EVP MD and PKEY test. Add PKEY_new/free

2025-08-03 04:34:41 +02:00 · 2017-01-24 16:37:56 +09:00
parent 49816b95e0
commit 8e41d32950
7 changed files with 381 additions and 35 deletions
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -12902,21 +12902,24 @@ static WOLFSSL_EVP_MD *wolfSSL_EVP_get_md(const unsigned char type)
 {
    const struct s_ent *ent ;
    WOLFSSL_ENTER("EVP_get_md");
-    for( ent = md_tbl; ent->macType != 0; ent++)
+    for( ent = md_tbl; ; ent++){
        if(type == ent->macType) {
            printf("ent->name=%s\n", ent->name);
            return (WOLFSSL_EVP_MD *)ent->name;
        }
-    return 0;
+    }
    return (WOLFSSL_EVP_MD *)"";
 }
 int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
 {
    const struct s_ent *ent ;
    WOLFSSL_ENTER("EVP_MD_type");
-    for( ent = md_tbl; ent->name != NULL; ent++)
+    for( ent = md_tbl; ent->name != NULL; ent++){
        if(XSTRNCMP((const char *)md, ent->name, XSTRLEN(ent->name)+1) == 0) {
            return ent->macType;
        }
    }
    return 0;
 }
@@ -17198,7 +17201,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509)
                    sizeof(WOLFSSL_EVP_PKEY), x509->heap,
                                                       DYNAMIC_TYPE_PUBLIC_KEY);
        if (key != NULL) {
-            key->type = x509->pubKeyOID;
+            key->type = EVP_PKEY_RSA; /*x509->pubKeyOID;*/
            key->save_type = 0;
            key->pkey.ptr = (char*)XMALLOC(
                        x509->pubKey.length, x509->heap,
@@ -17257,13 +17260,21 @@ void wolfSSL_X509_OBJECT_free_contents(WOLFSSL_X509_OBJECT* obj)
 WOLFSSL_EVP_PKEY* wolfSSL_PKEY_new()
 {
    WOLFSSL_EVP_PKEY* pkey;
-
+    int ret;
    WOLFSSL_ENTER("wolfSSL_PKEY_new");
    pkey = (WOLFSSL_EVP_PKEY*)XMALLOC(sizeof(WOLFSSL_EVP_PKEY), NULL,
            DYNAMIC_TYPE_PUBLIC_KEY);
    if (pkey != NULL) {
        XMEMSET(pkey, 0, sizeof(WOLFSSL_EVP_PKEY));
        pkey->type = WOLFSSL_EVP_PKEY_DEFAULT;
-    }
+        pkey->pkey.ptr = (char*)wolfSSL_RSA_new();
        ret = wc_InitRng(&(pkey->rng));
        if((pkey->pkey.ptr == NULL) || (ret != 0)){
            XFREE(pkey, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
            WOLFSSL_MSG("memory falure");
            return NULL;
        }
    } else WOLFSSL_MSG("memory failure");
    return pkey;
 }
@@ -17271,9 +17282,19 @@ WOLFSSL_EVP_PKEY* wolfSSL_PKEY_new()
 void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY* key)
 {
    WOLFSSL_ENTER("wolfSSL_PKEY_free");
    if (key != NULL) {
        if (key->pkey.ptr != NULL)
-            XFREE(key->pkey.ptr, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
+        {
            switch(key->type)
            {
            case EVP_PKEY_RSA:
                /*do nothing */
                break;
            default:
                break;
            }
        }
        XFREE(key, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
    }
 }
@@ -19212,7 +19233,7 @@ const WOLFSSL_BIGNUM* wolfSSL_BN_value_one(void)
 *   size of BIGNUM in bytes, 0 if error */
 int wolfSSL_BN_num_bytes(const WOLFSSL_BIGNUM* bn)
