From 8e41d329501c9972bdacc53ba5e64ae5f3c9a28a Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Tue, 24 Jan 2017 16:37:56 +0900 Subject: [PATCH] EVP MD and PKEY test. Add PKEY_new/free --- src/ssl.c | 95 ++++++++++---- wolfcrypt/src/asn.c | 2 +- wolfcrypt/src/evp.c | 31 ++++- wolfcrypt/test/test.c | 279 +++++++++++++++++++++++++++++++++++++++++- wolfssl/openssl/evp.h | 3 + wolfssl/openssl/rsa.h | 3 + wolfssl/ssl.h | 3 + 7 files changed, 381 insertions(+), 35 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 154e32f1e..763d2c50c 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -12902,21 +12902,24 @@ static WOLFSSL_EVP_MD *wolfSSL_EVP_get_md(const unsigned char type) { const struct s_ent *ent ; WOLFSSL_ENTER("EVP_get_md"); - for( ent = md_tbl; ent->macType != 0; ent++) + for( ent = md_tbl; ; ent++){ if(type == ent->macType) { + printf("ent->name=%s\n", ent->name); return (WOLFSSL_EVP_MD *)ent->name; } - return 0; + } + return (WOLFSSL_EVP_MD *)""; } int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) { const struct s_ent *ent ; WOLFSSL_ENTER("EVP_MD_type"); - for( ent = md_tbl; ent->name != NULL; ent++) + for( ent = md_tbl; ent->name != NULL; ent++){ if(XSTRNCMP((const char *)md, ent->name, XSTRLEN(ent->name)+1) == 0) { return ent->macType; } + } return 0; } @@ -17198,7 +17201,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509) sizeof(WOLFSSL_EVP_PKEY), x509->heap, DYNAMIC_TYPE_PUBLIC_KEY); if (key != NULL) { - key->type = x509->pubKeyOID; + key->type = EVP_PKEY_RSA; /*x509->pubKeyOID;*/ key->save_type = 0; key->pkey.ptr = (char*)XMALLOC( x509->pubKey.length, x509->heap, @@ -17257,13 +17260,21 @@ void wolfSSL_X509_OBJECT_free_contents(WOLFSSL_X509_OBJECT* obj) WOLFSSL_EVP_PKEY* wolfSSL_PKEY_new() { WOLFSSL_EVP_PKEY* pkey; - + int ret; + WOLFSSL_ENTER("wolfSSL_PKEY_new"); pkey = (WOLFSSL_EVP_PKEY*)XMALLOC(sizeof(WOLFSSL_EVP_PKEY), NULL, DYNAMIC_TYPE_PUBLIC_KEY); if (pkey != NULL) { XMEMSET(pkey, 0, sizeof(WOLFSSL_EVP_PKEY)); pkey->type = WOLFSSL_EVP_PKEY_DEFAULT; - } + pkey->pkey.ptr = (char*)wolfSSL_RSA_new(); + ret = wc_InitRng(&(pkey->rng)); + if((pkey->pkey.ptr == NULL) || (ret != 0)){ + XFREE(pkey, NULL, DYNAMIC_TYPE_PUBLIC_KEY); + WOLFSSL_MSG("memory falure"); + return NULL; + } + } else WOLFSSL_MSG("memory failure"); return pkey; } @@ -17271,9 +17282,19 @@ WOLFSSL_EVP_PKEY* wolfSSL_PKEY_new() void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY* key) { + WOLFSSL_ENTER("wolfSSL_PKEY_free"); if (key != NULL) { if (key->pkey.ptr != NULL) - XFREE(key->pkey.ptr, NULL, DYNAMIC_TYPE_PUBLIC_KEY); + { + switch(key->type) + { + case EVP_PKEY_RSA: + /*do nothing */ + break; + default: + break; + } + } XFREE(key, NULL, DYNAMIC_TYPE_PUBLIC_KEY); } } @@ -19212,7 +19233,7 @@ const WOLFSSL_BIGNUM* wolfSSL_BN_value_one(void) * size