From e319987579415de2f4bd3c53ab38171bead5f8e8 Mon Sep 17 00:00:00 2001 From: MJSPollard Date: Mon, 2 Jul 2018 10:48:02 -0600 Subject: [PATCH 1/8] Added wolfSSl compatability for Asio C++ library --- configure.ac | 31 +++- src/ssl.c | 323 ++++++++++++++++++++++++++++++++++++++---- tests/api.c | 153 +++++++++++++++++++- wolfssl/openssl/ssl.h | 38 ++++- wolfssl/ssl.h | 23 ++- 5 files changed, 533 insertions(+), 35 deletions(-) diff --git a/configure.ac b/configure.ac index e422cd2db..997c03c75 100644 --- a/configure.ac +++ b/configure.ac @@ -180,6 +180,7 @@ then enable_haproxy=yes enable_stunnel=yes enable_nginx=yes + enable_asio=yes enable_pwdbased=yes enable_aeskeywrap=yes enable_x963kdf=yes @@ -428,6 +429,7 @@ AM_CONDITIONAL([BUILD_RNG], [test "x$ENABLED_RNG" = "xyes"]) # signal (--enable-signal) # lighty (--enable-lighty) HAVE_LIGHTY # stunnel (--enable-stunnel) HAVE_STUNNEL +# asio (--enable-asio) WOLFSSL_ASIO # HAVE_POCO_LIB # WOLFSSL_MYSQL_COMPATIBLE # web server (--enable-webserver) HAVE_WEBSERVER @@ -2992,6 +2994,30 @@ then AM_CFLAGS="$AM_CFLAGS -DHAVE_EXT_CACHE -DHAVE_EX_DATA" fi +# Asio Support +AC_ARG_ENABLE([asio], + [AS_HELP_STRING([--enable-asio],[Enable asio (default: disabled)])], + [ ENABLED_ASIO=$enableval ], + [ ENABLED_ASIO=no ] + ) +if test "$ENABLED_ASIO" = "yes" +then + # Requires opensslall make sure on + if test "x$ENABLED_OPENSSLALL" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno" + then + ENABLED_OPENSSLALL="yes" + AM_CFLAGS="-DOPENSSL_ALL $AM_CFLAGS" + fi + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASIO -DWOLFSSL_KEY_GEN" + + # Requires OCSP make sure on + if test "x$ENABLED_OCSP" = "xno" + then + ENABLED_OCSP="yes" + AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP" + AM_CONDITIONAL([BUILD_OCSP], [test "x$ENABLED_OCSP" = "xyes"]) + fi +fi # stunnel Support AC_ARG_ENABLE([stunnel], @@ -3139,9 +3165,9 @@ AC_ARG_ENABLE([pwdbased], if test "$ENABLED_PWDBASED" = "no" then - if test "$ENABLED_OPENSSLEXTRA" = "yes" || test "$ENABLED_WEBSERVER" = "yes" || test "$ENABLED_ENCKEYS" = "yes" + if test "$ENABLED_OPENSSLEXTRA" = "yes" || test "$ENABLED_OPENSSLALL" = "yes" || test "$ENABLED_WEBSERVER" = "yes" || test "$ENABLED_ENCKEYS" = "yes" then - # opensslextra, webserver and enckeys needs pwdbased + # opensslextra, opensslall, webserver, and enckeys needs pwdbased ENABLED_PWDBASED=yes else AM_CFLAGS="$AM_CFLAGS -DNO_PWDBASED" @@ -4409,6 +4435,7 @@ echo " * LIGHTY: $ENABLED_LIGHTY" echo " * HAPROXY: $ENABLED_HAPROXY" echo " * STUNNEL: $ENABLED_STUNNEL" echo " * NGINX: $ENABLED_NGINX" +echo " * ASIO: $ENABLED_ASIO" echo " * SIGNAL: $ENABLED_SIGNAL" echo " * ERROR_STRINGS: $ENABLED_ERROR_STRINGS" echo " * DTLS: $ENABLED_DTLS" diff --git a/src/ssl.c b/src/ssl.c index 4a85872d5..974a32459 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -24672,11 +24672,8 @@ int wolfSSL_HMAC_CTX_copy(WOLFSSL_HMAC_CTX* des, WOLFSSL_HMAC_CTX* src) return WOLFSSL_SUCCESS; } - -#if defined(HAVE_FIPS) && \ - (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)) - -static int _HMAC_Init(Hmac* hmac, int type, void* heap) +#ifdef HAVE_FIPS +int _InitHmac(Hmac* hmac, int type, void* heap) { int ret = 0; @@ -24722,21 +24719,6 @@ static int _HMAC_Init(Hmac* hmac, int type, void* heap) break; #endif /* HAVE_BLAKE2 */ - #ifdef WOLFSSL_SHA3 - case WC_SHA3_224: - ret = wc_InitSha3_224(&hmac->hash.sha3, heap, INVALID_DEVID); - break; - case WC_SHA3_256: - ret = wc_InitSha3_256(&hmac->hash.sha3, heap, INVALID_DEVID); - break; - case WC_SHA3_384: - ret = wc_InitSha3_384(&hmac->hash.sha3, heap, INVALID_DEVID); - break; - case WC_SHA3_512: - ret = wc_InitSha3_512(&hmac->hash.sha3, heap, INVALID_DEVID); - break; - #endif - default: ret = BAD_FUNC_ARG; break; @@ -24746,10 +24728,7 @@ static int _HMAC_Init(Hmac* hmac, int type, void* heap) return ret; } - -#else - #define _HMAC_Init _InitHmac -#endif +#endif /* HAVE_FIPS */ int wolfSSL_HMAC_Init(WOLFSSL_HMAC_CTX* ctx, const void* key, int keylen, @@ -24847,7 +24826,7 @@ int wolfSSL_HMAC_Init(WOLFSSL_HMAC_CTX* ctx, const void* key, int keylen, WC_HMAC_BLOCK_SIZE); XMEMCPY((byte *)&ctx->hmac.opad, (byte *)&ctx->save_opad, WC_HMAC_BLOCK_SIZE); - if ((hmac_error = _HMAC_Init(&ctx->hmac, ctx->hmac.macType, heap)) + if ((hmac_error = _InitHmac(&ctx->hmac, ctx->hmac.macType, heap)) !=0) { return hmac_error; } @@ -27708,7 +27687,74 @@ WOLFSSL_RSA *wolfSSL_d2i_RSAPublicKey(WOLFSSL_RSA **r, const unsigned char **pp, return rsa; } -#if !defined(HAVE_FAST_RSA) +WOLFSSL_RSA *wolfSSL_d2i_RSAPrivateKey(WOLFSSL_RSA **r, const unsigned char **derBuf, long derSz) +{ + WOLFSSL_ENTER("d2i_RSAPrivateKey"); + + WOLFSSL_RSA *rsa = NULL; + + if(derBuf == NULL){ + WOLFSSL_MSG("Bad argument"); + return NULL; + } + if((rsa = wolfSSL_RSA_new()) == NULL){ + WOLFSSL_MSG("RSA_new failed"); + return NULL; + } + + if(wolfSSL_RSA_LoadDer_ex(rsa, *derBuf, (int)derSz, WOLFSSL_RSA_LOAD_PRIVATE) + != WOLFSSL_SUCCESS){ + WOLFSSL_MSG("RSA_LoadDer failed"); + return NULL; + } + if(r != NULL) + *r = rsa; + return rsa; +} + +#if !defined(NO_RSA) && !defined(HAVE_FAST_RSA) +int wolfSSL_i2d_RSAPrivateKey(WOLFSSL_RSA *rsa, const unsigned char **pp) +{ + WOLFSSL_ENTER("i2d_RSAPrivateKey"); + + byte* der = NULL; + int derMax; + int ret; + + if((rsa == NULL) || (pp == NULL)) { + WOLFSSL_MSG("Bad Function Arguments"); + return BAD_FUNC_ARG; + } + + if((ret = SetRsaInternal(rsa)) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("SetRsaInternal Failed"); + return ret; + } + + /* 5 > size of n, d, p, q, d%(p-1), d(q-1), 1/q%p, e + ASN.1 additional + * informations + */ + derMax = 5 * wolfSSL_RSA_size(rsa) + AES_BLOCK_SIZE; + + der = (byte*)XMALLOC(derMax, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (der == NULL) { + WOLFSSL_MSG("Malloc failed"); + return WOLFSSL_FAILURE; + } + + /* RSA key to DER */ + if((ret = wc_RsaKeyToDer((RsaKey *)rsa->internal, der, derMax)) < 0) { + WOLFSSL_MSG("RsaKeyToDer failed"); + XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); + der = NULL; + return ret; + } + + *pp = der; + return ret; /* returns size of der if successful */ +} + + int wolfSSL_i2d_RSAPublicKey(WOLFSSL_RSA *rsa, const unsigned char **pp) { byte *der; @@ -30871,10 +30917,231 @@ int wolfSSL_get_state(const WOLFSSL* ssl) } #endif /* HAVE_LIGHTY || HAVE_STUNNEL || WOLFSSL_MYSQL_COMPATIBLE */ +#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) +VerifyCallback wolfSSL_get_verify_callback(WOLFSSL* ssl) +{ + WOLFSSL_ENTER("wolfSSL_get_verify_callback"); + if(ssl) { + return ssl->verifyCallback; + } + return NULL; +} + +int wolfSSL_BIO_new_bio_pair(WOLFSSL_BIO **bio1_p, size_t writebuf1, + WOLFSSL_BIO **bio2_p, size_t writebuf2) +{ + WOLFSSL_BIO *bio1 = NULL, *bio2 = NULL; + int ret = 1; + + if (bio1_p == NULL || bio2_p == NULL) { + WOLFSSL_MSG("Bad Function Argument"); + return BAD_FUNC_ARG; + } + + if((bio1 = wolfSSL_BIO_new(wolfSSL_BIO_s_bio())) == NULL) { + WOLFSSL_MSG("Bio allocation failed"); + ret = WOLFSSL_FAILURE; + } + if(ret){ + if((bio2 = wolfSSL_BIO_new(wolfSSL_BIO_s_bio())) == NULL) { + WOLFSSL_MSG("Bio allocation failed"); + ret = WOLFSSL_FAILURE; + } + } + if(ret && writebuf1){ + if(!(ret = wolfSSL_BIO_set_write_buf_size(bio1, writebuf1))) { + WOLFSSL_MSG("BIO_set_write_buf failed"); + } + } + if(ret && writebuf2){ + if(!(ret = wolfSSL_BIO_set_write_buf_size(bio2, writebuf2))){ + WOLFSSL_MSG("BIO_set_write_buf failed"); + } + } + if(ret){ + if((ret = wolfSSL_BIO_make_bio_pair(bio1, bio2))) { + *bio1_p = bio1; + *bio2_p = bio2; + } + } + if(!ret) { + wolfSSL_BIO_free(bio1); + bio1 = NULL; + wolfSSL_BIO_free(bio2); + bio2 = NULL; + } + return ret; +} + + +#if !defined(NO_RSA) +WOLFSSL_RSA* wolfSSL_d2i_RSAPrivateKey_bio(WOLFSSL_BIO *bio, WOLFSSL_RSA **out) +{ + const unsigned char* mem; + long memSz; + WOLFSSL_RSA* key = NULL; + + WOLFSSL_ENTER("wolfSSL_d2i_RSAPrivateKey_bio()"); + + if (bio == NULL) { + WOLFSSL_MSG("Bad Function Argument"); + return NULL; + } + (void)out; + + memSz = wolfSSL_BIO_pending(bio); + if (memSz <= 0) { + WOLFSSL_MSG("wolfSSL_BIO_pending failure"); + return NULL; + } + + mem = (unsigned char*)XMALLOC(memSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (mem == NULL) { + WOLFSSL_MSG("Malloc failure"); + return NULL; + } + + if (wolfSSL_BIO_read(bio, (unsigned char*)mem, (int)memSz) == memSz) { + key = wolfSSL_d2i_RSAPrivateKey(NULL, &mem, memSz); + if (out != NULL && key != NULL) { + *out = key; + } + } + + XFREE((unsigned char*)mem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + return key; +} +#endif + + +int wolfSSL_CTX_use_certificate_ASN1(WOLFSSL_CTX *ctx, int derSz, const unsigned char *der) +{ + WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_ASN1"); + if (der != NULL && ctx != NULL) { + if(wolfSSL_CTX_use_certificate_buffer(ctx, der, derSz, + WOLFSSL_FILETYPE_ASN1) == WOLFSSL_SUCCESS) + return WOLFSSL_SUCCESS; + } + return WOLFSSL_FAILURE; +} + + +#if !defined(NO_RSA) && !defined(HAVE_FAST_RSA) +int wolfSSL_CTX_use_RSAPrivateKey(WOLFSSL_CTX* ctx, WOLFSSL_RSA* rsa) +{ + WOLFSSL_ENTER("wolfSSL_CTX_use_RSAPrivateKey"); + + int ret; + int derSize; + const unsigned char* derBuf = NULL; + WOLFSSL_EVP_PKEY* pkey = NULL; + WOLFSSL_BIO* bio = NULL; + + if (ctx == NULL || rsa == NULL) { + WOLFSSL_MSG("one or more inputs were NULL"); + return BAD_FUNC_ARG; + } + + if((bio = BIO_new(BIO_s_mem())) == NULL){ + WOLFSSL_MSG("Set bio Failed"); + return WOLFSSL_FAILURE; + } + + pkey = wolfSSL_PKEY_new_ex(bio->heap); + pkey->type = EVP_PKEY_RSA; + pkey->rsa = rsa; + pkey->ownRsa = 0; + + /* convert RSA internal to der */ + if((derSize = wolfSSL_i2d_RSAPrivateKey(rsa, &derBuf)) <= 0) { + WOLFSSL_MSG("wolfSSL_i2d_RSAPrivateKey failed"); + XFREE((unsigned char*)derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + wolfSSL_EVP_PKEY_free(pkey); + wolfSSL_BIO_free(bio); + return WOLFSSL_FAILURE; + } + + pkey->pkey.ptr = (char*)XMALLOC(derSize, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (pkey->pkey.ptr == NULL) { + WOLFSSL_MSG("pkey malloc failed"); + XFREE((unsigned char*)derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + wolfSSL_EVP_PKEY_free(pkey); + wolfSSL_BIO_free(bio); + return WOLFSSL_FAILURE; + } + + pkey->pkey_sz = derSize; + XMEMCPY(pkey->pkey.ptr, derBuf, derSize); + + /*adds the private key rsa to ctx.*/ + ret = wolfSSL_CTX_use_PrivateKey(ctx, pkey); + + wolfSSL_BIO_free(bio); + wolfSSL_EVP_PKEY_free(pkey); + XFREE((unsigned char*)derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return ret; +} +#endif /* NO_RSA && !HAVE_FAST_RSA */ + + +WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_bio(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY** out) +{ + const unsigned char* mem; + long memSz; + WOLFSSL_EVP_PKEY* key = NULL; + int type; + int algoID = 0; + + WOLFSSL_ENTER("wolfSSL_d2i_PrivateKey_bio()"); + if (bio == NULL) { + return NULL; + } + (void)out; + + memSz = wolfSSL_BIO_pending(bio); + if (memSz <= 0) { + WOLFSSL_MSG("wolfSSL_BIO_pending failure"); + return NULL; + } + mem = (unsigned char*)XMALLOC(memSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (mem == NULL) { + WOLFSSL_MSG("Malloc failure"); + return NULL; + } + const unsigned char* memptr = mem; + + if (wolfSSL_BIO_read(bio, (unsigned char*)mem, (int)memSz) == memSz) { + /* Determines key type */ + if ((wc_GetKeyOID((unsigned char*)mem, memSz, NULL, NULL, &algoID, NULL)) < 0) { + XFREE((unsigned char*)memptr, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + return NULL; + } + + if (algoID == ECDSAk) { + type = EVP_PKEY_EC; + } else if (algoID == RSAk) { + type = EVP_PKEY_RSA; + } else { + WOLFSSL_MSG("Error determining correct key type"); + XFREE((unsigned char*)memptr, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + return NULL; + } + + key = wolfSSL_d2i_PrivateKey(type, &key, &mem, memSz); + if (out != NULL && key != NULL) { + *out = key; + } + } + XFREE((unsigned char*)memptr, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + return key; +} +#endif /* OPENSSL_ALL || WOLFSSL_ASIO */ + /* stunnel compatibility functions*/ -#if defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX)) -void WOLFSSL_ERR_remove_thread_state(void* pid) +#if (defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX)))\ + || (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)) +void wolfSSL_ERR_remove_thread_state(void* pid) { (void) pid; return; diff --git a/tests/api.c b/tests/api.c index 832b164d8..7524161c0 100644 --- a/tests/api.c +++ b/tests/api.c @@ -283,7 +283,7 @@ #include #endif -#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) +#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_ALL)) #include #ifndef NO_ASN /* for ASN_COMMON_NAME DN_tags enum */ @@ -554,6 +554,29 @@ static void test_wolfSSL_CTX_use_certificate_file(void) #endif } +#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) +static int test_wolfSSL_CTX_use_certificate_ASN1(void) +{ +#if !defined(NO_CERTS) && !defined(NO_WOLFSSL_SERVER) && !defined(NO_ASN) + WOLFSSL_CTX* ctx; + int ret; + + printf(testingFmt, "wolfSSL_CTX_use_certificate_ASN1()"); + AssertNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); + + ret = SSL_CTX_use_certificate_ASN1(ctx, sizeof_server_cert_der_2048, + server_cert_der_2048); + + printf(resultFmt, ret == WOLFSSL_SUCCESS ? passed : failed); + wolfSSL_CTX_free(ctx); + + return ret; +#else + return WOLFSSL_SUCCESS; +#endif +} +#endif /* OPENSSL_ALL || WOLFSSL_ASIO */ + /* Test function for wolfSSL_CTX_use_certificate_buffer. Load cert into * context using buffer. * PRE: NO_CERTS not defined; USE_CERT_BUFFERS_2048 defined; compile with @@ -17113,6 +17136,19 @@ static void test_wolfSSL_BIO(void) BIO_free(bio1); BIO_free(bio3); + #if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) + { + BIO* bioA = NULL; + BIO* bioB = NULL; + AssertIntEQ(BIO_new_bio_pair(NULL, 256, NULL, 256), BAD_FUNC_ARG); + AssertIntEQ(BIO_new_bio_pair(&bioA, 256, &bioB, 256), WOLFSSL_SUCCESS); + BIO_free(bioA); + bioA = NULL; + BIO_free(bioB); + bioB = NULL; + } + #endif /* OPENSSL_ALL || WOLFSSL_ASIO */ + /* BIOs with file pointers */ #if !defined(NO_FILESYSTEM) { @@ -17949,6 +17985,110 @@ static void test_wolfSSL_d2i_PUBKEY(void) #endif } +#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) +static void test_wolfSSL_d2i_PrivateKeys_bio(void) +{ + BIO* bio = NULL; + EVP_PKEY* pkey = NULL; + RSA* rsa = NULL; + WOLFSSL_CTX* ctx; + const unsigned char* buffer = NULL; + + printf(testingFmt, "wolfSSL_d2i_PrivateKeys_bio()"); + + /* test creating new EVP_PKEY with bad arg */ + AssertNull((pkey = d2i_PrivateKey_bio(NULL, NULL))); + + /* test loading RSA key using BIO */ +#if !defined(NO_RSA) && !defined(NO_FILESYSTEM) + { + XFILE file; + const char* fname = "./certs/server-key.der"; + size_t sz; + byte* buf; + + file = XFOPEN(fname, "rb"); + AssertTrue((file != XBADFILE)); + XFSEEK(file, 0, XSEEK_END); + sz = XFTELL(file); + XREWIND(file); + AssertNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)); + AssertIntEQ(XFREAD(buf, 1, sz, file), sz); + XFCLOSE(file); + + /* Test using BIO new mem and loading DER private key */ + AssertNotNull(bio = BIO_new_mem_buf(buf, (int)sz)); + AssertNotNull((pkey = d2i_PrivateKey_bio(bio, NULL))); + XFREE(buf, NULL, DYNAMIC_TYPE_FILE); + BIO_free(bio); + bio = NULL; + EVP_PKEY_free(pkey); + pkey = NULL; + } +#endif + + /* test loading ECC key using BIO */ +#if defined(HAVE_ECC) && !defined(NO_FILESYSTEM) + { + XFILE file; + const char* fname = "./certs/ecc-key.der"; + size_t sz; + byte* buf; + + file = XFOPEN(fname, "rb"); + AssertTrue((file != XBADFILE)); + XFSEEK(file, 0, XSEEK_END); + sz = XFTELL(file); + XREWIND(file); + AssertNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)); + AssertIntEQ(XFREAD(buf, 1, sz, file), sz); + XFCLOSE(file); + + /* Test using BIO new mem and loading DER private key */ + AssertNotNull(bio = BIO_new_mem_buf(buf, (int)sz)); + AssertNotNull((pkey = d2i_PrivateKey_bio(bio, NULL))); + XFREE(buf, NULL, DYNAMIC_TYPE_FILE); + BIO_free(bio); + bio = NULL; + EVP_PKEY_free(pkey); + pkey = NULL; + } +#endif + + AssertNotNull(bio = BIO_new(BIO_s_mem())); + AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); + + /* Tests bad parameters */ + AssertNull(d2i_RSAPrivateKey_bio(NULL, NULL)); + + /* RSA not set yet, expecting to fail*/ + AssertIntEQ(SSL_CTX_use_RSAPrivateKey(ctx, rsa), BAD_FUNC_ARG); + +#if defined(USE_CERT_BUFFERS_2048) && !defined(NO_RSA) + /* set RSA using bio*/ + AssertIntGT(BIO_write(bio, client_key_der_2048, + sizeof_client_key_der_2048), 0); + AssertNotNull(rsa = d2i_RSAPrivateKey_bio(bio, NULL)); + + AssertIntEQ(SSL_CTX_use_RSAPrivateKey(ctx, rsa), WOLFSSL_SUCCESS); + + /*i2d RSAprivate key tests */ + AssertIntEQ(wolfSSL_i2d_RSAPrivateKey(NULL, NULL), BAD_FUNC_ARG); + AssertIntEQ(wolfSSL_i2d_RSAPrivateKey(rsa, &buffer), + sizeof_client_key_der_2048); + RSA_free(rsa); + XFREE((unsigned char*)buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + SSL_CTX_free(ctx); + ctx = NULL; + BIO_free(bio); + bio = NULL; + (void)rsa; + printf(resultFmt, passed); +} +#endif /* OPENSSL_ALL || WOLFSSL_ASIO */ + + static void test_wolfSSL_sk_GENERAL_NAME(void) { #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ @@ -18093,6 +18233,12 @@ static void test_wolfSSL_RSA_DER(void) AssertNotNull(rsa); RSA_free(rsa); } + for (i = 0; tbl[i].der != NULL; i++) + { + AssertNotNull(d2i_RSAPrivateKey(&rsa, &tbl[i].der, tbl[i].sz)); + AssertNotNull(rsa); + RSA_free(rsa); + } printf(resultFmt, passed); #endif @@ -19973,6 +20119,11 @@ void ApiTest(void) test_wolfSSL_i2c_ASN1_INTEGER(); test_wolfSSL_X509_check_ca(); +#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) + AssertIntEQ(test_wolfSSL_CTX_use_certificate_ASN1(), WOLFSSL_SUCCESS); + test_wolfSSL_d2i_PrivateKeys_bio(); +#endif /* OPENSSL_ALL || WOLFSSL_ASIO */ + /* test the no op functions for compatibility */ test_no_op_functions(); diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index a50e99bcb..58047f196 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -525,6 +525,8 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define d2i_PKCS12_bio wolfSSL_d2i_PKCS12_bio #define d2i_PKCS12_fp wolfSSL_d2i_PKCS12_fp #define d2i_RSAPublicKey wolfSSL_d2i_RSAPublicKey +#define d2i_RSAPrivateKey wolfSSL_d2i_RSAPrivateKey +#define i2d_RSAPrivateKey wolfSSL_i2d_RSAPrivateKey #define i2d_RSAPublicKey wolfSSL_i2d_RSAPublicKey #define d2i_X509_CRL wolfSSL_d2i_X509_CRL #define d2i_X509_CRL_fp wolfSSL_d2i_X509_CRL_fp @@ -632,6 +634,39 @@ enum { #define sk_SSL_CIPHER_value wolfSSL_sk_SSL_CIPHER_value #endif /* OPENSSL_ALL || WOLFSSL_HAPROXY */ +#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) +#include + +typedef STACK_OF(WOLFSSL_ASN1_OBJECT) GENERAL_NAMES; +#define SSL_CTRL_CHAIN 88 +#define BIO_CTRL_WPENDING 13 +#define GEN_IPADD 7 +#define ERR_LIB_SSL 20 +#define SSL_R_SHORT_READ 10 +#define ERR_R_PEM_LIB 9 +#define V_ASN1_IA5STRING 22 +#define SSL_CTRL_MODE 33 + +#define SSL_CTX_clear_chain_certs(ctx) SSL_CTX_set0_chain(ctx,NULL) +#define d2i_RSAPrivateKey_bio wolfSSL_d2i_RSAPrivateKey_bio +#define SSL_CTX_use_RSAPrivateKey wolfSSL_CTX_use_RSAPrivateKey +#define d2i_PrivateKey_bio wolfSSL_d2i_PrivateKey_bio +#define ASN1_IA5STRING WOLFSSL_ASN1_STRING +#define ASN1_OCTET_STRING WOLFSSL_ASN1_STRING +#define BIO_new_bio_pair wolfSSL_BIO_new_bio_pair +#define SSL_get_verify_callback wolfSSL_get_verify_callback +#define GENERAL_NAMES_free(GENERAL_NAMES)NULL + +#define SSL_set_mode(ssl,op) wolfSSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL) +#define BIO_wpending(b) wolfSSL_BIO_ctrl(b,BIO_CTRL_WPENDING,0,NULL) +#define SSL_CTX_use_certificate_ASN1 wolfSSL_CTX_use_certificate_ASN1 +#define SSL_CTX_set0_chain(ctx,sk) \ + wolfSSL_CTX_ctrl(ctx,SSL_CTRL_CHAIN,0,(char *)(sk)) +#define SSL_CTX_get_app_data(ctx) wolfSSL_CTX_get_ex_data(ctx,0) +#define SSL_CTX_set_app_data(ctx,arg) wolfSSL_CTX_set_ex_data(ctx,0, \ + (char *)(arg)) +#endif /* OPENSSL_ALL || WOLFSSL_ASIO */ + #define SSL_CTX_set_tmp_dh wolfSSL_CTX_set_tmp_dh #define BIO_new_file wolfSSL_BIO_new_file @@ -789,7 +824,7 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING; #define PSK_MAX_PSK_LEN 256 #define PSK_MAX_IDENTITY_LEN 128 -#define ERR_remove_thread_state WOLFSSL_ERR_remove_thread_state +#define ERR_remove_thread_state wolfSSL_ERR_remove_thread_state #define SSL_CTX_clear_options wolfSSL_CTX_clear_options @@ -930,5 +965,4 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING; } /* extern "C" */ #endif - #endif /* wolfSSL_openssl_h__ */ diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 93a5c3904..d9601ede9 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -222,6 +222,8 @@ struct WOLFSSL_ASN1_OBJECT { struct d { /* derefrenced */ WOLFSSL_ASN1_STRING ia5_internal; WOLFSSL_ASN1_STRING* ia5; /* points to ia5_internal */ + WOLFSSL_ASN1_STRING* dNSName; + WOLFSSL_ASN1_STRING* iPAddress; } d; }; @@ -599,6 +601,17 @@ WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get_session(WOLFSSL*); WOLFSSL_API void