diff --git a/src/ssl.c b/src/ssl.c index ba6e3c631..7f6c2c1b8 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -16892,9 +16892,7 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, /* get key type */ ret = BAD_STATE_E; if (pk != NULL) { /* decode key if present */ - /* using dynamic type public key because of wolfSSL_EVP_PKEY_free */ - *pkey = (WOLFSSL_EVP_PKEY*)XMALLOC(sizeof(WOLFSSL_EVP_PKEY), - heap, DYNAMIC_TYPE_PUBLIC_KEY); + *pkey = wolfSSL_PKEY_new_ex(heap); if (*pkey == NULL) { wolfSSL_X509_free(*cert); *cert = NULL; if (ca != NULL) { @@ -16914,8 +16912,33 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, else { if ((ret = wc_RsaPrivateKeyDecode(pk, &keyIdx, &key, pkSz)) == 0) { - (*pkey)->type = RSAk; + (*pkey)->type = EVP_PKEY_RSA; + (*pkey)->rsa = wolfSSL_RSA_new(); + (*pkey)->ownRsa = 1; /* we own RSA */ + if ((*pkey)->rsa == NULL) { + WOLFSSL_MSG("issue creating EVP RSA key"); + wolfSSL_X509_free(*cert); *cert = NULL; + if (ca != NULL) { + wolfSSL_sk_X509_free(*ca); *ca = NULL; + } + wolfSSL_EVP_PKEY_free(*pkey); *pkey = NULL; + XFREE(pk, heap, DYNAMIC_TYPE_PKCS); + return SSL_FAILURE; + } + if ((ret = wolfSSL_RSA_LoadDer_ex((*pkey)->rsa, pk, pkSz, + WOLFSSL_RSA_LOAD_PRIVATE)) != SSL_SUCCESS) { + WOLFSSL_MSG("issue loading RSA key"); + wolfSSL_X509_free(*cert); *cert = NULL; + if (ca != NULL) { + wolfSSL_sk_X509_free(*ca); *ca = NULL; + } + wolfSSL_EVP_PKEY_free(*pkey); *pkey = NULL; + XFREE(pk, heap, DYNAMIC_TYPE_PKCS); + return SSL_FAILURE; + } + WOLFSSL_MSG("Found PKCS12 RSA key"); + ret = 0; /* set in success state for upcoming ECC check */ } wc_FreeRsaKey(&key); } @@ -16933,8 +16956,8 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, if (ca != NULL) { wolfSSL_sk_X509_free(*ca); *ca = NULL; } - XFREE(*pkey, heap, DYNAMIC_TYPE_PUBLIC_KEY); *pkey = NULL; - XFREE(pk, heap, DYNAMIC_TYPE_PUBLIC_KEY); + wolfSSL_EVP_PKEY_free(*pkey); *pkey = NULL; + XFREE(pk, heap, DYNAMIC_TYPE_PKCS); return 0; } @@ -16944,8 +16967,8 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, if (ca != NULL) { wolfSSL_sk_X509_free(*ca); *ca = NULL; } - XFREE(*pkey, heap, DYNAMIC_TYPE_PUBLIC_KEY); *pkey = NULL; - XFREE(pk, heap, DYNAMIC_TYPE_PUBLIC_KEY); + wolfSSL_EVP_PKEY_free(*pkey); *pkey = NULL; + XFREE(pk, heap, DYNAMIC_TYPE_PKCS); WOLFSSL_MSG("Bad PKCS12 key format"); return 0; } @@ -16961,8 +16984,8 @@ int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, if (ca != NULL) { wolfSSL_sk_X509_free(*ca); *ca = NULL; } - XFREE(*pkey, heap, DYNAMIC_TYPE_PUBLIC_KEY); *pkey = NULL; - XFREE(pk, heap, DYNAMIC_TYPE_PUBLIC_KEY); + wolfSSL_EVP_PKEY_free(*pkey); *pkey = NULL; + XFREE(pk, heap, DYNAMIC_TYPE_PKCS); WOLFSSL_MSG("Bad PKCS12 key format"); return 0; } @@ -17256,24 +17279,32 @@ void wolfSSL_X509_OBJECT_free_contents(WOLFSSL_X509_OBJECT* obj) } -WOLFSSL_EVP_PKEY* wolfSSL_PKEY_new() +WOLFSSL_EVP_PKEY* wolfSSL_PKEY_new(){ + return wolfSSL_PKEY_new_ex(NULL); +} + + +WOLFSSL_EVP_PKEY* wolfSSL_PKEY_new_ex(void* heap) { WOLFSSL_EVP_PKEY* pkey; int