feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #2898 from embhorn/zd9856

Browse Source 
Fix EVP API to return NID types / SHA3 for RSA sign
This commit is contained in:
toddouska
2020-04-14 16:09:00 -07:00
committed by GitHub
parent f97a56b9ce d9472b895f
commit ebb490204a
4 changed files with 85 additions and 100 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/bio.c
View File

@ -161,8 +161,7 @@ static int wolfSSL_BIO_MD_read(WOLFSSL_BIO* bio, void* buf, int sz)
{
int ret = sz;
if (wolfSSL_EVP_MD_CTX_type((WOLFSSL_EVP_MD_CTX*)bio->ptr) ==
(NID_hmac & 0xFF)) {
if (wolfSSL_EVP_MD_CTX_type((WOLFSSL_EVP_MD_CTX*)bio->ptr) == NID_hmac) {
if (wolfSSL_EVP_DigestSignUpdate((WOLFSSL_EVP_MD_CTX*)bio->ptr, buf,
sz) != WOLFSSL_SUCCESS)
{
@ -470,8 +469,7 @@ static int wolfSSL_BIO_MD_write(WOLFSSL_BIO* bio, const void* data, int len)
return BAD_FUNC_ARG;
}
if (wolfSSL_EVP_MD_CTX_type((WOLFSSL_EVP_MD_CTX*)bio->ptr) ==
(NID_hmac & 0xFF)) {
if (wolfSSL_EVP_MD_CTX_type((WOLFSSL_EVP_MD_CTX*)bio->ptr) == NID_hmac) {
if (wolfSSL_EVP_DigestSignUpdate((WOLFSSL_EVP_MD_CTX*)bio->ptr, data,
len) != WOLFSSL_SUCCESS) {
ret = WOLFSSL_BIO_ERROR;

15
src/ssl.c
View File

@ -16039,7 +16039,6 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
return WOLFSSL_SUCCESS;
}
/* set internal IV from external, WOLFSSL_SUCCESS on success */
int wolfSSL_SetInternalIV(WOLFSSL_EVP_CIPHER_CTX* ctx)
{
@ -29245,7 +29244,7 @@ static void show(const char *title, const unsigned char *out, unsigned int outle
#define show(a,b,c)
#endif
/* return SSL_SUCCES on ok, 0 otherwise */
/* return SSL_SUCCESS on ok, 0 otherwise */
int wolfSSL_RSA_sign(int type, const unsigned char* m,
unsigned int mLen, unsigned char* sigRet,
unsigned int* sigLen, WOLFSSL_RSA* rsa)
@ -29296,6 +29295,18 @@ int wolfSSL_RSA_sign_ex(int type, const unsigned char* m,
#endif
#ifdef WOLFSSL_SHA512
case NID_sha512: type = SHA512h; break;
#endif
#ifndef WOLFSSL_NOSHA3_224
case NID_sha3_224: type = SHA3_224h; break;
#endif
#ifndef WOLFSSL_NOSHA3_256
case NID_sha3_256: type = SHA3_256h; break;
#endif
#ifndef WOLFSSL_NOSHA3_384
case NID_sha3_384: type = SHA3_384h; break;
#endif
#ifndef WOLFSSL_NOSHA3_512
case NID_sha3_512: type = SHA3_512h; break;
#endif
default:
WOLFSSL_MSG("This NID (md type) not configured or not implemented");

161
wolfcrypt/src/evp.c
View File

@ -1709,91 +1709,61 @@ int wolfSSL_EVP_SignUpdate(WOLFSSL_EVP_MD_CTX *ctx, const void *data, size_t len
}
static const struct s_ent {
const unsigned char macType;
const int macType;
const int nid;
const char *name;
} md_tbl[] = {
#ifndef NO_MD4
{WC_HASH_TYPE_MD4, "MD4"},
{WC_HASH_TYPE_MD4, NID_md4, "MD4"},
#endif /* NO_MD4 */
#ifndef NO_MD5
{WC_HASH_TYPE_MD5, "MD5"},
{WC_HASH_TYPE_MD5, NID_md5, "MD5"},
#endif /* NO_MD5 */
#ifndef NO_SHA
{WC_HASH_TYPE_SHA, "SHA"},
{WC_HASH_TYPE_SHA, NID_sha1, "SHA"},
