mirrors
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #7869 from julek-wolfssl/libspdm-x509 

libspdm x509 parts
This commit is contained in:
Daniel Pouzzner 2024-09-03 20:09:31 -05:00 committed by GitHub
parent ec6c7051a8 2c9a3c5c1c
commit 121b8c52f8
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
13 changed files with 324 additions and 87 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
src/pk.c
View File

@ -2052,6 +2052,32 @@ WOLFSSL_RSA *wolfSSL_PEM_read_bio_RSA_PUBKEY(WOLFSSL_BIO* bio,
}
return rsa;
}
WOLFSSL_RSA *wolfSSL_d2i_RSA_PUBKEY_bio(WOLFSSL_BIO *bio, WOLFSSL_RSA **out)
{
char* data = NULL;
int dataSz = 0;
int memAlloced = 0;
WOLFSSL_RSA* rsa = NULL;
WOLFSSL_ENTER("wolfSSL_d2i_RSA_PUBKEY_bio");
if (bio == NULL)
return NULL;
if (wolfssl_read_bio(bio, &data, &dataSz, &memAlloced) != 0) {
if (memAlloced)
XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return NULL;
}
rsa = wolfssl_rsa_d2i(out, (const unsigned char*)data, dataSz,
WOLFSSL_RSA_LOAD_PUBLIC);
if (memAlloced)
XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return rsa;
}
#endif /* !NO_BIO */
#ifndef NO_FILESYSTEM
@ -12342,6 +12368,56 @@ int wolfSSL_EC_KEY_LoadDer_ex(WOLFSSL_EC_KEY* key, const unsigned char* derBuf,
return res;
}
#ifndef NO_BIO
WOLFSSL_EC_KEY *wolfSSL_d2i_EC_PUBKEY_bio(WOLFSSL_BIO *bio,
WOLFSSL_EC_KEY **out)
{
char* data = NULL;
int dataSz = 0;
int memAlloced = 0;
WOLFSSL_EC_KEY* ec = NULL;
int err = 0;
WOLFSSL_ENTER("wolfSSL_d2i_EC_PUBKEY_bio");
if (bio == NULL)
return NULL;
if (err == 0 && wolfssl_read_bio(bio, &data, &dataSz, &memAlloced) != 0) {
WOLFSSL_ERROR_MSG("wolfssl_read_bio failed");
err = 1;
}
if (err == 0 && (ec = wolfSSL_EC_KEY_new()) == NULL) {
WOLFSSL_ERROR_MSG("wolfSSL_EC_KEY_new failed");
err = 1;
}
/* Load the EC key with the public key from the DER encoding. */
if (err == 0 && wolfSSL_EC_KEY_LoadDer_ex(ec, (const unsigned char*)data,
dataSz, WOLFSSL_EC_KEY_LOAD_PUBLIC) != 1) {
WOLFSSL_ERROR_MSG("wolfSSL_EC_KEY_LoadDer_ex failed");
err = 1;
}
if (memAlloced)
XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (err) { /* on error */
wolfSSL_EC_KEY_free(ec);
ec = NULL;
}
else { /* on success */
if (out != NULL)
*out = ec;
}
return ec;
}
#endif /* !NO_BIO */
/*
* EC key PEM APIs
*/

27
src/ssl_asn1.c
View File

@ -3986,7 +3986,7 @@ unsigned char* wolfSSL_ASN1_TIME_get_data(const WOLFSSL_ASN1_TIME *t)
*/
int wolfSSL_ASN1_TIME_check(const WOLFSSL_ASN1_TIME* a)
{
int ret = 1;
int ret = WOLFSSL_SUCCESS;
char buf[MAX_TIME_STRING_SZ];
WOLFSSL_ENTER("wolfSSL_ASN1_TIME_check");
@ -3994,7 +3994,7 @@ int wolfSSL_ASN1_TIME_check(const WOLFSSL_ASN1_TIME* a)
/* If can convert to human readable then format good. */
if (wolfSSL_ASN1_TIME_to_string((WOLFSSL_ASN1_TIME*)a, buf,
MAX_TIME_STRING_SZ) == NULL) {
ret = 0;
ret = WOLFSSL_FAILURE;
}
return ret;
@ -4012,7 +4012,7 @@ int wolfSSL_ASN1_TIME_check(const WOLFSSL_ASN1_TIME* a)
*/
int wolfSSL_ASN1_TIME_set_string(WOLFSSL_ASN1_TIME *t, const char *str)
{
int ret = 1;
int ret = WOLFSSL_SUCCESS;
int slen = 0;
WOLFSSL_ENTER("wolfSSL_ASN1_TIME_set_string");
@ -4021,15 +4021,15 @@ int wolfSSL_ASN1_TIME_set_string(WOLFSSL_ASN1_TIME *t, const char *str)
WOLFSSL_MSG("Bad parameter");
ret = 0;
}
if (ret == 1) {
if (ret == WOLFSSL_SUCCESS) {
/* Get length of string including NUL terminator. */
slen = (int)XSTRLEN(str) + 1;
if (slen > CTC_DATE_SIZE) {
WOLFSSL_MSG("Date string too long");
ret = 0;
ret = WOLFSSL_FAILURE;
}
}
if ((ret == 1) && (t != NULL)) {
if ((ret == WOLFSSL_SUCCESS) && (t != NULL)) {
/* Copy in string including NUL terminator. */
XMEMCPY(t->data, str, (size_t)slen);
/* Do not include NUL terminator in length. */
@ -4042,6 +4042,21 @@ int wolfSSL_ASN1_TIME_set_string(WOLFSSL_ASN1_TIME *t, const char *str)
return ret;
}
int wolfSSL_ASN1_TIME_set_string_X509(WOLFSSL_ASN1_TIME *t, const char *str)
{
int ret = WOLFSSL_SUCCESS;
WOLFSSL_ENTER("wolfSSL_ASN1_TIME_set_string_X509");
if (t == NULL)
ret = WOLFSSL_FAILURE;
if (ret == WOLFSSL_SUCCESS)
ret = wolfSSL_ASN1_TIME_set_string(t, str);
if (ret == WOLFSSL_SUCCESS)
ret = wolfSSL_ASN1_TIME_check(t);
return ret;
}
/* Convert ASN.1 TIME object to ASN.1 GENERALIZED TIME object.
*
* @param [in] t ASN.1 TIME object.

