diff --git a/configure.ac b/configure.ac index b606e3059..30280d922 100644 --- a/configure.ac +++ b/configure.ac @@ -500,7 +500,7 @@ fi if test "$ENABLED_OPENSSH" = "yes" then ENABLED_FORTRESS="yes" - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_OPENSSH" + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_OPENSSH -DHAVE_EX_DATA" fi #Qt Support @@ -1483,7 +1483,7 @@ then ENABLED_DSA="yes" fi -if test "$ENABLED_DSA" = "no" +if test "$ENABLED_DSA" = "no" && test "$ENABLED_OPENSSH" = "no" then AM_CFLAGS="$AM_CFLAGS -DNO_DSA" fi diff --git a/src/ssl.c b/src/ssl.c index a4cac156c..47af9db11 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -25374,8 +25374,8 @@ void* wolfSSL_X509_STORE_CTX_get_ex_data(WOLFSSL_X509_STORE_CTX* ctx, int idx) { WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_get_ex_data"); #if defined(HAVE_EX_DATA) || defined(FORTRESS) - if (ctx != NULL && idx < MAX_EX_DATA && idx >= 0) { - return ctx->ex_data[idx]; + if (ctx != NULL) { + return wolfSSL_CRYPTO_get_ex_data(ctx->ex_data, idx); } #else (void)ctx; @@ -25392,10 +25392,9 @@ int wolfSSL_X509_STORE_CTX_set_ex_data(WOLFSSL_X509_STORE_CTX* ctx, int idx, { WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_set_ex_data"); #if defined(HAVE_EX_DATA) || defined(FORTRESS) - if (ctx != NULL && idx < MAX_EX_DATA) + if (ctx != NULL) { - ctx->ex_data[idx] = data; - return WOLFSSL_SUCCESS; + return wolfSSL_CRYPTO_set_ex_data(ctx->ex_data, idx, data); } #else (void)ctx; @@ -30682,7 +30681,7 @@ WOLFSSL_DSA_SIG* wolfSSL_DSA_do_sign_ex(const unsigned char* digest, WOLFSSL_ENTER("wolfSSL_DSA_do_sign_ex"); - if (digest == NULL || dsa == NULL || outLen != WC_SHA_DIGEST_SIZE) { + if (!digest || !dsa || outLen != WC_SHA_DIGEST_SIZE) { WOLFSSL_MSG("Bad function arguments"); return NULL; } @@ -30699,7 +30698,7 @@ WOLFSSL_DSA_SIG* wolfSSL_DSA_do_sign_ex(const unsigned char* digest, goto error; } - if (!(sig->s = wolfSSL_BN_bin2bn(sigBin+DSA_HALF_SIZE, DSA_HALF_SIZE, NULL))) { + if (!(sig->s = wolfSSL_BN_bin2bn(sigBin + DSA_HALF_SIZE, DSA_HALF_SIZE, NULL))) { goto error; } @@ -30741,6 +30740,60 @@ int wolfSSL_DSA_do_verify(const unsigned char* d, unsigned char* sig, return WOLFSSL_SUCCESS; } + +int wolfSSL_DSA_do_verify_ex(const unsigned char* digest, int digest_len, + WOLFSSL_DSA_SIG* sig, WOLFSSL_DSA* dsa) +{ + int dsacheck, sz; + byte sigBin[DSA_SIG_SIZE]; + byte* sigBinPtr = sigBin; + + WOLFSSL_ENTER("wolfSSL_DSA_do_verify_ex"); + + if (!digest || !sig || !dsa || digest_len != WC_SHA_DIGEST_SIZE) { + WOLFSSL_MSG("Bad function arguments"); + return WOLFSSL_FAILURE; + } + + if (!sig->r || !sig->s) { + WOLFSSL_MSG("No signature found in DSA_SIG"); + return WOLFSSL_FAILURE; + } + + /* front pad with zeros */ + if (!(sz = wolfSSL_BN_num_bytes(sig->r))) { + return WOLFSSL_FAILURE; + } + while (sz++ < DSA_HALF_SIZE) { + *sigBinPtr++ = 0; + } + + if (wolfSSL_BN_bn2bin(sig->r, sigBinPtr) == WOLFSSL_FATAL_ERROR) { + return WOLFSSL_FAILURE; + } + + /* Move to s */ + sigBinPtr = sigBin + DSA_HALF_SIZE; + + /* front pad with zeros */ + if (!