 {
-    WOLFSSL_MSG("wolfSSL_BN_num_bytes");
+    WOLFSSL_ENTER("wolfSSL_BN_num_bytes");
    if (bn == NULL || bn->internal == NULL)
        return WOLFSSL_FAILURE;
@@ -19224,7 +19245,7 @@ int wolfSSL_BN_num_bytes(const WOLFSSL_BIGNUM* bn)
 *   size of BIGNUM in bits, 0 if error */
 int wolfSSL_BN_num_bits(const WOLFSSL_BIGNUM* bn)
 {
-    WOLFSSL_MSG("wolfSSL_BN_num_bits");
+    WOLFSSL_ENTER("wolfSSL_BN_num_bits");
    if (bn == NULL || bn->internal == NULL)
        return WOLFSSL_FAILURE;
@@ -21042,7 +21063,7 @@ int wolfSSL_RSA_public_encrypt(int len, const unsigned char* fr,
    XFREE(tmpRNG,     NULL, DYNAMIC_TYPE_TMP_BUFFER);
 #endif
-    if (ret > 0)
+    if (ret >= 0)
        WOLFSSL_MSG("wolfSSL_RSA_public_encrypt success");
    else {
        WOLFSSL_MSG("wolfSSL_RSA_public_encrypt failed");
@@ -21124,7 +21145,7 @@ int wolfSSL_RSA_private_decrypt(int len, const unsigned char* fr,
 */
 int wolfSSL_RSA_size(const WOLFSSL_RSA* rsa)
 {
-    WOLFSSL_MSG("wolfSSL_RSA_size");
+    WOLFSSL_ENTER("wolfSSL_RSA_size");
    if (rsa == NULL)
        return SSL_FATAL_ERROR;
@@ -21306,7 +21327,7 @@ int wolfSSL_DSA_generate_parameters_ex(WOLFSSL_DSA* dsa, int bits,
 #endif
    }
 #else /* WOLFSSL_KEY_GEN */
-    WOLFSSL_MSG("No Key Gen built in, please enable keygen");
+    WOLFSSL_MSG("No Key Gen built in");
 #endif
    return ret;
@@ -21428,7 +21449,7 @@ int wolfSSL_RSA_sign(int type, const unsigned char* m,
    byte    encodedSig[MAX_ENCODED_SIG_SZ];
 #endif
-    WOLFSSL_MSG("wolfSSL_RSA_sign");
+    WOLFSSL_ENTER("wolfSSL_RSA_sign");
    if (m == NULL || sigRet == NULL || sigLen == NULL || rsa == NULL) {
        WOLFSSL_MSG("Bad function arguments");
@@ -21540,11 +21561,12 @@ WOLFSSL_API int wolfSSL_RSA_verify(int type, const unsigned char* m,
                               unsigned int mLen, const unsigned char* sig,
                               unsigned int sigLen, WOLFSSL_RSA* rsa)
 {
    (void)  type;
    (void) mLen;
    int     ret;
    unsigned char *sigRet ;
    unsigned int len;
-    WOLFSSL_MSG("wolfSSL_RSA_verify");
+    WOLFSSL_ENTER("wolfSSL_RSA_verify");
    if((m == NULL) || (sig == NULL)) {
        WOLFSSL_MSG("Bad function arguments");
        return 0;
@@ -21556,16 +21578,14 @@ WOLFSSL_API int wolfSSL_RSA_verify(int type, const unsigned char* m,
        return 0;
    }
-    ret = wolfSSL_RSA_sign(type, m, mLen, sigRet, &len, rsa);
+    //ret = wolfSSL_RSA_sign(type, m, mLen, sigRet, &len, rsa);
-
+    ret = wc_RsaSSL_Verify(sigRet, 0, (unsigned char *)sig, sigLen, (RsaKey*)rsa->internal);
    //ret = wolfSSL_RSA_public_decrypt(sigLen, sig, sigRet, rsa, rsa->padding)
    if(ret <= 0){
-        WOLFSSL_MSG("RSA Sign error");
+        WOLFSSL_MSG("RSA Decrypt error");
        return 0;
    }
-    if(sigLen != len){
+
         WOLFSSL_MSG("sign length error");
         return 0;
    }
    if(XMEMCMP(sig, sigRet, sigLen) == 0){
        WOLFSSL_MSG("wolfSSL_RSA_verify success");
        return 1;
@@ -21580,7 +21600,7 @@ int wolfSSL_RSA_public_decrypt(int flen, const unsigned char* from,
 {
    int tlen = 0;
