WIP
This commit is contained in:
Juliusz Sosinowicz
parent
2566986d41
commit
41de1bb156
@ -426,7 +426,7 @@ AC_ARG_ENABLE([mcast],
|
||||
|
||||
|
||||
# List of open source project defines using our openssl compatibility layer:
|
||||
# openssh (--enable-openssh)
|
||||
# openssh (--enable-openssh) WOLFSSL_OPENSSH
|
||||
# openvpn (--enable-openvpn)
|
||||
# nginix (--enable-nginx) WOLFSSL_NGINX
|
||||
# haproxy (--enable-haproxy) WOLFSSL_HAPROXY
|
||||
@ -500,6 +500,7 @@ fi
|
||||
if test "$ENABLED_OPENSSH" = "yes"
|
||||
then
|
||||
ENABLED_FORTRESS="yes"
|
||||
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_OPENSSH"
|
||||
fi
|
||||
|
||||
#Qt Support
|
||||
|
||||
90
src/ssl.c
90
src/ssl.c
@ -16553,6 +16553,15 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
|
||||
return WOLFSSL_FAILURE;
|
||||
ret = wolfSSL_EVP_CIPHER_CTX_set_iv_length(ctx, arg);
|
||||
break;
|
||||
case EVP_CTRL_AEAD_SET_IV_FIXED:
|
||||
/* arg=-1 copies ctx->ivSz from ptr */
|
||||
if (arg == -1) {
|
||||
ret = wolfSSL_EVP_CIPHER_CTX_set_iv(ctx, ptr, ctx->ivSz);
|
||||
}
|
||||
else {
|
||||
ret = wolfSSL_EVP_CIPHER_CTX_set_iv(ctx, ptr, arg);
|
||||
}
|
||||
break;
|
||||
case EVP_CTRL_AEAD_SET_TAG:
|
||||
if(arg <= 0 || arg > 16 || (ptr == NULL))
|
||||
return WOLFSSL_FAILURE;
|
||||
@ -17125,6 +17134,26 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
|
||||
|
||||
return WOLFSSL_SUCCESS;
|
||||
}
|
||||
|
||||
/* returns WOLFSSL_SUCCESS on success, otherwise returns WOLFSSL_FAILURE */
|
||||
int wolfSSL_EVP_CIPHER_CTX_set_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* iv,
|
||||
int ivLen)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_set_iv_length");
|
||||
if (!ctx || !iv
|
||||
#ifndef NO_AES
|
||||
|| ivLen != AES_BLOCK_SIZE
|
||||
#elif !defined(NO_DES3)
|
||||
|| ivLen != DES_BLOCK_SIZE
|
||||
#endif
|
||||
) {
|
||||
return WOLFSSL_FAILURE;
|
||||
}
|
||||
XMEMCPY(ctx->iv, iv, ivLen);
|
||||
ctx->ivSz= ivLen;
|
||||
|
||||
return WOLFSSL_SUCCESS;
|
||||
}
|
||||
#endif
|
||||
|
||||
/* WOLFSSL_SUCCESS on ok */
|
||||
@ -30557,6 +30586,30 @@ int wolfSSL_DSA_generate_parameters_ex(WOLFSSL_DSA* dsa, int bits,
|
||||
return ret;
|
||||
}
|
||||
|
||||
WOLFSSL_DSA_SIG* wolfSSL_DSA_SIG_new(void)
|
||||
{
|
||||
WOLFSSL_DSA_SIG* sig;
|
||||
WOLFSSL_ENTER("wolfSSL_DSA_SIG_new");
|
||||
sig = (WOLFSSL_DSA_SIG*)XMALLOC(sizeof(WOLFSSL_DSA_SIG), NULL, DYNAMIC_TYPE_OPENSSL);
|
||||
if (sig)
|
||||
XMEMSET(sig, 0, sizeof(WOLFSSL_DSA_SIG));
|
||||
return sig;
|
||||
}
|
||||
|
||||
void wolfSSL_DSA_SIG_free(WOLFSSL_DSA_SIG *sig)
|
||||
{
|
||||
WOLFSSL_ENTER("wolfSSL_DSA_SIG_free");
|
||||
if (sig) {
|
||||
if (sig->r) {
|
||||
wolfSSL_BN_free(sig->r);
|
||||
}
|
||||
