WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Init SoftHSMv2 support 

- wolfSSL_EVP_PKEY_set1_DH: If both private and public present, output private key
- ToTraditionalInline_ex2: Add DH checking
- wc_ecc_get_curve_id: check index is not negative
- Fix i2d_PKCS8_PRIV_KEY_INFO to actually output pkcs8 instead of just der
- wolfSSL_EVP_PKEY2PKCS8: Create duplicate to avoid double free
- wolfSSL_DH_generate_key: Fix case where not enough buffer was allocated for 128 bit case
- pkcs8_encode: Add DSA and DH support
- wolfSSL_d2i_PKCS8_PKEY: Correctly advance buffer
- RSA_LOW_MEM: export all integers in compat layer
- Add softhsm action
- Define
  - OPENSSL_DH_MAX_MODULUS_BITS
  - OPENSSL_DSA_MAX_MODULUS_BITS
  - OPENSSL_RSA_MAX_MODULUS_BITS
- Implement
  - BN_mul_word
  - i2d_ECPKParameters
  - PEM_write_bio_PKCS8_PRIV_KEY_INFO
  - PEM_read_bio_PKCS8_PRIV_KEY_INFO
  - i2d_PKCS8_PRIV_KEY_INFO
  - RSA_padding_add_PKCS1_PSS_mgf1
  - RSA_verify_PKCS1_PSS_mgf1
pull/7797/head
Juliusz Sosinowicz 2024-08-27 15:26:46 +02:00
parent ef063aac2f
commit 901384e704
19 changed files with 569 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

94
.github/workflows/softhsm.yml vendored 100644
View File

@ -0,0 +1,94 @@
name: SoftHSMv2 Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
# Just to keep it the same as the testing target
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 10
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: --enable-all CFLAGS=-DRSA_MIN_SIZE=1024
install: true
check: false
- name: tar build-dir
run: tar -zcf build-dir.tgz build-dir
- name: Upload built lib
uses: actions/upload-artifact@v4
with:
name: wolf-install-softhsm
path: build-dir.tgz
retention-days: 5
softhsm_check:
strategy:
fail-fast: false
matrix:
# List of releases to test
ref: [ 2.6.1 ]
name: ${{ matrix.ref }}
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-latest
# This should be a safe limit for the tests to run.
timeout-minutes: 20
needs: build_wolfssl
steps:
- name: Install dependencies
run: |
# Don't prompt for anything
export DEBIAN_FRONTEND=noninteractive
sudo apt-get update
sudo apt-get install -y libcppunit-dev
- name: Download lib
uses: actions/download-artifact@v4
with:
name: wolf-install-softhsm
- name: untar build-dir
run: tar -xf build-dir.tgz
- name: Checkout OSP
uses: actions/checkout@v4
with:
repository: wolfssl/osp
path: osp
- name: Checkout SoftHSMv2
uses: actions/checkout@v4
with:
repository: opendnssec/SoftHSMv2
path: softhsm
ref: ${{ matrix.ref }}
# Not using wolfSSL/actions-build-autotools-project@v1 because autogen.sh doesn't work
- name: Build softhsm
working-directory: softhsm
run: |
patch -p1 < $GITHUB_WORKSPACE/osp/softhsm/${{ matrix.ref }}.patch
autoreconf -if
./configure --with-crypto-backend=wolfssl WOLFSSL_INSTALL_DIR=$GITHUB_WORKSPACE/build-dir
make -j
- name: Test softhsm
working-directory: softhsm
run: make -j check

