cjson
fuzzing
inputs
test1 test10 test11 test2 test3 test3.bu test3.uf test3.uu test4 test5 test6 test7 test8 test9library_config
cJSONConfig.cmake.in cJSONConfigVersion.cmake.in libcjson.pc.in libcjson_utils.pc.in uninstall.cmaketests
inputs
test1 test1.expected test10 test10.expected test11 test11.expected test2 test2.expected test3 test3.expected test4 test4.expected test5 test5.expected test6 test7 test7.expected test8 test8.expected test9 test9.expectedjson-patch-tests
.editorconfig .gitignore .npmignore README.md cjson-utils-tests.json package.json spec_tests.json tests.jsonunity
auto
colour_prompt.rb colour_reporter.rb generate_config.yml generate_module.rb generate_test_runner.rb parse_output.rb stylize_as_junit.rb test_file_filter.rb type_sanitizer.rb unity_test_summary.py unity_test_summary.rb unity_to_junit.pydocs
ThrowTheSwitchCodingStandard.md UnityAssertionsCheatSheetSuitableforPrintingandPossiblyFraming.pdf UnityAssertionsReference.md UnityConfigurationGuide.md UnityGettingStartedGuide.md UnityHelperScriptsGuide.md license.txtexamples
unity_config.hcurl
.github
scripts
cleancmd.pl cmp-config.pl cmp-pkg-config.sh codespell-ignore.words codespell.sh distfiles.sh pyspelling.words pyspelling.yaml randcurl.pl requirements-docs.txt requirements-proselint.txt requirements.txt shellcheck-ci.sh shellcheck.sh spellcheck.curl trimmarkdownheader.pl typos.sh typos.toml verify-examples.pl verify-synopsis.pl yamlcheck.sh yamlcheck.yamlworkflows
appveyor-status.yml checkdocs.yml checksrc.yml checkurls.yml codeql.yml configure-vs-cmake.yml curl-for-win.yml distcheck.yml fuzz.yml http3-linux.yml label.yml linux-old.yml linux.yml macos.yml non-native.yml windows.ymlCMake
CurlSymbolHiding.cmake CurlTests.c FindBrotli.cmake FindCares.cmake FindGSS.cmake FindGnuTLS.cmake FindLDAP.cmake FindLibbacktrace.cmake FindLibgsasl.cmake FindLibidn2.cmake FindLibpsl.cmake FindLibssh.cmake FindLibssh2.cmake FindLibuv.cmake FindMbedTLS.cmake FindNGHTTP2.cmake FindNGHTTP3.cmake FindNGTCP2.cmake FindNettle.cmake FindQuiche.cmake FindRustls.cmake FindWolfSSL.cmake FindZstd.cmake Macros.cmake OtherTests.cmake PickyWarnings.cmake Utilities.cmake cmake_uninstall.in.cmake curl-config.in.cmake unix-cache.cmake win32-cache.cmakedocs
cmdline-opts
.gitignore CMakeLists.txt MANPAGE.md Makefile.am Makefile.inc _AUTHORS.md _BUGS.md _DESCRIPTION.md _ENVIRONMENT.md _EXITCODES.md _FILES.md _GLOBBING.md _NAME.md _OPTIONS.md _OUTPUT.md _PROGRESS.md _PROTOCOLS.md _PROXYPREFIX.md _SEEALSO.md _SYNOPSIS.md _URL.md _VARIABLES.md _VERSION.md _WWW.md abstract-unix-socket.md alt-svc.md anyauth.md append.md aws-sigv4.md basic.md ca-native.md cacert.md capath.md cert-status.md cert-type.md cert.md ciphers.md compressed-ssh.md compressed.md config.md connect-timeout.md connect-to.md continue-at.md cookie-jar.md cookie.md create-dirs.md create-file-mode.md crlf.md crlfile.md curves.md data-ascii.md data-binary.md data-raw.md data-urlencode.md data.md delegation.md digest.md disable-eprt.md disable-epsv.md disable.md disallow-username-in-url.md dns-interface.md dns-ipv4-addr.md dns-ipv6-addr.md dns-servers.md doh-cert-status.md doh-insecure.md doh-url.md dump-ca-embed.md dump-header.md ech.md egd-file.md engine.md etag-compare.md etag-save.md expect100-timeout.md fail-early.md fail-with-body.md fail.md false-start.md follow.md form-escape.md form-string.md form.md ftp-account.md ftp-alternative-to-user.md ftp-create-dirs.md ftp-method.md ftp-pasv.md ftp-port.md ftp-pret.md ftp-skip-pasv-ip.md ftp-ssl-ccc-mode.md ftp-ssl-ccc.md ftp-ssl-control.md get.md globoff.md happy-eyeballs-timeout-ms.md haproxy-clientip.md haproxy-protocol.md head.md header.md help.md hostpubmd5.md hostpubsha256.md hsts.md http0.9.md http1.0.md http1.1.md http2-prior-knowledge.md http2.md http3-only.md http3.md ignore-content-length.md insecure.md interface.md ip-tos.md ipfs-gateway.md ipv4.md ipv6.md json.md junk-session-cookies.md keepalive-cnt.md keepalive-time.md key-type.md key.md knownhosts.md krb.md libcurl.md limit-rate.md list-only.md local-port.md location-trusted.md location.md login-options.md mail-auth.md mail-from.md mail-rcpt-allowfails.md mail-rcpt.md mainpage.idx manual.md max-filesize.md max-redirs.md max-time.md metalink.md mptcp.md negotiate.md netrc-file.md netrc-optional.md netrc.md next.md no-alpn.md no-buffer.md no-clobber.md no-keepalive.md no-npn.md no-progress-meter.md no-sessionid.md noproxy.md ntlm-wb.md ntlm.md oauth2-bearer.md out-null.md output-dir.md output.md parallel-immediate.md parallel-max-host.md parallel-max.md parallel.md pass.md path-as-is.md pinnedpubkey.md post301.md post302.md post303.md preproxy.md progress-bar.md proto-default.md proto-redir.md proto.md proxy-anyauth.md proxy-basic.md proxy-ca-native.md proxy-cacert.md proxy-capath.md proxy-cert-type.md proxy-cert.md proxy-ciphers.md proxy-crlfile.md proxy-digest.md proxy-header.md proxy-http2.md proxy-insecure.md proxy-key-type.md proxy-key.md proxy-negotiate.md proxy-ntlm.md proxy-pass.md proxy-pinnedpubkey.md proxy-service-name.md proxy-ssl-allow-beast.md proxy-ssl-auto-client-cert.md proxy-tls13-ciphers.md proxy-tlsauthtype.md proxy-tlspassword.md proxy-tlsuser.md proxy-tlsv1.md proxy-user.md proxy.md proxy1.0.md proxytunnel.md pubkey.md quote.md random-file.md range.md rate.md raw.md referer.md remote-header-name.md remote-name-all.md remote-name.md remote-time.md remove-on-error.md request-target.md request.md resolve.md retry-all-errors.md retry-connrefused.md retry-delay.md retry-max-time.md retry.md sasl-authzid.md sasl-ir.md service-name.md show-error.md show-headers.md sigalgs.md silent.md skip-existing.md socks4.md socks4a.md socks5-basic.md socks5-gssapi-nec.md socks5-gssapi-service.md socks5-gssapi.md socks5-hostname.md socks5.md speed-limit.md speed-time.md ssl-allow-beast.md ssl-auto-client-cert.md ssl-no-revoke.md ssl-reqd.md ssl-revoke-best-effort.md ssl-sessions.md ssl.md sslv2.md sslv3.md stderr.md styled-output.md suppress-connect-headers.md tcp-fastopen.md tcp-nodelay.md telnet-option.md tftp-blksize.md tftp-no-options.md time-cond.md tls-earlydata.md tls-max.md tls13-ciphers.md tlsauthtype.md tlspassword.md tlsuser.md tlsv1.0.md tlsv1.1.md tlsv1.2.md tlsv1.3.md tlsv1.md tr-encoding.md trace-ascii.md trace-config.md trace-ids.md trace-time.md trace.md unix-socket.md upload-file.md upload-flags.md url-query.md url.md use-ascii.md user-agent.md user.md variable.md verbose.md version.md vlan-priority.md write-out.md xattr.mdexamples
.checksrc .gitignore 10-at-a-time.c CMakeLists.txt Makefile.am Makefile.example Makefile.inc README.md adddocsref.pl address-scope.c altsvc.c anyauthput.c block_ip.c cacertinmem.c certinfo.c chkspeed.c connect-to.c cookie_interface.c crawler.c debug.c default-scheme.c ephiperfifo.c evhiperfifo.c externalsocket.c fileupload.c ftp-delete.c ftp-wildcard.c ftpget.c ftpgetinfo.c ftpgetresp.c ftpsget.c ftpupload.c ftpuploadfrommem.c ftpuploadresume.c getinfo.c getinmemory.c getredirect.c getreferrer.c ghiper.c headerapi.c hiperfifo.c hsts-preload.c htmltidy.c htmltitle.cpp http-options.c http-post.c http2-download.c http2-pushinmemory.c http2-serverpush.c http2-upload.c http3-present.c http3.c httpcustomheader.c httpput-postfields.c httpput.c https.c imap-append.c imap-authzid.c imap-copy.c imap-create.c imap-delete.c imap-examine.c imap-fetch.c imap-list.c imap-lsub.c imap-multi.c imap-noop.c imap-search.c imap-ssl.c imap-store.c imap-tls.c interface.c ipv6.c keepalive.c localport.c log_failed_transfers.c maxconnects.c multi-app.c multi-debugcallback.c multi-double.c multi-event.c multi-formadd.c multi-legacy.c multi-post.c multi-single.c multi-uv.c netrc.c parseurl.c persistent.c pop3-authzid.c pop3-dele.c pop3-list.c pop3-multi.c pop3-noop.c pop3-retr.c pop3-ssl.c pop3-stat.c pop3-tls.c pop3-top.c pop3-uidl.c post-callback.c postinmemory.c postit2-formadd.c postit2.c progressfunc.c protofeats.c range.c resolve.c rtsp-options.c sendrecv.c sepheaders.c sessioninfo.c sftpget.c sftpuploadresume.c shared-connection-cache.c simple.c simplepost.c simplessl.c smooth-gtk-thread.c smtp-authzid.c smtp-expn.c smtp-mail.c smtp-mime.c smtp-multi.c smtp-ssl.c smtp-tls.c smtp-vrfy.c sslbackend.c synctime.c threaded.c unixsocket.c url2file.c urlapi.c usercertinmem.c version-check.pl websocket-cb.c websocket-updown.c websocket.c xmlstream.cinternals
BUFQ.md BUFREF.md CHECKSRC.md CLIENT-READERS.md CLIENT-WRITERS.md CODE_STYLE.md CONNECTION-FILTERS.md CREDENTIALS.md CURLX.md DYNBUF.md HASH.md LLIST.md MID.md MQTT.md MULTI-EV.md NEW-PROTOCOL.md PEERS.md PORTING.md RATELIMITS.md README.md SCORECARD.md SPLAY.md STRPARSE.md THRDPOOL-AND-QUEUE.md TIME-KEEPING.md TLS-SESSIONS.md UINT_SETS.md WEBSOCKET.mdlibcurl
opts
CMakeLists.txt CURLINFO_ACTIVESOCKET.md CURLINFO_APPCONNECT_TIME.md CURLINFO_APPCONNECT_TIME_T.md CURLINFO_CAINFO.md CURLINFO_CAPATH.md CURLINFO_CERTINFO.md CURLINFO_CONDITION_UNMET.md CURLINFO_CONNECT_TIME.md CURLINFO_CONNECT_TIME_T.md CURLINFO_CONN_ID.md CURLINFO_CONTENT_LENGTH_DOWNLOAD.md CURLINFO_CONTENT_LENGTH_DOWNLOAD_T.md CURLINFO_CONTENT_LENGTH_UPLOAD.md CURLINFO_CONTENT_LENGTH_UPLOAD_T.md CURLINFO_CONTENT_TYPE.md CURLINFO_COOKIELIST.md CURLINFO_EARLYDATA_SENT_T.md CURLINFO_EFFECTIVE_METHOD.md CURLINFO_EFFECTIVE_URL.md CURLINFO_FILETIME.md CURLINFO_FILETIME_T.md CURLINFO_FTP_ENTRY_PATH.md CURLINFO_HEADER_SIZE.md CURLINFO_HTTPAUTH_AVAIL.md CURLINFO_HTTPAUTH_USED.md CURLINFO_HTTP_CONNECTCODE.md CURLINFO_HTTP_VERSION.md CURLINFO_LASTSOCKET.md CURLINFO_LOCAL_IP.md CURLINFO_LOCAL_PORT.md CURLINFO_NAMELOOKUP_TIME.md CURLINFO_NAMELOOKUP_TIME_T.md CURLINFO_NUM_CONNECTS.md CURLINFO_OS_ERRNO.md CURLINFO_POSTTRANSFER_TIME_T.md CURLINFO_PRETRANSFER_TIME.md CURLINFO_PRETRANSFER_TIME_T.md CURLINFO_PRIMARY_IP.md CURLINFO_PRIMARY_PORT.md CURLINFO_PRIVATE.md CURLINFO_PROTOCOL.md CURLINFO_PROXYAUTH_AVAIL.md CURLINFO_PROXYAUTH_USED.md CURLINFO_PROXY_ERROR.md CURLINFO_PROXY_SSL_VERIFYRESULT.md CURLINFO_QUEUE_TIME_T.md CURLINFO_REDIRECT_COUNT.md CURLINFO_REDIRECT_TIME.md CURLINFO_REDIRECT_TIME_T.md CURLINFO_REDIRECT_URL.md CURLINFO_REFERER.md CURLINFO_REQUEST_SIZE.md CURLINFO_RESPONSE_CODE.md CURLINFO_RETRY_AFTER.md CURLINFO_RTSP_CLIENT_CSEQ.md CURLINFO_RTSP_CSEQ_RECV.md CURLINFO_RTSP_SERVER_CSEQ.md CURLINFO_RTSP_SESSION_ID.md CURLINFO_SCHEME.md CURLINFO_SIZE_DELIVERED.md CURLINFO_SIZE_DOWNLOAD.md CURLINFO_SIZE_DOWNLOAD_T.md CURLINFO_SIZE_UPLOAD.md CURLINFO_SIZE_UPLOAD_T.md CURLINFO_SPEED_DOWNLOAD.md CURLINFO_SPEED_DOWNLOAD_T.md CURLINFO_SPEED_UPLOAD.md CURLINFO_SPEED_UPLOAD_T.md CURLINFO_SSL_ENGINES.md CURLINFO_SSL_VERIFYRESULT.md CURLINFO_STARTTRANSFER_TIME.md CURLINFO_STARTTRANSFER_TIME_T.md CURLINFO_TLS_SESSION.md CURLINFO_TLS_SSL_PTR.md CURLINFO_TOTAL_TIME.md CURLINFO_TOTAL_TIME_T.md CURLINFO_USED_PROXY.md CURLINFO_XFER_ID.md CURLMINFO_XFERS_ADDED.md CURLMINFO_XFERS_CURRENT.md CURLMINFO_XFERS_DONE.md CURLMINFO_XFERS_PENDING.md CURLMINFO_XFERS_RUNNING.md CURLMOPT_CHUNK_LENGTH_PENALTY_SIZE.md CURLMOPT_CONTENT_LENGTH_PENALTY_SIZE.md CURLMOPT_MAXCONNECTS.md CURLMOPT_MAX_CONCURRENT_STREAMS.md CURLMOPT_MAX_HOST_CONNECTIONS.md CURLMOPT_MAX_PIPELINE_LENGTH.md CURLMOPT_MAX_TOTAL_CONNECTIONS.md CURLMOPT_NETWORK_CHANGED.md CURLMOPT_NOTIFYDATA.md CURLMOPT_NOTIFYFUNCTION.md CURLMOPT_PIPELINING.md CURLMOPT_PIPELINING_SERVER_BL.md CURLMOPT_PIPELINING_SITE_BL.md CURLMOPT_PUSHDATA.md CURLMOPT_PUSHFUNCTION.md CURLMOPT_QUICK_EXIT.md CURLMOPT_RESOLVE_THREADS_MAX.md CURLMOPT_SOCKETDATA.md CURLMOPT_SOCKETFUNCTION.md CURLMOPT_TIMERDATA.md CURLMOPT_TIMERFUNCTION.md CURLOPT_ABSTRACT_UNIX_SOCKET.md CURLOPT_ACCEPTTIMEOUT_MS.md CURLOPT_ACCEPT_ENCODING.md CURLOPT_ADDRESS_SCOPE.md CURLOPT_ALTSVC.md CURLOPT_ALTSVC_CTRL.md CURLOPT_APPEND.md CURLOPT_AUTOREFERER.md CURLOPT_AWS_SIGV4.md CURLOPT_BUFFERSIZE.md CURLOPT_CAINFO.md CURLOPT_CAINFO_BLOB.md CURLOPT_CAPATH.md CURLOPT_CA_CACHE_TIMEOUT.md CURLOPT_CERTINFO.md CURLOPT_CHUNK_BGN_FUNCTION.md CURLOPT_CHUNK_DATA.md CURLOPT_CHUNK_END_FUNCTION.md CURLOPT_CLOSESOCKETDATA.md CURLOPT_CLOSESOCKETFUNCTION.md CURLOPT_CONNECTTIMEOUT.md CURLOPT_CONNECTTIMEOUT_MS.md CURLOPT_CONNECT_ONLY.md CURLOPT_CONNECT_TO.md CURLOPT_CONV_FROM_NETWORK_FUNCTION.md CURLOPT_CONV_FROM_UTF8_FUNCTION.md CURLOPT_CONV_TO_NETWORK_FUNCTION.md CURLOPT_COOKIE.md CURLOPT_COOKIEFILE.md CURLOPT_COOKIEJAR.md CURLOPT_COOKIELIST.md CURLOPT_COOKIESESSION.md CURLOPT_COPYPOSTFIELDS.md CURLOPT_CRLF.md CURLOPT_CRLFILE.md CURLOPT_CURLU.md CURLOPT_CUSTOMREQUEST.md CURLOPT_DEBUGDATA.md CURLOPT_DEBUGFUNCTION.md CURLOPT_DEFAULT_PROTOCOL.md CURLOPT_DIRLISTONLY.md CURLOPT_DISALLOW_USERNAME_IN_URL.md CURLOPT_DNS_CACHE_TIMEOUT.md CURLOPT_DNS_INTERFACE.md CURLOPT_DNS_LOCAL_IP4.md CURLOPT_DNS_LOCAL_IP6.md CURLOPT_DNS_SERVERS.md CURLOPT_DNS_SHUFFLE_ADDRESSES.md CURLOPT_DNS_USE_GLOBAL_CACHE.md CURLOPT_DOH_SSL_VERIFYHOST.md CURLOPT_DOH_SSL_VERIFYPEER.md CURLOPT_DOH_SSL_VERIFYSTATUS.md CURLOPT_DOH_URL.md CURLOPT_ECH.md CURLOPT_EGDSOCKET.md CURLOPT_ERRORBUFFER.md CURLOPT_EXPECT_100_TIMEOUT_MS.md CURLOPT_FAILONERROR.md CURLOPT_FILETIME.md CURLOPT_FNMATCH_DATA.md CURLOPT_FNMATCH_FUNCTION.md CURLOPT_FOLLOWLOCATION.md CURLOPT_FORBID_REUSE.md CURLOPT_FRESH_CONNECT.md CURLOPT_FTPPORT.md CURLOPT_FTPSSLAUTH.md CURLOPT_FTP_ACCOUNT.md CURLOPT_FTP_ALTERNATIVE_TO_USER.md CURLOPT_FTP_CREATE_MISSING_DIRS.md CURLOPT_FTP_FILEMETHOD.md CURLOPT_FTP_SKIP_PASV_IP.md CURLOPT_FTP_SSL_CCC.md CURLOPT_FTP_USE_EPRT.md CURLOPT_FTP_USE_EPSV.md CURLOPT_FTP_USE_PRET.md CURLOPT_GSSAPI_DELEGATION.md CURLOPT_HAPPY_EYEBALLS_TIMEOUT_MS.md CURLOPT_HAPROXYPROTOCOL.md CURLOPT_HAPROXY_CLIENT_IP.md CURLOPT_HEADER.md CURLOPT_HEADERDATA.md CURLOPT_HEADERFUNCTION.md CURLOPT_HEADEROPT.md CURLOPT_HSTS.md CURLOPT_HSTSREADDATA.md CURLOPT_HSTSREADFUNCTION.md CURLOPT_HSTSWRITEDATA.md CURLOPT_HSTSWRITEFUNCTION.md CURLOPT_HSTS_CTRL.md CURLOPT_HTTP09_ALLOWED.md CURLOPT_HTTP200ALIASES.md CURLOPT_HTTPAUTH.md CURLOPT_HTTPGET.md CURLOPT_HTTPHEADER.md CURLOPT_HTTPPOST.md CURLOPT_HTTPPROXYTUNNEL.md CURLOPT_HTTP_CONTENT_DECODING.md CURLOPT_HTTP_TRANSFER_DECODING.md CURLOPT_HTTP_VERSION.md CURLOPT_IGNORE_CONTENT_LENGTH.md CURLOPT_INFILESIZE.md CURLOPT_INFILESIZE_LARGE.md CURLOPT_INTERFACE.md CURLOPT_INTERLEAVEDATA.md CURLOPT_INTERLEAVEFUNCTION.md CURLOPT_IOCTLDATA.md CURLOPT_IOCTLFUNCTION.md CURLOPT_IPRESOLVE.md CURLOPT_ISSUERCERT.md CURLOPT_ISSUERCERT_BLOB.md CURLOPT_KEEP_SENDING_ON_ERROR.md CURLOPT_KEYPASSWD.md CURLOPT_KRBLEVEL.md CURLOPT_LOCALPORT.md CURLOPT_LOCALPORTRANGE.md CURLOPT_LOGIN_OPTIONS.md CURLOPT_LOW_SPEED_LIMIT.md CURLOPT_LOW_SPEED_TIME.md CURLOPT_MAIL_AUTH.md CURLOPT_MAIL_FROM.md CURLOPT_MAIL_RCPT.md CURLOPT_MAIL_RCPT_ALLOWFAILS.md CURLOPT_MAXAGE_CONN.md CURLOPT_MAXCONNECTS.md CURLOPT_MAXFILESIZE.md CURLOPT_MAXFILESIZE_LARGE.md CURLOPT_MAXLIFETIME_CONN.md CURLOPT_MAXREDIRS.md CURLOPT_MAX_RECV_SPEED_LARGE.md CURLOPT_MAX_SEND_SPEED_LARGE.md CURLOPT_MIMEPOST.md CURLOPT_MIME_OPTIONS.md CURLOPT_NETRC.md CURLOPT_NETRC_FILE.md CURLOPT_NEW_DIRECTORY_PERMS.md CURLOPT_NEW_FILE_PERMS.md CURLOPT_NOBODY.md CURLOPT_NOPROGRESS.md CURLOPT_NOPROXY.md CURLOPT_NOSIGNAL.md CURLOPT_OPENSOCKETDATA.md CURLOPT_OPENSOCKETFUNCTION.md CURLOPT_PASSWORD.md CURLOPT_PATH_AS_IS.md CURLOPT_PINNEDPUBLICKEY.md CURLOPT_PIPEWAIT.md CURLOPT_PORT.md CURLOPT_POST.md CURLOPT_POSTFIELDS.md CURLOPT_POSTFIELDSIZE.md CURLOPT_POSTFIELDSIZE_LARGE.md CURLOPT_POSTQUOTE.md CURLOPT_POSTREDIR.md CURLOPT_PREQUOTE.md CURLOPT_PREREQDATA.md CURLOPT_PREREQFUNCTION.md CURLOPT_PRE_PROXY.md CURLOPT_PRIVATE.md CURLOPT_PROGRESSDATA.md CURLOPT_PROGRESSFUNCTION.md CURLOPT_PROTOCOLS.md CURLOPT_PROTOCOLS_STR.md CURLOPT_PROXY.md CURLOPT_PROXYAUTH.md CURLOPT_PROXYHEADER.md CURLOPT_PROXYPASSWORD.md CURLOPT_PROXYPORT.md CURLOPT_PROXYTYPE.md CURLOPT_PROXYUSERNAME.md CURLOPT_PROXYUSERPWD.md CURLOPT_PROXY_CAINFO.md CURLOPT_PROXY_CAINFO_BLOB.md CURLOPT_PROXY_CAPATH.md CURLOPT_PROXY_CRLFILE.md CURLOPT_PROXY_ISSUERCERT.md CURLOPT_PROXY_ISSUERCERT_BLOB.md CURLOPT_PROXY_KEYPASSWD.md CURLOPT_PROXY_PINNEDPUBLICKEY.md CURLOPT_PROXY_SERVICE_NAME.md CURLOPT_PROXY_SSLCERT.md CURLOPT_PROXY_SSLCERTTYPE.md CURLOPT_PROXY_SSLCERT_BLOB.md CURLOPT_PROXY_SSLKEY.md CURLOPT_PROXY_SSLKEYTYPE.md CURLOPT_PROXY_SSLKEY_BLOB.md CURLOPT_PROXY_SSLVERSION.md CURLOPT_PROXY_SSL_CIPHER_LIST.md CURLOPT_PROXY_SSL_OPTIONS.md CURLOPT_PROXY_SSL_VERIFYHOST.md CURLOPT_PROXY_SSL_VERIFYPEER.md CURLOPT_PROXY_TLS13_CIPHERS.md CURLOPT_PROXY_TLSAUTH_PASSWORD.md CURLOPT_PROXY_TLSAUTH_TYPE.md CURLOPT_PROXY_TLSAUTH_USERNAME.md CURLOPT_PROXY_TRANSFER_MODE.md CURLOPT_PUT.md CURLOPT_QUICK_EXIT.md CURLOPT_QUOTE.md CURLOPT_RANDOM_FILE.md CURLOPT_RANGE.md CURLOPT_READDATA.md CURLOPT_READFUNCTION.md CURLOPT_REDIR_PROTOCOLS.md CURLOPT_REDIR_PROTOCOLS_STR.md CURLOPT_REFERER.md CURLOPT_REQUEST_TARGET.md CURLOPT_RESOLVE.md CURLOPT_RESOLVER_START_DATA.md CURLOPT_RESOLVER_START_FUNCTION.md CURLOPT_RESUME_FROM.md CURLOPT_RESUME_FROM_LARGE.md CURLOPT_RTSP_CLIENT_CSEQ.md CURLOPT_RTSP_REQUEST.md CURLOPT_RTSP_SERVER_CSEQ.md CURLOPT_RTSP_SESSION_ID.md CURLOPT_RTSP_STREAM_URI.md CURLOPT_RTSP_TRANSPORT.md CURLOPT_SASL_AUTHZID.md CURLOPT_SASL_IR.md CURLOPT_SEEKDATA.md CURLOPT_SEEKFUNCTION.md CURLOPT_SERVER_RESPONSE_TIMEOUT.md CURLOPT_SERVER_RESPONSE_TIMEOUT_MS.md CURLOPT_SERVICE_NAME.md CURLOPT_SHARE.md CURLOPT_SOCKOPTDATA.md CURLOPT_SOCKOPTFUNCTION.md CURLOPT_SOCKS5_AUTH.md CURLOPT_SOCKS5_GSSAPI_NEC.md CURLOPT_SOCKS5_GSSAPI_SERVICE.md CURLOPT_SSH_AUTH_TYPES.md CURLOPT_SSH_COMPRESSION.md CURLOPT_SSH_HOSTKEYDATA.md CURLOPT_SSH_HOSTKEYFUNCTION.md CURLOPT_SSH_HOST_PUBLIC_KEY_MD5.md CURLOPT_SSH_HOST_PUBLIC_KEY_SHA256.md CURLOPT_SSH_KEYDATA.md CURLOPT_SSH_KEYFUNCTION.md CURLOPT_SSH_KNOWNHOSTS.md CURLOPT_SSH_PRIVATE_KEYFILE.md CURLOPT_SSH_PUBLIC_KEYFILE.md CURLOPT_SSLCERT.md CURLOPT_SSLCERTTYPE.md CURLOPT_SSLCERT_BLOB.md CURLOPT_SSLENGINE.md CURLOPT_SSLENGINE_DEFAULT.md CURLOPT_SSLKEY.md CURLOPT_SSLKEYTYPE.md CURLOPT_SSLKEY_BLOB.md CURLOPT_SSLVERSION.md CURLOPT_SSL_CIPHER_LIST.md CURLOPT_SSL_CTX_DATA.md CURLOPT_SSL_CTX_FUNCTION.md CURLOPT_SSL_EC_CURVES.md CURLOPT_SSL_ENABLE_ALPN.md CURLOPT_SSL_ENABLE_NPN.md CURLOPT_SSL_FALSESTART.md CURLOPT_SSL_OPTIONS.md CURLOPT_SSL_SESSIONID_CACHE.md CURLOPT_SSL_SIGNATURE_ALGORITHMS.md CURLOPT_SSL_VERIFYHOST.md CURLOPT_SSL_VERIFYPEER.md CURLOPT_SSL_VERIFYSTATUS.md CURLOPT_STDERR.md CURLOPT_STREAM_DEPENDS.md CURLOPT_STREAM_DEPENDS_E.md CURLOPT_STREAM_WEIGHT.md CURLOPT_SUPPRESS_CONNECT_HEADERS.md CURLOPT_TCP_FASTOPEN.md CURLOPT_TCP_KEEPALIVE.md CURLOPT_TCP_KEEPCNT.md CURLOPT_TCP_KEEPIDLE.md CURLOPT_TCP_KEEPINTVL.md CURLOPT_TCP_NODELAY.md CURLOPT_TELNETOPTIONS.md CURLOPT_TFTP_BLKSIZE.md CURLOPT_TFTP_NO_OPTIONS.md CURLOPT_TIMECONDITION.md CURLOPT_TIMEOUT.md CURLOPT_TIMEOUT_MS.md CURLOPT_TIMEVALUE.md CURLOPT_TIMEVALUE_LARGE.md CURLOPT_TLS13_CIPHERS.md CURLOPT_TLSAUTH_PASSWORD.md CURLOPT_TLSAUTH_TYPE.md CURLOPT_TLSAUTH_USERNAME.md CURLOPT_TRAILERDATA.md CURLOPT_TRAILERFUNCTION.md CURLOPT_TRANSFERTEXT.md CURLOPT_TRANSFER_ENCODING.md CURLOPT_UNIX_SOCKET_PATH.md CURLOPT_UNRESTRICTED_AUTH.md CURLOPT_UPKEEP_INTERVAL_MS.md CURLOPT_UPLOAD.md CURLOPT_UPLOAD_BUFFERSIZE.md CURLOPT_UPLOAD_FLAGS.md CURLOPT_URL.md CURLOPT_USERAGENT.md CURLOPT_USERNAME.md CURLOPT_USERPWD.md CURLOPT_USE_SSL.md CURLOPT_VERBOSE.md CURLOPT_WILDCARDMATCH.md CURLOPT_WRITEDATA.md CURLOPT_WRITEFUNCTION.md CURLOPT_WS_OPTIONS.md CURLOPT_XFERINFODATA.md CURLOPT_XFERINFOFUNCTION.md CURLOPT_XOAUTH2_BEARER.md CURLSHOPT_LOCKFUNC.md CURLSHOPT_SHARE.md CURLSHOPT_UNLOCKFUNC.md CURLSHOPT_UNSHARE.md CURLSHOPT_USERDATA.md Makefile.am Makefile.incinclude
curl
Makefile.am curl.h curlver.h easy.h header.h mprintf.h multi.h options.h stdcheaders.h system.h typecheck-gcc.h urlapi.h websockets.hlib
curlx
base64.c base64.h basename.c basename.h dynbuf.c dynbuf.h fopen.c fopen.h inet_ntop.c inet_ntop.h inet_pton.c inet_pton.h multibyte.c multibyte.h nonblock.c nonblock.h snprintf.c snprintf.h strcopy.c strcopy.h strdup.c strdup.h strerr.c strerr.h strparse.c strparse.h timediff.c timediff.h timeval.c timeval.h version_win32.c version_win32.h wait.c wait.h warnless.c warnless.h winapi.c winapi.hvauth
cleartext.c cram.c digest.c digest.h digest_sspi.c gsasl.c krb5_gssapi.c krb5_sspi.c ntlm.c ntlm_sspi.c oauth2.c spnego_gssapi.c spnego_sspi.c vauth.c vauth.hvquic
curl_ngtcp2.c curl_ngtcp2.h curl_quiche.c curl_quiche.h vquic-tls.c vquic-tls.h vquic.c vquic.h vquic_int.hvtls
apple.c apple.h cipher_suite.c cipher_suite.h gtls.c gtls.h hostcheck.c hostcheck.h keylog.c keylog.h mbedtls.c mbedtls.h openssl.c openssl.h rustls.c rustls.h schannel.c schannel.h schannel_int.h schannel_verify.c vtls.c vtls.h vtls_int.h vtls_scache.c vtls_scache.h vtls_spack.c vtls_spack.h wolfssl.c wolfssl.h x509asn1.c x509asn1.hm4
.gitignore curl-amissl.m4 curl-apple-sectrust.m4 curl-compilers.m4 curl-confopts.m4 curl-functions.m4 curl-gnutls.m4 curl-mbedtls.m4 curl-openssl.m4 curl-override.m4 curl-reentrant.m4 curl-rustls.m4 curl-schannel.m4 curl-sysconfig.m4 curl-wolfssl.m4 xc-am-iface.m4 xc-cc-check.m4 xc-lt-iface.m4 xc-val-flgs.m4 zz40-xc-ovr.m4 zz50-xc-ovr.m4projects
OS400
.checksrc README.OS400 ccsidcurl.c ccsidcurl.h config400.default curl.cmd curl.inc.in curlcl.c curlmain.c initscript.sh make-docs.sh make-include.sh make-lib.sh make-src.sh make-tests.sh makefile.sh os400sys.c os400sys.hWindows
tmpl
.gitattributes README.txt curl-all.sln curl.sln curl.vcxproj curl.vcxproj.filters libcurl.sln libcurl.vcxproj libcurl.vcxproj.filtersvms
Makefile.am backup_gnv_curl_src.com build_curl-config_script.com build_gnv_curl.com build_gnv_curl_pcsi_desc.com build_gnv_curl_pcsi_text.com build_gnv_curl_release_notes.com build_libcurl_pc.com build_vms.com clean_gnv_curl.com compare_curl_source.com config_h.com curl_crtl_init.c curl_gnv_build_steps.txt curl_release_note_start.txt curl_startup.com curlmsg.h curlmsg.msg curlmsg.sdl curlmsg_vms.h generate_config_vms_h_curl.com generate_vax_transfer.com gnv_conftest.c_first gnv_curl_configure.sh gnv_libcurl_symbols.opt gnv_link_curl.com macro32_exactcase.patch make_gnv_curl_install.sh make_pcsi_curl_kit_name.com pcsi_gnv_curl_file_list.txt pcsi_product_gnv_curl.com readme report_openssl_version.c setup_gnv_curl_build.com stage_curl_install.com vms_eco_level.hscripts
.checksrc CMakeLists.txt Makefile.am badwords badwords-all badwords.txt cd2cd cd2nroff cdall checksrc-all.pl checksrc.pl cmakelint.sh completion.pl contributors.sh contrithanks.sh coverage.sh delta dmaketgz extract-unit-protos firefox-db2pem.sh installcheck.sh maketgz managen mdlinkcheck mk-ca-bundle.pl mk-unity.pl nroff2cd perlcheck.sh pythonlint.sh randdisable release-notes.pl release-tools.sh schemetable.c singleuse.pl spacecheck.pl top-complexity top-length verify-release wcurlsrc
.checksrc .gitignore CMakeLists.txt Makefile.am Makefile.inc config2setopts.c config2setopts.h curl.rc curlinfo.c mk-file-embed.pl mkhelp.pl slist_wc.c slist_wc.h terminal.c terminal.h tool_cb_dbg.c tool_cb_dbg.h tool_cb_hdr.c tool_cb_hdr.h tool_cb_prg.c tool_cb_prg.h tool_cb_rea.c tool_cb_rea.h tool_cb_see.c tool_cb_see.h tool_cb_soc.c tool_cb_soc.h tool_cb_wrt.c tool_cb_wrt.h tool_cfgable.c tool_cfgable.h tool_dirhie.c tool_dirhie.h tool_doswin.c tool_doswin.h tool_easysrc.c tool_easysrc.h tool_filetime.c tool_filetime.h tool_findfile.c tool_findfile.h tool_formparse.c tool_formparse.h tool_getparam.c tool_getparam.h tool_getpass.c tool_getpass.h tool_help.c tool_help.h tool_helpers.c tool_helpers.h tool_hugehelp.h tool_ipfs.c tool_ipfs.h tool_libinfo.c tool_libinfo.h tool_listhelp.c tool_main.c tool_main.h tool_msgs.c tool_msgs.h tool_operate.c tool_operate.h tool_operhlp.c tool_operhlp.h tool_paramhlp.c tool_paramhlp.h tool_parsecfg.c tool_parsecfg.h tool_progress.c tool_progress.h tool_sdecls.h tool_setopt.c tool_setopt.h tool_setup.h tool_ssls.c tool_ssls.h tool_stderr.c tool_stderr.h tool_urlglob.c tool_urlglob.h tool_util.c tool_util.h tool_version.h tool_vms.c tool_vms.h tool_writeout.c tool_writeout.h tool_writeout_json.c tool_writeout_json.h tool_xattr.c tool_xattr.h var.c var.htests
certs
.gitignore CMakeLists.txt Makefile.am Makefile.inc genserv.pl srp-verifier-conf srp-verifier-db test-ca.cnf test-ca.prm test-client-cert.prm test-client-eku-only.prm test-localhost-san-first.prm test-localhost-san-last.prm test-localhost.nn.prm test-localhost.prm test-localhost0h.prmdata
.gitignore DISABLED Makefile.am data-xml1 data1400.c data1401.c data1402.c data1403.c data1404.c data1405.c data1406.c data1407.c data1420.c data1461.txt data1463.txt data1465.c data1481.c data1705-1.md data1705-2.md data1705-3.md data1705-4.md data1705-stdout.1 data1706-1.md data1706-2.md data1706-3.md data1706-4.md data1706-stdout.txt data320.html test1 test10 test100 test1000 test1001 test1002 test1003 test1004 test1005 test1006 test1007 test1008 test1009 test101 test1010 test1011 test1012 test1013 test1014 test1015 test1016 test1017 test1018 test1019 test102 test1020 test1021 test1022 test1023 test1024 test1025 test1026 test1027 test1028 test1029 test103 test1030 test1031 test1032 test1033 test1034 test1035 test1036 test1037 test1038 test1039 test104 test1040 test1041 test1042 test1043 test1044 test1045 test1046 test1047 test1048 test1049 test105 test1050 test1051 test1052 test1053 test1054 test1055 test1056 test1057 test1058 test1059 test106 test1060 test1061 test1062 test1063 test1064 test1065 test1066 test1067 test1068 test1069 test107 test1070 test1071 test1072 test1073 test1074 test1075 test1076 test1077 test1078 test1079 test108 test1080 test1081 test1082 test1083 test1084 test1085 test1086 test1087 test1088 test1089 test109 test1090 test1091 test1092 test1093 test1094 test1095 test1096 test1097 test1098 test1099 test11 test110 test1100 test1101 test1102 test1103 test1104 test1105 test1106 test1107 test1108 test1109 test111 test1110 test1111 test1112 test1113 test1114 test1115 test1116 test1117 test1118 test1119 test112 test1120 test1121 test1122 test1123 test1124 test1125 test1126 test1127 test1128 test1129 test113 test1130 test1131 test1132 test1133 test1134 test1135 test1136 test1137 test1138 test1139 test114 test1140 test1141 test1142 test1143 test1144 test1145 test1146 test1147 test1148 test1149 test115 test1150 test1151 test1152 test1153 test1154 test1155 test1156 test1157 test1158 test1159 test116 test1160 test1161 test1162 test1163 test1164 test1165 test1166 test1167 test1168 test1169 test117 test1170 test1171 test1172 test1173 test1174 test1175 test1176 test1177 test1178 test1179 test118 test1180 test1181 test1182 test1183 test1184 test1185 test1186 test1187 test1188 test1189 test119 test1190 test1191 test1192 test1193 test1194 test1195 test1196 test1197 test1198 test1199 test12 test120 test1200 test1201 test1202 test1203 test1204 test1205 test1206 test1207 test1208 test1209 test121 test1210 test1211 test1212 test1213 test1214 test1215 test1216 test1217 test1218 test1219 test122 test1220 test1221 test1222 test1223 test1224 test1225 test1226 test1227 test1228 test1229 test123 test1230 test1231 test1232 test1233 test1234 test1235 test1236 test1237 test1238 test1239 test124 test1240 test1241 test1242 test1243 test1244 test1245 test1246 test1247 test1248 test1249 test125 test1250 test1251 test1252 test1253 test1254 test1255 test1256 test1257 test1258 test1259 test126 test1260 test1261 test1262 test1263 test1264 test1265 test1266 test1267 test1268 test1269 test127 test1270 test1271 test1272 test1273 test1274 test1275 test1276 test1277 test1278 test1279 test128 test1280 test1281 test1282 test1283 test1284 test1285 test1286 test1287 test1288 test1289 test129 test1290 test1291 test1292 test1293 test1294 test1295 test1296 test1297 test1298 test1299 test13 test130 test1300 test1301 test1302 test1303 test1304 test1305 test1306 test1307 test1308 test1309 test131 test1310 test1311 test1312 test1313 test1314 test1315 test1316 test1317 test1318 test1319 test132 test1320 test1321 test1322 test1323 test1324 test1325 test1326 test1327 test1328 test1329 test133 test1330 test1331 test1332 test1333 test1334 test1335 test1336 test1337 test1338 test1339 test134 test1340 test1341 test1342 test1343 test1344 test1345 test1346 test1347 test1348 test1349 test135 test1350 test1351 test1352 test1353 test1354 test1355 test1356 test1357 test1358 test1359 test136 test1360 test1361 test1362 test1363 test1364 test1365 test1366 test1367 test1368 test1369 test137 test1370 test1371 test1372 test1373 test1374 test1375 test1376 test1377 test1378 test1379 test138 test1380 test1381 test1382 test1383 test1384 test1385 test1386 test1387 test1388 test1389 test139 test1390 test1391 test1392 test1393 test1394 test1395 test1396 test1397 test1398 test1399 test14 test140 test1400 test1401 test1402 test1403 test1404 test1405 test1406 test1407 test1408 test1409 test141 test1410 test1411 test1412 test1413 test1414 test1415 test1416 test1417 test1418 test1419 test142 test1420 test1421 test1422 test1423 test1424 test1425 test1426 test1427 test1428 test1429 test143 test1430 test1431 test1432 test1433 test1434 test1435 test1436 test1437 test1438 test1439 test144 test1440 test1441 test1442 test1443 test1444 test1445 test1446 test1447 test1448 test1449 test145 test1450 test1451 test1452 test1453 test1454 test1455 test1456 test1457 test1458 test1459 test146 test1460 test1461 test1462 test1463 test1464 test1465 test1466 test1467 test1468 test1469 test147 test1470 test1471 test1472 test1473 test1474 test1475 test1476 test1477 test1478 test1479 test148 test1480 test1481 test1482 test1483 test1484 test1485 test1486 test1487 test1488 test1489 test149 test1490 test1491 test1492 test1493 test1494 test1495 test1496 test1497 test1498 test1499 test15 test150 test1500 test1501 test1502 test1503 test1504 test1505 test1506 test1507 test1508 test1509 test151 test1510 test1511 test1512 test1513 test1514 test1515 test1516 test1517 test1518 test1519 test152 test1520 test1521 test1522 test1523 test1524 test1525 test1526 test1527 test1528 test1529 test153 test1530 test1531 test1532 test1533 test1534 test1535 test1536 test1537 test1538 test1539 test154 test1540 test1541 test1542 test1543 test1544 test1545 test1546 test1547 test1548 test1549 test155 test1550 test1551 test1552 test1553 test1554 test1555 test1556 test1557 test1558 test1559 test156 test1560 test1561 test1562 test1563 test1564 test1565 test1566 test1567 test1568 test1569 test157 test1570 test1571 test1572 test1573 test1574 test1575 test1576 test1577 test1578 test1579 test158 test1580 test1581 test1582 test1583 test1584 test1585 test1586 test1587 test1588 test1589 test159 test1590 test1591 test1592 test1593 test1594 test1595 test1596 test1597 test1598 test1599 test16 test160 test1600 test1601 test1602 test1603 test1604 test1605 test1606 test1607 test1608 test1609 test161 test1610 test1611 test1612 test1613 test1614 test1615 test1616 test1617 test1618 test1619 test162 test1620 test1621 test1622 test1623 test1624 test1625 test1626 test1627 test1628 test1629 test163 test1630 test1631 test1632 test1633 test1634 test1635 test1636 test1637 test1638 test1639 test164 test1640 test1641 test1642 test1643 test1644 test1645 test165 test1650 test1651 test1652 test1653 test1654 test1655 test1656 test1657 test1658 test1659 test166 test1660 test1661 test1662 test1663 test1664 test1665 test1666 test1667 test1668 test1669 test167 test1670 test1671 test1672 test1673 test1674 test1675 test1676 test168 test1680 test1681 test1682 test1683 test1684 test1685 test169 test17 test170 test1700 test1701 test1702 test1703 test1704 test1705 test1706 test1707 test1708 test1709 test171 test1710 test1711 test1712 test1713 test1714 test1715 test172 test1720 test1721 test173 test174 test175 test176 test177 test178 test179 test18 test180 test1800 test1801 test1802 test181 test182 test183 test184 test1847 test1848 test1849 test185 test1850 test1851 test186 test187 test188 test189 test19 test190 test1900 test1901 test1902 test1903 test1904 test1905 test1906 test1907 test1908 test1909 test191 test1910 test1911 test1912 test1913 test1914 test1915 test1916 test1917 test1918 test1919 test192 test1920 test1921 test193 test1933 test1934 test1935 test1936 test1937 test1938 test1939 test194 test1940 test1941 test1942 test1943 test1944 test1945 test1946 test1947 test1948 test195 test1955 test1956 test1957 test1958 test1959 test196 test1960 test1964 test1965 test1966 test197 test1970 test1971 test1972 test1973 test1974 test1975 test1976 test1977 test1978 test1979 test198 test1980 test1981 test1982 test1983 test1984 test199 test2 test20 test200 test2000 test2001 test2002 test2003 test2004 test2005 test2006 test2007 test2008 test2009 test201 test2010 test2011 test2012 test2013 test2014 test202 test2023 test2024 test2025 test2026 test2027 test2028 test2029 test203 test2030 test2031 test2032 test2033 test2034 test2035 test2037 test2038 test2039 test204 test2040 test2041 test2042 test2043 test2044 test2045 test2046 test2047 test2048 test2049 test205 test2050 test2051 test2052 test2053 test2054 test2055 test2056 test2057 test2058 test2059 test206 test2060 test2061 test2062 test2063 test2064 test2065 test2066 test2067 test2068 test2069 test207 test2070 test2071 test2072 test2073 test2074 test2075 test2076 test2077 test2078 test2079 test208 test2080 test2081 test2082 test2083 test2084 test2085 test2086 test2087 test2088 test2089 test209 test2090 test2091 test2092 test21 test210 test2100 test2101 test2102 test2103 test2104 test211 test212 test213 test214 test215 test216 test217 test218 test219 test22 test220 test2200 test2201 test2202 test2203 test2204 test2205 test2206 test2207 test221 test222 test223 test224 test225 test226 test227 test228 test229 test23 test230 test2300 test2301 test2302 test2303 test2304 test2306 test2307 test2308 test2309 test231 test232 test233 test234 test235 test236 test237 test238 test239 test24 test240 test2400 test2401 test2402 test2403 test2404 test2405 test2406 test2407 test2408 test2409 test241 test2410 test2411 test242 test243 test244 test245 test246 test247 test248 test249 test25 test250 test2500 test2501 test2502 test2503 test2504 test2505 test2506 test251 test252 test253 test254 test255 test256 test257 test258 test259 test26 test260 test2600 test2601 test2602 test2603 test2604 test2605 test261 test262 test263 test264 test265 test266 test267 test268 test269 test27 test270 test2700 test2701 test2702 test2703 test2704 test2705 test2706 test2707 test2708 test2709 test271 test2710 test2711 test2712 test2713 test2714 test2715 test2716 test2717 test2718 test2719 test272 test2720 test2721 test2722 test2723 test273 test274 test275 test276 test277 test278 test279 test28 test280 test281 test282 test283 test284 test285 test286 test287 test288 test289 test29 test290 test291 test292 test293 test294 test295 test296 test297 test298 test299 test3 test30 test300 test3000 test3001 test3002 test3003 test3004 test3005 test3006 test3007 test3008 test3009 test301 test3010 test3011 test3012 test3013 test3014 test3015 test3016 test3017 test3018 test3019 test302 test3020 test3021 test3022 test3023 test3024 test3025 test3026 test3027 test3028 test3029 test303 test3030 test3031 test3032 test3033 test3034 test3035 test3036 test304 test305 test306 test307 test308 test309 test31 test310 test3100 test3101 test3102 test3103 test3104 test3105 test3106 test311 test312 test313 test314 test315 test316 test317 test318 test319 test32 test320 test3200 test3201 test3202 test3203 test3204 test3205 test3206 test3207 test3208 test3209 test321 test3210 test3211 test3212 test3213 test3214 test3215 test3216 test3217 test3218 test3219 test322 test3220 test323 test324 test325 test326 test327 test328 test329 test33 test330 test3300 test3301 test3302 test331 test332 test333 test334 test335 test336 test337 test338 test339 test34 test340 test341 test342 test343 test344 test345 test346 test347 test348 test349 test35 test350 test351 test352 test353 test354 test355 test356 test357 test358 test359 test36 test360 test361 test362 test363 test364 test365 test366 test367 test368 test369 test37 test370 test371 test372 test373 test374 test375 test376 test378 test379 test38 test380 test381 test383 test384 test385 test386 test387 test388 test389 test39 test390 test391 test392 test393 test394 test395 test396 test397 test398 test399 test4 test40 test400 test4000 test4001 test401 test402 test403 test404 test405 test406 test407 test408 test409 test41 test410 test411 test412 test413 test414 test415 test416 test417 test418 test419 test42 test420 test421 test422 test423 test424 test425 test426 test427 test428 test429 test43 test430 test431 test432 test433 test434 test435 test436 test437 test438 test439 test44 test440 test441 test442 test443 test444 test445 test446 test447 test448 test449 test45 test450 test451 test452 test453 test454 test455 test456 test457 test458 test459 test46 test460 test461 test462 test463 test467 test468 test469 test47 test470 test471 test472 test473 test474 test475 test476 test477 test478 test479 test48 test480 test481 test482 test483 test484 test485 test486 test487 test488 test489 test49 test490 test491 test492 test493 test494 test495 test496 test497 test498 test499 test5 test50 test500 test501 test502 test503 test504 test505 test506 test507 test508 test509 test51 test510 test511 test512 test513 test514 test515 test516 test517 test518 test519 test52 test520 test521 test522 test523 test524 test525 test526 test527 test528 test529 test53 test530 test531 test532 test533 test534 test535 test536 test537 test538 test539 test54 test540 test541 test542 test543 test544 test545 test546 test547 test548 test549 test55 test550 test551 test552 test553 test554 test555 test556 test557 test558 test559 test56 test560 test561 test562 test563 test564 test565 test566 test567 test568 test569 test57 test570 test571 test572 test573 test574 test575 test576 test577 test578 test579 test58 test580 test581 test582 test583 test584 test585 test586 test587 test588 test589 test59 test590 test591 test592 test593 test594 test595 test596 test597 test598 test599 test6 test60 test600 test601 test602 test603 test604 test605 test606 test607 test608 test609 test61 test610 test611 test612 test613 test614 test615 test616 test617 test618 test619 test62 test620 test621 test622 test623 test624 test625 test626 test627 test628 test629 test63 test630 test631 test632 test633 test634 test635 test636 test637 test638 test639 test64 test640 test641 test642 test643 test644 test645 test646 test647 test648 test649 test65 test650 test651 test652 test653 test654 test655 test656 test658 test659 test66 test660 test661 test662 test663 test664 test665 test666 test667 test668 test669 test67 test670 test671 test672 test673 test674 test675 test676 test677 test678 test679 test68 test680 test681 test682 test683 test684 test685 test686 test687 test688 test689 test69 test690 test691 test692 test693 test694 test695 test696 test697 test698 test699 test7 test70 test700 test701 test702 test703 test704 test705 test706 test707 test708 test709 test71 test710 test711 test712 test713 test714 test715 test716 test717 test718 test719 test72 test720 test721 test722 test723 test724 test725 test726 test727 test728 test729 test73 test730 test731 test732 test733 test734 test735 test736 test737 test738 test739 test74 test740 test741 test742 test743 test744 test745 test746 test747 test748 test749 test75 test750 test751 test752 test753 test754 test755 test756 test757 test758 test759 test76 test760 test761 test762 test763 test764 test765 test766 test767 test768 test769 test77 test770 test771 test772 test773 test774 test775 test776 test777 test778 test779 test78 test780 test781 test782 test783 test784 test785 test786 test787 test788 test789 test79 test790 test791 test792 test793 test794 test795 test796 test797 test798 test799 test8 test80 test800 test801 test802 test803 test804 test805 test806 test807 test808 test809 test81 test810 test811 test812 test813 test814 test815 test816 test817 test818 test819 test82 test820 test821 test822 test823 test824 test825 test826 test827 test828 test829 test83 test830 test831 test832 test833 test834 test835 test836 test837 test838 test839 test84 test840 test841 test842 test843 test844 test845 test846 test847 test848 test849 test85 test850 test851 test852 test853 test854 test855 test856 test857 test858 test859 test86 test860 test861 test862 test863 test864 test865 test866 test867 test868 test869 test87 test870 test871 test872 test873 test874 test875 test876 test877 test878 test879 test88 test880 test881 test882 test883 test884 test885 test886 test887 test888 test889 test89 test890 test891 test892 test893 test894 test895 test896 test897 test898 test899 test9 test90 test900 test901 test902 test903 test904 test905 test906 test907 test908 test909 test91 test910 test911 test912 test913 test914 test915 test916 test917 test918 test919 test92 test920 test921 test922 test923 test924 test925 test926 test927 test928 test929 test93 test930 test931 test932 test933 test934 test935 test936 test937 test938 test939 test94 test940 test941 test942 test943 test944 test945 test946 test947 test948 test949 test95 test950 test951 test952 test953 test954 test955 test956 test957 test958 test959 test96 test960 test961 test962 test963 test964 test965 test966 test967 test968 test969 test97 test970 test971 test972 test973 test974 test975 test976 test977 test978 test979 test98 test980 test981 test982 test983 test984 test985 test986 test987 test988 test989 test99 test990 test991 test992 test993 test994 test995 test996 test997 test998 test999http
testenv
__init__.py caddy.py certs.py client.py curl.py dante.py dnsd.py env.py httpd.py nghttpx.py ports.py sshd.py vsftpd.py ws_echo_server.pylibtest
.gitignore CMakeLists.txt Makefile.am Makefile.inc cli_ftp_upload.c cli_h2_pausing.c cli_h2_serverpush.c cli_h2_upgrade_extreme.c cli_hx_download.c cli_hx_upload.c cli_tls_session_reuse.c cli_upload_pausing.c cli_ws_data.c cli_ws_pingpong.c first.c first.h lib1156.c lib1301.c lib1308.c lib1485.c lib1500.c lib1501.c lib1502.c lib1506.c lib1507.c lib1508.c lib1509.c lib1510.c lib1511.c lib1512.c lib1513.c lib1514.c lib1515.c lib1517.c lib1518.c lib1520.c lib1522.c lib1523.c lib1525.c lib1526.c lib1527.c lib1528.c lib1529.c lib1530.c lib1531.c lib1532.c lib1533.c lib1534.c lib1535.c lib1536.c lib1537.c lib1538.c lib1540.c lib1541.c lib1542.c lib1545.c lib1549.c lib1550.c lib1551.c lib1552.c lib1553.c lib1554.c lib1555.c lib1556.c lib1557.c lib1558.c lib1559.c lib1560.c lib1564.c lib1565.c lib1567.c lib1568.c lib1569.c lib1571.c lib1576.c lib1582.c lib1587.c lib1588.c lib1589.c lib1591.c lib1592.c lib1593.c lib1594.c lib1597.c lib1598.c lib1599.c lib1662.c lib1900.c lib1901.c lib1902.c lib1903.c lib1905.c lib1906.c lib1907.c lib1908.c lib1910.c lib1911.c lib1912.c lib1913.c lib1915.c lib1916.c lib1918.c lib1919.c lib1920.c lib1921.c lib1933.c lib1934.c lib1935.c lib1936.c lib1937.c lib1938.c lib1939.c lib1940.c lib1945.c lib1947.c lib1948.c lib1955.c lib1956.c lib1957.c lib1958.c lib1959.c lib1960.c lib1964.c lib1965.c lib1970.c lib1971.c lib1972.c lib1973.c lib1974.c lib1975.c lib1977.c lib1978.c lib2023.c lib2032.c lib2082.c lib2301.c lib2302.c lib2304.c lib2306.c lib2308.c lib2309.c lib2402.c lib2404.c lib2405.c lib2502.c lib2504.c lib2505.c lib2506.c lib2700.c lib3010.c lib3025.c lib3026.c lib3027.c lib3033.c lib3034.c lib3100.c lib3101.c lib3102.c lib3103.c lib3104.c lib3105.c lib3207.c lib3208.c lib500.c lib501.c lib502.c lib503.c lib504.c lib505.c lib506.c lib507.c lib508.c lib509.c lib510.c lib511.c lib512.c lib513.c lib514.c lib515.c lib516.c lib517.c lib518.c lib519.c lib520.c lib521.c lib523.c lib524.c lib525.c lib526.c lib530.c lib533.c lib536.c lib537.c lib539.c lib540.c lib541.c lib542.c lib543.c lib544.c lib547.c lib549.c lib552.c lib553.c lib554.c lib555.c lib556.c lib557.c lib558.c lib559.c lib560.c lib562.c lib564.c lib566.c lib567.c lib568.c lib569.c lib570.c lib571.c lib572.c lib573.c lib574.c lib575.c lib576.c lib578.c lib579.c lib582.c lib583.c lib586.c lib589.c lib590.c lib591.c lib597.c lib598.c lib599.c lib643.c lib650.c lib651.c lib652.c lib653.c lib654.c lib655.c lib658.c lib659.c lib661.c lib666.c lib667.c lib668.c lib670.c lib674.c lib676.c lib677.c lib678.c lib694.c lib695.c lib751.c lib753.c lib757.c lib758.c lib766.c memptr.c mk-lib1521.pl test1013.pl test1022.pl test307.pl test610.pl test613.pl testtrace.c testtrace.h testutil.c testutil.h unitcheck.hserver
.checksrc .gitignore CMakeLists.txt Makefile.am Makefile.inc dnsd.c first.c first.h getpart.c mqttd.c resolve.c rtspd.c sockfilt.c socksd.c sws.c tftpd.c util.ctunit
.gitignore CMakeLists.txt Makefile.am Makefile.inc README.md tool1394.c tool1604.c tool1621.c tool1622.c tool1623.c tool1720.cunit
.gitignore CMakeLists.txt Makefile.am Makefile.inc README.md unit1300.c unit1302.c unit1303.c unit1304.c unit1305.c unit1307.c unit1309.c unit1323.c unit1330.c unit1395.c unit1396.c unit1397.c unit1398.c unit1399.c unit1600.c unit1601.c unit1602.c unit1603.c unit1605.c unit1606.c unit1607.c unit1608.c unit1609.c unit1610.c unit1611.c unit1612.c unit1614.c unit1615.c unit1616.c unit1620.c unit1625.c unit1626.c unit1627.c unit1636.c unit1650.c unit1651.c unit1652.c unit1653.c unit1654.c unit1655.c unit1656.c unit1657.c unit1658.c unit1660.c unit1661.c unit1663.c unit1664.c unit1666.c unit1667.c unit1668.c unit1669.c unit1674.c unit1675.c unit1676.c unit1979.c unit1980.c unit2600.c unit2601.c unit2602.c unit2603.c unit2604.c unit2605.c unit3200.c unit3205.c unit3211.c unit3212.c unit3213.c unit3214.c unit3216.c unit3219.c unit3300.c unit3301.c unit3302.cexamples
.env config.ini crypto_test.lua env_test.lua fs_example.lua http_server.lua https_test.lua ini_example.lua json.lua log.lua path_fs_example.lua process_example.lua request_download.lua request_test.lua run_all.lua sqlite_example.lua sqlite_http_template.lua stash_test.lua template_test.lua timer.lua websocket.luainiparser
example
iniexample.c iniwrite.c parse.c twisted-errors.ini twisted-genhuge.py twisted-ofkey.ini twisted-ofval.ini twisted.initest
CMakeLists.txt test_dictionary.c test_iniparser.c unity-config.yml unity_config.hjinjac
libjinjac
src
CMakeLists.txt ast.c ast.h block_statement.c block_statement.h buffer.c buffer.h buildin.c buildin.h common.h convert.c convert.h flex_decl.h jfunction.c jfunction.h jinja_expression.l jinja_expression.y jinjac_parse.c jinjac_parse.h jinjac_stream.c jinjac_stream.h jlist.c jlist.h jobject.c jobject.h parameter.c parameter.h str_obj.c str_obj.h trace.c trace.htest
.gitignore CMakeLists.txt autotest.rb test_01.expected test_01.jinja test_01b.expected test_01b.jinja test_01c.expected test_01c.jinja test_01d.expected test_01d.jinja test_02.expected test_02.jinja test_03.expected test_03.jinja test_04.expected test_04.jinja test_05.expected test_05.jinja test_06.expected test_06.jinja test_07.expected test_07.jinja test_08.expected test_08.jinja test_08b.expected test_08b.jinja test_09.expected test_09.jinja test_10.expected test_10.jinja test_11.expected test_11.jinja test_12.expected test_12.jinja test_13.expected test_13.jinja test_14.expected test_14.jinja test_15.expected test_15.jinja test_16.expected test_16.jinja test_17.expected test_17.jinja test_18.expected test_18.jinja test_18b.expected test_18b.jinja test_18c.expected test_18c.jinja test_19.expected test_19.jinja test_19b.expected test_19b.jinja test_19c.expected test_19c.jinja test_19d.expected test_19d.jinja test_19e.expected test_19e.jinja test_19f.expected test_19f.jinja test_20.expected test_20.jinja test_21.expected test_21.jinja test_22.expected test_22.jinja test_22a.expected test_22a.jinja test_22b.expected test_22b.jinja test_23.expected test_23.jinja test_24.expected test_24.jinjalibev
Changes LICENSE Makefile Makefile.am Makefile.in README Symbols.ev Symbols.event aclocal.m4 autogen.sh compile config.guess config.h config.h.in config.status config.sub configure configure.ac depcomp ev++.h ev.3 ev.c ev.h ev.pod ev_epoll.c ev_kqueue.c ev_poll.c ev_port.c ev_select.c ev_vars.h ev_win32.c ev_wrap.h event.c event.h install-sh libev.m4 libtool ltmain.sh missing mkinstalldirs stamp-h1luajit
doc
bluequad-print.css bluequad.css contact.html ext_buffer.html ext_c_api.html ext_ffi.html ext_ffi_api.html ext_ffi_semantics.html ext_ffi_tutorial.html ext_jit.html ext_profiler.html extensions.html install.html luajit.html running.html
dynasm
dasm_arm.h dasm_arm.lua dasm_arm64.h dasm_arm64.lua dasm_mips.h dasm_mips.lua dasm_mips64.lua dasm_ppc.h dasm_ppc.lua dasm_proto.h dasm_x64.lua dasm_x86.h dasm_x86.lua dynasm.luasrc
host
.gitignore README buildvm.c buildvm.h buildvm_asm.c buildvm_fold.c buildvm_lib.c buildvm_libbc.h buildvm_peobj.c genlibbc.lua genminilua.lua genversion.lua minilua.cjit
.gitignore bc.lua bcsave.lua dis_arm.lua dis_arm64.lua dis_arm64be.lua dis_mips.lua dis_mips64.lua dis_mips64el.lua dis_mips64r6.lua dis_mips64r6el.lua dis_mipsel.lua dis_ppc.lua dis_x64.lua dis_x86.lua dump.lua p.lua v.lua zone.luawolfssl
.github
workflows
ada.yml arduino.yml async-examples.yml async.yml atecc608-sim.yml bind.yml cmake-autoconf.yml cmake.yml codespell.yml coverity-scan-fixes.yml cryptocb-only.yml curl.yml cyrus-sasl.yml disable-pk-algs.yml docker-Espressif.yml docker-OpenWrt.yml emnet-nonblock.yml fil-c.yml freertos-mem-track.yml gencertbuf.yml grpc.yml haproxy.yml hostap-vm.yml intelasm-c-fallback.yml ipmitool.yml jwt-cpp.yml krb5.yml libspdm.yml libssh2.yml libvncserver.yml linuxkm.yml macos-apple-native-cert-validation.yml mbedtls.sh mbedtls.yml membrowse-comment.yml membrowse-onboard.yml membrowse-report.yml memcached.sh memcached.yml mono.yml mosquitto.yml msmtp.yml msys2.yml multi-arch.yml multi-compiler.yml net-snmp.yml nginx.yml no-malloc.yml no-tls.yml nss.sh nss.yml ntp.yml ocsp.yml openldap.yml openssh.yml openssl-ech.yml opensslcoexist.yml openvpn.yml os-check.yml packaging.yml pam-ipmi.yml pq-all.yml pr-commit-check.yml psk.yml puf.yml python.yml rng-tools.yml rust-wrapper.yml se050-sim.yml smallStackSize.yml socat.yml softhsm.yml sssd.yml stm32-sim.yml stsafe-a120-sim.yml stunnel.yml symbol-prefixes.yml threadx.yml tls-anvil.yml trackmemory.yml watcomc.yml win-csharp-test.yml wolfCrypt-Wconversion.yml wolfboot-integration.yml wolfsm.yml xcode.yml zephyr-4.x.yml zephyr.ymlIDE
ARDUINO
Arduino_README_prepend.md README.md include.am keywords.txt library.properties.template wolfssl-arduino.cpp wolfssl-arduino.sh wolfssl.hECLIPSE
Espressif
ESP-IDF
examples
template
CMakeLists.txt Makefile README.md partitions_singleapp_large.csv sdkconfig.defaults sdkconfig.defaults.esp8266wolfssl_benchmark
VisualGDB
wolfssl_benchmark_IDF_v4.4_ESP32.sln wolfssl_benchmark_IDF_v4.4_ESP32.vgdbproj wolfssl_benchmark_IDF_v5_ESP32.sln wolfssl_benchmark_IDF_v5_ESP32.vgdbproj wolfssl_benchmark_IDF_v5_ESP32C3.sln wolfssl_benchmark_IDF_v5_ESP32C3.vgdbproj wolfssl_benchmark_IDF_v5_ESP32S3.sln wolfssl_benchmark_IDF_v5_ESP32S3.vgdbprojwolfssl_client
CMakeLists.txt Makefile README.md README_server_sm.md partitions_singleapp_large.csv sdkconfig.defaults sdkconfig.defaults.esp32c2 sdkconfig.defaults.esp8266 wolfssl_client_ESP8266.vgdbprojwolfssl_server
CMakeLists.txt Makefile README.md README_server_sm.md partitions_singleapp_large.csv sdkconfig.defaults sdkconfig.defaults.esp32c2 sdkconfig.defaults.esp8266 wolfssl_server_ESP8266.vgdbprojwolfssl_test
VisualGDB
wolfssl_test-IDF_v5_ESP32.sln wolfssl_test-IDF_v5_ESP32.vgdbproj wolfssl_test-IDF_v5_ESP32C3.sln wolfssl_test-IDF_v5_ESP32C3.vgdbproj wolfssl_test-IDF_v5_ESP32C6.sln wolfssl_test-IDF_v5_ESP32C6.vgdbproj wolfssl_test_IDF_v5_ESP32S3.sln wolfssl_test_IDF_v5_ESP32S3.vgdbprojGCC-ARM
Makefile Makefile.bench Makefile.client Makefile.common Makefile.server Makefile.static Makefile.test README.md include.am linker.ld linker_fips.ldIAR-EWARM
embOS
SAMV71_XULT
embOS_SAMV71_XULT_user_settings
user_settings.h user_settings_simple_example.h user_settings_verbose_example.hembOS_wolfcrypt_benchmark_SAMV71_XULT
README_wolfcrypt_benchmark wolfcrypt_benchmark.ewd wolfcrypt_benchmark.ewpINTIME-RTOS
Makefile README.md include.am libwolfssl.c libwolfssl.vcxproj user_settings.h wolfExamples.c wolfExamples.h wolfExamples.sln wolfExamples.vcxproj wolfssl-lib.sln wolfssl-lib.vcxprojMQX
Makefile README-jp.md README.md client-tls.c include.am server-tls.c user_config.h user_settings.hMSVS-2019-AZSPHERE
wolfssl_new_azsphere
.gitignore CMakeLists.txt CMakeSettings.json app_manifest.json applibs_versions.h launch.vs.json main.cNETOS
Makefile.wolfcrypt.inc README.md include.am user_settings.h user_settings.h-cert2425 user_settings.h-cert3389 wolfssl_netos_custom.cPlatformIO
examples
wolfssl_benchmark
CMakeLists.txt README.md platformio.ini sdkconfig.defaults wolfssl_benchmark.code-workspaceROWLEY-CROSSWORKS-ARM
Kinetis_FlashPlacement.xml README.md arm_startup.c benchmark_main.c hw.h include.am kinetis_hw.c retarget.c test_main.c user_settings.h wolfssl.hzp wolfssl_ltc.hzpRenesas
e2studio
RA6M3
README.md README_APRA6M_en.md README_APRA6M_jp.md include.amRX72N
EnvisionKit
Simple
README_EN.md README_JP.mdwolfssl_demo
key_data.c key_data.h user_settings.h wolfssl_demo.c wolfssl_demo.h wolfssl_tsip_unit_test.cSTM32Cube
README.md STM32_Benchmarks.md default_conf.ftl include.am main.c wolfssl_example.c wolfssl_example.hWIN
README.txt include.am test.vcxproj user_settings.h user_settings_dtls.h wolfssl-fips.sln wolfssl-fips.vcxprojWIN-SRTP-KDF-140-3
README.txt include.am resource.h test.vcxproj user_settings.h wolfssl-fips.rc wolfssl-fips.sln wolfssl-fips.vcxprojWIN10
README.txt include.am resource.h test.vcxproj user_settings.h wolfssl-fips.rc wolfssl-fips.sln wolfssl-fips.vcxprojXCODE
Benchmark
include.amXilinxSDK
README.md bench.sh combine.sh eclipse_formatter_profile.xml graph.sh include.am user_settings.h wolfssl_example.capple-universal
wolfssl-multiplatform
iotsafe
Makefile README.md ca-cert.c devices.c devices.h include.am main.c memory-tls.c startup.c target.ld user_settings.hmynewt
README.md apps.wolfcrypttest.pkg.yml crypto.wolfssl.pkg.yml crypto.wolfssl.syscfg.yml include.am setup.shcerts
1024
ca-cert.der ca-cert.pem ca-key.der ca-key.pem client-cert.der client-cert.pem client-key.der client-key.pem client-keyPub.der dh1024.der dh1024.pem dsa-pub-1024.pem dsa1024.der dsa1024.pem include.am rsa1024.der server-cert.der server-cert.pem server-key.der server-key.pemcrl
extra-crls
ca-int-cert-revoked.pem claim-root.pem crl_critical_entry.pem crlnum_57oct.pem crlnum_64oct.pem general-server-crl.pem large_crlnum.pem large_crlnum2.pemdilithium
bench_dilithium_level2_key.der bench_dilithium_level3_key.der bench_dilithium_level5_key.der include.amecc
bp256r1-key.der bp256r1-key.pem ca-secp256k1-cert.pem ca-secp256k1-key.pem client-bp256r1-cert.der client-bp256r1-cert.pem client-secp256k1-cert.der client-secp256k1-cert.pem genecc.sh include.am secp256k1-key.der secp256k1-key.pem secp256k1-param.pem secp256k1-privkey.der secp256k1-privkey.pem server-bp256r1-cert.der server-bp256r1-cert.pem server-secp256k1-cert.der server-secp256k1-cert.pem server2-secp256k1-cert.der server2-secp256k1-cert.pem wolfssl.cnf wolfssl_384.cnfed25519
ca-ed25519-key.der ca-ed25519-key.pem ca-ed25519-priv.der ca-ed25519-priv.pem ca-ed25519.der ca-ed25519.pem client-ed25519-key.der client-ed25519-key.pem client-ed25519-priv.der client-ed25519-priv.pem client-ed25519.der client-ed25519.pem eddsa-ed25519.der eddsa-ed25519.pem gen-ed25519-certs.sh gen-ed25519-keys.sh gen-ed25519.sh include.am root-ed25519-key.der root-ed25519-key.pem root-ed25519-priv.der root-ed25519-priv.pem root-ed25519.der root-ed25519.pem server-ed25519-cert.pem server-ed25519-key.der server-ed25519-key.pem server-ed25519-priv.der server-ed25519-priv.pem server-ed25519.der server-ed25519.pemed448
ca-ed448-key.der ca-ed448-key.pem ca-ed448-priv.der ca-ed448-priv.pem ca-ed448.der ca-ed448.pem client-ed448-key.der client-ed448-key.pem client-ed448-priv.der client-ed448-priv.pem client-ed448.der client-ed448.pem gen-ed448-certs.sh gen-ed448-keys.sh include.am root-ed448-key.der root-ed448-key.pem root-ed448-priv.der root-ed448-priv.pem root-ed448.der root-ed448.pem server-ed448-cert.pem server-ed448-key.der server-ed448-key.pem server-ed448-priv.der server-ed448-priv.pem server-ed448.der server-ed448.pemexternal
DigiCertGlobalRootCA.pem README.txt ca-digicert-ev.pem ca-globalsign-root.pem ca-google-root.pem ca_collection.pem include.amintermediate
ca_false_intermediate
gentestcert.sh int_ca.key server.key test_ca.key test_ca.pem test_int_not_cacert.pem test_sign_bynoca_srv.pem wolfssl_base.conf wolfssl_srv.conflms
bc_hss_L2_H5_W8_root.der bc_hss_L3_H5_W4_root.der bc_lms_chain_ca.der bc_lms_chain_leaf.der bc_lms_native_bc_root.der bc_lms_sha256_h10_w8_root.der bc_lms_sha256_h5_w4_root.der include.ammldsa
README.txt include.am mldsa44-cert.der mldsa44-cert.pem mldsa44-key.pem mldsa44_bare-priv.der mldsa44_bare-seed.der mldsa44_oqskeypair.der mldsa44_priv-only.der mldsa44_pub-spki.der mldsa44_seed-only.der mldsa44_seed-priv.der mldsa65-cert.der mldsa65-cert.pem mldsa65-key.pem mldsa65_bare-priv.der mldsa65_bare-seed.der mldsa65_oqskeypair.der mldsa65_priv-only.der mldsa65_pub-spki.der mldsa65_seed-only.der mldsa65_seed-priv.der mldsa87-cert.der mldsa87-cert.pem mldsa87-key.pem mldsa87_bare-priv.der mldsa87_bare-seed.der mldsa87_oqskeypair.der mldsa87_priv-only.der mldsa87_pub-spki.der mldsa87_seed-only.der mldsa87_seed-priv.derocsp
imposter-root-ca-cert.der imposter-root-ca-cert.pem imposter-root-ca-key.der imposter-root-ca-key.pem include.am index-ca-and-intermediate-cas.txt index-ca-and-intermediate-cas.txt.attr index-intermediate1-ca-issued-certs.txt index-intermediate1-ca-issued-certs.txt.attr index-intermediate2-ca-issued-certs.txt index-intermediate2-ca-issued-certs.txt.attr index-intermediate3-ca-issued-certs.txt index-intermediate3-ca-issued-certs.txt.attr intermediate1-ca-cert.der intermediate1-ca-cert.pem intermediate1-ca-key.der intermediate1-ca-key.pem intermediate2-ca-cert.der intermediate2-ca-cert.pem intermediate2-ca-key.der intermediate2-ca-key.pem intermediate3-ca-cert.der intermediate3-ca-cert.pem intermediate3-ca-key.der intermediate3-ca-key.pem ocsp-responder-cert.der ocsp-responder-cert.pem ocsp-responder-key.der ocsp-responder-key.pem openssl.cnf renewcerts-for-test.sh renewcerts.sh root-ca-cert.der root-ca-cert.pem root-ca-crl.pem root-ca-key.der root-ca-key.pem server1-cert.der server1-cert.pem server1-chain-noroot.pem server1-key.der server1-key.pem server2-cert.der server2-cert.pem server2-key.der server2-key.pem server3-cert.der server3-cert.pem server3-key.der server3-key.pem server4-cert.der server4-cert.pem server4-key.der server4-key.pem server5-cert.der server5-cert.pem server5-key.der server5-key.pem test-leaf-response.der test-multi-response.der test-response-nointern.der test-response-rsapss.der test-response.derp521
ca-p521-key.der ca-p521-key.pem ca-p521-priv.der ca-p521-priv.pem ca-p521.der ca-p521.pem client-p521-key.der client-p521-key.pem client-p521-priv.der client-p521-priv.pem client-p521.der client-p521.pem gen-p521-certs.sh gen-p521-keys.sh include.am root-p521-key.der root-p521-key.pem root-p521-priv.der root-p521-priv.pem root-p521.der root-p521.pem server-p521-cert.pem server-p521-key.der server-p521-key.pem server-p521-priv.der server-p521-priv.pem server-p521.der server-p521.pemrpk
client-cert-rpk.der client-ecc-cert-rpk.der include.am server-cert-rpk.der server-ecc-cert-rpk.derrsapss
ca-3072-rsapss-key.der ca-3072-rsapss-key.pem ca-3072-rsapss-priv.der ca-3072-rsapss-priv.pem ca-3072-rsapss.der ca-3072-rsapss.pem ca-rsapss-key.der ca-rsapss-key.pem ca-rsapss-priv.der ca-rsapss-priv.pem ca-rsapss.der ca-rsapss.pem client-3072-rsapss-key.der client-3072-rsapss-key.pem client-3072-rsapss-priv.der client-3072-rsapss-priv.pem client-3072-rsapss.der client-3072-rsapss.pem client-rsapss-key.der client-rsapss-key.pem client-rsapss-priv.der client-rsapss-priv.pem client-rsapss.der client-rsapss.pem gen-rsapss-keys.sh include.am renew-rsapss-certs.sh root-3072-rsapss-key.der root-3072-rsapss-key.pem root-3072-rsapss-priv.der root-3072-rsapss-priv.pem root-3072-rsapss.der root-3072-rsapss.pem root-rsapss-key.der root-rsapss-key.pem root-rsapss-priv.der root-rsapss-priv.pem root-rsapss.der root-rsapss.pem server-3072-rsapss-cert.pem server-3072-rsapss-key.der server-3072-rsapss-key.pem server-3072-rsapss-priv.der server-3072-rsapss-priv.pem server-3072-rsapss.der server-3072-rsapss.pem server-mix-rsapss-cert.pem server-rsapss-cert.pem server-rsapss-key.der server-rsapss-key.pem server-rsapss-priv.der server-rsapss-priv.pem server-rsapss.der server-rsapss.pemslhdsa
bench_slhdsa_sha2_128f_key.der bench_slhdsa_sha2_128s_key.der bench_slhdsa_sha2_192f_key.der bench_slhdsa_sha2_192s_key.der bench_slhdsa_sha2_256f_key.der bench_slhdsa_sha2_256s_key.der bench_slhdsa_shake128f_key.der bench_slhdsa_shake128s_key.der bench_slhdsa_shake192f_key.der bench_slhdsa_shake192s_key.der bench_slhdsa_shake256f_key.der bench_slhdsa_shake256s_key.der client-mldsa44-priv.pem client-mldsa44-sha2.der client-mldsa44-sha2.pem client-mldsa44-shake.der client-mldsa44-shake.pem gen-slhdsa-mldsa-certs.sh include.am root-slhdsa-sha2-128s-priv.der root-slhdsa-sha2-128s-priv.pem root-slhdsa-sha2-128s.der root-slhdsa-sha2-128s.pem root-slhdsa-shake-128s-priv.der root-slhdsa-shake-128s-priv.pem root-slhdsa-shake-128s.der root-slhdsa-shake-128s.pem server-mldsa44-priv.pem server-mldsa44-sha2.der server-mldsa44-sha2.pem server-mldsa44-shake.der server-mldsa44-shake.pemsm2
ca-sm2-key.der ca-sm2-key.pem ca-sm2-priv.der ca-sm2-priv.pem ca-sm2.der ca-sm2.pem client-sm2-key.der client-sm2-key.pem client-sm2-priv.der client-sm2-priv.pem client-sm2.der client-sm2.pem fix_sm2_spki.py gen-sm2-certs.sh gen-sm2-keys.sh include.am root-sm2-key.der root-sm2-key.pem root-sm2-priv.der root-sm2-priv.pem root-sm2.der root-sm2.pem self-sm2-cert.pem self-sm2-key.pem self-sm2-priv.pem server-sm2-cert.der server-sm2-cert.pem server-sm2-key.der server-sm2-key.pem server-sm2-priv.der server-sm2-priv.pem server-sm2.der server-sm2.pemstatickeys
dh-ffdhe2048-params.pem dh-ffdhe2048-pub.der dh-ffdhe2048-pub.pem dh-ffdhe2048.der dh-ffdhe2048.pem ecc-secp256r1.der ecc-secp256r1.pem gen-static.sh include.am x25519-pub.der x25519-pub.pem x25519.der x25519.pemtest
catalog.txt cert-bad-neg-int.der cert-bad-oid.der cert-bad-utf8.der cert-ext-ia.cfg cert-ext-ia.der cert-ext-ia.pem cert-ext-joi.cfg cert-ext-joi.der cert-ext-joi.pem cert-ext-mnc.der cert-ext-multiple.cfg cert-ext-multiple.der cert-ext-multiple.pem cert-ext-nc-combined.der cert-ext-nc-combined.pem cert-ext-nc.cfg cert-ext-nc.der cert-ext-nc.pem cert-ext-ncdns.der cert-ext-ncdns.pem cert-ext-ncip.der cert-ext-ncip.pem cert-ext-ncmixed.der cert-ext-ncmulti.der cert-ext-ncmulti.pem cert-ext-ncrid.der cert-ext-ncrid.pem cert-ext-nct.cfg cert-ext-nct.der cert-ext-nct.pem cert-ext-ndir-exc.cfg cert-ext-ndir-exc.der cert-ext-ndir-exc.pem cert-ext-ndir.cfg cert-ext-ndir.der cert-ext-ndir.pem cert-ext-ns.der cert-over-max-altnames.cfg cert-over-max-altnames.der cert-over-max-altnames.pem cert-over-max-nc.cfg cert-over-max-nc.der cert-over-max-nc.pem client-ecc-cert-ski.hex cn-ip-literal.der cn-ip-wildcard.der crit-cert.pem crit-key.pem dh1024.der dh1024.pem dh512.der dh512.pem digsigku.pem encrypteddata.msg gen-badsig.sh gen-ext-certs.sh gen-testcerts.sh include.am kari-keyid-cms.msg ktri-keyid-cms.msg ossl-trusted-cert.pem server-badaltname.der server-badaltname.pem server-badaltnull.der server-badaltnull.pem server-badcn.der server-badcn.pem server-badcnnull.der server-badcnnull.pem server-cert-ecc-badsig.der server-cert-ecc-badsig.pem server-cert-rsa-badsig.der server-cert-rsa-badsig.pem server-duplicate-policy.pem server-garbage.der server-garbage.pem server-goodalt.der server-goodalt.pem server-goodaltwild.der server-goodaltwild.pem server-goodcn.der server-goodcn.pem server-goodcnwild.der server-goodcnwild.pem server-localhost.der server-localhost.pem smime-test-canon.p7s smime-test-multipart-badsig.p7s smime-test-multipart.p7s smime-test.p7stest-pathlen
assemble-chains.sh chainA-ICA1-key.pem chainA-ICA1-pathlen0.pem chainA-assembled.pem chainA-entity-key.pem chainA-entity.pem chainB-ICA1-key.pem chainB-ICA1-pathlen0.pem chainB-ICA2-key.pem chainB-ICA2-pathlen1.pem chainB-assembled.pem chainB-entity-key.pem chainB-entity.pem chainC-ICA1-key.pem chainC-ICA1-pathlen1.pem chainC-assembled.pem chainC-entity-key.pem chainC-entity.pem chainD-ICA1-key.pem chainD-ICA1-pathlen127.pem chainD-assembled.pem chainD-entity-key.pem chainD-entity.pem chainE-ICA1-key.pem chainE-ICA1-pathlen128.pem chainE-assembled.pem chainE-entity-key.pem chainE-entity.pem chainF-ICA1-key.pem chainF-ICA1-pathlen1.pem chainF-ICA2-key.pem chainF-ICA2-pathlen0.pem chainF-assembled.pem chainF-entity-key.pem chainF-entity.pem chainG-ICA1-key.pem chainG-ICA1-pathlen0.pem chainG-ICA2-key.pem chainG-ICA2-pathlen1.pem chainG-ICA3-key.pem chainG-ICA3-pathlen99.pem chainG-ICA4-key.pem chainG-ICA4-pathlen5.pem chainG-ICA5-key.pem chainG-ICA5-pathlen20.pem chainG-ICA6-key.pem chainG-ICA6-pathlen10.pem chainG-ICA7-key.pem chainG-ICA7-pathlen100.pem chainG-assembled.pem chainG-entity-key.pem chainG-entity.pem chainH-ICA1-key.pem chainH-ICA1-pathlen0.pem chainH-ICA2-key.pem chainH-ICA2-pathlen2.pem chainH-ICA3-key.pem chainH-ICA3-pathlen2.pem chainH-ICA4-key.pem chainH-ICA4-pathlen2.pem chainH-assembled.pem chainH-entity-key.pem chainH-entity.pem chainI-ICA1-key.pem chainI-ICA1-no_pathlen.pem chainI-ICA2-key.pem chainI-ICA2-no_pathlen.pem chainI-ICA3-key.pem chainI-ICA3-pathlen2.pem chainI-assembled.pem chainI-entity-key.pem chainI-entity.pem chainJ-ICA1-key.pem chainJ-ICA1-no_pathlen.pem chainJ-ICA2-key.pem chainJ-ICA2-no_pathlen.pem chainJ-ICA3-key.pem chainJ-ICA3-no_pathlen.pem chainJ-ICA4-key.pem chainJ-ICA4-pathlen2.pem chainJ-assembled.pem chainJ-entity-key.pem chainJ-entity.pem include.am refreshkeys.shtest-serial0
ee_normal.pem ee_serial0.pem generate_certs.sh include.am intermediate_serial0.pem root_serial0.pem root_serial0_key.pem selfsigned_nonca_serial0.pemxmss
bc_xmss_chain_ca.der bc_xmss_chain_leaf.der bc_xmss_sha2_10_256_root.der bc_xmss_sha2_16_256_root.der bc_xmssmt_sha2_20_2_256_root.der bc_xmssmt_sha2_20_4_256_root.der bc_xmssmt_sha2_40_8_256_root.der include.amcmake
Config.cmake.in README.md config.in functions.cmake include.am options.h.in wolfssl-config-version.cmake.in wolfssl-targets.cmake.indebian
changelog.in control.in copyright include.am libwolfssl-dev.install libwolfssl.install rules.indoc
dox_comments
header_files
aes.h arc4.h ascon.h asn.h asn_public.h blake2.h bn.h camellia.h chacha.h chacha20_poly1305.h cmac.h coding.h compress.h cryptocb.h curve25519.h curve448.h des3.h dh.h doxygen_groups.h doxygen_pages.h dsa.h ecc.h eccsi.h ed25519.h ed448.h error-crypt.h evp.h hash.h hmac.h iotsafe.h kdf.h logging.h md2.h md4.h md5.h memory.h ocsp.h pem.h pkcs11.h pkcs7.h poly1305.h psa.h puf.h pwdbased.h quic.h random.h ripemd.h rsa.h sakke.h sha.h sha256.h sha3.h sha512.h signature.h siphash.h srp.h ssl.h tfm.h types.h wc_encrypt.h wc_port.h wc_she.h wc_slhdsa.h wolfio.hheader_files-ja
aes.h arc4.h ascon.h asn.h asn_public.h blake2.h bn.h camellia.h chacha.h chacha20_poly1305.h cmac.h coding.h compress.h cryptocb.h curve25519.h curve448.h des3.h dh.h doxygen_groups.h doxygen_pages.h dsa.h ecc.h eccsi.h ed25519.h ed448.h error-crypt.h evp.h hash.h hmac.h iotsafe.h kdf.h logging.h md2.h md4.h md5.h memory.h ocsp.h pem.h pkcs11.h pkcs7.h poly1305.h psa.h pwdbased.h quic.h random.h ripemd.h rsa.h sakke.h sha.h sha256.h sha3.h sha512.h signature.h siphash.h srp.h ssl.h tfm.h types.h wc_encrypt.h wc_port.h wolfio.h
examples
async
Makefile README.md async_client.c async_server.c async_tls.c async_tls.h include.am user_settings.hconfigs
README.md include.am user_settings_EBSnet.h user_settings_all.h user_settings_arduino.h user_settings_baremetal.h user_settings_ca.h user_settings_curve25519nonblock.h user_settings_dtls13.h user_settings_eccnonblock.h user_settings_espressif.h user_settings_fipsv2.h user_settings_fipsv5.h user_settings_min_ecc.h user_settings_openssl_compat.h user_settings_pkcs7.h user_settings_platformio.h user_settings_pq.h user_settings_rsa_only.h user_settings_stm32.h user_settings_template.h user_settings_tls12.h user_settings_tls13.h user_settings_wolfboot_keytools.h user_settings_wolfssh.h user_settings_wolftpm.hechoclient
echoclient.c echoclient.h echoclient.sln echoclient.vcproj echoclient.vcxproj include.am quitlinuxkm
Kbuild Makefile README.md get_thread_size.c include.am linuxkm-fips-hash-wrapper.sh linuxkm-fips-hash.c linuxkm_memory.c linuxkm_memory.h linuxkm_wc_port.h lkcapi_aes_glue.c lkcapi_dh_glue.c lkcapi_ecdh_glue.c lkcapi_ecdsa_glue.c lkcapi_glue.c lkcapi_rsa_glue.c lkcapi_sha_glue.c module_exports.c.template module_hooks.c pie_redirect_table.c wolfcrypt.lds x86_vector_register_glue.cm4
ax_add_am_macro.m4 ax_am_jobserver.m4 ax_am_macros.m4 ax_append_compile_flags.m4 ax_append_flag.m4 ax_append_link_flags.m4 ax_append_to_file.m4 ax_atomic.m4 ax_bsdkm.m4 ax_check_compile_flag.m4 ax_check_link_flag.m4 ax_compiler_version.m4 ax_count_cpus.m4 ax_create_generic_config.m4 ax_debug.m4 ax_file_escapes.m4 ax_harden_compiler_flags.m4 ax_linuxkm.m4 ax_print_to_file.m4 ax_pthread.m4 ax_require_defined.m4 ax_tls.m4 ax_vcs_checkout.m4 hexversion.m4 lib_socket_nsl.m4 visibility.m4mqx
wolfcrypt_benchmark
ReferencedRSESystems.xml wolfcrypt_benchmark_twrk70f120m_Int_Flash_DDRData_Debug_PnE_U-MultiLink.launch wolfcrypt_benchmark_twrk70f120m_Int_Flash_DDRData_Release_PnE_U-MultiLink.launch wolfcrypt_benchmark_twrk70f120m_Int_Flash_SramData_Debug_JTrace.jlink wolfcrypt_benchmark_twrk70f120m_Int_Flash_SramData_Debug_JTrace.launch wolfcrypt_benchmark_twrk70f120m_Int_Flash_SramData_Debug_PnE_U-MultiLink.launch wolfcrypt_benchmark_twrk70f120m_Int_Flash_SramData_Release_PnE_U-MultiLink.launchwolfcrypt_test
ReferencedRSESystems.xml wolfcrypt_test_twrk70f120m_Int_Flash_DDRData_Debug_PnE_U-MultiLink.launch wolfcrypt_test_twrk70f120m_Int_Flash_DDRData_Release_PnE_U-MultiLink.launch wolfcrypt_test_twrk70f120m_Int_Flash_SramData_Debug_JTrace.jlink wolfcrypt_test_twrk70f120m_Int_Flash_SramData_Debug_JTrace.launch wolfcrypt_test_twrk70f120m_Int_Flash_SramData_Debug_PnE_U-MultiLink.launch wolfcrypt_test_twrk70f120m_Int_Flash_SramData_Release_PnE_U-MultiLink.launchwolfssl_client
ReferencedRSESystems.xml wolfssl_client_twrk70f120m_Int_Flash_DDRData_Debug_PnE_U-MultiLink.launch wolfssl_client_twrk70f120m_Int_Flash_DDRData_Release_PnE_U-MultiLink.launch wolfssl_client_twrk70f120m_Int_Flash_SramData_Debug_JTrace.jlink wolfssl_client_twrk70f120m_Int_Flash_SramData_Debug_JTrace.launch wolfssl_client_twrk70f120m_Int_Flash_SramData_Debug_PnE_U-MultiLink.launch wolfssl_client_twrk70f120m_Int_Flash_SramData_Release_PnE_U-MultiLink.launchscripts
aria-cmake-build-test.sh asn1_oid_sum.pl benchmark.test benchmark_compare.sh cleanup_testfiles.sh crl-gen-openssl.test crl-revoked.test dertoc.pl dtls.test dtlscid.test external.test google.test include.am makedistsmall.sh memtest.sh ocsp-responder-openssl-interop.test ocsp-stapling-with-ca-as-responder.test ocsp-stapling-with-wolfssl-responder.test ocsp-stapling.test ocsp-stapling2.test ocsp-stapling_tls13multi.test ocsp.test openssl.test openssl_srtp.test pem.test ping.test pkcallbacks.test psk.test resume.test rsapss.test sniffer-gen.sh sniffer-ipv6.pcap sniffer-static-rsa.pcap sniffer-testsuite.test sniffer-tls12-keylog.out sniffer-tls12-keylog.pcap sniffer-tls12-keylog.sslkeylog sniffer-tls13-dh-resume.pcap sniffer-tls13-dh.pcap sniffer-tls13-ecc-resume.pcap sniffer-tls13-ecc.pcap sniffer-tls13-hrr.pcap sniffer-tls13-keylog.out sniffer-tls13-keylog.pcap sniffer-tls13-keylog.sslkeylog sniffer-tls13-x25519-resume.pcap sniffer-tls13-x25519.pcap stm32l4-v4_0_1_build.sh tls13.test trusted_peer.test unit.test.in user_settings_asm.shsrc
bio.c conf.c crl.c dtls.c dtls13.c include.am internal.c keys.c ocsp.c pk.c pk_ec.c pk_rsa.c quic.c sniffer.c ssl.c ssl_api_cert.c ssl_api_crl_ocsp.c ssl_api_pk.c ssl_asn1.c ssl_bn.c ssl_certman.c ssl_crypto.c ssl_ech.c ssl_load.c ssl_misc.c ssl_p7p12.c ssl_sess.c ssl_sk.c tls.c tls13.c wolfio.c x509.c x509_str.ctests
api
api.h api_decl.h create_ocsp_test_blobs.py include.am test_aes.c test_aes.h test_arc4.c test_arc4.h test_ascon.c test_ascon.h test_ascon_kats.h test_asn.c test_asn.h test_blake2.c test_blake2.h test_camellia.c test_camellia.h test_certman.c test_certman.h test_chacha.c test_chacha.h test_chacha20_poly1305.c test_chacha20_poly1305.h test_cmac.c test_cmac.h test_curve25519.c test_curve25519.h test_curve448.c test_curve448.h test_des3.c test_des3.h test_dh.c test_dh.h test_digest.h test_dsa.c test_dsa.h test_dtls.c test_dtls.h test_ecc.c test_ecc.h test_ed25519.c test_ed25519.h test_ed448.c test_ed448.h test_evp.c test_evp.h test_evp_cipher.c test_evp_cipher.h test_evp_digest.c test_evp_digest.h test_evp_pkey.c test_evp_pkey.h test_hash.c test_hash.h test_hmac.c test_hmac.h test_md2.c test_md2.h test_md4.c test_md4.h test_md5.c test_md5.h test_mldsa.c test_mldsa.h test_mlkem.c test_mlkem.h test_ocsp.c test_ocsp.h test_ocsp_test_blobs.h test_ossl_asn1.c test_ossl_asn1.h test_ossl_bio.c test_ossl_bio.h test_ossl_bn.c test_ossl_bn.h test_ossl_cipher.c test_ossl_cipher.h test_ossl_dgst.c test_ossl_dgst.h test_ossl_dh.c test_ossl_dh.h test_ossl_dsa.c test_ossl_dsa.h test_ossl_ec.c test_ossl_ec.h test_ossl_ecx.c test_ossl_ecx.h test_ossl_mac.c test_ossl_mac.h test_ossl_obj.c test_ossl_obj.h test_ossl_p7p12.c test_ossl_p7p12.h test_ossl_pem.c test_ossl_pem.h test_ossl_rand.c test_ossl_rand.h test_ossl_rsa.c test_ossl_rsa.h test_ossl_sk.c test_ossl_sk.h test_ossl_x509.c test_ossl_x509.h test_ossl_x509_acert.c test_ossl_x509_acert.h test_ossl_x509_crypto.c test_ossl_x509_crypto.h test_ossl_x509_ext.c test_ossl_x509_ext.h test_ossl_x509_info.c test_ossl_x509_info.h test_ossl_x509_io.c test_ossl_x509_io.h test_ossl_x509_lu.c test_ossl_x509_lu.h test_ossl_x509_name.c test_ossl_x509_name.h test_ossl_x509_pk.c test_ossl_x509_pk.h test_ossl_x509_str.c test_ossl_x509_str.h test_ossl_x509_vp.c test_ossl_x509_vp.h test_pkcs12.c test_pkcs12.h test_pkcs7.c test_pkcs7.h test_poly1305.c test_poly1305.h test_random.c test_random.h test_rc2.c test_rc2.h test_ripemd.c test_ripemd.h test_rsa.c test_rsa.h test_sha.c test_sha.h test_sha256.c test_sha256.h test_sha3.c test_sha3.h test_sha512.c test_sha512.h test_she.c test_she.h test_signature.c test_signature.h test_slhdsa.c test_slhdsa.h test_sm2.c test_sm2.h test_sm3.c test_sm3.h test_sm4.c test_sm4.h test_tls.c test_tls.h test_tls13.c test_tls13.h test_tls_ext.c test_tls_ext.h test_wc_encrypt.c test_wc_encrypt.h test_wolfmath.c test_wolfmath.h test_x509.c test_x509.hwolfcrypt
benchmark
README.md benchmark-VS2022.sln benchmark-VS2022.vcxproj benchmark-VS2022.vcxproj.user benchmark.c benchmark.h benchmark.sln benchmark.vcproj benchmark.vcxproj include.amsrc
port
Espressif
esp_crt_bundle
README.md cacrt_all.pem cacrt_deprecated.pem cacrt_local.pem esp_crt_bundle.c gen_crt_bundle.py pio_install_cryptography.pyRenesas
README.md renesas_common.c renesas_fspsm_aes.c renesas_fspsm_rsa.c renesas_fspsm_sha.c renesas_fspsm_util.c renesas_rx64_hw_sha.c renesas_rx64_hw_util.c renesas_tsip_aes.c renesas_tsip_rsa.c renesas_tsip_sha.c renesas_tsip_util.carm
armv8-32-aes-asm.S armv8-32-aes-asm_c.c armv8-32-chacha-asm.S armv8-32-chacha-asm_c.c armv8-32-curve25519.S armv8-32-curve25519_c.c armv8-32-mlkem-asm.S armv8-32-mlkem-asm_c.c armv8-32-poly1305-asm.S armv8-32-poly1305-asm_c.c armv8-32-sha256-asm.S armv8-32-sha256-asm_c.c armv8-32-sha3-asm.S armv8-32-sha3-asm_c.c armv8-32-sha512-asm.S armv8-32-sha512-asm_c.c armv8-aes-asm.S armv8-aes-asm_c.c armv8-aes.c armv8-chacha-asm.S armv8-chacha-asm_c.c armv8-curve25519.S armv8-curve25519_c.c armv8-mlkem-asm.S armv8-mlkem-asm_c.c armv8-poly1305-asm.S armv8-poly1305-asm_c.c armv8-sha256-asm.S armv8-sha256-asm_c.c armv8-sha256.c armv8-sha3-asm.S armv8-sha3-asm_c.c armv8-sha512-asm.S armv8-sha512-asm_c.c armv8-sha512.c cryptoCell.c cryptoCellHash.c thumb2-aes-asm.S thumb2-aes-asm_c.c thumb2-chacha-asm.S thumb2-chacha-asm_c.c thumb2-curve25519.S thumb2-curve25519_c.c thumb2-mlkem-asm.S thumb2-mlkem-asm_c.c thumb2-poly1305-asm.S thumb2-poly1305-asm_c.c thumb2-sha256-asm.S thumb2-sha256-asm_c.c thumb2-sha3-asm.S thumb2-sha3-asm_c.c thumb2-sha512-asm.S thumb2-sha512-asm_c.ccaam
README.md caam_aes.c caam_doc.pdf caam_driver.c caam_error.c caam_integrity.c caam_qnx.c caam_sha.c wolfcaam_aes.c wolfcaam_cmac.c wolfcaam_ecdsa.c wolfcaam_fsl_nxp.c wolfcaam_hash.c wolfcaam_hmac.c wolfcaam_init.c wolfcaam_qnx.c wolfcaam_rsa.c wolfcaam_seco.c wolfcaam_x25519.cdevcrypto
README.md devcrypto_aes.c devcrypto_ecdsa.c devcrypto_hash.c devcrypto_hmac.c devcrypto_rsa.c devcrypto_x25519.c wc_devcrypto.criscv
riscv-64-aes.c riscv-64-chacha.c riscv-64-poly1305.c riscv-64-sha256.c riscv-64-sha3.c riscv-64-sha512.cwolfssl
openssl
aes.h asn1.h asn1t.h bio.h bn.h buffer.h camellia.h cmac.h cms.h compat_types.h conf.h crypto.h des.h dh.h dsa.h ec.h ec25519.h ec448.h ecdh.h ecdsa.h ed25519.h ed448.h engine.h err.h evp.h fips_rand.h hmac.h include.am kdf.h lhash.h md4.h md5.h modes.h obj_mac.h objects.h ocsp.h opensslconf.h opensslv.h ossl_typ.h pem.h pkcs12.h pkcs7.h rand.h rc4.h ripemd.h rsa.h safestack.h sha.h sha3.h srp.h ssl.h ssl23.h stack.h tls1.h txt_db.h ui.h x509.h x509_vfy.h x509v3.hwolfcrypt
port
Renesas
renesas-fspsm-crypt.h renesas-fspsm-types.h renesas-rx64-hw-crypt.h renesas-tsip-crypt.h renesas_cmn.h renesas_fspsm_internal.h renesas_sync.h renesas_tsip_internal.h renesas_tsip_types.hcaam
caam_driver.h caam_error.h caam_qnx.h wolfcaam.h wolfcaam_aes.h wolfcaam_cmac.h wolfcaam_ecdsa.h wolfcaam_fsl_nxp.h wolfcaam_hash.h wolfcaam_qnx.h wolfcaam_rsa.h wolfcaam_seco.h wolfcaam_sha.h wolfcaam_x25519.hwrapper
Ada
examples
src
aes_verify_main.adb rsa_verify_main.adb sha256_main.adb spark_sockets.adb spark_sockets.ads spark_terminal.adb spark_terminal.ads tls_client.adb tls_client.ads tls_client_main.adb tls_server.adb tls_server.ads tls_server_main.adbtests
src
aes_bindings_tests.adb aes_bindings_tests.ads rsa_verify_bindings_tests.adb rsa_verify_bindings_tests.ads sha256_bindings_tests.adb sha256_bindings_tests.ads tests.adbCSharp
wolfSSL-Example-IOCallbacks
App.config wolfSSL-Example-IOCallbacks.cs wolfSSL-Example-IOCallbacks.csprojwolfSSL-TLS-ServerThreaded
App.config wolfSSL-TLS-ServerThreaded.cs wolfSSL-TLS-ServerThreaded.csprojrust
wolfssl-wolfcrypt
src
aes.rs blake2.rs chacha20_poly1305.rs cmac.rs cmac_mac.rs curve25519.rs dh.rs dilithium.rs ecc.rs ecdsa.rs ed25519.rs ed448.rs fips.rs hkdf.rs hmac.rs hmac_mac.rs kdf.rs lib.rs lms.rs mlkem.rs mlkem_kem.rs pbkdf2_password_hash.rs prf.rs random.rs rsa.rs rsa_pkcs1v15.rs sha.rs sha_digest.rs sys.rstests
test_aes.rs test_blake2.rs test_chacha20_poly1305.rs test_cmac.rs test_cmac_mac.rs test_curve25519.rs test_dh.rs test_dilithium.rs test_ecc.rs test_ecdsa.rs test_ed25519.rs test_ed448.rs test_hkdf.rs test_hmac.rs test_hmac_mac.rs test_kdf.rs test_lms.rs test_mlkem.rs test_mlkem_kem.rs test_pbkdf2_password_hash.rs test_prf.rs test_random.rs test_rsa.rs test_rsa_pkcs1v15.rs test_sha.rs test_sha_digest.rs test_wolfcrypt.rszephyr
samples
wolfssl_benchmark
CMakeLists.txt README install_test.sh prj.conf sample.yaml zephyr_legacy.conf zephyr_v4.1.confwolfssl_test
CMakeLists.txt README install_test.sh prj-no-malloc.conf prj.conf sample.yaml zephyr_legacy.conf zephyr_v4.1.conf
wolfssl/wolfcrypt/src/evp.c
raw
1/* evp.c
2 *
3 * Copyright (C) 2006-2026 wolfSSL Inc.
