diff --git a/tests/api.c b/tests/api.c index aa2448bc5..21edc308a 100644 --- a/tests/api.c +++ b/tests/api.c @@ -102,6 +102,18 @@ #endif +#ifndef NO_RSA + #include + #include + + #define FOURK_BUF 4096 + #define GEN_BUF 294 + + #ifndef USER_CRYPTO_ERROR + #define USER_CRYPTO_ERROR -101 /* error returned by IPP lib. */ + #endif +#endif + #ifdef OPENSSL_EXTRA #include #include @@ -6863,6 +6875,1086 @@ static int test_wc_Arc4Process (void) }/* END test_wc_Arc4Process */ + +/* + * Testing wc_Init RsaKey() + */ +static int test_wc_InitRsaKey (void) +{ +#ifndef NO_RSA + RsaKey key; + int ret; + + printf(testingFmt, "wc_InitRsaKey()"); + + ret = wc_InitRsaKey(&key, NULL); + + /* Test bad args. */ + if (ret == 0) { + ret = wc_InitRsaKey(NULL, NULL); + #ifndef HAVE_USER_RSA + if (ret == BAD_FUNC_ARG) { + ret = 0; + } else { + #else + if (ret == USER_CRYPTO_ERROR) { + ret = 0; + } else { + #endif + ret = SSL_FATAL_ERROR; + } + } /* end if */ + + if (wc_FreeRsaKey(&key) || ret != 0) { + ret = SSL_FATAL_ERROR; + } + + printf(resultFmt, ret == 0 ? passed : failed); + +#endif + return 0; +} /* END test_wc_InitRsaKey */ + + +/* + * Testing wc_RsaPrivateKeyDecode() + */ +static int test_wc_RsaPrivateKeyDecode (void) +{ +#if !defined(NO_RSA) && (defined(USE_CERT_BUFFERS_1024)\ + || defined(USE_CERT_BUFFERS_2048)) && !defined(HAVE_FIPS) + RsaKey key; + byte* tmp; + word32 idx = 0; + int ret = 0; + int bytes = 0; + + printf(testingFmt, "wc_RsaPrivateKeyDecode()"); + + tmp = (byte*)XMALLOC(FOURK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (tmp == NULL) { + ret = SSL_FATAL_ERROR; + } + if (ret == 0) { + ret = wc_InitRsaKey(&key, NULL); + } + if (ret == 0) { + #ifdef USE_CERT_BUFFERS_1024 + XMEMCPY(tmp, client_key_der_1024, sizeof_client_key_der_1024); + bytes = sizeof_client_key_der_1024; + #else + XMEMCPY(tmp, client_key_der_2048, sizeof_client_key_der_2048); + bytes = sizeof_client_key_der_2048; + #endif /* Use cert buffers. */ + + ret = wc_RsaPrivateKeyDecode(tmp, &idx, &key, (word32)bytes); + } + #ifndef HAVE_USER_RSA + /* Test bad args. */ + if (ret == 0) { + ret = wc_RsaPrivateKeyDecode(NULL, &idx, &key, (word32)bytes); + if (ret == ASN_PARSE_E) { + ret = wc_RsaPrivateKeyDecode(tmp, NULL, &key, (word32)bytes); + } + if (ret == BAD_FUNC_ARG) { + ret = wc_RsaPrivateKeyDecode(tmp, &idx, NULL, (word32)bytes); + } + if (ret == ASN_PARSE_E) { + ret = 0; + } else { + ret = SSL_FATAL_ERROR; + } + } + #else + /* Test bad args. User RSA. */ + if (ret == 0) { + ret = wc_RsaPrivateKeyDecode(NULL, &idx, &key, (word32)bytes); + if (ret == USER_CRYPTO_ERROR) { + ret = wc_RsaPrivateKeyDecode(tmp, NULL, &key, (word32)bytes); + } + if (ret == USER_CRYPTO_ERROR) { + ret = wc_RsaPrivateKeyDecode(tmp, &idx, NULL, (word32)bytes); + } + if (ret == USER_CRYPTO_ERROR) { + ret = 0; + } else { + ret = SSL_FATAL_ERROR; + } + } + #endif + + if (tmp != NULL) { + XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } + if (wc_FreeRsaKey(&key) || ret != 0) { + ret = SSL_FATAL_ERROR; + } + + printf(resultFmt, ret == 0 ? passed : failed); + +#endif + return 0; + +} /* END test_wc_RsaPrivateKeyDecode */ + +/* + * Testing wc_RsaPublicKeyDecode() + */ +static int test_wc_RsaPublicKeyDecode (void) +{ +#if !defined(NO_RSA) && (defined(USE_CERT_BUFFERS_1024)\ + || defined(USE_CERT_BUFFERS_2048)) && !defined(HAVE_FIPS) + RsaKey keyPub; + byte* tmp; + word32 idx = 0; + int bytes = 0; + int ret = 0; + + tmp = (byte*)XMALLOC(GEN_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (tmp == NULL) { + ret = SSL_FATAL_ERROR; + } + if (ret == 0) { + ret = wc_InitRsaKey(&keyPub, NULL); + } + if (ret == 0) { + #ifdef USE_CERT_BUFFERS_1024 + XMEMCPY(tmp, client_keypub_der_1024, sizeof_client_keypub_der_1024); + bytes = sizeof_client_keypub_der_1024; + #else + XMEMCPY(tmp, client_keypub_der_2048, sizeof_client_keypub_der_2048); + bytes = sizeof_client_keypub_der_2048; + #endif + + printf(testingFmt, "wc_RsaPublicKeyDecode()"); + + ret = wc_RsaPublicKeyDecode(tmp, &idx, &keyPub, (word32)bytes); + } + #ifndef HAVE_USER_RSA + /* Pass in bad args. */ + if (ret == 0) { + ret = wc_RsaPublicKeyDecode(NULL, &idx, &keyPub, (word32)bytes); + if (ret == BAD_FUNC_ARG) { + ret = wc_RsaPublicKeyDecode(tmp, NULL, &keyPub, (word32)bytes); + } + if (ret == BAD_FUNC_ARG) { + ret = wc_RsaPublicKeyDecode(tmp, &idx, NULL, (word32)bytes); + } + if (ret == BAD_FUNC_ARG) { + ret = 0; + } else { + ret = SSL_FATAL_ERROR; + } + } + #else + /* Pass in bad args. */ + if (ret == 0) { + ret = wc_RsaPublicKeyDecode(NULL, &idx, &keyPub, (word32)bytes); + if (ret == USER_CRYPTO_ERROR) { + ret = wc_RsaPublicKeyDecode(tmp, NULL, &keyPub, (word32)bytes); + } + if (ret == USER_CRYPTO_ERROR) { + ret = wc_RsaPublicKeyDecode(tmp, &idx, NULL, (word32)bytes); + } + if (ret == USER_CRYPTO_ERROR) { + ret = 0; + } else { + ret = SSL_FATAL_ERROR; + } + } + #endif + + if (tmp != NULL) { + XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } + if (wc_FreeRsaKey(&keyPub) || ret != 0) { + ret = SSL_FATAL_ERROR; + } + + printf(resultFmt, ret == 0 ? passed : failed); + + +#endif + return 0; + +} /* END test_wc_RsaPublicKeyDecode */ + +/* + * Testing wc_RsaPublicKeyDecodeRaw() + */ +static int test_wc_RsaPublicKeyDecodeRaw (void) +{ +#if !defined(NO_RSA) && !defined(HAVE_FIPS) + RsaKey key; + int ret; + const byte n = 0x23; + const byte e = 0x03; + int nSz = sizeof(n); + int eSz = sizeof(e); + + printf(testingFmt, "wc_RsaPublicKeyDecodeRaw()"); + + ret = wc_InitRsaKey(&key, NULL); + if (ret == 0) { + ret = wc_RsaPublicKeyDecodeRaw(&n, nSz, &e, eSz, &key); + } +#ifndef HAVE_USER_RSA + /* Pass in bad args. */ + if (ret == 0) { + ret = wc_RsaPublicKeyDecodeRaw(NULL, nSz, &e, eSz, &key); + if (ret == BAD_FUNC_ARG) { + ret = wc_RsaPublicKeyDecodeRaw(&n, nSz, NULL, eSz, &key); + } + if (ret == BAD_FUNC_ARG) { + ret = wc_RsaPublicKeyDecodeRaw(&n, nSz, &e, eSz, NULL); + } + if (ret == BAD_FUNC_ARG) { + ret = 0; + } else { + ret = SSL_FATAL_ERROR; + } + } +#else + /* Pass in bad args. User RSA. */ + if (ret == 0) { + ret = wc_RsaPublicKeyDecodeRaw(NULL, nSz, &e, eSz, &key); + if (ret == USER_CRYPTO_ERROR) { + ret = wc_RsaPublicKeyDecodeRaw(&n, nSz, NULL, eSz, &key); + } + if (ret == USER_CRYPTO_ERROR) { + ret = wc_RsaPublicKeyDecodeRaw(&n, nSz, &e, eSz, NULL); + } + if (ret == USER_CRYPTO_ERROR) { + ret = 0; + } else { + ret = SSL_FATAL_ERROR; + } + } +#endif + + if (wc_FreeRsaKey(&key) || ret != 0) { + ret = SSL_FATAL_ERROR; + } + + printf(resultFmt, ret == 0 ? passed : failed); + +#endif + return 0; + +} /* END test_wc_RsaPublicKeyDecodeRaw */ + +/* + * Testing wc_MakeRsaKey() + */ +static int test_wc_MakeRsaKey (void) +{ +#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) + + RsaKey genKey; + WC_RNG rng; + int ret; + + printf(testingFmt, "wc_MakeRsaKey()"); + + ret = wc_InitRsaKey(&genKey, NULL); + if (ret == 0) { + ret = wc_InitRng(&rng); + if (ret == 0) { + ret = wc_MakeRsaKey(&genKey, 1024, 65537, &rng); + } + } + #ifndef HAVE_USER_RSA + /* Test bad args. */ + if (ret == 0) { + ret = wc_MakeRsaKey(NULL, 1024, 65537, &rng); + if (ret == BAD_FUNC_ARG) { + ret = wc_MakeRsaKey(&genKey, 1024, 65537, NULL); + } + if (ret == BAD_FUNC_ARG) { + /* e < 3 */ + ret = wc_MakeRsaKey(&genKey, 1024, 2, &rng); + } + if (ret == BAD_FUNC_ARG) { + /* e & 1 == 0 */ + ret = wc_MakeRsaKey(&genKey, 1024, 6, &rng); + } + if (ret == BAD_FUNC_ARG) { + ret = 0; + } else { + ret = SSL_FATAL_ERROR; + } + } + #else + /* Test bad args. */ + if (ret == 0) { + ret = wc_MakeRsaKey(NULL, 1024, 65537, &rng); + if (ret == USER_CRYPTO_ERROR) { + ret = wc_MakeRsaKey(&genKey, 1024, 65537, NULL); + } + if (ret == USER_CRYPTO_ERROR) { + /* e < 3 */ + ret = wc_MakeRsaKey(&genKey, 1024, 2, &rng); + } + if (ret == USER_CRYPTO_ERROR) { + /* e & 1 == 0 */ + ret = wc_MakeRsaKey(&genKey, 1024, 6, &rng); + } + if (ret == USER_CRYPTO_ERROR) { + ret = 0; + } else { + ret = SSL_FATAL_ERROR; + } + } + #endif + + if (wc_FreeRsaKey(&genKey) || ret != 0) { + ret = SSL_FATAL_ERROR; + } + if (wc_FreeRng(&rng) || ret != 0) { + ret = SSL_FATAL_ERROR; + } + + printf(resultFmt, ret == 0 ? passed : failed); + +#endif + return 0; + +} /* END test_wc_MakeRsaKey */ + +/* + * Testing wc_SetKeyUsage() + */ +static int test_wc_SetKeyUsage (void) +{ +#if !defined(NO_RSA) && defined(WOLFSSL_CERT_EXT) && !defined(HAVE_FIPS) + Cert myCert; + int ret; + + ret = wc_InitCert(&myCert); + + printf(testingFmt, "wc_SetKeyUsage()"); + if (ret == 0) { + ret = wc_SetKeyUsage(&myCert, "keyEncipherment,keyAgreement"); + if (ret == 0) { + ret = wc_SetKeyUsage(&myCert, "digitalSignature,nonRepudiation"); + } + if (ret == 0) { + ret = wc_SetKeyUsage(&myCert, "contentCommitment,encipherOnly"); + } + if (ret == 0) { + ret = wc_SetKeyUsage(&myCert, "decipherOnly"); + } + if (ret == 0) { + ret = wc_SetKeyUsage(&myCert, "cRLSign,keyCertSign"); + } + } + /* Test bad args. */ + if (ret == 0) { + ret = wc_SetKeyUsage(NULL, "decipherOnly"); + if (ret == BAD_FUNC_ARG) { + ret = wc_SetKeyUsage(&myCert, NULL); + } + if (ret == BAD_FUNC_ARG) { + ret = wc_SetKeyUsage(&myCert, ""); + } + if (ret == KEYUSAGE_E) { + ret = wc_SetKeyUsage(&myCert, ","); + } + if (ret == KEYUSAGE_E) { + ret = wc_SetKeyUsage(&myCert, "digitalSignature, cRLSign"); + } + if (ret == KEYUSAGE_E) { + ret = 0; + } else { + ret = SSL_FATAL_ERROR; + } + } + + printf(resultFmt, ret == 0 ? passed : failed); + +#endif + return 0; + +} /* END test_wc_SetKeyUsage */ + +/* + * Testing wc_RsaKeyToDer() + */ +static int test_wc_RsaKeyToDer (void) +{ +#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(HAVE_FIPS) + RsaKey genKey; + WC_RNG rng; + byte* der; + int ret = 0; + + der = (byte*)XMALLOC(610, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (der == NULL) { + ret = SSL_FATAL_ERROR; + } + /* Init structures. */ + if (ret == 0) { + ret = wc_InitRsaKey(&genKey, NULL); + } + if (ret == 0) { + ret = wc_InitRng(&rng); + } + /* Make key. */ + if (ret == 0) { + ret = wc_MakeRsaKey(&genKey, 1024, 65537, &rng); + if (ret != 0) { + ret = SSL_FATAL_ERROR; + } + } + + printf(testingFmt, "wc_RsaKeyToDer()"); + + if (ret == 0) { + ret = wc_RsaKeyToDer(&genKey, der, 610); + if (ret > 0) { + ret = 0; + } else { + ret = SSL_FATAL_ERROR; + } + } + #ifndef HAVE_USER_RSA + /* Pass bad args. */ + if (ret == 0) { + ret = wc_RsaKeyToDer(NULL, der, FOURK_BUF); + if (ret == BAD_FUNC_ARG) { + ret = wc_RsaKeyToDer(&genKey, NULL, FOURK_BUF); + } + if (ret == BAD_FUNC_ARG) { + /* Try Public Key. */ + genKey.type = 0; + ret = wc_RsaKeyToDer(&genKey, der, FOURK_BUF); + } + if (ret == BAD_FUNC_ARG) { + ret = 0; + } else { + ret = SSL_FATAL_ERROR; + } + } + #else + /* Pass bad args. */ + if (ret == 0) { + ret = wc_RsaKeyToDer(NULL, der, FOURK_BUF); + if (ret == USER_CRYPTO_ERROR) { + ret = wc_RsaKeyToDer(&genKey, NULL, FOURK_BUF); + } + if (ret == USER_CRYPTO_ERROR) { + /* Try Public Key. */ + genKey.type = 0; + ret = wc_RsaKeyToDer(&genKey, der, FOURK_BUF); + } + if (ret == USER_CRYPTO_ERROR) { + ret = 0; + } else { + ret = SSL_FATAL_ERROR; + } + } + #endif + + if (der != NULL) { + XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } + if (wc_FreeRsaKey(&genKey) || ret != 0) { + ret = SSL_FATAL_ERROR; + } + if (wc_FreeRng(&rng) || ret != 0) { + ret = SSL_FATAL_ERROR; + } + + printf(resultFmt, ret == 0 ? passed : failed); + +#endif + return 0; +} /* END test_wc_RsaKeyToDer */ + +/* + * Testing wc_RsaKeyToPublicDer() + */ +static int test_wc_RsaKeyToPublicDer (void) +{ +#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(HAVE_FIPS) + RsaKey key; + WC_RNG rng; + byte* der; + word32 derLen = 162; + int ret = 0; + + der = (byte*)XMALLOC(derLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (der == NULL) { + ret = SSL_FATAL_ERROR; + } + if (ret == 0) { + ret = wc_InitRsaKey(&key, NULL); + } + if (ret == 0) { + ret = wc_InitRng(&rng); + } + if (ret == 0) { + ret = wc_MakeRsaKey(&key, 1024, 65537, &rng); + } + + printf(testingFmt, "wc_RsaKeyToPublicDer()"); + + if (ret == 0) { + ret = wc_RsaKeyToPublicDer(&key, der, derLen); + if (ret >= 0) { + ret = 0; + } else { + ret = SSL_FATAL_ERROR; + } + } + + #ifndef HAVE_USER_RSA + /* Pass in bad args. */ + if (ret == 0) { + ret = wc_RsaKeyToPublicDer(NULL, der, derLen); + if (ret == BAD_FUNC_ARG) { + ret = wc_RsaKeyToPublicDer(&key, NULL, derLen); + } + if (ret == BAD_FUNC_ARG) { + ret = wc_RsaKeyToPublicDer(&key, der, -1); + } + if (ret == BAD_FUNC_ARG) { + ret = 0; + } else { + ret = SSL_FATAL_ERROR; + } + } + #else + /* Pass in bad args. */ + if (ret == 0) { + ret = wc_RsaKeyToPublicDer(NULL, der, derLen); + if (ret == USER_CRYPTO_ERROR) { + ret = wc_RsaKeyToPublicDer(&key, NULL, derLen); + } + if (ret == USER_CRYPTO_ERROR) { + ret = wc_RsaKeyToPublicDer(&key, der, -1); + } + if (ret == USER_CRYPTO_ERROR) { + ret = 0; + } else { + ret = SSL_FATAL_ERROR; + } + } + #endif + + if (der != NULL) { + XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } + if (wc_FreeRsaKey(&key) || ret != 0) { + ret = SSL_FATAL_ERROR; + } + if (wc_FreeRng(&rng) || ret != 