234
src/pk.c
View File

@ -2598,6 +2598,7 @@ int SetRsaExternal(WOLFSSL_RSA* rsa)
}
if (key->type == RSA_PRIVATE) {
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
if (ret == 1) {
/* Copy private exponent. */
ret = wolfssl_bn_set_value(&rsa->d, &key->d);
@ -2619,7 +2620,8 @@ int SetRsaExternal(WOLFSSL_RSA* rsa)
WOLFSSL_ERROR_MSG("rsa q error");
}
}
#ifndef RSA_LOW_MEM
#if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || \
!defined(RSA_LOW_MEM)
if (ret == 1) {
/* Copy d mod p-1. */
ret = wolfssl_bn_set_value(&rsa->dmp1, &key->dP);
@ -2641,7 +2643,11 @@ int SetRsaExternal(WOLFSSL_RSA* rsa)
WOLFSSL_ERROR_MSG("rsa u error");
}
}
#endif /* !RSA_LOW_MEM */
#endif
#else
WOLFSSL_ERROR_MSG("rsa private key not compiled in ");
ret = 0;
#endif /* !WOLFSSL_RSA_PUBLIC_ONLY */
}
}
if (ret == 1) {
@ -2696,6 +2702,7 @@ int SetRsaInternal(WOLFSSL_RSA* rsa)
/* Enough numbers for public key */
key->type = RSA_PUBLIC;
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
/* Copy down private exponent if available. */
if ((ret == 1) && (rsa->d != NULL)) {
if (wolfssl_bn_get_value(rsa->d, &key->d) != 1) {
@ -2722,7 +2729,7 @@ int SetRsaInternal(WOLFSSL_RSA* rsa)
ret = WOLFSSL_FATAL_ERROR;
}
#ifndef RSA_LOW_MEM
#if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || !defined(RSA_LOW_MEM)
/* Copy down d mod p-1 if available. */
if ((ret == 1) && (rsa->dmp1 != NULL) &&
(wolfssl_bn_get_value(rsa->dmp1, &key->dP) != 1)) {
@ -2743,7 +2750,8 @@ int SetRsaInternal(WOLFSSL_RSA* rsa)
WOLFSSL_ERROR_MSG("rsa u key error");
ret = WOLFSSL_FATAL_ERROR;
}
#endif /* !RSA_LOW_MEM */
#endif
#endif
if (ret == 1) {
/* All available numbers have been set down. */
@ -3523,12 +3531,15 @@ int wolfSSL_RSA_generate_key_ex(WOLFSSL_RSA* rsa, int bits, WOLFSSL_BIGNUM* e,
* @param [out] em Encoded message.
* @param [in[ mHash Message hash.
* @param [in] hashAlg Hash algorithm.
* @param [in] mgf1Hash MGF algorithm.
* @param [in] saltLen Length of salt to generate.
* @return 1 on success.
* @return 0 on failure.
*/
int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *em,
const unsigned char *mHash, const WOLFSSL_EVP_MD *hashAlg, int saltLen)
int wolfSSL_RSA_padding_add_PKCS1_PSS_mgf1(WOLFSSL_RSA *rsa, unsigned char *em,
const unsigned char *mHash, const WOLFSSL_EVP_MD *hashAlg,
const WOLFSSL_EVP_MD *mgf1Hash, int saltLen)
{
int ret = 1;
enum wc_HashType hashType;
@ -3551,6 +3562,9 @@ int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *em,
ret = 0;
}
if (mgf1Hash == NULL)
mgf1Hash = hashAlg;
if (ret == 1) {
/* Get/create an RNG. */
rng = WOLFSSL_RSA_GetRNG(rsa, (WC_RNG**)&tmpRng, &initTmpRng);
@ -3576,7 +3590,7 @@ int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *em,
}
if (ret == 1) {
/* Get the wolfCrypt MGF algorithm from hash algorithm. */
mgf = wc_hash2mgf(hashType);
mgf = wc_hash2mgf(EvpMd2MacType(mgf1Hash));
if (mgf == WC_MGF1NONE) {
WOLFSSL_ERROR_MSG("wc_hash2mgf error");
ret = 0;
@ -3647,6 +3661,13 @@ int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *em,
return ret;
}
int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *em,
const unsigned char *mHash, const WOLFSSL_EVP_MD *hashAlg, int saltLen)
{
return wolfSSL_RSA_padding_add_PKCS1_PSS_mgf1(rsa, em, mHash, hashAlg, NULL,
saltLen);
}
/* Checks that the hash is valid for the RSA PKCS#1 PSS encoded message.
*
* Refer to wolfSSL_RSA_padding_add_PKCS1_PSS for a diagram.
@ -3654,14 +3675,15 @@ int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *em,
* @param [in] rsa RSA key.
* @param [in[ mHash Message hash.
* @param [in] hashAlg Hash algorithm.
* @param [in] mgf1Hash MGF algorithm.
* @param [in] em Encoded message.
* @param [in] saltLen Length of salt to generate.
* @return 1 on success.
* @return 0 on failure.
*/
int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash,
const WOLFSSL_EVP_MD *hashAlg,
const unsigned char *em, int saltLen)
int wolfSSL_RSA_verify_PKCS1_PSS_mgf1(WOLFSSL_RSA *rsa,
const unsigned char *mHash, const WOLFSSL_EVP_MD *hashAlg,
const WOLFSSL_EVP_MD *mgf1Hash, const unsigned char *em, int saltLen)
{
int ret = 1;
int hashLen = 0;
@ -3679,6 +3701,9 @@ int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash,
ret = 0;
}
if (mgf1Hash == NULL)
mgf1Hash = hashAlg;
/* TODO: use wolfCrypt RSA key to get emLen and bits? */
/* Set the external data from the wolfCrypt RSA key if not done. */
if ((ret == 1) && (!rsa->exSet)) {
@ -3741,7 +3766,7 @@ int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash,
if (ret == 1) {
/* Get the wolfCrypt MGF algorithm from hash algorithm. */
if ((mgf = wc_hash2mgf(hashType)) == WC_MGF1NONE) {
if ((mgf = wc_hash2mgf(EvpMd2MacType(mgf1Hash))) == WC_MGF1NONE) {
WOLFSSL_ERROR_MSG("wc_hash2mgf error");
ret = 0;
}
@ -3784,6 +3809,14 @@ int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash,
XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return ret;
}
int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash,
const WOLFSSL_EVP_MD *hashAlg,
const unsigned char *em, int saltLen)
{
return wolfSSL_RSA_verify_PKCS1_PSS_mgf1(rsa, mHash, hashAlg, NULL, em,
saltLen);
}
#endif /* !HAVE_FIPS || FIPS_VERSION_GT(2,0) */
#endif /* WC_RSA_PSS && (OPENSSL_ALL || WOLFSSL_ASIO || WOLFSSL_HAPROXY ||
* WOLFSSL_NGINX) */
@ -5434,11 +5467,11 @@ WOLFSSL_DSA_SIG* wolfSSL_d2i_DSA_SIG(WOLFSSL_DSA_SIG **sig,
return ret;
}
#endif /* HAVE_SELFTEST */
/* return 1 on success, < 0 otherwise */
int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet,
WOLFSSL_DSA* dsa)
#endif /* !HAVE_SELFTEST */
static int dsa_do_sign(const unsigned char* d, int dLen, unsigned char* sigRet,
WOLFSSL_DSA* dsa)
{
int ret = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR);
int initTmpRng = 0;
@ -5449,8 +5482,6 @@ int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet,
WC_RNG tmpRng[1];
#endif
WOLFSSL_ENTER("wolfSSL_DSA_do_sign");
if (d == NULL || sigRet == NULL || dsa == NULL) {
WOLFSSL_MSG("Bad function arguments");
return WOLFSSL_FATAL_ERROR;
@ -5486,10 +5517,18 @@ int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet,
}
if (rng) {
if (wc_DsaSign(d, sigRet, (DsaKey*)dsa->internal, rng) < 0) {
WOLFSSL_MSG("DsaSign failed");
#ifdef HAVE_SELFTEST
if (dLen != WC_SHA_DIGEST_SIZE ||
wc_DsaSign(d, sigRet, (DsaKey*)dsa->internal, rng) < 0) {
WOLFSSL_MSG("wc_DsaSign failed or dLen wrong length");
ret = WOLFSSL_FATAL_ERROR;
}
#else
if (wc_DsaSign_ex(d, dLen, sigRet, (DsaKey*)dsa->internal, rng) < 0) {
WOLFSSL_MSG("wc_DsaSign_ex failed");
ret = WOLFSSL_FATAL_ERROR;
}
#endif
else
ret = WOLFSSL_SUCCESS;
}
@ -5503,6 +5542,15 @@ int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet,
return ret;
}
/* return 1 on success, < 0 otherwise */
int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet,
WOLFSSL_DSA* dsa)
{
WOLFSSL_ENTER("wolfSSL_DSA_do_sign");
return dsa_do_sign(d, WC_SHA_DIGEST_SIZE, sigRet, dsa);
}
#ifndef HAVE_SELFTEST
WOLFSSL_DSA_SIG* wolfSSL_DSA_do_sign_ex(const unsigned char* digest,
int inLen, WOLFSSL_DSA* dsa)
@ -5513,12 +5561,12 @@ WOLFSSL_DSA_SIG* wolfSSL_DSA_do_sign_ex(const unsigned char* digest,
WOLFSSL_ENTER("wolfSSL_DSA_do_sign_ex");
if (!digest || !dsa || inLen != WC_SHA_DIGEST_SIZE) {
if (!digest || !dsa) {
WOLFSSL_MSG("Bad function arguments");
return NULL;
}
if (wolfSSL_DSA_do_sign(digest, sigBin, dsa) != 1) {
if (dsa_do_sign(digest, inLen, sigBin, dsa) != 1) {
WOLFSSL_MSG("wolfSSL_DSA_do_sign error");
return NULL;
}
@ -5537,15 +5585,13 @@ WOLFSSL_DSA_SIG* wolfSSL_DSA_do_sign_ex(const unsigned char* digest,