7
src/ssl_bn.c
View File

@ -492,7 +492,7 @@ WOLFSSL_BIGNUM* wolfSSL_BN_bin2bn(const unsigned char* data, int len,
WOLFSSL_ENTER("wolfSSL_BN_bin2bn");
/* Validate parameters. */
if ((data == NULL) || (len < 0)) {
if (len < 0) {
ret = NULL;
}
/* Allocate a new big number when ret is NULL. */
@ -507,7 +507,7 @@ WOLFSSL_BIGNUM* wolfSSL_BN_bin2bn(const unsigned char* data, int len,
if (ret->internal == NULL) {
ret = NULL;
}
else {
else if (data != NULL) {
/* Decode into big number. */
if (mp_read_unsigned_bin((mp_int*)ret->internal, data, (word32)len)
!= 0) {
@ -520,6 +520,9 @@ WOLFSSL_BIGNUM* wolfSSL_BN_bin2bn(const unsigned char* data, int len,
bn = NULL;
}
}
else if (data == NULL) {
wolfSSL_BN_zero(ret);
}
}
/* Dispose of allocated BN not being returned. */

10
src/ssl_misc.c
View File

@ -165,7 +165,15 @@ static int wolfssl_read_bio(WOLFSSL_BIO* bio, char** data, int* dataSz,
if (bio->type == WOLFSSL_BIO_MEMORY) {
ret = wolfSSL_BIO_get_mem_data(bio, data);
if (ret > 0) {
bio->rdIdx += ret;
/* Advance the write index in the memory bio */
WOLFSSL_BIO* mem_bio = bio;
for (; mem_bio != NULL; mem_bio = mem_bio->next) {
if (mem_bio->type == WOLFSSL_BIO_MEMORY)
break;
}
if (mem_bio == NULL)
mem_bio = bio; /* Default to input */
mem_bio->rdIdx += ret;
}
*memAlloced = 0;
}

