feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

fix defines for FIPS around RSA-PSS in wolfSSL_RSA_sign_generic_padding() and wolfSSL_RSA_verify_ex()

Browse Source
This commit is contained in:
Chris Conlon
2022-03-25 15:37:46 -06:00
parent 3af3274dcd
commit 4ad2f68071
1 changed files with 8 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/ssl.c
View File

@ -36504,7 +36504,8 @@ int wolfSSL_RSA_sign_generic_padding(int type, const unsigned char* m,
ret = BAD_FUNC_ARG;
break;
#endif
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && defined(WC_RSA_PSS)
#if defined(WC_RSA_PSS) && !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
(defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,1)))
case RSA_PKCS1_PSS_PADDING:
{
enum wc_HashType hType = wc_OidGetHash(type);
@ -36615,7 +36616,8 @@ int wolfSSL_RSA_verify_ex(int type, const unsigned char* m,
unsigned char *sigDec = NULL;
unsigned int len = 0;
int verLen;
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
#if (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && \
FIPS_VERSION_GE(5,1))) && !defined(HAVE_SELFTEST)
int hSum = nid2HashSum(type);
enum wc_HashType hType;
#endif
@ -36648,7 +36650,8 @@ int wolfSSL_RSA_verify_ex(int type, const unsigned char* m,
DEBUG_SIGN_msg("Encoded Message", m, mLen);
}
/* decrypt signature */
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
#if (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && \
FIPS_VERSION_GE(5,1))) && !defined(HAVE_SELFTEST)
hType = wc_OidGetHash(hSum);
if ((verLen = wc_RsaSSL_Verify_ex2(sig, sigLen, (unsigned char *)sigDec,
sigLen, (RsaKey*)rsa->internal, padding, hType)) <= 0) {
@ -36660,7 +36663,8 @@ int wolfSSL_RSA_verify_ex(int type, const unsigned char* m,
(RsaKey*)rsa->internal);
#endif
DEBUG_SIGN_msg("Decrypted Signature", sigDec, ret);
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && defined(WC_RSA_PSS)
#if defined(WC_RSA_PSS) && !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
(defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,1)))
if (padding == RSA_PKCS1_PSS_PADDING) {
if (wc_RsaPSS_CheckPadding_ex(m, mLen, sigDec, verLen,
hType,