Bind 9.11.22

2021-06-15 17:13:29 +02:00
parent 553c930ecb
commit 142ff6d885
11 changed files with 408 additions and 29 deletions
--- a/configure.ac
+++ b/configure.ac
@@ -2005,7 +2005,7 @@ AC_ARG_ENABLE([dsa],
    [ ENABLED_DSA=no ]
    )
-if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_OPENVPN" = "yes" || test "$ENABLED_NGINX" = "yes" || test "$ENABLED_WPAS" = "yes" || test "$ENABLED_QT" = "yes"
+if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_OPENVPN" = "yes" || test "$ENABLED_NGINX" = "yes" || test "$ENABLED_WPAS" = "yes" || test "$ENABLED_QT" = "yes" || test "$ENABLED_BIND" = "yes"
 then
    ENABLED_DSA="yes"
 fi
@@ -4375,7 +4375,7 @@ fi
 if test "$ENABLED_BIND" = "yes"
 then
-    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_BIND"
+    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_BIND -DWOLFSSL_DSA_768_MODULUS"
    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB -DWOLFSSL_DES_ECB"
    AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA224 -DWOLFSSL_SHA384 -DWOLFSSL_SHA512"
    ENABLED_SHA224="yes"
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -31428,6 +31428,68 @@ int wolfSSL_DSA_generate_parameters_ex(WOLFSSL_DSA* dsa, int bits,
    return ret;
 }
 void wolfSSL_DSA_get0_pqg(const WOLFSSL_DSA *d, const WOLFSSL_BIGNUM **p,
        const WOLFSSL_BIGNUM **q, const WOLFSSL_BIGNUM **g)
 {
    WOLFSSL_ENTER("wolfSSL_DSA_get0_pqg");
    if (d != NULL) {
        if (p != NULL)
            *p = d->p;
        if (q != NULL)
            *q = d->q;
        if (g != NULL)
            *g = d->g;
    }
 }
 int wolfSSL_DSA_set0_pqg(WOLFSSL_DSA *d, WOLFSSL_BIGNUM *p,
        WOLFSSL_BIGNUM *q, WOLFSSL_BIGNUM *g)
 {
    WOLFSSL_ENTER("wolfSSL_DSA_set0_pqg");
    if (d == NULL || p == NULL || q == NULL || g == NULL) {
        WOLFSSL_MSG("Bad parameter");
        return WOLFSSL_FAILURE;
    }
    wolfSSL_BN_free(d->p);
    wolfSSL_BN_free(d->q);
    wolfSSL_BN_free(d->g);
    d->p = p;
    d->q = q;
    d->g = g;
    return WOLFSSL_SUCCESS;
 }
 void wolfSSL_DSA_get0_key(const WOLFSSL_DSA *d,
        const WOLFSSL_BIGNUM **pub_key, const WOLFSSL_BIGNUM **priv_key)
 {
    WOLFSSL_ENTER("wolfSSL_DSA_get0_key");
    if (d != NULL) {
        if (pub_key != NULL)
            *pub_key = d->pub_key;
        if (priv_key != NULL)
            *priv_key = d->priv_key;
    }
 }
 int wolfSSL_DSA_set0_key(WOLFSSL_DSA *d, WOLFSSL_BIGNUM *pub_key,
        WOLFSSL_BIGNUM *priv_key)
 {
    WOLFSSL_ENTER("wolfSSL_DSA_set0_key");
    /* The private key may be NULL */
    if (pub_key == NULL) {
        WOLFSSL_MSG("Bad parameter");
        return WOLFSSL_FAILURE;
    }
    wolfSSL_BN_free(d->pub_key);
    wolfSSL_BN_free(d->priv_key);
    d->pub_key = pub_key;
    d->priv_key = priv_key;
    return WOLFSSL_SUCCESS;
 }
 WOLFSSL_DSA_SIG* wolfSSL_DSA_SIG_new(void)
 {
    WOLFSSL_DSA_SIG* sig;
@@ -31438,6 +31500,34 @@ WOLFSSL_DSA_SIG* wolfSSL_DSA_SIG_new(void)
    return sig;
 }
 /**
 * Same as wolfSSL_DSA_SIG_new but also initializes the internal bignums as well.
