pkcs8Sz, NULL, derSz,
6665 RSAk, NULL, 0);
6666 if (ret == LENGTH_ONLY_E)
6667 ret = 0;
6668 }
6669 #endif
6670 }
6671 }
6672 else {
6673 ret = wc_RsaKeyToPublicDer(rsa, NULL, 0);
6674 if (ret > 0)
6675 derSz = ret;
6676 }
6677
6678 if (derSz == 0 || ret < 0) {
6679 WOLFSSL_MSG("Error getting RSA DER size");
6680 return WOLFSSL_FAILURE;
6681 }
6682
6683 derBuf = (byte*)XREALLOC(pkey->pkey.ptr, derSz,
6684 pkey->heap, DYNAMIC_TYPE_DER);
6685 if (derBuf == NULL) {
6686 WOLFSSL_MSG("EVP_PKEY_set1_RSA malloc failed");
6687 return WOLFSSL_FAILURE;
6688 }
6689 /* Old pointer is invalid from this point on */
6690 pkey->pkey.ptr = (char*)derBuf;
6691
6692 if (rsa->type == RSA_PRIVATE) {
6693 ret = wc_RsaKeyToDer(rsa, derBuf, derSz);
6694 if (ret > 0) {
6695 derSz = ret;
6696 #ifdef HAVE_PKCS8
6697 if (key->pkcs8HeaderSz) {
6698 byte* keyBuf = derBuf;
6699 int keySz = derSz;
6700 derSz = pkcs8Sz;
6701 /* Need new buffer for PKCS8 since we can't
6702 * do this in-place */
6703 derBuf = (byte*)XMALLOC(pkcs8Sz, pkey->heap,
6704 DYNAMIC_TYPE_DER);
6705 if (derBuf != NULL) {
6706 ret = wc_CreatePKCS8Key(derBuf, (word32*)&derSz, keyBuf,
6707 keySz, RSAk, NULL, 0);
6708 XFREE(keyBuf, pkey->heap, DYNAMIC_TYPE_DER);
6709 pkey->pkey.ptr = (char*)derBuf;
6710 }
6711 else
6712 ret = MEMORY_E;
6713 }
6714 #endif
6715 }
6716 }
6717 else {
6718 /* Public key to DER */
6719 ret = wc_RsaKeyToPublicDer(rsa, derBuf, derSz);
6720 if (ret > 0)
6721 derSz = ret;
6722 }
6723
6724 if (ret < 0) {
6725 WOLFSSL_MSG("PopulateRSAEvpPkeyDer failed");
6726 return WOLFSSL_FAILURE;
6727 }
6728 else {
6729 pkey->pkey_sz = derSz;
6730 return WOLFSSL_SUCCESS;
6731 }
6732 }
6733 #endif
6734
wolfSSL_EVP_PKEY_get0_RSA(WOLFSSL_EVP_PKEY * pkey)6735 WOLFSSL_RSA* wolfSSL_EVP_PKEY_get0_RSA(WOLFSSL_EVP_PKEY *pkey)
6736 {
6737 WOLFSSL_MSG("wolfSSL_EVP_PKEY_get0_RSA");
6738
6739 if (pkey == NULL)
6740 return NULL;
6741
6742 return pkey->rsa;
6743 }
6744
wolfSSL_EVP_PKEY_get1_RSA(WOLFSSL_EVP_PKEY * pkey)6745 WOLFSSL_RSA* wolfSSL_EVP_PKEY_get1_RSA(WOLFSSL_EVP_PKEY* pkey)
6746 {
6747 WOLFSSL_MSG("wolfSSL_EVP_PKEY_get1_RSA");
6748
6749 if (pkey == NULL || pkey->rsa == NULL)
6750 return NULL;
6751
6752 if (wolfSSL_RSA_up_ref(pkey->rsa) != WOLFSSL_SUCCESS)
6753 return NULL;
6754
6755 return pkey->rsa;
6756 }
6757
6758 /* with set1 functions the pkey struct does not own the RSA structure
6759 *
6760 * returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure
6761 */
wolfSSL_EVP_PKEY_set1_RSA(WOLFSSL_EVP_PKEY * pkey,WOLFSSL_RSA * key)6762 int wolfSSL_EVP_PKEY_set1_RSA(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_RSA *key)
6763 {
6764 WOLFSSL_ENTER("wolfSSL_EVP_PKEY_set1_RSA");
6765 if (pkey == NULL || key == NULL)
6766 return WOLFSSL_FAILURE;
6767
6768 if (wolfSSL_RSA_up_ref(key) != WOLFSSL_SUCCESS) {
6769 WOLFSSL_MSG("wolfSSL_RSA_up_ref failed");
6770 return WOLFSSL_FAILURE;
6771 }
6772
6773 if (pkey->rsa != NULL && pkey->ownRsa == 1) {
6774 wolfSSL_RSA_free(pkey->rsa);
6775 }
6776 pkey->rsa = key;
6777 pkey->ownRsa = 1; /* pkey does not own RSA but needs to call free on it */
6778 pkey->type = EVP_PKEY_RSA;
6779 pkey->pkcs8HeaderSz = key->pkcs8HeaderSz;
6780 if (key->inSet == 0) {
6781 if (SetRsaInternal(key) != WOLFSSL_SUCCESS) {
6782 WOLFSSL_MSG("SetRsaInternal failed");
6783 return WOLFSSL_FAILURE;
6784 }
6785 }
6786
6787 #if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA)
6788 if (PopulateRSAEvpPkeyDer(pkey) != WOLFSSL_SUCCESS) {
6789 WOLFSSL_MSG("PopulateRSAEvpPkeyDer failed");
6790 return WOLFSSL_FAILURE;
6791 }
6792 #endif /* WOLFSSL_KEY_GEN && !HAVE_USER_RSA */
6793
6794 #ifdef WC_RSA_BLINDING
6795 if (key->ownRng == 0) {
6796 if (wc_RsaSetRNG((RsaKey*)pkey->rsa->internal, &pkey->rng) != 0) {
6797 WOLFSSL_MSG("Error setting RSA rng");
6798 return WOLFSSL_FAILURE;
6799 }
6800 }
6801 #endif
6802 return WOLFSSL_SUCCESS;
6803 }
6804 #endif /* !NO_RSA */
6805
6806 #if !defined (NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN)
6807 /* with set1 functions the pkey struct does not own the DSA structure
6808 *
6809 * returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure
6810 */
wolfSSL_EVP_PKEY_set1_DSA(WOLFSSL_EVP_PKEY * pkey,WOLFSSL_DSA * key)6811 int wolfSSL_EVP_PKEY_set1_DSA(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_DSA *key)
6812 {
6813 int derMax = 0;
6814 int derSz = 0;
6815 DsaKey* dsa = NULL;
6816 byte* derBuf = NULL;
6817
6818 WOLFSSL_ENTER("wolfSSL_EVP_PKEY_set1_DSA");
6819
6820 if((pkey == NULL) || (key == NULL))return WOLFSSL_FAILURE;
6821 if (pkey->dsa != NULL && pkey->ownDsa == 1) {
6822 wolfSSL_DSA_free(pkey->dsa);
6823 }
6824 pkey->dsa = key;
6825 pkey->ownDsa = 0; /* pkey does not own DSA */
6826 pkey->type = EVP_PKEY_DSA;
6827 if (key->inSet == 0) {
6828 if (SetDsaInternal(key) != WOLFSSL_SUCCESS) {
6829 WOLFSSL_MSG("SetDsaInternal failed");
6830 return WOLFSSL_FAILURE;
6831 }
6832 }
6833 dsa = (DsaKey*)key->internal;
6834
6835 /* 4 > size of pub, priv, p, q, g + ASN.1 additional information */
6836 derMax = 4 * wolfSSL_BN_num_bytes(key->g) + AES_BLOCK_SIZE;
6837
6838 derBuf = (byte*)XMALLOC(derMax, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER);
6839 if (derBuf == NULL) {
6840 WOLFSSL_MSG("malloc failed");
6841 return WOLFSSL_FAILURE;
6842 }
6843
6844 if (dsa->type == DSA_PRIVATE) {
6845 /* Private key to DER */
6846 derSz = wc_DsaKeyToDer(dsa, derBuf, derMax);
6847 }
6848 else {
6849 /* Public key to DER */
6850 derSz = wc_DsaKeyToPublicDer(dsa, derBuf, derMax);
6851 }
6852
6853 if (derSz < 0) {
6854 if (dsa->type == DSA_PRIVATE) {
6855 WOLFSSL_MSG("wc_DsaKeyToDer failed");
6856 }
6857 else {
6858 WOLFSSL_MSG("wc_DsaKeyToPublicDer failed");
6859 }
6860 XFREE(derBuf, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER);
6861 return WOLFSSL_FAILURE;
6862 }
6863
6864 pkey->pkey.ptr = (char*)XMALLOC(derSz, pkey->heap, DYNAMIC_TYPE_DER);
6865 if (pkey->pkey.ptr == NULL) {
6866 WOLFSSL_MSG("key malloc failed");
6867 XFREE(derBuf, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER);
6868 return WOLFSSL_FAILURE;
6869 }
6870 pkey->pkey_sz = derSz;
6871 XMEMCPY(pkey->pkey.ptr, derBuf, derSz);
6872 XFREE(derBuf, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER);
6873
6874 return WOLFSSL_SUCCESS;
6875 }
6876
wolfSSL_EVP_PKEY_get0_DSA(struct WOLFSSL_EVP_PKEY * pkey)6877 WOLFSSL_DSA* wolfSSL_EVP_PKEY_get0_DSA(struct WOLFSSL_EVP_PKEY *pkey)
6878 {
6879 if (!pkey) {
6880 return NULL;
6881 }
6882 return pkey->dsa;
6883 }
6884
wolfSSL_EVP_PKEY_get1_DSA(WOLFSSL_EVP_PKEY * key)6885 WOLFSSL_DSA* wolfSSL_EVP_PKEY_get1_DSA(WOLFSSL_EVP_PKEY* key)
6886 {
6887 WOLFSSL_DSA* local;
6888
6889 WOLFSSL_ENTER("wolfSSL_EVP_PKEY_get1_DSA");
6890
6891 if (key == NULL) {
6892 WOLFSSL_MSG("Bad function argument");
6893 return NULL;
6894 }
6895
6896 local = wolfSSL_DSA_new();
6897 if (local == NULL) {
6898 WOLFSSL_MSG("Error creating a new WOLFSSL_DSA structure");
6899 return NULL;
6900 }
6901
6902 if (key->type == EVP_PKEY_DSA) {
6903 if (wolfSSL_DSA_LoadDer(local, (const unsigned char*)key->pkey.ptr,
6904 key->pkey_sz) != SSL_SUCCESS) {
6905 /* now try public key */
6906 if (wolfSSL_DSA_LoadDer_ex(local,
6907 (const unsigned char*)key->pkey.ptr, key->pkey_sz,
6908 WOLFSSL_DSA_LOAD_PUBLIC) != SSL_SUCCESS) {
6909 wolfSSL_DSA_free(local);
6910 local = NULL;
6911 }
6912 }
6913 }
6914 else {
6915 WOLFSSL_MSG("WOLFSSL_EVP_PKEY does not hold a DSA key");
6916 wolfSSL_DSA_free(local);
6917 local = NULL;
6918 }
6919 return local;
6920 }
6921 #endif /* !NO_DSA && !HAVE_SELFTEST && WOLFSSL_KEY_GEN */
6922
6923 #ifdef HAVE_ECC
wolfSSL_EVP_PKEY_get0_EC_KEY(WOLFSSL_EVP_PKEY * pkey)6924 WOLFSSL_EC_KEY *wolfSSL_EVP_PKEY_get0_EC_KEY(WOLFSSL_EVP_PKEY *pkey)
6925 {
6926 WOLFSSL_EC_KEY *eckey = NULL;
6927 if (pkey) {
6928 #ifdef HAVE_ECC
6929 eckey = pkey->ecc;
6930 #endif
6931 }
6932 return eckey;
6933 }
6934
wolfSSL_EVP_PKEY_get1_EC_KEY(WOLFSSL_EVP_PKEY * key)6935 WOLFSSL_EC_KEY* wolfSSL_EVP_PKEY_get1_EC_KEY(WOLFSSL_EVP_PKEY* key)
6936 {
6937 WOLFSSL_EC_KEY* local;
6938 WOLFSSL_ENTER("wolfSSL_EVP_PKEY_get1_EC_KEY");
6939
6940 if (key == NULL) {
6941 return NULL;
6942 }
6943
6944 local = wolfSSL_EC_KEY_new();
6945 if (local == NULL) {
6946 WOLFSSL_MSG("Error creating a new WOLFSSL_EC_KEY structure");
6947 return NULL;
6948 }
6949
6950 if (key->type == EVP_PKEY_EC) {
6951 if (wolfSSL_EC_KEY_LoadDer(local, (const unsigned char*)key->pkey.ptr,
6952 key->pkey_sz) != WOLFSSL_SUCCESS) {
6953 /* now try public key */
6954 if (wolfSSL_EC_KEY_LoadDer_ex(local,
6955 (const unsigned char*)key->pkey.ptr,
6956 key->pkey_sz, WOLFSSL_EC_KEY_LOAD_PUBLIC) != WOLFSSL_SUCCESS) {
6957
6958 wolfSSL_EC_KEY_free(local);
6959 local = NULL;
6960 }
6961 }
6962 }
6963 else {
6964 WOLFSSL_MSG("WOLFSSL_EVP_PKEY does not hold an EC key");
6965 wolfSSL_EC_KEY_free(local);
6966 local = NULL;
6967 }
6968 #ifdef OPENSSL_ALL
6969 if (!local && key->ecc) {
6970 local = wolfSSL_EC_KEY_dup(key->ecc);
6971 }
6972 #endif
6973 return local;
6974 }
6975 #endif /* HAVE_ECC */
6976
6977 #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || defined(WOLFSSL_OPENSSH)
6978 #if !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA) && !defined(NO_FILESYSTEM)
6979 /* with set1 functions the pkey struct does not own the DH structure
6980 * Build the following DH Key format from the passed in WOLFSSL_DH
6981 * then store in WOLFSSL_EVP_PKEY in DER format.