85
src/x509.c
View File

@ -367,38 +367,6 @@ int wolfSSL_sk_X509_EXTENSION_push(WOLFSSL_STACK* sk,WOLFSSL_X509_EXTENSION* ext
return wolfSSL_sk_push(sk, ext);
}
/* Free the structure for X509_EXTENSION stack
*
* sk stack to free nodes in
*/
void wolfSSL_sk_X509_EXTENSION_free(WOLFSSL_STACK* sk)
{
WOLFSSL_STACK* node;
WOLFSSL_ENTER("wolfSSL_sk_X509_EXTENSION_free");
if (sk == NULL) {
return;
}
/* parse through stack freeing each node */
node = sk->next;
while ((node != NULL) && (sk->num > 1)) {
WOLFSSL_STACK* tmp = node;
node = node->next;
wolfSSL_X509_EXTENSION_free(tmp->data.ext);
XFREE(tmp, NULL, DYNAMIC_TYPE_X509);
sk->num -= 1;
}
/* free head of stack */
if (sk->num == 1) {
wolfSSL_X509_EXTENSION_free(sk->data.ext);
}
XFREE(sk, NULL, DYNAMIC_TYPE_X509);
}
static WOLFSSL_STACK* generateExtStack(const WOLFSSL_X509 *x)
{
int numOfExt, i;
@ -872,11 +840,37 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
switch (oid) {
case BASIC_CA_OID:
{
word32 dataIdx = idx;
word32 dummyOid;
int dataLen = 0;
if (!isSet)
break;
/* Set pathlength */
a = wolfSSL_ASN1_INTEGER_new();
if (a == NULL) {
/* Set the data */
ret = GetObjectId(input, &dataIdx, &dummyOid, oidCertExtType,
(word32)sz) == 0;
if (ret && dataIdx < (word32)sz) {
/* Skip the critical information */
if (input[dataIdx] == ASN_BOOLEAN) {
dataIdx++;
ret = GetLength(input, &dataIdx, &dataLen, sz) >= 0;
dataIdx += dataLen;
}
}
if (ret) {
ret = GetOctetString(input, &dataIdx, &dataLen,
(word32)sz) > 0;
}
if (ret) {
ret = wolfSSL_ASN1_STRING_set(&ext->value, input + dataIdx,
dataLen) == 1;
}
if (a == NULL || !ret) {
wolfSSL_X509_EXTENSION_free(ext);
FreeDecodedCert(cert);
#ifdef WOLFSSL_SMALL_STACK
@ -892,7 +886,7 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
ext->obj->ca = x509->isCa;
ext->crit = x509->basicConstCrit;
break;
}
case AUTH_INFO_OID:
if (!isSet)
break;
@ -3654,6 +3648,24 @@ WOLFSSL_X509* wolfSSL_X509_REQ_d2i(WOLFSSL_X509** x509,
{
return d2i_X509orX509REQ(x509, in, len, 1, NULL);
}
WOLFSSL_X509* wolfSSL_d2i_X509_REQ_INFO(WOLFSSL_X509** req,
const unsigned char** in, int len)
{
WOLFSSL_X509* ret = NULL;
WOLFSSL_ENTER("wolfSSL_d2i_X509_REQ_INFO");
if (in == NULL) {
WOLFSSL_MSG("NULL input for wolfSSL_d2i_X509");
return NULL;
}
ret = wolfSSL_X509_REQ_d2i(req, *in, len);
if (ret != NULL) {
*in += ret->derCert->length;
}
return ret;
}
#endif
#endif /* KEEP_PEER_CERT || SESSION_CERTS || OPENSSL_EXTRA ||
@ -5042,6 +5054,11 @@ void wolfSSL_sk_X509_EXTENSION_pop_free(
wolfSSL_sk_pop_free(sk, (wolfSSL_sk_freefunc)f);
}
void wolfSSL_sk_X509_EXTENSION_free(WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk)
{
wolfSSL_sk_pop_free(sk, NULL);
}
#endif /* OPENSSL_EXTRA */
#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)