/* 2 * sigLen for the two points r and s */
return wolfSSL_d2i_DSA_SIG(NULL, &tmp, 2 * sigLen);
}
#endif /* !HAVE_SELFTEST */
#endif
int wolfSSL_DSA_do_verify(const unsigned char* d, unsigned char* sig,
static int dsa_do_verify(const unsigned char* d, int dLen, unsigned char* sig,
WOLFSSL_DSA* dsa, int *dsacheck)
{
int ret;
WOLFSSL_ENTER("wolfSSL_DSA_do_verify");
if (d == NULL || sig == NULL || dsa == NULL) {
WOLFSSL_MSG("Bad function arguments");
return WOLFSSL_FATAL_ERROR;
@ -5560,13 +5606,30 @@ int wolfSSL_DSA_do_verify(const unsigned char* d, unsigned char* sig,
}
}
ret = DsaVerify(d, sig, (DsaKey*)dsa->internal, dsacheck);
if (ret != 0 || *dsacheck != 1) {
#ifdef HAVE_SELFTEST
ret = dLen == WC_SHA_DIGEST_SIZE ?
wc_DsaVerify(d, sig, (DsaKey*)dsa->internal, dsacheck) : BAD_FUNC_ARG;
#else
ret = wc_DsaVerify_ex(d, dLen, sig, (DsaKey*)dsa->internal, dsacheck);
#endif
if (ret != 0) {
WOLFSSL_MSG("DsaVerify failed");
return ret;
return WOLFSSL_FATAL_ERROR;
}
if (*dsacheck != 1) {
WOLFSSL_MSG("DsaVerify sig failed");
return WOLFSSL_FAILURE;
}
return 1;
return WOLFSSL_SUCCESS;
}
int wolfSSL_DSA_do_verify(const unsigned char* d, unsigned char* sig,
WOLFSSL_DSA* dsa, int *dsacheck)
{
WOLFSSL_ENTER("wolfSSL_DSA_do_verify");
return dsa_do_verify(d, WC_SHA_DIGEST_SIZE, sig, dsa, dsacheck);
}
@ -5591,7 +5654,7 @@ int wolfSSL_DSA_do_verify_ex(const unsigned char* digest, int digest_len,
WOLFSSL_ENTER("wolfSSL_DSA_do_verify_ex");
if (!digest || !sig || !dsa || digest_len != WC_SHA_DIGEST_SIZE) {
if (!digest || !sig || !dsa) {
WOLFSSL_MSG("Bad function arguments");
return 0;
}
@ -5643,14 +5706,14 @@ int wolfSSL_DSA_do_verify_ex(const unsigned char* digest, int digest_len,
if (wolfSSL_BN_bn2bin(sig->s, sigBinPtr) == -1)
return 0;
if ((wolfSSL_DSA_do_verify(digest, sigBin, dsa, &dsacheck)
if ((dsa_do_verify(digest, digest_len, sigBin, dsa, &dsacheck)
!= 1) || dsacheck != 1) {
return 0;
}
return 1;
}
#endif /* !HAVE_SELFTEST */
#endif
int wolfSSL_i2d_DSAparams(const WOLFSSL_DSA* dsa,
unsigned char** out)
@ -8606,6 +8669,10 @@ int wolfSSL_DH_generate_key(WOLFSSL_DH* dh)
/* Private key size can be as much as the size of the prime. */
if (dh->length) {
privSz = (word32)(dh->length / 8); /* to bytes */
/* Special case where priv key is larger than dh->length / 8
* See GeneratePrivateDh */
if (dh->length == 128)
privSz = 21;
}
else {
privSz = pubSz;
@ -9373,6 +9440,47 @@ WOLFSSL_EC_GROUP *wolfSSL_d2i_ECPKParameters(WOLFSSL_EC_GROUP **out,
{
return wolfssl_ec_group_d2i(out, in, len);
}
int wolfSSL_i2d_ECPKParameters(const WOLFSSL_EC_GROUP* grp, unsigned char** pp)
{
unsigned char* out = NULL;
int len = 0;
int idx;
const byte* oid = NULL;
word32 oidSz = 0;
if (grp == NULL || !wc_ecc_is_valid_idx(grp->curve_idx) ||
grp->curve_idx < 0)
return WOLFSSL_FATAL_ERROR;
/* Get the actual DER encoding of the OID. ecc_sets[grp->curve_idx].oid
* is just the numerical representation. */
if (wc_ecc_get_oid(grp->curve_oid, &oid, &oidSz) < 0)
return WOLFSSL_FATAL_ERROR;
len = SetObjectId(oidSz, NULL) + oidSz;
if (pp == NULL)
return len;
if (*pp == NULL) {
out = (unsigned char*)XMALLOC(len, NULL, DYNAMIC_TYPE_ASN1);
if (out == NULL)
return WOLFSSL_FATAL_ERROR;
}
else {
out = *pp;
}
idx = SetObjectId(oidSz, out);
XMEMCPY(out + idx, oid, oidSz);
if (*pp == NULL)
*pp = out;
else
*pp += len;
return len;
}
#endif /* !NO_BIO */
#if defined(OPENSSL_ALL) && !defined(NO_CERTS)
@ -9663,6 +9771,12 @@ int wolfSSL_EC_GROUP_get_order(const WOLFSSL_EC_GROUP *group,
ret = 0;
}
if (ret == 1 &&
(group->curve_idx < 0 || !wc_ecc_is_valid_idx(group->curve_idx))) {
WOLFSSL_MSG("wolfSSL_EC_GROUP_get_order Bad group idx");
ret = 0;
}
if (ret == 1) {
mp = (mp_int*)order->internal;
}
@ -15645,6 +15759,13 @@ WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio,
return pkey;
}
PKCS8_PRIV_KEY_INFO* wolfSSL_PEM_read_bio_PKCS8_PRIV_KEY_INFO(WOLFSSL_BIO* bio,
PKCS8_PRIV_KEY_INFO** key, wc_pem_password_cb* cb, void* arg)
{
return wolfSSL_PEM_read_bio_PrivateKey(bio, key, cb, arg);
}
#endif /* !NO_BIO */
#if !defined(NO_FILESYSTEM)
@ -16278,8 +16399,6 @@ int wolfSSL_PEM_do_header(EncryptedInfo* cipher, unsigned char* data, long* len,
#ifdef OPENSSL_ALL
#if !defined(NO_PWDBASED) && defined(HAVE_PKCS8)
#if !defined(NO_BIO) || (!defined(NO_FILESYSTEM) && \
!defined(NO_STDIO_FILESYSTEM))
/* Encrypt the key into a buffer using PKCS$8 and a password.
*
* @param [in] pkey Private key to encrypt.
@ -16292,7 +16411,7 @@ int wolfSSL_PEM_do_header(EncryptedInfo* cipher, unsigned char* data, long* len,
* @return 0 on success.
* @return BAD_FUNC_ARG when EVP cipher not supported.
*/
static int pem_pkcs8_encrypt(WOLFSSL_EVP_PKEY* pkey,
int pkcs8_encrypt(WOLFSSL_EVP_PKEY* pkey,
const WOLFSSL_EVP_CIPHER* enc, char* passwd, int passwdSz, byte* key,
word32* keySz)
{
@ -16356,7 +16475,7 @@ static int pem_pkcs8_encrypt(WOLFSSL_EVP_PKEY* pkey,
* @param On out, size of encoded key in bytes.
* @return 0 on success.
*/
static int pem_pkcs8_encode(WOLFSSL_EVP_PKEY* pkey, byte* key, word32* keySz)
int pkcs8_encode(WOLFSSL_EVP_PKEY* pkey, byte* key, word32* keySz)
{
int ret = 0;
int algId;
@ -16379,6 +16498,34 @@ static int pem_pkcs8_encode(WOLFSSL_EVP_PKEY* pkey, byte* key, word32* keySz)
curveOid = NULL;
oidSz = 0;
}
else if (pkey->type == EVP_PKEY_DSA) {
/* DSA has no curve information. */
algId = DSAk;
curveOid = NULL;
oidSz = 0;
}
else if (pkey->type == EVP_PKEY_DH) {
if (pkey->dh == NULL)
return BAD_FUNC_ARG;
if (pkey->dh->priv_key != NULL || pkey->dh->pub_key != NULL) {
/* Special case. DH buffer is always in PKCS8 format */
if (keySz == NULL)
return BAD_FUNC_ARG;
*keySz = pkey->pkey_sz;
if (key == NULL)
return LENGTH_ONLY_E;
XMEMCPY(key, pkey->pkey.ptr, pkey->pkey_sz);
return pkey->pkey_sz;
}
/* DH has no curve information. */
algId = DHk;
curveOid = NULL;
oidSz = 0;
}
else {
ret = NOT_COMPILED_IN;
}
@ -16392,6 +16539,8 @@ static int pem_pkcs8_encode(WOLFSSL_EVP_PKEY* pkey, byte* key, word32* keySz)
return ret;
}
#if !defined(NO_BIO) || (!defined(NO_FILESYSTEM) && \
!defined(NO_STDIO_FILESYSTEM))
/* Write PEM encoded, PKCS#8 formatted private key to BIO.
*
* @param [out] pem Buffer holding PEM encoding.
@ -16424,7 +16573,7 @@ static int pem_write_mem_pkcs8privatekey(byte** pem, int* pemSz,
if (res == 1) {
/* Guestimate key size and PEM size. */
if (pem_pkcs8_encode(pkey, NULL, &keySz) != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
if (pkcs8_encode(pkey, NULL, &keySz) != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) {
res = 0;
}
}
@ -16472,7 +16621,7 @@ static int pem_write_mem_pkcs8privatekey(byte** pem, int* pemSz,
if (res == 1) {
/* Encrypt the private key. */
ret = pem_pkcs8_encrypt(pkey, enc, passwd, passwdSz, key, &keySz);
ret = pkcs8_encrypt(pkey, enc, passwd, passwdSz, key, &keySz);
if (ret <= 0) {
res = 0;
}
@ -16488,7 +16637,7 @@ static int pem_write_mem_pkcs8privatekey(byte** pem, int* pemSz,
type = PKCS8_PRIVATEKEY_TYPE;
/* Encode private key in PKCS#8 format. */
ret = pem_pkcs8_encode(pkey, key, &keySz);
ret = pkcs8_encode(pkey, key, &keySz);
if (ret < 0) {
res = 0;
}
@ -16554,6 +16703,13 @@ int wolfSSL_PEM_write_bio_PKCS8PrivateKey(WOLFSSL_BIO* bio,
XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER);
return res;
}
int wolfSSL_PEM_write_bio_PKCS8_PRIV_KEY_INFO(WOLFSSL_BIO* bio,
PKCS8_PRIV_KEY_INFO* keyInfo)
{
return wolfSSL_PEM_write_bio_PKCS8PrivateKey(bio, keyInfo, NULL, NULL, 0,
NULL, NULL);
}
#endif /* !NO_BIO */
#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)

