diff --git a/src/pk.c b/src/pk.c index 34e2727844..5f35442711 100644 --- a/src/pk.c +++ b/src/pk.c @@ -2052,6 +2052,32 @@ WOLFSSL_RSA *wolfSSL_PEM_read_bio_RSA_PUBKEY(WOLFSSL_BIO* bio, } return rsa; } + +WOLFSSL_RSA *wolfSSL_d2i_RSA_PUBKEY_bio(WOLFSSL_BIO *bio, WOLFSSL_RSA **out) +{ + char* data = NULL; + int dataSz = 0; + int memAlloced = 0; + WOLFSSL_RSA* rsa = NULL; + + WOLFSSL_ENTER("wolfSSL_d2i_RSA_PUBKEY_bio"); + + if (bio == NULL) + return NULL; + + if (wolfssl_read_bio(bio, &data, &dataSz, &memAlloced) != 0) { + if (memAlloced) + XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return NULL; + } + + rsa = wolfssl_rsa_d2i(out, (const unsigned char*)data, dataSz, + WOLFSSL_RSA_LOAD_PUBLIC); + if (memAlloced) + XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + return rsa; +} #endif /* !NO_BIO */ #ifndef NO_FILESYSTEM @@ -12327,6 +12353,56 @@ int wolfSSL_EC_KEY_LoadDer_ex(WOLFSSL_EC_KEY* key, const unsigned char* derBuf, return res; } + +#ifndef NO_BIO + +WOLFSSL_EC_KEY *wolfSSL_d2i_EC_PUBKEY_bio(WOLFSSL_BIO *bio, + WOLFSSL_EC_KEY **out) +{ + char* data = NULL; + int dataSz = 0; + int memAlloced = 0; + WOLFSSL_EC_KEY* ec = NULL; + int err = 0; + + WOLFSSL_ENTER("wolfSSL_d2i_EC_PUBKEY_bio"); + + if (bio == NULL) + return NULL; + + if (err == 0 && wolfssl_read_bio(bio, &data, &dataSz, &memAlloced) != 0) { + WOLFSSL_ERROR_MSG("wolfssl_read_bio failed"); + err = 1; + } + + if (err == 0 && (ec = wolfSSL_EC_KEY_new()) == NULL) { + WOLFSSL_ERROR_MSG("wolfSSL_EC_KEY_new failed"); + err = 1; + } + + /* Load the EC key with the public key from the DER encoding. */ + if (err == 0 && wolfSSL_EC_KEY_LoadDer_ex(ec, (const unsigned char*)data, + dataSz, WOLFSSL_EC_KEY_LOAD_PUBLIC) != 1) { + WOLFSSL_ERROR_MSG("wolfSSL_EC_KEY_LoadDer_ex failed"); + err = 1; + } + + if (memAlloced) + XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (err) { /* on error */ + wolfSSL_EC_KEY_free(ec); + ec = NULL; + } + else { /* on success */ + if (out != NULL) + *out = ec; + } + + return ec; +} + +#endif /* !NO_BIO */ + /* * EC key PEM APIs */ diff --git a/src/ssl_asn1.c b/src/ssl_asn1.c index e9c4840d10..44deb03bc1 100644 --- a/src/ssl_asn1.c +++ b/src/ssl_asn1.c @@ -3417,7 +3417,7 @@ unsigned char* wolfSSL_ASN1_TIME_get_data(const WOLFSSL_ASN1_TIME *t) */ int wolfSSL_ASN1_TIME_check(const WOLFSSL_ASN1_TIME* a) { - int ret = 1; + int ret = WOLFSSL_SUCCESS; char buf[MAX_TIME_STRING_SZ]; WOLFSSL_ENTER("wolfSSL_ASN1_TIME_check"); @@ -3425,7 +3425,7 @@ int wolfSSL_ASN1_TIME_check(const WOLFSSL_ASN1_TIME* a) /* If can convert to human readable then format good. */ if (wolfSSL_ASN1_TIME_to_string((WOLFSSL_ASN1_TIME*)a, buf, MAX_TIME_STRING_SZ) == NULL) { - ret = 0; + ret = WOLFSSL_FAILURE; } return ret; @@ -3443,7 +3443,7 @@ int wolfSSL_ASN1_TIME_check(const WOLFSSL_ASN1_TIME* a) */ int wolfSSL_ASN1_TIME_set_string(WOLFSSL_ASN1_TIME *t, const char *str) { - int ret = 1; + int ret = WOLFSSL_SUCCESS; int slen = 0; WOLFSSL_ENTER("wolfSSL_ASN1_TIME_set_string"); @@ -3452,15 +3452,15 @@ int wolfSSL_ASN1_TIME_set_string(WOLFSSL_ASN1_TIME *t, const char *str) WOLFSSL_MSG("Bad parameter"); ret = 0; } - if (ret == 1) { + if (ret == WOLFSSL_SUCCESS) { /* Get length of string including NUL terminator. */ slen = (int)XSTRLEN(str) + 1; if (slen > CTC_DATE_SIZE) { WOLFSSL_MSG("Date string too long"); - ret = 0; + ret = WOLFSSL_FAILURE; } } - if ((ret == 1) && (t != NULL)) { + if ((ret == WOLFSSL_SUCCESS) && (t != NULL)) { /* Copy in string including NUL terminator. */ XMEMCPY(t->data, str, (size_t)slen); /* Do not include NUL terminator in length. */ @@ -3473,6 +3473,21 @@ int wolfSSL_ASN1_TIME_set_string(WOLFSSL_ASN1_TIME *t, const char *str) return ret; } +int wolfSSL_ASN1_TIME_set_string_X509(WOLFSSL_ASN1_TIME *t, const char *str) +{ + int ret = WOLFSSL_SUCCESS; + + WOLFSSL_ENTER("wolfSSL_ASN1_TIME_set_string_X509"); + + if (t == NULL) + ret = WOLFSSL_FAILURE; + if (ret == WOLFSSL_SUCCESS) + ret = wolfSSL_ASN1_TIME_set_string(t, str); + if (ret == WOLFSSL_SUCCESS) + ret = wolfSSL_ASN1_TIME_check(t); + return ret; +} + /* Convert ASN.1 TIME object to ASN.1 GENERALIZED TIME object. * * @param [in] t ASN.1 TIME object. diff --git a/src/ssl_bn.c b/src/ssl_bn.c index d4ecee4f22..acd0e05ea5 100644 --- a/src/ssl_bn.c +++ b/src/ssl_bn.c @@ -492,7 +492,7 @@ WOLFSSL_BIGNUM* wolfSSL_BN_bin2bn(const unsigned char* data, int len, WOLFSSL_ENTER("wolfSSL_BN_bin2bn"); /* Validate parameters. */ - if ((data == NULL) || (len < 0)) { + if (len < 0) { ret = NULL; } /* Allocate a new big number when ret is NULL. */ @@ -507,7 +507,7 @@ WOLFSSL_BIGNUM* wolfSSL_BN_bin2bn(const unsigned char* data, int len, if (ret->internal == NULL) { ret = NULL; } - else { + else if (data != NULL) { /* Decode into big number. */ if (mp_read_unsigned_bin((mp_int*)ret->internal, data, (word32)len) != 0) { @@ -520,6 +520,9 @@ WOLFSSL_BIGNUM* wolfSSL_BN_bin2bn(const unsigned char* data, int len, bn = NULL; } } + else if (data == NULL) { + wolfSSL_BN_zero(ret); + } } /* Dispose of allocated BN not being returned. */ diff --git a/src/ssl_misc.c b/src/ssl_misc.c index 38fa511467..9a5f4b042a 100644 --- a/src/ssl_misc.c +++ b/src/ssl_misc.c @@ -165,7 +165,15 @@ static int wolfssl_read_bio(WOLFSSL_BIO* bio, char** data, int* dataSz, if (bio->type == WOLFSSL_BIO_MEMORY) { ret = wolfSSL_BIO_get_mem_data(bio, data); if (ret > 0) { - bio->rdIdx += ret; + /* Advance the write index in the memory bio */ + WOLFSSL_BIO* mem_bio = bio; + for (; mem_bio != NULL; mem_bio = mem_bio->next) { + if (mem_bio->type == WOLFSSL_BIO_MEMORY) + break; + } + if (mem_bio == NULL) + mem_bio = bio; /* Default to input */ + mem_bio->rdIdx += ret; } *memAlloced = 0; } diff --git a/src/x509.c b/src/x509.c index 2e443a023a..2227d31f89 100644 --- a/src/x509.c +++ b/src/x509.c @@ -397,38 +397,6 @@ int wolfSSL_sk_X509_EXTENSION_push(WOLFSSL_STACK* sk,WOLFSSL_X509_EXTENSION* ext return (int)sk->num; } -/* Free the structure for X509_EXTENSION stack - * - * sk stack to free nodes in - */ -void wolfSSL_sk_X509_EXTENSION_free(WOLFSSL_STACK* sk) -{ - WOLFSSL_STACK* node; - - WOLFSSL_ENTER("wolfSSL_sk_X509_EXTENSION_free"); - - if (sk == NULL) { - return; - } - - /* parse through stack freeing each node */ - node = sk->next; - while ((node != NULL) && (sk->num > 1)) { - WOLFSSL_STACK* tmp = node; - node = node->next; - - wolfSSL_X509_EXTENSION_free(tmp->data.ext); - XFREE(tmp, NULL, DYNAMIC_TYPE_X509); - sk->num -= 1; - } - - /* free head of stack */ - if (sk->num == 1) { - wolfSSL_X509_EXTENSION_free(sk->data.ext); - } - XFREE(sk, NULL, DYNAMIC_TYPE_X509); -} - static WOLFSSL_STACK* generateExtStack(const WOLFSSL_X509 *x) { int numOfExt, i; @@ -917,11 +885,37 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) switch (oid) { case BASIC_CA_OID: + { + word32 dataIdx = idx; + word32 dummyOid; + int dataLen = 0; + if (!isSet) break; /* Set pathlength */ a = wolfSSL_ASN1_INTEGER_new(); - if (a == NULL) { + + /* Set the data */ + ret = GetObjectId(input, &dataIdx, &dummyOid, oidCertExtType, + (word32)sz) == 0; + if (ret && dataIdx < (word32)sz) { + /* Skip the critical information */ + if (input[dataIdx] == ASN_BOOLEAN) { + dataIdx++; + ret = GetLength(input, &dataIdx, &dataLen, sz) >= 0; + dataIdx += dataLen; + } + } + if (ret) { + ret = GetOctetString(input, &dataIdx, &dataLen, + (word32)sz) > 0; + } + if (ret) { + ret = wolfSSL_ASN1_STRING_set(&ext->value, input + dataIdx, + dataLen) == 1; + } + + if (a == NULL || !ret) { wolfSSL_X509_EXTENSION_free(ext); FreeDecodedCert(cert); #ifdef WOLFSSL_SMALL_STACK @@ -937,7 +931,7 @@ WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc) ext->obj->ca = x509->isCa; ext->crit = x509->basicConstCrit; break; - + } case AUTH_INFO_OID: if (!isSet) break; @@ -3669,6 +3663,24 @@ WOLFSSL_X509* wolfSSL_X509_REQ_d2i(WOLFSSL_X509** x509, { return d2i_X509orX509REQ(x509, in, len, 1, NULL); } + +WOLFSSL_X509* wolfSSL_d2i_X509_REQ_INFO(WOLFSSL_X509** req, + const unsigned char** in, int len) +{ + WOLFSSL_X509* ret = NULL; + WOLFSSL_ENTER("wolfSSL_d2i_X509_REQ_INFO"); + + if (in == NULL) { + WOLFSSL_MSG("NULL input for wolfSSL_d2i_X509"); + return NULL; + } + + ret = wolfSSL_X509_REQ_d2i(req, *in, len); + if (ret != NULL) { + *in += ret->derCert->length; + } + return ret; +} #endif #endif /* KEEP_PEER_CERT || SESSION_CERTS || OPENSSL_EXTRA || @@ -5097,6 +5109,11 @@ void wolfSSL_sk_X509_EXTENSION_pop_free( wolfSSL_sk_pop_free(sk, (wolfSSL_sk_freefunc)f); } +void wolfSSL_sk_X509_EXTENSION_free(WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk) +{ + wolfSSL_sk_pop_free(sk, NULL); +} + #endif /* OPENSSL_EXTRA */ #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) diff --git a/tests/api.c b/tests/api.c index 6dc73cce8f..33e7638a82 100644 --- a/tests/api.c +++ b/tests/api.c @@ -43695,6 +43695,9 @@ static int test_wolfSSL_ASN1_TIME(void) ExpectIntEQ(ASN1_TIME_check(NULL), 0); ExpectIntEQ(ASN1_TIME_check(asn_time), 1); + ExpectIntEQ(ASN1_TIME_set_string_X509(asn_time, "101219181011Z"), 1); + ExpectIntEQ(ASN1_TIME_set_string_X509(asn_time, "101219181011Za"), 0); + ASN1_TIME_free(asn_time); ASN1_TIME_free(NULL); #endif @@ -47896,10 +47899,9 @@ static int test_wolfSSL_EVP_MD_size(void) /* error case */ wolfSSL_EVP_MD_CTX_init(&mdCtx); - ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, ""), BAD_FUNC_ARG); - ExpectIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), - BAD_FUNC_ARG); - ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, ""), 0); + ExpectIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), 0); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), 0); /* Cleanup is valid on uninit'ed struct */ ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); #endif /* OPENSSL_EXTRA */ @@ -50792,7 +50794,6 @@ static int test_wolfSSL_BN_enc_dec(void) XMEMSET(&emptyBN, 0, sizeof(emptyBN)); ExpectNotNull(a = BN_new()); ExpectNotNull(b = BN_new()); - ExpectIntEQ(BN_set_word(a, 2), 1); /* Invalid parameters */ ExpectIntEQ(BN_bn2bin(NULL, NULL), -1); @@ -50804,8 +50805,10 @@ static int test_wolfSSL_BN_enc_dec(void) ExpectNull(BN_bn2dec(NULL)); ExpectNull(BN_bn2dec(&emptyBN)); - ExpectNull(BN_bin2bn(NULL, sizeof(binNum), NULL)); - ExpectNull(BN_bin2bn(NULL, sizeof(binNum), a)); + ExpectNotNull(BN_bin2bn(NULL, sizeof(binNum), a)); + BN_free(a); + ExpectNotNull(a = BN_new()); + ExpectIntEQ(BN_set_word(a, 2), 1); ExpectNull(BN_bin2bn(binNum, -1, a)); ExpectNull(BN_bin2bn(binNum, -1, NULL)); ExpectNull(BN_bin2bn(binNum, sizeof(binNum), &emptyBN)); @@ -57778,6 +57781,10 @@ static int test_othername_and_SID_ext(void) { ExpectIntGT(X509_REQ_sign(x509, priv, EVP_sha256()), 0); pt = der; ExpectIntGT(derSz = i2d_X509_REQ(x509, &pt), 0); + X509_REQ_free(x509); + x509 = NULL; + pt = der; + ExpectNotNull(d2i_X509_REQ_INFO(&x509, (const unsigned char**)&pt, derSz)); sk_GENERAL_NAME_pop_free(gns, GENERAL_NAME_free); gns = NULL; sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); @@ -57786,7 +57793,6 @@ static int test_othername_and_SID_ext(void) { ASN1_OBJECT_free(sid_oid); ASN1_OCTET_STRING_free(sid_data); X509_REQ_free(x509); - x509 = NULL; EVP_PKEY_free(priv); /* At this point everything used to generate what is in der is cleaned up. @@ -60208,6 +60214,13 @@ static int test_wolfSSL_d2i_PrivateKeys_bio(void) sizeof_client_key_der_2048), 0); XFREE(bufPtr, NULL, DYNAMIC_TYPE_OPENSSL); + RSA_free(rsa); + rsa = NULL; + ExpectIntGT(BIO_write(bio, client_key_der_2048, + sizeof_client_key_der_2048), 