From ee13dfd87889fc8d5a3a1033dfdc0b71732a9c01 Mon Sep 17 00:00:00 2001 From: Carie Pointer Date: Fri, 6 Dec 2019 14:27:01 -0700 Subject: [PATCH] Add Qt 5.12 and 5.13 support Co-Authored-By: aaronjense Co-Authored-By: MJSPollard Co-Authored-By: Quinn Miller Co-Authored-By: Tim Parrish --- certs/1024/dsa-pub-1024.pem | 12 + certs/1024/include.am | 1 + certs/include.am | 1 + certs/rsa-pub-2048.pem | 9 + configure.ac | 125 +- scripts/openssl.test | 9 +- src/bio.c | 3 +- src/internal.c | 592 ++++-- src/ocsp.c | 16 +- src/ssl.c | 3170 ++++++++++++++++++++++++++++--- src/tls.c | 6 +- tests/api.c | 1223 +++++++++++- wolfcrypt/src/asn.c | 717 ++++++- wolfcrypt/src/dh.c | 73 +- wolfcrypt/src/ecc.c | 2 +- wolfcrypt/src/error.c | 3 + wolfcrypt/src/wc_encrypt.c | 48 +- wolfcrypt/test/test.c | 6 +- wolfssl/internal.h | 33 +- wolfssl/openssl/bio.h | 4 + wolfssl/openssl/bn.h | 3 + wolfssl/openssl/crypto.h | 12 +- wolfssl/openssl/dh.h | 29 +- wolfssl/openssl/dsa.h | 6 + wolfssl/openssl/ec.h | 72 +- wolfssl/openssl/evp.h | 39 +- wolfssl/openssl/include.am | 1 + wolfssl/openssl/obj_mac.h | 50 + wolfssl/openssl/objects.h | 1 + wolfssl/openssl/opensslv.h | 2 +- wolfssl/openssl/pem.h | 32 + wolfssl/openssl/ssl.h | 46 +- wolfssl/openssl/x509_vfy.h | 46 +- wolfssl/ssl.h | 85 +- wolfssl/wolfcrypt/asn.h | 35 +- wolfssl/wolfcrypt/dh.h | 8 + wolfssl/wolfcrypt/dsa.h | 5 + wolfssl/wolfcrypt/error-crypt.h | 4 +- wolfssl/wolfcrypt/integer.h | 3 + wolfssl/wolfcrypt/settings.h | 4 +- wolfssl/wolfcrypt/tfm.h | 14 +- wolfssl/wolfcrypt/wc_encrypt.h | 2 +- 42 files changed, 5991 insertions(+), 561 deletions(-) create mode 100644 certs/1024/dsa-pub-1024.pem create mode 100644 certs/rsa-pub-2048.pem create mode 100644 wolfssl/openssl/obj_mac.h diff --git a/certs/1024/dsa-pub-1024.pem b/certs/1024/dsa-pub-1024.pem new file mode 100644 index 000000000..f39bc3781 --- /dev/null +++ b/certs/1024/dsa-pub-1024.pem @@ -0,0 +1,12 @@ +-----BEGIN PUBLIC KEY----- +MIIBtjCCASsGByqGSM44BAEwggEeAoGBAMEM3EaWjXZRMJnhLlfFx9Dykppgxo9g +KlwmptExDz1WyFk8W6xnJychMdDd+OEfLE99cXDMoWH1zG8lMbJaZrNAGPhg4bT0 +PM+zd+9GIjPnO7Vt0nSsfRUk0p1sOZ0MfYEqyw+uoiNCgs3CNAtwTkN2DZqzx1+D +qk+LtBWrb5TrAhUAwyFrnSVEkAlyRm7O1YSRXgjsfTcCgYB9FdIgxRa9+fAsgO65 +OGPkqEUowvSR3QHGtP0fR0gKLilO/sPIfs5aGsJL/Tblor8B6Gt9T5BKJx5Q/Fkt +LF7KKxKC3FYiiWnzOCPWEE9Rb+WkzA2AKGgp/wSBqAcdjhjT54ucvsP/kziEFf15 +AuEre29pQtuRbimNH6udhb1QQwOBhAACgYAhRYQ296sCvQlqjhTyj8/VFahXvXnV +2YuQ/2QFm0KHXbRXsmR2ectwNcaBvD87EZ3KRXQiSXzea6WycOw9YXcTmgzLUefH +aBkQ38973pmPIrO91HDJqVE0GLOIIbh796Y/9z7//BO4yAXQO9jcxeFKwiB2zYlu +ZOVDOiFFgqqbMg== +-----END PUBLIC KEY----- diff --git a/certs/1024/include.am b/certs/1024/include.am index 9f57e751f..3280cc185 100644 --- a/certs/1024/include.am +++ b/certs/1024/include.am @@ -9,6 +9,7 @@ EXTRA_DIST += \ certs/1024/client-key.pem \ certs/1024/dh1024.pem \ certs/1024/dsa1024.pem \ + certs/1024/dsa-pub-1024.pem \ certs/1024/server-cert.pem \ certs/1024/server-key.pem diff --git a/certs/include.am b/certs/include.am index 98c31a107..f8a2fe7fa 100644 --- a/certs/include.am +++ b/certs/include.am @@ -64,6 +64,7 @@ EXTRA_DIST += \ certs/dh2048.der \ certs/dh3072.der \ certs/rsa2048.der \ + certs/rsa-pub-2048.pem \ certs/rsa3072.der \ certs/dsa2048.der \ certs/dsa3072.der \ diff --git a/certs/rsa-pub-2048.pem b/certs/rsa-pub-2048.pem new file mode 100644 index 000000000..95daf3389 --- /dev/null +++ b/certs/rsa-pub-2048.pem @@ -0,0 +1,9 @@ +-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwQ1KqA3hewLXsG9fHD7 +UI3fQu5ylQiDeRWEwsFovmiDfDNo7P/VuByvQmVR30p3GzNnZdMsj8jVlLD/Wny1 +nU/O2T00KQ95SJhiEGGCVWirRf/7F1KrFGP7HuiQ76FQwqtRxBDQw3QOm2PXp20E +pyzGdYpY13EkY6n0FLumWoJxL+2gTW0ECyLulxXFK9wXCNWnY+ji5V8VwDfkXk7W +XYzMawnFnKNiSJ99jkfJ28lo+Ba8LAfvHM6ygeudWndri6pGkA/R0Z3knca6yz5Y +JCMph5AKgj9beOaLsIWEbdbmZA7fzuu8QhBK6cjvjUbS6iPVDEfBnI6TOpGPJxvW +NwIDAQAB +-----END PUBLIC KEY----- diff --git a/configure.ac b/configure.ac index 9de62ae66..386a7e89f 100644 --- a/configure.ac +++ b/configure.ac @@ -183,6 +183,7 @@ then enable_nginx=yes enable_asio=yes enable_libwebsockets=yes + enable_qt=yes enable_pwdbased=yes enable_aeskeywrap=yes enable_x963kdf=yes @@ -190,6 +191,7 @@ then enable_indef=yes enable_enckeys=yes enable_hashflags=yes + enable_dhdefaultparams=yes # Enable AES Decrypt, AES ECB, Alt Names, DER Load, Keep Certs, CRL IO with Timeout AM_CFLAGS="$AM_CFLAGS -DHAVE_AES_DECRYPT -DHAVE_AES_ECB -DWOLFSSL_ALT_NAMES -DWOLFSSL_DER_LOAD -DKEEP_OUR_CERT -DKEEP_PEER_CERT -DHAVE_CRL_IO -DHAVE_IO_TIMEOUT" @@ -435,6 +437,8 @@ AC_ARG_ENABLE([mcast], # stunnel (--enable-stunnel) HAVE_STUNNEL # asio (--enable-asio) WOLFSSL_ASIO # libwebsockets (--enable-libwebsockets) WOLFSSL_LIBWEBSOCKETS +# qt (--enable-qt) WOLFSSL_QT +# qt test (--enable-qt-test) WOLFSSL_QT_TEST # HAVE_POCO_LIB # WOLFSSL_MYSQL_COMPATIBLE # web server (--enable-webserver) HAVE_WEBSERVER @@ -491,6 +495,13 @@ then ENABLED_FORTRESS="yes" fi +#Qt Support +AC_ARG_ENABLE([qt], + [AS_HELP_STRING([--enable-qt],[Enable qt (default: disabled)])], + [ ENABLED_QT=$enableval ], + [ ENABLED_QT=no ] + ) + # ssl bump build AC_ARG_ENABLE([bump], [AS_HELP_STRING([--enable-bump],[Enable SSL Bump build (default: disabled)])], @@ -1429,7 +1440,6 @@ then AM_CFLAGS="$AM_CFLAGS -DHAVE_HKDF" fi - # X9.63 KDF AC_ARG_ENABLE([x963kdf], [AS_HELP_STRING([--enable-x963kdf],[Enable X9.63 KDF support (default: disabled)])], @@ -1441,7 +1451,6 @@ then AM_CFLAGS="$AM_CFLAGS -DHAVE_X963_KDF" fi - # DSA AC_ARG_ENABLE([dsa], [AS_HELP_STRING([--enable-dsa],[Enable DSA (default: disabled)])], @@ -1449,7 +1458,7 @@ AC_ARG_ENABLE([dsa], [ ENABLED_DSA=no ] ) -if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_NGINX" = "yes" || test "$ENABLED_WPAS" = "yes" +if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_NGINX" = "yes" || test "$ENABLED_WPAS" = "yes" || test "$ENABLED_QT" = "yes" then ENABLED_DSA="yes" fi @@ -1459,7 +1468,6 @@ then AM_CFLAGS="$AM_CFLAGS -DNO_DSA" fi - # ECC Shamir AC_ARG_ENABLE([eccshamir], [AS_HELP_STRING([--enable-eccshamir],[Enable ECC Shamir (default: enabled)])], @@ -1833,7 +1841,66 @@ then AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_STACK_LOG -finstrument-functions" fi +if test "$ENABLED_QT" = "yes" +then + # Requires opensslextra and opensslall + if test "x$ENABLED_OPENSSLALL" = "xno" && test "x$ENABLED_OPENSSLCOEXIST" = "xno" + then + ENABLED_OPENSSLALL="yes" + ENABLED_OPENSSLEXTRA="yes" + AM_CFLAGS="$AM_CFLAGS -DOPENSSL_EXTRA -DOPENSSL_ALL -DHAVE_EX_DATA" + fi + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_QT -DWOLFSSL_ALLOW_TLSV10 -DSESSION_CERTS -DOPENSSL_NO_SSL2" + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ALLOW_SSLV3 -DWOLFSSL_KEY_GEN -DHAVE_EX_DATA" + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CUSTOM_CURVES -DHAVE_ECC_SECPR2 -DHAVE_ECC_SECPR3 -DHAVE_ECC_BRAINPOOL -DHAVE_ECC_KOBLITZ" + # Requires OCSP make sure on + if test "x$ENABLED_OCSP" = "xno" + then + ENABLED_OCSP="yes" + AM_CFLAGS="$AM_CFLAGS -DHAVE_OCSP" + AM_CONDITIONAL([BUILD_OCSP], [test "x$ENABLED_OCSP" = "xyes"]) + fi + + # Requires PSK make sure on + if test "x$ENABLED_PSK" = "xno" + then + ENABLED_PSK="yes" + fi + + # Requires RC4 make sure on + if test "x$ENABLED_ARC4" = "xno" + then + ENABLED_ARC4="yes" + fi + + if test "x$ENABLED_CERTEXT" = "xno" + then + ENABLED_CERTEXT="yes" + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT" + fi + + if test "x$ENABLED_CERTGEN" = "xno" + then + ENABLED_CERTGEN="yes" + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_GEN" + fi + + # requires oldnames disabled + enable_oldnames=no +fi + +AC_ARG_ENABLE([qt-test], + [AS_HELP_STRING([--enable-qt-test],[Enable qt tests (default: disabled)])], + [ ENABLED_QT_TEST=$enableval ], + [ ENABLED_QT_TEST=no ] + ) + +if test "$ENABLED_QT_TEST" = "yes" +then + AM_CFLAGS="$AM_CFLAGS -DOPENSSL_NO_SSL3 -DWOLFSSL_STATIC_RSA" + AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_STATIC_PSK" +fi # RSA AC_ARG_ENABLE([rsa], @@ -2111,7 +2178,7 @@ AC_ARG_ENABLE([des3], [ ENABLED_DES3=no ] ) -if test "$ENABLED_OPENSSH" = "yes" +if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_QT" = "yes" then ENABLED_DES3="yes" fi @@ -2128,7 +2195,6 @@ then AM_CFLAGS="$AM_CFLAGS -DHAVE_IDEA" fi - # ARC4 AC_ARG_ENABLE([arc4], [AS_HELP_STRING([--enable-arc4],[Enable ARC4 (default: disabled)])], @@ -2152,6 +2218,7 @@ else ENABLED_ARC4=no fi fi +AM_CONDITIONAL([BUILD_IDEA], [test "x$ENABLED_IDEA" = "xyes"]) # MD5 @@ -2804,6 +2871,10 @@ AC_ARG_ENABLE([sni], [ ENABLED_SNI=$enableval ], [ ENABLED_SNI=no ] ) +if test "x$ENABLED_QT" = "xyes" +then + ENABLED_SNI="yes" +fi if test "x$ENABLED_SNI" = "xyes" then @@ -3328,6 +3399,34 @@ then AM_CFLAGS="$AM_CFLAGS -DHAVE_EXT_CACHE -DHAVE_EX_DATA" fi + + +# ARC4 +AC_ARG_ENABLE([arc4], + [AS_HELP_STRING([--enable-arc4],[Enable ARC4 (default: disabled)])], + [ ENABLED_ARC4=$enableval ], + [ ENABLED_ARC4=no ] + ) + +if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_WPAS" = "yes" || test "$ENABLED_QT" = "yes" +then + ENABLED_ARC4="yes" +fi + +if test "$ENABLED_ARC4" = "no" +then + AM_CFLAGS="$AM_CFLAGS -DNO_RC4" +else + # turn off ARC4 if leanpsk or leantls on + if test "$ENABLED_LEANPSK" = "yes" || test "$ENABLED_LEANTLS" = "yes" + then + AM_CFLAGS="$AM_CFLAGS -DNO_RC4" + ENABLED_ARC4=no + fi +fi + +AM_CONDITIONAL([BUILD_RC4], [test "x$ENABLED_ARC4" = "xyes"]) + # Asio Support AC_ARG_ENABLE([asio], [AS_HELP_STRING([--enable-asio],[Enable asio (default: disabled)])], @@ -4555,6 +4654,17 @@ then AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_HASH_FLAGS" fi +# Support for enabling setting default DH parameters in +AC_ARG_ENABLE([defaultdhparams], + [AS_HELP_STRING([--enable-dhdefaultparams],[Enables option for default dh parameters (default: disabled)])], + [ ENABLED_DHDEFAULTPARAMS=$enableval ], + [ ENABLED_DHDEFAULTPARAMS=no ] + ) +if test "$ENABLED_DHDEFAULTPARAMS" = "yes" || test "$ENABLED_QT" = "no" +then + ENABLED_DHDEFAULTPARAMS=yes + AM_CFLAGS="$AM_CFLAGS -DHAVE_DH_DEFAULT_PARAMS" +fi # User Settings AC_ARG_ENABLE([usersettings], @@ -5186,6 +5296,7 @@ echo " * RSA: $ENABLED_RSA" echo " * RSA-PSS: $ENABLED_RSAPSS" echo " * DSA: $ENABLED_DSA" echo " * DH: $ENABLED_DH" +echo " * DH Default Parameters: $ENABLED_DHDEFAULTPARAMS" echo " * ECC: $ENABLED_ECC" echo " * ECC Custom Curves $ENABLED_ECCCUSTCURVES" echo " * CURVE25519: $ENABLED_CURVE25519" @@ -5204,6 +5315,8 @@ echo " * Apache httpd: $ENABLED_APACHE_HTTPD" echo " * NGINX: $ENABLED_NGINX" echo " * ASIO: $ENABLED_ASIO" echo " * LIBWEBSOCKETS: $ENABLED_LIBWEBSOCKETS" +echo " * Qt $ENABLED_QT" +echo " * Qt Unit Testing $ENABLED_QT_TEST" echo " * SIGNAL: $ENABLED_SIGNAL" echo " * ERROR_STRINGS: $ENABLED_ERROR_STRINGS" echo " * DTLS: $ENABLED_DTLS" diff --git a/scripts/openssl.test b/scripts/openssl.test index 3fa04e058..4e549a641 100755 --- a/scripts/openssl.test +++ b/scripts/openssl.test @@ -195,6 +195,7 @@ for version in $wolf_versions; do echo -e "version = $version" # get openssl ciphers depending on version + # -s flag for only supported ciphers case $version in "0") openssl_ciphers=`$OPENSSL ciphers "SSLv3"` @@ -211,7 +212,7 @@ do fi ;; "1") - openssl_ciphers=`$OPENSSL ciphers "TLSv1"` + openssl_ciphers=`$OPENSSL ciphers -s "TLSv1"` tlsv1_sup=$? if [ $tlsv1_sup != 0 ] then @@ -221,7 +222,7 @@ do fi ;; "2") - openssl_ciphers=`$OPENSSL ciphers "TLSv1.1"` + openssl_ciphers=`$OPENSSL ciphers -s "TLSv1.1"` tlsv1_1_sup=$? if [ $tlsv1_1_sup != 0 ] then @@ -231,7 +232,7 @@ do fi ;; "3") - openssl_ciphers=`$OPENSSL ciphers "TLSv1.2"` + openssl_ciphers=`$OPENSSL ciphers -s "TLSv1.2"` tlsv1_2_sup=$? if [ $tlsv1_2_sup != 0 ] then @@ -241,7 +242,7 @@ do fi ;; "4") #test all suites - openssl_ciphers=`$OPENSSL ciphers "ALL"` + openssl_ciphers=`$OPENSSL ciphers -s "ALL"` all_sup=$? if [ $all_sup != 0 ] then diff --git a/src/bio.c b/src/bio.c index 88e3651aa..3361c9eff 100644 --- a/src/bio.c +++ b/src/bio.c @@ -78,6 +78,7 @@ static int wolfSSL_BIO_BIO_read(WOLFSSL_BIO* bio, void* buf, int len) static int wolfSSL_BIO_MEMORY_read(WOLFSSL_BIO* bio, void* buf, int len) { int sz; + WOLFSSL_ENTER("wolfSSL_BIO_MEMORY_read"); sz = wolfSSL_BIO_pending(bio); if (sz > 0) { @@ -576,6 +577,7 @@ long wolfSSL_BIO_ctrl(WOLFSSL_BIO *bio, int cmd, long larg, void *parg) } switch(cmd) { + case BIO_CTRL_PENDING: case BIO_CTRL_WPENDING: ret = (long)wolfSSL_BIO_ctrl_pending(bio); break; @@ -876,7 +878,6 @@ size_t wolfSSL_BIO_ctrl_pending(WOLFSSL_BIO *bio) return pair->wrIdx - pair->rdIdx; } } - return 0; } diff --git a/src/internal.c b/src/internal.c index 6e6c2b590..8bfed7800 100644 --- a/src/internal.c +++ b/src/internal.c @@ -6018,6 +6018,10 @@ void SSL_ResourceFree(WOLFSSL* ssl) #endif } #endif /* WOLFSSL_STATIC_MEMORY */ +#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) + wolfSSL_sk_CIPHER_free(ssl->supportedCiphers); + wolfSSL_sk_X509_free(ssl->peerCertChain); +#endif } /* Free any handshake resources no longer needed */ @@ -9020,8 +9024,8 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) else x509->notBefore.length = 0; if (dCert->afterDateLen > 0) { - minSz = min(dCert->beforeDate[1], MAX_DATE_SZ); - x509->notAfter.type = dCert->beforeDate[0]; + minSz = min(dCert->afterDate[1], MAX_DATE_SZ); + x509->notAfter.type = dCert->afterDate[0]; x509->notAfter.length = minSz; XMEMCPY(x509->notAfter.data, &dCert->afterDate[2], minSz); } @@ -9135,6 +9139,19 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) ret = MEMORY_E; } } + #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) + if (dCert->extAuthInfoCaIssuer != NULL && dCert->extAuthInfoCaIssuerSz > 0) { + x509->authInfoCaIssuer = (byte*)XMALLOC(dCert->extAuthInfoCaIssuerSz, x509->heap, + DYNAMIC_TYPE_X509_EXT); + if (x509->authInfoCaIssuer != NULL) { + XMEMCPY(x509->authInfoCaIssuer, dCert->extAuthInfoCaIssuer, dCert->extAuthInfoCaIssuerSz); + x509->authInfoCaIssuerSz = dCert->extAuthInfoCaIssuerSz; + } + else { + ret = MEMORY_E; + } + } + #endif x509->basicConstSet = dCert->extBasicConstSet; x509->basicConstCrit = dCert->extBasicConstCrit; x509->basicConstPlSet = dCert->pathLengthSet; @@ -9182,10 +9199,10 @@ int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) ret = MEMORY_E; } } - #ifdef WOLFSSL_SEP + #if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT) x509->certPolicySet = dCert->extCertPolicySet; x509->certPolicyCrit = dCert->extCertPolicyCrit; - #endif /* WOLFSSL_SEP */ + #endif /* WOLFSSL_SEP || WOLFSSL_QT */ #ifdef WOLFSSL_CERT_EXT { int i; @@ -17317,482 +17334,490 @@ void SetErrorString(int error, char* str) } #ifndef NO_ERROR_STRINGS - #define SUITE_INFO(x,y,z,w) {(x),(y),(z),(w)} + #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) + #define SUITE_INFO(x,y,z,w,v,u) {(x),(y),(z),(w),(v),(u)} + #else + #define SUITE_INFO(x,y,z,w,v,u) {(x),(y),(z),(w)} + #endif #else - #define SUITE_INFO(x,y,z,w) {(x),(z),(w)} + #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) + #define SUITE_INFO(x,y,z,w,v,u) {(x),(z),(w),(v),(u)} + #else + #define SUITE_INFO(x,y,z,w,v,u) {(x),(z),(w)} + #endif #endif static const CipherSuiteInfo cipher_names[] = { #ifdef BUILD_TLS_AES_128_GCM_SHA256 - SUITE_INFO("TLS13-AES128-GCM-SHA256","TLS_AES_128_GCM_SHA256",TLS13_BYTE,TLS_AES_128_GCM_SHA256), + SUITE_INFO("TLS13-AES128-GCM-SHA256","TLS_AES_128_GCM_SHA256",TLS13_BYTE,TLS_AES_128_GCM_SHA256, TLSv1_3_MINOR, SSLv3_MAJOR), #endif #ifdef BUILD_TLS_AES_256_GCM_SHA384 - SUITE_INFO("TLS13-AES256-GCM-SHA384","TLS_AES_256_GCM_SHA384",TLS13_BYTE,TLS_AES_256_GCM_SHA384), + SUITE_INFO("TLS13-AES256-GCM-SHA384","TLS_AES_256_GCM_SHA384",TLS13_BYTE,TLS_AES_256_GCM_SHA384, TLSv1_3_MINOR, SSLv3_MAJOR), #endif #ifdef BUILD_TLS_CHACHA20_POLY1305_SHA256 - SUITE_INFO("TLS13-CHACHA20-POLY1305-SHA256","TLS_CHACHA20_POLY1305_SHA256",TLS13_BYTE,TLS_CHACHA20_POLY1305_SHA256), + SUITE_INFO("TLS13-CHACHA20-POLY1305-SHA256","TLS_CHACHA20_POLY1305_SHA256",TLS13_BYTE,TLS_CHACHA20_POLY1305_SHA256, TLSv1_3_MINOR, SSLv3_MAJOR), #endif #ifdef BUILD_TLS_AES_128_CCM_SHA256 - SUITE_INFO("TLS13-AES128-CCM-SHA256","TLS_AES_128_CCM_SHA256",TLS13_BYTE,TLS_AES_128_CCM_SHA256), + SUITE_INFO("TLS13-AES128-CCM-SHA256","TLS_AES_128_CCM_SHA256",TLS13_BYTE,TLS_AES_128_CCM_SHA256, TLSv1_3_MINOR, SSLv3_MAJOR), #endif #ifdef BUILD_TLS_AES_128_CCM_8_SHA256 - SUITE_INFO("TLS13-AES128-CCM-8-SHA256","TLS_AES_128_CCM_8_SHA256",TLS13_BYTE,TLS_AES_128_CCM_8_SHA256), + SUITE_INFO("TLS13-AES128-CCM-8-SHA256","TLS_AES_128_CCM_8_SHA256",TLS13_BYTE,TLS_AES_128_CCM_8_SHA256,TLSv1_3_MINOR, SSLv3_MAJOR), #endif #ifdef BUILD_TLS_SHA256_SHA256 - SUITE_INFO("TLS13-SHA256-SHA256","TLS_SHA256_SHA256",ECC_BYTE,TLS_SHA256_SHA256), + SUITE_INFO("TLS13-SHA256-SHA256","TLS_SHA256_SHA256",ECC_BYTE,TLS_SHA256_SHA256,TLSv1_3_MINOR, SSLv3_MAJOR), #endif #ifdef BUILD_TLS_SHA384_SHA384 - SUITE_INFO("TLS13-SHA384-SHA384","TLS_SHA384_SHA384",ECC_BYTE,TLS_SHA384_SHA384), + SUITE_INFO("TLS13-SHA384-SHA384","TLS_SHA384_SHA384",ECC_BYTE,TLS_SHA384_SHA384,TLSv1_3_MINOR, SSLv3_MAJOR), #endif #ifndef WOLFSSL_NO_TLS12 #ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA - SUITE_INFO("RC4-SHA","SSL_RSA_WITH_RC4_128_SHA",CIPHER_BYTE,SSL_RSA_WITH_RC4_128_SHA), + SUITE_INFO("RC4-SHA","SSL_RSA_WITH_RC4_128_SHA",CIPHER_BYTE,SSL_RSA_WITH_RC4_128_SHA,SSLv3_MINOR,SSLv3_MAJOR), #endif #ifdef BUILD_SSL_RSA_WITH_RC4_128_MD5 - SUITE_INFO("RC4-MD5","SSL_RSA_WITH_RC4_128_MD5",CIPHER_BYTE,SSL_RSA_WITH_RC4_128_MD5), + SUITE_INFO("RC4-MD5","SSL_RSA_WITH_RC4_128_MD5",CIPHER_BYTE,SSL_RSA_WITH_RC4_128_MD5,SSLv3_MINOR,SSLv3_MAJOR), #endif #ifdef BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA - SUITE_INFO("DES-CBC3-SHA","SSL_RSA_WITH_3DES_EDE_CBC_SHA",CIPHER_BYTE,SSL_RSA_WITH_3DES_EDE_CBC_SHA), + SUITE_INFO("DES-CBC3-SHA","SSL_RSA_WITH_3DES_EDE_CBC_SHA",CIPHER_BYTE,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSLv3_MINOR,SSLv3_MAJOR), #endif #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA - SUITE_INFO("AES128-SHA","TLS_RSA_WITH_AES_128_CBC_SHA",CIPHER_BYTE,TLS_RSA_WITH_AES_128_CBC_SHA), + SUITE_INFO("AES128-SHA","TLS_RSA_WITH_AES_128_CBC_SHA",CIPHER_BYTE,TLS_RSA_WITH_AES_128_CBC_SHA,SSLv3_MINOR,SSLv3_MAJOR), #endif #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA - SUITE_INFO("AES256-SHA","TLS_RSA_WITH_AES_256_CBC_SHA",CIPHER_BYTE,TLS_RSA_WITH_AES_256_CBC_SHA), + SUITE_INFO("AES256-SHA","TLS_RSA_WITH_AES_256_CBC_SHA",CIPHER_BYTE,TLS_RSA_WITH_AES_256_CBC_SHA,SSLv3_MINOR,SSLv3_MAJOR), #endif #ifdef BUILD_TLS_RSA_WITH_NULL_MD5 - SUITE_INFO("NULL-MD5","TLS_RSA_WITH_NULL_MD5",CIPHER_BYTE,TLS_RSA_WITH_NULL_MD5), + SUITE_INFO("NULL-MD5","TLS_RSA_WITH_NULL_MD5",CIPHER_BYTE,TLS_RSA_WITH_NULL_MD5,SSLv3_MINOR,SSLv3_MAJOR), #endif #ifdef BUILD_TLS_RSA_WITH_NULL_SHA - SUITE_INFO("NULL-SHA","TLS_RSA_WITH_NULL_SHA",CIPHER_BYTE,TLS_RSA_WITH_NULL_SHA), + SUITE_INFO("NULL-SHA","TLS_RSA_WITH_NULL_SHA",CIPHER_BYTE,TLS_RSA_WITH_NULL_SHA,SSLv3_MINOR,SSLv3_MAJOR), #endif #ifdef BUILD_TLS_RSA_WITH_NULL_SHA256 - SUITE_INFO("NULL-SHA256","TLS_RSA_WITH_NULL_SHA256",CIPHER_BYTE,TLS_RSA_WITH_NULL_SHA256), + SUITE_INFO("NULL-SHA256","TLS_RSA_WITH_NULL_SHA256",CIPHER_BYTE,TLS_RSA_WITH_NULL_SHA256,TLSv1_2_MINOR,SSLv3_MAJOR), #endif #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA - SUITE_INFO("DHE-RSA-AES128-SHA","TLS_DHE_RSA_WITH_AES_128_CBC_SHA",CIPHER_BYTE,TLS_DHE_RSA_WITH_AES_128_CBC_SHA), + SUITE_INFO("DHE-RSA-AES128-SHA","TLS_DHE_RSA_WITH_AES_128_CBC_SHA",CIPHER_BYTE,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,SSLv3_MINOR,SSLv3_MAJOR), #endif #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA - SUITE_INFO("DHE-RSA-AES256-SHA","TLS_DHE_RSA_WITH_AES_256_CBC_SHA",CIPHER_BYTE,TLS_DHE_RSA_WITH_AES_256_CBC_SHA), + SUITE_INFO("DHE-RSA-AES256-SHA","TLS_DHE_RSA_WITH_AES_256_CBC_SHA",CIPHER_BYTE,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,SSLv3_MINOR,SSLv3_MAJOR), #endif #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 - SUITE_INFO("DHE-PSK-AES256-GCM-SHA384","TLS_DHE_PSK_WITH_AES_256_GCM_SHA384",CIPHER_BYTE,TLS_DHE_PSK_WITH_AES_256_GCM_SHA384), + SUITE_INFO("DHE-PSK-AES256-GCM-SHA384","TLS_DHE_PSK_WITH_AES_256_GCM_SHA384",CIPHER_BYTE,TLS_DHE_PSK_WITH_AES_256_GCM_SHA384,TLSv1_2_MINOR,SSLv3_MAJOR), #endif #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 - SUITE_INFO("DHE-PSK-AES128-GCM-SHA256","TLS_DHE_PSK_WITH_AES_128_GCM_SHA256",CIPHER_BYTE,TLS_DHE_PSK_WITH_AES_128_GCM_SHA256), + SUITE_INFO("DHE-PSK-AES128-GCM-SHA256","TLS_DHE_PSK_WITH_AES_128_GCM_SHA256",CIPHER_BYTE,TLS_DHE_PSK_WITH_AES_128_GCM_SHA256,TLSv1_2_MINOR,SSLv3_MAJOR), #endif #ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384 - SUITE_INFO("PSK-AES256-GCM-SHA384","TLS_PSK_WITH_AES_256_GCM_SHA384",CIPHER_BYTE,TLS_PSK_WITH_AES_256_GCM_SHA384), + SUITE_INFO("PSK-AES256-GCM-SHA384","TLS_PSK_WITH_AES_256_GCM_SHA384",CIPHER_BYTE,TLS_PSK_WITH_AES_256_GCM_SHA384,TLSv1_2_MINOR,SSLv3_MAJOR), #endif #ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256 - SUITE_INFO("PSK-AES128-GCM-SHA256","TLS_PSK_WITH_AES_128_GCM_SHA256",CIPHER_BYTE,TLS_PSK_WITH_AES_128_GCM_SHA256), + SUITE_INFO("PSK-AES128-GCM-SHA256","TLS_PSK_WITH_AES_128_GCM_SHA256",CIPHER_BYTE,TLS_PSK_WITH_AES_128_GCM_SHA256,TLSv1_2_MINOR,SSLv3_MAJOR), #endif #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 - SUITE_INFO("DHE-PSK-AES256-CBC-SHA384","TLS_DHE_PSK_WITH_AES_256_CBC_SHA384",CIPHER_BYTE,TLS_DHE_PSK_WITH_AES_256_CBC_SHA384), + SUITE_INFO("DHE-PSK-AES256-CBC-SHA384","TLS_DHE_PSK_WITH_AES_256_CBC_SHA384",CIPHER_BYTE,TLS_DHE_PSK_WITH_AES_256_CBC_SHA384,TLSv1_MINOR,SSLv3_MAJOR), #endif #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 - SUITE_INFO("DHE-PSK-AES128-CBC-SHA256","TLS_DHE_PSK_WITH_AES_128_CBC_SHA256",CIPHER_BYTE,TLS_DHE_PSK_WITH_AES_128_CBC_SHA256), + SUITE_INFO("DHE-PSK-AES128-CBC-SHA256","TLS_DHE_PSK_WITH_AES_128_CBC_SHA256",CIPHER_BYTE,TLS_DHE_PSK_WITH_AES_128_CBC_SHA256,TLSv1_MINOR,SSLv3_MAJOR), #endif #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384 - SUITE_INFO("PSK-AES256-CBC-SHA384","TLS_PSK_WITH_AES_256_CBC_SHA384",CIPHER_BYTE,TLS_PSK_WITH_AES_256_CBC_SHA384), + SUITE_INFO("PSK-AES256-CBC-SHA384","TLS_PSK_WITH_AES_256_CBC_SHA384",CIPHER_BYTE,TLS_PSK_WITH_AES_256_CBC_SHA384,TLSv1_MINOR,SSLv3_MAJOR), #endif #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256 - SUITE_INFO("PSK-AES128-CBC-SHA256","TLS_PSK_WITH_AES_128_CBC_SHA256",CIPHER_BYTE,TLS_PSK_WITH_AES_128_CBC_SHA256), + SUITE_INFO("PSK-AES128-CBC-SHA256","TLS_PSK_WITH_AES_128_CBC_SHA256",CIPHER_BYTE,TLS_PSK_WITH_AES_128_CBC_SHA256,TLSv1_MINOR,SSLv3_MAJOR), #endif #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA - SUITE_INFO("PSK-AES128-CBC-SHA","TLS_PSK_WITH_AES_128_CBC_SHA",CIPHER_BYTE,TLS_PSK_WITH_AES_128_CBC_SHA), + SUITE_INFO("PSK-AES128-CBC-SHA","TLS_PSK_WITH_AES_128_CBC_SHA",CIPHER_BYTE,TLS_PSK_WITH_AES_128_CBC_SHA,TLSv1_MINOR,SSLv3_MAJOR), #endif #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA - SUITE_INFO("PSK-AES256-CBC-SHA","TLS_PSK_WITH_AES_256_CBC_SHA",CIPHER_BYTE,TLS_PSK_WITH_AES_256_CBC_SHA), + SUITE_INFO("PSK-AES256-CBC-SHA","TLS_PSK_WITH_AES_256_CBC_SHA",CIPHER_BYTE,TLS_PSK_WITH_AES_256_CBC_SHA, TLSv1_MINOR, SSLv3_MAJOR), #endif #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CCM - SUITE_INFO("DHE-PSK-AES128-CCM","TLS_DHE_PSK_WITH_AES_128_CCM",ECC_BYTE,TLS_DHE_PSK_WITH_AES_128_CCM), + SUITE_INFO("DHE-PSK-AES128-CCM","TLS_DHE_PSK_WITH_AES_128_CCM",ECC_BYTE,TLS_DHE_PSK_WITH_AES_128_CCM,TLSv1_MINOR,SSLv3_MAJOR), #endif #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CCM - SUITE_INFO("DHE-PSK-AES256-CCM","TLS_DHE_PSK_WITH_AES_256_CCM",ECC_BYTE,TLS_DHE_PSK_WITH_AES_256_CCM), + SUITE_INFO("DHE-PSK-AES256-CCM","TLS_DHE_PSK_WITH_AES_256_CCM",ECC_BYTE,TLS_DHE_PSK_WITH_AES_256_CCM,TLSv1_MINOR,SSLv3_MAJOR), #endif #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM - SUITE_INFO("PSK-AES128-CCM","TLS_PSK_WITH_AES_128_CCM",ECC_BYTE,TLS_PSK_WITH_AES_128_CCM), + SUITE_INFO("PSK-AES128-CCM","TLS_PSK_WITH_AES_128_CCM",ECC_BYTE,TLS_PSK_WITH_AES_128_CCM,TLSv1_MINOR,SSLv3_MAJOR), #endif #ifdef BUILD_TLS_PSK_WITH_AES_256_CCM - SUITE_INFO("PSK-AES256-CCM","TLS_PSK_WITH_AES_256_CCM",ECC_BYTE,TLS_PSK_WITH_AES_256_CCM), + SUITE_INFO("PSK-AES256-CCM","TLS_PSK_WITH_AES_256_CCM",ECC_BYTE,TLS_PSK_WITH_AES_256_CCM,TLSv1_MINOR,SSLv3_MAJOR), #endif #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8 - SUITE_INFO("PSK-AES128-CCM-8","TLS_PSK_WITH_AES_128_CCM_8",ECC_BYTE,TLS_PSK_WITH_AES_128_CCM_8), + SUITE_INFO("PSK-AES128-CCM-8","TLS_PSK_WITH_AES_128_CCM_8",ECC_BYTE,TLS_PSK_WITH_AES_128_CCM_8,TLSv1_MINOR,SSLv3_MAJOR), #endif #ifdef BUILD_TLS_PSK_WITH_AES_256_CCM_8 - SUITE_INFO("PSK-AES256-CCM-8","TLS_PSK_WITH_AES_256_CCM_8",ECC_BYTE,TLS_PSK_WITH_AES_256_CCM_8), + SUITE_INFO("PSK-AES256-CCM-8","TLS_PSK_WITH_AES_256_CCM_8",ECC_BYTE,TLS_PSK_WITH_AES_256_CCM_8,TLSv1_MINOR,SSLv3_MAJOR), #endif #ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA384 - SUITE_INFO("DHE-PSK-NULL-SHA384","TLS_DHE_PSK_WITH_NULL_SHA384",CIPHER_BYTE,TLS_DHE_PSK_WITH_NULL_SHA384), + SUITE_INFO("DHE-PSK-NULL-SHA384","TLS_DHE_PSK_WITH_NULL_SHA384",CIPHER_BYTE,TLS_DHE_PSK_WITH_NULL_SHA384,TLSv1_MINOR,SSLv3_MAJOR), #endif #ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA256 - SUITE_INFO("DHE-PSK-NULL-SHA256","TLS_DHE_PSK_WITH_NULL_SHA256",CIPHER_BYTE,TLS_DHE_PSK_WITH_NULL_SHA256), + SUITE_INFO("DHE-PSK-NULL-SHA256","TLS_DHE_PSK_WITH_NULL_SHA256",CIPHER_BYTE,TLS_DHE_PSK_WITH_NULL_SHA256,TLSv1_MINOR,SSLv3_MAJOR), #endif #ifdef BUILD_TLS_PSK_WITH_NULL_SHA384 - SUITE_INFO("PSK-NULL-SHA384","TLS_PSK_WITH_NULL_SHA384",CIPHER_BYTE,TLS_PSK_WITH_NULL_SHA384), + SUITE_INFO("PSK-NULL-SHA384","TLS_PSK_WITH_NULL_SHA384",CIPHER_BYTE,TLS_PSK_WITH_NULL_SHA384,TLSv1_MINOR,SSLv3_MAJOR), #endif #ifdef BUILD_TLS_PSK_WITH_NULL_SHA256 - SUITE_INFO("PSK-NULL-SHA256","TLS_PSK_WITH_NULL_SHA256",CIPHER_BYTE,TLS_PSK_WITH_NULL_SHA256), + SUITE_INFO("PSK-NULL-SHA256","TLS_PSK_WITH_NULL_SHA256",CIPHER_BYTE,TLS_PSK_WITH_NULL_SHA256,TLSv1_MINOR,SSLv3_MAJOR), #endif #ifdef BUILD_TLS_PSK_WITH_NULL_SHA - SUITE_INFO("PSK-NULL-SHA","TLS_PSK_WITH_NULL_SHA",CIPHER_BYTE,TLS_PSK_WITH_NULL_SHA), + SUITE_INFO("PSK-NULL-SHA","TLS_PSK_WITH_NULL_SHA",CIPHER_BYTE,TLS_PSK_WITH_NULL_SHA,TLSv1_MINOR,SSLv3_MAJOR), #endif #ifdef BUILD_TLS_RSA_WITH_HC_128_MD5 - SUITE_INFO("HC128-MD5","TLS_RSA_WITH_HC_128_MD5",CIPHER_BYTE,TLS_RSA_WITH_HC_128_MD5), + SUITE_INFO("HC128-MD5","TLS_RSA_WITH_HC_128_MD5",CIPHER_BYTE,TLS_RSA_WITH_HC_128_MD5,TLSv1_MINOR,SSLv3_MAJOR), #endif #ifdef BUILD_TLS_RSA_WITH_HC_128_SHA - SUITE_INFO("HC128-SHA","TLS_RSA_WITH_HC_128_SHA",CIPHER_BYTE,TLS_RSA_WITH_HC_128_SHA), + SUITE_INFO("HC128-SHA","TLS_RSA_WITH_HC_128_SHA",CIPHER_BYTE,TLS_RSA_WITH_HC_128_SHA,TLSv1_MINOR,SSLv3_MAJOR), #endif #ifdef BUILD_TLS_RSA_WITH_RABBIT_SHA - SUITE_INFO("RABBIT-SHA","TLS_RSA_WITH_RABBIT_SHA",CIPHER_BYTE,TLS_RSA_WITH_RABBIT_SHA), + SUITE_INFO("RABBIT-SHA","TLS_RSA_WITH_RABBIT_SHA",CIPHER_BYTE,TLS_RSA_WITH_RABBIT_SHA,TLSv1_MINOR,SSLv3_MAJOR), #endif #ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA - SUITE_INFO("NTRU-RC4-SHA","TLS_NTRU_RSA_WITH_RC4_128_SHA",CIPHER_BYTE,TLS_NTRU_RSA_WITH_RC4_128_SHA), + SUITE_INFO("NTRU-RC4-SHA","TLS_NTRU_RSA_WITH_RC4_128_SHA",CIPHER_BYTE,TLS_NTRU_RSA_WITH_RC4_128_SHA, TLSv1_MINOR, SSLv3_MAJOR), #endif #ifdef BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA - SUITE_INFO("NTRU-DES-CBC3-SHA","TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA",CIPHER_BYTE,TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA), + SUITE_INFO("NTRU-DES-CBC3-SHA","TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA",CIPHER_BYTE,TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA, TLSv1_MINOR, SSLv3_MAJOR), #endif #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA - SUITE_INFO("NTRU-AES128-SHA","TLS_NTRU_RSA_WITH_AES_128_CBC_SHA",CIPHER_BYTE,TLS_NTRU_RSA_WITH_AES_128_CBC_SHA), + SUITE_INFO("NTRU-AES128-SHA","TLS_NTRU_RSA_WITH_AES_128_CBC_SHA",CIPHER_BYTE,TLS_NTRU_RSA_WITH_AES_128_CBC_SHA, TLSv1_MINOR, SSLv3_MAJOR), #endif #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA - SUITE_INFO("NTRU-AES256-SHA","TLS_NTRU_RSA_WITH_AES_256_CBC_SHA",CIPHER_BYTE,TLS_NTRU_RSA_WITH_AES_256_CBC_SHA), + SUITE_INFO("NTRU-AES256-SHA","TLS_NTRU_RSA_WITH_AES_256_CBC_SHA",CIPHER_BYTE,TLS_NTRU_RSA_WITH_AES_256_CBC_SHA, TLSv1_MINOR, SSLv3_MAJOR), #endif #ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8 - SUITE_INFO("AES128-CCM-8","TLS_RSA_WITH_AES_128_CCM_8",ECC_BYTE,TLS_RSA_WITH_AES_128_CCM_8), + SUITE_INFO("AES128-CCM-8","TLS_RSA_WITH_AES_128_CCM_8",ECC_BYTE,TLS_RSA_WITH_AES_128_CCM_8, TLSv1_2_MINOR, SSLv3_MAJOR), #endif #ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8 - SUITE_INFO("AES256-CCM-8","TLS_RSA_WITH_AES_256_CCM_8",ECC_BYTE,TLS_RSA_WITH_AES_256_CCM_8), + SUITE_INFO("AES256-CCM-8","TLS_RSA_WITH_AES_256_CCM_8",ECC_BYTE,TLS_RSA_WITH_AES_256_CCM_8, TLSv1_2_MINOR, SSLv3_MAJOR), #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM - SUITE_INFO("ECDHE-ECDSA-AES128-CCM","TLS_ECDHE_ECDSA_WITH_AES_128_CCM",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_AES_128_CCM), + SUITE_INFO("ECDHE-ECDSA-AES128-CCM","TLS_ECDHE_ECDSA_WITH_AES_128_CCM",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_AES_128_CCM, TLSv1_2_MINOR, SSLv3_MAJOR), #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 - SUITE_INFO("ECDHE-ECDSA-AES128-CCM-8","TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8), + SUITE_INFO("ECDHE-ECDSA-AES128-CCM-8","TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8, TLSv1_2_MINOR, SSLv3_MAJOR), #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 - SUITE_INFO("ECDHE-ECDSA-AES256-CCM-8","TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8), + SUITE_INFO("ECDHE-ECDSA-AES256-CCM-8","TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8, TLSv1_2_MINOR, SSLv3_MAJOR), #endif #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA - SUITE_INFO("ECDHE-RSA-AES128-SHA","TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",ECC_BYTE,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA), + SUITE_INFO("ECDHE-RSA-AES128-SHA","TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",ECC_BYTE,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLSv1_MINOR,SSLv3_MAJOR), #endif #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA - SUITE_INFO("ECDHE-RSA-AES256-SHA","TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",ECC_BYTE,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA), + SUITE_INFO("ECDHE-RSA-AES256-SHA","TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",ECC_BYTE,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLSv1_MINOR,SSLv3_MAJOR), #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA - SUITE_INFO("ECDHE-ECDSA-AES128-SHA","TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA), + SUITE_INFO("ECDHE-ECDSA-AES128-SHA","TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLSv1_MINOR, SSLv3_MAJOR), #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA - SUITE_INFO("ECDHE-ECDSA-AES256-SHA","TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA), + SUITE_INFO("ECDHE-ECDSA-AES256-SHA","TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLSv1_MINOR, SSLv3_MAJOR), #endif #ifdef BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA - SUITE_INFO("ECDHE-RSA-RC4-SHA","TLS_ECDHE_RSA_WITH_RC4_128_SHA",ECC_BYTE,TLS_ECDHE_RSA_WITH_RC4_128_SHA), + SUITE_INFO("ECDHE-RSA-RC4-SHA","TLS_ECDHE_RSA_WITH_RC4_128_SHA",ECC_BYTE,TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLSv1_MINOR, SSLv3_MAJOR), #endif #ifdef BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA - SUITE_INFO("ECDHE-RSA-DES-CBC3-SHA","TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",ECC_BYTE,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA), + SUITE_INFO("ECDHE-RSA-DES-CBC3-SHA","TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",ECC_BYTE,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLSv1_MINOR, SSLv3_MAJOR), #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA - SUITE_INFO("ECDHE-ECDSA-RC4-SHA","TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_RC4_128_SHA), + SUITE_INFO("ECDHE-ECDSA-RC4-SHA","TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLSv1_MINOR, SSLv3_MAJOR), #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA - SUITE_INFO("ECDHE-ECDSA-DES-CBC3-SHA","TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA), + SUITE_INFO("ECDHE-ECDSA-DES-CBC3-SHA","TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLSv1_MINOR, SSLv3_MAJOR), #endif #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256 - SUITE_INFO("AES128-SHA256","TLS_RSA_WITH_AES_128_CBC_SHA256",CIPHER_BYTE,TLS_RSA_WITH_AES_128_CBC_SHA256), + SUITE_INFO("AES128-SHA256","TLS_RSA_WITH_AES_128_CBC_SHA256",CIPHER_BYTE,TLS_RSA_WITH_AES_128_CBC_SHA256, TLSv1_MINOR, SSLv3_MAJOR), #endif #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256 - SUITE_INFO("AES256-SHA256","TLS_RSA_WITH_AES_256_CBC_SHA256",CIPHER_BYTE,TLS_RSA_WITH_AES_256_CBC_SHA256), + SUITE_INFO("AES256-SHA256","TLS_RSA_WITH_AES_256_CBC_SHA256",CIPHER_BYTE,TLS_RSA_WITH_AES_256_CBC_SHA256, TLSv1_2_MINOR, SSLv3_MAJOR), #endif #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 - SUITE_INFO("DHE-RSA-AES128-SHA256","TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",CIPHER_BYTE,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256), + SUITE_INFO("DHE-RSA-AES128-SHA256","TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",CIPHER_BYTE,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLSv1_2_MINOR, SSLv3_MAJOR), #endif #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 - SUITE_INFO("DHE-RSA-AES256-SHA256","TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",CIPHER_BYTE,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256), + SUITE_INFO("DHE-RSA-AES256-SHA256","TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",CIPHER_BYTE,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLSv1_2_MINOR, SSLv3_MAJOR), #endif #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA - SUITE_INFO("ECDH-RSA-AES128-SHA","TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",ECC_BYTE,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA), + SUITE_INFO("ECDH-RSA-AES128-SHA","TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",ECC_BYTE,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLSv1_MINOR, SSLv3_MAJOR), #endif #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA - SUITE_INFO("ECDH-RSA-AES256-SHA","TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",ECC_BYTE,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA), + SUITE_INFO("ECDH-RSA-AES256-SHA","TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",ECC_BYTE,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLSv1_MINOR, SSLv3_MAJOR), #endif #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA - SUITE_INFO("ECDH-ECDSA-AES128-SHA","TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",ECC_BYTE,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA), + SUITE_INFO("ECDH-ECDSA-AES128-SHA","TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",ECC_BYTE,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLSv1_MINOR, SSLv3_MAJOR), #endif #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA - SUITE_INFO("ECDH-ECDSA-AES256-SHA","TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",ECC_BYTE,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA), + SUITE_INFO("ECDH-ECDSA-AES256-SHA","TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",ECC_BYTE,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLSv1_MINOR, SSLv3_MAJOR), #endif #ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA - SUITE_INFO("ECDH-RSA-RC4-SHA","TLS_ECDH_RSA_WITH_RC4_128_SHA",ECC_BYTE,TLS_ECDH_RSA_WITH_RC4_128_SHA), + SUITE_INFO("ECDH-RSA-RC4-SHA","TLS_ECDH_RSA_WITH_RC4_128_SHA",ECC_BYTE,TLS_ECDH_RSA_WITH_RC4_128_SHA, TLSv1_MINOR, SSLv3_MAJOR), #endif #ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA - SUITE_INFO("ECDH-RSA-DES-CBC3-SHA","TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",ECC_BYTE,TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA), + SUITE_INFO("ECDH-RSA-DES-CBC3-SHA","TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",ECC_BYTE,TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLSv1_MINOR, SSLv3_MAJOR), #endif #ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA - SUITE_INFO("ECDH-ECDSA-RC4-SHA","TLS_ECDH_ECDSA_WITH_RC4_128_SHA",ECC_BYTE,TLS_ECDH_ECDSA_WITH_RC4_128_SHA), + SUITE_INFO("ECDH-ECDSA-RC4-SHA","TLS_ECDH_ECDSA_WITH_RC4_128_SHA",ECC_BYTE,TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLSv1_MINOR, SSLv3_MAJOR), #endif #ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA - SUITE_INFO("ECDH-ECDSA-DES-CBC3-SHA","TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",ECC_BYTE,TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA), + SUITE_INFO("ECDH-ECDSA-DES-CBC3-SHA","TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",ECC_BYTE,TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLSv1_MINOR, SSLv3_MAJOR), #endif #ifdef BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256 - SUITE_INFO("AES128-GCM-SHA256","TLS_RSA_WITH_AES_128_GCM_SHA256",CIPHER_BYTE,TLS_RSA_WITH_AES_128_GCM_SHA256), + SUITE_INFO("AES128-GCM-SHA256","TLS_RSA_WITH_AES_128_GCM_SHA256",CIPHER_BYTE,TLS_RSA_WITH_AES_128_GCM_SHA256, TLSv1_2_MINOR, SSLv3_MAJOR), #endif #ifdef BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384 - SUITE_INFO("AES256-GCM-SHA384","TLS_RSA_WITH_AES_256_GCM_SHA384",CIPHER_BYTE,TLS_RSA_WITH_AES_256_GCM_SHA384), + SUITE_INFO("AES256-GCM-SHA384","TLS_RSA_WITH_AES_256_GCM_SHA384",CIPHER_BYTE,TLS_RSA_WITH_AES_256_GCM_SHA384, TLSv1_2_MINOR, SSLv3_MAJOR), #endif #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 - SUITE_INFO("DHE-RSA-AES128-GCM-SHA256","TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",CIPHER_BYTE,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256), + SUITE_INFO("DHE-RSA-AES128-GCM-SHA256","TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",CIPHER_BYTE,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLSv1_2_MINOR, SSLv3_MAJOR), #endif #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 - SUITE_INFO("DHE-RSA-AES256-GCM-SHA384","TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",CIPHER_BYTE,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384), + SUITE_INFO("DHE-RSA-AES256-GCM-SHA384","TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",CIPHER_BYTE,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLSv1_2_MINOR, SSLv3_MAJOR), #endif #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 - SUITE_INFO("ECDHE-RSA-AES128-GCM-SHA256","TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",ECC_BYTE,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256), + SUITE_INFO("ECDHE-RSA-AES128-GCM-SHA256","TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",ECC_BYTE,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLSv1_2_MINOR, SSLv3_MAJOR), #endif #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - SUITE_INFO("ECDHE-RSA-AES256-GCM-SHA384","TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",ECC_BYTE,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384), + SUITE_INFO("ECDHE-RSA-AES256-GCM-SHA384","TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",ECC_BYTE,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLSv1_2_MINOR, SSLv3_MAJOR), #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - SUITE_INFO("ECDHE-ECDSA-AES128-GCM-SHA256","TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256), + SUITE_INFO("ECDHE-ECDSA-AES128-GCM-SHA256","TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLSv1_2_MINOR, SSLv3_MAJOR), #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 - SUITE_INFO("ECDHE-ECDSA-AES256-GCM-SHA384","TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384), + SUITE_INFO("ECDHE-ECDSA-AES256-GCM-SHA384","TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLSv1_2_MINOR, SSLv3_MAJOR), #endif #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 - SUITE_INFO("ECDH-RSA-AES128-GCM-SHA256","TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",ECC_BYTE,TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256), + SUITE_INFO("ECDH-RSA-AES128-GCM-SHA256","TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",ECC_BYTE,TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLSv1_2_MINOR, SSLv3_MAJOR), #endif #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 - SUITE_INFO("ECDH-RSA-AES256-GCM-SHA384","TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384",ECC_BYTE,TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384), + SUITE_INFO("ECDH-RSA-AES256-GCM-SHA384","TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384",ECC_BYTE,TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLSv1_2_MINOR, SSLv3_MAJOR), #endif #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 - SUITE_INFO("ECDH-ECDSA-AES128-GCM-SHA256","TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",ECC_BYTE,TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256), + SUITE_INFO("ECDH-ECDSA-AES128-GCM-SHA256","TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",ECC_BYTE,TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLSv1_2_MINOR, SSLv3_MAJOR), #endif #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 - SUITE_INFO("ECDH-ECDSA-AES256-GCM-SHA384","TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384",ECC_BYTE,TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384), + SUITE_INFO("ECDH-ECDSA-AES256-GCM-SHA384","TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384",ECC_BYTE,TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLSv1_2_MINOR, SSLv3_MAJOR), #endif #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA - SUITE_INFO("CAMELLIA128-SHA","TLS_RSA_WITH_CAMELLIA_128_CBC_SHA",CIPHER_BYTE,TLS_RSA_WITH_CAMELLIA_128_CBC_SHA), + SUITE_INFO("CAMELLIA128-SHA","TLS_RSA_WITH_CAMELLIA_128_CBC_SHA",CIPHER_BYTE,TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,TLSv1_MINOR,SSLv3_MAJOR), #endif #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA - SUITE_INFO("DHE-RSA-CAMELLIA128-SHA","TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA",CIPHER_BYTE,TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA), + SUITE_INFO("DHE-RSA-CAMELLIA128-SHA","TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA",CIPHER_BYTE,TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,TLSv1_MINOR,SSLv3_MAJOR), #endif #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA - SUITE_INFO("CAMELLIA256-SHA","TLS_RSA_WITH_CAMELLIA_256_CBC_SHA",CIPHER_BYTE,TLS_RSA_WITH_CAMELLIA_256_CBC_SHA), + SUITE_INFO("CAMELLIA256-SHA","TLS_RSA_WITH_CAMELLIA_256_CBC_SHA",CIPHER_BYTE,TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,TLSv1_MINOR,SSLv3_MAJOR), #endif #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA - SUITE_INFO("DHE-RSA-CAMELLIA256-SHA","TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA",CIPHER_BYTE,TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA), + SUITE_INFO("DHE-RSA-CAMELLIA256-SHA","TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA",CIPHER_BYTE,TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,TLSv1_MINOR,SSLv3_MAJOR), #endif #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 - SUITE_INFO("CAMELLIA128-SHA256","TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256",CIPHER_BYTE,TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256), + SUITE_INFO("CAMELLIA128-SHA256","TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256",CIPHER_BYTE,TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,TLSv1_MINOR,SSLv3_MAJOR), #endif #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 - SUITE_INFO("DHE-RSA-CAMELLIA128-SHA256","TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256",CIPHER_BYTE,TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256), + SUITE_INFO("DHE-RSA-CAMELLIA128-SHA256","TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256",CIPHER_BYTE,TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,TLSv1_MINOR,SSLv3_MAJOR), #endif #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 - SUITE_INFO("CAMELLIA256-SHA256","TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256",CIPHER_BYTE,TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256), + SUITE_INFO("CAMELLIA256-SHA256","TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256",CIPHER_BYTE,TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,TLSv1_MINOR,SSLv3_MAJOR), #endif #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 - SUITE_INFO("DHE-RSA-CAMELLIA256-SHA256","TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256",CIPHER_BYTE,TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256), + SUITE_INFO("DHE-RSA-CAMELLIA256-SHA256","TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256",CIPHER_BYTE,TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,TLSv1_MINOR,SSLv3_MAJOR), #endif #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 - SUITE_INFO("ECDHE-RSA-AES128-SHA256","TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",ECC_BYTE,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256), + SUITE_INFO("ECDHE-RSA-AES128-SHA256","TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",ECC_BYTE,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLSv1_2_MINOR, SSLv3_MAJOR), #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 - SUITE_INFO("ECDHE-ECDSA-AES128-SHA256","TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256), + SUITE_INFO("ECDHE-ECDSA-AES128-SHA256","TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLSv1_2_MINOR, SSLv3_MAJOR), #endif #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 - SUITE_INFO("ECDH-RSA-AES128-SHA256","TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256",ECC_BYTE,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256), + SUITE_INFO("ECDH-RSA-AES128-SHA256","TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256",ECC_BYTE,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLSv1_2_MINOR, SSLv3_MAJOR), #endif #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 - SUITE_INFO("ECDH-ECDSA-AES128-SHA256","TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256",ECC_BYTE,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256), + SUITE_INFO("ECDH-ECDSA-AES128-SHA256","TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256",ECC_BYTE,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLSv1_2_MINOR, SSLv3_MAJOR), #endif #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 - SUITE_INFO("ECDHE-RSA-AES256-SHA384","TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",ECC_BYTE,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384), + SUITE_INFO("ECDHE-RSA-AES256-SHA384","TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",ECC_BYTE,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLSv1_2_MINOR, SSLv3_MAJOR), #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 - SUITE_INFO("ECDHE-ECDSA-AES256-SHA384","TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384), + SUITE_INFO("ECDHE-ECDSA-AES256-SHA384","TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLSv1_2_MINOR, SSLv3_MAJOR), #endif #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 - SUITE_INFO("ECDH-RSA-AES256-SHA384","TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384",ECC_BYTE,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384), + SUITE_INFO("ECDH-RSA-AES256-SHA384","TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384",ECC_BYTE,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLSv1_2_MINOR, SSLv3_MAJOR), #endif #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 - SUITE_INFO("ECDH-ECDSA-AES256-SHA384","TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384",ECC_BYTE,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384), + SUITE_INFO("ECDH-ECDSA-AES256-SHA384","TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384",ECC_BYTE,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLSv1_2_MINOR, SSLv3_MAJOR), #endif #ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - SUITE_INFO("ECDHE-RSA-CHACHA20-POLY1305","TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",CHACHA_BYTE,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256), + SUITE_INFO("ECDHE-RSA-CHACHA20-POLY1305","TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",CHACHA_BYTE,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLSv1_2_MINOR, SSLv3_MAJOR), #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 - SUITE_INFO("ECDHE-ECDSA-CHACHA20-POLY1305","TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",CHACHA_BYTE,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256), + SUITE_INFO("ECDHE-ECDSA-CHACHA20-POLY1305","TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",CHACHA_BYTE,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLSv1_2_MINOR, SSLv3_MAJOR), #endif #ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 - SUITE_INFO("DHE-RSA-CHACHA20-POLY1305","TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256",CHACHA_BYTE,TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256), + SUITE_INFO("DHE-RSA-CHACHA20-POLY1305","TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256",CHACHA_BYTE,TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLSv1_2_MINOR, SSLv3_MAJOR), #endif #ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 - SUITE_INFO("ECDHE-RSA-CHACHA20-POLY1305-OLD","TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256",CHACHA_BYTE,TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256), + SUITE_INFO("ECDHE-RSA-CHACHA20-POLY1305-OLD","TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256",CHACHA_BYTE,TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256, TLSv1_2_MINOR, SSLv3_MAJOR), #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 - SUITE_INFO("ECDHE-ECDSA-CHACHA20-POLY1305-OLD","TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256",CHACHA_BYTE,TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256), + SUITE_INFO("ECDHE-ECDSA-CHACHA20-POLY1305-OLD","TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256",CHACHA_BYTE,TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256, TLSv1_2_MINOR, SSLv3_MAJOR), #endif #ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 - SUITE_INFO("DHE-RSA-CHACHA20-POLY1305-OLD","TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256",CHACHA_BYTE,TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256), + SUITE_INFO("DHE-RSA-CHACHA20-POLY1305-OLD","TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256",CHACHA_BYTE,TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256, TLSv1_2_MINOR, SSLv3_MAJOR), #endif #ifdef BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA - SUITE_INFO("ADH-AES128-SHA","TLS_DH_anon_WITH_AES_128_CBC_SHA",CIPHER_BYTE,TLS_DH_anon_WITH_AES_128_CBC_SHA), + SUITE_INFO("ADH-AES128-SHA","TLS_DH_anon_WITH_AES_128_CBC_SHA",CIPHER_BYTE,TLS_DH_anon_WITH_AES_128_CBC_SHA, TLSv1_2_MINOR, SSLv3_MAJOR), #endif #ifdef BUILD_TLS_DH_anon_WITH_AES_256_GCM_SHA384 - SUITE_INFO("ADH-AES256-GCM-SHA384","TLS_DH_anon_WITH_AES_256_GCM_SHA384",CIPHER_BYTE,TLS_DH_anon_WITH_AES_256_GCM_SHA384), + SUITE_INFO("ADH-AES256-GCM-SHA384","TLS_DH_anon_WITH_AES_256_GCM_SHA384",CIPHER_BYTE,TLS_DH_anon_WITH_AES_256_GCM_SHA384, TLSv1_2_MINOR, SSLv3_MAJOR), #endif #ifdef BUILD_TLS_QSH - SUITE_INFO("QSH","TLS_QSH",QSH_BYTE,TLS_QSH), + SUITE_INFO("QSH","TLS_QSH",QSH_BYTE,TLS_QSH, TLSv1_MINOR, SSLv3_MAJOR), #endif #ifdef HAVE_RENEGOTIATION_INDICATION - SUITE_INFO("RENEGOTIATION-INFO","TLS_EMPTY_RENEGOTIATION_INFO_SCSV",CIPHER_BYTE,TLS_EMPTY_RENEGOTIATION_INFO_SCSV), + SUITE_INFO("RENEGOTIATION-INFO","TLS_EMPTY_RENEGOTIATION_INFO_SCSV",CIPHER_BYTE,TLS_EMPTY_RENEGOTIATION_INFO_SCSV,SSLv3_MINOR,SSLv3_MAJOR), #endif #ifdef BUILD_SSL_RSA_WITH_IDEA_CBC_SHA - SUITE_INFO("IDEA-CBC-SHA","SSL_RSA_WITH_IDEA_CBC_SHA",CIPHER_BYTE,SSL_RSA_WITH_IDEA_CBC_SHA), + SUITE_INFO("IDEA-CBC-SHA","SSL_RSA_WITH_IDEA_CBC_SHA",CIPHER_BYTE,SSL_RSA_WITH_IDEA_CBC_SHA,SSLv3_MINOR,SSLv3_MAJOR), #endif #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA - SUITE_INFO("ECDHE-ECDSA-NULL-SHA","TLS_ECDHE_ECDSA_WITH_NULL_SHA",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_NULL_SHA), + SUITE_INFO("ECDHE-ECDSA-NULL-SHA","TLS_ECDHE_ECDSA_WITH_NULL_SHA",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_NULL_SHA, TLSv1_MINOR, SSLv3_MAJOR), #endif #ifdef BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256 - SUITE_INFO("ECDHE-PSK-NULL-SHA256","TLS_ECDHE_PSK_WITH_NULL_SHA256",ECC_BYTE,TLS_ECDHE_PSK_WITH_NULL_SHA256), + SUITE_INFO("ECDHE-PSK-NULL-SHA256","TLS_ECDHE_PSK_WITH_NULL_SHA256",ECC_BYTE,TLS_ECDHE_PSK_WITH_NULL_SHA256,TLSv1_MINOR,SSLv3_MAJOR), #endif #ifdef BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 - SUITE_INFO("ECDHE-PSK-AES128-CBC-SHA256","TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256",ECC_BYTE,TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256), + SUITE_INFO("ECDHE-PSK-AES128-CBC-SHA256","TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256",ECC_BYTE,TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,TLSv1_MINOR,SSLv3_MAJOR), #endif #ifdef BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 - SUITE_INFO("PSK-CHACHA20-POLY1305","TLS_PSK_WITH_CHACHA20_POLY1305_SHA256",CHACHA_BYTE,TLS_PSK_WITH_CHACHA20_POLY1305_SHA256), + SUITE_INFO("PSK-CHACHA20-POLY1305","TLS_PSK_WITH_CHACHA20_POLY1305_SHA256",CHACHA_BYTE,TLS_PSK_WITH_CHACHA20_POLY1305_SHA256,TLSv1_2_MINOR,SSLv3_MAJOR), #endif #ifdef BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 - SUITE_INFO("ECDHE-PSK-CHACHA20-POLY1305","TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256",CHACHA_BYTE,TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256), + SUITE_INFO("ECDHE-PSK-CHACHA20-POLY1305","TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256",CHACHA_BYTE,TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,TLSv1_2_MINOR,SSLv3_MAJOR), #endif #ifdef BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 - SUITE_INFO("DHE-PSK-CHACHA20-POLY1305","TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256",CHACHA_BYTE,TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256), + SUITE_INFO("DHE-PSK-CHACHA20-POLY1305","TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256",CHACHA_BYTE,TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256,TLSv1_2_MINOR,SSLv3_MAJOR), #endif #ifdef BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA - SUITE_INFO("EDH-RSA-DES-CBC3-SHA","TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA",CIPHER_BYTE,TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA), + SUITE_INFO("EDH-RSA-DES-CBC3-SHA","TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA",CIPHER_BYTE,TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, TLSv1_MINOR, SSLv3_MAJOR), #endif #ifdef BUILD_WDM_WITH_NULL_SHA256 - SUITE_INFO("WDM-NULL-SHA256","WDM_WITH_NULL_SHA256",CIPHER_BYTE,WDM_WITH_NULL_SHA256), + SUITE_INFO("WDM-NULL-SHA256","WDM_WITH_NULL_SHA256",CIPHER_BYTE,WDM_WITH_NULL_SHA256, TLSv1_3_MINOR, SSLv3_MAJOR) #endif #endif /* WOLFSSL_NO_TLS12 */ @@ -17816,7 +17841,7 @@ int GetCipherNamesSize(void) const char* GetCipherNameInternal(const byte cipherSuite0, const byte cipherSuite) { int i; - const char* nameInternal = NULL; + const char* nameInternal = "None"; for (i = 0; i < GetCipherNamesSize(); i++) { if ((cipher_names[i].cipherSuite0 == cipherSuite0) && @@ -17828,6 +17853,323 @@ const char* GetCipherNameInternal(const byte cipherSuite0, const byte cipherSuit return nameInternal; } +#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) +const char* GetCipherProtocol(const byte minor) +{ + const char* protocol; + + /* Protocol that matches OpenSSL's protocol version. */ + switch (minor) { + case TLSv1_MINOR : + protocol = "TLSv1"; + break; + case TLSv1_2_MINOR : + protocol = "TLSv1.2"; + break; + case TLSv1_3_MINOR : + protocol = "TLSv1.3"; + break; + case SSLv3_MINOR : + protocol = "SSLv3"; + break; + default : + protocol = "unknown"; + } + return protocol; +} + +const char* GetCipherKeaStr(char n[][MAX_SEGMENT_SZ]) { + const char* keaStr = NULL; + const char *n0,*n1,*n2,*n3,*n4; + n0 = n[0]; + n1 = n[1]; + n2 = n[2]; + n3 = n[3]; + n4 = n[4]; + + if (XSTRNCMP(n0,"ECDHE",5) == 0 && XSTRNCMP(n1,"PSK",3) == 0) + keaStr = "ECDHEPSK"; + else if (XSTRNCMP(n0,"ECDH",4) == 0) + keaStr = "ECDH"; + else if (XSTRNCMP(n0,"DHE",3) == 0 && XSTRNCMP(n1,"PSK",3) == 0) + keaStr = "DHEPSK"; + else if (XSTRNCMP(n0,"DHE",3) == 0) + keaStr = "DH"; + else if (XSTRNCMP(n0,"RSA",3) == 0 && XSTRNCMP(n1,"PSK",3) == 0) + keaStr = "RSAPSK"; + else if (XSTRNCMP(n0,"SRP",3) == 0) + keaStr = "SRP"; + else if (XSTRNCMP(n0,"PSK",3) == 0) + keaStr = "PSK"; + else if (XSTRNCMP(n0,"EDH",3) == 0) + keaStr = "EDH"; + else if ((XSTRNCMP(n1,"SHA",3) == 0) || (XSTRNCMP(n2,"SHA",3) == 0) || + (XSTRNCMP(n3,"SHA",3) == 0) || (XSTRNCMP(n4,"SHA",3) == 0) || + (XSTRNCMP(n2,"RSA",3) == 0) || (XSTRNCMP(n0,"AES128",6) == 0) || + (XSTRNCMP(n0,"AES256",6) == 0) || (XSTRNCMP(n1,"MD5",3) == 0)) + keaStr = "RSA"; + else + keaStr = "unknown"; + + return keaStr; +} + +const char* GetCipherAuthStr(char n[][MAX_SEGMENT_SZ]) { + + const char* authStr = NULL; + const char *n0,*n1,*n2; + n0 = n[0]; + n1 = n[1]; + n2 = n[2]; + + if ((XSTRNCMP(n0,"AES128",6) == 0) || (XSTRNCMP(n0,"AES256",6) == 0) || + ((XSTRNCMP(n0,"TLS13",5) == 0) && ((XSTRNCMP(n1,"AES128",6) == 0) || + (XSTRNCMP(n1,"AES256",6) == 0) || (XSTRNCMP(n1,"CHACHA20",8) == 0))) || + (XSTRNCMP(n0,"RSA",3) == 0) || (XSTRNCMP(n1,"RSA",3) == 0) || + (XSTRNCMP(n1,"SHA",3) == 0) || (XSTRNCMP(n2,"SHA",3) == 0) || + (XSTRNCMP(n1,"MD5",3) == 0)) + authStr = "RSA"; + else if (XSTRNCMP(n0,"PSK",3) == 0 || XSTRNCMP(n1,"PSK",3) == 0) + authStr = "PSK"; + else if (XSTRNCMP(n0,"SRP",3) == 0 && XSTRNCMP(n1,"AES",3) == 0) + authStr = "SRP"; + else if (XSTRNCMP(n1,"ECDSA",5) == 0) + authStr = "ECDSA"; + else + authStr = "unknown"; + + return authStr; +} + +const char* GetCipherEncStr(char n[][MAX_SEGMENT_SZ]) { + const char* encStr = NULL; + const char *n0,*n1,*n2,*n3; + n0 = n[0]; + n1 = n[1]; + n2 = n[2]; + n3 = n[3]; + + if ((XSTRNCMP(n0,"AES256",6) == 0 && XSTRNCMP(n1,"GCM",3) == 0) || + (XSTRNCMP(n1,"AES256",6) == 0 && XSTRNCMP(n2,"GCM",3) == 0) || + (XSTRNCMP(n2,"AES256",6) == 0 && XSTRNCMP(n3,"GCM",3) == 0)) + encStr = "AESGCM(256)"; + + else if ((XSTRNCMP(n0,"AES128",6) == 0 && XSTRNCMP(n1,"GCM",3) == 0) || + (XSTRNCMP(n1,"AES128",6) == 0 && XSTRNCMP(n2,"GCM",3) == 0) || + (XSTRNCMP(n2,"AES128",6) == 0 && XSTRNCMP(n3,"GCM",3) == 0)) + encStr = "AESGCM(128)"; + + else if ((XSTRNCMP(n0,"AES128",6) == 0 && XSTRNCMP(n1,"CCM",3) == 0) || + (XSTRNCMP(n1,"AES128",6) == 0 && XSTRNCMP(n2,"CCM",3) == 0) || + (XSTRNCMP(n2,"AES128",6) == 0 && XSTRNCMP(n3,"CCM",3) == 0)) + encStr = "AESCCM(128)"; + + else if ((XSTRNCMP(n0,"AES128",6) == 0) || + (XSTRNCMP(n1,"AES128",6) == 0) || + (XSTRNCMP(n2,"AES128",6) == 0) || + (XSTRNCMP(n1,"AES",3) == 0 && XSTRNCMP(n2,"128",3) == 0) || + (XSTRNCMP(n2,"AES",3) == 0 && XSTRNCMP(n3,"128",3) == 0)) + encStr = "AES(128)"; + + else if ((XSTRNCMP(n0,"AES256",6) == 0) || + (XSTRNCMP(n1,"AES256",6) == 0) || + (XSTRNCMP(n2,"AES256",6) == 0) || + (XSTRNCMP(n1,"AES",3) == 0 && XSTRNCMP(n2,"256",3) == 0) || + (XSTRNCMP(n2,"AES",3) == 0 && XSTRNCMP(n3,"256",3) == 0)) + encStr = "AES(256)"; + + else if ((XSTRNCMP(n0,"CAMELLIA256",11) == 0) || + (XSTRNCMP(n2,"CAMELLIA256",11) == 0)) + encStr = "CAMELLIA(256)"; + else if ((XSTRNCMP(n0,"CAMELLIA128",11) == 0) || + (XSTRNCMP(n2,"CAMELLIA128",11) == 0)) + encStr = "CAMELLIA(128)"; + else if ((XSTRNCMP(n0,"RC4",3) == 0) || (XSTRNCMP(n2,"RC4",3) == 0)) + encStr = "RC4"; + else if (((XSTRNCMP(n0,"DES",3) == 0) || (XSTRNCMP(n2,"DES",3) == 0)) && + ((XSTRNCMP(n1,"CBC3",4) == 0) || (XSTRNCMP(n3,"CBC3",4) == 0))) + encStr = "3DES"; + else if ((XSTRNCMP(n1,"CHACHA20",8) == 0 && XSTRNCMP(n2,"POLY1305",8) == 0) || + (XSTRNCMP(n2,"CHACHA20",8) == 0 && XSTRNCMP(n3,"POLY1305",8) == 0)) + encStr = "CHACHA20/POLY1305(256)"; + else if ((XSTRNCMP(n0,"NULL",4) == 0) || (XSTRNCMP(n1,"NULL",4) == 0) || + (XSTRNCMP(n2,"NULL",4) == 0)) + encStr = "None"; + else if ((XSTRNCMP(n0,"IDEA",4) == 0)) + encStr = "IDEA"; + else if ((XSTRNCMP(n0,"RABBIT",4) == 0)) + encStr = "RABBIT"; + else if ((XSTRNCMP(n0,"HC128",5) == 0)) + encStr = "HC128"; + else + encStr = "unknown"; + + return encStr; +} + +const char* GetCipherMacStr(char n[][MAX_SEGMENT_SZ]) { + + const char* macStr = NULL; + const char *n1,*n2,*n3,*n4; + n1 = n[1]; + n2 = n[2]; + n3 = n[3]; + n4 = n[4]; + + if ((XSTRNCMP(n4,"SHA256",6) == 0) || (XSTRNCMP(n3,"SHA256",6) == 0) || + (XSTRNCMP(n2,"SHA256",6) == 0) || (XSTRNCMP(n1,"SHA256",6) == 0)) + macStr = "SHA256"; + else if ((XSTRNCMP(n4,"SHA384",6) == 0) || + (XSTRNCMP(n3,"SHA384",6) == 0) || + (XSTRNCMP(n2,"SHA384",6) == 0) || + (XSTRNCMP(n1,"SHA384",6) == 0)) + macStr = "SHA384"; + else if ((XSTRNCMP(n4,"SHA",3) == 0) || (XSTRNCMP(n3,"SHA",3) == 0) || + (XSTRNCMP(n2,"SHA",3) == 0) || (XSTRNCMP(n1,"SHA",3) == 0) || + (XSTRNCMP(n1,"MD5",3) == 0)) + macStr = "SHA1"; + else if ((XSTRNCMP(n3,"GCM",3) == 0) || + (XSTRNCMP(n1,"CCM",3) == 0) || + (XSTRNCMP(n2,"CCM",3) == 0) || (XSTRNCMP(n3,"CCM",3) == 0) || + (XSTRNCMP(n1,"CHACHA20",8) == 0 && XSTRNCMP(n2,"POLY1305",8) == 0) || + (XSTRNCMP(n2,"CHACHA20",8) == 0 && XSTRNCMP(n3,"POLY1305",8) == 0)) + macStr = "AEAD"; + else + macStr = "unknown"; + + return macStr; +} + +int SetCipherBits(const char* enc) { + int ret = WOLFSSL_FAILURE; + + if ((XSTRNCMP(enc,"AESGCM(256)",11) == 0) || + (XSTRNCMP(enc,"AES(256)",8) == 0) || + (XSTRNCMP(enc,"CAMELLIA(256)",13) == 0) || + (XSTRNCMP(enc,"CHACHA20/POLY1305(256)",22) == 0)) + ret = 256; + else if + ((XSTRNCMP(enc,"3DES",4) == 0)) + ret = 168; + else if + ((XSTRNCMP(enc,"AESGCM(128)",11) == 0) || + (XSTRNCMP(enc,"AES(128)",8) == 0) || + (XSTRNCMP(enc,"CAMELLIA(128)",13) == 0) || + (XSTRNCMP(enc,"IDEA",4) == 0) || + (XSTRNCMP(enc,"RC4",3) == 0)) + ret = 128; + else if + ((XSTRNCMP(enc,"DES",3) == 0)) + ret = 56; + + return ret; +} +/* Creates cipher->description based on cipher->offset + * cipher->offset is set in wolfSSL_get_ciphers_compat when it is added + * to a stack of ciphers. + * @param [in] cipher: A cipher from a stack of ciphers. + * return WOLFSSL_SUCCESS if cipher->description is set, else WOLFSSL_FAILURE + */ +int wolfSSL_sk_CIPHER_description(WOLFSSL_CIPHER* cipher) +{ + int ret = WOLFSSL_FAILURE; + int i,j,k; + int strLen; + unsigned long offset; + char *dp = cipher->description; + const char* name; + const char *keaStr, *authStr, *encStr, *macStr, *protocol; + char n[MAX_SEGMENTS][MAX_SEGMENT_SZ] = {{0}}; + uint8_t len = UINT8_SZ-1; + WOLFSSL_ENTER("wolfSSL_CIPHER_sk_description"); + + if (cipher == NULL) + return WOLFSSL_FAILURE; + + offset = cipher->offset; + protocol = GetCipherProtocol(cipher_names[offset].minor); + name = cipher_names[offset].name; + + if (name == NULL) + return ret; + + /* Segment cipher name into n[n0,n1,n2,n4] + * These are used later for comparisons to create: + * keaStr, authStr, encStr, macStr + * + * If cipher_name = ECDHE-ECDSA-AES256-SHA + * then n0 = "ECDHE", n1 = "ECDSA", n2 = "AES256", n3 = "SHA" + * and n = [n0,n1,n2,n3,0] + */ + strLen = (int)XSTRLEN(name); + + for(i=0,j=0,k=0; i < strLen; i++) { + if(name[i] != '-' && k < MAX_SEGMENTS && j < MAX_SEGMENT_SZ) { + n[k][j] = name[i]; /* Fill kth segment string until '-' */ + j++; + } + else if(k < MAX_SEGMENTS && j < MAX_SEGMENT_SZ) { + n[k][j] = '\0'; + j = 0; + k++; + } + } + /* keaStr */ + keaStr = GetCipherKeaStr(n); + /* authStr */ + authStr = GetCipherAuthStr(n); + /* encStr */ + encStr = GetCipherEncStr(n); + if ((cipher->bits = SetCipherBits(encStr)) == WOLFSSL_FAILURE) { + WOLFSSL_MSG("Cipher Bits Not Set."); + } + /* macStr */ + macStr = GetCipherMacStr(n); + + + /* Build up the string by copying onto the end. */ + XSTRNCPY(dp, name, len); + dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp); + len -= (int)strLen; dp += strLen; + + XSTRNCPY(dp, " ", len); + dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp); + len -= (int)strLen; dp += strLen; + XSTRNCPY(dp, protocol, len); + dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp); + len -= (int)strLen; dp += strLen; + + XSTRNCPY(dp, " Kx=", len); + dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp); + len -= (int)strLen; dp += strLen; + XSTRNCPY(dp, keaStr, len); + dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp); + len -= (int)strLen; dp += strLen; + + XSTRNCPY(dp, " Au=", len); + dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp); + len -= (int)strLen; dp += strLen; + XSTRNCPY(dp, authStr, len); + dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp); + len -= (int)strLen; dp += strLen; + + XSTRNCPY(dp, " Enc=", len); + dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp); + len -= (int)strLen; dp += strLen; + XSTRNCPY(dp, encStr, len); + dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp); + len -= (int)strLen; dp += strLen; + + XSTRNCPY(dp, " Mac=", len); + dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp); + len -= (int)strLen; dp += strLen; + XSTRNCPY(dp, macStr, len); + dp[len-1] = '\0'; + + return WOLFSSL_SUCCESS; +} +#endif /* WOLFSSL_QT || OPENSSL_ALL */ + const char* GetCipherNameIana(const byte cipherSuite0, const byte cipherSuite) { #ifndef NO_ERROR_STRINGS @@ -25595,7 +25937,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, } } -#ifdef HAVE_TLS_EXTENSIONS +#if defined(HAVE_TLS_EXTENSIONS) && defined(HAVE_DH_DEFAULT_PARAMS) #if defined(HAVE_FFDHE) && defined(HAVE_SUPPORTED_CURVES) if (TLSX_Find(ssl->extensions, TLSX_SUPPORTED_GROUPS) != NULL) { /* Set FFDHE parameters or clear DHE parameters if FFDH parameters diff --git a/src/ocsp.c b/src/ocsp.c index 81dae7b00..b7dbac885 100644 --- a/src/ocsp.c +++ b/src/ocsp.c @@ -989,11 +989,21 @@ int wolfSSL_OCSP_id_get0_info(WOLFSSL_ASN1_STRING **name, } ser->dataMax = cid->serialSz + 2; ser->isDynamic = 1; + } else { + /* Use array instead of dynamic memory */ + ser->data = ser->intData; + ser->dataMax = WOLFSSL_ASN1_INTEGER_MAX; } - ser->data[i++] = ASN_INTEGER; - i += SetLength(cid->serialSz, ser->data + i); - XMEMCPY(&ser->data[i], cid->serial, cid->serialSz); + #ifdef WOLFSSL_QT + /* Serial number starts at 0 index of ser->data */ + XMEMCPY(&ser->data[i], cid->serial, cid->serialSz); + ser->length = cid->serialSz; + #else + ser->data[i++] = ASN_INTEGER; + i += SetLength(cid->serialSz, ser->data + i); + XMEMCPY(&ser->data[i], cid->serial, cid->serialSz); + #endif cid->serialInt = ser; *serial = cid->serialInt; diff --git a/src/ssl.c b/src/ssl.c index 039aac212..5aa21ac6e 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -88,6 +88,7 @@ #include #include #include + #include /* openssl headers end, wolfssl internal headers next */ #include #include @@ -123,6 +124,10 @@ int oid2nid(word32 oid, int grp); #endif +#if defined(WOLFSSL_QT) + #include +#endif + #ifdef NO_ASN #include #endif @@ -2139,7 +2144,7 @@ WOLFSSL_API int wolfSSL_UseTrustedCA(WOLFSSL* ssl, byte type, #ifndef NO_SHA else if (type == WOLFSSL_TRUSTED_CA_KEY_SHA1 || type == WOLFSSL_TRUSTED_CA_CERT_SHA1) { - if (certId == NULL || certIdSz != SHA_DIGEST_SIZE) + if (certId == NULL || certIdSz != WC_SHA_DIGEST_SIZE) return BAD_FUNC_ARG; } #endif @@ -6196,6 +6201,12 @@ int wolfSSL_CertManagerVerifyBuffer(WOLFSSL_CERT_MANAGER* cm, const byte* buff, if (ret == 0) ret = ParseCertRelative(cert, CERT_TYPE, 1, cm); +#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) + /* ret needs to be self-singer error for Qt compat */ + if (ret == ASN_NO_SIGNER_E && cert->selfSigned) + ret = ASN_SELF_SIGNED_E; +#endif + #ifdef HAVE_CRL if (ret == 0 && cm->crlEnabled) ret = CheckCertCRL(cm->crl, cert); @@ -6327,18 +6338,8 @@ int wolfSSL_CertManagerDisableOCSPStapling(WOLFSSL_CERT_MANAGER* cm) #endif return ret; } -#if defined(SESSION_CERTS) -WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_get_peer_cert_chain(const WOLFSSL* ssl) -{ - WOLFSSL_ENTER("wolfSSL_get_peer_cert_chain"); - if ((ssl == NULL) || (ssl->session.chain.count == 0)) - return NULL; - else - return (WOLF_STACK_OF(WOLFSSL_X509)* )&ssl->session.chain; -} -#endif -#ifdef HAVE_OCSP +#ifdef HAVE_OCSP /* check CRL if enabled, WOLFSSL_SUCCESS */ int wolfSSL_CertManagerCheckOCSP(WOLFSSL_CERT_MANAGER* cm, byte* der, int sz) { @@ -7636,8 +7637,100 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** out, unsigned char** in, } #endif /* HAVE_ECC */ - return pkey; + #if !defined(NO_DSA) + { + DsaKey dsa; + word32 keyIdx = 0; + /* test if DSA key */ + if (wc_InitDsaKey(&dsa) == 0 && + wc_DsaPublicKeyDecode(mem, &keyIdx, &dsa, (word32)memSz) == 0) { + wc_FreeDsaKey(&dsa); + pkey = wolfSSL_PKEY_new(); + + if (pkey != NULL) { + pkey->pkey_sz = keyIdx; + pkey->pkey.ptr = (char*)XMALLOC(memSz, NULL, + DYNAMIC_TYPE_PUBLIC_KEY); + if (pkey->pkey.ptr == NULL) { + wolfSSL_EVP_PKEY_free(pkey); + return NULL; + } + XMEMCPY(pkey->pkey.ptr, mem, keyIdx); + pkey->type = EVP_PKEY_DSA; + if (out != NULL) { + *out = pkey; + } + + pkey->ownDsa = 1; + pkey->dsa = wolfSSL_DSA_new(); + if (pkey->dsa == NULL) { + wolfSSL_EVP_PKEY_free(pkey); + return NULL; + } + + + if (wolfSSL_DSA_LoadDer_ex(pkey->dsa, + (const unsigned char*)pkey->pkey.ptr, + pkey->pkey_sz, WOLFSSL_DSA_LOAD_PUBLIC) != 1) { + wolfSSL_EVP_PKEY_free(pkey); + return NULL; + } + + return pkey; + } + } + wc_FreeDsaKey(&dsa); + } + #endif /* NO_DSA */ + + #if !defined(NO_DH) && (defined(WOLFSSL_QT) || defined(OPENSSL_ALL)) + { + DhKey dh; + word32 keyIdx = 0; + + /* test if DH key */ + if (wc_InitDhKey(&dh) == 0 && + wc_DhKeyDecode(mem, &keyIdx, &dh, (word32)memSz) == 0) { + wc_FreeDhKey(&dh); + pkey = wolfSSL_PKEY_new(); + + if (pkey != NULL) { + pkey->pkey_sz = (int)memSz; + pkey->pkey.ptr = (char*)XMALLOC(memSz, NULL, + DYNAMIC_TYPE_PUBLIC_KEY); + if (pkey->pkey.ptr == NULL) { + wolfSSL_EVP_PKEY_free(pkey); + return NULL; + } + XMEMCPY(pkey->pkey.ptr, mem, memSz); + pkey->type = EVP_PKEY_DH; + if (out != NULL) { + *out = pkey; + } + + pkey->ownDh = 1; + pkey->dh = wolfSSL_DH_new(); + if (pkey->dh == NULL) { + wolfSSL_EVP_PKEY_free(pkey); + return NULL; + } + + if (wolfSSL_DH_LoadDer(pkey->dh, + (const unsigned char*)pkey->pkey.ptr, + pkey->pkey_sz) != WOLFSSL_SUCCESS) { + wolfSSL_EVP_PKEY_free(pkey); + return NULL; + } + + return pkey; + } + } + wc_FreeDhKey(&dh); + } + #endif /* !NO_DH && (WOLFSSL_QT || OPENSSL_ALL) */ + + return pkey; } @@ -7741,7 +7834,40 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey(int type, WOLFSSL_EVP_PKEY** out, } break; #endif /* HAVE_ECC */ - +#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) +#ifndef NO_DSA + case EVP_PKEY_DSA: + local->ownDsa = 1; + local->dsa = wolfSSL_DSA_new(); + if (local->dsa == NULL) { + wolfSSL_EVP_PKEY_free(local); + return NULL; + } + if (wolfSSL_DSA_LoadDer(local->dsa, + (const unsigned char*)local->pkey.ptr, local->pkey_sz) + != SSL_SUCCESS) { + wolfSSL_EVP_PKEY_free(local); + return NULL; + } + break; +#endif /* NO_DSA */ +#ifndef NO_DH + case EVP_PKEY_DH: + local->ownDh = 1; + local->dh = wolfSSL_DH_new(); + if (local->dh == NULL) { + wolfSSL_EVP_PKEY_free(local); + return NULL; + } + if (wolfSSL_DH_LoadDer(local->dh, + (const unsigned char*)local->pkey.ptr, local->pkey_sz) + != SSL_SUCCESS) { + wolfSSL_EVP_PKEY_free(local); + return NULL; + } + break; +#endif /* HAVE_DH */ +#endif /* WOLFSSL_QT || OPENSSL_ALL */ default: WOLFSSL_MSG("Unsupported key type"); wolfSSL_EVP_PKEY_free(local); @@ -8351,7 +8477,7 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) } gn->type = dns->type; - gn->d.ia5->length = (int)XSTRLEN(dns->name); + gn->d.ia5->length = dns->len; if (wolfSSL_ASN1_STRING_set(gn->d.ia5, dns->name, gn->d.ia5->length) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("ASN1_STRING_set failed"); @@ -9177,9 +9303,16 @@ void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c, wolfSSL_sk_free(sk); return NULL; } + gn->d.dNSName = wolfSSL_ASN1_STRING_new(); + if (gn->d.dNSName == NULL) { + WOLFSSL_MSG("ASN1_STRING_new failed\n"); + wolfSSL_GENERAL_NAME_free(gn); + wolfSSL_sk_free(sk); + return NULL; + } gn->type = dns->type; - gn->d.ia5->length = (int)XSTRLEN(dns->name); + gn->d.ia5->length = dns->len; if (wolfSSL_ASN1_STRING_set(gn->d.ia5, dns->name, gn->d.ia5->length) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("ASN1_STRING_set failed"); @@ -13514,6 +13647,10 @@ int wolfSSL_set_compression(WOLFSSL* ssl) if (hint == 0) ctx->server_hint[0] = '\0'; else { + /* Qt does not call CTX_set_*_psk_callbacks where havePSK is set */ + #ifdef WOLFSSL_QT + ctx->havePSK=1; + #endif XSTRNCPY(ctx->server_hint, hint, MAX_PSK_ID_LEN); ctx->server_hint[MAX_PSK_ID_LEN] = '\0'; /* null term */ } @@ -13935,6 +14072,20 @@ int wolfSSL_set_compression(WOLFSSL* ssl) return WOLFSSL_SUCCESS; } + int wolfSSL_OpenSSL_add_all_algorithms_conf(void) + { + WOLFSSL_ENTER("wolfSSL_OpenSSL_add_all_algorithms_conf"); + /* This function is currently the same as + wolfSSL_OpenSSL_add_all_algorithms_noconf since we do not employ + the use of a wolfssl.cnf type configuration file and is only used for + OpenSSL compatability. */ + + if (wolfSSL_add_all_algorithms() == WOLFSSL_FATAL_ERROR) { + return WOLFSSL_FATAL_ERROR; + } + return WOLFSSL_SUCCESS; + } + /* returns previous set cache size which stays constant */ long wolfSSL_CTX_sess_set_cache_size(WOLFSSL_CTX* ctx, long sz) { @@ -14618,6 +14769,19 @@ int wolfSSL_set_compression(WOLFSSL* ssl) return; ctx->verify_cb = verify_cb; } + +#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) + void wolfSSL_X509_STORE_set_verify_cb(WOLFSSL_X509_STORE *st, + WOLFSSL_X509_STORE_CTX_verify_cb verify_cb) + { + WOLFSSL_ENTER("WOLFSSL_X509_STORE_set_verify_cb"); + if (st != NULL) { + st->verify_cb = verify_cb; + } + } +#endif + + #endif /* !NO_CERTS */ WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_buffer(void) @@ -16249,6 +16413,16 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) return WOLFSSL_SUCCESS; } + /* Permanent stub for Qt compilation. */ + #if defined(WOLFSSL_QT) && !defined(NO_WOLFSSL_STUB) + const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_rc2_cbc(void) + { + WOLFSSL_ENTER("wolfSSL_EVP_rc2_cbc"); + WOLFSSL_STUB("EVP_rc2_cbc"); + return NULL; + } + #endif + #ifndef NO_AES static int AesSetKey_ex(Aes* aes, const byte* key, word32 len, const byte* iv, int dir, int direct) @@ -17739,13 +17913,18 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) /* WOLFSSL_MODE_ACCEPT_MOVING_WRITE_BUFFER is wolfSSL default mode */ WOLFSSL_ENTER("SSL_CTX_set_mode"); - if (mode == SSL_MODE_ENABLE_PARTIAL_WRITE) - ctx->partialWrite = 1; - #ifdef DEBUG_WOLFSSL - else { - WOLFSSL_MSG("mode is not supported."); + switch(mode) { + case SSL_MODE_ENABLE_PARTIAL_WRITE: + ctx->partialWrite = 1; + break; + #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) + case SSL_MODE_RELEASE_BUFFERS: + WOLFSSL_MSG("SSL_MODE_RELEASE_BUFFERS not implemented."); + break; + #endif + default: + WOLFSSL_MSG("Mode Not Implemented"); } - #endif return mode; } @@ -18014,6 +18193,8 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) #else DecodedCert cert[1]; #endif + if (x509 == NULL || in == NULL || len <= 0) + return BAD_FUNC_ARG; #ifdef WOLFSSL_SMALL_STACK cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, @@ -18026,7 +18207,9 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) */ InitDecodedCert(cert, (byte*)in, len, NULL); if ((ret = ParseCertRelative(cert, CERT_TYPE, 0, NULL)) == 0) { - InitX509(x509, 0, NULL); + /* Check if x509 was not previously initialized by wolfSSL_X509_new() */ + if (x509->dynamicMemory != TRUE) + InitX509(x509, 0, NULL); ret = CopyDecodedToX509(x509, cert); FreeDecodedCert(cert); } @@ -18062,6 +18245,80 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) #endif /* KEEP_PEER_CERT */ +#if defined(SESSION_CERTS) +/* Return stack of peer certs. + * If Qt or OPENSSL_ALL is defined then return ssl->peerCertChain. + * All other cases return &ssl->session.chain + * ssl->peerCertChain is type WOLFSSL_STACK* + * ssl->session.chain is type WOLFSSL_X509_CHAIN + * Caller does not need to free return. The stack is Free'd when WOLFSSL* ssl is. + */ +WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_get_peer_cert_chain(const WOLFSSL* ssl) +{ + WOLFSSL_STACK* sk; + WOLFSSL_ENTER("wolfSSL_get_peer_cert_chain"); + + if (ssl == NULL) + return NULL; + + #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) + if (ssl->peerCertChain == NULL) + wolfSSL_set_peer_cert_chain((WOLFSSL*) ssl); + sk = ssl->peerCertChain; + #else + sk = (WOLF_STACK_OF(WOLFSSL_X509)* )&ssl->session.chain; + #endif + + if (sk == NULL) { + WOLFSSL_MSG("Error: Null Peer Cert Chain"); + } + return sk; +} + +#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) +WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_set_peer_cert_chain(WOLFSSL* ssl) +{ + WOLFSSL_STACK* sk; + WOLFSSL_X509* x509; + int i = 0; + int ret; + + WOLFSSL_ENTER("wolfSSL_set_peer_cert_chain"); + if ((ssl == NULL) || (ssl->session.chain.count == 0)) + return NULL; + + sk = wolfSSL_sk_X509_new(); + i = ssl->session.chain.count-1; + for (; i >= 0; i--) { + /* For servers, the peer certificate chain does not include the peer + certificate, so do not add it to the stack */ + if (ssl->options.side == WOLFSSL_SERVER_END && i == 0) + continue; + x509 = wolfSSL_X509_new(); + if (x509 == NULL) { + WOLFSSL_MSG("Error Creating X509"); + return NULL; + } + ret = DecodeToX509(x509, ssl->session.chain.certs[i].buffer, + ssl->session.chain.certs[i].length); + + if (ret != 0 || wolfSSL_sk_X509_push(sk, x509) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("Error decoding cert"); + wolfSSL_X509_free(x509); + wolfSSL_sk_X509_free(sk); + return NULL; + } + } + + if (sk == NULL) { + WOLFSSL_MSG("Null session chain"); + } + /* This is Free'd when ssl is Free'd */ + ssl->peerCertChain = sk; + return sk; +} +#endif /* OPENSSL_ALL || WOLFSSL_QT */ +#endif /* SESSION_CERTS */ #ifndef NO_CERTS #if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) || \ @@ -18145,6 +18402,109 @@ char* wolfSSL_X509_NAME_oneline(WOLFSSL_X509_NAME* name, char* in, int sz) return in; } +#if defined(OPENSSL_EXTRA) && defined(XSNPRINTF) +/* Copies X509 subject name into a buffer, with comma-separated name entries + * (matching OpenSSL v1.0.0 format) + * Example Output for Issuer: + * + * C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, + * CN=www.wolfssl.com, emailAddress=info@wolfssl.com + */ +char* wolfSSL_X509_get_name_oneline(WOLFSSL_X509_NAME* name, char* in, int sz) +{ + WOLFSSL_X509_NAME_ENTRY* entry; + int nameSz, strSz, count, i, idx = 0; + int totalSz = 0; + char *str; + char tmpBuf[256]; + char buf[80]; + const char* sn; + WOLFSSL_ENTER("wolfSSL_X509_get_name_oneline"); + (void)sz; + + if (name == NULL) { + WOLFSSL_MSG("wolfSSL_X509_get_subject_name failed"); + return NULL; + } + #ifdef WOLFSSL_STATIC_MEMORY + if (!in) { + WOLFSSL_MSG("Using static memory -- please pass in a buffer"); + return NULL; + } + #endif + + tmpBuf[0] = '\0'; /* Make sure tmpBuf is NULL terminated */ + /* Loop through X509 name entries and copy new format to buffer */ + count = wolfSSL_X509_NAME_entry_count(name); + for (i = 0; i < count; i++) { + + /* Get name entry and size */ + entry = wolfSSL_X509_NAME_get_entry(name, i); + if (entry == NULL) { + WOLFSSL_MSG("X509_NAME_get_entry failed"); + return NULL; + } + nameSz = wolfSSL_X509_NAME_get_text_by_NID(name, entry->nid, buf, + sizeof(buf)); + if (nameSz < 0) { + WOLFSSL_MSG("X509_NAME_get_text_by_NID failed"); + return NULL; + } + + /* Get short name */ + sn = wolfSSL_OBJ_nid2sn(entry->nid); + if (sn == NULL) { + WOLFSSL_MSG("OBJ_nid2sn failed"); + return NULL; + } + + /* Copy sn and name text to buffer + * Add extra strSz for '=', ',', ' ' and '\0' characters in XSNPRINTF. + */ + if (i != count - 1) { + strSz = (int)XSTRLEN(sn) + nameSz + 4; + totalSz+= strSz; + str = (char*)XMALLOC(strSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (str == NULL) { + WOLFSSL_MSG("Memory error"); + return NULL; + } + XSNPRINTF(str, strSz, "%s=%s, ", sn, buf); + } + else { + /* Copy last name entry + * Add extra strSz for '=' and '\0' characters in XSNPRINTF. + */ + strSz = (int)XSTRLEN(sn) + nameSz + 2; + totalSz+= strSz; + str = (char*)XMALLOC(strSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (str == NULL) { + WOLFSSL_MSG("Memory error"); + return NULL; + } + XSNPRINTF(str, strSz, "%s=%s", sn, buf); + } + /* Copy string to tmpBuf */ + XSTRNCAT(tmpBuf, str, strSz); + idx += strSz; + XFREE(str, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } + + /* Allocate space based on total string size if no buffer was provided */ + if (!in) { + in = (char*)XMALLOC(totalSz+1, NULL, DYNAMIC_TYPE_OPENSSL); + if (in == NULL) { + WOLFSSL_MSG("Memory error"); + return in; + } + } + XMEMCPY(in, tmpBuf, totalSz); + in[totalSz] = '\0'; + + return in; +} +#endif + /* Wraps wolfSSL_X509_d2i * @@ -18153,7 +18513,13 @@ char* wolfSSL_X509_NAME_oneline(WOLFSSL_X509_NAME* name, char* in, int sz) WOLFSSL_X509* wolfSSL_d2i_X509(WOLFSSL_X509** x509, const unsigned char** in, int len) { - return wolfSSL_X509_d2i(x509, *in, len); + WOLFSSL_X509* newX509 = NULL; + + newX509 = wolfSSL_X509_d2i(x509, *in, len); + if (newX509 != NULL) { + *in += len; + } + return newX509; } @@ -18179,10 +18545,8 @@ WOLFSSL_X509* wolfSSL_X509_d2i(WOLFSSL_X509** x509, const byte* in, int len) InitDecodedCert(cert, (byte*)in, len, NULL); if (ParseCertRelative(cert, CERT_TYPE, 0, NULL) == 0) { - newX509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL, - DYNAMIC_TYPE_X509); + newX509 = wolfSSL_X509_new(); if (newX509 != NULL) { - InitX509(newX509, 1, NULL); if (CopyDecodedToX509(newX509, cert) != 0) { wolfSSL_X509_free(newX509); newX509 = NULL; @@ -18409,6 +18773,15 @@ WOLFSSL_X509* wolfSSL_X509_d2i(WOLFSSL_X509** x509, const byte* in, int len) return notAfterData; } + #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) && !defined(NO_WOLFSSL_STUB) + WOLFSSL_ASN1_TIME* wolfSSL_X509_gmtime_adj(WOLFSSL_ASN1_TIME *s, long adj) + { + (void) s; + (void) adj; + WOLFSSL_STUB("wolfSSL_X509_gmtime_adj"); + return NULL; + } + #endif /* get the buffer to be signed (tbs) from the WOLFSSL_X509 certificate * @@ -18574,6 +18947,7 @@ WOLFSSL_ASN1_TIME* wolfSSL_X509_get_notAfter(const WOLFSSL_X509* x509) int wolfSSL_sk_X509_push(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk, WOLFSSL_X509* x509) { WOLFSSL_STACK* node; + WOLFSSL_ENTER("wolfSSL_sk_X509_push"); if (sk == NULL || x509 == NULL) { return WOLFSSL_FAILURE; @@ -18785,14 +19159,8 @@ void wolfSSL_sk_ACCESS_DESCRIPTION_pop_free(WOLFSSL_STACK* sk, if (f) f(tmp->data.access); - else { - if(tmp->data.access->method) { - wolfSSL_ASN1_OBJECT_free(tmp->data.access->method); - } - if(tmp->data.access->location) { - wolfSSL_GENERAL_NAME_free(tmp->data.access->location); - } - } + else + wolfSSL_ACCESS_DESCRIPTION_free(tmp->data.access); tmp->data.access = NULL; XFREE(tmp, NULL, DYNAMIC_TYPE_ASN1); sk->num -= 1; @@ -18801,7 +19169,7 @@ void wolfSSL_sk_ACCESS_DESCRIPTION_pop_free(WOLFSSL_STACK* sk, /* free head of stack */ if (sk->num == 1) { if (f) - f(sk->data.access); + f(sk->data.access); else { if(sk->data.access->method) { @@ -18820,6 +19188,19 @@ void wolfSSL_sk_ACCESS_DESCRIPTION_free(WOLFSSL_STACK* sk) { wolfSSL_sk_ACCESS_DESCRIPTION_pop_free(sk, NULL); } + +void wolfSSL_ACCESS_DESCRIPTION_free(WOLFSSL_ACCESS_DESCRIPTION* access) +{ + WOLFSSL_ENTER("wolfSSL_ACCESS_DESCRIPTION_free"); + if (access == NULL) + return; + + if (access->method) + wolfSSL_ASN1_OBJECT_free(access->method); + if (access->location) + wolfSSL_GENERAL_NAME_free(access->location); + access = NULL; +} #endif #ifdef OPENSSL_EXTRA @@ -18828,6 +19209,7 @@ void wolfSSL_sk_ACCESS_DESCRIPTION_free(WOLFSSL_STACK* sk) * returns a new WOLFSSL_STACK structure on success */ WOLFSSL_STACK* wolfSSL_sk_new_node(void* heap) { + WOLFSSL_ENTER("wolfSSL_sk_new_node"); WOLFSSL_STACK* sk = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), heap, DYNAMIC_TYPE_OPENSSL); if (sk != NULL) { @@ -18868,6 +19250,41 @@ int wolfSSL_sk_push_node(WOLFSSL_STACK** stack, WOLFSSL_STACK* in) return WOLFSSL_SUCCESS; } +/* return 1 on success 0 on fail */ +int wolfSSL_sk_push(WOLFSSL_STACK* sk, const void *data) +{ + int ret = WOLFSSL_FAILURE; + WOLFSSL_ENTER("wolfSSL_sk_push"); + + switch (sk->type) { + #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) + case STACK_TYPE_X509: + ret = wolfSSL_sk_X509_push(sk, (WOLFSSL_X509*) data); + break; + case STACK_TYPE_CIPHER: + ret = wolfSSL_sk_CIPHER_push(sk, (WOLFSSL_CIPHER*) data); + break; + case STACK_TYPE_GEN_NAME: + ret = wolfSSL_sk_ASN1_OBJECT_push(sk, (WOLFSSL_ASN1_OBJECT*) data); + break; + case STACK_TYPE_ACCESS_DESCRIPTION: + ret = wolfSSL_sk_ACCESS_DESCRIPTION_push(sk, + (WOLFSSL_ACCESS_DESCRIPTION*) data); + break; + case STACK_TYPE_NULL: + ret = wolfSSL_sk_GENERIC_push(sk, (void*) data); + break; + case STACK_TYPE_OBJ: + ret = wolfSSL_sk_ASN1_OBJECT_push(sk, (WOLFSSL_ASN1_OBJECT*) data); + break; + #endif + default: + ret = wolfSSL_sk_ASN1_OBJECT_push(sk, (WOLFSSL_ASN1_OBJECT*) data); + break; + } + + return ret; +} /* Creates and returns new GENERAL_NAME structure */ WOLFSSL_GENERAL_NAME* wolfSSL_GENERAL_NAME_new(void) @@ -18906,6 +19323,7 @@ int wolfSSL_sk_GENERAL_NAME_push(WOLF_STACK_OF(WOLFSSL_GENERAL_NAME)* sk, if (sk->data.gn == NULL) { sk->data.gn = gn; sk->num += 1; + return WOLFSSL_SUCCESS; } @@ -19009,6 +19427,7 @@ void wolfSSL_sk_GENERAL_NAME_pop_free(WOLFSSL_STACK* sk, void wolfSSL_sk_GENERAL_NAME_free(WOLFSSL_STACK* sk) { + WOLFSSL_ENTER("sk_GENERAL_NAME_free"); wolfSSL_sk_GENERAL_NAME_pop_free(sk, NULL); } @@ -19186,6 +19605,235 @@ void wolfSSL_sk_X509_EXTENSION_pop_free( wolfSSL_sk_free_node(toFree); } } + +#if defined(HAVE_ECC) +/* Copies ecc_key into new WOLFSSL_EC_KEY object + * + * src : EC_KEY to duplicate. If EC_KEY is not null, create new EC_KEY and copy + * internal ecc_key from src to dup. + * + * Returns pointer to duplicate EC_KEY. + */ +WOLFSSL_EC_KEY *wolfSSL_EC_KEY_dup(const WOLFSSL_EC_KEY *src) +{ + WOLFSSL_EC_KEY *dup; + ecc_key *key; + int ret; + + WOLFSSL_ENTER("wolfSSL_EC_KEY_dup"); + + if (src == NULL || src->internal == NULL || src->group == NULL || \ + src->pub_key == NULL || src->priv_key == NULL) { + + WOLFSSL_MSG("src NULL error"); + return NULL; + } + + dup = wolfSSL_EC_KEY_new(); + if (dup == NULL) { + WOLFSSL_MSG("wolfSSL_EC_KEY_new error"); + return NULL; + } + + key = (ecc_key*)dup->internal; + if (key == NULL) { + WOLFSSL_MSG("ecc_key NULL error"); + wolfSSL_EC_KEY_free(dup); + return NULL; + } + + ret = mp_copy((mp_int*)src->internal, (mp_int*)dup->internal); + if (ret != MP_OKAY) { + WOLFSSL_MSG("mp_copy error"); + wolfSSL_EC_KEY_free(dup); + return NULL; + } + + /* Copy group */ + if (dup->group == NULL) { + WOLFSSL_MSG("EC_GROUP_new_by_curve_name error"); + wolfSSL_EC_KEY_free(dup); + return NULL; + } + + dup->group->curve_idx = src->group->curve_idx; + dup->group->curve_nid = src->group->curve_nid; + dup->group->curve_oid = src->group->curve_oid; + + /* Copy public key */ + if (src->pub_key->internal == NULL || dup->pub_key->internal == NULL) { + WOLFSSL_MSG("NULL pub_key error"); + wolfSSL_EC_KEY_free(dup); + return NULL; + } + + ret = wc_ecc_copy_point((ecc_point*)src->pub_key->internal, \ + (ecc_point*)dup->pub_key->internal); + if (ret != MP_OKAY) { + WOLFSSL_MSG("ecc_copy_point error"); + wolfSSL_EC_KEY_free(dup); + return NULL; + } + + /* Copy private key */ + if (src->priv_key->internal == NULL || dup->priv_key->internal == NULL) { + WOLFSSL_MSG("NULL priv_key error"); + wolfSSL_EC_KEY_free(dup); + return NULL; + } + + ret = mp_copy((mp_int*)src->priv_key->internal, \ + (mp_int*)dup->priv_key->internal); + if (ret != MP_OKAY) { + WOLFSSL_MSG("mp_copy error"); + wolfSSL_EC_KEY_free(dup); + return NULL; + } + src->priv_key->neg = dup->priv_key->neg; + + return dup; + +} +#endif /* HAVE_ECC */ + +#if !defined(NO_DH) +int wolfSSL_DH_check(const WOLFSSL_DH *dh, int *codes) +{ + int isPrime = MP_NO, codeTmp = 0; + WC_RNG rng; + + WOLFSSL_ENTER("wolfSSL_DH_check"); + if (dh == NULL){ + return WOLFSSL_FAILURE; + } + + if (dh->g == NULL || dh->g->internal == NULL){ + codeTmp = DH_NOT_SUITABLE_GENERATOR; + } + + if (dh->p == NULL || dh->p->internal == NULL){ + codeTmp = DH_CHECK_P_NOT_PRIME; + } + else + { + /* test if dh->p has prime */ + if (wc_InitRng(&rng) == 0){ + mp_prime_is_prime_ex((mp_int*)dh->p->internal,8,&isPrime,&rng); + } + else { + WOLFSSL_MSG("Error initializing rng\n"); + return WOLFSSL_FAILURE; + } + wc_FreeRng(&rng); + if (isPrime != MP_YES){ + codeTmp = DH_CHECK_P_NOT_PRIME; + } + } + /* User may choose to enter NULL for codes if they don't want to check it*/ + if (codes != NULL){ + *codes = codeTmp; + } + + /* if codeTmp was set,some check was flagged invalid */ + if (codeTmp){ + return WOLFSSL_FAILURE; + } + + return WOLFSSL_SUCCESS; +} + +/* Converts DER encoded DH parameters to a WOLFSSL_DH structure. + * + * dh : structure to copy DH parameters into. + * pp : DER encoded DH parameters + * length : length to copy + * + * Returns pointer to WOLFSSL_DH structure on success, or NULL on failure + */ +WOLFSSL_DH *wolfSSL_d2i_DHparams(WOLFSSL_DH **dh, const unsigned char **pp, + long length) +{ + WOLFSSL_ENTER("wolfSSL_d2i_DHparams"); + + WOLFSSL_DH *newDH = NULL; + int ret; + word32 idx = 0; + + if (pp == NULL || length <= 0) { + WOLFSSL_MSG("bad argument"); + return NULL; + } + + if ((newDH = wolfSSL_DH_new()) == NULL) { + WOLFSSL_MSG("wolfSSL_DH_new() failed"); + return NULL; + } + + ret = wc_DhKeyDecode(*pp, &idx, (DhKey*)newDH->internal, (word32)length); + if (ret != 0) { + WOLFSSL_MSG("DhKeyDecode() failed"); + wolfSSL_DH_free(newDH); + return NULL; + } + + if (SetDhExternal(newDH) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("SetDhExternal failed"); + wolfSSL_DH_free(newDH); + return NULL; + } + + *pp += length; + if (dh != NULL){ + *dh = newDH; + } + + return newDH; +} + +/* Converts internal WOLFSSL_DH structure to DER encoded DH. + * + * dh : structure to copy DH parameters from. + * out : DER buffer for DH parameters + * + * Returns size of DER on success and WOLFSSL_FAILURE if error + */ +int wolfSSL_i2d_DHparams(const WOLFSSL_DH *dh, unsigned char **out) +{ + WOLFSSL_ENTER("Enter wolfSSL_i2d_DHparams"); + word32 len; + int ret = 0; + + if (dh == NULL) { + WOLFSSL_MSG("Bad parameters"); + return WOLFSSL_FAILURE; + } + + /* Get total length */ + len = 2 + mp_leading_bit((mp_int*)dh->p->internal) + + mp_unsigned_bin_size((mp_int*)dh->p->internal) + + 2 + mp_leading_bit((mp_int*)dh->g->internal) + + mp_unsigned_bin_size((mp_int*)dh->g->internal); + + /* Two bytes required for length if ASN.1 SEQ data greater than 127 bytes + * and less than 256 bytes. + */ + len = ((len > 127) ? 2 : 1) + len; + + if (out != NULL && *out != NULL) { + ret = StoreDHparams(*out, &len, (mp_int*)dh->p->internal, + (mp_int*)dh->g->internal); + if (ret != MP_OKAY) { + WOLFSSL_MSG("StoreDHparams error"); + len = 0; + } + else{ + *out += len; + } + } + return (int)len; +} +#endif /* !NO_DH */ + #endif /* OPENSSL_ALL */ #endif /* OPENSSL_EXTRA */ @@ -19455,6 +20103,9 @@ WOLFSSL_ASN1_OBJECT* wolfSSL_ASN1_OBJECT_new(void) XMEMSET(obj, 0, sizeof(WOLFSSL_ASN1_OBJECT)); obj->d.ia5 = &(obj->d.ia5_internal); +#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) + obj->d.iPAddress = &(obj->d.iPAddress_internal); +#endif obj->dynamic |= WOLFSSL_ASN1_DYNAMIC; return obj; } @@ -19674,6 +20325,7 @@ char* wolfSSL_i2s_ASN1_STRING(WOLFSSL_v3_ext_method *method, void wolfSSL_set_connect_state(WOLFSSL* ssl) { + WOLFSSL_ENTER("wolfSSL_set_connect_state"); if (ssl == NULL) { WOLFSSL_MSG("WOLFSSL struct pointer passed in was null"); return; @@ -19902,7 +20554,8 @@ const char* wolfSSL_CIPHER_get_name(const WOLFSSL_CIPHER* cipher) return NULL; } - #if !defined(WOLFSSL_CIPHER_INTERNALNAME) && !defined(NO_ERROR_STRINGS) + #if !defined(WOLFSSL_CIPHER_INTERNALNAME) && !defined(NO_ERROR_STRINGS) && \ + !defined(WOLFSSL_QT) return GetCipherNameIana(cipher->cipherSuite0, cipher->cipherSuite); #else return wolfSSL_get_cipher_name_from_suite(cipher->cipherSuite0, @@ -19964,6 +20617,44 @@ const char* wolfSSL_get_cipher_name_iana_from_suite(const byte cipherSuite0, return GetCipherNameIana(cipherSuite0, cipherSuite); } + +#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) +/* Creates and returns a new WOLFSSL_CIPHER stack. */ +WOLFSSL_STACK* wolfSSL_sk_new_cipher(void) +{ + WOLFSSL_STACK* sk; + WOLFSSL_ENTER("wolfSSL_sk_new_cipher"); + + sk = wolfSSL_sk_new_null(); + if (sk == NULL) + return NULL; + sk->type = STACK_TYPE_CIPHER; + + return sk; +} + +#ifndef NO_WOLFSSL_STUB +/* Keep as stubs for now */ +/* return 1 on success 0 on fail */ +int wolfSSL_sk_CIPHER_push(WOLF_STACK_OF(WOLFSSL_CIPHER)* sk, + WOLFSSL_CIPHER* cipher) +{ + WOLFSSL_ENTER("wolfSSL_sk_CIPHER_push"); + (void)sk; + (void)cipher; + return 0; +} + + +WOLFSSL_CIPHER* wolfSSL_sk_CIPHER_pop(WOLF_STACK_OF(WOLFSSL_CIPHER)* sk) +{ + WOLFSSL_ENTER("wolfSSL_sk_CIPHER_pop"); + (void)sk; + return NULL; +} +#endif /* NO_WOLFSSL_STUB */ +#endif /* WOLFSSL_QT || OPENSSL_ALL */ + word32 wolfSSL_CIPHER_get_id(const WOLFSSL_CIPHER* cipher) { word16 cipher_id = 0; @@ -20244,6 +20935,10 @@ int wolfSSL_X509_NAME_get_text_by_NID(WOLFSSL_X509_NAME* name, text = name->fullName.fullName + name->fullName.dcIdx[0]; textSz = name->fullName.dcLen[0]; break; + case NID_emailAddress: + text = name->fullName.fullName + name->fullName.emailIdx; + textSz = name->fullName.emailLen; + break; #ifdef WOLFSSL_CERT_EXT case ASN_BUS_CAT: text = name->fullName.fullName + name->fullName.bcIdx; @@ -20252,7 +20947,7 @@ int wolfSSL_X509_NAME_get_text_by_NID(WOLFSSL_X509_NAME* name, #endif default: WOLFSSL_MSG("Entry type not found"); - return SSL_FATAL_ERROR; + return WOLFSSL_FATAL_ERROR; } /* if buf is NULL return size of buffer needed (minus null char) */ @@ -20287,6 +20982,9 @@ WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509) if (x509->pubKeyOID == RSAk) { key->type = EVP_PKEY_RSA; } + else if (x509->pubKeyOID == DSAk) { + key->type = EVP_PKEY_DSA; + } else { key->type = EVP_PKEY_EC; } @@ -20354,6 +21052,26 @@ WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509) key->ecc->inSet = 1; } #endif /* HAVE_ECC */ + + #ifndef NO_DSA + if (key->type == EVP_PKEY_DSA) { + key->ownDsa = 1; + key->dsa = wolfSSL_DSA_new(); + if (key->dsa == NULL) { + XFREE(key, x509->heap, DYNAMIC_TYPE_PUBLIC_KEY); + return NULL; + } + + if (wolfSSL_DSA_LoadDer_ex(key->dsa, + (const unsigned char*)key->pkey.ptr, key->pkey_sz, \ + WOLFSSL_DSA_LOAD_PUBLIC) != SSL_SUCCESS) { + wolfSSL_DSA_free(key->dsa); + key->dsa = NULL; + XFREE(key, x509->heap, DYNAMIC_TYPE_PUBLIC_KEY); + return NULL; + } + } + #endif /* NO_DSA */ } } return key; @@ -20452,9 +21170,14 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b) case SUBJ_KEY_OID: isSet = x509->subjKeyIdSet; break; case KEY_USAGE_OID: isSet = x509->keyUsageSet; break; case CRL_DIST_OID: isSet = x509->CRLdistSet; break; - #ifdef WOLFSSL_SEP + case EXT_KEY_USAGE_OID: isSet = ((x509->extKeyUsageSrc) ? 1 : 0); + break; + case AUTH_INFO_OID: isSet = x509->authInfoSet; break; + #if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT) case CERT_POLICY_OID: isSet = x509->certPolicySet; break; - #endif /* WOLFSSL_SEP */ + #endif /* WOLFSSL_SEP || WOLFSSL_QT */ + default: + WOLFSSL_MSG("NID not in table"); } } @@ -20478,9 +21201,9 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b) case SUBJ_KEY_OID: crit = x509->subjKeyIdCrit; break; case KEY_USAGE_OID: crit = x509->keyUsageCrit; break; case CRL_DIST_OID: crit= x509->CRLdistCrit; break; - #ifdef WOLFSSL_SEP + #if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT) case CERT_POLICY_OID: crit = x509->certPolicyCrit; break; - #endif /* WOLFSSL_SEP */ + #endif /* WOLFSSL_SEP || WOLFSSL_QT */ } } @@ -20598,7 +21321,7 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b) WOLFSSL_ENTER("wolfSSL_X509_NAME_entry_count"); if (name != NULL) - count = name->fullName.entryCount; + count = name->fullName.locSz; WOLFSSL_LEAVE("wolfSSL_X509_NAME_entry_count", count); return count; @@ -20765,6 +21488,7 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b) } if (data != NULL) { XMEMCPY(asn1->data, data, sz); + asn1->data[sz] = '\0'; } asn1->length = sz; @@ -20845,17 +21569,17 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b) /* print version of cert */ { int version; - char tmp[17]; + char tmp[20]; if ((version = wolfSSL_X509_version(x509)) < 0) { WOLFSSL_MSG("Error getting X509 version"); return WOLFSSL_FAILURE; } - if (wolfSSL_BIO_write(bio, " Version: ", - (int)XSTRLEN(" Version: ")) <= 0) { + if (wolfSSL_BIO_write(bio, " Version:", + (int)XSTRLEN(" Version:")) <= 0) { return WOLFSSL_FAILURE; } - XSNPRINTF(tmp, sizeof(tmp), "%d\n", version); + XSNPRINTF(tmp, sizeof(tmp), " %d (0x%x)\n", version, (byte)version-1); if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { return WOLFSSL_FAILURE; } @@ -20872,15 +21596,15 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b) WOLFSSL_MSG("Error getting x509 serial number"); return WOLFSSL_FAILURE; } - if (wolfSSL_BIO_write(bio, " Serial Number: ", - (int)XSTRLEN(" Serial Number: ")) <= 0) { + if (wolfSSL_BIO_write(bio, " Serial Number:", + (int)XSTRLEN(" Serial Number:")) <= 0) { return WOLFSSL_FAILURE; } /* if serial can fit into byte than print on the same line */ if (sz <= (int)sizeof(byte)) { char tmp[17]; - XSNPRINTF(tmp, sizeof(tmp), "%d (0x%x)\n", serial[0],serial[0]); + XSNPRINTF(tmp, sizeof(tmp), " %d (0x%x)\n", serial[0],serial[0]); if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { return WOLFSSL_FAILURE; } @@ -20921,8 +21645,8 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b) WOLFSSL_MSG("Error getting x509 signature type"); return WOLFSSL_FAILURE; } - if (wolfSSL_BIO_write(bio, " Signature Algorithm: ", - (int)XSTRLEN(" Signature Algorithm: ")) <= 0) { + if (wolfSSL_BIO_write(bio, " Signature Algorithm: ", + (int)XSTRLEN(" Signature Algorithm: ")) <= 0) { return WOLFSSL_FAILURE; } sig = GetSigName(oid); @@ -20945,8 +21669,13 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b) int issSz = 256; #endif - issuer = wolfSSL_X509_NAME_oneline( - wolfSSL_X509_get_issuer_name(x509), buff, issSz); + #if defined(WOLFSSL_QT) + issuer = wolfSSL_X509_get_name_oneline( + wolfSSL_X509_get_issuer_name(x509), buff, issSz); + #else + issuer = wolfSSL_X509_NAME_oneline( + wolfSSL_X509_get_issuer_name(x509), buff, issSz); + #endif if (wolfSSL_BIO_write(bio, " Issuer: ", (int)XSTRLEN(" Issuer: ")) <= 0) { @@ -21010,7 +21739,7 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b) tmp, sizeof(tmp)) != WOLFSSL_SUCCESS) { if (GetTimeString(x509->notAfter.data, ASN_GENERALIZED_TIME, tmp, sizeof(tmp)) != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("Error getting not before date"); + WOLFSSL_MSG("Error getting not after date"); return WOLFSSL_FAILURE; } } @@ -21035,8 +21764,13 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b) int subSz = 256; #endif - subject = wolfSSL_X509_NAME_oneline( - wolfSSL_X509_get_subject_name(x509), buff, subSz); + #if defined(WOLFSSL_QT) + subject = wolfSSL_X509_get_name_oneline( + wolfSSL_X509_get_subject_name(x509), buff, subSz); + #else + subject = wolfSSL_X509_NAME_oneline( + wolfSSL_X509_get_subject_name(x509), buff, subSz); + #endif if (wolfSSL_BIO_write(bio, "\n Subject: ", (int)XSTRLEN("\n Subject: ")) <= 0) { @@ -21070,8 +21804,8 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b) #ifndef NO_RSA case RSAk: if (wolfSSL_BIO_write(bio, - " Public Key Algorithm: RSA\n", - (int)XSTRLEN(" Public Key Algorithm: RSA\n")) <= 0) { + " Public Key Algorithm: rsaEncryption\n", + (int)XSTRLEN(" Public Key Algorithm: rsaEncryption\n")) <= 0) { return WOLFSSL_FAILURE; } #ifdef HAVE_USER_RSA @@ -21106,8 +21840,8 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b) return WOLFSSL_FAILURE; } XSNPRINTF(tmp, sizeof(tmp) - 1, "%s%s: (%d bit)\n%s\n", - " ", "Public-Key", 8 * sz, - " Modulus:"); + " ", "Public-Key", 8 * sz, + " Modulus:"); tmp[sizeof(tmp) - 1] = '\0'; if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { @@ -21116,7 +21850,7 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b) } /* print out modulus */ - XSNPRINTF(tmp, sizeof(tmp) - 1," "); + XSNPRINTF(tmp, sizeof(tmp) - 1," "); tmp[sizeof(tmp) - 1] = '\0'; if (mp_leading_bit(&rsa.n)) { lbit = 1; @@ -21149,7 +21883,7 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b) return WOLFSSL_FAILURE; } XSNPRINTF(tmp, sizeof(tmp) - 1, - ":\n "); + ":\n "); XSNPRINTF(val, valSz - 1, "%02x", rawKey[idx]); } else { @@ -21192,7 +21926,7 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b) idx = *(word32*)rawKey; } XSNPRINTF(tmp, sizeof(tmp) - 1, - "\n Exponent: %d\n", idx); + "\n Exponent: %d (0x%x)\n",idx, idx); if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { XFREE(rawKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -21330,13 +22064,13 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b) if (wolfSSL_BIO_write(bio, - " X509v3 Subject Key Identifier:\n", - (int)XSTRLEN(" X509v3 Subject Key Identifier:\n")) + " X509v3 Subject Key Identifier: \n", + (int)XSTRLEN(" X509v3 Subject Key Identifier: \n")) <= 0) { return WOLFSSL_FAILURE; } - XSNPRINTF(tmp, sizeof(tmp) - 1, " "); + XSNPRINTF(tmp, sizeof(tmp) - 1, " "); for (i = 0; i < sizeof(tmp) && i < (x509->subjKeyIdSz - 1); i++) { XSNPRINTF(val, valSz - 1, "%02X:", x509->subjKeyId[i]); XSTRNCAT(tmp, val, valSz); @@ -21355,15 +22089,16 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b) word32 i; char val[5]; int valSz = 5; + int len = 0; if (wolfSSL_BIO_write(bio, - " X509v3 Authority Key Identifier:\n", - (int)XSTRLEN(" X509v3 Authority Key Identifier:\n")) + " X509v3 Authority Key Identifier: \n", + (int)XSTRLEN(" X509v3 Authority Key Identifier: \n")) <= 0) { return WOLFSSL_FAILURE; } - XSNPRINTF(tmp, sizeof(tmp) - 1, " keyid"); + XSNPRINTF(tmp, sizeof(tmp) - 1, " keyid"); for (i = 0; i < x509->authKeyIdSz; i++) { /* check if buffer is almost full */ if (XSTRLEN(tmp) >= sizeof(tmp) - valSz) { @@ -21375,46 +22110,11 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b) XSNPRINTF(val, valSz - 1, ":%02X", x509->authKeyId[i]); XSTRNCAT(tmp, val, valSz); } + len = (int)XSTRLEN("\n"); + XSTRNCAT(tmp, "\n", len + 1); if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { return WOLFSSL_FAILURE; } - - /* print issuer */ - { - char* issuer; - #ifdef WOLFSSL_SMALL_STACK - char* buff = NULL; - int issSz = 0; - #else - char buff[256]; - int issSz = 256; - #endif - - issuer = wolfSSL_X509_NAME_oneline( - wolfSSL_X509_get_issuer_name(x509), buff, issSz); - - if (wolfSSL_BIO_write(bio, "\n DirName:", - (int)XSTRLEN("\n DirName:")) <= 0) { - #ifdef WOLFSSL_SMALL_STACK - XFREE(issuer, NULL, DYNAMIC_TYPE_OPENSSL); - #endif - return WOLFSSL_FAILURE; - } - if (issuer != NULL) { - if (wolfSSL_BIO_write(bio, issuer, (int)XSTRLEN(issuer)) <= 0) { - #ifdef WOLFSSL_SMALL_STACK - XFREE(issuer, NULL, DYNAMIC_TYPE_OPENSSL); - #endif - return WOLFSSL_FAILURE; - } - } - #ifdef WOLFSSL_SMALL_STACK - XFREE(issuer, NULL, DYNAMIC_TYPE_OPENSSL); - #endif - if (wolfSSL_BIO_write(bio, "\n", (int)XSTRLEN("\n")) <= 0) { - return WOLFSSL_FAILURE; - } - } } /* print basic constraint */ @@ -21422,13 +22122,13 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b) char tmp[100]; if (wolfSSL_BIO_write(bio, - "\n X509v3 Basic Constraints:\n", - (int)XSTRLEN("\n X509v3 Basic Constraints:\n")) + "\n X509v3 Basic Constraints: \n", + (int)XSTRLEN("\n X509v3 Basic Constraints: \n")) <= 0) { return WOLFSSL_FAILURE; } XSNPRINTF(tmp, sizeof(tmp), - " CA:%s\n", + " CA:%s\n", (x509->isCa)? "TRUE": "FALSE"); if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { return WOLFSSL_FAILURE; @@ -21464,7 +22164,7 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b) XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER); return WOLFSSL_FAILURE; } - XSNPRINTF(tmp, sizeof(tmp) - 1," "); + XSNPRINTF(tmp, sizeof(tmp) - 1," "); tmp[sizeof(tmp) - 1] = '\0'; for (i = 0; i < sigSz; i++) { char val[5]; @@ -21481,7 +22181,7 @@ int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b) return WOLFSSL_FAILURE; } XSNPRINTF(tmp, sizeof(tmp) - 1, - ":\n "); + ":\n "); XSNPRINTF(val, valSz - 1, "%02x", sig[i]); } else { @@ -21523,10 +22223,23 @@ char* wolfSSL_CIPHER_description(const WOLFSSL_CIPHER* cipher, char* in, char *ret = in; const char *keaStr, *authStr, *encStr, *macStr; size_t strLen; + WOLFSSL_ENTER("wolfSSL_CIPHER_description"); if (cipher == NULL || in == NULL) return NULL; +#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) + /* if cipher is in the stack from wolfSSL_get_ciphers_compat then + * Return the description based on cipher_names[cipher->offset] + */ + if (cipher->in_stack == TRUE) { + wolfSSL_sk_CIPHER_description((WOLFSSL_CIPHER*)cipher); + XSTRNCPY(in,cipher->description,len); + return ret; + } +#endif + + /* Get the cipher description based on the SSL session cipher */ switch (cipher->ssl->specs.kea) { case no_kea: keaStr = "None"; @@ -21883,6 +22596,58 @@ void wolfSSL_BIO_set_flags(WOLFSSL_BIO* bio, int flags) } } +void wolfSSL_BIO_clear_flags(WOLFSSL_BIO *bio, int flags) +{ + WOLFSSL_ENTER("wolfSSL_BIO_clear_flags"); + if (bio != NULL) { + bio->flags &= ~flags; + } +} + +/* Set ex_data for WOLFSSL_BIO + * + * bio : BIO structure to set ex_data in + * idx : Index of ex_data to set + * data : Data to set in ex_data + * + * Returns WOLFSSL_SUCCESS on success or WOLFSSL_FAILURE on failure + */ +int wolfSSL_BIO_set_ex_data(WOLFSSL_BIO *bio, int idx, void *data) +{ + WOLFSSL_ENTER("wolfSSL_BIO_set_ex_data"); + #ifdef HAVE_EX_DATA + if (bio != NULL && idx < MAX_EX_DATA) { + bio->ex_data[idx] = data; + return WOLFSSL_SUCCESS; + } + #else + (void)bio; + (void)idx; + (void)data; + #endif + return WOLFSSL_FAILURE; +} + +/* Get ex_data in WOLFSSL_BIO at given index + * + * bio : BIO structure to get ex_data from + * idx : Index of ex_data to get data from + * + * Returns void pointer to ex_data on success or NULL on failure + */ +void *wolfSSL_BIO_get_ex_data(WOLFSSL_BIO *bio, int idx) +{ + WOLFSSL_ENTER("wolfSSL_BIO_get_ex_data"); + #ifdef HAVE_EX_DATA + if (bio != NULL && idx < MAX_EX_DATA && idx >= 0) { + return bio->ex_data[idx]; + } + #else + (void)bio; + (void)idx; + #endif + return NULL; +} #ifndef NO_WOLFSSL_STUB void wolfSSL_RAND_screen(void) @@ -22153,7 +22918,7 @@ int wolfSSL_i2d_X509(WOLFSSL_X509* x509, unsigned char** out) WOLFSSL_ENTER("wolfSSL_i2d_X509"); - if (x509 == NULL || out == NULL) { + if (x509 == NULL) { WOLFSSL_LEAVE("wolfSSL_i2d_X509", BAD_FUNC_ARG); return BAD_FUNC_ARG; } @@ -22164,7 +22929,7 @@ int wolfSSL_i2d_X509(WOLFSSL_X509* x509, unsigned char** out) return MEMORY_E; } - if (*out == NULL) { + if (out != NULL && *out == NULL) { *out = (unsigned char*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_OPENSSL); if (*out == NULL) { WOLFSSL_LEAVE("wolfSSL_i2d_X509", MEMORY_E); @@ -22172,7 +22937,8 @@ int wolfSSL_i2d_X509(WOLFSSL_X509* x509, unsigned char** out) } } - XMEMCPY(*out, der, derSz); + if (out != NULL) + XMEMCPY(*out, der, derSz); WOLFSSL_LEAVE("wolfSSL_i2d_X509", derSz); return derSz; @@ -22920,6 +23686,9 @@ int wolfSSL_X509_STORE_add_cert(WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509) WOLFSSL_X509_STORE* wolfSSL_X509_STORE_new(void) { +#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) + WOLFSSL_STACK* sk; +#endif WOLFSSL_X509_STORE* store = NULL; WOLFSSL_ENTER("SSL_X509_STORE_new"); @@ -22942,6 +23711,15 @@ WOLFSSL_X509_STORE* wolfSSL_X509_STORE_new(void) goto err_exit; #endif +#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) + sk = wolfSSL_sk_new_null(); + if (sk == NULL) { + WOLFSSL_MSG("WOLFSSL_STACK memory error"); + goto err_exit; + } + store->ex_data.data = sk; +#endif + #ifdef OPENSSL_EXTRA if ((store->param = (WOLFSSL_X509_VERIFY_PARAM*)XMALLOC( sizeof(WOLFSSL_X509_VERIFY_PARAM), @@ -22974,6 +23752,10 @@ void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store) #ifdef OPENSSL_EXTRA if (store->param != NULL) XFREE(store->param, NULL, DYNAMIC_TYPE_OPENSSL); +#endif +#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) + if (store->ex_data.data != NULL) + wolfSSL_sk_GENERIC_free(store->ex_data.data); #endif XFREE(store, NULL, DYNAMIC_TYPE_X509_STORE); } @@ -23038,8 +23820,11 @@ WOLFSSL_X509_STORE_CTX* wolfSSL_X509_STORE_CTX_new(void) int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX* ctx, WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509, WOLF_STACK_OF(WOLFSSL_X509)* sk) { + WOLFSSL_X509* x509_cert; + int ret = 0; (void)sk; WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_init"); + if (ctx != NULL) { ctx->store = store; #ifndef WOLFSSL_X509_STORE_CERTS @@ -23054,6 +23839,19 @@ int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX* ctx, #endif ctx->chain = sk; + /* Add intermediate certificates from stack to store */ + while (sk != NULL) { + x509_cert = sk->data.x509; + if (x509_cert != NULL && x509_cert->isCa) { + ret = wolfSSL_X509_STORE_add_cert(store, x509_cert); + if (ret < 0) { + return WOLFSSL_FATAL_ERROR; + } + } + sk = sk->next; + } + + ctx->sesChain = NULL; ctx->domain = NULL; #if defined(HAVE_EX_DATA) || defined(FORTRESS) XMEMSET(ctx->ex_data, 0, MAX_EX_DATA * sizeof(void*)); @@ -23081,13 +23879,16 @@ int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX* ctx, void wolfSSL_X509_STORE_CTX_free(WOLFSSL_X509_STORE_CTX* ctx) { + WOLFSSL_ENTER("X509_STORE_CTX_free"); if (ctx != NULL) { + #if !defined(OPENSSL_ALL) && !defined(WOLFSSL_QT) if (ctx->store != NULL) wolfSSL_X509_STORE_free(ctx->store); #ifndef WOLFSSL_KEEP_STORE_CERTS if (ctx->current_cert != NULL) wolfSSL_FreeX509(ctx->current_cert); #endif + #endif /* !OPENSSL_ALL && !WOLFSSL_QT */ #ifdef OPENSSL_EXTRA if (ctx->param != NULL){ XFREE(ctx->param,NULL,DYNAMIC_TYPE_OPENSSL); @@ -23104,16 +23905,93 @@ void wolfSSL_X509_STORE_CTX_cleanup(WOLFSSL_X509_STORE_CTX* ctx) /* Do nothing */ } +#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) +/* Returns corresponding X509 error from internal ASN error */ +static int GetX509Error(int e) +{ + switch (e) { + case ASN_BEFORE_DATE_E: + return X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD; + case ASN_AFTER_DATE_E: + return X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD; + case ASN_NO_SIGNER_E: + return X509_V_ERR_INVALID_CA; + case ASN_SELF_SIGNED_E: + return X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT; + case ASN_PATHLEN_INV_E: + case ASN_PATHLEN_SIZE_E: + return X509_V_ERR_PATH_LENGTH_EXCEEDED; + case ASN_SIG_OID_E: + case ASN_SIG_CONFIRM_E: + case ASN_SIG_HASH_E: + case ASN_SIG_KEY_E: + return X509_V_ERR_CERT_SIGNATURE_FAILURE; + default: + WOLFSSL_MSG("Error not configured or implemented yet"); + return e; + } +} +#endif +/* Verifies certificate chain using WOLFSSL_X509_STORE_CTX + * returns 0 on success or < 0 on failure. + */ int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx) { + int ret = 0; +#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) + int depth = 0; + int error; + byte *afterDate, *beforeDate; +#endif WOLFSSL_ENTER("wolfSSL_X509_verify_cert"); + if (ctx != NULL && ctx->store != NULL && ctx->store->cm != NULL && ctx->current_cert != NULL && ctx->current_cert->derCert != NULL) { - return wolfSSL_CertManagerVerifyBuffer(ctx->store->cm, + ret = wolfSSL_CertManagerVerifyBuffer(ctx->store->cm, ctx->current_cert->derCert->buffer, ctx->current_cert->derCert->length, WOLFSSL_FILETYPE_ASN1); + +#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) + /* If there was an error, process it and add it to CTX */ + if (ret < 0) { + /* Get corresponding X509 error */ + error = GetX509Error(ret); + /* Set error depth */ + if (ctx->chain) + depth = (int)ctx->chain->num; + + wolfSSL_X509_STORE_CTX_set_error(ctx, error); + wolfSSL_X509_STORE_CTX_set_error_depth(ctx, depth); + ctx->store->verify_cb(0, ctx); + } + + error = 0; + /* wolfSSL_CertManagerVerifyBuffer only returns ASN_AFTER_DATE_E or + ASN_BEFORE_DATE_E if there are no additional errors found in the + cert. Therefore, check if the cert is expired or not yet valid + in order to return the correct expected error. */ + afterDate = ctx->current_cert->notAfter.data; + beforeDate = ctx->current_cert->notBefore.data; + + if (ValidateDate(afterDate, ctx->current_cert->notAfter.type, + AFTER) < 1) { + error = X509_V_ERR_CERT_HAS_EXPIRED; + } + else if (ValidateDate(beforeDate, ctx->current_cert->notBefore.type, + BEFORE) < 1) { + error = X509_V_ERR_CERT_NOT_YET_VALID; + } + + if (error != 0 ) { + wolfSSL_X509_STORE_CTX_set_error(ctx, error); + wolfSSL_X509_STORE_CTX_set_error_depth(ctx, depth); + if (ctx->store && ctx->store->verify_cb) + ctx->store->verify_cb(0, ctx); + } +#endif /* OPENSSL_ALL || WOLFSSL_QT */ + return ret; } return WOLFSSL_FATAL_ERROR; } @@ -23432,6 +24310,24 @@ void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY* key) break; #endif /* HAVE_ECC */ + #ifndef NO_DSA + case EVP_PKEY_DSA: + if (key->dsa != NULL && key->ownDsa == 1) { + wolfSSL_DSA_free(key->dsa); + key->dsa = NULL; + } + break; + #endif /* NO_DSA */ + + #if !defined(NO_DH) && (defined(WOLFSSL_QT) || defined(OPENSSL_ALL)) + case EVP_PKEY_DH: + if (key->dh != NULL && key->ownDh == 1) { + wolfSSL_DH_free(key->dh); + key->dh = NULL; + } + break; + #endif /* ! NO_DH ... */ + default: break; } @@ -23481,6 +24377,30 @@ void wolfSSL_X509_STORE_CTX_set_time(WOLFSSL_X509_STORE_CTX* ctx, ctx->param->check_time = t; ctx->param->flags |= WOLFSSL_USE_CHECK_TIME; } + +#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) +#ifndef NO_WOLFSSL_STUB +int wolfSSL_X509_STORE_CTX_set_purpose(WOLFSSL_X509_STORE_CTX *ctx, + int purpose) +{ + (void)ctx; + (void)purpose; + WOLFSSL_STUB("wolfSSL_X509_STORE_CTX_set_purpose"); + return 0; +} +#endif +#endif /* WOLFSSL_QT || OPENSSL_ALL */ + +#ifndef NO_WOLFSSL_STUB +/* Returns default file name and path of config file. However + a wolfssl.cnf file is not currently supported */ +char* wolfSSL_CONF_get1_default_config_file(void) +{ + WOLFSSL_ENTER("wolfSSL_CONF_get1_default_config_file"); + WOLFSSL_STUB("CONF_get1_default_config_file"); + return NULL; +} +#endif /****************************************************************************** * wolfSSL_X509_VERIFY_PARAM_set1_host - sets the DNS hostname to name * hostnames is cleared if name is NULL or empty. @@ -23857,12 +24777,21 @@ WOLFSSL_ASN1_INTEGER* wolfSSL_X509_get_serialNumber(WOLFSSL_X509* x509) } a->dataMax = x509->serialSz + 2; a->isDynamic = 1; + } else { + /* Use array instead of dynamic memory */ + a->data = a->intData; + a->dataMax = WOLFSSL_ASN1_INTEGER_MAX; } - a->data[i++] = ASN_INTEGER; - i += SetLength(x509->serialSz, a->data + i); - XMEMCPY(&a->data[i], x509->serial, x509->serialSz); - a->length = x509->serialSz + 2; + #ifdef WOLFSSL_QT + XMEMCPY(&a->data[i], x509->serial, x509->serialSz); + a->length = x509->serialSz; + #else + a->data[i++] = ASN_INTEGER; + i += SetLength(x509->serialSz, a->data + i); + XMEMCPY(&a->data[i], x509->serial, x509->serialSz); + a->length = x509->serialSz + 2; + #endif x509->serialNumber = a; @@ -23929,6 +24858,15 @@ char* wolfSSL_ASN1_TIME_to_string(WOLFSSL_ASN1_TIME* t, char* buf, int len) #if !defined(NO_ASN_TIME) && !defined(USER_TIME) && !defined(TIME_OVERRIDES) +#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) && !defined(NO_WOLFSSL_STUB) +void wolfSSL_ASN1_TIME_free(WOLFSSL_ASN1_TIME* t) +{ + (void) t; + WOLFSSL_STUB("wolfSSL_ASN1_TIME_free"); + return; +} +#endif /* NO_WOLFSSL_STUB && WOLFSSL_QT || OPENSSL_ALL */ + WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_adj(WOLFSSL_ASN1_TIME *s, time_t t, int offset_day, long offset_sec) { @@ -24125,6 +25063,16 @@ void wolfSSL_X509_STORE_CTX_set_error(WOLFSSL_X509_STORE_CTX* ctx, int er) } } +/* Set the error depth in the X509 STORE CTX */ +void wolfSSL_X509_STORE_CTX_set_error_depth(WOLFSSL_X509_STORE_CTX* ctx, + int depth) +{ + WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_set_error_depth"); + + if (ctx != NULL) { + ctx->error_depth = depth; + } +} /* Sets a function callback that will send information about the state of all * WOLFSSL objects that have been created by the WOLFSSL_CTX structure passed @@ -24836,19 +25784,31 @@ const char* wolfSSL_state_string_long(const WOLFSSL* ssl) return OUTPUT_STR[state][protocol][cbmode]; } -#ifndef NO_WOLFSSL_STUB +/* + * Sets default PEM callback password if null is passed into + * the callback parameter of a PEM_read_bio_* function. + * + * Returns callback phrase size on success or WOLFSSL_FAILURE otherwise. + */ int wolfSSL_PEM_def_callback(char* name, int num, int w, void* key) { - (void)name; - (void)num; + int sz; (void)w; - (void)key; - WOLFSSL_STUB("PEM_def_callback"); - return 0; -} -#endif + WOLFSSL_ENTER("wolfSSL_PEM_def_callback"); -#endif + /* We assume that the user passes a default password as userdata */ + if (key) { + sz = (int)XSTRLEN((const char*)key); + sz = (sz > num) ? num : sz; + XMEMCPY(name, key, sz); + return sz; + } else { + WOLFSSL_MSG("Error, default password cannot be created."); + return WOLFSSL_FAILURE; + } +} + +#endif /* OPENSSL_EXTRA */ #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) static long wolf_set_options(long old_op, long op) @@ -24856,18 +25816,6 @@ static long wolf_set_options(long old_op, long op) /* if SSL_OP_ALL then turn all bug workarounds on */ if ((op & SSL_OP_ALL) == SSL_OP_ALL) { WOLFSSL_MSG("\tSSL_OP_ALL"); - - op |= SSL_OP_MICROSOFT_SESS_ID_BUG; - op |= SSL_OP_NETSCAPE_CHALLENGE_BUG; - op |= SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG; - op |= SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG; - op |= SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER; - op |= SSL_OP_MSIE_SSLV2_RSA_PADDING; - op |= SSL_OP_SSLEAY_080_CLIENT_DH_BUG; - op |= SSL_OP_TLS_D5_BUG; - op |= SSL_OP_TLS_BLOCK_PADDING_BUG; - op |= SSL_OP_TLS_ROLLBACK_BUG; - op |= SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS; } /* by default cookie exchange is on with DTLS */ @@ -24901,6 +25849,10 @@ static long wolf_set_options(long old_op, long op) WOLFSSL_MSG("\tSSL_OP_NO_SSLv3"); } + if ((op & SSL_OP_CIPHER_SERVER_PREFERENCE) == SSL_OP_CIPHER_SERVER_PREFERENCE) { + WOLFSSL_MSG("\tSSL_OP_CIPHER_SERVER_PREFERENCE"); + } + if ((op & SSL_OP_NO_COMPRESSION) == SSL_OP_NO_COMPRESSION) { #ifdef HAVE_LIBZ WOLFSSL_MSG("SSL_OP_NO_COMPRESSION"); @@ -25273,6 +26225,19 @@ int wolfSSL_X509_PUBKEY_get0_param(WOLFSSL_ASN1_OBJECT **ppkalg, return WOLFSSL_SUCCESS; } + +/* Returns a pointer to the pkey when passed a key */ +WOLFSSL_EVP_PKEY* wolfSSL_X509_PUBKEY_get(WOLFSSL_X509_PUBKEY* key) +{ + WOLFSSL_ENTER("wolfSSL_X509_PUBKEY_get"); + if(key == NULL || key->pkey == NULL){ + WOLFSSL_LEAVE("wolfSSL_X509_PUBKEY_get", BAD_FUNC_ARG); + return NULL; + } + WOLFSSL_LEAVE("wolfSSL_X509_PUBKEY_get", WOLFSSL_SUCCESS); + return key->pkey; +} + #endif /* OPENSSL_ALL || WOLFSSL_APACHE_HTTPD || WOLFSSL_HAPROXY*/ #ifndef NO_WOLFSSL_STUB @@ -26626,6 +27591,9 @@ int wolfSSL_sk_num(WOLFSSL_STACK* sk) void* wolfSSL_sk_value(WOLFSSL_STACK* sk, int i) { +#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) + int offset = i; +#endif WOLFSSL_ENTER("wolfSSL_sk_value"); for (; sk != NULL && i > 0; i--) @@ -26638,7 +27606,7 @@ void* wolfSSL_sk_value(WOLFSSL_STACK* sk, int i) return (void*)sk->data.x509; case STACK_TYPE_CIPHER: #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) - sk->data.cipher.offset = i; + sk->data.cipher.offset = offset; #endif return (void*)&sk->data.cipher; case STACK_TYPE_GEN_NAME: @@ -26711,7 +27679,7 @@ void wolfSSL_sk_GENERIC_pop_free(WOLFSSL_STACK* sk, { WOLFSSL_STACK* node; WOLFSSL_STACK* tmp; - WOLFSSL_ENTER("wolfSSL_sk_GENERIC_free"); + WOLFSSL_ENTER("wolfSSL_sk_GENERIC_pop_free"); if (sk == NULL) return; @@ -26731,6 +27699,42 @@ void wolfSSL_sk_GENERIC_pop_free(WOLFSSL_STACK* sk, XFREE(sk, NULL, DYNAMIC_TYPE_ASN1); } +/* return 1 on success 0 on fail */ +int wolfSSL_sk_GENERIC_push(WOLFSSL_STACK* sk, void* generic) +{ + WOLFSSL_STACK* node; + + WOLFSSL_ENTER("wolfSSL_sk_GENERIC_push"); + + if (sk == NULL || generic == NULL) { + return WOLFSSL_FAILURE; + } + + /* no previous values in stack */ + if (sk->data.generic == NULL) { + sk->data.generic = generic; + sk->num += 1; + return WOLFSSL_SUCCESS; + } + + /* stack already has value(s) create a new node and add more */ + node = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK),NULL,DYNAMIC_TYPE_SSL); + if (node == NULL) { + WOLFSSL_MSG("Memory error"); + return WOLFSSL_FAILURE; + } + XMEMSET(node, 0, sizeof(WOLFSSL_STACK)); + + /* push new node onto head of stack */ + node->type = sk->type; + node->data.generic = sk->data.generic; + node->next = sk->next; + sk->next = node; + sk->data.generic = generic; + sk->num += 1; + + return WOLFSSL_SUCCESS; +} void wolfSSL_sk_GENERIC_free(WOLFSSL_STACK* sk) { wolfSSL_sk_GENERIC_pop_free(sk, NULL); @@ -26752,7 +27756,7 @@ void wolfSSL_sk_pop_free(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk, #if defined(OPENSSL_ALL) || defined (WOLFSSL_QT) case STACK_TYPE_ACCESS_DESCRIPTION: wolfSSL_sk_ACCESS_DESCRIPTION_pop_free(sk, - (void (*)(WOLFSSL_ACCESS_DESCRIPTION*))func); + wolfSSL_ACCESS_DESCRIPTION_free); break; #endif case STACK_TYPE_X509: @@ -26843,7 +27847,7 @@ void wolfSSL_BASIC_CONSTRAINTS_free(WOLFSSL_BASIC_CONSTRAINTS *bc) WOLFSSL_MSG("Argument is NULL"); return; } - if(bc->pathlen) { + if (bc->pathlen) { wolfSSL_ASN1_INTEGER_free(bc->pathlen); } XFREE(bc, NULL, DYNAMIC_TYPE_OPENSSL); @@ -27962,12 +28966,24 @@ static int SetDhInternal(WOLFSSL_DH* dh) int ret = WOLFSSL_FATAL_ERROR; int pSz = 1024; int gSz = 1024; +#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) + int privSz = 256; /* Up to 2048-bit */ + int pubSz = 256; +#endif #ifdef WOLFSSL_SMALL_STACK unsigned char* p = NULL; unsigned char* g = NULL; + #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) + unsigned char* priv_key = NULL; + unsigned char* pub_key = NULL; + #endif #else unsigned char p[1024]; unsigned char g[1024]; + #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) + unsigned char priv_key[256]; + unsigned char pub_key[256]; + #endif #endif WOLFSSL_ENTER("SetDhInternal"); @@ -27978,17 +28994,46 @@ static int SetDhInternal(WOLFSSL_DH* dh) WOLFSSL_MSG("Bad p internal size"); else if (wolfSSL_BN_bn2bin(dh->g, NULL) > gSz) WOLFSSL_MSG("Bad g internal size"); + #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) + else if (wolfSSL_BN_bn2bin(dh->priv_key, NULL) > privSz) + WOLFSSL_MSG("Bad private key internal size"); + else if (wolfSSL_BN_bn2bin(dh->pub_key, NULL) > privSz) + WOLFSSL_MSG("Bad public key internal size"); + #endif else { #ifdef WOLFSSL_SMALL_STACK p = (unsigned char*)XMALLOC(pSz, NULL, DYNAMIC_TYPE_PUBLIC_KEY); g = (unsigned char*)XMALLOC(gSz, NULL, DYNAMIC_TYPE_PUBLIC_KEY); + #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) + priv_key = (unsigned char*)XMALLOC(privSz,NULL,DYNAMIC_TYPE_PRIVATE_KEY); + pub_key = (unsigned char*)XMALLOC(pubSz,NULL,DYNAMIC_TYPE_PUBLIC_KEY); + #endif + if (p == NULL || g == NULL) { XFREE(p, NULL, DYNAMIC_TYPE_PUBLIC_KEY); XFREE(g, NULL, DYNAMIC_TYPE_PUBLIC_KEY); return ret; } - #endif + #endif /* WOLFSSL_SMALL_STACK */ + + #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) + privSz = wolfSSL_BN_bn2bin(dh->priv_key, priv_key); + pubSz = wolfSSL_BN_bn2bin(dh->pub_key, pub_key); + if (privSz <= 0) { + WOLFSSL_MSG("No private key size."); + } + if (pubSz <= 0) { + WOLFSSL_MSG("No public key size."); + } + if (privSz > 0 || pubSz > 0) { + ret = wc_DhSetFullKeys((DhKey*)dh->internal,priv_key,privSz, + pub_key,pubSz); + if (ret == WOLFSSL_FAILURE) { + WOLFSSL_MSG("Failed setting private or public key."); + } + } + #endif /* WOLFSSL_QT || OPENSSL_ALL */ pSz = wolfSSL_BN_bn2bin(dh->p, p); gSz = wolfSSL_BN_bn2bin(dh->g, g); @@ -28005,6 +29050,10 @@ static int SetDhInternal(WOLFSSL_DH* dh) #ifdef WOLFSSL_SMALL_STACK XFREE(p, NULL, DYNAMIC_TYPE_PUBLIC_KEY); XFREE(g, NULL, DYNAMIC_TYPE_PUBLIC_KEY); + #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) + XFREE(priv_key, NULL, DYNAMIC_TYPE_PRIVATE_KEY); + XFREE(pub_key, NULL, DYNAMIC_TYPE_PUBLIC_KEY); + #endif #endif } @@ -28012,6 +29061,47 @@ static int SetDhInternal(WOLFSSL_DH* dh) return ret; } +#if !defined(NO_DH) && (defined(WOLFSSL_QT) || defined(OPENSSL_ALL)) +/* Set the members of DhKey into WOLFSSL_DH + * DhKey was populated from wc_DhKeyDecode + */ +int SetDhExternal(WOLFSSL_DH *dh) +{ + DhKey *key; + WOLFSSL_MSG("Entering SetDhExternal"); + + if (dh == NULL || dh->internal == NULL) { + WOLFSSL_MSG("dh key NULL error"); + } + + key = (DhKey*)dh->internal; + + if (SetIndividualExternal(&dh->p, &key->p) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("dh param p error"); + return WOLFSSL_FATAL_ERROR; + } + + if (SetIndividualExternal(&dh->g, &key->g) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("dh param g error"); + return WOLFSSL_FATAL_ERROR; + } + + if (SetIndividualExternal(&dh->priv_key, &key->priv) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("No DH Private Key"); + return WOLFSSL_FATAL_ERROR; + } + + if (SetIndividualExternal(&dh->pub_key, &key->pub) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("No DH Public Key"); + return WOLFSSL_FATAL_ERROR; + } + + dh->exSet = 1; + + return WOLFSSL_SUCCESS; +} +#endif /* !NO_DH && (WOLFSSL_QT || OPENSSL_ALL) */ + /* return code compliant with OpenSSL : * DH prime size in bytes if success, 0 if error */ @@ -29998,19 +31088,77 @@ WOLFSSL_RSA* wolfSSL_EVP_PKEY_get1_RSA(WOLFSSL_EVP_PKEY* key) */ int wolfSSL_EVP_PKEY_set1_RSA(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_RSA *key) { - if((pkey == NULL) || (key ==NULL))return WOLFSSL_FAILURE; +#if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA) + int derMax = 0; + int derSz = 0; + byte* derBuf = NULL; + RsaKey* rsa = NULL; +#endif WOLFSSL_ENTER("wolfSSL_EVP_PKEY_set1_RSA"); + if ((pkey == NULL) || (key == NULL)) + return WOLFSSL_FAILURE; + if (pkey->rsa != NULL && pkey->ownRsa == 1) { wolfSSL_RSA_free(pkey->rsa); } pkey->rsa = key; pkey->ownRsa = 0; /* pkey does not own RSA */ - pkey->type = EVP_PKEY_RSA; + pkey->type = EVP_PKEY_RSA; + if (key->inSet == 0) { + if (SetRsaInternal(key) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("SetRsaInternal failed"); + return WOLFSSL_FAILURE; + } + } + +#if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_USER_RSA) + rsa = (RsaKey*)key->internal; + /* 5 > size of n, d, p, q, d%(p-1), d(q-1), 1/q%p, e + ASN.1 additional + * information */ + derMax = 5 * wolfSSL_RSA_size(key) + (2 * AES_BLOCK_SIZE); + + derBuf = (byte*)XMALLOC(derMax, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (derBuf == NULL) { + WOLFSSL_MSG("malloc failed"); + return WOLFSSL_FAILURE; + } + + if (rsa->type == RSA_PRIVATE) { + /* Private key to DER */ + derSz = wc_RsaKeyToDer(rsa, derBuf, derMax); + } + else { + /* Public key to DER */ + derSz = wc_RsaKeyToPublicDer(rsa, derBuf, derMax); + } + + if (derSz < 0) { + if (rsa->type == RSA_PRIVATE) { + WOLFSSL_MSG("wc_RsaKeyToDer failed"); + } + else { + WOLFSSL_MSG("wc_RsaKeyToPublicDer failed"); + } + XFREE(derBuf, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER); + return WOLFSSL_FAILURE; + } + + pkey->pkey.ptr = (char*)XMALLOC(derSz, pkey->heap, DYNAMIC_TYPE_DER); + if (pkey->pkey.ptr == NULL) { + WOLFSSL_MSG("key malloc failed"); + XFREE(derBuf, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER); + return WOLFSSL_FAILURE; + } + pkey->pkey_sz = derSz; + XMEMCPY(pkey->pkey.ptr, derBuf, derSz); + XFREE(derBuf, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER); +#endif /* WOLFSSL_KEY_GEN && !HAVE_USER_RSA */ + #ifdef WC_RSA_BLINDING if (key->ownRng == 0) { if (wc_RsaSetRNG((RsaKey*)(pkey->rsa->internal), &(pkey->rng)) != 0) { WOLFSSL_MSG("Error setting RSA rng"); - return SSL_FAILURE; + return WOLFSSL_FAILURE; } } #endif @@ -30018,39 +31166,330 @@ int wolfSSL_EVP_PKEY_set1_RSA(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_RSA *key) } #endif /* !NO_RSA */ -#ifndef NO_WOLFSSL_STUB +#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) +#ifndef NO_DSA +/* with set1 functions the pkey struct does not own the DSA structure + * + * returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure + */ +int wolfSSL_EVP_PKEY_set1_DSA(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_DSA *key) +{ + int derMax = 0; + int derSz = 0; + DsaKey* dsa = NULL; + byte* derBuf = NULL; + + WOLFSSL_ENTER("wolfSSL_EVP_PKEY_set1_DSA"); + + if((pkey == NULL) || (key == NULL))return WOLFSSL_FAILURE; + if (pkey->dsa != NULL && pkey->ownDsa == 1) { + wolfSSL_DSA_free(pkey->dsa); + } + pkey->dsa = key; + pkey->ownDsa = 0; /* pkey does not own DSA */ + pkey->type = EVP_PKEY_DSA; + if (key->inSet == 0) { + if (SetDsaInternal(key) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("SetDsaInternal failed"); + return WOLFSSL_FAILURE; + } + } + dsa = (DsaKey*)key->internal; + + /* 4 > size of pub, priv, p, q, g + ASN.1 additional information */ + derMax = 4 * wolfSSL_BN_num_bytes(key->g) + AES_BLOCK_SIZE; + + derBuf = (byte*)XMALLOC(derMax, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (derBuf == NULL) { + WOLFSSL_MSG("malloc failed"); + return WOLFSSL_FAILURE; + } + + if (dsa->type == DSA_PRIVATE) { + /* Private key to DER */ + derSz = wc_DsaKeyToDer(dsa, derBuf, derMax); + } + else { + /* Public key to DER */ + derSz = wc_DsaKeyToPublicDer(dsa, derBuf, derMax); + } + + if (derSz < 0) { + if (dsa->type == DSA_PRIVATE) { + WOLFSSL_MSG("wc_DsaKeyToDer failed"); + } + else { + WOLFSSL_MSG("wc_DsaKeyToPublicDer failed"); + } + XFREE(derBuf, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER); + return WOLFSSL_FAILURE; + } + + pkey->pkey.ptr = (char*)XMALLOC(derSz, pkey->heap, DYNAMIC_TYPE_DER); + if (pkey->pkey.ptr == NULL) { + WOLFSSL_MSG("key malloc failed"); + XFREE(derBuf, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER); + return WOLFSSL_FAILURE; + } + pkey->pkey_sz = derSz; + XMEMCPY(pkey->pkey.ptr, derBuf, derSz); + XFREE(derBuf, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER); + + return WOLFSSL_SUCCESS; +} + WOLFSSL_DSA* wolfSSL_EVP_PKEY_get1_DSA(WOLFSSL_EVP_PKEY* key) { - (void)key; - WOLFSSL_MSG("wolfSSL_EVP_PKEY_get1_DSA not implemented"); - WOLFSSL_STUB("EVP_PKEY_get1_DSA"); - return NULL; -} -#endif + WOLFSSL_DSA* local; + WOLFSSL_ENTER("wolfSSL_EVP_PKEY_get1_DSA"); + + if (key == NULL) { + WOLFSSL_MSG("Bad function argument"); + return NULL; + } + + local = wolfSSL_DSA_new(); + if (local == NULL) { + WOLFSSL_MSG("Error creating a new WOLFSSL_DSA structure"); + return NULL; + } + + if (key->type == EVP_PKEY_DSA) { + if (wolfSSL_DSA_LoadDer(local, (const unsigned char*)key->pkey.ptr, + key->pkey_sz) != SSL_SUCCESS) { + /* now try public key */ + if (wolfSSL_DSA_LoadDer_ex(local, + (const unsigned char*)key->pkey.ptr, key->pkey_sz, + WOLFSSL_DSA_LOAD_PUBLIC) != SSL_SUCCESS) { + wolfSSL_DSA_free(local); + local = NULL; + } + } + } + else { + WOLFSSL_MSG("WOLFSSL_EVP_PKEY does not hold a DSA key"); + wolfSSL_DSA_free(local); + local = NULL; + } + return local; +} +#endif /* !NO_DSA */ + +#ifdef HAVE_ECC WOLFSSL_EC_KEY *wolfSSL_EVP_PKEY_get0_EC_KEY(WOLFSSL_EVP_PKEY *pkey) { WOLFSSL_EC_KEY *eckey = NULL; if (pkey) { - #ifdef HAVE_ECC +#ifdef HAVE_ECC eckey = pkey->ecc; - #endif +#endif } return eckey; } -WOLFSSL_EC_KEY *wolfSSL_EVP_PKEY_get1_EC_KEY(WOLFSSL_EVP_PKEY* pkey) +WOLFSSL_EC_KEY* wolfSSL_EVP_PKEY_get1_EC_KEY(WOLFSSL_EVP_PKEY* key) { - WOLFSSL_EC_KEY *eckey = NULL; - if (pkey) { - /* increment reference count */ - pkey->references++; - #ifdef HAVE_ECC - eckey = pkey->ecc; - #endif + WOLFSSL_EC_KEY* local; + WOLFSSL_ENTER("wolfSSL_EVP_PKEY_get1_EC_KEY"); + + if (key == NULL) { + return NULL; } - return eckey; + + local = wolfSSL_EC_KEY_new(); + if (local == NULL) { + WOLFSSL_MSG("Error creating a new WOLFSSL_EC_KEY structure"); + return NULL; + } + + if (key->type == EVP_PKEY_EC) { + if (wolfSSL_EC_KEY_LoadDer(local, (const unsigned char*)key->pkey.ptr, + key->pkey_sz) != SSL_SUCCESS) { + /* now try public key */ + if (wolfSSL_EC_KEY_LoadDer_ex(local, + (const unsigned char*)key->pkey.ptr, + key->pkey_sz, WOLFSSL_EC_KEY_LOAD_PUBLIC) != SSL_SUCCESS) { + + wolfSSL_EC_KEY_free(local); + local = NULL; + } + } + } + else { + WOLFSSL_MSG("WOLFSSL_EVP_PKEY does not hold an EC key"); + wolfSSL_EC_KEY_free(local); + local = NULL; + } + return local; } +#endif /* HAVE_ECC */ + +#if !defined(NO_DH) && !defined(NO_FILESYSTEM) +/* with set1 functions the pkey struct does not own the DH structure + * Build the following DH Key format from the passed in WOLFSSL_DH + * then store in WOLFSSL_EVP_PKEY in DER format. + * + * returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure + */ +int wolfSSL_EVP_PKEY_set1_DH(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_DH *key) +{ + byte havePublic = 0, havePrivate = 0; + int ret; + word32 derSz = 0; + byte* derBuf = NULL; + DhKey* dhkey = NULL; + mp_int pubKey; + mp_int privKey; + + WOLFSSL_ENTER("wolfSSL_EVP_PKEY_set1_DH"); + + if (pkey == NULL || key == NULL) + return WOLFSSL_FAILURE; + + if (pkey->dh != NULL && pkey->ownDh == 1) + wolfSSL_DH_free(pkey->dh); + + pkey->dh = key; + pkey->ownDh = 0; /* pkey does not own DH */ + pkey->type = EVP_PKEY_DH; + if (key->inSet == 0) { + if (SetDhInternal(key) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("SetDhInternal failed"); + return WOLFSSL_FAILURE; + } + } + + dhkey = (DhKey*)key->internal; + + pubKey = dhkey->pub; + privKey = dhkey->priv; + + havePublic = mp_unsigned_bin_size(&pubKey) > 0; + havePrivate = mp_unsigned_bin_size(&privKey) > 0; + + /* Get size of DER buffer only */ + if (havePublic && !havePrivate) { + ret = wc_DhPubKeyToDer(dhkey, NULL, &derSz); + } else if (havePrivate && !havePublic) { + ret = wc_DhPrivKeyToDer(dhkey, NULL, &derSz); + } else { + ret = wc_DhParamsToDer(dhkey,NULL,&derSz); + } + + if (derSz <= 0 || ret != LENGTH_ONLY_E) { + WOLFSSL_MSG("Failed to get size of DH Key"); + return WOLFSSL_FAILURE; + } + + derBuf = (byte*)XMALLOC(derSz, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (derBuf == NULL) { + WOLFSSL_MSG("malloc failed"); + return WOLFSSL_FAILURE; + } + + /* Fill DER buffer */ + if (havePublic && !havePrivate) { + ret = wc_DhPubKeyToDer(dhkey, derBuf, &derSz); + } else if (havePrivate && !havePublic) { + ret = wc_DhPrivKeyToDer(dhkey, derBuf, &derSz); + } else { + ret = wc_DhParamsToDer(dhkey,derBuf,&derSz); + } + + if (ret <= 0) { + WOLFSSL_MSG("Failed to export DH Key"); + XFREE(derBuf, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + return WOLFSSL_FAILURE; + } + + /* Store DH key into pkey (DER format) */ + pkey->pkey.ptr = (char*)XMALLOC(derSz, pkey->heap, DYNAMIC_TYPE_DER); + if (pkey->pkey.ptr == NULL) { + WOLFSSL_MSG("key malloc failed"); + XFREE(derBuf, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER); + return WOLFSSL_FAILURE; + } + pkey->pkey_sz = derSz; + XMEMCPY(pkey->pkey.ptr, derBuf, derSz); + XFREE(derBuf, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER); + + return WOLFSSL_SUCCESS; +} + +WOLFSSL_DH* wolfSSL_EVP_PKEY_get1_DH(WOLFSSL_EVP_PKEY* key) +{ + WOLFSSL_DH* local = NULL; + + WOLFSSL_ENTER("wolfSSL_EVP_PKEY_get1_DH"); + + if (key == NULL || key->dh == NULL) { + WOLFSSL_MSG("Bad function argument"); + return NULL; + } + + if (key->type == EVP_PKEY_DH) { + + local = wolfSSL_DH_new(); + if (local == NULL) { + WOLFSSL_MSG("Error creating a new WOLFSSL_DH structure"); + return NULL; + } + + if (wolfSSL_DH_LoadDer(local, (const unsigned char*)key->pkey.ptr, + key->pkey_sz) != SSL_SUCCESS) { + wolfSSL_DH_free(local); + WOLFSSL_MSG("Error wolfSSL_DH_LoadDer"); + local = NULL; + } + } + else { + WOLFSSL_MSG("WOLFSSL_EVP_PKEY does not hold a DH key"); + wolfSSL_DH_free(local); + return NULL; + } + + return local; +} +#endif /* NO_DH && NO_FILESYSTEM */ + +int wolfSSL_EVP_PKEY_assign(WOLFSSL_EVP_PKEY *pkey, int type, void *key) +{ + int ret; + + WOLFSSL_ENTER("wolfSSL_EVP_PKEY_assign"); + + /* pkey and key checked if NULL in subsequent assign functions */ + switch(type) { + #ifndef NO_RSA + case EVP_PKEY_RSA: + ret = wolfSSL_EVP_PKEY_assign_RSA(pkey,key); + break; + #endif + #ifndef NO_DSA + case EVP_PKEY_DSA: + ret = wolfSSL_EVP_PKEY_assign_DSA(pkey, key); + break; + #endif + #ifdef HAVE_ECC + case EVP_PKEY_EC: + ret = wolfSSL_EVP_PKEY_assign_EC_KEY(pkey,key); + break; + #endif + #ifdef NO_DH + case EVP_PKEY_DH: + ret = wolfSSL_EVP_PKEY_assign_DH(pkey,key); + break; + #endif + default: + WOLFSSL_MSG("Unknown EVP_PKEY type in wolfSSL_EVP_PKEY_assign."); + ret = WOLFSSL_FAILURE; + } + + return ret; +} +#endif /* WOLFSSL_QT || OPENSSL_ALL */ + void* wolfSSL_EVP_X_STATE(const WOLFSSL_EVP_CIPHER_CTX* ctx) { @@ -30495,11 +31934,15 @@ int wolfSSL_PEM_write_bio_RSAPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_RSA* key, WOLFSSL_ENTER("wolfSSL_PEM_write_bio_RSAPrivateKey"); + if (bio == NULL || key == NULL) { + WOLFSSL_MSG("Bad Function Arguments"); + return WOLFSSL_FAILURE; + } pkey = wolfSSL_PKEY_new_ex(bio->heap); if (pkey == NULL) { WOLFSSL_MSG("wolfSSL_PKEY_new_ex failed"); - return SSL_FAILURE; + return WOLFSSL_FAILURE; } pkey->type = EVP_PKEY_RSA; @@ -30515,13 +31958,13 @@ int wolfSSL_PEM_write_bio_RSAPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_RSA* key, /* 5 > size of n, d, p, q, d%(p-1), d(q-1), 1/q%p, e + ASN.1 additional * informations */ - derMax = 5 * wolfSSL_RSA_size(key) + AES_BLOCK_SIZE; + derMax = 5 * wolfSSL_RSA_size(key) + (2 * AES_BLOCK_SIZE); derBuf = (byte*)XMALLOC(derMax, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); if (derBuf == NULL) { WOLFSSL_MSG("malloc failed"); wolfSSL_EVP_PKEY_free(pkey); - return SSL_FAILURE; + return WOLFSSL_FAILURE; } /* Key to DER */ @@ -30530,7 +31973,7 @@ int wolfSSL_PEM_write_bio_RSAPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_RSA* key, WOLFSSL_MSG("wc_RsaKeyToDer failed"); XFREE(derBuf, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); wolfSSL_EVP_PKEY_free(pkey); - return SSL_FAILURE; + return WOLFSSL_FAILURE; } pkey->pkey.ptr = (char*)XMALLOC(derSz, bio->heap, @@ -30539,7 +31982,7 @@ int wolfSSL_PEM_write_bio_RSAPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_RSA* key, WOLFSSL_MSG("key malloc failed"); XFREE(derBuf, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); wolfSSL_EVP_PKEY_free(pkey); - return SSL_FAILURE; + return WOLFSSL_FAILURE; } pkey->pkey_sz = derSz; XMEMCPY(pkey->pkey.ptr, derBuf, derSz); @@ -31120,7 +32563,7 @@ static int SetECKeyInternal(WOLFSSL_EC_KEY* eckey) WOLFSSL_ENTER("SetECKeyInternal"); - if (eckey == NULL || eckey->internal == NULL) { + if (eckey == NULL || eckey->internal == NULL || eckey->group == NULL) { WOLFSSL_MSG("ec key NULL error"); return WOLFSSL_FATAL_ERROR; } @@ -31239,9 +32682,15 @@ WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new_by_curve_name(int nid) { WOLFSSL_EC_KEY *key; int x; + int eccEnum; WOLFSSL_ENTER("wolfSSL_EC_KEY_new_by_curve_name"); + /* If NID passed in is OpenSSL type, convert it to ecc_curve_id enum */ + eccEnum = NIDToEccEnum(nid); + if (eccEnum == -1) + eccEnum = nid; + key = wolfSSL_EC_KEY_new(); if (key == NULL) { WOLFSSL_MSG("wolfSSL_EC_KEY_new failure"); @@ -31249,7 +32698,7 @@ WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new_by_curve_name(int nid) } /* set the nid of the curve */ - key->group->curve_nid = nid; + key->group->curve_nid = eccEnum; /* search and set the corresponding internal curve idx */ for (x = 0; ecc_sets[x].size != 0; x++) @@ -31262,6 +32711,64 @@ WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new_by_curve_name(int nid) return key; } +#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) +int wolfSSL_EVP_PKEY_set1_EC_KEY(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_EC_KEY *key) +{ + int derMax = 0; + int derSz = 0; + byte* derBuf = NULL; + + WOLFSSL_ENTER("wolfSSL_EVP_PKEY_set1_EC_KEY"); + if (pkey == NULL || key == NULL) + return WOLFSSL_FAILURE; + + if (pkey->ecc != NULL && pkey->ownEcc == 1) + wolfSSL_EC_KEY_free(pkey->ecc); + + pkey->ecc = key; + pkey->ownEcc = 0; /* pkey does not own ECC */ + pkey->type = EVP_PKEY_EC; + + if(key->group != NULL) + pkey->pkey_curve = key->group->curve_oid; + + if (key->inSet == 0) { + WOLFSSL_MSG("No ECC internal set, do it"); + + if (SetECKeyInternal(key) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("SetECKeyInternal failed"); + return WOLFSSL_FAILURE; + } + } + /* 4 > size of pub, priv + ASN.1 additional informations */ + derMax = 4 * wc_ecc_size((ecc_key*)key->internal) + AES_BLOCK_SIZE; + + derBuf = (byte*)XMALLOC(derMax, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (derBuf == NULL) { + WOLFSSL_MSG("malloc failed"); + return WOLFSSL_FAILURE; + } + /* Key to DER */ + derSz = wc_EccKeyToDer((ecc_key*)key->internal, derBuf, derMax); + if (derSz < 0) { + WOLFSSL_MSG("wc_EccKeyToDer failed"); + XFREE(derBuf, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER); + return WOLFSSL_FAILURE; + } + + pkey->pkey.ptr = (char*)XMALLOC(derSz, pkey->heap, DYNAMIC_TYPE_DER); + if (pkey->pkey.ptr == NULL) { + WOLFSSL_MSG("key malloc failed"); + XFREE(derBuf, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER); + return WOLFSSL_FAILURE; + } + pkey->pkey_sz = derSz; + XMEMCPY(pkey->pkey.ptr, derBuf, derSz); + XFREE(derBuf, pkey->heap, DYNAMIC_TYPE_TMP_BUFFER); + return WOLFSSL_SUCCESS; +} +#endif /* WOLFSSL_QT || OPENSSL_ALL */ + typedef struct { const char *name; int nid; @@ -31710,9 +33217,16 @@ WOLFSSL_EC_GROUP *wolfSSL_EC_GROUP_new_by_curve_name(int nid) { WOLFSSL_EC_GROUP *g; int x; + int eccEnum; WOLFSSL_ENTER("wolfSSL_EC_GROUP_new_by_curve_name"); + /* If NID passed in is OpenSSL type, convert it to ecc_curve_id enum */ + eccEnum = NIDToEccEnum(nid); + if (eccEnum == -1) + eccEnum = nid; + + /* curve group */ g = (WOLFSSL_EC_GROUP*) XMALLOC(sizeof(WOLFSSL_EC_GROUP), NULL, DYNAMIC_TYPE_ECC); @@ -31723,7 +33237,7 @@ WOLFSSL_EC_GROUP *wolfSSL_EC_GROUP_new_by_curve_name(int nid) XMEMSET(g, 0, sizeof(WOLFSSL_EC_GROUP)); /* set the nid of the curve */ - g->curve_nid = nid; + g->curve_nid = eccEnum; /* search and set the corresponding internal curve idx */ for (x = 0; ecc_sets[x].size != 0; x++) @@ -31741,6 +33255,7 @@ WOLFSSL_EC_GROUP *wolfSSL_EC_GROUP_new_by_curve_name(int nid) */ int wolfSSL_EC_GROUP_get_curve_name(const WOLFSSL_EC_GROUP *group) { + int nid; WOLFSSL_ENTER("wolfSSL_EC_GROUP_get_curve_name"); if (group == NULL) { @@ -31748,6 +33263,10 @@ int wolfSSL_EC_GROUP_get_curve_name(const WOLFSSL_EC_GROUP *group) return WOLFSSL_FAILURE; } + /* If curve_nid is ECC Enum type, return corresponding OpenSSL nid */ + if ((nid = EccEnumToNID(group->curve_nid)) != -1) + return nid; + return group->curve_nid; } @@ -31756,6 +33275,9 @@ int wolfSSL_EC_GROUP_get_curve_name(const WOLFSSL_EC_GROUP *group) */ int wolfSSL_EC_GROUP_get_degree(const WOLFSSL_EC_GROUP *group) { + int nid; + int tmp; + WOLFSSL_ENTER("wolfSSL_EC_GROUP_get_degree"); if (group == NULL || group->curve_idx < 0) { @@ -31763,7 +33285,17 @@ int wolfSSL_EC_GROUP_get_degree(const WOLFSSL_EC_GROUP *group) return WOLFSSL_FAILURE; } - switch(group->curve_nid) { + /* If curve_nid passed in is an ecc_curve_id enum, convert it to the + corresponding OpenSSL NID */ + tmp = EccEnumToNID(group->curve_nid); + if (tmp != -1){ + nid = tmp; + } + else{ + nid = group->curve_nid; + } + + switch(nid) { case NID_secp112r1: case NID_secp112r2: return 112; @@ -31793,13 +33325,81 @@ int wolfSSL_EC_GROUP_get_degree(const WOLFSSL_EC_GROUP *group) case NID_brainpoolP384r1: return 384; case NID_secp521r1: - case NID_brainpoolP512r1: return 521; + case NID_brainpoolP512r1: + return 512; default: return WOLFSSL_FAILURE; } } +/* Converts OpenSSL NID value of ECC curves to the associated enum values in + ecc_curve_id, used by ecc_sets[].*/ +int NIDToEccEnum(int n) +{ + WOLFSSL_ENTER("NIDToEccEnum()"); + + switch(n) { + case NID_X9_62_prime192v1: + return ECC_SECP192R1; + case NID_X9_62_prime192v2: + return ECC_PRIME192V2; + case NID_X9_62_prime192v3: + return ECC_PRIME192V3; + case NID_X9_62_prime239v1: + return ECC_PRIME239V1; + case NID_X9_62_prime239v2: + return ECC_PRIME239V2; + case NID_X9_62_prime239v3: + return ECC_PRIME239V3; + case NID_X9_62_prime256v1: + return ECC_SECP256R1; + case NID_secp112r1: + return ECC_SECP112R1; + case NID_secp112r2: + return ECC_SECP112R2; + case NID_secp128r1: + return ECC_SECP128R1; + case NID_secp128r2: + return ECC_SECP128R2; + case NID_secp160r1: + return ECC_SECP160R1; + case NID_secp160r2: + return ECC_SECP160R2; + case NID_secp224r1: + return ECC_SECP224R1; + case NID_secp384r1: + return ECC_SECP384R1; + case NID_secp521r1: + return ECC_SECP521R1; + case NID_secp160k1: + return ECC_SECP160K1; + case NID_secp192k1: + return ECC_SECP192K1; + case NID_secp224k1: + return ECC_SECP224K1; + case NID_secp256k1: + return ECC_SECP256K1; + case NID_brainpoolP160r1: + return ECC_BRAINPOOLP160R1; + case NID_brainpoolP192r1: + return ECC_BRAINPOOLP192R1; + case NID_brainpoolP224r1: + return ECC_BRAINPOOLP224R1; + case NID_brainpoolP256r1: + return ECC_BRAINPOOLP256R1; + case NID_brainpoolP320r1: + return ECC_BRAINPOOLP320R1; + case NID_brainpoolP384r1: + return ECC_BRAINPOOLP384R1; + case NID_brainpoolP512r1: + return ECC_BRAINPOOLP512R1; + default: + WOLFSSL_MSG("NID not found"); + return -1; + } +} + /* return code compliant with OpenSSL : * 1 if success, 0 if error */ @@ -32154,7 +33754,7 @@ int wolfSSL_EC_POINT_is_at_infinity(const WOLFSSL_EC_GROUP *group, /* End EC_POINT */ -size_t wolfSSL_EC_get_builtin_curves(WOLFSSL_EC_builtin_curve *r, size_t nitems) +size_t wolfSSL_EC_get_builtin_curves(WOLFSSL_EC_BUILTIN_CURVE *r, size_t nitems) { size_t ecc_sets_count; size_t i, min_nitems; @@ -32168,7 +33768,7 @@ size_t wolfSSL_EC_get_builtin_curves(WOLFSSL_EC_builtin_curve *r, size_t nitems) min_nitems = nitems < ecc_sets_count ? nitems : ecc_sets_count; for (i = 0; i < min_nitems; i++) { - r[i].nid = ecc_sets[i].id; + r[i].nid = EccEnumToNID(ecc_sets[i].id); r[i].comment = ecc_sets[i].name; } @@ -32475,32 +34075,214 @@ int wolfSSL_PEM_write_EC_PUBKEY(XFILE fp, WOLFSSL_EC_KEY *x) } #endif +/* Uses the same format of input as wolfSSL_PEM_read_bio_PrivateKey but expects + * the results to be an EC key. + * + * bio structure to read EC private key from + * ec if not null is then set to the result + * cb password callback for reading PEM + * pass password string + * + * returns a pointer to a new WOLFSSL_EC_KEY struct on success and NULL on fail + */ + +WOLFSSL_EC_KEY* wolfSSL_PEM_read_bio_EC_PUBKEY(WOLFSSL_BIO* bio, + WOLFSSL_EC_KEY** ec, + pem_password_cb* cb, void *pass) +{ + WOLFSSL_EVP_PKEY* pkey; + WOLFSSL_EC_KEY* local; + + WOLFSSL_ENTER("wolfSSL_PEM_read_bio_EC_PUBKEY"); + + pkey = wolfSSL_PEM_read_bio_PUBKEY(bio, NULL, cb, pass); + if (pkey == NULL) { + return NULL; + } + + /* Since the WOLFSSL_EC_KEY structure is being taken from WOLFSSL_EVP_PKEY the + * flag indicating that the WOLFSSL_EC_KEY structure is owned should be FALSE + * to avoid having it free'd */ + pkey->ownEcc = 0; + local = pkey->ecc; + if (ec != NULL) { + *ec = local; + } + + wolfSSL_EVP_PKEY_free(pkey); + return local; +} + +/* Reads a private EC key from a WOLFSSL_BIO into a WOLFSSL_EC_KEY. + * Returns WOLFSSL_SUCCESS or WOLFSSL_FAILURE + */ +WOLFSSL_EC_KEY* wolfSSL_PEM_read_bio_ECPrivateKey(WOLFSSL_BIO* bio, + WOLFSSL_EC_KEY** ec, + pem_password_cb* cb, + void *pass) +{ + WOLFSSL_EVP_PKEY* pkey; + WOLFSSL_EC_KEY* local; + + WOLFSSL_ENTER("wolfSSL_PEM_read_bio_ECPrivateKey"); + + pkey = wolfSSL_PEM_read_bio_PrivateKey(bio, NULL, cb, pass); + if (pkey == NULL) { + return NULL; + } + + /* Since the WOLFSSL_EC_KEY structure is being taken from WOLFSSL_EVP_PKEY the + * flag indicating that the WOLFSSL_EC_KEY structure is owned should be FALSE + * to avoid having it free'd */ + pkey->ownEcc = 0; + local = pkey->ecc; + if (ec != NULL) { + *ec = local; + } + + wolfSSL_EVP_PKEY_free(pkey); + return local; +} #endif /* NO_FILESYSTEM */ #if defined(WOLFSSL_KEY_GEN) +/* Takes a public WOLFSSL_EC_KEY and writes it out to WOLFSSL_BIO + * Returns WOLFSSL_SUCCESS or WOLFSSL_FAILURE + */ +int wolfSSL_PEM_write_bio_EC_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_EC_KEY* ec) +{ + int ret = 0, der_max_len = 0, derSz = 0; + byte *derBuf; + WOLFSSL_EVP_PKEY* pkey; + + WOLFSSL_ENTER("wolfSSL_PEM_write_bio_EC_PUBKEY"); + + if (bio == NULL || ec == NULL) { + WOLFSSL_MSG("Bad Function Arguments"); + return WOLFSSL_FAILURE; + } + + /* Initialize pkey structure */ + pkey = wolfSSL_PKEY_new_ex(bio->heap); + if (pkey == NULL) { + WOLFSSL_MSG("wolfSSL_PKEY_new_ex failed"); + return WOLFSSL_FAILURE; + } + + /* Set pkey info */ + pkey->ecc = ec; + pkey->ownEcc = 0; /* pkey does not own ECC */ + pkey->type = EVP_PKEY_EC; + + /* 4 > size of pub, priv + ASN.1 additional information */ + der_max_len = 4 * wc_ecc_size((ecc_key*)ec->internal) + AES_BLOCK_SIZE; + + derBuf = (byte*)XMALLOC(der_max_len, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (derBuf == NULL) { + WOLFSSL_MSG("Malloc failed"); + wolfSSL_EVP_PKEY_free(pkey); + return WOLFSSL_FAILURE; + } + + /* convert key to der format */ + derSz = wc_EccPublicKeyToDer((ecc_key*)ec->internal, derBuf, der_max_len, 1); + if (derSz < 0) { + WOLFSSL_MSG("wc_EccPublicKeyToDer failed"); + XFREE(derBuf, NULL, DYNAMIC_TYPE_DER); + wolfSSL_EVP_PKEY_free(pkey); + return WOLFSSL_FAILURE; + } + + pkey->pkey.ptr = (char*)XMALLOC(derSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (pkey->pkey.ptr == NULL) { + WOLFSSL_MSG("key malloc failed"); + XFREE(derBuf, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + wolfSSL_EVP_PKEY_free(pkey); + return WOLFSSL_FAILURE; + } + + /* add der info to the evp key */ + pkey->pkey_sz = derSz; + XMEMCPY(pkey->pkey.ptr, derBuf, derSz); + XFREE(derBuf, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + + if((ret = wolfSSL_PEM_write_bio_PUBKEY(bio, pkey)) != WOLFSSL_SUCCESS){ + WOLFSSL_MSG("wolfSSL_PEM_write_bio_PUBKEY failed"); + } + wolfSSL_EVP_PKEY_free(pkey); + + return ret; +} /* return code compliant with OpenSSL : * 1 if success, 0 if error */ -#ifndef NO_WOLFSSL_STUB -int wolfSSL_PEM_write_bio_ECPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EC_KEY* ecc, +int wolfSSL_PEM_write_bio_ECPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EC_KEY* ec, const EVP_CIPHER* cipher, unsigned char* passwd, int len, pem_password_cb* cb, void* arg) { - (void)bio; - (void)ecc; - (void)cipher; - (void)passwd; - (void)len; - (void)cb; - (void)arg; - WOLFSSL_STUB("PEM_write_bio_ECPrivateKey"); - WOLFSSL_MSG("wolfSSL_PEM_write_bio_ECPrivateKey not implemented"); + int ret = 0, der_max_len = 0, derSz = 0; + byte *derBuf; + WOLFSSL_EVP_PKEY* pkey; + WOLFSSL_ENTER("WOLFSSL_PEM_write_bio_ECPrivateKey"); - return WOLFSSL_FAILURE; + if (bio == NULL || ec == NULL) { + WOLFSSL_MSG("Bad Function Arguments"); + return WOLFSSL_FAILURE; + } + + /* Initialize pkey structure */ + pkey = wolfSSL_PKEY_new_ex(bio->heap); + if (pkey == NULL) { + WOLFSSL_MSG("wolfSSL_PKEY_new_ex failed"); + return WOLFSSL_FAILURE; + } + + /* Set pkey info */ + pkey->ecc = ec; + pkey->ownEcc = 0; /* pkey does not own ECC */ + pkey->type = EVP_PKEY_EC; + + /* 4 > size of pub, priv + ASN.1 additional informations + */ + der_max_len = 4 * wc_ecc_size((ecc_key*)ec->internal) + AES_BLOCK_SIZE; + + derBuf = (byte*)XMALLOC(der_max_len, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (derBuf == NULL) { + WOLFSSL_MSG("Malloc failed"); + wolfSSL_EVP_PKEY_free(pkey); + return WOLFSSL_FAILURE; + } + + /* convert key to der format */ + derSz = wc_EccKeyToDer((ecc_key*)ec->internal, derBuf, der_max_len); + if (derSz < 0) { + WOLFSSL_MSG("wc_EccKeyToDer failed"); + XFREE(derBuf, NULL, DYNAMIC_TYPE_DER); + wolfSSL_EVP_PKEY_free(pkey); + return WOLFSSL_FAILURE; + } + + pkey->pkey.ptr = (char*)XMALLOC(derSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (pkey->pkey.ptr == NULL) { + WOLFSSL_MSG("key malloc failed"); + XFREE(derBuf, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + wolfSSL_EVP_PKEY_free(pkey); + return WOLFSSL_FAILURE; + } + + /* add der info to the evp key */ + pkey->pkey_sz = derSz; + XMEMCPY(pkey->pkey.ptr, derBuf, derSz); + XFREE(derBuf, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + + ret = wolfSSL_PEM_write_bio_PrivateKey(bio, pkey, cipher, passwd, len, + cb, arg); + wolfSSL_EVP_PKEY_free(pkey); + + return ret; } -#endif /* return code compliant with OpenSSL : * 1 if success, 0 if error @@ -32531,7 +34313,7 @@ int wolfSSL_PEM_write_mem_ECPrivateKey(WOLFSSL_EC_KEY* ecc, WOLFSSL_MSG("No ECC internal set, do it"); if (SetECKeyInternal(ecc) != WOLFSSL_SUCCESS) { - WOLFSSL_MSG("SetDsaInternal failed"); + WOLFSSL_MSG("SetECKeyInternal failed"); return WOLFSSL_FAILURE; } } @@ -32549,7 +34331,7 @@ int wolfSSL_PEM_write_mem_ECPrivateKey(WOLFSSL_EC_KEY* ecc, /* Key to DER */ derSz = wc_EccKeyToDer((ecc_key*)ecc->internal, derBuf, der_max_len); if (derSz < 0) { - WOLFSSL_MSG("wc_DsaKeyToDer failed"); + WOLFSSL_MSG("wc_EccKeyToDer failed"); XFREE(derBuf, NULL, DYNAMIC_TYPE_DER); return WOLFSSL_FAILURE; } @@ -32674,27 +34456,145 @@ int wolfSSL_PEM_write_ECPrivateKey(XFILE fp, WOLFSSL_EC_KEY *ecc, #if defined(WOLFSSL_KEY_GEN) -/* return code compliant with OpenSSL : - * 1 if success, 0 if error +/* Takes a DSA Privatekey and writes it out to a WOLFSSL_BIO + * Returns WOLFSSL_SUCCESS or WOLFSSL_FAILURE */ int wolfSSL_PEM_write_bio_DSAPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_DSA* dsa, const EVP_CIPHER* cipher, unsigned char* passwd, int len, pem_password_cb* cb, void* arg) { - (void)bio; - (void)dsa; - (void)cipher; - (void)passwd; - (void)len; - (void)cb; - (void)arg; + int ret = 0, der_max_len = 0, derSz = 0; + byte *derBuf; + WOLFSSL_EVP_PKEY* pkey; - WOLFSSL_MSG("wolfSSL_PEM_write_bio_DSAPrivateKey not implemented"); + WOLFSSL_ENTER("wolfSSL_PEM_write_bio_DSAPrivateKey"); - return WOLFSSL_FAILURE; + if (bio == NULL || dsa == NULL) { + WOLFSSL_MSG("Bad Function Arguments"); + return WOLFSSL_FAILURE; + } + + pkey = wolfSSL_PKEY_new_ex(bio->heap); + if (pkey == NULL) { + WOLFSSL_MSG("wolfSSL_PKEY_new_ex failed"); + return WOLFSSL_FAILURE; + } + + pkey->type = EVP_PKEY_DSA; + pkey->dsa = dsa; + pkey->ownDsa = 0; + + /* 4 > size of pub, priv, p, q, g + ASN.1 additional information */ + der_max_len = 4 * wolfSSL_BN_num_bytes(dsa->g) + AES_BLOCK_SIZE; + + derBuf = (byte*)XMALLOC(der_max_len, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (derBuf == NULL) { + WOLFSSL_MSG("Malloc failed"); + wolfSSL_EVP_PKEY_free(pkey); + return WOLFSSL_FAILURE; + } + + /* convert key to der format */ + derSz = wc_DsaKeyToDer((DsaKey*)dsa->internal, derBuf, der_max_len); + if (derSz < 0) { + WOLFSSL_MSG("wc_DsaKeyToDer failed"); + XFREE(derBuf, NULL, DYNAMIC_TYPE_DER); + wolfSSL_EVP_PKEY_free(pkey); + return WOLFSSL_FAILURE; + } + + pkey->pkey.ptr = (char*)XMALLOC(derSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (pkey->pkey.ptr == NULL) { + WOLFSSL_MSG("key malloc failed"); + XFREE(derBuf, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + wolfSSL_EVP_PKEY_free(pkey); + return WOLFSSL_FAILURE; + } + + /* add der info to the evp key */ + pkey->pkey_sz = derSz; + XMEMCPY(pkey->pkey.ptr, derBuf, derSz); + XFREE(derBuf, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); + + ret = wolfSSL_PEM_write_bio_PrivateKey(bio, pkey, cipher, passwd, len, + cb, arg); + wolfSSL_EVP_PKEY_free(pkey); + + return ret; } +#ifndef HAVE_SELFTEST +/* Takes a DSA public key and writes it out to a WOLFSSL_BIO + * Returns WOLFSSL_SUCCESS or WOLFSSL_FAILURE + */ +int wolfSSL_PEM_write_bio_DSA_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_DSA* dsa) +{ + int ret = 0, derMax = 0, derSz = 0; + byte *derBuf; + WOLFSSL_EVP_PKEY* pkey; + + WOLFSSL_ENTER("wolfSSL_PEM_write_bio_DSA_PUBKEY"); + + if (bio == NULL || dsa == NULL) { + WOLFSSL_MSG("Bad function arguements"); + return WOLFSSL_FAILURE; + } + + pkey = wolfSSL_PKEY_new_ex(bio->heap); + if (pkey == NULL) { + WOLFSSL_MSG("wolfSSL_PKEY_new_ex failed"); + return WOLFSSL_FAILURE; + } + + pkey->type = EVP_PKEY_DSA; + pkey->dsa = dsa; + pkey->ownDsa = 0; + + /* 4 > size of pub, priv, p, q, g + ASN.1 additional information */ + derMax = 4 * wolfSSL_BN_num_bytes(dsa->g) + AES_BLOCK_SIZE; + + derBuf = (byte*)XMALLOC(derMax, bio->heap, DYNAMIC_TYPE_DER); + if (derBuf == NULL) { + WOLFSSL_MSG("malloc failed"); + wolfSSL_EVP_PKEY_free(pkey); + return WOLFSSL_FAILURE; + } + + /* Key to DER */ + derSz = wc_DsaKeyToPublicDer((DsaKey*)dsa->internal, derBuf, derMax); + if (derSz < 0) { + WOLFSSL_MSG("wc_DsaKeyToDer failed"); + XFREE(derBuf, bio->heap, DYNAMIC_TYPE_DER); + wolfSSL_EVP_PKEY_free(pkey); + return WOLFSSL_FAILURE; + } + + pkey->pkey.ptr = (char*)XMALLOC(derSz, bio->heap, DYNAMIC_TYPE_DER); + + if (pkey->pkey.ptr == NULL) { + WOLFSSL_MSG("key malloc failed"); + XFREE(derBuf, bio->heap, DYNAMIC_TYPE_DER); + wolfSSL_EVP_PKEY_free(pkey); + return WOLFSSL_FAILURE; + } + pkey->pkey_sz = derSz; + XMEMSET(pkey->pkey.ptr, 0, derSz); + + if (XMEMCPY(pkey->pkey.ptr, derBuf, derSz) == NULL) { + WOLFSSL_MSG("XMEMCPY failed"); + XFREE(derBuf, bio->heap, DYNAMIC_TYPE_DER); + XFREE(pkey->pkey.ptr, bio->heap, DYNAMIC_TYPE_DER); + wolfSSL_EVP_PKEY_free(pkey); + return WOLFSSL_FAILURE; + } + XFREE(derBuf, bio->heap, DYNAMIC_TYPE_DER); + ret = wolfSSL_PEM_write_bio_PUBKEY(bio, pkey); + wolfSSL_EVP_PKEY_free(pkey); + return ret; +} +#endif /* HAVE_SELFTEST */ + /* return code compliant with OpenSSL : * 1 if success, 0 if error */ @@ -32887,12 +34787,19 @@ static int pem_read_bio_key(WOLFSSL_BIO* bio, pem_password_cb* cb, void* pass, #else EncryptedInfo info[1]; #endif /* WOLFSSL_SMALL_STACK */ - pem_password_cb* localCb = cb; - + pem_password_cb* localCb = NULL; char* mem = NULL; int memSz = 0; int ret; + if(cb) { + localCb = cb; + } else { + if(pass) { + localCb = wolfSSL_PEM_def_callback; + } + } + if ((ret = wolfSSL_BIO_pending(bio)) > 0) { memSz = ret; mem = (char*)XMALLOC(memSz, bio->heap, DYNAMIC_TYPE_OPENSSL); @@ -32912,7 +34819,6 @@ static int pem_read_bio_key(WOLFSSL_BIO* bio, pem_password_cb* cb, void* pass, int sz = 100; /* read from file by 100 byte chunks */ int idx = 0; char* tmp = (char*)XMALLOC(sz, bio->heap, DYNAMIC_TYPE_OPENSSL); - memSz = 0; if (tmp == NULL) { WOLFSSL_MSG("Memory error"); @@ -33007,22 +34913,34 @@ WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio, void* pass) { WOLFSSL_EVP_PKEY* pkey = NULL; - DerBuffer* der = NULL; - int eccFlag = 0; + DerBuffer* der = NULL; + int keyFormat = 0; + int type = -1; WOLFSSL_ENTER("wolfSSL_PEM_read_bio_PrivateKey"); if (bio == NULL) return pkey; - if (pem_read_bio_key(bio, cb, pass, PRIVATEKEY_TYPE, &eccFlag, &der) >= 0) { - int type; + if (pem_read_bio_key(bio, cb, pass, PRIVATEKEY_TYPE, &keyFormat, + &der) >= 0) { const unsigned char* ptr = der->buffer; - if (eccFlag) - type = EVP_PKEY_EC; - else + if (keyFormat) { + /* keyFormat is Key_Sum enum */ + if (keyFormat == ECDSAk) + type = EVP_PKEY_EC; + else if (keyFormat == DSAk) + type = EVP_PKEY_DSA; + #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) + else if (keyFormat == DHk) + type = EVP_PKEY_DH; + #endif + } + else { + /* Default to RSA if format is not set */ type = EVP_PKEY_RSA; + } /* handle case where reuse is attempted */ if (key != NULL && *key != NULL) @@ -33050,21 +34968,21 @@ WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_bio_PUBKEY(WOLFSSL_BIO* bio, { WOLFSSL_EVP_PKEY* pkey = NULL; DerBuffer* der = NULL; - int eccFlag = 0; + int keyFormat = 0; WOLFSSL_ENTER("wolfSSL_PEM_read_bio_PUBKEY"); if (bio == NULL) return pkey; - if (pem_read_bio_key(bio, cb, pass, PUBLICKEY_TYPE, &eccFlag, &der) >= 0) { + if (pem_read_bio_key(bio, cb, pass, PUBLICKEY_TYPE, &keyFormat, &der) >= 0) { unsigned char* ptr = der->buffer; /* handle case where reuse is attempted */ if (key != NULL && *key != NULL) pkey = *key; - pkey = wolfSSL_d2i_PUBKEY(&pkey, &ptr, der->length); + wolfSSL_d2i_PUBKEY(&pkey, &ptr, der->length); if (pkey == NULL) { WOLFSSL_MSG("Error loading DER buffer into WOLFSSL_EVP_PKEY"); } @@ -33075,13 +34993,13 @@ WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_bio_PUBKEY(WOLFSSL_BIO* bio, if (key != NULL && pkey != NULL) *key = pkey; - WOLFSSL_LEAVE("wolfSSL_PEM_read_bio_PrivateKey", 0); + WOLFSSL_LEAVE("wolfSSL_PEM_read_bio_PUBKEY", 0); return pkey; } -#ifndef NO_RSA +#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && !defined(NO_RSA) /* Uses the same format of input as wolfSSL_PEM_read_bio_PrivateKey but expects * the results to be an RSA key. * @@ -33098,6 +35016,8 @@ WOLFSSL_RSA* wolfSSL_PEM_read_bio_RSAPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* pkey; WOLFSSL_RSA* local; + WOLFSSL_ENTER("PEM_read_bio_RSAPrivateKey"); + pkey = wolfSSL_PEM_read_bio_PrivateKey(bio, NULL, cb, pass); if (pkey == NULL) { return NULL; @@ -33115,8 +35035,75 @@ WOLFSSL_RSA* wolfSSL_PEM_read_bio_RSAPrivateKey(WOLFSSL_BIO* bio, wolfSSL_EVP_PKEY_free(pkey); return local; } -#endif /* !NO_RSA */ +#endif /* OPENSSL_EXTRA || OPENSSL_ALL || !NO_RSA */ +#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && (!defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_DSA) && defined(WOLFSSL_KEY_GEN)) +/* Uses the same format of input as wolfSSL_PEM_read_bio_PrivateKey but expects + * the results to be an DSA key. + * + * bio structure to read DSA private key from + * dsa if not null is then set to the result + * cb password callback for reading PEM + * pass password string + * + * returns a pointer to a new WOLFSSL_DSA structure on success and NULL on fail + */ +WOLFSSL_DSA* wolfSSL_PEM_read_bio_DSAPrivateKey(WOLFSSL_BIO* bio, + WOLFSSL_DSA** dsa, + pem_password_cb* cb,void *pass) +{ + WOLFSSL_EVP_PKEY* pkey = NULL; + WOLFSSL_DSA* local; + WOLFSSL_ENTER("wolfSSL_PEM_read_bio_DSAPrivateKey"); + + + pkey = wolfSSL_PEM_read_bio_PrivateKey(bio, NULL, cb, pass); + if (pkey == NULL) { + WOLFSSL_MSG("Error in PEM_read_bio_PrivateKey"); + return NULL; + } + /* Since the WOLFSSL_DSA structure is being taken from WOLFSSL_EVP_PKEY the + * flag indicating that the WOLFSSL_DSA structure is owned should be FALSE + * to avoid having it free'd */ + pkey->ownDsa = 0; + local = pkey->dsa; + if (dsa != NULL) { + *dsa = local; + } + wolfSSL_EVP_PKEY_free(pkey); + return local; +} + +/* Reads an DSA public key from a WOLFSSL_BIO into a WOLFSSL_DSA. + * Returns WOLFSSL_SUCCESS or WOLFSSL_FAILURE + */ +WOLFSSL_DSA *wolfSSL_PEM_read_bio_DSA_PUBKEY(WOLFSSL_BIO* bio,WOLFSSL_DSA** dsa, + pem_password_cb* cb, void *pass) +{ + WOLFSSL_EVP_PKEY* pkey; + WOLFSSL_DSA* local; + WOLFSSL_ENTER("wolfSSL_PEM_read_bio_DSA_PUBKEY"); + + pkey = wolfSSL_PEM_read_bio_PUBKEY(bio, NULL, cb, pass); + if (pkey == NULL) { + WOLFSSL_MSG("wolfSSL_PEM_read_bio_PUBKEY failed"); + return NULL; + } + + /* Since the WOLFSSL_DSA structure is being taken from WOLFSSL_EVP_PKEY the + * flag indicating that the WOLFSSL_DSA structure is owned should be FALSE + * to avoid having it free'd */ + pkey->ownDsa = 0; + local = pkey->dsa; + if (dsa != NULL) { + *dsa = local; + } + + wolfSSL_EVP_PKEY_free(pkey); + return local; +} +#endif #ifdef HAVE_ECC /* returns a new WOLFSSL_EC_GROUP structure on success and NULL on fail */ @@ -33779,6 +35766,47 @@ int wolfSSL_DSA_LoadDer(WOLFSSL_DSA* dsa, const unsigned char* derBuf, int derSz return WOLFSSL_SUCCESS; } + +/* Loads DSA key from DER buffer. opt = DSA_LOAD_PRIVATE or DSA_LOAD_PUBLIC. + returns 1 on success, or 0 on failure. */ +int wolfSSL_DSA_LoadDer_ex(WOLFSSL_DSA* dsa, const unsigned char* derBuf, + int derSz, int opt) +{ + word32 idx = 0; + int ret; + + WOLFSSL_ENTER("wolfSSL_DSA_LoadDer"); + + if (dsa == NULL || dsa->internal == NULL || derBuf == NULL || derSz <= 0) { + WOLFSSL_MSG("Bad function arguments"); + return WOLFSSL_FATAL_ERROR; + } + + if (opt == WOLFSSL_DSA_LOAD_PRIVATE) { + ret = DsaPrivateKeyDecode(derBuf, &idx, (DsaKey*)dsa->internal, derSz); + } + else { + ret = DsaPublicKeyDecode(derBuf, &idx, (DsaKey*)dsa->internal, derSz); + } + + if (ret < 0 && opt == WOLFSSL_DSA_LOAD_PRIVATE) { + WOLFSSL_MSG("DsaPrivateKeyDecode failed"); + return WOLFSSL_FATAL_ERROR; + } + else if (ret < 0 && opt == WOLFSSL_DSA_LOAD_PUBLIC) { + WOLFSSL_MSG("DsaPublicKeyDecode failed"); + return WOLFSSL_FATAL_ERROR; + } + + if (SetDsaExternal(dsa) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("SetDsaExternal failed"); + return WOLFSSL_FATAL_ERROR; + } + + dsa->inSet = 1; + + return WOLFSSL_SUCCESS; +} #endif /* !NO_DSA */ #ifdef HAVE_ECC @@ -33832,6 +35860,33 @@ int wolfSSL_EC_KEY_LoadDer_ex(WOLFSSL_EC_KEY* key, const unsigned char* derBuf, } #endif /* HAVE_ECC */ +#if !defined(NO_DH) && (defined(WOLFSSL_QT) || defined(OPENSSL_ALL)) +/* return WOLFSSL_SUCCESS if success, WOLFSSL_FATAL_ERROR if error */ +int wolfSSL_DH_LoadDer(WOLFSSL_DH* dh, const unsigned char* derBuf, int derSz) +{ + word32 idx = 0; + int ret; + + if (dh == NULL || dh->internal == NULL || derBuf == NULL || derSz <= 0) { + WOLFSSL_MSG("Bad function arguments"); + return WOLFSSL_FATAL_ERROR; + } + + ret = wc_DhKeyDecode(derBuf, &idx, (DhKey*)dh->internal, (word32)derSz); + if (ret < 0) { + WOLFSSL_MSG("wc_DhKeyDecode failed"); + return WOLFSSL_FATAL_ERROR; + } + + if (SetDhExternal(dh) != WOLFSSL_SUCCESS) { + WOLFSSL_MSG("SetDhExternal failed"); + return WOLFSSL_FATAL_ERROR; + } + + return WOLFSSL_SUCCESS; +} +#endif /* ! NO_DH && WOLFSSL_QT || OPENSSL_ALL */ + #endif /* OPENSSL_EXTRA */ @@ -36644,7 +38699,12 @@ err: } if (i == (int)WOLFSSL_OBJECT_INFO_SZ) { WOLFSSL_MSG("NID not in table"); + #ifdef WOLFSSL_QT + sName = NULL; + type = id; + #else return NULL; + #endif } #ifdef HAVE_ECC @@ -36803,6 +38863,13 @@ err: } buf[bufSz] = '\0'; + #ifdef WOLFSSL_QT + /* For unknown extension types, QT expects the short name to be the + text representation of the oid */ + if (XSTRLEN(a->sName) == 0) { + XMEMCPY(a->sName, buf, bufSz); + } + #endif return bufSz; } #endif /* OPENSSL_EXTRA */ @@ -37158,25 +39225,78 @@ err: } #endif -#ifdef HAVE_ECC + /* Return the corresponding short name for the nid . + * or NULL if short name can't be found. + */ const char * wolfSSL_OBJ_nid2sn(int n) { - int i; + WOLFSSL_ENTER("wolfSSL_OBJ_nid2sn"); - /* find based on NID and return name */ - for (i = 0; ecc_sets[i].size != 0; i++) { - if (n == ecc_sets[i].id) { - return ecc_sets[i].name; + switch(n) + { + case NID_commonName : + return "CN"; + case NID_countryName : + return "C"; + case NID_localityName : + return "L"; + case NID_stateOrProvinceName : + return "ST"; + case NID_organizationName : + return "O"; + case NID_organizationalUnitName : + return "OU"; + case NID_emailAddress : + return "emailAddress"; + case NID_basic_constraints : + return "basicConstraints"; + case NID_subject_key_identifier : + return "subjectKeyIdentifier"; + case NID_authority_key_identifier : + return "authorityKeyIdentifier"; + case NID_certificate_policies: + return "certificatePolicies"; + case NID_key_usage : + return "keyUsage"; + case NID_info_access : + return "authorityInfoAccess"; + case NID_crl_distribution_points : + return "cRLDistributionPoints"; + case EXT_KEY_USAGE_OID : + return "extKeyUsage"; + case AIA_OCSP_OID: + return "OCSP"; + case AIA_CA_ISSUER_OID: + return "caIssuers"; + default : + break; + } + + #ifdef HAVE_ECC + { + int eccEnum; + int i; + /* Convert OpenSSL NID to enum value in ecc_curve_id */ + if ((eccEnum = NIDToEccEnum(n)) != -1) { + /* find sn based on NID and return name */ + for (i = 0; ecc_sets[i].size != 0; i++) { + if (eccEnum == ecc_sets[i].id) { + return ecc_sets[i].name; + } + } } } + #endif /* HAVE_ECC */ + WOLFSSL_MSG("SN not found"); return NULL; } -#endif /* HAVE_ECC */ #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) int wolfSSL_OBJ_sn2nid(const char *sn) { WOLFSSL_ENTER("wolfSSL_OBJ_sn2nid"); + if (sn == NULL) + return NID_undef; return wc_OBJ_sn2nid(sn); } #endif @@ -37198,6 +39318,15 @@ err: if (o == NULL) { return -1; } + + #ifdef WOLFSSL_QT + if (o->grp == oidCertExtType) { + /* If nid is an unknown extension, return NID_undef */ + if (wolfSSL_OBJ_nid2sn(o->nid) == NULL) + return NID_undef; + } + #endif + if (o->nid > 0) return o->nid; if (GetObjectId(o->obj, &idx, &oid, o->grp, o->objSz) < 0) { @@ -37210,20 +39339,108 @@ err: /* Returns the long name that corresponds with an ASN1_OBJECT nid value. * n : NID value of ASN1_OBJECT to search */ - char * wolfSSL_OBJ_nid2ln(int n) + const char* wolfSSL_OBJ_nid2ln(int n) { int i; WOLFSSL_ENTER("wolfSSL_OBJ_nid2ln"); + switch(n) + { + case NID_commonName : + return WOLFSSL_LN_COMMON_NAME; + case NID_countryName : + return WOLFSSL_LN_COUNTRY_NAME; + case NID_localityName : + return WOLFSSL_LN_LOCALITY_NAME; + case NID_stateOrProvinceName : + return WOLFSSL_LN_STATE_NAME; + case NID_organizationName : + return WOLFSSL_LN_ORG_NAME; + case NID_organizationalUnitName : + return WOLFSSL_LN_ORGUNIT_NAME; + case NID_emailAddress : + return WOLFSSL_EMAIL_ADDR; + default: + break; + } + + #ifdef HAVE_ECC + { + int eccEnum; + /* Convert OpenSSL NID to enum value in ecc_curve_id */ + if ((eccEnum = NIDToEccEnum(n)) != -1) { + /* find sn based on NID and return name */ + for (i = 0; i < ecc_sets[i].size; i++) { + if (eccEnum == ecc_sets[i].id) { + return ecc_sets[i].name; + } + } + } + } + #endif /* HAVE_ECC */ + for (i = 0; i < (int)WOLFSSL_OBJECT_INFO_SZ; i++) { if (wolfssl_object_info[i].nid == n) - return (char*)wolfssl_object_info[i].lName; + return wolfssl_object_info[i].lName; } WOLFSSL_MSG("NID not found in table"); return NULL; } + /* Return the corresponding NID for the long name + * or NID_undef if NID can't be found. + */ + int wolfSSL_OBJ_ln2nid(const char *ln) + { + static const struct { + const char *ln; + int nid; + } ln2nid[] = { + {WOLFSSL_LN_COMMON_NAME, NID_commonName}, + {WOLFSSL_LN_COUNTRY_NAME, NID_countryName}, + {WOLFSSL_LN_LOCALITY_NAME, NID_localityName}, + {WOLFSSL_LN_STATE_NAME, NID_stateOrProvinceName}, + {WOLFSSL_LN_ORG_NAME, NID_organizationName}, + {WOLFSSL_LN_ORGUNIT_NAME, NID_organizationalUnitName}, + {WOLFSSL_EMAIL_ADDR, NID_emailAddress}, + {NULL, -1}}; + + int i; + WOLFSSL_ENTER("wolfSSL_OBJ_ln2nid"); + + if (ln == NULL) return BAD_FUNC_ARG; + + /* Return certificate info ln */ + for(i=0; ln2nid[i].ln != NULL; i++) { + if(XSTRNCMP(ln, ln2nid[i].ln, XSTRLEN(ln2nid[i].ln)) == 0) { + return ln2nid[i].nid; + } + } + + /* Return ECC ln */ + #ifdef HAVE_ECC + { + int eccEnum; + /* Nginx uses this OpenSSL string. */ + #ifdef WOLFSSL_NGINX + if (XSTRNCMP(ln, "prime256v1", 10) == 0) ln = "SECP256R1"; + if (XSTRNCMP(ln, "secp384r1", 10) == 0) ln = "SECP384R1"; + #endif + /* find based on name and return NID */ + for (i = 0; i < ecc_sets[i].size; i++) { + if (XSTRNCMP(ln, ecc_sets[i].name, ECC_MAXNAME) == 0) { + eccEnum = ecc_sets[i].id; + /* Convert enum value in ecc_curve_id to OpenSSL NID */ + return EccEnumToNID(eccEnum); + } + } + } + #endif /* HAVE_ECC */ + + return NID_undef; + } + /* compares two objects, return 0 if equal */ int wolfSSL_OBJ_cmp(const WOLFSSL_ASN1_OBJECT* a, const WOLFSSL_ASN1_OBJECT* b) @@ -37367,18 +39584,17 @@ err: } #endif - #ifndef NO_WOLFSSL_STUB - void wolfSSL_set_verify_depth(WOLFSSL *ssl, int depth) { - WOLFSSL_ENTER("wolfSSL_set_verify_depth"); -#ifndef OPENSSL_EXTRA + void wolfSSL_set_verify_depth(WOLFSSL *ssl, int depth) + { + #if !defined(OPENSSL_EXTRA) && !defined(NO_WOLFSSL_STUB) (void)ssl; (void)depth; WOLFSSL_STUB("wolfSSL_set_verify_depth"); -#else + #else + WOLFSSL_ENTER("wolfSSL_set_verify_depth"); ssl->options.verifyDepth = (byte)depth; -#endif - } #endif + } WOLFSSL_ASN1_OBJECT * wolfSSL_X509_NAME_ENTRY_get_object(WOLFSSL_X509_NAME_ENTRY *ne) { @@ -37397,7 +39613,7 @@ err: * * returns the setup WOLFSSL_X509_NAME pointer on success and NULL on fail */ - static WOLFSSL_X509_NAME *wolfSSL_nameByLoc( WOLFSSL_X509_NAME *name, int loc) + static WOLFSSL_X509_NAME* wolfSSL_nameByLoc(WOLFSSL_X509_NAME *name, int loc) { char* pt = NULL; int sz = 0; @@ -37519,6 +39735,24 @@ err: if (loc <= DN_NAMES_MAX + name->fullName.dcNum) { if (wolfSSL_nameByLoc(name, loc) != NULL) return &name->cnEntry; + } + /* DC component */ + if (name->fullName.dcMode) { + if (name->fullName.fullName != NULL){ + if (loc == name->fullName.dcNum){ + name->cnEntry.data.data + = &name->fullName.fullName[name->fullName.cIdx]; + name->cnEntry.data.length = name->fullName.cLen; + name->cnEntry.nid = ASN_COUNTRY_NAME; + } else { + name->cnEntry.data.data + = &name->fullName.fullName[name->fullName.dcIdx[loc]]; + name->cnEntry.data.length = name->fullName.dcLen[loc]; + name->cnEntry.nid = ASN_DOMAIN_COMPONENT; + } + } + name->cnEntry.data.type = CTC_UTF8; + /* common name index case */ } else if (loc == name->fullName.cnIdx && name->x509 != NULL) { /* get CN shortcut from x509 since it has null terminator */ name->cnEntry.data.data = name->x509->subjectCN; @@ -37526,11 +39760,11 @@ err: name->cnEntry.data.type = CTC_UTF8; name->cnEntry.nid = ASN_COMMON_NAME; name->cnEntry.set = 1; - return &name->cnEntry; + } else { + WOLFSSL_MSG("loc passed in is not in range of parsed DN's"); + return NULL; } - WOLFSSL_MSG("loc passed in is not in range of parsed DN's"); - - return NULL; + return &name->cnEntry; } #ifndef NO_WOLFSSL_STUB @@ -38111,6 +40345,7 @@ end: } #ifndef NO_FILESYSTEM +#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) /* Convert DH key parameters to DER format, write to output (outSz) * If output is NULL then max expected size is set to outSz and LENGTH_ONLY_E is * returned. @@ -38119,7 +40354,7 @@ end: * version 2 build. * * return bytes written on success */ -static int wc_DhParamsToDer(DhKey* key, byte* out, word32* outSz) +int wc_DhParamsToDer(DhKey* key, byte* out, word32* outSz) { word32 sz = 0, idx = 0; int pSz = 0, gSz = 0, ret; @@ -38193,6 +40428,199 @@ static int wc_DhParamsToDer(DhKey* key, byte* out, word32* outSz) return idx; } +int wc_DhPubKeyToDer(DhKey* key, byte* out, word32* outSz) +{ + word32 sz = 0; + word32 paramSz = 0; + int ret; + int pubSz = 0; + int idx = 0; + byte scratch[MAX_ALGO_SZ]; + + /* Get size of entire key */ + + /* SEQUENCE <--| SetAlgoId + * OBJECT IDENTIFIER <--| + * SEQUENCE <-- + * INTEGER | wc_DhParamsToDer + * INTEGER <-- + */ + ret = wc_DhParamsToDer(key, NULL, ¶mSz); + if (ret != LENGTH_ONLY_E) + return ASN_PARSE_E; + sz += paramSz; + sz += SetAlgoID(DHk, scratch, oidKeyType, paramSz); + + /* BIT STRING + * INTEGER + */ + pubSz = mp_unsigned_bin_size(&key->pub); + if (pubSz < 0) + return pubSz; + else if (pubSz > 256) /* Key is larger than 2048 */ + return ASN_VERSION_E; + + if (mp_leading_bit(&key->pub)) + pubSz++; + + sz += ASN_TAG_SZ; /* Integer */ + sz += SetLength(pubSz, scratch); + sz += pubSz; + + sz += SetBitString(pubSz + ASN_BIT_STRING, 0, scratch); + + if (out == NULL) { + /* Uppermost SEQUENCE */ + *outSz = sz + SetSequence(sz, scratch); + return LENGTH_ONLY_E; + } + /* end get size of entire key */ + + /* Check for indexing errors */ + if (*outSz < MAX_SEQ_SZ || *outSz < sz) { + return BUFFER_E; + } + + /* Build Up Entire Key */ + + idx += SetSequence(sz, out); + + idx += SetAlgoID(DHk, out+idx, oidKeyType, paramSz); + ret = wc_DhParamsToDer(key, out+idx, ¶mSz); + if (ret < 0) + return ret; + idx += ret; + + /* BIT STRING + * INTEGER + */ + if (pubSz == 256) { /* Key Size: 2048 */ + idx += SetBitString(pubSz + ASN_BIT_STRING+1, 0, out+idx); + } else if (pubSz == 128) { /* Key Size: 1024 */ + idx += SetBitString(pubSz + ASN_BIT_STRING, 0, out+idx); + } else if (pubSz == 64) { /* Key Size: 512 */ + idx += SetBitString(pubSz + ASN_BIT_STRING-1, 0, out+idx); + } else { + WOLFSSL_MSG("Unsupported Key Size"); + return ASN_PARSE_E; + } + + out[idx++] = ASN_INTEGER; + idx += SetLength(pubSz, out + idx); + if (mp_leading_bit(&key->pub)) { + out[idx++] = 0x00; + pubSz -= 1; /* subtract 1 from size to account for leading 0 */ + } + ret = mp_to_unsigned_bin(&key->pub, out + idx); + if (ret != MP_OKAY) { + return BUFFER_E; + } + idx += pubSz; + + return idx; +} + +int wc_DhPrivKeyToDer(DhKey* key, byte* out, word32* outSz) +{ + word32 sz = 0; + word32 paramSz = 0; + int ret; + int privSz = 0; + int idx = 0; + byte scratch[MAX_ALGO_SZ]; + + /* Get size of entire key */ + + /* INTEGER 0 */ + sz += ASN_TAG_SZ; /* Integer */ + sz += SetLength(1, scratch); + sz += 1; + + /* SEQUENCE <--| SetAlgoId + * OBJECT IDENTIFIER <--| + * SEQUENCE <-- + * INTEGER | wc_DhParamsToDer + * INTEGER <-- + */ + ret = wc_DhParamsToDer(key, NULL, ¶mSz); + if (ret != LENGTH_ONLY_E) + return ASN_PARSE_E; + sz += paramSz; + sz += SetAlgoID(DHk, scratch, oidKeyType, paramSz); + + /* OCTET STRING + * INTEGER + */ + privSz = mp_unsigned_bin_size(&key->priv); + if (privSz < 0) + return privSz; + else if (privSz > 256) /* Key is larger than 2048 */ + return ASN_VERSION_E; + + if (mp_leading_bit(&key->priv)) + privSz++; + + sz += ASN_TAG_SZ; /* Integer */ + sz += SetLength(privSz, scratch); + sz += privSz; + + sz += SetOctetString(privSz + ASN_OCTET_STRING, scratch); + + if (out == NULL) { + /* Uppermost SEQUENCE */ + *outSz = sz + SetSequence(sz, scratch); + return LENGTH_ONLY_E; + } + /* end get size of entire key */ + + /* Check for indexing errors */ + if (*outSz < MAX_SEQ_SZ || *outSz < sz) { + return BUFFER_E; + } + + /* Build Up Entire Key */ + + idx += SetSequence(sz, out); + + /* INTEGER 0 */ + out[idx++] = ASN_INTEGER; + idx += SetLength(1, out+idx); + out[idx++] = 0; + + idx += SetAlgoID(DHk, out+idx, oidKeyType, paramSz); + ret = wc_DhParamsToDer(key, out+idx, ¶mSz); + if (ret < 0) + return ret; + idx += ret; + + /* OCTET STRING + * INTEGER + */ + if (privSz == 256) { + idx += SetOctetString(privSz + ASN_OCTET_STRING, out+idx); + } else if (privSz == 128) { + idx += SetOctetString(privSz + ASN_OCTET_STRING-1, out+idx); + } else if (privSz == 64) { + idx += SetOctetString(privSz + ASN_OCTET_STRING-2, out+idx); + } else { + WOLFSSL_MSG("Unsupported key size"); + return ASN_VERSION_E; + } + + out[idx++] = ASN_INTEGER; + idx += SetLength(privSz, out + idx); + if (mp_leading_bit(&key->priv)) { + out[idx++] = 0x00; + privSz -= 1; /* subtract 1 from size to account for leading 0 */ + } + ret = mp_to_unsigned_bin(&key->priv, out + idx); + if (ret != MP_OKAY) { + return BUFFER_E; + } + idx += privSz; + + return idx; +} /* Writes the DH parameters in PEM format from "dh" out to the file pointer * passed in. @@ -38276,8 +40704,9 @@ int wolfSSL_PEM_write_DHparams(XFILE fp, WOLFSSL_DH* dh) WOLFSSL_LEAVE("wolfSSL_PEM_write_DHparams", WOLFSSL_SUCCESS); return WOLFSSL_SUCCESS; } +#endif /* WOLFSSL_QT || OPENSSL_ALL */ #endif /* !NO_FILESYSTEM */ -#endif +#endif /* !NO_DH */ #ifdef WOLFSSL_CERT_GEN @@ -38487,25 +40916,43 @@ int wolfSSL_get_state(const WOLFSSL* ssl) #endif /* HAVE_LIGHTY || HAVE_STUNNEL || WOLFSSL_MYSQL_COMPATIBLE */ #if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \ - || defined(WOLFSSL_NGINX) + || defined(WOLFSSL_NGINX) || defined(WOLFSSL_QT) -#ifndef NO_WOLFSSL_STUB long wolfSSL_ctrl(WOLFSSL* ssl, int cmd, long opt, void* pt) { - WOLFSSL_STUB("SSL_ctrl"); - (void)ssl; - (void)cmd; + WOLFSSL_ENTER("wolfSSL_ctrl"); + if (ssl == NULL) + return BAD_FUNC_ARG; + + switch (cmd) { + case SSL_CTRL_SET_TLSEXT_HOSTNAME: + WOLFSSL_MSG("Entering Case: SSL_CTRL_SET_TLSEXT_HOSTNAME."); + #ifdef HAVE_SNI + if (pt == NULL) { + WOLFSSL_MSG("Passed in NULL Host Name."); + break; + } + return wolfSSL_set_tlsext_host_name(ssl, (const char*) pt); + #else + WOLFSSL_MSG("SNI not enabled."); + break; + #endif /* HAVE_SNI */ + default: + WOLFSSL_MSG("Case not implemented."); + } (void)opt; (void)pt; return WOLFSSL_FAILURE; } -#endif long wolfSSL_CTX_ctrl(WOLFSSL_CTX* ctx, int cmd, long opt, void* pt) { + long ctrl_opt; long ret = WOLFSSL_SUCCESS; - WOLFSSL_ENTER("SSL_CTX_ctrl"); + WOLFSSL_ENTER("wolfSSL_CTX_ctrl"); + if (ctx == NULL) + return WOLFSSL_FAILURE; switch (cmd) { case SSL_CTRL_CHAIN: @@ -38519,7 +40966,7 @@ long wolfSSL_CTX_ctrl(WOLFSSL_CTX* ctx, int cmd, long opt, void* pt) WOLF_STACK_OF(WOLFSSL_X509)* sk = (WOLF_STACK_OF(WOLFSSL_X509)*) pt; WOLFSSL_X509* x509; int i; - if (!ctx || (opt != 0 && opt != 1)) { + if (opt != 0 && opt != 1) { ret = WOLFSSL_FAILURE; break; } @@ -38560,7 +41007,62 @@ long wolfSSL_CTX_ctrl(WOLFSSL_CTX* ctx, int cmd, long opt, void* pt) ret = WOLFSSL_FAILURE; #endif break; + +#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) + case SSL_CTRL_OPTIONS: + WOLFSSL_MSG("Entering Case: SSL_CTRL_OPTIONS."); + ctrl_opt = wolfSSL_CTX_set_options(ctx, opt); + + #ifdef WOLFSSL_QT + /* Set whether to use client or server cipher preference */ + if ((ctrl_opt & SSL_OP_CIPHER_SERVER_PREFERENCE) + == SSL_OP_CIPHER_SERVER_PREFERENCE) { + WOLFSSL_MSG("Using Server's Cipher Preference."); + ctx->useClientOrder = FALSE; + } else { + WOLFSSL_MSG("Using Client's Cipher Preference."); + ctx->useClientOrder = TRUE; + } + #endif /* WOLFSSL_QT */ + + return ctrl_opt; +#endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */ + case SSL_CTRL_EXTRA_CHAIN_CERT: + WOLFSSL_MSG("Entering Case: SSL_CTRL_EXTRA_CHAIN_CERT."); + if (pt == NULL) { + WOLFSSL_MSG("Passed in x509 pointer NULL."); + ret = WOLFSSL_FAILURE; + break; + } + return wolfSSL_CTX_add_extra_chain_cert(ctx,pt); + +#ifndef NO_DH + case SSL_CTRL_SET_TMP_DH: + WOLFSSL_MSG("Entering Case: SSL_CTRL_SET_TMP_DH."); + if (pt == NULL) { + WOLFSSL_MSG("Passed in DH pointer NULL."); + ret = WOLFSSL_FAILURE; + break; + } + return wolfSSL_CTX_set_tmp_dh(ctx, pt); +#endif + +#ifdef HAVE_ECC + case SSL_CTRL_SET_TMP_ECDH: + WOLFSSL_MSG("Entering Case: SSL_CTRL_SET_TMP_ECDH."); + if (pt == NULL) { + WOLFSSL_MSG("Passed in ECDH pointer NULL."); + ret = WOLFSSL_FAILURE; + break; + } + return wolfSSL_SSL_CTX_set_tmp_ecdh(ctx,pt); +#endif + case SSL_CTRL_MODE: + wolfSSL_CTX_set_mode(ctx,opt); + break; + default: + WOLFSSL_MSG("CTX_ctrl cmd not implemented"); ret = WOLFSSL_FAILURE; break; } @@ -38569,10 +41071,22 @@ long wolfSSL_CTX_ctrl(WOLFSSL_CTX* ctx, int cmd, long opt, void* pt) (void)cmd; (void)opt; (void)pt; - WOLFSSL_LEAVE("SSL_CTX_ctrl", (int)ret); + WOLFSSL_LEAVE("wolfSSL_CTX_ctrl", (int)ret); return ret; } +#ifndef WOLFSSL_NO_STUB +long wolfSSL_CTX_callback_ctrl(WOLFSSL_CTX* ctx, int cmd, void (*fp)(void)) +{ + (void) ctx; + (void) cmd; + (void) fp; + WOLFSSL_STUB("wolfSSL_CTX_callback_ctrl"); + return WOLFSSL_FAILURE; + +} +#endif /* WOLFSSL_NO_STUB */ + #ifndef NO_WOLFSSL_STUB long wolfSSL_CTX_clear_extra_chain_certs(WOLFSSL_CTX* ctx) { @@ -38957,7 +41471,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_EVP(WOLFSSL_EVP_PKEY** out, #endif /* HAVE_ECC */ return pkey; } -#endif /* OPENSSL_ALL || WOLFSSL_ASIO || WOLFSSL_HAPROXY */ +#endif /* OPENSSL_ALL || WOLFSSL_ASIO || WOLFSSL_HAPROXY || WOLFSSL_QT */ /* stunnel compatibility functions*/ @@ -39122,12 +41636,19 @@ int wolfSSL_CIPHER_get_bits(const WOLFSSL_CIPHER *c, int *alg_bits) { int ret = WOLFSSL_FAILURE; WOLFSSL_ENTER("wolfSSL_CIPHER_get_bits"); - if(c != NULL && c->ssl != NULL) { + + #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) + (void)alg_bits; + if (c!= NULL) + ret = c->bits; + #else + if (c != NULL && c->ssl != NULL) { ret = 8 * c->ssl->specs.key_size; - if(alg_bits != NULL) { + if (alg_bits != NULL) { *alg_bits = ret; } } + #endif return ret; } @@ -40650,6 +43171,10 @@ WOLF_STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl) add->type = STACK_TYPE_CIPHER; add->data.cipher.cipherSuite0 = suites->suites[i]; add->data.cipher.cipherSuite = suites->suites[i+1]; + #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) + /* in_stack is checked in wolfSSL_CIPHER_description */ + add->data.cipher.in_stack = 1; + #endif add->next = ret; if (ret != NULL) { @@ -40672,8 +43197,8 @@ void wolfSSL_OPENSSL_config(char *config_name) (void)config_name; WOLFSSL_STUB("OPENSSL_config"); } -#endif -#endif +#endif /* !NO_WOLFSSL_STUB */ +#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \ || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) @@ -40691,6 +43216,74 @@ int wolfSSL_X509_get_ex_new_index(int idx, void *arg, void *a, void *b, void *c) return x509_idx++; } +#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) +int wolfSSL_CRYPTO_set_ex_data(WOLFSSL_CRYPTO_EX_DATA* r, int idx, void* arg) +{ + WOLFSSL_STACK* sk; + WOLFSSL_ENTER("wolfSSL_CRYPTO_set_ex_data"); + + if (r == NULL || arg == NULL) { + WOLFSSL_MSG("Invalid Input: WOLFSSL_CRYPTO_EX_DATA"); + return WOLFSSL_FAILURE; + } + + sk = r->data; + if (sk == NULL || sk->num < (unsigned long)idx) { + WOLFSSL_MSG("Invalid Input: Stack"); + return WOLFSSL_FAILURE; + } + + /* Go to node at idx */ + for (; sk != NULL && idx > 0; idx--) + sk = sk->next; + /* if node is tail of stack */ + if (sk == NULL) { + WOLFSSL_MSG("idx exceeds stack size."); + return WOLFSSL_FAILURE; + } + /* Free any data */ + if (sk->data.generic != NULL) + XFREE(sk->data.generic, NULL, DYNAMIC_TYPE_OPENSSL); + + sk->data.generic = arg; + + return WOLFSSL_SUCCESS; +} + +void* wolfSSL_CRYPTO_get_ex_data(const WOLFSSL_CRYPTO_EX_DATA* r, int idx) +{ + void* ex_data; + WOLFSSL_STACK* sk; + WOLFSSL_ENTER("wolfSSL_CRYPTO_get_ex_data"); + + if (r == NULL) { + WOLFSSL_MSG("Invalid Input: WOLFSSL_CRYPTO_EX_DATA"); + return NULL; + } + + sk = r->data; + if (sk == NULL || sk->num < (unsigned long)idx) { + WOLFSSL_MSG("Invalid Input: Stack"); + return NULL; + } + + /* Go to node at idx */ + for (; sk != NULL && idx > 0; idx--) + sk = sk->next; + /* if node is tail of stack */ + if (sk == NULL) { + WOLFSSL_MSG("idx exceeds stack size."); + return NULL; + } + ex_data = sk->data.generic; + if (ex_data == NULL) { + WOLFSSL_MSG("Error getting ex_data"); + } + + return ex_data; +} +#endif /* WOLFSSL_QT || OPENSSL_ALL */ + void *wolfSSL_X509_get_ex_data(X509 *x509, int idx) { WOLFSSL_ENTER("wolfSSL_X509_get_ex_data"); @@ -41999,10 +44592,19 @@ WOLFSSL_BIGNUM *wolfSSL_ASN1_INTEGER_to_BN(const WOLFSSL_ASN1_INTEGER *ai, return NULL; } - if ((ret = GetInt(&mpi, ai->data, &idx, ai->dataMax)) != 0) { + ret = GetInt(&mpi, ai->data, &idx, ai->dataMax); + if (ret != 0) { + #ifdef WOLFSSL_QT + /* Serial number in QT starts at index 0 of data */ + if (mp_read_unsigned_bin(&mpi, (byte*)ai->data, ai->length) != 0) { + mp_clear(&mpi); + return NULL; + } + #else /* expecting ASN1 format for INTEGER */ WOLFSSL_LEAVE("wolfSSL_ASN1_INTEGER_to_BN", ret); return NULL; + #endif } /* mp_clear needs called because mpi is copied and causes memory leak with @@ -42690,6 +45292,24 @@ int wolfSSL_BN_is_odd(const WOLFSSL_BIGNUM* bn) return WOLFSSL_FAILURE; } +/* return compliant with OpenSSL + * 1 if BIGNUM is word, 0 else */ +int wolfSSL_BN_is_word(const WOLFSSL_BIGNUM* bn, WOLFSSL_BN_ULONG w) +{ + WOLFSSL_ENTER("wolfSSL_BN_is_word"); + + if (bn == NULL || bn->internal == NULL) { + WOLFSSL_MSG("bn NULL error"); + return WOLFSSL_FAILURE; + } + + if (mp_isword((mp_int*)bn->internal, w) == MP_YES) { + return WOLFSSL_SUCCESS; + } + + return WOLFSSL_FAILURE; +} + /* return compliant with OpenSSL * -1 if a < b, 0 if a == b and 1 if a > b */ @@ -44301,6 +46921,34 @@ int wolfSSL_EVP_PKEY_assign_EC_KEY(EVP_PKEY* pkey, WOLFSSL_EC_KEY* key) } #endif +#if defined(OPENSSL_EXTRA) && !defined(NO_DSA) +int wolfSSL_EVP_PKEY_assign_DSA(EVP_PKEY* pkey, WOLFSSL_DSA* key) +{ + if (pkey == NULL || key == NULL) + return WOLFSSL_FAILURE; + + pkey->type = EVP_PKEY_DSA; + pkey->dsa = key; + pkey->ownDsa = 1; + + return WOLFSSL_SUCCESS; +} +#endif + +#if defined(OPENSSL_EXTRA) && !defined(NO_DH) +int wolfSSL_EVP_PKEY_assign_DH(EVP_PKEY* pkey, WOLFSSL_DH* key) +{ + if (pkey == NULL || key == NULL) + return WOLFSSL_FAILURE; + + pkey->type = EVP_PKEY_DH; + pkey->dh = key; + pkey->ownDh = 1; + + return WOLFSSL_SUCCESS; +} +#endif + #if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) PKCS7* wolfSSL_PKCS7_new(void) { @@ -44625,8 +47273,10 @@ WOLFSSL_STACK* wolfSSL_sk_X509_new(void) { WOLFSSL_STACK* s = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), NULL, DYNAMIC_TYPE_X509); - if (s != NULL) + if (s != NULL) { XMEMSET(s, 0, sizeof(*s)); + s->type = STACK_TYPE_X509; + } return s; } diff --git a/src/tls.c b/src/tls.c index e982ad425..dc4158bab 100644 --- a/src/tls.c +++ b/src/tls.c @@ -2390,7 +2390,7 @@ static TCA* TLSX_TCA_New(byte type, const byte* id, word16 idSz, void* heap) #ifndef NO_SHA case WOLFSSL_TRUSTED_CA_KEY_SHA1: case WOLFSSL_TRUSTED_CA_CERT_SHA1: - if (idSz == SHA_DIGEST_SIZE && + if (idSz == WC_SHA_DIGEST_SIZE && (tca->id = (byte*)XMALLOC(idSz, heap, DYNAMIC_TYPE_TLSX))) { XMEMCPY(tca->id, id, idSz); @@ -2605,9 +2605,9 @@ static int TLSX_TCA_Parse(WOLFSSL* ssl, const byte* input, word16 length, #ifndef NO_SHA case WOLFSSL_TRUSTED_CA_KEY_SHA1: case WOLFSSL_TRUSTED_CA_CERT_SHA1: - if (offset + SHA_DIGEST_SIZE > length) + if (offset + WC_SHA_DIGEST_SIZE > length) return BUFFER_ERROR; - idSz = SHA_DIGEST_SIZE; + idSz = WC_SHA_DIGEST_SIZE; id = input + offset; offset += idSz; break; diff --git a/tests/api.c b/tests/api.c index 89baa8efc..84235f082 100644 --- a/tests/api.c +++ b/tests/api.c @@ -523,7 +523,7 @@ static void test_wolfSSL_Method_Allocators(void) TEST_VALID_METHOD_ALLOCATOR(wolfSSLv3_client_method); #endif #endif - #ifdef WOLFSL_ALLOW_TLSV10 + #ifdef WOLFLSL_ALLOW_TLSV10 #ifndef NO_WOLFSSL_SERVER TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_server_method); #endif @@ -2667,7 +2667,8 @@ static void test_client_nofail(void* args, void *cb) cipherName1 = wolfSSL_CIPHER_get_name(cipher); cipherName2 = wolfSSL_get_cipher(ssl); AssertStrEQ(cipherName1, cipherName2); -#if !defined(WOLFSSL_CIPHER_INTERNALNAME) && !defined(NO_ERROR_STRINGS) +#if !defined(WOLFSSL_CIPHER_INTERNALNAME) && !defined(NO_ERROR_STRINGS) && \ + !defined(WOLFSSL_QT) cipherName1 = wolfSSL_get_cipher_name_iana_from_suite( (cipherSuite >> 8), cipherSuite & 0xFF); AssertStrEQ(cipherName1, cipherName2); @@ -13539,6 +13540,74 @@ static int test_wc_DsaKeyToDer (void) } /* END test_wc_DsaKeyToDer */ +/* + * Testing wc_DsaKeyToPublicDer() + * (indirectly testing setDsaPublicKey()) + */ +static int test_wc_DsaKeyToPublicDer(void) +{ + int ret = 0; +#ifndef HAVE_SELFTEST +#if !defined(NO_DSA) && defined(WOLFSSL_KEY_GEN) + DsaKey genKey; + WC_RNG rng; + byte* der; + + printf(testingFmt, "wc_DsaKeyToPublicDer()"); + + der = (byte*)XMALLOC(ONEK_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (der == NULL) { + ret = WOLFSSL_FATAL_ERROR; + } + if (ret == 0) { + ret = wc_InitDsaKey(&genKey); + } + if (ret == 0) { + ret = wc_InitRng(&rng); + } + if (ret == 0) { + ret = wc_MakeDsaParameters(&rng, ONEK_BUF, &genKey); + } + if (ret == 0) { + ret = wc_MakeDsaKey(&rng, &genKey); + } + + if (ret == 0) { + ret = wc_DsaKeyToPublicDer(&genKey, der, ONEK_BUF); + if (ret >= 0) { + ret = 0; + } else { + ret = WOLFSSL_FATAL_ERROR; + } + } + + /* Test bad args. */ + if (ret == 0) { + ret = wc_DsaKeyToPublicDer(NULL, der, FOURK_BUF); + if (ret == BAD_FUNC_ARG) { + ret = wc_DsaKeyToPublicDer(&genKey, NULL, FOURK_BUF); + } + if (ret == BAD_FUNC_ARG) { + ret = 0; + } else { + ret = WOLFSSL_FATAL_ERROR; + } + } + + if (wc_FreeRng(&rng) && ret == 0) { + ret = WOLFSSL_FATAL_ERROR; + } + + printf(resultFmt, ret == 0 ? passed : failed); + + XFREE(der,NULL,DYNAMIC_TYPE_TMP_BUFFER); + wc_FreeDsaKey(&genKey); +#endif /* !defined(NO_DSA) && defined(WOLFSSL_KEY_GEN) */ +#endif /* HAVE_SELFTEST */ + return ret; + +} /* END test_wc_DsaKeyToPublicDer */ + /* * Testing wc_DsaImportParamsRaw() */ @@ -18976,7 +19045,7 @@ static void test_wolfSSL_certs(void) AssertIntEQ(crit, -1); sk_ASN1_OBJECT_free(sk); - sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, NID_subject_alt_name, + sk = (STACK_OF(GENERAL_NAME)*)X509_get_ext_d2i(x509, NID_subject_alt_name, &crit, NULL); /* AssertNotNull(sk); no alt names set */ sk_GENERAL_NAME_free(sk); @@ -19553,6 +19622,56 @@ static void test_wolfSSL_PEM_PrivateKey(void) #endif /* OPENSSL_EXTRA && !NO_CERTS && !NO_RSA && USE_CERT_BUFFERS_2048 */ } +static void test_wolfSSL_PEM_bio_RSAKey(void) +{ +#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \ + defined(WOLFSSL_KEY_GEN) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_CERTS) + RSA* rsa = NULL; + BIO* bio = NULL; + + printf(testingFmt, "wolfSSL_PEM_bio_RSAKey"); + + /* PrivateKey */ + AssertNotNull(bio = BIO_new_file(svrKeyFile, "rb")); + AssertNull((rsa = PEM_read_bio_RSAPrivateKey(NULL, NULL, NULL, NULL))); + AssertNotNull((rsa = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL))); + AssertIntEQ(RSA_size(rsa), 256); + AssertIntEQ(PEM_write_bio_RSAPrivateKey(NULL, NULL, NULL, NULL, 0, NULL, \ + NULL), WOLFSSL_FAILURE); + BIO_free(bio); + AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); + AssertIntEQ(PEM_write_bio_RSAPrivateKey(bio, rsa, NULL, NULL, 0, NULL, \ + NULL), WOLFSSL_SUCCESS); + BIO_free(bio); + RSA_free(rsa); + + /* PUBKEY */ + AssertNotNull(bio = BIO_new_file("./certs/rsa-pub-2048.pem", "rb")); + AssertNull((rsa = PEM_read_bio_RSA_PUBKEY(NULL, NULL, NULL, NULL))); + AssertNotNull((rsa = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL))); + AssertIntEQ(RSA_size(rsa), 256); + AssertIntEQ(PEM_write_bio_RSA_PUBKEY(NULL, NULL), WOLFSSL_FAILURE); + BIO_free(bio); + AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); + AssertIntEQ(PEM_write_bio_RSA_PUBKEY(bio, rsa), WOLFSSL_SUCCESS); + BIO_free(bio); + RSA_free(rsa); + + #ifdef HAVE_ECC + /* ensure that non-rsa keys do not work */ + AssertNotNull(bio = BIO_new_file(eccKeyFile, "rb")); /* ecc key */ + AssertNull((rsa = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL))); + AssertNull((rsa = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL))); + BIO_free(bio); + RSA_free(rsa); + #endif /* HAVE_ECC */ + + printf(resultFmt, passed); +#endif /* defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \ + (defined(WOLFSSL_KEY_GEN) || WOLFSSL_CERT_GEN) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_CERTS) */ +} static void test_wolfSSL_PEM_RSAPrivateKey(void) { @@ -19581,6 +19700,105 @@ static void test_wolfSSL_PEM_RSAPrivateKey(void) #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */ } +static void test_wolfSSL_PEM_bio_DSAKey(void) +{ +#ifndef HAVE_SELFTEST +#if (defined(WOLFSSL_QT) || defined(OPENSSL_ALL)) && !defined(NO_CERTS) && \ + defined(WOLFSSL_KEY_GEN) && !defined(NO_FILESYSTEM) && !defined(NO_DSA) + DSA* dsa = NULL; + BIO* bio = NULL; + + printf(testingFmt, "wolfSSL_PEM_bio_DSAKey"); + + /* PrivateKey */ + AssertNotNull(bio = BIO_new_file("./certs/1024/dsa1024.pem", "rb")); + AssertNull((dsa = PEM_read_bio_DSAPrivateKey(NULL, NULL, NULL, NULL))); + AssertNotNull((dsa = PEM_read_bio_DSAPrivateKey(bio, NULL, NULL, NULL))); + AssertIntEQ(BN_num_bytes(dsa->g), 128); + AssertIntEQ(PEM_write_bio_DSAPrivateKey(NULL, NULL, NULL, NULL, 0, NULL, NULL), + WOLFSSL_FAILURE); + BIO_free(bio); + AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); + AssertIntEQ(PEM_write_bio_DSAPrivateKey(bio, dsa, NULL, NULL, 0, NULL, NULL), + WOLFSSL_SUCCESS); + BIO_free(bio); + DSA_free(dsa); + + /* PUBKEY */ + AssertNotNull(bio = BIO_new_file("./certs/1024/dsa-pub-1024.pem", "rb")); + AssertNull((dsa = PEM_read_bio_DSA_PUBKEY(NULL, NULL, NULL, NULL))); + AssertNotNull((dsa = PEM_read_bio_DSA_PUBKEY(bio, NULL, NULL, NULL))); + AssertIntEQ(BN_num_bytes(dsa->g), 128); + AssertIntEQ(PEM_write_bio_DSA_PUBKEY(NULL, NULL), WOLFSSL_FAILURE); + BIO_free(bio); + AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); + AssertIntEQ(PEM_write_bio_DSA_PUBKEY(bio, dsa), WOLFSSL_SUCCESS); + BIO_free(bio); + DSA_free(dsa); + + #ifdef HAVE_ECC + /* ensure that non-dsa keys do not work */ + AssertNotNull(bio = BIO_new_file(eccKeyFile, "rb")); /* ecc key */ + AssertNull((dsa = PEM_read_bio_DSAPrivateKey(bio, NULL, NULL, NULL))); + AssertNull((dsa = PEM_read_bio_DSA_PUBKEY(bio, NULL, NULL, NULL))); + BIO_free(bio); + DSA_free(dsa); + #endif /* HAVE_ECC */ + + printf(resultFmt, passed); +#endif /* defined(WOLFSSL_QT) || defined(OPENSSL_ALL)) && \ + !defined(NO_CERTS) && defined(WOLFSSL_KEY_GEN) && \ + !defined(NO_FILESYSTEM) && !defined(NO_DSA) */ +#endif /* HAVE_SELFTEST */ +} + +static void test_wolfSSL_PEM_bio_ECKey(void) +{ +#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \ + defined(WOLFSSL_KEY_GEN) && !defined(NO_FILESYSTEM) && defined(HAVE_ECC) + EC_KEY* ec = NULL; + BIO* bio = NULL; + + printf(testingFmt, "wolfSSL_PEM_bio_ECKey"); + + /* PrivateKey */ + AssertNotNull(bio = BIO_new_file("./certs/ecc-key.pem", "rb")); + AssertNull((ec = PEM_read_bio_ECPrivateKey(NULL, NULL, NULL, NULL))); + AssertNotNull((ec = PEM_read_bio_ECPrivateKey(bio, NULL, NULL, NULL))); + AssertIntEQ(wc_ecc_size((ecc_key*)ec->internal), 32); + AssertIntEQ(PEM_write_bio_ECPrivateKey(NULL, NULL, NULL, NULL, 0, NULL, \ + NULL),WOLFSSL_FAILURE); + BIO_free(bio); + AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); + AssertIntEQ(PEM_write_bio_ECPrivateKey(bio, ec, NULL, NULL, 0, NULL, \ + NULL), WOLFSSL_SUCCESS); + BIO_free(bio); + EC_KEY_free(ec); + + /* PUBKEY */ + AssertNotNull(bio = BIO_new_file("./certs/ecc-client-keyPub.pem", "rb")); + AssertNull((ec = PEM_read_bio_EC_PUBKEY(NULL, NULL, NULL, NULL))); + AssertNotNull((ec = PEM_read_bio_EC_PUBKEY(bio, NULL, NULL, NULL))); + AssertIntEQ(wc_ecc_size((ecc_key*)ec->internal), 32); + AssertIntEQ(PEM_write_bio_EC_PUBKEY(NULL, NULL), WOLFSSL_FAILURE); + BIO_free(bio); + AssertNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); + AssertIntEQ(PEM_write_bio_EC_PUBKEY(bio, ec), WOLFSSL_SUCCESS); + BIO_free(bio); + EC_KEY_free(ec); + + #ifndef NO_RSA + /* ensure that non-ec keys do not work */ + AssertNotNull(bio = BIO_new_file(svrKeyFile, "rb")); /* rsa key */ + AssertNull((ec = PEM_read_bio_ECPrivateKey(bio, NULL, NULL, NULL))); + AssertNull((ec = PEM_read_bio_EC_PUBKEY(bio, NULL, NULL, NULL))); + BIO_free(bio); + EC_KEY_free(ec); + #endif /* HAVE_ECC */ + + printf(resultFmt, passed); +#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */ +} static void test_wolfSSL_PEM_PUBKEY(void) { @@ -20316,8 +20534,9 @@ static void test_wolfSSL_X509_STORE_CTX_get0_current_issuer(void) X509_free(issuer); X509_STORE_CTX_free(ctx); - #ifdef WOLFSSL_KEEP_STORE_CERTS + #if defined(WOLFSSL_KEEP_STORE_CERTS) || defined(OPENSSL_ALL) || defined(WOLFSSL_QT) X509_free(x509Svr); + X509_STORE_free(str); #endif X509_free(x509Ca); @@ -20360,7 +20579,8 @@ static void test_wolfSSL_X509_STORE_CTX(void) #ifdef OPENSSL_ALL sk_X509_free(sk); #endif - #ifdef WOLFSSL_KEEP_STORE_CERTS + #if defined(WOLFSSL_KEEP_STORE_CERTS) || defined(OPENSSL_ALL) || defined(WOLFSSL_QT) + X509_STORE_free(str); X509_free(x509); #endif @@ -20387,7 +20607,8 @@ static void test_wolfSSL_X509_STORE_CTX(void) AssertIntEQ(sk_num(sk3), 1); /* sanity, make sure chain has 1 cert */ X509_STORE_CTX_free(ctx); sk_X509_free(sk); - #ifdef WOLFSSL_KEEP_STORE_CERTS + #if defined(WOLFSSL_KEEP_STORE_CERTS) || defined(WOLFSSL_QT) + X509_STORE_free(str); /* CTX certs not freed yet */ X509_free(x5092); #endif @@ -20582,6 +20803,9 @@ static void test_wolfSSL_X509_STORE_CTX_get0_store(void) wolfSSL_X509_STORE_CTX_free(ctx); wolfSSL_X509_STORE_CTX_free(ctx_no_init); +#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) + X509_STORE_free(store); +#endif printf(resultFmt, passed); #endif /* OPENSSL_EXTRA */ @@ -20922,6 +21146,8 @@ static void test_wolfSSL_BN(void) AssertIntEQ(BN_set_word(a, 1), SSL_SUCCESS); AssertIntEQ(BN_set_word(b, 5), SSL_SUCCESS); + AssertIntEQ(BN_is_word(a, BN_get_word(a)), SSL_SUCCESS); + AssertIntEQ(BN_is_word(a, 3), SSL_FAILURE); AssertIntEQ(BN_sub(c, a, b), SSL_SUCCESS); #if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) { @@ -21037,11 +21263,40 @@ static int msgCb(SSL_CTX *ctx, SSL *ssl) { (void) ctx; (void) ssl; + #ifdef WOLFSSL_QT + STACK_OF(X509)* sk; + X509* x509; + int i, num; + BIO* bio; + #endif printf("\n===== msgcb called ====\n"); #if defined(SESSION_CERTS) && defined(TEST_PEER_CERT_CHAIN) AssertTrue(SSL_get_peer_cert_chain(ssl) != NULL); AssertIntEQ(((WOLFSSL_X509_CHAIN *)SSL_get_peer_cert_chain(ssl))->count, 1); #endif + + #ifdef WOLFSSL_QT + bio = BIO_new(BIO_s_file()); + BIO_set_fp(bio, stdout, BIO_NOCLOSE); + sk = SSL_get_peer_cert_chain(ssl); + AssertNotNull(sk); + if (!sk) { + BIO_free(bio); + return SSL_FAILURE; + } + num = sk_X509_num(sk); + AssertTrue(num > 0); + for (i = 0; i < num; i++) { + x509 = sk_X509_value(sk,i); + AssertNotNull(x509); + if (!x509) + break; + printf("Certificate at index [%d] = :\n",i); + X509_print(bio,x509); + printf("\n\n"); + } + BIO_free(bio); + #endif return SSL_SUCCESS; } #endif @@ -21467,6 +21722,7 @@ static long bioCallback(BIO *bio, int cmd, const char* argp, int argi, static void test_wolfSSL_BIO(void) { #if defined(OPENSSL_EXTRA) + const unsigned char* p; byte buff[20]; BIO* bio1; BIO* bio2; @@ -21582,6 +21838,8 @@ static void test_wolfSSL_BIO(void) AssertIntEQ((int)BIO_ctrl_pending(bio3), 0); AssertIntEQ(BIO_nread(bio3, &bufPt, 3), WOLFSSL_BIO_ERROR); AssertIntEQ(BIO_nwrite(bio1, &bufPt, 20), 20); + AssertIntEQ((int)BIO_ctrl(bio1, BIO_CTRL_INFO, 0, &p), 20); + AssertNotNull(p); XMEMCPY(bufPt, buff, 20); AssertIntEQ(BIO_nread(bio3, &bufPt, 6), 6); for (i = 0; i < 6; i++) { @@ -21927,7 +22185,7 @@ static void test_wolfSSL_X509(void) X509_STORE_CTX_free(ctx); - #ifdef WOLFSSL_KEEP_STORE_CERTS + #if defined(WOLFSSL_KEEP_STORE_CERTS) || defined(WOLFSSL_QT) X509_STORE_free(store); X509_free(x509); #endif @@ -22201,7 +22459,6 @@ static void test_wolfSSL_X509_PUBKEY_get0_param(void) AssertIntEQ(OBJ_obj2nid(obj), RSAk); X509_free(x509); -// AssertIntEQ(1,0); printf(resultFmt, passed); #endif @@ -22544,14 +22801,14 @@ static void test_wolfSSL_ERR_print_errors(void) AssertNotNull(bio = BIO_new(BIO_s_mem())); ERR_clear_error(); /* clear out any error nodes */ ERR_put_error(0,SYS_F_ACCEPT, -173, "ssl.c", 0); - ERR_put_error(0,SYS_F_BIND, -283, "asn.c", 100); + ERR_put_error(0,SYS_F_BIND, -275, "asn.c", 100); ERR_print_errors(bio); AssertIntEQ(BIO_gets(bio, buf, sizeof(buf)), 56); AssertIntEQ(XSTRNCMP("error:173:wolfSSL library:Bad function argument:ssl.c:0", buf, 55), 0); AssertIntEQ(BIO_gets(bio, buf, sizeof(buf)), 57); - AssertIntEQ(XSTRNCMP("error:283:wolfSSL library:unknown error number:asn.c:100", + AssertIntEQ(XSTRNCMP("error:275:wolfSSL library:unknown error number:asn.c:100", buf, 56), 0); AssertIntEQ(BIO_gets(bio, buf, sizeof(buf)), 0); AssertIntEQ(ERR_get_error_line(NULL, NULL), 0); @@ -23301,6 +23558,10 @@ static void test_wolfSSL_BIO_write(void) /* now try encoding with no line ending */ BIO_set_flags(bio64, BIO_FLAG_BASE64_NO_NL); + #ifdef HAVE_EX_DATA + BIO_set_ex_data(bio64, 0, (void*) "data"); + AssertIntEQ(strcmp(BIO_get_ex_data(bio64, 0), "data"), 0); + #endif AssertIntEQ(BIO_write(bio, msg, sizeof(msg)), sizeof(msg)); BIO_flush(bio); sz = sizeof(out); @@ -23322,6 +23583,7 @@ static void test_wolfSSL_BIO_write(void) XMEMSET(out, 0, sz); AssertIntEQ((sz = BIO_read(bio, out, sz)), 16); AssertIntEQ(XMEMCMP(out, msg, sz), 0); + BIO_clear_flags(bio64, ~0); BIO_set_retry_read(bio); BIO_free_all(bio); /* frees bio64s also */ @@ -24300,6 +24562,7 @@ static void test_wolfSSL_DH_1536_prime(void) static void test_wolfSSL_PEM_write_DHparams(void) { +#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) #if defined(OPENSSL_EXTRA) && !defined(NO_DH) && !defined(NO_FILESYSTEM) DH* dh; BIO* bio; @@ -24340,6 +24603,7 @@ tgZl96bcAGdru8OpQYP7x/rI4h5+rwA/kwIBAg==\n\ XFCLOSE(fp); printf(resultFmt, passed); +#endif /* OPENSSL_ALL || OPENSSL_QT */ #endif } @@ -24466,9 +24730,15 @@ static void test_wolfSSL_OpenSSL_add_all_algorithms(void){ #if defined(OPENSSL_EXTRA) printf(testingFmt, "wolfSSL_OpenSSL_add_all_algorithms()"); + AssertIntEQ(wolfSSL_add_all_algorithms(),WOLFSSL_SUCCESS); + wolfSSL_Cleanup(); + AssertIntEQ(wolfSSL_OpenSSL_add_all_algorithms_noconf(),WOLFSSL_SUCCESS); wolfSSL_Cleanup(); + AssertIntEQ(wolfSSL_OpenSSL_add_all_algorithms_conf(),WOLFSSL_SUCCESS); + wolfSSL_Cleanup(); + printf(resultFmt, passed); #endif } @@ -25063,6 +25333,905 @@ static void test_wolfSSL_AES_cbc_encrypt() #endif } +#if defined(WOLFSSL_QT) +#if !defined(NO_ASN) +static void test_wolfSSL_ASN1_STRING_to_UTF8(void) +{ + WOLFSSL_X509* x509; + WOLFSSL_X509_NAME* subject; + WOLFSSL_X509_NAME_ENTRY* e; + WOLFSSL_ASN1_STRING* a; + FILE* file; + int idx = 0; + char targetOutput[15] = "www.wolfssl.com"; + unsigned char* actual_output; + int len = 0; + int result = 0; + + AssertNotNull(file = fopen("./certs/server-cert.pem", "rb")); + AssertNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL)); + fclose(file); + + printf(testingFmt, "wolfSSL_ASN1_STRING_to_UTF8(): NID_commonName"); + AssertNotNull(subject = wolfSSL_X509_get_subject_name(x509)); + AssertIntEQ((idx = wolfSSL_X509_NAME_get_index_by_NID(subject, + NID_commonName, -1)), 5); + AssertNotNull(e = wolfSSL_X509_NAME_get_entry(subject, idx)); + AssertNotNull(a = wolfSSL_X509_NAME_ENTRY_get_data(e)); + AssertIntEQ((len = wolfSSL_ASN1_STRING_to_UTF8(&actual_output, a)), 15); + result = strncmp((const char*)actual_output, targetOutput, len); + AssertIntEQ(result, 0); + printf(resultFmt, result == 0 ? passed : failed); + + printf(testingFmt, "wolfSSL_ASN1_STRING_to_UTF8(NULL, valid): "); + AssertIntEQ((len = wolfSSL_ASN1_STRING_to_UTF8(NULL, a)), + WOLFSSL_FATAL_ERROR); + printf(resultFmt, len == WOLFSSL_FATAL_ERROR ? passed : failed); + + printf(testingFmt, "wolfSSL_ASN1_STRING_to_UTF8(valid, NULL): "); + AssertIntEQ((len = wolfSSL_ASN1_STRING_to_UTF8(&actual_output, NULL)), + WOLFSSL_FATAL_ERROR); + printf(resultFmt, len == WOLFSSL_FATAL_ERROR ? passed : failed); + + printf(testingFmt, "wolfSSL_ASN1_STRING_to_UTF8(NULL, NULL): "); + AssertIntEQ((len = wolfSSL_ASN1_STRING_to_UTF8(NULL, NULL)), + WOLFSSL_FATAL_ERROR); + printf(resultFmt, len == WOLFSSL_FATAL_ERROR ? passed : failed); + + wolfSSL_X509_free(x509); + XFREE(actual_output, NULL, DYNAMIC_TYPE_TMP_BUFFER); +} +#endif /* !defined(NO_ASN) */ + +static void test_wolfSSL_sk_CIPHER_description(void) +{ + const long flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_COMPRESSION; + int i,j,k; + int numCiphers = 0; + const SSL_METHOD *method = NULL; + const SSL_CIPHER *cipher = NULL; + STACK_OF(SSL_CIPHER) *supportedCiphers = NULL; + SSL_CTX *ctx = NULL; + SSL *ssl = NULL; + char buf[256]; + char test_str[9] = "0000000\0"; + const char badStr[] = "unknown\0"; + const char certPath[] = "./certs/client-cert.pem"; + XMEMSET(buf, 0, sizeof(buf)); + + printf(testingFmt, "wolfSSL_sk_CIPHER_description"); + + SSL_library_init(); + + AssertNotNull(method = TLSv1_client_method()); + AssertNotNull(ctx = SSL_CTX_new(method)); + + SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0); + SSL_CTX_set_verify_depth(ctx, 4); + + SSL_CTX_set_options(ctx, flags); + AssertIntEQ(SSL_CTX_load_verify_locations(ctx, certPath, NULL), + WOLFSSL_SUCCESS); + + AssertNotNull(ssl = SSL_new(ctx)); + /* SSL_get_ciphers returns a stack of all configured ciphers + * A flag, getCipherAtOffset, is set to later have SSL_CIPHER_description + */ + AssertNotNull(supportedCiphers = SSL_get_ciphers(ssl)); + + /* loop through the amount of supportedCiphers */ + numCiphers = sk_num(supportedCiphers); + for (i = 0; i < numCiphers; ++i) { + + /* sk_value increments "sk->data.cipher->cipherOffset". + * wolfSSL_sk_CIPHER_description sets the description for + * the cipher based on the provided offset. + */ + + if ((cipher = sk_value(supportedCiphers, i))) { + SSL_CIPHER_description(cipher, buf, sizeof(buf)); + } + + /* Search cipher description string for "unknown" descriptor */ + for (j=0; j < (int)XSTRLEN(buf); j++) { + k=0; + while ((buf[j] == badStr[k]) && (k < (int)XSTRLEN(badStr))) { + test_str[k] = badStr[k]; + j++,k++; + } + } + /* Fail if test_str == badStr == "unknown" */ + AssertStrNE(test_str,badStr); + } + SSL_free(ssl); + SSL_CTX_free(ctx); + + printf(resultFmt, passed); +} + +static void test_wolfSSL_get_ciphers_compat(void) +{ + const SSL_METHOD *method = NULL; + const char certPath[] = "./certs/client-cert.pem"; + STACK_OF(SSL_CIPHER) *supportedCiphers = NULL; + SSL_CTX *ctx = NULL; + WOLFSSL *ssl = NULL; + const long flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_COMPRESSION; + + printf(testingFmt, "wolfSSL_get_ciphers_compat"); + + SSL_library_init(); + + AssertNotNull(method = TLSv1_client_method()); + AssertNotNull(ctx = SSL_CTX_new(method)); + + SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0); + SSL_CTX_set_verify_depth(ctx, 4); + + SSL_CTX_set_options(ctx, flags); + AssertIntEQ(SSL_CTX_load_verify_locations(ctx, certPath, NULL), + WOLFSSL_SUCCESS); + + AssertNotNull(ssl = SSL_new(ctx)); + + /* Test Bad NULL input */ + AssertNull(supportedCiphers = SSL_get_ciphers(NULL)); + /* Test for Good input */ + AssertNotNull(supportedCiphers = SSL_get_ciphers(ssl)); + /* Further usage of SSL_get_ciphers/wolfSSL_get_ciphers_compat is + * tested in test_wolfSSL_sk_CIPHER_description according to Qt usage */ + + SSL_free(ssl); + SSL_CTX_free(ctx); + + printf(resultFmt, passed); +} + +static void test_wolfSSL_X509_PUBKEY_get(void) +{ + WOLFSSL_X509_PUBKEY pubkey; + WOLFSSL_X509_PUBKEY* key; + WOLFSSL_EVP_PKEY evpkey; + WOLFSSL_EVP_PKEY* evpPkey; + WOLFSSL_EVP_PKEY* retEvpPkey; + + key = &pubkey; + evpPkey = &evpkey; + + evpPkey->type = WOLFSSL_SUCCESS; + key->pkey = evpPkey; + + printf(testingFmt, "wolfSSL_X509_PUBKEY_get()"); + AssertNotNull(retEvpPkey = wolfSSL_X509_PUBKEY_get(key)); + AssertIntEQ(retEvpPkey->type, WOLFSSL_SUCCESS); + + AssertNull(retEvpPkey = wolfSSL_X509_PUBKEY_get(NULL)); + + key->pkey = NULL; + AssertNull(retEvpPkey = wolfSSL_X509_PUBKEY_get(key)); + printf(resultFmt,retEvpPkey == NULL ? passed : failed); +} + +static void test_wolfSSL_d2i_DHparams() +{ +#if !defined(NO_DH) + FILE* f = NULL; + unsigned char buf[4096]; + const unsigned char* pt = buf; + const char* params1 = "./certs/dh2048.der"; + const char* params2 = "./certs/dh3072.der"; + long len = 0; + WOLFSSL_DH* dh = NULL; + XMEMSET(buf, 0, sizeof(buf)); + + /* Test 2048 bit parameters */ + printf(testingFmt, "wolfSSL_d2i_DHparams() 2048-bit"); + f = XFOPEN(params1, "rb"); + AssertTrue(f != XBADFILE); + len = (long)XFREAD(buf, 1, sizeof(buf), f); + XFCLOSE(f); + + /* Valid case */ + AssertNotNull(dh = wolfSSL_d2i_DHparams(NULL, &pt, len)); + AssertNotNull(dh->p); + AssertNotNull(dh->g); + AssertTrue(pt != buf); + AssertIntEQ(DH_generate_key(dh), WOLFSSL_SUCCESS); + + /* Invalid cases */ + AssertNull(wolfSSL_d2i_DHparams(NULL, NULL, len)); + AssertNull(wolfSSL_d2i_DHparams(NULL, &pt, -1)); + AssertNull(wolfSSL_d2i_DHparams(NULL, &pt, 10)); + + DH_free(dh); + printf(resultFmt, passed); + + *buf = 0; + pt = buf; + + /* Test 3072 bit parameters */ + printf(testingFmt, "wolfSSL_d2i_DHparams() 3072-bit"); + f = XFOPEN(params2, "rb"); + AssertTrue(f != XBADFILE); + len = (long)XFREAD(buf, 1, sizeof(buf), f); + XFCLOSE(f); + + /* Valid case */ + AssertNotNull(dh = wolfSSL_d2i_DHparams(NULL, &pt, len)); + AssertNotNull(dh->p); + AssertNotNull(dh->g); + AssertTrue(pt != buf); + AssertIntEQ(DH_generate_key(dh), 1); + + /* Invalid cases */ + AssertNull(wolfSSL_d2i_DHparams(NULL, NULL, len)); + AssertNull(wolfSSL_d2i_DHparams(NULL, &pt, -1)); + + DH_free(dh); + printf(resultFmt, passed); + +#endif +} + +static void test_wolfSSL_i2d_DHparams() +{ +#if !defined(NO_DH) + FILE* f; + unsigned char buf[4096]; + const unsigned char* pt = buf; + unsigned char* pt2 = buf; + const char* params1 = "./certs/dh2048.der"; + const char* params2 = "./certs/dh3072.der"; + long len; + WOLFSSL_DH* dh; + + /* Test 2048 bit parameters */ + printf(testingFmt, "wolfSSL_i2d_DHparams() 2048-bit"); + f = XFOPEN(params1, "rb"); + AssertTrue(f != XBADFILE); + len = (long)XFREAD(buf, 1, sizeof(buf), f); + XFCLOSE(f); + + /* Valid case */ + AssertNotNull(dh = wolfSSL_d2i_DHparams(NULL, &pt, len)); + AssertTrue(pt != buf); + AssertIntEQ(DH_generate_key(dh), 1); + AssertIntEQ(wolfSSL_i2d_DHparams(dh, &pt2), 268); + + /* Invalid cases */ + AssertIntEQ(wolfSSL_i2d_DHparams(NULL, &pt2), 0); + AssertIntEQ(wolfSSL_i2d_DHparams(dh, NULL), 264); + + DH_free(dh); + printf(resultFmt, passed); + + *buf = 0; + pt = buf; + pt2 = buf; + + /* Test 3072 bit parameters */ + printf(testingFmt, "wolfSSL_i2d_DHparams() 3072-bit"); + f = XFOPEN(params2, "rb"); + AssertTrue(f != XBADFILE); + len = (long)XFREAD(buf, 1, sizeof(buf), f); + XFCLOSE(f); + + /* Valid case */ + AssertNotNull(dh = wolfSSL_d2i_DHparams(NULL, &pt, len)); + AssertTrue(pt != buf); + AssertIntEQ(DH_generate_key(dh), 1); + AssertIntEQ(wolfSSL_i2d_DHparams(dh, &pt2), 396); + + /* Invalid cases */ + AssertIntEQ(wolfSSL_i2d_DHparams(NULL, &pt2), 0); + AssertIntEQ(wolfSSL_i2d_DHparams(dh, NULL), 392); + + DH_free(dh); + printf(resultFmt, passed); +#endif +} + +static void test_wolfSSL_EC_KEY_dup(void) +{ +#if defined(HAVE_ECC) && (defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL)) + + WOLFSSL_EC_KEY* ecKey; + WOLFSSL_EC_KEY* dupKey; +#if defined(WOLFSSL_PUBLIC_MP) + mp_int* srcKey; + mp_int* destKey; +#endif + + printf(testingFmt, "wolfSSL_EC_KEY_dup()"); + + AssertNotNull(ecKey = wolfSSL_EC_KEY_new()); + AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1); + + /* Valid cases */ + AssertNotNull(dupKey = wolfSSL_EC_KEY_dup(ecKey)); +#if defined(WOLFSSL_PUBLIC_MP) + srcKey = (mp_int*)ecKey->internal; + destKey = (mp_int*)dupKey->internal; + AssertIntEQ(mp_cmp(srcKey, destKey), MP_EQ); +#endif + + /* compare EC_GROUP */ + AssertIntEQ(wolfSSL_EC_GROUP_cmp(ecKey->group, dupKey->group, NULL), MP_EQ); + + /* compare EC_POINT */ + AssertIntEQ(wolfSSL_EC_POINT_cmp(ecKey->group, ecKey->pub_key, \ + dupKey->pub_key, NULL), MP_EQ); + + /* compare BIGNUM */ + AssertIntEQ(wolfSSL_BN_cmp(ecKey->priv_key, dupKey->priv_key), MP_EQ); + wolfSSL_EC_KEY_free(dupKey); + + /* Invalid cases */ + /* NULL key */ + AssertNull(dupKey = wolfSSL_EC_KEY_dup(NULL)); + /* NULL ecc_key */ + wc_ecc_free((ecc_key*)ecKey->internal); + XFREE(ecKey->internal, NULL, DYNAMIC_TYPE_ECC); + ecKey->internal = NULL; /* Set ecc_key to NULL */ + AssertNull(dupKey = wolfSSL_EC_KEY_dup(ecKey)); + wolfSSL_EC_KEY_free(ecKey); + wolfSSL_EC_KEY_free(dupKey); + + /* NULL Group */ + AssertNotNull(ecKey = wolfSSL_EC_KEY_new()); + AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1); + wolfSSL_EC_GROUP_free(ecKey->group); + ecKey->group = NULL; /* Set group to NULL */ + AssertNull(dupKey = wolfSSL_EC_KEY_dup(ecKey)); + wolfSSL_EC_KEY_free(ecKey); + wolfSSL_EC_KEY_free(dupKey); + + /* NULL public key */ + AssertNotNull(ecKey = wolfSSL_EC_KEY_new()); + AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1); + wc_ecc_del_point((ecc_point*)ecKey->pub_key->internal); + ecKey->pub_key->internal = NULL; /* Set ecc_point to NULL */ + AssertNull(dupKey = wolfSSL_EC_KEY_dup(ecKey)); + + wolfSSL_EC_POINT_free(ecKey->pub_key); + ecKey->pub_key = NULL; /* Set pub_key to NULL */ + AssertNull(dupKey = wolfSSL_EC_KEY_dup(ecKey)); + wolfSSL_EC_KEY_free(ecKey); + wolfSSL_EC_KEY_free(dupKey); + + /* NULL private key */ + AssertNotNull(ecKey = wolfSSL_EC_KEY_new()); + AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1); +#if defined(WOLFSSL_PUBLIC_MP) + mp_int* mp = (mp_int*)ecKey->priv_key->internal; + mp_forcezero(mp); + mp_free(mp); + ecKey->priv_key->internal = NULL; /* Set internal key to NULL */ + AssertNull(dupKey = wolfSSL_EC_KEY_dup(ecKey)); +#endif + wolfSSL_BN_free(ecKey->priv_key); + ecKey->priv_key = NULL; /* Set priv_key to NULL */ + AssertNull(dupKey = wolfSSL_EC_KEY_dup(ecKey)); + wolfSSL_EC_KEY_free(ecKey); + wolfSSL_EC_KEY_free(dupKey); + +#if defined(WOLFSSL_PUBLIC_MP) + mp_free(srcKey); + mp_free(destKey); +#endif + + printf(resultFmt, passed); +#endif +} + +static void test_wolfSSL_EVP_PKEY_set1_get1_DSA(void) +{ +#if !defined(NO_DSA) + DSA *dsa = NULL; + DSA *setDsa = NULL; + EVP_PKEY *pkey = NULL; + EVP_PKEY *set1Pkey = NULL; + + SHA_CTX sha; + byte signature[DSA_SIG_SIZE]; + byte hash[WC_SHA_DIGEST_SIZE]; + word32 bytes; + int answer; +#ifdef USE_CERT_BUFFERS_1024 + const unsigned char* dsaKeyDer = dsa_key_der1024; + int dsaKeySz = sizeof_dsa_key_der_1024; + byte tmp[ONEK_BUF]; + XMEMSET(tmp, 0, sizeof(tmp)); + XMEMCPY(tmp, dsaKeyDer , dsaKeySz); + bytes = dsa_key_der_sz; +#elif defined(USE_CERT_BUFFERS_2048) + const unsigned char* dsaKeyDer = dsa_key_der_2048; + int dsaKeySz = sizeof_dsa_key_der_2048; + byte tmp[TWOK_BUF]; + XMEMSET(tmp, 0, sizeof(tmp)); + XMEMCPY(tmp, dsaKeyDer , dsaKeySz); + bytes = dsaKeySz; +#else + const unsigned char* dsaKeyDer = dsa_key_der_2048; + int dsaKeySz = sizeof_dsa_key_der_2048; + byte tmp[TWOK_BUF]; + XMEMSET(tmp, 0, sizeof(tmp)); + XMEMCPY(tmp, dsaKeyDer , dsaKeySz); + XFILE fp = XOPEN("./certs/dsa2048.der", "rb"); + if (fp == XBADFILE) { + return WOLFSSL_BAD_FILE; + } + bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp); + XFCLOSE(fp); +#endif /* END USE_CERT_BUFFERS_1024 */ + + printf(testingFmt, + "wolfSSL_EVP_PKEY_set1_DSA and wolfSSL_EVP_PKEY_get1_DSA"); + + /* Create hash to later Sign and Verify */ + AssertIntEQ(SHA1_Init(&sha), WOLFSSL_SUCCESS); + AssertIntEQ(SHA1_Update(&sha, tmp, bytes), WOLFSSL_SUCCESS); + AssertIntEQ(SHA1_Final(hash,&sha), WOLFSSL_SUCCESS); + + /* Initialize pkey with der format dsa key */ + AssertNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_DSA, &pkey, + &dsaKeyDer ,(long)dsaKeySz)); + + /* Test wolfSSL_EVP_PKEY_get1_DSA */ + /* Should Fail: NULL argument */ + AssertNull(dsa = wolfSSL_EVP_PKEY_get1_DSA(NULL)); + /* Should Pass: Initialized pkey argument */ + AssertNotNull(dsa = wolfSSL_EVP_PKEY_get1_DSA(pkey)); + + /* Sign */ + AssertIntEQ(wolfSSL_DSA_do_sign(hash, signature, dsa), WOLFSSL_SUCCESS); + /* Verify. */ + AssertIntEQ(wolfSSL_DSA_do_verify(hash, signature, dsa, &answer), + WOLFSSL_SUCCESS); + + /* Test wolfSSL_EVP_PKEY_set1_DSA */ + /* Should Fail: set1Pkey not initialized */ + AssertIntNE(wolfSSL_EVP_PKEY_set1_DSA(set1Pkey, dsa), WOLFSSL_SUCCESS); + + /* Initialize set1Pkey */ + set1Pkey = wolfSSL_PKEY_new(); + + /* Should Fail Verify: setDsa not initialized from set1Pkey */ + AssertIntNE(wolfSSL_DSA_do_verify(hash,signature,setDsa,&answer), + WOLFSSL_SUCCESS); + + /* Should Pass: set dsa into set1Pkey */ + AssertIntEQ(wolfSSL_EVP_PKEY_set1_DSA(set1Pkey, dsa), WOLFSSL_SUCCESS); + printf(resultFmt, passed); + + DSA_free(dsa); + DSA_free(setDsa); + EVP_PKEY_free(pkey); + EVP_PKEY_free(set1Pkey); +#endif /* NO_DSA */ +} /* END test_EVP_PKEY_set1_get1_DSA */ + +static void test_wolfSSL_EVP_PKEY_set1_get1_EC_KEY (void) +{ +#ifdef HAVE_ECC + WOLFSSL_EC_KEY *ecKey = NULL; + WOLFSSL_EC_KEY *ecGet1 = NULL; + EVP_PKEY *pkey = NULL; + + printf(testingFmt, + "wolfSSL_EVP_PKEY_set1_EC_KEY and wolfSSL_EVP_PKEY_get1_EC_KEY"); + AssertNotNull(ecKey = wolfSSL_EC_KEY_new()); + AssertNotNull(pkey = wolfSSL_PKEY_new()); + + /* Test wolfSSL_EVP_PKEY_set1_EC_KEY */ + AssertIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(NULL, ecKey), WOLFSSL_FAILURE); + AssertIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(pkey, NULL), WOLFSSL_FAILURE); + AssertIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(pkey, ecKey), WOLFSSL_SUCCESS); + + /* Test wolfSSL_EVP_PKEY_get1_EC_KEY */ + AssertNull(wolfSSL_EVP_PKEY_get1_EC_KEY(NULL)); + AssertNotNull(ecGet1 = wolfSSL_EVP_PKEY_get1_EC_KEY(pkey)); + + wolfSSL_EC_KEY_free(ecKey); + wolfSSL_EC_KEY_free(ecGet1); + EVP_PKEY_free(pkey); + + /* PASSED */ + printf(resultFmt, passed); +#endif /* HAVE_ECC */ +} /* END test_EVP_PKEY_set1_get1_EC_KEY */ + +static void test_wolfSSL_EVP_PKEY_set1_get1_DH (void) +{ +#if !defined(NO_DH) + DH *dh = NULL; + DH *setDh = NULL; + EVP_PKEY *pkey = NULL; + + FILE* f = NULL; + unsigned char buf[4096]; + const unsigned char* pt = buf; + const char* dh2048 = "./certs/dh2048.der"; + long len = 0; + int code = -1; + + printf(testingFmt,"wolfSSL_EVP_PKEY_set1_DH and wolfSSL_EVP_PKEY_get1_DH"); + + XMEMSET(buf, 0, sizeof(buf)); + + f = XFOPEN(dh2048, "rb"); + AssertTrue(f != XBADFILE); + len = (long)XFREAD(buf, 1, sizeof(buf), f); + XFCLOSE(f); + + /* Load dh2048.der into DH with internal format */ + AssertNotNull(setDh = wolfSSL_d2i_DHparams(NULL, &pt, len)); + + AssertIntEQ(wolfSSL_DH_check(setDh, &code), WOLFSSL_SUCCESS); + AssertIntEQ(code, 0); + code = -1; + + pkey = wolfSSL_PKEY_new(); + + /* Set DH into PKEY */ + AssertIntEQ(wolfSSL_EVP_PKEY_set1_DH(pkey, setDh), WOLFSSL_SUCCESS); + + /* Get DH from PKEY */ + AssertNotNull(dh = wolfSSL_EVP_PKEY_get1_DH(pkey)); + + AssertIntEQ(wolfSSL_DH_check(dh, &code), WOLFSSL_SUCCESS); + AssertIntEQ(code, 0); + + EVP_PKEY_free(pkey); + DH_free(setDh); + DH_free(dh); + printf(resultFmt, passed); +#endif /* NO_DH */ +} /* END test_EVP_PKEY_set1_get1_DH */ + +static void test_wolfSSL_CTX_ctrl(void) +{ +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) + char caFile[] = "./certs/client-ca.pem"; + char clientFile[] = "./certs/client-cert.pem"; + SSL_CTX* ctx; + X509* x509 = NULL; +#if !defined(NO_DH) && !defined(NO_DSA) + byte buf[5300]; + char file[] = "./certs/dsaparams.pem"; + XFILE f; + int bytes; + BIO* bio; + DSA* dsa; + DH* dh; +#endif +#ifdef HAVE_ECC + WOLFSSL_EC_KEY* ecKey; +#endif + printf(testingFmt, "wolfSSL_CTX_ctrl"); + + AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); + + x509 = wolfSSL_X509_load_certificate_file(caFile, WOLFSSL_FILETYPE_PEM); + AssertNotNull(x509); + AssertIntEQ((int)SSL_CTX_add_extra_chain_cert(ctx, x509), WOLFSSL_SUCCESS); + + x509 = wolfSSL_X509_load_certificate_file(clientFile, WOLFSSL_FILETYPE_PEM); + AssertNotNull(x509); + +#if !defined(NO_DH) && !defined(NO_DSA) + /* Initialize DH */ + f = XFOPEN(file, "rb"); + AssertTrue((f != XBADFILE)); + bytes = (int)XFREAD(buf, 1, sizeof(buf), f); + XFCLOSE(f); + + bio = BIO_new_mem_buf((void*)buf, bytes); + AssertNotNull(bio); + + dsa = wolfSSL_PEM_read_bio_DSAparams(bio, NULL, NULL, NULL); + AssertNotNull(dsa); + + dh = wolfSSL_DSA_dup_DH(dsa); + AssertNotNull(dh); +#endif +#ifdef HAVE_ECC + /* Initialize WOLFSSL_EC_KEY */ + AssertNotNull(ecKey = wolfSSL_EC_KEY_new()); + AssertIntEQ(wolfSSL_EC_KEY_generate_key(ecKey),1); +#endif + +#if !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA) + /* additional test of getting EVP_PKEY key size from X509 + * Do not run with user RSA because wolfSSL_RSA_size is not currently + * allowed with user RSA */ + { + EVP_PKEY* pkey; +#if defined(HAVE_ECC) + X509* ecX509; +#endif /* HAVE_ECC */ + + AssertNotNull(pkey = X509_get_pubkey(x509)); + /* current RSA key is 2048 bit (256 bytes) */ + AssertIntEQ(EVP_PKEY_size(pkey), 256); + + EVP_PKEY_free(pkey); + +#if defined(HAVE_ECC) +#if defined(USE_CERT_BUFFERS_256) + AssertNotNull(ecX509 = wolfSSL_X509_load_certificate_buffer( + cliecc_cert_der_256, sizeof_cliecc_cert_der_256, + SSL_FILETYPE_ASN1)); +#else + AssertNotNull(ecX509 = wolfSSL_X509_load_certificate_file( + cliEccCertFile, SSL_FILETYPE_PEM)); +#endif + AssertNotNull(pkey = X509_get_pubkey(ecX509)); + /* current ECC key is 256 bit (32 bytes) */ + AssertIntEQ(EVP_PKEY_size(pkey), 32); + + X509_free(ecX509); + EVP_PKEY_free(pkey); +#endif /* HAVE_ECC */ + } +#endif /* !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA) */ + + /* Tests should fail with passed in NULL pointer */ + AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,NULL), + SSL_FAILURE); +#if !defined(NO_DH) && !defined(NO_DSA) + AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,NULL), + SSL_FAILURE); +#endif +#ifdef HAVE_ECC + AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,NULL), + SSL_FAILURE); +#endif + + /* Test with SSL_CTRL_EXTRA_CHAIN_CERT + * wolfSSL_CTX_ctrl should succesffuly call SSL_CTX_add_extra_chain_cert + */ + AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,x509), + SSL_SUCCESS); + + /* Test with SSL_CTRL_OPTIONS + * wolfSSL_CTX_ctrl should succesffuly call SSL_CTX_set_options + */ + AssertTrue(wolfSSL_CTX_ctrl(ctx,SSL_CTRL_OPTIONS,SSL_OP_NO_TLSv1,NULL) + == SSL_OP_NO_TLSv1); + AssertTrue(SSL_CTX_get_options(ctx) == SSL_OP_NO_TLSv1); + + /* Test with SSL_CTRL_SET_TMP_DH + * wolfSSL_CTX_ctrl should succesffuly call wolfSSL_SSL_CTX_set_tmp_dh + */ +#if !defined(NO_DH) && !defined(NO_DSA) + AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,dh), + SSL_SUCCESS); +#endif + + /* Test with SSL_CTRL_SET_TMP_ECDH + * wolfSSL_CTX_ctrl should succesffuly call wolfSSL_SSL_CTX_set_tmp_ecdh + */ +#ifdef HAVE_ECC + AssertIntEQ((int)wolfSSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,ecKey), + SSL_SUCCESS); +#endif + +#ifdef WOLFSSL_ENCRYPTED_KEYS + AssertNull(SSL_CTX_get_default_passwd_cb(ctx)); + AssertNull(SSL_CTX_get_default_passwd_cb_userdata(ctx)); +#endif + + /* Cleanup and Pass */ +#if !defined(NO_DH) && !defined(NO_DSA) + BIO_free(bio); + DSA_free(dsa); + DH_free(dh); +#endif +#ifdef HAVE_ECC + wolfSSL_EC_KEY_free(ecKey); +#endif + SSL_CTX_free(ctx); + printf(resultFmt, passed); +#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) */ +} + +static void test_wolfSSL_DH_check(void) +{ +#if !defined(NO_DH) && !defined(NO_DSA) + byte buf[5300]; + char file[] = "./certs/dsaparams.pem"; + XFILE f; + int bytes; + BIO* bio; + DSA* dsa; + DH* dh = NULL; + WOLFSSL_BIGNUM* pTmp = NULL; + WOLFSSL_BIGNUM* gTmp = NULL; + int codes = -1; + + printf(testingFmt, "wolfSSL_DH_check"); + + /* Initialize DH */ + f = XFOPEN(file, "rb"); + AssertTrue((f != XBADFILE)); + bytes = (int)XFREAD(buf, 1, sizeof(buf), f); + XFCLOSE(f); + + bio = BIO_new_mem_buf((void*)buf, bytes); + AssertNotNull(bio); + + dsa = wolfSSL_PEM_read_bio_DSAparams(bio, NULL, NULL, NULL); + AssertNotNull(dsa); + + dh = wolfSSL_DSA_dup_DH(dsa); + AssertNotNull(dh); + + /* Test assumed to be valid dh. + * Should return WOLFSSL_SUCCESS + * codes should be 0 + * Invalid codes = {DH_NOT_SUITABLE_GENERATOR, DH_CHECK_P_NOT_PRIME} + */ + AssertIntEQ(wolfSSL_DH_check(dh, &codes), WOLFSSL_SUCCESS); + AssertIntEQ(codes, 0); + + /* Test NULL dh: expected BAD_FUNC_ARG */ + AssertIntEQ(wolfSSL_DH_check(NULL, &codes), WOLFSSL_FAILURE); + + /* Break dh prime to test if codes = DH_CHECK_P_NOT_PRIME */ + pTmp = dh->p; + dh->p = NULL; + AssertIntEQ(wolfSSL_DH_check(dh, &codes), WOLFSSL_FAILURE); + AssertIntEQ(codes, DH_CHECK_P_NOT_PRIME); + /* set dh->p back to normal so it wont fail on next tests */ + dh->p = pTmp; + pTmp = NULL; + + /* Break dh generator to test if codes = DH_NOT_SUITABLE_GENERATOR */ + gTmp = dh->g; + dh->g = NULL; + AssertIntEQ(wolfSSL_DH_check(dh, &codes), WOLFSSL_FAILURE); + AssertIntEQ(codes, DH_NOT_SUITABLE_GENERATOR); + dh->g = gTmp; + gTmp = NULL; + + /* Cleanup and Pass Test */ + BIO_free(bio); + DSA_free(dsa); + DH_free(dh); + printf(resultFmt, passed); +#endif /* !NO_DH && !NO_DSA */ +} + +static void test_wolfSSL_EVP_PKEY_assign(void) +{ +#if defined(OPENSSL_ALL) + int type; + WOLFSSL_EVP_PKEY* pkey; +#ifndef NO_RSA + WOLFSSL_RSA* rsa; +#endif +#ifndef NO_DSA + WOLFSSL_DSA* dsa; +#endif +#ifdef HAVE_ECC + WOLFSSL_EC_KEY* ecKey; +#endif + + printf(testingFmt, "wolfSSL_EVP_PKEY_assign"); +#ifndef NO_RSA + type = EVP_PKEY_RSA; + AssertNotNull(pkey = wolfSSL_PKEY_new()); + AssertNotNull(rsa = wolfSSL_RSA_new()); + AssertIntEQ(wolfSSL_EVP_PKEY_assign(NULL,type,rsa), WOLFSSL_FAILURE); + AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,NULL), WOLFSSL_FAILURE); + AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,-1,rsa), WOLFSSL_FAILURE); + AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,rsa), WOLFSSL_SUCCESS); + wolfSSL_EVP_PKEY_free(pkey); +#endif /* NO_RSA */ + +#ifndef NO_DSA + type = EVP_PKEY_DSA; + AssertNotNull(pkey = wolfSSL_PKEY_new()); + AssertNotNull(dsa = wolfSSL_DSA_new()); + AssertIntEQ(wolfSSL_EVP_PKEY_assign(NULL,type,dsa), WOLFSSL_FAILURE); + AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,NULL), WOLFSSL_FAILURE); + AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,-1,dsa), WOLFSSL_FAILURE); + AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,dsa), WOLFSSL_SUCCESS); + wolfSSL_EVP_PKEY_free(pkey); +#endif /* NO_DSA */ + +#ifdef HAVE_ECC + type = EVP_PKEY_EC; + AssertNotNull(pkey = wolfSSL_PKEY_new()); + AssertNotNull(ecKey = wolfSSL_EC_KEY_new()); + AssertIntEQ(wolfSSL_EVP_PKEY_assign(NULL,type,ecKey), WOLFSSL_FAILURE); + AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,NULL), WOLFSSL_FAILURE); + AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,-1,ecKey), WOLFSSL_FAILURE); + AssertIntEQ(wolfSSL_EVP_PKEY_assign(pkey,type,ecKey), WOLFSSL_SUCCESS); + wolfSSL_EVP_PKEY_free(pkey); +#endif /* HAVE_ECC */ + printf(resultFmt, passed); +#endif /* OPENSSL_ALL */ +} + +static void test_wolfSSL_OBJ_ln(void) +{ + int i = 0, maxIdx = 7; + const int nid_set[] = {NID_commonName,NID_countryName,NID_localityName, + NID_stateOrProvinceName,NID_organizationName, + NID_organizationalUnitName,NID_emailAddress}; + const char* ln_set[] = {WOLFSSL_LN_COMMON_NAME,WOLFSSL_LN_COUNTRY_NAME, + WOLFSSL_LN_LOCALITY_NAME,WOLFSSL_LN_STATE_NAME, + WOLFSSL_LN_ORG_NAME,WOLFSSL_LN_ORGUNIT_NAME, + WOLFSSL_EMAIL_ADDR}; + + printf(testingFmt, "wolfSSL_OBJ_ln"); + + AssertIntEQ(OBJ_ln2nid(NULL), BAD_FUNC_ARG); + +#ifdef HAVE_ECC + { + int nCurves = 27; + EC_builtin_curve r[nCurves]; + EC_get_builtin_curves(r,nCurves); + + for (i = 0; i < nCurves; i++) { + AssertIntEQ(OBJ_ln2nid(r[i].comment), r[i].nid); + AssertStrEQ(OBJ_nid2ln(r[i].nid), r[i].comment); + } + } +#endif + + for (i = 0; i < maxIdx; i++) { + AssertIntEQ(OBJ_ln2nid(ln_set[i]), nid_set[i]); + AssertStrEQ(OBJ_nid2ln(nid_set[i]), ln_set[i]); + } + + printf(resultFmt, passed); +} + +static void test_wolfSSL_OBJ_sn(void) +{ + int i = 0, maxIdx = 7; + const int nid_set[] = {NID_commonName,NID_countryName,NID_localityName, + NID_stateOrProvinceName,NID_organizationName, + NID_organizationalUnitName,NID_emailAddress}; + const char* sn_open_set[] = {"CN","C","L","ST","O","OU","emailAddress"}; + const char* sn_wolf_set[] = {WOLFSSL_COMMON_NAME,WOLFSSL_COUNTRY_NAME, + WOLFSSL_LOCALITY_NAME, WOLFSSL_STATE_NAME, + WOLFSSL_ORG_NAME, WOLFSSL_ORGUNIT_NAME, + WOLFSSL_EMAIL_ADDR}; + + printf(testingFmt, "wolfSSL_OBJ_sn"); + + AssertIntEQ(wolfSSL_OBJ_sn2nid(NULL), NID_undef); + + #ifdef HAVE_ECC + { + int nCurves = 27; + EC_builtin_curve r[nCurves]; + EC_get_builtin_curves(r,nCurves); + + for (i = 0; i < nCurves; i++) { + AssertIntEQ(wolfSSL_OBJ_sn2nid(r[i].comment), r[i].nid); + AssertStrEQ(wolfSSL_OBJ_nid2sn(r[i].nid), r[i].comment); + } + } + #endif + for (i = 0; i < maxIdx; i++) { + AssertIntEQ(wolfSSL_OBJ_sn2nid(sn_wolf_set[i]), nid_set[i]); + AssertStrEQ(wolfSSL_OBJ_nid2sn(nid_set[i]), sn_open_set[i]); + } + + printf(resultFmt, passed); +} +#endif /* WOLFSSL_QT */ + + static void test_wolfSSL_X509V3_EXT_get(void) { #if !defined(NO_FILESYSTEM) && defined (OPENSSL_ALL) FILE* f; @@ -28034,7 +29203,7 @@ static int test_ForceZero(void) static void test_wolfSSL_X509_print() { #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \ - !defined(NO_RSA) && !defined(HAVE_FAST_RSA) + !defined(NO_RSA) && !defined(HAVE_FAST_RSA) && defined(XSNPRINTF) X509 *x509; BIO *bio; @@ -28046,7 +29215,11 @@ static void test_wolfSSL_X509_print() AssertNotNull(bio = BIO_new(BIO_s_mem())); AssertIntEQ(X509_print(bio, x509), SSL_SUCCESS); - AssertIntEQ(BIO_get_mem_data(bio, NULL), 3212); +#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) + AssertIntEQ(BIO_get_mem_data(bio, NULL), 3113); +#else + AssertIntEQ(BIO_get_mem_data(bio, NULL), 3103); +#endif BIO_free(bio); /* print to stdout */ @@ -28777,6 +29950,9 @@ void ApiTest(void) test_wolfSSL_ASN1_GENERALIZEDTIME_free(); test_wolfSSL_private_keys(); test_wolfSSL_PEM_PrivateKey(); + test_wolfSSL_PEM_bio_RSAKey(); + test_wolfSSL_PEM_bio_DSAKey(); + test_wolfSSL_PEM_bio_ECKey(); test_wolfSSL_PEM_RSAPrivateKey(); test_wolfSSL_PEM_PUBKEY(); test_wolfSSL_tmp_dh(); @@ -28888,6 +30064,28 @@ void ApiTest(void) test_wolfSSL_i2d_PrivateKey(); test_wolfSSL_OCSP_get0_info(); +#if defined(WOLFSSL_QT) + printf("\n----------------Qt Unit Tests-------------------\n"); + test_wolfSSL_X509_PUBKEY_get(); + test_wolfSSL_sk_CIPHER_description(); + test_wolfSSL_get_ciphers_compat(); + test_wolfSSL_d2i_DHparams(); + test_wolfSSL_i2d_DHparams(); + test_wolfSSL_ASN1_STRING_to_UTF8(); + test_wolfSSL_EC_KEY_dup(); + test_wolfSSL_EVP_PKEY_set1_get1_DSA(); + test_wolfSSL_EVP_PKEY_set1_get1_EC_KEY(); + test_wolfSSL_EVP_PKEY_set1_get1_DH(); + test_wolfSSL_CTX_ctrl(); + test_wolfSSL_DH_check(); + test_wolfSSL_EVP_PKEY_assign(); + test_wolfSSL_OBJ_ln(); + test_wolfSSL_OBJ_sn(); + + printf("\n-------------End Of Qt Unit Tests---------------\n"); + +#endif /* WOLFSSL_QT */ + #if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)) && !defined(NO_RSA) AssertIntEQ(test_wolfSSL_CTX_use_certificate_ASN1(), WOLFSSL_SUCCESS); test_wolfSSL_d2i_PrivateKeys_bio(); @@ -29085,6 +30283,7 @@ void ApiTest(void) AssertIntEQ(test_wc_DsaPublicPrivateKeyDecode(), 0); AssertIntEQ(test_wc_MakeDsaKey(), 0); AssertIntEQ(test_wc_DsaKeyToDer(), 0); + AssertIntEQ(test_wc_DsaKeyToPublicDer(), 0); AssertIntEQ(test_wc_DsaImportParamsRaw(), 0); AssertIntEQ(test_wc_DsaImportParamsRawCheck(), 0); AssertIntEQ(test_wc_DsaExportParamsRaw(), 0); diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index d9e5956d5..f2b6ac490 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -116,6 +116,10 @@ extern int wc_InitRsaHw(RsaKey* key); #include #endif +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + #include +#endif + #ifdef _MSC_VER /* 4996 warning to use MS extensions e.g., strcpy_s instead of XSTRNCPY */ #pragma warning(disable: 4996) @@ -496,25 +500,25 @@ static char sigSha1wDsaName[] = "SHAwDSA"; #endif /* NO_DSA */ #ifndef NO_RSA #ifdef WOLFSSL_MD2 - static char sigMd2wRsaName[] = "MD2wRSA"; + static char sigMd2wRsaName[] = "md2WithRSAEncryption"; #endif #ifndef NO_MD5 - static char sigMd5wRsaName[] = "MD5wRSA"; + static char sigMd5wRsaName[] = "md5WithRSAEncryption"; #endif #ifndef NO_SHA - static char sigSha1wRsaName[] = "SHAwRSA"; + static char sigSha1wRsaName[] = "sha1WithRSAEncryption"; #endif #ifdef WOLFSSL_SHA224 - static char sigSha224wRsaName[] = "SHA224wRSA"; + static char sigSha224wRsaName[] = "sha224WithRSAEncryption"; #endif #ifndef NO_SHA256 - static char sigSha256wRsaName[] = "SHA256wRSA"; + static char sigSha256wRsaName[] = "sha256WithRSAEncryption"; #endif #ifdef WOLFSSL_SHA384 - static char sigSha384wRsaName[] = "SHA384wRSA"; + static char sigSha384wRsaName[] = "sha384WithRSAEncryption"; #endif #ifdef WOLFSSL_SHA512 - static char sigSha512wRsaName[] = "SHA512wRSA"; + static char sigSha512wRsaName[] = "sha512WithRSAEncryption"; #endif #endif /* NO_RSA */ #ifdef HAVE_ECC @@ -871,7 +875,7 @@ int GetInt(mp_int* mpi, const byte* input, word32* inOutIdx, word32 maxIdx) } #if (!defined(WOLFSSL_KEY_GEN) && !defined(OPENSSL_EXTRA) && defined(RSA_LOW_MEM)) \ - || defined(WOLFSSL_RSA_PUBLIC_ONLY) + || defined(WOLFSSL_RSA_PUBLIC_ONLY) || (!defined(NO_DSA) && defined(WOLFSSL_QT)) #if !defined(NO_RSA) && !defined(HAVE_USER_RSA) static int SkipInt(const byte* input, word32* inOutIdx, word32 maxIdx) { @@ -956,7 +960,11 @@ static int CheckBitString(const byte* input, word32* inOutIdx, int* len, * output Buffer to write into. * returns the number of bytes added to the buffer. */ +#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) +WOLFSSL_LOCAL word32 SetBitString(word32 len, byte unusedBits, byte* output) +#else static word32 SetBitString(word32 len, byte unusedBits, byte* output) +#endif { word32 idx = 0; @@ -1493,6 +1501,9 @@ static word32 SetBitString16Bit(word16 val, byte* output) #ifdef HAVE_ED25519 static const byte keyEd25519Oid[] = {43, 101, 112}; #endif /* HAVE_ED25519 */ +#if !defined(NO_DH) && (defined(WOLFSSL_QT) || defined(OPENSSL_ALL)) + static const byte keyDhOid[] = {42, 134, 72, 134, 247, 13, 1, 3, 1}; +#endif /* ! NO_DH ... */ /* curveType */ #ifdef HAVE_ECC @@ -1826,6 +1837,12 @@ const byte* OidFromId(word32 id, word32 type, word32* oidSz) *oidSz = sizeof(keyEd25519Oid); break; #endif /* HAVE_ED25519 */ + #if !defined(NO_DH) && (defined(WOLFSSL_QT) || defined(OPENSSL_ALL)) + case DHk: + oid = keyDhOid; + *oidSz = sizeof(keyDhOid); + break; + #endif /* ! NO_DH && (WOLFSSL_QT || OPENSSL_ALL */ default: break; } @@ -2603,8 +2620,12 @@ int ToTraditionalInline_ex(const byte* input, word32* inOutIdx, word32 sz, } ret = GetOctetString(input, &idx, &length, sz); - if (ret < 0) - return ret; + if (ret < 0) { + if (ret == BUFFER_E) + return ASN_PARSE_E; + /* Some private keys don't expect an octet string */ + WOLFSSL_MSG("Couldn't find Octet string"); + } *inOutIdx = idx; @@ -3008,6 +3029,11 @@ static int CheckAlgo(int first, int second, int* id, int* version, int* blockSz) *version = PKCS12v1; if (blockSz) *blockSz = DES_BLOCK_SIZE; return 0; + case PBE_SHA1_DES: + *id = PBE_SHA1_DES; + *version = PKCS12v1; + if (blockSz) *blockSz = DES_BLOCK_SIZE; + return 0; #endif #endif /* !NO_SHA */ default: @@ -3066,8 +3092,15 @@ static int CheckAlgoV2(int oid, int* id, int* blockSz) *id = PBE_AES256_CBC; if (blockSz) *blockSz = AES_BLOCK_SIZE; return 0; +#endif +#ifdef WOLFSSL_AES_128 + case AES128CBCb: + *id = PBE_AES128_CBC; + if (blockSz) *blockSz = AES_BLOCK_SIZE; + return 0; #endif default: + WOLFSSL_MSG("No PKCS v2 algo found"); return ALGO_ID_E; } @@ -3366,7 +3399,7 @@ int UnTraditionalEnc(byte* key, word32 keySz, byte* out, word32* outSz, /* encrypt PKCS#8 wrapped key */ if ((ret = wc_CryptKey(password, passwordSz, salt, saltSz, itt, id, - tmp, tmpSz, version, cbcIv, 1)) < 0) { + tmp, tmpSz, version, cbcIv, 1, 0)) < 0) { XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER); WOLFSSL_MSG("Error encrypting key"); #ifdef WOLFSSL_SMALL_STACK @@ -3562,7 +3595,7 @@ int TraditionalEnc(byte* key, word32 keySz, byte* out, word32* outSz, pkcs8KeySz += padSz; } ret = wc_CryptKey(password, passwordSz, salt, saltSz, itt, id, - out + encIdx, pkcs8KeySz, version, cbcIv, 1); + out + encIdx, pkcs8KeySz, version, cbcIv, 1, 0); } if (ret == 0) { if (version != PKCS5v2) { @@ -3636,7 +3669,7 @@ int TraditionalEnc(byte* key, word32 keySz, byte* out, word32* outSz, int ToTraditionalEnc(byte* input, word32 sz,const char* password, int passwordSz, word32* algId) { - word32 inOutIdx = 0, seqEnd, oid; + word32 inOutIdx = 0, seqEnd, oid, shaOid = 0; int ret = 0, first, second, length = 0, version, saltSz, id; int iterations = 0, keySz = 0; #ifdef WOLFSSL_SMALL_STACK @@ -3730,6 +3763,8 @@ int ToTraditionalEnc(byte* input, word32 sz,const char* password, if (GetAlgoId(input, &inOutIdx, &oid, oidHmacType, sz) < 0) { ERROR_OUT(ASN_PARSE_E, exit_tte); } + + shaOid = oid; } #ifdef WOLFSSL_SMALL_STACK @@ -3749,6 +3784,9 @@ int ToTraditionalEnc(byte* input, word32 sz,const char* password, ERROR_OUT(ASN_PARSE_E, exit_tte); /* PKCS v2 algo id error */ } + if (shaOid == 0) + shaOid = oid; + ret = GetOctetString(input, &inOutIdx, &length, sz); if (ret < 0) goto exit_tte; @@ -3766,7 +3804,7 @@ int ToTraditionalEnc(byte* input, word32 sz,const char* password, goto exit_tte; ret = wc_CryptKey(password, passwordSz, salt, saltSz, iterations, id, - input + inOutIdx, length, version, cbcIv, 0); + input + inOutIdx, length, version, cbcIv, 0, shaOid); exit_tte: #ifdef WOLFSSL_SMALL_STACK @@ -3973,7 +4011,7 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz, /* encrypt */ if ((ret = wc_CryptKey(password, passwordSz, salt, saltSz, itt, id, - out + inOutIdx, sz, version, cbcIv, 1)) < 0) { + out + inOutIdx, sz, version, cbcIv, 1, 0)) < 0) { #ifdef WOLFSSL_SMALL_STACK XFREE(cbcIv, heap, DYNAMIC_TYPE_TMP_BUFFER); @@ -4136,7 +4174,7 @@ int DecryptContent(byte* input, word32 sz,const char* password, int passwordSz) } ret = wc_CryptKey(password, passwordSz, salt, saltSz, iterations, id, - input + inOutIdx, length, version, cbcIv, 0); + input + inOutIdx, length, version, cbcIv, 0, 0); exit_dc: @@ -4389,17 +4427,79 @@ int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz, const byte* e, int wc_DhKeyDecode(const byte* input, word32* inOutIdx, DhKey* key, word32 inSz) { - int length; + int ret = 0; + int length; + #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) + word32 oid = 0, temp = 0; + #endif + + WOLFSSL_ENTER("wc_DhKeyDecode"); + + if (inOutIdx == NULL) + return BAD_FUNC_ARG; if (GetSequence(input, inOutIdx, &length, inSz) < 0) return ASN_PARSE_E; + #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) + temp = *inOutIdx; + #endif + + /* Assume input started after 1.2.840.113549.1.3.1 dhKeyAgreement */ if (GetInt(&key->p, input, inOutIdx, inSz) < 0 || GetInt(&key->g, input, inOutIdx, inSz) < 0) { - return ASN_DH_KEY_E; + ret = ASN_DH_KEY_E; } - return 0; + #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) + /* If ASN_DH_KEY_E: Check if input started at beginning of key */ + if (ret == ASN_DH_KEY_E) { + /* rewind back to after the first sequence */ + *inOutIdx = temp; + if (GetSequence(input, inOutIdx, &length, inSz) < 0) + return ASN_PARSE_E; + + /* Check for dhKeyAgreement */ + ret = GetObjectId(input, inOutIdx, &oid, oidKeyType, inSz); + if (oid != DHk || ret < 0) + return ASN_DH_KEY_E; + + if (GetSequence(input, inOutIdx, &length, inSz) < 0) + return ASN_PARSE_E; + + if (GetInt(&key->p, input, inOutIdx, inSz) < 0 || + GetInt(&key->g, input, inOutIdx, inSz) < 0) { + return ASN_DH_KEY_E; + } + } + + temp = *inOutIdx; + ret = (CheckBitString(input, inOutIdx, &length, inSz, 0, NULL) == 0); + + if (ret) { + /* Found Bit String */ + if (GetInt(&key->pub, input, inOutIdx, inSz) == 0) { + WOLFSSL_MSG("Found Public Key"); + } + } else { + *inOutIdx = temp; + ret = (GetOctetString(input, inOutIdx, &length, inSz) >= 0); + if (ret) { + /* Found Octet String */ + if (GetInt(&key->priv, input, inOutIdx, inSz) == 0) { + WOLFSSL_MSG("Found Private Key"); + } + } else { + /* Don't use length from failed CheckBitString/GetOctetString */ + *inOutIdx = temp; + } + } + ret = 0; + #endif /* WOLFSSL_QT || OPENSSL_ALL */ + + WOLFSSL_MSG("wc_DhKeyDecode Success"); + + return ret; } @@ -4449,10 +4549,11 @@ int DsaPublicKeyDecode(const byte* input, word32* inOutIdx, DsaKey* key, word32 inSz) { int length; + int ret = 0; + word32 oid; - if (input == NULL || inOutIdx == NULL || key == NULL) { + if (input == NULL || inOutIdx == NULL || key == NULL) return BAD_FUNC_ARG; - } if (GetSequence(input, inOutIdx, &length, inSz) < 0) return ASN_PARSE_E; @@ -4461,17 +4562,42 @@ int DsaPublicKeyDecode(const byte* input, word32* inOutIdx, DsaKey* key, GetInt(&key->q, input, inOutIdx, inSz) < 0 || GetInt(&key->g, input, inOutIdx, inSz) < 0 || GetInt(&key->y, input, inOutIdx, inSz) < 0 ) - return ASN_DH_KEY_E; + ret = ASN_DH_KEY_E; + + if (ret != 0) { + if (GetSequence(input, inOutIdx, &length, inSz) < 0) + return ASN_PARSE_E; + + ret = GetObjectId(input, inOutIdx, &oid, oidIgnoreType, inSz); + if (ret != 0) + return ret; + + if (GetSequence(input, inOutIdx, &length, inSz) < 0) + return ASN_PARSE_E; + + if (GetInt(&key->p, input, inOutIdx, inSz) < 0 || + GetInt(&key->q, input, inOutIdx, inSz) < 0 || + GetInt(&key->g, input, inOutIdx, inSz) < 0) + return ASN_DH_KEY_E; + + if (CheckBitString(input, inOutIdx, &length, inSz, 0, NULL) < 0) + return ASN_PARSE_E; + + if (GetInt(&key->y, input, inOutIdx, inSz) < 0 ) + return ASN_DH_KEY_E; + + ret = 0; + } key->type = DSA_PUBLIC; - return 0; + return ret; } int DsaPrivateKeyDecode(const byte* input, word32* inOutIdx, DsaKey* key, word32 inSz) { - int length, version; + int length, version, ret = 0, temp = 0; /* Sanity checks on input */ if (input == NULL || inOutIdx == NULL || key == NULL) { @@ -4481,15 +4607,27 @@ int DsaPrivateKeyDecode(const byte* input, word32* inOutIdx, DsaKey* key, if (GetSequence(input, inOutIdx, &length, inSz) < 0) return ASN_PARSE_E; - if (GetMyVersion(input, inOutIdx, &version, inSz) < 0) - return ASN_PARSE_E; + temp = (int)*inOutIdx; - if (GetInt(&key->p, input, inOutIdx, inSz) < 0 || - GetInt(&key->q, input, inOutIdx, inSz) < 0 || - GetInt(&key->g, input, inOutIdx, inSz) < 0 || - GetInt(&key->y, input, inOutIdx, inSz) < 0 || - GetInt(&key->x, input, inOutIdx, inSz) < 0 ) - return ASN_DH_KEY_E; + if (GetInt(&key->p, input, inOutIdx, inSz) < 0 || + GetInt(&key->q, input, inOutIdx, inSz) < 0 || + GetInt(&key->g, input, inOutIdx, inSz) < 0 || + GetOctetString(input, inOutIdx, &length, inSz) < 0 || + GetInt(&key->y, input, inOutIdx, inSz) < 0) { + ret = ASN_PARSE_E; + } + if (ret == ASN_PARSE_E) { + *inOutIdx = temp; + if (GetMyVersion(input, inOutIdx, &version, inSz) < 0) + return ASN_PARSE_E; + + if (GetInt(&key->p, input, inOutIdx, inSz) < 0 || + GetInt(&key->q, input, inOutIdx, inSz) < 0 || + GetInt(&key->g, input, inOutIdx, inSz) < 0 || + GetInt(&key->y, input, inOutIdx, inSz) < 0 || + GetInt(&key->x, input, inOutIdx, inSz) < 0 ) + return ASN_DH_KEY_E; + } key->type = DSA_PRIVATE; return 0; @@ -4522,8 +4660,193 @@ static WC_INLINE void FreeTmpDsas(byte** tmps, void* heap) (void)heap; } -/* Convert DsaKey key to DER format, write to output (inLen), return bytes - written */ +#if !