Browse Source

Make changes to support port of NTP from OpenSSL to wolfSSL.

Hayden Roche 2 years ago
parent
commit
dc7ae37f7a

BIN
certs/dsaparams.der


+ 1 - 0
certs/include.am

@@ -47,6 +47,7 @@ EXTRA_DIST += \
 	     certs/test-servercert.p12 \
 	     certs/test-servercert-rc2.p12 \
 	     certs/ecc-rsa-server.p12 \
+	     certs/dsaparams.der \
 	     certs/dsaparams.pem \
 	     certs/ecc-privOnlyKey.pem \
 	     certs/ecc-privOnlyCert.pem \

+ 15 - 6
configure.ac

@@ -777,6 +777,7 @@ AC_ARG_ENABLE([mcast],
 # openssh (--enable-openssh) WOLFSSL_OPENSSH
 # openvpn (--enable-openvpn) WOLFSSL_OPENVPN
 # nginix (--enable-nginx) WOLFSSL_NGINX
+# ntp (--enable-ntp)
 # haproxy (--enable-haproxy) WOLFSSL_HAPROXY
 # wpa_supplicant (--enable-wpas) WOLFSSL_WPAS
 # ssl fortress (--enable-fortress) FORTRESS
@@ -852,6 +853,13 @@ AC_ARG_ENABLE([wpas-dpp],
     [ ENABLED_WPAS_DPP=no ]
     )
 
+# ntp support
+AC_ARG_ENABLE([ntp],
+    [AS_HELP_STRING([--enable-ntp],[Enable ntp support (default: disabled)])],
+    [ ENABLED_NTP=$enableval ],
+    [ ENABLED_NTP=no ]
+    )
+
 if test "$ENABLED_WPAS_DPP" = "yes"
 then
     ENABLED_WPAS="yes"
@@ -949,7 +957,7 @@ AC_ARG_ENABLE([opensslall],
 [ ENABLED_OPENSSLALL=$enableval ],
 [ ENABLED_OPENSSLALL=no ]
 )
-if test "$ENABLED_LIBWEBSOCKETS" = "yes" || test "$ENABLED_OPENVPN" = "yes" || test "$ENABLED_WPAS_DPP" = "yes" || test "$ENABLED_SMIME" = "yes" || test "$ENABLED_HAPROXY" = "yes" || test "$ENABLED_BIND" = "yes"
+if test "$ENABLED_LIBWEBSOCKETS" = "yes" || test "$ENABLED_OPENVPN" = "yes" || test "$ENABLED_WPAS_DPP" = "yes" || test "$ENABLED_SMIME" = "yes" || test "$ENABLED_HAPROXY" = "yes" || test "$ENABLED_BIND" = "yes" || test "$ENABLED_NTP" == "yes"
 then
     ENABLED_OPENSSLALL="yes"
 fi
@@ -965,7 +973,7 @@ AC_ARG_ENABLE([opensslextra],
     [ ENABLED_OPENSSLEXTRA=$enableval ],
     [ ENABLED_OPENSSLEXTRA=no ]
     )
-if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_NGINX" = "yes" || test "$ENABLED_SIGNAL" = "yes" || test "$ENABLED_WPAS" = "yes" || test "$ENABLED_FORTRESS" = "yes" || test "$ENABLED_BUMP" = "yes" || test "$ENABLED_SNIFFER" = "yes" || test "$ENABLED_OPENSSLALL" = "yes" || test "$ENABLED_LIBWEBSOCKETS" = "yes" || test "x$ENABLED_LIGHTY" = "xyes" || test "$ENABLED_LIBSSH2" = "yes"
+if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_NGINX" = "yes" || test "$ENABLED_SIGNAL" = "yes" || test "$ENABLED_WPAS" = "yes" || test "$ENABLED_FORTRESS" = "yes" || test "$ENABLED_BUMP" = "yes" || test "$ENABLED_SNIFFER" = "yes" || test "$ENABLED_OPENSSLALL" = "yes" || test "$ENABLED_LIBWEBSOCKETS" = "yes" || test "x$ENABLED_LIGHTY" = "xyes" || test "$ENABLED_LIBSSH2" = "yes" || test "x$ENABLED_NTP" = "xyes"
 then
     ENABLED_OPENSSLEXTRA="yes"
 fi
@@ -1894,7 +1902,7 @@ AC_ARG_ENABLE([keygen],
     [ ENABLED_KEYGEN=no ]
     )
 
-if test "$ENABLED_BIND" = "yes" || test "$ENABLED_LIBSSH2" = "yes"
+if test "$ENABLED_BIND" = "yes" || test "$ENABLED_NTP" = "yes" || test "$ENABLED_LIBSSH2" = "yes"
 then
     ENABLED_KEYGEN=yes
 fi 
@@ -1911,7 +1919,7 @@ AC_ARG_ENABLE([certgen],
     [ ENABLED_CERTGEN=$enableval ],
     [ ENABLED_CERTGEN=no ]
     )
-if test "$ENABLED_OPENVPN" = "yes" || test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_BIND" = "yes"
+if test "$ENABLED_OPENVPN" = "yes" || test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_BIND" = "yes" || test "$ENABLED_NTP" = "yes"
 then
     ENABLED_CERTGEN=yes
 fi
@@ -2014,7 +2022,7 @@ AC_ARG_ENABLE([dsa],
     [ ENABLED_DSA=no ]
     )
 
-if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_OPENVPN" = "yes" || test "$ENABLED_NGINX" = "yes" || test "$ENABLED_WPAS" = "yes" || test "$ENABLED_QT" = "yes" || test "$ENABLED_BIND" = "yes" || test "$ENABLED_LIBSSH2" = "yes"
+if test "$ENABLED_OPENSSH" = "yes" || test "$ENABLED_OPENVPN" = "yes" || test "$ENABLED_NGINX" = "yes" || test "$ENABLED_WPAS" = "yes" || test "$ENABLED_QT" = "yes" || test "$ENABLED_BIND" = "yes" || test "$ENABLED_LIBSSH2" = "yes" || test "$ENABLED_NTP" = "yes"
 then
     ENABLED_DSA="yes"
 fi
@@ -3095,7 +3103,7 @@ AC_ARG_ENABLE([cmac],
     [ ENABLED_CMAC=no ]
     )
 
-if test "$ENABLED_WPAS" != "no"
+if test "$ENABLED_WPAS" != "no" || test "$ENABLED_NTP" = "yes"
 then
     ENABLED_CMAC=yes
 fi
@@ -6936,6 +6944,7 @@ echo "   * HAPROXY:                    $ENABLED_HAPROXY"
 echo "   * STUNNEL:                    $ENABLED_STUNNEL"
 echo "   * tcpdump:                    $ENABLED_TCPDUMP"
 echo "   * libssh2:                    $ENABLED_LIBSSH2"
+echo "   * ntp:                        $ENABLED_NTP"
 echo "   * Apache httpd:               $ENABLED_APACHE_HTTPD"
 echo "   * NGINX:                      $ENABLED_NGINX"
 echo "   * ASIO:                       $ENABLED_ASIO"

File diff suppressed because it is too large
+ 709 - 89
src/ssl.c


+ 289 - 61
tests/api.c

@@ -298,6 +298,7 @@
     #endif
 #endif
 #ifdef OPENSSL_EXTRA
+    #include <wolfssl/openssl/cmac.h>
     #include <wolfssl/openssl/x509v3.h>
     #include <wolfssl/openssl/asn1.h>
     #include <wolfssl/openssl/crypto.h>
@@ -28259,6 +28260,47 @@ static void test_wolfSSL_private_keys(void)
     #endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */
 }
 
