diff --git a/scripts/test-wp-cs.sh b/scripts/test-wp-cs.sh index a792a667..890fbdd8 100755 --- a/scripts/test-wp-cs.sh +++ b/scripts/test-wp-cs.sh @@ -22,6 +22,7 @@ SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )" NUMCPU=${NUMCPU:-8} WOLFPROV_DEBUG=${WOLFPROV_DEBUG:-0} source ${SCRIPT_DIR}/utils-wolfprovider.sh +source ${SCRIPT_DIR}/utils-openssl.sh CERT_DIR=$SCRIPT_DIR/../certs LOG_FILE=$SCRIPT_DIR/test-wp-cs.log @@ -225,6 +226,20 @@ CURVES=prime256v1 OPENSSL_ALL_CIPHERS="-cipher ALL -ciphersuites $TLS13_ALL_CIPHERS" OPENSSL_PORT=$(generate_port) +# ensure we are doing a clean build +printf "Cleaning up previous builds" +rm -rf ${SCRIPT_DIR}/../*-install +if [ -d ${OPENSSL_SOURCE_DIR} ]; then + pushd ${OPENSSL_SOURCE_DIR} > /dev/null + git clean -xdf > /dev/null 2>&1 + popd > /dev/null +fi +if [ -d ${WOLFSSL_SOURCE_DIR} ]; then + pushd ${WOLFSSL_SOURCE_DIR} > /dev/null + git clean -xdf > /dev/null 2>&1 + popd > /dev/null +fi + init_wolfprov if [ "${AM_BWRAPPED-}" != "yes" ]; then diff --git a/scripts/utils-openssl.sh b/scripts/utils-openssl.sh index 15568a98..aa2eb5c7 100755 --- a/scripts/utils-openssl.sh +++ b/scripts/utils-openssl.sh @@ -25,10 +25,13 @@ SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )" source ${SCRIPT_DIR}/utils-general.sh -OPENSSL_GIT="https://github.com/openssl/openssl.git" +OPENSSL_GIT_URL="https://github.com/openssl/openssl.git" OPENSSL_TAG=${OPENSSL_TAG:-"openssl-3.5.0"} OPENSSL_SOURCE_DIR=${SCRIPT_DIR}/../openssl-source OPENSSL_INSTALL_DIR=${SCRIPT_DIR}/../openssl-install +OPENSSL_BIN=${OPENSSL_INSTALL_DIR}/bin/openssl +OPENSSL_TEST=${OPENSSL_SOURCE_DIR}/test +OPENSSL_LIB_DIRS="${OPENSSL_INSTALL_DIR}/lib:${OPENSSL_INSTALL_DIR}/lib64" NUMCPU=${NUMCPU:-8} WOLFPROV_DEBUG=${WOLFPROV_DEBUG:-0} @@ -45,15 +48,17 @@ clone_openssl() { fi if [ ! -d ${OPENSSL_SOURCE_DIR} ]; then + printf "\tOpenSSL source directory not found: ${OPENSSL_SOURCE_DIR}\n" + printf "\tParent directory:\n" + tree -L 2 $(dirname ${OPENSSL_SOURCE_DIR}/..) || true CLONE_TAG=${USE_CUR_TAG:+${OPENSSL_TAG_CUR}} CLONE_TAG=${CLONE_TAG:-${OPENSSL_TAG}} - printf "\tClone OpenSSL ${CLONE_TAG} ... " - DEPTH_ARG=${WOLFPROV_DEBUG:+""} DEPTH_ARG=${DEPTH_ARG:---depth=1} - git clone ${DEPTH_ARG} -b ${CLONE_TAG} ${OPENSSL_GIT} ${OPENSSL_SOURCE_DIR} >>$LOG_FILE 2>&1 + printf "\tClone OpenSSL ${CLONE_TAG} from ${OPENSSL_GIT_URL} ... " + git clone ${DEPTH_ARG} -b ${CLONE_TAG} ${OPENSSL_GIT_URL} ${OPENSSL_SOURCE_DIR} RET=$? if [ $RET != 0 ]; then @@ -62,10 +67,23 @@ clone_openssl() { exit 1 fi printf "Done.