From 702dbcf570047abc43d0e89d1782cf0914b009fc Mon Sep 17 00:00:00 2001 From: Ludovic FLAMENT Date: Sun, 5 Jul 2015 20:10:43 +0200 Subject: [PATCH] align return code, coding style (tab-> space, line with 80 char), curve_idx validity --- src/ssl.c | 3336 +++++++++++++++++--------------- wolfcrypt/src/asn.c | 169 +- wolfcrypt/src/ecc.c | 622 +++--- wolfcrypt/src/integer.c | 227 +-- wolfcrypt/src/tfm.c | 194 +- wolfssl/openssl/bn.h | 20 +- wolfssl/openssl/dh.h | 9 +- wolfssl/openssl/dsa.h | 25 +- wolfssl/openssl/ec.h | 170 +- wolfssl/openssl/ecdh.h | 9 +- wolfssl/openssl/ecdsa.h | 26 +- wolfssl/ssl.h | 2 +- wolfssl/wolfcrypt/asn.h | 14 +- wolfssl/wolfcrypt/asn_public.h | 14 +- wolfssl/wolfcrypt/dsa.h | 19 +- wolfssl/wolfcrypt/ecc.h | 20 +- 16 files changed, 2562 insertions(+), 2314 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 564605344..a947a8aee 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -567,7 +567,7 @@ static int wolfSSL_read_internal(WOLFSSL* ssl, void* data, int sz, int peek) #ifdef HAVE_MAX_FRAGMENT ret = ReceiveData(ssl, (byte*)data, - min(sz, min(ssl->max_fragment, OUTPUT_RECORD_SIZE)), peek); + min(sz, min(ssl->max_fragment, OUTPUT_RECORD_SIZE)),peek); #else ret = ReceiveData(ssl, (byte*)data, min(sz, OUTPUT_RECORD_SIZE), peek); #endif @@ -635,7 +635,8 @@ int wolfSSL_UseSNI(WOLFSSL* ssl, byte type, const void* data, word16 size) return TLSX_UseSNI(&ssl->extensions, type, data, size); } -int wolfSSL_CTX_UseSNI(WOLFSSL_CTX* ctx, byte type, const void* data, word16 size) +int wolfSSL_CTX_UseSNI(WOLFSSL_CTX* ctx, byte type, + const void* data, word16 size) { if (ctx == NULL) return BAD_FUNC_ARG; @@ -673,8 +674,8 @@ word16 wolfSSL_SNI_GetRequest(WOLFSSL* ssl, byte type, void** data) return 0; } -int wolfSSL_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz, byte type, - byte* sni, word32* inOutSz) +int wolfSSL_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz, + byte type, byte* sni, word32* inOutSz) { if (clientHello && helloSz > 0 && sni && inOutSz && *inOutSz > 0) return TLSX_SNI_GetFromBuffer(clientHello, helloSz, type, sni, inOutSz); @@ -929,7 +930,8 @@ int wolfSSL_CTX_UseSessionTicket(WOLFSSL_CTX* ctx) return TLSX_UseSessionTicket(&ctx->extensions, NULL); } -WOLFSSL_API int wolfSSL_get_SessionTicket(WOLFSSL* ssl, byte* buf, word32* bufSz) +WOLFSSL_API int wolfSSL_get_SessionTicket(WOLFSSL* ssl, + byte* buf, word32* bufSz) { if (ssl == NULL || buf == NULL || bufSz == NULL || *bufSz == 0) return BAD_FUNC_ARG; @@ -1371,7 +1373,7 @@ WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew(void) WOLFSSL_ENTER("wolfSSL_CertManagerNew"); cm = (WOLFSSL_CERT_MANAGER*) XMALLOC(sizeof(WOLFSSL_CERT_MANAGER), 0, - DYNAMIC_TYPE_CERT_MANAGER); + DYNAMIC_TYPE_CERT_MANAGER); if (cm) { XMEMSET(cm, 0, sizeof(WOLFSSL_CERT_MANAGER)); @@ -1429,8 +1431,7 @@ int wolfSSL_CertManagerUnloadCAs(WOLFSSL_CERT_MANAGER* cm) /* Return bytes written to buff or < 0 for error */ int wolfSSL_CertPemToDer(const unsigned char* pem, int pemSz, - unsigned char* buff, int buffSz, - int type) + unsigned char* buff, int buffSz, int type) { int eccKey = 0; int ret; @@ -1455,7 +1456,7 @@ int wolfSSL_CertPemToDer(const unsigned char* pem, int pemSz, #ifdef WOLFSSL_SMALL_STACK info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_TMP_BUFFER); if (info == NULL) return MEMORY_E; #endif @@ -1509,8 +1510,8 @@ static INLINE int OurPasswordCb(char* passwd, int sz, int rw, void* userdata) /* Return bytes written to buff or < 0 for error */ -int wolfSSL_KeyPemToDer(const unsigned char* pem, int pemSz, unsigned char* buff, - int buffSz, const char* pass) +int wolfSSL_KeyPemToDer(const unsigned char* pem, int pemSz, + unsigned char* buff, int buffSz, const char* pass) { int eccKey = 0; int ret; @@ -1530,7 +1531,7 @@ int wolfSSL_KeyPemToDer(const unsigned char* pem, int pemSz, unsigned char* buff #ifdef WOLFSSL_SMALL_STACK info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_TMP_BUFFER); if (info == NULL) return MEMORY_E; #endif @@ -1554,7 +1555,7 @@ int wolfSSL_KeyPemToDer(const unsigned char* pem, int pemSz, unsigned char* buff wolfSSL_CTX_set_default_passwd_cb_userdata(info->ctx, (void*)pass); } #else - (void)pass; + (void)pass; #endif ret = PemToDer(pem, pemSz, PRIVATEKEY_TYPE, &der, NULL, info, &eccKey); @@ -1875,8 +1876,8 @@ Signer* GetCAByName(void* vp, byte* hash) for (row = 0; row < CA_TABLE_SIZE && ret == NULL; row++) { signers = cm->caTable[row]; while (signers && ret == NULL) { - if (XMEMCMP(hash, - signers->subjectNameHash, SIGNER_DIGEST_SIZE) == 0) { + if (XMEMCMP(hash, signers->subjectNameHash, + SIGNER_DIGEST_SIZE) == 0) { ret = signers; } signers = signers->next; @@ -1908,7 +1909,7 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, buffer der, int type, int verify) #ifdef WOLFSSL_SMALL_STACK cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_TMP_BUFFER); if (cert == NULL) return MEMORY_E; #endif @@ -1929,7 +1930,7 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, buffer der, int type, int verify) } #ifndef ALLOW_INVALID_CERTSIGN else if (ret == 0 && cert->isCA == 1 && type != WOLFSSL_USER_CA && - (cert->extKeyUsage & KEYUSE_KEY_CERT_SIGN) == 0) { + (cert->extKeyUsage & KEYUSE_KEY_CERT_SIGN) == 0) { /* Intermediate CA certs are required to have the keyCertSign * extension set. User loaded root certs are not. */ WOLFSSL_MSG(" Doesn't have key usage certificate signing"); @@ -1957,10 +1958,10 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, buffer der, int type, int verify) #endif #ifndef NO_SKID XMEMCPY(signer->subjectKeyIdHash, cert->extSubjKeyId, - SIGNER_DIGEST_SIZE); + SIGNER_DIGEST_SIZE); #endif XMEMCPY(signer->subjectNameHash, cert->subjectHash, - SIGNER_DIGEST_SIZE); + SIGNER_DIGEST_SIZE); signer->keyUsage = cert->extKeyUsageSet ? cert->extKeyUsage : 0xFFFF; signer->next = NULL; /* If Key Usage not set, all uses valid. */ @@ -2109,81 +2110,80 @@ int wolfSSL_Init(void) #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) -static int wolfssl_decrypt_buffer_key(buffer* der, byte* password, int passwordSz, EncryptedInfo* info) +static int wolfssl_decrypt_buffer_key(buffer* der, byte* password, + int passwordSz, EncryptedInfo* info) { - int ret; + int ret; #ifdef WOLFSSL_SMALL_STACK - byte* key = NULL; - byte* iv = NULL; + byte* key = NULL; + byte* iv = NULL; #else - byte key[AES_256_KEY_SIZE]; + byte key[AES_256_KEY_SIZE]; #ifndef NO_MD5 - byte iv[AES_IV_SIZE]; + byte iv[AES_IV_SIZE]; #endif #endif - if (der == NULL || password == NULL || info == NULL) - return SSL_FATAL_ERROR; + if (der == NULL || password == NULL || info == NULL) + return SSL_FATAL_ERROR; - /* use file's salt for key derivation, hex decode first */ - if (Base16_Decode(info->iv, info->ivSz, info->iv, &info->ivSz) != 0) - return ASN_INPUT_E; + /* use file's salt for key derivation, hex decode first */ + if (Base16_Decode(info->iv, info->ivSz, info->iv, &info->ivSz) != 0) + return ASN_INPUT_E; #ifndef NO_MD5 #ifdef WOLFSSL_SMALL_STACK - iv = (byte*)XMALLOC(AES_IV_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (iv == NULL) - return MEMORY_E; + iv = (byte*)XMALLOC(AES_IV_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (iv == NULL) + return MEMORY_E; - key = (byte*)XMALLOC(AES_256_KEY_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (key == NULL) { - XFREE(iv, NULL, DYNAMIC_TYPE_TMP_BUFFER); - return MEMORY_E; - } + key = (byte*)XMALLOC(AES_256_KEY_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (key == NULL) { + XFREE(iv, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return MEMORY_E; + } #endif /* WOLFSSL_SMALL_STACK */ - if ((ret = EVP_BytesToKey(info->name, "MD5", info->iv, - password, passwordSz, 1, key, iv)) <= 0) { + if ((ret = EVP_BytesToKey(info->name, "MD5", info->iv, + password, passwordSz, 1, key, iv)) <= 0) { - #ifdef WOLFSSL_SMALL_STACK - XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(iv, NULL, DYNAMIC_TYPE_TMP_BUFFER); - #endif - return ASN_INPUT_E; - } + XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(iv, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return ASN_INPUT_E; + } #endif /* NO_MD5 */ #ifndef NO_DES3 - if (XSTRNCMP(info->name, "DES-CBC", 7) == 0) - ret = wc_Des_CbcDecryptWithKey(der->buffer, der->buffer, der->length, - key, info->iv); - else if (XSTRNCMP(info->name, "DES-EDE3-CBC", 12) == 0) - ret = wc_Des3_CbcDecryptWithKey(der->buffer, der->buffer, der->length, - key, info->iv); + if (XSTRNCMP(info->name, "DES-CBC", 7) == 0) + ret = wc_Des_CbcDecryptWithKey(der->buffer, der->buffer, der->length, + key, info->iv); + else if (XSTRNCMP(info->name, "DES-EDE3-CBC", 12) == 0) + ret = wc_Des3_CbcDecryptWithKey(der->buffer, der->buffer, der->length, + key, info->iv); #endif /* NO_DES3 */ #ifndef NO_AES - else if (XSTRNCMP(info->name, "AES-128-CBC", 11) == 0) - ret = wc_AesCbcDecryptWithKey(der->buffer, der->buffer, der->length, - key, AES_128_KEY_SIZE, info->iv); - else if (XSTRNCMP(info->name, "AES-192-CBC", 11) == 0) - ret = wc_AesCbcDecryptWithKey(der->buffer, der->buffer, der->length, - key, AES_192_KEY_SIZE, info->iv); - else if (XSTRNCMP(info->name, "AES-256-CBC", 11) == 0) - ret = wc_AesCbcDecryptWithKey(der->buffer, der->buffer, der->length, - key, AES_256_KEY_SIZE, info->iv); + else if (XSTRNCMP(info->name, "AES-128-CBC", 11) == 0) + ret = wc_AesCbcDecryptWithKey(der->buffer, der->buffer, der->length, + key, AES_128_KEY_SIZE, info->iv); + else if (XSTRNCMP(info->name, "AES-192-CBC", 11) == 0) + ret = wc_AesCbcDecryptWithKey(der->buffer, der->buffer, der->length, + key, AES_192_KEY_SIZE, info->iv); + else if (XSTRNCMP(info->name, "AES-256-CBC", 11) == 0) + ret = wc_AesCbcDecryptWithKey(der->buffer, der->buffer, der->length, + key, AES_256_KEY_SIZE, info->iv); #endif /* NO_AES */ - else - ret = SSL_BAD_FILE; + else + ret = SSL_BAD_FILE; #ifdef WOLFSSL_SMALL_STACK - XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(iv, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(iv, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif - return ret; + return ret; } #endif /* defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) */ @@ -2224,27 +2224,27 @@ int PemToDer(const unsigned char* buff, long longSz, int type, int ret = 0; int dynamicType = 0; int sz = (int)longSz; - int encrypted_key = 0; + int encrypted_key = 0; switch (type) { case CA_TYPE: /* same as below */ - case CERT_TYPE: header= BEGIN_CERT; footer= END_CERT; break; - case CRL_TYPE: header= BEGIN_X509_CRL; footer= END_X509_CRL; break; - case DH_PARAM_TYPE: header= BEGIN_DH_PARAM; footer= END_DH_PARAM; break; - case CERTREQ_TYPE: header= BEGIN_CERT_REQ; footer= END_CERT_REQ; break; - case DSA_TYPE: header= BEGIN_DSA_PRIV; footer= END_DSA_PRIV; break; - case ECC_TYPE: header= BEGIN_EC_PRIV; footer= END_EC_PRIV; break; - case RSA_TYPE: header= BEGIN_RSA_PRIV; footer= END_RSA_PRIV; break; - default: header= BEGIN_RSA_PRIV; footer= END_RSA_PRIV; break; + case CERT_TYPE: header=BEGIN_CERT; footer=END_CERT; break; + case CRL_TYPE: header=BEGIN_X509_CRL; footer=END_X509_CRL; break; + case DH_PARAM_TYPE: header=BEGIN_DH_PARAM; footer=END_DH_PARAM; break; + case CERTREQ_TYPE: header=BEGIN_CERT_REQ; footer=END_CERT_REQ; break; + case DSA_TYPE: header=BEGIN_DSA_PRIV; footer=END_DSA_PRIV; break; + case ECC_TYPE: header=BEGIN_EC_PRIV; footer=END_EC_PRIV; break; + case RSA_TYPE: header=BEGIN_RSA_PRIV; footer=END_RSA_PRIV; break; + default: header=BEGIN_RSA_PRIV; footer=END_RSA_PRIV; break; } switch (type) { case CA_TYPE: dynamicType = DYNAMIC_TYPE_CA; break; case CERT_TYPE: dynamicType = DYNAMIC_TYPE_CERT; break; case CRL_TYPE: dynamicType = DYNAMIC_TYPE_CRL; break; - case DSA_TYPE: dynamicType = DYNAMIC_TYPE_DSA; break; - case ECC_TYPE: dynamicType = DYNAMIC_TYPE_ECC; break; - case RSA_TYPE: dynamicType = DYNAMIC_TYPE_RSA; break; + case DSA_TYPE: dynamicType = DYNAMIC_TYPE_DSA; break; + case ECC_TYPE: dynamicType = DYNAMIC_TYPE_ECC; break; + case RSA_TYPE: dynamicType = DYNAMIC_TYPE_RSA; break; default: dynamicType = DYNAMIC_TYPE_KEY; break; } @@ -2327,7 +2327,7 @@ int PemToDer(const unsigned char* buff, long longSz, int type, newline++; headerEnd = newline; - encrypted_key = 1; + encrypted_key = 1; } } #endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */ @@ -2363,8 +2363,8 @@ int PemToDer(const unsigned char* buff, long longSz, int type, der->length = (word32)neededSz; - if (Base64_Decode((byte*)headerEnd, (word32)neededSz, der->buffer, - &der->length) < 0) + if (Base64_Decode((byte*)headerEnd, (word32)neededSz, + der->buffer, &der->length) < 0) return SSL_BAD_FILE; if (header == BEGIN_PRIV_KEY && !encrypted_key) { @@ -2394,31 +2394,33 @@ int PemToDer(const unsigned char* buff, long longSz, int type, return MEMORY_E; #endif passwordSz = info->ctx->passwd_cb(password, sizeof(password), 0, - info->ctx->userdata); + info->ctx->userdata); /* convert and adjust length */ - if (header == BEGIN_ENC_PRIV_KEY) { - ret = ToTraditionalEnc(der->buffer, der->length, password, passwordSz); + if (header == BEGIN_ENC_PRIV_KEY) { + ret = ToTraditionalEnc(der->buffer, der->length, + password, passwordSz); #ifdef WOLFSSL_SMALL_STACK - XFREE(password, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(password, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif - if (ret < 0) { - XFREE(der->buffer, heap, dynamicType); - return ret; - } + if (ret < 0) { + XFREE(der->buffer, heap, dynamicType); + return ret; + } - der->length = ret; - } - /* decrypt the key */ - else { - ret = wolfssl_decrypt_buffer_key(der, (byte*)password, passwordSz, info); + der->length = ret; + } + /* decrypt the key */ + else { + ret = wolfssl_decrypt_buffer_key(der, (byte*)password, + passwordSz, info); #ifdef WOLFSSL_SMALL_STACK - XFREE(password, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(password, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif - if (ret != 0) { - XFREE(der->buffer, heap, dynamicType); - return ret; - } - } + if (ret != 0) { + XFREE(der->buffer, heap, dynamicType); + return ret; + } + } } #endif /* OPENSSL_EXTRA || HAVE_WEBSERVER || NO_PWDBASED */ @@ -2467,7 +2469,7 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, #ifdef WOLFSSL_SMALL_STACK info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_TMP_BUFFER); if (info == NULL) return MEMORY_E; #endif @@ -2528,7 +2530,7 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, part.buffer = 0; ret = PemToDer(buff + consumed, sz - consumed, type, &part, - heap, info, &eccKey); + heap, info, &eccKey); if (ret == 0) { gotOne = 1; if ( (idx + part.length) > bufferSz) { @@ -2572,9 +2574,8 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, if (shrinked) { if (ssl) { if (ssl->buffers.certChain.buffer && - ssl->buffers.weOwnCertChain) { - XFREE(ssl->buffers.certChain.buffer, heap, - dynamicType); + ssl->buffers.weOwnCertChain) { + XFREE(ssl->buffers.certChain.buffer, heap, dynamicType); } ssl->buffers.certChain.buffer = shrinked; ssl->buffers.certChain.length = idx; @@ -2615,7 +2616,7 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, } #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) - /* for SSL_FILETYPE_PEM, PemToDer manage the decryption if required */ + /* for SSL_FILETYPE_PEM, PemToDer manage the decryption if required */ if (info->set && (format != SSL_FILETYPE_PEM)) { /* decrypt */ int passwordSz; @@ -2628,17 +2629,19 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, #ifdef WOLFSSL_SMALL_STACK password = (char*)XMALLOC(80, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (password == NULL) - ret = MEMORY_E; + ret = MEMORY_E; else #endif if (!ctx || !ctx->passwd_cb) { ret = NO_PASSWORD; } else { - passwordSz = ctx->passwd_cb(password, sizeof(password), 0, ctx->userdata); + passwordSz = ctx->passwd_cb(password, sizeof(password), + 0, ctx->userdata); - /* decrypt the key */ - ret = wolfssl_decrypt_buffer_key(&der, (byte*)password, passwordSz, info); + /* decrypt the key */ + ret = wolfssl_decrypt_buffer_key(&der, (byte*)password, + passwordSz, info); } #ifdef WOLFSSL_SMALL_STACK @@ -2712,15 +2715,15 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, #ifdef WOLFSSL_SMALL_STACK key = (RsaKey*)XMALLOC(sizeof(RsaKey), NULL, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_TMP_BUFFER); if (key == NULL) return MEMORY_E; #endif ret = wc_InitRsaKey(key, 0); if (ret == 0) { - if (wc_RsaPrivateKeyDecode(der.buffer, &idx, key, der.length) != - 0) { + if (wc_RsaPrivateKeyDecode(der.buffer, &idx, key, der.length) + != 0) { #ifdef HAVE_ECC /* could have DER ECC (or pkcs8 ecc), no easy way to tell */ eccKey = 1; /* so try it out */ @@ -2772,7 +2775,7 @@ static int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, #ifdef WOLFSSL_SMALL_STACK cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_TMP_BUFFER); if (cert == NULL) return MEMORY_E; #endif @@ -2909,7 +2912,7 @@ int wolfSSL_CertManagerLoadCABuffer(WOLFSSL_CERT_MANAGER* cm, /* Verify the ceritficate, SSL_SUCCESS for ok, < 0 for error */ int wolfSSL_CertManagerVerifyBuffer(WOLFSSL_CERT_MANAGER* cm, const byte* buff, - long sz, int format) + long sz, int format) { int ret = 0; buffer der; @@ -2923,7 +2926,7 @@ int wolfSSL_CertManagerVerifyBuffer(WOLFSSL_CERT_MANAGER* cm, const byte* buff, #ifdef WOLFSSL_SMALL_STACK cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_TMP_BUFFER); if (cert == NULL) return MEMORY_E; #endif @@ -2941,7 +2944,7 @@ int wolfSSL_CertManagerVerifyBuffer(WOLFSSL_CERT_MANAGER* cm, const byte* buff, #ifdef WOLFSSL_SMALL_STACK info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_TMP_BUFFER); if (info == NULL) { XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER); return MEMORY_E; @@ -2995,7 +2998,7 @@ int wolfSSL_CertManagerEnableOCSP(WOLFSSL_CERT_MANAGER* cm, int options) #ifdef HAVE_OCSP if (cm->ocsp == NULL) { cm->ocsp = (WOLFSSL_OCSP*)XMALLOC(sizeof(WOLFSSL_OCSP), cm->heap, - DYNAMIC_TYPE_OCSP); + DYNAMIC_TYPE_OCSP); if (cm->ocsp == NULL) return MEMORY_E; @@ -3062,7 +3065,7 @@ int wolfSSL_CertManagerCheckOCSP(WOLFSSL_CERT_MANAGER* cm, byte* der, int sz) #ifdef WOLFSSL_SMALL_STACK cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_TMP_BUFFER); if (cert == NULL) return MEMORY_E; #endif @@ -3086,7 +3089,7 @@ int wolfSSL_CertManagerCheckOCSP(WOLFSSL_CERT_MANAGER* cm, byte* der, int sz) int wolfSSL_CertManagerSetOCSPOverrideURL(WOLFSSL_CERT_MANAGER* cm, - const char* url) + const char* url) { WOLFSSL_ENTER("wolfSSL_CertManagerSetOCSPOverrideURL"); if (cm == NULL) @@ -3160,7 +3163,7 @@ int wolfSSL_SetOCSP_Cb(WOLFSSL* ssl, WOLFSSL_ENTER("wolfSSL_SetOCSP_Cb"); if (ssl) return wolfSSL_CertManagerSetOCSP_Cb(ssl->ctx->cm, - ioCb, respFreeCb, ioCbCtx); + ioCb, respFreeCb, ioCbCtx); else return BAD_FUNC_ARG; } @@ -3196,12 +3199,13 @@ int wolfSSL_CTX_SetOCSP_OverrideURL(WOLFSSL_CTX* ctx, const char* url) } -int wolfSSL_CTX_SetOCSP_Cb(WOLFSSL_CTX* ctx, - CbOCSPIO ioCb, CbOCSPRespFree respFreeCb, void* ioCbCtx) +int wolfSSL_CTX_SetOCSP_Cb(WOLFSSL_CTX* ctx, CbOCSPIO ioCb, + CbOCSPRespFree respFreeCb, void* ioCbCtx) { WOLFSSL_ENTER("wolfSSL_CTX_SetOCSP_Cb"); if (ctx) - return wolfSSL_CertManagerSetOCSP_Cb(ctx->cm, ioCb, respFreeCb, ioCbCtx); + return wolfSSL_CertManagerSetOCSP_Cb(ctx->cm, ioCb, + respFreeCb, ioCbCtx); else return BAD_FUNC_ARG; } @@ -3334,8 +3338,8 @@ int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX* ctx, const char* file, XSTRNCAT(name, "\\", 2); XSTRNCAT(name, FindFileData.cFileName, MAX_FILENAME_SZ/2); - ret = ProcessFile(ctx, name, SSL_FILETYPE_PEM, CA_TYPE, NULL,0, - NULL); + ret = ProcessFile(ctx, name, SSL_FILETYPE_PEM, CA_TYPE, + NULL, 0, NULL); } } while (ret == SSL_SUCCESS && FindNextFileA(hFind, &FindFileData)); @@ -3376,8 +3380,8 @@ int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX* ctx, const char* file, WOLFSSL_MSG("stat on name failed"); ret = BAD_PATH_ERROR; } else if (s.st_mode & S_IFREG) - ret = ProcessFile(ctx, name, SSL_FILETYPE_PEM, CA_TYPE, NULL,0, - NULL); + ret = ProcessFile(ctx, name, SSL_FILETYPE_PEM, CA_TYPE, + NULL, 0, NULL); } #ifdef WOLFSSL_SMALL_STACK @@ -3557,7 +3561,7 @@ int wolfSSL_CertManagerCheckCRL(WOLFSSL_CERT_MANAGER* cm, byte* der, int sz) #ifdef WOLFSSL_SMALL_STACK cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_TMP_BUFFER); if (cert == NULL) return MEMORY_E; #endif @@ -3670,7 +3674,8 @@ int wolfSSL_CTX_DisableCRL(WOLFSSL_CTX* ctx) } -int wolfSSL_CTX_LoadCRL(WOLFSSL_CTX* ctx, const char* path, int type, int monitor) +int wolfSSL_CTX_LoadCRL(WOLFSSL_CTX* ctx, const char* path, + int type, int monitor) { WOLFSSL_ENTER("wolfSSL_CTX_LoadCRL"); if (ctx) @@ -3697,7 +3702,7 @@ int wolfSSL_CTX_SetCRL_Cb(WOLFSSL_CTX* ctx, CbMissingCRL cb) /* Add format parameter to allow DER load of CA files */ int wolfSSL_CTX_der_load_verify_locations(WOLFSSL_CTX* ctx, const char* file, - int format) + int format) { WOLFSSL_ENTER("wolfSSL_CTX_der_load_verify_locations"); if (ctx == NULL || file == NULL) @@ -3760,14 +3765,14 @@ int wolfSSL_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz) else { #ifdef WOLFSSL_SMALL_STACK info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_TMP_BUFFER); if (info == NULL) ret = MEMORY_E; else #endif { - ret = PemToDer(fileBuf, sz, CA_TYPE, &converted, 0, info, - &ecc); + ret = PemToDer(fileBuf, sz, CA_TYPE, &converted, + 0, info, &ecc); #ifdef WOLFSSL_SMALL_STACK XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif @@ -3798,7 +3803,7 @@ int wolfSSL_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz) int wolfSSL_CTX_use_certificate_file(WOLFSSL_CTX* ctx, const char* file, - int format) + int format) { WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_file"); if (ProcessFile(ctx, file, format, CERT_TYPE, NULL, 0, NULL) == SSL_SUCCESS) @@ -3808,7 +3813,8 @@ int wolfSSL_CTX_use_certificate_file(WOLFSSL_CTX* ctx, const char* file, } -int wolfSSL_CTX_use_PrivateKey_file(WOLFSSL_CTX* ctx, const char* file,int format) +int wolfSSL_CTX_use_PrivateKey_file(WOLFSSL_CTX* ctx, const char* file, + int format) { WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey_file"); if (ProcessFile(ctx, file, format, PRIVATEKEY_TYPE, NULL, 0, NULL) @@ -3855,7 +3861,8 @@ int wolfSSL_CTX_use_certificate_chain_file(WOLFSSL_CTX* ctx, const char* file) /* server wrapper for ctx or ssl Diffie-Hellman parameters */ static int wolfSSL_SetTmpDH_buffer_wrapper(WOLFSSL_CTX* ctx, WOLFSSL* ssl, - const unsigned char* buf, long sz, int format) + const unsigned char* buf, + long sz, int format) { buffer der; int ret = 0; @@ -4033,8 +4040,8 @@ int wolfSSL_GetDhKey_Sz(WOLFSSL* ssl) int wolfSSL_use_certificate_file(WOLFSSL* ssl, const char* file, int format) { WOLFSSL_ENTER("wolfSSL_use_certificate_file"); - if (ProcessFile(ssl->ctx, file, format, CERT_TYPE, ssl, 0, NULL) - == SSL_SUCCESS) + if (ProcessFile(ssl->ctx, file, format, CERT_TYPE, + ssl, 0, NULL) == SSL_SUCCESS) return SSL_SUCCESS; return SSL_FAILURE; @@ -4044,8 +4051,8 @@ int wolfSSL_use_certificate_file(WOLFSSL* ssl, const char* file, int format) int wolfSSL_use_PrivateKey_file(WOLFSSL* ssl, const char* file, int format) { WOLFSSL_ENTER("wolfSSL_use_PrivateKey_file"); - if (ProcessFile(ssl->ctx, file, format, PRIVATEKEY_TYPE, ssl, 0, NULL) - == SSL_SUCCESS) + if (ProcessFile(ssl->ctx, file, format, PRIVATEKEY_TYPE, + ssl, 0, NULL) == SSL_SUCCESS) return SSL_SUCCESS; return SSL_FAILURE; @@ -4056,8 +4063,8 @@ int wolfSSL_use_certificate_chain_file(WOLFSSL* ssl, const char* file) { /* procces up to MAX_CHAIN_DEPTH plus subject cert */ WOLFSSL_ENTER("wolfSSL_use_certificate_chain_file"); - if (ProcessFile(ssl->ctx, file, SSL_FILETYPE_PEM, CERT_TYPE, ssl, 1, NULL) - == SSL_SUCCESS) + if (ProcessFile(ssl->ctx, file, SSL_FILETYPE_PEM, CERT_TYPE, + ssl, 1, NULL) == SSL_SUCCESS) return SSL_SUCCESS; return SSL_FAILURE; @@ -4223,7 +4230,8 @@ int wolfSSL_CTX_restore_cert_cache(WOLFSSL_CTX* ctx, const char* fname) #endif /* NO_FILESYSTEM */ /* Persist cert cache to memory */ -int wolfSSL_CTX_memsave_cert_cache(WOLFSSL_CTX* ctx, void* mem, int sz, int* used) +int wolfSSL_CTX_memsave_cert_cache(WOLFSSL_CTX* ctx, void* mem, + int sz, int* used) { WOLFSSL_ENTER("wolfSSL_CTX_memsave_cert_cache"); @@ -4869,7 +4877,8 @@ static INLINE int StoreCertRow(WOLFSSL_CERT_MANAGER* cm, byte* current, int row) /* Persist cert cache to memory, have lock */ -static INLINE int DoMemSaveCertCache(WOLFSSL_CERT_MANAGER* cm, void* mem, int sz) +static INLINE int DoMemSaveCertCache(WOLFSSL_CERT_MANAGER* cm, + void* mem, int sz) { int realSz; int ret = SSL_SUCCESS; @@ -5191,8 +5200,8 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl) WOLFSSL_METHOD* wolfSSLv3_client_method(void) { WOLFSSL_METHOD* method = - (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 0, - DYNAMIC_TYPE_METHOD); + (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), + 0, DYNAMIC_TYPE_METHOD); WOLFSSL_ENTER("SSLv3_client_method"); if (method) InitSSL_Method(method, MakeSSLv3()); @@ -5206,8 +5215,8 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl) WOLFSSL_METHOD* wolfDTLSv1_client_method(void) { WOLFSSL_METHOD* method = - (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 