0); + ExpectNotNull(d2i_RSA_PUBKEY_bio(bio, &rsa)); + (void)BIO_reset(bio); + RSA_free(rsa); rsa = RSA_new(); ExpectIntEQ(wolfSSL_i2d_RSAPrivateKey(rsa, NULL), 0); @@ -62175,9 +62188,9 @@ static int test_wolfSSL_EVP_PKEY_keygen(void) ExpectNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL)); /* Bad cases */ - ExpectIntEQ(wolfSSL_EVP_PKEY_keygen(NULL, &pkey), BAD_FUNC_ARG); - ExpectIntEQ(wolfSSL_EVP_PKEY_keygen(ctx, NULL), BAD_FUNC_ARG); - ExpectIntEQ(wolfSSL_EVP_PKEY_keygen(NULL, NULL), BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_EVP_PKEY_keygen(NULL, &pkey), 0); + ExpectIntEQ(wolfSSL_EVP_PKEY_keygen(ctx, NULL), 0); + ExpectIntEQ(wolfSSL_EVP_PKEY_keygen(NULL, NULL), 0); /* Good case */ ExpectIntEQ(wolfSSL_EVP_PKEY_keygen(ctx, &pkey), 0); @@ -71368,6 +71381,65 @@ static int test_wolfSSL_RSA(void) ExpectNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL)); ExpectIntEQ(RSA_size(rsa), 256); +#if !defined(HAVE_FIPS) || FIPS_VERSION3_GT(6,0,0) + { + /* Test setting only subset of parameters */ + RSA *rsa2 = NULL; + unsigned char hash[SHA256_DIGEST_LENGTH]; + unsigned char signature[2048/8]; + unsigned int signatureLen = 0; + + XMEMSET(hash, 0, sizeof(hash)); + RSA_get0_key(rsa, &n, &e, &d); + RSA_get0_factors(rsa, &p, &q); + RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp); + + ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature, + &signatureLen, rsa), 1); + /* Quick sanity check */ + ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature, + signatureLen, rsa), 1); + + /* Verifying */ + ExpectNotNull(rsa2 = RSA_new()); + ExpectIntEQ(RSA_set0_key(rsa2, BN_dup(n), BN_dup(e), NULL), 1); + ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature, + signatureLen, rsa2), 1); + ExpectIntEQ(RSA_set0_factors(rsa2, BN_dup(p), BN_dup(q)), 1); + ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature, + signatureLen, rsa2), 1); + ExpectIntEQ(RSA_set0_crt_params(rsa2, BN_dup(dmp1), BN_dup(dmq1), + BN_dup(iqmp)), 1); + ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature, + signatureLen, rsa2), 1); + RSA_free(rsa2); + rsa2 = NULL; + + /* Signing */ + XMEMSET(signature, 0, sizeof(signature)); + ExpectNotNull(rsa2 = RSA_new()); + ExpectIntEQ(RSA_set0_key(rsa2, BN_dup(n), BN_dup(e), BN_dup(d)), 1); + ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature, + &signatureLen, rsa2), 1); + ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature, + signatureLen, rsa), 1); + ExpectIntEQ(RSA_set0_factors(rsa2, BN_dup(p), BN_dup(q)), 1); + XMEMSET(signature, 0, sizeof(signature)); + ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature, + &signatureLen, rsa2), 1); + ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature, + signatureLen, rsa), 1); + ExpectIntEQ(RSA_set0_crt_params(rsa2, BN_dup(dmp1), BN_dup(dmq1), + BN_dup(iqmp)), 1); + ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature, + &signatureLen, rsa2), 1); + ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature, + signatureLen, rsa), 1); + RSA_free(rsa2); + rsa2 = NULL; + } +#endif + #ifdef WOLFSSL_RSA_KEY_CHECK ExpectIntEQ(RSA_check_key(NULL), 0); ExpectIntEQ(RSA_check_key(rsa), 1); @@ -74745,6 +74817,18 @@ static int test_EC_i2d(void) ExpectNull(d2i_ECPrivateKey(©, &tmp, 1)); ExpectNull(d2i_ECPrivateKey(&key, &tmp, 0)); + { + EC_KEY *pubkey = NULL; + BIO* bio = NULL; + + ExpectNotNull(bio = BIO_new(BIO_s_mem())); + ExpectIntGT(BIO_write(bio, buf, len), 0); + ExpectNotNull(d2i_EC_PUBKEY_bio(bio, &pubkey)); + + BIO_free(bio); + EC_KEY_free(pubkey); + } + ExpectIntEQ(i2d_ECPrivateKey(NULL, &p), 0); ExpectIntEQ(i2d_ECPrivateKey(NULL, NULL), 0); diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 41ca86e6fd..c6417b8e35 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -1725,7 +1725,7 @@ int wolfSSL_EVP_DecryptFinal_legacy(WOLFSSL_EVP_CIPHER_CTX *ctx, { int fl; if (ctx == NULL || out == NULL || outl == NULL) - return BAD_FUNC_ARG; + return WOLFSSL_FAILURE; WOLFSSL_ENTER("wolfSSL_EVP_DecryptFinal_legacy"); if (ctx->block_size == 1) { @@ -1764,7 +1764,7 @@ int wolfSSL_EVP_DecryptFinal_legacy(WOLFSSL_EVP_CIPHER_CTX *ctx, int wolfSSL_EVP_CIPHER_CTX_block_size(const WOLFSSL_EVP_CIPHER_CTX *ctx) { - if (ctx == NULL) return BAD_FUNC_ARG; + if (ctx == NULL) return WOLFSSL_FAILURE; switch (ctx->cipherType) { #if !defined(NO_AES) || !defined(NO_DES3) || defined(WOLFSSL_SM4) #if !defined(NO_AES) @@ -2046,7 +2046,7 @@ static unsigned int cipherType(const WOLFSSL_EVP_CIPHER *cipher) int wolfSSL_EVP_CIPHER_block_size(const WOLFSSL_EVP_CIPHER *cipher) { if (cipher == NULL) - return BAD_FUNC_ARG; + return WOLFSSL_FAILURE; switch (cipherType(cipher)) { #if !defined(NO_AES) @@ -2306,7 +2306,7 @@ int wolfSSL_EVP_CIPHER_CTX_set_padding(WOLFSSL_EVP_CIPHER_CTX *ctx, int padding) { if (ctx == NULL) - return BAD_FUNC_ARG; + return WOLFSSL_FAILURE; if (padding) { ctx->flags &= (unsigned long)~WOLFSSL_EVP_CIPH_NO_PADDING; } @@ -2318,9 +2318,10 @@ int wolfSSL_EVP_CIPHER_CTX_set_padding(WOLFSSL_EVP_CIPHER_CTX *ctx, int wolfSSL_EVP_add_digest(const WOLFSSL_EVP_MD *digest) { - (void)digest; /* nothing to do */ - return 0; + if (digest == NULL) + return WOLFSSL_FAILURE; + return WOLFSSL_SUCCESS; } @@ -3444,7 +3445,7 @@ int wolfSSL_EVP_PKEY_keygen(WOLFSSL_EVP_PKEY_CTX *ctx, WOLFSSL_ENTER("wolfSSL_EVP_PKEY_keygen"); if (ctx == NULL || ppkey == NULL) { - return BAD_FUNC_ARG; + return WOLFSSL_FAILURE; } pkey = *ppkey; @@ -3454,7 +3455,7 @@ int wolfSSL_EVP_PKEY_keygen(WOLFSSL_EVP_PKEY_CTX *ctx, ctx->pkey->type != EVP_PKEY_RSA && ctx->pkey->type != EVP_PKEY_DH)) { WOLFSSL_MSG("Key not set or key type not supported"); - return BAD_FUNC_ARG; + return WOLFSSL_FAILURE; } pkey = wolfSSL_EVP_PKEY_new(); if (pkey == NULL) { @@ -4118,9 +4119,10 @@ int wolfSSL_EVP_VerifyFinal(WOLFSSL_EVP_MD_CTX *ctx, int wolfSSL_EVP_add_cipher(const WOLFSSL_EVP_CIPHER *cipher) { - (void)cipher; /* nothing to do */ - return 0; + if (cipher == NULL) + return WOLFSSL_FAILURE; + return WOLFSSL_SUCCESS; } @@ -4319,7 +4321,7 @@ static int wolfSSL_evp_digest_pk_init(WOLFSSL_EVP_MD_CTX *ctx, } type = wolfSSL_EVP_get_digestbynid(default_digest); if (type == NULL) { - return BAD_FUNC_ARG; + return WOLFSSL_FAILURE; } } @@ -4511,7 +4513,7 @@ int wolfSSL_EVP_DigestSignInit(WOLFSSL_EVP_MD_CTX *ctx, WOLFSSL_ENTER("EVP_DigestSignInit"); if (ctx == NULL || pkey == NULL) - return BAD_FUNC_ARG; + return WOLFSSL_FAILURE; return wolfSSL_evp_digest_pk_init(ctx, pctx, type, e, pkey); } @@ -4523,7 +4525,7 @@ int wolfSSL_EVP_DigestSignUpdate(WOLFSSL_EVP_MD_CTX *ctx, const void *d, WOLFSSL_ENTER("EVP_DigestSignUpdate"); if (ctx == NULL || d == NULL) - return BAD_FUNC_ARG; + return WOLFSSL_FAILURE; return wolfssl_evp_digest_pk_update(ctx, d, cnt); } @@ -4636,7 +4638,7 @@ int wolfSSL_EVP_DigestVerifyInit(WOLFSSL_EVP_MD_CTX *ctx, WOLFSSL_ENTER("EVP_DigestVerifyInit"); if (ctx == NULL || type == NULL || pkey == NULL) - return BAD_FUNC_ARG; + return WOLFSSL_FAILURE; return wolfSSL_evp_digest_pk_init(ctx, pctx, type, e, pkey); } @@ -4648,7 +4650,7 @@ int wolfSSL_EVP_DigestVerifyUpdate(WOLFSSL_EVP_MD_CTX *ctx, const void *d, WOLFSSL_ENTER("EVP_DigestVerifyUpdate"); if (ctx == NULL || d == NULL) - return BAD_FUNC_ARG; + return WOLFSSL_FAILURE; return wolfssl_evp_digest_pk_update(ctx, d, (unsigned int)cnt); } @@ -9323,7 +9325,7 @@ const WOLFSSL_EVP_MD* wolfSSL_EVP_ripemd160(void) int wolfSSL_EVP_MD_pkey_type(const WOLFSSL_EVP_MD* type) { - int ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG); + int ret = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); WOLFSSL_ENTER("wolfSSL_EVP_MD_pkey_type"); @@ -9348,7 +9350,7 @@ int wolfSSL_EVP_MD_pkey_type(const