+static void test_wolfSSL_PEM_read_PrivateKey(void)
+{
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM)
+    XFILE file;
+    const char* fname = "./certs/server-key.pem";
+    EVP_PKEY* pkey;
+    RSA* rsa;
+    WOLFSSL_EVP_PKEY_CTX* ctx;
+    unsigned char* sig;
+    size_t sigLen;
+    const unsigned char tbs[] = {0, 1, 2, 3, 4, 5, 6, 7};
+    size_t tbsLen = sizeof(tbs);
+
+    printf(testingFmt, "test_wolfSSL_PEM_read_PrivateKey()");
+
+    /* Check error case. */
+    AssertNull(pkey = PEM_read_PrivateKey(NULL, NULL, NULL, NULL));
+
+    /* Read in an RSA key. */
+    file = XFOPEN(fname, "rb");
+    AssertTrue(file != XBADFILE);
+    AssertNotNull(pkey = PEM_read_PrivateKey(file, NULL, NULL, NULL));
+    XFCLOSE(file);
+
+    /* Make sure the key is usable by signing some data with it. */
+    AssertNotNull(rsa = EVP_PKEY_get0_RSA(pkey));
+    AssertIntGT((sigLen = RSA_size(rsa)), 0);
+    AssertNotNull(sig = (unsigned char*)XMALLOC(sigLen, HEAP_HINT,
+        DYNAMIC_TYPE_TMP_BUFFER));
+    AssertNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL));
+    AssertIntEQ(EVP_PKEY_sign_init(ctx), WOLFSSL_SUCCESS);
+    AssertIntEQ(EVP_PKEY_sign(ctx, sig, &sigLen, tbs, tbsLen),
+        WOLFSSL_SUCCESS);
+
+    XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    EVP_PKEY_CTX_free(ctx);
+    EVP_PKEY_free(pkey);
+
+    printf(resultFmt, passed);
+#endif
+}
 
 static void test_wolfSSL_PEM_PrivateKey(void)
 {
@@ -29237,6 +29279,40 @@ static void test_wolfSSL_EVP_MD_size(void)
 #endif /* OPENSSL_EXTRA */
 }
 
+static void test_wolfSSL_EVP_MD_pkey_type(void)
+{
+#ifdef OPENSSL_EXTRA
+    const WOLFSSL_EVP_MD* md;
+
+    printf(testingFmt, "test_wolfSSL_EVP_MD_pkey_type()");
+
+#ifndef NO_MD5
+    AssertNotNull(md = EVP_md5());
+    AssertIntEQ(EVP_MD_pkey_type(md), NID_md5WithRSAEncryption);
+#endif
+#ifndef NO_SHA
+    AssertNotNull(md = EVP_sha1());
+    AssertIntEQ(EVP_MD_pkey_type(md), NID_sha1WithRSAEncryption);
+#endif
+#ifdef WOLFSSL_SHA224
+    AssertNotNull(md = EVP_sha224());
+    AssertIntEQ(EVP_MD_pkey_type(md), NID_sha224WithRSAEncryption);
+#endif
+    AssertNotNull(md = EVP_sha256());
+    AssertIntEQ(EVP_MD_pkey_type(md), NID_sha256WithRSAEncryption);
+#ifdef WOLFSSL_SHA384
+    AssertNotNull(md = EVP_sha384());
+    AssertIntEQ(EVP_MD_pkey_type(md), NID_sha384WithRSAEncryption);
+#endif
+#ifdef WOLFSSL_SHA512
+    AssertNotNull(md = EVP_sha512());
+    AssertIntEQ(EVP_MD_pkey_type(md), NID_sha512WithRSAEncryption);
+#endif
+
+    printf(resultFmt, passed);
+#endif
+}
+
 #ifdef OPENSSL_EXTRA
 static void test_hmac_signing(const WOLFSSL_EVP_MD *type, const byte* testKey,
         size_t testKeySz, const char* testData, size_t testDataSz,
@@ -31318,13 +31394,12 @@ static void test_X509_STORE_get0_objects(void)
 
 static void test_wolfSSL_BN(void)
 {
-    #if defined(OPENSSL_EXTRA) && !defined(NO_ASN)
+#if defined(OPENSSL_EXTRA) && !defined(NO_ASN)
     BIGNUM* a;
     BIGNUM* b;
     BIGNUM* c;
     BIGNUM* d;
     ASN1_INTEGER* ai;
-    unsigned char value[1];
 
     printf(testingFmt, "wolfSSL_BN()");
 
@@ -31332,47 +31407,87 @@ static void test_wolfSSL_BN(void)
     AssertNotNull(c = BN_new());
     AssertNotNull(d = BN_new());
 
-    value[0] = 0x03;
     ai = ASN1_INTEGER_new();
     AssertNotNull(ai);
     /* at the moment hard setting since no set function */
     ai->data[0] = 0x02; /* tag for ASN_INTEGER */
     ai->data[1] = 0x01; /* length of integer */
-    ai->data[2] = value[0];
+    ai->data[2] = 0x03;
 
     AssertNotNull(a = ASN1_INTEGER_to_BN(ai, NULL));
     ASN1_INTEGER_free(ai);
 
-    value[0] = 0x02;
-    AssertNotNull(BN_bin2bn(value, sizeof(value), b));
+    AssertIntEQ(BN_set_word(b, 2), SSL_SUCCESS);
+    AssertIntEQ(BN_set_word(c, 5), SSL_SUCCESS);
+
+    /* a + 3 = */
+    AssertIntEQ(BN_add_word(NULL, 3), WOLFSSL_FAILURE);
+    AssertIntEQ(BN_add_word(a, 3), WOLFSSL_SUCCESS);
+
+    /* check result 3 + 3*/
+    AssertIntEQ(BN_get_word(a), 6);
+    /* set a back to 3 */
+    AssertIntEQ(BN_set_word(a, 3), SSL_SUCCESS);
 
-    value[0] = 0x05;
-    AssertNotNull(BN_bin2bn(value, sizeof(value), c));
+    /* a - 3 = */
+    AssertIntEQ(BN_sub_word(NULL, 3), WOLFSSL_FAILURE);
+    AssertIntEQ(BN_sub_word(a, 3), WOLFSSL_SUCCESS);
+
+    /* check result 3 - 3*/
+    AssertIntEQ(BN_get_word(a), 0);
+    /* set a back to 3 */
+    AssertIntEQ(BN_set_word(a, 3), SSL_SUCCESS);
 
     /* a^b mod c = */
     AssertIntEQ(BN_mod_exp(d, NULL, b, c, NULL), WOLFSSL_FAILURE);
     AssertIntEQ(BN_mod_exp(d, a, b, c, NULL), WOLFSSL_SUCCESS);
 
-    /* check result  3^2 mod 5 */
-    value[0] = 0;
-    AssertIntEQ(BN_bn2bin(d, value), sizeof(value));
-    AssertIntEQ((int)(value[0]), 4);
+    /* check result 3^2 mod 5 */
+    AssertIntEQ(BN_get_word(d), 4);
+
+    /* a*b = */
+    AssertIntEQ(BN_mul(d, NULL, b, NULL), WOLFSSL_FAILURE);
+    AssertIntEQ(BN_mul(d, a, b, NULL), WOLFSSL_SUCCESS);
+
+    /* check result 3*2 */
+    AssertIntEQ(BN_get_word(d), 6);
+
+    /* c/b = */
+    AssertIntEQ(BN_div(d, NULL, c, b, NULL), WOLFSSL_FAILURE);
+    AssertIntEQ(BN_div(d, a, c, b, NULL), WOLFSSL_SUCCESS);
+
+    /* check result 5/2 */
+    AssertIntEQ(BN_get_word(d), 2); /* check quotient */
+    AssertIntEQ(BN_get_word(a), 1); /* check remainder */
+    /* set a back to 3 */
+    AssertIntEQ(BN_set_word(a, 3), SSL_SUCCESS);
 
     /* a*b mod c = */
     AssertIntEQ(BN_mod_mul(d, NULL, b, c, NULL), SSL_FAILURE);
     AssertIntEQ(BN_mod_mul(d, a, b, c, NULL), SSL_SUCCESS);
 
-    /* check result  3*2 mod 5 */
-    value[0] = 0;
-    AssertIntEQ(BN_bn2bin(d, value), sizeof(value));
-    AssertIntEQ((int)(value[0]), 1);
+    /* check result 3*2 mod 5 */
+    AssertIntEQ(BN_get_word(d), 1);
+
+    AssertIntEQ(BN_set_word(a, 16), SSL_SUCCESS);
+    AssertIntEQ(BN_set_word(b, 24), SSL_SUCCESS);
+
+#ifdef WOLFSSL_KEY_GEN
+    /* gcd of a and b */
+    AssertIntEQ(BN_gcd(d, NULL, b, NULL), SSL_FAILURE);
+    AssertIntEQ(BN_gcd(d, a, b, NULL), SSL_SUCCESS);
+
+    /* check result gcd(16, 24) */
+    AssertIntEQ(BN_get_word(d), 8);
+#endif /* WOLFSSL_KEY_GEN */
+
+    /* set b back to 2 */
+    AssertIntEQ(BN_set_word(b, 2), SSL_SUCCESS);
 