#endif /* NO_SHA */
#ifdef WOLFSSL_SHA224
{WC_HASH_TYPE_SHA224, "SHA224"},
{WC_HASH_TYPE_SHA224, NID_sha224, "SHA224"},
#endif /* WOLFSSL_SHA224 */
#ifndef NO_SHA256
{WC_HASH_TYPE_SHA256, "SHA256"},
{WC_HASH_TYPE_SHA256, NID_sha256, "SHA256"},
#endif
#ifdef WOLFSSL_SHA384
{WC_HASH_TYPE_SHA384, "SHA384"},
{WC_HASH_TYPE_SHA384, NID_sha384, "SHA384"},
#endif /* WOLFSSL_SHA384 */
#ifdef WOLFSSL_SHA512
{WC_HASH_TYPE_SHA512, "SHA512"},
{WC_HASH_TYPE_SHA512, NID_sha512, "SHA512"},
#endif /* WOLFSSL_SHA512 */
#ifndef WOLFSSL_NOSHA3_224
{WC_HASH_TYPE_SHA3_224, "SHA3_224"},
{WC_HASH_TYPE_SHA3_224, NID_sha3_224, "SHA3_224"},
#endif
#ifndef WOLFSSL_NOSHA3_256
{WC_HASH_TYPE_SHA3_256, "SHA3_256"},
{WC_HASH_TYPE_SHA3_256, NID_sha3_256, "SHA3_256"},
#endif
{WC_HASH_TYPE_SHA3_384, "SHA3_384"},
{WC_HASH_TYPE_SHA3_384, NID_sha3_384, "SHA3_384"},
#ifndef WOLFSSL_NOSHA3_512
{WC_HASH_TYPE_SHA3_512, "SHA3_512"},
{WC_HASH_TYPE_SHA3_512, NID_sha3_512, "SHA3_512"},
#endif
{0, NULL}
{0, 0, NULL}
};
static WOLFSSL_EVP_MD *wolfSSL_EVP_get_md(const unsigned char type)
static int wolfSSL_EVP_md2macType(const WOLFSSL_EVP_MD *md)
{
const struct s_ent *ent ;
WOLFSSL_ENTER("EVP_get_md");
for( ent = md_tbl; ent->name != NULL; ent++){
if(type == ent->macType) {
return (WOLFSSL_EVP_MD *)ent->name;
}
}
return (WOLFSSL_EVP_MD *)"";
}
/* macro guard because currently only used with RSA */
#if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
/* Helper function for getting the NID value from md
*
* returns the NID value associated with md on success */
static int md2nid(const unsigned char md)
{
const char * d;
d = (const char *)wolfSSL_EVP_get_md(md);
if (XSTRNCMP(d, "SHA", 3) == 0) {
if (XSTRLEN(d) > 3) {
if (XSTRNCMP(d, "SHA256", 6) == 0) {
return NID_sha256;
if (md != NULL) {
for( ent = md_tbl; ent->name != NULL; ent++) {
if(XSTRNCMP((const char *)md, ent->name, XSTRLEN(ent->name)+1) == 0) {
return ent->macType;
}
if (XSTRNCMP(d, "SHA384", 6) == 0) {
return NID_sha384;
}
if (XSTRNCMP(d, "SHA512", 6) == 0) {
return NID_sha512;
}
WOLFSSL_MSG("Unknown SHA type");
return 0;
}
else {
return NID_sha1;
}
}
if (XSTRNCMP(d, "MD5", 3) == 0)
return NID_md5;
return 0;
return WC_HASH_TYPE_NONE;
}
#endif /* NO_RSA */
/* Finalize structure for signing
*
@ -1822,7 +1792,7 @@ int wolfSSL_EVP_SignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sigret,
switch (pkey->type) {
#if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
case EVP_PKEY_RSA: {
int nid = md2nid(ctx->macType);
int nid = wolfSSL_EVP_MD_type(wolfSSL_EVP_MD_CTX_md(ctx));
if (nid < 0) break;
return wolfSSL_RSA_sign(nid, md, mdsize, sigret,
siglen, pkey->rsa);
@ -1898,7 +1868,7 @@ int wolfSSL_EVP_VerifyFinal(WOLFSSL_EVP_MD_CTX *ctx,
switch (pkey->type) {
#if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
case EVP_PKEY_RSA: {