WOLFSSL_EVP_MD* type) } } else { - ret = BAD_FUNC_ARG; + ret = WOLFSSL_FAILURE; } WOLFSSL_LEAVE("wolfSSL_EVP_MD_pkey_type", ret); @@ -10443,7 +10445,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) WOLFSSL_ENTER("EVP_DigestInit"); if (ctx == NULL) { - return BAD_FUNC_ARG; + return WOLFSSL_FAILURE; } @@ -10541,7 +10543,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) #endif { ctx->macType = WC_HASH_TYPE_NONE; - return BAD_FUNC_ARG; + return WOLFSSL_FAILURE; } return ret; @@ -10858,7 +10860,7 @@ int wolfSSL_EVP_MD_block_size(const WOLFSSL_EVP_MD* type) if (type == NULL) { WOLFSSL_MSG("No md type arg"); - return BAD_FUNC_ARG; + return WOLFSSL_FAILURE; } #ifndef NO_SHA @@ -10924,7 +10926,7 @@ int wolfSSL_EVP_MD_block_size(const WOLFSSL_EVP_MD* type) } else #endif - return BAD_FUNC_ARG; + return WOLFSSL_FAILURE; } int wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* type) @@ -10933,7 +10935,7 @@ int wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* type) if (type == NULL) { WOLFSSL_MSG("No md type arg"); - return BAD_FUNC_ARG; + return WOLFSSL_FAILURE; } #ifndef NO_SHA @@ -11009,7 +11011,7 @@ int wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* type) } #endif - return BAD_FUNC_ARG; + return WOLFSSL_FAILURE; } #endif /* OPENSSL_EXTRA || HAVE_CURL */ diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index 4c7d3a0e89..c8c5aae060 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -2392,7 +2392,10 @@ static int RsaFunction_SP(const byte* in, word32 inLen, byte* out, #endif #ifndef RSA_LOW_MEM if ((mp_count_bits(&key->p) == 1024) && - (mp_count_bits(&key->q) == 1024)) { + (mp_count_bits(&key->q) == 1024) && + (mp_count_bits(&key->dP) > 0) && + (mp_count_bits(&key->dQ) > 0) && + (mp_count_bits(&key->u) > 0)) { return sp_RsaPrivate_2048(in, inLen, &key->d, &key->p, &key->q, &key->dP, &key->dQ, &key->u, &key->n, out, outLen); @@ -2423,7 +2426,10 @@ static int RsaFunction_SP(const byte* in, word32 inLen, byte* out, #endif #ifndef RSA_LOW_MEM if ((mp_count_bits(&key->p) == 1536) && - (mp_count_bits(&key->q) == 1536)) { + (mp_count_bits(&key->q) == 1536) && + (mp_count_bits(&key->dP) > 0) && + (mp_count_bits(&key->dQ) > 0) && + (mp_count_bits(&key->u) > 0)) { return sp_RsaPrivate_3072(in, inLen, &key->d, &key->p, &key->q, &key->dP, &key->dQ, &key->u, &key->n, out, outLen); @@ -2454,7 +2460,10 @@ static int RsaFunction_SP(const byte* in, word32 inLen, byte* out, #endif #ifndef RSA_LOW_MEM if ((mp_count_bits(&key->p) == 2048) && - (mp_count_bits(&key->q) == 2048)) { + (mp_count_bits(&key->q) == 2048) && + (mp_count_bits(&key->dP) > 0) && + (mp_count_bits(&key->dQ) > 0) && + (mp_count_bits(&key->u) > 0)) { return sp_RsaPrivate_4096(in, inLen, &key->d, &key->p, &key->q, &key->dP, &key->dQ, &key->u, &key->n, out, outLen); @@ -2551,7 +2560,13 @@ static int RsaFunctionPrivate(mp_int* tmp, RsaKey* key, WC_RNG* rng) } } #else - if (ret == 0) { + if (ret == 0 && (mp_iszero(&key->p) || mp_iszero(&key->q) || + mp_iszero(&key->dP) || mp_iszero(&key->dQ))) { + if (mp_exptmod(tmp, &key->d, &key->n, tmp) != MP_OKAY) { + ret = MP_EXPTMOD_E; + } + } + else if (ret == 0) { mp_int* tmpa = tmp; #if defined(WC_RSA_BLINDING) && !defined(WC_NO_RNG) mp_int* tmpb = rnd; diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 4a6c7fe096..1b4df70a6a 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -25474,7 +25474,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void) if (wolfSSL_EVP_DecryptFinal_ex(NULL, NULL, NULL) != WOLFSSL_FAILURE) return WC_TEST_RET_ENC_NC; - if (EVP_CIPHER_CTX_block_size(NULL) != BAD_FUNC_ARG) + if (EVP_CIPHER_CTX_block_size(NULL) != WOLFSSL_FAILURE) return WC_TEST_RET_ENC_NC; if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS) @@ -25485,7 +25485,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void) if (EVP_CIPHER_CTX_block_size(en) != en->block_size) return WC_TEST_RET_ENC_NC; - if (EVP_CIPHER_block_size(NULL) != BAD_FUNC_ARG) + if (EVP_CIPHER_block_size(NULL) != WOLFSSL_FAILURE) return WC_TEST_RET_ENC_NC; if (EVP_CIPHER_block_size(EVP_aes_128_cbc()) != AES_BLOCK_SIZE) @@ -25502,7 +25502,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void) if (en->flags != 42) return WC_TEST_RET_ENC_NC; - if (EVP_CIPHER_CTX_set_padding(NULL, 0) != BAD_FUNC_ARG) + if (EVP_CIPHER_CTX_set_padding(NULL, 0) != WOLFSSL_FAILURE) return WC_TEST_RET_ENC_NC; if (EVP_CIPHER_CTX_set_padding(en, 0) != WOLFSSL_SUCCESS) return WC_TEST_RET_ENC_NC; diff --git a/wolfssl/openssl/compat_types.h b/wolfssl/openssl/compat_types.h index 93a3b12dac..61cc80aeb1 100644 --- a/wolfssl/openssl/compat_types.h +++ b/wolfssl/openssl/compat_types.h @@ -50,6 +50,8 @@ typedef struct WOLFSSL_EVP_PKEY_CTX WOLFSSL_EVP_PKEY_CTX; typedef struct WOLFSSL_EVP_CIPHER_CTX WOLFSSL_EVP_CIPHER_CTX; typedef struct WOLFSSL_ASN1_PCTX WOLFSSL_ASN1_PCTX; +typedef struct WOLFSSL_BIO WOLFSSL_BIO; + #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) typedef WOLFSSL_EVP_MD EVP_MD; typedef WOLFSSL_EVP_MD_CTX EVP_MD_CTX; diff --git a/wolfssl/openssl/ec.h b/wolfssl/openssl/ec.h index 319cf3c3bd..a36e71e0bd 100644 --- a/wolfssl/openssl/ec.h +++ b/wolfssl/openssl/ec.h @@ -26,6 +26,7 @@ #include #include +#include #include #include @@ -205,6 +206,9 @@ WOLFSSL_API int wolfSSL_EC_KEY_LoadDer_ex(WOLFSSL_EC_KEY* key, const unsigned char* der, int derSz, int opt); WOLFSSL_API +WOLFSSL_EC_KEY *wolfSSL_d2i_EC_PUBKEY_bio(WOLFSSL_BIO *bio, + WOLFSSL_EC_KEY **out); +WOLFSSL_API void wolfSSL_EC_KEY_free(WOLFSSL_EC_KEY *key); WOLFSSL_API WOLFSSL_EC_POINT *wolfSSL_EC_KEY_get0_public_key(const WOLFSSL_EC_KEY *key); @@ -371,6 +375,8 @@ typedef WOLFSSL_EC_KEY_METHOD EC_KEY_METHOD; #define EC_KEY_check_key wolfSSL_EC_KEY_check_key #define EC_KEY_print_fp wolfSSL_EC_KEY_print_fp +#define d2i_EC_PUBKEY_bio wolfSSL_d2i_EC_PUBKEY_bio + #define ECDSA_size wolfSSL_ECDSA_size #define ECDSA_sign wolfSSL_ECDSA_sign #define ECDSA_verify wolfSSL_ECDSA_verify diff --git a/wolfssl/openssl/pem.h b/wolfssl/openssl/pem.h index 6d9d4418b6..ebda526314 100644 --- a/wolfssl/openssl/pem.h +++ b/wolfssl/openssl/pem.h @@ -56,6 +56,8 @@ WOLFSSL_API WOLFSSL_RSA *wolfSSL_PEM_read_bio_RSA_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_RSA** rsa, wc_pem_password_cb* cb, void *u); +WOLFSSL_API +WOLFSSL_RSA *wolfSSL_d2i_RSA_PUBKEY_bio(WOLFSSL_BIO *bio, WOLFSSL_RSA **out); WOLFSSL_API WOLFSSL_EC_GROUP* wolfSSL_PEM_read_bio_ECPKParameters(WOLFSSL_BIO* bio, @@ -249,6 +251,7 @@ int wolfSSL_PEM_write_DHparams(XFILE fp, WOLFSSL_DH* dh); #define PEM_read_RSA_PUBKEY wolfSSL_PEM_read_RSA_PUBKEY #define PEM_write_RSAPublicKey wolfSSL_PEM_write_RSAPublicKey #define PEM_read_RSAPublicKey wolfSSL_PEM_read_RSAPublicKey +#define d2i_RSA_PUBKEY_bio wolfSSL_d2i_RSA_PUBKEY_bio /* DSA */ #define PEM_write_bio_DSAPrivateKey wolfSSL_PEM_write_bio_DSAPrivateKey #define PEM_write_DSAPrivateKey wolfSSL_PEM_write_DSAPrivateKey diff --git a/wolfssl/openssl/ssl.h b/wolfssl/openssl/ssl.h index 29dbb9a2da..584b45ef9f 100644 --- a/wolfssl/openssl/ssl.h +++ b/wolfssl/openssl/ssl.h @@ -82,6 +82,7 @@ typedef WOLFSSL_CTX SSL_CTX; typedef WOLFSSL_X509 X509; typedef WOLFSSL_X509 X509_REQ; +typedef WOLFSSL_X509 X509_REQ_INFO; typedef WOLFSSL_X509_NAME X509_NAME; typedef WOLFSSL_X509_INFO X509_INFO; typedef WOLFSSL_X509_CHAIN X509_CHAIN; @@ -426,6 +427,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define d2i_X509_fp wolfSSL_d2i_X509_fp #define i2d_X509 wolfSSL_i2d_X509 #define d2i_X509 wolfSSL_d2i_X509 +#define d2i_X509_REQ_INFO wolfSSL_d2i_X509_REQ_INFO #define PEM_read_bio_X509 wolfSSL_PEM_read_bio_X509 #define PEM_read_bio_X509_REQ wolfSSL_PEM_read_bio_X509_REQ #define PEM_read_X509_REQ wolfSSL_PEM_read_X509_REQ @@ -443,6 +445,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define d2i_X509_REQ wolfSSL_d2i_X509_REQ #define X509_REQ_new wolfSSL_X509_REQ_new #define X509_REQ_free wolfSSL_X509_REQ_free +#define X509_REQ_INFO_free wolfSSL_X509_REQ_free #define X509_REQ_sign wolfSSL_X509_REQ_sign #define X509_REQ_sign_ctx wolfSSL_X509_REQ_sign_ctx #define X509_REQ_add_extensions wolfSSL_X509_REQ_add_extensions @@ -563,6 +566,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; #define sk_X509_EXTENSION_new_null wolfSSL_sk_X509_EXTENSION_new_null #define sk_X509_EXTENSION_pop_free wolfSSL_sk_X509_EXTENSION_pop_free #define sk_X509_EXTENSION_push wolfSSL_sk_X509_EXTENSION_push +#define sk_X509_EXTENSION_free wolfSSL_sk_X509_EXTENSION_free #define X509_INFO_new wolfSSL_X509_INFO_new #define X509_INFO_free wolfSSL_X509_INFO_free @@ -871,6 +875,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_ #endif #define ASN1_TIME_set wolfSSL_ASN1_TIME_set #define ASN1_TIME_set_string wolfSSL_ASN1_TIME_set_string +#define ASN1_TIME_set_string_X509 wolfSSL_ASN1_TIME_set_string_X509 #define ASN1_GENERALIZEDTIME_set_string wolfSSL_ASN1_TIME_set_string #define ASN1_GENERALIZEDTIME_print wolfSSL_ASN1_GENERALIZEDTIME_print diff --git a/wolfssl/ssl.h b/wolfssl/ssl.h index 6961b03b5b..304a138f2f 100644 --- a/wolfssl/ssl.h +++ b/wolfssl/ssl.h @@ -208,7 +208,6 @@ typedef struct WOLFSSL_X509_LOOKUP_METHOD WOLFSSL_X509_LOOKUP_METHOD; typedef struct WOLFSSL_CRL WOLFSSL_X509_CRL; typedef struct WOLFSSL_X509_STORE WOLFSSL_X509_STORE; typedef struct WOLFSSL_X509_VERIFY_PARAM WOLFSSL_X509_VERIFY_PARAM; -typedef struct WOLFSSL_BIO WOLFSSL_BIO; typedef struct WOLFSSL_BIO_METHOD WOLFSSL_BIO_METHOD; typedef struct WOLFSSL_X509_EXTENSION WOLFSSL_X509_EXTENSION; typedef struct WOLFSSL_ASN1_OBJECT WOLFSSL_ASN1_OBJECT; @@ -1638,6 +1637,8 @@ WOLFSSL_API void wolfSSL_ACCESS_DESCRIPTION_free(WOLFSSL_ACCESS_DESCRIPTION* a); WOLFSSL_API void wolfSSL_sk_X509_EXTENSION_pop_free( WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk, void (*f) (WOLFSSL_X509_EXTENSION*)); +WOLFSSL_API void wolfSSL_sk_X509_EXTENSION_free( + WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk); WOLFSSL_API WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* wolfSSL_sk_X509_EXTENSION_new_null(void); WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_ASN1_OBJECT_new(void); WOLFSSL_API WOLFSSL_ASN1_OBJECT* wolfSSL_ASN1_OBJECT_dup(WOLFSSL_ASN1_OBJECT* obj); @@ -2825,6 +2826,8 @@ WOLFSSL_API int wolfSSL_ASN1_TIME_compare(const WOLFSSL_ASN1_TIME *a, #ifdef OPENSSL_EXTRA WOLFSSL_API WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_set(WOLFSSL_ASN1_TIME *s, time_t t); WOLFSSL_API int wolfSSL_ASN1_TIME_set_string(WOLFSSL_ASN1_TIME *s, const char *str); +WOLFSSL_API int wolfSSL_ASN1_TIME_set_string_X509(WOLFSSL_ASN1_TIME *t, + const char *str); #endif WOLFSSL_API int wolfSSL_sk_num(const WOLFSSL_STACK* sk); @@ -2964,6 +2967,8 @@ WOLFSSL_API WOLFSSL_X509* #ifdef WOLFSSL_CERT_REQ WOLFSSL_API WOLFSSL_X509* wolfSSL_X509_REQ_d2i(WOLFSSL_X509** x509, const unsigned char* in, int len); +WOLFSSL_API WOLFSSL_X509* wolfSSL_d2i_X509_REQ_INFO(WOLFSSL_X509** req, + const unsigned char** in, int len); #endif WOLFSSL_API int wolfSSL_i2d_X509(WOLFSSL_X509* x509, unsigned char** out); WOLFSSL_API WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL(WOLFSSL_X509_CRL **crl, @@ -4508,7 +4513,6 @@ WOLFSSL_API WOLFSSL_X509_EXTENSION* wolfSSL_X509_EXTENSION_dup( WOLFSSL_X509_EXTENSION* src); WOLFSSL_API int wolfSSL_sk_X509_EXTENSION_push(WOLFSSL_STACK* sk, WOLFSSL_X509_EXTENSION* ext); -WOLFSSL_API void wolfSSL_sk_X509_EXTENSION_free(WOLFSSL_STACK* sk); WOLFSSL_API void wolfSSL_X509_EXTENSION_free(WOLFSSL_X509_EXTENSION* ext_to_free); WOLFSSL_API WOLFSSL_STACK* wolfSSL_sk_new_x509_ext(void); #endif