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN) +/* Write a public DSA key to output */ +int SetDsaPublicKey(byte* output, DsaKey* key, + int outLen, int with_header) +{ + /* p, g, q = DSA params, y = public exponent */ +#ifdef WOLFSSL_SMALL_STACK + byte* p = NULL; + byte* g = NULL; + byte* q = NULL; + byte* y = NULL; +#else + byte p[MAX_DSA_INT_SZ]; + byte g[MAX_DSA_INT_SZ]; + byte q[MAX_DSA_INT_SZ]; + byte y[MAX_DSA_INT_SZ]; +#endif + byte innerSeq[MAX_SEQ_SZ]; + byte outerSeq[MAX_SEQ_SZ]; + byte bitString[1 + MAX_LENGTH_SZ + 1]; + int idx, pSz, gSz, qSz, ySz, innerSeqSz, outerSeqSz, bitStringSz = 0; + + WOLFSSL_ENTER("SetDsaPublicKey"); + + if (output == NULL || key == NULL || outLen < MAX_SEQ_SZ) { + return BAD_FUNC_ARG; + } + + /* p */ +#ifdef WOLFSSL_SMALL_STACK + p = (byte*)XMALLOC(MAX_DSA_INT_SZ, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (p == NULL) + return MEMORY_E; +#endif + if ((pSz = SetASNIntMP(&key->p, MAX_DSA_INT_SZ, p)) < 0) { + WOLFSSL_MSG("SetASNIntMP Error with p"); +#ifdef WOLFSSL_SMALL_STACK + XFREE(p, key->heap, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return pSz; + } + + /* q */ +#ifdef WOLFSSL_SMALL_STACK + q = (byte*)XMALLOC(MAX_DSA_INT_SZ, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (q == NULL) + return MEMORY_E; +#endif + if ((qSz = SetASNIntMP(&key->q, MAX_DSA_INT_SZ, q)) < 0) { + WOLFSSL_MSG("SetASNIntMP Error with q"); +#ifdef WOLFSSL_SMALL_STACK + XFREE(q, key->heap, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return qSz; + } + + /* g */ +#ifdef WOLFSSL_SMALL_STACK + g = (byte*)XMALLOC(MAX_DSA_INT_SZ, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (g == NULL) + return MEMORY_E; +#endif + if ((gSz = SetASNIntMP(&key->g, MAX_DSA_INT_SZ, g)) < 0) { + WOLFSSL_MSG("SetASNIntMP Error with g"); +#ifdef WOLFSSL_SMALL_STACK + XFREE(g, key->heap, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return gSz; + } + + /* y */ +#ifdef WOLFSSL_SMALL_STACK + y = (byte*)XMALLOC(MAX_DSA_INT_SZ, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (y == NULL) + return MEMORY_E; +#endif + if ((ySz = SetASNIntMP(&key->y, MAX_DSA_INT_SZ, y)) < 0) { + WOLFSSL_MSG("SetASNIntMP Error with y"); +#ifdef WOLFSSL_SMALL_STACK + XFREE(y, key->heap, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return ySz; + } + + innerSeqSz = SetSequence(pSz + qSz + gSz, innerSeq); + + /* check output size */ + if ((innerSeqSz + pSz + qSz + gSz) > outLen) { +#ifdef WOLFSSL_SMALL_STACK + XFREE(p, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(q, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(g, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(y, key->heap, DYNAMIC_TYPE_TMP_BUFFER); +#endif + WOLFSSL_MSG("Error, output size smaller than outlen"); + return BUFFER_E; + } + + if (with_header) { + int algoSz; +#ifdef WOLFSSL_SMALL_STACK + byte* algo = NULL; + + algo = (byte*)XMALLOC(MAX_ALGO_SZ, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + if (algo == NULL) { + XFREE(p, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(q, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(g, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(y, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + return MEMORY_E; + } +#else + byte algo[MAX_ALGO_SZ]; +#endif + algoSz = SetAlgoID(DSAk, algo, oidKeyType, 0); + bitStringSz = SetBitString(ySz, 0, bitString); + outerSeqSz = SetSequence(algoSz + innerSeqSz + pSz + qSz + gSz, + outerSeq); + + idx = SetSequence(algoSz + innerSeqSz + pSz + qSz + gSz + bitStringSz + + ySz + outerSeqSz, output); + + /* check output size */ + if ((idx + algoSz + bitStringSz + innerSeqSz + pSz + qSz + gSz + ySz) > + outLen) { + #ifdef WOLFSSL_SMALL_STACK + XFREE(p, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(q, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(g, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(y, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(algo, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + #endif + WOLFSSL_MSG("Error, output size smaller than outlen"); + return BUFFER_E; + } + + /* outerSeq */ + XMEMCPY(output + idx, outerSeq, outerSeqSz); + idx += outerSeqSz; + /* algo */ + XMEMCPY(output + idx, algo, algoSz); + idx += algoSz; +#ifdef WOLFSSL_SMALL_STACK + XFREE(algo, key->heap, DYNAMIC_TYPE_TMP_BUFFER); +#endif + } else { + idx = 0; + } + + /* innerSeq */ + XMEMCPY(output + idx, innerSeq, innerSeqSz); + idx += innerSeqSz; + /* p */ + XMEMCPY(output + idx, p, pSz); + idx += pSz; + /* q */ + XMEMCPY(output + idx, q, qSz); + idx += qSz; + /* g */ + XMEMCPY(output + idx, g, gSz); + idx += gSz; + /* bit string */ + XMEMCPY(output + idx, bitString, bitStringSz); + idx += bitStringSz; + /* y */ + XMEMCPY(output + idx, y, ySz); + idx += ySz; + +#ifdef WOLFSSL_SMALL_STACK + XFREE(p, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(q, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(g, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(y, key->heap, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return idx; +} + +/* Convert DSA Public key to DER format, write to output (inLen), return bytes + written */ +int DsaKeyToPublicDer(DsaKey* key, byte* output, word32 inLen) +{ + return SetDsaPublicKey(output, key, inLen, 1); +} +#endif /* !HAVE_SELFTEST && WOLFSSL_KEY_GEN */ + +/* Convert private DsaKey key to DER format, write to output (inLen), + return bytes written */ int wc_DsaKeyToDer(DsaKey* key, byte* output, word32 inLen) { word32 seqSz, verSz, rawLen, intTotalLen = 0; @@ -4769,6 +5092,9 @@ static int StoreRsaKey(DecodedCert* cert, word32 bitStringEnd) static int GetKey(DecodedCert* cert) { int length; +#if !defined(NO_DSA) && defined(WOLFSSL_QT) + int tmpLen; +#endif #if defined(HAVE_ECC) || defined(HAVE_NTRU) int tmpIdx = cert->srcIdx; #endif @@ -4776,6 +5102,10 @@ static int GetKey(DecodedCert* cert) if (GetSequence(cert->source, &cert->srcIdx, &length, cert->maxIdx) < 0) return ASN_PARSE_E; +#if !defined(NO_DSA) && defined(WOLFSSL_QT) + tmpLen = length + 4; +#endif + if (GetAlgoId(cert->source, &cert->srcIdx, &cert->keyOID, oidKeyType, cert->maxIdx) < 0) return ASN_PARSE_E; @@ -4951,11 +5281,116 @@ static int GetKey(DecodedCert* cert) return 0; } #endif /* HAVE_ED25519 */ + #if !defined(NO_DSA) && defined(WOLFSSL_QT) + case DSAk: + { + int ret; + ret = GetSequence(cert->source, &cert->srcIdx, &length, + cert->maxIdx); + if (ret < 0) + return ret; + + ret = SkipInt(cert->source, &cert->srcIdx, cert->maxIdx); + if (ret != 0) + return ret; + ret = SkipInt(cert->source, &cert->srcIdx, cert->maxIdx); + if (ret != 0) + return ret; + ret = SkipInt(cert->source, &cert->srcIdx, cert->maxIdx); + if (ret != 0) + return ret; + + ret = CheckBitString(cert->source, &cert->srcIdx, &length, + cert->maxIdx, 1, NULL); + if (ret != 0) + return ret; + + ret = GetASNInt(cert->source, &cert->srcIdx, &length, cert->maxIdx); + if (ret !=0) + return ASN_PARSE_E; + + cert->publicKey = cert->source + tmpIdx; + cert->pubKeySize = tmpLen; + cert->srcIdx += length; + return 0; + } + #endif /* NO_DSA && QT */ default: return ASN_UNKNOWN_OID_E; } } +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +#if defined(HAVE_ECC) +/* Converts ECC curve enum values in ecc_curve_id to the associated OpenSSL NID + value */ +WOLFSSL_API int EccEnumToNID(int n) +{ + WOLFSSL_ENTER("EccEnumToNID()"); + + switch(n) { + case ECC_SECP192R1: + return NID_X9_62_prime192v1; + case ECC_PRIME192V2: + return NID_X9_62_prime192v2; + case ECC_PRIME192V3: + return NID_X9_62_prime192v3; + case ECC_PRIME239V1: + return NID_X9_62_prime239v1; + case ECC_PRIME239V2: + return NID_X9_62_prime239v2; + case ECC_PRIME239V3: + return NID_X9_62_prime239v3; + case ECC_SECP256R1: + return NID_X9_62_prime256v1; + case ECC_SECP112R1: + return NID_secp112r1; + case ECC_SECP112R2: + return NID_secp112r2; + case ECC_SECP128R1: + return NID_secp128r1; + case ECC_SECP128R2: + return NID_secp128r2; + case ECC_SECP160R1: + return NID_secp160r1; + case ECC_SECP160R2: + return NID_secp160r2; + case ECC_SECP224R1: + return NID_secp224r1; + case ECC_SECP384R1: + return NID_secp384r1; + case ECC_SECP521R1: + return NID_secp521r1; + case ECC_SECP160K1: + return NID_secp160k1; + case ECC_SECP192K1: + return NID_secp192k1; + case ECC_SECP224K1: + return NID_secp224k1; + case ECC_SECP256K1: + return NID_secp256k1; + case ECC_BRAINPOOLP160R1: + return NID_brainpoolP160r1; + case ECC_BRAINPOOLP192R1: + return NID_brainpoolP192r1; + case ECC_BRAINPOOLP224R1: + return NID_brainpoolP224r1; + case ECC_BRAINPOOLP256R1: + return NID_brainpoolP256r1; + case ECC_BRAINPOOLP320R1: + return NID_brainpoolP320r1; + case ECC_BRAINPOOLP384R1: + return NID_brainpoolP384r1; + case ECC_BRAINPOOLP512R1: + return NID_brainpoolP512r1; + default: + WOLFSSL_MSG("NID not found"); + return -1; + } +} +#endif /* HAVE_ECC */ +#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ + #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) WOLFSSL_LOCAL int wc_OBJ_sn2nid(const char *sn) { @@ -4973,7 +5408,15 @@ WOLFSSL_LOCAL int wc_OBJ_sn2nid(const char *sn) {NULL, -1}}; int i; - WOLFSSL_ENTER("OBJ_osn2nid"); + #ifdef HAVE_ECC + int eccEnum; + #endif + WOLFSSL_ENTER("OBJ_sn2nid"); + for(i=0; sn2nid[i].sn != NULL; i++) { + if(XSTRNCMP(sn, sn2nid[i].sn, XSTRLEN(sn2nid[i].sn)) == 0) { + return sn2nid[i].nid; + } + } #ifdef HAVE_ECC /* Nginx uses this OpenSSL string. */ if (XSTRNCMP(sn, "prime256v1", 10) == 0) @@ -4983,17 +5426,13 @@ WOLFSSL_LOCAL int wc_OBJ_sn2nid(const char *sn) /* find based on name and return NID */ for (i = 0; ecc_sets[i].size != 0 && ecc_sets[i].name != NULL; i++) { if (XSTRNCMP(sn, ecc_sets[i].name, ECC_MAXNAME) == 0) { - return ecc_sets[i].id; + eccEnum = ecc_sets[i].id; + /* Convert enum value in ecc_curve_id to OpenSSL NID */ + return EccEnumToNID(eccEnum); } } #endif - for(i=0; sn2nid[i].sn != NULL; i++) { - if(XSTRNCMP(sn, sn2nid[i].sn, XSTRLEN(sn2nid[i].sn)) == 0) { - return sn2nid[i].nid; - } - } - return NID_undef; } #endif @@ -6307,6 +6746,7 @@ WOLFSSL_LOCAL word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz) const byte* algoName = 0; byte ID_Length[1 + MAX_LENGTH_SZ]; byte seqArray[MAX_SEQ_SZ + 1]; /* add object_id to end */ + int length = 0; tagSz = (type == oidHashType || (type == oidSigType @@ -6329,7 +6769,14 @@ WOLFSSL_LOCAL word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz) idSz = SetObjectId(algoSz, ID_Length); seqSz = SetSequence(idSz + algoSz + tagSz + curveSz, seqArray); - if (output) { + /* Copy only algo to output for DSA keys */ + if (algoOID == DSAk && output) { + XMEMCPY(output, ID_Length, idSz); + XMEMCPY(output + idSz, algoName, algoSz); + if (tagSz == 2) + SetASNNull(&output[seqSz + idSz + algoSz]); + } + else if (output) { XMEMCPY(output, seqArray, seqSz); XMEMCPY(output + seqSz, ID_Length, idSz); XMEMCPY(output + seqSz + idSz, algoName, algoSz); @@ -6337,8 +6784,12 @@ WOLFSSL_LOCAL word32 SetAlgoID(int algoOID, byte* output, int type, int curveSz) SetASNNull(&output[seqSz + idSz + algoSz]); } - return seqSz + idSz + algoSz + tagSz; + if (algoOID == DSAk) + length = idSz + algoSz + tagSz; + else + length = seqSz + idSz + algoSz + tagSz; + return length; } @@ -7220,6 +7671,49 @@ static int DecodeAltNames(const byte* input, int sz, DecodedCert* cert) length -= strLen; idx += strLen; } +#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) + else if (b == (ASN_CONTEXT_SPECIFIC | ASN_IP_TYPE)) { + DNS_entry* ipAddr; + int strLen; + word32 lenStartIdx = idx; + WOLFSSL_MSG("Decoding Subject Alt. Name: IP Address"); + + if (GetLength(input, &idx, &strLen, sz) < 0) { + WOLFSSL_MSG("\tfail: str length"); + return ASN_PARSE_E; + } + length -= (idx - lenStartIdx); + /* check that strLen at index is not past input buffer */ + if (strLen + (int)idx > sz) { + return BUFFER_E; + } + + ipAddr = (DNS_entry*)XMALLOC(sizeof(DNS_entry), cert->heap, + DYNAMIC_TYPE_ALTNAME); + if (ipAddr == NULL) { + WOLFSSL_MSG("\tOut of Memory"); + return MEMORY_E; + } + + ipAddr->type = ASN_IP_TYPE; + ipAddr->name = (char*)XMALLOC(strLen, cert->heap, + DYNAMIC_TYPE_ALTNAME); + if (ipAddr->name == NULL) { + WOLFSSL_MSG("\tOut of Memory"); + XFREE(ipAddr, cert->heap, DYNAMIC_TYPE_ALTNAME); + return MEMORY_E; + } + ipAddr->len = strLen; + XMEMCPY(ipAddr->name, &input[idx], strLen); + ipAddr->name[strLen] = '\0'; + + ipAddr->next = cert->altNames; + cert->altNames = ipAddr; + + length -= strLen; + idx += strLen; + } +#endif /* WOLFSSL_QT || OPENSSL_ALL */ #endif /* IGNORE_NAME_CONSTRAINTS */ #ifdef WOLFSSL_SEP else if (b == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | ASN_OTHER_TYPE)) @@ -7469,12 +7963,13 @@ static int DecodeCrlDist(const byte* input, int sz, DecodedCert* cert) static int DecodeAuthInfo(const byte* input, int sz, DecodedCert* cert) /* - * Read the first of the Authority Information Access records. If there are + * Read Authority Information Access records. If there are * any issues, return without saving the record. */ { word32 idx = 0; int length = 0; + int count = 0; byte b = 0; word32 oid; @@ -7484,7 +7979,7 @@ static int DecodeAuthInfo(const byte* input, int sz, DecodedCert* cert) if (GetSequence(input, &idx, &length, sz) < 0) return ASN_PARSE_E; - while (idx < (word32)sz) { + while ((idx < (word32)sz) && (count < MAX_AIA_SZ)) { /* Unwrap a single AIA */ if (GetSequence(input, &idx, &length, sz) < 0) return ASN_PARSE_E; @@ -7493,7 +7988,6 @@ static int DecodeAuthInfo(const byte* input, int sz, DecodedCert* cert) if (GetObjectId(input, &idx, &oid, oidCertAuthInfoType, sz) < 0) return ASN_PARSE_E; - /* Only supporting URIs right now. */ if (GetASNTag(input, &idx, &b, sz) < 0) return ASN_PARSE_E; @@ -7501,13 +7995,27 @@ static int DecodeAuthInfo(const byte* input, int sz, DecodedCert* cert) if (GetLength(input, &idx, &length, sz) < 0) return ASN_PARSE_E; + /* Set ocsp entry */ if (b == (ASN_CONTEXT_SPECIFIC | GENERALNAME_URI) && oid == AIA_OCSP_OID) { cert->extAuthInfoSz = length; cert->extAuthInfo = input + idx; + count++; + #if !defined(OPENSSL_ALL) || !defined(WOLFSSL_QT) break; + #endif } + #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) + /* Set CaIssuers entry */ + else if ((b == (ASN_CONTEXT_SPECIFIC | GENERALNAME_URI)) && + oid == AIA_CA_ISSUER_OID) + { + cert->extAuthInfoCaIssuerSz = length; + cert->extAuthInfoCaIssuer = input + idx; + count++; + } + #endif idx += length; } @@ -7819,7 +8327,7 @@ exit: } #endif /* WOLFSSL_CERT_EXT && !WOLFSSL_SEP */ -#if defined(WOLFSSL_SEP) || defined(WOLFSSL_CERT_EXT) +#if defined(WOLFSSL_SEP) || defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_QT) /* Reference: https://tools.ietf.org/html/rfc5280#section-4.2.1.4 */ static int DecodeCertPolicy(const byte* input, int sz, DecodedCert* cert) { @@ -7833,6 +8341,11 @@ exit: #endif WOLFSSL_ENTER("DecodeCertPolicy"); + #if defined(WOLFSSL_SEP) || defined(WOLFSSL_CERT_EXT) + /* Check if cert is null before dereferencing below */ + if (cert == NULL) + return BAD_FUNC_ARG; + #endif #if defined(WOLFSSL_CERT_EXT) cert->extCertPoliciesNb = 0; @@ -8096,14 +8609,15 @@ static int DecodeCertExtensions(DecodedCert* cert) break; case CERT_POLICY_OID: - #ifdef WOLFSSL_SEP + #if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT) VERIFY_AND_SET_OID(cert->extCertPolicySet); #if defined(OPENSSL_EXTRA) || \ defined(OPENSSL_EXTRA_X509_SMALL) cert->extCertPolicyCrit = critical; #endif #endif - #if defined(WOLFSSL_SEP) || defined(WOLFSSL_CERT_EXT) + #if defined(WOLFSSL_SEP) || defined(WOLFSSL_CERT_EXT) || \ + defined(WOLFSSL_QT) if (DecodeCertPolicy(&input[idx], length, cert) < 0) { return ASN_PARSE_E; } @@ -9310,6 +9824,9 @@ int wc_PemGetHeaderFooter(int type, const char** header, const char** footer) if (footer) *footer = END_PUB_KEY; ret = 0; break; + #if !defined(NO_DH) && (defined(WOLFSSL_QT) || defined(OPENSSL_ALL)) + case DH_PRIVATEKEY_TYPE: + #endif case PKCS8_PRIVATEKEY_TYPE: if (header) *header = BEGIN_PRIV_KEY; if (footer) *footer = END_PRIV_KEY; @@ -9670,7 +10187,7 @@ int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, word32 outSz, /* Remove PEM header/footer, convert to ASN1, store any encrypted data info->consumed tracks of PEM bytes consumed in case multiple parts */ int PemToDer(const unsigned char* buff, long longSz, int type, - DerBuffer** pDer, void* heap, EncryptedInfo* info, int* eccKey) + DerBuffer** pDer, void* heap, EncryptedInfo* info, int* keyFormat) { const char* header = NULL; const char* footer = NULL; @@ -9751,11 +10268,15 @@ int PemToDer(const unsigned char* buff, long longSz, int type, headerEnd = SkipEndOfLineChars(headerEnd, bufferEnd); if (type == PRIVATEKEY_TYPE) { - if (eccKey) { + /* keyFormat is Key_Sum enum */ + if (keyFormat) { #ifdef HAVE_ECC - *eccKey = (header == BEGIN_EC_PRIV) ? 1 : 0; - #else - *eccKey = 0; + if (header == BEGIN_EC_PRIV) + *keyFormat = ECDSAk; + #endif + #if !defined(NO_DSA) + if (header == BEGIN_DSA_PRIV) + *keyFormat = DSAk; #endif } } @@ -9816,6 +10337,18 @@ int PemToDer(const unsigned char* buff, long longSz, int type, /* pkcs8 key, convert and adjust length */ if ((ret = ToTraditional_ex(der->buffer, der->length, &algId)) > 0) { der->length = ret; + #if !defined(NO_DSA) + if (algId == DSAk) + *keyFormat = DSAk; + #endif + #ifdef HAVE_ECC + if (algId == ECDSAk) + *keyFormat = ECDSAk; + #endif + #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) + if (algId == DHk) + *keyFormat = DHk; + #endif } else { /* ignore failure here and assume key is not pkcs8 wrapped */ @@ -9859,9 +10392,14 @@ int PemToDer(const unsigned char* buff, long longSz, int type, if (ret >= 0) { der->length = ret; - if ((algId == ECDSAk) && (eccKey != NULL)) { - *eccKey = 1; - } + if ((algId == ECDSAk) && (keyFormat != NULL)) + *keyFormat = ECDSAk; + else if ((algId == DSAk) && (keyFormat != NULL)) + *keyFormat = DSAk; + #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) + else if ((algId == DHk) && (keyFormat != NULL)) + *keyFormat = DHk; + #endif ret = 0; } #else @@ -10921,7 +11459,11 @@ static int SetEd25519PublicKey(byte* output, ed25519_key* key, int with_header) idx = wc_ed25519_export_public(key, pub, &pubSz); if (idx != 0) { #ifdef WOLFSSL_SMALL_STACK - XFREE(pub, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + #ifdef WOLFSSL_QT + XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER); + #else + XFREE(pub, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + #endif #endif return idx; } @@ -10931,7 +11473,11 @@ static int SetEd25519PublicKey(byte* output, ed25519_key* key, int with_header) #ifdef WOLFSSL_SMALL_STACK algo = (byte*)XMALLOC(MAX_ALGO_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (algo == NULL) { - XFREE(pub, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + #ifdef WOLFSSL_QT + XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER); + #else + XFREE(pub, key->heap, DYNAMIC_TYPE_TMP_BUFFER); + #endif return MEMORY_E; } #endif @@ -14073,6 +14619,57 @@ int EncodePolicyOID(byte *out, word32 *outSz, const char *in, void* heap) #endif /* !NO_CERTS */ +#if !defined(NO_DH) && (defined(WOLFSSL_QT) || defined(OPENSSL_ALL)) +/* Helper function for wolfSSL_i2d_DHparams */ +int StoreDHparams(byte* out, word32* outLen, mp_int* p, mp_int* g) +{ + word32 idx = 0; + int pSz; + int gSz; + unsigned int tmp; + + /* If the leading bit on the INTEGER is a 1, add a leading zero */ + int pLeadingZero = mp_leading_bit(p); + int gLeadingZero = mp_leading_bit(g); + int pLen = mp_unsigned_bin_size(p); + int gLen = mp_unsigned_bin_size(g); + + WOLFSSL_ENTER("StoreDHparams"); + if (out == NULL) { + WOLFSSL_MSG("Null buffer error"); + return BUFFER_E; + } + + tmp = pLeadingZero + gLeadingZero + pLen + gLen; + if (*outLen < tmp) { + return BUFFER_E; + } + + /* Set sequence */ + idx = SetSequence(tmp, out); + + /* Encode p */ + pSz = SetASNIntMP(p, -1, &out[idx]); + if (pSz < 0) { + WOLFSSL_MSG("SetASNIntMP failed"); + return pSz; + } + idx += pSz; + + /* Encode g */ + gSz = SetASNIntMP(g, -1, &out[idx]); + if (gSz < 0) { + WOLFSSL_MSG("SetASNIntMP failed"); + return gSz; + } + idx += gSz; + + *outLen = idx; + + return 0; +} +#endif /* !NO_DH && WOLFSSL_QT || OPENSSL_ALL */ + #ifdef HAVE_ECC /* Der Encode r & s ints into out, outLen is (in/out) size */ diff --git a/wolfcrypt/src/dh.c b/wolfcrypt/src/dh.c index 0481ebd74..8c5c028b2 100644 --- a/wolfcrypt/src/dh.c +++ b/wolfcrypt/src/dh.c @@ -29,7 +29,7 @@ #ifndef NO_DH #if defined(HAVE_FIPS) && \ - defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) + defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */ #define FIPS_NO_WRAPPERS @@ -930,7 +930,11 @@ int wc_InitDhKey_ex(DhKey* key, void* heap, int devId) key->heap = heap; /* for XMALLOC/XFREE in future */ +#if !defined(WOLFSSL_QT) && !defined(OPENSSL_ALL) if (mp_init_multi(&key->p, &key->g, &key->q, NULL, NULL, NULL) != MP_OKAY) +#else + if (mp_init_multi(&key->p,&key->g,&key->q,&key->pub,&key->priv,NULL) != MP_OKAY) +#endif return MEMORY_E; #if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_DH) @@ -2061,6 +2065,73 @@ int wc_DhAgree(DhKey* key, byte* agree, word32* agreeSz, const byte* priv, return ret; } +#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) +WOLFSSL_LOCAL int wc_DhSetFullKeys(DhKey* key,const byte* priv_key,word32 privSz, + const byte* pub_key, word32 pubSz) +{ + byte havePriv = 0; + byte havePub = 0; + mp_int* keyPriv = NULL; + mp_int* keyPub = NULL; + + if (key == NULL) { + return BAD_FUNC_ARG; + } + + havePriv = ( (priv_key != NULL) && (privSz > 0) ); + havePub = ( (pub_key != NULL) && (pubSz > 0) ); + + if (!havePub && !havePriv) { + WOLFSSL_MSG("No Public or Private Key to Set"); + return BAD_FUNC_ARG; + } + /* Set Private Key */ + if (havePriv == TRUE) { + /* may have leading 0 */ + if (priv_key[0] == 0) { + privSz--; priv_key++; + } + if (mp_init(&key->priv) != MP_OKAY) + havePriv = FALSE; + } + + if (havePriv == TRUE) { + if (mp_read_unsigned_bin(&key->priv, priv_key, privSz) != MP_OKAY) { + havePriv = FALSE; + } else { + keyPriv = &key->priv; + WOLFSSL_MSG("DH Private Key Set."); + } + } + + /* Set Public Key */ + if (havePub == TRUE) { + /* may have leading 0 */ + if (pub_key[0] == 0) { + pubSz--; pub_key++; + } + if (mp_init(&key->pub) != MP_OKAY) + havePub = FALSE; + } + + if (havePub == TRUE) { + if (mp_read_unsigned_bin(&key->pub, pub_key, pubSz) != MP_OKAY) { + havePub = FALSE; + } else { + keyPub = &key->pub; + WOLFSSL_MSG("DH Public Key Set."); + } + } + /* Free Memory if error occured */ + if (havePriv == FALSE && keyPriv != NULL) + mp_clear(keyPriv); + if (havePub == FALSE && keyPub != NULL) + mp_clear(keyPub); + + /* WOLFSSL_SUCCESS if private or public was set else WOLFSSL_FAILURE */ + return havePriv || havePub; +} +#endif static int _DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g, word32 gSz, const byte* q, word32 qSz, int trusted, diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index 90c2d3f2e..42e7d2c40 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -286,7 +286,7 @@ enum { #ifdef HAVE_ECC_SECPR2 #ifdef HAVE_OID_ENCODING #define CODED_SECP160R2 {1,3,132,0,30} - #define CODED_SECP160R1_SZ 5 + #define CODED_SECP160R2_SZ 5 #else #define CODED_SECP160R2 {0x2B,0x81,0x04,0x00,0x1E} #define CODED_SECP160R2_SZ 5 diff --git a/wolfcrypt/src/error.c b/wolfcrypt/src/error.c index 14ad9cd82..ee80f0905 100644 --- a/wolfcrypt/src/error.c +++ b/wolfcrypt/src/error.c @@ -512,6 +512,9 @@ const char* wc_GetErrorString(int error) case PSS_SALTLEN_RECOVER_E: return "PSS - Salt length unable to be recovered"; + case ASN_SELF_SIGNED_E: + return "ASN self-signed certificate error"; + default: return "unknown error number"; diff --git a/wolfcrypt/src/wc_encrypt.c b/wolfcrypt/src/wc_encrypt.c index 20c62c55c..53abffae1 100644 --- a/wolfcrypt/src/wc_encrypt.c +++ b/wolfcrypt/src/wc_encrypt.c @@ -372,7 +372,7 @@ int wc_BufferKeyEncrypt(EncryptedInfo* info, byte* der, word32 derSz, */ int wc_CryptKey(const char* password, int passwordSz, byte* salt, int saltSz, int iterations, int id, byte* input, - int length, int version, byte* cbcIv, int enc) + int length, int version, byte* cbcIv, int enc, int shaOid) { int typeH; int derivedLen; @@ -404,9 +404,17 @@ int wc_CryptKey(const char* password, int passwordSz, byte* salt, break; case PBE_SHA1_DES3: - typeH = WC_SHA; - derivedLen = 32; /* may need iv for v1.5 */ - break; + switch(shaOid) { + case HMAC_SHA256_OID: + typeH = WC_SHA256; + derivedLen = 32; + break; + default: + typeH = WC_SHA; + derivedLen = 32; /* may need iv for v1.5 */ + break; + } + break; #endif /* !NO_SHA */ #endif /* !NO_DES3 */ #if !defined(NO_SHA) && !defined(NO_RC4) @@ -415,14 +423,37 @@ int wc_CryptKey(const char* password, int passwordSz, byte* salt, derivedLen = 16; break; #endif - #ifdef WOLFSSL_AES_256 + #if defined(WOLFSSL_AES_256) && !defined(NO_SHA) case PBE_AES256_CBC: - typeH = WC_SHA256; - derivedLen = 32; + switch(shaOid) { + case HMAC_SHA256_OID: + typeH = WC_SHA256; + derivedLen = 32; + break; + default: + typeH = WC_SHA; + derivedLen = 32; + break; + } break; - #endif + #endif /* WOLFSSL_AES_256 && !NO_SHA */ + #if defined(WOLFSSL_AES_128) && !defined(NO_SHA) + case PBE_AES128_CBC: + switch(shaOid) { + case HMAC_SHA256_OID: + typeH = WC_SHA256; + derivedLen = 16; + break; + default: + typeH = WC_SHA; + derivedLen = 16; + break; + } + break; + #endif /* WOLFSSL_AES_128 && !NO_SHA */ default: WOLFSSL_MSG("Unknown/Unsupported encrypt/decrypt id"); + (void)shaOid; return ALGO_ID_E; } @@ -574,6 +605,7 @@ int wc_CryptKey(const char* password, int passwordSz, byte* salt, #if !defined(NO_AES) && defined(HAVE_AES_CBC) #ifdef WOLFSSL_AES_256 case PBE_AES256_CBC: + case PBE_AES128_CBC: { Aes aes; ret = wc_AesInit(&aes, NULL, INVALID_DEVID); diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 012f6cf75..73bae05a6 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -14306,7 +14306,11 @@ int openssl_test(void) return -7400; } XMEMSET(p, 0, 10); - CRYPTO_free(p, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #ifdef WOLFSSL_QT + CRYPTO_free(p); + #else + CRYPTO_free(p, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #endif } #ifndef NO_MD5 diff --git a/wolfssl/internal.h b/wolfssl/internal.h index ba1c7a00c..74e9b2d33 100644 --- a/wolfssl/internal.h +++ b/wolfssl/internal.h @@ -618,7 +618,9 @@ #if !defined(NO_RC4) #if !defined(NO_SHA) #if !defined(NO_RSA) - #define BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA + #ifndef WOLFSSL_AEAD_ONLY + #define BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA + #endif #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) #define BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA #endif @@ -626,7 +628,9 @@ #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \ defined(HAVE_ED25519)) - #define BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA + #ifndef WOLFSSL_AEAD_ONLY + #define BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA + #endif #endif #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC) #define BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA @@ -1799,13 +1803,16 @@ WOLFSSL_LOCAL int SetCipherList(WOLFSSL_CTX*, Suites*, const char* list); #endif /* WOLFSSL_DTLS_EXPORT_TYPES */ +#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) +#define UINT8_SZ 255 +#endif /* wolfSSL Cipher type just points back to SSL */ struct WOLFSSL_CIPHER { byte cipherSuite0; byte cipherSuite; WOLFSSL* ssl; #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) - char description[MAX_CIPHERNAME_SZ]; + char description[UINT8_SZ]; unsigned long offset; unsigned int in_stack; /* TRUE if added to stack in wolfSSL_get_ciphers_compat */ int bits; @@ -4071,6 +4078,10 @@ struct WOLFSSL { #ifdef OPENSSL_ALL long verifyCallbackResult; #endif +#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) + WOLFSSL_STACK* supportedCiphers; /* Used in wolfSSL_get_ciphers_compat */ + WOLFSSL_STACK* peerCertChain; /* Used in wolfSSL_get_peer_cert_chain */ +#endif }; @@ -4367,11 +4378,27 @@ typedef struct CipherSuiteInfo { #endif byte cipherSuite0; byte cipherSuite; +#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) + byte minor; + byte major; +#endif } CipherSuiteInfo; WOLFSSL_LOCAL const CipherSuiteInfo* GetCipherNames(void); WOLFSSL_LOCAL int GetCipherNamesSize(void); WOLFSSL_LOCAL const char* GetCipherNameInternal(const byte cipherSuite0, const byte cipherSuite); +#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) +/* used in wolfSSL_sk_CIPHER_description */ +#define MAX_SEGMENTS 5 +#define MAX_SEGMENT_SZ 20 +WOLFSSL_LOCAL int wolfSSL_sk_CIPHER_description(WOLFSSL_CIPHER*); +WOLFSSL_LOCAL const char* GetCipherProtocol(const byte minor); +WOLFSSL_LOCAL const char* GetCipherKeaStr(char n[][MAX_SEGMENT_SZ]); +WOLFSSL_LOCAL const char* GetCipherAuthStr(char n[][MAX_SEGMENT_SZ]); +WOLFSSL_LOCAL const char* GetCipherEncStr(char n[][MAX_SEGMENT_SZ]); +WOLFSSL_LOCAL const char* GetCipherMacStr(char n[][MAX_SEGMENT_SZ]); +WOLFSSL_LOCAL int SetCipherBits(const char* enc); +#endif WOLFSSL_LOCAL const char* GetCipherNameIana(const byte cipherSuite0, const byte cipherSuite); WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl); WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_iana(WOLFSSL* ssl); diff --git a/wolfssl/openssl/bio.h b/wolfssl/openssl/bio.h index e5fe8de39..8b1b61f2a 100644 --- a/wolfssl/openssl/bio.h +++ b/wolfssl/openssl/bio.h @@ -99,6 +99,10 @@ #define BIO_get_shutdown wolfSSL_BIO_get_shutdown #define BIO_set_shutdown wolfSSL_BIO_set_shutdown +#define BIO_clear_flags wolfSSL_BIO_clear_flags +#define BIO_set_ex_data wolfSSL_BIO_set_ex_data +#define BIO_get_ex_data wolfSSL_BIO_get_ex_data + /* helper to set specific retry/read flags */ #define BIO_set_retry_read(bio)\ wolfSSL_BIO_set_flags((bio), WOLFSSL_BIO_FLAG_RETRY | WOLFSSL_BIO_FLAG_READ) diff --git a/wolfssl/openssl/bn.h b/wolfssl/openssl/bn.h index 9ca0b1e2e..96f5796d1 100644 --- a/wolfssl/openssl/bn.h +++ b/wolfssl/openssl/bn.h @@ -48,6 +48,7 @@ typedef struct WOLFSSL_BIGNUM { } WOLFSSL_BIGNUM; +#define BN_ULONG WOLFSSL_BN_ULONG #define WOLFSSL_BN_ULONG mp_digit typedef struct WOLFSSL_BN_CTX WOLFSSL_BN_CTX; @@ -83,6 +84,7 @@ WOLFSSL_API int wolfSSL_BN_is_zero(const WOLFSSL_BIGNUM*); WOLFSSL_API int wolfSSL_BN_is_one(const WOLFSSL_BIGNUM*); WOLFSSL_API int wolfSSL_BN_is_odd(const WOLFSSL_BIGNUM*); WOLFSSL_API int wolfSSL_BN_is_negative(const WOLFSSL_BIGNUM*); +WOLFSSL_API int wolfSSL_BN_is_word(const WOLFSSL_BIGNUM*, WOLFSSL_BN_ULONG); WOLFSSL_API int wolfSSL_BN_cmp(const WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*); @@ -147,6 +149,7 @@ typedef WOLFSSL_BN_GENCB BN_GENCB; #define BN_is_one wolfSSL_BN_is_one #define BN_is_odd wolfSSL_BN_is_odd #define BN_is_negative wolfSSL_BN_is_negative +#define BN_is_word wolfSSL_BN_is_word #define BN_cmp wolfSSL_BN_cmp diff --git a/wolfssl/openssl/crypto.h b/wolfssl/openssl/crypto.h index 3eb90e416..2d359f636 100644 --- a/wolfssl/openssl/crypto.h +++ b/wolfssl/openssl/crypto.h @@ -46,7 +46,11 @@ WOLFSSL_API void *wolfSSL_OPENSSL_malloc(size_t a); #define SSLeay_version wolfSSLeay_version #define SSLeay wolfSSLeay -#define SSLEAY_VERSION 0x0090600fL +#ifdef WOLFSSL_QT + #define SSLEAY_VERSION 0x10001000L +#else + #define SSLEAY_VERSION 0x0090600fL +#endif #define SSLEAY_VERSION_NUMBER SSLEAY_VERSION #define CRYPTO_lock wc_LockMutex_ex @@ -56,6 +60,12 @@ WOLFSSL_API void *wolfSSL_OPENSSL_malloc(size_t a); #define OPENSSL_free wolfSSL_OPENSSL_free #define OPENSSL_malloc wolfSSL_OPENSSL_malloc +#ifdef WOLFSSL_QT + #define OPENSSL_INIT_ADD_ALL_CIPHERS 0x00000004L + #define OPENSSL_INIT_ADD_ALL_DIGESTS 0x00000008L + #define OPENSSL_INIT_LOAD_CONFIG 0x00000040L +#endif + #if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \ defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) #define CRYPTO_set_mem_ex_functions wolfSSL_CRYPTO_set_mem_ex_functions diff --git a/wolfssl/openssl/dh.h b/wolfssl/openssl/dh.h index f31c76aaf..23bc2ab43 100644 --- a/wolfssl/openssl/dh.h +++ b/wolfssl/openssl/dh.h @@ -25,13 +25,19 @@ #ifndef WOLFSSL_DH_H_ #define WOLFSSL_DH_H_ -#include #include #ifdef __cplusplus extern "C" { #endif +#ifndef WOLFSSL_DH_TYPE_DEFINED /* guard on redeclaration */ +typedef struct WOLFSSL_DH WOLFSSL_DH; +#define WOLFSSL_DH_TYPE_DEFINED +#endif + +typedef WOLFSSL_DH DH; + struct WOLFSSL_DH { WOLFSSL_BIGNUM* p; WOLFSSL_BIGNUM* g; @@ -47,14 +53,19 @@ struct WOLFSSL_DH { int length; }; - +WOLFSSL_API WOLFSSL_DH *wolfSSL_d2i_DHparams(WOLFSSL_DH **dh, + const unsigned char **pp, long length); +WOLFSSL_API int wolfSSL_i2d_DHparams(const WOLFSSL_DH *dh, unsigned char **out); WOLFSSL_API WOLFSSL_DH* wolfSSL_DH_new(void); WOLFSSL_API void wolfSSL_DH_free(WOLFSSL_DH*); +WOLFSSL_API int wolfSSL_DH_check(const WOLFSSL_DH *dh, int *codes); WOLFSSL_API int wolfSSL_DH_size(WOLFSSL_DH*); WOLFSSL_API int wolfSSL_DH_generate_key(WOLFSSL_DH*); WOLFSSL_API int wolfSSL_DH_compute_key(unsigned char* key, WOLFSSL_BIGNUM* pub, WOLFSSL_DH*); +WOLFSSL_API int SetDhExternal(WOLFSSL_DH *dh); +WOLFSSL_API int wolfSSL_DH_LoadDer(WOLFSSL_DH*, const unsigned char*, int sz); WOLFSSL_API int wolfSSL_DH_set0_pqg(WOLFSSL_DH*, WOLFSSL_BIGNUM*, WOLFSSL_BIGNUM*, WOLFSSL_BIGNUM*); @@ -63,6 +74,10 @@ typedef WOLFSSL_DH DH; #define DH_new wolfSSL_DH_new #define DH_free wolfSSL_DH_free +#define d2i_DHparams wolfSSL_d2i_DHparams +#define i2d_DHparams wolfSSL_i2d_DHparams +#define DH_check wolfSSL_DH_check + #define DH_size wolfSSL_DH_size #define DH_generate_key wolfSSL_DH_generate_key #define DH_compute_key wolfSSL_DH_compute_key @@ -71,6 +86,16 @@ typedef WOLFSSL_DH DH; #endif #define DH_bits(x) (BN_num_bits(x->p)) +#define DH_GENERATOR_2 2 +#define DH_CHECK_P_NOT_PRIME 0x01 +#define DH_CHECK_P_NOT_SAFE_PRIME 0x02 +#define DH_NOT_SUITABLE_GENERATOR 0x08 + +/* Temporary values for wolfSSL_DH_Check*/ +#define DH_CHECK_INVALID_Q_VALUE 0x10 +#define DH_CHECK_Q_NOT_PRIME 0x11 +/* end temp */ + /* for pre 1.1.0 */ #define get_rfc2409_prime_768 wolfSSL_DH_768_prime #define get_rfc2409_prime_1024 wolfSSL_DH_1024_prime diff --git a/wolfssl/openssl/dsa.h b/wolfssl/openssl/dsa.h index 107bb050c..804713efe 100644 --- a/wolfssl/openssl/dsa.h +++ b/wolfssl/openssl/dsa.h @@ -65,6 +65,9 @@ WOLFSSL_API int wolfSSL_DSA_generate_parameters_ex(WOLFSSL_DSA*, int bits, WOLFSSL_API int wolfSSL_DSA_LoadDer(WOLFSSL_DSA*, const unsigned char*, int sz); +WOLFSSL_API int wolfSSL_DSA_LoadDer_ex(WOLFSSL_DSA*, const unsigned char*, + int sz, int opt); + WOLFSSL_API int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet, WOLFSSL_DSA* dsa); @@ -72,6 +75,9 @@ WOLFSSL_API int wolfSSL_DSA_do_verify(const unsigned char* d, unsigned char* sig, WOLFSSL_DSA* dsa, int *dsacheck); +#define WOLFSSL_DSA_LOAD_PRIVATE 1 +#define WOLFSSL_DSA_LOAD_PUBLIC 2 + #define DSA_new wolfSSL_DSA_new #define DSA_free wolfSSL_DSA_free diff --git a/wolfssl/openssl/ec.h b/wolfssl/openssl/ec.h index 18e3b4e3d..a06ced2f8 100644 --- a/wolfssl/openssl/ec.h +++ b/wolfssl/openssl/ec.h @@ -37,29 +37,35 @@ enum { POINT_CONVERSION_UNCOMPRESSED = 4, #ifdef HAVE_ECC - /* Use ecc_curve_type enum values for NID */ - NID_X9_62_prime192v1 = ECC_SECP192R1, - NID_X9_62_prime256v1 = ECC_SECP256R1, - NID_secp112r1 = ECC_SECP112R1, - NID_secp112r2 = ECC_SECP112R2, - NID_secp128r1 = ECC_SECP128R1, - NID_secp128r2 = ECC_SECP128R2, - NID_secp160r1 = ECC_SECP160R1, - NID_secp160r2 = ECC_SECP160R2, - NID_secp224r1 = ECC_SECP224R1, - NID_secp384r1 = ECC_SECP384R1, - NID_secp521r1 = ECC_SECP521R1, - NID_secp160k1 = ECC_SECP160K1, - NID_secp192k1 = ECC_SECP192K1, - NID_secp224k1 = ECC_SECP224K1, - NID_secp256k1 = ECC_SECP256K1, - NID_brainpoolP160r1 = ECC_BRAINPOOLP160R1, - NID_brainpoolP192r1 = ECC_BRAINPOOLP192R1, - NID_brainpoolP224r1 = ECC_BRAINPOOLP224R1, - NID_brainpoolP256r1 = ECC_BRAINPOOLP256R1, - NID_brainpoolP320r1 = ECC_BRAINPOOLP320R1, - NID_brainpoolP384r1 = ECC_BRAINPOOLP384R1, - NID_brainpoolP512r1 = ECC_BRAINPOOLP512R1, + /* Use OpenSSL NIDs. NIDs can be mapped to ecc_curve_id enum values by + calling NIDToEccEnum() in ssl.c */ + NID_X9_62_prime192v1 = 409, + NID_X9_62_prime192v2 = 410, + NID_X9_62_prime192v3 = 411, + NID_X9_62_prime239v1 = 412, + NID_X9_62_prime239v2 = 413, + NID_X9_62_prime239v3 = 414, + NID_X9_62_prime256v1 = 415, + NID_secp112r1 = 704, + NID_secp112r2 = 705, + NID_secp128r1 = 706, + NID_secp128r2 = 707, + NID_secp160r1 = 709, + NID_secp160r2 = 710, + NID_secp224r1 = 713, + NID_secp384r1 = 715, + NID_secp521r1 = 716, + NID_secp160k1 = 708, + NID_secp192k1 = 711, + NID_secp224k1 = 712, + NID_secp256k1 = 714, + NID_brainpoolP160r1 = 921, + NID_brainpoolP192r1 = 923, + NID_brainpoolP224r1 = 925, + NID_brainpoolP256r1 = 927, + NID_brainpoolP320r1 = 929, + NID_brainpoolP384r1 = 931, + NID_brainpoolP512r1 = 933, #endif OPENSSL_EC_NAMED_CURVE = 0x001 @@ -69,12 +75,14 @@ enum { typedef struct WOLFSSL_EC_KEY WOLFSSL_EC_KEY; typedef struct WOLFSSL_EC_POINT WOLFSSL_EC_POINT; typedef struct WOLFSSL_EC_GROUP WOLFSSL_EC_GROUP; +typedef struct WOLFSSL_EC_BUILTIN_CURVE WOLFSSL_EC_BUILTIN_CURVE; #define WOLFSSL_EC_TYPE_DEFINED #endif typedef WOLFSSL_EC_KEY EC_KEY; typedef WOLFSSL_EC_GROUP EC_GROUP; typedef WOLFSSL_EC_POINT EC_POINT; +typedef WOLFSSL_EC_BUILTIN_CURVE EC_builtin_curve; struct WOLFSSL_EC_POINT { WOLFSSL_BIGNUM *X; @@ -102,16 +110,20 @@ struct WOLFSSL_EC_KEY { char exSet; /* external set from internal ? */ }; -typedef struct WOLFSSL_EC_builtin_curve{ +struct WOLFSSL_EC_BUILTIN_CURVE { int nid; const char *comment; -} WOLFSSL_EC_builtin_curve; - -typedef WOLFSSL_EC_builtin_curve EC_builtin_curve; +}; #define WOLFSSL_EC_KEY_LOAD_PRIVATE 1 #define WOLFSSL_EC_KEY_LOAD_PUBLIC 2 +WOLFSSL_API +size_t wolfSSL_EC_get_builtin_curves(WOLFSSL_EC_BUILTIN_CURVE *r,size_t nitems); + +WOLFSSL_API +WOLFSSL_EC_KEY *wolfSSL_EC_KEY_dup(const WOLFSSL_EC_KEY *src); + WOLFSSL_API int wolfSSL_ECPoint_i2d(const WOLFSSL_EC_GROUP *curve, const WOLFSSL_EC_POINT *p, @@ -193,9 +205,6 @@ WOLFSSL_API int wolfSSL_EC_POINT_is_at_infinity(const WOLFSSL_EC_GROUP *group, const WOLFSSL_EC_POINT *a); -WOLFSSL_API -size_t wolfSSL_EC_get_builtin_curves(WOLFSSL_EC_builtin_curve *r, size_t nitems); - #ifndef HAVE_SELFTEST WOLFSSL_API char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group, @@ -209,6 +218,7 @@ char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group, #define EC_KEY_new wolfSSL_EC_KEY_new #define EC_KEY_free wolfSSL_EC_KEY_free +#define EC_KEY_dup wolfSSL_EC_KEY_dup #define EC_KEY_get0_public_key wolfSSL_EC_KEY_get0_public_key #define EC_KEY_get0_group wolfSSL_EC_KEY_get0_group #define EC_KEY_set_private_key wolfSSL_EC_KEY_set_private_key @@ -237,6 +247,8 @@ char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group, #define EC_POINT_cmp wolfSSL_EC_POINT_cmp #define EC_POINT_is_at_infinity wolfSSL_EC_POINT_is_at_infinity +#define EC_get_builtin_curves wolfSSL_EC_get_builtin_curves + #ifndef HAVE_SELFTEST #define EC_POINT_point2hex wolfSSL_EC_POINT_point2hex #endif diff --git a/wolfssl/openssl/evp.h b/wolfssl/openssl/evp.h index 291820664..d7661fbc4 100644 --- a/wolfssl/openssl/evp.h +++ b/wolfssl/openssl/evp.h @@ -47,6 +47,7 @@ #include #include #include +#include #include #include @@ -108,6 +109,7 @@ WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_ede3_cbc(void); WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_rc4(void); WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_idea_cbc(void); WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_enc_null(void); +WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_rc2_cbc(void); typedef union { @@ -134,6 +136,7 @@ typedef union { } WOLFSSL_Hasher; typedef struct WOLFSSL_EVP_PKEY_CTX WOLFSSL_EVP_PKEY_CTX; +typedef struct WOLFSSL_EVP_CIPHER_CTX WOLFSSL_EVP_CIPHER_CTX; typedef struct WOLFSSL_EVP_MD_CTX { union { @@ -157,6 +160,9 @@ typedef union { #ifdef HAVE_IDEA Idea idea; #endif +#ifdef WOLFSSL_QT + int (*ctrl) (WOLFSSL_EVP_CIPHER_CTX *, int type, int arg, void *ptr); +#endif } WOLFSSL_Cipher; @@ -236,7 +242,7 @@ enum { }; #define WOLFSSL_EVP_BUF_SIZE 16 -typedef struct WOLFSSL_EVP_CIPHER_CTX { +struct WOLFSSL_EVP_CIPHER_CTX { int keyLen; /* user may set for variable */ int block_size; unsigned long flags; @@ -259,7 +265,7 @@ typedef struct WOLFSSL_EVP_CIPHER_CTX { ALIGN16 unsigned char authTag[AES_BLOCK_SIZE]; int authTagSz; #endif -} WOLFSSL_EVP_CIPHER_CTX; +}; struct WOLFSSL_EVP_PKEY_CTX { WOLFSSL_EVP_PKEY *pkey; @@ -412,12 +418,19 @@ WOLFSSL_API int wolfSSL_EVP_PKEY_assign_RSA(WOLFSSL_EVP_PKEY* pkey, WOLFSSL_RSA* key); WOLFSSL_API int