From 142ff6d88530ace35d7e3d89a3add6fc37d9684f Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Tue, 15 Jun 2021 17:13:29 +0200 Subject: [PATCH] Bind 9.11.22 --- configure.ac | 4 +- src/ssl.c | 290 ++++++++++++++++++++++++++++++++++++++-- tests/api.c | 50 ++++++- wolfcrypt/src/asn.c | 4 +- wolfcrypt/src/dsa.c | 6 + wolfcrypt/src/evp.c | 40 ++++-- wolfssl/openssl/dsa.h | 30 ++++- wolfssl/openssl/rsa.h | 2 + wolfssl/openssl/ssl.h | 3 + wolfssl/ssl.h | 4 + wolfssl/wolfcrypt/asn.h | 4 +- 11 files changed, 408 insertions(+), 29 deletions(-) diff --git a/configure.ac b/configure.ac index 5f6a226c9..684232f3a 100644 --- a/configure.ac +++ b/configure.ac @@ -2005,7 +2005,7 @@ AC_ARG_ENABLE([dsa], [ ENABLED_DSA=no ] ) -if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_OPENVPN" = "yes" || test "$ENABLED_NGINX" = "yes" || test "$ENABLED_WPAS" = "yes" || test "$ENABLED_QT" = "yes" +if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_OPENVPN" = "yes" || test "$ENABLED_NGINX" = "yes" || test "$ENABLED_WPAS" = "yes" || test "$ENABLED_QT" = "yes" || test "$ENABLED_BIND" = "yes" then ENABLED_DSA="yes" fi @@ -4375,7 +4375,7 @@ fi if test "$ENABLED_BIND" = "yes" then - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_BIND" + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_BIND -DWOLFSSL_DSA_768_MODULUS" AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB -DWOLFSSL_DES_ECB" AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA224 -DWOLFSSL_SHA384 -DWOLFSSL_SHA512" ENABLED_SHA224="yes" diff --git a/src/ssl.c b/src/ssl.c index 61235df8c..ad0dc49d1 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -31428,6 +31428,68 @@ int wolfSSL_DSA_generate_parameters_ex(WOLFSSL_DSA* dsa, int bits, return ret; } +void wolfSSL_DSA_get0_pqg(const WOLFSSL_DSA *d, const WOLFSSL_BIGNUM **p, + const WOLFSSL_BIGNUM **q, const WOLFSSL_BIGNUM **g) +{ + WOLFSSL_ENTER("wolfSSL_DSA_get0_pqg"); + if (d != NULL) { + if (p != NULL) + *p = d->p; + if (q != NULL) + *q = d->q; + if (g != NULL) + *g = d->g; + } +} + +int wolfSSL_DSA_set0_pqg(WOLFSSL_DSA *d, WOLFSSL_BIGNUM *p, + WOLFSSL_BIGNUM *q, WOLFSSL_BIGNUM *g) +{ + WOLFSSL_ENTER("wolfSSL_DSA_set0_pqg"); + if (d == NULL || p == NULL || q == NULL || g == NULL) { + WOLFSSL_MSG("Bad parameter"); + return WOLFSSL_FAILURE; + } + wolfSSL_BN_free(d->p); + wolfSSL_BN_free(d->q); + wolfSSL_BN_free(d->g); + d->p = p; + d->q = q; + d->g = g; + return WOLFSSL_SUCCESS; +} + +void wolfSSL_DSA_get0_key(const WOLFSSL_DSA *d, + const WOLFSSL_BIGNUM **pub_key, const WOLFSSL_BIGNUM **priv_key) +{ + WOLFSSL_ENTER("wolfSSL_DSA_get0_key"); + if (d != NULL) { + if (pub_key != NULL) + *pub_key = d->pub_key; + if (priv_key != NULL) + *priv_key = d->priv_key; + } +} + +int