0) { + ret = SSL_FATAL_ERROR; + } + + printf(resultFmt, ret == 0 ? passed : failed); + +#endif + return 0; + +} /* END test_wc_RsaKeyToPublicDer */ + +/* + * Testing wc_RsaPublicEncrypt() and wc_RsaPrivateDecrypt() + */ +static int test_wc_RsaPublicEncryptDecrypt (void) +{ +#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)\ + && !defined(HAVE_FIPS) + RsaKey key; + WC_RNG rng; + const char* inStr = "Everyone gets Friday off."; + word32 cipherLen = 128; + word32 plainLen = 25; + word32 inLen = (word32)XSTRLEN(inStr); + int ret; + + DECLARE_VAR_INIT(in, byte, inLen, inStr, NULL); + DECLARE_VAR(plain, byte, plainLen, NULL); + DECLARE_VAR(cipher, byte, cipherLen, NULL); + + ret = wc_InitRsaKey(&key, NULL); + if (ret == 0) { + ret = wc_InitRng(&rng); + } + if (ret == 0) { + ret = wc_MakeRsaKey(&key, 1024, 65537, &rng); + } + /* Encrypt. */ + printf(testingFmt, "wc_RsaPublicEncrypt()"); + + if (ret == 0) { + ret = wc_RsaPublicEncrypt(in, inLen, cipher, cipherLen, &key, &rng); + if (ret >= 0) { + cipherLen = ret; + ret = 0; + } else { + ret = SSL_FATAL_ERROR; + } + } + + /* Pass bad args. */ + /* Tests PsaPublicEncryptEx() which, is tested by another fn. No need dup.*/ + printf(resultFmt, ret == 0 ? passed : failed); + + /* Decrypt */ + printf(testingFmt, "wc_RsaPrivateDecrypt()"); + /* Bind rng */ + if (ret == 0) { + ret = wc_RsaSetRNG(&key, &rng); + } + if (ret == 0) { + ret = wc_RsaPrivateDecrypt(cipher, cipherLen, plain, plainLen, &key); + } + if (ret >= 0) { + ret = XMEMCMP(plain, inStr, plainLen); + } + + /* Pass in bad args. */ + /* Tests RsaPrivateDecryptEx() which, is tested by another fn. No need dup.*/ + + FREE_VAR(in, NULL); + FREE_VAR(plain, NULL); + FREE_VAR(cipher, NULL); + if (wc_FreeRsaKey(&key) || ret != 0) { + ret = SSL_FATAL_ERROR; + } + if (wc_FreeRng(&rng) || ret != 0) { + ret = SSL_FATAL_ERROR; + } + + printf(resultFmt, ret == 0 ? passed : failed); + +#endif + return 0; + +} /* END test_wc_RsaPublicEncryptDecrypt */ + +/* + * Testing wc_RsaPrivateDecrypt_ex() and wc_RsaPrivateDecryptInline_ex() + */ +static int test_wc_RsaPublicEncryptDecrypt_ex (void) +{ +#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(HAVE_FIPS)\ + && !defined(WC_NO_RSA_OAEP) && !defined(HAVE_USER_RSA) + RsaKey key; + WC_RNG rng; + const char* inStr = "Everyone gets Friday off."; + word32 inLen = (word32)XSTRLEN(inStr); + const word32 cipherSz = 128; + const word32 plainSz = 25; + byte* res = NULL; + int ret = 0; + int idx = 0; + + DECLARE_VAR_INIT(in, byte, inLen, inStr, NULL); + DECLARE_VAR(plain, byte, plainSz, NULL); + DECLARE_VAR(cipher, byte, cipherSz, NULL); + + /* Initialize stack structures. */ + XMEMSET(&rng, 0, sizeof(rng)); + XMEMSET(&key, 0, sizeof(key)); + + ret = wc_InitRsaKey_ex(&key, NULL, INVALID_DEVID); + if (ret == 0) { + ret = wc_InitRng(&rng); + } + if (ret == 0) { + ret = wc_MakeRsaKey(&key, 1024, 65537, &rng); + } + /* Encrypt */ + printf(testingFmt, "wc_RsaPublicEncrypt_ex()"); + if (ret == 0) { + ret = wc_RsaPublicEncrypt_ex(in, inLen, cipher, cipherSz, &key, &rng, + WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0); + if (ret >= 0) { + idx = ret; + ret = 0; + } else { + ret = SSL_FATAL_ERROR; + } + } + + /*Pass bad args.*/ + /* Tests RsaPublicEncryptEx again. No need duplicate. */ + printf(resultFmt, ret == 0 ? passed : failed); + + /* Decrypt */ + printf(testingFmt, "wc_RsaPrivateDecrypt_ex()"); + if (ret == 0) { + ret = wc_RsaSetRNG(&key, &rng); + if (ret == 0) { + ret = wc_RsaPrivateDecrypt_ex(cipher, (word32)idx, + plain, plainSz, &key, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, + WC_MGF1SHA1, NULL, 0); + } + if (ret >= 0) { + if (!XMEMCMP(plain, inStr, plainSz)) { + ret = 0; + } else { + ret = SSL_FATAL_ERROR; + } + } + } + + /*Pass bad args.