wolfSSL_EVP_PKEY_assign_EC_KEY(WOLFSSL_EVP_PKEY* pkey, WOLFSSL_EC_KEY* key); +WOLFSSL_API int wolfSSL_EVP_PKEY_assign_DSA(EVP_PKEY* pkey, WOLFSSL_DSA* key); +WOLFSSL_API int wolfSSL_EVP_PKEY_assign_DH(EVP_PKEY* pkey, WOLFSSL_DH* key); WOLFSSL_API WOLFSSL_RSA* wolfSSL_EVP_PKEY_get0_RSA(struct WOLFSSL_EVP_PKEY *pkey); WOLFSSL_API WOLFSSL_RSA* wolfSSL_EVP_PKEY_get1_RSA(WOLFSSL_EVP_PKEY*); WOLFSSL_API WOLFSSL_DSA* wolfSSL_EVP_PKEY_get1_DSA(WOLFSSL_EVP_PKEY*); WOLFSSL_API WOLFSSL_EC_KEY *wolfSSL_EVP_PKEY_get0_EC_KEY(WOLFSSL_EVP_PKEY *pkey); -WOLFSSL_API WOLFSSL_EC_KEY *wolfSSL_EVP_PKEY_get1_EC_KEY(WOLFSSL_EVP_PKEY *pkey); +WOLFSSL_API WOLFSSL_EC_KEY *wolfSSL_EVP_PKEY_get1_EC_KEY(WOLFSSL_EVP_PKEY *key); +WOLFSSL_API WOLFSSL_DH* wolfSSL_EVP_PKEY_get1_DH(WOLFSSL_EVP_PKEY* key); WOLFSSL_API int wolfSSL_EVP_PKEY_set1_RSA(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_RSA *key); +WOLFSSL_API int wolfSSL_EVP_PKEY_set1_DSA(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_DSA *key); +WOLFSSL_API int wolfSSL_EVP_PKEY_set1_DH(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_DH *key); +WOLFSSL_API int wolfSSL_EVP_PKEY_set1_EC_KEY(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_EC_KEY *key); +WOLFSSL_API int wolfSSL_EVP_PKEY_assign(WOLFSSL_EVP_PKEY *pkey, int type, void *key); WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKEY_new_mac_key(int type, ENGINE* e, const unsigned char* key, int keylen); @@ -490,6 +503,7 @@ WOLFSSL_API int wolfSSL_EVP_add_digest(const WOLFSSL_EVP_MD *digest); WOLFSSL_API int wolfSSL_EVP_add_cipher(const WOLFSSL_EVP_CIPHER *cipher); WOLFSSL_API void wolfSSL_EVP_cleanup(void); WOLFSSL_API int wolfSSL_add_all_algorithms(void); +WOLFSSL_API int wolfSSL_OpenSSL_add_all_algorithms_conf(void); WOLFSSL_API int wolfSSL_OpenSSL_add_all_algorithms_noconf(void); WOLFSSL_API int wolfSSL_EVP_read_pw_string(char*, int, const char*, int); @@ -633,14 +647,20 @@ typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX; #define EVP_get_cipherbyname wolfSSL_EVP_get_cipherbyname #define EVP_get_digestbyname wolfSSL_EVP_get_digestbyname +#define EVP_PKEY_assign wolfSSL_EVP_PKEY_assign #define EVP_PKEY_assign_RSA wolfSSL_EVP_PKEY_assign_RSA +#define EVP_PKEY_assign_DSA wolfSSL_EVP_PKEY_assign_DSA +#define EVP_PKEY_assign_DH wolfSSL_EVP_PKEY_assign_DH #define EVP_PKEY_assign_EC_KEY wolfSSL_EVP_PKEY_assign_EC_KEY #define EVP_PKEY_get1_DSA wolfSSL_EVP_PKEY_get1_DSA +#define EVP_PKEY_set1_DSA wolfSSL_EVP_PKEY_set1_DSA #define EVP_PKEY_get1_RSA wolfSSL_EVP_PKEY_get1_RSA -#define EVP_PKEY_get1_DSA wolfSSL_EVP_PKEY_get1_DSA #define EVP_PKEY_set1_RSA wolfSSL_EVP_PKEY_set1_RSA -#define EVP_PKEY_get0_EC_KEY wolfSSL_EVP_PKEY_get0_EC_KEY +#define EVP_PKEY_set1_EC_KEY wolfSSL_EVP_PKEY_set1_EC_KEY #define EVP_PKEY_get1_EC_KEY wolfSSL_EVP_PKEY_get1_EC_KEY +#define EVP_PKEY_set1_DH wolfSSL_EVP_PKEY_set1_DH +#define EVP_PKEY_get1_DH wolfSSL_EVP_PKEY_get1_DH +#define EVP_PKEY_get0_EC_KEY wolfSSL_EVP_PKEY_get0_EC_KEY #define EVP_PKEY_get0_hmac wolfSSL_EVP_PKEY_get0_hmac #define EVP_PKEY_new_mac_key wolfSSL_EVP_PKEY_new_mac_key #define EVP_MD_CTX_copy wolfSSL_EVP_MD_CTX_copy @@ -688,12 +708,21 @@ typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX; #define EVP_add_cipher wolfSSL_EVP_add_cipher #define EVP_cleanup wolfSSL_EVP_cleanup #define EVP_read_pw_string wolfSSL_EVP_read_pw_string +#define EVP_rc2_cbc wolfSSL_EVP_rc2_cbc #define OpenSSL_add_all_digests() wolfSSL_EVP_init() #define OpenSSL_add_all_ciphers() wolfSSL_EVP_init() #define OpenSSL_add_all_algorithms wolfSSL_add_all_algorithms #define OpenSSL_add_all_algorithms_noconf wolfSSL_OpenSSL_add_all_algorithms_noconf +#define OpenSSL_add_all_algorithms_conf wolfSSL_OpenSSL_add_all_algorithms_conf + #define wolfSSL_OPENSSL_add_all_algorithms_noconf wolfSSL_OpenSSL_add_all_algorithms_noconf +#define wolfSSL_OPENSSL_add_all_algorithms_conf wolfSSL_OpenSSL_add_all_algorithms_conf + +/* provides older OpenSSL API compatibility */ +#define OPENSSL_add_all_algorithms OpenSSL_add_all_algorithms +#define OPENSSL_add_all_algorithms_noconf OpenSSL_add_all_algorithms_noconf +#define OPENSSL_add_all_algorithms_conf OpenSSL_add_all_algorithms_conf #define NO_PADDING_BLOCK_SIZE 1 diff --git a/wolfssl/openssl/include.am b/wolfssl/openssl/include.am index f7ce8b754..82f499cae 100644 --- a/wolfssl/openssl/include.am +++ b/wolfssl/openssl/include.am @@ -25,6 +25,7 @@ nobase_include_HEADERS+= \ wolfssl/openssl/md4.h \ wolfssl/openssl/md5.h \ wolfssl/openssl/ripemd.h \ + wolfssl/openssl/obj_mac.h \ wolfssl/openssl/objects.h \ wolfssl/openssl/ocsp.h \ wolfssl/openssl/opensslconf.h \ diff --git a/wolfssl/openssl/obj_mac.h b/wolfssl/openssl/obj_mac.h new file mode 100644 index 000000000..6d0f90047 --- /dev/null +++ b/wolfssl/openssl/obj_mac.h @@ -0,0 +1,50 @@ +/* obj_mac.h + * + * Copyright (C) 2006-2017 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* obj_mac.h for openSSL */ + +#ifndef WOLFSSL_OBJ_MAC_H_ +#define WOLFSSL_OBJ_MAC_H_ +#ifdef __cplusplus + extern "C" { +#endif + +#define NID_sect163k1 721 +#define NID_sect163r1 722 +#define NID_sect163r2 723 +#define NID_sect193r1 724 +#define NID_sect193r2 725 +#define NID_sect233k1 726 +#define NID_sect233r1 727 +#define NID_sect239k1 728 +#define NID_sect283k1 729 +#define NID_sect283r1 730 +#define NID_sect409k1 731 +#define NID_sect409r1 732 +#define NID_sect571k1 733 +#define NID_sect571r1 734 + +#ifdef __cplusplus + } /* extern "C" */ +#endif + +#endif /* WOLFSSL_OBJ_MAC_H_ */ + diff --git a/wolfssl/openssl/objects.h b/wolfssl/openssl/objects.h index 01b106746..b02094e22 100644 --- a/wolfssl/openssl/objects.h +++ b/wolfssl/openssl/objects.h @@ -38,6 +38,7 @@ #define OBJ_obj2nid wolfSSL_OBJ_obj2nid #define OBJ_sn2nid wolfSSL_OBJ_sn2nid #define OBJ_nid2ln wolfSSL_OBJ_nid2ln +#define OBJ_ln2nid wolfSSL_OBJ_ln2nid #define OBJ_txt2nid wolfSSL_OBJ_txt2nid #define OBJ_txt2obj wolfSSL_OBJ_txt2obj #define OBJ_nid2obj wolfSSL_OBJ_nid2obj diff --git a/wolfssl/openssl/opensslv.h b/wolfssl/openssl/opensslv.h index 4bc495eea..d7db5ccb0 100644 --- a/wolfssl/openssl/opensslv.h +++ b/wolfssl/openssl/opensslv.h @@ -30,7 +30,7 @@ /* For Apache httpd, Use 1.1.0 compatibility */ #define OPENSSL_VERSION_NUMBER 0x10100000L #elif defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY) || \ - defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) + defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_QT) /* version number can be increased for Lighty after compatibility for ECDH is added */ #define OPENSSL_VERSION_NUMBER 0x10001000L diff --git a/wolfssl/openssl/pem.h b/wolfssl/openssl/pem.h index c8f57b47a..7e8639eb9 100644 --- a/wolfssl/openssl/pem.h +++ b/wolfssl/openssl/pem.h @@ -91,6 +91,19 @@ int wolfSSL_PEM_write_bio_DSAPrivateKey(WOLFSSL_BIO* bio, const EVP_CIPHER* cipher, unsigned char* passwd, int len, pem_password_cb* cb, void* arg); + +WOLFSSL_API +WOLFSSL_DSA* wolfSSL_PEM_read_bio_DSAPrivateKey(WOLFSSL_BIO* bio, + WOLFSSL_DSA** dsa, + pem_password_cb* cb,void *pass); + +WOLFSSL_API +WOLFSSL_DSA *wolfSSL_PEM_read_bio_DSA_PUBKEY(WOLFSSL_BIO* bio,WOLFSSL_DSA** dsa, + pem_password_cb* cb, void *pass); + +WOLFSSL_API +int wolfSSL_PEM_write_bio_DSA_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_DSA* dsa); + WOLFSSL_API int wolfSSL_PEM_write_mem_DSAPrivateKey(WOLFSSL_DSA* dsa, const EVP_CIPHER* cipher, @@ -112,6 +125,14 @@ int wolfSSL_PEM_write_bio_ECPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EC_KEY* ec, const EVP_CIPHER* cipher, unsigned char* passwd, int len, pem_password_cb* cb, void* arg); +WOLFSSL_API +WOLFSSL_EC_KEY* wolfSSL_PEM_read_bio_ECPrivateKey(WOLFSSL_BIO* bio, + WOLFSSL_EC_KEY** ec, + pem_password_cb* cb, + void *pass); +WOLFSSL_API +int wolfSSL_PEM_write_bio_EC_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_EC_KEY* ec); + WOLFSSL_API int wolfSSL_PEM_write_mem_ECPrivateKey(WOLFSSL_EC_KEY* key, const EVP_CIPHER* cipher, @@ -125,6 +146,11 @@ int wolfSSL_PEM_write_ECPrivateKey(XFILE fp, WOLFSSL_EC_KEY *key, pem_password_cb *cb, void *u); WOLFSSL_API int wolfSSL_PEM_write_EC_PUBKEY(XFILE fp, WOLFSSL_EC_KEY *key); + +WOLFSSL_API +WOLFSSL_EC_KEY* wolfSSL_PEM_read_bio_EC_PUBKEY(WOLFSSL_BIO* bio, + WOLFSSL_EC_KEY** ec, + pem_password_cb* cb, void *pass); #endif /* NO_FILESYSTEM */ /* EVP_KEY */ @@ -205,11 +231,17 @@ int wolfSSL_PEM_write_DHparams(XFILE fp, WOLFSSL_DH* dh); /* DSA */ #define PEM_write_bio_DSAPrivateKey wolfSSL_PEM_write_bio_DSAPrivateKey #define PEM_write_DSAPrivateKey wolfSSL_PEM_write_DSAPrivateKey +#define PEM_write_bio_DSA_PUBKEY wolfSSL_PEM_write_bio_DSA_PUBKEY #define PEM_write_DSA_PUBKEY wolfSSL_PEM_write_DSA_PUBKEY +#define PEM_read_bio_DSAPrivateKey wolfSSL_PEM_read_bio_DSAPrivateKey +#define PEM_read_bio_DSA_PUBKEY wolfSSL_PEM_read_bio_DSA_PUBKEY /* ECC */ #define PEM_write_bio_ECPrivateKey wolfSSL_PEM_write_bio_ECPrivateKey +#define PEM_write_bio_EC_PUBKEY wolfSSL_PEM_write_bio_EC_PUBKEY #define PEM_write_EC_PUBKEY wolfSSL_PEM_write_EC_PUBKEY #define PEM_write_ECPrivateKey wolfSSL_PEM_write_ECPrivateKey +#define PEM_read_bio_ECPrivateKey wolfSSL_PEM_read_bio_ECPrivateKey +#define PEM_read_bio_EC_PUBKEY wolfSSL_PEM_read_bio_EC_PUBKEY /* EVP_KEY */ #define PEM_read_bio_PrivateKey wolfSSL_PEM_read_bio_PrivateKey #define PEM_read_PUBKEY wolfSSL_PEM_read_PUBKEY diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index d7dbfcf3c..b82229980 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -42,6 +42,12 @@ #include #endif +#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) +#include +#include +#include +#endif + /* all NID_* values are in asn.h */ #include @@ -111,12 +117,23 @@ typedef WOLFSSL_X509_VERIFY_PARAM X509_VERIFY_PARAM; #define EVP_CIPHER_INFO EncryptedInfo #define STACK_OF(x) WOLFSSL_STACK +#define OPENSSL_STACK WOLFSSL_STACK +#define _STACK OPENSSL_STACK + +#define CONF_get1_default_config_file wolfSSL_CONF_get1_default_config_file +typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; + +#ifdef WOLFSSL_QT + #define CRYPTO_free(xp) {if((xp)) wolfSSL_Free((xp));} +#else + #define CRYPTO_free XFREE +#endif -#define CRYPTO_free XFREE #define CRYPTO_malloc XMALLOC #define CRYPTO_EX_new WOLFSSL_CRYPTO_EX_new #define CRYPTO_EX_dup WOLFSSL_CRYPTO_EX_dup #define CRYPTO_EX_free WOLFSSL_CRYPTO_EX_free +#define CRYPTO_EX_DATA WOLFSSL_CRYPTO_EX_DATA /* depreciated */ #define CRYPTO_thread_id wolfSSL_thread_id @@ -135,6 +152,8 @@ typedef WOLFSSL_X509_VERIFY_PARAM X509_VERIFY_PARAM; #define CRYPTO_dynlock_value WOLFSSL_dynlock_value #define CRYPTO_cleanup_all_ex_data wolfSSL_cleanup_all_ex_data +#define set_ex_data wolfSSL_CRYPTO_set_ex_data +#define get_ex_data wolfSSL_CRYPTO_get_ex_data /* this function was used to set the default malloc, free, and realloc */ #define CRYPTO_malloc_init() 0 /* CRYPTO_malloc_init is not needed */ @@ -244,7 +263,7 @@ typedef WOLFSSL_X509_VERIFY_PARAM X509_VERIFY_PARAM; #define SSL_set_quiet_shutdown wolfSSL_set_quiet_shutdown #define SSL_get_error wolfSSL_get_error #define SSL_set_session wolfSSL_set_session -#define SSL_get_session wolfSSL_get_session +#define SSL_get_session(x) wolfSSL_get_session((WOLFSSL*) (x)) #define SSL_flush_sessions wolfSSL_flush_sessions /* assume unlimited temporarily */ #define SSL_CTX_get_session_cache_mode(ctx) 0 @@ -299,6 +318,7 @@ typedef WOLFSSL_X509_VERIFY_PARAM X509_VERIFY_PARAM; #define SSL_SESSION_get_master_key_length wolfSSL_SESSION_get_master_key_length #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) + #define SSL_MODE_RELEASE_BUFFERS 0x00000010U #define ASN1_BOOLEAN WOLFSSL_ASN1_BOOLEAN #define X509_get_ext wolfSSL_X509_get_ext #define X509_cmp wolfSSL_X509_cmp @@ -307,6 +327,7 @@ typedef WOLFSSL_X509_VERIFY_PARAM X509_VERIFY_PARAM; #define X509_EXTENSION_get_data wolfSSL_X509_EXTENSION_get_data #define X509_EXTENSION_new wolfSSL_X509_EXTENSION_new #define X509_EXTENSION_free wolfSSL_X509_EXTENSION_free + #define X509_gmtime_adj wolfSSL_X509_gmtime_adj #endif #define DSA_dup_DH wolfSSL_DSA_dup_DH @@ -474,14 +495,22 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define X509_STORE_CTX_init wolfSSL_X509_STORE_CTX_init #define X509_STORE_CTX_cleanup wolfSSL_X509_STORE_CTX_cleanup #define X509_STORE_CTX_set_error wolfSSL_X509_STORE_CTX_set_error +#define X509_STORE_CTX_set_error_depth wolfSSL_X509_STORE_CTX_set_error_depth #define X509_STORE_CTX_get_ex_data wolfSSL_X509_STORE_CTX_get_ex_data #define X509_STORE_CTX_set_ex_data wolfSSL_X509_STORE_CTX_set_ex_data #define X509_STORE_CTX_set_depth wolfSSL_X509_STORE_CTX_set_depth +#define X509_STORE_CTX_verify_cb WOLFSSL_X509_STORE_CTX_verify_cb #define X509_STORE_CTX_get0_current_issuer \ wolfSSL_X509_STORE_CTX_get0_current_issuer #define X509_STORE_CTX_get0_store wolfSSL_X509_STORE_CTX_get0_store #define X509_STORE_CTX_get0_cert wolfSSL_X509_STORE_CTX_get0_cert +#define X509_STORE_set_verify_cb(s, c) \ +wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_CTX_verify_cb)(c)) +#define X509_STORE_set_verify_cb_func(s, c) \ +wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_CTX_verify_cb)(c)) + + #define X509_STORE_new wolfSSL_X509_STORE_new #define X509_STORE_free wolfSSL_X509_STORE_free #define X509_STORE_add_lookup wolfSSL_X509_STORE_add_lookup @@ -515,6 +544,7 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define X509_get_X509_PUBKEY wolfSSL_X509_get_X509_PUBKEY #define X509_get0_tbs_sigalg wolfSSL_X509_get0_tbs_sigalg #define X509_PUBKEY_get0_param wolfSSL_X509_PUBKEY_get0_param +#define X509_PUBKEY_get wolfSSL_X509_PUBKEY_get #define X509_ALGOR_get0 wolfSSL_X509_ALGOR_get0 #define sk_X509_REVOKED_num wolfSSL_sk_X509_REVOKED_num @@ -592,6 +622,7 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; #define sk_ASN1_OBJECT_free wolfSSL_sk_ASN1_OBJECT_free +#define ASN1_TIME_free wolfSSL_ASN1_TIME_free #define ASN1_TIME_adj wolfSSL_ASN1_TIME_adj #define ASN1_TIME_print wolfSSL_ASN1_TIME_print #define ASN1_TIME_to_generalizedtime wolfSSL_ASN1_TIME_to_generalizedtime @@ -797,6 +828,7 @@ typedef WOLFSSL_X509_NAME_ENTRY X509_NAME_ENTRY; /*#endif*/ #define CONF_modules_unload(a) +#define CONF_get1_default_config_file wolfSSL_CONF_get1_default_config_file #define SSL_get_hit wolfSSL_session_reused @@ -829,6 +861,7 @@ enum { GEN_DNS = 0x02, /* ASN_DNS_TYPE */ GEN_EMAIL = 0x01, /* ASN_RFC822_TYPE */ GEN_URI = 0x06, /* ASN_URI_TYPE */ + GEN_IPADD = 0x07, GEN_RID = 0x08, /* Registered ID, not supported */ }; @@ -923,6 +956,7 @@ enum { #define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 11 #define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 12 #define SSL_CTRL_SET_TMP_DH 3 +#define SSL_CTRL_SET_TMP_ECDH 4 #define SSL_CTRL_SET_TLSEXT_DEBUG_ARG 57 #define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE 65 #define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS 66 @@ -932,8 +966,8 @@ enum { #define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP 70 #define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP 71 -#define SSL_CTRL_SET_TMP_DH 3 #define SSL_CTRL_EXTRA_CHAIN_CERT 14 +#define SSL_CTRL_OPTIONS 32 #define SSL_CTRL_SET_SESS_CACHE_SIZE 42 #define SSL_CTRL_GET_READ_AHEAD 40 @@ -943,9 +977,11 @@ enum { #define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG 64 #define SSL_CTRL_GET_EXTRA_CHAIN_CERTS 82 +#define SSL_CTRL_GET_SESSION_REUSED 0 #define SSL_ctrl wolfSSL_ctrl #define SSL_CTX_ctrl wolfSSL_CTX_ctrl +#define SSL_CTX_callback_ctrl wolfSSL_CTX_callback_ctrl #define SSL3_RANDOM_SIZE 32 /* same as RAN_LEN in internal.h */ @@ -980,7 +1016,7 @@ enum { #define SSL_CTX_flush_sessions wolfSSL_flush_sessions #define SSL_CTX_add_session wolfSSL_CTX_add_session -#define SSL_version wolfSSL_version +#define SSL_version(x) wolfSSL_version ((WOLFSSL*) (x)) #define SSL_get_state wolfSSL_get_state #define SSL_state_string_long wolfSSL_state_string_long @@ -1002,7 +1038,7 @@ enum { #define AUTHORITY_INFO_ACCESS_free wolfSSL_AUTHORITY_INFO_ACCESS_free #define sk_ACCESS_DESCRIPTION_pop_free wolfSSL_sk_ACCESS_DESCRIPTION_pop_free #define sk_ACCESS_DESCRIPTION_free wolfSSL_sk_ACCESS_DESCRIPTION_free -#define ACCESS_DESCRIPTION_free NULL +#define ACCESS_DESCRIPTION_free wolfSSL_ACCESS_DESCRIPTION_free #define SSL3_AL_FATAL 2 #define SSL_TLSEXT_ERR_OK 0 diff --git a/wolfssl/openssl/x509_vfy.h b/wolfssl/openssl/x509_vfy.h index 54afb6707..86c995b43 100644 --- a/wolfssl/openssl/x509_vfy.h +++ b/wolfssl/openssl/x509_vfy.h @@ -1 +1,45 @@ -/* x509_vfy.h for openssl */ +/* x509_vfy.h + * + * Copyright (C) 2006-2017 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* x509_vfy.h for openSSL */ + +#ifndef WOLFSSL_x509_vfy_H_ +#define WOLFSSL_x509_vfy_H_ + +#include + +#ifdef __cplusplus + extern "C" { +#endif + +#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) + WOLFSSL_API int wolfSSL_X509_STORE_CTX_set_purpose(WOLFSSL_X509_STORE_CTX *ctx, int purpose); +#endif + +#ifdef WOLFSSL_QT + #define X509_STORE_CTX_set_purpose wolfSSL_X509_STORE_CTX_set_purpose +#endif + +#ifdef __cplusplus +} /* extern "C" */ +#endif + +#endif /* WOLFSSL_x509_vfy_H_ */ diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index f9232768e..2c04187e3 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -121,8 +121,9 @@ typedef struct WOLFSSL_X509_INFO WOLFSSL_X509_INFO; typedef struct WOLFSSL_CERT_MANAGER WOLFSSL_CERT_MANAGER; typedef struct WOLFSSL_SOCKADDR WOLFSSL_SOCKADDR; typedef struct WOLFSSL_CRL WOLFSSL_CRL; +typedef struct WOLFSSL_X509_STORE_CTX WOLFSSL_X509_STORE_CTX; -typedef void *WOLFSSL_X509_STORE_CTX_verify_cb; /* verify callback */ +typedef int (*WOLFSSL_X509_STORE_CTX_verify_cb)(int, WOLFSSL_X509_STORE_CTX *); /* redeclare guard */ #define WOLFSSL_TYPES_DEFINED @@ -149,6 +150,7 @@ typedef struct WOLFSSL_DSA WOLFSSL_DSA; typedef struct WOLFSSL_EC_KEY WOLFSSL_EC_KEY; typedef struct WOLFSSL_EC_POINT WOLFSSL_EC_POINT; typedef struct WOLFSSL_EC_GROUP WOLFSSL_EC_GROUP; +typedef struct WOLFSSL_EC_BUILTIN_CURVE WOLFSSL_EC_BUILTIN_CURVE; #define WOLFSSL_EC_TYPE_DEFINED #endif @@ -325,10 +327,18 @@ struct WOLFSSL_EVP_PKEY { WOLFSSL_RSA* rsa; byte ownRsa; /* if struct owns RSA and should free it */ #endif + #ifndef NO_DSA + WOLFSSL_DSA* dsa; + byte ownDsa; /* if struct owns DSA and should free it */ + #endif #ifdef HAVE_ECC WOLFSSL_EC_KEY* ecc; byte ownEcc; /* if struct owns ECC and should free it */ #endif + #ifndef NO_DH + WOLFSSL_DH* dh; + byte ownDh; /* if struct owns DH and should free it */ + #endif WC_RNG rng; #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ #ifdef HAVE_ECC @@ -361,12 +371,18 @@ struct WOLFSSL_X509_INFO { #define WOLFSSL_EVP_PKEY_DEFAULT EVP_PKEY_RSA /* default key type */ +#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) + #define wolfSSL_SSL_MODE_RELEASE_BUFFERS 0x00000010U + #define wolfSSL_SSL_CTRL_SET_TMP_ECDH 4 +#endif + struct WOLFSSL_X509_ALGOR { WOLFSSL_ASN1_OBJECT* algorithm; }; struct WOLFSSL_X509_PUBKEY { WOLFSSL_X509_ALGOR* algor; + WOLFSSL_EVP_PKEY* pkey; int pubKeyOID; }; @@ -459,8 +475,14 @@ struct WOLFSSL_BIO { byte type; /* method type */ byte init:1; /* bio has been initialized */ byte shutdown:1; /* close flag */ +#ifdef HAVE_EX_DATA + void* ex_data[MAX_EX_DATA]; +#endif }; +typedef struct WOLFSSL_CRYPTO_EX_DATA { + WOLFSSL_STACK* data; +} WOLFSSL_CRYPTO_EX_DATA; typedef struct WOLFSSL_COMP_METHOD { int type; /* stunnel dereference */ @@ -488,6 +510,10 @@ struct WOLFSSL_X509_STORE { int isDynamic; WOLFSSL_X509_VERIFY_PARAM* param; /* certificate validation parameter */ #endif +#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) + WOLFSSL_X509_STORE_CTX_verify_cb verify_cb; + WOLFSSL_CRYPTO_EX_DATA ex_data; +#endif #if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) WOLFSSL_X509_CRL *crl; #endif @@ -538,7 +564,7 @@ typedef struct WOLFSSL_BUFFER_INFO { unsigned int length; } WOLFSSL_BUFFER_INFO; -typedef struct WOLFSSL_X509_STORE_CTX { +struct WOLFSSL_X509_STORE_CTX { WOLFSSL_X509_STORE* store; /* Store full of a CA cert chain */ WOLFSSL_X509* current_cert; /* current X509 (OPENSSL_EXTRA) */ #ifdef WOLFSSL_ASIO @@ -563,7 +589,7 @@ typedef struct WOLFSSL_X509_STORE_CTX { int totalCerts; /* number of peer cert buffers */ WOLFSSL_BUFFER_INFO* certs; /* peer certs */ WOLFSSL_X509_STORE_CTX_verify_cb verify_cb; /* verify callback */ -} WOLFSSL_X509_STORE_CTX; +}; typedef char* WOLFSSL_STRING; @@ -890,10 +916,6 @@ typedef int (*VerifyCallback)(int, WOLFSSL_X509_STORE_CTX*); #ifdef OPENSSL_EXTRA typedef void (CallbackInfoState)(const WOLFSSL*, int, int); -typedef struct WOLFSSL_CRYPTO_EX_DATA { - WOLFSSL_STACK* data; -} WOLFSSL_CRYPTO_EX_DATA; - typedef int (WOLFSSL_CRYPTO_EX_new)(void* p, void* ptr, WOLFSSL_CRYPTO_EX_DATA* a, int idx, long argValue, void* arg); typedef int (WOLFSSL_CRYPTO_EX_dup)(WOLFSSL_CRYPTO_EX_DATA* out, @@ -904,6 +926,8 @@ typedef void (WOLFSSL_CRYPTO_EX_free)(void* p, void* ptr, WOLFSSL_API int wolfSSL_get_ex_new_index(long argValue, void* arg, WOLFSSL_CRYPTO_EX_new* a, WOLFSSL_CRYPTO_EX_dup* b, WOLFSSL_CRYPTO_EX_free* c); +WOLFSSL_API int wolfSSL_CRYPTO_set_ex_data(WOLFSSL_CRYPTO_EX_DATA* r, int idx, void* arg); +WOLFSSL_API void* wolfSSL_CRYPTO_get_ex_data(const WOLFSSL_CRYPTO_EX_DATA* r, int idx); #endif WOLFSSL_API void wolfSSL_CTX_set_verify(WOLFSSL_CTX*, int, @@ -1063,6 +1087,7 @@ WOLFSSL_API WOLFSSL_ACCESS_DESCRIPTION* wolfSSL_sk_ACCESS_DESCRIPTION_value( WOLFSSL_API void wolfSSL_sk_ACCESS_DESCRIPTION_free(WOLFSSL_STACK* sk); WOLFSSL_API void wolfSSL_sk_ACCESS_DESCRIPTION_pop_free(WOLFSSL_STACK* sk, void (*f) (WOLFSSL_ACCESS_DESCRIPTION*)); +WOLFSSL_API void wolfSSL_ACCESS_DESCRIPTION_free(WOLFSSL_ACCESS_DESCRIPTION* access); WOLFSSL_API void wolfSSL_sk_X509_EXTENSION_pop_free( WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk, void f (WOLFSSL_X509_EXTENSION*)); @@ -1152,6 +1177,9 @@ WOLFSSL_API int wolfSSL_BIO_eof(WOLFSSL_BIO*); WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_s_mem(void); WOLFSSL_API WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_base64(void); WOLFSSL_API void wolfSSL_BIO_set_flags(WOLFSSL_BIO*, int); +WOLFSSL_API void wolfSSL_BIO_clear_flags(WOLFSSL_BIO *bio, int flags); +WOLFSSL_API int wolfSSL_BIO_set_ex_data(WOLFSSL_BIO *bio, int idx, void *data); +WOLFSSL_API void *wolfSSL_BIO_get_ex_data(WOLFSSL_BIO *bio, int idx); WOLFSSL_API long wolfSSL_BIO_set_nbio(WOLFSSL_BIO*, long); WOLFSSL_API int wolfSSL_BIO_get_mem_data(WOLFSSL_BIO* bio,void* p); @@ -1237,6 +1265,8 @@ WOLFSSL_API int wolfSSL_X509_STORE_CTX_get_error_depth(WOLFSSL_X509_STORE_CTX* WOLFSSL_API void wolfSSL_X509_STORE_CTX_set_verify_cb(WOLFSSL_X509_STORE_CTX *ctx, WOLFSSL_X509_STORE_CTX_verify_cb verify_cb); +WOLFSSL_API void wolfSSL_X509_STORE_set_verify_cb(WOLFSSL_X509_STORE *st, + WOLFSSL_X509_STORE_CTX_verify_cb verify_cb); WOLFSSL_API int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* n, unsigned char** out); #ifndef NO_RSA @@ -1245,12 +1275,12 @@ WOLFSSL_API int wolfSSL_RSA_print(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa, int offset WOLFSSL_API int wolfSSL_X509_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509* x509, unsigned long nmflags, unsigned long cflag); WOLFSSL_API int wolfSSL_X509_print(WOLFSSL_BIO* bio, WOLFSSL_X509* x509); -WOLFSSL_ABI WOLFSSL_API char* wolfSSL_X509_NAME_oneline(WOLFSSL_X509_NAME*, - char*, int); -WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_issuer_name( - WOLFSSL_X509*); -WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name( - WOLFSSL_X509*); +WOLFSSL_API char* wolfSSL_X509_NAME_oneline(WOLFSSL_X509_NAME*, char*, int); +#if defined(OPENSSL_EXTRA) && defined(XSNPRINTF) +WOLFSSL_API char* wolfSSL_X509_get_name_oneline(WOLFSSL_X509_NAME*, char*, int); +#endif +WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_issuer_name(WOLFSSL_X509*); +WOLFSSL_API WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name(WOLFSSL_X509*); WOLFSSL_API int wolfSSL_X509_ext_isSet_by_NID(WOLFSSL_X509*, int); WOLFSSL_API int wolfSSL_X509_ext_get_critical_by_NID(WOLFSSL_X509*, int); WOLFSSL_API int wolfSSL_X509_get_isCA(WOLFSSL_X509*); @@ -1334,6 +1364,7 @@ WOLFSSL_API void wolfSSL_X509_STORE_CTX_cleanup(WOLFSSL_X509_STORE_CTX*); WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_lastUpdate(WOLFSSL_X509_CRL*); WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_nextUpdate(WOLFSSL_X509_CRL*); +WOLFSSL_ASN1_TIME* wolfSSL_X509_gmtime_adj(WOLFSSL_ASN1_TIME *s, long adj); WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509*); WOLFSSL_API int wolfSSL_X509_CRL_verify(WOLFSSL_X509_CRL*, WOLFSSL_EVP_PKEY*); @@ -1395,6 +1426,7 @@ WOLFSSL_API WOLFSSL_BIGNUM *wolfSSL_ASN1_INTEGER_to_BN(const WOLFSSL_ASN1_INTEGE WOLFSSL_BIGNUM *bn); WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_adj(WOLFSSL_ASN1_TIME*, time_t, int, long); +WOLFSSL_API void wolfSSL_ASN1_TIME_free(WOLFSSL_ASN1_TIME* t); #endif WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_load_client_CA_file(const char*); @@ -1427,6 +1459,8 @@ WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_STORE_CTX_get0_cert( WOLFSSL_API int wolfSSL_get_ex_data_X509_STORE_CTX_idx(void); WOLFSSL_API void wolfSSL_X509_STORE_CTX_set_error( WOLFSSL_X509_STORE_CTX* ctx, int er); +void wolfSSL_X509_STORE_CTX_set_error_depth(WOLFSSL_X509_STORE_CTX* ctx, + int depth); WOLFSSL_API void* wolfSSL_get_ex_data(const WOLFSSL*, int); WOLFSSL_API void wolfSSL_CTX_set_default_passwd_cb_userdata(WOLFSSL_CTX*, @@ -1502,6 +1536,7 @@ WOLFSSL_API long wolfSSL_get_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char * WOLFSSL_API long wolfSSL_set_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char *resp, int len); WOLFSSL_API void wolfSSL_CONF_modules_unload(int all); +WOLFSSL_API char* wolfSSL_CONF_get1_default_config_file(void); WOLFSSL_API long wolfSSL_get_tlsext_status_exts(WOLFSSL *s, void *arg); WOLFSSL_API long wolfSSL_get_verify_result(const WOLFSSL *ssl); @@ -1530,7 +1565,6 @@ enum { SSL_OP_TLS_D5_BUG = 0x00000080, SSL_OP_TLS_BLOCK_PADDING_BUG = 0x00000100, SSL_OP_TLS_ROLLBACK_BUG = 0x00000200, - SSL_OP_ALL = 0x00000400, SSL_OP_EPHEMERAL_RSA = 0x00000800, WOLFSSL_OP_NO_SSLv3 = 0x00001000, WOLFSSL_OP_NO_TLSv1 = 0x00002000, @@ -1551,6 +1585,18 @@ enum { SSL_OP_NO_COMPRESSION = 0x10000000, WOLFSSL_OP_NO_TLSv1_3 = 0x20000000, WOLFSSL_OP_NO_SSLv2 = 0x40000000, + SSL_OP_ALL = + (SSL_OP_MICROSOFT_SESS_ID_BUG + | SSL_OP_NETSCAPE_CHALLENGE_BUG + | SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG + | SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG + | SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER + | SSL_OP_MSIE_SSLV2_RSA_PADDING + | SSL_OP_SSLEAY_080_CLIENT_DH_BUG + | SSL_OP_TLS_D5_BUG + | SSL_OP_TLS_BLOCK_PADDING_BUG + | SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS + | SSL_OP_TLS_ROLLBACK_BUG), }; /* for compatibility these must be macros */ @@ -1919,6 +1965,9 @@ WOLFSSL_API int wolfSSL_CTX_set_session_id_context(WOLFSSL_CTX*, const unsigned char*, unsigned int); WOLFSSL_ABI WOLFSSL_API WOLFSSL_X509* wolfSSL_get_peer_certificate(WOLFSSL*); WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_get_peer_cert_chain(const WOLFSSL*); +#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) +WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_set_peer_cert_chain(WOLFSSL* ssl); +#endif #ifdef OPENSSL_EXTRA WOLFSSL_API int wolfSSL_want(WOLFSSL*); @@ -3092,7 +3141,8 @@ WOLFSSL_API const char* wolfSSL_OBJ_nid2sn(int n); WOLFSSL_API int wolfSSL_OBJ_obj2nid(const WOLFSSL_ASN1_OBJECT *o); WOLFSSL_API int wolfSSL_OBJ_sn2nid(const char *sn); -WOLFSSL_API char* wolfSSL_OBJ_nid2ln(int n); +WOLFSSL_API const char* wolfSSL_OBJ_nid2ln(int n); +WOLFSSL_API int wolfSSL_OBJ_ln2nid(const char *ln); WOLFSSL_API int wolfSSL_OBJ_cmp(const WOLFSSL_ASN1_OBJECT* a, const WOLFSSL_ASN1_OBJECT* b); WOLFSSL_API int wolfSSL_OBJ_txt2nid(const char *sn); @@ -3104,11 +3154,15 @@ WOLFSSL_API int wolfSSL_OBJ_obj2txt(char *buf, int buf_len, WOLFSSL_ASN1_OBJECT WOLFSSL_API void wolfSSL_OBJ_cleanup(void); WOLFSSL_API int wolfSSL_OBJ_create(const char *oid, const char *sn, const char *ln); +#ifdef HAVE_ECC +WOLFSSL_LOCAL int NIDToEccEnum(int n); +#endif /* end of object functions */ WOLFSSL_API unsigned long wolfSSL_ERR_peek_last_error_line(const char **file, int *line); WOLFSSL_API long wolfSSL_ctrl(WOLFSSL* ssl, int cmd, long opt, void* pt); WOLFSSL_API long wolfSSL_CTX_ctrl(WOLFSSL_CTX* ctx, int cmd, long opt,void* pt); +WOLFSSL_API long wolfSSL_CTX_callback_ctrl(WOLFSSL_CTX* ctx, int cmd, void (*fp)(void)); WOLFSSL_API long wolfSSL_CTX_clear_extra_chain_certs(WOLFSSL_CTX* ctx); #ifndef NO_CERTS @@ -3632,6 +3686,7 @@ WOLFSSL_API const WOLFSSL_X509_ALGOR* wolfSSL_X509_get0_tbs_sigalg(const WOLFSSL WOLFSSL_API void wolfSSL_X509_ALGOR_get0(const WOLFSSL_ASN1_OBJECT **paobj, int *pptype, const void **ppval, const WOLFSSL_X509_ALGOR *algor); WOLFSSL_API WOLFSSL_X509_PUBKEY *wolfSSL_X509_get_X509_PUBKEY(const WOLFSSL_X509* x509); WOLFSSL_API int wolfSSL_X509_PUBKEY_get0_param(WOLFSSL_ASN1_OBJECT **ppkalg, const unsigned char **pk, int *ppklen, void **pa, WOLFSSL_X509_PUBKEY *pub); +WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_X509_PUBKEY_get(WOLFSSL_X509_PUBKEY* key); WOLFSSL_API int i2t_ASN1_OBJECT(char *buf, int buf_len, WOLFSSL_ASN1_OBJECT *a); WOLFSSL_API int wolfSSL_i2a_ASN1_OBJECT(WOLFSSL_BIO *bp, WOLFSSL_ASN1_OBJECT *a); WOLFSSL_API void SSL_CTX_set_tmp_dh_callback(WOLFSSL_CTX *ctx, WOLFSSL_DH *(*dh) (WOLFSSL *ssl, int is_export, int keylength)); diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 860a7a1d3..88f382970 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -98,6 +98,7 @@ enum ASN_Tags { ASN_DNS_TYPE = 0x02, ASN_DIR_TYPE = 0x04, ASN_URI_TYPE = 0x06, /* the value 6 is from GeneralName OID */ + ASN_IP_TYPE = 0x07, /* the value 7 is from GeneralName OID */ ASN_GENERALIZED_TIME = 0x18, CRL_EXTENSIONS = 0xa0, ASN_EXTENSIONS = 0xa3, @@ -135,14 +136,21 @@ enum DN_Tags { /* DN Tag Strings */ #define WOLFSSL_COMMON_NAME "/CN=" +#define WOLFSSL_LN_COMMON_NAME "/commonName=" #define WOLFSSL_SUR_NAME "/SN=" #define WOLFSSL_SERIAL_NUMBER "/serialNumber=" #define WOLFSSL_COUNTRY_NAME "/C=" +#define WOLFSSL_LN_COUNTRY_NAME "/countryName=" #define WOLFSSL_LOCALITY_NAME "/L=" +#define WOLFSSL_LN_LOCALITY_NAME "/localityName=" #define WOLFSSL_STATE_NAME "/ST=" +#define WOLFSSL_LN_STATE_NAME "/stateOrProvinceName=" #define WOLFSSL_ORG_NAME "/O=" +#define WOLFSSL_LN_ORG_NAME "/organizationName=" #define WOLFSSL_ORGUNIT_NAME "/OU=" +#define WOLFSSL_LN_ORGUNIT_NAME "/organizationalUnitName=" #define WOLFSSL_DOMAIN_COMPONENT "/DC=" +#define WOLFSSL_LN_DOMAIN_COMPONENT "/domainComponent=" #define WOLFSSL_BUS_CAT "/businessCategory=" #define WOLFSSL_JOI_C "/jurisdictionC=" #define WOLFSSL_JOI_ST "/jurisdictionST=" @@ -287,6 +295,7 @@ enum Misc_ASN { MAX_ENCODED_DIG_ASN_SZ= 9, /* enum(bit or octet) + length(4) */ MAX_ENCODED_DIG_SZ = 64 + MAX_ENCODED_DIG_ASN_SZ, /* asn header + sha512 */ MAX_RSA_INT_SZ = 517, /* RSA raw sz 4096 for bits + tag + len(4) */ + MAX_DSA_INT_SZ = 261, /* DSA raw sz 2048 for bits + tag + len(4) */ MAX_NTRU_KEY_SZ = 610, /* NTRU 112 bit public key */ MAX_NTRU_ENC_SZ = 628, /* NTRU 112 bit DER public encoding */ MAX_LENGTH_SZ = 4, /* Max length size for DER encoding */ @@ -315,7 +324,7 @@ enum Misc_ASN { MAX_OID_STRING_SZ = 64, /* Max string length representation of OID*/ #endif #ifdef WOLFSSL_CERT_EXT - MAX_KID_SZ = 45, /* Max encoded KID length (SHA-256 case) */ + MAX_KID_SZ = 45, /* Max encoded KID length (SHA-256 case) */ MAX_KEYUSAGE_SZ = 18, /* Max encoded Key Usage length */ MAX_EXTKEYUSAGE_SZ = 12 + (6 * (8 + 2)) + CTC_MAX_EKU_OID_SZ, /* Max encoded ExtKeyUsage @@ -324,6 +333,7 @@ enum Misc_ASN { MAX_CERTPOL_NB = CTC_MAX_CERTPOL_NB,/* Max number of Cert Policy */ MAX_CERTPOL_SZ = CTC_MAX_CERTPOL_SZ, #endif + MAX_AIA_SZ = 2, /* Max Authority Info Access extension size*/ MAX_NAME_ENTRIES = 5, /* extra entries added to x509 name struct */ OCSP_NONCE_EXT_SZ = 35, /* OCSP Nonce Extension size */ MAX_OCSP_EXT_SZ = 58, /* Max OCSP Extension length */ @@ -421,9 +431,11 @@ enum Key_Sum { NTRUk = 274, ECDSAk = 518, ED25519k = 256 + #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) + ,DHk = 647 /* dhKeyAgreement OID: 1.2.840.113549.1.3.1 */ + #endif }; - #if !defined(NO_AES) || defined(HAVE_PKCS7) enum KeyWrap_Sum { #ifdef WOLFSSL_AES_128 @@ -794,6 +806,10 @@ struct DecodedCert { word32 extensionsIdx; /* if want to go back and parse later */ const byte* extAuthInfo; /* Authority Information Access URI */ int extAuthInfoSz; /* length of the URI */ +#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) + const byte* extAuthInfoCaIssuer; /* Authority Info Access caIssuer URI */ + int extAuthInfoCaIssuerSz; /* length of the caIssuer URI */ +#endif const byte* extCrlInfo; /* CRL Distribution Points */ int extCrlInfoSz; /* length of the URI */ byte extSubjKeyId[KEYID_SIZE]; /* Subject Key ID */ @@ -908,7 +924,7 @@ struct DecodedCert { byte extSubjAltNameSet : 1; byte inhibitAnyOidSet : 1; byte selfSigned : 1; /* Indicates subject and issuer are same */ -#ifdef WOLFSSL_SEP +#if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT) byte extCertPolicySet : 1; #endif #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) @@ -924,7 +940,7 @@ struct DecodedCert { byte extKeyUsageCrit : 1; byte extExtKeyUsageCrit : 1; #endif /* OPENSSL_EXTRA */ -#ifdef WOLFSSL_SEP +#if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT) byte extCertPolicyCrit : 1; #endif @@ -1119,6 +1135,12 @@ WOLFSSL_LOCAL int GetASNTag(const byte* input, word32* idx, byte* tag, WOLFSSL_LOCAL word32 SetLength(word32 length, byte* output); WOLFSSL_LOCAL word32 SetSequence(word32 len, byte* output); WOLFSSL_LOCAL word32 SetOctetString(word32 len, byte* output); +#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) +WOLFSSL_LOCAL int wc_DhParamsToDer(DhKey* key, byte* out, word32* outSz); +WOLFSSL_LOCAL int wc_DhPubKeyToDer(DhKey* key, byte* out, word32* outSz); +WOLFSSL_LOCAL int wc_DhPrivKeyToDer(DhKey* key, byte* out, word32* outSz); +WOLFSSL_LOCAL word32 SetBitString(word32 len, byte unusedBits, byte* output); +#endif WOLFSSL_LOCAL word32 SetImplicit(byte tag,byte number,word32 len,byte* output); WOLFSSL_LOCAL word32 SetExplicit(byte number, word32 len, byte* output); WOLFSSL_LOCAL word32 SetSet(word32 len, byte* output); @@ -1131,6 +1153,7 @@ WOLFSSL_LOCAL int GetSerialNumber(const byte* input, word32* inOutIdx, WOLFSSL_LOCAL int GetNameHash(const byte* source, word32* idx, byte* hash, int maxIdx); WOLFSSL_LOCAL int wc_CheckPrivateKey(byte* key, word32 keySz, DecodedCert* der); +WOLFSSL_LOCAL int StoreDHparams(byte* out, word32* outLen, mp_int* p, mp_int* g); #ifdef HAVE_ECC /* ASN sig helpers */ @@ -1139,6 +1162,9 @@ WOLFSSL_LOCAL int wc_CheckPrivateKey(byte* key, word32 keySz, DecodedCert* der); WOLFSSL_LOCAL int DecodeECC_DSA_Sig(const byte* sig, word32 sigLen, mp_int* r, mp_int* s); #endif +#if defined HAVE_ECC && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) +WOLFSSL_API int EccEnumToNID(int n); +#endif WOLFSSL_LOCAL void InitSignatureCtx(SignatureCtx* sigCtx, void* heap, int devId); WOLFSSL_LOCAL void FreeSignatureCtx(SignatureCtx* sigCtx); @@ -1387,6 +1413,7 @@ enum PBESTypes { PBE_SHA1_DES = 2, PBE_SHA1_DES3 = 3, PBE_AES256_CBC = 4, + PBE_AES128_CBC = 5, PBE_SHA1_RC4_128_SUM = 657, PBE_SHA1_DES3_SUM = 659, diff --git a/wolfssl/wolfcrypt/dh.h b/wolfssl/wolfcrypt/dh.h index 0d1b1e3ab..47b3abb61 100644 --- a/wolfssl/wolfcrypt/dh.h +++ b/wolfssl/wolfcrypt/dh.h @@ -59,6 +59,10 @@ typedef struct DhParams { /* Diffie-Hellman Key */ struct DhKey { mp_int p, g, q; /* group parameters */ +#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) + mp_int pub; + mp_int priv; +#endif void* heap; #ifdef WOLFSSL_ASYNC_CRYPT WC_ASYNC_DEV asyncDev; @@ -102,6 +106,10 @@ WOLFSSL_API int wc_DhSetKey(DhKey* key, const byte* p, word32 pSz, const byte* g word32 gSz); WOLFSSL_API int wc_DhSetKey_ex(DhKey* key, const byte* p, word32 pSz, const byte* g, word32 gSz, const byte* q, word32 qSz); +#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) +WOLFSSL_LOCAL int wc_DhSetFullKeys(DhKey* key,const byte* priv_key,word32 privSz, + const byte* pub_key, word32 pubSz); +#endif WOLFSSL_API int wc_DhSetCheckKey(DhKey* key, const byte* p, word32 pSz, const byte* g, word32 gSz, const byte* q, word32 qSz, int trusted, WC_RNG* rng); diff --git a/wolfssl/wolfcrypt/dsa.h b/wolfssl/wolfcrypt/dsa.h index 657dc0ba6..443dc3e11 100644 --- a/wolfssl/wolfcrypt/dsa.h +++ b/wolfssl/wolfcrypt/dsa.h @@ -41,6 +41,8 @@ #define DsaPublicKeyDecode wc_DsaPublicKeyDecode #define DsaPrivateKeyDecode wc_DsaPrivateKeyDecode #define DsaKeyToDer wc_DsaKeyToDer +#define SetDsaPublicKey wc_SetDsaPublicKey +#define DsaKeyToPublicDer wc_DsaKeyToPublicDer #ifdef __cplusplus extern "C" { @@ -71,6 +73,9 @@ WOLFSSL_API int wc_DsaPublicKeyDecode(const byte* input, word32* inOutIdx, WOLFSSL_API int wc_DsaPrivateKeyDecode(const byte* input, word32* inOutIdx, DsaKey*, word32); WOLFSSL_API int wc_DsaKeyToDer(DsaKey* key, byte* output, word32 inLen); +WOLFSSL_API int wc_SetDsaPublicKey(byte* output, DsaKey* key, + int outLen, int with_header); +WOLFSSL_API int wc_DsaKeyToPublicDer(DsaKey* key, byte* output, word32 inLen); #ifdef WOLFSSL_KEY_GEN WOLFSSL_API int wc_MakeDsaKey(WC_RNG *rng, DsaKey *dsa); diff --git a/wolfssl/wolfcrypt/error-crypt.h b/wolfssl/wolfcrypt/error-crypt.h index a8b8e5786..f278b741a 100644 --- a/wolfssl/wolfcrypt/error-crypt.h +++ b/wolfssl/wolfcrypt/error-crypt.h @@ -228,7 +228,9 @@ enum { PKCS7_SIGNEEDS_CHECK= -272, /* signature needs verified by caller */ PSS_SALTLEN_RECOVER_E=-273, /* PSS slat length not recoverable */ - WC_LAST_E = -273, /* Update this to indicate last error */ + ASN_SELF_SIGNED_E = -274, /* ASN self-signed certificate error */ + + WC_LAST_E = -274, /* Update this to indicate last error */ MIN_CODE_E = -300 /* errors -101 - -299 */ /* add new companion error id strings for any new error codes diff --git a/wolfssl/wolfcrypt/integer.h b/wolfssl/wolfcrypt/integer.h index 406b34eb7..0a574778a 100644 --- a/wolfssl/wolfcrypt/integer.h +++ b/wolfssl/wolfcrypt/integer.h @@ -229,6 +229,9 @@ typedef int ltm_prime_callback(unsigned char *dst, int len, void *dat); #define mp_isodd(a) \ (((a)->used > 0 && (((a)->dp[0] & 1u) == 1u)) ? MP_YES : MP_NO) #define mp_isneg(a) (((a)->sign != MP_ZPOS) ? MP_YES : MP_NO) +#define mp_isword(a, w) \ + ((((a)->used == 1) && ((a)->dp[0] == w)) || ((w == 0) && ((a)->used == 0)) \ + ? MP_YES : MP_NO) /* number of primes */ #ifdef MP_8BIT diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 1f1a672aa..d422ad761 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -1974,8 +1974,8 @@ extern void uITRON4_free(void *p) ; #endif #endif -#if defined(WOLFSSL_NGINX) - #define SSL_CTRL_SET_TLSEXT_HOSTNAME +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_QT) || defined(OPENSSL_ALL) + #define SSL_CTRL_SET_TLSEXT_HOSTNAME 55 #endif diff --git a/wolfssl/wolfcrypt/tfm.h b/wolfssl/wolfcrypt/tfm.h index 170280cef..4b7cc89e7 100644 --- a/wolfssl/wolfcrypt/tfm.h +++ b/wolfssl/wolfcrypt/tfm.h @@ -414,13 +414,16 @@ MP_API void fp_clear(fp_int *a); /* uses ForceZero to clear sensitive memory */ MP_API void fp_forcezero (fp_int * a); MP_API void fp_free(fp_int* a); -/* zero/even/odd ? */ +/* zero/one/even/odd/neg/word ? */ #define fp_iszero(a) (((a)->used == 0) ? FP_YES : FP_NO) #define fp_isone(a) \ ((((a)->used == 1) && ((a)->dp[0] == 1)) ? FP_YES : FP_NO) #define fp_iseven(a) (((a)->used > 0 && (((a)->dp[0] & 1) == 0)) ? FP_YES : FP_NO) #define fp_isodd(a) (((a)->used > 0 && (((a)->dp[0] & 1) == 1)) ? FP_YES : FP_NO) #define fp_isneg(a) (((a)->sign != 0) ? FP_YES : FP_NO) +#define fp_isword(a, w) \ + ((((a)->used == 1) && ((a)->dp[0] == w)) || ((w == 0) && ((a)->used == 0)) \ + ? FP_YES : FP_NO) /* set to a small digit */ void fp_set(fp_int *a, fp_digit b); @@ -700,10 +703,11 @@ int fp_sqr_comba64(fp_int *a, fp_int *b); #define MP_MASK FP_MASK /* Prototypes */ -#define mp_zero(a) fp_zero(a) -#define mp_isone(a) fp_isone(a) -#define mp_iseven(a) fp_iseven(a) -#define mp_isneg(a) fp_isneg(a) +#define mp_zero(a) fp_zero(a) +#define mp_isone(a) fp_isone(a) +#define mp_iseven(a) fp_iseven(a) +#define mp_isneg(a) fp_isneg(a) +#define mp_isword(a, w) fp_isword(a, w) #define MP_RADIX_BIN 2 #define MP_RADIX_OCT 8 diff --git a/wolfssl/wolfcrypt/wc_encrypt.h b/wolfssl/wolfcrypt/wc_encrypt.h index d1f1fb78b..cb8a60512 100644 --- a/wolfssl/wolfcrypt/wc_encrypt.h +++ b/wolfssl/wolfcrypt/wc_encrypt.h @@ -90,7 +90,7 @@ WOLFSSL_API int wc_Des3_CbcDecryptWithKey(byte* out, #ifndef NO_PWDBASED WOLFSSL_LOCAL int wc_CryptKey(const char* password, int passwordSz, byte* salt, int saltSz, int iterations, int id, byte* input, int length, - int version, byte* cbcIv, int enc); + int version, byte* cbcIv, int enc, int shaOid); #endif #ifdef __cplusplus