wolfSSL_DSA_set0_key(WOLFSSL_DSA *d, WOLFSSL_BIGNUM *pub_key, + WOLFSSL_BIGNUM *priv_key) +{ + WOLFSSL_ENTER("wolfSSL_DSA_set0_key"); + + /* The private key may be NULL */ + if (pub_key == NULL) { + WOLFSSL_MSG("Bad parameter"); + return WOLFSSL_FAILURE; + } + + wolfSSL_BN_free(d->pub_key); + wolfSSL_BN_free(d->priv_key); + d->pub_key = pub_key; + d->priv_key = priv_key; + + return WOLFSSL_SUCCESS; +} + WOLFSSL_DSA_SIG* wolfSSL_DSA_SIG_new(void) { WOLFSSL_DSA_SIG* sig; @@ -31438,6 +31500,34 @@ WOLFSSL_DSA_SIG* wolfSSL_DSA_SIG_new(void) return sig; } +/** + * Same as wolfSSL_DSA_SIG_new but also initializes the internal bignums as well. + * @return New WOLFSSL_DSA_SIG with r and s created as well + */ +static WOLFSSL_DSA_SIG* wolfSSL_DSA_SIG_new_bn(void) +{ + WOLFSSL_DSA_SIG* ret; + + if ((ret = wolfSSL_DSA_SIG_new()) == NULL) { + WOLFSSL_MSG("wolfSSL_DSA_SIG_new error"); + return NULL; + } + + if ((ret->r = wolfSSL_BN_new()) == NULL) { + WOLFSSL_MSG("wolfSSL_BN_new error"); + wolfSSL_DSA_SIG_free(ret); + return NULL; + } + + if ((ret->s = wolfSSL_BN_new()) == NULL) { + WOLFSSL_MSG("wolfSSL_BN_new error"); + wolfSSL_DSA_SIG_free(ret); + return NULL; + } + + return ret; +} + void wolfSSL_DSA_SIG_free(WOLFSSL_DSA_SIG *sig) { WOLFSSL_ENTER("wolfSSL_DSA_SIG_free"); @@ -31452,6 +31542,158 @@ void wolfSSL_DSA_SIG_free(WOLFSSL_DSA_SIG *sig) } } +void wolfSSL_DSA_SIG_get0(const WOLFSSL_DSA_SIG *sig, + const WOLFSSL_BIGNUM **r, const WOLFSSL_BIGNUM **s) +{ + WOLFSSL_ENTER("wolfSSL_DSA_SIG_get0"); + if (sig != NULL) { + *r = sig->r; + *s = sig->s; + } +} + +int wolfSSL_DSA_SIG_set0(WOLFSSL_DSA_SIG *sig, WOLFSSL_BIGNUM *r, + WOLFSSL_BIGNUM *s) +{ + WOLFSSL_ENTER("wolfSSL_DSA_SIG_set0"); + if (r == NULL || s == NULL) { + WOLFSSL_MSG("Bad parameter"); + return WOLFSSL_FAILURE; + } + + wolfSSL_BN_clear_free(sig->r); + wolfSSL_BN_clear_free(sig->s); + sig->r = r; + sig->s = s; + + return WOLFSSL_SUCCESS; +} + +/** + * + * @param sig The input signature to encode + * @param out The output buffer. If *out is NULL then a new buffer is + * allocated. Otherwise the output is written to the buffer. + * @return length on success and -1 on error + */ +int wolfSSL_i2d_DSA_SIG(const WOLFSSL_DSA_SIG *sig, byte **out) +{ + /* Space for sequence + two asn ints */ + byte buf[MAX_SEQ_SZ + 2*(ASN_TAG_SZ + MAX_LENGTH_SZ + DSA_HALF_SIZE)]; + word32 bufLen = sizeof(buf); + + WOLFSSL_ENTER("wolfSSL_i2d_DSA_SIG"); + + if (sig == NULL || sig->r == NULL || sig->s == NULL || + out == NULL) { + WOLFSSL_MSG("Bad function arguments"); + return WOLFSSL_FATAL_ERROR; + } + + if (StoreECC_DSA_Sig(buf, &bufLen, + (mp_int*)sig->r->internal, (mp_int*)sig->s->internal) != 0) { + WOLFSSL_MSG("StoreECC_DSA_Sig