wolfSSL_flush_sessions(WOLFSSL_CTX*, long); WOLFSSL_API int wolfSSL_SetServerID(WOLFSSL*, const unsigned char*, int, int); +#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) +WOLFSSL_API int wolfSSL_BIO_new_bio_pair(WOLFSSL_BIO**, size_t, + WOLFSSL_BIO**, size_t); + +WOLFSSL_API WOLFSSL_RSA* wolfSSL_d2i_RSAPrivateKey_bio(WOLFSSL_BIO*, WOLFSSL_RSA**); +WOLFSSL_API int wolfSSL_CTX_use_certificate_ASN1(WOLFSSL_CTX*, + int, const unsigned char*); +WOLFSSL_API int wolfSSL_CTX_use_RSAPrivateKey(WOLFSSL_CTX*, WOLFSSL_RSA*); +WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_bio(WOLFSSL_BIO*, WOLFSSL_EVP_PKEY**); +#endif /* OPENSSL_ALL || WOLFSSL_ASIO */ + #ifdef SESSION_INDEX WOLFSSL_API int wolfSSL_GetSessionIndex(WOLFSSL* ssl); WOLFSSL_API int wolfSSL_GetSessionAtIndex(int index, WOLFSSL_SESSION* session); @@ -1002,8 +1015,12 @@ WOLFSSL_API const char* wolfSSL_state_string_long(const WOLFSSL*); WOLFSSL_API WOLFSSL_RSA* wolfSSL_RSA_generate_key(int, unsigned long, void(*)(int, int, void*), void*); -WOLFSSL_API WOLFSSL_RSA *wolfSSL_d2i_RSAPublicKey(WOLFSSL_RSA **r, const unsigned char **pp, long len); +WOLFSSL_API WOLFSSL_RSA *wolfSSL_d2i_RSAPublicKey(WOLFSSL_RSA **r, + const unsigned char **pp, long len); +WOLFSSL_API WOLFSSL_RSA *wolfSSL_d2i_RSAPrivateKey(WOLFSSL_RSA**, + const unsigned char**, long); WOLFSSL_API int wolfSSL_i2d_RSAPublicKey(WOLFSSL_RSA *r, const unsigned char **pp); +WOLFSSL_API int wolfSSL_i2d_RSAPrivateKey(WOLFSSL_RSA *r, const unsigned char **pp); WOLFSSL_API void wolfSSL_CTX_set_tmp_rsa_callback(WOLFSSL_CTX *, WOLFSSL_RSA *(*)(WOLFSSL *, int, int)); @@ -2721,6 +2738,8 @@ WOLFSSL_API WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL*,WOLFSSL_CTX*); WOLFSSL_API VerifyCallback wolfSSL_CTX_get_verify_callback(WOLFSSL_CTX*); +WOLFSSL_API VerifyCallback wolfSSL_get_verify_callback(WOLFSSL*); + WOLFSSL_API void wolfSSL_CTX_set_servername_callback(WOLFSSL_CTX *, CallbackSniRecv); WOLFSSL_API int wolfSSL_CTX_set_tlsext_servername_callback(WOLFSSL_CTX *, @@ -2728,7 +2747,7 @@ WOLFSSL_API int wolfSSL_CTX_set_tlsext_servername_callback(WOLFSSL_CTX *, WOLFSSL_API void wolfSSL_CTX_set_servername_arg(WOLFSSL_CTX *, void*); -WOLFSSL_API void WOLFSSL_ERR_remove_thread_state(void*); +WOLFSSL_API void wolfSSL_ERR_remove_thread_state(void*); #ifndef NO_FILESYSTEM WOLFSSL_API void wolfSSL_print_all_errors_fp(XFILE *fp); From ac0b31dee8480642bcfd242d72e0c6f92acf9335 Mon Sep 17 00:00:00 2001 From: MJSPollard Date: Tue, 3 Jul 2018 11:07:15 -0600 Subject: [PATCH 2/8] refactored and added defines for wolfSSL/Asio Compat --- src/internal.c | 40 ++- src/ssl.c | 269 ++++++++++++-------- src/tls.c | 8 +- src/tls13.c | 32 +-- tests/api.c | 110 ++++---- wolfcrypt/src/asn.c | 4 +- wolfcrypt/src/pkcs7.c | 387 ++++++++++++++++------------- wolfcrypt/src/port/arm/armv8-aes.c | 16 +- wolfcrypt/test/test.c | 204 ++++++++------- wolfssl/internal.h | 8 +- wolfssl/openssl/asn1.h | 2 +- wolfssl/openssl/ssl.h | 6 +- wolfssl/ssl.h | 22 +- wolfssl/wolfcrypt/asn_public.h | 2 +- wolfssl/wolfcrypt/pkcs7.h | 13 +- 15 files changed, 667 insertions(+), 456 deletions(-) diff --git a/src/internal.c b/src/internal.c index dd60f7d18..df3d79dfd 100644 --- a/src/internal.c +++ b/src/internal.c @@ -8739,6 +8739,15 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, store->userCtx = ssl->verifyCbCtx; store->certs = args->certs; store->totalCerts = args->totalCerts; + + #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) + if (ssl->ctx->x509_store_pt != NULL) { + store->store = ssl->ctx->x509_store_pt; + } + else { + store->store = &ssl->ctx->x509_store; + } + #endif #if !defined(NO_CERTS) InitX509(x509, 1, ssl->heap); #if defined(KEEP_PEER_CERT) || \ @@ -8822,6 +8831,15 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, store->userCtx = ssl->verifyCbCtx; store->certs = args->certs; store->totalCerts = args->totalCerts; + + #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) + if (ssl->ctx->x509_store_pt != NULL) { + store->store = ssl->ctx->x509_store_pt; + } + else { + store->store = &ssl->ctx->x509_store; + } + #endif #if !defined(NO_CERTS) InitX509(x509, 1, ssl->heap); #if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) @@ -9411,6 +9429,15 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, store->userCtx = ssl->verifyCbCtx; store->certs = args->certs; store->totalCerts = args->totalCerts; + + #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) + if (ssl->ctx->x509_store_pt != NULL) { + store->store = ssl->ctx->x509_store_pt; + } + else { + store->store = &ssl->ctx->x509_store; + } + #endif #ifdef KEEP_PEER_CERT if (ssl->peerCert.subject.sz > 0) store->current_cert = &ssl->peerCert; @@ -9464,6 +9491,13 @@ int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, store->userCtx = ssl->verifyCbCtx; store->certs = args->certs; store->totalCerts = args->totalCerts; + + if (ssl->ctx->x509_store_pt != NULL) { + store->store = ssl->ctx->x509_store_pt; + } + else { + store->store = &ssl->ctx->x509_store; + } #ifdef KEEP_PEER_CERT if (ssl->peerCert.subject.sz > 0) store->current_cert = &ssl->peerCert; @@ -12640,8 +12674,8 @@ int ProcessReply(WOLFSSL* ssl) ssl->keys.decryptedCur = 1; #ifdef WOLFSSL_TLS13 if (ssl->options.tls1_3) { - word16 i = ssl->buffers.inputBuffer.length - - ssl->keys.padSz; + word16 i = (word16)(ssl->buffers.inputBuffer.length - + ssl->keys.padSz); /* Remove padding from end of plain text. */ for (--i; i > ssl->buffers.inputBuffer.idx; i--) { if (ssl->buffers.inputBuffer.buffer[i] != 0) @@ -20478,7 +20512,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, /* TLS v1.3 capable server downgraded. */ XMEMCPY(output + idx + RAN_LEN - (TLS13_DOWNGRADE_SZ + 1), tls13Downgrade, TLS13_DOWNGRADE_SZ); - output[idx + RAN_LEN - 1] = IsAtLeastTLSv1_2(ssl); + output[idx + RAN_LEN - 1] = (byte)IsAtLeastTLSv1_2(ssl); } else #endif diff --git a/src/ssl.c b/src/ssl.c index 974a32459..694e65020 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -10846,7 +10846,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) if (wolfSSL_add_all_algorithms() == WOLFSSL_FATAL_ERROR) return WOLFSSL_FATAL_ERROR; - + return WOLFSSL_SUCCESS; } @@ -11333,18 +11333,16 @@ int wolfSSL_set_compression(WOLFSSL* ssl) return ctx->mask; } - + static long wolf_set_options(long old_op, long op); long wolfSSL_CTX_set_options(WOLFSSL_CTX* ctx, long opt) { - WOLFSSL *ssl; WOLFSSL_ENTER("SSL_CTX_set_options"); - if(ctx == NULL) + + if (ctx == NULL) return BAD_FUNC_ARG; - ssl = wolfSSL_new(ctx); - if(ssl == NULL) - return SSL_FAILURE; - ctx->mask = wolfSSL_set_options(ssl, opt); - wolfSSL_free(ssl); + + ctx->mask = wolf_set_options(ctx->mask, opt); + return ctx->mask; } @@ -17842,6 +17840,8 @@ void wolfSSL_PKCS12_PBE_add(void) WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get_chain(WOLFSSL_X509_STORE_CTX* ctx) { + WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_get_chain"); + if (ctx == NULL) { return NULL; } @@ -17860,6 +17860,7 @@ WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get_chain(WOLFSSL_X509_STORE_CTX* ctx) XMEMSET(sk, 0, sizeof(WOLFSSL_STACK)); ctx->chain = sk; + for (i = 0; i < c->count && i < MAX_CHAIN_DEPTH; i++) { WOLFSSL_X509* x509 = wolfSSL_get_chain_X509(c, i); @@ -17872,9 +17873,41 @@ WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get_chain(WOLFSSL_X509_STORE_CTX* ctx) if (wolfSSL_sk_X509_push(sk, x509) != SSL_SUCCESS) { WOLFSSL_MSG("Unable to load x509 into stack"); wolfSSL_sk_X509_free(sk); + wolfSSL_X509_free(x509); return NULL; } } + +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) + /* add CA used to verify top of chain to the list */ + if (c->count > 0) { + WOLFSSL_X509* x509 = wolfSSL_get_chain_X509(c, c->count - 1); + if (x509 != NULL) { + WOLFSSL_X509* issuer = NULL; + if (wolfSSL_X509_STORE_CTX_get1_issuer(&issuer, ctx, x509) + == WOLFSSL_SUCCESS) { + /* check that the certificate being looked up is not self + * signed and that a issuer was found */ + if (issuer != NULL && wolfSSL_X509_NAME_cmp(&x509->issuer, + &x509->subject) != 0) { + if (wolfSSL_sk_X509_push(sk, issuer) != SSL_SUCCESS) { + WOLFSSL_MSG("Unable to load CA x509 into stack"); + wolfSSL_sk_X509_free(sk); + wolfSSL_X509_free(issuer); + return NULL; + } + } + else { + WOLFSSL_MSG("Certificate is self signed"); + } + } + else { + WOLFSSL_MSG("Could not find CA for certificate"); + } + } + } +#endif + } #endif /* SESSION_CERTS */ @@ -17917,7 +17950,7 @@ WOLFSSL_X509_STORE* wolfSSL_X509_STORE_new(void) if((store = (WOLFSSL_X509_STORE*)XMALLOC(sizeof(WOLFSSL_X509_STORE), NULL, DYNAMIC_TYPE_X509_STORE)) == NULL) goto err_exit; - + if((store->cm = wolfSSL_CertManagerNew()) == NULL) goto err_exit; @@ -17925,11 +17958,11 @@ WOLFSSL_X509_STORE* wolfSSL_X509_STORE_new(void) #ifdef HAVE_CRL store->crl = NULL; - if((store->crl = (WOLFSSL_X509_CRL *)XMALLOC(sizeof(WOLFSSL_X509_CRL), + if((store->crl = (WOLFSSL_X509_CRL *)XMALLOC(sizeof(WOLFSSL_X509_CRL), NULL, DYNAMIC_TYPE_TMP_BUFFER)) == NULL) goto err_exit; if(InitCRL(store->crl, NULL) < 0) - goto err_exit; + goto err_exit; #endif return store; @@ -18086,7 +18119,7 @@ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx) } #endif /* NO_CERTS */ -#if !defined(NO_FILESYSTEM) +#if !defined(NO_FILESYSTEM) static void *wolfSSL_d2i_X509_fp_ex(XFILE file, void **x509, int type) { void *newx509 = NULL; @@ -18114,7 +18147,7 @@ static void *wolfSSL_d2i_X509_fp_ex(XFILE file, void **x509, int type) { WOLFSSL_MSG("File read failed"); goto err_exit; - } + } if(type == CERT_TYPE) newx509 = (void *)wolfSSL_X509_d2i(NULL, fileBuffer, (int)sz); #ifdef HAVE_CRL @@ -18206,7 +18239,7 @@ WOLFSSL_X509_CRL* wolfSSL_d2i_X509_CRL(WOLFSSL_X509_CRL** crl, const unsigned ch WOLFSSL_MSG("Init tmp CRL failed"); goto err_exit; } - ret = BufferLoadCRL(newcrl, in, len, WOLFSSL_FILETYPE_ASN1, 1); + ret = BufferLoadCRL(newcrl, in, len, WOLFSSL_FILETYPE_ASN1, 1); if (ret != WOLFSSL_SUCCESS){ WOLFSSL_MSG("Buffer Load CRL failed"); goto err_exit; @@ -18218,7 +18251,7 @@ WOLFSSL_X509_CRL* wolfSSL_d2i_X509_CRL(WOLFSSL_X509_CRL** crl, const unsigned ch err_exit: if(newcrl != NULL) - wolfSSL_X509_CRL_free(newcrl); + wolfSSL_X509_CRL_free(newcrl); newcrl = NULL; _exit: return newcrl; @@ -19385,19 +19418,9 @@ int wolfSSL_PEM_def_callback(char* name, int num, int w, void* key) } #endif -long wolfSSL_set_options(WOLFSSL* ssl, long op) +static long wolf_set_options(long old_op, long op) { - word16 haveRSA = 1; - word16 havePSK = 0; - int keySz = 0; - - WOLFSSL_ENTER("wolfSSL_set_options"); - - if (ssl == NULL) { - return 0; - } - - /* if SSL_OP_ALL then turn all bug workarounds one */ + /* if SSL_OP_ALL then turn all bug workarounds on */ if ((op & SSL_OP_ALL) == SSL_OP_ALL) { WOLFSSL_MSG("\tSSL_OP_ALL"); @@ -19414,64 +19437,97 @@ long wolfSSL_set_options(WOLFSSL* ssl, long op) op |= SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS; } - ssl->options.mask |= op; - /* by default cookie exchange is on with DTLS */ - if ((ssl->options.mask & SSL_OP_COOKIE_EXCHANGE) == SSL_OP_COOKIE_EXCHANGE) { + if ((op & SSL_OP_COOKIE_EXCHANGE) == SSL_OP_COOKIE_EXCHANGE) { WOLFSSL_MSG("\tSSL_OP_COOKIE_EXCHANGE : on by default"); } - if ((ssl->options.mask & WOLFSSL_OP_NO_SSLv2) == WOLFSSL_OP_NO_SSLv2) { + if ((op & WOLFSSL_OP_NO_SSLv2) == WOLFSSL_OP_NO_SSLv2) { WOLFSSL_MSG("\tWOLFSSL_OP_NO_SSLv2 : wolfSSL does not support SSLv2"); } - if ((ssl->options.mask & SSL_OP_NO_TLSv1_3) == SSL_OP_NO_TLSv1_3) { + if ((op & SSL_OP_NO_TLSv1_3) == SSL_OP_NO_TLSv1_3) { WOLFSSL_MSG("\tSSL_OP_NO_TLSv1_3"); - if (ssl->version.minor == TLSv1_3_MINOR) - ssl->version.minor = TLSv1_2_MINOR; } - if ((ssl->options.mask & SSL_OP_NO_TLSv1_2) == SSL_OP_NO_TLSv1_2) { + if ((op & SSL_OP_NO_TLSv1_2) == SSL_OP_NO_TLSv1_2) { WOLFSSL_MSG("\tSSL_OP_NO_TLSv1_2"); - if (ssl->version.minor == TLSv1_2_MINOR) - ssl->version.minor = TLSv1_1_MINOR; } - if ((ssl->options.mask & SSL_OP_NO_TLSv1_1) == SSL_OP_NO_TLSv1_1) { + if ((op & SSL_OP_NO_TLSv1_1) == SSL_OP_NO_TLSv1_1) { WOLFSSL_MSG("\tSSL_OP_NO_TLSv1_1"); - if (ssl->version.minor == TLSv1_1_MINOR) - ssl->version.minor = TLSv1_MINOR; } - if ((ssl->options.mask & SSL_OP_NO_TLSv1) == SSL_OP_NO_TLSv1) { + if ((op & SSL_OP_NO_TLSv1) == SSL_OP_NO_TLSv1) { WOLFSSL_MSG("\tSSL_OP_NO_TLSv1"); - if (ssl->version.minor == TLSv1_MINOR) - ssl->version.minor = SSLv3_MINOR; } - if ((ssl->options.mask & SSL_OP_NO_SSLv3) == SSL_OP_NO_SSLv3) { + if ((op & SSL_OP_NO_SSLv3) == SSL_OP_NO_SSLv3) { WOLFSSL_MSG("\tSSL_OP_NO_SSLv3"); } - if ((ssl->options.mask & SSL_OP_NO_COMPRESSION) == SSL_OP_NO_COMPRESSION) { + if ((op & SSL_OP_NO_COMPRESSION) == SSL_OP_NO_COMPRESSION) { #ifdef HAVE_LIBZ WOLFSSL_MSG("SSL_OP_NO_COMPRESSION"); - ssl->options.usingCompression = 0; #else WOLFSSL_MSG("SSL_OP_NO_COMPRESSION: compression not compiled in"); #endif } + return old_op | op; +} + +long wolfSSL_set_options(WOLFSSL* ssl, long op) +{ + word16 haveRSA = 1; + word16 havePSK = 0; + int keySz = 0; + + WOLFSSL_ENTER("wolfSSL_set_options"); + + if (ssl == NULL) { + return 0; + } + + ssl->options.mask = wolf_set_options(ssl->options.mask, op); + + if ((ssl->options.mask & SSL_OP_NO_TLSv1_3) == SSL_OP_NO_TLSv1_3) { + if (ssl->version.minor == TLSv1_3_MINOR) + ssl->version.minor = TLSv1_2_MINOR; + } + + if ((ssl->options.mask & SSL_OP_NO_TLSv1_2) == SSL_OP_NO_TLSv1_2) { + if (ssl->version.minor == TLSv1_2_MINOR) + ssl->version.minor = TLSv1_1_MINOR; + } + + if ((ssl->options.mask & SSL_OP_NO_TLSv1_1) == SSL_OP_NO_TLSv1_1) { + if (ssl->version.minor == TLSv1_1_MINOR) + ssl->version.minor = TLSv1_MINOR; + } + + if ((ssl->options.mask & SSL_OP_NO_TLSv1) == SSL_OP_NO_TLSv1) { + if (ssl->version.minor == TLSv1_MINOR) + ssl->version.minor = SSLv3_MINOR; + } + + if ((ssl->options.mask & SSL_OP_NO_COMPRESSION) == SSL_OP_NO_COMPRESSION) { + #ifdef HAVE_LIBZ + ssl->options.usingCompression = 0; + #endif + } + /* in the case of a version change the cipher suites should be reset */ - #ifndef NO_PSK - havePSK = ssl->options.havePSK; - #endif - #ifdef NO_RSA - haveRSA = 0; - #endif - #ifndef NO_CERTS - keySz = ssl->buffers.keySz; - #endif +#ifndef NO_PSK + havePSK = ssl->options.havePSK; +#endif +#ifdef NO_RSA + haveRSA = 0; +#endif +#ifndef NO_CERTS + keySz = ssl->buffers.keySz; +#endif + InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK, ssl->options.haveDH, ssl->options.haveNTRU, ssl->options.haveECDSAsig, ssl->options.haveECC, @@ -22175,6 +22231,7 @@ int wolfSSL_BN_hex2bn(WOLFSSL_BIGNUM** bn, const char* str) #else byte decoded[1024]; #endif + int weOwn = 0; WOLFSSL_MSG("wolfSSL_BN_hex2bn"); @@ -22191,13 +22248,21 @@ int wolfSSL_BN_hex2bn(WOLFSSL_BIGNUM** bn, const char* str) else if (bn == NULL) ret = decSz; else { - if (*bn == NULL) + if (*bn == NULL) { *bn = wolfSSL_BN_new(); + if (*bn != NULL) { + weOwn = 1; + } + } if (*bn == NULL) WOLFSSL_MSG("BN new failed"); - else if (wolfSSL_BN_bin2bn(decoded, decSz, *bn) == NULL) + else if (wolfSSL_BN_bin2bn(decoded, decSz, *bn) == NULL) { WOLFSSL_MSG("Bad bin2bn error"); + if (weOwn == 1) { + wolfSSL_BN_free(*bn); /* Free new BN */ + } + } else ret = WOLFSSL_SUCCESS; } @@ -27668,6 +27733,7 @@ WOLFSSL_RSA *wolfSSL_d2i_RSAPublicKey(WOLFSSL_RSA **r, const unsigned char **pp, WOLFSSL_RSA *rsa = NULL; WOLFSSL_ENTER("d2i_RSAPublicKey"); + if(pp == NULL){ WOLFSSL_MSG("Bad argument"); return NULL; @@ -27676,7 +27742,7 @@ WOLFSSL_RSA *wolfSSL_d2i_RSAPublicKey(WOLFSSL_RSA **r, const unsigned char **pp, WOLFSSL_MSG("RSA_new failed"); return NULL; } - + if(wolfSSL_RSA_LoadDer_ex(rsa, *pp, (int)len, WOLFSSL_RSA_LOAD_PUBLIC) != WOLFSSL_SUCCESS){ WOLFSSL_MSG("RSA_LoadDer failed"); @@ -27689,10 +27755,10 @@ WOLFSSL_RSA *wolfSSL_d2i_RSAPublicKey(WOLFSSL_RSA **r, const unsigned char **pp, WOLFSSL_RSA *wolfSSL_d2i_RSAPrivateKey(WOLFSSL_RSA **r, const unsigned char **derBuf, long derSz) { - WOLFSSL_ENTER("d2i_RSAPrivateKey"); - WOLFSSL_RSA *rsa = NULL; + WOLFSSL_ENTER("d2i_RSAPrivateKey"); + if(derBuf == NULL){ WOLFSSL_MSG("Bad argument"); return NULL; @@ -27712,15 +27778,16 @@ WOLFSSL_RSA *wolfSSL_d2i_RSAPrivateKey(WOLFSSL_RSA **r, const unsigned char **de return rsa; } -#if !defined(NO_RSA) && !defined(HAVE_FAST_RSA) +#if !defined(HAVE_FAST_RSA) +#if defined(WOLFSSL_KEY_GEN) int wolfSSL_i2d_RSAPrivateKey(WOLFSSL_RSA *rsa, const unsigned char **pp) { - WOLFSSL_ENTER("i2d_RSAPrivateKey"); - byte* der = NULL; int derMax; int ret; + WOLFSSL_ENTER("i2d_RSAPrivateKey"); + if((rsa == NULL) || (pp == NULL)) { WOLFSSL_MSG("Bad Function Arguments"); return BAD_FUNC_ARG; @@ -27753,6 +27820,7 @@ int wolfSSL_i2d_RSAPrivateKey(WOLFSSL_RSA *rsa, const unsigned char **pp) *pp = der; return ret; /* returns size of der if successful */ } +#endif /* WOLFSSL_KEY_GEN */ int wolfSSL_i2d_RSAPublicKey(WOLFSSL_RSA *rsa, const unsigned char **pp) @@ -28786,7 +28854,7 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) int derSz; long i = 0, l; WOLFSSL_X509_CRL* newcrl; - + WOLFSSL_ENTER("wolfSSL_PEM_read_X509_CRL"); if (fp == NULL) { @@ -29571,7 +29639,7 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) } #endif /* ! NO_SHA256 */ -#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_SHA512) +#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_SHA512) /* One shot SHA384 hash of message. * * d message to hash @@ -29619,7 +29687,7 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) #endif /* defined(WOLFSSL_SHA384) && defined(WOLFSSL_SHA512) */ -#if defined(WOLFSSL_SHA512) +#if defined(WOLFSSL_SHA512) /* One shot SHA512 hash of message. * * d message to hash @@ -30920,7 +30988,7 @@ int wolfSSL_get_state(const WOLFSSL* ssl) #if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) VerifyCallback wolfSSL_get_verify_callback(WOLFSSL* ssl) { - WOLFSSL_ENTER("wolfSSL_get_verify_callback"); + WOLFSSL_ENTER("wolfSSL_get_verify_callback()"); if(ssl) { return ssl->verifyCallback; } @@ -30933,6 +31001,8 @@ int wolfSSL_BIO_new_bio_pair(WOLFSSL_BIO **bio1_p, size_t writebuf1, WOLFSSL_BIO *bio1 = NULL, *bio2 = NULL; int ret = 1; + WOLFSSL_ENTER("wolfSSL_BIO_new_bio_pair()"); + if (bio1_p == NULL || bio2_p == NULL) { WOLFSSL_MSG("Bad Function Argument"); return BAD_FUNC_ARG; @@ -31029,14 +31099,14 @@ int wolfSSL_CTX_use_certificate_ASN1(WOLFSSL_CTX *ctx, int derSz, const unsigned #if !defined(NO_RSA) && !defined(HAVE_FAST_RSA) int wolfSSL_CTX_use_RSAPrivateKey(WOLFSSL_CTX* ctx, WOLFSSL_RSA* rsa) { - WOLFSSL_ENTER("wolfSSL_CTX_use_RSAPrivateKey"); - int ret; int derSize; const unsigned char* derBuf = NULL; WOLFSSL_EVP_PKEY* pkey = NULL; WOLFSSL_BIO* bio = NULL; + WOLFSSL_ENTER("wolfSSL_CTX_use_RSAPrivateKey"); + if (ctx == NULL || rsa == NULL) { WOLFSSL_MSG("one or more inputs were NULL"); return BAD_FUNC_ARG; @@ -31087,12 +31157,14 @@ int wolfSSL_CTX_use_RSAPrivateKey(WOLFSSL_CTX* ctx, WOLFSSL_RSA* rsa) WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_bio(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY** out) { const unsigned char* mem; - long memSz; + const unsigned char* memptr; + int memSz; WOLFSSL_EVP_PKEY* key = NULL; int type; int algoID = 0; WOLFSSL_ENTER("wolfSSL_d2i_PrivateKey_bio()"); + if (bio == NULL) { return NULL; } @@ -31108,9 +31180,9 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_bio(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* WOLFSSL_MSG("Malloc failure"); return NULL; } - const unsigned char* memptr = mem; + memptr = mem; - if (wolfSSL_BIO_read(bio, (unsigned char*)mem, (int)memSz) == memSz) { + if (wolfSSL_BIO_read(bio, (unsigned char*)mem, memSz) == memSz) { /* Determines key type */ if ((wc_GetKeyOID((unsigned char*)mem, memSz, NULL, NULL, &algoID, NULL)) < 0) { XFREE((unsigned char*)memptr, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); @@ -31139,8 +31211,8 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_bio(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* /* stunnel compatibility functions*/ -#if (defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX)))\ - || (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)) +#if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) \ + || defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY))) void wolfSSL_ERR_remove_thread_state(void* pid) { (void) pid; @@ -31283,6 +31355,7 @@ unsigned long wolfSSL_ERR_peek_last_error(void) #endif } #endif + #ifndef NO_WOLFSSL_STUB int wolfSSL_FIPS_mode(void) { @@ -31329,11 +31402,6 @@ int wolfSSL_CIPHER_get_bits(const WOLFSSL_CIPHER *c, int *alg_bits) } return ret; } -#endif /* #if defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX)) */ - - -/* stunnel compatibility functions*/ -#if defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX)) int wolfSSL_sk_X509_NAME_num(const WOLF_STACK_OF(WOLFSSL_X509_NAME) *s) { @@ -31549,7 +31617,8 @@ WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_STORE_get1_certs(WOLFSSL_X509_STORE_CT } #endif -#endif /* OPENSSL_EXTRA and HAVE_STUNNEL */ +#endif /* OPENSSL_ALL || (OPENSSL_EXTRA && (HAVE_STUNNEL || WOLFSSL_NGINX || HAVE_LIGHTY)) */ + #if defined(OPENSSL_ALL) || \ (defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || \ @@ -32052,7 +32121,7 @@ void wolfSSL_OPENSSL_config(char *config_name) #endif #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \ - || defined(OPENSSL_EXTRA) + || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) int wolfSSL_X509_get_ex_new_index(int idx, void *arg, void *a, void *b, void *c) { static int x509_idx = 0; @@ -32454,7 +32523,8 @@ int wolfSSL_CTX_set_tlsext_ticket_key_cb(WOLFSSL_CTX *ctx, int (*cb)( } #endif /* HAVE_SESSION_TICKET */ -#endif /* WOLFSSL_NGINX || WOLFSSL_HAPROXY || OPENSSL_EXTRA */ +#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || + OPENSSL_EXTRA || HAVE_LIGHTY */ #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) #ifdef HAVE_OCSP @@ -32480,9 +32550,11 @@ int wolfSSL_set_ocsp_url(WOLFSSL* ssl, char* url) ssl->url = url; return WOLFSSL_SUCCESS; } -#endif /* WOLFSSL_NGINX || WOLFSSL_HAPROXY */ +#endif /* OCSP */ +#endif /* OPENSSL_ALL / WOLFSSL_NGINX / WOLFSSL_HAPROXY */ -#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \ + defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) int wolfSSL_CTX_get_extra_chain_certs(WOLFSSL_CTX* ctx, WOLF_STACK_OF(X509)** chain) { word32 idx; @@ -32718,8 +32790,9 @@ char* wolfSSL_sk_WOLFSSL_STRING_value(WOLF_STACK_OF(WOLFSSL_STRING)* strings, return NULL; return strings->data.string; } -#endif /* HAVE_OCSP */ +#endif /* WOLFSSL_NGINX || WOLFSSL_HAPROXY || OPENSSL_EXTRA || OPENSSL_ALL */ +#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) #ifdef HAVE_ALPN void wolfSSL_get0_alpn_selected(const WOLFSSL *ssl, const unsigned char **data, unsigned int *len) @@ -33001,7 +33074,7 @@ static int check_esc_char(char c, char *esc) return 0; } -int wolfSSL_ASN1_STRING_print_ex(WOLFSSL_BIO *out, WOLFSSL_ASN1_STRING *str, +int wolfSSL_ASN1_STRING_print_ex(WOLFSSL_BIO *out, WOLFSSL_ASN1_STRING *str, unsigned long flags) { size_t str_len = 0, type_len = 0; @@ -33034,7 +33107,7 @@ int wolfSSL_ASN1_STRING_print_ex(WOLFSSL_BIO *out, WOLFSSL_ASN1_STRING *str, 'E', 'F' }; char hex_tmp[4]; char *str_ptr, *str_end; - + if (type_len > 0){ if (wolfSSL_BIO_write(out, typebuf, (int)type_len) != (int)type_len){ XFREE(typebuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -33059,7 +33132,7 @@ int wolfSSL_ASN1_STRING_print_ex(WOLFSSL_BIO *out, WOLFSSL_ASN1_STRING *str, } str_ptr = str->data; - str_end = str->data + str->length; + str_end = str->data + str->length; while (str_ptr < str_end){ hex_tmp[0] = hex_char[*str_ptr >> 4]; hex_tmp[1] = hex_char[*str_ptr & 0xf]; @@ -33085,17 +33158,17 @@ int wolfSSL_ASN1_STRING_print_ex(WOLFSSL_BIO *out, WOLFSSL_ASN1_STRING *str, if (flags & ASN1_STRFLGS_ESC_2253){ char esc_ch[] = "+;<>\\"; - char* esc_ptr = NULL; + char* esc_ptr = NULL; esc_ptr = str->data; while (*esc_ptr != 0){ if (check_esc_char(*esc_ptr, esc_ch)){ if (wolfSSL_BIO_write(out,"\\", 1) != 1) - goto err_exit; + goto err_exit; str_len++; } if (wolfSSL_BIO_write(out, esc_ptr, 1) != 1) - goto err_exit; + goto err_exit; str_len++; esc_ptr++; } @@ -33137,14 +33210,14 @@ WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_to_generalizedtime(WOLFSSL_ASN1_TIME *t, return NULL; } if (out == NULL || *out == NULL){ - ret = (WOLFSSL_ASN1_TIME*)XMALLOC(sizeof(WOLFSSL_ASN1_TIME), NULL, + ret = (WOLFSSL_ASN1_TIME*)XMALLOC(sizeof(WOLFSSL_ASN1_TIME), NULL, DYNAMIC_TYPE_TMP_BUFFER); if (ret == NULL){ WOLFSSL_MSG("memory alloc failed."); return NULL; } XMEMSET(ret, 0, sizeof(WOLFSSL_ASN1_TIME)); - } else + } else ret = *out; if (time_type == ASN_GENERALIZED_TIME){ @@ -33154,14 +33227,14 @@ WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_to_generalizedtime(WOLFSSL_ASN1_TIME *t, ret->data[0] = ASN_GENERALIZED_TIME; ret->data[1] = ASN_GENERALIZED_TIME_SIZE; data_ptr = ret->data + 2; - if (t->data[2] >= '5') + if (t->data[2] >= '5') XSNPRINTF((char*)data_ptr, ASN_UTC_TIME_SIZE + 2, "19%s", t->data + 2); else XSNPRINTF((char*)data_ptr, ASN_UTC_TIME_SIZE + 2, "20%s", t->data + 2); return ret; - } - + } + WOLFSSL_MSG("Invalid ASN_TIME value"); return NULL; } @@ -33236,7 +33309,7 @@ int wolfSSL_i2c_ASN1_INTEGER(WOLFSSL_ASN1_INTEGER *a, unsigned char **pp) pptr += a->intData[1] - 1; while (!a->intData[str_len + 2] && str_len > 1){ *(pptr--) = 0; - str_len--; + str_len--; } /* 2's complement next octet */ *(pptr--) = ((a->intData[str_len + 1]) ^ 0xff) + 1; diff --git a/src/tls.c b/src/tls.c index 5f5bcc26a..7fb4e5ca2 100644 --- a/src/tls.c +++ b/src/tls.c @@ -5211,7 +5211,7 @@ static int TLSX_SupportedVersions_Write(void* data, byte* output, #endif *(output++) = pv.major; - *(output++) = pv.minor - i; + *(output++) = (byte)(pv.minor - i); } *pSz += (word16)(OPAQUE8_LEN + cnt * OPAQUE16_LEN); @@ -6225,10 +6225,10 @@ static word16 TLSX_KeyShare_Write(KeyShareEntry* list, byte* output, c16toa(current->group, &output[i]); i += KE_GROUP_LEN; - c16toa(current->pubKeyLen, &output[i]); + c16toa((word16)(current->pubKeyLen), &output[i]); i += OPAQUE16_LEN; XMEMCPY(&output[i], current->pubKey, current->pubKeyLen); - i += current->pubKeyLen; + i += (word16)current->pubKeyLen; } /* Write the length of the list if required. */ if (isRequest) @@ -6766,7 +6766,7 @@ static int TLSX_KeyShare_New(KeyShareEntry** list, int group, void *heap, return MEMORY_E; XMEMSET(kse, 0, sizeof(*kse)); - kse->group = group; + kse->group = (word16)group; /* Add it to the back and maintain the links. */ while (*list != NULL) diff --git a/src/tls13.c b/src/tls13.c index 77e85f2ab..264274df7 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -231,10 +231,10 @@ static int HKDF_Expand_Label(byte* okm, word32 okmLen, byte data[MAX_HKDF_LABEL_SZ]; /* Output length. */ - data[idx++] = okmLen >> 8; - data[idx++] = okmLen; + data[idx++] = (byte)(okmLen >> 8); + data[idx++] = (byte)okmLen; /* Length of protocol | label. */ - data[idx++] = protocolLen + labelLen; + data[idx++] = (byte)(protocolLen + labelLen); /* Protocol */ XMEMCPY(&data[idx], protocol, protocolLen); idx += protocolLen; @@ -242,7 +242,7 @@ static int HKDF_Expand_Label(byte* okm, word32 okmLen, XMEMCPY(&data[idx], label, labelLen); idx += labelLen; /* Length of hash of messages */ - data[idx++] = infoLen; + data[idx++] = (byte)infoLen; /* Hash of messages */ XMEMCPY(&data[idx], info, infoLen); idx += infoLen; @@ -2115,7 +2115,7 @@ int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input, case BUILD_MSG_ENCRYPT: { /* The real record content type goes at the end of the data. */ - output[args->idx++] = type; + output[args->idx++] = (byte)type; #ifdef ATOMIC_USER if (ssl->ctx->MacEncryptCb) { @@ -4410,7 +4410,7 @@ static int SendTls13CertificateRequest(WOLFSSL* ssl, byte* reqCtx, ext->resp = 0; i = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; - reqSz = OPAQUE8_LEN + reqCtxLen; + reqSz = (word16)(OPAQUE8_LEN + reqCtxLen); ret = TLSX_GetRequestSize(ssl, certificate_request, &reqSz); if (ret != 0) return ret; @@ -4431,7 +4431,7 @@ static int SendTls13CertificateRequest(WOLFSSL* ssl, byte* reqCtx, AddTls13Headers(output, reqSz, certificate_request, ssl); /* Certificate request context. */ - output[i++] = reqCtxLen; + output[i++] = (byte)reqCtxLen; if (reqCtxLen != 0) { XMEMCPY(output + i, reqCtx, reqCtxLen); i += reqCtxLen; @@ -4625,7 +4625,7 @@ static int CreateSigData(WOLFSSL* ssl, byte* sigData, word16* sigDataSz, if (ret < 0) return ret; - *sigDataSz = idx + ret; + *sigDataSz = (word16)(idx + ret); ret = 0; return ret; @@ -5257,7 +5257,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl) args->sigDataSz, ssl->suites->hashAlgo); if (ret < 0) goto exit_scv; - args->sigDataSz = ret; + args->sigDataSz = (word16)ret; ret = 0; } #endif /* HAVE_ECC */ @@ -5290,7 +5290,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl) NULL, NULL #endif ); - args->length = sig->length; + args->length = (word16)sig->length; } #endif /* HAVE_ECC */ #ifdef HAVE_ED25519 @@ -5322,7 +5322,7 @@ static int SendTls13CertificateVerify(WOLFSSL* ssl) NULL #endif ); - args->length = args->sigLen; + args->length = (word16)args->sigLen; } #endif /* !NO_RSA */ @@ -5649,7 +5649,7 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input, args->sigDataSz, args->hashAlgo); if (ret < 0) goto exit_dcv; - args->sigDataSz = ret; + args->sigDataSz = (word16)ret; ret = 0; } #endif @@ -7887,8 +7887,8 @@ int wolfSSL_CTX_set_groups(WOLFSSL_CTX* ctx, int* groups, int count) return BAD_FUNC_ARG; for (i = 0; i < count; i++) - ctx->group[i] = groups[i]; - ctx->numGroups = count; + ctx->group[i] = (word16)groups[i]; + ctx->numGroups = (byte)count; return WOLFSSL_SUCCESS; } @@ -7911,8 +7911,8 @@ int wolfSSL_set_groups(WOLFSSL* ssl, int* groups, int count) return BAD_FUNC_ARG; for (i = 0; i < count; i++) - ssl->group[i] = groups[i]; - ssl->numGroups = count; + ssl->group[i] = (word16)groups[i]; + ssl->numGroups = (byte)count; return WOLFSSL_SUCCESS; } diff --git a/tests/api.c b/tests/api.c index 7524161c0..92d249424 100644 --- a/tests/api.c +++ b/tests/api.c @@ -3286,7 +3286,7 @@ static void test_wolfSSL_mcast(void) | Wolfcrypt *----------------------------------------------------------------------------*/ -/* +/* * Unit test for the wc_InitBlake2b() */ static int test_wc_InitBlake2b (void) @@ -7632,7 +7632,7 @@ static int test_wc_Des3_SetKey (void) return ret; } /* END test_wc_Des3_SetKey */ - + /* * Test function for wc_Des3_CbcEncrypt and wc_Des3_CbcDecrypt @@ -7879,7 +7879,7 @@ static int test_wc_Chacha_SetKey (void) static int test_wc_Poly1305SetKey(void) { int ret = 0; - + #ifdef HAVE_POLY1305 Poly1305 ctx; const byte key[] = @@ -7891,8 +7891,8 @@ static int test_wc_Poly1305SetKey(void) }; printf(testingFmt, "wc_Poly1305_SetKey()"); - - ret = wc_Poly1305SetKey(&ctx, key, (word32)(sizeof(key)/sizeof(byte))); + + ret = wc_Poly1305SetKey(&ctx, key, (word32)(sizeof(key)/sizeof(byte))); /* Test bad args. */ if (ret == 0) { ret = wc_Poly1305SetKey(NULL, key, (word32)(sizeof(key)/sizeof(byte))); @@ -7910,7 +7910,7 @@ static int test_wc_Poly1305SetKey(void) } printf(resultFmt, ret == 0 ? passed : failed); - + #endif return ret; } /* END test_wc_Poly1305_SetKey() */ @@ -10135,7 +10135,7 @@ static int test_wc_RsaKeyToDer (void) * Testing wc_RsaKeyToPublicDer() */ static int test_wc_RsaKeyToPublicDer (void) -{ +{ int ret = 0; #if !defined(NO_RSA) && !defined(HAVE_FAST_RSA) && defined(WOLFSSL_KEY_GEN) &&\ (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) @@ -14208,6 +14208,25 @@ static int test_wc_ecc_is_valid_idx (void) } /* END test_wc_ecc_is_valid_idx */ +/* + * Testing wc_PKCS7_New() + */ +static void test_wc_PKCS7_New (void) +{ +#if defined(HAVE_PKCS7) + PKCS7* pkcs7; + void* heap = NULL; + + printf(testingFmt, "wc_PKCS7_New()"); + + pkcs7 = wc_PKCS7_New(heap, devId); + AssertNotNull(pkcs7); + + printf(resultFmt, passed); + wc_PKCS7_Free(pkcs7); +#endif +} /* END test-wc_PKCS7_New */ + /* * Testing wc_PKCS7_Init() */ @@ -14282,6 +14301,7 @@ static void test_wc_PKCS7_InitWithCert (void) #endif printf(testingFmt, "wc_PKCS7_InitWithCert()"); /* If initialization is not successful, it's free'd in init func. */ + pkcs7.isDynamic = 0; AssertIntEQ(wc_PKCS7_InitWithCert(&pkcs7, (byte*)cert, (word32)certSz), 0); wc_PKCS7_Free(&pkcs7); @@ -14379,6 +14399,8 @@ static void test_wc_PKCS7_EncodeData (void) XMEMSET(output, 0, sizeof(output)); + AssertIntEQ(wc_PKCS7_Init(&pkcs7, HEAP_HINT, INVALID_DEVID), 0); + AssertIntEQ(wc_PKCS7_InitWithCert(&pkcs7, (byte*)cert, certSz), 0); printf(testingFmt, "wc_PKCS7_EncodeData()"); @@ -14484,6 +14506,8 @@ static void test_wc_PKCS7_EncodeSignedData (void) XMEMSET(output, 0, outputSz); AssertIntEQ(wc_InitRng(&rng), 0); + AssertIntEQ(wc_PKCS7_Init(&pkcs7, HEAP_HINT, INVALID_DEVID), 0); + AssertIntEQ(wc_PKCS7_InitWithCert(&pkcs7, cert, certSz), 0); printf(testingFmt, "wc_PKCS7_EncodeSignedData()"); @@ -14495,7 +14519,6 @@ static void test_wc_PKCS7_EncodeSignedData (void) pkcs7.encryptOID = RSAk; pkcs7.hashOID = SHAh; pkcs7.rng = &rng; - pkcs7.devId = INVALID_DEVID; AssertIntGT(wc_PKCS7_EncodeSignedData(&pkcs7, output, outputSz), 0); @@ -14599,6 +14622,8 @@ static void test_wc_PKCS7_VerifySignedData(void) XMEMSET(output, 0, outputSz); AssertIntEQ(wc_InitRng(&rng), 0); + AssertIntEQ(wc_PKCS7_Init(&pkcs7, HEAP_HINT, INVALID_DEVID), 0); + AssertIntEQ(wc_PKCS7_InitWithCert(&pkcs7, cert, certSz), 0); printf(testingFmt, "wc_PKCS7_VerifySignedData()"); @@ -15061,43 +15086,43 @@ static void test_wc_PKCS7_EncodeEncryptedData (void) /* Testing wc_SignatureGetSize() for signature type ECC */ static int test_wc_SignatureGetSize_ecc(void) -{ - int ret = 0; +{ + int ret = 0; #if defined(HAVE_ECC) && !defined(NO_ECC256) enum wc_SignatureType sig_type; word32 key_len; /* Initialize ECC Key */ - ecc_key ecc; + ecc_key ecc; const char* qx = "fa2737fb93488d19caef11ae7faf6b7f4bcd67b286e3fc54e8a65c2b74aeccb0"; - const char* qy = + const char* qy = "d4ccd6dae698208aa8c3a6f39e45510d03be09b2f124bfc067856c324f9b4d09"; - const char* d = + const char* d = "be34baa8d040a3b991f9075b56ba292f755b90e4b6dc10dad36715c33cfdac25"; - + ret = wc_ecc_init(&ecc); if (ret == 0) { ret = wc_ecc_import_raw(&ecc, qx, qy, d, "SECP256R1"); } printf(testingFmt, "wc_SigntureGetSize_ecc()"); - if (ret == 0) { + if (ret == 0) { /* Input for signature type ECC */ sig_type = WC_SIGNATURE_TYPE_ECC; key_len = sizeof(ecc_key); ret = wc_SignatureGetSize(sig_type, &ecc, key_len); - - /* Test bad args */ + + /* Test bad args */ if (ret > 0) { sig_type = (enum wc_SignatureType) 100; ret = wc_SignatureGetSize(sig_type, &ecc, key_len); if (ret == BAD_FUNC_ARG) { sig_type = WC_SIGNATURE_TYPE_ECC; ret = wc_SignatureGetSize(sig_type, NULL, key_len); - } + } if (ret >= 0) { key_len = (word32) 0; - ret = wc_SignatureGetSize(sig_type, &ecc, key_len); + ret = wc_SignatureGetSize(sig_type, &ecc, key_len); } if (ret == BAD_FUNC_ARG) { ret = SIG_TYPE_E; @@ -15125,7 +15150,7 @@ static int test_wc_SignatureGetSize_ecc(void) /* Testing wc_SignatureGetSize() for signature type rsa */ static int test_wc_SignatureGetSize_rsa(void) { - int ret = 0; + int ret = 0; #ifndef NO_RSA enum wc_SignatureType sig_type; word32 key_len; @@ -15135,7 +15160,7 @@ static int test_wc_SignatureGetSize_rsa(void) RsaKey rsa_key; byte* tmp = NULL; size_t bytes; - + #ifdef USE_CERT_BUFFERS_1024 bytes = (size_t)sizeof_client_key_der_1024; if (bytes < (size_t)sizeof_client_key_der_1024) @@ -15151,10 +15176,10 @@ static int test_wc_SignatureGetSize_rsa(void) tmp = (byte*)XMALLOC(bytes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); if (tmp != NULL) { #ifdef USE_CERT_BUFFERS_1024 - XMEMCPY(tmp, client_key_der_1024, + XMEMCPY(tmp, client_key_der_1024, (size_t)sizeof_client_key_der_1024); #elif defined(USE_CERT_BUFFERS_2048) - XMEMCPY(tmp, client_key_der_2048, + XMEMCPY(tmp, client_key_der_2048, (size_t)sizeof_client_key_der_2048); #elif !defined(NO_FILESYSTEM) file = fopen(clientKey, "rb"); @@ -15171,7 +15196,7 @@ static int test_wc_SignatureGetSize_rsa(void) if (ret == 0) { ret = wc_InitRsaKey_ex(&rsa_key, HEAP_HINT, devId); if (ret == 0) { - ret = wc_RsaPrivateKeyDecode(tmp, &idx, &rsa_key, + ret = wc_RsaPrivateKeyDecode(tmp, &idx, &rsa_key, (word32)bytes); } } @@ -15185,7 +15210,7 @@ static int test_wc_SignatureGetSize_rsa(void) sig_type = WC_SIGNATURE_TYPE_RSA; key_len = sizeof(RsaKey); ret = wc_SignatureGetSize(sig_type, &rsa_key, key_len); - + /* Test bad args */ if (ret > 0) { sig_type = (enum wc_SignatureType) 100; @@ -15196,7 +15221,7 @@ static int test_wc_SignatureGetSize_rsa(void) } #ifndef HAVE_USER_RSA if (ret == BAD_FUNC_ARG) { - #else + #else if (ret == 0) { #endif key_len = (word32)0; @@ -15214,21 +15239,21 @@ static int test_wc_SignatureGetSize_rsa(void) #else ret = SIG_TYPE_E; #endif - + if (ret == SIG_TYPE_E) { ret = 0; }else { ret = WOLFSSL_FATAL_ERROR; } - + printf(resultFmt, ret == 0 ? passed : failed); return ret; }/* END test_wc_SignatureGetSize_rsa(void) */ - + /*----------------------------------------------------------------------------* | hash.h Tests *----------------------------------------------------------------------------*/ - + static int test_wc_HashInit(void) { int ret = 0, i; /* 0 indicates tests passed, 1 indicates failure */ @@ -15627,7 +15652,7 @@ static void test_wolfSSL_ASN1_GENERALIZEDTIME_free(){ XMEMSET(nullstr, 0, 32); asn1_gtime = (WOLFSSL_ASN1_GENERALIZEDTIME*)XMALLOC( - sizeof(WOLFSSL_ASN1_GENERALIZEDTIME), NULL, + sizeof(WOLFSSL_ASN1_GENERALIZEDTIME), NULL, DYNAMIC_TYPE_TMP_BUFFER); XMEMCPY(asn1_gtime->data,"20180504123500Z",ASN_GENERALIZED_TIME_SIZE); wolfSSL_ASN1_GENERALIZEDTIME_free(asn1_gtime); @@ -18520,14 +18545,14 @@ static void test_wolfSSL_SHA(void) "\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00" "\x15\xAD"; unsigned char out[WC_SHA256_DIGEST_SIZE]; - + XMEMSET(out, 0, WC_SHA256_DIGEST_SIZE); AssertNotNull(SHA256(in, XSTRLEN((char*)in), out)); AssertIntEQ(XMEMCMP(out, expected, WC_SHA256_DIGEST_SIZE), 0); } #endif - #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_SHA512) + #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_SHA512) { const unsigned char in[] = "abc"; unsigned char expected[] = "\xcb\x00\x75\x3f\x45\xa3\x5e\x8b\xb5\xa0\x3d\x69\x9a\xc6\x50" @@ -18736,9 +18761,9 @@ static void test_wolfSSL_ASN1_STRING_print_ex(void){ unsigned long flags; int p_len; unsigned char rbuf[255]; - + printf(testingFmt, "wolfSSL_ASN1_STRING_print_ex()"); - + /* setup */ XMEMSET(rbuf, 0, 255); bio = BIO_new(BIO_s_mem()); @@ -19923,7 +19948,7 @@ static void test_wolfSSL_i2c_ASN1_INTEGER() DYNAMIC_TYPE_TMP_BUFFER)); tpp = pp; XMEMSET(pp, 0, ret + 1); - wolfSSL_i2c_ASN1_INTEGER(a, &pp); + wolfSSL_i2c_ASN1_INTEGER(a, &pp); pp--; AssertIntEQ(*pp, 40); XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -19938,7 +19963,7 @@ static void test_wolfSSL_i2c_ASN1_INTEGER() DYNAMIC_TYPE_TMP_BUFFER)); tpp = pp; XMEMSET(pp, 0, ret + 1); - wolfSSL_i2c_ASN1_INTEGER(a, &pp); + wolfSSL_i2c_ASN1_INTEGER(a, &pp); pp--; AssertIntEQ(*(pp--), 128); AssertIntEQ(*pp, 0); @@ -19955,7 +19980,7 @@ static void test_wolfSSL_i2c_ASN1_INTEGER() DYNAMIC_TYPE_TMP_BUFFER)); tpp = pp; XMEMSET(pp, 0, ret + 1); - wolfSSL_i2c_ASN1_INTEGER(a, &pp); + wolfSSL_i2c_ASN1_INTEGER(a, &pp); pp--; AssertIntEQ(*pp, 216); XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -19971,7 +19996,7 @@ static void test_wolfSSL_i2c_ASN1_INTEGER() DYNAMIC_TYPE_TMP_BUFFER)); tpp = pp; XMEMSET(pp, 0, ret + 1); - wolfSSL_i2c_ASN1_INTEGER(a, &pp); + wolfSSL_i2c_ASN1_INTEGER(a, &pp); pp--; AssertIntEQ(*pp, 128); XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -19987,13 +20012,13 @@ static void test_wolfSSL_i2c_ASN1_INTEGER() DYNAMIC_TYPE_TMP_BUFFER)); tpp = pp; XMEMSET(pp, 0, ret + 1); - wolfSSL_i2c_ASN1_INTEGER(a, &pp); + wolfSSL_i2c_ASN1_INTEGER(a, &pp); pp--; AssertIntEQ(*(pp--), 56); AssertIntEQ(*pp, 255); XFREE(tpp, NULL, DYNAMIC_TYPE_TMP_BUFFER); - wolfSSL_ASN1_INTEGER_free(a); + wolfSSL_ASN1_INTEGER_free(a); printf(resultFmt, passed); #endif /* OPENSSL_EXTRA */ @@ -20327,6 +20352,7 @@ void ApiTest(void) AssertIntEQ(test_wc_ecc_mulmod(), 0); AssertIntEQ(test_wc_ecc_is_valid_idx(), 0); + test_wc_PKCS7_New(); test_wc_PKCS7_Init(); test_wc_PKCS7_InitWithCert(); test_wc_PKCS7_EncodeData(); @@ -20334,7 +20360,7 @@ void ApiTest(void) test_wc_PKCS7_VerifySignedData(); test_wc_PKCS7_EncodeDecodeEnvelopedData(); test_wc_PKCS7_EncodeEncryptedData(); - + printf(" End API Tests\n"); } diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index dce8fa3a2..697d3158e 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -4743,11 +4743,11 @@ int wc_GetDateInfo(const byte* certDate, int certDateSz, const byte** date, #ifndef NO_ASN_TIME int wc_GetDateAsCalendarTime(const byte* date, int length, byte format, - struct tm* time) + struct tm* timearg) { int idx = 0; (void)length; - if (!ExtractDate(date, format, time, &idx)) + if (!ExtractDate(date, format, timearg, &idx)) return ASN_TIME_E; return 0; } diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 23072bab1..89fc9992d 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -228,6 +228,22 @@ static int wc_PKCS7_GetOIDKeySize(int oid) } +PKCS7* wc_PKCS7_New(void* heap, int devId) +{ + PKCS7* pkcs7 = (PKCS7*)XMALLOC(sizeof(PKCS7), heap, DYNAMIC_TYPE_PKCS7); + if (pkcs7) { + XMEMSET(pkcs7, 0, sizeof(PKCS7)); + if (wc_PKCS7_Init(pkcs7, heap, devId) == 0) { + pkcs7->isDynamic = 1; + } + else { + XFREE(pkcs7, heap, DYNAMIC_TYPE_PKCS7); + pkcs7 = NULL; + } + } + return pkcs7; +} + /* This is to initialize a PKCS7 structure. It sets all values to 0 and can be * used to set the heap hint. * @@ -246,7 +262,11 @@ int wc_PKCS7_Init(PKCS7* pkcs7, void* heap, int devId) } XMEMSET(pkcs7, 0, sizeof(PKCS7)); +#ifdef WOLFSSL_HEAP_TEST + pkcs7->heap = (void*)WOLFSSL_HEAP_TEST; +#else pkcs7->heap = heap; +#endif pkcs7->devId = devId; return 0; @@ -254,34 +274,32 @@ int wc_PKCS7_Init(PKCS7* pkcs7, void* heap, int devId) /* init PKCS7 struct with recipient cert, decode into DecodedCert - * NOTE: keeps previously set pkcs7 memory heap hint */ + * NOTE: keeps previously set pkcs7 heap hint, devId and isDynamic */ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* cert, word32 certSz) { int ret = 0; void* heap; int devId; + word16 isDynamic; if (pkcs7 == NULL || (cert == NULL && certSz != 0)) { return BAD_FUNC_ARG; } -#ifdef WOLFSSL_HEAP_TEST - heap = (void*)WOLFSSL_HEAP_TEST; -#else heap = pkcs7->heap; -#endif devId = pkcs7->devId; - - XMEMSET(pkcs7, 0, sizeof(PKCS7)); - pkcs7->heap = heap; - pkcs7->devId = devId; + isDynamic = pkcs7->isDynamic; + ret = wc_PKCS7_Init(pkcs7, heap, devId); + if (ret != 0) + return ret; + pkcs7->isDynamic = isDynamic; if (cert != NULL && certSz > 0) { #ifdef WOLFSSL_SMALL_STACK DecodedCert* dCert; - dCert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, - DYNAMIC_TYPE_PKCS7); + dCert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), pkcs7->heap, + DYNAMIC_TYPE_DCERT); if (dCert == NULL) return MEMORY_E; #else @@ -297,7 +315,7 @@ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* cert, word32 certSz) if (ret < 0) { FreeDecodedCert(dCert); #ifdef WOLFSSL_SMALL_STACK - XFREE(dCert, NULL, DYNAMIC_TYPE_PKCS7); + XFREE(dCert, pkcs7->heap, DYNAMIC_TYPE_DCERT); #endif return ret; } @@ -313,7 +331,7 @@ int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* cert, word32 certSz) FreeDecodedCert(dCert); #ifdef WOLFSSL_SMALL_STACK - XFREE(dCert, NULL, DYNAMIC_TYPE_PKCS7); + XFREE(dCert, pkcs7->heap, DYNAMIC_TYPE_DCERT); #endif } @@ -359,6 +377,11 @@ void wc_PKCS7_Free(PKCS7* pkcs7) if (pkcs7->der != NULL) XFREE(pkcs7->der, pkcs7->heap, DYNAMIC_TYPE_PKCS7); #endif + + if (pkcs7->isDynamic) { + pkcs7->isDynamic = 0; + XFREE(pkcs7, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + } } @@ -597,7 +620,8 @@ static int wc_PKCS7_RsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd) } #ifdef WOLFSSL_SMALL_STACK - privKey = (RsaKey*)XMALLOC(sizeof(RsaKey), NULL, DYNAMIC_TYPE_TMP_BUFFER); + privKey = (RsaKey*)XMALLOC(sizeof(RsaKey), pkcs7->heap, + DYNAMIC_TYPE_TMP_BUFFER); if (privKey == NULL) return MEMORY_E; #endif @@ -621,7 +645,7 @@ static int wc_PKCS7_RsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd) wc_FreeRsaKey(privKey); #ifdef WOLFSSL_SMALL_STACK - XFREE(privKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(privKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif return ret; @@ -649,7 +673,8 @@ static int wc_PKCS7_EcdsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd) } #ifdef WOLFSSL_SMALL_STACK - privKey = (ecc_key*)XMALLOC(sizeof(ecc_key), NULL, DYNAMIC_TYPE_TMP_BUFFER); + privKey = (ecc_key*)XMALLOC(sizeof(ecc_key), pkcs7->heap, + DYNAMIC_TYPE_TMP_BUFFER); if (privKey == NULL) return MEMORY_E; #endif @@ -675,7 +700,7 @@ static int wc_PKCS7_EcdsaSign(PKCS7* pkcs7, byte* in, word32 inSz, ESD* esd) wc_ecc_free(privKey); #ifdef WOLFSSL_SMALL_STACK - XFREE(privKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(privKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif return ret; @@ -944,7 +969,8 @@ static int wc_PKCS7_SignedDataBuildSignature(PKCS7* pkcs7, return BAD_FUNC_ARG; #ifdef WOLFSSL_SMALL_STACK - digestInfo = (byte*)XMALLOC(digestInfoSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + digestInfo = (byte*)XMALLOC(digestInfoSz, pkcs7->heap, + DYNAMIC_TYPE_TMP_BUFFER); if (digestInfo == NULL) { return MEMORY_E; } @@ -955,7 +981,7 @@ static int wc_PKCS7_SignedDataBuildSignature(PKCS7* pkcs7, &digestInfoSz); if (ret < 0) { #ifdef WOLFSSL_SMALL_STACK - XFREE(digestInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(digestInfo, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif return ret; } @@ -976,7 +1002,7 @@ static int wc_PKCS7_SignedDataBuildSignature(PKCS7* pkcs7, hashSz = wc_HashGetDigestSize(esd->hashType); if (hashSz < 0) { #ifdef WOLFSSL_SMALL_STACK - XFREE(digestInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(digestInfo, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif return hashSz; } @@ -992,7 +1018,7 @@ static int wc_PKCS7_SignedDataBuildSignature(PKCS7* pkcs7, } #ifdef WOLFSSL_SMALL_STACK - XFREE(digestInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(digestInfo, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif if (ret >= 0) { @@ -1046,7 +1072,7 @@ int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz) } #ifdef WOLFSSL_SMALL_STACK - esd = (ESD*)XMALLOC(sizeof(ESD), NULL, DYNAMIC_TYPE_TMP_BUFFER); + esd = (ESD*)XMALLOC(sizeof(ESD), pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); if (esd == NULL) return MEMORY_E; #endif @@ -1057,7 +1083,7 @@ int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz) ret = wc_HashGetDigestSize(esd->hashType); if (ret < 0) { #ifdef WOLFSSL_SMALL_STACK - XFREE(esd, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(esd, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif return ret; } @@ -1066,7 +1092,7 @@ int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz) ret = wc_HashInit(&esd->hash, esd->hashType); if (ret != 0) { #ifdef WOLFSSL_SMALL_STACK - XFREE(esd, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(esd, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif return ret; } @@ -1077,7 +1103,7 @@ int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz) pkcs7->content, pkcs7->contentSz); if (ret < 0) { #ifdef WOLFSSL_SMALL_STACK - XFREE(esd, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(esd, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif return ret; } @@ -1087,7 +1113,7 @@ int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz) &esd->contentDigest[2]); if (ret < 0) { #ifdef WOLFSSL_SMALL_STACK - XFREE(esd, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(esd, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif return ret; } @@ -1118,7 +1144,7 @@ int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz) &digEncAlgoType); if (ret < 0) { #ifdef WOLFSSL_SMALL_STACK - XFREE(esd, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(esd, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif return ret; } @@ -1135,7 +1161,7 @@ int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz) messageDigestOid, sizeof(messageDigestOid)); if (ret < 0) { #ifdef WOLFSSL_SMALL_STACK - XFREE(esd, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(esd, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif return MEMORY_E; } @@ -1145,7 +1171,7 @@ int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz) flatSignedAttribsSz = esd->signedAttribsSz; if (flatSignedAttribs == NULL) { #ifdef WOLFSSL_SMALL_STACK - XFREE(esd, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(esd, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif return MEMORY_E; } @@ -1163,7 +1189,7 @@ int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz) if (pkcs7->signedAttribsSz != 0) XFREE(flatSignedAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); #ifdef WOLFSSL_SMALL_STACK - XFREE(esd, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(esd, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif return ret; } @@ -1205,7 +1231,7 @@ int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz) if (pkcs7->signedAttribsSz != 0) XFREE(flatSignedAttribs, pkcs7->heap, DYNAMIC_TYPE_PKCS7); #ifdef WOLFSSL_SMALL_STACK - XFREE(esd, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(esd, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif return BUFFER_E; } @@ -1273,7 +1299,7 @@ int wc_PKCS7_EncodeSignedData(PKCS7* pkcs7, byte* output, word32 outputSz) idx += esd->encContentDigestSz; #ifdef WOLFSSL_SMALL_STACK - XFREE(esd, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(esd, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif return idx; @@ -1302,15 +1328,15 @@ static int wc_PKCS7_RsaVerify(PKCS7* pkcs7, byte* sig, int sigSz, } #ifdef WOLFSSL_SMALL_STACK - digest = (byte*)XMALLOC(MAX_PKCS7_DIGEST_SZ, NULL, + digest = (byte*)XMALLOC(MAX_PKCS7_DIGEST_SZ, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); if (digest == NULL) return MEMORY_E; - key = (RsaKey*)XMALLOC(sizeof(RsaKey), NULL, DYNAMIC_TYPE_TMP_BUFFER); + key = (RsaKey*)XMALLOC(sizeof(RsaKey), pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); if (key == NULL) { - XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(digest, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); return MEMORY_E; } #endif @@ -1320,8 +1346,8 @@ static int wc_PKCS7_RsaVerify(PKCS7* pkcs7, byte* sig, int sigSz, ret = wc_InitRsaKey_ex(key, pkcs7->heap, pkcs7->devId); if (ret != 0) { #ifdef WOLFSSL_SMALL_STACK - XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(digest, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(key, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif return ret; } @@ -1331,8 +1357,8 @@ static int wc_PKCS7_RsaVerify(PKCS7* pkcs7, byte* sig, int sigSz, WOLFSSL_MSG("ASN RSA key decode error"); wc_FreeRsaKey(key); #ifdef WOLFSSL_SMALL_STACK - XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(digest, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(key, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif return PUBLIC_KEY_E; } @@ -1346,8 +1372,8 @@ static int wc_PKCS7_RsaVerify(PKCS7* pkcs7, byte* sig, int sigSz, } #ifdef WOLFSSL_SMALL_STACK - XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(digest, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(key, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif return ret; @@ -1378,15 +1404,15 @@ static int wc_PKCS7_EcdsaVerify(PKCS7* pkcs7, byte* sig, int sigSz, return BAD_FUNC_ARG; #ifdef WOLFSSL_SMALL_STACK - digest = (byte*)XMALLOC(MAX_PKCS7_DIGEST_SZ, NULL, + digest = (byte*)XMALLOC(MAX_PKCS7_DIGEST_SZ, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); if (digest == NULL) return MEMORY_E; - key = (ecc_key*)XMALLOC(sizeof(ecc_key), NULL, DYNAMIC_TYPE_TMP_BUFFER); + key = (ecc_key*)XMALLOC(sizeof(ecc_key), pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); if (key == NULL) { - XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(digest, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); return MEMORY_E; } #endif @@ -1396,8 +1422,8 @@ static int wc_PKCS7_EcdsaVerify(PKCS7* pkcs7, byte* sig, int sigSz, ret = wc_ecc_init_ex(key, pkcs7->heap, pkcs7->devId); if (ret != 0) { #ifdef WOLFSSL_SMALL_STACK - XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(digest, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(key, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif return ret; } @@ -1407,8 +1433,8 @@ static int wc_PKCS7_EcdsaVerify(PKCS7* pkcs7, byte* sig, int sigSz, WOLFSSL_MSG("ASN ECDSA key decode error"); wc_ecc_free(key); #ifdef WOLFSSL_SMALL_STACK - XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(digest, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(key, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif return PUBLIC_KEY_E; } @@ -1422,8 +1448,8 @@ static int wc_PKCS7_EcdsaVerify(PKCS7* pkcs7, byte* sig, int sigSz, } #ifdef WOLFSSL_SMALL_STACK - XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(digest, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(key, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif return ret; @@ -1472,7 +1498,8 @@ static int wc_PKCS7_BuildSignedDataDigest(PKCS7* pkcs7, byte* signedAttrib, } #ifdef WOLFSSL_SMALL_STACK - digestInfo = (byte*)XMALLOC(MAX_PKCS7_DIGEST_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER); + digestInfo = (byte*)XMALLOC(MAX_PKCS7_DIGEST_SZ, pkcs7->heap, + DYNAMIC_TYPE_TMP_BUFFER); if (digestInfo == NULL) return MEMORY_E; #endif @@ -1485,7 +1512,7 @@ static int wc_PKCS7_BuildSignedDataDigest(PKCS7* pkcs7, byte* signedAttrib, ret = wc_HashGetDigestSize(hashType); if (ret < 0) { #ifdef WOLFSSL_SMALL_STACK - XFREE(digestInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(digestInfo, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif return ret; } @@ -1495,7 +1522,7 @@ static int wc_PKCS7_BuildSignedDataDigest(PKCS7* pkcs7, byte* signedAttrib, ret = wc_HashInit(&hash, hashType); if (ret < 0) { #ifdef WOLFSSL_SMALL_STACK - XFREE(digestInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(digestInfo, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif return ret; } @@ -1504,7 +1531,7 @@ static int wc_PKCS7_BuildSignedDataDigest(PKCS7* pkcs7, byte* signedAttrib, if (signedAttrib == NULL) { #ifdef WOLFSSL_SMALL_STACK - XFREE(digestInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(digestInfo, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif return BAD_FUNC_ARG; } @@ -1513,7 +1540,7 @@ static int wc_PKCS7_BuildSignedDataDigest(PKCS7* pkcs7, byte* signedAttrib, ret = wc_HashUpdate(&hash, hashType, attribSet, attribSetSz); if (ret < 0) { #ifdef WOLFSSL_SMALL_STACK - XFREE(digestInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(digestInfo, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif return ret; } @@ -1521,7 +1548,7 @@ static int wc_PKCS7_BuildSignedDataDigest(PKCS7* pkcs7, byte* signedAttrib, ret = wc_HashUpdate(&hash, hashType, signedAttrib, signedAttribSz); if (ret < 0) { #ifdef WOLFSSL_SMALL_STACK - XFREE(digestInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(digestInfo, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif return ret; } @@ -1529,7 +1556,7 @@ static int wc_PKCS7_BuildSignedDataDigest(PKCS7* pkcs7, byte* signedAttrib, ret = wc_HashFinal(&hash, hashType, digest); if (ret < 0) { #ifdef WOLFSSL_SMALL_STACK - XFREE(digestInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(digestInfo, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif return ret; } @@ -1538,7 +1565,7 @@ static int wc_PKCS7_BuildSignedDataDigest(PKCS7* pkcs7, byte* signedAttrib, if (pkcs7->content == NULL) { #ifdef WOLFSSL_SMALL_STACK - XFREE(digestInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(digestInfo, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif return BAD_FUNC_ARG; } @@ -1546,7 +1573,7 @@ static int wc_PKCS7_BuildSignedDataDigest(PKCS7* pkcs7, byte* signedAttrib, ret = wc_HashUpdate(&hash, hashType, pkcs7->content, pkcs7->contentSz); if (ret < 0) { #ifdef WOLFSSL_SMALL_STACK - XFREE(digestInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(digestInfo, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif return ret; } @@ -1554,7 +1581,7 @@ static int wc_PKCS7_BuildSignedDataDigest(PKCS7* pkcs7, byte* signedAttrib, ret = wc_HashFinal(&hash, hashType, digest); if (ret < 0) { #ifdef WOLFSSL_SMALL_STACK - XFREE(digestInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(digestInfo, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif return ret; } @@ -1584,7 +1611,7 @@ static int wc_PKCS7_BuildSignedDataDigest(PKCS7* pkcs7, byte* signedAttrib, *plainDigestSz = hashSz; #ifdef WOLFSSL_SMALL_STACK - XFREE(digestInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(digestInfo, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif return 0; } @@ -1617,7 +1644,7 @@ static int wc_PKCS7_SignedDataVerifySignature(PKCS7* pkcs7, byte* sig, return BAD_FUNC_ARG; #ifdef WOLFSSL_SMALL_STACK - pkcs7Digest = (byte*)XMALLOC(MAX_PKCS7_DIGEST_SZ, NULL, + pkcs7Digest = (byte*)XMALLOC(MAX_PKCS7_DIGEST_SZ, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); if (pkcs7Digest == NULL) return MEMORY_E; @@ -1631,7 +1658,7 @@ static int wc_PKCS7_SignedDataVerifySignature(PKCS7* pkcs7, byte* sig, &plainDigestSz); if (ret < 0) { #ifdef WOLFSSL_SMALL_STACK - XFREE(pkcs7Digest, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pkcs7Digest, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif return ret; } @@ -1663,7 +1690,7 @@ static int wc_PKCS7_SignedDataVerifySignature(PKCS7* pkcs7, byte* sig, } #ifdef WOLFSSL_SMALL_STACK - XFREE(pkcs7Digest, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pkcs7Digest, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif return ret; } @@ -2400,8 +2427,8 @@ static int wc_PKCS7_KariGenerateEphemeralKey(WC_PKCS7_KARI* kari, WC_RNG* rng) rng == NULL) return BAD_FUNC_ARG; - kari->senderKeyExport = (byte*)XMALLOC(kari->decoded->pubKeySize, kari->heap, - DYNAMIC_TYPE_PKCS7); + kari->senderKeyExport = (byte*)XMALLOC(kari->decoded->pubKeySize, + kari->heap, DYNAMIC_TYPE_PKCS7); if (kari->senderKeyExport == NULL) return MEMORY_E; @@ -2911,15 +2938,15 @@ static int wc_CreateRecipientInfo(const byte* cert, word32 certSz, RsaKey* pubKey; DecodedCert* decoded; - serial = (byte*)XMALLOC(MAX_SN_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER); - keyAlgArray = (byte*)XMALLOC(MAX_SN_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER); - decoded = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, + serial = (byte*)XMALLOC(MAX_SN_SZ, heap, DYNAMIC_TYPE_TMP_BUFFER); + keyAlgArray = (byte*)XMALLOC(MAX_SN_SZ, heap, DYNAMIC_TYPE_TMP_BUFFER); + decoded = (DecodedCert*)XMALLOC(sizeof(DecodedCert), heap, DYNAMIC_TYPE_TMP_BUFFER); if (decoded == NULL || serial == NULL || keyAlgArray == NULL) { - if (serial) XFREE(serial, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (keyAlgArray) XFREE(keyAlgArray, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (decoded) XFREE(decoded, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (serial) XFREE(serial, heap, DYNAMIC_TYPE_TMP_BUFFER); + if (keyAlgArray) XFREE(keyAlgArray, heap, DYNAMIC_TYPE_TMP_BUFFER); + if (decoded) XFREE(decoded, heap, DYNAMIC_TYPE_TMP_BUFFER); return MEMORY_E; } @@ -2938,9 +2965,9 @@ static int wc_CreateRecipientInfo(const byte* cert, word32 certSz, if (ret < 0) { FreeDecodedCert(decoded); #ifdef WOLFSSL_SMALL_STACK - XFREE(serial, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(keyAlgArray, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(decoded, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(serial, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(keyAlgArray, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(decoded, heap, DYNAMIC_TYPE_TMP_BUFFER); #endif return ret; } @@ -2953,9 +2980,9 @@ static int wc_CreateRecipientInfo(const byte* cert, word32 certSz, WOLFSSL_MSG("DecodedCert lacks raw issuer pointer and length"); FreeDecodedCert(decoded); #ifdef WOLFSSL_SMALL_STACK - XFREE(serial, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(keyAlgArray, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(decoded, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(serial, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(keyAlgArray, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(decoded, heap, DYNAMIC_TYPE_TMP_BUFFER); #endif return -1; } @@ -2966,9 +2993,9 @@ static int wc_CreateRecipientInfo(const byte* cert, word32 certSz, WOLFSSL_MSG("DecodedCert missing serial number"); FreeDecodedCert(decoded); #ifdef WOLFSSL_SMALL_STACK - XFREE(serial, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(keyAlgArray, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(decoded, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(serial, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(keyAlgArray, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(decoded, heap, DYNAMIC_TYPE_TMP_BUFFER); #endif return -1; } @@ -2981,9 +3008,9 @@ static int wc_CreateRecipientInfo(const byte* cert, word32 certSz, if (keyEncAlgo != RSAk) { FreeDecodedCert(decoded); #ifdef WOLFSSL_SMALL_STACK - XFREE(serial, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(keyAlgArray, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(decoded, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(serial, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(keyAlgArray, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(decoded, heap, DYNAMIC_TYPE_TMP_BUFFER); #endif return ALGO_ID_E; } @@ -2992,20 +3019,20 @@ static int wc_CreateRecipientInfo(const byte* cert, word32 certSz, if (keyEncAlgSz == 0) { FreeDecodedCert(decoded); #ifdef WOLFSSL_SMALL_STACK - XFREE(serial, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(keyAlgArray, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(decoded, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(serial, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(keyAlgArray, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(decoded, heap, DYNAMIC_TYPE_TMP_BUFFER); #endif return BAD_FUNC_ARG; } #ifdef WOLFSSL_SMALL_STACK - pubKey = (RsaKey*)XMALLOC(sizeof(RsaKey), NULL, DYNAMIC_TYPE_TMP_BUFFER); + pubKey = (RsaKey*)XMALLOC(sizeof(RsaKey), heap, DYNAMIC_TYPE_TMP_BUFFER); if (pubKey == NULL) { FreeDecodedCert(decoded); - XFREE(serial, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(keyAlgArray, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(decoded, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(serial, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(keyAlgArray, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(decoded, heap, DYNAMIC_TYPE_TMP_BUFFER); return MEMORY_E; } #endif @@ -3015,10 +3042,10 @@ static int wc_CreateRecipientInfo(const byte* cert, word32 certSz, if (ret != 0) { FreeDecodedCert(decoded); #ifdef WOLFSSL_SMALL_STACK - XFREE(pubKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(serial, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(keyAlgArray, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(decoded, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pubKey, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(serial, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(keyAlgArray, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(decoded, heap, DYNAMIC_TYPE_TMP_BUFFER); #endif return ret; } @@ -3029,10 +3056,10 @@ static int wc_CreateRecipientInfo(const byte* cert, word32 certSz, wc_FreeRsaKey(pubKey); FreeDecodedCert(decoded); #ifdef WOLFSSL_SMALL_STACK - XFREE(pubKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(serial, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(keyAlgArray, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(decoded, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pubKey, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(serial, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(keyAlgArray, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(decoded, heap, DYNAMIC_TYPE_TMP_BUFFER); #endif return PUBLIC_KEY_E; } @@ -3042,16 +3069,16 @@ static int wc_CreateRecipientInfo(const byte* cert, word32 certSz, wc_FreeRsaKey(pubKey); #ifdef WOLFSSL_SMALL_STACK - XFREE(pubKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pubKey, heap, DYNAMIC_TYPE_TMP_BUFFER); #endif if (*keyEncSz < 0) { WOLFSSL_MSG("RSA Public Encrypt failed"); FreeDecodedCert(decoded); #ifdef WOLFSSL_SMALL_STACK - XFREE(serial, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(keyAlgArray, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(decoded, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(serial, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(keyAlgArray, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(decoded, heap, DYNAMIC_TYPE_TMP_BUFFER); #endif return *keyEncSz; } @@ -3068,9 +3095,9 @@ static int wc_CreateRecipientInfo(const byte* cert, word32 certSz, WOLFSSL_MSG("RecipientInfo output buffer too small"); FreeDecodedCert(decoded); #ifdef WOLFSSL_SMALL_STACK - XFREE(serial, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(keyAlgArray, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(decoded, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(serial, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(keyAlgArray, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(decoded, heap, DYNAMIC_TYPE_TMP_BUFFER); #endif return BUFFER_E; } @@ -3097,9 +3124,9 @@ static int wc_CreateRecipientInfo(const byte* cert, word32 certSz, FreeDecodedCert(decoded); #ifdef WOLFSSL_SMALL_STACK - XFREE(serial, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(keyAlgArray, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(decoded, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(serial, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(keyAlgArray, heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(decoded, heap, DYNAMIC_TYPE_TMP_BUFFER); #endif return totalSz; @@ -3420,12 +3447,13 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) } #ifdef WOLFSSL_SMALL_STACK - recip = (byte*)XMALLOC(MAX_RECIP_SZ, NULL, DYNAMIC_TYPE_PKCS7); - contentKeyEnc = (byte*)XMALLOC(MAX_ENCRYPTED_KEY_SZ, NULL, + recip = (byte*)XMALLOC(MAX_RECIP_SZ, pkcs7->heap, + DYNAMIC_TYPE_PKCS7); + contentKeyEnc = (byte*)XMALLOC(MAX_ENCRYPTED_KEY_SZ, pkcs7->heap, DYNAMIC_TYPE_PKCS7); if (contentKeyEnc == NULL || recip == NULL) { - if (recip) XFREE(recip, NULL, DYNAMIC_TYPE_PKCS7); - if (contentKeyEnc) XFREE(contentKeyEnc, NULL, DYNAMIC_TYPE_PKCS7); + if (recip) XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7); + if (contentKeyEnc) XFREE(contentKeyEnc, pkcs7->heap, DYNAMIC_TYPE_PKCS7); wc_FreeRng(&rng); return MEMORY_E; } @@ -3464,14 +3492,14 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) ForceZero(contentKeyEnc, MAX_ENCRYPTED_KEY_SZ); #ifdef WOLFSSL_SMALL_STACK - XFREE(contentKeyEnc, NULL, DYNAMIC_TYPE_PKCS7); + XFREE(contentKeyEnc, pkcs7->heap, DYNAMIC_TYPE_PKCS7); #endif if (recipSz < 0) { WOLFSSL_MSG("Failed to create RecipientInfo"); wc_FreeRng(&rng); #ifdef WOLFSSL_SMALL_STACK - XFREE(recip, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif return recipSz; } @@ -3482,7 +3510,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) wc_FreeRng(&rng); if (ret != 0) { #ifdef WOLFSSL_SMALL_STACK - XFREE(recip, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif return ret; } @@ -3491,7 +3519,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) contentTypeSz = wc_SetContentType(pkcs7->contentOID, contentType); if (contentTypeSz == 0) { #ifdef WOLFSSL_SMALL_STACK - XFREE(recip, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif return BAD_FUNC_ARG; } @@ -3520,7 +3548,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) if (encryptedContent == NULL) { XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7); #ifdef WOLFSSL_SMALL_STACK - XFREE(recip, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif return MEMORY_E; } @@ -3537,7 +3565,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7); #ifdef WOLFSSL_SMALL_STACK - XFREE(recip, NULL, DYNAMIC_TYPE_PKCS7); + XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7); #endif return BAD_FUNC_ARG; } @@ -3551,7 +3579,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_PKCS7); #ifdef WOLFSSL_SMALL_STACK - XFREE(recip, NULL, DYNAMIC_TYPE_PKCS7); + XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_PKCS7); #endif return ret; } @@ -3587,7 +3615,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); XFREE(plain, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #ifdef WOLFSSL_SMALL_STACK - XFREE(recip, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif return BUFFER_E; } @@ -3627,7 +3655,7 @@ int wc_PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); #ifdef WOLFSSL_SMALL_STACK - XFREE(recip, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(recip, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif return idx; @@ -3676,15 +3704,15 @@ static int wc_PKCS7_DecodeKtri(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz, } #ifdef WOLFSSL_SMALL_STACK - serialNum = (mp_int*)XMALLOC(sizeof(mp_int), NULL, - DYNAMIC_TYPE_TMP_BUFFER); + serialNum = (mp_int*)XMALLOC(sizeof(mp_int), pkcs7->heap, + DYNAMIC_TYPE_TMP_BUFFER); if (serialNum == NULL) return MEMORY_E; #endif if (GetInt(serialNum, pkiMsg, idx, pkiMsgSz) < 0) { #ifdef WOLFSSL_SMALL_STACK - XFREE(serialNum, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(serialNum, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif return ASN_PARSE_E; } @@ -3692,7 +3720,7 @@ static int wc_PKCS7_DecodeKtri(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz, mp_clear(serialNum); #ifdef WOLFSSL_SMALL_STACK - XFREE(serialNum, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(serialNum, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif if (GetAlgoId(pkiMsg, idx, &encOID, oidKeyType, pkiMsgSz) < 0) @@ -3704,7 +3732,7 @@ static int wc_PKCS7_DecodeKtri(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz, /* read encryptedKey */ #ifdef WOLFSSL_SMALL_STACK - encryptedKey = (byte*)XMALLOC(MAX_ENCRYPTED_KEY_SZ, NULL, + encryptedKey = (byte*)XMALLOC(MAX_ENCRYPTED_KEY_SZ, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); if (encryptedKey == NULL) return MEMORY_E; @@ -3712,14 +3740,14 @@ static int wc_PKCS7_DecodeKtri(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz, if (pkiMsg[(*idx)++] != ASN_OCTET_STRING) { #ifdef WOLFSSL_SMALL_STACK - XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif return ASN_PARSE_E; } if (GetLength(pkiMsg, idx, &encryptedKeySz, pkiMsgSz) < 0) { #ifdef WOLFSSL_SMALL_STACK - XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif return ASN_PARSE_E; } @@ -3730,18 +3758,19 @@ static int wc_PKCS7_DecodeKtri(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz, /* load private key */ #ifdef WOLFSSL_SMALL_STACK - privKey = (RsaKey*)XMALLOC(sizeof(RsaKey), NULL, DYNAMIC_TYPE_TMP_BUFFER); + privKey = (RsaKey*)XMALLOC(sizeof(RsaKey), pkcs7->heap, + DYNAMIC_TYPE_TMP_BUFFER); if (privKey == NULL) { - XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); return MEMORY_E; } #endif - ret = wc_InitRsaKey_ex(privKey, NULL, INVALID_DEVID); + ret = wc_InitRsaKey_ex(privKey, pkcs7->heap, INVALID_DEVID); if (ret != 0) { #ifdef WOLFSSL_SMALL_STACK - XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(privKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(privKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif return ret; } @@ -3758,8 +3787,8 @@ static int wc_PKCS7_DecodeKtri(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz, WOLFSSL_MSG("Failed to decode RSA private key"); wc_FreeRsaKey(privKey); #ifdef WOLFSSL_SMALL_STACK - XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(privKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(privKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif return ret; } @@ -3785,8 +3814,8 @@ static int wc_PKCS7_DecodeKtri(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz, if (keySz <= 0 || outKey == NULL) { ForceZero(encryptedKey, MAX_ENCRYPTED_KEY_SZ); #ifdef WOLFSSL_SMALL_STACK - XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(privKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(privKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif return keySz; } else { @@ -3796,8 +3825,8 @@ static int wc_PKCS7_DecodeKtri(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz, } #ifdef WOLFSSL_SMALL_STACK - XFREE(encryptedKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(privKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(privKey, pkcs7->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif return 0; @@ -4025,23 +4054,23 @@ static int wc_PKCS7_KariGetIssuerAndSerialNumber(WC_PKCS7_KARI* kari, } #ifdef WOLFSSL_SMALL_STACK - serial = (mp_int*)XMALLOC(sizeof(mp_int), NULL, + serial = (mp_int*)XMALLOC(sizeof(mp_int), kari->heap, DYNAMIC_TYPE_TMP_BUFFER); if (serial == NULL) return MEMORY_E; - recipSerial = (mp_int*)XMALLOC(sizeof(mp_int), NULL, + recipSerial = (mp_int*)XMALLOC(sizeof(mp_int), kari->heap, DYNAMIC_TYPE_TMP_BUFFER); if (recipSerial == NULL) { - XFREE(serial, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(serial, kari->heap, DYNAMIC_TYPE_TMP_BUFFER); return MEMORY_E; } #endif if (GetInt(serial, pkiMsg, idx, pkiMsgSz) < 0) { #ifdef WOLFSSL_SMALL_STACK - XFREE(serial, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(recipSerial, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(serial, kari->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(recipSerial, kari->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif return ASN_PARSE_E; } @@ -4052,8 +4081,8 @@ static int wc_PKCS7_KariGetIssuerAndSerialNumber(WC_PKCS7_KARI* kari, mp_clear(serial); WOLFSSL_MSG("Failed to parse CMS recipient serial number"); #ifdef WOLFSSL_SMALL_STACK - XFREE(serial, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(recipSerial, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(serial, kari->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(recipSerial, kari->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif return ret; } @@ -4063,8 +4092,8 @@ static int wc_PKCS7_KariGetIssuerAndSerialNumber(WC_PKCS7_KARI* kari, mp_clear(recipSerial); WOLFSSL_MSG("CMS serial number does not match recipient"); #ifdef WOLFSSL_SMALL_STACK - XFREE(serial, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(recipSerial, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(serial, kari->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(recipSerial, kari->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif return PKCS7_RECIP_E; } @@ -4073,8 +4102,8 @@ static int wc_PKCS7_KariGetIssuerAndSerialNumber(WC_PKCS7_KARI* kari, mp_clear(recipSerial); #ifdef WOLFSSL_SMALL_STACK - XFREE(serial, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(recipSerial, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(serial, kari->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(recipSerial, kari->heap, DYNAMIC_TYPE_TMP_BUFFER); #endif return 0; @@ -4173,7 +4202,7 @@ static int wc_PKCS7_DecodeKari(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz, return MEMORY_E; #ifdef WOLFSSL_SMALL_STACK - encryptedKey = (byte*)XMALLOC(MAX_ENCRYPTED_KEY_SZ, NULL, + encryptedKey = (byte*)XMALLOC(MAX_ENCRYPTED_KEY_SZ, pkcs7->heap, DYNAMIC_TYPE_PKCS7); if (encryptedKey == NULL) { wc_PKCS7_KariFree(kari); @@ -4189,7 +4218,7 @@ static int wc_PKCS7_DecodeKari(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz, if (ret != 0) { wc_PKCS7_KariFree(kari); #ifdef WOLFSSL_SMALL_STACK - XFREE(encryptedKey, NULL, DYNAMIC_TYPE_PKCS7); + XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7); #endif return ret; } @@ -4200,7 +4229,7 @@ static int wc_PKCS7_DecodeKari(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz, if (ret != 0) { wc_PKCS7_KariFree(kari); #ifdef WOLFSSL_SMALL_STACK - XFREE(encryptedKey, NULL, DYNAMIC_TYPE_PKCS7); + XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7); #endif return ret; } @@ -4210,7 +4239,7 @@ static int wc_PKCS7_DecodeKari(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz, if (ret != 0) { wc_PKCS7_KariFree(kari); #ifdef WOLFSSL_SMALL_STACK - XFREE(encryptedKey, NULL, DYNAMIC_TYPE_PKCS7); + XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7); #endif return ret; } @@ -4222,7 +4251,7 @@ static int wc_PKCS7_DecodeKari(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz, if (ret != 0) { wc_PKCS7_KariFree(kari); #ifdef WOLFSSL_SMALL_STACK - XFREE(encryptedKey, NULL, DYNAMIC_TYPE_PKCS7); + XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7); #endif return ret; } @@ -4249,7 +4278,7 @@ static int wc_PKCS7_DecodeKari(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz, default: wc_PKCS7_KariFree(kari); #ifdef WOLFSSL_SMALL_STACK - XFREE(encryptedKey, NULL, DYNAMIC_TYPE_PKCS7); + XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7); #endif WOLFSSL_MSG("AES key wrap algorithm unsupported"); return BAD_KEYWRAP_ALG_E; @@ -4261,7 +4290,7 @@ static int wc_PKCS7_DecodeKari(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz, if (ret != 0) { wc_PKCS7_KariFree(kari); #ifdef WOLFSSL_SMALL_STACK - XFREE(encryptedKey, NULL, DYNAMIC_TYPE_PKCS7); + XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7); #endif return ret; } @@ -4271,7 +4300,7 @@ static int wc_PKCS7_DecodeKari(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz, if (ret != 0) { wc_PKCS7_KariFree(kari); #ifdef WOLFSSL_SMALL_STACK - XFREE(encryptedKey, NULL, DYNAMIC_TYPE_PKCS7); + XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7); #endif return ret; } @@ -4283,7 +4312,7 @@ static int wc_PKCS7_DecodeKari(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz, if (keySz <= 0) { wc_PKCS7_KariFree(kari); #ifdef WOLFSSL_SMALL_STACK - XFREE(encryptedKey, NULL, DYNAMIC_TYPE_PKCS7); + XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7); #endif return keySz; } @@ -4291,7 +4320,7 @@ static int wc_PKCS7_DecodeKari(PKCS7* pkcs7, byte* pkiMsg, word32 pkiMsgSz, wc_PKCS7_KariFree(kari); #ifdef WOLFSSL_SMALL_STACK - XFREE(encryptedKey, NULL, DYNAMIC_TYPE_PKCS7); + XFREE(encryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7); #endif return 0; @@ -4488,7 +4517,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg, return ASN_PARSE_E; #ifdef WOLFSSL_SMALL_STACK - decryptedKey = (byte*)XMALLOC(MAX_ENCRYPTED_KEY_SZ, NULL, + decryptedKey = (byte*)XMALLOC(MAX_ENCRYPTED_KEY_SZ, pkcs7->heap, DYNAMIC_TYPE_PKCS7); if (decryptedKey == NULL) return MEMORY_E; @@ -4500,7 +4529,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg, &recipFound); if (ret != 0) { #ifdef WOLFSSL_SMALL_STACK - XFREE(decryptedKey, NULL, DYNAMIC_TYPE_PKCS7); + XFREE(decryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7); #endif return ret; } @@ -4508,7 +4537,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg, if (recipFound == 0) { WOLFSSL_MSG("No recipient found in envelopedData that matches input"); #ifdef WOLFSSL_SMALL_STACK - XFREE(decryptedKey, NULL, DYNAMIC_TYPE_PKCS7); + XFREE(decryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7); #endif return PKCS7_RECIP_E; } @@ -4516,21 +4545,21 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg, /* remove EncryptedContentInfo */ if (GetSequence(pkiMsg, &idx, &length, pkiMsgSz) < 0) { #ifdef WOLFSSL_SMALL_STACK - XFREE(decryptedKey, NULL, DYNAMIC_TYPE_PKCS7); + XFREE(decryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7); #endif return ASN_PARSE_E; } if (wc_GetContentType(pkiMsg, &idx, &contentType, pkiMsgSz) < 0) { #ifdef WOLFSSL_SMALL_STACK - XFREE(decryptedKey, NULL, DYNAMIC_TYPE_PKCS7); + XFREE(decryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7); #endif return ASN_PARSE_E; } if (GetAlgoId(pkiMsg, &idx, &encOID, oidBlkType, pkiMsgSz) < 0) { #ifdef WOLFSSL_SMALL_STACK - XFREE(decryptedKey, NULL, DYNAMIC_TYPE_PKCS7); + XFREE(decryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7); #endif return ASN_PARSE_E; } @@ -4538,7 +4567,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg, blockKeySz = wc_PKCS7_GetOIDKeySize(encOID); if (blockKeySz < 0) { #ifdef WOLFSSL_SMALL_STACK - XFREE(decryptedKey, NULL, DYNAMIC_TYPE_PKCS7); + XFREE(decryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7); #endif return blockKeySz; } @@ -4546,7 +4575,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg, expBlockSz = wc_PKCS7_GetOIDBlockSize(encOID); if (expBlockSz < 0) { #ifdef WOLFSSL_SMALL_STACK - XFREE(decryptedKey, NULL, DYNAMIC_TYPE_PKCS7); + XFREE(decryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7); #endif return expBlockSz; } @@ -4554,14 +4583,14 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg, /* get block cipher IV, stored in OPTIONAL parameter of AlgoID */ if (pkiMsg[idx++] != ASN_OCTET_STRING) { #ifdef WOLFSSL_SMALL_STACK - XFREE(decryptedKey, NULL, DYNAMIC_TYPE_PKCS7); + XFREE(decryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7); #endif return ASN_PARSE_E; } if (GetLength(pkiMsg, &idx, &length, pkiMsgSz) < 0) { #ifdef WOLFSSL_SMALL_STACK - XFREE(decryptedKey, NULL, DYNAMIC_TYPE_PKCS7); + XFREE(decryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7); #endif return ASN_PARSE_E; } @@ -4569,7 +4598,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg, if (length != expBlockSz) { WOLFSSL_MSG("Incorrect IV length, must be of content alg block size"); #ifdef WOLFSSL_SMALL_STACK - XFREE(decryptedKey, NULL, DYNAMIC_TYPE_PKCS7); + XFREE(decryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7); #endif return ASN_PARSE_E; } @@ -4583,7 +4612,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg, if (pkiMsg[idx] != (ASN_CONTEXT_SPECIFIC | 0) && pkiMsg[idx] != (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 0)) { #ifdef WOLFSSL_SMALL_STACK - XFREE(decryptedKey, NULL, DYNAMIC_TYPE_PKCS7); + XFREE(decryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7); #endif return ASN_PARSE_E; } @@ -4591,7 +4620,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg, if (GetLength(pkiMsg, &idx, &encryptedContentSz, pkiMsgSz) <= 0) { #ifdef WOLFSSL_SMALL_STACK - XFREE(decryptedKey, NULL, DYNAMIC_TYPE_PKCS7); + XFREE(decryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7); #endif return ASN_PARSE_E; } @@ -4599,14 +4628,14 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg, if (explicitOctet) { if (pkiMsg[idx++] != ASN_OCTET_STRING) { #ifdef WOLFSSL_SMALL_STACK - XFREE(decryptedKey, NULL, DYNAMIC_TYPE_PKCS7); + XFREE(decryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7); #endif return ASN_PARSE_E; } if (GetLength(pkiMsg, &idx, &encryptedContentSz, pkiMsgSz) <= 0) { #ifdef WOLFSSL_SMALL_STACK - XFREE(decryptedKey, NULL, DYNAMIC_TYPE_PKCS7); + XFREE(decryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7); #endif return ASN_PARSE_E; } @@ -4616,7 +4645,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg, DYNAMIC_TYPE_PKCS7); if (encryptedContent == NULL) { #ifdef WOLFSSL_SMALL_STACK - XFREE(decryptedKey, NULL, DYNAMIC_TYPE_PKCS7); + XFREE(decryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7); #endif return MEMORY_E; } @@ -4630,7 +4659,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg, if (ret != 0) { XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); #ifdef WOLFSSL_SMALL_STACK - XFREE(decryptedKey, NULL, DYNAMIC_TYPE_PKCS7); + XFREE(decryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7); #endif return ret; } @@ -4645,7 +4674,7 @@ WOLFSSL_API int wc_PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg, ForceZero(encryptedContent, encryptedContentSz); XFREE(encryptedContent, pkcs7->heap, DYNAMIC_TYPE_PKCS7); #ifdef WOLFSSL_SMALL_STACK - XFREE(decryptedKey, NULL, DYNAMIC_TYPE_PKCS7); + XFREE(decryptedKey, pkcs7->heap, DYNAMIC_TYPE_PKCS7); #endif return encryptedContentSz - padLen; diff --git a/wolfcrypt/src/port/arm/armv8-aes.c b/wolfcrypt/src/port/arm/armv8-aes.c index ffc5f7df4..94332ce10 100644 --- a/wolfcrypt/src/port/arm/armv8-aes.c +++ b/wolfcrypt/src/port/arm/armv8-aes.c @@ -110,10 +110,6 @@ static const byte rcon[] = { #ifdef HAVE_AESGCM -enum { - NONCE_SZ = 12, - CTR_SZ = 4 -}; static WC_INLINE void