87
src/ssl.c
View File

@ -7241,29 +7241,51 @@ WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY(
WOLFSSL_PKCS8_PRIV_KEY_INFO* pkcs8 = NULL;
#ifdef WOLFSSL_PEM_TO_DER
int ret;
DerBuffer* der = NULL;
DerBuffer* pkcs8Der = NULL;
DerBuffer rawDer;
EncryptedInfo info;
int advanceLen = 0;
XMEMSET(&info, 0, sizeof(info));
XMEMSET(&rawDer, 0, sizeof(rawDer));
if (keyBuf == NULL || *keyBuf == NULL || keyLen <= 0) {
WOLFSSL_MSG("Bad key PEM/DER args");
return NULL;
}
ret = PemToDer(*keyBuf, keyLen, PRIVATEKEY_TYPE, &der, NULL, NULL, NULL);
ret = PemToDer(*keyBuf, keyLen, PRIVATEKEY_TYPE, &pkcs8Der, NULL, &info,
NULL);
if (ret < 0) {
WOLFSSL_MSG("Not PEM format");
ret = AllocDer(&der, (word32)keyLen, PRIVATEKEY_TYPE, NULL);
ret = AllocDer(&pkcs8Der, (word32)keyLen, PRIVATEKEY_TYPE, NULL);
if (ret == 0) {
XMEMCPY(der->buffer, *keyBuf, keyLen);
XMEMCPY(pkcs8Der->buffer, *keyBuf, keyLen);
}
}
else {
advanceLen = (int)info.consumed;
}
if (ret == 0) {
/* Verify this is PKCS8 Key */
word32 inOutIdx = 0;
word32 algId;
ret = ToTraditionalInline_ex(der->buffer, &inOutIdx, der->length,
&algId);
ret = ToTraditionalInline_ex(pkcs8Der->buffer, &inOutIdx,
pkcs8Der->length, &algId);
if (ret >= 0) {
if (advanceLen == 0) /* Set only if not PEM */
advanceLen = inOutIdx + ret;
if (algId == DHk) {
/* Special case for DH as we expect the DER buffer to be always
* be in PKCS8 format */
rawDer.buffer = pkcs8Der->buffer;
rawDer.length = inOutIdx + ret;
}
else {
rawDer.buffer = pkcs8Der->buffer + inOutIdx;
rawDer.length = ret;
}
ret = 0; /* good DER */
}
}
@ -7274,21 +7296,24 @@ WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY(
ret = MEMORY_E;
}
if (ret == 0) {
pkcs8->pkey.ptr = (char*)XMALLOC(der->length, NULL,
pkcs8->pkey.ptr = (char*)XMALLOC(rawDer.length, NULL,
DYNAMIC_TYPE_PUBLIC_KEY);
if (pkcs8->pkey.ptr == NULL)
ret = MEMORY_E;
}
if (ret == 0) {
XMEMCPY(pkcs8->pkey.ptr, der->buffer, der->length);
pkcs8->pkey_sz = (int)der->length;
XMEMCPY(pkcs8->pkey.ptr, rawDer.buffer, rawDer.length);
pkcs8->pkey_sz = (int)rawDer.length;
}
FreeDer(&der);
FreeDer(&pkcs8Der);
if (ret != 0) {
wolfSSL_EVP_PKEY_free(pkcs8);
pkcs8 = NULL;
}
else {
*keyBuf += advanceLen;
}
if (pkey != NULL) {
*pkey = pkcs8;
}
@ -7301,6 +7326,48 @@ WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY(
return pkcs8;
}
#ifdef OPENSSL_ALL
int wolfSSL_i2d_PKCS8_PKEY(WOLFSSL_PKCS8_PRIV_KEY_INFO* key, unsigned char** pp)
{
word32 keySz = 0;
unsigned char* out;
int len;
WOLFSSL_ENTER("wolfSSL_i2d_PKCS8_PKEY");
if (key == NULL)
return WOLFSSL_FATAL_ERROR;
if (pkcs8_encode(key, NULL, &keySz) != WC_NO_ERR_TRACE(LENGTH_ONLY_E))
return WOLFSSL_FATAL_ERROR;
len = (int)keySz;
if (pp == NULL)
return len;
if (*pp == NULL) {
out = (unsigned char*)XMALLOC(len, NULL, DYNAMIC_TYPE_ASN1);
if (out == NULL)
return WOLFSSL_FATAL_ERROR;
}
else {
out = *pp;
}
if (pkcs8_encode(key, out, &keySz) != len) {
if (*pp == NULL)
XFREE(out, NULL, DYNAMIC_TYPE_ASN1);
return WOLFSSL_FATAL_ERROR;
}
if (*pp == NULL)
*pp = out;
else
*pp += len;
return len;
}
#endif
#ifndef NO_BIO
/* put SSL type in extra for now, not very common */

