WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

pk.c: rework DH API and improve PEM read/write 

Reorganized the DH APIs into groups.
Reworked all DH APIs.
Improved testing of DH API.

Implemented wolfSSL_PEM_read_RSAPublicKey() and
wolfSSL_PEM_write_RSA_PUBKEY().
Fix public key PEM write implementations to use the correct
header/footer names.
Added support for "RSA PUBLIC KEY" in header and footer in DerToPemEx().

Reworked PEM read/write APIs to be independent. No longer create an EVP
to use common function - common functionality refectored out.
Similarly file APIs don't create a BIO and call the partner APIs.

Improved testing of PEM read/write APIs.

Generic read BIO from memory BIO now returns the buffer instead of
allocating memory and reading.
No longer reading chunks when a file BIO.

Added wolfssl_make_rng() to create or get get global random. All RSA and
DH APIs now use this. DH_generate_parameters() creates a random object
and use global on error rather than just using global random.

Changed implementations to use BIO_new_fp() instead of create a new BIO
and setting file pointer.
pull/5608/head
Sean Parkinson 2022-09-20 12:04:01 +10:00
parent 0f9279ce52
commit dad62fc182
9 changed files with 3836 additions and 2544 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/internal.c
View File

@ -32181,7 +32181,7 @@ static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
/* Final cleanup */
if (
#ifdef WOLFSSL_ASYNC_IO
args != NULL &&
args != NULL &&
#endif
args->input != NULL) {
XFREE(args->input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER);

