diff --git a/doc/dox_comments/header_files/ssl.h b/doc/dox_comments/header_files/ssl.h index d6d573e47..ea2a4cea3 100644 --- a/doc/dox_comments/header_files/ssl.h +++ b/doc/dox_comments/header_files/ssl.h @@ -13728,3 +13728,27 @@ WOLFSSL_API int wolfSSL_CTX_set_ephemeral_key(WOLFSSL_CTX* ctx, int keyAlgo, con \param format WOLFSSL_FILETYPE_ASN1 or WOLFSSL_FILETYPE_PEM */ WOLFSSL_API int wolfSSL_set_ephemeral_key(WOLFSSL* ssl, int keyAlgo, const char* key, unsigned int keySz, int format); + +/*! + \ingroup SSL + \brief Sign a message with the chosen message digest, padding, and RSA key + \return WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on error + \param type Hash NID + \param m Message to sign. Most likely this will be the digest of + the message to sign + \param mLen Length of message to sign + \param sigRet Output buffer + \param sigLen On Input: length of sigRet buffer + On Output: length of data written to sigRet + \param rsa RSA key used to sign the input + \param flag 1: Output the signature + 0: Output the value that the unpadded signature should be + compared to. Note: for RSA_PKCS1_PSS_PADDING the + wc_RsaPSS_CheckPadding_ex function should be used to check + the output of a *Verify* function. + \param padding Padding to use. Only RSA_PKCS1_PSS_PADDING and + RSA_PKCS1_PADDING are currently supported for signing. + */ +WOLFSSL_API int wolfSSL_RSA_sign_generic_padding(int type, const unsigned char* m, + unsigned int mLen, unsigned char* sigRet, + unsigned int* sigLen, WOLFSSL_RSA*, int, int); diff --git a/src/ssl.c b/src/ssl.c index 4dd1c6fa6..a5e20b6ef 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -1990,7 +1990,7 @@ int wolfSSL_write(WOLFSSL* ssl, const void* data, int sz) #ifdef OPENSSL_EXTRA if (ssl->CBIS != NULL) { - ssl->CBIS(ssl, SSL_CB_WRITE, SSL_SUCCESS); + ssl->CBIS(ssl, SSL_CB_WRITE, WOLFSSL_SUCCESS); ssl->cbmode = SSL_CB_WRITE; } #endif @@ -2082,7 +2082,7 @@ int wolfSSL_read(WOLFSSL* ssl, void* data, int sz) #ifdef OPENSSL_EXTRA if (ssl->CBIS != NULL) { - ssl->CBIS(ssl, SSL_CB_READ, SSL_SUCCESS); + ssl->CBIS(ssl, SSL_CB_READ, WOLFSSL_SUCCESS); ssl->cbmode = SSL_CB_READ; } #endif @@ -3714,7 +3714,7 @@ WOLFSSL_STACK* wolfSSL_CertManagerGetCerts(WOLFSSL_CERT_MANAGER* cm) if (CopyDecodedToX509(x509, dCert) == 0) { - if (wolfSSL_sk_X509_push(sk, x509) != SSL_SUCCESS) { + if (wolfSSL_sk_X509_push(sk, x509) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("Unable to load x509 into stack"); FreeX509(x509); XFREE(x509, cm->heap, DYNAMIC_TYPE_X509); @@ -3813,7 +3813,7 @@ WOLFSSL_STACK* wolfSSL_X509_STORE_GetCerts(WOLFSSL_X509_STORE_CTX* s) if (CopyDecodedToX509(x509, dCert) == 0) { - if (wolfSSL_sk_X509_push(sk, x509) != SSL_SUCCESS) { + if (wolfSSL_sk_X509_push(sk, x509) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("Unable to load x509 into stack"); wolfSSL_X509_free(x509); goto error; @@ -7835,7 +7835,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey(int type, WOLFSSL_EVP_PKEY** out, } if (wolfSSL_RSA_LoadDer_ex(local->rsa, (const unsigned char*)local->pkey.ptr, local->pkey_sz, - WOLFSSL_RSA_LOAD_PRIVATE) != SSL_SUCCESS) { + WOLFSSL_RSA_LOAD_PRIVATE) != WOLFSSL_SUCCESS) { wolfSSL_EVP_PKEY_free(local); return NULL; } @@ -7851,7 +7851,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey(int type, WOLFSSL_EVP_PKEY** out, } if (wolfSSL_EC_KEY_LoadDer(local->ecc, (const unsigned char*)local->pkey.ptr, local->pkey_sz) - != SSL_SUCCESS) { + != WOLFSSL_SUCCESS) { wolfSSL_EVP_PKEY_free(local); return NULL; } @@ -7868,7 +7868,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey(int type, WOLFSSL_EVP_PKEY** out, } if (wolfSSL_DSA_LoadDer(local->dsa, (const unsigned char*)local->pkey.ptr, local->pkey_sz) - != SSL_SUCCESS) { + != WOLFSSL_SUCCESS) { wolfSSL_EVP_PKEY_free(local); return NULL; } @@ -7885,7 +7885,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey(int type, WOLFSSL_EVP_PKEY** out, } if (wolfSSL_DH_LoadDer(local->dh, (const unsigned char*)local->pkey.ptr, local->pkey_sz) - != SSL_SUCCESS) { + != WOLFSSL_SUCCESS) { wolfSSL_EVP_PKEY_free(local); return NULL; } @@ -11885,7 +11885,7 @@ int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl, #ifdef OPENSSL_EXTRA if (ssl->CBIS != NULL) { - ssl->CBIS(ssl, SSL_ST_CONNECT, SSL_SUCCESS); + ssl->CBIS(ssl, SSL_ST_CONNECT, WOLFSSL_SUCCESS); ssl->cbmode = SSL_CB_WRITE; } #endif @@ -14756,7 +14756,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) node->num = (ctx->ca_names == NULL) ? 