81
src/ssl_bn.c
View File

@ -1312,7 +1312,7 @@ static int wolfssl_bn_add_word_int(WOLFSSL_BIGNUM *bn, WOLFSSL_BN_ULONG w,
#endif
/* Validate parameters. */
if (BN_IS_NULL(bn)) {
if (ret == 1 && BN_IS_NULL(bn)) {
WOLFSSL_MSG("bn NULL error");
ret = 0;
}
@ -1419,6 +1419,85 @@ int wolfSSL_BN_sub_word(WOLFSSL_BIGNUM* bn, WOLFSSL_BN_ULONG w)
return ret;
}
int wolfSSL_BN_mul_word(WOLFSSL_BIGNUM *bn, WOLFSSL_BN_ULONG w)
{
int ret = 1;
#if DIGIT_BIT < (SIZEOF_LONG * CHAR_BIT)
#ifdef WOLFSSL_SMALL_STACK
mp_int* w_mp = NULL;
#else
mp_int w_mp[1];
#endif /* WOLFSSL_SMALL_STACK */
#endif
WOLFSSL_ENTER("wolfSSL_BN_mul_word");
#if DIGIT_BIT < (SIZEOF_LONG * CHAR_BIT)
#ifdef WOLFSSL_SMALL_STACK
/* Allocate temporary MP integer. */
w_mp = (mp_int*)XMALLOC(sizeof(*w_mp), NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (w_mp == NULL) {
ret = 0;
}
else
#endif /* WOLFSSL_SMALL_STACK */
{
/* Clear out MP integer so it can be freed. */
XMEMSET(w_mp, 0, sizeof(*w_mp));
}
#endif
/* Validate parameters. */
if (ret == 1 && BN_IS_NULL(bn)) {
WOLFSSL_MSG("bn NULL error");
ret = 0;
}
if (ret == 1) {
int rc = 0;
#if DIGIT_BIT < (SIZEOF_LONG * CHAR_BIT)
if (w > (WOLFSSL_BN_ULONG)MP_MASK) {
/* Initialize temporary MP integer. */
if (mp_init(w_mp) != MP_OKAY) {
ret = 0;
}
/* Set value into temporary MP integer. */
if ((ret == 1) && (mp_set_int(w_mp, w) != MP_OKAY)) {
ret = 0;
}
if (ret == 1) {
rc = mp_mul((mp_int*)bn->internal, w_mp,
(mp_int*)bn->internal);
if (rc != MP_OKAY) {
WOLFSSL_MSG("mp_mul error");
ret = 0;
}
}
}
else
#endif
{
rc = mp_mul_d((mp_int*)bn->internal, (mp_digit)w,
(mp_int*)bn->internal);
if (rc != MP_OKAY) {
WOLFSSL_MSG("mp_mul_d error");
ret = 0;
}
}
}
#if DIGIT_BIT < (SIZEOF_LONG * CHAR_BIT)
mp_free(w_mp);
#ifdef WOLFSSL_SMALL_STACK
XFREE(w_mp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif /* WOLFSSL_SMALL_STACK */
#endif
WOLFSSL_LEAVE("wolfSSL_BN_mul_word", ret);
return ret;
}
#if defined(WOLFSSL_KEY_GEN) && (!defined(NO_RSA) || !defined(NO_DH) || \
!defined(NO_DSA))
/* Calculate bn modulo word w. bn % w