 * @return New WOLFSSL_DSA_SIG with r and s created as well
 */
 static WOLFSSL_DSA_SIG* wolfSSL_DSA_SIG_new_bn(void)
 {
    WOLFSSL_DSA_SIG* ret;
    if ((ret = wolfSSL_DSA_SIG_new()) == NULL) {
        WOLFSSL_MSG("wolfSSL_DSA_SIG_new error");
        return NULL;
    }
    if ((ret->r = wolfSSL_BN_new()) == NULL) {
        WOLFSSL_MSG("wolfSSL_BN_new error");
        wolfSSL_DSA_SIG_free(ret);
        return NULL;
    }
    if ((ret->s = wolfSSL_BN_new()) == NULL) {
        WOLFSSL_MSG("wolfSSL_BN_new error");
        wolfSSL_DSA_SIG_free(ret);
        return NULL;
    }
    return ret;
 }
 void wolfSSL_DSA_SIG_free(WOLFSSL_DSA_SIG *sig)
 {
    WOLFSSL_ENTER("wolfSSL_DSA_SIG_free");
@@ -31452,6 +31542,158 @@ void wolfSSL_DSA_SIG_free(WOLFSSL_DSA_SIG *sig)
    }
 }
 void wolfSSL_DSA_SIG_get0(const WOLFSSL_DSA_SIG *sig,
        const WOLFSSL_BIGNUM **r, const WOLFSSL_BIGNUM **s)
 {
    WOLFSSL_ENTER("wolfSSL_DSA_SIG_get0");
    if (sig != NULL) {
        *r = sig->r;
        *s = sig->s;
    }
 }
 int wolfSSL_DSA_SIG_set0(WOLFSSL_DSA_SIG *sig, WOLFSSL_BIGNUM *r,
        WOLFSSL_BIGNUM *s)
 {
    WOLFSSL_ENTER("wolfSSL_DSA_SIG_set0");
    if (r == NULL || s == NULL) {
        WOLFSSL_MSG("Bad parameter");
        return WOLFSSL_FAILURE;
    }
    wolfSSL_BN_clear_free(sig->r);
    wolfSSL_BN_clear_free(sig->s);
    sig->r = r;
    sig->s = s;
    return WOLFSSL_SUCCESS;
 }
 /**
 *
 * @param sig The input signature to encode
 * @param out The output buffer. If *out is NULL then a new buffer is
 *            allocated. Otherwise the output is written to the buffer.
 * @return length on success and -1 on error
 */
 int wolfSSL_i2d_DSA_SIG(const WOLFSSL_DSA_SIG *sig, byte **out)
 {
    /* Space for sequence + two asn ints */
    byte buf[MAX_SEQ_SZ + 2*(ASN_TAG_SZ + MAX_LENGTH_SZ + DSA_HALF_SIZE)];
    word32 bufLen = sizeof(buf);
    WOLFSSL_ENTER("wolfSSL_i2d_DSA_SIG");
    if (sig == NULL || sig->r == NULL || sig->s == NULL ||
            out == NULL) {
        WOLFSSL_MSG("Bad function arguments");
        return WOLFSSL_FATAL_ERROR;
    }
    if (StoreECC_DSA_Sig(buf, &bufLen,
            (mp_int*)sig->r->internal, (mp_int*)sig->s->internal) != 0) {
        WOLFSSL_MSG("StoreECC_DSA_Sig error");
        return WOLFSSL_FATAL_ERROR;
    }
    if (*out == NULL) {
        byte* tmp = (byte*)XMALLOC(bufLen, NULL, DYNAMIC_TYPE_ASN1);
        if (tmp == NULL) {
            WOLFSSL_MSG("malloc error");
            return WOLFSSL_FATAL_ERROR;
        }
        *out = tmp;
    }
    XMEMCPY(*out, buf, bufLen);
    return (int)bufLen;
 }
 /**
 * This parses a DER encoded ASN.1 structure. The ASN.1 encoding is:
 * ASN1_SEQUENCE
 *   ASN1_INTEGER (DSA r)
 *   ASN1_INTEGER (DSA s)
 * Alternatively, if the input is DSA_SIG_SIZE in length then this
 * API interprets this as two unsigned binary numbers.
