diff --git a/CMakeLists.txt b/CMakeLists.txt index 4648c1a4..297f5c50 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1,7 +1,7 @@ if (WIN32) cmake_minimum_required(VERSION 3.20 FATAL_ERROR) else() -cmake_minimum_required(VERSION 3.0 FATAL_ERROR) +cmake_minimum_required(VERSION 3.5 FATAL_ERROR) endif() project(oqs-provider LANGUAGES C) set(OQSPROVIDER_VERSION_TEXT "0.6.2-dev") diff --git a/oqsprov/oqs_encode_key2any.c b/oqsprov/oqs_encode_key2any.c index eb887b38..a1395325 100644 --- a/oqsprov/oqs_encode_key2any.c +++ b/oqsprov/oqs_encode_key2any.c @@ -703,8 +703,8 @@ static int oqsx_pki_priv_to_der(const void *vxkey, unsigned char **pder) { nid = oqsxkey->oqsx_provider_ctx.oqsx_evp_ctx->evp_info->keytype; if (nid == EVP_PKEY_RSA) { // get the RSA real key size - unsigned char *enc_len = - OPENSSL_strndup(oqsxkey->comp_privkey[i], 4); + unsigned char *enc_len = (unsigned char *)OPENSSL_strndup( + oqsxkey->comp_privkey[i], 4); OPENSSL_cleanse(enc_len, 2); DECODE_UINT32(buflen, enc_len); buflen += 4; @@ -1684,7 +1684,8 @@ static int oqsx_to_text(BIO *out, const void *key, int selection) { ->keytype == EVP_PKEY_RSA) { // get the RSA real key size unsigned char *enc_len = - OPENSSL_strndup(okey->comp_privkey[i], 4); + (unsigned char *)OPENSSL_strndup( + okey->comp_privkey[i], 4); OPENSSL_cleanse(enc_len, 2); DECODE_UINT32(privlen, enc_len); privlen += 4; diff --git a/oqsprov/oqs_sig.c b/oqsprov/oqs_sig.c index e63d4747..83305bb2 100644 --- a/oqsprov/oqs_sig.c +++ b/oqsprov/oqs_sig.c @@ -210,38 +210,101 @@ static int oqs_sig_verify_init(void *vpoqs_sigctx, void *voqssig, // this list need to be in order of the last number on the OID from the // composite, the len of each value is COMPOSITE_OID_PREFIX_LEN static const unsigned char *composite_OID_prefix[] = { - "060B6086480186FA6B50080101", // mldsa44_pss2048 - // id-MLDSA44-RSA2048-PSS-SHA256 - "060B6086480186FA6B50080102", // mldsa44_rsa2048 - // id-MLDSA44-RSA2048-PKCS15-SHA256 - "060B6086480186FA6B50080103", // mldsa44_ed25519 - // id-MLDSA44-Ed25519-SHA512 - "060B6086480186FA6B50080104", // mldsa44_p256 - // id-MLDSA44-ECDSA-P256-SHA256 - "060B6086480186FA6B50080105", // mldsa44_bp256 - // id-MLDSA44-ECDSA-brainpoolP256r1-SHA256 - "060B6086480186FA6B50080106", // mldsa65_pss3072 - // id-MLDSA65-RSA3072-PSS-SHA512 - "060B6086480186FA6B50080107", // mldsa65_rsa3072 - // id-MLDSA65-RSA3072-PKCS15-SHA512 - "060B6086480186FA6B50080108", // mldsa65_p256 - // id-MLDSA65-ECDSA-P256-SHA512 - "060B6086480186FA6B50080109", // mldsa65_bp256 - // id-MLDSA65-ECDSA-brainpoolP256r1-SHA512 - "060B6086480186FA6B5008010A", // mldsa65_ed25519 - // id-MLDSA65-Ed25519-SHA512 - "060B6086480186FA6B5008010B", // mldsa87_p384 - // id-MLDSA87-ECDSA-P384-SHA512 - "060B6086480186FA6B5008010C", // mldsa87_bp384 - // id-MLDSA87-ECDSA-brainpoolP384r1-SHA512 - "060B6086480186FA6B5008010D", // mldsa87_ed448 id-MLDSA87-Ed448-SHA512 - "060B6086480186FA6B5008010E", // falcon512_p256 - // id-Falon512-ECDSA-P256-SHA256 - "060B6086480186FA6B5008010F", // falcon512_bp256 - // id-Falcon512-ECDSA-brainpoolP256r1-SHA256 - "060B6086480186FA6B50080110", // falcon512_ed25519 - // id-Falcon512-Ed25519-SHA512 + /* + * mldsa44_pss2048 + * id-MLDSA44-RSA2048-PSS-SHA256 + */ + (const unsigned char *)"060B6086480186FA6B50080101", + + /* + * mldsa44_rsa2048 + * id-MLDSA44-RSA2048-PKCS15-SHA256 + */ + (const unsigned char *)"060B6086480186FA6B50080102", + + /* + * mldsa44_ed25519 + * id-MLDSA44-Ed25519-SHA512 + */ + (const unsigned char *)"060B6086480186FA6B50080103", + + /* + * mldsa44_p256 + * id-MLDSA44-ECDSA-P256-SHA256 + */ + (const unsigned char *)"060B6086480186FA6B50080104", + + /* + * mldsa44_bp256 + * id-MLDSA44-ECDSA-brainpoolP256r1-SHA256 + */ + (const unsigned char *)"060B6086480186FA6B50080105", + + /* + * mldsa65_pss3072 + * id-MLDSA65-RSA3072-PSS-SHA512 + */ + (const unsigned char *)"060B6086480186FA6B50080106", + + /* + * mldsa65_rsa3072 + * id-MLDSA65-RSA3072-PKCS15-SHA512 + */ + (const unsigned char *)"060B6086480186FA6B50080107", + + /* + * mldsa65_p256 + * id-MLDSA65-ECDSA-P256-SHA512 + */ + (const unsigned char *)"060B6086480186FA6B50080108", + /* + * mldsa65_bp256 + * id-MLDSA65-ECDSA-brainpoolP256r1-SHA512 + */ + (const unsigned char *)"060B6086480186FA6B50080109", + + /* + * mldsa65_ed25519 + * id-MLDSA65-Ed25519-SHA512 + */ + (const unsigned char *)"060B6086480186FA6B5008010A", + + /* + * mldsa87_p384 + * id-MLDSA87-ECDSA-P384-SHA512 + */ + (const unsigned char *)"060B6086480186FA6B5008010B", + + /* + * mldsa87_bp384 + * id-MLDSA87-ECDSA-brainpoolP384r1-SHA512 + */ + (const unsigned char *)"060B6086480186FA6B5008010C", + + /* + * mldsa87_ed448 + * id-MLDSA87-Ed448-SHA512 + */ + (const unsigned char *)"060B6086480186FA6B5008010D", + + /* + * falcon512_p256 + * id-Falon512-ECDSA-P256-SHA256 + */ + (const unsigned char *)"060B6086480186FA6B5008010E", + + /* + * falcon512_p256 + * id-Falcon512-ECDSA-brainpoolP256r1-SHA256 + */ + (const unsigned char *)"060B6086480186FA6B5008010F", + + /* + * falcon512_ed25519 + * id-Falcon512-Ed25519-SHA512 + */ + (const unsigned char *)"060B6086480186FA6B50080110", }; /*put the chars on in into memory on out*/ @@ -454,8 +517,8 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, oqs_sig_len = oqsxkey->oqsx_provider_ctx.oqsx_qs_ctx.sig ->length_signature; buf = OPENSSL_malloc(oqs_sig_len); - if (OQS_SIG_sign(oqs_key, buf, &oqs_sig_len, final_tbs, - final_tbslen, + if (OQS_SIG_sign(oqs_key, buf, &oqs_sig_len, + (const unsigned char *)final_tbs, final_tbslen, oqsxkey->comp_privkey[i]) != OQS_SUCCESS) { ERR_raise(ERR_LIB_USER, OQSPROV_R_SIGNING_FAILED); CompositeSignature_free(compsig); @@ -478,7 +541,8 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, EVP_MD_CTX *evp_ctx = EVP_MD_CTX_new(); if ((EVP_DigestSignInit(evp_ctx, NULL, NULL, NULL, oqs_key_classic) <= 0) || - (EVP_DigestSign(evp_ctx, buf, &oqs_sig_len, final_tbs, + (EVP_DigestSign(evp_ctx, buf, &oqs_sig_len, + (const unsigned char *)final_tbs, final_tbslen) <= 0)) { ERR_raise(ERR_LIB_USER, ERR_R_FATAL); CompositeSignature_free(compsig); @@ -549,12 +613,12 @@ static int oqs_sig_sign(void *vpoqs_sigctx, unsigned char *sig, size_t *siglen, if (comp_idx < 6) { classical_md = EVP_sha256(); digest_len = SHA256_DIGEST_LENGTH; - SHA256(final_tbs, final_tbslen, + SHA256((const unsigned char *)final_tbs, final_tbslen, (unsigned char *)&digest); } else { classical_md = EVP_sha512(); digest_len = SHA512_DIGEST_LENGTH; - SHA512(final_tbs, final_tbslen, + SHA512((const unsigned char *)final_tbs, final_tbslen, (unsigned char *)&digest); } @@ -814,8 +878,8 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, } if (get_oqsname_fromtls(name)) { - if (OQS_SIG_verify(oqs_key, final_tbs, final_tbslen, buf, - buf_len, + if (OQS_SIG_verify(oqs_key, (const unsigned char *)final_tbs, + final_tbslen, buf, buf_len, oqsxkey->comp_pubkey[i]) != OQS_SUCCESS) { ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); OPENSSL_free(name); @@ -834,7 +898,8 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, EVP_MD_CTX *evp_ctx = EVP_MD_CTX_new(); if ((EVP_DigestVerifyInit(evp_ctx, NULL, NULL, NULL, oqsxkey->classical_pkey) <= 0) || - (EVP_DigestVerify(evp_ctx, buf, buf_len, final_tbs, + (EVP_DigestVerify(evp_ctx, buf, buf_len, + (const unsigned char *)final_tbs, final_tbslen) <= 0)) { ERR_raise(ERR_LIB_USER, OQSPROV_R_VERIFY_ERROR); OPENSSL_free(name); @@ -898,12 +963,12 @@ static int oqs_sig_verify(void *vpoqs_sigctx, const unsigned char *sig, if (comp_idx < 6) { classical_md = EVP_sha256(); digest_len = SHA256_DIGEST_LENGTH; - SHA256(final_tbs, final_tbslen, + SHA256((const unsigned char *)final_tbs, final_tbslen, (unsigned char *)&digest); } else { classical_md = EVP_sha512(); digest_len = SHA512_DIGEST_LENGTH; - SHA512(final_tbs, final_tbslen, + SHA512((const unsigned char *)final_tbs, final_tbslen, (unsigned char *)&digest); } diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index 26df6739..d711ff56 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -397,10 +397,10 @@ EVP_PKEY *setECParams(EVP_PKEY *eck, int nid) { 0x04, 0x00, 0x22}; const unsigned char p521params[] = {0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x23}; - const char bp256params[] = {0x06, 0x09, 0x2b, 0x24, 0x03, 0x03, - 0x02, 0x08, 0x01, 0x01, 0x07}; - const char bp384params[] = {0x06, 0x09, 0x2b, 0x24, 0x03, 0x03, - 0x02, 0x08, 0x01, 0x01, 0x0b}; + const unsigned char bp256params[] = {0x06, 0x09, 0x2b, 0x24, 0x03, 0x03, + 0x02, 0x08, 0x01, 0x01, 0x07}; + const unsigned char bp384params[] = {0x06, 0x09, 0x2b, 0x24, 0x03, 0x03, + 0x02, 0x08, 0x01, 0x01, 0x0b}; const unsigned char *params; switch (nid) { @@ -702,8 +702,11 @@ static OQSX_KEY *oqsx_key_op(const X509_ALGOR *palg, const unsigned char *p, ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); goto err_key_op; } - unsigned char *enc_len = OPENSSL_strndup( - p + previous_privlen + previous_publen, 4); + unsigned char *enc_len = + (unsigned char *)OPENSSL_strndup( + (const char *)(p + previous_privlen + + previous_publen), + 4); OPENSSL_cleanse(enc_len, 2); DECODE_UINT32(privlen, enc_len); privlen += 4;