4 *
5 * This file is part of wolfSSL.
6 *
7 * wolfSSL is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * wolfSSL is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
20 */
21
22#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
23
24#if !defined(WOLFSSL_EVP_INCLUDED)
25 #ifndef WOLFSSL_IGNORE_FILE_WARN
26 #warning evp.c does not need to be compiled separately from ssl.c
27 #endif
28#elif defined(WOLFCRYPT_ONLY)
29#else
30
31#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
32 defined(HAVE_CURL)
33
34#if !defined(HAVE_PKCS7) && \
35 ((defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \
36 (HAVE_FIPS_VERSION == 2)) || defined(HAVE_SELFTEST))
37 #include <wolfssl/wolfcrypt/aes.h>
38#endif
39
40#include <wolfssl/openssl/ecdsa.h>
41#include <wolfssl/openssl/evp.h>
42#include <wolfssl/openssl/kdf.h>
43#include <wolfssl/wolfcrypt/wolfmath.h>
44#ifdef HAVE_ED25519
45#include <wolfssl/wolfcrypt/ed25519.h>
46#endif
47#ifdef HAVE_ED448
48#include <wolfssl/wolfcrypt/ed448.h>
49#endif
50
51static const struct s_ent {
52 const enum wc_HashType macType;
53 const int nid;
54 const char *name;
55} md_tbl[] = {
56#ifndef NO_MD4
57 {WC_HASH_TYPE_MD4, WC_NID_md4, WC_SN_md4},
58#endif /* NO_MD4 */
59
60#ifndef NO_MD5
61 {WC_HASH_TYPE_MD5, WC_NID_md5, WC_SN_md5},
62#endif /* NO_MD5 */
63
64#ifndef NO_SHA
65 {WC_HASH_TYPE_SHA, WC_NID_sha1, WC_SN_sha1},
66 {WC_HASH_TYPE_SHA, WC_NID_sha1, "SHA"}, /* Leave for backwards compatibility */
67#endif /* NO_SHA */
68
69#ifdef WOLFSSL_SHA224
70 {WC_HASH_TYPE_SHA224, WC_NID_sha224, WC_SN_sha224},
71#endif /* WOLFSSL_SHA224 */
72#ifndef NO_SHA256
73 {WC_HASH_TYPE_SHA256, WC_NID_sha256, WC_SN_sha256},
74#endif
75
76#ifdef WOLFSSL_SHA384
77 {WC_HASH_TYPE_SHA384, WC_NID_sha384, WC_SN_sha384},
78#endif /* WOLFSSL_SHA384 */
79
80#ifdef WOLFSSL_SHA512
81 {WC_HASH_TYPE_SHA512, WC_NID_sha512, WC_SN_sha512},
82#endif /* WOLFSSL_SHA512 */
83
84#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
85 {WC_HASH_TYPE_SHA512_224, WC_NID_sha512_224, WC_SN_sha512_224},
86#endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_224 */
87
88#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
89 {WC_HASH_TYPE_SHA512_256, WC_NID_sha512_256, WC_SN_sha512_256},
90#endif /* WOLFSSL_SHA512 && !WOLFSSL_NOSHA512_256 */
91
92#ifndef WOLFSSL_NOSHA3_224
93 {WC_HASH_TYPE_SHA3_224, WC_NID_sha3_224, WC_SN_sha3_224},
94#endif
95#ifndef WOLFSSL_NOSHA3_256
96 {WC_HASH_TYPE_SHA3_256, WC_NID_sha3_256, WC_SN_sha3_256},
97#endif
98#ifndef WOLFSSL_NOSHA3_384
99 {WC_HASH_TYPE_SHA3_384, WC_NID_sha3_384, WC_SN_sha3_384},
100#endif
101#ifndef WOLFSSL_NOSHA3_512
102 {WC_HASH_TYPE_SHA3_512, WC_NID_sha3_512, WC_SN_sha3_512},
103#endif
104#ifdef WOLFSSL_SM3
105 {WC_HASH_TYPE_SM3, WC_NID_sm3, WC_SN_sm3},
106#endif /* WOLFSSL_SHA512 */
107#ifdef HAVE_BLAKE2B
108 {WC_HASH_TYPE_BLAKE2B, WC_NID_blake2b512, WC_SN_blake2b512},
109#endif
110#ifdef HAVE_BLAKE2S
111 {WC_HASH_TYPE_BLAKE2S, WC_NID_blake2s256, WC_SN_blake2s256},
112#endif
113#ifdef WOLFSSL_SHAKE128
114 {WC_HASH_TYPE_SHAKE128, WC_NID_shake128, WC_SN_shake128},
115#endif
116#ifdef WOLFSSL_SHAKE256
117 {WC_HASH_TYPE_SHAKE256, WC_NID_shake256, WC_SN_shake256},
118#endif
119 {WC_HASH_TYPE_NONE, 0, NULL}
120};
121#endif /* OPENSSL_EXTRA || HAVE_CURL */
122
123#if defined(OPENSSL_EXTRA)
124
125#ifndef NO_AES
126 #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
127 #ifdef WOLFSSL_AES_128
128 static const char EVP_AES_128_CBC[] = "AES-128-CBC";
129 #endif
130 #ifdef WOLFSSL_AES_192
131 static const char EVP_AES_192_CBC[] = "AES-192-CBC";
132 #endif
133 #ifdef WOLFSSL_AES_256
134 static const char EVP_AES_256_CBC[] = "AES-256-CBC";
135 #endif
136 #endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */
137
138 #ifdef WOLFSSL_AES_OFB
139 #ifdef WOLFSSL_AES_128
140 static const char EVP_AES_128_OFB[] = "AES-128-OFB";
141 #endif
142 #ifdef WOLFSSL_AES_192
143 static const char EVP_AES_192_OFB[] = "AES-192-OFB";
144 #endif
145 #ifdef WOLFSSL_AES_256
146 static const char EVP_AES_256_OFB[] = "AES-256-OFB";
147 #endif
148 #endif /* WOLFSSL_AES_OFB */
149
150 #if defined(WOLFSSL_AES_XTS) && \
151 (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3))
152 #ifdef WOLFSSL_AES_128
153 static const char EVP_AES_128_XTS[] = "AES-128-XTS";
154 #endif
155 #ifdef WOLFSSL_AES_256
156 static const char EVP_AES_256_XTS[] = "AES-256-XTS";
157 #endif
158 #endif /* WOLFSSL_AES_XTS &&
159 (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) */
160
161 #ifdef WOLFSSL_AES_CFB
162 #ifndef WOLFSSL_NO_AES_CFB_1_8
163 #ifdef WOLFSSL_AES_128
164 static const char EVP_AES_128_CFB1[] = "AES-128-CFB1";
165 #endif
166 #ifdef WOLFSSL_AES_192
167 static const char EVP_AES_192_CFB1[] = "AES-192-CFB1";
168 #endif
169 #ifdef WOLFSSL_AES_256
170 static const char EVP_AES_256_CFB1[] = "AES-256-CFB1";
171 #endif
172
173 #ifdef WOLFSSL_AES_128
174 static const char EVP_AES_128_CFB8[] = "AES-128-CFB8";
175 #endif
176 #ifdef WOLFSSL_AES_192
177 static const char EVP_AES_192_CFB8[] = "AES-192-CFB8";
178 #endif
179 #ifdef WOLFSSL_AES_256
180 static const char EVP_AES_256_CFB8[] = "AES-256-CFB8";
181 #endif
182 #endif /* !WOLFSSL_NO_AES_CFB_1_8 */
183
184 #ifdef WOLFSSL_AES_128
185 static const char EVP_AES_128_CFB128[] = "AES-128-CFB128";
186 #endif
187 #ifdef WOLFSSL_AES_192
188 static const char EVP_AES_192_CFB128[] = "AES-192-CFB128";
189 #endif
190 #ifdef WOLFSSL_AES_256
191 static const char EVP_AES_256_CFB128[] = "AES-256-CFB128";
192 #endif
193 #endif /* WOLFSSL_AES_CFB */
194
195 #ifdef HAVE_AESGCM
196 #ifdef WOLFSSL_AES_128
197 static const char EVP_AES_128_GCM[] = "AES-128-GCM";
198 #endif
199 #ifdef WOLFSSL_AES_192
200 static const char EVP_AES_192_GCM[] = "AES-192-GCM";
201 #endif
202 #ifdef WOLFSSL_AES_256
203 static const char EVP_AES_256_GCM[] = "AES-256-GCM";
204 #endif
205 #endif /* HAVE_AESGCM */
206
207 #ifdef HAVE_AESCCM
208 #ifdef WOLFSSL_AES_128
209 static const char EVP_AES_128_CCM[] = "AES-128-CCM";
210 #endif
211 #ifdef WOLFSSL_AES_192
212 static const char EVP_AES_192_CCM[] = "AES-192-CCM";
213 #endif
214 #ifdef WOLFSSL_AES_256
215 static const char EVP_AES_256_CCM[] = "AES-256-CCM";
216 #endif
217 #endif /* HAVE_AESCCM */
218
219 #ifdef WOLFSSL_AES_COUNTER
220 #ifdef WOLFSSL_AES_128
221 static const char EVP_AES_128_CTR[] = "AES-128-CTR";
222 #endif
223 #ifdef WOLFSSL_AES_192
224 static const char EVP_AES_192_CTR[] = "AES-192-CTR";
225 #endif
226 #ifdef WOLFSSL_AES_256
227 static const char EVP_AES_256_CTR[] = "AES-256-CTR";
228 #endif
229 #endif
230
231 #ifdef HAVE_AES_ECB
232 #ifdef WOLFSSL_AES_128
233 static const char EVP_AES_128_ECB[] = "AES-128-ECB";
234 #endif
235 #ifdef WOLFSSL_AES_192
236 static const char EVP_AES_192_ECB[] = "AES-192-ECB";
237 #endif
238 #ifdef WOLFSSL_AES_256
239 static const char EVP_AES_256_ECB[] = "AES-256-ECB";
240 #endif
241 #endif
242#endif
243
244#ifdef HAVE_ARIA
245 #include <wolfssl/wolfcrypt/port/aria/aria-crypt.h>
246 static const char EVP_ARIA_128_GCM[] = "ARIA-128-GCM";
247 static const char EVP_ARIA_192_GCM[] = "ARIA-192-GCM";
248 static const char EVP_ARIA_256_GCM[] = "ARIA-256-GCM";
249#endif
250
251#ifndef NO_DES3
252 static const char EVP_DES_CBC[] = "DES-CBC";
253 static const char EVP_DES_ECB[] = "DES-ECB";
254
255 static const char EVP_DES_EDE3_CBC[] = "DES-EDE3-CBC";
256 static const char EVP_DES_EDE3_ECB[] = "DES-EDE3-ECB";
257#endif
258
259#ifndef NO_RC4
260 static const char EVP_ARC4[] = "ARC4";
261#endif
262
263#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
264 static const char EVP_CHACHA20_POLY1305[] = "CHACHA20-POLY1305";
265#endif
266
267#ifdef HAVE_CHACHA
268 static const char EVP_CHACHA20[] = "CHACHA20";
269#endif
270
271#ifdef WOLFSSL_SM4_ECB
272 static const char EVP_SM4_ECB[] = "SM4-ECB";
273#endif /* WOLFSSL_SM4_ECB */
274#ifdef WOLFSSL_SM4_CBC
275 static const char EVP_SM4_CBC[] = "SM4-CBC";
276#endif /* WOLFSSL_SM4_CBC */
277#ifdef WOLFSSL_SM4_CTR
278 static const char EVP_SM4_CTR[] = "SM4-CTR";
279#endif /* WOLFSSL_SM4_CTR */
280#ifdef WOLFSSL_SM4_GCM
281 static const char EVP_SM4_GCM[] = "SM4-GCM";
282#endif /* WOLFSSL_SM4_GCM */
283#ifdef WOLFSSL_SM4_CCM
284 static const char EVP_SM4_CCM[] = "SM4-CCM";
285#endif /* WOLFSSL_SM4_CCM */
286
287static const char EVP_NULL[] = "NULL";
288
289static const struct pkey_type_name_ent {
290 int type;
291 const char *name;
292} pkey_type_names[] = {
293 { WC_EVP_PKEY_RSA, "RSA" },
294 { WC_EVP_PKEY_EC, "EC" },
295 { WC_EVP_PKEY_DH, "DH" },
296 { WC_EVP_PKEY_DSA, "DSA" }
297};
298
299static int pkey_type_by_name(const char *name) {
300 unsigned int i;
301 if (name == NULL)
302 return WC_EVP_PKEY_NONE;
303 for (i = 0; i < XELEM_CNT(pkey_type_names); ++i) {
304 if (XSTRCMP(name, pkey_type_names[i].name) == 0)
305 return pkey_type_names[i].type;
306 }
307 return WC_EVP_PKEY_NONE;
308}
309
310int wolfSSL_EVP_PKEY_is_a(const WOLFSSL_EVP_PKEY *pkey, const char *name) {
311 int type;
312
313 if (pkey == NULL)
314 return WOLFSSL_FAILURE;
315
316 type = pkey_type_by_name(name);
317 if (type == WC_EVP_PKEY_NONE)
318 return WOLFSSL_FAILURE;
319
320 return (pkey->type == type) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
321}
322
323#define EVP_CIPHER_TYPE_MATCHES(x, y) (XSTRCMP(x,y) == 0)
324
325#define WOLFSSL_EVP_PKEY_PRINT_LINE_WIDTH_MAX 80
326#define WOLFSSL_EVP_PKEY_PRINT_DIGITS_PER_LINE 15
327#define WOLFSSL_EVP_EXPONENT_PRINT_MAX 24
328
329static unsigned int cipherType(const WOLFSSL_EVP_CIPHER *cipher);
330
331static enum wc_HashType EvpMd2MacType(const WOLFSSL_EVP_MD *md);
332
333/* Getter function for cipher key length
334 *
335 * c WOLFSSL_EVP_CIPHER structure to get key length from
336 *
337 * NOTE: OpenSSL_add_all_ciphers() should be called first before using this
338 * function
339 *
340 * Returns size of key in bytes
341 */
342int wolfSSL_EVP_Cipher_key_length(const WOLFSSL_EVP_CIPHER* c)
343{
344 WOLFSSL_ENTER("wolfSSL_EVP_Cipher_key_length");
345
346 if (c == NULL) {
347 return 0;
348 }
349
350 switch (cipherType(c)) {
351#if !defined(NO_AES)
352 #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
353 case WC_AES_128_CBC_TYPE: return 16;
354 case WC_AES_192_CBC_TYPE: return 24;
355 case WC_AES_256_CBC_TYPE: return 32;
356 #endif
357 #if defined(WOLFSSL_AES_CFB)
358 case WC_AES_128_CFB1_TYPE: return 16;
359 case WC_AES_192_CFB1_TYPE: return 24;
360 case WC_AES_256_CFB1_TYPE: return 32;
361 case WC_AES_128_CFB8_TYPE: return 16;
362 case WC_AES_192_CFB8_TYPE: return 24;
363 case WC_AES_256_CFB8_TYPE: return 32;
364 case WC_AES_128_CFB128_TYPE: return 16;
365 case WC_AES_192_CFB128_TYPE: return 24;
366 case WC_AES_256_CFB128_TYPE: return 32;
367 #endif
368 #if defined(WOLFSSL_AES_OFB)
369 case WC_AES_128_OFB_TYPE: return 16;
370 case WC_AES_192_OFB_TYPE: return 24;
371 case WC_AES_256_OFB_TYPE: return 32;
372 #endif
373 #if defined(WOLFSSL_AES_XTS) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3))
374 /* Two keys for XTS. */
375 case WC_AES_128_XTS_TYPE: return 16 * 2;
376 case WC_AES_256_XTS_TYPE: return 32 * 2;
377 #endif
378 #if defined(HAVE_AESGCM)
379 case WC_AES_128_GCM_TYPE: return 16;
380 case WC_AES_192_GCM_TYPE: return 24;
381 case WC_AES_256_GCM_TYPE: return 32;
382 #endif
383 #if defined(HAVE_AESCCM)
384 case WC_AES_128_CCM_TYPE: return 16;
385 case WC_AES_192_CCM_TYPE: return 24;
386 case WC_AES_256_CCM_TYPE: return 32;
387 #endif
388 #if defined(WOLFSSL_AES_COUNTER)
389 case WC_AES_128_CTR_TYPE: return 16;
390 case WC_AES_192_CTR_TYPE: return 24;
391 case WC_AES_256_CTR_TYPE: return 32;
392 #endif
393 #if defined(HAVE_AES_ECB)
394 case WC_AES_128_ECB_TYPE: return 16;
395 case WC_AES_192_ECB_TYPE: return 24;
396 case WC_AES_256_ECB_TYPE: return 32;
397 #endif
398#endif /* !NO_AES */
399 #ifndef NO_DES3
400 case WC_DES_CBC_TYPE: return 8;
401 case WC_DES_EDE3_CBC_TYPE: return 24;
402 case WC_DES_ECB_TYPE: return 8;
403 case WC_DES_EDE3_ECB_TYPE: return 24;
404 #endif
405 #ifndef NO_RC4
406 case WC_ARC4_TYPE: return 16;
407 #endif
408 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
409 case WC_CHACHA20_POLY1305_TYPE: return 32;
410 #endif
411 #ifdef HAVE_CHACHA
412 case WC_CHACHA20_TYPE: return CHACHA_MAX_KEY_SZ;
413 #endif
414 #ifdef WOLFSSL_SM4_ECB
415 case WC_SM4_ECB_TYPE: return 16;
416 #endif
417 #ifdef WOLFSSL_SM4_CBC
418 case WC_SM4_CBC_TYPE: return 16;
419 #endif
420 #ifdef WOLFSSL_SM4_CTR
421 case WC_SM4_CTR_TYPE: return 16;
422 #endif
423 #ifdef WOLFSSL_SM4_GCM
424 case WC_SM4_GCM_TYPE: return 16;
425 #endif
426 #ifdef WOLFSSL_SM4_CCM
427 case WC_SM4_CCM_TYPE: return 16;
428 #endif
429 default:
430 return 0;
431 }
432}
433
434
435int wolfSSL_EVP_EncryptInit(WOLFSSL_EVP_CIPHER_CTX* ctx,
436 const WOLFSSL_EVP_CIPHER* type,
437 const unsigned char* key,
438 const unsigned char* iv)
439{
440 return wolfSSL_EVP_CipherInit(ctx, type, (byte*)key, (byte*)iv, 1);
441}
442
443int wolfSSL_EVP_EncryptInit_ex(WOLFSSL_EVP_CIPHER_CTX* ctx,
444 const WOLFSSL_EVP_CIPHER* type,
445 WOLFSSL_ENGINE *impl,
446 const unsigned char* key,
447 const unsigned char* iv)
448{
449 (void) impl;
450 return wolfSSL_EVP_CipherInit(ctx, type, (byte*)key, (byte*)iv, 1);
451}
452
453int wolfSSL_EVP_DecryptInit(WOLFSSL_EVP_CIPHER_CTX* ctx,
454 const WOLFSSL_EVP_CIPHER* type,
455 const unsigned char* key,
456 const unsigned char* iv)
457{
458 WOLFSSL_ENTER("wolfSSL_EVP_CipherInit");
459 return wolfSSL_EVP_CipherInit(ctx, type, (byte*)key, (byte*)iv, 0);
460}
461
462int wolfSSL_EVP_DecryptInit_ex(WOLFSSL_EVP_CIPHER_CTX* ctx,
463 const WOLFSSL_EVP_CIPHER* type,
464 WOLFSSL_ENGINE *impl,
465 const unsigned char* key,
466 const unsigned char* iv)
467{
468 (void) impl;
469 WOLFSSL_ENTER("wolfSSL_EVP_DecryptInit");
470 return wolfSSL_EVP_CipherInit(ctx, type, (byte*)key, (byte*)iv, 0);
471}
472
473
474WOLFSSL_EVP_CIPHER_CTX *wolfSSL_EVP_CIPHER_CTX_new(void)
475{
476 WOLFSSL_EVP_CIPHER_CTX *ctx = (WOLFSSL_EVP_CIPHER_CTX*)XMALLOC(sizeof(*ctx),
477 NULL, DYNAMIC_TYPE_TMP_BUFFER);
478 if (ctx) {
479 WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_new");
480 wolfSSL_EVP_CIPHER_CTX_init(ctx);
481 }
482 return ctx;
483}
484
485void wolfSSL_EVP_CIPHER_CTX_free(WOLFSSL_EVP_CIPHER_CTX *ctx)
486{
487 if (ctx) {
488 WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_free");
489 wolfSSL_EVP_CIPHER_CTX_cleanup(ctx);
490 XFREE(ctx, NULL, DYNAMIC_TYPE_TMP_BUFFER);
491 }
492}
493
494int wolfSSL_EVP_CIPHER_CTX_reset(WOLFSSL_EVP_CIPHER_CTX *ctx)
495{
496 int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
497
498 if (ctx != NULL) {
499 WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_reset");
500 wolfSSL_EVP_CIPHER_CTX_cleanup(ctx);
501 ret = WOLFSSL_SUCCESS;
502 }
503
504 return ret;
505}
506
507unsigned long wolfSSL_EVP_CIPHER_CTX_mode(const WOLFSSL_EVP_CIPHER_CTX *ctx)
508{
509 if (ctx == NULL) return 0;
510 return ctx->flags & WOLFSSL_EVP_CIPH_MODE;
511}
512
513unsigned long wolfSSL_EVP_CIPHER_CTX_flags(const WOLFSSL_EVP_CIPHER_CTX *ctx)
514{
515 if (ctx == NULL) return 0;
516 return ctx->flags;
517}
518
519int wolfSSL_EVP_EncryptFinal(WOLFSSL_EVP_CIPHER_CTX *ctx,
520 unsigned char *out, int *outl)
521{
522 if (ctx && ctx->enc) {
523 WOLFSSL_ENTER("wolfSSL_EVP_EncryptFinal");
524 return wolfSSL_EVP_CipherFinal(ctx, out, outl);
525 }
526 else
527 return WOLFSSL_FAILURE;
528}
529
530
531int wolfSSL_EVP_CipherInit_ex(WOLFSSL_EVP_CIPHER_CTX* ctx,
532 const WOLFSSL_EVP_CIPHER* type,
533 WOLFSSL_ENGINE *impl,
534 const unsigned char* key,
535 const unsigned char* iv,
536 int enc)
537{
538 (void)impl;
539 return wolfSSL_EVP_CipherInit(ctx, type, key, iv, enc);
540}
541
542int wolfSSL_EVP_EncryptFinal_ex(WOLFSSL_EVP_CIPHER_CTX *ctx,
543 unsigned char *out, int *outl)
544{
545 if (ctx && ctx->enc) {
546 WOLFSSL_ENTER("wolfSSL_EVP_EncryptFinal_ex");
547 return wolfSSL_EVP_CipherFinal(ctx, out, outl);
548 }
549 else
550 return WOLFSSL_FAILURE;
551}
552
553int wolfSSL_EVP_DecryptFinal(WOLFSSL_EVP_CIPHER_CTX *ctx,
554 unsigned char *out, int *outl)
555{
556 if (ctx && !ctx->enc) {
557 WOLFSSL_ENTER("wolfSSL_EVP_DecryptFinal");
558 return wolfSSL_EVP_CipherFinal(ctx, out, outl);
559 }
560 else {
561 return WOLFSSL_FAILURE;
562 }
563}
564
565int wolfSSL_EVP_DecryptFinal_ex(WOLFSSL_EVP_CIPHER_CTX *ctx,
566 unsigned char *out, int *outl)
567{
568 if (ctx && !ctx->enc) {
569 WOLFSSL_ENTER("wolfSSL_EVP_DecryptFinal_ex");
570 return wolfSSL_EVP_CipherFinal(ctx, out, outl);
571 }
572 else {
573 return WOLFSSL_FAILURE;
574 }
575}
576
577#ifdef DEBUG_WOLFSSL_EVP
578#define PRINT_BUF(b, sz) { int _i; for(_i=0; _i<(sz); _i++) { \
579 printf("%02x(%c),", (b)[_i], (b)[_i]); if ((_i+1)%8==0)printf("\n");}}
580#else
581#define PRINT_BUF(b, sz) WC_DO_NOTHING
582#endif
583
584static int fillBuff(WOLFSSL_EVP_CIPHER_CTX *ctx, const unsigned char *in, int sz)
585{
586 if (sz > 0) {
587 int fill;
588
589 if ((sz+ctx->bufUsed) > ctx->block_size) {
590 fill = ctx->block_size - ctx->bufUsed;
591 } else {
592 fill = sz;
593 }
594 XMEMCPY(&(ctx->buf[ctx->bufUsed]), in, (size_t)fill);
595 ctx->bufUsed += fill;
596 return fill;
597 } else return 0;
598}
599
600static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx,
601 unsigned char *out,
602 const unsigned char *in, int inLen)
603{
604 int ret = 0;
605 word32 inl = (word32)inLen;
606
607 switch (ctx->cipherType) {
608#if !defined(NO_AES)
609 #if defined(HAVE_AES_CBC)
610 case WC_AES_128_CBC_TYPE:
611 case WC_AES_192_CBC_TYPE:
612 case WC_AES_256_CBC_TYPE:
613 if (ctx->enc)
614 ret = wc_AesCbcEncrypt(&ctx->cipher.aes, out, in, inl);
615 else
616 ret = wc_AesCbcDecrypt(&ctx->cipher.aes, out, in, inl);
617 break;
618 #endif
619 #if defined(WOLFSSL_AES_COUNTER)
620 case WC_AES_128_CTR_TYPE:
621 case WC_AES_192_CTR_TYPE:
622 case WC_AES_256_CTR_TYPE:
623 ret = wc_AesCtrEncrypt(&ctx->cipher.aes, out, in, inl);
624 break;
625 #endif
626 #if defined(HAVE_AES_ECB)
627 case WC_AES_128_ECB_TYPE:
628 case WC_AES_192_ECB_TYPE:
629 case WC_AES_256_ECB_TYPE:
630 if (ctx->enc)
631 ret = wc_AesEcbEncrypt(&ctx->cipher.aes, out, in, inl);
632 else
633 ret = wc_AesEcbDecrypt(&ctx->cipher.aes, out, in, inl);
634 break;
635 #endif
636 #if defined(WOLFSSL_AES_OFB)
637 case WC_AES_128_OFB_TYPE:
638 case WC_AES_192_OFB_TYPE:
639 case WC_AES_256_OFB_TYPE:
640 if (ctx->enc)
641 ret = wc_AesOfbEncrypt(&ctx->cipher.aes, out, in, inl);
642 else
643 ret = wc_AesOfbDecrypt(&ctx->cipher.aes, out, in, inl);
644 break;
645 #endif
646 #if defined(WOLFSSL_AES_CFB)
647 #if !defined(WOLFSSL_NO_AES_CFB_1_8)
648 case WC_AES_128_CFB1_TYPE:
649 case WC_AES_192_CFB1_TYPE:
650 case WC_AES_256_CFB1_TYPE:
651 if (ctx->enc)
652 ret = wc_AesCfb1Encrypt(&ctx->cipher.aes, out, in,
653 inl * WOLFSSL_BIT_SIZE);
654 else
655 ret = wc_AesCfb1Decrypt(&ctx->cipher.aes, out, in,
656 inl * WOLFSSL_BIT_SIZE);
657 break;
658
659 case WC_AES_128_CFB8_TYPE:
660 case WC_AES_192_CFB8_TYPE:
661 case WC_AES_256_CFB8_TYPE:
662 if (ctx->enc)
663 ret = wc_AesCfb8Encrypt(&ctx->cipher.aes, out, in, inl);
664 else
665 ret = wc_AesCfb8Decrypt(&ctx->cipher.aes, out, in, inl);
666 break;
667 #endif /* !WOLFSSL_NO_AES_CFB_1_8 */
668
669 case WC_AES_128_CFB128_TYPE:
670 case WC_AES_192_CFB128_TYPE:
671 case WC_AES_256_CFB128_TYPE:
672 if (ctx->enc)
673 ret = wc_AesCfbEncrypt(&ctx->cipher.aes, out, in, inl);
674 else
675 ret = wc_AesCfbDecrypt(&ctx->cipher.aes, out, in, inl);
676 break;
677 #endif
678#if defined(WOLFSSL_AES_XTS) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3))
679 case WC_AES_128_XTS_TYPE:
680 case WC_AES_256_XTS_TYPE:
681 if (ctx->enc)
682 ret = wc_AesXtsEncrypt(&ctx->cipher.xts, out, in, inl,
683 ctx->iv, (word32)ctx->ivSz);
684 else
685 ret = wc_AesXtsDecrypt(&ctx->cipher.xts, out, in, inl,
686 ctx->iv, (word32)ctx->ivSz);
687 break;
688#endif
689#endif /* !NO_AES */
690 #ifndef NO_DES3
691 case WC_DES_CBC_TYPE:
692 if (ctx->enc)
693 ret = wc_Des_CbcEncrypt(&ctx->cipher.des, out, in, inl);
694 else
695 ret = wc_Des_CbcDecrypt(&ctx->cipher.des, out, in, inl);
696 break;
697 case WC_DES_EDE3_CBC_TYPE:
698 if (ctx->enc)
699 ret = wc_Des3_CbcEncrypt(&ctx->cipher.des3, out, in, inl);
700 else
701 ret = wc_Des3_CbcDecrypt(&ctx->cipher.des3, out, in, inl);
702 break;
703 #if defined(WOLFSSL_DES_ECB)
704 case WC_DES_ECB_TYPE:
705 if (ctx->enc)
706 ret = wc_Des_EcbEncrypt(&ctx->cipher.des, out, in, inl);
707 else
708 ret = wc_Des_EcbDecrypt(&ctx->cipher.des, out, in, inl);
709 break;
710 case WC_DES_EDE3_ECB_TYPE:
711 if (ctx->enc)
712 ret = wc_Des3_EcbEncrypt(&ctx->cipher.des3, out, in, inl);
713 else
714 ret = wc_Des3_EcbDecrypt(&ctx->cipher.des3, out, in, inl);
715 break;
716 #endif
717 #endif
718 #ifndef NO_RC4
719 case WC_ARC4_TYPE:
720 wc_Arc4Process(&ctx->cipher.arc4, out, in, inl);
721 break;
722 #endif
723#if defined(WOLFSSL_SM4_ECB)
724 case WC_SM4_ECB_TYPE:
725 if (ctx->enc)
726 wc_Sm4EcbEncrypt(&ctx->cipher.sm4, out, in, inl);
727 else
728 wc_Sm4EcbDecrypt(&ctx->cipher.sm4, out, in, inl);
729 break;
730#endif
731#if defined(WOLFSSL_SM4_CBC)
732 case WC_SM4_CBC_TYPE:
733 if (ctx->enc)
734 wc_Sm4CbcEncrypt(&ctx->cipher.sm4, out, in, inl);
735 else
736 wc_Sm4CbcDecrypt(&ctx->cipher.sm4, out, in, inl);
737 break;
738#endif
739#if defined(WOLFSSL_SM4_CTR)
740 case WC_SM4_CTR_TYPE:
741 wc_Sm4CtrEncrypt(&ctx->cipher.sm4, out, in, inl);
742 break;
743#endif
744
745 default:
746 ret = WOLFSSL_FAILURE;
747 }
748
749 (void)in;
750 (void)inl;
751 (void)out;
752
753 return (ret == 0) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
754}
755
756#if defined(HAVE_AESGCM) || defined(WOLFSSL_SM4_GCM)
757#if defined(WOLFSSL_SM4_GCM) || !defined(WOLFSSL_AESGCM_STREAM)
758static int wolfSSL_EVP_CipherUpdate_GCM_AAD(WOLFSSL_EVP_CIPHER_CTX *ctx,
759 const unsigned char *in, int inl) {
760 if (in && inl > 0) {
761 byte* tmp;
762 if (inl > INT_MAX - ctx->authInSz) {
763 WOLFSSL_MSG("AuthIn overflow");
764 return BAD_FUNC_ARG;
765 }
766 #ifdef WOLFSSL_NO_REALLOC
767 tmp = (byte*)XMALLOC((size_t)(ctx->authInSz + inl), NULL,
768 DYNAMIC_TYPE_OPENSSL);
769 if (tmp != NULL) {
770 XMEMCPY(tmp, ctx->authIn, (size_t)ctx->authInSz);
771 XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL);
772 ctx->authIn = NULL;
773 }
774 #else
775 tmp = (byte*)XREALLOC(ctx->authIn,
776 (size_t)(ctx->authInSz + inl), NULL, DYNAMIC_TYPE_OPENSSL);
777 #endif
778 if (tmp) {
779 ctx->authIn = tmp;
780 XMEMCPY(ctx->authIn + ctx->authInSz, in, (size_t)inl);
781 ctx->authInSz += inl;
782 }
783 else {
784 WOLFSSL_MSG("realloc error");
785 return MEMORY_E;
786 }
787 }
788 return 0;
789}
790#endif /* WOLFSSL_AESGCM_STREAM */
791
792static int wolfSSL_EVP_CipherUpdate_GCM(WOLFSSL_EVP_CIPHER_CTX *ctx,
793 unsigned char *out, int *outl,
794 const unsigned char *in, int inLen)
795{
796 word32 inl = (word32)inLen;
797
798#if defined(WOLFSSL_SM4_GCM) || !defined(WOLFSSL_AESGCM_STREAM)
799#if defined(WOLFSSL_SM4_GCM) && defined(WOLFSSL_AESGCM_STREAM)
800 if (ctx->cipherType == WC_SM4_GCM_TYPE)
801#endif
802 {
803 int ret = 0;
804
805 *outl = inl;
806 if (out) {
807 /* Buffer input for one-shot API */
808 if (inl > 0) {
809 byte* tmp;
810 if ((int)inl > INT_MAX - ctx->authBufferLen) {
811 return MEMORY_E;
812 }
813 #ifdef WOLFSSL_NO_REALLOC
814 tmp = (byte*)XMALLOC((size_t)(ctx->authBufferLen + inl), NULL,
815 DYNAMIC_TYPE_OPENSSL);
816 if (tmp != NULL) {
817 XMEMCPY(tmp, ctx->authBuffer, (size_t)ctx->authBufferLen);
818 XFREE(ctx->authBuffer, NULL, DYNAMIC_TYPE_OPENSSL);
819 ctx->authBuffer = NULL;
820 }
821 #else
822 tmp = (byte*)XREALLOC(ctx->authBuffer,
823 (size_t)(ctx->authBufferLen + inl), NULL,
824 DYNAMIC_TYPE_OPENSSL);
825 #endif
826 if (tmp) {
827 XMEMCPY(tmp + ctx->authBufferLen, in, (size_t)inl);
828 ctx->authBufferLen += inl;
829 ctx->authBuffer = tmp;
830 *outl = 0;
831 }
832 else {
833 ret = MEMORY_E;
834 }
835 }
836 }
837 else {
838 ret = wolfSSL_EVP_CipherUpdate_GCM_AAD(ctx, in, inl);
839 }
840
841 if (ret != 0) {
842 *outl = 0;
843 return WOLFSSL_FAILURE;
844 }
845
846 return WOLFSSL_SUCCESS;
847 }
848#endif
849#if defined(WOLFSSL_SM4_GCM) && defined(WOLFSSL_AESGCM_STREAM)
850 else
851#endif
852#if defined(WOLFSSL_AESGCM_STREAM)
853 {
854 int ret;
855
856 /* When out is NULL then this is AAD. */
857 if (out == NULL) {
858 if (ctx->enc) {
859 ret = wc_AesGcmEncryptUpdate(&ctx->cipher.aes, NULL, NULL, 0,
860 in, inl);
861 }
862 else {
863 ret = wc_AesGcmDecryptUpdate(&ctx->cipher.aes, NULL, NULL, 0,
864 in, inl);
865 }
866 }
867 /* When out is not NULL then this is plaintext/cipher text. */
868 else {
869 if (ctx->enc) {
870 ret = wc_AesGcmEncryptUpdate(&ctx->cipher.aes, out, in, inl,
871 NULL, 0);
872 }
873 else {
874 ret = wc_AesGcmDecryptUpdate(&ctx->cipher.aes, out, in, inl,
875 NULL, 0);
876 }
877 }
878 *outl = (int)inl;
879 if (ret == 0) {
880 ret = WOLFSSL_SUCCESS;
881 }
882 else {
883 ret = WOLFSSL_FAILURE;
884 }
885 return ret;
886 }
887#endif /* WOLFSSL_AESGCM_STREAM */
888}
889#endif /* HAVE_AESGCM || WOLFSSL_SM4_GCM */
890
891#if defined(HAVE_AESCCM) || defined(WOLFSSL_SM4_CCM)
892static int wolfSSL_EVP_CipherUpdate_CCM_AAD(WOLFSSL_EVP_CIPHER_CTX *ctx,
893 const unsigned char *in, int inl) {
894 if (in && inl > 0) {
895 byte* tmp;
896 if (inl > INT_MAX - ctx->authInSz) {
897 WOLFSSL_MSG("AuthIn overflow");
898 return BAD_FUNC_ARG;
899 }
900 #ifdef WOLFSSL_NO_REALLOC
901 tmp = (byte*)XMALLOC((size_t)(ctx->authInSz + inl), NULL,
902 DYNAMIC_TYPE_OPENSSL);
903 if (tmp != NULL) {
904 XMEMCPY(tmp, ctx->authIn, (size_t)ctx->authInSz);
905 XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL);
906 ctx->authIn = NULL;
907 }
908 #else
909 tmp = (byte*)XREALLOC(ctx->authIn,
910 (size_t)(ctx->authInSz + inl), NULL, DYNAMIC_TYPE_OPENSSL);
911 #endif
912 if (tmp) {
913 ctx->authIn = tmp;
914 XMEMCPY(ctx->authIn + ctx->authInSz, in, (size_t)inl);
915 ctx->authInSz += inl;
916 }
917 else {
918 WOLFSSL_MSG("realloc error");
919 return MEMORY_E;
920 }
921 }
922 return 0;
923}
924
925static int wolfSSL_EVP_CipherUpdate_CCM(WOLFSSL_EVP_CIPHER_CTX *ctx,
926 unsigned char *out, int *outl,
927 const unsigned char *in, int inl)
928{
929 int ret = 0;
930
931 *outl = inl;
932 if (out) {
933 /* Buffer input for one-shot API */
934 if (inl > 0) {
935 byte* tmp;
936 if (inl > INT_MAX - ctx->authBufferLen) {
937 return MEMORY_E;
938 }
939 #ifdef WOLFSSL_NO_REALLOC
940 tmp = (byte*)XMALLOC((size_t)(ctx->authBufferLen + inl), NULL,
941 DYNAMIC_TYPE_OPENSSL);
942 if (tmp != NULL) {
943 XMEMCPY(tmp, ctx->authBuffer, (size_t)ctx->authBufferLen);
944 XFREE(ctx->authBuffer, NULL, DYNAMIC_TYPE_OPENSSL);
945 ctx->authBuffer = NULL;
946 }
947 #else
948 tmp = (byte*)XREALLOC(ctx->authBuffer,
949 (size_t)(ctx->authBufferLen + inl), NULL,
950 DYNAMIC_TYPE_OPENSSL);
951 #endif
952 if (tmp) {
953 XMEMCPY(tmp + ctx->authBufferLen, in, (size_t)inl);
954 ctx->authBufferLen += inl;
955 ctx->authBuffer = tmp;
956 *outl = 0;
957 }
958 else {
959 ret = MEMORY_E;
960 }
961 }
962 }
963 else {
964 ret = wolfSSL_EVP_CipherUpdate_CCM_AAD(ctx, in, inl);
965 }
966
967 if (ret != 0) {
968 *outl = 0;
969 return WOLFSSL_FAILURE;
970 }
971
972 return WOLFSSL_SUCCESS;
973}
974#endif /* HAVE_AESCCM || WOLFSSL_SM4_CCM */
975
976#if defined(HAVE_ARIA)
977static int wolfSSL_EVP_CipherUpdate_AriaGCM_AAD(WOLFSSL_EVP_CIPHER_CTX *ctx,
978 const unsigned char *in, int inl)
979{
980 if (in && inl > 0) {
981 byte* tmp;
982 if (inl > INT_MAX - ctx->authInSz) {
983 WOLFSSL_MSG("AuthIn overflow");
984 return BAD_FUNC_ARG;
985 }
986 #ifdef WOLFSSL_NO_REALLOC
987 tmp = (byte*)XMALLOC((size_t)(ctx->authInSz + inl), NULL,
988 DYNAMIC_TYPE_OPENSSL);
989 if (tmp != NULL) {
990 XMEMCPY(tmp, ctx->authIn, (size_t)ctx->authInSz);
991 XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL);
992 ctx->authIn = NULL;
993 }
994 #else
995 tmp = (byte*)XREALLOC(ctx->authIn,
996 (size_t)(ctx->authInSz + inl), NULL, DYNAMIC_TYPE_OPENSSL);
997 #endif
998 if (tmp) {
999 ctx->authIn = tmp;
1000 XMEMCPY(ctx->authIn + ctx->authInSz, in, (size_t)inl);
1001 ctx->authInSz += inl;
1002 }
1003 else {
1004 WOLFSSL_MSG("realloc error");
1005 return MEMORY_E;
1006 }
1007 }
1008 return 0;
1009}
1010
1011static int wolfSSL_EVP_CipherUpdate_AriaGCM(WOLFSSL_EVP_CIPHER_CTX *ctx,
1012 unsigned char *out, int *outl,
1013 const unsigned char *in, int inl)
1014{
1015 int ret = 0;
1016
1017 *outl = inl;
1018 if (out) {
1019 /* Buffer input for one-shot API */
1020 if (inl > 0) {
1021 byte* tmp;
1022 int size = ctx->authBufferLen + inl;
1023 if (ctx->enc == 0) { /* Append extra space for the tag */
1024 size = WC_ARIA_GCM_GET_CIPHERTEXT_SIZE(size);
1025 }
1026 #ifdef WOLFSSL_NO_REALLOC
1027 tmp = (byte*)XMALLOC((size_t)size, NULL,
1028 DYNAMIC_TYPE_OPENSSL);
1029 if (tmp != NULL) {
1030 XMEMCPY(tmp, ctx->authBuffer, (size_t)ctx->authBufferLen);
1031 XFREE(ctx->authBuffer, NULL, DYNAMIC_TYPE_OPENSSL);
1032 ctx->authBuffer = NULL;
1033 }
1034 #else
1035 tmp = (byte*)XREALLOC(ctx->authBuffer, (size_t)size, NULL,
1036 DYNAMIC_TYPE_OPENSSL);
1037 #endif
1038 if (tmp) {
1039 XMEMCPY(tmp + ctx->authBufferLen, in, (size_t)inl);
1040 ctx->authBufferLen += inl;
1041 ctx->authBuffer = tmp;
1042 *outl = 0;
1043 }
1044 else {
1045 ret = MEMORY_E;
1046 }
1047 }
1048 }
1049 else {
1050 ret = wolfSSL_EVP_CipherUpdate_AriaGCM_AAD(ctx, in, inl);
1051 }
1052
1053 if (ret != 0) {
1054 *outl = 0;
1055 return WOLFSSL_FAILURE;
1056 }
1057
1058 return WOLFSSL_SUCCESS;
1059}
1060#endif /* HAVE_ARIA */
1061
1062
1063/* returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure */
1064int wolfSSL_EVP_CipherUpdate(WOLFSSL_EVP_CIPHER_CTX *ctx,
1065 unsigned char *out, int *outl,
1066 const unsigned char *in, int inl)
1067{
1068 int blocks;
1069
1070 WOLFSSL_ENTER("wolfSSL_EVP_CipherUpdate");
1071 if ((ctx == NULL) || (outl == NULL)) {
1072 WOLFSSL_MSG("Bad argument");
1073 return WOLFSSL_FAILURE;
1074 }
1075
1076 *outl = 0;
1077
1078 if ((inl == 0) && (in == NULL)) {
1079 /* Nothing to do in this case. Just return. */
1080 return WOLFSSL_SUCCESS;
1081 }
1082
1083 if ((inl < 0) || (in == NULL)) {
1084 WOLFSSL_MSG("Bad argument");
1085 return WOLFSSL_FAILURE;
1086 }
1087
1088 switch (ctx->cipherType) {
1089 case WC_NULL_CIPHER_TYPE:
1090 if (out == NULL) {
1091 WOLFSSL_MSG("Bad argument");
1092 return WOLFSSL_FAILURE;
1093 }
1094 XMEMMOVE(out, in, inl);
1095 *outl = inl;
1096 return WOLFSSL_SUCCESS;
1097#if !defined(NO_AES) && defined(HAVE_AESGCM)
1098 case WC_AES_128_GCM_TYPE:
1099 case WC_AES_192_GCM_TYPE:
1100 case WC_AES_256_GCM_TYPE:
1101 /* if out == NULL, in/inl contains the additional auth data */
1102 return wolfSSL_EVP_CipherUpdate_GCM(ctx, out, outl, in, inl);
1103#endif /* !defined(NO_AES) && defined(HAVE_AESGCM) */
1104#if !defined(NO_AES) && defined(HAVE_AESCCM)
1105 case WC_AES_128_CCM_TYPE:
1106 case WC_AES_192_CCM_TYPE:
1107 case WC_AES_256_CCM_TYPE:
1108 /* if out == NULL, in/inl contains the
1109 * additional auth data */
1110 return wolfSSL_EVP_CipherUpdate_CCM(ctx, out, outl, in, inl);
1111#endif /* !defined(NO_AES) && defined(HAVE_AESCCM) */
1112#if defined(HAVE_ARIA)
1113 case WC_ARIA_128_GCM_TYPE:
1114 case WC_ARIA_192_GCM_TYPE:
1115 case WC_ARIA_256_GCM_TYPE:
1116 /* if out == NULL, in/inl contains the additional auth data */
1117 return wolfSSL_EVP_CipherUpdate_AriaGCM(ctx, out, outl, in, inl);
1118#endif /* defined(HAVE_ARIA) */
1119#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
1120 case WC_CHACHA20_POLY1305_TYPE:
1121 if (out == NULL) {
1122 if (wc_ChaCha20Poly1305_UpdateAad(&ctx->cipher.chachaPoly, in,
1123 (word32)inl) != 0) {
1124 WOLFSSL_MSG("wc_ChaCha20Poly1305_UpdateAad failed");
1125 return WOLFSSL_FAILURE;
1126 }
1127 else {
1128 *outl = inl;
1129 return WOLFSSL_SUCCESS;
1130 }
1131 }
1132 else {
1133 if (wc_ChaCha20Poly1305_UpdateData(&ctx->cipher.chachaPoly, in,
1134 out, (word32)inl) != 0) {
1135 WOLFSSL_MSG("wc_ChaCha20Poly1305_UpdateData failed");
1136 return WOLFSSL_FAILURE;
1137 }
1138 else {
1139 *outl = inl;
1140 return WOLFSSL_SUCCESS;
1141 }
1142 }
1143#endif
1144#ifdef HAVE_CHACHA
1145 case WC_CHACHA20_TYPE:
1146 if (wc_Chacha_Process(&ctx->cipher.chacha, out, in, (word32)inl) !=
1147 0) {
1148 WOLFSSL_MSG("wc_ChaCha_Process failed");
1149 return WOLFSSL_FAILURE;
1150 }
1151 *outl = inl;
1152 return WOLFSSL_SUCCESS;
1153#endif
1154#ifdef WOLFSSL_SM4_GCM
1155 case WC_SM4_GCM_TYPE:
1156 /* if out == NULL, in/inl contains the additional auth data */
1157 return wolfSSL_EVP_CipherUpdate_GCM(ctx, out, outl, in, inl);
1158#endif
1159#ifdef WOLFSSL_SM4_CCM
1160 case WC_SM4_CCM_TYPE:
1161 /* if out == NULL, in/inl contains the
1162 * additional auth data */
1163 return wolfSSL_EVP_CipherUpdate_CCM(ctx, out, outl, in, inl);
1164#endif
1165 default:
1166 /* fall-through */
1167 break;
1168 }
1169
1170 if (out == NULL) {
1171 return WOLFSSL_FAILURE;
1172 }
1173
1174 /* if(inl == 0)wolfSSL_EVP_CipherUpdate_GCM to get tag */
1175 if (inl == 0) {
1176 return WOLFSSL_SUCCESS;
1177 }
1178 if (ctx->bufUsed > 0) { /* concatenate them if there is anything */
1179 int fill = fillBuff(ctx, in, inl);
1180 inl -= fill;
1181 in += fill;
1182 }
1183
1184 /* check if the buff is full, and if so flash it out */
1185 if (ctx->bufUsed == ctx->block_size) {
1186 byte* output = out;
1187
1188 /* During decryption we save the last block to check padding on Final.
1189 * Update the last block stored if one has already been stored */
1190 if (ctx->enc == 0) {
1191 if (ctx->lastUsed == 1) {
1192 XMEMCPY(out, ctx->lastBlock, (size_t)ctx->block_size);
1193 *outl+= ctx->block_size;
1194 out += ctx->block_size;
1195 }
1196 output = ctx->lastBlock; /* redirect output to last block buffer */
1197 ctx->lastUsed = 1;
1198 }
1199
1200 PRINT_BUF(ctx->buf, ctx->block_size);
1201 if (evpCipherBlock(ctx, output, ctx->buf, ctx->block_size) == 0) {
1202 return WOLFSSL_FAILURE;
1203 }
1204 PRINT_BUF(out, ctx->block_size);
1205 ctx->bufUsed = 0;
1206
1207 /* if doing encryption update the new output block, decryption will
1208 * always have the last block saved for when Final is called */
1209 if ((ctx->enc != 0)) {
1210 *outl+= ctx->block_size;
1211 out += ctx->block_size;
1212 }
1213 }
1214
1215 blocks = inl / ctx->block_size;
1216 if (blocks > 0) {
1217 /* During decryption we save the last block to check padding on Final.
1218 * Update the last block stored if one has already been stored */
1219 if ((ctx->enc == 0) && (ctx->lastUsed == 1)) {
1220 PRINT_BUF(ctx->lastBlock, ctx->block_size);
1221 XMEMCPY(out, ctx->lastBlock, (size_t)ctx->block_size);
1222 *outl += ctx->block_size;
1223 out += ctx->block_size;
1224 ctx->lastUsed = 0;
1225 }
1226
1227 /* process blocks */
1228 if (evpCipherBlock(ctx, out, in, blocks * ctx->block_size) == 0) {
1229 return WOLFSSL_FAILURE;
1230 }
1231 PRINT_BUF(in, ctx->block_size*blocks);
1232 PRINT_BUF(out,ctx->block_size*blocks);
1233 inl -= ctx->block_size * blocks;
1234 in += ctx->block_size * blocks;
1235 if (ctx->enc == 0) {
1236 if ((ctx->flags & WOLFSSL_EVP_CIPH_NO_PADDING) ||
1237 (ctx->block_size == 1)) {
1238 ctx->lastUsed = 0;
1239 *outl += ctx->block_size * blocks;
1240 } else {
1241 /* in the case of decryption and padding, store the last block
1242 * here in order to verify the padding when Final is called */
1243 if (inl == 0) { /* if not 0 then we know leftovers are checked*/
1244 ctx->lastUsed = 1;
1245 blocks = blocks - 1; /* save last block to check padding in
1246 * EVP_CipherFinal call */
1247 XMEMCPY(ctx->lastBlock, &out[ctx->block_size * blocks],
1248 (size_t)ctx->block_size);
1249 }
1250 *outl += ctx->block_size * blocks;
1251 }
1252 } else {
1253 *outl += ctx->block_size * blocks;
1254 }
1255 }
1256
1257
1258 if (inl > 0) {
1259 /* put fraction into buff */
1260 fillBuff(ctx, in, inl);
1261 /* no increase of outl */
1262 }
1263 (void)out; /* silence warning in case not read */
1264
1265 return WOLFSSL_SUCCESS;
1266}
1267
1268static void padBlock(WOLFSSL_EVP_CIPHER_CTX *ctx)
1269{
1270 int i;
1271 for (i = ctx->bufUsed; i < ctx->block_size; i++)
1272 ctx->buf[i] = (byte)(ctx->block_size - ctx->bufUsed);
1273}
1274
1275static int checkPad(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *buff)
1276{
1277 int i;
1278 int n;
1279 byte mask = 0;
1280 n = buff[ctx->block_size-1];
1281 /* Encode invalid n into mask constant-time instead of early-returning,
1282 * so the loop always runs and timing does not reveal padding length. */
1283 mask |= ctMaskEq(n, 0) | ctMaskGT(n, ctx->block_size);
1284 for (i = 0; i < ctx->block_size; i++) {
1285 byte in_padding = ctMaskLT(i, n);
1286 mask |= ctMaskSel(in_padding,
1287 ctMaskNotEq(buff[ctx->block_size - 1 - i], n), 0);
1288 }
1289 return ctMaskSelInt(ctMaskEq(mask, 0), ctx->block_size - n, -1);
1290}
1291
1292#if (defined(HAVE_AESGCM) || defined(HAVE_AESCCM) || \
1293 defined(WOLFSSL_SM4_GCM) || defined(WOLFSSL_SM4_CCM)) && \
1294 ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || FIPS_VERSION_GE(2,0))
1295static WC_INLINE void IncCtr(byte* ctr, word32 ctrSz)
1296{
1297 int i;
1298 for (i = (int)ctrSz-1; i >= 0; i--) {
1299 if (++ctr[i])
1300 break;
1301 }
1302}
1303#endif
1304
1305int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out,
1306 int *outl)
1307{
1308 int ret = WOLFSSL_SUCCESS;
1309
1310 if (!ctx || !outl)
1311 return WOLFSSL_FAILURE;
1312
1313 WOLFSSL_ENTER("wolfSSL_EVP_CipherFinal");
1314 switch (ctx->cipherType) {
1315#if defined(HAVE_AESGCM) && ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) \
1316 || FIPS_VERSION_GE(2,0))
1317 case WC_AES_128_GCM_TYPE:
1318 case WC_AES_192_GCM_TYPE:
1319 case WC_AES_256_GCM_TYPE:
1320#ifndef WOLFSSL_AESGCM_STREAM
1321 if ((ctx->authBuffer && ctx->authBufferLen > 0)
1322 || (ctx->authBufferLen == 0)) {
1323 if (ctx->authBufferLen > 0 && out == NULL) {
1324 ret = WOLFSSL_FAILURE;
1325 *outl = 0;
1326 }
1327 else if (ctx->enc)
1328 ret = wc_AesGcmEncrypt(&ctx->cipher.aes, out,
1329 ctx->authBuffer, ctx->authBufferLen,
1330 ctx->iv, ctx->ivSz, ctx->authTag, ctx->authTagSz,
1331 ctx->authIn, ctx->authInSz);
1332 else
1333 ret = wc_AesGcmDecrypt(&ctx->cipher.aes, out,
1334 ctx->authBuffer, ctx->authBufferLen,
1335 ctx->iv, ctx->ivSz, ctx->authTag, ctx->authTagSz,
1336 ctx->authIn, ctx->authInSz);
1337
1338 if (ret == 0) {
1339 ret = WOLFSSL_SUCCESS;
1340 *outl = ctx->authBufferLen;
1341 }
1342 else {
1343 ret = WOLFSSL_FAILURE;
1344 *outl = 0;
1345 }
1346
1347 XFREE(ctx->authBuffer, NULL, DYNAMIC_TYPE_OPENSSL);
1348 ctx->authBuffer = NULL;
1349 ctx->authBufferLen = 0;
1350
1351 if (ctx->authIncIv) {
1352 IncCtr((byte*)ctx->cipher.aes.reg, ctx->cipher.aes.nonceSz);
1353 ctx->authIncIv = 0;
1354 }
1355 }
1356 else {
1357 *outl = 0;
1358 }
1359#else
1360 /* No data to return - all handled in Update. */
1361 *outl = 0;
1362 if (ctx->enc) {
1363 ret = wc_AesGcmEncryptFinal(&ctx->cipher.aes, ctx->authTag,
1364 (word32)ctx->authTagSz);
1365 }
1366 else {
1367 ret = wc_AesGcmDecryptFinal(&ctx->cipher.aes, ctx->authTag,
1368 (word32)ctx->authTagSz);
1369 if (ctx->authIncIv) {
1370 IncCtr((byte*)ctx->cipher.aes.reg, ctx->cipher.aes.nonceSz);
1371 }
1372 }
1373
1374 if (ret == 0)
1375 ret = WOLFSSL_SUCCESS;
1376 else
1377 ret = WOLFSSL_FAILURE;
1378
1379 /* Reinitialize for subsequent wolfSSL_EVP_Cipher calls. */
1380 if (wc_AesGcmInit(&ctx->cipher.aes, NULL, 0,
1381 (byte*)ctx->cipher.aes.reg,
1382 (word32)ctx->ivSz) != 0)
1383 {
1384 WOLFSSL_MSG("wc_AesGcmInit failed");
1385 ret = WOLFSSL_FAILURE;
1386 }
1387#endif /* WOLFSSL_AESGCM_STREAM */
1388 if (ret == WOLFSSL_SUCCESS) {
1389 if (ctx->authIncIv) {
1390 ctx->authIncIv = 0;
1391 }
1392 else {
1393 /* Clear IV, since IV reuse is not recommended for AES GCM. */
1394 XMEMSET(ctx->iv, 0, WC_AES_BLOCK_SIZE);
1395 }
1396 if (wolfSSL_StoreExternalIV(ctx) != WOLFSSL_SUCCESS) {
1397 ret = WOLFSSL_FAILURE;
1398 }
1399 }
1400 break;
1401#endif /* HAVE_AESGCM && ((!HAVE_FIPS && !HAVE_SELFTEST) ||
1402 * HAVE_FIPS_VERSION >= 2 */
1403#if defined(HAVE_AESCCM) && ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) \
1404 || FIPS_VERSION_GE(2,0))
1405 case WC_AES_128_CCM_TYPE:
1406 case WC_AES_192_CCM_TYPE:
1407 case WC_AES_256_CCM_TYPE:
1408 if ((ctx->authBuffer && ctx->authBufferLen > 0)
1409 || (ctx->authBufferLen == 0)) {
1410 if (ctx->authBufferLen > 0 && out == NULL) {
1411 ret = WOLFSSL_FAILURE;
1412 *outl = 0;
1413 }
1414 else if (ctx->enc) {
1415 ret = wc_AesCcmEncrypt(&ctx->cipher.aes, out,
1416 ctx->authBuffer, (word32)ctx->authBufferLen,
1417 ctx->iv, (word32)ctx->ivSz, ctx->authTag,
1418 (word32)ctx->authTagSz, ctx->authIn,
1419 (word32)ctx->authInSz);
1420 }
1421 else {
1422 ret = wc_AesCcmDecrypt(&ctx->cipher.aes, out,
1423 ctx->authBuffer, (word32)ctx->authBufferLen,
1424 ctx->iv, (word32)ctx->ivSz, ctx->authTag,
1425 (word32)ctx->authTagSz, ctx->authIn,
1426 (word32)ctx->authInSz);
1427 }
1428
1429 if (ret == 0) {
1430 ret = WOLFSSL_SUCCESS;
1431 *outl = ctx->authBufferLen;
1432 }
1433 else {
1434 ret = WOLFSSL_FAILURE;
1435 *outl = 0;
1436 }
1437
1438 XFREE(ctx->authBuffer, NULL, DYNAMIC_TYPE_OPENSSL);
1439 ctx->authBuffer = NULL;
1440 ctx->authBufferLen = 0;
1441
1442 if (ctx->authIncIv) {
1443 IncCtr((byte*)ctx->cipher.aes.reg, ctx->cipher.aes.nonceSz);
1444 ctx->authIncIv = 0;
1445 }
1446 }
1447 else {
1448 *outl = 0;
1449 }
1450 if (ret == WOLFSSL_SUCCESS) {
1451 if (ctx->authIncIv) {
1452 ctx->authIncIv = 0;
1453 }
1454 else {
1455 /* Clear IV, since IV reuse is not recommended
1456 * for AES CCM. */
1457 XMEMSET(ctx->iv, 0, WC_AES_BLOCK_SIZE);
1458 }
1459 if (wolfSSL_StoreExternalIV(ctx) != WOLFSSL_SUCCESS) {
1460 ret = WOLFSSL_FAILURE;
1461 }
1462 }
1463 break;
1464#endif /* HAVE_AESCCM && ((!HAVE_FIPS && !HAVE_SELFTEST) ||
1465 * HAVE_FIPS_VERSION >= 2 */
1466#if defined(HAVE_ARIA) && ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) \
1467 || FIPS_VERSION_GE(2,0))
1468 case WC_ARIA_128_GCM_TYPE:
1469 case WC_ARIA_192_GCM_TYPE:
1470 case WC_ARIA_256_GCM_TYPE:
1471 if ((ctx->authBuffer && ctx->authBufferLen > 0)
1472 || (ctx->authBufferLen == 0)) {
1473 if (ctx->enc)
1474 ret = wc_AriaEncrypt(&ctx->cipher.aria, out,
1475 ctx->authBuffer, ctx->authBufferLen,
1476 ctx->iv, ctx->ivSz, ctx->authIn, ctx->authInSz,
1477 ctx->authTag, ctx->authTagSz);
1478 else
1479 ret = wc_AriaDecrypt(&ctx->cipher.aria, out,
1480 ctx->authBuffer, ctx->authBufferLen,
1481 ctx->iv, ctx->ivSz, ctx->authIn, ctx->authInSz,
1482 ctx->authTag, ctx->authTagSz);
1483
1484 if (ret == 0) {
1485 ret = WOLFSSL_SUCCESS;
1486 *outl = ctx->authBufferLen;
1487 }
1488 else {
1489 ret = WOLFSSL_FAILURE;
1490 *outl = 0;
1491 }
1492
1493 XFREE(ctx->authBuffer, NULL, DYNAMIC_TYPE_OPENSSL);
1494 ctx->authBuffer = NULL;
1495 ctx->authBufferLen = 0;
1496
1497 if (ctx->authIncIv) {
1498 IncCtr((byte*)ctx->cipher.aria.nonce,
1499 ctx->cipher.aria.nonceSz);
1500 ctx->authIncIv = 0;
1501 }
1502 }
1503 else {
1504 *outl = 0;
1505 }
1506 if (ret == WOLFSSL_SUCCESS) {
1507 if (ctx->authIncIv) {
1508 ctx->authIncIv = 0;
1509 }
1510 else {
1511 /* Clear IV, since IV reuse is not recommended for AES GCM. */
1512 XMEMSET(ctx->iv, 0, ARIA_BLOCK_SIZE);
1513 }
1514 if (wolfSSL_StoreExternalIV(ctx) != WOLFSSL_SUCCESS) {
1515 ret = WOLFSSL_FAILURE;
1516 }
1517 }
1518 break;
1519#endif /* HAVE_AESGCM && ((!HAVE_FIPS && !HAVE_SELFTEST) ||
1520 * HAVE_FIPS_VERSION >= 2 */
1521#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
1522 case WC_CHACHA20_POLY1305_TYPE:
1523 {
1524 byte computedTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE];
1525 if (!ctx->enc) {
1526 /* Save the expected tag before _Final() overwrites
1527 * ctx->authTag */
1528 XMEMCPY(computedTag, ctx->authTag, sizeof(computedTag));
1529 }
1530 if (wc_ChaCha20Poly1305_Final(&ctx->cipher.chachaPoly,
1531 ctx->authTag) != 0) {
1532 WOLFSSL_MSG("wc_ChaCha20Poly1305_Final failed");
1533 return WOLFSSL_FAILURE;
1534 }
1535 if (!ctx->enc) {
1536 /* ctx->authTag now holds computed tag; computedTag holds
1537 * expected */
1538 int tagErr = wc_ChaCha20Poly1305_CheckTag(computedTag,
1539 ctx->authTag);
1540 ForceZero(computedTag, sizeof(computedTag));
1541 if (tagErr != 0) {
1542 WOLFSSL_MSG("ChaCha20-Poly1305 tag mismatch");
1543 return WOLFSSL_FAILURE;
1544 }
1545 }
1546 *outl = 0;
1547 return WOLFSSL_SUCCESS;
1548 }
1549 break;
1550#endif
1551#ifdef WOLFSSL_SM4_GCM
1552 case WC_SM4_GCM_TYPE:
1553 if ((ctx->authBuffer && ctx->authBufferLen > 0) ||
1554 (ctx->authBufferLen == 0)) {
1555 if (ctx->enc)
1556 ret = wc_Sm4GcmEncrypt(&ctx->cipher.sm4, out,
1557 ctx->authBuffer, ctx->authBufferLen,
1558 ctx->iv, ctx->ivSz, ctx->authTag, ctx->authTagSz,
1559 ctx->authIn, ctx->authInSz);
1560 else
1561 ret = wc_Sm4GcmDecrypt(&ctx->cipher.sm4, out,
1562 ctx->authBuffer, ctx->authBufferLen,
1563 ctx->iv, ctx->ivSz, ctx->authTag, ctx->authTagSz,
1564 ctx->authIn, ctx->authInSz);
1565
1566 if (ret == 0) {
1567 ret = WOLFSSL_SUCCESS;
1568 *outl = ctx->authBufferLen;
1569 }
1570 else {
1571 ret = WOLFSSL_FAILURE;
1572 *outl = 0;
1573 }
1574
1575 XFREE(ctx->authBuffer, NULL, DYNAMIC_TYPE_OPENSSL);
1576 ctx->authBuffer = NULL;
1577 ctx->authBufferLen = 0;
1578
1579 if (ctx->authIncIv) {
1580 IncCtr((byte*)ctx->cipher.sm4.iv, ctx->cipher.sm4.nonceSz);
1581 ctx->authIncIv = 0;
1582 }
1583 }
1584 else {
1585 *outl = 0;
1586 }
1587 if (ret == WOLFSSL_SUCCESS) {
1588 if (ctx->authIncIv) {
1589 ctx->authIncIv = 0;
1590 }
1591 else {
1592 /* Clear IV, since IV reuse is not recommended for SM4 GCM.