0, - DYNAMIC_TYPE_METHOD); + (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), + 0, DYNAMIC_TYPE_METHOD); WOLFSSL_ENTER("DTLSv1_client_method"); if (method) InitSSL_Method(method, MakeDTLSv1()); @@ -5218,8 +5227,8 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl) WOLFSSL_METHOD* wolfDTLSv1_2_client_method(void) { WOLFSSL_METHOD* method = - (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 0, - DYNAMIC_TYPE_METHOD); + (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), + 0, DYNAMIC_TYPE_METHOD); WOLFSSL_ENTER("DTLSv1_2_client_method"); if (method) InitSSL_Method(method, MakeDTLSv1_2()); @@ -5479,8 +5488,8 @@ int wolfSSL_dtls_got_timeout(WOLFSSL* ssl) WOLFSSL_METHOD* wolfSSLv3_server_method(void) { WOLFSSL_METHOD* method = - (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 0, - DYNAMIC_TYPE_METHOD); + (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), + 0, DYNAMIC_TYPE_METHOD); WOLFSSL_ENTER("SSLv3_server_method"); if (method) { InitSSL_Method(method, MakeSSLv3()); @@ -6786,8 +6795,9 @@ int wolfSSL_set_compression(WOLFSSL* ssl) /* used to be defined on NO_FILESYSTEM only, but are generally useful */ /* wolfSSL extension allows DER files to be loaded from buffers as well */ - int wolfSSL_CTX_load_verify_buffer(WOLFSSL_CTX* ctx, const unsigned char* in, - long sz, int format) + int wolfSSL_CTX_load_verify_buffer(WOLFSSL_CTX* ctx, + const unsigned char* in, + long sz, int format) { WOLFSSL_ENTER("wolfSSL_CTX_load_verify_buffer"); if (format == SSL_FILETYPE_PEM) @@ -7096,7 +7106,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) WOLFSSL_X509* wolfSSL_X509_STORE_CTX_get_current_cert( - WOLFSSL_X509_STORE_CTX* ctx) + WOLFSSL_X509_STORE_CTX* ctx) { (void)ctx; return 0; @@ -8299,7 +8309,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl) /* SSL_SUCCESS on ok */ - int wolfSSL_EVP_DigestInit(WOLFSSL_EVP_MD_CTX* ctx, const WOLFSSL_EVP_MD* type) + int wolfSSL_EVP_DigestInit(WOLFSSL_EVP_MD_CTX* ctx, + const WOLFSSL_EVP_MD* type) { WOLFSSL_ENTER("EVP_DigestInit"); if (XSTRNCMP(type, "SHA256", 6) == 0) { @@ -8429,7 +8440,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) /* SSL_SUCCESS on ok */ int wolfSSL_EVP_DigestFinal_ex(WOLFSSL_EVP_MD_CTX* ctx, unsigned char* md, - unsigned int* s) + unsigned int* s) { WOLFSSL_ENTER("EVP_DigestFinal_ex"); return EVP_DigestFinal(ctx, md, s); @@ -8437,8 +8448,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl) unsigned char* wolfSSL_HMAC(const WOLFSSL_EVP_MD* evp_md, const void* key, - int key_len, const unsigned char* d, int n, - unsigned char* md, unsigned int* md_len) + int key_len, const unsigned char* d, int n, + unsigned char* md, unsigned int* md_len) { int type; unsigned char* ret = NULL; @@ -8508,7 +8519,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) #ifndef NO_DES3 /* SSL_SUCCESS on ok */ int wolfSSL_DES_key_sched(WOLFSSL_const_DES_cblock* key, - WOLFSSL_DES_key_schedule* schedule) + WOLFSSL_DES_key_schedule* schedule) { WOLFSSL_ENTER("DES_key_sched"); XMEMCPY(schedule, key, sizeof(const_DES_cblock)); @@ -8517,9 +8528,9 @@ int wolfSSL_set_compression(WOLFSSL* ssl) void wolfSSL_DES_cbc_encrypt(const unsigned char* input, - unsigned char* output, long length, - WOLFSSL_DES_key_schedule* schedule, WOLFSSL_DES_cblock* ivec, - int enc) + unsigned char* output, long length, + WOLFSSL_DES_key_schedule* schedule, + WOLFSSL_DES_cblock* ivec, int enc) { Des myDes; @@ -8643,8 +8654,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl) int wolfSSL_CTX_set_session_id_context(WOLFSSL_CTX* ctx, - const unsigned char* sid_ctx, - unsigned int sid_ctx_len) + const unsigned char* sid_ctx, + unsigned int sid_ctx_len) { /* No application specific context needed for wolfSSL */ (void)ctx; @@ -8662,7 +8673,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) } unsigned long wolfSSL_ERR_get_error_line_data(const char** file, int* line, - const char** data, int *flags) + const char** data, int *flags) { /* Not implemented */ (void)file; @@ -8844,8 +8855,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl) } - byte* wolfSSL_X509_get_authorityKeyID( - WOLFSSL_X509* x509, byte* dst, int* dstLen) + byte* wolfSSL_X509_get_authorityKeyID(WOLFSSL_X509* x509, + byte* dst, int* dstLen) { byte *id = NULL; int copySz = 0; @@ -8855,7 +8866,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) if (x509 != NULL) { if (x509->authKeyIdSet) { copySz = min(dstLen != NULL ? *dstLen : 0, - (int)x509->authKeyIdSz); + (int)x509->authKeyIdSz); id = x509->authKeyId; } @@ -8872,8 +8883,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl) } - byte* wolfSSL_X509_get_subjectKeyID( - WOLFSSL_X509* x509, byte* dst, int* dstLen) + byte* wolfSSL_X509_get_subjectKeyID(WOLFSSL_X509* x509, + byte* dst, int* dstLen) { byte *id = NULL; int copySz = 0; @@ -8915,7 +8926,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) int wolfSSL_X509_NAME_get_text_by_NID(WOLFSSL_X509_NAME* name, - int nid, char* buf, int len) + int nid, char* buf, int len) { char *text = NULL; int textSz = 0; @@ -9027,7 +9038,8 @@ int wolfSSL_set_compression(WOLFSSL* ssl) /* write X509 serial number in unsigned binary to buffer buffer needs to be at least EXTERNAL_SERIAL_SIZE (32) for all cases return SSL_SUCCESS on success */ - int wolfSSL_X509_get_serial_number(WOLFSSL_X509* x509, byte* in, int* inOutSz) + int wolfSSL_X509_get_serial_number(WOLFSSL_X509* x509, + byte* in, int* inOutSz) { WOLFSSL_ENTER("wolfSSL_X509_get_serial_number"); if (x509 == NULL || in == NULL || @@ -9137,7 +9149,8 @@ byte* wolfSSL_X509_get_hw_type(WOLFSSL_X509* x509, byte* in, int* inOutSz) } -byte* wolfSSL_X509_get_hw_serial_number(WOLFSSL_X509* x509,byte* in,int* inOutSz) +byte* wolfSSL_X509_get_hw_serial_number(WOLFSSL_X509* x509,byte* in, + int* inOutSz) { int copySz; @@ -9177,15 +9190,15 @@ WOLFSSL_X509* wolfSSL_X509_d2i(WOLFSSL_X509** x509, const byte* in, int len) #ifdef WOLFSSL_SMALL_STACK cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_TMP_BUFFER); if (cert == NULL) return NULL; #endif InitDecodedCert(cert, (byte*)in, len, NULL); if (ParseCertRelative(cert, CERT_TYPE, 0, NULL) == 0) { - newX509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), - NULL, DYNAMIC_TYPE_X509); + newX509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL, + DYNAMIC_TYPE_X509); if (newX509 != NULL) { InitX509(newX509, 1); if (CopyDecodedToX509(newX509, cert) != 0) { @@ -11028,76 +11041,94 @@ const WOLFSSL_BIGNUM* wolfSSL_BN_value_one(void) return bn_one; } - +/* return compliant with OpenSSL + * size of BIGNUM in bytes, 0 if error */ int wolfSSL_BN_num_bytes(const WOLFSSL_BIGNUM* bn) { WOLFSSL_MSG("wolfSSL_BN_num_bytes"); if (bn == NULL || bn->internal == NULL) - return 0; + return SSL_FAILURE; return mp_unsigned_bin_size((mp_int*)bn->internal); } - +/* return compliant with OpenSSL + * size of BIGNUM in bits, 0 if error */ int wolfSSL_BN_num_bits(const WOLFSSL_BIGNUM* bn) { WOLFSSL_MSG("wolfSSL_BN_num_bits"); if (bn == NULL || bn->internal == NULL) - return 0; + return SSL_FAILURE; return mp_count_bits((mp_int*)bn->internal); } - +/* return compliant with OpenSSL + * 1 if BIGNUM is zero, 0 else */ int wolfSSL_BN_is_zero(const WOLFSSL_BIGNUM* bn) { WOLFSSL_MSG("wolfSSL_BN_is_zero"); if (bn == NULL || bn->internal == NULL) - return 0; + return SSL_FAILURE; - return mp_iszero((mp_int*)bn->internal); + if (mp_iszero((mp_int*)bn->internal) == MP_YES) + return SSL_SUCCESS; + + return SSL_FAILURE; } - +/* return compliant with OpenSSL + * 1 if BIGNUM is one, 0 else */ int wolfSSL_BN_is_one(const WOLFSSL_BIGNUM* bn) { WOLFSSL_MSG("wolfSSL_BN_is_one"); if (bn == NULL || bn->internal == NULL) - return 0; + return SSL_FAILURE; - if (mp_cmp_d((mp_int*)bn->internal, 1) == 0) - return 1; + if (mp_cmp_d((mp_int*)bn->internal, 1) == MP_EQ) + return SSL_SUCCESS; - return 0; + return SSL_FAILURE; } - +/* return compliant with OpenSSL + * 1 if BIGNUM is odd, 0 else */ int wolfSSL_BN_is_odd(const WOLFSSL_BIGNUM* bn) { WOLFSSL_MSG("wolfSSL_BN_is_odd"); if (bn == NULL || bn->internal == NULL) - return 0; + return SSL_FAILURE; - return mp_isodd((mp_int*)bn->internal); + if (mp_isodd((mp_int*)bn->internal) == MP_YES) + return SSL_SUCCESS; + + return SSL_FAILURE; } - +/* return compliant with OpenSSL + * -1 if a < b, 0 if a == b and 1 if a > b + */ int wolfSSL_BN_cmp(const WOLFSSL_BIGNUM* a, const WOLFSSL_BIGNUM* b) { + int ret; + WOLFSSL_MSG("wolfSSL_BN_cmp"); - if (a == NULL || a->internal == NULL || b == NULL || b->internal ==NULL) - return 0; + if (a == NULL || a->internal == NULL || b == NULL || b->internal == NULL) + return SSL_FATAL_ERROR; - return mp_cmp((mp_int*)a->internal, (mp_int*)b->internal); + ret = mp_cmp((mp_int*)a->internal, (mp_int*)b->internal); + + return (ret == MP_EQ ? 0 : (ret == MP_GT ? 1 : -1)); } - +/* return compliant with OpenSSL + * length of BIGNUM in bytes, -1 if error */ int wolfSSL_BN_bn2bin(const WOLFSSL_BIGNUM* bn, unsigned char* r) { WOLFSSL_MSG("wolfSSL_BN_bn2bin"); @@ -11137,14 +11168,15 @@ WOLFSSL_BIGNUM* wolfSSL_BN_bin2bn(const unsigned char* str, int len, return ret; } - +/* return compliant with OpenSSL + * 1 if success, 0 if error */ int wolfSSL_mask_bits(WOLFSSL_BIGNUM* bn, int n) { (void)bn; (void)n; WOLFSSL_MSG("wolfSSL_BN_mask_bits"); - return SSL_FATAL_ERROR; + return SSL_FAILURE; } @@ -11214,30 +11246,35 @@ int wolfSSL_BN_rand(WOLFSSL_BIGNUM* bn, int bits, int top, int bottom) return ret; } - +/* return code compliant with OpenSSL : + * 1 if bit set, 0 else + */ int wolfSSL_BN_is_bit_set(const WOLFSSL_BIGNUM* bn, int n) { - if (bn == NULL || bn->internal == NULL) { - WOLFSSL_MSG("bn NULL error"); - return 0; - } + if (bn == NULL || bn->internal == NULL) { + WOLFSSL_MSG("bn NULL error"); + return SSL_FAILURE; + } - return mp_is_bit_set((mp_int*)bn->internal, n); + return mp_is_bit_set((mp_int*)bn->internal, n); } +/* return code compliant with OpenSSL : + * 1 if success, 0 else + */ int wolfSSL_BN_set_bit(WOLFSSL_BIGNUM* bn, int n) { - if (bn == NULL || bn->internal == NULL) { - WOLFSSL_MSG("bn NULL error"); - return 0; - } + if (bn == NULL || bn->internal == NULL) { + WOLFSSL_MSG("bn NULL error"); + return SSL_FAILURE; + } - if (mp_set_int((mp_int*)bn->internal, n) != MP_OKAY) { - WOLFSSL_MSG("mp_set_int error"); - return 0; - } + if (mp_set_int((mp_int*)bn->internal, n) != MP_OKAY) { + WOLFSSL_MSG("mp_set_int error"); + return SSL_FAILURE; + } - return 1; + return SSL_SUCCESS; } @@ -11309,7 +11346,7 @@ WOLFSSL_BIGNUM* wolfSSL_BN_dup(const WOLFSSL_BIGNUM* bn) return NULL; } - ret->neg = bn->neg; + ret->neg = bn->neg; return ret; } @@ -11319,30 +11356,34 @@ WOLFSSL_BIGNUM* wolfSSL_BN_copy(WOLFSSL_BIGNUM* r, const WOLFSSL_BIGNUM* bn) { WOLFSSL_MSG("wolfSSL_BN_copy"); - if (mp_copy((mp_int*)bn->internal, (mp_int*)r->internal) != MP_OKAY) { - WOLFSSL_MSG("mp_copy error"); - return NULL; - } + if (mp_copy((mp_int*)bn->internal, (mp_int*)r->internal) != MP_OKAY) { + WOLFSSL_MSG("mp_copy error"); + return NULL; + } - r->neg = bn->neg; + r->neg = bn->neg; return r; } - +/* return code compliant with OpenSSL : + * 1 if success, 0 else + */ int wolfSSL_BN_set_word(WOLFSSL_BIGNUM* bn, WOLFSSL_BN_ULONG w) { WOLFSSL_MSG("wolfSSL_BN_set_word"); - if (mp_set_int((mp_int*)bn->internal, w) != MP_OKAY) { - WOLFSSL_MSG("mp_init_set_int error"); - return 0; - } + if (mp_set_int((mp_int*)bn->internal, w) != MP_OKAY) { + WOLFSSL_MSG("mp_init_set_int error"); + return SSL_FAILURE; + } - return 1; + return SSL_SUCCESS; } - +/* return code compliant with OpenSSL : + * number length in decimal if success, 0 if error + */ int wolfSSL_BN_dec2bn(WOLFSSL_BIGNUM** bn, const char* str) { (void)bn; @@ -11350,7 +11391,7 @@ int wolfSSL_BN_dec2bn(WOLFSSL_BIGNUM** bn, const char* str) WOLFSSL_MSG("wolfSSL_BN_dec2bn"); - return SSL_FATAL_ERROR; + return SSL_FAILURE; } @@ -11363,250 +11404,282 @@ char* wolfSSL_BN_bn2dec(const WOLFSSL_BIGNUM* bn) return NULL; } +/* return code compliant with OpenSSL : + * 1 if success, 0 else + */ int wolfSSL_BN_lshift(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *bn, int n) { - WOLFSSL_MSG("wolfSSL_BN_lshift"); + WOLFSSL_MSG("wolfSSL_BN_lshift"); - if (bn == NULL || bn->internal == NULL) { - WOLFSSL_MSG("bn NULL error"); - return 0; - } + if (bn == NULL || bn->internal == NULL) { + WOLFSSL_MSG("bn NULL error"); + return SSL_FAILURE; + } - /* create new bn for res, if not done before */ - if (r == NULL) - r = wolfSSL_BN_new(); + /* create new bn for res, if not done before */ + if (r == NULL) + r = wolfSSL_BN_new(); - if (r == NULL) { - WOLFSSL_MSG("bn new error"); - return 0; - } + if (r == NULL) { + WOLFSSL_MSG("bn new error"); + return SSL_FAILURE; + } - if (mp_mul_2d((mp_int*)bn->internal, n, (mp_int*)r->internal) != MP_OKAY) { - WOLFSSL_MSG("mp_mul_2d error"); - return 0; - } + if (mp_mul_2d((mp_int*)bn->internal, n, (mp_int*)r->internal) != MP_OKAY) { + WOLFSSL_MSG("mp_mul_2d error"); + return SSL_FAILURE; + } - return 1; + return SSL_SUCCESS; } +/* return code compliant with OpenSSL : + * 1 if success, 0 else + */ int wolfSSL_BN_rshift(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *bn, int n) { - WOLFSSL_MSG("wolfSSL_BN_rshift"); + WOLFSSL_MSG("wolfSSL_BN_rshift"); - if (bn == NULL || bn->internal == NULL) { - WOLFSSL_MSG("bn NULL error"); - return 0; - } + if (bn == NULL || bn->internal == NULL) { + WOLFSSL_MSG("bn NULL error"); + return SSL_FAILURE; + } - /* create new bn for res, if not done before */ - if (r == NULL) - r = wolfSSL_BN_new(); + /* create new bn for res, if not done before */ + if (r == NULL) + r = wolfSSL_BN_new(); - if (r == NULL) { - WOLFSSL_MSG("bn new error"); - return 0; - } + if (r == NULL) { + WOLFSSL_MSG("bn new error"); + return SSL_FAILURE; + } - if (mp_div_2d((mp_int*)bn->internal, n, (mp_int*)r->internal, NULL) != MP_OKAY) { - WOLFSSL_MSG("mp_mul_2d error"); - return 0; - } + if (mp_div_2d((mp_int*)bn->internal, n, + (mp_int*)r->internal, NULL) != MP_OKAY) { + WOLFSSL_MSG("mp_mul_2d error"); + return SSL_FAILURE; + } - return 1; + return SSL_SUCCESS; } +/* return code compliant with OpenSSL : + * 1 if success, 0 else + */ int wolfSSL_BN_add_word(WOLFSSL_BIGNUM *bn, WOLFSSL_BN_ULONG w) { - WOLFSSL_MSG("wolfSSL_BN_add_word"); + WOLFSSL_MSG("wolfSSL_BN_add_word"); - if (bn == NULL || bn->internal == NULL) { - WOLFSSL_MSG("bn NULL error"); - return 0; - } + if (bn == NULL || bn->internal == NULL) { + WOLFSSL_MSG("bn NULL error"); + return SSL_FAILURE; + } - if (mp_add_d((mp_int*)bn->internal, w, (mp_int*)bn->internal) != MP_OKAY) { - WOLFSSL_MSG("mp_add_d error"); - return 0; - } + if (mp_add_d((mp_int*)bn->internal, w, (mp_int*)bn->internal) != MP_OKAY) { + WOLFSSL_MSG("mp_add_d error"); + return SSL_FAILURE; + } - return 1; + return SSL_SUCCESS; } +/* return code compliant with OpenSSL : + * 1 if success, 0 else + */ int wolfSSL_BN_add(WOLFSSL_BIGNUM *r, WOLFSSL_BIGNUM *a, WOLFSSL_BIGNUM *b) { - WOLFSSL_MSG("wolfSSL_BN_add"); + WOLFSSL_MSG("wolfSSL_BN_add"); - if (r == NULL || r->internal == NULL || a == NULL || a->internal == NULL || b == NULL || b->internal == NULL) { - WOLFSSL_MSG("bn NULL error"); - return 0; - } + if (r == NULL || r->internal == NULL || a == NULL || a->internal == NULL || + b == NULL || b->internal == NULL) { + WOLFSSL_MSG("bn NULL error"); + return SSL_FAILURE; + } - if (mp_add((mp_int*)a->internal, (mp_int*)b->internal, (mp_int*)r->internal) != MP_OKAY) { - WOLFSSL_MSG("mp_add_d error"); - return 0; - } + if (mp_add((mp_int*)a->internal, (mp_int*)b->internal, + (mp_int*)r->internal) != MP_OKAY) { + WOLFSSL_MSG("mp_add_d error"); + return SSL_FAILURE; + } - return 1; + return SSL_SUCCESS; } #ifdef WOLFSSL_KEY_GEN -int wolfSSL_BN_is_prime_ex(const WOLFSSL_BIGNUM *bn, int nbchecks, WOLFSSL_BN_CTX *ctx, WOLFSSL_BN_GENCB *cb) +/* return code compliant with OpenSSL : + * 1 if prime, 0 if not, -1 if error + */ +int wolfSSL_BN_is_prime_ex(const WOLFSSL_BIGNUM *bn, int nbchecks, + WOLFSSL_BN_CTX *ctx, WOLFSSL_BN_GENCB *cb) { - (void)ctx; - (void)cb; + (void)ctx; + (void)cb; - int res; + int res; - WOLFSSL_MSG("wolfSSL_BN_is_prime_ex"); + WOLFSSL_MSG("wolfSSL_BN_is_prime_ex"); - if (bn == NULL || bn->internal == NULL) { - WOLFSSL_MSG("bn NULL error"); - return 0; - } + if (bn == NULL || bn->internal == NULL) { + WOLFSSL_MSG("bn NULL error"); + return SSL_FATAL_ERROR; + } - if (mp_prime_is_prime((mp_int*)bn->internal, nbchecks, &res) != MP_OKAY) { - WOLFSSL_MSG("mp_prime_is_prime error"); - return 0; - } + if (mp_prime_is_prime((mp_int*)bn->internal, nbchecks, &res) != MP_OKAY) { + WOLFSSL_MSG("mp_prime_is_prime error"); + return SSL_FATAL_ERROR; + } - if (res != MP_YES) { - WOLFSSL_MSG("mp_prime_is_prime not prime"); - return 0; - } + if (res != MP_YES) { + WOLFSSL_MSG("mp_prime_is_prime not prime"); + return SSL_FAILURE; + } - return 1; + return SSL_SUCCESS; } #endif /* #ifdef WOLFSSL_KEY_GEN */ -WOLFSSL_BN_ULONG wolfSSL_BN_mod_word(const WOLFSSL_BIGNUM *bn, WOLFSSL_BN_ULONG w) +/* return code compliant with OpenSSL : + * (bn mod w) if success, -1 if error + */ +WOLFSSL_BN_ULONG wolfSSL_BN_mod_word(const WOLFSSL_BIGNUM *bn, + WOLFSSL_BN_ULONG w) { - mp_int mod, res; - WOLFSSL_BN_ULONG ret = 0; + mp_int mod, res; + WOLFSSL_BN_ULONG ret = 0; - WOLFSSL_MSG("wolfSSL_BN_mod_word"); + WOLFSSL_MSG("wolfSSL_BN_mod_word"); - if (bn == NULL || bn->internal == NULL) { - WOLFSSL_MSG("bn NULL error"); - return 0; - } + if (bn == NULL || bn->internal == NULL) { + WOLFSSL_MSG("bn NULL error"); + return SSL_FATAL_ERROR; + } - if (mp_init_multi(&mod, &res, NULL, NULL, NULL, NULL) != MP_OKAY) { - WOLFSSL_MSG("mp_init error"); - return 0; - } + if (mp_init_multi(&mod, &res, NULL, NULL, NULL, NULL) != MP_OKAY) { + WOLFSSL_MSG("mp_init error"); + return SSL_FATAL_ERROR; + } - if (mp_set_int(&mod, w) != MP_OKAY) { - WOLFSSL_MSG("mp_set_int error"); - mp_clear(&mod); - return 0; - } + if (mp_set_int(&mod, w) != MP_OKAY) { + WOLFSSL_MSG("mp_set_int error"); + mp_clear(&mod); + return SSL_FATAL_ERROR; + } - if (mp_mod((mp_int*)bn->internal, &mod, &res) != MP_OKAY) { - WOLFSSL_MSG("mp_add_d error"); - mp_clear(&mod); - mp_clear(&res); - return 0; - } + if (mp_mod((mp_int*)bn->internal, &mod, &res) != MP_OKAY) { + WOLFSSL_MSG("mp_add_d error"); + mp_clear(&mod); + mp_clear(&res); + return SSL_FATAL_ERROR; + } - ret = res.dp[0]; + ret = res.dp[0]; - mp_clear(&mod); - mp_clear(&res); - return ret; + mp_clear(&mod); + mp_clear(&res); + return ret; } #if (defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)) && defined(HAVE_ECC) char *wolfSSL_BN_bn2hex(const WOLFSSL_BIGNUM *bn) { - int len = 0; - char *buf; + int len = 0; + char *buf; - WOLFSSL_MSG("wolfSSL_BN_bn2hex"); + WOLFSSL_MSG("wolfSSL_BN_bn2hex"); - if (bn == NULL || bn->internal == NULL) { - WOLFSSL_MSG("bn NULL error"); - return NULL; - } + if (bn == NULL || bn->internal == NULL) { + WOLFSSL_MSG("bn NULL error"); + return NULL; + } - if (mp_radix_size((mp_int*)bn->internal, 16, &len) != MP_OKAY) { - WOLFSSL_MSG("mp_radix_size failure"); - return NULL; - } + if (mp_radix_size((mp_int*)bn->internal, 16, &len) != MP_OKAY) { + WOLFSSL_MSG("mp_radix_size failure"); + return NULL; + } - buf = (char*) XMALLOC(len, NULL, DYNAMIC_TYPE_ECC); - if (buf == NULL) { - WOLFSSL_MSG("wolfSSL_BN_bn2hex malloc buffer failure"); - return NULL; - } + buf = (char*) XMALLOC(len, NULL, DYNAMIC_TYPE_ECC); + if (buf == NULL) { + WOLFSSL_MSG("wolfSSL_BN_bn2hex malloc buffer failure"); + return NULL; + } - if (mp_toradix((mp_int*)bn->internal, buf, 16) != MP_OKAY) { - XFREE(buf, NULL, DYNAMIC_TYPE_ECC); - return NULL; - } + if (mp_toradix((mp_int*)bn->internal, buf, 16) != MP_OKAY) { + XFREE(buf, NULL, DYNAMIC_TYPE_ECC); + return NULL; + } - return buf; + return buf; } +/* return code compliant with OpenSSL : + * 1 if success, 0 if error + */ int wolfSSL_BN_print_fp(FILE *fp, const WOLFSSL_BIGNUM *bn) { - char *buf; + char *buf; - WOLFSSL_MSG("wolfSSL_BN_print_fp"); + WOLFSSL_MSG("wolfSSL_BN_print_fp"); - if (fp == NULL || bn == NULL || bn->internal == NULL) { - WOLFSSL_MSG("bn NULL error"); - return 0; - } + if (fp == NULL || bn == NULL || bn->internal == NULL) { + WOLFSSL_MSG("bn NULL error"); + return SSL_FAILURE; + } - buf = wolfSSL_BN_bn2hex(bn); - if (buf == NULL) { - WOLFSSL_MSG("wolfSSL_BN_bn2hex failure"); - return 0; - } + buf = wolfSSL_BN_bn2hex(bn); + if (buf == NULL) { + WOLFSSL_MSG("wolfSSL_BN_bn2hex failure"); + return SSL_FAILURE; + } - fprintf(fp, "%s", buf); - XFREE(buf, NULL, DYNAMIC_TYPE_ECC); - return 1; + fprintf(fp, "%s", buf); + XFREE(buf, NULL, DYNAMIC_TYPE_ECC); + + return SSL_SUCCESS; } + #else /* defined(HAVE_ECC) */ + char *wolfSSL_BN_bn2hex(const WOLFSSL_BIGNUM *bn) { - (void)bn; + (void)bn; - WOLFSSL_MSG("wolfSSL_BN_bn2hex not implemented"); + WOLFSSL_MSG("wolfSSL_BN_bn2hex not implemented"); - return (char*)""; + return (char*)""; } +/* return code compliant with OpenSSL : + * 1 if success, 0 if error + */ int wolfSSL_BN_print_fp(FILE *fp, const WOLFSSL_BIGNUM *bn) { - (void)fp; - (void)bn; + (void)fp; + (void)bn; - WOLFSSL_MSG("wolfSSL_BN_print_fp not implemented"); + WOLFSSL_MSG("wolfSSL_BN_print_fp not implemented"); - return 1; + return SSL_SUCCESS; } -#endif /* (defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)) && defined(HAVE_ECC) */ +#endif /*(defined(WOLFSSL_KEY_GEN)||defined(HAVE_COMP_KEY))&&defined(HAVE_ECC)*/ WOLFSSL_BIGNUM *wolfSSL_BN_CTX_get(WOLFSSL_BN_CTX *ctx) { - /* ctx is not used, return new Bignum */ - (void)ctx; + /* ctx is not used, return new Bignum */ + (void)ctx; - WOLFSSL_ENTER("wolfSSL_BN_CTX_get"); + WOLFSSL_ENTER("wolfSSL_BN_CTX_get"); - return wolfSSL_BN_new(); + return wolfSSL_BN_new(); } void wolfSSL_BN_CTX_start(WOLFSSL_BN_CTX *ctx) { - (void)ctx; + (void)ctx; - WOLFSSL_ENTER("wolfSSL_BN_CTX_start"); - WOLFSSL_MSG("wolfSSL_BN_CTX_start TBD"); + WOLFSSL_ENTER("wolfSSL_BN_CTX_start"); + WOLFSSL_MSG("wolfSSL_BN_CTX_start TBD"); } #ifndef NO_DH @@ -11717,7 +11790,7 @@ static int SetDhInternal(WOLFSSL_DH* dh) WOLFSSL_MSG("Bad DH SetKey"); else { dh->inSet = 1; - ret = 0; + ret = SSL_SUCCESS; } #ifdef WOLFSSL_SMALL_STACK @@ -11730,22 +11803,26 @@ static int SetDhInternal(WOLFSSL_DH* dh) return ret; } - +/* return code compliant with OpenSSL : + * DH prime size in bytes if success, 0 if error + */ int wolfSSL_DH_size(WOLFSSL_DH* dh) { WOLFSSL_MSG("wolfSSL_DH_size"); if (dh == NULL) - return 0; + return SSL_FATAL_ERROR; return wolfSSL_BN_num_bytes(dh->p); } -/* return SSL_SUCCESS on ok, else 0 */ +/* return code compliant with OpenSSL : + * 1 if success, 0 if error + */ int wolfSSL_DH_generate_key(WOLFSSL_DH* dh) { - int ret = 0; + int ret = SSL_FAILURE; word32 pubSz = 768; word32 privSz = 768; int initTmpRng = 0; @@ -11777,7 +11854,7 @@ int wolfSSL_DH_generate_key(WOLFSSL_DH* dh) if (dh == NULL || dh->p == NULL || dh->g == NULL) WOLFSSL_MSG("Bad function arguments"); - else if (dh->inSet == 0 && SetDhInternal(dh) < 0) + else if (dh->inSet == 0 && SetDhInternal(dh) != SSL_SUCCESS) WOLFSSL_MSG("Bad DH set internal"); else if (wc_InitRng(tmpRNG) == 0) { rng = tmpRNG; @@ -11836,11 +11913,13 @@ int wolfSSL_DH_generate_key(WOLFSSL_DH* dh) } -/* return key size on ok, 0 otherwise */ +/* return code compliant with OpenSSL : + * size of shared secret if success, -1 if error + */ int wolfSSL_DH_compute_key(unsigned char* key, WOLFSSL_BIGNUM* otherPub, WOLFSSL_DH* dh) { - int ret = 0; + int ret = SSL_FATAL_ERROR; word32 keySz = 0; word32 pubSz = 1024; word32 privSz = 1024; @@ -11862,7 +11941,7 @@ int wolfSSL_DH_compute_key(unsigned char* key, WOLFSSL_BIGNUM* otherPub, priv = (unsigned char*)XMALLOC(privSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (priv == NULL) { XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER); - return 0; + return ret; } #endif @@ -11880,8 +11959,8 @@ int wolfSSL_DH_compute_key(unsigned char* key, WOLFSSL_BIGNUM* otherPub, if (privSz <= 0 || pubSz <= 0) WOLFSSL_MSG("Bad BN2bin set"); - else if (wc_DhAgree((DhKey*)dh->internal, key, &keySz, priv, privSz, pub, - pubSz) < 0) + else if (wc_DhAgree((DhKey*)dh->internal, key, &keySz, + priv, privSz, pub, pubSz) < 0) WOLFSSL_MSG("wc_DhAgree failed"); else ret = (int)keySz; @@ -12094,29 +12173,29 @@ static int SetIndividualExternal(WOLFSSL_BIGNUM** bn, mp_int* mpi) return SSL_FATAL_ERROR; } - return 0; + return SSL_SUCCESS; } static int SetIndividualInternal(WOLFSSL_BIGNUM* bn, mp_int* mpi) { - WOLFSSL_MSG("Entering SetIndividualInternal"); + WOLFSSL_MSG("Entering SetIndividualInternal"); - if (bn == NULL) { - WOLFSSL_MSG("bn NULL error"); - return SSL_FATAL_ERROR; - } + if (bn == NULL) { + WOLFSSL_MSG("bn NULL error"); + return SSL_FATAL_ERROR; + } - if (mpi == NULL || (mp_init(mpi) != MP_OKAY)) { - WOLFSSL_MSG("mpi NULL error"); - return SSL_FATAL_ERROR; - } + if (mpi == NULL || (mp_init(mpi) != MP_OKAY)) { + WOLFSSL_MSG("mpi NULL error"); + return SSL_FATAL_ERROR; + } - if (mp_copy((mp_int*)bn->internal, mpi) != MP_OKAY) { - WOLFSSL_MSG("mp_copy error"); - return SSL_FATAL_ERROR; - } + if (mp_copy((mp_int*)bn->internal, mpi) != MP_OKAY) { + WOLFSSL_MSG("mp_copy error"); + return SSL_FATAL_ERROR; + } - return 0; + return SSL_SUCCESS; } #endif /* !NO_RSA && !NO_DSA */ @@ -12135,77 +12214,82 @@ static int SetDsaExternal(WOLFSSL_DSA* dsa) key = (DsaKey*)dsa->internal; - if (SetIndividualExternal(&dsa->p, &key->p) < 0) { + if (SetIndividualExternal(&dsa->p, &key->p) != SSL_SUCCESS) { WOLFSSL_MSG("dsa p key error"); return SSL_FATAL_ERROR; } - if (SetIndividualExternal(&dsa->q, &key->q) < 0) { + if (SetIndividualExternal(&dsa->q, &key->q) != SSL_SUCCESS) { WOLFSSL_MSG("dsa q key error"); return SSL_FATAL_ERROR; } - if (SetIndividualExternal(&dsa->g, &key->g) < 0) { + if (SetIndividualExternal(&dsa->g, &key->g) != SSL_SUCCESS) { WOLFSSL_MSG("dsa g key error"); return SSL_FATAL_ERROR; } - if (SetIndividualExternal(&dsa->pub_key, &key->y) < 0) { + if (SetIndividualExternal(&dsa->pub_key, &key->y) != SSL_SUCCESS) { WOLFSSL_MSG("dsa y key error"); return SSL_FATAL_ERROR; } - if (SetIndividualExternal(&dsa->priv_key, &key->x) < 0) { + if (SetIndividualExternal(&dsa->priv_key, &key->x) != SSL_SUCCESS) { WOLFSSL_MSG("dsa x key error"); return SSL_FATAL_ERROR; } dsa->exSet = 1; - return 0; + return SSL_SUCCESS; } /* Openssl -> WolfSSL */ static int SetDsaInternal(WOLFSSL_DSA* dsa) { - DsaKey* key; - WOLFSSL_MSG("Entering SetDsaInternal"); + DsaKey* key; + WOLFSSL_MSG("Entering SetDsaInternal"); - if (dsa == NULL || dsa->internal == NULL) { - WOLFSSL_MSG("dsa key NULL error"); - return SSL_FATAL_ERROR; - } + if (dsa == NULL || dsa->internal == NULL) { + WOLFSSL_MSG("dsa key NULL error"); + return SSL_FATAL_ERROR; + } - key = (DsaKey*)dsa->internal; + key = (DsaKey*)dsa->internal; - if (dsa->p != NULL && SetIndividualInternal(dsa->p, &key->p) < 0) { - WOLFSSL_MSG("rsa p key error"); - return SSL_FATAL_ERROR; - } + if (dsa->p != NULL && + SetIndividualInternal(dsa->p, &key->p) != SSL_SUCCESS) { + WOLFSSL_MSG("rsa p key error"); + return SSL_FATAL_ERROR; + } - if (dsa->q != NULL && SetIndividualInternal(dsa->q, &key->q) < 0) { - WOLFSSL_MSG("rsa q key error"); - return SSL_FATAL_ERROR; - } + if (dsa->q != NULL && + SetIndividualInternal(dsa->q, &key->q) != SSL_SUCCESS) { + WOLFSSL_MSG("rsa q key error"); + return SSL_FATAL_ERROR; + } - if (dsa->g != NULL && SetIndividualInternal(dsa->g, &key->g) < 0) { - WOLFSSL_MSG("rsa g key error"); - return SSL_FATAL_ERROR; - } + if (dsa->g != NULL && + SetIndividualInternal(dsa->g, &key->g) != SSL_SUCCESS) { + WOLFSSL_MSG("rsa g key error"); + return SSL_FATAL_ERROR; + } - if (dsa->pub_key != NULL && SetIndividualInternal(dsa->pub_key, &key->y) < 0) { - WOLFSSL_MSG("rsa pub_key error"); - return SSL_FATAL_ERROR; - } + if (dsa->pub_key != NULL && + SetIndividualInternal(dsa->pub_key, &key->y) != SSL_SUCCESS) { + WOLFSSL_MSG("rsa pub_key error"); + return SSL_FATAL_ERROR; + } - if (dsa->priv_key != NULL && SetIndividualInternal(dsa->priv_key, &key->x) < 0) { - WOLFSSL_MSG("rsa priv_key error"); - return SSL_FATAL_ERROR; - } + if (dsa->priv_key != NULL && + SetIndividualInternal(dsa->priv_key, &key->x) != SSL_SUCCESS) { + WOLFSSL_MSG("rsa priv_key error"); + return SSL_FATAL_ERROR; + } - dsa->inSet = 1; + dsa->inSet = 1; - return 0; + return SSL_SUCCESS; } #endif /* NO_DSA */ @@ -12224,113 +12308,119 @@ static int SetRsaExternal(WOLFSSL_RSA* rsa) key = (RsaKey*)rsa->internal; - if (SetIndividualExternal(&rsa->n, &key->n) < 0) { + if (SetIndividualExternal(&rsa->n, &key->n) != SSL_SUCCESS) { WOLFSSL_MSG("rsa n key error"); return SSL_FATAL_ERROR; } - if (SetIndividualExternal(&rsa->e, &key->e) < 0) { + if (SetIndividualExternal(&rsa->e, &key->e) != SSL_SUCCESS) { WOLFSSL_MSG("rsa e key error"); return SSL_FATAL_ERROR; } - if (SetIndividualExternal(&rsa->d, &key->d) < 0) { + if (SetIndividualExternal(&rsa->d, &key->d) != SSL_SUCCESS) { WOLFSSL_MSG("rsa d key error"); return SSL_FATAL_ERROR; } - if (SetIndividualExternal(&rsa->p, &key->p) < 0) { + if (SetIndividualExternal(&rsa->p, &key->p) != SSL_SUCCESS) { WOLFSSL_MSG("rsa p key error"); return SSL_FATAL_ERROR; } - if (SetIndividualExternal(&rsa->q, &key->q) < 0) { + if (SetIndividualExternal(&rsa->q, &key->q) != SSL_SUCCESS) { WOLFSSL_MSG("rsa q key error"); return SSL_FATAL_ERROR; } - if (SetIndividualExternal(&rsa->dmp1, &key->dP) < 0) { + if (SetIndividualExternal(&rsa->dmp1, &key->dP) != SSL_SUCCESS) { WOLFSSL_MSG("rsa dP key error"); return SSL_FATAL_ERROR; } - if (SetIndividualExternal(&rsa->dmq1, &key->dQ) < 0) { + if (SetIndividualExternal(&rsa->dmq1, &key->dQ) != SSL_SUCCESS) { WOLFSSL_MSG("rsa dQ key error"); return SSL_FATAL_ERROR; } - if (SetIndividualExternal(&rsa->iqmp, &key->u) < 0) { + if (SetIndividualExternal(&rsa->iqmp, &key->u) != SSL_SUCCESS) { WOLFSSL_MSG("rsa u key error"); return SSL_FATAL_ERROR; } rsa->exSet = 1; - return 0; + return SSL_SUCCESS; } /* Openssl -> WolfSSL */ static int SetRsaInternal(WOLFSSL_RSA* rsa) { - RsaKey* key; - WOLFSSL_MSG("Entering SetRsaInternal"); + RsaKey* key; + WOLFSSL_MSG("Entering SetRsaInternal"); - if (rsa == NULL || rsa->internal == NULL) { - WOLFSSL_MSG("rsa key NULL error"); - return SSL_FATAL_ERROR; - } + if (rsa == NULL || rsa->internal == NULL) { + WOLFSSL_MSG("rsa key NULL error"); + return SSL_FATAL_ERROR; + } - key = (RsaKey*)rsa->internal; + key = (RsaKey*)rsa->internal; - if (SetIndividualInternal(rsa->n, &key->n) < 0) { - WOLFSSL_MSG("rsa n key error"); - return SSL_FATAL_ERROR; - } + if (SetIndividualInternal(rsa->n, &key->n) != SSL_SUCCESS) { + WOLFSSL_MSG("rsa n key error"); + return SSL_FATAL_ERROR; + } - if (SetIndividualInternal(rsa->e, &key->e) < 0) { - WOLFSSL_MSG("rsa e key error"); - return SSL_FATAL_ERROR; - } + if (SetIndividualInternal(rsa->e, &key->e) != SSL_SUCCESS) { + WOLFSSL_MSG("rsa e key error"); + return SSL_FATAL_ERROR; + } - if (rsa->d != NULL && SetIndividualInternal(rsa->d, &key->d) < 0) { - WOLFSSL_MSG("rsa d key error"); - return SSL_FATAL_ERROR; - } + if (rsa->d != NULL && + SetIndividualInternal(rsa->d, &key->d) != SSL_SUCCESS) { + WOLFSSL_MSG("rsa d key error"); + return SSL_FATAL_ERROR; + } - if (rsa->p != NULL && SetIndividualInternal(rsa->p, &key->p) < 0) { - WOLFSSL_MSG("rsa p key error"); - return SSL_FATAL_ERROR; - } + if (rsa->p != NULL && + SetIndividualInternal(rsa->p, &key->p) != SSL_SUCCESS) { + WOLFSSL_MSG("rsa p key error"); + return SSL_FATAL_ERROR; + } - if (rsa->q != NULL && SetIndividualInternal(rsa->q, &key->q) < 0) { - WOLFSSL_MSG("rsa q key error"); - return SSL_FATAL_ERROR; - } + if (rsa->q != NULL && + SetIndividualInternal(rsa->q, &key->q) != SSL_SUCCESS) { + WOLFSSL_MSG("rsa q key error"); + return SSL_FATAL_ERROR; + } - if (rsa->dmp1 != NULL && SetIndividualInternal(rsa->dmp1, &key->dP) < 0) { - WOLFSSL_MSG("rsa dP key error"); - return SSL_FATAL_ERROR; - } + if (rsa->dmp1 != NULL && + SetIndividualInternal(rsa->dmp1, &key->dP) != SSL_SUCCESS) { + WOLFSSL_MSG("rsa dP key error"); + return SSL_FATAL_ERROR; + } - if (rsa->dmq1 != NULL && SetIndividualInternal(rsa->dmq1, &key->dQ) < 0) { - WOLFSSL_MSG("rsa dQ key error"); - return SSL_FATAL_ERROR; - } + if (rsa->dmq1 != NULL && + SetIndividualInternal(rsa->dmq1, &key->dQ) != SSL_SUCCESS) { + WOLFSSL_MSG("rsa dQ key error"); + return SSL_FATAL_ERROR; + } - if (rsa->iqmp != NULL && SetIndividualInternal(rsa->iqmp, &key->u) < 0) { - WOLFSSL_MSG("rsa u key error"); - return SSL_FATAL_ERROR; - } + if (rsa->iqmp != NULL && + SetIndividualInternal(rsa->iqmp, &key->u) != SSL_SUCCESS) { + WOLFSSL_MSG("rsa u key error"); + return SSL_FATAL_ERROR; + } - rsa->inSet = 1; + rsa->inSet = 1; - return 0; + return SSL_SUCCESS; } /* SSL_SUCCESS on ok */ int wolfSSL_RSA_generate_key_ex(WOLFSSL_RSA* rsa, int bits, WOLFSSL_BIGNUM* bn, - void* cb) + void* cb) { int ret = SSL_FATAL_ERROR; @@ -12359,7 +12449,7 @@ int wolfSSL_RSA_generate_key_ex(WOLFSSL_RSA* rsa, int bits, WOLFSSL_BIGNUM* bn, WOLFSSL_MSG("RNG init failed"); else if (wc_MakeRsaKey((RsaKey*)rsa->internal, bits, 65537, rng) < 0) WOLFSSL_MSG("wc_MakeRsaKey failed"); - else if (SetRsaExternal(rsa) < 0) + else if (SetRsaExternal(rsa) != SSL_SUCCESS) WOLFSSL_MSG("SetRsaExternal failed"); else { rsa->inSet = 1; @@ -12389,7 +12479,9 @@ int wolfSSL_RSA_blinding_on(WOLFSSL_RSA* rsa, WOLFSSL_BN_CTX* bn) return SSL_SUCCESS; /* on by default */ } - +/* return compliant with OpenSSL + * size of encrypted data if success , -1 if error + */ int wolfSSL_RSA_public_encrypt(int len, unsigned char* fr, unsigned char* to, WOLFSSL_RSA* rsa, int padding) { @@ -12404,7 +12496,9 @@ int wolfSSL_RSA_public_encrypt(int len, unsigned char* fr, return SSL_FATAL_ERROR; } - +/* return compliant with OpenSSL + * size of plain recovered data if success , -1 if error + */ int wolfSSL_RSA_private_decrypt(int len, unsigned char* fr, unsigned char* to, WOLFSSL_RSA* rsa, int padding) { @@ -12419,13 +12513,15 @@ int wolfSSL_RSA_private_decrypt(int len, unsigned char* fr, return SSL_FATAL_ERROR; } - +/* return compliant with OpenSSL + * RSA modulus size in bytes, -1 if error + */ int wolfSSL_RSA_size(const WOLFSSL_RSA* rsa) { WOLFSSL_MSG("wolfSSL_RSA_size"); if (rsa == NULL) - return 0; + return SSL_FATAL_ERROR; return wolfSSL_BN_num_bytes(rsa->n); } @@ -12448,49 +12544,49 @@ int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet, WOLFSSL_ENTER("wolfSSL_DSA_do_sign"); - if (d == NULL || sigRet == NULL || dsa == NULL) { + if (d == NULL || sigRet == NULL || dsa == NULL) { WOLFSSL_MSG("Bad function arguments"); - return ret; - } + return ret; + } - if (dsa->inSet == 0) - { - WOLFSSL_MSG("No DSA internal set, do it"); + if (dsa->inSet == 0) + { + WOLFSSL_MSG("No DSA internal set, do it"); - if (SetDsaInternal(dsa) < 0) { - WOLFSSL_MSG("SetDsaInternal failed"); - return ret; - } - } + if (SetDsaInternal(dsa) != SSL_SUCCESS) { + WOLFSSL_MSG("SetDsaInternal failed"); + return ret; + } + } #ifdef WOLFSSL_SMALL_STACK - tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (tmpRNG == NULL) - return SSL_FATAL_ERROR; + tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (tmpRNG == NULL) + return SSL_FATAL_ERROR; #endif - if (wc_InitRng(tmpRNG) == 0) { - rng = tmpRNG; - initTmpRng = 1; - } - else { - WOLFSSL_MSG("Bad RNG Init, trying global"); - if (initGlobalRNG == 0) - WOLFSSL_MSG("Global RNG no Init"); - else - rng = &globalRNG; - } + if (wc_InitRng(tmpRNG) == 0) { + rng = tmpRNG; + initTmpRng = 1; + } + else { + WOLFSSL_MSG("Bad RNG Init, trying global"); + if (initGlobalRNG == 0) + WOLFSSL_MSG("Global RNG no Init"); + else + rng = &globalRNG; + } - if (rng) { - if (DsaSign(d, sigRet, (DsaKey*)dsa->internal, rng) < 0) - WOLFSSL_MSG("DsaSign failed"); - else - ret = SSL_SUCCESS; - } + if (rng) { + if (DsaSign(d, sigRet, (DsaKey*)dsa->internal, rng) < 0) + WOLFSSL_MSG("DsaSign failed"); + else + ret = SSL_SUCCESS; + } - if (initTmpRng) - wc_FreeRng(tmpRNG); + if (initTmpRng) + wc_FreeRng(tmpRNG); #ifdef WOLFSSL_SMALL_STACK - XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif return ret; @@ -12498,33 +12594,33 @@ int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet, int wolfSSL_DSA_do_verify(const unsigned char* d, unsigned char* sig, - WOLFSSL_DSA* dsa, int *dsacheck) + WOLFSSL_DSA* dsa, int *dsacheck) { - int ret = SSL_FATAL_ERROR; + int ret = SSL_FATAL_ERROR; - WOLFSSL_ENTER("wolfSSL_DSA_do_verify"); + WOLFSSL_ENTER("wolfSSL_DSA_do_verify"); - if (d == NULL || sig == NULL || dsa == NULL) { - WOLFSSL_MSG("Bad function arguments"); - return SSL_FATAL_ERROR; - } - if (dsa->inSet == 0) - { - WOLFSSL_MSG("No DSA internal set, do it"); + if (d == NULL || sig == NULL || dsa == NULL) { + WOLFSSL_MSG("Bad function arguments"); + return SSL_FATAL_ERROR; + } + if (dsa->inSet == 0) + { + WOLFSSL_MSG("No DSA internal set, do it"); - if (SetDsaInternal(dsa) < 0) { - WOLFSSL_MSG("SetDsaInternal failed"); - return SSL_FATAL_ERROR; - } - } + if (SetDsaInternal(dsa) != SSL_SUCCESS) { + WOLFSSL_MSG("SetDsaInternal failed"); + return SSL_FATAL_ERROR; + } + } - ret = DsaVerify(d, sig, (DsaKey*)dsa->internal, dsacheck); - if (ret != 0 || *dsacheck != 1) { - WOLFSSL_MSG("DsaVerify failed"); - return ret; - } + ret = DsaVerify(d, sig, (DsaKey*)dsa->internal, dsacheck); + if (ret != 0 || *dsacheck != 1) { + WOLFSSL_MSG("DsaVerify failed"); + return ret; + } - return SSL_SUCCESS; + return SSL_SUCCESS; } #endif /* NO_DSA */ @@ -12552,53 +12648,53 @@ int wolfSSL_RSA_sign(int type, const unsigned char* m, if (m == NULL || sigRet == NULL || sigLen == NULL || rsa == NULL) { WOLFSSL_MSG("Bad function arguments"); - return 0; - } + return 0; + } - if (type != NID_md5 && type != NID_sha1) { - WOLFSSL_MSG("Bad md type"); - return 0; - } + if (type != NID_md5 && type != NID_sha1) { + WOLFSSL_MSG("Bad md type"); + return 0; + } - if (rsa->inSet == 0) - { - WOLFSSL_MSG("No RSA internal set, do it"); + if (rsa->inSet == 0) + { + WOLFSSL_MSG("No RSA internal set, do it"); - if (SetRsaInternal(rsa) < 0) { - WOLFSSL_MSG("SetRsaInternal failed"); - return 0; - } - } + if (SetRsaInternal(rsa) != SSL_SUCCESS) { + WOLFSSL_MSG("SetRsaInternal failed"); + return 0; + } + } outLen = (word32)wolfSSL_BN_num_bytes(rsa->n); #ifdef WOLFSSL_SMALL_STACK - tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (tmpRNG == NULL) - return 0; + tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (tmpRNG == NULL) + return 0; - encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, NULL, - DYNAMIC_TYPE_TMP_BUFFER); - if (encodedSig == NULL) { - XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER); - return 0; - } + encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (encodedSig == NULL) { + XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return 0; + } #endif - if (outLen == 0) - WOLFSSL_MSG("Bad RSA size"); - else if (wc_InitRng(tmpRNG) == 0) { - rng = tmpRNG; - initTmpRng = 1; - } - else { - WOLFSSL_MSG("Bad RNG Init, trying global"); + if (outLen == 0) + WOLFSSL_MSG("Bad RSA size"); + else if (wc_InitRng(tmpRNG) == 0) { + rng = tmpRNG; + initTmpRng = 1; + } + else { + WOLFSSL_MSG("Bad RNG Init, trying global"); - if (initGlobalRNG == 0) - WOLFSSL_MSG("Global RNG no Init"); - else - rng = &globalRNG; - } + if (initGlobalRNG == 0) + WOLFSSL_MSG("Global RNG no Init"); + else + rng = &globalRNG; + } if (rng) { type = (type == NID_md5) ? MD5h : SHAh; @@ -12626,11 +12722,11 @@ int wolfSSL_RSA_sign(int type, const unsigned char* m, XFREE(encodedSig, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif - if (ret == SSL_SUCCESS) - WOLFSSL_MSG("wolfSSL_RSA_sign success"); - else { - WOLFSSL_MSG("wolfSSL_RSA_sign failed"); - } + if (ret == SSL_SUCCESS) + WOLFSSL_MSG("wolfSSL_RSA_sign success"); + else { + WOLFSSL_MSG("wolfSSL_RSA_sign failed"); + } return ret; } @@ -12640,35 +12736,36 @@ int wolfSSL_RSA_public_decrypt(int flen, unsigned char* from, { int tlen = 0; - WOLFSSL_MSG("wolfSSL_RSA_public_decrypt"); + WOLFSSL_MSG("wolfSSL_RSA_public_decrypt"); - if (rsa == NULL || rsa->internal == NULL || from == NULL) { - WOLFSSL_MSG("Bad function arguments"); - return 0; - } + if (rsa == NULL || rsa->internal == NULL || from == NULL) { + WOLFSSL_MSG("Bad function arguments"); + return 0; + } - if (padding != RSA_PKCS1_PADDING) { - WOLFSSL_MSG("wolfSSL_RSA_public_decrypt unsupported padding"); - return 0; - } + if (padding != RSA_PKCS1_PADDING) { + WOLFSSL_MSG("wolfSSL_RSA_public_decrypt unsupported padding"); + return 0; + } - if (rsa->inSet == 0) - { - WOLFSSL_MSG("No RSA internal set, do it"); + if (rsa->inSet == 0) + { + WOLFSSL_MSG("No RSA internal set, do it"); - if (SetRsaInternal(rsa) < 0) { - WOLFSSL_MSG("SetRsaInternal failed"); - return 0; - } - } + if (SetRsaInternal(rsa) != SSL_SUCCESS) { + WOLFSSL_MSG("SetRsaInternal failed"); + return 0; + } + } - /* size of 'to' buffer must be size of RSA key */ - tlen = wc_RsaSSL_Verify(from, flen, to, wolfSSL_RSA_size(rsa), (RsaKey*)rsa->internal); - if (tlen <= 0) - WOLFSSL_MSG("wolfSSL_RSA_public_decrypt failed"); - else { - WOLFSSL_MSG("wolfSSL_RSA_public_decrypt success"); - } + /* size of 'to' buffer must be size of RSA key */ + tlen = wc_RsaSSL_Verify(from, flen, to, wolfSSL_RSA_size(rsa), + (RsaKey*)rsa->internal); + if (tlen <= 0) + WOLFSSL_MSG("wolfSSL_RSA_public_decrypt failed"); + else { + WOLFSSL_MSG("wolfSSL_RSA_public_decrypt success"); + } return tlen; } @@ -12857,10 +12954,10 @@ WOLFSSL_DSA* wolfSSL_EVP_PKEY_get1_DSA(WOLFSSL_EVP_PKEY* key) WOLFSSL_EC_KEY* wolfSSL_EVP_PKEY_get1_EC_KEY(WOLFSSL_EVP_PKEY* key) { - (void)key; - WOLFSSL_MSG("wolfSSL_EVP_PKEY_get1_EC_KEY not implemented"); + (void)key; + WOLFSSL_MSG("wolfSSL_EVP_PKEY_get1_EC_KEY not implemented"); - return NULL; + return NULL; } @@ -13050,157 +13147,157 @@ void wolfSSL_OPENSSL_free(void* p) #if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) int wolfSSL_PEM_write_buf_RSAPrivateKey(RSA* rsa, const EVP_CIPHER* cipher, - unsigned char* passwd, int len, - byte **pem, int *plen) + unsigned char* passwd, int len, + byte **pem, int *plen) { (void)cipher; (void)passwd; (void)len; - byte *der, *tmp; - int der_max_len = 0, derSz = 0; + byte *der, *tmp; + int der_max_len = 0, derSz = 0; WOLFSSL_MSG("wolfSSL_PEM_write_buf_RSAPrivateKey"); - if (pem == NULL || plen == NULL || rsa == NULL || rsa->internal == NULL) { - WOLFSSL_MSG("Bad function arguments"); - return 0; - } + if (pem == NULL || plen == NULL || rsa == NULL || rsa->internal == NULL) { + WOLFSSL_MSG("Bad function arguments"); + return SSL_FAILURE; + } - if (rsa->inSet == 0) { - WOLFSSL_MSG("No RSA internal set, do it"); + if (rsa->inSet == 0) { + WOLFSSL_MSG("No RSA internal set, do it"); - if (SetRsaInternal(rsa) < 0) { - WOLFSSL_MSG("SetRsaInternal failed"); - return 0; - } - } + if (SetRsaInternal(rsa) != SSL_SUCCESS) { + WOLFSSL_MSG("SetRsaInternal failed"); + return SSL_FAILURE; + } + } - der_max_len = 5 * wolfSSL_RSA_size(rsa); - printf("der_max_len = %d\n", der_max_len); + der_max_len = 5 * wolfSSL_RSA_size(rsa); + printf("der_max_len = %d\n", der_max_len); - der = (byte*)XMALLOC(der_max_len, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (der == NULL) { - WOLFSSL_MSG("malloc failed"); - return 0; - } + der = (byte*)XMALLOC(der_max_len, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (der == NULL) { + WOLFSSL_MSG("malloc failed"); + return SSL_FAILURE; + } - /* Key to DER */ - derSz = wc_RsaKeyToDer(rsa->internal, der, der_max_len); - if (derSz < 0) { - WOLFSSL_MSG("wc_RsaKeyToDer failed"); - XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); - return 0; - } + /* Key to DER */ + derSz = wc_RsaKeyToDer(rsa->internal, der, der_max_len); + if (derSz < 0) { + WOLFSSL_MSG("wc_RsaKeyToDer failed"); + XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return SSL_FAILURE; + } - /* tmp buffer with a max size */ - *plen = (derSz * 2) + sizeof(BEGIN_RSA_PRIV) + sizeof(END_RSA_PRIV); - tmp = (byte*)XMALLOC(*plen, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (tmp == NULL) { - WOLFSSL_MSG("malloc failed"); - return 0; - } + /* tmp buffer with a max size */ + *plen = (derSz * 2) + sizeof(BEGIN_RSA_PRIV) + sizeof(END_RSA_PRIV); + tmp = (byte*)XMALLOC(*plen, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (tmp == NULL) { + WOLFSSL_MSG("malloc failed"); + return SSL_FAILURE; + } - /* DER to PEM */ - *plen = wc_DerToPem(der, derSz, tmp, *plen, PRIVATEKEY_TYPE); - if (*plen <= 0) { - WOLFSSL_MSG("wc_DerToPem failed"); - XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); - return 0; - } - XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); + /* DER to PEM */ + *plen = wc_DerToPem(der, derSz, tmp, *plen, PRIVATEKEY_TYPE); + if (*plen <= 0) { + WOLFSSL_MSG("wc_DerToPem failed"); + XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return SSL_FAILURE; + } + XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); - *pem = (byte*)XMALLOC((*plen)+1, NULL, DYNAMIC_TYPE_OUT_BUFFER); - if (*pem == NULL) { - WOLFSSL_MSG("malloc failed"); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); - return 0; - } - XMEMSET(*pem, 0, (*plen)+1); + *pem = (byte*)XMALLOC((*plen)+1, NULL, DYNAMIC_TYPE_OUT_BUFFER); + if (*pem == NULL) { + WOLFSSL_MSG("malloc failed"); + XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return SSL_FAILURE; + } + XMEMSET(*pem, 0, (*plen)+1); - if (XMEMCPY(*pem, tmp, *plen) == NULL) { - WOLFSSL_MSG("malloc failed"); - XFREE(pem, NULL, DYNAMIC_TYPE_OUT_BUFFER); - XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); - return 0; - } + if (XMEMCPY(*pem, tmp, *plen) == NULL) { + WOLFSSL_MSG("malloc failed"); + XFREE(pem, NULL, DYNAMIC_TYPE_OUT_BUFFER); + XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return SSL_FAILURE; + } - return 1; + return SSL_SUCCESS; } -int wolfSSL_PEM_write_RSAPrivateKey(FILE *fp, WOLFSSL_RSA *rsa, const EVP_CIPHER *enc, - unsigned char *kstr, int klen, - pem_password_cb *cb, void *u) +int wolfSSL_PEM_write_RSAPrivateKey(FILE *fp, WOLFSSL_RSA *rsa, + const EVP_CIPHER *enc, + unsigned char *kstr, int klen, + pem_password_cb *cb, void *u) { - (void)enc; - (void)kstr; - (void)klen; - (void)cb; - (void)u; + (void)enc; + (void)kstr; + (void)klen; + (void)cb; + (void)u; - byte *pem; - int plen, ret; + byte *pem; + int plen, ret; - WOLFSSL_MSG("wolfSSL_PEM_write_RSAPrivateKey"); + WOLFSSL_MSG("wolfSSL_PEM_write_RSAPrivateKey"); - if (fp == NULL || rsa == NULL || rsa->internal == NULL) { - WOLFSSL_MSG("Bad function arguments"); - return 0; - } + if (fp == NULL || rsa == NULL || rsa->internal == NULL) { + WOLFSSL_MSG("Bad function arguments"); + return SSL_FAILURE; + } - ret = wolfSSL_PEM_write_buf_RSAPrivateKey(rsa, enc, NULL, 0, &pem, &plen); - if (ret != 1) { - WOLFSSL_MSG("wolfSSL_PEM_write_buf_RSAPrivateKey failed"); - return 0; - } + ret = wolfSSL_PEM_write_buf_RSAPrivateKey(rsa, enc, NULL, 0, &pem, &plen); + if (ret != 1) { + WOLFSSL_MSG("wolfSSL_PEM_write_buf_RSAPrivateKey failed"); + return SSL_FAILURE; + } - ret = (int)XFWRITE(pem, plen, 1, fp); - if (ret != 1) { - WOLFSSL_MSG("RSA private key file write failed"); - return 0; - } + ret = (int)XFWRITE(pem, plen, 1, fp); + if (ret != 1) { + WOLFSSL_MSG("RSA private key file write failed"); + return SSL_FAILURE; + } - XFREE(pem, NULL, DYNAMIC_TYPE_OUT_BUFFER); - return 1; + XFREE(pem, NULL, DYNAMIC_TYPE_OUT_BUFFER); + return SSL_SUCCESS; } int wolfSSL_PEM_write_bio_RSAPrivateKey(WOLFSSL_BIO* bio, RSA* rsa, - const EVP_CIPHER* cipher, - unsigned char* passwd, int len, - pem_password_cb cb, void* arg) + const EVP_CIPHER* cipher, + unsigned char* passwd, int len, + pem_password_cb cb, void* arg) { - (void)bio; - (void)rsa; - (void)cipher; - (void)passwd; - (void)len; - (void)cb; - (void)arg; + (void)bio; + (void)rsa; + (void)cipher; + (void)passwd; + (void)len; + (void)cb; + (void)arg; - WOLFSSL_MSG("wolfSSL_PEM_write_bio_RSAPrivateKey not implemented"); + WOLFSSL_MSG("wolfSSL_PEM_write_bio_RSAPrivateKey not implemented"); - return SSL_FATAL_ERROR; + return SSL_FAILURE; } #endif /* defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) */ -WOLFSSL_API int wolfSSL_PEM_write_bio_ECPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EC_KEY* ec, - const EVP_CIPHER* cipher, - unsigned char* passwd, int len, - pem_password_cb cb, void* arg) +int wolfSSL_PEM_write_bio_ECPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EC_KEY* ec, + const EVP_CIPHER* cipher, + unsigned char* passwd, int len, + pem_password_cb cb, void* arg) { - (void)bio; - (void)ec; - (void)cipher; - (void)passwd; - (void)len; - (void)cb; - (void)arg; + (void)bio; + (void)ec; + (void)cipher; + (void)passwd; + (void)len; + (void)cb; + (void)arg; - WOLFSSL_MSG("wolfSSL_PEM_write_bio_ECPrivateKey not implemented"); - - return SSL_FATAL_ERROR; + WOLFSSL_MSG("wolfSSL_PEM_write_bio_ECPrivateKey not implemented"); + return SSL_FAILURE; } #ifdef HAVE_ECC @@ -13208,456 +13305,472 @@ WOLFSSL_API int wolfSSL_PEM_write_bio_ECPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EC_ /* EC_POINT Openssl -> WolfSSL */ static int SetECPointInternal(WOLFSSL_EC_POINT *p) { - ecc_point* point; - WOLFSSL_ENTER("SetECPointInternal"); + ecc_point* point; + WOLFSSL_ENTER("SetECPointInternal"); - if (p == NULL || p->internal == NULL) { - WOLFSSL_MSG("ECPoint NULL error"); - return SSL_FATAL_ERROR; - } + if (p == NULL || p->internal == NULL) { + WOLFSSL_MSG("ECPoint NULL error"); + return SSL_FATAL_ERROR; + } - point = (ecc_point*)p->internal; + point = (ecc_point*)p->internal; - if (p->X != NULL && SetIndividualInternal(p->X, point->x) < 0) { - WOLFSSL_MSG("ecc point X error"); - return SSL_FATAL_ERROR; - } + if (p->X != NULL && SetIndividualInternal(p->X, point->x) != SSL_SUCCESS) { + WOLFSSL_MSG("ecc point X error"); + return SSL_FATAL_ERROR; + } - if (p->Y != NULL && SetIndividualInternal(p->Y, point->y) < 0) { - WOLFSSL_MSG("ecc point Y error"); - return SSL_FATAL_ERROR; - } + if (p->Y != NULL && SetIndividualInternal(p->Y, point->y) != SSL_SUCCESS) { + WOLFSSL_MSG("ecc point Y error"); + return SSL_FATAL_ERROR; + } - if (p->Z != NULL && SetIndividualInternal(p->Z, point->z) < 0) { - WOLFSSL_MSG("ecc point Z error"); - return SSL_FATAL_ERROR; - } + if (p->Z != NULL && SetIndividualInternal(p->Z, point->z) != SSL_SUCCESS) { + WOLFSSL_MSG("ecc point Z error"); + return SSL_FATAL_ERROR; + } - p->inSet = 1; + p->inSet = 1; - return 0; + return SSL_SUCCESS; } /* EC_POINT WolfSSL -> OpenSSL */ static int