diff --git a/src/ssl.c b/src/ssl.c index 3f9ed8057..dd8e7077e 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -31670,7 +31670,7 @@ int wolfSSL_ECDSA_do_verify(const unsigned char *d, int dlen, int check_sign = 0; #ifdef WOLF_CRYPTO_CB_ONLY_ECC byte signature[ECC_MAX_SIG_SIZE]; - word32 signaturelen = (word32)sizeof(sig); + word32 signaturelen = (word32)sizeof(signature); char* r; char* s; int ret = 0; diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 087fc5429..419070d24 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -39421,12 +39421,59 @@ static int ecc_onlycb_test(myCryptoDevCtx *ctx) HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); byte* out = (byte*)XMALLOC(sizeof(byte), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #ifdef OPENSSL_EXTRA + byte* check = (byte*)XMALLOC(sizeof(byte)*(256), HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + + #endif #else ecc_key key[1]; ecc_key pub[1]; byte out[256]; + #ifdef OPENSSL_EXTRA + unsigned char check[256]; + #endif #endif + #ifdef OPENSSL_EXTRA + EVP_PKEY* privKey = NULL; + EVP_PKEY* pubKey = NULL; + ecc_key* pkey; + EVP_MD_CTX mdCtx; + const char testData[] = "Hi There"; + size_t checkSz = -1; + const unsigned char* cp; + const unsigned char* p; + const unsigned char check_v[256] = { + 0x30,0x45,0x02,0x20,0x1b,0x5c,0x2a,0xf0,0x18,0x09, + 0x74,0x65,0xa1,0x04,0x76,0x3a,0xce,0xcc,0xe5,0x34, + 0x5e,0x89,0xed,0x40,0x1e,0x5a,0xb1,0x53,0xb4,0xff, + 0xc7,0x18,0xfe,0x0f,0xc7,0xa6,0x02,0x21,0x00,0xe5, + 0x70,0x21,0xfc,0xf9,0x63,0x36,0xfd,0x16,0x18,0x08, + 0x9a,0x63,0x61,0x0f,0xe7,0x7c,0xa3,0xc9,0x14,0xa3, + 0x30,0x87,0xf7,0xf5,0x70,0x19,0xaf,0x56,0x96,0x9b, + 0xd8,0x64,0xcd,0xd9,0xff,0x7b,0x2a,0x55,0x52,0xca, + 0x41,0xb2,0xa6,0xa4,0x8a,0x3b,0x02,0x20,0x8c,0xc5, + 0xf9,0xc1,0x7d,0x2a,0x65,0x6c,0xe6,0x5a,0xe3,0x76, + 0x9b,0xab,0x0b,0x9f,0xaf,0x62,0x5d,0xb2,0x60,0xd7, + 0xeb,0xb4,0x1b,0x73,0xdc,0x01,0x7d,0x7b,0xab,0xc1, + 0x0c,0x74,0x96,0x41,0xe6,0x3f,0xc5,0x86,0xe6,0x7d, + 0x2b,0x9d,0x54,0x6b,0xcd,0x31,0x35,0x1f,0xdb,0x49, + 0x1f,0x32,0x34,0xf8,0x57,0x12,0x86,0x5c,0x0e,0x80, + 0x55,0x8d,0xff,0xd8,0xbd,0xdf,0x32,0x26,0x62,0x42, + 0x09,0xda,0xf7,0x74,0xf2,0x3f,0xe6,0xf1,0x77,0x82, + 0xce,0xe4,0xbb,0x61,0xa6,0xc0,0x17,0x0c,0x6c,0x47, + 0x2a,0x40,0x1c,0x2b,0xe0,0x98,0x3b,0xbf,0xc6,0xf8, + 0x6d,0xfd,0xd0,0xfa,0xc1,0x02,0xfb,0x5f,0xfb,0xb0, + 0xcb,0xd9,0xa3,0x59,0x94,0xe9,0x0f,0x74,0xbb,0x3f, + 0x64,0xa3,0x83,0xc4,0x2b,0xf7,0xd2,0x97,0xbf,0x3b, + 0xcf,0xbb,0x60,0x81,0x33,0x94,0xfa,0x0d,0x35,0xd2, + 0x3d,0xb9,0x99,0xe3,0x12,0xf8,0xf4,0xa3,0x74,0xf4, + 0x94,0x1d,0x7a,0x66,0xf8,0xd1,0x1d,0xcf,0xb0,0x48, + 0xef,0x8c,0x94,0x6f,0xdd,0x62, + }; + #endif + WC_RNG rng; EncryptedInfo encInfo; int keyFormat = 0; @@ -39524,16 +39571,128 @@ static int ecc_onlycb_test(myCryptoDevCtx *ctx) ret = wc_ecc_shared_secret(key, pub, out, &outLen); } if (ret != NO_VALID_DEVID) { - ERROR_OUT(-8016, exit_onlycb); + ERROR_OUT(-8018, exit_onlycb); } else ret = 0; + + + #ifdef OPENSSL_EXTRA + + (void)pkey; + cp = ecc_clikey_der_256; + privKey = d2i_PrivateKey(EVP_PKEY_EC, NULL, &cp, + sizeof_ecc_clikey_der_256); + if (privKey == NULL) { + ERROR_OUT(-8019, exit_onlycb); + } + pkey = (ecc_key*)privKey->ecc->internal; + pkey->devId = devId; + + p = ecc_clikeypub_der_256; + pubKey = d2i_PUBKEY(NULL, &p, sizeof_ecc_clikeypub_der_256); + if (pubKey == NULL) { + ERROR_OUT(-8020, exit_onlycb); + } + pkey = (ecc_key*)pubKey->ecc->internal; + pkey->devId = devId; + + /* sign */ + EVP_MD_CTX_init(&mdCtx); + + ret = EVP_DigestSignInit(&mdCtx, NULL, EVP_sha256(), NULL, privKey); + if (ret != WOLFSSL_SUCCESS) { + ERROR_OUT(-8021, exit_onlycb); + } + + ret = EVP_DigestSignUpdate(&mdCtx, testData, + (unsigned int)XSTRLEN(testData)); + if (ret != WOLFSSL_SUCCESS) { + ERROR_OUT(-8022, exit_onlycb); + } + + ret = EVP_DigestSignFinal(&mdCtx, NULL, &checkSz); + if (ret != WOLFSSL_SUCCESS) { + ERROR_OUT(-8023, exit_onlycb); + } + + ctx->exampleVar = 99; + ret = EVP_DigestSignFinal(&mdCtx, check, &checkSz); + /* just called crypt callback as dummy + * EVP_DigestSignFinal returns 0 internally. + */ + if (ret != 0) { + ERROR_OUT(-8024, exit_onlycb); + } + ctx->exampleVar = 1; + ret = EVP_DigestSignFinal(&mdCtx, check, &checkSz); + /* just called crypt callback as dummy + * EVP_DigestSignFinal returns 0 internally. + */ + if (ret != 0) { + ERROR_OUT(-8025, exit_onlycb); + } + /* restore checkSz for verify */ + checkSz = 71; + + ret = EVP_MD_CTX_cleanup(&mdCtx); + if (ret != SSL_SUCCESS) { + ERROR_OUT(-8026, exit_onlycb); + } + + /* verify */ + + EVP_MD_CTX_init(&mdCtx); + + if (ret == SSL_SUCCESS) { + ret = EVP_DigestVerifyInit(&mdCtx, NULL, EVP_sha256(), NULL, pubKey); + } + if (ret != WOLFSSL_SUCCESS) { + ERROR_OUT(-8027, exit_onlycb); + } + if (ret == WOLFSSL_SUCCESS) { + ret = EVP_DigestVerifyUpdate(&mdCtx, testData, + (unsigned int)XSTRLEN(testData)); + } + if (ret != WOLFSSL_SUCCESS) { + ERROR_OUT(-8028, exit_onlycb); + } + ctx->exampleVar = 99; + ret = EVP_DigestVerifyFinal(&mdCtx, check_v, checkSz); + /* just called crypt callback as dummy + * EVP_DigestSignFinal returns 0 internally. + */ + if (ret != 0) { + ERROR_OUT(-8029, exit_onlycb); + } + ctx->exampleVar = 1; + ret = EVP_DigestVerifyFinal(&mdCtx, check_v, checkSz); + /* just called crypt callback as dummy + * EVP_DigestVerifyFinal returns -1 internally rather than NO_VALID_DEVID. + */ + if (ret != -1) { + ERROR_OUT(-8030, exit_onlycb); + } + ret = EVP_MD_CTX_cleanup(&mdCtx); + if (ret != SSL_SUCCESS) { + ERROR_OUT(-8031, exit_onlycb); + } else + ret = 0; + #endif #else (void)verify; (void)outLen; (void)inLen; (void)out; (void)pub; + #ifdef OPENSSL_EXTRA + (void)privKey; + (void)pubKey; + (void)mdCtx; + (void)check; + (void)checkSz; + (void)p; + #endif #endif (void)keyFormat; (void)encInfo; @@ -39550,8 +39709,19 @@ exit_onlycb: if (out != NULL) { XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); } + #ifdef OPENSSL_EXTRA + if (check) { + FREE(check, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } + #endif #else wc_ecc_free(key); + #ifdef OPENSSL_EXTRA + if (privKey) + EVP_PKEY_free(privKey); + if (pubKey) + EVP_PKEY_free(pubKey); + #endif #endif #endif /* HAVE_ECC */