From e25284c690d49857ae71d5305c37f4cfe9af4a57 Mon Sep 17 00:00:00 2001 From: TakayukiMatsuo Date: Mon, 22 Feb 2021 23:51:27 +0900 Subject: [PATCH 01/29] Add wolfSSL_EVP_PKEY_print_public --- src/ssl.c | 62 ++- tests/api.c | 440 ++++++++++++++++++++ wolfcrypt/src/asn.c | 115 ++++++ wolfcrypt/src/evp.c | 726 +++++++++++++++++++++++++++++++++ wolfssl/certs_test.h | 151 +++++++ wolfssl/openssl/evp.h | 7 + wolfssl/ssl.h | 5 + wolfssl/wolfcrypt/asn_public.h | 3 + wolfssl/wolfcrypt/dh.h | 2 + 9 files changed, 1510 insertions(+), 1 deletion(-) diff --git a/src/ssl.c b/src/ssl.c index 57348a9ea7..0fda7460b4 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -7877,6 +7877,66 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** out, #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ #endif /* !NO_DH && (WOLFSSL_QT || OPENSSL_ALL) */ + #if !defined(NO_DH) && defined(OPENSSL_EXTRA) + #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \ + (HAVE_FIPS_VERSION > 2)) + { + DhKey dh; + word32 keyIdx = 0; + + /* test if DH-public key */ + if (wc_InitDhKey(&dh) == 0 && + wc_DhPublicKeyDecode(mem, &keyIdx, &dh, (word32)memSz) == 0) { + wc_FreeDhKey(&dh); + pkey = wolfSSL_EVP_PKEY_new(); + if (pkey != NULL) { + pkey->type = EVP_PKEY_DH; + pkey->pkey_sz = (int)memSz; + pkey->pkey.ptr = (char*)XMALLOC(memSz, NULL, + DYNAMIC_TYPE_PUBLIC_KEY); + if (pkey->pkey.ptr == NULL) { + wolfSSL_EVP_PKEY_free(pkey); + return NULL; + } + XMEMCPY(pkey->pkey.ptr, mem, memSz); + if (out != NULL) { + *out = pkey; + } + pkey->ownDh = 1; + pkey->dh = wolfSSL_DH_new(); + if (pkey->dh == NULL) { + wolfSSL_EVP_PKEY_free(pkey); + return NULL; + } + + DhKey* key = (DhKey*)pkey->dh->internal; + + keyIdx = 0; + if (wc_DhPublicKeyDecode(mem, &keyIdx, key, (word32)memSz) == 0) + { + if (SetIndividualExternal(&(pkey->dh->p), &key->p) + == WOLFSSL_SUCCESS && + SetIndividualExternal(&(pkey->dh->g), &key->g) + == WOLFSSL_SUCCESS && + SetIndividualExternal(&(pkey->dh->q), &key->q) + == WOLFSSL_SUCCESS && + SetIndividualExternal(&(pkey->dh->pub_key), &key->pub) + == WOLFSSL_SUCCESS) { + wc_FreeDhKey(&dh); + return pkey; + } + } + else { + wolfSSL_EVP_PKEY_free(pkey); + return NULL; + } + } + wolfSSL_EVP_PKEY_free(pkey); + } + } + #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ + #endif /* !NO_DH && OPENSSL_EXTRA */ + if (pkey == NULL) { WOLFSSL_MSG("wolfSSL_d2i_PUBKEY couldn't determine key type"); } @@ -35271,7 +35331,7 @@ const char* wolfSSL_EC_curve_nid2nist(int nid) const WOLF_EC_NIST_NAME* nist_name; for (nist_name = kNistCurves; nist_name->name != NULL; nist_name++) { if (nist_name->nid == nid) { - return kNistCurves->name; + return nist_name->name; } } return NULL; diff --git a/tests/api.c b/tests/api.c index 6a2283663e..f0a29a4eeb 100644 --- a/tests/api.c +++ b/tests/api.c @@ -2393,6 +2393,301 @@ static void test_ED448(void) | EVP *----------------------------------------------------------------------------*/ +static void test_wolfSSL_EVP_PKEY_print_public(void) +{ +#if defined(OPENSSL_EXTRA) + + WOLFSSL_BIO* rbio = NULL; + WOLFSSL_BIO* wbio = NULL; + WOLFSSL_EVP_PKEY* pkey = NULL; + char line[256] = { 0 }; + int res; + + printf(testingFmt, "wolfSSL_EVP_PKEY_print_public()"); + /* test error cases */ + AssertIntEQ( wolfSSL_EVP_PKEY_print_public(NULL,NULL,0,NULL),0L); + + /* + * test RSA public key print + * in this test, pass '3' for indent + */ + #if !defined(NO_RSA) && defined(USE_CERT_BUFFERS_1024) + + rbio = BIO_new_mem_buf( client_keypub_der_1024, + sizeof_client_keypub_der_1024); + AssertNotNull(rbio); + + wolfSSL_d2i_PUBKEY_bio(rbio, &pkey); + AssertNotNull(pkey); + + wbio = BIO_new(BIO_s_mem()); + AssertNotNull(wbio); + + res = wolfSSL_EVP_PKEY_print_public(wbio, pkey,3,NULL); + AssertIntEQ(res,1); + + BIO_gets(wbio, line, sizeof(line)); + res = XSTRNCMP( line, " RSA Public-Key: (1024 bit)\n", + sizeof(" RSA Public-Key: (1024 bit)\n")); + + AssertIntEQ(res,0); + + BIO_gets(wbio, line, sizeof(line)); + res = XSTRNCMP( line, " Modulus:\n", + sizeof(" Modulus:\n")); + AssertIntEQ(res,0); + + BIO_gets(wbio, line, sizeof(line)); + res = XSTRNCMP( line, + " bc:73:0e:a8:49:f3:74:a2:a9:ef:18:a5:da:55:99:\n", + sizeof(" bc:73:0e:a8:49:f3:74:a2:a9:ef:18:a5:da:55:99:\n")); + AssertIntEQ(res,0); + + /* skip to the end of modulus element*/ + for( int i = 0; i < 7 ;i++) { + BIO_gets(wbio, line, sizeof(line)); + } + + BIO_gets(wbio, line, sizeof(line)); + res = XSTRNCMP( line, " Exponent: 65537 (0x010001)\n", + sizeof(" Exponent: 65537 (0x010001)\n")); + AssertIntEQ(res,0); + + /* should reach EOF */ + AssertIntLE(BIO_gets(wbio, line, sizeof(line)) ,0); + + EVP_PKEY_free(pkey); + pkey = NULL; + BIO_free(rbio); + BIO_free(wbio); + rbio = NULL; + wbio = NULL; + + #endif /* !NO_RSA && USE_CERT_BUFFERS_1024*/ + + /* + * test DSA public key print + */ + #if !defined(NO_DSA) && defined(USE_CERT_BUFFERS_2048) + rbio = BIO_new_mem_buf( dsa_pub_key_der_2048, + sizeof_dsa_pub_key_der_2048); + AssertNotNull(rbio); + + wolfSSL_d2i_PUBKEY_bio(rbio, &pkey); + AssertNotNull(pkey); + + wbio = BIO_new(BIO_s_mem()); + AssertNotNull(wbio); + + res = wolfSSL_EVP_PKEY_print_public(wbio, pkey,0,NULL); + AssertIntEQ(res,1); + + BIO_gets(wbio, line, sizeof(line)); + res = XSTRNCMP( line, "DSA Public-Key: (2048 bit)\n", + sizeof("DSA Public-Key: (2048 bit)\n")); + + AssertIntEQ(res,0); + + BIO_gets(wbio, line, sizeof(line)); + res = XSTRNCMP( line, "pub:\n", + sizeof("pub:\n")); + AssertIntEQ(res,0); + + BIO_gets(wbio, line, sizeof(line)); + res = XSTRNCMP( line, + " 00:c2:35:2d:ec:83:83:6c:73:13:9e:52:7c:74:c8:\n", + sizeof(" 00:c2:35:2d:ec:83:83:6c:73:13:9e:52:7c:74:c8:\n")); + AssertIntEQ(res,0); + + /* skip to the end of pub element*/ + for( int i = 0; i < 17 ;i++) { + BIO_gets(wbio, line, sizeof(line)); + } + + BIO_gets(wbio, line, sizeof(line)); + res = XSTRNCMP( line, + "P:\n", + sizeof("P:\n")); + AssertIntEQ(res,0); + + /* skip to the end of P element*/ + for( int i = 0; i < 18 ;i++) { + BIO_gets(wbio, line, sizeof(line)); + } + + BIO_gets(wbio, line, sizeof(line)); + res = XSTRNCMP( line, + "Q:\n", + sizeof("Q:\n")); + AssertIntEQ(res,0); + + /* skip to the end of Q element*/ + for( int i = 0; i < 3 ;i++) { + BIO_gets(wbio, line, sizeof(line)); + } + BIO_gets(wbio, line, sizeof(line)); + res = XSTRNCMP( line, + "G:\n", + sizeof("G:\n")); + AssertIntEQ(res,0); + + /* skip to the end of G element*/ + for( int i = 0; i < 18 ;i++) { + BIO_gets(wbio, line, sizeof(line)); + } + /* should reach EOF */ + AssertIntLE(BIO_gets(wbio, line, sizeof(line)) ,0); + + EVP_PKEY_free(pkey); + pkey = NULL; + BIO_free(rbio); + BIO_free(wbio); + rbio = NULL; + wbio = NULL; + + #endif /* !NO_DSA && USE_CERT_BUFFERS_2048 */ + + /* + * test ECC public key print + */ + #if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256) + + rbio = BIO_new_mem_buf( ecc_clikeypub_der_256, + sizeof_ecc_clikeypub_der_256); + AssertNotNull(rbio); + + wolfSSL_d2i_PUBKEY_bio(rbio, &pkey); + AssertNotNull(pkey); + + wbio = BIO_new(BIO_s_mem()); + AssertNotNull(wbio); + + res = wolfSSL_EVP_PKEY_print_public(wbio, pkey,0,NULL); + AssertIntEQ(res,1); + + BIO_gets(wbio, line, sizeof(line)); + res = XSTRNCMP( line, "Public-Key: (256 bit)\n", + sizeof("Public-Key: (256 bit)\n")); + + AssertIntEQ(res,0); + + BIO_gets(wbio, line, sizeof(line)); + res = XSTRNCMP( line, "pub:\n", + sizeof("pub:\n")); + AssertIntEQ(res,0); + + BIO_gets(wbio, line, sizeof(line)); + res = XSTRNCMP( line, + " 04:55:bf:f4:0f:44:50:9a:3d:ce:9b:b7:f0:c5:4d:\n", + sizeof(" 04:55:bf:f4:0f:44:50:9a:3d:ce:9b:b7:f0:c5:4d:\n")); + AssertIntEQ(res,0); + + /* skip to the end of pub element*/ + for( int i = 0; i < 4 ;i++) { + BIO_gets(wbio, line, sizeof(line)); + } + + BIO_gets(wbio, line, sizeof(line)); + res = XSTRNCMP( line, "ASN1 OID: prime256v1\n", + sizeof("ASN1 OID: prime256v1\n")); + AssertIntEQ(res,0); + + BIO_gets(wbio, line, sizeof(line)); + res = XSTRNCMP( line, "NIST CURVE: P-256\n", + sizeof("NIST CURVE: P-256")); + AssertIntEQ(res,0); + + /* should reach EOF */ + AssertIntLE(BIO_gets(wbio, line, sizeof(line)) ,0); + + EVP_PKEY_free(pkey); + pkey = NULL; + BIO_free(rbio); + BIO_free(wbio); + rbio = NULL; + wbio = NULL; + + #endif /* HAVE_ECC && USE_CERT_BUFFERS_256 */ + + /* + * test DH public key print + */ + #if defined(WOLFSSL_DH_EXTRA) && defined(USE_CERT_BUFFERS_2048) + + rbio = BIO_new_mem_buf( dh_pub_key_der_2048, + sizeof_dh_pub_key_der_2048); + AssertNotNull(rbio); + + wolfSSL_d2i_PUBKEY_bio(rbio, &pkey); + AssertNotNull(pkey); + + wbio = BIO_new(BIO_s_mem()); + AssertNotNull(wbio); + + res = wolfSSL_EVP_PKEY_print_public(wbio, pkey,0,NULL); + AssertIntEQ(res,1); + + BIO_gets(wbio, line, sizeof(line)); + res = XSTRNCMP( line, "DH Public-Key: (2048 bit)\n", + sizeof("DH Public-Key: (2048 bit)\n")); + + AssertIntEQ(res,0); + + BIO_gets(wbio, line, sizeof(line)); + res = XSTRNCMP( line, "public-key:\n", + sizeof("public-key:\n")); + AssertIntEQ(res,0); + + BIO_gets(wbio, line, sizeof(line)); + res = XSTRNCMP( line, + " 34:41:bf:e9:f2:11:bf:05:db:b2:72:a8:29:cc:bd:\n", + sizeof(" 34:41:bf:e9:f2:11:bf:05:db:b2:72:a8:29:cc:bd:\n")); + AssertIntEQ(res,0); + + /* skip to the end of public-key element*/ + for( int i = 0; i < 17 ;i++) { + BIO_gets(wbio, line, sizeof(line)); + } + + BIO_gets(wbio, line, sizeof(line)); + res = XSTRNCMP( line, + "prime:\n", + sizeof("prime:\n")); + AssertIntEQ(res,0); + + BIO_gets(wbio, line, sizeof(line)); + res = XSTRNCMP( line, + " 00:d3:b2:99:84:5c:0a:4c:e7:37:cc:fc:18:37:01:\n", + sizeof(" 00:d3:b2:99:84:5c:0a:4c:e7:37:cc:fc:18:37:01:\n")); + AssertIntEQ(res,0); + + /* skip to the end of prime element*/ + for( int i = 0; i < 17 ;i++) { + BIO_gets(wbio, line, sizeof(line)); + } + + BIO_gets(wbio, line, sizeof(line)); + res = XSTRNCMP( line, + "generator: 2 (0x02)\n", + sizeof("generator: 2 (0x02)\n")); + AssertIntEQ(res,0); + + /* should reach EOF */ + AssertIntLE(BIO_gets(wbio, line, sizeof(line)) ,0); + + EVP_PKEY_free(pkey); + pkey = NULL; + BIO_free(rbio); + BIO_free(wbio); + rbio = NULL; + wbio = NULL; + + #endif /* WOLFSSL_DH_EXTRA && USE_CERT_BUFFERS_2048 */ + + printf(resultFmt, passed); +#endif /* OPENSSL_EXTRA */ +} + /* Test function for wolfSSL_EVP_get_cipherbynid. */ @@ -22232,6 +22527,128 @@ static int test_wc_EccPrivateKeyToDer (void) #endif return ret; }/* End test_wc_EccPrivateKeyToDer*/ +/* + * Testing wc_EccPublicKeyDecode_ex + */ +static int test_wc_EccPublicKeyDecode_ex(void) +{ + int ret = 0; +#if defined(HAVE_ECC) + printf(testingFmt, "test_wc_EccPublicKeyDecode_ex()"); + + if (ret == 0) { + ret = wc_EccPublicKeyDecode_ex(NULL,NULL,NULL,NULL,NULL,0); + if (ret == BAD_FUNC_ARG) + ret = 0; + } +#if defined(USE_CERT_BUFFERS_256) + word32 inOutIdx; + int curveId; + word32 pointIdx; + int pointSz; + + if (ret == 0) { + ret = wc_EccPublicKeyDecode_ex(ecc_clikeypub_der_256, + NULL,NULL,NULL,NULL,0); + if(ret == BAD_FUNC_ARG) + ret = 0; + } + if (ret == 0) { + ret = wc_EccPublicKeyDecode_ex(ecc_clikeypub_der_256, + &inOutIdx,NULL,NULL,NULL,0); + if (ret == BAD_FUNC_ARG) + ret = 0; + } + if (ret == 0) { + ret = wc_EccPublicKeyDecode_ex(ecc_clikeypub_der_256, + &inOutIdx,&curveId,NULL,NULL,0); + if (ret == BAD_FUNC_ARG) + ret = 0; + } + if (ret == 0) { + ret = wc_EccPublicKeyDecode_ex(ecc_clikeypub_der_256, + &inOutIdx,&curveId,&pointIdx,NULL,0); + if(ret == BAD_FUNC_ARG) + ret = 0; + } + if (ret == 0) { + ret = wc_EccPublicKeyDecode_ex(ecc_clikeypub_der_256, + &inOutIdx,&curveId,&pointIdx,&pointSz,0); + if (ret == BAD_FUNC_ARG) + ret = 0; + } + /* pass bad input size */ + if (ret == 0) { + ret = wc_EccPublicKeyDecode_ex(ecc_clikeypub_der_256, + &inOutIdx,&curveId,&pointIdx,&pointSz,sizeof_ecc_clikeypub_der_256 - 3 ); + if (ret < 0 ) + ret = 0; + } + if (ret == 0) { + ret = wc_EccPublicKeyDecode_ex(ecc_clikeypub_der_256, + &inOutIdx,&curveId,&pointIdx,&pointSz,sizeof_ecc_clikeypub_der_256); + if (ret == 0 && inOutIdx == 91 && curveId == 7 && + pointIdx == 26 && pointSz == 65 ) { + ret = 0; + } + else + ret = -1; + } + +#endif /* USE_CERT_BUFFERS_256 */ + + printf(resultFmt, ret == 0 ? passed : failed); +#endif /* HAVE_ECC */ + return ret; +} +/* + * Testing wc_DhPublicKeyDecode + */ +static int test_wc_DhPublicKeyDecode(void) +{ + int ret = 0; +#if defined(WOLFSSL_DH_EXTRA) && defined(USE_CERT_BUFFERS_2048) + printf(testingFmt, "test_wc_DhPublicKeyDecode()"); + + word32 inOutIdx; + DhKey key; + + if (ret == 0) { + ret = wc_DhPublicKeyDecode(NULL,NULL,NULL,0); + if (ret == BAD_FUNC_ARG) + ret = 0; + } + if (ret == 0) { + ret = wc_DhPublicKeyDecode(dh_pub_key_der_2048,NULL,NULL,0); + if(ret == BAD_FUNC_ARG) + ret = 0; + } + if (ret == 0) { + ret = wc_DhPublicKeyDecode(dh_pub_key_der_2048,&inOutIdx,NULL,0); + if (ret == BAD_FUNC_ARG) + ret = 0; + } + if (ret == 0) { + ret = wc_DhPublicKeyDecode(dh_pub_key_der_2048,&inOutIdx,&key,0); + if (ret == BAD_FUNC_ARG) + ret = 0; + } + if (ret == 0) { + ret = wc_DhPublicKeyDecode(dh_pub_key_der_2048,&inOutIdx,&key, + sizeof_dh_pub_key_der_2048); + if (ret == 0 && key.p.used != 0 && key.g.used != 0 && + key.q.used == 0 && key.pub.used != 0 && + key.priv.used == 0 ) { + ret = 0; + } + else + ret = -1; + } + + printf(resultFmt, ret == 0 ? passed : failed); +#endif + return ret; +} /* * Testing wc_Ed25519KeyToDer @@ -31781,6 +32198,26 @@ static void test_wolfSSL_d2i_PUBKEY(void) EVP_PKEY_free(pkey); #endif +#if defined(USE_CERT_BUFFERS_2048) && !defined(NO_DSA) + /* DSA PUBKEY test */ + AssertIntGT(BIO_write(bio, dsa_pub_key_der_2048, + sizeof_dsa_pub_key_der_2048), 0); + AssertNotNull(pkey = d2i_PUBKEY_bio(bio, NULL)); + EVP_PKEY_free(pkey); +#endif + +#if defined(USE_CERT_BUFFERS_2048) && !defined(NO_DH) && \ +defined(OPENSSL_EXTRA) && !defined(WOLFSSL_DH_EXTRA) +#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \ + (HAVE_FIPS_VERSION > 2)) + /* DH PUBKEY test */ + AssertIntGT(BIO_write(bio, dh_pub_key_der_2048, + sizeof_dh_pub_key_der_2048), 0); + AssertNotNull(pkey = d2i_PUBKEY_bio(bio, NULL)); + EVP_PKEY_free(pkey); +#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ +#endif /* USE_CERT_BUFFERS_2048 && !NO_DH && && OPENSSL_EXTRA */ + BIO_free(bio); (void)pkey; @@ -40629,6 +41066,7 @@ void ApiTest(void) test_EVP_PKEY_rsa(); test_wolfSSL_EVP_PKEY_encrypt(); test_wolfSSL_EVP_PKEY_sign(); + test_wolfSSL_EVP_PKEY_print_public(); test_EVP_PKEY_ec(); test_EVP_PKEY_cmp(); /* OpenSSL error API tests */ @@ -40963,6 +41401,8 @@ void ApiTest(void) AssertIntEQ(test_ToTraditional(), 0); AssertIntEQ(test_wc_EccPrivateKeyToDer(), 0); + AssertIntEQ(test_wc_EccPublicKeyDecode_ex(), 0); + AssertIntEQ(test_wc_DhPublicKeyDecode(), 0); AssertIntEQ(test_wc_Ed25519KeyToDer(), 0); AssertIntEQ(test_wc_Ed25519PrivateKeyToDer(), 0); AssertIntEQ(test_wc_Ed448KeyToDer(), 0); diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index c645e26664..d2894b0a11 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -4515,6 +4515,60 @@ int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz, const byte* e, #endif /* !NO_RSA */ #ifndef NO_DH +#if defined(WOLFSSL_DH_EXTRA) +/* + * Decodes DH public key + * + * return 0 on success, negative on failure + */ +int wc_DhPublicKeyDecode(const byte* input, word32* inOutIdx, + DhKey* key, word32 inSz) +{ + int ret = 0; + int length; + word32 oid = 0; + + if (input == NULL || inOutIdx == NULL || key == NULL || inSz == 0) + return BAD_FUNC_ARG; + + if (GetSequence(input, inOutIdx, &length, inSz) < 0) + return ASN_PARSE_E; + + if (GetSequence(input, inOutIdx, &length, inSz) < 0) + return ASN_PARSE_E; + + ret = GetObjectId(input, inOutIdx, &oid, oidKeyType, inSz); + if (oid != DHk || ret < 0) + return ASN_DH_KEY_E; + + if (GetSequence(input, inOutIdx, &length, inSz) < 0) + return ASN_PARSE_E; + + if (GetInt(&key->p, input, inOutIdx, inSz) < 0) + return ASN_DH_KEY_E; + + if (GetInt(&key->g, input, inOutIdx, inSz) < 0) { + mp_clear(&key->p); + return ASN_DH_KEY_E; + } + ret = (CheckBitString(input, inOutIdx, &length, inSz, 0, NULL) == 0); + if (ret > 0) { + /* Found Bit String WOLFSSL_DH_EXTRA is required to access DhKey.pub */ + if (GetInt(&key->pub, input, inOutIdx, inSz) < 0) { + mp_clear(&key->p); + mp_clear(&key->g); + return ASN_DH_KEY_E; + } + } + else { + mp_clear(&key->p); + mp_clear(&key->g); + return ASN_DH_KEY_E; + } + return 0; +} +#endif /* WOLFSSL_DH_EXTRA */ + /* Supports either: * - DH params G/P (PKCS#3 DH) file or * - DH key file (if WOLFSSL_DH_EXTRA enabled) */ @@ -16221,6 +16275,67 @@ static int EccKeyParamCopy(char** dst, char* src) } #endif /* WOLFSSL_CUSTOM_CURVES */ +int wc_EccPublicKeyDecode_ex(const byte* input, + word32* inOutIdx, int* curveId, + word32* pointIdx, int* pointSz, word32 inSz) +{ + int ret; + int version, length; + word32 oidSum, localIdx; + byte tag; + + if (input == NULL || inOutIdx == NULL || curveId == NULL || + pointIdx == NULL || pointSz == NULL || inSz == 0) + return BAD_FUNC_ARG; + + if (GetSequence(input, inOutIdx, &length, inSz) < 0) + return ASN_PARSE_E; + + if (GetMyVersion(input, inOutIdx, &version, inSz) >= 0) + return ASN_PARSE_E; + + if (GetSequence(input, inOutIdx, &length, inSz) < 0) + return ASN_PARSE_E; + + ret = SkipObjectId(input, inOutIdx, inSz); + if (ret != 0) + return ret; + + if (*inOutIdx >= inSz) { + return BUFFER_E; + } + + localIdx = *inOutIdx; + + if (GetASNTag(input, &localIdx, &tag, inSz) == 0 && + tag == (ASN_SEQUENCE | ASN_CONSTRUCTED)) { + return BAD_FUNC_ARG; /* given key is not a public key*/ + } + + /* ecc params information */ + ret = GetObjectId(input, inOutIdx, &oidSum, oidIgnoreType, inSz); + if (ret != 0) + return ret; + + /* get curve id */ + if ((ret = CheckCurve(oidSum)) < 0) + return ECC_CURVE_OID_E; + else { + *curveId = ret; + } + + /* key header */ + ret = CheckBitString(input, inOutIdx, &length, inSz, 1, NULL); + if (ret != 0) + return ret; + + *pointIdx = *inOutIdx; + *pointSz = length; + *inOutIdx += length; + + return 0; +} + int wc_EccPublicKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key, word32 inSz) { diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 8f4471e804..b8a0b63441 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -6803,6 +6803,732 @@ void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY* key) } } } +#if defined(OPENSSL_EXTRA) +static int ToHex( byte in, byte* hex ) +{ + if ( hex == NULL ) + return 0; + + byte HexTbl[16] = { '0','1','2','3','4','5','6','7', + '8','9','a','b','c','d','e','f' }; + + byte UpNibble = (in >> 4) & 0x0f; + byte LwNibble = in & 0x0f; + + *hex++ = HexTbl[UpNibble]; + *hex = HexTbl[LwNibble]; + return 2; +} +/* convert input value to upto five digit decimal */ +static int ToDec(word32 in, byte* hex) +{ + if (hex == NULL || in > 99999 ) + return 0; + + byte dgt[5]; + word32 quo = in; + + dgt[4] = quo % 10; + quo = quo / 10; + dgt[3] = quo % 10; + quo = quo / 10; + dgt[2] = quo % 10; + quo = quo / 10; + dgt[1] = quo % 10; + quo = quo / 10; + dgt[0] = quo % 10; + + /* to remove leading zero */ + int i = 0; + if (dgt[0] == 0) { + if (dgt[1] == 0) { + if (dgt[2] == 0) { + if (dgt[3] == 0) { + i = 4; + }else + i = 3; + }else + i = 2; + }else + i = 1; + }else + i = 0; + + int wrote = 5 - i; + + for (; i < 5; i++) { + *hex++ = dgt[i] + '0'; + } + return wrote; +} +static int Indent(int indents, byte* dst ) +{ + if (dst == NULL) + return 0; + + for (int i = indents; i; i--) {*dst++ = ' ';} + return indents; +} +static int DumpElement(WOLFSSL_BIO* out, const byte* input, + int inlen, int indent) +{ + int idx = 0; + int wsz = 0; + byte buff[128] = { 0 }; + + /* print pub element */ + idx = 0; + wsz = Indent(indent, buff + idx); + idx += wsz; + + const byte* point = input; + word32 len = inlen; + word32 line = len / 15; + word32 left = len % 15; + word32 in = 0; + word32 i; + + while (line) { + idx = 0; + wsz = Indent(indent, buff + idx); + idx += wsz; + + for (i = 0; i < 15; i++) { /* 15 byte per line*/ + wsz = ToHex(point[in++], buff + idx); + idx += wsz; + XMEMSET(buff + idx, ':', 1); + wsz = 1; + idx += wsz; + } + wsz = 1; + XMEMSET(buff + idx, '\n', wsz); + idx += wsz; + + wolfSSL_BIO_write(out, buff, idx); + XMEMSET(buff, 0, sizeof(buff)); + idx = 0; + wsz = 0; + line--; + } + idx = 0; + wsz = Indent(indent, buff + idx); + idx += wsz; + + for (i = 0; i < left; i++) { + wsz = ToHex(point[in++], buff + idx); + idx += wsz; + if (i != left - 1) { + wsz = 1; + XMEMSET(buff + idx, ':', wsz); + idx += wsz; + } + } + wsz = 1; + XMEMSET(buff + idx, '\n', wsz); + idx += wsz; + + wolfSSL_BIO_write(out, buff, idx); + XMEMSET(buff, 0, sizeof(buff)); + + return idx; +} +static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, + int indent, int bitlen, ASN1_PCTX* pctx) +{ + int res; + byte buff[128] = { 0 }; + + word32 inOutIdx = 0; + word32 nSz = 0; /* size of modulus */ + word32 eSz = 0; /* size of public exponent */ + byte* n = NULL; + byte* e = NULL; /* pointer to modulus/exponent */ + + (void)pctx; + + if ((res = wc_RsaPublicKeyDecode_ex(pkey, &inOutIdx, pkeySz, + (const byte**)&n, &nSz, (const byte**)&e, &eSz)) != 0) { + return WOLFSSL_FAILURE; + } + int idx = 0; + int wsz = 0; + + wsz = Indent(indent, buff + idx); + idx += wsz; + + wsz = sizeof("RSA Public-Key: (") - 1; + XSTRNCPY((char*)(buff + idx), "RSA Public-Key: (", wsz ); + idx += wsz; + + wsz = ToDec(bitlen, buff + idx); + idx += wsz; + + wsz = sizeof(" bit)\n") - 1; + XSTRNCPY((char*)(buff + idx), " bit)\n", wsz); + idx += wsz; + + wolfSSL_BIO_write(out, buff, idx); + XMEMSET(buff, 0, sizeof(buff)); + + /* print Modulus */ + idx = 0; + wsz = Indent(indent, buff + idx); + idx += wsz; + + wsz = sizeof("Modulus:\n") - 1; + XSTRNCPY((char*)(buff + idx), "Modulus:\n", wsz); + idx += wsz; + + wolfSSL_BIO_write(out, buff, idx); + XMEMSET(buff, 0, sizeof(buff)); + + DumpElement(out, n, nSz, indent + 4); + + /* print public Exponent */ + idx = 0; + wsz = Indent(indent, buff + idx); + idx += wsz; + + wsz = sizeof("Exponent: ") - 1; + XSTRNCPY((char*)(buff + idx), "Exponent: ", wsz); + idx += wsz; + + word32 exponent = 0; + for (word32 i = 0; i < eSz; i++) { + exponent <<= 8; + exponent += e[i]; + } + wsz = ToDec(exponent, buff + idx); + idx += wsz; + + wsz = sizeof(" (0x") - 1; + XSTRNCPY((char*)(buff + idx), " (0x", wsz); + idx += wsz; + + for (word32 i = 0; i < eSz; i++) { + wsz = ToHex(e[i], buff + idx); + idx += wsz; + } + wsz = sizeof(")\n") - 1; + XSTRNCPY((char*)(buff + idx), ")\n", wsz); + idx += wsz; + + wolfSSL_BIO_write(out, buff, idx); + XMEMSET(buff, 0, sizeof(buff)); + + return WOLFSSL_SUCCESS; +} +#if defined(HAVE_ECC) +static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, + int indent, int bitlen, ASN1_PCTX* pctx) +{ + (void)pctx; + + int res = WOLFSSL_SUCCESS; + byte buff[128] = { 0 }; + word32 inOutIdx = 0; + + int curveId; + word32 pointIdx; + int pointSz; + char* OIDName = NULL; + const char* nistCurveName = NULL; + int nid; + WOLFSSL_ObjectInfo* oi = NULL; + + inOutIdx = 0; + res = wc_EccPublicKeyDecode_ex(pkey, &inOutIdx, &curveId, + &pointIdx, &pointSz, pkeySz); + if (res != 0) + return WOLFSSL_FAILURE; + + nid = EccEnumToNID(curveId); + + /* look up object name from object info table */ + + oi = (WOLFSSL_ObjectInfo*)wolfssl_object_info; + OIDName = NULL; + for (size_t i = 0;i < wolfssl_object_info_sz; i++) { + if ( (oi + i)->type == oidCurveType && (oi + i)->nid == nid) { + OIDName = (char*)((oi + i)->sName); + break; + } + } + + /* get NIST curve name */ + nistCurveName = wolfSSL_EC_curve_nid2nist(nid); + + int idx = 0; + int wsz = 0; + + wsz = Indent(indent, buff + idx); + idx += wsz; + + wsz = sizeof("Public-Key: (") - 1; + XSTRNCPY((char*)(buff + idx), "Public-Key: (", wsz); + idx += wsz; + + wsz = ToDec(bitlen, buff + idx); + idx += wsz; + + wsz = sizeof(" bit)\n") - 1; + XSTRNCPY((char*)(buff + idx), " bit)\n", wsz); + idx += wsz; + + wolfSSL_BIO_write(out, buff, idx); + XMEMSET(buff, 0, sizeof(buff)); + + /* print pub element */ + idx = 0; + wsz = Indent(indent, buff + idx); + idx += wsz; + + wsz = sizeof("pub:\n") - 1; + XSTRNCPY((char*)(buff + idx), "pub:\n", wsz); + idx += wsz; + + wolfSSL_BIO_write(out, buff, idx); + XMEMSET(buff, 0, sizeof(buff)); + + DumpElement(out, pkey + pointIdx, pointSz, indent + 4); + + /* print OID in name */ + + idx = 0; + wsz = Indent(indent, buff + idx); + idx += wsz; + + wsz = sizeof("ASN1 OID: ") - 1; + XSTRNCPY((char*)(buff + idx), "ASN1 OID: ", wsz); + idx += wsz; + + wsz = XSTRLEN(OIDName); + XSTRNCPY((char*)(buff + idx), OIDName, wsz); + idx += wsz; + + wsz = sizeof("\n") - 1; + XSTRNCPY((char*)(buff + idx), "\n", wsz); + idx += wsz; + + wolfSSL_BIO_write(out, buff, idx); + XMEMSET(buff, 0, sizeof(buff)); + + /* print NIST curve name */ + + idx = 0; + wsz = Indent(indent, buff + idx); + idx += wsz; + + wsz = sizeof("NIST CURVE: ") - 1; + XSTRNCPY((char*)(buff + idx), "NIST CURVE: ", wsz); + idx += wsz; + + wsz = XSTRLEN(nistCurveName); + XSTRNCPY((char*)(buff + idx), nistCurveName, wsz); + idx += wsz; + + wsz = sizeof("\n") - 1; + XSTRNCPY((char*)(buff + idx), "\n", wsz); + idx += wsz; + + wolfSSL_BIO_write(out, buff, idx); + XMEMSET(buff, 0, sizeof(buff)); + + return WOLFSSL_SUCCESS; +} +#endif /* HAVE_ECC */ + +static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, + int indent, int bitlen, ASN1_PCTX* pctx) +{ + (void)pctx; + int length; + int res; + byte buff[128] = { 0 }; + word32 inOutIdx = 0; + word32 oid; + byte tagFound; + byte *p = NULL, * q = NULL, * g = NULL, * y = NULL; + int pSz, qSz, gSz, ySz; + + inOutIdx = 0; + if (GetSequence(pkey, &inOutIdx, &length, pkeySz) < 0) + return WOLFSSL_FAILURE; + if (GetSequence(pkey, &inOutIdx, &length, pkeySz) < 0) + return WOLFSSL_FAILURE; + + res = GetObjectId(pkey, &inOutIdx, &oid, oidIgnoreType, pkeySz); + if (res != 0) + return WOLFSSL_FAILURE; + + if (GetSequence(pkey, &inOutIdx, &length, pkeySz) < 0) + return WOLFSSL_FAILURE; + + /* find P */ + if (GetASNTag(pkey, &inOutIdx, &tagFound, pkeySz) != 0) + return WOLFSSL_FAILURE; + if( tagFound != ASN_INTEGER) + return WOLFSSL_FAILURE; + if( GetLength(pkey, &inOutIdx, &length, pkeySz) < 0) + return WOLFSSL_FAILURE; + + p = (byte*)(pkey + inOutIdx); + pSz = length; + + if (bitlen == 0) { + if (*p == 0) + bitlen = (pSz - 1) * 8; /* remove leading zero */ + else + bitlen = pSz * 8; + } + + inOutIdx += length; + /* find Q */ + if (GetASNTag(pkey, &inOutIdx, &tagFound, pkeySz) != 0) + return WOLFSSL_FAILURE; + if (tagFound != ASN_INTEGER) + return WOLFSSL_FAILURE; + if (GetLength(pkey, &inOutIdx, &length, pkeySz) < 0) + return WOLFSSL_FAILURE; + + q = (byte*)(pkey + inOutIdx); + qSz = length; + inOutIdx += length; + + /* find G */ + if (GetASNTag(pkey, &inOutIdx, &tagFound, pkeySz) != 0) + return WOLFSSL_FAILURE; + if (tagFound != ASN_INTEGER) + return WOLFSSL_FAILURE; + if (GetLength(pkey, &inOutIdx, &length, pkeySz) < 0) + return WOLFSSL_FAILURE; + + g = (byte*)(pkey + inOutIdx); + gSz = length; + inOutIdx += length; + /* find Y */ + if (GetASNTag(pkey, &inOutIdx, &tagFound, pkeySz) != 0) + return WOLFSSL_FAILURE; + if (tagFound != ASN_BIT_STRING) + return WOLFSSL_FAILURE; + if (GetLength(pkey, &inOutIdx, &length, pkeySz) < 0) + return WOLFSSL_FAILURE; + + inOutIdx++; /* skip the first byte( unused byte number)*/ + + if (GetASNTag(pkey, &inOutIdx, &tagFound, pkeySz) != 0) + return WOLFSSL_FAILURE; + if (tagFound != ASN_INTEGER) + return WOLFSSL_FAILURE; + if (GetLength(pkey, &inOutIdx, &length, pkeySz) < 0) + return WOLFSSL_FAILURE; + + y = (byte*)(pkey + inOutIdx); + ySz = length; + + int idx = 0; + int wsz = 0; + + wsz = Indent(indent, buff + idx); + idx += wsz; + + wsz = sizeof("DSA Public-Key: (") - 1; + XSTRNCPY((char*)(buff + idx), "DSA Public-Key: (", wsz); + idx += wsz; + + wsz = ToDec(bitlen, buff + idx); + idx += wsz; + + wsz = sizeof(" bit)\n") - 1; + XSTRNCPY((char*)(buff + idx), " bit)\n", wsz); + idx += wsz; + + wolfSSL_BIO_write(out, buff, idx); + XMEMSET(buff, 0, sizeof(buff)); + + /* print pub element */ + idx = 0; + wsz = Indent(indent, buff + idx); + idx += wsz; + + wsz = sizeof("pub:\n") - 1; + XSTRNCPY((char*)(buff + idx), "pub:\n", wsz); + idx += wsz; + + wolfSSL_BIO_write(out, buff, idx); + XMEMSET(buff, 0, sizeof(buff)); + + DumpElement(out, y, ySz, indent + 4); + + /* print P element */ + idx = 0; + wsz = Indent(indent, buff + idx); + idx += wsz; + + wsz = sizeof("P:\n") - 1; + XSTRNCPY((char*)(buff + idx), "P:\n", wsz); + idx += wsz; + + wolfSSL_BIO_write(out, buff, idx); + XMEMSET(buff, 0, sizeof(buff)); + + DumpElement(out, p, pSz, indent + 4); + + /* print Q element */ + idx = 0; + wsz = Indent(indent, buff + idx); + idx += wsz; + + wsz = sizeof("Q:\n") - 1; + XSTRNCPY((char*)(buff + idx), "Q:\n", wsz); + idx += wsz; + + wolfSSL_BIO_write(out, buff, idx); + XMEMSET(buff, 0, sizeof(buff)); + + DumpElement(out, q, qSz, indent + 4); + + /* print G element */ + idx = 0; + wsz = Indent(indent, buff + idx); + idx += wsz; + + wsz = sizeof("G:\n") - 1; + XSTRNCPY((char*)(buff + idx), "G:\n", wsz); + idx += wsz; + + wolfSSL_BIO_write(out, buff, idx); + XMEMSET(buff, 0, sizeof(buff)); + + DumpElement(out, g, gSz, indent + 4); + + return WOLFSSL_SUCCESS; +} +static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, + int indent, int bitlen, ASN1_PCTX* pctx) +{ + (void)pctx; + word32 length; + byte buff[128] = { 0 }; + word32 inOutIdx = 0; + word32 oid; + byte tagFound; + byte* prime = NULL; + int primeSz; + byte generator; + byte* publicKey = NULL; + int publicKeySz; + + inOutIdx = 0; + if (GetSequence(pkey, &inOutIdx, (int*)&length, pkeySz) < 0) + return WOLFSSL_FAILURE; + if (GetSequence(pkey, &inOutIdx, (int*)&length, pkeySz) < 0) + return WOLFSSL_FAILURE; + if (GetObjectId(pkey, &inOutIdx, &oid, oidIgnoreType, pkeySz) < 0) + return WOLFSSL_FAILURE; + if (GetSequence(pkey, &inOutIdx, (int*)&length, pkeySz) < 0) + return WOLFSSL_FAILURE; + + /* get prime element */ + if (GetASNTag(pkey, &inOutIdx, &tagFound, pkeySz) != 0) + return WOLFSSL_FAILURE; + if (tagFound != ASN_INTEGER) + return WOLFSSL_FAILURE; + if (GetLength(pkey, &inOutIdx, (int*)&length, pkeySz) < 0) + return WOLFSSL_FAILURE; + + prime = (byte*)(pkey + inOutIdx); + primeSz = length; + inOutIdx += length; + + /* get generator element */ + if (GetASNTag(pkey, &inOutIdx, &tagFound, pkeySz) != 0) + return WOLFSSL_FAILURE; + if (tagFound != ASN_INTEGER) + return WOLFSSL_FAILURE; + if (GetLength(pkey, &inOutIdx, (int*)&length, pkeySz) < 0) + return WOLFSSL_FAILURE; + if (length != 1) + return WOLFSSL_FAILURE; + + generator = *(pkey + inOutIdx); + inOutIdx += length; + + /* get public-key element */ + if (GetASNTag(pkey, &inOutIdx, &tagFound, pkeySz) != 0) + return WOLFSSL_FAILURE; + if (tagFound != ASN_BIT_STRING) + return WOLFSSL_FAILURE; + if (GetLength(pkey, &inOutIdx, (int*)&length, pkeySz) < 0) + return WOLFSSL_FAILURE; + + inOutIdx ++; + if (GetASNTag(pkey, &inOutIdx, &tagFound, pkeySz) != 0) + return WOLFSSL_FAILURE; + if (tagFound != ASN_INTEGER) + return WOLFSSL_FAILURE; + if (GetLength(pkey, &inOutIdx, (int*)&length, pkeySz) < 0) + return WOLFSSL_FAILURE; + + publicKeySz = length; + publicKey = (byte*)(pkey + inOutIdx); + + if (bitlen == 0) { + if (*publicKey == 0) + bitlen = (publicKeySz - 1) * 8; + else + bitlen = publicKeySz * 8; + } + + /* print elements */ + int idx = 0; + int wsz = 0; + + wsz = Indent(indent, buff + idx); + idx += wsz; + + wsz = sizeof("DH Public-Key: (") - 1; + XSTRNCPY((char*)(buff + idx), "DH Public-Key: (", wsz); + idx += wsz; + + wsz = ToDec(bitlen, buff + idx); + idx += wsz; + + wsz = sizeof(" bit)\n") - 1; + XSTRNCPY((char*)(buff + idx), " bit)\n", wsz); + idx += wsz; + + wolfSSL_BIO_write(out, buff, idx); + XMEMSET(buff, 0, sizeof(buff)); + + idx = 0; + wsz = Indent(indent, buff + idx); + idx += wsz; + + wsz = sizeof("public-key:\n") - 1; + XSTRNCPY((char*)(buff + idx), "public-key:\n", wsz); + idx += wsz; + + wolfSSL_BIO_write(out, buff, idx); + XMEMSET(buff, 0, sizeof(buff)); + + DumpElement(out, publicKey, publicKeySz, indent + 4); + + idx = 0; + wsz = Indent(indent, buff + idx); + idx += wsz; + + wsz = sizeof("prime:\n") - 1; + XSTRNCPY((char*)(buff + idx), "prime:\n", wsz); + idx += wsz; + + wolfSSL_BIO_write(out, buff, idx); + XMEMSET(buff, 0, sizeof(buff)); + + DumpElement(out, prime, primeSz, indent + 4); + + idx = 0; + wsz = Indent(indent, buff + idx); + idx += wsz; + + wsz = sizeof("generator: ") - 1; + XSTRNCPY((char*)(buff + idx), "generator: ", wsz); + idx += wsz; + + wsz = ToDec(generator, buff + idx); + idx += wsz; + + wsz = sizeof(" (0x") - 1; + XSTRNCPY((char*)(buff + idx), " (0x", wsz); + idx += wsz; + + wsz = ToHex(generator, buff + idx); + idx += wsz; + + wsz = sizeof(")\n") - 1; + XSTRNCPY((char*)(buff + idx), ")\n", wsz); + idx += wsz; + + wolfSSL_BIO_write(out, buff, idx); + XMEMSET(buff, 0, sizeof(buff)); + + return WOLFSSL_SUCCESS; +} +/* + * output public key info in human readable format + * returns 1 on success, 0 or negative on error. + * -2 means specified key algo is not supported. + */ +int wolfSSL_EVP_PKEY_print_public(WOLFSSL_BIO* out, + const