diff --git a/configure.ac b/configure.ac index 1fa58e4f6..eb73ae170 100644 --- a/configure.ac +++ b/configure.ac @@ -770,6 +770,7 @@ AC_ARG_ENABLE([mcast], # List of open source project defines using our openssl compatibility layer: +# bind dns (--enable-bind) WOLFSSL_BIND # openssh (--enable-openssh) WOLFSSL_OPENSSH # openvpn (--enable-openvpn) WOLFSSL_OPENVPN # nginix (--enable-nginx) WOLFSSL_NGINX @@ -790,6 +791,12 @@ AC_ARG_ENABLE([mcast], # web server (--enable-webserver) HAVE_WEBSERVER +# Bind DNS compatibility Build +AC_ARG_ENABLE([bind], + [AS_HELP_STRING([--enable-bind],[Enable Bind DNS compatibility build (default: disabled)])], + [ENABLED_BIND=$enableval], + [ENABLED_BIND=no]) + # OpenSSH compatibility Build AC_ARG_ENABLE([openssh], [AS_HELP_STRING([--enable-openssh],[Enable OpenSSH compatibility build (default: disabled)])], @@ -934,7 +941,7 @@ AC_ARG_ENABLE([opensslall], [ ENABLED_OPENSSLALL=$enableval ], [ ENABLED_OPENSSLALL=no ] ) -if test "$ENABLED_LIBWEBSOCKETS" = "yes" || test "$ENABLED_OPENVPN" = "yes" || test "$ENABLED_WPAS_DPP" = "yes" || test "$ENABLED_SMIME" = "yes" || test "$ENABLED_HAPROXY" = "yes" +if test "$ENABLED_LIBWEBSOCKETS" = "yes" || test "$ENABLED_OPENVPN" = "yes" || test "$ENABLED_WPAS_DPP" = "yes" || test "$ENABLED_SMIME" = "yes" || test "$ENABLED_HAPROXY" = "yes" || test "$ENABLED_BIND" = "yes" then ENABLED_OPENSSLALL="yes" fi @@ -1878,6 +1885,11 @@ AC_ARG_ENABLE([keygen], [ ENABLED_KEYGEN=no ] ) +if test "$ENABLED_BIND" = "yes" +then + ENABLED_KEYGEN=yes +fi + if test "$ENABLED_KEYGEN" = "yes" then AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_KEY_GEN" @@ -1890,7 +1902,7 @@ AC_ARG_ENABLE([certgen], [ ENABLED_CERTGEN=$enableval ], [ ENABLED_CERTGEN=no ] ) -if test "$ENABLED_OPENVPN" = "yes" || test "$ENABLED_OPENSSH" = "yes" +if test "$ENABLED_OPENVPN" = "yes" || test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_BIND" = "yes" then ENABLED_CERTGEN=yes fi @@ -4361,6 +4373,13 @@ then fi fi +if test "$ENABLED_BIND" = "yes" +then + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_BIND" + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB -DWOLFSSL_DES_ECB" + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA224 -DWOLFSSL_SHA384 -DWOLFSSL_SHA512" +fi + if test "$ENABLED_OPENVPN" = "yes" then ENABLED_SUPPORTED_CURVES="yes" diff --git a/src/ssl.c b/src/ssl.c index 8559c6f8f..30c95c840 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -30810,7 +30810,7 @@ int wolfSSL_DH_generate_key(WOLFSSL_DH* dh) /* return code compliant with OpenSSL : * size of shared secret if success, -1 if error */ -int wolfSSL_DH_compute_key(unsigned char* key, WOLFSSL_BIGNUM* otherPub, +int wolfSSL_DH_compute_key(unsigned char* key, const WOLFSSL_BIGNUM* otherPub, WOLFSSL_DH* dh) { int ret = WOLFSSL_FATAL_ERROR; @@ -32004,6 +32004,101 @@ cleanup: return ret; } +void wolfSSL_RSA_get0_crt_params(const WOLFSSL_RSA *r, + const WOLFSSL_BIGNUM **dmp1, const WOLFSSL_BIGNUM **dmq1, + const WOLFSSL_BIGNUM **iqmp) +{ + WOLFSSL_ENTER("wolfSSL_RSA_get0_crt_params"); + + if (r != NULL) { + if (dmp1 != NULL) + *dmp1 = r->dmp1; + if (dmq1 != NULL) + *dmq1 = r->dmq1; + if (iqmp != NULL) + *iqmp = r->iqmp; + } else { + if (dmp1 != NULL) + *dmp1 = NULL; + if (dmq1 != NULL) + *dmq1 = NULL; + if (iqmp != NULL) + *iqmp = NULL; + } +} + +int wolfSSL_RSA_set0_crt_params(WOLFSSL_RSA *r, WOLFSSL_BIGNUM *dmp1, + WOLFSSL_BIGNUM *dmq1, WOLFSSL_BIGNUM *iqmp) +{ + WOLFSSL_ENTER("wolfSSL_RSA_set0_crt_params"); + + /* If a param is null in r then it must be non-null in the + * corresponding user input. */ + if (r == NULL || (r->dmp1 == NULL && dmp1 == NULL) || + (r->dmq1 == NULL && dmq1 == NULL) || + (r->iqmp == NULL && iqmp == NULL)) { + WOLFSSL_MSG("Bad parameters"); + return WOLFSSL_FAILURE; + } + + if (dmp1 != NULL) { + wolfSSL_BN_clear_free(r->dmp1); + r->dmp1 = dmp1; + } + if (dmq1 != NULL) { + wolfSSL_BN_clear_free(r->dmq1); + r->dmq1 = dmq1; + } + if (iqmp != NULL) { + wolfSSL_BN_clear_free(r->iqmp); + r->iqmp = iqmp; + } + + return WOLFSSL_SUCCESS; +} + +void wolfSSL_RSA_get0_factors(const WOLFSSL_RSA *r, const