forked from wolfSSL/wolfssl
* Refactor of DH key and param exports code (moved into asn.c) enabled with WOLFSSL_DH_EXTRA
.
* Cleanup `WOLFSSL_DH_EXTRA` macro logic and do not allow with FIPS v1 or v2. * Fixes for httpd (if `SSL_CONF_FLAG_FILE` is defined it is used to indicate support for `SSL_CONF_CTX_set_flags` and `SSL_CONF_cmd_value_type`). * Add Curve448 and ED448 key type to `enum wc_PkType`. * Expand `dh_ffdhe_test` to include 4096 bit.
This commit is contained in:
273
src/ssl.c
273
src/ssl.c
@ -45705,274 +45705,7 @@ end:
|
||||
}
|
||||
#endif /* !NO_BIO */
|
||||
|
||||
#ifndef NO_FILESYSTEM
|
||||
#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH)
|
||||
/* Convert DH key parameters to DER format, write to output (outSz)
|
||||
* If output is NULL then max expected size is set to outSz and LENGTH_ONLY_E is
|
||||
* returned.
|
||||
*
|
||||
* Note : static function due to redefinition complications with DhKey and FIPS
|
||||
* version 2 build.
|
||||
*
|
||||
* return bytes written on success */
|
||||
int wc_DhParamsToDer(DhKey* key, byte* out, word32* outSz)
|
||||
{
|
||||
word32 sz = 0, idx = 0;
|
||||
int pSz = 0, gSz = 0, ret;
|
||||
byte scratch[MAX_LENGTH_SZ];
|
||||
|
||||
if (key == NULL || outSz == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
pSz = mp_unsigned_bin_size(&key->p);
|
||||
if (pSz < 0) {
|
||||
return pSz;
|
||||
}
|
||||
if (mp_leading_bit(&key->p)) {
|
||||
pSz++;
|
||||
}
|
||||
|
||||
gSz = mp_unsigned_bin_size(&key->g);
|
||||
if (gSz < 0) {
|
||||
return gSz;
|
||||
}
|
||||
if (mp_leading_bit(&key->g)) {
|
||||
gSz++;
|
||||
}
|
||||
|
||||
sz = ASN_TAG_SZ; /* Integer */
|
||||
sz += SetLength(pSz, scratch);
|
||||
sz += ASN_TAG_SZ; /* Integer */
|
||||
sz += SetLength(gSz, scratch);
|
||||
sz += gSz + pSz;
|
||||
|
||||
if (out == NULL) {
|
||||
byte seqScratch[MAX_SEQ_SZ];
|
||||
|
||||
*outSz = sz + SetSequence(sz, seqScratch);
|
||||
return LENGTH_ONLY_E;
|
||||
}
|
||||
|
||||
if (*outSz < MAX_SEQ_SZ || *outSz < sz) {
|
||||
return BUFFER_E;
|
||||
}
|
||||
|
||||
idx += SetSequence(sz, out);
|
||||
if (*outSz < idx + sz) {
|
||||
return BUFFER_E;
|
||||
}
|
||||
|
||||
out[idx++] = ASN_INTEGER;
|
||||
idx += SetLength(pSz, out + idx);
|
||||
if (mp_leading_bit(&key->p)) {
|
||||
out[idx++] = 0x00;
|
||||
pSz -= 1; /* subtract 1 from size to account for leading 0 */
|
||||
}
|
||||
ret = mp_to_unsigned_bin(&key->p, out + idx);
|
||||
if (ret != MP_OKAY) {
|
||||
return BUFFER_E;
|
||||
}
|
||||
idx += pSz;
|
||||
|
||||
out[idx++] = ASN_INTEGER;
|
||||
idx += SetLength(gSz, out + idx);
|
||||
if (mp_leading_bit(&key->g)) {
|
||||
out[idx++] = 0x00;
|
||||
gSz -= 1; /* subtract 1 from size to account for leading 0 */
|
||||
}
|
||||
ret = mp_to_unsigned_bin(&key->g, out + idx);
|
||||
if (ret != MP_OKAY) {
|
||||
return BUFFER_E;
|
||||
}
|
||||
idx += gSz;
|
||||
return idx;
|
||||
}
|
||||
|
||||
#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
|
||||
int wc_DhPubKeyToDer(DhKey* key, byte* out, word32* outSz)
|
||||
{
|
||||
word32 sz = 0;
|
||||
word32 paramSz = 0;
|
||||
int ret;
|
||||
int pubSz = 0;
|
||||
int idx = 0;
|
||||
byte scratch[MAX_ALGO_SZ];
|
||||
|
||||
/* Get size of entire key */
|
||||
|
||||
/* SEQUENCE <--| SetAlgoId
|
||||
* OBJECT IDENTIFIER <--|
|
||||
* SEQUENCE <--
|
||||
* INTEGER | wc_DhParamsToDer
|
||||
* INTEGER <--
|
||||
*/
|
||||
ret = wc_DhParamsToDer(key, NULL, ¶mSz);
|
||||
if (ret != LENGTH_ONLY_E)
|
||||
return ASN_PARSE_E;
|
||||
sz += paramSz;
|
||||
sz += SetAlgoID(DHk, scratch, oidKeyType, paramSz);
|
||||
|
||||
/* BIT STRING
|
||||
* INTEGER
|
||||
*/
|
||||
pubSz = mp_unsigned_bin_size(&key->pub);
|
||||
if (pubSz < 0)
|
||||
return pubSz;
|
||||
|
||||
if (mp_leading_bit(&key->pub))
|
||||
pubSz++;
|
||||
|
||||
sz += ASN_TAG_SZ; /* Integer */
|
||||
sz += SetLength(pubSz, scratch);
|
||||
sz += pubSz;
|
||||
|
||||
sz += SetBitString(pubSz, 0, scratch);
|
||||
|
||||
if (out == NULL) {
|
||||