-    WOLFSSL_MSG("wolfSSL_RSA_public_decrypt");
+    WOLFSSL_ENTER("wolfSSL_RSA_public_decrypt");
    if (rsa == NULL || rsa->internal == NULL || from == NULL) {
        WOLFSSL_MSG("Bad function arguments");
@@ -21846,6 +21866,15 @@ WOLFSSL_RSA* wolfSSL_EVP_PKEY_get1_RSA(WOLFSSL_EVP_PKEY* key)
    return NULL;
 }
 WOLFSSL_API int wolfSSL_EVP_PKEY_set1_RSA(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_RSA *key)
 {
    if((pkey == NULL) || (key ==NULL))return 0;
    WOLFSSL_ENTER("wolfSSL_EVP_PKEY_set1_RSA");
    pkey->pkey.ptr = (char *)key;
    pkey->type = EVP_PKEY_RSA;
    ((RsaKey *)pkey->pkey.ptr)->rng = &(pkey->rng);
    return 1;
 }
 WOLFSSL_DSA* wolfSSL_EVP_PKEY_get1_DSA(WOLFSSL_EVP_PKEY* key)
 {
@@ -24235,6 +24264,13 @@ int wolfSSL_PEM_write_RSA_PUBKEY(FILE *fp, WOLFSSL_RSA *x)
 /* return WOLFSSL_SUCCESS if success, WOLFSSL_FATAL_ERROR if error */
 int wolfSSL_RSA_LoadDer(WOLFSSL_RSA* rsa, const unsigned char* derBuf, int derSz)
 {
  return wolfSSL_RSA_LoadDer_ex(rsa, derBuf, derSz, WOLFSSL_RSA_LOAD_PRIVATE);
 }
 int wolfSSL_RSA_LoadDer_ex(WOLFSSL_RSA* rsa, const unsigned char* derBuf,
                                                     int derSz, int opt)
 {
    word32 idx = 0;
    int    ret;
@@ -24245,10 +24281,17 @@ int wolfSSL_RSA_LoadDer(WOLFSSL_RSA* rsa, const unsigned char* derBuf, int derSz
        return WOLFSSL_FATAL_ERROR;
    }
-    ret = wc_RsaPrivateKeyDecode(derBuf, &idx, (RsaKey*)rsa->internal, derSz);
+    if(opt == WOLFSSL_RSA_LOAD_PRIVATE)
        ret = wc_RsaPrivateKeyDecode(derBuf, &idx, (RsaKey*)rsa->internal, derSz);
    else
        ret = wc_RsaPublicKeyDecode(derBuf, &idx, (RsaKey*)rsa->internal, derSz);
    if (ret < 0) {
-        WOLFSSL_MSG("RsaPrivateKeyDecode failed");
+        if(opt == WOLFSSL_RSA_LOAD_PRIVATE)
-        return WOLFSSL_FATAL_ERROR;
+             WOLFSSL_MSG("RsaPrivateKeyDecode failed");
        else
             WOLFSSL_MSG("RsaPublicKeyDecode failed");
        return SSL_FATAL_ERROR;
    }
    if (SetRsaExternal(rsa) != WOLFSSL_SUCCESS) {
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -2194,7 +2194,7 @@ int wc_GetKeyOID(byte* key, word32 keySz, const byte** curveOID, word32* oidSz,
 #ifdef HAVE_ED25519
    ed25519_key ed25519;
-#endif
+    #endif
    #ifndef NO_RSA
    RsaKey rsa;
--- a/wolfcrypt/src/evp.c
+++ b/wolfcrypt/src/evp.c
@@ -635,9 +635,12 @@ WOLFSSL_API int wolfSSL_EVP_PKEY_decrypt(WOLFSSL_EVP_PKEY_CTX *ctx,
    switch(ctx->pkey->type){
    case EVP_PKEY_RSA:
-        *outlen = wolfSSL_RSA_public_encrypt((int)inlen, (unsigned char*)in, out,
+        *outlen = wolfSSL_RSA_private_decrypt((int)inlen, (unsigned char*)in, out,
              (WOLFSSL_RSA*)ctx->pkey->pkey.ptr, ctx->padding);
-        return (int)*outlen;
+        if(*outlen > 0)
            return 1;
        else
            return 0;
    case EVP_PKEY_EC:
        WOLFSSL_MSG("not implemented");
@@ -749,6 +752,15 @@ WOLFSSL_API int wolfSSL_EVP_SignUpdate(WOLFSSL_EVP_MD_CTX *ctx, const void *data
    return wolfSSL_EVP_DigestUpdate(ctx, data, len);
 }
 static int md2nid(int md)
 {
    const char * d ;
    d = (const char *)wolfSSL_EVP_get_md(md);