of BIGNUM in bytes, 0 if error */ int wolfSSL_BN_num_bytes(const WOLFSSL_BIGNUM* bn) { - WOLFSSL_MSG("wolfSSL_BN_num_bytes"); + WOLFSSL_ENTER("wolfSSL_BN_num_bytes"); if (bn == NULL || bn->internal == NULL) return WOLFSSL_FAILURE; @@ -19224,7 +19245,7 @@ int wolfSSL_BN_num_bytes(const WOLFSSL_BIGNUM* bn) * size of BIGNUM in bits, 0 if error */ int wolfSSL_BN_num_bits(const WOLFSSL_BIGNUM* bn) { - WOLFSSL_MSG("wolfSSL_BN_num_bits"); + WOLFSSL_ENTER("wolfSSL_BN_num_bits"); if (bn == NULL || bn->internal == NULL) return WOLFSSL_FAILURE; @@ -21042,7 +21063,7 @@ int wolfSSL_RSA_public_encrypt(int len, const unsigned char* fr, XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif - if (ret > 0) + if (ret >= 0) WOLFSSL_MSG("wolfSSL_RSA_public_encrypt success"); else { WOLFSSL_MSG("wolfSSL_RSA_public_encrypt failed"); @@ -21124,7 +21145,7 @@ int wolfSSL_RSA_private_decrypt(int len, const unsigned char* fr, */ int wolfSSL_RSA_size(const WOLFSSL_RSA* rsa) { - WOLFSSL_MSG("wolfSSL_RSA_size"); + WOLFSSL_ENTER("wolfSSL_RSA_size"); if (rsa == NULL) return SSL_FATAL_ERROR; @@ -21306,7 +21327,7 @@ int wolfSSL_DSA_generate_parameters_ex(WOLFSSL_DSA* dsa, int bits, #endif } #else /* WOLFSSL_KEY_GEN */ - WOLFSSL_MSG("No Key Gen built in, please enable keygen"); + WOLFSSL_MSG("No Key Gen built in"); #endif return ret; @@ -21428,7 +21449,7 @@ int wolfSSL_RSA_sign(int type, const unsigned char* m, byte encodedSig[MAX_ENCODED_SIG_SZ]; #endif - WOLFSSL_MSG("wolfSSL_RSA_sign"); + WOLFSSL_ENTER("wolfSSL_RSA_sign"); if (m == NULL || sigRet == NULL || sigLen == NULL || rsa == NULL) { WOLFSSL_MSG("Bad function arguments"); @@ -21540,11 +21561,12 @@ WOLFSSL_API int wolfSSL_RSA_verify(int type, const unsigned char* m, unsigned int mLen, const unsigned char* sig, unsigned int sigLen, WOLFSSL_RSA* rsa) { + (void) type; + (void) mLen; int ret; unsigned char *sigRet ; - unsigned int len; - WOLFSSL_MSG("wolfSSL_RSA_verify"); + WOLFSSL_ENTER("wolfSSL_RSA_verify"); if((m == NULL) || (sig == NULL)) { WOLFSSL_MSG("Bad function arguments"); return 0; @@ -21556,16 +21578,14 @@ WOLFSSL_API int wolfSSL_RSA_verify(int type, const unsigned char* m, return 0; } - ret = wolfSSL_RSA_sign(type, m, mLen, sigRet, &len, rsa); - + //ret = wolfSSL_RSA_sign(type, m, mLen, sigRet, &len, rsa); + ret = wc_RsaSSL_Verify(sigRet, 0, (unsigned char *)sig, sigLen, (RsaKey*)rsa->internal); + //ret = wolfSSL_RSA_public_decrypt(sigLen, sig, sigRet, rsa, rsa->padding) if(ret <= 0){ - WOLFSSL_MSG("RSA Sign error"); + WOLFSSL_MSG("RSA Decrypt error"); return 0; } - if(sigLen != len){ - WOLFSSL_MSG("sign length error"); - return 0; - } + if(XMEMCMP(sig, sigRet, sigLen) == 0){ WOLFSSL_MSG("wolfSSL_RSA_verify success"); return 1; @@ -21580,7 +21600,7 @@ int wolfSSL_RSA_public_decrypt(int