4131
src/pk.c
View File

File diff suppressed because it is too large Load Diff

561
src/ssl.c
View File

@ -2147,6 +2147,49 @@ int wolfSSL_SetMinRsaKey_Sz(WOLFSSL* ssl, short keySz)
#endif /* !NO_RSA */
#ifndef NO_DH
#ifdef OPENSSL_EXTRA
long wolfSSL_set_tmp_dh(WOLFSSL *ssl, WOLFSSL_DH *dh)
{
int pSz, gSz;
byte *p, *g;
int ret = 0;
WOLFSSL_ENTER("wolfSSL_set_tmp_dh");
if (!ssl || !dh)
return BAD_FUNC_ARG;
/* Get needed size for p and g */
pSz = wolfSSL_BN_bn2bin(dh->p, NULL);
gSz = wolfSSL_BN_bn2bin(dh->g, NULL);
if (pSz <= 0 || gSz <= 0)
return -1;
p = (byte*)XMALLOC(pSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
if (!p)
return MEMORY_E;
g = (byte*)XMALLOC(gSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
if (!g) {
XFREE(p, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
return MEMORY_E;
}
pSz = wolfSSL_BN_bn2bin(dh->p, p);
gSz = wolfSSL_BN_bn2bin(dh->g, g);
if (pSz >= 0 && gSz >= 0) /* Conversion successful */
ret = wolfSSL_SetTmpDH(ssl, p, pSz, g, gSz);
XFREE(p, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
XFREE(g, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
return pSz > 0 && gSz > 0 ? ret : -1;
}
#endif /* OPENSSL_EXTRA */
/* server Diffie-Hellman parameters, WOLFSSL_SUCCESS on ok */
int wolfSSL_SetTmpDH(WOLFSSL* ssl, const unsigned char* p, int pSz,
const unsigned char* g, int gSz)
@ -5525,7 +5568,8 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
#endif /* !NO_SESSION_CACHE */
#if !defined(WC_NO_RNG) && (defined(OPENSSL_EXTRA) || \
(defined(OPENSSL_EXTRA_X509_SMALL) && !defined(NO_RSA)))
(defined(OPENSSL_EXTRA_X509_SMALL) && !defined(NO_RSA)) || \
(defined(OPENSSL_ALL) && !defined(NO_DH)))
#define HAVE_GLOBAL_RNG /* consolidate flags for using globalRNG */
static WC_RNG globalRNG;
@ -9022,7 +9066,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_CTX_get0_privatekey(const WOLFSSL_CTX* ctx)
#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
static WOLFSSL_EVP_PKEY* d2iGenericKey(WOLFSSL_EVP_PKEY** out,
const unsigned char** in, long inSz, int priv)
const unsigned char** in, long inSz, int priv)
{
WOLFSSL_EVP_PKEY* pkey = NULL;
@ -9080,20 +9124,13 @@ static WOLFSSL_EVP_PKEY* d2iGenericKey(WOLFSSL_EVP_PKEY** out,
}
pkey->ownRsa = 1;
pkey->rsa = wolfSSL_RSA_new();
pkey->rsa = wolfssl_rsa_d2i(NULL, mem, inSz,
priv ? WOLFSSL_RSA_LOAD_PRIVATE : WOLFSSL_RSA_LOAD_PUBLIC);
if (pkey->rsa == NULL) {
wolfSSL_EVP_PKEY_free(pkey);
return NULL;
}
if (wolfSSL_RSA_LoadDer_ex(pkey->rsa,
(const unsigned char*)pkey->pkey.ptr,
pkey->pkey_sz, priv ? WOLFSSL_RSA_LOAD_PRIVATE
: WOLFSSL_RSA_LOAD_PUBLIC) != 1) {
wolfSSL_EVP_PKEY_free(pkey);
return NULL;
}
return pkey;
}
else {
@ -9836,16 +9873,11 @@ static WOLFSSL_EVP_PKEY* _d2i_PublicKey(int type, WOLFSSL_EVP_PKEY** out,
switch (type) {
#ifndef NO_RSA
case EVP_PKEY_RSA:
local->ownRsa = 1;
local->rsa = wolfSSL_RSA_new();
if (local->rsa == NULL) {
wolfSSL_EVP_PKEY_free(local);
return NULL;
}
opt = priv ? WOLFSSL_RSA_LOAD_PRIVATE : WOLFSSL_RSA_LOAD_PUBLIC;
if (wolfSSL_RSA_LoadDer_ex(local->rsa,
(const unsigned char*)local->pkey.ptr, local->pkey_sz,
opt) != WOLFSSL_SUCCESS) {
local->ownRsa = 1;
local->rsa = wolfssl_rsa_d2i(NULL,
(const unsigned char*)local->pkey.ptr, local->pkey_sz, opt);
if (local->rsa == NULL) {
wolfSSL_EVP_PKEY_free(local);
return NULL;
}
@ -28132,16 +28164,16 @@ int EncryptDerKey(byte *der, int *derSz, const EVP_CIPHER* cipher,
}
#endif /* WOLFSSL_KEY_GEN || WOLFSSL_PEM_TO_DER */
#ifndef NO_BIO
static int pem_write_bio_pubkey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key)
#if !defined(NO_BIO)
static int pem_write_pubkey(WOLFSSL_EVP_PKEY* key, void* heap, byte** derBuf,
int* derSz)
{
int ret;
int pemSz;
byte* pemBuf;
int derSz = 0;
byte* derBuf = NULL;
byte* buf = NULL;
int sz = 0;
if (bio == NULL || key == NULL) {
(void)heap;
if (key == NULL) {
WOLFSSL_MSG("Bad parameters");
return WOLFSSL_FAILURE;
}
@ -28149,7 +28181,7 @@ static int pem_write_bio_pubkey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key)
