wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-01 03:34:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

bind 9.18.0 fixes

Browse Source 
- return `1` from `wolfSSL_BIO_set_mem_eof_return` instead of `0` for success
- bind requires ALPN
- `OPENSSL_COMPATIBLE_DEFAULT` defined for bind
- `WOLFSSL_ERROR_CODE_OPENSSL` defined when using compatibility layer
- return `bio->eof` on no pending data to read in memory BIO (defaults to `WOLFSSL_BIO_ERROR`)
- `flags` is no longer an input parameter in `wolfSSL_ERR_get_error_line_data`
- allow lazy parameter loading in `wolfSSL_DH_set0_key`
- implement reference counter in `WOLFSSL_EC_KEY`
- load serial number from `x509->serialNumber` if `x509->serial` is empty
This commit is contained in:
Juliusz Sosinowicz
2022-03-11 19:57:54 +01:00
parent f71a85d5f9
commit ae9b01c5b8
5 changed files with 130 additions and 118 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
configure.ac
View File

@@ -4242,6 +4242,11 @@ AC_ARG_ENABLE([alpn],
[ ENABLED_ALPN=no ] [ ENABLED_ALPN=no ]
) )
if test "$ENABLED_BIND" = "yes"
then
ENABLED_ALPN=yes
fi
if test "x$ENABLED_ALPN" = "xyes" if test "x$ENABLED_ALPN" = "xyes"
then then
AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_ALPN" AM_CFLAGS="$AM_CFLAGS -DHAVE_TLS_EXTENSIONS -DHAVE_ALPN"
@@ -4964,6 +4969,7 @@ then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_BIND -DWOLFSSL_DSA_768_MODULUS" AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_BIND -DWOLFSSL_DSA_768_MODULUS"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB -DWOLFSSL_DES_ECB" AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB -DWOLFSSL_DES_ECB"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA224 -DWOLFSSL_SHA384 -DWOLFSSL_SHA512" AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_SHA224 -DWOLFSSL_SHA384 -DWOLFSSL_SHA512"
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_COMPATIBLE_DEFAULTS"
ENABLED_SHA224="yes" ENABLED_SHA224="yes"
ENABLED_SHA384="yes" ENABLED_SHA384="yes"
ENABLED_SHA512="yes" ENABLED_SHA512="yes"
@@ -7181,7 +7187,7 @@ then
AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA -DWOLFSSL_ALWAYS_VERIFY_CB" AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA -DWOLFSSL_ALWAYS_VERIFY_CB"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_VERIFY_CB_ALL_CERTS -DWOLFSSL_EXTRA_ALERTS" AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_VERIFY_CB_ALL_CERTS -DWOLFSSL_EXTRA_ALERTS"
AM_CFLAGS="$AM_CFLAGS -DHAVE_EXT_CACHE -DWOLFSSL_FORCE_CACHE_ON_TICKET" AM_CFLAGS="$AM_CFLAGS -DHAVE_EXT_CACHE -DWOLFSSL_FORCE_CACHE_ON_TICKET"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AKID_NAME -DHAVE_CTS" AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AKID_NAME -DHAVE_CTS -DWOLFSSL_ERROR_CODE_OPENSSL"
fi fi
if test "$ENABLED_OPENSSLEXTRA" = "x509small" if test "$ENABLED_OPENSSLEXTRA" = "x509small"

9
src/bio.c
View File

@@ -133,8 +133,13 @@ static int wolfSSL_BIO_MEMORY_read(WOLFSSL_BIO* bio, void* buf, int len)
} }
} }
else { else {
if (bio->eof < 0) /* Sanity check the eof value */
return bio->eof;
else {
WOLFSSL_MSG("Weird bio->eof value. Returning default");
return WOLFSSL_BIO_ERROR; return WOLFSSL_BIO_ERROR;
} }
}
return sz; return sz;
} }
@@ -1589,7 +1594,7 @@ long wolfSSL_BIO_set_mem_eof_return(WOLFSSL_BIO *bio, int v)
bio->eof = v; bio->eof = v;
} }
return 0; return WOLFSSL_SUCCESS;
} }
int wolfSSL_BIO_get_len(WOLFSSL_BIO *bio) int wolfSSL_BIO_get_len(WOLFSSL_BIO *bio)
@@ -2467,6 +2472,8 @@ int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
bio->shutdown = BIO_CLOSE; /* default to close things */ bio->shutdown = BIO_CLOSE; /* default to close things */
bio->num = WOLFSSL_BIO_ERROR; bio->num = WOLFSSL_BIO_ERROR;
bio->init = 1; bio->init = 1;
if (method->type == WOLFSSL_BIO_MEMORY)
bio->eof = WOLFSSL_BIO_ERROR; /* Return value for empty buffer */
if (method->type == WOLFSSL_BIO_MEMORY || if (method->type == WOLFSSL_BIO_MEMORY ||
method->type == WOLFSSL_BIO_BIO) { method->type == WOLFSSL_BIO_BIO) {
bio->mem_buf =(WOLFSSL_BUF_MEM*)XMALLOC(sizeof(WOLFSSL_BUF_MEM), bio->mem_buf =(WOLFSSL_BUF_MEM*)XMALLOC(sizeof(WOLFSSL_BUF_MEM),