1593 */
1594 XMEMSET(ctx->iv, 0, SM4_BLOCK_SIZE);
1595 }
1596 if (wolfSSL_StoreExternalIV(ctx) != WOLFSSL_SUCCESS) {
1597 ret = WOLFSSL_FAILURE;
1598 }
1599 }
1600 break;
1601#endif
1602#ifdef WOLFSSL_SM4_CCM
1603 case WC_SM4_CCM_TYPE:
1604 if ((ctx->authBuffer && ctx->authBufferLen > 0) ||
1605 (ctx->authBufferLen == 0)) {
1606 if (ctx->enc)
1607 ret = wc_Sm4CcmEncrypt(&ctx->cipher.sm4, out,
1608 ctx->authBuffer, ctx->authBufferLen,
1609 ctx->iv, ctx->ivSz, ctx->authTag, ctx->authTagSz,
1610 ctx->authIn, ctx->authInSz);
1611 else
1612 ret = wc_Sm4CcmDecrypt(&ctx->cipher.sm4, out,
1613 ctx->authBuffer, ctx->authBufferLen,
1614 ctx->iv, ctx->ivSz, ctx->authTag, ctx->authTagSz,
1615 ctx->authIn, ctx->authInSz);
1616
1617 if (ret == 0) {
1618 ret = WOLFSSL_SUCCESS;
1619 *outl = ctx->authBufferLen;
1620 }
1621 else {
1622 ret = WOLFSSL_FAILURE;
1623 *outl = 0;
1624 }
1625
1626 XFREE(ctx->authBuffer, NULL, DYNAMIC_TYPE_OPENSSL);
1627 ctx->authBuffer = NULL;
1628 ctx->authBufferLen = 0;
1629
1630 if (ctx->authIncIv) {
1631 IncCtr((byte*)ctx->cipher.sm4.iv, ctx->cipher.sm4.nonceSz);
1632 ctx->authIncIv = 0;
1633 }
1634 }
1635 else {
1636 *outl = 0;
1637 }
1638 if (ret == WOLFSSL_SUCCESS) {
1639 if (ctx->authIncIv) {
1640 ctx->authIncIv = 0;
1641 }
1642 else {
1643 /* Clear IV, since IV reuse is not recommended
1644 * for SM4 CCM. */
1645 XMEMSET(ctx->iv, 0, SM4_BLOCK_SIZE);
1646 }
1647 if (wolfSSL_StoreExternalIV(ctx) != WOLFSSL_SUCCESS) {
1648 ret = WOLFSSL_FAILURE;
1649 }
1650 }
1651 break;
1652#endif
1653 default:
1654 if (!out)
1655 return WOLFSSL_FAILURE;
1656
1657 if (ctx->flags & WOLFSSL_EVP_CIPH_NO_PADDING) {
1658 if (ctx->bufUsed != 0) return WOLFSSL_FAILURE;
1659 *outl = 0;
1660 }
1661 else if (ctx->enc) {
1662 if (ctx->block_size == 1) {
1663 *outl = 0;
1664 }
1665 else if ((ctx->bufUsed >= 0) && (ctx->block_size != 1)) {
1666 padBlock(ctx);
1667 PRINT_BUF(ctx->buf, ctx->block_size);
1668 if (evpCipherBlock(ctx, out, ctx->buf, ctx->block_size) == 0) {
1669 WOLFSSL_MSG("Final Cipher Block failed");
1670 ret = WOLFSSL_FAILURE;
1671 }
1672 else {
1673 PRINT_BUF(out, ctx->block_size);
1674 *outl = ctx->block_size;
1675 }
1676 }
1677 }
1678 else {
1679 if (ctx->block_size == 1) {
1680 *outl = 0;
1681 }
1682 else if ((ctx->bufUsed % ctx->block_size) != 0) {
1683 *outl = 0;
1684 /* not enough padding for decrypt */
1685 WOLFSSL_MSG("Final Cipher Block not enough padding");
1686 ret = WOLFSSL_FAILURE;
1687 }
1688 else if (ctx->lastUsed) {
1689 int fl;
1690 PRINT_BUF(ctx->lastBlock, ctx->block_size);
1691 if ((fl = checkPad(ctx, ctx->lastBlock)) >= 0) {
1692 XMEMCPY(out, ctx->lastBlock, (size_t)fl);
1693 *outl = fl;
1694 if (ctx->lastUsed == 0 && ctx->bufUsed == 0) {
1695 /* return error in cases where the block length is
1696 * incorrect */
1697 WOLFSSL_MSG("Final Cipher Block bad length");
1698 ret = WOLFSSL_FAILURE;
1699 }
1700 }
1701 else {
1702 ret = WOLFSSL_FAILURE;
1703 }
1704 }
1705 else if (ctx->lastUsed == 0 && ctx->bufUsed == 0) {
1706 /* return error in cases where the block length is
1707 * incorrect */
1708 ret = WOLFSSL_FAILURE;
1709 }
1710 }
1711 break;
1712 }
1713
1714 if (ret == WOLFSSL_SUCCESS) {
1715#if (defined(HAVE_AESGCM) || defined(HAVE_AESCCM) || \
1716 defined(WOLFSSL_SM4_GCM) || defined(WOLFSSL_SM4_CCM)) && \
1717 ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) \
1718 || FIPS_VERSION_GE(2,0))
1719 byte tmp = 0;
1720
1721 /*
1722 * This flag needs to retain its value between wolfSSL_EVP_CipherFinal
1723 * calls. wolfSSL_EVP_CipherInit will clear it, so we save and restore
1724 * it here.
1725 */
1726 if (FALSE
1727 #ifdef HAVE_AESGCM
1728 || ctx->cipherType == WC_AES_128_GCM_TYPE ||
1729 ctx->cipherType == WC_AES_192_GCM_TYPE ||
1730 ctx->cipherType == WC_AES_256_GCM_TYPE
1731 #endif
1732 #ifdef HAVE_AESCCM
1733 || ctx->cipherType == WC_AES_128_CCM_TYPE ||
1734 ctx->cipherType == WC_AES_192_CCM_TYPE ||
1735 ctx->cipherType == WC_AES_256_CCM_TYPE
1736 #endif
1737 #ifdef WOLFSSL_SM4_GCM
1738 || ctx->cipherType == WC_SM4_GCM_TYPE
1739 #endif
1740 #ifdef WOLFSSL_SM4_CCM
1741 || ctx->cipherType == WC_SM4_CCM_TYPE
1742 #endif
1743 ) {
1744 tmp = ctx->authIvGenEnable;
1745 }
1746#endif
1747
1748 /* reset cipher state after final */
1749 ret = wolfSSL_EVP_CipherInit(ctx, NULL, NULL, NULL, -1);
1750
1751#if (defined(HAVE_AESGCM) || defined(HAVE_AESCCM) || \
1752 defined(WOLFSSL_SM4_GCM) || defined(WOLFSSL_SM4_CCM)) && \
1753 ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || FIPS_VERSION_GE(2,0))
1754 if (FALSE
1755 #ifdef HAVE_AESGCM
1756 || ctx->cipherType == WC_AES_128_GCM_TYPE ||
1757 ctx->cipherType == WC_AES_192_GCM_TYPE ||
1758 ctx->cipherType == WC_AES_256_GCM_TYPE
1759 #endif
1760 #ifdef HAVE_AESCCM
1761 || ctx->cipherType == WC_AES_128_CCM_TYPE ||
1762 ctx->cipherType == WC_AES_192_CCM_TYPE ||
1763 ctx->cipherType == WC_AES_256_CCM_TYPE
1764 #endif
1765 #ifdef WOLFSSL_SM4_GCM
1766 || ctx->cipherType == WC_SM4_GCM_TYPE
1767 #endif
1768 #ifdef WOLFSSL_SM4_CCM
1769 || ctx->cipherType == WC_SM4_CCM_TYPE
1770 #endif
1771 ) {
1772 ctx->authIvGenEnable = (tmp == 1);
1773 }
1774#endif
1775 }
1776
1777 return ret;
1778}
1779
1780
1781#ifdef WOLFSSL_EVP_DECRYPT_LEGACY
1782/* This is a version of DecryptFinal to work with data encrypted with
1783 * wolfSSL_EVP_EncryptFinal() with the broken padding. (pre-v3.12.0)
1784 * Only call this after wolfSSL_EVP_CipherFinal() fails on a decrypt.
1785 * Note, you don't know if the padding is good or bad with the old
1786 * encrypt, but it is likely to be or bad. It will update the output
1787 * length with the block_size so the last block is still captured. */
1788int wolfSSL_EVP_DecryptFinal_legacy(WOLFSSL_EVP_CIPHER_CTX *ctx,
1789 unsigned char *out, int *outl)
1790{
1791 int fl;
1792 if (ctx == NULL || out == NULL || outl == NULL)
1793 return WOLFSSL_FAILURE;
1794
1795 WOLFSSL_ENTER("wolfSSL_EVP_DecryptFinal_legacy");
1796 if (ctx->block_size == 1) {
1797 *outl = 0;
1798 return WOLFSSL_SUCCESS;
1799 }
1800 if ((ctx->bufUsed % ctx->block_size) != 0) {
1801 *outl = 0;
1802 /* not enough padding for decrypt */
1803 return WOLFSSL_FAILURE;
1804 }
1805 /* The original behavior of CipherFinal() was like it is now,
1806 * but checkPad would return 0 in case of a bad pad. It would
1807 * treat the pad as 0, and leave the data in the output buffer,
1808 * and not try to copy anything. This converts checkPad's -1 error
1809 * code to block_size.
1810 */
1811 if (ctx->lastUsed) {
1812 PRINT_BUF(ctx->lastBlock, ctx->block_size);
1813 if ((fl = checkPad(ctx, ctx->lastBlock)) < 0) {
1814 fl = ctx->block_size;
1815 }
1816 else {
1817 XMEMCPY(out, ctx->lastBlock, (size_t)fl);
1818 }
1819 *outl = fl;
1820 }
1821 /* return error in cases where the block length is incorrect */
1822 if (ctx->lastUsed == 0 && ctx->bufUsed == 0) {
1823 return WOLFSSL_FAILURE;
1824 }
1825
1826 return WOLFSSL_SUCCESS;
1827}
1828#endif
1829
1830int wolfSSL_EVP_CIPHER_CTX_block_size(const WOLFSSL_EVP_CIPHER_CTX *ctx)
1831{
1832 if (ctx == NULL) return WOLFSSL_FAILURE;
1833 switch (ctx->cipherType) {
1834#if !defined(NO_AES) || !defined(NO_DES3) || defined(WOLFSSL_SM4)
1835#if !defined(NO_AES)
1836#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
1837 case WC_AES_128_CBC_TYPE:
1838 case WC_AES_192_CBC_TYPE:
1839 case WC_AES_256_CBC_TYPE:
1840#endif
1841#if defined(HAVE_AESGCM)
1842 case WC_AES_128_GCM_TYPE:
1843 case WC_AES_192_GCM_TYPE:
1844 case WC_AES_256_GCM_TYPE:
1845#endif
1846#if defined(HAVE_AESCCM)
1847 case WC_AES_128_CCM_TYPE:
1848 case WC_AES_192_CCM_TYPE:
1849 case WC_AES_256_CCM_TYPE:
1850#endif
1851#if defined(WOLFSSL_AES_COUNTER)
1852 case WC_AES_128_CTR_TYPE:
1853 case WC_AES_192_CTR_TYPE:
1854 case WC_AES_256_CTR_TYPE:
1855#endif
1856#if defined(WOLFSSL_AES_CFB)
1857 case WC_AES_128_CFB1_TYPE:
1858 case WC_AES_192_CFB1_TYPE:
1859 case WC_AES_256_CFB1_TYPE:
1860 case WC_AES_128_CFB8_TYPE:
1861 case WC_AES_192_CFB8_TYPE:
1862 case WC_AES_256_CFB8_TYPE:
1863 case WC_AES_128_CFB128_TYPE:
1864 case WC_AES_192_CFB128_TYPE:
1865 case WC_AES_256_CFB128_TYPE:
1866#endif
1867#if defined(WOLFSSL_AES_OFB)
1868 case WC_AES_128_OFB_TYPE:
1869 case WC_AES_192_OFB_TYPE:
1870 case WC_AES_256_OFB_TYPE:
1871#endif
1872#if defined(WOLFSSL_AES_XTS) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3))
1873 case WC_AES_128_XTS_TYPE:
1874 case WC_AES_256_XTS_TYPE:
1875#endif
1876#if defined(HAVE_ARIA)
1877 case WC_ARIA_128_GCM_TYPE:
1878 case WC_ARIA_192_GCM_TYPE:
1879 case WC_ARIA_256_GCM_TYPE:
1880#endif
1881
1882 case WC_AES_128_ECB_TYPE:
1883 case WC_AES_192_ECB_TYPE:
1884 case WC_AES_256_ECB_TYPE:
1885#endif /* !NO_AES */
1886#ifndef NO_DES3
1887 case WC_DES_CBC_TYPE:
1888 case WC_DES_ECB_TYPE:
1889 case WC_DES_EDE3_CBC_TYPE:
1890 case WC_DES_EDE3_ECB_TYPE:
1891#endif
1892#ifdef WOLFSSL_SM4_ECB
1893 case WC_SM4_ECB_TYPE:
1894#endif
1895#ifdef WOLFSSL_SM4_CBC
1896 case WC_SM4_CBC_TYPE:
1897#endif
1898#ifdef WOLFSSL_SM4_CTR
1899 case WC_SM4_CTR_TYPE:
1900#endif
1901#ifdef WOLFSSL_SM4_GCM
1902 case WC_SM4_GCM_TYPE:
1903#endif
1904#ifdef WOLFSSL_SM4_CCM
1905 case WC_SM4_CCM_TYPE:
1906#endif
1907 return ctx->block_size;
1908#endif /* !NO_AES || !NO_DES3 || WOLFSSL_SM4 */
1909 default:
1910 return 0;
1911 }
1912}
1913
1914static unsigned int cipherType(const WOLFSSL_EVP_CIPHER *cipher)
1915{
1916 if (cipher == NULL) return 0; /* dummy for #ifdef */
1917#ifndef NO_DES3
1918 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_DES_CBC))
1919 return WC_DES_CBC_TYPE;
1920 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_DES_EDE3_CBC))
1921 return WC_DES_EDE3_CBC_TYPE;
1922#if !defined(NO_DES3)
1923 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_DES_ECB))
1924 return WC_DES_ECB_TYPE;
1925 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_DES_EDE3_ECB))
1926 return WC_DES_EDE3_ECB_TYPE;
1927#endif /* NO_DES3 && HAVE_AES_ECB */
1928#endif
1929#if !defined(NO_AES)
1930#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
1931 #ifdef WOLFSSL_AES_128
1932 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_CBC))
1933 return WC_AES_128_CBC_TYPE;
1934 #endif
1935 #ifdef WOLFSSL_AES_192
1936 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_192_CBC))
1937 return WC_AES_192_CBC_TYPE;
1938 #endif
1939 #ifdef WOLFSSL_AES_256
1940 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_CBC))
1941 return WC_AES_256_CBC_TYPE;
1942 #endif
1943#endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */
1944#if defined(HAVE_AESGCM)
1945 #ifdef WOLFSSL_AES_128
1946 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_GCM))
1947 return WC_AES_128_GCM_TYPE;
1948 #endif
1949 #ifdef WOLFSSL_AES_192
1950 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_192_GCM))
1951 return WC_AES_192_GCM_TYPE;
1952 #endif
1953 #ifdef WOLFSSL_AES_256
1954 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_GCM))
1955 return WC_AES_256_GCM_TYPE;
1956 #endif
1957#endif /* HAVE_AESGCM */
1958#if defined(HAVE_AESCCM)
1959 #ifdef WOLFSSL_AES_128
1960 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_CCM))
1961 return WC_AES_128_CCM_TYPE;
1962 #endif
1963 #ifdef WOLFSSL_AES_192
1964 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_192_CCM))
1965 return WC_AES_192_CCM_TYPE;
1966 #endif
1967 #ifdef WOLFSSL_AES_256
1968 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_CCM))
1969 return WC_AES_256_CCM_TYPE;
1970 #endif
1971#endif /* HAVE_AESCCM */
1972#if defined(WOLFSSL_AES_COUNTER)
1973 #ifdef WOLFSSL_AES_128
1974 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_CTR))
1975 return WC_AES_128_CTR_TYPE;
1976 #endif
1977 #ifdef WOLFSSL_AES_192
1978 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_192_CTR))
1979 return WC_AES_192_CTR_TYPE;
1980 #endif
1981 #ifdef WOLFSSL_AES_256
1982 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_CTR))
1983 return WC_AES_256_CTR_TYPE;
1984 #endif
1985#endif /* HAVE_AES_CBC */
1986#if defined(HAVE_AES_ECB)
1987 #ifdef WOLFSSL_AES_128
1988 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_ECB))
1989 return WC_AES_128_ECB_TYPE;
1990 #endif
1991 #ifdef WOLFSSL_AES_192
1992 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_192_ECB))
1993 return WC_AES_192_ECB_TYPE;
1994 #endif
1995 #ifdef WOLFSSL_AES_256
1996 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_ECB))
1997 return WC_AES_256_ECB_TYPE;
1998 #endif
1999#endif /*HAVE_AES_CBC */
2000#if defined(WOLFSSL_AES_XTS) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3))
2001 #ifdef WOLFSSL_AES_128
2002 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_XTS))
2003 return WC_AES_128_XTS_TYPE;
2004 #endif
2005 #ifdef WOLFSSL_AES_256
2006 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_XTS))
2007 return WC_AES_256_XTS_TYPE;
2008 #endif
2009#endif /* WOLFSSL_AES_XTS */
2010#if defined(WOLFSSL_AES_CFB)
2011#ifndef WOLFSSL_NO_AES_CFB_1_8
2012 #ifdef WOLFSSL_AES_128
2013 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_CFB1))
2014 return WC_AES_128_CFB1_TYPE;
2015 #endif
2016 #ifdef WOLFSSL_AES_192
2017 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_192_CFB1))
2018 return WC_AES_192_CFB1_TYPE;
2019 #endif
2020 #ifdef WOLFSSL_AES_256
2021 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_CFB1))
2022 return WC_AES_256_CFB1_TYPE;
2023 #endif
2024 #ifdef WOLFSSL_AES_128
2025 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_CFB8))
2026 return WC_AES_128_CFB8_TYPE;
2027 #endif
2028 #ifdef WOLFSSL_AES_192
2029 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_192_CFB8))
2030 return WC_AES_192_CFB8_TYPE;
2031 #endif
2032 #ifdef WOLFSSL_AES_256
2033 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_CFB8))
2034 return WC_AES_256_CFB8_TYPE;
2035 #endif
2036#endif /* !WOLFSSL_NO_AES_CFB_1_8 */
2037 #ifdef WOLFSSL_AES_128
2038 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_CFB128))
2039 return WC_AES_128_CFB128_TYPE;
2040 #endif
2041 #ifdef WOLFSSL_AES_192
2042 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_192_CFB128))
2043 return WC_AES_192_CFB128_TYPE;
2044 #endif
2045 #ifdef WOLFSSL_AES_256
2046 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_CFB128))
2047 return WC_AES_256_CFB128_TYPE;
2048 #endif
2049#endif /*HAVE_AES_CBC */
2050#if defined(WOLFSSL_AES_OFB)
2051 #ifdef WOLFSSL_AES_128
2052 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_128_OFB))
2053 return WC_AES_128_OFB_TYPE;
2054 #endif
2055 #ifdef WOLFSSL_AES_192
2056 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_192_OFB))
2057 return WC_AES_192_OFB_TYPE;
2058 #endif
2059 #ifdef WOLFSSL_AES_256
2060 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_AES_256_OFB))
2061 return WC_AES_256_OFB_TYPE;
2062 #endif
2063#endif
2064#endif /* !NO_AES */
2065#if defined(HAVE_ARIA)
2066 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_ARIA_128_GCM))
2067 return WC_ARIA_128_GCM_TYPE;
2068 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_ARIA_192_GCM))
2069 return WC_ARIA_192_GCM_TYPE;
2070 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_ARIA_256_GCM))
2071 return WC_ARIA_256_GCM_TYPE;
2072#endif /* HAVE_ARIA */
2073
2074#ifndef NO_RC4
2075 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_ARC4))
2076 return WC_ARC4_TYPE;
2077#endif
2078
2079#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
2080 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_CHACHA20_POLY1305))
2081 return WC_CHACHA20_POLY1305_TYPE;
2082#endif
2083
2084#ifdef HAVE_CHACHA
2085 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_CHACHA20))
2086 return WC_CHACHA20_TYPE;
2087#endif
2088
2089#ifdef WOLFSSL_SM4_ECB
2090 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_SM4_ECB))
2091 return WC_SM4_ECB_TYPE;
2092#endif
2093#ifdef WOLFSSL_SM4_CBC
2094 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_SM4_CBC))
2095 return WC_SM4_CBC_TYPE;
2096#endif
2097#ifdef WOLFSSL_SM4_CTR
2098 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_SM4_CTR))
2099 return WC_SM4_CTR_TYPE;
2100#endif
2101#ifdef WOLFSSL_SM4_GCM
2102 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_SM4_GCM))
2103 return WC_SM4_GCM_TYPE;
2104#endif
2105#ifdef WOLFSSL_SM4_CCM
2106 else if (EVP_CIPHER_TYPE_MATCHES(cipher, EVP_SM4_CCM))
2107 return WC_SM4_CCM_TYPE;
2108#endif
2109
2110 else return 0;
2111}
2112
2113/* Getter function for cipher type string
2114 *
2115 * cipherType cipherType enum value to get string for
2116 *
2117 * Returns string representation of the cipher type or NULL if not found
2118 */
2119const char* wolfSSL_EVP_CIPHER_type_string(unsigned int cipherType)
2120{
2121 WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_type_string");
2122
2123 switch (cipherType) {
2124#ifndef NO_DES3
2125 case WC_DES_CBC_TYPE: return EVP_DES_CBC;
2126 case WC_DES_EDE3_CBC_TYPE: return EVP_DES_EDE3_CBC;
2127 case WC_DES_ECB_TYPE: return EVP_DES_ECB;
2128 case WC_DES_EDE3_ECB_TYPE: return EVP_DES_EDE3_ECB;
2129#endif
2130#if !defined(NO_AES)
2131 #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
2132 #ifdef WOLFSSL_AES_128
2133 case WC_AES_128_CBC_TYPE: return EVP_AES_128_CBC;
2134 #endif
2135 #ifdef WOLFSSL_AES_192
2136 case WC_AES_192_CBC_TYPE: return EVP_AES_192_CBC;
2137 #endif
2138 #ifdef WOLFSSL_AES_256
2139 case WC_AES_256_CBC_TYPE: return EVP_AES_256_CBC;
2140 #endif
2141 #endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */
2142 #if defined(WOLFSSL_AES_CFB)
2143 #ifndef WOLFSSL_NO_AES_CFB_1_8
2144 #ifdef WOLFSSL_AES_128
2145 case WC_AES_128_CFB1_TYPE: return EVP_AES_128_CFB1;
2146 #endif
2147 #ifdef WOLFSSL_AES_192
2148 case WC_AES_192_CFB1_TYPE: return EVP_AES_192_CFB1;
2149 #endif
2150 #ifdef WOLFSSL_AES_256
2151 case WC_AES_256_CFB1_TYPE: return EVP_AES_256_CFB1;
2152 #endif
2153 #ifdef WOLFSSL_AES_128
2154 case WC_AES_128_CFB8_TYPE: return EVP_AES_128_CFB8;
2155 #endif
2156 #ifdef WOLFSSL_AES_192
2157 case WC_AES_192_CFB8_TYPE: return EVP_AES_192_CFB8;
2158 #endif
2159 #ifdef WOLFSSL_AES_256
2160 case WC_AES_256_CFB8_TYPE: return EVP_AES_256_CFB8;
2161 #endif
2162 #endif /* !WOLFSSL_NO_AES_CFB_1_8 */
2163 #ifdef WOLFSSL_AES_128
2164 case WC_AES_128_CFB128_TYPE: return EVP_AES_128_CFB128;
2165 #endif
2166 #ifdef WOLFSSL_AES_192
2167 case WC_AES_192_CFB128_TYPE: return EVP_AES_192_CFB128;
2168 #endif
2169 #ifdef WOLFSSL_AES_256
2170 case WC_AES_256_CFB128_TYPE: return EVP_AES_256_CFB128;
2171 #endif
2172 #endif /* WOLFSSL_AES_CFB */
2173 #if defined(WOLFSSL_AES_OFB)
2174 #ifdef WOLFSSL_AES_128
2175 case WC_AES_128_OFB_TYPE: return EVP_AES_128_OFB;
2176 #endif
2177 #ifdef WOLFSSL_AES_192
2178 case WC_AES_192_OFB_TYPE: return EVP_AES_192_OFB;
2179 #endif
2180 #ifdef WOLFSSL_AES_256
2181 case WC_AES_256_OFB_TYPE: return EVP_AES_256_OFB;
2182 #endif
2183 #endif /* WOLFSSL_AES_OFB */
2184 #if defined(WOLFSSL_AES_XTS) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3))
2185 #ifdef WOLFSSL_AES_128
2186 case WC_AES_128_XTS_TYPE: return EVP_AES_128_XTS;
2187 #endif
2188 #ifdef WOLFSSL_AES_256
2189 case WC_AES_256_XTS_TYPE: return EVP_AES_256_XTS;
2190 #endif
2191 #endif /* WOLFSSL_AES_XTS && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) */
2192 #if defined(HAVE_AESGCM)
2193 #ifdef WOLFSSL_AES_128
2194 case WC_AES_128_GCM_TYPE: return EVP_AES_128_GCM;
2195 #endif
2196 #ifdef WOLFSSL_AES_192
2197 case WC_AES_192_GCM_TYPE: return EVP_AES_192_GCM;
2198 #endif
2199 #ifdef WOLFSSL_AES_256
2200 case WC_AES_256_GCM_TYPE: return EVP_AES_256_GCM;
2201 #endif
2202 #endif /* HAVE_AESGCM */
2203 #if defined(HAVE_AESCCM)
2204 #ifdef WOLFSSL_AES_128
2205 case WC_AES_128_CCM_TYPE: return EVP_AES_128_CCM;
2206 #endif
2207 #ifdef WOLFSSL_AES_192
2208 case WC_AES_192_CCM_TYPE: return EVP_AES_192_CCM;
2209 #endif
2210 #ifdef WOLFSSL_AES_256
2211 case WC_AES_256_CCM_TYPE: return EVP_AES_256_CCM;
2212 #endif
2213 #endif /* HAVE_AESCCM */
2214 #if defined(WOLFSSL_AES_COUNTER)
2215 #ifdef WOLFSSL_AES_128
2216 case WC_AES_128_CTR_TYPE: return EVP_AES_128_CTR;
2217 #endif
2218 #ifdef WOLFSSL_AES_192
2219 case WC_AES_192_CTR_TYPE: return EVP_AES_192_CTR;
2220 #endif
2221 #ifdef WOLFSSL_AES_256
2222 case WC_AES_256_CTR_TYPE: return EVP_AES_256_CTR;
2223 #endif
2224 #endif /* WOLFSSL_AES_COUNTER */
2225 #if defined(HAVE_AES_ECB)
2226 #ifdef WOLFSSL_AES_128
2227 case WC_AES_128_ECB_TYPE: return EVP_AES_128_ECB;
2228 #endif
2229 #ifdef WOLFSSL_AES_192
2230 case WC_AES_192_ECB_TYPE: return EVP_AES_192_ECB;
2231 #endif
2232 #ifdef WOLFSSL_AES_256
2233 case WC_AES_256_ECB_TYPE: return EVP_AES_256_ECB;
2234 #endif
2235 #endif /* HAVE_AES_ECB */
2236#endif /* !NO_AES */
2237#if defined(HAVE_ARIA)
2238 case WC_ARIA_128_GCM_TYPE: return EVP_ARIA_128_GCM;
2239 case WC_ARIA_192_GCM_TYPE: return EVP_ARIA_192_GCM;
2240 case WC_ARIA_256_GCM_TYPE: return EVP_ARIA_256_GCM;
2241#endif /* HAVE_ARIA */
2242#ifndef NO_RC4
2243 case WC_ARC4_TYPE: return EVP_ARC4;
2244#endif
2245#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
2246 case WC_CHACHA20_POLY1305_TYPE: return EVP_CHACHA20_POLY1305;
2247#endif
2248#ifdef HAVE_CHACHA
2249 case WC_CHACHA20_TYPE: return EVP_CHACHA20;
2250#endif
2251#ifdef WOLFSSL_SM4_ECB
2252 case WC_SM4_ECB_TYPE: return EVP_SM4_ECB;
2253#endif
2254#ifdef WOLFSSL_SM4_CBC
2255 case WC_SM4_CBC_TYPE: return EVP_SM4_CBC;
2256#endif
2257#ifdef WOLFSSL_SM4_CTR
2258 case WC_SM4_CTR_TYPE: return EVP_SM4_CTR;
2259#endif
2260#ifdef WOLFSSL_SM4_GCM
2261 case WC_SM4_GCM_TYPE: return EVP_SM4_GCM;
2262#endif
2263#ifdef WOLFSSL_SM4_CCM
2264 case WC_SM4_CCM_TYPE: return EVP_SM4_CCM;
2265#endif
2266 case WC_NULL_CIPHER_TYPE: return EVP_NULL;
2267 default:
2268 return NULL;
2269 }
2270}
2271
2272int wolfSSL_EVP_CIPHER_block_size(const WOLFSSL_EVP_CIPHER *cipher)
2273{
2274 if (cipher == NULL)
2275 return WOLFSSL_FAILURE;
2276
2277 switch (cipherType(cipher)) {
2278#if !defined(NO_AES)
2279 #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
2280 case WC_AES_128_CBC_TYPE:
2281 case WC_AES_192_CBC_TYPE:
2282 case WC_AES_256_CBC_TYPE:
2283 return WC_AES_BLOCK_SIZE;
2284 #endif
2285 #if defined(HAVE_AESGCM)
2286 case WC_AES_128_GCM_TYPE:
2287 case WC_AES_192_GCM_TYPE:
2288 case WC_AES_256_GCM_TYPE:
2289 return 1;
2290 #endif
2291 #if defined(HAVE_AESCCM)
2292 case WC_AES_128_CCM_TYPE:
2293 case WC_AES_192_CCM_TYPE:
2294 case WC_AES_256_CCM_TYPE:
2295 return 1;
2296 #endif
2297 #if defined(WOLFSSL_AES_COUNTER)
2298 case WC_AES_128_CTR_TYPE:
2299 case WC_AES_192_CTR_TYPE:
2300 case WC_AES_256_CTR_TYPE:
2301 return 1;
2302 #endif
2303 #if defined(HAVE_AES_ECB)
2304 case WC_AES_128_ECB_TYPE:
2305 case WC_AES_192_ECB_TYPE:
2306 case WC_AES_256_ECB_TYPE:
2307 return WC_AES_BLOCK_SIZE;
2308 #endif
2309 #if defined(WOLFSSL_AES_CFB)
2310 case WC_AES_128_CFB1_TYPE:
2311 case WC_AES_192_CFB1_TYPE:
2312 case WC_AES_256_CFB1_TYPE:
2313 case WC_AES_128_CFB8_TYPE:
2314 case WC_AES_192_CFB8_TYPE:
2315 case WC_AES_256_CFB8_TYPE:
2316 case WC_AES_128_CFB128_TYPE:
2317 case WC_AES_192_CFB128_TYPE:
2318 case WC_AES_256_CFB128_TYPE:
2319 return 1;
2320 #endif
2321 #if defined(WOLFSSL_AES_OFB)
2322 case WC_AES_128_OFB_TYPE:
2323 case WC_AES_192_OFB_TYPE:
2324 case WC_AES_256_OFB_TYPE:
2325 return 1;
2326 #endif
2327 #if defined(WOLFSSL_AES_XTS) && \
2328 (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3))
2329 case WC_AES_128_XTS_TYPE:
2330 case WC_AES_256_XTS_TYPE:
2331 return 1;
2332 #endif
2333 #endif /* NO_AES */
2334
2335 #ifndef NO_RC4
2336 case WC_ARC4_TYPE:
2337 return 1;
2338 #endif
2339#if defined(HAVE_ARIA)
2340 case WC_ARIA_128_GCM_TYPE:
2341 case WC_ARIA_192_GCM_TYPE:
2342 case WC_ARIA_256_GCM_TYPE:
2343 return 1;
2344#endif
2345
2346#ifndef NO_DES3
2347 case WC_DES_CBC_TYPE: return 8;
2348 case WC_DES_EDE3_CBC_TYPE: return 8;
2349 case WC_DES_ECB_TYPE: return 8;
2350 case WC_DES_EDE3_ECB_TYPE: return 8;
2351#endif
2352
2353#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
2354 case WC_CHACHA20_POLY1305_TYPE:
2355 return 1;
2356#endif
2357
2358#ifdef HAVE_CHACHA
2359 case WC_CHACHA20_TYPE:
2360 return 1;
2361#endif
2362
2363#ifdef WOLFSSL_SM4_ECB
2364 case WC_SM4_ECB_TYPE:
2365 return SM4_BLOCK_SIZE;
2366#endif
2367#ifdef WOLFSSL_SM4_CBC
2368 case WC_SM4_CBC_TYPE:
2369 return SM4_BLOCK_SIZE;
2370#endif
2371#ifdef WOLFSSL_SM4_CTR
2372 case WC_SM4_CTR_TYPE:
2373 return 1;
2374#endif
2375#ifdef WOLFSSL_SM4_GCM
2376 case WC_SM4_GCM_TYPE:
2377 return 1;
2378#endif
2379#ifdef WOLFSSL_SM4_CCM
2380 case WC_SM4_CCM_TYPE:
2381 return 1;
2382#endif
2383
2384 default:
2385 return 0;
2386 }
2387}
2388
2389unsigned long WOLFSSL_CIPHER_mode(const WOLFSSL_EVP_CIPHER *cipher)
2390{
2391 switch (cipherType(cipher)) {
2392#if !defined(NO_AES)
2393 #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
2394 case WC_AES_128_CBC_TYPE:
2395 case WC_AES_192_CBC_TYPE:
2396 case WC_AES_256_CBC_TYPE:
2397 return WOLFSSL_EVP_CIPH_CBC_MODE;
2398 #endif
2399 #if defined(HAVE_AESGCM)
2400 case WC_AES_128_GCM_TYPE:
2401 case WC_AES_192_GCM_TYPE:
2402 case WC_AES_256_GCM_TYPE:
2403 return WOLFSSL_EVP_CIPH_GCM_MODE |
2404 WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER;
2405 #endif
2406 #if defined(HAVE_AESCCM)
2407 case WC_AES_128_CCM_TYPE:
2408 case WC_AES_192_CCM_TYPE:
2409 case WC_AES_256_CCM_TYPE:
2410 return WOLFSSL_EVP_CIPH_CCM_MODE |
2411 WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER;
2412 #endif
2413 #if defined(WOLFSSL_AES_COUNTER)
2414 case WC_AES_128_CTR_TYPE:
2415 case WC_AES_192_CTR_TYPE:
2416 case WC_AES_256_CTR_TYPE:
2417 return WOLFSSL_EVP_CIPH_CTR_MODE;
2418 #endif
2419 #if defined(WOLFSSL_AES_CFB)
2420 case WC_AES_128_CFB1_TYPE:
2421 case WC_AES_192_CFB1_TYPE:
2422 case WC_AES_256_CFB1_TYPE:
2423 case WC_AES_128_CFB8_TYPE:
2424 case WC_AES_192_CFB8_TYPE:
2425 case WC_AES_256_CFB8_TYPE:
2426 case WC_AES_128_CFB128_TYPE:
2427 case WC_AES_192_CFB128_TYPE:
2428 case WC_AES_256_CFB128_TYPE:
2429 return WOLFSSL_EVP_CIPH_CFB_MODE;
2430 #endif
2431 #if defined(WOLFSSL_AES_OFB)
2432 case WC_AES_128_OFB_TYPE:
2433 case WC_AES_192_OFB_TYPE:
2434 case WC_AES_256_OFB_TYPE:
2435 return WOLFSSL_EVP_CIPH_OFB_MODE;
2436 #endif
2437 #if defined(WOLFSSL_AES_XTS) && \
2438 (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3))
2439 case WC_AES_128_XTS_TYPE:
2440 case WC_AES_256_XTS_TYPE:
2441 return WOLFSSL_EVP_CIPH_XTS_MODE;
2442 #endif
2443 case WC_AES_128_ECB_TYPE:
2444 case WC_AES_192_ECB_TYPE:
2445 case WC_AES_256_ECB_TYPE:
2446 return WOLFSSL_EVP_CIPH_ECB_MODE;
2447#endif /* !NO_AES */
2448 #if defined(HAVE_ARIA)
2449 case WC_ARIA_128_GCM_TYPE:
2450 case WC_ARIA_192_GCM_TYPE:
2451 case WC_ARIA_256_GCM_TYPE:
2452 return WOLFSSL_EVP_CIPH_GCM_MODE |
2453 WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER;
2454 #endif
2455 #ifndef NO_DES3
2456 case WC_DES_CBC_TYPE:
2457 case WC_DES_EDE3_CBC_TYPE:
2458 return WOLFSSL_EVP_CIPH_CBC_MODE;
2459 case WC_DES_ECB_TYPE:
2460 case WC_DES_EDE3_ECB_TYPE:
2461 return WOLFSSL_EVP_CIPH_ECB_MODE;
2462 #endif
2463 #ifndef NO_RC4
2464 case WC_ARC4_TYPE:
2465 return WOLFSSL_EVP_CIPH_STREAM_CIPHER;
2466 #endif
2467 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
2468 case WC_CHACHA20_POLY1305_TYPE:
2469 return WOLFSSL_EVP_CIPH_STREAM_CIPHER |
2470 WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER;
2471 #endif
2472 #ifdef HAVE_CHACHA
2473 case WC_CHACHA20_TYPE:
2474 return WOLFSSL_EVP_CIPH_STREAM_CIPHER;
2475 #endif
2476 #ifdef WOLFSSL_SM4_ECB
2477 case WC_SM4_ECB_TYPE:
2478 return WOLFSSL_EVP_CIPH_ECB_MODE;
2479 #endif
2480 #ifdef WOLFSSL_SM4_CBC
2481 case WC_SM4_CBC_TYPE:
2482 return WOLFSSL_EVP_CIPH_CBC_MODE;
2483 #endif
2484 #ifdef WOLFSSL_SM4_CTR
2485 case WC_SM4_CTR_TYPE:
2486 return WOLFSSL_EVP_CIPH_CTR_MODE;
2487 #endif
2488 #ifdef WOLFSSL_SM4_GCM
2489 case WC_SM4_GCM_TYPE:
2490 return WOLFSSL_EVP_CIPH_GCM_MODE |
2491 WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER;
2492 #endif
2493 #ifdef WOLFSSL_SM4_CCM
2494 case WC_SM4_CCM_TYPE:
2495 return WOLFSSL_EVP_CIPH_CCM_MODE |
2496 WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER;
2497 #endif
2498 default:
2499 return 0;
2500 }
2501}
2502
2503unsigned long WOLFSSL_EVP_CIPHER_mode(const WOLFSSL_EVP_CIPHER *cipher)
2504{
2505 if (cipher == NULL)
2506 return 0;
2507 return WOLFSSL_CIPHER_mode(cipher) & WOLFSSL_EVP_CIPH_MODE;
2508}
2509
2510void wolfSSL_EVP_CIPHER_CTX_set_flags(WOLFSSL_EVP_CIPHER_CTX *ctx, int flags)
2511{
2512 if (ctx != NULL) {
2513 ctx->flags |= (unsigned long)flags;
2514 }
2515}
2516
2517void wolfSSL_EVP_CIPHER_CTX_clear_flags(WOLFSSL_EVP_CIPHER_CTX *ctx, int flags)
2518{
2519 if (ctx != NULL) {
2520 ctx->flags &= (unsigned long)~flags;
2521 }
2522}
2523
2524unsigned long wolfSSL_EVP_CIPHER_flags(const WOLFSSL_EVP_CIPHER *cipher)
2525{
2526 if (cipher == NULL)
2527 return 0;
2528 return WOLFSSL_CIPHER_mode(cipher);
2529}
2530
2531int wolfSSL_EVP_CIPHER_CTX_set_padding(WOLFSSL_EVP_CIPHER_CTX *ctx,
2532 int padding)
2533{
2534 if (ctx == NULL)
2535 return WOLFSSL_FAILURE;
2536 if (padding) {
2537 ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_NO_PADDING;
2538 }
2539 else {
2540 ctx->flags |= WOLFSSL_EVP_CIPH_NO_PADDING;
2541 }
2542 return 1;
2543}
2544
2545int wolfSSL_EVP_add_digest(const WOLFSSL_EVP_MD *digest)
2546{
2547 /* nothing to do */
2548 if (digest == NULL)
2549 return WOLFSSL_FAILURE;
2550 return WOLFSSL_SUCCESS;
2551}
2552
2553
2554/* Frees the WOLFSSL_EVP_PKEY_CTX passed in.
2555 *
2556 * return WOLFSSL_SUCCESS on success
2557 */
2558#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
2559void wolfSSL_EVP_PKEY_CTX_free(WOLFSSL_EVP_PKEY_CTX *ctx)
2560#else
2561int wolfSSL_EVP_PKEY_CTX_free(WOLFSSL_EVP_PKEY_CTX *ctx)
2562#endif
2563{
2564 if (ctx == NULL)
2565#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
2566 return;
2567#else
2568 return 0;
2569#endif
2570 WOLFSSL_ENTER("wolfSSL_EVP_PKEY_CTX_free");
2571 if (ctx->pkey != NULL)
2572 wolfSSL_EVP_PKEY_free(ctx->pkey);
2573 if (ctx->peerKey != NULL)
2574 wolfSSL_EVP_PKEY_free(ctx->peerKey);
2575 XFREE(ctx, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
2576#if !defined(OPENSSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100000L
2577 return WOLFSSL_SUCCESS;
2578#endif
2579}
2580
2581
2582/* Creates a new WOLFSSL_EVP_PKEY_CTX structure.
2583 *
2584 * pkey key structure to use with new WOLFSSL_EVP_PKEY_CTX
2585 * e engine to use. It should be NULL at this time.
2586 *
2587 * return the new structure on success and NULL if failed.
2588 */
2589WOLFSSL_EVP_PKEY_CTX *wolfSSL_EVP_PKEY_CTX_new(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_ENGINE *e)
2590{
2591 WOLFSSL_EVP_PKEY_CTX* ctx;
2592
2593 if (pkey == NULL) return 0;
2594 if (e != NULL) return 0;
2595 WOLFSSL_ENTER("wolfSSL_EVP_PKEY_CTX_new");
2596
2597 ctx = (WOLFSSL_EVP_PKEY_CTX*)XMALLOC(sizeof(WOLFSSL_EVP_PKEY_CTX), NULL,
2598 DYNAMIC_TYPE_PUBLIC_KEY);
2599 if (ctx == NULL) return NULL;
2600 XMEMSET(ctx, 0, sizeof(WOLFSSL_EVP_PKEY_CTX));
2601 ctx->pkey = pkey;
2602#ifndef NO_RSA
2603 ctx->padding = WC_RSA_PKCS1_PADDING;
2604 ctx->md = NULL;
2605 ctx->mgf1_md = NULL;
2606 ctx->saltlen = 0;
2607#endif
2608#ifdef HAVE_ECC
2609 if (pkey->ecc && pkey->ecc->group) {
2610 /* set curve NID from pkey if available */
2611 ctx->curveNID = pkey->ecc->group->curve_nid;
2612 }
2613 else {
2614 ctx->curveNID = ECC_CURVE_DEF;
2615 }
2616#endif
2617 if (wolfSSL_EVP_PKEY_up_ref(pkey) != WOLFSSL_SUCCESS) {
2618 WOLFSSL_MSG("Couldn't increase key reference count");
2619 }
2620 return ctx;
2621}
2622
2623
2624/* Sets the type of RSA padding to use.
2625 *
2626 * ctx structure to set padding in.
2627 * padding RSA padding type
2628 *
2629 * returns WOLFSSL_SUCCESS on success.
2630 */
2631int wolfSSL_EVP_PKEY_CTX_set_rsa_padding(WOLFSSL_EVP_PKEY_CTX *ctx, int padding)
2632{
2633 if (ctx == NULL) return 0;
2634 WOLFSSL_ENTER("wolfSSL_EVP_PKEY_CTX_set_rsa_padding");
2635 ctx->padding = padding;
2636 return WOLFSSL_SUCCESS;
2637}
2638
2639/* Sets the message digest type for RSA padding to use.
2640 *
2641 * ctx structure to set padding in.
2642 * md Message digest
2643 *
2644 * returns WOLFSSL_SUCCESS on success.
2645 */
2646int wolfSSL_EVP_PKEY_CTX_set_signature_md(WOLFSSL_EVP_PKEY_CTX *ctx,
2647 const WOLFSSL_EVP_MD* md)
2648{
2649 if (ctx == NULL) return 0;
2650 WOLFSSL_ENTER("wolfSSL_EVP_PKEY_CTX_set_signature_md");
2651#ifndef NO_RSA
2652 ctx->md = md;
2653#else
2654 (void)md;
2655#endif
2656 return WOLFSSL_SUCCESS;
2657}
2658
2659int wolfSSL_EVP_PKEY_CTX_set_rsa_oaep_md(WOLFSSL_EVP_PKEY_CTX *ctx,
2660 const WOLFSSL_EVP_MD *md)
2661{
2662 wolfSSL_EVP_PKEY_CTX_set_rsa_padding(ctx, WC_RSA_PKCS1_OAEP_PADDING);
2663 return wolfSSL_EVP_PKEY_CTX_set_signature_md(ctx, md);
2664}
2665
2666int wolfSSL_EVP_PKEY_CTX_set_rsa_pss_saltlen(WOLFSSL_EVP_PKEY_CTX *ctx,
2667 int saltlen)
2668{
2669 if (ctx == NULL) return 0;
2670 WOLFSSL_ENTER("wolfSSL_EVP_PKEY_CTX_set_rsa_pss_saltlen");
2671 wolfSSL_EVP_PKEY_CTX_set_rsa_padding(ctx, WC_RSA_PKCS1_PSS_PADDING);
2672#ifndef NO_RSA
2673 ctx->saltlen = saltlen;
2674#else
2675 (void)saltlen;
2676#endif
2677 return WOLFSSL_SUCCESS;
2678}
2679
2680int wolfSSL_EVP_PKEY_CTX_set_rsa_mgf1_md(WOLFSSL_EVP_PKEY_CTX *ctx,
2681 const WOLFSSL_EVP_MD *md)
2682{
2683 if (ctx == NULL) return 0;
2684 WOLFSSL_ENTER("wolfSSL_EVP_PKEY_CTX_set_rsa_mgf1_md");
2685#ifndef NO_RSA
2686 /* Hash digest algorithm used with Mask Generation Function 1 (MGF1) for
2687 * RSA-PSS and RSA-OAEP. */
2688 ctx->mgf1_md = md;
2689#else
2690 (void)md;
2691#endif
2692 return WOLFSSL_SUCCESS;
2693}
2694
2695/* create a PKEY context and return it */
2696WOLFSSL_EVP_PKEY_CTX *wolfSSL_EVP_PKEY_CTX_new_id(int id, WOLFSSL_ENGINE *e)
2697{
2698 WOLFSSL_EVP_PKEY* pkey;
2699 WOLFSSL_EVP_PKEY_CTX* ctx = NULL;
2700
2701 WOLFSSL_ENTER("wolfSSL_EVP_PKEY_CTX_new_id");
2702
2703 pkey = wolfSSL_EVP_PKEY_new_ex(NULL);
2704 if (pkey) {
2705 pkey->type = id;
2706 ctx = wolfSSL_EVP_PKEY_CTX_new(pkey, e);
2707 /* wolfSSL_EVP_PKEY_CTX_new calls wolfSSL_EVP_PKEY_up_ref so we need
2708 * to always call wolfSSL_EVP_PKEY_free (either to free it if an
2709 * error occurred in the previous function or to decrease the reference
2710 * count so that pkey is actually free'd when wolfSSL_EVP_PKEY_CTX_free
2711 * is called) */
2712 wolfSSL_EVP_PKEY_free(pkey);
2713 }
2714 return ctx;
2715}
2716
2717/* Returns WOLFSSL_SUCCESS or error */
2718int wolfSSL_EVP_PKEY_CTX_set_rsa_keygen_bits(WOLFSSL_EVP_PKEY_CTX *ctx, int bits)
2719{
2720 if (ctx) {
2721 ctx->nbits = bits;
2722 }
2723 return WOLFSSL_SUCCESS;
2724}
2725
2726
2727int wolfSSL_EVP_PKEY_derive_init(WOLFSSL_EVP_PKEY_CTX *ctx)
2728{
2729 WOLFSSL_ENTER("wolfSSL_EVP_PKEY_derive_init");
2730
2731 if (!ctx) {
2732 return WOLFSSL_FAILURE;
2733 }
2734 wolfSSL_EVP_PKEY_free(ctx->peerKey);
2735 ctx->op = WC_EVP_PKEY_OP_DERIVE;
2736 ctx->padding = 0;
2737 ctx->nbits = 0;
2738 return WOLFSSL_SUCCESS;
2739}
2740
2741int wolfSSL_EVP_PKEY_derive_set_peer(WOLFSSL_EVP_PKEY_CTX *ctx, WOLFSSL_EVP_PKEY *peer)
2742{
2743 WOLFSSL_ENTER("wolfSSL_EVP_PKEY_derive_set_peer");
2744
2745 if (!ctx || ctx->op != WC_EVP_PKEY_OP_DERIVE) {
2746 return WOLFSSL_FAILURE;
2747 }
2748 wolfSSL_EVP_PKEY_free(ctx->peerKey);
2749 ctx->peerKey = peer;
2750 if (!wolfSSL_EVP_PKEY_up_ref(peer)) {
2751 ctx->peerKey = NULL;
2752 return WOLFSSL_FAILURE;
2753 }
2754 return WOLFSSL_SUCCESS;
2755}
2756
2757#ifndef NO_WOLFSSL_STUB
2758int wolfSSL_EVP_PKEY_CTX_ctrl_str(WOLFSSL_EVP_PKEY_CTX *ctx,
2759 const char *name, const char *value)
2760{
2761 WOLFSSL_STUB("wolfSSL_EVP_PKEY_CTX_ctrl_str");
2762 (void)ctx;
2763 (void)name;
2764 (void)value;
2765 return WOLFSSL_FAILURE;
2766}
2767#endif /* NO_WOLFSSL_STUB */
2768
2769#if (!defined(NO_DH) && defined(WOLFSSL_DH_EXTRA)) || defined(HAVE_ECC) || \
2770 defined(HAVE_HKDF)
2771int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
2772{
2773 int len;
2774#ifdef HAVE_HKDF
2775 enum wc_HashType hkdfHashType;
2776#endif
2777
2778 WOLFSSL_ENTER("wolfSSL_EVP_PKEY_derive");
2779
2780 if (!ctx || ctx->op != WC_EVP_PKEY_OP_DERIVE || !ctx->pkey || (!ctx->peerKey
2781 && ctx->pkey->type != WC_EVP_PKEY_HKDF) || !keylen || (ctx->pkey->type
2782 != WC_EVP_PKEY_HKDF && ctx->pkey->type != ctx->peerKey->type)) {
2783 return WOLFSSL_FAILURE;
2784 }
2785 switch (ctx->pkey->type) {
2786#ifndef NO_DH
2787 case WC_EVP_PKEY_DH:
2788 /* Use DH */
2789 if (!ctx->pkey->dh || !ctx->peerKey->dh) {
2790 return WOLFSSL_FAILURE;
2791 }
2792 /* set internal peer key if not done */
2793 if (!ctx->peerKey->dh->inSet) {
2794 if (SetDhInternal(ctx->peerKey->dh) != WOLFSSL_SUCCESS) {
2795 WOLFSSL_MSG("SetDhInternal failed");
2796 return WOLFSSL_FAILURE;
2797 }
2798 }
2799 if (!ctx->peerKey->dh->pub_key) {
2800 WOLFSSL_MSG("SetDhInternal failed, pub_key is NULL");
2801 return WOLFSSL_FAILURE;
2802 }
2803 if ((len = wolfSSL_DH_size(ctx->pkey->dh)) <= 0) {
2804 return WOLFSSL_FAILURE;
2805 }
2806 if (key) {
2807 if (*keylen < (size_t)len) {
2808 return WOLFSSL_FAILURE;
2809 }
2810 /* computed DH agreement can be less than DH size if leading zeros */
2811 if (wolfSSL_DH_compute_key(key, ctx->peerKey->dh->pub_key,
2812 ctx->pkey->dh) <= 0) {
2813 return WOLFSSL_FAILURE;
2814 }
2815 }
2816 *keylen = (size_t)len;
2817 break;
2818#endif
2819#if defined(HAVE_ECC) && !defined(WOLF_CRYPTO_CB_ONLY_ECC)
2820 case WC_EVP_PKEY_EC:
2821 /* Use ECDH */
2822 if (!ctx->pkey->ecc || !ctx->peerKey->ecc) {
2823 return WOLFSSL_FAILURE;
2824 }
2825 /* set internal key if not done */
2826 if (!ctx->pkey->ecc->inSet) {
2827 if (SetECKeyInternal(ctx->pkey->ecc) != WOLFSSL_SUCCESS) {
2828 WOLFSSL_MSG("SetECKeyInternal failed");
2829 return WOLFSSL_FAILURE;
2830 }
2831 }
2832 if (!ctx->peerKey->ecc->exSet || !ctx->peerKey->ecc->pub_key->internal) {
2833 if (SetECKeyExternal(ctx->peerKey->ecc) != WOLFSSL_SUCCESS) {
2834 WOLFSSL_MSG("SetECKeyExternal failed");
2835 return WOLFSSL_FAILURE;
2836 }
2837 }
2838 if (!(len = wc_ecc_size((ecc_key*)ctx->pkey->ecc->internal))) {
2839 return WOLFSSL_FAILURE;
2840 }
2841 if (key) {
2842 word32 len32 = (word32)len;
2843#if defined(ECC_TIMING_RESISTANT) && !defined(HAVE_SELFTEST) \
2844 && (!defined(HAVE_FIPS) || \
2845 (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2))
2846
2847 WC_RNG rng;
2848 if (wc_InitRng(&rng) != MP_OKAY) {
2849 WOLFSSL_MSG("Init RNG failed");
2850 return WOLFSSL_FAILURE;
2851 }
2852 ((ecc_key*)ctx->pkey->ecc->internal)->rng = &rng;
2853#endif
2854 if (*keylen < len32) {
2855 WOLFSSL_MSG("buffer too short");
2856#if defined(ECC_TIMING_RESISTANT) && !defined(HAVE_SELFTEST) \
2857 && (!defined(HAVE_FIPS) || \
2858 (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2))
2859 ((ecc_key*)ctx->pkey->ecc->internal)->rng = NULL;
2860 wc_FreeRng(&rng);
2861#endif
2862 return WOLFSSL_FAILURE;
2863 }
2864 if (wc_ecc_shared_secret((ecc_key*)ctx->pkey->ecc->internal,
2865 (ecc_key*)ctx->peerKey->ecc->internal, key, &len32)
2866 != MP_OKAY) {
2867 WOLFSSL_MSG("wc_ecc_shared_secret failed");
2868#if defined(ECC_TIMING_RESISTANT) && !defined(HAVE_SELFTEST) \
2869 && (!defined(HAVE_FIPS) || \
2870 (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2))
2871 ((ecc_key*)ctx->pkey->ecc->internal)->rng = NULL;
2872 wc_FreeRng(&rng);
2873#endif
2874 return WOLFSSL_FAILURE;
2875 }
2876#if defined(ECC_TIMING_RESISTANT) && !defined(HAVE_SELFTEST) \
2877 && (!defined(HAVE_FIPS) || \
2878 (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2))
2879 ((ecc_key*)ctx->pkey->ecc->internal)->rng = NULL;
2880 wc_FreeRng(&rng);
2881#endif
2882 len = (int)len32;
2883 }
2884 *keylen = (size_t)len;
2885 break;
2886#endif
2887#ifdef HAVE_HKDF
2888 case WC_EVP_PKEY_HKDF:
2889 (void)len;
2890
2891 hkdfHashType = EvpMd2MacType(ctx->pkey->hkdfMd);
2892 if (hkdfHashType == WC_HASH_TYPE_NONE) {
2893 WOLFSSL_MSG("Invalid hash type for HKDF.");
2894 return WOLFSSL_FAILURE;
2895 }
2896 if (ctx->pkey->hkdfMode == WOLFSSL_EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND) {
2897 if (wc_HKDF((int)hkdfHashType, ctx->pkey->hkdfKey, ctx->pkey->hkdfKeySz,
2898 ctx->pkey->hkdfSalt, ctx->pkey->hkdfSaltSz,
2899 ctx->pkey->hkdfInfo, ctx->pkey->hkdfInfoSz, key,
2900 (word32)*keylen) != 0) {
2901 WOLFSSL_MSG("wc_HKDF failed.");
2902 return WOLFSSL_FAILURE;
2903 }
2904 }
2905 else if (ctx->pkey->hkdfMode == WOLFSSL_EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY) {
2906 if (wc_HKDF_Extract((int)hkdfHashType, ctx->pkey->hkdfSalt,
2907 ctx->pkey->hkdfSaltSz, ctx->pkey->hkdfKey,
2908 ctx->pkey->hkdfKeySz, key) != 0) {
2909 WOLFSSL_MSG("wc_HKDF_Extract failed.");
2910 return WOLFSSL_FAILURE;
2911 }
2912 else {
2913 int hkdfHashSz = wolfSSL_EVP_MD_size(ctx->pkey->hkdfMd);
2914 if (hkdfHashSz <= 0) {
2915 WOLFSSL_MSG("Failed to get block size for HKDF hash.");
2916 return WOLFSSL_FAILURE;
2917 }
2918 /* Length of extract only is always the length of the hash. */
2919 *keylen = (size_t)hkdfHashSz;
2920 }
2921 }
2922 else if (ctx->pkey->hkdfMode == WOLFSSL_EVP_PKEY_HKDEF_MODE_EXPAND_ONLY) {
2923 if (wc_HKDF_Expand((int)hkdfHashType, ctx->pkey->hkdfKey,
2924 ctx->pkey->hkdfKeySz, ctx->pkey->hkdfInfo,
2925 ctx->pkey->hkdfInfoSz, key,
2926 (word32)*keylen) != 0) {
2927 WOLFSSL_MSG("wc_HKDF_Expand failed.");
2928 return WOLFSSL_FAILURE;
2929 }
2930 }
2931 else {
2932 WOLFSSL_MSG("Invalid HKDF mode.");
2933 return WOLFSSL_FAILURE;
2934 }
2935 break;
2936#endif /* HAVE_HKDF */
2937 default:
2938 WOLFSSL_MSG("Unknown key type");
2939 return WOLFSSL_FAILURE;
2940 }
2941 return WOLFSSL_SUCCESS;
2942}
2943#endif /* (!NO_DH && WOLFSSL_DH_EXTRA) || HAVE_ECC || HAVE_HKDF */
2944
2945#ifdef HAVE_HKDF
2946int wolfSSL_EVP_PKEY_CTX_set_hkdf_md(WOLFSSL_EVP_PKEY_CTX* ctx,
2947 const WOLFSSL_EVP_MD* md)
2948{
2949 int ret = WOLFSSL_SUCCESS;
2950
2951 WOLFSSL_ENTER("wolfSSL_EVP_PKEY_CTX_set_hkdf_md");
2952
2953 if (ctx == NULL || ctx->pkey == NULL || md == NULL) {
2954 WOLFSSL_MSG("Bad argument.");
2955 ret = WOLFSSL_FAILURE;
2956 }
2957
2958 if (ret == WOLFSSL_SUCCESS) {
2959 ctx->pkey->hkdfMd = md;
2960 }
2961
2962 WOLFSSL_LEAVE("wolfSSL_EVP_PKEY_CTX_set_hkdf_md", ret);
2963
2964 return ret;
2965}
2966
2967int wolfSSL_EVP_PKEY_CTX_set1_hkdf_salt(WOLFSSL_EVP_PKEY_CTX* ctx,
2968 const byte* salt, int saltSz)
2969{
2970 int ret = WOLFSSL_SUCCESS;
2971
2972 WOLFSSL_ENTER("wolfSSL_EVP_PKEY_CTX_set1_hkdf_salt");
2973
2974 if (ctx == NULL || ctx->pkey == NULL || saltSz < 0) {
2975 WOLFSSL_MSG("Bad argument.");
2976 ret = WOLFSSL_FAILURE;
2977 }
2978 if (ret == WOLFSSL_SUCCESS && ctx->pkey->type != WC_EVP_PKEY_HKDF) {
2979 WOLFSSL_MSG("WOLFSSL_EVP_PKEY type is not HKDF.");
2980 ret = WOLFSSL_FAILURE;
2981 }
2982
2983 if (ret == WOLFSSL_SUCCESS && salt != NULL && saltSz > 0) {
2984 XFREE(ctx->pkey->hkdfSalt, NULL, DYNAMIC_TYPE_SALT);
2985 ctx->pkey->hkdfSalt = (byte*)XMALLOC((size_t)saltSz, NULL,
2986 DYNAMIC_TYPE_SALT);
2987 if (ctx->pkey->hkdfSalt == NULL) {
2988 WOLFSSL_MSG("Failed to allocate HKDF salt buffer.");
2989 ret = WOLFSSL_FAILURE;
2990 }
2991 else {
2992 XMEMCPY(ctx->pkey->hkdfSalt, salt, (size_t)saltSz);
2993 ctx->pkey->hkdfSaltSz = (word32)saltSz;
2994 }
2995 }
2996
2997 WOLFSSL_LEAVE("wolfSSL_EVP_PKEY_CTX_set1_hkdf_salt", ret);
2998
2999 return ret;
3000}
3001
3002int wolfSSL_EVP_PKEY_CTX_set1_hkdf_key(WOLFSSL_EVP_PKEY_CTX* ctx,
3003 const byte* key, int keySz)
3004{
3005 int ret = WOLFSSL_SUCCESS;
3006
3007 WOLFSSL_ENTER("wolfSSL_EVP_PKEY_CTX_set1_hkdf_key");
3008
3009 if (ctx == NULL || ctx->pkey == NULL || key == NULL || keySz <= 0) {
3010 WOLFSSL_MSG("Bad argument.");
3011 ret = WOLFSSL_FAILURE;
3012 }
3013 if (ret == WOLFSSL_SUCCESS && ctx->pkey->type != WC_EVP_PKEY_HKDF) {
3014 WOLFSSL_MSG("WOLFSSL_EVP_PKEY type is not HKDF.");
3015 ret = WOLFSSL_FAILURE;
3016 }
3017
3018 if (ret == WOLFSSL_SUCCESS) {
3019 if (ctx->pkey->hkdfKey != NULL && ctx->pkey->hkdfKeySz > 0) {
3020 ForceZero(ctx->pkey->hkdfKey, ctx->pkey->hkdfKeySz);
3021 }
3022 XFREE(ctx->pkey->hkdfKey, NULL, DYNAMIC_TYPE_KEY);
3023 ctx->pkey->hkdfKey = (byte*)XMALLOC((size_t)keySz, NULL,
3024 DYNAMIC_TYPE_KEY);
3025 if (ctx->pkey->hkdfKey == NULL) {
3026 WOLFSSL_MSG("Failed to allocate HKDF key buffer.");
3027 ret = WOLFSSL_FAILURE;
3028 }
3029 else {
3030 XMEMCPY(ctx->pkey->hkdfKey, key, (size_t)keySz);
3031 ctx->pkey->hkdfKeySz = (word32)keySz;
3032 }
3033 }
3034
3035 WOLFSSL_LEAVE("wolfSSL_EVP_PKEY_CTX_set1_hkdf_key", ret);
3036
3037 return ret;
3038}
3039
3040int wolfSSL_EVP_PKEY_CTX_add1_hkdf_info(WOLFSSL_EVP_PKEY_CTX* ctx,
3041 const byte* info, int infoSz)
3042{
3043 int ret = WOLFSSL_SUCCESS;
3044
3045 WOLFSSL_ENTER("wolfSSL_EVP_PKEY_CTX_add1_hkdf_info");
3046
3047 if (ctx == NULL || ctx->pkey == NULL || infoSz < 0) {
3048 WOLFSSL_MSG("Bad argument.");
3049 ret = WOLFSSL_FAILURE;
3050 }
3051 if (ret == WOLFSSL_SUCCESS && ctx->pkey->type != WC_EVP_PKEY_HKDF) {
3052 WOLFSSL_MSG("WOLFSSL_EVP_PKEY type is not HKDF.");
3053 ret = WOLFSSL_FAILURE;
3054 }
3055
3056 if (ret == WOLFSSL_SUCCESS && info != NULL && infoSz > 0) {
3057 unsigned char* p;
3058 /* If there's already info in the buffer, append. */
3059 #ifdef WOLFSSL_NO_REALLOC
3060 p = (byte*)XMALLOC((size_t)(ctx->pkey->hkdfInfoSz + (word32)infoSz), NULL,
3061 DYNAMIC_TYPE_INFO);
3062 if (p != NULL) {
3063 XMEMCPY(p, ctx->pkey->hkdfInfo, (size_t)ctx->pkey->hkdfInfoSz);
3064 XFREE(ctx->pkey->hkdfInfo, NULL, DYNAMIC_TYPE_INFO);
3065 ctx->pkey->hkdfInfo = NULL;
3066 }
3067 #else
3068 p = (byte*)XREALLOC(ctx->pkey->hkdfInfo,
3069 (size_t)(ctx->pkey->hkdfInfoSz + (word32)infoSz), NULL,
3070 DYNAMIC_TYPE_INFO);
3071 #endif
3072 if (p == NULL) {
3073 WOLFSSL_MSG("Failed to reallocate larger HKDF info buffer.");
3074 ret = WOLFSSL_FAILURE;
3075 }
3076 else {
3077 ctx->pkey->hkdfInfo = p;
3078 XMEMCPY(ctx->pkey->hkdfInfo + ctx->pkey->hkdfInfoSz, info,
3079 (size_t)infoSz);
3080 ctx->pkey->hkdfInfoSz += (word32)infoSz;
3081 }
3082 }
3083
3084 WOLFSSL_LEAVE("wolfSSL_EVP_PKEY_CTX_add1_hkdf_info", ret);
3085
3086 return ret;
3087}
3088
3089int wolfSSL_EVP_PKEY_CTX_hkdf_mode(WOLFSSL_EVP_PKEY_CTX* ctx, int mode)
3090{
3091 int ret = WOLFSSL_SUCCESS;
3092
3093 WOLFSSL_ENTER("wolfSSL_EVP_PKEY_CTX_hkdf_mode");
3094
3095 if (ctx == NULL || ctx->pkey == NULL) {
3096 WOLFSSL_MSG("Bad argument.");
3097 ret = WOLFSSL_FAILURE;
3098 }
3099
3100 if (ret == WOLFSSL_SUCCESS &&
3101 mode != WOLFSSL_EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND &&
3102 mode != WOLFSSL_EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY &&
3103 mode != WOLFSSL_EVP_PKEY_HKDEF_MODE_EXPAND_ONLY)
3104 {
3105 WOLFSSL_MSG("Invalid HKDF mode.");
3106 ret = WOLFSSL_FAILURE;
3107 }
3108
3109 if (ret == WOLFSSL_SUCCESS) {
3110 ctx->pkey->hkdfMode = mode;
3111 }
3112
3113 WOLFSSL_LEAVE("wolfSSL_EVP_PKEY_CTX_hkdf_mode", ret);
3114
3115 return ret;
3116}
3117#endif /* HAVE_HKDF */
3118
3119/* Uses the WOLFSSL_EVP_PKEY_CTX to decrypt a buffer.
3120 *
3121 * ctx EVP_PKEY context of operation.
3122 * out Decrypted output buffer. If NULL, puts the maximum output buffer size
3123 in outLen and returns success.
3124 * outLen If out is NULL, see above. If out is non-NULL, on input outLen holds
3125 * the size of out. On output holds the length of actual decryption.
3126 * in Encrypted input buffer.
3127 * inLen Length of encrypted data.
3128 *
3129 * Returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure.
3130 */
3131int wolfSSL_EVP_PKEY_decrypt(WOLFSSL_EVP_PKEY_CTX *ctx,
3132 unsigned char *out, size_t *outLen,
3133 const unsigned char *in, size_t inLen)
3134{
3135 int len = 0;
3136
3137 WOLFSSL_ENTER("wolfSSL_EVP_PKEY_decrypt");
3138
3139 if (ctx == NULL || ctx->pkey == NULL) {
3140 WOLFSSL_MSG("Bad parameter.");
3141 return 0;
3142 }
3143
3144 if (ctx->op != WC_EVP_PKEY_OP_DECRYPT) {
3145 WOLFSSL_MSG("ctx->op must be set to WC_EVP_PKEY_OP_DECRYPT. Use "
3146 "wolfSSL_EVP_PKEY_decrypt_init.");
3147 return WOLFSSL_FAILURE;
3148 }
3149
3150 (void)out;
3151 (void)outLen;
3152 (void)in;
3153 (void)inLen;
3154 (void)len;
3155
3156 switch (ctx->pkey->type) {
3157#if !defined(NO_RSA)
3158 case WC_EVP_PKEY_RSA:
3159 if (out == NULL) {
3160 if (ctx->pkey->rsa == NULL) {
3161 WOLFSSL_MSG("Internal wolfCrypt RSA object is NULL.");
3162 return WOLFSSL_FAILURE;
3163 }
3164 len = wolfSSL_RSA_size(ctx->pkey->rsa);
3165 if (len <= 0) {
3166 WOLFSSL_MSG("Error getting RSA size.");
3167 return WOLFSSL_FAILURE;
3168 }
3169 if (outLen == NULL) {
3170 WOLFSSL_MSG("outLen is NULL.");
3171 return WOLFSSL_FAILURE;
3172 }
3173
3174 *outLen = (size_t)len;
3175 return WOLFSSL_SUCCESS;
3176 }
3177
3178 len = wolfSSL_RSA_private_decrypt((int)inLen, (unsigned char*)in, out,
3179 ctx->pkey->rsa, ctx->padding);
3180 if (len < 0) break;
3181 else {
3182 *outLen = (size_t)len;
3183 return WOLFSSL_SUCCESS;
3184 }
3185#endif /* NO_RSA */
3186
3187 case WC_EVP_PKEY_EC:
3188 WOLFSSL_MSG("WC_EVP_PKEY_EC not implemented.");
3189 FALL_THROUGH;
3190 default:
3191 break;
3192 }
3193
3194 return WOLFSSL_FAILURE;
3195}
3196
3197
3198/* Initialize a WOLFSSL_EVP_PKEY_CTX structure for decryption
3199 *
3200 * ctx WOLFSSL_EVP_PKEY_CTX structure to use with decryption
3201 *
3202 * Returns WOLFSSL_FAILURE on failure and WOLFSSL_SUCCESS on success
3203 */
3204int wolfSSL_EVP_PKEY_decrypt_init(WOLFSSL_EVP_PKEY_CTX *ctx)
3205{
3206 WOLFSSL_ENTER("wolfSSL_EVP_PKEY_decrypt_init");
3207 if (ctx == NULL || ctx->pkey == NULL) return WOLFSSL_FAILURE;
3208 switch (ctx->pkey->type) {
3209 case WC_EVP_PKEY_RSA:
3210 ctx->op = WC_EVP_PKEY_OP_DECRYPT;
3211 return WOLFSSL_SUCCESS;
3212 case WC_EVP_PKEY_EC:
3213 WOLFSSL_MSG("not implemented");
3214 FALL_THROUGH;
3215 default:
3216 break;
3217 }
3218 return WOLFSSL_FAILURE;
3219}
3220
3221
3222/* Uses the WOLFSSL_EVP_PKEY_CTX to encrypt a buffer.
3223 *
3224 * ctx EVP_PKEY context of operation.
3225 * out Encrypted output buffer. If NULL, puts the maximum output buffer size
3226 * in outlen and returns success.
3227 * outLen If out is NULL, see above. If out is non-NULL, on input outLen holds
3228 * the size of out. On output holds the length of actual encryption.
3229 * in Plaintext input buffer.
3230 * inLen Length of plaintext.
3231 *
3232 * Returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure.
3233 */
3234int wolfSSL_EVP_PKEY_encrypt(WOLFSSL_EVP_PKEY_CTX *ctx,
3235 unsigned char *out, size_t *outLen,
3236 const unsigned char *in, size_t inLen)
3237{
3238 int len = 0;
3239
3240 WOLFSSL_ENTER("wolfSSL_EVP_PKEY_encrypt");
3241
3242 if (ctx == NULL || ctx->pkey == NULL) {
3243 WOLFSSL_MSG("Bad parameter.");
3244 return 0;
3245 }
3246
3247 if (ctx->op != WC_EVP_PKEY_OP_ENCRYPT) {
3248 WOLFSSL_MSG("ctx->op must be set to WC_EVP_PKEY_OP_ENCRYPT. Use "
3249 "wolfSSL_EVP_PKEY_encrypt_init.");
3250 return WOLFSSL_FAILURE;
3251 }
3252
3253 (void)out;
3254 (void)outLen;
3255 (void)in;
3256 (void)inLen;
3257 (void)len;
3258
3259 switch (ctx->pkey->type) {
3260#if !defined(NO_RSA)
3261 case WC_EVP_PKEY_RSA:
3262 if (out == NULL) {
3263 if (ctx->pkey->rsa == NULL) {
3264 WOLFSSL_MSG("Internal wolfCrypt RSA object is NULL.");
3265 return WOLFSSL_FAILURE;
3266 }
3267 len = wolfSSL_RSA_size(ctx->pkey->rsa);
3268 if (len <= 0) {
3269 WOLFSSL_MSG("Error getting RSA size.");
3270 return WOLFSSL_FAILURE;
3271 }
3272 if (outLen == NULL) {
3273 WOLFSSL_MSG("outLen is NULL.");
3274 return WOLFSSL_FAILURE;
3275 }
3276
3277 *outLen = (size_t)len;
3278 return WOLFSSL_SUCCESS;
3279 }
3280
3281 len = wolfSSL_RSA_public_encrypt((int)inLen, (unsigned char *)in, out,
3282 ctx->pkey->rsa, ctx->padding);
3283 if (len < 0)
3284 break;
3285 else {
3286 *outLen = (size_t)len;
3287 return WOLFSSL_SUCCESS;
3288 }
3289#endif /* NO_RSA */
3290
3291 case WC_EVP_PKEY_EC:
3292 WOLFSSL_MSG("WC_EVP_PKEY_EC not implemented");
3293 FALL_THROUGH;
3294 default:
3295 break;
3296 }
3297
3298 return WOLFSSL_FAILURE;
3299}
3300
3301
3302/* Initialize a WOLFSSL_EVP_PKEY_CTX structure to encrypt data
3303 *
3304 * ctx WOLFSSL_EVP_PKEY_CTX structure to use with encryption
3305 *
3306 * Returns WOLFSSL_FAILURE on failure and WOLFSSL_SUCCESS on success
3307 */
3308int wolfSSL_EVP_PKEY_encrypt_init(WOLFSSL_EVP_PKEY_CTX *ctx)
3309{
3310 WOLFSSL_ENTER("wolfSSL_EVP_PKEY_encrypt_init");
3311 if (ctx == NULL || ctx->pkey == NULL) return WOLFSSL_FAILURE;
3312
3313 switch (ctx->pkey->type) {
3314 case WC_EVP_PKEY_RSA:
3315 ctx->op = WC_EVP_PKEY_OP_ENCRYPT;
3316 return WOLFSSL_SUCCESS;
3317 case WC_EVP_PKEY_EC:
3318 WOLFSSL_MSG("not implemented");
3319 FALL_THROUGH;
3320 default:
3321 break;
3322 }
3323 return WOLFSSL_FAILURE;
3324}
3325/******************************************************************************
3326* wolfSSL_EVP_PKEY_sign_init - initializes a public key algorithm context for
3327* a signing operation.
3328*
3329* RETURNS:
3330* returns WOLFSSL_SUCCESS on success, otherwise returns -2
3331*/
3332int wolfSSL_EVP_PKEY_sign_init(WOLFSSL_EVP_PKEY_CTX *ctx)
3333{
3334 int ret = -2;
3335
3336 WOLFSSL_MSG("wolfSSL_EVP_PKEY_sign_init");
3337 if (!ctx || !ctx->pkey)
3338 return ret;
3339
3340 switch (ctx->pkey->type) {
3341#if !defined(NO_RSA)
3342 case WC_EVP_PKEY_RSA:
3343 ctx->op = WC_EVP_PKEY_OP_SIGN;
3344 ret = WOLFSSL_SUCCESS;
3345 break;
3346#endif /* NO_RSA */
3347
3348#ifndef NO_DSA
3349 case WC_EVP_PKEY_DSA:
3350 ctx->op = WC_EVP_PKEY_OP_SIGN;
3351 ret = WOLFSSL_SUCCESS;
3352 break;
3353#endif /* NO_DSA */
3354
3355#ifdef HAVE_ECC
3356 case WC_EVP_PKEY_EC:
3357 ctx->op = WC_EVP_PKEY_OP_SIGN;
3358 ret = WOLFSSL_SUCCESS;
3359 break;
3360#endif /* HAVE_ECC */
3361
3362 default:
3363 ret = -2;
3364 }
3365 return ret;
3366}
3367/******************************************************************************
3368* wolfSSL_EVP_PKEY_sign - performs a public key signing operation using ctx
3369* The data to be signed should be hashed since the function does not hash the data.