106
tests/api.c
View File

@ -48391,6 +48391,9 @@ static int test_wolfSSL_ASN1_TIME(void)
ExpectIntEQ(ASN1_TIME_check(NULL), 0);
ExpectIntEQ(ASN1_TIME_check(asn_time), 1);
ExpectIntEQ(ASN1_TIME_set_string_X509(asn_time, "101219181011Z"), 1);
ExpectIntEQ(ASN1_TIME_set_string_X509(asn_time, "101219181011Za"), 0);
ASN1_TIME_free(asn_time);
ASN1_TIME_free(NULL);
#endif
@ -52851,10 +52854,9 @@ static int test_wolfSSL_EVP_MD_size(void)
/* error case */
wolfSSL_EVP_MD_CTX_init(&mdCtx);
ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, ""), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
ExpectIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)),
WC_NO_ERR_TRACE(BAD_FUNC_ARG));
ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, ""), 0);
ExpectIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), 0);
ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), 0);
/* Cleanup is valid on uninit'ed struct */
ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1);
#endif /* OPENSSL_EXTRA */
@ -55753,7 +55755,6 @@ static int test_wolfSSL_BN_enc_dec(void)
XMEMSET(&emptyBN, 0, sizeof(emptyBN));
ExpectNotNull(a = BN_new());
ExpectNotNull(b = BN_new());
ExpectIntEQ(BN_set_word(a, 2), 1);
/* Invalid parameters */
ExpectIntEQ(BN_bn2bin(NULL, NULL), -1);
@ -55765,8 +55766,10 @@ static int test_wolfSSL_BN_enc_dec(void)
ExpectNull(BN_bn2dec(NULL));
ExpectNull(BN_bn2dec(&emptyBN));
ExpectNull(BN_bin2bn(NULL, sizeof(binNum), NULL));
ExpectNull(BN_bin2bn(NULL, sizeof(binNum), a));
ExpectNotNull(BN_bin2bn(NULL, sizeof(binNum), a));
BN_free(a);
ExpectNotNull(a = BN_new());
ExpectIntEQ(BN_set_word(a, 2), 1);
ExpectNull(BN_bin2bn(binNum, -1, a));
ExpectNull(BN_bin2bn(binNum, -1, NULL));
ExpectNull(BN_bin2bn(binNum, sizeof(binNum), &emptyBN));
@ -62750,6 +62753,10 @@ static int test_othername_and_SID_ext(void) {
ExpectIntGT(X509_REQ_sign(x509, priv, EVP_sha256()), 0);
pt = der;
ExpectIntGT(derSz = i2d_X509_REQ(x509, &pt), 0);
X509_REQ_free(x509);
x509 = NULL;
pt = der;
ExpectNotNull(d2i_X509_REQ_INFO(&x509, (const unsigned char**)&pt, derSz));
sk_GENERAL_NAME_pop_free(gns, GENERAL_NAME_free);
gns = NULL;
sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
@ -62758,7 +62765,6 @@ static int test_othername_and_SID_ext(void) {
ASN1_OBJECT_free(sid_oid);
ASN1_OCTET_STRING_free(sid_data);
X509_REQ_free(x509);
x509 = NULL;
EVP_PKEY_free(priv);
/* At this point everything used to generate what is in der is cleaned up.
@ -65186,6 +65192,13 @@ static int test_wolfSSL_d2i_PrivateKeys_bio(void)
sizeof_client_key_der_2048), 0);
XFREE(bufPtr, NULL, DYNAMIC_TYPE_OPENSSL);
RSA_free(rsa);
rsa = NULL;
ExpectIntGT(BIO_write(bio, client_key_der_2048,
sizeof_client_key_der_2048), 0);
ExpectNotNull(d2i_RSA_PUBKEY_bio(bio, &rsa));
(void)BIO_reset(bio);
RSA_free(rsa);
rsa = RSA_new();
ExpectIntEQ(wolfSSL_i2d_RSAPrivateKey(rsa, NULL), 0);
@ -67173,9 +67186,9 @@ static int test_wolfSSL_EVP_PKEY_keygen(void)
ExpectNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
/* Bad cases */
ExpectIntEQ(wolfSSL_EVP_PKEY_keygen(NULL, &pkey), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
ExpectIntEQ(wolfSSL_EVP_PKEY_keygen(ctx, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
ExpectIntEQ(wolfSSL_EVP_PKEY_keygen(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG));
ExpectIntEQ(wolfSSL_EVP_PKEY_keygen(NULL, &pkey), 0);
ExpectIntEQ(wolfSSL_EVP_PKEY_keygen(ctx, NULL), 0);
ExpectIntEQ(wolfSSL_EVP_PKEY_keygen(NULL, NULL), 0);
/* Good case */
ExpectIntEQ(wolfSSL_EVP_PKEY_keygen(ctx, &pkey), 0);
@ -76483,6 +76496,65 @@ static int test_wolfSSL_RSA(void)
ExpectNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
ExpectIntEQ(RSA_size(rsa), 256);
#if (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(6,0,0)) && !defined(HAVE_SELFTEST)
{
/* Test setting only subset of parameters */
RSA *rsa2 = NULL;
unsigned char hash[SHA256_DIGEST_LENGTH];
unsigned char signature[2048/8];
unsigned int signatureLen = 0;
XMEMSET(hash, 0, sizeof(hash));
RSA_get0_key(rsa, &n, &e, &d);
RSA_get0_factors(rsa, &p, &q);
RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature,
&signatureLen, rsa), 1);
/* Quick sanity check */
ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature,
signatureLen, rsa), 1);
/* Verifying */
ExpectNotNull(rsa2 = RSA_new());
ExpectIntEQ(RSA_set0_key(rsa2, BN_dup(n), BN_dup(e), NULL), 1);
ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature,
signatureLen, rsa2), 1);
ExpectIntEQ(RSA_set0_factors(rsa2, BN_dup(p), BN_dup(q)), 1);
ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature,
signatureLen, rsa2), 1);
ExpectIntEQ(RSA_set0_crt_params(rsa2, BN_dup(dmp1), BN_dup(dmq1),
BN_dup(iqmp)), 1);
ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature,
signatureLen, rsa2), 1);
RSA_free(rsa2);
rsa2 = NULL;
/* Signing */
XMEMSET(signature, 0, sizeof(signature));
ExpectNotNull(rsa2 = RSA_new());
ExpectIntEQ(RSA_set0_key(rsa2, BN_dup(n), BN_dup(e), BN_dup(d)), 1);
ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature,
&signatureLen, rsa2), 1);
ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature,
signatureLen, rsa), 1);
ExpectIntEQ(RSA_set0_factors(rsa2, BN_dup(p), BN_dup(q)), 1);
XMEMSET(signature, 0, sizeof(signature));
ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature,
&signatureLen, rsa2), 1);
ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature,
signatureLen, rsa), 1);
ExpectIntEQ(RSA_set0_crt_params(rsa2, BN_dup(dmp1), BN_dup(dmq1),
BN_dup(iqmp)), 1);
ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature,
&signatureLen, rsa2), 1);
ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature,
signatureLen, rsa), 1);
RSA_free(rsa2);
rsa2 = NULL;
}
#endif
#ifdef WOLFSSL_RSA_KEY_CHECK
ExpectIntEQ(RSA_check_key(NULL), 0);
ExpectIntEQ(RSA_check_key(rsa), 1);
@ -79860,6 +79932,18 @@ static int test_EC_i2d(void)
ExpectNull(d2i_ECPrivateKey(&copy, &tmp, 1));
ExpectNull(d2i_ECPrivateKey(&key, &tmp, 0));
{
EC_KEY *pubkey = NULL;
BIO* bio = NULL;
ExpectNotNull(bio = BIO_new(BIO_s_mem()));
ExpectIntGT(BIO_write(bio, buf, len), 0);
ExpectNotNull(d2i_EC_PUBKEY_bio(bio, &pubkey));
BIO_free(bio);
EC_KEY_free(pubkey);
}
ExpectIntEQ(i2d_ECPrivateKey(NULL, &p), 0);
ExpectIntEQ(i2d_ECPrivateKey(NULL, NULL), 0);

