From 63826e227bbbe4aa39a3ff7f8b2eb32c7b2d21dd Mon Sep 17 00:00:00 2001 From: TakayukiMatsuo Date: Tue, 20 Apr 2021 10:08:28 +0900 Subject: [PATCH 1/4] Add wolfSSL_DH_get0_pqg --- src/ssl.c | 22 +++++++++++++++++++ tests/api.c | 58 +++++++++++++++++++++++++++++++++++++++++++++++++++ wolfssl/ssl.h | 2 ++ 3 files changed, 82 insertions(+) diff --git a/src/ssl.c b/src/ssl.c index e859db143..609d368b8 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -33617,9 +33617,31 @@ int wolfSSL_DH_set0_pqg(WOLFSSL_DH *dh, WOLFSSL_BIGNUM *p, return WOLFSSL_SUCCESS; } + #endif /* v1.1.0 or later */ #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ +/** + * retrive p, q and g parameter + * @param dh a pointer to WOLFSSL_DH + * @param p a pointer to WOLFSSL_BIGNUM to be obtained dh + * @param q a pointer to WOLFSSL_BIGNUM to be obtained dh + * @param q a pointer to WOLFSSL_BIGNUM to be obtained dh + */ +void wolfSSL_DH_get0_pqg(WOLFSSL_DH *dh, WOLFSSL_BIGNUM **p, + WOLFSSL_BIGNUM **q, WOLFSSL_BIGNUM **g) +{ + WOLFSSL_ENTER("wolfSSL_DH_get0_pqg"); + if (dh == NULL) + return; + + if (p != NULL) + *p = dh->p; + if (q != NULL) + *q = dh->q; + if (g != NULL) + *g = dh->g; +} #endif /* NO_DH */ #endif /* OPENSSL_EXTRA */ diff --git a/tests/api.c b/tests/api.c index a7b0acfe1..e6b202934 100644 --- a/tests/api.c +++ b/tests/api.c @@ -1617,7 +1617,64 @@ static void test_wolfSSL_CTX_SetTmpDH_buffer(void) wolfSSL_CTX_free(ctx); #endif } +static void test_wolfSSL_DH_get0_pqg(void) +{ +#if defined(OPENSSL_EXTRA) + DH *dh = NULL; + BIGNUM* p; + BIGNUM* q; + BIGNUM* g; +#if defined(OPENSSL_ALL) + FILE* f = NULL; + unsigned char buf[4096]; + const unsigned char* pt = buf; + long len = 0; +#endif + printf(testingFmt, "test_wolfSSL_DH_get0_pqg"); + + /* invalid parameters test */ + DH_get0_pqg(NULL, &p, &q, &g); + DH_get0_pqg(dh, NULL, &q, &g); + DH_get0_pqg(dh, NULL, NULL, &g); + DH_get0_pqg(dh, NULL, NULL, NULL); + AssertTrue(1); + + dh = wolfSSL_DH_new(); + AssertNotNull(dh); + + DH_get0_pqg(dh, &p, &q, &g); + AssertPtrEq(p, NULL); + AssertPtrEq(q, NULL); + AssertPtrEq(g, NULL); + DH_free(dh); + +#if defined(OPENSSL_ALL) + dh = NULL; + XMEMSET(buf, 0, sizeof(buf)); + /* Test 2048 bit parameters */ + f = XFOPEN("./certs/dh2048.der", "rb"); + AssertTrue(f != XBADFILE); + len = (long)XFREAD(buf, 1, sizeof(buf), f); + XFCLOSE(f); + + AssertNotNull(dh = d2i_DHparams(NULL, &pt, len)); + AssertNotNull(dh->p); + AssertNotNull(dh->p); + AssertTrue(pt != buf); + AssertIntEQ(DH_generate_key(dh), WOLFSSL_SUCCESS); + + DH_get0_pqg(dh, &p, &q, &g); + + AssertPtrEq(p, dh->p); + AssertPtrEq(q, dh->q); + AssertPtrEq(g, dh->g); + DH_free(dh); +#endif + + printf(resultFmt, passed); +#endif +} static void test_wolfSSL_CTX_SetMinMaxDhKey_Sz(void) { #if !defined(NO_CERTS) && !defined(NO_DH) @@ -42637,6 +42694,7 @@ void ApiTest(void) test_wolfSSL_SetMinMaxDhKey_Sz(); test_SetTmpEC_DHE_Sz(); test_wolfSSL_dtls_set_mtu(); + test_wolfSSL_DH_get0_pqg(); #if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \ defined(HAVE_IO_TESTS_DEPENDENCIES) test_wolfSSL_read_write(); diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index bf0fe1201..4ed6d147c 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -4028,6 +4028,8 @@ WOLFSSL_API void *wolfSSL_OPENSSL_memdup(const void *data, size_t siz, const char* file, int line); WOLFSSL_API void wolfSSL_OPENSSL_cleanse(void *ptr, size_t len); WOLFSSL_API void wolfSSL_ERR_load_BIO_strings(void); +WOLFSSL_API void wolfSSL_DH_get0_pqg(WOLFSSL_DH* dh, WOLFSSL_BIGNUM** p, + WOLFSSL_BIGNUM** q, WOLFSSL_BIGNUM** g); #endif #if defined(HAVE_OCSP) && !defined(NO_ASN_TIME) From 568c09bcde23cf99a8c37dfac1f72d6a263ea6a0 Mon Sep 17 00:00:00 2001 From: TakayukiMatsuo Date: Wed, 21 Apr 2021 05:42:29 +0900 Subject: [PATCH 2/4] Add guard to the unit test --- tests/api.c | 43 +++++++++++++++++++++---------------------- 1 file changed, 21 insertions(+), 22 deletions(-) diff --git a/tests/api.c b/tests/api.c index e6b202934..e97a3eff8 100644 --- a/tests/api.c +++ b/tests/api.c @@ -1619,37 +1619,19 @@ static void test_wolfSSL_CTX_SetTmpDH_buffer(void) } static void test_wolfSSL_DH_get0_pqg(void) { -#if defined(OPENSSL_EXTRA) +#if defined(OPENSSL_EXTRA) && !defined(NO_DH) DH *dh = NULL; BIGNUM* p; BIGNUM* q; BIGNUM* g; #if defined(OPENSSL_ALL) +#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) FILE* f = NULL; unsigned char buf[4096]; const unsigned char* pt = buf; long len = 0; -#endif - printf(testingFmt, "test_wolfSSL_DH_get0_pqg"); - /* invalid parameters test */ - DH_get0_pqg(NULL, &p, &q, &g); - DH_get0_pqg(dh, NULL, &q, &g); - DH_get0_pqg(dh, NULL, NULL, &g); - DH_get0_pqg(dh, NULL, NULL, NULL); - AssertTrue(1); - - dh = wolfSSL_DH_new(); - AssertNotNull(dh); - - DH_get0_pqg(dh, &p, &q, &g); - AssertPtrEq(p, NULL); - AssertPtrEq(q, NULL); - AssertPtrEq(g, NULL); - DH_free(dh); - -#if defined(OPENSSL_ALL) dh = NULL; XMEMSET(buf, 0, sizeof(buf)); /* Test 2048 bit parameters */ @@ -1671,9 +1653,26 @@ static void test_wolfSSL_DH_get0_pqg(void) AssertPtrEq(g, dh->g); DH_free(dh); #endif - - printf(resultFmt, passed); #endif + printf(testingFmt, "test_wolfSSL_DH_get0_pqg"); + + /* invalid parameters test */ + DH_get0_pqg(NULL, &p, &q, &g); + DH_get0_pqg(dh, NULL, &q, &g); + DH_get0_pqg(dh, NULL, NULL, &g); + DH_get0_pqg(dh, NULL, NULL, NULL); + AssertTrue(1); + + dh = wolfSSL_DH_new(); + AssertNotNull(dh); + + DH_get0_pqg(dh, &p, &q, &g); + AssertPtrEq(p, NULL); + AssertPtrEq(q, NULL); + AssertPtrEq(g, NULL); + DH_free(dh); + printf(resultFmt, passed); +#endif /* OPENSSL_EXTRA && !NO_DH */ } static void test_wolfSSL_CTX_SetMinMaxDhKey_Sz(void) { From d22ed7443ba480512115a2ba390169df483b1ea4 Mon Sep 17 00:00:00 2001 From: TakayukiMatsuo Date: Thu, 22 Apr 2021 09:55:38 +0900 Subject: [PATCH 3/4] Fix unit test. --- tests/api.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/api.c b/tests/api.c index e97a3eff8..16d885012 100644 --- a/tests/api.c +++ b/tests/api.c @@ -1656,6 +1656,9 @@ static void test_wolfSSL_DH_get0_pqg(void) #endif printf(testingFmt, "test_wolfSSL_DH_get0_pqg"); + dh = wolfSSL_DH_new(); + AssertNotNull(dh); + /* invalid parameters test */ DH_get0_pqg(NULL, &p, &q, &g); DH_get0_pqg(dh, NULL, &q, &g); @@ -1663,9 +1666,6 @@ static void test_wolfSSL_DH_get0_pqg(void) DH_get0_pqg(dh, NULL, NULL, NULL); AssertTrue(1); - dh = wolfSSL_DH_new(); - AssertNotNull(dh); - DH_get0_pqg(dh, &p, &q, &g); AssertPtrEq(p, NULL); AssertPtrEq(q, NULL); From c442841e4a13c75bde1243b2dcabf1b85d6ca9de Mon Sep 17 00:00:00 2001 From: TakayukiMatsuo Date: Fri, 23 Apr 2021 10:53:22 +0900 Subject: [PATCH 4/4] Fix some along review. --- src/ssl.c | 40 ++++--------- tests/api.c | 131 ++++++++++++++++++++++--------------------- wolfssl/openssl/dh.h | 3 - wolfssl/ssl.h | 4 +- 4 files changed, 80 insertions(+), 98 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 609d368b8..fe8400b1c 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -33621,27 +33621,6 @@ int wolfSSL_DH_set0_pqg(WOLFSSL_DH *dh, WOLFSSL_BIGNUM *p, #endif /* v1.1.0 or later */ #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ -/** - * retrive p, q and g parameter - * @param dh a pointer to WOLFSSL_DH - * @param p a pointer to WOLFSSL_BIGNUM to be obtained dh - * @param q a pointer to WOLFSSL_BIGNUM to be obtained dh - * @param q a pointer to WOLFSSL_BIGNUM to be obtained dh - */ -void wolfSSL_DH_get0_pqg(WOLFSSL_DH *dh, WOLFSSL_BIGNUM **p, - WOLFSSL_BIGNUM **q, WOLFSSL_BIGNUM **g) -{ - WOLFSSL_ENTER("wolfSSL_DH_get0_pqg"); - if (dh == NULL) - return; - - if (p != NULL) - *p = dh->p; - if (q != NULL) - *q = dh->q; - if (g != NULL) - *g = dh->g; -} #endif /* NO_DH */ #endif /* OPENSSL_EXTRA */ @@ -55570,7 +55549,7 @@ int wolfSSL_CRYPTO_get_ex_new_index(int class_index, long argl, void *argp, return WOLFSSL_FAILURE; } #endif - +#endif /* NO_WOLFSSL_STUB */ /** * Return DH p, q and g parameters * @param dh a pointer to WOLFSSL_DH @@ -55581,13 +55560,18 @@ int wolfSSL_CRYPTO_get_ex_new_index(int class_index, long argl, void *argp, void wolfSSL_DH_get0_pqg(const WOLFSSL_DH *dh, const WOLFSSL_BIGNUM **p, const WOLFSSL_BIGNUM **q, const WOLFSSL_BIGNUM **g) { - WOLFSSL_STUB("wolfSSL_DH_get0_pqg"); - (void)dh; - (void)p; - (void)q; - (void)g; + WOLFSSL_ENTER("wolfSSL_DH_get0_pqg"); + if (dh == NULL) + return; + + if (p != NULL) + *p = dh->p; + if (q != NULL) + *q = dh->q; + if (g != NULL) + *g = dh->g; } -#endif /* NO_WOLFSSL_STUB */ + #endif /* OPENSSL_EXTRA */ #endif /* !WOLFCRYPT_ONLY */ diff --git a/tests/api.c b/tests/api.c index 16d885012..0616edb96 100644 --- a/tests/api.c +++ b/tests/api.c @@ -1617,63 +1617,7 @@ static void test_wolfSSL_CTX_SetTmpDH_buffer(void) wolfSSL_CTX_free(ctx); #endif } -static void test_wolfSSL_DH_get0_pqg(void) -{ -#if defined(OPENSSL_EXTRA) && !defined(NO_DH) - DH *dh = NULL; - BIGNUM* p; - BIGNUM* q; - BIGNUM* g; -#if defined(OPENSSL_ALL) -#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) - FILE* f = NULL; - unsigned char buf[4096]; - const unsigned char* pt = buf; - long len = 0; - - dh = NULL; - XMEMSET(buf, 0, sizeof(buf)); - /* Test 2048 bit parameters */ - f = XFOPEN("./certs/dh2048.der", "rb"); - AssertTrue(f != XBADFILE); - len = (long)XFREAD(buf, 1, sizeof(buf), f); - XFCLOSE(f); - - AssertNotNull(dh = d2i_DHparams(NULL, &pt, len)); - AssertNotNull(dh->p); - AssertNotNull(dh->p); - AssertTrue(pt != buf); - AssertIntEQ(DH_generate_key(dh), WOLFSSL_SUCCESS); - - DH_get0_pqg(dh, &p, &q, &g); - - AssertPtrEq(p, dh->p); - AssertPtrEq(q, dh->q); - AssertPtrEq(g, dh->g); - DH_free(dh); -#endif -#endif - printf(testingFmt, "test_wolfSSL_DH_get0_pqg"); - - dh = wolfSSL_DH_new(); - AssertNotNull(dh); - - /* invalid parameters test */ - DH_get0_pqg(NULL, &p, &q, &g); - DH_get0_pqg(dh, NULL, &q, &g); - DH_get0_pqg(dh, NULL, NULL, &g); - DH_get0_pqg(dh, NULL, NULL, NULL); - AssertTrue(1); - - DH_get0_pqg(dh, &p, &q, &g); - AssertPtrEq(p, NULL); - AssertPtrEq(q, NULL); - AssertPtrEq(g, NULL); - DH_free(dh); - printf(resultFmt, passed); -#endif /* OPENSSL_EXTRA && !NO_DH */ -} static void test_wolfSSL_CTX_SetMinMaxDhKey_Sz(void) { #if !defined(NO_CERTS) && !defined(NO_DH) @@ -42629,20 +42573,77 @@ static void test_wolfSSL_set_psk_use_session_callback() static void test_wolfSSL_DH_get0_pqg(void) { -#if defined(OPENSSL_ALL) && !defined(NO_WOLFSSL_STUB) - printf(testingFmt, "test_wolfSSL_DH_get0_pqg"); - +#if defined(OPENSSL_EXTRA) && !defined(NO_DH) DH *dh = NULL; BIGNUM* p; BIGNUM* q; BIGNUM* g; - - DH_get0_pqg(dh, (const BIGNUM**)&p, - (const BIGNUM**)&q, - (const BIGNUM**)&g); - AssertTrue(1); - printf(resultFmt, passed); + (void)dh; + (void)p; + (void)q; + (void)g; + +#if defined(OPENSSL_ALL) +#if !defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) + FILE* f = NULL; + unsigned char buf[268]; + const unsigned char* pt = buf; + long len = 0; + + dh = NULL; + XMEMSET(buf, 0, sizeof(buf)); + /* Test 2048 bit parameters */ + f = XFOPEN("./certs/dh2048.der", "rb"); + AssertTrue(f != XBADFILE); + len = (long)XFREAD(buf, 1, sizeof(buf), f); + XFCLOSE(f); + + AssertNotNull(dh = d2i_DHparams(NULL, &pt, len)); + AssertNotNull(dh->p); + AssertNotNull(dh->p); + AssertTrue(pt != buf); + AssertIntEQ(DH_generate_key(dh), WOLFSSL_SUCCESS); + + DH_get0_pqg(dh, (const BIGNUM**)&p, + (const BIGNUM**)&q, + (const BIGNUM**) &g); + + AssertPtrEq(p, dh->p); + AssertPtrEq(q, dh->q); + AssertPtrEq(g, dh->g); + DH_free(dh); #endif +#endif + printf(testingFmt, "test_wolfSSL_DH_get0_pqg"); + + dh = wolfSSL_DH_new(); + AssertNotNull(dh); + + /* invalid parameters test */ + DH_get0_pqg(NULL, (const BIGNUM**)&p, + (const BIGNUM**)&q, + (const BIGNUM**)&g); + + DH_get0_pqg(dh, NULL, + (const BIGNUM**)&q, + (const BIGNUM**)&g); + + DH_get0_pqg(dh, NULL, NULL, (const BIGNUM**)&g); + + DH_get0_pqg(dh, NULL, NULL, NULL); + AssertTrue(1); + + DH_get0_pqg(dh, (const BIGNUM**)&p, + (const BIGNUM**)&q, + (const BIGNUM**)&g); + + AssertPtrEq(p, NULL); + AssertPtrEq(q, NULL); + AssertPtrEq(g, NULL); + DH_free(dh); + printf(resultFmt, passed); +#endif /* OPENSSL_EXTRA && !NO_DH */ } /*----------------------------------------------------------------------------* diff --git a/wolfssl/openssl/dh.h b/wolfssl/openssl/dh.h index 42362d07f..0970f366f 100644 --- a/wolfssl/openssl/dh.h +++ b/wolfssl/openssl/dh.h @@ -69,9 +69,6 @@ WOLFSSL_API int wolfSSL_DH_compute_key(unsigned char* key, WOLFSSL_BIGNUM* pub, WOLFSSL_API int wolfSSL_DH_LoadDer(WOLFSSL_DH*, const unsigned char*, int sz); WOLFSSL_API int wolfSSL_DH_set0_pqg(WOLFSSL_DH*, WOLFSSL_BIGNUM*, WOLFSSL_BIGNUM*, WOLFSSL_BIGNUM*); -WOLFSSL_API void wolfSSL_DH_get0_pqg(const WOLFSSL_DH *dh, - const WOLFSSL_BIGNUM **p, const WOLFSSL_BIGNUM **q, - const WOLFSSL_BIGNUM **g); #define DH_new wolfSSL_DH_new #define DH_free wolfSSL_DH_free diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 4ed6d147c..0e8fa6e32 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -4028,8 +4028,8 @@ WOLFSSL_API void *wolfSSL_OPENSSL_memdup(const void *data, size_t siz, const char* file, int line); WOLFSSL_API void wolfSSL_OPENSSL_cleanse(void *ptr, size_t len); WOLFSSL_API void wolfSSL_ERR_load_BIO_strings(void); -WOLFSSL_API void wolfSSL_DH_get0_pqg(WOLFSSL_DH* dh, WOLFSSL_BIGNUM** p, - WOLFSSL_BIGNUM** q, WOLFSSL_BIGNUM** g); +WOLFSSL_API void wolfSSL_DH_get0_pqg(const WOLFSSL_DH* dh, +const WOLFSSL_BIGNUM** p, const WOLFSSL_BIGNUM** q, const WOLFSSL_BIGNUM** g); #endif #if defined(HAVE_OCSP) && !defined(NO_ASN_TIME)