diff --git a/src/ssl.c b/src/ssl.c index 69d34055b..200471912 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -2430,7 +2430,9 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, #else char password[80]; byte key[AES_256_KEY_SIZE]; + #ifndef NO_MD5 byte iv[AES_IV_SIZE]; + #endif #endif #ifdef WOLFSSL_SMALL_STACK @@ -2460,10 +2462,12 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, != 0) { ret = ASN_INPUT_E; } +#ifndef NO_MD5 else if ((ret = EVP_BytesToKey(info->name, "MD5", info->iv, (byte*)password, passwordSz, 1, key, iv)) <= 0) { /* empty */ } +#endif #ifndef NO_DES3 else if (XSTRNCMP(info->name, "DES-CBC", 7) == 0) { ret = wc_Des_CbcDecryptWithKey(der.buffer, der.buffer, der.length, @@ -7031,6 +7035,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl) return 0; } +#ifndef NO_MD5 + int wolfSSL_EVP_BytesToKey(const WOLFSSL_EVP_CIPHER* type, const WOLFSSL_EVP_MD* md, const byte* salt, const byte* data, int sz, int count, byte* key, byte* iv) @@ -7133,6 +7139,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl) return keyOutput == (keyLen + ivLen) ? keyOutput : 0; } +#endif /* NO_MD5 */ + #endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */ @@ -7152,6 +7160,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) } +#ifndef NO_MD5 void wolfSSL_MD5_Init(WOLFSSL_MD5_CTX* md5) { typedef char md5_test[sizeof(MD5_CTX) >= sizeof(Md5) ? 1 : -1]; @@ -7175,6 +7184,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) WOLFSSL_ENTER("MD5_Final"); wc_Md5Final((Md5*)md5, input); } +#endif /* NO_MD5 */ void wolfSSL_SHA_Init(WOLFSSL_SHA_CTX* sha) @@ -7313,6 +7323,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl) #endif /* WOLFSSL_SHA512 */ + #ifndef NO_MD5 + const WOLFSSL_EVP_MD* wolfSSL_EVP_md5(void) { static const char* type = "MD5"; @@ -7320,6 +7332,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl) return type; } + #endif /* NO_MD5 */ + const WOLFSSL_EVP_MD* wolfSSL_EVP_sha1(void) { @@ -7828,7 +7842,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) case DES_EDE3_CBC_TYPE : WOLFSSL_MSG("DES EDE3 CBC"); - memcpy(ctx->iv, &ctx->cipher.des.reg, DES_BLOCK_SIZE); + memcpy(ctx->iv, &ctx->cipher.des3.reg, DES_BLOCK_SIZE); break; #endif @@ -7889,7 +7903,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) case DES_EDE3_CBC_TYPE : WOLFSSL_MSG("DES EDE3 CBC"); - memcpy(&ctx->cipher.des.reg, ctx->iv, DES_BLOCK_SIZE); + memcpy(&ctx->cipher.des3.reg, ctx->iv, DES_BLOCK_SIZE); break; #endif @@ -7914,11 +7928,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) int wolfSSL_EVP_DigestInit(WOLFSSL_EVP_MD_CTX* ctx, const WOLFSSL_EVP_MD* type) { WOLFSSL_ENTER("EVP_DigestInit"); - if (XSTRNCMP(type, "MD5", 3) == 0) { - ctx->macType = MD5; - wolfSSL_MD5_Init((MD5_CTX*)&ctx->hash); - } - else if (XSTRNCMP(type, "SHA256", 6) == 0) { + if (XSTRNCMP(type, "SHA256", 6) == 0) { ctx->macType = SHA256; wolfSSL_SHA256_Init((SHA256_CTX*)&ctx->hash); } @@ -7933,6 +7943,12 @@ int wolfSSL_set_compression(WOLFSSL* ssl) ctx->macType = SHA512; wolfSSL_SHA512_Init((SHA512_CTX*)&ctx->hash); } + #endif + #ifndef NO_MD5 + else if (XSTRNCMP(type, "MD5", 3) == 0) { + ctx->macType = MD5; + wolfSSL_MD5_Init((MD5_CTX*)&ctx->hash); + } #endif /* has to be last since would pick or 256, 384, or 512 too */ else if (XSTRNCMP(type, "SHA", 3) == 0) { @@ -7951,25 +7967,41 @@ int wolfSSL_set_compression(WOLFSSL* ssl) unsigned long sz) { WOLFSSL_ENTER("EVP_DigestUpdate"); - if (ctx->macType == MD5) - wolfSSL_MD5_Update((MD5_CTX*)&ctx->hash, data, (unsigned long)sz); - else if (ctx->macType == SHA) - wolfSSL_SHA_Update((SHA_CTX*)&ctx->hash, data, (unsigned long)sz); - else if (ctx->macType == SHA256) - wolfSSL_SHA256_Update((SHA256_CTX*)&ctx->hash, data, - (unsigned long)sz); - #ifdef WOLFSSL_SHA384 - else if (ctx->macType == SHA384) - wolfSSL_SHA384_Update((SHA384_CTX*)&ctx->hash, data, - (unsigned long)sz); - #endif - #ifdef WOLFSSL_SHA512 - else if (ctx->macType == SHA512) - wolfSSL_SHA512_Update((SHA512_CTX*)&ctx->hash, data, - (unsigned long)sz); - #endif - else - return BAD_FUNC_ARG; + + switch (ctx->macType) { +#ifndef NO_MD5 + case MD5: + wolfSSL_MD5_Update((MD5_CTX*)&ctx->hash, data, + (unsigned long)sz); + break; +#endif +#ifndef NO_SHA + case SHA: + wolfSSL_SHA_Update((SHA_CTX*)&ctx->hash, data, + (unsigned long)sz); + break; +#endif +#ifndef NO_SHA256 + case SHA256: + wolfSSL_SHA256_Update((SHA256_CTX*)&ctx->hash, data, + (unsigned long)sz); + break; +#endif +#ifdef WOLFSSL_SHA384 + case SHA384: + wolfSSL_SHA384_Update((SHA384_CTX*)&ctx->hash, data, + (unsigned long)sz); + break; +#endif +#ifdef WOLFSSL_SHA512 + case SHA512: + wolfSSL_SHA512_Update((SHA512_CTX*)&ctx->hash, data, + (unsigned long)sz); + break; +#endif + default: + return BAD_FUNC_ARG; + } return SSL_SUCCESS; } @@ -7980,32 +8012,40 @@ int wolfSSL_set_compression(WOLFSSL* ssl) unsigned int* s) { WOLFSSL_ENTER("EVP_DigestFinal"); - if (ctx->macType == MD5) { - wolfSSL_MD5_Final(md, (MD5_CTX*)&ctx->hash); - if (s) *s = MD5_DIGEST_SIZE; + switch (ctx->macType) { +#ifndef NO_MD5 + case MD5: + wolfSSL_MD5_Final(md, (MD5_CTX*)&ctx->hash); + if (s) *s = MD5_DIGEST_SIZE; + break; +#endif +#ifndef NO_SHA + case SHA: + wolfSSL_SHA_Final(md, (SHA_CTX*)&ctx->hash); + if (s) *s = SHA_DIGEST_SIZE; + break; +#endif +#ifndef NO_SHA256 + case SHA256: + wolfSSL_SHA256_Final(md, (SHA256_CTX*)&ctx->hash); + if (s) *s = SHA256_DIGEST_SIZE; + break; +#endif +#ifdef WOLFSSL_SHA384 + case SHA384: + wolfSSL_SHA384_Final(md, (SHA384_CTX*)&ctx->hash); + if (s) *s = SHA384_DIGEST_SIZE; + break; +#endif +#ifdef WOLFSSL_SHA512 + case SHA512: + wolfSSL_SHA512_Final(md, (SHA512_CTX*)&ctx->hash); + if (s) *s = SHA512_DIGEST_SIZE; + break; +#endif + default: + return BAD_FUNC_ARG; } - else if (ctx->macType == SHA) { - wolfSSL_SHA_Final(md, (SHA_CTX*)&ctx->hash); - if (s) *s = SHA_DIGEST_SIZE; - } - else if (ctx->macType == SHA256) { - wolfSSL_SHA256_Final(md, (SHA256_CTX*)&ctx->hash); - if (s) *s = SHA256_DIGEST_SIZE; - } - #ifdef WOLFSSL_SHA384 - else if (ctx->macType == SHA384) { - wolfSSL_SHA384_Final(md, (SHA384_CTX*)&ctx->hash); - if (s) *s = SHA384_DIGEST_SIZE; - } - #endif - #ifdef WOLFSSL_SHA512 - else if (ctx->macType == SHA512) { - wolfSSL_SHA512_Final(md, (SHA512_CTX*)&ctx->hash); - if (s) *s = SHA512_DIGEST_SIZE; - } - #endif - else - return BAD_FUNC_ARG; return SSL_SUCCESS; } @@ -11926,12 +11966,14 @@ const WOLFSSL_EVP_MD* wolfSSL_EVP_get_digestbynid(int id) WOLFSSL_MSG("wolfSSL_get_digestbynid"); switch(id) { +#ifndef NO_MD5 case NID_md5: return wolfSSL_EVP_md5(); - +#endif +#ifndef NO_SHA case NID_sha1: return wolfSSL_EVP_sha1(); - +#endif default: WOLFSSL_MSG("Bad digest id value"); } diff --git a/wolfcrypt/src/pwdbased.c b/wolfcrypt/src/pwdbased.c index b7dbc9988..b222774e4 100644 --- a/wolfcrypt/src/pwdbased.c +++ b/wolfcrypt/src/pwdbased.c @@ -28,19 +28,19 @@ #ifndef NO_PWDBASED #ifdef WOLFSSL_PIC32MZ_HASH + #ifndef NO_MD5 + #define wc_InitMd5 wc_InitMd5_sw + #define wc_Md5Update wc_Md5Update_sw + #define wc_Md5Final wc_Md5Final_sw + #endif /* NO_MD5 */ -#define wc_InitMd5 wc_InitMd5_sw -#define wc_Md5Update wc_Md5Update_sw -#define wc_Md5Final wc_Md5Final_sw - -#define wc_InitSha wc_InitSha_sw -#define wc_ShaUpdate wc_ShaUpdate_sw -#define wc_ShaFinal wc_ShaFinal_sw - -#define wc_InitSha256 wc_InitSha256_sw -#define wc_Sha256Update wc_Sha256Update_sw -#define wc_Sha256Final wc_Sha256Final_sw + #define wc_InitSha wc_InitSha_sw + #define wc_ShaUpdate wc_ShaUpdate_sw + #define wc_ShaFinal wc_ShaFinal_sw + #define wc_InitSha256 wc_InitSha256_sw + #define wc_Sha256Update wc_Sha256Update_sw + #define wc_Sha256Final wc_Sha256Final_sw #endif #include @@ -57,7 +57,6 @@ #include #endif - #ifndef min static INLINE word32 min(word32 a, word32 b) @@ -68,48 +67,63 @@ #endif /* min */ +/* PBKDF1 needs at least SHA available */ int wc_PBKDF1(byte* output, const byte* passwd, int pLen, const byte* salt, int sLen, int iterations, int kLen, int hashType) { - Md5 md5; Sha sha; - int hLen = (hashType == MD5) ? (int)MD5_DIGEST_SIZE : (int)SHA_DIGEST_SIZE; +#ifndef NO_MD5 + Md5 md5; +#endif + int hLen = (int)SHA_DIGEST_SIZE; int i, ret = 0; byte buffer[SHA_DIGEST_SIZE]; /* max size */ if (hashType != MD5 && hashType != SHA) return BAD_FUNC_ARG; +#ifndef NO_MD5 + if (hashType == MD5) + hLen = (int)MD5_DIGEST_SIZE; +#endif + if (kLen > hLen) return BAD_FUNC_ARG; if (iterations < 1) return BAD_FUNC_ARG; - if (hashType == MD5) { - wc_InitMd5(&md5); - wc_Md5Update(&md5, passwd, pLen); - wc_Md5Update(&md5, salt, sLen); - wc_Md5Final(&md5, buffer); - } - else { - ret = wc_InitSha(&sha); - if (ret != 0) - return ret; - wc_ShaUpdate(&sha, passwd, pLen); - wc_ShaUpdate(&sha, salt, sLen); - wc_ShaFinal(&sha, buffer); + switch (hashType) { +#ifndef NO_MD5 + case MD5: + wc_InitMd5(&md5); + wc_Md5Update(&md5, passwd, pLen); + wc_Md5Update(&md5, salt, sLen); + wc_Md5Final(&md5, buffer); + break; +#endif /* NO_MD5 */ + case SHA: + default: + ret = wc_InitSha(&sha); + if (ret != 0) + return ret; + wc_ShaUpdate(&sha, passwd, pLen); + wc_ShaUpdate(&sha, salt, sLen); + wc_ShaFinal(&sha, buffer); + break; } for (i = 1; i < iterations; i++) { - if (hashType == MD5) { - wc_Md5Update(&md5, buffer, hLen); - wc_Md5Final(&md5, buffer); - } - else { + if (hashType == SHA) { wc_ShaUpdate(&sha, buffer, hLen); wc_ShaFinal(&sha, buffer); } +#ifndef NO_MD5 + else { + wc_Md5Update(&md5, buffer, hLen); + wc_Md5Final(&md5, buffer); + } +#endif } XMEMCPY(output, buffer, kLen); @@ -117,6 +131,37 @@ int wc_PBKDF1(byte* output, const byte* passwd, int pLen, const byte* salt, } +int GetDigestSize(int hashType) +{ + int hLen; + + switch (hashType) { +#ifndef NO_MD5 + case MD5: + hLen = MD5_DIGEST_SIZE; + break; +#endif + case SHA: + hLen = SHA_DIGEST_SIZE; + break; +#ifndef NO_SHA256 + case SHA256: + hLen = SHA256_DIGEST_SIZE; + break; +#endif +#ifdef WOLFSSL_SHA512 + case SHA512: + hLen = SHA512_DIGEST_SIZE; + break; +#endif + default: + return BAD_FUNC_ARG; + } + + return hLen; +} + + int wc_PBKDF2(byte* output, const byte* passwd, int pLen, const byte* salt, int sLen, int iterations, int kLen, int hashType) { @@ -130,23 +175,8 @@ int wc_PBKDF2(byte* output, const byte* passwd, int pLen, const byte* salt, byte buffer[MAX_DIGEST_SIZE]; #endif - if (hashType == MD5) { - hLen = MD5_DIGEST_SIZE; - } - else if (hashType == SHA) { - hLen = SHA_DIGEST_SIZE; - } -#ifndef NO_SHA256 - else if (hashType == SHA256) { - hLen = SHA256_DIGEST_SIZE; - } -#endif -#ifdef WOLFSSL_SHA512 - else if (hashType == SHA512) { - hLen = SHA512_DIGEST_SIZE; - } -#endif - else + hLen = GetDigestSize(hashType); + if (hLen < 0) return BAD_FUNC_ARG; #ifdef WOLFSSL_SMALL_STACK @@ -213,13 +243,155 @@ int wc_PBKDF2(byte* output, const byte* passwd, int pLen, const byte* salt, } #ifdef WOLFSSL_SHA512 -#define PBKDF_DIGEST_SIZE SHA512_BLOCK_SIZE + #define PBKDF_DIGEST_SIZE SHA512_BLOCK_SIZE #elif !defined(NO_SHA256) -#define PBKDF_DIGEST_SIZE SHA256_BLOCK_SIZE + #define PBKDF_DIGEST_SIZE SHA256_BLOCK_SIZE #else -#define PBKDF_DIGEST_SIZE SHA_DIGEST_SIZE + #define PBKDF_DIGEST_SIZE SHA_DIGEST_SIZE #endif +/* helper for wc_PKCS12_PBKDF(), sets block and digest sizes */ +int GetPKCS12HashSizes(int hashType, word32* v, word32* u) +{ + if (!v || !u) + return BAD_FUNC_ARG; + + switch (hashType) { +#ifndef NO_MD5 + case MD5: + *v = MD5_BLOCK_SIZE; + *u = MD5_DIGEST_SIZE; + break; +#endif + case SHA: + *v = SHA_BLOCK_SIZE; + *u = SHA_DIGEST_SIZE; + break; +#ifndef NO_SHA256 + case SHA256: + *v = SHA256_BLOCK_SIZE; + *u = SHA256_DIGEST_SIZE; + break; +#endif +#ifdef WOLFSSL_SHA512 + case SHA512: + *v = SHA512_BLOCK_SIZE; + *u = SHA512_DIGEST_SIZE; + break; +#endif + default: + return BAD_FUNC_ARG; + } + + return 0; +} + +/* helper for PKCS12_PBKDF(), does