wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 20:24:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

WOLFSSL_RSA in EVP_PKEY structure and fixes for PKCS12 build

Browse Source
This commit is contained in:
Jacob Barthelmeh
2017-01-24 14:28:53 -07:00
parent 863034f20f
commit 54246053de
8 changed files with 204 additions and 101 deletions
Download Patch File Download Diff File Expand all files Collapse all files

122
src/ssl.c
View File

@@ -16892,9 +16892,7 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
/* get key type */
ret = BAD_STATE_E;
if (pk != NULL) { /* decode key if present */
/* using dynamic type public key because of wolfSSL_EVP_PKEY_free */
*pkey = (WOLFSSL_EVP_PKEY*)XMALLOC(sizeof(WOLFSSL_EVP_PKEY),
heap, DYNAMIC_TYPE_PUBLIC_KEY);
*pkey = wolfSSL_PKEY_new_ex(heap);
if (*pkey == NULL) {
wolfSSL_X509_free(*cert); *cert = NULL;
if (ca != NULL) {
@@ -16914,8 +16912,33 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
else {
if ((ret = wc_RsaPrivateKeyDecode(pk, &keyIdx, &key, pkSz))
== 0) {
(*pkey)->type = RSAk;
(*pkey)->type = EVP_PKEY_RSA;
(*pkey)->rsa = wolfSSL_RSA_new();
(*pkey)->ownRsa = 1; /* we own RSA */
if ((*pkey)->rsa == NULL) {
WOLFSSL_MSG("issue creating EVP RSA key");
wolfSSL_X509_free(*cert); *cert = NULL;
if (ca != NULL) {
wolfSSL_sk_X509_free(*ca); *ca = NULL;
}
wolfSSL_EVP_PKEY_free(*pkey); *pkey = NULL;
XFREE(pk, heap, DYNAMIC_TYPE_PKCS);
return SSL_FAILURE;
}
if ((ret = wolfSSL_RSA_LoadDer_ex((*pkey)->rsa, pk, pkSz,
WOLFSSL_RSA_LOAD_PRIVATE)) != SSL_SUCCESS) {
WOLFSSL_MSG("issue loading RSA key");
wolfSSL_X509_free(*cert); *cert = NULL;
if (ca != NULL) {
wolfSSL_sk_X509_free(*ca); *ca = NULL;
}
wolfSSL_EVP_PKEY_free(*pkey); *pkey = NULL;
XFREE(pk, heap, DYNAMIC_TYPE_PKCS);
return SSL_FAILURE;
}
WOLFSSL_MSG("Found PKCS12 RSA key");
ret = 0; /* set in success state for upcoming ECC check */
}
wc_FreeRsaKey(&key);
}
@@ -16933,8 +16956,8 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
if (ca != NULL) {
wolfSSL_sk_X509_free(*ca); *ca = NULL;
}
XFREE(*pkey, heap, DYNAMIC_TYPE_PUBLIC_KEY); *pkey = NULL;
XFREE(pk, heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL_EVP_PKEY_free(*pkey); *pkey = NULL;
XFREE(pk, heap, DYNAMIC_TYPE_PKCS);
return 0;
}
@@ -16944,8 +16967,8 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
if (ca != NULL) {
wolfSSL_sk_X509_free(*ca); *ca = NULL;
}
XFREE(*pkey, heap, DYNAMIC_TYPE_PUBLIC_KEY); *pkey = NULL;
XFREE(pk, heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL_EVP_PKEY_free(*pkey); *pkey = NULL;
XFREE(pk, heap, DYNAMIC_TYPE_PKCS);
WOLFSSL_MSG("Bad PKCS12 key format");
return 0;
}
@@ -16961,8 +16984,8 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
if (ca != NULL) {
wolfSSL_sk_X509_free(*ca); *ca = NULL;
}
XFREE(*pkey, heap, DYNAMIC_TYPE_PUBLIC_KEY); *pkey = NULL;
XFREE(pk, heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL_EVP_PKEY_free(*pkey); *pkey = NULL;
XFREE(pk, heap, DYNAMIC_TYPE_PKCS);
WOLFSSL_MSG("Bad PKCS12 key format");
return 0;
}
@@ -17256,24 +17279,32 @@ void wolfSSL_X509_OBJECT_free_contents(WOLFSSL_X509_OBJECT* obj)
}
WOLFSSL_EVP_PKEY* wolfSSL_PKEY_new()
WOLFSSL_EVP_PKEY* wolfSSL_PKEY_new(){
return wolfSSL_PKEY_new_ex(NULL);
}
WOLFSSL_EVP_PKEY* wolfSSL_PKEY_new_ex(void* heap)
{
WOLFSSL_EVP_PKEY* pkey;
int ret;
WOLFSSL_ENTER("wolfSSL_PKEY_new");
pkey = (WOLFSSL_EVP_PKEY*)XMALLOC(sizeof(WOLFSSL_EVP_PKEY), NULL,
pkey = (WOLFSSL_EVP_PKEY*)XMALLOC(sizeof(WOLFSSL_EVP_PKEY), heap,
DYNAMIC_TYPE_PUBLIC_KEY);
if (pkey != NULL) {
XMEMSET(pkey, 0, sizeof(WOLFSSL_EVP_PKEY));
pkey->heap = heap;
pkey->type = WOLFSSL_EVP_PKEY_DEFAULT;