switch (key->type) {
#if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && !defined(HAVE_USER_RSA)
case EVP_PKEY_RSA:
if ((derSz = wolfSSL_RSA_To_Der(key->rsa, &derBuf, 1, bio->heap))
if ((sz = wolfSSL_RSA_To_Der(key->rsa, &buf, 1, heap))
< 0) {
WOLFSSL_MSG("wolfSSL_RSA_To_Der failed");
break;
@ -28163,16 +28195,15 @@ static int pem_write_bio_pubkey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key)
WOLFSSL_MSG("key->dsa is null");
break;
}
derSz = MAX_DSA_PUBKEY_SZ;
derBuf = (byte*)XMALLOC(derSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (derBuf == NULL) {
sz = MAX_DSA_PUBKEY_SZ;
buf = (byte*)XMALLOC(sz, heap, DYNAMIC_TYPE_TMP_BUFFER);
if (buf == NULL) {
WOLFSSL_MSG("malloc failed");
break;
}
/* Key to DER */
derSz = wc_DsaKeyToPublicDer((DsaKey*)key->dsa->internal, derBuf,
derSz);
if (derSz < 0) {
sz = wc_DsaKeyToPublicDer((DsaKey*)key->dsa->internal, buf, sz);
if (sz < 0) {
WOLFSSL_MSG("wc_DsaKeyToDer failed");
break;
}
@ -28185,19 +28216,18 @@ static int pem_write_bio_pubkey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key)
WOLFSSL_MSG("key->ecc is null");
break;
}
derSz = wc_EccPublicKeyDerSize((ecc_key*)key->ecc->internal, 1);
if (derSz <= 0) {
sz = wc_EccPublicKeyDerSize((ecc_key*)key->ecc->internal, 1);
if (sz <= 0) {
WOLFSSL_MSG("wc_EccPublicKeyDerSize failed");
break;
}
derBuf = (byte*)XMALLOC(derSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (derBuf == NULL) {
buf = (byte*)XMALLOC(sz, heap, DYNAMIC_TYPE_TMP_BUFFER);
if (buf == NULL) {
WOLFSSL_MSG("malloc failed");
break;
}
derSz = wc_EccPublicKeyToDer((ecc_key*)key->ecc->internal, derBuf,
derSz, 1);
if (derSz < 0) {
sz = wc_EccPublicKeyToDer((ecc_key*)key->ecc->internal, buf, sz, 1);
if (sz < 0) {
WOLFSSL_MSG("wc_EccPublicKeyToDer failed");
break;
}
@ -28214,52 +28244,51 @@ static int pem_write_bio_pubkey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key)
break;
}
if (derBuf == NULL || derSz <= 0) {
if (derBuf != NULL)
XFREE(derBuf, bio->heap, DYNAMIC_TYPE_DER);
return WOLFSSL_FAILURE;
}
pemSz = wc_DerToPem(derBuf, derSz, NULL, 0, PUBLICKEY_TYPE);
if (pemSz < 0) {
WOLFSSL_LEAVE("pem_write_bio_pubkey", pemSz);
XFREE(derBuf, bio->heap, DYNAMIC_TYPE_DER);
return WOLFSSL_FAILURE;
}
pemBuf = (byte*)XMALLOC(pemSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (pemBuf == NULL) {
WOLFSSL_LEAVE("pem_write_bio_pubkey", pemSz);
XFREE(derBuf, bio->heap, DYNAMIC_TYPE_DER);
return WOLFSSL_FAILURE;
}
ret = wc_DerToPem(derBuf, derSz, pemBuf, pemSz, PUBLICKEY_TYPE);
XFREE(derBuf, bio->heap, DYNAMIC_TYPE_DER);
if (ret < 0) {
WOLFSSL_LEAVE("pem_write_bio_pubkey", ret);
XFREE(pemBuf, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
return WOLFSSL_FAILURE;
}
ret = wolfSSL_BIO_write(bio, pemBuf, pemSz);
XFREE(pemBuf, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
if (ret != pemSz) {
WOLFSSL_MSG("Unable to write full PEM to BIO");
if (buf == NULL || sz <= 0) {
if (buf != NULL)
XFREE(buf, heap, DYNAMIC_TYPE_DER);
return WOLFSSL_FAILURE;
}
*derBuf = buf;
*derSz = sz;
return WOLFSSL_SUCCESS;
}
#endif
#ifndef NO_BIO
static int pem_write_bio_pubkey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key)
{
int ret;
int derSz = 0;
byte* derBuf = NULL;
ret = pem_write_pubkey(key, bio->heap, &derBuf, &derSz);
if (ret == WOLFSSL_SUCCESS) {
ret = pem_write_bio_der(bio, derBuf, derSz, PUBLICKEY_TYPE);
XFREE(derBuf, bio->heap, DYNAMIC_TYPE_DER);
}
return ret;
}
/* Takes a public key and writes it out to a WOLFSSL_BIO
* Returns WOLFSSL_SUCCESS or WOLFSSL_FAILURE
*/
int wolfSSL_PEM_write_bio_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key)
{
int ret;
WOLFSSL_ENTER("wolfSSL_PEM_write_bio_PUBKEY");
return pem_write_bio_pubkey(bio, key);
if ((bio == NULL) || (key == NULL)) {
ret = WOLFSSL_FAILURE;
}
else {
ret = pem_write_bio_pubkey(bio, key);
}
return ret;
}
/* Takes a private key and writes it out to a WOLFSSL_BIO
@ -28271,10 +28300,7 @@ int wolfSSL_PEM_write_bio_PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key,
