forked from wolfSSL/wolfssl
Fix for return code checking on ConfirmSignature, so it returns actual error codes or 0 on success.
This commit is contained in:
David Garske
@@ -4164,13 +4164,13 @@ int wc_GetCTC_HashOID(int type)
|
|||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
/* return true (1) or false (0) for Confirmation */
|
/* return 0=success, else failure */
|
||||||
static int ConfirmSignature(const byte* buf, word32 bufSz,
|
static int ConfirmSignature(const byte* buf, word32 bufSz,
|
||||||
const byte* key, word32 keySz, word32 keyOID,
|
const byte* key, word32 keySz, word32 keyOID,
|
||||||
const byte* sig, word32 sigSz, word32 sigOID,
|
const byte* sig, word32 sigSz, word32 sigOID,
|
||||||
void* heap)
|
void* heap)
|
||||||
{
|
{
|
||||||
int typeH = 0, digestSz = 0, ret = 0;
|
int typeH = 0, digestSz = 0, ret = -1;
|
||||||
#ifdef WOLFSSL_SMALL_STACK
|
#ifdef WOLFSSL_SMALL_STACK
|
||||||
byte* digest;
|
byte* digest;
|
||||||
#else
|
#else
|
||||||
@@ -4180,7 +4180,7 @@ static int ConfirmSignature(const byte* buf, word32 bufSz,
|
|||||||
#ifdef WOLFSSL_SMALL_STACK
|
#ifdef WOLFSSL_SMALL_STACK
|
||||||
digest = (byte*)XMALLOC(WC_MAX_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
digest = (byte*)XMALLOC(WC_MAX_DIGEST_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
if (digest == NULL)
|
if (digest == NULL)
|
||||||
return 0; /* not confirmed */
|
return MEMORY_E;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
(void)key;
|
(void)key;
|
||||||
@@ -4260,7 +4260,7 @@ static int ConfirmSignature(const byte* buf, word32 bufSz,
|
|||||||
#ifdef WOLFSSL_SMALL_STACK
|
#ifdef WOLFSSL_SMALL_STACK
|
||||||
XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
XFREE(digest, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
#endif
|
#endif
|
||||||
return 0; /* not confirmed */
|
return ALGO_ID_E;
|
||||||
}
|
}
|
||||||
|
|
||||||
switch (keyOID) {
|
switch (keyOID) {
|
||||||
@@ -4328,21 +4328,26 @@ static int ConfirmSignature(const byte* buf, word32 bufSz,
|
|||||||
WOLFSSL_MSG("Rsa SSL verify error");
|
WOLFSSL_MSG("Rsa SSL verify error");
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
|
#ifdef WOLFSSL_DEBUG_ENCODING
|
||||||
|
int x;
|
||||||
|
#endif
|
||||||
verifySz = ret;
|
verifySz = ret;
|
||||||
/* make sure we're right justified */
|
|
||||||
encodedSigSz =
|
ret = wc_EncodeSignature(encodedSig, digest, digestSz, typeH);
|
||||||
wc_EncodeSignature(encodedSig, digest, digestSz, typeH);
|
if (ret > 0) {
|
||||||
if (encodedSigSz != verifySz ||
|
encodedSigSz = ret;
|
||||||
XMEMCMP(out, encodedSig, encodedSigSz) != 0) {
|
|
||||||
WOLFSSL_MSG("Rsa SSL verify match encode error");
|
/* check length to make sure we're right justified */
|
||||||
}
|
if (encodedSigSz == verifySz &&
|
||||||
else
|
XMEMCMP(out, encodedSig, encodedSigSz) == 0) {
|
||||||
ret = 1; /* match */
|
ret = 0; /* match */
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
WOLFSSL_MSG("Rsa SSL verify match encode error");
|
||||||
|
ret = SIG_VERIFY_E;
|
||||||
|
}
|
||||||
|
|
||||||
#ifdef WOLFSSL_DEBUG_ENCODING
|
#ifdef WOLFSSL_DEBUG_ENCODING
|
||||||
{
|
|
||||||
int x;
|
|
||||||
|
|
||||||
printf("wolfssl encodedSig:\n");
|
printf("wolfssl encodedSig:\n");
|
||||||
|
|
||||||
for (x = 0; x < encodedSigSz; x++) {
|
for (x = 0; x < encodedSigSz; x++) {
|
||||||
@@ -4361,11 +4366,9 @@ static int ConfirmSignature(const byte* buf, word32 bufSz,
|
|||||||
}
|
}
|
||||||
|
|
||||||
printf("\n");
|
printf("\n");
|
||||||
}
|
|
||||||
#endif /* WOLFSSL_DEBUG_ENCODING */
|
#endif /* WOLFSSL_DEBUG_ENCODING */
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
wc_FreeRsaKey(pubKey);
|
wc_FreeRsaKey(pubKey);
|
||||||
@@ -4406,15 +4409,17 @@ static int ConfirmSignature(const byte* buf, word32 bufSz,
|
|||||||
WOLFSSL_MSG("ASN Key import error ECC");
