diff --git a/src/ssl.c b/src/ssl.c index fd4f376d6..aef32c855 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -30927,6 +30927,42 @@ int wolfSSL_DH_set0_pqg(WOLFSSL_DH *dh, WOLFSSL_BIGNUM *p, #endif /* v1.1.0 or later */ #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ +void wolfSSL_DH_get0_key(const WOLFSSL_DH *dh, + const WOLFSSL_BIGNUM **pub_key, const WOLFSSL_BIGNUM **priv_key) +{ + WOLFSSL_ENTER("wolfSSL_DH_get0_key"); + + if (dh != NULL) { + if (pub_key != NULL && dh->pub_key != NULL && + wolfSSL_BN_is_zero(dh->pub_key) != WOLFSSL_SUCCESS) + *pub_key = dh->pub_key; + if (priv_key != NULL && dh->priv_key != NULL && + wolfSSL_BN_is_zero(dh->priv_key) != WOLFSSL_SUCCESS) + *priv_key = dh->priv_key; + } +} + +int wolfSSL_DH_set0_key(WOLFSSL_DH *dh, WOLFSSL_BIGNUM *pub_key, + WOLFSSL_BIGNUM *priv_key) +{ + WOLFSSL_ENTER("wolfSSL_DH_set0_key"); + + if (dh == NULL) + return WOLFSSL_FAILURE; + + if (pub_key != NULL) { + wolfSSL_BN_free(dh->pub_key); + dh->pub_key = pub_key; + } + + if (priv_key != NULL) { + wolfSSL_BN_free(dh->priv_key); + dh->priv_key = priv_key; + } + + return SetDhInternal(dh); +} + #endif /* NO_DH */ #endif /* OPENSSL_EXTRA */ @@ -31500,34 +31536,6 @@ WOLFSSL_DSA_SIG* wolfSSL_DSA_SIG_new(void) return sig; } -/** - * Same as wolfSSL_DSA_SIG_new but also initializes the internal bignums as well. - * @return New WOLFSSL_DSA_SIG with r and s created as well - */ -static WOLFSSL_DSA_SIG* wolfSSL_DSA_SIG_new_bn(void) -{ - WOLFSSL_DSA_SIG* ret; - - if ((ret = wolfSSL_DSA_SIG_new()) == NULL) { - WOLFSSL_MSG("wolfSSL_DSA_SIG_new error"); - return NULL; - } - - if ((ret->r = wolfSSL_BN_new()) == NULL) { - WOLFSSL_MSG("wolfSSL_BN_new error"); - wolfSSL_DSA_SIG_free(ret); - return NULL; - } - - if ((ret->s = wolfSSL_BN_new()) == NULL) { - WOLFSSL_MSG("wolfSSL_BN_new error"); - wolfSSL_DSA_SIG_free(ret); - return NULL; - } - - return ret; -} - void wolfSSL_DSA_SIG_free(WOLFSSL_DSA_SIG *sig) { WOLFSSL_ENTER("wolfSSL_DSA_SIG_free"); @@ -31569,6 +31577,7 @@ int wolfSSL_DSA_SIG_set0(WOLFSSL_DSA_SIG *sig, WOLFSSL_BIGNUM *r, return WOLFSSL_SUCCESS; } +#ifndef HAVE_SELFTEST /** * * @param sig The input signature to encode @@ -31610,6 +31619,34 @@ int wolfSSL_i2d_DSA_SIG(const WOLFSSL_DSA_SIG *sig, byte **out) return (int)bufLen; } +/** + * Same as wolfSSL_DSA_SIG_new but also initializes the internal bignums as well. + * @return New WOLFSSL_DSA_SIG with r and s created as well + */ +static WOLFSSL_DSA_SIG* wolfSSL_DSA_SIG_new_bn(void) +{ + WOLFSSL_DSA_SIG* ret; + + if ((ret = wolfSSL_DSA_SIG_new()) == NULL) { + WOLFSSL_MSG("wolfSSL_DSA_SIG_new error"); + return NULL; + } + + if ((ret->r = wolfSSL_BN_new()) == NULL) { + WOLFSSL_MSG("wolfSSL_BN_new error"); + wolfSSL_DSA_SIG_free(ret); + return NULL; + } + + if ((ret->s = wolfSSL_BN_new()) == NULL) { + WOLFSSL_MSG("wolfSSL_BN_new error"); + wolfSSL_DSA_SIG_free(ret); + return NULL; + } + + return ret; +} + /** * This parses a DER encoded ASN.1 structure. The ASN.1 encoding is: * ASN1_SEQUENCE @@ -31645,16 +31682,16 @@ WOLFSSL_DSA_SIG* wolfSSL_d2i_DSA_SIG(WOLFSSL_DSA_SIG **sig, r = (mp_int*)ret->r->internal; s = (mp_int*)ret->s->internal; - if (DecodeECC_DSA_Sig(*pp, length, r, s) != 0) { + if (DecodeECC_DSA_Sig(*pp, (word32)length, r, s) != 