1 : ctx->ca_names->num + 1; node->next = ctx->ca_names; ctx->ca_names = node; - return SSL_SUCCESS; + return WOLFSSL_SUCCESS; } #endif @@ -14856,7 +14856,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) ctx->srp_password = NULL; } - return SSL_SUCCESS; + return WOLFSSL_SUCCESS; } int wolfSSL_CTX_set_srp_password(WOLFSSL_CTX* ctx, char* password) @@ -14914,7 +14914,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) } XMEMCPY(ctx->srp_password, password, XSTRLEN(password) + 1); } - return SSL_SUCCESS; + return WOLFSSL_SUCCESS; } #endif /* WOLFCRYPT_HAVE_SRP && !NO_SHA256 && !WC_NO_RNG */ @@ -17147,7 +17147,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, * sid_ctx value of context to set * sid_ctx_len length of sid_ctx buffer * - * Returns SSL_SUCCESS in success case and SSL_FAILURE when failing + * Returns WOLFSSL_SUCCESS in success case and SSL_FAILURE when failing */ int wolfSSL_CTX_set_session_id_context(WOLFSSL_CTX* ctx, const unsigned char* sid_ctx, @@ -17162,7 +17162,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, XMEMCPY(ctx->sessionCtx, sid_ctx, sid_ctx_len); ctx->sessionCtxSz = (byte)sid_ctx_len; - return SSL_SUCCESS; + return WOLFSSL_SUCCESS; } @@ -17174,7 +17174,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, * id value of context to set * len length of sid_ctx buffer * - * Returns SSL_SUCCESS in success case and SSL_FAILURE when failing + * Returns WOLFSSL_SUCCESS in success case and SSL_FAILURE when failing */ int wolfSSL_set_session_id_context(WOLFSSL* ssl, const unsigned char* id, unsigned int len) @@ -17187,7 +17187,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, XMEMCPY(ssl->sessionCtx, id, len); ssl->sessionCtxSz = (byte)len; - return SSL_SUCCESS; + return WOLFSSL_SUCCESS; } @@ -20508,7 +20508,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509) if (wolfSSL_RSA_LoadDer_ex(key->rsa, (const unsigned char*)key->pkey.ptr, key->pkey_sz, - WOLFSSL_RSA_LOAD_PUBLIC) != SSL_SUCCESS) { + WOLFSSL_RSA_LOAD_PUBLIC) != WOLFSSL_SUCCESS) { wolfSSL_EVP_PKEY_free(key); return NULL; } @@ -20536,7 +20536,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509) return NULL; } - if (SetECKeyExternal(key->ecc) != SSL_SUCCESS) { + if (SetECKeyExternal(key->ecc) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("SetECKeyExternal failed"); wolfSSL_EVP_PKEY_free(key); return NULL; @@ -20557,7 +20557,7 @@ WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509) if (wolfSSL_DSA_LoadDer_ex(key->dsa, (const unsigned char*)key->pkey.ptr, key->pkey_sz, \ - WOLFSSL_DSA_LOAD_PUBLIC) != SSL_SUCCESS) { + WOLFSSL_DSA_LOAD_PUBLIC) != WOLFSSL_SUCCESS) { wolfSSL_DSA_free(key->dsa); key->dsa = NULL; wolfSSL_EVP_PKEY_free(key); @@ -22529,7 +22529,7 @@ int wolfSSL_i2d_X509_bio(WOLFSSL_BIO* bio, WOLFSSL_X509* x509) byte* der = x509->derCert->buffer; if (wolfSSL_BIO_write(bio, der, len) == (int)len) { - return SSL_SUCCESS; + return WOLFSSL_SUCCESS; } } @@ -22693,7 +22693,7 @@ int wolfSSL_i2d_PKCS12_bio(WOLFSSL_BIO *bio, WC_PKCS12 *pkcs12) certSz = wc_i2d_PKCS12(pkcs12, &certDer, NULL); if ((certSz > 0) && (certDer != NULL)) { if (wolfSSL_BIO_write(bio, certDer, certSz) == (int)certSz) { - ret = SSL_SUCCESS; + ret = WOLFSSL_SUCCESS; } } @@ -23135,7 +23135,7 @@ WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get_chain(WOLFSSL_X509_STORE_CTX* ctx) return NULL; } - if (wolfSSL_sk_X509_push(sk, x509) != SSL_SUCCESS) { + if (wolfSSL_sk_X509_push(sk, x509) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("Unable to load x509 into stack"); wolfSSL_sk_X509_free(sk); wolfSSL_X509_free(x509); @@ -23155,7 +23155,7 @@ WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get_chain(WOLFSSL_X509_STORE_CTX* ctx) * signed and that a issuer was found */ if (issuer != NULL && wolfSSL_X509_NAME_cmp(&x509->issuer, &x509->subject) != 0) { - if (wolfSSL_sk_X509_push(sk, issuer) != SSL_SUCCESS) { + if (wolfSSL_sk_X509_push(sk, issuer) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("Unable to load CA x509 into stack"); wolfSSL_sk_X509_free(sk); wolfSSL_X509_free(issuer); @@ -23402,7 +23402,7 @@ int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX* ctx, } } #endif - return SSL_SUCCESS; + return WOLFSSL_SUCCESS; } return WOLFSSL_FATAL_ERROR; } @@ -26295,7 +26295,7 @@ long wolfSSL_CTX_sess_number(WOLFSSL_CTX* ctx) (void)ctx; #ifdef WOLFSSL_SESSION_STATS - if (wolfSSL_get_session_stats(NULL, &total, NULL, NULL) != SSL_SUCCESS) { + if (wolfSSL_get_session_stats(NULL, &total, NULL, NULL) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("Error getting session stats"); } #else @@ -28552,7 +28552,7 @@ WC_RNG* WOLFSSL_RSA_GetRNG(WOLFSSL_RSA *rsa, WC_RNG **tmpRNG, int *initTmpRng) /* Checks if the global RNG has been created. If not then one is created. * - * Returns SSL_SUCCESS when no error is encountered. + * Returns WOLFSSL_SUCCESS when no error is encountered. */ static int wolfSSL_RAND_Init(void) { @@ -28570,11 +28570,11 @@ static int wolfSSL_RAND_Init(void) } wc_UnLockMutex(&globalRNGMutex); - return SSL_SUCCESS; + return WOLFSSL_SUCCESS; } -/* SSL_SUCCESS on ok */ +/* WOLFSSL_SUCCESS on ok */ int wolfSSL_RAND_seed(const void* seed, int len) { @@ -28683,7 +28683,7 @@ int wolfSSL_RAND_write_file(const char* fname) #endif bytes = 1024; /* default size of buf */ - if (initGlobalRNG == 0 && wolfSSL_RAND_Init() != SSL_SUCCESS) { + if (initGlobalRNG == 0 && wolfSSL_RAND_Init() != WOLFSSL_SUCCESS) { WOLFSSL_MSG("No RNG to use"); #ifdef WOLFSSL_SMALL_STACK XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -28906,7 +28906,7 @@ int wolfSSL_RAND_pseudo_bytes(unsigned char* buf, int num) } -/* SSL_SUCCESS on ok */ +/* WOLFSSL_SUCCESS on ok */ int wolfSSL_RAND_bytes(unsigned char* buf, int num) { int ret = 0; @@ -29485,7 +29485,7 @@ WOLFSSL_BIGNUM* wolfSSL_DH_768_prime(WOLFSSL_BIGNUM* bn) WOLFSSL_ENTER("wolfSSL_DH_768_prime"); - if (wolfSSL_BN_hex2bn(&bn, prm) != SSL_SUCCESS) { + if (wolfSSL_BN_hex2bn(&bn, prm) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("Error converting DH 768 prime to big number"); return NULL; } @@ -29515,7 +29515,7 @@ WOLFSSL_BIGNUM* wolfSSL_DH_1024_prime(WOLFSSL_BIGNUM* bn) WOLFSSL_ENTER("wolfSSL_DH_1024_prime"); - if (wolfSSL_BN_hex2bn(&bn, prm) != SSL_SUCCESS) { + if (wolfSSL_BN_hex2bn(&bn, prm) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("Error converting DH 1024 prime to big number"); return NULL; } @@ -29549,7 +29549,7 @@ WOLFSSL_BIGNUM* wolfSSL_DH_1536_prime(WOLFSSL_BIGNUM* bn) WOLFSSL_ENTER("wolfSSL_DH_1536_prime"); - if (wolfSSL_BN_hex2bn(&bn, prm) != SSL_SUCCESS) { + if (wolfSSL_BN_hex2bn(&bn, prm) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("Error converting DH 1536 prime to big number"); return NULL; } @@ -29587,7 +29587,7 @@ WOLFSSL_BIGNUM* wolfSSL_DH_2048_prime(WOLFSSL_BIGNUM* bn) WOLFSSL_ENTER("wolfSSL_DH_2048_prime"); - if (wolfSSL_BN_hex2bn(&bn, prm) != SSL_SUCCESS) { + if (wolfSSL_BN_hex2bn(&bn, prm) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("Error converting DH 2048 prime to big number"); return NULL; } @@ -29633,7 +29633,7 @@ WOLFSSL_BIGNUM* wolfSSL_DH_3072_prime(WOLFSSL_BIGNUM* bn) WOLFSSL_ENTER("wolfSSL_DH_3072_prime"); - if (wolfSSL_BN_hex2bn(&bn, prm) != SSL_SUCCESS) { + if (wolfSSL_BN_hex2bn(&bn, prm) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("Error converting DH 3072 prime to big number"); return NULL; } @@ -29687,7 +29687,7 @@ WOLFSSL_BIGNUM* wolfSSL_DH_4096_prime(WOLFSSL_BIGNUM* bn) WOLFSSL_ENTER("wolfSSL_DH_4096_prime"); - if (wolfSSL_BN_hex2bn(&bn, prm) != SSL_SUCCESS) { + if (wolfSSL_BN_hex2bn(&bn, prm) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("Error converting DH 4096 prime to big number"); return NULL; } @@ -29757,7 +29757,7 @@ WOLFSSL_BIGNUM* wolfSSL_DH_6144_prime(WOLFSSL_BIGNUM* bn) WOLFSSL_ENTER("wolfSSL_DH_6144_prime"); - if (wolfSSL_BN_hex2bn(&bn, prm) != SSL_SUCCESS) { + if (wolfSSL_BN_hex2bn(&bn, prm) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("Error converting DH 6144 prime to big number"); return NULL; } @@ -29844,7 +29844,7 @@ WOLFSSL_BIGNUM* wolfSSL_DH_8192_prime(WOLFSSL_BIGNUM* bn) WOLFSSL_ENTER("wolfSSL_DH_8192_prime"); - if (wolfSSL_BN_hex2bn(&bn, prm) != SSL_SUCCESS) { + if (wolfSSL_BN_hex2bn(&bn, prm) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("Error converting DH 8192 prime to big number"); return NULL; } @@ -30002,7 +30002,7 @@ int wolfSSL_DH_compute_key(unsigned char* key, WOLFSSL_BIGNUM* otherPub, else { privSz = wolfSSL_BN_bn2bin(dh->priv_key, priv); pubSz = wolfSSL_BN_bn2bin(otherPub, pub); - if (dh->inSet == 0 && SetDhInternal(dh) != SSL_SUCCESS){ + if (dh->inSet == 0 && SetDhInternal(dh) != WOLFSSL_SUCCESS){ WOLFSSL_MSG("Bad DH set internal"); } if (privSz <= 0 || pubSz <= 0) @@ -30351,7 +30351,7 @@ WOLFSSL_RSA* wolfSSL_RSA_generate_key(int len, unsigned long e, return NULL; } - if (wolfSSL_BN_set_word(bn, (WOLFSSL_BN_ULONG)e) != SSL_SUCCESS) { + if (wolfSSL_BN_set_word(bn, (WOLFSSL_BN_ULONG)e) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("Error using e value"); wolfSSL_BN_free(bn); return NULL; @@ -30494,7 +30494,7 @@ WOLFSSL_DSA* wolfSSL_DSA_generate_parameters(int bits, unsigned char* seed, } if (wolfSSL_DSA_generate_parameters_ex(dsa, bits, seed, seedLen, - counterRet, hRet, NULL) != SSL_SUCCESS) { + counterRet, hRet, NULL) != WOLFSSL_SUCCESS) { wolfSSL_DSA_free(dsa); return NULL; } @@ -30806,7 +30806,7 @@ int wolfSSL_DSA_do_verify_ex(const unsigned char* digest, int digest_len, #if !defined(NO_RSA) && !defined(HAVE_USER_RSA) #ifdef DEBUG_SIGN -static void show(const char *title, const unsigned char *out, unsigned int outlen) +static void DEBUG_SIGN_msg(const char *title, const unsigned char *out, unsigned int outlen) { const unsigned char *pt; printf("%s[%d] = \n", title, (int)outlen); @@ -30816,42 +30816,10 @@ static void show(const char *title, const unsigned char *out, unsigned int outle printf("\n"); } #else -#define show(a,b,c) +#define DEBUG_SIGN_msg(a,b,c) #endif -/* return SSL_SUCCESS on ok, 0 otherwise */ -int wolfSSL_RSA_sign(int type, const unsigned char* m, - unsigned int mLen, unsigned char* sigRet, - unsigned int* sigLen, WOLFSSL_RSA* rsa) -{ - return wolfSSL_RSA_sign_ex(type, m, mLen, sigRet, sigLen, rsa, 1); -} - -int wolfSSL_RSA_sign_ex(int type, const unsigned char* m, - unsigned int mLen, unsigned char* sigRet, - unsigned int* sigLen, WOLFSSL_RSA* rsa, int flag) -{ - word32 outLen; - word32 signSz; - int initTmpRng = 0; - WC_RNG* rng = NULL; - int ret = 0; -#ifdef WOLFSSL_SMALL_STACK - WC_RNG* tmpRNG = NULL; - byte* encodedSig = NULL; -#else - WC_RNG tmpRNG[1]; - byte encodedSig[MAX_ENCODED_SIG_SZ]; -#endif - - WOLFSSL_ENTER("wolfSSL_RSA_sign"); - - if (m == NULL || sigRet == NULL || sigLen == NULL || rsa == NULL) { - WOLFSSL_MSG("Bad function arguments"); - return 0; - } - show("Message to Sign", m, mLen); - +static int nid2HashSum(int type) { switch (type) { #ifdef WOLFSSL_MD2 case NID_md2: type = MD2h; break; @@ -30887,34 +30855,99 @@ int wolfSSL_RSA_sign_ex(int type, const unsigned char* m, WOLFSSL_MSG("This NID (md type) not configured or not implemented"); return 0; } + return type; +} - if (rsa->inSet == 0) - { +/* return WOLFSSL_SUCCESS on ok, 0 otherwise */ +int wolfSSL_RSA_sign(int type, const unsigned char* m, + unsigned int mLen, unsigned char* sigRet, + unsigned int* sigLen, WOLFSSL_RSA* rsa) +{ + return wolfSSL_RSA_sign_ex(type, m, mLen, sigRet, sigLen, rsa, 1); +} + +int wolfSSL_RSA_sign_ex(int type, const unsigned char* m, + unsigned int mLen, unsigned char* sigRet, + unsigned int* sigLen, WOLFSSL_RSA* rsa, int flag) +{ + return wolfSSL_RSA_sign_generic_padding(type, m, mLen, sigRet, sigLen, + rsa, flag, RSA_PKCS1_PADDING); +} + +/** + * Sign a message with the chosen message digest, padding, and RSA key. + * @param type Hash NID + * @param m Message to sign. Most likely this will be the digest of + * the message to sign + * @param mLen Length of message to sign + * @param sigRet Output buffer + * @param sigLen On Input: length of sigRet buffer + * On Output: length of data written to sigRet + * @param rsa RSA key used to sign the input + * @param flag 1: Output the signature + * 0: Output the value that the unpadded signature should be + * compared to. Note: for RSA_PKCS1_PSS_PADDING the + * wc_RsaPSS_CheckPadding_ex function should be used to check + * the output of a *Verify* function. + * @param padding Padding to use. Only RSA_PKCS1_PSS_PADDING and + * RSA_PKCS1_PADDING are currently supported for signing. + * @return WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on error + */ +int wolfSSL_RSA_sign_generic_padding(int type, const unsigned char* m, + unsigned int mLen, unsigned char* sigRet, + unsigned int* sigLen, WOLFSSL_RSA* rsa, int flag, + int padding) +{ + word32 outLen; + word32 signSz; + int initTmpRng = 0; + WC_RNG* rng = NULL; + int ret = 0; +#ifdef WOLFSSL_SMALL_STACK + WC_RNG* tmpRNG = NULL; + byte* encodedSig = NULL; +#else + WC_RNG tmpRNG[1]; + byte encodedSig[MAX_ENCODED_SIG_SZ]; +#endif + + WOLFSSL_ENTER("wolfSSL_RSA_sign_generic_padding"); + + if (m == NULL || sigRet == NULL || sigLen == NULL || rsa == NULL) { + WOLFSSL_MSG("Bad function arguments"); + return WOLFSSL_FAILURE; + } + DEBUG_SIGN_msg("Message to Sign", m, mLen); + + if (rsa->inSet == 0) { WOLFSSL_MSG("No RSA internal set, do it"); if (SetRsaInternal(rsa) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("SetRsaInternal failed"); - return 0; + return WOLFSSL_FAILURE; } } + type = nid2HashSum(type); + outLen = (word32)wolfSSL_BN_num_bytes(rsa->n); #ifdef WOLFSSL_SMALL_STACK tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG); if (tmpRNG == NULL) - return 0; + return WOLFSSL_FAILURE; encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, NULL, DYNAMIC_TYPE_SIGNATURE); if (encodedSig == NULL) { XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG); - return 0; + return WOLFSSL_FAILURE; } #endif - if (outLen == 0) + if (outLen == 0) { WOLFSSL_MSG("Bad RSA size"); + } else if (wc_InitRng(tmpRNG) == 0) { rng = tmpRNG; initTmpRng = 1; @@ -30929,32 +30962,85 @@ int wolfSSL_RSA_sign_ex(int type, const unsigned char* m, } if (rng) { - - signSz = wc_EncodeSignature(encodedSig, m, mLen, type); - if (signSz == 0) { - WOLFSSL_MSG("Bad Encode Signature"); - } - else { - show("Encoded Message", encodedSig, signSz); - if (flag != 0) { + if (flag != 0) { + switch (padding) { +#ifdef WC_RSA_NO_PADDING + case RSA_NO_PADDING: + WOLFSSL_MSG("RSA_NO_PADDING not supported for signing"); + ret = BAD_FUNC_ARG; + break; +#endif +#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && defined(WC_RSA_PSS) + case RSA_PKCS1_PSS_PADDING: + { + enum wc_HashType hType = wc_OidGetHash(type); +#ifndef WOLFSSL_PSS_SALT_LEN_DISCOVER + WOLFSSL_MSG("Using RSA-PSS with hash length salt. " + "OpenSSL uses max length by default."); +#endif + ret = wc_RsaPSS_Sign_ex(m, mLen, sigRet, outLen, + hType, wc_hash2mgf(hType), +#ifndef WOLFSSL_PSS_SALT_LEN_DISCOVER + RSA_PSS_SALT_LEN_DEFAULT, +#else + RSA_PSS_SALT_LEN_DISCOVER, +#endif + (RsaKey*)rsa->internal, rng); + break; + } +#endif +#ifndef WC_NO_RSA_OAEP + case RSA_PKCS1_OAEP_PADDING: + { + WOLFSSL_MSG("RSA_PKCS1_OAEP_PADDING not supported for signing"); + ret = BAD_FUNC_ARG; + break; + } +#endif + case RSA_PKCS1_PADDING: + signSz = wc_EncodeSignature(encodedSig, m, mLen, type); + if (signSz == 0) { + WOLFSSL_MSG("Bad Encode Signature"); + } + DEBUG_SIGN_msg("Encoded Message", encodedSig, signSz); ret = wc_RsaSSL_Sign(encodedSig, signSz, sigRet, outLen, (RsaKey*)rsa->internal, rng); - if (ret <= 0) { - WOLFSSL_MSG("Bad Rsa Sign"); - ret = 0; + break; + default: + WOLFSSL_MSG("Unsupported padding"); + ret = BAD_FUNC_ARG; + break; + } + if (ret <= 0) { + WOLFSSL_MSG("Bad Rsa Sign"); + ret = 0; + } + else { + *sigLen = (unsigned int)ret; + ret = WOLFSSL_SUCCESS; + DEBUG_SIGN_msg("Signature", sigRet, *sigLen); + } + } else { + switch (padding) { + case RSA_NO_PADDING: + case RSA_PKCS1_PSS_PADDING: + case RSA_PKCS1_OAEP_PADDING: + ret = WOLFSSL_SUCCESS; + XMEMCPY(sigRet, m, mLen); + *sigLen = mLen; + break; + case RSA_PKCS1_PADDING: + default: + signSz = wc_EncodeSignature(encodedSig, m, mLen, type); + if (signSz == 0) { + WOLFSSL_MSG("Bad Encode Signature"); } - else { - *sigLen = (unsigned int)ret; - ret = SSL_SUCCESS; - show("Signature", sigRet, *sigLen); - } - } else { - ret = SSL_SUCCESS; + ret = WOLFSSL_SUCCESS; XMEMCPY(sigRet, encodedSig, signSz); *sigLen = signSz; + break; } } - } if (initTmpRng) @@ -30965,74 +31051,110 @@ int wolfSSL_RSA_sign_ex(int type, const unsigned char* m, XFREE(encodedSig, NULL, DYNAMIC_TYPE_SIGNATURE); #endif - if (ret == WOLFSSL_SUCCESS) - WOLFSSL_MSG("wolfSSL_RSA_sign success"); + if (ret == WOLFSSL_SUCCESS) { + WOLFSSL_MSG("wolfSSL_RSA_sign_generic_padding success"); + } else { - WOLFSSL_MSG("wolfSSL_RSA_sign failed"); + WOLFSSL_LEAVE("wolfSSL_RSA_sign_generic_padding", ret); + WOLFSSL_MSG("wolfSSL_RSA_sign_generic_padding failed. " + "Returning WOLFSSL_FAILURE."); + ret = WOLFSSL_FAILURE; } return ret; } - /* returns WOLFSSL_SUCCESS on successful verify and WOLFSSL_FAILURE on fail */ int wolfSSL_RSA_verify(int type, const unsigned char* m, unsigned int mLen, const unsigned char* sig, unsigned int sigLen, WOLFSSL_RSA* rsa) { - int ret; - unsigned char *sigRet ; - unsigned char *sigDec ; - unsigned int len; + return wolfSSL_RSA_verify_ex(type, m, mLen, sig, sigLen, rsa, RSA_PKCS1_PADDING); +} + +/* returns WOLFSSL_SUCCESS on successful verify and WOLFSSL_FAILURE on fail */ +int wolfSSL_RSA_verify_ex(int type, const unsigned char* m, + unsigned int mLen, const unsigned char* sig, + unsigned int sigLen, WOLFSSL_RSA* rsa, + int padding) { + int ret = WOLFSSL_FAILURE; + unsigned char *sigRet = NULL; + unsigned char *sigDec = NULL; + unsigned int len = 0; + int verLen; +#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) + int hSum = nid2HashSum(type); + enum wc_HashType hType; +#endif WOLFSSL_ENTER("wolfSSL_RSA_verify"); if ((m == NULL) || (sig == NULL)) { WOLFSSL_MSG("Bad function arguments"); return WOLFSSL_FAILURE; } - - sigRet = (unsigned char *)XMALLOC(sigLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); - if (sigRet == NULL) { - WOLFSSL_MSG("Memory failure"); - return WOLFSSL_FAILURE; - } sigDec = (unsigned char *)XMALLOC(sigLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (sigDec == NULL) { WOLFSSL_MSG("Memory failure"); - XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER); - return WOLFSSL_FAILURE; + goto cleanup; } - /* get non-encrypted signature to be compared with decrypted signature */ - ret = wolfSSL_RSA_sign_ex(type, m, mLen, sigRet, &len, rsa, 0); - if (ret <= 0) { - WOLFSSL_MSG("Message Digest Error"); - XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(sigDec, NULL, DYNAMIC_TYPE_TMP_BUFFER); - return WOLFSSL_FAILURE; - } - show("Encoded Message", sigRet, len); - /* decrypt signature */ - ret = wc_RsaSSL_Verify(sig, sigLen, (unsigned char *)sigDec, sigLen, - (RsaKey*)rsa->internal); - if (ret <= 0) { - WOLFSSL_MSG("RSA Decrypt error"); - XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(sigDec, NULL, DYNAMIC_TYPE_TMP_BUFFER); - return WOLFSSL_FAILURE; - } - show("Decrypted Signature", sigDec, ret); - - if ((int)len == ret && XMEMCMP(sigRet, sigDec, ret) == 0) { - WOLFSSL_MSG("wolfSSL_RSA_verify success"); - XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(sigDec, NULL, DYNAMIC_TYPE_TMP_BUFFER); - return WOLFSSL_SUCCESS; + if (padding != RSA_PKCS1_PSS_PADDING) { + sigRet = (unsigned char *)XMALLOC(sigLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (sigRet == NULL) { + WOLFSSL_MSG("Memory failure"); + goto cleanup; + } + /* get non-encrypted signature to be compared with decrypted signature */ + if (wolfSSL_RSA_sign_generic_padding(type, m, mLen, sigRet, &len, rsa, + 0, padding) <= 0) { + WOLFSSL_MSG("Message Digest Error"); + goto cleanup; + } + DEBUG_SIGN_msg("Encoded Message", sigRet, len); } else { - WOLFSSL_MSG("wolfSSL_RSA_verify failed"); - XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER); - XFREE(sigDec, NULL, DYNAMIC_TYPE_TMP_BUFFER); - return WOLFSSL_FAILURE; + DEBUG_SIGN_msg("Encoded Message", m, mLen); } + /* decrypt signature */ +#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) + hType = wc_OidGetHash(hSum); + if ((verLen = wc_RsaSSL_Verify_ex2(sig, sigLen, (unsigned char *)sigDec, + sigLen, (RsaKey*)rsa->internal, padding, hType)) <= 0) { + WOLFSSL_MSG("RSA Decrypt error"); + goto cleanup; + } +#else + verLen = wc_RsaSSL_Verify(sig, sigLen, (unsigned char *)sigDec, sigLen, + (RsaKey*)rsa->internal); +#endif + DEBUG_SIGN_msg("Decrypted Signature", sigDec, ret); +#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && defined(WC_RSA_PSS) + if (padding == RSA_PKCS1_PSS_PADDING) { + if (wc_RsaPSS_CheckPadding_ex(m, mLen, sigDec, verLen, + hType, +#ifndef WOLFSSL_PSS_SALT_LEN_DISCOVER + RSA_PSS_SALT_LEN_DEFAULT, +#else + RSA_PSS_SALT_LEN_DISCOVER, +#endif + mp_count_bits(&((RsaKey*)rsa->internal)->n)) != 0) { + WOLFSSL_MSG("wc_RsaPSS_CheckPadding_ex error"); + goto cleanup; + } + } + else +#endif /* !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) */ + if ((int)len != verLen || XMEMCMP(sigRet, sigDec, verLen) != 0) { + WOLFSSL_MSG("wolfSSL_RSA_verify_ex failed"); + goto cleanup; + } + + WOLFSSL_MSG("wolfSSL_RSA_verify_ex success"); + ret = WOLFSSL_SUCCESS; +cleanup: + if (sigRet) + XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (sigDec) + XFREE(sigDec, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return ret; } void wolfSSL_RSA_get0_key(const WOLFSSL_RSA *r, const WOLFSSL_BIGNUM **n, @@ -36190,49 +36312,6 @@ int wolfSSL_RSA_LoadDer_ex(WOLFSSL_RSA* rsa, const unsigned char* derBuf, #if defined(WC_RSA_PSS) && (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || \ defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX)) #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) -static int hash2mgf(enum wc_HashType hType) -{ - switch (hType) { -#ifndef NO_SHA - case WC_HASH_TYPE_SHA: - return WC_MGF1SHA1; -#endif -#ifndef NO_SHA256 - case WC_HASH_TYPE_SHA224: -#ifdef WOLFSSL_SHA224 - return WC_MGF1SHA224; -#else - WOLFSSL_MSG("Unrecognized or unsupported hash function"); - return WC_MGF1NONE; -#endif - case WC_HASH_TYPE_SHA256: - return WC_MGF1SHA256; -#endif -#ifdef WOLFSSL_SHA384 - case WC_HASH_TYPE_SHA384: - return WC_MGF1SHA384; -#endif -#ifdef WOLFSSL_SHA512 - case WC_HASH_TYPE_SHA512: - return WC_MGF1SHA512; -#endif - case WC_HASH_TYPE_NONE: - case WC_HASH_TYPE_MD2: - case WC_HASH_TYPE_MD4: - case WC_HASH_TYPE_MD5: - case WC_HASH_TYPE_MD5_SHA: - case WC_HASH_TYPE_SHA3_224: - case WC_HASH_TYPE_SHA3_256: - case WC_HASH_TYPE_SHA3_384: - case WC_HASH_TYPE_SHA3_512: - case WC_HASH_TYPE_BLAKE2B: - case WC_HASH_TYPE_BLAKE2S: - default: - WOLFSSL_MSG("Unrecognized or unsupported hash function"); - return WC_MGF1NONE; - } -} - /* * +-----------+ * | M | @@ -36298,8 +36377,8 @@ int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *EM, goto cleanup; } - if ((mgf = hash2mgf(hashType)) == WC_MGF1NONE) { - WOLFSSL_MSG("hash2mgf error"); + if ((mgf = wc_hash2mgf(hashType)) == WC_MGF1NONE) { + WOLFSSL_MSG("wc_hash2mgf error"); goto