ret; WOLFSSL_ENTER("wolfSSL_PKEY_new"); - pkey = (WOLFSSL_EVP_PKEY*)XMALLOC(sizeof(WOLFSSL_EVP_PKEY), NULL, + pkey = (WOLFSSL_EVP_PKEY*)XMALLOC(sizeof(WOLFSSL_EVP_PKEY), heap, DYNAMIC_TYPE_PUBLIC_KEY); if (pkey != NULL) { XMEMSET(pkey, 0, sizeof(WOLFSSL_EVP_PKEY)); + pkey->heap = heap; pkey->type = WOLFSSL_EVP_PKEY_DEFAULT; - pkey->pkey.ptr = (char*)wolfSSL_RSA_new(); - ret = wc_InitRng(&(pkey->rng)); - if((pkey->pkey.ptr == NULL) || (ret != 0)){ - XFREE(pkey, NULL, DYNAMIC_TYPE_PUBLIC_KEY); + ret = wc_InitRng_ex(&(pkey->rng), heap); + if (ret != 0){ + wolfSSL_EVP_PKEY_free(pkey); WOLFSSL_MSG("memory falure"); return NULL; } - } else WOLFSSL_MSG("memory failure"); + } + else { + WOLFSSL_MSG("memory failure"); + } return pkey; } @@ -17283,18 +17314,23 @@ void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY* key) { WOLFSSL_ENTER("wolfSSL_PKEY_free"); if (key != NULL) { + wc_FreeRng(&(key->rng)); if (key->pkey.ptr != NULL) { - switch(key->type) - { - case EVP_PKEY_RSA: - /*do nothing */ - break; - default: - break; - } + XFREE(key->pkey.ptr, pkey->heap, DYNAMIC_TYPE_PUBLIC_KEY); } - XFREE(key, NULL, DYNAMIC_TYPE_PUBLIC_KEY); + switch(key->type) + { + case EVP_PKEY_RSA: + if (key->rsa != NULL && key->ownRsa == 1) { + wolfSSL_RSA_free(key->rsa); + } + break; + + default: + break; + } + XFREE(key, pkey->heap, DYNAMIC_TYPE_PUBLIC_KEY); } } @@ -21608,28 +21644,37 @@ WOLFSSL_API int wolfSSL_RSA_verify(int type, const unsigned char* m, sigDec = (unsigned char *)XMALLOC(sigLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); if(sigRet == NULL){ WOLFSSL_MSG("Memory failure"); + XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER); return 0; } /* get non-encrypted signature to be compared with decrypted sugnature*/ ret = wolfSSL_RSA_sign_ex(type, m, mLen, sigRet, &len, rsa, 0); if(ret <= 0){ - WOLFSSL_MSG("Message Digest Error"); - return 0; + WOLFSSL_MSG("Message Digest Error"); + XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(sigDec, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return 0; } show("Encoded Message", sigRet, len); /* decrypt signature */ ret = wc_RsaSSL_Verify(sig, sigLen, (unsigned char *)sigDec, sigLen, (RsaKey*)rsa->internal); if(ret <= 0){ WOLFSSL_MSG("RSA Decrypt error"); + XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(sigDec, NULL, DYNAMIC_TYPE_TMP_BUFFER); return 0; } show("Decrypted Signature", sigDec, ret); if(XMEMCMP(sigRet, sigDec, ret) == 0){ WOLFSSL_MSG("wolfSSL_RSA_verify success"); + XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(sigDec, NULL, DYNAMIC_TYPE_TMP_BUFFER); return 1; } else { WOLFSSL_MSG("wolfSSL_RSA_verify failed"); + XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(sigDec, NULL, DYNAMIC_TYPE_TMP_BUFFER); return 0; } } @@ -21905,13 +21950,24 @@ WOLFSSL_RSA* wolfSSL_EVP_PKEY_get1_RSA(WOLFSSL_EVP_PKEY* key) return NULL; } + +/* with set1 functions the pkey struct does not own the RSA structure */ WOLFSSL_API int