0) { if (length == DSA_160_SIG_SIZE || length == DSA_256_SIG_SIZE) { /* Two raw numbers of length/2 size each */ - if (mp_read_unsigned_bin(r, *pp, length/2) != 0) { + if (mp_read_unsigned_bin(r, *pp, (int)length/2) != 0) { WOLFSSL_MSG("r mp_read_unsigned_bin error"); wolfSSL_DSA_SIG_free(ret); return NULL; } - if (mp_read_unsigned_bin(s, *pp + (length/2), length/2) != 0) { + if (mp_read_unsigned_bin(s, *pp + (length/2), (int)length/2) != 0) { WOLFSSL_MSG("s mp_read_unsigned_bin error"); wolfSSL_DSA_SIG_free(ret); return NULL; @@ -31695,6 +31732,7 @@ WOLFSSL_DSA_SIG* wolfSSL_d2i_DSA_SIG(WOLFSSL_DSA_SIG **sig, return ret; } +#endif /* return WOLFSSL_SUCCESS on success, < 0 otherwise */ int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet, @@ -32974,7 +33012,7 @@ const WOLFSSL_EVP_MD *wolfSSL_HMAC_CTX_get_md(const WOLFSSL_HMAC_CTX *ctx) return NULL; } - return wolfSSL_macType2EVP_md(ctx->type); + return wolfSSL_macType2EVP_md((enum wc_HashType)ctx->type); } #ifndef NO_DES3 @@ -42427,7 +42465,7 @@ int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey) } switch (pkey->type) { -#if (defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA)) && !defined(NO_RSA) +#if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA) && !defined(NO_RSA) case EVP_PKEY_RSA: WOLFSSL_MSG("populating RSA key"); if (PopulateRSAEvpPkeyDer(pkey) != WOLFSSL_SUCCESS) @@ -43893,26 +43931,7 @@ int wolfSSL_CRYPTO_set_mem_functions( return WOLFSSL_FAILURE; } -#ifndef NO_WOLFSSL_STUB -int wolfSSL_CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const char *, int), - void *(*r) (void *, size_t, const char *, - int), void (*f) (void *)) -{ - (void) m; - (void) r; - (void) f; - WOLFSSL_ENTER("wolfSSL_CRYPTO_set_mem_ex_functions"); - WOLFSSL_STUB("CRYPTO_set_mem_ex_functions"); - - return WOLFSSL_FAILURE; -} -#endif - - -void wolfSSL_CRYPTO_cleanup_all_ex_data(void){ - WOLFSSL_ENTER("CRYPTO_cleanup_all_ex_data"); -} - +#if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_SELFTEST) WOLFSSL_DH *wolfSSL_DH_generate_parameters(int prime_len, int generator, void (*callback) (int, int, void *), void *cb_arg) { @@ -43979,6 +43998,7 @@ int wolfSSL_DH_generate_parameters_ex(WOLFSSL_DH* dh, int prime_len, int generat return WOLFSSL_SUCCESS; } +#endif /* WOLFSSL_KEY_GEN && !HAVE_SELFTEST */ void wolfSSL_ERR_load_crypto_strings(void) { @@ -52810,6 +52830,8 @@ WOLFSSL_STRING *wolfSSL_TXT_DB_get_by_index(WOLFSSL_TXT_DB *db, int idx, return (WOLFSSL_STRING*) wolfSSL_lh_retrieve(db->data, value); } +#endif /* OPENSSL_ALL */ + /******************************************************************************* * END OF TXT_DB API ******************************************************************************/ diff --git a/tests/api.c b/tests/api.c index 0a895fc54..206b8b7b9 100644 --- a/tests/api.c +++ b/tests/api.c @@ -20025,7 +20025,6 @@ static int test_wc_curve25519_shared_secret_ex(void) word32 outLen = sizeof(out); int endian = EC25519_BIG_ENDIAN; - printf(testingFmt, "wc_curve25519_shared_secret_ex()"); ret = wc_curve25519_init(&private_key); @@ -20040,7 +20039,6 @@ static int test_wc_curve25519_shared_secret_ex(void) } if (ret == 0) { ret = wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &public_key); - } if (ret == 0) { ret = wc_curve25519_shared_secret_ex(&private_key, &public_key, out, @@ -28470,7 +28468,8 @@ static void test_wolfSSL_PEM_PrivateKey(void) /* key is DES encrypted */ #if !defined(NO_DES3) && defined(WOLFSSL_ENCRYPTED_KEYS) && \ - !defined(NO_RSA) && !defined(NO_FILESYSTEM) && !defined(NO_MD5) + !defined(NO_RSA) && !defined(NO_FILESYSTEM) && !defined(NO_MD5) && \ + defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA) && !defined(NO_RSA) { XFILE f; pem_password_cb* passwd_cb; @@ -45931,7 +45930,7 @@ static void test_wolfSSL_DH(void) (void)pub; (void)priv; -#if defined(OPENSSL_ALL) +#if defined(OPENSSL_ALL) && defined(WOLFSSL_KEY_GEN) #if !defined(HAVE_FIPS) || \ (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) FILE* f = NULL; diff --git a/wolfcrypt/src/dsa.c b/wolfcrypt/src/dsa.c index c6d1a3519..04d369ade 100644 --- a/wolfcrypt/src/dsa.c +++ b/wolfcrypt/src/dsa.c @@ -967,7 +967,7 @@ int wc_DsaSign(const byte* digest, byte* out, DsaKey* key, WC_RNG* rng) } #endif if (buffer) { - ForceZero(buffer, sz); + ForceZero(buffer, halfSz); XFREE(buffer, key->heap, DYNAMIC_TYPE_TMP_BUFFER); } #else /* !WOLFSSL_SMALL_STACK */ diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index f723b5467..503cd253f 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -6619,8 +6619,10 @@ static int ECC_populate_EVP_PKEY(EVP_PKEY* pkey, WOLFSSL_EC_KEY *key) if (ecc->type == ECC_PRIVATEKEY || ecc->type == ECC_PRIVATEKEY_ONLY) { #ifdef HAVE_PKCS8 if (wc_EccKeyToPKCS8(ecc, NULL, &derSz) == LENGTH_ONLY_E) { - derBuf = (byte*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_OPENSSL); + derBuf = (byte*)XREALLOC(pkey->pkey.ptr, derSz, NULL, + DYNAMIC_TYPE_OPENSSL); if (derBuf != NULL) { + pkey->pkey.ptr = (char*)derBuf; if (wc_EccKeyToPKCS8(ecc, derBuf, &derSz) < 0) { XFREE(derBuf, NULL, DYNAMIC_TYPE_OPENSSL); >>>>>>> WIP @@ -6631,8 +6633,10 @@ static int ECC_populate_EVP_PKEY(EVP_PKEY* pkey, WOLFSSL_EC_KEY *key) #else derSz = (word32)wc_EccKeyDerSize(ecc, 1); if (derSz > 0) { - derBuf = (byte*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_OPENSSL); + derBuf = (byte*)XREALLOC(pkey->pkey.ptr, derSz, NULL, + DYNAMIC_TYPE_OPENSSL); if (derBuf != NULL) { + pkey->pkey.ptr = (char*)derBuf; if (wc_EccKeyToDer(ecc, derBuf, derSz) < 0) { XFREE(derBuf, NULL, DYNAMIC_TYPE_OPENSSL); derBuf = NULL; @@ -6661,8 +6665,10 @@ static int ECC_populate_EVP_PKEY(EVP_PKEY* pkey, WOLFSSL_EC_KEY *key) ======= else if (ecc->type == ECC_PUBLICKEY) { if ((derSz = (word32)wc_EccPublicKeyDerSize(ecc, 1)) > 0) { - derBuf = (byte*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_OPENSSL); + derBuf = (byte*)XREALLOC(pkey->pkey.ptr, derSz, NULL, + DYNAMIC_TYPE_OPENSSL); if (derBuf != NULL) { + pkey->pkey.ptr = (char*)derBuf; if (wc_EccPublicKeyToDer(ecc, derBuf, derSz, 1) < 0) { XFREE(derBuf, NULL, DYNAMIC_TYPE_OPENSSL); >>>>>>> WIP @@ -6673,7 +6679,6 @@ static int ECC_populate_EVP_PKEY(EVP_PKEY* pkey, WOLFSSL_EC_KEY *key) } if (derBuf != NULL) { pkey->pkey_sz = (int)derSz; - pkey->pkey.ptr = (char*)derBuf; return WOLFSSL_SUCCESS; } else { diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 4c2cc555a..b4f5daea8 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -35,6 +35,7 @@ #include #include #include +#include #ifdef HAVE_WOLF_EVENT #include