pkey->pkey.ptr = (char*)wolfSSL_RSA_new();
ret = wc_InitRng(&(pkey->rng));
if((pkey->pkey.ptr == NULL) || (ret != 0)){
XFREE(pkey, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
ret = wc_InitRng_ex(&(pkey->rng), heap);
if (ret != 0){
wolfSSL_EVP_PKEY_free(pkey);
WOLFSSL_MSG("memory falure");
return NULL;
}
} else WOLFSSL_MSG("memory failure");
}
else {
WOLFSSL_MSG("memory failure");
}
return pkey;
}
@@ -17283,18 +17314,23 @@ void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY* key)
{
WOLFSSL_ENTER("wolfSSL_PKEY_free");
if (key != NULL) {
wc_FreeRng(&(key->rng));
if (key->pkey.ptr != NULL)
{
switch(key->type)
{
case EVP_PKEY_RSA:
/*do nothing */
break;
default:
break;
}
XFREE(key->pkey.ptr, pkey->heap, DYNAMIC_TYPE_PUBLIC_KEY);
}
XFREE(key, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
switch(key->type)
{
case EVP_PKEY_RSA:
if (key->rsa != NULL && key->ownRsa == 1) {
wolfSSL_RSA_free(key->rsa);
}
break;
default:
break;
}
XFREE(key, pkey->heap, DYNAMIC_TYPE_PUBLIC_KEY);
}
}
@@ -21608,28 +21644,37 @@ WOLFSSL_API int wolfSSL_RSA_verify(int type, const unsigned char* m,
sigDec = (unsigned char *)XMALLOC(sigLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if(sigRet == NULL){
WOLFSSL_MSG("Memory failure");
XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return 0;
}
/* get non-encrypted signature to be compared with decrypted sugnature*/
ret = wolfSSL_RSA_sign_ex(type, m, mLen, sigRet, &len, rsa, 0);
if(ret <= 0){
WOLFSSL_MSG("Message Digest Error");
return 0;
WOLFSSL_MSG("Message Digest Error");
XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(sigDec, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return 0;
}
show("Encoded Message", sigRet, len);
/* decrypt signature */
ret = wc_RsaSSL_Verify(sig, sigLen, (unsigned char *)sigDec, sigLen, (RsaKey*)rsa->internal);
if(ret <= 0){
WOLFSSL_MSG("RSA Decrypt error");
XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(sigDec, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return 0;
}
show("Decrypted Signature", sigDec, ret);
if(XMEMCMP(sigRet, sigDec, ret) == 0){
WOLFSSL_MSG("wolfSSL_RSA_verify success");
XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(sigDec, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return 1;
} else {
WOLFSSL_MSG("wolfSSL_RSA_verify failed");
XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(sigDec, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return 0;
}
}
@@ -21905,13 +21950,24 @@ WOLFSSL_RSA* wolfSSL_EVP_PKEY_get1_RSA(WOLFSSL_EVP_PKEY* key)
return NULL;
}
/* with set1 functions the pkey struct does not own the RSA structure */
WOLFSSL_API int wolfSSL_EVP_PKEY_set1_RSA(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_RSA *key)
{
if((pkey == NULL) || (key ==NULL))return 0;
WOLFSSL_ENTER("wolfSSL_EVP_PKEY_set1_RSA");
pkey->pkey.ptr = (char *)key;
if (pkey->rsa != NULL && pkey->ownRsa == 1) {
wolfSSL_RSA_free(pkey->rsa);
}
pkey->rsa = key;
pkey->ownRsa = 0; /* pkey does not own RSA */
pkey->type = EVP_PKEY_RSA;
((RsaKey *)pkey->pkey.ptr)->rng = &(pkey->rng);
#ifdef WC_RSA_BLINDING
if (wc_RsaSetRNG((RsaKey*)(pkey->rsa->internal), &(pkey->rng)) != 0) {
WOLFSSL_MSG("Error setting RSA rng");
return SSL_FAILURE;
}
#endif
return 1;
}
@@ -24326,10 +24382,12 @@ int wolfSSL_RSA_LoadDer_ex(WOLFSSL_RSA* rsa, const unsigned char* derBuf,
ret = wc_RsaPublicKeyDecode(derBuf, &idx, (RsaKey*)rsa->internal, derSz);
if (ret < 0) {
if(opt == WOLFSSL_RSA_LOAD_PRIVATE)
if(opt == WOLFSSL_RSA_LOAD_PRIVATE) {
WOLFSSL_MSG("RsaPrivateKeyDecode failed");
else
}
else {
WOLFSSL_MSG("RsaPublicKeyDecode failed");
}
return SSL_FATAL_ERROR;
}