WOLFSSL_EVP_PKEY* pkey, int indent, ASN1_PCTX* pctx) +{ + int res = 1; + int keybits; /* bit length of the key */ + + WOLFSSL_ENTER("wolfSSL_EVP_PKEY_print_public"); + + if (pkey == NULL || out == NULL) + return 0; + + switch (pkey->type) { + case EVP_PKEY_RSA: + + keybits = wolfSSL_EVP_PKEY_size((WOLFSSL_EVP_PKEY*)pkey) * 8; + res = PrintPubKeyRSA( + out, + (byte*)(pkey->pkey.ptr), /* buffer for pkey raw data */ + pkey->pkey_sz, /* raw pkey size */ + indent, /* indent size */ + keybits, /* bit length of the key */ + pctx); /* not used */ + break; + + case EVP_PKEY_EC: + +#if defined(HAVE_ECC) + keybits = wolfSSL_EVP_PKEY_size((WOLFSSL_EVP_PKEY*)pkey) * 8; + res = PrintPubKeyEC( + out, + (byte*)(pkey->pkey.ptr), /* buffer for pkey raw data */ + pkey->pkey_sz, /* raw pkey size */ + indent, /* indent size */ + keybits, /* bit length of the key */ + pctx); /* not used */ +#else + res = -2; /* not supported algo */ +#endif + break; + + case EVP_PKEY_DSA: + + keybits = wolfSSL_EVP_PKEY_size((WOLFSSL_EVP_PKEY*)pkey) * 8; + res = PrintPubKeyDSA( + out, + (byte*)(pkey->pkey.ptr), /* buffer for pkey raw data */ + pkey->pkey_sz, /* raw pkey size */ + indent, /* indent size */ + keybits, /* bit length of the key */ + pctx); /* not used */ + break; + + case EVP_PKEY_DH: + + keybits = wolfSSL_EVP_PKEY_size((WOLFSSL_EVP_PKEY*)pkey) * 8; + res = PrintPubKeyDH( + out, + (byte*)(pkey->pkey.ptr), /* buffer for pkey raw data */ + pkey->pkey_sz, /* raw pkey size */ + indent, /* indent size */ + keybits, /* bit length of the key */ + pctx); /* not used */ + break; + + default: + res = -2; /* not supported algo */ + } + return res; +} +#endif /* OPENSSL_EXTRA */ #if !defined(NO_PWDBASED) int wolfSSL_EVP_get_hashinfo(const WOLFSSL_EVP_MD* evp, diff --git a/wolfssl/certs_test.h b/wolfssl/certs_test.h index 9c6fd4a76d..fabf967eba 100644 --- a/wolfssl/certs_test.h +++ b/wolfssl/certs_test.h @@ -1028,6 +1028,157 @@ static const unsigned char dh_key_der_2048[] = }; static const int sizeof_dh_key_der_2048 = sizeof(dh_key_der_2048); +static const unsigned char dh_pub_key_der_2048[] = +{ + 0x30, 0x82, 0x02, 0x24, 0x30, 0x82, 0x01, 0x17, 0x06, 0x09, + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x03, 0x01, 0x30, + 0x82, 0x01, 0x08, 0x02, 0x82, 0x01, 0x01, 0x00, 0xD3, 0xB2, + 0x99, 0x84, 0x5C, 0x0A, 0x4C, 0xE7, 0x37, 0xCC, 0xFC, 0x18, + 0x37, 0x01, 0x2F, 0x5D, 0xC1, 0x4C, 0xF4, 0x5C, 0xC9, 0x82, + 0x8D, 0xB7, 0xF3, 0xD4, 0xA9, 0x8A, 0x9D, 0x34, 0xD7, 0x76, + 0x57, 0xE5, 0xE5, 0xC3, 0xE5, 0x16, 0x85, 0xCA, 0x4D, 0xD6, + 0x5B, 0xC1, 0xF8, 0xCF, 0x89, 0x26, 0xD0, 0x38, 0x8A, 0xEE, + 0xF3, 0xCD, 0x33, 0xE5, 0x56, 0xBB, 0x90, 0x83, 0x9F, 0x97, + 0x8E, 0x71, 0xFB, 0x27, 0xE4, 0x35, 0x15, 0x45, 0x86, 0x09, + 0x71, 0xA8, 0x9A, 0xB9, 0x3E, 0x0F, 0x51, 0x8A, 0xC2, 0x75, + 0x51, 0x23, 0x12, 0xFB, 0x94, 0x31, 0x44, 0xBF, 0xCE, 0xF6, + 0xED, 0xA6, 0x3A, 0xB7, 0x92, 0xCE, 0x16, 0xA9, 0x14, 0xB3, + 0x88, 0xB7, 0x13, 0x81, 0x71, 0x83, 0x88, 0xCD, 0xB1, 0xA2, + 0x37, 0xE1, 0x59, 0x5C, 0xD0, 0xDC, 0xCA, 0x82, 0x87, 0xFA, + 0x43, 0x44, 0xDD, 0x78, 0x3F, 0xCA, 0x27, 0x7E, 0xE1, 0x6B, + 0x93, 0x19, 0x7C, 0xD9, 0xA6, 0x96, 0x47, 0x0D, 0x12, 0xC1, + 0x13, 0xD7, 0xB9, 0x0A, 0x40, 0xD9, 0x1F, 0xFF, 0xB8, 0xB4, + 0x00, 0xC8, 0xAA, 0x5E, 0xD2, 0x66, 0x4A, 0x05, 0x8E, 0x9E, + 0xF5, 0x34, 0xE7, 0xD7, 0x09, 0x7B, 0x15, 0x49, 0x1D, 0x76, + 0x31, 0xD6, 0x71, 0xEC, 0x13, 0x4E, 0x89, 0x8C, 0x09, 0x22, + 0xD8, 0xE7, 0xA3, 0xE9, 0x7D, 0x21, 0x51, 0x26, 0x6E, 0x9F, + 0x30, 0x8A, 0xBB, 0xBC, 0x74, 0xC1, 0xC3, 0x27, 0x6A, 0xCE, + 0xA3, 0x12, 0x60, 0x68, 0x01, 0xD2, 0x34, 0x07, 0x80, 0xCC, + 0x2D, 0x7F, 0x5C, 0xAE, 0xA2, 0x97, 0x40, 0xC8, 0x3C, 0xAC, + 0xDB, 0x6F, 0xFE, 0x6C, 0x6D, 0xD2, 0x06, 0x1C, 0x43, 0xA2, + 0xB2, 0x2B, 0x82, 0xB7, 0xD0, 0xAB, 0x3F, 0x2C, 0xE7, 0x9C, + 0x19, 0x16, 0xD1, 0x5E, 0x26, 0x86, 0xC7, 0x92, 0xF9, 0x16, + 0x0B, 0xFA, 0x66, 0x83, 0x02, 0x01, 0x02, 0x03, 0x82, 0x01, + 0x05, 0x00, 0x02, 0x82, 0x01, 0x00, 0x34, 0x41, 0xBF, 0xE9, + 0xF2, 0x11, 0xBF, 0x05, 0xDB, 0xB2, 0x72, 0xA8, 0x29, 0xCC, + 0xBD, 0x93, 0xEB, 0x14, 0x5D, 0x2C, 0x6B, 0x84, 0x4E, 0x96, + 0x12, 0xB3, 0x38, 0xBA, 0x8A, 0x46, 0x7C, 0x36, 0xCB, 0xE9, + 0x97, 0x70, 0xC5, 0xC3, 0x85, 0xB5, 0x51, 0xA5, 0x8B, 0x39, + 0xA8, 0xEA, 0x47, 0xD3, 0xD5, 0x11, 0xC0, 0x6D, 0xE3, 0xE3, + 0x9E, 0x00, 0x4C, 0x65, 0x41, 0x9B, 0xF6, 0xD0, 0xAC, 0x26, + 0x88, 0x01, 0xFC, 0x3C, 0x26, 0x5F, 0x67, 0xF7, 0x77, 0xD7, + 0xAC, 0xC5, 0xCA, 0xBB, 0xD8, 0x70, 0x58, 0x41, 0xF5, 0xF1, + 0x21, 0x3B, 0x15, 0xD5, 0x31, 0xF2, 0xC4, 0x8E, 0x0C, 0x38, + 0x01, 0x93, 0xD3, 0x64, 0x63, 0x57, 0xDC, 0x31, 0xE5, 0xFD, + 0x9C, 0x2B, 0xA6, 0xDE, 0x15, 0xB2, 0xC8, 0x8D, 0x65, 0x71, + 0x2E, 0xED, 0xF9, 0x1D, 0x2D, 0xA1, 0x17, 0xDD, 0xA3, 0xDA, + 0xF3, 0x10, 0x81, 0x40, 0xFA, 0x4F, 0x49, 0xB0, 0xDA, 0x16, + 0x64, 0xBE, 0x6F, 0xC5, 0x05, 0xCE, 0xC4, 0x4F, 0x67, 0x80, + 0xB3, 0x8A, 0x81, 0x17, 0xEB, 0xF9, 0x6F, 0x6D, 0x9F, 0x7F, + 0xDE, 0xEE, 0x08, 0xB8, 0xFA, 0x81, 0x68, 0x66, 0xD6, 0xC6, + 0x08, 0x50, 0xAB, 0xF0, 0x29, 0xDE, 0x6B, 0x1D, 0x50, 0x13, + 0x7F, 0x54, 0x31, 0x53, 0x89, 0x5F, 0x48, 0x72, 0x24, 0xD4, + 0xD2, 0x1D, 0x27, 0x7D, 0x74, 0xCF, 0x51, 0x17, 0xF0, 0xC5, + 0x6D, 0x3C, 0x3D, 0x6D, 0x0A, 0x8B, 0xDB, 0xEF, 0x02, 0xD8, + 0xC3, 0xCB, 0xCA, 0x21, 0xCA, 0xD6, 0x9C, 0x18, 0x9E, 0x92, + 0xBE, 0x6E, 0xE2, 0x16, 0x5E, 0x89, 0x9B, 0xAD, 0xD4, 0x04, + 0x5A, 0x24, 0x5A, 0x3F, 0x7C, 0x12, 0xAC, 0xB4, 0x71, 0x51, + 0x25, 0x58, 0x74, 0xE4, 0xB2, 0xD4, 0x45, 0xFC, 0x5F, 0xCD, + 0x81, 0x8F, 0xE7, 0x96, 0x18, 0xD9, 0xE0, 0x97, 0x08, 0x45, + 0x36, 0xC3 +}; +static const int sizeof_dh_pub_key_der_2048 = sizeof(dh_pub_key_der_2048); + +static const unsigned char dsa_pub_key_der_2048[] = +{ + 0x30, 0x82, 0x03, 0x47, 0x30, 0x82, 0x02, 0x39, 0x06, 0x07, + 0x2A, 0x86, 0x48, 0xCE, 0x38, 0x04, 0x01, 0x30, 0x82, 0x02, + 0x2C, 0x02, 0x82, 0x01, 0x01, 0x00, 0xEB, 0x7E, 0x2C, 0x97, + 0x36, 0x67, 0x0E, 0x73, 0x9A, 0xAC, 0xFD, 0xB1, 0x19, 0x03, + 0x52, 0x61, 0x25, 0x12, 0xB2, 0x37, 0x3D, 0xEA, 0xCA, 0x80, + 0x07, 0x5D, 0x2D, 0x33, 0xA2, 0x4E, 0x6B, 0xB7, 0x62, 0xF8, + 0x87, 0x4D, 0x4B, 0x20, 0xDA, 0xEA, 0x6A, 0x96, 0x13, 0xB7, + 0xB9, 0x49, 0xC0, 0x86, 0x14, 0x71, 0xCD, 0x8C, 0x60, 0x61, + 0x94, 0x71, 0x89, 0x95, 0x1A, 0x0F, 0x38, 0xCC, 0x9C, 0x1F, + 0x20, 0xE5, 0xD0, 0x65, 0x75, 0xCD, 0xFE, 0x24, 0x29, 0xE6, + 0x60, 0x97, 0x74, 0xEC, 0x4C, 0x42, 0xE8, 0xBA, 0xE9, 0xC2, + 0xF7, 0xCB, 0x9B, 0xEA, 0x55, 0xD8, 0x40, 0x50, 0x2E, 0xCF, + 0xCD, 0x41, 0x01, 0xA9, 0xE5, 0x29, 0xCA, 0xC3, 0x36, 0x58, + 0x7E, 0x2E, 0x11, 0x96, 0x87, 0xC6, 0xFA, 0xE1, 0x27, 0x53, + 0x3D, 0x60, 0x93, 0x7B, 0xAD, 0xEE, 0xE7, 0xD4, 0xDC, 0xD6, + 0x03, 0x16, 0x92, 0xD4, 0x51, 0x0C, 0xFD, 0xA9, 0x01, 0x3E, + 0x6E, 0x27, 0x67, 0x6E, 0x9F, 0x29, 0x63, 0xFD, 0x51, 0x82, + 0x79, 0x83, 0x2B, 0xCB, 0x12, 0xCD, 0x50, 0x92, 0xAC, 0x16, + 0xC9, 0xEA, 0x9E, 0x68, 0x9E, 0x4B, 0xE1, 0x63, 0xB4, 0x80, + 0xE4, 0xDF, 0x75, 0xBC, 0x27, 0xD1, 0x76, 0x03, 0x48, 0x98, + 0x1D, 0xE3, 0x29, 0x8A, 0x99, 0x59, 0xF3, 0x75, 0x5B, 0xD9, + 0xAC, 0x59, 0x11, 0x52, 0x2F, 0xE0, 0x91, 0x55, 0xB0, 0xF2, + 0x5F, 0x0A, 0xF8, 0xD2, 0x7A, 0xDD, 0x8D, 0xE9, 0x92, 0xE2, + 0xF3, 0xF7, 0x4A, 0xB1, 0x50, 0xD7, 0xFE, 0x07, 0x8D, 0x27, + 0x7D, 0x08, 0x6F, 0x08, 0x7E, 0x25, 0x19, 0x0D, 0xDE, 0x11, + 0xD1, 0x63, 0x31, 0x84, 0x18, 0x25, 0xBE, 0x7D, 0x64, 0x77, + 0xDB, 0x4A, 0x20, 0xC5, 0x51, 0x75, 0xD8, 0xB1, 0x1B, 0xDF, + 0x91, 0x7F, 0xFC, 0x74, 0xBA, 0x9D, 0xD1, 0xFA, 0x8D, 0xBD, + 0x59, 0xFD, 0x02, 0x21, 0x00, 0xFA, 0xF7, 0x62, 0x9A, 0x62, + 0x19, 0x64, 0x6D, 0xC1, 0xF3, 0xC0, 0x9B, 0xAC, 0x90, 0x28, + 0xEA, 0xA1, 0x83, 0xF9, 0xC8, 0xED, 0x31, 0xEE, 0x33, 0x1D, + 0x35, 0x22, 0x00, 0x2B, 0x12, 0x84, 0xFF, 0x02, 0x82, 0x01, + 0x00, 0x73, 0xC9, 0xED, 0x1F, 0xBC, 0xC7, 0xC4, 0xEF, 0x46, + 0x03, 0xD1, 0x72, 0xC3, 0xE5, 0x29, 0xB0, 0x9A, 0x95, 0x13, + 0x5B, 0x4E, 0x59, 0x57, 0x0F, 0x80, 0xEB, 0x74, 0x87, 0x11, + 0x1B, 0xC8, 0x11, 0xB6, 0x97, 0x4C, 0x48, 0x50, 0x3A, 0xB8, + 0x2C, 0x28, 0xF3, 0xB0, 0x9C, 0x7C, 0x3D, 0xFF, 0x8B, 0x43, + 0x43, 0x30, 0x85, 0x5F, 0x97, 0xD2, 0x68, 0x85, 0x35, 0x2E, + 0xD4, 0x61, 0xF6, 0x3E, 0x05, 0xEC, 0xCD, 0x60, 0x13, 0xE2, + 0x16, 0x02, 0x7C, 0x8B, 0x21, 0xCE, 0x36, 0x71, 0xC4, 0xED, + 0x0B, 0x47, 0x76, 0x83, 0x23, 0x2F, 0x98, 0xA4, 0x84, 0x98, + 0x9C, 0xFB, 0xD0, 0xA8, 0xD9, 0xB9, 0xE3, 0xD7, 0x32, 0xD9, + 0xB5, 0x9E, 0x82, 0x93, 0xD0, 0x55, 0x74, 0x5F, 0xDA, 0x87, + 0x91, 0x90, 0x0F, 0x85, 0x74, 0x1A, 0x32, 0x76, 0x4F, 0xCC, + 0x2A, 0x18, 0x11, 0x5B, 0xB4, 0x78, 0x93, 0xB6, 0xE5, 0xF0, + 0xC6, 0x71, 0xE8, 0xD7, 0x31, 0x19, 0x91, 0x27, 0x71, 0x5A, + 0x02, 0x1A, 0x1A, 0x3A, 0x55, 0x95, 0xFF, 0xF8, 0xED, 0xD3, + 0xE1, 0xAE, 0x8A, 0x1D, 0xFF, 0x53, 0x63, 0x79, 0x13, 0xA1, + 0xAD, 0x0A, 0x68, 0x67, 0x43, 0xB2, 0x5B, 0xD5, 0x36, 0xD4, + 0x84, 0xD0, 0xCD, 0x34, 0x82, 0x84, 0xA4, 0x89, 0xAE, 0xA1, + 0x66, 0x57, 0x89, 0x6F, 0xDC, 0x0C, 0x3B, 0x48, 0x14, 0x7C, + 0xCC, 0x63, 0x7C, 0x83, 0x93, 0x55, 0x7D, 0xB4, 0xF3, 0x34, + 0x66, 0x72, 0x85, 0xF5, 0x8D, 0xEF, 0x90, 0x1A, 0x66, 0xF8, + 0x3B, 0xC6, 0xA4, 0x59, 0xB8, 0x25, 0x4E, 0x5D, 0x84, 0xED, + 0x7C, 0x1C, 0xDD, 0x35, 0xA6, 0xBA, 0xED, 0x3B, 0xD6, 0x49, + 0xE6, 0x5A, 0xD1, 0xF8, 0xEA, 0x96, 0x75, 0x92, 0xCF, 0x05, + 0x52, 0x05, 0x3D, 0x78, 0x09, 0xCF, 0xCD, 0xE2, 0x1A, 0x99, + 0xEB, 0x5E, 0xFA, 0x27, 0x73, 0x89, 0x15, 0x03, 0x82, 0x01, + 0x06, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, 0xC2, 0x35, 0x2D, + 0xEC, 0x83, 0x83, 0x6C, 0x73, 0x13, 0x9E, 0x52, 0x7C, 0x74, + 0xC8, 0x7B, 0xEE, 0xDF, 0x39, 0xC0, 0x33, 0xCD, 0x9F, 0xB2, + 0x22, 0x64, 0x9F, 0xC5, 0xE9, 0xFF, 0xF7, 0x09, 0x47, 0x79, + 0x13, 0x96, 0x77, 0x25, 0xF3, 0x5D, 0xAA, 0x9F, 0x97, 0x67, + 0x62, 0xBC, 0x94, 0x1D, 0xAE, 0x22, 0x7E, 0x08, 0x03, 0xBD, + 0x7E, 0x34, 0x29, 0xCB, 0x62, 0xB7, 0x82, 0x1D, 0xE2, 0xFA, + 0x05, 0xC6, 0xC1, 0x68, 0xE7, 0x01, 0x27, 0x63, 0x51, 0x3E, + 0x37, 0x59, 0x42, 0x92, 0x4F, 0x99, 0x60, 0xFD, 0x63, 0x94, + 0xB7, 0xD0, 0xEE, 0xC1, 0xA0, 0xA5, 0x01, 0x74, 0x4D, 0x0E, + 0x14, 0xB2, 0xE2, 0x2C, 0xE7, 0x82, 0x0A, 0x23, 0xC7, 0x39, + 0x45, 0x40, 0xE9, 0xE9, 0x9D, 0x36, 0xE0, 0x52, 0x03, 0x99, + 0xDC, 0x87, 0x7D, 0x6A, 0x90, 0xE4, 0xDD, 0xA9, 0xC2, 0x57, + 0x90, 0xD6, 0xCA, 0xB4, 0x15, 0x80, 0xEE, 0x00, 0xCB, 0x2A, + 0xC9, 0x59, 0x4C, 0xA7, 0x7D, 0x33, 0x0A, 0x3E, 0x4A, 0x76, + 0xEA, 0x27, 0x89, 0xD8, 0x1A, 0xEA, 0x7E, 0xDB, 0x13, 0x92, + 0x93, 0x6A, 0x57, 0x9B, 0x33, 0xFD, 0xCE, 0x09, 0x0A, 0xB0, + 0x35, 0x24, 0xE4, 0x7D, 0xD8, 0x9D, 0xFF, 0x80, 0x65, 0x0F, + 0x61, 0xF7, 0xF7, 0xED, 0x8B, 0xD5, 0x8F, 0xBF, 0xB3, 0x22, + 0x20, 0x39, 0x89, 0x83, 0xB8, 0x83, 0x96, 0x32, 0x20, 0xAD, + 0xA1, 0x5D, 0x73, 0x8F, 0xE3, 0x27, 0xD9, 0x5D, 0xDB, 0x00, + 0x27, 0xF2, 0xBE, 0x89, 0x13, 0xE2, 0x97, 0x79, 0x10, 0x27, + 0x3D, 0xD8, 0x05, 0x96, 0x59, 0x6E, 0xA0, 0xC1, 0x6F, 0x99, + 0x4F, 0x28, 0xFA, 0xA6, 0x0B, 0x5C, 0x16, 0xEE, 0xB0, 0x98, + 0x8A, 0x06, 0x4A, 0xB0, 0x02, 0x2A, 0x6D, 0xCC, 0xE2, 0xC8, + 0x11, 0xF9, 0x1B, 0xF1, 0x3C, 0x68, 0xDF, 0xC2, 0xF4, 0x98, + 0x5F, 0x6C, 0xC8 +}; +static const int sizeof_dsa_pub_key_der_2048 = sizeof(dsa_pub_key_der_2048); + /* ./certs/dsa2048.der, 2048-bit */ static const unsigned char dsa_key_der_2048[] = { diff --git a/wolfssl/openssl/evp.h b/wolfssl/openssl/evp.h index 98cc122f0f..5d6261ac4d 100644 --- a/wolfssl/openssl/evp.h +++ b/wolfssl/openssl/evp.h @@ -372,6 +372,11 @@ struct WOLFSSL_EVP_PKEY_CTX { int nbits; }; +typedef +struct WOLFSSL_ASN1_PCTX { + int dummy; +}WOLFSSL_ASN1_PCTX; + typedef int WOLFSSL_ENGINE ; typedef WOLFSSL_ENGINE ENGINE; typedef WOLFSSL_EVP_PKEY_CTX EVP_PKEY_CTX; @@ -668,6 +673,7 @@ typedef WOLFSSL_EVP_MD EVP_MD; typedef WOLFSSL_EVP_CIPHER EVP_CIPHER; typedef WOLFSSL_EVP_MD_CTX EVP_MD_CTX; typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX; +typedef WOLFSSL_ASN1_PCTX ASN1_PCTX; #ifndef NO_MD4 #define EVP_md4 wolfSSL_EVP_md4 @@ -898,6 +904,7 @@ typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX; #define EVP_CTRL_GCM_SET_TAG EVP_CTRL_AEAD_SET_TAG #define EVP_CTRL_GCM_SET_IV_FIXED EVP_CTRL_AEAD_SET_IV_FIXED +#define EVP_PKEY_print_public wolfSSL_EVP_PKEY_print_public #define EVP_PKEY_print_private(arg1, arg2, arg3, arg4) #ifndef EVP_MAX_MD_SIZE diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 0c81c9b771..593cfba119 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -1517,6 +1517,11 @@ WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_EVP(WOLFSSL_EVP_PKEY** key, unsigned char** in, long inSz); WOLFSSL_API int wolfSSL_i2d_PrivateKey(const WOLFSSL_EVP_PKEY* key, unsigned char** der); +#if defined(OPENSSL_EXTRA) +WOLFSSL_API int wolfSSL_EVP_PKEY_print_public(WOLFSSL_BIO* out, + const WOLFSSL_EVP_PKEY* pkey, + int indent, WOLFSSL_ASN1_PCTX* pctx); +#endif /* OPENSSL_EXTRA */ WOLFSSL_API int wolfSSL_X509_cmp_current_time(const WOLFSSL_ASN1_TIME*); #ifdef OPENSSL_EXTRA WOLFSSL_API int wolfSSL_X509_cmp_time(const WOLFSSL_ASN1_TIME* asnTime, diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h index 450f845eb6..8498a9d032 100644 --- a/wolfssl/wolfcrypt/asn_public.h +++ b/wolfssl/wolfcrypt/asn_public.h @@ -522,6 +522,9 @@ WOLFSSL_API void wc_FreeDer(DerBuffer** pDer); word32* outLen); /* public key helper */ + WOLFSSL_API int wc_EccPublicKeyDecode_ex(const byte* input, + word32* inOutIdx, int* curveId, + word32* pointIdx, int* pointSz, word32 inSz); WOLFSSL_API int wc_EccPublicKeyDecode(const byte*, word32*, ecc_key*, word32); WOLFSSL_API int wc_EccPublicKeyToDer(ecc_key*, byte* output, diff --git a/wolfssl/wolfcrypt/dh.h b/wolfssl/wolfcrypt/dh.h index 8bc1dd3d47..8ee18f0a02 100644 --- a/wolfssl/wolfcrypt/dh.h +++ b/wolfssl/wolfcrypt/dh.h @@ -117,6 +117,8 @@ WOLFSSL_API int wc_DhSetKey_ex(DhKey* key, const byte* p, word32 pSz, const byte* g, word32 gSz, const byte* q, word32 qSz); #ifdef WOLFSSL_DH_EXTRA +WOLFSSL_API int wc_DhPublicKeyDecode(const byte* input, word32* inOutIdx, + DhKey* key, word32 inSz); WOLFSSL_API int wc_DhImportKeyPair(DhKey* key, const byte* priv, word32 privSz, const byte* pub, word32 pubSz); WOLFSSL_API int wc_DhExportKeyPair(DhKey* key, byte* priv, word32* pPrivSz, From a7cca8a99b336972bbfb04a1ae80f430010673d3 Mon Sep 17 00:00:00 2001 From: TakayukiMatsuo Date: Tue, 23 Feb 2021 07:57:45 +0900 Subject: [PATCH 02/29] Fix wolfSSL_EVP_PKEY_print_public --- src/ssl.c | 4 +-- tests/api.c | 8 ++--- wolfcrypt/src/evp.c | 71 ++++++++++++++++++++++++++++++++++++++++++--- 3 files changed, 73 insertions(+), 10 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 0fda7460b4..5f68655a15 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -7877,7 +7877,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** out, #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ #endif /* !NO_DH && (WOLFSSL_QT || OPENSSL_ALL) */ - #if !defined(NO_DH) && defined(OPENSSL_EXTRA) + #if !defined(NO_DH) && defined(OPENSSL_EXTRA) && defined(WOLFSSL_DH_EXTRA) #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \ (HAVE_FIPS_VERSION > 2)) { @@ -7935,7 +7935,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** out, } } #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ - #endif /* !NO_DH && OPENSSL_EXTRA */ + #endif /* !NO_DH && OPENSSL_EXTRA && WOLFSSL_DH_EXTRA */ if (pkey == NULL) { WOLFSSL_MSG("wolfSSL_d2i_PUBKEY couldn't determine key type"); diff --git a/tests/api.c b/tests/api.c index f0a29a4eeb..5e4a12f91e 100644 --- a/tests/api.c +++ b/tests/api.c @@ -2439,8 +2439,8 @@ static void test_wolfSSL_EVP_PKEY_print_public(void) BIO_gets(wbio, line, sizeof(line)); res = XSTRNCMP( line, - " bc:73:0e:a8:49:f3:74:a2:a9:ef:18:a5:da:55:99:\n", - sizeof(" bc:73:0e:a8:49:f3:74:a2:a9:ef:18:a5:da:55:99:\n")); + " 00:bc:73:0e:a8:49:f3:74:a2:a9:ef:18:a5:da:55:\n", + sizeof(" 00:bc:73:0e:a8:49:f3:74:a2:a9:ef:18:a5:da:55:\n")); AssertIntEQ(res,0); /* skip to the end of modulus element*/ @@ -32207,7 +32207,7 @@ static void test_wolfSSL_d2i_PUBKEY(void) #endif #if defined(USE_CERT_BUFFERS_2048) && !defined(NO_DH) && \ -defined(OPENSSL_EXTRA) && !defined(WOLFSSL_DH_EXTRA) +defined(OPENSSL_EXTRA) && defined(WOLFSSL_DH_EXTRA) #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \ (HAVE_FIPS_VERSION > 2)) /* DH PUBKEY test */ @@ -40836,6 +40836,7 @@ void ApiTest(void) test_wolfSSL_EVP_MD_hmac_signing(); test_wolfSSL_EVP_MD_rsa_signing(); test_wolfSSL_EVP_MD_ecc_signing(); + test_wolfSSL_EVP_PKEY_print_public(); test_wolfSSL_CTX_add_extra_chain_cert(); #if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) test_wolfSSL_ERR_peek_last_error_line(); @@ -41066,7 +41067,6 @@ void ApiTest(void) test_EVP_PKEY_rsa(); test_wolfSSL_EVP_PKEY_encrypt(); test_wolfSSL_EVP_PKEY_sign(); - test_wolfSSL_EVP_PKEY_print_public(); test_EVP_PKEY_ec(); test_EVP_PKEY_cmp(); /* OpenSSL error API tests */ diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index b8a0b63441..baa92d1ade 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -6935,21 +6935,84 @@ static int DumpElement(WOLFSSL_BIO* out, const byte* input, static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, int indent, int bitlen, ASN1_PCTX* pctx) { - int res; byte buff[128] = { 0 }; word32 inOutIdx = 0; + int length = 0; word32 nSz = 0; /* size of modulus */ word32 eSz = 0; /* size of public exponent */ byte* n = NULL; byte* e = NULL; /* pointer to modulus/exponent */ - + word32 localIdx; + word32 oid; + byte tag; (void)pctx; - if ((res = wc_RsaPublicKeyDecode_ex(pkey, &inOutIdx, pkeySz, - (const byte**)&n, &nSz, (const byte**)&e, &eSz)) != 0) { + if (GetSequence(pkey, &inOutIdx, &length, pkeySz) < 0) return WOLFSSL_FAILURE; + + localIdx = inOutIdx; + if (GetASNTag(pkey, &localIdx, &tag, pkeySz) < 0) + return WOLFSSL_FAILURE; + + if (tag != ASN_INTEGER) { + /* not from decoded cert, will have algo id, skip past */ + if (GetSequence(pkey, &inOutIdx, &length, pkeySz) < 0) + return WOLFSSL_FAILURE; + + if (GetObjectId(pkey, &inOutIdx, &oid, oidIgnoreType, pkeySz) != 0) + return WOLFSSL_FAILURE; + + /* Option NULL ASN.1 tag */ + if (inOutIdx >= (word32)pkeySz) + return WOLFSSL_FAILURE; + + localIdx = inOutIdx; + if (GetASNTag(pkey, &inOutIdx, &tag, pkeySz) < 0) + return WOLFSSL_FAILURE; + + if (tag != ASN_TAG_NULL) + return WOLFSSL_FAILURE; + + inOutIdx ++; + + /* should have bit tag length and seq next */ + if( CheckBitString(pkey, &inOutIdx, NULL, pkeySz, 1, NULL) != 0) + return WOLFSSL_FAILURE; + + if (GetSequence(pkey, &inOutIdx, &length, pkeySz) < 0) + return WOLFSSL_FAILURE; } + /* Get modulus */ + if (GetASNTag(pkey, &inOutIdx, &tag, pkeySz ) < 0) + return WOLFSSL_FAILURE; + + if (tag != ASN_INTEGER) + return WOLFSSL_FAILURE; + + if (GetLength(pkey, &inOutIdx, &length, pkeySz) < 0) + return WOLFSSL_FAILURE; + + nSz = length; + n = (byte*)(&pkey[inOutIdx]); + inOutIdx += length; + + /* Get exponent */ + + if (GetASNTag(pkey, &inOutIdx, &tag, pkeySz) < 0) + return WOLFSSL_FAILURE; + + if (tag != ASN_INTEGER) + return WOLFSSL_FAILURE; + + if (GetLength(pkey, &inOutIdx, &length, pkeySz) < 0) + return WOLFSSL_FAILURE; + + eSz = length; + e = (byte*)(&pkey[inOutIdx]); + + /* print out public key elements */ + int idx = 0; int wsz = 0; From 760ea219a8c66bdb729b00713098fbdbb2dce583 Mon Sep 17 00:00:00 2001 From: TakayukiMatsuo Date: Wed, 24 Feb 2021 02:33:46 +0900 Subject: [PATCH 03/29] Fix for "unused variable" warning --- tests/api.c | 155 +++++++++++++++++++++++----------------------------- 1 file changed, 67 insertions(+), 88 deletions(-) diff --git a/tests/api.c b/tests/api.c index 5e4a12f91e..9caa55d54b 100644 --- a/tests/api.c +++ b/tests/api.c @@ -2401,7 +2401,7 @@ static void test_wolfSSL_EVP_PKEY_print_public(void) WOLFSSL_BIO* wbio = NULL; WOLFSSL_EVP_PKEY* pkey = NULL; char line[256] = { 0 }; - int res; + printf(testingFmt, "wolfSSL_EVP_PKEY_print_public()"); /* test error cases */ @@ -2411,7 +2411,7 @@ static void test_wolfSSL_EVP_PKEY_print_public(void) * test RSA public key print * in this test, pass '3' for indent */ - #if !defined(NO_RSA) && defined(USE_CERT_BUFFERS_1024) +#if !defined(NO_RSA) && defined(USE_CERT_BUFFERS_1024) rbio = BIO_new_mem_buf( client_keypub_der_1024, sizeof_client_keypub_der_1024); @@ -2423,25 +2423,23 @@ static void test_wolfSSL_EVP_PKEY_print_public(void) wbio = BIO_new(BIO_s_mem()); AssertNotNull(wbio); - res = wolfSSL_EVP_PKEY_print_public(wbio, pkey,3,NULL); - AssertIntEQ(res,1); + AssertIntEQ(wolfSSL_EVP_PKEY_print_public(wbio, pkey,3,NULL),1); BIO_gets(wbio, line, sizeof(line)); - res = XSTRNCMP( line, " RSA Public-Key: (1024 bit)\n", - sizeof(" RSA Public-Key: (1024 bit)\n")); + AssertIntEQ(XSTRNCMP( line, " RSA Public-Key: (1024 bit)\n", + sizeof(" RSA Public-Key: (1024 bit)\n")),0); - AssertIntEQ(res,0); BIO_gets(wbio, line, sizeof(line)); - res = XSTRNCMP( line, " Modulus:\n", - sizeof(" Modulus:\n")); - AssertIntEQ(res,0); + AssertIntEQ(XSTRNCMP( line, " Modulus:\n", + sizeof(" Modulus:\n")),0); + BIO_gets(wbio, line, sizeof(line)); - res = XSTRNCMP( line, + AssertIntEQ(XSTRNCMP( line, " 00:bc:73:0e:a8:49:f3:74:a2:a9:ef:18:a5:da:55:\n", - sizeof(" 00:bc:73:0e:a8:49:f3:74:a2:a9:ef:18:a5:da:55:\n")); - AssertIntEQ(res,0); + sizeof(" 00:bc:73:0e:a8:49:f3:74:a2:a9:ef:18:a5:da:55:\n")),0); + /* skip to the end of modulus element*/ for( int i = 0; i < 7 ;i++) { @@ -2449,9 +2447,9 @@ static void test_wolfSSL_EVP_PKEY_print_public(void) } BIO_gets(wbio, line, sizeof(line)); - res = XSTRNCMP( line, " Exponent: 65537 (0x010001)\n", - sizeof(" Exponent: 65537 (0x010001)\n")); - AssertIntEQ(res,0); + AssertIntEQ(XSTRNCMP( line, " Exponent: 65537 (0x010001)\n", + sizeof(" Exponent: 65537 (0x010001)\n")),0); + /* should reach EOF */ AssertIntLE(BIO_gets(wbio, line, sizeof(line)) ,0); @@ -2463,12 +2461,12 @@ static void test_wolfSSL_EVP_PKEY_print_public(void) rbio = NULL; wbio = NULL; - #endif /* !NO_RSA && USE_CERT_BUFFERS_1024*/ +#endif /* !NO_RSA && USE_CERT_BUFFERS_1024*/ /* * test DSA public key print */ - #if !defined(NO_DSA) && defined(USE_CERT_BUFFERS_2048) +#if !defined(NO_DSA) && defined(USE_CERT_BUFFERS_2048) rbio = BIO_new_mem_buf( dsa_pub_key_der_2048, sizeof_dsa_pub_key_der_2048); AssertNotNull(rbio); @@ -2479,25 +2477,20 @@ static void test_wolfSSL_EVP_PKEY_print_public(void) wbio = BIO_new(BIO_s_mem()); AssertNotNull(wbio); - res = wolfSSL_EVP_PKEY_print_public(wbio, pkey,0,NULL); - AssertIntEQ(res,1); + AssertIntEQ(wolfSSL_EVP_PKEY_print_public(wbio, pkey,0,NULL),1); BIO_gets(wbio, line, sizeof(line)); - res = XSTRNCMP( line, "DSA Public-Key: (2048 bit)\n", - sizeof("DSA Public-Key: (2048 bit)\n")); - - AssertIntEQ(res,0); + AssertIntEQ(XSTRNCMP( line, "DSA Public-Key: (2048 bit)\n", + sizeof("DSA Public-Key: (2048 bit)\n")),0); BIO_gets(wbio, line, sizeof(line)); - res = XSTRNCMP( line, "pub:\n", - sizeof("pub:\n")); - AssertIntEQ(res,0); + AssertIntEQ(XSTRNCMP( line, "pub:\n", + sizeof("pub:\n")),0); BIO_gets(wbio, line, sizeof(line)); - res = XSTRNCMP( line, + AssertIntEQ(XSTRNCMP( line, " 00:c2:35:2d:ec:83:83:6c:73:13:9e:52:7c:74:c8:\n", - sizeof(" 00:c2:35:2d:ec:83:83:6c:73:13:9e:52:7c:74:c8:\n")); - AssertIntEQ(res,0); + sizeof(" 00:c2:35:2d:ec:83:83:6c:73:13:9e:52:7c:74:c8:\n")),0); /* skip to the end of pub element*/ for( int i = 0; i < 17 ;i++) { @@ -2505,10 +2498,9 @@ static void test_wolfSSL_EVP_PKEY_print_public(void) } BIO_gets(wbio, line, sizeof(line)); - res = XSTRNCMP( line, - "P:\n", - sizeof("P:\n")); - AssertIntEQ(res,0); + AssertIntEQ(XSTRNCMP( line, + "P:\n", + sizeof("P:\n")),0); /* skip to the end of P element*/ for( int i = 0; i < 18 ;i++) { @@ -2516,20 +2508,18 @@ static void test_wolfSSL_EVP_PKEY_print_public(void) } BIO_gets(wbio, line, sizeof(line)); - res = XSTRNCMP( line, - "Q:\n", - sizeof("Q:\n")); - AssertIntEQ(res,0); + AssertIntEQ(XSTRNCMP( line, + "Q:\n", + sizeof("Q:\n")),0); /* skip to the end of Q element*/ for( int i = 0; i < 3 ;i++) { BIO_gets(wbio, line, sizeof(line)); } BIO_gets(wbio, line, sizeof(line)); - res = XSTRNCMP( line, - "G:\n", - sizeof("G:\n")); - AssertIntEQ(res,0); + AssertIntEQ(XSTRNCMP( line, + "G:\n", + sizeof("G:\n")),0); /* skip to the end of G element*/ for( int i = 0; i < 18 ;i++) { @@ -2545,12 +2535,12 @@ static void test_wolfSSL_EVP_PKEY_print_public(void) rbio = NULL; wbio = NULL; - #endif /* !NO_DSA && USE_CERT_BUFFERS_2048 */ +#endif /* !NO_DSA && USE_CERT_BUFFERS_2048 */ /* * test ECC public key print */ - #if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256) +#if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256) rbio = BIO_new_mem_buf( ecc_clikeypub_der_256, sizeof_ecc_clikeypub_der_256); @@ -2562,25 +2552,20 @@ static void test_wolfSSL_EVP_PKEY_print_public(void) wbio = BIO_new(BIO_s_mem()); AssertNotNull(wbio); - res = wolfSSL_EVP_PKEY_print_public(wbio, pkey,0,NULL); - AssertIntEQ(res,1); + AssertIntEQ(wolfSSL_EVP_PKEY_print_public(wbio, pkey,0,NULL),1); BIO_gets(wbio, line, sizeof(line)); - res = XSTRNCMP( line, "Public-Key: (256 bit)\n", - sizeof("Public-Key: (256 bit)\n")); - - AssertIntEQ(res,0); + AssertIntEQ(XSTRNCMP( line, "Public-Key: (256 bit)\n", + sizeof("Public-Key: (256 bit)\n")),0); BIO_gets(wbio, line, sizeof(line)); - res = XSTRNCMP( line, "pub:\n", - sizeof("pub:\n")); - AssertIntEQ(res,0); + AssertIntEQ(XSTRNCMP( line, "pub:\n", + sizeof("pub:\n")),0); BIO_gets(wbio, line, sizeof(line)); - res = XSTRNCMP( line, + AssertIntEQ(XSTRNCMP( line, " 04:55:bf:f4:0f:44:50:9a:3d:ce:9b:b7:f0:c5:4d:\n", - sizeof(" 04:55:bf:f4:0f:44:50:9a:3d:ce:9b:b7:f0:c5:4d:\n")); - AssertIntEQ(res,0); + sizeof(" 04:55:bf:f4:0f:44:50:9a:3d:ce:9b:b7:f0:c5:4d:\n")),0); /* skip to the end of pub element*/ for( int i = 0; i < 4 ;i++) { @@ -2588,14 +2573,13 @@ static void test_wolfSSL_EVP_PKEY_print_public(void) } BIO_gets(wbio, line, sizeof(line)); - res = XSTRNCMP( line, "ASN1 OID: prime256v1\n", - sizeof("ASN1 OID: prime256v1\n")); - AssertIntEQ(res,0); + AssertIntEQ(XSTRNCMP( line, "ASN1 OID: prime256v1\n", + sizeof("ASN1 OID: prime256v1\n")),0); BIO_gets(wbio, line, sizeof(line)); - res = XSTRNCMP( line, "NIST CURVE: P-256\n", - sizeof("NIST CURVE: P-256")); - AssertIntEQ(res,0); + AssertIntEQ(XSTRNCMP( line, "NIST CURVE: P-256\n", + sizeof("NIST CURVE: P-256")),0); + /* should reach EOF */ AssertIntLE(BIO_gets(wbio, line, sizeof(line)) ,0); @@ -2607,12 +2591,12 @@ static void test_wolfSSL_EVP_PKEY_print_public(void) rbio = NULL; wbio = NULL; - #endif /* HAVE_ECC && USE_CERT_BUFFERS_256 */ +#endif /* HAVE_ECC && USE_CERT_BUFFERS_256 */ /* * test DH public key print */ - #if defined(WOLFSSL_DH_EXTRA) && defined(USE_CERT_BUFFERS_2048) +#if defined(WOLFSSL_DH_EXTRA) && defined(USE_CERT_BUFFERS_2048) rbio = BIO_new_mem_buf( dh_pub_key_der_2048, sizeof_dh_pub_key_der_2048); @@ -2624,25 +2608,20 @@ static void test_wolfSSL_EVP_PKEY_print_public(void) wbio = BIO_new(BIO_s_mem()); AssertNotNull(wbio); - res = wolfSSL_EVP_PKEY_print_public(wbio, pkey,0,NULL); - AssertIntEQ(res,1); + AssertIntEQ(wolfSSL_EVP_PKEY_print_public(wbio, pkey,0,NULL),1); BIO_gets(wbio, line, sizeof(line)); - res = XSTRNCMP( line, "DH Public-Key: (2048 bit)\n", - sizeof("DH Public-Key: (2048 bit)\n")); - - AssertIntEQ(res,0); + AssertIntEQ(XSTRNCMP( line, "DH Public-Key: (2048 bit)\n", + sizeof("DH Public-Key: (2048 bit)\n")),0); BIO_gets(wbio, line, sizeof(line)); - res = XSTRNCMP( line, "public-key:\n", - sizeof("public-key:\n")); - AssertIntEQ(res,0); + AssertIntEQ(XSTRNCMP( line, "public-key:\n", + sizeof("public-key:\n")),0); BIO_gets(wbio, line, sizeof(line)); - res = XSTRNCMP( line, + AssertIntEQ(XSTRNCMP( line, " 34:41:bf:e9:f2:11:bf:05:db:b2:72:a8:29:cc:bd:\n", - sizeof(" 34:41:bf:e9:f2:11:bf:05:db:b2:72:a8:29:cc:bd:\n")); - AssertIntEQ(res,0); + sizeof(" 34:41:bf:e9:f2:11:bf:05:db:b2:72:a8:29:cc:bd:\n")),0); /* skip to the end of public-key element*/ for( int i = 0; i < 17 ;i++) { @@ -2650,16 +2629,14 @@ static void test_wolfSSL_EVP_PKEY_print_public(void) } BIO_gets(wbio, line, sizeof(line)); - res = XSTRNCMP( line, - "prime:\n", - sizeof("prime:\n")); - AssertIntEQ(res,0); + AssertIntEQ(XSTRNCMP( line, + "prime:\n", + sizeof("prime:\n")),0); BIO_gets(wbio, line, sizeof(line)); - res = XSTRNCMP( line, + AssertIntEQ(XSTRNCMP( line, " 00:d3:b2:99:84:5c:0a:4c:e7:37:cc:fc:18:37:01:\n", - sizeof(" 00:d3:b2:99:84:5c:0a:4c:e7:37:cc:fc:18:37:01:\n")); - AssertIntEQ(res,0); + sizeof(" 00:d3:b2:99:84:5c:0a:4c:e7:37:cc:fc:18:37:01:\n")),0); /* skip to the end of prime element*/ for( int i = 0; i < 17 ;i++) { @@ -2667,10 +2644,9 @@ static void test_wolfSSL_EVP_PKEY_print_public(void) } BIO_gets(wbio, line, sizeof(line)); - res = XSTRNCMP( line, + AssertIntEQ(XSTRNCMP( line, "generator: 2 (0x02)\n", - sizeof("generator: 2 (0x02)\n")); - AssertIntEQ(res,0); + sizeof("generator: 2 (0x02)\n")),0); /* should reach EOF */ AssertIntLE(BIO_gets(wbio, line, sizeof(line)) ,0); @@ -2682,8 +2658,11 @@ static void test_wolfSSL_EVP_PKEY_print_public(void) rbio = NULL; wbio = NULL; - #endif /* WOLFSSL_DH_EXTRA && USE_CERT_BUFFERS_2048 */ - +#endif /* WOLFSSL_DH_EXTRA && USE_CERT_BUFFERS_2048 */ + (void)pkey; + (void)wbio; + (void)rbio; + (void)line; printf(resultFmt, passed); #endif /* OPENSSL_EXTRA */ } From 2d0207fc60a94ad7bf904bd23e9b5da88b25af18 Mon Sep 17 00:00:00 2001 From: TakayukiMatsuo Date: Wed, 24 Feb 2021 05:38:28 +0900 Subject: [PATCH 04/29] Fix undeclared identifier errors --- tests/api.c | 32 ++++++++++++---- wolfcrypt/src/evp.c | 89 +++++++++++++++++++++++++++------------------ 2 files changed, 78 insertions(+), 43 deletions(-) diff --git a/tests/api.c b/tests/api.c index 9caa55d54b..c52ec3bf54 100644 --- a/tests/api.c +++ b/tests/api.c @@ -2659,6 +2659,8 @@ static void test_wolfSSL_EVP_PKEY_print_public(void) wbio = NULL; #endif /* WOLFSSL_DH_EXTRA && USE_CERT_BUFFERS_2048 */ + + /* to prevent "unused variable" warning */ (void)pkey; (void)wbio; (void)rbio; @@ -22512,6 +22514,11 @@ static int test_wc_EccPrivateKeyToDer (void) static int test_wc_EccPublicKeyDecode_ex(void) { int ret = 0; + word32 inOutIdx; + int curveId; + word32 pointIdx; + int pointSz; + #if defined(HAVE_ECC) printf(testingFmt, "test_wc_EccPublicKeyDecode_ex()"); @@ -22521,10 +22528,6 @@ static int test_wc_EccPublicKeyDecode_ex(void) ret = 0; } #if defined(USE_CERT_BUFFERS_256) - word32 inOutIdx; - int curveId; - word32 pointIdx; - int pointSz; if (ret == 0) { ret = wc_EccPublicKeyDecode_ex(ecc_clikeypub_der_256, @@ -22533,24 +22536,28 @@ static int test_wc_EccPublicKeyDecode_ex(void) ret = 0; } if (ret == 0) { + inOutIdx = 0; ret = wc_EccPublicKeyDecode_ex(ecc_clikeypub_der_256, &inOutIdx,NULL,NULL,NULL,0); if (ret == BAD_FUNC_ARG) ret = 0; } if (ret == 0) { + inOutIdx = 0; ret = wc_EccPublicKeyDecode_ex(ecc_clikeypub_der_256, &inOutIdx,&curveId,NULL,NULL,0); if (ret == BAD_FUNC_ARG) ret = 0; } if (ret == 0) { + inOutIdx = 0; ret = wc_EccPublicKeyDecode_ex(ecc_clikeypub_der_256, &inOutIdx,&curveId,&pointIdx,NULL,0); if(ret == BAD_FUNC_ARG) ret = 0; } if (ret == 0) { + inOutIdx = 0; ret = wc_EccPublicKeyDecode_ex(ecc_clikeypub_der_256, &inOutIdx,&curveId,&pointIdx,&pointSz,0); if (ret == BAD_FUNC_ARG) @@ -22558,12 +22565,14 @@ static int test_wc_EccPublicKeyDecode_ex(void) } /* pass bad input size */ if (ret == 0) { + inOutIdx = 0; ret = wc_EccPublicKeyDecode_ex(ecc_clikeypub_der_256, &inOutIdx,&curveId,&pointIdx,&pointSz,sizeof_ecc_clikeypub_der_256 - 3 ); if (ret < 0 ) ret = 0; } if (ret == 0) { + inOutIdx = 0; ret = wc_EccPublicKeyDecode_ex(ecc_clikeypub_der_256, &inOutIdx,&curveId,&pointIdx,&pointSz,sizeof_ecc_clikeypub_der_256); if (ret == 0 && inOutIdx == 91 && curveId == 7 && @@ -22578,6 +22587,10 @@ static int test_wc_EccPublicKeyDecode_ex(void) printf(resultFmt, ret == 0 ? passed : failed); #endif /* HAVE_ECC */ + (void)inOutIdx; + (void)curveId; + (void)pointIdx; + (void)pointSz; return ret; } /* @@ -22586,12 +22599,12 @@ static int test_wc_EccPublicKeyDecode_ex(void) static int test_wc_DhPublicKeyDecode(void) { int ret = 0; -#if defined(WOLFSSL_DH_EXTRA) && defined(USE_CERT_BUFFERS_2048) - printf(testingFmt, "test_wc_DhPublicKeyDecode()"); - word32 inOutIdx; DhKey key; +#if defined(WOLFSSL_DH_EXTRA) && defined(USE_CERT_BUFFERS_2048) + printf(testingFmt, "test_wc_DhPublicKeyDecode()"); + if (ret == 0) { ret = wc_DhPublicKeyDecode(NULL,NULL,NULL,0); if (ret == BAD_FUNC_ARG) @@ -22603,16 +22616,19 @@ static int test_wc_DhPublicKeyDecode(void) ret = 0; } if (ret == 0) { + inOutIdx = 0; ret = wc_DhPublicKeyDecode(dh_pub_key_der_2048,&inOutIdx,NULL,0); if (ret == BAD_FUNC_ARG) ret = 0; } if (ret == 0) { + inOutIdx = 0; ret = wc_DhPublicKeyDecode(dh_pub_key_der_2048,&inOutIdx,&key,0); if (ret == BAD_FUNC_ARG) ret = 0; } if (ret == 0) { + inOutIdx = 0; ret = wc_DhPublicKeyDecode(dh_pub_key_der_2048,&inOutIdx,&key, sizeof_dh_pub_key_der_2048); if (ret == 0 && key.p.used != 0 && key.g.used != 0 && @@ -22626,6 +22642,8 @@ static int test_wc_DhPublicKeyDecode(void) printf(resultFmt, ret == 0 ? passed : failed); #endif + (void)inOutIdx; + (void)key; return ret; } diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index baa92d1ade..c65ff7a155 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -6806,15 +6806,15 @@ void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY* key) #if defined(OPENSSL_EXTRA) static int ToHex( byte in, byte* hex ) { - if ( hex == NULL ) - return 0; - + byte UpNibble,LwNibble; byte HexTbl[16] = { '0','1','2','3','4','5','6','7', '8','9','a','b','c','d','e','f' }; - byte UpNibble = (in >> 4) & 0x0f; - byte LwNibble = in & 0x0f; + if ( hex == NULL ) + return 0; + UpNibble = (in >> 4) & 0x0f; + LwNibble = in & 0x0f; *hex++ = HexTbl[UpNibble]; *hex = HexTbl[LwNibble]; return 2; @@ -6822,12 +6822,14 @@ static int ToHex( byte in, byte* hex ) /* convert input value to upto five digit decimal */ static int ToDec(word32 in, byte* hex) { + int i = 0; + byte dgt[5]; + word32 quo; + int written; + if (hex == NULL || in > 99999 ) return 0; - - byte dgt[5]; - word32 quo = in; - + quo = in; dgt[4] = quo % 10; quo = quo / 10; dgt[3] = quo % 10; @@ -6839,7 +6841,6 @@ static int ToDec(word32 in, byte* hex) dgt[0] = quo % 10; /* to remove leading zero */ - int i = 0; if (dgt[0] == 0) { if (dgt[1] == 0) { if (dgt[2] == 0) { @@ -6854,39 +6855,45 @@ static int ToDec(word32 in, byte* hex) }else i = 0; - int wrote = 5 - i; + written = 5 - i; for (; i < 5; i++) { *hex++ = dgt[i] + '0'; } - return wrote; + return written; } static int Indent(int indents, byte* dst ) { + int i; if (dst == NULL) return 0; - for (int i = indents; i; i--) {*dst++ = ' ';} + for (i = indents; i; i--) {*dst++ = ' ';} return indents; } static int DumpElement(WOLFSSL_BIO* out, const byte* input, int inlen, int indent) { - int idx = 0; - int wsz = 0; - byte buff[128] = { 0 }; + word32 in = 0; + word32 i; + int idx = 0; + int wsz = 0; + byte buff[128] = { 0 }; + word32 line; + word32 len; + word32 left; + const byte* point; + + point = input; + len = inlen; + line = len / 15; + left = len % 15; /* print pub element */ idx = 0; wsz = Indent(indent, buff + idx); idx += wsz; - const byte* point = input; - word32 len = inlen; - word32 line = len / 15; - word32 left = len % 15; - word32 in = 0; - word32 i; while (line) { idx = 0; @@ -6947,6 +6954,9 @@ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, word32 oid; byte tag; (void)pctx; + int idx = 0; + int wsz = 0; + word32 i; if (GetSequence(pkey, &inOutIdx, &length, pkeySz) < 0) return WOLFSSL_FAILURE; @@ -7013,8 +7023,8 @@ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, /* print out public key elements */ - int idx = 0; - int wsz = 0; + idx = 0; + wsz = 0; wsz = Indent(indent, buff + idx); idx += wsz; @@ -7057,7 +7067,7 @@ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, idx += wsz; word32 exponent = 0; - for (word32 i = 0; i < eSz; i++) { + for (i = 0; i < eSz; i++) { exponent <<= 8; exponent += e[i]; } @@ -7068,7 +7078,7 @@ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, XSTRNCPY((char*)(buff + idx), " (0x", wsz); idx += wsz; - for (word32 i = 0; i < eSz; i++) { + for (i = 0; i < eSz; i++) { wsz = ToHex(e[i], buff + idx); idx += wsz; } @@ -7098,8 +7108,11 @@ static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, const char* nistCurveName = NULL; int nid; WOLFSSL_ObjectInfo* oi = NULL; - + word32 i; inOutIdx = 0; + int idx = 0; + int wsz = 0; + res = wc_EccPublicKeyDecode_ex(pkey, &inOutIdx, &curveId, &pointIdx, &pointSz, pkeySz); if (res != 0) @@ -7111,7 +7124,7 @@ static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, oi = (WOLFSSL_ObjectInfo*)wolfssl_object_info; OIDName = NULL; - for (size_t i = 0;i < wolfssl_object_info_sz; i++) { + for (i = 0;i < wolfssl_object_info_sz; i++) { if ( (oi + i)->type == oidCurveType && (oi + i)->nid == nid) { OIDName = (char*)((oi + i)->sName); break; @@ -7121,8 +7134,8 @@ static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, /* get NIST curve name */ nistCurveName = wolfSSL_EC_curve_nid2nist(nid); - int idx = 0; - int wsz = 0; + idx = 0; + wsz = 0; wsz = Indent(indent, buff + idx); idx += wsz; @@ -7165,7 +7178,7 @@ static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, XSTRNCPY((char*)(buff + idx), "ASN1 OID: ", wsz); idx += wsz; - wsz = XSTRLEN(OIDName); + wsz = (int)XSTRLEN(OIDName); XSTRNCPY((char*)(buff + idx), OIDName, wsz); idx += wsz; @@ -7186,7 +7199,7 @@ static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, XSTRNCPY((char*)(buff + idx), "NIST CURVE: ", wsz); idx += wsz; - wsz = XSTRLEN(nistCurveName); + wsz = (int)XSTRLEN(nistCurveName); XSTRNCPY((char*)(buff + idx), nistCurveName, wsz); idx += wsz; @@ -7213,6 +7226,8 @@ static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, byte tagFound; byte *p = NULL, * q = NULL, * g = NULL, * y = NULL; int pSz, qSz, gSz, ySz; + int idx = 0; + int wsz = 0; inOutIdx = 0; if (GetSequence(pkey, &inOutIdx, &length, pkeySz) < 0) @@ -7289,8 +7304,8 @@ static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, y = (byte*)(pkey + inOutIdx); ySz = length; - int idx = 0; - int wsz = 0; + idx = 0; + wsz = 0; wsz = Indent(indent, buff + idx); idx += wsz; @@ -7381,6 +7396,8 @@ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, byte generator; byte* publicKey = NULL; int publicKeySz; + int idx = 0; + int wsz = 0; inOutIdx = 0; if (GetSequence(pkey, &inOutIdx, (int*)&length, pkeySz) < 0) @@ -7444,8 +7461,8 @@ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, } /* print elements */ - int idx = 0; - int wsz = 0; + idx = 0; + wsz = 0; wsz = Indent(indent, buff + idx); idx += wsz; From 78e2e37fd6b3ae1b5cbf0f86f559973464257a5e Mon Sep 17 00:00:00 2001 From: TakayukiMatsuo Date: Fri, 26 Feb 2021 17:17:32 +0900 Subject: [PATCH 05/29] Remove unneccessary local variable initializations and remove local variable declarations in for-loops --- tests/api.c | 23 ++++++++++++----------- wolfcrypt/src/evp.c | 17 ++--------------- 2 files changed, 14 insertions(+), 26 deletions(-) diff --git a/tests/api.c b/tests/api.c index c52ec3bf54..8f52896e7c 100644 --- a/tests/api.c +++ b/tests/api.c @@ -2401,7 +2401,7 @@ static void test_wolfSSL_EVP_PKEY_print_public(void) WOLFSSL_BIO* wbio = NULL; WOLFSSL_EVP_PKEY* pkey = NULL; char line[256] = { 0 }; - + int i; printf(testingFmt, "wolfSSL_EVP_PKEY_print_public()"); /* test error cases */ @@ -2442,7 +2442,7 @@ static void test_wolfSSL_EVP_PKEY_print_public(void) /* skip to the end of modulus element*/ - for( int i = 0; i < 7 ;i++) { + for( i = 0; i < 7 ;i++) { BIO_gets(wbio, line, sizeof(line)); } @@ -2493,7 +2493,7 @@ static void test_wolfSSL_EVP_PKEY_print_public(void) sizeof(" 00:c2:35:2d:ec:83:83:6c:73:13:9e:52:7c:74:c8:\n")),0); /* skip to the end of pub element*/ - for( int i = 0; i < 17 ;i++) { + for( i = 0; i < 17 ;i++) { BIO_gets(wbio, line, sizeof(line)); } @@ -2503,7 +2503,7 @@ static void test_wolfSSL_EVP_PKEY_print_public(void) sizeof("P:\n")),0); /* skip to the end of P element*/ - for( int i = 0; i < 18 ;i++) { + for( i = 0; i < 18 ;i++) { BIO_gets(wbio, line, sizeof(line)); } @@ -2513,7 +2513,7 @@ static void test_wolfSSL_EVP_PKEY_print_public(void) sizeof("Q:\n")),0); /* skip to the end of Q element*/ - for( int i = 0; i < 3 ;i++) { + for( i = 0; i < 3 ;i++) { BIO_gets(wbio, line, sizeof(line)); } BIO_gets(wbio, line, sizeof(line)); @@ -2522,7 +2522,7 @@ static void test_wolfSSL_EVP_PKEY_print_public(void) sizeof("G:\n")),0); /* skip to the end of G element*/ - for( int i = 0; i < 18 ;i++) { + for( i = 0; i < 18 ;i++) { BIO_gets(wbio, line, sizeof(line)); } /* should reach EOF */ @@ -2568,7 +2568,7 @@ static void test_wolfSSL_EVP_PKEY_print_public(void) sizeof(" 04:55:bf:f4:0f:44:50:9a:3d:ce:9b:b7:f0:c5:4d:\n")),0); /* skip to the end of pub element*/ - for( int i = 0; i < 4 ;i++) { + for( i = 0; i < 4 ;i++) { BIO_gets(wbio, line, sizeof(line)); } @@ -2624,7 +2624,7 @@ static void test_wolfSSL_EVP_PKEY_print_public(void) sizeof(" 34:41:bf:e9:f2:11:bf:05:db:b2:72:a8:29:cc:bd:\n")),0); /* skip to the end of public-key element*/ - for( int i = 0; i < 17 ;i++) { + for( i = 0; i < 17 ;i++) { BIO_gets(wbio, line, sizeof(line)); } @@ -2639,7 +2639,7 @@ static void test_wolfSSL_EVP_PKEY_print_public(void) sizeof(" 00:d3:b2:99:84:5c:0a:4c:e7:37:cc:fc:18:37:01:\n")),0); /* skip to the end of prime element*/ - for( int i = 0; i < 17 ;i++) { + for( i = 0; i < 17 ;i++) { BIO_gets(wbio, line, sizeof(line)); } @@ -2665,6 +2665,7 @@ static void test_wolfSSL_EVP_PKEY_print_public(void) (void)wbio; (void)rbio; (void)line; + (void)i; printf(resultFmt, passed); #endif /* OPENSSL_EXTRA */ } @@ -22600,9 +22601,10 @@ static int test_wc_DhPublicKeyDecode(void) { int ret = 0; word32 inOutIdx; - DhKey key; #if defined(WOLFSSL_DH_EXTRA) && defined(USE_CERT_BUFFERS_2048) + DhKey key; + printf(testingFmt, "test_wc_DhPublicKeyDecode()"); if (ret == 0) { @@ -22643,7 +22645,6 @@ static int test_wc_DhPublicKeyDecode(void) printf(resultFmt, ret == 0 ? passed : failed); #endif (void)inOutIdx; - (void)key; return ret; } diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index c65ff7a155..a91464fa2f 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -6890,10 +6890,6 @@ static int DumpElement(WOLFSSL_BIO* out, const byte* input, left = len % 15; /* print pub element */ - idx = 0; - wsz = Indent(indent, buff + idx); - idx += wsz; - while (line) { idx = 0; @@ -6913,8 +6909,6 @@ static int DumpElement(WOLFSSL_BIO* out, const byte* input, wolfSSL_BIO_write(out, buff, idx); XMEMSET(buff, 0, sizeof(buff)); - idx = 0; - wsz = 0; line--; } idx = 0; @@ -6953,11 +6947,12 @@ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, word32 localIdx; word32 oid; byte tag; - (void)pctx; int idx = 0; int wsz = 0; word32 i; + (void)pctx; + if (GetSequence(pkey, &inOutIdx, &length, pkeySz) < 0) return WOLFSSL_FAILURE; @@ -7024,8 +7019,6 @@ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, /* print out public key elements */ idx = 0; - wsz = 0; - wsz = Indent(indent, buff + idx); idx += wsz; @@ -7135,8 +7128,6 @@ static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, nistCurveName = wolfSSL_EC_curve_nid2nist(nid); idx = 0; - wsz = 0; - wsz = Indent(indent, buff + idx); idx += wsz; @@ -7305,8 +7296,6 @@ static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, ySz = length; idx = 0; - wsz = 0; - wsz = Indent(indent, buff + idx); idx += wsz; @@ -7462,8 +7451,6 @@ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, /* print elements */ idx = 0; - wsz = 0; - wsz = Indent(indent, buff + idx); idx += wsz; From e72948b018bc9d7a1250731440778a3b4c9d32aa Mon Sep 17 00:00:00 2001 From: TakayukiMatsuo Date: Sun, 28 Feb 2021 10:27:43 +0900 Subject: [PATCH 06/29] Fix for PR tests --- tests/api.c | 4 +- wolfcrypt/src/evp.c | 116 ++++++++++++++++++++++---------------------- 2 files changed, 60 insertions(+), 60 deletions(-) diff --git a/tests/api.c b/tests/api.c index 8f52896e7c..5bcdc6e06b 100644 --- a/tests/api.c +++ b/tests/api.c @@ -2442,7 +2442,7 @@ static void test_wolfSSL_EVP_PKEY_print_public(void) /* skip to the end of modulus element*/ - for( i = 0; i < 7 ;i++) { + for( i = 0; i < 8 ;i++) { BIO_gets(wbio, line, sizeof(line)); } @@ -22603,7 +22603,7 @@ static int test_wc_DhPublicKeyDecode(void) word32 inOutIdx; #if defined(WOLFSSL_DH_EXTRA) && defined(USE_CERT_BUFFERS_2048) - DhKey key; + DhKey key = {0}; printf(testingFmt, "test_wc_DhPublicKeyDecode()"); diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index a91464fa2f..3a2b2a45a7 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -6950,6 +6950,7 @@ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, int idx = 0; int wsz = 0; word32 i; + word32 exponent = 0; (void)pctx; @@ -7022,16 +7023,16 @@ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, wsz = Indent(indent, buff + idx); idx += wsz; - wsz = sizeof("RSA Public-Key: (") - 1; + wsz = sizeof("RSA Public-Key: (") ; XSTRNCPY((char*)(buff + idx), "RSA Public-Key: (", wsz ); - idx += wsz; + idx += wsz -1; wsz = ToDec(bitlen, buff + idx); idx += wsz; - wsz = sizeof(" bit)\n") - 1; + wsz = sizeof(" bit)\n"); XSTRNCPY((char*)(buff + idx), " bit)\n", wsz); - idx += wsz; + idx += wsz -1; wolfSSL_BIO_write(out, buff, idx); XMEMSET(buff, 0, sizeof(buff)); @@ -7041,9 +7042,9 @@ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, wsz = Indent(indent, buff + idx); idx += wsz; - wsz = sizeof("Modulus:\n") - 1; + wsz = sizeof("Modulus:\n"); XSTRNCPY((char*)(buff + idx), "Modulus:\n", wsz); - idx += wsz; + idx += wsz -1; wolfSSL_BIO_write(out, buff, idx); XMEMSET(buff, 0, sizeof(buff)); @@ -7055,11 +7056,10 @@ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, wsz = Indent(indent, buff + idx); idx += wsz; - wsz = sizeof("Exponent: ") - 1; + wsz = sizeof("Exponent: "); XSTRNCPY((char*)(buff + idx), "Exponent: ", wsz); - idx += wsz; + idx += wsz -1; - word32 exponent = 0; for (i = 0; i < eSz; i++) { exponent <<= 8; exponent += e[i]; @@ -7067,17 +7067,17 @@ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, wsz = ToDec(exponent, buff + idx); idx += wsz; - wsz = sizeof(" (0x") - 1; + wsz = sizeof(" (0x"); XSTRNCPY((char*)(buff + idx), " (0x", wsz); - idx += wsz; + idx += wsz -1; for (i = 0; i < eSz; i++) { wsz = ToHex(e[i], buff + idx); idx += wsz; } - wsz = sizeof(")\n") - 1; + wsz = sizeof(")\n"); XSTRNCPY((char*)(buff + idx), ")\n", wsz); - idx += wsz; + idx += wsz -1; wolfSSL_BIO_write(out, buff, idx); XMEMSET(buff, 0, sizeof(buff)); @@ -7088,7 +7088,6 @@ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, int indent, int bitlen, ASN1_PCTX* pctx) { - (void)pctx; int res = WOLFSSL_SUCCESS; byte buff[128] = { 0 }; @@ -7102,12 +7101,13 @@ static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, int nid; WOLFSSL_ObjectInfo* oi = NULL; word32 i; - inOutIdx = 0; + int idx = 0; int wsz = 0; + (void)pctx; res = wc_EccPublicKeyDecode_ex(pkey, &inOutIdx, &curveId, - &pointIdx, &pointSz, pkeySz); + &pointIdx, &pointSz, (word32)pkeySz); if (res != 0) return WOLFSSL_FAILURE; @@ -7131,16 +7131,16 @@ static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, wsz = Indent(indent, buff + idx); idx += wsz; - wsz = sizeof("Public-Key: (") - 1; + wsz = sizeof("Public-Key: ("); XSTRNCPY((char*)(buff + idx), "Public-Key: (", wsz); - idx += wsz; + idx += wsz -1; wsz = ToDec(bitlen, buff + idx); idx += wsz; - wsz = sizeof(" bit)\n") - 1; + wsz = sizeof(" bit)\n"); XSTRNCPY((char*)(buff + idx), " bit)\n", wsz); - idx += wsz; + idx += wsz -1; wolfSSL_BIO_write(out, buff, idx); XMEMSET(buff, 0, sizeof(buff)); @@ -7150,9 +7150,9 @@ static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, wsz = Indent(indent, buff + idx); idx += wsz; - wsz = sizeof("pub:\n") - 1; + wsz = sizeof("pub:\n"); XSTRNCPY((char*)(buff + idx), "pub:\n", wsz); - idx += wsz; + idx += wsz -1; wolfSSL_BIO_write(out, buff, idx); XMEMSET(buff, 0, sizeof(buff)); @@ -7165,17 +7165,17 @@ static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, wsz = Indent(indent, buff + idx); idx += wsz; - wsz = sizeof("ASN1 OID: ") - 1; + wsz = sizeof("ASN1 OID: "); XSTRNCPY((char*)(buff + idx), "ASN1 OID: ", wsz); - idx += wsz; + idx += wsz -1; wsz = (int)XSTRLEN(OIDName); - XSTRNCPY((char*)(buff + idx), OIDName, wsz); + XSTRNCPY((char*)(buff + idx), OIDName, wsz +1); idx += wsz; - wsz = sizeof("\n") - 1; + wsz = sizeof("\n"); XSTRNCPY((char*)(buff + idx), "\n", wsz); - idx += wsz; + idx += wsz -1; wolfSSL_BIO_write(out, buff, idx); XMEMSET(buff, 0, sizeof(buff)); @@ -7186,17 +7186,17 @@ static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, wsz = Indent(indent, buff + idx); idx += wsz; - wsz = sizeof("NIST CURVE: ") - 1; + wsz = sizeof("NIST CURVE: "); XSTRNCPY((char*)(buff + idx), "NIST CURVE: ", wsz); - idx += wsz; + idx += wsz -1; wsz = (int)XSTRLEN(nistCurveName); - XSTRNCPY((char*)(buff + idx), nistCurveName, wsz); + XSTRNCPY((char*)(buff + idx), nistCurveName, wsz +1); idx += wsz; - wsz = sizeof("\n") - 1; + wsz = sizeof("\n"); XSTRNCPY((char*)(buff + idx), "\n", wsz); - idx += wsz; + idx += wsz -1; wolfSSL_BIO_write(out, buff, idx); XMEMSET(buff, 0, sizeof(buff)); @@ -7299,16 +7299,16 @@ static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, wsz = Indent(indent, buff + idx); idx += wsz; - wsz = sizeof("DSA Public-Key: (") - 1; + wsz = sizeof("DSA Public-Key: ("); XSTRNCPY((char*)(buff + idx), "DSA Public-Key: (", wsz); - idx += wsz; + idx += wsz -1; wsz = ToDec(bitlen, buff + idx); idx += wsz; - wsz = sizeof(" bit)\n") - 1; + wsz = sizeof(" bit)\n"); XSTRNCPY((char*)(buff + idx), " bit)\n", wsz); - idx += wsz; + idx += wsz -1; wolfSSL_BIO_write(out, buff, idx); XMEMSET(buff, 0, sizeof(buff)); @@ -7318,9 +7318,9 @@ static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, wsz = Indent(indent, buff + idx); idx += wsz; - wsz = sizeof("pub:\n") - 1; + wsz = sizeof("pub:\n"); XSTRNCPY((char*)(buff + idx), "pub:\n", wsz); - idx += wsz; + idx += wsz -1; wolfSSL_BIO_write(out, buff, idx); XMEMSET(buff, 0, sizeof(buff)); @@ -7332,9 +7332,9 @@ static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, wsz = Indent(indent, buff + idx); idx += wsz; - wsz = sizeof("P:\n") - 1; + wsz = sizeof("P:\n"); XSTRNCPY((char*)(buff + idx), "P:\n", wsz); - idx += wsz; + idx += wsz -1; wolfSSL_BIO_write(out, buff, idx); XMEMSET(buff, 0, sizeof(buff)); @@ -7346,9 +7346,9 @@ static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, wsz = Indent(indent, buff + idx); idx += wsz; - wsz = sizeof("Q:\n") - 1; + wsz = sizeof("Q:\n"); XSTRNCPY((char*)(buff + idx), "Q:\n", wsz); - idx += wsz; + idx += wsz -1; wolfSSL_BIO_write(out, buff, idx); XMEMSET(buff, 0, sizeof(buff)); @@ -7360,9 +7360,9 @@ static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, wsz = Indent(indent, buff + idx); idx += wsz; - wsz = sizeof("G:\n") - 1; + wsz = sizeof("G:\n"); XSTRNCPY((char*)(buff + idx), "G:\n", wsz); - idx += wsz; + idx += wsz -1; wolfSSL_BIO_write(out, buff, idx); XMEMSET(buff, 0, sizeof(buff)); @@ -7454,16 +7454,16 @@ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, wsz = Indent(indent, buff + idx); idx += wsz; - wsz = sizeof("DH Public-Key: (") - 1; + wsz = sizeof("DH Public-Key: ("); XSTRNCPY((char*)(buff + idx), "DH Public-Key: (", wsz); - idx += wsz; + idx += wsz -1; wsz = ToDec(bitlen, buff + idx); idx += wsz; - wsz = sizeof(" bit)\n") - 1; + wsz = sizeof(" bit)\n"); XSTRNCPY((char*)(buff + idx), " bit)\n", wsz); - idx += wsz; + idx += wsz -1; wolfSSL_BIO_write(out, buff, idx); XMEMSET(buff, 0, sizeof(buff)); @@ -7472,9 +7472,9 @@ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, wsz = Indent(indent, buff + idx); idx += wsz; - wsz = sizeof("public-key:\n") - 1; + wsz = sizeof("public-key:\n"); XSTRNCPY((char*)(buff + idx), "public-key:\n", wsz); - idx += wsz; + idx += wsz -1; wolfSSL_BIO_write(out, buff, idx); XMEMSET(buff, 0, sizeof(buff)); @@ -7485,9 +7485,9 @@ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, wsz = Indent(indent, buff + idx); idx += wsz; - wsz = sizeof("prime:\n") - 1; + wsz = sizeof("prime:\n"); XSTRNCPY((char*)(buff + idx), "prime:\n", wsz); - idx += wsz; + idx += wsz -1; wolfSSL_BIO_write(out, buff, idx); XMEMSET(buff, 0, sizeof(buff)); @@ -7498,23 +7498,23 @@ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, wsz = Indent(indent, buff + idx); idx += wsz; - wsz = sizeof("generator: ") - 1; + wsz = sizeof("generator: "); XSTRNCPY((char*)(buff + idx), "generator: ", wsz); - idx += wsz; + idx += wsz -1; wsz = ToDec(generator, buff + idx); idx += wsz; - wsz = sizeof(" (0x") - 1; + wsz = sizeof(" (0x"); XSTRNCPY((char*)(buff + idx), " (0x", wsz); - idx += wsz; + idx += wsz -1; wsz = ToHex(generator, buff + idx); idx += wsz; - wsz = sizeof(")\n") - 1; + wsz = sizeof(")\n"); XSTRNCPY((char*)(buff + idx), ")\n", wsz); - idx += wsz; + idx += wsz -1; wolfSSL_BIO_write(out, buff, idx); XMEMSET(buff, 0, sizeof(buff)); From a34c5b018f55b64d812bc04fc3cba1c458104e5c Mon Sep 17 00:00:00 2001 From: TakayukiMatsuo Date: Mon, 1 Mar 2021 00:49:50 +0900 Subject: [PATCH 07/29] Move the local variable declaration to the beginning of the function --- wolfcrypt/src/evp.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 3a2b2a45a7..597d7ac7ea 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -7208,7 +7208,7 @@ static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, int indent, int bitlen, ASN1_PCTX* pctx) { - (void)pctx; + int length; int res; byte buff[128] = { 0 }; @@ -7221,6 +7221,7 @@ static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, int wsz = 0; inOutIdx = 0; + (void)pctx; if (GetSequence(pkey, &inOutIdx, &length, pkeySz) < 0) return WOLFSSL_FAILURE; if (GetSequence(pkey, &inOutIdx, &length, pkeySz) < 0) @@ -7374,7 +7375,7 @@ static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, int indent, int bitlen, ASN1_PCTX* pctx) { - (void)pctx; + word32 length; byte buff[128] = { 0 }; word32 inOutIdx = 0; @@ -7389,6 +7390,7 @@ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, int wsz = 0; inOutIdx = 0; + (void)pctx; if (GetSequence(pkey, &inOutIdx, (int*)&length, pkeySz) < 0) return WOLFSSL_FAILURE; if (GetSequence(pkey, &inOutIdx, (int*)&length, pkeySz) < 0) From 42e87fa542ff2e167141e747f4c6e2809e574670 Mon Sep 17 00:00:00 2001 From: TakayukiMatsuo Date: Mon, 1 Mar 2021 01:13:25 +0900 Subject: [PATCH 08/29] Add DH key initialization --- tests/api.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/api.c b/tests/api.c index 5bcdc6e06b..282e71712d 100644 --- a/tests/api.c +++ b/tests/api.c @@ -22604,7 +22604,7 @@ static int test_wc_DhPublicKeyDecode(void) #if defined(WOLFSSL_DH_EXTRA) && defined(USE_CERT_BUFFERS_2048) DhKey key = {0}; - + ret = wc_InitDhKey(&key); printf(testingFmt, "test_wc_DhPublicKeyDecode()"); if (ret == 0) { From 5043f0229a222e0cb9c8fa699bccc907982453cb Mon Sep 17 00:00:00 2001 From: TakayukiMatsuo Date: Thu, 4 Mar 2021 17:41:18 +0900 Subject: [PATCH 09/29] Add comment to each added functions --- wolfcrypt/src/asn.c | 7 +++++-- wolfcrypt/src/evp.c | 44 ++++++++++++++++++++++++++++++++++++++------ 2 files changed, 43 insertions(+), 8 deletions(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index d2894b0a11..643b19fd2c 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -4517,7 +4517,7 @@ int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz, const byte* e, #ifndef NO_DH #if defined(WOLFSSL_DH_EXTRA) /* - * Decodes DH public key + * Decodes DH public key to fill specified DhKey. * * return 0 on success, negative on failure */ @@ -16274,7 +16274,10 @@ static int EccKeyParamCopy(char** dst, char* src) return ret; } #endif /* WOLFSSL_CUSTOM_CURVES */ - +/* wc_EccPublicKeyDecode_ex gets ECC public key data in DER format via "input" + * and returns the curve id to "curveId" and the point position to "pointIdx". + * Returns 0 on success, negative values on failure. + */ int wc_EccPublicKeyDecode_ex(const byte* input, word32* inOutIdx, int* curveId, word32* pointIdx, int* pointSz, word32 inSz) diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 597d7ac7ea..798eea1206 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -6804,6 +6804,9 @@ void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY* key) } } #if defined(OPENSSL_EXTRA) +/* Converts byte data into 2 digit hex code + * then put them to the specified buffer. + */ static int ToHex( byte in, byte* hex ) { byte UpNibble,LwNibble; @@ -6819,7 +6822,9 @@ static int ToHex( byte in, byte* hex ) *hex = HexTbl[LwNibble]; return 2; } -/* convert input value to upto five digit decimal */ +/* Converts input value "i" to upto five digit decimal + * and copys to the specified buffer. + */ static int ToDec(word32 in, byte* hex) { int i = 0; @@ -6862,6 +6867,9 @@ static int ToDec(word32 in, byte* hex) } return written; } +/* Indent adds white spaces of the number specified by "indents" + * to the buffer specified by "dst". + */ static int Indent(int indents, byte* dst ) { int i; @@ -6871,6 +6879,12 @@ static int Indent(int indents, byte* dst ) for (i = indents; i; i--) {*dst++ = ' ';} return indents; } +/* DumpElement dump byte-data specified by "input" to the "out". + * Each line has leading white spaces( "indent" gives the number ) plus + * four spaces, then hex coded 15 byte data with separator ":" follow. + * Each line looks like: + * " 00:e6:ab: --- 9f:ef:" + */ static int DumpElement(WOLFSSL_BIO* out, const byte* input, int inlen, int indent) { @@ -6933,6 +6947,10 @@ static int DumpElement(WOLFSSL_BIO* out, const byte* input, return idx; } +/* PrintPubKeyRSA is a helper function for wolfSSL_EVP_PKEY_print_public + * to parses a DER format RSA public key specified in the second parameter. + * Returns 1 on success, 0 on failure. +*/ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, int indent, int bitlen, ASN1_PCTX* pctx) { @@ -7085,6 +7103,10 @@ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, return WOLFSSL_SUCCESS; } #if defined(HAVE_ECC) +/* PrintPubKeyEC is a helper function for wolfSSL_EVP_PKEY_print_public + * to parses a DER format ECC public key specified in the second parameter. + * Returns 1 on success, 0 on failure. +*/ static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, int indent, int bitlen, ASN1_PCTX* pctx) { @@ -7204,7 +7226,10 @@ static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, return WOLFSSL_SUCCESS; } #endif /* HAVE_ECC */ - +/* PrintPubKeyDSA is a helper function for wolfSSL_EVP_PKEY_print_public + * to parses a DER format DSA public key specified in the second parameter. + * Returns 1 on success, 0 on failure. +*/ static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, int indent, int bitlen, ASN1_PCTX* pctx) { @@ -7372,6 +7397,10 @@ static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, return WOLFSSL_SUCCESS; } +/* PrintPubKeyDH is a helper function for wolfSSL_EVP_PKEY_print_public + * to parses a DER format DH public key specified in the second parameter. + * Returns 1 on success, 0 on failure. +*/ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, int indent, int bitlen, ASN1_PCTX* pctx) { @@ -7523,10 +7552,13 @@ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, return WOLFSSL_SUCCESS; } -/* - * output public key info in human readable format - * returns 1 on success, 0 or negative on error. - * -2 means specified key algo is not supported. +/* wolfSSL_EVP_PKEY_print_public parses the specified key then + * outputs public key info in human readable format to the specified BIO. + * White spaces of the same number which 'indent" gives, will be added to + * each line to output and ignores pctx parameter. + * Returns 1 on success, 0 or negative on error, -2 means specified key + * algo is not supported. + * Can handle RSA, ECC, DSA and DH public keys. */ int wolfSSL_EVP_PKEY_print_public(WOLFSSL_BIO* out, const WOLFSSL_EVP_PKEY* pkey, int indent, ASN1_PCTX* pctx) From 364e35575cedba9cd3bcc60bc07d046190633859 Mon Sep 17 00:00:00 2001 From: TakayukiMatsuo Date: Fri, 19 Mar 2021 14:17:26 +0900 Subject: [PATCH 10/29] Add following modifications to unit-test: - Modify reference data in test_wolfSSL_EVP_PKEY_print_public - Remove test_wc_EccPublicKeyDecode_ex - Rewrite test_wc_DhPublicKeyDecode to have Assert --- tests/api.c | 164 ++++++++++------------------------------------------ 1 file changed, 32 insertions(+), 132 deletions(-) diff --git a/tests/api.c b/tests/api.c index d6a1f7ce36..d84f4614f2 100644 --- a/tests/api.c +++ b/tests/api.c @@ -2445,8 +2445,8 @@ static void test_wolfSSL_EVP_PKEY_print_public(void) BIO_gets(wbio, line, sizeof(line)); AssertIntEQ(XSTRNCMP( line, - " 00:bc:73:0e:a8:49:f3:74:a2:a9:ef:18:a5:da:55:\n", - sizeof(" 00:bc:73:0e:a8:49:f3:74:a2:a9:ef:18:a5:da:55:\n")),0); + " 00:BC:73:0E:A8:49:F3:74:A2:A9:EF:18:A5:DA:55:\n", + sizeof(" 00:BC:73:0E:A8:49:F3:74:A2:A9:EF:18:A5:DA:55:\n")),0); /* skip to the end of modulus element*/ @@ -2497,8 +2497,8 @@ static void test_wolfSSL_EVP_PKEY_print_public(void) BIO_gets(wbio, line, sizeof(line)); AssertIntEQ(XSTRNCMP( line, - " 00:c2:35:2d:ec:83:83:6c:73:13:9e:52:7c:74:c8:\n", - sizeof(" 00:c2:35:2d:ec:83:83:6c:73:13:9e:52:7c:74:c8:\n")),0); + " 00:C2:35:2D:EC:83:83:6C:73:13:9E:52:7C:74:C8:\n", + sizeof(" 00:C2:35:2D:EC:83:83:6C:73:13:9E:52:7C:74:C8:\n")),0); /* skip to the end of pub element*/ for( i = 0; i < 17 ;i++) { @@ -2572,8 +2572,8 @@ static void test_wolfSSL_EVP_PKEY_print_public(void) BIO_gets(wbio, line, sizeof(line)); AssertIntEQ(XSTRNCMP( line, - " 04:55:bf:f4:0f:44:50:9a:3d:ce:9b:b7:f0:c5:4d:\n", - sizeof(" 04:55:bf:f4:0f:44:50:9a:3d:ce:9b:b7:f0:c5:4d:\n")),0); + " 04:55:BF:F4:0F:44:50:9A:3D:CE:9B:B7:F0:C5:4D:\n", + sizeof(" 04:55:BF:F4:0F:44:50:9A:3D:CE:9B:B7:F0:C5:4D:\n")),0); /* skip to the end of pub element*/ for( i = 0; i < 4 ;i++) { @@ -2628,8 +2628,8 @@ static void test_wolfSSL_EVP_PKEY_print_public(void) BIO_gets(wbio, line, sizeof(line)); AssertIntEQ(XSTRNCMP( line, - " 34:41:bf:e9:f2:11:bf:05:db:b2:72:a8:29:cc:bd:\n", - sizeof(" 34:41:bf:e9:f2:11:bf:05:db:b2:72:a8:29:cc:bd:\n")),0); + " 34:41:BF:E9:F2:11:BF:05:DB:B2:72:A8:29:CC:BD:\n", + sizeof(" 34:41:BF:E9:F2:11:BF:05:DB:B2:72:A8:29:CC:BD:\n")),0); /* skip to the end of public-key element*/ for( i = 0; i < 17 ;i++) { @@ -2643,8 +2643,8 @@ static void test_wolfSSL_EVP_PKEY_print_public(void) BIO_gets(wbio, line, sizeof(line)); AssertIntEQ(XSTRNCMP( line, - " 00:d3:b2:99:84:5c:0a:4c:e7:37:cc:fc:18:37:01:\n", - sizeof(" 00:d3:b2:99:84:5c:0a:4c:e7:37:cc:fc:18:37:01:\n")),0); + " 00:D3:B2:99:84:5C:0A:4C:E7:37:CC:FC:18:37:01:\n", + sizeof(" 00:D3:B2:99:84:5C:0A:4C:E7:37:CC:FC:18:37:01:\n")),0); /* skip to the end of prime element*/ for( i = 0; i < 17 ;i++) { @@ -22595,91 +22595,7 @@ static int test_wc_EccPrivateKeyToDer (void) #endif return ret; }/* End test_wc_EccPrivateKeyToDer*/ -/* - * Testing wc_EccPublicKeyDecode_ex - */ -static int test_wc_EccPublicKeyDecode_ex(void) -{ - int ret = 0; - word32 inOutIdx; - int curveId; - word32 pointIdx; - int pointSz; -#if defined(HAVE_ECC) - printf(testingFmt, "test_wc_EccPublicKeyDecode_ex()"); - - if (ret == 0) { - ret = wc_EccPublicKeyDecode_ex(NULL,NULL,NULL,NULL,NULL,0); - if (ret == BAD_FUNC_ARG) - ret = 0; - } -#if defined(USE_CERT_BUFFERS_256) - - if (ret == 0) { - ret = wc_EccPublicKeyDecode_ex(ecc_clikeypub_der_256, - NULL,NULL,NULL,NULL,0); - if(ret == BAD_FUNC_ARG) - ret = 0; - } - if (ret == 0) { - inOutIdx = 0; - ret = wc_EccPublicKeyDecode_ex(ecc_clikeypub_der_256, - &inOutIdx,NULL,NULL,NULL,0); - if (ret == BAD_FUNC_ARG) - ret = 0; - } - if (ret == 0) { - inOutIdx = 0; - ret = wc_EccPublicKeyDecode_ex(ecc_clikeypub_der_256, - &inOutIdx,&curveId,NULL,NULL,0); - if (ret == BAD_FUNC_ARG) - ret = 0; - } - if (ret == 0) { - inOutIdx = 0; - ret = wc_EccPublicKeyDecode_ex(ecc_clikeypub_der_256, - &inOutIdx,&curveId,&pointIdx,NULL,0); - if(ret == BAD_FUNC_ARG) - ret = 0; - } - if (ret == 0) { - inOutIdx = 0; - ret = wc_EccPublicKeyDecode_ex(ecc_clikeypub_der_256, - &inOutIdx,&curveId,&pointIdx,&pointSz,0); - if (ret == BAD_FUNC_ARG) - ret = 0; - } - /* pass bad input size */ - if (ret == 0) { - inOutIdx = 0; - ret = wc_EccPublicKeyDecode_ex(ecc_clikeypub_der_256, - &inOutIdx,&curveId,&pointIdx,&pointSz,sizeof_ecc_clikeypub_der_256 - 3 ); - if (ret < 0 ) - ret = 0; - } - if (ret == 0) { - inOutIdx = 0; - ret = wc_EccPublicKeyDecode_ex(ecc_clikeypub_der_256, - &inOutIdx,&curveId,&pointIdx,&pointSz,sizeof_ecc_clikeypub_der_256); - if (ret == 0 && inOutIdx == 91 && curveId == 7 && - pointIdx == 26 && pointSz == 65 ) { - ret = 0; - } - else - ret = -1; - } - -#endif /* USE_CERT_BUFFERS_256 */ - - printf(resultFmt, ret == 0 ? passed : failed); -#endif /* HAVE_ECC */ - (void)inOutIdx; - (void)curveId; - (void)pointIdx; - (void)pointSz; - return ret; -} /* * Testing wc_DhPublicKeyDecode */ @@ -22690,45 +22606,30 @@ static int test_wc_DhPublicKeyDecode(void) #if defined(WOLFSSL_DH_EXTRA) && defined(USE_CERT_BUFFERS_2048) DhKey key = {0}; - ret = wc_InitDhKey(&key); - printf(testingFmt, "test_wc_DhPublicKeyDecode()"); + AssertIntEQ(wc_InitDhKey(&key), 0); + printf(testingFmt, "wc_DhPublicKeyDecode()"); - if (ret == 0) { - ret = wc_DhPublicKeyDecode(NULL,NULL,NULL,0); - if (ret == BAD_FUNC_ARG) - ret = 0; - } - if (ret == 0) { - ret = wc_DhPublicKeyDecode(dh_pub_key_der_2048,NULL,NULL,0); - if(ret == BAD_FUNC_ARG) - ret = 0; - } - if (ret == 0) { - inOutIdx = 0; - ret = wc_DhPublicKeyDecode(dh_pub_key_der_2048,&inOutIdx,NULL,0); - if (ret == BAD_FUNC_ARG) - ret = 0; - } - if (ret == 0) { - inOutIdx = 0; - ret = wc_DhPublicKeyDecode(dh_pub_key_der_2048,&inOutIdx,&key,0); - if (ret == BAD_FUNC_ARG) - ret = 0; - } - if (ret == 0) { - inOutIdx = 0; - ret = wc_DhPublicKeyDecode(dh_pub_key_der_2048,&inOutIdx,&key, - sizeof_dh_pub_key_der_2048); - if (ret == 0 && key.p.used != 0 && key.g.used != 0 && - key.q.used == 0 && key.pub.used != 0 && - key.priv.used == 0 ) { - ret = 0; - } - else - ret = -1; - } + AssertIntEQ(wc_DhPublicKeyDecode(NULL,NULL,NULL,0), + BAD_FUNC_ARG); + AssertIntEQ(wc_DhPublicKeyDecode(dh_pub_key_der_2048,NULL,NULL,0), + BAD_FUNC_ARG); + AssertIntEQ(wc_DhPublicKeyDecode(dh_pub_key_der_2048,NULL,NULL,0), + BAD_FUNC_ARG); + inOutIdx = 0; + AssertIntEQ(wc_DhPublicKeyDecode(dh_pub_key_der_2048,&inOutIdx,NULL, 0), + BAD_FUNC_ARG); + inOutIdx = 0; + AssertIntEQ(wc_DhPublicKeyDecode(dh_pub_key_der_2048,&inOutIdx,&key, 0), + BAD_FUNC_ARG); + inOutIdx = 0; + AssertIntEQ(wc_DhPublicKeyDecode(dh_pub_key_der_2048,&inOutIdx,&key, + sizeof_dh_pub_key_der_2048), 0); + AssertTrue(key.p.used != 0 && key.g.used != 0 && key.q.used == 0 && + key.pub.used != 0 && key.priv.used == 0); + + wc_FreeDhKey(&key); + printf(resultFmt, passed); - printf(resultFmt, ret == 0 ? passed : failed); #endif (void)inOutIdx; return ret; @@ -42457,7 +42358,6 @@ void ApiTest(void) AssertIntEQ(test_ToTraditional(), 0); AssertIntEQ(test_wc_EccPrivateKeyToDer(), 0); - AssertIntEQ(test_wc_EccPublicKeyDecode_ex(), 0); AssertIntEQ(test_wc_DhPublicKeyDecode(), 0); AssertIntEQ(test_wc_Ed25519KeyToDer(), 0); AssertIntEQ(test_wc_Ed25519PrivateKeyToDer(), 0); From 1c81afcc0a31482ffce7751502e8db82c69fc283 Mon Sep 17 00:00:00 2001 From: TakayukiMatsuo Date: Fri, 19 Mar 2021 14:23:40 +0900 Subject: [PATCH 11/29] Add wc_FreeDhKey in wolfSSL_d2i_PUBKEY --- src/ssl.