wolfSSL OpenSSH Support with Expanded OpenSSL Compatibility Layer

With wolfSSL’s updated support for OpenSSH v8.1 comes new OpenSSL compatibility layer functionality!

The list of API added to the compatibility layer is:

  • EVP_CIPHER_CTX_ctrl is expanded to include the following commands:
    • EVP_CTRL_AEAD_SET_IV_FIXED
    • EVP_CTRL_GCM_SET_IV_FIXED
    • EVP_CTRL_GCM_IV_GEN
  • BN_clear
  • BN_clear_bit
  • OpenSSL_version_num
  • ERR_GET_LIB
  • SSL_CTX_set1_groups_list
  • SSL_set1_groups_list
  • DSA_SIG support was added:
    • DSA_SIG_new
    • DSA_SIG_free
    • DSA_do_sign
    • DSA_do_verify
  • ECDSA_size
  • ECDSA_sign
  • EC_GROUP_method_of
  • EC_METHOD_get_field_type
  • EC_POINT_set_affine_coordinates_GFp
  • ECPoint_i2d
  • ECPoint_d2i
  • EC_POINT_point2oct
  • EC_POINT_oct2point
  • EC_POINT_point2bn
  • Added reference counter to RSA structure
    • RSA_up_ref
  • RSAPublicKey_dup
  • RSA_get_ex_data
  • RSA_set_ex_data
  • RSA_get_ex_new_index

Changes made and bug fixed:

  • EC_POINT_get_affine_coordinates_GFp now checks if internal coordinates are in Jacobian format and converts to affine coordinates when needed
  • Singleton allocated by BN_value_one is now freed in wolfSSL_Cleanup
  • Entire EVP_CIPHER_CTX and DH structures are now correctly zeroed at initialization
  • Improved initialization vector handling in EVP_CipherInit

In addition to the above, there was also some refactorization done on existing OpenSSL compatibility layer code. Functions have been streamlined to allow for easier maintenance and tests added to ensure the correct functionality of the compatibility layer.

If you have any questions or run into any issues, contact us at facts@wolfssl.com, or call us at +1 425 245 8247.