IncrementGcmCounter(byte* inOutCtr) { @@ -1555,7 +1551,7 @@ static int Aes128GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz, byte* keyPt; /* pointer to handle pointer advencment */ XMEMSET(initialCounter, 0, AES_BLOCK_SIZE); - if (ivSz == NONCE_SZ) { + if (ivSz == GCM_NONCE_MID_SZ) { XMEMCPY(initialCounter, iv, ivSz); initialCounter[AES_BLOCK_SIZE - 1] = 1; } @@ -1873,7 +1869,7 @@ static int Aes192GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz, byte* keyPt; /* pointer to handle pointer advencment */ XMEMSET(initialCounter, 0, AES_BLOCK_SIZE); - if (ivSz == NONCE_SZ) { + if (ivSz == GCM_NONCE_MID_SZ) { XMEMCPY(initialCounter, iv, ivSz); initialCounter[AES_BLOCK_SIZE - 1] = 1; } @@ -2206,7 +2202,7 @@ static int Aes256GcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz, byte* keyPt; /* pointer to handle pointer advencment */ XMEMSET(initialCounter, 0, AES_BLOCK_SIZE); - if (ivSz == NONCE_SZ) { + if (ivSz == GCM_NONCE_MID_SZ) { XMEMCPY(initialCounter, iv, ivSz); initialCounter[AES_BLOCK_SIZE - 1] = 1; } @@ -2631,7 +2627,7 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, } XMEMSET(initialCounter, 0, AES_BLOCK_SIZE); - if (ivSz == NONCE_SZ) { + if (ivSz == GCM_NONCE_MID_SZ) { XMEMCPY(initialCounter, iv, ivSz); initialCounter[AES_BLOCK_SIZE - 1] = 1; } @@ -4233,7 +4229,7 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz, } XMEMSET(initialCounter, 0, AES_BLOCK_SIZE); - if (ivSz == NONCE_SZ) { + if (ivSz == GCM_NONCE_MID_SZ) { XMEMCPY(initialCounter, iv, ivSz); initialCounter[AES_BLOCK_SIZE - 1] = 1; } @@ -4312,7 +4308,7 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz, } XMEMSET(initialCounter, 0, AES_BLOCK_SIZE); - if (ivSz == NONCE_SZ) { + if (ivSz == GCM_NONCE_MID_SZ) { XMEMCPY(initialCounter, iv, ivSz); initialCounter[AES_BLOCK_SIZE - 1] = 1; } diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 4a45faf87..65c141022 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -1305,7 +1305,7 @@ int asn_test(void) int length; const byte* datePart; #ifndef NO_ASN_TIME - struct tm time; + struct tm timearg; #ifdef WORD64_AVAILABLE word64 now; #else @@ -1334,7 +1334,7 @@ int asn_test(void) return -1404; } - ret = wc_GetDateAsCalendarTime(datePart, length, format, &time); + ret = wc_GetDateAsCalendarTime(datePart, length, format, &timearg); if (ret != 0) return -1405; #endif /* !NO_ASN_TIME */ @@ -2834,7 +2834,7 @@ int hash_test(void) if (hashType != WC_HASH_TYPE_NONE) return -3071; #endif - + ret = wc_HashGetOID(WC_HASH_TYPE_MD5_SHA); #ifndef NO_MD5 if (ret == HASH_TYPE_E || ret == BAD_FUNC_ARG) @@ -11325,6 +11325,10 @@ static int dh_fips_generate_test(WC_RNG *rng) #endif /* HAVE_SELFTEST */ #ifdef WOLFSSL_KEY_GEN + wc_FreeDhKey(&key); + ret = wc_InitDhKey_ex(&key, HEAP_HINT, devId); + if (ret != 0) + return -8231; ret = wc_DhGenerateParams(rng, 2048, &key); if (ret != 0) { @@ -18050,7 +18054,7 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, byte enveloped[2048]; byte decoded[2048]; - PKCS7 pkcs7; + PKCS7* pkcs7; #ifdef PKCS7_OUTPUT_TEST_BUNDLES FILE* pkcs7File; #endif @@ -18128,64 +18132,75 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, testSz = sizeof(testVectors) / sizeof(pkcs7EnvelopedVector); for (i = 0; i < testSz; i++) { - ret = wc_PKCS7_Init(&pkcs7, HEAP_HINT, + pkcs7 = wc_PKCS7_New(HEAP_HINT, #ifdef WOLFSSL_ASYNC_CRYPT INVALID_DEVID /* async PKCS7 is not supported */ #else devId #endif ); - if (ret != 0) + if (pkcs7 == NULL) return -9214; - ret = wc_PKCS7_InitWithCert(&pkcs7, testVectors[i].cert, + ret = wc_PKCS7_InitWithCert(pkcs7, testVectors[i].cert, (word32)testVectors[i].certSz); - if (ret != 0) + if (ret != 0) { + wc_PKCS7_Free(pkcs7); return -9215; + } - pkcs7.content = (byte*)testVectors[i].content; - pkcs7.contentSz = testVectors[i].contentSz; - pkcs7.contentOID = testVectors[i].contentOID; - pkcs7.encryptOID = testVectors[i].encryptOID; - pkcs7.keyWrapOID = testVectors[i].keyWrapOID; - pkcs7.keyAgreeOID = testVectors[i].keyAgreeOID; - pkcs7.privateKey = testVectors[i].privateKey; - pkcs7.privateKeySz = testVectors[i].privateKeySz; - pkcs7.ukm = testVectors[i].optionalUkm; - pkcs7.ukmSz = testVectors[i].optionalUkmSz; + pkcs7->content = (byte*)testVectors[i].content; + pkcs7->contentSz = testVectors[i].contentSz; + pkcs7->contentOID = testVectors[i].contentOID; + pkcs7->encryptOID = testVectors[i].encryptOID; + pkcs7->keyWrapOID = testVectors[i].keyWrapOID; + pkcs7->keyAgreeOID = testVectors[i].keyAgreeOID; + pkcs7->privateKey = testVectors[i].privateKey; + pkcs7->privateKeySz = testVectors[i].privateKeySz; + pkcs7->ukm = testVectors[i].optionalUkm; + pkcs7->ukmSz = testVectors[i].optionalUkmSz; /* encode envelopedData */ - envelopedSz = wc_PKCS7_EncodeEnvelopedData(&pkcs7, enveloped, + envelopedSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, enveloped, sizeof(enveloped)); if (envelopedSz <= 0) { printf("DEBUG: i = %d, envelopedSz = %d\n", i, envelopedSz); + wc_PKCS7_Free(pkcs7); return -9216; } /* decode envelopedData */ - decodedSz = wc_PKCS7_DecodeEnvelopedData(&pkcs7, enveloped, envelopedSz, + decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, enveloped, envelopedSz, decoded, sizeof(decoded)); - if (decodedSz <= 0) + if (decodedSz <= 0) { + wc_PKCS7_Free(pkcs7); return -9217; + } /* test decode result */ - if (XMEMCMP(decoded, data, sizeof(data)) != 0) + if (XMEMCMP(decoded, data, sizeof(data)) != 0){ + wc_PKCS7_Free(pkcs7); return -9218; + } #ifdef PKCS7_OUTPUT_TEST_BUNDLES /* output pkcs7 envelopedData for external testing */ pkcs7File = fopen(testVectors[i].outFileName, "wb"); - if (!pkcs7File) + if (!pkcs7File) { + wc_PKCS7_Free(pkcs7); return -9219; + } ret = (int)fwrite(enveloped, 1, envelopedSz, pkcs7File); fclose(pkcs7File); if (ret != envelopedSz) { + wc_PKCS7_Free(pkcs7); return -9220; } #endif /* PKCS7_OUTPUT_TEST_BUNDLES */ - wc_PKCS7_Free(&pkcs7); + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; } #if !defined(HAVE_ECC) || defined(NO_AES) @@ -18313,7 +18328,7 @@ int pkcs7encrypted_test(void) int ret = 0; int i, testSz; int encryptedSz, decodedSz, attribIdx; - PKCS7 pkcs7; + PKCS7* pkcs7; byte encrypted[2048]; byte decoded[2048]; #ifdef PKCS7_OUTPUT_TEST_BUNDLES @@ -18437,55 +18452,65 @@ int pkcs7encrypted_test(void) testSz = sizeof(testVectors) / sizeof(pkcs7EncryptedVector); for (i = 0; i < testSz; i++) { - ret = wc_PKCS7_Init(&pkcs7, HEAP_HINT, devId); - if (ret != 0) + pkcs7 = wc_PKCS7_New(HEAP_HINT, devId); + if (pkcs7 == NULL) return -9400; - pkcs7.content = (byte*)testVectors[i].content; - pkcs7.contentSz = testVectors[i].contentSz; - pkcs7.contentOID = testVectors[i].contentOID; - pkcs7.encryptOID = testVectors[i].encryptOID; - pkcs7.encryptionKey = testVectors[i].encryptionKey; - pkcs7.encryptionKeySz = testVectors[i].encryptionKeySz; - pkcs7.unprotectedAttribs = testVectors[i].attribs; - pkcs7.unprotectedAttribsSz = testVectors[i].attribsSz; + pkcs7->content = (byte*)testVectors[i].content; + pkcs7->contentSz = testVectors[i].contentSz; + pkcs7->contentOID = testVectors[i].contentOID; + pkcs7->encryptOID = testVectors[i].encryptOID; + pkcs7->encryptionKey = testVectors[i].encryptionKey; + pkcs7->encryptionKeySz = testVectors[i].encryptionKeySz; + pkcs7->unprotectedAttribs = testVectors[i].attribs; + pkcs7->unprotectedAttribsSz = testVectors[i].attribsSz; /* encode encryptedData */ - encryptedSz = wc_PKCS7_EncodeEncryptedData(&pkcs7, encrypted, + encryptedSz = wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted, sizeof(encrypted)); - if (encryptedSz <= 0) + if (encryptedSz <= 0) { + wc_PKCS7_Free(pkcs7); return -9401; + } /* decode encryptedData */ - decodedSz = wc_PKCS7_DecodeEncryptedData(&pkcs7, encrypted, encryptedSz, + decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz, decoded, sizeof(decoded)); - if (decodedSz <= 0) + if (decodedSz <= 0){ + wc_PKCS7_Free(pkcs7); return -9402; + } /* test decode result */ - if (XMEMCMP(decoded, data, sizeof(data)) != 0) + if (XMEMCMP(decoded, data, sizeof(data)) != 0) { + wc_PKCS7_Free(pkcs7); return -9403; + } /* verify decoded unprotected attributes */ - if (pkcs7.decodedAttrib != NULL) { - decodedAttrib = pkcs7.decodedAttrib; + if (pkcs7->decodedAttrib != NULL) { + decodedAttrib = pkcs7->decodedAttrib; attribIdx = 1; while (decodedAttrib != NULL) { /* expected attribute, stored list is reversed */ - expectedAttrib = &(pkcs7.unprotectedAttribs - [pkcs7.unprotectedAttribsSz - attribIdx]); + expectedAttrib = &(pkcs7->unprotectedAttribs + [pkcs7->unprotectedAttribsSz - attribIdx]); /* verify oid */ if (XMEMCMP(decodedAttrib->oid, expectedAttrib->oid, - decodedAttrib->oidSz) != 0) + decodedAttrib->oidSz) != 0) { + wc_PKCS7_Free(pkcs7); return -9404; + } /* verify value */ if (XMEMCMP(decodedAttrib->value, expectedAttrib->value, - decodedAttrib->valueSz) != 0) + decodedAttrib->valueSz) != 0) { + wc_PKCS7_Free(pkcs7); return -9405; + } decodedAttrib = decodedAttrib->next; attribIdx++; @@ -18495,8 +18520,10 @@ int pkcs7encrypted_test(void) #ifdef PKCS7_OUTPUT_TEST_BUNDLES /* output pkcs7 envelopedData for external testing */ pkcs7File = fopen(testVectors[i].outFileName, "wb"); - if (!pkcs7File) + if (!pkcs7File) { + wc_PKCS7_Free(pkcs7); return -9406; + } ret = (int)fwrite(encrypted, encryptedSz, 1, pkcs7File); fclose(pkcs7File); @@ -18505,7 +18532,7 @@ int pkcs7encrypted_test(void) ret = 0; #endif - wc_PKCS7_Free(&pkcs7); + wc_PKCS7_Free(pkcs7); } return ret; @@ -18539,7 +18566,7 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz, byte* out; word32 outSz; WC_RNG rng; - PKCS7 pkcs7; + PKCS7* pkcs7; #ifdef PKCS7_OUTPUT_TEST_BUNDLES FILE* file; #endif @@ -18679,26 +18706,30 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz, } for (i = 0; i < testSz; i++) { + pkcs7 = wc_PKCS7_New(HEAP_HINT, INVALID_DEVID); + if (pkcs7 == NULL) + return -9410; - pkcs7.heap = HEAP_HINT; - pkcs7.devId = INVALID_DEVID; - ret = wc_PKCS7_InitWithCert(&pkcs7, testVectors[i].cert, + pkcs7->heap = HEAP_HINT; + pkcs7->devId = INVALID_DEVID; + ret = wc_PKCS7_InitWithCert(pkcs7, testVectors[i].cert, (word32)testVectors[i].certSz); if (ret != 0) { XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_PKCS7_Free(pkcs7); return -9410; } - pkcs7.rng = &rng; - pkcs7.content = (byte*)testVectors[i].content; - pkcs7.contentSz = testVectors[i].contentSz; - pkcs7.hashOID = testVectors[i].hashOID; - pkcs7.encryptOID = testVectors[i].encryptOID; - pkcs7.privateKey = testVectors[i].privateKey; - pkcs7.privateKeySz = testVectors[i].privateKeySz; - pkcs7.signedAttribs = testVectors[i].signedAttribs; - pkcs7.signedAttribsSz = testVectors[i].signedAttribsSz; + pkcs7->rng = &rng; + pkcs7->content = (byte*)testVectors[i].content; + pkcs7->contentSz = testVectors[i].contentSz; + pkcs7->hashOID = testVectors[i].hashOID; + pkcs7->encryptOID = testVectors[i].encryptOID; + pkcs7->privateKey = testVectors[i].privateKey; + pkcs7->privateKeySz = testVectors[i].privateKeySz; + pkcs7->signedAttribs = testVectors[i].signedAttribs; + pkcs7->signedAttribsSz = testVectors[i].signedAttribsSz; /* generate senderNonce */ { @@ -18708,7 +18739,7 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz, ret = wc_RNG_GenerateBlock(&rng, &senderNonce[2], PKCS7_NONCE_SZ); if (ret != 0) { XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(&pkcs7); + wc_PKCS7_Free(pkcs7); return -9411; } } @@ -18731,20 +18762,20 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz, ret = wc_InitSha_ex(&sha, HEAP_HINT, devId); if (ret != 0) { XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(&pkcs7); + wc_PKCS7_Free(pkcs7); return -9412; } - wc_ShaUpdate(&sha, pkcs7.publicKey, pkcs7.publicKeySz); + wc_ShaUpdate(&sha, pkcs7->publicKey, pkcs7->publicKeySz); wc_ShaFinal(&sha, digest); wc_ShaFree(&sha); #else ret = wc_InitSha256_ex(&sha, HEAP_HINT, devId); if (ret != 0) { XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(&pkcs7); + wc_PKCS7_Free(pkcs7); return -9413; } - wc_Sha256Update(&sha, pkcs7.publicKey, pkcs7.publicKeySz); + wc_Sha256Update(&sha, pkcs7->publicKey, pkcs7->publicKeySz); wc_Sha256Final(&sha, digest); wc_Sha256Free(&sha); #endif @@ -18754,10 +18785,10 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz, } } - encodedSz = wc_PKCS7_EncodeSignedData(&pkcs7, out, outSz); + encodedSz = wc_PKCS7_EncodeSignedData(pkcs7, out, outSz); if (encodedSz < 0) { XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(&pkcs7); + wc_PKCS7_Free(pkcs7); return -9414; } @@ -18766,35 +18797,38 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz, file = fopen(testVectors[i].outFileName, "wb"); if (!file) { XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(&pkcs7); + wc_PKCS7_Free(pkcs7); return -9415; } ret = (int)fwrite(out, 1, encodedSz, file); fclose(file); if (ret != (int)encodedSz) { XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(&pkcs7); + wc_PKCS7_Free(pkcs7); return -9416; } #endif /* PKCS7_OUTPUT_TEST_BUNDLES */ - wc_PKCS7_Free(&pkcs7); - wc_PKCS7_InitWithCert(&pkcs7, NULL, 0); + wc_PKCS7_Free(pkcs7); - ret = wc_PKCS7_VerifySignedData(&pkcs7, out, outSz); + pkcs7 = wc_PKCS7_New(HEAP_HINT, INVALID_DEVID); + if (pkcs7 == NULL) + return -9410; + wc_PKCS7_InitWithCert(pkcs7, NULL, 0); + + ret = wc_PKCS7_VerifySignedData(pkcs7, out, outSz); if (ret < 0) { XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(&pkcs7); + wc_PKCS7_Free(pkcs7); return -9417; } - if (pkcs7.singleCert == NULL || pkcs7.singleCertSz == 0) { + if (pkcs7->singleCert == NULL || pkcs7->singleCertSz == 0) { XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(&pkcs7); + wc_PKCS7_Free(pkcs7); return -9418; } - { /* check getting signed attributes */ #ifndef NO_SHA @@ -18807,25 +18841,25 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz, int bufSz = 0; if (testVectors[i].signedAttribs != NULL && - wc_PKCS7_GetAttributeValue(&pkcs7, oidPt, oidSz, + wc_PKCS7_GetAttributeValue(pkcs7, oidPt, oidSz, NULL, (word32*)&bufSz) != LENGTH_ONLY_E) { XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(&pkcs7); + wc_PKCS7_Free(pkcs7); return -9419; } if (bufSz > (int)sizeof(buf)) { XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(&pkcs7); + wc_PKCS7_Free(pkcs7); return -9420; } - bufSz = wc_PKCS7_GetAttributeValue(&pkcs7, oidPt, oidSz, + bufSz = wc_PKCS7_GetAttributeValue(pkcs7, oidPt, oidSz, buf, (word32*)&bufSz); if ((testVectors[i].signedAttribs != NULL && bufSz < 0) || (testVectors[i].signedAttribs == NULL && bufSz > 0)) { XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(&pkcs7); + wc_PKCS7_Free(pkcs7); return -9421; } } @@ -18834,14 +18868,14 @@ static int pkcs7signed_run_vectors(byte* rsaCert, word32 rsaCertSz, file = fopen("./pkcs7cert.der", "wb"); if (!file) { XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); - wc_PKCS7_Free(&pkcs7); + wc_PKCS7_Free(pkcs7); return -9422; } - ret = (int)fwrite(pkcs7.singleCert, 1, pkcs7.singleCertSz, file); + ret = (int)fwrite(pkcs7->singleCert, 1, pkcs7->singleCertSz, file); fclose(file); #endif /* PKCS7_OUTPUT_TEST_BUNDLES */ - wc_PKCS7_Free(&pkcs7); + wc_PKCS7_Free(pkcs7); } XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); diff --git a/wolfssl/internal.h b/wolfssl/internal.h index bec934a97..1776350a1 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -1707,7 +1707,8 @@ struct WOLFSSL_OCSP { WOLFSSL_CERT_MANAGER* cm; /* pointer back to cert manager */ OcspEntry* ocspList; /* OCSP response list */ wolfSSL_Mutex ocspLock; /* OCSP list lock */ -#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) +#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \ + defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) int(*statusCb)(WOLFSSL*, void*); #endif }; @@ -2371,7 +2372,8 @@ struct WOLFSSL_CTX { #ifdef OPENSSL_EXTRA WOLF_STACK_OF(WOLFSSL_X509_NAME)* ca_names; #endif - #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined (WOLFSSL_HAPROXY) + #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \ + defined(WOLFSSL_NGINX) || defined (WOLFSSL_HAPROXY) WOLF_STACK_OF(WOLFSSL_X509)* x509Chain; #endif #ifdef WOLFSSL_TLS13 @@ -2496,7 +2498,7 @@ struct WOLFSSL_CTX { CallbackALPNSelect alpnSelect; void* alpnSelectArg; #endif -#if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) +#if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY))) CallbackSniRecv sniRecvCb; void* sniRecvCbArg; #endif diff --git a/wolfssl/openssl/asn1.h b/wolfssl/openssl/asn1.h index 44a66189f..d91d20d2c 100644 --- a/wolfssl/openssl/asn1.h +++ b/wolfssl/openssl/asn1.h @@ -53,4 +53,4 @@ ASN1_STRFLGS_UTF8_CONVERT | \ ASN1_STRFLGS_DUMP_UNKNOWN | \ ASN1_STRFLGS_DUMP_DER) -#endif /* WOLFSSL_ASN1_H_ */ \ No newline at end of file +#endif /* WOLFSSL_ASN1_H_ */ diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 58047f196..11bca4a52 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -879,7 +879,8 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING; #define ERR_LIB_X509 10 #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \ - defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_ALL) + defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_ALL) || \ + defined(HAVE_LIGHTY) #include @@ -953,7 +954,8 @@ typedef WOLFSSL_ASN1_BIT_STRING ASN1_BIT_STRING; #define SSL_is_server wolfSSL_is_server #define SSL_CTX_set1_curves_list wolfSSL_CTX_set1_curves_list -#endif /* WOLFSSL_NGINX || WOLFSSL_HAPROXY */ +#endif /* WOLFSSL_NGINX || WOLFSSL_HAPROXY || WOLFSSL_MYSQL_COMPATIBLE || + OPENSSL_ALL || HAVE_LIGHTY */ #define X509_STORE_CTX_set_time wolfSSL_X509_STORE_CTX_set_time #define SSL_CTX_add_client_CA wolfSSL_CTX_add_client_CA diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index d9601ede9..b7887ebe6 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -187,13 +187,13 @@ typedef struct WOLFSSL_ASN1_BIT_STRING WOLFSSL_ASN1_BIT_STRING; struct WOLFSSL_ASN1_INTEGER { /* size can be increased set at 20 for tag, length then to hold at least 16 * byte type */ - unsigned char intData[WOLFSSL_ASN1_INTEGER_MAX]; + unsigned char intData[WOLFSSL_ASN1_INTEGER_MAX]; /* ASN_INTEGER | LENGTH | hex of number */ - unsigned char negative; /* negative number flag */ + unsigned char negative; /* negative number flag */ unsigned char* data; unsigned int dataMax; /* max size of data buffer */ - unsigned char isDynamic:1; /* flag for if data pointer dynamic (1 is yes 0 is no) */ + unsigned int isDynamic:1; /* flag for if data pointer dynamic (1 is yes 0 is no) */ }; struct WOLFSSL_ASN1_TIME { @@ -2664,7 +2664,8 @@ WOLFSSL_API int wolfSSL_PEM_write_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 *x); || defined(HAVE_STUNNEL) \ || defined(WOLFSSL_NGINX) \ || defined(WOLFSSL_HAPROXY) \ - || defined(OPENSSL_EXTRA) + || defined(OPENSSL_EXTRA) \ + || defined(HAVE_LIGHTY) #include @@ -2749,6 +2750,9 @@ WOLFSSL_API void wolfSSL_CTX_set_servername_arg(WOLFSSL_CTX *, void*); WOLFSSL_API void wolfSSL_ERR_remove_thread_state(void*); +/* support for depricated old name */ +#define WOLFSSL_ERR_remove_thread_state wolfSSL_ERR_remove_thread_state + #ifndef NO_FILESYSTEM WOLFSSL_API void wolfSSL_print_all_errors_fp(XFILE *fp); #endif @@ -2761,7 +2765,7 @@ WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_STORE_get1_certs( WOLFSSL_X509_STORE_CTX*, WOLFSSL_X509_NAME*); WOLFSSL_API void wolfSSL_sk_X509_pop_free(WOLF_STACK_OF(WOLFSSL_X509)* sk, void f (WOLFSSL_X509*)); -#endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ +#endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || HAVE_LIGHTY */ #if defined(OPENSSL_ALL) || \ defined(HAVE_STUNNEL) || defined(WOLFSSL_MYSQL_COMPATIBLE) || \ @@ -2819,7 +2823,7 @@ WOLFSSL_API int wolfSSL_set_ocsp_url(WOLFSSL* ssl, char* url); #endif #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \ - || defined(OPENSSL_EXTRA) + || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) WOLFSSL_API WOLF_STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl); WOLFSSL_API int wolfSSL_X509_get_ex_new_index(int idx, void *arg, void *a, void *b, void *c); @@ -2855,7 +2859,8 @@ WOLFSSL_API int wolfSSL_CTX_set_tlsext_ticket_key_cb(WOLFSSL_CTX *, int (*)( WOLFSSL_EVP_CIPHER_CTX *ectx, WOLFSSL_HMAC_CTX *hctx, int enc)); #endif -#ifdef HAVE_OCSP +#if defined(HAVE_OCSP) || defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) || \ + defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) WOLFSSL_API int wolfSSL_CTX_get_extra_chain_certs(WOLFSSL_CTX* ctx, WOLF_STACK_OF(X509)** chain); WOLFSSL_API int wolfSSL_CTX_set_tlsext_status_cb(WOLFSSL_CTX* ctx, @@ -2879,7 +2884,8 @@ WOLFSSL_API char* wolfSSL_sk_WOLFSSL_STRING_value( WOLFSSL_API int PEM_write_bio_WOLFSSL_X509(WOLFSSL_BIO *bio, WOLFSSL_X509 *cert); -#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ +#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || + OPENSSL_EXTRA || HAVE_LIGHTY*/ WOLFSSL_API void wolfSSL_get0_alpn_selected(const WOLFSSL *ssl, const unsigned char **data, unsigned int *len); diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h index a3c914a58..48ec24658 100644 --- a/wolfssl/wolfcrypt/asn_public.h +++ b/wolfssl/wolfcrypt/asn_public.h @@ -153,7 +153,7 @@ typedef