Merge pull request #8388 from julek-wolfssl/BN_CTX_get

Implement BN_CTX_get

.wolfssl_known_macro_extras

@@ -373,6 +373,7 @@ NO_WOLFSSL_AUTOSAR_CRYIF
 NO_WOLFSSL_AUTOSAR_CRYPTO
 NO_WOLFSSL_AUTOSAR_CSM
 NO_WOLFSSL_BASE64_DECODE
+NO_WOLFSSL_BN_CTX
 NO_WOLFSSL_MSG_EX
 NO_WOLFSSL_RENESAS_FSPSM_AES
 NO_WOLFSSL_RENESAS_FSPSM_HASH

src/ssl_bn.c

@@ -2362,65 +2362,77 @@ int wolfSSL_BN_print_fp(XFILE fp, const WOLFSSL_BIGNUM *bn)
 }
 #endif /* !NO_FILESYSTEM && XFPRINTF */
 
+#ifndef NO_WOLFSSL_BN_CTX
 /*******************************************************************************
  * BN_CTX APIs
  ******************************************************************************/
 
-/* Allocate and return a new BN context object.
+/* Create a new BN context object.
  *
- * BN context not needed for operations.
- *
- * @return  Pointer to dummy object.
+ * @return  BN context object on success.
+ * @return  NULL on failure.
  */
 WOLFSSL_BN_CTX* wolfSSL_BN_CTX_new(void)
 {
-    /* wolfcrypt doesn't need BN context. */
-    static int ctx;
+    WOLFSSL_BN_CTX* ctx = NULL;
+
     WOLFSSL_ENTER("wolfSSL_BN_CTX_new");
-    return (WOLFSSL_BN_CTX*)&ctx;
-}
+    ctx = (WOLFSSL_BN_CTX*)XMALLOC(sizeof(WOLFSSL_BN_CTX), NULL,
+            DYNAMIC_TYPE_OPENSSL);
+    if (ctx != NULL) {
+        XMEMSET(ctx, 0, sizeof(WOLFSSL_BN_CTX));
+    }
 
-/* Initialize a BN context object.
- *
- * BN context not needed for operations.
- *
- * @param [in] ctx  Dummy BN context.
- */
-void wolfSSL_BN_CTX_init(WOLFSSL_BN_CTX* ctx)
-{
-    (void)ctx;
-    WOLFSSL_ENTER("wolfSSL_BN_CTX_init");
+    return ctx;
 }
 
-
 /* Free a BN context object.
  *
- * BN context not needed for operations.
- *
- * @param [in] ctx  Dummy BN context.
+ * @param [in] ctx  BN context object.
  */
 void wolfSSL_BN_CTX_free(WOLFSSL_BN_CTX* ctx)
 {
-    (void)ctx;
     WOLFSSL_ENTER("wolfSSL_BN_CTX_free");
-    /* Don't do anything since using dummy, static BN context. */
+    if (ctx != NULL) {
+        while (ctx->list != NULL) {
+            struct WOLFSSL_BN_CTX_LIST* tmp = ctx->list;
+            ctx->list = ctx->list->next;
+            wolfSSL_BN_free(tmp->bn);
+            XFREE(tmp, NULL, DYNAMIC_TYPE_OPENSSL);
+        }
+        XFREE(ctx, NULL, DYNAMIC_TYPE_OPENSSL);
+    }
 }
 
-/* Get a big number based on the BN context.
+/* Get a big number from the BN context.
  *
- * @param [in] ctx  BN context. Not used.
+ * @param [in] ctx  BN context object.
  * @return  Big number on success.
  * @return  NULL on failure.
  */
 WOLFSSL_BIGNUM *wolfSSL_BN_CTX_get(WOLFSSL_BN_CTX *ctx)
 {
-    /* ctx is not used - returning a new big number. */
-    (void)ctx;
+    WOLFSSL_BIGNUM* bn = NULL;
 