2
tests/api.c
View File

@@ -14806,6 +14806,7 @@ static void test_wolfSSL_pkcs8(void)
/* file from wolfssl/certs/ directory */
AssertNotNull(f = fopen("./certs/ecc-keyPkcs8.pem", "rb"));
AssertIntGT((bytes = (int)fread(buffer, 1, sizeof(buffer), f)), 0);
fclose(f);
AssertNotNull(bio = BIO_new_mem_buf((void*)buffer, bytes));
AssertNotNull(pt = d2i_PKCS8_PRIV_KEY_INFO_bio(bio, NULL));
BIO_free(bio);
@@ -14926,7 +14927,6 @@ static void test_no_op_functions(void)
OpenSSL_add_all_ciphers();
CRYPTO_malloc_init();
wolfSSL_OBJ_nid2obj(1);
printf(resultFmt, passed);
#endif
}

27
wolfcrypt/src/asn.c
View File

@@ -2253,6 +2253,9 @@ int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz,
return BAD_FUNC_ARG;
}
(void)curveOID;
(void)oidSz;
return 1;
}
@@ -2270,7 +2273,7 @@ int UnTraditionalEnc(byte* key, word32 keySz, byte* out, word32* outSz,
{
int algoID = 0;
byte* tmp;
word32 tmpSz;
word32 tmpSz = 0;
word32 sz;
word32 seqSz;
word32 inOutIdx = 0;
@@ -2413,6 +2416,7 @@ int UnTraditionalEnc(byte* key, word32 keySz, byte* out, word32* outSz,
#endif
return ret;
}
tmpSz = ret;
#ifdef WOLFSSL_SMALL_STACK
cbcIv = (byte*)XMALLOC(MAX_IV_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -2696,13 +2700,19 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz,
if ((ret = wc_RNG_GenerateBlock(rng, saltTmp, saltSz)) != 0) {
WOLFSSL_MSG("Error generating random salt");
#ifdef WOLFSSL_SMALL_STACK
XFREE(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret;
}
}
if (tmpIdx + MAX_LENGTH_SZ + saltSz + MAX_SHORT_SZ > *outSz)
if (tmpIdx + MAX_LENGTH_SZ + saltSz + MAX_SHORT_SZ > *outSz) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return BUFFER_E;
}
sz = SetLength(saltSz, out + tmpIdx);
tmpIdx += sz;
@@ -2726,9 +2736,9 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz,
inOutIdx += sz; totalSz += sz;
#ifdef WOLFSSL_SMALL_STACK
cbcIv = (byte*)XMALLOC(MAX_IV_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
cbcIv = (byte*)XMALLOC(MAX_IV_SIZE, heap, DYNAMIC_TYPE_TMP_BUFFER);
if (cbcIv == NULL) {
XFREE(salt, NULL, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
return MEMORY_E;
}
#endif
@@ -2736,9 +2746,18 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz,
if ((ret = CryptKey(password, passwordSz, salt, saltSz, itt, id,
input, inputSz, version, cbcIv, 1)) < 0) {
#ifdef WOLFSSL_SMALL_STACK
XFREE(cbcIv, heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif
return ret; /* encrypt failure */
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(cbcIv, heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER);
#endif
if (inOutIdx + 1 + MAX_LENGTH_SZ + inputSz > *outSz)
return BUFFER_E;

11
wolfcrypt/src/evp.c
View File

@@ -598,6 +598,7 @@ WOLFSSL_API int wolfSSL_EVP_PKEY_CTX_free(WOLFSSL_EVP_PKEY_CTX *ctx)
{
if (ctx == NULL)return 0;
WOLFSSL_ENTER("EVP_PKEY_CTX_free");
XFREE(ctx, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
return 1;
}
@@ -636,7 +637,7 @@ WOLFSSL_API int wolfSSL_EVP_PKEY_decrypt(WOLFSSL_EVP_PKEY_CTX *ctx,
switch(ctx->pkey->type){
case EVP_PKEY_RSA:
*outlen = wolfSSL_RSA_private_decrypt((int)inlen, (unsigned char*)in, out,
(WOLFSSL_RSA*)ctx->pkey->pkey.ptr, ctx->padding);
ctx->pkey->rsa, ctx->padding);
if(*outlen > 0)
return 1;
else
@@ -679,7 +680,7 @@ WOLFSSL_API int wolfSSL_EVP_PKEY_encrypt(WOLFSSL_EVP_PKEY_CTX *ctx,
switch(ctx->pkey->type){
case EVP_PKEY_RSA:
*outlen = wolfSSL_RSA_public_encrypt((int)inlen, (unsigned char *)in, out,
(WOLFSSL_RSA*)ctx->pkey->pkey.ptr, ctx->padding);
ctx->pkey->rsa, ctx->padding);
return (int)*outlen;
case EVP_PKEY_EC:
@@ -726,7 +727,7 @@ WOLFSSL_API int wolfSSL_EVP_PKEY_size(WOLFSSL_EVP_PKEY *pkey)
switch(pkey->type){
case EVP_PKEY_RSA:
return (int)wolfSSL_RSA_size((const WOLFSSL_RSA*)(pkey->pkey.ptr));
return (int)wolfSSL_RSA_size((const WOLFSSL_RSA*)(pkey->rsa));
case EVP_PKEY_EC:
WOLFSSL_MSG("not implemented");
@@ -779,7 +780,7 @@ WOLFSSL_API int wolfSSL_EVP_SignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *si
int nid = md2nid(ctx->macType);
if(nid < 0)return 0;
return wolfSSL_RSA_sign(nid, md, mdsize, sigret,
siglen, (WOLFSSL_RSA*)(pkey->pkey.ptr));
siglen, pkey->rsa);
}
case EVP_PKEY_DSA:
case EVP_PKEY_EC:
@@ -823,7 +824,7 @@ WOLFSSL_API int wolfSSL_EVP_VerifyFinal(WOLFSSL_EVP_MD_CTX *ctx,
int nid = md2nid(ctx->macType);
if(nid < 0)return 0;
return wolfSSL_RSA_verify(nid, md, mdsize, sig,
(unsigned int)siglen, (WOLFSSL_RSA*)(pkey->pkey.ptr));
(unsigned int)siglen, pkey->rsa);
}
case EVP_PKEY_DSA:
case EVP_PKEY_EC:

10
wolfcrypt/src/pkcs12.c
View File

@@ -490,10 +490,6 @@ static int wc_PKCS12_create_mac(WC_PKCS12* pkcs12, byte* data, word32 dataSz,
mac = pkcs12->signData;
#ifdef WOLFSSL_DEBUG_PKCS12
printf("Verifying MAC with OID = %d\n", mac->oid);
#endif
/* unicode set up from asn.c */
if ((pswSz * 2 + 2) > (int)sizeof(unicodePasswd)) {
WOLFSSL_MSG("PKCS12 max unicode size too small");
@@ -1908,6 +1904,7 @@ WC_PKCS12* wc_PKCS12_create(char* pass, word32 passSz, char* name,
wc_FreeRng(&rng);
return NULL;
}
XMEMSET(mac, 0, sizeof(MacData));
pkcs12->signData = mac; /* now wc_PKCS12_free will free all mac too */
#ifndef NO_SHA256
@@ -1918,7 +1915,7 @@ WC_PKCS12* wc_PKCS12_create(char* pass, word32 passSz, char* name,
mac->oid = SHA384;
#elif defined(WOLFSSL_SHA512)
mac->oid = SHA512;
#elif
#else
WOLFSSL_MSG("No supported hash algorithm compiled in!");
wc_PKCS12_free(pkcs12);
wc_FreeRng(&rng);
@@ -1965,6 +1962,9 @@ WC_PKCS12* wc_PKCS12_create(char* pass, word32 passSz, char* name,
}
XMEMCPY(mac->digest, digest, mac->digestSz);
}
else {
pkcs12->signData = NULL;
}
wc_FreeRng(&rng);
(void)name;