SetECPointExternal(WOLFSSL_EC_POINT *p) { - ecc_point* point; + ecc_point* point; - WOLFSSL_ENTER("SetECPointExternal"); + WOLFSSL_ENTER("SetECPointExternal"); - if (p == NULL || p->internal == NULL) { - WOLFSSL_MSG("ECPoint NULL error"); - return SSL_FATAL_ERROR; - } + if (p == NULL || p->internal == NULL) { + WOLFSSL_MSG("ECPoint NULL error"); + return SSL_FATAL_ERROR; + } - point = (ecc_point*)p->internal; + point = (ecc_point*)p->internal; - if (SetIndividualExternal(&p->X, point->x) < 0) { - WOLFSSL_MSG("ecc point X error"); - return SSL_FATAL_ERROR; - } + if (SetIndividualExternal(&p->X, point->x) != SSL_SUCCESS) { + WOLFSSL_MSG("ecc point X error"); + return SSL_FATAL_ERROR; + } - if (SetIndividualExternal(&p->Y, point->y) < 0) { - WOLFSSL_MSG("ecc point Y error"); - return SSL_FATAL_ERROR; - } + if (SetIndividualExternal(&p->Y, point->y) != SSL_SUCCESS) { + WOLFSSL_MSG("ecc point Y error"); + return SSL_FATAL_ERROR; + } - if (SetIndividualExternal(&p->Z, point->z) < 0) { - WOLFSSL_MSG("ecc point Z error"); - return SSL_FATAL_ERROR; - } + if (SetIndividualExternal(&p->Z, point->z) != SSL_SUCCESS) { + WOLFSSL_MSG("ecc point Z error"); + return SSL_FATAL_ERROR; + } - p->exSet = 1; + p->exSet = 1; - return 0; + return SSL_SUCCESS; } /* EC_KEY wolfSSL -> OpenSSL */ static int SetECKeyExternal(WOLFSSL_EC_KEY* eckey) { - ecc_key* key; + ecc_key* key; - WOLFSSL_ENTER("SetECKeyExternal"); + WOLFSSL_ENTER("SetECKeyExternal"); - if (eckey == NULL || eckey->internal == NULL) { - WOLFSSL_MSG("ec key NULL error"); - return SSL_FATAL_ERROR; - } + if (eckey == NULL || eckey->internal == NULL) { + WOLFSSL_MSG("ec key NULL error"); + return SSL_FATAL_ERROR; + } - key = (ecc_key*)eckey->internal; + key = (ecc_key*)eckey->internal; - /* set group (nid and idx) */ - eckey->group->curve_nid = ecc_sets[key->idx].nid; - eckey->group->curve_idx = key->idx; + /* set group (nid and idx) */ + eckey->group->curve_nid = ecc_sets[key->idx].nid; + eckey->group->curve_idx = key->idx; - if (eckey->pub_key->internal != NULL) { - /* set the internal public key */ - if (ecc_copy_point(&key->pubkey, eckey->pub_key->internal) != 1) { - WOLFSSL_MSG("SetECKeyExternal ecc_copy_point failed"); - return SSL_FATAL_ERROR; - } + if (eckey->pub_key->internal != NULL) { + /* set the internal public key */ + if (ecc_copy_point(&key->pubkey, eckey->pub_key->internal) != MP_OKAY) { + WOLFSSL_MSG("SetECKeyExternal ecc_copy_point failed"); + return SSL_FATAL_ERROR; + } - /* set the external pubkey (point) */ - if (SetECPointExternal(eckey->pub_key) < 0) { - WOLFSSL_MSG("SetECKeyExternal SetECPointExternal failed"); - return SSL_FATAL_ERROR; - } - } + /* set the external pubkey (point) */ + if (SetECPointExternal(eckey->pub_key) != SSL_SUCCESS) { + WOLFSSL_MSG("SetECKeyExternal SetECPointExternal failed"); + return SSL_FATAL_ERROR; + } + } - /* set the external privkey */ - if (key->type == ECC_PRIVATEKEY) { - if (SetIndividualExternal(&eckey->priv_key, &key->k) < 0) { - WOLFSSL_MSG("ec priv key error"); - return SSL_FATAL_ERROR; - } - } + /* set the external privkey */ + if (key->type == ECC_PRIVATEKEY) { + if (SetIndividualExternal(&eckey->priv_key, &key->k) != SSL_SUCCESS) { + WOLFSSL_MSG("ec priv key error"); + return SSL_FATAL_ERROR; + } + } - eckey->exSet = 1; + eckey->exSet = 1; - return SSL_SUCCESS; + return SSL_SUCCESS; } /* EC_KEY Openssl -> WolfSSL */ static int SetECKeyInternal(WOLFSSL_EC_KEY* eckey) { - ecc_key* key; + ecc_key* key; - WOLFSSL_ENTER("SetECKeyInternal"); + WOLFSSL_ENTER("SetECKeyInternal"); - if (eckey == NULL || eckey->internal == NULL) { - WOLFSSL_MSG("ec key NULL error"); - return SSL_FATAL_ERROR; - } + if (eckey == NULL || eckey->internal == NULL) { + WOLFSSL_MSG("ec key NULL error"); + return SSL_FATAL_ERROR; + } - key = (ecc_key*)eckey->internal; + key = (ecc_key*)eckey->internal; - /* set group (idx of curve and corresponding domain parameters) */ - key->idx = eckey->group->curve_idx; - key->dp = &ecc_sets[key->idx]; + /* set group (idx of curve and corresponding domain parameters) */ + key->idx = eckey->group->curve_idx; + key->dp = &ecc_sets[key->idx]; - /* set pubkey (point) */ - if (eckey->pub_key != NULL && eckey->pub_key->internal != NULL) { - if (SetECPointInternal(eckey->pub_key) < 0) { - WOLFSSL_MSG("SetECPointInternal failure"); - return SSL_FATAL_ERROR; - } - } + /* set pubkey (point) */ + if (eckey->pub_key != NULL && eckey->pub_key->internal != NULL) { + if (SetECPointInternal(eckey->pub_key) != SSL_SUCCESS) { + WOLFSSL_MSG("SetECPointInternal failure"); + return SSL_FATAL_ERROR; + } + } - /* set privkey */ - if (eckey->priv_key != NULL && eckey->priv_key->internal != NULL) { - key->type = ECC_PRIVATEKEY; + /* set privkey */ + if (eckey->priv_key != NULL && eckey->priv_key->internal != NULL) { + key->type = ECC_PRIVATEKEY; - if (SetIndividualInternal(eckey->priv_key, &key->k) < 0) { - WOLFSSL_MSG("rsa p key error"); - return SSL_FATAL_ERROR; - } - } - else - key->type = ECC_PUBLICKEY; + if (SetIndividualInternal(eckey->priv_key, &key->k) != SSL_SUCCESS) { + WOLFSSL_MSG("rsa p key error"); + return SSL_FATAL_ERROR; + } + } + else + key->type = ECC_PUBLICKEY; - eckey->inSet = 1; + eckey->inSet = 1; - return SSL_SUCCESS; + return SSL_SUCCESS; } WOLFSSL_EC_POINT *wolfSSL_EC_KEY_get0_public_key(const WOLFSSL_EC_KEY *key) { - WOLFSSL_ENTER("wolfSSL_EC_KEY_get0_public_key"); + WOLFSSL_ENTER("wolfSSL_EC_KEY_get0_public_key"); - if (key == NULL) { - WOLFSSL_MSG("wolfSSL_EC_KEY_get0_group Bad arguments"); - return NULL; - } + if (key == NULL) { + WOLFSSL_MSG("wolfSSL_EC_KEY_get0_group Bad arguments"); + return NULL; + } - return key->pub_key; + return key->pub_key; } const WOLFSSL_EC_GROUP *wolfSSL_EC_KEY_get0_group(const WOLFSSL_EC_KEY *key) { - WOLFSSL_ENTER("wolfSSL_EC_KEY_get0_group"); + WOLFSSL_ENTER("wolfSSL_EC_KEY_get0_group"); - if (key == NULL) { - WOLFSSL_MSG("wolfSSL_EC_KEY_get0_group Bad arguments"); - return NULL; - } + if (key == NULL) { + WOLFSSL_MSG("wolfSSL_EC_KEY_get0_group Bad arguments"); + return NULL; + } - return key->group; + return key->group; } -int wolfSSL_EC_KEY_set_private_key(WOLFSSL_EC_KEY *key, const WOLFSSL_BIGNUM *priv_key) +/* return code compliant with OpenSSL : + * 1 if success, 0 if error + */ +int wolfSSL_EC_KEY_set_private_key(WOLFSSL_EC_KEY *key, + const WOLFSSL_BIGNUM *priv_key) { - (void)key; - (void)priv_key; + (void)key; + (void)priv_key; - WOLFSSL_ENTER("wolfSSL_EC_KEY_set_private_key"); - WOLFSSL_MSG("wolfSSL_EC_KEY_set_private_key TBD"); + WOLFSSL_ENTER("wolfSSL_EC_KEY_set_private_key"); + WOLFSSL_MSG("wolfSSL_EC_KEY_set_private_key TBD"); - return -1; + return SSL_FAILURE; } WOLFSSL_BIGNUM *wolfSSL_EC_KEY_get0_private_key(const WOLFSSL_EC_KEY *key) { - WOLFSSL_ENTER("wolfSSL_EC_KEY_get0_private_key"); + WOLFSSL_ENTER("wolfSSL_EC_KEY_get0_private_key"); - if (key == NULL) { - WOLFSSL_MSG("wolfSSL_EC_KEY_get0_private_key Bad arguments"); - return NULL; - } + if (key == NULL) { + WOLFSSL_MSG("wolfSSL_EC_KEY_get0_private_key Bad arguments"); + return NULL; + } - return key->priv_key; + return key->priv_key; } WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new_by_curve_name(int nid) { - WOLFSSL_EC_KEY *key; - int x; + WOLFSSL_EC_KEY *key; + int x; - WOLFSSL_ENTER("wolfSSL_EC_KEY_new_by_curve_name"); + WOLFSSL_ENTER("wolfSSL_EC_KEY_new_by_curve_name"); - key = wolfSSL_EC_KEY_new(); - if (key == NULL) { - WOLFSSL_MSG("wolfSSL_EC_KEY_new failure"); - return NULL; - } + key = wolfSSL_EC_KEY_new(); + if (key == NULL) { + WOLFSSL_MSG("wolfSSL_EC_KEY_new failure"); + return NULL; + } - /* set the nid of the curve */ - key->group->curve_nid = nid; + /* set the nid of the curve */ + key->group->curve_nid = nid; - /* search and set the corresponding internal curve idx */ - for (x = 0; ecc_sets[x].size != 0; x++) - if (ecc_sets[x].nid == key->group->curve_nid) { - key->group->curve_idx = x; - break; - } + /* search and set the corresponding internal curve idx */ + for (x = 0; ecc_sets[x].size != 0; x++) + if (ecc_sets[x].nid == key->group->curve_nid) { + key->group->curve_idx = x; + break; + } - return key; + return key; } static void InitwolfSSL_ECKey(WOLFSSL_EC_KEY* key) { - if (key) { - key->group = NULL; - key->pub_key = NULL; - key->priv_key = NULL; - key->internal = NULL; - key->inSet = 0; - key->exSet = 0; - } + if (key) { + key->group = NULL; + key->pub_key = NULL; + key->priv_key = NULL; + key->internal = NULL; + key->inSet = 0; + key->exSet = 0; + } } WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new(void) { - WOLFSSL_EC_KEY *external; - ecc_key* key; + WOLFSSL_EC_KEY *external; + ecc_key* key; - WOLFSSL_ENTER("wolfSSL_EC_KEY_new"); + WOLFSSL_ENTER("wolfSSL_EC_KEY_new"); - external = (WOLFSSL_EC_KEY*)XMALLOC(sizeof(WOLFSSL_EC_KEY), NULL, DYNAMIC_TYPE_ECC); - if (external == NULL) { - WOLFSSL_MSG("wolfSSL_EC_KEY_new malloc WOLFSSL_EC_KEY failure"); - return NULL; - } - XMEMSET(external, 0, sizeof(WOLFSSL_EC_KEY)); + external = (WOLFSSL_EC_KEY*)XMALLOC(sizeof(WOLFSSL_EC_KEY), NULL, + DYNAMIC_TYPE_ECC); + if (external == NULL) { + WOLFSSL_MSG("wolfSSL_EC_KEY_new malloc WOLFSSL_EC_KEY failure"); + return NULL; + } + XMEMSET(external, 0, sizeof(WOLFSSL_EC_KEY)); - InitwolfSSL_ECKey(external); + InitwolfSSL_ECKey(external); - external->internal = (ecc_key*)XMALLOC(sizeof(ecc_key), NULL, DYNAMIC_TYPE_ECC); - if (external->internal == NULL) { - WOLFSSL_MSG("wolfSSL_EC_KEY_new malloc ecc key failure"); - wolfSSL_EC_KEY_free(external); - return NULL; - } - XMEMSET(external->internal, 0, sizeof(ecc_key)); + external->internal = (ecc_key*)XMALLOC(sizeof(ecc_key), NULL, + DYNAMIC_TYPE_ECC); + if (external->internal == NULL) { + WOLFSSL_MSG("wolfSSL_EC_KEY_new malloc ecc key failure"); + wolfSSL_EC_KEY_free(external); + return NULL; + } + XMEMSET(external->internal, 0, sizeof(ecc_key)); - wc_ecc_init(external->internal); + wc_ecc_init(external->internal); - /* public key */ - external->pub_key = (WOLFSSL_EC_POINT*)XMALLOC(sizeof(WOLFSSL_EC_POINT), NULL, DYNAMIC_TYPE_ECC); - if (external->pub_key == NULL) { - WOLFSSL_MSG("wolfSSL_EC_KEY_new malloc WOLFSSL_EC_POINT failure"); - wolfSSL_EC_KEY_free(external); - return NULL; - } - XMEMSET(external->pub_key, 0, sizeof(WOLFSSL_EC_POINT)); + /* public key */ + external->pub_key = (WOLFSSL_EC_POINT*)XMALLOC(sizeof(WOLFSSL_EC_POINT), + NULL, DYNAMIC_TYPE_ECC); + if (external->pub_key == NULL) { + WOLFSSL_MSG("wolfSSL_EC_KEY_new malloc WOLFSSL_EC_POINT failure"); + wolfSSL_EC_KEY_free(external); + return NULL; + } + XMEMSET(external->pub_key, 0, sizeof(WOLFSSL_EC_POINT)); - key = external->internal; - external->pub_key->internal = (ecc_point*)&key->pubkey; + key = external->internal; + external->pub_key->internal = (ecc_point*)&key->pubkey; - /* curve group */ - external->group = (WOLFSSL_EC_GROUP*)XMALLOC(sizeof(WOLFSSL_EC_GROUP), NULL, DYNAMIC_TYPE_ECC); - if (external->group == NULL) { - WOLFSSL_MSG("wolfSSL_EC_KEY_new malloc WOLFSSL_EC_GROUP failure"); - wolfSSL_EC_KEY_free(external); - return NULL; - } - XMEMSET(external->group, 0, sizeof(WOLFSSL_EC_GROUP)); + /* curve group */ + external->group = (WOLFSSL_EC_GROUP*)XMALLOC(sizeof(WOLFSSL_EC_GROUP), NULL, + DYNAMIC_TYPE_ECC); + if (external->group == NULL) { + WOLFSSL_MSG("wolfSSL_EC_KEY_new malloc WOLFSSL_EC_GROUP failure"); + wolfSSL_EC_KEY_free(external); + return NULL; + } + XMEMSET(external->group, 0, sizeof(WOLFSSL_EC_GROUP)); - /* private key */ - external->priv_key = wolfSSL_BN_new(); - if (external->priv_key == NULL) { - WOLFSSL_MSG("wolfSSL_BN_new failure"); - wolfSSL_EC_KEY_free(external); - return NULL; - } + /* private key */ + external->priv_key = wolfSSL_BN_new(); + if (external->priv_key == NULL) { + WOLFSSL_MSG("wolfSSL_BN_new failure"); + wolfSSL_EC_KEY_free(external); + return NULL; + } - return external; + return external; } void wolfSSL_EC_KEY_free(WOLFSSL_EC_KEY *key) { - WOLFSSL_ENTER("wolfSSL_EC_KEY_free"); + WOLFSSL_ENTER("wolfSSL_EC_KEY_free"); - if (key != NULL) { - if (key->internal != NULL) { - wc_ecc_free((ecc_key*)key->internal); - XFREE(key->internal, NULL, DYNAMIC_TYPE_ECC); - } - wolfSSL_BN_free(key->priv_key); - wolfSSL_EC_POINT_free(key->pub_key); - wolfSSL_EC_GROUP_free(key->group); - InitwolfSSL_ECKey(key); /* set back to NULLs for safety */ + if (key != NULL) { + if (key->internal != NULL) { + wc_ecc_free((ecc_key*)key->internal); + XFREE(key->internal, NULL, DYNAMIC_TYPE_ECC); + } + wolfSSL_BN_free(key->priv_key); + wolfSSL_EC_POINT_free(key->pub_key); + wolfSSL_EC_GROUP_free(key->group); + InitwolfSSL_ECKey(key); /* set back to NULLs for safety */ - XFREE(key, NULL, DYNAMIC_TYPE_ECC); - key = NULL; - } + XFREE(key, NULL, DYNAMIC_TYPE_ECC); + key = NULL; + } } int wolfSSL_EC_KEY_set_group(WOLFSSL_EC_KEY *key, WOLFSSL_EC_GROUP *group) { - (void)key; - (void)group; + (void)key; + (void)group; - WOLFSSL_ENTER("wolfSSL_EC_KEY_set_group"); - WOLFSSL_MSG("wolfSSL_EC_KEY_set_group TBD"); + WOLFSSL_ENTER("wolfSSL_EC_KEY_set_group"); + WOLFSSL_MSG("wolfSSL_EC_KEY_set_group TBD"); - return -1; + return -1; } int wolfSSL_EC_KEY_generate_key(WOLFSSL_EC_KEY *key) { - int initTmpRng = 0; - RNG* rng = NULL; + int initTmpRng = 0; + RNG* rng = NULL; #ifdef WOLFSSL_SMALL_STACK - RNG* tmpRNG = NULL; + RNG* tmpRNG = NULL; #else - RNG tmpRNG[1]; + RNG tmpRNG[1]; #endif - WOLFSSL_ENTER("wolfSSL_EC_KEY_generate_key"); + WOLFSSL_ENTER("wolfSSL_EC_KEY_generate_key"); - if (key == NULL || key->internal == NULL || key->group == NULL || key->group->curve_idx < 0) { - WOLFSSL_MSG("wolfSSL_EC_KEY_generate_key Bad arguments"); - return 0; - } + if (key == NULL || key->internal == NULL || + key->group == NULL || key->group->curve_idx < 0) { + WOLFSSL_MSG("wolfSSL_EC_KEY_generate_key Bad arguments"); + return 0; + } #ifdef WOLFSSL_SMALL_STACK - tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (tmpRNG == NULL) - return 0; + tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (tmpRNG == NULL) + return 0; #endif - if (wc_InitRng(tmpRNG) == 0) { - rng = tmpRNG; - initTmpRng = 1; - } - else { - WOLFSSL_MSG("Bad RNG Init, trying global"); - if (initGlobalRNG == 0) - WOLFSSL_MSG("Global RNG no Init"); - else - rng = &globalRNG; - } + if (wc_InitRng(tmpRNG) == 0) { + rng = tmpRNG; + initTmpRng = 1; + } + else { + WOLFSSL_MSG("Bad RNG Init, trying global"); + if (initGlobalRNG == 0) + WOLFSSL_MSG("Global RNG no Init"); + else + rng = &globalRNG; + } - if (rng == NULL) { - WOLFSSL_MSG("wolfSSL_EC_KEY_generate_key failed to set RNG"); + if (rng == NULL) { + WOLFSSL_MSG("wolfSSL_EC_KEY_generate_key failed to set RNG"); #ifdef WOLFSSL_SMALL_STACK - XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif - return 0; - } + return 0; + } - if (wc_ecc_make_key(rng, ecc_sets[key->group->curve_idx].size, (ecc_key*)key->internal) != MP_OKAY) { - WOLFSSL_MSG("wolfSSL_EC_KEY_generate_key wc_ecc_make_key failed"); + if (wc_ecc_make_key(rng, ecc_sets[key->group->curve_idx].size, + (ecc_key*)key->internal) != MP_OKAY) { + WOLFSSL_MSG("wolfSSL_EC_KEY_generate_key wc_ecc_make_key failed"); #ifdef WOLFSSL_SMALL_STACK - XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif - return 0; - } + return 0; + } - if (initTmpRng) - wc_FreeRng(tmpRNG); + if (initTmpRng) + wc_FreeRng(tmpRNG); #ifdef WOLFSSL_SMALL_STACK - XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif - if (SetECKeyExternal(key) < 0) { - WOLFSSL_MSG("wolfSSL_EC_KEY_generate_key SetECKeyExternal failed"); - return 0; - } + if (SetECKeyExternal(key) != SSL_SUCCESS) { + WOLFSSL_MSG("wolfSSL_EC_KEY_generate_key SetECKeyExternal failed"); + return 0; + } - return 1; + return 1; } -void wolfSSL_EC_KEY_set_asn1_flag(WOLFSSL_EC_KEY *key, int asn1_flag){ - (void)key; - (void)asn1_flag; - - WOLFSSL_ENTER("wolfSSL_EC_KEY_set_asn1_flag"); - WOLFSSL_MSG("wolfSSL_EC_KEY_set_asn1_flag TBD"); -} - -int wolfSSL_EC_KEY_set_public_key(WOLFSSL_EC_KEY *key, const WOLFSSL_EC_POINT *pub) +void wolfSSL_EC_KEY_set_asn1_flag(WOLFSSL_EC_KEY *key, int asn1_flag) { - ecc_point *pub_p, *key_p; + (void)key; + (void)asn1_flag; - WOLFSSL_ENTER("wolfSSL_EC_KEY_set_public_key"); + WOLFSSL_ENTER("wolfSSL_EC_KEY_set_asn1_flag"); + WOLFSSL_MSG("wolfSSL_EC_KEY_set_asn1_flag TBD"); +} - if (key == NULL || key->internal == NULL || pub == NULL || pub->internal == NULL) { - WOLFSSL_MSG("wolfSSL_EC_GROUP_get_order Bad arguments"); - return 0; - } +/* return code compliant with OpenSSL : + * 1 if success, 0 if error + */ +int wolfSSL_EC_KEY_set_public_key(WOLFSSL_EC_KEY *key, + const WOLFSSL_EC_POINT *pub) +{ + ecc_point *pub_p, *key_p; - if (key->inSet == 0) { - if (SetECKeyInternal(key) < 0) { - WOLFSSL_MSG("SetECKeyInternal failed"); - return 0; - } - } + WOLFSSL_ENTER("wolfSSL_EC_KEY_set_public_key"); - if (pub->inSet == 0) { - if (SetECPointInternal((WOLFSSL_EC_POINT *)pub) < 0) { - WOLFSSL_MSG("SetECPointInternal failed"); - return 0; - } - } + if (key == NULL || key->internal == NULL || + pub == NULL || pub->internal == NULL) { + WOLFSSL_MSG("wolfSSL_EC_GROUP_get_order Bad arguments"); + return SSL_FAILURE; + } - pub_p = (ecc_point*)pub->internal; - key_p = (ecc_point*)key->pub_key->internal; + if (key->inSet == 0) { + if (SetECKeyInternal(key) != SSL_SUCCESS) { + WOLFSSL_MSG("SetECKeyInternal failed"); + return SSL_FAILURE; + } + } - /* create new point if required */ - if (key_p == NULL) - key_p = ecc_new_point(); + if (pub->inSet == 0) { + if (SetECPointInternal((WOLFSSL_EC_POINT *)pub) != SSL_SUCCESS) { + WOLFSSL_MSG("SetECPointInternal failed"); + return SSL_FAILURE; + } + } - if (key_p == NULL) { - WOLFSSL_MSG("key ecc point NULL"); - return 0; - } + pub_p = (ecc_point*)pub->internal; + key_p = (ecc_point*)key->pub_key->internal; - if (ecc_copy_point(pub_p, key_p) != 1) { - WOLFSSL_MSG("ecc_copy_point failure"); - return 0; - } + /* create new point if required */ + if (key_p == NULL) + key_p = ecc_new_point(); - if (SetECKeyExternal(key) < 0) { - WOLFSSL_MSG("SetECKeyInternal failed"); - return 0; - } + if (key_p == NULL) { + WOLFSSL_MSG("key ecc point NULL"); + return SSL_FAILURE; + } + + if (ecc_copy_point(pub_p, key_p) != MP_OKAY) { + WOLFSSL_MSG("ecc_copy_point failure"); + return SSL_FAILURE; + } + + if (SetECKeyExternal(key) != SSL_SUCCESS) { + WOLFSSL_MSG("SetECKeyInternal failed"); + return SSL_FAILURE; + } #ifdef DEBUG_WOLFSSL - wolfssl_EC_POINT_dump("pub", pub); - wolfssl_EC_POINT_dump("key->pub_key", key->pub_key); + wolfssl_EC_POINT_dump("pub", pub); + wolfssl_EC_POINT_dump("key->pub_key", key->pub_key); #endif - return 1; + return SSL_SUCCESS; } /* End EC_KEY */ @@ -13665,415 +13778,452 @@ int wolfSSL_EC_KEY_set_public_key(WOLFSSL_EC_KEY *key, const WOLFSSL_EC_POINT *p #ifdef DEBUG_WOLFSSL void wolfssl_EC_POINT_dump(const char *msg, const WOLFSSL_EC_POINT *p) { - char *num; + char *num; - WOLFSSL_ENTER("wolfssl_EC_POINT_dump"); + WOLFSSL_ENTER("wolfssl_EC_POINT_dump"); - if (p == NULL) { - fprintf(stderr, "%s = NULL", msg); - return ; - } + if (p == NULL) { + fprintf(stderr, "%s = NULL", msg); + return ; + } - fprintf(stderr, "%s:\n\tinSet=%d, exSet=%d\n", msg, p->inSet, p->exSet); - num = wolfSSL_BN_bn2hex(p->X); - fprintf(stderr, "\tX = %s\n", num); - XFREE(num, NULL, DYNAMIC_TYPE_ECC); - num = wolfSSL_BN_bn2hex(p->Y); - fprintf(stderr, "\tY = %s\n", num); - XFREE(num, NULL, DYNAMIC_TYPE_ECC); + fprintf(stderr, "%s:\n\tinSet=%d, exSet=%d\n", msg, p->inSet, p->exSet); + num = wolfSSL_BN_bn2hex(p->X); + fprintf(stderr, "\tX = %s\n", num); + XFREE(num, NULL, DYNAMIC_TYPE_ECC); + num = wolfSSL_BN_bn2hex(p->Y); + fprintf(stderr, "\tY = %s\n", num); + XFREE(num, NULL, DYNAMIC_TYPE_ECC); } #endif /* Start EC_GROUP */ -/* return 0 if equal, 1 if not and -1 in case of error */ -int wolfSSL_EC_GROUP_cmp(const WOLFSSL_EC_GROUP *a, const WOLFSSL_EC_GROUP *b, WOLFSSL_BN_CTX *ctx) +/* return code compliant with OpenSSL : + * 0 if equal, 1 if not and -1 in case of error + */ +int wolfSSL_EC_GROUP_cmp(const WOLFSSL_EC_GROUP *a, const WOLFSSL_EC_GROUP *b, + WOLFSSL_BN_CTX *ctx) { - (void)ctx; + (void)ctx; - WOLFSSL_ENTER("wolfSSL_EC_GROUP_cmp"); + WOLFSSL_ENTER("wolfSSL_EC_GROUP_cmp"); - if (a == NULL || b == NULL) { - WOLFSSL_MSG("wolfSSL_EC_GROUP_cmp Bad arguments"); - return -1; - } + if (a == NULL || b == NULL) { + WOLFSSL_MSG("wolfSSL_EC_GROUP_cmp Bad arguments"); + return SSL_FATAL_ERROR; + } - /* ok */ - if ((a->curve_idx == b->curve_idx) && (a->curve_nid == b->curve_nid)) - return 0; + /* ok */ + if ((a->curve_idx == b->curve_idx) && (a->curve_nid == b->curve_nid)) + return 0; - /* ko */ - return 1; + /* ko */ + return 1; } void wolfSSL_EC_GROUP_free(WOLFSSL_EC_GROUP *group) { - WOLFSSL_ENTER("wolfSSL_EC_GROUP_free"); + WOLFSSL_ENTER("wolfSSL_EC_GROUP_free"); - XFREE(group, NULL, DYNAMIC_TYPE_ECC); + XFREE(group, NULL, DYNAMIC_TYPE_ECC); } void wolfSSL_EC_GROUP_set_asn1_flag(WOLFSSL_EC_GROUP *group, int flag) { - (void)group; - (void)flag; + (void)group; + (void)flag; - WOLFSSL_ENTER("wolfSSL_EC_GROUP_set_asn1_flag"); - WOLFSSL_MSG("wolfSSL_EC_GROUP_set_asn1_flag TBD"); + WOLFSSL_ENTER("wolfSSL_EC_GROUP_set_asn1_flag"); + WOLFSSL_MSG("wolfSSL_EC_GROUP_set_asn1_flag TBD"); } WOLFSSL_EC_GROUP *wolfSSL_EC_GROUP_new_by_curve_name(int nid) { - WOLFSSL_EC_GROUP *g; - int x; + WOLFSSL_EC_GROUP *g; + int x; - WOLFSSL_ENTER("wolfSSL_EC_GROUP_new_by_curve_name"); + WOLFSSL_ENTER("wolfSSL_EC_GROUP_new_by_curve_name"); - /* curve group */ - g = (WOLFSSL_EC_GROUP*) XMALLOC(sizeof(WOLFSSL_EC_GROUP), NULL, DYNAMIC_TYPE_ECC); - if (g == NULL) { - WOLFSSL_MSG("wolfSSL_EC_GROUP_new_by_curve_name malloc failure"); - return NULL; - } - XMEMSET(g, 0, sizeof(WOLFSSL_EC_GROUP)); + /* curve group */ + g = (WOLFSSL_EC_GROUP*) XMALLOC(sizeof(WOLFSSL_EC_GROUP), NULL, + DYNAMIC_TYPE_ECC); + if (g == NULL) { + WOLFSSL_MSG("wolfSSL_EC_GROUP_new_by_curve_name malloc failure"); + return NULL; + } + XMEMSET(g, 0, sizeof(WOLFSSL_EC_GROUP)); - /* set the nid of the curve */ - g->curve_nid = nid; + /* set the nid of the curve */ + g->curve_nid = nid; - /* search and set the corresponding internal curve idx */ - for (x = 0; ecc_sets[x].size != 0; x++) - if (ecc_sets[x].nid == g->curve_nid) { - g->curve_idx = x; - break; - } + /* search and set the corresponding internal curve idx */ + for (x = 0; ecc_sets[x].size != 0; x++) + if (ecc_sets[x].nid == g->curve_nid) { + g->curve_idx = x; + break; + } - return g; + return g; } +/* return code compliant with OpenSSL : + * the curve nid if success, 0 if error + */ int wolfSSL_EC_GROUP_get_curve_name(const WOLFSSL_EC_GROUP *group) { - WOLFSSL_ENTER("wolfSSL_EC_GROUP_get_curve_name"); + WOLFSSL_ENTER("wolfSSL_EC_GROUP_get_curve_name"); - if (group == NULL) { - WOLFSSL_MSG("wolfSSL_EC_GROUP_get_curve_name Bad arguments"); - return -1; - } + if (group == NULL) { + WOLFSSL_MSG("wolfSSL_EC_GROUP_get_curve_name Bad arguments"); + return SSL_FAILURE; + } - return group->curve_nid; + return group->curve_nid; } +/* return code compliant with OpenSSL : + * the degree of the curve if success, 0 if error + */ int wolfSSL_EC_GROUP_get_degree(const WOLFSSL_EC_GROUP *group) { - WOLFSSL_ENTER("wolfSSL_EC_GROUP_get_degree"); + WOLFSSL_ENTER("wolfSSL_EC_GROUP_get_degree"); - if (group == NULL || group->curve_idx < 0) { - WOLFSSL_MSG("wolfSSL_EC_GROUP_get_degree Bad arguments"); - return 0; - } + if (group == NULL || group->curve_idx < 0) { + WOLFSSL_MSG("wolfSSL_EC_GROUP_get_degree Bad arguments"); + return SSL_FAILURE; + } - switch(group->curve_nid) { - case NID_X9_62_prime256v1: - return 256; - break; - case NID_secp384r1: - return 384; - break; - case NID_secp521r1: - return 521; - break; - default : - return 0; - break; - } + switch(group->curve_nid) { + case NID_X9_62_prime256v1: + return 256; + break; + case NID_secp384r1: + return 384; + break; + case NID_secp521r1: + return 521; + break; + default : + return SSL_FAILURE; + break; + } - return 0; + return SSL_FAILURE; } -int wolfSSL_EC_GROUP_get_order(const WOLFSSL_EC_GROUP *group, WOLFSSL_BIGNUM *order, WOLFSSL_BN_CTX *ctx) +/* return code compliant with OpenSSL : + * 1 if success, 0 if error + */ +int wolfSSL_EC_GROUP_get_order(const WOLFSSL_EC_GROUP *group, + WOLFSSL_BIGNUM *order, WOLFSSL_BN_CTX *ctx) { - (void)ctx; + (void)ctx; - if (group == NULL || order == NULL || order->internal == NULL) { - WOLFSSL_MSG("wolfSSL_EC_GROUP_get_order NULL error"); - return SSL_FATAL_ERROR; - } + if (group == NULL || order == NULL || order->internal == NULL) { + WOLFSSL_MSG("wolfSSL_EC_GROUP_get_order NULL error"); + return SSL_FAILURE; + } - if (mp_init(order->internal) != MP_OKAY) { - WOLFSSL_MSG("wolfSSL_EC_GROUP_get_order mp_init failure"); - return 0; - } + if (mp_init(order->internal) != MP_OKAY) { + WOLFSSL_MSG("wolfSSL_EC_GROUP_get_order mp_init failure"); + return SSL_FAILURE; + } - if (mp_read_radix(order->internal, ecc_sets[group->curve_idx].order, 16) != MP_OKAY) { - WOLFSSL_MSG("wolfSSL_EC_GROUP_get_order mp_read order failure"); - mp_clear(order->internal); - return 0; - } + if (mp_read_radix(order->internal, ecc_sets[group->curve_idx].order, + 16) != MP_OKAY) { + WOLFSSL_MSG("wolfSSL_EC_GROUP_get_order mp_read order failure"); + mp_clear(order->internal); + return SSL_FAILURE; + } - return 1; + return SSL_SUCCESS; } /* End EC_GROUP */ /* Start EC_POINT */ -int wolfSSL_ECPoint_i2d(const WOLFSSL_EC_GROUP *group, const WOLFSSL_EC_POINT *p, unsigned char *out, unsigned int *len) +/* return code compliant with OpenSSL : + * 1 if success, 0 if error + */ +int wolfSSL_ECPoint_i2d(const WOLFSSL_EC_GROUP *group, + const WOLFSSL_EC_POINT *p, + unsigned char *out, unsigned int *len) { - int err; + int err; - WOLFSSL_ENTER("wolfSSL_ECPoint_i2d"); + WOLFSSL_ENTER("wolfSSL_ECPoint_i2d"); - if (group == NULL || p == NULL || len == NULL) { - WOLFSSL_MSG("wolfSSL_ECPoint_i2d NULL error"); - return 0; - } + if (group == NULL || p == NULL || len == NULL) { + WOLFSSL_MSG("wolfSSL_ECPoint_i2d NULL error"); + return SSL_FAILURE; + } - if (p->inSet == 0) { - WOLFSSL_MSG("No ECPoint internal set, do it"); + if (p->inSet == 0) { + WOLFSSL_MSG("No ECPoint internal set, do it"); - if (SetECPointInternal((WOLFSSL_EC_POINT *)p) < 0) { - WOLFSSL_MSG("SetECPointInternal SetECPointInternal failed"); - return 0; - } - } + if (SetECPointInternal((WOLFSSL_EC_POINT *)p) != SSL_SUCCESS) { + WOLFSSL_MSG("SetECPointInternal SetECPointInternal failed"); + return SSL_FAILURE; + } + } #ifdef DEBUG_WOLFSSL - if (out != NULL) - wolfssl_EC_POINT_dump("i2d p", p); + if (out != NULL) + wolfssl_EC_POINT_dump("i2d p", p); #endif - err = wc_ecc_export_point_der(group->curve_idx, p->internal, out, len); - if (err != MP_OKAY && !