From cd0670cbd7b5d0ee994c6b71764c82f08b60f834 Mon Sep 17 00:00:00 2001 From: Sean Parkinson Date: Wed, 6 Jan 2021 11:58:15 +1000 Subject: [PATCH] RSA: verify only build fixes configuration: --disable-ecc --disable-dh --disable-aes --disable-aesgcm --disable-sha512 --disable-sha384 --disable-sha --disable-poly1305 --disable-chacha --disable-md5 --disable-sha3 --enable-cryptonly --disable-inline --enable-rsavfy --disable-asn --disable-oaep --disable-rng --disable-filesystem --enable-sp=rsa2048 --enable-sp-math Fixes to make code build again. --- wolfcrypt/src/coding.c | 2 +- wolfcrypt/src/sp_int.c | 7 +++---- wolfcrypt/test/test.c | 27 +++++++++++++++++++++++++++ 3 files changed, 31 insertions(+), 5 deletions(-) diff --git a/wolfcrypt/src/coding.c b/wolfcrypt/src/coding.c index 821d9bfe6..8959397b6 100644 --- a/wolfcrypt/src/coding.c +++ b/wolfcrypt/src/coding.c @@ -100,7 +100,7 @@ static WC_INLINE byte Base64_Char2Val(byte c) byte mask; c -= BASE64_MIN; - mask = ctMaskLTE(c, 0x3f); + mask = (((byte)(0x3f - c)) >> 7) - 1; /* Load a value from the first cache line and use when mask set. */ v = base64Decode[ c & 0x3f ] & mask ; /* Load a value from the second cache line and use when mask not set. */ diff --git a/wolfcrypt/src/sp_int.c b/wolfcrypt/src/sp_int.c index ff8f2e9fe..ae7686c53 100644 --- a/wolfcrypt/src/sp_int.c +++ b/wolfcrypt/src/sp_int.c @@ -2152,7 +2152,6 @@ int sp_grow(sp_int* a, int l) } #endif /* !WOLFSSL_RSA_VERIFY_ONLY || !NO_DH || HAVE_ECC */ -#if !defined(WOLFSSL_RSA_VERIFY_ONLY) || defined(WOLFSSL_KEY_GEN) /* Set the multi-precision number to zero. * * Assumes a is not NULL. @@ -2167,7 +2166,6 @@ static void _sp_zero(sp_int* a) a->sign = MP_ZPOS; #endif } -#endif /* !WOLFSSL_RSA_VERIFY_ONLY || WOLFSSL_KEY_GEN */ #if !defined(WOLFSSL_RSA_VERIFY_ONLY) /* Set the multi-precision number to zero. @@ -2222,8 +2220,7 @@ void sp_forcezero(sp_int* a) #endif /* !WOLFSSL_RSA_VERIFY_ONLY || !NO_DH || HAVE_ECC */ #if defined(WOLSSL_SP_MATH_ALL) || !defined(NO_DH) || defined(HAVE_ECC) || \ - (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ - defined(SQR_MUL_ASM) + !defined(NO_RSA) /* Copy value of multi-precision number a into r. * * @param [in] a SP integer - source. @@ -7684,6 +7681,7 @@ int sp_mul(sp_int* a, sp_int* b, sp_int* r) } /* END SP_MUL implementations. */ +#if !defined(WOLFSSL_RSA_VERIFY_ONLY) /* Multiply a by b mod m and store in r: r = (a * b) mod m * * @param [in] a SP integer to multiply. @@ -7738,6 +7736,7 @@ int sp_mulmod(sp_int* a, sp_int* b, sp_int* m, sp_int* r) #endif return err; } +#endif /* !WOLFSSL_RSA_VERIFY_ONLY */ #if defined(HAVE_ECC) || !defined(NO_DSA) || defined(OPENSSL_EXTRA) || \ (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 0c7ce3239..be87eefc0 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -13236,7 +13236,9 @@ static int rsa_even_mod_test(WC_RNG* rng, RsaKey* key) size_t bytes; int ret; word32 inLen = 0; +#ifndef NO_ASN word32 idx = 0; +#endif word32 outSz = RSA_TEST_BYTES; word32 plainSz = RSA_TEST_BYTES; #if !defined(USE_CERT_BUFFERS_2048) && !defined(USE_CERT_BUFFERS_3072) && \ @@ -13289,10 +13291,28 @@ static int rsa_even_mod_test(WC_RNG* rng, RsaKey* key) ERROR_OUT(-7802, exit_rsa_even_mod); #endif /* USE_CERT_BUFFERS */ +#ifndef NO_ASN ret = wc_RsaPrivateKeyDecode(tmp, &idx, key, (word32)bytes); if (ret != 0) { ERROR_OUT(-7804, exit_rsa_even_mod); } +#else + #ifdef USE_CERT_BUFFERS_2048 + ret = mp_read_unsigned_bin(&key->n, &tmp[12], 256); + if (ret != 0) { + ERROR_OUT(-7804, exit_rsa_even_mod); + } + ret = mp_set_int(&key->e, WC_RSA_EXPONENT); + if (ret != 0) { + ERROR_OUT(-7804, exit_rsa_even_mod); + } +#ifndef NO_SIG_WRAPPER + modLen = 2048; +#endif + #else + #error Not supported yet! + #endif +#endif key->n.dp[0] &= (mp_digit)-2; if (ret != 0) { @@ -13346,6 +13366,13 @@ exit_rsa_even_mod: FREE_VAR(out, HEAP_HINT); FREE_VAR(plain, HEAP_HINT); + (void)out; + (void)outSz; + (void)plain; + (void)plainSz; + (void)inLen; + (void)rng; + return ret; } #endif /* WOLFSSL_HAVE_SP_RSA */