68
src/ssl.c
View File

@@ -20872,7 +20872,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
* file output pointer to file where error happened * file output pointer to file where error happened
* line output to line number of error * line output to line number of error
* data output data. Is a string if ERR_TXT_STRING flag is used * data output data. Is a string if ERR_TXT_STRING flag is used
* flags bit flag to adjust data output * flags output format of output
* *
* Returns the error value or 0 if no errors are in the queue * Returns the error value or 0 if no errors are in the queue
*/ */
@@ -20884,8 +20884,9 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
WOLFSSL_ENTER("wolfSSL_ERR_get_error_line_data"); WOLFSSL_ENTER("wolfSSL_ERR_get_error_line_data");
if (flags != NULL) { if (flags != NULL)
if ((*flags & ERR_TXT_STRING) == ERR_TXT_STRING) { *flags = ERR_TXT_STRING; /* Clear the flags */
ret = wc_PullErrorNode(file, data, line); ret = wc_PullErrorNode(file, data, line);
if (ret < 0) { if (ret < 0) {
if (ret == BAD_STATE_E) return 0; /* no errors in queue */ if (ret == BAD_STATE_E) return 0; /* no errors in queue */
@@ -20897,21 +20898,6 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
wc_ClearErrorNodes(); wc_ClearErrorNodes();
} }
return (unsigned long)ret;
}
}
ret = wc_PullErrorNode(file, NULL, line);
if (ret < 0) {
if (ret == BAD_STATE_E) return 0; /* no errors in queue */
WOLFSSL_MSG("Error with pulling error node!");
WOLFSSL_LEAVE("wolfSSL_ERR_get_error_line_data", ret);
ret = 0 - ret; /* return absolute value of error */
/* panic and try to clear out nodes */
wc_ClearErrorNodes();
}
return (unsigned long)ret; return (unsigned long)ret;
#else #else
WOLFSSL_ENTER("wolfSSL_ERR_get_error_line_data"); WOLFSSL_ENTER("wolfSSL_ERR_get_error_line_data");
@@ -34998,6 +34984,9 @@ int wolfSSL_DH_set0_key(WOLFSSL_DH *dh, WOLFSSL_BIGNUM *pub_key,
dh->priv_key = priv_key; dh->priv_key = priv_key;
} }
if (dh->p == NULL || dh->g == NULL)
return WOLFSSL_SUCCESS; /* Allow loading parameters afterwards */
else
return SetDhInternal(dh); return SetDhInternal(dh);
} }
@@ -38992,11 +38981,13 @@ void wolfSSL_EC_KEY_free(WOLFSSL_EC_KEY *key)
WOLFSSL_ENTER("wolfSSL_EC_KEY_free"); WOLFSSL_ENTER("wolfSSL_EC_KEY_free");
if (key != NULL) { if (key != NULL) {
int doFree = 0;
void* heap = key->heap; void* heap = key->heap;
#ifndef SINGLE_THREADED #ifndef SINGLE_THREADED
if (wc_LockMutex(&key->refMutex) != 0) { if (wc_LockMutex(&key->refMutex) != 0) {
WOLFSSL_MSG("Could not lock EC_KEY mutex"); WOLFSSL_MSG("Could not lock EC_KEY mutex");
return;
} }
#endif #endif
@@ -39017,6 +39008,21 @@ void wolfSSL_EC_KEY_free(WOLFSSL_EC_KEY *key)
wc_ecc_free((ecc_key*)key->internal); wc_ecc_free((ecc_key*)key->internal);
XFREE(key->internal, heap, DYNAMIC_TYPE_ECC); XFREE(key->internal, heap, DYNAMIC_TYPE_ECC);
} }
#endif
/* only free if all references to it are done */
key->refCount--;
if (key->refCount == 0) {
doFree = 1;
}
#ifndef SINGLE_THREADED