    if(XSTRNCMP(d, "SHA", 3) == 0)return NID_sha1;
    if(XSTRNCMP(d, "MD5", 3) == 0)return NID_md5;
    return 0;
 }
 WOLFSSL_API int wolfSSL_EVP_SignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sigret,
                  unsigned int *siglen, WOLFSSL_EVP_PKEY *pkey)
 {
@@ -763,8 +775,12 @@ WOLFSSL_API int wolfSSL_EVP_SignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *si
    switch(pkey->type){
    case EVP_PKEY_RSA:
-        return wolfSSL_RSA_sign(ctx->macType, md, mdsize, sigret,
+        {
        int nid = md2nid(ctx->macType);
        if(nid < 0)return 0;
        return wolfSSL_RSA_sign(nid, md, mdsize, sigret,
                                siglen, (WOLFSSL_RSA*)(pkey->pkey.ptr));
        }
    case EVP_PKEY_DSA:
    case EVP_PKEY_EC:
        WOLFSSL_MSG("not implemented");
@@ -803,9 +819,12 @@ WOLFSSL_API int wolfSSL_EVP_VerifyFinal(WOLFSSL_EVP_MD_CTX *ctx,
    if(ret <= 0)return ret;
    switch(pkey->type){
-    case EVP_PKEY_RSA:
+    case EVP_PKEY_RSA:{
-        return wolfSSL_RSA_verify(ctx->macType, md, mdsize, sig,
+        int nid = md2nid(ctx->macType);
-              (unsigned int)siglen, (WOLFSSL_RSA*)(pkey->pkey.ptr));
+        if(nid < 0)return 0;
        return wolfSSL_RSA_verify(nid, md, mdsize, sig,
                (unsigned int)siglen, (WOLFSSL_RSA*)(pkey->pkey.ptr));
    }
    case EVP_PKEY_DSA:
    case EVP_PKEY_EC:
        WOLFSSL_MSG("not implemented");
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -266,8 +266,13 @@ int  random_test(void);
 int  pwdbased_test(void);
 int  ripemd_test(void);
 #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
-    int  openssl_test(void);   /* test mini api */
+int  openssl_test(void);   /* test mini api */
 int  openssl_pkey_test(void);
 int  openssl_pkey0_test(void);
 int  openSSL_evpMD_test(void);
 #endif
 int pbkdf1_test(void);
 int pkcs12_test(void);
 int pbkdf2_test(void);
@@ -762,6 +767,17 @@ int wolfcrypt_test(void* args)
        return err_sys("OPENSSL  test failed!\n", ret);
    else
        printf( "OPENSSL  test passed!\n");
    if ( (ret = openSSL_evpMD_test()) != 0)
        return err_sys("OPENSSL (openSSL_evpMD_test) test failed!\n", ret);
    else
        printf( "OPENSSL (openSSL_evpMD_test passed!\n");
    if ( (ret = openssl_pkey0_test()) != 0)
        return err_sys("OPENSSL (openssl_pkey0_test) test failed!\n", ret);
    else
        printf( "OPENSSL (openssl_pkey0_test) passed!\n");
 #endif
 #ifdef HAVE_ECC
@@ -10296,8 +10312,267 @@ int openssl_test(void)
    return 0;
 }
 int openSSL_evpMD_test(void)
 //int main()
 {
    int ret ;
    WOLFSSL_EVP_MD_CTX* ctx;
    WOLFSSL_EVP_MD_CTX* ctx2;
-#endif /* OPENSSL_EXTRA && !WOLFCRYPT_ONLY */
+    printf("testing EVP_MD functions\n");
    ctx = EVP_MD_CTX_create();
    ctx2 = EVP_MD_CTX_create();
    ret = EVP_DigestInit(ctx, EVP_sha256());
    ret = EVP_MD_CTX_copy(ctx2, ctx);
    {
       int type1, type2;
       type1 = EVP_MD_type(EVP_sha256()) ;
       type2 = EVP_MD_CTX_type(ctx2);
    if (EVP_MD_type(EVP_sha256()) != EVP_MD_CTX_type(ctx2)) {
        printf("error copying over\n");