flen, const unsigned char* from, { int tlen = 0; - WOLFSSL_MSG("wolfSSL_RSA_public_decrypt"); + WOLFSSL_ENTER("wolfSSL_RSA_public_decrypt"); if (rsa == NULL || rsa->internal == NULL || from == NULL) { WOLFSSL_MSG("Bad function arguments"); @@ -21846,6 +21866,15 @@ WOLFSSL_RSA* wolfSSL_EVP_PKEY_get1_RSA(WOLFSSL_EVP_PKEY* key) return NULL; } +WOLFSSL_API int wolfSSL_EVP_PKEY_set1_RSA(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_RSA *key) +{ + if((pkey == NULL) || (key ==NULL))return 0; + WOLFSSL_ENTER("wolfSSL_EVP_PKEY_set1_RSA"); + pkey->pkey.ptr = (char *)key; + pkey->type = EVP_PKEY_RSA; + ((RsaKey *)pkey->pkey.ptr)->rng = &(pkey->rng); + return 1; +} WOLFSSL_DSA* wolfSSL_EVP_PKEY_get1_DSA(WOLFSSL_EVP_PKEY* key) { @@ -24235,6 +24264,13 @@ int wolfSSL_PEM_write_RSA_PUBKEY(FILE *fp, WOLFSSL_RSA *x) /* return WOLFSSL_SUCCESS if success, WOLFSSL_FATAL_ERROR if error */ int wolfSSL_RSA_LoadDer(WOLFSSL_RSA* rsa, const unsigned char* derBuf, int derSz) { + return wolfSSL_RSA_LoadDer_ex(rsa, derBuf, derSz, WOLFSSL_RSA_LOAD_PRIVATE); +} + +int wolfSSL_RSA_LoadDer_ex(WOLFSSL_RSA* rsa, const unsigned char* derBuf, + int derSz, int opt) +{ + word32 idx = 0; int ret; @@ -24245,10 +24281,17 @@ int wolfSSL_RSA_LoadDer(WOLFSSL_RSA* rsa, const unsigned char* derBuf, int derSz return WOLFSSL_FATAL_ERROR; } - ret = wc_RsaPrivateKeyDecode(derBuf, &idx, (RsaKey*)rsa->internal, derSz); + if(opt == WOLFSSL_RSA_LOAD_PRIVATE) + ret = wc_RsaPrivateKeyDecode(derBuf, &idx, (RsaKey*)rsa->internal, derSz); + else + ret = wc_RsaPublicKeyDecode(derBuf, &idx, (RsaKey*)rsa->internal, derSz); + if (ret < 0) { - WOLFSSL_MSG("RsaPrivateKeyDecode failed"); - return WOLFSSL_FATAL_ERROR; + if(opt == WOLFSSL_RSA_LOAD_PRIVATE) + WOLFSSL_MSG("RsaPrivateKeyDecode failed"); + else + WOLFSSL_MSG("RsaPublicKeyDecode failed"); + return SSL_FATAL_ERROR; } if (SetRsaExternal(rsa) != WOLFSSL_SUCCESS) { diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 307036a29..de8730ce5 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -2194,7 +2194,7 @@ int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz, #ifdef HAVE_ED25519 ed25519_key ed25519; -#endif + #endif #ifndef NO_RSA RsaKey rsa; diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 2ed3df83e..afdc153f5 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -635,9 +635,12 @@ WOLFSSL_API int wolfSSL_EVP_PKEY_decrypt(WOLFSSL_EVP_PKEY_CTX *ctx, switch(ctx->pkey->type){ case EVP_PKEY_RSA: - *outlen = wolfSSL_RSA_public_encrypt((int)inlen, (unsigned char*)in, out, + *outlen = wolfSSL_RSA_private_decrypt((int)inlen, (unsigned char*)in, out, (WOLFSSL_RSA*)ctx->pkey->pkey.ptr, ctx->padding); - return (int)*outlen; + if(*outlen > 0) + return 1; + else + return 0; case EVP_PKEY_EC: WOLFSSL_MSG("not implemented"); @@ -749,6 +752,15 @@ WOLFSSL_API int wolfSSL_EVP_SignUpdate(WOLFSSL_EVP_MD_CTX *ctx, const void *data return wolfSSL_EVP_DigestUpdate(ctx, data, len); } +static int md2nid(int md) +{ + const char * d ; + d = (const char *)wolfSSL_EVP_get_md(md); + if(XSTRNCMP(d, "SHA", 3) == 0)return NID_sha1; + if(XSTRNCMP(d, "MD5", 3) == 0)return NID_md5; + return 0; +} + WOLFSSL_API int wolfSSL_EVP_SignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen, WOLFSSL_EVP_PKEY *pkey) { @@ -763,8 +775,12 @@ WOLFSSL_API int wolfSSL_EVP_SignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *si switch(pkey->type){ case EVP_PKEY_RSA: - return wolfSSL_RSA_sign(ctx->macType, md, mdsize, sigret, + { + int nid = md2nid(ctx->macType); + if(nid < 0)return 0; + return wolfSSL_RSA_sign(nid, md, mdsize, sigret, siglen, (WOLFSSL_RSA*)(pkey->pkey.ptr)); + } case EVP_PKEY_DSA: case EVP_PKEY_EC: WOLFSSL_MSG("not implemented"); @@ -803,9 +819,12 @@ WOLFSSL_API int wolfSSL_EVP_VerifyFinal(WOLFSSL_EVP_MD_CTX *ctx, if(ret <= 0)return ret; switch(pkey->type){ - case EVP_PKEY_RSA: - return wolfSSL_RSA_verify(ctx->macType, md, mdsize, sig, - (unsigned int)siglen, (WOLFSSL_RSA*)(pkey->pkey.ptr)); + case EVP_PKEY_RSA:{ + int nid = md2nid(ctx->macType); + if(nid < 0)return 0; + return wolfSSL_RSA_verify(nid, md, mdsize, sig, + (unsigned int)siglen, (WOLFSSL_RSA*)(pkey->pkey.ptr)); + } case EVP_PKEY_DSA: case EVP_PKEY_EC: WOLFSSL_MSG("not implemented"); diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index b85b7c249..07a471cc8 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -266,8 +266,13 @@ int random_test(void); int pwdbased_test(void); int ripemd_test(void); #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) - int openssl_test(void); /* test mini api */ +int openssl_test(void); /* test mini api */ + +int openssl_pkey_test(void); +int openssl_pkey0_test(void); +int openSSL_evpMD_test(void); #endif + int pbkdf1_test(void); int pkcs12_test(void); int pbkdf2_test(void); @@ -762,6 +767,17 @@ int wolfcrypt_test(void* args) return err_sys("OPENSSL test failed!\n", ret); else printf( "OPENSSL test passed!\n"); + + if ( (ret = openSSL_evpMD_test()) != 0) + return err_sys("OPENSSL (openSSL_evpMD_test) test failed!\n", ret); + else + printf( "OPENSSL (openSSL_evpMD_test passed!\n"); + + if ( (ret = openssl_pkey0_test()) != 0) + return err_sys("OPENSSL (openssl_pkey0_test) test failed!\n", ret); + else + printf( "OPENSSL (openssl_pkey0_test) passed!