wolfSSL_EVP_PKEY_set1_RSA(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_RSA *key) { if((pkey == NULL) || (key ==NULL))return 0; WOLFSSL_ENTER("wolfSSL_EVP_PKEY_set1_RSA"); - pkey->pkey.ptr = (char *)key; + if (pkey->rsa != NULL && pkey->ownRsa == 1) { + wolfSSL_RSA_free(pkey->rsa); + } + pkey->rsa = key; + pkey->ownRsa = 0; /* pkey does not own RSA */ pkey->type = EVP_PKEY_RSA; - ((RsaKey *)pkey->pkey.ptr)->rng = &(pkey->rng); +#ifdef WC_RSA_BLINDING + if (wc_RsaSetRNG((RsaKey*)(pkey->rsa->internal), &(pkey->rng)) != 0) { + WOLFSSL_MSG("Error setting RSA rng"); + return SSL_FAILURE; + } +#endif return 1; } @@ -24326,10 +24382,12 @@ int wolfSSL_RSA_LoadDer_ex(WOLFSSL_RSA* rsa, const unsigned char* derBuf, ret = wc_RsaPublicKeyDecode(derBuf, &idx, (RsaKey*)rsa->internal, derSz); if (ret < 0) { - if(opt == WOLFSSL_RSA_LOAD_PRIVATE) + if(opt == WOLFSSL_RSA_LOAD_PRIVATE) { WOLFSSL_MSG("RsaPrivateKeyDecode failed"); - else + } + else { WOLFSSL_MSG("RsaPublicKeyDecode failed"); + } return SSL_FATAL_ERROR; } diff --git a/tests/api.c b/tests/api.c index e1125ad8e..06c40c866 100644 --- a/tests/api.c +++ b/tests/api.c @@ -14806,6 +14806,7 @@ static void test_wolfSSL_pkcs8(void) /* file from wolfssl/certs/ directory */ AssertNotNull(f = fopen("./certs/ecc-keyPkcs8.pem", "rb")); AssertIntGT((bytes = (int)fread(buffer, 1, sizeof(buffer), f)), 0); + fclose(f); AssertNotNull(bio = BIO_new_mem_buf((void*)buffer, bytes)); AssertNotNull(pt = d2i_PKCS8_PRIV_KEY_INFO_bio(bio, NULL)); BIO_free(bio); @@ -14926,7 +14927,6 @@ static void test_no_op_functions(void) OpenSSL_add_all_ciphers(); CRYPTO_malloc_init(); - wolfSSL_OBJ_nid2obj(1); printf(resultFmt, passed); #endif } diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index de8730ce5..2332ca33f 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -2253,6 +2253,9 @@ int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz, return BAD_FUNC_ARG; } + (void)curveOID; + (void)oidSz; + return 1; } @@ -2270,7 +2273,7 @@ int UnTraditionalEnc(byte* key, word32 keySz, byte* out, word32* outSz, { int algoID = 0; byte* tmp; - word32 tmpSz; + word32 tmpSz = 0; word32 sz; word32 seqSz; word32 inOutIdx = 0; @@ -2413,6 +2416,7 @@ int UnTraditionalEnc(byte* key, word32 keySz, byte* out, word32* outSz, #endif return ret; } + tmpSz = ret; #ifdef WOLFSSL_SMALL_STACK cbcIv = (byte*)XMALLOC(MAX_IV_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -2696,13 +2700,19 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz, if ((ret = wc_RNG_GenerateBlock(rng, saltTmp, saltSz)) != 0) { WOLFSSL_MSG("Error generating random salt"); + #ifdef WOLFSSL_SMALL_STACK XFREE(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER); + #endif return ret; } } - if (tmpIdx + MAX_LENGTH_SZ + saltSz + MAX_SHORT_SZ > *outSz) + if (tmpIdx + MAX_LENGTH_SZ + saltSz + MAX_SHORT_SZ > *outSz) { + #ifdef WOLFSSL_SMALL_STACK + XFREE(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER); + #endif return BUFFER_E; + } sz = SetLength(saltSz, out + tmpIdx); tmpIdx += sz; @@ -2726,9 +2736,9 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz, inOutIdx += sz; totalSz += sz; #ifdef WOLFSSL_SMALL_STACK - cbcIv = (byte*)XMALLOC(MAX_IV_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); + cbcIv = (byte*)XMALLOC(MAX_IV_SIZE, heap, DYNAMIC_TYPE_TMP_BUFFER); if (cbcIv == NULL) { - XFREE(salt, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER); return MEMORY_E; } #endif @@ -2736,9 +2746,18 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz, if ((ret = CryptKey(password, passwordSz, salt, saltSz, itt, id, input, inputSz, version, cbcIv, 1)) < 0) { + #ifdef WOLFSSL_SMALL_STACK + XFREE(cbcIv, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER); + #endif return ret; /* encrypt failure */ } +#ifdef WOLFSSL_SMALL_STACK + XFREE(cbcIv, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER); +#endif + if (inOutIdx + 1 + MAX_LENGTH_SZ + inputSz > *outSz) return BUFFER_E; diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index afdc153f5..cac404c9f 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -598,6 +598,7 @@ WOLFSSL_API int wolfSSL_EVP_PKEY_CTX_free(WOLFSSL_EVP_PKEY_CTX *ctx) { if (ctx == NULL)return 0; WOLFSSL_ENTER("EVP_PKEY_CTX_free"); + XFREE(ctx, NULL, DYNAMIC_TYPE_PUBLIC_KEY); return 1; } @@ -636,7 +637,7 @@ WOLFSSL_API int wolfSSL_EVP_PKEY_decrypt(WOLFSSL_EVP_PKEY_CTX *ctx, switch(ctx->pkey->type){ case EVP_PKEY_RSA: *outlen = wolfSSL_RSA_private_decrypt((int)inlen, (unsigned char*)in, out, - (WOLFSSL_RSA*)ctx->pkey->pkey.ptr, ctx->padding); + ctx->pkey->rsa, ctx->padding); if(*outlen > 0) return 1; else @@ -679,7 +680,7 @@ WOLFSSL_API int wolfSSL_EVP_PKEY_encrypt(WOLFSSL_EVP_PKEY_CTX *ctx, switch(ctx->pkey->type){ case EVP_PKEY_RSA: *outlen = wolfSSL_RSA_public_encrypt((int)inlen, (unsigned char *)in, out, - (WOLFSSL_RSA*)ctx->pkey->pkey.ptr, ctx->padding); + ctx->pkey->rsa, ctx->padding); return (int)*outlen; case EVP_PKEY_EC: @@ -726,7 +727,7 @@ WOLFSSL_API int wolfSSL_EVP_PKEY_size(WOLFSSL_EVP_PKEY *pkey) switch(pkey->type){ case EVP_PKEY_RSA: - return (int)wolfSSL_RSA_size((const WOLFSSL_RSA*)(pkey->pkey.ptr)); + return (int)wolfSSL_RSA_size((const WOLFSSL_RSA*)(pkey->rsa)); case EVP_PKEY_EC: WOLFSSL_MSG("not implemented"); @@ -779,7 +780,7 @@ WOLFSSL_API int wolfSSL_EVP_SignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *si int nid = md2nid(ctx->macType); if(nid < 0)return 0; return wolfSSL_RSA_sign(nid, md, mdsize, sigret, - siglen, (WOLFSSL_RSA*)(pkey->pkey.ptr)); + siglen, pkey->rsa); } case EVP_PKEY_DSA: case EVP_PKEY_EC: @@ -823,7 +824,7 @@ WOLFSSL_API int wolfSSL_EVP_VerifyFinal(WOLFSSL_EVP_MD_CTX *ctx, int nid = md2nid(ctx->macType); if(nid < 0)return 0; return wolfSSL_RSA_verify(nid, md, mdsize, sig, - (unsigned int)siglen, (WOLFSSL_RSA*)(pkey->pkey.ptr)); + (unsigned int)siglen, pkey->rsa); } case EVP_PKEY_DSA: case EVP_PKEY_EC: diff --git a/wolfcrypt/src/pkcs12.c b/wolfcrypt/src/pkcs12.c index 953f8f9a9..55d22c62c 100644 --- a/wolfcrypt/src/pkcs12.c +++ b/wolfcrypt/src/pkcs12.c @@ -490,10 +490,6 @@ static int wc_PKCS12_create_mac(WC_PKCS12* pkcs12, byte* data, word32 dataSz, mac = pkcs12->signData; -#ifdef WOLFSSL_DEBUG_PKCS12 - printf("Verifying MAC with OID = %d\n", mac->oid); -#endif - /* unicode set up from asn.c */ if ((pswSz * 2 + 2) > (int)sizeof(unicodePasswd)) { WOLFSSL_MSG("PKCS12 max unicode size too small"); @@ -1908,6 +1904,7 @@ WC_PKCS12* wc_PKCS12_create(char* pass, word32 passSz, char* name, wc_FreeRng(&rng); return NULL; } + XMEMSET(mac, 0, sizeof(MacData)); pkcs12->signData = mac; /* now wc_PKCS12_free will free all mac too */ #ifndef NO_SHA256 @@ -1918,7 +1915,7 @@ WC_PKCS12* wc_PKCS12_create(char* pass, word32 passSz, char* name, mac->oid = SHA384; #elif defined(WOLFSSL_SHA512) mac->oid = SHA512; - #elif + #else WOLFSSL_MSG("No supported hash algorithm compiled in!"); wc_PKCS12_free(pkcs12); wc_FreeRng(&rng); @@ -1965,6 +1962,9 @@ WC_PKCS12* wc_PKCS12_create(char* pass, word32 passSz, char* name, } XMEMCPY(mac->digest, digest, mac->digestSz); } + else { + pkcs12->signData = NULL; + } wc_FreeRng(&rng); (void)name; diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 1b79d2f58..1ed993f9a 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -10319,8 +10319,8 @@ int openssl_test(void) } int openSSL_evpMD_test(void) -//int main() { +#ifndef NO_SHA256 int ret ; WOLFSSL_EVP_MD_CTX* ctx; WOLFSSL_EVP_MD_CTX* ctx2; @@ -10329,39 +10329,44 @@ int openSSL_evpMD_test(void) ctx2 = EVP_MD_CTX_create(); ret = EVP_DigestInit(ctx, EVP_sha256()); - ret = EVP_MD_CTX_copy(ctx2, ctx); - { - int type1, type2; - type1 = EVP_MD_type(EVP_sha256()) ; - type2 = EVP_MD_CTX_type(ctx2); - - if (EVP_MD_type(EVP_sha256()) != EVP_MD_CTX_type(ctx2)) { - printf("error copying over\n"); - return -1; + if (ret != SSL_SUCCESS) { + return -3449; } + ret = EVP_MD_CTX_copy(ctx2, ctx); + if (ret != SSL_SUCCESS) { + return -3450; + } + + if (EVP_MD_type(EVP_sha256()) != EVP_MD_CTX_type(ctx2)) { + return -3451; } ret = EVP_DigestInit(ctx, EVP_sha1()); + if (ret != SSL_SUCCESS) { + return -3452; + } + if (EVP_MD_type(EVP_sha256()) != EVP_MD_CTX_type(ctx2)) { - printf("error copying over\n"); - return -1; + return -3453; } ret = EVP_MD_CTX_copy_ex(ctx2, ctx); + if (ret != SSL_SUCCESS) { + return -3454; + } if (EVP_MD_type(EVP_sha256()) == EVP_MD_CTX_type(ctx2)) { - printf("error copying over\n"); - return -1; + return -3455; } if (EVP_MD_type(EVP_sha1()) != EVP_MD_CTX_type(ctx2)) { - printf("error copying over\n"); - return -1; + return -3456; } EVP_MD_CTX_destroy(ctx); EVP_MD_CTX_destroy(ctx2); +#endif /* NO_SHA256 */ return 0; } @@ -10402,7 +10407,7 @@ int openssl_pkey0_test(void) #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) FILE *keyFile, *keypubFile; char cliKey[] = "./certs/client-key.der"; - char cliKeypub[] = "./certs/client-keypub.der"; + char cliKeypub[] = "./certs/client-keyPub.der"; #endif #ifdef WOLFSSL_TEST_CERT @@ -10413,8 +10418,10 @@ int openssl_pkey0_test(void) if (prvTmp == NULL) return -40; pubTmp = (byte*)XMALLOC(FOURK_BUFF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - if (pubTmp == NULL) - return -40; + if (pubTmp == NULL) { + XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + return -41; + } #ifdef USE_CERT_BUFFERS_1024 XMEMCPY(prvTmp, client_key_der_1024, sizeof_client_key_der_1024); @@ -10431,8 +10438,9 @@ int openssl_pkey0_test(void) if (!keyFile) { err_sys("can't open ./certs/client-key.der, " "Please run from wolfSSL home dir", -40); + XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); - return -40; + return -42; } prvBytes = (int)fread(prvTmp, 1, (int)FOURK_BUFF, keyFile); fclose(keyFile); @@ -10560,14 +10568,15 @@ int openssl_pkey0_test(void) int openssl_evpSig_test() { +#ifndef NO_RSA byte* prvTmp; - byte* pubTmp; - int prvBytes; - int pubBytes; - RSA *prvRsa; - RSA *pubRsa; - EVP_PKEY *prvPkey; - EVP_PKEY *pubPkey; + byte* pubTmp; + int prvBytes; + int pubBytes; + RSA *prvRsa; + RSA *pubRsa; + EVP_PKEY *prvPkey; + EVP_PKEY *pubPkey; EVP_MD_CTX* sign; EVP_MD_CTX* verf; @@ -10576,12 +10585,12 @@ int openssl_evpSig_test() unsigned int sigSz; const void* pt; unsigned int count; - int ret; + int ret; #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) FILE *keyFile, *keypubFile; char cliKey[] = "./certs/client-key.der"; - char cliKeypub[] = "./certs/client-keypub.der"; + char cliKeypub[] = "./certs/client-keyPub.der"; #endif #define d2i_X509_fp(a,b) NULL @@ -10618,34 +10627,38 @@ int openssl_evpSig_test() err_sys("can't open ./certs/client-cert.der, " "Please run from wolfSSL home dir", -41); XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); - return -41; + XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); + return -43; } pubBytes = (int)fread(pubTmp, 1, (int)FOURK_BUFF, keypubFile); fclose(keypubFile); #endif /* USE_CERT_BUFFERS */ - prvRsa = wolfSSL_RSA_new(); - pubRsa = wolfSSL_RSA_new(); - if((prvRsa == NULL) || (pubRsa == NULL)){ - printf("error with RSA_new\n"); - return -1; - } + prvRsa = wolfSSL_RSA_new(); + pubRsa = wolfSSL_RSA_new(); + if((prvRsa == NULL) || (pubRsa == NULL)){ + XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); + XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); + return -44; + } - wolfSSL_RSA_LoadDer_ex(prvRsa, prvTmp, prvBytes, WOLFSSL_RSA_LOAD_PRIVATE); - wolfSSL_RSA_LoadDer_ex(pubRsa, pubTmp, pubBytes, WOLFSSL_RSA_LOAD_PUBLIC); + wolfSSL_RSA_LoadDer_ex(prvRsa, prvTmp, prvBytes, WOLFSSL_RSA_LOAD_PRIVATE); + wolfSSL_RSA_LoadDer_ex(pubRsa, pubTmp, pubBytes, WOLFSSL_RSA_LOAD_PUBLIC); - prvPkey = wolfSSL_PKEY_new(); - pubPkey = wolfSSL_PKEY_new(); - if((prvPkey == NULL) || (pubPkey == NULL)){ - printf("error with PKEY_new\n"); - return -1; - } - ret = wolfSSL_EVP_PKEY_set1_RSA(prvPkey, prvRsa); - ret += wolfSSL_EVP_PKEY_set1_RSA(pubPkey, pubRsa); - if(ret != 2){ - printf("error with PKEY_set1_RSA\n"); - return -1; - } + prvPkey = wolfSSL_PKEY_new(); + pubPkey = wolfSSL_PKEY_new(); + if((prvPkey == NULL) || (pubPkey == NULL)){ + XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); + XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); + return -45; + } + ret = wolfSSL_EVP_PKEY_set1_RSA(prvPkey, prvRsa); + ret += wolfSSL_EVP_PKEY_set1_RSA(pubPkey, pubRsa); + if(ret != 2){ + XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); + XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); + return -46; + } /****************** sign and verify *******************/ sign = EVP_MD_CTX_create(); @@ -10668,17 +10681,21 @@ int openssl_evpSig_test() EVP_VerifyInit(verf, EVP_sha1()); EVP_VerifyUpdate(verf, pt, count); if (EVP_VerifyFinal(verf, sig, sigSz, pubPkey) != 1) { - printf("incorect signature found\n"); - return -1; + XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); + XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); + return -47; } /* expect fail without update */ EVP_VerifyInit(verf, EVP_sha1()); if (EVP_VerifyFinal(verf, sig, sigSz, pubPkey) == 1) { - printf("incorect fail signature found\n"); - return -1; + XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); + XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); + return -48; } + XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); + XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); EVP_MD_CTX_destroy(sign); EVP_MD_CTX_destroy(verf); @@ -10687,6 +10704,7 @@ int openssl_evpSig_test() EVP_PKEY_free(pubPkey); EVP_PKEY_free(prvPkey); +#endif /* NO_RSA */ return 0; } #endif /* OPENSSL_EXTRA */ diff --git a/wolfssl/openssl/rsa.h b/wolfssl/openssl/rsa.h index 3b43da16e..fa60cb72b 100644 --- a/wolfssl/openssl/rsa.h +++ b/wolfssl/openssl/rsa.h @@ -43,6 +43,7 @@ typedef struct WOLFSSL_RSA WOLFSSL_RSA; typedef WOLFSSL_RSA RSA; struct WOLFSSL_RSA { + void* heap; WOLFSSL_BIGNUM* n; WOLFSSL_BIGNUM* e; WOLFSSL_BIGNUM* d; diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 89c162306..169c29267 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -195,6 +195,7 @@ struct WOLFSSL_ASN1_TIME { typedef char WOLFSSL_EVP_MD; typedef struct WOLFSSL_EVP_PKEY { + void* heap; int type; /* openssh dereference */ int save_type; /* openssh dereference */ int pkey_sz; @@ -202,6 +203,10 @@ typedef struct WOLFSSL_EVP_PKEY { char* ptr; /* der format of key / or raw for NTRU */ } pkey; #ifdef OPENSSL_EXTRA + #ifndef NO_RSA + WOLFSSL_RSA* rsa; + byte ownRsa; /* if struct owns RSA and should free it */ + #endif WC_RNG rng; #endif #ifdef HAVE_ECC @@ -839,6 +844,7 @@ WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY_bio(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY** out); WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey(int type, WOLFSSL_EVP_PKEY** out, const unsigned char **in, long inSz); +WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_PKEY_new_ex(void* heap); WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_PKEY_new(void); WOLFSSL_API void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY*); WOLFSSL_API int wolfSSL_X509_cmp_current_time(const WOLFSSL_ASN1_TIME*);