 * @param sig    If non-null then free'd first and then newly created
 *               WOLFSSL_DSA_SIG is assigned
 * @param pp     Input buffer that is moved forward on success
 * @param length Length of input buffer
 * @return Newly created WOLFSSL_DSA_SIG on success or NULL on failure
 */
 WOLFSSL_DSA_SIG* wolfSSL_d2i_DSA_SIG(WOLFSSL_DSA_SIG **sig,
        const unsigned char **pp, long length)
 {
    WOLFSSL_DSA_SIG* ret;
    mp_int* r;
    mp_int* s;
    WOLFSSL_ENTER("wolfSSL_d2i_DSA_SIG");
    if (pp == NULL || *pp == NULL || length < 0) {
        WOLFSSL_MSG("Bad function arguments");
        return NULL;
    }
    if ((ret = wolfSSL_DSA_SIG_new_bn()) == NULL) {
        WOLFSSL_MSG("wolfSSL_DSA_SIG_new_bn error");
        return NULL;
    }
    r = (mp_int*)ret->r->internal;
    s = (mp_int*)ret->s->internal;
    if (length == DSA_SIG_SIZE) {
        /* Two raw numbers of DSA_HALF_SIZE size each */
        if (mp_read_unsigned_bin(r, *pp, DSA_HALF_SIZE) != 0) {
            WOLFSSL_MSG("r mp_read_unsigned_bin error");
            wolfSSL_DSA_SIG_free(ret);
            return NULL;
        }
        if (mp_read_unsigned_bin(s, *pp + DSA_HALF_SIZE, DSA_HALF_SIZE) != 0) {
            WOLFSSL_MSG("s mp_read_unsigned_bin error");
            wolfSSL_DSA_SIG_free(ret);
            return NULL;
        }
        *pp += DSA_SIG_SIZE;
    }
    else {
        if (DecodeECC_DSA_Sig(*pp, length, r, s) != 0) {
            WOLFSSL_MSG("DecodeECC_DSA_Sig error");
            wolfSSL_DSA_SIG_free(ret);
            return NULL;
        }
 #ifndef NO_STRICT_ECDSA_LEN
        *pp += length;
 #else
        {
            /* We need to figure out how much to move by ourselves */
            word32 idx = 0;
            int len = 0;
            if (GetSequence(*pp, &idx, &len, (word32)length) < 0) {
                WOLFSSL_MSG("GetSequence error");
                wolfSSL_DSA_SIG_free(ret);
                return NULL;
            }
            *pp += len;
        }
 #endif
    }
    if (sig != NULL) {
        if (*sig != NULL)
            wolfSSL_DSA_SIG_free(*sig);
        *sig = ret;
    }
    return ret;
 }
 /* return WOLFSSL_SUCCESS on success, < 0 otherwise */
 int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet,
                       WOLFSSL_DSA* dsa)
@@ -31501,7 +31743,7 @@ int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet,
    }
    if (rng) {
-        if (DsaSign(d, sigRet, (DsaKey*)dsa->internal, rng) < 0)
+        if (wc_DsaSign(d, sigRet, (DsaKey*)dsa->internal, rng) < 0)
            WOLFSSL_MSG("DsaSign failed");
        else
            ret = WOLFSSL_SUCCESS;
@@ -31518,14 +31760,14 @@ int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet,
 #if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
 WOLFSSL_DSA_SIG* wolfSSL_DSA_do_sign_ex(const unsigned char* digest,