(out == NULL && err == LENGTH_ONLY_E)) { - WOLFSSL_MSG("wolfSSL_ECPoint_i2d wc_ecc_export_point_der failed"); - return 0; - } + err = wc_ecc_export_point_der(group->curve_idx, p->internal, out, len); + if (err != MP_OKAY && !(out == NULL && err == LENGTH_ONLY_E)) { + WOLFSSL_MSG("wolfSSL_ECPoint_i2d wc_ecc_export_point_der failed"); + return SSL_FAILURE; + } - return 1; + return SSL_SUCCESS; } -int wolfSSL_ECPoint_d2i(unsigned char *in, unsigned int len, const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *p) +/* return code compliant with OpenSSL : + * 1 if success, 0 if error + */ +int wolfSSL_ECPoint_d2i(unsigned char *in, unsigned int len, + const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *p) { - WOLFSSL_ENTER("wolfSSL_ECPoint_d2i"); + WOLFSSL_ENTER("wolfSSL_ECPoint_d2i"); - if (group == NULL || p == NULL || p->internal == NULL || in == NULL) { - WOLFSSL_MSG("wolfSSL_ECPoint_d2i NULL error"); - return 0; - } + if (group == NULL || p == NULL || p->internal == NULL || in == NULL) { + WOLFSSL_MSG("wolfSSL_ECPoint_d2i NULL error"); + return SSL_FAILURE; + } - if (wc_ecc_import_point_der(in, len, group->curve_idx, p->internal) != MP_OKAY) { - WOLFSSL_MSG("wc_ecc_import_point_der failed"); - return 0; - } + if (wc_ecc_import_point_der(in, len, group->curve_idx, + p->internal) != MP_OKAY) { + WOLFSSL_MSG("wc_ecc_import_point_der failed"); + return SSL_FAILURE; + } - if (p->exSet == 0) { - WOLFSSL_MSG("No ECPoint external set, do it"); + if (p->exSet == 0) { + WOLFSSL_MSG("No ECPoint external set, do it"); - if (SetECPointExternal(p) < 0) { - WOLFSSL_MSG("SetECPointExternal failed"); - return 0; - } - } + if (SetECPointExternal(p) != SSL_SUCCESS) { + WOLFSSL_MSG("SetECPointExternal failed"); + return SSL_FAILURE; + } + } #ifdef DEBUG_WOLFSSL - wolfssl_EC_POINT_dump("d2i p", p); + wolfssl_EC_POINT_dump("d2i p", p); #endif - return 1; + return SSL_SUCCESS; } WOLFSSL_EC_POINT *wolfSSL_EC_POINT_new(const WOLFSSL_EC_GROUP *group) { - WOLFSSL_EC_POINT *p; + WOLFSSL_EC_POINT *p; - WOLFSSL_ENTER("wolfSSL_EC_POINT_new"); + WOLFSSL_ENTER("wolfSSL_EC_POINT_new"); - if (group == NULL) { - WOLFSSL_MSG("wolfSSL_EC_POINT_new NULL error"); - return NULL; - } + if (group == NULL) { + WOLFSSL_MSG("wolfSSL_EC_POINT_new NULL error"); + return NULL; + } - p = (WOLFSSL_EC_POINT *)XMALLOC(sizeof(WOLFSSL_EC_POINT), NULL, DYNAMIC_TYPE_ECC); - if (p == NULL) { - WOLFSSL_MSG("wolfSSL_EC_POINT_new malloc ecc point failure"); - return NULL; - } - XMEMSET(p, 0, sizeof(WOLFSSL_EC_POINT)); + p = (WOLFSSL_EC_POINT *)XMALLOC(sizeof(WOLFSSL_EC_POINT), NULL, + DYNAMIC_TYPE_ECC); + if (p == NULL) { + WOLFSSL_MSG("wolfSSL_EC_POINT_new malloc ecc point failure"); + return NULL; + } + XMEMSET(p, 0, sizeof(WOLFSSL_EC_POINT)); - p->internal = ecc_new_point(); - if (p->internal == NULL) { - WOLFSSL_MSG("ecc_new_point failure"); - return NULL; - } -/* - if (SetECPointExternal(p) < 0) { - WOLFSSL_MSG("SetECPointExternal failed"); - return NULL; - } -*/ - return p; + p->internal = ecc_new_point(); + if (p->internal == NULL) { + WOLFSSL_MSG("ecc_new_point failure"); + return NULL; + } + + return p; } -int wolfSSL_EC_POINT_get_affine_coordinates_GFp(const WOLFSSL_EC_GROUP *group, const WOLFSSL_EC_POINT *point, - WOLFSSL_BIGNUM *x, WOLFSSL_BIGNUM *y, WOLFSSL_BN_CTX *ctx) +/* return code compliant with OpenSSL : + * 1 if success, 0 if error + */ +int wolfSSL_EC_POINT_get_affine_coordinates_GFp(const WOLFSSL_EC_GROUP *group, + const WOLFSSL_EC_POINT *point, + WOLFSSL_BIGNUM *x, + WOLFSSL_BIGNUM *y, + WOLFSSL_BN_CTX *ctx) { - (void)ctx; + (void)ctx; - WOLFSSL_ENTER("wolfSSL_EC_POINT_get_affine_coordinates_GFp"); + WOLFSSL_ENTER("wolfSSL_EC_POINT_get_affine_coordinates_GFp"); - if (group == NULL || point == NULL || point->internal == NULL || x == NULL || y == NULL) { - WOLFSSL_MSG("wolfSSL_EC_POINT_get_affine_coordinates_GFp NULL error"); - return 0; - } + if (group == NULL || point == NULL || point->internal == NULL || + x == NULL || y == NULL) { + WOLFSSL_MSG("wolfSSL_EC_POINT_get_affine_coordinates_GFp NULL error"); + return SSL_FAILURE; + } - if (point->inSet == 0) { - WOLFSSL_MSG("No ECPoint internal set, do it"); + if (point->inSet == 0) { + WOLFSSL_MSG("No ECPoint internal set, do it"); - if (SetECPointInternal((WOLFSSL_EC_POINT *)point) < 0) { - WOLFSSL_MSG("SetECPointInternal failed"); - return 0; - } - } + if (SetECPointInternal((WOLFSSL_EC_POINT *)point) != SSL_SUCCESS) { + WOLFSSL_MSG("SetECPointInternal failed"); + return SSL_FAILURE; + } + } - BN_copy(x, point->X); - BN_copy(y, point->Y); + BN_copy(x, point->X); + BN_copy(y, point->Y); - /* - if (mp_copy((mp_int*)p->x, (mp_int*)x->internal) != MP_OKAY) { - WOLFSSL_MSG("mp_copy error"); - return 0; - } - - if (mp_copy((mp_int*)p->y, (mp_int*)y->internal) != MP_OKAY) { - WOLFSSL_MSG("mp_copy error"); - return 0; - }*/ - - return 1; + return SSL_SUCCESS; } -int wolfSSL_EC_POINT_mul(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r, const WOLFSSL_BIGNUM *n, - const WOLFSSL_EC_POINT *q, const WOLFSSL_BIGNUM *m, WOLFSSL_BN_CTX *ctx) +/* return code compliant with OpenSSL : + * 1 if success, 0 if error + */ +int wolfSSL_EC_POINT_mul(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r, + const WOLFSSL_BIGNUM *n, const WOLFSSL_EC_POINT *q, + const WOLFSSL_BIGNUM *m, WOLFSSL_BN_CTX *ctx) { - (void)ctx; - (void)n; + (void)ctx; + (void)n; - mp_int prime; + mp_int prime; - WOLFSSL_ENTER("wolfSSL_EC_POINT_mul"); + WOLFSSL_ENTER("wolfSSL_EC_POINT_mul"); - if (group == NULL || r == NULL || r->internal == NULL || q == NULL || q->internal == NULL || m == NULL) { - WOLFSSL_MSG("wolfSSL_EC_POINT_mul NULL error"); - return 0; - } + if (group == NULL || r == NULL || r->internal == NULL || + q == NULL || q->internal == NULL || m == NULL) { + WOLFSSL_MSG("wolfSSL_EC_POINT_mul NULL error"); + return SSL_FAILURE; + } - if (q->inSet == 0) { - WOLFSSL_MSG("No ECPoint internal set, do it"); + if (q->inSet == 0) { + WOLFSSL_MSG("No ECPoint internal set, do it"); - if (SetECPointInternal((WOLFSSL_EC_POINT *)q) < 0) { - WOLFSSL_MSG("SetECPointInternal failed"); - return 0; - } - } + if (SetECPointInternal((WOLFSSL_EC_POINT *)q) != SSL_SUCCESS) { + WOLFSSL_MSG("SetECPointInternal failed"); + return SSL_FAILURE; + } + } - /* compute the prime value of the curve */ - if (mp_init(&prime) != MP_OKAY) { - WOLFSSL_MSG("wolfSSL_EC_POINT_mul init BN failed"); - return 0; - } + /* compute the prime value of the curve */ + if (mp_init(&prime) != MP_OKAY) { + WOLFSSL_MSG("wolfSSL_EC_POINT_mul init BN failed"); + return SSL_FAILURE; + } - if (mp_read_radix(&prime, ecc_sets[group->curve_idx].prime, 16) != MP_OKAY) { - WOLFSSL_MSG("wolfSSL_EC_POINT_mul read prime curve value failed"); - return 0; - } + if (mp_read_radix(&prime, ecc_sets[group->curve_idx].prime, 16) != MP_OKAY){ + WOLFSSL_MSG("wolfSSL_EC_POINT_mul read prime curve value failed"); + return SSL_FAILURE; + } - /* r = q * m % prime */ - if (ecc_mulmod((mp_int*)m->internal, (ecc_point*)q->internal, (ecc_point*)r->internal, &prime, 1) != MP_OKAY) { - WOLFSSL_MSG("ecc_mulmod failure"); - mp_clear(&prime); - return 0; - } + /* r = q * m % prime */ + if (ecc_mulmod((mp_int*)m->internal, (ecc_point*)q->internal, + (ecc_point*)r->internal, &prime, 1) != MP_OKAY) { + WOLFSSL_MSG("ecc_mulmod failure"); + mp_clear(&prime); + return SSL_FAILURE; + } - mp_clear(&prime); + mp_clear(&prime); - /* set the external value for the computed point */ - if (SetECPointInternal(r) < 0) { - WOLFSSL_MSG("SetECPointInternal failed"); - return 0; - } + /* set the external value for the computed point */ + if (SetECPointInternal(r) != SSL_SUCCESS) { + WOLFSSL_MSG("SetECPointInternal failed"); + return SSL_FAILURE; + } - return 1; + return SSL_SUCCESS; } void wolfSSL_EC_POINT_clear_free(WOLFSSL_EC_POINT *p) { - WOLFSSL_ENTER("wolfSSL_EC_POINT_clear_free"); + WOLFSSL_ENTER("wolfSSL_EC_POINT_clear_free"); - return wolfSSL_EC_POINT_free(p); + wolfSSL_EC_POINT_free(p); } -/* return 0 if equal, 1 if not and -1 in case of error */ -int wolfSSL_EC_POINT_cmp(const WOLFSSL_EC_GROUP *group, const WOLFSSL_EC_POINT *a, - const WOLFSSL_EC_POINT *b, WOLFSSL_BN_CTX *ctx) +/* return code compliant with OpenSSL : + * 0 if equal, 1 if not and -1 in case of error + */ +int wolfSSL_EC_POINT_cmp(const WOLFSSL_EC_GROUP *group, + const WOLFSSL_EC_POINT *a, const WOLFSSL_EC_POINT *b, + WOLFSSL_BN_CTX *ctx) { - (void)ctx; + (void)ctx; + int ret; + + WOLFSSL_ENTER("wolfSSL_EC_POINT_cmp"); - WOLFSSL_ENTER("wolfSSL_EC_POINT_cmp"); + if (group == NULL || a == NULL || a->internal == NULL || b == NULL || + b->internal == NULL) { + WOLFSSL_MSG("wolfSSL_EC_POINT_cmp Bad arguments"); + return SSL_FATAL_ERROR; + } - if (group == NULL || a == NULL || a->internal == NULL || b == NULL || b->internal == NULL) { - WOLFSSL_MSG("wolfSSL_EC_POINT_cmp Bad arguments"); - return -1; - } + ret = ecc_cmp_point((ecc_point*)a->internal, (ecc_point*)b->internal); + if (ret == MP_EQ) + return 0; + else if (ret == MP_LT || ret == MP_GT) + return 1; - return ecc_cmp_point((ecc_point*)a->internal, (ecc_point*)b->internal); + return SSL_FATAL_ERROR; } void wolfSSL_EC_POINT_free(WOLFSSL_EC_POINT *p) { - WOLFSSL_ENTER("wolfSSL_EC_POINT_free"); + WOLFSSL_ENTER("wolfSSL_EC_POINT_free"); - if (p != NULL) { - if (p->internal == NULL) { - ecc_del_point((ecc_point*)p->internal); - XFREE(p->internal, NULL, DYNAMIC_TYPE_ECC); - p->internal = NULL; - } + if (p != NULL) { + if (p->internal == NULL) { + ecc_del_point((ecc_point*)p->internal); + XFREE(p->internal, NULL, DYNAMIC_TYPE_ECC); + p->internal = NULL; + } - wolfSSL_BN_free(p->X); - wolfSSL_BN_free(p->Y); - wolfSSL_BN_free(p->Z); - p->X = NULL; - p->Y = NULL; - p->Z = NULL; - p->inSet = p->exSet = 0; + wolfSSL_BN_free(p->X); + wolfSSL_BN_free(p->Y); + wolfSSL_BN_free(p->Z); + p->X = NULL; + p->Y = NULL; + p->Z = NULL; + p->inSet = p->exSet = 0; - XFREE(p, NULL, DYNAMIC_TYPE_ECC); - p = NULL; - } + XFREE(p, NULL, DYNAMIC_TYPE_ECC); + p = NULL; + } } - -int wolfSSL_EC_POINT_is_at_infinity(const WOLFSSL_EC_GROUP *group, const WOLFSSL_EC_POINT *point) +/* return code compliant with OpenSSL : + * 1 if point at infinity, 0 else + */ +int wolfSSL_EC_POINT_is_at_infinity(const WOLFSSL_EC_GROUP *group, + const WOLFSSL_EC_POINT *point) { - int ret; + int ret; - WOLFSSL_ENTER("wolfSSL_EC_POINT_is_at_infinity"); + WOLFSSL_ENTER("wolfSSL_EC_POINT_is_at_infinity"); - if (group == NULL || point == NULL || point->internal == NULL) { - WOLFSSL_MSG("wolfSSL_EC_POINT_is_at_infinity NULL error"); - return -1; - } - if (point->inSet == 0) { - WOLFSSL_MSG("No ECPoint internal set, do it"); + if (group == NULL || point == NULL || point->internal == NULL) { + WOLFSSL_MSG("wolfSSL_EC_POINT_is_at_infinity NULL error"); + return SSL_FAILURE; + } + if (point->inSet == 0) { + WOLFSSL_MSG("No ECPoint internal set, do it"); - if (SetECPointInternal((WOLFSSL_EC_POINT *)point) < 0) { - WOLFSSL_MSG("SetECPointInternal failed"); - return -1; - } - } + if (SetECPointInternal((WOLFSSL_EC_POINT *)point) != SSL_SUCCESS) { + WOLFSSL_MSG("SetECPointInternal failed"); + return SSL_FAILURE; + } + } - ret = ecc_point_is_at_infinity(point->internal); - if (ret < 0) { - WOLFSSL_MSG("ecc_point_is_at_infinity failure"); - return -1; - } + ret = ecc_point_is_at_infinity(point->internal); + if (ret <= 0) { + WOLFSSL_MSG("ecc_point_is_at_infinity failure"); + return SSL_FAILURE; + } - return ret; + return SSL_SUCCESS; } /* End EC_POINT */ @@ -14081,209 +14231,229 @@ int wolfSSL_EC_POINT_is_at_infinity(const WOLFSSL_EC_GROUP *group, const WOLFSSL /* Start ECDSA_SIG */ void wolfSSL_ECDSA_SIG_free(WOLFSSL_ECDSA_SIG *sig) { - WOLFSSL_ENTER("wolfSSL_ECDSA_SIG_free"); + WOLFSSL_ENTER("wolfSSL_ECDSA_SIG_free"); - if (sig) { - wolfSSL_BN_free(sig->r); - wolfSSL_BN_free(sig->s); + if (sig) { + wolfSSL_BN_free(sig->r); + wolfSSL_BN_free(sig->s); - XFREE(sig, NULL, DYNAMIC_TYPE_ECC); - } + XFREE(sig, NULL, DYNAMIC_TYPE_ECC); + } } WOLFSSL_ECDSA_SIG *wolfSSL_ECDSA_SIG_new(void) { - WOLFSSL_ECDSA_SIG *sig; + WOLFSSL_ECDSA_SIG *sig; - WOLFSSL_ENTER("wolfSSL_ECDSA_SIG_new"); + WOLFSSL_ENTER("wolfSSL_ECDSA_SIG_new"); - sig = (WOLFSSL_ECDSA_SIG*) XMALLOC(sizeof(WOLFSSL_ECDSA_SIG), NULL, DYNAMIC_TYPE_ECC); - if (sig == NULL) { - WOLFSSL_MSG("wolfSSL_ECDSA_SIG_new malloc ECDSA signature failure"); - return NULL; - } + sig = (WOLFSSL_ECDSA_SIG*) XMALLOC(sizeof(WOLFSSL_ECDSA_SIG), NULL, + DYNAMIC_TYPE_ECC); + if (sig == NULL) { + WOLFSSL_MSG("wolfSSL_ECDSA_SIG_new malloc ECDSA signature failure"); + return NULL; + } - sig->r = wolfSSL_BN_new(); - if (sig->r == NULL) { - WOLFSSL_MSG("wolfSSL_ECDSA_SIG_new malloc ECDSA r failure"); - wolfSSL_ECDSA_SIG_free(sig); - return NULL; - } + sig->r = wolfSSL_BN_new(); + if (sig->r == NULL) { + WOLFSSL_MSG("wolfSSL_ECDSA_SIG_new malloc ECDSA r failure"); + wolfSSL_ECDSA_SIG_free(sig); + return NULL; + } - sig->s = wolfSSL_BN_new(); - if (sig->s == NULL) { - WOLFSSL_MSG("wolfSSL_ECDSA_SIG_new malloc ECDSA s failure"); - wolfSSL_ECDSA_SIG_free(sig); - return NULL; - } + sig->s = wolfSSL_BN_new(); + if (sig->s == NULL) { + WOLFSSL_MSG("wolfSSL_ECDSA_SIG_new malloc ECDSA s failure"); + wolfSSL_ECDSA_SIG_free(sig); + return NULL; + } - return sig; + return sig; } /* return signature structure on success, NULL otherwise */ -WOLFSSL_ECDSA_SIG *wolfSSL_ECDSA_do_sign(const unsigned char *d, int dlen, WOLFSSL_EC_KEY *key) +WOLFSSL_ECDSA_SIG *wolfSSL_ECDSA_do_sign(const unsigned char *d, int dlen, + WOLFSSL_EC_KEY *key) { - WOLFSSL_ECDSA_SIG *sig = NULL; - int initTmpRng = 0; - RNG* rng = NULL; + WOLFSSL_ECDSA_SIG *sig = NULL; + int initTmpRng = 0; + RNG* rng = NULL; #ifdef WOLFSSL_SMALL_STACK - RNG* tmpRNG = NULL; + RNG* tmpRNG = NULL; #else - RNG tmpRNG[1]; + RNG tmpRNG[1]; #endif - WOLFSSL_ENTER("wolfSSL_ECDSA_do_sign"); + WOLFSSL_ENTER("wolfSSL_ECDSA_do_sign"); - if (d == NULL || key == NULL || key->internal == NULL) { - WOLFSSL_MSG("wolfSSL_ECDSA_do_sign Bad arguments"); - return NULL; - } + if (d == NULL || key == NULL || key->internal == NULL) { + WOLFSSL_MSG("wolfSSL_ECDSA_do_sign Bad arguments"); + return NULL; + } - /* set internal key if not done */ - if (key->inSet == 0) - { - WOLFSSL_MSG("wolfSSL_ECDSA_do_sign No EC key internal set, do it"); + /* set internal key if not done */ + if (key->inSet == 0) + { + WOLFSSL_MSG("wolfSSL_ECDSA_do_sign No EC key internal set, do it"); - if (SetECKeyInternal(key) < 0) { - WOLFSSL_MSG("wolfSSL_ECDSA_do_sign SetECKeyInternal failed"); - return NULL; - } - } + if (SetECKeyInternal(key) != SSL_SUCCESS) { + WOLFSSL_MSG("wolfSSL_ECDSA_do_sign SetECKeyInternal failed"); + return NULL; + } + } #ifdef WOLFSSL_SMALL_STACK - tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (tmpRNG == NULL) - return NULL; + tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (tmpRNG == NULL) + return NULL; #endif - if (wc_InitRng(tmpRNG) == 0) { - rng = tmpRNG; - initTmpRng = 1; - } - else { - WOLFSSL_MSG("wolfSSL_ECDSA_do_sign Bad RNG Init, trying global"); - if (initGlobalRNG == 0) - WOLFSSL_MSG("wolfSSL_ECDSA_do_sign Global RNG no Init"); - else - rng = &globalRNG; - } + if (wc_InitRng(tmpRNG) == 0) { + rng = tmpRNG; + initTmpRng = 1; + } + else { + WOLFSSL_MSG("wolfSSL_ECDSA_do_sign Bad RNG Init, trying global"); + if (initGlobalRNG == 0) + WOLFSSL_MSG("wolfSSL_ECDSA_do_sign Global RNG no Init"); + else + rng = &globalRNG; + } - if (rng) { - mp_int sig_r, sig_s; + if (rng) { + mp_int sig_r, sig_s; - if (mp_init_multi(&sig_r, &sig_s, NULL, NULL, NULL, NULL) == MP_OKAY) { - if (wc_ecc_sign_hash_ex(d, dlen, rng, (ecc_key*)key->internal, &sig_r, &sig_s) != MP_OKAY) - WOLFSSL_MSG("wc_ecc_sign_hash_ex failed"); - else { - /* put signature blob in ECDSA structure */ - sig = wolfSSL_ECDSA_SIG_new(); - if (sig == NULL) - WOLFSSL_MSG("wolfSSL_ECDSA_SIG_new failed"); - else if (SetIndividualExternal(&(sig->r), &sig_r) < 0) { - WOLFSSL_MSG("ecdsa r key error"); - wolfSSL_ECDSA_SIG_free(sig); - } - else if (SetIndividualExternal(&(sig->s), &sig_s) < 0) { - WOLFSSL_MSG("ecdsa s key error"); - wolfSSL_ECDSA_SIG_free(sig); - } + if (mp_init_multi(&sig_r, &sig_s, NULL, NULL, NULL, NULL) == MP_OKAY) { + if (wc_ecc_sign_hash_ex(d, dlen, rng, (ecc_key*)key->internal, + &sig_r, &sig_s) != MP_OKAY) { + WOLFSSL_MSG("wc_ecc_sign_hash_ex failed"); + } + else { + /* put signature blob in ECDSA structure */ + sig = wolfSSL_ECDSA_SIG_new(); + if (sig == NULL) + WOLFSSL_MSG("wolfSSL_ECDSA_SIG_new failed"); + else if (SetIndividualExternal(&(sig->r), &sig_r)!=SSL_SUCCESS){ + WOLFSSL_MSG("ecdsa r key error"); + wolfSSL_ECDSA_SIG_free(sig); + } + else if (SetIndividualExternal(&(sig->s), &sig_s)!=SSL_SUCCESS){ + WOLFSSL_MSG("ecdsa s key error"); + wolfSSL_ECDSA_SIG_free(sig); + } - mp_clear(&sig_r); - mp_clear(&sig_s); - } - } - } + mp_clear(&sig_r); + mp_clear(&sig_s); + } + } + } - if (initTmpRng) - wc_FreeRng(tmpRNG); + if (initTmpRng) + wc_FreeRng(tmpRNG); #ifdef WOLFSSL_SMALL_STACK - XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif - return sig; + return sig; } -int wolfSSL_ECDSA_do_verify(const unsigned char *d, int dlen, const WOLFSSL_ECDSA_SIG *sig, WOLFSSL_EC_KEY *key) +/* return code compliant with OpenSSL : + * 1 for a valid signature, 0 for an invalid signature and -1 on error + */ +int wolfSSL_ECDSA_do_verify(const unsigned char *d, int dlen, + const WOLFSSL_ECDSA_SIG *sig, WOLFSSL_EC_KEY *key) { - int check_sign = 0; + int check_sign = 0; - WOLFSSL_ENTER("wolfSSL_ECDSA_do_verify"); + WOLFSSL_ENTER("wolfSSL_ECDSA_do_verify"); - if (d == NULL || sig == NULL || key == NULL || key->internal == NULL) { - WOLFSSL_MSG("wolfSSL_ECDSA_do_verify Bad arguments"); - return -1; - } + if (d == NULL || sig == NULL || key == NULL || key->internal == NULL) { + WOLFSSL_MSG("wolfSSL_ECDSA_do_verify Bad arguments"); + return SSL_FATAL_ERROR; + } - /* set internal key if not done */ - if (key->inSet == 0) - { - WOLFSSL_MSG("No EC key internal set, do it"); + /* set internal key if not done */ + if (key->inSet == 0) + { + WOLFSSL_MSG("No EC key internal set, do it"); - if (SetECKeyInternal(key) < 0) { - WOLFSSL_MSG("SetECKeyInternal failed"); - return -1; - } - } + if (SetECKeyInternal(key) != SSL_SUCCESS) { + WOLFSSL_MSG("SetECKeyInternal failed"); + return SSL_FATAL_ERROR; + } + } - if (wc_ecc_verify_hash_ex((mp_int*)sig->r->internal, (mp_int*)sig->s->internal, d, dlen, - &check_sign, (ecc_key *)key->internal) != MP_OKAY) { - WOLFSSL_MSG("wc_ecc_verify_hash failed"); - return -1; - } - else if (check_sign == 0) { - WOLFSSL_MSG("wc_ecc_verify_hash incorrect signature detected"); - return 0; - } + if (wc_ecc_verify_hash_ex((mp_int*)sig->r->internal, + (mp_int*)sig->s->internal, d, dlen, &check_sign, + (ecc_key *)key->internal) != MP_OKAY) { + WOLFSSL_MSG("wc_ecc_verify_hash failed"); + return SSL_FATAL_ERROR; + } + else if (check_sign == 0) { + WOLFSSL_MSG("wc_ecc_verify_hash incorrect signature detected"); + return SSL_FAILURE; + } - return 1; + return SSL_SUCCESS; } /* End ECDSA_SIG */ /* Start ECDH */ -int wolfSSL_ECDH_compute_key(void *out, size_t outlen, const WOLFSSL_EC_POINT *pub_key, - WOLFSSL_EC_KEY *ecdh, void *(*KDF) (const void *in, size_t inlen, void *out, size_t *outlen)) +/* return code compliant with OpenSSL : + * length of computed key if success, -1 if error + */ +int wolfSSL_ECDH_compute_key(void *out, size_t outlen, + const WOLFSSL_EC_POINT *pub_key, + WOLFSSL_EC_KEY *ecdh, + void *(*KDF) (const void *in, size_t inlen, + void *out, size_t *outlen)) { - (void)KDF; - word32 len; + (void)KDF; + word32 len; - WOLFSSL_ENTER("wolfSSL_ECDH_compute_key"); + WOLFSSL_ENTER("wolfSSL_ECDH_compute_key"); - if (out == NULL || pub_key == NULL || pub_key->internal == NULL || ecdh == NULL || ecdh->internal == NULL) { - WOLFSSL_MSG("Bad function arguments"); - return 0; - } + if (out == NULL || pub_key == NULL || pub_key->internal == NULL || + ecdh == NULL || ecdh->internal == NULL) { + WOLFSSL_MSG("Bad function arguments"); + return SSL_FATAL_ERROR; + } - /* set internal key if not done */ - if (ecdh->inSet == 0) - { - WOLFSSL_MSG("No EC key internal set, do it"); + /* set internal key if not done */ + if (ecdh->inSet == 0) + { + WOLFSSL_MSG("No EC key internal set, do it"); - if (SetECKeyInternal(ecdh) < 0) { - WOLFSSL_MSG("SetECKeyInternal failed"); - return 0; - } - } + if (SetECKeyInternal(ecdh) != SSL_SUCCESS) { + WOLFSSL_MSG("SetECKeyInternal failed"); + return SSL_FATAL_ERROR; + } + } - len = (word32)outlen; + len = (word32)outlen; - if (wc_ecc_shared_secret_ssh((ecc_key*)ecdh->internal, (ecc_point*)pub_key->internal, (byte *)out, &len) != MP_OKAY) { - WOLFSSL_MSG("wc_ecc_shared_secret failed"); - return 0; - } + if (wc_ecc_shared_secret_ssh((ecc_key*)ecdh->internal, + (ecc_point*)pub_key->internal, + (byte *)out, &len) != MP_OKAY) { + WOLFSSL_MSG("wc_ecc_shared_secret failed"); + return SSL_FATAL_ERROR; + } - return len; + return len; } /* End ECDH */ - +/* return code compliant with OpenSSL : + * 1 if success, 0 if error + */ int wolfSSL_PEM_write_EC_PUBKEY(FILE *fp, WOLFSSL_EC_KEY *x) { - (void)fp; - (void)x; + (void)fp; + (void)x; - WOLFSSL_MSG("wolfSSL_PEM_write_EC_PUBKEY not implemented"); + WOLFSSL_MSG("wolfSSL_PEM_write_EC_PUBKEY not implemented"); - return -1; + return SSL_FAILURE; } @@ -14292,6 +14462,9 @@ int wolfSSL_PEM_write_EC_PUBKEY(FILE *fp, WOLFSSL_EC_KEY *x) #ifndef NO_DSA +/* return code compliant with OpenSSL : + * 1 if success, 0 if error + */ int wolfSSL_PEM_write_bio_DSAPrivateKey(WOLFSSL_BIO* bio, DSA* dsa, const EVP_CIPHER* cipher, unsigned char* passwd, int len, @@ -14307,82 +14480,89 @@ int wolfSSL_PEM_write_bio_DSAPrivateKey(WOLFSSL_BIO* bio, DSA* dsa, WOLFSSL_MSG("wolfSSL_PEM_write_bio_DSAPrivateKey not implemented"); - return SSL_FATAL_ERROR; + return SSL_FAILURE; } - -int wolfSSL_PEM_write_DSAPrivateKey(FILE *fp, WOLFSSL_DSA *dsa, const EVP_CIPHER *enc, - unsigned char *kstr, int klen, - pem_password_cb *cb, void *u) +/* return code compliant with OpenSSL : + * 1 if success, 0 if error + */ +int wolfSSL_PEM_write_DSAPrivateKey(FILE *fp, WOLFSSL_DSA *dsa, + const EVP_CIPHER *enc, + unsigned char *kstr, int klen, + pem_password_cb *cb, void *u) { - (void)enc; - (void)kstr; - (void)klen; - (void)cb; - (void)u; + (void)enc; + (void)kstr; + (void)klen; + (void)cb; + (void)u; - byte *der, *pem; - int derSz = 0, pemSz = 0; + byte *der, *pem; + int derSz = 0, pemSz = 0; - WOLFSSL_MSG("wolfSSL_PEM_write_DSAPrivateKey"); + WOLFSSL_MSG("wolfSSL_PEM_write_DSAPrivateKey"); - if (fp == NULL || dsa == NULL || dsa->internal == NULL || kstr == NULL || klen <= 0) { - WOLFSSL_MSG("Bad function arguments"); - return 0; - } + if (fp == NULL || dsa == NULL || dsa->internal == NULL || + kstr == NULL || klen <= 0) { + WOLFSSL_MSG("Bad function arguments"); + return SSL_FAILURE; + } - if (dsa->inSet == 0) { - WOLFSSL_MSG("No RSA internal set, do it"); + if (dsa->inSet == 0) { + WOLFSSL_MSG("No RSA internal set, do it"); - if (SetDsaInternal(dsa) < 0) { - WOLFSSL_MSG("SetDsaInternal failed"); - return 0; - } - } + if (SetDsaInternal(dsa) != SSL_SUCCESS) { + WOLFSSL_MSG("SetDsaInternal failed"); + return SSL_FAILURE; + } + } - der = (byte*)XMALLOC(klen, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (der == NULL) { - WOLFSSL_MSG("malloc failed"); - return 0; - } + der = (byte*)XMALLOC(klen, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (der == NULL) { + WOLFSSL_MSG("malloc failed"); + return SSL_FAILURE; + } - /* Key to DER */ - derSz = wc_DsaKeyToDer(dsa->internal, der, klen); - if (derSz < 0) { - XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); - return 0; - } + /* Key to DER */ + derSz = wc_DsaKeyToDer(dsa->internal, der, klen); + if (derSz < 0) { + XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return SSL_FAILURE; + } - pemSz = (derSz * 4)/3 + 8; - pem = (byte*)XMALLOC(pemSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (der == NULL) { - WOLFSSL_MSG("malloc failed"); - return 0; - } + pemSz = (derSz * 4)/3 + 8; + pem = (byte*)XMALLOC(pemSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (der == NULL) { + WOLFSSL_MSG("malloc failed"); + return SSL_FAILURE; + } - /* DER to PEM */ - pemSz = wc_DerToPem(der, derSz, pem, pemSz, PRIVATEKEY_TYPE); - if (pemSz <= 0) { - XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); - return 0; - } - XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); + /* DER to PEM */ + pemSz = wc_DerToPem(der, derSz, pem, pemSz, PRIVATEKEY_TYPE); + if (pemSz <= 0) { + XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return SSL_FAILURE; + } + XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); - fwrite(pem, 1, pemSz, fp); + fwrite(pem, 1, pemSz, fp); - XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); - return 1; + XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return SSL_SUCCESS; } +/* return code compliant with OpenSSL : + * 1 if success, 0 if error + */ int wolfSSL_PEM_write_DSA_PUBKEY(FILE *fp, WOLFSSL_DSA *x) { - (void)fp; - (void)x; + (void)fp; + (void)x; - WOLFSSL_MSG("wolfSSL_PEM_write_DSA_PUBKEY not implemented"); + WOLFSSL_MSG("wolfSSL_PEM_write_DSA_PUBKEY not implemented"); - return -1; + return SSL_FAILURE; } #endif /* #ifndef NO_DSA */ @@ -14403,84 +14583,91 @@ WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio, int wolfSSL_EVP_PKEY_type(int type) { - (void)type; + (void)type; - WOLFSSL_MSG("wolfSSL_EVP_PKEY_type not implemented"); + WOLFSSL_MSG("wolfSSL_EVP_PKEY_type not implemented"); - return -1; + return SSL_FATAL_ERROR; } WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_PUBKEY(FILE *fp, EVP_PKEY **x, - pem_password_cb *cb, void *u) + pem_password_cb *cb, void *u) { - (void)fp; - (void)x; - (void)cb; - (void)u; + (void)fp; + (void)x; + (void)cb; + (void)u; - WOLFSSL_MSG("wolfSSL_PEM_read_PUBKEY not implemented"); + WOLFSSL_MSG("wolfSSL_PEM_read_PUBKEY not implemented"); - return NULL; + return NULL; } - -int wolfSSL_PEM_write_ECPrivateKey(FILE *fp, WOLFSSL_EC_KEY *key, const EVP_CIPHER *enc, - unsigned char *kstr, int klen, - pem_password_cb *cb, void *u) +/* return code compliant with OpenSSL : + * 1 if success, 0 if error + */ +int wolfSSL_PEM_write_ECPrivateKey(FILE *fp, WOLFSSL_EC_KEY *key, + const EVP_CIPHER *enc, + unsigned char *kstr, int klen, + pem_password_cb *cb, void *u) { - (void)fp; - (void)key; - (void)enc; - (void)kstr; - (void)klen; - (void)cb; - (void)u; + (void)fp; + (void)key; + (void)enc; + (void)kstr; + (void)klen; + (void)cb; + (void)u; - WOLFSSL_MSG("wolfSSL_PEM_write_ECPrivateKey not implemented"); + WOLFSSL_MSG("wolfSSL_PEM_write_ECPrivateKey not implemented"); - return -1; + return SSL_FAILURE; } #ifndef NO_RSA WOLFSSL_RSA *wolfSSL_PEM_read_RSAPublicKey(FILE *fp, WOLFSSL_RSA **x, - pem_password_cb *cb, void *u) + pem_password_cb *cb, void *u) { - (void)fp; - (void)x; - (void)cb; - (void)u; + (void)fp; + (void)x; + (void)cb; + (void)u; - WOLFSSL_MSG("wolfSSL_PEM_read_RSAPublicKey not implemented"); + WOLFSSL_MSG("wolfSSL_PEM_read_RSAPublicKey not implemented"); - return NULL; + return NULL; } - +/* return code compliant with OpenSSL : + * 1 if success, 0 if error + */ int wolfSSL_PEM_write_RSAPublicKey(FILE *fp, WOLFSSL_RSA *x) { - (void)fp; - (void)x; + (void)fp; + (void)x; - WOLFSSL_MSG("wolfSSL_PEM_write_RSAPublicKey not implemented"); + WOLFSSL_MSG("wolfSSL_PEM_write_RSAPublicKey not implemented"); - return -1; + return SSL_FAILURE; } - +/* return code compliant with OpenSSL : + * 1 if success, 0 if error + */ int wolfSSL_PEM_write_RSA_PUBKEY(FILE *fp, WOLFSSL_RSA *x) { - (void)fp; - (void)x; + (void)fp; + (void)x; - WOLFSSL_MSG("wolfSSL_PEM_write_RSA_PUBKEY not implemented"); + WOLFSSL_MSG("wolfSSL_PEM_write_RSA_PUBKEY not implemented"); - return -1; + return SSL_FAILURE; } -/* Load RSA from Der, SSL_SUCCESS on success < 0 on error */ -int wolfSSL_RSA_LoadDer(WOLFSSL_RSA* rsa, const unsigned char* der, int derSz) +/* return SSL_SUCCESS if success, SSL_FATAL_ERROR if error */ +int wolfSSL_RSA_LoadDer(WOLFSSL_RSA* rsa, const unsigned char* der, int derSz) { word32 idx = 0; int ret; @@ -14489,16 +14676,16 @@ int wolfSSL_RSA_LoadDer(WOLFSSL_RSA* rsa, const unsigned char* der, int derSz) if (rsa == NULL || rsa->internal == NULL || der == NULL || derSz <= 0) { WOLFSSL_MSG("Bad function arguments"); - return BAD_FUNC_ARG; + return SSL_FATAL_ERROR; } ret = wc_RsaPrivateKeyDecode(der, &idx, (RsaKey*)rsa->internal, derSz); if (ret < 0) { WOLFSSL_MSG("RsaPrivateKeyDecode failed"); - return ret; + return SSL_FATAL_ERROR; } - if (SetRsaExternal(rsa) < 0) { + if (SetRsaExternal(rsa) != SSL_SUCCESS) { WOLFSSL_MSG("SetRsaExternal failed"); return SSL_FATAL_ERROR; } @@ -14511,8 +14698,8 @@ int wolfSSL_RSA_LoadDer(WOLFSSL_RSA* rsa, const unsigned char* der, int derSz) #ifndef NO_DSA -/* Load DSA from Der, SSL_SUCCESS on success < 0 on error */ -int wolfSSL_DSA_LoadDer(WOLFSSL_DSA* dsa, const unsigned char* der, int derSz) +/* return SSL_SUCCESS if success, SSL_FATAL_ERROR if error */ +int wolfSSL_DSA_LoadDer(WOLFSSL_DSA* dsa, const unsigned char* der, int derSz) { word32 idx = 0; int ret; @@ -14521,16 +14708,16 @@ int wolfSSL_DSA_LoadDer(WOLFSSL_DSA* dsa, const unsigned char* der, int derSz) if (dsa == NULL || dsa->internal == NULL || der == NULL || derSz <= 0) { WOLFSSL_MSG("Bad function arguments"); - return BAD_FUNC_ARG; + return SSL_FATAL_ERROR; } ret = DsaPrivateKeyDecode(der, &idx, (DsaKey*)dsa->internal, derSz); if (ret < 0) { WOLFSSL_MSG("DsaPrivateKeyDecode failed"); - return ret; + return SSL_FATAL_ERROR; } - if (SetDsaExternal(dsa) < 0) { + if (SetDsaExternal(dsa) != SSL_SUCCESS) { WOLFSSL_MSG("SetDsaExternal failed"); return SSL_FATAL_ERROR; } @@ -14542,33 +14729,34 @@ int wolfSSL_DSA_LoadDer(WOLFSSL_DSA* dsa, const unsigned char* der, int derSz) #endif /* NO_DSA */ #ifdef HAVE_ECC -/* Load EC KEY from Der, SSL_SUCCESS on success < 0 on error */ -int wolfSSL_EC_KEY_LoadDer(WOLFSSL_EC_KEY* key, const unsigned char* der, int derSz) +/* return SSL_SUCCESS if success, SSL_FATAL_ERROR if error */ +int wolfSSL_EC_KEY_LoadDer(WOLFSSL_EC_KEY* key, + const unsigned char* der, int derSz) { - word32 idx = 0; - int ret; + word32 idx = 0; + int ret; - WOLFSSL_ENTER("wolfSSL_EC_KEY_LoadDer"); + WOLFSSL_ENTER("wolfSSL_EC_KEY_LoadDer"); - if (key == NULL || key->internal == NULL || der == NULL || derSz <= 0) { - WOLFSSL_MSG("Bad function arguments"); - return BAD_FUNC_ARG; - } + if (key == NULL || key->internal == NULL || der == NULL || derSz <= 0) { + WOLFSSL_MSG("Bad function arguments"); + return SSL_FATAL_ERROR; + } - ret = wc_EccPrivateKeyDecode(der, &idx, (ecc_key*)key->internal, derSz); - if (ret < 0) { - WOLFSSL_MSG("wc_EccPrivateKeyDecode failed"); - return ret; - } + ret = wc_EccPrivateKeyDecode(der, &idx, (ecc_key*)key->internal, derSz); + if (ret < 0) { + WOLFSSL_MSG("wc_EccPrivateKeyDecode failed"); + return SSL_FATAL_ERROR; + } - if (SetECKeyExternal(key) < 0) { - WOLFSSL_MSG("SetECKeyExternal failed"); - return SSL_FATAL_ERROR; - } + if (SetECKeyExternal(key) != SSL_SUCCESS) { + WOLFSSL_MSG("SetECKeyExternal failed"); + return SSL_FATAL_ERROR; + } - key->inSet = 1; + key->inSet = 1; - return SSL_SUCCESS; + return SSL_SUCCESS; } #endif /* HAVE_ECC */ diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 59e75be5e..01fd2eaca 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -529,7 +529,8 @@ WOLFSSL_LOCAL int GetSet(const byte* input, word32* inOutIdx, int* len, /* winodws header clash for WinCE using GetVersion */ -WOLFSSL_LOCAL int GetMyVersion(const byte* input, word32* inOutIdx, int* version) +WOLFSSL_LOCAL int GetMyVersion(const byte* input, word32* inOutIdx, + int* version) { word32 idx = *inOutIdx; @@ -939,12 +940,12 @@ static int DecryptKey(const char* password, int passwordSz, byte* salt, #endif if (version == PKCS5v2) - ret = wc_PBKDF2(key, (byte*)password, passwordSz, salt, saltSz, iterations, - derivedLen, typeH); + ret = wc_PBKDF2(key, (byte*)password, passwordSz, + salt, saltSz, iterations, derivedLen, typeH); #ifndef NO_SHA else if (version == PKCS5) - ret = wc_PBKDF1(key, (byte*)password, passwordSz, salt, saltSz, iterations, - derivedLen, typeH); + ret = wc_PBKDF1(key, (byte*)password, passwordSz, + salt, saltSz, iterations, derivedLen, typeH); #endif else if (version == PKCS12) { int i, idx = 0; @@ -1415,106 +1416,106 @@ int DsaPrivateKeyDecode(const byte* input, word32* inOutIdx, DsaKey* key, static mp_int* GetDsaInt(DsaKey* key, int idx) { - if (idx == 0) - return &key->p; - if (idx == 1) - return &key->q; - if (idx == 2) - return &key->g; - if (idx == 3) - return &key->x; - if (idx == 4) - return &key->y; + if (idx == 0) + return &key->p; + if (idx == 1) + return &key->q; + if (idx == 2) + return &key->g; + if (idx == 3) + return &key->x; + if (idx == 4) + return &key->y; - return NULL; + return NULL; } /* Release Tmp DSA resources */ static INLINE void FreeTmpDsas(byte** tmps) { - int i; + int i; - for (i = 0; i < DSA_INTS; i++) - XFREE(tmps[i], NULL, DYNAMIC_TYPE_DSA); + for (i = 0; i < DSA_INTS; i++) + XFREE(tmps[i], NULL, DYNAMIC_TYPE_DSA); } /* Convert DsaKey key to DER format, write to output (inLen), return bytes written */ int wc_DsaKeyToDer(DsaKey* key, byte* output, word32 inLen) { - word32 seqSz, verSz, rawLen, intTotalLen = 0; - word32 sizes[DSA_INTS]; - int i, j, outLen, ret = 0; + word32 seqSz, verSz, rawLen, intTotalLen = 0; + word32 sizes[DSA_INTS]; + int i, j, outLen, ret = 0; - byte seq[MAX_SEQ_SZ]; - byte ver[MAX_VERSION_SZ]; - byte* tmps[DSA_INTS]; + byte seq[MAX_SEQ_SZ]; + byte ver[MAX_VERSION_SZ]; + byte* tmps[DSA_INTS]; - if (!key || !output) - return BAD_FUNC_ARG; + if (!key || !output) + return BAD_FUNC_ARG; - if (key->type != DSA_PRIVATE) - return BAD_FUNC_ARG; + if (key->type != DSA_PRIVATE) + return BAD_FUNC_ARG; - for (i = 0; i < DSA_INTS; i++) - tmps[i] = NULL; + for (i = 0; i < DSA_INTS; i++) + tmps[i] = NULL; - /* write all big ints from key to DER tmps */ - for (i = 0; i < DSA_INTS; i++) { - mp_int* keyInt = GetDsaInt(key, i); - rawLen = mp_unsigned_bin_size(keyInt); - tmps[i] = (byte*)XMALLOC(rawLen + MAX_SEQ_SZ, NULL, DYNAMIC_TYPE_DSA); - if (tmps[i] == NULL) { - ret = MEMORY_E; - break; - } + /* write all big ints from key to DER tmps */ + for (i = 0; i < DSA_INTS; i++) { + mp_int* keyInt = GetDsaInt(key, i); + rawLen = mp_unsigned_bin_size(keyInt); + tmps[i] = (byte*)XMALLOC(rawLen + MAX_SEQ_SZ, NULL, DYNAMIC_TYPE_DSA); + if (tmps[i] == NULL) { + ret = MEMORY_E; + break; + } - tmps[i][0] = ASN_INTEGER; - sizes[i] = SetLength(rawLen, tmps[i] + 1) + 1; /* int tag */ + tmps[i][0] = ASN_INTEGER; + sizes[i] = SetLength(rawLen, tmps[i] + 1) + 1; /* int tag */ - if (sizes[i] <= MAX_SEQ_SZ) { - int err = mp_to_unsigned_bin(keyInt, tmps[i] + sizes[i]); - if (err == MP_OKAY) { - sizes[i] += rawLen; - intTotalLen += sizes[i]; - } - else { - ret = err; - break; - } - } - else { - ret = ASN_INPUT_E; - break; - } - } + if (sizes[i] <= MAX_SEQ_SZ) { + int err = mp_to_unsigned_bin(keyInt, tmps[i] + sizes[i]); + if (err == MP_OKAY) { + sizes[i] += rawLen; + intTotalLen += sizes[i]; + } + else { + ret = err; + break; + } + } + else { + ret = ASN_INPUT_E; + break; + } + } - if (ret != 0) { - FreeTmpDsas(tmps); - return ret; - } + if (ret != 0) { + FreeTmpDsas(tmps); + return ret; + } - /* make headers */ - verSz = SetMyVersion(0, ver, FALSE); - seqSz = SetSequence(verSz + intTotalLen, seq); + /* make headers */ + verSz = SetMyVersion(0, ver, FALSE); + seqSz = SetSequence(verSz + intTotalLen, seq); - outLen = seqSz + verSz + intTotalLen; - if (outLen > (int)inLen) - return BAD_FUNC_ARG; + outLen = seqSz + verSz + intTotalLen; + if (outLen > (int)inLen) + return BAD_FUNC_ARG; - /* write to output */ - XMEMCPY(output, seq, seqSz); - j = seqSz; - XMEMCPY(output + j, ver, verSz); - j += verSz; + /* write to output */ + XMEMCPY(output, seq, seqSz); + j = seqSz; + XMEMCPY(output + j, ver, verSz); + j += verSz; - for (i = 0; i < DSA_INTS; i++) { - XMEMCPY(output + j, tmps[i], sizes[i]); - j += sizes[i]; - } - FreeTmpDsas(tmps); + for (i = 0; i < DSA_INTS; i++) { + XMEMCPY(output + j, tmps[i], sizes[i]); + j += sizes[i]; + } + FreeTmpDsas(tmps); - return outLen; + return outLen; } #endif /* NO_DSA */ @@ -1862,7 +1863,7 @@ static int GetKey(DecodedCert* cert) #ifdef WOLFSSL_SMALL_STACK keyBlob = (byte*)XMALLOC(MAX_NTRU_KEY_SZ, NULL, - DYNAMIC_TYPE_TMP_BUFFER); + DYNAMIC_TYPE_TMP_BUFFER); if (keyBlob == NULL) return MEMORY_E; #endif @@ -3354,7 +3355,7 @@ static int ConfirmSignature(const byte* buf, word32 bufSz, #ifndef IGNORE_NAME_CONSTRAINTS static int MatchBaseName(int type, const char* name, int nameSz, - const char* base, int baseSz) + const char* base, int baseSz) { if (base == NULL || baseSz <= 0 || name == NULL || nameSz <= 0 || name[0] == '.' || nameSz < baseSz || @@ -6272,14 +6273,16 @@ int wc_SignCert(int requestSz, int sType, byte* buffer, word32 buffSz, } -int wc_MakeSelfCert(Cert* cert, byte* buffer, word32 buffSz, RsaKey* key, RNG* rng) +int wc_MakeSelfCert(Cert* cert, byte* buffer, word32 buffSz, + RsaKey* key, RNG* rng) { int ret = wc_MakeCert(cert, buffer, buffSz, key, NULL, rng); if (ret < 0) return ret; - return wc_SignCert(cert->bodySz, cert->sigType, buffer, buffSz, key, NULL,rng); + return wc_SignCert(cert->bodySz, cert->sigType, + buffer, buffSz, key, NULL, rng); } diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index 2a6612718..42411a7b8 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -87,7 +87,7 @@ const ecc_set_type ecc_sets[] = { #ifdef ECC112 { 14, - NID_secp111r1, + NID_secp111r1, "SECP112R1", "DB7C2ABF62E35E668076BEAD208B", "DB7C2ABF62E35E668076BEAD2088", @@ -100,7 +100,7 @@ const ecc_set_type ecc_sets[] = { #ifdef ECC128 { 16, - NID_secp128r1, + NID_secp128r1, "SECP128R1", "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFF", "FFFFFFFDFFFFFFFFFFFFFFFFFFFFFFFC", @@ -113,7 +113,7 @@ const ecc_set_type ecc_sets[] = { #ifdef ECC160 { 20, - NID_secp160r1, + NID_secp160r1, "SECP160R1", "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFF", "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF7FFFFFFC", @@ -126,7 +126,7 @@ const ecc_set_type ecc_sets[] = { #ifdef ECC192 { 24, - NID_cert192, + NID_cert192, "ECC-192", "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFF", "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFC", @@ -139,7 +139,7 @@ const ecc_set_type ecc_sets[] = { #ifdef ECC224 { 28, - NID_cert224, + NID_cert224, "ECC-224", "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF000000000000000000000001", "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFFFFFFFFFFFFFFFFFE", @@ -152,7 +152,7 @@ const ecc_set_type ecc_sets[] = { #ifdef ECC256 { 32, - NID_X9_62_prime256v1, + NID_X9_62_prime256v1, "nistp256", "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF", "FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC", @@ -165,7 +165,7 @@ const ecc_set_type ecc_sets[] = { #ifdef ECC384 { 48, - NID_secp384r1, + NID_secp384r1, "nistp384", "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFF", "FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFFFF0000000000000000FFFFFFFC", @@ -178,7 +178,7 @@ const ecc_set_type ecc_sets[] = { #ifdef ECC521 { 66, - NID_secp521r1, + NID_secp521r1, "nistp521", "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF", "1FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFC", @@ -1437,59 +1437,55 @@ void ecc_del_point(ecc_point* p) } /** Copy the value of a point to an other one - p The point to copy - r The created point + p The point to copy + r The created point */ int ecc_copy_point(ecc_point* p, ecc_point *r) { - /* prevents null arguments */ - if (p == NULL || r == NULL) - return 0; + int ret; - if (mp_copy(p->x, r->x) != MP_OKAY) - return 0; - if (mp_copy(p->y, r->y) != MP_OKAY) - return 0; - if (mp_copy(p->z, r->z) != MP_OKAY) - return 0; + /* prevents null arguments */ + if (p == NULL || r == NULL) + return ECC_BAD_ARG_E; - return 1; + ret = mp_copy(p->x, r->x); + if (ret != MP_OKAY) + return ret; + ret = mp_copy(p->y, r->y); + if (ret != MP_OKAY) + return ret; + ret = mp_copy(p->z, r->z); + if (ret != MP_OKAY) + return ret; + + return MP_OKAY; } /** Compare the value of a point with an other one - a The point to compare - b The othe point to compare + a The point to compare + b The othe point to compare - return 0 if equal, 1 if not, -1 in case of error + return MP_EQ if equal, MP_LT/MP_GT if not, < 0 in case of error */ int ecc_cmp_point(ecc_point* a, ecc_point *b) { - int ret; + int ret; - /* prevents null arguments */ - if (a == NULL || b == NULL) - return -1; + /* prevents null arguments */ + if (a == NULL || b == NULL) + return BAD_FUNC_ARG; - ret = mp_cmp(a->x, b->x); - if (ret != MP_EQ) { - if (ret != MP_LT && ret != MP_GT) - return -1; - return 1; - } - ret = mp_cmp(a->y, b->y); - if (ret != MP_EQ) { - if (ret != MP_LT && ret != MP_GT) - return -1; - return 1; - } - ret = mp_cmp(a->z, b->z); - if (ret != MP_EQ) { - if (ret != MP_LT && ret != MP_GT) - return -1; - return 1; - } + ret = mp_cmp(a->x, b->x); + if (ret != MP_EQ) + return ret; + ret = mp_cmp(a->y, b->y); + if (ret != MP_EQ) + return ret; + ret = mp_cmp(a->z, b->z); + if (ret != MP_EQ) + return ret; - return 0; + return MP_EQ; } /** Returns whether an ECC idx is valid or not @@ -1582,62 +1578,64 @@ int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out, /** Create an ECC shared secret between two keys private_key The private ECC key - point The point to use (public key) + point The point to use (public key) out [out] Destination of the shared secret Conforms to EC-DH from ANSI X9.63 outlen [in/out] The max size and resulting size of the shared secret return MP_OKAY if successful */ -int wc_ecc_shared_secret_ssh(ecc_key* private_key, ecc_point* point, byte* out, word32 *outlen) +int wc_ecc_shared_secret_ssh(ecc_key* private_key, ecc_point* point, + byte* out, word32 *outlen) { - word32 x = 0; - ecc_point* result; - mp_int prime; - int err; + word32 x = 0; + ecc_point* result; + mp_int prime; + int err; - if (private_key == NULL || point == NULL || out == NULL || outlen == NULL) - return BAD_FUNC_ARG; + if (private_key == NULL || point == NULL || out == NULL || outlen == NULL) + return BAD_FUNC_ARG; - /* type valid? */ - if (private_key->type != ECC_PRIVATEKEY) { - return ECC_BAD_ARG_E; - } + /* type valid? */ + if (private_key->type != ECC_PRIVATEKEY) { + return ECC_BAD_ARG_E; + } - if (ecc_is_valid_idx(private_key->idx) == 0) - return ECC_BAD_ARG_E; + if (ecc_is_valid_idx(private_key->idx) == 0) + return ECC_BAD_ARG_E; - /* make new point */ - result = ecc_new_point(); - if (result == NULL) { - return MEMORY_E; - } + /* make new point */ + result = ecc_new_point(); + if (result == NULL) { + return MEMORY_E; + } - if ((err = mp_init(&prime)) != MP_OKAY) { - ecc_del_point(result); - return err; - } + if ((err = mp_init(&prime)) != MP_OKAY) { + ecc_del_point(result); + return err; + } - err = mp_read_radix(&prime, (char *)private_key->dp->prime, 16); + err = mp_read_radix(&prime, (char *)private_key->dp->prime, 16); - if (err == MP_OKAY) - err = ecc_mulmod(&private_key->k, point, result, &prime, 1); + if (err == MP_OKAY) + err = ecc_mulmod(&private_key->k, point, result, &prime, 1); - if (err == MP_OKAY) { - x = mp_unsigned_bin_size(&prime); - if (*outlen < x) - err = BUFFER_E; - } + if (err == MP_OKAY) { + x = mp_unsigned_bin_size(&prime); + if (*outlen < x) + err = BUFFER_E; + } - if (err == MP_OKAY) { - XMEMSET(out, 0, x); - err = mp_to_unsigned_bin(result->x,out + (x - mp_unsigned_bin_size(result->x))); - *outlen = x; - } + if (err == MP_OKAY) { + XMEMSET(out, 0, x); + err = mp_to_unsigned_bin(result->x,out + + (x - mp_unsigned_bin_size(result->x))); + *outlen = x; + } - mp_clear(&prime); - ecc_del_point(result); + mp_clear(&prime); + ecc_del_point(result); - return err; + return err; } @@ -1779,23 +1777,23 @@ static int wc_ecc_make_key_ex(RNG* rng, ecc_key* key, const ecc_set_type* dp) */ int wc_ecc_make_key(RNG* rng, int keysize, ecc_key* key) { - int x, err; + int x, err; - if (key == NULL || rng == NULL) - return ECC_BAD_ARG_E; + if (key == NULL || rng == NULL) + return ECC_BAD_ARG_E; - /* find key size */ - for (x = 0; (keysize > ecc_sets[x].size) && (ecc_sets[x].size != 0); x++) - ; - keysize = ecc_sets[x].size; + /* find key size */ + for (x = 0; (keysize > ecc_sets[x].size) && (ecc_sets[x].size != 0); x++) + ; + keysize = ecc_sets[x].size; - if (keysize > ECC_MAXSIZE || ecc_sets[x].size == 0) { - return BAD_FUNC_ARG; - } - err = wc_ecc_make_key_ex(rng, key, &ecc_sets[x]); - key->idx = x; + if (keysize > ECC_MAXSIZE || ecc_sets[x].size == 0) { + return BAD_FUNC_ARG; + } + err = wc_ecc_make_key_ex(rng, key, &ecc_sets[x]); + key->idx = x; - return err; + return err; } /* Setup dynamic pointers is using normal math for proper freeing */ @@ -1823,7 +1821,7 @@ int wc_ecc_init(ecc_key* key) alt_fp_init(key->pubkey.z); #endif - return 0; + return MP_OKAY; } @@ -1837,27 +1835,28 @@ int wc_ecc_init(ecc_key* key) return MP_OKAY if successful */ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen, - RNG* rng, ecc_key* key) + RNG* rng, ecc_key* key) { - mp_int r; - mp_int s; - int err; + mp_int r; + mp_int s; + int err; - if (in == NULL || out == NULL || outlen == NULL || key == NULL || rng == NULL) - return ECC_BAD_ARG_E; + if (in == NULL || out == NULL || outlen == NULL || + key == NULL || rng == NULL) + return ECC_BAD_ARG_E; - if ((err = mp_init_multi(&r, &s, NULL, NULL, NULL, NULL)) != MP_OKAY) { - return err; - } + if ((err = mp_init_multi(&r, &s, NULL, NULL, NULL, NULL)) != MP_OKAY) { + return err; + } - err = wc_ecc_sign_hash_ex(in, inlen, rng, key, &r, &s); - if (err == MP_OKAY) - err = StoreECC_DSA_Sig(out, outlen, &r, &s); + err = wc_ecc_sign_hash_ex(in, inlen, rng, key, &r, &s); + if (err == MP_OKAY) + err = StoreECC_DSA_Sig(out, outlen, &r, &s); - mp_clear(&r); - mp_clear(&s); + mp_clear(&r); + mp_clear(&s); - return err; + return err; } /** @@ -1868,11 +1867,11 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen, outlen [in/out] The max size and resulting size of the signature key A private ECC key r [out] The destination for r component of the signature - s [out] The destination for s component of the signature + s [out] The destination for s component of the signature return MP_OKAY if successful */ int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, RNG* rng, - ecc_key* key, mp_int *r, mp_int *s) + ecc_key* key, mp_int *r, mp_int *s) { mp_int e; mp_int p; @@ -1916,47 +1915,48 @@ int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, RNG* rng, if (err == MP_OKAY) { int loop_check = 0; ecc_key pubkey; - wc_ecc_init(&pubkey); - for (;;) { - if (++loop_check > 64) { - err = RNG_FAILURE_E; - break; + if (wc_ecc_init(&pubkey) == MP_OKAY) { + for (;;) { + if (++loop_check > 64) { + err = RNG_FAILURE_E; + break; + } + err = wc_ecc_make_key_ex(rng, &pubkey, key->dp); + if (err != MP_OKAY) break; + + /* find r = x1 mod n */ + err = mp_mod(pubkey.pubkey.x, &p, r); + if (err != MP_OKAY) break; + + if (mp_iszero(r) == MP_YES) { + mp_clear(pubkey.pubkey.x); + mp_clear(pubkey.pubkey.y); + mp_clear(pubkey.pubkey.z); + mp_clear(&pubkey.k); + } + else { + /* find s = (e + xr)/k */ + err = mp_invmod(&pubkey.k, &p, &pubkey.k); + if (err != MP_OKAY) break; + + err = mp_mulmod(&key->k, r, &p, s); /* s = xr */ + if (err != MP_OKAY) break; + + err = mp_add(&e, s, s); /* s = e + xr */ + if (err != MP_OKAY) break; + + err = mp_mod(s, &p, s); /* s = e + xr */ + if (err != MP_OKAY) break; + + err = mp_mulmod(s, &pubkey.k, &p, s); /* s = (e + xr)/k */ + if (err != MP_OKAY) break; + + if (mp_iszero(s) == MP_NO) + break; + } } - err = wc_ecc_make_key_ex(rng, &pubkey, key->dp); - if (err != MP_OKAY) break; - - /* find r = x1 mod n */ - err = mp_mod(pubkey.pubkey.x, &p, r); - if (err != MP_OKAY) break; - - if (mp_iszero(r) == MP_YES) { - mp_clear(pubkey.pubkey.x); - mp_clear(pubkey.pubkey.y); - mp_clear(pubkey.pubkey.z); - mp_clear(&pubkey.k); - } - else { - /* find s = (e + xr)/k */ - err = mp_invmod(&pubkey.k, &p, &pubkey.k); - if (err != MP_OKAY) break; - - err = mp_mulmod(&key->k, r, &p, s); /* s = xr */ - if (err != MP_OKAY) break; - - err = mp_add(&e, s, s); /* s = e + xr */ - if (err != MP_OKAY) break; - - err = mp_mod(s, &p, s); /* s = e + xr */ - if (err != MP_OKAY) break; - - err = mp_mulmod(s, &pubkey.k, &p, s); /* s = (e + xr)/k */ - if (err != MP_OKAY) break; - - if (mp_iszero(s) == MP_NO) - break; - } + wc_ecc_free(&pubkey); } - wc_ecc_free(&pubkey); } mp_clear(&p); @@ -2240,34 +2240,34 @@ static int ecc_mul2add(ecc_point* A, mp_int* kA, return MP_OKAY if successful (even if the signature is not valid) */ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash, - word32 hashlen, int* stat, ecc_key* key) + word32 hashlen, int* stat, ecc_key* key) { - mp_int