int nid = md2nid(ctx->macType);
int nid = wolfSSL_EVP_MD_type(wolfSSL_EVP_MD_CTX_md(ctx));
if (nid < 0) break;
return wolfSSL_RSA_verify(nid, md, mdsize, sig,
(unsigned int)siglen, pkey->rsa);
@ -2017,7 +1987,7 @@ static int wolfSSL_evp_digest_pk_init(WOLFSSL_EVP_MD_CTX *ctx,
if (wc_HmacSetKey(&ctx->hash.hmac, hashType, key, (word32)keySz) != 0)
return WOLFSSL_FAILURE;
ctx->macType = NID_hmac & 0xFF;
ctx->macType = NID_hmac;
}
else {
int ret;
@ -2044,7 +2014,7 @@ static int wolfssl_evp_digest_pk_update(WOLFSSL_EVP_MD_CTX *ctx,
const void *d, unsigned int cnt)
{
if (ctx->pctx == NULL) {
if (ctx->macType != (NID_hmac & 0xFF))
if (ctx->macType != NID_hmac)
return WOLFSSL_FAILURE;
if (wc_HmacUpdate(&ctx->hash.hmac, (const byte *)d, cnt) != 0)
@ -2068,7 +2038,7 @@ static int wolfssl_evp_digest_pk_final(WOLFSSL_EVP_MD_CTX *ctx,
if (ctx->pctx == NULL) {
Hmac hmacCopy;
if (ctx->macType != (NID_hmac & 0xFF))
if (ctx->macType != NID_hmac)
return WOLFSSL_FAILURE;
if (wolfSSL_HmacCopy(&hmacCopy, &ctx->hash.hmac) != WOLFSSL_SUCCESS)
@ -2183,7 +2153,7 @@ int wolfSSL_EVP_DigestSignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sig,
/* Return the maximum size of the signaure when sig is NULL. */
if (ctx->pctx == NULL) {
if (ctx->macType != (NID_hmac & 0xFF))
if (ctx->macType != NID_hmac)
return WOLFSSL_FAILURE;
hashLen = wolfssl_mac_len(ctx->hash.hmac.macType);
@ -2230,7 +2200,7 @@ int wolfSSL_EVP_DigestSignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sig,
#if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
case EVP_PKEY_RSA: {
unsigned int sigSz;
int nid = md2nid(ctx->macType);
int nid = wolfSSL_EVP_MD_type(wolfSSL_EVP_MD_CTX_md(ctx));
if (nid < 0)
break;
ret = wolfSSL_RSA_sign(nid, digest, hashLen, sig, &sigSz,
@ -2301,7 +2271,7 @@ int wolfSSL_EVP_DigestVerifyFinal(WOLFSSL_EVP_MD_CTX *ctx,
return WOLFSSL_FAILURE;
if (ctx->pctx == NULL) {
if (ctx->macType != (NID_hmac & 0xFF))
if (ctx->macType != NID_hmac)
return WOLFSSL_FAILURE;
hashLen = wolfssl_mac_len(ctx->hash.hmac.macType);
@ -2325,7 +2295,7 @@ int wolfSSL_EVP_DigestVerifyFinal(WOLFSSL_EVP_MD_CTX *ctx,
switch (ctx->pctx->pkey->type) {
#if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
case EVP_PKEY_RSA: {
int nid = md2nid(ctx->macType);
int nid = wolfSSL_EVP_MD_type(wolfSSL_EVP_MD_CTX_md(ctx));
if (nid < 0)
return WOLFSSL_FAILURE;
return wolfSSL_RSA_verify(nid, digest, hashLen, sig,
@ -2474,7 +2444,7 @@ WOLFSSL_API int wolfSSL_PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
}
ret = wc_PBKDF2((byte*)out, (byte*)pass, passlen, (byte*)salt, saltlen,
iter, keylen, wolfSSL_EVP_MD_type(digest));
iter, keylen, wolfSSL_EVP_md2macType(digest));
if (ret == 0)
return WOLFSSL_SUCCESS;
else
@ -3079,7 +3049,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
WOLFSSL_ENTER("EVP_MD_type");
for( ent = md_tbl; ent->name != NULL; ent++){