\n"); + #endif #ifdef HAVE_ECC @@ -10296,8 +10312,267 @@ int openssl_test(void) return 0; } +int openSSL_evpMD_test(void) +//int main() +{ + int ret ; + WOLFSSL_EVP_MD_CTX* ctx; + WOLFSSL_EVP_MD_CTX* ctx2; -#endif /* OPENSSL_EXTRA && !WOLFCRYPT_ONLY */ + printf("testing EVP_MD functions\n"); + + ctx = EVP_MD_CTX_create(); + ctx2 = EVP_MD_CTX_create(); + + ret = EVP_DigestInit(ctx, EVP_sha256()); + ret = EVP_MD_CTX_copy(ctx2, ctx); + { + int type1, type2; + type1 = EVP_MD_type(EVP_sha256()) ; + type2 = EVP_MD_CTX_type(ctx2); + + if (EVP_MD_type(EVP_sha256()) != EVP_MD_CTX_type(ctx2)) { + printf("error copying over\n"); + return -1; + } + + } + + ret = EVP_DigestInit(ctx, EVP_sha1()); + if (EVP_MD_type(EVP_sha256()) != EVP_MD_CTX_type(ctx2)) { + printf("error copying over\n"); + return -1; + } + + ret = EVP_MD_CTX_copy_ex(ctx2, ctx); + + if (EVP_MD_type(EVP_sha256()) == EVP_MD_CTX_type(ctx2)) { + printf("error copying over\n"); + return -1; + } + + if (EVP_MD_type(EVP_sha1()) != EVP_MD_CTX_type(ctx2)) { + printf("error copying over\n"); + return -1; + } + + EVP_MD_CTX_destroy(ctx); + EVP_MD_CTX_destroy(ctx2); + + return 0; +} + + + +#define FOURK_BUFF 4096 + +int openssl_pkey0_test(void) +{ + byte* prvTmp; + byte* pubTmp; + int prvBytes; + int pubBytes; + RSA *prvRsa; + RSA *pubRsa; + EVP_PKEY *prvPkey; + EVP_PKEY *pubPkey; + EVP_PKEY_CTX *enc; + EVP_PKEY_CTX *dec; + + int ret; + byte in[] = "Everyone gets Friday off."; + byte out[256]; + size_t outlen; + byte plain[256]; +#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) + FILE *keyFile, *keypubFile; + char cliKey[] = "./certs/client-key.der"; + char cliKeypub[] = "./certs/client-keypub.der"; + +#endif +#ifdef WOLFSSL_TEST_CERT + DecodedCert cert; +#endif + + prvTmp = (byte*)XMALLOC(FOURK_BUFF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (prvTmp == NULL) + return -40; + pubTmp = (byte*)XMALLOC(FOURK_BUFF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (pubTmp == NULL) + return -40; + +#ifdef USE_CERT_BUFFERS_1024 + XMEMCPY(prvTmp, client_key_der_1024, sizeof_client_key_der_1024); + prvBytes = sizeof_client_key_der_1024; + XMEMCPY(prvTmp, client_keypub_der_1024, sizeof_client_keypub_der_1024); + prvBytes = sizeof_client_keypub_der_2048_der_1024; +#elif defined(USE_CERT_BUFFERS_2048) + XMEMCPY(pubTmp, client_key_der_2048, sizeof_client_key_der_2048); + pubBytes = sizeof_client_key_der_2048; + XMEMCPY(pubTmp, client_keypub_der_2048, sizeof_client_keypub_der_2048); + pubBytes = sizeof_client_keypub_der_2048; +#else + keyFile = fopen(cliKey, "rb"); + if (!keyFile) { + err_sys("can't open ./certs/client-key.der, " + "Please run from wolfSSL home dir", -40); + XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); + return -40; + } + prvBytes = (int)fread(prvTmp, 1, (int)FOURK_BUFF, keyFile); + fclose(keyFile); + keypubFile = fopen(cliKeypub, "rb"); + if (!keypubFile) { + err_sys("can't open ./certs/client-cert.der, " + "Please run from wolfSSL home dir", -41); + XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER); + return -41; + } + pubBytes = (int)fread(pubTmp, 