        return -1;
    }
    }
    ret = EVP_DigestInit(ctx, EVP_sha1());
    if (EVP_MD_type(EVP_sha256()) != EVP_MD_CTX_type(ctx2)) {
        printf("error copying over\n");
        return -1;
    }
    ret = EVP_MD_CTX_copy_ex(ctx2, ctx);
    if (EVP_MD_type(EVP_sha256()) == EVP_MD_CTX_type(ctx2)) {
        printf("error copying over\n");
        return -1;
    }
    if (EVP_MD_type(EVP_sha1()) != EVP_MD_CTX_type(ctx2)) {
        printf("error copying over\n");
        return -1;
    }
    EVP_MD_CTX_destroy(ctx);
    EVP_MD_CTX_destroy(ctx2);
    return 0;
 }
 #define FOURK_BUFF 4096
 int openssl_pkey0_test(void)
 {
    byte*   prvTmp;
    byte*   pubTmp;
    int prvBytes;
    int pubBytes;
    RSA *prvRsa;
    RSA *pubRsa;
    EVP_PKEY *prvPkey;
    EVP_PKEY *pubPkey;
    EVP_PKEY_CTX *enc;
    EVP_PKEY_CTX *dec;
    int    ret;
    byte   in[] = "Everyone gets Friday off.";
    byte   out[256];
    size_t outlen;
    byte   plain[256];
 #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)
    FILE    *keyFile, *keypubFile;
    char cliKey[]    = "./certs/client-key.der";
    char cliKeypub[] = "./certs/client-keypub.der";
 #endif
 #ifdef WOLFSSL_TEST_CERT
    DecodedCert cert;
 #endif
    prvTmp = (byte*)XMALLOC(FOURK_BUFF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
    if (prvTmp == NULL)
        return -40;
    pubTmp = (byte*)XMALLOC(FOURK_BUFF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
    if (pubTmp == NULL)
        return -40;
 #ifdef USE_CERT_BUFFERS_1024
    XMEMCPY(prvTmp, client_key_der_1024, sizeof_client_key_der_1024);
    prvBytes = sizeof_client_key_der_1024;
    XMEMCPY(prvTmp, client_keypub_der_1024, sizeof_client_keypub_der_1024);
    prvBytes = sizeof_client_keypub_der_2048_der_1024;
 #elif defined(USE_CERT_BUFFERS_2048)
    XMEMCPY(pubTmp, client_key_der_2048, sizeof_client_key_der_2048);
    pubBytes = sizeof_client_key_der_2048;
    XMEMCPY(pubTmp, client_keypub_der_2048, sizeof_client_keypub_der_2048);
    pubBytes = sizeof_client_keypub_der_2048;
 #else
    keyFile = fopen(cliKey, "rb");
    if (!keyFile) {
        err_sys("can't open ./certs/client-key.der, "
                "Please run from wolfSSL home dir", -40);
        XFREE(prvTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
        return -40;
    }
    prvBytes = (int)fread(prvTmp, 1, (int)FOURK_BUFF, keyFile);
    fclose(keyFile);
    keypubFile = fopen(cliKeypub, "rb");
    if (!keypubFile) {
        err_sys("can't open ./certs/client-cert.der, "
                "Please run from wolfSSL home dir", -41);
        XFREE(pubTmp, HEAP_HINT ,DYNAMIC_TYPE_TMP_BUFFER);
        return -41;
    }
    pubBytes = (int)fread(pubTmp, 1, (int)FOURK_BUFF, keypubFile);
    fclose(keypubFile);
    #endif /* USE_CERT_BUFFERS */
        prvRsa = wolfSSL_RSA_new();
        pubRsa = wolfSSL_RSA_new();
        if((prvRsa == NULL) || (pubRsa == NULL)){
          printf("error with RSA_new\n");
          return -1;
        }
        wolfSSL_RSA_LoadDer_ex(prvRsa, prvTmp, prvBytes, WOLFSSL_RSA_LOAD_PRIVATE);
