From 248dd12993e127e4a3ae13f1364a64e79b377c78 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Thu, 24 Sep 2020 17:09:34 +0200 Subject: [PATCH 1/5] Enable RSA-PSS padding in EVP_Digest* API --- src/ssl.c | 255 +++++++++++++++++++++++++--------------- tests/api.c | 33 ++++++ wolfcrypt/src/evp.c | 8 +- wolfcrypt/src/rsa.c | 46 +++++++- wolfssl/openssl/rsa.h | 6 +- wolfssl/wolfcrypt/rsa.h | 5 +- 6 files changed, 251 insertions(+), 102 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index e4aeb2b95..0ce466814 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -30805,39 +30805,7 @@ static void show(const char *title, const unsigned char *out, unsigned int outle #define show(a,b,c) #endif -/* return SSL_SUCCESS on ok, 0 otherwise */ -int wolfSSL_RSA_sign(int type, const unsigned char* m, - unsigned int mLen, unsigned char* sigRet, - unsigned int* sigLen, WOLFSSL_RSA* rsa) -{ - return wolfSSL_RSA_sign_ex(type, m, mLen, sigRet, sigLen, rsa, 1); -} - -int wolfSSL_RSA_sign_ex(int type, const unsigned char* m, - unsigned int mLen, unsigned char* sigRet, - unsigned int* sigLen, WOLFSSL_RSA* rsa, int flag) -{ - word32 outLen; - word32 signSz; - int initTmpRng = 0; - WC_RNG* rng = NULL; - int ret = 0; -#ifdef WOLFSSL_SMALL_STACK - WC_RNG* tmpRNG = NULL; - byte* encodedSig = NULL; -#else - WC_RNG tmpRNG[1]; - byte encodedSig[MAX_ENCODED_SIG_SZ]; -#endif - - WOLFSSL_ENTER("wolfSSL_RSA_sign"); - - if (m == NULL || sigRet == NULL || sigLen == NULL || rsa == NULL) { - WOLFSSL_MSG("Bad function arguments"); - return 0; - } - show("Message to Sign", m, mLen); - +static int nid2HashSum(int type) { switch (type) { #ifdef WOLFSSL_MD2 case NID_md2: type = MD2h; break; @@ -30873,6 +30841,43 @@ int wolfSSL_RSA_sign_ex(int type, const unsigned char* m, WOLFSSL_MSG("This NID (md type) not configured or not implemented"); return 0; } + return type; +} + +/* return SSL_SUCCESS on ok, 0 otherwise */ +int wolfSSL_RSA_sign(int type, const unsigned char* m, + unsigned int mLen, unsigned char* sigRet, + unsigned int* sigLen, WOLFSSL_RSA* rsa) +{ + return wolfSSL_RSA_sign_ex(type, m, mLen, sigRet, sigLen, rsa, 1, + RSA_PKCS1_PADDING); +} + +int wolfSSL_RSA_sign_ex(int type, const unsigned char* m, + unsigned int mLen, unsigned char* sigRet, + unsigned int* sigLen, WOLFSSL_RSA* rsa, int flag, + int padding) +{ + word32 outLen; + word32 signSz; + int initTmpRng = 0; + WC_RNG* rng = NULL; + int ret = 0; +#ifdef WOLFSSL_SMALL_STACK + WC_RNG* tmpRNG = NULL; + byte* encodedSig = NULL; +#else + WC_RNG tmpRNG[1]; + byte encodedSig[MAX_ENCODED_SIG_SZ]; +#endif + + WOLFSSL_ENTER("wolfSSL_RSA_sign"); + + if (m == NULL || sigRet == NULL || sigLen == NULL || rsa == NULL) { + WOLFSSL_MSG("Bad function arguments"); + return 0; + } + show("Message to Sign", m, mLen); if (rsa->inSet == 0) { @@ -30884,6 +30889,8 @@ int wolfSSL_RSA_sign_ex(int type, const unsigned char* m, } } + type = nid2HashSum(type); + outLen = (word32)wolfSSL_BN_num_bytes(rsa->n); #ifdef WOLFSSL_SMALL_STACK @@ -30915,32 +30922,71 @@ int wolfSSL_RSA_sign_ex(int type, const unsigned char* m, } if (rng) { - - signSz = wc_EncodeSignature(encodedSig, m, mLen, type); - if (signSz == 0) { - WOLFSSL_MSG("Bad Encode Signature"); - } - else { - show("Encoded Message", encodedSig, signSz); - if (flag != 0) { + if (flag != 0) { + switch (padding) { +#ifdef WC_RSA_NO_PADDING + case RSA_NO_PADDING: + WOLFSSL_MSG("RSA_NO_PADDING not supported for signing"); + ret = BAD_FUNC_ARG; + break; +#endif +#ifdef WC_RSA_PSS + case RSA_PKCS1_PSS_PADDING: + { + enum wc_HashType hType = wc_OidGetHash(type); + ret = wc_RsaPSS_Sign(m, mLen, sigRet, outLen, + hType, hash2mgf(hType), (RsaKey*)rsa->internal, rng); + break; + } +#endif +#ifndef WC_NO_RSA_OAEP + case RSA_PKCS1_OAEP_PADDING: + { + WOLFSSL_MSG("RSA_PKCS1_OAEP_PADDING not supported for signing"); + ret = BAD_FUNC_ARG; + break; + } +#endif + case RSA_PKCS1_PADDING: + default: + signSz = wc_EncodeSignature(encodedSig, m, mLen, type); + if (signSz == 0) { + WOLFSSL_MSG("Bad Encode Signature"); + } + show("Encoded Message", encodedSig, signSz); ret = wc_RsaSSL_Sign(encodedSig, signSz, sigRet, outLen, (RsaKey*)rsa->internal, rng); - if (ret <= 0) { - WOLFSSL_MSG("Bad Rsa Sign"); - ret = 0; + } + if (ret <= 0) { + WOLFSSL_MSG("Bad Rsa Sign"); + ret = 0; + } + else { + *sigLen = (unsigned int)ret; + ret = SSL_SUCCESS; + show("Signature", sigRet, *sigLen); + } + } else { + switch (padding) { + case RSA_NO_PADDING: + case RSA_PKCS1_PSS_PADDING: + case RSA_PKCS1_OAEP_PADDING: + ret = SSL_SUCCESS; + XMEMCPY(sigRet, m, mLen); + *sigLen = mLen; + break; + case RSA_PKCS1_PADDING: + default: + signSz = wc_EncodeSignature(encodedSig, m, mLen, type); + if (signSz == 0) { + WOLFSSL_MSG("Bad Encode Signature"); } - else { - *sigLen = (unsigned int)ret; - ret = SSL_SUCCESS; - show("Signature", sigRet, *sigLen); - } - } else { ret = SSL_SUCCESS; XMEMCPY(sigRet, encodedSig, signSz); *sigLen = signSz; + break; } } - } if (initTmpRng) @@ -30959,65 +31005,87 @@ int wolfSSL_RSA_sign_ex(int type, const unsigned char* m, return ret; } - /* returns WOLFSSL_SUCCESS on successful verify and WOLFSSL_FAILURE on fail */ int wolfSSL_RSA_verify(int type, const unsigned char* m, unsigned int mLen, const unsigned char* sig, unsigned int sigLen, WOLFSSL_RSA* rsa) { + return wolfSSL_RSA_verify_ex(type, m, mLen, sig, sigLen, rsa, RSA_PKCS1_PADDING); +} + +#define wolfSSL_RSA_verify_ex_return(msg, ret_code) { \ + WOLFSSL_MSG(msg); \ + if (sigRet) \ + XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER); \ + if (sigDec) \ + XFREE(sigDec, NULL, DYNAMIC_TYPE_TMP_BUFFER); \ + return ret_code; \ +} + +/* returns WOLFSSL_SUCCESS on successful verify and WOLFSSL_FAILURE on fail */ +int wolfSSL_RSA_verify_ex(int type, const unsigned char* m, + unsigned int mLen, const unsigned char* sig, + unsigned int sigLen, WOLFSSL_RSA* rsa, + int padding) { + int ret; - unsigned char *sigRet ; - unsigned char *sigDec ; + unsigned char *sigRet = NULL; + unsigned char *sigDec = NULL; unsigned int len; + int hSum = nid2HashSum(type); + enum wc_HashType hType; WOLFSSL_ENTER("wolfSSL_RSA_verify"); if ((m == NULL) || (sig == NULL)) { WOLFSSL_MSG("Bad function arguments"); return WOLFSSL_FAILURE; } - - sigRet = (unsigned char *)XMALLOC(sigLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (sigRet == NULL) { - WOLFSSL_MSG("Memory failure"); - return WOLFSSL_FAILURE; - } sigDec = (unsigned char *)XMALLOC(sigLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (sigDec == NULL) { - WOLFSSL_MSG("Memory failure"); - XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER); - return WOLFSSL_FAILURE; + wolfSSL_RSA_verify_ex_return("Memory failure", WOLFSSL_FAILURE); } - /* get non-encrypted signature to be compared with decrypted signature */ - ret = wolfSSL_RSA_sign_ex(type, m, mLen, sigRet, &len, rsa, 0); - if (ret <= 0) { - WOLFSSL_MSG("Message Digest Error"); - XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(sigDec, NULL, DYNAMIC_TYPE_TMP_BUFFER); - return WOLFSSL_FAILURE; - } - show("Encoded Message", sigRet, len); - /* decrypt signature */ - ret = wc_RsaSSL_Verify(sig, sigLen, (unsigned char *)sigDec, sigLen, - (RsaKey*)rsa->internal); - if (ret <= 0) { - WOLFSSL_MSG("RSA Decrypt error"); - XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(sigDec, NULL, DYNAMIC_TYPE_TMP_BUFFER); - return WOLFSSL_FAILURE; - } - show("Decrypted Signature", sigDec, ret); - - if ((int)len == ret && XMEMCMP(sigRet, sigDec, ret) == 0) { - WOLFSSL_MSG("wolfSSL_RSA_verify