struct EncryptedInfo { char name[NAME_SZ]; /* cipher name, such as "DES-CBC" */ byte iv[IV_SZ]; /* salt or encrypted IV */ - byte set:1; /* if encryption set */ + int set:1; /* if encryption set */ } EncryptedInfo; diff --git a/wolfssl/wolfcrypt/pkcs7.h b/wolfssl/wolfcrypt/pkcs7.h index e17bf2eec..46ef20e93 100644 --- a/wolfssl/wolfcrypt/pkcs7.h +++ b/wolfssl/wolfcrypt/pkcs7.h @@ -95,10 +95,13 @@ typedef struct PKCS7DecodedAttrib { } PKCS7DecodedAttrib; +/* Public Structure Warning: + * Existing members must not be changed to maintain backwards compatibility! + */ typedef struct PKCS7 { WC_RNG* rng; PKCS7Attrib* signedAttribs; - byte* content; /* inner content, not owner */ + byte* content; /* inner content, not owner */ byte* singleCert; /* recipient cert, DER, not owner */ byte* issuer; /* issuer name of singleCert */ byte* privateKey; /* private key, DER, not owner */ @@ -136,11 +139,17 @@ typedef struct PKCS7 { int devId; /* device ID for HW based private key */ byte issuerHash[KEYID_SIZE]; /* hash of all alt Names */ byte issuerSn[MAX_SN_SZ]; /* singleCert's serial number */ - byte publicKey[MAX_RSA_INT_SZ + MAX_RSA_E_SZ ];/*MAX RSA key size (m + e)*/ + byte publicKey[MAX_RSA_INT_SZ + MAX_RSA_E_SZ]; /* MAX RSA key size (m + e)*/ word32 certSz[MAX_PKCS7_CERTS]; + + /* flags - up to 16-bits */ + word16 isDynamic:1; + + /* !! NEW DATA MEMBERS MUST BE ADDED AT END !! */ } PKCS7; +WOLFSSL_API PKCS7* wc_PKCS7_New(void* heap, int devId); WOLFSSL_API int wc_PKCS7_Init(PKCS7* pkcs7, void* heap, int devId); WOLFSSL_API int wc_PKCS7_InitWithCert(PKCS7* pkcs7, byte* cert, word32 certSz); WOLFSSL_API void wc_PKCS7_Free(PKCS7* pkcs7); From 3fc7424e0302eaa691aae22a0aecc89125125488 Mon Sep 17 00:00:00 2001 From: MJSPollard Date: Tue, 10 Jul 2018 11:52:41 -0600 Subject: [PATCH 3/8] implemented requested changes --- src/ssl.c | 337 +++++++++++++++++++++++++++++++++++++++----------- tests/api.c | 15 +-- wolfssl/ssl.h | 4 +- 3 files changed, 273 insertions(+), 83 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 66c30d4d4..6efdc4b6b 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -24745,8 +24745,10 @@ int wolfSSL_HMAC_CTX_copy(WOLFSSL_HMAC_CTX* des, WOLFSSL_HMAC_CTX* src) return WOLFSSL_SUCCESS; } -#ifdef HAVE_FIPS -int _InitHmac(Hmac* hmac, int type, void* heap) +#if defined(HAVE_FIPS) && \ + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)) + +static int _HMAC_Init(Hmac* hmac, int type, void* heap) { int ret = 0; @@ -24792,6 +24794,21 @@ int _InitHmac(Hmac* hmac, int type, void* heap) break; #endif /* HAVE_BLAKE2 */ + #ifdef WOLFSSL_SHA3 + case WC_SHA3_224: + ret = wc_InitSha3_224(&hmac->hash.sha3, heap, INVALID_DEVID); + break; + case WC_SHA3_256: + ret = wc_InitSha3_256(&hmac->hash.sha3, heap, INVALID_DEVID); + break; + case WC_SHA3_384: + ret = wc_InitSha3_384(&hmac->hash.sha3, heap, INVALID_DEVID); + break; + case WC_SHA3_512: + ret = wc_InitSha3_512(&hmac->hash.sha3, heap, INVALID_DEVID); + break; + #endif + default: ret = BAD_FUNC_ARG; break; @@ -24801,7 +24818,10 @@ int _InitHmac(Hmac* hmac, int type, void* heap) return ret; } -#endif /* HAVE_FIPS */ + +#else + #define _HMAC_Init _InitHmac +#endif int wolfSSL_HMAC_Init(WOLFSSL_HMAC_CTX* ctx, const void* key, int keylen, @@ -27754,6 +27774,8 @@ WOLFSSL_RSA *wolfSSL_d2i_RSAPublicKey(WOLFSSL_RSA **r, const unsigned char **pp, if(wolfSSL_RSA_LoadDer_ex(rsa, *pp, (int)len, WOLFSSL_RSA_LOAD_PUBLIC) != WOLFSSL_SUCCESS){ WOLFSSL_MSG("RSA_LoadDer failed"); + wolfSSL_RSA_free(rsa); + rsa = NULL; return NULL; } if(r != NULL) @@ -27761,12 +27783,15 @@ WOLFSSL_RSA *wolfSSL_d2i_RSAPublicKey(WOLFSSL_RSA **r, const unsigned char **pp, return rsa; } +/* Converts an rsa private key from der format to an rsa structure. +Returns pointer to the rsa structure on succcess and NULL if error. */ WOLFSSL_RSA *wolfSSL_d2i_RSAPrivateKey(WOLFSSL_RSA **r, const unsigned char **derBuf, long derSz) { WOLFSSL_RSA *rsa = NULL; WOLFSSL_ENTER("d2i_RSAPrivateKey"); + /* check for bad functions arguments */ if(derBuf == NULL){ WOLFSSL_MSG("Bad argument"); return NULL; @@ -27779,6 +27804,8 @@ WOLFSSL_RSA *wolfSSL_d2i_RSAPrivateKey(WOLFSSL_RSA **r, const unsigned char **de if(wolfSSL_RSA_LoadDer_ex(rsa, *derBuf, (int)derSz, WOLFSSL_RSA_LOAD_PRIVATE) != WOLFSSL_SUCCESS){ WOLFSSL_MSG("RSA_LoadDer failed"); + wolfSSL_RSA_free(rsa); + rsa = NULL; return NULL; } if(r != NULL) @@ -27788,7 +27815,10 @@ WOLFSSL_RSA *wolfSSL_d2i_RSAPrivateKey(WOLFSSL_RSA **r, const unsigned char **de #if !defined(HAVE_FAST_RSA) #if defined(WOLFSSL_KEY_GEN) -int wolfSSL_i2d_RSAPrivateKey(WOLFSSL_RSA *rsa, const unsigned char **pp) + +/* Converts an internal rsa structure to der format. +Returns size of der on success and WOLFSSL_FAILURE if error */ +int wolfSSL_i2d_RSAPrivateKey(WOLFSSL_RSA *rsa, unsigned char **pp) { byte* der = NULL; int derMax; @@ -27796,6 +27826,7 @@ int wolfSSL_i2d_RSAPrivateKey(WOLFSSL_RSA *rsa, const unsigned char **pp) WOLFSSL_ENTER("i2d_RSAPrivateKey"); + /* check for bad functions arguments */ if((rsa == NULL) || (pp == NULL)) { WOLFSSL_MSG("Bad Function Arguments"); return BAD_FUNC_ARG; @@ -27825,7 +27856,13 @@ int wolfSSL_i2d_RSAPrivateKey(WOLFSSL_RSA *rsa, const unsigned char **pp) return ret; } - *pp = der; + //ret is the size of the der buffer + for(int i = 0; i < ret; i++) { + *(*pp + i) = *(der + i); + } + *pp += ret; + + XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); return ret; /* returns size of der if successful */ } #endif /* WOLFSSL_KEY_GEN */ @@ -30994,6 +31031,9 @@ int wolfSSL_get_state(const WOLFSSL* ssl) #endif /* HAVE_LIGHTY || HAVE_STUNNEL || WOLFSSL_MYSQL_COMPATIBLE */ #if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) + +/* Returns the verifyCallback from the ssl structure if successful. +Returns NULL otherwise. */ VerifyCallback wolfSSL_get_verify_callback(WOLFSSL* ssl) { WOLFSSL_ENTER("wolfSSL_get_verify_callback()"); @@ -31003,6 +31043,8 @@ VerifyCallback wolfSSL_get_verify_callback(WOLFSSL* ssl) return NULL; } +/* Creates a new bio pair. +Returns WOLFSSL_SUCCESS if no error, WOLFSSL_FAILURE otherwise.*/ int wolfSSL_BIO_new_bio_pair(WOLFSSL_BIO **bio1_p, size_t writebuf1, WOLFSSL_BIO **bio2_p, size_t writebuf2) { @@ -31016,6 +31058,7 @@ int wolfSSL_BIO_new_bio_pair(WOLFSSL_BIO **bio1_p, size_t writebuf1, return BAD_FUNC_ARG; } + /* set up the new bio structures and write buf sizes */ if((bio1 = wolfSSL_BIO_new(wolfSSL_BIO_s_bio())) == NULL) { WOLFSSL_MSG("Bio allocation failed"); ret = WOLFSSL_FAILURE; @@ -31026,17 +31069,18 @@ int wolfSSL_BIO_new_bio_pair(WOLFSSL_BIO **bio1_p, size_t writebuf1, ret = WOLFSSL_FAILURE; } } - if(ret && writebuf1){ + if(ret && writebuf1) { if(!(ret = wolfSSL_BIO_set_write_buf_size(bio1, writebuf1))) { WOLFSSL_MSG("BIO_set_write_buf failed"); } } - if(ret && writebuf2){ + if(ret && writebuf2) { if(!(ret = wolfSSL_BIO_set_write_buf_size(bio2, writebuf2))){ WOLFSSL_MSG("BIO_set_write_buf failed"); } } - if(ret){ + + if(ret) { if((ret = wolfSSL_BIO_make_bio_pair(bio1, bio2))) { *bio1_p = bio1; *bio2_p = bio2; @@ -31053,11 +31097,19 @@ int wolfSSL_BIO_new_bio_pair(WOLFSSL_BIO **bio1_p, size_t writebuf1, #if !defined(NO_RSA) +/* Converts an rsa key from a bio buffer into an internal rsa structure. +Returns a pointer to the new WOLFSSL_RSA structure. */ WOLFSSL_RSA* wolfSSL_d2i_RSAPrivateKey_bio(WOLFSSL_BIO *bio, WOLFSSL_RSA **out) { - const unsigned char* mem; - long memSz; + const unsigned char* bioMem = NULL; + int bioMemSz = 0; WOLFSSL_RSA* key = NULL; + unsigned char maxKeyBuf[4096]; + unsigned char* bufPtr = NULL; + unsigned char* extraBioMem = NULL; + int extraBioMemSz = 0; + int derLength = 0; + int j = 0, i = 0; WOLFSSL_ENTER("wolfSSL_d2i_RSAPrivateKey_bio()"); @@ -31067,32 +31119,71 @@ WOLFSSL_RSA* wolfSSL_d2i_RSAPrivateKey_bio(WOLFSSL_BIO *bio, WOLFSSL_RSA **out) } (void)out; - memSz = wolfSSL_BIO_pending(bio); - if (memSz <= 0) { + bioMemSz = wolfSSL_BIO_pending(bio); + if (bioMemSz <= 0) { WOLFSSL_MSG("wolfSSL_BIO_pending failure"); return NULL; } - mem = (unsigned char*)XMALLOC(memSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (mem == NULL) { + bioMem = (unsigned char*)XMALLOC(bioMemSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (bioMem == NULL) { WOLFSSL_MSG("Malloc failure"); return NULL; } - if (wolfSSL_BIO_read(bio, (unsigned char*)mem, (int)memSz) == memSz) { - key = wolfSSL_d2i_RSAPrivateKey(NULL, &mem, memSz); + bufPtr = maxKeyBuf; + if (wolfSSL_BIO_read(bio, (unsigned char*)bioMem, (int)bioMemSz) == bioMemSz) { + if((key = wolfSSL_d2i_RSAPrivateKey(NULL, &bioMem, bioMemSz)) == NULL) { + XFREE((unsigned char*)bioMem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + return NULL; + } + + //This function is used to get the total length of the rsa key. + derLength = wolfSSL_i2d_RSAPrivateKey(key, &bufPtr); + + //Write extra data back into bio object if necessary. + extraBioMemSz = (bioMemSz - derLength); + if(extraBioMemSz > 0) { + extraBioMem = XMALLOC(extraBioMemSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (extraBioMem == NULL) { + WOLFSSL_MSG("Malloc failure");; + XFREE((unsigned char*)extraBioMem, bio->heap, + DYNAMIC_TYPE_TMP_BUFFER); + XFREE((unsigned char*)bioMem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + return NULL; + } + + for(i = derLength; i < bioMemSz; i++) { + *(extraBioMem + j) = *(bioMem + i); + j++; + } + + BIO_write(bio, extraBioMem, extraBioMemSz); + if(wolfSSL_BIO_pending(bio) <= 0) { + WOLFSSL_MSG("Failed to write memory to bio"); + XFREE((unsigned char*)extraBioMem, bio->heap, + DYNAMIC_TYPE_TMP_BUFFER); + XFREE((unsigned char*)bioMem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + return NULL; + } + XFREE((unsigned char*)extraBioMem, bio->heap, + DYNAMIC_TYPE_TMP_BUFFER); + } + if (out != NULL && key != NULL) { *out = key; } } - - XFREE((unsigned char*)mem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE((unsigned char*)bioMem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); return key; } #endif -int wolfSSL_CTX_use_certificate_ASN1(WOLFSSL_CTX *ctx, int derSz, const unsigned char *der) +/* Adds the ASN1 certificate to the user ctx. +Returns WOLFSSL_SUCCESS if no error, returns WOLFSSL_FAILURE otherwise.*/ +int wolfSSL_CTX_use_certificate_ASN1(WOLFSSL_CTX *ctx, int derSz, + const unsigned char *der) { WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_ASN1"); if (der != NULL && ctx != NULL) { @@ -31105,13 +31196,14 @@ int wolfSSL_CTX_use_certificate_ASN1(WOLFSSL_CTX *ctx, int derSz, const unsigned #if !defined(NO_RSA) && !defined(HAVE_FAST_RSA) +/* Adds the rsa private key to the user ctx. +Returns WOLFSSL_SUCCESS if no error, returns WOLFSSL_FAILURE otherwise.*/ int wolfSSL_CTX_use_RSAPrivateKey(WOLFSSL_CTX* ctx, WOLFSSL_RSA* rsa) { int ret; int derSize; - const unsigned char* derBuf = NULL; - WOLFSSL_EVP_PKEY* pkey = NULL; - WOLFSSL_BIO* bio = NULL; + unsigned char maxDerBuf[4096]; + unsigned char* key = NULL; WOLFSSL_ENTER("wolfSSL_CTX_use_RSAPrivateKey"); @@ -31119,57 +31211,36 @@ int wolfSSL_CTX_use_RSAPrivateKey(WOLFSSL_CTX* ctx, WOLFSSL_RSA* rsa) WOLFSSL_MSG("one or more inputs were NULL"); return BAD_FUNC_ARG; } - - if((bio = BIO_new(BIO_s_mem())) == NULL){ - WOLFSSL_MSG("Set bio Failed"); - return WOLFSSL_FAILURE; - } - - pkey = wolfSSL_PKEY_new_ex(bio->heap); - pkey->type = EVP_PKEY_RSA; - pkey->rsa = rsa; - pkey->ownRsa = 0; - - /* convert RSA internal to der */ - if((derSize = wolfSSL_i2d_RSAPrivateKey(rsa, &derBuf)) <= 0) { + key = maxDerBuf; + /* convert RSA struct to der encoded buffer and get the size */ + if((derSize = wolfSSL_i2d_RSAPrivateKey(rsa, &key)) <= 0) { WOLFSSL_MSG("wolfSSL_i2d_RSAPrivateKey failed"); - XFREE((unsigned char*)derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); - wolfSSL_EVP_PKEY_free(pkey); - wolfSSL_BIO_free(bio); return WOLFSSL_FAILURE; } - - pkey->pkey.ptr = (char*)XMALLOC(derSize, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); - if (pkey->pkey.ptr == NULL) { - WOLFSSL_MSG("pkey malloc failed"); - XFREE((unsigned char*)derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); - wolfSSL_EVP_PKEY_free(pkey); - wolfSSL_BIO_free(bio); + ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx, (const unsigned char*)maxDerBuf, + derSize, SSL_FILETYPE_ASN1); + if(ret != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("CTX_USE_PrivateKey_buffer() failure"); return WOLFSSL_FAILURE; } - - pkey->pkey_sz = derSize; - XMEMCPY(pkey->pkey.ptr, derBuf, derSize); - - /*adds the private key rsa to ctx.*/ - ret = wolfSSL_CTX_use_PrivateKey(ctx, pkey); - - wolfSSL_BIO_free(bio); - wolfSSL_EVP_PKEY_free(pkey); - XFREE((unsigned char*)derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); return ret; } #endif /* NO_RSA && !HAVE_FAST_RSA */ -WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_bio(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY** out) +/* Converts EVP_PKEY data from a bio buffer to a WOLFSSL_EVP_PKEY structure. +Returns pointer to private EVP_PKEY struct upon success, NULL if there +is a failure.*/ +WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_bio(WOLFSSL_BIO* bio, + WOLFSSL_EVP_PKEY** out) { - const unsigned char* mem; - const unsigned char* memptr; - int memSz; + unsigned char* mem = NULL; + int memSz = 0; WOLFSSL_EVP_PKEY* key = NULL; - int type; - int algoID = 0; + int i = 0, j = 0; + unsigned char* extraBioMem = NULL; + int extraBioMemSz = 0; + int derLength = 0; WOLFSSL_ENTER("wolfSSL_d2i_PrivateKey_bio()"); @@ -31183,38 +31254,154 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_bio(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* WOLFSSL_MSG("wolfSSL_BIO_pending failure"); return NULL; } + mem = (unsigned char*)XMALLOC(memSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); if (mem == NULL) { WOLFSSL_MSG("Malloc failure"); return NULL; } - memptr = mem; if (wolfSSL_BIO_read(bio, (unsigned char*)mem, memSz) == memSz) { - /* Determines key type */ - if ((wc_GetKeyOID((unsigned char*)mem, memSz, NULL, NULL, &algoID, NULL)) < 0) { - XFREE((unsigned char*)memptr, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + /* Determines key type and returns the new private EVP_PKEY object */ + if((key = wolfSSL_d2i_PrivateKey_EVP(NULL, &mem, (long)memSz)) == NULL) { + WOLFSSL_MSG("d2i_PrivateKey_EVP() failure"); + XFREE(mem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); return NULL; } - if (algoID == ECDSAk) { - type = EVP_PKEY_EC; - } else if (algoID == RSAk) { - type = EVP_PKEY_RSA; - } else { - WOLFSSL_MSG("Error determining correct key type"); - XFREE((unsigned char*)memptr, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); - return NULL; + //Write extra data back into bio object if necessary. + derLength = key->pkey_sz; + extraBioMemSz = (memSz - derLength); + if(extraBioMemSz > 0) { + extraBioMem = XMALLOC(extraBioMemSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (extraBioMem == NULL) { + WOLFSSL_MSG("Malloc failure"); + XFREE((unsigned char*)extraBioMem, bio->heap, + DYNAMIC_TYPE_TMP_BUFFER); + XFREE(mem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + return NULL; + } + + for(i = derLength; i < memSz; i++) { + *(extraBioMem + j) = *(mem + i); + j++; + } + + BIO_write(bio, extraBioMem, extraBioMemSz); + if(wolfSSL_BIO_pending(bio) <= 0) { + WOLFSSL_MSG("Failed to write memory to bio"); + XFREE((unsigned char*)extraBioMem, bio->heap, + DYNAMIC_TYPE_TMP_BUFFER); + XFREE(mem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + return NULL; + } + XFREE((unsigned char*)extraBioMem, bio->heap, + DYNAMIC_TYPE_TMP_BUFFER); } - key = wolfSSL_d2i_PrivateKey(type, &key, &mem, memSz); if (out != NULL && key != NULL) { *out = key; } } - XFREE((unsigned char*)memptr, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(mem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); return key; } + + +/* Converts a DER encoded private key to a WOLFSSL_EVP_PKEY structure. + * returns a pointer to a new WOLFSSL_EVP_PKEY structure on success and NULL + * on fail */ +WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_EVP(WOLFSSL_EVP_PKEY** out, + unsigned char** in, long inSz) +{ + WOLFSSL_EVP_PKEY* pkey = NULL; + const unsigned char* mem; + long memSz = inSz; + + WOLFSSL_ENTER("wolfSSL_d2i_PrivateKey_EVP"); + + if (in == NULL || inSz < 0) { + WOLFSSL_MSG("Bad argument"); + return NULL; + } + mem = *in; + + #if !defined(NO_RSA) + { + RsaKey rsa; + word32 keyIdx = 0; + + /* test if RSA key */ + if (wc_InitRsaKey(&rsa, NULL) == 0 && + wc_RsaPrivateKeyDecode(mem, &keyIdx, &rsa, (word32)memSz) == 0) { + wc_FreeRsaKey(&rsa); + pkey = wolfSSL_PKEY_new(); + if (pkey != NULL) { + pkey->pkey_sz = keyIdx; + pkey->pkey.ptr = (char*)XMALLOC(memSz, NULL, + DYNAMIC_TYPE_PRIVATE_KEY); + if (pkey->pkey.ptr == NULL) { + wolfSSL_EVP_PKEY_free(pkey); + return NULL; + } + XMEMCPY(pkey->pkey.ptr, mem, keyIdx); + pkey->type = EVP_PKEY_RSA; + if (out != NULL) { + *out = pkey; + } + + pkey->ownRsa = 1; + pkey->rsa = wolfSSL_RSA_new(); + if (pkey->rsa == NULL) { + wolfSSL_EVP_PKEY_free(pkey); + return NULL; + } + + if (wolfSSL_RSA_LoadDer_ex(pkey->rsa, + (const unsigned char*)pkey->pkey.ptr, + pkey->pkey_sz, WOLFSSL_RSA_LOAD_PRIVATE) != 1) { + wolfSSL_EVP_PKEY_free(pkey); + return NULL; + } + + return pkey; + } + } + wc_FreeRsaKey(&rsa); + } + #endif /* NO_RSA */ + + #ifdef HAVE_ECC + { + word32 keyIdx = 0; + ecc_key ecc; + + /* test if ecc key */ + if (wc_ecc_init(&ecc) == 0 && + wc_EccPrivateKeyDecode(mem, &keyIdx, &ecc, (word32)memSz) == 0) { + wc_ecc_free(&ecc); + pkey = wolfSSL_PKEY_new(); + if (pkey != NULL) { + pkey->pkey_sz = keyIdx; + pkey->pkey.ptr = (char*)XMALLOC(keyIdx, NULL, + DYNAMIC_TYPE_PRIVATE_KEY); + if (pkey->pkey.ptr == NULL) { + wolfSSL_EVP_PKEY_free(pkey); + return NULL; + } + XMEMCPY(pkey->pkey.ptr, mem, keyIdx); + pkey->type = EVP_PKEY_EC; + if (out != NULL) { + *out = pkey; + } + return pkey; + } + } + wc_ecc_free(&ecc); + } + #endif /* HAVE_ECC */ + return pkey; +} #endif /* OPENSSL_ALL || WOLFSSL_ASIO */ diff --git a/tests/api.c b/tests/api.c index 92d249424..e8cc6a6ca 100644 --- a/tests/api.c +++ b/tests/api.c @@ -18017,7 +18017,8 @@ static void test_wolfSSL_d2i_PrivateKeys_bio(void) EVP_PKEY* pkey = NULL; RSA* rsa = NULL; WOLFSSL_CTX* ctx; - const unsigned char* buffer = NULL; + unsigned char buffer[4096]; + unsigned char* bufPtr; printf(testingFmt, "wolfSSL_d2i_PrivateKeys_bio()"); @@ -18037,14 +18038,14 @@ static void test_wolfSSL_d2i_PrivateKeys_bio(void) XFSEEK(file, 0, XSEEK_END); sz = XFTELL(file); XREWIND(file); - AssertNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)); + AssertNotNull(buf = (byte*)XMALLOC(sz, HEAP_HINT, DYNAMIC_TYPE_FILE)); AssertIntEQ(XFREAD(buf, 1, sz, file), sz); XFCLOSE(file); /* Test using BIO new mem and loading DER private key */ AssertNotNull(bio = BIO_new_mem_buf(buf, (int)sz)); AssertNotNull((pkey = d2i_PrivateKey_bio(bio, NULL))); - XFREE(buf, NULL, DYNAMIC_TYPE_FILE); + XFREE(buf, HEAP_HINT, DYNAMIC_TYPE_FILE); BIO_free(bio); bio = NULL; EVP_PKEY_free(pkey); @@ -18065,14 +18066,14 @@ static void test_wolfSSL_d2i_PrivateKeys_bio(void) XFSEEK(file, 0, XSEEK_END); sz = XFTELL(file); XREWIND(file); - AssertNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)); + AssertNotNull(buf = (byte*)XMALLOC(sz, HEAP_HINT, DYNAMIC_TYPE_FILE)); AssertIntEQ(XFREAD(buf, 1, sz, file), sz); XFCLOSE(file); /* Test using BIO new mem and loading DER private key */ AssertNotNull(bio = BIO_new_mem_buf(buf, (int)sz)); AssertNotNull((pkey = d2i_PrivateKey_bio(bio, NULL))); - XFREE(buf, NULL, DYNAMIC_TYPE_FILE); + XFREE(buf, HEAP_HINT, DYNAMIC_TYPE_FILE); BIO_free(bio); bio = NULL; EVP_PKEY_free(pkey); @@ -18098,11 +18099,11 @@ static void test_wolfSSL_d2i_PrivateKeys_bio(void) AssertIntEQ(SSL_CTX_use_RSAPrivateKey(ctx, rsa), WOLFSSL_SUCCESS); /*i2d RSAprivate key tests */ + bufPtr = buffer; AssertIntEQ(wolfSSL_i2d_RSAPrivateKey(NULL, NULL), BAD_FUNC_ARG); - AssertIntEQ(wolfSSL_i2d_RSAPrivateKey(rsa, &buffer), + AssertIntEQ(wolfSSL_i2d_RSAPrivateKey(rsa, &bufPtr), sizeof_client_key_der_2048); RSA_free(rsa); - XFREE((unsigned char*)buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif SSL_CTX_free(ctx); ctx = NULL; diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 7d744642e..eaac7d759 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -953,6 +953,8 @@ WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** key, unsigned char** in, long inSz); WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey(int type, WOLFSSL_EVP_PKEY** out, const unsigned char **in, long inSz); +WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_EVP(WOLFSSL_EVP_PKEY** key, + unsigned char** in, long inSz); WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_PKEY_new_ex(void* heap); WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_PKEY_new(void); WOLFSSL_API void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY*); @@ -1020,7 +1022,7 @@ WOLFSSL_API WOLFSSL_RSA *wolfSSL_d2i_RSAPublicKey(WOLFSSL_RSA **r, WOLFSSL_API WOLFSSL_RSA *wolfSSL_d2i_RSAPrivateKey(WOLFSSL_RSA**, const unsigned char**, long); WOLFSSL_API int wolfSSL_i2d_RSAPublicKey(WOLFSSL_RSA *r, const unsigned char **pp); -WOLFSSL_API int wolfSSL_i2d_RSAPrivateKey(WOLFSSL_RSA *r, const unsigned char **pp); +WOLFSSL_API int wolfSSL_i2d_RSAPrivateKey(WOLFSSL_RSA *r, unsigned char **pp); WOLFSSL_API void wolfSSL_CTX_set_tmp_rsa_callback(WOLFSSL_CTX *, WOLFSSL_RSA *(*)(WOLFSSL *, int, int)); From 4cbae0bca36d11b708ae92158f197c28d4c37b85 Mon Sep 17 00:00:00 2001 From: MJSPollard Date: Tue, 10 Jul 2018 13:34:16 -0600 Subject: [PATCH 4/8] changes to make jenkins tests work --- src/ssl.