*/ + /* Tests RsaPrivateDecryptEx() again. No need duplicate. */ + printf(resultFmt, ret == 0 ? passed : failed); + + printf(testingFmt, "wc_RsaPrivateDecryptInline_ex()"); + if (ret == 0) { + ret = wc_RsaPrivateDecryptInline_ex(cipher, (word32)idx, + &res, &key, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, + WC_MGF1SHA1, NULL, 0); + + if (ret >= 0) { + if (!XMEMCMP(inStr, res, plainSz)) { + ret = 0; + } else { + ret = SSL_FATAL_ERROR; + } + } + } + + FREE_VAR(in, NULL); + FREE_VAR(plain, NULL); + FREE_VAR(cipher, NULL); + if (wc_FreeRsaKey(&key) || ret != 0) { + ret = SSL_FATAL_ERROR; + } + if (wc_FreeRng(&rng) || ret != 0) { + ret = SSL_FATAL_ERROR; + } + + printf(resultFmt, ret == 0 ? passed : failed); + +#endif + return 0; + +} /* END test_wc_RsaPublicEncryptDecrypt_ex */ + +/* + * Tesing wc_RsaSSL_Sign() and wc_RsaSSL_Verify() + */ +static int test_wc_RsaSSL_SignVerify (void) +{ +#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) + RsaKey key; + WC_RNG rng; + const char* inStr = "Everyone gets Friday off."; + const word32 outSz = 128; + const word32 plainSz = 25; + word32 inLen = (word32)XSTRLEN(inStr); + word32 idx = 0; + int ret; + + DECLARE_VAR_INIT(in, byte, inLen, inStr, NULL); + DECLARE_VAR(out, byte, outSz, NULL); + DECLARE_VAR(plain, byte, plainSz, NULL); + + ret = wc_InitRsaKey(&key, NULL); + + if (ret == 0) { + ret = wc_InitRng(&rng); + } + + if (ret == 0) { + ret = wc_MakeRsaKey(&key, 1024, 65537, &rng); + } + /* Sign. */ + printf(testingFmt, "wc_RsaSSL_Sign()"); + + if (ret == 0) { + ret = wc_RsaSSL_Sign(in, inLen, out, outSz, &key, &rng); + if (ret == (int)outSz) { + idx = ret; + ret = 0; + } else { + ret = SSL_FATAL_ERROR; + } + } +#ifndef HAVE_USER_RSA + /* Test bad args. */ + if (ret == 0) { + ret = wc_RsaSSL_Sign(NULL, inLen, out, outSz, &key, &rng); + if (ret == BAD_FUNC_ARG) { + ret = wc_RsaSSL_Sign(in, 0, out, outSz, &key, &rng); + } + if (ret == BAD_FUNC_ARG) { + ret = wc_RsaSSL_Sign(in, inLen, NULL, outSz, &key, &rng); + } + if (ret == BAD_FUNC_ARG) { + ret = wc_RsaSSL_Sign(in, inLen, out, outSz, NULL, &rng); + } + if (ret == BAD_FUNC_ARG) { + ret = 0; + } else { + ret = SSL_FATAL_ERROR; + } + } +#else + /* Test bad args. */ + if (ret == 0) { + ret = wc_RsaSSL_Sign(NULL, inLen, out, outSz, &key, &rng); + if (ret == USER_CRYPTO_ERROR) { + ret = wc_RsaSSL_Sign(in, 0, out, outSz, &key, &rng); + } + if (ret == USER_CRYPTO_ERROR) { + ret = wc_RsaSSL_Sign(in, inLen, NULL, outSz, &key, &rng); + } + if (ret == USER_CRYPTO_ERROR) { + ret = wc_RsaSSL_Sign(in, inLen, out, outSz, NULL, &rng); + } + if (ret == USER_CRYPTO_ERROR) { + ret = 0; + } else { + ret = SSL_FATAL_ERROR; + } + } +#endif + printf(resultFmt, ret == 0 ? passed : failed); + + /* Verify. */ + printf(testingFmt, "wc_RsaSSL_Verify()"); + + if (ret == 0) { + ret = wc_RsaSSL_Verify(out, idx, plain, plainSz, &key); + if (ret == (int)inLen) { + ret = 0; + } else { + ret = SSL_FATAL_ERROR; + } + } + #ifndef HAVE_USER_RSA + /* Pass bad args. */ + if (ret == 0) { + ret = wc_RsaSSL_Verify(NULL, idx, plain, plainSz, &key); + if (ret == BAD_FUNC_ARG) { + ret = wc_RsaSSL_Verify(out, 0, plain, plainSz, &key); + } + if (ret == BAD_FUNC_ARG) { + ret = wc_RsaSSL_Verify(out, idx, NULL, plainSz, &key); + } + if (ret == BAD_FUNC_ARG) { + ret = wc_RsaSSL_Verify(out, idx, plain, plainSz, NULL); + } + if (ret == BAD_FUNC_ARG) { + ret = 0; + } else { + ret = SSL_FATAL_ERROR; + } + } + #else + /* Pass bad args. */ + if (ret == 0) { + ret = wc_RsaSSL_Verify(NULL, idx, plain, plainSz, &key); + if (ret == USER_CRYPTO_ERROR) { + ret = wc_RsaSSL_Verify(out, 0, plain, plainSz, &key); + } + if (ret == USER_CRYPTO_ERROR) { + ret = wc_RsaSSL_Verify(out, idx, NULL, plainSz, &key); + } + if (ret == USER_CRYPTO_ERROR) { + ret = wc_RsaSSL_Verify(out, idx, plain, plainSz, NULL); + } + if (ret == USER_CRYPTO_ERROR) { + ret = 0; + } else { + ret = SSL_FATAL_ERROR; + } + } + #endif + + FREE_VAR(in, NULL); + FREE_VAR(out, NULL); + FREE_VAR(plain, NULL); + if (wc_FreeRsaKey(&key) || ret != 0) { + ret = SSL_FATAL_ERROR; + } + if (wc_FreeRng(&rng) || ret != 0) { + ret = SSL_FATAL_ERROR; + } + + printf(resultFmt, ret == 0 ? passed : failed); + +#endif + return 0; + +} /* END test_wc_RsaSSL_SignVerify */ + +/* + * Testing wc_RsaEncryptSize() + */ +static int test_wc_RsaEncryptSize (void) +{ +#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) + RsaKey key; + WC_RNG rng; + int ret; + int enc128 = 128; + int enc512 = 512; + + ret = wc_InitRsaKey(&key, NULL); + + if (ret == 0) { + ret = wc_InitRng(&rng); + } + + printf(testingFmt, "wc_RsaEncryptSize()"); + if (ret == 0) { + ret = wc_MakeRsaKey(&key, 1024, 65537, &rng); + if (ret == 0) { + ret = wc_RsaEncryptSize(&key); + } + if (ret == enc128) { + ret = 0; + } else { + ret = SSL_FATAL_ERROR; + } + } + if (wc_FreeRsaKey(&key) || ret != 0) { + ret = SSL_FATAL_ERROR; + } else { + ret = 0; + } + + if (ret == 0) { + ret = wc_MakeRsaKey(&key, FOURK_BUF, 65537, &rng); + if (ret == 0) { + ret = wc_RsaEncryptSize(&key); + } + if (ret == enc512) { + ret = 0; + } else { + ret = SSL_FATAL_ERROR; + } + } + + /* Pass in bad arg. */ + if (ret == 0) { + ret = wc_RsaEncryptSize(NULL); + #ifndef HAVE_USER_RSA + if (ret == BAD_FUNC_ARG) { + ret = 0; + } else { + ret = SSL_FATAL_ERROR; + } + #endif + } + + if (wc_FreeRsaKey(&key) || ret != 0) { + ret = SSL_FATAL_ERROR; + } + if (wc_FreeRng(&rng) || ret != 0) { + ret = SSL_FATAL_ERROR; + } + + printf(resultFmt, ret == 0 ? passed : failed); + +#endif + return 0; + +} /* END test_wc_RsaEncryptSize*/ + +/* + * Testing wc_RsaFlattenPublicKey() + */ +static int test_wc_RsaFlattenPublicKey (void) +{ +#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) + RsaKey key; + WC_RNG rng; + int ret; + byte e[256]; + byte n[256]; + word32 eSz = sizeof(e); + word32 nSz = sizeof(n); + + ret = wc_InitRsaKey(&key, NULL); + if (ret == 0) { + ret = wc_InitRng(&rng); + } + + if (ret == 0) { + ret = wc_MakeRsaKey(&key, 1024, 65537, &rng); + if (ret >= 0) { + ret = 0; + } else { + ret = SSL_FATAL_ERROR; + } + } + + printf(testingFmt, "wc_RsaFlattenPublicKey()"); + + if (ret == 0) { + ret = wc_RsaFlattenPublicKey(&key, e, &eSz, n, &nSz); + } + #ifndef HAVE_USER_RSA + /* Pass bad args. */ + if (ret == 0) { + ret = wc_RsaFlattenPublicKey(NULL, e, &eSz, n, &nSz); + if (ret == BAD_FUNC_ARG) { + ret = wc_RsaFlattenPublicKey(&key, NULL, &eSz, n, &nSz); + } + if (ret == BAD_FUNC_ARG) { + ret = wc_RsaFlattenPublicKey(&key, e, NULL, n, &nSz); + } + if (ret == BAD_FUNC_ARG) { + ret = wc_RsaFlattenPublicKey(&key, e, &eSz, NULL, &nSz); + } + if (ret == BAD_FUNC_ARG) { + ret = wc_RsaFlattenPublicKey(&key, e, &eSz, n, NULL); + } + if (ret == BAD_FUNC_ARG) { + ret = 0; + } else { + ret = SSL_FATAL_ERROR; + } + } + #else + /* Pass bad args. */ + if (ret == 0) { + ret = wc_RsaFlattenPublicKey(NULL, e, &eSz, n, &nSz); + if (ret == USER_CRYPTO_ERROR) { + ret = wc_RsaFlattenPublicKey(&key, NULL, &eSz, n, &nSz); + } + if (ret == USER_CRYPTO_ERROR) { + ret = wc_RsaFlattenPublicKey(&key, e, NULL, n, &nSz); + } + if (ret == USER_CRYPTO_ERROR) { + ret = wc_RsaFlattenPublicKey(&key, e, &eSz, NULL, &nSz); + } + if (ret == USER_CRYPTO_ERROR) { + ret = wc_RsaFlattenPublicKey(&key, e, &eSz, n, NULL); + } + if (ret == USER_CRYPTO_ERROR) { + ret = 0; + } else { + ret = SSL_FATAL_ERROR; + } + } + #endif + if (wc_FreeRsaKey(&key) || ret != 0) { + ret = SSL_FATAL_ERROR; + } + if (wc_FreeRng(&rng) || ret != 0) { + ret = SSL_FATAL_ERROR; + } + + printf(resultFmt, ret == 0 ? passed : failed); + +#endif + return 0; + +} /* END test_wc_RsaFlattenPublicKey */ + + + /*----------------------------------------------------------------------------* | Compatibility Tests *----------------------------------------------------------------------------*/ @@ -8361,6 +9453,19 @@ void ApiTest(void) AssertIntEQ(test_wc_AesGcmEncryptDecrypt(), 0); AssertIntEQ(test_wc_GmacSetKey(), 0); AssertIntEQ(test_wc_GmacUpdate(), 0); + AssertIntEQ(test_wc_InitRsaKey(), 0); + AssertIntEQ(test_wc_RsaPrivateKeyDecode(), 0); + AssertIntEQ(test_wc_RsaPublicKeyDecode(), 0); + AssertIntEQ(test_wc_RsaPublicKeyDecodeRaw(), 0); + AssertIntEQ(test_wc_MakeRsaKey(), 0); + AssertIntEQ(test_wc_SetKeyUsage (), 0); + AssertIntEQ(test_wc_RsaKeyToDer(), 0); + AssertIntEQ(test_wc_RsaKeyToPublicDer(), 0); + AssertIntEQ(test_wc_RsaPublicEncryptDecrypt(), 0); + AssertIntEQ(test_wc_RsaPublicEncryptDecrypt_ex(), 0); + AssertIntEQ(test_wc_RsaEncryptSize(), 0); + AssertIntEQ(test_wc_RsaSSL_SignVerify(), 0); + AssertIntEQ(test_wc_RsaFlattenPublicKey(), 0); printf(" End API Tests\n"); } diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index e73794748..46ae3bd0c 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -1861,6 +1861,9 @@ int wc_RsaPrivateKeyDecode(const byte* input, word32* inOutIdx, RsaKey* key, { int version, length; + if (inOutIdx == NULL) { + return BAD_FUNC_ARG; + } if (GetSequence(input, inOutIdx, &length, inSz) < 0) return ASN_PARSE_E; @@ -6996,8 +6999,12 @@ int wc_RsaKeyToPublicDer(RsaKey* key, byte* output, word32 inLen) selfSigned = 1 (true) use subject as issuer subject = blank */ -void wc_InitCert(Cert* cert) +int wc_InitCert(Cert* cert) { + if (cert == NULL) { + return BAD_FUNC_ARG; + } + cert->version = 2; /* version 