From a0a3a2b74c04fff11296880265a8fea390032692 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Wed, 14 Oct 2020 16:11:23 +0200 Subject: [PATCH] Review changes --- doc/dox_comments/header_files/ssl.h | 24 +++++++ src/ssl.c | 107 ++++++++++------------------ wolfcrypt/src/evp.c | 4 +- wolfcrypt/src/rsa.c | 36 +++++----- wolfssl/openssl/rsa.h | 3 + wolfssl/wolfcrypt/rsa.h | 4 +- 6 files changed, 88 insertions(+), 90 deletions(-) diff --git a/doc/dox_comments/header_files/ssl.h b/doc/dox_comments/header_files/ssl.h index d6d573e47..ea2a4cea3 100644 --- a/doc/dox_comments/header_files/ssl.h +++ b/doc/dox_comments/header_files/ssl.h @@ -13728,3 +13728,27 @@ WOLFSSL_API int wolfSSL_CTX_set_ephemeral_key(WOLFSSL_CTX* ctx, int keyAlgo, con \param format WOLFSSL_FILETYPE_ASN1 or WOLFSSL_FILETYPE_PEM */ WOLFSSL_API int wolfSSL_set_ephemeral_key(WOLFSSL* ssl, int keyAlgo, const char* key, unsigned int keySz, int format); + +/*! + \ingroup SSL + \brief Sign a message with the chosen message digest, padding, and RSA key + \return WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on error + \param type Hash NID + \param m Message to sign. Most likely this will be the digest of + the message to sign + \param mLen Length of message to sign + \param sigRet Output buffer + \param sigLen On Input: length of sigRet buffer + On Output: length of data written to sigRet + \param rsa RSA key used to sign the input + \param flag 1: Output the signature + 0: Output the value that the unpadded signature should be + compared to. Note: for RSA_PKCS1_PSS_PADDING the + wc_RsaPSS_CheckPadding_ex function should be used to check + the output of a *Verify* function. + \param padding Padding to use. Only RSA_PKCS1_PSS_PADDING and + RSA_PKCS1_PADDING are currently supported for signing. + */ +WOLFSSL_API int wolfSSL_RSA_sign_generic_padding(int type, const unsigned char* m, + unsigned int mLen, unsigned char* sigRet, + unsigned int* sigLen, WOLFSSL_RSA*, int, int); diff --git a/src/ssl.c b/src/ssl.c index 5576bf6d5..1c8bf3aac 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -30849,8 +30849,15 @@ int wolfSSL_RSA_sign(int type, const unsigned char* m, unsigned int mLen, unsigned char* sigRet, unsigned int* sigLen, WOLFSSL_RSA* rsa) { - return wolfSSL_RSA_sign_ex(type, m, mLen, sigRet, sigLen, rsa, 1, - RSA_PKCS1_PADDING); + return wolfSSL_RSA_sign_ex(type, m, mLen, sigRet, sigLen, rsa, 1); +} + +int wolfSSL_RSA_sign_ex(int type, const unsigned char* m, + unsigned int mLen, unsigned char* sigRet, + unsigned int* sigLen, WOLFSSL_RSA* rsa, int flag) +{ + return wolfSSL_RSA_sign_generic_padding(type, m, mLen, sigRet, sigLen, + rsa, flag, RSA_PKCS1_PADDING); } /** @@ -30872,7 +30879,7 @@ int wolfSSL_RSA_sign(int type, const unsigned char* m, * RSA_PKCS1_PADDING are currently supported for signing. * @return WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on error */ -int wolfSSL_RSA_sign_ex(int type, const unsigned char* m, +int wolfSSL_RSA_sign_generic_padding(int type, const unsigned char* m, unsigned int mLen, unsigned char* sigRet, unsigned int* sigLen, WOLFSSL_RSA* rsa, int flag, int padding) @@ -30890,21 +30897,20 @@ int wolfSSL_RSA_sign_ex(int type, const unsigned char* m, byte encodedSig[MAX_ENCODED_SIG_SZ]; #endif - WOLFSSL_ENTER("wolfSSL_RSA_sign"); + WOLFSSL_ENTER("wolfSSL_RSA_sign_generic_padding"); if (m == NULL || sigRet == NULL || sigLen == NULL || rsa == NULL) { WOLFSSL_MSG("Bad function arguments"); - return 0; + return WOLFSSL_FAILURE; } DEBUG_SIGN_msg("Message to Sign", m, mLen); - if (rsa->inSet == 0) - { + if (rsa->inSet == 0) { WOLFSSL_MSG("No RSA internal set, do it"); if (SetRsaInternal(rsa) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("SetRsaInternal failed"); - return 0; + return WOLFSSL_FAILURE; } } @@ -30915,18 +30921,19 @@ int wolfSSL_RSA_sign_ex(int type, const unsigned char* m, #ifdef WOLFSSL_SMALL_STACK tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG); if (tmpRNG == NULL) - return 0; + return WOLFSSL_FAILURE; encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, NULL, DYNAMIC_TYPE_SIGNATURE); if (encodedSig == NULL) { XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG); - return 0; + return WOLFSSL_FAILURE; } #endif - if (outLen == 0) + if (outLen == 0) { WOLFSSL_MSG("Bad RSA size"); + } else if (wc_InitRng(tmpRNG) == 0) { rng = tmpRNG; initTmpRng = 1; @@ -30958,7 +30965,7 @@ int wolfSSL_RSA_sign_ex(int type, const unsigned char* m, "OpenSSL uses max length by default."); #endif ret = wc_RsaPSS_Sign_ex(m, mLen, sigRet, outLen, - hType, hash2mgf(hType), + hType, wc_hash2mgf(hType), #ifndef WOLFSSL_PSS_SALT_LEN_DISCOVER RSA_PSS_SALT_LEN_DEFAULT, #else @@ -31030,10 +31037,14 @@ int wolfSSL_RSA_sign_ex(int type, const unsigned char* m, XFREE(encodedSig, NULL, DYNAMIC_TYPE_SIGNATURE); #endif - if (ret == WOLFSSL_SUCCESS) - WOLFSSL_MSG("wolfSSL_RSA_sign success"); + if (ret == WOLFSSL_SUCCESS) { + WOLFSSL_MSG("wolfSSL_RSA_sign_generic_padding success"); + } else { - WOLFSSL_MSG("wolfSSL_RSA_sign failed"); + WOLFSSL_LEAVE("wolfSSL_RSA_sign_generic_padding", ret); + WOLFSSL_MSG("wolfSSL_RSA_sign_generic_padding failed. " + "Returning WOLFSSL_FAILURE."); + ret = WOLFSSL_FAILURE; } return ret; } @@ -31078,8 +31089,8 @@ int wolfSSL_RSA_verify_ex(int type, const unsigned char* m, goto cleanup; } /* get non-encrypted signature to be compared with decrypted signature */ - if (wolfSSL_RSA_sign_ex(type, m, mLen, sigRet, &len, rsa, 0, padding) - <= 0) { + if (wolfSSL_RSA_sign_generic_padding(type, m, mLen, sigRet, &len, rsa, + 0, padding) <= 0) { WOLFSSL_MSG("Message Digest Error"); goto cleanup; } @@ -31091,7 +31102,7 @@ int wolfSSL_RSA_verify_ex(int type, const unsigned char* m, /* decrypt signature */ #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) hType = wc_OidGetHash(hSum); - if ((verLen = wc_RsaSSL_Verify_ex(sig, sigLen, (unsigned char *)sigDec, + if ((verLen = wc_RsaSSL_Verify_ex2(sig, sigLen, (unsigned char *)sigDec, sigLen, (RsaKey*)rsa->internal, padding, hType)) <= 0) { WOLFSSL_MSG("RSA Decrypt error"); goto cleanup; @@ -31111,18 +31122,18 @@ int wolfSSL_RSA_verify_ex(int type, const unsigned char* m, RSA_PSS_SALT_LEN_DISCOVER, #endif mp_count_bits(&((RsaKey*)rsa->internal)->n)) != 0) { - WOLFSSL_MSG("wolfSSL_RSA_verify failed"); + WOLFSSL_MSG("wc_RsaPSS_CheckPadding_ex error"); goto cleanup; } } else #endif /* !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) */ if ((int)len != verLen || XMEMCMP(sigRet, sigDec, verLen) != 0) { - WOLFSSL_MSG("wolfSSL_RSA_verify failed"); + WOLFSSL_MSG("wolfSSL_RSA_verify_ex failed"); goto cleanup; } - WOLFSSL_MSG("wolfSSL_RSA_verify success"); + WOLFSSL_MSG("wolfSSL_RSA_verify_ex success"); ret = WOLFSSL_SUCCESS; cleanup: if (sigRet) @@ -36290,49 +36301,6 @@ int wolfSSL_RSA_LoadDer_ex(WOLFSSL_RSA* rsa, const unsigned char* derBuf, #if defined(WC_RSA_PSS) && (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || \ defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX)) #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) -static int hash2mgf(enum wc_HashType hType) -{ - switch (hType) { -#ifndef NO_SHA - case