mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #2733 from julek-wolfssl/openssh-8.1

Browse Source 
Openssh 8.1
This commit is contained in:
JacobBarthelmeh 2020-02-19 10:14:35 -07:00 committed by GitHub
commit e72b87f372
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
38 changed files with 1736 additions and 683 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
IDE/WIN/user_settings.h
View File

@ -22,6 +22,8 @@
#define NO_RABBIT
#define NO_DSA
#define NO_MD4
#define GCM_NONCE_MID_SZ 12
#else
/* Enables blinding mode, to prevent timing attacks */
#define WC_RSA_BLINDING

5
configure.ac
View File

@ -426,7 +426,7 @@ AC_ARG_ENABLE([mcast],
# List of open source project defines using our openssl compatibility layer:
# openssh (--enable-openssh)
# openssh (--enable-openssh) WOLFSSL_OPENSSH
# openvpn (--enable-openvpn)
# nginix (--enable-nginx) WOLFSSL_NGINX
# haproxy (--enable-haproxy) WOLFSSL_HAPROXY
@ -500,6 +500,7 @@ fi
if test "$ENABLED_OPENSSH" = "yes"
then
ENABLED_FORTRESS="yes"
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_OPENSSH -DHAVE_EX_DATA -DWOLFSSL_BASE16"
fi
#Qt Support
@ -1482,7 +1483,7 @@ then
ENABLED_DSA="yes"
fi
if test "$ENABLED_DSA" = "no"
if test "$ENABLED_DSA" = "no" && test "$ENABLED_OPENSSH" = "no"
then
AM_CFLAGS="$AM_CFLAGS -DNO_DSA"
fi

5
src/internal.c
View File

@ -9553,7 +9553,10 @@ int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl, int ret,
store->certs = args->certs;
store->totalCerts = args->totalCerts;
#if defined(HAVE_EX_DATA) || defined(FORTRESS)
store->ex_data[0] = ssl;
if (wolfSSL_CRYPTO_set_ex_data(&store->ex_data, 0, ssl)
!= WOLFSSL_SUCCESS) {
WOLFSSL_MSG("Failed to store ssl context in WOLFSSL_X509_STORE_CTX");
}
#endif
if (ssl != NULL) {

1514
src/ssl.c
View File

File diff suppressed because it is too large Load Diff

6
src/wolfio.c
View File

@ -770,7 +770,8 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec)
int ret = 0;
SOCKADDR_S addr;
int sockaddr_len = sizeof(SOCKADDR_IN);
#ifdef HAVE_GETADDRINFO
/* use gethostbyname for c99 */
#if defined(HAVE_GETADDRINFO) && !defined(WOLF_C99)
ADDRINFO hints;
ADDRINFO* answer = NULL;
char strPort[6];
@ -785,7 +786,8 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec)
printf("TCP Connect: %s:%d\n", ip, port);
#endif
#ifdef HAVE_GETADDRINFO
/* use gethostbyname for c99 */
#if defined(HAVE_GETADDRINFO) && !defined(WOLF_C99)
XMEMSET(&hints, 0, sizeof(hints));
hints.ai_family = AF_UNSPEC;
hints.ai_socktype = SOCK_STREAM;