if(XSTRNCMP((const char *)md, ent->name, XSTRLEN(ent->name)+1) == 0) {
return ent->macType;
return ent->nid;
}
}
return 0;
@ -3243,11 +3213,12 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
static int wolfSSL_EVP_MD_Copy_Hasher(WOLFSSL_EVP_MD_CTX* des,
const WOLFSSL_EVP_MD_CTX* src)
{
if (src->macType == (NID_hmac & 0xFF)) {
if (src->macType == NID_hmac) {
wolfSSL_HmacCopy(&des->hash.hmac, (Hmac*)&src->hash.hmac);
}
else {
switch (src->macType) {
int macType = wolfSSL_EVP_md2macType(EVP_MD_CTX_md(src));
switch (macType) {
#ifndef NO_MD5
case WC_HASH_TYPE_MD5:
wc_Md5Copy((wc_Md5*)&src->hash.digest,
@ -3346,10 +3317,16 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
const WOLFSSL_EVP_MD *wolfSSL_EVP_MD_CTX_md(const WOLFSSL_EVP_MD_CTX *ctx)
{
const struct s_ent *ent;
if (ctx == NULL)
return NULL;
WOLFSSL_ENTER("EVP_MD_CTX_md");
return (const WOLFSSL_EVP_MD *)wolfSSL_EVP_get_md(ctx->macType);
for(ent = md_tbl; ent->name != NULL; ent++) {
if(ctx->macType == ent->nid) {
return (const WOLFSSL_EVP_MD *)ent->name;
}
}
return (WOLFSSL_EVP_MD *)NULL;
}
#ifndef NO_AES
@ -3699,11 +3676,12 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
if (ctx->pctx != NULL)
wolfSSL_EVP_PKEY_CTX_free(ctx->pctx);
if (ctx->macType == (NID_hmac & 0xFF)) {
if (ctx->macType == NID_hmac) {
wc_HmacFree(&ctx->hash.hmac);
}
else {
switch (ctx->macType) {
int macType = wolfSSL_EVP_md2macType(EVP_MD_CTX_md(ctx));
switch (macType) {
#ifndef NO_MD5
case WC_HASH_TYPE_MD5:
wc_Md5Free((wc_Md5*)&ctx->hash.digest);
@ -3766,7 +3744,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
}
}
ForceZero(ctx, sizeof(*ctx));
ctx->macType = 0xFF;
ctx->macType = WC_HASH_TYPE_NONE;
return 1;
}
@ -5138,13 +5116,13 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
/* WOLFSSL_SUCCESS on ok */
int wolfSSL_EVP_DigestInit(WOLFSSL_EVP_MD_CTX* ctx,
const WOLFSSL_EVP_MD* type)
const WOLFSSL_EVP_MD* md)
{
int ret = WOLFSSL_SUCCESS;
WOLFSSL_ENTER("EVP_DigestInit");
if (ctx == NULL || type == NULL) {
if (ctx == NULL || md == NULL) {
return BAD_FUNC_ARG;
}
@ -5156,68 +5134,59 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
(void)sizeof(async_test);
#endif
if (XSTRNCMP(type, "SHA256", 6) == 0) {
ctx->macType = WC_HASH_TYPE_SHA256;
/* Set to 0 if no match */
ctx->macType = wolfSSL_EVP_MD_type(md);
if (XSTRNCMP(md, "SHA256", 6) == 0) {
ret = wolfSSL_SHA256_Init(&(ctx->hash.digest.sha256));
}
#ifdef WOLFSSL_SHA224
else if (XSTRNCMP(type, "SHA224", 6) == 0) {
ctx->macType = WC_HASH_TYPE_SHA224;
else if (XSTRNCMP(md, "SHA224", 6) == 0) {
ret = wolfSSL_SHA224_Init(&(ctx->hash.digest.sha224));
}
#endif
#ifdef WOLFSSL_SHA384
else if (XSTRNCMP(type, "SHA384", 6) == 0) {
ctx->macType = WC_HASH_TYPE_SHA384;
else if (XSTRNCMP(md, "SHA384", 6) == 0) {
ret = wolfSSL_SHA384_Init(&(ctx->hash.digest.sha384));
}
#endif