WOLFSSL_BIGNUM **p, + const WOLFSSL_BIGNUM **q) +{ + WOLFSSL_ENTER("wolfSSL_RSA_get0_factors"); + + if (r != NULL) { + if (p != NULL) + *p = r->p; + if (q != NULL) + *q = r->q; + } else { + if (p != NULL) + *p = NULL; + if (q != NULL) + *q = NULL; + } +} + +int wolfSSL_RSA_set0_factors(WOLFSSL_RSA *r, WOLFSSL_BIGNUM *p, WOLFSSL_BIGNUM *q) +{ + WOLFSSL_ENTER("wolfSSL_RSA_set0_factors"); + + /* If a param is null in r then it must be non-null in the + * corresponding user input. */ + if (r == NULL || (r->p == NULL && p == NULL) || + (r->q == NULL && q == NULL)) { + WOLFSSL_MSG("Bad parameters"); + return WOLFSSL_FAILURE; + } + + if (p != NULL) { + wolfSSL_BN_clear_free(r->p); + r->p = p; + } + if (q != NULL) { + wolfSSL_BN_clear_free(r->q); + r->q = q; + } + + return WOLFSSL_SUCCESS; +} + void wolfSSL_RSA_get0_key(const WOLFSSL_RSA *r, const WOLFSSL_BIGNUM **n, const WOLFSSL_BIGNUM **e, const WOLFSSL_BIGNUM **d) { @@ -32613,6 +32708,61 @@ size_t wolfSSL_HMAC_size(const WOLFSSL_HMAC_CTX *ctx) return (size_t)wc_HashGetDigestSize((enum wc_HashType)ctx->hmac.macType); } +const WOLFSSL_EVP_MD *wolfSSL_HMAC_CTX_get_md(const WOLFSSL_HMAC_CTX *ctx) +{ + if (!ctx) { + return NULL; + } + + return wolfSSL_macType2EVP_md(ctx->type); +} + +#ifndef NO_DES3 + +void wolfSSL_3des_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, int doset, + unsigned char* iv, int len) +{ + (void)len; + + WOLFSSL_MSG("wolfSSL_3des_iv"); + + if (ctx == NULL || iv == NULL) { + WOLFSSL_MSG("Bad function argument"); + return; + } + + if (doset) + wc_Des3_SetIV(&ctx->cipher.des3, iv); /* OpenSSL compat, no ret */ + else + XMEMCPY(iv, &ctx->cipher.des3.reg, DES_BLOCK_SIZE); +} + +#endif /* NO_DES3 */ + + +#ifndef NO_AES + +void wolfSSL_aes_ctr_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, int doset, + unsigned char* iv, int len) +{ + (void)len; + + WOLFSSL_MSG("wolfSSL_aes_ctr_iv"); + + if (ctx == NULL || iv == NULL) { + WOLFSSL_MSG("Bad function argument"); + return; + } + + if (doset) + (void)wc_AesSetIV(&ctx->cipher.aes, iv); /* OpenSSL compat, no ret */ + else + XMEMCPY(iv, &ctx->cipher.aes.reg, AES_BLOCK_SIZE); +} + +#endif /* NO_AES */ + + /* Free the dynamically allocated data. * * p Pointer to dynamically allocated memory. @@ -34171,6 +34321,26 @@ int wolfSSL_EC_KEY_set_public_key(WOLFSSL_EC_KEY *key, return WOLFSSL_SUCCESS; } + +int wolfSSL_EC_KEY_check_key(const WOLFSSL_EC_KEY *key) +{ + WOLFSSL_ENTER("wolfSSL_EC_KEY_check_key"); + + if (key == NULL || key->internal == NULL) { + WOLFSSL_MSG("Bad parameter"); + return WOLFSSL_FAILURE; + } + + if (key->inSet == 0) { + if (SetECKeyInternal((WOLFSSL_EC_KEY*)key) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("SetECKeyInternal failed"); + return WOLFSSL_FAILURE; + } + } + + return wc_ecc_check_key((ecc_key*)key->internal) == 0 ? + WOLFSSL_SUCCESS : WOLFSSL_FAILURE; +} /* End EC_KEY */ int wolfSSL_ECDSA_size(const WOLFSSL_EC_KEY *key) @@ -34816,6 +34986,31 @@ int wolfSSL_EC_POINT_oct2point(const WOLFSSL_EC_GROUP *group, return wolfSSL_ECPoint_d2i((unsigned char*)buf, (unsigned int)len, group, p); } + +WOLFSSL_EC_KEY *wolfSSL_o2i_ECPublicKey(WOLFSSL_EC_KEY **a, const unsigned char **in, + long len) +{ + WOLFSSL_EC_KEY* ret; + + WOLFSSL_ENTER("wolfSSL_o2i_ECPublicKey"); + + if (!a || !*a || !(*a)->group || !in || !*in || len <= 0) { + WOLFSSL_MSG("wolfSSL_o2i_ECPublicKey Bad arguments"); + return NULL; + } + + ret = *a; + + if (wolfSSL_EC_POINT_oct2point(ret->group, ret->pub_key, *in, len, NULL) + != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("wolfSSL_EC_POINT_oct2point error"); + return NULL; + } + + *in += len; + return ret; +} + int wolfSSL_i2o_ECPublicKey(const WOLFSSL_EC_KEY *in, unsigned char **out) { size_t len; @@ -37708,6 +37903,11 @@ void wolfSSL_RSA_set_flags(WOLFSSL_RSA *r, int flags) } } +int wolfSSL_RSA_test_flags(const WOLFSSL_RSA *r, int flags) +{ + return r ? r->meth->flags & flags : 0; +} + #if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && !defined(HAVE_USER_RSA) WOLFSSL_RSA* wolfSSL_RSAPublicKey_dup(WOLFSSL_RSA *rsa) { @@ -43379,35 +43579,78 @@ int wolfSSL_SESSION_get_ex_new_index(long idx, void* data, void* cb1, return WOLFSSL_FAILURE; } -#ifndef NO_WOLFSSL_STUB +void wolfSSL_CRYPTO_cleanup_all_ex_data(void) +{ + WOLFSSL_ENTER("CRYPTO_cleanup_all_ex_data"); +} + WOLFSSL_DH *wolfSSL_DH_generate_parameters(int prime_len, int generator, void (*callback) (int, int, void *), void *cb_arg) { - (void)prime_len; - (void)generator; + WOLFSSL_DH* dh; + + WOLFSSL_ENTER("wolfSSL_DH_generate_parameters"); (void)callback; (void)cb_arg; - WOLFSSL_ENTER("wolfSSL_DH_generate_parameters"); - WOLFSSL_STUB("DH_generate_parameters"); - return NULL; + if ((dh = wolfSSL_DH_new()) == NULL) { + WOLFSSL_MSG("wolfSSL_DH_new error"); + return NULL; + } + + if (wolfSSL_DH_generate_parameters_ex(dh, prime_len, generator, NULL) + != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("wolfSSL_DH_generate_parameters_ex error"); + wolfSSL_DH_free(dh); + return NULL; + } + + return dh; } -#endif -#ifndef NO_WOLFSSL_STUB int wolfSSL_DH_generate_parameters_ex(WOLFSSL_DH* dh, int prime_len, int generator, void (*callback) (int, int, void *)) { - (void)prime_len; - (void)generator; - (void)callback; - (void)dh; - WOLFSSL_ENTER("wolfSSL_DH_generate_parameters_ex"); - WOLFSSL_STUB("DH_generate_parameters_ex"); + DhKey* key; - return -1; + WOLFSSL_ENTER("wolfSSL_DH_generate_parameters_ex"); + (void)callback; + + if (dh == NULL) { + WOLFSSL_MSG("Bad parameter"); + return WOLFSSL_FAILURE; + } + + if (initGlobalRNG == 0 && wolfSSL_RAND_Init() != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("No RNG to use"); + return WOLFSSL_FAILURE; + } + + if (dh->inSet == 0) { + if (SetDhInternal(dh) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("Unable to set internal DH structure"); + return WOLFSSL_FAILURE; + } + } + + key = (DhKey*)dh->internal; + if (mp_set_int(&key->g, generator) != MP_OKAY) { + WOLFSSL_MSG("Unable to set generator"); + return WOLFSSL_FAILURE; + } + + if (wc_DhGenerateParams(&globalRNG, prime_len, key) != 0) { + WOLFSSL_MSG("wc_DhGenerateParams error"); + return WOLFSSL_FAILURE; + } + + if (SetDhExternal(dh) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("SetDhExternal error"); + return WOLFSSL_FAILURE; + } + + return WOLFSSL_SUCCESS; } -#endif void wolfSSL_ERR_load_crypto_strings(void) { @@ -52237,12 +52480,46 @@ WOLFSSL_STRING *wolfSSL_TXT_DB_get_by_index(WOLFSSL_TXT_DB *db, int idx, } return (WOLFSSL_STRING*) wolfSSL_lh_retrieve(db->data, value); } -#endif /******************************************************************************* * END OF TXT_DB API ******************************************************************************/ +void wolfSSL_DH_get0_key(const WOLFSSL_DH *dh, + const WOLFSSL_BIGNUM **pub_key, const WOLFSSL_BIGNUM **priv_key) +{ + WOLFSSL_ENTER("wolfSSL_DH_get0_key"); + + if (dh != NULL) { + if (pub_key != NULL) + *pub_key = dh->pub_key; + if (priv_key != NULL) + *priv_key = dh->priv_key; + } +} + +int wolfSSL_DH_set0_key(WOLFSSL_DH *dh, WOLFSSL_BIGNUM *pub_key, + WOLFSSL_BIGNUM *priv_key) +{ + WOLFSSL_ENTER("wolfSSL_DH_set0_key"); + + if (dh == NULL) + return WOLFSSL_FAILURE; + + if (pub_key != NULL) { + wolfSSL_BN_free(dh->pub_key); + dh->pub_key = pub_key; + } + + if (priv_key != NULL) { + wolfSSL_BN_free(dh->priv_key); + dh->priv_key = priv_key; + } + + return SetDhInternal(dh); +} +#endif + /******************************************************************************* * START OF CONF API ******************************************************************************/ diff --git a/tests/api.c b/tests/api.c index b59736b4a..0c545006a 100644 --- a/tests/api.c +++ b/tests/api.c @@ -2570,8 +2570,13 @@ static void test_EC_i2d(void) tmp = buf; AssertNotNull(d2i_ECPrivateKey(©, &tmp, len)); - XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + buf = NULL; + + AssertIntGT((len = i2o_ECPublicKey(key, &buf)), 0); + AssertNotNull(o2i_ECPublicKey(©, (const unsigned char **)&buf, len)); + AssertIntEQ(EC_KEY_check_key(key), 1); + EC_KEY_free(key); EC_KEY_free(copy); #endif /* HAVE_ECC */ @@ -29123,6 +29128,8 @@ static void