126
wolfcrypt/test/test.c
View File

@@ -10319,8 +10319,8 @@ int openssl_test(void)
}
int openSSL_evpMD_test(void)
//int main()
{
#ifndef NO_SHA256
int ret ;
WOLFSSL_EVP_MD_CTX* ctx;
WOLFSSL_EVP_MD_CTX* ctx2;
@@ -10329,39 +10329,44 @@ int openSSL_evpMD_test(void)
ctx2 = EVP_MD_CTX_create();
ret = EVP_DigestInit(ctx, EVP_sha256());
ret = EVP_MD_CTX_copy(ctx2, ctx);
{
int type1, type2;
type1 = EVP_MD_type(EVP_sha256()) ;
type2 = EVP_MD_CTX_type(ctx2);
if (EVP_MD_type(EVP_sha256()) != EVP_MD_CTX_type(ctx2)) {
printf("error copying over\n");
return -1;
if (ret != SSL_SUCCESS) {
return -3449;
}
ret = EVP_MD_CTX_copy(ctx2, ctx);
if (ret != SSL_SUCCESS) {
return -3450;
}
if (EVP_MD_type(EVP_sha256()) != EVP_MD_CTX_type(ctx2)) {
return -3451;
}
ret = EVP_DigestInit(ctx, EVP_sha1());
if (ret != SSL_SUCCESS) {
return -3452;
}
if (EVP_MD_type(EVP_sha256()) != EVP_MD_CTX_type(ctx2)) {
printf("error copying over\n");
return -1;
return -3453;
}
ret = EVP_MD_CTX_copy_ex(ctx2, ctx);
if (ret != SSL_SUCCESS) {
return -3454;
}
if (EVP_MD_type(EVP_sha256()) == EVP_MD_CTX_type(ctx2)) {
printf("error copying over\n");
return -1;
return -3455;
}
if (EVP_MD_type(EVP_sha1()) != EVP_MD_CTX_type(ctx2)) {
printf("error copying over\n");
return -1;
return -3456;
}
EVP_MD_CTX_destroy(ctx);
EVP_MD_CTX_destroy(ctx2);
#endif /* NO_SHA256 */
return 0;
}
@@ -10402,7 +10407,7 @@ int openssl_pkey0_test(void)
#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
FILE *keyFile, *keypubFile;
char cliKey[] = "./certs/client-key.der";
char cliKeypub[] = "./certs/client-keypub.der";
char cliKeypub[] = "./certs/client-keyPub.der";
#endif
#ifdef WOLFSSL_TEST_CERT
@@ -10413,8 +10418,10 @@ int openssl_pkey0_test(void)
if (prvTmp == NULL)
return -40;
pubTmp = (byte*)XMALLOC(FOURK_BUFF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
if (pubTmp == NULL)
return -40;
if (pubTmp == NULL) {
XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
return -41;
}
#ifdef USE_CERT_BUFFERS_1024
XMEMCPY(prvTmp, client_key_der_1024, sizeof_client_key_der_1024);
@@ -10431,8 +10438,9 @@ int openssl_pkey0_test(void)
if (!keyFile) {
err_sys("can't open ./certs/client-key.der, "
"Please run from wolfSSL home dir", -40);
XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
return -40;
return -42;
}
prvBytes = (int)fread(prvTmp, 1, (int)FOURK_BUFF, keyFile);
fclose(keyFile);
@@ -10560,14 +10568,15 @@ int openssl_pkey0_test(void)
int openssl_evpSig_test()
{
#ifndef NO_RSA
byte* prvTmp;
byte* pubTmp;
int prvBytes;
int pubBytes;
RSA *prvRsa;
RSA *pubRsa;
EVP_PKEY *prvPkey;
EVP_PKEY *pubPkey;
byte* pubTmp;
int prvBytes;
int pubBytes;
RSA *prvRsa;
RSA *pubRsa;
EVP_PKEY *prvPkey;
EVP_PKEY *pubPkey;
EVP_MD_CTX* sign;
EVP_MD_CTX* verf;
@@ -10576,12 +10585,12 @@ int openssl_evpSig_test()
unsigned int sigSz;
const void* pt;
unsigned int count;
int ret;