wc_pem_password_cb* cb, void* arg)
{
byte* keyDer;
int pemSz;
int type;
int ret;
byte* tmp;
(void)cipher;
(void)passwd;
@ -28321,31 +28347,7 @@ int wolfSSL_PEM_write_bio_PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key,
type = PRIVATEKEY_TYPE;
}
pemSz = wc_DerToPem(keyDer, key->pkey_sz, NULL, 0, type);
if (pemSz < 0) {
WOLFSSL_LEAVE("wolfSSL_PEM_write_bio_PrivateKey", pemSz);
return WOLFSSL_FAILURE;
}
tmp = (byte*)XMALLOC(pemSz, bio->heap, DYNAMIC_TYPE_OPENSSL);
if (tmp == NULL) {
return MEMORY_E;
}
ret = wc_DerToPem(keyDer, key->pkey_sz, tmp, pemSz, type);
if (ret < 0) {
WOLFSSL_LEAVE("wolfSSL_PEM_write_bio_PrivateKey", ret);
XFREE(tmp, bio->heap, DYNAMIC_TYPE_OPENSSL);
return WOLFSSL_FAILURE;
}
ret = wolfSSL_BIO_write(bio, tmp, pemSz);
XFREE(tmp, bio->heap, DYNAMIC_TYPE_OPENSSL);
if (ret != pemSz) {
WOLFSSL_MSG("Unable to write full PEM to BIO");
return WOLFSSL_FAILURE;
}
return WOLFSSL_SUCCESS;
return pem_write_bio_der(bio, keyDer, key->pkey_sz, type);
}
#endif /* !NO_BIO */
@ -28596,171 +28598,6 @@ int wolfSSL_set1_groups_list(WOLFSSL *ssl, char *list)
#endif /* HAVE_ECC */
#ifndef NO_BIO
/* Number of bytes to read from a file at a time. */
#define PEM_READ_FILE_CHUNK_SZ 100
static int pem_read_bio_file(WOLFSSL_BIO* bio, char** pem)
{
int ret = 0;
int idx = 0;
int sz = PEM_READ_FILE_CHUNK_SZ; /* read from file by chunks */
int memSz = 0;
char* mem = NULL;
char* tmp;
/* Allocate a chunk to read into. */
tmp = (char*)XMALLOC(sz, bio->heap, DYNAMIC_TYPE_OPENSSL);
if (tmp == NULL) {
WOLFSSL_MSG("Memory error");
ret = MEMORY_E;
}
while (ret == 0 && (sz = wolfSSL_BIO_read(bio, tmp, sz)) > 0) {
char* newMem;
/* sanity check for signed overflow */
if (memSz + sz < 0) {
break;
}
/* Reallocate to make space for read data. */
newMem = (char*)XREALLOC(mem, memSz + sz, bio->heap,
DYNAMIC_TYPE_OPENSSL);
if (newMem == NULL) {
WOLFSSL_MSG("Memory error");
ret = MEMORY_E;
break;
}
mem = newMem;
/* Copy in new data. */
XMEMCPY(mem + idx, tmp, sz);
memSz += sz;
idx += sz;
sz = PEM_READ_FILE_CHUNK_SZ; /* read another chunk from file */
}
XFREE(tmp, bio->heap, DYNAMIC_TYPE_OPENSSL);
tmp = NULL;
if (ret == 0) {
/* Check data was read. */
if (memSz <= 0) {
WOLFSSL_MSG("No data to read from bio");
ret = BUFFER_E;
}
else {
/* Return size of data read. */
ret = memSz;
}
}
/* Dispose of any allocated memory on error. */
if (ret < 0) {
XFREE(mem, bio->heap, DYNAMIC_TYPE_OPENSSL);
mem = NULL;
}
*pem = mem;
return ret;
}
static int pem_read_bio_pending(WOLFSSL_BIO* bio, int pendingSz, char** pem)
{
int ret = 0;
char* mem;
/* Allocate buffer to hold pending data. */
mem = (char*)XMALLOC(pendingSz, bio->heap, DYNAMIC_TYPE_OPENSSL);
if (mem == NULL) {
WOLFSSL_MSG("Memory error");
ret = MEMORY_E;
}
else if ((ret = wolfSSL_BIO_read(bio, mem, pendingSz)) <= 0) {
/* Pending data not read. */
XFREE(mem, bio->heap, DYNAMIC_TYPE_OPENSSL);
mem = NULL;
ret = MEMORY_E;
}
*pem = mem;
return ret;
}
static int pem_read_bio_key(WOLFSSL_BIO* bio, wc_pem_password_cb* cb,
void* pass, int keyType, int* eccFlag,
DerBuffer** der)
{
#ifdef WOLFSSL_SMALL_STACK
EncryptedInfo* info = NULL;
#else
EncryptedInfo info[1];
#endif /* WOLFSSL_SMALL_STACK */
wc_pem_password_cb* localCb = NULL;
char* mem = NULL;
int ret;
if (cb != NULL) {
localCb = cb;
}
else if (pass != NULL) {
localCb = wolfSSL_PEM_def_callback;
}
if ((ret = wolfSSL_BIO_pending(bio)) > 0) {
ret = pem_read_bio_pending(bio, ret, &mem);
}
else if (bio->type == WOLFSSL_BIO_FILE) {
ret = pem_read_bio_file(bio, &mem);
}
else {
WOLFSSL_MSG("No data to read from bio");
ret = NOT_COMPILED_IN;
}
#ifdef WOLFSSL_SMALL_STACK
if (ret >= 0) {
info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL,
DYNAMIC_TYPE_TMP_BUFFER);
if (info == NULL) {
WOLFSSL_MSG("Error getting memory for EncryptedInfo structure");
XFREE(mem, bio->heap, DYNAMIC_TYPE_OPENSSL);
mem = NULL;
ret = MEMORY_E;
}
}
#endif /* WOLFSSL_SMALL_STACK */
if (ret >= 0) {
