From 455ffc2ad7586cd8d527c29e6a648554f6b94a70 Mon Sep 17 00:00:00 2001 From: Jacob Barthelmeh Date: Mon, 15 Jan 2018 15:39:33 -0700 Subject: [PATCH] fix for windows fips build --- wolfcrypt/test/test.c | 28 +++++++++++++++------------- wolfssl/openssl/rsa.h | 15 +++++++++++++-- 2 files changed, 28 insertions(+), 15 deletions(-) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 173036857..7d5fd7aa4 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -11498,6 +11498,7 @@ int openssl_pkey0_test(void) return ERR_BASE_PKEY-32; } +#ifndef HAVE_FIPS if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_OAEP_PADDING) <= 0){ printf("second set rsa padding error\n"); return ERR_BASE_PKEY-33; @@ -11507,6 +11508,7 @@ int openssl_pkey0_test(void) printf("third set rsa padding error\n"); return ERR_BASE_PKEY-34; } +#endif memset(out, 0, sizeof(out)); ret = EVP_PKEY_encrypt(enc, out, &outlen, in, sizeof(in)); @@ -11559,40 +11561,38 @@ int openssl_pkey1_test(void) unsigned char cipher[256]; unsigned char plain[256]; size_t outlen = sizeof(cipher); - char cliCert[] = "./certs/client-cert.pem"; - FILE* f; #if defined(USE_CERT_BUFFERS_2048) XMEMCPY(tmp, client_key_der_2048, sizeof_client_key_der_2048); cliKeySz = (long)sizeof_client_key_der_2048; + + x509 = wolfSSL_X509_load_certificate_buffer(client_cert_der_2048, + sizeof_client_cert_der_2048, SSL_FILETYPE_ASN1); #else + FILE* f; + f = fopen(clientKey, "rb"); if (!f) { err_sys("can't open ./certs/client-key.der, " - "Please run from wolfSSL home dir", -40); - return -40; + "Please run from wolfSSL home dir", -41); + return -41; } cliKeySz = (long)fread(tmp, 1, FOURK_BUF, f); fclose(f); + + /* using existing wolfSSL api to get public and private key */ + x509 = wolfSSL_X509_load_certificate_file(clientCert, SSL_FILETYPE_ASN1); #endif /* USE_CERT_BUFFERS */ clikey = tmp; if ((prvKey = EVP_PKEY_new()) == NULL) { - return -41; + return -42; } EVP_PKEY_free(prvKey); prvKey = NULL; - /* using existing wolfSSL api to get public and private key */ - f = fopen(cliCert, "rb"); - if (f == NULL) { - return -42; - } - - x509 = wolfSSL_X509_load_certificate_file(cliCert, SSL_FILETYPE_PEM); - fclose(f); if (x509 == NULL) { ret = -43; goto openssl_pkey1_test_done; @@ -11643,6 +11643,7 @@ int openssl_pkey1_test(void) goto openssl_pkey1_test_done; } +#ifndef HAVE_FIPS if (EVP_PKEY_CTX_set_rsa_padding(dec, RSA_PKCS1_OAEP_PADDING) <= 0){ ret = -52; goto openssl_pkey1_test_done; @@ -11652,6 +11653,7 @@ int openssl_pkey1_test(void) ret = -53; goto openssl_pkey1_test_done; } +#endif XMEMSET(cipher, 0, sizeof(cipher)); if (EVP_PKEY_encrypt(enc, cipher, &outlen, msg, sizeof(msg)) < 0) { diff --git a/wolfssl/openssl/rsa.h b/wolfssl/openssl/rsa.h index 01b603c70..d86a4a30f 100644 --- a/wolfssl/openssl/rsa.h +++ b/wolfssl/openssl/rsa.h @@ -33,8 +33,19 @@ #endif #if !defined(NO_RSA) && !defined(HAVE_USER_RSA) -#define RSA_PKCS1_PADDING WC_RSA_PKCSV15_PAD -#define RSA_PKCS1_OAEP_PADDING WC_RSA_OAEP_PAD +#if defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION < 2)) + /* + choice of padding added after fips, so not available when using fips RSA + */ + + /* Padding types */ + #define RSA_PKCS1_PADDING 0 + #define RSA_PKCS1_OAEP_PADDING 1 +#else + #define RSA_PKCS1_PADDING WC_RSA_PKCSV15_PAD + #define RSA_PKCS1_OAEP_PADDING WC_RSA_OAEP_PAD +#endif /* HAVE_FIPS */ #endif #ifndef WOLFSSL_RSA_TYPE_DEFINED /* guard on redeclaration */