3370*
3371* RETURNS:
3372* returns WOLFSSL_SUCCESS on success, otherwise returns WOLFSSL_FAILURE
3373*/
3374
3375int wolfSSL_EVP_PKEY_sign(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *sig,
3376 size_t *siglen, const unsigned char *tbs, size_t tbslen)
3377{
3378 WOLFSSL_MSG("wolfSSL_EVP_PKEY_sign");
3379
3380 if (!ctx || ctx->op != WC_EVP_PKEY_OP_SIGN || !ctx->pkey || !siglen)
3381 return WOLFSSL_FAILURE;
3382
3383 (void)sig;
3384 (void)siglen;
3385 (void)tbs;
3386 (void)tbslen;
3387
3388 switch (ctx->pkey->type) {
3389#ifndef NO_RSA
3390 case WC_EVP_PKEY_RSA: {
3391 unsigned int usiglen = (unsigned int)*siglen;
3392 if (!sig) {
3393 int len;
3394 if (!ctx->pkey->rsa)
3395 return WOLFSSL_FAILURE;
3396 len = wc_RsaEncryptSize((RsaKey*)ctx->pkey->rsa->internal);
3397 if (len < 0)
3398 return WOLFSSL_FAILURE;
3399 *siglen = (size_t)len;
3400 return WOLFSSL_SUCCESS;
3401 }
3402
3403 if (wolfSSL_RSA_sign_mgf(wolfSSL_EVP_MD_type(ctx->md), tbs,
3404 (unsigned int)tbslen, sig, &usiglen, ctx->pkey->rsa, 1,
3405 ctx->padding, wolfSSL_EVP_MD_type(ctx->mgf1_md), ctx->saltlen
3406 ) != WOLFSSL_SUCCESS) {
3407 return WOLFSSL_FAILURE;
3408 }
3409 *siglen = (size_t)usiglen;
3410 return WOLFSSL_SUCCESS;
3411 }
3412#endif /* !NO_RSA */
3413
3414#ifndef NO_DSA
3415 case WC_EVP_PKEY_DSA: {
3416 int bytes;
3417 int ret;
3418 if (!ctx->pkey->dsa)
3419 return WOLFSSL_FAILURE;
3420 bytes = wolfSSL_BN_num_bytes(ctx->pkey->dsa->q);
3421 if (bytes == WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
3422 return WOLFSSL_FAILURE;
3423 bytes *= 2;
3424 if (!sig) {
3425 *siglen = (size_t)bytes;
3426 return WOLFSSL_SUCCESS;
3427 }
3428 if ((int)*siglen < bytes)
3429 return WOLFSSL_FAILURE;
3430 ret = wolfSSL_DSA_do_sign(tbs, sig, ctx->pkey->dsa);
3431 /* wolfSSL_DSA_do_sign() can return WOLFSSL_FATAL_ERROR */
3432 if (ret != WOLFSSL_SUCCESS)
3433 return ret;
3434 if (bytes == WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
3435 return WOLFSSL_FAILURE;
3436 *siglen = (size_t)bytes;
3437 return WOLFSSL_SUCCESS;
3438 }
3439#endif /* NO_DSA */
3440
3441#ifdef HAVE_ECC
3442 case WC_EVP_PKEY_EC: {
3443 int ret;
3444 WOLFSSL_ECDSA_SIG *ecdsaSig;
3445 if (!sig) {
3446 WOLFSSL_EC_KEY *key = ctx->pkey->ecc;
3447 ecc_key* eckey;
3448 if (!key)
3449 return WOLFSSL_FAILURE;
3450 /* set internal key if not done */
3451 if (key->inSet == 0 && SetECKeyInternal(key) != WOLFSSL_SUCCESS)
3452 return WOLFSSL_FAILURE;
3453 eckey = (ecc_key*)ctx->pkey->ecc->internal;
3454 if (!eckey)
3455 return WOLFSSL_FAILURE;
3456 ret = wc_ecc_sig_size(eckey);
3457 if (ret == 0)
3458 return WOLFSSL_FAILURE;
3459 *siglen = (size_t)ret;
3460 return WOLFSSL_SUCCESS;
3461 }
3462 ecdsaSig = wolfSSL_ECDSA_do_sign(tbs, (int)tbslen, ctx->pkey->ecc);
3463 if (ecdsaSig == NULL)
3464 return WOLFSSL_FAILURE;
3465 ret = wolfSSL_i2d_ECDSA_SIG(ecdsaSig, NULL);
3466 if (ret == 0 || ret > (int)*siglen) {
3467 wolfSSL_ECDSA_SIG_free(ecdsaSig);
3468 return WOLFSSL_FAILURE;
3469 }
3470 ret = wolfSSL_i2d_ECDSA_SIG(ecdsaSig, &sig);
3471 wolfSSL_ECDSA_SIG_free(ecdsaSig);
3472 if (ret == 0)
3473 return WOLFSSL_FAILURE;
3474 *siglen = (size_t)ret;
3475 return WOLFSSL_SUCCESS;
3476 }
3477#endif /* HAVE_ECC */
3478
3479 default:
3480 break;
3481 }
3482 return WOLFSSL_FAILURE;
3483}
3484
3485/******************************************************************************
3486* wolfSSL_EVP_PKEY_verify_init - initializes a public key algorithm context for
3487* a verification operation.
3488*
3489* RETURNS:
3490* returns WOLFSSL_SUCCESS on success, WOLFSSL_FAILURE on failure. In particular
3491* a return value of -2 indicates the operation is not supported by the public
3492* key algorithm.
3493*/
3494
3495int wolfSSL_EVP_PKEY_verify_init(WOLFSSL_EVP_PKEY_CTX *ctx)
3496{
3497 WOLFSSL_MSG("wolfSSL_EVP_PKEY_verify_init");
3498
3499 if (!ctx || !ctx->pkey)
3500 return WOLFSSL_FAILURE;
3501
3502 switch (ctx->pkey->type) {
3503#if !defined(NO_RSA)
3504 case WC_EVP_PKEY_RSA:
3505 ctx->op = WC_EVP_PKEY_OP_VERIFY;
3506 return WOLFSSL_SUCCESS;
3507#endif /* NO_RSA */
3508
3509#ifndef NO_DSA
3510 case WC_EVP_PKEY_DSA:
3511 ctx->op = WC_EVP_PKEY_OP_VERIFY;
3512 return WOLFSSL_SUCCESS;
3513#endif /* NO_DSA */
3514
3515#ifdef HAVE_ECC
3516 case WC_EVP_PKEY_EC:
3517 ctx->op = WC_EVP_PKEY_OP_VERIFY;
3518 return WOLFSSL_SUCCESS;
3519#endif /* HAVE_ECC */
3520
3521 default:
3522 return -2;
3523 }
3524}
3525
3526/******************************************************************************
3527* wolfSSL_EVP_PKEY_verify - verifies a signature using ctx
3528*
3529* RETURNS:
3530* returns WOLFSSL_SUCCESS on success, WOLFSSL_FAILURE on failure. In particular
3531* a return value of -2 indicates the operation is not supported by the public
3532* key algorithm.
3533*/
3534
3535int wolfSSL_EVP_PKEY_verify(WOLFSSL_EVP_PKEY_CTX *ctx, const unsigned char *sig,
3536 size_t siglen, const unsigned char *tbs,
3537 size_t tbslen)
3538{
3539 WOLFSSL_MSG("wolfSSL_EVP_PKEY_verify");
3540
3541 if (!ctx || ctx->op != WC_EVP_PKEY_OP_VERIFY || !ctx->pkey)
3542 return WOLFSSL_FAILURE;
3543
3544 switch (ctx->pkey->type) {
3545#ifndef NO_RSA
3546 case WC_EVP_PKEY_RSA:
3547 return wolfSSL_RSA_verify_mgf(wolfSSL_EVP_MD_type(ctx->md), tbs,
3548 (unsigned int)tbslen, sig, (unsigned int)siglen, ctx->pkey->rsa,
3549 ctx->padding, wolfSSL_EVP_MD_type(ctx->mgf1_md), ctx->saltlen);
3550#endif /* !NO_RSA */
3551
3552#ifndef NO_DSA
3553 case WC_EVP_PKEY_DSA: {
3554 int dsacheck = 0;
3555 if (wolfSSL_DSA_do_verify(tbs, (unsigned char *)sig, ctx->pkey->dsa,
3556 &dsacheck) != WOLFSSL_SUCCESS || dsacheck != 1)
3557 return WOLFSSL_FAILURE;
3558 return WOLFSSL_SUCCESS;
3559 }
3560#endif /* NO_DSA */
3561
3562#ifdef HAVE_ECC
3563 case WC_EVP_PKEY_EC: {
3564 int ret;
3565 WOLFSSL_ECDSA_SIG *ecdsaSig = wolfSSL_d2i_ECDSA_SIG(
3566 NULL, (const unsigned char **)&sig, (long)siglen);
3567 if (ecdsaSig == NULL)
3568 return WOLFSSL_FAILURE;
3569 ret = wolfSSL_ECDSA_do_verify(tbs, (int)tbslen, ecdsaSig,
3570 ctx->pkey->ecc);
3571 wolfSSL_ECDSA_SIG_free(ecdsaSig);
3572 return ret;
3573 }
3574#endif /* HAVE_ECC */
3575
3576 default:
3577 return -2;
3578 }
3579}
3580
3581/* Get the size in bits for WOLFSSL_EVP_PKEY key
3582 *
3583 * pkey WOLFSSL_EVP_PKEY structure to get key size of
3584 *
3585 * returns the size in bits of key on success
3586 */
3587int wolfSSL_EVP_PKEY_bits(const WOLFSSL_EVP_PKEY *pkey)
3588{
3589 int ret = 0;
3590
3591 if (pkey == NULL)
3592 return 0;
3593
3594 WOLFSSL_ENTER("wolfSSL_EVP_PKEY_bits");
3595
3596 switch (pkey->type) {
3597#ifndef NO_RSA
3598 case WC_EVP_PKEY_RSA:
3599 ret = (int)wolfSSL_RSA_size((const WOLFSSL_RSA*)(pkey->rsa));
3600 break;
3601#endif /* !NO_RSA */
3602
3603#ifndef NO_DSA
3604 case WC_EVP_PKEY_DSA:
3605 if (pkey->dsa == NULL ||
3606 (!pkey->dsa->exSet &&
3607 SetDsaExternal(pkey->dsa) != WOLFSSL_SUCCESS))
3608 break;
3609 ret = wolfSSL_BN_num_bytes(pkey->dsa->p);
3610 break;
3611#endif
3612
3613#ifdef HAVE_ECC
3614 case WC_EVP_PKEY_EC:
3615 if (pkey->ecc == NULL || pkey->ecc->internal == NULL) {
3616 WOLFSSL_MSG("No ECC key has been set");
3617 break;
3618 }
3619 ret = wc_ecc_size((ecc_key*)(pkey->ecc->internal));
3620 break;
3621#endif /* HAVE_ECC */
3622
3623 default:
3624 break;
3625 }
3626 return ret > 0 ? ret * 8 : 0;
3627}
3628
3629
3630int wolfSSL_EVP_PKEY_paramgen_init(WOLFSSL_EVP_PKEY_CTX *ctx)
3631{
3632 (void)ctx;
3633 return WOLFSSL_SUCCESS;
3634}
3635
3636int wolfSSL_EVP_PKEY_CTX_set_ec_paramgen_curve_nid(WOLFSSL_EVP_PKEY_CTX *ctx,
3637 int nid)
3638{
3639 WOLFSSL_ENTER("wolfSSL_EVP_PKEY_CTX_set_ec_paramgen_curve_nid");
3640#ifdef HAVE_ECC
3641 if (ctx != NULL && ctx->pkey != NULL && ctx->pkey->type == WC_EVP_PKEY_EC) {
3642 ctx->curveNID = nid;
3643 return WOLFSSL_SUCCESS;
3644 }
3645 else
3646#endif
3647 {
3648#ifndef HAVE_ECC
3649 (void)ctx;
3650 (void)nid;
3651 WOLFSSL_MSG("Support not compiled in");
3652#else
3653 WOLFSSL_MSG("Bad parameter");
3654#endif
3655 return WOLFSSL_FAILURE;
3656 }
3657}
3658
3659int wolfSSL_EVP_PKEY_paramgen(WOLFSSL_EVP_PKEY_CTX* ctx,
3660 WOLFSSL_EVP_PKEY** pkey)
3661{
3662 int ret = WOLFSSL_SUCCESS;
3663 int ownPkey = 0;
3664
3665 WOLFSSL_ENTER("wolfSSL_EVP_PKEY_paramgen");
3666
3667 if (ctx == NULL || pkey == NULL) {
3668 WOLFSSL_MSG("Bad parameter");
3669 ret = WOLFSSL_FAILURE;
3670 }
3671
3672 if (ret == WOLFSSL_SUCCESS && *pkey == NULL) {
3673 /* Only ECC is supported currently. */
3674 if (ctx->pkey == NULL || ctx->pkey->type != WC_EVP_PKEY_EC) {
3675 WOLFSSL_MSG("Key not set or key type not supported.");
3676 ret = WOLFSSL_FAILURE;
3677 }
3678 else {
3679 *pkey = wolfSSL_EVP_PKEY_new();
3680 if (*pkey == NULL) {
3681 WOLFSSL_MSG("Failed to create WOLFSSL_EVP_PKEY.");
3682 ret = WOLFSSL_FAILURE;
3683 }
3684 else {
3685 (*pkey)->type = ctx->pkey->type;
3686 ownPkey = 1;
3687 }
3688 }
3689 }
3690 if (ret == WOLFSSL_SUCCESS) {
3691 switch ((*pkey)->type) {
3692 #ifdef HAVE_ECC
3693 /* For ECC parameter generation we just need to set the group, which
3694 * wolfSSL_EC_KEY_new_by_curve_name will do. */
3695 case WC_EVP_PKEY_EC:
3696 (*pkey)->ecc = wolfSSL_EC_KEY_new_by_curve_name(ctx->curveNID);
3697 if ((*pkey)->ecc == NULL) {
3698 WOLFSSL_MSG("Failed to create WOLFSSL_EC_KEY.");
3699 ret = WOLFSSL_FAILURE;
3700 }
3701 else {
3702 (*pkey)->ownEcc = 1;
3703 }
3704 break;
3705 #endif
3706 default:
3707 ret = WOLFSSL_FAILURE;
3708 break;
3709 }
3710 }
3711
3712 if (ret != WOLFSSL_SUCCESS && ownPkey) {
3713 wolfSSL_EVP_PKEY_free(*pkey);
3714 *pkey = NULL;
3715 }
3716
3717 WOLFSSL_LEAVE("wolfSSL_EVP_PKEY_paramgen", ret);
3718
3719 return ret;
3720}
3721
3722/* wolfSSL only supports writing out named curves so no need to store the flag.
3723 * In short, it is preferred to write out the name of the curve chosen instead
3724 * of the explicit parameters.
3725 * The difference is nicely explained and illustrated in section
3726 * "ECDH and Named Curves" of
3727 * https://wiki.openssl.org/index.php/Elliptic_Curve_Diffie_Hellman */
3728int wolfSSL_EVP_PKEY_CTX_set_ec_param_enc(WOLFSSL_EVP_PKEY_CTX *ctx,
3729 int flag)
3730{
3731 (void)ctx;
3732 (void)flag;
3733 return WOLFSSL_SUCCESS;
3734}
3735
3736int wolfSSL_EVP_PKEY_keygen_init(WOLFSSL_EVP_PKEY_CTX *ctx)
3737{
3738 (void)ctx;
3739 return WOLFSSL_SUCCESS;
3740}
3741
3742#ifdef HAVE_ECC
3743static int ECC_populate_EVP_PKEY(WOLFSSL_EVP_PKEY* pkey, WOLFSSL_EC_KEY *key);
3744#endif
3745
3746int wolfSSL_EVP_PKEY_keygen(WOLFSSL_EVP_PKEY_CTX *ctx,
3747 WOLFSSL_EVP_PKEY **ppkey)
3748{
3749 int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
3750 int ownPkey = 0;
3751 WOLFSSL_EVP_PKEY* pkey;
3752
3753 WOLFSSL_ENTER("wolfSSL_EVP_PKEY_keygen");
3754
3755 if (ctx == NULL || ppkey == NULL) {
3756 return WOLFSSL_FAILURE;
3757 }
3758
3759 pkey = *ppkey;
3760 if (pkey == NULL) {
3761 if (ctx->pkey == NULL ||
3762 (ctx->pkey->type != WC_EVP_PKEY_EC &&
3763 ctx->pkey->type != WC_EVP_PKEY_RSA &&
3764 ctx->pkey->type != WC_EVP_PKEY_DH)) {
3765 WOLFSSL_MSG("Key not set or key type not supported");
3766 return WOLFSSL_FAILURE;
3767 }
3768 pkey = wolfSSL_EVP_PKEY_new();
3769 if (pkey == NULL) {
3770 return MEMORY_E;
3771 }
3772 ownPkey = 1;
3773 pkey->type = ctx->pkey->type;
3774 }
3775
3776 switch (pkey->type) {
3777#if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)
3778 case WC_EVP_PKEY_RSA:
3779 pkey->rsa = wolfSSL_RSA_generate_key(ctx->nbits, WC_RSA_EXPONENT,
3780 NULL, NULL);
3781 if (pkey->rsa) {
3782 pkey->ownRsa = 1;
3783 pkey->pkey_sz = wolfSSL_i2d_RSAPrivateKey(pkey->rsa,
3784 (unsigned char**)&pkey->pkey.ptr);
3785 ret = WOLFSSL_SUCCESS;
3786 }
3787 break;
3788#endif
3789#ifdef HAVE_ECC
3790 case WC_EVP_PKEY_EC:
3791 /* pkey->ecc may not be NULL, if, for example, it was populated by a
3792 * prior call to wolfSSL_EVP_PKEY_paramgen. */
3793 if (pkey->ecc == NULL) {
3794 pkey->ecc = wolfSSL_EC_KEY_new_by_curve_name(ctx->curveNID);
3795 }
3796 if (pkey->ecc) {
3797 ret = wolfSSL_EC_KEY_generate_key(pkey->ecc);
3798 if (ret == WOLFSSL_SUCCESS) {
3799 pkey->ownEcc = 1;
3800 if (ECC_populate_EVP_PKEY(pkey, pkey->ecc) != WOLFSSL_SUCCESS)
3801 ret = WOLFSSL_FAILURE;
3802 }
3803 }
3804 break;
3805#endif
3806#if !defined(NO_DH) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0))
3807 case WC_EVP_PKEY_DH:
3808 pkey->dh = wolfSSL_DH_new();
3809 if (pkey->dh) {
3810 pkey->ownDh = 1;
3811 /* load DH params from CTX */
3812 ret = wolfSSL_DH_LoadDer(pkey->dh,
3813 (const unsigned char*)ctx->pkey->pkey.ptr,
3814 ctx->pkey->pkey_sz);
3815 if (ret == WOLFSSL_SUCCESS) {
3816 ret = wolfSSL_DH_generate_key(pkey->dh);
3817 }
3818 if (ret == WOLFSSL_SUCCESS) {
3819 /* copy private/public key from external to internal */
3820 ret = SetDhInternal(pkey->dh);
3821 }
3822 }
3823 break;
3824#endif
3825 default:
3826 break;
3827 }
3828
3829 if (ret != WOLFSSL_SUCCESS && ownPkey) {
3830 wolfSSL_EVP_PKEY_free(pkey);
3831 pkey = NULL;
3832 }
3833
3834 *ppkey = pkey;
3835
3836 return ret;
3837}
3838
3839/* Get the maximum suitable size for the operations that can be done with pkey
3840 *
3841 * pkey WOLFSSL_EVP_PKEY structure to get key size of
3842 *
3843 * returns the recommended size of buffers
3844 */
3845int wolfSSL_EVP_PKEY_size(WOLFSSL_EVP_PKEY *pkey)
3846{
3847 if (pkey == NULL) return 0;
3848 WOLFSSL_ENTER("wolfSSL_EVP_PKEY_size");
3849
3850 switch (pkey->type) {
3851#ifndef NO_RSA
3852 case WC_EVP_PKEY_RSA:
3853 return (int)wolfSSL_RSA_size((const WOLFSSL_RSA*)(pkey->rsa));
3854#endif /* !NO_RSA */
3855
3856#ifndef NO_DSA
3857 case WC_EVP_PKEY_DSA:
3858 if (pkey->dsa == NULL ||
3859 (!pkey->dsa->exSet &&
3860 SetDsaExternal(pkey->dsa) != WOLFSSL_SUCCESS))
3861 return WOLFSSL_FAILURE;
3862 return wolfSSL_BN_num_bytes(pkey->dsa->p);
3863#endif
3864
3865#ifdef HAVE_ECC
3866 case WC_EVP_PKEY_EC:
3867 if (pkey->ecc == NULL || pkey->ecc->internal == NULL) {
3868 WOLFSSL_MSG("No ECC key has been set");
3869 break;
3870 }
3871 return wc_ecc_sig_size((ecc_key*)(pkey->ecc->internal));
3872#endif /* HAVE_ECC */
3873
3874 default:
3875 break;
3876 }
3877 return 0;
3878}
3879
3880
3881int wolfSSL_EVP_PKEY_copy_parameters(WOLFSSL_EVP_PKEY *to,
3882 const WOLFSSL_EVP_PKEY *from)
3883{
3884 WOLFSSL_ENTER("wolfSSL_EVP_PKEY_copy_parameters");
3885
3886 if (!to || !from) {
3887 WOLFSSL_MSG("Bad parameter");
3888 return WOLFSSL_FAILURE;
3889 }
3890
3891 if (to->type == WC_EVP_PKEY_NONE) {
3892 to->type = from->type;
3893 }
3894 else if (to->type != from->type) {
3895 WOLFSSL_MSG("Different key types");
3896 return WOLFSSL_FAILURE;
3897 }
3898
3899 switch(from->type) {
3900#ifdef HAVE_ECC
3901 case WC_EVP_PKEY_EC:
3902 if (from->ecc) {
3903 if (!to->ecc) {
3904 if ((to->ecc = wolfSSL_EC_KEY_new()) == NULL) {
3905 WOLFSSL_MSG("wolfSSL_EC_KEY_new error");
3906 return WOLFSSL_FAILURE;
3907 }
3908 to->ownEcc = 1;
3909 }
3910 to->ecc->group->curve_idx = from->ecc->group->curve_idx;
3911 to->ecc->group->curve_nid = from->ecc->group->curve_nid;
3912 to->ecc->group->curve_oid = from->ecc->group->curve_oid;
3913 }
3914 else {
3915 WOLFSSL_MSG("Missing ECC struct");
3916 return WOLFSSL_FAILURE;
3917 }
3918 break;
3919#endif
3920#ifndef NO_DSA
3921 case WC_EVP_PKEY_DSA:
3922 if (from->dsa) {
3923 WOLFSSL_BIGNUM* cpy;
3924 if (!to->dsa) {
3925 if ((to->dsa = wolfSSL_DSA_new()) == NULL) {
3926 WOLFSSL_MSG("wolfSSL_DSA_new error");
3927 return WOLFSSL_FAILURE;
3928 }
3929 to->ownDsa = 1;
3930 }
3931
3932 /* free existing BIGNUMs if needed before copying over new */
3933 wolfSSL_BN_free(to->dsa->p);
3934 wolfSSL_BN_free(to->dsa->g);
3935 wolfSSL_BN_free(to->dsa->q);
3936 to->dsa->p = NULL;
3937 to->dsa->g = NULL;
3938 to->dsa->q = NULL;
3939
3940 if (!(cpy = wolfSSL_BN_dup(from->dsa->p))) {
3941 WOLFSSL_MSG("wolfSSL_BN_dup error");
3942 return WOLFSSL_FAILURE;
3943 }
3944 to->dsa->p = cpy;
3945 if (!(cpy = wolfSSL_BN_dup(from->dsa->q))) {
3946 WOLFSSL_MSG("wolfSSL_BN_dup error");
3947 return WOLFSSL_FAILURE;
3948 }
3949 to->dsa->q = cpy;
3950 if (!(cpy = wolfSSL_BN_dup(from->dsa->g))) {
3951 WOLFSSL_MSG("wolfSSL_BN_dup error");
3952 return WOLFSSL_FAILURE;
3953 }
3954 to->dsa->g = cpy;
3955 }
3956 else {
3957 WOLFSSL_MSG("Missing DSA struct");
3958 return WOLFSSL_FAILURE;
3959 }
3960 break;
3961#endif
3962#ifndef NO_DH
3963 case WC_EVP_PKEY_DH:
3964 if (from->dh) {
3965 WOLFSSL_BIGNUM* cpy;
3966 if (!to->dh) {
3967 if ((to->dh = wolfSSL_DH_new()) == NULL) {
3968 WOLFSSL_MSG("wolfSSL_DH_new error");
3969 return WOLFSSL_FAILURE;
3970 }
3971 to->ownDh = 1;
3972 }
3973
3974 /* free existing BIGNUMs if needed before copying over new */
3975 wolfSSL_BN_free(to->dh->p);
3976 wolfSSL_BN_free(to->dh->g);
3977 wolfSSL_BN_free(to->dh->q);
3978 to->dh->p = NULL;
3979 to->dh->g = NULL;
3980 to->dh->q = NULL;
3981
3982 if (!(cpy = wolfSSL_BN_dup(from->dh->p))) {
3983 WOLFSSL_MSG("wolfSSL_BN_dup error, DH p");
3984 return WOLFSSL_FAILURE;
3985 }
3986 to->dh->p = cpy;
3987 if (!(cpy = wolfSSL_BN_dup(from->dh->g))) {
3988 WOLFSSL_MSG("wolfSSL_BN_dup error, DH g");
3989 return WOLFSSL_FAILURE;
3990 }
3991 to->dh->g = cpy;
3992 if (!(cpy = wolfSSL_BN_dup(from->dh->q))) {
3993 WOLFSSL_MSG("wolfSSL_BN_dup error, DH q");
3994 return WOLFSSL_FAILURE;
3995 }
3996 to->dh->q = cpy;
3997 }
3998 else {
3999 WOLFSSL_MSG("Missing DH struct");
4000 return WOLFSSL_FAILURE;
4001 }
4002 break;
4003#endif
4004#ifndef NO_RSA
4005 case WC_EVP_PKEY_RSA:
4006#endif
4007 default:
4008 WOLFSSL_MSG("Copy parameters not available for this key type");
4009 return WOLFSSL_FAILURE;
4010 }
4011
4012 return WOLFSSL_SUCCESS;
4013}
4014
4015#ifndef NO_WOLFSSL_STUB
4016int wolfSSL_EVP_PKEY_missing_parameters(WOLFSSL_EVP_PKEY *pkey)
4017{
4018 (void)pkey;
4019 /* not using missing params callback and returning zero to indicate success */
4020 return 0;
4021}
4022#endif
4023
4024/* wolfSSL_EVP_PKEY_cmp
4025 * returns 0 on success, -1 on failure.
4026 *
4027 * This behavior is different from openssl.
4028 * EVP_PKEY_cmp returns:
4029 * 1 : two keys match
4030 * 0 : do not match
4031 * -1: key types are different
4032 * -2: the operation is not supported
4033 * If you want this function behave the same as openSSL,
4034 * define WOLFSSL_ERROR_CODE_OPENSSL so that WS_RETURN_CODE translates return
4035 * codes to match OpenSSL equivalent behavior.
4036 */
4037int wolfSSL_EVP_PKEY_cmp(const WOLFSSL_EVP_PKEY *a, const WOLFSSL_EVP_PKEY *b)
4038{
4039 int ret = -1; /* failure */
4040
4041 if (a == NULL || b == NULL)
4042 return WS_RETURN_CODE(ret, WOLFSSL_FAILURE);
4043
4044 /* check its the same type of key */
4045 if (a->type != b->type)
4046 return WS_RETURN_CODE(ret, -1);
4047
4048 /* get size based on key type */
4049 switch (a->type) {
4050#ifndef NO_RSA
4051 case WC_EVP_PKEY_RSA:
4052 if (wolfSSL_RSA_size((const WOLFSSL_RSA*)(a->rsa)) <= 0 ||
4053 wolfSSL_RSA_size((const WOLFSSL_RSA*)(b->rsa)) <= 0) {
4054 return WS_RETURN_CODE(ret, WOLFSSL_FAILURE);
4055 }
4056
4057 if (mp_cmp(&((RsaKey*)a->rsa->internal)->n,
4058 &((RsaKey*)b->rsa->internal)->n) != MP_EQ) {
4059 return WS_RETURN_CODE(ret, WOLFSSL_FAILURE);
4060 }
4061
4062 if (mp_cmp(&((RsaKey*)a->rsa->internal)->e,
4063 &((RsaKey*)b->rsa->internal)->e) != MP_EQ) {
4064 return WS_RETURN_CODE(ret, WOLFSSL_FAILURE);
4065 }
4066 break;
4067#endif /* !NO_RSA */
4068#ifdef HAVE_ECC
4069 case WC_EVP_PKEY_EC:
4070 if (a->ecc == NULL || a->ecc->internal == NULL ||
4071 b->ecc == NULL || b->ecc->internal == NULL ||
4072 wc_ecc_size((ecc_key*)a->ecc->internal) <= 0 ||
4073 wc_ecc_size((ecc_key*)b->ecc->internal) <= 0 ||
4074 a->ecc->group == NULL || b->ecc->group == NULL) {
4075 return ret;
4076 }
4077
4078 /* check curve */
4079 if (a->ecc->group->curve_idx != b->ecc->group->curve_idx) {
4080 return WS_RETURN_CODE(ret, WOLFSSL_FAILURE);
4081 }
4082
4083 if (wc_ecc_cmp_point(&((ecc_key*)a->ecc->internal)->pubkey,
4084 &((ecc_key*)b->ecc->internal)->pubkey) != 0) {
4085 return WS_RETURN_CODE(ret, WOLFSSL_FAILURE);
4086 }
4087 break;
4088#endif /* HAVE_ECC */
4089 default:
4090 return WS_RETURN_CODE(ret, -2);
4091 } /* switch (a->type) */
4092
4093#if defined(WOLFSSL_ERROR_CODE_OPENSSL)
4094 ret = 1; /* the keys match */
4095#else
4096 ret = 0; /* success */
4097#endif
4098 return ret;
4099}
4100
4101/**
4102 * validate DH algorithm parameters
4103 * @param dh_key a pointer to WOLFSSL_EVP_PKEY_CTX structure
4104 * @return WOLFSSL_SUCCESS on success, otherwise failure
4105 */
4106static int DH_param_check(WOLFSSL_DH* dh_key)
4107{
4108 int ret = WOLFSSL_SUCCESS;
4109 WOLFSSL_BIGNUM *num1 = NULL;
4110 WOLFSSL_BIGNUM *num2 = NULL;
4111
4112 WOLFSSL_ENTER("DH_param_check");
4113
4114 num1 = wolfSSL_BN_new();
4115 num2 = wolfSSL_BN_new();
4116 if (num1 == NULL || num2 == NULL) {
4117 WOLFSSL_MSG("failed to assign big number");
4118 ret = WOLFSSL_FAILURE;
4119 }
4120
4121 /* prime check */
4122 if (ret == WOLFSSL_SUCCESS &&
4123 wolfSSL_BN_is_odd(dh_key->p) == 0){
4124 WOLFSSL_MSG("dh_key->p is not prime");
4125 ret = WOLFSSL_FAILURE;
4126 } /* TODO safe prime check. need BN_rshift1 */
4127
4128 /* generator check */
4129 if (ret == WOLFSSL_SUCCESS &&
4130 (wolfSSL_BN_is_one(dh_key->g) ||
4131 wolfSSL_BN_is_negative(dh_key->g) ||
4132 wolfSSL_BN_is_zero(dh_key->g))) {
4133 WOLFSSL_MSG("dh_key->g is not suitable generator");
4134 ret = WOLFSSL_FAILURE;
4135 }
4136
4137 if (ret == WOLFSSL_SUCCESS &&
4138 wolfSSL_BN_cmp(dh_key->p, dh_key->g) <= 0) {
4139 WOLFSSL_MSG("dh_key->g is not suitable generator");
4140 ret = WOLFSSL_FAILURE;
4141 }
4142
4143 if (ret == WOLFSSL_SUCCESS &&
4144 dh_key->q != NULL)
4145 {
4146 if (ret == WOLFSSL_SUCCESS &&
4147 wolfSSL_BN_mod_exp(num1, dh_key->g, dh_key->q, dh_key->p, NULL)
4148 == WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
4149 {
4150 WOLFSSL_MSG("BN_mod_exp failed");
4151 ret = WOLFSSL_FAILURE;
4152 }
4153 else
4154 if (ret == WOLFSSL_SUCCESS &&
4155 wolfSSL_BN_is_one(num1) == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) {
4156 WOLFSSL_MSG("dh_key->g is not suitable generator");
4157 ret = WOLFSSL_FAILURE;
4158 }
4159#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
4160 /* test if the number q is prime. */
4161 if (ret == WOLFSSL_SUCCESS &&
4162 (wolfSSL_BN_is_prime_ex(dh_key->q, 64, NULL, NULL) <= 0)) {
4163 WOLFSSL_MSG("dh_key->q is not prime or error during check.");
4164 ret = WOLFSSL_FAILURE;
4165 } /* else TODO check q div q - 1. need BN_div */
4166#endif
4167 }
4168
4169 /* clean up */
4170 wolfSSL_BN_free(num1);
4171 wolfSSL_BN_free(num2);
4172
4173 WOLFSSL_LEAVE("DH_param_check", WOLFSSL_SUCCESS);
4174 return ret;
4175}
4176/**
4177 * validate the algorithm parameters
4178 * @param ctx a pointer to WOLFSSL_EVP_PKEY_CTX structure
4179 * @return WOLFSSL_SUCCESS on success, otherwise failure
4180 */
4181int wolfSSL_EVP_PKEY_param_check(WOLFSSL_EVP_PKEY_CTX* ctx)
4182{
4183 int type;
4184 int ret;
4185 WOLFSSL_DH* dh_key = NULL;
4186
4187 /* sanity check */
4188 if (ctx == NULL) {
4189 return WOLFSSL_FAILURE;
4190 }
4191
4192 type = wolfSSL_EVP_PKEY_type(wolfSSL_EVP_PKEY_base_id(ctx->pkey));
4193 switch (type) {
4194 #if !defined(NO_RSA)
4195 case WC_EVP_PKEY_RSA:
4196 WOLFSSL_MSG("WC_EVP_PKEY_RSA not yet implemented");
4197 return WOLFSSL_FAILURE;
4198 #endif
4199 #if defined(HAVE_ECC)
4200 case WC_EVP_PKEY_EC:
4201 WOLFSSL_MSG("WC_EVP_PKEY_EC not yet implemented");
4202 return WOLFSSL_FAILURE;
4203 #endif
4204 #if !defined(NO_DSA)
4205 case WC_EVP_PKEY_DSA:
4206 WOLFSSL_MSG("WC_EVP_PKEY_DSA not yet implemented");
4207 return WOLFSSL_FAILURE;
4208 #endif
4209 #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || defined(WOLFSSL_OPENSSH)
4210 #if !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA) && !defined(NO_FILESYSTEM)
4211 case WC_EVP_PKEY_DH:
4212 dh_key = wolfSSL_EVP_PKEY_get1_DH(ctx->pkey);
4213 if (dh_key != NULL) {
4214 ret = DH_param_check(dh_key);
4215 wolfSSL_DH_free(dh_key);
4216 }
4217 else
4218 ret = WOLFSSL_FAILURE;
4219 return ret;
4220 #endif
4221 #endif
4222 default:
4223 WOLFSSL_MSG("Unknown PKEY type");
4224 break;
4225 }
4226
4227 (void)ret;
4228 (void)DH_param_check;
4229 (void)dh_key;
4230 return WOLFSSL_FAILURE;
4231}
4232
4233/* Initialize structure for signing
4234 *
4235 * ctx WOLFSSL_EVP_MD_CTX structure to initialize
4236 * type is the type of message digest to use
4237 *
4238 * returns WOLFSSL_SUCCESS on success
4239 */
4240int wolfSSL_EVP_SignInit(WOLFSSL_EVP_MD_CTX *ctx, const WOLFSSL_EVP_MD *type)
4241{
4242 if (ctx == NULL) return WOLFSSL_FAILURE;
4243 WOLFSSL_ENTER("EVP_SignInit");
4244 return wolfSSL_EVP_DigestInit(ctx,type);
4245}
4246
4247int wolfSSL_EVP_SignInit_ex(WOLFSSL_EVP_MD_CTX* ctx,
4248 const WOLFSSL_EVP_MD* type,
4249 WOLFSSL_ENGINE *impl)
4250{
4251 if (ctx == NULL) return WOLFSSL_FAILURE;
4252 WOLFSSL_ENTER("EVP_SignInit");
4253 return wolfSSL_EVP_DigestInit_ex(ctx,type,impl);
4254}
4255
4256
4257/* Update structure with data for signing
4258 *
4259 * ctx WOLFSSL_EVP_MD_CTX structure to update
4260 * data buffer holding data to update with for sign
4261 * len length of data buffer
4262 *
4263 * returns WOLFSSL_SUCCESS on success
4264 */
4265int wolfSSL_EVP_SignUpdate(WOLFSSL_EVP_MD_CTX *ctx, const void *data, size_t len)
4266{
4267 if (ctx == NULL) return 0;
4268 WOLFSSL_ENTER("EVP_SignUpdate(");
4269 return wolfSSL_EVP_DigestUpdate(ctx, data, len);
4270}
4271static const WOLFSSL_EVP_MD* wolfSSL_macType2EVP_md(enum wc_HashType type)
4272{
4273 const struct s_ent *ent ;
4274
4275 for (ent = md_tbl; ent->name != NULL; ent++) {
4276 if (ent->macType == type) {
4277 return ent->name;
4278 }
4279 }
4280 return NULL;
4281}
4282
4283/* Finalize structure for signing
4284 *
4285 * ctx WOLFSSL_EVP_MD_CTX structure to finalize
4286 * sigret buffer to hold resulting signature
4287 * siglen length of sigret buffer
4288 * pkey key to sign with
4289 *
4290 * returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure
4291 */
4292int wolfSSL_EVP_SignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sigret,
4293 unsigned int *siglen, WOLFSSL_EVP_PKEY *pkey)
4294{
4295 unsigned int mdsize;
4296 unsigned char md[WC_MAX_DIGEST_SIZE];
4297 int ret;
4298 (void)sigret;
4299 (void)siglen;
4300
4301 WOLFSSL_ENTER("EVP_SignFinal");
4302 if (ctx == NULL || sigret == NULL || siglen == NULL || pkey == NULL)
4303 return WOLFSSL_FAILURE;
4304
4305 ret = wolfSSL_EVP_DigestFinal(ctx, md, &mdsize);
4306 if (ret <= 0)
4307 return ret;
4308
4309 switch (pkey->type) {
4310#if !defined(NO_RSA)
4311 case WC_EVP_PKEY_RSA: {
4312 int nid;
4313 const WOLFSSL_EVP_MD *ctxmd;
4314
4315 ctxmd = wolfSSL_EVP_MD_CTX_md(ctx);
4316 if (ctxmd == NULL)
4317 return WOLFSSL_FAILURE;
4318
4319 nid = wolfSSL_EVP_MD_type(ctxmd);
4320 if (nid < 0)
4321 return WOLFSSL_FAILURE;
4322 return wolfSSL_RSA_sign(nid, md, mdsize, sigret,
4323 siglen, pkey->rsa);
4324 }
4325#endif /* NO_RSA */
4326#ifndef NO_DSA
4327 case WC_EVP_PKEY_DSA: {
4328 int bytes;
4329 bytes = wolfSSL_BN_num_bytes(pkey->dsa->q);
4330 if (bytes == WC_NO_ERR_TRACE(WOLFSSL_FAILURE) ||
4331 bytes * 2 > (int)*siglen)
4332 {
4333 return WOLFSSL_FAILURE;
4334 }
4335 ret = wolfSSL_DSA_do_sign(md, sigret, pkey->dsa);
4336 /* wolfSSL_DSA_do_sign() can return WOLFSSL_FATAL_ERROR */
4337 if (ret != WOLFSSL_SUCCESS)
4338 return ret;
4339 *siglen = (unsigned int)(bytes * 2);
4340 return WOLFSSL_SUCCESS;
4341 }
4342#endif
4343#ifdef HAVE_ECC
4344 case WC_EVP_PKEY_EC: {
4345 WOLFSSL_ECDSA_SIG *ecdsaSig = wolfSSL_ECDSA_do_sign(md, (int)mdsize,
4346 pkey->ecc);
4347 if (ecdsaSig == NULL)
4348 return WOLFSSL_FAILURE;
4349 /* get signature length only */
4350 ret = wolfSSL_i2d_ECDSA_SIG(ecdsaSig, NULL);
4351 if (ret <= 0 || ret > (int)*siglen) {
4352 wolfSSL_ECDSA_SIG_free(ecdsaSig);
4353 return WOLFSSL_FAILURE;
4354 }
4355 /* perform validation of signature */
4356 ret = wolfSSL_i2d_ECDSA_SIG(ecdsaSig, &sigret);
4357 wolfSSL_ECDSA_SIG_free(ecdsaSig);
4358 if (ret <= 0 || ret > (int)*siglen)
4359 return WOLFSSL_FAILURE;
4360 *siglen = (unsigned int)ret;
4361 return WOLFSSL_SUCCESS;
4362 }
4363#endif
4364 default:
4365 break;
4366 }
4367 return WOLFSSL_FAILURE;
4368}
4369
4370
4371/* Initialize structure for verifying signature
4372 *
4373 * ctx WOLFSSL_EVP_MD_CTX structure to initialize
4374 * type is the type of message digest to use
4375 *
4376 * returns WOLFSSL_SUCCESS on success
4377 */
4378int wolfSSL_EVP_VerifyInit(WOLFSSL_EVP_MD_CTX *ctx, const WOLFSSL_EVP_MD *type)
4379{
4380 if (ctx == NULL) return WOLFSSL_FAILURE;
4381 WOLFSSL_ENTER("EVP_VerifyInit");
4382 return wolfSSL_EVP_DigestInit(ctx,type);
4383}
4384
4385
4386/* Update structure for verifying signature
4387 *
4388 * ctx WOLFSSL_EVP_MD_CTX structure to update
4389 * data buffer holding data to update with for verify
4390 * len length of data buffer
4391 *
4392 * returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure
4393 */
4394int wolfSSL_EVP_VerifyUpdate(WOLFSSL_EVP_MD_CTX *ctx, const void *data, size_t len)
4395{
4396 if (ctx == NULL) return WOLFSSL_FAILURE;
4397 WOLFSSL_ENTER("EVP_VerifyUpdate");
4398 return wolfSSL_EVP_DigestUpdate(ctx, data, len);
4399}
4400
4401
4402/* Finalize structure for verifying signature
4403 *
4404 * ctx WOLFSSL_EVP_MD_CTX structure to finalize
4405 * sig buffer holding signature
4406 * siglen length of sig buffer
4407 * pkey key to verify with
4408 *
4409 * returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure
4410 */
4411int wolfSSL_EVP_VerifyFinal(WOLFSSL_EVP_MD_CTX *ctx,
4412 const unsigned char*sig, unsigned int siglen, WOLFSSL_EVP_PKEY *pkey)
4413{
4414 int ret;
4415 unsigned char md[WC_MAX_DIGEST_SIZE];
4416 unsigned int mdsize;
4417
4418 if (ctx == NULL || pkey == NULL || sig == NULL)
4419 return WOLFSSL_FAILURE;
4420 WOLFSSL_ENTER("EVP_VerifyFinal");
4421 ret = wolfSSL_EVP_DigestFinal(ctx, md, &mdsize);
4422 if (ret <= 0)
4423 return ret;
4424
4425 (void)sig;
4426 (void)siglen;
4427
4428 switch (pkey->type) {
4429#if !defined(NO_RSA)
4430 case WC_EVP_PKEY_RSA: {
4431 int nid;
4432 const WOLFSSL_EVP_MD *ctxmd = wolfSSL_EVP_MD_CTX_md(ctx);
4433 if (ctxmd == NULL) break;
4434 nid = wolfSSL_EVP_MD_type(ctxmd);
4435 if (nid < 0) break;
4436 return wolfSSL_RSA_verify(nid, md, mdsize, sig,
4437 (unsigned int)siglen, pkey->rsa);
4438 }
4439#endif /* NO_RSA */
4440#ifdef HAVE_ECC
4441 case WC_EVP_PKEY_EC: {
4442 WOLFSSL_ECDSA_SIG *ecdsaSig = wolfSSL_d2i_ECDSA_SIG(
4443 NULL, (const unsigned char **)&sig, (long)siglen);
4444 if (ecdsaSig == NULL)
4445 return WOLFSSL_FAILURE;
4446 ret = wolfSSL_ECDSA_do_verify(md, (int)mdsize, ecdsaSig,
4447 pkey->ecc);
4448 wolfSSL_ECDSA_SIG_free(ecdsaSig);
4449 return ret;
4450 }
4451#endif
4452 case WC_EVP_PKEY_DSA:
4453 WOLFSSL_MSG("not implemented");
4454 FALL_THROUGH;
4455 default:
4456 break;
4457 }
4458 return WOLFSSL_FAILURE;
4459}
4460
4461int wolfSSL_EVP_add_cipher(const WOLFSSL_EVP_CIPHER *cipher)
4462{
4463 /* nothing to do */
4464 if (cipher == NULL)
4465 return WOLFSSL_FAILURE;
4466 return WOLFSSL_SUCCESS;
4467}
4468
4469
4470WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_mac_key(int type, WOLFSSL_ENGINE* e,
4471 const unsigned char* key, int keylen)
4472{
4473 WOLFSSL_EVP_PKEY* pkey;
4474
4475 (void)e;
4476
4477 if (type != WC_EVP_PKEY_HMAC || (key == NULL && keylen != 0))
4478 return NULL;
4479
4480 if (keylen < 0)
4481 return NULL;
4482
4483 pkey = wolfSSL_EVP_PKEY_new();
4484 if (pkey != NULL) {
4485 pkey->pkey.ptr = (char*)XMALLOC((size_t)keylen, NULL,
4486 DYNAMIC_TYPE_PUBLIC_KEY);
4487 if (pkey->pkey.ptr == NULL && keylen > 0) {
4488 wolfSSL_EVP_PKEY_free(pkey);
4489 pkey = NULL;
4490 }
4491 else {
4492 if (keylen) {
4493 XMEMCPY(pkey->pkey.ptr, key, (size_t)keylen);
4494 }
4495 pkey->pkey_sz = keylen;
4496 pkey->type = pkey->save_type = type;
4497 }
4498 }
4499
4500 return pkey;
4501}
4502
4503
4504#if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT)
4505WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_CMAC_key(WOLFSSL_ENGINE* e,
4506 const unsigned char* priv, size_t len, const WOLFSSL_EVP_CIPHER *cipher)
4507{
4508 WOLFSSL_EVP_PKEY* pkey;
4509 WOLFSSL_CMAC_CTX* ctx;
4510 int ret = 0;
4511
4512 WOLFSSL_ENTER("wolfSSL_EVP_PKEY_new_CMAC_key");
4513
4514 if (priv == NULL || len == 0 || cipher == NULL) {
4515 WOLFSSL_LEAVE("wolfSSL_EVP_PKEY_new_CMAC_key", BAD_FUNC_ARG);
4516 return NULL;
4517 }
4518
4519 ctx = wolfSSL_CMAC_CTX_new();
4520 if (ctx == NULL) {
4521 WOLFSSL_LEAVE("wolfSSL_EVP_PKEY_new_CMAC_key", 0);
4522 return NULL;
4523 }
4524
4525 ret = wolfSSL_CMAC_Init(ctx, priv, len, cipher, e);
4526 if (ret == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) {
4527 wolfSSL_CMAC_CTX_free(ctx);
4528 WOLFSSL_LEAVE("wolfSSL_EVP_PKEY_new_CMAC_key", 0);
4529 return NULL;
4530 }
4531
4532 pkey = wolfSSL_EVP_PKEY_new();
4533 if (pkey != NULL) {
4534 pkey->pkey.ptr = (char*)XMALLOC((size_t)len, NULL,
4535 DYNAMIC_TYPE_PUBLIC_KEY);
4536 if (pkey->pkey.ptr == NULL && len > 0) {
4537 wolfSSL_EVP_PKEY_free(pkey);
4538 pkey = NULL;
4539 wolfSSL_CMAC_CTX_free(ctx);
4540 }
4541 else {
4542 if (len) {
4543 XMEMCPY(pkey->pkey.ptr, priv, (size_t)len);
4544 }
4545 pkey->pkey_sz = (int)len;
4546 pkey->type = pkey->save_type = WC_EVP_PKEY_CMAC;
4547 pkey->cmacCtx = ctx;
4548 }
4549 }
4550 else {
4551 wolfSSL_CMAC_CTX_free(ctx);
4552 }
4553
4554 WOLFSSL_LEAVE("wolfSSL_EVP_PKEY_new_CMAC_key", 0);
4555 return pkey;
4556}
4557#endif /* defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT) */
4558
4559const unsigned char* wolfSSL_EVP_PKEY_get0_hmac(const WOLFSSL_EVP_PKEY* pkey,
4560 size_t* len)
4561{
4562 if (pkey == NULL || len == NULL)
4563 return NULL;
4564
4565 *len = (size_t)pkey->pkey_sz;
4566
4567 return (const unsigned char*)pkey->pkey.ptr;
4568}
4569
4570static int wolfssl_evp_md_to_hash_type(const WOLFSSL_EVP_MD *type,
4571 int* hashType)
4572{
4573 int ret = 0;
4574
4575#ifndef NO_SHA256
4576 if (XSTRCMP(type, WC_SN_sha256) == 0) {
4577 *hashType = WC_SHA256;
4578 }
4579 else
4580#endif
4581#ifndef NO_SHA
4582 if ((XSTRCMP(type, "SHA") == 0) || (XSTRCMP(type, WC_SN_sha1) == 0)) {
4583 *hashType = WC_SHA;
4584 }
4585 else
4586#endif /* NO_SHA */
4587#ifdef WOLFSSL_SHA224
4588 if (XSTRCMP(type, WC_SN_sha224) == 0) {
4589 *hashType = WC_SHA224;
4590 }
4591 else
4592#endif
4593#ifdef WOLFSSL_SHA384
4594 if (XSTRCMP(type, WC_SN_sha384) == 0) {
4595 *hashType = WC_SHA384;
4596 }
4597 else
4598#endif
4599#ifdef WOLFSSL_SHA512
4600 if (XSTRCMP(type, WC_SN_sha512) == 0) {
4601 *hashType = WC_SHA512;
4602 }
4603 else
4604#endif
4605#ifdef WOLFSSL_SHA3
4606 #ifndef WOLFSSL_NOSHA3_224
4607 if (XSTRCMP(type, WC_SN_sha3_224) == 0) {
4608 *hashType = WC_SHA3_224;
4609 }
4610 else
4611 #endif
4612 #ifndef WOLFSSL_NOSHA3_256
4613 if (XSTRCMP(type, WC_SN_sha3_256) == 0) {
4614 *hashType = WC_SHA3_256;
4615 }
4616 else
4617 #endif
4618 #ifndef WOLFSSL_NOSHA3_384
4619 if (XSTRCMP(type, WC_SN_sha3_384) == 0) {
4620 *hashType = WC_SHA3_384;
4621 }
4622 else
4623 #endif
4624 #ifndef WOLFSSL_NOSHA3_512
4625 if (XSTRCMP(type, WC_SN_sha3_512) == 0) {
4626 *hashType = WC_SHA3_512;
4627 }
4628 else
4629 #endif
4630#endif
4631#ifdef WOLFSSL_SM3
4632 if (XSTRCMP(type, WC_SN_sm3) == 0) {
4633 *hashType = WC_SM3;
4634 }
4635 else
4636#endif
4637#ifndef NO_MD5
4638 if (XSTRCMP(type, WC_SN_md5) == 0) {
4639 *hashType = WC_MD5;
4640 }
4641 else
4642#endif
4643 {
4644 ret = BAD_FUNC_ARG;
4645 }
4646
4647 return ret;
4648}
4649
4650/* Initialize an EVP_DigestSign/Verify operation.
4651 * Initialize a digest for RSA and ECC keys, or HMAC for HMAC key.
4652 */
4653static int wolfSSL_evp_digest_pk_init(WOLFSSL_EVP_MD_CTX *ctx,
4654 WOLFSSL_EVP_PKEY_CTX **pctx,
4655 const WOLFSSL_EVP_MD *type,
4656 WOLFSSL_ENGINE *e,
4657 WOLFSSL_EVP_PKEY *pkey)
4658{
4659 if (!type) {
4660 int default_digest;
4661 if (wolfSSL_EVP_PKEY_get_default_digest_nid(pkey, &default_digest)
4662 != WOLFSSL_SUCCESS) {
4663 WOLFSSL_MSG("Could not get default digest");
4664 return WOLFSSL_FAILURE;
4665 }
4666 type = wolfSSL_EVP_get_digestbynid(default_digest);
4667 if (type == NULL) {
4668 return WOLFSSL_FAILURE;
4669 }
4670 }
4671
4672 if (pkey->type == WC_EVP_PKEY_HMAC) {
4673 int hashType;
4674 int ret;
4675 size_t keySz = 0;
4676 const unsigned char* key;
4677
4678 ret = wolfssl_evp_md_to_hash_type(type, &hashType);
4679 if (ret != 0) {
4680 return ret;
4681 }
4682
4683 key = wolfSSL_EVP_PKEY_get0_hmac(pkey, &keySz);
4684 if (wc_HmacInit(&ctx->hash.hmac, NULL, INVALID_DEVID) != 0)
4685 return WOLFSSL_FAILURE;
4686
4687 if (wc_HmacSetKey(&ctx->hash.hmac, hashType, key, (word32)keySz) != 0)
4688 return WOLFSSL_FAILURE;
4689
4690 ctx->isHMAC = 1;
4691 }
4692 else if (wolfSSL_EVP_DigestInit(ctx, type) != 1)
4693 return WOLFSSL_FAILURE;
4694
4695 if (ctx->pctx == NULL) {
4696 ctx->pctx = wolfSSL_EVP_PKEY_CTX_new(pkey, e);
4697 if (ctx->pctx == NULL)
4698 return WOLFSSL_FAILURE;
4699 }
4700 if (pctx != NULL)
4701 *pctx = ctx->pctx;
4702 return WOLFSSL_SUCCESS;
4703}
4704
4705/* Update an EVP_DigestSign/Verify operation.
4706 * Update a digest for RSA and ECC keys, or HMAC for HMAC key.
4707 */
4708static int wolfssl_evp_digest_pk_update(WOLFSSL_EVP_MD_CTX *ctx,
4709 const void *d, unsigned int cnt)
4710{
4711 if (ctx->isHMAC) {
4712 if (wc_HmacUpdate(&ctx->hash.hmac, (const byte *)d, cnt) != 0)
4713 return WOLFSSL_FAILURE;
4714
4715 return WOLFSSL_SUCCESS;
4716 }
4717 else
4718 return wolfSSL_EVP_DigestUpdate(ctx, d, cnt);
4719}
4720
4721/* Finalize an EVP_DigestSign/Verify operation - common part only.
4722 * Finalize a digest for RSA and ECC keys, or HMAC for HMAC key.
4723 * Copies the digest so that you can keep updating.
4724 */
4725static int wolfssl_evp_digest_pk_final(WOLFSSL_EVP_MD_CTX *ctx,
4726 unsigned char *md, unsigned int* mdlen)
4727{
4728 int ret;
4729
4730 if (ctx->isHMAC) {
4731#ifdef WOLFSSL_SMALL_STACK
4732 Hmac *hmacCopy = (Hmac *)XMALLOC(sizeof(Hmac), NULL, DYNAMIC_TYPE_OPENSSL);
4733 if (hmacCopy == NULL)
4734 return WOLFSSL_FAILURE;
4735#else
4736 Hmac hmacCopy[1];
4737#endif
4738 ret = wolfSSL_HmacCopy(hmacCopy, &ctx->hash.hmac);
4739 if (ret == WOLFSSL_SUCCESS)
4740 ret = wc_HmacFinal(hmacCopy, md) == 0;
4741 wc_HmacFree(hmacCopy);
4742 WC_FREE_VAR_EX(hmacCopy, NULL, DYNAMIC_TYPE_OPENSSL);
4743 return ret;
4744 }
4745 else {
4746#ifdef WOLFSSL_SMALL_STACK
4747 WOLFSSL_EVP_MD_CTX *ctxCopy = (WOLFSSL_EVP_MD_CTX *)XMALLOC(sizeof(WOLFSSL_EVP_MD_CTX), NULL, DYNAMIC_TYPE_OPENSSL);
4748 if (ctxCopy == NULL)
4749 return WOLFSSL_FAILURE;
4750#else
4751 WOLFSSL_EVP_MD_CTX ctxCopy[1];
4752#endif
4753 wolfSSL_EVP_MD_CTX_init(ctxCopy);
4754
4755 ret = wolfSSL_EVP_MD_CTX_copy_ex(ctxCopy, ctx);
4756 if (ret == WOLFSSL_SUCCESS)
4757 ret = wolfSSL_EVP_DigestFinal(ctxCopy, md, mdlen);
4758 wolfSSL_EVP_MD_CTX_cleanup(ctxCopy);
4759 WC_FREE_VAR_EX(ctxCopy, NULL, DYNAMIC_TYPE_OPENSSL);
4760 return ret;
4761 }
4762}
4763
4764/* Get the length of the mac based on the digest algorithm. */
4765static unsigned int wolfssl_mac_len(unsigned char macType)
4766{
4767 unsigned int hashLen;
4768
4769 switch (macType) {
4770 #ifndef NO_MD5
4771 case WC_MD5:
4772 hashLen = WC_MD5_DIGEST_SIZE;
4773 break;
4774 #endif /* !NO_MD5 */
4775
4776 #ifndef NO_SHA
4777 case WC_SHA:
4778 hashLen = WC_SHA_DIGEST_SIZE;
4779 break;
4780 #endif /* !NO_SHA */
4781
4782 #ifdef WOLFSSL_SHA224
4783 case WC_SHA224:
4784 hashLen = WC_SHA224_DIGEST_SIZE;
4785 break;
4786 #endif /* WOLFSSL_SHA224 */
4787
4788 #ifndef NO_SHA256
4789 case WC_SHA256:
4790 hashLen = WC_SHA256_DIGEST_SIZE;
4791 break;
4792 #endif /* !NO_SHA256 */
4793
4794 #ifdef WOLFSSL_SHA384
4795 case WC_SHA384:
4796 hashLen = WC_SHA384_DIGEST_SIZE;
4797 break;
4798 #endif /* WOLFSSL_SHA384 */
4799 #ifdef WOLFSSL_SHA512
4800 case WC_SHA512:
4801 hashLen = WC_SHA512_DIGEST_SIZE;
4802 break;
4803 #endif /* WOLFSSL_SHA512 */
4804
4805 #ifdef HAVE_BLAKE2B
4806 case BLAKE2B_ID:
4807 hashLen = BLAKE2B_OUTBYTES;
4808 break;
4809 #endif /* HAVE_BLAKE2B */
4810
4811 #ifdef WOLFSSL_SHA3
4812 #ifndef WOLFSSL_NOSHA3_224
4813 case WC_SHA3_224:
4814 hashLen = WC_SHA3_224_DIGEST_SIZE;
4815 break;
4816 #endif
4817 #ifndef WOLFSSL_NOSHA3_256
4818 case WC_SHA3_256:
4819 hashLen = WC_SHA3_256_DIGEST_SIZE;
4820 break;
4821 #endif
4822 #ifndef WOLFSSL_NOSHA3_384
4823 case WC_SHA3_384:
4824 hashLen = WC_SHA3_384_DIGEST_SIZE;
4825 break;
4826 #endif
4827 #ifndef WOLFSSL_NOSHA3_512
4828 case WC_SHA3_512:
4829 hashLen = WC_SHA3_512_DIGEST_SIZE;
4830 break;
4831 #endif
4832 #endif
4833
4834 #ifdef WOLFSSL_SM3
4835 case WC_SM3:
4836 hashLen = WC_SM3_DIGEST_SIZE;
4837 break;
4838 #endif /* WOLFSSL_SM3 */
4839
4840 default:
4841 hashLen = 0;
4842 }
4843
4844 return hashLen;
4845}
4846
4847int wolfSSL_EVP_DigestSignInit(WOLFSSL_EVP_MD_CTX *ctx,
4848 WOLFSSL_EVP_PKEY_CTX **pctx,
4849 const WOLFSSL_EVP_MD *type,
4850 WOLFSSL_ENGINE *e,
4851 WOLFSSL_EVP_PKEY *pkey)
4852{
4853 WOLFSSL_ENTER("EVP_DigestSignInit");
4854
4855 if (ctx == NULL || pkey == NULL)
4856 return WOLFSSL_FAILURE;
4857
4858 return wolfSSL_evp_digest_pk_init(ctx, pctx, type, e, pkey);
4859}
4860
4861
4862int wolfSSL_EVP_DigestSignUpdate(WOLFSSL_EVP_MD_CTX *ctx, const void *d,
4863 unsigned int cnt)
4864{
4865 WOLFSSL_ENTER("EVP_DigestSignUpdate");
4866
4867 if (ctx == NULL || d == NULL)
4868 return WOLFSSL_FAILURE;
4869
4870 return wolfssl_evp_digest_pk_update(ctx, d, cnt);
4871}
4872
4873int wolfSSL_EVP_DigestSignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sig,
4874 size_t *siglen)
4875{
4876 unsigned char digest[WC_MAX_DIGEST_SIZE];
4877 unsigned int hashLen;
4878 int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
4879
4880 WOLFSSL_ENTER("EVP_DigestSignFinal");
4881
4882 if (ctx == NULL || siglen == NULL)
4883 return WOLFSSL_FAILURE;
4884
4885 /* Return the maximum size of the signature when sig is NULL. */
4886 if (ctx->isHMAC) {
4887 hashLen = wolfssl_mac_len(ctx->hash.hmac.macType);
4888
4889 if (sig == NULL) {
4890 *siglen = hashLen;
4891 return WOLFSSL_SUCCESS;
4892 }
4893 }
4894 else if (ctx->pctx == NULL || ctx->pctx->pkey == NULL) {
4895 return WOLFSSL_FAILURE;
4896 }
4897#ifndef NO_RSA
4898 else if (ctx->pctx->pkey->type == WC_EVP_PKEY_RSA) {
4899 if (sig == NULL) {
4900 *siglen = (size_t)wolfSSL_RSA_size(ctx->pctx->pkey->rsa);
4901 return WOLFSSL_SUCCESS;
4902 }
4903 }
4904#endif /* !NO_RSA */
4905#ifdef HAVE_ECC
4906 else if (ctx->pctx->pkey->type == WC_EVP_PKEY_EC) {
4907 if (sig == NULL) {
4908 /* SEQ + INT + INT */
4909 *siglen = (size_t)ecc_sets[ctx->pctx->pkey->ecc->group->curve_idx].
4910 size * 2 + 8;
4911 return WOLFSSL_SUCCESS;
4912 }
4913 }
4914#endif
4915
4916 if (wolfssl_evp_digest_pk_final(ctx, digest, &hashLen) <= 0)
4917 return WOLFSSL_FAILURE;
4918
4919 if (ctx->isHMAC) {
4920 /* Copy the HMAC result as signature. */
4921 if ((unsigned int)(*siglen) > hashLen)
4922 *siglen = hashLen;
4923 /* May be a truncated signature. */
4924
4925 XMEMCPY(sig, digest, (size_t)*siglen);
4926 ret = WOLFSSL_SUCCESS;
4927 }
4928 else {
4929 /* Sign the digest. */
4930 switch (ctx->pctx->pkey->type) {
4931 #if !defined(NO_RSA)
4932 case WC_EVP_PKEY_RSA: {
4933 unsigned int sigSz = (unsigned int)*siglen;
4934 int nid;
4935 const WOLFSSL_EVP_MD *md = wolfSSL_EVP_MD_CTX_md(ctx);
4936 if (md == NULL)
4937 break;
4938 nid = wolfSSL_EVP_MD_type(md);
4939 if (nid < 0)
4940 break;
4941 ret = wolfSSL_RSA_sign_generic_padding(nid, digest, hashLen,
4942 sig, &sigSz, ctx->pctx->pkey->rsa, 1, ctx->pctx->padding);
4943 if (ret >= 0)
4944 *siglen = sigSz;
4945 break;
4946 }
4947 #endif /* NO_RSA */
4948
4949 #ifdef HAVE_ECC
4950 case WC_EVP_PKEY_EC: {
4951 int len;
4952 WOLFSSL_ECDSA_SIG *ecdsaSig;
4953 ecdsaSig = wolfSSL_ECDSA_do_sign(digest, (int)hashLen,
4954 ctx->pctx->pkey->ecc);
4955 if (ecdsaSig == NULL)
4956 break;
4957 len = wolfSSL_i2d_ECDSA_SIG(ecdsaSig, NULL);
4958 if (len > 0 && (size_t)len <= *siglen)
4959 len = wolfSSL_i2d_ECDSA_SIG(ecdsaSig, &sig);
4960 wolfSSL_ECDSA_SIG_free(ecdsaSig);
4961 if (len == 0)
4962 break;
4963 *siglen = (size_t)len;
4964 ret = WOLFSSL_SUCCESS;
4965 break;
4966 }
4967 #endif
4968 default:
4969 break;
4970 }
4971 }
4972
4973 ForceZero(digest, sizeof(digest));
4974 return ret;
4975}
4976
4977int wolfSSL_EVP_DigestVerifyInit(WOLFSSL_EVP_MD_CTX *ctx,
4978 WOLFSSL_EVP_PKEY_CTX **pctx,
4979 const WOLFSSL_EVP_MD *type,
4980 WOLFSSL_ENGINE *e,
4981 WOLFSSL_EVP_PKEY *pkey)
4982{
4983 WOLFSSL_ENTER("EVP_DigestVerifyInit");
4984
4985 if (ctx == NULL || type == NULL || pkey == NULL)
4986 return WOLFSSL_FAILURE;
4987
4988 return wolfSSL_evp_digest_pk_init(ctx, pctx, type, e, pkey);
4989}
4990
4991
4992int wolfSSL_EVP_DigestVerifyUpdate(WOLFSSL_EVP_MD_CTX *ctx, const void *d,
4993 size_t cnt)
4994{
4995 WOLFSSL_ENTER("EVP_DigestVerifyUpdate");
4996
4997 if (ctx == NULL || d == NULL)
4998 return WOLFSSL_FAILURE;
4999
5000 return wolfssl_evp_digest_pk_update(ctx, d, (unsigned int)cnt);
5001}
5002
5003
5004int wolfSSL_EVP_DigestVerifyFinal(WOLFSSL_EVP_MD_CTX *ctx,
5005 const unsigned char *sig, size_t siglen)
5006{
5007 unsigned char digest[WC_MAX_DIGEST_SIZE];
5008 unsigned int hashLen;
5009
5010 WOLFSSL_ENTER("EVP_DigestVerifyFinal");
5011
5012 if (ctx == NULL || sig == NULL)
5013 return WOLFSSL_FAILURE;
5014
5015 if (ctx->isHMAC) {
5016
5017 hashLen = wolfssl_mac_len(ctx->hash.hmac.macType);
5018
5019 if (hashLen == 0 || siglen != hashLen)
5020 return WOLFSSL_FAILURE;
5021 }
5022
5023 if (wolfssl_evp_digest_pk_final(ctx, digest, &hashLen) <= 0)
5024 return WOLFSSL_FAILURE;
5025
5026 if (ctx->isHMAC) {
5027 /* Check HMAC result matches the signature. */
5028 if (ConstantCompare(sig, digest, (int)siglen) == 0)
5029 return WOLFSSL_SUCCESS;
5030 return WOLFSSL_FAILURE;
5031 }
5032 else {
5033 if (ctx->pctx == NULL || ctx->pctx->pkey == NULL)
5034 return WOLFSSL_FAILURE;
5035 /* Verify the signature with the digest. */
5036 switch (ctx->pctx->pkey->type) {
5037 #if !defined(NO_RSA)
5038 case WC_EVP_PKEY_RSA: {
5039 int nid;
5040 const WOLFSSL_EVP_MD *md = wolfSSL_EVP_MD_CTX_md(ctx);
5041 if (md == NULL)
5042 return WOLFSSL_FAILURE;
5043 nid = wolfSSL_EVP_MD_type(md);
5044 if (nid < 0)
5045 return WOLFSSL_FAILURE;
5046 return wolfSSL_RSA_verify_ex(nid, digest, hashLen, sig,
5047 (unsigned int)siglen,
5048 ctx->pctx->pkey->rsa, ctx->pctx->padding);
5049 }
5050 #endif /* NO_RSA */
5051
5052 #ifdef HAVE_ECC
5053 case WC_EVP_PKEY_EC: {
5054 int ret;
5055 WOLFSSL_ECDSA_SIG *ecdsaSig;
5056 ecdsaSig = wolfSSL_d2i_ECDSA_SIG(NULL, &sig, (long)siglen);
5057 if (ecdsaSig == NULL)
5058 return WOLFSSL_FAILURE;
5059 ret = wolfSSL_ECDSA_do_verify(digest, (int)hashLen, ecdsaSig,
5060 ctx->pctx->pkey->ecc);
5061 wolfSSL_ECDSA_SIG_free(ecdsaSig);
5062 return ret;
5063 }
5064 #endif
5065 default:
5066 break;
5067 }
5068 }
5069
5070 return WOLFSSL_FAILURE;
5071}
5072
5073
5074#ifdef WOLFSSL_APACHE_HTTPD
5075#if !defined(USE_WINDOWS_API) && !defined(MICROCHIP_PIC32)
5076 #include <termios.h>
5077#endif
5078
5079#ifndef XGETPASSWD
5080 static int XGETPASSWD(char* buf, int bufSz) {
5081 int ret = WOLFSSL_SUCCESS;
5082
5083 /* turn off echo for passwords */
5084 #ifdef USE_WINDOWS_API
5085 DWORD originalTerm;
5086 DWORD newTerm;
5087 CONSOLE_SCREEN_BUFFER_INFO screenOrig;
5088 HANDLE stdinHandle = GetStdHandle(STD_INPUT_HANDLE);
5089 if (GetConsoleMode(stdinHandle, &originalTerm) == 0) {
5090 WOLFSSL_MSG("Couldn't get the original terminal settings");
5091 return WOLFSSL_FAILURE;
5092 }
5093 newTerm = originalTerm;
5094 newTerm &= ~ENABLE_ECHO_INPUT;
5095 if (SetConsoleMode(stdinHandle, newTerm) == 0) {
5096 WOLFSSL_MSG("Couldn't turn off echo");
5097 return WOLFSSL_FAILURE;
5098 }
5099 #else
5100 struct termios originalTerm;
5101 struct termios newTerm;
5102 if (tcgetattr(STDIN_FILENO, &originalTerm) != 0) {
5103 WOLFSSL_MSG("Couldn't get the original terminal settings");
5104 return WOLFSSL_FAILURE;
5105 }
5106 XMEMCPY(&newTerm, &originalTerm, sizeof(struct termios));
5107
5108 newTerm.c_lflag &= ~ECHO;
5109 newTerm.c_lflag |= (ICANON | ECHONL);
5110 if (tcsetattr(STDIN_FILENO, TCSANOW, &newTerm) != 0) {
5111 WOLFSSL_MSG("Couldn't turn off echo");
5112 return WOLFSSL_FAILURE;
5113 }
5114 #endif
5115
5116 if (XFGETS(buf, bufSz, stdin) == NULL) {
5117 ret = WOLFSSL_FAILURE;
5118 }
5119
5120 /* restore default echo */
5121 #ifdef USE_WINDOWS_API
5122 if (SetConsoleMode(stdinHandle, originalTerm) == 0) {
5123 WOLFSSL_MSG("Couldn't restore the terminal settings");
5124 return WOLFSSL_FAILURE;
5125 }
5126 #else
5127 if (tcsetattr(STDIN_FILENO, TCSANOW, &originalTerm) != 0) {
5128 WOLFSSL_MSG("Couldn't restore the terminal settings");
5129 return WOLFSSL_FAILURE;
5130 }
5131 #endif
5132 return ret;
5133 }
5134#endif
5135
5136/* returns 0 on success and -2 or -1 on failure */
5137int wolfSSL_EVP_read_pw_string(char* buf, int bufSz, const char* banner, int v)
5138{
5139 printf("%s", banner);
5140 if (XGETPASSWD(buf, bufSz) == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) {
5141 return -1;
5142 }
5143 (void)v; /* fgets always sanity checks size of input vs buffer */
5144 return 0;
5145}
5146#endif /* WOLFSSL_APACHE_HTTPD */
5147
5148#if !defined(NO_PWDBASED) && !defined(NO_SHA) && !defined(NO_HMAC)
5149int wolfSSL_PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen,
5150 const unsigned char *salt,
5151 int saltlen, int iter,
5152 int keylen, unsigned char *out)
5153{
5154 const char *nostring = "";
5155 int ret = 0;
5156
5157 if (pass == NULL) {
5158 passlen = 0;
5159 pass = nostring;
5160 }
5161 else if (passlen == -1) {
5162 passlen = (int)XSTRLEN(pass);
5163 }
5164
5165 ret = wc_PBKDF2((byte*)out, (byte*)pass, passlen, (byte*)salt, saltlen,
5166 iter, keylen, WC_SHA);
5167 if (ret == 0)
5168 return WOLFSSL_SUCCESS;
5169 else
5170 return WOLFSSL_FAILURE;
5171}
5172#endif /* !NO_PWDBASED !NO_SHA*/
5173
5174#if !defined(NO_PWDBASED) && !defined(NO_HMAC)
5175int wolfSSL_PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
5176 const unsigned char *salt,
5177 int saltlen, int iter,
5178 const WOLFSSL_EVP_MD *digest,
5179 int keylen, unsigned char *out)
5180{
5181 const char *nostring = "";
5182 int ret = 0;
5183 enum wc_HashType pbkdf2HashType;
5184
5185 if (pass == NULL) {
5186 passlen = 0;
5187 pass = nostring;
5188 } else if (passlen == -1) {
5189 passlen = (int)XSTRLEN(pass);
5190 }
5191
5192 pbkdf2HashType = EvpMd2MacType(digest);
5193
5194 ret = wc_PBKDF2((byte*)out, (byte*)pass, passlen, (byte*)salt, saltlen,
5195 iter, keylen, pbkdf2HashType);
5196 if (ret == 0)
5197 return WOLFSSL_SUCCESS;
5198 else
5199 return WOLFSSL_FAILURE;
5200}
5201#endif /* !NO_PWDBASED */
5202
5203
5204#if defined(HAVE_SCRYPT) && defined(HAVE_PBKDF2) && !defined(NO_PWDBASED) && \
5205 !defined(NO_SHA256)
5206/**
5207 * Derives a key from the specified password and the salt using SCRYPT
5208 * algorithm.
5209 *
5210 * Parameters:
5211 * - pass :password data. no need to be null-terminated. NULL is accepted.
5212 * - passlen :length of the password. Must be 0 when pass is NULL.
5213 * - salt :salt. NULL is accepted.
5214 * - saltlen :length of the salt. Must be 0 when salt is NULL.
5215 * - N :cost parameter. Must be grater or equal to 2 and be a power of 2.
5216 * - r :block size. Must 1 or greater.
5217 * - p :parallelism
5218 * - maxmem :maximum size of buffer used for calculation in definition,
5219 * Not referred in this implementation.
5220 * - key :derived key.
5221 * - keylen :length of the derived key
5222 *
5223 * Returns:
5224 * 1 on success, otherwise 0.
5225 */
5226int wolfSSL_EVP_PBE_scrypt(const char *pass, size_t passlen,
5227 const unsigned char *salt, size_t saltlen,
5228 word64 N, word64 r, word64 p,
5229 word64 maxmem, unsigned char *key, size_t keylen)
5230{
5231 int ret;
5232 int exp = 0;
5233
5234 (void)maxmem;
5235
5236 WOLFSSL_ENTER("wolfSSL_EVP_PBE_scrypt");
5237
5238 if (r > INT32_MAX || p > INT32_MAX) {
5239 WOLFSSL_MSG("Doesn't support greater than 32 bit values of r and p");
5240 return WOLFSSL_FAILURE;
5241 }
5242 /* N must be a power of 2 and > 2.
5243 if (N & (N-1)) is zero, it means N is a power of 2.