1, (int)FOURK_BUFF, keypubFile); + fclose(keypubFile); + #endif /* USE_CERT_BUFFERS */ + + prvRsa = wolfSSL_RSA_new(); + pubRsa = wolfSSL_RSA_new(); + if((prvRsa == NULL) || (pubRsa == NULL)){ + printf("error with RSA_new\n"); + return -1; + } + + wolfSSL_RSA_LoadDer_ex(prvRsa, prvTmp, prvBytes, WOLFSSL_RSA_LOAD_PRIVATE); + wolfSSL_RSA_LoadDer_ex(pubRsa, pubTmp, pubBytes, WOLFSSL_RSA_LOAD_PUBLIC); + + prvPkey = wolfSSL_PKEY_new(); + pubPkey = wolfSSL_PKEY_new(); + if((prvPkey == NULL) || (pubPkey == NULL)){ + printf("error with PKEY_new\n"); + return -1; + } + ret = wolfSSL_EVP_PKEY_set1_RSA(prvPkey, prvRsa); + ret += wolfSSL_EVP_PKEY_set1_RSA(pubPkey, pubRsa); + if(ret != 2){ + printf("error with PKEY_set1_RSA\n"); + return -1; + } + + dec = EVP_PKEY_CTX_new(prvPkey, NULL); + enc = EVP_PKEY_CTX_new(pubPkey, NULL); + + ret = EVP_PKEY_decrypt_init(dec); + if (ret != 1) { + printf("error with decrypt init\n"); + return -1; + } + ret = EVP_PKEY_encrypt_init(enc); + if (ret != 1) { + printf("error with encrypt init\n"); + return -1; + } + memset(out, 0, sizeof(out)); + ret = EVP_PKEY_encrypt(enc, out, &outlen, in, sizeof(in)); + if (ret < 0) { + printf("error encrypting msg\n"); + return -1; + } + + { + unsigned char* pt; + for (printf("encrypted msg[%d] = \n", (int)outlen), pt = out; + pt < out + outlen; + printf("%c", ((*pt)&0x6f)>='A'?((*pt)&0x6f):'.'), pt++); + printf("\n"); + } + + memset(plain, 0, sizeof(plain)); + ret = EVP_PKEY_decrypt(dec, plain, &outlen, out, sizeof(out)); + if (ret != 1) { + printf("error decrypting msg\n"); + return -1; + } + + { + unsigned char* pt; + fflush(stdout); + printf("\n"); + for (printf("decrypted msg = "), pt = plain; + pt < plain + outlen; + printf("%c", *pt), pt++); + printf("\n"); + } + + /* RSA_PKCS1_OAEP_PADDING test */ + ret = EVP_PKEY_decrypt_init(dec); + if (ret != 1) { + printf("error with decrypt init\n"); + return -1; + } + ret = EVP_PKEY_encrypt_init(enc); + if (ret != 1) { + printf("error with encrypt init\n"); + return -1; + } + + if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_PADDING) <= 0) { + printf("first set rsa padding error\n"); + return -1; + } + + if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_OAEP_PADDING) <= 0){ + printf("second set rsa padding error\n"); + return -1; + } + + if (EVP_PKEY_CTX_set_rsa_padding(enc, RSA_PKCS1_OAEP_PADDING) <= 0) { + printf("third set rsa padding error\n"); + return -1; + } + + memset(out, 0, sizeof(out)); + ret = EVP_PKEY_encrypt(enc, out, &outlen, in, sizeof(in)); + if (ret < 0) { + printf("error encrypting msg\n"); + return -1; + } + + { + unsigned char* pt; + for (printf("encrypted msg[%d] = \n", (int)outlen), pt = out; + pt < out + outlen; + printf("%c", ((*pt)&0x6f)>='A'?