From 841d13e81cee9ab12f713b7b0ca76aa63894eca3 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Tue, 28 Jan 2025 12:54:56 +0100 Subject: [PATCH 1/5] Implement BN_CTX_get --- .wolfssl_known_macro_extras | 1 + src/ssl_bn.c | 70 +++++++++++++++++++++++++------------ tests/api.c | 17 +++++---- wolfssl/openssl/bn.h | 8 ++++- 4 files changed, 66 insertions(+), 30 deletions(-) diff --git a/.wolfssl_known_macro_extras b/.wolfssl_known_macro_extras index e69f11d5db..c79b768f42 100644 --- a/.wolfssl_known_macro_extras +++ b/.wolfssl_known_macro_extras @@ -373,6 +373,7 @@ NO_WOLFSSL_AUTOSAR_CRYIF NO_WOLFSSL_AUTOSAR_CRYPTO NO_WOLFSSL_AUTOSAR_CSM NO_WOLFSSL_BASE64_DECODE +NO_WOLFSSL_BN_CTX NO_WOLFSSL_MSG_EX NO_WOLFSSL_RENESAS_FSPSM_AES NO_WOLFSSL_RENESAS_FSPSM_HASH diff --git a/src/ssl_bn.c b/src/ssl_bn.c index dfa897e29c..0dbf591427 100644 --- a/src/ssl_bn.c +++ b/src/ssl_bn.c @@ -2362,65 +2362,89 @@ int wolfSSL_BN_print_fp(XFILE fp, const WOLFSSL_BIGNUM *bn) } #endif /* !NO_FILESYSTEM && XFPRINTF */ +#ifndef NO_WOLFSSL_BN_CTX /******************************************************************************* * BN_CTX APIs ******************************************************************************/ -/* Allocate and return a new BN context object. +/* Create a new BN context object. * - * BN context not needed for operations. - * - * @return Pointer to dummy object. + * @return BN context object on success. + * @return NULL on failure. */ WOLFSSL_BN_CTX* wolfSSL_BN_CTX_new(void) { - /* wolfcrypt doesn't need BN context. */ - static int ctx; + WOLFSSL_BN_CTX* ctx = NULL; + WOLFSSL_ENTER("wolfSSL_BN_CTX_new"); - return (WOLFSSL_BN_CTX*)&ctx; + ctx = (WOLFSSL_BN_CTX*)XMALLOC(sizeof(WOLFSSL_BN_CTX), NULL, + DYNAMIC_TYPE_OPENSSL); + if (ctx != NULL) { + wolfSSL_BN_CTX_init(ctx); + } + + return ctx; } /* Initialize a BN context object. * - * BN context not needed for operations. - * - * @param [in] ctx Dummy BN context. + * @param [in] ctx BN context object. */ void wolfSSL_BN_CTX_init(WOLFSSL_BN_CTX* ctx) { - (void)ctx; WOLFSSL_ENTER("wolfSSL_BN_CTX_init"); + if (ctx != NULL) { + XMEMSET(ctx, 0, sizeof(WOLFSSL_BN_CTX)); + } } /* Free a BN context object. * - * BN context not needed for operations. - * - * @param [in] ctx Dummy BN context. + * @param [in] ctx BN context object. */ void wolfSSL_BN_CTX_free(WOLFSSL_BN_CTX* ctx) { - (void)ctx; WOLFSSL_ENTER("wolfSSL_BN_CTX_free"); - /* Don't do anything since using dummy, static BN context. */ + if (ctx != NULL) { + while (ctx->list != NULL) { + struct WOLFSSL_BN_CTX_LIST* tmp = ctx->list; + ctx->list = ctx->list->next; + wolfSSL_BN_free(tmp->bn); + XFREE(tmp, NULL, DYNAMIC_TYPE_OPENSSL); + } + XFREE(ctx, NULL, DYNAMIC_TYPE_OPENSSL); + } } -/* Get a big number based on the BN context. +/* Get a big number from the BN context. * - * @param [in] ctx BN context. Not used. + * @param [in] ctx BN context object. * @return Big number on success. * @return NULL on failure. */ WOLFSSL_BIGNUM *wolfSSL_BN_CTX_get(WOLFSSL_BN_CTX *ctx) { - /* ctx is not used - returning a new big number. */ - (void)ctx; + WOLFSSL_BIGNUM* bn = NULL; WOLFSSL_ENTER("wolfSSL_BN_CTX_get"); + if (ctx != NULL) { + struct WOLFSSL_BN_CTX_LIST** prev = &ctx->list; + while (*prev != NULL) + prev = &(*prev)->next; + *prev = (struct WOLFSSL_BN_CTX_LIST*)XMALLOC( + sizeof(struct WOLFSSL_BN_CTX_LIST), NULL, DYNAMIC_TYPE_OPENSSL); + if (*prev != NULL) { + XMEMSET(*prev, 0, sizeof(struct WOLFSSL_BN_CTX_LIST)); + bn = (*prev)->bn = wolfSSL_BN_new(); + if ((*prev)->bn == NULL) { + XFREE(*prev, NULL, DYNAMIC_TYPE_OPENSSL); + *prev = NULL; + } + } + } - /* Return a new big number. */ - return wolfSSL_BN_new(); + return bn; } #ifndef NO_WOLFSSL_STUB @@ -2440,6 +2464,8 @@ void wolfSSL_BN_CTX_start(WOLFSSL_BN_CTX *ctx) } #endif +#endif /* NO_WOLFSSL_BN_CTX */ + /******************************************************************************* * BN_MONT_CTX APIs ******************************************************************************/ diff --git a/tests/api.c b/tests/api.c index 01e810abe8..8bb9e2137f 100644 --- a/tests/api.c +++ b/tests/api.c @@ -62643,17 +62643,19 @@ static int test_wolfSSL_BN_CTX(void) #if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && \ !defined(OPENSSL_EXTRA_NO_BN) && !defined(WOLFSSL_SP_MATH) WOLFSSL_BN_CTX* bn_ctx = NULL; - WOLFSSL_BIGNUM* t = NULL; - ExpectNotNull(bn_ctx = wolfSSL_BN_CTX_new()); + ExpectNotNull(bn_ctx = BN_CTX_new()); /* No implementation. */ BN_CTX_init(NULL); - ExpectNotNull(t = BN_CTX_get(NULL)); - BN_free(t); - ExpectNotNull(t = BN_CTX_get(bn_ctx)); - BN_free(t); + ExpectNull(BN_CTX_get(NULL)); + ExpectNotNull(BN_CTX_get(bn_ctx)); + ExpectNotNull(BN_CTX_get(bn_ctx)); + ExpectNotNull(BN_CTX_get(bn_ctx)); + ExpectNotNull(BN_CTX_get(bn_ctx)); + ExpectNotNull(BN_CTX_get(bn_ctx)); + ExpectNotNull(BN_CTX_get(bn_ctx)); #ifndef NO_WOLFSSL_STUB /* No implementation. */ @@ -78011,7 +78013,7 @@ static int test_wolfSSL_d2i_and_i2d_PublicKey_ecc(void) int derLen; unsigned char pub_buf[65]; const int pub_len = 65; - BN_CTX* ctx; + BN_CTX* ctx = NULL; EC_GROUP* curve = NULL; EC_KEY* ephemeral_key = NULL; const EC_POINT* h = NULL; @@ -78051,6 +78053,7 @@ static int test_wolfSSL_d2i_and_i2d_PublicKey_ecc(void) EVP_PKEY_free(pkey); EC_KEY_free(ephemeral_key); EC_GROUP_free(curve); + BN_CTX_free(ctx); #endif return EXPECT_RESULT(); } diff --git a/wolfssl/openssl/bn.h b/wolfssl/openssl/bn.h index 39b6bf384e..bfdb2add01 100644 --- a/wolfssl/openssl/bn.h +++ b/wolfssl/openssl/bn.h @@ -77,7 +77,13 @@ typedef struct WOLFSSL_BIGNUM { #define WOLFSSL_BN_MAX_VAL ((BN_ULONG)-1) -typedef struct WOLFSSL_BN_CTX WOLFSSL_BN_CTX; +struct WOLFSSL_BN_CTX_LIST { + WOLFSSL_BIGNUM* bn; + struct WOLFSSL_BN_CTX_LIST* next; +}; +typedef struct WOLFSSL_BN_CTX { + struct WOLFSSL_BN_CTX_LIST* list; +} WOLFSSL_BN_CTX; typedef struct WOLFSSL_BN_MONT_CTX WOLFSSL_BN_MONT_CTX; typedef struct WOLFSSL_BN_GENCB WOLFSSL_BN_GENCB; From 91bffeead34d78a5b2123133e2e55b54cbbc75e4 