test_wolfSSL_EVP_MD_size(void) AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA256"), 1); AssertIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA256_DIGEST_SIZE); + AssertIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA256_BLOCK_SIZE); + AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA256_DIGEST_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA256_BLOCK_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); @@ -29132,6 +29139,8 @@ static void test_wolfSSL_EVP_MD_size(void) wolfSSL_EVP_MD_CTX_init(&mdCtx); AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "MD5"), 1); + AssertIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_MD5_DIGEST_SIZE); + AssertIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_MD5_BLOCK_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_MD5_DIGEST_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_MD5_BLOCK_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); @@ -29142,6 +29151,8 @@ static void test_wolfSSL_EVP_MD_size(void) wolfSSL_EVP_MD_CTX_init(&mdCtx); AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA224"), 1); + AssertIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA224_DIGEST_SIZE); + AssertIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA224_BLOCK_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA224_DIGEST_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA224_BLOCK_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); @@ -29152,6 +29163,8 @@ static void test_wolfSSL_EVP_MD_size(void) wolfSSL_EVP_MD_CTX_init(&mdCtx); AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA384"), 1); + AssertIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA384_DIGEST_SIZE); + AssertIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA384_BLOCK_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA384_DIGEST_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA384_BLOCK_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); @@ -29162,6 +29175,8 @@ static void test_wolfSSL_EVP_MD_size(void) wolfSSL_EVP_MD_CTX_init(&mdCtx); AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA512"), 1); + AssertIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA512_DIGEST_SIZE); + AssertIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA512_BLOCK_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA512_DIGEST_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA512_BLOCK_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); @@ -29172,6 +29187,8 @@ static void test_wolfSSL_EVP_MD_size(void) wolfSSL_EVP_MD_CTX_init(&mdCtx); AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA"), 1); + AssertIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA_DIGEST_SIZE); + AssertIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA_BLOCK_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA_DIGEST_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA_BLOCK_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); @@ -29179,6 +29196,8 @@ static void test_wolfSSL_EVP_MD_size(void) wolfSSL_EVP_MD_CTX_init(&mdCtx); AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA1"), 1); + AssertIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA_DIGEST_SIZE); + AssertIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), WC_SHA_BLOCK_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA_DIGEST_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA_BLOCK_SIZE); AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); @@ -29189,7 +29208,8 @@ static void test_wolfSSL_EVP_MD_size(void) AssertIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, ""), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), BAD_FUNC_ARG); AssertIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), BAD_FUNC_ARG); - AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 0); + /* Cleanup is valid on uninit'ed struct */ + AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); printf(resultFmt, passed); @@ -34079,6 +34099,7 @@ static void test_openssl_hmac(const WOLFSSL_EVP_MD* md, int