(sz = wolfSSL_BN_num_bytes(sig->s))) { + return WOLFSSL_FAILURE; + } + while (sz++ < DSA_HALF_SIZE) { + *sigBinPtr++ = 0; + } + + if (wolfSSL_BN_bn2bin(sig->s, sigBinPtr) == WOLFSSL_FATAL_ERROR) { + return WOLFSSL_FAILURE; + } + + if (wolfSSL_DSA_do_verify(digest, sigBin, dsa, &dsacheck) != WOLFSSL_SUCCESS || + dsacheck != 1) { + return WOLFSSL_FAILURE; + } + + return WOLFSSL_SUCCESS; +} #endif /* NO_DSA */ @@ -31953,6 +32006,51 @@ int wolfSSL_EVP_PKEY_assign(WOLFSSL_EVP_PKEY *pkey, int type, void *key) } #endif /* WOLFSSL_QT || OPENSSL_ALL */ +/* try and populate public pkey_sz and pkey.ptr */ +static void ECC_populate_EVP_PKEY(EVP_PKEY* pkey, ecc_key* ecc) +{ + int ret; + if (!pkey || !ecc) + return; + if ((ret = wc_EccPublicKeyDerSize(ecc, 1)) > 0) { + int derSz = ret; + char* derBuf = (char*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (derBuf) { + ret = wc_EccPublicKeyToDer(ecc, (byte*)derBuf, derSz, 1); + if (ret >= 0) { + if (pkey->pkey.ptr) { + XFREE(pkey->pkey.ptr, NULL, DYNAMIC_TYPE_OPENSSL); + } + pkey->pkey_sz = ret; + pkey->pkey.ptr = derBuf; + } + else { /* failure - okay to ignore */ + XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + derBuf = NULL; + } + } + } +} + +WOLFSSL_API int wolfSSL_EVP_PKEY_set1_EC_KEY(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_EC_KEY *key) +{ +#ifdef HAVE_ECC + if((pkey == NULL) || (key ==NULL))return WOLFSSL_FAILURE; + WOLFSSL_ENTER("wolfSSL_EVP_PKEY_set1_EC_KEY"); + if (pkey->rsa != NULL && pkey->ownRsa == 1) { + wolfSSL_RSA_free(pkey->rsa); + } + pkey->ecc = key; + pkey->ownEcc = 0; /* pkey does not own EC key */ + pkey->type = EVP_PKEY_EC; + ECC_populate_EVP_PKEY(pkey, (ecc_key*)key->internal); + return WOLFSSL_SUCCESS; +#else + (void)pkey; + (void)key; + return WOLFSSL_FAILURE; +#endif +} void* wolfSSL_EVP_X_STATE(const WOLFSSL_EVP_CIPHER_CTX* ctx) { @@ -32374,6 +32472,56 @@ static int EncryptDerKey(byte *der, int *derSz, const EVP_CIPHER* cipher, } #endif /* WOLFSSL_KEY_GEN || WOLFSSL_PEM_TO_DER */ +#ifndef NO_RSA +static int wolfSSL_RSA_To_Der(WOLFSSL_RSA* rsa, byte** outBuf, int publicKey) +{ + int derMax = 0; + int derSz = 0; + byte* derBuf; + + WOLFSSL_ENTER("wc_RsaKeyToDer"); + + if (!rsa || !outBuf || (publicKey != 0 && publicKey != 1)) { + WOLFSSL_LEAVE("wc_RsaKeyToDer", BAD_FUNC_ARG); + return BAD_FUNC_ARG; + } + /* 5 > size of n, d, p, q, d%(p-1), d(q-1), 1/q%p, e + ASN.1 additional + * informations + */ + derMax = 5 * wolfSSL_RSA_size(rsa) + AES_BLOCK_SIZE; + derBuf = (byte*)XMALLOC(derMax, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (derBuf == NULL) { + WOLFSSL_MSG("malloc failed"); + WOLFSSL_LEAVE("wc_RsaKeyToDer", MEMORY_ERROR); + return MEMORY_ERROR; + } + /* Key to DER */ + if (publicKey) { + derSz = wc_RsaKeyToPublicDer((RsaKey*)rsa->internal, derBuf, derMax); + if (derSz < 0) { + WOLFSSL_MSG("wc_RsaKeyToPublicDer failed"); + XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } + else { + *outBuf = derBuf; + } + } + else { + derSz = wc_RsaKeyToDer((RsaKey*)rsa->internal, derBuf, derMax); + if (derSz < 0) { + WOLFSSL_MSG("wc_RsaKeyToDer failed"); + XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } + else { + *outBuf = derBuf; + } + } + + WOLFSSL_LEAVE("wc_RsaKeyToDer", derSz); + return derSz; +} +#endif + #if defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN) #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && !defined(NO_RSA) @@ -32414,19 +32562,11 @@ int wolfSSL_PEM_write_bio_RSAPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_RSA* key, #ifdef WOLFSSL_KEY_GEN /* similar to how wolfSSL_PEM_write_mem_RSAPrivateKey finds DER of key */ { - int derMax; int derSz; byte* derBuf; - /* 5 > size of n, d, p, q, d%(p-1), d(q-1), 1/q%p, e + ASN.1 additional - * information - */ - derMax = 5 * wolfSSL_RSA_size(key) + (2 * AES_BLOCK_SIZE); - - derBuf = (byte*)XMALLOC(derMax, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (derBuf == NULL) { - WOLFSSL_MSG("malloc failed"); - wolfSSL_EVP_PKEY_free(pkey); + if ((derSz = wolfSSL_RSA_To_Der(key, &derBuf, 0)) < 0) { + WOLFSSL_MSG("wolfSSL_RSA_To_Der failed"); return WOLFSSL_FAILURE; } @@ -32436,7 +32576,7 @@ int wolfSSL_PEM_write_bio_RSAPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_RSA* key, WOLFSSL_MSG("wc_RsaKeyToDer failed"); XFREE(derBuf, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); wolfSSL_EVP_PKEY_free(pkey); - return WOLFSSL_FAILURE; + return SSL_FAILURE; } pkey->pkey.ptr = (char*)XMALLOC(derSz, bio->heap, @@ -32467,7 +32607,7 @@ int wolfSSL_PEM_write_bio_RSAPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_RSA* key, */ int wolfSSL_PEM_write_bio_RSA_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa) { - int ret = 0, derMax = 0, derSz = 0; + int ret = 0, derSz = 0; byte *derBuf = NULL; WOLFSSL_EVP_PKEY* pkey = NULL; @@ -32489,24 +32629,8 @@ int wolfSSL_PEM_write_bio_RSA_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa) pkey->rsa = rsa; pkey->ownRsa = 0; - /* 5 > size of n, d, p, q, d%(p-1), d(q-1), 1/q%p, e + ASN.1 additional - * information - */ - derMax = 5 * wolfSSL_RSA_size(rsa) + AES_BLOCK_SIZE; - - derBuf = (byte*)XMALLOC(derMax, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (derBuf == NULL) { - WOLFSSL_MSG("malloc failed"); - wolfSSL_EVP_PKEY_free(pkey); - return WOLFSSL_FAILURE; - } - - /* Key to DER */ - derSz = wc_RsaKeyToPublicDer((RsaKey*)rsa->internal, derBuf, derMax); - if (derSz < 0) { - WOLFSSL_MSG("wc_RsaKeyToPublicDer failed"); - XFREE(derBuf, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); - wolfSSL_EVP_PKEY_free(pkey); + if ((derSz = wolfSSL_RSA_To_Der(rsa, &derBuf, 1)) < 0) { + WOLFSSL_MSG("wolfSSL_RSA_To_Der failed"); return WOLFSSL_FAILURE; } @@ -32704,7 +32828,7 @@ int wolfSSL_PEM_write_mem_RSAPrivateKey(RSA* rsa, const EVP_CIPHER* cipher, unsigned char **pem, int *plen) { byte *derBuf, *tmp, *cipherInfo = NULL; - int der_max_len = 0, derSz = 0; + int derSz = 0; const int type = PRIVATEKEY_TYPE; const char* header = NULL; const char* footer = NULL; @@ -32728,22 +32852,8 @@ int wolfSSL_PEM_write_mem_RSAPrivateKey(RSA* rsa, const EVP_CIPHER* cipher, } } - /* 5 > size of n, d, p, q, d%(p-1), d(q-1), 1/q%p, e + ASN.1 additional - * information - */ - der_max_len = 5 * wolfSSL_RSA_size(rsa) + AES_BLOCK_SIZE; - - derBuf = (byte*)XMALLOC(der_max_len, NULL, DYNAMIC_TYPE_DER); - if (derBuf == NULL) { - WOLFSSL_MSG("malloc failed"); - return WOLFSSL_FAILURE; - } - - /* Key to DER */ - derSz = wc_RsaKeyToDer((RsaKey*)rsa->internal, derBuf, der_max_len); - if (derSz < 0) { - WOLFSSL_MSG("wc_RsaKeyToDer failed"); - XFREE(derBuf, NULL, DYNAMIC_TYPE_DER); + if ((derSz = wolfSSL_RSA_To_Der(rsa, &derBuf, 0)) < 0) { + WOLFSSL_MSG("wolfSSL_RSA_To_Der failed"); return WOLFSSL_FAILURE; } @@ -35991,7 +36101,6 @@ int wolfSSL_i2d_RSAPrivateKey(WOLFSSL_RSA *rsa, unsigned char **pp) { #if defined(WOLFSSL_KEY_GEN) byte* der = NULL; - int derMax; int ret; int i; @@ -36010,25 +36119,11 @@ int wolfSSL_i2d_RSAPrivateKey(WOLFSSL_RSA *rsa, unsigned char **pp) } } - /* 5 > size of n, d, p, q, d%(p-1), d(q-1), 1/q%p, e + ASN.1 additional - * information - */ - derMax = 5 * wolfSSL_RSA_size(rsa) + AES_BLOCK_SIZE; - - der = (byte*)XMALLOC(derMax, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (der == NULL) { - WOLFSSL_MSG("Malloc failed"); + if ((ret = wolfSSL_RSA_To_Der(rsa, &der, 0)) < 0) { + WOLFSSL_MSG("wolfSSL_RSA_To_Der failed"); return WOLFSSL_FAILURE; } - /* RSA key to DER */ - if ((ret = wc_RsaKeyToDer((RsaKey *)rsa->internal, der, derMax)) < 0) { - WOLFSSL_MSG("wc_RsaKeyToDer() failed"); - XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); - der = NULL; - return ret; - } - if (pp != NULL) { if (*pp == NULL) { /* create buffer and return it */ @@ -36206,6 +36301,11 @@ const WOLFSSL_RSA_METHOD* wolfSSL_RSA_get_method(const WOLFSSL_RSA *rsa) return rsa->meth; } +const WOLFSSL_RSA_METHOD* wolfSSL_RSA_get_default_method(void) +{ + return wolfSSL_RSA_meth_new("wolfSSL RSA", 0); +} + int wolfSSL_RSA_flags(const WOLFSSL_RSA *r) { if (r && r->meth) { @@ -36222,6 +36322,68 @@ void wolfSSL_RSA_set_flags(WOLFSSL_RSA *r, int flags) } } +WOLFSSL_RSA* wolfSSL_RSAPublicKey_dup(WOLFSSL_RSA *rsa) +{ + int derSz = 0; + byte *derBuf = NULL; + WOLFSSL_RSA* local; + + WOLFSSL_ENTER("wolfSSL_RSAPublicKey_dup"); + + if (!rsa) { + return NULL; + } + + local = wolfSSL_RSA_new(); + if (local == NULL) { + WOLFSSL_MSG("Error creating a new WOLFSSL_RSA structure"); + return NULL; + } + + if ((derSz = wolfSSL_RSA_To_Der(rsa, &derBuf, 1)) < 0) { + WOLFSSL_MSG("wolfSSL_RSA_To_Der failed"); + return NULL; + } + + if (wolfSSL_RSA_LoadDer_ex(local, + derBuf, derSz, + WOLFSSL_RSA_LOAD_PUBLIC) != SSL_SUCCESS) { + wolfSSL_RSA_free(local); + local = NULL; + } + XFREE(derBuf, NULL, DYNAMIC_TYPE_ASN1); + return local; +} + +void* wolfSSL_RSA_get_ex_data(const WOLFSSL_RSA *rsa, int idx) +{ + WOLFSSL_ENTER("wolfSSL_RSA_get_ex_data"); + #ifdef HAVE_EX_DATA + if(rsa) { + return wolfSSL_CRYPTO_get_ex_data(rsa->ex_data, idx); + } + #else + (void)rsa; + (void)idx; + #endif + return NULL; +} + +int wolfSSL_RSA_set_ex_data(WOLFSSL_RSA *rsa, int idx, void *data) +{ + WOLFSSL_ENTER("wolfSSL_RSA_set_ex_data"); + #ifdef HAVE_EX_DATA + if(rsa) { + return wolfSSL_CRYPTO_set_ex_data(rsa->ex_data, idx, data); + } + #else + (void)rsa; + (void)idx; + (void)data; + #endif + return WOLFSSL_FAILURE; +} + int wolfSSL_RSA_set0_key(WOLFSSL_RSA *r, WOLFSSL_BIGNUM *n, WOLFSSL_BIGNUM *e, WOLFSSL_BIGNUM *d) { @@ -40361,8 +40523,8 @@ void* wolfSSL_CTX_get_ex_data(const WOLFSSL_CTX* ctx, int idx) { WOLFSSL_ENTER("wolfSSL_CTX_get_ex_data"); #ifdef HAVE_EX_DATA - if(ctx != NULL && idx < MAX_EX_DATA && idx >= 0) { - return ctx->ex_data[idx]; + if(ctx != NULL) { + return wolfSSL_CRYPTO_get_ex_data(ctx->ex_data, idx); } #else (void)ctx; @@ -40386,6 +40548,24 @@ int wolfSSL_CTX_get_ex_new_index(long idx, void* arg, void* a, void* b, return ctx_idx++; } +void* wolfSSL_CRYPTO_get_ex_data(void * const* ex_data, int idx) +{ + WOLFSSL_ENTER("wolfSSL_CTX_get_ex_data"); + if(ex_data && idx < MAX_EX_DATA && idx >= 0) { + return ex_data[idx]; + } + return NULL; +} + +int wolfSSL_CRYPTO_set_ex_data(void** ex_data, int idx, void *data) +{ + WOLFSSL_ENTER("wolfSSL_CRYPTO_set_ex_data"); + if (ex_data && idx < MAX_EX_DATA && idx >= 0) { + ex_data[idx] = data; + return WOLFSSL_SUCCESS; + } + return WOLFSSL_FAILURE; +} /* Return the index that can be used for the WOLFSSL structure to store * application data. @@ -40413,10 +40593,9 @@ int wolfSSL_CTX_set_ex_data(WOLFSSL_CTX* ctx, int idx, void* data) { WOLFSSL_ENTER("wolfSSL_CTX_set_ex_data"); #ifdef HAVE_EX_DATA - if (ctx != NULL && idx < MAX_EX_DATA) + if (ctx != NULL) { - ctx->ex_data[idx] = data; - return WOLFSSL_SUCCESS; + return wolfSSL_CRYPTO_set_ex_data(ctx->ex_data, idx, data); } #else (void)ctx; @@ -40458,10 +40637,9 @@ int wolfSSL_set_ex_data(WOLFSSL* ssl, int idx, void* data) { WOLFSSL_ENTER("wolfSSL_set_ex_data"); #if defined(HAVE_EX_DATA) || defined(FORTRESS) - if (ssl != NULL && idx < MAX_EX_DATA) + if (ssl != NULL) { - ssl->ex_data[idx] = data; - return WOLFSSL_SUCCESS; + return wolfSSL_CRYPTO_set_ex_data(ssl->ex_data, idx, data); } #else WOLFSSL_MSG("HAVE_EX_DATA macro is not defined"); @@ -40478,8 +40656,9 @@ void* wolfSSL_get_ex_data(const WOLFSSL* ssl, int idx) { WOLFSSL_ENTER("wolfSSL_get_ex_data"); #if defined(HAVE_EX_DATA) || defined(FORTRESS) - if (ssl != NULL && idx < MAX_EX_DATA && idx >= 0) - return ssl->ex_data[idx]; + if (ssl != NULL) { + return wolfSSL_CRYPTO_get_ex_data(ssl->ex_data, idx); + } #else WOLFSSL_MSG("HAVE_EX_DATA macro is not defined"); (void)ssl; @@ -41923,6 +42102,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_EVP(WOLFSSL_EVP_PKEY** out, wolfSSL_EVP_PKEY_free(pkey); return NULL; } + pkey->rsa->pkey = pkey; if (wolfSSL_RSA_LoadDer_ex(pkey->rsa, (const unsigned char*)pkey->pkey.ptr, @@ -41994,9 +42174,8 @@ int wolfSSL_SESSION_set_ex_data(WOLFSSL_SESSION* session, int idx, void* data) { WOLFSSL_ENTER("wolfSSL_SESSION_set_ex_data"); #ifdef HAVE_EX_DATA - if(session != NULL && idx < MAX_EX_DATA) { - session->ex_data[idx] = data; - return WOLFSSL_SUCCESS; + if(session != NULL) { + return wolfSSL_CRYPTO_set_ex_data(session->ex_data, idx, data); } #else (void)session; @@ -42029,8 +42208,9 @@ void* wolfSSL_SESSION_get_ex_data(const WOLFSSL_SESSION* session, int idx) { WOLFSSL_ENTER("wolfSSL_SESSION_get_ex_data"); #ifdef HAVE_EX_DATA - if (session != NULL && idx < MAX_EX_DATA && idx >= 0) - return session->ex_data[idx]; + if (session != NULL) { + return wolfSSL_CRYPTO_get_ex_data(session->ex_data, idx); + } #else (void)session; (void)idx; @@ -43799,8 +43979,8 @@ void *wolfSSL_X509_get_ex_data(X509 *x509, int idx) { WOLFSSL_ENTER("wolfSSL_X509_get_ex_data"); #ifdef HAVE_EX_DATA - if (x509 != NULL && idx < MAX_EX_DATA && idx >= 0) { - return x509->ex_data[idx]; + if (x509 != NULL) { + return wolfSSL_CRYPTO_get_ex_data(x509->ex_data, idx); } #else (void)x509; @@ -43813,10 +43993,9 @@ int wolfSSL_X509_set_ex_data(X509 *x509, int idx, void *data) { WOLFSSL_ENTER("wolfSSL_X509_set_ex_data"); #ifdef HAVE_EX_DATA - if (x509 != NULL && idx < MAX_EX_DATA) + if (x509 != NULL) { - x509->ex_data[idx] = data; - return WOLFSSL_SUCCESS; + return wolfSSL_CRYPTO_set_ex_data(x509->ex_data, idx, data); } #else (void)x509; @@ -47450,25 +47629,7 @@ int wolfSSL_EVP_PKEY_assign_EC_KEY(EVP_PKEY* pkey, WOLFSSL_EC_KEY* key) pkey->ownEcc = 1; /* try and populate public pkey_sz and pkey.ptr */ - if (key->internal) { - ecc_key* ecc = (ecc_key*)key->internal; - int ret = wc_EccPublicKeyDerSize(ecc, 1); - if (ret > 0) { - int derSz = ret; - char* derBuf = (char*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (derBuf) { - ret = wc_EccPublicKeyToDer(ecc, (byte*)derBuf, derSz, 1); - if (ret >= 0) { - pkey->pkey_sz = ret; - pkey->pkey.ptr = derBuf; - } - else { /* failure - okay to ignore */ - XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); - derBuf = NULL; - } - } - } - } + ECC_populate_EVP_PKEY(pkey, (ecc_key*)key->internal); return WOLFSSL_SUCCESS; } diff --git a/tests/api.c b/tests/api.c index b3b41bad5..ef2eac84f 100644 --- a/tests/api.c +++ b/tests/api.c @@ -19910,6 +19910,7 @@ static void test_wolfSSL_PEM_RSAPrivateKey(void) #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ !defined(NO_FILESYSTEM) && !defined(NO_RSA) RSA* rsa = NULL; + RSA* rsa_dup = NULL; BIO* bio = NULL; printf(testingFmt, "wolfSSL_PEM_RSAPrivateKey()"); @@ -19918,8 +19919,12 @@ static void test_wolfSSL_PEM_RSAPrivateKey(void) AssertNotNull((rsa = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL))); AssertIntEQ(RSA_size(rsa), 256); + AssertNotNull(rsa_dup = RSAPublicKey_dup(rsa)); + AssertPtrNE(rsa_dup, rsa); + BIO_free(bio); RSA_free(rsa); + RSA_free(rsa_dup); #ifdef HAVE_ECC AssertNotNull(bio = BIO_new_file(eccKeyFile, "rb")); @@ -20075,6 +20080,54 @@ static void test_wolfSSL_PEM_PUBKEY(void) #endif } +static void test_DSA_do_sign_verify(void) +{ +#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \ + !defined(NO_DSA) + unsigned char digest[WC_SHA_DIGEST_SIZE]; + DSA_SIG* sig; + DSA* dsa; + word32 bytes; + byte sigBin[DSA_SIG_SIZE]; + int dsacheck; + +#ifdef USE_CERT_BUFFERS_1024 + byte tmp[ONEK_BUF]; + XMEMSET(tmp, 0, sizeof(tmp)); + XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024); + bytes = sizeof_dsa_key_der_1024; +#elif defined(USE_CERT_BUFFERS_2048) + byte tmp[TWOK_BUF]; + XMEMSET(tmp, 0, sizeof(tmp)); + XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048); + bytes = sizeof_dsa_key_der_2048; +#else + byte tmp[TWOK_BUF]; + XMEMSET(tmp, 0, sizeof(tmp)); + XFILE fp = XFOPEN("./certs/dsa2048.der", "rb"); + if (fp == XBADFILE) { + return WOLFSSL_BAD_FILE; + } + bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp); + XFCLOSE(fp); +#endif /* END USE_CERT_BUFFERS_1024 */ + + printf(testingFmt, "DSA_do_sign_verify()"); + XMEMSET(digest, 202, sizeof(digest)); + + AssertNotNull(dsa = DSA_new()); + AssertIntEQ(DSA_LoadDer(dsa, tmp, bytes), 