#ifdef WOLFSSL_SHA512
else if (XSTRNCMP(type, "SHA512", 6) == 0) {
ctx->macType = WC_HASH_TYPE_SHA512;
else if (XSTRNCMP(md, "SHA512", 6) == 0) {
ret = wolfSSL_SHA512_Init(&(ctx->hash.digest.sha512));
}
#endif
#ifndef NO_MD4
else if (XSTRNCMP(type, "MD4", 3) == 0) {
ctx->macType = WC_HASH_TYPE_MD4;
else if (XSTRNCMP(md, "MD4", 3) == 0) {
wolfSSL_MD4_Init(&(ctx->hash.digest.md4));
}
#endif
#ifndef NO_MD5
else if (XSTRNCMP(type, "MD5", 3) == 0) {
ctx->macType = WC_HASH_TYPE_MD5;
else if (XSTRNCMP(md, "MD5", 3) == 0) {
ret = wolfSSL_MD5_Init(&(ctx->hash.digest.md5));
}
#endif
#ifdef WOLFSSL_SHA3
#ifndef WOLFSSL_NOSHA3_224
else if (XSTRNCMP(type, "SHA3_224", 8) == 0) {
ctx->macType = WC_HASH_TYPE_SHA3_224;
else if (XSTRNCMP(md, "SHA3_224", 8) == 0) {
ret = wolfSSL_SHA3_224_Init(&(ctx->hash.digest.sha3_224));
}
#endif
#ifndef WOLFSSL_NOSHA3_256
else if (XSTRNCMP(type, "SHA3_256", 8) == 0) {
ctx->macType = WC_HASH_TYPE_SHA3_256;
else if (XSTRNCMP(md, "SHA3_256", 8) == 0) {
ret = wolfSSL_SHA3_256_Init(&(ctx->hash.digest.sha3_256));
}
#endif
else if (XSTRNCMP(type, "SHA3_384", 8) == 0) {
ctx->macType = WC_HASH_TYPE_SHA3_384;
else if (XSTRNCMP(md, "SHA3_384", 8) == 0) {
ret = wolfSSL_SHA3_384_Init(&(ctx->hash.digest.sha3_384));
}
#ifndef WOLFSSL_NOSHA3_512
else if (XSTRNCMP(type, "SHA3_512", 8) == 0) {
ctx->macType = WC_HASH_TYPE_SHA3_512;
else if (XSTRNCMP(md, "SHA3_512", 8) == 0) {
ret = wolfSSL_SHA3_512_Init(&(ctx->hash.digest.sha3_512));
}
#endif
#endif
#ifndef NO_SHA
/* has to be last since would pick or 224, 256, 384, or 512 too */
else if (XSTRNCMP(type, "SHA", 3) == 0) {
ctx->macType = WC_HASH_TYPE_SHA;
else if (XSTRNCMP(md, "SHA", 3) == 0) {
ret = wolfSSL_SHA_Init(&(ctx->hash.digest.sha));
}
#endif /* NO_SHA */
@ -5233,9 +5202,12 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
int wolfSSL_EVP_DigestUpdate(WOLFSSL_EVP_MD_CTX* ctx, const void* data,
size_t sz)
{
int macType;
WOLFSSL_ENTER("EVP_DigestUpdate");
switch (ctx->macType) {
macType = wolfSSL_EVP_md2macType(EVP_MD_CTX_md(ctx));
switch (macType) {
#ifndef NO_MD4
case WC_HASH_TYPE_MD4:
wolfSSL_MD4_Update((MD4_CTX*)&ctx->hash, data,
@ -5313,8 +5285,11 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
int wolfSSL_EVP_DigestFinal(WOLFSSL_EVP_MD_CTX* ctx, unsigned char* md,
unsigned int* s)
{
int macType;
WOLFSSL_ENTER("EVP_DigestFinal");
switch (ctx->macType) {
macType = wolfSSL_EVP_md2macType(EVP_MD_CTX_md(ctx));
switch (macType) {
#ifndef NO_MD4
case WC_HASH_TYPE_MD4:
wolfSSL_MD4_Final(md, (MD4_CTX*)&ctx->hash);

3
wolfssl/openssl/evp.h
View File

@ -185,7 +185,7 @@ struct WOLFSSL_EVP_MD_CTX {
Hmac hmac;
#endif
} hash;
unsigned char macType;
int macType;
WOLFSSL_EVP_PKEY_CTX *pctx;
};
@ -239,6 +239,7 @@ enum {
NID_sha1 = 64,
NID_sha224 = 65,
NID_md2 = 77,
NID_md4 = 257,
NID_md5 = 4,
NID_hmac = 855,
NID_dhKeyAgreement= 28,