52
tests/api.c
View File

@ -57416,13 +57416,22 @@ static int test_wolfSSL_PEM_PrivateKey_dsa(void)
ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
#if defined(OPENSSL_ALL) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8)
#ifdef WOLFSSL_ASN_TEMPLATE
ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL,
NULL), 0);
NULL), 1216);
#else
ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL,
NULL), 1212);
#endif
#endif
#ifdef WOLFSSL_KEY_GEN
ExpectIntEQ(PEM_write_bio_PUBKEY(bio, pkey), 1);
ExpectIntEQ(BIO_pending(bio), 1178);
#ifdef WOLFSSL_ASN_TEMPLATE
ExpectIntEQ(BIO_pending(bio), 2394);
#else
ExpectIntEQ(BIO_pending(bio), 2390);
#endif
BIO_reset(bio);
#endif
@ -57451,6 +57460,7 @@ static int test_wolfSSL_PEM_PrivateKey_dh(void)
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
BIO* bio = NULL;
EVP_PKEY* pkey = NULL;
int expectedBytes = 0;
ExpectNotNull(bio = BIO_new_file("./certs/dh-priv-2048.pem", "rb"));
/* Private DH EVP_PKEY */
@ -57462,8 +57472,9 @@ static int test_wolfSSL_PEM_PrivateKey_dh(void)
ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()));
#if defined(OPENSSL_ALL) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8)
expectedBytes += 806;
ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL,
NULL), 0);
NULL), expectedBytes);
#endif
#ifdef WOLFSSL_KEY_GEN
ExpectIntEQ(PEM_write_bio_PUBKEY(bio, pkey), 0);
@ -57471,7 +57482,8 @@ static int test_wolfSSL_PEM_PrivateKey_dh(void)
ExpectIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL),
1);
ExpectIntEQ(BIO_pending(bio), 806);
expectedBytes += 806;
ExpectIntEQ(BIO_pending(bio), expectedBytes);
BIO_free(bio);
bio = NULL;
@ -65194,6 +65206,7 @@ static int test_wolfSSL_PKCS8_Compat(void)
#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && defined(HAVE_ECC) && \
!defined(NO_BIO)
PKCS8_PRIV_KEY_INFO* pt = NULL;
PKCS8_PRIV_KEY_INFO* pt2 = NULL;
BIO* bio = NULL;
XFILE f = XBADFILE;
int bytes = 0;
@ -65216,13 +65229,14 @@ static int test_wolfSSL_PKCS8_Compat(void)
ExpectIntEQ(EVP_PKEY_type(pkey->type), EVP_PKEY_EC);
/* gets PKCS8 pointer to pkey */
ExpectNotNull(EVP_PKEY2PKCS8(pkey));
ExpectNotNull(pt2 = EVP_PKEY2PKCS8(pkey));
EVP_PKEY_free(pkey);
#endif
BIO_free(bio);
PKCS8_PRIV_KEY_INFO_free(pt);
PKCS8_PRIV_KEY_INFO_free(pt2);
#endif
return EXPECT_RESULT();
}
@ -83723,10 +83737,11 @@ static int test_wolfSSL_RSA_GenAdd(void)
ExpectNotNull(d2i_RSAPrivateKey(&rsa, &der, privDerSz));
ExpectIntEQ(wolfSSL_RSA_GenAdd(NULL), -1);
#ifndef RSA_LOW_MEM
#if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || \
!defined(RSA_LOW_MEM)
ExpectIntEQ(wolfSSL_RSA_GenAdd(rsa), 1);
#else
/* dmp1 and dmq1 are not set (allocated) when RSA_LOW_MEM. */
/* dmp1 and dmq1 are not set (allocated) in this config */
ExpectIntEQ(wolfSSL_RSA_GenAdd(rsa), -1);
#endif
@ -85319,6 +85334,28 @@ static int test_wolfSSL_PEM_read_bio_ECPKParameters(void)
return EXPECT_RESULT();
}
static int test_wolfSSL_i2d_ECPKParameters(void)
{
EXPECT_DECLS;
#if defined(OPENSSL_EXTRA)
EC_GROUP* grp = NULL;
unsigned char p256_oid[] = {
0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
};
unsigned char *der = p256_oid;
unsigned char out_der[sizeof(p256_oid)];
XMEMSET(out_der, 0, sizeof(out_der));
ExpectNotNull(d2i_ECPKParameters(&grp, (const unsigned char **)&der,
sizeof(p256_oid)));
der = out_der;
ExpectIntEQ(i2d_ECPKParameters(grp, &der), sizeof(p256_oid));
ExpectBufEQ(p256_oid, out_der, sizeof(p256_oid));
EC_GROUP_free(grp);
#endif
return EXPECT_RESULT();
}
static int test_wolfSSL_EC_POINT(void)
{
EXPECT_DECLS;
@ -97848,6 +97885,7 @@ TEST_CASE testCases[] = {
#if defined(HAVE_ECC) && !defined(OPENSSL_NO_PK)
TEST_DECL(test_wolfSSL_EC_GROUP),
TEST_DECL(test_wolfSSL_i2d_ECPKParameters),
TEST_DECL(test_wolfSSL_PEM_read_bio_ECPKParameters),
TEST_DECL(test_wolfSSL_EC_POINT),
TEST_DECL(test_wolfSSL_SPAKE),

9
wolfcrypt/src/asn.c
View File

@ -7174,6 +7174,15 @@ int ToTraditionalInline_ex2(const byte* input, word32* inOutIdx, word32 sz,
ret = ASN_PARSE_E;
}
break;
#endif
#ifndef NO_DH
case DHk:
/* Neither NULL item nor OBJECT_ID item allowed. */
if ((dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_NULL].tag != 0) ||
(dataASN[PKCS8KEYASN_IDX_PKEY_ALGO_OID_CURVE].tag != 0)) {
ret = ASN_PARSE_E;
}
break;
#endif
/* DSAk not supported. */
/* Falcon, Dilithium and Sphincs not supported. */

2
wolfcrypt/src/ecc.c
View File

@ -4262,7 +4262,7 @@ int wc_ecc_get_curve_idx(int curve_id)
int wc_ecc_get_curve_id(int curve_idx)
{
if (wc_ecc_is_valid_idx(curve_idx)) {
if (wc_ecc_is_valid_idx(curve_idx) && curve_idx >= 0) {
return ecc_sets[curve_idx].id;
}
return ECC_CURVE_INVALID;

11
wolfcrypt/src/evp.c
View File

@ -9051,7 +9051,7 @@ int wolfSSL_EVP_PKEY_set1_DH(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_DH *key)
/* Get size of DER buffer only */
if (havePublic && !havePrivate) {
ret = wc_DhPubKeyToDer(dhkey, NULL, &derSz);
} else if (havePrivate && !havePublic) {
} else if (havePrivate) {
ret = wc_DhPrivKeyToDer(dhkey, NULL, &derSz);
} else {
ret = wc_DhParamsToDer(dhkey,NULL,&derSz);
@ -9071,7 +9071,7 @@ int wolfSSL_EVP_PKEY_set1_DH(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_DH *key)
/* Fill DER buffer */
if (havePublic && !havePrivate) {
ret = wc_DhPubKeyToDer(dhkey, derBuf, &derSz);
} else if (havePrivate && !havePublic) {
} else if (havePrivate) {
ret = wc_DhPrivKeyToDer(dhkey, derBuf, &derSz);
} else {
ret = wc_DhParamsToDer(dhkey,derBuf,&derSz);
@ -9770,7 +9770,12 @@ WOLFSSL_EVP_PKEY* wolfSSL_EVP_PKCS82PKEY(const WOLFSSL_PKCS8_PRIV_KEY_INFO* p8)
/* this function just casts and returns pointer */
WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_EVP_PKEY2PKCS8(const WOLFSSL_EVP_PKEY* pkey)
{
return (WOLFSSL_PKCS8_PRIV_KEY_INFO*)pkey;
if (pkey == NULL || pkey->pkey.ptr == NULL) {
return NULL;
}
return wolfSSL_d2i_PrivateKey_EVP(NULL, (unsigned char**)&pkey->pkey.ptr,
pkey->pkey_sz);
}
#endif

15
wolfcrypt/src/sp_int.c
View File

@ -5128,6 +5128,12 @@ static void _sp_mont_setup(const sp_int* m, sp_int_digit* rho);
#define WOLFSSL_SP_PRIME_GEN
#endif
#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
(defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)) || defined(OPENSSL_EXTRA)
/* Determine when mp_mul_d is required */
#define WOLFSSL_SP_MUL_D
#endif
/* Set the multi-precision number to zero.
*
* Assumes a is not NULL.
@ -6553,7 +6559,8 @@ int sp_sub_d(const sp_int* a, sp_int_digit d, sp_int* r)
!defined(NO_DH) || defined(HAVE_ECC) || \
(!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \
!defined(WOLFSSL_RSA_PUBLIC_ONLY))) || \
(defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA))
(defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)) || \
defined(WOLFSSL_SP_MUL_D)
/* Multiply a by digit n and put result into r shifting up o digits.
* r = (a * n) << (o * SP_WORD_SIZE)
*
@ -6636,8 +6643,7 @@ static int _sp_mul_d(const sp_int* a, sp_int_digit d, sp_int* r, unsigned int o)
#endif /* (WOLFSSL_SP_MATH_ALL && !WOLFSSL_RSA_VERIFY_ONLY) ||
* WOLFSSL_SP_SMALL || (WOLFSSL_KEY_GEN && !NO_RSA) */
#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
(defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA))
#ifdef WOLFSSL_SP_MUL_D
/* Multiply a by digit n and put result into r. r = a * n
*
* @param [in] a SP integer to multiply.
@ -6675,8 +6681,7 @@ int sp_mul_d(const sp_int* a, sp_int_digit d, sp_int* r)
return err;
}
#endif /* (WOLFSSL_SP_MATH_ALL && !WOLFSSL_RSA_VERIFY_ONLY) ||
* (WOLFSSL_KEY_GEN && !NO_RSA) */
#endif /* WOLFSSL_SP_MUL_D */
/* Predefine complicated rules of when to compile in sp_div_d and sp_mod_d. */
#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \

6
wolfssl/internal.h
View File

@ -7114,6 +7114,12 @@ WOLFSSL_LOCAL int wolfssl_asn1_obj_set(WOLFSSL_ASN1_OBJECT* obj,
const byte* der, word32 len, int addHdr);
#endif
WOLFSSL_LOCAL int pkcs8_encode(WOLFSSL_EVP_PKEY* pkey, byte* key,
word32* keySz);
WOLFSSL_LOCAL int pkcs8_encrypt(WOLFSSL_EVP_PKEY* pkey,
const WOLFSSL_EVP_CIPHER* enc, char* passwd, int passwdSz, byte* key,
word32* keySz);
#ifdef __cplusplus
} /* extern "C" */
#endif

2
wolfssl/openssl/bn.h
View File

@ -150,6 +150,7 @@ WOLFSSL_API int wolfSSL_BN_lshift(WOLFSSL_BIGNUM* r, const WOLFSSL_BIGNUM* bn,
int n);
WOLFSSL_API int wolfSSL_BN_add_word(WOLFSSL_BIGNUM* bn, WOLFSSL_BN_ULONG w);
WOLFSSL_API int wolfSSL_BN_sub_word(WOLFSSL_BIGNUM* bn, WOLFSSL_BN_ULONG w);
WOLFSSL_API int wolfSSL_BN_mul_word(WOLFSSL_BIGNUM *bn, WOLFSSL_BN_ULONG w);
WOLFSSL_API int wolfSSL_BN_set_bit(WOLFSSL_BIGNUM* bn, int n);
WOLFSSL_API int wolfSSL_BN_clear_bit(WOLFSSL_BIGNUM* bn, int n);
WOLFSSL_API int wolfSSL_BN_set_word(WOLFSSL_BIGNUM* bn, WOLFSSL_BN_ULONG w);
@ -254,6 +255,7 @@ typedef WOLFSSL_BN_GENCB BN_GENCB;
#define BN_lshift wolfSSL_BN_lshift
#define BN_add_word wolfSSL_BN_add_word
#define BN_mul_word wolfSSL_BN_mul_word
#define BN_sub_word wolfSSL_BN_sub_word
#define BN_add wolfSSL_BN_add
#define BN_mod_add wolfSSL_BN_mod_add

3
wolfssl/openssl/dh.h
View File

@ -26,6 +26,7 @@
#define WOLFSSL_DH_H_
#include <wolfssl/openssl/bn.h>
#include <wolfssl/openssl/ssl.h>
#include <wolfssl/openssl/opensslv.h>
#ifdef __cplusplus
@ -102,6 +103,8 @@ typedef WOLFSSL_DH DH;
#define DH_set0_key wolfSSL_DH_set0_key
#define DH_bits(x) (BN_num_bits((x)->p))
#define OPENSSL_DH_MAX_MODULUS_BITS DH_MAX_SIZE
#define DH_GENERATOR_2 2
#define DH_CHECK_P_NOT_PRIME 0x01
#define DH_CHECK_P_NOT_SAFE_PRIME 0x02

3
wolfssl/openssl/dsa.h
View File

@ -26,6 +26,7 @@
#define WOLFSSL_DSA_H_
#include <wolfssl/openssl/bn.h>
#include <wolfssl/openssl/compat_types.h>
#ifdef __cplusplus
extern "C" {
@ -119,6 +120,8 @@ WOLFSSL_API WOLFSSL_DSA* wolfSSL_d2i_DSAparams(
typedef WOLFSSL_DSA DSA;
#define OPENSSL_DSA_MAX_MODULUS_BITS 3072
#define WOLFSSL_DSA_LOAD_PRIVATE 1
#define WOLFSSL_DSA_LOAD_PUBLIC 2

2
wolfssl/openssl/ec.h
View File

@ -25,6 +25,7 @@
#define WOLFSSL_EC_H_
#include <wolfssl/wolfcrypt/types.h>
#include <wolfssl/openssl/compat_types.h>
#include <wolfssl/openssl/bn.h>
#include <wolfssl/openssl/compat_types.h>
#include <wolfssl/wolfcrypt/asn.h>
@ -431,6 +432,7 @@ typedef WOLFSSL_EC_KEY_METHOD EC_KEY_METHOD;
#define EC_KEY_set_conv_form wolfSSL_EC_KEY_set_conv_form
#define EC_KEY_get_conv_form wolfSSL_EC_KEY_get_conv_form
#define d2i_ECPKParameters wolfSSL_d2i_ECPKParameters
#define i2d_ECPKParameters wolfSSL_i2d_ECPKParameters
#define EC_POINT_point2hex wolfSSL_EC_POINT_point2hex
#define EC_POINT_hex2point wolfSSL_EC_POINT_hex2point

10
wolfssl/openssl/pem.h
View File

@ -69,6 +69,8 @@ WOLFSSL_EC_GROUP *wolfSSL_d2i_ECPKParameters(WOLFSSL_EC_GROUP **out,
const unsigned char **in,
long len);
WOLFSSL_API
int wolfSSL_i2d_ECPKParameters(const WOLFSSL_EC_GROUP* grp, unsigned char** pp);
WOLFSSL_API
int wolfSSL_PEM_write_mem_RSAPrivateKey(WOLFSSL_RSA* rsa,
const WOLFSSL_EVP_CIPHER* cipher,
unsigned char* passwd, int len,
@ -179,6 +181,11 @@ WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio,
WOLFSSL_EVP_PKEY** key,
wc_pem_password_cb* cb,
void* pass);
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
WOLFSSL_API
PKCS8_PRIV_KEY_INFO* wolfSSL_PEM_read_bio_PKCS8_PRIV_KEY_INFO(WOLFSSL_BIO* bio,
PKCS8_PRIV_KEY_INFO** key, wc_pem_password_cb* cb, void* arg);
#endif
WOLFSSL_API
WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_bio_PUBKEY(WOLFSSL_BIO* bio,
WOLFSSL_EVP_PKEY **key,
@ -279,6 +286,9 @@ int wolfSSL_PEM_write_DHparams(XFILE fp, WOLFSSL_DH* dh);
#define PEM_read_bio_PUBKEY wolfSSL_PEM_read_bio_PUBKEY
#define PEM_write_bio_PUBKEY wolfSSL_PEM_write_bio_PUBKEY
#define PEM_write_bio_PKCS8_PRIV_KEY_INFO wolfSSL_PEM_write_bio_PKCS8_PRIV_KEY_INFO
#define PEM_read_bio_PKCS8_PRIV_KEY_INFO wolfSSL_PEM_read_bio_PKCS8_PRIV_KEY_INFO
#ifdef __cplusplus
} /* extern "C" */
#endif

