diff --git a/src/ssl.c b/src/ssl.c index d5865cdbe..ade1ef9ce 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -33177,6 +33177,94 @@ end: } #ifndef NO_FILESYSTEM +/* Convert DH key parameters to DER format, write to output (outSz) + * If output is NULL then max expected size is set to outSz and LENGTH_ONLY_E is + * returned. + * + * Note : static function due to redefinition complications with DhKey and FIPS + * version 2 build. + * + * return bytes written on success */ +static int wc_DhParamsToDer(DhKey* key, byte* out, word32* outSz) +{ + word32 sz = 0, idx = 0; + int pSz = 0, gSz = 0, ret; + byte scratch[MAX_LENGTH_SZ]; + + if (key == NULL || outSz == NULL) { + return BAD_FUNC_ARG; + } + + pSz = mp_unsigned_bin_size(&key->p); + if (pSz < 0) { + return pSz; + } + if (mp_leading_bit(&key->p)) { + pSz++; + } + + gSz = mp_unsigned_bin_size(&key->g); + if (gSz < 0) { + return gSz; + } + if (mp_leading_bit(&key->g)) { + gSz++; + } + + sz = ASN_TAG_SZ; /* Integer */ + sz += SetLength(pSz, scratch); + sz += ASN_TAG_SZ; /* Integer */ + sz += SetLength(gSz, scratch); + sz += gSz + pSz; + + if (out == NULL) { + byte seqScratch[MAX_SEQ_SZ]; + + *outSz = sz + SetSequence(sz, seqScratch); + return LENGTH_ONLY_E; + } + + if (*outSz < MAX_SEQ_SZ || *outSz < sz) { + return BUFFER_E; + } + + idx += SetSequence(sz, out); + if (*outSz < idx + sz) { + return BUFFER_E; + } + + out[idx++] = ASN_INTEGER; + idx += SetLength(pSz, out + idx); + if (mp_leading_bit(&key->p)) { + out[idx++] = 0x00; + pSz -= 1; /* subtract 1 from size to account for leading 0 */ + } + ret = mp_to_unsigned_bin(&key->p, out + idx); + if (ret != MP_OKAY) { + return BUFFER_E; + } + idx += pSz; + + out[idx++] = ASN_INTEGER; + idx += SetLength(gSz, out + idx); + if (mp_leading_bit(&key->g)) { + out[idx++] = 0x00; + gSz -= 1; /* subtract 1 from size to account for leading 0 */ + } + ret = mp_to_unsigned_bin(&key->g, out + idx); + if (ret != MP_OKAY) { + return BUFFER_E; + } + idx += gSz; + return idx; +} + + +/* Writes the DH parameters in PEM format from "dh" out to the file pointer + * passed in. + * + * returns WOLFSSL_SUCCESS on success + */ int wolfSSL_PEM_write_DHparams(XFILE fp, WOLFSSL_DH* dh) { int ret; diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index bca6a3997..07c875e11 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -4040,85 +4040,6 @@ int wc_DhParamsLoad(const byte* input, word32 inSz, byte* p, word32* pInOutSz, return 0; } - - -/* Convert DH key parameters to DER format, write to output (outSz) - * If output is NULL then max expected size is set to outSz and LENGTH_ONLY_E is - * returned. - * return bytes written on success */ -int wc_DhParamsToDer(DhKey* key, byte* out, word32* outSz) -{ - word32 sz = 0, idx = 0; - int pSz = 0, gSz = 0, ret; - byte scratch[MAX_LENGTH_SZ]; - - if (key == NULL || outSz == NULL) { - return BAD_FUNC_ARG; - } - - pSz = mp_unsigned_bin_size(&key->p); - if (pSz < 0) { - return pSz; - } - if (mp_leading_bit(&key->p)) { - pSz++; - } - - gSz = mp_unsigned_bin_size(&key->g); - if (gSz < 0) { - return gSz; - } - if (mp_leading_bit(&key->g)) { - gSz++; - } - - sz = ASN_TAG_SZ; /* Integer */ - sz += SetLength(pSz, scratch); - sz += ASN_TAG_SZ; /* Integer */ - sz += SetLength(gSz, scratch); - sz += gSz + pSz; - - if (out == NULL) { - byte seqScratch[MAX_SEQ_SZ]; - - *outSz = sz + SetSequence(sz, seqScratch); - return LENGTH_ONLY_E; - } - - if (*outSz < MAX_SEQ_SZ || *outSz < sz) { - return BUFFER_E; - } - - idx += SetSequence(sz, out); - if (*outSz < idx + sz) { - return BUFFER_E; - } - - out[idx++] = ASN_INTEGER; - idx += SetLength(pSz, out + idx); - if (mp_leading_bit(&key->p)) { - out[idx++] = 0x00; - pSz -= 1; /* subtract 1 from size to account for leading 0 */ - } - ret = mp_to_unsigned_bin(&key->p, out + idx); - if (ret != MP_OKAY) { - return BUFFER_E; - } - idx += pSz; - - out[idx++] = ASN_INTEGER; - idx += SetLength(gSz, out + idx); - if (mp_leading_bit(&key->g)) { - out[idx++] = 0x00; - gSz -= 1; /* subtract 1 from size to account for leading 0 */ - } - ret = mp_to_unsigned_bin(&key->g, out + idx); - if (ret != MP_OKAY) { - return BUFFER_E; - } - idx += gSz; - return idx; -} #endif /* NO_DH */ diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h index d35ec6f03..5261a6c6e 100644 --- a/wolfssl/wolfcrypt/asn_public.h +++ b/wolfssl/wolfcrypt/asn_public.h @@ -45,10 +45,6 @@ typedef struct RsaKey RsaKey; #define WC_RSAKEY_TYPE_DEFINED #endif -#ifndef WC_DHKEY_TYPE_DEFINED - typedef struct DhKey DhKey; - #define WC_DHKEY_TYPE_DEFINED -#endif #ifndef WC_RNG_TYPE_DEFINED typedef struct WC_RNG WC_RNG; #define WC_RNG_TYPE_DEFINED @@ -484,10 +480,6 @@ WOLFSSL_API void wc_FreeDer(DerBuffer** pDer); word32 inLen, int with_AlgCurve); #endif -#ifndef NO_DH - WOLFSSL_API int wc_DhParamsToDer(DhKey* key, byte* out, word32* outSz); -#endif - #ifdef HAVE_ED25519 /* private key helpers */ WOLFSSL_API int wc_Ed25519PrivateKeyDecode(const byte*, word32*, diff --git a/wolfssl/wolfcrypt/dh.h b/wolfssl/wolfcrypt/dh.h index 2aa317714..1f51c8dc0 100644 --- a/wolfssl/wolfcrypt/dh.h +++ b/wolfssl/wolfcrypt/dh.h @@ -57,17 +57,13 @@ typedef struct DhParams { } DhParams; /* Diffie-Hellman Key */ -struct DhKey { +typedef struct DhKey { mp_int p, g, q; /* group parameters */ void* heap; #ifdef WOLFSSL_ASYNC_CRYPT WC_ASYNC_DEV asyncDev; #endif -}; -#ifndef WC_DHKEY_TYPE_DEFINED - typedef struct DhKey DhKey; - #define WC_DHKEY_TYPE_DEFINED -#endif +} DhKey; #ifdef HAVE_FFDHE_2048