/* Uppermost SEQUENCE */
|
||||
*outSz = sz + SetSequence(sz, scratch);
|
||||
return LENGTH_ONLY_E;
|
||||
}
|
||||
/* end get size of entire key */
|
||||
|
||||
/* Check for indexing errors */
|
||||
if (*outSz < MAX_SEQ_SZ || *outSz < sz) {
|
||||
return BUFFER_E;
|
||||
}
|
||||
|
||||
/* Build Up Entire Key */
|
||||
|
||||
idx += SetSequence(sz, out);
|
||||
|
||||
idx += SetAlgoID(DHk, out+idx, oidKeyType, paramSz);
|
||||
ret = wc_DhParamsToDer(key, out+idx, ¶mSz);
|
||||
if (ret < 0)
|
||||
return ret;
|
||||
idx += ret;
|
||||
|
||||
/* BIT STRING
|
||||
* INTEGER
|
||||
*/
|
||||
idx += SetBitString(pubSz, 0, out+idx);
|
||||
|
||||
out[idx++] = ASN_INTEGER;
|
||||
idx += SetLength(pubSz, out + idx);
|
||||
if (mp_leading_bit(&key->pub)) {
|
||||
out[idx++] = 0x00;
|
||||
pubSz -= 1; /* subtract 1 from size to account for leading 0 */
|
||||
}
|
||||
ret = mp_to_unsigned_bin(&key->pub, out + idx);
|
||||
if (ret != MP_OKAY) {
|
||||
return BUFFER_E;
|
||||
}
|
||||
idx += pubSz;
|
||||
|
||||
return idx;
|
||||
}
|
||||
|
||||
int wc_DhPrivKeyToDer(DhKey* key, byte* out, word32* outSz)
|
||||
{
|
||||
word32 sz = 0;
|
||||
word32 paramSz = 0;
|
||||
int ret;
|
||||
int privSz = 0;
|
||||
int idx = 0;
|
||||
byte scratch[MAX_ALGO_SZ];
|
||||
|
||||
/* Get size of entire key */
|
||||
|
||||
/* INTEGER 0 */
|
||||
sz += ASN_TAG_SZ; /* Integer */
|
||||
sz += SetLength(1, scratch);
|
||||
sz += 1;
|
||||
|
||||
/* SEQUENCE <--| SetAlgoId
|
||||
* OBJECT IDENTIFIER <--|
|
||||
* SEQUENCE <--
|
||||
* INTEGER | wc_DhParamsToDer
|
||||
* INTEGER <--
|
||||
*/
|
||||
ret = wc_DhParamsToDer(key, NULL, ¶mSz);
|
||||
if (ret != LENGTH_ONLY_E)
|
||||
return ASN_PARSE_E;
|
||||
sz += paramSz;
|
||||
sz += SetAlgoID(DHk, scratch, oidKeyType, paramSz);
|
||||
|
||||
/* OCTET STRING
|
||||
* INTEGER
|
||||
*/
|
||||
privSz = mp_unsigned_bin_size(&key->priv);
|
||||
if (privSz < 0)
|
||||
return privSz;
|
||||
else if (privSz > 256) /* Key is larger than 2048 */
|
||||
return ASN_VERSION_E;
|
||||
|
||||
if (mp_leading_bit(&key->priv))
|
||||
privSz++;
|
||||
|
||||
sz += ASN_TAG_SZ; /* Integer */
|
||||
sz += SetLength(privSz, scratch);
|
||||
sz += privSz;
|
||||
|
||||
sz += SetOctetString(privSz + ASN_OCTET_STRING, scratch);
|
||||
|
||||
if (out == NULL) {
|
||||
/* Uppermost SEQUENCE */
|
||||
*outSz = sz + SetSequence(sz, scratch);
|
||||
return LENGTH_ONLY_E;
|
||||
}
|
||||
/* end get size of entire key */
|
||||
|
||||
/* Check for indexing errors */
|
||||
if (*outSz < MAX_SEQ_SZ || *outSz < sz) {
|
||||
return BUFFER_E;
|
||||
}
|
||||
|
||||
/* Build Up Entire Key */
|
||||
|
||||
idx += SetSequence(sz, out);
|
||||
|
||||
/* INTEGER 0 */
|
||||
out[idx++] = ASN_INTEGER;
|
||||
idx += SetLength(1, out+idx);
|
||||
out[idx++] = 0;
|
||||
|
||||
idx += SetAlgoID(DHk, out+idx, oidKeyType, paramSz);
|
||||
ret = wc_DhParamsToDer(key, out+idx, ¶mSz);
|
||||
if (ret < 0)
|
||||
return ret;
|
||||
idx += ret;
|
||||
|
||||
/* OCTET STRING
|
||||
* INTEGER
|
||||
*/
|
||||
if (privSz == 256) {
|
||||
idx += SetOctetString(privSz + ASN_OCTET_STRING, out+idx);
|
||||
} else if (privSz == 128) {
|
||||
idx += SetOctetString(privSz + ASN_OCTET_STRING-1, out+idx);
|
||||
} else if (privSz == 64) {
|
||||
idx += SetOctetString(privSz + ASN_OCTET_STRING-2, out+idx);
|
||||
} else {
|
||||
WOLFSSL_MSG("Unsupported key size");
|
||||
return ASN_VERSION_E;
|
||||
}
|
||||
|
||||
out[idx++] = ASN_INTEGER;
|
||||
idx += SetLength(privSz, out + idx);
|
||||
if (mp_leading_bit(&key->priv)) {
|
||||
out[idx++] = 0x00;
|
||||
privSz -= 1; /* subtract 1 from size to account for leading 0 */
|
||||
}
|
||||
ret = mp_to_unsigned_bin(&key->priv, out + idx);
|
||||
if (ret != MP_OKAY) {
|
||||
return BUFFER_E;
|
||||
}
|
||||
idx += privSz;
|
||||
|
||||
return idx;
|
||||
}
|
||||
|
||||
#if defined(WOLFSSL_DH_EXTRA) && !defined(NO_FILESYSTEM)
|
||||
/* Writes the DH parameters in PEM format from "dh" out to the file pointer
|
||||
* passed in.