md_len) AssertIntEQ(HMAC_Final(hmac, hash, &len), SSL_SUCCESS); AssertIntEQ(len, md_len); AssertIntEQ(HMAC_size(hmac), md_len); + AssertStrEQ(HMAC_CTX_get_md(hmac), md); HMAC_cleanup(hmac); HMAC_CTX_free(hmac); @@ -35676,6 +35697,11 @@ static void test_wolfSSL_RSA(void) const BIGNUM *n; const BIGNUM *e; const BIGNUM *d; + const BIGNUM *p; + const BIGNUM *q; + const BIGNUM *dmp1; + const BIGNUM *dmq1; + const BIGNUM *iqmp; printf(testingFmt, "wolfSSL_RSA()"); @@ -35685,6 +35711,7 @@ static void test_wolfSSL_RSA(void) /* sanity check */ AssertIntEQ(RSA_bits(NULL), 0); + /* key */ AssertIntEQ(RSA_bits(rsa), 2048); RSA_get0_key(rsa, &n, &e, &d); AssertPtrEq(rsa->n, n); @@ -35698,6 +35725,29 @@ static void test_wolfSSL_RSA(void) AssertPtrEq(rsa->e, e); AssertPtrEq(rsa->d, d); + /* crt_params */ + RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp); + AssertPtrEq(rsa->dmp1, dmp1); + AssertPtrEq(rsa->dmq1, dmq1); + AssertPtrEq(rsa->iqmp, iqmp); + AssertNotNull(dmp1 = BN_new()); + AssertNotNull(dmq1 = BN_new()); + AssertNotNull(iqmp = BN_new()); + AssertIntEQ(RSA_set0_crt_params(rsa, (BIGNUM*)dmp1, (BIGNUM*)dmq1, (BIGNUM*)iqmp), 1); + AssertPtrEq(rsa->dmp1, dmp1); + AssertPtrEq(rsa->dmq1, dmq1); + AssertPtrEq(rsa->iqmp, iqmp); + + /* factors */ + RSA_get0_factors(rsa, &p, &q); + AssertPtrEq(rsa->p, p); + AssertPtrEq(rsa->q, q); + AssertNotNull(p = BN_new()); + AssertNotNull(q = BN_new()); + AssertIntEQ(RSA_set0_factors(rsa, (BIGNUM*)p, (BIGNUM*)q), 1); + AssertPtrEq(rsa->p, p); + AssertPtrEq(rsa->q, q); + AssertIntEQ(BN_hex2bn(&rsa->n, "1FFFFF"), 1); AssertIntEQ(RSA_bits(rsa), 21); RSA_free(rsa); @@ -35901,6 +35951,7 @@ static void test_wolfSSL_RSA_meth(void) AssertPtrEq(RSA_get_method(rsa), rsa_meth); AssertIntEQ(RSA_flags(rsa), RSA_METHOD_FLAG_NO_CHECK); RSA_set_flags(rsa, RSA_FLAG_CACHE_PUBLIC); + AssertIntNE(RSA_test_flags(rsa, RSA_FLAG_CACHE_PUBLIC), 0); AssertIntEQ(RSA_flags(rsa), RSA_FLAG_CACHE_PUBLIC); /* rsa_meth is freed here */ @@ -37990,7 +38041,7 @@ static void test_wolfSSL_EC_KEY_dup(void) /* Valid cases */ AssertNotNull(dupKey = wolfSSL_EC_KEY_dup(ecKey)); - AssertIntEQ(wc_ecc_check_key((ecc_key*)dupKey->internal), 0); + AssertIntEQ(EC_KEY_check_key(dupKey), 1); /* Compare pubkey */ srcKey = (ecc_key*)ecKey->internal; @@ -39218,7 +39269,7 @@ static void test_wolfSSL_EVP_DigestFinal_ex(void) wolfSSL_EVP_MD_CTX_init(&mdCtx); AssertIntEQ(wolfSSL_EVP_DigestFinal_ex(&mdCtx, md, &s), 0); - AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 0); + AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); #else @@ -45815,17 +45866,21 @@ static void test_wolfSSL_set_psk_use_session_callback(void) #endif } -static void test_wolfSSL_DH_get0_pqg(void) +static void test_wolfSSL_DH(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_DH) DH *dh = NULL; BIGNUM* p; BIGNUM* q; BIGNUM* g; + BIGNUM* pub; + BIGNUM* priv; (void)dh; (void)p; (void)q; (void)g; + (void)pub; + (void)priv; #if defined(OPENSSL_ALL) #if !defined(HAVE_FIPS) || \ @@ -45852,14 +45907,22 @@ static void test_wolfSSL_DH_get0_pqg(void) DH_get0_pqg(dh, (const BIGNUM**)&p, (const BIGNUM**)&q, (const BIGNUM**) &g); - AssertPtrEq(p, dh->p); AssertPtrEq(q, dh->q); AssertPtrEq(g, dh->g); + DH_get0_key(dh, (const BIGNUM**)&pub, (const BIGNUM**)&priv); + AssertPtrEq(pub, dh->pub_key); + AssertPtrEq(priv, dh->priv_key); + AssertNotNull(pub = BN_new()); + AssertNotNull(priv = BN_new()); + AssertIntEQ(DH_set0_key(dh, pub, priv), 1); + AssertPtrEq(pub, dh->pub_key); + AssertPtrEq(priv, dh->priv_key); + DH_free(dh); #endif #endif - printf(testingFmt, "test_wolfSSL_DH_get0_pqg"); + printf(testingFmt, "test_wolfSSL_DH"); dh = wolfSSL_DH_new(); AssertNotNull(dh); @@ -45982,7 +46045,6 @@ void ApiTest(void) test_SetTmpEC_DHE_Sz(); test_wolfSSL_CTX_get0_privatekey(); test_wolfSSL_dtls_set_mtu(); - test_wolfSSL_DH_get0_pqg(); #if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \ defined(HAVE_IO_TESTS_DEPENDENCIES) test_wolfSSL_read_write(); @@ -46417,7 +46479,7 @@ void ApiTest(void) test_CONF_CTX_FILE(); test_CONF_CTX_CMDLINE(); test_wolfSSL_CRYPTO_get_ex_new_index(); - test_wolfSSL_DH_get0_pqg(); + test_wolfSSL_DH(); /*wolfcrypt */ printf("\n-----------------wolfcrypt