error"); + return WOLFSSL_FATAL_ERROR; + } + + if (*out == NULL) { + byte* tmp = (byte*)XMALLOC(bufLen, NULL, DYNAMIC_TYPE_ASN1); + if (tmp == NULL) { + WOLFSSL_MSG("malloc error"); + return WOLFSSL_FATAL_ERROR; + } + *out = tmp; + } + + XMEMCPY(*out, buf, bufLen); + + return (int)bufLen; +} + +/** + * This parses a DER encoded ASN.1 structure. The ASN.1 encoding is: + * ASN1_SEQUENCE + * ASN1_INTEGER (DSA r) + * ASN1_INTEGER (DSA s) + * Alternatively, if the input is DSA_SIG_SIZE in length then this + * API interprets this as two unsigned binary numbers. + * @param sig If non-null then free'd first and then newly created + * WOLFSSL_DSA_SIG is assigned + * @param pp Input buffer that is moved forward on success + * @param length Length of input buffer + * @return Newly created WOLFSSL_DSA_SIG on success or NULL on failure + */ +WOLFSSL_DSA_SIG* wolfSSL_d2i_DSA_SIG(WOLFSSL_DSA_SIG **sig, + const unsigned char **pp, long length) +{ + WOLFSSL_DSA_SIG* ret; + mp_int* r; + mp_int* s; + + WOLFSSL_ENTER("wolfSSL_d2i_DSA_SIG"); + + if (pp == NULL || *pp == NULL || length < 0) { + WOLFSSL_MSG("Bad function arguments"); + return NULL; + } + + if ((ret = wolfSSL_DSA_SIG_new_bn()) == NULL) { + WOLFSSL_MSG("wolfSSL_DSA_SIG_new_bn error"); + return NULL; + } + + r = (mp_int*)ret->r->internal; + s = (mp_int*)ret->s->internal; + + if (length == DSA_SIG_SIZE) { + /* Two raw numbers of DSA_HALF_SIZE size each */ + if (mp_read_unsigned_bin(r, *pp, DSA_HALF_SIZE) != 0) { + WOLFSSL_MSG("r mp_read_unsigned_bin error"); + wolfSSL_DSA_SIG_free(ret); + return NULL; + } + + if (mp_read_unsigned_bin(s, *pp + DSA_HALF_SIZE, DSA_HALF_SIZE) != 0) { + WOLFSSL_MSG("s mp_read_unsigned_bin error"); + wolfSSL_DSA_SIG_free(ret); + return NULL; + } + + *pp += DSA_SIG_SIZE; + } + else { + if (DecodeECC_DSA_Sig(*pp, length, r, s) != 0) { + WOLFSSL_MSG("DecodeECC_DSA_Sig error"); + wolfSSL_DSA_SIG_free(ret); + return NULL; + } +#ifndef NO_STRICT_ECDSA_LEN + *pp += length; +#else + { + /* We need to figure out how much to move by ourselves */ + word32 idx = 0; + int len = 0; + if (GetSequence(*pp, &idx, &len, (word32)length) < 0) { + WOLFSSL_MSG("GetSequence error"); + wolfSSL_DSA_SIG_free(ret); + return NULL; + } + *pp += len; + } +#endif + } + + + if (sig != NULL) { + if (*sig != NULL) + wolfSSL_DSA_SIG_free(*sig); + *sig = ret; + } + + return ret; +} + /* return WOLFSSL_SUCCESS on success, < 0 otherwise */ int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet, WOLFSSL_DSA* dsa) @@ -31501,7 +31743,7 @@ int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet, } if (rng) { - if (DsaSign(d, sigRet, (DsaKey*)dsa->internal, rng) < 0) + if (wc_DsaSign(d, sigRet, (DsaKey*)dsa->internal, rng) < 