wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-29 18:27:29 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4986 from cconlon/sslFipsReady

Browse Source 
Fix FIPS defines in wolfSSL_RSA_sign_generic_padding() / RSA_verify_ex()
This commit is contained in:
Kaleb Himes
2022-03-29 16:02:17 -05:00
committed by GitHub
parent 0989a14395 4ad2f68071
commit 1dc3808aae
1 changed files with 8 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/ssl.c
View File

@ -36610,7 +36610,8 @@ int wolfSSL_RSA_sign_generic_padding(int type, const unsigned char* m,
ret = BAD_FUNC_ARG;
break;
#endif
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && defined(WC_RSA_PSS)
#if defined(WC_RSA_PSS) && !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
(defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,1)))
case RSA_PKCS1_PSS_PADDING:
{
enum wc_HashType hType = wc_OidGetHash(type);
@ -36721,7 +36722,8 @@ int wolfSSL_RSA_verify_ex(int type, const unsigned char* m,
unsigned char *sigDec = NULL;
unsigned int len = 0;
int verLen;
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
#if (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && \
FIPS_VERSION_GE(5,1))) && !defined(HAVE_SELFTEST)
int hSum = nid2HashSum(type);
enum wc_HashType hType;
#endif
@ -36754,7 +36756,8 @@ int wolfSSL_RSA_verify_ex(int type, const unsigned char* m,
DEBUG_SIGN_msg("Encoded Message", m, mLen);
}
/* decrypt signature */
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
#if (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && \
FIPS_VERSION_GE(5,1))) && !defined(HAVE_SELFTEST)
hType = wc_OidGetHash(hSum);
if ((verLen = wc_RsaSSL_Verify_ex2(sig, sigLen, (unsigned char *)sigDec,
sigLen, (RsaKey*)rsa->internal, padding, hType)) <= 0) {
@ -36766,7 +36769,8 @@ int wolfSSL_RSA_verify_ex(int type, const unsigned char* m,
(RsaKey*)rsa->internal);
#endif
DEBUG_SIGN_msg("Decrypted Signature", sigDec, ret);
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && defined(WC_RSA_PSS)
#if defined(WC_RSA_PSS) && !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
(defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,1)))
if (padding == RSA_PKCS1_PSS_PADDING) {
if (wc_RsaPSS_CheckPadding_ex(m, mLen, sigDec, verLen,
hType,