233
tests/api.c
View File

@ -1781,9 +1781,10 @@ static void test_wolfSSL_EC(void)
#ifdef HAVE_ECC
BN_CTX *ctx;
EC_GROUP *group;
EC_POINT *Gxy, *new_point;
EC_POINT *Gxy, *new_point, *set_point;
BIGNUM *k = NULL, *Gx = NULL, *Gy = NULL, *Gz = NULL;
BIGNUM *X, *Y;
BIGNUM *set_point_bn;
char* hexStr;
int group_bits;
@ -1802,8 +1803,10 @@ static void test_wolfSSL_EC(void)
AssertIntEQ((group_bits = EC_GROUP_order_bits(group)), 256);
AssertNotNull(Gxy = EC_POINT_new(group));
AssertNotNull(new_point = EC_POINT_new(group));
AssertNotNull(set_point = EC_POINT_new(group));
AssertNotNull(X = BN_new());
AssertNotNull(Y = BN_new());
AssertNotNull(set_point_bn = BN_new());
/* load test values */
AssertIntEQ(BN_hex2bn(&k, kTest), WOLFSSL_SUCCESS);
@ -1822,12 +1825,26 @@ static void test_wolfSSL_EC(void)
/* check if point X coordinate is zero */
AssertIntEQ(BN_is_zero(new_point->X), WOLFSSL_FAILURE);
/* Force non-affine coordinates */
AssertIntEQ(wolfSSL_BN_add(new_point->Z, (WOLFSSL_BIGNUM*)BN_value_one(),
(WOLFSSL_BIGNUM*)BN_value_one()), 1);
new_point->inSet = 0;
/* extract the coordinates from point */
AssertIntEQ(EC_POINT_get_affine_coordinates_GFp(group, new_point, X, Y, ctx), WOLFSSL_SUCCESS);
/* check if point X coordinate is zero */
AssertIntEQ(BN_is_zero(X), WOLFSSL_FAILURE);
/* set the same X and Y points in another object */
AssertIntEQ(EC_POINT_set_affine_coordinates_GFp(group, set_point, X, Y, ctx), WOLFSSL_SUCCESS);
/* compare points as they should be the same */
AssertIntEQ(EC_POINT_cmp(group, new_point, set_point, ctx), 0);
AssertPtrEq(EC_POINT_point2bn(group, set_point, POINT_CONVERSION_UNCOMPRESSED,
set_point_bn, ctx), set_point_bn);
/* check bn2hex */
hexStr = BN_bn2hex(k);
AssertStrEQ(hexStr, kTest);
@ -1867,7 +1884,9 @@ static void test_wolfSSL_EC(void)
BN_free(X);
BN_free(Y);
BN_free(k);
BN_free(set_point_bn);
EC_POINT_free(new_point);
EC_POINT_free(set_point);
EC_POINT_free(Gxy);
EC_GROUP_free(group);
BN_CTX_free(ctx);
@ -1923,6 +1942,30 @@ static void test_wolfSSL_ECDSA_SIG(void)
wolfSSL_ECDSA_SIG_free(sig);
#endif /* HAVE_ECC */
}
static void test_ECDSA_size_sign(void)
{
#if defined(HAVE_ECC) && !defined(NO_ECC256) && !defined(NO_ECC_SECP)
EC_KEY *key;
int id;
byte hash[WC_MAX_DIGEST_SIZE];
byte sig[ECC_BUFSIZE];
unsigned int sigSz = sizeof(sig);
XMEMSET(hash, 123, sizeof(hash));
id = wc_ecc_get_curve_id_from_name("SECP256R1");
AssertIntEQ(id, ECC_SECP256R1);
AssertNotNull(key = wolfSSL_EC_KEY_new_by_curve_name(id));
AssertIntEQ(EC_KEY_generate_key(key), 1);
AssertIntEQ(ECDSA_sign(0, hash, sizeof(hash), sig, &sigSz, key), 1);
AssertIntGE(ECDSA_size(key), sigSz);
EC_KEY_free(key);
#endif /* HAVE_ECC && !NO_ECC256 && !NO_ECC_SECP */
}
#endif /* OPENSSL_EXTRA */
#include <wolfssl/openssl/pem.h>
@ -4989,9 +5032,14 @@ static void test_wolfSSL_PKCS8(void)
/* Test using a PKCS8 ECC PEM */
AssertIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buffer, bytes,
WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS);
#else
#ifdef OPENSSL_EXTRA
AssertIntGT((bytes = wc_KeyPemToDer(buffer, bytes, der,
(word32)sizeof(der), NULL)), 0);
#else
AssertIntEQ((bytes = wc_KeyPemToDer(buffer, bytes, der,
(word32)sizeof(der), NULL)), ASN_NO_PEM_HEADER);
#endif
#endif /* HAVE_ECC */
wolfSSL_CTX_free(ctx);
@ -12237,13 +12285,14 @@ static int test_wc_RsaKeyToDer (void)
}
}
#ifndef HAVE_USER_RSA
/* Pass bad args. */
/* Pass good/bad args. */
if (ret == 0) {
ret = wc_RsaKeyToDer(NULL, der, FOURK_BUF);
if (ret == BAD_FUNC_ARG) {
ret = wc_RsaKeyToDer(&genKey, NULL, FOURK_BUF);
/* Get just the output length */
ret = wc_RsaKeyToDer(&genKey, NULL, 0);
}
if (ret == BAD_FUNC_ARG) {
if (ret > 0) {
/* Try Public Key. */
genKey.type = 0;
ret = wc_RsaKeyToDer(&genKey, der, FOURK_BUF);
@ -12255,13 +12304,14 @@ static int test_wc_RsaKeyToDer (void)
}
}
#else
/* Pass bad args. */
/* Pass good/bad args. */
if (ret == 0) {
ret = wc_RsaKeyToDer(NULL, der, FOURK_BUF);
if (ret == USER_CRYPTO_ERROR) {
ret = wc_RsaKeyToDer(&genKey, NULL, FOURK_BUF);
/* Get just the output length */
ret = wc_RsaKeyToDer(&genKey, NULL, 0);
}
if (ret == USER_CRYPTO_ERROR) {
if (ret > 0) {
/* Try Public Key. */
genKey.type = 0;
ret = wc_RsaKeyToDer(&genKey, der, FOURK_BUF);
@ -19857,8 +19907,8 @@ static void test_wolfSSL_PEM_PrivateKey(void)
static void test_wolfSSL_PEM_bio_RSAKey(void)
{
#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \
defined(WOLFSSL_KEY_GEN) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_CERTS)
defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && \
!defined(HAVE_USER_RSA) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS)
RSA* rsa = NULL;
BIO* bio = NULL;
@ -19910,6 +19960,7 @@ static void test_wolfSSL_PEM_RSAPrivateKey(void)
#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
!defined(NO_FILESYSTEM) && !defined(NO_RSA)
RSA* rsa = NULL;
RSA* rsa_dup = NULL;
BIO* bio = NULL;
printf(testingFmt, "wolfSSL_PEM_RSAPrivateKey()");
@ -19918,8 +19969,18 @@ static void test_wolfSSL_PEM_RSAPrivateKey(void)
AssertNotNull((rsa = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL)));
AssertIntEQ(RSA_size(rsa), 256);
#if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && !defined(HAVE_USER_RSA)
AssertNotNull(rsa_dup = RSAPublicKey_dup(rsa));
AssertPtrNE(rsa_dup, rsa);
#endif
/* test if valgrind complains about unreleased memory */
RSA_up_ref(rsa);
RSA_free(rsa);
BIO_free(bio);
RSA_free(rsa);
RSA_free(rsa_dup);
#ifdef HAVE_ECC
AssertNotNull(bio = BIO_new_file(eccKeyFile, "rb"));
@ -20075,6 +20136,56 @@ static void test_wolfSSL_PEM_PUBKEY(void)
#endif
}
static void test_DSA_do_sign_verify(void)
{
#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \
!defined(NO_DSA)
unsigned char digest[WC_SHA_DIGEST_SIZE];
DSA_SIG* sig;
DSA* dsa;
word32 bytes;
byte sigBin[DSA_SIG_SIZE];
int dsacheck;
#ifdef USE_CERT_BUFFERS_1024
byte tmp[ONEK_BUF];
XMEMSET(tmp, 0, sizeof(tmp));
XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024);
bytes = sizeof_dsa_key_der_1024;
#elif defined(USE_CERT_BUFFERS_2048)
byte tmp[TWOK_BUF];
XMEMSET(tmp, 0, sizeof(tmp));
XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048);
bytes = sizeof_dsa_key_der_2048;
#else
byte tmp[TWOK_BUF];
XMEMSET(tmp, 0, sizeof(tmp));
XFILE fp = XFOPEN("./certs/dsa2048.der", "rb");
if (fp == XBADFILE) {
return WOLFSSL_BAD_FILE;
}
bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp);
XFCLOSE(fp);
#endif /* END USE_CERT_BUFFERS_1024 */
printf(testingFmt, "DSA_do_sign_verify()");
XMEMSET(digest, 202, sizeof(digest));
AssertNotNull(dsa = DSA_new());
AssertIntEQ(DSA_LoadDer(dsa, tmp, bytes), 1);
AssertIntEQ(wolfSSL_DSA_do_sign(digest, sigBin, dsa), 1);
AssertIntEQ(wolfSSL_DSA_do_verify(digest, sigBin, dsa, &dsacheck), 1);
AssertNotNull(sig = DSA_do_sign(digest, WC_SHA_DIGEST_SIZE, dsa));
AssertIntEQ(DSA_do_verify(digest, WC_SHA_DIGEST_SIZE, sig, dsa), 1);
DSA_SIG_free(sig);
DSA_free(dsa);
#endif
#endif /* !HAVE_SELFTEST && !HAVE_FIPS */
}
static void test_wolfSSL_tmp_dh(void)
{
@ -21436,6 +21547,15 @@ static void test_wolfSSL_BN(void)
AssertIntLT(BN_cmp(a, c), 0);
AssertIntGT(BN_cmp(c, b), 0);
AssertIntEQ(BN_set_word(a, 0), 1);
AssertIntEQ(BN_is_zero(a), 1);
AssertIntEQ(BN_set_bit(a, 0x45), 1);
AssertIntEQ(BN_is_zero(a), 0);
AssertIntEQ(BN_is_bit_set(a, 0x45), 1);
AssertIntEQ(BN_clear_bit(a, 0x45), 1);
AssertIntEQ(BN_is_bit_set(a, 0x45), 0);
AssertIntEQ(BN_is_zero(a), 1);
BN_free(a);
BN_free(b);
BN_free(c);
@ -23060,12 +23180,7 @@ static void test_wolfSSL_ERR_put_error(void)
AssertIntEQ(ERR_get_error_line_data(&file, &line, NULL, NULL), 0);
PEMerr(4,4);
#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
defined(WOLFSSL_HAPROXY)
AssertIntEQ(ERR_get_error(), -4);
#else
AssertIntEQ(ERR_get_error(), 4);
#endif
/* Empty and free up all error nodes */
ERR_clear_error();
@ -24083,14 +24198,12 @@ static void test_wolfSSL_d2i_PrivateKeys_bio(void)
BIO* bio = NULL;
EVP_PKEY* pkey = NULL;
#ifndef NO_RSA
RSA* rsa = NULL;
#endif
WOLFSSL_CTX* ctx;
#if defined(WOLFSSL_KEY_GEN)
unsigned char buff[4096];
unsigned char* bufPtr;
bufPtr = buff;
unsigned char* bufPtr = buff;
#endif
printf(testingFmt, "wolfSSL_d2i_PrivateKeys_bio()");
@ -24161,34 +24274,38 @@ static void test_wolfSSL_d2i_PrivateKeys_bio(void)
AssertNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method()));
#endif
#ifndef NO_RSA
/* Tests bad parameters */
AssertNull(d2i_RSAPrivateKey_bio(NULL, NULL));
#if !defined(HAVE_FAST_RSA) && defined(WOLFSSL_KEY_GEN) && \
!defined(NO_RSA) && !defined(HAVE_USER_RSA)
{
RSA* rsa = NULL;
/* Tests bad parameters */
AssertNull(d2i_RSAPrivateKey_bio(NULL, NULL));
/* RSA not set yet, expecting to fail*/
AssertIntEQ(SSL_CTX_use_RSAPrivateKey(ctx, rsa), BAD_FUNC_ARG);
/* RSA not set yet, expecting to fail*/
AssertIntEQ(SSL_CTX_use_RSAPrivateKey(ctx, rsa), BAD_FUNC_ARG);
#if defined(USE_CERT_BUFFERS_2048) && defined(WOLFSSL_KEY_GEN)
/* set RSA using bio*/
AssertIntGT(BIO_write(bio, client_key_der_2048,
sizeof_client_key_der_2048), 0);
AssertNotNull(rsa = d2i_RSAPrivateKey_bio(bio, NULL));
/* set RSA using bio*/
AssertIntGT(BIO_write(bio, client_key_der_2048,
sizeof_client_key_der_2048), 0);
AssertNotNull(rsa = d2i_RSAPrivateKey_bio(bio, NULL));
AssertIntEQ(SSL_CTX_use_RSAPrivateKey(ctx, rsa), WOLFSSL_SUCCESS);
AssertIntEQ(SSL_CTX_use_RSAPrivateKey(ctx, rsa), WOLFSSL_SUCCESS);
/*i2d RSAprivate key tests */
AssertIntEQ(wolfSSL_i2d_RSAPrivateKey(NULL, NULL), BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_i2d_RSAPrivateKey(rsa, NULL), 1192);
AssertIntEQ(wolfSSL_i2d_RSAPrivateKey(rsa, &bufPtr),
sizeof_client_key_der_2048);
bufPtr = NULL;
AssertIntEQ(wolfSSL_i2d_RSAPrivateKey(rsa, &bufPtr),
sizeof_client_key_der_2048);
AssertNotNull(bufPtr);
XFREE(bufPtr, NULL, DYNAMIC_TYPE_OPENSSL);
/*i2d RSAprivate key tests */
AssertIntEQ(wolfSSL_i2d_RSAPrivateKey(NULL, NULL), BAD_FUNC_ARG);
AssertIntEQ(wolfSSL_i2d_RSAPrivateKey(rsa, NULL), 1192);
AssertIntEQ(wolfSSL_i2d_RSAPrivateKey(rsa, &bufPtr),
sizeof_client_key_der_2048);
bufPtr = NULL;
AssertIntEQ(wolfSSL_i2d_RSAPrivateKey(rsa, &bufPtr),
sizeof_client_key_der_2048);
AssertNotNull(bufPtr);
XFREE(bufPtr, NULL, DYNAMIC_TYPE_OPENSSL);
#endif /* USE_CERT_BUFFERS_2048 WOLFSSL_KEY_GEN */
RSA_free(rsa);
#endif /* NO_RSA */
RSA_free(rsa);
}
#endif /* !HAVE_FAST_RSA && WOLFSSL_KEY_GEN && !NO_RSA && !HAVE_USER_RSA*/
SSL_CTX_free(ctx);
ctx = NULL;
BIO_free(bio);
@ -24319,11 +24436,12 @@ static void test_wolfSSL_RSA(void)
static void test_wolfSSL_RSA_DER(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(HAVE_FAST_RSA)
#if !defined(HAVE_FAST_RSA) && defined(WOLFSSL_KEY_GEN) && \
!defined(NO_RSA) && !defined(HAVE_USER_RSA) && defined(OPENSSL_EXTRA)
RSA *rsa;
int i;
const unsigned char *buff;
const unsigned char *buff = NULL;
struct tbl_s
{
@ -29141,7 +29259,8 @@ static void test_wolfSSL_PEM_read(void)
static void test_wolfssl_EVP_aes_gcm(void)
{
#if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AESGCM)
#if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AESGCM) && \
!defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
/* A 256 bit key, AES_128 will use the first 128 bit*/
byte *key = (byte*)"01234567890123456789012345678901";
@ -29204,27 +29323,27 @@ static void test_wolfssl_EVP_aes_gcm(void)
if (i == 0) {
/* Default uses 96-bits IV length */
#ifdef WOLFSSL_AES_128
AssertIntEQ(1, EVP_EncryptInit_ex(&de[i], EVP_aes_128_gcm(), NULL, key, iv));
AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_128_gcm(), NULL, key, iv));
#elif defined(WOLFSSL_AES_192)
AssertIntEQ(1, EVP_EncryptInit_ex(&de[i], EVP_aes_192_gcm(), NULL, key, iv));
AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_192_gcm(), NULL, key, iv));
#elif defined(WOLFSSL_AES_256)
AssertIntEQ(1, EVP_EncryptInit_ex(&de[i], EVP_aes_256_gcm(), NULL, key, iv));
AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_256_gcm(), NULL, key, iv));
#endif
}
else {
#ifdef WOLFSSL_AES_128
AssertIntEQ(1, EVP_EncryptInit_ex(&de[i], EVP_aes_128_gcm(), NULL, NULL, NULL));
AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_128_gcm(), NULL, NULL, NULL));
#elif defined(WOLFSSL_AES_192)
AssertIntEQ(1, EVP_EncryptInit_ex(&de[i], EVP_aes_192_gcm(), NULL, NULL, NULL));
AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_192_gcm(), NULL, NULL, NULL));
#elif defined(WOLFSSL_AES_256)
AssertIntEQ(1, EVP_EncryptInit_ex(&de[i], EVP_aes_256_gcm(), NULL, NULL, NULL));
AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_256_gcm(), NULL, NULL, NULL));
#endif
/* non-default must to set the IV length first */
AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL));
AssertIntEQ(1, EVP_EncryptInit_ex(&de[i], NULL, NULL, key, iv));
AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], NULL, NULL, key, iv));
}
AssertIntEQ(1, EVP_EncryptUpdate(&de[i], NULL, &len, aad, aadSz));
AssertIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz));
AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_TAG, AES_BLOCK_SIZE, tag));
AssertIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, ciphertxtSz));
decryptedtxtSz = len;
@ -29235,15 +29354,11 @@ static void test_wolfssl_EVP_aes_gcm(void)
/* modify tag*/
tag[AES_BLOCK_SIZE-1]+=0xBB;
AssertIntEQ(1, EVP_EncryptUpdate(&de[i], NULL, &len, aad, aadSz));
AssertIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz));
AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_TAG, AES_BLOCK_SIZE, tag));
AssertIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, ciphertxtSz));
decryptedtxtSz = len;
AssertIntGT(EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len), 0);
decryptedtxtSz += len;
AssertIntEQ(ciphertxtSz, decryptedtxtSz);
/* decrypted text should not be equal to plain text*/
AssertIntNE(0, XMEMCMP(plaintxt, decryptedtxt, decryptedtxtSz));
/* fail due to wrong tag */
AssertIntEQ(0, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, ciphertxtSz));
AssertIntEQ(0, len);
}
printf(resultFmt, passed);
@ -30290,6 +30405,7 @@ void ApiTest(void)
test_wolfSSL_PEM_bio_ECKey();
test_wolfSSL_PEM_RSAPrivateKey();
test_wolfSSL_PEM_PUBKEY();
test_DSA_do_sign_verify();
test_wolfSSL_tmp_dh();
test_wolfSSL_ctrl();
test_wolfSSL_EVP_MD_size();
@ -30633,6 +30749,7 @@ void ApiTest(void)
test_wolfSSL_EVP_CIPHER_CTX();
test_wolfSSL_EC();
test_wolfSSL_ECDSA_SIG();
test_ECDSA_size_sign();
#endif
#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && \
!defined(HAVE_SELFTEST) && \

10
tests/unit.h
View File

@ -96,11 +96,11 @@
} while(0)
#define AssertPtrEq(x, y) AssertPtr(x, y, ==, !=)
#define AssertPtrNE(x, y) AssertInt(x, y, !=, ==)
#define AssertPtrGT(x, y) AssertInt(x, y, >, <=)
#define AssertPtrLT(x, y) AssertInt(x, y, <, >=)
#define AssertPtrGE(x, y) AssertInt(x, y, >=, <)
#define AssertPtrLE(x, y) AssertInt(x, y, <=, >)
#define AssertPtrNE(x, y) AssertPtr(x, y, !=, ==)
#define AssertPtrGT(x, y) AssertPtr(x, y, >, <=)
#define AssertPtrLT(x, y) AssertPtr(x, y, <, >=)
#define AssertPtrGE(x, y) AssertPtr(x, y, >=, <)
#define AssertPtrLE(x, y) AssertPtr(x, y, <=, >)
void ApiTest(void);