6982 *
6983 * returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure
6984 */
wolfSSL_EVP_PKEY_set1_DH(WOLFSSL_EVP_PKEY * pkey,WOLFSSL_DH * key)6985 int wolfSSL_EVP_PKEY_set1_DH(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_DH *key)
6986 {
6987 byte havePublic = 0, havePrivate = 0;
6988 int ret;
6989 word32 derSz = 0;
6990 byte* derBuf = NULL;
6991 DhKey* dhkey = NULL;
6992
6993 WOLFSSL_ENTER("wolfSSL_EVP_PKEY_set1_DH");
6994
6995 if (pkey == NULL || key == NULL)
6996 return WOLFSSL_FAILURE;
6997
6998 if (pkey->dh != NULL && pkey->ownDh == 1)
6999 wolfSSL_DH_free(pkey->dh);
7000
7001 pkey->dh = key;
7002 pkey->ownDh = 0; /* pkey does not own DH */
7003 pkey->type = EVP_PKEY_DH;
7004 if (key->inSet == 0) {
7005 if (SetDhInternal(key) != WOLFSSL_SUCCESS) {
7006 WOLFSSL_MSG("SetDhInternal failed");
7007 return WOLFSSL_FAILURE;
7008 }
7009 }
7010
7011 dhkey = (DhKey*)key->internal;
7012
7013 havePublic = mp_unsigned_bin_size(&dhkey->pub) > 0;
7014 havePrivate = mp_unsigned_bin_size(&dhkey->priv) > 0;
7015
7016 /* Get size of DER buffer only */
7017 if (havePublic && !havePrivate) {
7018 ret = wc_DhPubKeyToDer(dhkey, NULL, &derSz);
7019 } else if (havePrivate && !havePublic) {
7020 ret = wc_DhPrivKeyToDer(dhkey, NULL, &derSz);
7021 } else {
7022 ret = wc_DhParamsToDer(dhkey,NULL,&derSz);
7023 }
7024
7025 if (derSz == 0 || ret != LENGTH_ONLY_E) {
7026 WOLFSSL_MSG("Failed to get size of DH Key");
7027 return WOLFSSL_FAILURE;
7028 }
7029
7030 derBuf = (byte*)XMALLOC(derSz, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER);
7031 if (derBuf == NULL) {
7032 WOLFSSL_MSG("malloc failed");
7033 return WOLFSSL_FAILURE;
7034 }
7035
7036 /* Fill DER buffer */
7037 if (havePublic && !havePrivate) {
7038 ret = wc_DhPubKeyToDer(dhkey, derBuf, &derSz);
7039 } else if (havePrivate && !havePublic) {
7040 ret = wc_DhPrivKeyToDer(dhkey, derBuf, &derSz);
7041 } else {
7042 ret = wc_DhParamsToDer(dhkey,derBuf,&derSz);
7043 }
7044
7045 if (ret <= 0) {
7046 WOLFSSL_MSG("Failed to export DH Key");
7047 XFREE(derBuf, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER);
7048 return WOLFSSL_FAILURE;
7049 }
7050
7051 /* Store DH key into pkey (DER format) */
7052 pkey->pkey.ptr = (char*)derBuf;
7053 pkey->pkey_sz = derSz;
7054
7055 return WOLFSSL_SUCCESS;
7056 }
7057
wolfSSL_EVP_PKEY_get0_DH(WOLFSSL_EVP_PKEY * key)7058 WOLFSSL_DH* wolfSSL_EVP_PKEY_get0_DH(WOLFSSL_EVP_PKEY* key)
7059 {
7060 if (!key) {
7061 return NULL;
7062 }
7063 return key->dh;
7064 }
7065
wolfSSL_EVP_PKEY_get1_DH(WOLFSSL_EVP_PKEY * key)7066 WOLFSSL_DH* wolfSSL_EVP_PKEY_get1_DH(WOLFSSL_EVP_PKEY* key)
7067 {
7068 WOLFSSL_DH* local = NULL;
7069
7070 WOLFSSL_ENTER("wolfSSL_EVP_PKEY_get1_DH");
7071
7072 if (key == NULL || key->dh == NULL) {
7073 WOLFSSL_MSG("Bad function argument");
7074 return NULL;
7075 }
7076
7077 if (key->type == EVP_PKEY_DH) {
7078 local = wolfSSL_DH_new();
7079 if (local == NULL) {
7080 WOLFSSL_MSG("Error creating a new WOLFSSL_DH structure");
7081 return NULL;
7082 }
7083
7084 if (wolfSSL_DH_LoadDer(local, (const unsigned char*)key->pkey.ptr,
7085 key->pkey_sz) != SSL_SUCCESS) {
7086 wolfSSL_DH_free(local);
7087 WOLFSSL_MSG("Error wolfSSL_DH_LoadDer");
7088 local = NULL;
7089 }
7090 }
7091 else {
7092 WOLFSSL_MSG("WOLFSSL_EVP_PKEY does not hold a DH key");
7093 wolfSSL_DH_free(local);
7094 return NULL;
7095 }
7096
7097 return local;
7098 }
7099 #endif /* NO_DH && WOLFSSL_DH_EXTRA && NO_FILESYSTEM */
7100
wolfSSL_EVP_PKEY_assign(WOLFSSL_EVP_PKEY * pkey,int type,void * key)7101 int wolfSSL_EVP_PKEY_assign(WOLFSSL_EVP_PKEY *pkey, int type, void *key)
7102 {
7103 int ret;
7104
7105 WOLFSSL_ENTER("wolfSSL_EVP_PKEY_assign");
7106
7107 /* pkey and key checked if NULL in subsequent assign functions */
7108 switch(type) {
7109 #ifndef NO_RSA
7110 case EVP_PKEY_RSA:
7111 ret = wolfSSL_EVP_PKEY_assign_RSA(pkey, (WOLFSSL_RSA*)key);
7112 break;
7113 #endif
7114 #ifndef NO_DSA
7115 case EVP_PKEY_DSA:
7116 ret = wolfSSL_EVP_PKEY_assign_DSA(pkey, (WOLFSSL_DSA*)key);
7117 break;
7118 #endif
7119 #ifdef HAVE_ECC
7120 case EVP_PKEY_EC:
7121 ret = wolfSSL_EVP_PKEY_assign_EC_KEY(pkey, (WOLFSSL_EC_KEY*)key);
7122 break;
7123 #endif
7124 #ifndef NO_DH
7125 case EVP_PKEY_DH:
7126 ret = wolfSSL_EVP_PKEY_assign_DH(pkey, (WOLFSSL_DH*)key);
7127 break;
7128 #endif
7129 default:
7130 WOLFSSL_MSG("Unknown EVP_PKEY type in wolfSSL_EVP_PKEY_assign.");
7131 ret = WOLFSSL_FAILURE;
7132 }
7133
7134 return ret;
7135 }
7136 #endif /* WOLFSSL_QT || OPENSSL_ALL */
7137
7138 #if defined(HAVE_ECC)
7139 /* try and populate public pkey_sz and pkey.ptr */
ECC_populate_EVP_PKEY(EVP_PKEY * pkey,WOLFSSL_EC_KEY * key)7140 static int ECC_populate_EVP_PKEY(EVP_PKEY* pkey, WOLFSSL_EC_KEY *key)
7141 {
7142 int derSz = 0;
7143 byte* derBuf = NULL;
7144 ecc_key* ecc;
7145
7146 if (pkey == NULL || key == NULL || key->internal == NULL)
7147 return WOLFSSL_FAILURE;
7148
7149 ecc = (ecc_key*)key->internal;
7150 if (ecc->type == ECC_PRIVATEKEY || ecc->type == ECC_PRIVATEKEY_ONLY) {
7151 #ifdef HAVE_PKCS8
7152 if (key->pkcs8HeaderSz) {
7153 /* when key has pkcs8 header the pkey should too */
7154 if (wc_EccKeyToPKCS8(ecc, NULL, (word32*)&derSz) == LENGTH_ONLY_E) {
7155 derBuf = (byte*)XMALLOC(derSz, pkey->heap, DYNAMIC_TYPE_OPENSSL);
7156 if (derBuf) {
7157 if (wc_EccKeyToPKCS8(ecc, derBuf, (word32*)&derSz) >= 0) {
7158 if (pkey->pkey.ptr) {
7159 XFREE(pkey->pkey.ptr, pkey->heap, DYNAMIC_TYPE_OPENSSL);
7160 }
7161 pkey->pkey_sz = (int)derSz;
7162 pkey->pkey.ptr = (char*)derBuf;
7163 pkey->pkcs8HeaderSz = key->pkcs8HeaderSz;
7164 return WOLFSSL_SUCCESS;
7165 }
7166 else {
7167 XFREE(derBuf, pkey->heap, DYNAMIC_TYPE_OPENSSL);
7168 derBuf = NULL;
7169 }
7170 }
7171 }
7172 }
7173 else
7174 #endif /* HAVE_PKCS8 */
7175 {
7176 /* if not, the pkey will be traditional ecc key */
7177 if ((derSz = wc_EccKeyDerSize(ecc, 1)) > 0) {
7178 derBuf = (byte*)XMALLOC(derSz, pkey->heap, DYNAMIC_TYPE_OPENSSL);
7179 if (derBuf) {
7180 if (wc_EccKeyToDer(ecc, derBuf, derSz) >= 0) {
7181 if (pkey->pkey.ptr) {
7182 XFREE(pkey->pkey.ptr, pkey->heap, DYNAMIC_TYPE_OPENSSL);
7183 }
7184 pkey->pkey_sz = (int)derSz;
7185 pkey->pkey.ptr = (char*)derBuf;
7186 return WOLFSSL_SUCCESS;
7187 }
7188 else {
7189 XFREE(derBuf, pkey->heap, DYNAMIC_TYPE_OPENSSL);
7190 derBuf = NULL;
7191 }
7192 }
7193 }
7194 }
7195 }
7196 else if (ecc->type == ECC_PUBLICKEY) {
7197 if ((derSz = (word32)wc_EccPublicKeyDerSize(ecc, 1)) > 0) {
7198 derBuf = (byte*)XREALLOC(pkey->pkey.ptr, derSz, NULL,
7199 DYNAMIC_TYPE_OPENSSL);
7200 if (derBuf != NULL) {
7201 pkey->pkey.ptr = (char*)derBuf;
7202 if ((derSz = wc_EccPublicKeyToDer(ecc, derBuf, derSz, 1)) < 0) {
7203 XFREE(derBuf, NULL, DYNAMIC_TYPE_OPENSSL);
7204 derBuf = NULL;
7205 }
7206 }
7207 }
7208 }
7209 if (derBuf != NULL) {
7210 pkey->pkey_sz = (int)derSz;
7211 return WOLFSSL_SUCCESS;
7212 }
7213 else {
7214 return WOLFSSL_FAILURE;
7215 }
7216 }
7217
wolfSSL_EVP_PKEY_set1_EC_KEY(WOLFSSL_EVP_PKEY * pkey,WOLFSSL_EC_KEY * key)7218 int wolfSSL_EVP_PKEY_set1_EC_KEY(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_EC_KEY *key)
7219 {
7220 #ifdef HAVE_ECC
7221 if((pkey == NULL) || (key ==NULL))return WOLFSSL_FAILURE;
7222 WOLFSSL_ENTER("wolfSSL_EVP_PKEY_set1_EC_KEY");
7223 #ifndef NO_RSA
7224 if (pkey->rsa != NULL && pkey->ownRsa == 1) {
7225 wolfSSL_RSA_free(pkey->rsa);
7226 }
7227 pkey->ownRsa = 0;
7228 #endif
7229 #ifndef NO_DSA
7230 if (pkey->dsa != NULL && pkey->ownDsa == 1) {
7231 wolfSSL_DSA_free(pkey->dsa);
7232 }
7233 pkey->ownDsa = 0;
7234 #endif
7235 #ifndef NO_DH
7236 if (pkey->dh != NULL && pkey->ownDh == 1) {
7237 wolfSSL_DH_free(pkey->dh);
7238 }
7239 pkey->ownDh = 0;
7240 #endif
7241 if (pkey->ecc != NULL && pkey->ownEcc == 1) {
7242 wolfSSL_EC_KEY_free(pkey->ecc);
7243 }
7244 pkey->ecc = key;
7245 pkey->ownEcc = 0; /* pkey does not own EC key */
7246 pkey->type = EVP_PKEY_EC;
7247 return ECC_populate_EVP_PKEY(pkey, key);
7248 #else
7249 (void)pkey;
7250 (void)key;
7251 return WOLFSSL_FAILURE;
7252 #endif
7253 }
7254
wolfSSL_EVP_X_STATE(const WOLFSSL_EVP_CIPHER_CTX * ctx)7255 void* wolfSSL_EVP_X_STATE(const WOLFSSL_EVP_CIPHER_CTX* ctx)
7256 {
7257 WOLFSSL_MSG("wolfSSL_EVP_X_STATE");
7258
7259 if (ctx) {
7260 switch (ctx->cipherType) {
7261 case ARC4_TYPE:
7262 WOLFSSL_MSG("returning arc4 state");
7263 return (void*)&ctx->cipher.arc4.x;
7264
7265 default:
7266 WOLFSSL_MSG("bad x state type");
7267 return 0;
7268 }
7269 }
7270
7271 return NULL;
7272 }
wolfSSL_EVP_PKEY_assign_EC_KEY(EVP_PKEY * pkey,WOLFSSL_EC_KEY * key)7273 int wolfSSL_EVP_PKEY_assign_EC_KEY(EVP_PKEY* pkey, WOLFSSL_EC_KEY* key)
7274 {
7275 if (pkey == NULL || key == NULL)
7276 return WOLFSSL_FAILURE;
7277
7278 pkey->type = EVP_PKEY_EC;
7279 pkey->ecc = key;
7280 pkey->ownEcc = 1;
7281
7282 /* try and populate public pkey_sz and pkey.ptr */
7283 return ECC_populate_EVP_PKEY(pkey, key);
7284 }
7285 #endif /* HAVE_ECC */
7286
7287 #ifndef NO_WOLFSSL_STUB
wolfSSL_EVP_ripemd160(void)7288 const WOLFSSL_EVP_MD* wolfSSL_EVP_ripemd160(void)
7289 {
7290 WOLFSSL_MSG("wolfSSL_ripemd160");
7291 WOLFSSL_STUB("EVP_ripemd160");
7292 return NULL;
7293 }
7294 #endif
7295
7296
wolfSSL_EVP_MD_block_size(const WOLFSSL_EVP_MD * type)7297 int wolfSSL_EVP_MD_block_size(const WOLFSSL_EVP_MD* type)
7298 {
7299 WOLFSSL_MSG("wolfSSL_EVP_MD_block_size");
7300
7301 if (type == NULL) {
7302 WOLFSSL_MSG("No md type arg");
7303 return BAD_FUNC_ARG;
7304 }
7305
7306 if (XSTRNCMP(type, "SHA256", 6) == 0) {
7307 return WC_SHA256_BLOCK_SIZE;
7308 }
7309 #ifndef NO_MD4
7310 else if (XSTRNCMP(type, "MD4", 3) == 0) {
7311 return MD4_BLOCK_SIZE;
7312 }
7313 #endif
7314 #ifndef NO_MD5
7315 else if (XSTRNCMP(type, "MD5", 3) == 0) {
7316 return WC_MD5_BLOCK_SIZE;
7317 }
7318 #endif
7319 #ifdef WOLFSSL_SHA224
7320 else if (XSTRNCMP(type, "SHA224", 6) == 0) {