|
||||
*
|
||||
@ -46055,9 +45788,7 @@ int wolfSSL_PEM_write_DHparams(XFILE fp, WOLFSSL_DH* dh)
|
||||
WOLFSSL_LEAVE("wolfSSL_PEM_write_DHparams", WOLFSSL_SUCCESS);
|
||||
return WOLFSSL_SUCCESS;
|
||||
}
|
||||
#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
|
||||
#endif /* WOLFSSL_QT || OPENSSL_ALL */
|
||||
#endif /* !NO_FILESYSTEM */
|
||||
#endif /* WOLFSSL_DH_EXTRA && !NO_FILESYSTEM */
|
||||
#endif /* !NO_DH */
|
||||
|
||||
#ifndef NO_BIO
|
||||
|
44
tests/api.c
44
tests/api.c
@ -27717,7 +27717,8 @@ static void test_wolfSSL_tmp_dh(void)
|
||||
int bytes;
|
||||
DSA* dsa;
|
||||
DH* dh;
|
||||
#if !defined(NO_DH) && (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH))
|
||||
#if defined(WOLFSSL_DH_EXTRA) && \
|
||||
(defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH))
|
||||
DH* dh2;
|
||||
#endif
|
||||
BIO* bio;
|
||||
@ -27748,7 +27749,8 @@ static void test_wolfSSL_tmp_dh(void)
|
||||
|
||||
dh = wolfSSL_DSA_dup_DH(dsa);
|
||||
AssertNotNull(dh);
|
||||
#if !defined(NO_DH) && (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH))
|
||||
#if defined(WOLFSSL_DH_EXTRA) && \
|
||||
(defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH))
|
||||
AssertNotNull(dh2 = wolfSSL_DH_dup(dh));
|
||||
#endif
|
||||
|
||||
@ -27762,7 +27764,8 @@ static void test_wolfSSL_tmp_dh(void)
|
||||
BIO_free(bio);
|
||||
DSA_free(dsa);
|
||||
DH_free(dh);
|
||||
#if !defined(NO_DH) && (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH))
|
||||
#if defined(WOLFSSL_DH_EXTRA) && \
|
||||
(defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH))
|
||||
DH_free(dh2);
|
||||
#endif
|
||||
SSL_free(ssl);
|
||||
@ -34493,10 +34496,8 @@ static void test_wolfSSL_DH_1536_prime(void)
|
||||
|
||||
static void test_wolfSSL_PEM_write_DHparams(void)
|
||||
{
|
||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
|
||||
#if defined(OPENSSL_EXTRA) && !defined(NO_DH) && !defined(NO_FILESYSTEM)
|
||||
#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
|
||||
#ifndef NO_BIO
|
||||
#if defined(OPENSSL_EXTRA) && !defined(NO_BIO) && \
|
||||
!defined(NO_DH) && defined(WOLFSSL_DH_EXTRA) && !defined(NO_FILESYSTEM)
|
||||
DH* dh;
|
||||
BIO* bio;
|
||||
XFILE fp;
|
||||
@ -34536,9 +34537,6 @@ tgZl96bcAGdru8OpQYP7x/rI4h5+rwA/kwIBAg==\n\
|
||||
XFCLOSE(fp);
|
||||
|
||||
printf(resultFmt, passed);
|
||||
#endif /* !NO_BIO */
|
||||
#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
|
||||
#endif /* OPENSSL_ALL || OPENSSL_QT */
|
||||
#endif
|
||||
}
|
||||
|
||||
@ -36247,8 +36245,9 @@ static void test_wolfSSL_EVP_PKEY_set1_get1_EC_KEY (void)
|
||||
|
||||
static void test_wolfSSL_EVP_PKEY_set1_get1_DH (void)
|
||||
{
|
||||
#if !defined(NO_DH)
|
||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || defined(WOLFSSL_OPENSSH)
|
||||
#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
|
||||
#if !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA) && !defined(NO_FILESYSTEM)
|
||||
DH *dh = NULL;
|
||||
DH *setDh = NULL;
|
||||
EVP_PKEY *pkey = NULL;
|
||||
@ -36291,8 +36290,9 @@ static void test_wolfSSL_EVP_PKEY_set1_get1_DH (void)
|
||||
DH_free(setDh);
|
||||
DH_free(dh);
|
||||
printf(resultFmt, passed);
|
||||
#endif /* !NO_DH && WOLFSSL_DH_EXTRA && !NO_FILESYSTEM */
|
||||
#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
|
||||
#endif /* NO_DH */
|
||||
#endif /* OPENSSL_ALL || WOLFSSL_QT || WOLFSSL_OPENSSH */
|
||||
} /* END test_EVP_PKEY_set1_get1_DH */
|
||||
|
||||
static void test_wolfSSL_CTX_ctrl(void)
|
||||
@ -37366,9 +37366,8 @@ static void test_wolfSSL_QT_EVP_PKEY_CTX_free(void)
|
||||
static void test_wolfSSL_EVP_PKEY_param_check(void)
|
||||
{
|
||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
|
||||
#if !defined(NO_DH) && !defined(NO_FILESYSTEM)
|
||||
#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) \
|
||||
&& (HAVE_FIPS_VERSION>2))
|
||||
#if !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA) && !defined(NO_FILESYSTEM)
|
||||
|
||||
DH *dh = NULL;
|
||||
DH *setDh = NULL;
|
||||
EVP_PKEY *pkey = NULL;
|
||||
@ -37415,7 +37414,6 @@ static void test_wolfSSL_EVP_PKEY_param_check(void)
|
||||
printf(resultFmt, passed);
|
||||
#endif
|
||||
#endif
|
||||
#endif
|
||||
}
|
||||
static void test_wolfSSL_EVP_BytesToKey(void)
|
||||
{
|
||||
@ -38408,16 +38406,18 @@ static void test_wolfSSL_OCSP_resp_get0(void)
|
||||
|
||||
static void test_wolfSSL_EVP_PKEY_derive(void)
|
||||
{
|
||||
#if defined(OPENSSL_ALL) && !defined(NO_DH)
|
||||
printf(testingFmt, "wolfSSL_EVP_PKEY_derive()");
|
||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || defined(WOLFSSL_OPENSSH)
|
||||
#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
|
||||
#if (!defined(NO_DH) && defined(WOLFSSL_DH_EXTRA)) || defined(HAVE_ECC)
|
||||
|
||||
printf(testingFmt, "wolfSSL_EVP_PKEY_derive()");
|
||||
EVP_PKEY_CTX *ctx;
|
||||
unsigned char *skey;
|
||||
size_t skeylen;
|
||||
EVP_PKEY *pkey, *peerkey;
|
||||
const unsigned char* key;
|
||||
|
||||
#ifndef NO_DH
|
||||
#if !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA)
|
||||
/* DH */
|
||||
key = dh_key_der_2048;
|
||||
AssertNotNull((pkey = d2i_PrivateKey(EVP_PKEY_DH, NULL, &key,
|
||||
@ -38460,9 +38460,11 @@ static void test_wolfSSL_EVP_PKEY_derive(void)
|
||||
EVP_PKEY_free(pkey);
|
||||
XFREE(skey, NULL, DYNAMIC_TYPE_OPENSSL);
|
||||
#endif /* HAVE_ECC */
|
||||
#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
|
||||
|
||||
printf(resultFmt, "passed");
|
||||
#endif /* OPENSSL_ALL */
|
||||
#endif /* (!NO_DH && WOLFSSL_DH_EXTRA) || HAVE_ECC */
|
||||
#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
|
||||
#endif /* OPENSSL_ALL || WOLFSSL_QT || WOLFSSL_OPENSSH */
|
||||
}
|
||||
|
||||
#ifndef NO_RSA
|
||||
|
@ -684,6 +684,7 @@ int SetASNInt(int len, byte firstByte, byte* output)
|
||||
|
||||
#if !defined(NO_DSA) || defined(HAVE_ECC) || (defined(WOLFSSL_CERT_GEN) && \
|
||||
!defined(NO_RSA)) || ((defined(WOLFSSL_KEY_GEN) || \
|
||||
(!defined(NO_DH) && defined(WOLFSSL_DH_EXTRA)) || \
|
||||
defined(OPENSSL_EXTRA)) && !defined(NO_RSA) && !defined(HAVE_USER_RSA))
|
||||
/* Set the DER/BER encoding of the ASN.1 INTEGER element with an mp_int.
