diff --git a/src/ssl.c b/src/ssl.c index dfd178a83..32378861c 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -31182,6 +31182,8 @@ WOLFSSL_DH* wolfSSL_DH_new(void) return NULL; } external->internal = key; + external->priv_key = wolfSSL_BN_new(); + external->pub_key = wolfSSL_BN_new(); return external; } @@ -31995,8 +31997,6 @@ int wolfSSL_DH_set0_pqg(WOLFSSL_DH *dh, WOLFSSL_BIGNUM *p, wolfSSL_BN_free(dh->p); wolfSSL_BN_free(dh->q); wolfSSL_BN_free(dh->g); - wolfSSL_BN_free(dh->pub_key); - wolfSSL_BN_free(dh->priv_key); dh->p = p; dh->q = q; @@ -39821,6 +39821,9 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) #endif #ifdef HAVE_ECC ecc_key ecc; + #endif + #ifndef NO_DSA + DsaKey dsa; #endif WC_RNG rng; word32 idx = 0; @@ -39878,6 +39881,21 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) } key = (void*)&ecc; } + #endif + #ifndef NO_DSA + if (x509->pubKeyOID == DSAk) { + type = DSA_TYPE; + ret = wc_InitDsaKey(&dsa); + if (ret != 0) + return ret; + ret = wc_DsaPublicKeyDecode(x509->pubKey.buffer, &idx, &dsa, + x509->pubKey.length); + if (ret != 0) { + wc_FreeDsaKey(&dsa); + return ret; + } + key = (void*)&dsa; + } #endif if (key == NULL) { WOLFSSL_MSG("No public key found for certificate"); @@ -51676,6 +51694,8 @@ int wolfSSL_X509_set_pubkey(WOLFSSL_X509 *cert, WOLFSSL_EVP_PKEY *pkey) cert->pubKeyOID = RSAk; else if (pkey->type == EVP_PKEY_EC) cert->pubKeyOID = ECDSAk; + else if (pkey->type == EVP_PKEY_DSA) + cert->pubKeyOID = DSAk; else return WOLFSSL_FAILURE; diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 1fe8c09d8..385b5d99d 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -13435,7 +13435,7 @@ int SetName(byte* output, word32 outputSz, CertName* name) /* encode info from cert into DER encoded format */ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey, - WC_RNG* rng, const byte* ntruKey, word16 ntruSz, + WC_RNG* rng, const byte* ntruKey, word16 ntruSz, DsaKey* dsaKey, ed25519_key* ed25519Key, ed448_key* ed448Key) { int ret; @@ -13445,7 +13445,7 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey, /* make sure at least one key type is provided */ if (rsaKey == NULL && eccKey == NULL && ed25519Key == NULL && - ed448Key == NULL && ntruKey == NULL) { + dsaKey == NULL && ed448Key == NULL && ntruKey == NULL) { return PUBLIC_KEY_E; } @@ -13493,6 +13493,15 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey, } #endif +#ifndef NO_DSA + if (cert->keyType == DSA_KEY) { + if (dsaKey == NULL) + return PUBLIC_KEY_E; + der->publicKeySz = wc_SetDsaPublicKey(der->publicKey, dsaKey, + sizeof(der->publicKey), 1); + } +#endif + #ifdef HAVE_ED25519 if (cert->keyType == ED25519_KEY) { if (ed25519Key == NULL) @@ -13997,7 +14006,7 @@ int AddSignature(byte* buf, int bodySz, const byte* sig, int sigSz, /* Make an x509 Certificate v3 any key type from cert input, write to buffer */ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz, RsaKey* rsaKey, ecc_key* eccKey, WC_RNG* rng, - const byte* ntruKey, word16 ntruSz, + DsaKey* dsaKey, const byte* ntruKey, word16 ntruSz, ed25519_key* ed25519Key, ed448_key* ed448Key) { int ret; @@ -14007,12 +14016,23 