((*pt)&0x6f):'.'), pt++); + printf("\n"); + } + + memset(plain, 0, sizeof(plain)); + ret = EVP_PKEY_decrypt(dec, plain, &outlen, out, sizeof(out)); + if (ret != 1) { + printf("error decrypting msg\n"); + return -1; + } + + { + unsigned char* pt; + fflush(stdout); + printf("\n"); + for (printf("decrypted msg = "), pt = plain; + pt < plain + outlen; + printf("%c", *pt), pt++); + printf("\n"); + } + + wolfSSL_RSA_free(prvRsa); + wolfSSL_RSA_free(pubRsa); + EVP_PKEY_free(pubPkey); + EVP_PKEY_free(prvPkey); + EVP_PKEY_CTX_free(dec); + EVP_PKEY_CTX_free(enc); + XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + + return 0; + +} + +#endif /* OPENSSL_EXTRA */ #ifndef NO_PWDBASED diff --git a/wolfssl/openssl/evp.h b/wolfssl/openssl/evp.h index 9c0094c9e..108a7e33f 100644 --- a/wolfssl/openssl/evp.h +++ b/wolfssl/openssl/evp.h @@ -48,6 +48,7 @@ #include #include #include +#include #ifdef HAVE_IDEA #include #endif @@ -344,6 +345,7 @@ WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_get_digestbynid(int); WOLFSSL_API WOLFSSL_RSA* wolfSSL_EVP_PKEY_get1_RSA(WOLFSSL_EVP_PKEY*); WOLFSSL_API WOLFSSL_DSA* wolfSSL_EVP_PKEY_get1_DSA(WOLFSSL_EVP_PKEY*); WOLFSSL_API WOLFSSL_EC_KEY *wolfSSL_EVP_PKEY_get1_EC_KEY(WOLFSSL_EVP_PKEY *key); +WOLFSSL_API int wolfSSL_EVP_PKEY_set1_RSA(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_RSA *key); WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_mac_key(int type, ENGINE* e, const unsigned char* key, int keylen); @@ -519,6 +521,7 @@ typedef WOLFSSL_EVP_PKEY_CTX EVP_PKEY_CTX; #define EVP_PKEY_get1_RSA wolfSSL_EVP_PKEY_get1_RSA #define EVP_PKEY_get1_DSA wolfSSL_EVP_PKEY_get1_DSA +#define EVP_PKEY_set1_RSA wolfSSL_EVP_PKEY_set1_RSA #define EVP_PKEY_get1_EC_KEY wolfSSL_EVP_PKEY_get1_EC_KEY #define EVP_PKEY_get0_hmac wolfSSL_EVP_PKEY_get0_hmac #define EVP_PKEY_new_mac_key wolfSSL_EVP_PKEY_new_mac_key diff --git a/wolfssl/openssl/rsa.h b/wolfssl/openssl/rsa.h index 3aa46dc3e..44048a0b4 100644 --- a/wolfssl/openssl/rsa.h +++ b/wolfssl/openssl/rsa.h @@ -80,7 +80,10 @@ WOLFSSL_API int wolfSSL_RSA_public_decrypt(int flen, const unsigned char* from, unsigned char* to, WOLFSSL_RSA*, int padding); WOLFSSL_API int wolfSSL_RSA_GenAdd(WOLFSSL_RSA*); WOLFSSL_API int wolfSSL_RSA_LoadDer(WOLFSSL_RSA*, const unsigned char*, int sz); +WOLFSSL_API int wolfSSL_RSA_LoadDer_ex(WOLFSSL_RSA*, const unsigned char*, int sz, int opt); +#define WOLFSSL_RSA_LOAD_PRIVATE 1 +#define WOLFSSL_RSA_LOAD_PUBLIC 2 #define RSA_new wolfSSL_RSA_new #define RSA_free wolfSSL_RSA_free diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 66784a33e..89c162306 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -201,6 +201,9 @@ typedef struct WOLFSSL_EVP_PKEY { union { char* ptr; /* der format of key / or raw for NTRU */ } pkey; + #ifdef OPENSSL_EXTRA + WC_RNG rng; + #endif #ifdef HAVE_ECC int pkey_curve; #endif