5244 */
5245 if (N < 2 || (N & (N-1)) || r <= 0 || p <= 0)
5246 return WOLFSSL_FAILURE;
5247
5248 if (key == NULL)
5249 return WOLFSSL_SUCCESS;
5250
5251 /* get exponent of power of 2. Confirmed N is power of 2. */
5252 while (N != 1) {
5253 N >>= 1;
5254 exp++;
5255 }
5256
5257 ret = wc_scrypt(key, (const byte*)pass, (int)passlen, salt, (int)saltlen,
5258 exp, (int)r, (int)p, (int)keylen);
5259
5260 WOLFSSL_LEAVE("wolfSSL_EVP_PBE_scrypt", ret);
5261
5262 if (ret == 0)
5263 return WOLFSSL_SUCCESS;
5264 else
5265 return WOLFSSL_FAILURE;
5266}
5267#endif /* HAVE_SCRYPT && HAVE_PBKDF2 && !NO_PWDBASED && !NO_SHA */
5268
5269static const struct cipher{
5270 unsigned char type;
5271 const char *name;
5272 int nid;
5273} cipher_tbl[] = {
5274
5275#ifndef NO_AES
5276 #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
5277 #ifdef WOLFSSL_AES_128
5278 {WC_AES_128_CBC_TYPE, EVP_AES_128_CBC, WC_NID_aes_128_cbc},
5279 #endif
5280 #ifdef WOLFSSL_AES_192
5281 {WC_AES_192_CBC_TYPE, EVP_AES_192_CBC, WC_NID_aes_192_cbc},
5282 #endif
5283 #ifdef WOLFSSL_AES_256
5284 {WC_AES_256_CBC_TYPE, EVP_AES_256_CBC, WC_NID_aes_256_cbc},
5285 #endif
5286 #endif
5287
5288 #ifdef WOLFSSL_AES_CFB
5289 #ifndef WOLFSSL_NO_AES_CFB_1_8
5290 #ifdef WOLFSSL_AES_128
5291 {WC_AES_128_CFB1_TYPE, EVP_AES_128_CFB1, WC_NID_aes_128_cfb1},
5292 #endif
5293 #ifdef WOLFSSL_AES_192
5294 {WC_AES_192_CFB1_TYPE, EVP_AES_192_CFB1, WC_NID_aes_192_cfb1},
5295 #endif
5296 #ifdef WOLFSSL_AES_256
5297 {WC_AES_256_CFB1_TYPE, EVP_AES_256_CFB1, WC_NID_aes_256_cfb1},
5298 #endif
5299
5300 #ifdef WOLFSSL_AES_128
5301 {WC_AES_128_CFB8_TYPE, EVP_AES_128_CFB8, WC_NID_aes_128_cfb8},
5302 #endif
5303 #ifdef WOLFSSL_AES_192
5304 {WC_AES_192_CFB8_TYPE, EVP_AES_192_CFB8, WC_NID_aes_192_cfb8},
5305 #endif
5306 #ifdef WOLFSSL_AES_256
5307 {WC_AES_256_CFB8_TYPE, EVP_AES_256_CFB8, WC_NID_aes_256_cfb8},
5308 #endif
5309 #endif /* !WOLFSSL_NO_AES_CFB_1_8 */
5310
5311 #ifdef WOLFSSL_AES_128
5312 {WC_AES_128_CFB128_TYPE, EVP_AES_128_CFB128, WC_NID_aes_128_cfb128},
5313 #endif
5314 #ifdef WOLFSSL_AES_192
5315 {WC_AES_192_CFB128_TYPE, EVP_AES_192_CFB128, WC_NID_aes_192_cfb128},
5316 #endif
5317 #ifdef WOLFSSL_AES_256
5318 {WC_AES_256_CFB128_TYPE, EVP_AES_256_CFB128, WC_NID_aes_256_cfb128},
5319 #endif
5320 #endif /* WOLFSSL_AES_CFB */
5321
5322 #ifdef WOLFSSL_AES_OFB
5323 #ifdef WOLFSSL_AES_128
5324 {WC_AES_128_OFB_TYPE, EVP_AES_128_OFB, WC_NID_aes_128_ofb},
5325 #endif
5326 #ifdef WOLFSSL_AES_192
5327 {WC_AES_192_OFB_TYPE, EVP_AES_192_OFB, WC_NID_aes_192_ofb},
5328 #endif
5329 #ifdef WOLFSSL_AES_256
5330 {WC_AES_256_OFB_TYPE, EVP_AES_256_OFB, WC_NID_aes_256_ofb},
5331 #endif
5332 #endif
5333
5334 #if defined(WOLFSSL_AES_XTS) && \
5335 (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3))
5336 #ifdef WOLFSSL_AES_128
5337 {WC_AES_128_XTS_TYPE, EVP_AES_128_XTS, WC_NID_aes_128_xts},
5338 #endif
5339 #ifdef WOLFSSL_AES_256
5340 {WC_AES_256_XTS_TYPE, EVP_AES_256_XTS, WC_NID_aes_256_xts},
5341 #endif
5342 #endif
5343
5344 #ifdef HAVE_AESGCM
5345 #ifdef WOLFSSL_AES_128
5346 {WC_AES_128_GCM_TYPE, EVP_AES_128_GCM, WC_NID_aes_128_gcm},
5347 #endif
5348 #ifdef WOLFSSL_AES_192
5349 {WC_AES_192_GCM_TYPE, EVP_AES_192_GCM, WC_NID_aes_192_gcm},
5350 #endif
5351 #ifdef WOLFSSL_AES_256
5352 {WC_AES_256_GCM_TYPE, EVP_AES_256_GCM, WC_NID_aes_256_gcm},
5353 #endif
5354 #endif
5355
5356 #ifdef HAVE_AESCCM
5357 #ifdef WOLFSSL_AES_128
5358 {WC_AES_128_CCM_TYPE, EVP_AES_128_CCM, WC_NID_aes_128_ccm},
5359 #endif
5360 #ifdef WOLFSSL_AES_192
5361 {WC_AES_192_CCM_TYPE, EVP_AES_192_CCM, WC_NID_aes_192_ccm},
5362 #endif
5363 #ifdef WOLFSSL_AES_256
5364 {WC_AES_256_CCM_TYPE, EVP_AES_256_CCM, WC_NID_aes_256_ccm},
5365 #endif
5366 #endif
5367
5368 #ifdef WOLFSSL_AES_COUNTER
5369 #ifdef WOLFSSL_AES_128
5370 {WC_AES_128_CTR_TYPE, EVP_AES_128_CTR, WC_NID_aes_128_ctr},
5371 #endif
5372 #ifdef WOLFSSL_AES_192
5373 {WC_AES_192_CTR_TYPE, EVP_AES_192_CTR, WC_NID_aes_192_ctr},
5374 #endif
5375 #ifdef WOLFSSL_AES_256
5376 {WC_AES_256_CTR_TYPE, EVP_AES_256_CTR, WC_NID_aes_256_ctr},
5377 #endif
5378 #endif
5379
5380 #ifdef HAVE_AES_ECB
5381 #ifdef WOLFSSL_AES_128
5382 {WC_AES_128_ECB_TYPE, EVP_AES_128_ECB, WC_NID_aes_128_ecb},
5383 #endif
5384 #ifdef WOLFSSL_AES_192
5385 {WC_AES_192_ECB_TYPE, EVP_AES_192_ECB, WC_NID_aes_192_ecb},
5386 #endif
5387 #ifdef WOLFSSL_AES_256
5388 {WC_AES_256_ECB_TYPE, EVP_AES_256_ECB, WC_NID_aes_256_ecb},
5389 #endif
5390 #endif
5391#endif
5392
5393#ifdef HAVE_ARIA
5394 {WC_ARIA_128_GCM_TYPE, EVP_ARIA_128_GCM, WC_NID_aria_128_gcm},
5395 {WC_ARIA_192_GCM_TYPE, EVP_ARIA_192_GCM, WC_NID_aria_192_gcm},
5396 {WC_ARIA_256_GCM_TYPE, EVP_ARIA_256_GCM, WC_NID_aria_256_gcm},
5397#endif
5398
5399#ifndef NO_DES3
5400 {WC_DES_CBC_TYPE, EVP_DES_CBC, WC_NID_des_cbc},
5401 {WC_DES_ECB_TYPE, EVP_DES_ECB, WC_NID_des_ecb},
5402
5403 {WC_DES_EDE3_CBC_TYPE, EVP_DES_EDE3_CBC, WC_NID_des_ede3_cbc},
5404 {WC_DES_EDE3_ECB_TYPE, EVP_DES_EDE3_ECB, WC_NID_des_ede3_ecb},
5405#endif
5406
5407#ifndef NO_RC4
5408 {WC_ARC4_TYPE, EVP_ARC4, WC_NID_undef},
5409#endif
5410
5411#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
5412 {WC_CHACHA20_POLY1305_TYPE, EVP_CHACHA20_POLY1305, WC_NID_chacha20_poly1305},
5413#endif
5414
5415#ifdef HAVE_CHACHA
5416 {WC_CHACHA20_TYPE, EVP_CHACHA20, WC_NID_chacha20},
5417#endif
5418
5419#ifdef WOLFSSL_SM4_ECB
5420 {WC_SM4_ECB_TYPE, EVP_SM4_ECB, WC_NID_sm4_ecb},
5421#endif
5422#ifdef WOLFSSL_SM4_CBC
5423 {WC_SM4_CBC_TYPE, EVP_SM4_CBC, WC_NID_sm4_cbc},
5424#endif
5425#ifdef WOLFSSL_SM4_CTR
5426 {WC_SM4_CTR_TYPE, EVP_SM4_CTR, WC_NID_sm4_ctr},
5427#endif
5428#ifdef WOLFSSL_SM4_GCM
5429 {WC_SM4_GCM_TYPE, EVP_SM4_GCM, WC_NID_sm4_gcm},
5430#endif
5431#ifdef WOLFSSL_SM4_CCM
5432 {WC_SM4_CCM_TYPE, EVP_SM4_CCM, WC_NID_sm4_ccm},
5433#endif
5434
5435 { 0, NULL, 0}
5436};
5437
5438/* returns cipher using provided ctx type */
5439const WOLFSSL_EVP_CIPHER *wolfSSL_EVP_CIPHER_CTX_cipher(
5440 const WOLFSSL_EVP_CIPHER_CTX *ctx)
5441{
5442 const struct cipher* c;
5443
5444 if (!ctx || !ctx->cipherType) {
5445 return NULL;
5446 }
5447
5448 for (c = cipher_tbl; c->type != 0; c++) {
5449 if (ctx->cipherType == c->type) {
5450 return wolfSSL_EVP_get_cipherbyname(c->name);
5451 }
5452 }
5453
5454 return NULL;
5455}
5456
5457int wolfSSL_EVP_CIPHER_nid(const WOLFSSL_EVP_CIPHER *cipher)
5458{
5459 const struct cipher* c;
5460
5461 if (!cipher) {
5462 return 0;
5463 }
5464
5465 for (c = cipher_tbl; c->type != 0; c++) {
5466 if (XSTRCMP(cipher, c->name) == 0) {
5467 return c->nid;
5468 }
5469 }
5470
5471 return 0;
5472}
5473
5474const WOLFSSL_EVP_CIPHER *wolfSSL_EVP_get_cipherbyname(const char *name)
5475{
5476 const struct alias {
5477 const char *name;
5478 const char *alias;
5479 } cipher_alias_tbl[] = {
5480#ifndef NO_DES3
5481 {EVP_DES_CBC, "des"},
5482 {EVP_DES_ECB, "des-ecb"},
5483 {EVP_DES_EDE3_CBC, "des3"},
5484 {EVP_DES_EDE3_CBC, "3des"},
5485 {EVP_DES_EDE3_ECB, "des-ede3"},
5486 {EVP_DES_EDE3_ECB, "des-ede3-ecb"},
5487#endif
5488#ifndef NO_AES
5489 #ifdef HAVE_AES_CBC
5490 #ifdef WOLFSSL_AES_128
5491 {EVP_AES_128_CBC, "aes128-cbc"},
5492 {EVP_AES_128_CBC, "aes128"},
5493 #endif
5494 #ifdef WOLFSSL_AES_192
5495 {EVP_AES_192_CBC, "aes192-cbc"},
5496 {EVP_AES_192_CBC, "aes192"},
5497 #endif
5498 #ifdef WOLFSSL_AES_256
5499 {EVP_AES_256_CBC, "aes256-cbc"},
5500 {EVP_AES_256_CBC, "aes256"},
5501 #endif
5502 #endif
5503 #ifdef HAVE_AES_ECB
5504 #ifdef WOLFSSL_AES_128
5505 {EVP_AES_128_ECB, "aes128-ecb"},
5506 #endif
5507 #ifdef WOLFSSL_AES_192
5508 {EVP_AES_192_ECB, "aes192-ecb"},
5509 #endif
5510 #ifdef WOLFSSL_AES_256
5511 {EVP_AES_256_ECB, "aes256-ecb"},
5512 #endif
5513 #endif
5514 #ifdef HAVE_AESGCM
5515 #ifdef WOLFSSL_AES_128
5516 {EVP_AES_128_GCM, "aes-128-gcm"},
5517 {EVP_AES_128_GCM, "id-aes128-GCM"},
5518 #endif
5519 #ifdef WOLFSSL_AES_192
5520 {EVP_AES_192_GCM, "aes-192-gcm"},
5521 {EVP_AES_192_GCM, "id-aes192-GCM"},
5522 #endif
5523 #ifdef WOLFSSL_AES_256
5524 {EVP_AES_256_GCM, "aes-256-gcm"},
5525 {EVP_AES_256_GCM, "id-aes256-GCM"},
5526 #endif
5527 #endif
5528 #ifdef HAVE_AESCCM
5529 #ifdef WOLFSSL_AES_128
5530 {EVP_AES_128_CCM, "aes-128-ccm"},
5531 {EVP_AES_128_CCM, "id-aes128-CCM"},
5532 #endif
5533 #ifdef WOLFSSL_AES_192
5534 {EVP_AES_192_CCM, "aes-192-ccm"},
5535 {EVP_AES_192_CCM, "id-aes192-CCM"},
5536 #endif
5537 #ifdef WOLFSSL_AES_256
5538 {EVP_AES_256_CCM, "aes-256-ccm"},
5539 {EVP_AES_256_CCM, "id-aes256-CCM"},
5540 #endif
5541 #endif
5542#endif
5543#ifdef HAVE_ARIA
5544 {EVP_ARIA_128_GCM, "aria-128-gcm"},
5545 {EVP_ARIA_128_GCM, "id-aria128-GCM"},
5546 {EVP_ARIA_192_GCM, "aria-192-gcm"},
5547 {EVP_ARIA_192_GCM, "id-aria192-GCM"},
5548 {EVP_ARIA_256_GCM, "aria-256-gcm"},
5549 {EVP_ARIA_256_GCM, "id-aria256-GCM"},
5550#endif
5551#ifdef WOLFSSL_SM4_ECB
5552 {EVP_SM4_ECB, "sm4-ecb"},
5553#endif
5554#ifdef WOLFSSL_SM4_CBC
5555 {EVP_SM4_CBC, "sm4"},
5556 {EVP_SM4_CBC, "sm4-cbc"},
5557#endif
5558#ifdef WOLFSSL_SM4_CTR
5559 {EVP_SM4_CTR, "sm4-ctr"},
5560#endif
5561#ifdef WOLFSSL_SM4_GCM
5562 {EVP_SM4_GCM, "sm4-gcm"},
5563#endif
5564#ifdef WOLFSSL_SM4_CCM
5565 {EVP_SM4_CCM, "sm4-ccm"},
5566#endif
5567#ifndef NO_RC4
5568 {EVP_ARC4, "RC4"},
5569#endif
5570#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
5571 {EVP_CHACHA20_POLY1305, "chacha20-poly1305"},
5572#endif
5573#ifdef HAVE_CHACHA
5574 {EVP_CHACHA20, "chacha20"},
5575#endif
5576 { NULL, NULL}
5577 };
5578
5579 const struct cipher *ent;
5580 const struct alias *al;
5581
5582 WOLFSSL_ENTER("EVP_get_cipherbyname");
5583
5584 for (al = cipher_alias_tbl; al->name != NULL; al++) {
5585 /* Accept any case alternative version of an alias. */
5586 if (XSTRCASECMP(name, al->alias) == 0) {
5587 name = al->name;
5588 break;
5589 }
5590 }
5591
5592 for (ent = cipher_tbl; ent->name != NULL; ent++) {
5593 /* Accept any case alternative version of name. */
5594 if (XSTRCASECMP(name, ent->name) == 0) {
5595 return (WOLFSSL_EVP_CIPHER *)ent->name;
5596 }
5597 }
5598
5599 return NULL;
5600}
5601
5602/*
5603 * return an EVP_CIPHER structure when cipher NID is passed.
5604 *
5605 * id cipher NID
5606 *
5607 * return WOLFSSL_EVP_CIPHER
5608*/
5609const WOLFSSL_EVP_CIPHER *wolfSSL_EVP_get_cipherbynid(int id)
5610{
5611 WOLFSSL_ENTER("EVP_get_cipherbynid");
5612
5613 switch(id) {
5614
5615#ifndef NO_AES
5616 #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
5617 #ifdef WOLFSSL_AES_128
5618 case WC_NID_aes_128_cbc:
5619 return wolfSSL_EVP_aes_128_cbc();
5620 #endif
5621 #ifdef WOLFSSL_AES_192
5622 case WC_NID_aes_192_cbc:
5623 return wolfSSL_EVP_aes_192_cbc();
5624 #endif
5625 #ifdef WOLFSSL_AES_256
5626 case WC_NID_aes_256_cbc:
5627 return wolfSSL_EVP_aes_256_cbc();
5628 #endif
5629 #endif
5630 #ifdef WOLFSSL_AES_COUNTER
5631 #ifdef WOLFSSL_AES_128
5632 case WC_NID_aes_128_ctr:
5633 return wolfSSL_EVP_aes_128_ctr();
5634 #endif
5635 #ifdef WOLFSSL_AES_192
5636 case WC_NID_aes_192_ctr:
5637 return wolfSSL_EVP_aes_192_ctr();
5638 #endif
5639 #ifdef WOLFSSL_AES_256
5640 case WC_NID_aes_256_ctr:
5641 return wolfSSL_EVP_aes_256_ctr();
5642 #endif
5643 #endif /* WOLFSSL_AES_COUNTER */
5644 #ifdef HAVE_AES_ECB
5645 #ifdef WOLFSSL_AES_128
5646 case WC_NID_aes_128_ecb:
5647 return wolfSSL_EVP_aes_128_ecb();
5648 #endif
5649 #ifdef WOLFSSL_AES_192
5650 case WC_NID_aes_192_ecb:
5651 return wolfSSL_EVP_aes_192_ecb();
5652 #endif
5653 #ifdef WOLFSSL_AES_256
5654 case WC_NID_aes_256_ecb:
5655 return wolfSSL_EVP_aes_256_ecb();
5656 #endif
5657 #endif /* HAVE_AES_ECB */
5658 #ifdef HAVE_AESGCM
5659 #ifdef WOLFSSL_AES_128
5660 case WC_NID_aes_128_gcm:
5661 return wolfSSL_EVP_aes_128_gcm();
5662 #endif
5663 #ifdef WOLFSSL_AES_192
5664 case WC_NID_aes_192_gcm:
5665 return wolfSSL_EVP_aes_192_gcm();
5666 #endif
5667 #ifdef WOLFSSL_AES_256
5668 case WC_NID_aes_256_gcm:
5669 return wolfSSL_EVP_aes_256_gcm();
5670 #endif
5671 #endif
5672 #ifdef HAVE_AESCCM
5673 #ifdef WOLFSSL_AES_128
5674 case WC_NID_aes_128_ccm:
5675 return wolfSSL_EVP_aes_128_ccm();
5676 #endif
5677 #ifdef WOLFSSL_AES_192
5678 case WC_NID_aes_192_ccm:
5679 return wolfSSL_EVP_aes_192_ccm();
5680 #endif
5681 #ifdef WOLFSSL_AES_256
5682 case WC_NID_aes_256_ccm:
5683 return wolfSSL_EVP_aes_256_ccm();
5684 #endif
5685 #endif
5686#endif
5687
5688#ifdef HAVE_ARIA
5689 case WC_NID_aria_128_gcm:
5690 return wolfSSL_EVP_aria_128_gcm();
5691 case WC_NID_aria_192_gcm:
5692 return wolfSSL_EVP_aria_192_gcm();
5693 case WC_NID_aria_256_gcm:
5694 return wolfSSL_EVP_aria_256_gcm();
5695#endif
5696
5697#ifndef NO_DES3
5698 case WC_NID_des_cbc:
5699 return wolfSSL_EVP_des_cbc();
5700#ifdef WOLFSSL_DES_ECB
5701 case WC_NID_des_ecb:
5702 return wolfSSL_EVP_des_ecb();
5703#endif
5704 case WC_NID_des_ede3_cbc:
5705 return wolfSSL_EVP_des_ede3_cbc();
5706#ifdef WOLFSSL_DES_ECB
5707 case WC_NID_des_ede3_ecb:
5708 return wolfSSL_EVP_des_ede3_ecb();
5709#endif
5710#endif /*NO_DES3*/
5711
5712#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
5713 case WC_NID_chacha20_poly1305:
5714 return wolfSSL_EVP_chacha20_poly1305();
5715#endif
5716
5717#ifdef HAVE_CHACHA
5718 case WC_NID_chacha20:
5719 return wolfSSL_EVP_chacha20();
5720#endif
5721
5722#ifdef WOLFSSL_SM4_ECB
5723 case WC_NID_sm4_ecb:
5724 return wolfSSL_EVP_sm4_ecb();
5725#endif
5726#ifdef WOLFSSL_SM4_CBC
5727 case WC_NID_sm4_cbc:
5728 return wolfSSL_EVP_sm4_cbc();
5729#endif
5730#ifdef WOLFSSL_SM4_CTR
5731 case WC_NID_sm4_ctr:
5732 return wolfSSL_EVP_sm4_ctr();
5733#endif
5734#ifdef WOLFSSL_SM4_GCM
5735 case WC_NID_sm4_gcm:
5736 return wolfSSL_EVP_sm4_gcm();
5737#endif
5738#ifdef WOLFSSL_SM4_CCM
5739 case WC_NID_sm4_ccm:
5740 return wolfSSL_EVP_sm4_ccm();
5741#endif
5742
5743 default:
5744 WOLFSSL_MSG("Bad cipher id value");
5745 }
5746
5747 return NULL;
5748}
5749
5750void wolfSSL_EVP_init(void)
5751{
5752 /* Does nothing. */
5753}
5754
5755 /* returns WOLFSSL_SUCCESS on success */
5756 int wolfSSL_EVP_MD_CTX_copy(WOLFSSL_EVP_MD_CTX *out, const WOLFSSL_EVP_MD_CTX *in)
5757 {
5758 return wolfSSL_EVP_MD_CTX_copy_ex(out, in);
5759 }
5760 /* Deep copy of EVP_MD hasher
5761 * return WOLFSSL_SUCCESS on success */
5762 static int wolfSSL_EVP_MD_Copy_Hasher(WOLFSSL_EVP_MD_CTX* des,
5763 const WOLFSSL_EVP_MD_CTX* src)
5764 {
5765 if (src->isHMAC) {
5766 return wolfSSL_HmacCopy(&des->hash.hmac, (Hmac*)&src->hash.hmac);
5767 }
5768 else {
5769 int ret;
5770
5771 switch (src->macType) {
5772 case WC_HASH_TYPE_MD5:
5773 #ifndef NO_MD5
5774 ret = wc_Md5Copy((wc_Md5*)&src->hash.digest,
5775 (wc_Md5*)&des->hash.digest);
5776 #else
5777 ret = NOT_COMPILED_IN;
5778 #endif /* !NO_MD5 */
5779 break;
5780 case WC_HASH_TYPE_SHA:
5781 #ifndef NO_SHA
5782 ret = wc_ShaCopy((wc_Sha*)&src->hash.digest,
5783 (wc_Sha*)&des->hash.digest);
5784 #else
5785 ret = NOT_COMPILED_IN;
5786 #endif /* !NO_SHA */
5787 break;
5788 case WC_HASH_TYPE_SHA224:
5789 #ifdef WOLFSSL_SHA224
5790 ret = wc_Sha224Copy((wc_Sha224*)&src->hash.digest,
5791 (wc_Sha224*)&des->hash.digest);
5792 #else
5793 ret = NOT_COMPILED_IN;
5794 #endif /* WOLFSSL_SHA224 */
5795 break;
5796 case WC_HASH_TYPE_SHA256:
5797 #ifndef NO_SHA256
5798 ret = wc_Sha256Copy((wc_Sha256*)&src->hash.digest,
5799 (wc_Sha256*)&des->hash.digest);
5800 #else
5801 ret = NOT_COMPILED_IN;
5802 #endif /* !NO_SHA256 */
5803 break;
5804 case WC_HASH_TYPE_SHA384:
5805 #ifdef WOLFSSL_SHA384
5806 ret = wc_Sha384Copy((wc_Sha384*)&src->hash.digest,
5807 (wc_Sha384*)&des->hash.digest);
5808 #else
5809 ret = NOT_COMPILED_IN;
5810 #endif /* WOLFSSL_SHA384 */
5811 break;
5812 case WC_HASH_TYPE_SHA512:
5813 #ifdef WOLFSSL_SHA512
5814 ret = wc_Sha512Copy((wc_Sha512*)&src->hash.digest,
5815 (wc_Sha512*)&des->hash.digest);
5816 #else
5817 ret = NOT_COMPILED_IN;
5818 #endif /* WOLFSSL_SHA512 */
5819 break;
5820 case WC_HASH_TYPE_SHA512_224:
5821 #if (!defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0)) && \
5822 !defined(HAVE_SELFTEST) && defined(WOLFSSL_SHA512) && \
5823 !defined(WOLFSSL_NOSHA512_224)
5824 ret = wc_Sha512_224Copy((wc_Sha512*)&src->hash.digest,
5825 (wc_Sha512*)&des->hash.digest);
5826 #else
5827 ret = NOT_COMPILED_IN;
5828 #endif
5829 break;
5830 case WC_HASH_TYPE_SHA512_256:
5831 #if (!defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0)) && \
5832 !defined(HAVE_SELFTEST) && defined(WOLFSSL_SHA512) && \
5833 !defined(WOLFSSL_NOSHA512_256)
5834 ret = wc_Sha512_256Copy((wc_Sha512*)&src->hash.digest,
5835 (wc_Sha512*)&des->hash.digest);
5836 #else
5837 ret = NOT_COMPILED_IN;
5838 #endif
5839 break;
5840 case WC_HASH_TYPE_SHA3_224:
5841 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224)
5842 ret = wc_Sha3_224_Copy((wc_Sha3*)&src->hash.digest,
5843 (wc_Sha3*)&des->hash.digest);
5844 #else
5845 ret = NOT_COMPILED_IN;
5846 #endif
5847 break;
5848 case WC_HASH_TYPE_SHA3_256:
5849 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
5850 ret = wc_Sha3_256_Copy((wc_Sha3*)&src->hash.digest,
5851 (wc_Sha3*)&des->hash.digest);
5852 #else
5853 ret = NOT_COMPILED_IN;
5854 #endif
5855 break;
5856 case WC_HASH_TYPE_SHA3_384:
5857 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384)
5858 ret = wc_Sha3_384_Copy((wc_Sha3*)&src->hash.digest,
5859 (wc_Sha3*)&des->hash.digest);
5860 #else
5861 ret = NOT_COMPILED_IN;
5862 #endif
5863 break;
5864 case WC_HASH_TYPE_SHA3_512:
5865 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512)
5866 ret = wc_Sha3_512_Copy((wc_Sha3*)&src->hash.digest,
5867 (wc_Sha3*)&des->hash.digest);
5868 #else
5869 ret = NOT_COMPILED_IN;
5870 #endif
5871 break;
5872 case WC_HASH_TYPE_SM3:
5873 #ifdef WOLFSSL_SM3
5874 ret = wc_Sm3Copy(&src->hash.digest.sm3,
5875 &des->hash.digest.sm3);
5876 #else
5877 ret = NOT_COMPILED_IN;
5878 #endif
5879 break;
5880 case WC_HASH_TYPE_SHAKE128:
5881 #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE128)
5882 ret = wc_Shake128_Copy((wc_Shake*)&src->hash.digest.shake,
5883 (wc_Shake*)&des->hash.digest.shake);
5884 #else
5885 ret = NOT_COMPILED_IN;
5886 #endif
5887 break;
5888 case WC_HASH_TYPE_SHAKE256:
5889 #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256)
5890 ret = wc_Shake256_Copy((wc_Shake*)&src->hash.digest.shake,
5891 (wc_Shake*)&des->hash.digest.shake);
5892 #else
5893 ret = NOT_COMPILED_IN;
5894 #endif
5895 break;
5896 case WC_HASH_TYPE_NONE:
5897 case WC_HASH_TYPE_MD2:
5898 case WC_HASH_TYPE_MD4:
5899 case WC_HASH_TYPE_MD5_SHA:
5900 case WC_HASH_TYPE_BLAKE2B:
5901 case WC_HASH_TYPE_BLAKE2S:
5902 default:
5903 ret = BAD_FUNC_ARG;
5904 break;
5905 }
5906 return ret == 0 ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
5907 }
5908 }
5909
5910 /* copies structure in to the structure out
5911 *
5912 * returns WOLFSSL_SUCCESS on success */
5913 int wolfSSL_EVP_MD_CTX_copy_ex(WOLFSSL_EVP_MD_CTX *out, const WOLFSSL_EVP_MD_CTX *in)
5914 {
5915 if ((out == NULL) || (in == NULL)) return WOLFSSL_FAILURE;
5916 WOLFSSL_ENTER("EVP_CIPHER_MD_CTX_copy_ex");
5917 wolfSSL_EVP_MD_CTX_cleanup(out);
5918 XMEMCPY(out, in, sizeof(WOLFSSL_EVP_MD_CTX));
5919 if (in->pctx != NULL) {
5920 out->pctx = wolfSSL_EVP_PKEY_CTX_new(in->pctx->pkey, NULL);
5921 if (out->pctx == NULL)
5922 return WOLFSSL_FAILURE;
5923 }
5924 /* Zero hash context after shallow copy to prevent shared sub-pointers
5925 * with src. The hash Copy function will perform the proper deep copy. */
5926 XMEMSET(&out->hash, 0, sizeof(out->hash));
5927 return wolfSSL_EVP_MD_Copy_Hasher(out, (WOLFSSL_EVP_MD_CTX*)in);
5928 }
5929 #ifndef NO_AES
5930
5931 #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
5932 #ifdef WOLFSSL_AES_128
5933 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cbc(void)
5934 {
5935 WOLFSSL_ENTER("wolfSSL_EVP_aes_128_cbc");
5936 return EVP_AES_128_CBC;
5937 }
5938 #endif /* WOLFSSL_AES_128 */
5939
5940
5941 #ifdef WOLFSSL_AES_192
5942 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_cbc(void)
5943 {
5944 WOLFSSL_ENTER("wolfSSL_EVP_aes_192_cbc");
5945 return EVP_AES_192_CBC;
5946 }
5947 #endif /* WOLFSSL_AES_192 */
5948
5949
5950 #ifdef WOLFSSL_AES_256
5951 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_cbc(void)
5952 {
5953 WOLFSSL_ENTER("wolfSSL_EVP_aes_256_cbc");
5954 return EVP_AES_256_CBC;
5955 }
5956 #endif /* WOLFSSL_AES_256 */
5957 #endif /* HAVE_AES_CBC */
5958
5959 #ifdef WOLFSSL_AES_CFB
5960 #ifndef WOLFSSL_NO_AES_CFB_1_8
5961 #ifdef WOLFSSL_AES_128
5962 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cfb1(void)
5963 {
5964 WOLFSSL_ENTER("wolfSSL_EVP_aes_128_cfb1");
5965 return EVP_AES_128_CFB1;
5966 }
5967 #endif /* WOLFSSL_AES_128 */
5968
5969 #ifdef WOLFSSL_AES_192
5970 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_cfb1(void)
5971 {
5972 WOLFSSL_ENTER("wolfSSL_EVP_aes_192_cfb1");
5973 return EVP_AES_192_CFB1;
5974 }
5975 #endif /* WOLFSSL_AES_192 */
5976
5977 #ifdef WOLFSSL_AES_256
5978 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_cfb1(void)
5979 {
5980 WOLFSSL_ENTER("wolfSSL_EVP_aes_256_cfb1");
5981 return EVP_AES_256_CFB1;
5982 }
5983 #endif /* WOLFSSL_AES_256 */
5984
5985 #ifdef WOLFSSL_AES_128
5986 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cfb8(void)
5987 {
5988 WOLFSSL_ENTER("wolfSSL_EVP_aes_128_cfb8");
5989 return EVP_AES_128_CFB8;
5990 }
5991 #endif /* WOLFSSL_AES_128 */
5992
5993 #ifdef WOLFSSL_AES_192
5994 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_cfb8(void)
5995 {
5996 WOLFSSL_ENTER("wolfSSL_EVP_aes_192_cfb8");
5997 return EVP_AES_192_CFB8;
5998 }
5999 #endif /* WOLFSSL_AES_192 */
6000
6001 #ifdef WOLFSSL_AES_256
6002 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_cfb8(void)
6003 {
6004 WOLFSSL_ENTER("wolfSSL_EVP_aes_256_cfb8");
6005 return EVP_AES_256_CFB8;
6006 }
6007 #endif /* WOLFSSL_AES_256 */
6008 #endif /* !WOLFSSL_NO_AES_CFB_1_8 */
6009
6010 #ifdef WOLFSSL_AES_128
6011 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cfb128(void)
6012 {
6013 WOLFSSL_ENTER("wolfSSL_EVP_aes_128_cfb128");
6014 return EVP_AES_128_CFB128;
6015 }
6016 #endif /* WOLFSSL_AES_128 */
6017
6018 #ifdef WOLFSSL_AES_192
6019 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_cfb128(void)
6020 {
6021 WOLFSSL_ENTER("wolfSSL_EVP_aes_192_cfb128");
6022 return EVP_AES_192_CFB128;
6023 }
6024 #endif /* WOLFSSL_AES_192 */
6025
6026 #ifdef WOLFSSL_AES_256
6027 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_cfb128(void)
6028 {
6029 WOLFSSL_ENTER("wolfSSL_EVP_aes_256_cfb128");
6030 return EVP_AES_256_CFB128;
6031 }
6032 #endif /* WOLFSSL_AES_256 */
6033 #endif /* WOLFSSL_AES_CFB */
6034
6035 #ifdef WOLFSSL_AES_OFB
6036 #ifdef WOLFSSL_AES_128
6037 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_ofb(void)
6038 {
6039 WOLFSSL_ENTER("wolfSSL_EVP_aes_128_ofb");
6040 return EVP_AES_128_OFB;
6041 }
6042 #endif /* WOLFSSL_AES_128 */
6043
6044 #ifdef WOLFSSL_AES_192
6045 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_ofb(void)
6046 {
6047 WOLFSSL_ENTER("wolfSSL_EVP_aes_192_ofb");
6048 return EVP_AES_192_OFB;
6049 }
6050 #endif /* WOLFSSL_AES_192 */
6051
6052 #ifdef WOLFSSL_AES_256
6053 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_ofb(void)
6054 {
6055 WOLFSSL_ENTER("wolfSSL_EVP_aes_256_ofb");
6056 return EVP_AES_256_OFB;
6057 }
6058 #endif /* WOLFSSL_AES_256 */
6059 #endif /* WOLFSSL_AES_OFB */
6060
6061 #if defined(WOLFSSL_AES_XTS) && \
6062 (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3))
6063 #ifdef WOLFSSL_AES_128
6064 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_xts(void)
6065 {
6066 WOLFSSL_ENTER("wolfSSL_EVP_aes_128_xts");
6067 return EVP_AES_128_XTS;
6068 }
6069 #endif /* WOLFSSL_AES_128 */
6070
6071 #ifdef WOLFSSL_AES_256
6072 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_xts(void)
6073 {
6074 WOLFSSL_ENTER("wolfSSL_EVP_aes_256_xts");
6075 return EVP_AES_256_XTS;
6076 }
6077 #endif /* WOLFSSL_AES_256 */
6078 #endif /* WOLFSSL_AES_XTS &&
6079 (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) */
6080
6081 #ifdef HAVE_AESGCM
6082 #ifdef WOLFSSL_AES_128
6083 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_gcm(void)
6084 {
6085 WOLFSSL_ENTER("wolfSSL_EVP_aes_128_gcm");
6086 return EVP_AES_128_GCM;
6087 }
6088 #endif /* WOLFSSL_GCM_128 */
6089
6090 #ifdef WOLFSSL_AES_192
6091 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_gcm(void)
6092 {
6093 WOLFSSL_ENTER("wolfSSL_EVP_aes_192_gcm");
6094 return EVP_AES_192_GCM;
6095 }
6096 #endif /* WOLFSSL_AES_192 */
6097
6098 #ifdef WOLFSSL_AES_256
6099 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_gcm(void)
6100 {
6101 WOLFSSL_ENTER("wolfSSL_EVP_aes_256_gcm");
6102 return EVP_AES_256_GCM;
6103 }
6104 #endif /* WOLFSSL_AES_256 */
6105 #endif /* HAVE_AESGCM */
6106
6107 #ifdef HAVE_AESCCM
6108 #ifdef WOLFSSL_AES_128
6109 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_ccm(void)
6110 {
6111 WOLFSSL_ENTER("wolfSSL_EVP_aes_128_ccm");
6112 return EVP_AES_128_CCM;
6113 }
6114 #endif /* WOLFSSL_CCM_128 */
6115
6116 #ifdef WOLFSSL_AES_192
6117 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_ccm(void)
6118 {
6119 WOLFSSL_ENTER("wolfSSL_EVP_aes_192_ccm");
6120 return EVP_AES_192_CCM;
6121 }
6122 #endif /* WOLFSSL_AES_192 */
6123
6124 #ifdef WOLFSSL_AES_256
6125 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_ccm(void)
6126 {
6127 WOLFSSL_ENTER("wolfSSL_EVP_aes_256_ccm");
6128 return EVP_AES_256_CCM;
6129 }
6130 #endif /* WOLFSSL_AES_256 */
6131 #endif /* HAVE_AESCCM */
6132
6133 #ifdef WOLFSSL_AES_COUNTER
6134 #ifdef WOLFSSL_AES_128
6135 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_ctr(void)
6136 {
6137 WOLFSSL_ENTER("wolfSSL_EVP_aes_128_ctr");
6138 return EVP_AES_128_CTR;
6139 }
6140 #endif /* WOLFSSL_AES_2128 */
6141
6142 #ifdef WOLFSSL_AES_192
6143 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_ctr(void)
6144 {
6145 WOLFSSL_ENTER("wolfSSL_EVP_aes_192_ctr");
6146 return EVP_AES_192_CTR;
6147 }
6148 #endif /* WOLFSSL_AES_192 */
6149
6150
6151 #ifdef WOLFSSL_AES_256
6152 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_ctr(void)
6153 {
6154 WOLFSSL_ENTER("wolfSSL_EVP_aes_256_ctr");
6155 return EVP_AES_256_CTR;
6156 }
6157 #endif /* WOLFSSL_AES_256 */
6158 #endif /* WOLFSSL_AES_COUNTER */
6159
6160 #ifdef HAVE_AES_ECB
6161 #ifdef WOLFSSL_AES_128
6162 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_ecb(void)
6163 {
6164 WOLFSSL_ENTER("wolfSSL_EVP_aes_128_ecb");
6165 return EVP_AES_128_ECB;
6166 }
6167 #endif /* WOLFSSL_AES_128 */
6168
6169
6170 #ifdef WOLFSSL_AES_192
6171 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_ecb(void)
6172 {
6173 WOLFSSL_ENTER("wolfSSL_EVP_aes_192_ecb");
6174 return EVP_AES_192_ECB;
6175 }
6176 #endif /* WOLFSSL_AES_192*/
6177
6178
6179 #ifdef WOLFSSL_AES_256
6180 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_ecb(void)
6181 {
6182 WOLFSSL_ENTER("wolfSSL_EVP_aes_256_ecb");
6183 return EVP_AES_256_ECB;
6184 }
6185 #endif /* WOLFSSL_AES_256 */
6186 #endif /* HAVE_AES_ECB */
6187 #endif /* NO_AES */
6188
6189#ifdef HAVE_ARIA
6190 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aria_128_gcm(void)
6191 {
6192 WOLFSSL_ENTER("wolfSSL_EVP_aria_128_gcm");
6193 return EVP_ARIA_128_GCM;
6194 }
6195 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aria_192_gcm(void)
6196 {
6197 WOLFSSL_ENTER("wolfSSL_EVP_aria_192_gcm");
6198 return EVP_ARIA_192_GCM;
6199 }
6200 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aria_256_gcm(void)
6201 {
6202 WOLFSSL_ENTER("wolfSSL_EVP_aria_256_gcm");
6203 return EVP_ARIA_256_GCM;
6204 }
6205#endif /* HAVE_ARIA */
6206
6207#ifndef NO_DES3
6208 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_cbc(void)
6209 {
6210 WOLFSSL_ENTER("wolfSSL_EVP_des_cbc");
6211 return EVP_DES_CBC;
6212 }
6213#ifdef WOLFSSL_DES_ECB
6214 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_ecb(void)
6215 {
6216 WOLFSSL_ENTER("wolfSSL_EVP_des_ecb");
6217 return EVP_DES_ECB;
6218 }
6219#endif
6220 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_ede3_cbc(void)
6221 {
6222 WOLFSSL_ENTER("wolfSSL_EVP_des_ede3_cbc");
6223 return EVP_DES_EDE3_CBC;
6224 }
6225#ifdef WOLFSSL_DES_ECB
6226 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_ede3_ecb(void)
6227 {
6228 WOLFSSL_ENTER("wolfSSL_EVP_des_ede3_ecb");
6229 return EVP_DES_EDE3_ECB;
6230 }
6231#endif
6232#endif /* NO_DES3 */
6233
6234#ifndef NO_RC4
6235 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_rc4(void)
6236 {
6237 WOLFSSL_ENTER("wolfSSL_EVP_rc4");
6238 return EVP_ARC4;
6239 }
6240#endif
6241
6242#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
6243 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_chacha20_poly1305(void)
6244 {
6245 WOLFSSL_ENTER("wolfSSL_EVP_chacha20_poly1305");
6246 return EVP_CHACHA20_POLY1305;
6247 }
6248#endif
6249
6250#ifdef HAVE_CHACHA
6251 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_chacha20(void)
6252 {
6253 WOLFSSL_ENTER("wolfSSL_EVP_chacha20");
6254 return EVP_CHACHA20;
6255 }
6256#endif
6257
6258#ifdef WOLFSSL_SM4_ECB
6259 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_sm4_ecb(void)
6260 {
6261 WOLFSSL_ENTER("wolfSSL_EVP_sm4_ecb");
6262 return EVP_SM4_ECB;
6263 }
6264#endif
6265#ifdef WOLFSSL_SM4_CBC
6266 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_sm4_cbc(void)
6267 {
6268 WOLFSSL_ENTER("wolfSSL_EVP_sm4_cbc");
6269 return EVP_SM4_CBC;
6270 }
6271#endif
6272#ifdef WOLFSSL_SM4_CTR
6273 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_sm4_ctr(void)
6274 {
6275 WOLFSSL_ENTER("wolfSSL_EVP_sm4_ctr");
6276 return EVP_SM4_CTR;
6277 }
6278#endif
6279#ifdef WOLFSSL_SM4_GCM
6280 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_sm4_gcm(void)
6281 {
6282 WOLFSSL_ENTER("wolfSSL_EVP_sm4_gcm");
6283 return EVP_SM4_GCM;
6284 }
6285#endif
6286#ifdef WOLFSSL_SM4_CCM
6287 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_sm4_ccm(void)
6288 {
6289 WOLFSSL_ENTER("wolfSSL_EVP_sm4_ccm");
6290 return EVP_SM4_CCM;
6291 }
6292#endif
6293
6294 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_enc_null(void)
6295 {
6296 WOLFSSL_ENTER("wolfSSL_EVP_enc_null");
6297 return EVP_NULL;
6298 }
6299 void wolfSSL_EVP_CIPHER_CTX_init(WOLFSSL_EVP_CIPHER_CTX* ctx)
6300 {
6301 WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_init");
6302 if (ctx) {
6303 XMEMSET(ctx, 0, sizeof(WOLFSSL_EVP_CIPHER_CTX));
6304 ctx->cipherType = WOLFSSL_EVP_CIPH_TYPE_INIT; /* not yet initialized */
6305 ctx->keyLen = 0;
6306 ctx->enc = 1; /* start in encrypt mode */
6307 }
6308 }
6309
6310 /* This function allows cipher specific parameters to be
6311 determined and set. */
6312 int wolfSSL_EVP_CIPHER_CTX_ctrl(WOLFSSL_EVP_CIPHER_CTX *ctx, int type, \
6313 int arg, void *ptr)
6314 {
6315 int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
6316#if defined(HAVE_AESGCM) || (defined(HAVE_CHACHA) && defined(HAVE_POLY1305))
6317#ifndef WC_NO_RNG
6318 WC_RNG rng;
6319#endif
6320#endif
6321 if (ctx == NULL)
6322 return WOLFSSL_FAILURE;
6323
6324 (void)arg;
6325 (void)ptr;
6326
6327 WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_ctrl");
6328
6329 switch(type) {
6330 case WOLFSSL_EVP_CTRL_INIT:
6331 wolfSSL_EVP_CIPHER_CTX_init(ctx);
6332 if(ctx)
6333 ret = WOLFSSL_SUCCESS;
6334 break;
6335 case WOLFSSL_EVP_CTRL_SET_KEY_LENGTH:
6336 ret = wolfSSL_EVP_CIPHER_CTX_set_key_length(ctx, arg);
6337 break;
6338#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) || defined(HAVE_ARIA) || \
6339 defined(WOLFSSL_SM4_GCM) || defined(WOLFSSL_SM4_CCM) || \
6340 (defined(HAVE_CHACHA) && defined(HAVE_POLY1305))
6341 case WOLFSSL_EVP_CTRL_AEAD_SET_IVLEN:
6342 if ((ctx->flags & WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER) == 0)
6343 break;
6344 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
6345 if (ctx->cipherType == WC_CHACHA20_POLY1305_TYPE) {
6346 if (arg != CHACHA20_POLY1305_AEAD_IV_SIZE) {
6347 break;
6348 }
6349 }
6350 else
6351 #endif /* HAVE_CHACHA && HAVE_POLY1305 */
6352 #if defined(WOLFSSL_SM4_GCM)
6353 if (ctx->cipherType == WC_SM4_GCM_TYPE) {
6354 if (arg <= 0 || arg > SM4_BLOCK_SIZE) {
6355 break;
6356 }
6357 }
6358 else
6359 #endif
6360 #if defined(WOLFSSL_SM4_CCM)
6361 if (ctx->cipherType == WC_SM4_CCM_TYPE) {
6362 if (arg <= 0 || arg > SM4_BLOCK_SIZE) {
6363 break;
6364 }
6365 }
6366 else
6367 #endif
6368 {
6369 if (arg <= 0 || arg > WC_AES_BLOCK_SIZE)
6370 break;
6371 }
6372 ret = wolfSSL_EVP_CIPHER_CTX_set_iv_length(ctx, arg);
6373 break;
6374
6375#if defined(HAVE_AESGCM) || defined(WOLFSSL_SM4_GCM) || \
6376 (defined(HAVE_CHACHA) && defined(HAVE_POLY1305))
6377 case WOLFSSL_EVP_CTRL_AEAD_SET_IV_FIXED:
6378 if ((ctx->flags & WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER) == 0)
6379 break;
6380 if (arg == -1) {
6381 /* arg == -1 copies ctx->ivSz from ptr */
6382 ret = wolfSSL_EVP_CIPHER_CTX_set_iv(ctx, (byte*)ptr, ctx->ivSz);
6383 }
6384#ifndef WC_NO_RNG
6385 else {
6386 /*
6387 * Fixed field must be at least 4 bytes and invocation
6388 * field at least 8.
6389 */
6390 if ((arg < 4) || (ctx->ivSz - arg) < 8) {
6391 WOLFSSL_MSG("Fixed field or invocation field too short");
6392 break;
6393 }
6394 /* arg is 4...(ctx->ivSz - 8) */
6395 XMEMCPY(ctx->iv, ptr, (size_t)arg);
6396 if (wc_InitRng(&rng) != 0) {
6397 WOLFSSL_MSG("wc_InitRng failed");
6398 break;
6399 }
6400 if (wc_RNG_GenerateBlock(&rng, ctx->iv + arg,
6401 (word32)(ctx->ivSz - arg)) == 0) {
6402 ret = WOLFSSL_SUCCESS;
6403 } else {
6404 /* rng is freed immediately after if block so no need
6405 * to do it here
6406 */
6407 WOLFSSL_MSG("wc_RNG_GenerateBlock failed");
6408 }
6409 if (wc_FreeRng(&rng) != 0) {
6410 WOLFSSL_MSG("wc_FreeRng failed");
6411 ret = WOLFSSL_FAILURE;
6412 break;
6413 }
6414 }
6415 #if defined(HAVE_AESGCM) || defined(WOLFSSL_SM4_GCM)
6416 if (ret == WOLFSSL_SUCCESS) {
6417 /*
6418 * OpenSSL requires that a EVP_CTRL_AEAD_SET_IV_FIXED
6419 * command be issued before a EVP_CTRL_GCM_IV_GEN command.
6420 * This flag is used to enforce that.
6421 */
6422 ctx->authIvGenEnable = 1;
6423 }
6424 #endif
6425#endif /* !WC_NO_RNG */
6426 break;
6427#endif /* HAVE_AESGCM || WOLFSSL_SM4_GCM || (HAVE_CHACHA && HAVE_POLY1305) */
6428#if (defined(HAVE_AESGCM) || defined(WOLFSSL_SM4_GCM)) && !defined(_WIN32) && \
6429 !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(2,0))
6430 /*
6431 * Using EVP_CTRL_GCM_IV_GEN is a way to do AES-GCM encrypt/decrypt
6432 * multiple times with EVP_Cipher without having to call
6433 * EVP_CipherInit between each iteration. The IV is incremented for
6434 * each subsequent EVP_Cipher call to prevent IV reuse.
6435 */
6436 case WOLFSSL_EVP_CTRL_GCM_IV_GEN:
6437 if ((ctx->flags & WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER) == 0)
6438 break;
6439 if (!ctx->authIvGenEnable) {
6440 WOLFSSL_MSG("Must use EVP_CTRL_AEAD_SET_IV_FIXED before "
6441 "EVP_CTRL_GCM_IV_GEN");
6442 break;
6443 }
6444 if (ctx->cipher.aes.keylen == 0 || ctx->ivSz == 0) {
6445 WOLFSSL_MSG("Key or IV not set");
6446 break;
6447 }
6448 if (ptr == NULL) {
6449 WOLFSSL_MSG("Destination buffer for IV bytes NULL.");
6450 break;
6451 }
6452 if (arg <= 0 || arg > ctx->ivSz) {
6453 XMEMCPY(ptr, ctx->iv, (size_t)ctx->ivSz);
6454 }
6455 else {
6456 /*
6457 * Copy the last "arg" bytes of ctx->iv into the buffer at
6458 * "ptr." Not sure why OpenSSL does this, but it does.
6459 */
6460 XMEMCPY(ptr, ctx->iv + ctx->ivSz - arg, (size_t)arg);
6461 }
6462
6463 /*
6464 * The gcmIncIV flag indicates that the IV should be incremented
6465 * after the next cipher operation.
6466 */
6467 ctx->authIncIv = 1;
6468 ret = WOLFSSL_SUCCESS;
6469 break;
6470#endif /* (HAVE_AESGCM || WOLFSSL_SM4_GCM) && !_WIN32 && !HAVE_SELFTEST &&
6471 * !HAVE_FIPS || FIPS_VERSION >= 2)*/
6472 case WOLFSSL_EVP_CTRL_AEAD_SET_TAG:
6473 if ((ctx->flags & WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER) == 0)
6474 break;
6475#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
6476 if (ctx->cipherType == WC_CHACHA20_POLY1305_TYPE) {
6477 if (arg != CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE) {
6478 break;
6479 }
6480 ctx->authTagSz = arg;
6481 ret = WOLFSSL_SUCCESS;
6482 if (ptr != NULL) {
6483 XMEMCPY(ctx->authTag, ptr, (size_t)arg);
6484 }
6485 break;
6486 }
6487 else
6488#endif /* HAVE_CHACHA && HAVE_POLY1305 */
6489#if defined(WOLFSSL_SM4_GCM)
6490 if (ctx->cipherType == WC_SM4_GCM_TYPE) {
6491 if ((arg <= 0) || (arg > SM4_BLOCK_SIZE) || (ptr == NULL)) {
6492 break;
6493 }
6494
6495 XMEMCPY(ctx->authTag, ptr, (size_t)arg);
6496 ctx->authTagSz = arg;
6497 ret = WOLFSSL_SUCCESS;
6498 break;
6499 }
6500 else
6501#endif
6502#if defined(WOLFSSL_SM4_CCM)
6503 if (ctx->cipherType == WC_SM4_CCM_TYPE) {
6504 if ((arg <= 0) || (arg > SM4_BLOCK_SIZE) || (ptr == NULL)) {
6505 break;
6506 }
6507
6508 XMEMCPY(ctx->authTag, ptr, (size_t)arg);
6509 ctx->authTagSz = arg;
6510 ret = WOLFSSL_SUCCESS;
6511 break;
6512 }
6513 else
6514#endif
6515 {
6516 if(arg <= 0 || arg > 16 || (ptr == NULL))
6517 break;
6518
6519 XMEMCPY(ctx->authTag, ptr, (size_t)arg);
6520 ctx->authTagSz = arg;
6521 ret = WOLFSSL_SUCCESS;
6522 break;
6523 }
6524 case WOLFSSL_EVP_CTRL_AEAD_GET_TAG:
6525 if ((ctx->flags & WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER) == 0)
6526 break;
6527
6528#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
6529 if (ctx->cipherType == WC_CHACHA20_POLY1305_TYPE) {
6530 if (arg != CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE) {
6531 break;
6532 }
6533 }
6534 else
6535#endif /* HAVE_CHACHA && HAVE_POLY1305 */
6536#if defined(WOLFSSL_SM4_GCM)
6537 if (ctx->cipherType == WC_SM4_GCM_TYPE) {
6538 if (arg <= 0 || arg > SM4_BLOCK_SIZE) {
6539 break;
6540 }
6541 }
6542 else
6543#endif
6544#if defined(WOLFSSL_SM4_CCM)
6545 if (ctx->cipherType == WC_SM4_CCM_TYPE) {
6546 if (arg <= 0 || arg > SM4_BLOCK_SIZE) {
6547 break;
6548 }
6549 }
6550 else
6551#endif
6552 {
6553 if (arg <= 0 || arg > WC_AES_BLOCK_SIZE)
6554 break;
6555 }
6556
6557 if (ptr != NULL) {
6558 XMEMCPY(ptr, ctx->authTag, (size_t)arg);
6559 ret = WOLFSSL_SUCCESS;
6560 }
6561 break;
6562#endif /* HAVE_AESGCM || HAVE_AESCCM || WOLFSSL_SM4_GCM || WOLFSSL_SM4_CCM ||
6563 * HAVE_ARIA || (HAVE_CHACHA && HAVE_POLY1305) */
6564 default:
6565 WOLFSSL_MSG("EVP_CIPHER_CTX_ctrl operation not yet handled");
6566 break;
6567 }
6568 return ret;
6569 }
6570
6571 /* WOLFSSL_SUCCESS on ok */
6572 static int wolfSSL_EVP_CIPHER_CTX_cleanup_cipher(
6573 WOLFSSL_EVP_CIPHER_CTX* ctx)
6574 {
6575 int ret = WOLFSSL_SUCCESS;
6576 if (ctx) {
6577#if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
6578 (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
6579 switch (ctx->cipherType) {
6580#if (defined(HAVE_AESGCM) && defined(WOLFSSL_AESGCM_STREAM)) || \
6581 defined(HAVE_AESCCM) || \
6582 defined(HAVE_AES_CBC) || \
6583 defined(WOLFSSL_AES_COUNTER) || \
6584 defined(HAVE_AES_ECB) || \
6585 defined(WOLFSSL_AES_CFB) || \
6586 defined(WOLFSSL_AES_OFB) || \
6587 defined(WOLFSSL_AES_XTS)
6588
6589 #if defined(HAVE_AESGCM)
6590 case WC_AES_128_GCM_TYPE:
6591 case WC_AES_192_GCM_TYPE:
6592 case WC_AES_256_GCM_TYPE:
6593 #endif /* HAVE_AESGCM */
6594 #if defined(HAVE_AESCCM)
6595 case WC_AES_128_CCM_TYPE:
6596 case WC_AES_192_CCM_TYPE:
6597 case WC_AES_256_CCM_TYPE:
6598 #endif /* HAVE_AESCCM */
6599 #ifdef HAVE_AES_CBC
6600 case WC_AES_128_CBC_TYPE:
6601 case WC_AES_192_CBC_TYPE:
6602 case WC_AES_256_CBC_TYPE:
6603 #endif
6604 #ifdef WOLFSSL_AES_COUNTER
6605 case WC_AES_128_CTR_TYPE:
6606 case WC_AES_192_CTR_TYPE:
6607 case WC_AES_256_CTR_TYPE:
6608 #endif
6609 #ifdef HAVE_AES_ECB
6610 case WC_AES_128_ECB_TYPE:
6611 case WC_AES_192_ECB_TYPE:
6612 case WC_AES_256_ECB_TYPE:
6613 #endif
6614 #ifdef WOLFSSL_AES_CFB
6615 case WC_AES_128_CFB1_TYPE:
6616 case WC_AES_192_CFB1_TYPE:
6617 case WC_AES_256_CFB1_TYPE:
6618 case WC_AES_128_CFB8_TYPE:
6619 case WC_AES_192_CFB8_TYPE:
6620 case WC_AES_256_CFB8_TYPE:
6621 case WC_AES_128_CFB128_TYPE:
6622 case WC_AES_192_CFB128_TYPE:
6623 case WC_AES_256_CFB128_TYPE:
6624 #endif
6625 #ifdef WOLFSSL_AES_OFB
6626 case WC_AES_128_OFB_TYPE:
6627 case WC_AES_192_OFB_TYPE:
6628 case WC_AES_256_OFB_TYPE:
6629 #endif
6630 wc_AesFree(&ctx->cipher.aes);
6631 ctx->flags &=
6632 (unsigned long)~WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED;
6633 break;
6634 #if defined(WOLFSSL_AES_XTS) && \
6635 (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3))
6636 case WC_AES_128_XTS_TYPE:
6637 case WC_AES_256_XTS_TYPE:
6638 wc_AesXtsFree(&ctx->cipher.xts);
6639 ctx->flags &=
6640 (unsigned long)~WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED;
6641 break;
6642 #endif
6643#endif /* AES */
6644 #ifdef HAVE_ARIA
6645 case WC_ARIA_128_GCM_TYPE:
6646 case WC_ARIA_192_GCM_TYPE:
6647 case WC_ARIA_256_GCM_TYPE:
6648 {
6649 int result = wc_AriaFreeCrypt(&ctx->cipher.aria);
6650 if (result != 0) {
6651 WOLFSSL_MSG("wc_AriaFreeCrypt failure");
6652 ret = result;
6653 }
6654 }
6655 break;
6656 #endif
6657 }
6658
6659#endif /* not FIPS or FIPS v2+ */
6660
6661#ifdef WOLFSSL_SM4
6662 switch (ctx->cipherType) {
6663 #ifdef WOLFSSL_SM4_ECB
6664 case WC_SM4_ECB_TYPE:
6665 #endif
6666 #ifdef WOLFSSL_SM4_CBC
6667 case WC_SM4_CBC_TYPE:
6668 #endif
6669 #ifdef WOLFSSL_SM4_CTR
6670 case WC_SM4_CTR_TYPE:
6671 #endif
6672 #ifdef WOLFSSL_SM4_GCM
6673 case WC_SM4_GCM_TYPE:
6674 #endif
6675 #ifdef WOLFSSL_SM4_CCM
6676 case WC_SM4_CCM_TYPE:
6677 #endif
6678 wc_Sm4Free(&ctx->cipher.sm4);
6679 }
6680#endif
6681 }
6682 return ret;
6683 }
6684
6685 int wolfSSL_EVP_CIPHER_CTX_cleanup(WOLFSSL_EVP_CIPHER_CTX* ctx)
6686 {
6687 int ret = WOLFSSL_SUCCESS;
6688 WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_cleanup");
6689 if (ctx) {
6690 wolfSSL_EVP_CIPHER_CTX_cleanup_cipher(ctx);
6691 ctx->cipherType = WOLFSSL_EVP_CIPH_TYPE_INIT; /* not yet initialized */
6692#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
6693 if (ctx->key) {
6694 ForceZero(ctx->key, (word32)ctx->keyLen);
6695 XFREE(ctx->key, NULL, DYNAMIC_TYPE_OPENSSL);
6696 ctx->key = NULL;
6697 }
6698#endif
6699 ctx->keyLen = 0;
6700#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) || defined(HAVE_ARIA) || \
6701 defined(WOLFSSL_SM4_GCM) || defined(WOLFSSL_SM4_CCM)
6702 XFREE(ctx->authBuffer, NULL, DYNAMIC_TYPE_OPENSSL);
6703 ctx->authBuffer = NULL;
6704 ctx->authBufferLen = 0;
6705 XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL);
6706 ctx->authIn = NULL;
6707 ctx->authInSz = 0;
6708 ctx->authIvGenEnable = 0;
6709 ctx->authIncIv = 0;
6710#endif
6711 }
6712
6713 return ret;
6714 }
6715
6716 /* Permanent stub for Qt compilation. */
6717 #if defined(WOLFSSL_QT) && !defined(NO_WOLFSSL_STUB)
6718 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_rc2_cbc(void)
6719 {
6720 WOLFSSL_ENTER("wolfSSL_EVP_rc2_cbc");
6721 WOLFSSL_STUB("EVP_rc2_cbc");
6722 return NULL;
6723 }
6724 #endif
6725
6726#if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_PWDBASED)
6727
6728 int wolfSSL_EVP_BytesToKey(const WOLFSSL_EVP_CIPHER* type,
6729 const WOLFSSL_EVP_MD* md, const byte* salt,
6730 const byte* data, int sz, int count, byte* key, byte* iv)
6731 {
6732 int ret;
6733 int hashType = WC_HASH_TYPE_NONE;
6734 WC_DECLARE_VAR(info, EncryptedInfo, 1, 0);
6735
6736 #ifdef WOLFSSL_SMALL_STACK
6737 info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL,
6738 DYNAMIC_TYPE_ENCRYPTEDINFO);
6739 if (info == NULL) {
6740 WOLFSSL_MSG("malloc failed");
6741 return WOLFSSL_FAILURE;
6742 }
6743 #endif
6744
6745 XMEMSET(info, 0, sizeof(EncryptedInfo));
6746
6747 ret = wc_EncryptedInfoGet(info, type);
6748 if (ret < 0)
6749 goto end;
6750
6751 if (data == NULL) {
6752 ret = (int)info->keySz;
6753 goto end;
6754 }
6755
6756 ret = wolfSSL_EVP_get_hashinfo(md, &hashType, NULL);
6757 if (ret == WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
6758 goto end;
6759
6760 ret = wc_PBKDF1_ex(key, (int)info->keySz, iv, (int)info->ivSz, data, sz,
6761 salt, EVP_SALT_SIZE, count, hashType, NULL);
6762 if (ret == 0)
6763 ret = (int)info->keySz;
6764
6765 end:
6766 WC_FREE_VAR_EX(info, NULL, DYNAMIC_TYPE_ENCRYPTEDINFO);
6767 if (ret < 0)
6768 return 0; /* failure - for compatibility */
6769
6770 return ret;
6771 }
6772
6773#endif /* WOLFSSL_ENCRYPTED_KEYS && !NO_PWDBASED */
6774
6775
6776#ifndef NO_AES
6777#if defined(WOLFSSL_AES_128) || defined(WOLFSSL_AES_192) || \
6778 defined(WOLFSSL_AES_256)
6779 #define AES_SIZE_ANY
6780#endif
6781
6782#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER) || \
6783 defined(HAVE_AES_ECB) || defined(WOLFSSL_AES_CFB) || \
6784 defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_DIRECT)
6785 #define AES_SET_KEY
6786#endif
6787
6788#if defined(AES_SIZE_ANY) && defined(AES_SET_KEY)
6789 static int AesSetKey_ex(Aes* aes, const byte* key, word32 len,
6790 const byte* iv, int dir, int direct)
6791 {
6792 int ret;
6793 /* wc_AesSetKey clear aes.reg if iv == NULL.
6794 Keep IV for openSSL compatibility */
6795 if (iv == NULL)
6796 XMEMCPY((byte *)aes->tmp, (byte *)aes->reg, WC_AES_BLOCK_SIZE);
6797 if (direct) {
6798 #if defined(WOLFSSL_AES_DIRECT)
6799 ret = wc_AesSetKeyDirect(aes, key, len, iv, dir);
6800 #else
6801 ret = NOT_COMPILED_IN;
6802 #endif
6803 }
6804 else {
6805 ret = wc_AesSetKey(aes, key, len, iv, dir);
6806 }
6807 if (iv == NULL)
6808 XMEMCPY((byte *)aes->reg, (byte *)aes->tmp, WC_AES_BLOCK_SIZE);
6809 return ret;
6810 }
6811#endif /* AES_ANY_SIZE && AES_SET_KEY */
6812#endif /* NO_AES */
6813
6814#if defined(HAVE_AESGCM) && ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) \
6815 || FIPS_VERSION_GE(2,0))
6816 static int EvpCipherInitAesGCM(WOLFSSL_EVP_CIPHER_CTX* ctx,
6817 const WOLFSSL_EVP_CIPHER* type,
6818 const byte* key, const byte* iv, int enc)
6819 {
6820 int ret = WOLFSSL_SUCCESS;
6821
6822 XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL);
6823 ctx->authIn = NULL;
6824 ctx->authInSz = 0;
6825
6826 ctx->block_size = WC_AES_BLOCK_SIZE;
6827 ctx->authTagSz = WC_AES_BLOCK_SIZE;
6828 if (ctx->ivSz == 0) {
6829 ctx->ivSz = GCM_NONCE_MID_SZ;
6830 }
6831 ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
6832 ctx->flags |= WOLFSSL_EVP_CIPH_GCM_MODE |
6833 WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER;
6834 if (enc == 0 || enc == 1) {
6835 ctx->enc = enc ? 1 : 0;
6836 }
6837
6838 #ifdef WOLFSSL_AES_128
6839 if (ctx->cipherType == WC_AES_128_GCM_TYPE ||
6840 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_GCM))) {
6841 WOLFSSL_MSG("EVP_AES_128_GCM");
6842 ctx->cipherType = WC_AES_128_GCM_TYPE;
6843 ctx->keyLen = AES_128_KEY_SIZE;
6844 }
6845 #endif
6846 #ifdef WOLFSSL_AES_192
6847 if (ctx->cipherType == WC_AES_192_GCM_TYPE ||
6848 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_GCM))) {
6849 WOLFSSL_MSG("EVP_AES_192_GCM");
6850 ctx->cipherType = WC_AES_192_GCM_TYPE;
6851 ctx->keyLen = AES_192_KEY_SIZE;
6852 }
6853 #endif
6854 #ifdef WOLFSSL_AES_256
6855 if (ctx->cipherType == WC_AES_256_GCM_TYPE ||
6856 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_GCM))) {
6857 WOLFSSL_MSG("EVP_AES_256_GCM");
6858 ctx->cipherType = WC_AES_256_GCM_TYPE;
6859 ctx->keyLen = AES_256_KEY_SIZE;
6860 }
6861 #endif
6862
6863 if (! (ctx->flags & WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED)) {
6864 if (wc_AesInit(&ctx->cipher.aes, NULL, INVALID_DEVID) != 0)
6865 ret = WOLFSSL_FAILURE;
6866 else
6867 ctx->flags |= WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED;
6868 }
6869
6870 #ifndef WOLFSSL_AESGCM_STREAM
6871 if (ret == WOLFSSL_SUCCESS && key &&
6872 wc_AesGcmSetKey(&ctx->cipher.aes, key, ctx->keyLen)) {
6873 WOLFSSL_MSG("wc_AesGcmSetKey() failed");
6874 ret = WOLFSSL_FAILURE;
6875 }
6876 #endif /* !WOLFSSL_AESGCM_STREAM */
6877 if (ret == WOLFSSL_SUCCESS && iv &&
6878 wc_AesGcmSetExtIV(&ctx->cipher.aes, iv, (word32)ctx->ivSz)) {
6879 WOLFSSL_MSG("wc_AesGcmSetExtIV() failed");
6880 ret = WOLFSSL_FAILURE;
6881 }
6882 #ifdef WOLFSSL_AESGCM_STREAM
6883 /*
6884 * Initialize with key and IV if available. wc_AesGcmInit will fail
6885 * if called with IV only and no key has been set.
6886 */
6887 if (ret == WOLFSSL_SUCCESS &&
6888 (key || (iv && ctx->cipher.aes.gcmKeySet)) &&
6889 wc_AesGcmInit(&ctx->cipher.aes, key,
6890 (key == NULL) ? 0 : (word32)ctx->keyLen, iv,
6891 (iv == NULL) ? 0 : (word32)ctx->ivSz) != 0) {
6892 WOLFSSL_MSG("wc_AesGcmInit() failed");
6893 ret = WOLFSSL_FAILURE;
6894 }
6895 #endif /* WOLFSSL_AESGCM_STREAM */
6896
6897 /*
6898 * OpenSSL clears this flag, which permits subsequent use of
6899 * EVP_CTRL_GCM_IV_GEN, when EVP_CipherInit is called with no key.
6900 * If a key is provided, the flag retains its value.
6901 */
6902 if (ret == WOLFSSL_SUCCESS && key == NULL) {
6903 ctx->authIvGenEnable = 0;
6904 }
6905
6906 return ret;
6907 }
6908
6909 static int EvpCipherAesGCM(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* dst,
6910 const byte* src, word32 len)
6911 {
6912 int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
6913
6914 #ifndef WOLFSSL_AESGCM_STREAM
6915 /* No destination means only AAD. */
6916 if (src != NULL && dst == NULL) {
6917 ret = wolfSSL_EVP_CipherUpdate_GCM_AAD(ctx, src, len);
6918 }
6919 else if (src != NULL && dst != NULL) {
6920 if (ctx->enc) {
6921 ret = wc_AesGcmEncrypt(&ctx->cipher.aes, dst, src,
6922 len, ctx->iv, ctx->ivSz, ctx->authTag,
6923 ctx->authTagSz, ctx->authIn,
6924 ctx->authInSz);
6925 }
6926 else {
6927 ret = wc_AesGcmDecrypt(&ctx->cipher.aes, dst, src,
6928 len, ctx->iv, ctx->ivSz, ctx->authTag,
6929 ctx->authTagSz, ctx->authIn,
6930 ctx->authInSz);
6931 }
6932 if (ctx->authIncIv) {
6933 IncCtr((byte*)ctx->cipher.aes.reg,
6934 ctx->cipher.aes.nonceSz);
6935 ctx->authIncIv = 0;
6936 }
6937 }
6938 #else
6939 /*
6940 * No need to call wc_AesGcmInit. Should have been called by
6941 * wolfSSL_EVP_CipherInit.
6942 */
6943 /* NULL dst and non-NULL src means only AAD. */
6944 if (src != NULL && dst == NULL) {
6945 if (ctx->enc) {
6946 ret = wc_AesGcmEncryptUpdate(&ctx->cipher.aes, NULL,
6947 NULL, 0, src, len);
6948 }
6949 else {
6950 ret = wc_AesGcmDecryptUpdate(&ctx->cipher.aes, NULL,
6951 NULL, 0, src, len);
6952 }
6953 }
6954 /* Only plain/cipher text. */
6955 else if (src != NULL && dst != NULL) {
6956 if (ctx->enc) {
6957 ret = wc_AesGcmEncryptUpdate(&ctx->cipher.aes, dst, src,
6958 len, NULL, 0);
6959 }
6960 else {
6961 ret = wc_AesGcmDecryptUpdate(&ctx->cipher.aes, dst, src,
6962 len, NULL, 0);
6963 }
6964 }
6965 /*
6966 * src == NULL is analogous to other "final"-type functions
6967 * (e.g. EVP_CipherFinal). Calculates tag on encrypt
6968 * and checks tag on decrypt.
6969 */
6970 else {
6971 if (ctx->enc) {
6972 /* Calculate authentication tag. */
6973 ret = wc_AesGcmEncryptFinal(&ctx->cipher.aes,
6974 ctx->authTag, (word32)ctx->authTagSz);
6975 /*
6976 * wc_AesGcmEncryptFinal increments the IV in
6977 * ctx->cipher.aes.reg, so we don't call IncCtr here.
6978 */
6979 }
6980 else {
6981 /* Calculate authentication tag and compare. */
6982 ret = wc_AesGcmDecryptFinal(&ctx->cipher.aes,
6983 ctx->authTag, (word32)ctx->authTagSz);
6984 if (ctx->authIncIv) {
6985 IncCtr((byte*)ctx->cipher.aes.reg,
6986 ctx->cipher.aes.nonceSz);
6987 }
6988 }
6989 /* Reinitialize for subsequent wolfSSL_EVP_Cipher calls. */
6990 if (wc_AesGcmInit(&ctx->cipher.aes, NULL, 0,
6991 (byte*)ctx->cipher.aes.reg,
6992 (word32)ctx->ivSz) != 0) {
6993 WOLFSSL_MSG("wc_AesGcmInit failed");
6994 return WOLFSSL_FAILURE;
6995 }
6996 ctx->authIncIv = 0;
6997 }
6998 #endif /* WOLFSSL_AESGCM_STREAM */
6999 if (src == NULL) {
7000 /*
7001 * Clear any leftover AAD on final (final is when src is
7002 * NULL).
7003 */
7004 if (ctx->authIn != NULL) {
7005 XMEMSET(ctx->authIn, 0, (size_t)ctx->authInSz);
7006 }
7007 ctx->authInSz = 0;
7008 }
7009 if (ret == 0) {
7010 ret = (int)len;
7011 }
7012
7013 return ret;
7014 }
7015#endif /* HAVE_AESGCM && ((!HAVE_FIPS && !HAVE_SELFTEST) ||
7016 * HAVE_FIPS_VERSION >= 2 */
7017
7018 /* return WOLFSSL_SUCCESS on ok, 0 on failure to match API compatibility */
7019#if defined(HAVE_AESCCM) && ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) \
7020 || FIPS_VERSION_GE(2,0))
7021 static int EvpCipherInitAesCCM(WOLFSSL_EVP_CIPHER_CTX* ctx,
7022 const WOLFSSL_EVP_CIPHER* type,
7023 const byte* key, const byte* iv, int enc)
7024 {
7025 int ret = WOLFSSL_SUCCESS;
7026
7027 XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL);
7028 ctx->authIn = NULL;
7029 ctx->authInSz = 0;
7030
7031 ctx->block_size = WC_AES_BLOCK_SIZE;
7032 ctx->authTagSz = WC_AES_BLOCK_SIZE;
7033 if (ctx->ivSz == 0) {
7034 ctx->ivSz = GCM_NONCE_MID_SZ;
7035 }
7036 ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
7037 ctx->flags |= WOLFSSL_EVP_CIPH_CCM_MODE |
7038 WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER;
7039 if (enc == 0 || enc == 1) {
7040 ctx->enc = enc ? 1 : 0;
7041 }
7042
7043 #ifdef WOLFSSL_AES_128
7044 if (ctx->cipherType == WC_AES_128_CCM_TYPE ||
7045 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_CCM))) {
7046 WOLFSSL_MSG("EVP_AES_128_CCM");
7047 ctx->cipherType = WC_AES_128_CCM_TYPE;
7048 ctx->keyLen = AES_128_KEY_SIZE;
7049 }
7050 #endif
7051 #ifdef WOLFSSL_AES_192
7052 if (ctx->cipherType == WC_AES_192_CCM_TYPE ||
7053 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_CCM))) {
7054 WOLFSSL_MSG("EVP_AES_192_CCM");
7055 ctx->cipherType = WC_AES_192_CCM_TYPE;
7056 ctx->keyLen = AES_192_KEY_SIZE;
7057 }
7058 #endif
7059 #ifdef WOLFSSL_AES_256
7060 if (ctx->cipherType == WC_AES_256_CCM_TYPE ||
7061 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_CCM))) {
7062 WOLFSSL_MSG("EVP_AES_256_CCM");
7063 ctx->cipherType = WC_AES_256_CCM_TYPE;
7064 ctx->keyLen = AES_256_KEY_SIZE;
7065 }
7066 #endif
7067
7068 if (ret == WOLFSSL_SUCCESS) {
7069 if (! (ctx->flags & WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED)) {
7070 if (wc_AesInit(&ctx->cipher.aes, NULL, INVALID_DEVID) != 0) {
7071 WOLFSSL_MSG("wc_AesInit() failed");
7072 ret = WOLFSSL_FAILURE;
7073 } else
7074 ctx->flags |= WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED;
7075 }
7076 }
7077
7078 if (ret == WOLFSSL_SUCCESS && key &&
7079 wc_AesCcmSetKey(&ctx->cipher.aes, key, (word32)ctx->keyLen)) {
7080 WOLFSSL_MSG("wc_AesCcmSetKey() failed");
7081 ret = WOLFSSL_FAILURE;
7082 }
7083 if (ret == WOLFSSL_SUCCESS && iv &&
7084 wc_AesCcmSetNonce(&ctx->cipher.aes, iv, (word32)ctx->ivSz)) {
7085 WOLFSSL_MSG("wc_AesCcmSetNonce() failed");
7086 ret = WOLFSSL_FAILURE;
7087 }
7088
7089 /*
7090 * OpenSSL clears this flag, which permits subsequent use of
7091 * EVP_CTRL_CCM_IV_GEN, when EVP_CipherInit is called with no key.
7092 * If a key is provided, the flag retains its value.
7093 */
7094 if (ret == WOLFSSL_SUCCESS && key == NULL) {
7095 ctx->authIvGenEnable = 0;
7096 }
7097
7098 return ret;
7099 }
7100
7101 static int EvpCipherAesCCM(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* dst,
7102 const byte* src, word32 len)
7103 {
7104 int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
7105
7106 /* No destination means only AAD. */
7107 if (src != NULL && dst == NULL) {
7108 ret = wolfSSL_EVP_CipherUpdate_CCM_AAD(ctx, src, (int)len);
7109 }
7110 else if (src != NULL && dst != NULL) {
7111 if (ctx->enc) {
7112 ret = wc_AesCcmEncrypt(&ctx->cipher.aes, dst, src,
7113 len, ctx->iv, (word32)ctx->ivSz, ctx->authTag,
7114 (word32)ctx->authTagSz, ctx->authIn,
7115 (word32)ctx->authInSz);
7116 }
7117 else {
7118 ret = wc_AesCcmDecrypt(&ctx->cipher.aes, dst, src,
7119 len, ctx->iv, (word32)ctx->ivSz, ctx->authTag,
7120 (word32)ctx->authTagSz, ctx->authIn,
7121 (word32)ctx->authInSz);
7122 }
7123 if (ctx->authIncIv) {
7124 IncCtr((byte*)ctx->cipher.aes.reg,
7125 ctx->cipher.aes.nonceSz);
7126 ctx->authIncIv = 0;
7127 }
7128 }
7129 if (src == NULL) {
7130 /*
7131 * Clear any leftover AAD on final (final is when src is
7132 * NULL).