221
wolfcrypt/src/asn.c
View File

@ -78,9 +78,6 @@ ASN Options:
#include <wolfcrypt/src/misc.c>
#endif
#ifndef NO_PWDBASED
#include <wolfssl/wolfcrypt/aes.h>
#endif
#ifndef NO_RC4
#include <wolfssl/wolfcrypt/arc4.h>
#endif
@ -127,8 +124,9 @@ extern int wc_InitRsaHw(RsaKey* key);
#define ERROR_OUT(err, eLabel) { ret = (err); goto eLabel; }
#ifdef HAVE_SELFTEST
#if defined(HAVE_SELFTEST) || !defined(NO_SKID)
#ifndef WOLFSSL_AES_KEY_SIZE_ENUM
#define WOLFSSL_AES_KEY_SIZE_ENUM
enum Asn_Misc {
AES_IV_SIZE = 16,
AES_128_KEY_SIZE = 16,
@ -8784,7 +8782,6 @@ int ParseCert(DecodedCert* cert, int type, int verify, void* cm)
return ret;
}
/* from SSL proper, for locking can't do find here anymore */
#ifdef __cplusplus
extern "C" {
@ -8797,7 +8794,6 @@ int ParseCert(DecodedCert* cert, int type, int verify, void* cm)
}
#endif
#if defined(WOLFCRYPT_ONLY) || defined(NO_CERTS)
/* dummy functions, not using wolfSSL so don't need actual ones */
@ -9759,6 +9755,11 @@ const char* const END_ENC_PRIV_KEY = "-----END ENCRYPTED PRIVATE KEY-----";
const char* const BEGIN_DSA_PRIV = "-----BEGIN DSA PRIVATE KEY-----";
const char* const END_DSA_PRIV = "-----END DSA PRIVATE KEY-----";
#endif
#ifdef OPENSSL_EXTRA
const char BEGIN_PRIV_KEY_PREFIX[] = "-----BEGIN";
const char PRIV_KEY_SUFFIX[] = "PRIVATE KEY-----";
const char END_PRIV_KEY_PREFIX[] = "-----END";
#endif
const char* const BEGIN_PUB_KEY = "-----BEGIN PUBLIC KEY-----";
const char* const END_PUB_KEY = "-----END PUBLIC KEY-----";
#ifdef HAVE_ED25519
@ -10238,6 +10239,10 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
int padVal = 0;
#endif
#endif
#ifdef OPENSSL_EXTRA
char beginBuf[PEM_LINE_LEN];
char endBuf[PEM_LINE_LEN];
#endif
WOLFSSL_ENTER("PemToDer");
@ -10293,12 +10298,59 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
}
if (!headerEnd) {
#ifdef OPENSSL_EXTRA
char* beginEnd;
int endLen;
/* see if there is a -----BEGIN * PRIVATE KEY----- header */
headerEnd = XSTRNSTR((char*)buff, PRIV_KEY_SUFFIX, sz);
if (headerEnd) {
beginEnd = headerEnd + XSTR_SIZEOF(PRIV_KEY_SUFFIX);
/* back up to BEGIN_PRIV_KEY_PREFIX */
headerEnd -= XSTR_SIZEOF(BEGIN_PRIV_KEY_PREFIX);
while (headerEnd > (char*)buff &&
XSTRNCMP(headerEnd, BEGIN_PRIV_KEY_PREFIX,
XSTR_SIZEOF(BEGIN_PRIV_KEY_PREFIX)) != 0) {
headerEnd--;
}
if (XSTRNCMP(headerEnd, BEGIN_PRIV_KEY_PREFIX,
XSTR_SIZEOF(BEGIN_PRIV_KEY_PREFIX)) != 0 ||
beginEnd - headerEnd > PEM_LINE_LEN) {
WOLFSSL_MSG("Couldn't find PEM header");
return ASN_NO_PEM_HEADER;
}
/* headerEnd now points to beginning of header */
XMEMCPY(beginBuf, headerEnd, beginEnd - headerEnd);
beginBuf[beginEnd - headerEnd] = '\0';
/* look for matching footer */
footer = XSTRNSTR(beginEnd,
beginBuf + XSTR_SIZEOF(BEGIN_PRIV_KEY_PREFIX),
(unsigned int)((char*)buff + sz - beginEnd));
if (!footer) {
WOLFSSL_MSG("Couldn't find PEM footer");
return ASN_NO_PEM_HEADER;
}
footer -= XSTR_SIZEOF(END_PRIV_KEY_PREFIX);
endLen = (unsigned int)(beginEnd - headerEnd -
(XSTR_SIZEOF(BEGIN_PRIV_KEY_PREFIX) -
XSTR_SIZEOF(END_PRIV_KEY_PREFIX)));
XMEMCPY(endBuf, footer, endLen);
endBuf[endLen] = '\0';
header = beginBuf;
footer = endBuf;
headerEnd = beginEnd;
} else {
WOLFSSL_MSG("Couldn't find PEM header");
return ASN_NO_PEM_HEADER;
}
#else
WOLFSSL_MSG("Couldn't find PEM header");
return ASN_NO_PEM_HEADER;
#endif
} else {
headerEnd += XSTRLEN(header);
}
headerEnd += XSTRLEN(header);
/* eat end of line characters */
headerEnd = SkipEndOfLineChars(headerEnd, bufferEnd);
@ -10327,7 +10379,7 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
#endif /* WOLFSSL_ENCRYPTED_KEYS */
/* find footer */
footerEnd = XSTRNSTR((char*)buff, footer, sz);
footerEnd = XSTRNSTR(headerEnd, footer, (unsigned int)((char*)buff + sz - headerEnd));
if (!footerEnd) {
if (info)
info->consumed = longSz; /* No more certs if no footer */
@ -10363,6 +10415,9 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
return BUFFER_E;
if ((header == BEGIN_PRIV_KEY
#ifdef OPENSSL_EXTRA
|| header == beginBuf
#endif
#ifdef HAVE_ECC
|| header == BEGIN_EC_PRIV
#endif
@ -10444,8 +10499,18 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
#endif /* !NO_WOLFSSL_SKIP_TRAILING_PAD */
}
#ifdef OPENSSL_EXTRA
if (ret) {
PEMerr(0, PEM_R_BAD_DECRYPT);
}
#endif
ForceZero(password, passwordSz);
}
#ifdef OPENSSL_EXTRA
else {
PEMerr(0, PEM_R_BAD_PASSWORD_READ);
}
#endif
#ifdef WOLFSSL_SMALL_STACK
XFREE(password, heap, DYNAMIC_TYPE_STRING);
@ -11029,7 +11094,7 @@ int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen)
byte ver[MAX_VERSION_SZ];
byte* tmps[RSA_INTS];
if (!key || !output)
if (!key)
return BAD_FUNC_ARG;
if (key->type != RSA_PRIVATE)
@ -11068,20 +11133,22 @@ int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen)
seqSz = SetSequence(verSz + intTotalLen, seq);
outLen = seqSz + verSz + intTotalLen;
if (outLen > (int)inLen) {
FreeTmpRsas(tmps, key->heap);
return BAD_FUNC_ARG;
}
if (output) {
if (outLen > (int)inLen) {
FreeTmpRsas(tmps, key->heap);
return BAD_FUNC_ARG;
}
/* write to output */
XMEMCPY(output, seq, seqSz);
j = seqSz;
XMEMCPY(output + j, ver, verSz);
j += verSz;
/* write to output */
XMEMCPY(output, seq, seqSz);
j = seqSz;
XMEMCPY(output + j, ver, verSz);
j += verSz;
for (i = 0; i < RSA_INTS; i++) {
XMEMCPY(output + j, tmps[i], sizes[i]);
j += sizes[i];
for (i = 0; i < RSA_INTS; i++) {
XMEMCPY(output + j, tmps[i], sizes[i]);
j += sizes[i];
}
}
FreeTmpRsas(tmps, key->heap);
@ -12901,36 +12968,36 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
/* write DER encoded cert to buffer, size already checked */
static int WriteCertBody(DerCert* der, byte* buffer)
static int WriteCertBody(DerCert* der, byte* buf)
{
int idx;
/* signed part header */
idx = SetSequence(der->total, buffer);
idx = SetSequence(der->total, buf);
/* version */
XMEMCPY(buffer + idx, der->version, der->versionSz);
XMEMCPY(buf + idx, der->version, der->versionSz);
idx += der->versionSz;
/* serial */
XMEMCPY(buffer + idx, der->serial, der->serialSz);
XMEMCPY(buf + idx, der->serial, der->serialSz);
idx += der->serialSz;
/* sig algo */
XMEMCPY(buffer + idx, der->sigAlgo, der->sigAlgoSz);
XMEMCPY(buf + idx, der->sigAlgo, der->sigAlgoSz);
idx += der->sigAlgoSz;
/* issuer */
XMEMCPY(buffer + idx, der->issuer, der->issuerSz);
XMEMCPY(buf + idx, der->issuer, der->issuerSz);
idx += der->issuerSz;
/* validity */
XMEMCPY(buffer + idx, der->validity, der->validitySz);
XMEMCPY(buf + idx, der->validity, der->validitySz);
idx += der->validitySz;
/* subject */
XMEMCPY(buffer + idx, der->subject, der->subjectSz);
XMEMCPY(buf + idx, der->subject, der->subjectSz);
idx += der->subjectSz;
/* public key */
XMEMCPY(buffer + idx, der->publicKey, der->publicKeySz);
XMEMCPY(buf + idx, der->publicKey, der->publicKeySz);
idx += der->publicKeySz;
if (der->extensionsSz) {
/* extensions */
XMEMCPY(buffer + idx, der->extensions, min(der->extensionsSz,
XMEMCPY(buf + idx, der->extensions, min(der->extensionsSz,
(int)sizeof(der->extensions)));
idx += der->extensionsSz;
}
@ -12940,7 +13007,7 @@ static int WriteCertBody(DerCert* der, byte* buffer)
/* Make RSA signature from buffer (sz), write to sig (sigSz) */
static int MakeSignature(CertSignCtx* certSignCtx, const byte* buffer, int sz,
static int MakeSignature(CertSignCtx* certSignCtx, const byte* buf, int sz,
byte* sig, int sigSz, RsaKey* rsaKey, ecc_key* eccKey,
ed25519_key* ed25519Key, WC_RNG* rng, int sigAlgoType, void* heap)
{
@ -12948,7 +13015,7 @@ static int MakeSignature(CertSignCtx* certSignCtx, const byte* buffer, int sz,
(void)digestSz;
(void)typeH;
(void)buffer;
(void)buf;
(void)sz;
(void)sig;
(void)sigSz;
@ -12969,7 +13036,7 @@ static int MakeSignature(CertSignCtx* certSignCtx, const byte* buffer, int sz,
ret = MEMORY_E; goto exit_ms;
}
ret = HashForSignature(buffer, sz, sigAlgoType, certSignCtx->digest,
ret = HashForSignature(buf, sz, sigAlgoType, certSignCtx->digest,
&typeH, &digestSz, 0);
/* set next state, since WC_PENDING_E rentry for these are not "call again" */
certSignCtx->state = CERTSIGN_STATE_ENCODE;
@ -13021,7 +13088,7 @@ static int MakeSignature(CertSignCtx* certSignCtx, const byte* buffer, int sz,
if (!rsaKey && !eccKey && ed25519Key) {
word32 outSz = sigSz;
ret = wc_ed25519_sign_msg(buffer, sz, sig, &outSz, ed25519Key);
ret = wc_ed25519_sign_msg(buf, sz, sig, &outSz, ed25519Key);
if (ret == 0)
ret = outSz;
}
@ -13055,26 +13122,26 @@ exit_ms:
/* add signature to end of buffer, size of buffer assumed checked, return
new length */
static int AddSignature(byte* buffer, int bodySz, const byte* sig, int sigSz,
static int AddSignature(byte* buf, int bodySz, const byte* sig, int sigSz,
int sigAlgoType)
{
byte seq[MAX_SEQ_SZ];
int idx = bodySz, seqSz;
/* algo */
idx += SetAlgoID(sigAlgoType, buffer ? buffer + idx : NULL, oidSigType, 0);
idx += SetAlgoID(sigAlgoType, buf ? buf + idx : NULL, oidSigType, 0);
/* bit string */
idx += SetBitString(sigSz, 0, buffer ? buffer + idx : NULL);
idx += SetBitString(sigSz, 0, buf ? buf + idx : NULL);
/* signature */
if (buffer)
XMEMCPY(buffer + idx, sig, sigSz);
if (buf)
XMEMCPY(buf + idx, sig, sigSz);
idx += sigSz;
/* make room for overall header */
seqSz = SetSequence(idx, seq);
if (buffer) {
XMEMMOVE(buffer + seqSz, buffer, idx);
XMEMCPY(buffer, seq, seqSz);
if (buf) {
XMEMMOVE(buf + seqSz, buf, idx);
XMEMCPY(buf, seq, seqSz);
}
return idx + seqSz;
@ -13420,32 +13487,32 @@ static int EncodeCertReq(Cert* cert, DerCert* der, RsaKey* rsaKey,
/* write DER encoded cert req to buffer, size already checked */
static int WriteCertReqBody(DerCert* der, byte* buffer)
static int WriteCertReqBody(DerCert* der, byte* buf)
{
int idx;
/* signed part header */
idx = SetSequence(der->total, buffer);
idx = SetSequence(der->total, buf);
/* version */
if (buffer)
XMEMCPY(buffer + idx, der->version, der->versionSz);
if (buf)
XMEMCPY(buf + idx, der->version, der->versionSz);
idx += der->versionSz;
/* subject */
if (buffer)
XMEMCPY(buffer + idx, der->subject, der->subjectSz);
if (buf)
XMEMCPY(buf + idx, der->subject, der->subjectSz);
idx += der->subjectSz;
/* public key */
if (buffer)
XMEMCPY(buffer + idx, der->publicKey, der->publicKeySz);
if (buf)
XMEMCPY(buf + idx, der->publicKey, der->publicKeySz);
idx += der->publicKeySz;
/* attributes */
if (buffer)
XMEMCPY(buffer + idx, der->attrib, der->attribSz);
if (buf)
XMEMCPY(buf + idx, der->attrib, der->attribSz);
idx += der->attribSz;
/* extensions */
if (der->extensionsSz) {
if (buffer)
XMEMCPY(buffer + idx, der->extensions, min(der->extensionsSz,
if (buf)
XMEMCPY(buf + idx, der->extensions, min(der->extensionsSz,
(int)sizeof(der->extensions)));
idx += der->extensionsSz;
}
@ -13514,7 +13581,7 @@ int wc_MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz,
#endif /* WOLFSSL_CERT_REQ */
static int SignCert(int requestSz, int sType, byte* buffer, word32 buffSz,
static int SignCert(int requestSz, int sType, byte* buf, word32 buffSz,
RsaKey* rsaKey, ecc_key* eccKey, ed25519_key* ed25519Key,
WC_RNG* rng)
{
@ -13568,7 +13635,7 @@ static int SignCert(int requestSz, int sType, byte* buffer, word32 buffSz,
return MEMORY_E;
}
sigSz = MakeSignature(certSignCtx, buffer, requestSz, certSignCtx->sig,
sigSz = MakeSignature(certSignCtx, buf, requestSz, certSignCtx->sig,
MAX_ENCODED_SIG_SZ, rsaKey, eccKey, ed25519Key, rng, sType, heap);
#ifdef WOLFSSL_ASYNC_CRYPT
if (sigSz == WC_PENDING_E) {
@ -13582,7 +13649,7 @@ static int SignCert(int requestSz, int sType, byte* buffer, word32 buffSz,
if (requestSz + MAX_SEQ_SZ * 2 + sigSz > (int)buffSz)
sigSz = BUFFER_E;
else
sigSz = AddSignature(buffer, requestSz, certSignCtx->sig, sigSz,
sigSz = AddSignature(buf, requestSz, certSignCtx->sig, sigSz,
sType);
}
@ -13592,7 +13659,7 @@ static int SignCert(int requestSz, int sType, byte* buffer, word32 buffSz,
return sigSz;
}
int wc_SignCert_ex(int requestSz, int sType, byte* buffer, word32 buffSz,
int wc_SignCert_ex(int requestSz, int sType, byte* buf, word32 buffSz,
int keyType, void* key, WC_RNG* rng)
{
RsaKey* rsaKey = NULL;
@ -13606,28 +13673,28 @@ int wc_SignCert_ex(int requestSz, int sType, byte* buffer, word32 buffSz,
else if (keyType == ED25519_TYPE)
ed25519Key = (ed25519_key*)key;
return SignCert(requestSz, sType, buffer, buffSz, rsaKey, eccKey,
return SignCert(requestSz, sType, buf, buffSz, rsaKey, eccKey,
ed25519Key, rng);
}
int wc_SignCert(int requestSz, int sType, byte* buffer, word32 buffSz,
int wc_SignCert(int requestSz, int sType, byte* buf, word32 buffSz,
RsaKey* rsaKey, ecc_key* eccKey, WC_RNG* rng)
{
return SignCert(requestSz, sType, buffer, buffSz, rsaKey, eccKey, NULL,
return SignCert(requestSz, sType, buf, buffSz, rsaKey, eccKey, NULL,
rng);
}
int wc_MakeSelfCert(Cert* cert, byte* buffer, word32 buffSz,
int wc_MakeSelfCert(Cert* cert, byte* buf, word32 buffSz,
RsaKey* key, WC_RNG* rng)
{
int ret;
ret = wc_MakeCert(cert, buffer, buffSz, key, NULL, rng);
ret = wc_MakeCert(cert, buf, buffSz, key, NULL, rng);
if (ret < 0)
return ret;
return wc_SignCert(cert->bodySz, cert->sigType,
buffer, buffSz, key, NULL, rng);
buf, buffSz, key, NULL, rng);
}
@ -13650,7 +13717,7 @@ static int SetKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey, ecc_key *eckey,
byte *ntruKey, word16 ntruKeySz,
ed25519_key* ed25519Key, int kid_type)
{
byte *buffer;
byte *buf;
int bufferSz, ret;
if (cert == NULL ||
@ -13659,9 +13726,9 @@ static int SetKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey, ecc_key *eckey,
(kid_type != SKID_TYPE && kid_type != AKID_TYPE))
return BAD_FUNC_ARG;
buffer = (byte *)XMALLOC(MAX_PUBLIC_KEY_SZ, cert->heap,
buf = (byte *)XMALLOC(MAX_PUBLIC_KEY_SZ, cert->heap,
DYNAMIC_TYPE_TMP_BUFFER);
if (buffer == NULL)
if (buf == NULL)
return MEMORY_E;
/* Public Key */
@ -13669,19 +13736,19 @@ static int SetKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey, ecc_key *eckey,
#ifndef NO_RSA
/* RSA public key */
if (rsakey != NULL)
bufferSz = SetRsaPublicKey(buffer, rsakey, MAX_PUBLIC_KEY_SZ, 0);
bufferSz = SetRsaPublicKey(buf, rsakey, MAX_PUBLIC_KEY_SZ, 0);
#endif
#ifdef HAVE_ECC
/* ECC public key */
if (eckey != NULL)
bufferSz = SetEccPublicKey(buffer, eckey, 0);
bufferSz = SetEccPublicKey(buf, eckey, 0);
#endif
#ifdef HAVE_NTRU
/* NTRU public key */
if (ntruKey != NULL) {
bufferSz = MAX_PUBLIC_KEY_SZ;
ret = ntru_crypto_ntru_encrypt_publicKey2SubjectPublicKeyInfo(
ntruKeySz, ntruKey, (word16 *)(&bufferSz), buffer);
ntruKeySz, ntruKey, (word16 *)(&bufferSz), buf);
if (ret != NTRU_OK)
bufferSz = -1;
}
@ -13691,27 +13758,27 @@ static int SetKeyIdFromPublicKey(Cert *cert, RsaKey *rsakey, ecc_key *eckey,
#ifdef HAVE_ED25519
/* ED25519 public key */
if (ed25519Key != NULL)
bufferSz = SetEd25519PublicKey(buffer, ed25519Key, 0);
bufferSz = SetEd25519PublicKey(buf, ed25519Key, 0);
#endif
if (bufferSz <= 0) {
XFREE(buffer, cert->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(buf, cert->heap, DYNAMIC_TYPE_TMP_BUFFER);
return PUBLIC_KEY_E;
}
/* Compute SKID by hashing public key */
if (kid_type == SKID_TYPE) {
ret = CalcHashId(buffer, bufferSz, cert->skid);
ret = CalcHashId(buf, bufferSz, cert->skid);
cert->skidSz = KEYID_SIZE;
}
else if (kid_type == AKID_TYPE) {
ret = CalcHashId(buffer, bufferSz, cert->akid);
ret = CalcHashId(buf, bufferSz, cert->akid);
cert->akidSz = KEYID_SIZE;
}
else
ret = BAD_FUNC_ARG;
XFREE(buffer, cert->heap, DYNAMIC_TYPE_TMP_BUFFER);
XFREE(buf, cert->heap, DYNAMIC_TYPE_TMP_BUFFER);
return ret;
}