if (sig->s) {
|
||||
wolfSSL_BN_free(sig->s);
|
||||
}
|
||||
XFREE(sig, NULL, DYNAMIC_TYPE_OPENSSL);
|
||||
}
|
||||
}
|
||||
|
||||
/* return WOLFSSL_SUCCESS on success, < 0 otherwise */
|
||||
int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet,
|
||||
WOLFSSL_DSA* dsa)
|
||||
@ -30621,6 +30674,43 @@ int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet,
|
||||
return ret;
|
||||
}
|
||||
|
||||
WOLFSSL_DSA_SIG* wolfSSL_DSA_do_sign_ex(const unsigned char* digest,
|
||||
int outLen, WOLFSSL_DSA* dsa)
|
||||
{
|
||||
WOLFSSL_DSA_SIG* sig = NULL;
|
||||
byte sigBin[DSA_SIG_SIZE];
|
||||
|
||||
WOLFSSL_ENTER("wolfSSL_DSA_do_sign_ex");
|
||||
|
||||
if (digest == NULL || dsa == NULL || outLen != WC_SHA_DIGEST_SIZE) {
|
||||
WOLFSSL_MSG("Bad function arguments");
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if (wolfSSL_DSA_do_sign(digest, sigBin, dsa) != WOLFSSL_SUCCESS) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if (!(sig = wolfSSL_DSA_SIG_new())) {
|
||||
goto error;
|
||||
}
|
||||
|
||||
if (!(sig->r = wolfSSL_BN_bin2bn(sigBin, DSA_HALF_SIZE, NULL))) {
|
||||
goto error;
|
||||
}
|
||||
|
||||
if (!(sig->s = wolfSSL_BN_bin2bn(sigBin+DSA_HALF_SIZE, DSA_HALF_SIZE, NULL))) {
|
||||
goto error;
|
||||
}
|
||||
|
||||
return sig;
|
||||
error:
|
||||
if (sig) {
|
||||
wolfSSL_DSA_SIG_free(sig);
|
||||
}
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
||||
int wolfSSL_DSA_do_verify(const unsigned char* d, unsigned char* sig,
|
||||
WOLFSSL_DSA* dsa, int *dsacheck)
|
||||
|
||||
@ -20089,6 +20089,8 @@ static void test_wolfSSL_tmp_dh(void)
|
||||
BIO* bio;
|
||||
SSL* ssl;
|
||||
SSL_CTX* ctx;
|
||||
unsigned char digest[WC_SHA_DIGEST_SIZE] = {202}; // initialize to anything
|
||||
DSA_SIG* sig;
|
||||
|
||||
printf(testingFmt, "wolfSSL_tmp_dh()");
|
||||
|
||||
@ -20115,6 +20117,9 @@ static void test_wolfSSL_tmp_dh(void)
|
||||
dh = wolfSSL_DSA_dup_DH(dsa);
|
||||
AssertNotNull(dh);
|
||||
|
||||
AssertNotNull(sig = DSA_do_sign(digest, WC_SHA_DIGEST_SIZE, dsa));
|
||||
DSA_SIG_free(sig);
|
||||
|
||||
AssertIntEQ((int)SSL_CTX_set_tmp_dh(ctx, dh), WOLFSSL_SUCCESS);
|
||||
#ifndef NO_WOLFSSL_SERVER
|
||||
AssertIntEQ((int)SSL_set_tmp_dh(ssl, dh), WOLFSSL_SUCCESS);
|
||||
|
||||
@ -42,14 +42,6 @@
|
||||
#include <wolfcrypt/src/misc.c>
|
||||
#endif
|
||||
|
||||
|
||||
enum {
|
||||
DSA_HALF_SIZE = 20, /* r and s size */
|
||||
DSA_SIG_SIZE = 40 /* signature size */
|
||||
};
|
||||
|
||||
|
||||
|
||||
int wc_InitDsaKey(DsaKey* key)
|
||||
{
|
||||
if (key == NULL)
|
||||
|
||||
@ -196,6 +196,8 @@ typedef WOLFSSL_BN_GENCB BN_GENCB;
|
||||
|
||||
#define BN_mod_inverse wolfSSL_BN_mod_inverse
|
||||
|
||||
#define BN_set_flags(x1, x2)
|
||||
|
||||