success"); - XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(sigDec, NULL, DYNAMIC_TYPE_TMP_BUFFER); - return WOLFSSL_SUCCESS; + if (padding != RSA_PKCS1_PSS_PADDING) { + sigRet = (unsigned char *)XMALLOC(sigLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (sigRet == NULL) { + wolfSSL_RSA_verify_ex_return("Memory failure", WOLFSSL_FAILURE); + } + /* get non-encrypted signature to be compared with decrypted signature */ + ret = wolfSSL_RSA_sign_ex(type, m, mLen, sigRet, &len, rsa, 0, padding); + if (ret <= 0) { + wolfSSL_RSA_verify_ex_return("Message Digest Error", WOLFSSL_FAILURE); + } + show("Encoded Message", sigRet, len); } else { - WOLFSSL_MSG("wolfSSL_RSA_verify failed"); - XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(sigDec, NULL, DYNAMIC_TYPE_TMP_BUFFER); - return WOLFSSL_FAILURE; + show("Encoded Message", m, mLen); + } + /* decrypt signature */ + hType = wc_OidGetHash(hSum); + ret = wc_RsaSSL_Verify_ex(sig, sigLen, (unsigned char *)sigDec, sigLen, + (RsaKey*)rsa->internal, padding, hType); + if (ret <= 0) { + wolfSSL_RSA_verify_ex_return("RSA Decrypt error", WOLFSSL_FAILURE); + } + show("Decrypted Signature", sigDec, ret); + if (padding == RSA_PKCS1_PSS_PADDING) { + if ((ret = wc_RsaPSS_CheckPadding_ex(m, mLen, sigDec, ret, + hType, RSA_PSS_SALT_LEN_DEFAULT, + mp_count_bits(&((RsaKey*)rsa->internal)->n))) == 0) { + wolfSSL_RSA_verify_ex_return("wolfSSL_RSA_verify success", + WOLFSSL_SUCCESS); + } + else { + wolfSSL_RSA_verify_ex_return("wolfSSL_RSA_verify failed", + WOLFSSL_FAILURE); + } + } + else if ((int)len == ret && XMEMCMP(sigRet, sigDec, ret) == 0) { + wolfSSL_RSA_verify_ex_return("wolfSSL_RSA_verify success", + WOLFSSL_SUCCESS); + } + else { + wolfSSL_RSA_verify_ex_return("wolfSSL_RSA_verify failed", + WOLFSSL_FAILURE); } } @@ -45872,7 +45940,8 @@ int wolfSSL_RSA_public_decrypt(int flen, const unsigned char* from, /* size of 'to' buffer must be size of RSA key */ tlen = wc_RsaSSL_Verify_ex(from, flen, to, wolfSSL_RSA_size(rsa), - (RsaKey*)rsa->internal, pad_type); + (RsaKey*)rsa->internal, pad_type, + WC_HASH_TYPE_NONE); if (tlen <= 0) WOLFSSL_MSG("wolfSSL_RSA_public_decrypt failed"); else { diff --git a/tests/api.c b/tests/api.c index bd7bf1bfe..f986d0de8 100644 --- a/tests/api.c +++ b/tests/api.c @@ -26646,6 +26646,7 @@ static void test_wolfSSL_EVP_MD_rsa_signing(void) defined(USE_CERT_BUFFERS_2048) WOLFSSL_EVP_PKEY* privKey; WOLFSSL_EVP_PKEY* pubKey; + WOLFSSL_EVP_PKEY_CTX* keyCtx; const char testData[] = "Hi There"; WOLFSSL_EVP_MD_CTX mdCtx; size_t checkSz = -1; @@ -26653,6 +26654,12 @@ static void test_wolfSSL_EVP_MD_rsa_signing(void) const unsigned char* cp; const unsigned char* p; unsigned char check[2048/8]; + size_t i; + int paddings[] = { + RSA_PKCS1_PADDING, + RSA_PKCS1_PSS_PADDING, + }; + printf(testingFmt, "wolfSSL_EVP_MD_rsa_signing()"); @@ -26707,6 +26714,32 @@ static void test_wolfSSL_EVP_MD_rsa_signing(void) AssertIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, check, checkSz), 1); AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); + /* Check all signing padding types */ + for (i = 0; i < sizeof(paddings)/sizeof(int); i++) { + wolfSSL_EVP_MD_CTX_init(&mdCtx); + AssertIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, &keyCtx, + wolfSSL_EVP_sha256(), NULL, privKey), 1); + AssertIntEQ(wolfSSL_EVP_PKEY_CTX_set_rsa_padding(keyCtx, + paddings[i]), 1); + AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData, + (unsigned int)XSTRLEN(testData)), 1); + AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1); + AssertIntEQ((int)checkSz, sz); + AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1); + AssertIntEQ((int)checkSz,sz); + AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); + + wolfSSL_EVP_MD_CTX_init(&mdCtx); + AssertIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, &keyCtx, + wolfSSL_EVP_sha256(), NULL, pubKey), 1); + AssertIntEQ(wolfSSL_EVP_PKEY_CTX_set_rsa_padding(keyCtx, + paddings[i]), 1); + AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData, + (unsigned int)XSTRLEN(testData)), 1); + AssertIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, check, checkSz), 1); + AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); + } + wolfSSL_EVP_PKEY_free(pubKey); wolfSSL_EVP_PKEY_free(privKey); diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index e84ccf3f9..c3678ab15 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -2519,8 +2519,8 @@ int wolfSSL_EVP_DigestSignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sig, int nid = wolfSSL_EVP_MD_type(wolfSSL_EVP_MD_CTX_md(ctx)); if (nid < 0) break; - ret = wolfSSL_RSA_sign(nid, digest, hashLen, sig, &sigSz, - ctx->pctx->pkey->rsa); + ret = wolfSSL_RSA_sign_ex(nid, digest, hashLen, sig, &sigSz, + ctx->pctx->pkey->rsa, 1, ctx->pctx->padding); if (ret >= 0) *siglen = sigSz; break; @@ -2614,9 +2614,9 @@ int wolfSSL_EVP_DigestVerifyFinal(WOLFSSL_EVP_MD_CTX *ctx, int nid = wolfSSL_EVP_MD_type(wolfSSL_EVP_MD_CTX_md(ctx)); if (nid < 0) return WOLFSSL_FAILURE; - return wolfSSL_RSA_verify(nid, digest, hashLen, sig, + return wolfSSL_RSA_verify_ex(nid, digest, hashLen, sig, (unsigned int)siglen, - ctx->pctx->pkey->rsa); + ctx->pctx->pkey->rsa, ctx->pctx->padding); } #endif /* NO_RSA */ diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index 742853c6c..f36dfbfe9 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -1748,6 +1748,45 @@ int wc_RsaUnPad_ex(byte* pkcsBlock, word32 pkcsBlockLen, byte** out, return ret; } +int hash2mgf(enum wc_HashType hType) +{ + switch (hType) { +#ifndef NO_SHA + case WC_HASH_TYPE_SHA: + return WC_MGF1SHA1; +#endif +#ifndef NO_SHA256 +#ifdef WOLFSSL_SHA224 + case WC_HASH_TYPE_SHA224: + return WC_MGF1SHA224; +#endif + case WC_HASH_TYPE_SHA256: + return WC_MGF1SHA256; +#endif +#ifdef WOLFSSL_SHA384 + case WC_HASH_TYPE_SHA384: + return WC_MGF1SHA384; +#endif +#ifdef WOLFSSL_SHA512 + case WC_HASH_TYPE_SHA512: + return WC_MGF1SHA512; +#endif + case WC_HASH_TYPE_NONE: + case WC_HASH_TYPE_MD2: + case WC_HASH_TYPE_MD4: + case WC_HASH_TYPE_MD5: + case WC_HASH_TYPE_MD5_SHA: + case WC_HASH_TYPE_SHA3_224: + case WC_HASH_TYPE_SHA3_256: + case WC_HASH_TYPE_SHA3_384: + case WC_HASH_TYPE_SHA3_512: + case WC_HASH_TYPE_BLAKE2B: + case WC_HASH_TYPE_BLAKE2S: + default: + WOLFSSL_MSG("Unrecognized or unsupported hash function"); + return WC_MGF1NONE; + } +} #ifdef WC_RSA_NONBLOCK static int wc_RsaFunctionNonBlock(const byte* in, word32 inLen, byte* out, @@ -3209,11 +3248,12 @@ int wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, RsaKey* key) int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out, word32 outLen, RsaKey* key) { - return wc_RsaSSL_Verify_ex(in, inLen, out, outLen, key , WC_RSA_PKCSV15_PAD); + return wc_RsaSSL_Verify_ex(in, inLen, out, outLen, key , WC_RSA_PKCSV15_PAD, + WC_HASH_TYPE_NONE); } int wc_RsaSSL_Verify_ex(const byte* in, word32 inLen, byte* out, word32 outLen, - RsaKey* key, int pad_type) + RsaKey* key, int pad_type, enum wc_HashType hash) { WC_RNG* rng; @@ -3229,7 +3269,7 @@ int wc_RsaSSL_Verify_ex(const byte* in, word32 inLen, byte* out, word32 outLen, return RsaPrivateDecryptEx((byte*)in, inLen, out, outLen, NULL, key, RSA_PUBLIC_DECRYPT, RSA_BLOCK_TYPE_1, pad_type, - WC_HASH_TYPE_NONE, WC_MGF1NONE, NULL, 0, 0, rng); + hash, hash2mgf(hash), NULL, 0, RSA_PSS_SALT_LEN_DEFAULT, rng); } #endif diff --git a/wolfssl/openssl/rsa.h b/wolfssl/openssl/rsa.h index 5445db196..a818007f1 100644 --- a/wolfssl/openssl/rsa.h +++ b/wolfssl/openssl/rsa.h @@ -116,10 +116,14 @@ WOLFSSL_API int wolfSSL_RSA_sign(int