     /* BN_mod_inverse test */
-    value[0] = 0;
     BIGNUM *r = BN_new();
     BIGNUM *val = BN_mod_inverse(r,b,c,NULL);
-    AssertIntEQ(BN_bn2bin(r, value), 1);
-    AssertIntEQ((int)(value[0] & 0x03), 3);
+    AssertIntEQ((int)(BN_get_word(r) & 0x03), 3);
     BN_free(val);
 
 #if !defined(WOLFSSL_SP_MATH) && (!defined(WOLFSSL_SP_MATH_ALL) || \
@@ -31407,12 +31522,10 @@ static void test_wolfSSL_BN(void)
     /* check that getting a string and a bin of the same number are equal,
      * and that the comparison works EQ, LT and GT */
     AssertIntGT(BN_hex2bn(&a, "03"), 0);
-    value[0] = 0x03;
     AssertNotNull(b = BN_new());
-    AssertNotNull(BN_bin2bn(value, sizeof(value), b));
-    value[0] = 0x04;
+    AssertIntEQ(BN_set_word(b, 3), SSL_SUCCESS);
     AssertNotNull(c = BN_new());
-    AssertNotNull(BN_bin2bn(value, sizeof(value), c));
+    AssertIntEQ(BN_set_word(c, 4), SSL_SUCCESS);
     AssertIntEQ(BN_cmp(a, b), 0);
     AssertIntLT(BN_cmp(a, c), 0);
     AssertIntGT(BN_cmp(c, b), 0);
@@ -31442,37 +31555,36 @@ static void test_wolfSSL_BN(void)
         BN_init(&cv);
         BN_init(&dv);
 
-        value[0] = 0x3;
-        AssertNotNull(BN_bin2bn(value, sizeof(value), ap));
-
-        value[0] = 0x02;
-        AssertNotNull(BN_bin2bn(value, sizeof(value), &bv));
-
-        value[0] = 0x05;
-        AssertNotNull(BN_bin2bn(value, sizeof(value), &cv));
+        AssertIntEQ(BN_set_word(ap, 3), SSL_SUCCESS);
+        AssertIntEQ(BN_set_word(&bv, 2), SSL_SUCCESS);
+        AssertIntEQ(BN_set_word(&cv, 5), SSL_SUCCESS);
 
         /* a^b mod c = */
         AssertIntEQ(BN_mod_exp(&dv, NULL, &bv, &cv, NULL), WOLFSSL_FAILURE);
         AssertIntEQ(BN_mod_exp(&dv, ap, &bv, &cv, NULL), WOLFSSL_SUCCESS);
 
         /* check result  3^2 mod 5 */
-        value[0] = 0;
-        AssertIntEQ(BN_bn2bin(&dv, value), sizeof(value));
-        AssertIntEQ((int)(value[0]), 4);
+        AssertIntEQ(BN_get_word(&dv), 4);
 
         /* a*b mod c = */
         AssertIntEQ(BN_mod_mul(&dv, NULL, &bv, &cv, NULL), SSL_FAILURE);
         AssertIntEQ(BN_mod_mul(&dv, ap, &bv, &cv, NULL), SSL_SUCCESS);
 
         /* check result  3*2 mod 5 */
-        value[0] = 0;
-        AssertIntEQ(BN_bn2bin(&dv, value), sizeof(value));
-        AssertIntEQ((int)(value[0]), 1);
+        AssertIntEQ(BN_get_word(&dv), 1);
 
         BN_free(ap);
     }
     #endif
 
+#ifdef WOLFSSL_KEY_GEN
+    AssertNotNull(a = BN_new());
+    AssertIntEQ(BN_generate_prime_ex(a, 512, 0, NULL, NULL, NULL),
+        SSL_SUCCESS);
+    AssertIntEQ(BN_is_prime_ex(a, 8, NULL, NULL), SSL_SUCCESS);
+    BN_free(a);
+#endif
+
     printf(resultFmt, passed);
     #endif /* defined(OPENSSL_EXTRA) && !defined(NO_ASN) */
 }
@@ -32589,6 +32701,8 @@ static void test_wolfSSL_X509_time_adj(void)
     not_after = XTIME(0) + (60 * 24 * 30); /* 30 days after */
     AssertNotNull(X509_time_adj(X509_get_notBefore(x509), not_before, &t));
     AssertNotNull(X509_time_adj(X509_get_notAfter(x509), not_after, &t));
+    /* Check X509_gmtime_adj, too. */
+    AssertNotNull(X509_gmtime_adj(X509_get_notAfter(x509), not_after));
 
     X509_free(x509);
 
@@ -34208,6 +34322,37 @@ static void test_wolfSSL_HMAC(void)
 #endif
 }
 
+static void test_wolfSSL_CMAC()
+{
+#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_CMAC)
+
+    int i = 0;
+    byte key[AES_128_KEY_SIZE];
+    CMAC_CTX* cmacCtx = NULL;
+    byte out[AES_BLOCK_SIZE];
+    size_t outLen = AES_BLOCK_SIZE;
+
+    printf(testingFmt, "test_wolfSSL_CMAC()");
+
+    for (; i < AES_128_KEY_SIZE; ++i) {
+        key[i] = i;
+    }
+    AssertNotNull(cmacCtx = CMAC_CTX_new());
+    /* Check CMAC_CTX_get0_cipher_ctx; return value not used. */
+    AssertNotNull(CMAC_CTX_get0_cipher_ctx(cmacCtx));
+    AssertIntEQ(CMAC_Init(cmacCtx, key, AES_128_KEY_SIZE, EVP_aes_128_cbc(),
+        NULL), SSL_SUCCESS);
+    /* re-using test key as data to hash */
+    AssertIntEQ(CMAC_Update(cmacCtx, key, AES_128_KEY_SIZE), SSL_SUCCESS);
+    AssertIntEQ(CMAC_Update(cmacCtx, NULL, 0), SSL_SUCCESS);
+    AssertIntEQ(CMAC_Final(cmacCtx, out, &outLen), SSL_SUCCESS);
+    AssertIntEQ(outLen, AES_BLOCK_SIZE);
+    CMAC_CTX_free(cmacCtx);
+
+    printf(resultFmt, passed);
+#endif /* OPENSSL_EXTRA && WOLFSSL_CMAC */
+}
+
 
 static void test_wolfSSL_OBJ(void)
 {
@@ -35767,6 +35912,13 @@ static void test_wolfSSL_RSA(void)
 
     AssertNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL));
     AssertIntEQ(RSA_size(rsa), 256);
+
+#if !defined(WOLFSSL_RSA_PUBLIC_ONLY) && !defined(HAVE_FAST_RSA) && \
+    (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
+    (HAVE_FIPS_VERSION >= 2))) && !defined(HAVE_SELFTEST) && \
+    !defined(HAVE_INTEL_QA) && !defined(WOLFSSL_NO_RSA_KEY_CHECK)
+    AssertIntEQ(RSA_check_key(rsa), WOLFSSL_SUCCESS);
+#endif
     
     /* sanity check */
     AssertIntEQ(RSA_bits(NULL), 0);
@@ -40504,6 +40656,72 @@ static void test_wolfSSL_PKEY_up_ref(void)
 #endif
 }
 