7321 return WC_SHA224_BLOCK_SIZE;
7322 }
7323 #endif
7324 #ifdef WOLFSSL_SHA384
7325 else if (XSTRNCMP(type, "SHA384", 6) == 0) {
7326 return WC_SHA384_BLOCK_SIZE;
7327 }
7328 #endif
7329 #ifdef WOLFSSL_SHA512
7330 else if (XSTRNCMP(type, "SHA512", 6) == 0) {
7331 return WC_SHA512_BLOCK_SIZE;
7332 }
7333 #endif
7334 #ifdef WOLFSSL_SHA3
7335 #ifndef WOLFSSL_NOSHA3_224
7336 else if (XSTRNCMP(type, "SHA3_224", 8) == 0) {
7337 return WC_SHA3_224_BLOCK_SIZE;
7338 }
7339 #endif
7340 #ifndef WOLFSSL_NOSHA3_256
7341 else if (XSTRNCMP(type, "SHA3_256", 8) == 0) {
7342 return WC_SHA3_256_BLOCK_SIZE;
7343 }
7344 #endif
7345 #ifndef WOLFSSL_NOSHA3_384
7346 else if (XSTRNCMP(type, "SHA3_384", 8) == 0) {
7347 return WC_SHA3_384_BLOCK_SIZE;
7348 }
7349 #endif
7350 #ifndef WOLFSSL_NOSHA3_512
7351 else if (XSTRNCMP(type, "SHA3_512", 8) == 0) {
7352 return WC_SHA3_512_BLOCK_SIZE;
7353 }
7354 #endif
7355 #endif /* WOLFSSL_SHA3 */
7356 #ifndef NO_SHA
7357 /* has to be last since would pick or 256, 384, 512, or SHA3 too */
7358 else if (XSTRNCMP(type, "SHA", 3) == 0) {
7359 return WC_SHA_BLOCK_SIZE;
7360 }
7361 #endif
7362
7363 return BAD_FUNC_ARG;
7364 }
7365
wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD * type)7366 int wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* type)
7367 {
7368 WOLFSSL_MSG("wolfSSL_EVP_MD_size");
7369
7370 if (type == NULL) {
7371 WOLFSSL_MSG("No md type arg");
7372 return BAD_FUNC_ARG;
7373 }
7374
7375 if (XSTRNCMP(type, "SHA256", 6) == 0) {
7376 return WC_SHA256_DIGEST_SIZE;
7377 }
7378 #ifndef NO_MD4
7379 else if (XSTRNCMP(type, "MD4", 3) == 0) {
7380 return MD4_DIGEST_SIZE;
7381 }
7382 #endif
7383 #ifndef NO_MD5
7384 else if (XSTRNCMP(type, "MD5", 3) == 0) {
7385 return WC_MD5_DIGEST_SIZE;
7386 }
7387 #endif
7388 #ifdef WOLFSSL_SHA224
7389 else if (XSTRNCMP(type, "SHA224", 6) == 0) {
7390 return WC_SHA224_DIGEST_SIZE;
7391 }
7392 #endif
7393 #ifdef WOLFSSL_SHA384
7394 else if (XSTRNCMP(type, "SHA384", 6) == 0) {
7395 return WC_SHA384_DIGEST_SIZE;
7396 }
7397 #endif
7398 #ifdef WOLFSSL_SHA512
7399 else if (XSTRNCMP(type, "SHA512", 6) == 0) {
7400 return WC_SHA512_DIGEST_SIZE;
7401 }
7402 #endif
7403 #ifdef WOLFSSL_SHA3
7404 #ifndef WOLFSSL_NOSHA3_224
7405 else if (XSTRNCMP(type, "SHA3_224", 8) == 0) {
7406 return WC_SHA3_224_DIGEST_SIZE;
7407 }
7408 #endif
7409 #ifndef WOLFSSL_NOSHA3_256
7410 else if (XSTRNCMP(type, "SHA3_256", 8) == 0) {
7411 return WC_SHA3_256_DIGEST_SIZE;
7412 }
7413 #endif
7414 #ifndef WOLFSSL_NOSHA3_384
7415 else if (XSTRNCMP(type, "SHA3_384", 8) == 0) {
7416 return WC_SHA3_384_DIGEST_SIZE;
7417 }
7418 #endif
7419 #ifndef WOLFSSL_NOSHA3_512
7420 else if (XSTRNCMP(type, "SHA3_512", 8) == 0) {
7421 return WC_SHA3_512_DIGEST_SIZE;
7422 }
7423 #endif
7424 #endif /* WOLFSSL_SHA3 */
7425 #ifndef NO_SHA
7426 /* has to be last since would pick or 256, 384, or 512 too */
7427 else if (XSTRNCMP(type, "SHA", 3) == 0) {
7428 return WC_SHA_DIGEST_SIZE;
7429 }
7430 #endif
7431
7432 return BAD_FUNC_ARG;
7433 }
7434
wolfSSL_EVP_MD_pkey_type(const WOLFSSL_EVP_MD * type)7435 int wolfSSL_EVP_MD_pkey_type(const WOLFSSL_EVP_MD* type)
7436 {
7437 int ret = BAD_FUNC_ARG;
7438
7439 WOLFSSL_ENTER("wolfSSL_EVP_MD_pkey_type");
7440
7441 if (type != NULL) {
7442 if (XSTRNCMP(type, "MD5", 3) == 0) {
7443 ret = NID_md5WithRSAEncryption;
7444 }
7445 else if (XSTRNCMP(type, "SHA1", 4) == 0) {
7446 ret = NID_sha1WithRSAEncryption;
7447 }
7448 else if (XSTRNCMP(type, "SHA224", 6) == 0) {
7449 ret = NID_sha224WithRSAEncryption;
7450 }
7451 else if (XSTRNCMP(type, "SHA256", 6) == 0) {
7452 ret = NID_sha256WithRSAEncryption;
7453 }
7454 else if (XSTRNCMP(type, "SHA384", 6) == 0) {
7455 ret = NID_sha384WithRSAEncryption;
7456 }
7457 else if (XSTRNCMP(type, "SHA512", 6) == 0) {
7458 ret = NID_sha512WithRSAEncryption;
7459 }
7460 }
7461
7462 WOLFSSL_LEAVE("wolfSSL_EVP_MD_pkey_type", ret);
7463
7464 return ret;
7465 }
7466
7467
7468
wolfSSL_EVP_CIPHER_CTX_iv_length(const WOLFSSL_EVP_CIPHER_CTX * ctx)7469 int wolfSSL_EVP_CIPHER_CTX_iv_length(const WOLFSSL_EVP_CIPHER_CTX* ctx)
7470 {
7471 WOLFSSL_MSG("wolfSSL_EVP_CIPHER_CTX_iv_length");
7472
7473 switch (ctx->cipherType) {
7474
7475 #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
7476 case AES_128_CBC_TYPE :
7477 case AES_192_CBC_TYPE :
7478 case AES_256_CBC_TYPE :
7479 WOLFSSL_MSG("AES CBC");
7480 return AES_BLOCK_SIZE;
7481 #endif
7482 #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
7483 (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
7484 #ifdef HAVE_AESGCM
7485 case AES_128_GCM_TYPE :
7486 case AES_192_GCM_TYPE :
7487 case AES_256_GCM_TYPE :
7488 WOLFSSL_MSG("AES GCM");
7489 return GCM_NONCE_MID_SZ;
7490 #endif
7491 #endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION >= 2 */
7492 #ifdef WOLFSSL_AES_COUNTER
7493 case AES_128_CTR_TYPE :
7494 case AES_192_CTR_TYPE :
7495 case AES_256_CTR_TYPE :
7496 WOLFSSL_MSG("AES CTR");
7497 return AES_BLOCK_SIZE;
7498 #endif
7499 #ifndef NO_DES3
7500 case DES_CBC_TYPE :
7501 WOLFSSL_MSG("DES CBC");
7502 return DES_BLOCK_SIZE;
7503
7504 case DES_EDE3_CBC_TYPE :
7505 WOLFSSL_MSG("DES EDE3 CBC");
7506 return DES_BLOCK_SIZE;
7507 #endif
7508 #ifdef HAVE_IDEA
7509 case IDEA_CBC_TYPE :
7510 WOLFSSL_MSG("IDEA CBC");
7511 return IDEA_BLOCK_SIZE;
7512 #endif
7513 #ifndef NO_RC4
7514 case ARC4_TYPE :
7515 WOLFSSL_MSG("ARC4");
7516 return 0;
7517 #endif
7518 #ifdef WOLFSSL_AES_CFB
7519 #if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
7520 case AES_128_CFB1_TYPE:
7521 case AES_192_CFB1_TYPE:
7522 case AES_256_CFB1_TYPE:
7523 WOLFSSL_MSG("AES CFB1");
7524 return AES_BLOCK_SIZE;
7525 case AES_128_CFB8_TYPE:
7526 case AES_192_CFB8_TYPE:
7527 case AES_256_CFB8_TYPE:
7528 WOLFSSL_MSG("AES CFB8");
7529 return AES_BLOCK_SIZE;
7530 #endif /* !HAVE_SELFTEST && !HAVE_FIPS */
7531 case AES_128_CFB128_TYPE:
7532 case AES_192_CFB128_TYPE:
7533 case AES_256_CFB128_TYPE:
7534 WOLFSSL_MSG("AES CFB128");
7535 return AES_BLOCK_SIZE;
7536 #endif /* WOLFSSL_AES_CFB */
7537 #if defined(WOLFSSL_AES_OFB)
7538 case AES_128_OFB_TYPE:
7539 case AES_192_OFB_TYPE:
7540 case AES_256_OFB_TYPE:
7541 WOLFSSL_MSG("AES OFB");
7542 return AES_BLOCK_SIZE;
7543 #endif /* WOLFSSL_AES_OFB */
7544 #ifdef WOLFSSL_AES_XTS
7545 case AES_128_XTS_TYPE:
7546 case AES_256_XTS_TYPE:
7547 WOLFSSL_MSG("AES XTS");
7548 return AES_BLOCK_SIZE;
7549 #endif /* WOLFSSL_AES_XTS */
7550
7551 case NULL_CIPHER_TYPE :
7552 WOLFSSL_MSG("NULL");
7553 return 0;
7554
7555 default: {
7556 WOLFSSL_MSG("bad type");
7557 }
7558 }
7559 return 0;
7560 }
7561
wolfSSL_EVP_CIPHER_iv_length(const WOLFSSL_EVP_CIPHER * cipher)7562 int wolfSSL_EVP_CIPHER_iv_length(const WOLFSSL_EVP_CIPHER* cipher)
7563 {
7564 const char *name = (const char *)cipher;
7565 WOLFSSL_MSG("wolfSSL_EVP_CIPHER_iv_length");
7566
7567 #ifndef NO_AES
7568 #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
7569 #ifdef WOLFSSL_AES_128
7570 if (XSTRNCMP(name, EVP_AES_128_CBC, XSTRLEN(EVP_AES_128_CBC)) == 0)
7571 return AES_BLOCK_SIZE;
7572 #endif
7573 #ifdef WOLFSSL_AES_192
7574 if (XSTRNCMP(name, EVP_AES_192_CBC, XSTRLEN(EVP_AES_192_CBC)) == 0)
7575 return AES_BLOCK_SIZE;
7576 #endif
7577 #ifdef WOLFSSL_AES_256
7578 if (XSTRNCMP(name, EVP_AES_256_CBC, XSTRLEN(EVP_AES_256_CBC)) == 0)
7579 return AES_BLOCK_SIZE;
7580 #endif
7581 #endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */
7582 #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
7583 (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
7584 #ifdef HAVE_AESGCM
7585 #ifdef WOLFSSL_AES_128
7586 if (XSTRNCMP(name, EVP_AES_128_GCM, XSTRLEN(EVP_AES_128_GCM)) == 0)
7587 return GCM_NONCE_MID_SZ;
7588 #endif
7589 #ifdef WOLFSSL_AES_192
7590 if (XSTRNCMP(name, EVP_AES_192_GCM, XSTRLEN(EVP_AES_192_GCM)) == 0)
7591 return GCM_NONCE_MID_SZ;
7592 #endif
7593 #ifdef WOLFSSL_AES_256
7594 if (XSTRNCMP(name, EVP_AES_256_GCM, XSTRLEN(EVP_AES_256_GCM)) == 0)
7595 return GCM_NONCE_MID_SZ;
7596 #endif
7597 #endif /* HAVE_AESGCM */
7598 #endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION >= 2 */
7599 #ifdef WOLFSSL_AES_COUNTER
7600 #ifdef WOLFSSL_AES_128
7601 if (XSTRNCMP(name, EVP_AES_128_CTR, XSTRLEN(EVP_AES_128_CTR)) == 0)
7602 return AES_BLOCK_SIZE;
7603 #endif
7604 #ifdef WOLFSSL_AES_192
7605 if (XSTRNCMP(name, EVP_AES_192_CTR, XSTRLEN(EVP_AES_192_CTR)) == 0)
7606 return AES_BLOCK_SIZE;
7607 #endif
7608 #ifdef WOLFSSL_AES_256
7609 if (XSTRNCMP(name, EVP_AES_256_CTR, XSTRLEN(EVP_AES_256_CTR)) == 0)
7610 return AES_BLOCK_SIZE;
7611 #endif
7612 #endif
7613 #ifdef WOLFSSL_AES_XTS
7614 #ifdef WOLFSSL_AES_128
7615 if (XSTRNCMP(name, EVP_AES_128_XTS, XSTRLEN(EVP_AES_128_XTS)) == 0)
7616 return AES_BLOCK_SIZE;
7617 #endif /* WOLFSSL_AES_128 */
7618
7619 #ifdef WOLFSSL_AES_256
7620 if (XSTRNCMP(name, EVP_AES_256_XTS, XSTRLEN(EVP_AES_256_XTS)) == 0)
7621 return AES_BLOCK_SIZE;
7622 #endif /* WOLFSSL_AES_256 */
7623 #endif /* WOLFSSL_AES_XTS */
7624
7625 #endif
7626
7627 #ifndef NO_DES3
7628 if ((XSTRNCMP(name, EVP_DES_CBC, XSTRLEN(EVP_DES_CBC)) == 0) ||
7629 (XSTRNCMP(name, EVP_DES_EDE3_CBC, XSTRLEN(EVP_DES_EDE3_CBC)) == 0)) {
7630 return DES_BLOCK_SIZE;
7631 }
7632 #endif
7633
7634 #ifdef HAVE_IDEA
7635 if (XSTRNCMP(name, EVP_IDEA_CBC, XSTRLEN(EVP_IDEA_CBC)) == 0)
7636 return IDEA_BLOCK_SIZE;
7637 #endif
7638
7639 (void)name;
7640
7641 return 0;
7642 }
7643
7644
wolfSSL_EVP_X_STATE_LEN(const WOLFSSL_EVP_CIPHER_CTX * ctx)7645 int wolfSSL_EVP_X_STATE_LEN(const WOLFSSL_EVP_CIPHER_CTX* ctx)
7646 {
7647 WOLFSSL_MSG("wolfSSL_EVP_X_STATE_LEN");
7648
7649 if (ctx) {
7650 switch (ctx->cipherType) {
7651 case ARC4_TYPE:
7652 WOLFSSL_MSG("returning arc4 state size");
7653 return sizeof(Arc4);
7654
7655 default:
7656 WOLFSSL_MSG("bad x state type");
7657 return 0;
7658 }
7659 }
7660
7661 return 0;
7662 }
7663
7664
7665 /* return of pkey->type which will be EVP_PKEY_RSA for example.