int memSz = ret;
XMEMSET(info, 0, sizeof(EncryptedInfo));
info->passwd_cb = localCb;
info->passwd_userdata = pass;
/* Do not strip PKCS8 header */
ret = PemToDer((const unsigned char*)mem, memSz, keyType, der, NULL,
info, eccFlag);
if (ret < 0) {
WOLFSSL_MSG("Bad PEM To DER");
}
/* Write left over data back to BIO if not a file BIO */
else if ((memSz - (int)info->consumed) > 0 &&
bio->type != WOLFSSL_BIO_FILE) {
if (wolfSSL_BIO_write(bio, mem + (int)info->consumed,
memSz - (int)info->consumed) <= 0) {
WOLFSSL_MSG("Unable to advance bio read pointer");
}
}
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#endif
XFREE(mem, bio->heap, DYNAMIC_TYPE_OPENSSL);
return ret;
}
WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio,
WOLFSSL_EVP_PKEY** key,
wc_pem_password_cb* cb,
@ -28776,8 +28613,8 @@ WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio,
if (bio == NULL)
return pkey;
if (pem_read_bio_key(bio, cb, pass, PRIVATEKEY_TYPE, &keyFormat,
&der) >= 0) {
if (pem_read_bio_key(bio, cb, pass, PRIVATEKEY_TYPE, &keyFormat, &der)
>= 0) {
const unsigned char* ptr = der->buffer;
if (keyFormat) {
@ -28830,7 +28667,8 @@ WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_bio_PUBKEY(WOLFSSL_BIO* bio,
if (bio == NULL)
return pkey;
if (pem_read_bio_key(bio, cb, pass, PUBLICKEY_TYPE, &keyFormat, &der) >= 0) {
if (pem_read_bio_key(bio, cb, pass, PUBLICKEY_TYPE, &keyFormat, &der)
>= 0) {
const unsigned char* ptr = der->buffer;
/* handle case where reuse is attempted */
@ -28852,41 +28690,42 @@ WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_bio_PUBKEY(WOLFSSL_BIO* bio,
return pkey;
}
#endif /* !NO_BIO */
#if !defined(NO_FILESYSTEM)
WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_PUBKEY(XFILE fp, WOLFSSL_EVP_PKEY **x,
wc_pem_password_cb *cb, void *u)
WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_PUBKEY(XFILE fp, WOLFSSL_EVP_PKEY **key,
wc_pem_password_cb *cb, void *pass)
{
int err = 0;
WOLFSSL_EVP_PKEY* ret = NULL;
WOLFSSL_BIO* bio = NULL;
WOLFSSL_EVP_PKEY* pkey = NULL;
DerBuffer* der = NULL;
int keyFormat = 0;
WOLFSSL_ENTER("wolfSSL_PEM_read_PUBKEY");
WOLFSSL_ENTER("wolfSSL_PEM_read_bio_PUBKEY");
if (fp == XBADFILE) {
err = 1;
}
if (err == 0) {
bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file());
err = bio == NULL;
}
if (err == 0) {
err = wolfSSL_BIO_set_fp(bio, fp, BIO_NOCLOSE) != WOLFSSL_SUCCESS;
}
if (err == 0) {
ret = wolfSSL_PEM_read_bio_PUBKEY(bio, x, cb, u);
if (pem_read_file_key(fp, cb, pass, PUBLICKEY_TYPE, &keyFormat, &der)
>= 0) {
const unsigned char* ptr = der->buffer;
/* handle case where reuse is attempted */
if (key != NULL && *key != NULL)
pkey = *key;
wolfSSL_d2i_PUBKEY(&pkey, &ptr, der->length);
if (pkey == NULL) {
WOLFSSL_MSG("Error loading DER buffer into WOLFSSL_EVP_PKEY");
}
}
if (bio != NULL) {
wolfSSL_BIO_free(bio);
}
FreeDer(&der);
WOLFSSL_LEAVE("wolfSSL_PEM_read_PUBKEY", 0);
if (key != NULL && pkey != NULL)
*key = pkey;
return ret;
WOLFSSL_LEAVE("wolfSSL_PEM_read_bio_PUBKEY", 0);
return pkey;
}
#endif /* NO_FILESYSTEM */
#endif /* !NO_BIO */
#endif /* OPENSSL_EXTRA */
#ifdef WOLFSSL_ALT_CERT_CHAINS
@ -29746,39 +29585,57 @@ int wolfSSL_ASN1_STRING_canon(WOLFSSL_ASN1_STRING* asn_out,
#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
#if !defined(NO_FILESYSTEM)
#ifndef NO_BIO
WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_PrivateKey(XFILE fp,
WOLFSSL_EVP_PKEY **x, wc_pem_password_cb *cb, void *u)
WOLFSSL_EVP_PKEY **key, wc_pem_password_cb *cb, void *pass)
{
int err = 0;
WOLFSSL_EVP_PKEY* ret = NULL;
WOLFSSL_BIO* bio = NULL;
WOLFSSL_EVP_PKEY* pkey = NULL;
DerBuffer* der = NULL;
int keyFormat = 0;
int type = -1;
WOLFSSL_ENTER("wolfSSL_PEM_read_PrivateKey");
if (fp == XBADFILE) {
err = 1;
}
if (err == 0) {
bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file());
err = bio == NULL;
}
if (err == 0) {
err = wolfSSL_BIO_set_fp(bio, fp, BIO_NOCLOSE) != WOLFSSL_SUCCESS;
}
if (err == 0) {
ret = wolfSSL_PEM_read_bio_PrivateKey(bio, x, cb, u);