48
wolfcrypt/src/evp.c
View File

@ -1725,7 +1725,7 @@ int wolfSSL_EVP_DecryptFinal_legacy(WOLFSSL_EVP_CIPHER_CTX *ctx,
{
int fl;
if (ctx == NULL || out == NULL || outl == NULL)
return BAD_FUNC_ARG;
return WOLFSSL_FAILURE;
WOLFSSL_ENTER("wolfSSL_EVP_DecryptFinal_legacy");
if (ctx->block_size == 1) {
@ -1764,7 +1764,7 @@ int wolfSSL_EVP_DecryptFinal_legacy(WOLFSSL_EVP_CIPHER_CTX *ctx,
int wolfSSL_EVP_CIPHER_CTX_block_size(const WOLFSSL_EVP_CIPHER_CTX *ctx)
{
if (ctx == NULL) return BAD_FUNC_ARG;
if (ctx == NULL) return WOLFSSL_FAILURE;
switch (ctx->cipherType) {
#if !defined(NO_AES) || !defined(NO_DES3) || defined(WOLFSSL_SM4)
#if !defined(NO_AES)
@ -2046,7 +2046,7 @@ static unsigned int cipherType(const WOLFSSL_EVP_CIPHER *cipher)
int wolfSSL_EVP_CIPHER_block_size(const WOLFSSL_EVP_CIPHER *cipher)
{
if (cipher == NULL)
return BAD_FUNC_ARG;
return WOLFSSL_FAILURE;
switch (cipherType(cipher)) {
#if !defined(NO_AES)
@ -2306,7 +2306,7 @@ int wolfSSL_EVP_CIPHER_CTX_set_padding(WOLFSSL_EVP_CIPHER_CTX *ctx,
int padding)
{
if (ctx == NULL)
return BAD_FUNC_ARG;
return WOLFSSL_FAILURE;
if (padding) {
ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_NO_PADDING;
}
@ -2318,9 +2318,10 @@ int wolfSSL_EVP_CIPHER_CTX_set_padding(WOLFSSL_EVP_CIPHER_CTX *ctx,
int wolfSSL_EVP_add_digest(const WOLFSSL_EVP_MD *digest)
{
(void)digest;
/* nothing to do */
return 0;
if (digest == NULL)
return WOLFSSL_FAILURE;
return WOLFSSL_SUCCESS;
}
@ -3444,7 +3445,7 @@ int wolfSSL_EVP_PKEY_keygen(WOLFSSL_EVP_PKEY_CTX *ctx,
WOLFSSL_ENTER("wolfSSL_EVP_PKEY_keygen");
if (ctx == NULL || ppkey == NULL) {
return BAD_FUNC_ARG;
return WOLFSSL_FAILURE;
}
pkey = *ppkey;
@ -3454,7 +3455,7 @@ int wolfSSL_EVP_PKEY_keygen(WOLFSSL_EVP_PKEY_CTX *ctx,
ctx->pkey->type != EVP_PKEY_RSA &&
ctx->pkey->type != EVP_PKEY_DH)) {
WOLFSSL_MSG("Key not set or key type not supported");
return BAD_FUNC_ARG;
return WOLFSSL_FAILURE;
}
pkey = wolfSSL_EVP_PKEY_new();
if (pkey == NULL) {
@ -4146,9 +4147,10 @@ int wolfSSL_EVP_VerifyFinal(WOLFSSL_EVP_MD_CTX *ctx,
int wolfSSL_EVP_add_cipher(const WOLFSSL_EVP_CIPHER *cipher)
{
(void)cipher;
/* nothing to do */
return 0;
if (cipher == NULL)
return WOLFSSL_FAILURE;
return WOLFSSL_SUCCESS;
}
@ -4347,7 +4349,7 @@ static int wolfSSL_evp_digest_pk_init(WOLFSSL_EVP_MD_CTX *ctx,
}
type = wolfSSL_EVP_get_digestbynid(default_digest);
if (type == NULL) {
return BAD_FUNC_ARG;
return WOLFSSL_FAILURE;
}
}
@ -4539,7 +4541,7 @@ int wolfSSL_EVP_DigestSignInit(WOLFSSL_EVP_MD_CTX *ctx,
WOLFSSL_ENTER("EVP_DigestSignInit");
if (ctx == NULL || pkey == NULL)
return BAD_FUNC_ARG;
return WOLFSSL_FAILURE;
return wolfSSL_evp_digest_pk_init(ctx, pctx, type, e, pkey);
}
@ -4551,7 +4553,7 @@ int wolfSSL_EVP_DigestSignUpdate(WOLFSSL_EVP_MD_CTX *ctx, const void *d,
WOLFSSL_ENTER("EVP_DigestSignUpdate");
if (ctx == NULL || d == NULL)
return BAD_FUNC_ARG;
return WOLFSSL_FAILURE;
return wolfssl_evp_digest_pk_update(ctx, d, cnt);
}
@ -4664,7 +4666,7 @@ int wolfSSL_EVP_DigestVerifyInit(WOLFSSL_EVP_MD_CTX *ctx,
WOLFSSL_ENTER("EVP_DigestVerifyInit");
if (ctx == NULL || type == NULL || pkey == NULL)
return BAD_FUNC_ARG;
return WOLFSSL_FAILURE;
return wolfSSL_evp_digest_pk_init(ctx, pctx, type, e, pkey);
}
@ -4676,7 +4678,7 @@ int wolfSSL_EVP_DigestVerifyUpdate(WOLFSSL_EVP_MD_CTX *ctx, const void *d,
WOLFSSL_ENTER("EVP_DigestVerifyUpdate");
if (ctx == NULL || d == NULL)
return BAD_FUNC_ARG;
return WOLFSSL_FAILURE;
return wolfssl_evp_digest_pk_update(ctx, d, (unsigned int)cnt);
}
@ -9351,7 +9353,7 @@ const WOLFSSL_EVP_MD* wolfSSL_EVP_ripemd160(void)
int wolfSSL_EVP_MD_pkey_type(const WOLFSSL_EVP_MD* type)
{
int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG);
int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE);
WOLFSSL_ENTER("wolfSSL_EVP_MD_pkey_type");
@ -9376,7 +9378,7 @@ int wolfSSL_EVP_MD_pkey_type(const WOLFSSL_EVP_MD* type)
}
}
else {
ret = BAD_FUNC_ARG;
ret = WOLFSSL_FAILURE;
}
WOLFSSL_LEAVE("wolfSSL_EVP_MD_pkey_type", ret);
@ -10496,7 +10498,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
WOLFSSL_ENTER("EVP_DigestInit");
if (ctx == NULL) {
return BAD_FUNC_ARG;
return WOLFSSL_FAILURE;
}
@ -10594,7 +10596,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
#endif
{
ctx->macType = WC_HASH_TYPE_NONE;
return BAD_FUNC_ARG;
return WOLFSSL_FAILURE;
}
return ret;
@ -10911,7 +10913,7 @@ int wolfSSL_EVP_MD_block_size(const WOLFSSL_EVP_MD* type)
if (type == NULL) {
WOLFSSL_MSG("No md type arg");
return BAD_FUNC_ARG;
return WOLFSSL_FAILURE;
}
#ifndef NO_SHA
@ -10977,7 +10979,7 @@ int wolfSSL_EVP_MD_block_size(const WOLFSSL_EVP_MD* type)
} else
#endif
return BAD_FUNC_ARG;
return WOLFSSL_FAILURE;
}
int wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* type)
@ -10986,7 +10988,7 @@ int wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* type)
if (type == NULL) {
WOLFSSL_MSG("No md type arg");
return BAD_FUNC_ARG;
return WOLFSSL_FAILURE;
}
#ifndef NO_SHA
@ -11062,7 +11064,7 @@ int wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* type)
}
#endif
return BAD_FUNC_ARG;
return WOLFSSL_FAILURE;
}
#endif /* OPENSSL_EXTRA || HAVE_CURL */