7666 *
7667 * type type of EVP_PKEY
7668 *
7669 * returns type or if type is not found then NID_undef
7670 */
wolfSSL_EVP_PKEY_type(int type)7671 int wolfSSL_EVP_PKEY_type(int type)
7672 {
7673 WOLFSSL_MSG("wolfSSL_EVP_PKEY_type");
7674
7675 switch (type) {
7676 case EVP_PKEY_RSA:
7677 return EVP_PKEY_RSA;
7678 case EVP_PKEY_DSA:
7679 return EVP_PKEY_DSA;
7680 case EVP_PKEY_EC:
7681 return EVP_PKEY_EC;
7682 case EVP_PKEY_DH:
7683 return EVP_PKEY_DH;
7684 default:
7685 return NID_undef;
7686 }
7687 }
7688
7689
wolfSSL_EVP_PKEY_id(const WOLFSSL_EVP_PKEY * pkey)7690 int wolfSSL_EVP_PKEY_id(const WOLFSSL_EVP_PKEY *pkey)
7691 {
7692 if (pkey != NULL)
7693 return pkey->type;
7694 return 0;
7695 }
7696
7697
wolfSSL_EVP_PKEY_base_id(const WOLFSSL_EVP_PKEY * pkey)7698 int wolfSSL_EVP_PKEY_base_id(const WOLFSSL_EVP_PKEY *pkey)
7699 {
7700 if (pkey == NULL)
7701 return NID_undef;
7702 return wolfSSL_EVP_PKEY_type(pkey->type);
7703 }
7704
wolfSSL_EVP_PKEY_get_default_digest_nid(WOLFSSL_EVP_PKEY * pkey,int * pnid)7705 int wolfSSL_EVP_PKEY_get_default_digest_nid(WOLFSSL_EVP_PKEY *pkey, int *pnid)
7706 {
7707 WOLFSSL_ENTER("wolfSSL_EVP_PKEY_get_default_digest_nid");
7708
7709 if (!pkey || !pnid) {
7710 WOLFSSL_MSG("Bad parameter");
7711 return WOLFSSL_FAILURE;
7712 }
7713
7714 switch (pkey->type) {
7715 case EVP_PKEY_HMAC:
7716 #ifndef NO_DSA
7717 case EVP_PKEY_DSA:
7718 #endif
7719 #ifndef NO_RSA
7720 case EVP_PKEY_RSA:
7721 #endif
7722 #ifdef HAVE_ECC
7723 case EVP_PKEY_EC:
7724 #endif
7725 *pnid = NID_sha256;
7726 return WOLFSSL_SUCCESS;
7727 default:
7728 return WOLFSSL_FAILURE;
7729 }
7730 }
7731
7732 #if defined(OPENSSL_ALL) || defined(WOLFSSL_WPAS_SMALL)
wolfSSL_EVP_PKCS82PKEY(const WOLFSSL_PKCS8_PRIV_KEY_INFO * p8)7733 WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKCS82PKEY(const WOLFSSL_PKCS8_PRIV_KEY_INFO* p8)
7734 {
7735 if (p8 == NULL || p8->pkey.ptr == NULL) {
7736 return NULL;
7737 }
7738
7739 return wolfSSL_d2i_PrivateKey_EVP(NULL, (unsigned char**)&p8->pkey.ptr,
7740 p8->pkey_sz);
7741 }
7742
7743 /* in wolf PKCS8_PRIV_KEY_INFO and WOLFSSL_EVP_PKEY are same type */
7744 /* this function just casts and returns pointer */
wolfSSL_EVP_PKEY2PKCS8(const WOLFSSL_EVP_PKEY * pkey)7745 WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_EVP_PKEY2PKCS8(const WOLFSSL_EVP_PKEY* pkey)
7746 {
7747 return (WOLFSSL_PKCS8_PRIV_KEY_INFO*)pkey;
7748 }
7749 #endif
7750
7751 /* increments ref count of WOLFSSL_EVP_PKEY. Return 1 on success, 0 on error */
wolfSSL_EVP_PKEY_up_ref(WOLFSSL_EVP_PKEY * pkey)7752 int wolfSSL_EVP_PKEY_up_ref(WOLFSSL_EVP_PKEY* pkey)
7753 {
7754 if (pkey) {
7755 #ifndef SINGLE_THREADED
7756 if (wc_LockMutex(&pkey->refMutex) != 0) {
7757 WOLFSSL_MSG("Failed to lock pkey mutex");
7758 }
7759 #endif
7760 pkey->references++;
7761 #ifndef SINGLE_THREADED
7762 wc_UnLockMutex(&pkey->refMutex);
7763 #endif
7764
7765 return WOLFSSL_SUCCESS;
7766 }
7767
7768 return WOLFSSL_FAILURE;
7769 }
7770
7771 #ifndef NO_RSA
wolfSSL_EVP_PKEY_assign_RSA(EVP_PKEY * pkey,WOLFSSL_RSA * key)7772 int wolfSSL_EVP_PKEY_assign_RSA(EVP_PKEY* pkey, WOLFSSL_RSA* key)
7773 {
7774 if (pkey == NULL || key == NULL)
7775 return WOLFSSL_FAILURE;
7776
7777 pkey->type = EVP_PKEY_RSA;
7778 pkey->rsa = key;
7779 pkey->ownRsa = 1;
7780
7781 /* try and populate pkey_sz and pkey.ptr */
7782 if (key->internal) {
7783 RsaKey* rsa = (RsaKey*)key->internal;
7784 int ret = wc_RsaKeyToDer(rsa, NULL, 0);
7785 if (ret > 0) {
7786 int derSz = ret;
7787 byte* derBuf = (byte*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
7788 if (derBuf) {
7789 ret = wc_RsaKeyToDer(rsa, derBuf, derSz);
7790 if (ret >= 0) {
7791 pkey->pkey_sz = ret;
7792 pkey->pkey.ptr = (char*)derBuf;
7793 }
7794 else { /* failure - okay to ignore */
7795 XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
7796 derBuf = NULL;
7797 }
7798 }
7799 }
7800 }
7801
7802 return WOLFSSL_SUCCESS;
7803 }
7804 #endif /* !NO_RSA */
7805
7806 #ifndef NO_DSA
wolfSSL_EVP_PKEY_assign_DSA(EVP_PKEY * pkey,WOLFSSL_DSA * key)7807 int wolfSSL_EVP_PKEY_assign_DSA(EVP_PKEY* pkey, WOLFSSL_DSA* key)
7808 {
7809 if (pkey == NULL || key == NULL)
7810 return WOLFSSL_FAILURE;
7811
7812 pkey->type = EVP_PKEY_DSA;
7813 pkey->dsa = key;
7814 pkey->ownDsa = 1;
7815
7816 return WOLFSSL_SUCCESS;
7817 }
7818 #endif /* !NO_DSA */
7819
7820 #ifndef NO_DH
wolfSSL_EVP_PKEY_assign_DH(EVP_PKEY * pkey,WOLFSSL_DH * key)7821 int wolfSSL_EVP_PKEY_assign_DH(EVP_PKEY* pkey, WOLFSSL_DH* key)
7822 {
7823 if (pkey == NULL || key == NULL)
7824 return WOLFSSL_FAILURE;
7825
7826 pkey->type = EVP_PKEY_DH;
7827 pkey->dh = key;
7828 pkey->ownDh = 1;
7829
7830 return WOLFSSL_SUCCESS;
7831 }
7832 #endif /* !NO_DH */
7833
7834
7835
7836 #endif /* OPENSSL_EXTRA */
7837
7838 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
7839 /* Subset of OPENSSL_EXTRA for PKEY operations PKEY free is needed by the
7840 * subset of X509 API */
7841
wolfSSL_EVP_PKEY_new(void)7842 WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new(void){
7843 return wolfSSL_EVP_PKEY_new_ex(NULL);
7844 }
7845
wolfSSL_EVP_PKEY_new_ex(void * heap)7846 WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_ex(void* heap)
7847 {
7848 WOLFSSL_EVP_PKEY* pkey;
7849 int ret;
7850 WOLFSSL_ENTER("wolfSSL_EVP_PKEY_new_ex");
7851 pkey = (WOLFSSL_EVP_PKEY*)XMALLOC(sizeof(WOLFSSL_EVP_PKEY), heap,
7852 DYNAMIC_TYPE_PUBLIC_KEY);
7853 if (pkey != NULL) {
7854 XMEMSET(pkey, 0, sizeof(WOLFSSL_EVP_PKEY));
7855 pkey->heap = heap;
7856 pkey->type = WOLFSSL_EVP_PKEY_DEFAULT;
7857
7858 #ifndef SINGLE_THREADED
7859 /* init of mutex needs to come before wolfSSL_EVP_PKEY_free */
7860 ret = wc_InitMutex(&pkey->refMutex);
7861 if (ret != 0){
7862 XFREE(pkey, heap, DYNAMIC_TYPE_PUBLIC_KEY);
7863 WOLFSSL_MSG("Issue initializing mutex");
7864 return NULL;
7865 }
7866 #endif
7867
7868 #ifndef HAVE_FIPS
7869 ret = wc_InitRng_ex(&pkey->rng, heap, INVALID_DEVID);
7870 #else
7871 ret = wc_InitRng(&pkey->rng);
7872 #endif
7873 pkey->references = 1;
7874 if (ret != 0){
7875 wolfSSL_EVP_PKEY_free(pkey);
7876 WOLFSSL_MSG("Issue initializing RNG");
7877 return NULL;
7878 }
7879 }
7880 else {
7881 WOLFSSL_MSG("memory failure");
7882 }
7883
7884 return pkey;
7885 }
7886
wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY * key)7887 void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY* key)
7888 {
7889 int doFree = 0;
7890 WOLFSSL_ENTER("wolfSSL_EVP_PKEY_free");
7891 if (key != NULL) {
7892 #ifndef SINGLE_THREADED
7893 if (wc_LockMutex(&key->refMutex) != 0) {
7894 WOLFSSL_MSG("Couldn't lock pkey mutex");
7895 }
7896 #endif
7897
7898 /* only free if all references to it are done */
7899 key->references--;
7900 if (key->references == 0) {
7901 doFree = 1;
7902 }
7903 #ifndef SINGLE_THREADED
7904 wc_UnLockMutex(&key->refMutex);
7905 #endif
7906
7907 if (doFree) {
7908 wc_FreeRng(&key->rng);
7909
7910 if (key->pkey.ptr != NULL) {
7911 XFREE(key->pkey.ptr, key->heap, DYNAMIC_TYPE_PUBLIC_KEY);
7912 key->pkey.ptr = NULL;
7913 }
7914 switch(key->type)
7915 {
7916 #ifndef NO_RSA
7917 case EVP_PKEY_RSA:
7918 if (key->rsa != NULL && key->ownRsa == 1) {
7919 wolfSSL_RSA_free(key->rsa);
7920 key->rsa = NULL;
7921 }
7922 break;
7923 #endif /* NO_RSA */
7924
7925 #if defined(HAVE_ECC) && defined(OPENSSL_EXTRA)
7926 case EVP_PKEY_EC:
7927 if (key->ecc != NULL && key->ownEcc == 1) {
7928 wolfSSL_EC_KEY_free(key->ecc);
7929 key->ecc = NULL;
7930 }
7931 break;
7932 #endif /* HAVE_ECC && OPENSSL_EXTRA */
7933
7934 #ifndef NO_DSA
7935 case EVP_PKEY_DSA:
7936 if (key->dsa != NULL && key->ownDsa == 1) {
7937 wolfSSL_DSA_free(key->dsa);
7938 key->dsa = NULL;
7939 }
7940 break;
7941 #endif /* NO_DSA */
7942
7943 #if !defined(NO_DH) && (defined(WOLFSSL_QT) || defined(OPENSSL_ALL))
7944 case EVP_PKEY_DH:
7945 if (key->dh != NULL && key->ownDh == 1) {
7946 wolfSSL_DH_free(key->dh);
7947 key->dh = NULL;
7948 }
7949 break;
7950 #endif /* ! NO_DH ... */
7951
7952 default:
7953 break;
7954 }
7955
7956 #ifndef SINGLE_THREADED
7957 if (wc_FreeMutex(&key->refMutex) != 0) {
7958 WOLFSSL_MSG("Couldn't free pkey mutex");
7959 }
7960 #endif
7961 XFREE(key, key->heap, DYNAMIC_TYPE_PUBLIC_KEY);
7962 }
7963 }
7964 }
7965 #if defined(OPENSSL_EXTRA) && !defined(NO_BIO)
7966
7967 /* Indent writes white spaces of the number specified by "indents"
7968 * to the BIO. The number of white spaces is limited from 0 to
7969 * EVP_PKEY_PRINT_INDENT_MAX.