hash operation */ +int DoPKCS12Hash(int hashType, byte* buffer, word32 totalLen, + byte* Ai, word32 u, int iterations) +{ + int i; + int ret = 0; + + if (buffer == NULL || Ai == NULL) + return BAD_FUNC_ARG; + + switch (hashType) { +#ifndef NO_MD5 + case MD5: + { + Md5 md5; + wc_InitMd5(&md5); + wc_Md5Update(&md5, buffer, totalLen); + wc_Md5Final(&md5, Ai); + + for (i = 1; i < iterations; i++) { + wc_Md5Update(&md5, Ai, u); + wc_Md5Final(&md5, Ai); + } + } + break; +#endif /* NO_MD5 */ + case SHA: + { + Sha sha; + ret = wc_InitSha(&sha); + if (ret != 0) + break; + wc_ShaUpdate(&sha, buffer, totalLen); + wc_ShaFinal(&sha, Ai); + + for (i = 1; i < iterations; i++) { + wc_ShaUpdate(&sha, Ai, u); + wc_ShaFinal(&sha, Ai); + } + } + break; +#ifndef NO_SHA256 + case SHA256: + { + Sha256 sha256; + ret = wc_InitSha256(&sha256); + if (ret != 0) + break; + + ret = wc_Sha256Update(&sha256, buffer, totalLen); + if (ret != 0) + break; + + ret = wc_Sha256Final(&sha256, Ai); + if (ret != 0) + break; + + for (i = 1; i < iterations; i++) { + ret = wc_Sha256Update(&sha256, Ai, u); + if (ret != 0) + break; + + ret = wc_Sha256Final(&sha256, Ai); + if (ret != 0) + break; + } + } + break; +#endif /* NO_SHA256 */ +#ifdef WOLFSSL_SHA512 + case SHA512: + { + Sha512 sha512; + ret = wc_InitSha512(&sha512); + if (ret != 0) + break; + + ret = wc_Sha512Update(&sha512, buffer, totalLen); + if (ret != 0) + break; + + ret = wc_Sha512Final(&sha512, Ai); + if (ret != 0) + break; + + for (i = 1; i < iterations; i++) { + ret = wc_Sha512Update(&sha512, Ai, u); + if (ret != 0) + break; + + ret = wc_Sha512Final(&sha512, Ai); + if (ret != 0) + break; + } + } + break; +#endif /* WOLFSSL_SHA512 */ + + default: + ret = BAD_FUNC_ARG; + break; + } + + return ret; +} + int wc_PKCS12_PBKDF(byte* output, const byte* passwd, int passLen,const byte* salt, int saltLen, int iterations, int kLen, int hashType, int id) { @@ -247,27 +419,8 @@ int wc_PKCS12_PBKDF(byte* output, const byte* passwd, int passLen,const byte* sa if (!iterations) iterations = 1; - if (hashType == MD5) { - v = MD5_BLOCK_SIZE; - u = MD5_DIGEST_SIZE; - } - else if (hashType == SHA) { - v = SHA_BLOCK_SIZE; - u = SHA_DIGEST_SIZE; - } -#ifndef NO_SHA256 - else if (hashType == SHA256) { - v = SHA256_BLOCK_SIZE; - u = SHA256_DIGEST_SIZE; - } -#endif -#ifdef WOLFSSL_SHA512 - else if (hashType == SHA512) { - v = SHA512_BLOCK_SIZE; - u = SHA512_DIGEST_SIZE; - } -#endif - else + ret = GetPKCS12HashSizes(hashType, &v, &u); + if (ret < 0) return BAD_FUNC_ARG; #ifdef WOLFSSL_SMALL_STACK @@ -282,6 +435,9 @@ int wc_PKCS12_PBKDF(byte* output, const byte* passwd, int passLen,const byte* sa } #endif + XMEMSET(Ai, 0, PBKDF_DIGEST_SIZE); + XMEMSET(B, 0, PBKDF_DIGEST_SIZE); + dLen = v; sLen = v * ((saltLen + v - 1) / v); if (passLen) @@ -302,7 +458,7 @@ int wc_PKCS12_PBKDF(byte* output, const byte* passwd, int passLen,const byte* sa return MEMORY_E; } dynamic = 1; - } + } D = buffer; S = D + dLen; @@ -320,86 +476,9 @@ int wc_PKCS12_PBKDF(byte* output, const byte* passwd, int passLen,const byte* sa word32 currentLen; mp_int B1; - if (hashType == MD5) { - Md5 md5; - - wc_InitMd5(&md5); - wc_Md5Update(&md5, buffer, totalLen); - wc_Md5Final(&md5, Ai); - - for (i = 1; i < iterations; i++) { - wc_Md5Update(&md5, Ai, u); - wc_Md5Final(&md5, Ai); - } - } - else if (hashType == SHA) { - Sha sha; - - ret = wc_InitSha(&sha); - if (ret != 0) - break; - wc_ShaUpdate(&sha, buffer, totalLen); - wc_ShaFinal(&sha, Ai); - - for (i = 1; i < iterations; i++) { - wc_ShaUpdate(&sha, Ai, u); - wc_ShaFinal(&sha, Ai); - } - } -#ifndef NO_SHA256 - else if (hashType == SHA256) { - Sha256 sha256; - - ret = wc_InitSha256(&sha256); - if (ret != 0) - break; - - ret = wc_Sha256Update(&sha256, buffer, totalLen); - if (ret != 0) - break; - - ret = wc_Sha256Final(&sha256, Ai); - if (ret != 0) - break; - - for (i = 1; i < iterations; i++) { - ret = wc_Sha256Update(&sha256, Ai, u); - if (ret != 0) - break; - - ret = wc_Sha256Final(&sha256, Ai); - if (ret != 0) - break; - } - } -#endif -#ifdef WOLFSSL_SHA512 - else if (hashType == SHA512) { - Sha512 sha512; - - ret = wc_InitSha512(&sha512); - if (ret != 0) - break; - - ret = wc_Sha512Update(&sha512, buffer, totalLen); - if (ret != 0) - break; - - ret = wc_Sha512Final(&sha512, Ai); - if (ret != 0) - break; - - for (i = 1; i < iterations; i++) { - ret = wc_Sha512Update(&sha512, Ai, u); - if (ret != 0) - break; - - ret = wc_Sha512Final(&sha512, Ai); - if (ret != 0) - break; - } - } -#endif + ret = DoPKCS12Hash(hashType, buffer, totalLen, Ai, u, iterations); + if (ret < 0) + break; for (i = 0; i < (int)v; i++) B[i] = Ai[i % u]; diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 0eb9468f4..2b5adbeb9 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -4393,9 +4393,13 @@ int openssl_test(void) testVector a, b, c, d, e, f; byte hash[SHA_DIGEST_SIZE*4]; /* max size */ + (void)a; + (void)c; (void)e; (void)f; +#ifndef NO_MD5 + a.input = "1234567890123456789012345678901234567890123456789012345678" "9012345678901234567890"; a.output = "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55\xac\x49\xda\x2e\x21\x07\xb6" @@ -4412,6 +4416,8 @@ int openssl_test(void) if (memcmp(hash, a.output, MD5_DIGEST_SIZE) != 0) return -71; +#endif /* NO_MD5 */ + b.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" "aaaaaaaaaa"; @@ -4493,6 +4499,7 @@ int openssl_test(void) #endif /* WOLFSSL_SHA512 */ +#ifndef NO_MD5 if (RAND_bytes(hash, sizeof(hash)) != 1) return -73; @@ -4507,6 +4514,8 @@ int openssl_test(void) if (memcmp(hash, c.output, MD5_DIGEST_SIZE) != 0) return -74; +#endif /* NO_MD5 */ + #ifndef NO_DES3 { /* des test */ const byte vector[] = { /* "now is the time for all " w/o trailing 0 */ diff --git a/wolfssl/openssl/evp.h b/wolfssl/openssl/evp.h index f6071ba7d..ded0b2f62 100644 --- a/wolfssl/openssl/evp.h +++ b/wolfssl/openssl/evp.h @@ -34,7 +34,9 @@ #include "prefix_evp.h" #endif -#include +#ifndef NO_MD5 + #include +#endif #include #include #include @@ -52,7 +54,9 @@ typedef char WOLFSSL_EVP_MD; typedef char WOLFSSL_EVP_CIPHER; -WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_md5(void); +#ifndef NO_MD5 + WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_md5(void); +#endif WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_sha1(void); WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_sha256(void); WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_sha384(void); @@ -72,7 +76,9 @@ WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_enc_null(void); typedef union { - WOLFSSL_MD5_CTX md5; + #ifndef NO_MD5 + WOLFSSL_MD5_CTX md5; + #endif WOLFSSL_SHA_CTX sha; WOLFSSL_SHA256_CTX sha256; #ifdef WOLFSSL_SHA384 @@ -148,10 +154,12 @@ WOLFSSL_API int wolfSSL_EVP_DigestFinal(WOLFSSL_EVP_MD_CTX* ctx, unsigned char* unsigned int* s); WOLFSSL_API int wolfSSL_EVP_DigestFinal_ex(WOLFSSL_EVP_MD_CTX* ctx, unsigned char* md, unsigned int* s); +#ifndef NO_MD5 WOLFSSL_API int wolfSSL_EVP_BytesToKey(const WOLFSSL_EVP_CIPHER*, const WOLFSSL_EVP_MD*, const unsigned char*, const unsigned char*, int, int, unsigned char*, unsigned char*); +#endif WOLFSSL_API void wolfSSL_EVP_CIPHER_CTX_init(WOLFSSL_EVP_CIPHER_CTX* ctx); WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_cleanup(WOLFSSL_EVP_CIPHER_CTX* ctx); @@ -195,7 +203,9 @@ typedef WOLFSSL_EVP_CIPHER EVP_CIPHER; typedef WOLFSSL_EVP_MD_CTX EVP_MD_CTX; typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX; -#define EVP_md5 wolfSSL_EVP_md5 +#ifndef NO_MD5 + #define EVP_md5 wolfSSL_EVP_md5 +#endif #define EVP_sha1 wolfSSL_EVP_sha1 #define EVP_sha256 wolfSSL_EVP_sha256 #define EVP_sha384 wolfSSL_EVP_sha384 diff --git a/wolfssl/openssl/md5.h b/wolfssl/openssl/md5.h index 735095234..bdcda5b98 100644 --- a/wolfssl/openssl/md5.h +++ b/wolfssl/openssl/md5.h @@ -6,6 +6,8 @@ #include +#ifndef NO_MD5 + #ifdef WOLFSSL_PREFIX #include "prefix_md5.h" #endif @@ -34,6 +36,7 @@ typedef WOLFSSL_MD5_CTX MD5_CTX; } /* extern "C" */ #endif +#endif /* NO_MD5 */ #endif /* WOLFSSL_MD5_H_ */ diff --git a/wolfssl/wolfcrypt/pwdbased.h b/wolfssl/wolfcrypt/pwdbased.h index d9ff152e2..0173beef8 100644 --- a/wolfssl/wolfcrypt/pwdbased.h +++ b/wolfssl/wolfcrypt/pwdbased.h @@ -26,7 +26,10 @@ #ifndef NO_PWDBASED -#include /* for hash type */ +#ifndef NO_MD5 + #include /* for hash type */ +#endif + #include #ifdef __cplusplus @@ -47,6 +50,12 @@ WOLFSSL_API int wc_PKCS12_PBKDF(byte* output, const byte* passwd, int pLen, const byte* salt, int sLen, int iterations, int kLen, int typeH, int purpose); +/* helper functions */ +WOLFSSL_LOCAL int GetDigestSize(int hashType); +WOLFSSL_LOCAL int GetPKCS12HashSizes(int hashType, word32* v, word32* u); +WOLFSSL_LOCAL int DoPKCS12Hash(int hashType, byte* buffer, word32 totalLen, + byte* Ai, word32 u, int iterations); + #ifdef __cplusplus } /* extern "C" */