diff --git a/configure.ac b/configure.ac index bed125b5b..fd49fbeaf 100644 --- a/configure.ac +++ b/configure.ac @@ -1536,7 +1536,7 @@ AC_ARG_ENABLE([dsa], [ ENABLED_DSA=no ] ) -if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_NGINX" = "yes" || test "$ENABLED_WPAS" = "yes" || test "$ENABLED_QT" = "yes" +if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_OPENVPN" = "yes" || test "$ENABLED_NGINX" = "yes" || test "$ENABLED_WPAS" = "yes" || test "$ENABLED_QT" = "yes" then ENABLED_DSA="yes" fi diff --git a/src/ssl.c b/src/ssl.c index bc14865ad..255ec7cc8 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -19268,21 +19268,14 @@ static const char* wolfSSL_internal_get_version(ProtocolVersion* version) if (version->major == SSLv3_MAJOR) { switch (version->minor) { - #ifndef NO_OLD_TLS - #ifdef WOLFSSL_ALLOW_SSLV3 case SSLv3_MINOR : return "SSLv3"; - #endif - #ifdef WOLFSSL_ALLOW_TLSV10 case TLSv1_MINOR : return "TLSv1"; - #endif case TLSv1_1_MINOR : return "TLSv1.1"; - #endif case TLSv1_2_MINOR : return "TLSv1.2"; - #ifdef WOLFSSL_TLS13 case TLSv1_3_MINOR : #ifdef WOLFSSL_TLS13_DRAFT #ifdef WOLFSSL_TLS13_DRAFT_18 @@ -19299,7 +19292,6 @@ static const char* wolfSSL_internal_get_version(ProtocolVersion* version) #else return "TLSv1.3"; #endif - #endif default: return "unknown"; } @@ -19337,6 +19329,13 @@ const char* wolfSSL_lib_version(void) return LIBWOLFSSL_VERSION_STRING; } +#ifdef OPENSSL_EXTRA +const char* wolfSSL_OpenSSL_version(void) +{ + return "wolfSSL " LIBWOLFSSL_VERSION_STRING; +} +#endif + /* current library version in hex */ word32 wolfSSL_lib_version_hex(void) @@ -29954,6 +29953,16 @@ int wolfSSL_DSA_do_verify(const unsigned char* d, unsigned char* sig, return WOLFSSL_SUCCESS; } + +int wolfSSL_DSA_bits(const WOLFSSL_DSA *d) +{ + if (!d) + return WOLFSSL_FAILURE; + if (!d->exSet && SetDsaExternal((WOLFSSL_DSA*)d) != WOLFSSL_SUCCESS) + return WOLFSSL_FAILURE; + return wolfSSL_BN_num_bits(d->p); +} + #if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) int wolfSSL_DSA_do_verify_ex(const unsigned char* digest, int digest_len, WOLFSSL_DSA_SIG* sig, WOLFSSL_DSA* dsa) @@ -33232,7 +33241,7 @@ size_t wolfSSL_EC_get_builtin_curves(WOLFSSL_EC_BUILTIN_CURVE *r, size_t nitems) r[i].comment = wolfSSL_OBJ_nid2sn(r[i].nid); } - return ecc_sets_count; + return min_nitems; } /* Start ECDSA_SIG */ diff --git a/tests/api.c b/tests/api.c index 91f391d6a..c230c3c4a 100644 --- a/tests/api.c +++ b/tests/api.c @@ -27185,7 +27185,7 @@ static void test_wolfSSL_AES_cbc_encrypt() #endif } -#if defined(WOLFSSL_QT) +#if defined(OPENSSL_ALL) #if !defined(NO_ASN) static void test_wolfSSL_ASN1_STRING_to_UTF8(void) { @@ -27253,7 +27253,7 @@ static void test_wolfSSL_sk_CIPHER_description(void) printf(testingFmt, "wolfSSL_sk_CIPHER_description"); - AssertNotNull(method = TLSv1_client_method()); + AssertNotNull(method = TLSv1_2_client_method()); AssertNotNull(ctx = SSL_CTX_new(method)); SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0); @@ -27311,7 +27311,7 @@ static void test_wolfSSL_get_ciphers_compat(void) printf(testingFmt, "wolfSSL_get_ciphers_compat"); - AssertNotNull(method = TLSv1_client_method()); + AssertNotNull(method = SSLv23_client_method()); AssertNotNull(ctx = SSL_CTX_new(method)); SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0); @@ -27618,14 +27618,18 @@ static void test_wolfSSL_EVP_PKEY_set1_get1_DSA(void) AssertIntEQ(SHA1_Final(hash,&sha), WOLFSSL_SUCCESS); /* Initialize pkey with der format dsa key */ - AssertNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_DSA, &pkey, + AssertNotNull(d2i_PrivateKey(EVP_PKEY_DSA, &pkey, &dsaKeyDer ,(long)dsaKeySz)); /* Test wolfSSL_EVP_PKEY_get1_DSA */ /* Should Fail: NULL argument */ - AssertNull(dsa = wolfSSL_EVP_PKEY_get1_DSA(NULL)); + AssertNull(dsa = EVP_PKEY_get0_DSA(NULL)); + AssertNull(dsa = EVP_PKEY_get1_DSA(NULL)); /* Should Pass: Initialized pkey argument */ - AssertNotNull(dsa = wolfSSL_EVP_PKEY_get1_DSA(pkey)); + AssertNotNull(dsa = EVP_PKEY_get0_DSA(pkey)); + AssertNotNull(dsa = EVP_PKEY_get1_DSA(pkey)); + + AssertIntEQ(DSA_bits(dsa), 2048); /* Sign */ AssertIntEQ(wolfSSL_DSA_do_sign(hash, signature, dsa), WOLFSSL_SUCCESS); @@ -27635,17 +27639,17 @@ static void test_wolfSSL_EVP_PKEY_set1_get1_DSA(void) /* Test wolfSSL_EVP_PKEY_set1_DSA */ /* Should Fail: set1Pkey not initialized */ - AssertIntNE(wolfSSL_EVP_PKEY_set1_DSA(set1Pkey, dsa), WOLFSSL_SUCCESS); + AssertIntNE(EVP_PKEY_set1_DSA(set1Pkey, dsa), WOLFSSL_SUCCESS); /* Initialize set1Pkey */ - set1Pkey = wolfSSL_EVP_PKEY_new(); + set1Pkey = EVP_PKEY_new(); /* Should Fail Verify: setDsa not initialized from set1Pkey */ AssertIntNE(wolfSSL_DSA_do_verify(hash,signature,setDsa,&answer), WOLFSSL_SUCCESS); /* Should Pass: set dsa into set1Pkey */ - AssertIntEQ(wolfSSL_EVP_PKEY_set1_DSA(set1Pkey, dsa), WOLFSSL_SUCCESS); + AssertIntEQ(EVP_PKEY_set1_DSA(set1Pkey, dsa), WOLFSSL_SUCCESS); printf(resultFmt, passed); DSA_free(dsa); @@ -28041,7 +28045,7 @@ static void test_wolfSSL_OBJ_ln(void) { int nCurves = 27; EC_builtin_curve r[nCurves]; - EC_get_builtin_curves(r,nCurves); + nCurves = EC_get_builtin_curves(r,nCurves); for (i = 0; i < nCurves; i++) { AssertIntEQ(OBJ_ln2nid(r[i].comment), r[i].nid); @@ -28080,7 +28084,7 @@ static void test_wolfSSL_OBJ_sn(void) printf(resultFmt, passed); } -#endif /* WOLFSSL_QT */ +#endif /* OPENSSL_ALL */ static void test_wolfSSL_X509V3_EXT_get(void) { @@ -32172,8 +32176,7 @@ void ApiTest(void) test_wolfSSL_EVP_PKEY_derive(); test_wolfSSL_RSA_padding_add_PKCS1_PSS(); -#if defined(WOLFSSL_QT) - printf("\n----------------Qt Unit Tests-------------------\n"); +#if defined(OPENSSL_ALL) test_wolfSSL_X509_PUBKEY_get(); test_wolfSSL_sk_CIPHER_description(); test_wolfSSL_get_ciphers_compat(); @@ -32190,9 +32193,7 @@ void ApiTest(void) test_wolfSSL_OBJ_ln(); test_wolfSSL_OBJ_sn(); - printf("\n-------------End Of Qt Unit Tests---------------\n"); - -#endif /* WOLFSSL_QT */ +#endif /* OPENSSL_ALL */ #if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)) && !defined(NO_RSA) AssertIntEQ(test_wolfSSL_CTX_use_certificate_ASN1(), WOLFSSL_SUCCESS); diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 4a0bb8103..9681a37cd 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -5800,6 +5800,14 @@ int wolfSSL_EVP_PKEY_set1_DSA(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_DSA *key) return WOLFSSL_SUCCESS; } +WOLFSSL_DSA* wolfSSL_EVP_PKEY_get0_DSA(struct WOLFSSL_EVP_PKEY *pkey) +{ + if (!pkey) { + return