unit tests------------------\n"); diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index db7c286a2..8f4f9866b 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -2354,6 +2354,18 @@ static enum wc_HashType wolfSSL_EVP_md2macType(const WOLFSSL_EVP_MD *md) return WC_HASH_TYPE_NONE; } +static const WOLFSSL_EVP_MD* wolfSSL_macType2EVP_md(enum wc_HashType type) +{ + const struct s_ent *ent ; + + for( ent = md_tbl; ent->name != NULL; ent++) { + if(ent->macType == type) { + return ent->name; + } + } + return NULL; +} + /* Finalize structure for signing * * ctx WOLFSSL_EVP_MD_CTX structure to finalize @@ -4212,6 +4224,9 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) #endif break; case WC_HASH_TYPE_NONE: + /* Not an error since an unused struct could be free'd or + * reset. */ + break; case WC_HASH_TYPE_MD2: case WC_HASH_TYPE_MD4: case WC_HASH_TYPE_MD5_SHA: diff --git a/wolfssl/openssl/crypto.h b/wolfssl/openssl/crypto.h index 06128fe7f..13b4794a0 100644 --- a/wolfssl/openssl/crypto.h +++ b/wolfssl/openssl/crypto.h @@ -26,6 +26,20 @@ #include +typedef struct WOLFSSL_INIT_SETTINGS { + char* appname; +} WOLFSSL_INIT_SETTINGS; +typedef WOLFSSL_INIT_SETTINGS OPENSSL_INIT_SETTINGS; + +typedef struct WOLFSSL_CRYPTO_THREADID { + int dummy; +}WOLFSSL_CRYPTO_THREADID; +typedef struct crypto_threadid_st CRYPTO_THREADID; + +typedef struct CRYPTO_EX_DATA CRYPTO_EX_DATA; +typedef void (CRYPTO_free_func)(void*parent, void*ptr, CRYPTO_EX_DATA *ad, int idx, + long argl, void* argp); + #include #include @@ -33,12 +47,6 @@ #include "prefix_crypto.h" #endif -typedef struct WOLFSSL_INIT_SETTINGS { - char* appname; -} WOLFSSL_INIT_SETTINGS; - -typedef WOLFSSL_INIT_SETTINGS OPENSSL_INIT_SETTINGS; - WOLFSSL_API const char* wolfSSLeay_version(int type); WOLFSSL_API unsigned long wolfSSLeay(void); WOLFSSL_API unsigned long wolfSSL_OpenSSL_version_num(void); @@ -52,11 +60,6 @@ WOLFSSL_API unsigned char *wolfSSL_OPENSSL_hexstr2buf(const char *str, long *len WOLFSSL_API int wolfSSL_OPENSSL_init_crypto(word64 opts, const OPENSSL_INIT_SETTINGS *settings); #endif -typedef struct WOLFSSL_CRYPTO_THREADID { - int dummy; -}WOLFSSL_CRYPTO_THREADID; -typedef struct crypto_threadid_st CRYPTO_THREADID; - #define crypto_threadid_st WOLFSSL_CRYPTO_THREADID #define CRYPTO_THREADID WOLFSSL_CRYPTO_THREADID @@ -102,9 +105,6 @@ typedef struct crypto_threadid_st CRYPTO_THREADID; #define CRYPTO_set_mem_ex_functions wolfSSL_CRYPTO_set_mem_ex_functions #define FIPS_mode wolfSSL_FIPS_mode #define FIPS_mode_set wolfSSL_FIPS_mode_set -typedef struct CRYPTO_EX_DATA CRYPTO_EX_DATA; -typedef void (CRYPTO_free_func)(void*parent, void*ptr, CRYPTO_EX_DATA *ad, int idx, - long argl, void* argp); #define CRYPTO_THREADID_set_callback wolfSSL_THREADID_set_callback #define CRYPTO_THREADID_set_numeric wolfSSL_THREADID_set_numeric #define CRYPTO_THREADID_current wolfSSL_THREADID_current diff --git a/wolfssl/openssl/dh.h b/wolfssl/openssl/dh.h index 0970f366f..b63b6c2d1 100644 --- a/wolfssl/openssl/dh.h +++ b/wolfssl/openssl/dh.h @@ -64,7 +64,7 @@ WOLFSSL_API WOLFSSL_DH* wolfSSL_DH_dup(WOLFSSL_DH* dh); WOLFSSL_API int wolfSSL_DH_check(const WOLFSSL_DH *dh, int *codes); WOLFSSL_API int wolfSSL_DH_size(WOLFSSL_DH*); WOLFSSL_API int wolfSSL_DH_generate_key(WOLFSSL_DH*); -WOLFSSL_API int wolfSSL_DH_compute_key(unsigned char* key, WOLFSSL_BIGNUM* pub, +WOLFSSL_API int wolfSSL_DH_compute_key(unsigned char* key, const WOLFSSL_BIGNUM* pub, WOLFSSL_DH*); WOLFSSL_API int wolfSSL_DH_LoadDer(WOLFSSL_DH*, const unsigned char*, int sz); WOLFSSL_API int wolfSSL_DH_set0_pqg(WOLFSSL_DH*, WOLFSSL_BIGNUM*, @@ -80,10 +80,10 @@ WOLFSSL_API int wolfSSL_DH_set0_pqg(WOLFSSL_DH*, WOLFSSL_BIGNUM*, #define DH_size wolfSSL_DH_size #define DH_generate_key wolfSSL_DH_generate_key #define DH_compute_key wolfSSL_DH_compute_key -#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L #define DH_set0_pqg wolfSSL_DH_set0_pqg -#endif #define DH_get0_pqg wolfSSL_DH_get0_pqg +#define DH_get0_key wolfSSL_DH_get0_key +#define DH_set0_key wolfSSL_DH_set0_key #define DH_bits(x) (BN_num_bits(x->p)) #define DH_GENERATOR_2 