|
||||
* The number is assumed to be positive.
|
||||
@ -4790,6 +4791,183 @@ int wc_DhKeyDecode(const byte* input, word32* inOutIdx, DhKey* key, word32 inSz)
|
||||
return ret;
|
||||
}
|
||||
|
||||
#ifdef WOLFSSL_DH_EXTRA
|
||||
|
||||
/* Export DH Key (private or public) */
|
||||
int wc_DhKeyToDer(DhKey* key, byte* output, word32* outSz, int exportPriv)
|
||||
{
|
||||
int privSz = 0, pubSz = 0, keySz;
|
||||
word32 idx, total;
|
||||
|
||||
if (key == NULL || outSz == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
/* determine size */
|
||||
if (exportPriv) {
|
||||
/* octect string: priv */
|
||||
privSz = SetASNIntMP(&key->priv, -1, NULL);
|
||||
idx = 1 + SetLength(privSz, NULL) + privSz; /* +1 for ASN_OCTET_STRING */
|
||||
}
|
||||
else {
|
||||
/* bit string: public */
|
||||
pubSz = SetASNIntMP(&key->pub, -1, NULL);
|
||||
idx = 1 + SetLength(pubSz, NULL) + pubSz; /* +1 for ASN_BIT_STRING */
|
||||
}
|
||||
keySz = idx;
|
||||
/* integer - g */
|
||||
idx += SetASNIntMP(&key->g, -1, NULL);
|
||||
/* integer - p */
|
||||
idx += SetASNIntMP(&key->p, -1, NULL);
|
||||
/* sequence */
|
||||
idx += SetSequence(idx, NULL);
|
||||
/* object dhKeyAgreement 1.2.840.113549.1.3.1 */
|
||||
idx += SetObjectId(sizeof(keyDhOid), NULL);
|
||||
idx += sizeof(keyDhOid);
|
||||
/* sequence */
|
||||
idx += SetSequence(idx, NULL);
|
||||
/* version: 0 (ASN_INTEGER, 0x01, 0x00) */
|
||||
idx += 3;
|
||||
/* sequence */
|
||||
total = idx + SetSequence(idx, NULL);
|
||||
|
||||
/* if no output, then just getting size */
|
||||
if (output == NULL) {
|
||||
*outSz = total;
|
||||
return LENGTH_ONLY_E;
|
||||
}
|
||||
|
||||
/* make sure output fits in buffer */
|
||||
if (total > *outSz) {
|
||||
return BUFFER_E;
|
||||
}
|
||||
total = idx;
|
||||
|
||||
/* sequence */
|
||||
idx = SetSequence(total, output);
|
||||
/* version: 0 */
|
||||
idx += SetMyVersion(0, output + idx, 0);
|
||||
/* sequence - all but pub/priv */
|
||||
idx += SetSequence(total - keySz - idx, output + idx);
|
||||
/* object dhKeyAgreement 1.2.840.113549.1.3.1 */
|
||||
idx += SetObjectId(sizeof(keyDhOid), output + idx);
|
||||
XMEMCPY(output + idx, keyDhOid, sizeof(keyDhOid));
|
||||
idx += sizeof(keyDhOid);
|
||||
/* sequence */
|
||||
idx += SetSequence(total - keySz - idx, output + idx);
|
||||
/* integer - p */
|
||||
idx += SetASNIntMP(&key->p, -1, output + idx);
|
||||
/* integer - g */
|
||||
idx += SetASNIntMP(&key->g, -1, output + idx);
|
||||
/* octect string: priv */
|
||||
if (exportPriv) {
|
||||
idx += SetOctetString(privSz, output + idx);
|
||||
idx += SetASNIntMP(&key->priv, -1, output + idx);
|
||||
}
|
||||
else {
|
||||
/* bit string: public */
|
||||
idx += SetBitString(pubSz, 0, output + idx);
|
||||
idx += SetASNIntMP(&key->pub, -1, output + idx);
|
||||
}
|
||||
*outSz = idx;
|
||||
|
||||
return idx;
|
||||
}
|
||||
|
||||
int wc_DhPubKeyToDer(DhKey* key, byte* out, word32* outSz)
|
||||
{
|
||||
return wc_DhKeyToDer(key, out, outSz, 0);
|
||||
}
|
||||
int wc_DhPrivKeyToDer(DhKey* key, byte* out, word32* outSz)
|
||||
{
|
||||
return wc_DhKeyToDer(key, out, outSz, 1);
|
||||
}
|
||||
|
||||
|
||||
/* Convert DH key parameters to DER format, write to output (outSz)
|
||||
* If output is NULL then max expected size is set to outSz and LENGTH_ONLY_E is
|
||||
* returned.