86
wolfcrypt/src/coding.c
View File

@ -57,27 +57,81 @@ const byte base64Decode[] = { 62, BAD, BAD, BAD, 63, /* + starts at 0x2B */
46, 47, 48, 49, 50, 51
};
static WC_INLINE int Base64_SkipNewline(const byte* in, word32 *inLen, word32 *outJ)
{
word32 len = *inLen;
word32 j = *outJ;
if (len && (in[j] == ' ' || in[j] == '\r' || in[j] == '\n')) {
byte endLine = in[j++];
len--;
while (len && endLine == ' ') { /* allow trailing whitespace */
endLine = in[j++];
len--;
}
if (endLine == '\r') {
if (len) {
endLine = in[j++];
len--;
}
}
if (endLine != '\n') {
WOLFSSL_MSG("Bad end of line in Base64 Decode");
return ASN_INPUT_E;
}
}
if (!len) {
return BUFFER_E;
}
*inLen = len;
*outJ = j;
return 0;
}
int Base64_Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
{
word32 i = 0;
word32 j = 0;
word32 plainSz = inLen - ((inLen + (PEM_LINE_SZ - 1)) / PEM_LINE_SZ );
int ret;
const byte maxIdx = (byte)sizeof(base64Decode) + BASE64_MIN - 1;
plainSz = (plainSz * 3 + 3) / 4;
if (plainSz > *outLen) return BAD_FUNC_ARG;
while (inLen > 3) {
byte b1, b2, b3;
byte e1 = in[j++];
byte e2 = in[j++];
byte e3 = in[j++];
byte e4 = in[j++];
int pad3 = 0;
int pad4 = 0;
byte b1, b2, b3;
byte e1, e2, e3, e4;
if ((ret = Base64_SkipNewline(in, &inLen, &j)) != 0) {
if (ret == BUFFER_E) {
/* Running out of buffer here is not an error */
break;
}
return ret;
}
e1 = in[j++];
if (e1 == '\0') {
break;
}
inLen--;
if ((ret = Base64_SkipNewline(in, &inLen, &j)) != 0) {
return ret;
}
e2 = in[j++];
inLen--;
if ((ret = Base64_SkipNewline(in, &inLen, &j)) != 0) {
return ret;
}
e3 = in[j++];
inLen--;
if ((ret = Base64_SkipNewline(in, &inLen, &j)) != 0) {
return ret;
}
e4 = in[j++];
inLen--;
if (e1 == 0) /* end file 0's */
break;
if (e3 == PAD)
@ -116,26 +170,6 @@ int Base64_Decode(const byte* in, word32 inLen, byte* out, word32* outLen)
out[i++] = b3;
else
break;
inLen -= 4;
if (inLen && (in[j] == ' ' || in[j] == '\r' || in[j] == '\n')) {
byte endLine = in[j++];
inLen--;
while (inLen && endLine == ' ') { /* allow trailing whitespace */
endLine = in[j++];
inLen--;
}
if (endLine == '\r') {
if (inLen) {
endLine = in[j++];
inLen--;
}
}
if (endLine != '\n') {
WOLFSSL_MSG("Bad end of line in Base64 Decode");
return ASN_INPUT_E;
}
}
}
/* If the output buffer has a room for an extra byte, add a null terminator */
if (out && *outLen > i)

8
wolfcrypt/src/dsa.c
View File

@ -42,14 +42,6 @@
#include <wolfcrypt/src/misc.c>
#endif
enum {
DSA_HALF_SIZE = 20, /* r and s size */
DSA_SIG_SIZE = 40 /* signature size */
};
int wc_InitDsaKey(DsaKey* key)
{
if (key == NULL)

2
wolfcrypt/src/ecc.c
View File

@ -2281,7 +2281,7 @@ int ecc_projective_dbl_point(ecc_point *P, ecc_point *R, mp_int* a,
/**
Map a projective jacbobian point back to affine space
Map a projective Jacobian point back to affine space
P [in/out] The point to map
modulus The modulus of the field the ECC curve is in
mp The "b" value from montgomery_setup()

3
wolfcrypt/src/evp.c
View File

@ -1247,7 +1247,8 @@ int wolfSSL_EVP_PKEY_keygen(WOLFSSL_EVP_PKEY_CTX *ctx,
}
switch (pkey->type) {
#if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
#if !defined(HAVE_FAST_RSA) && defined(WOLFSSL_KEY_GEN) && \
!defined(NO_RSA) && !defined(HAVE_USER_RSA)
case EVP_PKEY_RSA:
pkey->rsa = wolfSSL_RSA_generate_key(ctx->nbits, WC_RSA_EXPONENT,
NULL, NULL);