|
WOLFSSL_MSG("ASN Key import error ECC");
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
if (wc_ecc_verify_hash(sig, sigSz, digest, digestSz, &verify,
|
ret = wc_ecc_verify_hash(sig, sigSz, digest, digestSz, &verify,
|
||||||
pubKey) != 0) {
|
pubKey);
|
||||||
|
if (ret != 0) {
|
||||||
WOLFSSL_MSG("ECC verify hash error");
|
WOLFSSL_MSG("ECC verify hash error");
|
||||||
}
|
}
|
||||||
else if (1 != verify) {
|
else if (verify != 1) {
|
||||||
WOLFSSL_MSG("ECC Verify didn't match");
|
WOLFSSL_MSG("ECC Verify didn't match");
|
||||||
} else
|
ret = SIG_VERIFY_E;
|
||||||
ret = 1; /* match */
|
} else {
|
||||||
|
ret = 0; /* match */
|
||||||
|
}
|
||||||
}
|
}
|
||||||
wc_ecc_free(pubKey);
|
wc_ecc_free(pubKey);
|
||||||
|
|
||||||
@@ -5802,11 +5807,11 @@ int ParseCertRelative(DecodedCert* cert, int type, int verify, void* cm)
|
|||||||
|
|
||||||
if (verify == VERIFY) {
|
if (verify == VERIFY) {
|
||||||
/* try to confirm/verify signature */
|
/* try to confirm/verify signature */
|
||||||
if (!ConfirmSignature(cert->source + cert->certBegin,
|
if (ConfirmSignature(cert->source + cert->certBegin,
|
||||||
cert->sigIndex - cert->certBegin,
|
cert->sigIndex - cert->certBegin,
|
||||||
ca->publicKey, ca->pubKeySize, ca->keyOID,
|
ca->publicKey, ca->pubKeySize, ca->keyOID,
|
||||||
cert->signature, cert->sigLength, cert->signatureOID,
|
cert->signature, cert->sigLength, cert->signatureOID,
|
||||||
cert->heap)) {
|
cert->heap) != 0) {
|
||||||
WOLFSSL_MSG("Confirm signature failed");
|
WOLFSSL_MSG("Confirm signature failed");
|
||||||
return ASN_SIG_CONFIRM_E;
|
return ASN_SIG_CONFIRM_E;
|
||||||
}
|
}
|
||||||
@@ -10059,8 +10064,7 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex,
|
|||||||
resp->sig, resp->sigSz, resp->sigOID, NULL);
|
resp->sig, resp->sigSz, resp->sigOID, NULL);
|
||||||
FreeDecodedCert(&cert);
|
FreeDecodedCert(&cert);
|
||||||
|
|
||||||
if (ret == 0)
|
if (ret != 0) {
|
||||||
{
|
|
||||||
WOLFSSL_MSG("\tOCSP Confirm signature failed");
|
WOLFSSL_MSG("\tOCSP Confirm signature failed");
|
||||||
return ASN_OCSP_CONFIRM_E;
|
return ASN_OCSP_CONFIRM_E;
|
||||||
}
|
}
|
||||||
@@ -10076,9 +10080,9 @@ static int DecodeBasicOcspResponse(byte* source, word32* ioIndex,
|
|||||||
ca = GetCA(cm, resp->issuerHash);
|
ca = GetCA(cm, resp->issuerHash);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
if (!ca || !ConfirmSignature(resp->response, resp->responseSz,
|
if (!ca || ConfirmSignature(resp->response, resp->responseSz,
|
||||||
ca->publicKey, ca->pubKeySize, ca->keyOID,
|
ca->publicKey, ca->pubKeySize, ca->keyOID,
|
||||||
resp->sig, resp->sigSz, resp->sigOID, NULL)) {
|
resp->sig, resp->sigSz, resp->sigOID, NULL) != 0) {
|
||||||
WOLFSSL_MSG("\tOCSP Confirm signature failed");
|
WOLFSSL_MSG("\tOCSP Confirm signature failed");
|
||||||
return ASN_OCSP_CONFIRM_E;
|
return ASN_OCSP_CONFIRM_E;
|
||||||
}
|
}
|
||||||
@@ -10694,10 +10698,10 @@ int ParseCRL(DecodedCRL* dcrl, const byte* buff, word32 sz, void* cm)
|
|||||||
return ASN_CRL_NO_SIGNER_E;
|
return ASN_CRL_NO_SIGNER_E;
|
||||||
}
|
}
|
||||||
#endif /* IGNORE_KEY_EXTENSIONS */
|
#endif /* IGNORE_KEY_EXTENSIONS */
|
||||||
if (!ConfirmSignature(buff + dcrl->certBegin,
|
if (ConfirmSignature(buff + dcrl->certBegin,
|
||||||
dcrl->sigIndex - dcrl->certBegin,
|
dcrl->sigIndex - dcrl->certBegin, ca->publicKey,
|
||||||
ca->publicKey, ca->pubKeySize, ca->keyOID,
|
ca->pubKeySize, ca->keyOID, dcrl->signature, dcrl->sigLength,
|
||||||
dcrl->signature, dcrl->sigLength, dcrl->signatureOID, NULL)) {
|
dcrl->signatureOID, NULL) != 0) {
|
||||||
WOLFSSL_MSG("CRL Confirm signature failed");
|
WOLFSSL_MSG("CRL Confirm signature failed");
|
||||||
return ASN_CRL_CONFIRM_E;
|
return ASN_CRL_CONFIRM_E;
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user