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz, DerCert der[1]; #endif - if (derBuffer == NULL) { + if (derBuffer == NULL) return BAD_FUNC_ARG; - } - cert->keyType = eccKey ? ECC_KEY : (rsaKey ? RSA_KEY : - (ed25519Key ? ED25519_KEY : (ed448Key ? ED448_KEY : NTRU_KEY))); + if (eccKey) + cert->keyType = ECC_KEY; + else if (rsaKey) + cert->keyType = RSA_KEY; + else if (dsaKey) + cert->keyType = DSA_KEY; + else if (ed25519Key) + cert->keyType = ED25519_KEY; + else if (ed448Key) + cert->keyType = ED448_KEY; + else if (ntruKey) + cert->keyType = NTRU_KEY; + else + return BAD_FUNC_ARG; #ifdef WOLFSSL_SMALL_STACK der = (DerCert*)XMALLOC(sizeof(DerCert), cert->heap, DYNAMIC_TYPE_TMP_BUFFER); @@ -14020,7 +14040,7 @@ static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz, return MEMORY_E; #endif - ret = EncodeCert(cert, der, rsaKey, eccKey, rng, ntruKey, ntruSz, + ret = EncodeCert(cert, der, rsaKey, eccKey, rng, ntruKey, ntruSz, dsaKey, ed25519Key, ed448Key); if (ret == 0) { if (der->total + MAX_SEQ_SZ * 2 > (int)derSz) @@ -14042,12 +14062,15 @@ int wc_MakeCert_ex(Cert* cert, byte* derBuffer, word32 derSz, int keyType, void* key, WC_RNG* rng) { RsaKey* rsaKey = NULL; + DsaKey* dsaKey = NULL; ecc_key* eccKey = NULL; ed25519_key* ed25519Key = NULL; ed448_key* ed448Key = NULL; if (keyType == RSA_TYPE) rsaKey = (RsaKey*)key; + else if (keyType == DSA_TYPE) + dsaKey = (DsaKey*)key; else if (keyType == ECC_TYPE) eccKey = (ecc_key*)key; else if (keyType == ED25519_TYPE) @@ -14055,14 +14078,14 @@ int wc_MakeCert_ex(Cert* cert, byte* derBuffer, word32 derSz, int keyType, else if (keyType == ED448_TYPE) ed448Key = (ed448_key*)key; - return MakeAnyCert(cert, derBuffer, derSz, rsaKey, eccKey, rng, NULL, 0, - ed25519Key, ed448Key); + return MakeAnyCert(cert, derBuffer, derSz, rsaKey, eccKey, rng, dsaKey, + NULL, 0, ed25519Key, ed448Key); } /* Make an x509 Certificate v3 RSA or ECC from cert input, write to buffer */ int wc_MakeCert(Cert* cert, byte* derBuffer, word32 derSz, RsaKey* rsaKey, ecc_key* eccKey, WC_RNG* rng) { - return MakeAnyCert(cert, derBuffer, derSz, rsaKey, eccKey, rng, NULL, 0, + return MakeAnyCert(cert, derBuffer, derSz, rsaKey, eccKey, rng, NULL, NULL, 0, NULL, NULL); } @@ -14072,7 +14095,7 @@ int wc_MakeCert(Cert* cert, byte* derBuffer, word32 derSz, RsaKey* rsaKey, int wc_MakeNtruCert(Cert* cert, byte* derBuffer, word32 derSz, const byte* ntruKey, word16 keySz, WC_RNG* rng) { - return MakeAnyCert(cert, derBuffer, derSz, NULL, NULL, rng, + return MakeAnyCert(cert, derBuffer, derSz, NULL, NULL, rng, NULL, ntruKey, keySz, NULL, NULL); } @@ -14161,8 +14184,8 @@ static int SetReqAttrib(byte* output, char* pw, int pwPrintableString, /* encode info from cert into DER encoded format */ static int EncodeCertReq(Cert* cert, DerCert* der, RsaKey* rsaKey, - ecc_key* eccKey, ed25519_key* ed25519Key, - ed448_key* ed448Key) + DsaKey* dsaKey, ecc_key* eccKey, + ed25519_key* ed25519Key, ed448_key* ed448Key) { (void)eccKey; (void)ed25519Key; @@ -14172,7 +14195,7 @@ static int EncodeCertReq(Cert* cert, DerCert* der, RsaKey* rsaKey, return BAD_FUNC_ARG; if (rsaKey == NULL && eccKey == NULL && ed25519Key == NULL && - ed448Key == NULL) { + dsaKey == NULL && ed448Key == NULL) { return PUBLIC_KEY_E; } @@ -14219,6 +14242,15 @@ static int EncodeCertReq(Cert* cert, DerCert* der, RsaKey* rsaKey, } #endif +#ifndef NO_DSA + if (cert->keyType == DSA_KEY) { + if (dsaKey == NULL) + return PUBLIC_KEY_E; + der->publicKeySz = wc_SetDsaPublicKey(der->publicKey, dsaKey, + sizeof(der->publicKey), 1); + } +#endif + #ifdef HAVE_ECC if (cert->keyType == ECC_KEY) { if (eccKey == NULL) @@ -14434,8 +14466,8 @@ static int WriteCertReqBody(DerCert* der, byte* buf) static int MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz, - RsaKey* rsaKey, ecc_key* eccKey, ed25519_key* ed25519Key, - ed448_key* ed448Key) + RsaKey* rsaKey, DsaKey* dsaKey, ecc_key* eccKey, + ed25519_key* ed25519Key, ed448_key* ed448Key) { int ret; #ifdef WOLFSSL_SMALL_STACK @@ -14444,8 +14476,18 @@ static int MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz, DerCert der[1]; #endif - cert->keyType = eccKey ? ECC_KEY : (ed25519Key ? ED25519_KEY : - (ed448Key ? ED448_KEY: RSA_KEY)); + if (eccKey) + cert->keyType = ECC_KEY; + else if (rsaKey) + cert->keyType = RSA_KEY; + else if (dsaKey) + cert->keyType = DSA_KEY; + else if (ed25519Key) + cert->keyType = ED25519_KEY; + else if (ed448Key) + cert->keyType = ED448_KEY; + else + return BAD_FUNC_ARG; #ifdef WOLFSSL_SMALL_STACK der = (DerCert*)XMALLOC(sizeof(DerCert), cert->heap, @@ -14454,7 +14496,7 @@ static int MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz, return MEMORY_E; #endif - ret = EncodeCertReq(cert, der, rsaKey, eccKey, ed25519Key, ed448Key); + ret = EncodeCertReq(cert, der, rsaKey, dsaKey, eccKey, ed25519Key, ed448Key); if (ret == 0) { if (der->total + MAX_SEQ_SZ * 2 > (int)derSz) @@ -14474,12 +14516,15 @@ int wc_MakeCertReq_ex(Cert* cert, byte* derBuffer, word32 derSz, int keyType, void* key) { RsaKey* rsaKey = NULL; + DsaKey* dsaKey = NULL; ecc_key* eccKey = NULL; ed25519_key* ed25519Key = NULL; ed448_key* ed448Key = NULL; if (keyType == RSA_TYPE) rsaKey = (RsaKey*)key; + else if (keyType == DSA_TYPE) + dsaKey = (DsaKey*)key; else if (keyType == ECC_TYPE) eccKey = (ecc_key*)key; else if (keyType == ED25519_TYPE) @@ -14487,14 +14532,14 @@ int wc_MakeCertReq_ex(Cert* cert, byte* derBuffer, word32 derSz, int keyType, else if (keyType == ED448_TYPE) ed448Key = (ed448_key*)key; - return MakeCertReq(cert, derBuffer, derSz, rsaKey, eccKey, ed25519Key, + return MakeCertReq(cert, derBuffer, derSz, rsaKey, dsaKey, eccKey, ed25519Key, ed448Key); } int wc_MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz, RsaKey* rsaKey, ecc_key* eccKey) { - return MakeCertReq(cert, derBuffer, derSz, rsaKey, eccKey, NULL, NULL); + return MakeCertReq(cert, derBuffer, derSz, rsaKey, NULL, eccKey, NULL, NULL); } #endif /* WOLFSSL_CERT_REQ */ diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index b6d1e836c..af8faa95d 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -1247,7 +1247,8 @@ enum cert_enums { NTRU_KEY = 11, ECC_KEY = 12, ED25519_KEY = 13, - ED448_KEY = 14 + ED448_KEY = 14, + DSA_KEY = 15 }; #endif /* WOLFSSL_CERT_GEN */