int ret;
#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
FILE *keyFile, *keypubFile;
char cliKey[] = "./certs/client-key.der";
char cliKeypub[] = "./certs/client-keypub.der";
char cliKeypub[] = "./certs/client-keyPub.der";
#endif
#define d2i_X509_fp(a,b) NULL
@@ -10618,34 +10627,38 @@ int openssl_evpSig_test()
err_sys("can't open ./certs/client-cert.der, "
"Please run from wolfSSL home dir", -41);
XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
return -41;
XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
return -43;
}
pubBytes = (int)fread(pubTmp, 1, (int)FOURK_BUFF, keypubFile);
fclose(keypubFile);
#endif /* USE_CERT_BUFFERS */
prvRsa = wolfSSL_RSA_new();
pubRsa = wolfSSL_RSA_new();
if((prvRsa == NULL) || (pubRsa == NULL)){
printf("error with RSA_new\n");
return -1;
}
prvRsa = wolfSSL_RSA_new();
pubRsa = wolfSSL_RSA_new();
if((prvRsa == NULL) || (pubRsa == NULL)){
XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
return -44;
}
wolfSSL_RSA_LoadDer_ex(prvRsa, prvTmp, prvBytes, WOLFSSL_RSA_LOAD_PRIVATE);
wolfSSL_RSA_LoadDer_ex(pubRsa, pubTmp, pubBytes, WOLFSSL_RSA_LOAD_PUBLIC);
wolfSSL_RSA_LoadDer_ex(prvRsa, prvTmp, prvBytes, WOLFSSL_RSA_LOAD_PRIVATE);
wolfSSL_RSA_LoadDer_ex(pubRsa, pubTmp, pubBytes, WOLFSSL_RSA_LOAD_PUBLIC);
prvPkey = wolfSSL_PKEY_new();
pubPkey = wolfSSL_PKEY_new();
if((prvPkey == NULL) || (pubPkey == NULL)){
printf("error with PKEY_new\n");
return -1;
}
ret = wolfSSL_EVP_PKEY_set1_RSA(prvPkey, prvRsa);
ret += wolfSSL_EVP_PKEY_set1_RSA(pubPkey, pubRsa);
if(ret != 2){
printf("error with PKEY_set1_RSA\n");
return -1;
}
prvPkey = wolfSSL_PKEY_new();
pubPkey = wolfSSL_PKEY_new();
if((prvPkey == NULL) || (pubPkey == NULL)){
XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
return -45;
}
ret = wolfSSL_EVP_PKEY_set1_RSA(prvPkey, prvRsa);
ret += wolfSSL_EVP_PKEY_set1_RSA(pubPkey, pubRsa);
if(ret != 2){
XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
return -46;
}
/****************** sign and verify *******************/
sign = EVP_MD_CTX_create();
@@ -10668,17 +10681,21 @@ int openssl_evpSig_test()
EVP_VerifyInit(verf, EVP_sha1());
EVP_VerifyUpdate(verf, pt, count);
if (EVP_VerifyFinal(verf, sig, sigSz, pubPkey) != 1) {
printf("incorect signature found\n");
return -1;
XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
return -47;
}
/* expect fail without update */
EVP_VerifyInit(verf, EVP_sha1());
if (EVP_VerifyFinal(verf, sig, sigSz, pubPkey) == 1) {
printf("incorect fail signature found\n");
return -1;
XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
return -48;
}
XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
EVP_MD_CTX_destroy(sign);
EVP_MD_CTX_destroy(verf);
@@ -10687,6 +10704,7 @@ int openssl_evpSig_test()
EVP_PKEY_free(pubPkey);
EVP_PKEY_free(prvPkey);
#endif /* NO_RSA */
return 0;
}
#endif /* OPENSSL_EXTRA */