\n" + + printf "\tOpenSSL source cloned to: ${OPENSSL_SOURCE_DIR}\n" + if [ ! -d ${OPENSSL_SOURCE_DIR} ]; then + printf "ERROR: OpenSSL source directory not found after clone: ${OPENSSL_SOURCE_DIR}\n" + fi + else + printf "\tOpenSSL source directory exists: ${OPENSSL_SOURCE_DIR}\n" + if [ ! -d ${OPENSSL_SOURCE_DIR}/.git ]; then + printf "ERROR: OpenSSL source directory is not a git repository: ${OPENSSL_SOURCE_DIR}\n" + do_cleanup + exit 1 + fi fi } install_openssl() { + printf "\nInstalling OpenSSL ${OPENSSL_TAG} ..." clone_openssl cd ${OPENSSL_SOURCE_DIR} @@ -114,10 +132,6 @@ init_openssl() { install_openssl printf "\tOpenSSL ${OPENSSL_TAG} installed in: ${OPENSSL_INSTALL_DIR}\n" - OPENSSL_BIN=${OPENSSL_INSTALL_DIR}/bin/openssl - OPENSSL_TEST=${OPENSSL_SOURCE_DIR}/test - OPENSSL_LIB_DIRS="${OPENSSL_INSTALL_DIR}/lib:${OPENSSL_INSTALL_DIR}/lib64" - OSSL_VER=`LD_LIBRARY_PATH=${OPENSSL_LIB_DIRS} $OPENSSL_BIN version | tail -n1` case $OSSL_VER in OpenSSL\ 3.*) ;; diff --git a/src/wp_dh_kmgmt.c b/src/wp_dh_kmgmt.c index 47bc78d8..a0c0d4ea 100644 --- a/src/wp_dh_kmgmt.c +++ b/src/wp_dh_kmgmt.c @@ -685,21 +685,26 @@ static int wp_dh_get_params_encoded_public_key(wp_Dh* dh, OSSL_PARAM params[]) p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY); if (p != NULL) { - size_t outLen = mp_unsigned_bin_size(&dh->key.p); + if (p->data_type != OSSL_PARAM_OCTET_STRING) { + ok = 0; + } + if (ok) { + size_t outLen = mp_unsigned_bin_size(&dh->key.p); - if (p->data != NULL) { - if (p->data_size < outLen) { - ok = 0; - } - if (ok) { - unsigned char* data = p->data; - size_t padSz = outLen - dh->pubSz; - /* Front pad with zeros. */ - XMEMSET(data, 0, padSz); - XMEMCPY(data + padSz, dh->pub, dh->pubSz); + if (p->data != NULL) { + if (p->data_size < outLen) { + ok = 0; + } + if (ok) { + unsigned char* data = p->data; + size_t padSz = outLen - dh->pubSz; + /* Front pad with zeros. */ + XMEMSET(data, 0, padSz); + XMEMCPY(data + padSz, dh->pub, dh->pubSz); + } } + p->return_size = outLen; } - p->return_size = outLen; } WOLFPROV_LEAVE(WP_LOG_KE, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), ok); @@ -719,35 +724,107 @@ static int wp_dh_get_params(wp_Dh* dh, OSSL_PARAM params[]) int ok = 1; OSSL_PARAM* p; - p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_MAX_SIZE); - if ((p != NULL) && !OSSL_PARAM_set_int(p, - mp_unsigned_bin_size(&dh->key.p))) { - ok = 0; + if (ok) { + p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_MAX_SIZE); + if (p != NULL) { + if (!OSSL_PARAM_set_uint(p, mp_unsigned_bin_size(&dh->key.p))) { + ok = 0; + } + } } if (ok) { p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_BITS); - if ((p != NULL) && !OSSL_PARAM_set_int(p, dh->bits)) { - ok = 0; + if (p != NULL) { + if (!OSSL_PARAM_set_int(p, dh->bits)) { + ok = 0; + } } } if (ok) { p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_SECURITY_BITS); - if ((p != NULL) && (!OSSL_PARAM_set_int(p, - wp_dh_get_security_bits(dh)))) { - ok = 0; + if (p != NULL) { + if (!OSSL_PARAM_set_int(p, wp_dh_get_security_bits(dh))) { + ok = 0; + } } } - if (ok && (!wp_params_set_mp(params, OSSL_PKEY_PARAM_FFC_P, - &dh->key.p, 1))) { - ok = 0; + if (ok) { + p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_FFC_P); + if (p != NULL) { + /* When buffer is NULL, return the size irrespective of type */ + if (p->data == NULL) { + ok = wp_params_set_mp(params, OSSL_PKEY_PARAM_FFC_P, &dh->key.g, 1); + } + /* When buffer is non-NULL, type must be int or uint */ + else + if (p->data_type == OSSL_PARAM_INTEGER || + p->data_type == OSSL_PARAM_UNSIGNED_INTEGER) { + ok = wp_params_set_mp(params, OSSL_PKEY_PARAM_FFC_P, &dh->key.p, 1); + } + else { + ok = 0; + } + } } - if (ok && (!wp_params_set_mp(params, OSSL_PKEY_PARAM_FFC_G, - &dh->key.g, 1))) { - ok = 0; + if (ok) { + p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_FFC_G); + if (p != NULL) { + /* When buffer is NULL, return the size irrespective of type */ + if (p->data == NULL) { + ok = wp_params_set_mp(params, OSSL_PKEY_PARAM_FFC_G, &dh->key.g, 1); + } + /* When buffer is non-NULL, type must be int or uint */ + else if (p->data_type == OSSL_PARAM_INTEGER || + p->data_type == OSSL_PARAM_UNSIGNED_INTEGER) { + ok = wp_params_set_mp(params, OSSL_PKEY_PARAM_FFC_G, &dh->key.g, 1); + } + else { + ok = 0; + } + } } - if (ok && (!wp_params_set_octet_string_be(params, OSSL_PKEY_PARAM_PUB_KEY, - dh->pub, dh->pubSz))) { - ok = 0; + if (ok) { + p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_FFC_Q); + if (p != NULL) { + /* OSSL does not check the type */ + ok = wp_params_set_mp(params, OSSL_PKEY_PARAM_FFC_Q, &dh->key.q, 1); + } + } + if (ok) { + p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_PUB_KEY); + if (p != NULL) { + if (p->data == NULL) { + p->return_size = dh->pubSz; + } + else { + /* return_size is set within this function */ + ok = wp_params_set_octet_string_be(params, OSSL_PKEY_PARAM_PUB_KEY, + dh->pub, dh->pubSz); + } + } + } + if (ok) { + p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_PRIV_KEY); + if (p != NULL) { + if (p->data == NULL) { + p->return_size = dh->pubSz; + } + else if (p->data_type == OSSL_PARAM_UNSIGNED_INTEGER) { + if (p->data_size < dh->privSz) { + ok = 0; + } + else { + /* OSSL returns a BIGNUM, but we copy raw bytes*/ + XMEMCPY(p->data, dh->priv, dh->privSz); + p->return_size = dh->privSz; + } + } + else { + /* return_size is set within this function */ + ok = wp_params_set_octet_string_be(params, OSSL_PKEY_PARAM_PRIV_KEY, + dh->priv, dh->privSz); + } + } } if (ok && (!wp_params_set_octet_string_be(params, OSSL_PKEY_PARAM_PRIV_KEY, dh->priv, dh->privSz))) { diff --git a/src/wp_params.c b/src/wp_params.c index 41b91ad8..40aeeaa4 100644 --- a/src/wp_params.c +++ b/src/wp_params.c @@ -639,8 +639,10 @@ int wp_params_set_octet_string_be(OSSL_PARAM params[], const char* key, OSSL_PARAM* p; p = OSSL_PARAM_locate(params, key); - if ((p != NULL) && (p->data_size < len)) { - ok = 0; + if (p != NULL) { + if ((p->data == NULL) || (p->data_size < len)) { + ok = 0; + } } if ((p != NULL) && ok) { #ifdef LITTLE_ENDIAN_ORDER