r; - mp_int s; - int err; + mp_int r; + mp_int s; + int err; - if (sig == NULL || hash == NULL || stat == NULL || key == NULL) - return ECC_BAD_ARG_E; + if (sig == NULL || hash == NULL || stat == NULL || key == NULL) + return ECC_BAD_ARG_E; - /* default to invalid signature */ - *stat = 0; + /* default to invalid signature */ + *stat = 0; - /* Note, DecodeECC_DSA_Sig() calls mp_init() on r and s. - * If either of those don't allocate correctly, none of - * the rest of this function will execute, and everything - * gets cleaned up at the end. */ - XMEMSET(&r, 0, sizeof(r)); - XMEMSET(&s, 0, sizeof(s)); + /* Note, DecodeECC_DSA_Sig() calls mp_init() on r and s. + * If either of those don't allocate correctly, none of + * the rest of this function will execute, and everything + * gets cleaned up at the end. */ + XMEMSET(&r, 0, sizeof(r)); + XMEMSET(&s, 0, sizeof(s)); - err = DecodeECC_DSA_Sig(sig, siglen, &r, &s); + err = DecodeECC_DSA_Sig(sig, siglen, &r, &s); - if (err == MP_OKAY) - err = wc_ecc_verify_hash_ex(&r, &s, hash, hashlen, stat, key); + if (err == MP_OKAY) + err = wc_ecc_verify_hash_ex(&r, &s, hash, hashlen, stat, key); - mp_clear(&r); - mp_clear(&s); + mp_clear(&r); + mp_clear(&s); - return err; + return err; } /** @@ -2335,7 +2335,8 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash, /* check for zero */ if (err == MP_OKAY) { - if (mp_iszero(r) || mp_iszero(s) || mp_cmp(r, &p) != MP_LT || mp_cmp(s, &p) != MP_LT) + if (mp_iszero(r) || mp_iszero(s) || mp_cmp(r, &p) != MP_LT || + mp_cmp(s, &p) != MP_LT) err = MP_ZERO_E; } /* read hash */ @@ -2434,189 +2435,193 @@ int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash, } /* import point from der */ -int wc_ecc_import_point_der(byte* in, word32 inLen, const int curve_idx, ecc_point* point) +int wc_ecc_import_point_der(byte* in, word32 inLen, const int curve_idx, + ecc_point* point) { - int err = 0; - int compressed = 0; + int err = 0; + int compressed = 0; - if (in == NULL || point == NULL || (ecc_is_valid_idx(curve_idx) == 0)) - return ECC_BAD_ARG_E; + if (in == NULL || point == NULL || (curve_idx < 0) || + (ecc_is_valid_idx(curve_idx) == 0)) + return ECC_BAD_ARG_E; - /* must be odd */ - if ((inLen & 1) == 0) { - return ECC_BAD_ARG_E; - } + /* must be odd */ + if ((inLen & 1) == 0) { + return ECC_BAD_ARG_E; + } - /* init point */ + /* init point */ #ifdef ALT_ECC_SIZE - point->x = (mp_int*)&point->xyz[0]; - point->y = (mp_int*)&point->xyz[1]; - point->z = (mp_int*)&point->xyz[2]; - alt_fp_init(point->x); - alt_fp_init(point->y); - alt_fp_init(point->z); + point->x = (mp_int*)&point->xyz[0]; + point->y = (mp_int*)&point->xyz[1]; + point->z = (mp_int*)&point->xyz[2]; + alt_fp_init(point->x); + alt_fp_init(point->y); + alt_fp_init(point->z); #else - err = mp_init_multi(point->x, point->y, point->z, NULL, NULL, NULL); + err = mp_init_multi(point->x, point->y, point->z, NULL, NULL, NULL); #endif - if (err != MP_OKAY) - return MEMORY_E; + if (err != MP_OKAY) + return MEMORY_E; - /* check for 4, 2, or 3 */ - if (in[0] != 0x04 && in[0] != 0x02 && in[0] != 0x03) { - err = ASN_PARSE_E; - } + /* check for 4, 2, or 3 */ + if (in[0] != 0x04 && in[0] != 0x02 && in[0] != 0x03) { + err = ASN_PARSE_E; + } - if (in[0] == 0x02 || in[0] == 0x03) { + if (in[0] == 0x02 || in[0] == 0x03) { #ifdef HAVE_COMP_KEY - compressed = 1; + compressed = 1; #else - err = NOT_COMPILED_IN; + err = NOT_COMPILED_IN; #endif - } + } - /* read data */ - if (err == MP_OKAY) - err = mp_read_unsigned_bin(point->x, (byte*)in+1, (inLen-1)>>1); + /* read data */ + if (err == MP_OKAY) + err = mp_read_unsigned_bin(point->x, (byte*)in+1, (inLen-1)>>1); #ifdef HAVE_COMP_KEY - if (err == MP_OKAY && compressed == 1) { /* build y */ - mp_int t1, t2, prime, a, b; + if (err == MP_OKAY && compressed == 1) { /* build y */ + mp_int t1, t2, prime, a, b; - if (mp_init_multi(&t1, &t2, &prime, &a, &b, NULL) != MP_OKAY) - err = MEMORY_E; + if (mp_init_multi(&t1, &t2, &prime, &a, &b, NULL) != MP_OKAY) + err = MEMORY_E; - /* load prime */ - if (err == MP_OKAY) - err = mp_read_radix(&prime, (char *)ecc_sets[curve_idx].prime, 16); + /* load prime */ + if (err == MP_OKAY) + err = mp_read_radix(&prime, (char *)ecc_sets[curve_idx].prime, 16); - /* load a */ - if (err == MP_OKAY) - err = mp_read_radix(&a, (char *)ecc_sets[curve_idx].Af, 16); + /* load a */ + if (err == MP_OKAY) + err = mp_read_radix(&a, (char *)ecc_sets[curve_idx].Af, 16); - /* load b */ - if (err == MP_OKAY) - err = mp_read_radix(&b, (char *)ecc_sets[curve_idx].Bf, 16); + /* load b */ + if (err == MP_OKAY) + err = mp_read_radix(&b, (char *)ecc_sets[curve_idx].Bf, 16); - /* compute x^3 */ - if (err == MP_OKAY) - err = mp_sqr(point->x, &t1); + /* compute x^3 */ + if (err == MP_OKAY) + err = mp_sqr(point->x, &t1); - if (err == MP_OKAY) - err = mp_mulmod(&t1, point->x, &prime, &t1); + if (err == MP_OKAY) + err = mp_mulmod(&t1, point->x, &prime, &t1); - /* compute x^3 + a*x */ - if (err == MP_OKAY) - err = mp_mulmod(&a, point->x, &prime, &t2); + /* compute x^3 + a*x */ + if (err == MP_OKAY) + err = mp_mulmod(&a, point->x, &prime, &t2); - if (err == MP_OKAY) - err = mp_add(&t1, &t2, &t1); + if (err == MP_OKAY) + err = mp_add(&t1, &t2, &t1); - /* compute x^3 + a*x + b */ - if (err == MP_OKAY) - err = mp_add(&t1, &b, &t1); + /* compute x^3 + a*x + b */ + if (err == MP_OKAY) + err = mp_add(&t1, &b, &t1); - /* compute sqrt(x^3 + a*x + b) */ - if (err == MP_OKAY) - err = mp_sqrtmod_prime(&t1, &prime, &t2); + /* compute sqrt(x^3 + a*x + b) */ + if (err == MP_OKAY) + err = mp_sqrtmod_prime(&t1, &prime, &t2); - /* adjust y */ - if (err == MP_OKAY) { - if ((mp_isodd(&t2) && in[0] == 0x03) || - (!mp_isodd(&t2) && in[0] == 0x02)) { - err = mp_mod(&t2, &prime, point->y); - } - else { - err = mp_submod(&prime, &t2, &prime, point->y); - } - } + /* adjust y */ + if (err == MP_OKAY) { + if ((mp_isodd(&t2) && in[0] == 0x03) || + (!mp_isodd(&t2) && in[0] == 0x02)) { + err = mp_mod(&t2, &prime, point->y); + } + else { + err = mp_submod(&prime, &t2, &prime, point->y); + } + } - mp_clear(&a); - mp_clear(&b); - mp_clear(&prime); - mp_clear(&t2); - mp_clear(&t1); - } + mp_clear(&a); + mp_clear(&b); + mp_clear(&prime); + mp_clear(&t2); + mp_clear(&t1); + } #endif - if (err == MP_OKAY && compressed == 0) - err = mp_read_unsigned_bin(point->y, (byte*)in+1+((inLen-1)>>1), (inLen-1)>>1); - if (err == MP_OKAY) - mp_set(point->z, 1); + if (err == MP_OKAY && compressed == 0) + err = mp_read_unsigned_bin(point->y, + (byte*)in+1+((inLen-1)>>1), (inLen-1)>>1); + if (err == MP_OKAY) + mp_set(point->z, 1); - if (err != MP_OKAY) { - mp_clear(point->x); - mp_clear(point->y); - mp_clear(point->z); - } + if (err != MP_OKAY) { + mp_clear(point->x); + mp_clear(point->y); + mp_clear(point->z); + } - return err; + return err; } /* export point to der */ -int wc_ecc_export_point_der(const int curve_idx, ecc_point* point, byte* out, word32* outLen) +int wc_ecc_export_point_der(const int curve_idx, ecc_point* point, byte* out, + word32* outLen) { #ifdef WOLFSSL_SMALL_STACK - byte* buf; + byte* buf; #else - byte buf[ECC_BUFSIZE]; + byte buf[ECC_BUFSIZE]; #endif - word32 numlen; - int ret = MP_OKAY; + word32 numlen; + int ret = MP_OKAY; - if (curve_idx < 0) - return ECC_BAD_ARG_E; + if ((curve_idx < 0) || (ecc_is_valid_idx(curve_idx) == 0)) + return ECC_BAD_ARG_E; - /* return length needed only */ - if (point != NULL && out == NULL && outLen != NULL) { - numlen = ecc_sets[curve_idx].size; - *outLen = 1 + 2*numlen; - return LENGTH_ONLY_E; - } + /* return length needed only */ + if (point != NULL && out == NULL && outLen != NULL) { + numlen = ecc_sets[curve_idx].size; + *outLen = 1 + 2*numlen; + return LENGTH_ONLY_E; + } - if (point == NULL || out == NULL || outLen == NULL) - return ECC_BAD_ARG_E; + if (point == NULL || out == NULL || outLen == NULL) + return ECC_BAD_ARG_E; - numlen = ecc_sets[curve_idx].size; + numlen = ecc_sets[curve_idx].size; - if (*outLen < (1 + 2*numlen)) { - *outLen = 1 + 2*numlen; - return BUFFER_E; - } + if (*outLen < (1 + 2*numlen)) { + *outLen = 1 + 2*numlen; + return BUFFER_E; + } - /* store byte 0x04 */ - out[0] = 0x04; + /* store byte 0x04 */ + out[0] = 0x04; #ifdef WOLFSSL_SMALL_STACK - buf = (byte*)XMALLOC(ECC_BUFSIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (buf == NULL) - return MEMORY_E; + buf = (byte*)XMALLOC(ECC_BUFSIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (buf == NULL) + return MEMORY_E; #endif - do { - /* pad and store x */ - XMEMSET(buf, 0, ECC_BUFSIZE); - ret = mp_to_unsigned_bin(point->x, - buf + (numlen - mp_unsigned_bin_size(point->x))); - if (ret != MP_OKAY) - break; - XMEMCPY(out+1, buf, numlen); + do { + /* pad and store x */ + XMEMSET(buf, 0, ECC_BUFSIZE); + ret = mp_to_unsigned_bin(point->x, buf + + (numlen - mp_unsigned_bin_size(point->x))); + if (ret != MP_OKAY) + break; + XMEMCPY(out+1, buf, numlen); - /* pad and store y */ - XMEMSET(buf, 0, ECC_BUFSIZE); - ret = mp_to_unsigned_bin(point->y, - buf + (numlen - mp_unsigned_bin_size(point->y))); - if (ret != MP_OKAY) - break; - XMEMCPY(out+1+numlen, buf, numlen); + /* pad and store y */ + XMEMSET(buf, 0, ECC_BUFSIZE); + ret = mp_to_unsigned_bin(point->y, buf + + (numlen - mp_unsigned_bin_size(point->y))); + if (ret != MP_OKAY) + break; + XMEMCPY(out+1+numlen, buf, numlen); - *outLen = 1 + 2*numlen; - } while (0); + *outLen = 1 + 2*numlen; + } while (0); #ifdef WOLFSSL_SMALL_STACK - XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif - return ret; + return ret; } @@ -2690,7 +2695,8 @@ int wc_ecc_export_x963(ecc_key* key, byte* out, word32* outLen) /* export public ECC key in ANSI X9.63 format, extended with * compression option */ -int wc_ecc_export_x963_ex(ecc_key* key, byte* out, word32* outLen, int compressed) +int wc_ecc_export_x963_ex(ecc_key* key, byte* out, word32* outLen, + int compressed) { if (compressed == 0) return wc_ecc_export_x963(key, out, outLen); @@ -3235,8 +3241,8 @@ int wc_ecc_size(ecc_key* key) } -/* worst case estimate, check actual return from wc_ecc_sign_hash for actual value - of signature size in octets */ +/* worst case estimate, check actual return from wc_ecc_sign_hash for actual + value of signature size in octets */ int wc_ecc_sig_size(ecc_key* key) { int sz = wc_ecc_size(key); diff --git a/wolfcrypt/src/integer.c b/wolfcrypt/src/integer.c index bb5877305..00685acfc 100644 --- a/wolfcrypt/src/integer.c +++ b/wolfcrypt/src/integer.c @@ -49,18 +49,18 @@ static void bn_reverse (unsigned char *s, int len) { - int ix, iy; - unsigned char t; + int ix, iy; + unsigned char t; - ix = 0; - iy = len - 1; - while (ix < iy) { - t = s[ix]; - s[ix] = s[iy]; - s[iy] = t; - ++ix; - --iy; - } + ix = 0; + iy = len - 1; + while (ix < iy) { + t = s[ix]; + s[ix] = s[iy]; + s[iy] = t; + ++ix; + --iy; + } } /* math settings check */ @@ -1251,10 +1251,10 @@ void mp_set (mp_int * a, mp_digit b) /* chek if a bit is set */ int mp_is_bit_set (mp_int *a, mp_digit b) { - if ((mp_digit)a->used < b/DIGIT_BIT) - return 0; + if ((mp_digit)a->used < b/DIGIT_BIT) + return 0; - return (int)((a->dp[b/DIGIT_BIT] >> b%DIGIT_BIT) & (mp_digit)1); + return (int)((a->dp[b/DIGIT_BIT] >> b%DIGIT_BIT) & (mp_digit)1); } /* c = a mod b, 0 <= c < b */ @@ -1888,7 +1888,8 @@ int mp_exptmod_fast (mp_int * G, mp_int * X, mp_int * P, mp_int * Y, } for (x = 0; x < (winsize - 1); x++) { - if ((err = mp_sqr (&M[(mp_digit)(1 << (winsize - 1))], &M[(mp_digit)(1 << (winsize - 1))])) != MP_OKAY) { + if ((err = mp_sqr (&M[(mp_digit)(1 << (winsize - 1))], + &M[(mp_digit)(1 << (winsize - 1))])) != MP_OKAY) { goto LBL_RES; } if ((err = redux (&M[(mp_digit)(1 << (winsize - 1))], P, mp)) != MP_OKAY) { @@ -2523,20 +2524,20 @@ mp_2expt (mp_int * a, int b) int mp_set_bit (mp_int * a, int b) { - int i = b / DIGIT_BIT, res; + int i = b / DIGIT_BIT, res; - /* grow a to accomodate the single bit */ - if ((res = mp_grow (a, i + 1)) != MP_OKAY) { - return res; - } + /* grow a to accomodate the single bit */ + if ((res = mp_grow (a, i + 1)) != MP_OKAY) { + return res; + } - /* set the used count of where the bit will go */ - a->used = i + 1; + /* set the used count of where the bit will go */ + a->used = i + 1; - /* put the single bit in its place */ - a->dp[i] |= ((mp_digit)1) << (b % DIGIT_BIT); + /* put the single bit in its place */ + a->dp[i] |= ((mp_digit)1) << (b % DIGIT_BIT); - return MP_OKAY; + return MP_OKAY; } /* multiply by a digit */ @@ -3192,7 +3193,8 @@ int mp_montgomery_calc_normalization (mp_int * a, mp_int * b) bits = mp_count_bits (b) % DIGIT_BIT; if (b->used > 1) { - if ((res = mp_2expt (a, (b->used - 1) * DIGIT_BIT + bits - 1)) != MP_OKAY) { + if ((res = mp_2expt (a, (b->used - 1) * DIGIT_BIT + bits - 1)) + != MP_OKAY) { return res; } } else { @@ -3624,7 +3626,8 @@ s_mp_mul_high_digs (mp_int * a, mp_int * b, mp_int * c, int digs) /* can we use the fast multiplier? */ #ifdef BN_FAST_S_MP_MUL_HIGH_DIGS_C if (((a->used + b->used + 1) < MP_WARRAY) - && MIN (a->used, b->used) < (1 << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) { + && MIN (a->used, b->used) < + (1 << ((CHAR_BIT * sizeof (mp_word)) - (2 * DIGIT_BIT)))) { return fast_s_mp_mul_high_digs (a, b, c, digs); } #endif @@ -3818,7 +3821,8 @@ int mp_sqrmod (mp_int * a, mp_int * b, mp_int * c) #endif -#if defined(HAVE_ECC) || !defined(NO_PWDBASED) || defined(WOLFSSL_SNIFFER) || defined(WOLFSSL_HAVE_WOLFSCEP) || defined(WOLFSSL_KEY_GEN) +#if defined(HAVE_ECC) || !defined(NO_PWDBASED) || defined(WOLFSSL_SNIFFER) || \ + defined(WOLFSSL_HAVE_WOLFSCEP) || defined(WOLFSSL_KEY_GEN) /* single digit addition */ int mp_add_d (mp_int* a, mp_digit b, mp_int* c) @@ -4120,7 +4124,7 @@ int mp_mod_d (mp_int * a, mp_digit b, mp_digit * c) return mp_div_d(a, b, NULL, c); } -#endif /* defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) || defined(HAVE_ECC) */ +#endif /* defined(WOLFSSL_KEY_GEN)||defined(HAVE_COMP_KEY)||defined(HAVE_ECC) */ #ifdef WOLFSSL_KEY_GEN @@ -4472,7 +4476,8 @@ LBL_U:mp_clear (&v); #ifdef HAVE_ECC /* chars used in radix conversions */ -const char *mp_s_rmap = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+/"; +const char *mp_s_rmap = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ\ + abcdefghijklmnopqrstuvwxyz+/"; /* read a string [ASCII] in a given radix */ int mp_read_radix (mp_int * a, const char *str, int radix) @@ -4541,110 +4546,110 @@ int mp_read_radix (mp_int * a, const char *str, int radix) /* returns size of ASCII representation */ int mp_radix_size (mp_int *a, int radix, int *size) { - int res, digs; - mp_int t; - mp_digit d; + int res, digs; + mp_int t; + mp_digit d; - *size = 0; + *size = 0; - /* special case for binary */ - if (radix == 2) { - *size = mp_count_bits (a) + (a->sign == MP_NEG ? 1 : 0) + 1; - return MP_OKAY; - } + /* special case for binary */ + if (radix == 2) { + *size = mp_count_bits (a) + (a->sign == MP_NEG ? 1 : 0) + 1; + return MP_OKAY; + } - /* make sure the radix is in range */ - if (radix < 2 || radix > 64) { - return MP_VAL; - } + /* make sure the radix is in range */ + if (radix < 2 || radix > 64) { + return MP_VAL; + } - if (mp_iszero(a) == MP_YES) { - *size = 2; - return MP_OKAY; - } + if (mp_iszero(a) == MP_YES) { + *size = 2; + return MP_OKAY; + } - /* digs is the digit count */ - digs = 0; + /* digs is the digit count */ + digs = 0; - /* if it's negative add one for the sign */ - if (a->sign == MP_NEG) { - ++digs; - } + /* if it's negative add one for the sign */ + if (a->sign == MP_NEG) { + ++digs; + } - /* init a copy of the input */ - if ((res = mp_init_copy (&t, a)) != MP_OKAY) { - return res; - } + /* init a copy of the input */ + if ((res = mp_init_copy (&t, a)) != MP_OKAY) { + return res; + } - /* force temp to positive */ - t.sign = MP_ZPOS; + /* force temp to positive */ + t.sign = MP_ZPOS; - /* fetch out all of the digits */ - while (mp_iszero (&t) == MP_NO) { - if ((res = mp_div_d (&t, (mp_digit) radix, &t, &d)) != MP_OKAY) { - mp_clear (&t); - return res; - } - ++digs; - } - mp_clear (&t); + /* fetch out all of the digits */ + while (mp_iszero (&t) == MP_NO) { + if ((res = mp_div_d (&t, (mp_digit) radix, &t, &d)) != MP_OKAY) { + mp_clear (&t); + return res; + } + ++digs; + } + mp_clear (&t); - /* return digs + 1, the 1 is for the NULL byte that would be required. */ - *size = digs + 1; - return MP_OKAY; + /* return digs + 1, the 1 is for the NULL byte that would be required. */ + *size = digs + 1; + return MP_OKAY; } /* stores a bignum as a ASCII string in a given radix (2..64) */ int mp_toradix (mp_int *a, char *str, int radix) { - int res, digs; - mp_int t; - mp_digit d; - char *_s = str; + int res, digs; + mp_int t; + mp_digit d; + char *_s = str; - /* check range of the radix */ - if (radix < 2 || radix > 64) { - return MP_VAL; - } + /* check range of the radix */ + if (radix < 2 || radix > 64) { + return MP_VAL; + } - /* quick out if its zero */ - if (mp_iszero(a) == 1) { - *str++ = '0'; - *str = '\0'; - return MP_OKAY; - } + /* quick out if its zero */ + if (mp_iszero(a) == 1) { + *str++ = '0'; + *str = '\0'; + return MP_OKAY; + } - if ((res = mp_init_copy (&t, a)) != MP_OKAY) { - return res; - } + if ((res = mp_init_copy (&t, a)) != MP_OKAY) { + return res; + } - /* if it is negative output a - */ - if (t.sign == MP_NEG) { - ++_s; - *str++ = '-'; - t.sign = MP_ZPOS; - } + /* if it is negative output a - */ + if (t.sign == MP_NEG) { + ++_s; + *str++ = '-'; + t.sign = MP_ZPOS; + } - digs = 0; - while (mp_iszero (&t) == 0) { - if ((res = mp_div_d (&t, (mp_digit) radix, &t, &d)) != MP_OKAY) { - mp_clear (&t); - return res; - } - *str++ = mp_s_rmap[d]; - ++digs; - } + digs = 0; + while (mp_iszero (&t) == 0) { + if ((res = mp_div_d (&t, (mp_digit) radix, &t, &d)) != MP_OKAY) { + mp_clear (&t); + return res; + } + *str++ = mp_s_rmap[d]; + ++digs; + } - /* reverse the digits of the string. In this case _s points - * to the first digit [exluding the sign] of the number] - */ - bn_reverse ((unsigned char *)_s, digs); + /* reverse the digits of the string. In this case _s points + * to the first digit [exluding the sign] of the number] + */ + bn_reverse ((unsigned char *)_s, digs); - /* append a NULL so the string is properly terminated */ - *str = '\0'; + /* append a NULL so the string is properly terminated */ + *str = '\0'; - mp_clear (&t); - return MP_OKAY; + mp_clear (&t); + return MP_OKAY; } #endif /* HAVE_ECC */ diff --git a/wolfcrypt/src/tfm.c b/wolfcrypt/src/tfm.c index 26467e9bd..3391693ae 100755 --- a/wolfcrypt/src/tfm.c +++ b/wolfcrypt/src/tfm.c @@ -538,7 +538,7 @@ int fp_div(fp_int *a, fp_int *b, fp_int *c, fp_int *d) t = y.used - 1; /* while (x >= y*b**n-t) do { q[n-t] += 1; x -= y*b**{n-t} } */ - fp_lshd (&y, n - t); /* y = y*b**{n-t} */ + fp_lshd (&y, n - t); /* y = y*b**{n-t} */ while (fp_cmp (&x, &y) != FP_LT) { ++(q.dp[n - t]); @@ -966,8 +966,8 @@ int fp_mulmod(fp_int *a, fp_int *b, fp_int *c, fp_int *d) #ifdef TFM_TIMING_RESISTANT /* timing resistant montgomery ladder based exptmod - - Based on work by Marc Joye, Sung-Ming Yen, "The Montgomery Powering Ladder", Cryptographic Hardware and Embedded Systems, CHES 2002 + Based on work by Marc Joye, Sung-Ming Yen, "The Montgomery Powering Ladder", + Cryptographic Hardware and Embedded Systems, CHES 2002 */ static int _fp_exptmod(fp_int * G, fp_int * X, fp_int * P, fp_int * Y) { @@ -1085,7 +1085,8 @@ static int _fp_exptmod(fp_int * G, fp_int * X, fp_int * P, fp_int * Y) } fp_mulmod (&M[1], &res, P, &M[1]); - /* compute the value at M[1<<(winsize-1)] by squaring M[1] (winsize-1) times */ + /* compute the value at M[1<<(winsize-1)] by + * squaring M[1] (winsize-1) times */ fp_copy (&M[1], &M[1 << (winsize - 1)]); for (x = 0; x < (winsize - 1); x++) { fp_sqr (&M[1 << (winsize - 1)], &M[1 << (winsize - 1)]); @@ -1737,7 +1738,8 @@ void fp_read_unsigned_bin(fp_int *a, unsigned char *b, int c) /* If we know the endianness of this architecture, and we're using 32-bit fp_digits, we can optimize this */ -#if (defined(LITTLE_ENDIAN_ORDER) || defined(BIG_ENDIAN_ORDER)) && defined(FP_32BIT) +#if (defined(LITTLE_ENDIAN_ORDER) || defined(BIG_ENDIAN_ORDER)) && \ + defined(FP_32BIT) /* But not for both simultaneously */ #if defined(LITTLE_ENDIAN_ORDER) && defined(BIG_ENDIAN_ORDER) #error Both LITTLE_ENDIAN_ORDER and BIG_ENDIAN_ORDER defined. @@ -1757,12 +1759,12 @@ void fp_read_unsigned_bin(fp_int *a, unsigned char *b, int c) /* Use Duff's device to unroll the loop. */ int idx = (c - 1) & ~3; switch (c % 4) { - case 0: do { pd[idx+0] = *b++; - case 3: pd[idx+1] = *b++; - case 2: pd[idx+2] = *b++; - case 1: pd[idx+3] = *b++; + case 0: do { pd[idx+0] = *b++; + case 3: pd[idx+1] = *b++; + case 2: pd[idx+2] = *b++; + case 1: pd[idx+3] = *b++; idx -= 4; - } while ((c -= 4) > 0); + } while ((c -= 4) > 0); } } #else @@ -1813,10 +1815,10 @@ void fp_set(fp_int *a, fp_digit b) /* chek if a bit is set */ int fp_is_bit_set (fp_int *a, fp_digit b) { - if ((fp_digit)a->used < b/DIGIT_BIT) - return 0; + if ((fp_digit)a->used < b/DIGIT_BIT) + return 0; - return (int)((a->dp[b/DIGIT_BIT] >> b%DIGIT_BIT) & (fp_digit)1); + return (int)((a->dp[b/DIGIT_BIT] >> b%DIGIT_BIT) & (fp_digit)1); } int fp_count_bits (fp_int * a) @@ -2003,7 +2005,8 @@ void mp_clear (mp_int * a) } /* handle up to 6 inits */ -int mp_init_multi(mp_int* a, mp_int* b, mp_int* c, mp_int* d, mp_int* e, mp_int* f) +int mp_init_multi(mp_int* a, mp_int* b, mp_int* c, mp_int* d, + mp_int* e, mp_int* f) { if (a) fp_init(a); @@ -2111,7 +2114,7 @@ int mp_sub_d(fp_int *a, fp_digit b, fp_int *c) int mp_mul_2d(fp_int *a, int b, fp_int *c) { - fp_mul_2d(a, b, c); + fp_mul_2d(a, b, c); return MP_OKAY; } @@ -2191,7 +2194,7 @@ int mp_set_int(fp_int *a, fp_digit b) int mp_is_bit_set (fp_int *a, fp_digit b) { - return fp_is_bit_set(a, b); + return fp_is_bit_set(a, b); } #if defined(WOLFSSL_KEY_GEN) || defined (HAVE_ECC) @@ -2597,7 +2600,8 @@ int mp_add_d(fp_int *a, fp_digit b, fp_int *c) #ifdef HAVE_ECC /* chars used in radix conversions */ -static const char *fp_s_rmap = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz+/"; +static const char *fp_s_rmap = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ\ + abcdefghijklmnopqrstuvwxyz+/"; static int fp_read_radix(fp_int *a, const char *str, int radix) { @@ -2717,107 +2721,107 @@ int mp_cnt_lsb(fp_int* a) /* returns size of ASCII reprensentation */ int mp_radix_size (mp_int *a, int radix, int *size) { - int res, digs; - fp_int t; - fp_digit d; + int res, digs; + fp_int t; + fp_digit d; - *size = 0; + *size = 0; - /* special case for binary */ - if (radix == 2) { - *size = fp_count_bits (a) + (a->sign == FP_NEG ? 1 : 0) + 1; - return FP_YES; - } + /* special case for binary */ + if (radix == 2) { + *size = fp_count_bits (a) + (a->sign == FP_NEG ? 