feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Implement/stub:

Browse Source 
- wc_DhKeyCopy
- SSL_CTX_set_srp_strength
- SSL_get_srp_username
- X509_REQ_get_attr_by_NID
- X509_REQ_get_attr
- X509_ATTRIBUTE
- wolfSSL_DH_dup
Add srp.h file with SRP_MINIMAL_N
This commit is contained in:
Juliusz Sosinowicz
2020-07-09 17:09:24 +02:00
parent b52e11d3d4
commit 728f4ce892
11 changed files with 170 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
configure.ac
View File

@ -4291,6 +4291,12 @@ then
ENABLED_CRL="yes"
AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL"
fi
if test "x$ENABLED_SRP" = "xno"
then
ENABLED_SRP="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_HAVE_SRP"
fi
fi
# MD4

72
src/ssl.c
View File

@ -15078,6 +15078,34 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
}
return WOLFSSL_SUCCESS;
}
/**
* The modulus passed to wc_SrpSetParams in ssl.c is constant so check
* that the requested strength is less than or equal to the size of the
* static modulus size.
* @param ctx Not used
* @param strength Minimum number of bits for the modulus
* @return 1 if strength is less than or equal to static modulus
* 0 if strength is greater than static modulus
*/
int wolfSSL_CTX_set_srp_strength(WOLFSSL_CTX *ctx, int strength)
{
(void)ctx;
WOLFSSL_ENTER("wolfSSL_CTX_set_srp_strength");
if (strength > (int)(sizeof(srp_N)*8)) {
WOLFSSL_MSG("Bad Parameter");
return WOLFSSL_FAILURE;
}
return WOLFSSL_SUCCESS;
}
char* wolfSSL_get_srp_username(WOLFSSL *ssl)
{
if (ssl && ssl->ctx && ssl->ctx->srp) {
return (char*) ssl->ctx->srp->user;
}
return NULL;
}
#endif /* WOLFCRYPT_HAVE_SRP && !NO_SHA256 && !WC_NO_RNG */
/* keyblock size in bytes or -1 */
@ -29559,7 +29587,7 @@ WOLFSSL_DH* wolfSSL_DH_new(void)
WOLFSSL_DH* external;
DhKey* key;
WOLFSSL_MSG("wolfSSL_DH_new");
WOLFSSL_ENTER("wolfSSL_DH_new");
key = (DhKey*) XMALLOC(sizeof(DhKey), NULL, DYNAMIC_TYPE_DH);
if (key == NULL) {
@ -29590,7 +29618,7 @@ WOLFSSL_DH* wolfSSL_DH_new(void)
void wolfSSL_DH_free(WOLFSSL_DH* dh)
{
WOLFSSL_MSG("wolfSSL_DH_free");
WOLFSSL_ENTER("wolfSSL_DH_free");
if (dh) {
if (dh->internal) {
@ -29609,6 +29637,25 @@ void wolfSSL_DH_free(WOLFSSL_DH* dh)
}
}
WOLFSSL_DH* wolfSSL_DH_dup(WOLFSSL_DH* dh)
{
WOLFSSL_DH* ret = NULL;
DhKey* key;
WOLFSSL_ENTER("wolfSSL_DH_dup");
if (!dh) {
WOLFSSL_MSG("Bad parameter");
return NULL;
}
if (!(ret = wolfSSL_DH_new())) {
return NULL;
}
return ret;
}
int SetDhInternal(WOLFSSL_DH* dh)
{
int ret = WOLFSSL_FATAL_ERROR;
@ -49498,6 +49545,27 @@ int wolfSSL_X509_REQ_add1_attr_by_NID(WOLFSSL_X509 *req,
(void)len;
return WOLFSSL_FAILURE;
}
int wolfSSL_X509_REQ_get_attr_by_NID(const WOLFSSL_X509 *req,
int nid, int lastpos)
{
WOLFSSL_ENTER("wolfSSL_X509_REQ_get_attr_by_NID");
WOLFSSL_STUB("wolfSSL_X509_REQ_get_attr_by_NID");
(void)req;
(void)nid;
(void)lastpos;
return WOLFSSL_FATAL_ERROR;
}
WOLFSSL_X509_ATTRIBUTE *wolfSSL_X509_REQ_get_attr(
const WOLFSSL_X509 *req, int loc)
{
WOLFSSL_ENTER("wolfSSL_X509_REQ_get_attr");
WOLFSSL_STUB("wolfSSL_X509_REQ_get_attr");
(void)req;
(void)loc;
return NULL;
}
#endif
WOLFSSL_X509 *wolfSSL_X509_to_X509_REQ(WOLFSSL_X509 *x,