-                                        int outLen, WOLFSSL_DSA* dsa)
+                                        int inLen, WOLFSSL_DSA* dsa)
 {
    WOLFSSL_DSA_SIG* sig = NULL;
    byte sigBin[DSA_SIG_SIZE];
    WOLFSSL_ENTER("wolfSSL_DSA_do_sign_ex");
-    if (!digest || !dsa || outLen != WC_SHA_DIGEST_SIZE) {
+    if (!digest || !dsa || inLen != WC_SHA_DIGEST_SIZE) {
        WOLFSSL_MSG("Bad function arguments");
        return NULL;
    }
@@ -37905,7 +38147,14 @@ int wolfSSL_RSA_flags(const WOLFSSL_RSA *r)
 void wolfSSL_RSA_set_flags(WOLFSSL_RSA *r, int flags)
 {
    if (r && r->meth) {
-        r->meth->flags = flags;
+        r->meth->flags |= flags;
    }
 }
 void wolfSSL_RSA_clear_flags(WOLFSSL_RSA *r, int flags)
 {
    if (r && r->meth) {
        r->meth->flags &= ~flags;
    }
 }
@@ -43620,8 +43869,34 @@ int wolfSSL_SESSION_get_ex_new_index(long idx, void* data, void* cb1,
    return WOLFSSL_FAILURE;
 }
-void wolfSSL_CRYPTO_cleanup_all_ex_data(void)
+int wolfSSL_CRYPTO_set_mem_functions(
        wolfSSL_Malloc_cb  m,
        wolfSSL_Realloc_cb r,
        wolfSSL_Free_cb    f)
 {
    if (wolfSSL_SetAllocators(m, f, r) == 0)
        return WOLFSSL_SUCCESS;
    else
        return WOLFSSL_FAILURE;
 }
 #ifndef NO_WOLFSSL_STUB
 int wolfSSL_CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const char *, int),
                                void *(*r) (void *, size_t, const char *,
                                            int), void (*f) (void *))
 {
    (void) m;
    (void) r;
    (void) f;
    WOLFSSL_ENTER("wolfSSL_CRYPTO_set_mem_ex_functions");
    WOLFSSL_STUB("CRYPTO_set_mem_ex_functions");
    return WOLFSSL_FAILURE;
 }
 #endif
 void wolfSSL_CRYPTO_cleanup_all_ex_data(void){
    WOLFSSL_ENTER("CRYPTO_cleanup_all_ex_data");
 }
@@ -50399,11 +50674,8 @@ int SetIndividualExternal(WOLFSSL_BIGNUM** bn, mp_int* mpi)
 static void InitwolfSSL_BigNum(WOLFSSL_BIGNUM* bn)
 {
-    if (bn) {
+    if (bn)
        XMEMSET(bn, 0, sizeof(WOLFSSL_BIGNUM));
        bn->neg      = 0;
        bn->internal = NULL;
    }
 }
--- a/tests/api.c
+++ b/tests/api.c
@@ -35954,7 +35954,10 @@ static void test_wolfSSL_RSA_meth(void)
    AssertIntEQ(RSA_flags(rsa), RSA_METHOD_FLAG_NO_CHECK);
    RSA_set_flags(rsa, RSA_FLAG_CACHE_PUBLIC);
    AssertIntNE(RSA_test_flags(rsa, RSA_FLAG_CACHE_PUBLIC), 0);
-    AssertIntEQ(RSA_flags(rsa), RSA_FLAG_CACHE_PUBLIC);
+    AssertIntEQ(RSA_flags(rsa), RSA_FLAG_CACHE_PUBLIC | RSA_METHOD_FLAG_NO_CHECK);
    RSA_clear_flags(rsa, RSA_FLAG_CACHE_PUBLIC);
    AssertIntEQ(RSA_test_flags(rsa, RSA_FLAG_CACHE_PUBLIC), 0);
    AssertIntNE(RSA_flags(rsa), RSA_FLAG_CACHE_PUBLIC);
    /* rsa_meth is freed here */
    RSA_free(rsa);
@@ -38200,6 +38203,50 @@ static void test_wolfSSL_EVP_PKEY_set1_get1_DSA(void)
 #endif /* !NO_DSA && !HAVE_SELFTEST && WOLFSSL_KEY_GEN */
 } /* END test_EVP_PKEY_set1_get1_DSA */
 static void test_wolfSSL_DSA_SIG(void)