if (pem_read_file_key(fp, cb, pass, PRIVATEKEY_TYPE, &keyFormat,
&der) >= 0) {
const unsigned char* ptr = der->buffer;
if (keyFormat) {
/* keyFormat is Key_Sum enum */
if (keyFormat == RSAk)
type = EVP_PKEY_RSA;
else if (keyFormat == ECDSAk)
type = EVP_PKEY_EC;
else if (keyFormat == DSAk)
type = EVP_PKEY_DSA;
else if (keyFormat == DHk)
type = EVP_PKEY_DH;
}
else {
/* Default to RSA if format is not set */
type = EVP_PKEY_RSA;
}
/* handle case where reuse is attempted */
if (key != NULL && *key != NULL)
pkey = *key;
wolfSSL_d2i_PrivateKey(type, &pkey, &ptr, der->length);
if (pkey == NULL) {
WOLFSSL_MSG("Error loading DER buffer into WOLFSSL_EVP_PKEY");
}
}
if (bio != NULL) {
wolfSSL_BIO_free(bio);
}
FreeDer(&der);
return ret;
if (key != NULL && pkey != NULL)
*key = pkey;
WOLFSSL_LEAVE("wolfSSL_PEM_read_PrivateKey", 0);
return pkey;
}
#endif
#endif
#endif
#endif /* OPENSSL_ALL || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL*/
@ -30039,15 +29896,10 @@ int wolfSSL_ASN1_STRING_canon(WOLFSSL_ASN1_STRING* asn_out,
if (name == NULL || header == NULL || data == NULL || len == NULL)
return WOLFSSL_FAILURE;
bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file());
bio = wolfSSL_BIO_new_fp(fp, BIO_NOCLOSE);
if (bio == NULL)
return 0;
if (wolfSSL_BIO_set_fp(bio, fp, BIO_NOCLOSE) != WOLFSSL_SUCCESS) {
wolfSSL_BIO_free(bio);
bio = NULL;
}
ret = wolfSSL_PEM_read_bio(bio, name, header, data, len);
if (bio != NULL)
@ -30065,15 +29917,10 @@ int wolfSSL_ASN1_STRING_canon(WOLFSSL_ASN1_STRING* asn_out,
if (name == NULL || header == NULL || data == NULL)
return 0;
bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file());
bio = wolfSSL_BIO_new_fp(fp, BIO_NOCLOSE);
if (bio == NULL)
return 0;
if (wolfSSL_BIO_set_fp(bio, fp, BIO_NOCLOSE) != WOLFSSL_SUCCESS) {
wolfSSL_BIO_free(bio);
bio = NULL;
}
ret = wolfSSL_PEM_write_bio(bio, name, header, data, len);
if (bio != NULL)
@ -34559,32 +34406,33 @@ static int set_curves_list(WOLFSSL* ssl, WOLFSSL_CTX *ctx, const char* names)
goto leave;
XMEMCPY(name, names + start, len);
name[len] = 0;
name[len++] = 0;
if ((XSTRCMP(name, "prime256v1") == 0) ||
(XSTRCMP(name, "secp256r1") == 0) ||
(XSTRCMP(name, "P-256") == 0))
/* Use XSTRNCMP to avoid valgrind error. */
if ((XSTRNCMP(name, "prime256v1", len) == 0) ||
(XSTRNCMP(name, "secp256r1", len) == 0) ||
(XSTRNCMP(name, "P-256", len) == 0))
{
curve = WOLFSSL_ECC_SECP256R1;
}
else if ((XSTRCMP(name, "secp384r1") == 0) ||
(XSTRCMP(name, "P-384") == 0))
else if ((XSTRNCMP(name, "secp384r1", len) == 0) ||
(XSTRNCMP(name, "P-384", len) == 0))
{
curve = WOLFSSL_ECC_SECP384R1;
}
else if ((XSTRCMP(name, "secp521r1") == 0) ||
(XSTRCMP(name, "P-521") == 0))
else if ((XSTRNCMP(name, "secp521r1", len) == 0) ||
(XSTRNCMP(name, "P-521", len) == 0))
{
curve = WOLFSSL_ECC_SECP521R1;
}
#ifdef HAVE_CURVE25519
else if (XSTRCMP(name, "X25519") == 0)
else if (XSTRNCMP(name, "X25519", len) == 0)
{
curve = WOLFSSL_ECC_X25519;
}
#endif
#ifdef HAVE_CURVE448
else if (XSTRCMP(name, "X448") == 0)
else if (XSTRNCMP(name, "X448", len) == 0)
{
curve = WOLFSSL_ECC_X448;
}
@ -37953,41 +37801,8 @@ static int bio_get_data(WOLFSSL_BIO* bio, byte** data)
{
int ret = 0;
byte* mem = NULL;
#ifndef NO_FILESYSTEM
long memSz;
XFILE file;
long curr;
#endif
if ((ret = wolfSSL_BIO_pending(bio)) > 0) {
}
#ifndef NO_FILESYSTEM
else if (bio->type == WOLFSSL_BIO_FILE) {
if (wolfSSL_BIO_get_fp(bio, &file) != WOLFSSL_SUCCESS)
ret = BAD_FUNC_ARG;
if (ret == 0) {
curr = XFTELL(file);
if (curr < 0) {
ret = WOLFSSL_BAD_FILE;
}
if (XFSEEK(file, 0, XSEEK_END) != 0)
ret = WOLFSSL_BAD_FILE;
}
if (ret == 0) {
memSz = XFTELL(file);
if (memSz > MAX_WOLFSSL_FILE_SIZE || memSz < 0) {
ret = WOLFSSL_BAD_FILE;
}
}
if (ret == 0) {
memSz -= curr;
ret = (int)memSz;
if (XFSEEK(file, curr, SEEK_SET) != 0)
ret = WOLFSSL_BAD_FILE;
}
}
#endif
ret = wolfSSL_BIO_get_len(bio);
if (ret > 0) {
mem = (byte*)XMALLOC(ret, bio->heap, DYNAMIC_TYPE_OPENSSL);
if (mem == NULL) {