14
wolfcrypt/src/dh.c
View File

@ -2079,6 +2079,20 @@ int wc_DhAgree(DhKey* key, byte* agree, word32* agreeSz, const byte* priv,
}
#ifdef WOLFSSL_DH_EXTRA
WOLFSSL_LOCAL int wc_DhKeyCopy(DhKey* src, DhKey* dst)
{
if (!src || !dst || src == dst) {
WOLFSSL_MSG("Parameters not provided or are the same");
return BAD_FUNC_ARG;
}
if (mp_copy(, mpi) != MP_OKAY) {
WOLFSSL_MSG("mp_copy error");
return WOLFSSL_FATAL_ERROR;
}
}
/* Sets private and public key in DhKey if both are available, otherwise sets
either private or public key, depending on which is available. */
int wc_DhImportKeyPair(DhKey* key, const byte* priv, word32 privSz,

6
wolfssl/openssl/asn1.h
View File

@ -70,13 +70,19 @@
#define ASN1_TIME_diff wolfSSL_ASN1_TIME_diff
#define ASN1_TIME_set wolfSSL_ASN1_TIME_set
#define V_ASN1_EOC 0
#define V_ASN1_OBJECT 6
#define V_ASN1_UTF8STRING 12
#define V_ASN1_SEQUENCE 16
#define V_ASN1_SET 17
#define V_ASN1_IA5STRING 22
#define V_ASN1_UTCTIME 23
#define V_ASN1_GENERALIZEDTIME 24
#define V_ASN1_PRINTABLESTRING 19
#define V_ASN1_CONSTRUCTED 0x20
#define ASN1_STRING_FLAG_BITS_LEFT 0x008
#define ASN1_STRING_FLAG_NDEF 0x010
#define ASN1_STRING_FLAG_CONT 0x020

6
wolfssl/openssl/cms.h
View File

@ -19,8 +19,8 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#ifndef WOLFSSL_OPENSSL_CMS_H_
#define WOLFSSL_OPENSSL_CMS_H_
#ifndef WOLFSSL_CMS_H_
#define WOLFSSL_CMS_H_
#endif /* WOLFSSL_OPENSSL_CMS_H_ */
#endif /* WOLFSSL_CMS_H_ */

1
wolfssl/openssl/dh.h
View File

@ -58,6 +58,7 @@ WOLFSSL_API WOLFSSL_DH *wolfSSL_d2i_DHparams(WOLFSSL_DH **dh,
WOLFSSL_API int wolfSSL_i2d_DHparams(const WOLFSSL_DH *dh, unsigned char **out);
WOLFSSL_API WOLFSSL_DH* wolfSSL_DH_new(void);
WOLFSSL_API void wolfSSL_DH_free(WOLFSSL_DH*);
WOLFSSL_API WOLFSSL_DH* wolfSSL_DH_dup(WOLFSSL_DH* dh);
WOLFSSL_API int wolfSSL_DH_check(const WOLFSSL_DH *dh, int *codes);
WOLFSSL_API int wolfSSL_DH_size(WOLFSSL_DH*);

1
wolfssl/openssl/include.am
View File

@ -42,6 +42,7 @@ nobase_include_HEADERS+= \
wolfssl/openssl/rsa.h \
wolfssl/openssl/sha.h \
wolfssl/openssl/sha3.h \
wolfssl/openssl/srp.h \
wolfssl/openssl/ssl23.h \
wolfssl/openssl/ssl.h \
wolfssl/openssl/stack.h \

29
wolfssl/openssl/srp.h Normal file
View File

@ -0,0 +1,29 @@
/* srp.h
*
* Copyright (C) 2006-2020 wolfSSL Inc.
*
* This file is part of wolfSSL.
*
* wolfSSL is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* wolfSSL is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/
#ifndef WOLFSSL_SRP_H_
#define WOLFSSL_SRP_H_
#include <wolfssl/wolfcrypt/srp.h>
#define SRP_MINIMAL_N SRP_MODULUS_MIN_BITS
#endif /* WOLFSSL_SRP_H_ */

