forked from wolfSSL/wolfssl
Add RSA_NO_PADDING to wolfSSL_RSA_private_encrypt
This commit is contained in:
Juliusz Sosinowicz
52
src/ssl.c
52
src/ssl.c
@@ -29466,12 +29466,12 @@ void wolfSSL_AES_cfb128_encrypt(const unsigned char *in, unsigned char* out,
|
|||||||
#endif /* WOLFSSL_AES_CFB */
|
#endif /* WOLFSSL_AES_CFB */
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef HAVE_AES_KEYWRAP
|
/* wc_AesKey*Wrap_ex API not available in FIPS and SELFTEST */
|
||||||
|
#if defined(HAVE_AES_KEYWRAP) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
|
||||||
int wolfSSL_AES_wrap_key(AES_KEY *key, const unsigned char *iv,
|
int wolfSSL_AES_wrap_key(AES_KEY *key, const unsigned char *iv,
|
||||||
unsigned char *out,
|
unsigned char *out,
|
||||||
const unsigned char *in, unsigned int inlen)
|
const unsigned char *in, unsigned int inlen)
|
||||||
{
|
{
|
||||||
Aes* aes;
|
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
WOLFSSL_ENTER("wolfSSL_AES_wrap_key");
|
WOLFSSL_ENTER("wolfSSL_AES_wrap_key");
|
||||||
@@ -29481,9 +29481,7 @@ int wolfSSL_AES_wrap_key(AES_KEY *key, const unsigned char *iv,
|
|||||||
return WOLFSSL_FAILURE;
|
return WOLFSSL_FAILURE;
|
||||||
}
|
}
|
||||||
|
|
||||||
aes = (Aes*)key;
|
ret = wc_AesKeyWrap_ex((Aes*)key, in, inlen, out, inlen + KEYWRAP_BLOCK_SIZE, iv);
|
||||||
|
|
||||||
ret = wc_AesKeyWrap_ex(aes, in, inlen, out, inlen + KEYWRAP_BLOCK_SIZE, iv);
|
|
||||||
|
|
||||||
return ret < 0 ? WOLFSSL_FAILURE : ret;
|
return ret < 0 ? WOLFSSL_FAILURE : ret;
|
||||||
}
|
}
|
||||||
@@ -29492,7 +29490,6 @@ int wolfSSL_AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
|
|||||||
unsigned char *out,
|
unsigned char *out,
|
||||||
const unsigned char *in, unsigned int inlen)
|
const unsigned char *in, unsigned int inlen)
|
||||||
{
|
{
|
||||||
Aes* aes;
|
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
WOLFSSL_ENTER("wolfSSL_AES_wrap_key");
|
WOLFSSL_ENTER("wolfSSL_AES_wrap_key");
|
||||||
@@ -29502,13 +29499,11 @@ int wolfSSL_AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
|
|||||||
return WOLFSSL_FAILURE;
|
return WOLFSSL_FAILURE;
|
||||||
}
|
}
|
||||||
|
|
||||||
aes = (Aes*)key;
|
ret = wc_AesKeyUnWrap_ex((Aes*)key, in, inlen, out, inlen + KEYWRAP_BLOCK_SIZE, iv);
|
||||||
|
|
||||||
ret = wc_AesKeyUnWrap_ex(aes, in, inlen, out, inlen + KEYWRAP_BLOCK_SIZE, iv);
|
|
||||||
|
|
||||||
return ret < 0 ? WOLFSSL_FAILURE : ret;
|
return ret < 0 ? WOLFSSL_FAILURE : ret;
|
||||||
}
|
}
|
||||||
#endif /* HAVE_AES_KEYWRAP */
|
#endif /* HAVE_AES_KEYWRAP && !HAVE_FIPS && !HAVE_SELFTEST */
|
||||||
#endif /* NO_AES */
|
#endif /* NO_AES */
|
||||||
|
|
||||||
#ifndef NO_FILESYSTEM
|
#ifndef NO_FILESYSTEM
|
||||||
@@ -49765,7 +49760,14 @@ int wolfSSL_RSA_private_encrypt(int len, unsigned char* in,
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (padding != RSA_PKCS1_PADDING && padding != RSA_PKCS1_PSS_PADDING) {
|
if (
|
||||||
|
#ifdef WC_RSA_PSS
|
||||||
|
padding != RSA_PKCS1_PSS_PADDING &&
|
||||||
|
#endif
|
||||||
|
#ifdef WC_RSA_NO_PADDING
|
||||||
|
padding != RSA_NO_PADDING &&
|
||||||
|
#endif
|
||||||
|
padding != RSA_PKCS1_PADDING) {
|
||||||
WOLFSSL_MSG("wolfSSL_RSA_private_encrypt unsupported padding");
|
WOLFSSL_MSG("wolfSSL_RSA_private_encrypt unsupported padding");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@@ -49797,7 +49799,33 @@ int wolfSSL_RSA_private_encrypt(int len, unsigned char* in,
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
/* size of output buffer must be size of RSA key */
|
/* size of output buffer must be size of RSA key */
|
||||||
sz = wc_RsaSSL_Sign(in, (word32)len, out, wolfSSL_RSA_size(rsa), key, rng);
|
switch (padding) {
|
||||||
|
case RSA_PKCS1_PADDING:
|
||||||
|
sz = wc_RsaSSL_Sign(in, (word32)len, out, wolfSSL_RSA_size(rsa),