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/ssl.c b/src/ssl.c index c431705b0e..6f5a94460d 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -7945,6 +7945,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** out, } wolfSSL_EVP_PKEY_free(pkey); } + wc_FreeDhKey(&dh); } #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ #endif /* !NO_DH && OPENSSL_EXTRA && WOLFSSL_DH_EXTRA */ From 62304411dd5e5bffabdd0c3e2812b3349641eb72 Mon Sep 17 00:00:00 2001 From: TakayukiMatsuo Date: Fri, 19 Mar 2021 14:48:46 +0900 Subject: [PATCH 12/29] Remove wc_EccPublicKeyDecode_ex --- wolfcrypt/src/asn.c | 64 --------------------------------------------- 1 file changed, 64 deletions(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 135a11075f..33dbbafcfa 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -16169,70 +16169,6 @@ static int EccKeyParamCopy(char** dst, char* src) return ret; } #endif /* WOLFSSL_CUSTOM_CURVES */ -/* wc_EccPublicKeyDecode_ex gets ECC public key data in DER format via "input" - * and returns the curve id to "curveId" and the point position to "pointIdx". - * Returns 0 on success, negative values on failure. - */ -int wc_EccPublicKeyDecode_ex(const byte* input, - word32* inOutIdx, int* curveId, - word32* pointIdx, int* pointSz, word32 inSz) -{ - int ret; - int version, length; - word32 oidSum, localIdx; - byte tag; - - if (input == NULL || inOutIdx == NULL || curveId == NULL || - pointIdx == NULL || pointSz == NULL || inSz == 0) - return BAD_FUNC_ARG; - - if (GetSequence(input, inOutIdx, &length, inSz) < 0) - return ASN_PARSE_E; - - if (GetMyVersion(input, inOutIdx, &version, inSz) >= 0) - return ASN_PARSE_E; - - if (GetSequence(input, inOutIdx, &length, inSz) < 0) - return ASN_PARSE_E; - - ret = SkipObjectId(input, inOutIdx, inSz); - if (ret != 0) - return ret; - - if (*inOutIdx >= inSz) { - return BUFFER_E; - } - - localIdx = *inOutIdx; - - if (GetASNTag(input, &localIdx, &tag, inSz) == 0 && - tag == (ASN_SEQUENCE | ASN_CONSTRUCTED)) { - return BAD_FUNC_ARG; /* given key is not a public key*/ - } - - /* ecc params information */ - ret = GetObjectId(input, inOutIdx, &oidSum, oidIgnoreType, inSz); - if (ret != 0) - return ret; - - /* get curve id */ - if ((ret = CheckCurve(oidSum)) < 0) - return ECC_CURVE_OID_E; - else { - *curveId = ret; - } - - /* key header */ - ret = CheckBitString(input, inOutIdx, &length, inSz, 1, NULL); - if (ret != 0) - return ret; - - *pointIdx = *inOutIdx; - *pointSz = length; - *inOutIdx += length; - - return 0; -} int wc_EccPublicKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key, word32 inSz) From 491f3bc4238c0df8fd9abc8c41301104548b3ba8 Mon Sep 17 00:00:00 2001 From: TakayukiMatsuo Date: Fri, 19 Mar 2021 14:52:58 +0900 Subject: [PATCH 13/29] Add two public key files in certs folder and register them to gencertbuf.pl --- certs/dh-pubkey-2048.der | Bin 0 -> 552 bytes certs/dsa-pubkey-2048.der | Bin 0 -> 843 bytes certs/include.am | 2 ++ gencertbuf.pl | 2 ++ 4 files changed, 4 insertions(+) create mode 100644 certs/dh-pubkey-2048.der create mode 100644 certs/dsa-pubkey-2048.der diff --git a/certs/dh-pubkey-2048.der b/certs/dh-pubkey-2048.der new file mode 100644 index 0000000000000000000000000000000000000000..d364fce37b943ab13c5daf233e5dedbf3aaa3df2 GIT binary patch literal 552 zcmXqLVp1_^ViafN)N1o+`_9YA%xKWW$idXa$jESc)6A9_E}!S-XZ}c-GwR14^!XBV zvZ;6b=PN6_=9*kD3xE3b@KdqYQ@+=t5B@mcsdmAl>)q$G#!tg`PiUS$y|3`M`V&)8 z*EY_=6|;8Q@dtJtDh*T?`aQ+aW&gQvZ`$rJJJ*&)e=onj=IE*2Hwq#gzkXD-7QJft=|~@s1>@w) zDaqk?44?j;qrL2&=%y3BsfBuPf6D4E6u-Op)@Ol6hhP4l8*YiE?8`sOdhUpSdc)?f zM)B7_^K<9d-+RZg<5y!w+O=aG0job~-piH^5Uvj~4DO8gC{np{NmjkKuJAPyE@& Q{^!#qZa$dK;c9jm0B*nyj{pDw literal 0 HcmV?d00001 diff --git a/certs/dsa-pubkey-2048.der b/certs/dsa-pubkey-2048.der new file mode 100644 index 0000000000000000000000000000000000000000..222251fda1a1109df67ecd3e50194e759f4fb8d2 GIT binary patch literal 843 zcmXqLVs-73@vJp}H%c-GC8`Q-GPiwo zs)0RL*Laa%_V%P7?Y`a$w_asU6W+el^FW(O;n|*q#3_ZHQ>FMV&diZlczPkV^z1(s z&1VVIOWyc6z1a2g(D&1`UxnUq2+%u!){$}LQ_WL{%_8db1gEth`}I&g*fwEu_1bsO zuiUxDEH>#%AkW{GjCOhI>3Q=tlm7-bRW@s%7CIX+X^q&)SMxIFc|T0v((vSd=^piq zWy~HkWFKpG&5Zn98hvw3q+pQ#gNdOVKE-qWxKwqw_vNHVpTB!;47mP}y;r@KBcG#A zRg(9f;KgLa775jTwJGJdy%dfHmfqMXeSc#8pORg3FaGM?8~K+>k>S_(q*+OlDY*wf zADF#ng2tIvKVwPDj5)tAthl-J@pYq{Tjw=Rz7Sdxf2)1s1pd|%DWfv~Gg=aY z(OW7eZ+rUTSmBH7hLRK23!|8%q^v@x{{Qjz^22pqvj2mVD}@)X<;qBR-V}Y+>`Kdp zvnEX~OFGvrObhSKzr$ngAyRWDxu$t?XziBICTT^jUwhwAkV^YueQZhO4pqO{mbW!B zcTJb=dTV{n^I6ozAFrmBPCCyT#A;i?dH(DpshO|ieyJCCiZVAbvN14$63ih}-8aq6 zImN>Bf@(@mRKL4#dBFJW{7p(J^N+s#|DDslQg~Xq>gU*1^QWgL?U^FGPN|NAd2gMG z=INyEO|p-Eu^u~^@tjdTInd5L(rJ?a%!I$mQ?_4tcW}W{#u8sXkxh?uo;PtRAGdUM zc=>X!*@GbFnRnW2vnD*byYf)@glng^h&H@qIIVRu(r0$V8&a?8ZVOME zoE1LX`0qJRt_`LtPik+>{ojzvpZNXz+wQCV`!_2oSavq=Xr5-Iuy$c=asOlWo3XbU z)IaU(6n-?lQb67I2J5uQyafmIXZmaWTE-nC_HM(BE;g?XOj@~T9-R>UDgDtV Date: Fri, 19 Mar 2021 14:58:56 +0900 Subject: [PATCH 14/29] Add modifications to fix following issues: - bounds checks - sanity checks - smallstack pattern - coding standard - typos --- wolfcrypt/src/evp.c | 233 ++++++++++++++++++++++++++------- wolfssl/openssl/evp.h | 2 + wolfssl/wolfcrypt/asn_public.h | 3 - 3 files changed, 187 insertions(+), 51 deletions(-) diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index b87a32a70c..a1c01b074e 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -176,6 +176,7 @@ static const char EVP_NULL[] = "NULL"; #define EVP_NULL_SIZE 4 +#define EVP_PKEY_PRINT_LINE_WIDTH_MAX 80 static unsigned int cipherType(const WOLFSSL_EVP_CIPHER *cipher); @@ -6804,24 +6805,6 @@ void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY* key) } } #if defined(OPENSSL_EXTRA) -/* Converts byte data into 2 digit hex code - * then put them to the specified buffer. - */ -static int ToHex( byte in, byte* hex ) -{ - byte UpNibble,LwNibble; - byte HexTbl[16] = { '0','1','2','3','4','5','6','7', - '8','9','a','b','c','d','e','f' }; - - if ( hex == NULL ) - return 0; - - UpNibble = (in >> 4) & 0x0f; - LwNibble = in & 0x0f; - *hex++ = HexTbl[UpNibble]; - *hex = HexTbl[LwNibble]; - return 2; -} /* Converts input value "i" to upto five digit decimal * and copys to the specified buffer. */ @@ -6873,6 +6856,12 @@ static int ToDec(word32 in, byte* hex) static int Indent(int indents, byte* dst ) { int i; + + if (indents < 0) + indents = 0; + else if (indents >= EVP_PKEY_PRINT_INDENT_MAX) + indents = EVP_PKEY_PRINT_INDENT_MAX; + if (dst == NULL) return 0; @@ -6888,21 +6877,41 @@ static int Indent(int indents, byte* dst ) static int DumpElement(WOLFSSL_BIO* out, const byte* input, int inlen, int indent) { +#ifdef WOLFSSL_SMALL_STACK + byte* buff = NULL; +#else + byte buff[EVP_PKEY_PRINT_LINE_WIDTH_MAX] = { 0 }; +#endif /* WOLFSSL_SMALL_STACK */ + word32 in = 0; word32 i; int idx = 0; int wsz = 0; - byte buff[128] = { 0 }; word32 line; word32 len; word32 left; const byte* point; + word32 outSz; + byte outHex[3]; + + if (!out || !input) + return 0; + + if (indent < 0) + indent = 0; + else if (indent >= EVP_PKEY_PRINT_INDENT_MAX) + indent = EVP_PKEY_PRINT_INDENT_MAX; point = input; len = inlen; line = len / 15; left = len % 15; +#ifdef WOLFSSL_SMALL_STACK + buff = (byte*)XMALLOC(EVP_PKEY_PRINT_LINE_WIDTH_MAX, NULL, + DYNAMIC_TYPE_TMP_BUFFER); +#endif + /* print pub element */ while (line) { @@ -6911,11 +6920,12 @@ static int DumpElement(WOLFSSL_BIO* out, const byte* input, idx += wsz; for (i = 0; i < 15; i++) { /* 15 byte per line*/ - wsz = ToHex(point[in++], buff + idx); - idx += wsz; + outSz = sizeof(outHex); + Base16_Encode((const byte*)&point[in++], 1, outHex, &outSz ); + XMEMCPY(buff + idx, outHex, 2); + idx += 2; XMEMSET(buff + idx, ':', 1); - wsz = 1; - idx += wsz; + idx += 1; } wsz = 1; XMEMSET(buff + idx, '\n', wsz); @@ -6930,21 +6940,32 @@ static int DumpElement(WOLFSSL_BIO* out, const byte* input, idx += wsz; for (i = 0; i < left; i++) { - wsz = ToHex(point[in++], buff + idx); - idx += wsz; + outSz = sizeof(outHex); + Base16_Encode((const byte*)&point[in++], 1, outHex, &outSz); + XMEMCPY(buff + idx, outHex, 2); + idx += 2; + if (i != left - 1) { wsz = 1; - XMEMSET(buff + idx, ':', wsz); - idx += wsz; + if (idx + wsz <= EVP_PKEY_PRINT_LINE_WIDTH_MAX) { + XMEMSET(buff + idx, ':', wsz); + idx += wsz; + } } } wsz = 1; - XMEMSET(buff + idx, '\n', wsz); - idx += wsz; + if (idx + wsz <= EVP_PKEY_PRINT_LINE_WIDTH_MAX) { + XMEMSET(buff + idx, '\n', wsz); + idx += wsz; + } wolfSSL_BIO_write(out, buff, idx); XMEMSET(buff, 0, sizeof(buff)); +#ifdef WOLFSSL_SMALL_STACK + buff = (byte*)XMALLOC(EVP_PKEY_PRINT_LINE_WIDTH_MAX, NULL, + DYNAMIC_TYPE_TMP_BUFFER); +#endif return idx; } /* PrintPubKeyRSA is a helper function for wolfSSL_EVP_PKEY_print_public @@ -6954,7 +6975,11 @@ static int DumpElement(WOLFSSL_BIO* out, const byte* input, static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, int indent, int bitlen, ASN1_PCTX* pctx) { - byte buff[128] = { 0 }; +#ifdef WOLFSSL_SMALL_STACK + byte* buff = NULL; +#else + byte buff[EVP_PKEY_PRINT_LINE_WIDTH_MAX] = { 0 }; +#endif /* WOLFSSL_SMALL_STACK */ word32 inOutIdx = 0; int length = 0; @@ -6969,6 +6994,13 @@ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, int wsz = 0; word32 i; word32 exponent = 0; + word32 outSz; + byte outHex[3]; + + if (indent < 0) + indent = 0; + else if (indent >= EVP_PKEY_PRINT_INDENT_MAX) + indent = EVP_PKEY_PRINT_INDENT_MAX; (void)pctx; @@ -7032,6 +7064,12 @@ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, if (GetLength(pkey, &inOutIdx, &length, pkeySz) < 0) return WOLFSSL_FAILURE; + +#ifdef WOLFSSL_SMALL_STACK + buff = (byte*)XMALLOC(EVP_PKEY_PRINT_LINE_WIDTH_MAX, NULL, + DYNAMIC_TYPE_TMP_BUFFER); +#endif + eSz = length; e = (byte*)(&pkey[inOutIdx]); @@ -7090,8 +7128,10 @@ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, idx += wsz -1; for (i = 0; i < eSz; i++) { - wsz = ToHex(e[i], buff + idx); - idx += wsz; + outSz = sizeof(outHex); + Base16_Encode((const byte*)&e[i], 1, outHex, &outSz ); + XMEMCPY(buff + idx, outHex, 2); + idx += 2; } wsz = sizeof(")\n"); XSTRNCPY((char*)(buff + idx), ")\n", wsz); @@ -7100,6 +7140,9 @@ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, wolfSSL_BIO_write(out, buff, idx); XMEMSET(buff, 0, sizeof(buff)); +#ifdef WOLFSSL_SMALL_STACK + XFREE(buff, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return WOLFSSL_SUCCESS; } #if defined(HAVE_ECC) @@ -7110,28 +7153,77 @@ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, int indent, int bitlen, ASN1_PCTX* pctx) { +#ifdef WOLFSSL_SMALL_STACK + byte* buff = NULL; +#else + byte buff[EVP_PKEY_PRINT_LINE_WIDTH_MAX] = { 0 }; +#endif /* WOLFSSL_SMALL_STACK */ int res = WOLFSSL_SUCCESS; - byte buff[128] = { 0 }; word32 inOutIdx = 0; - + int length = 0; int curveId; - word32 pointIdx; + word32 pointIdx,localIdx; + word32 oidSum; int pointSz; char* OIDName = NULL; const char* nistCurveName = NULL; int nid; WOLFSSL_ObjectInfo* oi = NULL; word32 i; - + byte tag; int idx = 0; int wsz = 0; + if (indent < 0) + indent = 0; + else if (indent >= EVP_PKEY_PRINT_INDENT_MAX) + indent = EVP_PKEY_PRINT_INDENT_MAX; + (void)pctx; - res = wc_EccPublicKeyDecode_ex(pkey, &inOutIdx, &curveId, - &pointIdx, &pointSz, (word32)pkeySz); + + if (GetSequence(pkey, &inOutIdx, &length, pkeySz) < 0) + return ASN_PARSE_E; + + if (GetMyVersion(pkey, &inOutIdx, &length, pkeySz) >= 0) + return ASN_PARSE_E; + + if (GetSequence(pkey, &inOutIdx, &length, pkeySz) < 0) + return ASN_PARSE_E; + + if (GetASNObjectId(pkey, &inOutIdx, &length, pkeySz) < 0) + return ASN_PARSE_E; + + inOutIdx += length; + + if (inOutIdx >= (word32)pkeySz) { + return BUFFER_E; + } + + localIdx = inOutIdx; + + if (GetASNTag(pkey, &localIdx, &tag, pkeySz) == 0 && + tag == (ASN_SEQUENCE | ASN_CONSTRUCTED)) { + return BAD_FUNC_ARG; /* given key is not a public key*/ + } + + /* ecc params information */ + res = GetObjectId(pkey, &inOutIdx, &oidSum, oidIgnoreType, pkeySz); if (res != 0) - return WOLFSSL_FAILURE; + return res; + + curveId = wc_ecc_get_oid(oidSum, NULL, (word32*)&length); + if (curveId < 0 || length == 0) { + return ECC_CURVE_OID_E; + } + + if (CheckBitString(pkey, &inOutIdx, &length, pkeySz, 1, NULL) < 0) { + return ASN_PARSE_E; + } + + pointIdx = inOutIdx; + pointSz = length; + inOutIdx += length; nid = EccEnumToNID(curveId); @@ -7149,6 +7241,12 @@ static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, /* get NIST curve name */ nistCurveName = wolfSSL_EC_curve_nid2nist(nid); +#ifdef WOLFSSL_SMALL_STACK + buff = (byte*)XMALLOC(EVP_PKEY_PRINT_LINE_WIDTH_MAX, NULL, + DYNAMIC_TYPE_TMP_BUFFER); +#endif + + idx = 0; wsz = Indent(indent, buff + idx); idx += wsz; @@ -7223,6 +7321,9 @@ static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, wolfSSL_BIO_write(out, buff, idx); XMEMSET(buff, 0, sizeof(buff)); +#ifdef WOLFSSL_SMALL_STACK + XFREE(buff, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return WOLFSSL_SUCCESS; } #endif /* HAVE_ECC */ @@ -7233,10 +7334,13 @@ static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, int indent, int bitlen, ASN1_PCTX* pctx) { - +#ifdef WOLFSSL_SMALL_STACK + byte* buff = NULL; +#else + byte buff[EVP_PKEY_PRINT_LINE_WIDTH_MAX] = { 0 }; +#endif /* WOLFSSL_SMALL_STACK */ int length; int res; - byte buff[128] = { 0 }; word32 inOutIdx = 0; word32 oid; byte tagFound; @@ -7245,6 +7349,11 @@ static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, int idx = 0; int wsz = 0; + if (indent < 0) + indent = 0; + else if (indent >= EVP_PKEY_PRINT_INDENT_MAX) + indent = EVP_PKEY_PRINT_INDENT_MAX; + inOutIdx = 0; (void)pctx; if (GetSequence(pkey, &inOutIdx, &length, pkeySz) < 0) @@ -7262,9 +7371,9 @@ static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, /* find P */ if (GetASNTag(pkey, &inOutIdx, &tagFound, pkeySz) != 0) return WOLFSSL_FAILURE; - if( tagFound != ASN_INTEGER) + if (tagFound != ASN_INTEGER) return WOLFSSL_FAILURE; - if( GetLength(pkey, &inOutIdx, &length, pkeySz) < 0) + if (GetLength(pkey, &inOutIdx, &length, pkeySz) < 0) return WOLFSSL_FAILURE; p = (byte*)(pkey + inOutIdx); @@ -7321,6 +7430,12 @@ static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, y = (byte*)(pkey + inOutIdx); ySz = length; +#ifdef WOLFSSL_SMALL_STACK + buff = (byte*)XMALLOC(EVP_PKEY_PRINT_LINE_WIDTH_MAX, NULL, + DYNAMIC_TYPE_TMP_BUFFER); +#endif + + idx = 0; wsz = Indent(indent, buff + idx); idx += wsz; @@ -7395,6 +7510,9 @@ static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, DumpElement(out, g, gSz, indent + 4); +#ifdef WOLFSSL_SMALL_STACK + XFREE(buff, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return WOLFSSL_SUCCESS; } /* PrintPubKeyDH is a helper function for wolfSSL_EVP_PKEY_print_public @@ -7404,9 +7522,12 @@ static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, int indent, int bitlen, ASN1_PCTX* pctx) { - +#ifdef WOLFSSL_SMALL_STACK + byte* buff = NULL; +#else + byte buff[EVP_PKEY_PRINT_LINE_WIDTH_MAX] = { 0 }; +#endif /* WOLFSSL_SMALL_STACK */ word32 length; - byte buff[128] = { 0 }; word32 inOutIdx = 0; word32 oid; byte tagFound; @@ -7417,6 +7538,13 @@ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, int publicKeySz; int idx = 0; int wsz = 0; + word32 outSz; + byte outHex[3]; + + if (indent < 0) + indent = 0; + else if (indent >= EVP_PKEY_PRINT_INDENT_MAX) + indent = EVP_PKEY_PRINT_INDENT_MAX; inOutIdx = 0; (void)pctx; @@ -7480,6 +7608,11 @@ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, bitlen = publicKeySz * 8; } +#ifdef WOLFSSL_SMALL_STACK + buff = (byte*)XMALLOC(EVP_PKEY_PRINT_LINE_WIDTH_MAX, NULL, + DYNAMIC_TYPE_TMP_BUFFER); +#endif + /* print elements */ idx = 0; wsz = Indent(indent, buff + idx); @@ -7539,9 +7672,10 @@ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, wsz = sizeof(" (0x"); XSTRNCPY((char*)(buff + idx), " (0x", wsz); idx += wsz -1; - - wsz = ToHex(generator, buff + idx); - idx += wsz; + outSz = sizeof(outHex); + Base16_Encode((const byte*)&generator, 1, outHex, &outSz ); + XMEMCPY(buff + idx, outHex, 2); + idx += 2; wsz = sizeof(")\n"); XSTRNCPY((char*)(buff + idx), ")\n", wsz); @@ -7550,6 +7684,9 @@ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, wolfSSL_BIO_write(out, buff, idx); XMEMSET(buff, 0, sizeof(buff)); +#ifdef WOLFSSL_SMALL_STACK + XFREE(buff, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif return WOLFSSL_SUCCESS; } /* wolfSSL_EVP_PKEY_print_public parses the specified key then diff --git a/wolfssl/openssl/evp.h b/wolfssl/openssl/evp.h index 56ae89be32..5612351f3a 100644 --- a/wolfssl/openssl/evp.h +++ b/wolfssl/openssl/evp.h @@ -386,6 +386,8 @@ typedef WOLFSSL_EVP_PKEY_CTX EVP_PKEY_CTX; #define EVP_PKEY_OP_DECRYPT (1 << 7) #define EVP_PKEY_OP_DERIVE (1 << 8) +#define EVP_PKEY_PRINT_INDENT_MAX 20 + WOLFSSL_API void wolfSSL_EVP_init(void); WOLFSSL_API int wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* md); WOLFSSL_API int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md); diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h index b7a57b389c..f55312c124 100644 --- a/wolfssl/wolfcrypt/asn_public.h +++ b/wolfssl/wolfcrypt/asn_public.h @@ -523,9 +523,6 @@ WOLFSSL_API void wc_FreeDer(DerBuffer** pDer); word32* outLen); /* public key helper */ - WOLFSSL_API int wc_EccPublicKeyDecode_ex(const byte* input, - word32* inOutIdx, int* curveId, - word32* pointIdx, int* pointSz, word32 inSz); WOLFSSL_API int wc_EccPublicKeyDecode(const byte*, word32*, ecc_key*, word32); WOLFSSL_API int wc_EccPublicKeyToDer(ecc_key*, byte* output, From 6bf14dfa56319068d72db8b23ebba77d249be62d Mon Sep 17 00:00:00 2001 From: TakayukiMatsuo Date: Sun, 21 Mar 2021 07:37:02 +0900 Subject: [PATCH 15/29] Added bounds checks, smallstack pattern. --- wolfcrypt/src/evp.c | 430 +++++++++++++----------------------------- wolfssl/openssl/evp.h | 2 +- 2 files changed, 130 insertions(+), 302 deletions(-) diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index a1c01b074e..6e6afe3d90 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -6850,22 +6850,27 @@ static int ToDec(word32 in, byte* hex) } return written; } -/* Indent adds white spaces of the number specified by "indents" - * to the buffer specified by "dst". +/* Indent writes white spaces of the number specified by "indents" + * to the BIO. The number of white spaces is limited from 0 to + * EVP_PKEY_PRINT_INDENT_MAX. + * returns the amount written to BIO. */ -static int Indent(int indents, byte* dst ) +static int Indent(WOLFSSL_BIO* out, int indents ) { int i; + char space = ' '; if (indents < 0) indents = 0; - else if (indents >= EVP_PKEY_PRINT_INDENT_MAX) + else if (indents > EVP_PKEY_PRINT_INDENT_MAX) indents = EVP_PKEY_PRINT_INDENT_MAX; - if (dst == NULL) + if (out == NULL) return 0; - for (i = indents; i; i--) {*dst++ = ' ';} + for (i = indents; i; i--) { + wolfSSL_BIO_write(out, &space, 1); + } return indents; } /* DumpElement dump byte-data specified by "input" to the "out". @@ -6873,6 +6878,7 @@ static int Indent(int indents, byte* dst ) * four spaces, then hex coded 15 byte data with separator ":" follow. * Each line looks like: * " 00:e6:ab: --- 9f:ef:" + * Returns 1 on success, 0 on failure. */ static int DumpElement(WOLFSSL_BIO* out, const byte* input, int inlen, int indent) @@ -6899,9 +6905,10 @@ static int DumpElement(WOLFSSL_BIO* out, const byte* input, if (indent < 0) indent = 0; - else if (indent >= EVP_PKEY_PRINT_INDENT_MAX) + if (indent > EVP_PKEY_PRINT_INDENT_MAX) indent = EVP_PKEY_PRINT_INDENT_MAX; + point = input; len = inlen; line = len / 15; @@ -6916,28 +6923,26 @@ static int DumpElement(WOLFSSL_BIO* out, const byte* input, while (line) { idx = 0; - wsz = Indent(indent, buff + idx); - idx += wsz; + Indent(out, indent); for (i = 0; i < 15; i++) { /* 15 byte per line*/ outSz = sizeof(outHex); Base16_Encode((const byte*)&point[in++], 1, outHex, &outSz ); - XMEMCPY(buff + idx, outHex, 2); - idx += 2; - XMEMSET(buff + idx, ':', 1); - idx += 1; + if (idx + 3 = EVP_PKEY_PRINT_INDENT_MAX) + if (indent > EVP_PKEY_PRINT_INDENT_MAX) indent = EVP_PKEY_PRINT_INDENT_MAX; - (void)pctx; - if (GetSequence(pkey, &inOutIdx, &length, pkeySz) < 0) return WOLFSSL_FAILURE; @@ -7033,7 +7029,7 @@ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, inOutIdx ++; /* should have bit tag length and seq next */ - if( CheckBitString(pkey, &inOutIdx, NULL, pkeySz, 1, NULL) != 0) + if (CheckBitString(pkey, &inOutIdx, NULL, pkeySz, 1, NULL) != 0) return WOLFSSL_FAILURE; if (GetSequence(pkey, &inOutIdx, &length, pkeySz) < 0) @@ -7065,86 +7061,58 @@ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, return WOLFSSL_FAILURE; -#ifdef WOLFSSL_SMALL_STACK - buff = (byte*)XMALLOC(EVP_PKEY_PRINT_LINE_WIDTH_MAX, NULL, - DYNAMIC_TYPE_TMP_BUFFER); -#endif - eSz = length; e = (byte*)(&pkey[inOutIdx]); /* print out public key elements */ - idx = 0; - wsz = Indent(indent, buff + idx); - idx += wsz; - - wsz = sizeof("RSA Public-Key: (") ; - XSTRNCPY((char*)(buff + idx), "RSA Public-Key: (", wsz ); - idx += wsz -1; + XMEMSET(buff, 0, sizeof(buff)); + Indent(out, indent); + wolfSSL_BIO_write(out, "RSA Public-Key: (", + sizeof("RSA Public-Key: (") -1); wsz = ToDec(bitlen, buff + idx); - idx += wsz; - - wsz = sizeof(" bit)\n"); - XSTRNCPY((char*)(buff + idx), " bit)\n", wsz); - idx += wsz -1; - - wolfSSL_BIO_write(out, buff, idx); - XMEMSET(buff, 0, sizeof(buff)); + wolfSSL_BIO_write(out, buff + idx, wsz); + wolfSSL_BIO_write(out, " bit)\n", sizeof(" bit)\n") -1); /* print Modulus */ idx = 0; - wsz = Indent(indent, buff + idx); - idx += wsz; - - wsz = sizeof("Modulus:\n"); - XSTRNCPY((char*)(buff + idx), "Modulus:\n", wsz); - idx += wsz -1; - - wolfSSL_BIO_write(out, buff, idx); - XMEMSET(buff, 0, sizeof(buff)); - + Indent(out, indent); + wolfSSL_BIO_write(out, "Modulus:\n", sizeof("Modulus:\n") -1); DumpElement(out, n, nSz, indent + 4); /* print public Exponent */ idx = 0; - wsz = Indent(indent, buff + idx); - idx += wsz; - - wsz = sizeof("Exponent: "); - XSTRNCPY((char*)(buff + idx), "Exponent: ", wsz); - idx += wsz -1; + Indent(out, indent); + wolfSSL_BIO_write(out, "Exponent: ", sizeof("Exponent: ") -1); for (i = 0; i < eSz; i++) { exponent <<= 8; exponent += e[i]; } + + XMEMSET(buff, 0, sizeof(buff)); wsz = ToDec(exponent, buff + idx); - idx += wsz; - - wsz = sizeof(" (0x"); - XSTRNCPY((char*)(buff + idx), " (0x", wsz); - idx += wsz -1; + wolfSSL_BIO_write(out, buff + idx, wsz); + wolfSSL_BIO_write(out, " (0x", sizeof(" (0x") -1); + idx = 0; + XMEMSET(buff, 0, sizeof(buff)); for (i = 0; i < eSz; i++) { - outSz = sizeof(outHex); - Base16_Encode((const byte*)&e[i], 1, outHex, &outSz ); + outSz = sizeof(outHex); + Base16_Encode((const byte*)&e[i], 1, outHex, &outSz ); + if ((unsigned int)idx + 2 <= sizeof(buff)) { XMEMCPY(buff + idx, outHex, 2); idx += 2; + } } - wsz = sizeof(")\n"); - XSTRNCPY((char*)(buff + idx), ")\n", wsz); - idx += wsz -1; wolfSSL_BIO_write(out, buff, idx); - XMEMSET(buff, 0, sizeof(buff)); + wolfSSL_BIO_write(out, ")\n", sizeof(")\n") -1); -#ifdef WOLFSSL_SMALL_STACK - XFREE(buff, NULL, DYNAMIC_TYPE_TMP_BUFFER); -#endif return WOLFSSL_SUCCESS; } + #if defined(HAVE_ECC) /* PrintPubKeyEC is a helper function for wolfSSL_EVP_PKEY_print_public * to parses a DER format ECC public key specified in the second parameter. @@ -7153,12 +7121,8 @@ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, int indent, int bitlen, ASN1_PCTX* pctx) { -#ifdef WOLFSSL_SMALL_STACK - byte* buff = NULL; -#else - byte buff[EVP_PKEY_PRINT_LINE_WIDTH_MAX] = { 0 }; -#endif /* WOLFSSL_SMALL_STACK */ + byte buff[8] = { 0 }; int res = WOLFSSL_SUCCESS; word32 inOutIdx = 0; int length = 0; @@ -7175,13 +7139,13 @@ static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, int idx = 0; int wsz = 0; + (void)pctx; + if (indent < 0) indent = 0; - else if (indent >= EVP_PKEY_PRINT_INDENT_MAX) + if (indent > EVP_PKEY_PRINT_INDENT_MAX) indent = EVP_PKEY_PRINT_INDENT_MAX; - (void)pctx; - if (GetSequence(pkey, &inOutIdx, &length, pkeySz) < 0) return ASN_PARSE_E; @@ -7241,89 +7205,46 @@ static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, /* get NIST curve name */ nistCurveName = wolfSSL_EC_curve_nid2nist(nid); -#ifdef WOLFSSL_SMALL_STACK - buff = (byte*)XMALLOC(EVP_PKEY_PRINT_LINE_WIDTH_MAX, NULL, - DYNAMIC_TYPE_TMP_BUFFER); -#endif - - idx = 0; - wsz = Indent(indent, buff + idx); - idx += wsz; + Indent(out, indent); - wsz = sizeof("Public-Key: ("); - XSTRNCPY((char*)(buff + idx), "Public-Key: (", wsz); - idx += wsz -1; + wolfSSL_BIO_write(out, "Public-Key: (", + sizeof("Public-Key: (") - 1); wsz = ToDec(bitlen, buff + idx); - idx += wsz; + wolfSSL_BIO_write(out, buff + idx, wsz); + wolfSSL_BIO_write(out, " bit)\n", sizeof(" bit)\n") - 1); - wsz = sizeof(" bit)\n"); - XSTRNCPY((char*)(buff + idx), " bit)\n", wsz); - idx += wsz -1; - - wolfSSL_BIO_write(out, buff, idx); - XMEMSET(buff, 0, sizeof(buff)); /* print pub element */ idx = 0; - wsz = Indent(indent, buff + idx); - idx += wsz; - - wsz = sizeof("pub:\n"); - XSTRNCPY((char*)(buff + idx), "pub:\n", wsz); - idx += wsz -1; - - wolfSSL_BIO_write(out, buff, idx); - XMEMSET(buff, 0, sizeof(buff)); - + Indent(out, indent); + wolfSSL_BIO_write(out, "pub:\n", sizeof("pub:\n") - 1); DumpElement(out, pkey + pointIdx, pointSz, indent + 4); /* print OID in name */ idx = 0; - wsz = Indent(indent, buff + idx); - idx += wsz; + Indent(out, indent); - wsz = sizeof("ASN1 OID: "); - XSTRNCPY((char*)(buff + idx), "ASN1 OID: ", wsz); - idx += wsz -1; + wolfSSL_BIO_write(out, "ASN1 OID: ", sizeof("ASN1 OID: ") - 1); - wsz = (int)XSTRLEN(OIDName); - XSTRNCPY((char*)(buff + idx), OIDName, wsz +1); - idx += wsz; - - wsz = sizeof("\n"); - XSTRNCPY((char*)(buff + idx), "\n", wsz); - idx += wsz -1; - - wolfSSL_BIO_write(out, buff, idx); - XMEMSET(buff, 0, sizeof(buff)); + if (OIDName && XSTRLEN(OIDName) > 0) { + wolfSSL_BIO_write(out, OIDName, XSTRLEN(OIDName)); + wolfSSL_BIO_write(out, "\n", 1); + } /* print NIST curve name */ idx = 0; - wsz = Indent(indent, buff + idx); - idx += wsz; + Indent(out, indent); + wolfSSL_BIO_write(out, "NIST CURVE: ", sizeof("NIST CURVE: ") -1); - wsz = sizeof("NIST CURVE: "); - XSTRNCPY((char*)(buff + idx), "NIST CURVE: ", wsz); - idx += wsz -1; + if (nistCurveName && XSTRLEN(nistCurveName) > 0) { + wolfSSL_BIO_write(out, nistCurveName, XSTRLEN(nistCurveName)); + wolfSSL_BIO_write(out, "\n", 1); + } - wsz = (int)XSTRLEN(nistCurveName); - XSTRNCPY((char*)(buff + idx), nistCurveName, wsz +1); - idx += wsz; - - wsz = sizeof("\n"); - XSTRNCPY((char*)(buff + idx), "\n", wsz); - idx += wsz -1; - - wolfSSL_BIO_write(out, buff, idx); - XMEMSET(buff, 0, sizeof(buff)); - -#ifdef WOLFSSL_SMALL_STACK - XFREE(buff, NULL, DYNAMIC_TYPE_TMP_BUFFER); -#endif return WOLFSSL_SUCCESS; } #endif /* HAVE_ECC */ @@ -7334,11 +7255,8 @@ static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, int indent, int bitlen, ASN1_PCTX* pctx) { -#ifdef WOLFSSL_SMALL_STACK - byte* buff = NULL; -#else - byte buff[EVP_PKEY_PRINT_LINE_WIDTH_MAX] = { 0 }; -#endif /* WOLFSSL_SMALL_STACK */ + + byte buff[8] = { 0 }; int length; int res; word32 inOutIdx = 0; @@ -7349,13 +7267,14 @@ static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, int idx = 0; int wsz = 0; - if (indent < 0) - indent = 0; - else if (indent >= EVP_PKEY_PRINT_INDENT_MAX) - indent = EVP_PKEY_PRINT_INDENT_MAX; - inOutIdx = 0; (void)pctx; + + if (indent < 0) + indent = 0; + if (indent > EVP_PKEY_PRINT_INDENT_MAX) + indent = EVP_PKEY_PRINT_INDENT_MAX; + if (GetSequence(pkey, &inOutIdx, &length, pkeySz) < 0) return WOLFSSL_FAILURE; if (GetSequence(pkey, &inOutIdx, &length, pkeySz) < 0) @@ -7430,89 +7349,39 @@ static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, y = (byte*)(pkey + inOutIdx); ySz = length; -#ifdef WOLFSSL_SMALL_STACK - buff = (byte*)XMALLOC(EVP_PKEY_PRINT_LINE_WIDTH_MAX, NULL, - DYNAMIC_TYPE_TMP_BUFFER); -#endif - - idx = 0; - wsz = Indent(indent, buff + idx); - idx += wsz; - - wsz = sizeof("DSA Public-Key: ("); - XSTRNCPY((char*)(buff + idx), "DSA Public-Key: (", wsz); - idx += wsz -1; + XMEMSET(buff, 0, sizeof(buff)); + Indent(out, indent); + wolfSSL_BIO_write(out, "DSA Public-Key: (", + sizeof("DSA Public-Key: (") -1); wsz = ToDec(bitlen, buff + idx); - idx += wsz; - - wsz = sizeof(" bit)\n"); - XSTRNCPY((char*)(buff + idx), " bit)\n", wsz); - idx += wsz -1; - - wolfSSL_BIO_write(out, buff, idx); - XMEMSET(buff, 0, sizeof(buff)); + wolfSSL_BIO_write(out, buff + idx, wsz); + wolfSSL_BIO_write(out, " bit)\n", sizeof(" bit)\n") - 1); /* print pub element */ - idx = 0; - wsz = Indent(indent, buff + idx); - idx += wsz; - - wsz = sizeof("pub:\n"); - XSTRNCPY((char*)(buff + idx), "pub:\n", wsz); - idx += wsz -1; - - wolfSSL_BIO_write(out, buff, idx); - XMEMSET(buff, 0, sizeof(buff)); - + Indent(out, indent); + wolfSSL_BIO_write(out, "pub:\n", sizeof("pub:\n") - 1); DumpElement(out, y, ySz, indent + 4); /* print P element */ idx = 0; - wsz = Indent(indent, buff + idx); - idx += wsz; - - wsz = sizeof("P:\n"); - XSTRNCPY((char*)(buff + idx), "P:\n", wsz); - idx += wsz -1; - - wolfSSL_BIO_write(out, buff, idx); - XMEMSET(buff, 0, sizeof(buff)); - + Indent(out, indent); + wolfSSL_BIO_write(out, "P:\n", sizeof("P:\n") - 1); DumpElement(out, p, pSz, indent + 4); /* print Q element */ idx = 0; - wsz = Indent(indent, buff + idx); - idx += wsz; - - wsz = sizeof("Q:\n"); - XSTRNCPY((char*)(buff + idx), "Q:\n", wsz); - idx += wsz -1; - - wolfSSL_BIO_write(out, buff, idx); - XMEMSET(buff, 0, sizeof(buff)); - + Indent(out, indent); + wolfSSL_BIO_write(out, "Q:\n", sizeof("Q:\n") - 1); DumpElement(out, q, qSz, indent + 4); /* print G element */ idx = 0; - wsz = Indent(indent, buff + idx); - idx += wsz; - - wsz = sizeof("G:\n"); - XSTRNCPY((char*)(buff + idx), "G:\n", wsz); - idx += wsz -1; - - wolfSSL_BIO_write(out, buff, idx); - XMEMSET(buff, 0, sizeof(buff)); - + Indent(out, indent); + wolfSSL_BIO_write(out, "G:\n", sizeof("G:\n") - 1); DumpElement(out, g, gSz, indent + 4); -#ifdef WOLFSSL_SMALL_STACK - XFREE(buff, NULL, DYNAMIC_TYPE_TMP_BUFFER); -#endif return WOLFSSL_SUCCESS; } /* PrintPubKeyDH is a helper function for wolfSSL_EVP_PKEY_print_public @@ -7522,11 +7391,8 @@ static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, int indent, int bitlen, ASN1_PCTX* pctx) { -#ifdef WOLFSSL_SMALL_STACK - byte* buff = NULL; -#else - byte buff[EVP_PKEY_PRINT_LINE_WIDTH_MAX] = { 0 }; -#endif /* WOLFSSL_SMALL_STACK */ + + byte buff[8] = { 0 }; word32 length; word32 inOutIdx = 0; word32 oid; @@ -7541,13 +7407,14 @@ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, word32 outSz; byte outHex[3]; - if (indent < 0) - indent = 0; - else if (indent >= EVP_PKEY_PRINT_INDENT_MAX) - indent = EVP_PKEY_PRINT_INDENT_MAX; - inOutIdx = 0; (void)pctx; + + if (indent < 0) + indent = 0; + if (indent > EVP_PKEY_PRINT_INDENT_MAX) + indent = EVP_PKEY_PRINT_INDENT_MAX; + if (GetSequence(pkey, &inOutIdx, (int*)&length, pkeySz) < 0) return WOLFSSL_FAILURE; if (GetSequence(pkey, &inOutIdx, (int*)&length, pkeySz) < 0) @@ -7608,87 +7475,43 @@ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, bitlen = publicKeySz * 8; } -#ifdef WOLFSSL_SMALL_STACK - buff = (byte*)XMALLOC(EVP_PKEY_PRINT_LINE_WIDTH_MAX, NULL, - DYNAMIC_TYPE_TMP_BUFFER); -#endif - /* print elements */ idx = 0; - wsz = Indent(indent, buff + idx); - idx += wsz; - - wsz = sizeof("DH Public-Key: ("); - XSTRNCPY((char*)(buff + idx), "DH Public-Key: (", wsz); - idx += wsz -1; + Indent(out, indent); + wolfSSL_BIO_write(out, "DH Public-Key: (", + sizeof("DH Public-Key: (") - 1); wsz = ToDec(bitlen, buff + idx); - idx += wsz; - - wsz = sizeof(" bit)\n"); - XSTRNCPY((char*)(buff + idx), " bit)\n", wsz); - idx += wsz -1; - - wolfSSL_BIO_write(out, buff, idx); - XMEMSET(buff, 0, sizeof(buff)); - - idx = 0; - wsz = Indent(indent, buff + idx); - idx += wsz; - - wsz = sizeof("public-key:\n"); - XSTRNCPY((char*)(buff + idx), "public-key:\n", wsz); - idx += wsz -1; - - wolfSSL_BIO_write(out, buff, idx); - XMEMSET(buff, 0, sizeof(buff)); + wolfSSL_BIO_write(out, buff + idx, wsz); + wolfSSL_BIO_write(out, " bit)\n", sizeof(" bit)\n") - 1); + Indent(out, indent); + wolfSSL_BIO_write(out, "public-key:\n", sizeof("public-key:\n") - 1); DumpElement(out, publicKey, publicKeySz, indent + 4); - idx = 0; - wsz = Indent(indent, buff + idx); - idx += wsz; - - wsz = sizeof("prime:\n"); - XSTRNCPY((char*)(buff + idx), "prime:\n", wsz); - idx += wsz -1; - - wolfSSL_BIO_write(out, buff, idx); - XMEMSET(buff, 0, sizeof(buff)); - + Indent(out, indent); + wolfSSL_BIO_write(out, "prime:\n", sizeof("prime:\n") - 1); DumpElement(out, prime, primeSz, indent + 4); idx = 0; - wsz = Indent(indent, buff + idx); - idx += wsz; - - wsz = sizeof("generator: "); - XSTRNCPY((char*)(buff + idx), "generator: ", wsz); - idx += wsz -1; - + XMEMSET(buff, 0, sizeof(buff)); + Indent(out, indent); + wolfSSL_BIO_write(out, "generator: ", sizeof("generator: ") - 1); wsz = ToDec(generator, buff + idx); - idx += wsz; + wolfSSL_BIO_write(out, buff + idx, wsz); + wolfSSL_BIO_write(out, " (0x", sizeof(" (0x") - 1); + - wsz = sizeof(" (0x"); - XSTRNCPY((char*)(buff + idx), " (0x", wsz); - idx += wsz -1; outSz = sizeof(outHex); Base16_Encode((const byte*)&generator, 1, outHex, &outSz ); XMEMCPY(buff + idx, outHex, 2); idx += 2; - - wsz = sizeof(")\n"); - XSTRNCPY((char*)(buff + idx), ")\n", wsz); - idx += wsz -1; - wolfSSL_BIO_write(out, buff, idx); - XMEMSET(buff, 0, sizeof(buff)); + wolfSSL_BIO_write(out, ")\n", sizeof(")\n") -1); -#ifdef WOLFSSL_SMALL_STACK - XFREE(buff, NULL, DYNAMIC_TYPE_TMP_BUFFER); -#endif return WOLFSSL_SUCCESS; } + /* wolfSSL_EVP_PKEY_print_public parses the specified key then * outputs public key info in human readable format to the specified BIO. * White spaces of the same number which 'indent" gives, will be added to @@ -7708,6 +7531,11 @@ int wolfSSL_EVP_PKEY_print_public(WOLFSSL_BIO* out, if (pkey == NULL || out == NULL) return 0; + if (indent < 0) + indent = 0; + if (indent > EVP_PKEY_PRINT_INDENT_MAX) + indent = EVP_PKEY_PRINT_INDENT_MAX; + switch (pkey->type) { case EVP_PKEY_RSA: diff --git a/wolfssl/openssl/evp.h b/wolfssl/openssl/evp.h index 5612351f3a..2235f215e0 100644 --- a/wolfssl/openssl/evp.h +++ b/wolfssl/openssl/evp.h @@ -386,7 +386,7 @@ typedef WOLFSSL_EVP_PKEY_CTX EVP_PKEY_CTX; #define EVP_PKEY_OP_DECRYPT (1 << 7) #define EVP_PKEY_OP_DERIVE (1 << 8) -#define EVP_PKEY_PRINT_INDENT_MAX 20 +#define EVP_PKEY_PRINT_INDENT_MAX 128 WOLFSSL_API void wolfSSL_EVP_init(void); WOLFSSL_API int wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* md); From a86a6386984089878d302c4b5315742ebcb2429f Mon Sep 17 00:00:00 2001 From: TakayukiMatsuo Date: Sun, 21 Mar 2021 08:19:02 +0900 Subject: [PATCH 16/29] Fix for PRB tests. --- tests/api.c | 2 +- wolfcrypt/src/evp.