#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
|
||||
#define BN_get_rfc2409_prime_768 wolfSSL_DH_768_prime
|
||||
#define BN_get_rfc2409_prime_1024 wolfSSL_DH_1024_prime
|
||||
|
||||
@ -31,6 +31,11 @@
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
typedef struct WOLFSSL_DSA_SIG {
|
||||
WOLFSSL_BIGNUM *r;
|
||||
WOLFSSL_BIGNUM *s;
|
||||
} WOLFSSL_DSA_SIG;
|
||||
|
||||
#ifndef WOLFSSL_DSA_TYPE_DEFINED /* guard on redeclaration */
|
||||
typedef struct WOLFSSL_DSA WOLFSSL_DSA;
|
||||
#define WOLFSSL_DSA_TYPE_DEFINED
|
||||
@ -75,16 +80,31 @@ WOLFSSL_API int wolfSSL_DSA_do_verify(const unsigned char* d,
|
||||
unsigned char* sig,
|
||||
WOLFSSL_DSA* dsa, int *dsacheck);
|
||||
|
||||
WOLFSSL_API WOLFSSL_DSA_SIG* wolfSSL_DSA_SIG_new(void);
|
||||
WOLFSSL_API void wolfSSL_DSA_SIG_free(WOLFSSL_DSA_SIG *sig);
|
||||
WOLFSSL_API WOLFSSL_DSA_SIG* wolfSSL_DSA_do_sign_ex(const unsigned char* digest,
|
||||
int outLen, WOLFSSL_DSA* dsa);
|
||||
WOLFSSL_API int wolfSSL_DSA_do_verify_ex(const unsigned char* digest, int digest_len,
|
||||
WOLFSSL_DSA_SIG* sig, WOLFSSL_DSA* dsa);
|
||||
|
||||
#define WOLFSSL_DSA_LOAD_PRIVATE 1
|
||||
#define WOLFSSL_DSA_LOAD_PUBLIC 2
|
||||
|
||||
#define DSA_new wolfSSL_DSA_new
|
||||
#define DSA_free wolfSSL_DSA_free
|
||||
|
||||
#define DSA_LoadDer wolfSSL_DSA_LoadDer
|
||||
#define DSA_generate_key wolfSSL_DSA_generate_key
|
||||
#define DSA_generate_parameters wolfSSL_DSA_generate_parameters
|
||||
#define DSA_generate_parameters_ex wolfSSL_DSA_generate_parameters_ex
|
||||
|
||||
#define DSA_SIG_new wolfSSL_DSA_SIG_new
|
||||
#define DSA_SIG_free wolfSSL_DSA_SIG_free
|
||||
#define DSA_do_sign wolfSSL_DSA_do_sign_ex
|
||||
#define DSA_do_verify wolfSSL_DSA_do_verify_ex
|
||||
|
||||
|
||||
#define DSA_SIG WOLFSSL_DSA_SIG
|
||||
|
||||
#ifdef __cplusplus
|
||||
} /* extern "C" */
|
||||
|
||||
@ -408,6 +408,8 @@ WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_set_key_length(WOLFSSL_EVP_CIPHER_CTX* c
|
||||
int keylen);
|
||||
WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_set_iv_length(WOLFSSL_EVP_CIPHER_CTX* ctx,
|
||||
int ivLen);
|
||||
WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_set_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* iv,
|
||||
int ivLen);
|
||||
WOLFSSL_API int wolfSSL_EVP_Cipher(WOLFSSL_EVP_CIPHER_CTX* ctx,
|
||||
unsigned char* dst, unsigned char* src,
|
||||
unsigned int len);
|
||||
@ -743,6 +745,7 @@ typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX;
|
||||
#define EVP_CTRL_GCM_SET_IVLEN EVP_CTRL_AEAD_SET_IVLEN
|
||||
#define EVP_CTRL_GCM_GET_TAG EVP_CTRL_AEAD_GET_TAG
|
||||
#define EVP_CTRL_GCM_SET_TAG EVP_CTRL_AEAD_SET_TAG
|
||||
#define EVP_CTRL_GCM_SET_IV_FIXED EVP_CTRL_AEAD_SET_IV_FIXED