3 is hex 2 */ cert->sigType = CTC_SHAwRSA; cert->daysValid = 500; @@ -7061,6 +7068,8 @@ void wc_InitCert(Cert* cert) #else cert->heap = NULL; #endif + + return 0; } diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index b55aaf3a3..55ed7eed6 100755 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -25,6 +25,7 @@ #endif #include +#include #ifndef NO_RSA @@ -52,12 +53,19 @@ RSA Key Size Configuration: #ifdef HAVE_FIPS int wc_InitRsaKey(RsaKey* key, void* ptr) { + if (key == NULL) { + return BAD_FUNC_ARG; + } + return InitRsaKey_fips(key, ptr); } int wc_InitRsaKey_ex(RsaKey* key, void* ptr, int devId) { (void)devId; + if (key == NULL) { + return BAD_FUNC_ARG; + } return InitRsaKey_fips(key, ptr); } @@ -70,6 +78,9 @@ int wc_FreeRsaKey(RsaKey* key) int wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out, word32 outLen, RsaKey* key, WC_RNG* rng) { + if (in == NULL || out == NULL || key == NULL || rng == NULL) { + return BAD_FUNC_ARG; + } return RsaPublicEncrypt_fips(in, inLen, out, outLen, key, rng); } @@ -77,6 +88,9 @@ int wc_RsaPublicEncrypt(const byte* in, word32 inLen, byte* out, int wc_RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out, RsaKey* key) { + if (in == NULL || out == NULL || key == NULL) { + return BAD_FUNC_ARG; + } return RsaPrivateDecryptInline_fips(in, inLen, out, key); } @@ -84,6 +98,9 @@ int wc_RsaPrivateDecryptInline(byte* in, word32 inLen, byte** out, int wc_RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out, word32 outLen, RsaKey* key) { + if (in == NULL || out == NULL || key == NULL) { + return BAD_FUNC_ARG; + } return RsaPrivateDecrypt_fips(in, inLen, out, outLen, key); } @@ -91,12 +108,18 @@ int wc_RsaPrivateDecrypt(const byte* in, word32 inLen, byte* out, int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen, RsaKey* key, WC_RNG* rng) { + if (in == NULL || out == NULL || key == NULL || inLen == 0) { + return BAD_FUNC_ARG; + } return RsaSSL_Sign_fips(in, inLen, out, outLen, key, rng); } int wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, RsaKey* key) { + if (in == NULL || out == NULL || key == NULL) { + return BAD_FUNC_ARG; + } return RsaSSL_VerifyInline_fips(in, inLen, out, key); } @@ -104,12 +127,18 @@ int wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, RsaKey* key) int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out, word32 outLen, RsaKey* key) { + if (in == NULL || out == NULL || key == NULL || inLen == 0) { + return BAD_FUNC_ARG; + } return RsaSSL_Verify_fips(in, inLen, out, outLen, key); } int wc_RsaEncryptSize(RsaKey* key) { + if (key == NULL) { + return BAD_FUNC_ARG; + } return RsaEncryptSize_fips(key); } @@ -117,6 +146,7 @@ int wc_RsaEncryptSize(RsaKey* key) int wc_RsaFlattenPublicKey(RsaKey* key, byte* a, word32* aSz, byte* b, word32* bSz) { + /* not specified as fips so not needing _fips */ return RsaFlattenPublicKey(key, a, aSz, b, bSz); } @@ -136,7 +166,6 @@ int wc_RsaFlattenPublicKey(RsaKey* key, byte* a, word32* aSz, byte* b, #else /* else build without fips */ #include -#include #include #ifdef NO_INLINE #include @@ -1568,7 +1597,13 @@ int wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, RsaKey* key) int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out, word32 outLen, RsaKey* key) { - WC_RNG* rng = NULL; + WC_RNG* rng; + + if (key == NULL) { + return BAD_FUNC_ARG; + } + + rng = NULL; #ifdef WC_RSA_BLINDING rng = key->rng; #endif @@ -1637,6 +1672,9 @@ int wc_RsaPSS_Sign(const byte* in, word32 inLen, byte* out, word32 outLen, int wc_RsaEncryptSize(RsaKey* key) { + if (key == NULL) { + return BAD_FUNC_ARG; + } return mp_unsigned_bin_size(&key->n); } diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index fda01a807..527dd1679 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -7199,7 +7199,9 @@ int rsa_test(void) ERROR_OUT(-5571, exit_rsa); } - wc_InitCert(&myCert); + if (wc_InitCert(&myCert)) { + ERROR_OUT(-5572, exit_rsa); + } strncpy(myCert.subject.country, "US", CTC_NAME_SIZE); strncpy(myCert.subject.state, "OR", CTC_NAME_SIZE); @@ -7221,17 +7223,17 @@ int rsa_test(void) /* add SKID from the Public Key */ if (wc_SetSubjectKeyIdFromPublicKey(&myCert, &keypub, NULL) != 0) { - ERROR_OUT(-5572, exit_rsa); + ERROR_OUT(-5573, exit_rsa); } /* add AKID from the Public Key */ if (wc_SetAuthKeyIdFromPublicKey(&myCert, &keypub, NULL) != 