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 6efdc4b6b..1b2c8a6bc 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -24919,7 +24919,7 @@ int wolfSSL_HMAC_Init(WOLFSSL_HMAC_CTX* ctx, const void* key, int keylen, WC_HMAC_BLOCK_SIZE); XMEMCPY((byte *)&ctx->hmac.opad, (byte *)&ctx->save_opad, WC_HMAC_BLOCK_SIZE); - if ((hmac_error = _InitHmac(&ctx->hmac, ctx->hmac.macType, heap)) + if ((hmac_error = _HMAC_Init(&ctx->hmac, ctx->hmac.macType, heap)) !=0) { return hmac_error; } @@ -27823,6 +27823,7 @@ int wolfSSL_i2d_RSAPrivateKey(WOLFSSL_RSA *rsa, unsigned char **pp) byte* der = NULL; int derMax; int ret; + int i; WOLFSSL_ENTER("i2d_RSAPrivateKey"); @@ -27857,7 +27858,7 @@ int wolfSSL_i2d_RSAPrivateKey(WOLFSSL_RSA *rsa, unsigned char **pp) } //ret is the size of the der buffer - for(int i = 0; i < ret; i++) { + for(i = 0; i < ret; i++) { *(*pp + i) = *(der + i); } *pp += ret; From 93d789170189840cc30caae8ab20ab29dc043762 Mon Sep 17 00:00:00 2001 From: MJSPollard Date: Thu, 12 Jul 2018 11:59:58 -0600 Subject: [PATCH 5/8] Added different tls version support for asio --- configure.ac | 6 ++++++ src/tls.c | 44 +++++++++++++++++++++++++++++++++++++++++-- wolfssl/openssl/ssl.h | 5 ++++- wolfssl/ssl.h | 2 ++ 4 files changed, 54 insertions(+), 3 deletions(-) diff --git a/configure.ac b/configure.ac index 997c03c75..feac4d4f9 100644 --- a/configure.ac +++ b/configure.ac @@ -3009,6 +3009,12 @@ then AM_CFLAGS="-DOPENSSL_ALL $AM_CFLAGS" fi AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASIO -DWOLFSSL_KEY_GEN" + AM_CFLAGS="$AM_CFLAGS -DSSL_TXT_TLSV1_2 -DSSL_TXT_TLSV1_1" + AM_CFLAGS="$AM_CFLAGS -DOPENSSL_NO_SSL2 -DOPENSSL_NO_SSL3" + if test "$ENABLED_TLSV10" = "yes" + then + AM_CFLAGS="$AM_CFLAGS -DSSL_TXT_TLSV1" + fi # Requires OCSP make sure on if test "x$ENABLED_OCSP" = "xno" diff --git a/src/tls.c b/src/tls.c index ba34353ed..468bae366 100644 --- a/src/tls.c +++ b/src/tls.c @@ -9971,7 +9971,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType, #ifndef NO_OLD_TLS #ifdef WOLFSSL_ALLOW_TLSV10 - #ifdef OPENSSL_EXTRA + #if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) /* Gets a WOLFSL_METHOD type that is not set as client or server * * Returns a pointer to a WOLFSSL_METHOD struct @@ -9990,7 +9990,7 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType, return m; } - #endif /* OPENSSL_EXTRA */ + #endif /* OPENSSL_EXTRA || OPENSSL_ALL*/ WOLFSSL_METHOD* wolfTLSv1_client_method(void) { @@ -10132,6 +10132,26 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType, return method; } #endif /* WOLFSSL_ALLOW_TLSV10 */ + + #if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) + /* Gets a WOLFSL_METHOD type that is not set as client or server + * + * Returns a pointer to a WOLFSSL_METHOD struct + */ + WOLFSSL_METHOD* wolfTLSv1_1_method(void) { + WOLFSSL_METHOD* m; + WOLFSSL_ENTER("wolfTLSv1_1_method"); + #ifndef NO_WOLFSSL_CLIENT + m = wolfTLSv1_1_client_method(); + #else + m = wolfTLSv1_1_server_method(); + #endif + if (m != NULL) { + m->side = WOLFSSL_NEITHER_END; + } + return m; + } + #endif /* OPENSSL_EXTRA || OPENSSL_ALL */ WOLFSSL_METHOD* wolfTLSv1_1_server_method(void) { @@ -10154,6 +10174,26 @@ int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length, byte msgType, #ifndef WOLFSSL_NO_TLS12 + #if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) + /* Gets a WOLFSL_METHOD type that is not set as client or server + * + * Returns a pointer to a WOLFSSL_METHOD struct + */ + WOLFSSL_METHOD* wolfTLSv1_2_method(void) { + WOLFSSL_METHOD* m; + WOLFSSL_ENTER("wolfTLSv1_2_method"); + #ifndef NO_WOLFSSL_CLIENT + m = wolfTLSv1_2_client_method(); + #else + m = wolfTLSv1_2_server_method(); + #endif + if (m != NULL) { + m->side = WOLFSSL_NEITHER_END; + } + return m; + } + #endif /* OPENSSL_EXTRA || OPENSSL_ALL */ + WOLFSSL_METHOD* wolfTLSv1_2_server_method(void) { return wolfTLSv1_2_server_method_ex(NULL); diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 11bca4a52..7d15ab454 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -143,8 +143,10 @@ typedef WOLFSSL_X509_STORE_CTX X509_STORE_CTX; #define TLSv1_method wolfTLSv1_method #define TLSv1_server_method wolfTLSv1_server_method #define TLSv1_client_method wolfTLSv1_client_method +#define TLSv1_1_method wolfTLSv1_1_method #define TLSv1_1_server_method wolfTLSv1_1_server_method #define TLSv1_1_client_method wolfTLSv1_1_client_method +#define TLSv1_2_method wolfTLSv1_2_method #define TLSv1_2_server_method wolfTLSv1_2_server_method #define TLSv1_2_client_method wolfTLSv1_2_client_method @@ -765,7 +767,8 @@ typedef STACK_OF(WOLFSSL_ASN1_OBJECT) GENERAL_NAMES; #define X509_CHECK_FLAG_NO_WILDCARDS WOLFSSL_NO_WILDCARDS #define SSL3_RANDOM_SIZE 32 /* same as RAN_LEN in internal.h */ -#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(OPENSSL_EXTRA) +#if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(OPENSSL_EXTRA) \ + || defined(OPENSSL_ALL) #include #define SSL2_VERSION 0x0002 diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index eaac7d759..289de6e4a 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -440,8 +440,10 @@ WOLFSSL_API WOLFSSL_METHOD *wolfSSLv3_client_method(void); WOLFSSL_API WOLFSSL_METHOD* wolfTLSv1_method(void); WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_server_method(void); WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_client_method(void); +WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_method(void); WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_server_method(void); WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_1_client_method(void); +WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_method(void); WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_server_method(void); WOLFSSL_API WOLFSSL_METHOD *wolfTLSv1_2_client_method(void); #ifdef WOLFSSL_TLS13 From 0dbd35ae016f6c83bb1d2e91247242e5a0d939c5 Mon Sep 17 00:00:00 2001 From: MJSPollard Date: Wed, 18 Jul 2018 12:09:12 -0600 Subject: [PATCH 6/8] websocketpp compat. addition, add new define for asio --- configure.ac | 2 +- src/wolfio.c | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 1c21b34e6..19c74590d 100644 --- a/configure.ac +++ b/configure.ac @@ -3028,7 +3028,7 @@ then ENABLED_OPENSSLALL="yes" AM_CFLAGS="-DOPENSSL_ALL $AM_CFLAGS" fi - AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASIO -DWOLFSSL_KEY_GEN" + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASIO -DASIO_USE_WOLFSSL -DWOLFSSL_KEY_GEN" AM_CFLAGS="$AM_CFLAGS -DSSL_TXT_TLSV1_2 -DSSL_TXT_TLSV1_1" AM_CFLAGS="$AM_CFLAGS -DOPENSSL_NO_SSL2 -DOPENSSL_NO_SSL3" if test "$ENABLED_TLSV10" = "yes" diff --git a/src/wolfio.c b/src/wolfio.c index 339a9e1dc..4b82475d2 100644 --- a/src/wolfio.c +++ b/src/wolfio.c @@ -127,6 +127,7 @@ int BioReceive(WOLFSSL* ssl, char* buf, int sz, void* ctx) switch (ssl->biord->type) { case WOLFSSL_BIO_MEMORY: + case WOLFSSL_BIO_BIO: if (wolfSSL_BIO_ctrl_pending(ssl->biord) == 0) { return WOLFSSL_CBIO_ERR_WANT_READ; } @@ -167,6 +168,7 @@ int BioSend(WOLFSSL* ssl, char *buf, int sz, void *ctx) switch (ssl->biowr->type) { case WOLFSSL_BIO_MEMORY: + case WOLFSSL_BIO_BIO: sent = wolfSSL_BIO_write(ssl->biowr, buf, sz); if (sent < 0) { return WOLFSSL_CBIO_ERR_GENERAL; From da1ac3643f54c82e4fe44f9301df5517136842be Mon Sep 17 00:00:00 2001 From: MJSPollard Date: Wed, 18 Jul 2018 16:01:16 -0600 Subject: [PATCH 7/8] added current_issuer member in X509_STORE_CTX struct for SSF use --- wolfssl/ssl.h | 1 + 1 file changed, 1 insertion(+) diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 7b7e94572..a2af6f7b5 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -350,6 +350,7 @@ typedef struct WOLFSSL_BUFFER_INFO { typedef struct WOLFSSL_X509_STORE_CTX { WOLFSSL_X509_STORE* store; /* Store full of a CA cert chain */ WOLFSSL_X509* current_cert; /* stunnel dereference */ + WOLFSSL_X509* current_issuer; /* asio dereference */ WOLFSSL_X509_CHAIN* sesChain; /* pointer to WOLFSSL_SESSION peer chain */ WOLFSSL_STACK* chain; #ifdef OPENSSL_EXTRA From 19dd08e191b786f886d7f08a96970de3d78f4fa2 Mon Sep 17 00:00:00 2001 From: MJSPollard Date: Thu, 19 Jul 2018 11:05:56 -0600 Subject: [PATCH 8/8] requested style changes --- src/ssl.c | 128 ++++++++++++++++++++++++++++-------------------------- 1 file changed, 67 insertions(+), 61 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 49a924cdd..29679fd30 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -19780,7 +19780,7 @@ WOLFSSL_API int wolfSSL_sk_SSL_COMP_zero(WOLFSSL_STACK* st) { (void)st; WOLFSSL_STUB("wolfSSL_sk_SSL_COMP_zero"); - //wolfSSL_set_options(ssl, SSL_OP_NO_COMPRESSION); + /* wolfSSL_set_options(ssl, SSL_OP_NO_COMPRESSION); */ return WOLFSSL_FAILURE; } #endif @@ -27926,24 +27926,25 @@ WOLFSSL_RSA *wolfSSL_d2i_RSAPublicKey(WOLFSSL_RSA **r, const unsigned char **pp, /* Converts an rsa private key from der format to an rsa structure. Returns pointer to the rsa structure on succcess and NULL if error. */ -WOLFSSL_RSA *wolfSSL_d2i_RSAPrivateKey(WOLFSSL_RSA **r, const unsigned char **derBuf, long derSz) +WOLFSSL_RSA *wolfSSL_d2i_RSAPrivateKey(WOLFSSL_RSA **r, + const unsigned char **derBuf, long derSz) { WOLFSSL_RSA *rsa = NULL; - WOLFSSL_ENTER("d2i_RSAPrivateKey"); + WOLFSSL_ENTER("wolfSSL_d2i_RSAPrivateKey"); /* check for bad functions arguments */ - if(derBuf == NULL){ + if (derBuf == NULL) { WOLFSSL_MSG("Bad argument"); return NULL; } - if((rsa = wolfSSL_RSA_new()) == NULL){ + if ((rsa = wolfSSL_RSA_new()) == NULL) { WOLFSSL_MSG("RSA_new failed"); return NULL; } - if(wolfSSL_RSA_LoadDer_ex(rsa, *derBuf, (int)derSz, WOLFSSL_RSA_LOAD_PRIVATE) - != WOLFSSL_SUCCESS){ + if (wolfSSL_RSA_LoadDer_ex(rsa, *derBuf, (int)derSz, + WOLFSSL_RSA_LOAD_PRIVATE) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("RSA_LoadDer failed"); wolfSSL_RSA_free(rsa); rsa = NULL; @@ -27951,6 +27952,7 @@ WOLFSSL_RSA *wolfSSL_d2i_RSAPrivateKey(WOLFSSL_RSA **r, const unsigned char **de } if(r != NULL) *r = rsa; + return rsa; } @@ -27966,16 +27968,16 @@ int wolfSSL_i2d_RSAPrivateKey(WOLFSSL_RSA *rsa, unsigned char **pp) int ret; int i; - WOLFSSL_ENTER("i2d_RSAPrivateKey"); + WOLFSSL_ENTER("wolfSSL_i2d_RSAPrivateKey"); /* check for bad functions arguments */ - if((rsa == NULL) || (pp == NULL)) { + if ((rsa == NULL) || (pp == NULL)) { WOLFSSL_MSG("Bad Function Arguments"); return BAD_FUNC_ARG; } - if((ret = SetRsaInternal(rsa)) != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("SetRsaInternal Failed"); + if ((ret = SetRsaInternal(rsa)) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("SetRsaInternal() Failed"); return ret; } @@ -27991,15 +27993,15 @@ int wolfSSL_i2d_RSAPrivateKey(WOLFSSL_RSA *rsa, unsigned char **pp) } /* RSA key to DER */ - if((ret = wc_RsaKeyToDer((RsaKey *)rsa->internal, der, derMax)) < 0) { - WOLFSSL_MSG("RsaKeyToDer failed"); + if ((ret = wc_RsaKeyToDer((RsaKey *)rsa->internal, der, derMax)) < 0) { + WOLFSSL_MSG("wc_RsaKeyToDer() failed"); XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); der = NULL; return ret; } - //ret is the size of the der buffer - for(i = 0; i < ret; i++) { + /* ret is the size of the der buffer */ + for (i = 0; i < ret; i++) { *(*pp + i) = *(der + i); } *pp += ret; @@ -28017,19 +28019,19 @@ int wolfSSL_i2d_RSAPublicKey(WOLFSSL_RSA *rsa, const unsigned char **pp) int ret; WOLFSSL_ENTER("i2d_RSAPublicKey"); - if((rsa == NULL) || (pp == NULL)) + if ((rsa == NULL) || (pp == NULL)) return WOLFSSL_FATAL_ERROR; - if((ret = SetRsaInternal(rsa)) != WOLFSSL_SUCCESS) { + if ((ret = SetRsaInternal(rsa)) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("SetRsaInternal Failed"); return ret; } - if((derLen = RsaPublicKeyDerSize((RsaKey *)rsa->internal, 1)) < 0) + if ((derLen = RsaPublicKeyDerSize((RsaKey *)rsa->internal, 1)) < 0) return WOLFSSL_FATAL_ERROR; der = (byte*)XMALLOC(derLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (der == NULL) { return WOLFSSL_FATAL_ERROR; } - if((ret = wc_RsaKeyToPublicDer((RsaKey *)rsa->internal, der, derLen)) < 0){ + if ((ret = wc_RsaKeyToPublicDer((RsaKey *)rsa->internal, der, derLen)) < 0){ WOLFSSL_MSG("RsaKeyToPublicDer failed"); XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); return ret; @@ -28852,7 +28854,7 @@ void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* name, unsigned char** out) { CertName cName; - unsigned char buf[256]; //ASN_MAX_NAME + unsigned char buf[256]; /* ASN_MAX_NAME */ int sz; if (out == NULL || name == NULL) { @@ -31161,7 +31163,7 @@ Returns NULL otherwise. */ VerifyCallback wolfSSL_get_verify_callback(WOLFSSL* ssl) { WOLFSSL_ENTER("wolfSSL_get_verify_callback()"); - if(ssl) { + if (ssl) { return ssl->verifyCallback; } return NULL; @@ -31170,7 +31172,7 @@ VerifyCallback wolfSSL_get_verify_callback(WOLFSSL* ssl) /* Creates a new bio pair. Returns WOLFSSL_SUCCESS if no error, WOLFSSL_FAILURE otherwise.*/ int wolfSSL_BIO_new_bio_pair(WOLFSSL_BIO **bio1_p, size_t writebuf1, - WOLFSSL_BIO **bio2_p, size_t writebuf2) + WOLFSSL_BIO **bio2_p, size_t writebuf2) { WOLFSSL_BIO *bio1 = NULL, *bio2 = NULL; int ret = 1; @@ -31183,34 +31185,34 @@ int wolfSSL_BIO_new_bio_pair(WOLFSSL_BIO **bio1_p, size_t writebuf1, } /* set up the new bio structures and write buf sizes */ - if((bio1 = wolfSSL_BIO_new(wolfSSL_BIO_s_bio())) == NULL) { + if ((bio1 = wolfSSL_BIO_new(wolfSSL_BIO_s_bio())) == NULL) { WOLFSSL_MSG("Bio allocation failed"); ret = WOLFSSL_FAILURE; } - if(ret){ - if((bio2 = wolfSSL_BIO_new(wolfSSL_BIO_s_bio())) == NULL) { + if (ret) { + if ((bio2 = wolfSSL_BIO_new(wolfSSL_BIO_s_bio())) == NULL) { WOLFSSL_MSG("Bio allocation failed"); ret = WOLFSSL_FAILURE; } } - if(ret && writebuf1) { - if(!(ret = wolfSSL_BIO_set_write_buf_size(bio1, writebuf1))) { - WOLFSSL_MSG("BIO_set_write_buf failed"); + if (ret && writebuf1) { + if (!(ret = wolfSSL_BIO_set_write_buf_size(bio1, writebuf1))) { + WOLFSSL_MSG("wolfSSL_BIO_set_write_buf() failure"); } } - if(ret && writebuf2) { - if(!(ret = wolfSSL_BIO_set_write_buf_size(bio2, writebuf2))){ - WOLFSSL_MSG("BIO_set_write_buf failed"); + if (ret && writebuf2) { + if (!(ret = wolfSSL_BIO_set_write_buf_size(bio2, writebuf2))) { + WOLFSSL_MSG("wolfSSL_BIO_set_write_buf() failure"); } } - if(ret) { - if((ret = wolfSSL_BIO_make_bio_pair(bio1, bio2))) { + if (ret) { + if ((ret = wolfSSL_BIO_make_bio_pair(bio1, bio2))) { *bio1_p = bio1; *bio2_p = bio2; } } - if(!ret) { + if (!ret) { wolfSSL_BIO_free(bio1); bio1 = NULL; wolfSSL_BIO_free(bio2); @@ -31245,7 +31247,7 @@ WOLFSSL_RSA* wolfSSL_d2i_RSAPrivateKey_bio(WOLFSSL_BIO *bio, WOLFSSL_RSA **out) bioMemSz = wolfSSL_BIO_pending(bio); if (bioMemSz <= 0) { - WOLFSSL_MSG("wolfSSL_BIO_pending failure"); + WOLFSSL_MSG("wolfSSL_BIO_pending() failure"); return NULL; } @@ -31257,37 +31259,39 @@ WOLFSSL_RSA* wolfSSL_d2i_RSAPrivateKey_bio(WOLFSSL_BIO *bio, WOLFSSL_RSA **out) bufPtr = maxKeyBuf; if (wolfSSL_BIO_read(bio, (unsigned char*)bioMem, (int)bioMemSz) == bioMemSz) { - if((key = wolfSSL_d2i_RSAPrivateKey(NULL, &bioMem, bioMemSz)) == NULL) { + if ((key = wolfSSL_d2i_RSAPrivateKey(NULL, &bioMem, bioMemSz)) == NULL) { XFREE((unsigned char*)bioMem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); return NULL; } - //This function is used to get the total length of the rsa key. + /* This function is used to get the total length of the rsa key. */ derLength = wolfSSL_i2d_RSAPrivateKey(key, &bufPtr); - //Write extra data back into bio object if necessary. + /* Write extra data back into bio object if necessary. */ extraBioMemSz = (bioMemSz - derLength); - if(extraBioMemSz > 0) { + if (extraBioMemSz > 0) { extraBioMem = XMALLOC(extraBioMemSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (extraBioMem == NULL) { WOLFSSL_MSG("Malloc failure");; XFREE((unsigned char*)extraBioMem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); - XFREE((unsigned char*)bioMem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE((unsigned char*)bioMem, bio->heap, + DYNAMIC_TYPE_TMP_BUFFER); return NULL; } - for(i = derLength; i < bioMemSz; i++) { + for (i = derLength; i < bioMemSz; i++) { *(extraBioMem + j) = *(bioMem + i); j++; } - BIO_write(bio, extraBioMem, extraBioMemSz); - if(wolfSSL_BIO_pending(bio) <= 0) { + wolfSSL_BIO_write(bio, extraBioMem, extraBioMemSz); + if (wolfSSL_BIO_pending(bio) <= 0) { WOLFSSL_MSG("Failed to write memory to bio"); XFREE((unsigned char*)extraBioMem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); - XFREE((unsigned char*)bioMem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE((unsigned char*)bioMem, bio->heap, + DYNAMIC_TYPE_TMP_BUFFER); return NULL; } XFREE((unsigned char*)extraBioMem, bio->heap, @@ -31309,11 +31313,13 @@ Returns WOLFSSL_SUCCESS if no error, returns WOLFSSL_FAILURE otherwise.*/ int wolfSSL_CTX_use_certificate_ASN1(WOLFSSL_CTX *ctx, int derSz, const unsigned char *der) { - WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_ASN1"); + WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_ASN1()"); if (der != NULL && ctx != NULL) { - if(wolfSSL_CTX_use_certificate_buffer(ctx, der, derSz, - WOLFSSL_FILETYPE_ASN1) == WOLFSSL_SUCCESS) + if (wolfSSL_CTX_use_certificate_buffer(ctx, der, derSz, + WOLFSSL_FILETYPE_ASN1) == WOLFSSL_SUCCESS) { return WOLFSSL_SUCCESS; + } + } return WOLFSSL_FAILURE; } @@ -31329,7 +31335,7 @@ int wolfSSL_CTX_use_RSAPrivateKey(WOLFSSL_CTX* ctx, WOLFSSL_RSA* rsa) unsigned char maxDerBuf[4096]; unsigned char* key = NULL; - WOLFSSL_ENTER("wolfSSL_CTX_use_RSAPrivateKey"); + WOLFSSL_ENTER("wolfSSL_CTX_use_RSAPrivateKey()"); if (ctx == NULL || rsa == NULL) { WOLFSSL_MSG("one or more inputs were NULL"); @@ -31337,14 +31343,14 @@ int wolfSSL_CTX_use_RSAPrivateKey(WOLFSSL_CTX* ctx, WOLFSSL_RSA* rsa) } key = maxDerBuf; /* convert RSA struct to der encoded buffer and get the size */ - if((derSize = wolfSSL_i2d_RSAPrivateKey(rsa, &key)) <= 0) { - WOLFSSL_MSG("wolfSSL_i2d_RSAPrivateKey failed"); + if ((derSize = wolfSSL_i2d_RSAPrivateKey(rsa, &key)) <= 0) { + WOLFSSL_MSG("wolfSSL_i2d_RSAPrivateKey() failure"); return WOLFSSL_FAILURE; } ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx, (const unsigned char*)maxDerBuf, derSize, SSL_FILETYPE_ASN1); - if(ret != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("CTX_USE_PrivateKey_buffer() failure"); + if (ret != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("wolfSSL_CTX_USE_PrivateKey_buffer() failure"); return WOLFSSL_FAILURE; } return ret; @@ -31375,7 +31381,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_bio(WOLFSSL_BIO* bio, memSz = wolfSSL_BIO_pending(bio); if (memSz <= 0) { - WOLFSSL_MSG("wolfSSL_BIO_pending failure"); + WOLFSSL_MSG("wolfSSL_BIO_pending() failure"); return NULL; } @@ -31387,16 +31393,16 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_bio(WOLFSSL_BIO* bio, if (wolfSSL_BIO_read(bio, (unsigned char*)mem, memSz) == memSz) { /* Determines key type and returns the new private EVP_PKEY object */ - if((key = wolfSSL_d2i_PrivateKey_EVP(NULL, &mem, (long)memSz)) == NULL) { - WOLFSSL_MSG("d2i_PrivateKey_EVP() failure"); + if ((key = wolfSSL_d2i_PrivateKey_EVP(NULL, &mem, (long)memSz)) == NULL) { + WOLFSSL_MSG("wolfSSL_d2i_PrivateKey_EVP() failure"); XFREE(mem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); return NULL; } - //Write extra data back into bio object if necessary. + /* Write extra data back into bio object if necessary. */ derLength = key->pkey_sz; extraBioMemSz = (memSz - derLength); - if(extraBioMemSz > 0) { + if (extraBioMemSz > 0) { extraBioMem = XMALLOC(extraBioMemSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (extraBioMem == NULL) { WOLFSSL_MSG("Malloc failure"); @@ -31406,13 +31412,13 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_bio(WOLFSSL_BIO* bio, return NULL; } - for(i = derLength; i < memSz; i++) { + for (i = derLength; i < memSz; i++) { *(extraBioMem + j) = *(mem + i); j++; } - BIO_write(bio, extraBioMem, extraBioMemSz); - if(wolfSSL_BIO_pending(bio) <= 0) { + wolfSSL_BIO_write(bio, extraBioMem, extraBioMemSz); + if (wolfSSL_BIO_pending(bio) <= 0) { WOLFSSL_MSG("Failed to write memory to bio"); XFREE((unsigned char*)extraBioMem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); @@ -31442,7 +31448,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_EVP(WOLFSSL_EVP_PKEY** out, const unsigned char* mem; long memSz = inSz; - WOLFSSL_ENTER("wolfSSL_d2i_PrivateKey_EVP"); + WOLFSSL_ENTER("wolfSSL_d2i_PrivateKey_EVP()"); if (in == NULL || inSz < 0) { WOLFSSL_MSG("Bad argument");