NULL; + } + return pkey->dsa; +} + WOLFSSL_DSA* wolfSSL_EVP_PKEY_get1_DSA(WOLFSSL_EVP_PKEY* key) { WOLFSSL_DSA* local; diff --git a/wolfssl/openssl/dsa.h b/wolfssl/openssl/dsa.h index 9267cf479..2729c09bd 100644 --- a/wolfssl/openssl/dsa.h +++ b/wolfssl/openssl/dsa.h @@ -80,6 +80,8 @@ WOLFSSL_API int wolfSSL_DSA_do_verify(const unsigned char* d, unsigned char* sig, WOLFSSL_DSA* dsa, int *dsacheck); +WOLFSSL_API int wolfSSL_DSA_bits(const WOLFSSL_DSA *d); + WOLFSSL_API WOLFSSL_DSA_SIG* wolfSSL_DSA_SIG_new(void); WOLFSSL_API void wolfSSL_DSA_SIG_free(WOLFSSL_DSA_SIG *sig); WOLFSSL_API WOLFSSL_DSA_SIG* wolfSSL_DSA_do_sign_ex(const unsigned char* digest, diff --git a/wolfssl/openssl/evp.h b/wolfssl/openssl/evp.h index 084ccaf00..e8846609c 100644 --- a/wolfssl/openssl/evp.h +++ b/wolfssl/openssl/evp.h @@ -521,6 +521,7 @@ WOLFSSL_API int wolfSSL_EVP_PKEY_assign_EC_KEY(WOLFSSL_EVP_PKEY* pkey, WOLFSSL_API int wolfSSL_EVP_PKEY_assign_DSA(EVP_PKEY* pkey, WOLFSSL_DSA* key); WOLFSSL_API int wolfSSL_EVP_PKEY_assign_DH(EVP_PKEY* pkey, WOLFSSL_DH* key); WOLFSSL_API WOLFSSL_RSA* wolfSSL_EVP_PKEY_get0_RSA(struct WOLFSSL_EVP_PKEY *pkey); +WOLFSSL_API WOLFSSL_DSA* wolfSSL_EVP_PKEY_get0_DSA(struct WOLFSSL_EVP_PKEY *pkey); WOLFSSL_API WOLFSSL_RSA* wolfSSL_EVP_PKEY_get1_RSA(WOLFSSL_EVP_PKEY*); WOLFSSL_API WOLFSSL_DSA* wolfSSL_EVP_PKEY_get1_DSA(WOLFSSL_EVP_PKEY*); WOLFSSL_API WOLFSSL_EC_KEY *wolfSSL_EVP_PKEY_get0_EC_KEY(WOLFSSL_EVP_PKEY *pkey); diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 6a435f649..485e8bb1c 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -340,8 +340,8 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define DSA_dup_DH wolfSSL_DSA_dup_DH /* wolfSSL does not support DSA as the cert public key */ -#define EVP_PKEY_get0_DSA(...) NULL -#define DSA_bits(...) 0 +#define EVP_PKEY_get0_DSA wolfSSL_EVP_PKEY_get0_DSA +#define DSA_bits wolfSSL_DSA_bits #define i2d_X509_bio wolfSSL_i2d_X509_bio #define d2i_X509_bio wolfSSL_d2i_X509_bio @@ -381,7 +381,9 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define X509_get_pubkey wolfSSL_X509_get_pubkey #define X509_get0_pubkey wolfSSL_X509_get_pubkey #define X509_get_notBefore wolfSSL_X509_get_notBefore +#define X509_get0_notBefore wolfSSL_X509_get_notBefore #define X509_get_notAfter wolfSSL_X509_get_notAfter +#define X509_get0_notAfter wolfSSL_X509_get_notAfter #define X509_get_serialNumber wolfSSL_X509_get_serialNumber #define X509_get0_pubkey_bitstr wolfSSL_X509_get0_pubkey_bitstr #define X509_get_ex_new_index wolfSSL_X509_get_ex_new_index @@ -1227,7 +1229,7 @@ enum { #define X509_OBJECT_free wolfSSL_X509_OBJECT_free #define X509_OBJECT_get_type(x) 0 -#define OpenSSL_version(x) wolfSSL_lib_version() +#define OpenSSL_version(x) wolfSSL_OpenSSL_version() #ifdef __cplusplus } /* extern "C" */ diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 5522c7d61..798c5d6b5 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -2088,6 +2088,7 @@ WOLFSSL_ABI WOLFSSL_API int wolfSSL_Cleanup(void); /* which library version do we have */ WOLFSSL_API const char* wolfSSL_lib_version(void); +WOLFSSL_API const char* wolfSSL_OpenSSL_version(void); /* which library version do we have in hex */ WOLFSSL_API word32 wolfSSL_lib_version_hex(void);