7970 * returns the amount written to BIO.
7971 */
Indent(WOLFSSL_BIO * out,int indents)7972 static int Indent(WOLFSSL_BIO* out, int indents)
7973 {
7974 int i;
7975 char space = ' ';
7976 if (out == NULL) {
7977 return 0;
7978 }
7979 if (indents > EVP_PKEY_PRINT_INDENT_MAX) {
7980 indents = EVP_PKEY_PRINT_INDENT_MAX;
7981 }
7982 for (i = 0; i < indents; i++) {
7983 if (wolfSSL_BIO_write(out, &space, 1) < 0) {
7984 break;
7985 }
7986 }
7987 return indents -i;
7988 }
7989 /* PrintHexWithColon dump byte-data specified by "input" to the "out".
7990 * Each line has leading white spaces( "indent" gives the number ) plus
7991 * four spaces, then hex coded 15 byte data with separator ":" follow.
7992 * Each line looks like:
7993 * " 00:e6:ab: --- 9f:ef:"
7994 * Parmeters:
7995 * out bio to output dump data
7996 * input buffer holding data to dump
7997 * inlen input data size
7998 * indent the number of spaces for indent
7999 * Returns 1 on success, 0 on failure.
8000 */
PrintHexWithColon(WOLFSSL_BIO * out,const byte * input,int inlen,int indent)8001 static int PrintHexWithColon(WOLFSSL_BIO* out, const byte* input,
8002 int inlen, int indent)
8003 {
8004 #ifdef WOLFSSL_SMALL_STACK
8005 byte* buff = NULL;
8006 #else
8007 byte buff[EVP_PKEY_PRINT_LINE_WIDTH_MAX] = { 0 };
8008 #endif /* WOLFSSL_SMALL_STACK */
8009 int ret = WOLFSSL_SUCCESS;
8010 word32 in = 0;
8011 word32 i;
8012 int idx;
8013 const byte* data;
8014 word32 outSz;
8015 byte outHex[3];
8016
8017 if (!out || !input || inlen <= 0) {
8018 return WOLFSSL_FAILURE;
8019 }
8020
8021 if (indent < 0) {
8022 indent = 0;
8023 }
8024 if (indent > EVP_PKEY_PRINT_INDENT_MAX) {
8025 indent = EVP_PKEY_PRINT_INDENT_MAX;
8026 }
8027
8028 data = input;
8029
8030 #ifdef WOLFSSL_SMALL_STACK
8031 buff = (byte*)XMALLOC(EVP_PKEY_PRINT_LINE_WIDTH_MAX, NULL,
8032 DYNAMIC_TYPE_TMP_BUFFER);
8033 if (!buff) {
8034 return WOLFSSL_FAILURE;
8035 }
8036 #endif
8037
8038 /* print pub element */
8039 idx = 0;
8040
8041 for (in = 0; in < (word32)inlen && ret == WOLFSSL_SUCCESS; in +=
8042 EVP_PKEY_PRINT_DIGITS_PER_LINE ) {
8043 Indent(out, indent);
8044 for (i = 0; (i < EVP_PKEY_PRINT_DIGITS_PER_LINE) &&
8045 (in + i < (word32)inlen); i++) {
8046
8047 if (ret == WOLFSSL_SUCCESS) {
8048 outSz = sizeof(outHex);
8049 ret = Base16_Encode((const byte*)&data[in + i], 1,
8050 outHex, &outSz) == 0;
8051 }
8052 if (ret == WOLFSSL_SUCCESS) {
8053 XMEMCPY(buff + idx, outHex, 2);
8054 idx += 2;
8055
8056 if (in + i != (word32)inlen -1) {
8057 XMEMSET(buff + idx, ':', 1);
8058 idx += 1;
8059 }
8060 }
8061 }
8062 if (ret == WOLFSSL_SUCCESS) {
8063 ret = wolfSSL_BIO_write(out, buff, idx) > 0;
8064 }
8065 if (ret == WOLFSSL_SUCCESS) {
8066 ret = wolfSSL_BIO_write(out, "\n", 1) > 0;
8067 }
8068 if (ret == WOLFSSL_SUCCESS) {
8069 XMEMSET(buff, 0, EVP_PKEY_PRINT_LINE_WIDTH_MAX);
8070 idx = 0;
8071 }
8072 }
8073 #ifdef WOLFSSL_SMALL_STACK
8074 XFREE(buff, NULL, DYNAMIC_TYPE_TMP_BUFFER);
8075 #endif
8076 return ret;
8077 }
8078 #if !defined(NO_RSA)
8079 /* PrintPubKeyRSA is a helper function for wolfSSL_EVP_PKEY_print_public
8080 * to parse a DER format RSA public key specified in the second parameter.
8081 * Parameters:
8082 * out bio to output dump data
8083 * pkey buffer holding public key data
8084 * pkeySz public key data size
8085 * indent the number of spaces for indent
8086 * bitlen bit size of the given key
8087 * pctx context(not used)
8088 * Returns 1 on success, 0 on failure.
8089 */
PrintPubKeyRSA(WOLFSSL_BIO * out,const byte * pkey,int pkeySz,int indent,int bitlen,ASN1_PCTX * pctx)8090 static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz,
8091 int indent, int bitlen, ASN1_PCTX* pctx)
8092 {
8093 byte buff[8] = { 0 };
8094 word32 inOutIdx = 0;
8095 word32 nSz; /* size of modulus */
8096 word32 eSz; /* size of public exponent */
8097 const byte* n = NULL;
8098 const byte* e = NULL; /* pointer to modulus/exponent */
8099 int idx;
8100 int wsz;
8101 word32 i;
8102 unsigned long exponent = 0;
8103 mp_int a;
8104 char line[32] = { 0 };
8105
8106 (void)pctx;
8107
8108 if( mp_init(&a) != 0) {
8109 return WOLFSSL_FAILURE;
8110 }
8111 if (indent < 0) {
8112 indent = 0;
8113 }
8114 if (indent > EVP_PKEY_PRINT_INDENT_MAX) {
8115 indent = EVP_PKEY_PRINT_INDENT_MAX;
8116 }
8117 /* parse key to get modulus and exponent */
8118 if (wc_RsaPublicKeyDecode_ex(pkey, &inOutIdx, pkeySz,
8119 &n, &nSz, &e, &eSz) != 0) {
8120 return WOLFSSL_FAILURE;
8121 }
8122
8123 /* print out public key elements */
8124 idx = 0;
8125 XMEMSET(buff, 0, sizeof(buff));
8126 Indent(out, indent);
8127 XSTRNCPY(line, "RSA Public-Key: (", sizeof(line));
8128 if (wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) <= 0) {
8129 return WOLFSSL_FAILURE;
8130 }
8131 if (mp_set_int(&a, bitlen) != 0) {
8132 return WOLFSSL_FAILURE;
8133 }
8134 if (mp_todecimal(&a, (char*)buff) != 0) {
8135 return WOLFSSL_FAILURE;
8136 }
8137 wsz = (int)XSTRLEN((const char*)buff);
8138
8139 if (wolfSSL_BIO_write(out, buff + idx, wsz) <= 0) {
8140 return WOLFSSL_FAILURE;
8141 }
8142 XSTRNCPY(line, " bit)\n", sizeof(line));
8143 if (wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) <= 0) {
8144 return WOLFSSL_FAILURE;
8145 }
8146 /* print Modulus */
8147 Indent(out, indent);
8148 XSTRNCPY(line, "Modulus:\n", sizeof(line));
8149 if (wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) <= 0) {
8150 return WOLFSSL_FAILURE;
8151 }
8152
8153 /* print modulus with leading zero if exists */
8154 if (*n & 0x80 && *(n-1) == 0) {
8155 n--;
8156 nSz++;
8157 }
8158 if (PrintHexWithColon(out, n, nSz, indent + 4) != WOLFSSL_SUCCESS) {
8159 return WOLFSSL_FAILURE;
8160 }
8161 /* print public Exponent */
8162 idx = 0;
8163 Indent(out, indent);
8164 XSTRNCPY(line, "Exponent: ", sizeof(line));
8165 if (wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) <= 0) {
8166 return WOLFSSL_FAILURE;
8167 }
8168 for (i = 0; i < eSz; i++) {
8169 exponent <<= 8;
8170 exponent += e[i];
8171 }
8172
8173 XMEMSET(buff, 0, sizeof(buff));
8174 if (mp_set_int(&a, exponent) != 0) {
8175 return WOLFSSL_FAILURE;
8176 }
8177 if (mp_todecimal(&a, (char*)buff) != 0) {
8178 return WOLFSSL_FAILURE;
8179 }
8180 wsz = (int)XSTRLEN((const char*)buff);
8181
8182 if (wolfSSL_BIO_write(out, buff + idx, wsz) <= 0) {
8183 return WOLFSSL_FAILURE;
8184 }
8185 XSTRNCPY(line, " (0x", sizeof(line));
8186 if (wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) <= 0) {
8187 return WOLFSSL_FAILURE;
8188 }
8189 XMEMSET(buff, 0, sizeof(buff));
8190 if (mp_tohex(&a, (char*)buff) != 0) {
8191 return WOLFSSL_FAILURE;
8192 }
8193 if (wolfSSL_BIO_write(out, buff, (int)XSTRLEN((const char*)buff)) <= 0) {
8194 return WOLFSSL_FAILURE;
8195 }
8196 XSTRNCPY(line, ")\n", sizeof(line));
8197 if (wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) <= 0) {
8198 return WOLFSSL_FAILURE;
8199 }
8200 return WOLFSSL_SUCCESS;
8201 }
8202 #endif /* !NO_RSA */
8203
8204 #if defined(HAVE_ECC)
8205 /* PrintPubKeyEC is a helper function for wolfSSL_EVP_PKEY_print_public
8206 * to parse a DER format ECC public key specified in the second parameter.
8207 * Parameters:
8208 * out bio to output dump data
8209 * pkey buffer holding public key data
8210 * pkeySz public key data size
8211 * indent the number of spaces for indent
8212 * bitlen bit size of the given key
8213 * pctx context(not used)
8214 * Returns 1 on success, 0 on failure.
8215 */
PrintPubKeyEC(WOLFSSL_BIO * out,const byte * pkey,int pkeySz,int indent,int bitlen,ASN1_PCTX * pctx)8216 static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz,
8217 int indent, int bitlen, ASN1_PCTX* pctx)
8218 {
8219 byte* pub = NULL;
8220 word32 pubSz = 0;
8221 byte buff[8] = { 0 };
8222 int res = WOLFSSL_SUCCESS;
8223 word32 inOutIdx = 0;
8224 int curveId = 0;
8225 const byte* curveOID = NULL;
8226 word32 oidSz = 0;
8227 const char* OIDName = NULL;
8228 const char* nistCurveName = NULL;
8229 int nid;
8230 int idx = 0;
8231 int wsz = 0;
8232 mp_int a;
8233 ecc_key key;
8234 char line[32] = { 0 };
8235 (void)pctx;
8236
8237 if (mp_init(&a) != 0) {
8238 return WOLFSSL_FAILURE;
8239 }
8240
8241 if (wc_ecc_init(&key) != 0) {
8242 /* Return early so we don't have to remember if init succeeded
8243 * or not. */
8244 mp_free(&a);
8245 return WOLFSSL_FAILURE;
8246 }
8247
8248 if (indent < 0) {
8249 indent = 0;
8250 }
8251 else if (indent > EVP_PKEY_PRINT_INDENT_MAX) {
8252 indent = EVP_PKEY_PRINT_INDENT_MAX;
8253 }
8254
8255 if (res == WOLFSSL_SUCCESS) {
8256 res = wc_EccPublicKeyDecode(pkey, &inOutIdx, &key, pkeySz) == 0;
8257 }
8258
8259 if (res == WOLFSSL_SUCCESS) {
8260 curveId = wc_ecc_get_oid(key.dp->oidSum, &curveOID, &oidSz);
8261 res = curveId > 0 && oidSz > 0;
8262 }
8263
8264 /* get NIST curve name */
8265 if (res == WOLFSSL_SUCCESS) {
8266 nid = EccEnumToNID(curveId);
8267 if (nid != -1) {
8268 /* look up object name and nist curve name*/
8269 OIDName = wolfSSL_OBJ_nid2sn(nid);
8270 nistCurveName = wolfSSL_EC_curve_nid2nist(nid);
8271 res = (nistCurveName != NULL) && (OIDName != NULL);
8272 }
8273 else {
8274 res = WOLFSSL_FAILURE;
8275 }
8276 }
8277 if (res == WOLFSSL_SUCCESS) {
8278 pub = (byte*)XMALLOC(ECC_BUFSIZE, NULL, DYNAMIC_TYPE_ECC_BUFFER);
8279 if (pub != NULL) {
8280 pubSz = ECC_BUFSIZE;
8281 XMEMSET(pub, 0, ECC_BUFSIZE);
8282
8283 PRIVATE_KEY_UNLOCK();
8284 res = wc_ecc_export_x963(&key, pub, &pubSz) == 0;
8285 PRIVATE_KEY_LOCK();
8286 }
8287 else {
8288 res = WOLFSSL_FAILURE;
8289 }
8290 }
8291 if (res == WOLFSSL_SUCCESS) {
8292 idx = 0;
8293 res = Indent(out, indent) >= 0;
8294 }
8295 if (res == WOLFSSL_SUCCESS) {
8296 XSTRNCPY(line, "Public-Key: (", sizeof(line));
8297 res = wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) > 0;
8298 }
8299 if (res == WOLFSSL_SUCCESS) {
8300 res = mp_set_int(&a, bitlen) == 0;
8301 }
8302 if (res == WOLFSSL_SUCCESS) {
8303 res = mp_todecimal(&a, (char*)buff) == 0;
8304 }
8305 if (res == WOLFSSL_SUCCESS) {
8306 wsz = (int)XSTRLEN((const char*)buff);
8307 }
8308 if (res == WOLFSSL_SUCCESS) {
8309 res = wolfSSL_BIO_write(out, buff + idx, wsz) >= 0;
8310 }
8311 if (res == WOLFSSL_SUCCESS) {
8312 XSTRNCPY(line, " bit)\n", sizeof(line));
8313 res = wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) > 0;
8314 }
8315 if (res == WOLFSSL_SUCCESS) {
8316 res = Indent(out, indent) >= 0;
8317 }
8318 if (res == WOLFSSL_SUCCESS) {
8319 /* print pub element */
8320 XSTRNCPY(line, "pub:\n", sizeof(line));
8321 res = wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) > 0;
8322 }
8323 if (res == WOLFSSL_SUCCESS) {
8324 res = PrintHexWithColon(out, pub, pubSz, indent + 4);
8325 }
8326 if (res == WOLFSSL_SUCCESS) {
8327 res = Indent(out, indent) >= 0;
8328 }
8329 if (res == WOLFSSL_SUCCESS) {
8330 /* print OID in name */
8331 XSTRNCPY(line, "ASN1 OID: ", sizeof(line));
8332 res = wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) > 0;
8333 }
8334 if (res == WOLFSSL_SUCCESS) {
8335 res = wolfSSL_BIO_write(out, OIDName, (int)XSTRLEN(OIDName)) > 0;
8336 }
8337 if (res == WOLFSSL_SUCCESS) {
8338 res = wolfSSL_BIO_write(out, "\n", 1) > 0;
8339 }
8340 if (res == WOLFSSL_SUCCESS) {
8341 res = Indent(out, indent) >= 0;
8342 }
8343 if (res == WOLFSSL_SUCCESS) {
8344 /* print NIST curve name */
8345 XSTRNCPY(line, "NIST CURVE: ", sizeof(line));
8346 res = wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) > 0;
8347 }
8348 if (res == WOLFSSL_SUCCESS) {
8349 res = wolfSSL_BIO_write(out, nistCurveName,
8350 (int)XSTRLEN(nistCurveName)) > 0;
8351 }
8352 if (res == WOLFSSL_SUCCESS) {
8353 res = wolfSSL_BIO_write(out, "\n", 1) > 0;
8354 }
8355
8356 if (pub != NULL) {
8357 XFREE(pub, NULL, DYNAMIC_TYPE_ECC_BUFFER);
8358 pub = NULL;
8359 }
8360
8361 wc_ecc_free(&key);
8362 mp_free(&a);
8363
8364 return res;
8365 }
8366 #endif /* HAVE_ECC */
8367
8368 #if !defined(NO_DSA)
8369 /* PrintPubKeyDSA is a helper function for wolfSSL_EVP_PKEY_print_public
8370 * to parse a DER format DSA public key specified in the second parameter.
