diff --git a/src/ssl.c b/src/ssl.c index 5caf7fafa..02560a877 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -20865,6 +20865,14 @@ void wolfSSL_RSA_free(WOLFSSL_RSA* rsa) wolfSSL_BN_free(rsa->d); wolfSSL_BN_free(rsa->e); wolfSSL_BN_free(rsa->n); + + #ifdef WC_RSA_BLINDING + if (wc_FreeRng(rsa->rng) != 0) { + WOLFSSL_MSG("Issue freeing rng"); + } + XFREE(rsa->rng, NULL, DYNAMIC_TYPE_RNG); + #endif + InitwolfSSL_Rsa(rsa); /* set back to NULLs for safety */ XFREE(rsa, NULL, DYNAMIC_TYPE_RSA); @@ -21499,6 +21507,71 @@ int wolfSSL_RSA_private_decrypt(int len, const unsigned char* fr, return ret; } + +/* RSA private encrypt calls wc_RsaSSL_Sign. Similar function set up as RSA + * public decrypt. + * + * len Length of input buffer + * in Input buffer to sign + * out Output buffer (expected to be greater than or equal to RSA key size) + * rsa Key to use for encryption + * padding Type of RSA padding to use. + */ +int wolfSSL_RSA_private_encrypt(int len, unsigned char* in, + unsigned char* out, WOLFSSL_RSA* rsa, int padding) +{ + int sz = 0; + WC_RNG* rng; + RsaKey* key; + + WOLFSSL_MSG("wolfSSL_RSA_private_encrypt"); + + if (len < 0 || rsa == NULL || rsa->internal == NULL || in == NULL) { + WOLFSSL_MSG("Bad function arguments"); + return 0; + } + + if (padding != RSA_PKCS1_PADDING) { + WOLFSSL_MSG("wolfSSL_RSA_private_encrypt unsupported padding"); + return 0; + } + + if (rsa->inSet == 0) + { + WOLFSSL_MSG("Setting internal RSA structure"); + + if (SetRsaInternal(rsa) != SSL_SUCCESS) { + WOLFSSL_MSG("SetRsaInternal failed"); + return 0; + } + } + + key = (RsaKey*)rsa->internal; + #ifdef WC_RSA_BLINDING + rng = key->rng; + #else + if (wc_InitRng_ex(rng, key->heap) != 0) { + WOLFSSL_MSG("Error with random number"); + return SSL_FATAL_ERROR; + } + #endif + + /* size of output buffer must be size of RSA key */ + sz = wc_RsaSSL_Sign(in, (word32)len, out, wolfSSL_RSA_size(rsa), key, rng); + #ifndef WC_RSA_BLINDING + if (wc_FreeRng(rng) != 0) { + WOLFSSL_MSG("Error freeing random number generator"); + return SSL_FATAL_ERROR; + } + #endif + if (sz <= 0) { + WOLFSSL_LEAVE("wolfSSL_RSA_private_encrypt", sz); + return 0; + } + + return sz; +} + /* return compliant with OpenSSL * RSA modulus size in bytes, -1 if error */ @@ -25436,6 +25509,42 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) #ifdef OPENSSL_EXTRA /*Lighttp compatibility*/ #ifndef NO_CERTS + void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME *name){ + WOLFSSL_ENTER("wolfSSL_X509_NAME_free"); + FreeX509Name(name, NULL); + XFREE(name, NULL, DYNAMIC_TYPE_X509); + } + + + /* Malloc's a new WOLFSSL_X509_NAME structure + * + * returns NULL on failure, otherwise returns a new structure. + */ + WOLFSSL_X509_NAME* wolfSSL_X509_NAME_new() + { + WOLFSSL_X509_NAME* name; + + WOLFSSL_ENTER("wolfSSL_X509_NAME_new"); + + name = XMALLOC(sizeof(WOLFSSL_X509_NAME), NULL, DYNAMIC_TYPE_X509); + if (name != NULL) { + InitX509Name(name, 1); + } + return name; + } + + + int wolfSSL_X509_NAME_cmp(const WOLFSSL_X509_NAME* x, + const WOLFSSL_X509_NAME* y) + { + WOLFSSL_STUB("wolfSSL_X509_NAME_cmp"); + if (x == NULL || y == NULL) { + WOLFSSL_MSG("Bad argument passed in"); + } + + return 0; + } + WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u) { @@ -25637,13 +25746,6 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) (void)set; return SSL_SUCCESS; } - - void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME* name) - { - WOLFSSL_ENTER("wolfSSL_X509_NAME_free"); - FreeX509Name(name, NULL); - XFREE(name, NULL, DYNAMIC_TYPE_X509); - } #endif /* ifndef NO_CERTS */ diff --git a/wolfssl/openssl/rsa.h b/wolfssl/openssl/rsa.h index 650fe1e57..01b603c70 100644 --- a/wolfssl/openssl/rsa.h +++ b/wolfssl/openssl/rsa.h @@ -45,7 +45,9 @@ typedef struct WOLFSSL_RSA WOLFSSL_RSA; typedef WOLFSSL_RSA RSA; struct WOLFSSL_RSA { - void* heap; +#ifdef WC_RSA_BLINDING + WC_RNG* rng; /* for PrivateDecrypt blinding */ +#endif WOLFSSL_BIGNUM* n; WOLFSSL_BIGNUM* e; WOLFSSL_BIGNUM* d; @@ -54,6 +56,7 @@ struct WOLFSSL_RSA { WOLFSSL_BIGNUM* dmp1; /* dP */ WOLFSSL_BIGNUM* dmq1; /* dQ */ WOLFSSL_BIGNUM* iqmp; /* u */ + void* heap; void* internal; /* our RSA */ char inSet; /* internal set from external ? */ char exSet; /* external set from internal ? */ @@ -69,9 +72,11 @@ WOLFSSL_API int wolfSSL_RSA_generate_key_ex(WOLFSSL_RSA*, int bits, WOLFSSL_BIGN WOLFSSL_API int wolfSSL_RSA_blinding_on(WOLFSSL_RSA*, WOLFSSL_BN_CTX*); WOLFSSL_API int wolfSSL_RSA_public_encrypt(int len, const unsigned char* fr, - unsigned char* to, WOLFSSL_RSA*, int padding); + unsigned char* to, WOLFSSL_RSA*, int padding); WOLFSSL_API int wolfSSL_RSA_private_decrypt(int len, const unsigned char* fr, - unsigned char* to, WOLFSSL_RSA*, int padding); + unsigned char* to, WOLFSSL_RSA*, int padding); +WOLFSSL_API int wolfSSL_RSA_private_encrypt(int len, unsigned char* in, + unsigned char* out, WOLFSSL_RSA* rsa, int padding); WOLFSSL_API int wolfSSL_RSA_size(const WOLFSSL_RSA*); WOLFSSL_API int wolfSSL_RSA_sign(int type, const unsigned char* m, @@ -100,6 +105,7 @@ WOLFSSL_API int wolfSSL_RSA_LoadDer_ex(WOLFSSL_RSA*, const unsigned char*, int s #define RSA_blinding_on wolfSSL_RSA_blinding_on #define RSA_public_encrypt wolfSSL_RSA_public_encrypt #define RSA_private_decrypt wolfSSL_RSA_private_decrypt +#define RSA_private_encrypt wolfSSL_RSA_private_encrypt #define RSA_size wolfSSL_RSA_size #define RSA_sign wolfSSL_RSA_sign diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 67b5b78ac..ea8335812 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -525,9 +525,11 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; /* yassl had set the default to be 500 */ #define SSL_get_default_timeout(ctx) 500 +#define X509_NAME_free wolfSSL_X509_NAME_free +#define X509_NAME_new wolfSSL_X509_NAME_new + typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; -#define X509_NAME_free wolfSSL_X509_NAME_free #define SSL_CTX_use_certificate wolfSSL_CTX_use_certificate #define SSL_CTX_use_PrivateKey wolfSSL_CTX_use_PrivateKey #define BIO_read_filename wolfSSL_BIO_read_filename diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 1294cc285..8554b8511 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -2400,6 +2400,10 @@ WOLFSSL_API WOLFSSL_X509_NAME_ENTRY* wolfSSL_X509_NAME_ENTRY_create_by_NID( unsigned char* data, int dataSz); WOLFSSL_API int wolfSSL_X509_NAME_add_entry(WOLFSSL_X509_NAME* name, WOLFSSL_X509_NAME_ENTRY* entry, int idx, int set); +WOLFSSL_API int wolfSSL_X509_NAME_cmp(const WOLFSSL_X509_NAME* x, + const WOLFSSL_X509_NAME* y); +WOLFSSL_API void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME *name); +WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_NAME_new(void); WOLFSSL_API int wolfSSL_check_private_key(const WOLFSSL* ssl); WOLFSSL_API void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c, int* idx); @@ -2477,7 +2481,6 @@ struct WOLFSSL_X509_NAME_ENTRY { || defined(OPENSSL_EXTRA) WOLFSSL_API void wolfSSL_X509_NAME_ENTRY_free(WOLFSSL_X509_NAME_ENTRY* ne); WOLFSSL_API WOLFSSL_X509_NAME_ENTRY* wolfSSL_X509_NAME_ENTRY_new(void); -WOLFSSL_API void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME *name); WOLFSSL_API char wolfSSL_CTX_use_certificate(WOLFSSL_CTX *ctx, WOLFSSL_X509 *x); WOLFSSL_API int wolfSSL_BIO_read_filename(WOLFSSL_BIO *b, const char *name); /* These are to be merged shortly */