|
||||
*
|
||||
* Note : static function due to redefinition complications with DhKey and FIPS
|
||||
* version 2 build.
|
||||
*
|
||||
* return bytes written on success */
|
||||
int wc_DhParamsToDer(DhKey* key, byte* out, word32* outSz)
|
||||
{
|
||||
word32 sz = 0, idx = 0;
|
||||
int pSz = 0, gSz = 0, ret;
|
||||
byte scratch[MAX_LENGTH_SZ];
|
||||
|
||||
if (key == NULL || outSz == NULL) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
pSz = mp_unsigned_bin_size(&key->p);
|
||||
if (pSz < 0) {
|
||||
return pSz;
|
||||
}
|
||||
if (mp_leading_bit(&key->p)) {
|
||||
pSz++;
|
||||
}
|
||||
|
||||
gSz = mp_unsigned_bin_size(&key->g);
|
||||
if (gSz < 0) {
|
||||
return gSz;
|
||||
}
|
||||
if (mp_leading_bit(&key->g)) {
|
||||
gSz++;
|
||||
}
|
||||
|
||||
sz = ASN_TAG_SZ; /* Integer */
|
||||
sz += SetLength(pSz, scratch);
|
||||
sz += ASN_TAG_SZ; /* Integer */
|
||||
sz += SetLength(gSz, scratch);
|
||||
sz += gSz + pSz;
|
||||
|
||||
if (out == NULL) {
|
||||
byte seqScratch[MAX_SEQ_SZ];
|
||||
|
||||
*outSz = sz + SetSequence(sz, seqScratch);
|
||||
return LENGTH_ONLY_E;
|
||||
}
|
||||
|
||||
if (*outSz < MAX_SEQ_SZ || *outSz < sz) {
|
||||
return BUFFER_E;
|
||||
}
|
||||
|
||||
idx += SetSequence(sz, out);
|
||||
if (*outSz < idx + sz) {
|
||||
return BUFFER_E;
|
||||
}
|
||||
|
||||
out[idx++] = ASN_INTEGER;
|
||||
idx += SetLength(pSz, out + idx);
|
||||
if (mp_leading_bit(&key->p)) {
|
||||
out[idx++] = 0x00;
|
||||
pSz -= 1; /* subtract 1 from size to account for leading 0 */
|
||||
}
|
||||
ret = mp_to_unsigned_bin(&key->p, out + idx);
|
||||
if (ret != MP_OKAY) {
|
||||
return BUFFER_E;
|
||||
}
|
||||
idx += pSz;
|
||||
|
||||
out[idx++] = ASN_INTEGER;
|
||||
idx += SetLength(gSz, out + idx);
|
||||
if (mp_leading_bit(&key->g)) {
|
||||
out[idx++] = 0x00;
|
||||
gSz -= 1; /* subtract 1 from size to account for leading 0 */
|
||||
}
|
||||
ret = mp_to_unsigned_bin(&key->g, out + idx);
|
||||
if (ret != MP_OKAY) {
|
||||
return BUFFER_E;
|
||||
}
|
||||
idx += gSz;
|
||||
return idx;
|
||||
}
|
||||
|
||||
#endif /* WOLFSSL_DH_EXTRA */
|
||||
|
||||
int wc_DhParamsLoad(const byte* input, word32 inSz, byte* p, word32* pInOutSz,
|
||||
byte* g, word32* gInOutSz)
|
||||
{
|
||||
|
@ -1509,8 +1509,8 @@ int wolfSSL_EVP_PKEY_CTX_ctrl_str(WOLFSSL_EVP_PKEY_CTX *ctx,
|
||||
}
|
||||
#endif /* NO_WOLFSSL_STUB */
|
||||
|
||||
#if !defined(NO_DH) && defined(HAVE_ECC)
|
||||
#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION!=2))
|
||||
#if (!defined(NO_DH) && defined(WOLFSSL_DH_EXTRA)) || defined(HAVE_ECC)
|
||||
#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
|
||||
int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen)
|
||||
{
|
||||
int len;
|
||||
@ -1619,7 +1619,7 @@ int wolfSSL_EVP_PKEY_derive(WOLFSSL_EVP_PKEY_CTX *ctx, unsigned char *key, size_
|
||||
return WOLFSSL_SUCCESS;
|
||||
}
|
||||
#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
|
||||
#endif /* !NO_DH || HAVE_ECC */
|
||||
#endif /* (!NO_DH && WOLFSSL_DH_EXTRA) || HAVE_ECC */
|
||||
|
||||
/* Uses the WOLFSSL_EVP_PKEY_CTX to decrypt a buffer.
|
||||
*
|
||||
@ -2206,16 +2206,13 @@ int wolfSSL_EVP_PKEY_param_check(WOLFSSL_EVP_PKEY_CTX* ctx)
|
||||
int ret;
|
||||
WOLFSSL_DH* dh_key = NULL;
|
||||
|
||||
(void)dh_key;
|
||||
|
||||
/* sanity check */
|
||||
if (ctx == NULL) {
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
type = wolfSSL_EVP_PKEY_type(wolfSSL_EVP_PKEY_base_id(ctx->pkey));
|
||||
|
||||
switch(type) {
|
||||
switch (type) {
|
||||
#if !defined(NO_RSA)
|
||||
case EVP_PKEY_RSA:
|
||||
WOLFSSL_MSG("EVP_PKEY_RSA not yet implemented");
|
||||
@ -2231,10 +2228,8 @@ int wolfSSL_EVP_PKEY_param_check(WOLFSSL_EVP_PKEY_CTX* ctx)
|
||||
WOLFSSL_MSG("EVP_PKEY_DSA not yet implemented");
|
||||
return WOLFSSL_FAILURE;
|
||||
#endif
|
||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
|
||||
#if !defined(NO_DH) && !defined(NO_FILESYSTEM)
|
||||
#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) \
|
||||
&& (HAVE_FIPS_VERSION>2))
|
||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || defined(WOLFSSL_OPENSSH)
|
||||
#if !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA) && !defined(NO_FILESYSTEM)
|
||||
case EVP_PKEY_DH:
|
||||
dh_key = wolfSSL_EVP_PKEY_get1_DH(ctx->pkey);
|
||||
if (dh_key != NULL) {
|
||||
@ -2246,13 +2241,15 @@ int wolfSSL_EVP_PKEY_param_check(WOLFSSL_EVP_PKEY_CTX* ctx)
|
||||
return ret;
|
||||
#endif
|
||||
#endif
|
||||
#endif
|
||||
default:
|
||||
WOLFSSL_MSG("Unknown PKEY type");
|
||||
return WOLFSSL_FAILURE;
|
||||
break;
|
||||
}
|
||||
|
||||
(void)ret;
|
||||
(void)DH_param_check;
|
||||
(void)dh_key;
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
|
||||
/* Initialize structure for signing
|
||||
@ -6334,9 +6331,8 @@ WOLFSSL_EC_KEY* wolfSSL_EVP_PKEY_get1_EC_KEY(WOLFSSL_EVP_PKEY* key)
|
||||
}
|
||||
#endif /* HAVE_ECC */
|
||||
|
||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
|
||||
#if !defined(NO_DH) && !defined(NO_FILESYSTEM)
|
||||
#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
|
||||
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || defined(WOLFSSL_OPENSSH)
|
||||
#if !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA) && !defined(NO_FILESYSTEM)
|
||||
/* with set1 functions the pkey struct does not own the DH structure
|
||||
* Build the following DH Key format from the passed in WOLFSSL_DH
|
||||
* then store in WOLFSSL_EVP_PKEY in DER format.