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Wed, 29 Jan 2025 10:50:23 +0100 Subject: [PATCH 2/5] wolfSSL_BN_CTX_get: prepend to list skipping need to traverse the list --- src/ssl_bn.c | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/src/ssl_bn.c b/src/ssl_bn.c index 0dbf591427..e0a1a252ca 100644 --- a/src/ssl_bn.c +++ b/src/ssl_bn.c @@ -2429,17 +2429,18 @@ WOLFSSL_BIGNUM *wolfSSL_BN_CTX_get(WOLFSSL_BN_CTX *ctx) WOLFSSL_ENTER("wolfSSL_BN_CTX_get"); if (ctx != NULL) { - struct WOLFSSL_BN_CTX_LIST** prev = &ctx->list; - while (*prev != NULL) - prev = &(*prev)->next; - *prev = (struct WOLFSSL_BN_CTX_LIST*)XMALLOC( + struct WOLFSSL_BN_CTX_LIST* node = (struct WOLFSSL_BN_CTX_LIST*)XMALLOC( sizeof(struct WOLFSSL_BN_CTX_LIST), NULL, DYNAMIC_TYPE_OPENSSL); - if (*prev != NULL) { - XMEMSET(*prev, 0, sizeof(struct WOLFSSL_BN_CTX_LIST)); - bn = (*prev)->bn = wolfSSL_BN_new(); - if ((*prev)->bn == NULL) { - XFREE(*prev, NULL, DYNAMIC_TYPE_OPENSSL); - *prev = NULL; + if (node != NULL) { + XMEMSET(node, 0, sizeof(struct WOLFSSL_BN_CTX_LIST)); + bn = node->bn = wolfSSL_BN_new(); + if (node->bn != NULL) { + node->next = ctx->list; + ctx->list = node; + } + else { + XFREE(node, NULL, DYNAMIC_TYPE_OPENSSL); + node = NULL; } } } From 8b7b9636aab29fe3736d67b29eb81d8342760282 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Thu, 30 Jan 2025 20:41:19 +0100 Subject: [PATCH 3/5] Remove BN_CTX_init as its no longer in OpenSSL for a long time --- src/ssl_bn.c | 15 +-------------- tests/api.c | 3 --- wolfssl/openssl/bn.h | 2 -- 3 files changed, 1 insertion(+), 19 deletions(-) diff --git a/src/ssl_bn.c b/src/ssl_bn.c index e0a1a252ca..2d0d29d1f9 100644 --- a/src/ssl_bn.c +++ b/src/ssl_bn.c @@ -2380,25 +2380,12 @@ WOLFSSL_BN_CTX* wolfSSL_BN_CTX_new(void) ctx = (WOLFSSL_BN_CTX*)XMALLOC(sizeof(WOLFSSL_BN_CTX), NULL, DYNAMIC_TYPE_OPENSSL); if (ctx != NULL) { - wolfSSL_BN_CTX_init(ctx); + XMEMSET(ctx, 0, sizeof(WOLFSSL_BN_CTX)); } return ctx; } -/* Initialize a BN context object. - * - * @param [in] ctx BN context object. - */ -void wolfSSL_BN_CTX_init(WOLFSSL_BN_CTX* ctx) -{ - WOLFSSL_ENTER("wolfSSL_BN_CTX_init"); - if (ctx != NULL) { - XMEMSET(ctx, 0, sizeof(WOLFSSL_BN_CTX)); - } -} - - /* Free a BN context object. * * @param [in] ctx BN context object. diff --git a/tests/api.c b/tests/api.c index 8bb9e2137f..ea13b24c5a 100644 --- a/tests/api.c +++ b/tests/api.c @@ -62646,9 +62646,6 @@ static int test_wolfSSL_BN_CTX(void) ExpectNotNull(bn_ctx = BN_CTX_new()); - /* No implementation. */ - BN_CTX_init(NULL); - ExpectNull(BN_CTX_get(NULL)); ExpectNotNull(BN_CTX_get(bn_ctx)); ExpectNotNull(BN_CTX_get(bn_ctx)); diff --git a/wolfssl/openssl/bn.h b/wolfssl/openssl/bn.h index bfdb2add01..0ebde46e02 100644 --- a/wolfssl/openssl/bn.h +++ b/wolfssl/openssl/bn.h @@ -88,7 +88,6 @@ typedef struct WOLFSSL_BN_MONT_CTX WOLFSSL_BN_MONT_CTX; typedef struct WOLFSSL_BN_GENCB WOLFSSL_BN_GENCB; WOLFSSL_API WOLFSSL_BN_CTX* wolfSSL_BN_CTX_new(void); -WOLFSSL_API void wolfSSL_BN_CTX_init(WOLFSSL_BN_CTX* ctx); WOLFSSL_API