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/api.c b/tests/api.c index d84f4614f2..51f15771c9 100644 --- a/tests/api.c +++ b/tests/api.c @@ -22605,7 +22605,7 @@ static int test_wc_DhPublicKeyDecode(void) word32 inOutIdx; #if defined(WOLFSSL_DH_EXTRA) && defined(USE_CERT_BUFFERS_2048) - DhKey key = {0}; + DhKey key; AssertIntEQ(wc_InitDhKey(&key), 0); printf(testingFmt, "wc_DhPublicKeyDecode()"); diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 6e6afe3d90..eac2ba0a88 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -7230,7 +7230,7 @@ static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, wolfSSL_BIO_write(out, "ASN1 OID: ", sizeof("ASN1 OID: ") - 1); if (OIDName && XSTRLEN(OIDName) > 0) { - wolfSSL_BIO_write(out, OIDName, XSTRLEN(OIDName)); + wolfSSL_BIO_write(out, OIDName, (int)XSTRLEN(OIDName)); wolfSSL_BIO_write(out, "\n", 1); } @@ -7241,7 +7241,7 @@ static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, wolfSSL_BIO_write(out, "NIST CURVE: ", sizeof("NIST CURVE: ") -1); if (nistCurveName && XSTRLEN(nistCurveName) > 0) { - wolfSSL_BIO_write(out, nistCurveName, XSTRLEN(nistCurveName)); + wolfSSL_BIO_write(out, nistCurveName, (int)XSTRLEN(nistCurveName)); wolfSSL_BIO_write(out, "\n", 1); } From 53c54ab4750039cea910178a611eb390180f018d Mon Sep 17 00:00:00 2001 From: TakayukiMatsuo Date: Sun, 21 Mar 2021 12:30:45 +0900 Subject: [PATCH 17/29] Added bounds checks. --- wolfcrypt/src/evp.c | 78 +++++++++++++++++++++------------------------ 1 file changed, 37 insertions(+), 41 deletions(-) diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index eac2ba0a88..475b40c48c 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -6806,16 +6806,17 @@ void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY* key) } #if defined(OPENSSL_EXTRA) /* Converts input value "i" to upto five digit decimal - * and copys to the specified buffer. + * and copies to the specified buffer. + * Returns the number of written, 0 on failure. */ -static int ToDec(word32 in, byte* hex) +static int ToDec(word32 in, byte* out, int outSz) { int i = 0; byte dgt[5]; word32 quo; int written; - if (hex == NULL || in > 99999 ) + if (out == NULL || in > 99999 ) return 0; quo = in; dgt[4] = quo % 10; @@ -6845,8 +6846,11 @@ static int ToDec(word32 in, byte* hex) written = 5 - i; + if ( outSz < written) + return 0; + for (; i < 5; i++) { - *hex++ = dgt[i] + '0'; + *out++ = dgt[i] + '0'; } return written; } @@ -6891,7 +6895,7 @@ static int DumpElement(WOLFSSL_BIO* out, const byte* input, word32 in = 0; word32 i; - int idx = 0; + int idx; int wsz = 0; word32 line; word32 len; @@ -6961,15 +6965,14 @@ static int DumpElement(WOLFSSL_BIO* out, const byte* input, wolfSSL_BIO_write(out, buff, idx); wolfSSL_BIO_write(out, "\n", 1); - idx++; #ifdef WOLFSSL_SMALL_STACK XFREE(buff, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif - return idx; + return WOLFSSL_SUCCESS; } /* PrintPubKeyRSA is a helper function for wolfSSL_EVP_PKEY_print_public - * to parses a DER format RSA public key specified in the second parameter. + * to parse a DER format RSA public key specified in the second parameter. * Returns 1 on success, 0 on failure. */ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, @@ -6979,15 +6982,15 @@ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, byte buff[8] = { 0 }; word32 inOutIdx = 0; int length = 0; - word32 nSz = 0; /* size of modulus */ - word32 eSz = 0; /* size of public exponent */ + word32 nSz; /* size of modulus */ + word32 eSz; /* size of public exponent */ byte* n = NULL; - byte* e = NULL; /* pointer to modulus/exponent */ + byte* e = NULL; /* pointer to modulus/exponent */ word32 localIdx; word32 oid; byte tag; - int idx = 0; - int wsz = 0; + int idx; + int wsz; word32 i; word32 exponent = 0; word32 outSz; @@ -7071,12 +7074,11 @@ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, wolfSSL_BIO_write(out, "RSA Public-Key: (", sizeof("RSA Public-Key: (") -1); - wsz = ToDec(bitlen, buff + idx); + wsz = ToDec(bitlen, buff + idx, sizeof(buff) - idx); wolfSSL_BIO_write(out, buff + idx, wsz); wolfSSL_BIO_write(out, " bit)\n", sizeof(" bit)\n") -1); /* print Modulus */ - idx = 0; Indent(out, indent); wolfSSL_BIO_write(out, "Modulus:\n", sizeof("Modulus:\n") -1); DumpElement(out, n, nSz, indent + 4); @@ -7092,7 +7094,7 @@ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, } XMEMSET(buff, 0, sizeof(buff)); - wsz = ToDec(exponent, buff + idx); + wsz = ToDec(exponent, buff + idx, sizeof(buff) - idx); wolfSSL_BIO_write(out, buff + idx, wsz); wolfSSL_BIO_write(out, " (0x", sizeof(" (0x") -1); @@ -7115,7 +7117,7 @@ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, #if defined(HAVE_ECC) /* PrintPubKeyEC is a helper function for wolfSSL_EVP_PKEY_print_public - * to parses a DER format ECC public key specified in the second parameter. + * to parse a DER format ECC public key specified in the second parameter. * Returns 1 on success, 0 on failure. */ static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, @@ -7136,7 +7138,7 @@ static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, WOLFSSL_ObjectInfo* oi = NULL; word32 i; byte tag; - int idx = 0; + int idx; int wsz = 0; (void)pctx; @@ -7211,22 +7213,18 @@ static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, wolfSSL_BIO_write(out, "Public-Key: (", sizeof("Public-Key: (") - 1); - wsz = ToDec(bitlen, buff + idx); + wsz = ToDec(bitlen, buff + idx, sizeof(buff) - idx); wolfSSL_BIO_write(out, buff + idx, wsz); wolfSSL_BIO_write(out, " bit)\n", sizeof(" bit)\n") - 1); /* print pub element */ - idx = 0; Indent(out, indent); wolfSSL_BIO_write(out, "pub:\n", sizeof("pub:\n") - 1); DumpElement(out, pkey + pointIdx, pointSz, indent + 4); /* print OID in name */ - - idx = 0; Indent(out, indent); - wolfSSL_BIO_write(out, "ASN1 OID: ", sizeof("ASN1 OID: ") - 1); if (OIDName && XSTRLEN(OIDName) > 0) { @@ -7235,8 +7233,6 @@ static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, } /* print NIST curve name */ - - idx = 0; Indent(out, indent); wolfSSL_BIO_write(out, "NIST CURVE: ", sizeof("NIST CURVE: ") -1); @@ -7249,7 +7245,7 @@ static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, } #endif /* HAVE_ECC */ /* PrintPubKeyDSA is a helper function for wolfSSL_EVP_PKEY_print_public - * to parses a DER format DSA public key specified in the second parameter. + * to parse a DER format DSA public key specified in the second parameter. * Returns 1 on success, 0 on failure. */ static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, @@ -7264,8 +7260,8 @@ static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, byte tagFound; byte *p = NULL, * q = NULL, * g = NULL, * y = NULL; int pSz, qSz, gSz, ySz; - int idx = 0; - int wsz = 0; + int idx; + int wsz; inOutIdx = 0; (void)pctx; @@ -7355,7 +7351,7 @@ static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, wolfSSL_BIO_write(out, "DSA Public-Key: (", sizeof("DSA Public-Key: (") -1); - wsz = ToDec(bitlen, buff + idx); + wsz = ToDec(bitlen, buff + idx, sizeof(buff) - idx); wolfSSL_BIO_write(out, buff + idx, wsz); wolfSSL_BIO_write(out, " bit)\n", sizeof(" bit)\n") - 1); @@ -7365,19 +7361,16 @@ static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, DumpElement(out, y, ySz, indent + 4); /* print P element */ - idx = 0; Indent(out, indent); wolfSSL_BIO_write(out, "P:\n", sizeof("P:\n") - 1); DumpElement(out, p, pSz, indent + 4); /* print Q element */ - idx = 0; Indent(out, indent); wolfSSL_BIO_write(out, "Q:\n", sizeof("Q:\n") - 1); DumpElement(out, q, qSz, indent + 4); /* print G element */ - idx = 0; Indent(out, indent); wolfSSL_BIO_write(out, "G:\n", sizeof("G:\n") - 1); DumpElement(out, g, gSz, indent + 4); @@ -7385,7 +7378,7 @@ static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, return WOLFSSL_SUCCESS; } /* PrintPubKeyDH is a helper function for wolfSSL_EVP_PKEY_print_public - * to parses a DER format DH public key specified in the second parameter. + * to parse a DER format DH public key specified in the second parameter. * Returns 1 on success, 0 on failure. */ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, @@ -7394,7 +7387,7 @@ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, byte buff[8] = { 0 }; word32 length; - word32 inOutIdx = 0; + word32 inOutIdx; word32 oid; byte tagFound; byte* prime = NULL; @@ -7402,8 +7395,8 @@ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, byte generator; byte* publicKey = NULL; int publicKeySz; - int idx = 0; - int wsz = 0; + int idx; + int wsz; word32 outSz; byte outHex[3]; @@ -7481,7 +7474,7 @@ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, wolfSSL_BIO_write(out, "DH Public-Key: (", sizeof("DH Public-Key: (") - 1); - wsz = ToDec(bitlen, buff + idx); + wsz = ToDec(bitlen, buff + idx, sizeof(buff) - idx); wolfSSL_BIO_write(out, buff + idx, wsz); wolfSSL_BIO_write(out, " bit)\n", sizeof(" bit)\n") - 1); @@ -7497,15 +7490,18 @@ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, XMEMSET(buff, 0, sizeof(buff)); Indent(out, indent); wolfSSL_BIO_write(out, "generator: ", sizeof("generator: ") - 1); - wsz = ToDec(generator, buff + idx); + wsz = ToDec(generator, buff + idx, sizeof(buff) - idx); wolfSSL_BIO_write(out, buff + idx, wsz); wolfSSL_BIO_write(out, " (0x", sizeof(" (0x") - 1); - + idx = 0; + XMEMSET(buff, 0, sizeof(buff)); outSz = sizeof(outHex); Base16_Encode((const byte*)&generator, 1, outHex, &outSz ); - XMEMCPY(buff + idx, outHex, 2); - idx += 2; + if (idx + 2 < (int)sizeof(buff) ) { + XMEMCPY(buff + idx, outHex, 2); + idx += 2; + } wolfSSL_BIO_write(out, buff, idx); wolfSSL_BIO_write(out, ")\n", sizeof(")\n") -1); From dd6db22bc63172cc7f7b19e759788137a167201f Mon Sep 17 00:00:00 2001 From: TakayukiMatsuo Date: Fri, 26 Mar 2021 04:08:02 +0900 Subject: [PATCH 18/29] Changed the function name to be called in the unit test to the OpenSSL function name. --- tests/api.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tests/api.c b/tests/api.c index 51f15771c9..a25e9378e4 100644 --- a/tests/api.c +++ b/tests/api.c @@ -2411,9 +2411,9 @@ static void test_wolfSSL_EVP_PKEY_print_public(void) char line[256] = { 0 }; int i; - printf(testingFmt, "wolfSSL_EVP_PKEY_print_public()"); + printf(testingFmt, "EVP_PKEY_print_public()"); /* test error cases */ - AssertIntEQ( wolfSSL_EVP_PKEY_print_public(NULL,NULL,0,NULL),0L); + AssertIntEQ( EVP_PKEY_print_public(NULL,NULL,0,NULL),0L); /* * test RSA public key print @@ -2431,7 +2431,7 @@ static void test_wolfSSL_EVP_PKEY_print_public(void) wbio = BIO_new(BIO_s_mem()); AssertNotNull(wbio); - AssertIntEQ(wolfSSL_EVP_PKEY_print_public(wbio, pkey,3,NULL),1); + AssertIntEQ(EVP_PKEY_print_public(wbio, pkey,3,NULL),1); BIO_gets(wbio, line, sizeof(line)); AssertIntEQ(XSTRNCMP( line, " RSA Public-Key: (1024 bit)\n", @@ -2485,7 +2485,7 @@ static void test_wolfSSL_EVP_PKEY_print_public(void) wbio = BIO_new(BIO_s_mem()); AssertNotNull(wbio); - AssertIntEQ(wolfSSL_EVP_PKEY_print_public(wbio, pkey,0,NULL),1); + AssertIntEQ(EVP_PKEY_print_public(wbio, pkey,0,NULL),1); BIO_gets(wbio, line, sizeof(line)); AssertIntEQ(XSTRNCMP( line, "DSA Public-Key: (2048 bit)\n", @@ -2560,7 +2560,7 @@ static void test_wolfSSL_EVP_PKEY_print_public(void) wbio = BIO_new(BIO_s_mem()); AssertNotNull(wbio); - AssertIntEQ(wolfSSL_EVP_PKEY_print_public(wbio, pkey,0,NULL),1); + AssertIntEQ(EVP_PKEY_print_public(wbio, pkey,0,NULL),1); BIO_gets(wbio, line, sizeof(line)); AssertIntEQ(XSTRNCMP( line, "Public-Key: (256 bit)\n", @@ -2616,7 +2616,7 @@ static void test_wolfSSL_EVP_PKEY_print_public(void) wbio = BIO_new(BIO_s_mem()); AssertNotNull(wbio); - AssertIntEQ(wolfSSL_EVP_PKEY_print_public(wbio, pkey,0,NULL),1); + AssertIntEQ(EVP_PKEY_print_public(wbio, pkey,0,NULL),1); BIO_gets(wbio, line, sizeof(line)); AssertIntEQ(XSTRNCMP( line, "DH Public-Key: (2048 bit)\n", From da9131d30da23f4f00c7c1c25d596b053cf532ba Mon Sep 17 00:00:00 2001 From: TakayukiMatsuo Date: Fri, 26 Mar 2021 04:14:14 +0900 Subject: [PATCH 19/29] Added return value checks and removed ToDec() --- src/ssl.c | 11 +- wolfcrypt/src/evp.c | 311 +++++++++++++++++++++++++++----------------- 2 files changed, 199 insertions(+), 123 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 6f5a94460d..558998bf0f 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -7895,10 +7895,13 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** out, { DhKey dh; word32 keyIdx = 0; + DhKey* key = NULL; /* test if DH-public key */ - if (wc_InitDhKey(&dh) == 0 && - wc_DhPublicKeyDecode(mem, &keyIdx, &dh, (word32)memSz) == 0) { + if (wc_InitDhKey(&dh) != 0) + return NULL; + + if (wc_DhPublicKeyDecode(mem, &keyIdx, &dh, (word32)memSz) == 0) { wc_FreeDhKey(&dh); pkey = wolfSSL_EVP_PKEY_new(); if (pkey != NULL) { @@ -7921,7 +7924,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** out, return NULL; } - DhKey* key = (DhKey*)pkey->dh->internal; + key = (DhKey*)pkey->dh->internal; keyIdx = 0; if (wc_DhPublicKeyDecode(mem, &keyIdx, key, (word32)memSz) == 0) @@ -7934,7 +7937,6 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** out, == WOLFSSL_SUCCESS && SetIndividualExternal(&(pkey->dh->pub_key), &key->pub) == WOLFSSL_SUCCESS) { - wc_FreeDhKey(&dh); return pkey; } } @@ -7945,7 +7947,6 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** out, } wolfSSL_EVP_PKEY_free(pkey); } - wc_FreeDhKey(&dh); } #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ #endif /* !NO_DH && OPENSSL_EXTRA && WOLFSSL_DH_EXTRA */ diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 475b40c48c..555d79fd43 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -44,6 +44,7 @@ #include #include +#include #ifndef NO_AES #ifdef HAVE_AES_CBC @@ -6805,55 +6806,7 @@ void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY* key) } } #if defined(OPENSSL_EXTRA) -/* Converts input value "i" to upto five digit decimal - * and copies to the specified buffer. - * Returns the number of written, 0 on failure. - */ -static int ToDec(word32 in, byte* out, int outSz) -{ - int i = 0; - byte dgt[5]; - word32 quo; - int written; - if (out == NULL || in > 99999 ) - return 0; - quo = in; - dgt[4] = quo % 10; - quo = quo / 10; - dgt[3] = quo % 10; - quo = quo / 10; - dgt[2] = quo % 10; - quo = quo / 10; - dgt[1] = quo % 10; - quo = quo / 10; - dgt[0] = quo % 10; - - /* to remove leading zero */ - if (dgt[0] == 0) { - if (dgt[1] == 0) { - if (dgt[2] == 0) { - if (dgt[3] == 0) { - i = 4; - }else - i = 3; - }else - i = 2; - }else - i = 1; - }else - i = 0; - - written = 5 - i; - - if ( outSz < written) - return 0; - - for (; i < 5; i++) { - *out++ = dgt[i] + '0'; - } - return written; -} /* Indent writes white spaces of the number specified by "indents" * to the BIO. The number of white spaces is limited from 0 to * EVP_PKEY_PRINT_INDENT_MAX. @@ -6873,9 +6826,10 @@ static int Indent(WOLFSSL_BIO* out, int indents ) return 0; for (i = indents; i; i--) { - wolfSSL_BIO_write(out, &space, 1); + if (wolfSSL_BIO_write(out, &space, 1) < 0) + break; } - return indents; + return indents -i; } /* DumpElement dump byte-data specified by "input" to the "out". * Each line has leading white spaces( "indent" gives the number ) plus @@ -6905,7 +6859,7 @@ static int DumpElement(WOLFSSL_BIO* out, const byte* input, byte outHex[3]; if (!out || !input) - return 0; + return WOLFSSL_FAILURE; if (indent < 0) indent = 0; @@ -6921,6 +6875,8 @@ static int DumpElement(WOLFSSL_BIO* out, const byte* input, #ifdef WOLFSSL_SMALL_STACK buff = (byte*)XMALLOC(EVP_PKEY_PRINT_LINE_WIDTH_MAX, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (!buff) + return WOLFSSL_FAILURE; #endif /* print pub element */ @@ -6931,7 +6887,9 @@ static int DumpElement(WOLFSSL_BIO* out, const byte* input, for (i = 0; i < 15; i++) { /* 15 byte per line*/ outSz = sizeof(outHex); - Base16_Encode((const byte*)&point[in++], 1, outHex, &outSz ); + if (Base16_Encode((const byte*)&point[in++], 1, outHex, &outSz ) != 0) + return WOLFSSL_FAILURE; + if (idx + 3 EVP_PKEY_PRINT_INDENT_MAX) @@ -7071,22 +7040,35 @@ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, idx = 0; XMEMSET(buff, 0, sizeof(buff)); Indent(out, indent); - wolfSSL_BIO_write(out, "RSA Public-Key: (", - sizeof("RSA Public-Key: (") -1); + if (wolfSSL_BIO_write(out, "RSA Public-Key: (", + sizeof("RSA Public-Key: (") -1) < 0) + return WOLFSSL_FAILURE; - wsz = ToDec(bitlen, buff + idx, sizeof(buff) - idx); - wolfSSL_BIO_write(out, buff + idx, wsz); - wolfSSL_BIO_write(out, " bit)\n", sizeof(" bit)\n") -1); + if (mp_set_int(&a, bitlen) != 0) + return WOLFSSL_FAILURE; + if (mp_todecimal(&a, (char*)buff) != 0) + return WOLFSSL_FAILURE; + wsz = XSTRLEN((const char*)buff); + + if (wolfSSL_BIO_write(out, buff + idx, wsz) < 0) + return WOLFSSL_FAILURE; + + if (wolfSSL_BIO_write(out, " bit)\n", sizeof(" bit)\n") -1) < 0) + return WOLFSSL_FAILURE; /* print Modulus */ Indent(out, indent); - wolfSSL_BIO_write(out, "Modulus:\n", sizeof("Modulus:\n") -1); - DumpElement(out, n, nSz, indent + 4); + if (wolfSSL_BIO_write(out, "Modulus:\n", sizeof("Modulus:\n") -1) < 0) + return WOLFSSL_FAILURE; + + if (DumpElement(out, n, nSz, indent + 4) != WOLFSSL_SUCCESS) + return WOLFSSL_FAILURE; /* print public Exponent */ idx = 0; Indent(out, indent); - wolfSSL_BIO_write(out, "Exponent: ", sizeof("Exponent: ") -1); + if (wolfSSL_BIO_write(out, "Exponent: ", sizeof("Exponent: ") -1) < 0) + return WOLFSSL_FAILURE; for (i = 0; i < eSz; i++) { exponent <<= 8; @@ -7094,26 +7076,40 @@ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, } XMEMSET(buff, 0, sizeof(buff)); - wsz = ToDec(exponent, buff + idx, sizeof(buff) - idx); - wolfSSL_BIO_write(out, buff + idx, wsz); - wolfSSL_BIO_write(out, " (0x", sizeof(" (0x") -1); + if (mp_set_int(&a, exponent) != 0) + return WOLFSSL_FAILURE; + if (mp_todecimal(&a, (char*)buff) != 0) + return WOLFSSL_FAILURE; + wsz = XSTRLEN((const char*)buff); + + if (wolfSSL_BIO_write(out, buff + idx, wsz) < 0) + return WOLFSSL_FAILURE; + + if (wolfSSL_BIO_write(out, " (0x", sizeof(" (0x") -1) < 0) + return WOLFSSL_FAILURE; idx = 0; XMEMSET(buff, 0, sizeof(buff)); for (i = 0; i < eSz; i++) { outSz = sizeof(outHex); - Base16_Encode((const byte*)&e[i], 1, outHex, &outSz ); + if (Base16_Encode((const byte*)&e[i], 1, outHex, &outSz ) != 0) + return WOLFSSL_FAILURE; + if ((unsigned int)idx + 2 <= sizeof(buff)) { XMEMCPY(buff + idx, outHex, 2); idx += 2; } } - wolfSSL_BIO_write(out, buff, idx); - wolfSSL_BIO_write(out, ")\n", sizeof(")\n") -1); + if (wolfSSL_BIO_write(out, buff, idx) < 0) + return WOLFSSL_FAILURE; + + if (wolfSSL_BIO_write(out, ")\n", sizeof(")\n") -1) < 0) + return WOLFSSL_FAILURE; return WOLFSSL_SUCCESS; } +#endif /* !NO_RSA */ #if defined(HAVE_ECC) /* PrintPubKeyEC is a helper function for wolfSSL_EVP_PKEY_print_public @@ -7140,9 +7136,12 @@ static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, byte tag; int idx; int wsz = 0; - + mp_int a; (void)pctx; + if( mp_init(&a) != 0) + return WOLFSSL_FAILURE; + if (indent < 0) indent = 0; if (indent > EVP_PKEY_PRINT_INDENT_MAX) @@ -7210,40 +7209,57 @@ static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, idx = 0; Indent(out, indent); - wolfSSL_BIO_write(out, "Public-Key: (", - sizeof("Public-Key: (") - 1); - - wsz = ToDec(bitlen, buff + idx, sizeof(buff) - idx); - wolfSSL_BIO_write(out, buff + idx, wsz); - wolfSSL_BIO_write(out, " bit)\n", sizeof(" bit)\n") - 1); + if (wolfSSL_BIO_write(out, "Public-Key: (", + sizeof("Public-Key: (") - 1) < 0) + return WOLFSSL_FAILURE; + if (mp_set_int(&a, bitlen) != 0) + return WOLFSSL_FAILURE; + if (mp_todecimal(&a, (char*)buff) != 0) + return WOLFSSL_FAILURE; + wsz = XSTRLEN((const char*)buff); + if (wolfSSL_BIO_write(out, buff + idx, wsz) < 0) + return WOLFSSL_FAILURE; + if (wolfSSL_BIO_write(out, " bit)\n", sizeof(" bit)\n") - 1) < 0) + return WOLFSSL_FAILURE; /* print pub element */ Indent(out, indent); - wolfSSL_BIO_write(out, "pub:\n", sizeof("pub:\n") - 1); - DumpElement(out, pkey + pointIdx, pointSz, indent + 4); + if (wolfSSL_BIO_write(out, "pub:\n", sizeof("pub:\n") - 1) < 0) + return WOLFSSL_FAILURE; + if (DumpElement(out, pkey + pointIdx, pointSz, indent + 4) + != WOLFSSL_SUCCESS) + return WOLFSSL_FAILURE; /* print OID in name */ Indent(out, indent); - wolfSSL_BIO_write(out, "ASN1 OID: ", sizeof("ASN1 OID: ") - 1); + if (wolfSSL_BIO_write(out, "ASN1 OID: ", sizeof("ASN1 OID: ") - 1) < 0) + return WOLFSSL_FAILURE; if (OIDName && XSTRLEN(OIDName) > 0) { - wolfSSL_BIO_write(out, OIDName, (int)XSTRLEN(OIDName)); - wolfSSL_BIO_write(out, "\n", 1); + if (wolfSSL_BIO_write(out, OIDName, (int)XSTRLEN(OIDName)) < 0) + return WOLFSSL_FAILURE; + if (wolfSSL_BIO_write(out, "\n", 1) < 0) + return WOLFSSL_FAILURE; } /* print NIST curve name */ Indent(out, indent); - wolfSSL_BIO_write(out, "NIST CURVE: ", sizeof("NIST CURVE: ") -1); + if (wolfSSL_BIO_write(out, "NIST CURVE: ", sizeof("NIST CURVE: ") -1) < 0) + return WOLFSSL_FAILURE; if (nistCurveName && XSTRLEN(nistCurveName) > 0) { - wolfSSL_BIO_write(out, nistCurveName, (int)XSTRLEN(nistCurveName)); - wolfSSL_BIO_write(out, "\n", 1); + if (wolfSSL_BIO_write(out, nistCurveName, (int)XSTRLEN(nistCurveName)) < 0) + return WOLFSSL_FAILURE; + if (wolfSSL_BIO_write(out, "\n", 1) < 0) + return WOLFSSL_FAILURE; } return WOLFSSL_SUCCESS; } #endif /* HAVE_ECC */ + +#if !defined(NO_DSA) /* PrintPubKeyDSA is a helper function for wolfSSL_EVP_PKEY_print_public * to parse a DER format DSA public key specified in the second parameter. * Returns 1 on success, 0 on failure. @@ -7262,6 +7278,10 @@ static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, int pSz, qSz, gSz, ySz; int idx; int wsz; + mp_int a; + + if( mp_init(&a) != 0) + return WOLFSSL_FAILURE; inOutIdx = 0; (void)pctx; @@ -7348,35 +7368,53 @@ static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, idx = 0; XMEMSET(buff, 0, sizeof(buff)); Indent(out, indent); - wolfSSL_BIO_write(out, "DSA Public-Key: (", - sizeof("DSA Public-Key: (") -1); + if (wolfSSL_BIO_write(out, "DSA Public-Key: (", + sizeof("DSA Public-Key: (") -1) < 0) + return WOLFSSL_FAILURE; - wsz = ToDec(bitlen, buff + idx, sizeof(buff) - idx); - wolfSSL_BIO_write(out, buff + idx, wsz); - wolfSSL_BIO_write(out, " bit)\n", sizeof(" bit)\n") - 1); + if (mp_set_int(&a, bitlen) != 0) + return WOLFSSL_FAILURE; + if (mp_todecimal(&a, (char*)buff) != 0) + return WOLFSSL_FAILURE; + wsz = XSTRLEN((const char*)buff); + if (wolfSSL_BIO_write(out, buff + idx, wsz) < 0) + return WOLFSSL_FAILURE; + if (wolfSSL_BIO_write(out, " bit)\n", sizeof(" bit)\n") - 1) < 0) + return WOLFSSL_FAILURE; /* print pub element */ Indent(out, indent); - wolfSSL_BIO_write(out, "pub:\n", sizeof("pub:\n") - 1); - DumpElement(out, y, ySz, indent + 4); + if (wolfSSL_BIO_write(out, "pub:\n", sizeof("pub:\n") - 1) < 0) + return WOLFSSL_FAILURE; + if (DumpElement(out, y, ySz, indent + 4) != WOLFSSL_SUCCESS) + return WOLFSSL_FAILURE; /* print P element */ Indent(out, indent); - wolfSSL_BIO_write(out, "P:\n", sizeof("P:\n") - 1); - DumpElement(out, p, pSz, indent + 4); + if (wolfSSL_BIO_write(out, "P:\n", sizeof("P:\n") - 1) < 0) + return WOLFSSL_FAILURE; + if (DumpElement(out, p, pSz, indent + 4) != WOLFSSL_SUCCESS) + return WOLFSSL_FAILURE; /* print Q element */ Indent(out, indent); - wolfSSL_BIO_write(out, "Q:\n", sizeof("Q:\n") - 1); - DumpElement(out, q, qSz, indent + 4); + if (wolfSSL_BIO_write(out, "Q:\n", sizeof("Q:\n") - 1) < 0) + return WOLFSSL_FAILURE; + if (DumpElement(out, q, qSz, indent + 4) != WOLFSSL_SUCCESS) + return WOLFSSL_FAILURE; /* print G element */ Indent(out, indent); - wolfSSL_BIO_write(out, "G:\n", sizeof("G:\n") - 1); - DumpElement(out, g, gSz, indent + 4); + if (wolfSSL_BIO_write(out, "G:\n", sizeof("G:\n") - 1) < 0) + return WOLFSSL_FAILURE; + if (DumpElement(out, g, gSz, indent + 4) != WOLFSSL_SUCCESS) + return WOLFSSL_FAILURE; return WOLFSSL_SUCCESS; } +#endif /* !NO_DSA */ + +#if defined(WOLFSSL_DH_EXTRA) /* PrintPubKeyDH is a helper function for wolfSSL_EVP_PKEY_print_public * to parse a DER format DH public key specified in the second parameter. * Returns 1 on success, 0 on failure. @@ -7399,6 +7437,10 @@ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, int wsz; word32 outSz; byte outHex[3]; + mp_int a; + + if( mp_init(&a) != 0) + return WOLFSSL_FAILURE; inOutIdx = 0; (void)pctx; @@ -7471,42 +7513,65 @@ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, /* print elements */ idx = 0; Indent(out, indent); - wolfSSL_BIO_write(out, "DH Public-Key: (", - sizeof("DH Public-Key: (") - 1); + if (wolfSSL_BIO_write(out, "DH Public-Key: (", + sizeof("DH Public-Key: (") - 1) < 0) + return WOLFSSL_FAILURE; - wsz = ToDec(bitlen, buff + idx, sizeof(buff) - idx); - wolfSSL_BIO_write(out, buff + idx, wsz); - wolfSSL_BIO_write(out, " bit)\n", sizeof(" bit)\n") - 1); + if (mp_set_int(&a, bitlen) != 0) + return WOLFSSL_FAILURE; + if (mp_todecimal(&a, (char*)buff) != 0) + return WOLFSSL_FAILURE; + wsz = XSTRLEN((const char*)buff); + if (wolfSSL_BIO_write(out, buff + idx, wsz) < 0) + return WOLFSSL_FAILURE; + if (wolfSSL_BIO_write(out, " bit)\n", sizeof(" bit)\n") - 1) < 0) + return WOLFSSL_FAILURE; Indent(out, indent); - wolfSSL_BIO_write(out, "public-key:\n", sizeof("public-key:\n") - 1); - DumpElement(out, publicKey, publicKeySz, indent + 4); - + if (wolfSSL_BIO_write(out, "public-key:\n", + sizeof("public-key:\n") - 1) < 0) + return WOLFSSL_FAILURE; + if (DumpElement(out, publicKey, publicKeySz, indent + 4) + != WOLFSSL_SUCCESS) + return WOLFSSL_FAILURE; Indent(out, indent); - wolfSSL_BIO_write(out, "prime:\n", sizeof("prime:\n") - 1); - DumpElement(out, prime, primeSz, indent + 4); + if (wolfSSL_BIO_write(out, "prime:\n", sizeof("prime:\n") - 1) < 0) + return WOLFSSL_FAILURE; + if (DumpElement(out, prime, primeSz, indent + 4) != WOLFSSL_SUCCESS) + return WOLFSSL_FAILURE; idx = 0; XMEMSET(buff, 0, sizeof(buff)); Indent(out, indent); - wolfSSL_BIO_write(out, "generator: ", sizeof("generator: ") - 1); - wsz = ToDec(generator, buff + idx, sizeof(buff) - idx); - wolfSSL_BIO_write(out, buff + idx, wsz); - wolfSSL_BIO_write(out, " (0x", sizeof(" (0x") - 1); + if (wolfSSL_BIO_write(out, "generator: ", sizeof("generator: ") - 1) < 0) + return WOLFSSL_FAILURE; + if (mp_set_int(&a, generator) != 0) + return WOLFSSL_FAILURE; + if (mp_todecimal(&a, (char*)buff) != 0) + return WOLFSSL_FAILURE; + wsz = XSTRLEN((const char*)buff); + if (wolfSSL_BIO_write(out, buff + idx, wsz) < 0) + return WOLFSSL_FAILURE; + if (wolfSSL_BIO_write(out, " (0x", sizeof(" (0x") - 1) < 0) + return WOLFSSL_FAILURE; idx = 0; XMEMSET(buff, 0, sizeof(buff)); outSz = sizeof(outHex); - Base16_Encode((const byte*)&generator, 1, outHex, &outSz ); + if (Base16_Encode((const byte*)&generator, 1, outHex, &outSz ) != 0) + return WOLFSSL_FAILURE; if (idx + 2 < (int)sizeof(buff) ) { XMEMCPY(buff + idx, outHex, 2); idx += 2; } - wolfSSL_BIO_write(out, buff, idx); - wolfSSL_BIO_write(out, ")\n", sizeof(")\n") -1); + if (wolfSSL_BIO_write(out, buff, idx) < 0 ) + return WOLFSSL_FAILURE; + if (wolfSSL_BIO_write(out, ")\n", sizeof(")\n") -1) < 0) + return WOLFSSL_FAILURE; return WOLFSSL_SUCCESS; } +#endif /* WOLFSSL_DH_EXTRA */ /* wolfSSL_EVP_PKEY_print_public parses the specified key then * outputs public key info in human readable format to the specified BIO. @@ -7535,6 +7600,7 @@ int wolfSSL_EVP_PKEY_print_public(WOLFSSL_BIO* out, switch (pkey->type) { case EVP_PKEY_RSA: +#if !defined(NO_RSA) keybits = wolfSSL_EVP_PKEY_size((WOLFSSL_EVP_PKEY*)pkey) * 8; res = PrintPubKeyRSA( out, @@ -7543,6 +7609,9 @@ int wolfSSL_EVP_PKEY_print_public(WOLFSSL_BIO* out, indent, /* indent size */ keybits, /* bit length of the key */ pctx); /* not used */ +#else + res = -2; /* not supported algo */ +#endif break; case EVP_PKEY_EC: @@ -7563,6 +7632,7 @@ int wolfSSL_EVP_PKEY_print_public(WOLFSSL_BIO* out, case EVP_PKEY_DSA: +#if !defined(NO_DSA) keybits = wolfSSL_EVP_PKEY_size((WOLFSSL_EVP_PKEY*)pkey) * 8; res = PrintPubKeyDSA( out, @@ -7572,9 +7642,11 @@ int wolfSSL_EVP_PKEY_print_public(WOLFSSL_BIO* out, keybits, /* bit length of the key */ pctx); /* not used */ break; - +#else + res = -2; /* not supported algo */ +#endif case EVP_PKEY_DH: - +#if defined(WOLFSSL_DH_EXTRA) keybits = wolfSSL_EVP_PKEY_size((WOLFSSL_EVP_PKEY*)pkey) * 8; res = PrintPubKeyDH( out, @@ -7584,6 +7656,9 @@ int wolfSSL_EVP_PKEY_print_public(WOLFSSL_BIO* out, keybits, /* bit length of the key */ pctx); /* not used */ break; +#else + res = -2; /* not supported algo */ +#endif default: res = -2; /* not supported algo */ From 5887c2f2e24dbc75f638e5137a25f30a7e639553 Mon Sep 17 00:00:00 2001 From: TakayukiMatsuo Date: Fri, 26 Mar 2021 04:45:10 +0900 Subject: [PATCH 20/29] Fix fall through. --- wolfcrypt/src/evp.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 555d79fd43..9017cb01da 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -7641,11 +7641,13 @@ int wolfSSL_EVP_PKEY_print_public(WOLFSSL_BIO* out, indent, /* indent size */ keybits, /* bit length of the key */ pctx); /* not used */ - break; #else res = -2; /* not supported algo */ #endif + break; + case EVP_PKEY_DH: + #if defined(WOLFSSL_DH_EXTRA) keybits = wolfSSL_EVP_PKEY_size((WOLFSSL_EVP_PKEY*)pkey) * 8; res = PrintPubKeyDH( @@ -7655,13 +7657,14 @@ int wolfSSL_EVP_PKEY_print_public(WOLFSSL_BIO* out, indent, /* indent size */ keybits, /* bit length of the key */ pctx); /* not used */ - break; #else res = -2; /* not supported algo */ #endif + break; default: res = -2; /* not supported algo */ + break; } return res; } From 4460180214e9a394e5ceede61d95d98d80c9c7e5 Mon Sep 17 00:00:00 2001 From: TakayukiMatsuo Date: Fri, 26 Mar 2021 08:18:16 +0900 Subject: [PATCH 21/29] Fix implicit conv error. --- wolfcrypt/src/evp.