8371 * Parameters:
8372 * out bio to output dump data
8373 * pkey buffer holding public key data
8374 * pkeySz public key data size
8375 * indent the number of spaces for indent
8376 * bitlen bit size of the given key
8377 * pctx context(not used)
8378 * Returns 1 on success, 0 on failure.
8379 */
PrintPubKeyDSA(WOLFSSL_BIO * out,const byte * pkey,int pkeySz,int indent,int bitlen,ASN1_PCTX * pctx)8380 static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz,
8381 int indent, int bitlen, ASN1_PCTX* pctx)
8382 {
8383
8384 byte buff[8] = { 0 };
8385 int length;
8386 int res;
8387 word32 inOutIdx = 0;
8388 word32 oid;
8389 byte tagFound;
8390 byte *p = NULL, * q = NULL, * g = NULL, * y = NULL;
8391 int pSz, qSz, gSz, ySz;
8392 int idx;
8393 int wsz;
8394 mp_int a;
8395 char line[32] = { 0 };
8396
8397 if( mp_init(&a) != 0)
8398 return WOLFSSL_FAILURE;
8399
8400 inOutIdx = 0;
8401 (void)pctx;
8402
8403 if (indent < 0) {
8404 indent = 0;
8405 }
8406 if (indent > EVP_PKEY_PRINT_INDENT_MAX) {
8407 indent = EVP_PKEY_PRINT_INDENT_MAX;
8408 }
8409 if (GetSequence(pkey, &inOutIdx, &length, pkeySz) < 0) {
8410 return WOLFSSL_FAILURE;
8411 }
8412 if (GetSequence(pkey, &inOutIdx, &length, pkeySz) < 0) {
8413 return WOLFSSL_FAILURE;
8414 }
8415 res = GetObjectId(pkey, &inOutIdx, &oid, oidIgnoreType, pkeySz);
8416 if (res != 0) {
8417 return WOLFSSL_FAILURE;
8418 }
8419 if (GetSequence(pkey, &inOutIdx, &length, pkeySz) < 0) {
8420 return WOLFSSL_FAILURE;
8421 }
8422 /* find P */
8423 if (GetASNTag(pkey, &inOutIdx, &tagFound, pkeySz) != 0) {
8424 return WOLFSSL_FAILURE;
8425 }
8426 if (tagFound != ASN_INTEGER) {
8427 return WOLFSSL_FAILURE;
8428 }
8429 if (GetLength(pkey, &inOutIdx, &length, pkeySz) <= 0) {
8430 return WOLFSSL_FAILURE;
8431 }
8432 p = (byte*)(pkey + inOutIdx);
8433 pSz = length;
8434
8435 if (bitlen == 0) {
8436 if (*p == 0) {
8437 bitlen = (pSz - 1) * 8; /* remove leading zero */
8438 }
8439 else {
8440 bitlen = pSz * 8;
8441 }
8442 }
8443
8444 inOutIdx += length;
8445 /* find Q */
8446 if (GetASNTag(pkey, &inOutIdx, &tagFound, pkeySz) != 0) {
8447 return WOLFSSL_FAILURE;
8448 }
8449 if (tagFound != ASN_INTEGER) {
8450 return WOLFSSL_FAILURE;
8451 }
8452 if (GetLength(pkey, &inOutIdx, &length, pkeySz) <= 0) {
8453 return WOLFSSL_FAILURE;
8454 }
8455 q = (byte*)(pkey + inOutIdx);
8456 qSz = length;
8457 inOutIdx += length;
8458
8459 /* find G */
8460 if (GetASNTag(pkey, &inOutIdx, &tagFound, pkeySz) != 0) {
8461 return WOLFSSL_FAILURE;
8462 }
8463 if (tagFound != ASN_INTEGER) {
8464 return WOLFSSL_FAILURE;
8465 }
8466 if (GetLength(pkey, &inOutIdx, &length, pkeySz) <= 0) {
8467 return WOLFSSL_FAILURE;
8468 }
8469 g = (byte*)(pkey + inOutIdx);
8470 gSz = length;
8471 inOutIdx += length;
8472 /* find Y */
8473 if (GetASNTag(pkey, &inOutIdx, &tagFound, pkeySz) != 0) {
8474 return WOLFSSL_FAILURE;
8475 }
8476 if (tagFound != ASN_BIT_STRING) {
8477 return WOLFSSL_FAILURE;
8478 }
8479 if (GetLength(pkey, &inOutIdx, &length, pkeySz) <= 0) {
8480 return WOLFSSL_FAILURE;
8481 }
8482 inOutIdx++; /* skip the first byte( unused byte number)*/
8483
8484 if (GetASNTag(pkey, &inOutIdx, &tagFound, pkeySz) != 0) {
8485 return WOLFSSL_FAILURE;
8486 }
8487 if (tagFound != ASN_INTEGER) {
8488 return WOLFSSL_FAILURE;
8489 }
8490 if (GetLength(pkey, &inOutIdx, &length, pkeySz) <= 0) {
8491 return WOLFSSL_FAILURE;
8492 }
8493 y = (byte*)(pkey + inOutIdx);
8494 ySz = length;
8495
8496 idx = 0;
8497 XMEMSET(buff, 0, sizeof(buff));
8498 Indent(out, indent);
8499 XSTRNCPY(line, "DSA Public-Key: (", sizeof(line));
8500 if (wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) <= 0) {
8501 return WOLFSSL_FAILURE;
8502 }
8503 if (mp_set_int(&a, bitlen) != 0) {
8504 return WOLFSSL_FAILURE;
8505 }
8506 if (mp_todecimal(&a, (char*)buff) != 0) {
8507 return WOLFSSL_FAILURE;
8508 }
8509 wsz = (int)XSTRLEN((const char*)buff);
8510 if (wolfSSL_BIO_write(out, buff + idx, wsz) <= 0) {
8511 return WOLFSSL_FAILURE;
8512 }
8513 XSTRNCPY(line, " bit)\n", sizeof(line));
8514 if (wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) <= 0) {
8515 return WOLFSSL_FAILURE;
8516 }
8517 /* print pub element */
8518 Indent(out, indent);
8519 XSTRNCPY(line, "pub:\n", sizeof(line));
8520 if (wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) <= 0) {
8521 return WOLFSSL_FAILURE;
8522 }
8523 if (PrintHexWithColon(out, y, ySz, indent + 4) != WOLFSSL_SUCCESS) {
8524 return WOLFSSL_FAILURE;
8525 }
8526 /* print P element */
8527 Indent(out, indent);
8528 XSTRNCPY(line, "P:\n", sizeof(line));
8529 if (wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) <= 0) {
8530 return WOLFSSL_FAILURE;
8531 }
8532 if (PrintHexWithColon(out, p, pSz, indent + 4) != WOLFSSL_SUCCESS) {
8533 return WOLFSSL_FAILURE;
8534 }
8535 /* print Q element */
8536 Indent(out, indent);
8537 XSTRNCPY(line, "Q:\n", sizeof(line));
8538 if (wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) <= 0) {
8539 return WOLFSSL_FAILURE;
8540 }
8541 if (PrintHexWithColon(out, q, qSz, indent + 4) != WOLFSSL_SUCCESS) {
8542 return WOLFSSL_FAILURE;
8543 }
8544 /* print G element */
8545 Indent(out, indent);
8546 XSTRNCPY(line, "G:\n", sizeof(line));
8547 if (wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) <= 0) {
8548 return WOLFSSL_FAILURE;
8549 }
8550 if (PrintHexWithColon(out, g, gSz, indent + 4) != WOLFSSL_SUCCESS) {
8551 return WOLFSSL_FAILURE;
8552 }
8553 return WOLFSSL_SUCCESS;
8554 }
8555 #endif /* !NO_DSA */
8556
8557 #if defined(WOLFSSL_DH_EXTRA)
8558 /* PrintPubKeyDH is a helper function for wolfSSL_EVP_PKEY_print_public
8559 * to parse a DER format DH public key specified in the second parameter.
8560 * Parameters:
8561 * out bio to output dump data
8562 * pkey buffer holding public key data
8563 * pkeySz public key data size
8564 * indent the number of spaces for indent
8565 * bitlen bit size of the given key
8566 * pctx context(not used)
8567 * Returns 1 on success, 0 on failure.
8568 */
PrintPubKeyDH(WOLFSSL_BIO * out,const byte * pkey,int pkeySz,int indent,int bitlen,ASN1_PCTX * pctx)8569 static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz,
8570 int indent, int bitlen, ASN1_PCTX* pctx)
8571 {
8572
8573 byte buff[8] = { 0 };
8574 word32 length;
8575 word32 inOutIdx;
8576 word32 oid;
8577 byte tagFound;
8578 byte* prime = NULL;
8579 int primeSz;
8580 byte generator;
8581 byte* publicKey = NULL;
8582 int publicKeySz;
8583 int idx;
8584 int wsz;
8585 word32 outSz;
8586 byte outHex[3];
8587 mp_int a;
8588 char line[32] = { 0 };
8589
8590 if( mp_init(&a) != 0)
8591 return WOLFSSL_FAILURE;
8592
8593 inOutIdx = 0;
8594 (void)pctx;
8595
8596 if (indent < 0) {
8597 indent = 0;
8598 }
8599 if (indent > EVP_PKEY_PRINT_INDENT_MAX) {
8600 indent = EVP_PKEY_PRINT_INDENT_MAX;
8601 }
8602 if (GetSequence(pkey, &inOutIdx, (int*)&length, pkeySz) < 0) {
8603 return WOLFSSL_FAILURE;
8604 }
8605 if (GetSequence(pkey, &inOutIdx, (int*)&length, pkeySz) < 0) {
8606 return WOLFSSL_FAILURE;
8607 }
8608 if (GetObjectId(pkey, &inOutIdx, &oid, oidIgnoreType, pkeySz) < 0) {
8609 return WOLFSSL_FAILURE;
8610 }
8611 if (GetSequence(pkey, &inOutIdx, (int*)&length, pkeySz) < 0) {
8612 return WOLFSSL_FAILURE;
8613 }
8614 /* get prime element */
8615 if (GetASNTag(pkey, &inOutIdx, &tagFound, pkeySz) != 0) {
8616 return WOLFSSL_FAILURE;
8617 }
8618 if (tagFound != ASN_INTEGER) {
8619 return WOLFSSL_FAILURE;
8620 }
8621 if (GetLength(pkey, &inOutIdx, (int*)&length, pkeySz) <= 0) {
8622 return WOLFSSL_FAILURE;
8623 }
8624 prime = (byte*)(pkey + inOutIdx);
8625 primeSz = length;
8626 inOutIdx += length;
8627
8628 /* get generator element */
8629 if (GetASNTag(pkey, &inOutIdx, &tagFound, pkeySz) != 0) {
8630 return WOLFSSL_FAILURE;
8631 }
8632 if (tagFound != ASN_INTEGER) {
8633 return WOLFSSL_FAILURE;
8634 }
8635 if (GetLength(pkey, &inOutIdx, (int*)&length, pkeySz) <= 0) {
8636 return WOLFSSL_FAILURE;
8637 }
8638 if (length != 1) {
8639 return WOLFSSL_FAILURE;
8640 }
8641 generator = *(pkey + inOutIdx);
8642 inOutIdx += length;
8643
8644 /* get public-key element */
8645 if (GetASNTag(pkey, &inOutIdx, &tagFound, pkeySz) != 0) {
8646 return WOLFSSL_FAILURE;
8647 }
8648 if (tagFound != ASN_BIT_STRING) {
8649 return WOLFSSL_FAILURE;
8650 }
8651 if (GetLength(pkey, &inOutIdx, (int*)&length, pkeySz) <= 0) {
8652 return WOLFSSL_FAILURE;
8653 }
8654 inOutIdx ++;
8655 if (GetASNTag(pkey, &inOutIdx, &tagFound, pkeySz) != 0) {
8656 return WOLFSSL_FAILURE;
8657 }
8658 if (tagFound != ASN_INTEGER) {
8659 return WOLFSSL_FAILURE;
8660 }
8661 if (GetLength(pkey, &inOutIdx, (int*)&length, pkeySz) <= 0) {
8662 return WOLFSSL_FAILURE;
8663 }
8664 publicKeySz = length;
8665 publicKey = (byte*)(pkey + inOutIdx);
8666
8667 if (bitlen == 0) {
8668 if (*publicKey == 0) {
8669 bitlen = (publicKeySz - 1) * 8;
8670 }
8671 else {
8672 bitlen = publicKeySz * 8;
8673 }
8674 }
8675
8676 /* print elements */
8677 idx = 0;
8678 Indent(out, indent);
8679 XSTRNCPY(line, "DH Public-Key: (", sizeof(line));
8680 if (wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) <= 0) {
8681 return WOLFSSL_FAILURE;
8682 }
8683 if (mp_set_int(&a, bitlen) != 0) {
8684 return WOLFSSL_FAILURE;
8685 }
8686 if (mp_todecimal(&a, (char*)buff) != 0) {
8687 return WOLFSSL_FAILURE;
8688 }
8689 wsz = (int)XSTRLEN((const char*)buff);
8690 if (wolfSSL_BIO_write(out, buff + idx, wsz) <= 0) {
8691 return WOLFSSL_FAILURE;
8692 }
8693 XSTRNCPY(line, " bit)\n", sizeof(line));
8694 if (wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) <= 0) {
8695 return WOLFSSL_FAILURE;
8696 }
8697 Indent(out, indent);
8698 XSTRNCPY(line, "public-key:\n", sizeof(line));
8699 if (wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) <= 0) {
8700 return WOLFSSL_FAILURE;
8701 }
8702 if (PrintHexWithColon(out, publicKey, publicKeySz, indent + 4)
8703 != WOLFSSL_SUCCESS) {
8704 return WOLFSSL_FAILURE;
8705 }
8706 Indent(out, indent);
8707 XSTRNCPY(line, "prime:\n", sizeof(line));
8708 if (wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) <= 0) {
8709 return WOLFSSL_FAILURE;
8710 }
8711 if (PrintHexWithColon(out, prime, primeSz, indent + 4) != WOLFSSL_SUCCESS) {
8712 return WOLFSSL_FAILURE;
8713 }
8714 idx = 0;
8715 XMEMSET(buff, 0, sizeof(buff));
8716 Indent(out, indent);
8717 XSTRNCPY(line, "generator: ", sizeof(line));
8718 if (wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) <= 0) {
8719 return WOLFSSL_FAILURE;
8720 }
8721 if (mp_set_int(&a, generator) != 0) {
8722 return WOLFSSL_FAILURE;
8723 }
8724 if (mp_todecimal(&a, (char*)buff) != 0) {
8725 return WOLFSSL_FAILURE;
8726 }
8727 wsz = (int)XSTRLEN((const char*)buff);
8728 if (wolfSSL_BIO_write(out, buff + idx, wsz) <= 0) {
8729 return WOLFSSL_FAILURE;
8730 }
8731 XSTRNCPY(line, " (0x", sizeof(line));
8732 if (wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) <= 0) {
8733 return WOLFSSL_FAILURE;
8734 }
8735 idx = 0;
8736 XMEMSET(buff, 0, sizeof(buff));
8737 outSz = sizeof(outHex);
8738 if (Base16_Encode((const byte*)&generator, 1, outHex, &outSz ) != 0) {
8739 return WOLFSSL_FAILURE;
8740 }
8741 if (idx + 2 < (int)sizeof(buff) ) {
8742 XMEMCPY(buff + idx, outHex, 2);
8743 idx += 2;
8744 }
8745 if (wolfSSL_BIO_write(out, buff, idx) <= 0 ) {
8746 return WOLFSSL_FAILURE;
8747 }
8748 XSTRNCPY(line, ")\n", sizeof(line));
8749 if (wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) <= 0) {
8750 return WOLFSSL_FAILURE;
8751 }
8752
8753 return WOLFSSL_SUCCESS;
8754 }
8755 #endif /* WOLFSSL_DH_EXTRA */
8756
8757 /* wolfSSL_EVP_PKEY_print_public parses the specified key then
8758 * outputs public key info in human readable format to the specified BIO.