type, const unsigned char* m, unsigned int* sigLen, WOLFSSL_RSA*); WOLFSSL_API int wolfSSL_RSA_sign_ex(int type, const unsigned char* m, unsigned int mLen, unsigned char* sigRet, - unsigned int* sigLen, WOLFSSL_RSA*, int); + unsigned int* sigLen, WOLFSSL_RSA*, int, int); WOLFSSL_API int wolfSSL_RSA_verify(int type, const unsigned char* m, unsigned int mLen, const unsigned char* sig, unsigned int sigLen, WOLFSSL_RSA*); +WOLFSSL_API int wolfSSL_RSA_verify_ex(int type, const unsigned char* m, + unsigned int mLen, const unsigned char* sig, + unsigned int sigLen, WOLFSSL_RSA* rsa, + int padding); WOLFSSL_API int wolfSSL_RSA_public_decrypt(int flen, const unsigned char* from, unsigned char* to, WOLFSSL_RSA*, int padding); WOLFSSL_API int wolfSSL_RSA_GenAdd(WOLFSSL_RSA*); diff --git a/wolfssl/wolfcrypt/rsa.h b/wolfssl/wolfcrypt/rsa.h index 8feee70d4..f77c942d3 100644 --- a/wolfssl/wolfcrypt/rsa.h +++ b/wolfssl/wolfcrypt/rsa.h @@ -245,7 +245,8 @@ WOLFSSL_API int wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, WOLFSSL_API int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out, word32 outLen, RsaKey* key); WOLFSSL_API int wc_RsaSSL_Verify_ex(const byte* in, word32 inLen, byte* out, - word32 outLen, RsaKey* key, int pad_type); + word32 outLen, RsaKey* key, int pad_type, + enum wc_HashType hash); WOLFSSL_API int wc_RsaPSS_VerifyInline(byte* in, word32 inLen, byte** out, enum wc_HashType hash, int mgf, RsaKey* key); @@ -367,6 +368,8 @@ WOLFSSL_LOCAL int wc_RsaUnPad_ex(byte* pkcsBlock, word32 pkcsBlockLen, byte** ou int mgf, byte* optLabel, word32 labelLen, int saltLen, int bits, void* heap); +WOLFSSL_LOCAL int hash2mgf(enum wc_HashType hType); + #endif /* HAVE_USER_RSA */ #ifdef __cplusplus From fa0311346070f87380cde2a35b19baafade6bb09 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Thu, 24 Sep 2020 20:13:09 +0200 Subject: [PATCH 2/5] enum wc_HashType switch switch needs to handle all possible enum values or else the compiler generates warnings --- wolfcrypt/src/rsa.c | 25 ++++++++++++++++++++----- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index f36dfbfe9..387b0b2a6 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -1751,25 +1751,40 @@ int wc_RsaUnPad_ex(byte* pkcsBlock, word32 pkcsBlockLen, byte** out, int hash2mgf(enum wc_HashType hType) { switch (hType) { -#ifndef NO_SHA case WC_HASH_TYPE_SHA: +#ifndef NO_SHA return WC_MGF1SHA1; +#else + WOLFSSL_MSG("Unrecognized or unsupported hash function"); + return WC_MGF1NONE; #endif -#ifndef NO_SHA256 -#ifdef WOLFSSL_SHA224 case WC_HASH_TYPE_SHA224: +#ifdef WOLFSSL_SHA224 return WC_MGF1SHA224; +#else + WOLFSSL_MSG("Unrecognized or unsupported hash function"); + return WC_MGF1NONE; #endif case WC_HASH_TYPE_SHA256: +#ifndef NO_SHA256 return WC_MGF1SHA256; +#else + WOLFSSL_MSG("Unrecognized or unsupported hash function"); + return WC_MGF1NONE; #endif -#ifdef WOLFSSL_SHA384 case WC_HASH_TYPE_SHA384: +#ifdef WOLFSSL_SHA384 return WC_MGF1SHA384; +#else + WOLFSSL_MSG("Unrecognized or unsupported hash function"); + return WC_MGF1NONE; #endif -#ifdef WOLFSSL_SHA512 case WC_HASH_TYPE_SHA512: +#ifdef WOLFSSL_SHA512 return WC_MGF1SHA512; +#else + WOLFSSL_MSG("Unrecognized or unsupported hash function"); + return WC_MGF1NONE; #endif case WC_HASH_TYPE_NONE: case WC_HASH_TYPE_MD2: From d18e2d73863eba3d8e31dd22d63d6adf65b7a91c Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Fri, 25 Sep 2020 15:48:06 +0200 Subject: [PATCH 3/5] Refactoring and use salt length discover if available --- src/ssl.c | 226 ++++++++++++++++++++++++-------------------- wolfcrypt/src/rsa.c | 6 ++ 2 files changed, 131 insertions(+), 101 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 0ce466814..47a7ef1c9 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -1986,7 +1986,7 @@ int wolfSSL_write(WOLFSSL* ssl, const void* data, int sz) #ifdef OPENSSL_EXTRA if (ssl->CBIS != NULL) { - ssl->CBIS(ssl, SSL_CB_WRITE, SSL_SUCCESS); + ssl->CBIS(ssl, SSL_CB_WRITE, WOLFSSL_SUCCESS); ssl->cbmode = SSL_CB_WRITE; } #endif @@ -2078,7 +2078,7 @@ int wolfSSL_read(WOLFSSL* ssl, void* data, int sz) #ifdef OPENSSL_EXTRA if (ssl->CBIS != NULL) { - ssl->CBIS(ssl, SSL_CB_READ, SSL_SUCCESS); + ssl->CBIS(ssl, SSL_CB_READ, WOLFSSL_SUCCESS); ssl->cbmode = SSL_CB_READ; } #endif @@ -3710,7 +3710,7 @@ WOLFSSL_STACK* wolfSSL_CertManagerGetCerts(WOLFSSL_CERT_MANAGER* cm) if (CopyDecodedToX509(x509, dCert) == 0) { - if (wolfSSL_sk_X509_push(sk, x509) != SSL_SUCCESS) { + if (wolfSSL_sk_X509_push(sk, x509) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("Unable to load x509 into stack"); FreeX509(x509); XFREE(x509, cm->heap, DYNAMIC_TYPE_X509); @@ -3809,7 +3809,7 @@ WOLFSSL_STACK* wolfSSL_X509_STORE_GetCerts(WOLFSSL_X509_STORE_CTX* s) if (CopyDecodedToX509(x509, dCert) == 0) { - if (wolfSSL_sk_X509_push(sk, x509) != SSL_SUCCESS) { + if (wolfSSL_sk_X509_push(sk, x509) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("Unable to load x509 into stack"); wolfSSL_X509_free(x509); goto error; @@ -7831,7 +7831,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey(int type, WOLFSSL_EVP_PKEY** out, } if (wolfSSL_RSA_LoadDer_ex(local->rsa, (const unsigned char*)local->pkey.ptr, local->pkey_sz, - WOLFSSL_RSA_LOAD_PRIVATE) != SSL_SUCCESS) { + WOLFSSL_RSA_LOAD_PRIVATE) != WOLFSSL_SUCCESS) { wolfSSL_EVP_PKEY_free(local); return NULL; } @@ -7847,7 +7847,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey(int type, WOLFSSL_EVP_PKEY** out, } if (wolfSSL_EC_KEY_LoadDer(local->ecc, (const unsigned char*)local->pkey.ptr, local->pkey_sz) - != SSL_SUCCESS) { + != WOLFSSL_SUCCESS) { wolfSSL_EVP_PKEY_free(local); return NULL; } @@ -7864,7 +7864,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey(int type, WOLFSSL_EVP_PKEY** out, } if (wolfSSL_DSA_LoadDer(local->dsa, (const unsigned char*)local->pkey.ptr, local->pkey_sz) - != SSL_SUCCESS) { + != WOLFSSL_SUCCESS) { wolfSSL_EVP_PKEY_free(local); return NULL; } @@ -7881,7 +7881,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey(int type, WOLFSSL_EVP_PKEY** out, } if (wolfSSL_DH_LoadDer(local->dh, (const unsigned char*)local->pkey.ptr, local->pkey_sz) - != SSL_SUCCESS) { + != WOLFSSL_SUCCESS) { wolfSSL_EVP_PKEY_free(local); return NULL; } @@ -11881,7 +11881,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, #ifdef OPENSSL_EXTRA if (ssl->CBIS != NULL) { - ssl->CBIS(ssl, SSL_ST_CONNECT, SSL_SUCCESS); + ssl->CBIS(ssl, SSL_ST_CONNECT, WOLFSSL_SUCCESS); ssl->cbmode = SSL_CB_WRITE; } #endif @@ -14752,7 +14752,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) node->num = (ctx->ca_names == NULL) ? 