diff --git a/configure.ac b/configure.ac index 53c62b0cb..8b51437d9 100644 --- a/configure.ac +++ b/configure.ac @@ -4291,6 +4291,12 @@ then ENABLED_CRL="yes" AM_CFLAGS="$AM_CFLAGS -DHAVE_CRL" fi + + if test "x$ENABLED_SRP" = "xno" + then + ENABLED_SRP="yes" + AM_CFLAGS="$AM_CFLAGS -DWOLFCRYPT_HAVE_SRP" + fi fi # MD4 diff --git a/src/ssl.c b/src/ssl.c index d20900388..9bded32b5 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -15078,6 +15078,34 @@ int wolfSSL_set_compression(WOLFSSL* ssl) } return WOLFSSL_SUCCESS; } + + /** + * The modulus passed to wc_SrpSetParams in ssl.c is constant so check + * that the requested strength is less than or equal to the size of the + * static modulus size. + * @param ctx Not used + * @param strength Minimum number of bits for the modulus + * @return 1 if strength is less than or equal to static modulus + * 0 if strength is greater than static modulus + */ + int wolfSSL_CTX_set_srp_strength(WOLFSSL_CTX *ctx, int strength) + { + (void)ctx; + WOLFSSL_ENTER("wolfSSL_CTX_set_srp_strength"); + if (strength > (int)(sizeof(srp_N)*8)) { + WOLFSSL_MSG("Bad Parameter"); + return WOLFSSL_FAILURE; + } + return WOLFSSL_SUCCESS; + } + + char* wolfSSL_get_srp_username(WOLFSSL *ssl) + { + if (ssl && ssl->ctx && ssl->ctx->srp) { + return (char*) ssl->ctx->srp->user; + } + return NULL; + } #endif /* WOLFCRYPT_HAVE_SRP && !NO_SHA256 && !WC_NO_RNG */ /* keyblock size in bytes or -1 */ @@ -29559,7 +29587,7 @@ WOLFSSL_DH* wolfSSL_DH_new(void) WOLFSSL_DH* external; DhKey* key; - WOLFSSL_MSG("wolfSSL_DH_new"); + WOLFSSL_ENTER("wolfSSL_DH_new"); key = (DhKey*) XMALLOC(sizeof(DhKey), NULL, DYNAMIC_TYPE_DH); if (key == NULL) { @@ -29590,7 +29618,7 @@ WOLFSSL_DH* wolfSSL_DH_new(void) void wolfSSL_DH_free(WOLFSSL_DH* dh) { - WOLFSSL_MSG("wolfSSL_DH_free"); + WOLFSSL_ENTER("wolfSSL_DH_free"); if (dh) { if (dh->internal) { @@ -29609,6 +29637,25 @@ void wolfSSL_DH_free(WOLFSSL_DH* dh) } } +WOLFSSL_DH* wolfSSL_DH_dup(WOLFSSL_DH* dh) +{ + WOLFSSL_DH* ret = NULL; + DhKey* key; + + WOLFSSL_ENTER("wolfSSL_DH_dup"); + + if (!dh) { + WOLFSSL_MSG("Bad parameter"); + return NULL; + } + + if (!(ret = wolfSSL_DH_new())) { + return NULL; + } + + return ret; +} + int SetDhInternal(WOLFSSL_DH* dh) { int ret = WOLFSSL_FATAL_ERROR; @@ -49498,6 +49545,27 @@ int wolfSSL_X509_REQ_add1_attr_by_NID(WOLFSSL_X509 *req, (void)len; return WOLFSSL_FAILURE; } + +int wolfSSL_X509_REQ_get_attr_by_NID(const WOLFSSL_X509 *req, + int nid, int lastpos) +{ + WOLFSSL_ENTER("wolfSSL_X509_REQ_get_attr_by_NID"); + WOLFSSL_STUB("wolfSSL_X509_REQ_get_attr_by_NID"); + (void)req; + (void)nid; + (void)lastpos; + return WOLFSSL_FATAL_ERROR; +} + +WOLFSSL_X509_ATTRIBUTE *wolfSSL_X509_REQ_get_attr( + const WOLFSSL_X509 *req, int loc) +{ + WOLFSSL_ENTER("wolfSSL_X509_REQ_get_attr"); + WOLFSSL_STUB("wolfSSL_X509_REQ_get_attr"); + (void)req; + (void)loc; + return NULL; +} #endif WOLFSSL_X509 *wolfSSL_X509_to_X509_REQ(WOLFSSL_X509 *x, diff --git a/wolfcrypt/src/dh.c b/wolfcrypt/src/dh.c index e19d5a49b..654290b9e 100644 --- a/wolfcrypt/src/dh.c +++ b/wolfcrypt/src/dh.c @@ -2079,6 +2079,20 @@ int wc_DhAgree(DhKey* key, byte* agree, word32* agreeSz, const byte* priv, } #ifdef WOLFSSL_DH_EXTRA +WOLFSSL_LOCAL int wc_DhKeyCopy(DhKey* src, DhKey* dst) +{ + if (!src || !dst || src == dst) { + WOLFSSL_MSG("Parameters not provided or are the same"); + return BAD_FUNC_ARG; + } + + if (mp_copy(, mpi) != MP_OKAY) { + WOLFSSL_MSG("mp_copy error"); + return WOLFSSL_FATAL_ERROR; + } + +} + /* Sets private and public key in DhKey if both are available, otherwise sets either private or public key, depending on which is available. */ int wc_DhImportKeyPair(DhKey* key, const byte* priv, word32 privSz, diff --git a/wolfssl/openssl/asn1.h b/wolfssl/openssl/asn1.h index ea6f7e294..3f11e4f0c 100644 --- a/wolfssl/openssl/asn1.h +++ b/wolfssl/openssl/asn1.h @@ -70,13 +70,19 @@ #define ASN1_TIME_diff wolfSSL_ASN1_TIME_diff #define ASN1_TIME_set wolfSSL_ASN1_TIME_set +#define V_ASN1_EOC 0 #define V_ASN1_OBJECT 6 +#define V_ASN1_UTF8STRING 12 #define V_ASN1_SEQUENCE 16 #define V_ASN1_SET 17 +#define V_ASN1_IA5STRING 22 #define V_ASN1_UTCTIME 23 #define V_ASN1_GENERALIZEDTIME 24 #define V_ASN1_PRINTABLESTRING 19 + +#define V_ASN1_CONSTRUCTED 0x20 + #define ASN1_STRING_FLAG_BITS_LEFT 0x008 #define ASN1_STRING_FLAG_NDEF 0x010 #define ASN1_STRING_FLAG_CONT 0x020 diff --git a/wolfssl/openssl/cms.h b/wolfssl/openssl/cms.h index d698c7bca..e86a21f0a 100644 --- a/wolfssl/openssl/cms.h +++ b/wolfssl/openssl/cms.h @@ -19,8 +19,8 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -#ifndef WOLFSSL_OPENSSL_CMS_H_ -#define WOLFSSL_OPENSSL_CMS_H_ +#ifndef WOLFSSL_CMS_H_ +#define WOLFSSL_CMS_H_ -#endif /* WOLFSSL_OPENSSL_CMS_H_ */ +#endif /* WOLFSSL_CMS_H_ */ diff --git a/wolfssl/openssl/dh.h b/wolfssl/openssl/dh.h index ff021ed8b..ac4d7e1a0 100644 --- a/wolfssl/openssl/dh.h +++ b/wolfssl/openssl/dh.h @@ -58,6 +58,7 @@ WOLFSSL_API WOLFSSL_DH *wolfSSL_d2i_DHparams(WOLFSSL_DH **dh, WOLFSSL_API int wolfSSL_i2d_DHparams(const WOLFSSL_DH *dh, unsigned char **out); WOLFSSL_API WOLFSSL_DH* wolfSSL_DH_new(void); WOLFSSL_API void wolfSSL_DH_free(WOLFSSL_DH*); +WOLFSSL_API WOLFSSL_DH* wolfSSL_DH_dup(WOLFSSL_DH* dh); WOLFSSL_API int wolfSSL_DH_check(const WOLFSSL_DH *dh, int *codes); WOLFSSL_API int wolfSSL_DH_size(WOLFSSL_DH*); diff --git a/wolfssl/openssl/include.am b/wolfssl/openssl/include.am index f3b432df6..716b1d0ea 100644 --- a/wolfssl/openssl/include.am +++ b/wolfssl/openssl/include.am @@ -42,6 +42,7 @@ nobase_include_HEADERS+= \ wolfssl/openssl/rsa.h \ wolfssl/openssl/sha.h \ wolfssl/openssl/sha3.h \ + wolfssl/openssl/srp.h \ wolfssl/openssl/ssl23.h \ wolfssl/openssl/ssl.h \ wolfssl/openssl/stack.h \ diff --git a/wolfssl/openssl/srp.h b/wolfssl/openssl/srp.h new file mode 100644 index 000000000..7b5bd96b4 --- /dev/null +++ b/wolfssl/openssl/srp.h @@ -0,0 +1,29 @@ +/* srp.h + * + * Copyright (C) 2006-2020 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFSSL_SRP_H_ +#define WOLFSSL_SRP_H_ + +#include + +#define SRP_MINIMAL_N SRP_MODULUS_MIN_BITS + +#endif /* WOLFSSL_SRP_H_ */ diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 35e148a30..8e3a08a3d 