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 9017cb01da..20d2f7c533 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -7048,7 +7048,7 @@ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, return WOLFSSL_FAILURE; if (mp_todecimal(&a, (char*)buff) != 0) return WOLFSSL_FAILURE; - wsz = XSTRLEN((const char*)buff); + wsz = (int)XSTRLEN((const char*)buff); if (wolfSSL_BIO_write(out, buff + idx, wsz) < 0) return WOLFSSL_FAILURE; @@ -7080,7 +7080,7 @@ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, return WOLFSSL_FAILURE; if (mp_todecimal(&a, (char*)buff) != 0) return WOLFSSL_FAILURE; - wsz = XSTRLEN((const char*)buff); + wsz = (int)XSTRLEN((const char*)buff); if (wolfSSL_BIO_write(out, buff + idx, wsz) < 0) return WOLFSSL_FAILURE; @@ -7217,7 +7217,7 @@ static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, return WOLFSSL_FAILURE; if (mp_todecimal(&a, (char*)buff) != 0) return WOLFSSL_FAILURE; - wsz = XSTRLEN((const char*)buff); + wsz = (int)XSTRLEN((const char*)buff); if (wolfSSL_BIO_write(out, buff + idx, wsz) < 0) return WOLFSSL_FAILURE; if (wolfSSL_BIO_write(out, " bit)\n", sizeof(" bit)\n") - 1) < 0) @@ -7376,7 +7376,7 @@ static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, return WOLFSSL_FAILURE; if (mp_todecimal(&a, (char*)buff) != 0) return WOLFSSL_FAILURE; - wsz = XSTRLEN((const char*)buff); + wsz = (int)XSTRLEN((const char*)buff); if (wolfSSL_BIO_write(out, buff + idx, wsz) < 0) return WOLFSSL_FAILURE; if (wolfSSL_BIO_write(out, " bit)\n", sizeof(" bit)\n") - 1) < 0) @@ -7521,7 +7521,7 @@ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, return WOLFSSL_FAILURE; if (mp_todecimal(&a, (char*)buff) != 0) return WOLFSSL_FAILURE; - wsz = XSTRLEN((const char*)buff); + wsz = (int)XSTRLEN((const char*)buff); if (wolfSSL_BIO_write(out, buff + idx, wsz) < 0) return WOLFSSL_FAILURE; if (wolfSSL_BIO_write(out, " bit)\n", sizeof(" bit)\n") - 1) < 0) @@ -7549,7 +7549,7 @@ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, return WOLFSSL_FAILURE; if (mp_todecimal(&a, (char*)buff) != 0) return WOLFSSL_FAILURE; - wsz = XSTRLEN((const char*)buff); + wsz = (int)XSTRLEN((const char*)buff); if (wolfSSL_BIO_write(out, buff + idx, wsz) < 0) return WOLFSSL_FAILURE; if (wolfSSL_BIO_write(out, " (0x", sizeof(" (0x") - 1) < 0) From 56b1406a3085c4a45f4cbb73dd6f4e503535e9da Mon Sep 17 00:00:00 2001 From: TakayukiMatsuo Date: Tue, 30 Mar 2021 00:18:40 +0900 Subject: [PATCH 22/29] Fix to call wc_FreeDhKey only after wc_InitDhKey succeeds. --- src/ssl.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/ssl.c b/src/ssl.c index 558998bf0f..08505ca8e2 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -7947,6 +7947,8 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** out, } wolfSSL_EVP_PKEY_free(pkey); } + else + wc_FreeDhKey(&dh); } #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ #endif /* !NO_DH && OPENSSL_EXTRA && WOLFSSL_DH_EXTRA */ From 1a4adab52ef230f9e61983f4b97f53b6a0341d29 Mon Sep 17 00:00:00 2001 From: TakayukiMatsuo Date: Fri, 16 Apr 2021 10:05:48 +0900 Subject: [PATCH 23/29] Changed DumpElement() so that the allocated buffer is freed in the WOLFSSL_SMALL_STACK build case. --- wolfcrypt/src/evp.c | 156 +++++++++++++++++++++++--------------------- 1 file changed, 80 insertions(+), 76 deletions(-) diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 20d2f7c533..1398eb6936 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -6846,7 +6846,7 @@ static int DumpElement(WOLFSSL_BIO* out, const byte* input, #else byte buff[EVP_PKEY_PRINT_LINE_WIDTH_MAX] = { 0 }; #endif /* WOLFSSL_SMALL_STACK */ - + int ret = WOLFSSL_SUCCESS; word32 in = 0; word32 i; int idx; @@ -6881,16 +6881,17 @@ static int DumpElement(WOLFSSL_BIO* out, const byte* input, /* print pub element */ - while (line) { + while (line && ret == WOLFSSL_SUCCESS) { idx = 0; Indent(out, indent); - for (i = 0; i < 15; i++) { /* 15 byte per line*/ + for (i = 0; i < 15 && ret == WOLFSSL_SUCCESS; i++) { outSz = sizeof(outHex); - if (Base16_Encode((const byte*)&point[in++], 1, outHex, &outSz ) != 0) - return WOLFSSL_FAILURE; - - if (idx + 3 0; + if (ret == WOLFSSL_SUCCESS) + ret = wolfSSL_BIO_write(out, "\n", 1) > 0; + if (ret == WOLFSSL_SUCCESS) { + XMEMSET(buff, 0, EVP_PKEY_PRINT_LINE_WIDTH_MAX); + line--; + } } idx = 0; Indent(out, indent); - for (i = 0; i < left; i++) { + for (i = 0; i < left && ret == WOLFSSL_SUCCESS; i++) { outSz = sizeof(outHex); - if (Base16_Encode((const byte*)&point[in++], 1, outHex, &outSz) != 0) - return WOLFSSL_FAILURE; + if (ret == WOLFSSL_SUCCESS) + ret = Base16_Encode((const byte*)&point[in++], 1, outHex, &outSz) + == 0; + if (ret == WOLFSSL_SUCCESS) { + XMEMCPY(buff + idx, outHex, 2); + idx += 2; - XMEMCPY(buff + idx, outHex, 2); - idx += 2; - - if (i != left - 1) { - wsz = 1; - if (idx + wsz <= EVP_PKEY_PRINT_LINE_WIDTH_MAX) { - XMEMSET(buff + idx, ':', wsz); - idx += wsz; + if (i != left - 1) { + wsz = 1; + if (idx + wsz <= EVP_PKEY_PRINT_LINE_WIDTH_MAX) { + XMEMSET(buff + idx, ':', wsz); + idx += wsz; + } } } } - - if (wolfSSL_BIO_write(out, buff, idx) < 0) - return WOLFSSL_FAILURE; - if (wolfSSL_BIO_write(out, "\n", 1) < 0) - return WOLFSSL_FAILURE; + if (ret == WOLFSSL_SUCCESS) + ret = wolfSSL_BIO_write(out, buff, idx) > 0; + if (ret == WOLFSSL_SUCCESS) + ret = wolfSSL_BIO_write(out, "\n", 1) > 0; #ifdef WOLFSSL_SMALL_STACK XFREE(buff, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif - return WOLFSSL_SUCCESS; + return ret; } #if !defined(NO_RSA) /* PrintPubKeyRSA is a helper function for wolfSSL_EVP_PKEY_print_public @@ -7014,7 +7018,7 @@ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, if (tag != ASN_INTEGER) return WOLFSSL_FAILURE; - if (GetLength(pkey, &inOutIdx, &length, pkeySz) < 0) + if (GetLength(pkey, &inOutIdx, &length, pkeySz) <= 0) return WOLFSSL_FAILURE; nSz = length; @@ -7029,7 +7033,7 @@ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, if (tag != ASN_INTEGER) return WOLFSSL_FAILURE; - if (GetLength(pkey, &inOutIdx, &length, pkeySz) < 0) + if (GetLength(pkey, &inOutIdx, &length, pkeySz) <= 0) return WOLFSSL_FAILURE; @@ -7041,7 +7045,7 @@ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, XMEMSET(buff, 0, sizeof(buff)); Indent(out, indent); if (wolfSSL_BIO_write(out, "RSA Public-Key: (", - sizeof("RSA Public-Key: (") -1) < 0) + XSTRLEN("RSA Public-Key: (")) <= 0) return WOLFSSL_FAILURE; if (mp_set_int(&a, bitlen) != 0) @@ -7050,15 +7054,15 @@ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, return WOLFSSL_FAILURE; wsz = (int)XSTRLEN((const char*)buff); - if (wolfSSL_BIO_write(out, buff + idx, wsz) < 0) + if (wolfSSL_BIO_write(out, buff + idx, wsz) <= 0) return WOLFSSL_FAILURE; - if (wolfSSL_BIO_write(out, " bit)\n", sizeof(" bit)\n") -1) < 0) + if (wolfSSL_BIO_write(out, " bit)\n", XSTRLEN(" bit)\n")) <= 0) return WOLFSSL_FAILURE; /* print Modulus */ Indent(out, indent); - if (wolfSSL_BIO_write(out, "Modulus:\n", sizeof("Modulus:\n") -1) < 0) + if (wolfSSL_BIO_write(out, "Modulus:\n", XSTRLEN("Modulus:\n")) <= 0) return WOLFSSL_FAILURE; if (DumpElement(out, n, nSz, indent + 4) != WOLFSSL_SUCCESS) @@ -7067,7 +7071,7 @@ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, /* print public Exponent */ idx = 0; Indent(out, indent); - if (wolfSSL_BIO_write(out, "Exponent: ", sizeof("Exponent: ") -1) < 0) + if (wolfSSL_BIO_write(out, "Exponent: ", XSTRLEN("Exponent: ")) <= 0) return WOLFSSL_FAILURE; for (i = 0; i < eSz; i++) { @@ -7082,10 +7086,10 @@ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, return WOLFSSL_FAILURE; wsz = (int)XSTRLEN((const char*)buff); - if (wolfSSL_BIO_write(out, buff + idx, wsz) < 0) + if (wolfSSL_BIO_write(out, buff + idx, wsz) <= 0) return WOLFSSL_FAILURE; - if (wolfSSL_BIO_write(out, " (0x", sizeof(" (0x") -1) < 0) + if (wolfSSL_BIO_write(out, " (0x", XSTRLEN(" (0x")) <= 0) return WOLFSSL_FAILURE; idx = 0; @@ -7101,10 +7105,10 @@ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, } } - if (wolfSSL_BIO_write(out, buff, idx) < 0) + if (wolfSSL_BIO_write(out, buff, idx) <= 0) return WOLFSSL_FAILURE; - if (wolfSSL_BIO_write(out, ")\n", sizeof(")\n") -1) < 0) + if (wolfSSL_BIO_write(out, ")\n", XSTRLEN(")\n")) <= 0) return WOLFSSL_FAILURE; return WOLFSSL_SUCCESS; @@ -7210,7 +7214,7 @@ static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, Indent(out, indent); if (wolfSSL_BIO_write(out, "Public-Key: (", - sizeof("Public-Key: (") - 1) < 0) + XSTRLEN("Public-Key: (")) < 0) return WOLFSSL_FAILURE; if (mp_set_int(&a, bitlen) != 0) @@ -7218,14 +7222,14 @@ static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, if (mp_todecimal(&a, (char*)buff) != 0) return WOLFSSL_FAILURE; wsz = (int)XSTRLEN((const char*)buff); - if (wolfSSL_BIO_write(out, buff + idx, wsz) < 0) + if (wolfSSL_BIO_write(out, buff + idx, wsz) <= 0) return WOLFSSL_FAILURE; - if (wolfSSL_BIO_write(out, " bit)\n", sizeof(" bit)\n") - 1) < 0) + if (wolfSSL_BIO_write(out, " bit)\n", XSTRLEN(" bit)\n")) <= 0) return WOLFSSL_FAILURE; /* print pub element */ Indent(out, indent); - if (wolfSSL_BIO_write(out, "pub:\n", sizeof("pub:\n") - 1) < 0) + if (wolfSSL_BIO_write(out, "pub:\n", XSTRLEN("pub:\n")) <= 0) return WOLFSSL_FAILURE; if (DumpElement(out, pkey + pointIdx, pointSz, indent + 4) != WOLFSSL_SUCCESS) @@ -7233,11 +7237,11 @@ static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, /* print OID in name */ Indent(out, indent); - if (wolfSSL_BIO_write(out, "ASN1 OID: ", sizeof("ASN1 OID: ") - 1) < 0) + if (wolfSSL_BIO_write(out, "ASN1 OID: ", XSTRLEN("ASN1 OID: ")) <= 0) return WOLFSSL_FAILURE; if (OIDName && XSTRLEN(OIDName) > 0) { - if (wolfSSL_BIO_write(out, OIDName, (int)XSTRLEN(OIDName)) < 0) + if (wolfSSL_BIO_write(out, OIDName, (int)XSTRLEN(OIDName)) <= 0) return WOLFSSL_FAILURE; if (wolfSSL_BIO_write(out, "\n", 1) < 0) return WOLFSSL_FAILURE; @@ -7245,13 +7249,13 @@ static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, /* print NIST curve name */ Indent(out, indent); - if (wolfSSL_BIO_write(out, "NIST CURVE: ", sizeof("NIST CURVE: ") -1) < 0) + if (wolfSSL_BIO_write(out, "NIST CURVE: ", XSTRLEN("NIST CURVE: ")) <= 0) return WOLFSSL_FAILURE; if (nistCurveName && XSTRLEN(nistCurveName) > 0) { - if (wolfSSL_BIO_write(out, nistCurveName, (int)XSTRLEN(nistCurveName)) < 0) + if (wolfSSL_BIO_write(out, nistCurveName, (int)XSTRLEN(nistCurveName)) <= 0) return WOLFSSL_FAILURE; - if (wolfSSL_BIO_write(out, "\n", 1) < 0) + if (wolfSSL_BIO_write(out, "\n", 1) <= 0) return WOLFSSL_FAILURE; } @@ -7308,7 +7312,7 @@ static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, return WOLFSSL_FAILURE; if (tagFound != ASN_INTEGER) return WOLFSSL_FAILURE; - if (GetLength(pkey, &inOutIdx, &length, pkeySz) < 0) + if (GetLength(pkey, &inOutIdx, &length, pkeySz) <= 0) return WOLFSSL_FAILURE; p = (byte*)(pkey + inOutIdx); @@ -7327,7 +7331,7 @@ static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, return WOLFSSL_FAILURE; if (tagFound != ASN_INTEGER) return WOLFSSL_FAILURE; - if (GetLength(pkey, &inOutIdx, &length, pkeySz) < 0) + if (GetLength(pkey, &inOutIdx, &length, pkeySz) <= 0) return WOLFSSL_FAILURE; q = (byte*)(pkey + inOutIdx); @@ -7339,7 +7343,7 @@ static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, return WOLFSSL_FAILURE; if (tagFound != ASN_INTEGER) return WOLFSSL_FAILURE; - if (GetLength(pkey, &inOutIdx, &length, pkeySz) < 0) + if (GetLength(pkey, &inOutIdx, &length, pkeySz) <= 0) return WOLFSSL_FAILURE; g = (byte*)(pkey + inOutIdx); @@ -7350,7 +7354,7 @@ static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, return WOLFSSL_FAILURE; if (tagFound != ASN_BIT_STRING) return WOLFSSL_FAILURE; - if (GetLength(pkey, &inOutIdx, &length, pkeySz) < 0) + if (GetLength(pkey, &inOutIdx, &length, pkeySz) <= 0) return WOLFSSL_FAILURE; inOutIdx++; /* skip the first byte( unused byte number)*/ @@ -7359,7 +7363,7 @@ static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, return WOLFSSL_FAILURE; if (tagFound != ASN_INTEGER) return WOLFSSL_FAILURE; - if (GetLength(pkey, &inOutIdx, &length, pkeySz) < 0) + if (GetLength(pkey, &inOutIdx, &length, pkeySz) <= 0) return WOLFSSL_FAILURE; y = (byte*)(pkey + inOutIdx); @@ -7369,7 +7373,7 @@ static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, XMEMSET(buff, 0, sizeof(buff)); Indent(out, indent); if (wolfSSL_BIO_write(out, "DSA Public-Key: (", - sizeof("DSA Public-Key: (") -1) < 0) + XSTRLEN("DSA Public-Key: (")) <= 0) return WOLFSSL_FAILURE; if (mp_set_int(&a, bitlen) != 0) @@ -7377,35 +7381,35 @@ static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, if (mp_todecimal(&a, (char*)buff) != 0) return WOLFSSL_FAILURE; wsz = (int)XSTRLEN((const char*)buff); - if (wolfSSL_BIO_write(out, buff + idx, wsz) < 0) + if (wolfSSL_BIO_write(out, buff + idx, wsz) <= 0) return WOLFSSL_FAILURE; - if (wolfSSL_BIO_write(out, " bit)\n", sizeof(" bit)\n") - 1) < 0) + if (wolfSSL_BIO_write(out, " bit)\n", XSTRLEN(" bit)\n")) <= 0) return WOLFSSL_FAILURE; /* print pub element */ Indent(out, indent); - if (wolfSSL_BIO_write(out, "pub:\n", sizeof("pub:\n") - 1) < 0) + if (wolfSSL_BIO_write(out, "pub:\n", XSTRLEN("pub:\n")) <= 0) return WOLFSSL_FAILURE; if (DumpElement(out, y, ySz, indent + 4) != WOLFSSL_SUCCESS) return WOLFSSL_FAILURE; /* print P element */ Indent(out, indent); - if (wolfSSL_BIO_write(out, "P:\n", sizeof("P:\n") - 1) < 0) + if (wolfSSL_BIO_write(out, "P:\n", XSTRLEN("P:\n")) <= 0) return WOLFSSL_FAILURE; if (DumpElement(out, p, pSz, indent + 4) != WOLFSSL_SUCCESS) return WOLFSSL_FAILURE; /* print Q element */ Indent(out, indent); - if (wolfSSL_BIO_write(out, "Q:\n", sizeof("Q:\n") - 1) < 0) + if (wolfSSL_BIO_write(out, "Q:\n", XSTRLEN("Q:\n")) <= 0) return WOLFSSL_FAILURE; if (DumpElement(out, q, qSz, indent + 4) != WOLFSSL_SUCCESS) return WOLFSSL_FAILURE; /* print G element */ Indent(out, indent); - if (wolfSSL_BIO_write(out, "G:\n", sizeof("G:\n") - 1) < 0) + if (wolfSSL_BIO_write(out, "G:\n", XSTRLEN("G:\n")) <= 0) return WOLFSSL_FAILURE; if (DumpElement(out, g, gSz, indent + 4) != WOLFSSL_SUCCESS) return WOLFSSL_FAILURE; @@ -7464,7 +7468,7 @@ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, return WOLFSSL_FAILURE; if (tagFound != ASN_INTEGER) return WOLFSSL_FAILURE; - if (GetLength(pkey, &inOutIdx, (int*)&length, pkeySz) < 0) + if (GetLength(pkey, &inOutIdx, (int*)&length, pkeySz) <= 0) return WOLFSSL_FAILURE; prime = (byte*)(pkey + inOutIdx); @@ -7476,7 +7480,7 @@ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, return WOLFSSL_FAILURE; if (tagFound != ASN_INTEGER) return WOLFSSL_FAILURE; - if (GetLength(pkey, &inOutIdx, (int*)&length, pkeySz) < 0) + if (GetLength(pkey, &inOutIdx, (int*)&length, pkeySz) <= 0) return WOLFSSL_FAILURE; if (length != 1) return WOLFSSL_FAILURE; @@ -7489,7 +7493,7 @@ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, return WOLFSSL_FAILURE; if (tagFound != ASN_BIT_STRING) return WOLFSSL_FAILURE; - if (GetLength(pkey, &inOutIdx, (int*)&length, pkeySz) < 0) + if (GetLength(pkey, &inOutIdx, (int*)&length, pkeySz) <= 0) return WOLFSSL_FAILURE; inOutIdx ++; @@ -7497,7 +7501,7 @@ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, return WOLFSSL_FAILURE; if (tagFound != ASN_INTEGER) return WOLFSSL_FAILURE; - if (GetLength(pkey, &inOutIdx, (int*)&length, pkeySz) < 0) + if (GetLength(pkey, &inOutIdx, (int*)&length, pkeySz) <= 0) return WOLFSSL_FAILURE; publicKeySz = length; @@ -7514,7 +7518,7 @@ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, idx = 0; Indent(out, indent); if (wolfSSL_BIO_write(out, "DH Public-Key: (", - sizeof("DH Public-Key: (") - 1) < 0) + XSTRLEN("DH Public-Key: (")) < 0) return WOLFSSL_FAILURE; if (mp_set_int(&a, bitlen) != 0) @@ -7522,20 +7526,20 @@ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, if (mp_todecimal(&a, (char*)buff) != 0) return WOLFSSL_FAILURE; wsz = (int)XSTRLEN((const char*)buff); - if (wolfSSL_BIO_write(out, buff + idx, wsz) < 0) + if (wolfSSL_BIO_write(out, buff + idx, wsz) <= 0) return WOLFSSL_FAILURE; - if (wolfSSL_BIO_write(out, " bit)\n", sizeof(" bit)\n") - 1) < 0) + if (wolfSSL_BIO_write(out, " bit)\n", XSTRLEN(" bit)\n")) <= 0) return WOLFSSL_FAILURE; Indent(out, indent); if (wolfSSL_BIO_write(out, "public-key:\n", - sizeof("public-key:\n") - 1) < 0) + XSTRLEN("public-key:\n")) <= 0) return WOLFSSL_FAILURE; if (DumpElement(out, publicKey, publicKeySz, indent + 4) != WOLFSSL_SUCCESS) return WOLFSSL_FAILURE; Indent(out, indent); - if (wolfSSL_BIO_write(out, "prime:\n", sizeof("prime:\n") - 1) < 0) + if (wolfSSL_BIO_write(out, "prime:\n", XSTRLEN("prime:\n")) <= 0) return WOLFSSL_FAILURE; if (DumpElement(out, prime, primeSz, indent + 4) != WOLFSSL_SUCCESS) return WOLFSSL_FAILURE; @@ -7543,16 +7547,16 @@ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, idx = 0; XMEMSET(buff, 0, sizeof(buff)); Indent(out, indent); - if (wolfSSL_BIO_write(out, "generator: ", sizeof("generator: ") - 1) < 0) + if (wolfSSL_BIO_write(out, "generator: ", XSTRLEN("generator: ")) <= 0) return WOLFSSL_FAILURE; if (mp_set_int(&a, generator) != 0) return WOLFSSL_FAILURE; if (mp_todecimal(&a, (char*)buff) != 0) return WOLFSSL_FAILURE; wsz = (int)XSTRLEN((const char*)buff); - if (wolfSSL_BIO_write(out, buff + idx, wsz) < 0) + if (wolfSSL_BIO_write(out, buff + idx, wsz) <= 0) return WOLFSSL_FAILURE; - if (wolfSSL_BIO_write(out, " (0x", sizeof(" (0x") - 1) < 0) + if (wolfSSL_BIO_write(out, " (0x", XSTRLEN(" (0x")) <= 0) return WOLFSSL_FAILURE; idx = 0; @@ -7564,9 +7568,9 @@ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, XMEMCPY(buff + idx, outHex, 2); idx += 2; } - if (wolfSSL_BIO_write(out, buff, idx) < 0 ) + if (wolfSSL_BIO_write(out, buff, idx) <= 0 ) return WOLFSSL_FAILURE; - if (wolfSSL_BIO_write(out, ")\n", sizeof(")\n") -1) < 0) + if (wolfSSL_BIO_write(out, ")\n", XSTRLEN(")\n")) <= 0) return WOLFSSL_FAILURE; return WOLFSSL_SUCCESS; From 95531880995ddc52a18172c472bb0b1d90b6961e Mon Sep 17 00:00:00 2001 From: TakayukiMatsuo Date: Fri, 16 Apr 2021 11:51:58 +0900 Subject: [PATCH 24/29] Added type cast to the parm of wolfSSL_BIO_write. --- wolfcrypt/src/evp.c | 46 ++++++++++++++++++++++----------------------- 1 file changed, 23 insertions(+), 23 deletions(-) diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 1398eb6936..aafe2cb182 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -7045,7 +7045,7 @@ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, XMEMSET(buff, 0, sizeof(buff)); Indent(out, indent); if (wolfSSL_BIO_write(out, "RSA Public-Key: (", - XSTRLEN("RSA Public-Key: (")) <= 0) + (int)XSTRLEN("RSA Public-Key: (")) <= 0) return WOLFSSL_FAILURE; if (mp_set_int(&a, bitlen) != 0) @@ -7057,12 +7057,12 @@ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, if (wolfSSL_BIO_write(out, buff + idx, wsz) <= 0) return WOLFSSL_FAILURE; - if (wolfSSL_BIO_write(out, " bit)\n", XSTRLEN(" bit)\n")) <= 0) + if (wolfSSL_BIO_write(out, " bit)\n", (int)XSTRLEN(" bit)\n")) <= 0) return WOLFSSL_FAILURE; /* print Modulus */ Indent(out, indent); - if (wolfSSL_BIO_write(out, "Modulus:\n", XSTRLEN("Modulus:\n")) <= 0) + if (wolfSSL_BIO_write(out, "Modulus:\n", (int)XSTRLEN("Modulus:\n")) <= 0) return WOLFSSL_FAILURE; if (DumpElement(out, n, nSz, indent + 4) != WOLFSSL_SUCCESS) @@ -7071,7 +7071,7 @@ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, /* print public Exponent */ idx = 0; Indent(out, indent); - if (wolfSSL_BIO_write(out, "Exponent: ", XSTRLEN("Exponent: ")) <= 0) + if (wolfSSL_BIO_write(out, "Exponent: ", (int)XSTRLEN("Exponent: ")) <= 0) return WOLFSSL_FAILURE; for (i = 0; i < eSz; i++) { @@ -7089,7 +7089,7 @@ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, if (wolfSSL_BIO_write(out, buff + idx, wsz) <= 0) return WOLFSSL_FAILURE; - if (wolfSSL_BIO_write(out, " (0x", XSTRLEN(" (0x")) <= 0) + if (wolfSSL_BIO_write(out, " (0x", (int)XSTRLEN(" (0x")) <= 0) return WOLFSSL_FAILURE; idx = 0; @@ -7108,7 +7108,7 @@ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, if (wolfSSL_BIO_write(out, buff, idx) <= 0) return WOLFSSL_FAILURE; - if (wolfSSL_BIO_write(out, ")\n", XSTRLEN(")\n")) <= 0) + if (wolfSSL_BIO_write(out, ")\n", (int)XSTRLEN(")\n")) <= 0) return WOLFSSL_FAILURE; return WOLFSSL_SUCCESS; @@ -7214,7 +7214,7 @@ static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, Indent(out, indent); if (wolfSSL_BIO_write(out, "Public-Key: (", - XSTRLEN("Public-Key: (")) < 0) + (int)XSTRLEN("Public-Key: (")) < 0) return WOLFSSL_FAILURE; if (mp_set_int(&a, bitlen) != 0) @@ -7224,12 +7224,12 @@ static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, wsz = (int)XSTRLEN((const char*)buff); if (wolfSSL_BIO_write(out, buff + idx, wsz) <= 0) return WOLFSSL_FAILURE; - if (wolfSSL_BIO_write(out, " bit)\n", XSTRLEN(" bit)\n")) <= 0) + if (wolfSSL_BIO_write(out, " bit)\n", (int)XSTRLEN(" bit)\n")) <= 0) return WOLFSSL_FAILURE; /* print pub element */ Indent(out, indent); - if (wolfSSL_BIO_write(out, "pub:\n", XSTRLEN("pub:\n")) <= 0) + if (wolfSSL_BIO_write(out, "pub:\n", (int)XSTRLEN("pub:\n")) <= 0) return WOLFSSL_FAILURE; if (DumpElement(out, pkey + pointIdx, pointSz, indent + 4) != WOLFSSL_SUCCESS) @@ -7237,7 +7237,7 @@ static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, /* print OID in name */ Indent(out, indent); - if (wolfSSL_BIO_write(out, "ASN1 OID: ", XSTRLEN("ASN1 OID: ")) <= 0) + if (wolfSSL_BIO_write(out, "ASN1 OID: ", (int)XSTRLEN("ASN1 OID: ")) <= 0) return WOLFSSL_FAILURE; if (OIDName && XSTRLEN(OIDName) > 0) { @@ -7249,7 +7249,7 @@ static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, /* print NIST curve name */ Indent(out, indent); - if (wolfSSL_BIO_write(out, "NIST CURVE: ", XSTRLEN("NIST CURVE: ")) <= 0) + if (wolfSSL_BIO_write(out, "NIST CURVE: ", (int)XSTRLEN("NIST CURVE: ")) <= 0) return WOLFSSL_FAILURE; if (nistCurveName && XSTRLEN(nistCurveName) > 0) { @@ -7373,7 +7373,7 @@ static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, XMEMSET(buff, 0, sizeof(buff)); Indent(out, indent); if (wolfSSL_BIO_write(out, "DSA Public-Key: (", - XSTRLEN("DSA Public-Key: (")) <= 0) + (int)XSTRLEN("DSA Public-Key: (")) <= 0) return WOLFSSL_FAILURE; if (mp_set_int(&a, bitlen) != 0) @@ -7383,33 +7383,33 @@ static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, wsz = (int)XSTRLEN((const char*)buff); if (wolfSSL_BIO_write(out, buff + idx, wsz) <= 0) return WOLFSSL_FAILURE; - if (wolfSSL_BIO_write(out, " bit)\n", XSTRLEN(" bit)\n")) <= 0) + if (wolfSSL_BIO_write(out, " bit)\n", (int)XSTRLEN(" bit)\n")) <= 0) return WOLFSSL_FAILURE; /* print pub element */ Indent(out, indent); - if (wolfSSL_BIO_write(out, "pub:\n", XSTRLEN("pub:\n")) <= 0) + if (wolfSSL_BIO_write(out, "pub:\n", (int)XSTRLEN("pub:\n")) <= 0) return WOLFSSL_FAILURE; if (DumpElement(out, y, ySz, indent + 4) != WOLFSSL_SUCCESS) return WOLFSSL_FAILURE; /* print P element */ Indent(out, indent); - if (wolfSSL_BIO_write(out, "P:\n", XSTRLEN("P:\n")) <= 0) + if (wolfSSL_BIO_write(out, "P:\n", (int)XSTRLEN("P:\n")) <= 0) return WOLFSSL_FAILURE; if (DumpElement(out, p, pSz, indent + 4) != WOLFSSL_SUCCESS) return WOLFSSL_FAILURE; /* print Q element */ Indent(out, indent); - if (wolfSSL_BIO_write(out, "Q:\n", XSTRLEN("Q:\n")) <= 0) + if (wolfSSL_BIO_write(out, "Q:\n", (int)XSTRLEN("Q:\n")) <= 0) return WOLFSSL_FAILURE; if (DumpElement(out, q, qSz, indent + 4) != WOLFSSL_SUCCESS) return WOLFSSL_FAILURE; /* print G element */ Indent(out, indent); - if (wolfSSL_BIO_write(out, "G:\n", XSTRLEN("G:\n")) <= 0) + if (wolfSSL_BIO_write(out, "G:\n", (int)XSTRLEN("G:\n")) <= 0) return WOLFSSL_FAILURE; if (DumpElement(out, g, gSz, indent + 4) != WOLFSSL_SUCCESS) return WOLFSSL_FAILURE; @@ -7518,7 +7518,7 @@ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, idx = 0; Indent(out, indent); if (wolfSSL_BIO_write(out, "DH Public-Key: (", - XSTRLEN("DH Public-Key: (")) < 0) + (int)XSTRLEN("DH Public-Key: (")) < 0) return WOLFSSL_FAILURE; if (mp_set_int(&a, bitlen) != 0) @@ -7533,13 +7533,13 @@ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, Indent(out, indent); if (wolfSSL_BIO_write(out, "public-key:\n", - XSTRLEN("public-key:\n")) <= 0) + (int)XSTRLEN("public-key:\n")) <= 0) return WOLFSSL_FAILURE; if (DumpElement(out, publicKey, publicKeySz, indent + 4) != WOLFSSL_SUCCESS) return WOLFSSL_FAILURE; Indent(out, indent); - if (wolfSSL_BIO_write(out, "prime:\n", XSTRLEN("prime:\n")) <= 0) + if (wolfSSL_BIO_write(out, "prime:\n", (int)XSTRLEN("prime:\n")) <= 0) return WOLFSSL_FAILURE; if (DumpElement(out, prime, primeSz, indent + 4) != WOLFSSL_SUCCESS) return WOLFSSL_FAILURE; @@ -7547,7 +7547,7 @@ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, idx = 0; XMEMSET(buff, 0, sizeof(buff)); Indent(out, indent); - if (wolfSSL_BIO_write(out, "generator: ", XSTRLEN("generator: ")) <= 0) + if (wolfSSL_BIO_write(out, "generator: ", (int)XSTRLEN("generator: ")) <= 0) return WOLFSSL_FAILURE; if (mp_set_int(&a, generator) != 0) return WOLFSSL_FAILURE; @@ -7556,7 +7556,7 @@ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, wsz = (int)XSTRLEN((const char*)buff); if (wolfSSL_BIO_write(out, buff + idx, wsz) <= 0) return WOLFSSL_FAILURE; - if (wolfSSL_BIO_write(out, " (0x", XSTRLEN(" (0x")) <= 0) + if (wolfSSL_BIO_write(out, " (0x", (int)XSTRLEN(" (0x")) <= 0) return WOLFSSL_FAILURE; idx = 0; @@ -7570,7 +7570,7 @@ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, } if (wolfSSL_BIO_write(out, buff, idx) <= 0 ) return WOLFSSL_FAILURE; - if (wolfSSL_BIO_write(out, ")\n", XSTRLEN(")\n")) <= 0) + if (wolfSSL_BIO_write(out, ")\n", (int)XSTRLEN(")\n")) <= 0) return WOLFSSL_FAILURE; return WOLFSSL_SUCCESS; From 9eab854c613b5c6b199b1f7489c07c1cfefc8385 Mon Sep 17 00:00:00 2001 From: TakayukiMatsuo Date: Mon, 3 May 2021 07:44:04 +0900 Subject: [PATCH 25/29] Revised logic along review comments --- wolfcrypt/src/evp.c | 740 ++++++++++++++++++++++++-------------------- 1 file changed, 397 insertions(+), 343 deletions(-) diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index aafe2cb182..30a7f34ed0 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -44,7 +44,7 @@ #include #include -#include +#include #ifndef NO_AES #ifdef HAVE_AES_CBC @@ -6817,17 +6817,19 @@ static int Indent(WOLFSSL_BIO* out, int indents ) int i; char space = ' '; - if (indents < 0) + if (indents < 0) { indents = 0; - else if (indents > EVP_PKEY_PRINT_INDENT_MAX) + } + else if (indents > EVP_PKEY_PRINT_INDENT_MAX) { indents = EVP_PKEY_PRINT_INDENT_MAX; - - if (out == NULL) + } + if (out == NULL) { return 0; - + } for (i = indents; i; i--) { - if (wolfSSL_BIO_write(out, &space, 1) < 0) + if (wolfSSL_BIO_write(out, &space, 1) < 0) { break; + } } return indents -i; } @@ -6836,6 +6838,11 @@ static int Indent(WOLFSSL_BIO* out, int indents ) * four spaces, then hex coded 15 byte data with separator ":" follow. * Each line looks like: * " 00:e6:ab: --- 9f:ef:" + * Parmeters: + * out bio to output dump data + * input buffer holding data to dump + * inlen input data size + * indent the number of spaces for indent * Returns 1 on success, 0 on failure. */ static int DumpElement(WOLFSSL_BIO* out, const byte* input, @@ -6858,14 +6865,16 @@ static int DumpElement(WOLFSSL_BIO* out, const byte* input, word32 outSz; byte outHex[3]; - if (!out || !input) + if (!out || !input || inlen <= 0) { return WOLFSSL_FAILURE; + } - if (indent < 0) + if (indent < 0) { indent = 0; - if (indent > EVP_PKEY_PRINT_INDENT_MAX) + } + if (indent > EVP_PKEY_PRINT_INDENT_MAX) { indent = EVP_PKEY_PRINT_INDENT_MAX; - + } point = input; len = inlen; @@ -6875,8 +6884,9 @@ static int DumpElement(WOLFSSL_BIO* out, const byte* input, #ifdef WOLFSSL_SMALL_STACK buff = (byte*)XMALLOC(EVP_PKEY_PRINT_LINE_WIDTH_MAX, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (!buff) + if (!buff) { return WOLFSSL_FAILURE; + } #endif /* print pub element */ @@ -6887,11 +6897,12 @@ static int DumpElement(WOLFSSL_BIO* out, const byte* input, for (i = 0; i < 15 && ret == WOLFSSL_SUCCESS; i++) { outSz = sizeof(outHex); - if (ret == WOLFSSL_SUCCESS) + if (ret == WOLFSSL_SUCCESS) { ret = Base16_Encode((const byte*)&point[in++], 1, outHex, &outSz) == 0; + } if (ret == WOLFSSL_SUCCESS && - idx + 3 0; - if (ret == WOLFSSL_SUCCESS) + } + if (ret == WOLFSSL_SUCCESS) { ret = wolfSSL_BIO_write(out, "\n", 1) > 0; + } if (ret == WOLFSSL_SUCCESS) { XMEMSET(buff, 0, EVP_PKEY_PRINT_LINE_WIDTH_MAX); line--; @@ -6913,9 +6926,10 @@ static int DumpElement(WOLFSSL_BIO* out, const byte* input, for (i = 0; i < left && ret == WOLFSSL_SUCCESS; i++) { outSz = sizeof(outHex); - if (ret == WOLFSSL_SUCCESS) + if (ret == WOLFSSL_SUCCESS) { ret = Base16_Encode((const byte*)&point[in++], 1, outHex, &outSz) == 0; + } if (ret == WOLFSSL_SUCCESS) { XMEMCPY(buff + idx, outHex, 2); idx += 2; @@ -6929,11 +6943,12 @@ static int DumpElement(WOLFSSL_BIO* out, const byte* input, } } } - if (ret == WOLFSSL_SUCCESS) + if (ret == WOLFSSL_SUCCESS) { ret = wolfSSL_BIO_write(out, buff, idx) > 0; - if (ret == WOLFSSL_SUCCESS) + } + if (ret == WOLFSSL_SUCCESS) { ret = wolfSSL_BIO_write(out, "\n", 1) > 0; - + } #ifdef WOLFSSL_SMALL_STACK XFREE(buff, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif @@ -6942,22 +6957,24 @@ static int DumpElement(WOLFSSL_BIO* out, const byte* input, #if !defined(NO_RSA) /* PrintPubKeyRSA is a helper function for wolfSSL_EVP_PKEY_print_public * to parse a DER format RSA public key specified in the second parameter. + * Parameters: + * out bio to output dump data + * pkey buffer holding public key data + * pkeySz public key data size + * indent the number of spaces for indent + * bitlen bit size of the given key + * pctx context(not used) * Returns 1 on success, 0 on failure. */ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, int indent, int bitlen, ASN1_PCTX* pctx) { - byte buff[8] = { 0 }; word32 inOutIdx = 0; - int length = 0; word32 nSz; /* size of modulus */ word32 eSz; /* size of public exponent */ - byte* n = NULL; - byte* e = NULL; /* pointer to modulus/exponent */ - word32 localIdx; - word32 oid; - byte tag; + const byte* n = NULL; + const byte* e = NULL; /* pointer to modulus/exponent */ int idx; int wsz; word32 i; @@ -6968,149 +6985,107 @@ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, (void)pctx; - if( mp_init(&a) != 0) + if( mp_init(&a) != 0) { return WOLFSSL_FAILURE; - - if (indent < 0) - indent = 0; - if (indent > EVP_PKEY_PRINT_INDENT_MAX) - indent = EVP_PKEY_PRINT_INDENT_MAX; - - if (GetSequence(pkey, &inOutIdx, &length, pkeySz) < 0) - return WOLFSSL_FAILURE; - - localIdx = inOutIdx; - if (GetASNTag(pkey, &localIdx, &tag, pkeySz) < 0) - return WOLFSSL_FAILURE; - - if (tag != ASN_INTEGER) { - /* not from decoded cert, will have algo id, skip past */ - if (GetSequence(pkey, &inOutIdx, &length, pkeySz) < 0) - return WOLFSSL_FAILURE; - - if (GetObjectId(pkey, &inOutIdx, &oid, oidIgnoreType, pkeySz) != 0) - return WOLFSSL_FAILURE; - - /* Option NULL ASN.1 tag */ - if (inOutIdx >= (word32)pkeySz) - return WOLFSSL_FAILURE; - - localIdx = inOutIdx; - if (GetASNTag(pkey, &inOutIdx, &tag, pkeySz) < 0) - return WOLFSSL_FAILURE; - - if (tag != ASN_TAG_NULL) - return WOLFSSL_FAILURE; - - inOutIdx ++; - - /* should have bit tag length and seq next */ - if (CheckBitString(pkey, &inOutIdx, NULL, pkeySz, 1, NULL) != 0) - return WOLFSSL_FAILURE; - - if (GetSequence(pkey, &inOutIdx, &length, pkeySz) < 0) - return WOLFSSL_FAILURE; } - /* Get modulus */ - if (GetASNTag(pkey, &inOutIdx, &tag, pkeySz ) < 0) + if (indent < 0) { + indent = 0; + } + if (indent > EVP_PKEY_PRINT_INDENT_MAX) { + indent = EVP_PKEY_PRINT_INDENT_MAX; + } + /* parse key to get modulus and exponent */ + if (wc_RsaPublicKeyDecode_ex(pkey, &inOutIdx, pkeySz, + &n, &nSz, &e, &eSz) != 0) { return WOLFSSL_FAILURE; - - if (tag != ASN_INTEGER) - return WOLFSSL_FAILURE; - - if (GetLength(pkey, &inOutIdx, &length, pkeySz) <= 0) - return WOLFSSL_FAILURE; - - nSz = length; - n = (byte*)(&pkey[inOutIdx]); - inOutIdx += length; - - /* Get exponent */ - - if (GetASNTag(pkey, &inOutIdx, &tag, pkeySz) < 0) - return WOLFSSL_FAILURE; - - if (tag != ASN_INTEGER) - return WOLFSSL_FAILURE; - - if (GetLength(pkey, &inOutIdx, &length, pkeySz) <= 0) - return WOLFSSL_FAILURE; - - - eSz = length; - e = (byte*)(&pkey[inOutIdx]); + } /* print out public key elements */ idx = 0; XMEMSET(buff, 0, sizeof(buff)); Indent(out, indent); if (wolfSSL_BIO_write(out, "RSA Public-Key: (", - (int)XSTRLEN("RSA Public-Key: (")) <= 0) + (int)XSTRLEN("RSA Public-Key: (")) <= 0) { return WOLFSSL_FAILURE; - - if (mp_set_int(&a, bitlen) != 0) + } + if (mp_set_int(&a, bitlen) != 0) { return WOLFSSL_FAILURE; - if (mp_todecimal(&a, (char*)buff) != 0) + } + if (mp_todecimal(&a, (char*)buff) != 0) { return WOLFSSL_FAILURE; + } wsz = (int)XSTRLEN((const char*)buff); - if (wolfSSL_BIO_write(out, buff + idx, wsz) <= 0) + if (wolfSSL_BIO_write(out, buff + idx, wsz) <= 0) { return WOLFSSL_FAILURE; - - if (wolfSSL_BIO_write(out, " bit)\n", (int)XSTRLEN(" bit)\n")) <= 0) + } + if (wolfSSL_BIO_write(out, " bit)\n", (int)XSTRLEN(" bit)\n")) <= 0) { return WOLFSSL_FAILURE; - + } /* print Modulus */ Indent(out, indent); - if (wolfSSL_BIO_write(out, "Modulus:\n", (int)XSTRLEN("Modulus:\n")) <= 0) - return WOLFSSL_FAILURE; - - if (DumpElement(out, n, nSz, indent + 4) != WOLFSSL_SUCCESS) + if (wolfSSL_BIO_write(out, "Modulus:\n", + (int)XSTRLEN("Modulus:\n")) <= 0) { return WOLFSSL_FAILURE; + } + /* print modulus with lenading zero if exists */ + if (*n & 0x80 && *(n-1) == 0) { + if (DumpElement(out, n - 1, nSz + 1, indent + 4) != WOLFSSL_SUCCESS) { + return WOLFSSL_FAILURE; + } + } + else { + if (DumpElement(out, n, nSz, indent + 4) != WOLFSSL_SUCCESS) { + return WOLFSSL_FAILURE; + } + } /* print public Exponent */ idx = 0; Indent(out, indent); - if (wolfSSL_BIO_write(out, "Exponent: ", (int)XSTRLEN("Exponent: ")) <= 0) + if (wolfSSL_BIO_write(out, "Exponent: ", + (int)XSTRLEN("Exponent: ")) <= 0) { return WOLFSSL_FAILURE; - + } for (i = 0; i < eSz; i++) { exponent <<= 8; exponent += e[i]; } XMEMSET(buff, 0, sizeof(buff)); - if (mp_set_int(&a, exponent) != 0) + if (mp_set_int(&a, exponent) != 0) { return WOLFSSL_FAILURE; - if (mp_todecimal(&a, (char*)buff) != 0) + } + if (mp_todecimal(&a, (char*)buff) != 0) { return WOLFSSL_FAILURE; + } wsz = (int)XSTRLEN((const char*)buff); - if (wolfSSL_BIO_write(out, buff + idx, wsz) <= 0) + if (wolfSSL_BIO_write(out, buff + idx, wsz) <= 0) { return WOLFSSL_FAILURE; - - if (wolfSSL_BIO_write(out, " (0x", (int)XSTRLEN(" (0x")) <= 0) + } + if (wolfSSL_BIO_write(out, " (0x", (int)XSTRLEN(" (0x")) <= 0) { return WOLFSSL_FAILURE; - + } idx = 0; XMEMSET(buff, 0, sizeof(buff)); for (i = 0; i < eSz; i++) { outSz = sizeof(outHex); - if (Base16_Encode((const byte*)&e[i], 1, outHex, &outSz ) != 0) + if (Base16_Encode((const byte*)&e[i], 1, outHex, &outSz ) != 0) { return WOLFSSL_FAILURE; - + } if ((unsigned int)idx + 2 <= sizeof(buff)) { XMEMCPY(buff + idx, outHex, 2); idx += 2; } } - if (wolfSSL_BIO_write(out, buff, idx) <= 0) + if (wolfSSL_BIO_write(out, buff, idx) <= 0) { return WOLFSSL_FAILURE; - - if (wolfSSL_BIO_write(out, ")\n", (int)XSTRLEN(")\n")) <= 0) + } + if (wolfSSL_BIO_write(out, ")\n", (int)XSTRLEN(")\n")) <= 0) { return WOLFSSL_FAILURE; - + } return WOLFSSL_SUCCESS; } #endif /* !NO_RSA */ @@ -7118,154 +7093,170 @@ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, #if defined(HAVE_ECC) /* PrintPubKeyEC is a helper function for wolfSSL_EVP_PKEY_print_public * to parse a DER format ECC public key specified in the second parameter. + * Parameters: + * out bio to output dump data + * pkey buffer holding public key data + * pkeySz public key data size + * indent the number of spaces for indent + * bitlen bit size of the given key + * pctx context(not used) * Returns 1 on success, 0 on failure. */ static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, int indent, int bitlen, ASN1_PCTX* pctx) { - + byte* pub = NULL; + word32 pubSz = 0; byte buff[8] = { 0 }; int res = WOLFSSL_SUCCESS; word32 inOutIdx = 0; - int length = 0; - int curveId; - word32 pointIdx,localIdx; - word32 oidSum; - int pointSz; + int curveId = 0; + const byte* curveOID = NULL; + word32 oidSz = 0; char* OIDName = NULL; const char* nistCurveName = NULL; int nid; WOLFSSL_ObjectInfo* oi = NULL; word32 i; - byte tag; - int idx; + int idx = 0; int wsz = 0; mp_int a; + ecc_key key; (void)pctx; - if( mp_init(&a) != 0) + if( mp_init(&a) != 0) { return WOLFSSL_FAILURE; - - if (indent < 0) + } + if (indent < 0) { indent = 0; - if (indent > EVP_PKEY_PRINT_INDENT_MAX) + } + if (indent > EVP_PKEY_PRINT_INDENT_MAX) { indent = EVP_PKEY_PRINT_INDENT_MAX; - - if (GetSequence(pkey, &inOutIdx, &length, pkeySz) < 0) - return ASN_PARSE_E; - - if (GetMyVersion(pkey, &inOutIdx, &length, pkeySz) >= 0) - return ASN_PARSE_E; - - if (GetSequence(pkey, &inOutIdx, &length, pkeySz) < 0) - return ASN_PARSE_E; - - if (GetASNObjectId(pkey, &inOutIdx, &length, pkeySz) < 0) - return ASN_PARSE_E; - - inOutIdx += length; - - if (inOutIdx >= (word32)pkeySz) { - return BUFFER_E; } - localIdx = inOutIdx; + res = wc_ecc_init(&key) == 0; - if (GetASNTag(pkey, &localIdx, &tag, pkeySz) == 0 && - tag == (ASN_SEQUENCE | ASN_CONSTRUCTED)) { - return BAD_FUNC_ARG; /* given key is not a public key*/ + if (res == WOLFSSL_SUCCESS) { + res = wc_EccPublicKeyDecode(pkey, &inOutIdx, &key, pkeySz) == 0; } - /* ecc params information */ - res = GetObjectId(pkey, &inOutIdx, &oidSum, oidIgnoreType, pkeySz); - if (res != 0) - return res; - - curveId = wc_ecc_get_oid(oidSum, NULL, (word32*)&length); - if (curveId < 0 || length == 0) { - return ECC_CURVE_OID_E; - } - - if (CheckBitString(pkey, &inOutIdx, &length, pkeySz, 1, NULL) < 0) { - return ASN_PARSE_E; - } - - pointIdx = inOutIdx; - pointSz = length; - inOutIdx += length; - - nid = EccEnumToNID(curveId); - - /* look up object name from object info table */ - - oi = (WOLFSSL_ObjectInfo*)wolfssl_object_info; - OIDName = NULL; - for (i = 0;i < wolfssl_object_info_sz; i++) { - if ( (oi + i)->type == oidCurveType && (oi + i)->nid == nid) { - OIDName = (char*)((oi + i)->sName); - break; - } + if (res == WOLFSSL_SUCCESS) { + curveId = wc_ecc_get_oid(key.dp->oidSum, &curveOID, &oidSz); + res = curveId > 0 && oidSz > 0; } /* get NIST curve name */ - nistCurveName = wolfSSL_EC_curve_nid2nist(nid); - - idx = 0; - Indent(out, indent); - - if (wolfSSL_BIO_write(out, "Public-Key: (", - (int)XSTRLEN("Public-Key: (")) < 0) - return WOLFSSL_FAILURE; - - if (mp_set_int(&a, bitlen) != 0) - return WOLFSSL_FAILURE; - if (mp_todecimal(&a, (char*)buff) != 0) - return WOLFSSL_FAILURE; - wsz = (int)XSTRLEN((const char*)buff); - if (wolfSSL_BIO_write(out, buff + idx, wsz) <= 0) - return WOLFSSL_FAILURE; - if (wolfSSL_BIO_write(out, " bit)\n", (int)XSTRLEN(" bit)\n")) <= 0) - return WOLFSSL_FAILURE; - - /* print pub element */ - Indent(out, indent); - if (wolfSSL_BIO_write(out, "pub:\n", (int)XSTRLEN("pub:\n")) <= 0) - return WOLFSSL_FAILURE; - if (DumpElement(out, pkey + pointIdx, pointSz, indent + 4) - != WOLFSSL_SUCCESS) - return WOLFSSL_FAILURE; - - /* print OID in name */ - Indent(out, indent); - if (wolfSSL_BIO_write(out, "ASN1 OID: ", (int)XSTRLEN("ASN1 OID: ")) <= 0) - return WOLFSSL_FAILURE; - - if (OIDName && XSTRLEN(OIDName) > 0) { - if (wolfSSL_BIO_write(out, OIDName, (int)XSTRLEN(OIDName)) <= 0) - return WOLFSSL_FAILURE; - if (wolfSSL_BIO_write(out, "\n", 1) < 0) - return WOLFSSL_FAILURE; + if (res == WOLFSSL_SUCCESS) { + nid = EccEnumToNID(curveId); + if (nid != -1) { + /* look up object name from object info table */ + oi = (WOLFSSL_ObjectInfo*)wolfssl_object_info; + OIDName = NULL; + for (i = 0; i < wolfssl_object_info_sz; i++) { + if ((oi + i)->type == oidCurveType && (oi + i)->nid == nid) { + OIDName = (char*)((oi + i)->sName); + break; + } + } + nistCurveName = wolfSSL_EC_curve_nid2nist(nid); + res = nistCurveName != NULL; + } + else { + res = WOLFSSL_FAILURE; + } } - - /* print NIST curve name */ - Indent(out, indent); - if (wolfSSL_BIO_write(out, "NIST CURVE: ", (int)XSTRLEN("NIST CURVE: ")) <= 0) - return WOLFSSL_FAILURE; - - if (nistCurveName && XSTRLEN(nistCurveName) > 0) { - if (wolfSSL_BIO_write(out, nistCurveName, (int)XSTRLEN(nistCurveName)) <= 0) - return WOLFSSL_FAILURE; - if (wolfSSL_BIO_write(out, "\n", 1) <= 0) + if (res == WOLFSSL_SUCCESS) { + pub = (byte*)XMALLOC(ECC_BUFSIZE, NULL, DYNAMIC_TYPE_ECC_BUFFER); + if (pub == NULL) { return WOLFSSL_FAILURE; + } + pubSz = ECC_BUFSIZE; + XMEMSET(pub, 0, ECC_BUFSIZE); + + res = wc_ecc_export_x963(&key, pub, &pubSz) == 0; } - - return WOLFSSL_SUCCESS; + if (res == WOLFSSL_SUCCESS) { + idx = 0; + res = Indent(out, indent) >= 0; + } + if (res == WOLFSSL_SUCCESS) { + res = wolfSSL_BIO_write(out, "Public-Key: (", + (int)XSTRLEN("Public-Key: (")) > 0; + } + if (res == WOLFSSL_SUCCESS) { + res = mp_set_int(&a, bitlen) == 0; + } + if (res == WOLFSSL_SUCCESS) { + res = mp_todecimal(&a, (char*)buff) == 0; + } + if (res == WOLFSSL_SUCCESS) { + wsz = (int)XSTRLEN((const char*)buff); + } + if (res == WOLFSSL_SUCCESS) { + res = wolfSSL_BIO_write(out, buff + idx, wsz) >= 0; + } + if (res == WOLFSSL_SUCCESS) { + res = wolfSSL_BIO_write(out, " bit)\n", (int)XSTRLEN(" bit)\n")) > 0; + } + if (res == WOLFSSL_SUCCESS) { + res = Indent(out, indent) >= 0; + } + if (res == WOLFSSL_SUCCESS) { + /* print pub element */ + res = wolfSSL_BIO_write(out, "pub:\n", (int)XSTRLEN("pub:\n")) > 0; + } + if (res == WOLFSSL_SUCCESS) { + res = DumpElement(out, pub, pubSz, indent + 4); + } + if (res == WOLFSSL_SUCCESS) { + res = Indent(out, indent) >= 0; + } + if (res == WOLFSSL_SUCCESS) { + /* print OID in name */ + res = wolfSSL_BIO_write(out, "ASN1 OID: ", + (int)XSTRLEN("ASN1 OID: ")) > 0; + } + if (res == WOLFSSL_SUCCESS) { + res = wolfSSL_BIO_write(out, OIDName, (int)XSTRLEN(OIDName)) > 0; + } + if (res == WOLFSSL_SUCCESS) { + res = wolfSSL_BIO_write(out, "\n", 1) > 0; + } + if (res == WOLFSSL_SUCCESS) { + res = Indent(out, indent) >= 0; + } + if (res == WOLFSSL_SUCCESS) { + /* print NIST curve name */ + res = wolfSSL_BIO_write(out, "NIST CURVE: ", + (int)XSTRLEN("NIST CURVE: ")) > 0; + } + if (res == WOLFSSL_SUCCESS) { + res = wolfSSL_BIO_write(out, nistCurveName, + (int)XSTRLEN(nistCurveName)) > 0; + } + if (res == WOLFSSL_SUCCESS) { + res = wolfSSL_BIO_write(out, "\n", 1) > 0; + } + + if (pub != NULL) { + XFREE(pub, NULL, DYNAMIC_TYPE_ECC_BUFFER); + pub = NULL; + } + + return res; } #endif /* HAVE_ECC */ #if !defined(NO_DSA) /* PrintPubKeyDSA is a helper function for wolfSSL_EVP_PKEY_print_public * to parse a DER format DSA public key specified in the second parameter. + * Parameters: + * out bio to output dump data + * pkey buffer holding public key data + * pkeySz public key data size + * indent the number of spaces for indent + * bitlen bit size of the given key + * pctx context(not used) * Returns 1 on success, 0 on failure. */ static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, @@ -7290,82 +7281,96 @@ static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, inOutIdx = 0; (void)pctx; - if (indent < 0) + if (indent < 0) { indent = 0; - if (indent > EVP_PKEY_PRINT_INDENT_MAX) + } + if (indent > EVP_PKEY_PRINT_INDENT_MAX) { indent = EVP_PKEY_PRINT_INDENT_MAX; - - if (GetSequence(pkey, &inOutIdx, &length, pkeySz) < 0) + } + if (GetSequence(pkey, &inOutIdx, &length, pkeySz) < 0) { return WOLFSSL_FAILURE; - if (GetSequence(pkey, &inOutIdx, &length, pkeySz) < 0) + } + if (GetSequence(pkey, &inOutIdx, &length, pkeySz) < 0) { return WOLFSSL_FAILURE; - + } res = GetObjectId(pkey, &inOutIdx, &oid, oidIgnoreType, pkeySz); - if (res != 0) + if (res != 0) { return WOLFSSL_FAILURE; - - if (GetSequence(pkey, &inOutIdx, &length, pkeySz) < 0) + } + if (GetSequence(pkey, &inOutIdx, &length, pkeySz) < 0) { return WOLFSSL_FAILURE; - + } /* find P */ - if (GetASNTag(pkey, &inOutIdx, &tagFound, pkeySz) != 0) + if (GetASNTag(pkey, &inOutIdx, &tagFound, pkeySz) != 0) { return WOLFSSL_FAILURE; - if (tagFound != ASN_INTEGER) + } + if (tagFound != ASN_INTEGER) { return WOLFSSL_FAILURE; - if (GetLength(pkey, &inOutIdx, &length, pkeySz) <= 0) + } + if (GetLength(pkey, &inOutIdx, &length, pkeySz) <= 0) { return WOLFSSL_FAILURE; - + } p = (byte*)(pkey + inOutIdx); pSz = length; if (bitlen == 0) { - if (*p == 0) + if (*p == 0) { bitlen = (pSz - 1) * 8; /* remove leading zero */ - else + } + else { bitlen = pSz * 8; + } } inOutIdx += length; /* find Q */ - if (GetASNTag(pkey, &inOutIdx, &tagFound, pkeySz) != 0) + if (GetASNTag(pkey, &inOutIdx, &tagFound, pkeySz) != 0) { return WOLFSSL_FAILURE; - if (tagFound != ASN_INTEGER) + } + if (tagFound != ASN_INTEGER) { return WOLFSSL_FAILURE; - if (GetLength(pkey, &inOutIdx, &length, pkeySz) <= 0) + } + if (GetLength(pkey, &inOutIdx, &length, pkeySz) <= 0) { return WOLFSSL_FAILURE; - + } q = (byte*)(pkey + inOutIdx); qSz = length; inOutIdx += length; /* find G */ - if (GetASNTag(pkey, &inOutIdx, &tagFound, pkeySz) != 0) + if (GetASNTag(pkey, &inOutIdx, &tagFound, pkeySz) != 0) { return WOLFSSL_FAILURE; - if (tagFound != ASN_INTEGER) + } + if (tagFound != ASN_INTEGER) { return WOLFSSL_FAILURE; - if (GetLength(pkey, &inOutIdx, &length, pkeySz) <= 0) + } + if (GetLength(pkey, &inOutIdx, &length, pkeySz) <= 0) { return WOLFSSL_FAILURE; - + } g = (byte*)(pkey + inOutIdx); gSz = length; inOutIdx += length; /* find Y */ - if (GetASNTag(pkey, &inOutIdx, &tagFound, pkeySz) != 0) + if (GetASNTag(pkey, &inOutIdx, &tagFound, pkeySz) != 0) { return WOLFSSL_FAILURE; - if (tagFound != ASN_BIT_STRING) + } + if (tagFound != ASN_BIT_STRING) { return WOLFSSL_FAILURE; - if (GetLength(pkey, &inOutIdx, &length, pkeySz) <= 0) + } + if (GetLength(pkey, &inOutIdx, &length, pkeySz) <= 0) { return WOLFSSL_FAILURE; - + } inOutIdx++; /* skip the first byte( unused byte number)*/ - if (GetASNTag(pkey, &inOutIdx, &tagFound, pkeySz) != 0) + if (GetASNTag(pkey, &inOutIdx, &tagFound, pkeySz) != 0) { return WOLFSSL_FAILURE; - if (tagFound != ASN_INTEGER) + } + if (tagFound != ASN_INTEGER) { return WOLFSSL_FAILURE; - if (GetLength(pkey, &inOutIdx, &length, pkeySz) <= 0) + } + if (GetLength(pkey, &inOutIdx, &length, pkeySz) <= 0) { return WOLFSSL_FAILURE; - + } y = (byte*)(pkey + inOutIdx); ySz = length; @@ -7373,47 +7378,54 @@ static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, XMEMSET(buff, 0, sizeof(buff)); Indent(out, indent); if (wolfSSL_BIO_write(out, "DSA Public-Key: (", - (int)XSTRLEN("DSA Public-Key: (")) <= 0) + (int)XSTRLEN("DSA Public-Key: (")) <= 0) { return WOLFSSL_FAILURE; - - if (mp_set_int(&a, bitlen) != 0) + } + if (mp_set_int(&a, bitlen) != 0) { return WOLFSSL_FAILURE; - if (mp_todecimal(&a, (char*)buff) != 0) + } + if (mp_todecimal(&a, (char*)buff) != 0) { return WOLFSSL_FAILURE; + } wsz = (int)XSTRLEN((const char*)buff); - if (wolfSSL_BIO_write(out, buff + idx, wsz) <= 0) + if (wolfSSL_BIO_write(out, buff + idx, wsz) <= 0) { return WOLFSSL_FAILURE; - if (wolfSSL_BIO_write(out, " bit)\n", (int)XSTRLEN(" bit)\n")) <= 0) + } + if (wolfSSL_BIO_write(out, " bit)\n", (int)XSTRLEN(" bit)\n")) <= 0) { return WOLFSSL_FAILURE; - + } /* print pub element */ Indent(out, indent); - if (wolfSSL_BIO_write(out, "pub:\n", (int)XSTRLEN("pub:\n")) <= 0) + if (wolfSSL_BIO_write(out, "pub:\n", (int)XSTRLEN("pub:\n")) <= 0) { return WOLFSSL_FAILURE; - if (DumpElement(out, y, ySz, indent + 4) != WOLFSSL_SUCCESS) + } + if (DumpElement(out, y, ySz, indent + 4) != WOLFSSL_SUCCESS) { return WOLFSSL_FAILURE; - + } /* print P element */ Indent(out, indent); - if (wolfSSL_BIO_write(out, "P:\n", (int)XSTRLEN("P:\n")) <= 0) + if (wolfSSL_BIO_write(out, "P:\n", (int)XSTRLEN("P:\n")) <= 0) { return WOLFSSL_FAILURE; - if (DumpElement(out, p, pSz, indent + 4) != WOLFSSL_SUCCESS) + } + if (DumpElement(out, p, pSz, indent + 4) != WOLFSSL_SUCCESS) { return WOLFSSL_FAILURE; - + } /* print Q element */ Indent(out, indent); - if (wolfSSL_BIO_write(out, "Q:\n", (int)XSTRLEN("Q:\n")) <= 0) + if (wolfSSL_BIO_write(out, "Q:\n", (int)XSTRLEN("Q:\n")) <= 0) { return WOLFSSL_FAILURE; - if (DumpElement(out, q, qSz, indent + 4) != WOLFSSL_SUCCESS) + } + if (DumpElement(out, q, qSz, indent + 4) != WOLFSSL_SUCCESS) { return WOLFSSL_FAILURE; - + } /* print G element */ Indent(out, indent); - if (wolfSSL_BIO_write(out, "G:\n", (int)XSTRLEN("G:\n")) <= 0) + if (wolfSSL_BIO_write(out, "G:\n", (int)XSTRLEN("G:\n")) <= 0) { return WOLFSSL_FAILURE; - if (DumpElement(out, g, gSz, indent + 4) != WOLFSSL_SUCCESS) + } + if (DumpElement(out, g, gSz, indent + 4) != WOLFSSL_SUCCESS) { return WOLFSSL_FAILURE; - + } return WOLFSSL_SUCCESS; } #endif /* !NO_DSA */ @@ -7421,6 +7433,13 @@ static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, #if defined(WOLFSSL_DH_EXTRA) /* PrintPubKeyDH is a helper function for wolfSSL_EVP_PKEY_print_public * to parse a DER format DH public key specified in the second parameter. + * Parameters: + * out bio to output dump data + * pkey buffer holding public key data + * pkeySz public key data size + * indent the number of spaces for indent + * bitlen bit size of the given key + * pctx context(not used) * Returns 1 on success, 0 on failure. */ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, @@ -7449,141 +7468,175 @@ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, inOutIdx = 0; (void)pctx; - if (indent < 0) + if (indent < 0) { indent = 0; - if (indent > EVP_PKEY_PRINT_INDENT_MAX) + } + if (indent > EVP_PKEY_PRINT_INDENT_MAX) { indent = EVP_PKEY_PRINT_INDENT_MAX; - - if (GetSequence(pkey, &inOutIdx, (int*)&length, pkeySz) < 0) + } + if (GetSequence(pkey, &inOutIdx, (int*)&length, pkeySz) < 0) { return WOLFSSL_FAILURE; - if (GetSequence(pkey, &inOutIdx, (int*)&length, pkeySz) < 0) + } + if (GetSequence(pkey, &inOutIdx, (int*)&length, pkeySz) < 0) { return WOLFSSL_FAILURE; - if (GetObjectId(pkey, &inOutIdx, &oid, oidIgnoreType, pkeySz) < 0) + } + if (GetObjectId(pkey, &inOutIdx, &oid, oidIgnoreType, pkeySz) < 0) { return WOLFSSL_FAILURE; - if (GetSequence(pkey, &inOutIdx, (int*)&length, pkeySz) < 0) + } + if (GetSequence(pkey, &inOutIdx, (int*)&length, pkeySz) < 0) { return WOLFSSL_FAILURE; - + } /* get prime element */ - if (GetASNTag(pkey, &inOutIdx, &tagFound, pkeySz) != 0) + if (GetASNTag(pkey, &inOutIdx, &tagFound, pkeySz) != 0) { return WOLFSSL_FAILURE; - if (tagFound != ASN_INTEGER) + } + if (tagFound != ASN_INTEGER) { return WOLFSSL_FAILURE; - if (GetLength(pkey, &inOutIdx, (int*)&length, pkeySz) <= 0) + } + if (GetLength(pkey, &inOutIdx, (int*)&length, pkeySz) <= 0) { return WOLFSSL_FAILURE; - + } prime = (byte*)(pkey + inOutIdx); primeSz = length; inOutIdx += length; /* get generator element */ - if (GetASNTag(pkey, &inOutIdx, &tagFound, pkeySz) != 0) + if (GetASNTag(pkey, &inOutIdx, &tagFound, pkeySz) != 0) { return WOLFSSL_FAILURE; - if (tagFound != ASN_INTEGER) + } + if (tagFound != ASN_INTEGER) { return WOLFSSL_FAILURE; - if (GetLength(pkey, &inOutIdx, (int*)&length, pkeySz) <= 0) + } + if (GetLength(pkey, &inOutIdx, (int*)&length, pkeySz) <= 0) { return WOLFSSL_FAILURE; - if (length != 1) + } + if (length != 1) { return WOLFSSL_FAILURE; - + } generator = *(pkey + inOutIdx); inOutIdx += length; /* get public-key element */ - if (GetASNTag(pkey, &inOutIdx, &tagFound, pkeySz) != 0) + if (GetASNTag(pkey, &inOutIdx, &tagFound, pkeySz) != 0) { return WOLFSSL_FAILURE; - if (tagFound != ASN_BIT_STRING) + } + if (tagFound != ASN_BIT_STRING) { return WOLFSSL_FAILURE; - if (GetLength(pkey, &inOutIdx, (int*)&length, pkeySz) <= 0) + } + if (GetLength(pkey, &inOutIdx, (int*)&length, pkeySz) <= 0) { return WOLFSSL_FAILURE; - + } inOutIdx ++; - if (GetASNTag(pkey, &inOutIdx, &tagFound, pkeySz) != 0) + if (GetASNTag(pkey, &inOutIdx, &tagFound, pkeySz) != 0) { return WOLFSSL_FAILURE; - if (tagFound != ASN_INTEGER) + } + if (tagFound != ASN_INTEGER) { return WOLFSSL_FAILURE; - if (GetLength(pkey, &inOutIdx, (int*)&length, pkeySz) <= 0) + } + if (GetLength(pkey, &inOutIdx, (int*)&length, pkeySz) <= 0) { return WOLFSSL_FAILURE; - + } publicKeySz = length; publicKey = (byte*)(pkey + inOutIdx); if (bitlen == 0) { - if (*publicKey == 0) + if (*publicKey == 0) { bitlen = (publicKeySz - 1) * 8; - else + } + else { bitlen = publicKeySz * 8; + } } /* print elements */ idx = 0; Indent(out, indent); if (wolfSSL_BIO_write(out, "DH Public-Key: (", - (int)XSTRLEN("DH Public-Key: (")) < 0) + (int)XSTRLEN("DH Public-Key: (")) < 0) { return WOLFSSL_FAILURE; - - if (mp_set_int(&a, bitlen) != 0) + } + if (mp_set_int(&a, bitlen) != 0) { return WOLFSSL_FAILURE; - if (mp_todecimal(&a, (char*)buff) != 0) + } + if (mp_todecimal(&a, (char*)buff) != 0) { return WOLFSSL_FAILURE; + } wsz = (int)XSTRLEN((const char*)buff); - if (wolfSSL_BIO_write(out, buff + idx, wsz) <= 0) + if (wolfSSL_BIO_write(out, buff + idx, wsz) <= 0) { return WOLFSSL_FAILURE; - if (wolfSSL_BIO_write(out, " bit)\n", XSTRLEN(" bit)\n")) <= 0) + } + if (wolfSSL_BIO_write(out, " bit)\n", XSTRLEN(" bit)\n")) <= 0) { return WOLFSSL_FAILURE; - + } Indent(out, indent); if (wolfSSL_BIO_write(out, "public-key:\n", - (int)XSTRLEN("public-key:\n")) <= 0) + (int)XSTRLEN("public-key:\n")) <= 0) { return WOLFSSL_FAILURE; + } if (DumpElement(out, publicKey, publicKeySz, indent + 4) - != WOLFSSL_SUCCESS) + != WOLFSSL_SUCCESS) { return WOLFSSL_FAILURE; + } Indent(out, indent); - if (wolfSSL_BIO_write(out, "prime:\n", (int)XSTRLEN("prime:\n")) <= 0) + if (wolfSSL_BIO_write(out, "prime:\n", (int)XSTRLEN("prime:\n")) <= 0) { return WOLFSSL_FAILURE; - if (DumpElement(out, prime, primeSz, indent + 4) != WOLFSSL_SUCCESS) + } + if (DumpElement(out, prime, primeSz, indent + 4) != WOLFSSL_SUCCESS) { return WOLFSSL_FAILURE; - + } idx = 0; XMEMSET(buff, 0, sizeof(buff)); Indent(out, indent); - if (wolfSSL_BIO_write(out, "generator: ", (int)XSTRLEN("generator: ")) <= 0) + if (wolfSSL_BIO_write(out, "generator: ", + (int)XSTRLEN("generator: ")) <= 0) { return WOLFSSL_FAILURE; - if (mp_set_int(&a, generator) != 0) + } + if (mp_set_int(&a, generator) != 0) { return WOLFSSL_FAILURE; - if (mp_todecimal(&a, (char*)buff) != 0) + } + if (mp_todecimal(&a, (char*)buff) != 0) { return WOLFSSL_FAILURE; + } wsz = (int)XSTRLEN((const char*)buff); - if (wolfSSL_BIO_write(out, buff + idx, wsz) <= 0) + if (wolfSSL_BIO_write(out, buff + idx, wsz) <= 0) { return WOLFSSL_FAILURE; - if (wolfSSL_BIO_write(out, " (0x", (int)XSTRLEN(" (0x")) <= 0) + } + if (wolfSSL_BIO_write(out, " (0x", (int)XSTRLEN(" (0x")) <= 0) { return WOLFSSL_FAILURE; - + } idx = 0; XMEMSET(buff, 0, sizeof(buff)); outSz = sizeof(outHex); - if (Base16_Encode((const byte*)&generator, 1, outHex, &outSz ) != 0) + if (Base16_Encode((const byte*)&generator, 1, outHex, &outSz ) != 0) { return WOLFSSL_FAILURE; + } if (idx + 2 < (int)sizeof(buff) ) { XMEMCPY(buff + idx, outHex, 2); idx += 2; } - if (wolfSSL_BIO_write(out, buff, idx) <= 0 ) + if (wolfSSL_BIO_write(out, buff, idx) <= 0 ) { return WOLFSSL_FAILURE; - if (wolfSSL_BIO_write(out, ")\n", (int)XSTRLEN(")\n")) <= 0) + } + if (wolfSSL_BIO_write(out, ")\n", (int)XSTRLEN(")\n")) <= 0) { return WOLFSSL_FAILURE; + } return WOLFSSL_SUCCESS; } #endif /* WOLFSSL_DH_EXTRA */ -/* wolfSSL_EVP_PKEY_print_public parses the specified key then - * outputs public key info in human readable format to the specified BIO. - * White spaces of the same number which 'indent" gives, will be added to - * each line to output and ignores pctx parameter. - * Returns 1 on success, 0 or negative on error, -2 means specified key - * algo is not supported. - * Can handle RSA, ECC, DSA and DH public keys. +/* wolfSSL_EVP_PKEY_print_public parses the specified key then + * outputs public key info in human readable format to the specified BIO. + * White spaces of the same number which 'indent" gives, will be added to + * each line to output and ignores pctx parameter. + * Parameters: + * out bio to output dump data + * pkey buffer holding public key data + * indent the number of spaces for indent + * pctx context(not used) + * Returns 1 on success, 0 or negative on error, -2 means specified key + * algo is not supported. + * Can handle RSA, ECC, DSA and DH public keys. */ int wolfSSL_EVP_PKEY_print_public(WOLFSSL_BIO* out, const WOLFSSL_EVP_PKEY* pkey, int indent, ASN1_PCTX* pctx) @@ -7593,14 +7646,15 @@ int wolfSSL_EVP_PKEY_print_public(WOLFSSL_BIO* out, WOLFSSL_ENTER("wolfSSL_EVP_PKEY_print_public"); - if (pkey == NULL || out == NULL) + if (pkey == NULL || out == NULL) { return 0; - - if (indent < 0) + } + if (indent < 0) { indent = 0; - if (indent > EVP_PKEY_PRINT_INDENT_MAX) + } + if (indent > EVP_PKEY_PRINT_INDENT_MAX) { indent = EVP_PKEY_PRINT_INDENT_MAX; - + } switch (pkey->type) { case EVP_PKEY_RSA: From ed5cb0a1bdb1f2257f6241026fbcfd5600b03b71 Mon Sep 17 00:00:00 2001 From: TakayukiMatsuo Date: Fri, 11 Jun 2021 21:08:27 +0900 Subject: [PATCH 26/29] Modified along the revire comments --- src/ssl.c | 81 ++++++++++++++++++++++----------- tests/api.c | 102 ++++++++++++++++++++---------------------- wolfssl/internal.h | 9 ++++ wolfssl/openssl/evp.h | 2 +- 4 files changed, 114 insertions(+), 80 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 55ffc0b6dd..366472e001 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -8073,13 +8073,16 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** out, DhKey dh; word32 keyIdx = 0; DhKey* key = NULL; - + int ret; + Element_Set elements; /* test if DH-public key */ if (wc_InitDhKey(&dh) != 0) return NULL; - if (wc_DhPublicKeyDecode(mem, &keyIdx, &dh, (word32)memSz) == 0) { - wc_FreeDhKey(&dh); + ret = wc_DhPublicKeyDecode(mem, &keyIdx, &dh, (word32)memSz); + wc_FreeDhKey(&dh); + + if (ret == 0) { pkey = wolfSSL_EVP_PKEY_new(); if (pkey != NULL) { pkey->type = EVP_PKEY_DH; @@ -8106,6 +8109,12 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** out, keyIdx = 0; if (wc_DhPublicKeyDecode(mem, &keyIdx, key, (word32)memSz) == 0) { + elements = ELEMENT_P | ELEMENT_G | ELEMENT_Q | ELEMENT_PUB; + if( SetDhExternal_ex(pkey->dh, elements) + == WOLFSSL_SUCCESS ){ + return pkey; + } + /* if (SetIndividualExternal(&(pkey->dh->p), &key->p) == WOLFSSL_SUCCESS && SetIndividualExternal(&(pkey->dh->g), &key->g) @@ -8115,17 +8124,14 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** out, SetIndividualExternal(&(pkey->dh->pub_key), &key->pub) == WOLFSSL_SUCCESS) { return pkey; - } + } */ } else { wolfSSL_EVP_PKEY_free(pkey); return NULL; } } - wolfSSL_EVP_PKEY_free(pkey); } - else - wc_FreeDhKey(&dh); } #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ #endif /* !NO_DH && OPENSSL_EXTRA && WOLFSSL_DH_EXTRA */ @@ -33354,7 +33360,7 @@ int SetDhInternal(WOLFSSL_DH* dh) } #if !defined(NO_DH) && (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) \ - || defined(WOLFSSL_OPENSSH)) + || defined(WOLFSSL_OPENSSH)) || defined(OPENSSL_EXTRA) #ifdef WOLFSSL_DH_EXTRA WOLFSSL_DH* wolfSSL_DH_dup(WOLFSSL_DH* dh) @@ -33398,10 +33404,10 @@ WOLFSSL_DH* wolfSSL_DH_dup(WOLFSSL_DH* dh) /* Set the members of DhKey into WOLFSSL_DH * DhKey was populated from wc_DhKeyDecode */ -int SetDhExternal(WOLFSSL_DH *dh) +int SetDhExternal_ex(WOLFSSL_DH *dh, Element_Set elm) { DhKey *key; - WOLFSSL_MSG("Entering SetDhExternal"); + WOLFSSL_MSG("Entering SetDhExternal_ex"); if (dh == NULL || dh->internal == NULL) { WOLFSSL_MSG("dh key NULL error"); @@ -33410,25 +33416,36 @@ int SetDhExternal(WOLFSSL_DH *dh) key = (DhKey*)dh->internal; - if (SetIndividualExternal(&dh->p, &key->p) != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("dh param p error"); - return WOLFSSL_FATAL_ERROR; + if( elm & ELEMENT_P) { + if (SetIndividualExternal(&dh->p, &key->p) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("dh param p error"); + return WOLFSSL_FATAL_ERROR; + } } - - if (SetIndividualExternal(&dh->g, &key->g) != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("dh param g error"); - return WOLFSSL_FATAL_ERROR; + if( elm & ELEMENT_Q) { + if (SetIndividualExternal(&dh->q, &key->q) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("dh param q error"); + return WOLFSSL_FATAL_ERROR; + } + } + if( elm & ELEMENT_G) { + if (SetIndividualExternal(&dh->g, &key->g) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("dh param g error"); + return WOLFSSL_FATAL_ERROR; + } } - #ifdef WOLFSSL_DH_EXTRA - if (SetIndividualExternal(&dh->priv_key, &key->priv) != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("No DH Private Key"); - return WOLFSSL_FATAL_ERROR; + if( elm & ELEMENT_PRV) { + if (SetIndividualExternal(&dh->priv_key, &key->priv) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("No DH Private Key"); + return WOLFSSL_FATAL_ERROR; + } } - - if (SetIndividualExternal(&dh->pub_key, &key->pub) != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("No DH Public Key"); - return WOLFSSL_FATAL_ERROR; + if( elm & ELEMENT_PUB) { + if (SetIndividualExternal(&dh->pub_key, &key->pub) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("No DH Public Key"); + return WOLFSSL_FATAL_ERROR; + } } #endif /* WOLFSSL_DH_EXTRA */ @@ -33436,6 +33453,20 @@ int SetDhExternal(WOLFSSL_DH *dh) return WOLFSSL_SUCCESS; } +/* Set the members of DhKey into WOLFSSL_DH + * DhKey was populated from wc_DhKeyDecode + */ +int SetDhExternal(WOLFSSL_DH *dh) +{ + Element_Set elements = ELEMENT_P | ELEMENT_G; + WOLFSSL_MSG("Entering SetDhExternal"); + +#ifdef WOLFSSL_DH_EXTRA + elements |= ( ELEMENT_PUB | ELEMENT_PRV ); +#endif /* WOLFSSL_DH_EXTRA */ + + return SetDhExternal_ex(dh, elements); +} #endif /* !NO_DH && (WOLFSSL_QT || OPENSSL_ALL) */ /* return code compliant with OpenSSL : diff --git a/tests/api.c b/tests/api.c index 2f4e7eb4de..bcfd0f171f 100644 --- a/tests/api.c +++ b/tests/api.c @@ -2604,8 +2604,10 @@ static void test_wolfSSL_EVP_PKEY_print_public(void) WOLFSSL_BIO* wbio = NULL; WOLFSSL_EVP_PKEY* pkey = NULL; char line[256] = { 0 }; + char line1[256] = { 0 }; int i; + (void)line1; printf(testingFmt, "EVP_PKEY_print_public()"); /* test error cases */ AssertIntEQ( EVP_PKEY_print_public(NULL,NULL,0,NULL),0L); @@ -2629,19 +2631,16 @@ static void test_wolfSSL_EVP_PKEY_print_public(void) AssertIntEQ(EVP_PKEY_print_public(wbio, pkey,3,NULL),1); BIO_gets(wbio, line, sizeof(line)); - AssertIntEQ(XSTRNCMP( line, " RSA Public-Key: (1024 bit)\n", - sizeof(" RSA Public-Key: (1024 bit)\n")),0); - + strcpy(line1, " RSA Public-Key: (1024 bit)\n"); + AssertIntEQ(XSTRNCMP( line, line1, strlen(line1)), 0); BIO_gets(wbio, line, sizeof(line)); - AssertIntEQ(XSTRNCMP( line, " Modulus:\n", - sizeof(" Modulus:\n")),0); - + strcpy(line1, " Modulus:\n"); + AssertIntEQ(XSTRNCMP( line, line1, strlen(line1)), 0); BIO_gets(wbio, line, sizeof(line)); - AssertIntEQ(XSTRNCMP( line, - " 00:BC:73:0E:A8:49:F3:74:A2:A9:EF:18:A5:DA:55:\n", - sizeof(" 00:BC:73:0E:A8:49:F3:74:A2:A9:EF:18:A5:DA:55:\n")),0); + strcpy(line1, " 00:BC:73:0E:A8:49:F3:74:A2:A9:EF:18:A5:DA:55:\n"); + AssertIntEQ(XSTRNCMP( line, line1, strlen(line1)), 0); /* skip to the end of modulus element*/ @@ -2650,8 +2649,8 @@ static void test_wolfSSL_EVP_PKEY_print_public(void) } BIO_gets(wbio, line, sizeof(line)); - AssertIntEQ(XSTRNCMP( line, " Exponent: 65537 (0x010001)\n", - sizeof(" Exponent: 65537 (0x010001)\n")),0); + strcpy(line1, " Exponent: 65537 (0x010001)\n"); + AssertIntEQ(XSTRNCMP( line, line1, strlen(line1)), 0); /* should reach EOF */ @@ -2683,17 +2682,17 @@ static void test_wolfSSL_EVP_PKEY_print_public(void) AssertIntEQ(EVP_PKEY_print_public(wbio, pkey,0,NULL),1); BIO_gets(wbio, line, sizeof(line)); - AssertIntEQ(XSTRNCMP( line, "DSA Public-Key: (2048 bit)\n", - sizeof("DSA Public-Key: (2048 bit)\n")),0); + strcpy(line1, "DSA Public-Key: (2048 bit)\n"); + AssertIntEQ(XSTRNCMP( line, line1, strlen(line1)), 0); BIO_gets(wbio, line, sizeof(line)); - AssertIntEQ(XSTRNCMP( line, "pub:\n", - sizeof("pub:\n")),0); + strcpy(line1, "pub:\n"); + AssertIntEQ(XSTRNCMP( line, line1, strlen(line1)), 0); BIO_gets(wbio, line, sizeof(line)); - AssertIntEQ(XSTRNCMP( line, - " 00:C2:35:2D:EC:83:83:6C:73:13:9E:52:7C:74:C8:\n", - sizeof(" 00:C2:35:2D:EC:83:83:6C:73:13:9E:52:7C:74:C8:\n")),0); + strcpy(line1, + " 00:C2:35:2D:EC:83:83:6C:73:13:9E:52:7C:74:C8:\n"); + AssertIntEQ(XSTRNCMP( line, line1, strlen(line1)), 0); /* skip to the end of pub element*/ for( i = 0; i < 17 ;i++) { @@ -2701,9 +2700,8 @@ static void test_wolfSSL_EVP_PKEY_print_public(void) } BIO_gets(wbio, line, sizeof(line)); - AssertIntEQ(XSTRNCMP( line, - "P:\n", - sizeof("P:\n")),0); + strcpy(line1, "P:\n"); + AssertIntEQ(XSTRNCMP( line, line1, strlen(line1)), 0); /* skip to the end of P element*/ for( i = 0; i < 18 ;i++) { @@ -2711,18 +2709,16 @@ static void test_wolfSSL_EVP_PKEY_print_public(void) } BIO_gets(wbio, line, sizeof(line)); - AssertIntEQ(XSTRNCMP( line, - "Q:\n", - sizeof("Q:\n")),0); + strcpy(line1, "Q:\n"); + AssertIntEQ(XSTRNCMP( line, line1, strlen(line1)), 0); /* skip to the end of Q element*/ for( i = 0; i < 3 ;i++) { BIO_gets(wbio, line, sizeof(line)); } BIO_gets(wbio, line, sizeof(line)); - AssertIntEQ(XSTRNCMP( line, - "G:\n", - sizeof("G:\n")),0); + strcpy(line1, "G:\n"); + AssertIntEQ(XSTRNCMP( line, line1, strlen(line1)), 0); /* skip to the end of G element*/ for( i = 0; i < 18 ;i++) { @@ -2758,17 +2754,17 @@ static void test_wolfSSL_EVP_PKEY_print_public(void) AssertIntEQ(EVP_PKEY_print_public(wbio, pkey,0,NULL),1); BIO_gets(wbio, line, sizeof(line)); - AssertIntEQ(XSTRNCMP( line, "Public-Key: (256 bit)\n", - sizeof("Public-Key: (256 bit)\n")),0); + strcpy(line1, "Public-Key: (256 bit)\n"); + AssertIntEQ(XSTRNCMP( line, line1, strlen(line1)), 0); BIO_gets(wbio, line, sizeof(line)); - AssertIntEQ(XSTRNCMP( line, "pub:\n", - sizeof("pub:\n")),0); + strcpy(line1, "pub:\n"); + AssertIntEQ(XSTRNCMP( line, line1, strlen(line1)), 0); BIO_gets(wbio, line, sizeof(line)); - AssertIntEQ(XSTRNCMP( line, - " 04:55:BF:F4:0F:44:50:9A:3D:CE:9B:B7:F0:C5:4D:\n", - sizeof(" 04:55:BF:F4:0F:44:50:9A:3D:CE:9B:B7:F0:C5:4D:\n")),0); + strcpy(line1, + " 04:55:BF:F4:0F:44:50:9A:3D:CE:9B:B7:F0:C5:4D:\n"); + AssertIntEQ(XSTRNCMP( line, line1, strlen(line1)), 0); /* skip to the end of pub element*/ for( i = 0; i < 4 ;i++) { @@ -2776,12 +2772,12 @@ static void test_wolfSSL_EVP_PKEY_print_public(void) } BIO_gets(wbio, line, sizeof(line)); - AssertIntEQ(XSTRNCMP( line, "ASN1 OID: prime256v1\n", - sizeof("ASN1 OID: prime256v1\n")),0); + strcpy(line1, "ASN1 OID: prime256v1\n"); + AssertIntEQ(XSTRNCMP( line, line1, strlen(line1)), 0); BIO_gets(wbio, line, sizeof(line)); - AssertIntEQ(XSTRNCMP( line, "NIST CURVE: P-256\n", - sizeof("NIST CURVE: P-256")),0); + strcpy(line1, "NIST CURVE: P-256\n"); + AssertIntEQ(XSTRNCMP( line, line1, strlen(line1)), 0); /* should reach EOF */ @@ -2814,17 +2810,17 @@ static void test_wolfSSL_EVP_PKEY_print_public(void) AssertIntEQ(EVP_PKEY_print_public(wbio, pkey,0,NULL),1); BIO_gets(wbio, line, sizeof(line)); - AssertIntEQ(XSTRNCMP( line, "DH