7133 */
7134 if (ctx->authIn != NULL) {
7135 XMEMSET(ctx->authIn, 0, (size_t)ctx->authInSz);
7136 }
7137 ctx->authInSz = 0;
7138 }
7139 if (ret == 0) {
7140 ret = (int)len;
7141 }
7142
7143 return ret;
7144 }
7145#endif /* HAVE_AESCCM && ((!HAVE_FIPS && !HAVE_SELFTEST) ||
7146 * HAVE_FIPS_VERSION >= 2 */
7147
7148#if defined(HAVE_ARIA) && ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) \
7149 || FIPS_VERSION_GE(2,0))
7150 static int EvpCipherInitAriaGCM(WOLFSSL_EVP_CIPHER_CTX* ctx,
7151 const WOLFSSL_EVP_CIPHER* type,
7152 const byte* key, const byte* iv, int enc)
7153 {
7154 int ret = WOLFSSL_SUCCESS;
7155
7156 if (ctx->cipherType == WC_ARIA_128_GCM_TYPE ||
7157 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_ARIA_128_GCM))) {
7158 WOLFSSL_MSG("EVP_ARIA_128_GCM");
7159 ctx->cipherType = WC_ARIA_128_GCM_TYPE;
7160 ctx->keyLen = ARIA_128_KEY_SIZE;
7161 } else if (ctx->cipherType == WC_ARIA_192_GCM_TYPE ||
7162 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_ARIA_192_GCM))) {
7163 WOLFSSL_MSG("EVP_ARIA_192_GCM");
7164 ctx->cipherType = WC_ARIA_192_GCM_TYPE;
7165 ctx->keyLen = ARIA_192_KEY_SIZE;
7166 } else if (ctx->cipherType == WC_ARIA_256_GCM_TYPE ||
7167 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_ARIA_256_GCM))) {
7168 WOLFSSL_MSG("EVP_ARIA_256_GCM");
7169 ctx->cipherType = WC_ARIA_256_GCM_TYPE;
7170 ctx->keyLen = ARIA_256_KEY_SIZE;
7171 } else {
7172 WOLFSSL_MSG("Unrecognized cipher type");
7173 return WOLFSSL_FAILURE;
7174 }
7175
7176 XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL);
7177 ctx->authIn = NULL;
7178 ctx->authInSz = 0;
7179
7180 ctx->block_size = WC_AES_BLOCK_SIZE;
7181 ctx->authTagSz = WC_AES_BLOCK_SIZE;
7182 if (ctx->ivSz == 0) {
7183 ctx->ivSz = GCM_NONCE_MID_SZ;
7184 }
7185 ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
7186 ctx->flags |= WOLFSSL_EVP_CIPH_GCM_MODE |
7187 WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER;
7188 if (enc == 0 || enc == 1) {
7189 ctx->enc = enc ? 1 : 0;
7190 }
7191
7192 switch(ctx->cipherType) {
7193 case WC_ARIA_128_GCM_TYPE:
7194 ret = wc_AriaInitCrypt(&ctx->cipher.aria, MC_ALGID_ARIA_128BITKEY);
7195 break;
7196 case WC_ARIA_192_GCM_TYPE:
7197 ret = wc_AriaInitCrypt(&ctx->cipher.aria, MC_ALGID_ARIA_192BITKEY);
7198 break;
7199 case WC_ARIA_256_GCM_TYPE:
7200 ret = wc_AriaInitCrypt(&ctx->cipher.aria, MC_ALGID_ARIA_256BITKEY);
7201 break;
7202 default:
7203 WOLFSSL_MSG("Unimplemented cipherType");
7204 return WOLFSSL_NOT_IMPLEMENTED; /* This should never happen */
7205 }
7206 if (ret != 0) {
7207 WOLFSSL_MSG(MC_GetErrorString(ret));
7208 WOLFSSL_MSG(MC_GetError(ctx->cipher.aria.hSession));
7209 return WOLFSSL_FAILURE;
7210 }
7211
7212 if (key && wc_AriaSetKey(&ctx->cipher.aria, (byte *)key)) {
7213 WOLFSSL_MSG("wc_AriaSetKey() failed");
7214 return WOLFSSL_FAILURE;
7215 }
7216 if (iv && wc_AriaGcmSetExtIV(&ctx->cipher.aria, iv, ctx->ivSz)) {
7217 WOLFSSL_MSG("wc_AriaGcmSetIV() failed");
7218 return WOLFSSL_FAILURE;
7219 }
7220
7221 return WOLFSSL_SUCCESS;
7222 }
7223#endif /* HAVE_ARIA && ((!HAVE_FIPS && !HAVE_SELFTEST) ||
7224 * HAVE_FIPS_VERSION >= 2 */
7225
7226 /* return WOLFSSL_SUCCESS on ok, 0 on failure to match API compatibility */
7227 int wolfSSL_EVP_CipherInit(WOLFSSL_EVP_CIPHER_CTX* ctx,
7228 const WOLFSSL_EVP_CIPHER* type, const byte* key,
7229 const byte* iv, int enc)
7230 {
7231 int ret = 0;
7232 (void)key;
7233 (void)iv;
7234 (void)enc;
7235
7236 WOLFSSL_ENTER("wolfSSL_EVP_CipherInit");
7237 if (ctx == NULL) {
7238 WOLFSSL_MSG("no ctx");
7239 return WOLFSSL_FAILURE;
7240 }
7241
7242 if (type == NULL && ctx->cipherType == WOLFSSL_EVP_CIPH_TYPE_INIT) {
7243 WOLFSSL_MSG("no type set");
7244 return WOLFSSL_FAILURE;
7245 }
7246 if (ctx->cipherType == WOLFSSL_EVP_CIPH_TYPE_INIT){
7247 /* only first EVP_CipherInit invoke. ctx->cipherType is set below */
7248 XMEMSET(&ctx->cipher, 0, sizeof(ctx->cipher));
7249 ctx->flags = 0;
7250 }
7251
7252 /* always clear buffer state */
7253 ctx->bufUsed = 0;
7254 ctx->lastUsed = 0;
7255
7256#ifdef HAVE_WOLFSSL_EVP_CIPHER_CTX_IV
7257 if (!iv && ctx->ivSz) {
7258 iv = ctx->iv;
7259 }
7260#endif
7261
7262#ifndef NO_AES
7263 #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
7264 #ifdef WOLFSSL_AES_128
7265 if (ctx->cipherType == WC_AES_128_CBC_TYPE ||
7266 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_CBC))) {
7267 WOLFSSL_MSG("EVP_AES_128_CBC");
7268 ctx->cipherType = WC_AES_128_CBC_TYPE;
7269 ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
7270 ctx->flags |= WOLFSSL_EVP_CIPH_CBC_MODE;
7271 ctx->keyLen = 16;
7272 ctx->block_size = WC_AES_BLOCK_SIZE;
7273 ctx->ivSz = WC_AES_BLOCK_SIZE;
7274 if (enc == 0 || enc == 1)
7275 ctx->enc = enc ? 1 : 0;
7276 if (! (ctx->flags & WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED)) {
7277 if (wc_AesInit(&ctx->cipher.aes, NULL, INVALID_DEVID) != 0)
7278 return WOLFSSL_FAILURE;
7279 ctx->flags |= WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED;
7280 }
7281 if (key) {
7282 ret = AesSetKey_ex(&ctx->cipher.aes, key, (word32)ctx->keyLen,
7283 iv, ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION, 0);
7284 if (ret != 0)
7285 return WOLFSSL_FAILURE;
7286 }
7287 if (iv && key == NULL) {
7288 ret = wc_AesSetIV(&ctx->cipher.aes, iv);
7289 if (ret != 0)
7290 return WOLFSSL_FAILURE;
7291 }
7292 }
7293 #endif /* WOLFSSL_AES_128 */
7294 #ifdef WOLFSSL_AES_192
7295 if (ctx->cipherType == WC_AES_192_CBC_TYPE ||
7296 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_CBC))) {
7297 WOLFSSL_MSG("EVP_AES_192_CBC");
7298 ctx->cipherType = WC_AES_192_CBC_TYPE;
7299 ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
7300 ctx->flags |= WOLFSSL_EVP_CIPH_CBC_MODE;
7301 ctx->keyLen = 24;
7302 ctx->block_size = WC_AES_BLOCK_SIZE;
7303 ctx->ivSz = WC_AES_BLOCK_SIZE;
7304 if (enc == 0 || enc == 1)
7305 ctx->enc = enc ? 1 : 0;
7306 if (! (ctx->flags & WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED)) {
7307 if (wc_AesInit(&ctx->cipher.aes, NULL, INVALID_DEVID) != 0)
7308 return WOLFSSL_FAILURE;
7309 ctx->flags |= WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED;
7310 }
7311 if (key) {
7312 ret = AesSetKey_ex(&ctx->cipher.aes, key, (word32)ctx->keyLen,
7313 iv, ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION, 0);
7314 if (ret != 0)
7315 return WOLFSSL_FAILURE;
7316 }
7317 if (iv && key == NULL) {
7318 ret = wc_AesSetIV(&ctx->cipher.aes, iv);
7319 if (ret != 0)
7320 return WOLFSSL_FAILURE;
7321 }
7322 }
7323 #endif /* WOLFSSL_AES_192 */
7324 #ifdef WOLFSSL_AES_256
7325 if (ctx->cipherType == WC_AES_256_CBC_TYPE ||
7326 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_CBC))) {
7327 WOLFSSL_MSG("EVP_AES_256_CBC");
7328 ctx->cipherType = WC_AES_256_CBC_TYPE;
7329 ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
7330 ctx->flags |= WOLFSSL_EVP_CIPH_CBC_MODE;
7331 ctx->keyLen = 32;
7332 ctx->block_size = WC_AES_BLOCK_SIZE;
7333 ctx->ivSz = WC_AES_BLOCK_SIZE;
7334 if (enc == 0 || enc == 1)
7335 ctx->enc = enc ? 1 : 0;
7336 if (! (ctx->flags & WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED)) {
7337 if (wc_AesInit(&ctx->cipher.aes, NULL, INVALID_DEVID) != 0)
7338 return WOLFSSL_FAILURE;
7339 ctx->flags |= WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED;
7340 }
7341 if (key) {
7342 ret = AesSetKey_ex(&ctx->cipher.aes, key, (word32)ctx->keyLen,
7343 iv, ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION, 0);
7344 if (ret != 0){
7345 WOLFSSL_MSG("AesSetKey() failed");
7346 return WOLFSSL_FAILURE;
7347 }
7348 }
7349 if (iv && key == NULL) {
7350 ret = wc_AesSetIV(&ctx->cipher.aes, iv);
7351 if (ret != 0){
7352 WOLFSSL_MSG("wc_AesSetIV() failed");
7353 return WOLFSSL_FAILURE;
7354 }
7355 }
7356 }
7357 #endif /* WOLFSSL_AES_256 */
7358 #endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */
7359 #if defined(HAVE_AESGCM) && ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) \
7360 || FIPS_VERSION_GE(2,0))
7361 if (FALSE
7362 #ifdef WOLFSSL_AES_128
7363 || ctx->cipherType == WC_AES_128_GCM_TYPE ||
7364 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_GCM))
7365 #endif
7366 #ifdef WOLFSSL_AES_192
7367 || ctx->cipherType == WC_AES_192_GCM_TYPE ||
7368 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_GCM))
7369 #endif
7370 #ifdef WOLFSSL_AES_256
7371 || ctx->cipherType == WC_AES_256_GCM_TYPE ||
7372 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_GCM))
7373 #endif
7374 ) {
7375 if (EvpCipherInitAesGCM(ctx, type, key, iv, enc)
7376 != WOLFSSL_SUCCESS) {
7377 return WOLFSSL_FAILURE;
7378 }
7379 }
7380 #endif /* HAVE_AESGCM && ((!HAVE_FIPS && !HAVE_SELFTEST) ||
7381 * HAVE_FIPS_VERSION >= 2 */
7382 #if defined(HAVE_AESCCM) && \
7383 ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) \
7384 || FIPS_VERSION_GE(2,0))
7385 if (FALSE
7386 #ifdef WOLFSSL_AES_128
7387 || ctx->cipherType == WC_AES_128_CCM_TYPE ||
7388 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_CCM))
7389 #endif
7390 #ifdef WOLFSSL_AES_192
7391 || ctx->cipherType == WC_AES_192_CCM_TYPE ||
7392 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_CCM))
7393 #endif
7394 #ifdef WOLFSSL_AES_256
7395 || ctx->cipherType == WC_AES_256_CCM_TYPE ||
7396 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_CCM))
7397 #endif
7398 )
7399 {
7400 if (EvpCipherInitAesCCM(ctx, type, key, iv, enc)
7401 != WOLFSSL_SUCCESS) {
7402 return WOLFSSL_FAILURE;
7403 }
7404 }
7405 #endif /* HAVE_AESCCM && ((!HAVE_FIPS && !HAVE_SELFTEST) ||
7406 * HAVE_FIPS_VERSION >= 2 */
7407#ifdef WOLFSSL_AES_COUNTER
7408 #ifdef WOLFSSL_AES_128
7409 if (ctx->cipherType == WC_AES_128_CTR_TYPE ||
7410 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_CTR))) {
7411 WOLFSSL_MSG("EVP_AES_128_CTR");
7412 ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
7413 ctx->cipherType = WC_AES_128_CTR_TYPE;
7414 ctx->flags |= WOLFSSL_EVP_CIPH_CTR_MODE;
7415 ctx->keyLen = 16;
7416 ctx->block_size = WOLFSSL_NO_PADDING_BLOCK_SIZE;
7417 ctx->ivSz = WC_AES_BLOCK_SIZE;
7418#if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB)
7419 ctx->cipher.aes.left = 0;
7420#endif
7421 if (enc == 0 || enc == 1)
7422 ctx->enc = enc ? 1 : 0;
7423 if (! (ctx->flags & WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED)) {
7424 if (wc_AesInit(&ctx->cipher.aes, NULL, INVALID_DEVID) != 0)
7425 return WOLFSSL_FAILURE;
7426 ctx->flags |= WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED;
7427 }
7428 if (key) {
7429 ret = AesSetKey_ex(&ctx->cipher.aes, key, (word32)ctx->keyLen,
7430 iv, AES_ENCRYPTION, 1);
7431 if (ret != 0)
7432 return WOLFSSL_FAILURE;
7433 }
7434 if (iv && key == NULL) {
7435 ret = wc_AesSetIV(&ctx->cipher.aes, iv);
7436 if (ret != 0)
7437 return WOLFSSL_FAILURE;
7438 }
7439 }
7440 #endif /* WOLFSSL_AES_128 */
7441 #ifdef WOLFSSL_AES_192
7442 if (ctx->cipherType == WC_AES_192_CTR_TYPE ||
7443 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_CTR))) {
7444 WOLFSSL_MSG("EVP_AES_192_CTR");
7445 ctx->cipherType = WC_AES_192_CTR_TYPE;
7446 ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
7447 ctx->flags |= WOLFSSL_EVP_CIPH_CTR_MODE;
7448 ctx->keyLen = 24;
7449 ctx->block_size = WOLFSSL_NO_PADDING_BLOCK_SIZE;
7450 ctx->ivSz = WC_AES_BLOCK_SIZE;
7451#if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB)
7452 ctx->cipher.aes.left = 0;
7453#endif
7454 if (enc == 0 || enc == 1)
7455 ctx->enc = enc ? 1 : 0;
7456 if (! (ctx->flags & WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED)) {
7457 if (wc_AesInit(&ctx->cipher.aes, NULL, INVALID_DEVID) != 0)
7458 return WOLFSSL_FAILURE;
7459 ctx->flags |= WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED;
7460 }
7461 if (key) {
7462 ret = AesSetKey_ex(&ctx->cipher.aes, key, (word32)ctx->keyLen,
7463 iv, AES_ENCRYPTION, 1);
7464 if (ret != 0)
7465 return WOLFSSL_FAILURE;
7466 }
7467 if (iv && key == NULL) {
7468 ret = wc_AesSetIV(&ctx->cipher.aes, iv);
7469 if (ret != 0)
7470 return WOLFSSL_FAILURE;
7471 }
7472 }
7473 #endif /* WOLFSSL_AES_192 */
7474 #ifdef WOLFSSL_AES_256
7475 if (ctx->cipherType == WC_AES_256_CTR_TYPE ||
7476 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_CTR))) {
7477 WOLFSSL_MSG("EVP_AES_256_CTR");
7478 ctx->cipherType = WC_AES_256_CTR_TYPE;
7479 ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
7480 ctx->flags |= WOLFSSL_EVP_CIPH_CTR_MODE;
7481 ctx->keyLen = 32;
7482 ctx->block_size = WOLFSSL_NO_PADDING_BLOCK_SIZE;
7483 ctx->ivSz = WC_AES_BLOCK_SIZE;
7484#if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB)
7485 ctx->cipher.aes.left = 0;
7486#endif
7487 if (enc == 0 || enc == 1)
7488 ctx->enc = enc ? 1 : 0;
7489 if (! (ctx->flags & WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED)) {
7490 if (wc_AesInit(&ctx->cipher.aes, NULL, INVALID_DEVID) != 0)
7491 return WOLFSSL_FAILURE;
7492 ctx->flags |= WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED;
7493 }
7494 if (key) {
7495 ret = AesSetKey_ex(&ctx->cipher.aes, key, (word32)ctx->keyLen,
7496 iv, AES_ENCRYPTION, 1);
7497 if (ret != 0)
7498 return WOLFSSL_FAILURE;
7499 }
7500 if (iv && key == NULL) {
7501 ret = wc_AesSetIV(&ctx->cipher.aes, iv);
7502 if (ret != 0)
7503 return WOLFSSL_FAILURE;
7504 }
7505 }
7506 #endif /* WOLFSSL_AES_256 */
7507#endif /* WOLFSSL_AES_COUNTER */
7508 #ifdef HAVE_AES_ECB
7509 #ifdef WOLFSSL_AES_128
7510 if (ctx->cipherType == WC_AES_128_ECB_TYPE ||
7511 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_ECB))) {
7512 WOLFSSL_MSG("EVP_AES_128_ECB");
7513 ctx->cipherType = WC_AES_128_ECB_TYPE;
7514 ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
7515 ctx->flags |= WOLFSSL_EVP_CIPH_ECB_MODE;
7516 ctx->keyLen = 16;
7517 ctx->block_size = WC_AES_BLOCK_SIZE;
7518 if (enc == 0 || enc == 1)
7519 ctx->enc = enc ? 1 : 0;
7520 if (! (ctx->flags & WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED)) {
7521 if (wc_AesInit(&ctx->cipher.aes, NULL, INVALID_DEVID) != 0)
7522 return WOLFSSL_FAILURE;
7523 ctx->flags |= WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED;
7524 }
7525 if (key) {
7526 ret = AesSetKey_ex(&ctx->cipher.aes, key, (word32)ctx->keyLen,
7527 NULL, ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION, 1);
7528 }
7529 if (ret != 0)
7530 return WOLFSSL_FAILURE;
7531 }
7532 #endif /* WOLFSSL_AES_128 */
7533 #ifdef WOLFSSL_AES_192
7534 if (ctx->cipherType == WC_AES_192_ECB_TYPE ||
7535 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_ECB))) {
7536 WOLFSSL_MSG("EVP_AES_192_ECB");
7537 ctx->cipherType = WC_AES_192_ECB_TYPE;
7538 ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
7539 ctx->flags |= WOLFSSL_EVP_CIPH_ECB_MODE;
7540 ctx->keyLen = 24;
7541 ctx->block_size = WC_AES_BLOCK_SIZE;
7542 if (enc == 0 || enc == 1)
7543 ctx->enc = enc ? 1 : 0;
7544 if (! (ctx->flags & WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED)) {
7545 if (wc_AesInit(&ctx->cipher.aes, NULL, INVALID_DEVID) != 0)
7546 return WOLFSSL_FAILURE;
7547 ctx->flags |= WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED;
7548 }
7549 if (key) {
7550 ret = AesSetKey_ex(&ctx->cipher.aes, key, (word32)ctx->keyLen,
7551 NULL, ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION, 1);
7552 }
7553 if (ret != 0)
7554 return WOLFSSL_FAILURE;
7555 }
7556 #endif /* WOLFSSL_AES_192 */
7557 #ifdef WOLFSSL_AES_256
7558 if (ctx->cipherType == WC_AES_256_ECB_TYPE ||
7559 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_ECB))) {
7560 WOLFSSL_MSG("EVP_AES_256_ECB");
7561 ctx->cipherType = WC_AES_256_ECB_TYPE;
7562 ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
7563 ctx->flags |= WOLFSSL_EVP_CIPH_ECB_MODE;
7564 ctx->keyLen = 32;
7565 ctx->block_size = WC_AES_BLOCK_SIZE;
7566 if (enc == 0 || enc == 1)
7567 ctx->enc = enc ? 1 : 0;
7568 if (! (ctx->flags & WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED)) {
7569 if (wc_AesInit(&ctx->cipher.aes, NULL, INVALID_DEVID) != 0)
7570 return WOLFSSL_FAILURE;
7571 ctx->flags |= WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED;
7572 }
7573 if (key) {
7574 ret = AesSetKey_ex(&ctx->cipher.aes, key, (word32)ctx->keyLen,
7575 NULL, ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION, 1);
7576 }
7577 if (ret != 0)
7578 return WOLFSSL_FAILURE;
7579 }
7580 #endif /* WOLFSSL_AES_256 */
7581 #endif /* HAVE_AES_ECB */
7582 #ifdef WOLFSSL_AES_CFB
7583 #ifndef WOLFSSL_NO_AES_CFB_1_8
7584 #ifdef WOLFSSL_AES_128
7585 if (ctx->cipherType == WC_AES_128_CFB1_TYPE ||
7586 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_CFB1))) {
7587 WOLFSSL_MSG("EVP_AES_128_CFB1");
7588 ctx->cipherType = WC_AES_128_CFB1_TYPE;
7589 ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
7590 ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE;
7591 ctx->keyLen = 16;
7592 ctx->block_size = 1;
7593 if (enc == 0 || enc == 1)
7594 ctx->enc = enc ? 1 : 0;
7595 if (! (ctx->flags & WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED)) {
7596 if (wc_AesInit(&ctx->cipher.aes, NULL, INVALID_DEVID) != 0)
7597 return WOLFSSL_FAILURE;
7598 ctx->flags |= WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED;
7599 }
7600 if (key) {
7601 ret = AesSetKey_ex(&ctx->cipher.aes, key, (word32)ctx->keyLen,
7602 iv, AES_ENCRYPTION, 0);
7603 if (ret != 0)
7604 return WOLFSSL_FAILURE;
7605 }
7606 if (iv && key == NULL) {
7607 ret = wc_AesSetIV(&ctx->cipher.aes, iv);
7608 if (ret != 0)
7609 return WOLFSSL_FAILURE;
7610 }
7611 }
7612 #endif /* WOLFSSL_AES_128 */
7613 #ifdef WOLFSSL_AES_192
7614 if (ctx->cipherType == WC_AES_192_CFB1_TYPE ||
7615 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_CFB1))) {
7616 WOLFSSL_MSG("EVP_AES_192_CFB1");
7617 ctx->cipherType = WC_AES_192_CFB1_TYPE;
7618 ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
7619 ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE;
7620 ctx->keyLen = 24;
7621 ctx->block_size = 1;
7622 if (enc == 0 || enc == 1)
7623 ctx->enc = enc ? 1 : 0;
7624 if (! (ctx->flags & WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED)) {
7625 if (wc_AesInit(&ctx->cipher.aes, NULL, INVALID_DEVID) != 0)
7626 return WOLFSSL_FAILURE;
7627 ctx->flags |= WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED;
7628 }
7629 if (key) {
7630 ret = AesSetKey_ex(&ctx->cipher.aes, key, (word32)ctx->keyLen,
7631 iv, AES_ENCRYPTION, 0);
7632 if (ret != 0)
7633 return WOLFSSL_FAILURE;
7634 }
7635 if (iv && key == NULL) {
7636 ret = wc_AesSetIV(&ctx->cipher.aes, iv);
7637 if (ret != 0)
7638 return WOLFSSL_FAILURE;
7639 }
7640 }
7641 #endif /* WOLFSSL_AES_192 */
7642 #ifdef WOLFSSL_AES_256
7643 if (ctx->cipherType == WC_AES_256_CFB1_TYPE ||
7644 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_CFB1))) {
7645 WOLFSSL_MSG("EVP_AES_256_CFB1");
7646 ctx->cipherType = WC_AES_256_CFB1_TYPE;
7647 ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
7648 ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE;
7649 ctx->keyLen = 32;
7650 ctx->block_size = 1;
7651 if (enc == 0 || enc == 1)
7652 ctx->enc = enc ? 1 : 0;
7653 if (! (ctx->flags & WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED)) {
7654 if (wc_AesInit(&ctx->cipher.aes, NULL, INVALID_DEVID) != 0)
7655 return WOLFSSL_FAILURE;
7656 ctx->flags |= WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED;
7657 }
7658 if (key) {
7659 ret = AesSetKey_ex(&ctx->cipher.aes, key, (word32)ctx->keyLen,
7660 iv, AES_ENCRYPTION, 0);
7661 if (ret != 0){
7662 WOLFSSL_MSG("AesSetKey() failed");
7663 return WOLFSSL_FAILURE;
7664 }
7665 }
7666 if (iv && key == NULL) {
7667 ret = wc_AesSetIV(&ctx->cipher.aes, iv);
7668 if (ret != 0){
7669 WOLFSSL_MSG("wc_AesSetIV() failed");
7670 return WOLFSSL_FAILURE;
7671 }
7672 }
7673 }
7674 #endif /* WOLFSSL_AES_256 */
7675 #ifdef WOLFSSL_AES_128
7676 if (ctx->cipherType == WC_AES_128_CFB8_TYPE ||
7677 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_CFB8))) {
7678 WOLFSSL_MSG("EVP_AES_128_CFB8");
7679 ctx->cipherType = WC_AES_128_CFB8_TYPE;
7680 ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
7681 ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE;
7682 ctx->keyLen = 16;
7683 ctx->block_size = 1;
7684 if (enc == 0 || enc == 1)
7685 ctx->enc = enc ? 1 : 0;
7686 if (! (ctx->flags & WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED)) {
7687 if (wc_AesInit(&ctx->cipher.aes, NULL, INVALID_DEVID) != 0)
7688 return WOLFSSL_FAILURE;
7689 ctx->flags |= WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED;
7690 }
7691 if (key) {
7692 ret = AesSetKey_ex(&ctx->cipher.aes, key, (word32)ctx->keyLen,
7693 iv, AES_ENCRYPTION, 0);
7694 if (ret != 0)
7695 return WOLFSSL_FAILURE;
7696 }
7697 if (iv && key == NULL) {
7698 ret = wc_AesSetIV(&ctx->cipher.aes, iv);
7699 if (ret != 0)
7700 return WOLFSSL_FAILURE;
7701 }
7702 }
7703 #endif /* WOLFSSL_AES_128 */
7704 #ifdef WOLFSSL_AES_192
7705 if (ctx->cipherType == WC_AES_192_CFB8_TYPE ||
7706 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_CFB8))) {
7707 WOLFSSL_MSG("EVP_AES_192_CFB8");
7708 ctx->cipherType = WC_AES_192_CFB8_TYPE;
7709 ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
7710 ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE;
7711 ctx->keyLen = 24;
7712 ctx->block_size = 1;
7713 if (enc == 0 || enc == 1)
7714 ctx->enc = enc ? 1 : 0;
7715 if (! (ctx->flags & WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED)) {
7716 if (wc_AesInit(&ctx->cipher.aes, NULL, INVALID_DEVID) != 0)
7717 return WOLFSSL_FAILURE;
7718 ctx->flags |= WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED;
7719 }
7720 if (key) {
7721 ret = AesSetKey_ex(&ctx->cipher.aes, key, (word32)ctx->keyLen,
7722 iv, AES_ENCRYPTION, 0);
7723 if (ret != 0)
7724 return WOLFSSL_FAILURE;
7725 }
7726 if (iv && key == NULL) {
7727 ret = wc_AesSetIV(&ctx->cipher.aes, iv);
7728 if (ret != 0)
7729 return WOLFSSL_FAILURE;
7730 }
7731 }
7732 #endif /* WOLFSSL_AES_192 */
7733 #ifdef WOLFSSL_AES_256
7734 if (ctx->cipherType == WC_AES_256_CFB8_TYPE ||
7735 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_CFB8))) {
7736 WOLFSSL_MSG("EVP_AES_256_CFB8");
7737 ctx->cipherType = WC_AES_256_CFB8_TYPE;
7738 ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
7739 ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE;
7740 ctx->keyLen = 32;
7741 ctx->block_size = 1;
7742 if (enc == 0 || enc == 1)
7743 ctx->enc = enc ? 1 : 0;
7744 if (! (ctx->flags & WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED)) {
7745 if (wc_AesInit(&ctx->cipher.aes, NULL, INVALID_DEVID) != 0)
7746 return WOLFSSL_FAILURE;
7747 ctx->flags |= WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED;
7748 }
7749 if (key) {
7750 ret = AesSetKey_ex(&ctx->cipher.aes, key, (word32)ctx->keyLen,
7751 iv, AES_ENCRYPTION, 0);
7752 if (ret != 0){
7753 WOLFSSL_MSG("AesSetKey() failed");
7754 return WOLFSSL_FAILURE;
7755 }
7756 }
7757 if (iv && key == NULL) {
7758 ret = wc_AesSetIV(&ctx->cipher.aes, iv);
7759 if (ret != 0){
7760 WOLFSSL_MSG("wc_AesSetIV() failed");
7761 return WOLFSSL_FAILURE;
7762 }
7763 }
7764 }
7765 #endif /* WOLFSSL_AES_256 */
7766 #endif /* !WOLFSSL_NO_AES_CFB_1_8 */
7767 #ifdef WOLFSSL_AES_128
7768 if (ctx->cipherType == WC_AES_128_CFB128_TYPE ||
7769 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_CFB128))) {
7770 WOLFSSL_MSG("EVP_AES_128_CFB128");
7771 ctx->cipherType = WC_AES_128_CFB128_TYPE;
7772 ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
7773 ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE;
7774 ctx->keyLen = 16;
7775 ctx->block_size = 1;
7776 if (enc == 0 || enc == 1)
7777 ctx->enc = enc ? 1 : 0;
7778 if (! (ctx->flags & WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED)) {
7779 if (wc_AesInit(&ctx->cipher.aes, NULL, INVALID_DEVID) != 0)
7780 return WOLFSSL_FAILURE;
7781 ctx->flags |= WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED;
7782 }
7783 if (key) {
7784 ret = AesSetKey_ex(&ctx->cipher.aes, key, (word32)ctx->keyLen,
7785 iv, AES_ENCRYPTION, 0);
7786 if (ret != 0)
7787 return WOLFSSL_FAILURE;
7788 }
7789 if (iv && key == NULL) {
7790 ret = wc_AesSetIV(&ctx->cipher.aes, iv);
7791 if (ret != 0)
7792 return WOLFSSL_FAILURE;
7793 }
7794 }
7795 #endif /* WOLFSSL_AES_128 */
7796 #ifdef WOLFSSL_AES_192
7797 if (ctx->cipherType == WC_AES_192_CFB128_TYPE ||
7798 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_CFB128))) {
7799 WOLFSSL_MSG("EVP_AES_192_CFB128");
7800 ctx->cipherType = WC_AES_192_CFB128_TYPE;
7801 ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
7802 ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE;
7803 ctx->keyLen = 24;
7804 ctx->block_size = 1;
7805 if (enc == 0 || enc == 1)
7806 ctx->enc = enc ? 1 : 0;
7807 if (! (ctx->flags & WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED)) {
7808 if (wc_AesInit(&ctx->cipher.aes, NULL, INVALID_DEVID) != 0)
7809 return WOLFSSL_FAILURE;
7810 ctx->flags |= WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED;
7811 }
7812 if (key) {
7813 ret = AesSetKey_ex(&ctx->cipher.aes, key, (word32)ctx->keyLen,
7814 iv, AES_ENCRYPTION, 0);
7815 if (ret != 0)
7816 return WOLFSSL_FAILURE;
7817 }
7818 if (iv && key == NULL) {
7819 ret = wc_AesSetIV(&ctx->cipher.aes, iv);
7820 if (ret != 0)
7821 return WOLFSSL_FAILURE;
7822 }
7823 }
7824 #endif /* WOLFSSL_AES_192 */
7825 #ifdef WOLFSSL_AES_256
7826 if (ctx->cipherType == WC_AES_256_CFB128_TYPE ||
7827 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_CFB128))) {
7828 WOLFSSL_MSG("EVP_AES_256_CFB128");
7829 ctx->cipherType = WC_AES_256_CFB128_TYPE;
7830 ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
7831 ctx->flags |= WOLFSSL_EVP_CIPH_CFB_MODE;
7832 ctx->keyLen = 32;
7833 ctx->block_size = 1;
7834 if (enc == 0 || enc == 1)
7835 ctx->enc = enc ? 1 : 0;
7836 if (! (ctx->flags & WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED)) {
7837 if (wc_AesInit(&ctx->cipher.aes, NULL, INVALID_DEVID) != 0)
7838 return WOLFSSL_FAILURE;
7839 ctx->flags |= WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED;
7840 }
7841 if (key) {
7842 ret = AesSetKey_ex(&ctx->cipher.aes, key, (word32)ctx->keyLen,
7843 iv, AES_ENCRYPTION, 0);
7844 if (ret != 0){
7845 WOLFSSL_MSG("AesSetKey() failed");
7846 return WOLFSSL_FAILURE;
7847 }
7848 }
7849 if (iv && key == NULL) {
7850 ret = wc_AesSetIV(&ctx->cipher.aes, iv);
7851 if (ret != 0){
7852 WOLFSSL_MSG("wc_AesSetIV() failed");
7853 return WOLFSSL_FAILURE;
7854 }
7855 }
7856 }
7857 #endif /* WOLFSSL_AES_256 */
7858 #endif /* WOLFSSL_AES_CFB */
7859 #ifdef WOLFSSL_AES_OFB
7860 #ifdef WOLFSSL_AES_128
7861 if (ctx->cipherType == WC_AES_128_OFB_TYPE ||
7862 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_OFB))) {
7863 WOLFSSL_MSG("EVP_AES_128_OFB");
7864 ctx->cipherType = WC_AES_128_OFB_TYPE;
7865 ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
7866 ctx->flags |= WOLFSSL_EVP_CIPH_OFB_MODE;
7867 ctx->keyLen = 16;
7868 ctx->block_size = 1;
7869 if (enc == 0 || enc == 1)
7870 ctx->enc = enc ? 1 : 0;
7871 if (! (ctx->flags & WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED)) {
7872 if (wc_AesInit(&ctx->cipher.aes, NULL, INVALID_DEVID) != 0)
7873 return WOLFSSL_FAILURE;
7874 ctx->flags |= WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED;
7875 }
7876 if (key) {
7877 ret = AesSetKey_ex(&ctx->cipher.aes, key, (word32)ctx->keyLen,
7878 iv, AES_ENCRYPTION, 0);
7879 if (ret != 0)
7880 return WOLFSSL_FAILURE;
7881 }
7882 if (iv && key == NULL) {
7883 ret = wc_AesSetIV(&ctx->cipher.aes, iv);
7884 if (ret != 0)
7885 return WOLFSSL_FAILURE;
7886 }
7887 }
7888 #endif /* WOLFSSL_AES_128 */
7889 #ifdef WOLFSSL_AES_192
7890 if (ctx->cipherType == WC_AES_192_OFB_TYPE ||
7891 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_192_OFB))) {
7892 WOLFSSL_MSG("EVP_AES_192_OFB");
7893 ctx->cipherType = WC_AES_192_OFB_TYPE;
7894 ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
7895 ctx->flags |= WOLFSSL_EVP_CIPH_OFB_MODE;
7896 ctx->keyLen = 24;
7897 ctx->block_size = 1;
7898 if (enc == 0 || enc == 1)
7899 ctx->enc = enc ? 1 : 0;
7900 if (! (ctx->flags & WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED)) {
7901 if (wc_AesInit(&ctx->cipher.aes, NULL, INVALID_DEVID) != 0)
7902 return WOLFSSL_FAILURE;
7903 ctx->flags |= WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED;
7904 }
7905 if (key) {
7906 ret = AesSetKey_ex(&ctx->cipher.aes, key, (word32)ctx->keyLen,
7907 iv, AES_ENCRYPTION, 0);
7908 if (ret != 0)
7909 return WOLFSSL_FAILURE;
7910 }
7911 if (iv && key == NULL) {
7912 ret = wc_AesSetIV(&ctx->cipher.aes, iv);
7913 if (ret != 0)
7914 return WOLFSSL_FAILURE;
7915 }
7916 }
7917 #endif /* WOLFSSL_AES_192 */
7918 #ifdef WOLFSSL_AES_256
7919 if (ctx->cipherType == WC_AES_256_OFB_TYPE ||
7920 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_OFB))) {
7921 WOLFSSL_MSG("EVP_AES_256_OFB");
7922 ctx->cipherType = WC_AES_256_OFB_TYPE;
7923 ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
7924 ctx->flags |= WOLFSSL_EVP_CIPH_OFB_MODE;
7925 ctx->keyLen = 32;
7926 ctx->block_size = 1;
7927 if (enc == 0 || enc == 1)
7928 ctx->enc = enc ? 1 : 0;
7929 if (! (ctx->flags & WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED)) {
7930 if (wc_AesInit(&ctx->cipher.aes, NULL, INVALID_DEVID) != 0)
7931 return WOLFSSL_FAILURE;
7932 ctx->flags |= WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED;
7933 }
7934 if (key) {
7935 ret = AesSetKey_ex(&ctx->cipher.aes, key, (word32)ctx->keyLen,
7936 iv, AES_ENCRYPTION, 0);
7937 if (ret != 0){
7938 WOLFSSL_MSG("AesSetKey() failed");
7939 return WOLFSSL_FAILURE;
7940 }
7941 }
7942 if (iv && key == NULL) {
7943 ret = wc_AesSetIV(&ctx->cipher.aes, iv);
7944 if (ret != 0){
7945 WOLFSSL_MSG("wc_AesSetIV() failed");
7946 return WOLFSSL_FAILURE;
7947 }
7948 }
7949 }
7950 #endif /* WOLFSSL_AES_256 */
7951 #endif /* WOLFSSL_AES_OFB */
7952 #if defined(WOLFSSL_AES_XTS) && \
7953 (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3))
7954 #ifdef WOLFSSL_AES_128
7955 if (ctx->cipherType == WC_AES_128_XTS_TYPE ||
7956 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_128_XTS))) {
7957 WOLFSSL_MSG("EVP_AES_128_XTS");
7958 ctx->cipherType = WC_AES_128_XTS_TYPE;
7959 ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
7960 ctx->flags |= WOLFSSL_EVP_CIPH_XTS_MODE;
7961 ctx->keyLen = 32;
7962 ctx->block_size = 1;
7963 ctx->ivSz = WC_AES_BLOCK_SIZE;
7964
7965 if (iv != NULL) {
7966 if (iv != ctx->iv) /* Valgrind error when src == dst */
7967 XMEMCPY(ctx->iv, iv, (size_t)ctx->ivSz);
7968 }
7969 else
7970 XMEMSET(ctx->iv, 0, WC_AES_BLOCK_SIZE);
7971
7972 if (enc == 0 || enc == 1)
7973 ctx->enc = enc ? 1 : 0;
7974
7975 if (! (ctx->flags & WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED)) {
7976 ret = wc_AesXtsInit(&ctx->cipher.xts, NULL, 0);
7977 if (ret != 0) {
7978 WOLFSSL_MSG("wc_AesXtsInit() failed");
7979 return WOLFSSL_FAILURE;
7980 }
7981 ctx->flags |= WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED;
7982 }
7983
7984 if (key) {
7985 ret = wc_AesXtsSetKeyNoInit(&ctx->cipher.xts, key,
7986 (word32)ctx->keyLen,
7987 ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION);
7988 if (ret != 0) {
7989 WOLFSSL_MSG("wc_AesXtsSetKey() failed");
7990 return WOLFSSL_FAILURE;
7991 }
7992 }
7993 }
7994 #endif /* WOLFSSL_AES_128 */
7995 #ifdef WOLFSSL_AES_256
7996 if (ctx->cipherType == WC_AES_256_XTS_TYPE ||
7997 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_AES_256_XTS))) {
7998 WOLFSSL_MSG("EVP_AES_256_XTS");
7999 ctx->cipherType = WC_AES_256_XTS_TYPE;
8000 ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
8001 ctx->flags |= WOLFSSL_EVP_CIPH_XTS_MODE;
8002 ctx->keyLen = 64;
8003 ctx->block_size = 1;
8004 ctx->ivSz = WC_AES_BLOCK_SIZE;
8005
8006 if (iv != NULL) {
8007 if (iv != ctx->iv) /* Valgrind error when src == dst */
8008 XMEMCPY(ctx->iv, iv, (size_t)ctx->ivSz);
8009 }
8010 else
8011 XMEMSET(ctx->iv, 0, WC_AES_BLOCK_SIZE);
8012
8013 if (enc == 0 || enc == 1)
8014 ctx->enc = enc ? 1 : 0;
8015
8016 if (! (ctx->flags & WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED)) {
8017 ret = wc_AesXtsInit(&ctx->cipher.xts, NULL, 0);
8018 if (ret != 0) {
8019 WOLFSSL_MSG("wc_AesXtsInit() failed");
8020 return WOLFSSL_FAILURE;
8021 }
8022 ctx->flags |= WOLFSSL_EVP_CIPH_LOW_LEVEL_INITED;
8023 }
8024
8025 if (key) {
8026 ret = wc_AesXtsSetKeyNoInit(&ctx->cipher.xts, key,
8027 (word32)ctx->keyLen,
8028 ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION);
8029 if (ret != 0) {
8030 WOLFSSL_MSG("wc_AesXtsSetKey() failed");
8031 return WOLFSSL_FAILURE;
8032 }
8033 }
8034 }
8035 #endif /* WOLFSSL_AES_256 */
8036 #endif /* WOLFSSL_AES_XTS &&
8037 (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) */
8038#endif /* NO_AES */
8039 #if defined(HAVE_ARIA)
8040 if (ctx->cipherType == WC_ARIA_128_GCM_TYPE ||
8041 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_ARIA_128_GCM))
8042 || ctx->cipherType == WC_ARIA_192_GCM_TYPE ||
8043 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_ARIA_192_GCM))
8044 || ctx->cipherType == WC_ARIA_256_GCM_TYPE ||
8045 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_ARIA_256_GCM))
8046 ) {
8047 if (EvpCipherInitAriaGCM(ctx, type, key, iv, enc)
8048 != WOLFSSL_SUCCESS) {
8049 return WOLFSSL_FAILURE;
8050 }
8051 }
8052 #endif /* HAVE_AESGCM && ((!HAVE_FIPS && !HAVE_SELFTEST) ||
8053 * HAVE_FIPS_VERSION >= 2 */
8054
8055
8056#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
8057 if (ctx->cipherType == WC_CHACHA20_POLY1305_TYPE ||
8058 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_CHACHA20_POLY1305))) {
8059 WOLFSSL_MSG("EVP_CHACHA20_POLY1305");
8060 ctx->cipherType = WC_CHACHA20_POLY1305_TYPE;
8061 ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
8062 ctx->flags |= WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER;
8063 ctx->keyLen = CHACHA20_POLY1305_AEAD_KEYSIZE;
8064 ctx->block_size = CHACHA_CHUNK_BYTES;
8065 ctx->authTagSz = CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE;
8066 ctx->ivSz = CHACHA20_POLY1305_AEAD_IV_SIZE;
8067 if (enc == 0 || enc == 1) {
8068 ctx->enc = (byte) enc;
8069 }
8070
8071 /* wolfSSL_EVP_CipherInit() may be called multiple times to
8072 * set key or iv alone. A common use case is to set key
8073 * and then init with another iv again and again after
8074 * update/finals. We need to preserve the key for those calls
8075 * since wc_ChaCha20Poly1305_Init() does not. */
8076 if (key != NULL) {
8077 if (!ctx->key) {
8078 ctx->key = (byte*)XMALLOC((size_t)ctx->keyLen, NULL,
8079 DYNAMIC_TYPE_OPENSSL);
8080 if (!ctx->key) {
8081 return MEMORY_E;
8082 }
8083 }
8084 XMEMCPY(ctx->key, key, (size_t)ctx->keyLen);
8085 }
8086 if ((ctx->key != NULL && iv != NULL) && wc_ChaCha20Poly1305_Init(
8087 &ctx->cipher.chachaPoly, ctx->key, iv, ctx->enc) != 0) {
8088 WOLFSSL_MSG("wc_ChaCha20Poly1305_Init() failed");
8089 return WOLFSSL_FAILURE;
8090 }
8091 }
8092#endif
8093#ifdef HAVE_CHACHA
8094 if (ctx->cipherType == WC_CHACHA20_TYPE ||
8095 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_CHACHA20))) {
8096 WOLFSSL_MSG("EVP_CHACHA20");
8097 ctx->cipherType = WC_CHACHA20_TYPE;
8098 ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
8099 ctx->keyLen = CHACHA_MAX_KEY_SZ;
8100 ctx->block_size = 1;
8101 ctx->ivSz = WOLFSSL_EVP_CHACHA_IV_BYTES;
8102 if (enc == 0 || enc == 1) {
8103 ctx->enc = (byte) enc;
8104 }
8105 if (key != NULL && wc_Chacha_SetKey(&ctx->cipher.chacha, key,
8106 (word32)ctx->keyLen) != 0) {
8107 WOLFSSL_MSG("wc_Chacha_SetKey() failed");
8108 return WOLFSSL_FAILURE;
8109 }
8110 if (iv != NULL) {
8111 /* a bit silly. chacha takes an iv+counter and internally
8112 * combines them to a new iv. EVP is given exactly *one* iv,
8113 * so to pass it into chacha, we have to revert that first.
8114 * The counter comes first in little-endian */
8115 word32 counter = (word32)iv[0] + (word32)(iv[1] << 8) +
8116 (word32)(iv[2] << 16) + (word32)(iv[3] << 24);
8117 if (wc_Chacha_SetIV(&ctx->cipher.chacha,
8118 iv + sizeof(counter), counter) != 0) {
8119
8120 WOLFSSL_MSG("wc_Chacha_SetIV() failed");
8121 return WOLFSSL_FAILURE;
8122 }
8123 }
8124 }
8125#endif
8126#ifdef WOLFSSL_SM4_ECB
8127 if (ctx->cipherType == WC_SM4_ECB_TYPE ||
8128 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_SM4_ECB))) {
8129 WOLFSSL_MSG("EVP_SM4_ECB");
8130 ctx->cipherType = WC_SM4_ECB_TYPE;
8131 ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
8132 ctx->flags |= WOLFSSL_EVP_CIPH_ECB_MODE;
8133 ctx->keyLen = SM4_KEY_SIZE;
8134 ctx->block_size = SM4_BLOCK_SIZE;
8135 if (enc == 0 || enc == 1)
8136 ctx->enc = enc ? 1 : 0;
8137 if (key) {
8138 ret = wc_Sm4SetKey(&ctx->cipher.sm4, key, ctx->keyLen);
8139 }
8140 if (ret != 0) {
8141 return WOLFSSL_FAILURE;
8142 }
8143 }
8144#endif
8145#ifdef WOLFSSL_SM4_CBC
8146 if (ctx->cipherType == WC_SM4_CBC_TYPE ||
8147 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_SM4_CBC))) {
8148 WOLFSSL_MSG("EVP_SM4_CBC");
8149 ctx->cipherType = WC_SM4_CBC_TYPE;
8150 ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
8151 ctx->flags |= WOLFSSL_EVP_CIPH_CBC_MODE;
8152 ctx->keyLen = SM4_KEY_SIZE;
8153 ctx->block_size = SM4_BLOCK_SIZE;
8154 ctx->ivSz = SM4_BLOCK_SIZE;
8155 if (enc == 0 || enc == 1)
8156 ctx->enc = enc ? 1 : 0;
8157 if (key != NULL) {
8158 ret = wc_Sm4SetKey(&ctx->cipher.sm4, key, ctx->keyLen);
8159 if (ret != 0) {
8160 return WOLFSSL_FAILURE;
8161 }
8162 }
8163 if (iv != NULL) {
8164 ret = wc_Sm4SetIV(&ctx->cipher.sm4, iv);
8165 if (ret != 0) {
8166 return WOLFSSL_FAILURE;
8167 }
8168 }
8169 }
8170#endif
8171#ifdef WOLFSSL_SM4_CTR
8172 if (ctx->cipherType == WC_SM4_CTR_TYPE ||
8173 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_SM4_CTR))) {
8174 WOLFSSL_MSG("EVP_SM4_CTR");
8175 ctx->cipherType = WC_SM4_CTR_TYPE;
8176 ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
8177 ctx->flags |= WOLFSSL_EVP_CIPH_CTR_MODE;
8178 ctx->keyLen = SM4_KEY_SIZE;
8179 ctx->block_size = WOLFSSL_NO_PADDING_BLOCK_SIZE;
8180 ctx->ivSz = SM4_BLOCK_SIZE;
8181 if (enc == 0 || enc == 1)
8182 ctx->enc = enc ? 1 : 0;
8183 if (key != NULL) {
8184 ret = wc_Sm4SetKey(&ctx->cipher.sm4, key, ctx->keyLen);
8185 if (ret != 0) {
8186 return WOLFSSL_FAILURE;
8187 }
8188 }
8189 if (iv != NULL) {
8190 ret = wc_Sm4SetIV(&ctx->cipher.sm4, iv);
8191 if (ret != 0) {
8192 return WOLFSSL_FAILURE;
8193 }
8194 }
8195 }
8196#endif
8197#ifdef WOLFSSL_SM4_GCM
8198 if (ctx->cipherType == WC_SM4_GCM_TYPE ||
8199 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_SM4_GCM))) {
8200 WOLFSSL_MSG("EVP_SM4_GCM");
8201 ctx->cipherType = WC_SM4_GCM_TYPE;
8202 ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
8203 ctx->flags |= WOLFSSL_EVP_CIPH_GCM_MODE |
8204 WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER;
8205 ctx->block_size = WOLFSSL_NO_PADDING_BLOCK_SIZE;
8206 ctx->keyLen = SM4_KEY_SIZE;
8207 if (ctx->ivSz == 0) {
8208 ctx->ivSz = GCM_NONCE_MID_SZ;
8209 }
8210 ctx->authTagSz = SM4_BLOCK_SIZE;
8211 XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL);
8212 ctx->authIn = NULL;
8213 ctx->authInSz = 0;
8214 if (enc == 0 || enc == 1)
8215 ctx->enc = enc ? 1 : 0;
8216 if (key != NULL) {
8217 ret = wc_Sm4GcmSetKey(&ctx->cipher.sm4, key, ctx->keyLen);
8218 if (ret != 0) {
8219 return WOLFSSL_FAILURE;
8220 }
8221 }
8222 if (iv != NULL) {
8223 XMEMCPY(ctx->iv, iv, (size_t)ctx->ivSz);
8224 }
8225 }
8226#endif
8227#ifdef WOLFSSL_SM4_CCM
8228 if (ctx->cipherType == WC_SM4_CCM_TYPE ||
8229 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_SM4_CCM))) {
8230 WOLFSSL_MSG("EVP_SM4_CCM");
8231 ctx->cipherType = WC_SM4_CCM_TYPE;
8232 ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
8233 ctx->flags |= WOLFSSL_EVP_CIPH_CCM_MODE |
8234 WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER;
8235 ctx->block_size = WOLFSSL_NO_PADDING_BLOCK_SIZE;
8236 ctx->keyLen = SM4_KEY_SIZE;
8237 if (ctx->ivSz == 0) {
8238 ctx->ivSz = GCM_NONCE_MID_SZ;
8239 }
8240 ctx->authTagSz = SM4_BLOCK_SIZE;
8241 XFREE(ctx->authIn, NULL, DYNAMIC_TYPE_OPENSSL);
8242 ctx->authIn = NULL;
8243 ctx->authInSz = 0;
8244 if (enc == 0 || enc == 1)
8245 ctx->enc = enc ? 1 : 0;
8246 if (key != NULL) {
8247 ret = wc_Sm4SetKey(&ctx->cipher.sm4, key, ctx->keyLen);
8248 if (ret != 0) {
8249 return WOLFSSL_FAILURE;
8250 }
8251 }
8252 if (iv != NULL) {
8253 XMEMCPY(ctx->iv, iv, (size_t)ctx->ivSz);
8254 }
8255 }
8256#endif
8257#ifndef NO_DES3
8258 if (ctx->cipherType == WC_DES_CBC_TYPE ||
8259 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_DES_CBC))) {
8260 WOLFSSL_MSG("EVP_DES_CBC");
8261 ctx->cipherType = WC_DES_CBC_TYPE;
8262 ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
8263 ctx->flags |= WOLFSSL_EVP_CIPH_CBC_MODE;
8264 ctx->keyLen = 8;
8265 ctx->block_size = DES_BLOCK_SIZE;
8266 ctx->ivSz = DES_BLOCK_SIZE;
8267 if (enc == 0 || enc == 1)
8268 ctx->enc = enc ? 1 : 0;
8269 if (key) {
8270 ret = wc_Des_SetKey(&ctx->cipher.des, key, iv,
8271 ctx->enc ? DES_ENCRYPTION : DES_DECRYPTION);
8272 if (ret != 0)
8273 return WOLFSSL_FAILURE;
8274 }
8275
8276 if (iv && key == NULL)
8277 wc_Des_SetIV(&ctx->cipher.des, iv);
8278 }
8279#ifdef WOLFSSL_DES_ECB
8280 else if (ctx->cipherType == WC_DES_ECB_TYPE ||
8281 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_DES_ECB))) {
8282 WOLFSSL_MSG("EVP_DES_ECB");
8283 ctx->cipherType = WC_DES_ECB_TYPE;
8284 ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
8285 ctx->flags |= WOLFSSL_EVP_CIPH_ECB_MODE;
8286 ctx->keyLen = 8;
8287 ctx->block_size = DES_BLOCK_SIZE;
8288 if (enc == 0 || enc == 1)
8289 ctx->enc = enc ? 1 : 0;
8290 if (key) {
8291 WOLFSSL_MSG("Des_SetKey");
8292 ret = wc_Des_SetKey(&ctx->cipher.des, key, NULL,
8293 ctx->enc ? DES_ENCRYPTION : DES_DECRYPTION);
8294 if (ret != 0)
8295 return WOLFSSL_FAILURE;
8296 }
8297 }
8298#endif
8299 else if (ctx->cipherType == WC_DES_EDE3_CBC_TYPE ||
8300 (type &&
8301 EVP_CIPHER_TYPE_MATCHES(type, EVP_DES_EDE3_CBC))) {
8302 WOLFSSL_MSG("EVP_DES_EDE3_CBC");
8303 ctx->cipherType = WC_DES_EDE3_CBC_TYPE;
8304 ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
8305 ctx->flags |= WOLFSSL_EVP_CIPH_CBC_MODE;
8306 ctx->keyLen = 24;
8307 ctx->block_size = DES_BLOCK_SIZE;
8308 ctx->ivSz = DES_BLOCK_SIZE;
8309 if (enc == 0 || enc == 1)
8310 ctx->enc = enc ? 1 : 0;
8311 if (key) {
8312 ret = wc_Des3_SetKey(&ctx->cipher.des3, key, iv,
8313 ctx->enc ? DES_ENCRYPTION : DES_DECRYPTION);
8314 if (ret != 0)
8315 return WOLFSSL_FAILURE;
8316 }
8317
8318 if (iv && key == NULL) {
8319 ret = wc_Des3_SetIV(&ctx->cipher.des3, iv);
8320 if (ret != 0)
8321 return WOLFSSL_FAILURE;
8322 }
8323 }
8324 else if (ctx->cipherType == WC_DES_EDE3_ECB_TYPE ||
8325 (type &&
8326 EVP_CIPHER_TYPE_MATCHES(type, EVP_DES_EDE3_ECB))) {
8327 WOLFSSL_MSG("EVP_DES_EDE3_ECB");
8328 ctx->cipherType = WC_DES_EDE3_ECB_TYPE;
8329 ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
8330 ctx->flags |= WOLFSSL_EVP_CIPH_ECB_MODE;
8331 ctx->keyLen = 24;
8332 ctx->block_size = DES_BLOCK_SIZE;
8333 if (enc == 0 || enc == 1)
8334 ctx->enc = enc ? 1 : 0;
8335 if (key) {
8336 ret = wc_Des3_SetKey(&ctx->cipher.des3, key, NULL,
8337 ctx->enc ? DES_ENCRYPTION : DES_DECRYPTION);
8338 if (ret != 0)
8339 return WOLFSSL_FAILURE;
8340 }
8341 }
8342#endif /* NO_DES3 */
8343#ifndef NO_RC4
8344 if (ctx->cipherType == WC_ARC4_TYPE ||
8345 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_ARC4))) {
8346 WOLFSSL_MSG("ARC4");
8347 ctx->cipherType = WC_ARC4_TYPE;
8348 ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_MODE;
8349 ctx->flags |= WOLFSSL_EVP_CIPH_STREAM_CIPHER;
8350 ctx->block_size = 1;
8351 if (ctx->keyLen == 0) /* user may have already set */
8352 ctx->keyLen = 16; /* default to 128 */
8353 if (key)
8354 wc_Arc4SetKey(&ctx->cipher.arc4, key, (word32)ctx->keyLen);
8355 }
8356#endif /* NO_RC4 */
8357 if (ctx->cipherType == WC_NULL_CIPHER_TYPE ||
8358 (type && EVP_CIPHER_TYPE_MATCHES(type, EVP_NULL))) {
8359 WOLFSSL_MSG("NULL cipher");
8360 ctx->cipherType = WC_NULL_CIPHER_TYPE;
8361 ctx->keyLen = 0;
8362 ctx->block_size = 16;
8363 }
8364#ifdef HAVE_WOLFSSL_EVP_CIPHER_CTX_IV
8365 if (iv && iv != ctx->iv) {
8366 if (wolfSSL_StoreExternalIV(ctx) != WOLFSSL_SUCCESS) {
8367 return WOLFSSL_FAILURE;
8368 }
8369 }
8370#endif
8371 (void)ret; /* remove warning. If execution reaches this point, ret=0 */
8372 return WOLFSSL_SUCCESS;
8373 }
8374
8375
8376 int wolfSSL_EVP_CIPHER_CTX_nid(const WOLFSSL_EVP_CIPHER_CTX *ctx)
8377 {
8378 WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_nid");
8379 if (ctx == NULL) {
8380 WOLFSSL_ERROR_MSG("Bad parameters");
8381 return WC_NID_undef;
8382 }
8383
8384 switch (ctx->cipherType) {
8385#ifndef NO_AES
8386#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
8387 case WC_AES_128_CBC_TYPE :
8388 return WC_NID_aes_128_cbc;
8389 case WC_AES_192_CBC_TYPE :
8390 return WC_NID_aes_192_cbc;
8391 case WC_AES_256_CBC_TYPE :
8392 return WC_NID_aes_256_cbc;
8393#endif
8394#ifdef HAVE_AESGCM
8395 case WC_AES_128_GCM_TYPE :
8396 return WC_NID_aes_128_gcm;
8397 case WC_AES_192_GCM_TYPE :
8398 return WC_NID_aes_192_gcm;
8399 case WC_AES_256_GCM_TYPE :
8400 return WC_NID_aes_256_gcm;
8401#endif
8402#ifdef HAVE_AESCCM
8403 case WC_AES_128_CCM_TYPE :
8404 return WC_NID_aes_128_ccm;
8405 case WC_AES_192_CCM_TYPE :
8406 return WC_NID_aes_192_ccm;
8407 case WC_AES_256_CCM_TYPE :
8408 return WC_NID_aes_256_ccm;
8409#endif
8410#ifdef HAVE_AES_ECB
8411 case WC_AES_128_ECB_TYPE :
8412 return WC_NID_aes_128_ecb;
8413 case WC_AES_192_ECB_TYPE :
8414 return WC_NID_aes_192_ecb;
8415 case WC_AES_256_ECB_TYPE :
8416 return WC_NID_aes_256_ecb;
8417#endif
8418#ifdef WOLFSSL_AES_COUNTER
8419 case WC_AES_128_CTR_TYPE :
8420 return WC_NID_aes_128_ctr;
8421 case WC_AES_192_CTR_TYPE :
8422 return WC_NID_aes_192_ctr;
8423 case WC_AES_256_CTR_TYPE :
8424 return WC_NID_aes_256_ctr;
8425#endif
8426
8427#endif /* NO_AES */
8428
8429#ifdef HAVE_ARIA
8430 case WC_ARIA_128_GCM_TYPE :
8431 return WC_NID_aria_128_gcm;
8432 case WC_ARIA_192_GCM_TYPE :
8433 return WC_NID_aria_192_gcm;
8434 case WC_ARIA_256_GCM_TYPE :
8435 return WC_NID_aria_256_gcm;
8436#endif
8437
8438#ifndef NO_DES3
8439 case WC_DES_CBC_TYPE :
8440 return WC_NID_des_cbc;
8441
8442 case WC_DES_EDE3_CBC_TYPE :
8443 return WC_NID_des_ede3_cbc;
8444#endif
8445#ifdef WOLFSSL_DES_ECB
8446 case WC_DES_ECB_TYPE :
8447 return WC_NID_des_ecb;
8448 case WC_DES_EDE3_ECB_TYPE :
8449 return WC_NID_des_ede3_ecb;
8450#endif
8451
8452 case WC_ARC4_TYPE :
8453 return WC_NID_rc4;
8454
8455#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
8456 case WC_CHACHA20_POLY1305_TYPE:
8457 return WC_NID_chacha20_poly1305;
8458#endif
8459
8460#ifdef HAVE_CHACHA
8461 case WC_CHACHA20_TYPE:
8462 return WC_NID_chacha20;
8463#endif
8464
8465#ifdef WOLFSSL_SM4_ECB
8466 case WC_SM4_ECB_TYPE:
8467 return WC_NID_sm4_ecb;
8468#endif
8469
8470#ifdef WOLFSSL_SM4_CBC
8471 case WC_SM4_CBC_TYPE:
8472 return WC_NID_sm4_cbc;
8473#endif
8474
8475#ifdef WOLFSSL_SM4_CTR
8476 case WC_SM4_CTR_TYPE:
8477 return WC_NID_sm4_ctr;
8478#endif
8479
8480#ifdef WOLFSSL_SM4_GCM
8481 case WC_SM4_GCM_TYPE:
8482 return WC_NID_sm4_gcm;
8483#endif
8484
8485#ifdef WOLFSSL_SM4_CCM
8486 case WC_SM4_CCM_TYPE:
8487 return WC_NID_sm4_ccm;
8488#endif
8489
8490 case WC_NULL_CIPHER_TYPE :
8491 WOLFSSL_ERROR_MSG("Null cipher has no NID");
8492 FALL_THROUGH;
8493 default:
8494 return WC_NID_undef;
8495 }
8496 }
8497
8498 /* WOLFSSL_SUCCESS on ok */
8499 int wolfSSL_EVP_CIPHER_CTX_key_length(WOLFSSL_EVP_CIPHER_CTX* ctx)
8500 {
8501 WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_key_length");
8502 if (ctx)
8503 return ctx->keyLen;
8504 else
8505 return WOLFSSL_FAILURE;
8506 }
8507
8508 /* WOLFSSL_SUCCESS on ok */
8509 int wolfSSL_EVP_CIPHER_CTX_set_key_length(WOLFSSL_EVP_CIPHER_CTX* ctx,
8510 int keylen)
8511 {
8512 WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_set_key_length");
8513 if (ctx)
8514 ctx->keyLen = keylen;
8515 else
8516 return WOLFSSL_FAILURE;
8517
8518 return WOLFSSL_SUCCESS;
8519 }
8520
8521#ifdef HAVE_WOLFSSL_EVP_CIPHER_CTX_IV
8522 /* returns WOLFSSL_SUCCESS on success, otherwise returns WOLFSSL_FAILURE */
8523 int wolfSSL_EVP_CIPHER_CTX_set_iv_length(WOLFSSL_EVP_CIPHER_CTX* ctx,
8524 int ivLen)
8525 {
8526 WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_set_iv_length");
8527 if (ctx == NULL) {
8528 return WOLFSSL_FAILURE;
8529 }
8530
8531 if (ivLen < 0 || ivLen > (int) sizeof(ctx->iv)) {
8532 return WOLFSSL_FAILURE;
8533 }
8534
8535 ctx->ivSz = ivLen;
8536
8537 return WOLFSSL_SUCCESS;
8538 }
8539#endif
8540
8541#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) || \
8542 (defined(HAVE_CHACHA) && defined(HAVE_POLY1305))
8543 /* returns WOLFSSL_SUCCESS on success, otherwise returns WOLFSSL_FAILURE */
8544 int wolfSSL_EVP_CIPHER_CTX_set_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* iv,
8545 int ivLen)
8546 {
8547 int expectedIvLen;
8548
8549 WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_set_iv");
8550 if (!ctx || !iv || !ivLen) {
8551 return WOLFSSL_FAILURE;
8552 }
8553
8554 expectedIvLen = wolfSSL_EVP_CIPHER_CTX_iv_length(ctx);
8555
8556 if (expectedIvLen == 0 || expectedIvLen != ivLen) {
8557 WOLFSSL_MSG("Wrong ivLen value");
8558 return WOLFSSL_FAILURE;
8559 }
8560
8561 return wolfSSL_EVP_CipherInit(ctx, NULL, NULL, iv, -1);
8562 }
8563#endif
8564
8565#if !defined(NO_AES) || !defined(NO_DES3)
8566 /* returns WOLFSSL_SUCCESS on success, otherwise returns WOLFSSL_FAILURE */
8567 int wolfSSL_EVP_CIPHER_CTX_get_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* iv,
8568 int ivLen)
8569 {
8570 int expectedIvLen;
8571
8572 WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_get_iv");
8573
8574 if (ctx == NULL || iv == NULL || ivLen == 0) {
8575 WOLFSSL_MSG("Bad parameter");
8576 return WOLFSSL_FAILURE;
8577 }
8578
8579 expectedIvLen = wolfSSL_EVP_CIPHER_CTX_iv_length(ctx);
8580 if (expectedIvLen == 0 || expectedIvLen != ivLen) {
8581 WOLFSSL_MSG("Wrong ivLen value");
8582 return WOLFSSL_FAILURE;
8583 }
8584
8585 XMEMCPY(iv, ctx->iv, (size_t)ivLen);
8586
8587 return WOLFSSL_SUCCESS;
8588 }
8589#endif /* !NO_AES || !NO_DES3 */
8590
8591 static int IsCipherTypeAEAD(unsigned int type)
8592 {
8593 switch (type) {
8594 case WC_AES_128_GCM_TYPE:
8595 case WC_AES_192_GCM_TYPE:
8596 case WC_AES_256_GCM_TYPE:
8597 case WC_AES_128_CCM_TYPE:
8598 case WC_AES_192_CCM_TYPE:
8599 case WC_AES_256_CCM_TYPE:
8600 case WC_ARIA_128_GCM_TYPE:
8601 case WC_ARIA_192_GCM_TYPE:
8602 case WC_ARIA_256_GCM_TYPE:
8603 case WC_SM4_GCM_TYPE:
8604 case WC_SM4_CCM_TYPE:
8605 return 1;
8606 default:
8607 return 0;
8608 }
8609 }
8610
8611 /* Return length on ok */
8612 int wolfSSL_EVP_Cipher(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* dst,
8613 const byte* src, word32 len)
8614 {
8615 int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
8616
8617 WOLFSSL_ENTER("wolfSSL_EVP_Cipher");
8618
8619 if (ctx == NULL) {
8620 WOLFSSL_MSG("Bad argument.");
8621 return WOLFSSL_FATAL_ERROR;
8622 }
8623
8624 if (!IsCipherTypeAEAD(ctx->cipherType)) {
8625 /* No-op for non-AEAD ciphers */
8626 if (src == NULL && dst == NULL && len == 0)
8627 return 0;
8628 if (src == NULL || dst == NULL) {
8629 WOLFSSL_MSG("Bad argument.");
8630 return WOLFSSL_FATAL_ERROR;
8631 }
8632 }
8633
8634 if (ctx->cipherType == WOLFSSL_EVP_CIPH_TYPE_INIT) {
8635 WOLFSSL_MSG("Cipher operation not initialized. Call "
8636 "wolfSSL_EVP_CipherInit.");
8637 return WOLFSSL_FATAL_ERROR;
8638 }
8639
8640 switch (ctx->cipherType) {
8641
8642#ifndef NO_AES
8643#ifdef HAVE_AES_CBC
8644 case WC_AES_128_CBC_TYPE :
8645 case WC_AES_192_CBC_TYPE :
8646 case WC_AES_256_CBC_TYPE :
8647 WOLFSSL_MSG("AES CBC");
8648 if (ctx->enc)
8649 ret = wc_AesCbcEncrypt(&ctx->cipher.aes, dst, src, len);
8650 else
8651 ret = wc_AesCbcDecrypt(&ctx->cipher.aes, dst, src, len);
8652 if (ret == 0)
8653 ret = (int)((len / WC_AES_BLOCK_SIZE) * WC_AES_BLOCK_SIZE);
8654 break;
8655#endif /* HAVE_AES_CBC */
8656
8657#ifdef WOLFSSL_AES_CFB
8658#if !defined(WOLFSSL_NO_AES_CFB_1_8)
8659 case WC_AES_128_CFB1_TYPE:
8660 case WC_AES_192_CFB1_TYPE:
8661 case WC_AES_256_CFB1_TYPE:
8662 WOLFSSL_MSG("AES CFB1");
8663 if (ctx->enc)
8664 ret = wc_AesCfb1Encrypt(&ctx->cipher.aes, dst, src, len);
8665 else
8666 ret = wc_AesCfb1Decrypt(&ctx->cipher.aes, dst, src, len);
8667 if (ret == 0)
8668 ret = (int)len;
8669 break;
8670 case WC_AES_128_CFB8_TYPE:
8671 case WC_AES_192_CFB8_TYPE:
8672 case WC_AES_256_CFB8_TYPE:
8673 WOLFSSL_MSG("AES CFB8");
8674 if (ctx->enc)
8675 ret = wc_AesCfb8Encrypt(&ctx->cipher.aes, dst, src, len);
8676 else
8677 ret = wc_AesCfb8Decrypt(&ctx->cipher.aes, dst, src, len);
8678 if (ret == 0)
8679 ret = (int)len;
8680 break;
8681#endif /* !WOLFSSL_NO_AES_CFB_1_8 */
8682 case WC_AES_128_CFB128_TYPE:
8683 case WC_AES_192_CFB128_TYPE:
8684 case WC_AES_256_CFB128_TYPE:
8685 WOLFSSL_MSG("AES CFB128");
8686 if (ctx->enc)
8687 ret = wc_AesCfbEncrypt(&ctx->cipher.aes, dst, src, len);
8688 else
8689 ret = wc_AesCfbDecrypt(&ctx->cipher.aes, dst, src, len);
8690 if (ret == 0)
8691 ret = (int)len;
8692 break;
8693#endif /* WOLFSSL_AES_CFB */
8694#if defined(WOLFSSL_AES_OFB)
8695 case WC_AES_128_OFB_TYPE:
8696 case WC_AES_192_OFB_TYPE:
8697 case WC_AES_256_OFB_TYPE:
8698 WOLFSSL_MSG("AES OFB");
8699 if (ctx->enc)
8700 ret = wc_AesOfbEncrypt(&ctx->cipher.aes, dst, src, len);
8701 else
8702 ret = wc_AesOfbDecrypt(&ctx->cipher.aes, dst, src, len);
8703 if (ret == 0)
8704 ret = (int)len;
8705 break;
8706#endif /* WOLFSSL_AES_OFB */
8707#if defined(WOLFSSL_AES_XTS) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3))
8708 case WC_AES_128_XTS_TYPE:
8709 case WC_AES_256_XTS_TYPE:
8710 WOLFSSL_MSG("AES XTS");
8711 if (ctx->enc)
8712 ret = wc_AesXtsEncrypt(&ctx->cipher.xts, dst, src, len,
8713 ctx->iv, (word32)ctx->ivSz);
8714 else
8715 ret = wc_AesXtsDecrypt(&ctx->cipher.xts, dst, src, len,
8716 ctx->iv, (word32)ctx->ivSz);
8717 if (ret == 0)
8718 ret = (int)len;
8719 break;
8720#endif /* WOLFSSL_AES_XTS && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) */
8721
8722#if defined(HAVE_AESGCM) && ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) \
8723 || FIPS_VERSION_GE(2,0))
8724 case WC_AES_128_GCM_TYPE :
8725 case WC_AES_192_GCM_TYPE :
8726 case WC_AES_256_GCM_TYPE :
8727 WOLFSSL_MSG("AES GCM");
8728 ret = EvpCipherAesGCM(ctx, dst, src, len);
8729 break;
8730#endif /* HAVE_AESGCM && ((!HAVE_FIPS && !HAVE_SELFTEST) ||
8731 * HAVE_FIPS_VERSION >= 2 */
8732#if defined(HAVE_AESCCM) && ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) \
8733 || FIPS_VERSION_GE(2,0))
8734 case WC_AES_128_CCM_TYPE :
8735 case WC_AES_192_CCM_TYPE :
8736 case WC_AES_256_CCM_TYPE :
8737 WOLFSSL_MSG("AES CCM");
8738 ret = EvpCipherAesCCM(ctx, dst, src, len);
8739 break;
8740#endif /* HAVE_AESCCM && ((!HAVE_FIPS && !HAVE_SELFTEST) ||
8741 * HAVE_FIPS_VERSION >= 2 */
8742#ifdef HAVE_AES_ECB
8743 case WC_AES_128_ECB_TYPE :
8744 case WC_AES_192_ECB_TYPE :
8745 case WC_AES_256_ECB_TYPE :
8746 WOLFSSL_MSG("AES ECB");
8747 if (ctx->enc)
8748 ret = wc_AesEcbEncrypt(&ctx->cipher.aes, dst, src, len);
8749 else
8750 ret = wc_AesEcbDecrypt(&ctx->cipher.aes, dst, src, len);
8751 if (ret == 0)
8752 ret = (int)((len / WC_AES_BLOCK_SIZE) * WC_AES_BLOCK_SIZE);
8753 break;
8754#endif
8755#ifdef WOLFSSL_AES_COUNTER
8756 case WC_AES_128_CTR_TYPE :
8757 case WC_AES_192_CTR_TYPE :
8758 case WC_AES_256_CTR_TYPE :
8759 WOLFSSL_MSG("AES CTR");
8760 ret = wc_AesCtrEncrypt(&ctx->cipher.aes, dst, src, len);
8761 if (ret == 0)
8762 ret = (int)len;
8763 break;
8764#endif /* WOLFSSL_AES_COUNTER */
8765#endif /* NO_AES */
8766
8767#if defined(HAVE_ARIA) && ((!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) \
8768 || FIPS_VERSION_GE(2,0))
8769 case WC_ARIA_128_GCM_TYPE :
8770 case WC_ARIA_192_GCM_TYPE :
8771 case WC_ARIA_256_GCM_TYPE :
8772 WOLFSSL_MSG("ARIA GCM");
8773 if (ctx->enc) {
8774 ret = wc_AriaEncrypt(&ctx->cipher.aria, dst, src, len,
8775 ctx->iv, ctx->ivSz, NULL, 0,
8776 ctx->authTag, ctx->authTagSz);
8777 }
8778 else {
8779 ret = wc_AriaDecrypt(&ctx->cipher.aria, dst, src, len,
8780 ctx->iv, ctx->ivSz, NULL, 0,
8781 ctx->authTag, ctx->authTagSz);
8782 }
8783 break;
8784#endif /* HAVE_ARIA&& ((!HAVE_FIPS && !HAVE_SELFTEST) ||
8785 * HAVE_FIPS_VERSION >= 2 */
8786
8787#ifndef NO_DES3
8788 case WC_DES_CBC_TYPE :
8789 WOLFSSL_MSG("DES CBC");
8790 if (ctx->enc)
8791 wc_Des_CbcEncrypt(&ctx->cipher.des, dst, src, len);
8792 else
8793 wc_Des_CbcDecrypt(&ctx->cipher.des, dst, src, len);
8794 if (ret == 0)
8795 ret = (int)((len / DES_BLOCK_SIZE) * DES_BLOCK_SIZE);
8796 break;
8797 case WC_DES_EDE3_CBC_TYPE :
8798 WOLFSSL_MSG("DES3 CBC");
8799 if (ctx->enc)
8800 ret = wc_Des3_CbcEncrypt(&ctx->cipher.des3, dst, src, len);
8801 else
8802 ret = wc_Des3_CbcDecrypt(&ctx->cipher.des3, dst, src, len);
8803 if (ret == 0)
8804 ret = (int)((len / DES_BLOCK_SIZE) * DES_BLOCK_SIZE);
8805 break;
8806#ifdef WOLFSSL_DES_ECB
8807 case WC_DES_ECB_TYPE :
8808 WOLFSSL_MSG("DES ECB");
8809 if (ctx->enc)
8810 ret = wc_Des_EcbEncrypt(&ctx->cipher.des, dst, src, len);
8811 else
8812 ret = wc_Des_EcbDecrypt(&ctx->cipher.des, dst, src, len);
8813 if (ret == 0)
8814 ret = (int)((len / DES_BLOCK_SIZE) * DES_BLOCK_SIZE);
8815 break;
8816 case WC_DES_EDE3_ECB_TYPE :
8817 WOLFSSL_MSG("DES3 ECB");
8818 if (ctx->enc)
8819 ret = wc_Des3_EcbEncrypt(&ctx->cipher.des3, dst, src, len);
8820 else
8821 ret = wc_Des3_EcbDecrypt(&ctx->cipher.des3, dst, src, len);
8822 if (ret == 0)
8823 ret = (int)((len / DES_BLOCK_SIZE) * DES_BLOCK_SIZE);
8824 break;
8825#endif
8826#endif /* !NO_DES3 */
8827
8828#ifndef NO_RC4
8829 case WC_ARC4_TYPE :
8830 WOLFSSL_MSG("ARC4");
8831 wc_Arc4Process(&ctx->cipher.arc4, dst, src, len);
8832 if (ret == 0)
8833 ret = (int)len;
8834 break;
8835#endif
8836
8837 /* TODO: Chacha??? */
8838
8839#ifdef WOLFSSL_SM4_ECB
8840 case WC_SM4_ECB_TYPE :
8841 WOLFSSL_MSG("Sm4 ECB");
8842 if (ctx->enc)
8843 ret = wc_Sm4EcbEncrypt(&ctx->cipher.sm4, dst, src, len);
8844 else
8845 ret = wc_Sm4EcbDecrypt(&ctx->cipher.sm4, dst, src, len);
8846 if (ret == 0)
8847 ret = (int)((len / SM4_BLOCK_SIZE) * SM4_BLOCK_SIZE);
8848 break;
8849#endif
8850#ifdef WOLFSSL_SM4_CBC
8851 case WC_SM4_CBC_TYPE :
8852 WOLFSSL_MSG("Sm4 CBC");
8853 if (ctx->enc)
8854 ret = wc_Sm4CbcEncrypt(&ctx->cipher.sm4, dst, src, len);
8855 else
8856 ret = wc_Sm4CbcDecrypt(&ctx->cipher.sm4, dst, src, len);
8857 if (ret == 0)
8858 ret = (int)((len / SM4_BLOCK_SIZE) * SM4_BLOCK_SIZE);
8859 break;
8860#endif
8861#ifdef WOLFSSL_SM4_CTR
8862 case WC_SM4_CTR_TYPE :
8863 WOLFSSL_MSG("Sm4 CTR");
8864 ret = wc_Sm4CtrEncrypt(&ctx->cipher.sm4, dst, src, len);
8865 if (ret == 0)
8866 ret = (int)len;
8867 break;
8868#endif
8869#ifdef WOLFSSL_SM4_GCM
8870 case WC_SM4_GCM_TYPE :
8871 WOLFSSL_MSG("SM4 GCM");
8872 /* No destination means only AAD. */
8873 if (src != NULL && dst == NULL) {
8874 ret = wolfSSL_EVP_CipherUpdate_GCM_AAD(ctx, src, len);
8875 }
8876 else if (src != NULL && dst != NULL) {
8877 if (ctx->enc) {
8878 ret = wc_Sm4GcmEncrypt(&ctx->cipher.sm4, dst, src,
8879 len, ctx->iv, ctx->ivSz, ctx->authTag,
8880 ctx->authTagSz, ctx->authIn,
8881 ctx->authInSz);
8882 }
8883 else {
8884 ret = wc_Sm4GcmDecrypt(&ctx->cipher.sm4, dst, src,
8885 len, ctx->iv, ctx->ivSz, ctx->authTag,
8886 ctx->authTagSz, ctx->authIn,
8887 ctx->authInSz);
8888 }
8889 if (ctx->authIncIv) {
8890 IncCtr((byte*)ctx->cipher.sm4.iv,
8891 ctx->cipher.sm4.nonceSz);
8892 ctx->authIncIv = 0;
8893 }
8894 }
8895 break;
8896#endif
8897#ifdef WOLFSSL_SM4_CCM
8898 case WC_SM4_CCM_TYPE :
8899 WOLFSSL_MSG("SM4 CCM");
8900 /* No destination means only AAD. */
8901 if (src != NULL && dst == NULL) {
8902 ret = wolfSSL_EVP_CipherUpdate_CCM_AAD(ctx, src, len);
8903 }
8904 else if (src != NULL && dst != NULL) {
8905 if (ctx->enc) {
8906 ret = wc_Sm4CcmEncrypt(&ctx->cipher.sm4, dst, src,
8907 len, ctx->iv, ctx->ivSz, ctx->authTag,
8908 ctx->authTagSz, ctx->authIn,
8909 ctx->authInSz);
8910 }
8911 else {
8912 ret = wc_Sm4CcmDecrypt(&ctx->cipher.sm4, dst, src,
8913 len, ctx->iv, ctx->ivSz, ctx->authTag,
8914 ctx->authTagSz, ctx->authIn,
8915 ctx->authInSz);
8916 }
8917 if (ctx->authIncIv) {
8918 IncCtr((byte*)ctx->cipher.sm4.iv,
8919 ctx->cipher.sm4.nonceSz);
8920 ctx->authIncIv = 0;
8921 }
8922 }
8923 if (src == NULL) {
8924 /*
8925 * Clear any leftover AAD on final (final is when src is
8926 * NULL).
8927 */
8928 if (ctx->authIn != NULL) {
8929 XMEMSET(ctx->authIn, 0, (size_t)ctx->authInSz);
8930 }
8931 ctx->authInSz = 0;
8932 }
8933 if (ret == 0) {
8934 ret = (int)len;
8935 }
8936 break;
8937#endif
8938
8939 case WC_NULL_CIPHER_TYPE :
8940 WOLFSSL_MSG("NULL CIPHER");
8941 XMEMCPY(dst, src, (size_t)len);
8942 ret = (int)len;
8943 break;
8944
8945 default: {
8946 WOLFSSL_MSG("bad type");
8947 return WOLFSSL_FATAL_ERROR;
8948 }
8949 }
8950
8951 if (ret < 0) {
8952 if (ret == WC_NO_ERR_TRACE(AES_GCM_AUTH_E)) {
8953 WOLFSSL_MSG("wolfSSL_EVP_Cipher failure: bad AES-GCM tag.");
8954 }
8955 WOLFSSL_MSG("wolfSSL_EVP_Cipher failure");
8956 return WOLFSSL_FATAL_ERROR;
8957 }
8958
8959 if (wolfSSL_StoreExternalIV(ctx) != WOLFSSL_SUCCESS) {
8960 return WOLFSSL_FATAL_ERROR;
8961 }
8962
8963 WOLFSSL_MSG("wolfSSL_EVP_Cipher success");
8964 return ret;
8965 }
8966
8967static void clearEVPPkeyKeys(WOLFSSL_EVP_PKEY *pkey)
8968{
8969 if(pkey == NULL)
8970 return;
8971 WOLFSSL_ENTER("clearEVPPkeyKeys");
8972#ifndef NO_RSA
8973 if (pkey->rsa != NULL && pkey->ownRsa == 1) {
8974 wolfSSL_RSA_free(pkey->rsa);
8975 pkey->rsa = NULL;
8976 }
8977 pkey->ownRsa = 0;
8978#endif
8979#ifndef NO_DSA
8980 if (pkey->dsa != NULL && pkey->ownDsa == 1) {
8981 wolfSSL_DSA_free(pkey->dsa);
8982 pkey->dsa = NULL;
8983 }
8984 pkey->ownDsa = 0;
8985#endif
8986#ifndef NO_DH
8987 if (pkey->dh != NULL && pkey->ownDh == 1) {
8988 wolfSSL_DH_free(pkey->dh);
8989 pkey->dh = NULL;
8990 }
8991 pkey->ownDh = 0;
8992#endif
8993#ifdef HAVE_ECC
8994 if (pkey->ecc != NULL && pkey->ownEcc == 1) {
8995 wolfSSL_EC_KEY_free(pkey->ecc);
8996 pkey->ecc = NULL;
8997 }
8998 pkey->ownEcc = 0;
8999#endif
9000}
9001
9002#ifndef NO_RSA
9003#ifdef WOLFSSL_KEY_TO_DER
9004static int PopulateRSAEvpPkeyDer(WOLFSSL_EVP_PKEY *pkey)
9005{
9006 int ret = 0;
9007 int derSz = 0;
9008 word32 pkcs8Sz = 0;
9009 byte* derBuf = NULL;
9010 RsaKey* rsa = NULL;
9011 WOLFSSL_RSA *key = NULL;
9012
9013 if (pkey == NULL || pkey->rsa == NULL || pkey->rsa->internal == NULL) {
9014 WOLFSSL_MSG("bad parameter");
9015 return WOLFSSL_FAILURE;
9016 }
9017
9018 key = pkey->rsa;
9019 rsa = (RsaKey*)pkey->rsa->internal;
9020
9021 /* Get DER size */
9022 if (rsa->type == RSA_PRIVATE) {
9023 ret = wc_RsaKeyToDer(rsa, NULL, 0);
9024 if (ret > 0) {
9025 derSz = ret;
9026 #ifdef HAVE_PKCS8
9027 if (key->pkcs8HeaderSz) {
9028 ret = wc_CreatePKCS8Key(NULL, &pkcs8Sz, NULL, (word32)derSz,
9029 RSAk, NULL, 0);
9030 if (ret == WC_NO_ERR_TRACE(LENGTH_ONLY_E))
9031 ret = 0;
9032 }
9033 #endif
9034 }
9035 }
9036 else {
9037 ret = wc_RsaKeyToPublicDer(rsa, NULL, 0);
9038 if (ret > 0)
9039 derSz = ret;
9040 }
9041
9042 if (derSz == 0 || ret < 0) {
9043 WOLFSSL_MSG("Error getting RSA DER size");
9044 return WOLFSSL_FAILURE;
9045 }
9046
9047#ifdef WOLFSSL_NO_REALLOC
9048 derBuf = (byte*)XMALLOC((size_t)derSz, pkey->heap, DYNAMIC_TYPE_DER);
9049 if (derBuf != NULL) {
9050 XMEMCPY(derBuf, pkey->pkey.ptr, (size_t)pkey->pkey_sz);
9051 XFREE(pkey->pkey.ptr, pkey->heap, DYNAMIC_TYPE_DER);
9052 pkey->pkey.ptr = NULL;
9053 }
9054#else
9055 derBuf = (byte*)XREALLOC(pkey->pkey.ptr, (size_t)derSz,
9056 pkey->heap, DYNAMIC_TYPE_DER);
9057#endif
9058 if (derBuf == NULL) {
9059 WOLFSSL_MSG("PopulateRSAEvpPkeyDer malloc failed");
9060 return WOLFSSL_FAILURE;
9061 }
9062
9063 /* Old pointer is invalid from this point on */
9064 pkey->pkey.ptr = (char*)derBuf;
9065
9066 if (rsa->type == RSA_PRIVATE) {
9067 ret = wc_RsaKeyToDer(rsa, derBuf, (word32)derSz);
9068 if (ret > 0) {
9069 derSz = ret;
9070 #ifdef HAVE_PKCS8
9071 if (key->pkcs8HeaderSz) {
9072 byte* keyBuf = derBuf;
9073 int keySz = derSz;
9074 word32 sz = pkcs8Sz;
9075 /* Need new buffer for PKCS8 since we can't
9076 * do this in-place */
9077 derBuf = (byte*)XMALLOC((size_t)pkcs8Sz, pkey->heap,
9078 DYNAMIC_TYPE_DER);
9079 if (derBuf != NULL) {
9080 ret = wc_CreatePKCS8Key(derBuf, &sz, keyBuf, (word32)keySz,
9081 RSAk, NULL, 0);
9082 XFREE(keyBuf, pkey->heap, DYNAMIC_TYPE_DER);
9083 pkey->pkey.ptr = (char*)derBuf;
9084 }
9085 else {
9086 ret = MEMORY_E;
9087 }
9088 derSz = (int)sz;
9089 }
9090 #endif
9091 }
9092 }
9093 else {
9094 /* Public key to DER */
9095 ret = wc_RsaKeyToPublicDer(rsa, derBuf, (word32)derSz);
9096 if (ret > 0)
9097 derSz = ret;
9098 }
9099
9100 if (ret < 0) {
9101 WOLFSSL_MSG("PopulateRSAEvpPkeyDer failed");
9102 return WOLFSSL_FAILURE;
9103 }
9104 else {
9105 pkey->pkey_sz = derSz;
9106 return WOLFSSL_SUCCESS;
9107 }
9108}
9109#endif /* WOLFSSL_KEY_TO_DER */
9110
9111WOLFSSL_RSA* wolfSSL_EVP_PKEY_get0_RSA(WOLFSSL_EVP_PKEY *pkey)
9112{
9113 WOLFSSL_MSG("wolfSSL_EVP_PKEY_get0_RSA");
9114
9115 if (pkey == NULL)
9116 return NULL;
9117
9118 return pkey->rsa;
9119}
9120
9121WOLFSSL_RSA* wolfSSL_EVP_PKEY_get1_RSA(WOLFSSL_EVP_PKEY* pkey)
9122{
9123 WOLFSSL_MSG("wolfSSL_EVP_PKEY_get1_RSA");
9124
9125 if (pkey == NULL || pkey->rsa == NULL)
9126 return NULL;
9127
9128 if (wolfSSL_RSA_up_ref(pkey->rsa) != WOLFSSL_SUCCESS)
9129 return NULL;
9130
9131 return pkey->rsa;
9132}
9133
9134/* with set1 functions the pkey struct does not own the RSA structure
9135 *
9136 * returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure
9137 */
9138int wolfSSL_EVP_PKEY_set1_RSA(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_RSA *key)
9139{
9140 WOLFSSL_ENTER("wolfSSL_EVP_PKEY_set1_RSA");
9141 if (pkey == NULL || key == NULL)
9142 return WOLFSSL_FAILURE;
9143
9144 if (wolfSSL_RSA_up_ref(key) != WOLFSSL_SUCCESS) {
9145 WOLFSSL_MSG("wolfSSL_RSA_up_ref failed");
9146 return WOLFSSL_FAILURE;
9147 }
9148
9149 clearEVPPkeyKeys(pkey);
9150 pkey->rsa = key;
9151 pkey->ownRsa = 1; /* pkey does not own RSA but needs to call free on it */
9152 pkey->type = WC_EVP_PKEY_RSA;
9153 pkey->pkcs8HeaderSz = key->pkcs8HeaderSz;
9154 if (key->inSet == 0) {
9155 if (SetRsaInternal(key) != WOLFSSL_SUCCESS) {
9156 WOLFSSL_MSG("SetRsaInternal failed");
9157 return WOLFSSL_FAILURE;
9158 }
9159 }
9160
9161#ifdef WOLFSSL_KEY_TO_DER
9162 if (PopulateRSAEvpPkeyDer(pkey) != WOLFSSL_SUCCESS) {
9163 WOLFSSL_MSG("PopulateRSAEvpPkeyDer failed");
9164 return WOLFSSL_FAILURE;
9165 }
9166#endif
9167
9168#ifdef WC_RSA_BLINDING
9169 if (key->ownRng == 0) {
9170 if (wc_RsaSetRNG((RsaKey*)pkey->rsa->internal, &pkey->rng) != 0) {
9171 WOLFSSL_MSG("Error setting RSA rng");
9172 return WOLFSSL_FAILURE;
9173 }
9174 }
9175#endif
9176 return WOLFSSL_SUCCESS;
9177}
9178#endif /* !NO_RSA */
9179
9180#if !defined (NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN)
9181/* with set1 functions the pkey struct does not own the DSA structure
9182 *
9183 * returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure
9184 */
9185int wolfSSL_EVP_PKEY_set1_DSA(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_DSA *key)
9186{
9187 int derMax = 0;
9188 int derSz = 0;
9189 DsaKey* dsa = NULL;
9190 byte* derBuf = NULL;
9191
9192 WOLFSSL_ENTER("wolfSSL_EVP_PKEY_set1_DSA");
9193
9194 if((pkey == NULL) || (key == NULL))return WOLFSSL_FAILURE;
9195 clearEVPPkeyKeys(pkey);
9196 pkey->dsa = key;
9197 pkey->ownDsa = 0; /* pkey does not own DSA */
9198 pkey->type = WC_EVP_PKEY_DSA;
9199 if (key->inSet == 0) {
9200 if (SetDsaInternal(key) != WOLFSSL_SUCCESS) {
9201 WOLFSSL_MSG("SetDsaInternal failed");
9202 return WOLFSSL_FAILURE;
9203 }
9204 }
9205 dsa = (DsaKey*)key->internal;
9206
9207 /* 4 > size of pub, priv, p, q, g + ASN.1 additional information */
9208 derMax = 4 * wolfSSL_BN_num_bytes(key->g) + WC_AES_BLOCK_SIZE;
9209
9210 derBuf = (byte*)XMALLOC((size_t)derMax, pkey->heap,
9211 DYNAMIC_TYPE_TMP_BUFFER);
9212 if (derBuf == NULL) {
9213 WOLFSSL_MSG("malloc failed");
9214 return WOLFSSL_FAILURE;
9215 }
9216
9217 if (dsa->type == DSA_PRIVATE) {
9218 /* Private key to DER */
9219 derSz = wc_DsaKeyToDer(dsa, derBuf, (word32)derMax);
9220 }
9221 else {
9222 /* Public key to DER */
9223 derSz = wc_DsaKeyToPublicDer(dsa, derBuf, (word32)derMax);
9224 }
9225
9226 if (derSz < 0) {
9227 if (dsa->type == DSA_PRIVATE) {
9228 WOLFSSL_MSG("wc_DsaKeyToDer failed");
9229 }
9230 else {
9231 WOLFSSL_MSG("wc_DsaKeyToPublicDer failed");
9232 }
9233 XFREE(derBuf, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER);
9234 return WOLFSSL_FAILURE;
9235 }
9236
9237 pkey->pkey.ptr = (char*)XMALLOC((size_t)derSz, pkey->heap,
9238 DYNAMIC_TYPE_DER);
9239 if (pkey->pkey.ptr == NULL) {
9240 WOLFSSL_MSG("key malloc failed");
9241 XFREE(derBuf, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER);
9242 return WOLFSSL_FAILURE;
9243 }
9244 pkey->pkey_sz = derSz;
9245 XMEMCPY(pkey->pkey.ptr, derBuf, (size_t)derSz);
9246 XFREE(derBuf, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER);
9247
9248 return WOLFSSL_SUCCESS;
9249}
9250
9251WOLFSSL_DSA* wolfSSL_EVP_PKEY_get0_DSA(struct WOLFSSL_EVP_PKEY *pkey)
9252{
9253 if (!pkey) {
9254 return NULL;
9255 }
9256 return pkey->dsa;
9257}
9258
9259WOLFSSL_DSA* wolfSSL_EVP_PKEY_get1_DSA(WOLFSSL_EVP_PKEY* key)
9260{
9261 WOLFSSL_DSA* local;
9262
9263 WOLFSSL_ENTER("wolfSSL_EVP_PKEY_get1_DSA");
9264
9265 if (key == NULL) {
9266 WOLFSSL_MSG("Bad function argument");
9267 return NULL;
9268 }
9269
9270 local = wolfSSL_DSA_new();
9271 if (local == NULL) {
9272 WOLFSSL_MSG("Error creating a new WOLFSSL_DSA structure");
9273 return NULL;
9274 }
9275
9276 if (key->type == WC_EVP_PKEY_DSA) {
9277 if (wolfSSL_DSA_LoadDer(local, (const unsigned char*)key->pkey.ptr,
9278 key->pkey_sz) != WOLFSSL_SUCCESS) {
9279 /* now try public key */
9280 if (wolfSSL_DSA_LoadDer_ex(local,
9281 (const unsigned char*)key->pkey.ptr, key->pkey_sz,
9282 WOLFSSL_DSA_LOAD_PUBLIC) != WOLFSSL_SUCCESS) {
9283 wolfSSL_DSA_free(local);
9284 local = NULL;
9285 }
9286 }
9287 }
9288 else {
9289 WOLFSSL_MSG("WOLFSSL_EVP_PKEY does not hold a DSA key");
9290 wolfSSL_DSA_free(local);
9291 local = NULL;
9292 }
9293 return local;
9294}
9295#endif /* !NO_DSA && !HAVE_SELFTEST && WOLFSSL_KEY_GEN */
9296
9297#ifdef HAVE_ECC
9298WOLFSSL_EC_KEY *wolfSSL_EVP_PKEY_get0_EC_KEY(WOLFSSL_EVP_PKEY *pkey)
9299{
9300 WOLFSSL_EC_KEY *eckey = NULL;
9301 if (pkey && pkey->type == WC_EVP_PKEY_EC) {
9302#ifdef HAVE_ECC
9303 eckey = pkey->ecc;
9304#endif
9305 }
9306 return eckey;
9307}
9308
9309WOLFSSL_EC_KEY* wolfSSL_EVP_PKEY_get1_EC_KEY(WOLFSSL_EVP_PKEY* key)
9310{
9311 WOLFSSL_EC_KEY* local = NULL;
9312 WOLFSSL_ENTER("wolfSSL_EVP_PKEY_get1_EC_KEY");
9313
9314 if (key == NULL || key->type != WC_EVP_PKEY_EC) {
9315 return NULL;
9316 }
9317 if (key->type == WC_EVP_PKEY_EC) {
9318 if (key->ecc != NULL) {
9319 if (wolfSSL_EC_KEY_up_ref(key->ecc) != WOLFSSL_SUCCESS) {
9320 return NULL;
9321 }
9322 local = key->ecc;
9323 }
9324 else {
9325 key->ecc = local = wolfSSL_EC_KEY_new();
9326 if (local == NULL) {
9327 WOLFSSL_MSG("Error creating a new WOLFSSL_EC_KEY structure");
9328 return NULL;
9329 }
9330 if (wolfSSL_EC_KEY_LoadDer(local,
9331 (const unsigned char*)key->pkey.ptr,
9332 key->pkey_sz) != WOLFSSL_SUCCESS) {
9333 /* now try public key */
9334 if (wolfSSL_EC_KEY_LoadDer_ex(local,
9335 (const unsigned char*)key->pkey.ptr, key->pkey_sz,
9336 WOLFSSL_EC_KEY_LOAD_PUBLIC) != WOLFSSL_SUCCESS) {
9337
9338 wolfSSL_EC_KEY_free(local);
9339 local = NULL;
9340 }
9341 }
9342 }
9343 }
9344 else {
9345 WOLFSSL_MSG("WOLFSSL_EVP_PKEY does not hold an EC key");
9346 }
9347
9348 return local;
9349}
9350#endif /* HAVE_ECC */
9351
9352#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || defined(WOLFSSL_OPENSSH)
9353#if !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA) && !defined(NO_FILESYSTEM)
9354/* with set1 functions the pkey struct does not own the DH structure
9355 * Build the following DH Key format from the passed in WOLFSSL_DH
9356 * then store in WOLFSSL_EVP_PKEY in DER format.