|
||||
@ -6415,7 +6411,6 @@ int wolfSSL_EVP_PKEY_set1_DH(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_DH *key)
|
||||
|
||||
return WOLFSSL_SUCCESS;
|
||||
}
|
||||
#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
|
||||
|
||||
WOLFSSL_DH* wolfSSL_EVP_PKEY_get0_DH(WOLFSSL_EVP_PKEY* key)
|
||||
{
|
||||
@ -6425,7 +6420,6 @@ WOLFSSL_DH* wolfSSL_EVP_PKEY_get0_DH(WOLFSSL_EVP_PKEY* key)
|
||||
return key->dh;
|
||||
}
|
||||
|
||||
#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
|
||||
WOLFSSL_DH* wolfSSL_EVP_PKEY_get1_DH(WOLFSSL_EVP_PKEY* key)
|
||||
{
|
||||
WOLFSSL_DH* local = NULL;
|
||||
@ -6459,8 +6453,7 @@ WOLFSSL_DH* wolfSSL_EVP_PKEY_get1_DH(WOLFSSL_EVP_PKEY* key)
|
||||
|
||||
return local;
|
||||
}
|
||||
#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
|
||||
#endif /* NO_DH && NO_FILESYSTEM */
|
||||
#endif /* NO_DH && WOLFSSL_DH_EXTRA && NO_FILESYSTEM */
|
||||
|
||||
int wolfSSL_EVP_PKEY_assign(WOLFSSL_EVP_PKEY *pkey, int type, void *key)
|
||||
{
|
||||
|
@ -16271,10 +16271,15 @@ static int dh_test_check_pubvalue(void)
|
||||
|
||||
#if defined(HAVE_FFDHE)
|
||||
|
||||
#ifdef HAVE_FFDHE_3072
|
||||
#define FFDHE_KEY_SIZE (3072/8)
|
||||
#if defined(HAVE_FFDHE_4096)
|
||||
#define MAX_DH_PRIV_SZ 39
|
||||
#define MAX_DH_KEY_SZ 512
|
||||
#elif defined(HAVE_FFDHE_3072)
|
||||
#define MAX_DH_PRIV_SZ 34
|
||||
#define MAX_DH_KEY_SZ 384
|
||||
#else
|
||||
#define FFDHE_KEY_SIZE (2048/8)
|
||||
#define MAX_DH_PRIV_SZ 29
|
||||
#define MAX_DH_KEY_SZ 256
|
||||
#endif
|
||||
|
||||
#ifndef WC_NO_RNG
|
||||
@ -16283,26 +16288,26 @@ static int dh_ffdhe_test(WC_RNG *rng, const DhParams* params)
|
||||
int ret;
|
||||
word32 privSz, pubSz, privSz2, pubSz2;
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
byte *priv = (byte *)XMALLOC(FFDHE_KEY_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
byte *pub = (byte *)XMALLOC(FFDHE_KEY_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
byte *priv2 = (byte *)XMALLOC(FFDHE_KEY_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
byte *pub2 = (byte *)XMALLOC(FFDHE_KEY_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
byte *agree = (byte *)XMALLOC(FFDHE_KEY_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
byte *agree2 = (byte *)XMALLOC(FFDHE_KEY_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
DhKey *key = (DhKey *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
DhKey *key2 = (DhKey *)XMALLOC(sizeof *key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
byte *priv = (byte*)XMALLOC(MAX_DH_PRIV_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
byte *pub = (byte*)XMALLOC(MAX_DH_KEY_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
byte *priv2 = (byte*)XMALLOC(MAX_DH_PRIV_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
byte *pub2 = (byte*)XMALLOC(MAX_DH_KEY_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
byte *agree = (byte*)XMALLOC(MAX_DH_KEY_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
byte *agree2 = (byte*)XMALLOC(MAX_DH_KEY_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
DhKey *key = (DhKey*)XMALLOC(sizeof(*key), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
DhKey *key2 = (DhKey*)XMALLOC(sizeof(*key2), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
#else
|
||||
byte priv[FFDHE_KEY_SIZE];
|
||||
byte pub[FFDHE_KEY_SIZE];
|
||||
byte priv2[FFDHE_KEY_SIZE];
|
||||
byte pub2[FFDHE_KEY_SIZE];
|
||||
byte agree[FFDHE_KEY_SIZE];
|
||||
byte agree2[FFDHE_KEY_SIZE];
|
||||
byte priv[MAX_DH_PRIV_SZ];
|
||||
byte pub[MAX_DH_KEY_SZ];
|
||||
byte priv2[MAX_DH_PRIV_SZ];
|
||||
byte pub2[MAX_DH_KEY_SZ];
|
||||
byte agree[MAX_DH_KEY_SZ];
|
||||
byte agree2[MAX_DH_KEY_SZ];
|
||||
DhKey key[1];
|
||||
DhKey key2[1];
|
||||
#endif
|
||||
word32 agreeSz = FFDHE_KEY_SIZE;
|
||||
word32 agreeSz2 = FFDHE_KEY_SIZE;
|
||||
word32 agreeSz = MAX_DH_KEY_SZ;
|
||||
word32 agreeSz2 = MAX_DH_KEY_SZ;
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
if ((priv == NULL) ||
|
||||
@ -16316,13 +16321,13 @@ static int dh_ffdhe_test(WC_RNG *rng, const DhParams* params)
|
||||
ERROR_OUT(-8050, done);
|
||||
#endif
|
||||
|
||||
pubSz = FFDHE_KEY_SIZE;
|
||||
pubSz2 = FFDHE_KEY_SIZE;
|
||||