 {
 #if !defined (NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN)
    DSA          *dsa  = NULL;
    DSA          *dsa2 = NULL;
    DSA_SIG      *sig  = NULL;
    const BIGNUM *p    = NULL;
    const BIGNUM *q    = NULL;
    const BIGNUM *g    = NULL;
    const BIGNUM *pub  = NULL;
    const BIGNUM *priv = NULL;
    const byte digest[WC_SHA_DIGEST_SIZE] = {0};
    printf(testingFmt, "wolfSSL_DSA_SIG");
    AssertNotNull(dsa = DSA_generate_parameters(2048,
            NULL, 0, NULL, NULL, NULL, NULL));
    DSA_free(dsa);
    AssertNotNull(dsa = DSA_new());
    AssertIntEQ(DSA_generate_parameters_ex(dsa, 2048,
            NULL, 0, NULL, NULL, NULL), 1);
    AssertIntEQ(DSA_generate_key(dsa), 1);
    DSA_get0_pqg(dsa, &p, &q, &g);
    DSA_get0_key(dsa, &pub, &priv);
    AssertNotNull(p    = BN_dup(p));
    AssertNotNull(q    = BN_dup(q));
    AssertNotNull(g    = BN_dup(g));
    AssertNotNull(pub  = BN_dup(pub));
    AssertNotNull(priv = BN_dup(priv));
    AssertNotNull(sig = DSA_do_sign(digest, sizeof(digest), dsa));
    AssertNotNull(dsa2 = DSA_new());
    AssertIntEQ(DSA_set0_pqg(dsa2, (BIGNUM*)p, (BIGNUM*)q, (BIGNUM*)g), 1);
    AssertIntEQ(DSA_set0_key(dsa2, (BIGNUM*)pub, (BIGNUM*)priv), 1);
    AssertIntEQ(DSA_do_verify(digest, sizeof(digest), sig, dsa2), 1);
    printf(resultFmt, passed);
    DSA_free(dsa);
    DSA_free(dsa2);
    DSA_SIG_free(sig);
 #endif
 }
 static void test_wolfSSL_EVP_PKEY_set1_get1_EC_KEY (void)
 {
 #ifdef HAVE_ECC
@@ -46325,6 +46372,7 @@ void ApiTest(void)
    test_wolfSSL_ASN1_UNIVERSALSTRING_to_string();
    test_wolfSSL_EC_KEY_dup();
    test_wolfSSL_EVP_PKEY_set1_get1_DSA();
    test_wolfSSL_DSA_SIG();
    test_wolfSSL_EVP_PKEY_set1_get1_EC_KEY();
    test_wolfSSL_EVP_PKEY_set1_get1_DH();
    test_wolfSSL_CTX_ctrl();
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -16128,7 +16128,7 @@ int StoreDHparams(byte* out, word32* outLen, mp_int* p, mp_int* g)
 }
 #endif /* !NO_DH && (WOLFSSL_QT || OPENSSL_ALL) */
-#ifdef HAVE_ECC
+#if defined(HAVE_ECC) || !defined(NO_DSA)
 /* Der Encode r & s ints into out, outLen is (in/out) size */
 int StoreECC_DSA_Sig(byte* out, word32* outLen, mp_int* r, mp_int* s)
@@ -16293,9 +16293,7 @@ int DecodeECC_DSA_Sig_Bin(const byte* sig, word32 sigLen, byte* r, word32* rLen,
    return ret;
 }
 #endif
 #if defined(HAVE_ECC) || !defined(NO_DSA)
 int DecodeECC_DSA_Sig(const byte* sig, word32 sigLen, mp_int* r, mp_int* s)
 {
    word32 idx = 0;
--- a/wolfcrypt/src/dsa.c
+++ b/wolfcrypt/src/dsa.c
@@ -104,6 +104,9 @@ static int CheckDsaLN(int modLen, int divLen)
    int ret = -1;
    switch (modLen) {
 #ifdef WOLFSSL_DSA_768_MODULUS
        case 768:
 #endif
        case 1024:
            if (divLen == 160)
                ret = 0;
@@ -237,6 +240,9 @@ int wc_MakeDsaParameters(WC_RNG *rng, int modulus_size, DsaKey *dsa)