|
||||
|
||||
#ifndef EVP_MAX_MD_SIZE
|
||||
#define EVP_MAX_MD_SIZE 64 /* sha512 */
|
||||
|
||||
@ -30,10 +30,11 @@
|
||||
/* For Apache httpd, Use 1.1.0 compatibility */
|
||||
#define OPENSSL_VERSION_NUMBER 0x10100000L
|
||||
#elif defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY) || \
|
||||
defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_QT)
|
||||
defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \
|
||||
defined(WOLFSSL_OPENSSH) || defined(WOLFSSL_QT)
|
||||
/* version number can be increased for Lighty after compatibility for ECDH
|
||||
is added */
|
||||
#define OPENSSL_VERSION_NUMBER 0x10001000L
|
||||
#define OPENSSL_VERSION_NUMBER 0x1000100fL
|
||||
#else
|
||||
#define OPENSSL_VERSION_NUMBER 0x0090810fL
|
||||
#endif
|
||||
|
||||
@ -1093,8 +1093,12 @@ enum {
|
||||
|
||||
#define PEM_R_NO_START_LINE 108
|
||||
#define PEM_R_PROBLEMS_GETTING_PASSWORD 109
|
||||
#define PEM_R_BAD_PASSWORD_READ 110
|
||||
#define PEM_R_BAD_DECRYPT 111
|
||||
#define ERR_LIB_PEM 9
|
||||
#define ERR_LIB_X509 10
|
||||
#define ERR_LIB_EVP 11
|
||||
#define ERR_LIB_ASN1 12
|
||||
|
||||
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \
|
||||
defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_ALL) || \
|
||||
@ -1201,6 +1205,8 @@ enum {
|
||||
#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
|
||||
#define TLS1_CK_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (0xcca9)
|
||||
|
||||
#define EC_METHOD_get_field_type(x) -1
|
||||
|
||||
#define EVP_CIPHER_mode WOLFSSL_CIPHER_mode
|
||||
/* WOLFSSL_EVP_CIPHER is just the string name of the cipher */
|
||||
#define EVP_CIPHER_name(x) x
|
||||
|
||||
@ -1672,6 +1672,9 @@ enum {
|
||||
SSL_MAX_SSL_SESSION_ID_LENGTH = 32,
|
||||
|
||||
EVP_R_BAD_DECRYPT = 2,
|
||||
EVP_R_BN_DECODE_ERROR = 3,
|
||||
EVP_R_DECODE_ERROR = 4,
|
||||
EVP_R_PRIVATE_KEY_DECODE_ERROR = 5,
|
||||
|
||||
SSL_ST_CONNECT = 0x1000,
|
||||
SSL_ST_ACCEPT = 0x2000,
|
||||
|
||||
@ -220,7 +220,9 @@ enum
|
||||
NID_domainComponent = 0x19, /* matches ASN_DOMAIN_COMPONENT in asn.h */
|
||||
NID_emailAddress = 0x30, /* emailAddress */
|
||||
NID_id_on_dnsSRV = 82, /* 1.3.6.1.5.5.7.8.7 */
|
||||
NID_ms_upn = 265 /* 1.3.6.1.4.1.311.20.2.3 */
|
||||
NID_ms_upn = 265, /* 1.3.6.1.4.1.311.20.2.3 */
|
||||
|
||||
NID_X9_62_prime_field = 406
|
||||
};
|
||||
|
||||
enum ECC_TYPES
|
||||
|
||||
@ -52,6 +52,11 @@ enum {
|
||||
DSA_PRIVATE = 1
|
||||
};
|
||||
|
||||
enum {
|
||||
DSA_HALF_SIZE = 20, /* r and s size */
|
||||
DSA_SIG_SIZE = 40 /* signature size */
|
||||
};
|
||||
|
||||
/* DSA */
|
||||
typedef struct DsaKey {
|
||||
mp_int p, q, g, y, x;
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user