wc_UnLockMutex(&key->refMutex);
#endif
if (doFree) {
if (key->internal != NULL) {
wc_ecc_free((ecc_key*)key->internal);
XFREE(key->internal, heap, DYNAMIC_TYPE_ECC);
}
wolfSSL_BN_free(key->priv_key); wolfSSL_BN_free(key->priv_key);
wolfSSL_EC_POINT_free(key->pub_key); wolfSSL_EC_POINT_free(key->pub_key);
wolfSSL_EC_GROUP_free(key->group); wolfSSL_EC_GROUP_free(key->group);
@@ -39027,6 +39033,7 @@ void wolfSSL_EC_KEY_free(WOLFSSL_EC_KEY *key)
/* key = NULL, don't try to access or double free it */ /* key = NULL, don't try to access or double free it */
} }
} }
}
/* Increments ref count of WOLFSSL_EC_KEY. /* Increments ref count of WOLFSSL_EC_KEY.
* Return WOLFSSL_SUCCESS on success, WOLFSSL_FAILURE on error */ * Return WOLFSSL_SUCCESS on success, WOLFSSL_FAILURE on error */
@@ -39964,6 +39971,13 @@ int wolfSSL_i2o_ECPublicKey(const WOLFSSL_EC_KEY *in, unsigned char **out)
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
} }
if (!in->exSet) {
if (SetECKeyExternal((WOLFSSL_EC_KEY*)in) != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("SetECKeyExternal failure");
return WOLFSSL_FAILURE;
}
}
#ifdef HAVE_COMP_KEY #ifdef HAVE_COMP_KEY
/* Default to compressed form if not set */ /* Default to compressed form if not set */
form = in->form == POINT_CONVERSION_UNCOMPRESSED ? form = in->form == POINT_CONVERSION_UNCOMPRESSED ?
@@ -44296,6 +44310,17 @@ void* wolfSSL_GetHKDFExtractCtx(WOLFSSL* ssl)
XMEMCPY(cert->challengePw, x509->challengePw, CTC_NAME_SIZE); XMEMCPY(cert->challengePw, x509->challengePw, CTC_NAME_SIZE);
#endif #endif
if (x509->serialSz == 0 && x509->serialNumber != NULL &&
/* Check if the buffer contains more than just the
* ASN tag and length */
x509->serialNumber->length > 2) {
if (wolfSSL_X509_set_serialNumber(x509, x509->serialNumber)
!= WOLFSSL_SUCCESS) {
WOLFSSL_MSG("Failed to set serial number");
return WOLFSSL_FAILURE;
}
}
/* set serial number */ /* set serial number */
if (x509->serialSz > 0) { if (x509->serialSz > 0) {
#if defined(OPENSSL_EXTRA) #if defined(OPENSSL_EXTRA)
@@ -56602,6 +56627,7 @@ void wolfSSL_RSA_free(WOLFSSL_RSA* rsa)
#ifndef SINGLE_THREADED #ifndef SINGLE_THREADED
if (wc_LockMutex(&rsa->refMutex) != 0) { if (wc_LockMutex(&rsa->refMutex) != 0) {
WOLFSSL_MSG("Couldn't lock rsa mutex"); WOLFSSL_MSG("Couldn't lock rsa mutex");
return;
} }
#endif #endif
@@ -57242,8 +57268,10 @@ int wolfSSL_X509_set_serialNumber(WOLFSSL_X509* x509, WOLFSSL_ASN1_INTEGER* s)
if (!x509 || !s || s->length >= EXTERNAL_SERIAL_SIZE) if (!x509 || !s || s->length >= EXTERNAL_SERIAL_SIZE)
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
/* WOLFSSL_ASN1_INTEGER has type | size | data */ /* WOLFSSL_ASN1_INTEGER has type | size | data
if (s->length < 3) { * Sanity check that the data is actually in ASN format */
if (s->length < 3 && s->data[0] != ASN_INTEGER &&
s->data[1] != s->length - 2) {
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
} }
XMEMCPY(x509->serial, s->data + 2, s->length - 2); XMEMCPY(x509->serial, s->data + 2, s->length - 2);

