Add RSA_NO_PADDING to wolfSSL_RSA_private_encrypt

2025-08-03 12:44:45 +02:00 · 2021-02-26 18:07:34 +01:00
parent 2eb253330f
commit 39a28eeec2
3 changed files with 44 additions and 14 deletions
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -29466,12 +29466,12 @@ void wolfSSL_AES_cfb128_encrypt(const unsigned char *in, unsigned char* out,
 #endif /* WOLFSSL_AES_CFB */
 }

-#ifdef HAVE_AES_KEYWRAP
+/* wc_AesKey*Wrap_ex API not available in FIPS and SELFTEST */
+#if defined(HAVE_AES_KEYWRAP) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
 int wolfSSL_AES_wrap_key(AES_KEY *key, const unsigned char *iv,
                 unsigned char *out,
                 const unsigned char *in, unsigned int inlen)
 {
-    Aes* aes;
    int ret;

    WOLFSSL_ENTER("wolfSSL_AES_wrap_key");
@@ -29481,9 +29481,7 @@ int wolfSSL_AES_wrap_key(AES_KEY *key, const unsigned char *iv,
        return WOLFSSL_FAILURE;
    }

-    aes = (Aes*)key;
-
-    ret = wc_AesKeyWrap_ex(aes, in, inlen, out, inlen + KEYWRAP_BLOCK_SIZE, iv);
+    ret = wc_AesKeyWrap_ex((Aes*)key, in, inlen, out, inlen + KEYWRAP_BLOCK_SIZE, iv);

    return ret < 0 ? WOLFSSL_FAILURE : ret;
 }
@@ -29492,7 +29490,6 @@ int wolfSSL_AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
                   unsigned char *out,
                   const unsigned char *in, unsigned int inlen)
 {
-    Aes* aes;
    int ret;

    WOLFSSL_ENTER("wolfSSL_AES_wrap_key");
@@ -29502,13 +29499,11 @@ int wolfSSL_AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
        return WOLFSSL_FAILURE;
    }

-    aes = (Aes*)key;
-
-    ret = wc_AesKeyUnWrap_ex(aes, in, inlen, out, inlen + KEYWRAP_BLOCK_SIZE, iv);
+    ret = wc_AesKeyUnWrap_ex((Aes*)key, in, inlen, out, inlen + KEYWRAP_BLOCK_SIZE, iv);

    return ret < 0 ? WOLFSSL_FAILURE : ret;
 }
-#endif /* HAVE_AES_KEYWRAP */
+#endif /* HAVE_AES_KEYWRAP && !HAVE_FIPS && !HAVE_SELFTEST */
 #endif /* NO_AES */

 #ifndef NO_FILESYSTEM
@@ -49765,7 +49760,14 @@ int wolfSSL_RSA_private_encrypt(int len, unsigned char* in,
        return 0;
    }

-    if (padding != RSA_PKCS1_PADDING && padding != RSA_PKCS1_PSS_PADDING) {
+    if (
+    #ifdef WC_RSA_PSS
+        padding != RSA_PKCS1_PSS_PADDING &&
+    #endif
+    #ifdef WC_RSA_NO_PADDING
+        padding != RSA_NO_PADDING &&
+    #endif
+        padding != RSA_PKCS1_PADDING) {
        WOLFSSL_MSG("wolfSSL_RSA_private_encrypt unsupported padding");
        return 0;
    }
@@ -49797,7 +49799,33 @@ int wolfSSL_RSA_private_encrypt(int len, unsigned char* in,
 #endif

    /* size of output buffer must be size of RSA key */
-    sz = wc_RsaSSL_Sign(in, (word32)len, out, wolfSSL_RSA_size(rsa), key, rng);
+    switch (padding) {
+        case RSA_PKCS1_PADDING:
+            sz = wc_RsaSSL_Sign(in, (word32)len, out, wolfSSL_RSA_size(rsa),
+                    key, rng);
+            break;
+    #ifdef WC_RSA_PSS
+        case RSA_PKCS1_PSS_PADDING:
+            sz = wc_RsaPSS_Sign(in, (word32)len, out, wolfSSL_RSA_size(rsa),
+                    WC_HASH_TYPE_NONE, WC_MGF1NONE, key, rng);
+            break;
+    #endif
+    #ifdef WC_RSA_NO_PADDING
+        case RSA_NO_PADDING:
+        {
+            word32 outLen = (word32)len;
+            sz = wc_RsaFunction(in, (word32)len, out, &outLen,
+                    RSA_PRIVATE_ENCRYPT, key, rng);
+            if (sz == 0)
+                sz = (int)outLen;
+            break;
+        }
+    #endif
+        default:
+            sz = BAD_FUNC_ARG;
+            break;
+    }
+
    #if !defined(WC_RSA_BLINDING) || defined(HAVE_USER_RSA)
    if (wc_FreeRng(rng) != 0) {
        WOLFSSL_MSG("Error freeing random number generator");
--- a/tests/api.c
+++ b/tests/api.c
@@ -33608,7 +33608,7 @@ static void test_wolfSSL_AES_cbc_encrypt()

    #endif

-    #ifdef HAVE_AES_KEYWRAP
+    #if defined(HAVE_AES_KEYWRAP) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
    byte wrapCipher[sizeof(key256) + KEYWRAP_BLOCK_SIZE] = { 0 };
    byte wrapPlain[sizeof(key256)] = { 0 };
    byte wrapIV[KEYWRAP_BLOCK_SIZE] = { 0 };
@@ -33621,6 +33621,7 @@ static void test_wolfSSL_AES_cbc_encrypt()
    AssertIntEQ(wolfSSL_AES_set_decrypt_key(key256, sizeof(key256)*8, &aes), 0);
    AssertIntEQ(wolfSSL_AES_unwrap_key(&aes, NULL, wrapPlain, wrapCipher,
            sizeof(wrapCipher)), sizeof(wrapPlain));
+    AssertIntEQ(XMEMCMP(wrapPlain, key256, sizeof(key256)), 0);
    printf(resultFmt, "passed");
    XMEMSET(wrapCipher, 0, sizeof(wrapCipher));
    XMEMSET(wrapPlain, 0, sizeof(wrapPlain));
@@ -33633,6 +33634,7 @@ static void test_wolfSSL_AES_cbc_encrypt()
    AssertIntEQ(wolfSSL_AES_set_decrypt_key(key256, sizeof(key256)*8, &aes), 0);
    AssertIntEQ(wolfSSL_AES_unwrap_key(&aes, wrapIV, wrapPlain, wrapCipher,
            sizeof(wrapCipher)), sizeof(wrapPlain));
+    AssertIntEQ(XMEMCMP(wrapPlain, key256, sizeof(key256)), 0);
    printf(resultFmt, "passed");
    #endif /* HAVE_AES_KEYWRAP */
  #endif /* WOLFSSL_AES_256 */
--- a/wolfcrypt/src/aes.c
+++ b/wolfcrypt/src/aes.c
@@ -9011,7 +9011,7 @@ int wc_AesKeyUnWrap_ex(Aes *aes, const byte* in, word32 inSz, byte* out,
        0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6
    };

-    if (in == NULL || inSz < 3 ||
+    if (aes == NULL || in == NULL || inSz < 3 ||
        out == NULL || outSz < (inSz - KEYWRAP_BLOCK_SIZE))
        return BAD_FUNC_ARG;