+static void test_wolfSSL_d2i_and_i2d_PublicKey(void)
+{
+#if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
+    EVP_PKEY* pkey;
+    const unsigned char* p;
+    unsigned char* der = NULL;
+    int derLen;
+
+    printf(testingFmt, "test_wolfSSL_d2i_and_i2d_PublicKey()");
+
+    p = client_keypub_der_2048;
+    /* Check that key can be successfully decoded. */
+    AssertNotNull(pkey = wolfSSL_d2i_PublicKey(EVP_PKEY_RSA, NULL, &p,
+        sizeof_client_keypub_der_2048));
+    /* Check that key can be successfully encoded. */
+    AssertIntGE((derLen = wolfSSL_i2d_PublicKey(pkey, &der)), 0);
+    /* Ensure that the encoded version matches the original. */
+    AssertIntEQ(derLen, sizeof_client_keypub_der_2048);
+    AssertIntEQ(XMEMCMP(der, client_keypub_der_2048, derLen), 0);
+
+    XFREE(der, HEAP_HINT, DYNAMIC_TYPE_OPENSSL);
+    EVP_PKEY_free(pkey);
+
+    printf(resultFmt, passed);
+#endif
+}
+
+static void test_wolfSSL_d2i_and_i2d_DSAparams(void)
+{
+#if defined(OPENSSL_EXTRA) && !defined(NO_DSA)
+    DSA* dsa;
+    char file[] = "./certs/dsaparams.der";
+    XFILE f;
+    int derInLen;
+    byte* derIn;
+    int derOutLen;
+    byte* derOut = NULL;
+
+    printf(testingFmt, "test_wolfSSL_d2i_and_i2d_DSAparams()");
+
+    f = XFOPEN(file, "rb");
+    AssertTrue(f != XBADFILE);
+    AssertTrue(XFSEEK(f, 0, XSEEK_END) == 0);
+    derInLen = (int)XFTELL(f);
+    XREWIND(f);
+    AssertNotNull(derIn = (byte*)XMALLOC(derInLen, HEAP_HINT,
+        DYNAMIC_TYPE_TMP_BUFFER));
+    AssertIntEQ(XFREAD(derIn, 1, derInLen, f), derInLen);
+    XFCLOSE(f);
+
+    /* Check that params can be successfully decoded. */
+    AssertNotNull(dsa = d2i_DSAparams(NULL, (const byte**)&derIn, derInLen));
+    /* Check that params can be successfully encoded. */
+    AssertIntGE((derOutLen = i2d_DSAparams(dsa, &derOut)), 0);
+    /* Ensure that the encoded version matches the original. */
+    AssertIntEQ(derInLen, derOutLen);
+    AssertIntEQ(XMEMCMP(derIn, derOut, derInLen), 0);
+
+    XFREE(derIn, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
+    XFREE(derOut, HEAP_HINT, DYNAMIC_TYPE_OPENSSL);
+    DSA_free(dsa);
+
+    printf(resultFmt, passed);
+#endif
+}
+
 static void test_wolfSSL_i2d_PrivateKey(void)
 {
 #if (!defined(NO_RSA) || defined(HAVE_ECC)) && defined(OPENSSL_EXTRA) && !defined(NO_ASN) && !defined(NO_PWDBASED)
@@ -44121,80 +44339,85 @@ static void test_wolfSSL_X509_NAME_ENTRY_get_object(void)
 #endif
 }
 
-static void test_wolfSSL_ASN1_INTEGER_set(void)
+static void test_wolfSSL_ASN1_INTEGER_get_set(void)
 {
 #if defined(OPENSSL_EXTRA) && !defined(NO_ASN)
     ASN1_INTEGER *a;
     long val;
     int ret;
 
-    printf(testingFmt, "wolfSSL_ASN1_INTEGER_set");
+    printf(testingFmt, "test_wolfSSL_ASN1_INTEGER_get_set");
 
-    a = wolfSSL_ASN1_INTEGER_new();
+    a = ASN1_INTEGER_new();
     val = 0;
     ret = ASN1_INTEGER_set(NULL, val);
     AssertIntEQ(ret, 0);
-    wolfSSL_ASN1_INTEGER_free(a);
+    ASN1_INTEGER_free(a);
 
     /* 0 */
-    a = wolfSSL_ASN1_INTEGER_new();
+    a = ASN1_INTEGER_new();
     val = 0;
     ret = ASN1_INTEGER_set(a, val);
     AssertIntEQ(ret, 1);
-    wolfSSL_ASN1_INTEGER_free(a);
+    AssertIntEQ(ASN1_INTEGER_get(a), val);
+    ASN1_INTEGER_free(a);
 
     /* 40 */
-    a = wolfSSL_ASN1_INTEGER_new();
+    a = ASN1_INTEGER_new();
     val = 40;
     ret = ASN1_INTEGER_set(a, val);
     AssertIntEQ(ret, 1);
-    wolfSSL_ASN1_INTEGER_free(a);
+    AssertIntEQ(ASN1_INTEGER_get(a), val);
+    ASN1_INTEGER_free(a);
 
     /* -40 */
-    a = wolfSSL_ASN1_INTEGER_new();
+    a = ASN1_INTEGER_new();
     val = -40;
     ret = ASN1_INTEGER_set(a, val);
     AssertIntEQ(ret, 1);
-    AssertIntEQ(a->negative, 1);
-    wolfSSL_ASN1_INTEGER_free(a);
+    AssertIntEQ(ASN1_INTEGER_get(a), val);
+    ASN1_INTEGER_free(a);
 
     /* 128 */
-    a = wolfSSL_ASN1_INTEGER_new();
+    a = ASN1_INTEGER_new();
     val = 128;
     ret = ASN1_INTEGER_set(a, val);
     AssertIntEQ(ret, 1);
-    wolfSSL_ASN1_INTEGER_free(a);
+    AssertIntEQ(ASN1_INTEGER_get(a), val);
+    ASN1_INTEGER_free(a);
 
     /* -128 */
-    a = wolfSSL_ASN1_INTEGER_new();
+    a = ASN1_INTEGER_new();
     val = -128;
     ret = ASN1_INTEGER_set(a, val);
     AssertIntEQ(ret, 1);
-    AssertIntEQ(a->negative, 1);
-    wolfSSL_ASN1_INTEGER_free(a);
+    AssertIntEQ(ASN1_INTEGER_get(a), val);
+    ASN1_INTEGER_free(a);
 
     /* 200 */
-    a = wolfSSL_ASN1_INTEGER_new();
+    a = ASN1_INTEGER_new();
     val = 200;
     ret = ASN1_INTEGER_set(a, val);
     AssertIntEQ(ret, 1);
-    wolfSSL_ASN1_INTEGER_free(a);
+    AssertIntEQ(ASN1_INTEGER_get(a), val);
+    ASN1_INTEGER_free(a);
 
 #ifndef TIME_T_NOT_64BIT
     /* int max (2147483647) */
-    a = wolfSSL_ASN1_INTEGER_new();
+    a = ASN1_INTEGER_new();
     val = 2147483647;
     ret = ASN1_INTEGER_set(a, val);
     AssertIntEQ(ret, 1);
-    wolfSSL_ASN1_INTEGER_free(a);
+    AssertIntEQ(ASN1_INTEGER_get(a), val);
+    ASN1_INTEGER_free(a);
 
     /* int min (-2147483648) */
-    a = wolfSSL_ASN1_INTEGER_new();
+    a = ASN1_INTEGER_new();
     val = -2147483647 - 1;
     ret = ASN1_INTEGER_set(a, val);
-    AssertIntEQ(a->negative, 1);
     AssertIntEQ(ret, 1);
-    wolfSSL_ASN1_INTEGER_free(a);
+    AssertIntEQ(ASN1_INTEGER_get(a), val);
+    ASN1_INTEGER_free(a);
 #endif
 
     printf(resultFmt, passed);
@@ -46490,6 +46713,7 @@ void ApiTest(void)
     test_wolfSSL_ASN1_UTCTIME_print();
     test_wolfSSL_ASN1_GENERALIZEDTIME_free();
     test_wolfSSL_private_keys();
+    test_wolfSSL_PEM_read_PrivateKey();
     test_wolfSSL_PEM_PrivateKey();
 #ifndef NO_BIO
     test_wolfSSL_PEM_bio_RSAKey();
@@ -46502,6 +46726,7 @@ void ApiTest(void)
     test_wolfSSL_tmp_dh();
     test_wolfSSL_ctrl();
     test_wolfSSL_EVP_MD_size();
+    test_wolfSSL_EVP_MD_pkey_type();
     test_wolfSSL_EVP_Digest();
     test_wolfSSL_EVP_Digest_all();
     test_wolfSSL_EVP_PKEY_new_mac_key();
@@ -46598,6 +46823,7 @@ void ApiTest(void)
     test_wolfSSL_ERR_print_errors();
 #endif
     test_wolfSSL_HMAC();
+    test_wolfSSL_CMAC();
     test_wolfSSL_OBJ();
     test_wolfSSL_i2a_ASN1_OBJECT();
     test_wolfSSL_OBJ_cmp();
@@ -46657,7 +46883,7 @@ void ApiTest(void)
     test_wolfSSL_OPENSSL_hexstr2buf();
     test_wolfSSL_ASN1_STRING_print_ex();
     test_wolfSSL_ASN1_TIME_to_generalizedtime();
-    test_wolfSSL_ASN1_INTEGER_set();
+    test_wolfSSL_ASN1_INTEGER_get_set();
     test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS();
     test_wolfSSL_i2c_ASN1_INTEGER();
     test_wolfSSL_X509_check_ca();
@@ -46669,6 +46895,8 @@ void ApiTest(void)
     test_wolfssl_EVP_aes_gcm();
     test_wolfSSL_PKEY_up_ref();
     test_wolfSSL_EVP_Cipher_extra(); 
+    test_wolfSSL_d2i_and_i2d_PublicKey();
+    test_wolfSSL_d2i_and_i2d_DSAparams();
     test_wolfSSL_i2d_PrivateKey();
     test_wolfSSL_OCSP_id_get0_info();
     test_wolfSSL_i2d_OCSP_CERTID();