1 : ctx->ca_names->num + 1; node->next = ctx->ca_names; ctx->ca_names = node; - return SSL_SUCCESS; + return WOLFSSL_SUCCESS; } #endif @@ -14852,7 +14852,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) ctx->srp_password = NULL; } - return SSL_SUCCESS; + return WOLFSSL_SUCCESS; } int wolfSSL_CTX_set_srp_password(WOLFSSL_CTX* ctx, char* password) @@ -14910,7 +14910,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) } XMEMCPY(ctx->srp_password, password, XSTRLEN(password) + 1); } - return SSL_SUCCESS; + return WOLFSSL_SUCCESS; } #endif /* WOLFCRYPT_HAVE_SRP && !NO_SHA256 && !WC_NO_RNG */ @@ -17143,7 +17143,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, * sid_ctx value of context to set * sid_ctx_len length of sid_ctx buffer * - * Returns SSL_SUCCESS in success case and SSL_FAILURE when failing + * Returns WOLFSSL_SUCCESS in success case and SSL_FAILURE when failing */ int wolfSSL_CTX_set_session_id_context(WOLFSSL_CTX* ctx, const unsigned char* sid_ctx, @@ -17158,7 +17158,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, XMEMCPY(ctx->sessionCtx, sid_ctx, sid_ctx_len); ctx->sessionCtxSz = (byte)sid_ctx_len; - return SSL_SUCCESS; + return WOLFSSL_SUCCESS; } @@ -17170,7 +17170,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, * id value of context to set * len length of sid_ctx buffer * - * Returns SSL_SUCCESS in success case and SSL_FAILURE when failing + * Returns WOLFSSL_SUCCESS in success case and SSL_FAILURE when failing */ int wolfSSL_set_session_id_context(WOLFSSL* ssl, const unsigned char* id, unsigned int len) @@ -17183,7 +17183,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, XMEMCPY(ssl->sessionCtx, id, len); ssl->sessionCtxSz = (byte)len; - return SSL_SUCCESS; + return WOLFSSL_SUCCESS; } @@ -20494,7 +20494,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509) if (wolfSSL_RSA_LoadDer_ex(key->rsa, (const unsigned char*)key->pkey.ptr, key->pkey_sz, - WOLFSSL_RSA_LOAD_PUBLIC) != SSL_SUCCESS) { + WOLFSSL_RSA_LOAD_PUBLIC) != WOLFSSL_SUCCESS) { wolfSSL_EVP_PKEY_free(key); return NULL; } @@ -20522,7 +20522,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509) return NULL; } - if (SetECKeyExternal(key->ecc) != SSL_SUCCESS) { + if (SetECKeyExternal(key->ecc) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("SetECKeyExternal failed"); wolfSSL_EVP_PKEY_free(key); return NULL; @@ -20543,7 +20543,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509) if (wolfSSL_DSA_LoadDer_ex(key->dsa, (const unsigned char*)key->pkey.ptr, key->pkey_sz, \ - WOLFSSL_DSA_LOAD_PUBLIC) != SSL_SUCCESS) { + WOLFSSL_DSA_LOAD_PUBLIC) != WOLFSSL_SUCCESS) { wolfSSL_DSA_free(key->dsa); key->dsa = NULL; wolfSSL_EVP_PKEY_free(key); @@ -22515,7 +22515,7 @@ int wolfSSL_i2d_X509_bio(WOLFSSL_BIO* bio, WOLFSSL_X509* x509) byte* der = x509->derCert->buffer; if (wolfSSL_BIO_write(bio, der, len) == (int)len) { - return SSL_SUCCESS; + return WOLFSSL_SUCCESS; } } @@ -22679,7 +22679,7 @@ int wolfSSL_i2d_PKCS12_bio(WOLFSSL_BIO *bio, WC_PKCS12 *pkcs12) certSz = wc_i2d_PKCS12(pkcs12, &certDer, NULL); if ((certSz > 0) && (certDer != NULL)) { if (wolfSSL_BIO_write(bio, certDer, certSz) == (int)certSz) { - ret = SSL_SUCCESS; + ret = WOLFSSL_SUCCESS; } } @@ -23121,7 +23121,7 @@ WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get_chain(WOLFSSL_X509_STORE_CTX* ctx) return NULL; } - if (wolfSSL_sk_X509_push(sk, x509) != SSL_SUCCESS) { + if (wolfSSL_sk_X509_push(sk, x509) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("Unable to load x509 into stack"); wolfSSL_sk_X509_free(sk); wolfSSL_X509_free(x509); @@ -23141,7 +23141,7 @@ WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get_chain(WOLFSSL_X509_STORE_CTX* ctx) * signed and that a issuer was found */ if (issuer != NULL && wolfSSL_X509_NAME_cmp(&x509->issuer, &x509->subject) != 0) { - if (wolfSSL_sk_X509_push(sk, issuer) != SSL_SUCCESS) { + if (wolfSSL_sk_X509_push(sk, issuer) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("Unable to load CA x509 into stack"); wolfSSL_sk_X509_free(sk); wolfSSL_X509_free(issuer); @@ -23388,7 +23388,7 @@ int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX* ctx, } } #endif - return SSL_SUCCESS; + return WOLFSSL_SUCCESS; } return WOLFSSL_FATAL_ERROR; } @@ -26281,7 +26281,7 @@ long wolfSSL_CTX_sess_number(WOLFSSL_CTX* ctx) (void)ctx; #ifdef WOLFSSL_SESSION_STATS - if (wolfSSL_get_session_stats(NULL, &total, NULL, NULL) != SSL_SUCCESS) { + if (wolfSSL_get_session_stats(NULL, &total, NULL, NULL) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("Error getting session stats"); } #else @@ -28538,7 +28538,7 @@ WC_RNG* WOLFSSL_RSA_GetRNG(WOLFSSL_RSA *rsa, WC_RNG **tmpRNG, int *initTmpRng) /* Checks if the global RNG has been created. If not then one is created. * - * Returns SSL_SUCCESS when no error is encountered. + * Returns WOLFSSL_SUCCESS when no error is encountered. */ static int wolfSSL_RAND_Init(void) { @@ -28556,11 +28556,11 @@ static int wolfSSL_RAND_Init(void) } wc_UnLockMutex(&globalRNGMutex); - return SSL_SUCCESS; + return WOLFSSL_SUCCESS; } -/* SSL_SUCCESS on ok */ +/* WOLFSSL_SUCCESS on ok */ int wolfSSL_RAND_seed(const void* seed, int len) { @@ -28669,7 +28669,7 @@ int wolfSSL_RAND_write_file(const char* fname) #endif bytes = 1024; /* default size of buf */ - if (initGlobalRNG == 0 && wolfSSL_RAND_Init() != SSL_SUCCESS) { + if (initGlobalRNG == 0 && wolfSSL_RAND_Init() != WOLFSSL_SUCCESS) { WOLFSSL_MSG("No RNG to use"); #ifdef WOLFSSL_SMALL_STACK XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -28892,7 +28892,7 @@ int wolfSSL_RAND_pseudo_bytes(unsigned char* buf, int num) } -/* SSL_SUCCESS on ok */ +/* WOLFSSL_SUCCESS on ok */ int wolfSSL_RAND_bytes(unsigned char* buf, int num) { int ret = 0; @@ -29471,7 +29471,7 @@ WOLFSSL_BIGNUM* wolfSSL_DH_768_prime(WOLFSSL_BIGNUM* bn) WOLFSSL_ENTER("wolfSSL_DH_768_prime"); - if (wolfSSL_BN_hex2bn(&bn, prm) != SSL_SUCCESS) { + if (wolfSSL_BN_hex2bn(&bn, prm) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("Error converting DH 768 prime to big number"); return NULL; } @@ -29501,7 +29501,7 @@ WOLFSSL_BIGNUM* wolfSSL_DH_1024_prime(WOLFSSL_BIGNUM* bn) WOLFSSL_ENTER("wolfSSL_DH_1024_prime"); - if (wolfSSL_BN_hex2bn(&bn, prm) != SSL_SUCCESS) { + if (wolfSSL_BN_hex2bn(&bn, prm) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("Error converting DH 1024 prime to big number"); return NULL; } @@ -29535,7 +29535,7 @@ WOLFSSL_BIGNUM* wolfSSL_DH_1536_prime(WOLFSSL_BIGNUM* bn) WOLFSSL_ENTER("wolfSSL_DH_1536_prime"); - if (wolfSSL_BN_hex2bn(&bn, prm) != SSL_SUCCESS) { + if (wolfSSL_BN_hex2bn(&bn, prm) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("Error converting DH 1536 prime to big number"); return NULL; } @@ -29573,7 +29573,7 @@ WOLFSSL_BIGNUM* wolfSSL_DH_2048_prime(WOLFSSL_BIGNUM* bn) WOLFSSL_ENTER("wolfSSL_DH_2048_prime"); - if (wolfSSL_BN_hex2bn(&bn, prm) != SSL_SUCCESS) { + if (wolfSSL_BN_hex2bn(&bn, prm) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("Error converting DH 2048 prime to big number"); return NULL; } @@ -29619,7 +29619,7 @@ WOLFSSL_BIGNUM* wolfSSL_DH_3072_prime(WOLFSSL_BIGNUM* bn) WOLFSSL_ENTER("wolfSSL_DH_3072_prime"); - if (wolfSSL_BN_hex2bn(&bn, prm) != SSL_SUCCESS) { + if (wolfSSL_BN_hex2bn(&bn, prm) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("Error converting DH 3072 prime to big number"); return NULL; } @@ -29673,7 +29673,7 @@ WOLFSSL_BIGNUM* wolfSSL_DH_4096_prime(WOLFSSL_BIGNUM* bn) WOLFSSL_ENTER("wolfSSL_DH_4096_prime"); - if (wolfSSL_BN_hex2bn(&bn, prm) != SSL_SUCCESS) { + if (wolfSSL_BN_hex2bn(&bn, prm) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("Error converting DH 4096 prime to big number"); return NULL; } @@ -29743,7 +29743,7 @@ WOLFSSL_BIGNUM* wolfSSL_DH_6144_prime(WOLFSSL_BIGNUM* bn) WOLFSSL_ENTER("wolfSSL_DH_6144_prime"); - if (wolfSSL_BN_hex2bn(&bn, prm) != SSL_SUCCESS) { + if (wolfSSL_BN_hex2bn(&bn, prm) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("Error converting DH 6144 prime to big number"); return NULL; } @@ -29830,7 +29830,7 @@ WOLFSSL_BIGNUM* wolfSSL_DH_8192_prime(WOLFSSL_BIGNUM* bn) WOLFSSL_ENTER("wolfSSL_DH_8192_prime"); - if (wolfSSL_BN_hex2bn(&bn, prm) != SSL_SUCCESS) { + if (wolfSSL_BN_hex2bn(&bn, prm) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("Error converting DH 8192 prime to big number"); return NULL; } @@ -29988,7 +29988,7 @@ int wolfSSL_DH_compute_key(unsigned char* key, WOLFSSL_BIGNUM* otherPub, else { privSz = wolfSSL_BN_bn2bin(dh->priv_key, priv); pubSz = wolfSSL_BN_bn2bin(otherPub, pub); - if (dh->inSet == 0 && SetDhInternal(dh) != SSL_SUCCESS){ + if (dh->inSet == 0 && SetDhInternal(dh) != WOLFSSL_SUCCESS){ WOLFSSL_MSG("Bad DH set internal"); } if (privSz <= 0 || pubSz <= 0) @@ -30337,7 +30337,7 @@ WOLFSSL_RSA* wolfSSL_RSA_generate_key(int len, unsigned long e, return NULL; } - if (wolfSSL_BN_set_word(bn, (WOLFSSL_BN_ULONG)e) != SSL_SUCCESS) { + if (wolfSSL_BN_set_word(bn, (WOLFSSL_BN_ULONG)e) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("Error using e value"); wolfSSL_BN_free(bn); return NULL; @@ -30480,7 +30480,7 @@ WOLFSSL_DSA* wolfSSL_DSA_generate_parameters(int bits, unsigned char* seed, } if (wolfSSL_DSA_generate_parameters_ex(dsa, bits, seed, seedLen, - counterRet, hRet, NULL) != SSL_SUCCESS) { + counterRet, hRet, NULL) != WOLFSSL_SUCCESS) { wolfSSL_DSA_free(dsa); return NULL; } @@ -30792,7 +30792,7 @@ int wolfSSL_DSA_do_verify_ex(const unsigned char* digest, int digest_len, #if !defined(NO_RSA) && !defined(HAVE_USER_RSA) #ifdef DEBUG_SIGN -static void show(const char *title, const unsigned char *out, unsigned int outlen) +static void DEBUG_SIGN_msg(const char *title, const unsigned char *out, unsigned int outlen) { const unsigned char *pt; printf("%s[%d] = \n", title, (int)outlen); @@ -30802,7 +30802,7 @@ static void show(const char *title, const unsigned char *out, unsigned int outle printf("\n"); } #else -#define show(a,b,c) +#define DEBUG_SIGN_msg(a,b,c) #endif static int nid2HashSum(int type) { @@ -30844,7 +30844,7 @@ static int nid2HashSum(int type) { return type; } -/* return SSL_SUCCESS on ok, 0 otherwise */ +/* return WOLFSSL_SUCCESS on ok, 0 otherwise */ int wolfSSL_RSA_sign(int type, const unsigned char* m, unsigned int mLen, unsigned char* sigRet, unsigned int* sigLen, WOLFSSL_RSA* rsa) @@ -30853,6 +30853,25 @@ int wolfSSL_RSA_sign(int type, const unsigned char* m, RSA_PKCS1_PADDING); } +/** + * Sign a message with the chosen message digest, padding, and RSA key. + * @param type Hash NID + * @param m Message to sign. Most likely this will be the digest of + * the message to sign + * @param mLen Length of message to sign + * @param sigRet Output buffer + * @param sigLen On Input: length of sigRet buffer + * On Output: length of data written to sigRet + * @param rsa RSA key used to sign the input + * @param flag 1: Output the signature + * 0: Output the value that the unpadded signature should be + * compared to. Note: for RSA_PKCS1_PSS_PADDING the + * wc_RsaPSS_CheckPadding_ex function should be used to check + * the output of a *Verify* function. + * @param padding Padding to use. Only RSA_PKCS1_PSS_PADDING and + * RSA_PKCS1_PADDING are currently supported for signing. + * @return WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on error + */ int wolfSSL_RSA_sign_ex(int type, const unsigned char* m, unsigned int mLen, unsigned char* sigRet, unsigned int* sigLen, WOLFSSL_RSA* rsa, int flag, @@ -30877,7 +30896,7 @@ int wolfSSL_RSA_sign_ex(int type, const unsigned char* m, WOLFSSL_MSG("Bad function arguments"); return 0; } - show("Message to Sign", m, mLen); + DEBUG_SIGN_msg("Message to Sign", m, mLen); if (rsa->inSet == 0) { @@ -30934,8 +30953,18 @@ int wolfSSL_RSA_sign_ex(int type, const unsigned char* m, case RSA_PKCS1_PSS_PADDING: { enum wc_HashType hType = wc_OidGetHash(type); - ret = wc_RsaPSS_Sign(m, mLen, sigRet, outLen, - hType, hash2mgf(hType), (RsaKey*)rsa->internal, rng); +#ifndef WOLFSSL_PSS_SALT_LEN_DISCOVER + WOLFSSL_MSG("Using RSA-PSS with hash length salt. " + "OpenSSL uses max length by default."); +#endif + ret = wc_RsaPSS_Sign_ex(m, mLen, sigRet, outLen, + hType, hash2mgf(hType), +#ifndef WOLFSSL_PSS_SALT_LEN_DISCOVER + RSA_PSS_SALT_LEN_DEFAULT, +#else + RSA_PSS_SALT_LEN_DISCOVER, +#endif + (RsaKey*)rsa->internal, rng); break; } #endif @@ -30953,7 +30982,7 @@ int wolfSSL_RSA_sign_ex(int type, const unsigned char* m, if (signSz == 0) { WOLFSSL_MSG("Bad Encode Signature"); } - show("Encoded Message", encodedSig, signSz); + DEBUG_SIGN_msg("Encoded Message", encodedSig, signSz); ret = wc_RsaSSL_Sign(encodedSig, signSz, sigRet, outLen, (RsaKey*)rsa->internal, rng); } @@ -30963,15 +30992,15 @@ int wolfSSL_RSA_sign_ex(int type, const unsigned char* m, } else { *sigLen = (unsigned int)ret; - ret = SSL_SUCCESS; - show("Signature", sigRet, *sigLen); + ret = WOLFSSL_SUCCESS; + DEBUG_SIGN_msg("Signature", sigRet, *sigLen); } } else { switch (padding) { case RSA_NO_PADDING: case RSA_PKCS1_PSS_PADDING: case RSA_PKCS1_OAEP_PADDING: - ret = SSL_SUCCESS; + ret = WOLFSSL_SUCCESS; XMEMCPY(sigRet, m, mLen); *sigLen = mLen; break; @@ -30981,7 +31010,7 @@ int wolfSSL_RSA_sign_ex(int type, const unsigned char* m, if (signSz == 0) { WOLFSSL_MSG("Bad Encode Signature"); } - ret = SSL_SUCCESS; + ret = WOLFSSL_SUCCESS; XMEMCPY(sigRet, encodedSig, signSz); *sigLen = signSz; break; @@ -31013,25 +31042,16 @@ int wolfSSL_RSA_verify(int type, const unsigned char* m, return wolfSSL_RSA_verify_ex(type, m, mLen, sig, sigLen, rsa, RSA_PKCS1_PADDING); } -#define wolfSSL_RSA_verify_ex_return(msg, ret_code) { \ - WOLFSSL_MSG(msg); \ - if (sigRet) \ - XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER); \ - if (sigDec) \ - XFREE(sigDec, NULL, DYNAMIC_TYPE_TMP_BUFFER); \ - return ret_code; \ -} - /* returns WOLFSSL_SUCCESS on successful verify and WOLFSSL_FAILURE on fail */ int wolfSSL_RSA_verify_ex(int type, const unsigned char* m, unsigned int mLen, const unsigned char* sig, unsigned int sigLen, WOLFSSL_RSA* rsa, int padding) { - - int ret; + int ret = WOLFSSL_FAILURE; unsigned char *sigRet = NULL; unsigned char *sigDec = NULL; unsigned int len; + int verLen; int hSum = nid2HashSum(type); enum wc_HashType hType; @@ -31042,51 +31062,55 @@ int wolfSSL_RSA_verify_ex(int type, const unsigned char* m, } sigDec = (unsigned char *)XMALLOC(sigLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (sigDec == NULL) { - wolfSSL_RSA_verify_ex_return("Memory failure", WOLFSSL_FAILURE); + WOLFSSL_MSG("Memory failure"); + goto cleanup; } if (padding != RSA_PKCS1_PSS_PADDING) { sigRet = (unsigned char *)XMALLOC(sigLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (sigRet == NULL) { - wolfSSL_RSA_verify_ex_return("Memory failure", WOLFSSL_FAILURE); + WOLFSSL_MSG("Memory failure"); + goto cleanup; } /* get non-encrypted signature to be compared with decrypted signature */ - ret = wolfSSL_RSA_sign_ex(type, m, mLen, sigRet, &len, rsa, 0, padding); - if (ret <= 0) { - wolfSSL_RSA_verify_ex_return("Message Digest Error", WOLFSSL_FAILURE); + if (wolfSSL_RSA_sign_ex(type, m, mLen, sigRet, &len, rsa, 0, padding) + <= 0) { + WOLFSSL_MSG("Message Digest Error"); + goto cleanup; } - show("Encoded Message", sigRet, len); + DEBUG_SIGN_msg("Encoded Message", sigRet, len); } else { - show("Encoded Message", m, mLen); + DEBUG_SIGN_msg("Encoded Message", m, mLen); } /* decrypt signature */ hType = wc_OidGetHash(hSum); - ret = wc_RsaSSL_Verify_ex(sig, sigLen, (unsigned char *)sigDec, sigLen, - (RsaKey*)rsa->internal, padding, hType); - if (ret <= 0) { - wolfSSL_RSA_verify_ex_return("RSA Decrypt error", WOLFSSL_FAILURE); + if ((verLen = wc_RsaSSL_Verify_ex(sig, sigLen, (unsigned char *)sigDec, + sigLen, (RsaKey*)rsa->internal, padding, hType)) <= 0) { + WOLFSSL_MSG("RSA Decrypt error"); + goto cleanup; } - show("Decrypted Signature", sigDec, ret); + DEBUG_SIGN_msg("Decrypted Signature", sigDec, ret); if (padding == RSA_PKCS1_PSS_PADDING) { - if ((ret = wc_RsaPSS_CheckPadding_ex(m, mLen, sigDec, ret, + if (wc_RsaPSS_CheckPadding_ex(m, mLen, sigDec, verLen, hType, RSA_PSS_SALT_LEN_DEFAULT, - mp_count_bits(&((RsaKey*)rsa->internal)->n))) == 0) { - wolfSSL_RSA_verify_ex_return("wolfSSL_RSA_verify success", - WOLFSSL_SUCCESS); - } - else { - wolfSSL_RSA_verify_ex_return("wolfSSL_RSA_verify failed", - WOLFSSL_FAILURE); + mp_count_bits(&((RsaKey*)rsa->internal)->n)) != 0) { + WOLFSSL_MSG("wolfSSL_RSA_verify failed"); + goto cleanup; } } - else if ((int)len == ret && XMEMCMP(sigRet, sigDec, ret) == 0) { - wolfSSL_RSA_verify_ex_return("wolfSSL_RSA_verify success", - WOLFSSL_SUCCESS); - } - else { - wolfSSL_RSA_verify_ex_return("wolfSSL_RSA_verify failed", - WOLFSSL_FAILURE); + else if ((int)len != verLen || XMEMCMP(sigRet, sigDec, verLen) != 0) { + WOLFSSL_MSG("wolfSSL_RSA_verify failed"); + goto cleanup; } + + WOLFSSL_MSG("wolfSSL_RSA_verify success"); + ret = WOLFSSL_SUCCESS; +cleanup: + if (sigRet) + XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (sigDec) + XFREE(sigDec, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return ret; } void wolfSSL_RSA_get0_key(const WOLFSSL_RSA *r, const WOLFSSL_BIGNUM **n, @@ -36611,7 +36635,7 @@ WOLFSSL_RSA* wolfSSL_RSAPublicKey_dup(WOLFSSL_RSA *rsa) if (wolfSSL_RSA_LoadDer_ex(local, derBuf, derSz, - WOLFSSL_RSA_LOAD_PUBLIC) != SSL_SUCCESS) { + WOLFSSL_RSA_LOAD_PUBLIC) != WOLFSSL_SUCCESS) { wolfSSL_RSA_free(local); local = NULL; } @@ -40256,7 +40280,7 @@ void* wolfSSL_get_app_data(const WOLFSSL *ssl) * ssl WOLFSSL struct to set app data in * arg data to be stored * - * Returns SSL_SUCCESS on success and SSL_FAILURE on failure + * Returns WOLFSSL_SUCCESS on success and SSL_FAILURE on failure */ int wolfSSL_set_app_data(WOLFSSL *ssl, void* arg) { WOLFSSL_ENTER("wolfSSL_set_app_data"); @@ -45035,7 +45059,7 @@ int wolfSSL_CTX_set_msg_callback(WOLFSSL_CTX *ctx, SSL_Msg_Cb cb) * ssl WOLFSSL structure to set callback in * cb callback to use * - * return SSL_SUCCESS on success and SSL_FAILURE with error case + * return WOLFSSL_SUCCESS on success and SSL_FAILURE with error case */ int wolfSSL_set_msg_callback(WOLFSSL *ssl, SSL_Msg_Cb cb) { @@ -45050,7 +45074,7 @@ int wolfSSL_set_msg_callback(WOLFSSL *ssl, SSL_Msg_Cb cb) } ssl->protoMsgCb = cb; - return SSL_SUCCESS; + return WOLFSSL_SUCCESS; } #ifndef NO_WOLFSSL_STUB int wolfSSL_CTX_set_msg_callback_arg(WOLFSSL_CTX *ctx, void* arg) @@ -45103,7 +45127,7 @@ int wolfSSL_CTX_set_alpn_protos(WOLFSSL_CTX *ctx, const unsigned char *p, } ctx->alpn_cli_protos_len = p_len; - return SSL_SUCCESS; + return WOLFSSL_SUCCESS; } @@ -45704,7 +45728,7 @@ int SetRsaInternal(WOLFSSL_RSA* rsa) } -/* SSL_SUCCESS on ok */ +/* WOLFSSL_SUCCESS on ok */ #ifndef NO_WOLFSSL_STUB int wolfSSL_RSA_blinding_on(WOLFSSL_RSA* rsa, WOLFSSL_BN_CTX* bn) { @@ -45768,7 +45792,7 @@ int wolfSSL_RSA_public_encrypt(int len, const unsigned char* fr, if (rsa->inSet == 0) { - if (SetRsaInternal(rsa) != SSL_SUCCESS) { + if (SetRsaInternal(rsa) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("SetRsaInternal failed"); return 0; } @@ -45860,7 +45884,7 @@ int wolfSSL_RSA_private_decrypt(int len, const unsigned char* fr, if (rsa->inSet == 0) { - if (SetRsaInternal(rsa) != SSL_SUCCESS) { + if (SetRsaInternal(rsa) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("SetRsaInternal failed"); return 0; } @@ -45986,7 +46010,7 @@ int wolfSSL_RSA_private_encrypt(int len, unsigned char* in, { WOLFSSL_MSG("Setting internal RSA structure"); - if (SetRsaInternal(rsa) != SSL_SUCCESS) { + if (SetRsaInternal(rsa) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("SetRsaInternal failed"); return 0; } @@ -46142,7 +46166,7 @@ int wolfSSL_BN_mod_mul(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *a, if ((ret = mp_mulmod((mp_int*)a->internal,(mp_int*)p->internal, (mp_int*)m->internal, (mp_int*)r->internal)) == MP_OKAY) { - return SSL_SUCCESS; + return WOLFSSL_SUCCESS; } WOLFSSL_LEAVE("wolfSSL_BN_mod_mul", ret); @@ -47657,7 +47681,7 @@ int wolfSSL_RSA_size(const WOLFSSL_RSA* rsa) return WOLFSSL_FATAL_ERROR; if (rsa->inSet == 0) { - if (SetRsaInternal((WOLFSSL_RSA*)rsa) != SSL_SUCCESS) { + if (SetRsaInternal((WOLFSSL_RSA*)rsa) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("SetRsaInternal failed"); return 0; } diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index 387b0b2a6..9f1fcfcb2 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -3282,9 +3282,15 @@ int wc_RsaSSL_Verify_ex(const byte* in, word32 inLen, byte* out, word32 outLen, rng = NULL; #endif +#ifndef WOLFSSL_PSS_SALT_LEN_DISCOVER return RsaPrivateDecryptEx((byte*)in, inLen, out, outLen, NULL, key, RSA_PUBLIC_DECRYPT, RSA_BLOCK_TYPE_1, pad_type, hash, hash2mgf(hash), NULL, 0, RSA_PSS_SALT_LEN_DEFAULT, rng); +#else + return RsaPrivateDecryptEx((byte*)in, inLen, out, outLen, NULL, key, + RSA_PUBLIC_DECRYPT, RSA_BLOCK_TYPE_1, pad_type, + hash, hash2mgf(hash), NULL, 0, RSA_PSS_SALT_LEN_DISCOVER, rng); +#endif } #endif From b4754d570674977cc397e19adb010762cd50e200 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Tue, 29 Sep 2020 13:41:58 +0200 Subject: [PATCH 4/5] CAVP, Windows, and FIPS tests --- src/ssl.c | 31 +++++++++++++++++++++++++------ tests/api.c | 2 ++ 2 files changed, 27 insertions(+), 6 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 47a7ef1c9..5576bf6d5 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -30949,7 +30949,7 @@ int wolfSSL_RSA_sign_ex(int type, const unsigned char* m, ret = BAD_FUNC_ARG; break; #endif -#ifdef WC_RSA_PSS +#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && defined(WC_RSA_PSS) case RSA_PKCS1_PSS_PADDING: { enum wc_HashType hType = wc_OidGetHash(type); @@ -30977,7 +30977,6 @@ int wolfSSL_RSA_sign_ex(int type, const unsigned char* m, } #endif case RSA_PKCS1_PADDING: - default: signSz = wc_EncodeSignature(encodedSig, m, mLen, type); if (signSz == 0) { WOLFSSL_MSG("Bad Encode Signature"); @@ -30985,6 +30984,11 @@ int wolfSSL_RSA_sign_ex(int type, const unsigned char* m, DEBUG_SIGN_msg("Encoded Message", encodedSig, signSz); ret = wc_RsaSSL_Sign(encodedSig, signSz, sigRet, outLen, (RsaKey*)rsa->internal, rng); + break; + default: + WOLFSSL_MSG("Unsupported padding"); + ret = BAD_FUNC_ARG; + break; } if (ret <= 0) { WOLFSSL_MSG("Bad Rsa Sign"); @@ -31050,10 +31054,12 @@ int wolfSSL_RSA_verify_ex(int type, const unsigned char* m, int ret = WOLFSSL_FAILURE; unsigned char *sigRet = NULL; unsigned char *sigDec = NULL; - unsigned int len; - int verLen; + unsigned int len = 0; + int verLen; +#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) int hSum = nid2HashSum(type); enum wc_HashType hType; +#endif WOLFSSL_ENTER("wolfSSL_RSA_verify"); if ((m == NULL) || (sig == NULL)) { @@ -31083,22 +31089,35 @@ int wolfSSL_RSA_verify_ex(int type, const unsigned char* m, DEBUG_SIGN_msg("Encoded Message", m, mLen); } /* decrypt signature */ +#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) hType = wc_OidGetHash(hSum); if ((verLen = wc_RsaSSL_Verify_ex(sig, sigLen, (unsigned char *)sigDec, sigLen, (RsaKey*)rsa->internal, padding, hType)) <= 0) { WOLFSSL_MSG("RSA Decrypt error"); goto cleanup; } +#else + verLen = wc_RsaSSL_Verify(sig, sigLen, (unsigned char *)sigDec, sigLen, + (RsaKey*)rsa->internal); +#endif DEBUG_SIGN_msg("Decrypted Signature", sigDec, ret); +#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && defined(WC_RSA_PSS) if (padding == RSA_PKCS1_PSS_PADDING) { if (wc_RsaPSS_CheckPadding_ex(m, mLen, sigDec, verLen, - hType, RSA_PSS_SALT_LEN_DEFAULT, + hType, +#ifndef WOLFSSL_PSS_SALT_LEN_DISCOVER + RSA_PSS_SALT_LEN_DEFAULT, +#else + RSA_PSS_SALT_LEN_DISCOVER, +#endif mp_count_bits(&((RsaKey*)rsa->internal)->n)) != 0) { WOLFSSL_MSG("wolfSSL_RSA_verify failed"); goto cleanup; } } - else if ((int)len != verLen || XMEMCMP(sigRet, sigDec, verLen) != 0) { + else +#endif /* !