0) { - ERROR_OUT(-5573, exit_rsa); + ERROR_OUT(-5574, exit_rsa); } /* add Key Usage */ if (wc_SetKeyUsage(&myCert,"cRLSign,keyCertSign") != 0) { - ERROR_OUT(-5574, exit_rsa); + ERROR_OUT(-5575, exit_rsa); } #endif /* WOLFSSL_CERT_EXT */ @@ -7245,7 +7247,7 @@ int rsa_test(void) } } while (ret == WC_PENDING_E); if (ret < 0) { - ERROR_OUT(-5575, exit_rsa); + ERROR_OUT(-5576, exit_rsa); } certSz = ret; @@ -7254,7 +7256,7 @@ int rsa_test(void) ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0); if (ret != 0) { FreeDecodedCert(&decode); - ERROR_OUT(-5576, exit_rsa); + ERROR_OUT(-5577, exit_rsa); } FreeDecodedCert(&decode); #endif @@ -7262,29 +7264,29 @@ int rsa_test(void) #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES) derFile = fopen(certDerFile, "wb"); if (!derFile) { - ERROR_OUT(-5577, exit_rsa); + ERROR_OUT(-5578, exit_rsa); } ret = (int)fwrite(der, 1, certSz, derFile); fclose(derFile); if (ret != certSz) { - ERROR_OUT(-5578, exit_rsa); + ERROR_OUT(-5579, exit_rsa); } #endif pemSz = wc_DerToPem(der, certSz, pem, FOURK_BUF, CERT_TYPE); if (pemSz < 0) { - ERROR_OUT(-5579, exit_rsa); + ERROR_OUT(-5580, exit_rsa); } #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES) pemFile = fopen(certPemFile, "wb"); if (!pemFile) { - ERROR_OUT(-5580, exit_rsa); + ERROR_OUT(-5581, exit_rsa); } ret = (int)fwrite(pem, 1, pemSz, pemFile); fclose(pemFile); if (ret != pemSz) { - ERROR_OUT(-5581, exit_rsa); + ERROR_OUT(-5582, exit_rsa); } #endif @@ -7345,7 +7347,9 @@ int rsa_test(void) ERROR_OUT(-5604, exit_rsa); } - wc_InitCert(&myCert); + if (wc_InitCert(&myCert)) { + ERROR_OUT(-5617, exit_rsa); + } #ifdef NO_SHA myCert.sigType = CTC_SHA256wRSA; @@ -7519,7 +7523,9 @@ int rsa_test(void) ERROR_OUT(-5624, exit_rsa); } - wc_InitCert(&myCert); + if (wc_InitCert(&myCert)) { + ERROR_OUT(-5640, exit_rsa); + } myCert.sigType = CTC_SHA256wECDSA; strncpy(myCert.subject.country, "US", CTC_NAME_SIZE); @@ -7739,7 +7745,9 @@ int rsa_test(void) ERROR_OUT(-5658, exit_rsa); } - wc_InitCert(&myCert); + if (wc_InitCert(&myCert)) { + ERROR_OUT(-5573, exit_rsa); + } strncpy(myCert.subject.country, "US", CTC_NAME_SIZE); strncpy(myCert.subject.state, "OR", CTC_NAME_SIZE); @@ -7886,7 +7894,9 @@ int rsa_test(void) ERROR_OUT(-5681, exit_rsa); } - wc_InitCert(&req); + if (wc_InitCert(&req)) { + ERROR_OUT(-5691, exit_rsa); + } req.version = 0; req.isCA = 1; diff --git a/wolfcrypt/user-crypto/src/rsa.c b/wolfcrypt/user-crypto/src/rsa.c index 3040211bd..65c23d76f 100644 --- a/wolfcrypt/user-crypto/src/rsa.c +++ b/wolfcrypt/user-crypto/src/rsa.c @@ -928,6 +928,10 @@ int wc_RsaPrivateKeyDecode(const byte* input, word32* inOutIdx, RsaKey* key, int ctxSz, pSz, qSz; IppStatus ret; + if (input == NULL || inOutIdx == NULL || key == NULL) { + return USER_CRYPTO_ERROR; + } + USER_DEBUG(("Entering wc_RsaPrivateKeyDecode\n")); /* read in key information */ @@ -1066,6 +1070,10 @@ int wc_RsaPublicKeyDecode(const byte* input, word32* inOutIdx, RsaKey* key, byte b; #endif + if (input == NULL || inOutIdx == NULL || key == NULL) { + return USER_CRYPTO_ERROR; + } + USER_DEBUG(("Entering wc_RsaPublicKeyDecode\n")); if (GetSequence(input, inOutIdx, &length, inSz) < 0) @@ -1246,7 +1254,7 @@ int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz, const byte* e, key->eSz = eSz; key->type = RSA_PUBLIC; - return USER_CRYPTO_ERROR; + return 0; } @@ -1636,13 +1644,14 @@ int wc_RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen, USER_DEBUG(("Entering wc_RsaSSL_Sign\n")); - sz = key->sz; - if (in == NULL || out == NULL || key == NULL || rng == NULL) { USER_DEBUG(("Bad argument to wc_RsaSSL_Sign\n")); return USER_CRYPTO_ERROR; } + sz = key->sz; + + /* sanity check on key being used */ if (key->pipp == NULL || key->qipp == NULL || key->uipp == NULL || key->dPipp == NULL || key->dQipp == NULL) { diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h index 0b4a8653b..8f9a25b86 100644 --- a/wolfssl/wolfcrypt/asn_public.h +++ b/wolfssl/wolfcrypt/asn_public.h @@ -180,7 +180,7 @@ typedef struct Cert { isCA = 0 (false) keyType = RSA_KEY (default) */ -WOLFSSL_API void wc_InitCert(Cert*); +WOLFSSL_API int wc_InitCert(Cert*); WOLFSSL_API int wc_MakeCert_ex(Cert* cert, byte* derBuffer, word32 derSz, int keyType, void* key, WC_RNG* rng); WOLFSSL_API int wc_MakeCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*,