void wolfSSL_BN_CTX_free(WOLFSSL_BN_CTX* ctx); WOLFSSL_API WOLFSSL_BIGNUM* wolfSSL_BN_new(void); @@ -215,7 +214,6 @@ typedef WOLFSSL_BN_MONT_CTX BN_MONT_CTX; typedef WOLFSSL_BN_GENCB BN_GENCB; #define BN_CTX_new wolfSSL_BN_CTX_new -#define BN_CTX_init wolfSSL_BN_CTX_init #define BN_CTX_free wolfSSL_BN_CTX_free #define BN_new wolfSSL_BN_new From 573dea4605eb74a8b0575f94f9f4f949f193e363 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Fri, 7 Feb 2025 14:34:43 +0100 Subject: [PATCH 4/5] fixup! Implement BN_CTX_get --- wolfssl/openssl/bn.h | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/wolfssl/openssl/bn.h b/wolfssl/openssl/bn.h index 0ebde46e02..c0d7f9b6b3 100644 --- a/wolfssl/openssl/bn.h +++ b/wolfssl/openssl/bn.h @@ -213,8 +213,13 @@ typedef WOLFSSL_BN_CTX BN_CTX; typedef WOLFSSL_BN_MONT_CTX BN_MONT_CTX; typedef WOLFSSL_BN_GENCB BN_GENCB; +#ifndef NO_WOLFSSL_BN_CTX #define BN_CTX_new wolfSSL_BN_CTX_new #define BN_CTX_free wolfSSL_BN_CTX_free +#else +#define BN_CTX_new() ((BN_CTX*)-1) +#define BN_CTX_free(x) ((void)(x)) +#endif #define BN_new wolfSSL_BN_new #if !defined(USE_INTEGER_HEAP_MATH) && !defined(HAVE_WOLF_BIGINT) From e2d40288eed0b4e36e2f49ed68387ceb26c114b3 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Fri, 7 Feb 2025 14:45:42 +0100 Subject: [PATCH 5/5] Remove internal use of wolfSSL_BN_CTX_new() --- wolfcrypt/src/evp.c | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index abc79d9992..5e3f936eaa 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -3795,18 +3795,11 @@ int wolfSSL_EVP_PKEY_cmp(const WOLFSSL_EVP_PKEY *a, const WOLFSSL_EVP_PKEY *b) static int DH_param_check(WOLFSSL_DH* dh_key) { int ret = WOLFSSL_SUCCESS; - WOLFSSL_BN_CTX* ctx = NULL; WOLFSSL_BIGNUM *num1 = NULL; WOLFSSL_BIGNUM *num2 = NULL; WOLFSSL_ENTER("DH_param_check"); - ctx = wolfSSL_BN_CTX_new(); - if (ctx == NULL) { - WOLFSSL_MSG("failed to allocate memory"); - return WOLFSSL_FAILURE; - } - num1 = wolfSSL_BN_new(); num2 = wolfSSL_BN_new(); if (num1 == NULL || num2 == NULL) { @@ -3840,7 +3833,7 @@ static int DH_param_check(WOLFSSL_DH* dh_key) dh_key->q != NULL) { if (ret == WOLFSSL_SUCCESS && - wolfSSL_BN_mod_exp(num1, dh_key->g, dh_key->q, dh_key->p, ctx) + wolfSSL_BN_mod_exp(num1, dh_key->g, dh_key->q, dh_key->p, NULL) == WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) { WOLFSSL_MSG("BN_mod_exp failed"); @@ -3855,7 +3848,7 @@ static int DH_param_check(WOLFSSL_DH* dh_key) #if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) /* test if the number q is prime. */ if (ret == WOLFSSL_SUCCESS && - (wolfSSL_BN_is_prime_ex(dh_key->q, 64, ctx, NULL) <= 0)) { + (wolfSSL_BN_is_prime_ex(dh_key->q, 64, NULL, NULL) <= 0)) { WOLFSSL_MSG("dh_key->q is not prime or error during check."); ret = WOLFSSL_FAILURE; } /* else TODO check q div q - 1. need BN_div */ @@ -3863,7 +3856,6 @@ static int DH_param_check(WOLFSSL_DH* dh_key) } /* clean up */ - wolfSSL_BN_CTX_free(ctx); wolfSSL_BN_free(num1); wolfSSL_BN_free(num2);