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) */ + if ((int)len != verLen || XMEMCMP(sigRet, sigDec, verLen) != 0) { WOLFSSL_MSG("wolfSSL_RSA_verify failed"); goto cleanup; } diff --git a/tests/api.c b/tests/api.c index f986d0de8..104036581 100644 --- a/tests/api.c +++ b/tests/api.c @@ -26657,7 +26657,9 @@ static void test_wolfSSL_EVP_MD_rsa_signing(void) size_t i; int paddings[] = { RSA_PKCS1_PADDING, +#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && defined(WC_RSA_PSS) RSA_PKCS1_PSS_PADDING, +#endif }; From a0a3a2b74c04fff11296880265a8fea390032692 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Wed, 14 Oct 2020 16:11:23 +0200 Subject: [PATCH 5/5] Review changes --- doc/dox_comments/header_files/ssl.h | 24 +++++++ src/ssl.c | 107 ++++++++++------------------ wolfcrypt/src/evp.c | 4 +- wolfcrypt/src/rsa.c | 36 +++++----- wolfssl/openssl/rsa.h | 3 + wolfssl/wolfcrypt/rsa.h | 4 +- 6 files changed, 88 insertions(+), 90 deletions(-) diff --git a/doc/dox_comments/header_files/ssl.h b/doc/dox_comments/header_files/ssl.h index d6d573e47..ea2a4cea3 100644 --- a/doc/dox_comments/header_files/ssl.h +++ b/doc/dox_comments/header_files/ssl.h @@ -13728,3 +13728,27 @@ WOLFSSL_API int wolfSSL_CTX_set_ephemeral_key(WOLFSSL_CTX* ctx, int keyAlgo, con \param format WOLFSSL_FILETYPE_ASN1 or WOLFSSL_FILETYPE_PEM */ WOLFSSL_API int wolfSSL_set_ephemeral_key(WOLFSSL* ssl, int keyAlgo, const char* key, unsigned int keySz, int format); + +/*! + \ingroup SSL + \brief Sign a message with the chosen message digest, padding, and RSA key + \return WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on error + \param type Hash NID + \param m Message to sign. Most likely this will be the digest of + the message to sign + \param mLen Length of message to sign + \param sigRet Output buffer + \param sigLen On Input: length of sigRet buffer + On Output: length of data written to sigRet + \param rsa RSA key used to sign the input + \param flag 1: Output the signature + 0: Output the value that the unpadded signature should be + compared to. Note: for RSA_PKCS1_PSS_PADDING the + wc_RsaPSS_CheckPadding_ex function should be used to check + the output of a *Verify* function. + \param padding Padding to use. Only RSA_PKCS1_PSS_PADDING and + RSA_PKCS1_PADDING are currently supported for signing. + */ +WOLFSSL_API int wolfSSL_RSA_sign_generic_padding(int type, const unsigned char* m, + unsigned int mLen, unsigned char* sigRet, + unsigned int* sigLen, WOLFSSL_RSA*, int, int); diff --git a/src/ssl.c b/src/ssl.c index 5576bf6d5..1c8bf3aac 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -30849,8 +30849,15 @@ int wolfSSL_RSA_sign(int type, const unsigned char* m, unsigned int mLen, unsigned char* sigRet, unsigned int* sigLen, WOLFSSL_RSA* rsa) { - return wolfSSL_RSA_sign_ex(type, m, mLen, sigRet, sigLen, rsa, 1, - RSA_PKCS1_PADDING); + return wolfSSL_RSA_sign_ex(type, m, mLen, sigRet, sigLen, rsa, 1); +} + +int wolfSSL_RSA_sign_ex(int type, const unsigned char* m, + unsigned int mLen, unsigned char* sigRet, + unsigned int* sigLen, WOLFSSL_RSA* rsa, int flag) +{ + return wolfSSL_RSA_sign_generic_padding(type, m, mLen, sigRet, sigLen, + rsa, flag, RSA_PKCS1_PADDING); } /** @@ -30872,7 +30879,7 @@ int wolfSSL_RSA_sign(int type, const unsigned char* m, * RSA_PKCS1_PADDING are currently supported for signing. * @return WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on error */ -int wolfSSL_RSA_sign_ex(int type, const unsigned char* m, +int wolfSSL_RSA_sign_generic_padding(int type, const unsigned char* m, unsigned int mLen, unsigned char* sigRet, unsigned int* sigLen, WOLFSSL_RSA* rsa, int flag, int padding) @@ -30890,21 +30897,20 @@ int wolfSSL_RSA_sign_ex(int type, const unsigned char* m, byte encodedSig[MAX_ENCODED_SIG_SZ]; #endif - WOLFSSL_ENTER("wolfSSL_RSA_sign"); + WOLFSSL_ENTER("wolfSSL_RSA_sign_generic_padding"); if (m == NULL || sigRet == NULL || sigLen == NULL || rsa == NULL) { WOLFSSL_MSG("Bad function arguments"); - return 0; + return WOLFSSL_FAILURE; } DEBUG_SIGN_msg("Message to Sign", m, mLen); - if (rsa->inSet == 0) - { + if (rsa->inSet == 0) { WOLFSSL_MSG("No RSA internal set, do it"); if (SetRsaInternal(rsa) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("SetRsaInternal failed"); - return 0; + return WOLFSSL_FAILURE; } } @@ -30915,18 +30921,19 @@ int wolfSSL_RSA_sign_ex(int type, const unsigned char* m, #ifdef WOLFSSL_SMALL_STACK tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG); if (tmpRNG == NULL) - return 0; + return WOLFSSL_FAILURE; encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, NULL, DYNAMIC_TYPE_SIGNATURE); if (encodedSig == NULL) { XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG); - return 0; + return WOLFSSL_FAILURE; } #endif - if (outLen == 0) + if (outLen == 0) { WOLFSSL_MSG("Bad RSA size"); + } else if (wc_InitRng(tmpRNG) == 0) { rng = tmpRNG; initTmpRng = 1; @@ -30958,7 +30965,7 @@ int wolfSSL_RSA_sign_ex(int type, const unsigned char* m, "OpenSSL uses max length by default."); #endif ret = wc_RsaPSS_Sign_ex(m, mLen, sigRet, outLen, - hType, hash2mgf(hType), + hType, wc_hash2mgf(hType), #ifndef WOLFSSL_PSS_SALT_LEN_DISCOVER RSA_PSS_SALT_LEN_DEFAULT, #else @@ -31030,10 +31037,14 @@ int wolfSSL_RSA_sign_ex(int type, const unsigned char* m, XFREE(encodedSig, NULL, DYNAMIC_TYPE_SIGNATURE); #endif - if (ret == WOLFSSL_SUCCESS) - WOLFSSL_MSG("wolfSSL_RSA_sign success"); + if (ret == WOLFSSL_SUCCESS) { + WOLFSSL_MSG("wolfSSL_RSA_sign_generic_padding success"); + } else { - WOLFSSL_MSG("wolfSSL_RSA_sign failed"); + WOLFSSL_LEAVE("wolfSSL_RSA_sign_generic_padding", ret); + WOLFSSL_MSG("wolfSSL_RSA_sign_generic_padding failed. " + "Returning WOLFSSL_FAILURE."); + ret = WOLFSSL_FAILURE; } return ret; } @@ -31078,8 +31089,8 @@ int wolfSSL_RSA_verify_ex(int type, const unsigned char* m, goto cleanup; } /* get non-encrypted signature to be compared with decrypted signature */ - if (wolfSSL_RSA_sign_ex(type, m, mLen, sigRet, &len, rsa, 0, padding) - <= 0) { + if (wolfSSL_RSA_sign_generic_padding(type, m, mLen, sigRet, &len, rsa, + 0, padding) <= 0) { WOLFSSL_MSG("Message Digest Error"); goto cleanup; } @@ -31091,7 +31102,7 @@ int wolfSSL_RSA_verify_ex(int type, const unsigned char* m, /* decrypt signature */ #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) hType = wc_OidGetHash(hSum); - if ((verLen = wc_RsaSSL_Verify_ex(sig, sigLen, (unsigned char *)sigDec, + if ((verLen = wc_RsaSSL_Verify_ex2(sig, sigLen, (unsigned char *)sigDec, sigLen, (RsaKey*)rsa->internal, padding, hType)) <= 0) { WOLFSSL_MSG("RSA Decrypt error"); goto cleanup; @@ -31111,18 +31122,18 @@ int wolfSSL_RSA_verify_ex(int type, const unsigned char* m, RSA_PSS_SALT_LEN_DISCOVER, #endif mp_count_bits(&((RsaKey*)rsa->internal)->n)) != 0) { - WOLFSSL_MSG("wolfSSL_RSA_verify failed"); + WOLFSSL_MSG("wc_RsaPSS_CheckPadding_ex error"); goto cleanup; } } else #endif /* !