diff --git a/.wolfssl_known_macro_extras b/.wolfssl_known_macro_extras index 08c463730..ccea372b3 100644 --- a/.wolfssl_known_macro_extras +++ b/.wolfssl_known_macro_extras @@ -373,6 +373,7 @@ NO_WOLFSSL_AUTOSAR_CRYIF NO_WOLFSSL_AUTOSAR_CRYPTO NO_WOLFSSL_AUTOSAR_CSM NO_WOLFSSL_BASE64_DECODE +NO_WOLFSSL_BN_CTX NO_WOLFSSL_MSG_EX NO_WOLFSSL_RENESAS_FSPSM_AES NO_WOLFSSL_RENESAS_FSPSM_HASH diff --git a/src/ssl_bn.c b/src/ssl_bn.c index dfa897e29..2d0d29d1f 100644 --- a/src/ssl_bn.c +++ b/src/ssl_bn.c @@ -2362,65 +2362,77 @@ int wolfSSL_BN_print_fp(XFILE fp, const WOLFSSL_BIGNUM *bn) } #endif /* !NO_FILESYSTEM && XFPRINTF */ +#ifndef NO_WOLFSSL_BN_CTX /******************************************************************************* * BN_CTX APIs ******************************************************************************/ -/* Allocate and return a new BN context object. +/* Create a new BN context object. * - * BN context not needed for operations. - * - * @return Pointer to dummy object. + * @return BN context object on success. + * @return NULL on failure. */ WOLFSSL_BN_CTX* wolfSSL_BN_CTX_new(void) { - /* wolfcrypt doesn't need BN context. */ - static int ctx; + WOLFSSL_BN_CTX* ctx = NULL; + WOLFSSL_ENTER("wolfSSL_BN_CTX_new"); - return (WOLFSSL_BN_CTX*)&ctx; -} + ctx = (WOLFSSL_BN_CTX*)XMALLOC(sizeof(WOLFSSL_BN_CTX), NULL, + DYNAMIC_TYPE_OPENSSL); + if (ctx != NULL) { + XMEMSET(ctx, 0, sizeof(WOLFSSL_BN_CTX)); + } -/* Initialize a BN context object. - * - * BN context not needed for operations. - * - * @param [in] ctx Dummy BN context. - */ -void wolfSSL_BN_CTX_init(WOLFSSL_BN_CTX* ctx) -{ - (void)ctx; - WOLFSSL_ENTER("wolfSSL_BN_CTX_init"); + return ctx; } - /* Free a BN context object. * - * BN context not needed for operations. - * - * @param [in] ctx Dummy BN context. + * @param [in] ctx BN context object. */ void wolfSSL_BN_CTX_free(WOLFSSL_BN_CTX* ctx) { - (void)ctx; WOLFSSL_ENTER("wolfSSL_BN_CTX_free"); - /* Don't do anything since using dummy, static BN context. */ + if (ctx != NULL) { + while (ctx->list != NULL) { + struct WOLFSSL_BN_CTX_LIST* tmp = ctx->list; + ctx->list = ctx->list->next; + wolfSSL_BN_free(tmp->bn); + XFREE(tmp, NULL, DYNAMIC_TYPE_OPENSSL); + } + XFREE(ctx, NULL, DYNAMIC_TYPE_OPENSSL); + } } -/* Get a big number based on the BN context. +/* Get a big number from the BN context. * - * @param [in] ctx BN context. Not used. + * @param [in] ctx BN context object. * @return Big number on success. * @return NULL on failure. */ WOLFSSL_BIGNUM *wolfSSL_BN_CTX_get(WOLFSSL_BN_CTX *ctx) { - /* ctx is not used - returning a new big number. */ - (void)ctx; + WOLFSSL_BIGNUM* bn = NULL; WOLFSSL_ENTER("wolfSSL_BN_CTX_get"); + if (ctx != NULL) { + struct WOLFSSL_BN_CTX_LIST* node = (struct WOLFSSL_BN_CTX_LIST*)XMALLOC( + sizeof(struct WOLFSSL_BN_CTX_LIST), NULL, DYNAMIC_TYPE_OPENSSL); + if (node != NULL) { + XMEMSET(node, 0, sizeof(struct WOLFSSL_BN_CTX_LIST)); + bn = node->bn = wolfSSL_BN_new(); + if (node->bn != NULL) { + node->next = ctx->list; + ctx->list = node; + } + else { + XFREE(node, NULL, DYNAMIC_TYPE_OPENSSL); + node = NULL; + } + } + } - /* Return a new big number. */ - return wolfSSL_BN_new(); + return bn; } #ifndef NO_WOLFSSL_STUB @@ -2440,6 +2452,8 @@ void wolfSSL_BN_CTX_start(WOLFSSL_BN_CTX *ctx) } #endif +#endif /* NO_WOLFSSL_BN_CTX */ + /******************************************************************************* * BN_MONT_CTX APIs ******************************************************************************/ diff --git a/tests/api.c b/tests/api.c index 235ffa1d1..d59001a2c 100644 --- a/tests/api.c +++ b/tests/api.c @@ -59914,17 +59914,16 @@ static int test_wolfSSL_BN_CTX(void) #if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && \ !defined(OPENSSL_EXTRA_NO_BN) && !defined(WOLFSSL_SP_MATH) WOLFSSL_BN_CTX* bn_ctx = NULL; - WOLFSSL_BIGNUM* t = NULL; - ExpectNotNull(bn_ctx = wolfSSL_BN_CTX_new()); + ExpectNotNull(bn_ctx = BN_CTX_new()); - /* No implementation. */ - BN_CTX_init(NULL); - - ExpectNotNull(t = BN_CTX_get(NULL)); - BN_free(t); - ExpectNotNull(t = BN_CTX_get(bn_ctx)); - BN_free(t); + ExpectNull(BN_CTX_get(NULL)); + ExpectNotNull(BN_CTX_get(bn_ctx)); + ExpectNotNull(BN_CTX_get(bn_ctx)); + ExpectNotNull(BN_CTX_get(bn_ctx)); + ExpectNotNull(BN_CTX_get(bn_ctx)); + ExpectNotNull(BN_CTX_get(bn_ctx)); + ExpectNotNull(BN_CTX_get(bn_ctx)); #ifndef NO_WOLFSSL_STUB /* No implementation. */ @@ -75287,7 +75286,7 @@ static int test_wolfSSL_d2i_and_i2d_PublicKey_ecc(void) int derLen; unsigned char pub_buf[65]; const int pub_len = 65; - BN_CTX* ctx; + BN_CTX* ctx = NULL; EC_GROUP* curve = NULL; EC_KEY* ephemeral_key = NULL; const EC_POINT* h = NULL; @@ -75327,6 +75326,7 @@ static int test_wolfSSL_d2i_and_i2d_PublicKey_ecc(void) EVP_PKEY_free(pkey); EC_KEY_free(ephemeral_key); EC_GROUP_free(curve); + BN_CTX_free(ctx); #endif return EXPECT_RESULT(); } diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index abc79d999..5e3f936ea 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -3795,18 +3795,11 @@ int wolfSSL_EVP_PKEY_cmp(const WOLFSSL_EVP_PKEY *a, const WOLFSSL_EVP_PKEY *b) static int DH_param_check(WOLFSSL_DH* dh_key) { int ret = WOLFSSL_SUCCESS; - WOLFSSL_BN_CTX* ctx = NULL; WOLFSSL_BIGNUM *num1 = NULL; WOLFSSL_BIGNUM *num2 = NULL; WOLFSSL_ENTER("DH_param_check"); - ctx = wolfSSL_BN_CTX_new(); - if (ctx == NULL) { - WOLFSSL_MSG("failed to allocate memory"); - return WOLFSSL_FAILURE; - } - num1 = wolfSSL_BN_new(); num2 = wolfSSL_BN_new(); if (num1 == NULL || num2 == NULL) { @@ -3840,7 +3833,7 @@ static int DH_param_check(WOLFSSL_DH* dh_key) dh_key->q != NULL) { if (ret == WOLFSSL_SUCCESS && - wolfSSL_BN_mod_exp(num1, dh_key->g, dh_key->q, dh_key->p, ctx) + wolfSSL_BN_mod_exp(num1, dh_key->g, dh_key->q, dh_key->p, NULL) == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) { WOLFSSL_MSG("BN_mod_exp failed"); @@ -3855,7 +3848,7 @@ static int DH_param_check(WOLFSSL_DH* dh_key) #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) /* test if the number q is prime. */ if (ret == WOLFSSL_SUCCESS && - (wolfSSL_BN_is_prime_ex(dh_key->q, 64, ctx, NULL) <= 0)) { + (wolfSSL_BN_is_prime_ex(dh_key->q, 64, NULL, NULL) <= 0)) { WOLFSSL_MSG("dh_key->q is not prime or error during check."); ret = WOLFSSL_FAILURE; } /* else TODO check q div q - 1. need BN_div */ @@ -3863,7 +3856,6 @@ static int DH_param_check(WOLFSSL_DH* dh_key) } /* clean up */ - wolfSSL_BN_CTX_free(ctx); wolfSSL_BN_free(num1); wolfSSL_BN_free(num2); diff --git a/wolfssl/openssl/bn.h b/wolfssl/openssl/bn.h index 39b6bf384..c0d7f9b6b 100644 --- a/wolfssl/openssl/bn.h +++ b/wolfssl/openssl/bn.h @@ -77,12 +77,17 @@ typedef struct WOLFSSL_BIGNUM { #define WOLFSSL_BN_MAX_VAL ((BN_ULONG)-1) -typedef struct WOLFSSL_BN_CTX WOLFSSL_BN_CTX; +struct WOLFSSL_BN_CTX_LIST { + WOLFSSL_BIGNUM* bn; + struct WOLFSSL_BN_CTX_LIST* next; +}; +typedef struct WOLFSSL_BN_CTX { + struct WOLFSSL_BN_CTX_LIST* list; +} WOLFSSL_BN_CTX; typedef struct WOLFSSL_BN_MONT_CTX WOLFSSL_BN_MONT_CTX; typedef struct WOLFSSL_BN_GENCB WOLFSSL_BN_GENCB; WOLFSSL_API WOLFSSL_BN_CTX* wolfSSL_BN_CTX_new(void); -WOLFSSL_API void wolfSSL_BN_CTX_init(WOLFSSL_BN_CTX* ctx); WOLFSSL_API void wolfSSL_BN_CTX_free(WOLFSSL_BN_CTX* ctx); WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_BN_new(void); @@ -208,9 +213,13 @@ typedef WOLFSSL_BN_CTX BN_CTX; typedef WOLFSSL_BN_MONT_CTX BN_MONT_CTX; typedef WOLFSSL_BN_GENCB BN_GENCB; +#ifndef NO_WOLFSSL_BN_CTX #define BN_CTX_new wolfSSL_BN_CTX_new -#define BN_CTX_init wolfSSL_BN_CTX_init #define BN_CTX_free wolfSSL_BN_CTX_free +#else +#define BN_CTX_new() ((BN_CTX*)-1) +#define BN_CTX_free(x) ((void)(x)) +#endif #define BN_new wolfSSL_BN_new #if !defined(USE_INTEGER_HEAP_MATH) && !defined(HAVE_WOLF_BIGINT)