23
wolfcrypt/src/rsa.c
View File

@ -2392,7 +2392,10 @@ static int RsaFunction_SP(const byte* in, word32 inLen, byte* out,
#endif
#ifndef RSA_LOW_MEM
if ((mp_count_bits(&key->p) == 1024) &&
(mp_count_bits(&key->q) == 1024)) {
(mp_count_bits(&key->q) == 1024) &&
(mp_count_bits(&key->dP) > 0) &&
(mp_count_bits(&key->dQ) > 0) &&
(mp_count_bits(&key->u) > 0)) {
return sp_RsaPrivate_2048(in, inLen, &key->d, &key->p, &key->q,
&key->dP, &key->dQ, &key->u, &key->n,
out, outLen);
@ -2423,7 +2426,10 @@ static int RsaFunction_SP(const byte* in, word32 inLen, byte* out,
#endif
#ifndef RSA_LOW_MEM
if ((mp_count_bits(&key->p) == 1536) &&
(mp_count_bits(&key->q) == 1536)) {
(mp_count_bits(&key->q) == 1536) &&
(mp_count_bits(&key->dP) > 0) &&
(mp_count_bits(&key->dQ) > 0) &&
(mp_count_bits(&key->u) > 0)) {
return sp_RsaPrivate_3072(in, inLen, &key->d, &key->p, &key->q,
&key->dP, &key->dQ, &key->u, &key->n,
out, outLen);
@ -2454,7 +2460,10 @@ static int RsaFunction_SP(const byte* in, word32 inLen, byte* out,
#endif
#ifndef RSA_LOW_MEM
if ((mp_count_bits(&key->p) == 2048) &&
(mp_count_bits(&key->q) == 2048)) {
(mp_count_bits(&key->q) == 2048) &&
(mp_count_bits(&key->dP) > 0) &&
(mp_count_bits(&key->dQ) > 0) &&
(mp_count_bits(&key->u) > 0)) {
return sp_RsaPrivate_4096(in, inLen, &key->d, &key->p, &key->q,
&key->dP, &key->dQ, &key->u, &key->n,
out, outLen);
@ -2551,7 +2560,13 @@ static int RsaFunctionPrivate(mp_int* tmp, RsaKey* key, WC_RNG* rng)
}
}
#else
if (ret == 0) {
if (ret == 0 && (mp_iszero(&key->p) || mp_iszero(&key->q) ||
mp_iszero(&key->dP) || mp_iszero(&key->dQ))) {
if (mp_exptmod(tmp, &key->d, &key->n, tmp) != MP_OKAY) {
ret = MP_EXPTMOD_E;
}
}
else if (ret == 0) {
mp_int* tmpa = tmp;
#if defined(WC_RSA_BLINDING) && !defined(WC_NO_RNG)
mp_int* tmpb = rnd;