15
wolfcrypt/src/logging.c
View File

@ -137,6 +137,16 @@ int wolfSSL_SetLoggingCb(wolfSSL_Logging_cb f)
#endif
}
/* allow this to be set to NULL, so logs can be redirected to default output */
wolfSSL_Logging_cb wolfSSL_GetLoggingCb(void)
{
#ifdef DEBUG_WOLFSSL
return log_function;
#else
return NULL;
#endif
}
int wolfSSL_Debugging_ON(void)
{
@ -346,6 +356,11 @@ void WOLFSSL_LEAVE(const char* msg, int ret)
wolfssl_log(LEAVE_LOG , buffer);
}
}
WOLFSSL_API int WOLFSSL_IS_DEBUG_ON(void)
{
return loggingEnabled;
}
#endif /* !WOLFSSL_DEBUG_ERRORS_ONLY */
#endif /* DEBUG_WOLFSSL */

2
wolfcrypt/test/test.c
View File

@ -1383,7 +1383,7 @@ int base64_test(void)
#endif
const byte badSmall[] = "AAA Gdj=";
const byte badLarge[] = "AAA~Gdj=";
const byte badEOL[] = "A+Gd ";
const byte badEOL[] = "A+Gd AA";
int i;
/* Good Base64 encodings. */

26
wolfcrypt/user-crypto/src/rsa.c
View File

@ -2663,7 +2663,7 @@ int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen)
USER_DEBUG(("Entering RsaKeyToDer\n"));
if (!key || !output)
if (!key)
return USER_CRYPTO_ERROR;
if (key->type != RSA_PRIVATE)
@ -2739,19 +2739,21 @@ int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen)
seqSz = SetSequence(verSz + intTotalLen, seq);
outLen = seqSz + verSz + intTotalLen;
if (outLen > (int)inLen) {
return USER_CRYPTO_ERROR;
}
if (output) {
if (outLen > (int)inLen) {
return USER_CRYPTO_ERROR;
}
/* write to output */
XMEMCPY(output, seq, seqSz);
j = seqSz;
XMEMCPY(output + j, ver, verSz);
j += verSz;
/* write to output */
XMEMCPY(output, seq, seqSz);
j = seqSz;
XMEMCPY(output + j, ver, verSz);
j += verSz;
for (i = 0; i < RSA_INTS; i++) {
XMEMCPY(output + j, tmps[i], sizes[i]);
j += sizes[i];
for (i = 0; i < RSA_INTS; i++) {
XMEMCPY(output + j, tmps[i], sizes[i]);
j += sizes[i];
}
}
FreeTmpRsas(tmps, key->heap);

14
wolfssl/internal.h
View File

@ -1329,11 +1329,13 @@ enum Misc {
#endif
#ifdef HAVE_SELFTEST
#ifndef WOLFSSL_AES_KEY_SIZE_ENUM
#define WOLFSSL_AES_KEY_SIZE_ENUM
AES_IV_SIZE = 16,
AES_128_KEY_SIZE = 16,
AES_192_KEY_SIZE = 24,
AES_256_KEY_SIZE = 32,
#endif
#endif
MAX_IV_SZ = AES_BLOCK_SIZE,
@ -2740,7 +2742,7 @@ struct WOLFSSL_CTX {
void* userPRFArg; /* passed to prf callback */
#endif
#ifdef HAVE_EX_DATA
void* ex_data[MAX_EX_DATA];
WOLFSSL_CRYPTO_EX_DATA ex_data;
#endif
#if defined(HAVE_ALPN) && (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY))
CallbackALPNSelect alpnSelect;
@ -2748,7 +2750,7 @@ struct WOLFSSL_CTX {
#endif
#if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || \
defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY) || \
defined(WOLFSSL_HAPROXY)))
defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_OPENSSH) ))
CallbackSniRecv sniRecvCb;
void* sniRecvCbArg;
#endif
@ -3121,7 +3123,7 @@ struct WOLFSSL_SESSION {
byte isAlloced;
#endif
#ifdef HAVE_EX_DATA
void* ex_data[MAX_EX_DATA];
WOLFSSL_CRYPTO_EX_DATA ex_data;
#endif
};
@ -3597,7 +3599,7 @@ struct WOLFSSL_X509 {
#endif
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
#ifdef HAVE_EX_DATA
void* ex_data[MAX_EX_DATA];
WOLFSSL_CRYPTO_EX_DATA ex_data;
#endif
byte* authKeyId;
byte* subjKeyId;
@ -4007,7 +4009,7 @@ struct WOLFSSL {
#endif
byte keepCert; /* keep certificate after handshake */
#if defined(HAVE_EX_DATA) || defined(FORTRESS)
void* ex_data[MAX_EX_DATA]; /* external data, for Fortress */
WOLFSSL_CRYPTO_EX_DATA ex_data; /* external data, for Fortress */
#endif
int devId; /* async device id to use */
#ifdef HAVE_ONE_TIME_AUTH
@ -4239,8 +4241,6 @@ static const byte server[SIZEOF_SENDER] = { 0x53, 0x52, 0x56, 0x52 };
static const byte tls_client[FINISHED_LABEL_SZ + 1] = "client finished";
static const byte tls_server[FINISHED_LABEL_SZ + 1] = "server finished";
#define STR_SIZEOF(x) (sizeof(x) - 1) /* -1 to not count the null char */
#ifdef OPENSSL_EXTRA
typedef struct {
int name_len;

6
wolfssl/openssl/bn.h
View File

@ -64,6 +64,7 @@ WOLFSSL_API void wolfSSL_BN_init(WOLFSSL_BIGNUM *);
#endif
WOLFSSL_API void wolfSSL_BN_free(WOLFSSL_BIGNUM*);
WOLFSSL_API void wolfSSL_BN_clear_free(WOLFSSL_BIGNUM*);
WOLFSSL_API void wolfSSL_BN_clear(WOLFSSL_BIGNUM*);
WOLFSSL_API int wolfSSL_BN_sub(WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*,
@ -110,6 +111,7 @@ WOLFSSL_API char* wolfSSL_BN_bn2dec(const WOLFSSL_BIGNUM*);
WOLFSSL_API int wolfSSL_BN_lshift(WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*, int);
WOLFSSL_API int wolfSSL_BN_add_word(WOLFSSL_BIGNUM*, WOLFSSL_BN_ULONG);
WOLFSSL_API int wolfSSL_BN_set_bit(WOLFSSL_BIGNUM*, int);
WOLFSSL_API int wolfSSL_BN_clear_bit(WOLFSSL_BIGNUM*, int);
WOLFSSL_API int wolfSSL_BN_set_word(WOLFSSL_BIGNUM*, WOLFSSL_BN_ULONG);
WOLFSSL_API unsigned long wolfSSL_BN_get_word(const WOLFSSL_BIGNUM*);
@ -141,6 +143,7 @@ typedef WOLFSSL_BN_GENCB BN_GENCB;
#define BN_init wolfSSL_BN_init
#define BN_free wolfSSL_BN_free
#define BN_clear_free wolfSSL_BN_clear_free
#define BN_clear wolfSSL_BN_clear
#define BN_num_bytes wolfSSL_BN_num_bytes
#define BN_num_bits wolfSSL_BN_num_bits
@ -184,6 +187,7 @@ typedef WOLFSSL_BN_GENCB BN_GENCB;
#define BN_add wolfSSL_BN_add
#define BN_set_word wolfSSL_BN_set_word
#define BN_set_bit wolfSSL_BN_set_bit
#define BN_clear_bit wolfSSL_BN_clear_bit
#define BN_is_prime_ex wolfSSL_BN_is_prime_ex
@ -196,6 +200,8 @@ typedef WOLFSSL_BN_GENCB BN_GENCB;
#define BN_mod_inverse wolfSSL_BN_mod_inverse
#define BN_set_flags(x1, x2)
#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
#define BN_get_rfc2409_prime_768 wolfSSL_DH_768_prime
#define BN_get_rfc2409_prime_1024 wolfSSL_DH_1024_prime

2
wolfssl/openssl/crypto.h
View File

@ -35,6 +35,7 @@
WOLFSSL_API const char* wolfSSLeay_version(int type);
WOLFSSL_API unsigned long wolfSSLeay(void);
WOLFSSL_API unsigned long wolfSSL_OpenSSL_version_num(void);
#ifdef OPENSSL_EXTRA
WOLFSSL_API void wolfSSL_OPENSSL_free(void*);
@ -45,6 +46,7 @@ WOLFSSL_API void *wolfSSL_OPENSSL_malloc(size_t a);
#define SSLeay_version wolfSSLeay_version
#define SSLeay wolfSSLeay
#define OpenSSL_version_num wolfSSL_OpenSSL_version_num
#ifdef WOLFSSL_QT
#define SSLEAY_VERSION 0x10001000L

20
wolfssl/openssl/dsa.h
View File

@ -31,6 +31,11 @@
extern "C" {
#endif
typedef struct WOLFSSL_DSA_SIG {
WOLFSSL_BIGNUM *r;
WOLFSSL_BIGNUM *s;
} WOLFSSL_DSA_SIG;
#ifndef WOLFSSL_DSA_TYPE_DEFINED /* guard on redeclaration */
typedef struct WOLFSSL_DSA WOLFSSL_DSA;
#define WOLFSSL_DSA_TYPE_DEFINED
@ -75,16 +80,31 @@ WOLFSSL_API int wolfSSL_DSA_do_verify(const unsigned char* d,
unsigned char* sig,
WOLFSSL_DSA* dsa, int *dsacheck);
WOLFSSL_API WOLFSSL_DSA_SIG* wolfSSL_DSA_SIG_new(void);
WOLFSSL_API void wolfSSL_DSA_SIG_free(WOLFSSL_DSA_SIG *sig);
WOLFSSL_API WOLFSSL_DSA_SIG* wolfSSL_DSA_do_sign_ex(const unsigned char* digest,
int outLen, WOLFSSL_DSA* dsa);
WOLFSSL_API int wolfSSL_DSA_do_verify_ex(const unsigned char* digest, int digest_len,
WOLFSSL_DSA_SIG* sig, WOLFSSL_DSA* dsa);
#define WOLFSSL_DSA_LOAD_PRIVATE 1
#define WOLFSSL_DSA_LOAD_PUBLIC 2
#define DSA_new wolfSSL_DSA_new
#define DSA_free wolfSSL_DSA_free
#define DSA_LoadDer wolfSSL_DSA_LoadDer
#define DSA_generate_key wolfSSL_DSA_generate_key
#define DSA_generate_parameters wolfSSL_DSA_generate_parameters
#define DSA_generate_parameters_ex wolfSSL_DSA_generate_parameters_ex
#define DSA_SIG_new wolfSSL_DSA_SIG_new
#define DSA_SIG_free wolfSSL_DSA_SIG_free
#define DSA_do_sign wolfSSL_DSA_do_sign_ex
#define DSA_do_verify wolfSSL_DSA_do_verify_ex
#define DSA_SIG WOLFSSL_DSA_SIG
#ifdef __cplusplus
} /* extern "C" */