+ 21 - 4
wolfcrypt/src/asn.c

@@ -5332,7 +5332,7 @@ int wc_DsaKeyToPublicDer(DsaKey* key, byte* output, word32 inLen)
 }
 #endif /* !HAVE_SELFTEST && (WOLFSSL_KEY_GEN || WOLFSSL_CERT_GEN) */
 
-static int DsaKeyIntsToDer(DsaKey* key, byte* output, word32 inLen,
+static int DsaKeyIntsToDer(DsaKey* key, byte* output, word32* inLen,
                            int ints, int includeVersion)
 {
     word32 seqSz = 0, verSz = 0, rawLen, intTotalLen = 0;
@@ -5343,7 +5343,7 @@ static int DsaKeyIntsToDer(DsaKey* key, byte* output, word32 inLen,
     byte  ver[MAX_VERSION_SZ];
     byte* tmps[DSA_INTS];
 
-    if (ints > DSA_INTS)
+    if (ints > DSA_INTS || inLen == NULL)
         return BAD_FUNC_ARG;
 
     XMEMSET(sizes, 0, sizeof(sizes));
@@ -5381,7 +5381,12 @@ static int DsaKeyIntsToDer(DsaKey* key, byte* output, word32 inLen,
     seqSz = SetSequence(verSz + intTotalLen, seq);
 
     outLen = seqSz + verSz + intTotalLen;
-    if (outLen > (int)inLen) {
+    *inLen = outLen;
+    if (output == NULL) {
+        FreeTmpDsas(tmps, key->heap, ints);
+        return LENGTH_ONLY_E;
+    }
+    if (outLen > (int)*inLen) {
         FreeTmpDsas(tmps, key->heap, ints);
         return BAD_FUNC_ARG;
     }
@@ -5413,7 +5418,7 @@ int wc_DsaKeyToDer(DsaKey* key, byte* output, word32 inLen)
     if (key->type != DSA_PRIVATE)
         return BAD_FUNC_ARG;
 
-    return DsaKeyIntsToDer(key, output, inLen, DSA_INTS, 1);
+    return DsaKeyIntsToDer(key, output, &inLen, DSA_INTS, 1);
 }
 
 /* Convert DsaKey parameters to DER format, write to output (inLen),
@@ -5424,6 +5429,17 @@ int wc_DsaKeyToParamsDer(DsaKey* key, byte* output, word32 inLen)
     if (!key || !output)
         return BAD_FUNC_ARG;
 
+    return DsaKeyIntsToDer(key, output, &inLen, DSA_PARAM_INTS, 0);
+}
+
+/* This version of the function allows output to be NULL. In that case, the
+   DsaKeyIntsToDer will return LENGTH_ONLY_E and the required output buffer
+   size will be pointed to by inLen. */
+int wc_DsaKeyToParamsDer_ex(DsaKey* key, byte* output, word32* inLen)
+{
+    if (!key || !inLen)
+        return BAD_FUNC_ARG;
+
     return DsaKeyIntsToDer(key, output, inLen, DSA_PARAM_INTS, 0);
 }
 
@@ -5954,6 +5970,7 @@ int wc_OBJ_sn2nid(const char *sn)
         {WOLFSSL_ORG_NAME, NID_organizationName},
         {WOLFSSL_ORGUNIT_NAME, NID_organizationalUnitName},
         {WOLFSSL_EMAIL_ADDR, NID_emailAddress},
+        {"SHA1", NID_sha1},
         {NULL, -1}};
     int i;
     #ifdef HAVE_ECC

+ 47 - 2
wolfcrypt/src/evp.c

@@ -3587,12 +3587,12 @@ const WOLFSSL_EVP_MD *wolfSSL_EVP_get_digestbyname(const char *name)
     return NULL;
 }
 
-int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
+int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
 {
     const struct s_ent *ent ;
     WOLFSSL_ENTER("EVP_MD_type");
     for( ent = md_tbl; ent->name != NULL; ent++){
-        if(XSTRNCMP((const char *)md, ent->name, XSTRLEN(ent->name)+1) == 0) {
+        if(XSTRNCMP((const char *)type, ent->name, XSTRLEN(ent->name)+1) == 0) {
             return ent->nid;
         }
     }
@@ -6143,9 +6143,21 @@ const WOLFSSL_EVP_MD* wolfSSL_EVP_get_digestbynid(int id)
         case NID_sha1:
             return wolfSSL_EVP_sha1();
 #endif
+#ifdef WOLFSSL_SHA224
+        case NID_sha224:
+            return wolfSSL_EVP_sha224();
+#endif
 #ifndef NO_SHA256
         case NID_sha256:
             return wolfSSL_EVP_sha256();
+#endif
+#ifdef WOLFSSL_SHA384
+        case NID_sha384:
+            return wolfSSL_EVP_sha384();
+#endif
+#ifdef WOLFSSL_SHA512
+        case NID_sha512:
+            return wolfSSL_EVP_sha512();
 #endif
         default:
             WOLFSSL_MSG("Bad digest id value");
@@ -6941,6 +6953,39 @@ int wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* type)
     return BAD_FUNC_ARG;
 }
 
+int wolfSSL_EVP_MD_pkey_type(const WOLFSSL_EVP_MD* type)
+{
+    int ret = BAD_FUNC_ARG;
+
+    WOLFSSL_ENTER("wolfSSL_EVP_MD_pkey_type");
+
+    if (type != NULL) {
+        if (XSTRNCMP(type, "MD5", 3) == 0) {
+            ret = NID_md5WithRSAEncryption;
+        }
+        else if (XSTRNCMP(type, "SHA1", 4) == 0) {
+            ret = NID_sha1WithRSAEncryption;
+        }
+        else if (XSTRNCMP(type, "SHA224", 6) == 0) {
+            ret = NID_sha224WithRSAEncryption;
+        }
+        else if (XSTRNCMP(type, "SHA256", 6) == 0) {
+            ret = NID_sha256WithRSAEncryption;
+        }
+        else if (XSTRNCMP(type, "SHA384", 6) == 0) {
+            ret = NID_sha384WithRSAEncryption;
+        }
+        else if (XSTRNCMP(type, "SHA512", 6) == 0) {
+            ret = NID_sha512WithRSAEncryption;
+        }
+    }
+
+    WOLFSSL_LEAVE("wolfSSL_EVP_MD_pkey_type", ret);
+
+    return ret;
+}
+
+
 
 int wolfSSL_EVP_CIPHER_CTX_iv_length(const WOLFSSL_EVP_CIPHER_CTX* ctx)
 {

+ 23 - 6
wolfssl/openssl/bn.h

@@ -47,7 +47,6 @@ typedef struct WOLFSSL_BIGNUM {
 #endif
 } WOLFSSL_BIGNUM;
 
-
 #define BN_ULONG WOLFSSL_BN_ULONG
 #define WOLFSSL_BN_ULONG unsigned long
 
@@ -69,6 +68,12 @@ WOLFSSL_API void           wolfSSL_BN_clear(WOLFSSL_BIGNUM*);
 
 WOLFSSL_API int wolfSSL_BN_sub(WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*,
                              const WOLFSSL_BIGNUM*);
+WOLFSSL_API int wolfSSL_BN_mul(WOLFSSL_BIGNUM*, WOLFSSL_BIGNUM*,
+        WOLFSSL_BIGNUM*, WOLFSSL_BN_CTX*);
+WOLFSSL_API int wolfSSL_BN_div(WOLFSSL_BIGNUM*, WOLFSSL_BIGNUM*,
+        const WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*, WOLFSSL_BN_CTX*);
+WOLFSSL_API int wolfSSL_BN_gcd(WOLFSSL_BIGNUM*, WOLFSSL_BIGNUM*,
+                               WOLFSSL_BIGNUM*, WOLFSSL_BN_CTX*);
 WOLFSSL_API int wolfSSL_BN_mod(WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*,
                              const WOLFSSL_BIGNUM*, const WOLFSSL_BN_CTX*);
 WOLFSSL_API int wolfSSL_BN_mod_exp(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *a,
@@ -81,6 +86,8 @@ WOLFSSL_API const WOLFSSL_BIGNUM* wolfSSL_BN_value_one(void);
 WOLFSSL_API int wolfSSL_BN_num_bytes(const WOLFSSL_BIGNUM*);
 WOLFSSL_API int wolfSSL_BN_num_bits(const WOLFSSL_BIGNUM*);
 