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) */ if ((int)len != verLen || XMEMCMP(sigRet, sigDec, verLen) != 0) { - WOLFSSL_MSG("wolfSSL_RSA_verify failed"); + WOLFSSL_MSG("wolfSSL_RSA_verify_ex failed"); goto cleanup; } - WOLFSSL_MSG("wolfSSL_RSA_verify success"); + WOLFSSL_MSG("wolfSSL_RSA_verify_ex success"); ret = WOLFSSL_SUCCESS; cleanup: if (sigRet) @@ -36290,49 +36301,6 @@ int wolfSSL_RSA_LoadDer_ex(WOLFSSL_RSA* rsa, const unsigned char* derBuf, #if defined(WC_RSA_PSS) && (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || \ defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX)) #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) -static int hash2mgf(enum wc_HashType hType) -{ - switch (hType) { -#ifndef NO_SHA - case WC_HASH_TYPE_SHA: - return WC_MGF1SHA1; -#endif -#ifndef NO_SHA256 - case WC_HASH_TYPE_SHA224: -#ifdef WOLFSSL_SHA224 - return WC_MGF1SHA224; -#else - WOLFSSL_MSG("Unrecognized or unsupported hash function"); - return WC_MGF1NONE; -#endif - case WC_HASH_TYPE_SHA256: - return WC_MGF1SHA256; -#endif -#ifdef WOLFSSL_SHA384 - case WC_HASH_TYPE_SHA384: - return WC_MGF1SHA384; -#endif -#ifdef WOLFSSL_SHA512 - case WC_HASH_TYPE_SHA512: - return WC_MGF1SHA512; -#endif - case WC_HASH_TYPE_NONE: - case WC_HASH_TYPE_MD2: - case WC_HASH_TYPE_MD4: - case WC_HASH_TYPE_MD5: - case WC_HASH_TYPE_MD5_SHA: - case WC_HASH_TYPE_SHA3_224: - case WC_HASH_TYPE_SHA3_256: - case WC_HASH_TYPE_SHA3_384: - case WC_HASH_TYPE_SHA3_512: - case WC_HASH_TYPE_BLAKE2B: - case WC_HASH_TYPE_BLAKE2S: - default: - WOLFSSL_MSG("Unrecognized or unsupported hash function"); - return WC_MGF1NONE; - } -} - /* * +-----------+ * | M | @@ -36398,8 +36366,8 @@ int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *EM, goto cleanup; } - if ((mgf = hash2mgf(hashType)) == WC_MGF1NONE) { - WOLFSSL_MSG("hash2mgf error"); + if ((mgf = wc_hash2mgf(hashType)) == WC_MGF1NONE) { + WOLFSSL_MSG("wc_hash2mgf error"); goto cleanup; } @@ -36505,8 +36473,8 @@ int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash, return WOLFSSL_FAILURE; } - if ((mgf = hash2mgf(hashType)) == WC_MGF1NONE) { - WOLFSSL_MSG("hash2mgf error"); + if ((mgf = wc_hash2mgf(hashType)) == WC_MGF1NONE) { + WOLFSSL_MSG("wc_hash2mgf error"); return WOLFSSL_FAILURE; } @@ -45983,8 +45951,7 @@ int wolfSSL_RSA_public_decrypt(int flen, const unsigned char* from, /* size of 'to' buffer must be size of RSA key */ tlen = wc_RsaSSL_Verify_ex(from, flen, to, wolfSSL_RSA_size(rsa), - (RsaKey*)rsa->internal, pad_type, - WC_HASH_TYPE_NONE); + (RsaKey*)rsa->internal, pad_type); if (tlen <= 0) WOLFSSL_MSG("wolfSSL_RSA_public_decrypt failed"); else { diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index c3678ab15..10457720c 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -2519,8 +2519,8 @@ int wolfSSL_EVP_DigestSignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sig, int nid = wolfSSL_EVP_MD_type(wolfSSL_EVP_MD_CTX_md(ctx)); if (nid < 0) break; - ret = wolfSSL_RSA_sign_ex(nid, digest, hashLen, sig, &sigSz, - ctx->pctx->pkey->rsa, 1, ctx->pctx->padding); + ret = wolfSSL_RSA_sign_generic_padding(nid, digest, hashLen, + sig, &sigSz, ctx->pctx->pkey->rsa, 1, ctx->pctx->padding); if (ret >= 0) *siglen = sigSz; break; diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index 9f1fcfcb2..5122e8fc5 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -1748,43 +1748,38 @@ int wc_RsaUnPad_ex(byte* pkcsBlock, word32 pkcsBlockLen, byte** out, return ret; } -int hash2mgf(enum wc_HashType hType) +int wc_hash2mgf(enum wc_HashType hType) { switch (hType) { case WC_HASH_TYPE_SHA: #ifndef NO_SHA return WC_MGF1SHA1; #else - WOLFSSL_MSG("Unrecognized or unsupported hash function"); - return WC_MGF1NONE; + break; #endif case WC_HASH_TYPE_SHA224: #ifdef WOLFSSL_SHA224 return WC_MGF1SHA224; #else - WOLFSSL_MSG("Unrecognized or unsupported hash function"); - return WC_MGF1NONE; + break; #endif case WC_HASH_TYPE_SHA256: #ifndef NO_SHA256 return WC_MGF1SHA256; #else - WOLFSSL_MSG("Unrecognized or unsupported hash function"); - return WC_MGF1NONE; + break; #endif case WC_HASH_TYPE_SHA384: #ifdef WOLFSSL_SHA384 return WC_MGF1SHA384; #else - WOLFSSL_MSG("Unrecognized or unsupported hash function"); - return WC_MGF1NONE; + break; #endif case WC_HASH_TYPE_SHA512: #ifdef WOLFSSL_SHA512 return WC_MGF1SHA512; #else - WOLFSSL_MSG("Unrecognized or unsupported hash function"); - return WC_MGF1NONE; + break; #endif case WC_HASH_TYPE_NONE: case WC_HASH_TYPE_MD2: @@ -1798,9 +1793,10 @@ int hash2mgf(enum wc_HashType hType) case WC_HASH_TYPE_BLAKE2B: case WC_HASH_TYPE_BLAKE2S: default: - WOLFSSL_MSG("Unrecognized or unsupported hash function"); - return WC_MGF1NONE; + break; } + WOLFSSL_MSG("Unrecognized or unsupported hash function"); + return WC_MGF1NONE; } #ifdef WC_RSA_NONBLOCK @@ -3263,11 +3259,17 @@ int wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, RsaKey* key) int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out, word32 outLen, RsaKey* key) { - return wc_RsaSSL_Verify_ex(in, inLen, out, outLen, key , WC_RSA_PKCSV15_PAD, - WC_HASH_TYPE_NONE); + return wc_RsaSSL_Verify_ex(in, inLen, out, outLen, key, WC_RSA_PKCSV15_PAD); } int wc_RsaSSL_Verify_ex(const byte* in, word32 inLen, byte* out, word32 outLen, + RsaKey* key, int pad_type) +{ + return wc_RsaSSL_Verify_ex2(in, inLen, out, outLen, key, pad_type, + WC_HASH_TYPE_NONE); +} + +int wc_RsaSSL_Verify_ex2(const byte* in, word32 inLen, byte* out, word32 outLen, RsaKey* key, int pad_type, enum wc_HashType hash) { WC_RNG* rng; @@ -3285,11 +3287,11 @@ int wc_RsaSSL_Verify_ex(const byte* in, word32 inLen, byte* out, word32 outLen, #ifndef WOLFSSL_PSS_SALT_LEN_DISCOVER return RsaPrivateDecryptEx((byte*)in, inLen, out, outLen, NULL, key, RSA_PUBLIC_DECRYPT, RSA_BLOCK_TYPE_1, pad_type, - hash, hash2mgf(hash), NULL, 0, RSA_PSS_SALT_LEN_DEFAULT, rng); + hash, wc_hash2mgf(hash), NULL, 0, RSA_PSS_SALT_LEN_DEFAULT, rng); #else return RsaPrivateDecryptEx((byte*)in, inLen, out, outLen, NULL, key, RSA_PUBLIC_DECRYPT, RSA_BLOCK_TYPE_1, pad_type, - hash, hash2mgf(hash), NULL, 0, RSA_PSS_SALT_LEN_DISCOVER, rng); + hash, wc_hash2mgf(hash), NULL, 0, RSA_PSS_SALT_LEN_DISCOVER, rng); #endif } #endif diff --git a/wolfssl/openssl/rsa.h b/wolfssl/openssl/rsa.h index a818007f1..af11c7bc3 100644 --- a/wolfssl/openssl/rsa.h +++ b/wolfssl/openssl/rsa.h @@ -115,6 +115,9 @@ WOLFSSL_API int wolfSSL_RSA_sign(int type, const unsigned char* m, unsigned int mLen, unsigned char* sigRet, unsigned int* sigLen, WOLFSSL_RSA*); WOLFSSL_API int wolfSSL_RSA_sign_ex(int type, const unsigned char* m, + unsigned int mLen, unsigned char* sigRet, + unsigned int* sigLen, WOLFSSL_RSA*, int); +WOLFSSL_API int wolfSSL_RSA_sign_generic_padding(int type, const unsigned char* m, unsigned int mLen, unsigned char* sigRet, unsigned int* sigLen, WOLFSSL_RSA*, int, int); WOLFSSL_API int wolfSSL_RSA_verify(int type, const unsigned char* m, diff --git a/wolfssl/wolfcrypt/rsa.h b/wolfssl/wolfcrypt/rsa.h index f77c942d3..70a32e145 100644 --- a/wolfssl/wolfcrypt/rsa.h +++ b/wolfssl/wolfcrypt/rsa.h @@ -245,6 +245,8 @@ WOLFSSL_API int wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, WOLFSSL_API int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out, word32 outLen, RsaKey* key); WOLFSSL_API int wc_RsaSSL_Verify_ex(const byte* in, word32 inLen, byte* out, + word32 outLen, RsaKey* key, int pad_type); +WOLFSSL_API int wc_RsaSSL_Verify_ex2(const byte* in, word32 inLen, byte* out, word32 outLen, RsaKey* key, int pad_type, enum wc_HashType hash); WOLFSSL_API int wc_RsaPSS_VerifyInline(byte* in, word32 inLen, byte** out, @@ -368,7 +370,7 @@ WOLFSSL_LOCAL int wc_RsaUnPad_ex(byte* pkcsBlock, word32 pkcsBlockLen, byte** ou int mgf, byte* optLabel, word32 labelLen, int saltLen, int bits, void* heap); -WOLFSSL_LOCAL int hash2mgf(enum wc_HashType hType); +WOLFSSL_LOCAL int wc_hash2mgf(enum wc_HashType hType); #endif /* HAVE_USER_RSA */