47
wolfssl/openssl/ec.h
View File

@ -76,11 +76,14 @@ typedef struct WOLFSSL_EC_KEY WOLFSSL_EC_KEY;
typedef struct WOLFSSL_EC_POINT WOLFSSL_EC_POINT;
typedef struct WOLFSSL_EC_GROUP WOLFSSL_EC_GROUP;
typedef struct WOLFSSL_EC_BUILTIN_CURVE WOLFSSL_EC_BUILTIN_CURVE;
/* WOLFSSL_EC_METHOD is just an alias of WOLFSSL_EC_GROUP for now */
typedef struct WOLFSSL_EC_GROUP WOLFSSL_EC_METHOD;
#define WOLFSSL_EC_TYPE_DEFINED
#endif
typedef WOLFSSL_EC_KEY EC_KEY;
typedef WOLFSSL_EC_GROUP EC_GROUP;
typedef WOLFSSL_EC_GROUP EC_METHOD;
typedef WOLFSSL_EC_POINT EC_POINT;
typedef WOLFSSL_EC_BUILTIN_CURVE EC_builtin_curve;
@ -132,6 +135,21 @@ WOLFSSL_API
int wolfSSL_ECPoint_d2i(unsigned char *in, unsigned int len,
const WOLFSSL_EC_GROUP *curve, WOLFSSL_EC_POINT *p);
WOLFSSL_API
size_t wolfSSL_EC_POINT_point2oct(const WOLFSSL_EC_GROUP *group,
const WOLFSSL_EC_POINT *p,
char form,
byte *buf, size_t len, WOLFSSL_BN_CTX *ctx);
WOLFSSL_API
int wolfSSL_EC_POINT_oct2point(const WOLFSSL_EC_GROUP *group,
WOLFSSL_EC_POINT *p, const unsigned char *buf,
size_t len, WOLFSSL_BN_CTX *ctx);
WOLFSSL_API
WOLFSSL_BIGNUM *wolfSSL_EC_POINT_point2bn(const WOLFSSL_EC_GROUP *group,
const WOLFSSL_EC_POINT *p,
char form,
WOLFSSL_BIGNUM *in, WOLFSSL_BN_CTX *ctx);
WOLFSSL_API
int wolfSSL_EC_KEY_LoadDer(WOLFSSL_EC_KEY* key,
const unsigned char* der, int derSz);
WOLFSSL_API
@ -162,6 +180,10 @@ void wolfSSL_EC_KEY_set_asn1_flag(WOLFSSL_EC_KEY *key, int asn1_flag);
WOLFSSL_API
int wolfSSL_EC_KEY_set_public_key(WOLFSSL_EC_KEY *key,
const WOLFSSL_EC_POINT *pub);
WOLFSSL_API int wolfSSL_ECDSA_size(const WOLFSSL_EC_KEY *key);
WOLFSSL_API int wolfSSL_ECDSA_sign(int type, const unsigned char *digest,
int digestSz, unsigned char *sig,
unsigned int *sigSz, WOLFSSL_EC_KEY *key);
WOLFSSL_API
void wolfSSL_EC_GROUP_set_asn1_flag(WOLFSSL_EC_GROUP *group, int flag);
WOLFSSL_API
@ -181,6 +203,11 @@ int wolfSSL_EC_GROUP_order_bits(const WOLFSSL_EC_GROUP *group);
WOLFSSL_API
void wolfSSL_EC_GROUP_free(WOLFSSL_EC_GROUP *group);
WOLFSSL_API
const WOLFSSL_EC_METHOD* wolfSSL_EC_GROUP_method_of(
const WOLFSSL_EC_GROUP *group);
WOLFSSL_API
int wolfSSL_EC_METHOD_get_field_type(const WOLFSSL_EC_METHOD *meth);
WOLFSSL_API
WOLFSSL_EC_POINT *wolfSSL_EC_POINT_new(const WOLFSSL_EC_GROUP *group);
WOLFSSL_API
int wolfSSL_EC_POINT_get_affine_coordinates_GFp(const WOLFSSL_EC_GROUP *group,
@ -189,6 +216,12 @@ int wolfSSL_EC_POINT_get_affine_coordinates_GFp(const WOLFSSL_EC_GROUP *group,
WOLFSSL_BIGNUM *y,
WOLFSSL_BN_CTX *ctx);
WOLFSSL_API
int wolfSSL_EC_POINT_set_affine_coordinates_GFp(const WOLFSSL_EC_GROUP *group,
WOLFSSL_EC_POINT *point,
const WOLFSSL_BIGNUM *x,
const WOLFSSL_BIGNUM *y,
WOLFSSL_BN_CTX *ctx);
WOLFSSL_API
int wolfSSL_EC_POINT_mul(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r,
const WOLFSSL_BIGNUM *n,
const WOLFSSL_EC_POINT *q, const WOLFSSL_BIGNUM *m,
@ -229,6 +262,9 @@ char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group,
#define EC_KEY_set_asn1_flag wolfSSL_EC_KEY_set_asn1_flag
#define EC_KEY_set_public_key wolfSSL_EC_KEY_set_public_key
#define ECDSA_size wolfSSL_ECDSA_size
#define ECDSA_sign wolfSSL_ECDSA_sign
#define EC_GROUP_free wolfSSL_EC_GROUP_free
#define EC_GROUP_set_asn1_flag wolfSSL_EC_GROUP_set_asn1_flag
#define EC_GROUP_new_by_curve_name wolfSSL_EC_GROUP_new_by_curve_name
@ -237,11 +273,16 @@ char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group,
#define EC_GROUP_get_degree wolfSSL_EC_GROUP_get_degree
#define EC_GROUP_get_order wolfSSL_EC_GROUP_get_order
#define EC_GROUP_order_bits wolfSSL_EC_GROUP_order_bits
#define EC_GROUP_method_of wolfSSL_EC_GROUP_method_of
#define EC_METHOD_get_field_type wolfSSL_EC_METHOD_get_field_type
#define EC_POINT_new wolfSSL_EC_POINT_new
#define EC_POINT_free wolfSSL_EC_POINT_free
#define EC_POINT_get_affine_coordinates_GFp \
wolfSSL_EC_POINT_get_affine_coordinates_GFp
#define EC_POINT_set_affine_coordinates_GFp \
wolfSSL_EC_POINT_set_affine_coordinates_GFp
#define EC_POINT_mul wolfSSL_EC_POINT_mul
#define EC_POINT_clear_free wolfSSL_EC_POINT_clear_free
#define EC_POINT_cmp wolfSSL_EC_POINT_cmp
@ -249,6 +290,12 @@ char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group,
#define EC_get_builtin_curves wolfSSL_EC_get_builtin_curves
#define ECPoint_i2d wolfSSL_ECPoint_i2d
#define ECPoint_d2i wolfSSL_ECPoint_d2i
#define EC_POINT_point2oct wolfSSL_EC_POINT_point2oct
#define EC_POINT_oct2point wolfSSL_EC_POINT_oct2point
#define EC_POINT_point2bn wolfSSL_EC_POINT_point2bn
#ifndef HAVE_SELFTEST
#define EC_POINT_point2hex wolfSSL_EC_POINT_point2hex
#endif

1
wolfssl/openssl/ecdsa.h
View File

@ -25,6 +25,7 @@
#define WOLFSSL_ECDSA_H_
#include <wolfssl/openssl/bn.h>
#include <wolfssl/openssl/ec.h>
#ifdef __cplusplus

4
wolfssl/openssl/err.h
View File

@ -26,6 +26,7 @@
/* err.h for openssl */
#define ERR_load_crypto_strings wolfSSL_ERR_load_crypto_strings
#define ERR_load_CRYPTO_strings wolfSSL_ERR_load_crypto_strings
#define ERR_peek_last_error wolfSSL_ERR_peek_last_error
/* fatal error */
@ -34,11 +35,13 @@
#define ERR_R_DISABLED NOT_COMPILED_IN
#define ERR_R_PASSED_INVALID_ARGUMENT BAD_FUNC_ARG
#define RSA_R_UNKNOWN_PADDING_TYPE RSA_PAD_E
#define EC_R_BUFFER_TOO_SMALL BUFFER_E
/* SSL function codes */
#define RSA_F_RSA_OSSL_PRIVATE_ENCRYPT 1
#define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 2
#define SSL_F_SSL_USE_PRIVATEKEY 3
#define EC_F_EC_GFP_SIMPLE_POINT2OCT 4
/* reasons */
#define ERR_R_SYS_LIB 1
@ -46,6 +49,7 @@
#define RSAerr(f,r) ERR_put_error(0,(f),(r),__FILE__,__LINE__)
#define SSLerr(f,r) ERR_put_error(0,(f),(r),__FILE__,__LINE__)
#define ECerr(f,r) ERR_put_error(0,(f),(r),__FILE__,__LINE__)
#endif /* WOLFSSL_OPENSSL_ERR_ */

11
wolfssl/openssl/evp.h
View File

@ -256,13 +256,17 @@ struct WOLFSSL_EVP_CIPHER_CTX {
#elif !defined(NO_DES3)
/* working iv pointer into cipher */
ALIGN16 unsigned char iv[DES_BLOCK_SIZE];
#elif defined(HAVE_IDEA)
/* working iv pointer into cipher */
ALIGN16 unsigned char iv[IDEA_BLOCK_SIZE];
#endif
WOLFSSL_Cipher cipher;
ALIGN16 byte buf[WOLFSSL_EVP_BUF_SIZE];
int bufUsed;
ALIGN16 byte lastBlock[WOLFSSL_EVP_BUF_SIZE];
int lastUsed;
#if defined(HAVE_AESGCM)
#if !defined(NO_AES) || !defined(NO_DES3) || defined(HAVE_IDEA)
#define HAVE_WOLFSSL_EVP_CIPHER_CTX_IV
int ivSz;
ALIGN16 unsigned char authTag[AES_BLOCK_SIZE];
int authTagSz;
@ -408,6 +412,8 @@ WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_set_key_length(WOLFSSL_EVP_CIPHER_CTX* c
int keylen);
WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_set_iv_length(WOLFSSL_EVP_CIPHER_CTX* ctx,
int ivLen);
WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_set_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* iv,
int ivLen);
WOLFSSL_API int wolfSSL_EVP_Cipher(WOLFSSL_EVP_CIPHER_CTX* ctx,
unsigned char* dst, unsigned char* src,
unsigned int len);
@ -706,6 +712,7 @@ typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX;
#define EVP_CIPHER_CTX_clear_flags wolfSSL_EVP_CIPHER_CTX_clear_flags
#define EVP_CIPHER_CTX_set_padding wolfSSL_EVP_CIPHER_CTX_set_padding
#define EVP_CIPHER_CTX_flags wolfSSL_EVP_CIPHER_CTX_flags
#define EVP_CIPHER_CTX_set_iv wolfSSL_EVP_CIPHER_CTX_set_iv
#define EVP_add_digest wolfSSL_EVP_add_digest
#define EVP_add_cipher wolfSSL_EVP_add_cipher
#define EVP_cleanup wolfSSL_EVP_cleanup
@ -740,9 +747,11 @@ typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX;
#define EVP_CTRL_AEAD_GET_TAG 0x10
#define EVP_CTRL_AEAD_SET_TAG 0x11
#define EVP_CTRL_AEAD_SET_IV_FIXED 0x12
#define EVP_CTRL_GCM_IV_GEN 0x13
#define EVP_CTRL_GCM_SET_IVLEN EVP_CTRL_AEAD_SET_IVLEN
#define EVP_CTRL_GCM_GET_TAG EVP_CTRL_AEAD_GET_TAG
#define EVP_CTRL_GCM_SET_TAG EVP_CTRL_AEAD_SET_TAG
#define EVP_CTRL_GCM_SET_IV_FIXED EVP_CTRL_AEAD_SET_IV_FIXED
#ifndef EVP_MAX_MD_SIZE
#define EVP_MAX_MD_SIZE 64 /* sha512 */

5
wolfssl/openssl/opensslv.h
View File

@ -30,10 +30,11 @@
/* For Apache httpd, Use 1.1.0 compatibility */
#define OPENSSL_VERSION_NUMBER 0x10100000L
#elif defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(HAVE_LIGHTY) || \
defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_QT)
defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \
defined(WOLFSSL_OPENSSH) || defined(WOLFSSL_QT)
/* version number can be increased for Lighty after compatibility for ECDH
is added */
#define OPENSSL_VERSION_NUMBER 0x10001000L
#define OPENSSL_VERSION_NUMBER 0x1000100fL
#else
#define OPENSSL_VERSION_NUMBER 0x0090810fL
#endif