2 diff --git a/wolfssl/openssl/ec.h b/wolfssl/openssl/ec.h index abf47ef5f..28741cc89 100644 --- a/wolfssl/openssl/ec.h +++ b/wolfssl/openssl/ec.h @@ -157,6 +157,9 @@ int wolfSSL_EC_POINT_oct2point(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *p, const unsigned char *buf, size_t len, WOLFSSL_BN_CTX *ctx); WOLFSSL_API +WOLFSSL_EC_KEY *wolfSSL_o2i_ECPublicKey(WOLFSSL_EC_KEY **a, const unsigned char **in, + long len); +WOLFSSL_API int wolfSSL_i2o_ECPublicKey(const WOLFSSL_EC_KEY *in, unsigned char **out); WOLFSSL_API WOLFSSL_EC_KEY *wolfSSL_d2i_ECPrivateKey(WOLFSSL_EC_KEY **key, const unsigned char **in, @@ -207,6 +210,7 @@ void wolfSSL_EC_KEY_set_asn1_flag(WOLFSSL_EC_KEY *key, int asn1_flag); WOLFSSL_API int wolfSSL_EC_KEY_set_public_key(WOLFSSL_EC_KEY *key, const WOLFSSL_EC_POINT *pub); +WOLFSSL_API int wolfSSL_EC_KEY_check_key(const WOLFSSL_EC_KEY *key); WOLFSSL_API int wolfSSL_ECDSA_size(const WOLFSSL_EC_KEY *key); WOLFSSL_API int wolfSSL_ECDSA_sign(int type, const unsigned char *digest, int digestSz, unsigned char *sig, @@ -299,6 +303,7 @@ char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group, #define EC_KEY_generate_key wolfSSL_EC_KEY_generate_key #define EC_KEY_set_asn1_flag wolfSSL_EC_KEY_set_asn1_flag #define EC_KEY_set_public_key wolfSSL_EC_KEY_set_public_key +#define EC_KEY_check_key wolfSSL_EC_KEY_check_key #define ECDSA_size wolfSSL_ECDSA_size #define ECDSA_sign wolfSSL_ECDSA_sign @@ -341,6 +346,7 @@ char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group, #define EC_POINT_oct2point wolfSSL_EC_POINT_oct2point #define EC_POINT_point2bn wolfSSL_EC_POINT_point2bn #define EC_POINT_is_on_curve wolfSSL_EC_POINT_is_on_curve +#define o2i_ECPublicKey wolfSSL_o2i_ECPublicKey #define i2o_ECPublicKey wolfSSL_i2o_ECPublicKey #define i2d_EC_PUBKEY wolfSSL_i2o_ECPublicKey #define d2i_ECPrivateKey wolfSSL_d2i_ECPrivateKey diff --git a/wolfssl/openssl/evp.h b/wolfssl/openssl/evp.h index 44e4c3362..0261a1391 100644 --- a/wolfssl/openssl/evp.h +++ b/wolfssl/openssl/evp.h @@ -785,6 +785,7 @@ typedef WOLFSSL_ASN1_PCTX ASN1_PCTX; #define EVP_MD_CTX_type wolfSSL_EVP_MD_CTX_type #define EVP_MD_CTX_size wolfSSL_EVP_MD_CTX_size #define EVP_MD_CTX_block_size wolfSSL_EVP_MD_CTX_block_size +#define EVP_MD_block_size wolfSSL_EVP_MD_block_size #define EVP_MD_type wolfSSL_EVP_MD_type #ifndef NO_WOLFSSL_STUB #define EVP_MD_CTX_set_flags(...) diff --git a/wolfssl/openssl/hmac.h b/wolfssl/openssl/hmac.h index 8158afa9a..99b39be7f 100644 --- a/wolfssl/openssl/hmac.h +++ b/wolfssl/openssl/hmac.h @@ -35,9 +35,17 @@ #include "prefix_hmac.h" #endif +#include + +typedef struct WOLFSSL_HMAC_CTX { + Hmac hmac; + int type; + word32 save_ipad[WC_HMAC_BLOCK_SIZE / sizeof(word32)]; /* same block size all*/ + word32 save_opad[WC_HMAC_BLOCK_SIZE / sizeof(word32)]; +} WOLFSSL_HMAC_CTX; + #include #include -#include #ifdef __cplusplus extern "C" { @@ -49,22 +57,13 @@ WOLFSSL_API unsigned char* wolfSSL_HMAC(const WOLFSSL_EVP_MD* evp_md, const unsigned char* d, int n, unsigned char* md, unsigned int* md_len); - -typedef struct WOLFSSL_HMAC_CTX { - Hmac hmac; - int type; - word32 save_ipad[WC_HMAC_BLOCK_SIZE / sizeof(word32)]; /* same block size all*/ - word32 save_opad[WC_HMAC_BLOCK_SIZE / sizeof(word32)]; -} WOLFSSL_HMAC_CTX; - - WOLFSSL_API WOLFSSL_HMAC_CTX* wolfSSL_HMAC_CTX_new(void); WOLFSSL_API int wolfSSL_HMAC_CTX_Init(WOLFSSL_HMAC_CTX* ctx); WOLFSSL_API int wolfSSL_HMAC_CTX_copy(WOLFSSL_HMAC_CTX* des, WOLFSSL_HMAC_CTX* src); WOLFSSL_LOCAL int wolfSSL_HmacCopy(Hmac* des, Hmac* src); WOLFSSL_API int wolfSSL_HMAC_Init(WOLFSSL_HMAC_CTX* ctx, const void* key, - int keylen, const EVP_MD* type); + int keylen, const WOLFSSL_EVP_MD* type); WOLFSSL_API int wolfSSL_HMAC_Init_ex(WOLFSSL_HMAC_CTX* ctx, const void* key, int keylen, const EVP_MD* type, WOLFSSL_ENGINE* e); WOLFSSL_API int wolfSSL_HMAC_Update(WOLFSSL_HMAC_CTX* ctx, @@ -75,6 +74,7 @@ WOLFSSL_API int wolfSSL_HMAC_cleanup(WOLFSSL_HMAC_CTX* ctx); WOLFSSL_API void wolfSSL_HMAC_CTX_cleanup(WOLFSSL_HMAC_CTX* ctx); WOLFSSL_API void wolfSSL_HMAC_CTX_free(WOLFSSL_HMAC_CTX* ctx); WOLFSSL_API