     WOLFSSL_ENTER("wolfSSL_BN_CTX_get");
+    if (ctx != NULL) {
+        struct WOLFSSL_BN_CTX_LIST* node = (struct WOLFSSL_BN_CTX_LIST*)XMALLOC(
+                sizeof(struct WOLFSSL_BN_CTX_LIST), NULL, DYNAMIC_TYPE_OPENSSL);
+        if (node != NULL) {
+            XMEMSET(node, 0, sizeof(struct WOLFSSL_BN_CTX_LIST));
+            bn = node->bn = wolfSSL_BN_new();
+            if (node->bn != NULL) {
+                node->next = ctx->list;
+                ctx->list = node;
+            }
+            else {
+                XFREE(node, NULL, DYNAMIC_TYPE_OPENSSL);
+                node = NULL;
+            }
+        }
+    }
 
-    /* Return a new big number. */
-    return wolfSSL_BN_new();
+    return bn;
 }
 
 #ifndef NO_WOLFSSL_STUB
@@ -2440,6 +2452,8 @@ void wolfSSL_BN_CTX_start(WOLFSSL_BN_CTX *ctx)
 }
 #endif
 
+#endif /* NO_WOLFSSL_BN_CTX */
+
 /*******************************************************************************
  * BN_MONT_CTX APIs
  ******************************************************************************/

tests/api.c

@@ -59914,17 +59914,16 @@ static int test_wolfSSL_BN_CTX(void)
 #if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && \
     !defined(OPENSSL_EXTRA_NO_BN) && !defined(WOLFSSL_SP_MATH)
     WOLFSSL_BN_CTX* bn_ctx = NULL;
-    WOLFSSL_BIGNUM* t = NULL;
 
-    ExpectNotNull(bn_ctx = wolfSSL_BN_CTX_new());
+    ExpectNotNull(bn_ctx = BN_CTX_new());
 
-    /* No implementation. */
-    BN_CTX_init(NULL);
-
-    ExpectNotNull(t = BN_CTX_get(NULL));
-    BN_free(t);
-    ExpectNotNull(t = BN_CTX_get(bn_ctx));
-    BN_free(t);
+    ExpectNull(BN_CTX_get(NULL));
+    ExpectNotNull(BN_CTX_get(bn_ctx));
+    ExpectNotNull(BN_CTX_get(bn_ctx));
+    ExpectNotNull(BN_CTX_get(bn_ctx));
+    ExpectNotNull(BN_CTX_get(bn_ctx));
+    ExpectNotNull(BN_CTX_get(bn_ctx));
+    ExpectNotNull(BN_CTX_get(bn_ctx));
 
 #ifndef NO_WOLFSSL_STUB
     /* No implementation. */
@@ -75287,7 +75286,7 @@ static int test_wolfSSL_d2i_and_i2d_PublicKey_ecc(void)
     int derLen;
     unsigned char pub_buf[65];
     const int pub_len = 65;
-    BN_CTX* ctx;
+    BN_CTX* ctx = NULL;
     EC_GROUP* curve = NULL;
     EC_KEY* ephemeral_key = NULL;
     const EC_POINT* h = NULL;
@@ -75327,6 +75326,7 @@ static int test_wolfSSL_d2i_and_i2d_PublicKey_ecc(void)
     EVP_PKEY_free(pkey);
     EC_KEY_free(ephemeral_key);
     EC_GROUP_free(curve);
+    BN_CTX_free(ctx);
 #endif
     return EXPECT_RESULT();
 }

wolfcrypt/src/evp.c

@@ -3795,18 +3795,11 @@ int wolfSSL_EVP_PKEY_cmp(const WOLFSSL_EVP_PKEY *a, const WOLFSSL_EVP_PKEY *b)
 static int DH_param_check(WOLFSSL_DH* dh_key)
 {
     int ret = WOLFSSL_SUCCESS;
-    WOLFSSL_BN_CTX* ctx = NULL;
     WOLFSSL_BIGNUM *num1 = NULL;
     WOLFSSL_BIGNUM *num2 = NULL;
 