56
wolfssl/openssl/rsa.h
View File

@ -26,6 +26,7 @@
#define WOLFSSL_RSA_H_
#include <wolfssl/openssl/bn.h>
#include <wolfssl/wolfcrypt/types.h>
#ifdef __cplusplus
extern "C" {
@ -47,32 +48,25 @@
#define RSA_FLAG_NO_BLINDING (1 << 7)
#define RSA_FLAG_NO_CONSTTIME (1 << 8)
#ifndef WOLFSSL_RSA_TYPE_DEFINED /* guard on redeclaration */
typedef struct WOLFSSL_RSA WOLFSSL_RSA;
#define WOLFSSL_RSA_TYPE_DEFINED
#endif
typedef WOLFSSL_RSA RSA;
typedef struct WOLFSSL_RSA_METHOD {
int flags;
char *name;
} WOLFSSL_RSA_METHOD;
typedef WOLFSSL_RSA_METHOD RSA_METHOD;
struct WOLFSSL_RSA {
#ifndef WOLFSSL_RSA_TYPE_DEFINED /* guard on redeclaration */
#define WOLFSSL_RSA_TYPE_DEFINED
typedef struct WOLFSSL_RSA {
#ifdef WC_RSA_BLINDING
WC_RNG* rng; /* for PrivateDecrypt blinding */
#endif
WOLFSSL_BIGNUM* n;
WOLFSSL_BIGNUM* e;
WOLFSSL_BIGNUM* d;
WOLFSSL_BIGNUM* p;
WOLFSSL_BIGNUM* q;
WOLFSSL_BIGNUM* dmp1; /* dP */
WOLFSSL_BIGNUM* dmq1; /* dQ */
WOLFSSL_BIGNUM* iqmp; /* u */
WOLFSSL_BIGNUM* n;
WOLFSSL_BIGNUM* e;
WOLFSSL_BIGNUM* d;
WOLFSSL_BIGNUM* p;
WOLFSSL_BIGNUM* q;
WOLFSSL_BIGNUM* dmp1; /* dP */
WOLFSSL_BIGNUM* dmq1; /* dQ */
WOLFSSL_BIGNUM* iqmp; /* u */
void* heap;
void* internal; /* our RSA */
char inSet; /* internal set from external ? */
@ -81,7 +75,18 @@ struct WOLFSSL_RSA {
#if defined(OPENSSL_EXTRA)
WOLFSSL_RSA_METHOD* meth;
#endif
};
#if defined(HAVE_EX_DATA)
WOLFSSL_CRYPTO_EX_DATA ex_data; /* external data */
#endif
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
wolfSSL_Mutex refMutex; /* ref count mutex */
int refCount; /* reference count */
#endif
} WOLFSSL_RSA;
#endif
typedef WOLFSSL_RSA RSA;
typedef WOLFSSL_RSA_METHOD RSA_METHOD;
WOLFSSL_API WOLFSSL_RSA* wolfSSL_RSA_new(void);
WOLFSSL_API void wolfSSL_RSA_free(WOLFSSL_RSA*);
@ -118,6 +123,8 @@ WOLFSSL_API void wolfSSL_RSA_meth_free(WOLFSSL_RSA_METHOD *meth);
WOLFSSL_API int wolfSSL_RSA_meth_set(WOLFSSL_RSA_METHOD *rsa, void* p);
WOLFSSL_API int wolfSSL_RSA_set_method(WOLFSSL_RSA *rsa, WOLFSSL_RSA_METHOD *meth);
WOLFSSL_API const WOLFSSL_RSA_METHOD* wolfSSL_RSA_get_method(const WOLFSSL_RSA *rsa);
WOLFSSL_API const WOLFSSL_RSA_METHOD* wolfSSL_RSA_get_default_method(void);
WOLFSSL_API void wolfSSL_RSA_get0_key(const WOLFSSL_RSA *r, const WOLFSSL_BIGNUM **n,
const WOLFSSL_BIGNUM **e, const WOLFSSL_BIGNUM **d);
WOLFSSL_API int wolfSSL_RSA_set0_key(WOLFSSL_RSA *r, WOLFSSL_BIGNUM *n, WOLFSSL_BIGNUM *e,
@ -125,6 +132,12 @@ WOLFSSL_API int wolfSSL_RSA_set0_key(WOLFSSL_RSA *r, WOLFSSL_BIGNUM *n, WOLFSSL_
WOLFSSL_API int wolfSSL_RSA_flags(const WOLFSSL_RSA *r);
WOLFSSL_API void wolfSSL_RSA_set_flags(WOLFSSL_RSA *r, int flags);
WOLFSSL_API WOLFSSL_RSA* wolfSSL_RSAPublicKey_dup(WOLFSSL_RSA *rsa);
WOLFSSL_API void* wolfSSL_RSA_get_ex_data(const WOLFSSL_RSA *rsa, int idx);
WOLFSSL_API int wolfSSL_RSA_set_ex_data(WOLFSSL_RSA *rsa, int idx, void *data);
#define WOLFSSL_RSA_LOAD_PRIVATE 1
#define WOLFSSL_RSA_LOAD_PUBLIC 2
#define WOLFSSL_RSA_F4 0x10001L
@ -154,6 +167,7 @@ WOLFSSL_API void wolfSSL_RSA_set_flags(WOLFSSL_RSA *r, int flags);
#define RSA_meth_set_init wolfSSL_RSA_meth_set
#define RSA_meth_set_finish wolfSSL_RSA_meth_set
#define RSA_meth_set0_app_data wolfSSL_RSA_meth_set
#define RSA_get_default_method wolfSSL_RSA_get_default_method
#define RSA_get_method wolfSSL_RSA_get_method
#define RSA_set_method wolfSSL_RSA_set_method
#define RSA_get0_key wolfSSL_RSA_get0_key
@ -161,6 +175,10 @@ WOLFSSL_API void wolfSSL_RSA_set_flags(WOLFSSL_RSA *r, int flags);
#define RSA_flags wolfSSL_RSA_flags
#define RSA_set_flags wolfSSL_RSA_set_flags
#define RSAPublicKey_dup wolfSSL_RSAPublicKey_dup
#define RSA_get_ex_data wolfSSL_RSA_get_ex_data
#define RSA_set_ex_data wolfSSL_RSA_set_ex_data
#define RSA_get0_key wolfSSL_RSA_get0_key
#define RSA_F4 WOLFSSL_RSA_F4

29
wolfssl/openssl/ssl.h
View File

@ -47,6 +47,9 @@
#include <wolfssl/openssl/objects.h>
#endif
/* need MIN_CODE_E to determine wolfSSL error range */
#include <wolfssl/wolfcrypt/error-crypt.h>
/* all NID_* values are in asn.h */
#include <wolfssl/wolfcrypt/asn.h>
@ -626,6 +629,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define SSL_COMP_add_compression_method wolfSSL_COMP_add_compression_method
#define SSL_get_ex_new_index wolfSSL_get_ex_new_index
#define RSA_get_ex_new_index wolfSSL_get_ex_new_index
#define ASN1_BIT_STRING_new wolfSSL_ASN1_BIT_STRING_new
#define ASN1_BIT_STRING_free wolfSSL_ASN1_BIT_STRING_free
@ -697,6 +701,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define SSL_CTX_set_tmp_rsa_callback wolfSSL_CTX_set_tmp_rsa_callback
#define RSA_print wolfSSL_RSA_print
#define RSA_bits wolfSSL_RSA_size
#define RSA_up_ref wolfSSL_RSA_up_ref
#define PEM_def_callback wolfSSL_PEM_def_callback
@ -747,6 +752,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define SYS_F_IOCTLSOCKET WOLFSSL_SYS_IOCTLSOCKET
#define SYS_F_LISTEN WOLFSSL_SYS_LISTEN
#define ERR_GET_LIB wolfSSL_ERR_GET_LIB
#define ERR_GET_REASON wolfSSL_ERR_GET_REASON
#define ERR_put_error wolfSSL_ERR_put_error
@ -769,8 +775,13 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define ERR_reason_error_string wolfSSL_ERR_reason_error_string
#define ERR_load_BIO_strings wolfSSL_ERR_load_BIO_strings
#define PEMerr(func, reason) wolfSSL_ERR_put_error(ERR_LIB_PEM,\
#ifndef WOLFCRYPT_ONLY
#define PEMerr(func, reason) wolfSSL_ERR_put_error(ERR_LIB_PEM, \
(func), (reason), __FILE__, __LINE__)
#else
#define PEMerr(func, reason) WOLFSSL_ERROR_LINE((reason), \
NULL, __LINE__, __FILE__, NULL)
#endif
#define SSLv23_server_method wolfSSLv23_server_method
#define SSL_CTX_set_options wolfSSL_CTX_set_options
@ -1086,15 +1097,25 @@ enum {
* PEM_read_bio_X509 is called and the return error is lost.
* The error that needs to be detected is: SSL_NO_PEM_HEADER.
*/
#define ERR_GET_LIB(l) (int)((((unsigned long)l) >> 24L) & 0xffL)
#define ERR_GET_FUNC(l) (int)((((unsigned long)l) >> 12L) & 0xfffL)
#define PEM_F_PEM_DEF_CALLBACK 100
#define PEM_R_NO_START_LINE 108
#define PEM_R_PROBLEMS_GETTING_PASSWORD 109
/* Avoid wolfSSL error code range */
#define PEM_R_NO_START_LINE (-MIN_CODE_E + 1)
#define PEM_R_PROBLEMS_GETTING_PASSWORD (-MIN_CODE_E + 2)
#define PEM_R_BAD_PASSWORD_READ (-MIN_CODE_E + 3)
#define PEM_R_BAD_DECRYPT (-MIN_CODE_E + 4)
#define EVP_R_BAD_DECRYPT (-MIN_CODE_E + 100 + 1)
#define EVP_R_BN_DECODE_ERROR (-MIN_CODE_E + 100 + 2)
#define EVP_R_DECODE_ERROR (-MIN_CODE_E + 100 + 3)
#define EVP_R_PRIVATE_KEY_DECODE_ERROR (-MIN_CODE_E + 100 + 4)
#define ERR_LIB_PEM 9
#define ERR_LIB_X509 10
#define ERR_LIB_EVP 11
#define ERR_LIB_ASN1 12
#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \
defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_ALL) || \