+WOLFSSL_API void wolfSSL_BN_zero(WOLFSSL_BIGNUM*);
+WOLFSSL_API int wolfSSL_BN_one(WOLFSSL_BIGNUM*);
 WOLFSSL_API int wolfSSL_BN_is_zero(const WOLFSSL_BIGNUM*);
 WOLFSSL_API int wolfSSL_BN_is_one(const WOLFSSL_BIGNUM*);
 WOLFSSL_API int wolfSSL_BN_is_odd(const WOLFSSL_BIGNUM*);
@@ -110,6 +117,7 @@ WOLFSSL_API char* wolfSSL_BN_bn2dec(const WOLFSSL_BIGNUM*);
 
 WOLFSSL_API int wolfSSL_BN_lshift(WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*, int);
 WOLFSSL_API int wolfSSL_BN_add_word(WOLFSSL_BIGNUM*, WOLFSSL_BN_ULONG);
+WOLFSSL_API int wolfSSL_BN_sub_word(WOLFSSL_BIGNUM*, WOLFSSL_BN_ULONG);
 WOLFSSL_API int wolfSSL_BN_set_bit(WOLFSSL_BIGNUM*, int);
 WOLFSSL_API int wolfSSL_BN_clear_bit(WOLFSSL_BIGNUM*, int);
 WOLFSSL_API int wolfSSL_BN_set_word(WOLFSSL_BIGNUM*, WOLFSSL_BN_ULONG);
@@ -121,6 +129,8 @@ WOLFSSL_API int wolfSSL_BN_mod_add(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *a,
                                    const WOLFSSL_BIGNUM *b, const WOLFSSL_BIGNUM *m,
                                    WOLFSSL_BN_CTX *ctx);
 WOLFSSL_API char *wolfSSL_BN_bn2hex(const WOLFSSL_BIGNUM*);
+WOLFSSL_API int wolfSSL_BN_generate_prime_ex(WOLFSSL_BIGNUM*, int, int,
+    const WOLFSSL_BIGNUM*, const WOLFSSL_BIGNUM*, WOLFSSL_BN_GENCB*);
 WOLFSSL_API int wolfSSL_BN_is_prime_ex(const WOLFSSL_BIGNUM*, int,
                                        WOLFSSL_BN_CTX*, WOLFSSL_BN_GENCB*);
 WOLFSSL_API WOLFSSL_BN_ULONG wolfSSL_BN_mod_word(const WOLFSSL_BIGNUM*,
@@ -151,11 +161,13 @@ typedef WOLFSSL_BN_GENCB BN_GENCB;
 #define BN_num_bytes wolfSSL_BN_num_bytes
 #define BN_num_bits  wolfSSL_BN_num_bits
 
-#define BN_is_zero  wolfSSL_BN_is_zero
-#define BN_is_one   wolfSSL_BN_is_one
-#define BN_is_odd   wolfSSL_BN_is_odd
+#define BN_zero        wolfSSL_BN_zero
+#define BN_one         wolfSSL_BN_one
+#define BN_is_zero     wolfSSL_BN_is_zero
+#define BN_is_one      wolfSSL_BN_is_one
+#define BN_is_odd      wolfSSL_BN_is_odd
 #define BN_is_negative wolfSSL_BN_is_negative
-#define BN_is_word  wolfSSL_BN_is_word
+#define BN_is_word     wolfSSL_BN_is_word
 
 #define BN_cmp    wolfSSL_BN_cmp
 
@@ -166,6 +178,9 @@ typedef WOLFSSL_BN_GENCB BN_GENCB;
 #define BN_mod_exp   wolfSSL_BN_mod_exp
 #define BN_mod_mul   wolfSSL_BN_mod_mul
 #define BN_sub       wolfSSL_BN_sub
+#define BN_mul       wolfSSL_BN_mul
+#define BN_div       wolfSSL_BN_div
+#define BN_gcd       wolfSSL_BN_gcd
 #define BN_value_one wolfSSL_BN_value_one
 
 #define BN_mask_bits wolfSSL_mask_bits
@@ -187,13 +202,14 @@ typedef WOLFSSL_BN_GENCB BN_GENCB;
 
 #define BN_lshift wolfSSL_BN_lshift
 #define BN_add_word wolfSSL_BN_add_word
+#define BN_sub_word wolfSSL_BN_sub_word
 #define BN_add wolfSSL_BN_add
 #define BN_mod_add wolfSSL_BN_mod_add
 #define BN_set_word wolfSSL_BN_set_word
 #define BN_set_bit wolfSSL_BN_set_bit
 #define BN_clear_bit wolfSSL_BN_clear_bit
 
-
+#define BN_generate_prime_ex wolfSSL_BN_generate_prime_ex
 #define BN_is_prime_ex wolfSSL_BN_is_prime_ex
 #define BN_print_fp wolfSSL_BN_print_fp
 #define BN_rshift wolfSSL_BN_rshift
@@ -217,6 +233,7 @@ typedef WOLFSSL_BN_GENCB BN_GENCB;
 #define BN_get_rfc3526_prime_8192  wolfSSL_DH_8192_prime
 #endif
 
+#define BN_prime_checks 0
 
 #ifdef __cplusplus
     }  /* extern "C" */

+ 58 - 0
wolfssl/openssl/cmac.h

@@ -0,0 +1,58 @@
+/* cmac.h
+ *
+ * Copyright (C) 2006-2021 wolfSSL Inc.
+ *
+ * This file is part of wolfSSL.
+ *
+ * wolfSSL is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfSSL is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
+ */
+
+#ifndef WOLFSSL_CMAC_H_
+#define WOLFSSL_CMAC_H_
+
+#include <wolfssl/wolfcrypt/cmac.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef struct WOLFSSL_CMAC_CTX {
+    void* internal; /* internal Cmac object */
+    WOLFSSL_EVP_CIPHER_CTX* cctx;
+} WOLFSSL_CMAC_CTX;
+
+typedef WOLFSSL_CMAC_CTX CMAC_CTX;
+
+WOLFSSL_API WOLFSSL_CMAC_CTX* wolfSSL_CMAC_CTX_new(void);
+WOLFSSL_API void wolfSSL_CMAC_CTX_free(WOLFSSL_CMAC_CTX *ctx);
+WOLFSSL_API WOLFSSL_EVP_CIPHER_CTX* wolfSSL_CMAC_CTX_get0_cipher_ctx(
+    WOLFSSL_CMAC_CTX*);
+WOLFSSL_API int wolfSSL_CMAC_Init(WOLFSSL_CMAC_CTX*, const void*, size_t ,
+    const WOLFSSL_EVP_CIPHER*, WOLFSSL_ENGINE*);
+WOLFSSL_API int wolfSSL_CMAC_Update(WOLFSSL_CMAC_CTX*, const void*, size_t);
+WOLFSSL_API int wolfSSL_CMAC_Final(WOLFSSL_CMAC_CTX*, unsigned char*, size_t*);
+
+#define CMAC_CTX_new              wolfSSL_CMAC_CTX_new
+#define CMAC_CTX_free             wolfSSL_CMAC_CTX_free
+#define CMAC_CTX_get0_cipher_ctx  wolfSSL_CMAC_CTX_get0_cipher_ctx
+#define CMAC_Init                 wolfSSL_CMAC_Init
+#define CMAC_Update               wolfSSL_CMAC_Update
+#define CMAC_Final                wolfSSL_CMAC_Final
+
+#ifdef __cplusplus
+}  /* extern "C" */
+#endif
+
+#endif /* WOLFSSL_CMAC_H_ */

+ 10 - 1
wolfssl/openssl/dsa.h

@@ -57,6 +57,9 @@ struct WOLFSSL_DSA {
 
 WOLFSSL_API WOLFSSL_DSA* wolfSSL_DSA_new(void);
 WOLFSSL_API void wolfSSL_DSA_free(WOLFSSL_DSA*);
+#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
+WOLFSSL_API int wolfSSL_DSA_print_fp(XFILE, WOLFSSL_DSA*, int);
+#endif /* !NO_FILESYSTEM && NO_STDIO_FILESYSTEM */
 