|
||||||
|
key, rng);
|
||||||
|
break;
|
||||||
|
#ifdef WC_RSA_PSS
|
||||||
|
case RSA_PKCS1_PSS_PADDING:
|
||||||
|
sz = wc_RsaPSS_Sign(in, (word32)len, out, wolfSSL_RSA_size(rsa),
|
||||||
|
WC_HASH_TYPE_NONE, WC_MGF1NONE, key, rng);
|
||||||
|
break;
|
||||||
|
#endif
|
||||||
|
#ifdef WC_RSA_NO_PADDING
|
||||||
|
case RSA_NO_PADDING:
|
||||||
|
{
|
||||||
|
word32 outLen = (word32)len;
|
||||||
|
sz = wc_RsaFunction(in, (word32)len, out, &outLen,
|
||||||
|
RSA_PRIVATE_ENCRYPT, key, rng);
|
||||||
|
if (sz == 0)
|
||||||
|
sz = (int)outLen;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
default:
|
||||||
|
sz = BAD_FUNC_ARG;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
#if !defined(WC_RSA_BLINDING) || defined(HAVE_USER_RSA)
|
#if !defined(WC_RSA_BLINDING) || defined(HAVE_USER_RSA)
|
||||||
if (wc_FreeRng(rng) != 0) {
|
if (wc_FreeRng(rng) != 0) {
|
||||||
WOLFSSL_MSG("Error freeing random number generator");
|
WOLFSSL_MSG("Error freeing random number generator");
|
||||||
|
|||||||
@@ -33608,7 +33608,7 @@ static void test_wolfSSL_AES_cbc_encrypt()
|
|||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef HAVE_AES_KEYWRAP
|
#if defined(HAVE_AES_KEYWRAP) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
|
||||||
byte wrapCipher[sizeof(key256) + KEYWRAP_BLOCK_SIZE] = { 0 };
|
byte wrapCipher[sizeof(key256) + KEYWRAP_BLOCK_SIZE] = { 0 };
|
||||||
byte wrapPlain[sizeof(key256)] = { 0 };
|
byte wrapPlain[sizeof(key256)] = { 0 };
|
||||||
byte wrapIV[KEYWRAP_BLOCK_SIZE] = { 0 };
|
byte wrapIV[KEYWRAP_BLOCK_SIZE] = { 0 };
|
||||||
@@ -33621,6 +33621,7 @@ static void test_wolfSSL_AES_cbc_encrypt()
|
|||||||
AssertIntEQ(wolfSSL_AES_set_decrypt_key(key256, sizeof(key256)*8, &aes), 0);
|
AssertIntEQ(wolfSSL_AES_set_decrypt_key(key256, sizeof(key256)*8, &aes), 0);
|
||||||
AssertIntEQ(wolfSSL_AES_unwrap_key(&aes, NULL, wrapPlain, wrapCipher,
|
AssertIntEQ(wolfSSL_AES_unwrap_key(&aes, NULL, wrapPlain, wrapCipher,
|
||||||
sizeof(wrapCipher)), sizeof(wrapPlain));
|
sizeof(wrapCipher)), sizeof(wrapPlain));
|
||||||
|
AssertIntEQ(XMEMCMP(wrapPlain, key256, sizeof(key256)), 0);
|
||||||
printf(resultFmt, "passed");
|
printf(resultFmt, "passed");
|
||||||
XMEMSET(wrapCipher, 0, sizeof(wrapCipher));
|
XMEMSET(wrapCipher, 0, sizeof(wrapCipher));
|
||||||
XMEMSET(wrapPlain, 0, sizeof(wrapPlain));
|
XMEMSET(wrapPlain, 0, sizeof(wrapPlain));
|
||||||
@@ -33633,6 +33634,7 @@ static void test_wolfSSL_AES_cbc_encrypt()
|
|||||||
AssertIntEQ(wolfSSL_AES_set_decrypt_key(key256, sizeof(key256)*8, &aes), 0);
|
AssertIntEQ(wolfSSL_AES_set_decrypt_key(key256, sizeof(key256)*8, &aes), 0);
|
||||||
AssertIntEQ(wolfSSL_AES_unwrap_key(&aes, wrapIV, wrapPlain, wrapCipher,
|
AssertIntEQ(wolfSSL_AES_unwrap_key(&aes, wrapIV, wrapPlain, wrapCipher,
|
||||||
sizeof(wrapCipher)), sizeof(wrapPlain));
|
sizeof(wrapCipher)), sizeof(wrapPlain));
|
||||||
|
AssertIntEQ(XMEMCMP(wrapPlain, key256, sizeof(key256)), 0);
|
||||||
printf(resultFmt, "passed");
|
printf(resultFmt, "passed");
|
||||||
#endif /* HAVE_AES_KEYWRAP */
|
#endif /* HAVE_AES_KEYWRAP */
|
||||||
#endif /* WOLFSSL_AES_256 */
|
#endif /* WOLFSSL_AES_256 */
|
||||||
|
|||||||
@@ -9011,7 +9011,7 @@ int wc_AesKeyUnWrap_ex(Aes *aes, const byte* in, word32 inSz, byte* out,
|
|||||||
0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6
|
0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6
|
||||||
};
|
};
|
||||||
|
|
||||||
if (in == NULL || inSz < 3 ||
|
if (aes == NULL || in == NULL || inSz < 3 ||
|
||||||
out == NULL || outSz < (inSz - KEYWRAP_BLOCK_SIZE))
|
out == NULL || outSz < (inSz - KEYWRAP_BLOCK_SIZE))
|
||||||
return BAD_FUNC_ARG;
|
return BAD_FUNC_ARG;
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user