0) WOLFSSL_MSG("DsaSign failed"); else ret = WOLFSSL_SUCCESS; @@ -31518,14 +31760,14 @@ int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet, #if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) WOLFSSL_DSA_SIG* wolfSSL_DSA_do_sign_ex(const unsigned char* digest, - int outLen, WOLFSSL_DSA* dsa) + int inLen, WOLFSSL_DSA* dsa) { WOLFSSL_DSA_SIG* sig = NULL; byte sigBin[DSA_SIG_SIZE]; WOLFSSL_ENTER("wolfSSL_DSA_do_sign_ex"); - if (!digest || !dsa || outLen != WC_SHA_DIGEST_SIZE) { + if (!digest || !dsa || inLen != WC_SHA_DIGEST_SIZE) { WOLFSSL_MSG("Bad function arguments"); return NULL; } @@ -37905,7 +38147,14 @@ int wolfSSL_RSA_flags(const WOLFSSL_RSA *r) void wolfSSL_RSA_set_flags(WOLFSSL_RSA *r, int flags) { if (r && r->meth) { - r->meth->flags = flags; + r->meth->flags |= flags; + } +} + +void wolfSSL_RSA_clear_flags(WOLFSSL_RSA *r, int flags) +{ + if (r && r->meth) { + r->meth->flags &= ~flags; } } @@ -43620,8 +43869,34 @@ int wolfSSL_SESSION_get_ex_new_index(long idx, void* data, void* cb1, return WOLFSSL_FAILURE; } -void wolfSSL_CRYPTO_cleanup_all_ex_data(void) +int wolfSSL_CRYPTO_set_mem_functions( + wolfSSL_Malloc_cb m, + wolfSSL_Realloc_cb r, + wolfSSL_Free_cb f) { + if (wolfSSL_SetAllocators(m, f, r) == 0) + return WOLFSSL_SUCCESS; + else + return WOLFSSL_FAILURE; +} + +#ifndef NO_WOLFSSL_STUB +int wolfSSL_CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const char *, int), + void *(*r) (void *, size_t, const char *, + int), void (*f) (void *)) +{ + (void) m; + (void) r; + (void) f; + WOLFSSL_ENTER("wolfSSL_CRYPTO_set_mem_ex_functions"); + WOLFSSL_STUB("CRYPTO_set_mem_ex_functions"); + + return WOLFSSL_FAILURE; +} +#endif + + +void wolfSSL_CRYPTO_cleanup_all_ex_data(void){ WOLFSSL_ENTER("CRYPTO_cleanup_all_ex_data"); } @@ -50399,11 +50674,8 @@ int SetIndividualExternal(WOLFSSL_BIGNUM** bn, mp_int* mpi) static void InitwolfSSL_BigNum(WOLFSSL_BIGNUM* bn) { - if (bn) { + if (bn) XMEMSET(bn, 0, sizeof(WOLFSSL_BIGNUM)); - bn->neg = 0; - bn->internal = NULL; - } } diff --git a/tests/api.c b/tests/api.c index c0f46ab35..0a895fc54 100644 --- a/tests/api.c +++ b/tests/api.c @@ -35954,7 +35954,10 @@ static void test_wolfSSL_RSA_meth(void) AssertIntEQ(RSA_flags(rsa), RSA_METHOD_FLAG_NO_CHECK); RSA_set_flags(rsa, RSA_FLAG_CACHE_PUBLIC); AssertIntNE(RSA_test_flags(rsa, RSA_FLAG_CACHE_PUBLIC), 0); - AssertIntEQ(RSA_flags(rsa), RSA_FLAG_CACHE_PUBLIC); + AssertIntEQ(RSA_flags(rsa), RSA_FLAG_CACHE_PUBLIC | RSA_METHOD_FLAG_NO_CHECK); + RSA_clear_flags(rsa, RSA_FLAG_CACHE_PUBLIC); + AssertIntEQ(RSA_test_flags(rsa, RSA_FLAG_CACHE_PUBLIC), 0); + AssertIntNE(RSA_flags(rsa), RSA_FLAG_CACHE_PUBLIC); /* rsa_meth is freed here */ RSA_free(rsa); @@ -38200,6 +38203,50 @@ static void