     * FIPS 186-4 defines valid values (1024, 160) (2048, 256) (3072, 256)
     */
    switch (modulus_size) {
 #ifdef WOLFSSL_DSA_768_MODULUS
        case 768:
 #endif
        case 1024:
            qsize = 20;
            break;
--- a/wolfcrypt/src/evp.c
+++ b/wolfcrypt/src/evp.c
@@ -1938,6 +1938,11 @@ int wolfSSL_EVP_PKEY_size(WOLFSSL_EVP_PKEY *pkey)
        return (int)wolfSSL_RSA_size((const WOLFSSL_RSA*)(pkey->rsa));
 #endif /* !NO_RSA */
 #ifndef NO_DSA
    case EVP_PKEY_DSA:
        return DSA_SIG_SIZE;
 #endif
 #ifdef HAVE_ECC
    case EVP_PKEY_EC:
        if (pkey->ecc == NULL || pkey->ecc->internal == NULL) {
@@ -2381,29 +2386,44 @@ int wolfSSL_EVP_SignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sigret,
    unsigned int mdsize;
    unsigned char md[WC_MAX_DIGEST_SIZE];
    int ret;
    if (ctx == NULL) return WOLFSSL_FAILURE;
    WOLFSSL_ENTER("EVP_SignFinal");
    ret = wolfSSL_EVP_DigestFinal(ctx, md, &mdsize);
    if (ret <= 0) return ret;
    (void)sigret;
    (void)siglen;
    WOLFSSL_ENTER("EVP_SignFinal");
    if (ctx == NULL)
        return WOLFSSL_FAILURE;
    ret = wolfSSL_EVP_DigestFinal(ctx, md, &mdsize);
    if (ret <= 0)
        return ret;
    switch (pkey->type) {
 #if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
    case EVP_PKEY_RSA: {
        int nid;
-        const WOLFSSL_EVP_MD *ctxmd = wolfSSL_EVP_MD_CTX_md(ctx);
+        const WOLFSSL_EVP_MD *ctxmd;
-        if (ctxmd == NULL) break;
+
        ctxmd = wolfSSL_EVP_MD_CTX_md(ctx);
        if (ctxmd == NULL)
            return WOLFSSL_FAILURE;
        nid = wolfSSL_EVP_MD_type(ctxmd);
-        if (nid < 0) break;
+        if (nid < 0)
            return WOLFSSL_FAILURE;
        return wolfSSL_RSA_sign(nid, md, mdsize, sigret,
                                siglen, pkey->rsa);
    }
 #endif /* NO_RSA */
-
+#ifndef NO_DSA
    case EVP_PKEY_DSA:
        if (wolfSSL_DSA_do_sign(md, sigret, pkey->dsa) == WOLFSSL_SUCCESS) {
            *siglen = DSA_SIG_SIZE;
            return WOLFSSL_SUCCESS;
        }
        else {
            return WOLFSSL_FAILURE;
        }
 #endif
    case EVP_PKEY_EC:
        WOLFSSL_MSG("not implemented");
        FALL_THROUGH;
--- a/wolfssl/openssl/dsa.h
+++ b/wolfssl/openssl/dsa.h
@@ -68,6 +68,17 @@ WOLFSSL_API int wolfSSL_DSA_generate_parameters_ex(WOLFSSL_DSA*, int bits,
                   unsigned char* seed, int seedLen, int* counterRet,
                   unsigned long* hRet, void* cb);
 WOLFSSL_API void wolfSSL_DSA_get0_pqg(const WOLFSSL_DSA *d, const WOLFSSL_BIGNUM **p,
        const WOLFSSL_BIGNUM **q, const WOLFSSL_BIGNUM **g);
 WOLFSSL_API int wolfSSL_DSA_set0_pqg(WOLFSSL_DSA *d, WOLFSSL_BIGNUM *p,
        WOLFSSL_BIGNUM *q, WOLFSSL_BIGNUM *g);
 WOLFSSL_API void wolfSSL_DSA_get0_key(const WOLFSSL_DSA *d,
        const WOLFSSL_BIGNUM **pub_key, const WOLFSSL_BIGNUM **priv_key);