WC_HASH_TYPE_SHA: - return WC_MGF1SHA1; -#endif -#ifndef NO_SHA256 - case WC_HASH_TYPE_SHA224: -#ifdef WOLFSSL_SHA224 - return WC_MGF1SHA224; -#else - WOLFSSL_MSG("Unrecognized or unsupported hash function"); - return WC_MGF1NONE; -#endif - case WC_HASH_TYPE_SHA256: - return WC_MGF1SHA256; -#endif -#ifdef WOLFSSL_SHA384 - case WC_HASH_TYPE_SHA384: - return WC_MGF1SHA384; -#endif -#ifdef WOLFSSL_SHA512 - case WC_HASH_TYPE_SHA512: - return WC_MGF1SHA512; -#endif - case WC_HASH_TYPE_NONE: - case WC_HASH_TYPE_MD2: - case WC_HASH_TYPE_MD4: - case WC_HASH_TYPE_MD5: - case WC_HASH_TYPE_MD5_SHA: - case WC_HASH_TYPE_SHA3_224: - case WC_HASH_TYPE_SHA3_256: - case WC_HASH_TYPE_SHA3_384: - case WC_HASH_TYPE_SHA3_512: - case WC_HASH_TYPE_BLAKE2B: - case WC_HASH_TYPE_BLAKE2S: - default: - WOLFSSL_MSG("Unrecognized or unsupported hash function"); - return WC_MGF1NONE; - } -} - /* * +-----------+ * | M | @@ -36398,8 +36366,8 @@ int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *EM, goto cleanup; } - if ((mgf = hash2mgf(hashType)) == WC_MGF1NONE) { - WOLFSSL_MSG("hash2mgf error"); + if ((mgf = wc_hash2mgf(hashType)) == WC_MGF1NONE) { + WOLFSSL_MSG("wc_hash2mgf error"); goto cleanup; } @@ -36505,8 +36473,8 @@ int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash, return WOLFSSL_FAILURE; } - if ((mgf = hash2mgf(hashType)) == WC_MGF1NONE) { - WOLFSSL_MSG("hash2mgf error"); + if ((mgf = wc_hash2mgf(hashType)) == WC_MGF1NONE) { + WOLFSSL_MSG("wc_hash2mgf error"); return WOLFSSL_FAILURE; } @@ -45983,8 +45951,7 @@ int wolfSSL_RSA_public_decrypt(int flen, const unsigned char* from, /* size of 'to' buffer must be size of RSA key */ tlen = wc_RsaSSL_Verify_ex(from, flen, to, wolfSSL_RSA_size(rsa), - (RsaKey*)rsa->internal, pad_type, - WC_HASH_TYPE_NONE); + (RsaKey*)rsa->internal, pad_type); if (tlen <= 0) WOLFSSL_MSG("wolfSSL_RSA_public_decrypt failed"); else { diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index c3678ab15..10457720c 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -2519,8 +2519,8 @@ int wolfSSL_EVP_DigestSignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sig, int nid = wolfSSL_EVP_MD_type(wolfSSL_EVP_MD_CTX_md(ctx)); if (nid < 0) break; - ret = wolfSSL_RSA_sign_ex(nid, digest, hashLen, sig, &sigSz, - ctx->pctx->pkey->rsa, 1, ctx->pctx->padding); + ret = wolfSSL_RSA_sign_generic_padding(nid, digest, hashLen, + sig, &sigSz, ctx->pctx->pkey->rsa, 1, ctx->pctx->padding); if (ret >= 0) *siglen = sigSz; break; diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index 9f1fcfcb2..5122e8fc5 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -1748,43 +1748,38 @@ int wc_RsaUnPad_ex(byte* pkcsBlock, word32 pkcsBlockLen, byte** out, return ret; } -int hash2mgf(enum wc_HashType hType) +int wc_hash2mgf(enum wc_HashType hType) { switch (hType) { case WC_HASH_TYPE_SHA: #ifndef NO_SHA return WC_MGF1SHA1; #else - WOLFSSL_MSG("Unrecognized or unsupported hash function"); - return WC_MGF1NONE; + break; #endif case WC_HASH_TYPE_SHA224: #ifdef WOLFSSL_SHA224 return WC_MGF1SHA224; #else - WOLFSSL_MSG("Unrecognized or unsupported hash function"); - return WC_MGF1NONE; + break; #endif case WC_HASH_TYPE_SHA256: #ifndef NO_SHA256 return WC_MGF1SHA256; #else - WOLFSSL_MSG("Unrecognized or unsupported hash function"); - return WC_MGF1NONE; + break; #endif case WC_HASH_TYPE_SHA384: #ifdef WOLFSSL_SHA384 return WC_MGF1SHA384; #else - WOLFSSL_MSG("Unrecognized or unsupported hash function"); - return WC_MGF1NONE; + break; #endif case WC_HASH_TYPE_SHA512: #ifdef WOLFSSL_SHA512 return WC_MGF1SHA512; #else - WOLFSSL_MSG("Unrecognized or unsupported hash function"); - return WC_MGF1NONE; + break; #endif case WC_HASH_TYPE_NONE: case WC_HASH_TYPE_MD2: @@ -1798,9 +1793,10 @@ int hash2mgf(enum wc_HashType hType) case WC_HASH_TYPE_BLAKE2B: case WC_HASH_TYPE_BLAKE2S: default: - WOLFSSL_MSG("Unrecognized or unsupported hash function"); - return WC_MGF1NONE; + break; } + WOLFSSL_MSG("Unrecognized or unsupported hash function"); + return WC_MGF1NONE; } #ifdef WC_RSA_NONBLOCK @@ -3263,11 +3259,17 @@ int wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, RsaKey* key) int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out, word32 outLen, RsaKey* key) { - return wc_RsaSSL_Verify_ex(in, inLen, out, outLen, key , WC_RSA_PKCSV15_PAD, - WC_HASH_TYPE_NONE); + return wc_RsaSSL_Verify_ex(in, inLen, out, outLen, key, WC_RSA_PKCSV15_PAD); } int wc_RsaSSL_Verify_ex(const byte* in, word32 inLen, byte* out, word32 outLen, + RsaKey* key, int pad_type) +{ + return wc_RsaSSL_Verify_ex2(in, inLen, out, outLen, key, pad_type, + WC_HASH_TYPE_NONE); +} + +int wc_RsaSSL_Verify_ex2(const byte* in, word32 inLen, byte* out, word32 outLen, RsaKey* key, int pad_type, enum wc_HashType hash) { WC_RNG* rng; @@ -3285,11 +3287,11 @@ int wc_RsaSSL_Verify_ex(const byte* in, word32 inLen, byte* out, word32 outLen, #ifndef WOLFSSL_PSS_SALT_LEN_DISCOVER return RsaPrivateDecryptEx((byte*)in, inLen, out, outLen, NULL, key, RSA_PUBLIC_DECRYPT, RSA_BLOCK_TYPE_1, pad_type, - hash, hash2mgf(hash), NULL, 0, RSA_PSS_SALT_LEN_DEFAULT, rng); + hash, wc_hash2mgf(hash), NULL, 0, RSA_PSS_SALT_LEN_DEFAULT, rng); #else return RsaPrivateDecryptEx((byte*)in, inLen, out, outLen, NULL, key, RSA_PUBLIC_DECRYPT, RSA_BLOCK_TYPE_1, pad_type, - hash, hash2mgf(hash), NULL, 0, RSA_PSS_SALT_LEN_DISCOVER, rng); + hash, wc_hash2mgf(hash), NULL, 0, RSA_PSS_SALT_LEN_DISCOVER, rng); #endif } #endif diff --git a/wolfssl/openssl/rsa.h b/wolfssl/openssl/rsa.h index a818007f1..af11c7bc3 100644 --- a/wolfssl/openssl/rsa.h +++ b/wolfssl/openssl/rsa.h @@ -115,6 +115,9 @@ WOLFSSL_API int wolfSSL_RSA_sign(int type, const unsigned char* m, unsigned int mLen, unsigned char* sigRet, unsigned int* sigLen, WOLFSSL_RSA*); WOLFSSL_API int wolfSSL_RSA_sign_ex(int type, const unsigned char* m, + unsigned int mLen, unsigned char* sigRet, + unsigned int* sigLen, WOLFSSL_RSA*, int); +WOLFSSL_API int wolfSSL_RSA_sign_generic_padding(int type, const unsigned char* m, unsigned int mLen, unsigned char* sigRet, unsigned int* sigLen, WOLFSSL_RSA*, int, int); WOLFSSL_API int wolfSSL_RSA_verify(int type, const unsigned char* m, diff --git a/wolfssl/wolfcrypt/rsa.h b/wolfssl/wolfcrypt/rsa.h index f77c942d3..70a32e145 100644 --- a/wolfssl/wolfcrypt/rsa.h +++ b/wolfssl/wolfcrypt/rsa.h @@ -245,6 +245,8 @@ WOLFSSL_API int wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, WOLFSSL_API int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out, word32 outLen, RsaKey* key); WOLFSSL_API int wc_RsaSSL_Verify_ex(const byte* in, word32 inLen, byte* out, + word32 outLen, RsaKey* key, int pad_type); +WOLFSSL_API int wc_RsaSSL_Verify_ex2(const byte* in, word32 inLen, byte* out, word32 outLen, RsaKey* key, int pad_type, enum wc_HashType hash); WOLFSSL_API int wc_RsaPSS_VerifyInline(byte* in, word32 inLen, byte** out, @@ -368,7 +370,7 @@ WOLFSSL_LOCAL int wc_RsaUnPad_ex(byte* pkcsBlock, word32 pkcsBlockLen, byte** ou int mgf, byte* optLabel, word32 labelLen, int saltLen, int bits, void* heap); -WOLFSSL_LOCAL int hash2mgf(enum wc_HashType hType); +WOLFSSL_LOCAL int wc_hash2mgf(enum wc_HashType hType); #endif /* HAVE_USER_RSA */