131
wolfcrypt/src/evp.c
View File

@@ -6731,6 +6731,41 @@ const WOLFSSL_EVP_MD* wolfSSL_EVP_get_digestbynid(int id)
return NULL; return NULL;
} }
static void clearEVPPkeyKeys(WOLFSSL_EVP_PKEY *pkey)
{
if(pkey == NULL)
return;
WOLFSSL_ENTER("clearEVPPkeyKeys");
#ifndef NO_RSA
if (pkey->rsa != NULL && pkey->ownRsa == 1) {
wolfSSL_RSA_free(pkey->rsa);
pkey->rsa = NULL;
}
pkey->ownRsa = 0;
#endif
#ifndef NO_DSA
if (pkey->dsa != NULL && pkey->ownDsa == 1) {
wolfSSL_DSA_free(pkey->dsa);
pkey->dsa = NULL;
}
pkey->ownDsa = 0;
#endif
#ifndef NO_DH
if (pkey->dh != NULL && pkey->ownDh == 1) {
wolfSSL_DH_free(pkey->dh);
pkey->dh = NULL;
}
pkey->ownDh = 0;
#endif
#ifdef HAVE_ECC
if (pkey->ecc != NULL && pkey->ownEcc == 1) {
wolfSSL_EC_KEY_free(pkey->ecc);
pkey->ecc = NULL;
}
pkey->ownEcc = 0;
#endif
}
#ifndef NO_RSA #ifndef NO_RSA
#if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA) #if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA)
static int PopulateRSAEvpPkeyDer(WOLFSSL_EVP_PKEY *pkey) static int PopulateRSAEvpPkeyDer(WOLFSSL_EVP_PKEY *pkey)
@@ -6779,7 +6814,7 @@ static int PopulateRSAEvpPkeyDer(WOLFSSL_EVP_PKEY *pkey)
derBuf = (byte*)XREALLOC(pkey->pkey.ptr, derSz, derBuf = (byte*)XREALLOC(pkey->pkey.ptr, derSz,
pkey->heap, DYNAMIC_TYPE_DER); pkey->heap, DYNAMIC_TYPE_DER);
if (derBuf == NULL) { if (derBuf == NULL) {
WOLFSSL_MSG("EVP_PKEY_set1_RSA malloc failed"); WOLFSSL_MSG("PopulateRSAEvpPkeyDer malloc failed");
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
} }
/* Old pointer is invalid from this point on */ /* Old pointer is invalid from this point on */
@@ -6866,9 +6901,7 @@ int wolfSSL_EVP_PKEY_set1_RSA(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_RSA *key)
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
} }
if (pkey->rsa != NULL && pkey->ownRsa == 1) { clearEVPPkeyKeys(pkey);
wolfSSL_RSA_free(pkey->rsa);
}
pkey->rsa = key; pkey->rsa = key;
pkey->ownRsa = 1; /* pkey does not own RSA but needs to call free on it */ pkey->ownRsa = 1; /* pkey does not own RSA but needs to call free on it */
pkey->type = EVP_PKEY_RSA; pkey->type = EVP_PKEY_RSA;
@@ -6914,9 +6947,7 @@ int wolfSSL_EVP_PKEY_set1_DSA(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_DSA *key)
WOLFSSL_ENTER("wolfSSL_EVP_PKEY_set1_DSA"); WOLFSSL_ENTER("wolfSSL_EVP_PKEY_set1_DSA");
if((pkey == NULL) || (key == NULL))return WOLFSSL_FAILURE; if((pkey == NULL) || (key == NULL))return WOLFSSL_FAILURE;
if (pkey->dsa != NULL && pkey->ownDsa == 1) { clearEVPPkeyKeys(pkey);
wolfSSL_DSA_free(pkey->dsa);
}
pkey->dsa = key; pkey->dsa = key;
pkey->ownDsa = 0; /* pkey does not own DSA */ pkey->ownDsa = 0; /* pkey does not own DSA */
pkey->type = EVP_PKEY_DSA; pkey->type = EVP_PKEY_DSA;
@@ -7020,7 +7051,7 @@ WOLFSSL_DSA* wolfSSL_EVP_PKEY_get1_DSA(WOLFSSL_EVP_PKEY* key)
WOLFSSL_EC_KEY *wolfSSL_EVP_PKEY_get0_EC_KEY(WOLFSSL_EVP_PKEY *pkey) WOLFSSL_EC_KEY *wolfSSL_EVP_PKEY_get0_EC_KEY(WOLFSSL_EVP_PKEY *pkey)
{ {
WOLFSSL_EC_KEY *eckey = NULL; WOLFSSL_EC_KEY *eckey = NULL;
if (pkey) { if (pkey && pkey->type == EVP_PKEY_EC) {
#ifdef HAVE_ECC #ifdef HAVE_ECC
eckey = pkey->ecc; eckey = pkey->ecc;
#endif #endif
@@ -7030,10 +7061,9 @@ WOLFSSL_EC_KEY *wolfSSL_EVP_PKEY_get0_EC_KEY(WOLFSSL_EVP_PKEY *pkey)
WOLFSSL_EC_KEY* wolfSSL_EVP_PKEY_get1_EC_KEY(WOLFSSL_EVP_PKEY* key) WOLFSSL_EC_KEY* wolfSSL_EVP_PKEY_get1_EC_KEY(WOLFSSL_EVP_PKEY* key)
{ {