9357 *
9358 * returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure
9359 */
9360int wolfSSL_EVP_PKEY_set1_DH(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_DH *key)
9361{
9362 byte havePublic = 0, havePrivate = 0;
9363 int ret;
9364 word32 derSz = 0;
9365 byte* derBuf = NULL;
9366 DhKey* dhkey = NULL;
9367
9368 WOLFSSL_ENTER("wolfSSL_EVP_PKEY_set1_DH");
9369
9370 if (pkey == NULL || key == NULL)
9371 return WOLFSSL_FAILURE;
9372
9373 clearEVPPkeyKeys(pkey);
9374
9375 if (wolfSSL_DH_up_ref(key) != WOLFSSL_SUCCESS) {
9376 WOLFSSL_MSG("Failed to increase dh key ref count");
9377 return WOLFSSL_FAILURE;
9378 }
9379
9380 pkey->dh = key;
9381 pkey->ownDh = 1; /* pkey does not own DH but needs to call free on it */
9382 pkey->type = WC_EVP_PKEY_DH;
9383 if (key->inSet == 0) {
9384 if (SetDhInternal(key) != WOLFSSL_SUCCESS) {
9385 WOLFSSL_MSG("SetDhInternal failed");
9386 return WOLFSSL_FAILURE;
9387 }
9388 }
9389
9390 dhkey = (DhKey*)key->internal;
9391
9392 havePublic = mp_unsigned_bin_size(&dhkey->pub) > 0;
9393 havePrivate = mp_unsigned_bin_size(&dhkey->priv) > 0;
9394
9395 /* Get size of DER buffer only */
9396 if (havePublic && !havePrivate) {
9397 ret = wc_DhPubKeyToDer(dhkey, NULL, &derSz);
9398 } else if (havePrivate) {
9399 ret = wc_DhPrivKeyToDer(dhkey, NULL, &derSz);
9400 } else {
9401 ret = wc_DhParamsToDer(dhkey,NULL,&derSz);
9402 }
9403
9404 if (derSz == 0 || ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
9405 WOLFSSL_MSG("Failed to get size of DH Key");
9406 return WOLFSSL_FAILURE;
9407 }
9408
9409 derBuf = (byte*)XMALLOC((size_t)derSz, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER);
9410 if (derBuf == NULL) {
9411 WOLFSSL_MSG("malloc failed");
9412 return WOLFSSL_FAILURE;
9413 }
9414
9415 /* Fill DER buffer */
9416 if (havePublic && !havePrivate) {
9417 ret = wc_DhPubKeyToDer(dhkey, derBuf, &derSz);
9418 } else if (havePrivate) {
9419 ret = wc_DhPrivKeyToDer(dhkey, derBuf, &derSz);
9420 } else {
9421 ret = wc_DhParamsToDer(dhkey,derBuf,&derSz);
9422 }
9423
9424 if (ret <= 0) {
9425 WOLFSSL_MSG("Failed to export DH Key");
9426 XFREE(derBuf, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER);
9427 return WOLFSSL_FAILURE;
9428 }
9429
9430 /* Store DH key into pkey (DER format) */
9431 pkey->pkey.ptr = (char*)derBuf;
9432 pkey->pkey_sz = (int)derSz;
9433
9434 return WOLFSSL_SUCCESS;
9435}
9436
9437WOLFSSL_DH* wolfSSL_EVP_PKEY_get0_DH(WOLFSSL_EVP_PKEY* key)
9438{
9439 if (!key) {
9440 return NULL;
9441 }
9442 return key->dh;
9443}
9444
9445WOLFSSL_DH* wolfSSL_EVP_PKEY_get1_DH(WOLFSSL_EVP_PKEY* key)
9446{
9447 WOLFSSL_DH* local = NULL;
9448
9449 WOLFSSL_ENTER("wolfSSL_EVP_PKEY_get1_DH");
9450
9451 if (key == NULL || key->dh == NULL) {
9452 WOLFSSL_MSG("Bad function argument");
9453 return NULL;
9454 }
9455
9456 if (key->type == WC_EVP_PKEY_DH) {
9457 /* if key->dh already exists copy instead of re-importing from DER */
9458 if (key->dh != NULL) {
9459 if (wolfSSL_DH_up_ref(key->dh) != WOLFSSL_SUCCESS) {
9460 return NULL;
9461 }
9462 local = key->dh;
9463 }
9464 else {
9465#if !defined(NO_DH) && (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
9466 (HAVE_FIPS_VERSION>2)))
9467 local = wolfSSL_DH_new();
9468 if (local == NULL) {
9469 WOLFSSL_MSG("Error creating a new WOLFSSL_DH structure");
9470 return NULL;
9471 }
9472 if (wolfSSL_DH_LoadDer(local, (const unsigned char*)key->pkey.ptr,
9473 key->pkey_sz) != WOLFSSL_SUCCESS) {
9474 wolfSSL_DH_free(local);
9475 WOLFSSL_MSG("Error wolfSSL_DH_LoadDer");
9476 local = NULL;
9477 }
9478#else
9479 WOLFSSL_MSG("EVP_PKEY does not hold DH struct");
9480 return NULL;
9481#endif
9482 }
9483 }
9484 else {
9485 WOLFSSL_MSG("WOLFSSL_EVP_PKEY does not hold a DH key");
9486 wolfSSL_DH_free(local);
9487 return NULL;
9488 }
9489
9490 return local;
9491}
9492#endif /* NO_DH && WOLFSSL_DH_EXTRA && NO_FILESYSTEM */
9493
9494int wolfSSL_EVP_PKEY_assign(WOLFSSL_EVP_PKEY *pkey, int type, void *key)
9495{
9496 int ret;
9497
9498 WOLFSSL_ENTER("wolfSSL_EVP_PKEY_assign");
9499
9500 /* pkey and key checked if NULL in subsequent assign functions */
9501 switch(type) {
9502 #ifndef NO_RSA
9503 case WC_EVP_PKEY_RSA:
9504 ret = wolfSSL_EVP_PKEY_assign_RSA(pkey, (WOLFSSL_RSA*)key);
9505 break;
9506 #endif
9507 #ifndef NO_DSA
9508 case WC_EVP_PKEY_DSA:
9509 ret = wolfSSL_EVP_PKEY_assign_DSA(pkey, (WOLFSSL_DSA*)key);
9510 break;
9511 #endif
9512 #ifdef HAVE_ECC
9513 case WC_EVP_PKEY_EC:
9514 ret = wolfSSL_EVP_PKEY_assign_EC_KEY(pkey, (WOLFSSL_EC_KEY*)key);
9515 break;
9516 #endif
9517 #ifndef NO_DH
9518 case WC_EVP_PKEY_DH:
9519 ret = wolfSSL_EVP_PKEY_assign_DH(pkey, (WOLFSSL_DH*)key);
9520 break;
9521 #endif
9522 default:
9523 WOLFSSL_MSG("Unknown EVP_PKEY type in wolfSSL_EVP_PKEY_assign.");
9524 ret = WOLFSSL_FAILURE;
9525 }
9526
9527 return ret;
9528}
9529#endif /* WOLFSSL_QT || OPENSSL_ALL */
9530
9531#if defined(HAVE_ECC)
9532/* try and populate public pkey_sz and pkey.ptr */
9533static int ECC_populate_EVP_PKEY(WOLFSSL_EVP_PKEY* pkey, WOLFSSL_EC_KEY *key)
9534{
9535 int derSz = 0;
9536 byte* derBuf = NULL;
9537 ecc_key* ecc;
9538
9539 if (pkey == NULL || key == NULL || key->internal == NULL)
9540 return WOLFSSL_FAILURE;
9541
9542 ecc = (ecc_key*)key->internal;
9543 if (ecc->type == ECC_PRIVATEKEY || ecc->type == ECC_PRIVATEKEY_ONLY) {
9544#ifdef HAVE_PKCS8
9545 if (key->pkcs8HeaderSz) {
9546 /* when key has pkcs8 header the pkey should too */
9547 if (wc_EccKeyToPKCS8(ecc, NULL, (word32*)&derSz) == WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
9548 derBuf = (byte*)XMALLOC((size_t)derSz, pkey->heap,
9549 DYNAMIC_TYPE_OPENSSL);
9550 if (derBuf) {
9551 if (wc_EccKeyToPKCS8(ecc, derBuf, (word32*)&derSz) >= 0) {
9552 if (pkey->pkey.ptr) {
9553 XFREE(pkey->pkey.ptr, pkey->heap, DYNAMIC_TYPE_OPENSSL);
9554 }
9555 pkey->pkey_sz = (int)derSz;
9556 pkey->pkey.ptr = (char*)derBuf;
9557 pkey->pkcs8HeaderSz = key->pkcs8HeaderSz;
9558 return WOLFSSL_SUCCESS;
9559 }
9560 else {
9561 XFREE(derBuf, pkey->heap, DYNAMIC_TYPE_OPENSSL);
9562 derBuf = NULL;
9563 }
9564 }
9565 }
9566 }
9567 else
9568#endif /* HAVE_PKCS8 */
9569 {
9570 if (ecc->type == ECC_PRIVATEKEY_ONLY ||
9571 (ecc->type == ECC_PRIVATEKEY &&
9572 mp_iszero(ecc->pubkey.x) &&
9573 mp_iszero(ecc->pubkey.y))) {
9574 /* Reconstruct public key from private scalar. This covers
9575 * both ECC_PRIVATEKEY_ONLY keys and ECC_PRIVATEKEY keys whose
9576 * public-key point was never populated (e.g. when only
9577 * EC_KEY_set_private_key was called, SetECKeyInternal copies
9578 * the zero-initialized pub_key point and marks the type as
9579 * ECC_PRIVATEKEY, leaving pubkey.x == 0). */
9580 if (wc_ecc_make_pub(ecc, NULL) != MP_OKAY) {
9581 return WOLFSSL_FAILURE;
9582 }
9583 }
9584
9585 /* if not, the pkey will be traditional ecc key */
9586 if ((derSz = wc_EccKeyDerSize(ecc, 1)) > 0) {
9587 derBuf = (byte*)XMALLOC((size_t)derSz, pkey->heap,
9588 DYNAMIC_TYPE_OPENSSL);
9589 if (derBuf) {
9590 if (wc_EccKeyToDer(ecc, derBuf, (word32)derSz) >= 0) {
9591 if (pkey->pkey.ptr) {
9592 XFREE(pkey->pkey.ptr, pkey->heap, DYNAMIC_TYPE_OPENSSL);
9593 }
9594 pkey->pkey_sz = (int)derSz;
9595 pkey->pkey.ptr = (char*)derBuf;
9596 return WOLFSSL_SUCCESS;
9597 }
9598 else {
9599 XFREE(derBuf, pkey->heap, DYNAMIC_TYPE_OPENSSL);
9600 derBuf = NULL;
9601 }
9602 }
9603 }
9604 }
9605 }
9606 else if (ecc->type == ECC_PUBLICKEY) {
9607 if ((derSz = wc_EccPublicKeyDerSize(ecc, 1)) > 0) {
9608 #ifdef WOLFSSL_NO_REALLOC
9609 derBuf = (byte*)XMALLOC((size_t)derSz, pkey->heap, DYNAMIC_TYPE_OPENSSL);
9610 if (derBuf != NULL) {
9611 XMEMCPY(derBuf, pkey->pkey.ptr, (size_t)pkey->pkey_sz);
9612 XFREE(pkey->pkey.ptr, pkey->heap, DYNAMIC_TYPE_OPENSSL);
9613 pkey->pkey.ptr = NULL;
9614 }
9615 #else
9616 derBuf = (byte*)XREALLOC(pkey->pkey.ptr, (size_t)derSz, pkey->heap,
9617 DYNAMIC_TYPE_OPENSSL);
9618 #endif
9619 if (derBuf != NULL) {
9620 pkey->pkey.ptr = (char*)derBuf;
9621 if ((derSz = wc_EccPublicKeyToDer(ecc, derBuf, (word32)derSz,
9622 1)) < 0) {
9623 XFREE(derBuf, NULL, DYNAMIC_TYPE_OPENSSL);
9624 derBuf = NULL;
9625 }
9626 }
9627 }
9628 }
9629 if (derBuf != NULL) {
9630 pkey->pkey_sz = (int)derSz;
9631 return WOLFSSL_SUCCESS;
9632 }
9633 else {
9634 return WOLFSSL_FAILURE;
9635 }
9636}
9637
9638int wolfSSL_EVP_PKEY_set1_EC_KEY(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_EC_KEY *key)
9639{
9640#ifdef HAVE_ECC
9641 WOLFSSL_ENTER("wolfSSL_EVP_PKEY_set1_EC_KEY");
9642 if (pkey == NULL || key == NULL)
9643 return WOLFSSL_FAILURE;
9644 clearEVPPkeyKeys(pkey);
9645 if (wolfSSL_EC_KEY_up_ref(key) != WOLFSSL_SUCCESS) {
9646 WOLFSSL_MSG("wolfSSL_EC_KEY_up_ref failed");
9647 return WOLFSSL_FAILURE;
9648 }
9649 pkey->ecc = key;
9650 pkey->ownEcc = 1; /* pkey needs to call free on key */
9651 pkey->type = WC_EVP_PKEY_EC;
9652 return ECC_populate_EVP_PKEY(pkey, key);
9653#else
9654 (void)pkey;
9655 (void)key;
9656 return WOLFSSL_FAILURE;
9657#endif /* HAVE_ECC */
9658}
9659
9660void* wolfSSL_EVP_X_STATE(const WOLFSSL_EVP_CIPHER_CTX* ctx)
9661{
9662 WOLFSSL_MSG("wolfSSL_EVP_X_STATE");
9663
9664 if (ctx) {
9665 switch (ctx->cipherType) {
9666 case WC_ARC4_TYPE:
9667 WOLFSSL_MSG("returning arc4 state");
9668 return (void*)&ctx->cipher.arc4.x;
9669
9670 default:
9671 WOLFSSL_MSG("bad x state type");
9672 return 0;
9673 }
9674 }
9675
9676 return NULL;
9677}
9678int wolfSSL_EVP_PKEY_assign_EC_KEY(WOLFSSL_EVP_PKEY* pkey, WOLFSSL_EC_KEY* key)
9679{
9680 int ret;
9681
9682 if (pkey == NULL || key == NULL)
9683 return WOLFSSL_FAILURE;
9684
9685 /* try and populate public pkey_sz and pkey.ptr */
9686 ret = ECC_populate_EVP_PKEY(pkey, key);
9687 if (ret == WOLFSSL_SUCCESS) { /* take ownership of key if can be used */
9688 clearEVPPkeyKeys(pkey); /* clear out any previous keys */
9689
9690 pkey->type = WC_EVP_PKEY_EC;
9691 pkey->ecc = key;
9692 pkey->ownEcc = 1;
9693 }
9694 return ret;
9695}
9696#endif /* HAVE_ECC */
9697
9698#ifndef NO_WOLFSSL_STUB
9699const WOLFSSL_EVP_MD* wolfSSL_EVP_ripemd160(void)
9700{
9701 WOLFSSL_MSG("wolfSSL_ripemd160");
9702 WOLFSSL_STUB("EVP_ripemd160");
9703 return NULL;
9704}
9705#endif
9706
9707
9708int wolfSSL_EVP_MD_pkey_type(const WOLFSSL_EVP_MD* type)
9709{
9710 int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
9711
9712 WOLFSSL_ENTER("wolfSSL_EVP_MD_pkey_type");
9713
9714 if (type != NULL) {
9715 if (XSTRCMP(type, WC_SN_md5) == 0) {
9716 ret = WC_NID_md5WithRSAEncryption;
9717 }
9718 else if (XSTRCMP(type, WC_SN_sha1) == 0) {
9719 ret = WC_NID_sha1WithRSAEncryption;
9720 }
9721 else if (XSTRCMP(type, WC_SN_sha224) == 0) {
9722 ret = WC_NID_sha224WithRSAEncryption;
9723 }
9724 else if (XSTRCMP(type, WC_SN_sha256) == 0) {
9725 ret = WC_NID_sha256WithRSAEncryption;
9726 }
9727 else if (XSTRCMP(type, WC_SN_sha384) == 0) {
9728 ret = WC_NID_sha384WithRSAEncryption;
9729 }
9730 else if (XSTRCMP(type, WC_SN_sha512) == 0) {
9731 ret = WC_NID_sha512WithRSAEncryption;
9732 }
9733 }
9734 else {
9735 ret = WOLFSSL_FAILURE;
9736 }
9737
9738 WOLFSSL_LEAVE("wolfSSL_EVP_MD_pkey_type", ret);
9739
9740 return ret;
9741}
9742
9743
9744
9745int wolfSSL_EVP_CIPHER_CTX_iv_length(const WOLFSSL_EVP_CIPHER_CTX* ctx)
9746{
9747 WOLFSSL_MSG("wolfSSL_EVP_CIPHER_CTX_iv_length");
9748
9749 if (ctx == NULL) {
9750 WOLFSSL_MSG("No context");
9751 return 0;
9752 }
9753
9754 switch (ctx->cipherType) {
9755
9756#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
9757 case WC_AES_128_CBC_TYPE :
9758 case WC_AES_192_CBC_TYPE :
9759 case WC_AES_256_CBC_TYPE :
9760 WOLFSSL_MSG("AES CBC");
9761 return WC_AES_BLOCK_SIZE;
9762#endif
9763#if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
9764 (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
9765#ifdef HAVE_AESGCM
9766 case WC_AES_128_GCM_TYPE :
9767 case WC_AES_192_GCM_TYPE :
9768 case WC_AES_256_GCM_TYPE :
9769 WOLFSSL_MSG("AES GCM");
9770 if (ctx->ivSz != 0) {
9771 return ctx->ivSz;
9772 }
9773 return GCM_NONCE_MID_SZ;
9774#endif
9775#ifdef HAVE_AESCCM
9776 case WC_AES_128_CCM_TYPE :
9777 case WC_AES_192_CCM_TYPE :
9778 case WC_AES_256_CCM_TYPE :
9779 WOLFSSL_MSG("AES CCM");
9780 if (ctx->ivSz != 0) {
9781 return ctx->ivSz;
9782 }
9783 return CCM_NONCE_MIN_SZ;
9784#endif
9785#endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION >= 2 */
9786#ifdef WOLFSSL_AES_COUNTER
9787 case WC_AES_128_CTR_TYPE :
9788 case WC_AES_192_CTR_TYPE :
9789 case WC_AES_256_CTR_TYPE :
9790 WOLFSSL_MSG("AES CTR");
9791 return WC_AES_BLOCK_SIZE;
9792#endif
9793#ifndef NO_DES3
9794 case WC_DES_CBC_TYPE :
9795 WOLFSSL_MSG("DES CBC");
9796 return DES_BLOCK_SIZE;
9797
9798 case WC_DES_EDE3_CBC_TYPE :
9799 WOLFSSL_MSG("DES EDE3 CBC");
9800 return DES_BLOCK_SIZE;
9801#endif
9802#ifndef NO_RC4
9803 case WC_ARC4_TYPE :
9804 WOLFSSL_MSG("ARC4");
9805 return 0;
9806#endif
9807#ifdef WOLFSSL_AES_CFB
9808#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
9809 case WC_AES_128_CFB1_TYPE:
9810 case WC_AES_192_CFB1_TYPE:
9811 case WC_AES_256_CFB1_TYPE:
9812 WOLFSSL_MSG("AES CFB1");
9813 return WC_AES_BLOCK_SIZE;
9814 case WC_AES_128_CFB8_TYPE:
9815 case WC_AES_192_CFB8_TYPE:
9816 case WC_AES_256_CFB8_TYPE:
9817 WOLFSSL_MSG("AES CFB8");
9818 return WC_AES_BLOCK_SIZE;
9819#endif /* !HAVE_SELFTEST && !HAVE_FIPS */
9820 case WC_AES_128_CFB128_TYPE:
9821 case WC_AES_192_CFB128_TYPE:
9822 case WC_AES_256_CFB128_TYPE:
9823 WOLFSSL_MSG("AES CFB128");
9824 return WC_AES_BLOCK_SIZE;
9825#endif /* WOLFSSL_AES_CFB */
9826#if defined(WOLFSSL_AES_OFB)
9827 case WC_AES_128_OFB_TYPE:
9828 case WC_AES_192_OFB_TYPE:
9829 case WC_AES_256_OFB_TYPE:
9830 WOLFSSL_MSG("AES OFB");
9831 return WC_AES_BLOCK_SIZE;
9832#endif /* WOLFSSL_AES_OFB */
9833#if defined(WOLFSSL_AES_XTS) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3))
9834 case WC_AES_128_XTS_TYPE:
9835 case WC_AES_256_XTS_TYPE:
9836 WOLFSSL_MSG("AES XTS");
9837 return WC_AES_BLOCK_SIZE;
9838#endif /* WOLFSSL_AES_XTS && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) */
9839#ifdef HAVE_ARIA
9840 case WC_ARIA_128_GCM_TYPE :
9841 case WC_ARIA_192_GCM_TYPE :
9842 case WC_ARIA_256_GCM_TYPE :
9843 WOLFSSL_MSG("ARIA GCM");
9844 if (ctx->ivSz != 0) {
9845 return ctx->ivSz;
9846 }
9847 return GCM_NONCE_MID_SZ;
9848#endif
9849#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
9850 case WC_CHACHA20_POLY1305_TYPE:
9851 WOLFSSL_MSG("CHACHA20 POLY1305");
9852 return CHACHA20_POLY1305_AEAD_IV_SIZE;
9853#endif /* HAVE_CHACHA HAVE_POLY1305 */
9854#ifdef HAVE_CHACHA
9855 case WC_CHACHA20_TYPE:
9856 WOLFSSL_MSG("CHACHA20");
9857 return WOLFSSL_EVP_CHACHA_IV_BYTES;
9858#endif /* HAVE_CHACHA */
9859#ifdef WOLFSSL_SM4_CBC
9860 case WC_SM4_CBC_TYPE :
9861 WOLFSSL_MSG("SM4 CBC");
9862 return SM4_BLOCK_SIZE;
9863#endif
9864#ifdef WOLFSSL_SM4_CTR
9865 case WC_SM4_CTR_TYPE :
9866 WOLFSSL_MSG("SM4 CTR");
9867 return SM4_BLOCK_SIZE;
9868#endif
9869#ifdef WOLFSSL_SM4_GCM
9870 case WC_SM4_GCM_TYPE :
9871 WOLFSSL_MSG("SM4 GCM");
9872 if (ctx->ivSz != 0) {
9873 return ctx->ivSz;
9874 }
9875 return GCM_NONCE_MID_SZ;
9876#endif
9877#ifdef WOLFSSL_SM4_CCM
9878 case WC_SM4_CCM_TYPE :
9879 WOLFSSL_MSG("SM4 CCM");
9880 if (ctx->ivSz != 0) {
9881 return ctx->ivSz;
9882 }
9883 return CCM_NONCE_MIN_SZ;
9884#endif
9885
9886 case WC_NULL_CIPHER_TYPE :
9887 WOLFSSL_MSG("NULL");
9888 return 0;
9889
9890 default: {
9891 WOLFSSL_MSG("bad type");
9892 }
9893 }
9894 return 0;
9895}
9896
9897int wolfSSL_EVP_CIPHER_iv_length(const WOLFSSL_EVP_CIPHER* cipher)
9898{
9899 const char *name = (const char *)cipher;
9900 WOLFSSL_MSG("wolfSSL_EVP_CIPHER_iv_length");
9901
9902#ifndef NO_AES
9903#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
9904 #ifdef WOLFSSL_AES_128
9905 if (XSTRCMP(name, EVP_AES_128_CBC) == 0)
9906 return WC_AES_BLOCK_SIZE;
9907 #endif
9908 #ifdef WOLFSSL_AES_192
9909 if (XSTRCMP(name, EVP_AES_192_CBC) == 0)
9910 return WC_AES_BLOCK_SIZE;
9911 #endif
9912 #ifdef WOLFSSL_AES_256
9913 if (XSTRCMP(name, EVP_AES_256_CBC) == 0)
9914 return WC_AES_BLOCK_SIZE;
9915 #endif
9916#endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */
9917#if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
9918 (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
9919#ifdef HAVE_AESGCM
9920 #ifdef WOLFSSL_AES_128
9921 if (XSTRCMP(name, EVP_AES_128_GCM) == 0)
9922 return GCM_NONCE_MID_SZ;
9923 #endif
9924 #ifdef WOLFSSL_AES_192
9925 if (XSTRCMP(name, EVP_AES_192_GCM) == 0)
9926 return GCM_NONCE_MID_SZ;
9927 #endif
9928 #ifdef WOLFSSL_AES_256
9929 if (XSTRCMP(name, EVP_AES_256_GCM) == 0)
9930 return GCM_NONCE_MID_SZ;
9931 #endif
9932#endif /* HAVE_AESGCM */
9933#ifdef HAVE_AESCCM
9934 #ifdef WOLFSSL_AES_128
9935 if (XSTRCMP(name, EVP_AES_128_CCM) == 0)
9936 return CCM_NONCE_MIN_SZ;
9937 #endif
9938 #ifdef WOLFSSL_AES_192
9939 if (XSTRCMP(name, EVP_AES_192_CCM) == 0)
9940 return CCM_NONCE_MIN_SZ;
9941 #endif
9942 #ifdef WOLFSSL_AES_256
9943 if (XSTRCMP(name, EVP_AES_256_CCM) == 0)
9944 return CCM_NONCE_MIN_SZ;
9945 #endif
9946#endif /* HAVE_AESCCM */
9947#endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION >= 2 */
9948#ifdef WOLFSSL_AES_COUNTER
9949 #ifdef WOLFSSL_AES_128
9950 if (XSTRCMP(name, EVP_AES_128_CTR) == 0)
9951 return WC_AES_BLOCK_SIZE;
9952 #endif
9953 #ifdef WOLFSSL_AES_192
9954 if (XSTRCMP(name, EVP_AES_192_CTR) == 0)
9955 return WC_AES_BLOCK_SIZE;
9956 #endif
9957 #ifdef WOLFSSL_AES_256
9958 if (XSTRCMP(name, EVP_AES_256_CTR) == 0)
9959 return WC_AES_BLOCK_SIZE;
9960 #endif
9961#endif
9962#if defined(WOLFSSL_AES_XTS) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3))
9963 #ifdef WOLFSSL_AES_128
9964 if (XSTRCMP(name, EVP_AES_128_XTS) == 0)
9965 return WC_AES_BLOCK_SIZE;
9966 #endif /* WOLFSSL_AES_128 */
9967
9968 #ifdef WOLFSSL_AES_256
9969 if (XSTRCMP(name, EVP_AES_256_XTS) == 0)
9970 return WC_AES_BLOCK_SIZE;
9971 #endif /* WOLFSSL_AES_256 */
9972#endif /* WOLFSSL_AES_XTS && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) */
9973
9974#endif
9975#ifdef HAVE_ARIA
9976 if (XSTRCMP(name, EVP_ARIA_128_GCM) == 0)
9977 return GCM_NONCE_MID_SZ;
9978 if (XSTRCMP(name, EVP_ARIA_192_GCM) == 0)
9979 return GCM_NONCE_MID_SZ;
9980 if (XSTRCMP(name, EVP_ARIA_256_GCM) == 0)
9981 return GCM_NONCE_MID_SZ;
9982#endif /* HAVE_ARIA */
9983
9984#ifndef NO_DES3
9985 if ((XSTRCMP(name, EVP_DES_CBC) == 0) ||
9986 (XSTRCMP(name, EVP_DES_EDE3_CBC) == 0)) {
9987 return DES_BLOCK_SIZE;
9988 }
9989#endif
9990
9991#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
9992 if (XSTRCMP(name, EVP_CHACHA20_POLY1305) == 0)
9993 return CHACHA20_POLY1305_AEAD_IV_SIZE;
9994#endif
9995
9996#ifdef HAVE_CHACHA
9997 if (XSTRCMP(name, EVP_CHACHA20) == 0)
9998 return WOLFSSL_EVP_CHACHA_IV_BYTES;
9999#endif
10000
10001#ifdef WOLFSSL_SM4_CBC
10002 if (XSTRCMP(name, EVP_SM4_CBC) == 0)
10003 return SM4_BLOCK_SIZE;
10004#endif
10005#ifdef WOLFSSL_SM4_CTR
10006 if (XSTRCMP(name, EVP_SM4_CTR) == 0)
10007 return SM4_BLOCK_SIZE;
10008#endif
10009#ifdef WOLFSSL_SM4_GCM
10010 if (XSTRCMP(name, EVP_SM4_GCM) == 0)
10011 return GCM_NONCE_MID_SZ;
10012#endif
10013#ifdef WOLFSSL_SM4_CCM
10014 if (XSTRCMP(name, EVP_SM4_CCM) == 0)
10015 return CCM_NONCE_MIN_SZ;
10016#endif
10017
10018 (void)name;
10019
10020 return 0;
10021}
10022
10023
10024int wolfSSL_EVP_X_STATE_LEN(const WOLFSSL_EVP_CIPHER_CTX* ctx)
10025{
10026 WOLFSSL_MSG("wolfSSL_EVP_X_STATE_LEN");
10027
10028 if (ctx) {
10029 switch (ctx->cipherType) {
10030 case WC_ARC4_TYPE:
10031 WOLFSSL_MSG("returning arc4 state size");
10032 return sizeof(Arc4);
10033
10034 default:
10035 WOLFSSL_MSG("bad x state type");
10036 return 0;
10037 }
10038 }
10039
10040 return 0;
10041}
10042
10043
10044/* return of pkey->type which will be WC_EVP_PKEY_RSA for example.
10045 *
10046 * type type of EVP_PKEY
10047 *
10048 * returns type or if type is not found then WC_NID_undef
10049 */
10050int wolfSSL_EVP_PKEY_type(int type)
10051{
10052 WOLFSSL_MSG("wolfSSL_EVP_PKEY_type");
10053
10054 switch (type) {
10055 case WC_EVP_PKEY_RSA:
10056 return WC_EVP_PKEY_RSA;
10057 case WC_EVP_PKEY_DSA:
10058 return WC_EVP_PKEY_DSA;
10059 case WC_EVP_PKEY_EC:
10060 return WC_EVP_PKEY_EC;
10061 case WC_EVP_PKEY_DH:
10062 return WC_EVP_PKEY_DH;
10063 #ifdef HAVE_DILITHIUM
10064 case WC_EVP_PKEY_DILITHIUM:
10065 return WC_EVP_PKEY_DILITHIUM;
10066 #endif
10067 default:
10068 return WC_NID_undef;
10069 }
10070}
10071
10072
10073int wolfSSL_EVP_PKEY_id(const WOLFSSL_EVP_PKEY *pkey)
10074{
10075 if (pkey != NULL)
10076 return pkey->type;
10077 return 0;
10078}
10079
10080
10081int wolfSSL_EVP_PKEY_base_id(const WOLFSSL_EVP_PKEY *pkey)
10082{
10083 if (pkey == NULL)
10084 return WC_NID_undef;
10085 return wolfSSL_EVP_PKEY_type(pkey->type);
10086}
10087
10088int wolfSSL_EVP_PKEY_get_default_digest_nid(WOLFSSL_EVP_PKEY *pkey, int *pnid)
10089{
10090 WOLFSSL_ENTER("wolfSSL_EVP_PKEY_get_default_digest_nid");
10091
10092 if (!pkey || !pnid) {
10093 WOLFSSL_MSG("Bad parameter");
10094 return WOLFSSL_FAILURE;
10095 }
10096
10097 switch (pkey->type) {
10098 case WC_EVP_PKEY_HMAC:
10099#ifndef NO_DSA
10100 case WC_EVP_PKEY_DSA:
10101#endif
10102#ifndef NO_RSA
10103 case WC_EVP_PKEY_RSA:
10104#endif
10105#ifdef HAVE_ECC
10106 case WC_EVP_PKEY_EC:
10107#endif
10108 *pnid = WC_NID_sha256;
10109 return WOLFSSL_SUCCESS;
10110 default:
10111 return WOLFSSL_FAILURE;
10112 }
10113}
10114
10115#if defined(OPENSSL_ALL) || defined(WOLFSSL_WPAS_SMALL)
10116WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKCS82PKEY(const WOLFSSL_PKCS8_PRIV_KEY_INFO* p8)
10117{
10118 if (p8 == NULL || p8->pkey.ptr == NULL) {
10119 return NULL;
10120 }
10121
10122 return wolfSSL_d2i_PrivateKey_EVP(NULL, (unsigned char**)&p8->pkey.ptr,
10123 p8->pkey_sz);
10124}
10125
10126/* in wolf PKCS8_PRIV_KEY_INFO and WOLFSSL_EVP_PKEY are same type */
10127/* this function just casts and returns pointer */
10128WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_EVP_PKEY2PKCS8(const WOLFSSL_EVP_PKEY* pkey)
10129{
10130 if (pkey == NULL || pkey->pkey.ptr == NULL) {
10131 return NULL;
10132 }
10133
10134 return wolfSSL_d2i_PrivateKey_EVP(NULL, (unsigned char**)&pkey->pkey.ptr,
10135 pkey->pkey_sz);
10136}
10137#endif
10138
10139/* increments ref count of WOLFSSL_EVP_PKEY. Return 1 on success, 0 on error */
10140int wolfSSL_EVP_PKEY_up_ref(WOLFSSL_EVP_PKEY* pkey)
10141{
10142 if (pkey) {
10143 int ret;
10144 wolfSSL_RefInc(&pkey->ref, &ret);
10145 #ifdef WOLFSSL_REFCNT_ERROR_RETURN
10146 if (ret != 0) {
10147 WOLFSSL_MSG("Failed to lock pkey mutex");
10148 }
10149 #else
10150 (void)ret;
10151 #endif
10152
10153 return WOLFSSL_SUCCESS;
10154 }
10155
10156 return WOLFSSL_FAILURE;
10157}
10158
10159#if !defined(NO_RSA) && defined(WOLFSSL_KEY_TO_DER)
10160int wolfSSL_EVP_PKEY_assign_RSA(WOLFSSL_EVP_PKEY* pkey, WOLFSSL_RSA* key)
10161{
10162 if (pkey == NULL || key == NULL)
10163 return WOLFSSL_FAILURE;
10164
10165 clearEVPPkeyKeys(pkey);
10166 pkey->type = WC_EVP_PKEY_RSA;
10167 pkey->rsa = key;
10168 pkey->ownRsa = 1;
10169
10170 /* try and populate pkey_sz and pkey.ptr */
10171 if (key->internal) {
10172 RsaKey* rsa = (RsaKey*)key->internal;
10173 int ret = wc_RsaKeyToDer(rsa, NULL, 0);
10174 if (ret > 0) {
10175 word32 derSz = (word32)ret;
10176 byte* derBuf = (byte*)XMALLOC((size_t)derSz, NULL,
10177 DYNAMIC_TYPE_TMP_BUFFER);
10178 if (derBuf != NULL) {
10179 ret = wc_RsaKeyToDer(rsa, derBuf, derSz);
10180 if (ret >= 0) {
10181 pkey->pkey_sz = ret;
10182 pkey->pkey.ptr = (char*)derBuf;
10183 }
10184 else { /* failure - okay to ignore */
10185 XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
10186 derBuf = NULL;
10187 }
10188 }
10189 }
10190 }
10191
10192 return WOLFSSL_SUCCESS;
10193}
10194#endif /* !NO_RSA && WOLFSSL_KEY_TO_DER */
10195
10196#ifndef NO_DSA
10197int wolfSSL_EVP_PKEY_assign_DSA(WOLFSSL_EVP_PKEY* pkey, WOLFSSL_DSA* key)
10198{
10199 if (pkey == NULL || key == NULL)
10200 return WOLFSSL_FAILURE;
10201
10202 clearEVPPkeyKeys(pkey);
10203 pkey->type = WC_EVP_PKEY_DSA;
10204 pkey->dsa = key;
10205 pkey->ownDsa = 1;
10206
10207 return WOLFSSL_SUCCESS;
10208}
10209#endif /* !NO_DSA */
10210
10211#ifndef NO_DH
10212int wolfSSL_EVP_PKEY_assign_DH(WOLFSSL_EVP_PKEY* pkey, WOLFSSL_DH* key)
10213{
10214 if (pkey == NULL || key == NULL)
10215 return WOLFSSL_FAILURE;
10216
10217 clearEVPPkeyKeys(pkey);
10218 pkey->type = WC_EVP_PKEY_DH;
10219 pkey->dh = key;
10220 pkey->ownDh = 1;
10221
10222 return WOLFSSL_SUCCESS;
10223}
10224#endif /* !NO_DH */
10225#endif /* OPENSSL_EXTRA */
10226
10227#if defined(OPENSSL_EXTRA) || defined(HAVE_CURL)
10228/* EVP Digest functions used with cURL build too */
10229
10230static enum wc_HashType EvpMd2MacType(const WOLFSSL_EVP_MD *md)
10231{
10232 if (md != NULL) {
10233 const struct s_ent *ent;
10234 for (ent = md_tbl; ent->name != NULL; ent++) {
10235 if (XSTRCMP((const char *)md, ent->name) == 0) {
10236 return ent->macType;
10237 }
10238 }
10239 }
10240 return WC_HASH_TYPE_NONE;
10241}
10242
10243int wolfSSL_EVP_DigestInit_ex(WOLFSSL_EVP_MD_CTX* ctx,
10244 const WOLFSSL_EVP_MD* type,
10245 WOLFSSL_ENGINE *impl)
10246{
10247 (void) impl;
10248 WOLFSSL_ENTER("wolfSSL_EVP_DigestInit_ex");
10249 return wolfSSL_EVP_DigestInit(ctx, type);
10250}
10251
10252/* this function makes the assumption that out buffer is big enough for digest*/
10253int wolfSSL_EVP_Digest(const unsigned char* in, int inSz, unsigned char* out,
10254 unsigned int* outSz, const WOLFSSL_EVP_MD* evp,
10255 WOLFSSL_ENGINE* eng)
10256{
10257 int err;
10258 int hashType = WC_HASH_TYPE_NONE;
10259 int hashSz;
10260
10261 WOLFSSL_ENTER("wolfSSL_EVP_Digest");
10262 if (in == NULL || out == NULL || evp == NULL) {
10263 WOLFSSL_MSG("Null argument passed in");
10264 return WOLFSSL_FAILURE;
10265 }
10266
10267 if (inSz < 0)
10268 return WOLFSSL_FAILURE;
10269
10270 err = wolfSSL_EVP_get_hashinfo(evp, &hashType, &hashSz);
10271 if (err != WOLFSSL_SUCCESS)
10272 return err;
10273
10274 if (wc_Hash((enum wc_HashType)hashType, in, (word32)inSz, out,
10275 (word32)hashSz) != 0) {
10276 return WOLFSSL_FAILURE;
10277 }
10278
10279 if (outSz != NULL)
10280 *outSz = (unsigned int)hashSz;
10281
10282 (void)eng;
10283 return WOLFSSL_SUCCESS;
10284}
10285
10286static const struct alias {
10287 const char *name;
10288 const char *alias;
10289} digest_alias_tbl[] =
10290{
10291 {WC_SN_md4, "md4"},
10292 {WC_SN_md5, "md5"},
10293 {WC_SN_sha1, "sha1"},
10294 {WC_SN_sha1, "SHA"},
10295 {WC_SN_sha224, "sha224"},
10296 {WC_SN_sha256, "sha256"},
10297 {WC_SN_sha384, "sha384"},
10298 {WC_SN_sha512, "sha512"},
10299 {WC_SN_sha512_224, "sha512_224"},
10300 {WC_SN_sha3_224, "sha3_224"},
10301 {WC_SN_sha3_256, "sha3_256"},
10302 {WC_SN_sha3_384, "sha3_384"},
10303 {WC_SN_sha3_512, "sha3_512"},
10304 {WC_SN_sm3, "sm3"},
10305 {WC_SN_blake2b512, "blake2b512"},
10306 {WC_SN_blake2s256, "blake2s256"},
10307 {WC_SN_shake128, "shake128"},
10308 {WC_SN_shake256, "shake256"},
10309 { NULL, NULL}
10310};
10311
10312const WOLFSSL_EVP_MD *wolfSSL_EVP_get_digestbyname(const char *name)
10313{
10314 const struct alias *al;
10315 const struct s_ent *ent;
10316
10317 for (al = digest_alias_tbl; al->name != NULL; al++) {
10318 if(XSTRCMP(name, al->alias) == 0) {
10319 name = al->name;
10320 break;
10321 }
10322 }
10323
10324 for (ent = md_tbl; ent->name != NULL; ent++) {
10325 if(XSTRCMP(name, ent->name) == 0) {
10326 return (WOLFSSL_EVP_MD *)ent->name;
10327 }
10328 }
10329 return NULL;
10330}
10331
10332/* Returns the NID of the WOLFSSL_EVP_MD passed in.
10333 *
10334 * type - pointer to WOLFSSL_EVP_MD for which to return NID value
10335 *
10336 * Returns NID on success, or WC_NID_undef if none exists.
10337 */
10338int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
10339{
10340 const struct s_ent *ent ;
10341 WOLFSSL_ENTER("EVP_MD_type");
10342
10343 if (type == NULL) {
10344 WOLFSSL_MSG("MD type arg is NULL");
10345 return WC_NID_undef;
10346 }
10347
10348 for (ent = md_tbl; ent->name != NULL; ent++) {
10349 if (XSTRCMP((const char *)type, ent->name) == 0) {
10350 return ent->nid;
10351 }
10352 }
10353 return WC_NID_undef;
10354}
10355
10356#ifndef NO_MD4
10357
10358 /* return a pointer to MD4 EVP type */
10359 const WOLFSSL_EVP_MD* wolfSSL_EVP_md4(void)
10360 {
10361 WOLFSSL_ENTER("EVP_md4");
10362 return wolfSSL_EVP_get_digestbyname(WC_SN_md4);
10363 }
10364
10365#endif /* !NO_MD4 */
10366
10367
10368#ifndef NO_MD5
10369
10370 const WOLFSSL_EVP_MD* wolfSSL_EVP_md5(void)
10371 {
10372 WOLFSSL_ENTER("EVP_md5");
10373 return wolfSSL_EVP_get_digestbyname(WC_SN_md5);
10374 }
10375
10376#endif /* !NO_MD5 */
10377
10378#ifdef HAVE_BLAKE2B
10379 /* return EVP_MD
10380 * @param none
10381 * @return "blake2b512"
10382 */
10383 const WOLFSSL_EVP_MD* wolfSSL_EVP_blake2b512(void)
10384 {
10385 WOLFSSL_ENTER("wolfSSL_EVP_blake2b512");
10386 return wolfSSL_EVP_get_digestbyname(WC_SN_blake2b512);
10387 }
10388
10389#endif
10390
10391#ifdef HAVE_BLAKE2S
10392 /* return EVP_MD
10393 * @param none
10394 * @return "blake2s256"
10395 */
10396 const WOLFSSL_EVP_MD* wolfSSL_EVP_blake2s256(void)
10397 {
10398 WOLFSSL_ENTER("EVP_blake2s256");
10399 return wolfSSL_EVP_get_digestbyname("BLAKE2s256");
10400 }
10401
10402#endif
10403
10404
10405#ifndef NO_WOLFSSL_STUB
10406 void wolfSSL_EVP_set_pw_prompt(const char *prompt)
10407 {
10408 (void)prompt;
10409 WOLFSSL_STUB("EVP_set_pw_prompt");
10410 }
10411#endif
10412
10413#ifndef NO_WOLFSSL_STUB
10414 const WOLFSSL_EVP_MD* wolfSSL_EVP_mdc2(void)
10415 {
10416 WOLFSSL_STUB("EVP_mdc2");
10417 return NULL;
10418 }
10419#endif
10420
10421#ifndef NO_SHA
10422 const WOLFSSL_EVP_MD* wolfSSL_EVP_sha1(void)
10423 {
10424 WOLFSSL_ENTER("EVP_sha1");
10425 return wolfSSL_EVP_get_digestbyname(WC_SN_sha1);
10426 }
10427#endif /* NO_SHA */
10428
10429#ifdef WOLFSSL_SHA224
10430
10431 const WOLFSSL_EVP_MD* wolfSSL_EVP_sha224(void)
10432 {
10433 WOLFSSL_ENTER("EVP_sha224");
10434 return wolfSSL_EVP_get_digestbyname(WC_SN_sha224);
10435 }
10436
10437#endif /* WOLFSSL_SHA224 */
10438
10439
10440 const WOLFSSL_EVP_MD* wolfSSL_EVP_sha256(void)
10441 {
10442 WOLFSSL_ENTER("EVP_sha256");
10443 return wolfSSL_EVP_get_digestbyname(WC_SN_sha256);
10444 }
10445
10446#ifdef WOLFSSL_SHA384
10447
10448 const WOLFSSL_EVP_MD* wolfSSL_EVP_sha384(void)
10449 {
10450 WOLFSSL_ENTER("EVP_sha384");
10451 return wolfSSL_EVP_get_digestbyname(WC_SN_sha384);
10452 }
10453
10454#endif /* WOLFSSL_SHA384 */
10455
10456#ifdef WOLFSSL_SHA512
10457
10458 const WOLFSSL_EVP_MD* wolfSSL_EVP_sha512(void)
10459 {
10460 WOLFSSL_ENTER("EVP_sha512");
10461 return wolfSSL_EVP_get_digestbyname(WC_SN_sha512);
10462 }
10463
10464#ifndef WOLFSSL_NOSHA512_224
10465
10466 const WOLFSSL_EVP_MD* wolfSSL_EVP_sha512_224(void)
10467 {
10468 WOLFSSL_ENTER("EVP_sha512_224");
10469 return wolfSSL_EVP_get_digestbyname(WC_SN_sha512_224);
10470 }
10471
10472#endif /* !WOLFSSL_NOSHA512_224 */
10473
10474#ifndef WOLFSSL_NOSHA512_256
10475 const WOLFSSL_EVP_MD* wolfSSL_EVP_sha512_256(void)
10476 {
10477 WOLFSSL_ENTER("EVP_sha512_256");
10478 return wolfSSL_EVP_get_digestbyname(WC_SN_sha512_256);
10479 }
10480
10481#endif /* !WOLFSSL_NOSHA512_224 */
10482
10483#endif /* WOLFSSL_SHA512 */
10484
10485#ifdef WOLFSSL_SHA3
10486#ifndef WOLFSSL_NOSHA3_224
10487 const WOLFSSL_EVP_MD* wolfSSL_EVP_sha3_224(void)
10488 {
10489 WOLFSSL_ENTER("EVP_sha3_224");
10490 return wolfSSL_EVP_get_digestbyname(WC_SN_sha3_224);
10491 }
10492#endif /* WOLFSSL_NOSHA3_224 */
10493
10494
10495#ifndef WOLFSSL_NOSHA3_256
10496 const WOLFSSL_EVP_MD* wolfSSL_EVP_sha3_256(void)
10497 {
10498 WOLFSSL_ENTER("EVP_sha3_256");
10499 return wolfSSL_EVP_get_digestbyname(WC_SN_sha3_256);
10500 }
10501#endif /* WOLFSSL_NOSHA3_256 */
10502
10503#ifndef WOLFSSL_NOSHA3_384
10504 const WOLFSSL_EVP_MD* wolfSSL_EVP_sha3_384(void)
10505 {
10506 WOLFSSL_ENTER("EVP_sha3_384");
10507 return wolfSSL_EVP_get_digestbyname(WC_SN_sha3_384);
10508 }
10509#endif /* WOLFSSL_NOSHA3_384 */
10510
10511#ifndef WOLFSSL_NOSHA3_512
10512 const WOLFSSL_EVP_MD* wolfSSL_EVP_sha3_512(void)
10513 {
10514 WOLFSSL_ENTER("EVP_sha3_512");
10515 return wolfSSL_EVP_get_digestbyname(WC_SN_sha3_512);
10516 }
10517#endif /* WOLFSSL_NOSHA3_512 */
10518
10519#ifdef WOLFSSL_SHAKE128
10520 const WOLFSSL_EVP_MD* wolfSSL_EVP_shake128(void)
10521 {
10522 WOLFSSL_ENTER("EVP_shake128");
10523 return wolfSSL_EVP_get_digestbyname("SHAKE128");
10524 }
10525#endif /* WOLFSSL_SHAKE128 */
10526
10527#ifdef WOLFSSL_SHAKE256
10528 const WOLFSSL_EVP_MD* wolfSSL_EVP_shake256(void)
10529 {
10530 WOLFSSL_ENTER("EVP_shake256");
10531 return wolfSSL_EVP_get_digestbyname("SHAKE256");
10532 }
10533#endif /* WOLFSSL_SHAKE256 */
10534
10535#endif /* WOLFSSL_SHA3 */
10536
10537#ifdef WOLFSSL_SM3
10538 const WOLFSSL_EVP_MD* wolfSSL_EVP_sm3(void)
10539 {
10540 WOLFSSL_ENTER("EVP_sm3");
10541 return wolfSSL_EVP_get_digestbyname(WC_SN_sm3);
10542 }
10543#endif /* WOLFSSL_SM3 */
10544
10545
10546 WOLFSSL_EVP_MD_CTX *wolfSSL_EVP_MD_CTX_new(void)
10547 {
10548 WOLFSSL_EVP_MD_CTX* ctx;
10549 WOLFSSL_ENTER("EVP_MD_CTX_new");
10550 ctx = (WOLFSSL_EVP_MD_CTX*)XMALLOC(sizeof(*ctx), NULL,
10551 DYNAMIC_TYPE_OPENSSL);
10552 if (ctx){
10553 wolfSSL_EVP_MD_CTX_init(ctx);
10554 }
10555 return ctx;
10556 }
10557
10558 void wolfSSL_EVP_MD_CTX_free(WOLFSSL_EVP_MD_CTX *ctx)
10559 {
10560 if (ctx) {
10561 WOLFSSL_ENTER("EVP_MD_CTX_free");
10562 wolfSSL_EVP_MD_CTX_cleanup(ctx);
10563 XFREE(ctx, NULL, DYNAMIC_TYPE_OPENSSL);
10564 }
10565 }
10566
10567 /* returns the NID of message digest used by the ctx */
10568 int wolfSSL_EVP_MD_CTX_type(const WOLFSSL_EVP_MD_CTX *ctx)
10569 {
10570 WOLFSSL_ENTER("EVP_MD_CTX_type");
10571
10572 if (ctx) {
10573 const struct s_ent *ent;
10574
10575 if (ctx->isHMAC) {
10576 return WC_NID_hmac;
10577 }
10578
10579 for(ent = md_tbl; ent->name != NULL; ent++) {
10580 if (ctx->macType == ent->macType) {
10581 return ent->nid;
10582 }
10583 }
10584 /* Return whatever we got */
10585 return ctx->macType;
10586 }
10587 return 0;
10588 }
10589
10590
10591 /* returns digest size */
10592 int wolfSSL_EVP_MD_CTX_size(const WOLFSSL_EVP_MD_CTX *ctx) {
10593 return(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(ctx)));
10594 }
10595 /* returns block size */
10596 int wolfSSL_EVP_MD_CTX_block_size(const WOLFSSL_EVP_MD_CTX *ctx) {
10597 return(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(ctx)));
10598 }
10599
10600 void wolfSSL_EVP_MD_CTX_init(WOLFSSL_EVP_MD_CTX* ctx)
10601 {
10602 WOLFSSL_ENTER("EVP_CIPHER_MD_CTX_init");
10603 XMEMSET(ctx, 0, sizeof(WOLFSSL_EVP_MD_CTX));
10604 }
10605
10606 const WOLFSSL_EVP_MD *wolfSSL_EVP_MD_CTX_md(const WOLFSSL_EVP_MD_CTX *ctx)
10607 {
10608 const struct s_ent *ent;
10609 if (ctx == NULL)
10610 return NULL;
10611 WOLFSSL_ENTER("EVP_MD_CTX_md");
10612 if (ctx->isHMAC) {
10613 return "HMAC";
10614 }
10615 for(ent = md_tbl; ent->name != NULL; ent++) {
10616 if(ctx->macType == ent->macType) {
10617 return (const WOLFSSL_EVP_MD *)ent->name;
10618 }
10619 }
10620 return (WOLFSSL_EVP_MD *)NULL;
10621 }
10622
10623 /* return alias name if has
10624 * @param n message digest type name
10625 * @return alias name, otherwise NULL
10626 */
10627 static const char* getMdAliasName(const char* n)
10628 {
10629
10630 const char* aliasnm = NULL;
10631 const struct alias *al;
10632
10633 for (al = digest_alias_tbl; al->name != NULL; al++)
10634 if(XSTRCMP(n, al->name) == 0) {
10635 aliasnm = al->alias;
10636 break;
10637 }
10638
10639 return aliasnm;
10640 }
10641
10642
10643 struct do_all_md {
10644 void *arg;
10645 void (*fn) (const WOLFSSL_EVP_MD *m,
10646 const char* from, const char* to, void *arg);
10647 };
10648
10649 /* do all md algorithm
10650 * @param nm a pointer to WOLFSSL_OBJ_NAME
10651 * @param arg arguments to pass to the callback
10652 * @return none
10653 */
10654 static void md_do_all_func(const WOLFSSL_OBJ_NAME* nm, void* arg)
10655 {
10656 struct do_all_md *md = (struct do_all_md*)arg;
10657
10658 /* sanity check */
10659 if (md == NULL || nm == NULL || md->fn == NULL ||
10660 nm->type != WOLFSSL_OBJ_NAME_TYPE_MD_METH)
10661 return;
10662
10663 if (nm->alias)
10664 md->fn(NULL, nm->name, nm->data, md->arg);
10665 else
10666 md->fn((const WOLFSSL_EVP_MD *)nm->data, nm->name, NULL, md->arg);
10667 }
10668
10669 /* call md_do_all function to do all md algorithm via a callback function
10670 * @param fn a callback function to be called with all 'md'
10671 * @param args arguments to pass to the callback
10672 * @return none
10673 */
10674 void wolfSSL_EVP_MD_do_all(void (*fn) (const WOLFSSL_EVP_MD *m,
10675 const char* from, const char* to, void* xx), void* args)
10676 {
10677 struct do_all_md md;
10678
10679 md.fn = fn;
10680 md.arg = args;
10681
10682 wolfSSL_OBJ_NAME_do_all(WOLFSSL_OBJ_NAME_TYPE_MD_METH,
10683 md_do_all_func, &md);
10684 }
10685
10686 /* call "fn" based on OBJ_NAME type
10687 * @param type OBJ_NAME type
10688 * @param fn a callback function
10689 * @param args arguments to pass to the callback
10690 * @return none
10691 */
10692 void wolfSSL_OBJ_NAME_do_all(int type,
10693 void (*fn)(const WOLFSSL_OBJ_NAME*, void* arg), void* arg)
10694 {
10695 WOLFSSL_OBJ_NAME objnm;
10696
10697 /* sanity check */
10698 if (!fn)
10699 return;
10700
10701 switch(type) {
10702 case WOLFSSL_OBJ_NAME_TYPE_MD_METH:
10703 {
10704 const struct s_ent *ent;
10705 /* loop all md */
10706 for (ent = md_tbl; ent->name != NULL; ent++){
10707 XMEMSET(&objnm, 0, sizeof(objnm));
10708
10709 /* populate objnm with info about the md */
10710 objnm.type = WOLFSSL_OBJ_NAME_TYPE_MD_METH;
10711 objnm.name = ent->name;
10712 objnm.data = (const char*)
10713 wolfSSL_EVP_get_digestbyname(ent->name);
10714 fn(&objnm, arg);
10715
10716 /* check if the md has alias and also call fn with it */
10717 objnm.name = getMdAliasName(ent->name);
10718 if (objnm.name != NULL) {
10719 objnm.alias |= WOLFSSL_OBJ_NAME_ALIAS;
10720 objnm.data = ent->name;
10721 fn(&objnm, arg);
10722 }
10723 }
10724 }
10725 break;
10726 case WOLFSSL_OBJ_NAME_TYPE_CIPHER_METH:
10727 case WOLFSSL_OBJ_NAME_TYPE_PKEY_METH:
10728 case WOLFSSL_OBJ_NAME_TYPE_COMP_METH:
10729 case WOLFSSL_OBJ_NAME_TYPE_NUM:
10730 WOLFSSL_MSG("not implemented");
10731 FALL_THROUGH;
10732 case WOLFSSL_OBJ_NAME_TYPE_UNDEF:
10733 default:
10734 break;
10735 }
10736 }
10737
10738 int wolfSSL_EVP_MD_CTX_cleanup(WOLFSSL_EVP_MD_CTX* ctx)
10739 {
10740 int ret = WOLFSSL_SUCCESS;
10741 WOLFSSL_ENTER("wolfSSL_EVP_MD_CTX_cleanup");
10742 #ifdef OPENSSL_EXTRA
10743 if (ctx->pctx != NULL)
10744 wolfSSL_EVP_PKEY_CTX_free(ctx->pctx);
10745 #endif
10746
10747 if (ctx->isHMAC) {
10748 wc_HmacFree(&ctx->hash.hmac);
10749 }
10750 else {
10751 switch (ctx->macType) {
10752 case WC_HASH_TYPE_MD5:
10753 #ifndef NO_MD5
10754 wc_Md5Free((wc_Md5*)&ctx->hash.digest);
10755 #endif /* !NO_MD5 */
10756 break;
10757 case WC_HASH_TYPE_SHA:
10758 #ifndef NO_SHA
10759 wc_ShaFree((wc_Sha*)&ctx->hash.digest);
10760 #endif /* !NO_SHA */
10761 break;
10762 case WC_HASH_TYPE_SHA224:
10763 #ifdef WOLFSSL_SHA224
10764 wc_Sha224Free((wc_Sha224*)&ctx->hash.digest);
10765 #endif /* WOLFSSL_SHA224 */
10766 break;
10767 case WC_HASH_TYPE_SHA256:
10768 #ifndef NO_SHA256
10769 wc_Sha256Free((wc_Sha256*)&ctx->hash.digest);
10770 #endif /* !NO_SHA256 */
10771 break;
10772 case WC_HASH_TYPE_SHA384:
10773 #ifdef WOLFSSL_SHA384
10774 wc_Sha384Free((wc_Sha384*)&ctx->hash.digest);
10775 #endif /* WOLFSSL_SHA384 */
10776 break;
10777 case WC_HASH_TYPE_SHA512:
10778 #ifdef WOLFSSL_SHA512
10779 wc_Sha512Free((wc_Sha512*)&ctx->hash.digest);
10780 #endif /* WOLFSSL_SHA512 */
10781 break;
10782 case WC_HASH_TYPE_SHA512_224:
10783 #if (!defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0)) && \
10784 !defined(HAVE_SELFTEST) && defined(WOLFSSL_SHA512) && \
10785 !defined(WOLFSSL_NOSHA512_224)
10786 wc_Sha512_224Free((wc_Sha512*)&ctx->hash.digest);
10787 #endif
10788 break;
10789 case WC_HASH_TYPE_SHA512_256:
10790 #if (!defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0)) && \
10791 !defined(HAVE_SELFTEST) && defined(WOLFSSL_SHA512) && \
10792 !defined(WOLFSSL_NOSHA512_256)
10793 wc_Sha512_256Free((wc_Sha512*)&ctx->hash.digest);
10794 #endif
10795 break;
10796 case WC_HASH_TYPE_SHA3_224:
10797 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224)
10798 wc_Sha3_224_Free((wc_Sha3*)&ctx->hash.digest);
10799 #endif
10800 break;
10801 case WC_HASH_TYPE_SHA3_256:
10802 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
10803 wc_Sha3_256_Free((wc_Sha3*)&ctx->hash.digest);
10804 #endif
10805 break;
10806 case WC_HASH_TYPE_SHA3_384:
10807 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384)
10808 wc_Sha3_384_Free((wc_Sha3*)&ctx->hash.digest);
10809 #endif
10810 break;
10811 case WC_HASH_TYPE_SHA3_512:
10812 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512)
10813 wc_Sha3_512_Free((wc_Sha3*)&ctx->hash.digest);
10814 #endif
10815 break;
10816 case WC_HASH_TYPE_SM3:
10817 #ifdef WOLFSSL_SM3
10818 wc_Sm3Free(&ctx->hash.digest.sm3);
10819 #endif
10820 break;
10821 case WC_HASH_TYPE_NONE:
10822 /* Not an error since an unused struct could be free'd or
10823 * reset. */
10824 break;
10825 case WC_HASH_TYPE_SHAKE128:
10826 #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE128)
10827 wc_Shake128_Free(&ctx->hash.digest.shake);
10828 #endif
10829 break;
10830 case WC_HASH_TYPE_SHAKE256:
10831 #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256)
10832 wc_Shake256_Free(&ctx->hash.digest.shake);
10833 #endif
10834 break;
10835 case WC_HASH_TYPE_MD2:
10836 case WC_HASH_TYPE_MD4:
10837 case WC_HASH_TYPE_MD5_SHA:
10838 case WC_HASH_TYPE_BLAKE2B:
10839 case WC_HASH_TYPE_BLAKE2S:
10840 default:
10841 ret = WOLFSSL_FAILURE;
10842 break;
10843 }
10844 }
10845 ForceZero(ctx, sizeof(*ctx));
10846 ctx->macType = WC_HASH_TYPE_NONE;
10847 return ret;
10848 }
10849
10850 /* WOLFSSL_SUCCESS on ok */
10851 int wolfSSL_EVP_DigestInit(WOLFSSL_EVP_MD_CTX* ctx,
10852 const WOLFSSL_EVP_MD* md)
10853 {
10854 int ret = WOLFSSL_SUCCESS;
10855 #ifdef WOLFSSL_ASYNC_CRYPT
10856 wc_static_assert(WC_ASYNC_DEV_SIZE >= sizeof(WC_ASYNC_DEV));
10857 #endif
10858
10859 WOLFSSL_ENTER("EVP_DigestInit");
10860
10861 if (ctx == NULL) {
10862 return WOLFSSL_FAILURE;
10863 }
10864
10865 wolfSSL_EVP_MD_CTX_init(ctx);
10866
10867 /* Set to 0 if no match */
10868 ctx->macType = EvpMd2MacType(md);
10869 if (md == NULL) {
10870 XMEMSET(&ctx->hash.digest, 0, sizeof(WOLFSSL_Hasher));
10871 } else
10872 #ifndef NO_SHA
10873 if ((XSTRCMP(md, "SHA") == 0) || (XSTRCMP(md, WC_SN_sha1) == 0)) {
10874 ret = wolfSSL_SHA_Init(&(ctx->hash.digest.sha));
10875 } else
10876 #endif
10877 #ifndef NO_SHA256
10878 if (XSTRCMP(md, WC_SN_sha256) == 0) {
10879 ret = wolfSSL_SHA256_Init(&(ctx->hash.digest.sha256));
10880 } else
10881 #endif
10882 #ifdef WOLFSSL_SHA224
10883 if (XSTRCMP(md, WC_SN_sha224) == 0) {
10884 ret = wolfSSL_SHA224_Init(&(ctx->hash.digest.sha224));
10885 } else
10886 #endif
10887 #ifdef WOLFSSL_SHA384
10888 if (XSTRCMP(md, WC_SN_sha384) == 0) {
10889 ret = wolfSSL_SHA384_Init(&(ctx->hash.digest.sha384));
10890 } else
10891 #endif
10892 #if (!defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0)) && \
10893 !defined(HAVE_SELFTEST) && \
10894 defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224)
10895 if (XSTRCMP(md, WC_SN_sha512_224) == 0) {
10896 ret = wolfSSL_SHA512_224_Init(&(ctx->hash.digest.sha512));
10897 } else
10898 #endif
10899 #if (!defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0)) && \
10900 !defined(HAVE_SELFTEST) && \
10901 defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256)
10902 if (XSTRCMP(md, WC_SN_sha512_256) == 0) {
10903 ret = wolfSSL_SHA512_256_Init(&(ctx->hash.digest.sha512));
10904 } else
10905 #endif
10906 #ifdef WOLFSSL_SHA512
10907 if (XSTRCMP(md, WC_SN_sha512) == 0) {
10908 ret = wolfSSL_SHA512_Init(&(ctx->hash.digest.sha512));
10909 } else
10910 #endif
10911 #ifndef NO_MD4
10912 if (XSTRCMP(md, WC_SN_md4) == 0) {
10913 wolfSSL_MD4_Init(&(ctx->hash.digest.md4));
10914 } else
10915 #endif
10916 #ifndef NO_MD5
10917 if (XSTRCMP(md, WC_SN_md5) == 0) {
10918 ret = wolfSSL_MD5_Init(&(ctx->hash.digest.md5));
10919 } else
10920 #endif
10921#ifdef WOLFSSL_SHA3
10922 #ifndef WOLFSSL_NOSHA3_224
10923 if (XSTRCMP(md, WC_SN_sha3_224) == 0) {
10924 ret = wolfSSL_SHA3_224_Init(&(ctx->hash.digest.sha3_224));
10925 } else
10926 #endif
10927 #ifndef WOLFSSL_NOSHA3_256
10928 if (XSTRCMP(md, WC_SN_sha3_256) == 0) {
10929 ret = wolfSSL_SHA3_256_Init(&(ctx->hash.digest.sha3_256));
10930 } else
10931 #endif
10932 #ifndef WOLFSSL_NOSHA3_384
10933 if (XSTRCMP(md, WC_SN_sha3_384) == 0) {
10934 ret = wolfSSL_SHA3_384_Init(&(ctx->hash.digest.sha3_384));
10935 } else
10936 #endif
10937 #ifndef WOLFSSL_NOSHA3_512
10938 if (XSTRCMP(md, WC_SN_sha3_512) == 0) {
10939 ret = wolfSSL_SHA3_512_Init(&(ctx->hash.digest.sha3_512));
10940 } else
10941 #endif
10942 #ifdef WOLFSSL_SHAKE128
10943 if (XSTRCMP(md, WC_SN_shake128) == 0) {
10944 if (wc_InitShake128(&(ctx->hash.digest.shake), NULL,
10945 INVALID_DEVID) != 0) {
10946 ret = WOLFSSL_FAILURE;
10947 }
10948 } else
10949 #endif
10950 #ifdef WOLFSSL_SHAKE256
10951 if (XSTRCMP(md, WC_SN_shake256) == 0) {
10952 if (wc_InitShake256(&(ctx->hash.digest.shake), NULL,
10953 INVALID_DEVID) != 0) {
10954 ret = WOLFSSL_FAILURE;
10955 }
10956 } else
10957 #endif
10958#endif
10959 #ifdef WOLFSSL_SM3
10960 if (XSTRCMP(md, WC_SN_sm3) == 0) {
10961 ret = wc_InitSm3(&ctx->hash.digest.sm3, NULL, INVALID_DEVID);
10962 if (ret == 0) {
10963 ret = WOLFSSL_SUCCESS;
10964 }
10965 else {
10966 ret = WOLFSSL_FAILURE;
10967 }
10968 } else
10969 #endif
10970 #ifdef HAVE_BLAKE2B
10971 if (XSTRCMP(md, WC_SN_blake2b512) == 0) {
10972 if (wc_InitBlake2b(&ctx->hash.digest.blake2b,
10973 WC_BLAKE2B_DIGEST_SIZE) != 0) {
10974 ret = WOLFSSL_FAILURE;
10975 }
10976 } else
10977 #endif
10978 #ifdef HAVE_BLAKE2S
10979 if (XSTRCMP(md, WC_SN_blake2s256) == 0) {
10980 if (wc_InitBlake2s(&ctx->hash.digest.blake2s,
10981 WC_BLAKE2S_DIGEST_SIZE) != 0) {
10982 ret = WOLFSSL_FAILURE;
10983 }
10984 } else
10985 #endif
10986 {
10987 ctx->macType = WC_HASH_TYPE_NONE;
10988 return WOLFSSL_FAILURE;
10989 }
10990
10991 return ret;
10992 }
10993
10994 /* WOLFSSL_SUCCESS on ok, WOLFSSL_FAILURE on failure */
10995 int wolfSSL_EVP_DigestUpdate(WOLFSSL_EVP_MD_CTX* ctx, const void* data,
10996 size_t sz)
10997 {
10998 int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
10999 enum wc_HashType macType;
11000
11001 WOLFSSL_ENTER("EVP_DigestUpdate");
11002
11003 macType = EvpMd2MacType(wolfSSL_EVP_MD_CTX_md(ctx));
11004 switch (macType) {
11005 case WC_HASH_TYPE_MD4:
11006 #ifndef NO_MD4
11007 wolfSSL_MD4_Update((WOLFSSL_MD4_CTX*)&ctx->hash, data,
11008 (unsigned long)sz);
11009 ret = WOLFSSL_SUCCESS;
11010 #endif
11011 break;
11012 case WC_HASH_TYPE_MD5:
11013 #ifndef NO_MD5
11014 ret = wolfSSL_MD5_Update((WOLFSSL_MD5_CTX*)&ctx->hash, data,
11015 (unsigned long)sz);
11016 #endif
11017 break;
11018 case WC_HASH_TYPE_SHA:
11019 #ifndef NO_SHA
11020 ret = wolfSSL_SHA_Update((WOLFSSL_SHA_CTX*)&ctx->hash, data,
11021 (unsigned long)sz);
11022 #endif
11023 break;
11024 case WC_HASH_TYPE_SHA224:
11025 #ifdef WOLFSSL_SHA224
11026 ret = wolfSSL_SHA224_Update((WOLFSSL_SHA224_CTX*)&ctx->hash, data,
11027 (unsigned long)sz);
11028 #endif
11029 break;
11030 case WC_HASH_TYPE_SHA256:
11031 #ifndef NO_SHA256
11032 ret = wolfSSL_SHA256_Update((WOLFSSL_SHA256_CTX*)&ctx->hash, data,
11033 (unsigned long)sz);
11034 #endif /* !NO_SHA256 */
11035 break;
11036 case WC_HASH_TYPE_SHA384:
11037 #ifdef WOLFSSL_SHA384
11038 ret = wolfSSL_SHA384_Update((WOLFSSL_SHA384_CTX*)&ctx->hash, data,
11039 (unsigned long)sz);
11040 #endif
11041 break;
11042 case WC_HASH_TYPE_SHA512:
11043 #ifdef WOLFSSL_SHA512
11044 ret = wolfSSL_SHA512_Update((WOLFSSL_SHA512_CTX*)&ctx->hash, data,
11045 (unsigned long)sz);
11046 #endif /* WOLFSSL_SHA512 */
11047 break;
11048
11049 case WC_HASH_TYPE_SHA512_224:
11050 #if (!defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0)) && \
11051 !defined(HAVE_SELFTEST) && defined(WOLFSSL_SHA512) && \
11052 !defined(WOLFSSL_NOSHA512_224)
11053 ret = wolfSSL_SHA512_224_Update((WOLFSSL_SHA512_CTX*)&ctx->hash, data,
11054 (unsigned long)sz);
11055 #else
11056 ret = NOT_COMPILED_IN;
11057 #endif
11058 break;
11059
11060 case WC_HASH_TYPE_SHA512_256:
11061 #if (!defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0)) && \
11062 !defined(HAVE_SELFTEST) && defined(WOLFSSL_SHA512) && \
11063 !defined(WOLFSSL_NOSHA512_256)
11064 ret = wolfSSL_SHA512_256_Update((WOLFSSL_SHA512_CTX*)&ctx->hash, data,
11065 (unsigned long)sz);
11066 #else
11067 ret = NOT_COMPILED_IN;
11068 #endif /* WOLFSSL_SHA512 */
11069 break;
11070
11071 case WC_HASH_TYPE_SHA3_224:
11072 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224)
11073 ret = wolfSSL_SHA3_224_Update((WOLFSSL_SHA3_224_CTX*)&ctx->hash, data,
11074 (unsigned long)sz);
11075 #endif
11076 break;
11077 case WC_HASH_TYPE_SHA3_256:
11078 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
11079 ret = wolfSSL_SHA3_256_Update((WOLFSSL_SHA3_256_CTX*)&ctx->hash, data,
11080 (unsigned long)sz);
11081 #endif
11082 break;
11083 case WC_HASH_TYPE_SHA3_384:
11084 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384)
11085 ret = wolfSSL_SHA3_384_Update((WOLFSSL_SHA3_384_CTX*)&ctx->hash, data,
11086 (unsigned long)sz);
11087 #endif
11088 break;
11089 case WC_HASH_TYPE_SHA3_512:
11090 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512)
11091 ret = wolfSSL_SHA3_512_Update((WOLFSSL_SHA3_512_CTX*)&ctx->hash, data,
11092 (unsigned long)sz);
11093 #endif
11094 break;
11095 case WC_HASH_TYPE_SM3:
11096 #ifdef WOLFSSL_SM3
11097 ret = wc_Sm3Update(&ctx->hash.digest.sm3, data, (word32)sz);
11098 if (ret == 0) {
11099 ret = WOLFSSL_SUCCESS;
11100 }
11101 else {
11102 ret = WOLFSSL_FAILURE;
11103 }
11104 #else
11105 ret = NOT_COMPILED_IN;
11106 #endif
11107 break;
11108 case WC_HASH_TYPE_SHAKE128:
11109 #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE128)
11110 if (wc_Shake128_Update(&ctx->hash.digest.shake,
11111 (const byte*)data, (word32)sz) == 0) {
11112
11113 ret = WOLFSSL_SUCCESS;
11114 }
11115 #else
11116 ret = NOT_COMPILED_IN;
11117 #endif
11118 break;
11119 case WC_HASH_TYPE_SHAKE256:
11120 #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256)
11121 if (wc_Shake256_Update(&ctx->hash.digest.shake,
11122 (const byte*)data, (word32)sz) == 0) {
11123 ret = WOLFSSL_SUCCESS;
11124 }
11125 #else
11126 ret = NOT_COMPILED_IN;
11127 #endif
11128 break;
11129 #ifdef HAVE_BLAKE2B
11130 case WC_HASH_TYPE_BLAKE2B:
11131 if (wc_Blake2bUpdate(&ctx->hash.digest.blake2b,
11132 (const byte*)data, (word32)sz) == 0) {
11133 ret = WOLFSSL_SUCCESS;
11134 }
11135 break;
11136 #endif
11137 #ifdef HAVE_BLAKE2S
11138 case WC_HASH_TYPE_BLAKE2S:
11139 if (wc_Blake2sUpdate(&ctx->hash.digest.blake2s,
11140 (const byte*)data, (word32)sz) == 0) {
11141 ret = WOLFSSL_SUCCESS;
11142 }
11143 break;
11144 #endif
11145 case WC_HASH_TYPE_NONE:
11146 case WC_HASH_TYPE_MD2:
11147 case WC_HASH_TYPE_MD5_SHA:
11148 #ifndef HAVE_BLAKE2B
11149 case WC_HASH_TYPE_BLAKE2B:
11150 #endif
11151 #ifndef HAVE_BLAKE2S
11152 case WC_HASH_TYPE_BLAKE2S:
11153 #endif
11154 default:
11155 return WOLFSSL_FAILURE;
11156 }
11157
11158 return ret;
11159 }
11160
11161 /* WOLFSSL_SUCCESS on ok */
11162 static int wolfSSL_EVP_DigestFinal_Common(WOLFSSL_EVP_MD_CTX* ctx,
11163 unsigned char* md, unsigned int* s, enum wc_HashType macType)
11164 {
11165 int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
11166
11167 switch (macType) {
11168 case WC_HASH_TYPE_MD4:
11169 #ifndef NO_MD4
11170 wolfSSL_MD4_Final(md, (WOLFSSL_MD4_CTX*)&ctx->hash);
11171 if (s) *s = WC_MD4_DIGEST_SIZE;
11172 ret = WOLFSSL_SUCCESS;
11173 #endif
11174 break;
11175 case WC_HASH_TYPE_MD5:
11176 #ifndef NO_MD5
11177 ret = wolfSSL_MD5_Final(md, (WOLFSSL_MD5_CTX*)&ctx->hash);
11178 if (s) *s = WC_MD5_DIGEST_SIZE;
11179 #endif
11180 break;
11181 case WC_HASH_TYPE_SHA:
11182 #ifndef NO_SHA
11183 ret = wolfSSL_SHA_Final(md, (WOLFSSL_SHA_CTX*)&ctx->hash);
11184 if (s) *s = WC_SHA_DIGEST_SIZE;
11185 #endif
11186 break;
11187 case WC_HASH_TYPE_SHA224:
11188 #ifdef WOLFSSL_SHA224
11189 ret = wolfSSL_SHA224_Final(md, (WOLFSSL_SHA224_CTX*)&ctx->hash);
11190 if (s) *s = WC_SHA224_DIGEST_SIZE;
11191 #endif
11192 break;
11193 case WC_HASH_TYPE_SHA256:
11194 #ifndef NO_SHA256
11195 ret = wolfSSL_SHA256_Final(md, (WOLFSSL_SHA256_CTX*)&ctx->hash);
11196 if (s) *s = WC_SHA256_DIGEST_SIZE;
11197 #endif /* !NO_SHA256 */
11198 break;
11199 case WC_HASH_TYPE_SHA384:
11200 #ifdef WOLFSSL_SHA384
11201 ret = wolfSSL_SHA384_Final(md, (WOLFSSL_SHA384_CTX*)&ctx->hash);
11202 if (s) *s = WC_SHA384_DIGEST_SIZE;
11203 #endif
11204 break;
11205 case WC_HASH_TYPE_SHA512:
11206 #ifdef WOLFSSL_SHA512
11207 ret = wolfSSL_SHA512_Final(md, (WOLFSSL_SHA512_CTX*)&ctx->hash);
11208 if (s) *s = WC_SHA512_DIGEST_SIZE;
11209 #endif /* WOLFSSL_SHA512 */
11210 break;
11211 case WC_HASH_TYPE_SHA512_224:
11212 #if (!defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0)) && \
11213 !defined(HAVE_SELFTEST) && defined(WOLFSSL_SHA512) && \
11214 !defined(WOLFSSL_NOSHA512_224)
11215 ret = wolfSSL_SHA512_224_Final(md, (WOLFSSL_SHA512_CTX*)&ctx->hash);
11216 if (s) *s = WC_SHA512_224_DIGEST_SIZE;
11217 #else
11218 ret = NOT_COMPILED_IN;
11219 #endif
11220 break;
11221 case WC_HASH_TYPE_SHA512_256:
11222 #if (!defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0)) && \
11223 !defined(HAVE_SELFTEST) && defined(WOLFSSL_SHA512) && \
11224 !defined(WOLFSSL_NOSHA512_256)
11225 ret = wolfSSL_SHA512_256_Final(md, (WOLFSSL_SHA512_CTX*)&ctx->hash);
11226 if (s) *s = WC_SHA512_256_DIGEST_SIZE;
11227 #else
11228 ret = NOT_COMPILED_IN;
11229 #endif
11230 break;
11231 case WC_HASH_TYPE_SHA3_224:
11232 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224)
11233 ret = wolfSSL_SHA3_224_Final(md, (WOLFSSL_SHA3_224_CTX*)&ctx->hash);
11234 if (s) *s = WC_SHA3_224_DIGEST_SIZE;
11235 #endif
11236 break;
11237 case WC_HASH_TYPE_SHA3_256:
11238 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256)
11239 ret = wolfSSL_SHA3_256_Final(md, (WOLFSSL_SHA3_256_CTX*)&ctx->hash);
11240 if (s) *s = WC_SHA3_256_DIGEST_SIZE;
11241 #endif
11242 break;
11243 case WC_HASH_TYPE_SHA3_384:
11244 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384)
11245 ret = wolfSSL_SHA3_384_Final(md, (WOLFSSL_SHA3_384_CTX*)&ctx->hash);
11246 if (s) *s = WC_SHA3_384_DIGEST_SIZE;
11247 #endif
11248 break;
11249 case WC_HASH_TYPE_SHA3_512:
11250 #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512)
11251 ret = wolfSSL_SHA3_512_Final(md, (WOLFSSL_SHA3_512_CTX*)&ctx->hash);
11252 if (s) *s = WC_SHA3_512_DIGEST_SIZE;
11253 #endif
11254 break;
11255 case WC_HASH_TYPE_SM3:
11256 #ifdef WOLFSSL_SM3
11257 ret = wc_Sm3Final(&ctx->hash.digest.sm3, md);
11258 if (ret == 0) {
11259 ret = WOLFSSL_SUCCESS;
11260 }
11261 else {
11262 ret = WOLFSSL_FAILURE;
11263 }
11264 if (s) *s = WC_SM3_DIGEST_SIZE;
11265 #else
11266 ret = NOT_COMPILED_IN;
11267 #endif
11268 break;
11269 case WC_HASH_TYPE_SHAKE128:
11270 #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE128)
11271 if (wc_Shake128_Final(&ctx->hash.digest.shake, md, *s) == 0) {
11272 ret = WOLFSSL_SUCCESS;
11273 }
11274 #else
11275 ret = NOT_COMPILED_IN;
11276 #endif
11277 break;
11278 case WC_HASH_TYPE_SHAKE256:
11279 #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256)
11280 if (wc_Shake256_Final(&ctx->hash.digest.shake, md, *s) == 0) {
11281 ret = WOLFSSL_SUCCESS;
11282 }
11283 #else
11284 ret = NOT_COMPILED_IN;
11285 #endif
11286 break;
11287 case WC_HASH_TYPE_BLAKE2B:
11288 #ifdef HAVE_BLAKE2B
11289 if (wc_Blake2bFinal(&ctx->hash.digest.blake2b, md,
11290 WC_BLAKE2B_DIGEST_SIZE) == 0) {
11291 if (s) *s = WC_BLAKE2B_DIGEST_SIZE;
11292 ret = WOLFSSL_SUCCESS;
11293 }
11294 #else
11295 ret = NOT_COMPILED_IN;
11296 #endif
11297 break;
11298 case WC_HASH_TYPE_BLAKE2S:
11299 #ifdef HAVE_BLAKE2S
11300 if (wc_Blake2sFinal(&ctx->hash.digest.blake2s, md,
11301 WC_BLAKE2S_DIGEST_SIZE) == 0) {
11302 if (s) *s = WC_BLAKE2S_DIGEST_SIZE;
11303 ret = WOLFSSL_SUCCESS;
11304 }
11305 #else
11306 ret = NOT_COMPILED_IN;
11307 #endif
11308 break;
11309 case WC_HASH_TYPE_NONE:
11310 case WC_HASH_TYPE_MD2:
11311 case WC_HASH_TYPE_MD5_SHA:
11312 default:
11313 return WOLFSSL_FAILURE;
11314 }
11315
11316 return ret;
11317 }
11318
11319 int wolfSSL_EVP_DigestFinal(WOLFSSL_EVP_MD_CTX* ctx, unsigned char* md,
11320 unsigned int* s)
11321 {
11322 enum wc_HashType macType;
11323 #if defined(WOLFSSL_SHA3) && (defined(WOLFSSL_SHAKE128) || \
11324 defined(WOLFSSL_SHAKE256))
11325 unsigned int defaultSz = 0;
11326 #endif
11327
11328 WOLFSSL_ENTER("wolfSSL_EVP_DigestFinal");
11329
11330 macType = EvpMd2MacType(wolfSSL_EVP_MD_CTX_md(ctx));
11331 switch (macType) {
11332 case WC_HASH_TYPE_MD4:
11333 case WC_HASH_TYPE_MD5:
11334 case WC_HASH_TYPE_SHA:
11335 case WC_HASH_TYPE_SHA224:
11336 case WC_HASH_TYPE_SHA256:
11337 case WC_HASH_TYPE_SHA384:
11338 case WC_HASH_TYPE_SHA512:
11339 case WC_HASH_TYPE_SHA512_224:
11340 case WC_HASH_TYPE_SHA512_256:
11341 case WC_HASH_TYPE_SHA3_224:
11342 case WC_HASH_TYPE_SHA3_256:
11343 case WC_HASH_TYPE_SHA3_384:
11344 case WC_HASH_TYPE_SHA3_512:
11345 case WC_HASH_TYPE_SM3:
11346 case WC_HASH_TYPE_BLAKE2B:
11347 case WC_HASH_TYPE_BLAKE2S:
11348 case WC_HASH_TYPE_NONE:
11349 case WC_HASH_TYPE_MD2:
11350 case WC_HASH_TYPE_MD5_SHA:
11351 break;
11352
11353 case WC_HASH_TYPE_SHAKE128:
11354 #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE128)
11355 if (s == NULL)
11356 s = &defaultSz;
11357 *s = 16; /* if mixing up XOF with plain digest 128 bit is
11358 * default for SHAKE128 */
11359
11360 #else
11361 return WOLFSSL_FAILURE;
11362 #endif
11363 break;
11364 case WC_HASH_TYPE_SHAKE256:
11365 #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256)
11366 if (s == NULL)
11367 s = &defaultSz;
11368 *s = 32; /* if mixing up XOF with plain digest 256 bit is
11369 * default for SHAKE256 */
11370 #else
11371 return WOLFSSL_FAILURE;
11372 #endif
11373 break;
11374 default:
11375 return WOLFSSL_FAILURE;
11376 }
11377 return wolfSSL_EVP_DigestFinal_Common(ctx, md, s, macType);
11378 }
11379
11380 /* WOLFSSL_SUCCESS on ok */
11381 int wolfSSL_EVP_DigestFinal_ex(WOLFSSL_EVP_MD_CTX* ctx, unsigned char* md,
11382 unsigned int* s)
11383 {
11384 WOLFSSL_ENTER("EVP_DigestFinal_ex");
11385 return wolfSSL_EVP_DigestFinal(ctx, md, s);
11386 }
11387
11388
11389 /* XOF stands for extendable-output functions. This is used for algos such
11390 * as SHAKE256.