3
wolfssl/openssl/rsa.h
View File

@ -27,6 +27,7 @@
#include <wolfssl/openssl/bn.h>
#include <wolfssl/openssl/err.h>
#include <wolfssl/openssl/compat_types.h>
#include <wolfssl/wolfcrypt/types.h>
#include <wolfssl/wolfcrypt/rsa.h>
@ -190,6 +191,8 @@ WOLFSSL_API int wolfSSL_RSA_set_ex_data_with_cleanup(
#endif
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
#define OPENSSL_RSA_MAX_MODULUS_BITS RSA_MAX_SIZE
#define WOLFSSL_RSA_LOAD_PRIVATE 1
#define WOLFSSL_RSA_LOAD_PUBLIC 2
#define WOLFSSL_RSA_F4 0x10001L

4
wolfssl/openssl/ssl.h
View File

@ -207,7 +207,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
#define SSL_use_certificate_ASN1 wolfSSL_use_certificate_ASN1
#define d2i_PKCS8_PRIV_KEY_INFO_bio wolfSSL_d2i_PKCS8_PKEY_bio
#define d2i_PKCS8_PRIV_KEY_INFO wolfSSL_d2i_PKCS8_PKEY
#define i2d_PKCS8_PRIV_KEY_INFO wolfSSL_i2d_PrivateKey
#define i2d_PKCS8_PRIV_KEY_INFO wolfSSL_i2d_PKCS8_PKEY
#define d2i_PKCS8PrivateKey_bio wolfSSL_d2i_PKCS8PrivateKey_bio
#define i2d_PKCS8PrivateKey_bio wolfSSL_PEM_write_bio_PKCS8PrivateKey
#define PKCS8_PRIV_KEY_INFO_free wolfSSL_EVP_PKEY_free
@ -1009,7 +1009,9 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define RSA_print_fp wolfSSL_RSA_print_fp
#define RSA_bits wolfSSL_RSA_bits
#define RSA_up_ref wolfSSL_RSA_up_ref
#define RSA_padding_add_PKCS1_PSS_mgf1 wolfSSL_RSA_padding_add_PKCS1_PSS_mgf1
#define RSA_padding_add_PKCS1_PSS wolfSSL_RSA_padding_add_PKCS1_PSS
#define RSA_verify_PKCS1_PSS_mgf1 wolfSSL_RSA_verify_PKCS1_PSS_mgf1
#define RSA_verify_PKCS1_PSS wolfSSL_RSA_verify_PKCS1_PSS
#define PEM_def_callback wolfSSL_PEM_def_callback

11
wolfssl/ssl.h
View File

@ -1269,11 +1269,18 @@ WOLFSSL_API int wolfSSL_SetServerID(WOLFSSL* ssl, const unsigned char* id, int
WOLFSSL_API int wolfSSL_BIO_new_bio_pair(WOLFSSL_BIO** bio1_p, size_t writebuf1,
WOLFSSL_BIO** bio2_p, size_t writebuf2);
WOLFSSL_API int wolfSSL_RSA_padding_add_PKCS1_PSS_mgf1(WOLFSSL_RSA *rsa,
unsigned char *em, const unsigned char *mHash,
const WOLFSSL_EVP_MD *hashAlg, const WOLFSSL_EVP_MD *mgf1Hash,
int saltLen);
WOLFSSL_API int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa,
unsigned char *EM,
const unsigned char *mHash,
const WOLFSSL_EVP_MD *hashAlg,
int saltLen);
WOLFSSL_API int wolfSSL_RSA_verify_PKCS1_PSS_mgf1(WOLFSSL_RSA *rsa,
const unsigned char *mHash, const WOLFSSL_EVP_MD *hashAlg,
const WOLFSSL_EVP_MD *mgf1Hash, const unsigned char *em, int saltLen);
WOLFSSL_API int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash,
const WOLFSSL_EVP_MD *hashAlg,
const unsigned char *EM, int saltLen);
@ -2088,6 +2095,8 @@ WOLFSSL_API WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY_bio(
WOLFSSL_BIO* bio, WOLFSSL_PKCS8_PRIV_KEY_INFO** pkey);
WOLFSSL_API WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY(
WOLFSSL_PKCS8_PRIV_KEY_INFO** pkey, const unsigned char** keyBuf, long keyLen);
WOLFSSL_API int wolfSSL_i2d_PKCS8_PKEY(WOLFSSL_PKCS8_PRIV_KEY_INFO* key,
unsigned char** pp);
WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY_bio(WOLFSSL_BIO* bio,
WOLFSSL_EVP_PKEY** out);
WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** key,
@ -5382,6 +5391,8 @@ WOLFSSL_API int wolfSSL_X509_get_signature_nid(const WOLFSSL_X509* x);
WOLFSSL_API int wolfSSL_PEM_write_bio_PKCS8PrivateKey(WOLFSSL_BIO* bio,
WOLFSSL_EVP_PKEY* pkey, const WOLFSSL_EVP_CIPHER* enc, char* passwd,
int passwdSz, wc_pem_password_cb* cb, void* ctx);
WOLFSSL_API int wolfSSL_PEM_write_bio_PKCS8_PRIV_KEY_INFO(WOLFSSL_BIO* bio,
PKCS8_PRIV_KEY_INFO* keyInfo);
#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
WOLFSSL_API int wolfSSL_PEM_write_PKCS8PrivateKey(
XFILE fp, WOLFSSL_EVP_PKEY* pkey, const WOLFSSL_EVP_CIPHER* enc,

13
wolfssl/wolfcrypt/asn.h
View File

@ -951,13 +951,14 @@ enum Misc_ASN {
#else
KEYID_SIZE = WC_SHA_DIGEST_SIZE,
#endif
#if !defined(WOLFSSL_RSA_PUBLIC_ONLY) && (defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || !defined(RSA_LOW_MEM))
RSA_INTS = 8, /* RSA ints in private key */
#elif !defined(WOLFSSL_RSA_PUBLIC_ONLY)
RSA_INTS = 5, /* RSA ints in private key */
#else
RSA_INTS = 2, /* RSA ints in private key */
RSA_INTS = 2 /* RSA ints in private key */
#ifndef WOLFSSL_RSA_PUBLIC_ONLY
+ 3
#if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || !defined(RSA_LOW_MEM)
+ 3
#endif
#endif
,
DSA_PARAM_INTS = 3, /* DSA parameter ints */
RSA_PUB_INTS = 2, /* RSA ints in public key */
DSA_PUB_INTS = 4, /* DSA ints in public key */