1 : 0) + 1; + return FP_YES; + } - /* make sure the radix is in range */ - if (radix < 2 || radix > 64) { - return FP_VAL; - } + /* make sure the radix is in range */ + if (radix < 2 || radix > 64) { + return FP_VAL; + } - if (fp_iszero(a) == MP_YES) { - *size = 2; - return FP_YES; - } + if (fp_iszero(a) == MP_YES) { + *size = 2; + return FP_YES; + } - /* digs is the digit count */ - digs = 0; + /* digs is the digit count */ + digs = 0; - /* if it's negative add one for the sign */ - if (a->sign == FP_NEG) { - ++digs; - } + /* if it's negative add one for the sign */ + if (a->sign == FP_NEG) { + ++digs; + } - /* init a copy of the input */ - fp_init_copy (&t, a); + /* init a copy of the input */ + fp_init_copy (&t, a); - /* force temp to positive */ - t.sign = FP_ZPOS; + /* force temp to positive */ + t.sign = FP_ZPOS; - /* fetch out all of the digits */ - while (fp_iszero (&t) == FP_NO) { - if ((res = fp_div_d (&t, (mp_digit) radix, &t, &d)) != FP_OKAY) { - fp_zero (&t); - return res; - } - ++digs; - } - fp_zero (&t); + /* fetch out all of the digits */ + while (fp_iszero (&t) == FP_NO) { + if ((res = fp_div_d (&t, (mp_digit) radix, &t, &d)) != FP_OKAY) { + fp_zero (&t); + return res; + } + ++digs; + } + fp_zero (&t); - /* return digs + 1, the 1 is for the NULL byte that would be required. */ - *size = digs + 1; - return FP_OKAY; + /* return digs + 1, the 1 is for the NULL byte that would be required. */ + *size = digs + 1; + return FP_OKAY; } /* stores a bignum as a ASCII string in a given radix (2..64) */ int mp_toradix (mp_int *a, char *str, int radix) { - int res, digs; - fp_int t; - fp_digit d; - char *_s = str; + int res, digs; + fp_int t; + fp_digit d; + char *_s = str; - /* check range of the radix */ - if (radix < 2 || radix > 64) { - return FP_VAL; - } + /* check range of the radix */ + if (radix < 2 || radix > 64) { + return FP_VAL; + } - /* quick out if its zero */ - if (fp_iszero(a) == 1) { - *str++ = '0'; - *str = '\0'; - return FP_YES; - } + /* quick out if its zero */ + if (fp_iszero(a) == 1) { + *str++ = '0'; + *str = '\0'; + return FP_YES; + } - /* init a copy of the input */ - fp_init_copy (&t, a); + /* init a copy of the input */ + fp_init_copy (&t, a); - /* if it is negative output a - */ - if (t.sign == FP_NEG) { - ++_s; - *str++ = '-'; - t.sign = FP_ZPOS; - } + /* if it is negative output a - */ + if (t.sign == FP_NEG) { + ++_s; + *str++ = '-'; + t.sign = FP_ZPOS; + } - digs = 0; - while (fp_iszero (&t) == 0) { - if ((res = fp_div_d (&t, (fp_digit) radix, &t, &d)) != FP_OKAY) { - fp_zero (&t); - return res; - } - *str++ = fp_s_rmap[d]; - ++digs; - } + digs = 0; + while (fp_iszero (&t) == 0) { + if ((res = fp_div_d (&t, (fp_digit) radix, &t, &d)) != FP_OKAY) { + fp_zero (&t); + return res; + } + *str++ = fp_s_rmap[d]; + ++digs; + } - /* reverse the digits of the string. In this case _s points - * to the first digit [exluding the sign] of the number] - */ - fp_reverse ((unsigned char *)_s, digs); + /* reverse the digits of the string. In this case _s points + * to the first digit [exluding the sign] of the number] + */ + fp_reverse ((unsigned char *)_s, digs); - /* append a NULL so the string is properly terminated */ - *str = '\0'; + /* append a NULL so the string is properly terminated */ + *str = '\0'; - fp_zero (&t); - return FP_OKAY; + fp_zero (&t); + return FP_OKAY; } #endif /* defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) */ diff --git a/wolfssl/openssl/bn.h b/wolfssl/openssl/bn.h index efd937d76..225e6976d 100644 --- a/wolfssl/openssl/bn.h +++ b/wolfssl/openssl/bn.h @@ -32,9 +32,9 @@ WOLFSSL_API void wolfSSL_BN_clear_free(WOLFSSL_BIGNUM*); WOLFSSL_API int wolfSSL_BN_sub(WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*, - const WOLFSSL_BIGNUM*); + const WOLFSSL_BIGNUM*); WOLFSSL_API int wolfSSL_BN_mod(WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*, - const WOLFSSL_BIGNUM*, const WOLFSSL_BN_CTX*); + const WOLFSSL_BIGNUM*, const WOLFSSL_BN_CTX*); WOLFSSL_API const WOLFSSL_BIGNUM* wolfSSL_BN_value_one(void); @@ -50,7 +50,7 @@ WOLFSSL_API int wolfSSL_BN_cmp(const WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*); WOLFSSL_API int wolfSSL_BN_bn2bin(const WOLFSSL_BIGNUM*, unsigned char*); WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_BN_bin2bn(const unsigned char*, int len, - WOLFSSL_BIGNUM* ret); + WOLFSSL_BIGNUM* ret); WOLFSSL_API int wolfSSL_mask_bits(WOLFSSL_BIGNUM*, int n); @@ -59,7 +59,8 @@ WOLFSSL_API int wolfSSL_BN_is_bit_set(const WOLFSSL_BIGNUM*, int n); WOLFSSL_API int wolfSSL_BN_hex2bn(WOLFSSL_BIGNUM**, const char* str); WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_BN_dup(const WOLFSSL_BIGNUM*); -WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_BN_copy(WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*); +WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_BN_copy(WOLFSSL_BIGNUM*, + const WOLFSSL_BIGNUM*); WOLFSSL_API int wolfSSL_BN_dec2bn(WOLFSSL_BIGNUM**, const char* str); WOLFSSL_API char* wolfSSL_BN_bn2dec(const WOLFSSL_BIGNUM*); @@ -69,12 +70,13 @@ WOLFSSL_API int wolfSSL_BN_add_word(WOLFSSL_BIGNUM*, WOLFSSL_BN_ULONG); WOLFSSL_API int wolfSSL_BN_set_bit(WOLFSSL_BIGNUM*, int); WOLFSSL_API int wolfSSL_BN_set_word(WOLFSSL_BIGNUM*, WOLFSSL_BN_ULONG); - -/* 2/6 */ -WOLFSSL_API int wolfSSL_BN_add(WOLFSSL_BIGNUM*, WOLFSSL_BIGNUM*, WOLFSSL_BIGNUM*); +WOLFSSL_API int wolfSSL_BN_add(WOLFSSL_BIGNUM*, WOLFSSL_BIGNUM*, + WOLFSSL_BIGNUM*); WOLFSSL_API char *wolfSSL_BN_bn2hex(const WOLFSSL_BIGNUM*); -WOLFSSL_API int wolfSSL_BN_is_prime_ex(const WOLFSSL_BIGNUM*, int, WOLFSSL_BN_CTX*, WOLFSSL_BN_GENCB*); -WOLFSSL_API WOLFSSL_BN_ULONG wolfSSL_BN_mod_word(const WOLFSSL_BIGNUM*, WOLFSSL_BN_ULONG); +WOLFSSL_API int wolfSSL_BN_is_prime_ex(const WOLFSSL_BIGNUM*, int, + WOLFSSL_BN_CTX*, WOLFSSL_BN_GENCB*); +WOLFSSL_API WOLFSSL_BN_ULONG wolfSSL_BN_mod_word(const WOLFSSL_BIGNUM*, + WOLFSSL_BN_ULONG); WOLFSSL_API int wolfSSL_BN_print_fp(FILE*, const WOLFSSL_BIGNUM*); WOLFSSL_API int wolfSSL_BN_rshift(WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*, int); WOLFSSL_API WOLFSSL_BIGNUM *wolfSSL_BN_CTX_get(WOLFSSL_BN_CTX *ctx); diff --git a/wolfssl/openssl/dh.h b/wolfssl/openssl/dh.h index 071abf70f..be5ac383e 100644 --- a/wolfssl/openssl/dh.h +++ b/wolfssl/openssl/dh.h @@ -4,21 +4,16 @@ #ifndef WOLFSSL_DH_H_ #define WOLFSSL_DH_H_ - #include #include - #ifdef __cplusplus extern "C" { #endif - - - typedef struct WOLFSSL_DH { - WOLFSSL_BIGNUM* p; - WOLFSSL_BIGNUM* g; + WOLFSSL_BIGNUM* p; + WOLFSSL_BIGNUM* g; WOLFSSL_BIGNUM* pub_key; /* openssh deference g^x */ WOLFSSL_BIGNUM* priv_key; /* openssh deference x */ void* internal; /* our DH */ diff --git a/wolfssl/openssl/dsa.h b/wolfssl/openssl/dsa.h index 4cb7299a9..aedcab452 100644 --- a/wolfssl/openssl/dsa.h +++ b/wolfssl/openssl/dsa.h @@ -4,23 +4,19 @@ #ifndef WOLFSSL_DSA_H_ #define WOLFSSL_DSA_H_ - #include #include - #ifdef __cplusplus extern "C" { #endif - - struct WOLFSSL_DSA { - WOLFSSL_BIGNUM* p; - WOLFSSL_BIGNUM* q; - WOLFSSL_BIGNUM* g; - WOLFSSL_BIGNUM* pub_key; /* our y */ - WOLFSSL_BIGNUM* priv_key; /* our x */ + WOLFSSL_BIGNUM* p; + WOLFSSL_BIGNUM* q; + WOLFSSL_BIGNUM* g; + WOLFSSL_BIGNUM* pub_key; /* our y */ + WOLFSSL_BIGNUM* priv_key; /* our x */ void* internal; /* our Dsa Key */ char inSet; /* internal set from external ? */ char exSet; /* external set from internal ? */ @@ -36,10 +32,13 @@ WOLFSSL_API int wolfSSL_DSA_generate_parameters_ex(WOLFSSL_DSA*, int bits, unsigned long* hRet, void* cb); WOLFSSL_API int wolfSSL_DSA_LoadDer(WOLFSSL_DSA*, const unsigned char*, int sz); -WOLFSSL_API int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet, - WOLFSSL_DSA* dsa); -WOLFSSL_API int wolfSSL_DSA_do_verify(const unsigned char* d, unsigned char* sig, - WOLFSSL_DSA* dsa, int *dsacheck); + +WOLFSSL_API int wolfSSL_DSA_do_sign(const unsigned char* d, + unsigned char* sigRet, WOLFSSL_DSA* dsa); + +WOLFSSL_API int wolfSSL_DSA_do_verify(const unsigned char* d, + unsigned char* sig, + WOLFSSL_DSA* dsa, int *dsacheck); #define DSA_new wolfSSL_DSA_new #define DSA_free wolfSSL_DSA_free diff --git a/wolfssl/openssl/ec.h b/wolfssl/openssl/ec.h index af2d22e17..9ba76d97e 100644 --- a/wolfssl/openssl/ec.h +++ b/wolfssl/openssl/ec.h @@ -6,96 +6,135 @@ #include #include - #ifdef __cplusplus extern "C" { #endif /* Map OpenSSL NID value */ enum { - POINT_CONVERSION_UNCOMPRESSED = 4, - NID_secp111r1 = 0, - NID_secp128r1 = 1, - NID_secp160r1 = 2, - NID_cert192 = 3, - NID_cert224 = 4, - NID_X9_62_prime256v1 = 5, - NID_secp384r1 = 6, - NID_secp521r1 = 7, - NID_X9_62_prime_field = 100, - OPENSSL_EC_NAMED_CURVE = 0x001 + POINT_CONVERSION_UNCOMPRESSED = 4, + NID_secp111r1 = 0, + NID_secp128r1 = 1, + NID_secp160r1 = 2, + NID_cert192 = 3, + NID_cert224 = 4, + NID_X9_62_prime256v1 = 5, + NID_secp384r1 = 6, + NID_secp521r1 = 7, + NID_X9_62_prime_field = 100, + OPENSSL_EC_NAMED_CURVE = 0x001 }; struct WOLFSSL_EC_POINT { - WOLFSSL_BIGNUM *X; - WOLFSSL_BIGNUM *Y; - WOLFSSL_BIGNUM *Z; + WOLFSSL_BIGNUM *X; + WOLFSSL_BIGNUM *Y; + WOLFSSL_BIGNUM *Z; - void* internal; /* our ECC point */ - char inSet; /* internal set from external ? */ - char exSet; /* external set from internal ? */ + void* internal; /* our ECC point */ + char inSet; /* internal set from external ? */ + char exSet; /* external set from internal ? */ }; struct WOLFSSL_EC_GROUP { - int curve_idx; /* index of curve, used by WolfSSL as a curve reference */ - int curve_nid; /* NID of curve, used by OpenSSL/OpenSSH as a curve reference */ + int curve_idx; /* index of curve, used by WolfSSL as reference */ + int curve_nid; /* NID of curve, used by OpenSSL/OpenSSH as reference */ }; struct WOLFSSL_EC_KEY { - WOLFSSL_EC_GROUP *group; - WOLFSSL_EC_POINT *pub_key; - WOLFSSL_BIGNUM *priv_key; + WOLFSSL_EC_GROUP *group; + WOLFSSL_EC_POINT *pub_key; + WOLFSSL_BIGNUM *priv_key; - void* internal; /* our ECC Key */ - char inSet; /* internal set from external ? */ - char exSet; /* external set from internal ? */ + void* internal; /* our ECC Key */ + char inSet; /* internal set from external ? */ + char exSet; /* external set from internal ? */ }; -WOLFSSL_API int wolfSSL_ECPoint_i2d(const WOLFSSL_EC_GROUP *curve, const WOLFSSL_EC_POINT *p, unsigned char *out, unsigned int *len); -WOLFSSL_API int wolfSSL_ECPoint_d2i(unsigned char *in, unsigned int len, const WOLFSSL_EC_GROUP *curve, WOLFSSL_EC_POINT *p); -WOLFSSL_API int wolfSSL_EC_KEY_LoadDer(WOLFSSL_EC_KEY* key, const unsigned char* der, int derSz); - -WOLFSSL_API void wolfSSL_EC_KEY_free(WOLFSSL_EC_KEY *key); -WOLFSSL_API WOLFSSL_EC_POINT *wolfSSL_EC_KEY_get0_public_key(const WOLFSSL_EC_KEY *key); -WOLFSSL_API const WOLFSSL_EC_GROUP *wolfSSL_EC_KEY_get0_group(const WOLFSSL_EC_KEY *key); -WOLFSSL_API int wolfSSL_EC_KEY_set_private_key(WOLFSSL_EC_KEY *key, const WOLFSSL_BIGNUM *priv_key); -WOLFSSL_API WOLFSSL_BIGNUM *wolfSSL_EC_KEY_get0_private_key(const WOLFSSL_EC_KEY *key); -WOLFSSL_API WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new_by_curve_name(int nid); -WOLFSSL_API WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new(void); -WOLFSSL_API int wolfSSL_EC_KEY_set_group(WOLFSSL_EC_KEY *key, WOLFSSL_EC_GROUP *group); -WOLFSSL_API int wolfSSL_EC_KEY_generate_key(WOLFSSL_EC_KEY *key); -WOLFSSL_API void wolfSSL_EC_KEY_set_asn1_flag(WOLFSSL_EC_KEY *key, int asn1_flag); -WOLFSSL_API int wolfSSL_EC_KEY_set_public_key(WOLFSSL_EC_KEY *key, const WOLFSSL_EC_POINT *pub); - - -WOLFSSL_API void wolfSSL_EC_GROUP_set_asn1_flag(WOLFSSL_EC_GROUP *group, int flag); -WOLFSSL_API WOLFSSL_EC_GROUP *wolfSSL_EC_GROUP_new_by_curve_name(int nid); -WOLFSSL_API int wolfSSL_EC_GROUP_cmp(const WOLFSSL_EC_GROUP *a, const WOLFSSL_EC_GROUP *b, WOLFSSL_BN_CTX *ctx); -WOLFSSL_API int wolfSSL_EC_GROUP_get_curve_name(const WOLFSSL_EC_GROUP *group); -WOLFSSL_API int wolfSSL_EC_GROUP_get_degree(const WOLFSSL_EC_GROUP *group); -WOLFSSL_API int wolfSSL_EC_GROUP_get_order(const WOLFSSL_EC_GROUP *group, WOLFSSL_BIGNUM *order, WOLFSSL_BN_CTX *ctx); -WOLFSSL_API void wolfSSL_EC_GROUP_free(WOLFSSL_EC_GROUP *group); - -WOLFSSL_API void wolfssl_EC_POINT_dump(const char *msg, const WOLFSSL_EC_POINT *p); -WOLFSSL_API WOLFSSL_EC_POINT *wolfSSL_EC_POINT_new(const WOLFSSL_EC_GROUP *group); -WOLFSSL_API int wolfSSL_EC_POINT_get_affine_coordinates_GFp(const WOLFSSL_EC_GROUP *group, const WOLFSSL_EC_POINT *p, - WOLFSSL_BIGNUM *x, WOLFSSL_BIGNUM *y, WOLFSSL_BN_CTX *ctx); -WOLFSSL_API int wolfSSL_EC_POINT_mul(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r, const WOLFSSL_BIGNUM *n, - const WOLFSSL_EC_POINT *q, const WOLFSSL_BIGNUM *m, WOLFSSL_BN_CTX *ctx); -WOLFSSL_API void wolfSSL_EC_POINT_clear_free(WOLFSSL_EC_POINT *point); -WOLFSSL_API int wolfSSL_EC_POINT_cmp(const WOLFSSL_EC_GROUP *group, const WOLFSSL_EC_POINT *a, - const WOLFSSL_EC_POINT *b, WOLFSSL_BN_CTX *ctx); -WOLFSSL_API void wolfSSL_EC_POINT_free(WOLFSSL_EC_POINT *point); -WOLFSSL_API int wolfSSL_EC_POINT_is_at_infinity(const WOLFSSL_EC_GROUP *group, const WOLFSSL_EC_POINT *a); +WOLFSSL_API +int wolfSSL_ECPoint_i2d(const WOLFSSL_EC_GROUP *curve, + const WOLFSSL_EC_POINT *p, + unsigned char *out, unsigned int *len); +WOLFSSL_API +int wolfSSL_ECPoint_d2i(unsigned char *in, unsigned int len, + const WOLFSSL_EC_GROUP *curve, WOLFSSL_EC_POINT *p); +WOLFSSL_API +int wolfSSL_EC_KEY_LoadDer(WOLFSSL_EC_KEY* key, + const unsigned char* der, int derSz); +WOLFSSL_API +void wolfSSL_EC_KEY_free(WOLFSSL_EC_KEY *key); +WOLFSSL_API +WOLFSSL_EC_POINT *wolfSSL_EC_KEY_get0_public_key(const WOLFSSL_EC_KEY *key); +WOLFSSL_API +const WOLFSSL_EC_GROUP *wolfSSL_EC_KEY_get0_group(const WOLFSSL_EC_KEY *key); +WOLFSSL_API +int wolfSSL_EC_KEY_set_private_key(WOLFSSL_EC_KEY *key, + const WOLFSSL_BIGNUM *priv_key); +WOLFSSL_API +WOLFSSL_BIGNUM *wolfSSL_EC_KEY_get0_private_key(const WOLFSSL_EC_KEY *key); +WOLFSSL_API +WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new_by_curve_name(int nid); +WOLFSSL_API +WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new(void); +WOLFSSL_API +int wolfSSL_EC_KEY_set_group(WOLFSSL_EC_KEY *key, WOLFSSL_EC_GROUP *group); +WOLFSSL_API +int wolfSSL_EC_KEY_generate_key(WOLFSSL_EC_KEY *key); +WOLFSSL_API +void wolfSSL_EC_KEY_set_asn1_flag(WOLFSSL_EC_KEY *key, int asn1_flag); +WOLFSSL_API +int wolfSSL_EC_KEY_set_public_key(WOLFSSL_EC_KEY *key, + const WOLFSSL_EC_POINT *pub); +WOLFSSL_API +void wolfSSL_EC_GROUP_set_asn1_flag(WOLFSSL_EC_GROUP *group, int flag); +WOLFSSL_API +WOLFSSL_EC_GROUP *wolfSSL_EC_GROUP_new_by_curve_name(int nid); +WOLFSSL_API +int wolfSSL_EC_GROUP_cmp(const WOLFSSL_EC_GROUP *a, const WOLFSSL_EC_GROUP *b, + WOLFSSL_BN_CTX *ctx); +WOLFSSL_API +int wolfSSL_EC_GROUP_get_curve_name(const WOLFSSL_EC_GROUP *group); +WOLFSSL_API +int wolfSSL_EC_GROUP_get_degree(const WOLFSSL_EC_GROUP *group); +WOLFSSL_API +int wolfSSL_EC_GROUP_get_order(const WOLFSSL_EC_GROUP *group, + WOLFSSL_BIGNUM *order, WOLFSSL_BN_CTX *ctx); +WOLFSSL_API +void wolfSSL_EC_GROUP_free(WOLFSSL_EC_GROUP *group); +WOLFSSL_API +void wolfssl_EC_POINT_dump(const char *msg, const WOLFSSL_EC_POINT *p); +WOLFSSL_API +WOLFSSL_EC_POINT *wolfSSL_EC_POINT_new(const WOLFSSL_EC_GROUP *group); +WOLFSSL_API +int wolfSSL_EC_POINT_get_affine_coordinates_GFp(const WOLFSSL_EC_GROUP *group, + const WOLFSSL_EC_POINT *p, + WOLFSSL_BIGNUM *x, + WOLFSSL_BIGNUM *y, + WOLFSSL_BN_CTX *ctx); +WOLFSSL_API +int wolfSSL_EC_POINT_mul(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r, + const WOLFSSL_BIGNUM *n, + const WOLFSSL_EC_POINT *q, const WOLFSSL_BIGNUM *m, + WOLFSSL_BN_CTX *ctx); +WOLFSSL_API +void wolfSSL_EC_POINT_clear_free(WOLFSSL_EC_POINT *point); +WOLFSSL_API +int wolfSSL_EC_POINT_cmp(const WOLFSSL_EC_GROUP *group, + const WOLFSSL_EC_POINT *a, const WOLFSSL_EC_POINT *b, + WOLFSSL_BN_CTX *ctx); +WOLFSSL_API +void wolfSSL_EC_POINT_free(WOLFSSL_EC_POINT *point); +WOLFSSL_API +int wolfSSL_EC_POINT_is_at_infinity(const WOLFSSL_EC_GROUP *group, + const WOLFSSL_EC_POINT *a); #define EC_KEY_free wolfSSL_EC_KEY_free #define EC_KEY_get0_public_key wolfSSL_EC_KEY_get0_public_key #define EC_KEY_get0_group wolfSSL_EC_KEY_get0_group #define EC_KEY_set_private_key wolfSSL_EC_KEY_set_private_key #define EC_KEY_get0_private_key wolfSSL_EC_KEY_get0_private_key -#define EC_KEY_new_by_curve_name wolfSSL_EC_KEY_new_by_curve_name +#define EC_KEY_new_by_curve_name wolfSSL_EC_KEY_new_by_curve_name #define EC_KEY_set_group wolfSSL_EC_KEY_set_group -#define EC_KEY_generate_key wolfSSL_EC_KEY_generate_key +#define EC_KEY_generate_key wolfSSL_EC_KEY_generate_key #define EC_KEY_set_asn1_flag wolfSSL_EC_KEY_set_asn1_flag #define EC_KEY_set_public_key wolfSSL_EC_KEY_set_public_key #define EC_KEY_new wolfSSL_EC_KEY_new @@ -109,7 +148,8 @@ WOLFSSL_API int wolfSSL_EC_POINT_is_at_infinity(const WOLFSSL_EC_GROUP *group, c #define EC_GROUP_free wolfSSL_EC_GROUP_free #define EC_POINT_new wolfSSL_EC_POINT_new -#define EC_POINT_get_affine_coordinates_GFp wolfSSL_EC_POINT_get_affine_coordinates_GFp +#define EC_POINT_get_affine_coordinates_GFp \ + wolfSSL_EC_POINT_get_affine_coordinates_GFp #define EC_POINT_mul wolfSSL_EC_POINT_mul #define EC_POINT_clear_free wolfSSL_EC_POINT_clear_free #define EC_POINT_cmp wolfSSL_EC_POINT_cmp diff --git a/wolfssl/openssl/ecdh.h b/wolfssl/openssl/ecdh.h index 3e4c26de0..b5583dd93 100644 --- a/wolfssl/openssl/ecdh.h +++ b/wolfssl/openssl/ecdh.h @@ -11,8 +11,13 @@ extern C { #endif -WOLFSSL_API int wolfSSL_ECDH_compute_key(void *out, size_t outlen, const WOLFSSL_EC_POINT *pub_key, - WOLFSSL_EC_KEY *ecdh, void *(*KDF) (const void *in, size_t inlen, void *out, size_t *outlen)); +WOLFSSL_API int wolfSSL_ECDH_compute_key(void *out, size_t outlen, + const WOLFSSL_EC_POINT *pub_key, + WOLFSSL_EC_KEY *ecdh, + void *(*KDF) (const void *in, + size_t inlen, + void *out, + size_t *outlen)); #define ECDH_compute_key wolfSSL_ECDH_compute_key diff --git a/wolfssl/openssl/ecdsa.h b/wolfssl/openssl/ecdsa.h index 07f7888d1..22b2d4cda 100644 --- a/wolfssl/openssl/ecdsa.h +++ b/wolfssl/openssl/ecdsa.h @@ -12,24 +12,24 @@ extern "C" { #endif struct WOLFSSL_ECDSA_SIG { - WOLFSSL_BIGNUM *r; - WOLFSSL_BIGNUM *s; -#if 0 - void* internal; /* our EC DSA */ - char inSet; /* internal set from external ? */ - char exSet; /* external set from internal ? */ -#endif + WOLFSSL_BIGNUM *r; + WOLFSSL_BIGNUM *s; }; WOLFSSL_API void wolfSSL_ECDSA_SIG_free(WOLFSSL_ECDSA_SIG *sig); WOLFSSL_API WOLFSSL_ECDSA_SIG *wolfSSL_ECDSA_SIG_new(void); -WOLFSSL_API WOLFSSL_ECDSA_SIG *wolfSSL_ECDSA_do_sign(const unsigned char *dgst, int dgst_len, WOLFSSL_EC_KEY *eckey); -WOLFSSL_API int wolfSSL_ECDSA_do_verify(const unsigned char *dgst, int dgst_len, const WOLFSSL_ECDSA_SIG *sig, WOLFSSL_EC_KEY *eckey); +WOLFSSL_API WOLFSSL_ECDSA_SIG *wolfSSL_ECDSA_do_sign(const unsigned char *dgst, + int dgst_len, + WOLFSSL_EC_KEY *eckey); +WOLFSSL_API int wolfSSL_ECDSA_do_verify(const unsigned char *dgst, + int dgst_len, + const WOLFSSL_ECDSA_SIG *sig, + WOLFSSL_EC_KEY *eckey); -#define ECDSA_SIG_free wolfSSL_ECDSA_SIG_free -#define ECDSA_SIG_new wolfSSL_ECDSA_SIG_new -#define ECDSA_do_sign wolfSSL_ECDSA_do_sign -#define ECDSA_do_verify wolfSSL_ECDSA_do_verify +#define ECDSA_SIG_free wolfSSL_ECDSA_SIG_free +#define ECDSA_SIG_new wolfSSL_ECDSA_SIG_new +#define ECDSA_do_sign wolfSSL_ECDSA_do_sign +#define ECDSA_do_verify wolfSSL_ECDSA_do_verify #ifdef __cplusplus } /* extern "C" */ diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index c56a4e7d7..0b0e367f9 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1199,7 +1199,7 @@ WOLFSSL_API void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl); #ifndef NO_CERTS - WOLFSSL_API void wolfSSL_CTX_SetCACb(WOLFSSL_CTX*, CallbackCACache); + WOLFSSL_API void wolfSSL_CTX_SetCACb(WOLFSSL_CTX*, CallbackCACache); WOLFSSL_API WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew(void); WOLFSSL_API void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER*); diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 4cf24a923..824ea019b 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -145,7 +145,7 @@ enum Misc_ASN { KEYID_SIZE = SHA_DIGEST_SIZE, #endif RSA_INTS = 8, /* RSA ints in private key */ - DSA_INTS = 5, /* DSA ints in private key */ + DSA_INTS = 5, /* DSA ints in private key */ MIN_DATE_SIZE = 13, MAX_DATE_SIZE = 32, ASN_GEN_TIME_SZ = 15, /* 7 numbers * 2 + Zulu tag */ @@ -521,7 +521,7 @@ WOLFSSL_TEST_API void InitDecodedCert(DecodedCert*, byte*, word32, void*); WOLFSSL_TEST_API void FreeDecodedCert(DecodedCert*); WOLFSSL_TEST_API int ParseCert(DecodedCert*, int type, int verify, void* cm); -WOLFSSL_LOCAL int ParseCertRelative(DecodedCert*, int type, int verify,void* cm); +WOLFSSL_LOCAL int ParseCertRelative(DecodedCert*,int type,int verify,void* cm); WOLFSSL_LOCAL int DecodeToKey(DecodedCert*, int verify); WOLFSSL_LOCAL Signer* MakeSigner(void*); @@ -530,7 +530,7 @@ WOLFSSL_LOCAL void FreeSignerTable(Signer**, int, void*); WOLFSSL_LOCAL int ToTraditional(byte* buffer, word32 length); -WOLFSSL_LOCAL int ToTraditionalEnc(byte* buffer, word32 length,const char*, int); +WOLFSSL_LOCAL int ToTraditionalEnc(byte* buffer, word32 length,const char*,int); WOLFSSL_LOCAL int ValidateDate(const byte* date, byte format, int dateType); @@ -550,10 +550,10 @@ WOLFSSL_LOCAL int GetAlgoId(const byte* input, word32* inOutIdx, word32* oid, WOLFSSL_LOCAL word32 SetLength(word32 length, byte* output); WOLFSSL_LOCAL word32 SetSequence(word32 len, byte* output); WOLFSSL_LOCAL word32 SetOctetString(word32 len, byte* output); -WOLFSSL_LOCAL word32 SetImplicit(byte tag, byte number, word32 len,byte* output); +WOLFSSL_LOCAL word32 SetImplicit(byte tag,byte number,word32 len,byte* output); WOLFSSL_LOCAL word32 SetExplicit(byte number, word32 len, byte* output); WOLFSSL_LOCAL word32 SetSet(word32 len, byte* output); -WOLFSSL_LOCAL word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz); +WOLFSSL_LOCAL word32 SetAlgoID(int algoOID,byte* output,int type,int curveSz); WOLFSSL_LOCAL int SetMyVersion(word32 version, byte* output, int header); WOLFSSL_LOCAL int SetSerialNumber(const byte* sn, word32 snSz, byte* output); WOLFSSL_LOCAL int GetNameHash(const byte* source, word32* idx, byte* hash, @@ -582,7 +582,7 @@ enum cert_enums { #ifndef NO_FILESYSTEM /* forward from wolfSSL */ WOLFSSL_API -int wolfSSL_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz); +int wolfSSL_PemCertToDer(const char* fileName,unsigned char* derBuf,int derSz); #define WOLFSSL_PEMCERT_TODER_DEFINED #endif #endif @@ -645,7 +645,7 @@ struct OcspResponse { word32 responseSz; /* length of the OCSP Response */ byte producedDate[MAX_DATE_SIZE]; - /* Date at which this response was signed */ + /* Date at which this response was signed */ byte producedDateFormat; /* format of the producedDate */ byte* issuerHash; byte* issuerKeyHash; diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h index d7b47328d..223cea9be 100644 --- a/wolfssl/wolfcrypt/asn_public.h +++ b/wolfssl/wolfcrypt/asn_public.h @@ -44,9 +44,9 @@ enum CertType { CA_TYPE, ECC_PRIVATEKEY_TYPE, CERTREQ_TYPE, - DSA_TYPE, - ECC_TYPE, - RSA_TYPE + DSA_TYPE, + ECC_TYPE, + RSA_TYPE }; @@ -150,8 +150,8 @@ WOLFSSL_API void wc_InitCert(Cert*); WOLFSSL_API int wc_MakeCert(Cert*, byte* derBuffer, word32 derSz, RsaKey*, ecc_key*, RNG*); #ifdef WOLFSSL_CERT_REQ - WOLFSSL_API int wc_MakeCertReq(Cert*, byte* derBuffer, word32 derSz, RsaKey*, - ecc_key*); + WOLFSSL_API int wc_MakeCertReq(Cert*, byte* derBuffer, word32 derSz, + RsaKey*, ecc_key*); #endif WOLFSSL_API int wc_SignCert(int requestSz, int sigType, byte* derBuffer, word32 derSz, RsaKey*, ecc_key*, RNG*); @@ -188,8 +188,8 @@ WOLFSSL_API int wc_SetDatesBuffer(Cert*, const byte*, int); #endif /* DER encode signature */ -WOLFSSL_API word32 wc_EncodeSignature(byte* out, const byte* digest, word32 digSz, - int hashOID); +WOLFSSL_API word32 wc_EncodeSignature(byte* out, const byte* digest, + word32 digSz, int hashOID); WOLFSSL_API int wc_GetCTC_HashOID(int type); #ifdef __cplusplus diff --git a/wolfssl/wolfcrypt/dsa.h b/wolfssl/wolfcrypt/dsa.h index ee85ea109..8da15cf31 100644 --- a/wolfssl/wolfcrypt/dsa.h +++ b/wolfssl/wolfcrypt/dsa.h @@ -54,19 +54,16 @@ typedef struct DsaKey { int type; /* public or private */ } DsaKey; - WOLFSSL_API void wc_InitDsaKey(DsaKey* key); WOLFSSL_API void wc_FreeDsaKey(DsaKey* key); - -WOLFSSL_API int wc_DsaSign(const byte* digest, byte* out, DsaKey* key, RNG* rng); -WOLFSSL_API int wc_DsaVerify(const byte* digest, const byte* sig, DsaKey* key, - int* answer); - -WOLFSSL_API int wc_DsaPublicKeyDecode(const byte* input, word32* inOutIdx, DsaKey*, - word32); -WOLFSSL_API int wc_DsaPrivateKeyDecode(const byte* input, word32* inOutIdx, DsaKey*, - word32); - +WOLFSSL_API int wc_DsaSign(const byte* digest, byte* out, + DsaKey* key, RNG* rng); +WOLFSSL_API int wc_DsaVerify(const byte* digest, const byte* sig, + DsaKey* key, int* answer); +WOLFSSL_API int wc_DsaPublicKeyDecode(const byte* input, word32* inOutIdx, + DsaKey*, word32); +WOLFSSL_API int wc_DsaPrivateKeyDecode(const byte* input, word32* inOutIdx, + DsaKey*, word32); WOLFSSL_API int wc_DsaKeyToDer(DsaKey* key, byte* output, word32 inLen); #ifdef __cplusplus diff --git a/wolfssl/wolfcrypt/ecc.h b/wolfssl/wolfcrypt/ecc.h index 40534a786..9908ff9e8 100644 --- a/wolfssl/wolfcrypt/ecc.h +++ b/wolfssl/wolfcrypt/ecc.h @@ -47,7 +47,7 @@ enum { /* ECC set type defined a NIST GF(p) curve */ typedef struct { int size; /* The size of the curve in octets */ - int nid; /* id of this curve */ + int nid; /* id of this curve */ const char* name; /* name of this curve */ const char* prime; /* prime that defines the field, curve is in (hex) */ const char* Af; /* fields A param (hex) */ @@ -141,19 +141,20 @@ WOLFSSL_API int wc_ecc_shared_secret(ecc_key* private_key, ecc_key* public_key, byte* out, word32* outlen); WOLFSSL_API -int wc_ecc_shared_secret_ssh(ecc_key* private_key, ecc_point* point, byte* out, word32 *outlen); +int wc_ecc_shared_secret_ssh(ecc_key* private_key, ecc_point* point, + byte* out, word32 *outlen); WOLFSSL_API int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen, - RNG* rng, ecc_key* key); + RNG* rng, ecc_key* key); WOLFSSL_API int wc_ecc_sign_hash_ex(const byte* in, word32 inlen, RNG* rng, - ecc_key* key, mp_int *r, mp_int *s); + ecc_key* key, mp_int *r, mp_int *s); WOLFSSL_API int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash, word32 hashlen, int* stat, ecc_key* key); WOLFSSL_API int wc_ecc_verify_hash_ex(mp_int *r, mp_int *s, const byte* hash, - word32 hashlen, int* stat, ecc_key* key); + word32 hashlen, int* stat, ecc_key* key); WOLFSSL_API int wc_ecc_init(ecc_key* key); WOLFSSL_API @@ -195,8 +196,11 @@ WOLFSSL_API int wc_ecc_export_private_only(ecc_key* key, byte* out, word32* outLen); WOLFSSL_API -int wc_ecc_export_point_der(const int curve_idx, ecc_point* point, byte* out, word32* outLen); -int wc_ecc_import_point_der(byte* in, word32 inLen, const int curve_idx, ecc_point* point); +int wc_ecc_export_point_der(const int curve_idx, ecc_point* point, + byte* out, word32* outLen); +WOLFSSL_API +int wc_ecc_import_point_der(byte* in, word32 inLen, const int curve_idx, + ecc_point* point); /* size helper */ WOLFSSL_API @@ -244,7 +248,7 @@ ecEncCtx* wc_ecc_ctx_new(int flags, RNG* rng); WOLFSSL_API void wc_ecc_ctx_free(ecEncCtx*); WOLFSSL_API -int wc_ecc_ctx_reset(ecEncCtx*, RNG*); /* reset for use again w/o alloc/free */ +int wc_ecc_ctx_reset(ecEncCtx*, RNG*); /* reset for use again w/o alloc/free */ WOLFSSL_API const byte* wc_ecc_ctx_get_own_salt(ecEncCtx*);