6
src/x509.c
View File

@ -7277,7 +7277,7 @@ WOLFSSL_API int wolfSSL_X509_load_cert_crl_file(WOLFSSL_X509_LOOKUP *ctx,
#endif
}
wolfSSL_sk_X509_INFO_pop_free(info, wolfSSL_X509_INFO_free);
#else
#elif defined(HAVE_CRL)
/* Only supports one certificate or CRL in the file. */
WOLFSSL_X509_CRL* crl = NULL;
XFILE fp = XFOPEN(file, "rb");
@ -7659,6 +7659,7 @@ const WOLFSSL_ASN1_TIME* wolfSSL_X509_REVOKED_get0_revocation_date(const
#endif
#ifndef NO_BIO
/* print serial number out
* return WOLFSSL_SUCCESS on success
*/
@ -7718,7 +7719,9 @@ static int X509CRLPrintSignature(WOLFSSL_BIO* bio, WOLFSSL_X509_CRL* crl,
return WOLFSSL_SUCCESS;
}
#endif /* !NO_BIO */
#if !defined(NO_BIO) && defined(XSNPRINTF)
/* print out the extensions in human readable format for use with
* wolfSSL_X509_CRL_print()
* return WOLFSSL_SUCCESS on success
@ -7959,7 +7962,6 @@ static int X509CRLPrintDates(WOLFSSL_BIO* bio, WOLFSSL_X509_CRL* crl,
}
#endif
#if !defined(NO_BIO) && defined(XSNPRINTF)
/* Writes the human readable form of x509 to bio.
*
* bio WOLFSSL_BIO to write to.

