wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 10:47:28 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4986 from cconlon/sslFipsReady

Browse Source 
Fix FIPS defines in wolfSSL_RSA_sign_generic_padding() / RSA_verify_ex()
This commit is contained in:
Kaleb Himes
2022-03-29 16:02:17 -05:00
committed by GitHub
parent 0989a14395 4ad2f68071
commit 1dc3808aae
1 changed files with 8 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/ssl.c
View File

@ -36610,7 +36610,8 @@ int wolfSSL_RSA_sign_generic_padding(int type, const unsigned char* m,
ret = BAD_FUNC_ARG; ret = BAD_FUNC_ARG;
break; break;
#endif #endif
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && defined(WC_RSA_PSS) #if defined(WC_RSA_PSS) && !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
(defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,1)))
case RSA_PKCS1_PSS_PADDING: case RSA_PKCS1_PSS_PADDING:
{ {
enum wc_HashType hType = wc_OidGetHash(type); enum wc_HashType hType = wc_OidGetHash(type);
@ -36721,7 +36722,8 @@ int wolfSSL_RSA_verify_ex(int type, const unsigned char* m,
unsigned char *sigDec = NULL; unsigned char *sigDec = NULL;
unsigned int len = 0; unsigned int len = 0;
int verLen; int verLen;
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && \
FIPS_VERSION_GE(5,1))) && !defined(HAVE_SELFTEST)
int hSum = nid2HashSum(type); int hSum = nid2HashSum(type);
enum wc_HashType hType; enum wc_HashType hType;
#endif #endif
@ -36754,7 +36756,8 @@ int wolfSSL_RSA_verify_ex(int type, const unsigned char* m,
DEBUG_SIGN_msg("Encoded Message", m, mLen); DEBUG_SIGN_msg("Encoded Message", m, mLen);
} }
/* decrypt signature */ /* decrypt signature */
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) #if (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && \
FIPS_VERSION_GE(5,1))) && !defined(HAVE_SELFTEST)
hType = wc_OidGetHash(hSum); hType = wc_OidGetHash(hSum);
if ((verLen = wc_RsaSSL_Verify_ex2(sig, sigLen, (unsigned char *)sigDec, if ((verLen = wc_RsaSSL_Verify_ex2(sig, sigLen, (unsigned char *)sigDec,
sigLen, (RsaKey*)rsa->internal, padding, hType)) <= 0) { sigLen, (RsaKey*)rsa->internal, padding, hType)) <= 0) {
@ -36766,7 +36769,8 @@ int wolfSSL_RSA_verify_ex(int type, const unsigned char* m,
(RsaKey*)rsa->internal); (RsaKey*)rsa->internal);
#endif #endif
DEBUG_SIGN_msg("Decrypted Signature", sigDec, ret); DEBUG_SIGN_msg("Decrypted Signature", sigDec, ret);
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && defined(WC_RSA_PSS) #if defined(WC_RSA_PSS) && !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
(defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,1)))
if (padding == RSA_PKCS1_PSS_PADDING) { if (padding == RSA_PKCS1_PSS_PADDING) {
if (wc_RsaPSS_CheckPadding_ex(m, mLen, sigDec, verLen, if (wc_RsaPSS_CheckPadding_ex(m, mLen, sigDec, verLen,
hType, hType,