 WOLFSSL_API int wolfSSL_DSA_generate_key(WOLFSSL_DSA*);
 
@@ -109,11 +112,16 @@ WOLFSSL_API WOLFSSL_DSA_SIG* wolfSSL_DSA_do_sign_ex(const unsigned char* digest,
 WOLFSSL_API int wolfSSL_DSA_do_verify_ex(const unsigned char* digest, int digest_len,
                                          WOLFSSL_DSA_SIG* sig, WOLFSSL_DSA* dsa);
 
+WOLFSSL_API int wolfSSL_i2d_DSAparams(const WOLFSSL_DSA*, unsigned char**);
+WOLFSSL_API WOLFSSL_DSA* wolfSSL_d2i_DSAparams(WOLFSSL_DSA**,
+                                               const unsigned char **, long);
+
 #define WOLFSSL_DSA_LOAD_PRIVATE 1
 #define WOLFSSL_DSA_LOAD_PUBLIC  2
 
 #define DSA_new wolfSSL_DSA_new
 #define DSA_free wolfSSL_DSA_free
+#define DSA_print_fp wolfSSL_DSA_print_fp
 
 #define DSA_LoadDer                wolfSSL_DSA_LoadDer
 #define DSA_generate_key           wolfSSL_DSA_generate_key
@@ -132,7 +140,8 @@ WOLFSSL_API int wolfSSL_DSA_do_verify_ex(const unsigned char* digest, int digest
 #define d2i_DSA_SIG                wolfSSL_d2i_DSA_SIG
 #define DSA_do_sign                wolfSSL_DSA_do_sign_ex
 #define DSA_do_verify              wolfSSL_DSA_do_verify_ex
-
+#define i2d_DSAparams              wolfSSL_i2d_DSAparams
+#define d2i_DSAparams              wolfSSL_d2i_DSAparams
 
 #define DSA_SIG                    WOLFSSL_DSA_SIG
 

+ 6 - 3
wolfssl/openssl/evp.h

@@ -252,6 +252,7 @@ enum {
     NID_md4           = 257,
     NID_md5           =  4,
     NID_hmac          = 855,
+    NID_cmac          = 894,
     NID_dhKeyAgreement= 28,
     EVP_PKEY_DH       = NID_dhKeyAgreement,
     EVP_PKEY_HMAC     = NID_hmac,
@@ -435,9 +436,10 @@ typedef WOLFSSL_EVP_PKEY_CTX EVP_PKEY_CTX;
 #define EVP_PKEY_PRINT_INDENT_MAX    128
 
 WOLFSSL_API void wolfSSL_EVP_init(void);
-WOLFSSL_API int  wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* md);
-WOLFSSL_API int  wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md);
-WOLFSSL_API int  wolfSSL_EVP_MD_block_size(const WOLFSSL_EVP_MD *md);
+WOLFSSL_API int  wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* );
+WOLFSSL_API int  wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD*);
+WOLFSSL_API int  wolfSSL_EVP_MD_block_size(const WOLFSSL_EVP_MD*);
+WOLFSSL_API int  wolfSSL_EVP_MD_pkey_type(const WOLFSSL_EVP_MD*);
 
 WOLFSSL_API WOLFSSL_EVP_MD_CTX *wolfSSL_EVP_MD_CTX_new (void);
 WOLFSSL_API void                wolfSSL_EVP_MD_CTX_free(WOLFSSL_EVP_MD_CTX* ctx);
@@ -785,6 +787,7 @@ typedef WOLFSSL_ASN1_PCTX      ASN1_PCTX;
 #define EVP_enc_null       wolfSSL_EVP_enc_null
 
 #define EVP_MD_size             wolfSSL_EVP_MD_size
+#define EVP_MD_pkey_type        wolfSSL_EVP_MD_pkey_type
 #define EVP_MD_CTX_new          wolfSSL_EVP_MD_CTX_new
 #define EVP_MD_CTX_create       wolfSSL_EVP_MD_CTX_new
 #define EVP_MD_CTX_free         wolfSSL_EVP_MD_CTX_free

+ 1 - 0
wolfssl/openssl/include.am

@@ -8,6 +8,7 @@ nobase_include_HEADERS+= \
                          wolfssl/openssl/bio.h \
                          wolfssl/openssl/bn.h \
                          wolfssl/openssl/buffer.h \
+                         wolfssl/openssl/cmac.h \
                          wolfssl/openssl/cms.h \
                          wolfssl/openssl/conf.h \
                          wolfssl/openssl/crypto.h \

+ 1 - 0
wolfssl/openssl/pem.h

@@ -215,6 +215,7 @@ int wolfSSL_PEM_write_DHparams(XFILE fp, WOLFSSL_DH* dh);
 #define PEM_write_X509                  wolfSSL_PEM_write_X509
 #define PEM_write_bio_PrivateKey        wolfSSL_PEM_write_bio_PrivateKey
 #define PEM_write_bio_PKCS8PrivateKey   wolfSSL_PEM_write_bio_PKCS8PrivateKey
+#define PEM_write_PKCS8PrivateKey       wolfSSL_PEM_write_PKCS8PrivateKey
 
 /* DH */
 #define PEM_write_DHparams              wolfSSL_PEM_write_DHparams

+ 2 - 0
wolfssl/openssl/rsa.h

@@ -106,6 +106,7 @@ WOLFSSL_API int wolfSSL_RSA_generate_key_ex(WOLFSSL_RSA*, int bits, WOLFSSL_BIGN
                                           void* cb);
 
 WOLFSSL_API int wolfSSL_RSA_blinding_on(WOLFSSL_RSA*, WOLFSSL_BN_CTX*);
+WOLFSSL_API int wolfSSL_RSA_check_key(const WOLFSSL_RSA*);
 WOLFSSL_API int wolfSSL_RSA_public_encrypt(int len, const unsigned char* fr,
 	                               unsigned char* to, WOLFSSL_RSA*, int padding);
 WOLFSSL_API int wolfSSL_RSA_private_decrypt(int len, const unsigned char* fr,
@@ -184,6 +185,7 @@ WOLFSSL_API int wolfSSL_RSA_set_ex_data_with_cleanup(
 #define RSA_generate_key_ex wolfSSL_RSA_generate_key_ex
 
 #define RSA_blinding_on     wolfSSL_RSA_blinding_on
+#define RSA_check_key       wolfSSL_RSA_check_key
 #define RSA_public_encrypt  wolfSSL_RSA_public_encrypt
 #define RSA_private_decrypt wolfSSL_RSA_private_decrypt
 #define RSA_private_encrypt wolfSSL_RSA_private_encrypt

+ 9 - 1
wolfssl/openssl/ssl.h

@@ -205,6 +205,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define i2d_PUBKEY                      wolfSSL_i2d_PUBKEY
 #define d2i_PUBKEY                      wolfSSL_d2i_PUBKEY
 #define d2i_PUBKEY_bio                  wolfSSL_d2i_PUBKEY_bio
+#define d2i_PublicKey                   wolfSSL_d2i_PublicKey
 #define d2i_PrivateKey                  wolfSSL_d2i_PrivateKey
 #define d2i_AutoPrivateKey              wolfSSL_d2i_AutoPrivateKey
 #define SSL_use_PrivateKey              wolfSSL_use_PrivateKey
@@ -378,7 +379,6 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
     #define X509_EXTENSION_get_data     wolfSSL_X509_EXTENSION_get_data
     #define X509_EXTENSION_new          wolfSSL_X509_EXTENSION_new
     #define X509_EXTENSION_free         wolfSSL_X509_EXTENSION_free
-    #define X509_gmtime_adj             wolfSSL_X509_gmtime_adj
 #endif
 
 #define DSA_dup_DH                      wolfSSL_DSA_dup_DH
@@ -405,6 +405,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define PEM_write_bio_X509_AUX          wolfSSL_PEM_write_bio_X509_AUX
 #define PEM_X509_INFO_read_bio          wolfSSL_PEM_X509_INFO_read_bio
 #define i2d_PrivateKey                  wolfSSL_i2d_PrivateKey
+#define i2d_PublicKey                   wolfSSL_i2d_PublicKey
 