10
wolfssl/openssl/ssl.h
View File

@ -106,6 +106,7 @@ typedef WOLFSSL_ASN1_INTEGER ASN1_INTEGER;
typedef WOLFSSL_ASN1_OBJECT ASN1_OBJECT;
typedef WOLFSSL_ASN1_STRING ASN1_STRING;
typedef WOLFSSL_ASN1_TYPE ASN1_TYPE;
typedef WOLFSSL_X509_ATTRIBUTE X509_ATTRIBUTE;
typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING;
typedef WOLFSSL_dynlock_value CRYPTO_dynlock_value;
typedef WOLFSSL_BUF_MEM BUF_MEM;
@ -382,6 +383,8 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define X509_REQ_sign_ctx wolfSSL_X509_REQ_sign_ctx
#define X509_REQ_add_extensions wolfSSL_X509_REQ_add_extensions
#define X509_REQ_add1_attr_by_NID wolfSSL_X509_REQ_add1_attr_by_NID
#define X509_REQ_get_attr_by_NID wolfSSL_X509_REQ_get_attr_by_NID
#define X509_REQ_get_attr wolfSSL_X509_REQ_get_attr
#define X509_to_X509_REQ wolfSSL_X509_to_X509_REQ
#define X509_REQ_set_subject_name wolfSSL_X509_REQ_set_subject_name
#define X509_REQ_set_pubkey wolfSSL_X509_REQ_set_pubkey
@ -404,6 +407,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define X509_REQ_get_subject_name wolfSSL_X509_get_subject_name
#define X509_get_pubkey wolfSSL_X509_get_pubkey
#define X509_get0_pubkey wolfSSL_X509_get_pubkey
#define X509_REQ_get_pubkey wolfSSL_X509_get_pubkey
#define X509_get_notBefore wolfSSL_X509_get_notBefore
#define X509_get0_notBefore wolfSSL_X509_get_notBefore
#define X509_get_notAfter wolfSSL_X509_get_notAfter
@ -431,6 +435,8 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define X509_print_ex wolfSSL_X509_print_ex
#define X509_verify_cert_error_string wolfSSL_X509_verify_cert_error_string
#define X509_verify_cert wolfSSL_X509_verify_cert
#define X509_verify wolfSSL_X509_verify
#define X509_REQ_verify wolfSSL_X509_verify
#define X509_check_private_key wolfSSL_X509_check_private_key
#define X509_check_ca wolfSSL_X509_check_ca
#define X509_check_host wolfSSL_X509_check_host
@ -952,8 +958,6 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define ERR_LIB_SSL 20
#define SSL_R_SHORT_READ 10
#define ERR_R_PEM_LIB 9
#define V_ASN1_IA5STRING 22
#define V_ASN1_UTF8STRING 12
#define SSL_CTRL_MODE 33
#define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83
@ -1227,8 +1231,10 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define SSL_CTX_add_client_CA wolfSSL_CTX_add_client_CA
#define SSL_CTX_set_srp_password wolfSSL_CTX_set_srp_password
#define SSL_CTX_set_srp_username wolfSSL_CTX_set_srp_username
#define SSL_CTX_set_srp_strength wolfSSL_CTX_set_srp_strength
#define SSL_get_SSL_CTX wolfSSL_get_SSL_CTX
#define SSL_get0_param wolfSSL_get0_param
#define SSL_get_srp_username wolfSSL_get_srp_username
#define ERR_NUM_ERRORS 16
#define SN_pkcs9_emailAddress "Email"