privSz = FFDHE_KEY_SIZE;
|
||||
privSz2 = FFDHE_KEY_SIZE;
|
||||
pubSz = MAX_DH_KEY_SZ;
|
||||
pubSz2 = MAX_DH_KEY_SZ;
|
||||
privSz = MAX_DH_PRIV_SZ;
|
||||
privSz2 = MAX_DH_PRIV_SZ;
|
||||
|
||||
XMEMSET(key, 0, sizeof *key);
|
||||
XMEMSET(key2, 0, sizeof *key2);
|
||||
XMEMSET(key, 0, sizeof(*key));
|
||||
XMEMSET(key2, 0, sizeof(*key2));
|
||||
|
||||
ret = wc_InitDhKey_ex(key, HEAP_HINT, devId);
|
||||
if (ret != 0) {
|
||||
@ -16410,17 +16415,17 @@ done:
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
if (priv)
|
||||
XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (pub)
|
||||
XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (priv2)
|
||||
XFREE(priv2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(priv2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (pub2)
|
||||
XFREE(pub2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(pub2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (agree)
|
||||
XFREE(agree, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(agree, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (agree2)
|
||||
XFREE(agree2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
XFREE(agree2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (key) {
|
||||
wc_FreeDhKey(key);
|
||||
XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
@ -16654,17 +16659,41 @@ WOLFSSL_TEST_SUBROUTINE int dh_test(void)
|
||||
|
||||
#if !defined(NO_ASN) && !defined(NO_FILESYSTEM)
|
||||
{
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
byte *tmp2;
|
||||
#else
|
||||
byte tmp2[DH_TEST_TMP_SIZE];
|
||||
#endif
|
||||
XFILE file = XFOPEN(dhKeyFile, "rb");
|
||||
if (!file)
|
||||
ERROR_OUT(-8121, done);
|
||||
bytes = (word32)XFREAD(tmp, 1, DH_TEST_TMP_SIZE, file);
|
||||
XFCLOSE(file);
|
||||
}
|
||||
|
||||
idx = 0;
|
||||
ret = wc_DhKeyDecode(tmp, &idx, key, bytes);
|
||||
if (ret != 0) {
|
||||
ERROR_OUT(-8122, done);
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
tmp2 = (byte*)XMALLOC(DH_TEST_TMP_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
if (tmp2 == NULL)
|
||||
ERROR_OUT(-8122, done);
|
||||
#endif
|
||||
idx = 0;
|
||||
XMEMSET(tmp2, 0, DH_TEST_TMP_SIZE);
|
||||
|
||||
/* Import DH key as DER */
|
||||
ret = wc_DhKeyDecode(tmp, &idx, key, bytes);
|
||||
if (ret == 0) {
|
||||
/* Export as DER */
|
||||
idx = DH_TEST_TMP_SIZE;
|
||||
ret = wc_DhPrivKeyToDer(key, tmp2, &idx);
|
||||
}
|
||||
|
||||
/* Verify export matches original */
|
||||
if (ret <= 0 || bytes != idx || XMEMCMP(tmp, tmp2, bytes) != 0) {
|
||||
ERROR_OUT(-8123, done);
|
||||
}
|
||||
|
||||
#ifdef WOLFSSL_SMALL_STACK
|
||||
XFREE(tmp2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
|
||||
#endif
|
||||
}
|
||||
#else
|
||||
ret = wc_DhSetKey(key, dh_p, sizeof(dh_p), dh_g, sizeof(dh_g));
|
||||
@ -16703,7 +16732,7 @@ WOLFSSL_TEST_SUBROUTINE int dh_test(void)
|
||||
#endif
|
||||
|
||||
#ifndef WC_NO_RNG
|
||||
/* Specialized code for key gen when using FFDHE-2048 and FFDHE-3072. */
|
||||
/* Specialized code for key gen when using FFDHE-2048, FFDHE-3072 and FFDHE-4096 */
|
||||
#ifdef HAVE_FFDHE_2048
|
||||
ret = dh_ffdhe_test(&rng, wc_Dh_ffdhe2048_Get());
|
||||
if (ret != 0)
|
||||
@ -16714,6 +16743,11 @@ WOLFSSL_TEST_SUBROUTINE int dh_test(void)
|
||||
if (ret != 0)
|
||||
ERROR_OUT(-8130, done);
|
||||
#endif
|
||||
#ifdef HAVE_FFDHE_4096
|
||||
ret = dh_ffdhe_test(&rng, wc_Dh_ffdhe4096_Get());
|
||||
if (ret != 0)
|
||||
ERROR_OUT(-8131, done);
|
||||
#endif
|
||||
#endif /* !WC_NO_RNG */
|
||||
|
||||
wc_FreeDhKey(key);
|
||||
@ -16725,7 +16759,7 @@ WOLFSSL_TEST_SUBROUTINE int dh_test(void)
|
||||
ret = wc_DhSetCheckKey(key, dh_p, sizeof(dh_p), dh_g, sizeof(dh_g),
|
||||
NULL, 0, 0, &rng);
|
||||
if (ret != 0)
|
||||
ERROR_OUT(-8131, done);
|
||||
ERROR_OUT(-8132, done);
|
||||
keyInit = 1; /* DhSetCheckKey also initializes the key, free it */
|
||||
#endif
|
||||
|
||||
|
@ -1157,11 +1157,13 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
|
||||
#define DTLS1_2_VERSION 0xFEFD
|
||||
#define DTLS_MAX_VERSION DTLS1_2_VERSION
|
||||
|
||||
#ifndef WOLFSSL_APACHE_HTTPD /* apache uses SSL_CONF_FLAG_FILE to enable conf support */
|
||||
#define SSL_CONF_FLAG_CMDLINE WOLFSSL_CONF_FLAG_CMDLINE