 #define i2d_X509_REQ                    wolfSSL_i2d_X509_REQ
 #define d2i_X509_REQ                    wolfSSL_d2i_X509_REQ
@@ -554,6 +555,7 @@ typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS;
 #define X509_cmp_time                   wolfSSL_X509_cmp_time
 #define X509_time_adj                   wolfSSL_X509_time_adj
 #define X509_time_adj_ex                wolfSSL_X509_time_adj_ex
+#define X509_gmtime_adj                 wolfSSL_X509_gmtime_adj
 
 #define sk_ACCESS_DESCRIPTION_num       wolfSSL_sk_ACCESS_DESCRIPTION_num
 #define sk_ACCESS_DESCRIPTION_value     wolfSSL_sk_ACCESS_DESCRIPTION_value
@@ -843,6 +845,7 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define RSA_generate_key                wolfSSL_RSA_generate_key
 #define SSL_CTX_set_tmp_rsa_callback    wolfSSL_CTX_set_tmp_rsa_callback
 #define RSA_print                       wolfSSL_RSA_print
+#define RSA_print_fp                    wolfSSL_RSA_print_fp
 #define RSA_bits                        wolfSSL_RSA_bits
 #define RSA_up_ref                      wolfSSL_RSA_up_ref
 #define RSA_padding_add_PKCS1_PSS       wolfSSL_RSA_padding_add_PKCS1_PSS
@@ -1400,6 +1403,11 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
 #define NID_pkcs9_emailAddress          48
 #define OBJ_pkcs9_emailAddress          1L,2L,840L,113539L,1L,9L,1L
 
+#define LN_basic_constraints            "X509v3 Basic Constraints"
+#define LN_key_usage                    "X509v3 Key Usage"
+#define LN_subject_key_identifier       "X509v3 Subject Key Identifier"
+#define LN_ext_key_usage                "X509v3 Extended Key Usage"
+
 #define SSL_get_rbio                    wolfSSL_SSL_get_rbio
 #define SSL_get_wbio                    wolfSSL_SSL_get_wbio
 #define SSL_do_handshake                wolfSSL_SSL_do_handshake

+ 17 - 2
wolfssl/ssl.h

@@ -1556,8 +1556,14 @@ WOLFSSL_API int wolfSSL_i2d_X509_NAME_canon(WOLFSSL_X509_NAME* name,
 WOLFSSL_API WOLFSSL_X509_NAME *wolfSSL_d2i_X509_NAME(WOLFSSL_X509_NAME **name,
                                               unsigned char **in, long length);
 #ifndef NO_RSA
+#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
+WOLFSSL_API int wolfSSL_RSA_print_fp(XFILE, WOLFSSL_RSA*, int);
+#endif /* !NO_FILESYSTEM && !NO_STDIO_FILESYSTEM */
+#ifndef NO_BIO
 WOLFSSL_API int wolfSSL_RSA_print(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa, int offset);
-#endif
+#endif /* !NO_BIO */
+#endif /* !NO_RSA */
+
 WOLFSSL_API int wolfSSL_X509_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509* x509,
     unsigned long nmflags, unsigned long cflag);
 #ifndef NO_FILESYSTEM
@@ -1679,7 +1685,6 @@ WOLFSSL_API void wolfSSL_X509_STORE_CTX_trusted_stack(WOLFSSL_X509_STORE_CTX *ct
 
 WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_lastUpdate(WOLFSSL_X509_CRL*);
 WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_nextUpdate(WOLFSSL_X509_CRL*);
-WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_gmtime_adj(WOLFSSL_ASN1_TIME *s, long adj);
 
 WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509*);
 WOLFSSL_API int       wolfSSL_X509_CRL_verify(WOLFSSL_X509_CRL*, WOLFSSL_EVP_PKEY*);
@@ -1691,12 +1696,16 @@ WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY_bio(WOLFSSL_BIO* bio,
 WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** key,
         const unsigned char** in, long inSz);
 WOLFSSL_API int wolfSSL_i2d_PUBKEY(const WOLFSSL_EVP_PKEY *key, unsigned char **der);
+WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PublicKey(int, WOLFSSL_EVP_PKEY**,
+        const unsigned char **, long);
 WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey(int type,
         WOLFSSL_EVP_PKEY** out, const unsigned char **in, long inSz);
 WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_EVP(WOLFSSL_EVP_PKEY** key,
         unsigned char** in, long inSz);
 WOLFSSL_API int wolfSSL_i2d_PrivateKey(const WOLFSSL_EVP_PKEY* key,
         unsigned char** der);
+WOLFSSL_API int wolfSSL_i2d_PublicKey(const WOLFSSL_EVP_PKEY* key,
+        unsigned char** der);
 #if defined(OPENSSL_EXTRA)
 WOLFSSL_API int wolfSSL_EVP_PKEY_print_public(WOLFSSL_BIO* out,
                                     const WOLFSSL_EVP_PKEY* pkey,
@@ -1710,6 +1719,8 @@ WOLFSSL_API WOLFSSL_ASN1_TIME *wolfSSL_X509_time_adj_ex(WOLFSSL_ASN1_TIME *asnTi
     int offset_day, long offset_sec, time_t *in_tm);
 WOLFSSL_API WOLFSSL_ASN1_TIME *wolfSSL_X509_time_adj(WOLFSSL_ASN1_TIME *asnTime,
     long offset_sec, time_t *in_tm);
+WOLFSSL_API WOLFSSL_ASN1_TIME* wolfSSL_X509_gmtime_adj(WOLFSSL_ASN1_TIME*,
+    long);
 WOLFSSL_API int       wolfSSL_sk_X509_REVOKED_num(WOLFSSL_X509_REVOKED*);
 WOLFSSL_API void      wolfSSL_X509_STORE_CTX_set_time(WOLFSSL_X509_STORE_CTX*,
                                                       unsigned long flags,
@@ -4467,6 +4478,10 @@ WOLFSSL_API int wolfSSL_X509_get_signature_nid(const WOLFSSL_X509* x);
 WOLFSSL_API int wolfSSL_PEM_write_bio_PKCS8PrivateKey(WOLFSSL_BIO* bio,
     WOLFSSL_EVP_PKEY* pkey, const WOLFSSL_EVP_CIPHER* enc, char* passwd,
     int passwdSz, pem_password_cb* cb, void* ctx);
+#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
+WOLFSSL_API int wolfSSL_PEM_write_PKCS8PrivateKey(XFILE, WOLFSSL_EVP_PKEY*,
+    const WOLFSSL_EVP_CIPHER*, char*, int, pem_password_cb*, void*);
+#endif /* !NO_FILESYSTEM && !NO_STDIO_FILESYSTEM */
 WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_PKCS8PrivateKey_bio(WOLFSSL_BIO* bio,
     WOLFSSL_EVP_PKEY** pkey, pem_password_cb* cb, void* u);
 WOLFSSL_API WOLFSSL_EVP_PKEY* wolfSSL_d2i_AutoPrivateKey(

+ 4 - 0
wolfssl/wolfcrypt/asn.h

@@ -1275,6 +1275,10 @@ WOLFSSL_LOCAL int FlattenAltNames( byte*, word32, const DNS_entry*);
     WOLFSSL_LOCAL int DecodeECC_DSA_Sig(const byte* sig, word32 sigLen,
                                        mp_int* r, mp_int* s);
 #endif
+#ifndef NO_DSA
+WOLFSSL_LOCAL int StoreDSAParams(byte*, word32*, const mp_int*, const mp_int*,
+    const mp_int*);
+#endif
 #if defined HAVE_ECC && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
 WOLFSSL_API int EccEnumToNID(int n);
 #endif

+ 4 - 1
wolfssl/wolfcrypt/asn_public.h

@@ -529,7 +529,10 @@ WOLFSSL_API void wc_FreeDer(DerBuffer** pDer);
     /* DSA parameter DER helper functions */
     WOLFSSL_API int wc_DsaParamsDecode(const byte* input, word32* inOutIdx,
                                        DsaKey*, word32);
-    WOLFSSL_API int wc_DsaKeyToParamsDer(DsaKey* key, byte* output, word32 inLen);
+    WOLFSSL_API int wc_DsaKeyToParamsDer(DsaKey* key, byte* output,
+        word32 inLen);
+    WOLFSSL_API int wc_DsaKeyToParamsDer_ex(DsaKey* key, byte* output,
+        word32* inLen);
 #endif
 
 #if !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA)

Some files were not shown because too many files changed in this diff