41
wolfssl/ssl.h
View File

@ -102,6 +102,19 @@
extern "C" {
#endif
/* for now LHASH is not implemented */
typedef int WOLFSSL_LHASH;
#ifndef WOLF_LHASH_OF
#define WOLF_LHASH_OF(x) WOLFSSL_LHASH
#endif
#ifndef WOLF_STACK_OF
#define WOLF_STACK_OF(x) WOLFSSL_STACK
#endif
#ifndef DECLARE_STACK_OF
#define DECLARE_STACK_OF(x) WOLF_STACK_OF(x);
#endif
#ifndef WOLFSSL_WOLFSSL_TYPE_DEFINED
#define WOLFSSL_WOLFSSL_TYPE_DEFINED
typedef struct WOLFSSL WOLFSSL;
@ -189,6 +202,7 @@ typedef struct WOLFSSL_DH WOLFSSL_DH;
#endif
typedef struct WOLFSSL_ASN1_BIT_STRING WOLFSSL_ASN1_BIT_STRING;
typedef struct WOLFSSL_ASN1_TYPE WOLFSSL_ASN1_TYPE;
typedef struct WOLFSSL_X509_ATTRIBUTE WOLFSSL_X509_ATTRIBUTE;
typedef struct WOLFSSL_GENERAL_NAME WOLFSSL_GENERAL_NAME;
typedef struct WOLFSSL_AUTHORITY_KEYID WOLFSSL_AUTHORITY_KEYID;
@ -318,6 +332,11 @@ struct WOLFSSL_ASN1_TYPE {
} value;
};
struct WOLFSSL_X509_ATTRIBUTE {
WOLFSSL_ASN1_OBJECT *object;
WOLF_STACK_OF(WOLFSSL_ASN1_TYPE) *set;
};
struct WOLFSSL_EVP_PKEY {
void* heap;
int type; /* openssh dereference */
@ -1088,20 +1107,6 @@ WOLFSSL_API const char* wolfSSL_ERR_reason_error_string(unsigned long);
/* extras */
/* for now LHASH is not implemented */
typedef int WOLFSSL_LHASH;
#ifndef WOLF_LHASH_OF
#define WOLF_LHASH_OF(x) WOLFSSL_LHASH
#endif
#ifndef WOLF_STACK_OF
#define WOLF_STACK_OF(x) WOLFSSL_STACK
#endif
#ifndef DECLARE_STACK_OF
#define DECLARE_STACK_OF(x) WOLF_STACK_OF(x);
#endif
WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_new_node(void* heap);
WOLFSSL_API void wolfSSL_sk_free(WOLFSSL_STACK* sk);
WOLFSSL_API void wolfSSL_sk_free_node(WOLFSSL_STACK* in);
@ -1600,6 +1605,9 @@ WOLFSSL_API long wolfSSL_CTX_set_tlsext_opaque_prf_input_callback_arg(
WOLFSSL_API int wolfSSL_CTX_add_client_CA(WOLFSSL_CTX*, WOLFSSL_X509*);
WOLFSSL_API int wolfSSL_CTX_set_srp_password(WOLFSSL_CTX*, char*);
WOLFSSL_API int wolfSSL_CTX_set_srp_username(WOLFSSL_CTX*, char*);
WOLFSSL_API int wolfSSL_CTX_set_srp_strength(WOLFSSL_CTX *ctx, int strength);
WOLFSSL_API char* wolfSSL_get_srp_username(WOLFSSL *ssl);
WOLFSSL_API long wolfSSL_set_options(WOLFSSL *s, long op);
WOLFSSL_API long wolfSSL_get_options(const WOLFSSL *s);
@ -3561,6 +3569,11 @@ WOLFSSL_API int wolfSSL_X509_REQ_add1_attr_by_NID(WOLFSSL_X509 *req,
int nid, int type,
const unsigned char *bytes,
int len);
WOLFSSL_API int wolfSSL_X509_REQ_get_attr_by_NID(const WOLFSSL_X509 *req,
int nid, int lastpos);
WOLFSSL_API WOLFSSL_X509_ATTRIBUTE *wolfSSL_X509_REQ_get_attr(
const WOLFSSL_X509 *req, int loc);
WOLFSSL_API WOLFSSL_X509 *wolfSSL_X509_to_X509_REQ(WOLFSSL_X509 *x,
WOLFSSL_EVP_PKEY *pkey, const WOLFSSL_EVP_MD *md);
#endif

5
wolfssl/wolfcrypt/dh.h
View File

@ -123,6 +123,11 @@ WOLFSSL_API int wc_DhExportKeyPair(DhKey* key, byte* priv, word32* pPrivSz,
byte* pub, word32* pPubSz);
#endif /* WOLFSSL_DH_EXTRA */
#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
WOLFSSL_LOCAL int wc_DhKeyCopy(DhKey* src, DhKey* dst);
WOLFSSL_LOCAL int wc_DhSetFullKeys(DhKey* key,const byte* priv_key,word32 privSz,
const byte* pub_key, word32 pubSz);
#endif
WOLFSSL_API int wc_DhSetCheckKey(DhKey* key, const byte* p, word32 pSz,
const byte* g, word32 gSz, const byte* q, word32 qSz,
int trusted, WC_RNG* rng);