33
wolfssl/ssl.h
View File

@ -34,6 +34,7 @@
#include <wolfssl/version.h>
#include <wolfssl/wolfcrypt/logging.h>
#include <wolfssl/wolfcrypt/asn_public.h>
#include <wolfssl/wolfcrypt/types.h>
#ifdef HAVE_WOLF_EVENT
#include <wolfssl/wolfcrypt/wolfevent.h>
@ -151,6 +152,8 @@ typedef struct WOLFSSL_EC_KEY WOLFSSL_EC_KEY;
typedef struct WOLFSSL_EC_POINT WOLFSSL_EC_POINT;
typedef struct WOLFSSL_EC_GROUP WOLFSSL_EC_GROUP;
typedef struct WOLFSSL_EC_BUILTIN_CURVE WOLFSSL_EC_BUILTIN_CURVE;
/* WOLFSSL_EC_METHOD is just an alias of WOLFSSL_EC_GROUP for now */
typedef struct WOLFSSL_EC_GROUP WOLFSSL_EC_METHOD;
#define WOLFSSL_EC_TYPE_DEFINED
#endif
@ -217,10 +220,6 @@ struct WOLFSSL_ASN1_STRING {
#define WOLFSSL_MAX_SNAME 40
#if defined(HAVE_EX_DATA) || defined(FORTRESS)
#define MAX_EX_DATA 5 /* allow for five items of ex_data */
#endif
#define WOLFSSL_ASN1_DYNAMIC 0x1
#define WOLFSSL_ASN1_DYNAMIC_DATA 0x2
@ -479,14 +478,10 @@ struct WOLFSSL_BIO {
byte init:1; /* bio has been initialized */
byte shutdown:1; /* close flag */
#ifdef HAVE_EX_DATA
void* ex_data[MAX_EX_DATA];
WOLFSSL_CRYPTO_EX_DATA ex_data;
#endif
};
typedef struct WOLFSSL_CRYPTO_EX_DATA {
WOLFSSL_STACK* data;
} WOLFSSL_CRYPTO_EX_DATA;
typedef struct WOLFSSL_COMP_METHOD {
int type; /* stunnel dereference */
} WOLFSSL_COMP_METHOD;
@ -515,6 +510,8 @@ struct WOLFSSL_X509_STORE {
#endif
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
WOLFSSL_X509_STORE_CTX_verify_cb verify_cb;
#endif
#ifdef HAVE_EX_DATA
WOLFSSL_CRYPTO_EX_DATA ex_data;
#endif
#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL)
@ -580,7 +577,7 @@ struct WOLFSSL_X509_STORE_CTX {
#endif
char* domain; /* subject CN domain name */
#if defined(HAVE_EX_DATA) || defined(FORTRESS)
void* ex_data[MAX_EX_DATA]; /* external data */
WOLFSSL_CRYPTO_EX_DATA ex_data; /* external data */
#endif
#if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_EXTRA)
int depth; /* used in X509_STORE_CTX_*_depth */
@ -932,9 +929,9 @@ WOLFSSL_API
#endif /* SESSION_INDEX && SESSION_CERTS */
typedef int (*VerifyCallback)(int, WOLFSSL_X509_STORE_CTX*);
#ifdef OPENSSL_EXTRA
typedef void (CallbackInfoState)(const WOLFSSL*, int, int);
#if defined(HAVE_EX_DATA) || defined(FORTRESS)
typedef int (WOLFSSL_CRYPTO_EX_new)(void* p, void* ptr,
WOLFSSL_CRYPTO_EX_DATA* a, int idx, long argValue, void* arg);
typedef int (WOLFSSL_CRYPTO_EX_dup)(WOLFSSL_CRYPTO_EX_DATA* out,
@ -945,8 +942,6 @@ typedef void (WOLFSSL_CRYPTO_EX_free)(void* p, void* ptr,
WOLFSSL_API int wolfSSL_get_ex_new_index(long argValue, void* arg,
WOLFSSL_CRYPTO_EX_new* a, WOLFSSL_CRYPTO_EX_dup* b,
WOLFSSL_CRYPTO_EX_free* c);
WOLFSSL_API int wolfSSL_CRYPTO_set_ex_data(WOLFSSL_CRYPTO_EX_DATA* r, int idx, void* arg);
WOLFSSL_API void* wolfSSL_CRYPTO_get_ex_data(const WOLFSSL_CRYPTO_EX_DATA* r, int idx);
#endif
WOLFSSL_API void wolfSSL_CTX_set_verify(WOLFSSL_CTX*, int,
@ -1047,6 +1042,7 @@ WOLFSSL_API int wolfSSL_CTX_mcast_set_highwater_cb(WOLFSSL_CTX*,
CallbackMcastHighwater);
WOLFSSL_API int wolfSSL_mcast_set_highwater_ctx(WOLFSSL*, void*);
WOLFSSL_API int wolfSSL_ERR_GET_LIB(unsigned long err);
WOLFSSL_API int wolfSSL_ERR_GET_REASON(unsigned long err);
WOLFSSL_API char* wolfSSL_ERR_error_string(unsigned long,char*);
WOLFSSL_API void wolfSSL_ERR_error_string_n(unsigned long e, char* buf,
@ -1163,6 +1159,7 @@ WOLFSSL_API WOLFSSL_SESSION* wolfSSL_get1_session(WOLFSSL* ssl);
WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_new(void);
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
WOLFSSL_API int wolfSSL_RSA_up_ref(WOLFSSL_RSA* rsa);
WOLFSSL_API int wolfSSL_X509_up_ref(WOLFSSL_X509* x509);
WOLFSSL_API int wolfSSL_EVP_PKEY_up_ref(WOLFSSL_EVP_PKEY* pkey);
#endif
@ -1671,8 +1668,6 @@ enum {
ASN1_GENERALIZEDTIME = 4,
SSL_MAX_SSL_SESSION_ID_LENGTH = 32,
EVP_R_BAD_DECRYPT = 2,
SSL_ST_CONNECT = 0x1000,
SSL_ST_ACCEPT = 0x2000,
SSL_ST_MASK = 0x0FFF,
@ -2021,6 +2016,13 @@ WOLFSSL_API WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_set(WOLFSSL_ASN1_TIME *s, time_
WOLFSSL_API int wolfSSL_sk_num(WOLFSSL_STACK* sk);
WOLFSSL_API void* wolfSSL_sk_value(WOLFSSL_STACK* sk, int i);
#if defined(HAVE_EX_DATA) || defined(FORTRESS)
WOLFSSL_API void* wolfSSL_CRYPTO_get_ex_data(const WOLFSSL_CRYPTO_EX_DATA* ex_data,
int idx);
WOLFSSL_API int wolfSSL_CRYPTO_set_ex_data(WOLFSSL_CRYPTO_EX_DATA* ex_data, int idx,
void *data);
#endif
/* stunnel 4.28 needs */
WOLFSSL_API void* wolfSSL_CTX_get_ex_data(const WOLFSSL_CTX*, int);
WOLFSSL_API int wolfSSL_CTX_set_ex_data(WOLFSSL_CTX*, int, void*);
@ -2039,6 +2041,7 @@ WOLFSSL_API long wolfSSL_SESSION_get_timeout(const WOLFSSL_SESSION*);
WOLFSSL_API long wolfSSL_SESSION_get_time(const WOLFSSL_SESSION*);
WOLFSSL_API int wolfSSL_CTX_get_ex_new_index(long, void*, void*, void*, void*);
/* extra ends */

4
wolfssl/wolfcrypt/aes.h
View File

@ -94,6 +94,8 @@
extern "C" {
#endif
#ifndef WOLFSSL_AES_KEY_SIZE_ENUM
#define WOLFSSL_AES_KEY_SIZE_ENUM
/* these are required for FIPS and non-FIPS */
enum {
AES_128_KEY_SIZE = 16, /* for 128 bit */
@ -102,7 +104,7 @@ enum {
AES_IV_SIZE = 16, /* always block size */
};
#endif
/* avoid redefinition of structs */
#if !defined(HAVE_FIPS) || \

7
wolfssl/wolfcrypt/asn.h
View File

@ -220,7 +220,9 @@ enum
NID_domainComponent = 0x19, /* matches ASN_DOMAIN_COMPONENT in asn.h */
NID_emailAddress = 0x30, /* emailAddress */
NID_id_on_dnsSRV = 82, /* 1.3.6.1.5.5.7.8.7 */
NID_ms_upn = 265 /* 1.3.6.1.4.1.311.20.2.3 */
NID_ms_upn = 265, /* 1.3.6.1.4.1.311.20.2.3 */
NID_X9_62_prime_field = 406 /* 1.2.840.10045.1.1 */
};
enum ECC_TYPES
@ -1142,7 +1144,8 @@ WOLFSSL_LOCAL int GetASNTag(const byte* input, word32* idx, byte* tag,
WOLFSSL_LOCAL word32 SetLength(word32 length, byte* output);
WOLFSSL_LOCAL word32 SetSequence(word32 len, byte* output);
WOLFSSL_LOCAL word32 SetOctetString(word32 len, byte* output);
#if (defined(WOLFSSL_QT) || defined(OPENSSL_ALL)) && !defined(NO_DH)
#if (defined(WOLFSSL_QT) || defined(OPENSSL_ALL)) && !defined(NO_DH) \
|| defined(WOLFSSL_OPENSSH)
WOLFSSL_LOCAL int wc_DhParamsToDer(DhKey* key, byte* out, word32* outSz);
WOLFSSL_LOCAL int wc_DhPubKeyToDer(DhKey* key, byte* out, word32* outSz);
WOLFSSL_LOCAL int wc_DhPrivKeyToDer(DhKey* key, byte* out, word32* outSz);

2
wolfssl/wolfcrypt/dh.h
View File

@ -59,7 +59,7 @@ typedef struct DhParams {
/* Diffie-Hellman Key */
struct DhKey {
mp_int p, g, q; /* group parameters */
#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH)
mp_int pub;
mp_int priv;
#endif

5
wolfssl/wolfcrypt/dsa.h
View File

@ -52,6 +52,11 @@ enum {
DSA_PRIVATE = 1
};
enum {
DSA_HALF_SIZE = 20, /* r and s size */
DSA_SIG_SIZE = 40 /* signature size */
};
/* DSA */
typedef struct DsaKey {
mp_int p, q, g, y, x;

2
wolfssl/wolfcrypt/ecc.h
View File

@ -327,7 +327,7 @@ typedef struct alt_fp_int {
#endif
/* A point on an ECC curve, stored in Jacbobian format such that (x,y,z) =>
/* A point on an ECC curve, stored in Jacobian format such that (x,y,z) =>
(x/z^2, y/z^3, 1) when interpreted as affine */
typedef struct {
#ifndef ALT_ECC_SIZE

3
wolfssl/wolfcrypt/logging.h
View File

@ -93,6 +93,7 @@ typedef void (*wolfSSL_Logging_cb)(const int logLevel,
const char *const logMessage);
WOLFSSL_API int wolfSSL_SetLoggingCb(wolfSSL_Logging_cb log_function);
WOLFSSL_API wolfSSL_Logging_cb wolfSSL_GetLoggingCb(void);
/* turn logging on, only if compiled in */
WOLFSSL_API int wolfSSL_Debugging_ON(void);
@ -148,6 +149,7 @@ WOLFSSL_API void wolfSSL_Debugging_OFF(void);
WOLFSSL_API void WOLFSSL_LEAVE(const char* msg, int ret);
#define WOLFSSL_STUB(m) \
WOLFSSL_MSG(WOLFSSL_LOG_CAT(wolfSSL Stub, m, not implemented))
WOLFSSL_API int WOLFSSL_IS_DEBUG_ON(void);
WOLFSSL_API void WOLFSSL_MSG(const char* msg);
WOLFSSL_API void WOLFSSL_BUFFER(const byte* buffer, word32 length);
@ -157,6 +159,7 @@ WOLFSSL_API void wolfSSL_Debugging_OFF(void);
#define WOLFSSL_ENTER(m)
#define WOLFSSL_LEAVE(m, r)
#define WOLFSSL_STUB(m)
#define WOLFSSL_IS_DEBUG_ON() 0
#define WOLFSSL_MSG(m)
#define WOLFSSL_BUFFER(b, l)

5
wolfssl/wolfcrypt/rsa.h
View File

@ -278,9 +278,8 @@ WOLFSSL_API int wc_RsaPublicKeyDecode(const byte* input, word32* inOutIdx,
RsaKey*, word32);
WOLFSSL_API int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz,
const byte* e, word32 eSz, RsaKey* key);
#ifdef WOLFSSL_KEY_GEN
WOLFSSL_API int wc_RsaKeyToDer(RsaKey*, byte* output, word32 inLen);
#endif
WOLFSSL_API int wc_RsaKeyToDer(RsaKey*, byte* output, word32 inLen);
#ifdef WC_RSA_BLINDING
WOLFSSL_API int wc_RsaSetRNG(RsaKey* key, WC_RNG* rng);

3
wolfssl/wolfcrypt/settings.h
View File

@ -2110,6 +2110,9 @@ extern void uITRON4_free(void *p) ;
#define WOLFSSL_BASE64_DECODE
#endif
#if defined(HAVE_EX_DATA) || defined(FORTRESS)
#define MAX_EX_DATA 5 /* allow for five items of ex_data */
#endif
#ifdef __cplusplus
} /* extern "C" */

5
wolfssl/wolfcrypt/tfm.h
View File

@ -258,6 +258,11 @@
#ifndef FP_MAX_BITS
#define FP_MAX_BITS 4096
#endif
#ifdef WOLFSSL_OPENSSH
/* OpenSSH uses some BIG primes so we need to accommodate for that */
#undef FP_MAX_BITS
#define FP_MAX_BITS 16384
#endif
#define FP_MAX_SIZE (FP_MAX_BITS+(8*DIGIT_BIT))
/* will this lib work? */

11
wolfssl/wolfcrypt/types.h
View File

@ -37,6 +37,16 @@
#define WOLFSSL_ABI
/* Tag for all the APIs that are a part of the fixed ABI. */
/*
* This struct is used multiple time by other structs and
* needs to be defined somwhere that all structs can import
* (with minimal depencencies).
*/
#if defined(HAVE_EX_DATA) || defined(FORTRESS)
typedef struct WOLFSSL_CRYPTO_EX_DATA {
void* ex_data[MAX_EX_DATA];
} WOLFSSL_CRYPTO_EX_DATA;
#endif
#if defined(WORDS_BIGENDIAN)
#define BIG_ENDIAN_ORDER
@ -238,6 +248,7 @@
#define USE_WINDOWS_API
#endif
#define XSTR_SIZEOF(x) (sizeof(x) - 1) /* -1 to not count the null char */
/* idea to add global alloc override by Moises Guimaraes */
/* default to libc stuff */

6
wolfssl/wolfio.h
View File

@ -328,11 +328,7 @@
#endif /* HAVE_SOCKADDR */
/* use gethostbyname for c99 */
#ifdef WOLF_C99
#undef HAVE_GETADDRINFO
#endif
#ifdef HAVE_GETADDRINFO
#if defined(HAVE_GETADDRINFO) && !defined(WOLF_C99)
typedef struct addrinfo ADDRINFO;
#endif
#endif /* WOLFSSL_NO_SOCK */