11391 *
11392 * returns 1 (WOLFSSL_SUCCESS) on success and 0 (WOLFSSL_FAILURE) on fail */
11393 int wolfSSL_EVP_DigestFinalXOF(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *md,
11394 size_t sz)
11395 {
11396 unsigned int len;
11397 enum wc_HashType macType;
11398
11399 WOLFSSL_ENTER("wolfSSL_EVP_DigestFinalXOF");
11400 len = (unsigned int)sz;
11401
11402 macType = EvpMd2MacType(wolfSSL_EVP_MD_CTX_md(ctx));
11403 return wolfSSL_EVP_DigestFinal_Common(ctx, md, &len, macType);
11404 }
11405
11406
11407 unsigned long wolfSSL_EVP_MD_flags(const WOLFSSL_EVP_MD *md)
11408 {
11409 enum wc_HashType macType;
11410
11411 macType = EvpMd2MacType(md);
11412 switch ((int)macType) {
11413 case WC_HASH_TYPE_BLAKE2B:
11414 case WC_HASH_TYPE_BLAKE2S:
11415 #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE128)
11416 case WC_HASH_TYPE_SHAKE128:
11417 #endif
11418 #if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256)
11419 case WC_HASH_TYPE_SHAKE256:
11420 #endif
11421 return WOLFSSL_EVP_MD_FLAG_XOF;
11422 default:
11423 return 0;
11424 }
11425 }
11426
11427
11428 void wolfSSL_EVP_cleanup(void)
11429 {
11430 /* nothing to do here */
11431 }
11432
11433const WOLFSSL_EVP_MD* wolfSSL_EVP_get_digestbynid(int id)
11434{
11435 WOLFSSL_MSG("wolfSSL_get_digestbynid");
11436
11437 switch(id) {
11438#ifndef NO_MD4
11439 case WC_NID_md4:
11440 return wolfSSL_EVP_md4();
11441#endif
11442#ifndef NO_MD5
11443 case WC_NID_md5:
11444 return wolfSSL_EVP_md5();
11445#endif
11446#ifndef NO_SHA
11447 case WC_NID_sha1:
11448 return wolfSSL_EVP_sha1();
11449#endif
11450#ifdef WOLFSSL_SHA224
11451 case WC_NID_sha224:
11452 return wolfSSL_EVP_sha224();
11453#endif
11454#ifndef NO_SHA256
11455 case WC_NID_sha256:
11456 return wolfSSL_EVP_sha256();
11457#endif
11458#ifdef WOLFSSL_SHA384
11459 case WC_NID_sha384:
11460 return wolfSSL_EVP_sha384();
11461#endif
11462#ifdef WOLFSSL_SHA512
11463 case WC_NID_sha512:
11464 return wolfSSL_EVP_sha512();
11465#endif
11466#ifdef WOLFSSL_SM3
11467 case WC_NID_sm3:
11468 return wolfSSL_EVP_sm3();
11469#endif
11470#ifdef WOLFSSL_SHAKE128
11471 case WC_NID_shake128:
11472 return wolfSSL_EVP_shake128();
11473#endif
11474#ifdef WOLFSSL_SHAKE256
11475 case WC_NID_shake256:
11476 return wolfSSL_EVP_shake256();
11477#endif
11478 default:
11479 WOLFSSL_MSG("Bad digest id value");
11480 }
11481
11482 return NULL;
11483}
11484int wolfSSL_EVP_MD_block_size(const WOLFSSL_EVP_MD* type)
11485{
11486 WOLFSSL_MSG("wolfSSL_EVP_MD_block_size");
11487
11488 if (type == NULL) {
11489 WOLFSSL_MSG("No md type arg");
11490 return WOLFSSL_FAILURE;
11491 }
11492
11493#ifndef NO_SHA
11494 if ((XSTRCMP(type, "SHA") == 0) || (XSTRCMP(type, WC_SN_sha1) == 0)) {
11495 return WC_SHA_BLOCK_SIZE;
11496 } else
11497#endif
11498#ifndef NO_SHA256
11499 if (XSTRCMP(type, WC_SN_sha256) == 0) {
11500 return WC_SHA256_BLOCK_SIZE;
11501 } else
11502#endif
11503#ifndef NO_MD4
11504 if (XSTRCMP(type, WC_SN_md4) == 0) {
11505 return WC_MD4_BLOCK_SIZE;
11506 } else
11507#endif
11508#ifndef NO_MD5
11509 if (XSTRCMP(type, WC_SN_md5) == 0) {
11510 return WC_MD5_BLOCK_SIZE;
11511 } else
11512#endif
11513#ifdef WOLFSSL_SHA224
11514 if (XSTRCMP(type, WC_SN_sha224) == 0) {
11515 return WC_SHA224_BLOCK_SIZE;
11516 } else
11517#endif
11518#ifdef WOLFSSL_SHA384
11519 if (XSTRCMP(type, WC_SN_sha384) == 0) {
11520 return WC_SHA384_BLOCK_SIZE;
11521 } else
11522#endif
11523#ifdef WOLFSSL_SHA512
11524 if (XSTRCMP(type, WC_SN_sha512) == 0) {
11525 return WC_SHA512_BLOCK_SIZE;
11526 } else
11527#endif
11528#ifdef WOLFSSL_SHA3
11529#ifndef WOLFSSL_NOSHA3_224
11530 if (XSTRCMP(type, WC_SN_sha3_224) == 0) {
11531 return WC_SHA3_224_BLOCK_SIZE;
11532 } else
11533#endif
11534#ifndef WOLFSSL_NOSHA3_256
11535 if (XSTRCMP(type, WC_SN_sha3_256) == 0) {
11536 return WC_SHA3_256_BLOCK_SIZE;
11537 } else
11538#endif
11539#ifndef WOLFSSL_NOSHA3_384
11540 if (XSTRCMP(type, WC_SN_sha3_384) == 0) {
11541 return WC_SHA3_384_BLOCK_SIZE;
11542 } else
11543#endif
11544#ifndef WOLFSSL_NOSHA3_512
11545 if (XSTRCMP(type, WC_SN_sha3_512) == 0) {
11546 return WC_SHA3_512_BLOCK_SIZE;
11547 } else
11548#endif
11549#if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE128)
11550 if (XSTRCMP(type, WC_SN_shake128) == 0) {
11551 return WC_SHA3_128_BLOCK_SIZE;
11552 } else
11553#endif
11554#if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256)
11555 if (XSTRCMP(type, WC_SN_shake256) == 0) {
11556 return WC_SHA3_256_BLOCK_SIZE;
11557 } else
11558#endif
11559#endif /* WOLFSSL_SHA3 */
11560#ifdef WOLFSSL_SM3
11561 if (XSTRCMP(type, WC_SN_sm3) == 0) {
11562 return WC_SM3_BLOCK_SIZE;
11563 } else
11564#endif
11565
11566 return WOLFSSL_FAILURE;
11567}
11568
11569int wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* type)
11570{
11571 WOLFSSL_MSG("wolfSSL_EVP_MD_size");
11572
11573 if (type == NULL) {
11574 WOLFSSL_MSG("No md type arg");
11575 return WOLFSSL_FAILURE;
11576 }
11577
11578#ifndef NO_SHA
11579 if ((XSTRCMP(type, "SHA") == 0) || (XSTRCMP(type, WC_SN_sha1) == 0)) {
11580 return WC_SHA_DIGEST_SIZE;
11581 } else
11582#endif
11583#ifndef NO_SHA256
11584 if (XSTRCMP(type, WC_SN_sha256) == 0) {
11585 return WC_SHA256_DIGEST_SIZE;
11586 } else
11587#endif
11588#ifndef NO_MD4
11589 if (XSTRCMP(type, WC_SN_md4) == 0) {
11590 return WC_MD4_DIGEST_SIZE;
11591 } else
11592#endif
11593#ifndef NO_MD5
11594 if (XSTRCMP(type, WC_SN_md5) == 0) {
11595 return WC_MD5_DIGEST_SIZE;
11596 } else
11597#endif
11598#ifdef WOLFSSL_SHA224
11599 if (XSTRCMP(type, WC_SN_sha224) == 0) {
11600 return WC_SHA224_DIGEST_SIZE;
11601 } else
11602#endif
11603#ifdef WOLFSSL_SHA384
11604 if (XSTRCMP(type, WC_SN_sha384) == 0) {
11605 return WC_SHA384_DIGEST_SIZE;
11606 } else
11607#endif
11608#ifdef WOLFSSL_SHA512
11609 if (XSTRCMP(type, WC_SN_sha512) == 0) {
11610 return WC_SHA512_DIGEST_SIZE;
11611 } else
11612#ifndef WOLFSSL_NOSHA512_224
11613 if (XSTRCMP(type, WC_SN_sha512_224) == 0) {
11614 return WC_SHA512_224_DIGEST_SIZE;
11615 } else
11616#endif
11617#ifndef WOLFSSL_NOSHA512_256
11618 if (XSTRCMP(type, WC_SN_sha512_256) == 0) {
11619 return WC_SHA512_256_DIGEST_SIZE;
11620 } else
11621#endif
11622#endif
11623#ifdef WOLFSSL_SHA3
11624#ifndef WOLFSSL_NOSHA3_224
11625 if (XSTRCMP(type, WC_SN_sha3_224) == 0) {
11626 return WC_SHA3_224_DIGEST_SIZE;
11627 } else
11628#endif
11629#ifndef WOLFSSL_NOSHA3_256
11630 if (XSTRCMP(type, WC_SN_sha3_256) == 0) {
11631 return WC_SHA3_256_DIGEST_SIZE;
11632 } else
11633#endif
11634#ifndef WOLFSSL_NOSHA3_384
11635 if (XSTRCMP(type, WC_SN_sha3_384) == 0) {
11636 return WC_SHA3_384_DIGEST_SIZE;
11637 } else
11638#endif
11639#ifndef WOLFSSL_NOSHA3_512
11640 if (XSTRCMP(type, WC_SN_sha3_512) == 0) {
11641 return WC_SHA3_512_DIGEST_SIZE;
11642 } else
11643#endif
11644#endif /* WOLFSSL_SHA3 */
11645#ifdef WOLFSSL_SM3
11646 if (XSTRCMP(type, WC_SN_sm3) == 0) {
11647 return WC_SM3_DIGEST_SIZE;
11648 }
11649#endif
11650
11651 return WOLFSSL_FAILURE;
11652}
11653
11654#endif /* OPENSSL_EXTRA || HAVE_CURL */
11655
11656#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
11657/* Subset of OPENSSL_EXTRA for PKEY operations PKEY free is needed by the
11658 * subset of X509 API */
11659
11660WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new(void){
11661 return wolfSSL_EVP_PKEY_new_ex(NULL);
11662}
11663
11664WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_ex(void* heap)
11665{
11666 WOLFSSL_EVP_PKEY* pkey;
11667 int ret;
11668 WOLFSSL_ENTER("wolfSSL_EVP_PKEY_new_ex");
11669 pkey = (WOLFSSL_EVP_PKEY*)XMALLOC(sizeof(WOLFSSL_EVP_PKEY), heap,
11670 DYNAMIC_TYPE_PUBLIC_KEY);
11671 if (pkey != NULL) {
11672 XMEMSET(pkey, 0, sizeof(WOLFSSL_EVP_PKEY));
11673 pkey->heap = heap;
11674 pkey->type = WOLFSSL_EVP_PKEY_DEFAULT;
11675
11676#ifndef HAVE_FIPS
11677 ret = wc_InitRng_ex(&pkey->rng, heap, INVALID_DEVID);
11678#else
11679 ret = wc_InitRng(&pkey->rng);
11680#endif
11681 if (ret != 0){
11682 /* Free directly since mutex for ref count not set yet */
11683 XFREE(pkey, heap, DYNAMIC_TYPE_PUBLIC_KEY);
11684 WOLFSSL_MSG("Issue initializing RNG");
11685 return NULL;
11686 }
11687
11688 wolfSSL_RefInit(&pkey->ref, &ret);
11689 #ifdef WOLFSSL_REFCNT_ERROR_RETURN
11690 if (ret != 0){
11691 wolfSSL_EVP_PKEY_free(pkey);
11692 WOLFSSL_MSG("Issue initializing mutex");
11693 return NULL;
11694 }
11695 #else
11696 (void)ret;
11697 #endif
11698 }
11699 else {
11700 WOLFSSL_MSG("memory failure");
11701 }
11702
11703 return pkey;
11704}
11705
11706void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY* key)
11707{
11708 int doFree = 0;
11709 WOLFSSL_ENTER("wolfSSL_EVP_PKEY_free");
11710 if (key != NULL) {
11711 int ret;
11712 wolfSSL_RefDec(&key->ref, &doFree, &ret);
11713 #ifdef WOLFSSL_REFCNT_ERROR_RETURN
11714 if (ret != 0) {
11715 WOLFSSL_MSG("Couldn't lock pkey mutex");
11716 }
11717 #else
11718 (void)ret;
11719 #endif
11720
11721 if (doFree) {
11722 wc_FreeRng(&key->rng);
11723
11724 if (key->pkey.ptr != NULL) {
11725 XFREE(key->pkey.ptr, key->heap, DYNAMIC_TYPE_PUBLIC_KEY);
11726 key->pkey.ptr = NULL;
11727 }
11728 switch(key->type)
11729 {
11730 #ifndef NO_RSA
11731 case WC_EVP_PKEY_RSA:
11732 if (key->rsa != NULL && key->ownRsa == 1) {
11733 wolfSSL_RSA_free(key->rsa);
11734 key->rsa = NULL;
11735 }
11736 break;
11737 #endif /* NO_RSA */
11738
11739 #if defined(HAVE_ECC) && defined(OPENSSL_EXTRA)
11740 case WC_EVP_PKEY_EC:
11741 if (key->ecc != NULL && key->ownEcc == 1) {
11742 wolfSSL_EC_KEY_free(key->ecc);
11743 key->ecc = NULL;
11744 }
11745 break;
11746 #endif /* HAVE_ECC && OPENSSL_EXTRA */
11747
11748 #ifndef NO_DSA
11749 case WC_EVP_PKEY_DSA:
11750 if (key->dsa != NULL && key->ownDsa == 1) {
11751 wolfSSL_DSA_free(key->dsa);
11752 key->dsa = NULL;
11753 }
11754 break;
11755 #endif /* NO_DSA */
11756
11757 #if !defined(NO_DH) && (defined(WOLFSSL_QT) || \
11758 defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL))
11759 case WC_EVP_PKEY_DH:
11760 if (key->dh != NULL && key->ownDh == 1) {
11761 wolfSSL_DH_free(key->dh);
11762 key->dh = NULL;
11763 }
11764 break;
11765 #endif /* ! NO_DH ... */
11766
11767 #ifdef HAVE_ED25519
11768 case WC_EVP_PKEY_ED25519:
11769 if (key->ed25519 != NULL && key->ownEd25519 == 1) {
11770 wc_ed25519_free(key->ed25519);
11771 XFREE(key->ed25519, key->heap, DYNAMIC_TYPE_ED25519);
11772 key->ed25519 = NULL;
11773 }
11774 break;
11775 #endif /* HAVE_ED25519 */
11776
11777 #ifdef HAVE_ED448
11778 case WC_EVP_PKEY_ED448:
11779 if (key->ed448 != NULL && key->ownEd448 == 1) {
11780 wc_ed448_free(key->ed448);
11781 XFREE(key->ed448, key->heap, DYNAMIC_TYPE_ED448);
11782 key->ed448 = NULL;
11783 }
11784 break;
11785 #endif /* HAVE_ED448 */
11786
11787 #ifdef HAVE_HKDF
11788 case WC_EVP_PKEY_HKDF:
11789 XFREE(key->hkdfSalt, NULL, DYNAMIC_TYPE_SALT);
11790 key->hkdfSalt = NULL;
11791 if (key->hkdfKey != NULL && key->hkdfKeySz > 0) {
11792 ForceZero(key->hkdfKey, key->hkdfKeySz);
11793 }
11794 XFREE(key->hkdfKey, NULL, DYNAMIC_TYPE_KEY);
11795 key->hkdfKey = NULL;
11796 XFREE(key->hkdfInfo, NULL, DYNAMIC_TYPE_INFO);
11797 key->hkdfInfo = NULL;
11798 key->hkdfSaltSz = 0;
11799 key->hkdfKeySz = 0;
11800 key->hkdfInfoSz = 0;
11801 break;
11802 #endif /* HAVE_HKDF */
11803
11804 #if defined(WOLFSSL_CMAC) && defined(OPENSSL_EXTRA) && \
11805 defined(WOLFSSL_AES_DIRECT)
11806 case WC_EVP_PKEY_CMAC:
11807 if (key->cmacCtx != NULL) {
11808 wolfSSL_CMAC_CTX_free(key->cmacCtx);
11809 key->cmacCtx = NULL;
11810 }
11811 break;
11812 #endif /* defined(WOLFSSL_CMAC) ... */
11813
11814 default:
11815 break;
11816 }
11817
11818 wolfSSL_RefFree(&key->ref);
11819 XFREE(key, key->heap, DYNAMIC_TYPE_PUBLIC_KEY);
11820 }
11821 }
11822}
11823#if defined(OPENSSL_EXTRA) && !defined(NO_BIO)
11824
11825/* Indent writes white spaces of the number specified by "indents"
11826 * to the BIO. The number of white spaces is limited from 0 to
11827 * EVP_PKEY_PRINT_INDENT_MAX.
11828 * returns the amount written to BIO.
11829 */
11830static int Indent(WOLFSSL_BIO* out, int indents)
11831{
11832 int i;
11833 char space = ' ';
11834 if (out == NULL) {
11835 return 0;
11836 }
11837 if (indents > WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX) {
11838 indents = WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX;
11839 }
11840 for (i = 0; i < indents; i++) {
11841 if (wolfSSL_BIO_write(out, &space, 1) < 0) {
11842 break;
11843 }
11844 }
11845 return indents -i;
11846}
11847/* PrintHexWithColon dump byte-data specified by "input" to the "out".
11848 * Each line has leading white spaces( "indent" gives the number ) plus
11849 * four spaces, then hex coded 15 byte data with separator ":" follow.
11850 * Each line looks like:
11851 * " 00:e6:ab: --- 9f:ef:"
11852 * Parameters:
11853 * out bio to output dump data
11854 * input buffer holding data to dump
11855 * inlen input data size
11856 * indent the number of spaces for indent
11857 * blower true if lower case uses
11858 * Returns 1 on success, 0 on failure.
11859 */
11860static int PrintHexWithColon(WOLFSSL_BIO* out, const byte* input,
11861 int inlen, int indent, byte blower)
11862{
11863#ifdef WOLFSSL_SMALL_STACK
11864 byte* buff = NULL;
11865#else
11866 byte buff[WOLFSSL_EVP_PKEY_PRINT_LINE_WIDTH_MAX] = { 0 };
11867#endif /* WOLFSSL_SMALL_STACK */
11868 int ret = WOLFSSL_SUCCESS;
11869 word32 in = 0;
11870 word32 i;
11871 int idx;
11872 const byte* data;
11873 word32 outSz;
11874 byte outHex[3];
11875
11876 if (!out || !input || inlen <= 0) {
11877 return WOLFSSL_FAILURE;
11878 }
11879
11880 if (indent < 0) {
11881 indent = 0;
11882 }
11883 if (indent > WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX) {
11884 indent = WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX;
11885 }
11886
11887 data = input;
11888
11889#ifdef WOLFSSL_SMALL_STACK
11890 buff = (byte*)XMALLOC(WOLFSSL_EVP_PKEY_PRINT_LINE_WIDTH_MAX, NULL,
11891 DYNAMIC_TYPE_TMP_BUFFER);
11892 if (!buff) {
11893 return WOLFSSL_FAILURE;
11894 }
11895#endif
11896
11897 /* print pub element */
11898 idx = 0;
11899
11900 for (in = 0; in < (word32)inlen && ret == WOLFSSL_SUCCESS; in +=
11901 WOLFSSL_EVP_PKEY_PRINT_DIGITS_PER_LINE ) {
11902 if (Indent(out, indent) < 0) {
11903 ret = WOLFSSL_FAILURE;
11904 break;
11905 }
11906 for (i = 0; (i < WOLFSSL_EVP_PKEY_PRINT_DIGITS_PER_LINE) &&
11907 (in + i < (word32)inlen); i++) {
11908
11909 if (ret == WOLFSSL_SUCCESS) {
11910 outSz = sizeof(outHex);
11911 ret = Base16_Encode((const byte*)&data[in + i], 1,
11912 outHex, &outSz) == 0;
11913 }
11914 if (ret == WOLFSSL_SUCCESS) {
11915 if (blower) {
11916 outHex[0] = (byte)XTOLOWER(outHex[0]);
11917 outHex[1] = (byte)XTOLOWER(outHex[1]);
11918 }
11919 XMEMCPY(buff + idx, outHex, 2);
11920 idx += 2;
11921
11922 if (in + i != (word32)inlen -1) {
11923 XMEMSET(buff + idx, ':', 1);
11924 idx += 1;
11925 }
11926 }
11927 }
11928 if (ret == WOLFSSL_SUCCESS) {
11929 ret = wolfSSL_BIO_write(out, buff, idx) > 0;
11930 }
11931 if (ret == WOLFSSL_SUCCESS) {
11932 ret = wolfSSL_BIO_write(out, "\n", 1) > 0;
11933 }
11934 if (ret == WOLFSSL_SUCCESS) {
11935 XMEMSET(buff, 0, WOLFSSL_EVP_PKEY_PRINT_LINE_WIDTH_MAX);
11936 idx = 0;
11937 }
11938 }
11939 WC_FREE_VAR_EX(buff, NULL, DYNAMIC_TYPE_TMP_BUFFER);
11940 return ret;
11941}
11942#if !defined(NO_RSA)
11943/* PrintPubKeyRSA is a helper function for wolfSSL_EVP_PKEY_print_public
11944 * to parse a DER format RSA public key specified in the second parameter.
11945 * Parameters:
11946 * out bio to output dump data
11947 * pkey buffer holding public key data
11948 * pkeySz public key data size
11949 * indent the number of spaces for indent
11950 * bitlen bit size of the given key
11951 * pctx context(not used)
11952 * Returns 1 on success, 0 on failure.
11953*/
11954static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz,
11955 int indent, int bitlen, WOLFSSL_ASN1_PCTX* pctx)
11956{
11957 byte buff[WOLFSSL_EVP_EXPONENT_PRINT_MAX] = { 0 };
11958 int res = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
11959 word32 inOutIdx = 0;
11960 word32 nSz; /* size of modulus */
11961 word32 eSz; /* size of public exponent */
11962 const byte* n = NULL;
11963 const byte* e = NULL; /* pointer to modulus/exponent */
11964 word32 i;
11965 unsigned long exponent = 0;
11966 WC_DECLARE_VAR(a, mp_int, 1, 0);
11967 char line[32] = { 0 };
11968
11969 (void)pctx;
11970
11971 WC_ALLOC_VAR_EX(a, mp_int, 1, NULL, DYNAMIC_TYPE_BIGINT,
11972 return WOLFSSL_FAILURE);
11973
11974 if( mp_init(a) != 0) {
11975 WC_FREE_VAR_EX(a, NULL, DYNAMIC_TYPE_BIGINT);
11976 return WOLFSSL_FAILURE;
11977 }
11978 if (indent < 0) {
11979 indent = 0;
11980 }
11981 if (indent > WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX) {
11982 indent = WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX;
11983 }
11984
11985 do {
11986 int idx;
11987 int wsz;
11988
11989 /* parse key to get modulus and exponent */
11990 if (wc_RsaPublicKeyDecode_ex(pkey, &inOutIdx, (word32)pkeySz,
11991 &n, &nSz, &e, &eSz) != 0) {
11992 break;
11993 }
11994
11995 /* print out public key elements */
11996 idx = 0;
11997 XMEMSET(buff, 0, sizeof(buff));
11998 Indent(out, indent);
11999 XSTRNCPY(line, "RSA Public-Key: (", sizeof(line));
12000 if (wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) <= 0) {
12001 break;
12002 }
12003 if (mp_set_int(a, (unsigned long)bitlen) != 0) {
12004 break;
12005 }
12006 if (mp_todecimal(a, (char*)buff) != 0) {
12007 break;
12008 }
12009 wsz = (int)XSTRLEN((const char*)buff);
12010
12011 if (wolfSSL_BIO_write(out, buff + idx, wsz) <= 0) {
12012 break;
12013 }
12014 XSTRNCPY(line, " bit)\n", sizeof(line));
12015 if (wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) <= 0) {
12016 break;
12017 }
12018 /* print Modulus */
12019 Indent(out, indent);
12020 XSTRNCPY(line, "Modulus:\n", sizeof(line));
12021 if (wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) <= 0) {
12022 break;
12023 }
12024
12025 /* print modulus with leading zero if exists */
12026 if (*n & 0x80 && *(n-1) == 0) {
12027 n--;
12028 nSz++;
12029 }
12030
12031 if (PrintHexWithColon(out, n, (int)nSz,
12032 indent + 4, 1/* lower case */) != WOLFSSL_SUCCESS) {
12033 break;
12034 }
12035 /* print public Exponent */
12036 idx = 0;
12037 Indent(out, indent);
12038 XSTRNCPY(line, "Exponent: ", sizeof(line));
12039 if (wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) <= 0) {
12040 break;
12041 }
12042 for (i = 0; i < eSz; i++) {
12043 exponent <<= 8;
12044 exponent += e[i];
12045 }
12046
12047 XMEMSET(buff, 0, sizeof(buff));
12048 if (mp_set_int(a, exponent) != 0) {
12049 break;
12050 }
12051 if (mp_todecimal(a, (char*)buff) != 0) {
12052 break;
12053 }
12054 wsz = (int)XSTRLEN((const char*)buff);
12055
12056 if (wolfSSL_BIO_write(out, buff + idx, wsz) <= 0) {
12057 break;
12058 }
12059 XSTRNCPY(line, " (0x", sizeof(line));
12060 if (wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) <= 0) {
12061 break;
12062 }
12063 XMEMSET(buff, 0, sizeof(buff));
12064 if (mp_tohex(a, (char*)buff) != 0) {
12065 break;
12066 }
12067 if (wolfSSL_BIO_write(out, buff, (int)XSTRLEN((char*)buff)) <= 0) {
12068 break;
12069 }
12070 XSTRNCPY(line, ")\n", sizeof(line));
12071 if (wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) <= 0) {
12072 break;
12073 }
12074
12075 res = WOLFSSL_SUCCESS;
12076 } while (0);
12077
12078 mp_free(a);
12079 WC_FREE_VAR_EX(a, NULL, DYNAMIC_TYPE_BIGINT);
12080 return res;
12081}
12082#endif /* !NO_RSA */
12083
12084#if defined(HAVE_ECC)
12085/* PrintPubKeyEC is a helper function for wolfSSL_EVP_PKEY_print_public
12086 * to parse a DER format ECC public key specified in the second parameter.
12087 * Parameters:
12088 * out bio to output dump data
12089 * pkey buffer holding public key data
12090 * pkeySz public key data size
12091 * indent the number of spaces for indent
12092 * bitlen bit size of the given key
12093 * pctx context(not used)
12094 * Returns 1 on success, 0 on failure.
12095*/
12096static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz,
12097 int indent, int bitlen, WOLFSSL_ASN1_PCTX* pctx)
12098{
12099 byte* pub = NULL;
12100 word32 pubSz = 0;
12101 byte buff[WOLFSSL_EVP_EXPONENT_PRINT_MAX] = { 0 };
12102 int res = WOLFSSL_SUCCESS;
12103 word32 inOutIdx = 0;
12104 int curveId = 0;
12105 const byte* curveOID = NULL;
12106 word32 oidSz = 0;
12107 const char* OIDName = NULL;
12108 const char* nistCurveName = NULL;
12109 int idx = 0;
12110 int wsz = 0;
12111#ifdef WOLFSSL_SMALL_STACK
12112 mp_int* a = NULL;
12113 ecc_key* key = NULL;
12114#else
12115 mp_int a[1];
12116 ecc_key key[1];
12117#endif
12118 char line[32] = { 0 };
12119 (void)pctx;
12120
12121#ifdef WOLFSSL_SMALL_STACK
12122 a = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_BIGINT);
12123 if (a == NULL) {
12124 WOLFSSL_MSG("Failed to allocate memory for mp_int");
12125 return WOLFSSL_FAILURE;
12126 }
12127 XMEMSET(a, 0, sizeof(mp_int));
12128
12129 key = (ecc_key*)XMALLOC(sizeof(ecc_key), NULL, DYNAMIC_TYPE_ECC);
12130 if (key == NULL) {
12131 WOLFSSL_MSG("Failed to allocate memory for ecc_key");
12132 XFREE(a, NULL, DYNAMIC_TYPE_BIGINT);
12133 return WOLFSSL_FAILURE;
12134 }
12135#endif
12136
12137 if (mp_init(a) != 0) {
12138 WC_FREE_VAR_EX(key, NULL, DYNAMIC_TYPE_ECC);
12139 WC_FREE_VAR_EX(a, NULL, DYNAMIC_TYPE_BIGINT);
12140 return WOLFSSL_FAILURE;
12141 }
12142
12143 if (wc_ecc_init(key) != 0) {
12144 /* Return early so we don't have to remember if init succeeded
12145 * or not. */
12146 mp_free(a);
12147 WC_FREE_VAR_EX(key, NULL, DYNAMIC_TYPE_ECC);
12148 WC_FREE_VAR_EX(a, NULL, DYNAMIC_TYPE_BIGINT);
12149 return WOLFSSL_FAILURE;
12150 }
12151
12152 if (indent < 0) {
12153 indent = 0;
12154 }
12155 else if (indent > WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX) {
12156 indent = WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX;
12157 }
12158
12159 if (res == WOLFSSL_SUCCESS) {
12160 res = wc_EccPublicKeyDecode(pkey, &inOutIdx, key, (word32)pkeySz) == 0;
12161 }
12162
12163 if (res == WOLFSSL_SUCCESS) {
12164 curveId = wc_ecc_get_oid(key->dp->oidSum, &curveOID, &oidSz);
12165 res = curveId > 0 && oidSz > 0;
12166 }
12167
12168 /* get NIST curve name */
12169 if (res == WOLFSSL_SUCCESS) {
12170 int nid = EccEnumToNID(curveId);
12171 if (nid != -1) {
12172 /* look up object name and nist curve name*/
12173 OIDName = wolfSSL_OBJ_nid2sn(nid);
12174 nistCurveName = wolfSSL_EC_curve_nid2nist(nid);
12175 res = (nistCurveName != NULL) && (OIDName != NULL);
12176 }
12177 else {
12178 res = WOLFSSL_FAILURE;
12179 }
12180 }
12181 if (res == WOLFSSL_SUCCESS) {
12182 pub = (byte*)XMALLOC(ECC_BUFSIZE, NULL, DYNAMIC_TYPE_ECC_BUFFER);
12183 if (pub != NULL) {
12184 pubSz = ECC_BUFSIZE;
12185 XMEMSET(pub, 0, ECC_BUFSIZE);
12186
12187 PRIVATE_KEY_UNLOCK();
12188 res = wc_ecc_export_x963(key, pub, &pubSz) == 0;
12189 PRIVATE_KEY_LOCK();
12190 }
12191 else {
12192 res = WOLFSSL_FAILURE;
12193 }
12194 }
12195 if (res == WOLFSSL_SUCCESS) {
12196 idx = 0;
12197 res = Indent(out, indent) >= 0;
12198 }
12199 if (res == WOLFSSL_SUCCESS) {
12200 XSTRNCPY(line, "Public-Key: (", sizeof(line));
12201 res = wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) > 0;
12202 }
12203 if (res == WOLFSSL_SUCCESS) {
12204 res = mp_set_int(a, (unsigned long)bitlen) == 0;
12205 }
12206 if (res == WOLFSSL_SUCCESS) {
12207 res = mp_todecimal(a, (char*)buff) == 0;
12208 }
12209 if (res == WOLFSSL_SUCCESS) {
12210 wsz = (int)XSTRLEN((const char*)buff);
12211 }
12212 if (res == WOLFSSL_SUCCESS) {
12213 res = wolfSSL_BIO_write(out, buff + idx, wsz) >= 0;
12214 }
12215 if (res == WOLFSSL_SUCCESS) {
12216 XSTRNCPY(line, " bit)\n", sizeof(line));
12217 res = wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) > 0;
12218 }
12219 if (res == WOLFSSL_SUCCESS) {
12220 res = Indent(out, indent) >= 0;
12221 }
12222 if (res == WOLFSSL_SUCCESS) {
12223 /* print pub element */
12224 XSTRNCPY(line, "pub:\n", sizeof(line));
12225 res = wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) > 0;
12226 }
12227 if (res == WOLFSSL_SUCCESS) {
12228 /* upper case */
12229 res = PrintHexWithColon(out, pub, (int)pubSz, indent + 4, 0);
12230 }
12231 if (res == WOLFSSL_SUCCESS) {
12232 res = Indent(out, indent) >= 0;
12233 }
12234 if (res == WOLFSSL_SUCCESS) {
12235 /* print OID in name */
12236 XSTRNCPY(line, "ASN1 OID: ", sizeof(line));
12237 res = wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) > 0;
12238 }
12239 if (res == WOLFSSL_SUCCESS) {
12240 res = wolfSSL_BIO_write(out, OIDName, (int)XSTRLEN(OIDName)) > 0;
12241 }
12242 if (res == WOLFSSL_SUCCESS) {
12243 res = wolfSSL_BIO_write(out, "\n", 1) > 0;
12244 }
12245 if (res == WOLFSSL_SUCCESS) {
12246 res = Indent(out, indent) >= 0;
12247 }
12248 if (res == WOLFSSL_SUCCESS) {
12249 /* print NIST curve name */
12250 XSTRNCPY(line, "NIST CURVE: ", sizeof(line));
12251 res = wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) > 0;
12252 }
12253 if (res == WOLFSSL_SUCCESS) {
12254 res = wolfSSL_BIO_write(out, nistCurveName,
12255 (int)XSTRLEN(nistCurveName)) > 0;
12256 }
12257 if (res == WOLFSSL_SUCCESS) {
12258 res = wolfSSL_BIO_write(out, "\n", 1) > 0;
12259 }
12260
12261 XFREE(pub, NULL, DYNAMIC_TYPE_ECC_BUFFER);
12262 pub = NULL;
12263
12264 wc_ecc_free(key);
12265 mp_free(a);
12266
12267 WC_FREE_VAR_EX(key, NULL, DYNAMIC_TYPE_ECC);
12268 WC_FREE_VAR_EX(a, NULL, DYNAMIC_TYPE_BIGINT);
12269
12270 return res;
12271}
12272#endif /* HAVE_ECC */
12273
12274#if !defined(NO_DSA)
12275/* PrintPubKeyDSA is a helper function for wolfSSL_EVP_PKEY_print_public
12276 * to parse a DER format DSA public key specified in the second parameter.
12277 * Parameters:
12278 * out bio to output dump data
12279 * pkey buffer holding public key data
12280 * pkeySz public key data size
12281 * indent the number of spaces for indent
12282 * bitlen bit size of the given key
12283 * pctx context(not used)
12284 * Returns 1 on success, 0 on failure.
12285*/
12286static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz,
12287 int indent, int bitlen, WOLFSSL_ASN1_PCTX* pctx)
12288{
12289
12290 byte buff[WOLFSSL_EVP_EXPONENT_PRINT_MAX] = { 0 };
12291 int length;
12292 int res = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
12293 word32 inOutIdx = 0;
12294 word32 oid;
12295 byte tagFound;
12296 WC_DECLARE_VAR(a, mp_int, 1, 0);
12297 char line[32] = { 0 };
12298
12299 WC_ALLOC_VAR_EX(a, mp_int, 1, NULL, DYNAMIC_TYPE_BIGINT,
12300 return WOLFSSL_FAILURE);
12301
12302 if( mp_init(a) != 0) {
12303 WC_FREE_VAR_EX(a, NULL, DYNAMIC_TYPE_BIGINT);
12304 return WOLFSSL_FAILURE;
12305 }
12306
12307 inOutIdx = 0;
12308 (void)pctx;
12309
12310 if (indent < 0) {
12311 indent = 0;
12312 }
12313 if (indent > WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX) {
12314 indent = WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX;
12315 }
12316
12317 do {
12318 byte *p = NULL, * q = NULL, * g = NULL, * y = NULL;
12319 int pSz, qSz, gSz, ySz;
12320 int idx;
12321 int wsz;
12322
12323 if (GetSequence(pkey, &inOutIdx, &length, (word32)pkeySz) < 0) {
12324 break;
12325 }
12326 if (GetSequence(pkey, &inOutIdx, &length, (word32)pkeySz) < 0) {
12327 break;
12328 }
12329 if (GetObjectId(pkey, &inOutIdx, &oid, oidIgnoreType, (word32)pkeySz) !=
12330 0) {
12331 break;
12332 }
12333 if (GetSequence(pkey, &inOutIdx, &length, (word32)pkeySz) < 0) {
12334 break;
12335 }
12336 /* find P */
12337 if (GetASNTag(pkey, &inOutIdx, &tagFound, (word32)pkeySz) != 0) {
12338 break;
12339 }
12340 if (tagFound != ASN_INTEGER) {
12341 break;
12342 }
12343 if (GetLength(pkey, &inOutIdx, &length, (word32)pkeySz) <= 0) {
12344 break;
12345 }
12346 p = (byte*)(pkey + inOutIdx);
12347 pSz = length;
12348
12349 if (bitlen == 0) {
12350 if (*p == 0) {
12351 bitlen = (pSz - 1) * 8; /* remove leading zero */
12352 }
12353 else {
12354 bitlen = pSz * 8;
12355 }
12356 }
12357
12358 inOutIdx += (word32)length;
12359 /* find Q */
12360 if (GetASNTag(pkey, &inOutIdx, &tagFound, (word32)pkeySz) != 0) {
12361 break;
12362 }
12363 if (tagFound != ASN_INTEGER) {
12364 break;
12365 }
12366 if (GetLength(pkey, &inOutIdx, &length, (word32)pkeySz) <= 0) {
12367 break;
12368 }
12369 q = (byte*)(pkey + inOutIdx);
12370 qSz = length;
12371 inOutIdx += (word32)length;
12372
12373 /* find G */
12374 if (GetASNTag(pkey, &inOutIdx, &tagFound, (word32)pkeySz) != 0) {
12375 break;
12376 }
12377 if (tagFound != ASN_INTEGER) {
12378 break;
12379 }
12380 if (GetLength(pkey, &inOutIdx, &length, (word32)pkeySz) <= 0) {
12381 break;
12382 }
12383 g = (byte*)(pkey + inOutIdx);
12384 gSz = length;
12385 inOutIdx += (word32)length;
12386 /* find Y */
12387 if (GetASNTag(pkey, &inOutIdx, &tagFound, (word32)pkeySz) != 0) {
12388 break;
12389 }
12390 if (tagFound != ASN_BIT_STRING) {
12391 break;
12392 }
12393 if (GetLength(pkey, &inOutIdx, &length, (word32)pkeySz) <= 0) {
12394 break;
12395 }
12396 inOutIdx++; /* skip the first byte( unused byte number)*/
12397
12398 if (GetASNTag(pkey, &inOutIdx, &tagFound, (word32)pkeySz) != 0) {
12399 break;
12400 }
12401 if (tagFound != ASN_INTEGER) {
12402 break;
12403 }
12404 if (GetLength(pkey, &inOutIdx, &length, (word32)pkeySz) <= 0) {
12405 break;
12406 }
12407 y = (byte*)(pkey + inOutIdx);
12408 ySz = length;
12409
12410 idx = 0;
12411 XMEMSET(buff, 0, sizeof(buff));
12412 Indent(out, indent);
12413 XSTRNCPY(line, "DSA Public-Key: (", sizeof(line));
12414 if (wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) <= 0) {
12415 break;
12416 }
12417 if (mp_set_int(a, (unsigned long)bitlen) != 0) {
12418 break;
12419 }
12420 if (mp_todecimal(a, (char*)buff) != 0) {
12421 break;
12422 }
12423 wsz = (int)XSTRLEN((const char*)buff);
12424 if (wolfSSL_BIO_write(out, buff + idx, wsz) <= 0) {
12425 break;
12426 }
12427 XSTRNCPY(line, " bit)\n", sizeof(line));
12428 if (wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) <= 0) {
12429 break;
12430 }
12431 /* print pub element */
12432 Indent(out, indent);
12433 XSTRNCPY(line, "pub:\n", sizeof(line));
12434 if (wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) <= 0) {
12435 break;
12436 }
12437 if (PrintHexWithColon(out, y, ySz, indent + 4, 0/* upper case */)
12438 != WOLFSSL_SUCCESS) {
12439 break;
12440 }
12441 /* print P element */
12442 Indent(out, indent);
12443 XSTRNCPY(line, "P:\n", sizeof(line));
12444 if (wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) <= 0) {
12445 break;
12446 }
12447 if (PrintHexWithColon(out, p, pSz, indent + 4, 0/* upper case */)
12448 != WOLFSSL_SUCCESS) {
12449 break;
12450 }
12451 /* print Q element */
12452 Indent(out, indent);
12453 XSTRNCPY(line, "Q:\n", sizeof(line));
12454 if (wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) <= 0) {
12455 break;
12456 }
12457 if (PrintHexWithColon(out, q, qSz, indent + 4, 0/* upper case */)
12458 != WOLFSSL_SUCCESS) {
12459 break;
12460 }
12461 /* print G element */
12462 Indent(out, indent);
12463 XSTRNCPY(line, "G:\n", sizeof(line));
12464 if (wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) <= 0) {
12465 break;
12466 }
12467 if (PrintHexWithColon(out, g, gSz, indent + 4, 0/* upper case */)
12468 != WOLFSSL_SUCCESS) {
12469 break;
12470 }
12471
12472 res = WOLFSSL_SUCCESS;
12473 } while (0);
12474
12475 mp_free(a);
12476 WC_FREE_VAR_EX(a, NULL, DYNAMIC_TYPE_BIGINT);
12477 return res;
12478}
12479#endif /* !NO_DSA */
12480
12481#if defined(WOLFSSL_DH_EXTRA)
12482/* PrintPubKeyDH is a helper function for wolfSSL_EVP_PKEY_print_public
12483 * to parse a DER format DH public key specified in the second parameter.
12484 * Parameters:
12485 * out bio to output dump data
12486 * pkey buffer holding public key data
12487 * pkeySz public key data size
12488 * indent the number of spaces for indent
12489 * bitlen bit size of the given key
12490 * pctx context(not used)
12491 * Returns 1 on success, 0 on failure.
12492*/
12493static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz,
12494 int indent, int bitlen, WOLFSSL_ASN1_PCTX* pctx)
12495{
12496
12497 byte buff[WOLFSSL_EVP_EXPONENT_PRINT_MAX] = { 0 };
12498 int res = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
12499 word32 length;
12500 word32 inOutIdx;
12501 word32 oid;
12502 byte tagFound;
12503 byte* prime = NULL;
12504 byte generator;
12505 byte* publicKey = NULL;
12506 word32 outSz;
12507 byte outHex[3];
12508 WC_DECLARE_VAR(a, mp_int, 1, 0);
12509 char line[32] = { 0 };
12510
12511 WC_ALLOC_VAR_EX(a, mp_int, 1, NULL, DYNAMIC_TYPE_BIGINT,
12512 return WOLFSSL_FAILURE);
12513
12514 if( mp_init(a) != 0) {
12515 WC_FREE_VAR_EX(a, NULL, DYNAMIC_TYPE_BIGINT);
12516 return WOLFSSL_FAILURE;
12517 }
12518
12519 inOutIdx = 0;
12520 (void)pctx;
12521
12522 if (indent < 0) {
12523 indent = 0;
12524 }
12525 if (indent > WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX) {
12526 indent = WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX;
12527 }
12528
12529 do {
12530 int primeSz;
12531 int publicKeySz;
12532 int idx;
12533 int wsz;
12534
12535 if (GetSequence(pkey, &inOutIdx, (int*)&length, (word32)pkeySz) < 0) {
12536 break;
12537 }
12538 if (GetSequence(pkey, &inOutIdx, (int*)&length, (word32)pkeySz) < 0) {
12539 break;
12540 }
12541 if (GetObjectId(pkey, &inOutIdx, &oid, oidIgnoreType, (word32)pkeySz) <
12542 0) {
12543 break;
12544 }
12545 if (GetSequence(pkey, &inOutIdx, (int*)&length, (word32)pkeySz) < 0) {
12546 break;
12547 }
12548 /* get prime element */
12549 if (GetASNTag(pkey, &inOutIdx, &tagFound, (word32)pkeySz) != 0) {
12550 break;
12551 }
12552 if (tagFound != ASN_INTEGER) {
12553 break;
12554 }
12555 if (GetLength(pkey, &inOutIdx, (int*)&length, (word32)pkeySz) <= 0) {
12556 break;
12557 }
12558 prime = (byte*)(pkey + inOutIdx);
12559 primeSz = (int)length;
12560 inOutIdx += length;
12561
12562 /* get generator element */
12563 if (GetASNTag(pkey, &inOutIdx, &tagFound, (word32)pkeySz) != 0) {
12564 break;
12565 }
12566 if (tagFound != ASN_INTEGER) {
12567 break;
12568 }
12569 if (GetLength(pkey, &inOutIdx, (int*)&length, (word32)pkeySz) <= 0) {
12570 break;
12571 }
12572 if (length != 1) {
12573 break;
12574 }
12575 generator = *(pkey + inOutIdx);
12576 inOutIdx += length;
12577
12578 /* get public-key element */
12579 if (GetASNTag(pkey, &inOutIdx, &tagFound, (word32)pkeySz) != 0) {
12580 break;
12581 }
12582 if (tagFound != ASN_BIT_STRING) {
12583 break;
12584 }
12585 if (GetLength(pkey, &inOutIdx, (int*)&length, (word32)pkeySz) <= 0) {
12586 break;
12587 }
12588 inOutIdx ++;
12589 if (GetASNTag(pkey, &inOutIdx, &tagFound, (word32)pkeySz) != 0) {
12590 break;
12591 }
12592 if (tagFound != ASN_INTEGER) {
12593 break;
12594 }
12595 if (GetLength(pkey, &inOutIdx, (int*)&length, (word32)pkeySz) <= 0) {
12596 break;
12597 }
12598 publicKeySz = (int)length;
12599 publicKey = (byte*)(pkey + inOutIdx);
12600
12601 if (bitlen == 0) {
12602 if (*publicKey == 0) {
12603 bitlen = (publicKeySz - 1) * 8;
12604 }
12605 else {
12606 bitlen = publicKeySz * 8;
12607 }
12608 }
12609
12610 /* print elements */
12611 idx = 0;
12612 Indent(out, indent);
12613 XSTRNCPY(line, "DH Public-Key: (", sizeof(line));
12614 if (wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) <= 0) {
12615 break;
12616 }
12617 if (mp_set_int(a, (unsigned long)bitlen) != 0) {
12618 break;
12619 }
12620 if (mp_todecimal(a, (char*)buff) != 0) {
12621 break;
12622 }
12623 wsz = (int)XSTRLEN((const char*)buff);
12624 if (wolfSSL_BIO_write(out, buff + idx, wsz) <= 0) {
12625 break;
12626 }
12627 XSTRNCPY(line, " bit)\n", sizeof(line));
12628 if (wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) <= 0) {
12629 break;
12630 }
12631 Indent(out, indent);
12632 XSTRNCPY(line, "public-key:\n", sizeof(line));
12633 if (wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) <= 0) {
12634 break;
12635 }
12636 if (PrintHexWithColon(out, publicKey,
12637 publicKeySz, indent + 4, 0/* upper case */)
12638 != WOLFSSL_SUCCESS) {
12639 break;
12640 }
12641 Indent(out, indent);
12642 XSTRNCPY(line, "prime:\n", sizeof(line));
12643 if (wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) <= 0) {
12644 break;
12645 }
12646 if (PrintHexWithColon(out, prime, primeSz,
12647 indent + 4, 0/* upper case */)
12648 != WOLFSSL_SUCCESS) {
12649 break;
12650 }
12651 idx = 0;
12652 XMEMSET(buff, 0, sizeof(buff));
12653 Indent(out, indent);
12654 XSTRNCPY(line, "generator: ", sizeof(line));
12655 if (wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) <= 0) {
12656 break;
12657 }
12658 if (mp_set_int(a, generator) != 0) {
12659 break;
12660 }
12661 if (mp_todecimal(a, (char*)buff) != 0) {
12662 break;
12663 }
12664 wsz = (int)XSTRLEN((const char*)buff);
12665 if (wolfSSL_BIO_write(out, buff + idx, wsz) <= 0) {
12666 break;
12667 }
12668 XSTRNCPY(line, " (0x", sizeof(line));
12669 if (wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) <= 0) {
12670 break;
12671 }
12672 idx = 0;
12673 XMEMSET(buff, 0, sizeof(buff));
12674 outSz = sizeof(outHex);
12675 if (Base16_Encode((const byte*)&generator, 1, outHex, &outSz ) != 0) {
12676 break;
12677 }
12678 if (idx + 2 < (int)sizeof(buff) ) {
12679 XMEMCPY(buff + idx, outHex, 2);
12680 idx += 2;
12681 }
12682 if (wolfSSL_BIO_write(out, buff, idx) <= 0 ) {
12683 break;
12684 }
12685 XSTRNCPY(line, ")\n", sizeof(line));
12686 if (wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) <= 0) {
12687 break;
12688 }
12689
12690 res = WOLFSSL_SUCCESS;
12691 } while (0);
12692
12693 mp_free(a);
12694 WC_FREE_VAR_EX(a, NULL, DYNAMIC_TYPE_BIGINT);
12695 return res;
12696}
12697#endif /* WOLFSSL_DH_EXTRA */
12698
12699/* wolfSSL_EVP_PKEY_print_public parses the specified key then
12700 * outputs public key info in human readable format to the specified BIO.
12701 * White spaces of the same number which 'indent" gives, will be added to
12702 * each line to output and ignores pctx parameter.
12703 * Parameters:
12704 * out bio to output dump data
12705 * pkey buffer holding public key data
12706 * indent the number of spaces for indent
12707 * pctx context(not used)
12708 * Returns 1 on success, 0 or negative on error, -2 means specified key
12709 * algo is not supported.
12710 * Can handle RSA, ECC, DSA and DH public keys.
12711 */
12712int wolfSSL_EVP_PKEY_print_public(WOLFSSL_BIO* out,
12713 const WOLFSSL_EVP_PKEY* pkey, int indent, WOLFSSL_ASN1_PCTX* pctx)
12714{
12715 int res;
12716#if !defined(NO_RSA) || defined(HAVE_ECC) || !defined(NO_DSA) || \
12717 defined(WOLFSSL_DH_EXTRA)
12718 int keybits; /* bit length of the key */
12719#endif
12720
12721 WOLFSSL_ENTER("wolfSSL_EVP_PKEY_print_public");
12722
12723 if (pkey == NULL || out == NULL) {
12724 return 0;
12725 }
12726#if !defined(NO_RSA) || defined(HAVE_ECC) || !defined(NO_DSA) || \
12727 defined(WOLFSSL_DH_EXTRA)
12728 if (indent < 0) {
12729 indent = 0;
12730 }
12731 if (indent > WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX) {
12732 indent = WOLFSSL_EVP_PKEY_PRINT_INDENT_MAX;
12733 }
12734#endif
12735
12736 switch (pkey->type) {
12737 case WC_EVP_PKEY_RSA:
12738
12739#if !defined(NO_RSA)
12740 keybits = wolfSSL_EVP_PKEY_bits((WOLFSSL_EVP_PKEY*)pkey);
12741 res = PrintPubKeyRSA(
12742 out,
12743 (byte*)(pkey->pkey.ptr), /* buffer for pkey raw data */
12744 pkey->pkey_sz, /* raw pkey size */
12745 indent, /* indent size */
12746 keybits, /* bit length of the key */
12747 pctx); /* not used */
12748#else
12749 res = WOLFSSL_UNKNOWN; /* not supported algo */
12750#endif
12751 break;
12752
12753 case WC_EVP_PKEY_EC:
12754
12755#if defined(HAVE_ECC)
12756 keybits = wolfSSL_EVP_PKEY_bits((WOLFSSL_EVP_PKEY*)pkey);
12757 res = PrintPubKeyEC(
12758 out,
12759 (byte*)(pkey->pkey.ptr), /* buffer for pkey raw data */
12760 pkey->pkey_sz, /* raw pkey size */
12761 indent, /* indent size */
12762 keybits, /* bit length of the key */
12763 pctx); /* not used */
12764#else
12765 res = WOLFSSL_UNKNOWN; /* not supported algo */
12766#endif
12767 break;
12768
12769 case WC_EVP_PKEY_DSA:
12770
12771#if !defined(NO_DSA)
12772 keybits = wolfSSL_EVP_PKEY_bits((WOLFSSL_EVP_PKEY*)pkey);
12773 res = PrintPubKeyDSA(
12774 out,
12775 (byte*)(pkey->pkey.ptr), /* buffer for pkey raw data */
12776 pkey->pkey_sz, /* raw pkey size */
12777 indent, /* indent size */
12778 keybits, /* bit length of the key */
12779 pctx); /* not used */
12780#else
12781 res = WOLFSSL_UNKNOWN; /* not supported algo */
12782#endif
12783 break;
12784
12785 case WC_EVP_PKEY_DH:
12786
12787#if defined(WOLFSSL_DH_EXTRA)
12788 keybits = wolfSSL_EVP_PKEY_bits((WOLFSSL_EVP_PKEY*)pkey);
12789 res = PrintPubKeyDH(
12790 out,
12791 (byte*)(pkey->pkey.ptr), /* buffer for pkey raw data */
12792 pkey->pkey_sz, /* raw pkey size */
12793 indent, /* indent size */
12794 keybits, /* bit length of the key */
12795 pctx); /* not used */
12796#else
12797 res = WOLFSSL_UNKNOWN; /* not supported algo */
12798#endif
12799 break;
12800
12801 default:
12802 res = WOLFSSL_UNKNOWN; /* not supported algo */
12803 break;
12804 }
12805 return res;
12806}
12807#endif /* OPENSSL_EXTRA && !NO_BIO */
12808
12809int wolfSSL_EVP_get_hashinfo(const WOLFSSL_EVP_MD* evp,
12810 int* pHash, int* pHashSz)
12811{
12812 enum wc_HashType hash = WC_HASH_TYPE_NONE;
12813 int hashSz;
12814
12815 if (XSTRLEN(evp) < 3) {
12816 /* do not try comparing strings if size is too small */
12817 return WOLFSSL_FAILURE;
12818 }
12819
12820#ifndef NO_SHA
12821 if ((XSTRCMP("SHA", evp) == 0) || (XSTRCMP(WC_SN_sha1, evp) == 0)) {
12822 hash = WC_HASH_TYPE_SHA;
12823 } else
12824#endif
12825#ifdef WOLFSSL_SHA224
12826 if (XSTRCMP(WC_SN_sha224, evp) == 0) {
12827 hash = WC_HASH_TYPE_SHA224;
12828 } else
12829#endif
12830#ifndef NO_SHA256
12831 if (XSTRCMP(WC_SN_sha256, evp) == 0) {
12832 hash = WC_HASH_TYPE_SHA256;
12833 } else
12834#endif
12835#ifdef WOLFSSL_SHA384
12836 if (XSTRCMP(WC_SN_sha384, evp) == 0) {
12837 hash = WC_HASH_TYPE_SHA384;
12838 } else
12839#endif
12840#ifdef WOLFSSL_SHA512
12841 if (XSTRCMP(WC_SN_sha512, evp) == 0) {
12842 hash = WC_HASH_TYPE_SHA512;
12843 } else
12844#ifndef WOLFSSL_NOSHA512_224
12845 if (XSTRCMP(WC_SN_sha512_224, evp) == 0) {
12846 hash = WC_HASH_TYPE_SHA512_224;
12847 } else
12848#endif
12849#ifndef WOLFSSL_NOSHA512_256
12850 if (XSTRCMP(WC_SN_sha512_256, evp) == 0) {
12851 hash = WC_HASH_TYPE_SHA512_256;
12852 } else
12853#endif
12854#endif
12855#ifdef WOLFSSL_SHA3
12856#ifndef WOLFSSL_NOSHA3_224
12857 if (XSTRCMP(WC_SN_sha3_224, evp) == 0) {
12858 hash = WC_HASH_TYPE_SHA3_224;
12859 } else
12860#endif
12861#ifndef WOLFSSL_NOSHA3_256
12862 if (XSTRCMP(WC_SN_sha3_256, evp) == 0) {
12863 hash = WC_HASH_TYPE_SHA3_256;
12864 } else
12865#endif
12866#ifndef WOLFSSL_NOSHA3_384
12867 if (XSTRCMP(WC_SN_sha3_384, evp) == 0) {
12868 hash = WC_HASH_TYPE_SHA3_384;
12869 } else
12870#endif
12871#ifndef WOLFSSL_NOSHA3_512
12872 if (XSTRCMP(WC_SN_sha3_512, evp) == 0) {
12873 hash = WC_HASH_TYPE_SHA3_512;
12874 } else
12875#endif
12876#endif /* WOLFSSL_SHA3 */
12877#ifdef WOLFSSL_SM3
12878 if (XSTRCMP(WC_SN_sm3, evp) == 0) {
12879 hash = WC_HASH_TYPE_SM3;
12880 } else
12881#endif
12882#ifdef WOLFSSL_MD2
12883 if (XSTRCMP("MD2", evp) == 0) {
12884 hash = WC_HASH_TYPE_MD2;
12885 } else
12886#endif
12887#ifndef NO_MD4
12888 if (XSTRCMP(WC_SN_md4, evp) == 0) {
12889 hash = WC_HASH_TYPE_MD4;
12890 } else
12891#endif
12892#ifndef NO_MD5
12893 if (XSTRCMP(WC_SN_md5, evp) == 0) {
12894 hash = WC_HASH_TYPE_MD5;
12895 } else
12896#endif
12897 {
12898 if (XSTRNCMP("SHA", evp, 3) == 0) {
12899 WOLFSSL_MSG("Unknown SHA hash");
12900 }
12901 return WOLFSSL_FAILURE;
12902 }
12903
12904 if (pHash)
12905 *pHash = hash;
12906
12907 hashSz = wc_HashGetDigestSize(hash);
12908 if (pHashSz)
12909 *pHashSz = hashSz;
12910
12911 if (hashSz < 0) {
12912 return WOLFSSL_FAILURE;
12913 }
12914
12915 return WOLFSSL_SUCCESS;
12916}
12917
12918/* Base64 encoding APIs */
12919#if defined(WOLFSSL_BASE64_ENCODE) || defined(WOLFSSL_BASE64_DECODE)
12920
12921/* wolfSSL_EVP_ENCODE_CTX_new allocates WOLFSSL_EVP_ENCODE_CTX
12922 * Returns WOLFSSL_EVP_ENCODE_CTX structure on success, NULL on failure.
12923 */
12924struct WOLFSSL_EVP_ENCODE_CTX* wolfSSL_EVP_ENCODE_CTX_new(void)
12925{
12926 WOLFSSL_EVP_ENCODE_CTX* ctx = NULL;
12927 WOLFSSL_ENTER("wolfSSL_EVP_ENCODE_CTX_new");
12928 ctx = (WOLFSSL_EVP_ENCODE_CTX*)XMALLOC(sizeof(WOLFSSL_EVP_ENCODE_CTX),
12929 NULL, DYNAMIC_TYPE_OPENSSL );
12930
12931 if (ctx != NULL) {
12932 XMEMSET(ctx, 0, sizeof(WOLFSSL_EVP_ENCODE_CTX) );
12933 ctx->heap = NULL;
12934 return ctx;
12935 }
12936 return NULL;
12937}
12938/* wolfSSL_EVP_ENCODE_CTX_free frees specified WOLFSSL_EVP_ENCODE_CTX struct.
12939 */
12940void wolfSSL_EVP_ENCODE_CTX_free(WOLFSSL_EVP_ENCODE_CTX* ctx)
12941{
12942 WOLFSSL_ENTER("wolfSSL_EVP_ENCODE_CTX_free");
12943 if (ctx != NULL) {
12944 XFREE(ctx, ctx->heap, DYNAMIC_TYPE_OPENSSL);
12945 }
12946}
12947#endif /* WOLFSSL_BASE64_ENCODE || WOLFSSL_BASE64_DECODE */
12948#if defined(WOLFSSL_BASE64_ENCODE)
12949
12950/* Assume that out has enough space */
12951int wolfSSL_EVP_EncodeBlock(unsigned char *out, const unsigned char *in,
12952 int inLen)
12953{
12954 word32 ret = (word32)-1;
12955 WOLFSSL_ENTER("wolfSSL_EVP_EncodeBlock");
12956
12957 if (out == NULL || in == NULL)
12958 return WOLFSSL_FATAL_ERROR;
12959
12960 if (inLen < 0)
12961 return WOLFSSL_FATAL_ERROR;
12962
12963 if (Base64_Encode_NoNl(in, (word32)inLen, out, &ret) == 0)
12964 return (int)ret;
12965 else
12966 return WOLFSSL_FATAL_ERROR;
12967}
12968
12969/* Assume that out has enough space */
12970int wolfSSL_EVP_DecodeBlock(unsigned char *out, const unsigned char *in,
12971 int inLen)
12972{
12973 word32 ret = (word32)-1;
12974 WOLFSSL_ENTER("wolfSSL_EVP_DecodeBlock");
12975
12976 if (out == NULL || in == NULL)
12977 return WOLFSSL_FATAL_ERROR;
12978
12979 if (inLen < 0)
12980 return WOLFSSL_FATAL_ERROR;
12981
12982 if (Base64_Decode(in, (word32)inLen, out, &ret) == 0)
12983 return (int)ret;
12984 else
12985 return WOLFSSL_FATAL_ERROR;
12986
12987}
12988
12989/* wolfSSL_EVP_EncodeInit initializes specified WOLFSSL_EVP_ENCODE_CTX object
12990 * for the subsequent wolfSSL_EVP_EncodeUpdate.
12991 */
12992void wolfSSL_EVP_EncodeInit(WOLFSSL_EVP_ENCODE_CTX* ctx)
12993{
12994 WOLFSSL_ENTER("wolfSSL_EVP_EncodeInit");
12995
12996 /* clean up ctx */
12997 if (ctx != NULL) {
12998 ctx->remaining = 0;
12999 XMEMSET(ctx->data, 0, sizeof(ctx->data));
13000 }
13001}
13002/* wolfSSL_EVP_EncodeUpdate encodes the input data in 48-byte units
13003 * and outputs it to out. If less than 48 bytes of data remain, save it in
13004 * ctx. The data given in the subsequent wolfSSL_EVP_EncodeUpdate
13005 * is combined with the data stored in CTX and used for encoding.
13006 * Returns 1 on success, 0 on error.
13007 */
13008int wolfSSL_EVP_EncodeUpdate(WOLFSSL_EVP_ENCODE_CTX* ctx,
13009 unsigned char* out, int* outl, const unsigned char* in, int inl)
13010{
13011 int res;
13012 word32 outsz = 0;
13013
13014 WOLFSSL_ENTER("wolfSSL_EVP_EncodeUpdate");
13015
13016 if (ctx == NULL || out == NULL || in == NULL || outl == NULL)
13017 return 0;
13018
13019 *outl = 0;
13020
13021 /* if the remaining data exists in the ctx, add input data to them
13022 * to create a block(48bytes) for encoding
13023 */
13024 if (ctx->remaining > 0 && inl > 0) {
13025 int cpysz = (int)min(
13026 (word32)(BASE64_ENCODE_BLOCK_SIZE - ctx->remaining), (word32)inl);
13027 XMEMCPY(ctx->data + ctx->remaining, in, (size_t)cpysz);
13028 ctx->remaining += cpysz;
13029 in += cpysz;
13030 inl -= cpysz;
13031
13032 /* check if a block for encoding exists in ctx.data, if so encode it */
13033 if (ctx->remaining >= BASE64_ENCODE_BLOCK_SIZE) {
13034 /* Base64_Encode asks the out buff size via the 4th param*/
13035 outsz = BASE64_ENCODE_RESULT_BLOCK_SIZE + 1;
13036 res = Base64_Encode(ctx->data, BASE64_ENCODE_BLOCK_SIZE, out,
13037 &outsz);
13038 if (res == 0) {
13039 ctx->remaining = 0;
13040 *outl = (int)outsz;
13041 }
13042 else
13043 return 0; /* return with error */
13044 }
13045 else {
13046 /* could not create a block */
13047 *outl = 0;
13048 return 1;
13049 }
13050 }
13051 /* Here, there is no data left in ctx, so try processing the data of
13052 * the specified input data.
13053 */
13054
13055 while (inl >= BASE64_ENCODE_BLOCK_SIZE) {
13056 outsz = BASE64_ENCODE_RESULT_BLOCK_SIZE + 1;/* 64 byte and one for LF*/
13057 res = Base64_Encode(in, BASE64_ENCODE_BLOCK_SIZE,out,&outsz);
13058 if (res == 0) {
13059 in += BASE64_ENCODE_BLOCK_SIZE;
13060 inl -= BASE64_ENCODE_BLOCK_SIZE;
13061 out += outsz;
13062 *outl += (int)outsz;
13063 }
13064 else {
13065 *outl = 0;
13066 return 0;
13067 }
13068 }
13069
13070 /* if remaining data exists, copy them into ctx for the next call*/
13071 if (inl > 0) {
13072 XMEMSET(ctx->data, 0, sizeof(ctx->data));
13073 XMEMCPY(ctx->data, in, (size_t)inl);
13074 ctx->remaining = inl;
13075 }
13076
13077 return 1; /* returns 1 on success, 0 on error */
13078}
13079/* wolfSSL_EVP_EncodeFinal encodes data in ctx and outputs to out.
13080 */
13081void wolfSSL_EVP_EncodeFinal(WOLFSSL_EVP_ENCODE_CTX* ctx,
13082 unsigned char* out, int* outl)
13083{
13084 word32 outsz = 0;
13085 int res;
13086
13087 WOLFSSL_ENTER("wolfSSL_EVP_EncodeFinal");
13088
13089 if (outl == NULL)
13090 return;
13091
13092 if (ctx == NULL || out == NULL) {
13093 *outl = 0;
13094 return;
13095 }
13096 if (ctx->remaining >= BASE64_ENCODE_RESULT_BLOCK_SIZE) {
13097 *outl = 0;
13098 return;
13099 }
13100 /* process remaining data in ctx */
13101 outsz = BASE64_ENCODE_RESULT_BLOCK_SIZE + 1; /* 64 byte and one for LF*/
13102 res = Base64_Encode(ctx->data, (word32)ctx->remaining, out, &outsz);
13103 if (res == 0)
13104 *outl = (int)outsz;
13105 else
13106 *outl = 0;
13107
13108 ctx->remaining = 0;
13109 XMEMSET(ctx->data, 0, sizeof(ctx->data));
13110
13111 return;
13112}
13113#endif /* WOLFSSL_BASE64_ENCODE */
13114#if defined(WOLFSSL_BASE64_DECODE)
13115
13116/* wolfSSL_EVP_DecodeInit initializes specified WOLFSSL_EVP_ENCODE_CTX struct
13117 * for subsequent wolfSSL_EVP_DecodeUpdate.
13118 */
13119void wolfSSL_EVP_DecodeInit(WOLFSSL_EVP_ENCODE_CTX* ctx)
13120{
13121 WOLFSSL_ENTER("wolfSSL_EVP_DecodeInit");
13122 /* clean up ctx */
13123 if (ctx != NULL) {
13124 ctx->remaining = 0;
13125 XMEMSET(ctx->data, 0, sizeof(ctx->data));
13126 }
13127}
13128/* wolfSSL_EVP_DecodeUpdate encodes the input data in 4-byte units
13129 * and outputs it to out. If less than 4 bytes of data remain, save it in
13130 * ctx. The data given in the subsequent wolfSSL_EVP_DecodeUpdate
13131 * is combined with the data stored in CTX and used for decoding.
13132 * Returns 1 or 0 on success, -1 on error. Return value 0 indicates that
13133 * clients should call wolfSSL_EVP_DecodeFinal as next call.
13134 */
13135int wolfSSL_EVP_DecodeUpdate(WOLFSSL_EVP_ENCODE_CTX* ctx,
13136 unsigned char* out, int* outl, const unsigned char* in, int inl)
13137{
13138 word32 outsz = 0;
13139 word32 j = 0;
13140 word32 inLen;
13141 int res;
13142 int pad = 0;
13143 int i;
13144 unsigned char c;
13145 int pad3 = 0;
13146 int pad4 = 0;
13147 byte e[4];
13148
13149 WOLFSSL_ENTER("wolfSSL_EVP_DecodeUpdate");
13150
13151 if (outl == NULL)
13152 return -1;
13153
13154 if (ctx == NULL || out == NULL || in == NULL) {
13155 *outl = 0;
13156 return -1;
13157 }
13158
13159 if (inl == 0) {
13160 *outl = 0;
13161 return 1;
13162 }
13163
13164 inLen = (word32)inl;
13165 *outl = 0;
13166
13167 /* if the remaining data exist in the ctx, add input data to them to create
13168 a block(4bytes) for decoding*/
13169 if (ctx->remaining > 0 && inl > 0) {
13170
13171 int cpySz = (int)min(
13172 (word32)(BASE64_DECODE_BLOCK_SIZE - ctx->remaining), (word32)inl);
13173
13174 for ( i = 0; cpySz > 0 && inLen > 0; i++) {
13175 if (Base64_SkipNewline(in, &inLen, &j) == WC_NO_ERR_TRACE(ASN_INPUT_E)) {
13176 return -1; /* detected an illegal char in input */
13177 }
13178 c = in[j++];
13179
13180 if (c == '=')
13181 pad = 1;
13182
13183 *(ctx->data + ctx->remaining + i) = c;
13184 inLen--;
13185 cpySz--;
13186 }
13187
13188 outsz = sizeof(ctx->data);
13189 res = Base64_Decode( ctx->data, BASE64_DECODE_BLOCK_SIZE, out, &outsz);
13190 if (res == 0) {
13191 *outl += (int)outsz;
13192 out += outsz;
13193
13194 ctx->remaining = 0;
13195 XMEMSET(ctx->data, 0, sizeof(ctx->data));
13196 }
13197 else {
13198 *outl = 0;
13199 return -1; /* return with error */
13200 }
13201 }
13202
13203 /* Base64_Decode is not a streaming process, so it processes
13204 * the input data and exits. If a line break or whitespace
13205 * character is found in the input data, it will be skipped,
13206 * but if the end point of the input data is reached as a result,
13207 * Base64_Decode will stop processing there. The data cleansing is
13208 * required before Base64_Decode so that the processing does not
13209 * stop within 4 bytes, which is the unit of Base64 decoding processing.
13210 * The logic that exists before calling Base64_Decode in a While Loop is
13211 * a data cleansing process that removes line breaks and whitespace.
13212 */
13213 while (inLen > 3) {
13214 if ((res = Base64_SkipNewline(in, &inLen, &j)) != 0) {
13215 if (res == WC_NO_ERR_TRACE(BUFFER_E)) {
13216 break;
13217 }
13218 else {
13219 *outl = 0;
13220 return -1;
13221 }
13222 }
13223 e[0] = in[j++];
13224 if (e[0] == '\0') {
13225 break;
13226 }
13227 inLen--;
13228 if ((res = Base64_SkipNewline(in, &inLen, &j)) != 0) {
13229 if (res == WC_NO_ERR_TRACE(BUFFER_E)) {
13230 break;
13231 }
13232 else {
13233 *outl = 0;
13234 return -1;
13235 }
13236 }
13237 e[1] = in[j++];
13238 inLen--;
13239 if ((res = Base64_SkipNewline(in, &inLen, &j)) != 0) {
13240 if (res == WC_NO_ERR_TRACE(BUFFER_E)) {
13241 break;
13242 }
13243 else {
13244 *outl = 0;
13245 return -1;
13246 }
13247 }
13248 e[2] = in[j++];
13249 inLen--;
13250 if ((res = Base64_SkipNewline(in, &inLen, &j)) != 0) {
13251 if (res == WC_NO_ERR_TRACE(BUFFER_E)) {
13252 break;
13253 }
13254 else {
13255 *outl = 0;
13256 return -1;
13257 }
13258 }
13259 e[3] = in[j++];
13260 inLen--;
13261
13262 if (e[0] == '=')
13263 pad = 1;
13264 if (e[1] == '=')
13265 pad = 1;
13266 if (e[2] == '=') {
13267 pad = 1;
13268 pad3 = 1;
13269 }
13270 if (e[3] == '=') {
13271 pad = 1;
13272 pad4 = 1;
13273 }
13274 if (pad3 && !pad4) {
13275 *outl = 0;
13276 return -1;
13277 }
13278
13279 /* decode four bytes */
13280 outsz = sizeof(ctx->data);
13281 res = Base64_Decode( e, BASE64_DECODE_BLOCK_SIZE, out, &outsz);
13282 if (res < 0) {
13283 *outl = 0;
13284 return -1;
13285 }
13286
13287 *outl += (int)outsz;
13288 out += outsz;
13289 }
13290 /* copy left data to ctx */
13291 if (inLen > 0) {
13292
13293 XMEMSET(ctx->data, 0, sizeof(ctx->data));
13294
13295 i = 0;
13296 while (inLen > 0) {
13297 c = in[j++];
13298 if (c== '\n' || c == '\r' || c == ' ') {
13299 inLen--;
13300 continue;
13301 }
13302 if (c == '=') {
13303 pad = 1;
13304 }
13305 ctx->data[i++] = c;
13306 ctx->remaining++;
13307 inLen--;
13308 }
13309
13310 if (pad)
13311 return 0; /* indicates that clients should call DecodeFinal */
13312 else
13313 return 1;
13314
13315 }
13316 /* If the last data is '\n', remove it */
13317 if (j > 0) {
13318 c = in[j - 1];
13319 if (c == '\n' && (j > 1)) {
13320 c = (in[j - 2]);
13321 if (c == '=')
13322 return 0;
13323 else
13324 return 1;
13325 } else if (c == '\n') {
13326 return 1;
13327 }
13328 if (c == '=')
13329 return 0;
13330 else
13331 return 1;
13332 }
13333
13334 /* j == 0 */
13335 return 1;
13336}
13337/* wolfSSL_EVP_DecodeFinal decode remaining data in ctx
13338 * to outputs to out.
13339 * Returns 1 on success, -1 on failure.
13340 */
13341int wolfSSL_EVP_DecodeFinal(WOLFSSL_EVP_ENCODE_CTX* ctx,
13342 unsigned char* out, int* outl)
13343{
13344 word32 outsz = 0;
13345 word32 inLen;
13346 word32 j = 0;
13347
13348 WOLFSSL_ENTER("wolfSSL_EVP_DecodeFinal");
13349
13350 if (outl == NULL)
13351 return -1;
13352
13353 if (ctx == NULL || out == NULL ) {
13354 *outl = 0;
13355 return -1;
13356 }
13357
13358 if (ctx->remaining > 0) {
13359 int res;
13360
13361 inLen = (word32)ctx->remaining;
13362 if ((res = Base64_SkipNewline(ctx->data, &inLen, &j)) != 0) {
13363 *outl = 0;
13364 if (res == WC_NO_ERR_TRACE(BUFFER_E)) {
13365 /* means no valid data to decode in buffer */
13366 return 1; /* returns as success with no output */
13367 }
13368 else
13369 return -1;
13370 }
13371
13372
13373 outsz = (word32)ctx->remaining;
13374 res = Base64_Decode(ctx->data, (word32)ctx->remaining, out, &outsz);
13375 if (res == 0) {
13376 *outl = (int)outsz;
13377 return 1;
13378 }
13379 else {
13380 *outl = 0;
13381 return -1;
13382 }
13383 }
13384 else {
13385 *outl = 0;
13386 return 1;
13387 }
13388}
13389#endif /* WOLFSSL_BASE64_DECODE */
13390
13391#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
13392
13393#endif /* WOLFSSL_EVP_INCLUDED */