8759 * White spaces of the same number which 'indent" gives, will be added to
8760 * each line to output and ignores pctx parameter.
8761 * Parameters:
8762 * out bio to output dump data
8763 * pkey buffer holding public key data
8764 * indent the number of spaces for indent
8765 * pctx context(not used)
8766 * Returns 1 on success, 0 or negative on error, -2 means specified key
8767 * algo is not supported.
8768 * Can handle RSA, ECC, DSA and DH public keys.
8769 */
wolfSSL_EVP_PKEY_print_public(WOLFSSL_BIO * out,const WOLFSSL_EVP_PKEY * pkey,int indent,ASN1_PCTX * pctx)8770 int wolfSSL_EVP_PKEY_print_public(WOLFSSL_BIO* out,
8771 const WOLFSSL_EVP_PKEY* pkey, int indent, ASN1_PCTX* pctx)
8772 {
8773 int res;
8774 int keybits; /* bit length of the key */
8775
8776 WOLFSSL_ENTER("wolfSSL_EVP_PKEY_print_public");
8777
8778 if (pkey == NULL || out == NULL) {
8779 return 0;
8780 }
8781 if (indent < 0) {
8782 indent = 0;
8783 }
8784 if (indent > EVP_PKEY_PRINT_INDENT_MAX) {
8785 indent = EVP_PKEY_PRINT_INDENT_MAX;
8786 }
8787 switch (pkey->type) {
8788 case EVP_PKEY_RSA:
8789
8790 #if !defined(NO_RSA)
8791 keybits = wolfSSL_EVP_PKEY_size((WOLFSSL_EVP_PKEY*)pkey) * 8;
8792 res = PrintPubKeyRSA(
8793 out,
8794 (byte*)(pkey->pkey.ptr), /* buffer for pkey raw data */
8795 pkey->pkey_sz, /* raw pkey size */
8796 indent, /* indent size */
8797 keybits, /* bit length of the key */
8798 pctx); /* not used */
8799 #else
8800 res = WOLFSSL_UNKNOWN; /* not supported algo */
8801 #endif
8802 break;
8803
8804 case EVP_PKEY_EC:
8805
8806 #if defined(HAVE_ECC)
8807 keybits = wolfSSL_EVP_PKEY_size((WOLFSSL_EVP_PKEY*)pkey) * 8;
8808 res = PrintPubKeyEC(
8809 out,
8810 (byte*)(pkey->pkey.ptr), /* buffer for pkey raw data */
8811 pkey->pkey_sz, /* raw pkey size */
8812 indent, /* indent size */
8813 keybits, /* bit length of the key */
8814 pctx); /* not used */
8815 #else
8816 res = WOLFSSL_UNKNOWN; /* not supported algo */
8817 #endif
8818 break;
8819
8820 case EVP_PKEY_DSA:
8821
8822 #if !defined(NO_DSA)
8823 keybits = wolfSSL_EVP_PKEY_size((WOLFSSL_EVP_PKEY*)pkey) * 8;
8824 res = PrintPubKeyDSA(
8825 out,
8826 (byte*)(pkey->pkey.ptr), /* buffer for pkey raw data */
8827 pkey->pkey_sz, /* raw pkey size */
8828 indent, /* indent size */
8829 keybits, /* bit length of the key */
8830 pctx); /* not used */
8831 #else
8832 res = WOLFSSL_UNKNOWN; /* not supported algo */
8833 #endif
8834 break;
8835
8836 case EVP_PKEY_DH:
8837
8838 #if defined(WOLFSSL_DH_EXTRA)
8839 keybits = wolfSSL_EVP_PKEY_size((WOLFSSL_EVP_PKEY*)pkey) * 8;
8840 res = PrintPubKeyDH(
8841 out,
8842 (byte*)(pkey->pkey.ptr), /* buffer for pkey raw data */
8843 pkey->pkey_sz, /* raw pkey size */
8844 indent, /* indent size */
8845 keybits, /* bit length of the key */
8846 pctx); /* not used */
8847 #else
8848 res = WOLFSSL_UNKNOWN; /* not supported algo */
8849 #endif
8850 break;
8851
8852 default:
8853 res = WOLFSSL_UNKNOWN; /* not supported algo */
8854 break;
8855 }
8856 return res;
8857 }
8858 #endif /* OPENSSL_EXTRA && !NO_BIO */
8859
wolfSSL_EVP_get_hashinfo(const WOLFSSL_EVP_MD * evp,int * pHash,int * pHashSz)8860 int wolfSSL_EVP_get_hashinfo(const WOLFSSL_EVP_MD* evp,
8861 int* pHash, int* pHashSz)
8862 {
8863 enum wc_HashType hash = WC_HASH_TYPE_NONE;
8864 int hashSz;
8865
8866 if (XSTRLEN(evp) < 3) {
8867 /* do not try comparing strings if size is too small */
8868 return WOLFSSL_FAILURE;
8869 }
8870
8871 if (XSTRNCMP("SHA", evp, 3) == 0) {
8872 if (XSTRLEN(evp) > 3) {
8873 #ifdef WOLFSSL_SHA224
8874 if (XSTRNCMP("SHA224", evp, 6) == 0) {
8875 hash = WC_HASH_TYPE_SHA224;
8876 }
8877 else
8878 #endif
8879 #ifndef NO_SHA256
8880 if (XSTRNCMP("SHA256", evp, 6) == 0) {
8881 hash = WC_HASH_TYPE_SHA256;
8882 }
8883 else
8884 #endif
8885 #ifdef WOLFSSL_SHA384
8886 if (XSTRNCMP("SHA384", evp, 6) == 0) {
8887 hash = WC_HASH_TYPE_SHA384;
8888 }
8889 else
8890 #endif
8891 #ifdef WOLFSSL_SHA512
8892 if (XSTRNCMP("SHA512", evp, 6) == 0) {
8893 hash = WC_HASH_TYPE_SHA512;
8894 }
8895 else
8896 #endif
8897 #ifdef WOLFSSL_SHA3
8898 #ifndef WOLFSSL_NOSHA3_224
8899 if (XSTRNCMP("SHA3_224", evp, 8) == 0) {
8900 hash = WC_HASH_TYPE_SHA3_224;
8901 }
8902 else
8903 #endif
8904 #ifndef WOLFSSL_NOSHA3_256
8905 if (XSTRNCMP("SHA3_256", evp, 8) == 0) {
8906 hash = WC_HASH_TYPE_SHA3_256;
8907 }
8908 else
8909 #endif
8910 #ifndef WOLFSSL_NOSHA3_384
8911 if (XSTRNCMP("SHA3_384", evp, 8) == 0) {
8912 hash = WC_HASH_TYPE_SHA3_384;
8913 }
8914 else
8915 #endif
8916 #ifndef WOLFSSL_NOSHA3_512
8917 if (XSTRNCMP("SHA3_512", evp, 8) == 0) {
8918 hash = WC_HASH_TYPE_SHA3_512;
8919 }
8920 else
8921 #endif
8922 #endif /* WOLFSSL_SHA3 */
8923 if (XSTRNCMP("SHA1", evp, 4) == 0) {
8924 hash = WC_HASH_TYPE_SHA;
8925 }
8926 else {
8927 WOLFSSL_MSG("Unknown SHA hash");
8928 }
8929 }
8930 else {
8931 hash = WC_HASH_TYPE_SHA;
8932 }
8933 }
8934 #ifdef WOLFSSL_MD2
8935 else if (XSTRNCMP("MD2", evp, 3) == 0) {
8936 hash = WC_HASH_TYPE_MD2;
8937 }
8938 #endif
8939 #ifndef NO_MD4
8940 else if (XSTRNCMP("MD4", evp, 3) == 0) {
8941 hash = WC_HASH_TYPE_MD4;
8942 }
8943 #endif
8944 #ifndef NO_MD5
8945 else if (XSTRNCMP("MD5", evp, 3) == 0) {
8946 hash = WC_HASH_TYPE_MD5;
8947 }
8948 #endif
8949
8950 if (pHash)
8951 *pHash = hash;
8952
8953 hashSz = wc_HashGetDigestSize(hash);
8954 if (pHashSz)
8955 *pHashSz = hashSz;
8956
8957 if (hashSz < 0) {
8958 return WOLFSSL_FAILURE;
8959 }
8960
8961 return WOLFSSL_SUCCESS;
8962 }
8963
8964 /* Base64 encoding APIs */
8965 #if defined(WOLFSSL_BASE64_ENCODE) || defined(WOLFSSL_BASE64_DECODE)
8966
8967 /* wolfSSL_EVP_ENCODE_CTX_new allocates WOLFSSL_EVP_ENCODE_CTX
8968 * Returns WOLFSSL_EVP_ENCODE_CTX structure on success, NULL on failure.
8969 */
wolfSSL_EVP_ENCODE_CTX_new(void)8970 struct WOLFSSL_EVP_ENCODE_CTX* wolfSSL_EVP_ENCODE_CTX_new(void)
8971 {
8972 WOLFSSL_EVP_ENCODE_CTX* ctx = NULL;
8973 WOLFSSL_ENTER("wolfSSL_EVP_ENCODE_CTX_new");
8974 ctx = (WOLFSSL_EVP_ENCODE_CTX*)XMALLOC( sizeof(WOLFSSL_EVP_ENCODE_CTX),
8975 NULL, DYNAMIC_TYPE_OPENSSL );
8976
8977 if (ctx != NULL) {
8978 XMEMSET(ctx, 0, sizeof(WOLFSSL_EVP_ENCODE_CTX) );
8979 ctx->heap = NULL;
8980 return ctx;
8981 }
8982 return NULL;
8983 }
8984 /* wolfSSL_EVP_ENCODE_CTX_free frees specified WOLFSSL_EVP_ENCODE_CTX struc.
8985 */
wolfSSL_EVP_ENCODE_CTX_free(WOLFSSL_EVP_ENCODE_CTX * ctx)8986 void wolfSSL_EVP_ENCODE_CTX_free(WOLFSSL_EVP_ENCODE_CTX* ctx)
8987 {
8988 WOLFSSL_ENTER("wolfSSL_EVP_ENCODE_CTX_free");
8989 if (ctx != NULL) {
8990 XFREE(ctx, ctx->heap, DYNAMIC_TYPE_OPENSSL);
8991 }
8992 }
8993 #endif /* WOLFSSL_BASE64_ENCODE || WOLFSSL_BASE64_DECODE */
8994 #if defined(WOLFSSL_BASE64_ENCODE)
8995 /* wolfSSL_EVP_EncodeInit initializes specified WOLFSSL_EVP_ENCODE_CTX object
8996 * for the subsequent wolfSSL_EVP_EncodeUpdate.