WOLFSSL_EC_KEY* local = NULL;
WOLFSSL_ENTER("wolfSSL_EVP_PKEY_get1_EC_KEY"); WOLFSSL_ENTER("wolfSSL_EVP_PKEY_get1_EC_KEY");
if (key == NULL) { if (key == NULL || key->type != EVP_PKEY_EC) {
return NULL; return NULL;
} }
if (key->type == EVP_PKEY_EC) { if (key->type == EVP_PKEY_EC) {
@@ -7050,27 +7080,12 @@ WOLFSSL_EC_KEY* wolfSSL_EVP_PKEY_get1_EC_KEY(WOLFSSL_EVP_PKEY* key)
return NULL; return NULL;
} }
if (wolfSSL_EC_KEY_LoadDer(local, if (wolfSSL_EC_KEY_up_ref(key->ecc) != WOLFSSL_SUCCESS) {
(const unsigned char*)key->pkey.ptr, WOLFSSL_MSG("wolfSSL_EC_KEY_up_ref error");
key->pkey_sz) != WOLFSSL_SUCCESS) { return NULL;
/* now try public key */
if (wolfSSL_EC_KEY_LoadDer_ex(local,
(const unsigned char*)key->pkey.ptr, key->pkey_sz,
WOLFSSL_EC_KEY_LOAD_PUBLIC) != WOLFSSL_SUCCESS) {
wolfSSL_EC_KEY_free(local);
local = NULL;
}
}
}
}
else {
WOLFSSL_MSG("WOLFSSL_EVP_PKEY does not hold an EC key");
wolfSSL_EC_KEY_free(local);
local = NULL;
} }
return local; return key->ecc;
} }
#endif /* HAVE_ECC */ #endif /* HAVE_ECC */
@@ -7095,33 +7110,7 @@ int wolfSSL_EVP_PKEY_set1_DH(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_DH *key)
if (pkey == NULL || key == NULL) if (pkey == NULL || key == NULL)
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
/* free other types if needed */ clearEVPPkeyKeys(pkey);
#ifndef NO_RSA
if (pkey->rsa != NULL && pkey->ownRsa == 1) {
wolfSSL_RSA_free(pkey->rsa);
}
pkey->ownRsa = 0;
#endif
#ifndef NO_DSA
if (pkey->dsa != NULL && pkey->ownDsa == 1) {
wolfSSL_DSA_free(pkey->dsa);
}
pkey->ownDsa = 0;
#endif
#ifdef HAVE_ECC
if (pkey->ecc != NULL && pkey->ownEcc == 1) {
wolfSSL_EC_KEY_free(pkey->ecc);
}
pkey->ownEcc = 0;
#endif
if (wolfSSL_DH_up_ref(key) != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("wolfSSL_DH_up_ref failed");
return WOLFSSL_FAILURE;
}
if (pkey->dh != NULL && pkey->ownDh == 1)
wolfSSL_DH_free(pkey->dh);
pkey->dh = key; pkey->dh = key;
pkey->ownDh = 1; /* pkey does not own DH but needs to call free on it */ pkey->ownDh = 1; /* pkey does not own DH but needs to call free on it */
@@ -7358,39 +7347,13 @@ int wolfSSL_EVP_PKEY_set1_EC_KEY(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_EC_KEY *key)
{ {
#ifdef HAVE_ECC #ifdef HAVE_ECC
WOLFSSL_ENTER("wolfSSL_EVP_PKEY_set1_EC_KEY"); WOLFSSL_ENTER("wolfSSL_EVP_PKEY_set1_EC_KEY");
clearEVPPkeyKeys(pkey);
if (pkey == NULL || key == NULL) {
return WOLFSSL_FAILURE;
}
#ifndef NO_RSA
if (pkey->rsa != NULL && pkey->ownRsa == 1) {
wolfSSL_RSA_free(pkey->rsa);
}
pkey->ownRsa = 0;
#endif
#ifndef NO_DSA
if (pkey->dsa != NULL && pkey->ownDsa == 1) {
wolfSSL_DSA_free(pkey->dsa);
}
pkey->ownDsa = 0;
#endif
#ifndef NO_DH
if (pkey->dh != NULL && pkey->ownDh == 1) {
wolfSSL_DH_free(pkey->dh);
}
pkey->ownDh = 0;
#endif
if (wolfSSL_EC_KEY_up_ref(key) != WOLFSSL_SUCCESS) { if (wolfSSL_EC_KEY_up_ref(key) != WOLFSSL_SUCCESS) {
WOLFSSL_MSG("wolfSSL_EC_KEY_up_ref failed"); WOLFSSL_MSG("wolfSSL_EC_KEY_up_ref failed");
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
} }
if (pkey->ecc != NULL && pkey->ownEcc == 1) {
wolfSSL_EC_KEY_free(pkey->ecc);
}
pkey->ecc = key; pkey->ecc = key;
pkey->ownEcc = 1; /* doesn't own EC_KEY but needs to call free on it */ pkey->ownEcc = 1; /* pkey needs to call free on key */
pkey->type = EVP_PKEY_EC; pkey->type = EVP_PKEY_EC;
return ECC_populate_EVP_PKEY(pkey, key); return ECC_populate_EVP_PKEY(pkey, key);
#else #else