test_wolfSSL_EVP_PKEY_set1_get1_DSA(void) #endif /* !NO_DSA && !HAVE_SELFTEST && WOLFSSL_KEY_GEN */ } /* END test_EVP_PKEY_set1_get1_DSA */ +static void test_wolfSSL_DSA_SIG(void) +{ +#if !defined (NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN) + DSA *dsa = NULL; + DSA *dsa2 = NULL; + DSA_SIG *sig = NULL; + const BIGNUM *p = NULL; + const BIGNUM *q = NULL; + const BIGNUM *g = NULL; + const BIGNUM *pub = NULL; + const BIGNUM *priv = NULL; + const byte digest[WC_SHA_DIGEST_SIZE] = {0}; + + printf(testingFmt, "wolfSSL_DSA_SIG"); + + AssertNotNull(dsa = DSA_generate_parameters(2048, + NULL, 0, NULL, NULL, NULL, NULL)); + DSA_free(dsa); + AssertNotNull(dsa = DSA_new()); + AssertIntEQ(DSA_generate_parameters_ex(dsa, 2048, + NULL, 0, NULL, NULL, NULL), 1); + AssertIntEQ(DSA_generate_key(dsa), 1); + DSA_get0_pqg(dsa, &p, &q, &g); + DSA_get0_key(dsa, &pub, &priv); + AssertNotNull(p = BN_dup(p)); + AssertNotNull(q = BN_dup(q)); + AssertNotNull(g = BN_dup(g)); + AssertNotNull(pub = BN_dup(pub)); + AssertNotNull(priv = BN_dup(priv)); + + AssertNotNull(sig = DSA_do_sign(digest, sizeof(digest), dsa)); + AssertNotNull(dsa2 = DSA_new()); + AssertIntEQ(DSA_set0_pqg(dsa2, (BIGNUM*)p, (BIGNUM*)q, (BIGNUM*)g), 1); + AssertIntEQ(DSA_set0_key(dsa2, (BIGNUM*)pub, (BIGNUM*)priv), 1); + AssertIntEQ(DSA_do_verify(digest, sizeof(digest), sig, dsa2), 1); + + printf(resultFmt, passed); + + DSA_free(dsa); + DSA_free(dsa2); + DSA_SIG_free(sig); +#endif +} + static void test_wolfSSL_EVP_PKEY_set1_get1_EC_KEY (void) { #ifdef HAVE_ECC @@ -46325,6 +46372,7 @@ void ApiTest(void) test_wolfSSL_ASN1_UNIVERSALSTRING_to_string(); test_wolfSSL_EC_KEY_dup(); test_wolfSSL_EVP_PKEY_set1_get1_DSA(); + test_wolfSSL_DSA_SIG(); test_wolfSSL_EVP_PKEY_set1_get1_EC_KEY(); test_wolfSSL_EVP_PKEY_set1_get1_DH(); test_wolfSSL_CTX_ctrl(); diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 7644b7d94..330c85e61 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -16128,7 +16128,7 @@ int StoreDHparams(byte* out, word32* outLen, mp_int* p, mp_int* g) } #endif /* !NO_DH && (WOLFSSL_QT || OPENSSL_ALL) */ -#ifdef HAVE_ECC +#if defined(HAVE_ECC) || !defined(NO_DSA) /* Der Encode r & s ints into out, outLen is (in/out) size */ int StoreECC_DSA_Sig(byte* out, word32* outLen, mp_int* r, mp_int* s) @@ -16293,9 +16293,7 @@ int DecodeECC_DSA_Sig_Bin(const byte* sig, word32 sigLen, byte* r, word32* rLen, return ret; } -#endif -#if defined(HAVE_ECC) || !defined(NO_DSA) int DecodeECC_DSA_Sig(const byte* sig, word32 sigLen, mp_int* r, mp_int* s) { word32 idx = 0; diff --git a/wolfcrypt/src/dsa.c b/wolfcrypt/src/dsa.c index 74254c518..3ea7e67aa 100644 --- a/wolfcrypt/src/dsa.c +++ b/wolfcrypt/src/dsa.c @@ -104,6 +104,9 @@ static int CheckDsaLN(int modLen, int divLen) int ret = -1; switch (modLen) { +#ifdef WOLFSSL_DSA_768_MODULUS + case 768: +#endif case 1024: if (divLen == 160) ret = 0; @@ -237,6 +240,9 @@ int wc_MakeDsaParameters(WC_RNG *rng, int modulus_size, DsaKey *dsa) * FIPS 186-4 defines valid values (1024, 160) (2048, 256) (3072, 256) */ switch (modulus_size) { +#ifdef WOLFSSL_DSA_768_MODULUS + case 768: +#endif case 1024: qsize = 20; break; diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 55c3cd2fe..ec2bdc362 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -1938,6 +1938,11 @@ int wolfSSL_EVP_PKEY_size(WOLFSSL_EVP_PKEY *pkey) return (int)wolfSSL_RSA_size((const WOLFSSL_RSA*)(pkey->rsa)); #endif /* !NO_RSA */ +#ifndef NO_DSA + case EVP_PKEY_DSA: + return DSA_SIG_SIZE; +#endif + #ifdef HAVE_ECC case EVP_PKEY_EC: if (pkey->ecc == NULL || pkey->ecc->internal == NULL) { @@ -2381,29 +2386,44 @@ int wolfSSL_EVP_SignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int mdsize; unsigned char md[WC_MAX_DIGEST_SIZE]; int ret; - if (ctx == NULL) return WOLFSSL_FAILURE; - WOLFSSL_ENTER("EVP_SignFinal"); - - ret = wolfSSL_EVP_DigestFinal(ctx, md, &mdsize); - if (ret <= 0) return ret; - (void)sigret; (void)siglen; + WOLFSSL_ENTER("EVP_SignFinal"); + if (ctx == NULL) + return WOLFSSL_FAILURE; + + ret = wolfSSL_EVP_DigestFinal(ctx, md, &mdsize); + if (ret <= 0) + return ret; + switch (pkey->type) { #if !defined(NO_RSA) && !defined(HAVE_USER_RSA) case EVP_PKEY_RSA: { int nid; - const WOLFSSL_EVP_MD *ctxmd = wolfSSL_EVP_MD_CTX_md(ctx); - if (ctxmd == NULL) break; + const WOLFSSL_EVP_MD *ctxmd; + + ctxmd = wolfSSL_EVP_MD_CTX_md(ctx); + if (ctxmd == NULL) + return WOLFSSL_FAILURE; + nid = wolfSSL_EVP_MD_type(ctxmd); - if (nid < 0) break; + if (nid < 0) + return WOLFSSL_FAILURE; return wolfSSL_RSA_sign(nid, md, mdsize, sigret, siglen, pkey->rsa); } #endif /* NO_RSA */ - +#ifndef NO_DSA case EVP_PKEY_DSA: + if (wolfSSL_DSA_do_sign(md, sigret, pkey->dsa) == WOLFSSL_SUCCESS) { + *siglen = DSA_SIG_SIZE; + return WOLFSSL_SUCCESS; + } + else { + return WOLFSSL_FAILURE; + } +#endif case EVP_PKEY_EC: WOLFSSL_MSG("not implemented"); FALL_THROUGH; diff --git a/wolfssl/openssl/dsa.h b/wolfssl/openssl/dsa.h index 6d6f5075b..12b947572 100644 --- a/wolfssl/openssl/dsa.h +++ b/wolfssl/openssl/dsa.h @@ -68,6 +68,17 @@ WOLFSSL_API int wolfSSL_DSA_generate_parameters_ex(WOLFSSL_DSA*, int bits, unsigned char* seed, int seedLen, int* counterRet, unsigned long* hRet, void* cb); +WOLFSSL_API void wolfSSL_DSA_get0_pqg(const WOLFSSL_DSA *d, const WOLFSSL_BIGNUM **p, + const WOLFSSL_BIGNUM **q, const WOLFSSL_BIGNUM **g); +WOLFSSL_API int wolfSSL_DSA_set0_pqg(WOLFSSL_DSA *d, WOLFSSL_BIGNUM *p, + WOLFSSL_BIGNUM *q, WOLFSSL_BIGNUM *g); + +WOLFSSL_API void wolfSSL_DSA_get0_key(const WOLFSSL_DSA *d, + const WOLFSSL_BIGNUM **pub_key, const WOLFSSL_BIGNUM **priv_key); +WOLFSSL_API int wolfSSL_DSA_set0_key(WOLFSSL_DSA *d, WOLFSSL_BIGNUM *pub_key, + WOLFSSL_BIGNUM *priv_key); + + WOLFSSL_API int wolfSSL_DSA_LoadDer(WOLFSSL_DSA*, const unsigned char*, int sz); WOLFSSL_API int wolfSSL_DSA_LoadDer_ex(WOLFSSL_DSA*, const unsigned char*, @@ -84,8 +95,17 @@ WOLFSSL_API int wolfSSL_DSA_bits(const WOLFSSL_DSA *d); WOLFSSL_API WOLFSSL_DSA_SIG* wolfSSL_DSA_SIG_new(void); WOLFSSL_API void wolfSSL_DSA_SIG_free(WOLFSSL_DSA_SIG *sig); + +WOLFSSL_API void wolfSSL_DSA_SIG_get0(const WOLFSSL_DSA_SIG *sig, + const WOLFSSL_BIGNUM **r, const WOLFSSL_BIGNUM **s); +WOLFSSL_API int wolfSSL_DSA_SIG_set0(WOLFSSL_DSA_SIG *sig, WOLFSSL_BIGNUM *r, + WOLFSSL_BIGNUM *s); + +WOLFSSL_API int wolfSSL_i2d_DSA_SIG(const WOLFSSL_DSA_SIG *sig, byte **out); +WOLFSSL_API WOLFSSL_DSA_SIG* wolfSSL_d2i_DSA_SIG(WOLFSSL_DSA_SIG **sig, + const unsigned char **pp, long length); WOLFSSL_API WOLFSSL_DSA_SIG* wolfSSL_DSA_do_sign_ex(const unsigned char* digest, - int outLen, WOLFSSL_DSA* dsa); + int inLen, WOLFSSL_DSA* dsa); WOLFSSL_API int wolfSSL_DSA_do_verify_ex(const unsigned char* digest, int digest_len, WOLFSSL_DSA_SIG* sig, WOLFSSL_DSA* dsa); @@ -99,9 +119,17 @@ WOLFSSL_API int wolfSSL_DSA_do_verify_ex(const unsigned char* digest, int digest #define DSA_generate_key wolfSSL_DSA_generate_key #define DSA_generate_parameters wolfSSL_DSA_generate_parameters #define DSA_generate_parameters_ex wolfSSL_DSA_generate_parameters_ex +#define DSA_get0_pqg wolfSSL_DSA_get0_pqg +#define DSA_set0_pqg wolfSSL_DSA_set0_pqg +#define DSA_get0_key wolfSSL_DSA_get0_key +#define DSA_set0_key wolfSSL_DSA_set0_key #define DSA_SIG_new wolfSSL_DSA_SIG_new #define DSA_SIG_free wolfSSL_DSA_SIG_free +#define DSA_SIG_get0 wolfSSL_DSA_SIG_get0 +#define DSA_SIG_set0 wolfSSL_DSA_SIG_set0 +#define i2d_DSA_SIG wolfSSL_i2d_DSA_SIG +#define d2i_DSA_SIG wolfSSL_d2i_DSA_SIG #define DSA_do_sign wolfSSL_DSA_do_sign_ex #define DSA_do_verify wolfSSL_DSA_do_verify_ex diff --git a/wolfssl/openssl/rsa.h b/wolfssl/openssl/rsa.h index 25594f167..86c4dae9d 100644 --- a/wolfssl/openssl/rsa.h +++ b/wolfssl/openssl/rsa.h @@ -159,6 +159,7 @@ WOLFSSL_API int wolfSSL_RSA_set0_key(WOLFSSL_RSA *r, WOLFSSL_BIGNUM *n, WOLFSSL_ WOLFSSL_BIGNUM *d); WOLFSSL_API int wolfSSL_RSA_flags(const WOLFSSL_RSA *r); WOLFSSL_API void wolfSSL_RSA_set_flags(WOLFSSL_RSA *r, int flags); +WOLFSSL_API void wolfSSL_RSA_clear_flags(WOLFSSL_RSA *r, int flags); WOLFSSL_API int wolfSSL_RSA_test_flags(const WOLFSSL_RSA *r, int flags); WOLFSSL_API WOLFSSL_RSA* wolfSSL_RSAPublicKey_dup(WOLFSSL_RSA *rsa); @@ -212,6 +213,7 @@ WOLFSSL_API int wolfSSL_RSA_set_ex_data_with_cleanup( #define RSA_set0_key wolfSSL_RSA_set0_key #define RSA_flags wolfSSL_RSA_flags #define RSA_set_flags wolfSSL_RSA_set_flags +#define RSA_clear_flags wolfSSL_RSA_clear_flags #define RSA_test_flags wolfSSL_RSA_test_flags #define RSAPublicKey_dup wolfSSL_RSAPublicKey_dup diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index b82c5a534..2f1cbb4b9 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -148,6 +148,8 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define CRYPTO_EX_free WOLFSSL_CRYPTO_EX_free #define CRYPTO_EX_DATA WOLFSSL_CRYPTO_EX_DATA +#define CRYPTO_set_mem_functions wolfSSL_CRYPTO_set_mem_functions + /* depreciated */ #define CRYPTO_thread_id wolfSSL_thread_id #define CRYPTO_set_id_callback wolfSSL_set_id_callback @@ -305,6 +307,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define SSL_pending wolfSSL_pending #define SSL_load_error_strings wolfSSL_load_error_strings #define SSL_library_init wolfSSL_library_init +#define OPENSSL_cleanup (void)wolfSSL_Cleanup #define OPENSSL_init_ssl wolfSSL_OPENSSL_init_ssl #define OpenSSL_add_ssl_algorithms wolfSSL_library_init #define SSL_CTX_set_session_cache_mode wolfSSL_CTX_set_session_cache_mode diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 77a73fb06..4c2cc555a 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -3976,6 +3976,10 @@ WOLFSSL_API WOLFSSL_X509 *wolfSSL_X509_to_X509_REQ(WOLFSSL_X509 *x, #include +WOLFSSL_API int wolfSSL_CRYPTO_set_mem_functions( + wolfSSL_Malloc_cb m, + wolfSSL_Realloc_cb r, + wolfSSL_Free_cb f); WOLFSSL_API int wolfSSL_CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const char *, int), void *(*r) (void *, size_t, const char *, int), void (*f) (void *)); diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 0b3b1bd11..3d8967897 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -1262,7 +1262,7 @@ WOLFSSL_LOCAL int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz, WOLFSSL_LOCAL int StoreDHparams(byte* out, word32* outLen, mp_int* p, mp_int* g); WOLFSSL_LOCAL int FlattenAltNames( byte*, word32, const DNS_entry*); -#ifdef HAVE_ECC +#if defined(HAVE_ECC) || !defined(NO_DSA) /* ASN sig helpers */ WOLFSSL_LOCAL int StoreECC_DSA_Sig(byte* out, word32* outLen, mp_int* r, mp_int* s); @@ -1270,8 +1270,6 @@ WOLFSSL_LOCAL int FlattenAltNames( byte*, word32, const DNS_entry*); const byte* r, word32 rLen, const byte* s, word32 sLen); WOLFSSL_LOCAL int DecodeECC_DSA_Sig_Bin(const byte* sig, word32 sigLen, byte* r, word32* rLen, byte* s, word32* sLen); -#endif -#if defined(HAVE_ECC) || !defined(NO_DSA) WOLFSSL_LOCAL int DecodeECC_DSA_Sig(const byte* sig, word32 sigLen, mp_int* r, mp_int* s); #endif