     WOLFSSL_ENTER("DH_param_check");
 
-    ctx = wolfSSL_BN_CTX_new();
-    if (ctx == NULL) {
-        WOLFSSL_MSG("failed to allocate memory");
-        return WOLFSSL_FAILURE;
-    }
-
     num1 = wolfSSL_BN_new();
     num2 = wolfSSL_BN_new();
     if (num1 == NULL || num2 == NULL) {
@@ -3840,7 +3833,7 @@ static int DH_param_check(WOLFSSL_DH* dh_key)
         dh_key->q != NULL)
     {
         if (ret == WOLFSSL_SUCCESS &&
-            wolfSSL_BN_mod_exp(num1, dh_key->g, dh_key->q, dh_key->p, ctx)
+            wolfSSL_BN_mod_exp(num1, dh_key->g, dh_key->q, dh_key->p, NULL)
                == WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
         {
             WOLFSSL_MSG("BN_mod_exp failed");
@@ -3855,7 +3848,7 @@ static int DH_param_check(WOLFSSL_DH* dh_key)
 #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN)
         /* test if the number q is prime. */
         if (ret == WOLFSSL_SUCCESS &&
-            (wolfSSL_BN_is_prime_ex(dh_key->q, 64, ctx, NULL) <= 0)) {
+            (wolfSSL_BN_is_prime_ex(dh_key->q, 64, NULL, NULL) <= 0)) {
             WOLFSSL_MSG("dh_key->q is not prime or error during check.");
             ret = WOLFSSL_FAILURE;
         } /* else TODO check q div q - 1. need BN_div */
@@ -3863,7 +3856,6 @@ static int DH_param_check(WOLFSSL_DH* dh_key)
     }
 
     /* clean up */
-    wolfSSL_BN_CTX_free(ctx);
     wolfSSL_BN_free(num1);
     wolfSSL_BN_free(num2);
 

wolfssl/openssl/bn.h

@@ -77,12 +77,17 @@ typedef struct WOLFSSL_BIGNUM {
 
 #define WOLFSSL_BN_MAX_VAL          ((BN_ULONG)-1)
 
-typedef struct WOLFSSL_BN_CTX      WOLFSSL_BN_CTX;
+struct WOLFSSL_BN_CTX_LIST {
+    WOLFSSL_BIGNUM* bn;
+    struct WOLFSSL_BN_CTX_LIST* next;
+};
+typedef struct WOLFSSL_BN_CTX {
+    struct WOLFSSL_BN_CTX_LIST* list;
+} WOLFSSL_BN_CTX;
 typedef struct WOLFSSL_BN_MONT_CTX WOLFSSL_BN_MONT_CTX;
 typedef struct WOLFSSL_BN_GENCB    WOLFSSL_BN_GENCB;
 
 WOLFSSL_API WOLFSSL_BN_CTX* wolfSSL_BN_CTX_new(void);
-WOLFSSL_API void           wolfSSL_BN_CTX_init(WOLFSSL_BN_CTX* ctx);
 WOLFSSL_API void           wolfSSL_BN_CTX_free(WOLFSSL_BN_CTX* ctx);
 
 WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_BN_new(void);
@@ -208,9 +213,13 @@ typedef WOLFSSL_BN_CTX      BN_CTX;
 typedef WOLFSSL_BN_MONT_CTX BN_MONT_CTX;
 typedef WOLFSSL_BN_GENCB    BN_GENCB;
 
+#ifndef NO_WOLFSSL_BN_CTX
 #define BN_CTX_new        wolfSSL_BN_CTX_new
-#define BN_CTX_init       wolfSSL_BN_CTX_init
 #define BN_CTX_free       wolfSSL_BN_CTX_free
+#else
+#define BN_CTX_new()      ((BN_CTX*)-1)
+#define BN_CTX_free(x)    ((void)(x))
+#endif
 
 #define BN_new        wolfSSL_BN_new
 #if !defined(USE_INTEGER_HEAP_MATH) && !defined(HAVE_WOLF_BIGINT)