1); + + AssertIntEQ(wolfSSL_DSA_do_sign(digest, sigBin, dsa), 1); + AssertIntEQ(wolfSSL_DSA_do_verify(digest, sigBin, dsa, &dsacheck), 1); + + AssertNotNull(sig = DSA_do_sign(digest, WC_SHA_DIGEST_SIZE, dsa)); + AssertIntEQ(DSA_do_verify(digest, WC_SHA_DIGEST_SIZE, sig, dsa), 1); + + DSA_SIG_free(sig); + DSA_free(dsa); +#endif +} static void test_wolfSSL_tmp_dh(void) { @@ -20089,8 +20142,6 @@ static void test_wolfSSL_tmp_dh(void) BIO* bio; SSL* ssl; SSL_CTX* ctx; - unsigned char digest[WC_SHA_DIGEST_SIZE] = {202}; // initialize to anything - DSA_SIG* sig; printf(testingFmt, "wolfSSL_tmp_dh()"); @@ -20117,9 +20168,6 @@ static void test_wolfSSL_tmp_dh(void) dh = wolfSSL_DSA_dup_DH(dsa); AssertNotNull(dh); - AssertNotNull(sig = DSA_do_sign(digest, WC_SHA_DIGEST_SIZE, dsa)); - DSA_SIG_free(sig); - AssertIntEQ((int)SSL_CTX_set_tmp_dh(ctx, dh), WOLFSSL_SUCCESS); #ifndef NO_WOLFSSL_SERVER AssertIntEQ((int)SSL_set_tmp_dh(ssl, dh), WOLFSSL_SUCCESS); @@ -30295,6 +30343,7 @@ void ApiTest(void) test_wolfSSL_PEM_bio_ECKey(); test_wolfSSL_PEM_RSAPrivateKey(); test_wolfSSL_PEM_PUBKEY(); + test_DSA_do_sign_verify(); test_wolfSSL_tmp_dh(); test_wolfSSL_ctrl(); test_wolfSSL_EVP_MD_size(); diff --git a/tests/unit.h b/tests/unit.h index e7e7687cc..67f49f5f9 100644 --- a/tests/unit.h +++ b/tests/unit.h @@ -96,11 +96,11 @@ } while(0) #define AssertPtrEq(x, y) AssertPtr(x, y, ==, !=) -#define AssertPtrNE(x, y) AssertInt(x, y, !=, ==) -#define AssertPtrGT(x, y) AssertInt(x, y, >, <=) -#define AssertPtrLT(x, y) AssertInt(x, y, <, >=) -#define AssertPtrGE(x, y) AssertInt(x, y, >=, <) -#define AssertPtrLE(x, y) AssertInt(x, y, <=, >) +#define AssertPtrNE(x, y) AssertPtr(x, y, !=, ==) +#define AssertPtrGT(x, y) AssertPtr(x, y, >, <=) +#define AssertPtrLT(x, y) AssertPtr(x, y, <, >=) +#define AssertPtrGE(x, y) AssertPtr(x, y, >=, <) +#define AssertPtrLE(x, y) AssertPtr(x, y, <=, >) void ApiTest(void); diff --git a/wolfssl/openssl/rsa.h b/wolfssl/openssl/rsa.h index 995c16f65..70c2efd5c 100644 --- a/wolfssl/openssl/rsa.h +++ b/wolfssl/openssl/rsa.h @@ -81,6 +81,9 @@ struct WOLFSSL_RSA { #if defined(OPENSSL_EXTRA) WOLFSSL_RSA_METHOD* meth; #endif +#if defined(HAVE_EX_DATA) + void* ex_data[MAX_EX_DATA]; /* external data */ +#endif }; WOLFSSL_API WOLFSSL_RSA* wolfSSL_RSA_new(void); @@ -118,6 +121,8 @@ WOLFSSL_API void wolfSSL_RSA_meth_free(WOLFSSL_RSA_METHOD *meth); WOLFSSL_API int wolfSSL_RSA_meth_set(WOLFSSL_RSA_METHOD *rsa, void* p); WOLFSSL_API int wolfSSL_RSA_set_method(WOLFSSL_RSA *rsa, WOLFSSL_RSA_METHOD *meth); WOLFSSL_API const WOLFSSL_RSA_METHOD* wolfSSL_RSA_get_method(const WOLFSSL_RSA *rsa); +WOLFSSL_API const WOLFSSL_RSA_METHOD* wolfSSL_RSA_get_default_method(void); + WOLFSSL_API void wolfSSL_RSA_get0_key(const WOLFSSL_RSA *r, const WOLFSSL_BIGNUM **n, const WOLFSSL_BIGNUM **e, const WOLFSSL_BIGNUM **d); WOLFSSL_API int wolfSSL_RSA_set0_key(WOLFSSL_RSA *r, WOLFSSL_BIGNUM *n, WOLFSSL_BIGNUM *e, @@ -125,6 +130,12 @@ WOLFSSL_API int wolfSSL_RSA_set0_key(WOLFSSL_RSA *r, WOLFSSL_BIGNUM *n, WOLFSSL_ WOLFSSL_API int wolfSSL_RSA_flags(const WOLFSSL_RSA *r); WOLFSSL_API void wolfSSL_RSA_set_flags(WOLFSSL_RSA *r, int flags); +WOLFSSL_API WOLFSSL_RSA* wolfSSL_RSAPublicKey_dup(WOLFSSL_RSA *rsa); + +WOLFSSL_API void* wolfSSL_RSA_get_ex_data(const WOLFSSL_RSA *rsa, int idx); +WOLFSSL_API int wolfSSL_RSA_set_ex_data(WOLFSSL_RSA *rsa, int idx, void *data); + + #define WOLFSSL_RSA_LOAD_PRIVATE 1 #define WOLFSSL_RSA_LOAD_PUBLIC 2 #define WOLFSSL_RSA_F4 0x10001L @@ -154,6 +165,7 @@ WOLFSSL_API void wolfSSL_RSA_set_flags(WOLFSSL_RSA *r, int flags); #define RSA_meth_set_init wolfSSL_RSA_meth_set #define RSA_meth_set_finish wolfSSL_RSA_meth_set #define RSA_meth_set0_app_data wolfSSL_RSA_meth_set +#define RSA_get_default_method wolfSSL_RSA_get_default_method #define RSA_get_method wolfSSL_RSA_get_method #define RSA_set_method wolfSSL_RSA_set_method #define RSA_get0_key wolfSSL_RSA_get0_key @@ -161,6 +173,8 @@ WOLFSSL_API void wolfSSL_RSA_set_flags(WOLFSSL_RSA *r, int flags); #define RSA_flags wolfSSL_RSA_flags #define RSA_set_flags wolfSSL_RSA_set_flags +#define RSAPublicKey_dup wolfSSL_RSAPublicKey_dup + #define RSA_get0_key wolfSSL_RSA_get0_key #define RSA_F4 WOLFSSL_RSA_F4 diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 36c7b33f2..099db31c4 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -626,6 +626,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #define SSL_COMP_add_compression_method wolfSSL_COMP_add_compression_method #define SSL_get_ex_new_index wolfSSL_get_ex_new_index +#define RSA_get_ex_new_index wolfSSL_get_ex_new_index #define ASN1_BIT_STRING_new wolfSSL_ASN1_BIT_STRING_new #define ASN1_BIT_STRING_free wolfSSL_ASN1_BIT_STRING_free diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index e98c9543f..3f2f00b27 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -217,10 +217,6 @@ struct WOLFSSL_ASN1_STRING { #define WOLFSSL_MAX_SNAME 40 -#if defined(HAVE_EX_DATA) || defined(FORTRESS) - #define MAX_EX_DATA 5 /* allow for five items of ex_data */ -#endif - #define WOLFSSL_ASN1_DYNAMIC 0x1 #define WOLFSSL_ASN1_DYNAMIC_DATA 0x2 @@ -2024,6 +2020,9 @@ WOLFSSL_API WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_set(WOLFSSL_ASN1_TIME *s, time_ WOLFSSL_API int wolfSSL_sk_num(WOLFSSL_STACK* sk); WOLFSSL_API void* wolfSSL_sk_value(WOLFSSL_STACK* sk, int i); +WOLFSSL_API void* wolfSSL_CRYPTO_get_ex_data(void * const* ex_data, int idx); +WOLFSSL_API int wolfSSL_CRYPTO_set_ex_data(void** ex_data, int idx, void *data); + /* stunnel 4.28 needs */ WOLFSSL_API void* wolfSSL_CTX_get_ex_data(const WOLFSSL_CTX*, int); WOLFSSL_API int wolfSSL_CTX_set_ex_data(WOLFSSL_CTX*, int, void*); @@ -2042,6 +2041,7 @@ WOLFSSL_API long wolfSSL_SESSION_get_timeout(const WOLFSSL_SESSION*); WOLFSSL_API long wolfSSL_SESSION_get_time(const WOLFSSL_SESSION*); WOLFSSL_API int wolfSSL_CTX_get_ex_new_index(long, void*, void*, void*, void*); + /* extra ends */ diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 39472abdc..d7a612bff 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -2109,6 +2109,9 @@ extern void uITRON4_free(void *p) ; #define WOLFSSL_BASE64_DECODE #endif +#if defined(HAVE_EX_DATA) || defined(FORTRESS) + #define MAX_EX_DATA 5 /* allow for five items of ex_data */ +#endif #ifdef __cplusplus } /* extern "C" */