size_t wolfSSL_HMAC_size(const WOLFSSL_HMAC_CTX *ctx); +WOLFSSL_API const WOLFSSL_EVP_MD *wolfSSL_HMAC_CTX_get_md(const WOLFSSL_HMAC_CTX *ctx); typedef struct WOLFSSL_HMAC_CTX HMAC_CTX; @@ -92,6 +92,7 @@ typedef struct WOLFSSL_HMAC_CTX HMAC_CTX; #define HMAC_Final wolfSSL_HMAC_Final #define HMAC_cleanup wolfSSL_HMAC_cleanup #define HMAC_size wolfSSL_HMAC_size +#define HMAC_CTX_get_md wolfSSL_HMAC_CTX_get_md #ifdef __cplusplus diff --git a/wolfssl/openssl/opensslv.h b/wolfssl/openssl/opensslv.h index b509793cf..fb2fc0b81 100644 --- a/wolfssl/openssl/opensslv.h +++ b/wolfssl/openssl/opensslv.h @@ -30,7 +30,7 @@ defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER == 0x10100000L) ||\ defined(OPENSSL_VERSION_NUMBER) && (OPENSSL_VERSION_NUMBER == 0x10001040L) /* valid version */ -#elif defined(WOLFSSL_APACHE_HTTPD) || defined(HAVE_LIBEST) +#elif defined(WOLFSSL_APACHE_HTTPD) || defined(HAVE_LIBEST) || defined(WOLFSSL_BIND) /* For Apache httpd, Use 1.1.0 compatibility */ #define OPENSSL_VERSION_NUMBER 0x10100000L #elif defined(WOLFSSL_QT) diff --git a/wolfssl/openssl/rsa.h b/wolfssl/openssl/rsa.h index c1bf4437f..25594f167 100644 --- a/wolfssl/openssl/rsa.h +++ b/wolfssl/openssl/rsa.h @@ -144,12 +144,22 @@ WOLFSSL_API int wolfSSL_RSA_set_method(WOLFSSL_RSA *rsa, WOLFSSL_RSA_METHOD *met WOLFSSL_API const WOLFSSL_RSA_METHOD* wolfSSL_RSA_get_method(const WOLFSSL_RSA *rsa); WOLFSSL_API const WOLFSSL_RSA_METHOD* wolfSSL_RSA_get_default_method(void); +WOLFSSL_API void wolfSSL_RSA_get0_crt_params(const WOLFSSL_RSA *r, + const WOLFSSL_BIGNUM **dmp1, + const WOLFSSL_BIGNUM **dmq1, + const WOLFSSL_BIGNUM **iqmp); +WOLFSSL_API int wolfSSL_RSA_set0_crt_params(WOLFSSL_RSA *r, WOLFSSL_BIGNUM *dmp1, + WOLFSSL_BIGNUM *dmq1, WOLFSSL_BIGNUM *iqmp); +WOLFSSL_API void wolfSSL_RSA_get0_factors(const WOLFSSL_RSA *r, const WOLFSSL_BIGNUM **p, + const WOLFSSL_BIGNUM **q); +WOLFSSL_API int wolfSSL_RSA_set0_factors(WOLFSSL_RSA *r, WOLFSSL_BIGNUM *p, WOLFSSL_BIGNUM *q); WOLFSSL_API void wolfSSL_RSA_get0_key(const WOLFSSL_RSA *r, const WOLFSSL_BIGNUM **n, const WOLFSSL_BIGNUM **e, const WOLFSSL_BIGNUM **d); WOLFSSL_API int wolfSSL_RSA_set0_key(WOLFSSL_RSA *r, WOLFSSL_BIGNUM *n, WOLFSSL_BIGNUM *e, WOLFSSL_BIGNUM *d); WOLFSSL_API int wolfSSL_RSA_flags(const WOLFSSL_RSA *r); WOLFSSL_API void wolfSSL_RSA_set_flags(WOLFSSL_RSA *r, int flags); +WOLFSSL_API int wolfSSL_RSA_test_flags(const WOLFSSL_RSA *r, int flags); WOLFSSL_API WOLFSSL_RSA* wolfSSL_RSAPublicKey_dup(WOLFSSL_RSA *rsa); @@ -194,10 +204,15 @@ WOLFSSL_API int wolfSSL_RSA_set_ex_data_with_cleanup( #define RSA_get_default_method wolfSSL_RSA_get_default_method #define RSA_get_method wolfSSL_RSA_get_method #define RSA_set_method wolfSSL_RSA_set_method +#define RSA_get0_crt_params wolfSSL_RSA_get0_crt_params +#define RSA_set0_crt_params wolfSSL_RSA_set0_crt_params +#define RSA_get0_factors wolfSSL_RSA_get0_factors +#define RSA_set0_factors wolfSSL_RSA_set0_factors #define RSA_get0_key wolfSSL_RSA_get0_key #define RSA_set0_key wolfSSL_RSA_set0_key #define RSA_flags wolfSSL_RSA_flags #define RSA_set_flags wolfSSL_RSA_set_flags +#define RSA_test_flags wolfSSL_RSA_test_flags #define RSAPublicKey_dup wolfSSL_RSAPublicKey_dup #define RSA_get_ex_data wolfSSL_RSA_get_ex_data diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 87e1a623d..77a73fb06 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -4234,7 +4234,12 @@ WOLFSSL_API void *wolfSSL_OPENSSL_memdup(const void *data, WOLFSSL_API void wolfSSL_OPENSSL_cleanse(void *ptr, size_t len); WOLFSSL_API void wolfSSL_ERR_load_BIO_strings(void); WOLFSSL_API void wolfSSL_DH_get0_pqg(const WOLFSSL_DH* dh, -const WOLFSSL_BIGNUM** p, const WOLFSSL_BIGNUM** q, const WOLFSSL_BIGNUM** g); + const WOLFSSL_BIGNUM** p, const WOLFSSL_BIGNUM** q, + const WOLFSSL_BIGNUM** g); +WOLFSSL_API void wolfSSL_DH_get0_key(const WOLFSSL_DH *dh, + const WOLFSSL_BIGNUM **pub_key, const WOLFSSL_BIGNUM **priv_key); +WOLFSSL_API int wolfSSL_DH_set0_key(WOLFSSL_DH *dh, WOLFSSL_BIGNUM *pub_key, + WOLFSSL_BIGNUM *priv_key); #endif #if defined(HAVE_OCSP) && !defined(NO_ASN_TIME)