diff --git a/src/ssl.c b/src/ssl.c index e859db143..609d368b8 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -33617,9 +33617,31 @@ int wolfSSL_DH_set0_pqg(WOLFSSL_DH *dh, WOLFSSL_BIGNUM *p, return WOLFSSL_SUCCESS; } + #endif /* v1.1.0 or later */ #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ +/** + * retrive p, q and g parameter + * @param dh a pointer to WOLFSSL_DH + * @param p a pointer to WOLFSSL_BIGNUM to be obtained dh + * @param q a pointer to WOLFSSL_BIGNUM to be obtained dh + * @param q a pointer to WOLFSSL_BIGNUM to be obtained dh + */ +void wolfSSL_DH_get0_pqg(WOLFSSL_DH *dh, WOLFSSL_BIGNUM **p, + WOLFSSL_BIGNUM **q, WOLFSSL_BIGNUM **g) +{ + WOLFSSL_ENTER("wolfSSL_DH_get0_pqg"); + if (dh == NULL) + return; + + if (p != NULL) + *p = dh->p; + if (q != NULL) + *q = dh->q; + if (g != NULL) + *g = dh->g; +} #endif /* NO_DH */ #endif /* OPENSSL_EXTRA */ diff --git a/tests/api.c b/tests/api.c index a7b0acfe1..e6b202934 100644 --- a/tests/api.c +++ b/tests/api.c @@ -1617,7 +1617,64 @@ static void test_wolfSSL_CTX_SetTmpDH_buffer(void) wolfSSL_CTX_free(ctx); #endif } +static void test_wolfSSL_DH_get0_pqg(void) +{ +#if defined(OPENSSL_EXTRA) + DH *dh = NULL; + BIGNUM* p; + BIGNUM* q; + BIGNUM* g; +#if defined(OPENSSL_ALL) + FILE* f = NULL; + unsigned char buf[4096]; + const unsigned char* pt = buf; + long len = 0; +#endif + printf(testingFmt, "test_wolfSSL_DH_get0_pqg"); + + /* invalid parameters test */ + DH_get0_pqg(NULL, &p, &q, &g); + DH_get0_pqg(dh, NULL, &q, &g); + DH_get0_pqg(dh, NULL, NULL, &g); + DH_get0_pqg(dh, NULL, NULL, NULL); + AssertTrue(1); + + dh = wolfSSL_DH_new(); + AssertNotNull(dh); + + DH_get0_pqg(dh, &p, &q, &g); + AssertPtrEq(p, NULL); + AssertPtrEq(q, NULL); + AssertPtrEq(g, NULL); + DH_free(dh); + +#if defined(OPENSSL_ALL) + dh = NULL; + XMEMSET(buf, 0, sizeof(buf)); + /* Test 2048 bit parameters */ + f = XFOPEN("./certs/dh2048.der", "rb"); + AssertTrue(f != XBADFILE); + len = (long)XFREAD(buf, 1, sizeof(buf), f); + XFCLOSE(f); + + AssertNotNull(dh = d2i_DHparams(NULL, &pt, len)); + AssertNotNull(dh->p); + AssertNotNull(dh->p); + AssertTrue(pt != buf); + AssertIntEQ(DH_generate_key(dh), WOLFSSL_SUCCESS); + + DH_get0_pqg(dh, &p, &q, &g); + + AssertPtrEq(p, dh->p); + AssertPtrEq(q, dh->q); + AssertPtrEq(g, dh->g); + DH_free(dh); +#endif + + printf(resultFmt, passed); +#endif +} static void test_wolfSSL_CTX_SetMinMaxDhKey_Sz(void) { #if !defined(NO_CERTS) && !defined(NO_DH) @@ -42637,6 +42694,7 @@ void ApiTest(void) test_wolfSSL_SetMinMaxDhKey_Sz(); test_SetTmpEC_DHE_Sz(); test_wolfSSL_dtls_set_mtu(); + test_wolfSSL_DH_get0_pqg(); #if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \ defined(HAVE_IO_TESTS_DEPENDENCIES) test_wolfSSL_read_write(); diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index bf0fe1201..4ed6d147c 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -4028,6 +4028,8 @@ WOLFSSL_API void *wolfSSL_OPENSSL_memdup(const void *data, size_t siz, const char* file, int line); WOLFSSL_API void wolfSSL_OPENSSL_cleanse(void *ptr, size_t len); WOLFSSL_API void wolfSSL_ERR_load_BIO_strings(void); +WOLFSSL_API void wolfSSL_DH_get0_pqg(WOLFSSL_DH* dh, WOLFSSL_BIGNUM** p, + WOLFSSL_BIGNUM** q, WOLFSSL_BIGNUM** g); #endif #if defined(HAVE_OCSP) && !defined(NO_ASN_TIME)