        wolfSSL_RSA_LoadDer_ex(pubRsa, pubTmp, pubBytes, WOLFSSL_RSA_LOAD_PUBLIC);
        prvPkey = wolfSSL_PKEY_new();
        pubPkey = wolfSSL_PKEY_new();
        if((prvPkey == NULL) || (pubPkey == NULL)){
            printf("error with PKEY_new\n");
            return -1;
        }
        ret  = wolfSSL_EVP_PKEY_set1_RSA(prvPkey, prvRsa);
        ret += wolfSSL_EVP_PKEY_set1_RSA(pubPkey, pubRsa);
        if(ret != 2){
            printf("error with PKEY_set1_RSA\n");
            return -1;
        }
        dec = EVP_PKEY_CTX_new(prvPkey, NULL);
        enc = EVP_PKEY_CTX_new(pubPkey, NULL);
        ret = EVP_PKEY_decrypt_init(dec);
        if (ret != 1) {
            printf("error with decrypt init\n");
            return -1;
        }
        ret = EVP_PKEY_encrypt_init(enc);
        if (ret != 1) {
            printf("error with encrypt init\n");
            return -1;
        }
        memset(out, 0, sizeof(out));
        ret = EVP_PKEY_encrypt(enc, out, &outlen, in, sizeof(in));
        if (ret < 0) {
            printf("error encrypting msg\n");
            return -1;
        }
        {
            unsigned char* pt;
            for (printf("encrypted msg[%d] = \n", (int)outlen), pt = out;
                    pt < out + outlen;
                    printf("%c", ((*pt)&0x6f)>='A'?((*pt)&0x6f):'.'), pt++);
            printf("\n");
        }
        memset(plain, 0, sizeof(plain));
        ret = EVP_PKEY_decrypt(dec, plain, &outlen, out, sizeof(out));
        if (ret != 1) {
            printf("error decrypting msg\n");
            return -1;
        }
        {
            unsigned char* pt;
            fflush(stdout);
            printf("\n");
            for (printf("decrypted msg = "), pt = plain;
                    pt < plain + outlen;
                    printf("%c", *pt), pt++);
            printf("\n");
        }
        /* RSA_PKCS1_OAEP_PADDING test */
        ret = EVP_PKEY_decrypt_init(dec);
        if (ret != 1) {
            printf("error with decrypt init\n");
            return -1;
        }
        ret = EVP_PKEY_encrypt_init(enc);
        if (ret != 1) {
            printf("error with encrypt init\n");
            return -1;
        }
        if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_PADDING) <= 0) {
              printf("first set rsa padding error\n");
              return -1;
        }
        if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_OAEP_PADDING) <= 0){
            printf("second set rsa padding error\n");
            return -1;
        }
        if (EVP_PKEY_CTX_set_rsa_padding(enc, RSA_PKCS1_OAEP_PADDING) <= 0) {
            printf("third set rsa padding error\n");
            return -1;
        }
        memset(out, 0, sizeof(out));
        ret = EVP_PKEY_encrypt(enc, out, &outlen, in, sizeof(in));
        if (ret < 0) {
            printf("error encrypting msg\n");
            return -1;
        }
        {
            unsigned char* pt;
            for (printf("encrypted msg[%d] = \n", (int)outlen), pt = out;
                    pt < out + outlen;
                    printf("%c", ((*pt)&0x6f)>='A'?((*pt)&0x6f):'.'), pt++);