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -106,6 +106,7 @@ typedef WOLFSSL_ASN1_INTEGER ASN1_INTEGER; typedef WOLFSSL_ASN1_OBJECT ASN1_OBJECT; typedef WOLFSSL_ASN1_STRING ASN1_STRING; typedef WOLFSSL_ASN1_TYPE ASN1_TYPE; +typedef WOLFSSL_X509_ATTRIBUTE X509_ATTRIBUTE; typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING; typedef WOLFSSL_dynlock_value CRYPTO_dynlock_value; typedef WOLFSSL_BUF_MEM BUF_MEM; @@ -382,6 +383,8 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define X509_REQ_sign_ctx wolfSSL_X509_REQ_sign_ctx #define X509_REQ_add_extensions wolfSSL_X509_REQ_add_extensions #define X509_REQ_add1_attr_by_NID wolfSSL_X509_REQ_add1_attr_by_NID +#define X509_REQ_get_attr_by_NID wolfSSL_X509_REQ_get_attr_by_NID +#define X509_REQ_get_attr wolfSSL_X509_REQ_get_attr #define X509_to_X509_REQ wolfSSL_X509_to_X509_REQ #define X509_REQ_set_subject_name wolfSSL_X509_REQ_set_subject_name #define X509_REQ_set_pubkey wolfSSL_X509_REQ_set_pubkey @@ -404,6 +407,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define X509_REQ_get_subject_name wolfSSL_X509_get_subject_name #define X509_get_pubkey wolfSSL_X509_get_pubkey #define X509_get0_pubkey wolfSSL_X509_get_pubkey +#define X509_REQ_get_pubkey wolfSSL_X509_get_pubkey #define X509_get_notBefore wolfSSL_X509_get_notBefore #define X509_get0_notBefore wolfSSL_X509_get_notBefore #define X509_get_notAfter wolfSSL_X509_get_notAfter @@ -431,6 +435,8 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define X509_print_ex wolfSSL_X509_print_ex #define X509_verify_cert_error_string wolfSSL_X509_verify_cert_error_string #define X509_verify_cert wolfSSL_X509_verify_cert +#define X509_verify wolfSSL_X509_verify +#define X509_REQ_verify wolfSSL_X509_verify #define X509_check_private_key wolfSSL_X509_check_private_key #define X509_check_ca wolfSSL_X509_check_ca #define X509_check_host wolfSSL_X509_check_host @@ -952,8 +958,6 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define ERR_LIB_SSL 20 #define SSL_R_SHORT_READ 10 #define ERR_R_PEM_LIB 9 -#define V_ASN1_IA5STRING 22 -#define V_ASN1_UTF8STRING 12 #define SSL_CTRL_MODE 33 #define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS 83 @@ -1227,8 +1231,10 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define SSL_CTX_add_client_CA wolfSSL_CTX_add_client_CA #define SSL_CTX_set_srp_password wolfSSL_CTX_set_srp_password #define SSL_CTX_set_srp_username wolfSSL_CTX_set_srp_username +#define SSL_CTX_set_srp_strength wolfSSL_CTX_set_srp_strength #define SSL_get_SSL_CTX wolfSSL_get_SSL_CTX #define SSL_get0_param wolfSSL_get0_param +#define SSL_get_srp_username wolfSSL_get_srp_username #define ERR_NUM_ERRORS 16 #define SN_pkcs9_emailAddress "Email" diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index fa13d15b4..570ffc1eb 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -102,6 +102,19 @@ extern "C" { #endif +/* for now LHASH is not implemented */ +typedef int WOLFSSL_LHASH; +#ifndef WOLF_LHASH_OF + #define WOLF_LHASH_OF(x) WOLFSSL_LHASH +#endif + +#ifndef WOLF_STACK_OF + #define WOLF_STACK_OF(x) WOLFSSL_STACK +#endif +#ifndef DECLARE_STACK_OF + #define DECLARE_STACK_OF(x) WOLF_STACK_OF(x); +#endif + #ifndef WOLFSSL_WOLFSSL_TYPE_DEFINED #define WOLFSSL_WOLFSSL_TYPE_DEFINED typedef struct WOLFSSL WOLFSSL; @@ -189,6 +202,7 @@ typedef struct WOLFSSL_DH WOLFSSL_DH; #endif typedef struct WOLFSSL_ASN1_BIT_STRING WOLFSSL_ASN1_BIT_STRING; typedef struct WOLFSSL_ASN1_TYPE WOLFSSL_ASN1_TYPE; +typedef struct WOLFSSL_X509_ATTRIBUTE WOLFSSL_X509_ATTRIBUTE; typedef struct WOLFSSL_GENERAL_NAME WOLFSSL_GENERAL_NAME; typedef struct WOLFSSL_AUTHORITY_KEYID WOLFSSL_AUTHORITY_KEYID; @@ -318,6 +332,11 @@ struct WOLFSSL_ASN1_TYPE { } value; }; +struct WOLFSSL_X509_ATTRIBUTE { + WOLFSSL_ASN1_OBJECT *object; + WOLF_STACK_OF(WOLFSSL_ASN1_TYPE) *set; +}; + struct WOLFSSL_EVP_PKEY { void* heap; int type; /* openssh dereference */ @@ -1088,20 +1107,6 @@ WOLFSSL_API const char* wolfSSL_ERR_reason_error_string(unsigned long); /* extras */ - -/* for now LHASH is not implemented */ -typedef int WOLFSSL_LHASH; -#ifndef WOLF_LHASH_OF - #define WOLF_LHASH_OF(x) WOLFSSL_LHASH -#endif - -#ifndef WOLF_STACK_OF - #define WOLF_STACK_OF(x) WOLFSSL_STACK -#endif -#ifndef DECLARE_STACK_OF - #define DECLARE_STACK_OF(x) WOLF_STACK_OF(x); -#endif - WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_new_node(void* heap); WOLFSSL_API void wolfSSL_sk_free(WOLFSSL_STACK* sk); WOLFSSL_API void wolfSSL_sk_free_node(WOLFSSL_STACK* in); @@ -1600,6 +1605,9 @@ WOLFSSL_API long wolfSSL_CTX_set_tlsext_opaque_prf_input_callback_arg( WOLFSSL_API int wolfSSL_CTX_add_client_CA(WOLFSSL_CTX*, WOLFSSL_X509*); WOLFSSL_API int wolfSSL_CTX_set_srp_password(WOLFSSL_CTX*, char*); WOLFSSL_API int wolfSSL_CTX_set_srp_username(WOLFSSL_CTX*, char*); +WOLFSSL_API int wolfSSL_CTX_set_srp_strength(WOLFSSL_CTX *ctx, int strength); + +WOLFSSL_API char* wolfSSL_get_srp_username(WOLFSSL *ssl); WOLFSSL_API long wolfSSL_set_options(WOLFSSL *s, long op); WOLFSSL_API long wolfSSL_get_options(const WOLFSSL *s); @@ -3561,6 +3569,11 @@ WOLFSSL_API int wolfSSL_X509_REQ_add1_attr_by_NID(WOLFSSL_X509 *req, int nid, int type, const unsigned char *bytes, int len); +WOLFSSL_API int wolfSSL_X509_REQ_get_attr_by_NID(const WOLFSSL_X509 *req, + int nid, int lastpos); +WOLFSSL_API WOLFSSL_X509_ATTRIBUTE *wolfSSL_X509_REQ_get_attr( + const WOLFSSL_X509 *req, int loc); + WOLFSSL_API WOLFSSL_X509 *wolfSSL_X509_to_X509_REQ(WOLFSSL_X509 *x, WOLFSSL_EVP_PKEY *pkey, const WOLFSSL_EVP_MD *md); #endif diff --git a/wolfssl/wolfcrypt/dh.h b/wolfssl/wolfcrypt/dh.h index a92d7b3ce..00b1c6267 100644 --- a/wolfssl/wolfcrypt/dh.h +++ b/wolfssl/wolfcrypt/dh.h @@ -123,6 +123,11 @@ WOLFSSL_API int wc_DhExportKeyPair(DhKey* key, byte* priv, word32* pPrivSz, byte* pub, word32* pPubSz); #endif /* WOLFSSL_DH_EXTRA */ +#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) +WOLFSSL_LOCAL int wc_DhKeyCopy(DhKey* src, DhKey* dst); +WOLFSSL_LOCAL int wc_DhSetFullKeys(DhKey* key,const byte* priv_key,word32 privSz, + const byte* pub_key, word32 pubSz); +#endif WOLFSSL_API int wc_DhSetCheckKey(DhKey* key, const byte* p, word32 pSz, const byte* g, word32 gSz, const byte* q, word32 qSz, int trusted, WC_RNG* rng);