|
||||
#define SSL_CONF_FLAG_FILE WOLFSSL_CONF_FLAG_FILE
|
||||
#define SSL_CONF_FLAG_CERTIFICATE WOLFSSL_CONF_FLAG_CERTIFICATE
|
||||
#define SSL_CONF_TYPE_STRING WOLFSSL_CONF_TYPE_STRING
|
||||
#define SSL_CONF_TYPE_FILE WOLFSSL_CONF_TYPE_FILE
|
||||
#endif
|
||||
|
||||
#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(OPENSSL_EXTRA) \
|
||||
|| defined(OPENSSL_ALL)
|
||||
|
@ -1233,12 +1233,6 @@ WOLFSSL_LOCAL int GetASNTag(const byte* input, word32* idx, byte* tag,
|
||||
WOLFSSL_LOCAL word32 SetLength(word32 length, byte* output);
|
||||
WOLFSSL_LOCAL word32 SetSequence(word32 len, byte* output);
|
||||
WOLFSSL_LOCAL word32 SetOctetString(word32 len, byte* output);
|
||||
#if (defined(WOLFSSL_QT) || defined(OPENSSL_ALL)) && !defined(NO_DH) \
|
||||
|| defined(WOLFSSL_OPENSSH)
|
||||
WOLFSSL_LOCAL int wc_DhParamsToDer(DhKey* key, byte* out, word32* outSz);
|
||||
WOLFSSL_LOCAL int wc_DhPubKeyToDer(DhKey* key, byte* out, word32* outSz);
|
||||
WOLFSSL_LOCAL int wc_DhPrivKeyToDer(DhKey* key, byte* out, word32* outSz);
|
||||
#endif
|
||||
WOLFSSL_LOCAL int SetASNInt(int len, byte firstByte, byte* output);
|
||||
WOLFSSL_LOCAL word32 SetBitString(word32 len, byte unusedBits, byte* output);
|
||||
WOLFSSL_LOCAL word32 SetImplicit(byte tag,byte number,word32 len,byte* output);
|
||||
|
@ -59,6 +59,10 @@ This library defines the interface APIs for X509 certificates.
|
||||
typedef struct WC_RNG WC_RNG;
|
||||
#define WC_RNG_TYPE_DEFINED
|
||||
#endif
|
||||
#ifndef WC_DH_TYPE_DEFINED
|
||||
typedef struct DhKey DhKey;
|
||||
#define WC_DH_TYPE_DEFINED
|
||||
#endif
|
||||
|
||||
enum Ecc_Sum {
|
||||
ECC_SECP112R1_OID = 182,
|
||||
@ -517,6 +521,13 @@ WOLFSSL_API void wc_FreeDer(DerBuffer** pDer);
|
||||
WOLFSSL_API int wc_DsaKeyToParamsDer(DsaKey* key, byte* output, word32 inLen);
|
||||
#endif
|
||||
|
||||
#if !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA)
|
||||
WOLFSSL_LOCAL int wc_DhKeyToDer(DhKey* key, byte* output, word32* outSz, int exportPriv);
|
||||
WOLFSSL_API int wc_DhParamsToDer(DhKey* key, byte* out, word32* outSz);
|
||||
WOLFSSL_API int wc_DhPubKeyToDer(DhKey* key, byte* out, word32* outSz);
|
||||
WOLFSSL_API int wc_DhPrivKeyToDer(DhKey* key, byte* out, word32* outSz);
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_ECC
|
||||
/* private key helpers */
|
||||
WOLFSSL_API int wc_EccPrivateKeyDecode(const byte*, word32*,
|
||||
|
@ -46,13 +46,6 @@
|
||||
#include <wolfssl/wolfcrypt/async.h>
|
||||
#endif
|
||||
|
||||
/* Optional support extended DH public / private keys */
|
||||
#if !defined(WOLFSSL_DH_EXTRA) && (defined(WOLFSSL_QT) || \
|
||||
defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH) || \
|
||||
defined(WOLFSSL_STATIC_EPHEMERAL))
|
||||
#define WOLFSSL_DH_EXTRA
|
||||
#endif
|
||||
|
||||
typedef struct DhParams {
|
||||
#ifdef HAVE_FFDHE_Q
|
||||
const byte* q;
|
||||
|
@ -2450,6 +2450,20 @@ extern void uITRON4_free(void *p) ;
|
||||
#error Small stack cannot be used with no malloc (WOLFSSL_NO_MALLOC)
|
||||
#endif
|
||||
|
||||
/* Enable DH Extra for QT, openssl all, openssh and static ephemeral */
|
||||
/* Allows export/import of DH key and params as DER */
|
||||
#if !defined(WOLFSSL_DH_EXTRA) && \
|
||||
(defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH) || \
|
||||
defined(WOLFSSL_STATIC_EPHEMERAL))
|
||||
#define WOLFSSL_DH_EXTRA
|
||||
#endif
|
||||
|
||||
/* DH Extra is not supported on FIPS v1 or v2 (is missing DhKey .pub/.priv) */
|
||||
#if defined(WOLFSSL_DH_EXTRA) && defined(HAVE_FIPS) && \
|
||||
(!defined(HAVE_FIPS_VERSION) || HAVE_FIPS_VERSION <= 2)
|
||||
#undef WOLFSSL_DH_EXTRA
|
||||
#endif
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
} /* extern "C" */
|
||||
|
@ -889,8 +889,9 @@ decouple library dependencies with standard string, memory and so on.
|
||||
WC_PK_TYPE_EC_KEYGEN = 9,
|
||||
WC_PK_TYPE_RSA_CHECK_PRIV_KEY = 10,
|
||||
WC_PK_TYPE_EC_CHECK_PRIV_KEY = 11,
|
||||
|
||||
WC_PK_TYPE_MAX = WC_PK_TYPE_EC_CHECK_PRIV_KEY
|
||||
WC_PK_TYPE_ED448 = 12,
|
||||
WC_PK_TYPE_CURVE448 = 13,
|
||||
WC_PK_TYPE_MAX = WC_PK_TYPE_CURVE448
|
||||
};
|
||||
|
||||
|
||||
|
Reference in New Issue
Block a user