 WOLFSSL_API int wolfSSL_DSA_set0_key(WOLFSSL_DSA *d, WOLFSSL_BIGNUM *pub_key,
        WOLFSSL_BIGNUM *priv_key);
 WOLFSSL_API int wolfSSL_DSA_LoadDer(WOLFSSL_DSA*, const unsigned char*, int sz);
 WOLFSSL_API int wolfSSL_DSA_LoadDer_ex(WOLFSSL_DSA*, const unsigned char*,
@@ -84,8 +95,17 @@ WOLFSSL_API int wolfSSL_DSA_bits(const WOLFSSL_DSA *d);
 WOLFSSL_API WOLFSSL_DSA_SIG* wolfSSL_DSA_SIG_new(void);
 WOLFSSL_API void wolfSSL_DSA_SIG_free(WOLFSSL_DSA_SIG *sig);
 WOLFSSL_API void wolfSSL_DSA_SIG_get0(const WOLFSSL_DSA_SIG *sig,
        const WOLFSSL_BIGNUM **r, const WOLFSSL_BIGNUM **s);
 WOLFSSL_API int wolfSSL_DSA_SIG_set0(WOLFSSL_DSA_SIG *sig, WOLFSSL_BIGNUM *r,
        WOLFSSL_BIGNUM *s);
 WOLFSSL_API int wolfSSL_i2d_DSA_SIG(const WOLFSSL_DSA_SIG *sig, byte **out);
 WOLFSSL_API WOLFSSL_DSA_SIG* wolfSSL_d2i_DSA_SIG(WOLFSSL_DSA_SIG **sig,
        const unsigned char **pp, long length);
 WOLFSSL_API WOLFSSL_DSA_SIG* wolfSSL_DSA_do_sign_ex(const unsigned char* digest,
-                                                    int outLen, WOLFSSL_DSA* dsa);
+                                                    int inLen, WOLFSSL_DSA* dsa);
 WOLFSSL_API int wolfSSL_DSA_do_verify_ex(const unsigned char* digest, int digest_len,
                                         WOLFSSL_DSA_SIG* sig, WOLFSSL_DSA* dsa);
@@ -99,9 +119,17 @@ WOLFSSL_API int wolfSSL_DSA_do_verify_ex(const unsigned char* digest, int digest
 #define DSA_generate_key           wolfSSL_DSA_generate_key
 #define DSA_generate_parameters    wolfSSL_DSA_generate_parameters
 #define DSA_generate_parameters_ex wolfSSL_DSA_generate_parameters_ex
 #define DSA_get0_pqg               wolfSSL_DSA_get0_pqg
 #define DSA_set0_pqg               wolfSSL_DSA_set0_pqg
 #define DSA_get0_key               wolfSSL_DSA_get0_key
 #define DSA_set0_key               wolfSSL_DSA_set0_key
 #define DSA_SIG_new                wolfSSL_DSA_SIG_new
 #define DSA_SIG_free               wolfSSL_DSA_SIG_free
 #define DSA_SIG_get0               wolfSSL_DSA_SIG_get0
 #define DSA_SIG_set0               wolfSSL_DSA_SIG_set0
 #define i2d_DSA_SIG                wolfSSL_i2d_DSA_SIG
 #define d2i_DSA_SIG                wolfSSL_d2i_DSA_SIG
 #define DSA_do_sign                wolfSSL_DSA_do_sign_ex
 #define DSA_do_verify              wolfSSL_DSA_do_verify_ex
--- a/wolfssl/openssl/rsa.h
+++ b/wolfssl/openssl/rsa.h
@@ -159,6 +159,7 @@ WOLFSSL_API int wolfSSL_RSA_set0_key(WOLFSSL_RSA *r, WOLFSSL_BIGNUM *n, WOLFSSL_
                                     WOLFSSL_BIGNUM *d);
 WOLFSSL_API int wolfSSL_RSA_flags(const WOLFSSL_RSA *r);
 WOLFSSL_API void wolfSSL_RSA_set_flags(WOLFSSL_RSA *r, int flags);
 WOLFSSL_API void wolfSSL_RSA_clear_flags(WOLFSSL_RSA *r, int flags);
 WOLFSSL_API int wolfSSL_RSA_test_flags(const WOLFSSL_RSA *r, int flags);
 WOLFSSL_API WOLFSSL_RSA* wolfSSL_RSAPublicKey_dup(WOLFSSL_RSA *rsa);