Public-Key: (2048 bit)\n", - sizeof("DH Public-Key: (2048 bit)\n")),0); + strcpy(line1, "DH Public-Key: (2048 bit)\n"); + AssertIntEQ(XSTRNCMP( line, line1, strlen(line1)), 0); BIO_gets(wbio, line, sizeof(line)); - AssertIntEQ(XSTRNCMP( line, "public-key:\n", - sizeof("public-key:\n")),0); + strcpy(line1, "public-key:\n"); + AssertIntEQ(XSTRNCMP( line, line1, strlen(line1)), 0); BIO_gets(wbio, line, sizeof(line)); - AssertIntEQ(XSTRNCMP( line, - " 34:41:BF:E9:F2:11:BF:05:DB:B2:72:A8:29:CC:BD:\n", - sizeof(" 34:41:BF:E9:F2:11:BF:05:DB:B2:72:A8:29:CC:BD:\n")),0); + strcpy(line1, + " 34:41:BF:E9:F2:11:BF:05:DB:B2:72:A8:29:CC:BD:\n"); + AssertIntEQ(XSTRNCMP( line, line1, strlen(line1)), 0); /* skip to the end of public-key element*/ for( i = 0; i < 17 ;i++) { @@ -2832,14 +2828,13 @@ static void test_wolfSSL_EVP_PKEY_print_public(void) } BIO_gets(wbio, line, sizeof(line)); - AssertIntEQ(XSTRNCMP( line, - "prime:\n", - sizeof("prime:\n")),0); + strcpy(line1, "prime:\n"); + AssertIntEQ(XSTRNCMP( line, line1, strlen(line1)), 0); BIO_gets(wbio, line, sizeof(line)); - AssertIntEQ(XSTRNCMP( line, - " 00:D3:B2:99:84:5C:0A:4C:E7:37:CC:FC:18:37:01:\n", - sizeof(" 00:D3:B2:99:84:5C:0A:4C:E7:37:CC:FC:18:37:01:\n")),0); + strcpy(line1, + " 00:D3:B2:99:84:5C:0A:4C:E7:37:CC:FC:18:37:01:\n"); + AssertIntEQ(XSTRNCMP( line, line1, strlen(line1)), 0); /* skip to the end of prime element*/ for( i = 0; i < 17 ;i++) { @@ -2847,9 +2842,8 @@ static void test_wolfSSL_EVP_PKEY_print_public(void) } BIO_gets(wbio, line, sizeof(line)); - AssertIntEQ(XSTRNCMP( line, - "generator: 2 (0x02)\n", - sizeof("generator: 2 (0x02)\n")),0); + strcpy(line1, "generator: 2 (0x02)\n"); + AssertIntEQ(XSTRNCMP( line, line1, strlen(line1)), 0); /* should reach EOF */ AssertIntLE(BIO_gets(wbio, line, sizeof(line)) ,0); diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 9b38706499..4af4ac5724 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -4819,6 +4819,15 @@ WOLFSSL_LOCAL int SetDsaExternal(WOLFSSL_DSA* dsa); WOLFSSL_LOCAL int SetRsaExternal(WOLFSSL_RSA* rsa); WOLFSSL_LOCAL int SetRsaInternal(WOLFSSL_RSA* rsa); #endif + +typedef enum elem_set { + ELEMENT_P = 0x01, + ELEMENT_Q = 0x02, + ELEMENT_G = 0x04, + ELEMENT_PUB = 0x08, + ELEMENT_PRV = 0x0A, +} Element_Set; +WOLFSSL_LOCAL int SetDhExternal_ex(WOLFSSL_DH *dh, Element_Set elm ); WOLFSSL_LOCAL int SetDhInternal(WOLFSSL_DH* dh); WOLFSSL_LOCAL int SetDhExternal(WOLFSSL_DH *dh); diff --git a/wolfssl/openssl/evp.h b/wolfssl/openssl/evp.h index ecee6b6a7c..1376de1683 100644 --- a/wolfssl/openssl/evp.h +++ b/wolfssl/openssl/evp.h @@ -376,7 +376,7 @@ struct WOLFSSL_EVP_PKEY_CTX { typedef struct WOLFSSL_ASN1_PCTX { int dummy; -}WOLFSSL_ASN1_PCTX; +} WOLFSSL_ASN1_PCTX; typedef int WOLFSSL_ENGINE ; typedef WOLFSSL_ENGINE ENGINE; From 50526cfe67130a6ffaefffbfd33dcea84d156db3 Mon Sep 17 00:00:00 2001 From: TakayukiMatsuo Date: Mon, 14 Jun 2021 03:26:00 +0900 Subject: [PATCH 27/29] Changed some logics for simplicity --- src/ssl.c | 23 ++--- wolfcrypt/src/evp.c | 243 ++++++++++++++++++-------------------------- wolfssl/internal.h | 2 +- 3 files changed, 111 insertions(+), 157 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 366472e001..79f8d29f5c 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -33402,7 +33402,7 @@ WOLFSSL_DH* wolfSSL_DH_dup(WOLFSSL_DH* dh) #endif /* WOLFSSL_DH_EXTRA */ /* Set the members of DhKey into WOLFSSL_DH - * DhKey was populated from wc_DhKeyDecode + * Specify elements to set via the 2nd parmeter */ int SetDhExternal_ex(WOLFSSL_DH *dh, Element_Set elm) { @@ -33416,32 +33416,33 @@ int SetDhExternal_ex(WOLFSSL_DH *dh, Element_Set elm) key = (DhKey*)dh->internal; - if( elm & ELEMENT_P) { + if (elm & ELEMENT_P) { if (SetIndividualExternal(&dh->p, &key->p) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("dh param p error"); return WOLFSSL_FATAL_ERROR; } } - if( elm & ELEMENT_Q) { + if (elm & ELEMENT_Q) { if (SetIndividualExternal(&dh->q, &key->q) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("dh param q error"); return WOLFSSL_FATAL_ERROR; } } - if( elm & ELEMENT_G) { + if (elm & ELEMENT_G) { if (SetIndividualExternal(&dh->g, &key->g) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("dh param g error"); return WOLFSSL_FATAL_ERROR; } } #ifdef WOLFSSL_DH_EXTRA - if( elm & ELEMENT_PRV) { - if (SetIndividualExternal(&dh->priv_key, &key->priv) != WOLFSSL_SUCCESS) { + if (elm & ELEMENT_PRV) { + if (SetIndividualExternal(&dh->priv_key, &key->priv) != + WOLFSSL_SUCCESS) { WOLFSSL_MSG("No DH Private Key"); return WOLFSSL_FATAL_ERROR; } } - if( elm & ELEMENT_PUB) { + if (elm & ELEMENT_PUB) { if (SetIndividualExternal(&dh->pub_key, &key->pub) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("No DH Public Key"); return WOLFSSL_FATAL_ERROR; @@ -33455,16 +33456,12 @@ int SetDhExternal_ex(WOLFSSL_DH *dh, Element_Set elm) } /* Set the members of DhKey into WOLFSSL_DH * DhKey was populated from wc_DhKeyDecode + * p, g, pub_key and pri_key are set. */ int SetDhExternal(WOLFSSL_DH *dh) { - Element_Set elements = ELEMENT_P | ELEMENT_G; + Element_Set elements = ELEMENT_P | ELEMENT_G | ELEMENT_PUB | ELEMENT_PRV; WOLFSSL_MSG("Entering SetDhExternal"); - -#ifdef WOLFSSL_DH_EXTRA - elements |= ( ELEMENT_PUB | ELEMENT_PRV ); -#endif /* WOLFSSL_DH_EXTRA */ - return SetDhExternal_ex(dh, elements); } #endif /* !NO_DH && (WOLFSSL_QT || OPENSSL_ALL) */ diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 21d1f37803..2b3d01cc8e 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -7154,28 +7154,24 @@ void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY* key) * EVP_PKEY_PRINT_INDENT_MAX. * returns the amount written to BIO. */ -static int Indent(WOLFSSL_BIO* out, int indents ) +static int Indent(WOLFSSL_BIO* out, int indents) { int i; char space = ' '; - - if (indents < 0) { - indents = 0; - } - else if (indents > EVP_PKEY_PRINT_INDENT_MAX) { - indents = EVP_PKEY_PRINT_INDENT_MAX; - } if (out == NULL) { return 0; } - for (i = indents; i; i--) { + if (indents > EVP_PKEY_PRINT_INDENT_MAX) { + indents = EVP_PKEY_PRINT_INDENT_MAX; + } + for (i = 0; i < indents; i++) { if (wolfSSL_BIO_write(out, &space, 1) < 0) { break; } } return indents -i; } -/* DumpElement dump byte-data specified by "input" to the "out". +/* PrintHexWithColon dump byte-data specified by "input" to the "out". * Each line has leading white spaces( "indent" gives the number ) plus * four spaces, then hex coded 15 byte data with separator ":" follow. * Each line looks like: @@ -7187,7 +7183,7 @@ static int Indent(WOLFSSL_BIO* out, int indents ) * indent the number of spaces for indent * Returns 1 on success, 0 on failure. */ -static int DumpElement(WOLFSSL_BIO* out, const byte* input, +static int PrintHexWithColon(WOLFSSL_BIO* out, const byte* input, int inlen, int indent) { #ifdef WOLFSSL_SMALL_STACK @@ -7199,11 +7195,7 @@ static int DumpElement(WOLFSSL_BIO* out, const byte* input, word32 in = 0; word32 i; int idx; - int wsz = 0; - word32 line; - word32 len; - word32 left; - const byte* point; + const byte* data; word32 outSz; byte outHex[3]; @@ -7218,10 +7210,7 @@ static int DumpElement(WOLFSSL_BIO* out, const byte* input, indent = EVP_PKEY_PRINT_INDENT_MAX; } - point = input; - len = inlen; - line = len / 15; - left = len % 15; + data = input; #ifdef WOLFSSL_SMALL_STACK buff = (byte*)XMALLOC(EVP_PKEY_PRINT_LINE_WIDTH_MAX, NULL, @@ -7232,26 +7221,26 @@ static int DumpElement(WOLFSSL_BIO* out, const byte* input, #endif /* print pub element */ + idx = 0; - while (line && ret == WOLFSSL_SUCCESS) { - idx = 0; + for (in = 0; in < (word32)inlen && ret == WOLFSSL_SUCCESS; in += 15 ) { Indent(out, indent); - - for (i = 0; i < 15 && ret == WOLFSSL_SUCCESS; i++) { - outSz = sizeof(outHex); + for (i = 0; i < 15 && in + i < (word32)inlen; i++) { + if (ret == WOLFSSL_SUCCESS) { - ret = Base16_Encode((const byte*)&point[in++], 1, outHex, - &outSz) == 0; + ret = Base16_Encode((const byte*)&data[in + i], 1, + outHex, &outSz) == 0; } - if (ret == WOLFSSL_SUCCESS && - idx + 3 < EVP_PKEY_PRINT_LINE_WIDTH_MAX) { + if (ret == WOLFSSL_SUCCESS) { XMEMCPY(buff + idx, outHex, 2); idx += 2; - XMEMSET(buff + idx, ':', 1); - idx += 1; + + if (in + i != (word32)inlen -1) { + XMEMSET(buff + idx, ':', 1); + idx += 1; + } } } - if (ret == WOLFSSL_SUCCESS) { ret = wolfSSL_BIO_write(out, buff, idx) > 0; } @@ -7260,37 +7249,9 @@ static int DumpElement(WOLFSSL_BIO* out, const byte* input, } if (ret == WOLFSSL_SUCCESS) { XMEMSET(buff, 0, EVP_PKEY_PRINT_LINE_WIDTH_MAX); - line--; + idx = 0; } } - idx = 0; - Indent(out, indent); - - for (i = 0; i < left && ret == WOLFSSL_SUCCESS; i++) { - outSz = sizeof(outHex); - if (ret == WOLFSSL_SUCCESS) { - ret = Base16_Encode((const byte*)&point[in++], 1, outHex, &outSz) - == 0; - } - if (ret == WOLFSSL_SUCCESS) { - XMEMCPY(buff + idx, outHex, 2); - idx += 2; - - if (i != left - 1) { - wsz = 1; - if (idx + wsz <= EVP_PKEY_PRINT_LINE_WIDTH_MAX) { - XMEMSET(buff + idx, ':', wsz); - idx += wsz; - } - } - } - } - if (ret == WOLFSSL_SUCCESS) { - ret = wolfSSL_BIO_write(out, buff, idx) > 0; - } - if (ret == WOLFSSL_SUCCESS) { - ret = wolfSSL_BIO_write(out, "\n", 1) > 0; - } #ifdef WOLFSSL_SMALL_STACK XFREE(buff, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif @@ -7320,10 +7281,9 @@ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, int idx; int wsz; word32 i; - word32 exponent = 0; - word32 outSz; - byte outHex[3]; + unsigned long exponent = 0; mp_int a; + char line[32] = { 0 }; (void)pctx; @@ -7346,8 +7306,8 @@ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, idx = 0; XMEMSET(buff, 0, sizeof(buff)); Indent(out, indent); - if (wolfSSL_BIO_write(out, "RSA Public-Key: (", - (int)XSTRLEN("RSA Public-Key: (")) <= 0) { + XSTRNCPY(line, "RSA Public-Key: (", sizeof(line)); + if (wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) <= 0) { return WOLFSSL_FAILURE; } if (mp_set_int(&a, bitlen) != 0) { @@ -7361,32 +7321,30 @@ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, if (wolfSSL_BIO_write(out, buff + idx, wsz) <= 0) { return WOLFSSL_FAILURE; } - if (wolfSSL_BIO_write(out, " bit)\n", (int)XSTRLEN(" bit)\n")) <= 0) { + XSTRNCPY(line, " bit)\n", sizeof(line)); + if (wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) <= 0) { return WOLFSSL_FAILURE; } /* print Modulus */ Indent(out, indent); - if (wolfSSL_BIO_write(out, "Modulus:\n", - (int)XSTRLEN("Modulus:\n")) <= 0) { + XSTRNCPY(line, "Modulus:\n", sizeof(line)); + if (wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) <= 0) { return WOLFSSL_FAILURE; } - /* print modulus with lenading zero if exists */ + /* print modulus with leading zero if exists */ if (*n & 0x80 && *(n-1) == 0) { - if (DumpElement(out, n - 1, nSz + 1, indent + 4) != WOLFSSL_SUCCESS) { - return WOLFSSL_FAILURE; - } + n--; + nSz++; } - else { - if (DumpElement(out, n, nSz, indent + 4) != WOLFSSL_SUCCESS) { - return WOLFSSL_FAILURE; - } + if (PrintHexWithColon(out, n, nSz, indent + 4) != WOLFSSL_SUCCESS) { + return WOLFSSL_FAILURE; } /* print public Exponent */ idx = 0; Indent(out, indent); - if (wolfSSL_BIO_write(out, "Exponent: ", - (int)XSTRLEN("Exponent: ")) <= 0) { + XSTRNCPY(line, "Exponent: ", sizeof(line)); + if (wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) <= 0) { return WOLFSSL_FAILURE; } for (i = 0; i < eSz; i++) { @@ -7406,26 +7364,20 @@ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, if (wolfSSL_BIO_write(out, buff + idx, wsz) <= 0) { return WOLFSSL_FAILURE; } - if (wolfSSL_BIO_write(out, " (0x", (int)XSTRLEN(" (0x")) <= 0) { + XSTRNCPY(line, " (0x", sizeof(line)); + if (wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) <= 0) { return WOLFSSL_FAILURE; } idx = 0; XMEMSET(buff, 0, sizeof(buff)); - for (i = 0; i < eSz; i++) { - outSz = sizeof(outHex); - if (Base16_Encode((const byte*)&e[i], 1, outHex, &outSz ) != 0) { - return WOLFSSL_FAILURE; - } - if ((unsigned int)idx + 2 <= sizeof(buff)) { - XMEMCPY(buff + idx, outHex, 2); - idx += 2; - } - } - - if (wolfSSL_BIO_write(out, buff, idx) <= 0) { + if (mp_tohex(&a, (char*)buff) != 0) { return WOLFSSL_FAILURE; } - if (wolfSSL_BIO_write(out, ")\n", (int)XSTRLEN(")\n")) <= 0) { + if (wolfSSL_BIO_write(out, buff, (int)XSTRLEN((const char*)buff)) <= 0) { + return WOLFSSL_FAILURE; + } + XSTRNCPY(line, ")\n", sizeof(line)); + if (wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) <= 0) { return WOLFSSL_FAILURE; } return WOLFSSL_SUCCESS; @@ -7455,15 +7407,14 @@ static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, int curveId = 0; const byte* curveOID = NULL; word32 oidSz = 0; - char* OIDName = NULL; + const char* OIDName = NULL; const char* nistCurveName = NULL; int nid; - WOLFSSL_ObjectInfo* oi = NULL; - word32 i; int idx = 0; int wsz = 0; mp_int a; ecc_key key; + char line[32] = { 0 }; (void)pctx; if( mp_init(&a) != 0) { @@ -7491,17 +7442,10 @@ static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, if (res == WOLFSSL_SUCCESS) { nid = EccEnumToNID(curveId); if (nid != -1) { - /* look up object name from object info table */ - oi = (WOLFSSL_ObjectInfo*)wolfssl_object_info; - OIDName = NULL; - for (i = 0; i < wolfssl_object_info_sz; i++) { - if ((oi + i)->type == oidCurveType && (oi + i)->nid == nid) { - OIDName = (char*)((oi + i)->sName); - break; - } - } + /* look up object name and nist curve name*/ + OIDName = wolfSSL_OBJ_nid2sn(nid); nistCurveName = wolfSSL_EC_curve_nid2nist(nid); - res = nistCurveName != NULL; + res = (nistCurveName != NULL) && (OIDName != NULL); } else { res = WOLFSSL_FAILURE; @@ -7522,8 +7466,8 @@ static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, res = Indent(out, indent) >= 0; } if (res == WOLFSSL_SUCCESS) { - res = wolfSSL_BIO_write(out, "Public-Key: (", - (int)XSTRLEN("Public-Key: (")) > 0; + XSTRNCPY(line, "Public-Key: (", sizeof(line)); + res = wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) > 0; } if (res == WOLFSSL_SUCCESS) { res = mp_set_int(&a, bitlen) == 0; @@ -7538,25 +7482,27 @@ static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, res = wolfSSL_BIO_write(out, buff + idx, wsz) >= 0; } if (res == WOLFSSL_SUCCESS) { - res = wolfSSL_BIO_write(out, " bit)\n", (int)XSTRLEN(" bit)\n")) > 0; + XSTRNCPY(line, " bit)\n", sizeof(line)); + res = wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) > 0; } if (res == WOLFSSL_SUCCESS) { res = Indent(out, indent) >= 0; } if (res == WOLFSSL_SUCCESS) { /* print pub element */ - res = wolfSSL_BIO_write(out, "pub:\n", (int)XSTRLEN("pub:\n")) > 0; + XSTRNCPY(line, "pub:\n", sizeof(line)); + res = wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) > 0; } if (res == WOLFSSL_SUCCESS) { - res = DumpElement(out, pub, pubSz, indent + 4); + res = PrintHexWithColon(out, pub, pubSz, indent + 4); } if (res == WOLFSSL_SUCCESS) { res = Indent(out, indent) >= 0; } if (res == WOLFSSL_SUCCESS) { /* print OID in name */ - res = wolfSSL_BIO_write(out, "ASN1 OID: ", - (int)XSTRLEN("ASN1 OID: ")) > 0; + XSTRNCPY(line, "ASN1 OID: ", sizeof(line)); + res = wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) > 0; } if (res == WOLFSSL_SUCCESS) { res = wolfSSL_BIO_write(out, OIDName, (int)XSTRLEN(OIDName)) > 0; @@ -7569,8 +7515,8 @@ static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, } if (res == WOLFSSL_SUCCESS) { /* print NIST curve name */ - res = wolfSSL_BIO_write(out, "NIST CURVE: ", - (int)XSTRLEN("NIST CURVE: ")) > 0; + XSTRNCPY(line, "NIST CURVE: ", sizeof(line)); + res = wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) > 0; } if (res == WOLFSSL_SUCCESS) { res = wolfSSL_BIO_write(out, nistCurveName, @@ -7616,6 +7562,7 @@ static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, int idx; int wsz; mp_int a; + char line[32] = { 0 }; if( mp_init(&a) != 0) return WOLFSSL_FAILURE; @@ -7719,8 +7666,8 @@ static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, idx = 0; XMEMSET(buff, 0, sizeof(buff)); Indent(out, indent); - if (wolfSSL_BIO_write(out, "DSA Public-Key: (", - (int)XSTRLEN("DSA Public-Key: (")) <= 0) { + XSTRNCPY(line, "DSA Public-Key: (", sizeof(line)); + if (wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) <= 0) { return WOLFSSL_FAILURE; } if (mp_set_int(&a, bitlen) != 0) { @@ -7733,39 +7680,44 @@ static int PrintPubKeyDSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, if (wolfSSL_BIO_write(out, buff + idx, wsz) <= 0) { return WOLFSSL_FAILURE; } - if (wolfSSL_BIO_write(out, " bit)\n", (int)XSTRLEN(" bit)\n")) <= 0) { + XSTRNCPY(line, " bit)\n", sizeof(line)); + if (wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) <= 0) { return WOLFSSL_FAILURE; } /* print pub element */ Indent(out, indent); - if (wolfSSL_BIO_write(out, "pub:\n", (int)XSTRLEN("pub:\n")) <= 0) { + XSTRNCPY(line, "pub:\n", sizeof(line)); + if (wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) <= 0) { return WOLFSSL_FAILURE; } - if (DumpElement(out, y, ySz, indent + 4) != WOLFSSL_SUCCESS) { + if (PrintHexWithColon(out, y, ySz, indent + 4) != WOLFSSL_SUCCESS) { return WOLFSSL_FAILURE; } /* print P element */ Indent(out, indent); - if (wolfSSL_BIO_write(out, "P:\n", (int)XSTRLEN("P:\n")) <= 0) { + XSTRNCPY(line, "P:\n", sizeof(line)); + if (wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) <= 0) { return WOLFSSL_FAILURE; } - if (DumpElement(out, p, pSz, indent + 4) != WOLFSSL_SUCCESS) { + if (PrintHexWithColon(out, p, pSz, indent + 4) != WOLFSSL_SUCCESS) { return WOLFSSL_FAILURE; } /* print Q element */ Indent(out, indent); - if (wolfSSL_BIO_write(out, "Q:\n", (int)XSTRLEN("Q:\n")) <= 0) { + XSTRNCPY(line, "Q:\n", sizeof(line)); + if (wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) <= 0) { return WOLFSSL_FAILURE; } - if (DumpElement(out, q, qSz, indent + 4) != WOLFSSL_SUCCESS) { + if (PrintHexWithColon(out, q, qSz, indent + 4) != WOLFSSL_SUCCESS) { return WOLFSSL_FAILURE; } /* print G element */ Indent(out, indent); - if (wolfSSL_BIO_write(out, "G:\n", (int)XSTRLEN("G:\n")) <= 0) { + XSTRNCPY(line, "G:\n", sizeof(line)); + if (wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) <= 0) { return WOLFSSL_FAILURE; } - if (DumpElement(out, g, gSz, indent + 4) != WOLFSSL_SUCCESS) { + if (PrintHexWithColon(out, g, gSz, indent + 4) != WOLFSSL_SUCCESS) { return WOLFSSL_FAILURE; } return WOLFSSL_SUCCESS; @@ -7803,6 +7755,7 @@ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, word32 outSz; byte outHex[3]; mp_int a; + char line[32] = { 0 }; if( mp_init(&a) != 0) return WOLFSSL_FAILURE; @@ -7893,8 +7846,8 @@ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, /* print elements */ idx = 0; Indent(out, indent); - if (wolfSSL_BIO_write(out, "DH Public-Key: (", - (int)XSTRLEN("DH Public-Key: (")) < 0) { + XSTRNCPY(line, "DH Public-Key: (", sizeof(line)); + if (wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) <= 0) { return WOLFSSL_FAILURE; } if (mp_set_int(&a, bitlen) != 0) { @@ -7907,30 +7860,32 @@ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, if (wolfSSL_BIO_write(out, buff + idx, wsz) <= 0) { return WOLFSSL_FAILURE; } - if (wolfSSL_BIO_write(out, " bit)\n", XSTRLEN(" bit)\n")) <= 0) { + XSTRNCPY(line, " bit)\n", sizeof(line)); + if (wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) <= 0) { return WOLFSSL_FAILURE; } Indent(out, indent); - if (wolfSSL_BIO_write(out, "public-key:\n", - (int)XSTRLEN("public-key:\n")) <= 0) { + XSTRNCPY(line, "public-key:\n", sizeof(line)); + if (wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) <= 0) { return WOLFSSL_FAILURE; } - if (DumpElement(out, publicKey, publicKeySz, indent + 4) + if (PrintHexWithColon(out, publicKey, publicKeySz, indent + 4) != WOLFSSL_SUCCESS) { return WOLFSSL_FAILURE; } Indent(out, indent); - if (wolfSSL_BIO_write(out, "prime:\n", (int)XSTRLEN("prime:\n")) <= 0) { + XSTRNCPY(line, "prime:\n", sizeof(line)); + if (wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) <= 0) { return WOLFSSL_FAILURE; } - if (DumpElement(out, prime, primeSz, indent + 4) != WOLFSSL_SUCCESS) { + if (PrintHexWithColon(out, prime, primeSz, indent + 4) != WOLFSSL_SUCCESS) { return WOLFSSL_FAILURE; } idx = 0; XMEMSET(buff, 0, sizeof(buff)); Indent(out, indent); - if (wolfSSL_BIO_write(out, "generator: ", - (int)XSTRLEN("generator: ")) <= 0) { + XSTRNCPY(line, "generator: ", sizeof(line)); + if (wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) <= 0) { return WOLFSSL_FAILURE; } if (mp_set_int(&a, generator) != 0) { @@ -7943,7 +7898,8 @@ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, if (wolfSSL_BIO_write(out, buff + idx, wsz) <= 0) { return WOLFSSL_FAILURE; } - if (wolfSSL_BIO_write(out, " (0x", (int)XSTRLEN(" (0x")) <= 0) { + XSTRNCPY(line, " (0x", sizeof(line)); + if (wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) <= 0) { return WOLFSSL_FAILURE; } idx = 0; @@ -7959,7 +7915,8 @@ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, if (wolfSSL_BIO_write(out, buff, idx) <= 0 ) { return WOLFSSL_FAILURE; } - if (wolfSSL_BIO_write(out, ")\n", (int)XSTRLEN(")\n")) <= 0) { + XSTRNCPY(line, ")\n", sizeof(line)); + if (wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) <= 0) { return WOLFSSL_FAILURE; } @@ -8010,7 +7967,7 @@ int wolfSSL_EVP_PKEY_print_public(WOLFSSL_BIO* out, keybits, /* bit length of the key */ pctx); /* not used */ #else - res = -2; /* not supported algo */ + res = WOLFSSL_UNKNOWN; /* not supported algo */ #endif break; @@ -8026,7 +7983,7 @@ int wolfSSL_EVP_PKEY_print_public(WOLFSSL_BIO* out, keybits, /* bit length of the key */ pctx); /* not used */ #else - res = -2; /* not supported algo */ + res = WOLFSSL_UNKNOWN; /* not supported algo */ #endif break; @@ -8042,7 +7999,7 @@ int wolfSSL_EVP_PKEY_print_public(WOLFSSL_BIO* out, keybits, /* bit length of the key */ pctx); /* not used */ #else - res = -2; /* not supported algo */ + res = WOLFSSL_UNKNOWN; /* not supported algo */ #endif break; @@ -8058,12 +8015,12 @@ int wolfSSL_EVP_PKEY_print_public(WOLFSSL_BIO* out, keybits, /* bit length of the key */ pctx); /* not used */ #else - res = -2; /* not supported algo */ + res = WOLFSSL_UNKNOWN; /* not supported algo */ #endif break; default: - res = -2; /* not supported algo */ + res = WOLFSSL_UNKNOWN; /* not supported algo */ break; } return res; diff --git a/wolfssl/internal.h b/wolfssl/internal.h index 4af4ac5724..f75851bd69 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -4825,7 +4825,7 @@ typedef enum elem_set { ELEMENT_Q = 0x02, ELEMENT_G = 0x04, ELEMENT_PUB = 0x08, - ELEMENT_PRV = 0x0A, + ELEMENT_PRV = 0x10, } Element_Set; WOLFSSL_LOCAL int SetDhExternal_ex(WOLFSSL_DH *dh, Element_Set elm ); WOLFSSL_LOCAL int SetDhInternal(WOLFSSL_DH* dh); From ebec2fbd25bc2aa210e9e319e6e571259b867739 Mon Sep 17 00:00:00 2001 From: TakayukiMatsuo Date: Mon, 14 Jun 2021 13:45:12 +0900 Subject: [PATCH 28/29] Fixed uninitialized parameter for Base16_Encode --- src/ssl.c | 4 ++-- tests/api.c | 2 +- wolfcrypt/src/evp.c | 6 +++--- wolfssl/internal.h | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 79f8d29f5c..7500f4a7ce 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -33404,7 +33404,7 @@ WOLFSSL_DH* wolfSSL_DH_dup(WOLFSSL_DH* dh) /* Set the members of DhKey into WOLFSSL_DH * Specify elements to set via the 2nd parmeter */ -int SetDhExternal_ex(WOLFSSL_DH *dh, Element_Set elm) +int SetDhExternal_ex(WOLFSSL_DH *dh, int elm) { DhKey *key; WOLFSSL_MSG("Entering SetDhExternal_ex"); @@ -33460,7 +33460,7 @@ int SetDhExternal_ex(WOLFSSL_DH *dh, Element_Set elm) */ int SetDhExternal(WOLFSSL_DH *dh) { - Element_Set elements = ELEMENT_P | ELEMENT_G | ELEMENT_PUB | ELEMENT_PRV; + int elements = ELEMENT_P | ELEMENT_G | ELEMENT_PUB | ELEMENT_PRV; WOLFSSL_MSG("Entering SetDhExternal"); return SetDhExternal_ex(dh, elements); } diff --git a/tests/api.c b/tests/api.c index bcfd0f171f..2317ba3010 100644 --- a/tests/api.c +++ b/tests/api.c @@ -2607,7 +2607,6 @@ static void test_wolfSSL_EVP_PKEY_print_public(void) char line1[256] = { 0 }; int i; - (void)line1; printf(testingFmt, "EVP_PKEY_print_public()"); /* test error cases */ AssertIntEQ( EVP_PKEY_print_public(NULL,NULL,0,NULL),0L); @@ -2862,6 +2861,7 @@ static void test_wolfSSL_EVP_PKEY_print_public(void) (void)wbio; (void)rbio; (void)line; + (void)line1; (void)i; printf(resultFmt, passed); #endif /* OPENSSL_EXTRA */ diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 2b3d01cc8e..f58bf3cf58 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -7225,9 +7225,10 @@ static int PrintHexWithColon(WOLFSSL_BIO* out, const byte* input, for (in = 0; in < (word32)inlen && ret == WOLFSSL_SUCCESS; in += 15 ) { Indent(out, indent); - for (i = 0; i < 15 && in + i < (word32)inlen; i++) { + for (i = 0; (i < 15) && (in + i < (word32)inlen); i++) { if (ret == WOLFSSL_SUCCESS) { + outSz = sizeof(outHex); ret = Base16_Encode((const byte*)&data[in + i], 1, outHex, &outSz) == 0; } @@ -7368,7 +7369,6 @@ static int PrintPubKeyRSA(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, if (wolfSSL_BIO_write(out, line, (int)XSTRLEN(line)) <= 0) { return WOLFSSL_FAILURE; } - idx = 0; XMEMSET(buff, 0, sizeof(buff)); if (mp_tohex(&a, (char*)buff) != 0) { return WOLFSSL_FAILURE; @@ -7530,7 +7530,7 @@ static int PrintPubKeyEC(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, XFREE(pub, NULL, DYNAMIC_TYPE_ECC_BUFFER); pub = NULL; } - + return res; } #endif /* HAVE_ECC */ diff --git a/wolfssl/internal.h b/wolfssl/internal.h index f75851bd69..6306c81e2e 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -4827,7 +4827,7 @@ typedef enum elem_set { ELEMENT_PUB = 0x08, ELEMENT_PRV = 0x10, } Element_Set; -WOLFSSL_LOCAL int SetDhExternal_ex(WOLFSSL_DH *dh, Element_Set elm ); +WOLFSSL_LOCAL int SetDhExternal_ex(WOLFSSL_DH *dh, int elm ); WOLFSSL_LOCAL int SetDhInternal(WOLFSSL_DH* dh); WOLFSSL_LOCAL int SetDhExternal(WOLFSSL_DH *dh); From c6680d08bab98b31a2bb9497e4568610b6faaa54 Mon Sep 17 00:00:00 2001 From: TakayukiMatsuo Date: Tue, 15 Jun 2021 11:16:38 +0900 Subject: [PATCH 29/29] Fix coding issues --- tests/api.c | 42 +++++++++++++++++++++--------------------- wolfcrypt/src/evp.c | 9 ++++++--- 2 files changed, 27 insertions(+), 24 deletions(-) diff --git a/tests/api.c b/tests/api.c index 2317ba3010..33fe920b85 100644 --- a/tests/api.c +++ b/tests/api.c @@ -2631,15 +2631,15 @@ static void test_wolfSSL_EVP_PKEY_print_public(void) BIO_gets(wbio, line, sizeof(line)); strcpy(line1, " RSA Public-Key: (1024 bit)\n"); - AssertIntEQ(XSTRNCMP( line, line1, strlen(line1)), 0); + AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); BIO_gets(wbio, line, sizeof(line)); strcpy(line1, " Modulus:\n"); - AssertIntEQ(XSTRNCMP( line, line1, strlen(line1)), 0); + AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); BIO_gets(wbio, line, sizeof(line)); strcpy(line1, " 00:BC:73:0E:A8:49:F3:74:A2:A9:EF:18:A5:DA:55:\n"); - AssertIntEQ(XSTRNCMP( line, line1, strlen(line1)), 0); + AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); /* skip to the end of modulus element*/ @@ -2649,7 +2649,7 @@ static void test_wolfSSL_EVP_PKEY_print_public(void) BIO_gets(wbio, line, sizeof(line)); strcpy(line1, " Exponent: 65537 (0x010001)\n"); - AssertIntEQ(XSTRNCMP( line, line1, strlen(line1)), 0); + AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); /* should reach EOF */ @@ -2682,16 +2682,16 @@ static void test_wolfSSL_EVP_PKEY_print_public(void) BIO_gets(wbio, line, sizeof(line)); strcpy(line1, "DSA Public-Key: (2048 bit)\n"); - AssertIntEQ(XSTRNCMP( line, line1, strlen(line1)), 0); + AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); BIO_gets(wbio, line, sizeof(line)); strcpy(line1, "pub:\n"); - AssertIntEQ(XSTRNCMP( line, line1, strlen(line1)), 0); + AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); BIO_gets(wbio, line, sizeof(line)); strcpy(line1, " 00:C2:35:2D:EC:83:83:6C:73:13:9E:52:7C:74:C8:\n"); - AssertIntEQ(XSTRNCMP( line, line1, strlen(line1)), 0); + AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); /* skip to the end of pub element*/ for( i = 0; i < 17 ;i++) { @@ -2700,7 +2700,7 @@ static void test_wolfSSL_EVP_PKEY_print_public(void) BIO_gets(wbio, line, sizeof(line)); strcpy(line1, "P:\n"); - AssertIntEQ(XSTRNCMP( line, line1, strlen(line1)), 0); + AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); /* skip to the end of P element*/ for( i = 0; i < 18 ;i++) { @@ -2709,7 +2709,7 @@ static void test_wolfSSL_EVP_PKEY_print_public(void) BIO_gets(wbio, line, sizeof(line)); strcpy(line1, "Q:\n"); - AssertIntEQ(XSTRNCMP( line, line1, strlen(line1)), 0); + AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); /* skip to the end of Q element*/ for( i = 0; i < 3 ;i++) { @@ -2717,7 +2717,7 @@ static void test_wolfSSL_EVP_PKEY_print_public(void) } BIO_gets(wbio, line, sizeof(line)); strcpy(line1, "G:\n"); - AssertIntEQ(XSTRNCMP( line, line1, strlen(line1)), 0); + AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); /* skip to the end of G element*/ for( i = 0; i < 18 ;i++) { @@ -2754,16 +2754,16 @@ static void test_wolfSSL_EVP_PKEY_print_public(void) BIO_gets(wbio, line, sizeof(line)); strcpy(line1, "Public-Key: (256 bit)\n"); - AssertIntEQ(XSTRNCMP( line, line1, strlen(line1)), 0); + AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); BIO_gets(wbio, line, sizeof(line)); strcpy(line1, "pub:\n"); - AssertIntEQ(XSTRNCMP( line, line1, strlen(line1)), 0); + AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); BIO_gets(wbio, line, sizeof(line)); strcpy(line1, " 04:55:BF:F4:0F:44:50:9A:3D:CE:9B:B7:F0:C5:4D:\n"); - AssertIntEQ(XSTRNCMP( line, line1, strlen(line1)), 0); + AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); /* skip to the end of pub element*/ for( i = 0; i < 4 ;i++) { @@ -2772,11 +2772,11 @@ static void test_wolfSSL_EVP_PKEY_print_public(void) BIO_gets(wbio, line, sizeof(line)); strcpy(line1, "ASN1 OID: prime256v1\n"); - AssertIntEQ(XSTRNCMP( line, line1, strlen(line1)), 0); + AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); BIO_gets(wbio, line, sizeof(line)); strcpy(line1, "NIST CURVE: P-256\n"); - AssertIntEQ(XSTRNCMP( line, line1, strlen(line1)), 0); + AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); /* should reach EOF */ @@ -2810,16 +2810,16 @@ static void test_wolfSSL_EVP_PKEY_print_public(void) BIO_gets(wbio, line, sizeof(line)); strcpy(line1, "DH Public-Key: (2048 bit)\n"); - AssertIntEQ(XSTRNCMP( line, line1, strlen(line1)), 0); + AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); BIO_gets(wbio, line, sizeof(line)); strcpy(line1, "public-key:\n"); - AssertIntEQ(XSTRNCMP( line, line1, strlen(line1)), 0); + AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); BIO_gets(wbio, line, sizeof(line)); strcpy(line1, " 34:41:BF:E9:F2:11:BF:05:DB:B2:72:A8:29:CC:BD:\n"); - AssertIntEQ(XSTRNCMP( line, line1, strlen(line1)), 0); + AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); /* skip to the end of public-key element*/ for( i = 0; i < 17 ;i++) { @@ -2828,12 +2828,12 @@ static void test_wolfSSL_EVP_PKEY_print_public(void) BIO_gets(wbio, line, sizeof(line)); strcpy(line1, "prime:\n"); - AssertIntEQ(XSTRNCMP( line, line1, strlen(line1)), 0); + AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); BIO_gets(wbio, line, sizeof(line)); strcpy(line1, " 00:D3:B2:99:84:5C:0A:4C:E7:37:CC:FC:18:37:01:\n"); - AssertIntEQ(XSTRNCMP( line, line1, strlen(line1)), 0); + AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); /* skip to the end of prime element*/ for( i = 0; i < 17 ;i++) { @@ -2842,7 +2842,7 @@ static void test_wolfSSL_EVP_PKEY_print_public(void) BIO_gets(wbio, line, sizeof(line)); strcpy(line1, "generator: 2 (0x02)\n"); - AssertIntEQ(XSTRNCMP( line, line1, strlen(line1)), 0); + AssertIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); /* should reach EOF */ AssertIntLE(BIO_gets(wbio, line, sizeof(line)) ,0); diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index f58bf3cf58..9338a24485 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -178,6 +178,7 @@ static const char EVP_NULL[] = "NULL"; #define EVP_NULL_SIZE 4 #define EVP_PKEY_PRINT_LINE_WIDTH_MAX 80 +#define EVP_PKEY_PRINT_DIGITS_PER_LINE 15 static unsigned int cipherType(const WOLFSSL_EVP_CIPHER *cipher); @@ -7223,9 +7224,11 @@ static int PrintHexWithColon(WOLFSSL_BIO* out, const byte* input, /* print pub element */ idx = 0; - for (in = 0; in < (word32)inlen && ret == WOLFSSL_SUCCESS; in += 15 ) { + for (in = 0; in < (word32)inlen && ret == WOLFSSL_SUCCESS; in += + EVP_PKEY_PRINT_DIGITS_PER_LINE ) { Indent(out, indent); - for (i = 0; (i < 15) && (in + i < (word32)inlen); i++) { + for (i = 0; (i < EVP_PKEY_PRINT_DIGITS_PER_LINE) && + (in + i < (word32)inlen); i++) { if (ret == WOLFSSL_SUCCESS) { outSz = sizeof(outHex); @@ -7940,7 +7943,7 @@ static int PrintPubKeyDH(WOLFSSL_BIO* out, const byte* pkey, int pkeySz, int wolfSSL_EVP_PKEY_print_public(WOLFSSL_BIO* out, const WOLFSSL_EVP_PKEY* pkey, int indent, ASN1_PCTX* pctx) { - int res = 1; + int res; int keybits; /* bit length of the key */ WOLFSSL_ENTER("wolfSSL_EVP_PKEY_print_public");