8
wolfcrypt/test/test.c
View File

@ -25546,7 +25546,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
return WC_TEST_RET_ENC_NC;
}
if (EVP_CIPHER_CTX_block_size(NULL) != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
if (EVP_CIPHER_CTX_block_size(NULL) != WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
return WC_TEST_RET_ENC_NC;
if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS)
@ -25557,7 +25557,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
if (EVP_CIPHER_CTX_block_size(en) != en->block_size)
return WC_TEST_RET_ENC_NC;
if (EVP_CIPHER_block_size(NULL) != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
if (EVP_CIPHER_block_size(NULL) != WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
return WC_TEST_RET_ENC_NC;
if (EVP_CIPHER_block_size(EVP_aes_128_cbc()) != AES_BLOCK_SIZE)
@ -25575,10 +25575,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void)
return WC_TEST_RET_ENC_NC;
if (EVP_CIPHER_CTX_set_padding(NULL, 0) !=
WC_NO_ERR_TRACE(BAD_FUNC_ARG))
{
WC_NO_ERR_TRACE(WOLFSSL_FAILURE))
return WC_TEST_RET_ENC_NC;
}
if (EVP_CIPHER_CTX_set_padding(en, 0) != WOLFSSL_SUCCESS)
return WC_TEST_RET_ENC_NC;
if (EVP_CIPHER_CTX_set_padding(en, 1) != WOLFSSL_SUCCESS)

6
wolfssl/openssl/ec.h
View File

@ -26,6 +26,7 @@
#include <wolfssl/wolfcrypt/types.h>
#include <wolfssl/openssl/bn.h>
#include <wolfssl/openssl/compat_types.h>
#include <wolfssl/wolfcrypt/asn.h>
#include <wolfssl/wolfcrypt/ecc.h>
@ -205,6 +206,9 @@ WOLFSSL_API
int wolfSSL_EC_KEY_LoadDer_ex(WOLFSSL_EC_KEY* key,
const unsigned char* der, int derSz, int opt);
WOLFSSL_API
WOLFSSL_EC_KEY *wolfSSL_d2i_EC_PUBKEY_bio(WOLFSSL_BIO *bio,
WOLFSSL_EC_KEY **out);
WOLFSSL_API
void wolfSSL_EC_KEY_free(WOLFSSL_EC_KEY *key);
WOLFSSL_API
WOLFSSL_EC_POINT *wolfSSL_EC_KEY_get0_public_key(const WOLFSSL_EC_KEY *key);
@ -371,6 +375,8 @@ typedef WOLFSSL_EC_KEY_METHOD EC_KEY_METHOD;
#define EC_KEY_check_key wolfSSL_EC_KEY_check_key
#define EC_KEY_print_fp wolfSSL_EC_KEY_print_fp
#define d2i_EC_PUBKEY_bio wolfSSL_d2i_EC_PUBKEY_bio
#define ECDSA_size wolfSSL_ECDSA_size
#define ECDSA_sign wolfSSL_ECDSA_sign
#define ECDSA_verify wolfSSL_ECDSA_verify

3
wolfssl/openssl/pem.h
View File

@ -56,6 +56,8 @@ WOLFSSL_API
WOLFSSL_RSA *wolfSSL_PEM_read_bio_RSA_PUBKEY(WOLFSSL_BIO* bio,
WOLFSSL_RSA** rsa,
wc_pem_password_cb* cb, void *u);
WOLFSSL_API
WOLFSSL_RSA *wolfSSL_d2i_RSA_PUBKEY_bio(WOLFSSL_BIO *bio, WOLFSSL_RSA **out);
WOLFSSL_API
WOLFSSL_EC_GROUP* wolfSSL_PEM_read_bio_ECPKParameters(WOLFSSL_BIO* bio,
@ -252,6 +254,7 @@ int wolfSSL_PEM_write_DHparams(XFILE fp, WOLFSSL_DH* dh);
#define PEM_read_RSA_PUBKEY wolfSSL_PEM_read_RSA_PUBKEY
#define PEM_write_RSAPublicKey wolfSSL_PEM_write_RSAPublicKey
#define PEM_read_RSAPublicKey wolfSSL_PEM_read_RSAPublicKey
#define d2i_RSA_PUBKEY_bio wolfSSL_d2i_RSA_PUBKEY_bio
/* DSA */
#define PEM_write_bio_DSAPrivateKey wolfSSL_PEM_write_bio_DSAPrivateKey
#define PEM_write_DSAPrivateKey wolfSSL_PEM_write_DSAPrivateKey