1642
tests/api.c
View File

File diff suppressed because it is too large Load Diff

7
wolfcrypt/src/asn.c
View File

@ -10114,7 +10114,7 @@ int wc_DhParamsToDer(DhKey* key, byte* output, word32* outSz)
ret = LENGTH_ONLY_E;
}
/* Check buffer is big enough for encoding. */
if ((ret == 0) && ((int)*outSz < sz)) {
if ((ret == 0) && (*outSz < (word32)sz)) {
ret = BUFFER_E;
}
if (ret == 0) {
@ -22728,6 +22728,11 @@ int wc_PemGetHeaderFooter(int type, const char** header, const char** footer)
if (footer) *footer = END_PUB_KEY;
ret = 0;
break;
case RSA_PUBLICKEY_TYPE:
if (header) *header = BEGIN_RSA_PUB;
if (footer) *footer = END_RSA_PUB;
ret = 0;
break;
#ifndef NO_DH
case DH_PRIVATEKEY_TYPE:
#endif

8
wolfssl/internal.h
View File

@ -1137,9 +1137,13 @@ enum {
/* set maximum DH key size allowed */
#ifndef WOLFSSL_MAX_DHKEY_BITS
#if (defined(USE_FAST_MATH) && defined(FP_MAX_BITS) && FP_MAX_BITS >= 16384)
#define WOLFSSL_MAX_DHKEY_BITS (FP_MAX_BITS / 2)
#define WOLFSSL_MAX_DHKEY_BITS (FP_MAX_BITS / 2)
#elif (defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_MATH)) && \
defined(SP_INT_BITS)
/* SP implementation supports numbers of SP_INT_BITS bits. */
#define WOLFSSL_MAX_DHKEY_BITS (((SP_INT_BITS + 7) / 8) * 8)
#else
#define WOLFSSL_MAX_DHKEY_BITS 4096
#define WOLFSSL_MAX_DHKEY_BITS 4096
#endif
#endif
#if (WOLFSSL_MAX_DHKEY_BITS % 8)

18
wolfssl/openssl/bn.h
View File

@ -52,6 +52,24 @@ typedef struct WOLFSSL_BIGNUM {
#define BN_ULONG WOLFSSL_BN_ULONG
#endif
#ifndef WOLFSSL_MAX_BN_BITS
#if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_MATH)
/* SP implementation supports numbers of SP_INT_BITS bits. */
#define WOLFSSL_MAX_BN_BITS SP_INT_BITS
#elif defined(USE_FAST_MATH)
/* FP implementation support numbers up to FP_MAX_BITS / 2 bits. */
#define WOLFSSL_MAX_BN_BITS (FP_MAX_BITS / 2)
#else
#ifdef WOLFSSL_MYSQL_COMPATIBLE
/* Integer maths is dynamic but we only go up to 8192 bits. */
#define WOLFSSL_MAX_BN_BITS 8192
#else
/* Integer maths is dynamic but we only go up to 4096 bits. */
#define WOLFSSL_MAX_BN_BITS 4096
#endif
#endif
#endif
typedef struct WOLFSSL_BN_CTX WOLFSSL_BN_CTX;
typedef struct WOLFSSL_BN_GENCB WOLFSSL_BN_GENCB;

5
wolfssl/openssl/dh.h
View File

@ -50,10 +50,7 @@ struct WOLFSSL_DH {
* lighttpd src code.
*/
int length;
#ifndef SINGLE_THREADED
wolfSSL_Mutex refMutex; /* ref count mutex */
#endif
int refCount; /* reference count */
wolfSSL_Ref ref; /* Reference count information. */
};
WOLFSSL_API WOLFSSL_DH *wolfSSL_d2i_DHparams(WOLFSSL_DH **dh,