1
wolfssl/openssl/rsa.h
View File

@@ -43,6 +43,7 @@ typedef struct WOLFSSL_RSA WOLFSSL_RSA;
typedef WOLFSSL_RSA RSA;
struct WOLFSSL_RSA {
void* heap;
WOLFSSL_BIGNUM* n;
WOLFSSL_BIGNUM* e;
WOLFSSL_BIGNUM* d;

6
wolfssl/ssl.h
View File

@@ -195,6 +195,7 @@ struct WOLFSSL_ASN1_TIME {
typedef char WOLFSSL_EVP_MD;
typedef struct WOLFSSL_EVP_PKEY {
void* heap;
int type; /* openssh dereference */
int save_type; /* openssh dereference */
int pkey_sz;
@@ -202,6 +203,10 @@ typedef struct WOLFSSL_EVP_PKEY {
char* ptr; /* der format of key / or raw for NTRU */
} pkey;
#ifdef OPENSSL_EXTRA
#ifndef NO_RSA
WOLFSSL_RSA* rsa;
byte ownRsa; /* if struct owns RSA and should free it */
#endif
WC_RNG rng;
#endif
#ifdef HAVE_ECC
@@ -839,6 +844,7 @@ WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY_bio(WOLFSSL_BIO* bio,
WOLFSSL_EVP_PKEY** out);
WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey(int type,
WOLFSSL_EVP_PKEY** out, const unsigned char **in, long inSz);
WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_PKEY_new_ex(void* heap);
WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_PKEY_new(void);
WOLFSSL_API void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY*);
WOLFSSL_API int wolfSSL_X509_cmp_current_time(const WOLFSSL_ASN1_TIME*);