8
wolfssl/openssl/ec.h
View File

@@ -127,6 +127,11 @@ struct WOLFSSL_EC_KEY {
/* option bits */ /* option bits */
byte inSet:1; /* internal set from external ? */ byte inSet:1; /* internal set from external ? */
byte exSet:1; /* external set from internal ? */ byte exSet:1; /* external set from internal ? */
#ifndef SINGLE_THREADED
wolfSSL_Mutex refMutex; /* ref count mutex */
#endif
int refCount; /* reference count */
}; };
struct WOLFSSL_EC_BUILTIN_CURVE { struct WOLFSSL_EC_BUILTIN_CURVE {
@@ -209,6 +214,8 @@ WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new_ex(void* heap, int devId);
WOLFSSL_API WOLFSSL_API
WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new(void); WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new(void);
WOLFSSL_API WOLFSSL_API
int wolfSSL_EC_KEY_up_ref(WOLFSSL_EC_KEY* key);
WOLFSSL_API
int wolfSSL_EC_KEY_set_group(WOLFSSL_EC_KEY *key, WOLFSSL_EC_GROUP *group); int wolfSSL_EC_KEY_set_group(WOLFSSL_EC_KEY *key, WOLFSSL_EC_GROUP *group);
WOLFSSL_API WOLFSSL_API
int wolfSSL_EC_KEY_generate_key(WOLFSSL_EC_KEY *key); int wolfSSL_EC_KEY_generate_key(WOLFSSL_EC_KEY *key);
@@ -312,6 +319,7 @@ typedef WOLFSSL_EC_BUILTIN_CURVE EC_builtin_curve;
#define EC_KEY_new wolfSSL_EC_KEY_new #define EC_KEY_new wolfSSL_EC_KEY_new
#define EC_KEY_free wolfSSL_EC_KEY_free #define EC_KEY_free wolfSSL_EC_KEY_free
#define EC_KEY_up_ref wolfSSL_EC_KEY_up_ref
#define EC_KEY_dup wolfSSL_EC_KEY_dup #define EC_KEY_dup wolfSSL_EC_KEY_dup
#define EC_KEY_up_ref wolfSSL_EC_KEY_up_ref #define EC_KEY_up_ref wolfSSL_EC_KEY_up_ref
#define EC_KEY_get0_public_key wolfSSL_EC_KEY_get0_public_key #define EC_KEY_get0_public_key wolfSSL_EC_KEY_get0_public_key