@@ -212,6 +213,7 @@ WOLFSSL_API int wolfSSL_RSA_set_ex_data_with_cleanup(
 #define RSA_set0_key            wolfSSL_RSA_set0_key
 #define RSA_flags               wolfSSL_RSA_flags
 #define RSA_set_flags           wolfSSL_RSA_set_flags
 #define RSA_clear_flags         wolfSSL_RSA_clear_flags
 #define RSA_test_flags          wolfSSL_RSA_test_flags
 #define RSAPublicKey_dup        wolfSSL_RSAPublicKey_dup
--- a/wolfssl/openssl/ssl.h
+++ b/wolfssl/openssl/ssl.h
@@ -148,6 +148,8 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define CRYPTO_EX_free                  WOLFSSL_CRYPTO_EX_free
 #define CRYPTO_EX_DATA                  WOLFSSL_CRYPTO_EX_DATA
 #define CRYPTO_set_mem_functions        wolfSSL_CRYPTO_set_mem_functions
 /* depreciated */
 #define CRYPTO_thread_id                wolfSSL_thread_id
 #define CRYPTO_set_id_callback          wolfSSL_set_id_callback
@@ -305,6 +307,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define SSL_pending                     wolfSSL_pending
 #define SSL_load_error_strings          wolfSSL_load_error_strings
 #define SSL_library_init                wolfSSL_library_init
 #define OPENSSL_cleanup                 (void)wolfSSL_Cleanup
 #define OPENSSL_init_ssl                wolfSSL_OPENSSL_init_ssl
 #define OpenSSL_add_ssl_algorithms      wolfSSL_library_init
 #define SSL_CTX_set_session_cache_mode  wolfSSL_CTX_set_session_cache_mode
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -3976,6 +3976,10 @@ WOLFSSL_API WOLFSSL_X509 *wolfSSL_X509_to_X509_REQ(WOLFSSL_X509 *x,
 #include <wolfssl/openssl/crypto.h>
 WOLFSSL_API int wolfSSL_CRYPTO_set_mem_functions(
        wolfSSL_Malloc_cb  m,
        wolfSSL_Realloc_cb r,
        wolfSSL_Free_cb    f);
 WOLFSSL_API int wolfSSL_CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const char *, int),
    void *(*r) (void *, size_t, const char *, int), void (*f) (void *));
--- a/wolfssl/wolfcrypt/asn.h
+++ b/wolfssl/wolfcrypt/asn.h
@@ -1262,7 +1262,7 @@ WOLFSSL_LOCAL int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz,
 WOLFSSL_LOCAL int StoreDHparams(byte* out, word32* outLen, mp_int* p, mp_int* g);
 WOLFSSL_LOCAL int FlattenAltNames( byte*, word32, const DNS_entry*);
-#ifdef HAVE_ECC
+#if defined(HAVE_ECC) || !defined(NO_DSA)
    /* ASN sig helpers */
    WOLFSSL_LOCAL int StoreECC_DSA_Sig(byte* out, word32* outLen, mp_int* r,
                                      mp_int* s);
@@ -1270,8 +1270,6 @@ WOLFSSL_LOCAL int FlattenAltNames( byte*, word32, const DNS_entry*);
        const byte* r, word32 rLen, const byte* s, word32 sLen);
    WOLFSSL_LOCAL int DecodeECC_DSA_Sig_Bin(const byte* sig, word32 sigLen, 
        byte* r, word32* rLen, byte* s, word32* sLen);
 #endif
 #if defined(HAVE_ECC) || !defined(NO_DSA)
    WOLFSSL_LOCAL int DecodeECC_DSA_Sig(const byte* sig, word32 sigLen,
                                       mp_int* r, mp_int* s);
 #endif