            printf("\n");
        }
        memset(plain, 0, sizeof(plain));
        ret = EVP_PKEY_decrypt(dec, plain, &outlen, out, sizeof(out));
        if (ret != 1) {
            printf("error decrypting msg\n");
            return -1;
        }
        {
            unsigned char* pt;
            fflush(stdout);
            printf("\n");
            for (printf("decrypted msg = "), pt = plain;
                    pt < plain + outlen;
                    printf("%c", *pt), pt++);
            printf("\n");
        }
        wolfSSL_RSA_free(prvRsa);
        wolfSSL_RSA_free(pubRsa);
        EVP_PKEY_free(pubPkey);
        EVP_PKEY_free(prvPkey);
        EVP_PKEY_CTX_free(dec);
        EVP_PKEY_CTX_free(enc);
        XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
        XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
        return 0;
 }
 #endif /* OPENSSL_EXTRA */
 #ifndef NO_PWDBASED
--- a/wolfssl/openssl/evp.h
+++ b/wolfssl/openssl/evp.h
@@ -48,6 +48,7 @@
 #include <wolfssl/wolfcrypt/des3.h>
 #include <wolfssl/wolfcrypt/arc4.h>
 #include <wolfssl/wolfcrypt/hmac.h>
 #include <wolfssl/wolfcrypt/random.h>
 #ifdef HAVE_IDEA
    #include <wolfssl/wolfcrypt/idea.h>
 #endif
@@ -344,6 +345,7 @@ WOLFSSL_API const WOLFSSL_EVP_MD* wolfSSL_EVP_get_digestbynid(int);
 WOLFSSL_API WOLFSSL_RSA* wolfSSL_EVP_PKEY_get1_RSA(WOLFSSL_EVP_PKEY*);
 WOLFSSL_API WOLFSSL_DSA* wolfSSL_EVP_PKEY_get1_DSA(WOLFSSL_EVP_PKEY*);
 WOLFSSL_API WOLFSSL_EC_KEY *wolfSSL_EVP_PKEY_get1_EC_KEY(WOLFSSL_EVP_PKEY *key);
 WOLFSSL_API int wolfSSL_EVP_PKEY_set1_RSA(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_RSA *key);
 WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_mac_key(int type, ENGINE* e,
                                          const unsigned char* key, int keylen);
@@ -519,6 +521,7 @@ typedef WOLFSSL_EVP_PKEY_CTX   EVP_PKEY_CTX;
 #define EVP_PKEY_get1_RSA   wolfSSL_EVP_PKEY_get1_RSA
 #define EVP_PKEY_get1_DSA   wolfSSL_EVP_PKEY_get1_DSA
 #define EVP_PKEY_set1_RSA   wolfSSL_EVP_PKEY_set1_RSA
 #define EVP_PKEY_get1_EC_KEY wolfSSL_EVP_PKEY_get1_EC_KEY
 #define EVP_PKEY_get0_hmac   wolfSSL_EVP_PKEY_get0_hmac
 #define EVP_PKEY_new_mac_key wolfSSL_EVP_PKEY_new_mac_key
--- a/wolfssl/openssl/rsa.h
+++ b/wolfssl/openssl/rsa.h
@@ -80,7 +80,10 @@ WOLFSSL_API int wolfSSL_RSA_public_decrypt(int flen, const unsigned char* from,
                                  unsigned char* to, WOLFSSL_RSA*, int padding);
 WOLFSSL_API int wolfSSL_RSA_GenAdd(WOLFSSL_RSA*);
 WOLFSSL_API int wolfSSL_RSA_LoadDer(WOLFSSL_RSA*, const unsigned char*, int sz);
 WOLFSSL_API int wolfSSL_RSA_LoadDer_ex(WOLFSSL_RSA*, const unsigned char*, int sz, int opt);
 #define WOLFSSL_RSA_LOAD_PRIVATE 1
 #define WOLFSSL_RSA_LOAD_PUBLIC  2
 #define RSA_new  wolfSSL_RSA_new
 #define RSA_free wolfSSL_RSA_free
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@@ -201,6 +201,9 @@ typedef struct WOLFSSL_EVP_PKEY {
    union {
        char* ptr; /* der format of key / or raw for NTRU */
    } pkey;
    #ifdef OPENSSL_EXTRA
    WC_RNG rng;
    #endif
    #ifdef HAVE_ECC
        int pkey_curve;
    #endif