5
wolfssl/openssl/ssl.h
View File

@ -82,6 +82,7 @@ typedef WOLFSSL_CTX SSL_CTX;
typedef WOLFSSL_X509 X509;
typedef WOLFSSL_X509 X509_REQ;
typedef WOLFSSL_X509 X509_REQ_INFO;
typedef WOLFSSL_X509_NAME X509_NAME;
typedef WOLFSSL_X509_INFO X509_INFO;
typedef WOLFSSL_X509_CHAIN X509_CHAIN;
@ -426,6 +427,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define d2i_X509_fp wolfSSL_d2i_X509_fp
#define i2d_X509 wolfSSL_i2d_X509
#define d2i_X509 wolfSSL_d2i_X509
#define d2i_X509_REQ_INFO wolfSSL_d2i_X509_REQ_INFO
#define PEM_read_bio_X509 wolfSSL_PEM_read_bio_X509
#define PEM_read_bio_X509_REQ wolfSSL_PEM_read_bio_X509_REQ
#define PEM_read_X509_REQ wolfSSL_PEM_read_X509_REQ
@ -443,6 +445,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define d2i_X509_REQ wolfSSL_d2i_X509_REQ
#define X509_REQ_new wolfSSL_X509_REQ_new
#define X509_REQ_free wolfSSL_X509_REQ_free
#define X509_REQ_INFO_free wolfSSL_X509_REQ_free
#define X509_REQ_sign wolfSSL_X509_REQ_sign
#define X509_REQ_sign_ctx wolfSSL_X509_REQ_sign_ctx
#define X509_REQ_add_extensions wolfSSL_X509_REQ_add_extensions
@ -565,6 +568,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define sk_X509_EXTENSION_new_null wolfSSL_sk_X509_EXTENSION_new_null
#define sk_X509_EXTENSION_pop_free wolfSSL_sk_X509_EXTENSION_pop_free
#define sk_X509_EXTENSION_push wolfSSL_sk_X509_EXTENSION_push
#define sk_X509_EXTENSION_free wolfSSL_sk_X509_EXTENSION_free
#define X509_INFO_new wolfSSL_X509_INFO_new
#define X509_INFO_free wolfSSL_X509_INFO_free
@ -878,6 +882,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#endif
#define ASN1_TIME_set wolfSSL_ASN1_TIME_set
#define ASN1_TIME_set_string wolfSSL_ASN1_TIME_set_string
#define ASN1_TIME_set_string_X509 wolfSSL_ASN1_TIME_set_string_X509
#define ASN1_GENERALIZEDTIME_set_string wolfSSL_ASN1_TIME_set_string
#define ASN1_GENERALIZEDTIME_print wolfSSL_ASN1_GENERALIZEDTIME_print

7
wolfssl/ssl.h
View File

@ -1642,6 +1642,8 @@ WOLFSSL_API void wolfSSL_ACCESS_DESCRIPTION_free(WOLFSSL_ACCESS_DESCRIPTION* a);
WOLFSSL_API void wolfSSL_sk_X509_EXTENSION_pop_free(
WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk,
void (*f) (WOLFSSL_X509_EXTENSION*));
WOLFSSL_API void wolfSSL_sk_X509_EXTENSION_free(
WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk);
WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* wolfSSL_sk_X509_EXTENSION_new_null(void);
WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_ASN1_OBJECT_new(void);
WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_ASN1_OBJECT_dup(WOLFSSL_ASN1_OBJECT* obj);
@ -2826,6 +2828,8 @@ WOLFSSL_API int wolfSSL_ASN1_TIME_compare(const WOLFSSL_ASN1_TIME *a,
#ifdef OPENSSL_EXTRA
WOLFSSL_API WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_set(WOLFSSL_ASN1_TIME *s, time_t t);
WOLFSSL_API int wolfSSL_ASN1_TIME_set_string(WOLFSSL_ASN1_TIME *s, const char *str);
WOLFSSL_API int wolfSSL_ASN1_TIME_set_string_X509(WOLFSSL_ASN1_TIME *t,
const char *str);
#endif
WOLFSSL_API int wolfSSL_sk_num(const WOLFSSL_STACK* sk);
@ -2965,6 +2969,8 @@ WOLFSSL_API WOLFSSL_X509*
#ifdef WOLFSSL_CERT_REQ
WOLFSSL_API WOLFSSL_X509*
wolfSSL_X509_REQ_d2i(WOLFSSL_X509** x509, const unsigned char* in, int len);
WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_REQ_INFO(WOLFSSL_X509** req,
const unsigned char** in, int len);
#endif
WOLFSSL_API int wolfSSL_i2d_X509(WOLFSSL_X509* x509, unsigned char** out);
WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL(WOLFSSL_X509_CRL **crl,
@ -4497,7 +4503,6 @@ WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509_EXTENSION_dup(
WOLFSSL_X509_EXTENSION* src);
WOLFSSL_API int wolfSSL_sk_X509_EXTENSION_push(WOLFSSL_STACK* sk,
WOLFSSL_X509_EXTENSION* ext);
WOLFSSL_API void wolfSSL_sk_X509_EXTENSION_free(WOLFSSL_STACK* sk);
WOLFSSL_API void wolfSSL_X509_EXTENSION_free(WOLFSSL_X509_EXTENSION* ext_to_free);
WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_new_x509_ext(void);
#endif