8997 */
wolfSSL_EVP_EncodeInit(WOLFSSL_EVP_ENCODE_CTX * ctx)8998 void wolfSSL_EVP_EncodeInit(WOLFSSL_EVP_ENCODE_CTX* ctx)
8999 {
9000 WOLFSSL_ENTER("wolfSSL_EVP_EncodeInit");
9001
9002 /* clean up ctx */
9003 if (ctx != NULL) {
9004 ctx->remaining = 0;
9005 XMEMSET(ctx->data, 0, sizeof(ctx->data));
9006 }
9007 }
9008 /* wolfSSL_EVP_EncodeUpdate encodes the input data in 48-byte units
9009 * and outputs it to out. If less than 48 bytes of data remain, save it in
9010 * ctx. The data given in the subsequent wolfSSL_EVP_EncodeUpdate
9011 * is combined with the data stored in CTX and used for encoding.
9012 * Returns 1 on success, 0 on error.
9013 */
wolfSSL_EVP_EncodeUpdate(WOLFSSL_EVP_ENCODE_CTX * ctx,unsigned char * out,int * outl,const unsigned char * in,int inl)9014 int wolfSSL_EVP_EncodeUpdate(WOLFSSL_EVP_ENCODE_CTX* ctx,
9015 unsigned char* out, int* outl, const unsigned char* in, int inl)
9016 {
9017 int cpysz;
9018 int res;
9019 word32 outsz = 0;
9020
9021 WOLFSSL_ENTER("wolfSSL_EVP_EncodeUpdate");
9022
9023 if (ctx == NULL || out == NULL || in == NULL || outl == NULL)
9024 return 0;
9025
9026 *outl = 0;
9027
9028 /* if the remaining data exists in the ctx, add input data to them
9029 * to create a block(48bytes) for encoding
9030 */
9031 if (ctx->remaining > 0 && inl > 0) {
9032 cpysz = min((BASE64_ENCODE_BLOCK_SIZE - ctx->remaining), inl);
9033 XMEMCPY(ctx->data + ctx->remaining, in, cpysz);
9034 ctx->remaining += cpysz;
9035 in += cpysz;
9036 inl -= cpysz;
9037
9038 /* check if a block for encoding exists in ctx.data, if so encode it */
9039 if (ctx->remaining >= BASE64_ENCODE_BLOCK_SIZE) {
9040 /* Base64_Encode asks the out buff size via the 4th param*/
9041 outsz = BASE64_ENCODE_RESULT_BLOCK_SIZE + 1;
9042 res = Base64_Encode(ctx->data, BASE64_ENCODE_BLOCK_SIZE, out,
9043 &outsz);
9044 if (res == 0) {
9045 ctx->remaining = 0;
9046 *outl = outsz;
9047 }
9048 else
9049 return 0; /* return with error */
9050 }
9051 else {
9052 /* could not create a block */
9053 *outl = 0;
9054 return 1;
9055 }
9056 }
9057 /* Here, there is no data left in ctx, so try processing the data of
9058 * the specified input data.
9059 */
9060
9061 while (inl >= BASE64_ENCODE_BLOCK_SIZE) {
9062 outsz = BASE64_ENCODE_RESULT_BLOCK_SIZE + 1;/* 64 byte and one for LF*/
9063 res = Base64_Encode(in, BASE64_ENCODE_BLOCK_SIZE,out,&outsz);
9064 if (res == 0) {
9065 in += BASE64_ENCODE_BLOCK_SIZE;
9066 inl -= BASE64_ENCODE_BLOCK_SIZE;
9067 out += outsz;
9068 *outl += outsz;
9069 }
9070 else {
9071 *outl = 0;
9072 return 0;
9073 }
9074 }
9075
9076 /* if remaining data exists, copy them into ctx for the next call*/
9077 if (inl > 0) {
9078 XMEMSET(ctx->data, 0, sizeof(ctx->data));
9079 XMEMCPY(ctx->data, in, inl);
9080 ctx->remaining = inl;
9081 }
9082
9083 return 1; /* returns 1 on success, 0 on error */
9084 }
9085 /* wolfSSL_EVP_EncodeFinal encodes data in ctx and outputs to out.
9086 */
wolfSSL_EVP_EncodeFinal(WOLFSSL_EVP_ENCODE_CTX * ctx,unsigned char * out,int * outl)9087 void wolfSSL_EVP_EncodeFinal(WOLFSSL_EVP_ENCODE_CTX* ctx,
9088 unsigned char* out, int* outl)
9089 {
9090 word32 outsz = 0;
9091 int res;
9092
9093 WOLFSSL_ENTER("wolfSSL_EVP_EncodeFinal");
9094
9095 if (outl == NULL)
9096 return;
9097
9098 if (ctx == NULL || out == NULL) {
9099 *outl = 0;
9100 return;
9101 }
9102 if (ctx->remaining >= BASE64_ENCODE_RESULT_BLOCK_SIZE) {
9103 *outl = 0;
9104 return;
9105 }
9106 /* process remaining data in ctx */
9107 outsz = BASE64_ENCODE_RESULT_BLOCK_SIZE + 1; /* 64 byte and one for LF*/
9108 res = Base64_Encode(ctx->data, ctx->remaining ,out, &outsz);
9109 if (res == 0)
9110 *outl = outsz;
9111 else
9112 *outl = 0;
9113
9114 ctx->remaining = 0;
9115 XMEMSET(ctx->data, 0, sizeof(ctx->data));
9116
9117 return;
9118 }
9119 #endif /* WOLFSSL_BASE64_ENCODE */
9120 #if defined(WOLFSSL_BASE64_DECODE)
9121
9122 /* wolfSSL_EVP_DecodeInit initializes specified WOLFSSL_EVP_ENCODE_CTX struct
9123 * for subsequent wolfSSL_EVP_DecodeUpdate.
9124 */
wolfSSL_EVP_DecodeInit(WOLFSSL_EVP_ENCODE_CTX * ctx)9125 void wolfSSL_EVP_DecodeInit(WOLFSSL_EVP_ENCODE_CTX* ctx)
9126 {
9127 WOLFSSL_ENTER("wolfSSL_EVP_DecodeInit");
9128 /* clean up ctx */
9129 if (ctx != NULL) {
9130 ctx->remaining = 0;
9131 XMEMSET(ctx->data, 0, sizeof(ctx->data));
9132 }
9133 }
9134 /* wolfSSL_EVP_DecodeUpdate encodes the input data in 4-byte units
9135 * and outputs it to out. If less than 4 bytes of data remain, save it in
9136 * ctx. The data given in the subsequent wolfSSL_EVP_DecodeUpdate
9137 * is combined with the data stored in CTX and used for decoding.
9138 * Returns 1 or 0 on success, -1 on error. Return value 0 indicates that
9139 * clients should call wolfSSL_EVP_DecodeFinal as next call.
9140 */
wolfSSL_EVP_DecodeUpdate(WOLFSSL_EVP_ENCODE_CTX * ctx,unsigned char * out,int * outl,const unsigned char * in,int inl)9141 int wolfSSL_EVP_DecodeUpdate(WOLFSSL_EVP_ENCODE_CTX* ctx,
9142 unsigned char* out, int* outl, const unsigned char* in, int inl)
9143 {
9144 word32 outsz = 0;
9145 word32 j = 0;
9146 word32 inLen;
9147 int res;
9148 int pad = 0;
9149 int i;
9150 int cpySz;
9151 unsigned char c;
9152 int pad3 = 0;
9153 int pad4 = 0;
9154 byte e[4];
9155
9156 WOLFSSL_ENTER("wolfSSL_EVP_DecodeUpdate");
9157
9158 if (outl == NULL)
9159 return -1;
9160
9161 if (ctx == NULL || out == NULL || in == NULL) {
9162 *outl = 0;
9163 return -1;
9164 }
9165
9166 if (inl == 0) {
9167 *outl = 0;
9168 return 1;
9169 }
9170
9171 inLen = inl;
9172 *outl = 0;
9173
9174 /* if the remaining data exist in the ctx, add input data to them to create
9175 a block(4bytes) for decoding*/
9176 if ( ctx->remaining > 0 && inl > 0) {
9177
9178 cpySz = min((BASE64_DECODE_BLOCK_SIZE - ctx->remaining), inl);
9179
9180 for ( i = 0; cpySz > 0 && inLen > 0; i++) {
9181 if (Base64_SkipNewline(in, &inLen, &j) == ASN_INPUT_E) {
9182 return -1; /* detected an illegal char in input */
9183 }
9184 c = in[j++];
9185
9186 if (c == '=')
9187 pad = 1;
9188
9189 *(ctx->data + ctx->remaining + i) = c;
9190 inLen--;
9191 cpySz--;
9192 }
9193
9194 outsz = sizeof(ctx->data);
9195 res = Base64_Decode( ctx->data, BASE64_DECODE_BLOCK_SIZE, out, &outsz);
9196 if (res == 0) {
9197 *outl += outsz;
9198 out += outsz;
9199
9200 ctx->remaining = 0;
9201 XMEMSET(ctx->data, 0, sizeof(ctx->data));
9202 }
9203 else {
9204 *outl = 0;
9205 return -1; /* return with error */
9206 }
9207 }
9208
9209 /* Base64_Decode is not a streaming process, so it processes
9210 * the input data and exits. If a line break or whitespace
9211 * character is found in the input data, it will be skipped,
9212 * but if the end point of the input data is reached as a result,
9213 * Base64_Decode will stop processing there. The data cleansing is
9214 * required before Base64_Decode so that the processing does not
9215 * stop within 4 bytes, which is the unit of Base64 decoding processing.
9216 * The logic that exists before calling Base64_Decode in a While Loop is
9217 * a data cleansing process that removes line breaks and whitespace.
9218 */
9219 while (inLen > 3) {
9220 if ((res = Base64_SkipNewline(in, &inLen, &j)) != 0) {
9221 if (res == BUFFER_E) {
9222 break;
9223 }
9224 else {
9225 *outl = 0;
9226 return -1;
9227 }
9228 }
9229 e[0] = in[j++];
9230 if (e[0] == '\0') {
9231 break;
9232 }
9233 inLen--;
9234 if ((res = Base64_SkipNewline(in, &inLen, &j)) != 0) {
9235 if (res == BUFFER_E) {
9236 break;
9237 }
9238 else {
9239 *outl = 0;
9240 return -1;
9241 }
9242 }
9243 e[1] = in[j++];
9244 inLen--;
9245 if ((res = Base64_SkipNewline(in, &inLen, &j)) != 0) {
9246 if (res == BUFFER_E) {
9247 break;
9248 }
9249 else {
9250 *outl = 0;
9251 return -1;
9252 }
9253 }
9254 e[2] = in[j++];
9255 inLen--;
9256 if ((res = Base64_SkipNewline(in, &inLen, &j)) != 0) {
9257 if (res == BUFFER_E) {
9258 break;
9259 }
9260 else {
9261 *outl = 0;
9262 return -1;
9263 }
9264 }
9265 e[3] = in[j++];
9266 inLen--;
9267
9268 if (e[0] == '=')
9269 pad = 1;
9270 if (e[1] == '=')
9271 pad = 1;
9272 if (e[2] == '=') {
9273 pad = 1;
9274 pad3 = 1;
9275 }
9276 if (e[3] == '=') {
9277 pad = 1;
9278 pad4 = 1;
9279 }
9280 if (pad3 && !pad4) {
9281 *outl = 0;
9282 return -1;
9283 }
9284
9285 /* decode four bytes */
9286 outsz = sizeof(ctx->data);
9287 res = Base64_Decode( e, BASE64_DECODE_BLOCK_SIZE, out, &outsz);
9288 if (res < 0) {
9289 *outl = 0;
9290 return -1;
9291 }
9292
9293 *outl += outsz;
9294 out += outsz;
9295 }
9296 /* copy left data to ctx */
9297 if (inLen > 0) {
9298
9299 XMEMSET(ctx->data, 0, sizeof(ctx->data));
9300
9301 i = 0;
9302 while (inLen > 0) {
9303 c = in[j++];
9304 if (c== '\n' || c == '\r' || c == ' ') {
9305 inLen--;
9306 continue;
9307 }
9308 if (c == '=') {
9309 pad = 1;
9310 }
9311 ctx->data[i++] = c;
9312 ctx->remaining++;
9313 inLen--;
9314 }
9315
9316 if (pad)
9317 return 0; /* indicates that clients should call DecodeFinal */
9318 else
9319 return 1;
9320
9321 }
9322 /* if the last data is '\n', remove it */
9323 c = in[j - 1];
9324 if (c == '\n') {
9325 c = (in[j - 2]);
9326 if (c == '=')
9327 return 0;
9328 else
9329 return 1;
9330 }
9331 if (c == '=')
9332 return 0;
9333 else
9334 return 1;
9335
9336 }
9337 /* wolfSSL_EVP_DecodeFinal decode remaining data in ctx
9338 * to outputs to out.
9339 * Returns 1 on success, -1 on failure.
9340 */
wolfSSL_EVP_DecodeFinal(WOLFSSL_EVP_ENCODE_CTX * ctx,unsigned char * out,int * outl)9341 int wolfSSL_EVP_DecodeFinal(WOLFSSL_EVP_ENCODE_CTX* ctx,
9342 unsigned char* out, int* outl)
9343 {
9344 word32 outsz = 0;
9345 word32 inLen;
9346 word32 j = 0;
9347 int res;
9348
9349 WOLFSSL_ENTER("wolfSSL_EVP_DecodeFinal");
9350
9351 if (outl == NULL)
9352 return -1;
9353
9354 if (ctx == NULL || out == NULL ) {
9355 *outl = 0;
9356 return -1;
9357 }
9358
9359 if (ctx->remaining > 0) {
9360 inLen = ctx->remaining;
9361 if ((res = Base64_SkipNewline(ctx->data, &inLen, &j)) != 0) {
9362 *outl = 0;
9363 if (res == BUFFER_E) /* means no valid data to decode in buffer */
9364 return 1; /* returns as success with no output */
9365 else
9366 return -1;
9367 }
9368
9369
9370 outsz = ctx->remaining;
9371 res = Base64_Decode(ctx->data, ctx->remaining, out, &outsz);
9372 if (res == 0) {
9373 *outl = outsz;
9374 return 1;
9375 }
9376 else {
9377 *outl = 0;
9378 return -1;
9379 }
9380 }
9381 else {
9382 *outl = 0;
9383 return 1;
9384 }
9385 }
9386 #endif /* WOLFSSL_BASE64_DECODE */
9387
9388 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
9389
9390 #endif /* WOLFSSL_EVP_INCLUDED */
9391