cleanup; } @@ -36405,8 +36484,8 @@ int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash, return WOLFSSL_FAILURE; } - if ((mgf = hash2mgf(hashType)) == WC_MGF1NONE) { - WOLFSSL_MSG("hash2mgf error"); + if ((mgf = wc_hash2mgf(hashType)) == WC_MGF1NONE) { + WOLFSSL_MSG("wc_hash2mgf error"); return WOLFSSL_FAILURE; } @@ -36554,7 +36633,7 @@ WOLFSSL_RSA* wolfSSL_RSAPublicKey_dup(WOLFSSL_RSA *rsa) if (wolfSSL_RSA_LoadDer_ex(local, derBuf, derSz, - WOLFSSL_RSA_LOAD_PUBLIC) != SSL_SUCCESS) { + WOLFSSL_RSA_LOAD_PUBLIC) != WOLFSSL_SUCCESS) { wolfSSL_RSA_free(local); local = NULL; } @@ -40207,7 +40286,7 @@ void* wolfSSL_get_app_data(const WOLFSSL *ssl) * ssl WOLFSSL struct to set app data in * arg data to be stored * - * Returns SSL_SUCCESS on success and SSL_FAILURE on failure + * Returns WOLFSSL_SUCCESS on success and SSL_FAILURE on failure */ int wolfSSL_set_app_data(WOLFSSL *ssl, void* arg) { WOLFSSL_ENTER("wolfSSL_set_app_data"); @@ -44986,7 +45065,7 @@ int wolfSSL_CTX_set_msg_callback(WOLFSSL_CTX *ctx, SSL_Msg_Cb cb) * ssl WOLFSSL structure to set callback in * cb callback to use * - * return SSL_SUCCESS on success and SSL_FAILURE with error case + * return WOLFSSL_SUCCESS on success and SSL_FAILURE with error case */ int wolfSSL_set_msg_callback(WOLFSSL *ssl, SSL_Msg_Cb cb) { @@ -45001,7 +45080,7 @@ int wolfSSL_set_msg_callback(WOLFSSL *ssl, SSL_Msg_Cb cb) } ssl->protoMsgCb = cb; - return SSL_SUCCESS; + return WOLFSSL_SUCCESS; } #ifndef NO_WOLFSSL_STUB int wolfSSL_CTX_set_msg_callback_arg(WOLFSSL_CTX *ctx, void* arg) @@ -45054,7 +45133,7 @@ int wolfSSL_CTX_set_alpn_protos(WOLFSSL_CTX *ctx, const unsigned char *p, } ctx->alpn_cli_protos_len = p_len; - return SSL_SUCCESS; + return WOLFSSL_SUCCESS; } @@ -45655,7 +45734,7 @@ int SetRsaInternal(WOLFSSL_RSA* rsa) } -/* SSL_SUCCESS on ok */ +/* WOLFSSL_SUCCESS on ok */ #ifndef NO_WOLFSSL_STUB int wolfSSL_RSA_blinding_on(WOLFSSL_RSA* rsa, WOLFSSL_BN_CTX* bn) { @@ -45719,7 +45798,7 @@ int wolfSSL_RSA_public_encrypt(int len, const unsigned char* fr, if (rsa->inSet == 0) { - if (SetRsaInternal(rsa) != SSL_SUCCESS) { + if (SetRsaInternal(rsa) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("SetRsaInternal failed"); return 0; } @@ -45811,7 +45890,7 @@ int wolfSSL_RSA_private_decrypt(int len, const unsigned char* fr, if (rsa->inSet == 0) { - if (SetRsaInternal(rsa) != SSL_SUCCESS) { + if (SetRsaInternal(rsa) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("SetRsaInternal failed"); return 0; } @@ -45936,7 +46015,7 @@ int wolfSSL_RSA_private_encrypt(int len, unsigned char* in, { WOLFSSL_MSG("Setting internal RSA structure"); - if (SetRsaInternal(rsa) != SSL_SUCCESS) { + if (SetRsaInternal(rsa) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("SetRsaInternal failed"); return 0; } @@ -46092,7 +46171,7 @@ int wolfSSL_BN_mod_mul(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *a, if ((ret = mp_mulmod((mp_int*)a->internal,(mp_int*)p->internal, (mp_int*)m->internal, (mp_int*)r->internal)) == MP_OKAY) { - return SSL_SUCCESS; + return WOLFSSL_SUCCESS; } WOLFSSL_LEAVE("wolfSSL_BN_mod_mul", ret); @@ -47605,7 +47684,7 @@ int wolfSSL_RSA_size(const WOLFSSL_RSA* rsa) return WOLFSSL_FATAL_ERROR; if (rsa->inSet == 0) { - if (SetRsaInternal((WOLFSSL_RSA*)rsa) != SSL_SUCCESS) { + if (SetRsaInternal((WOLFSSL_RSA*)rsa) != WOLFSSL_SUCCESS) { WOLFSSL_MSG("SetRsaInternal failed"); return 0; } diff --git a/tests/api.c b/tests/api.c index e1174da20..93bf734da 100644 --- a/tests/api.c +++ b/tests/api.c @@ -26907,6 +26907,7 @@ static void test_wolfSSL_EVP_MD_rsa_signing(void) defined(USE_CERT_BUFFERS_2048) WOLFSSL_EVP_PKEY* privKey; WOLFSSL_EVP_PKEY* pubKey; + WOLFSSL_EVP_PKEY_CTX* keyCtx; const char testData[] = "Hi There"; WOLFSSL_EVP_MD_CTX mdCtx; size_t checkSz = -1; @@ -26914,6 +26915,14 @@ static void test_wolfSSL_EVP_MD_rsa_signing(void) const unsigned char* cp; const unsigned char* p; unsigned char check[2048/8]; + size_t i; + int paddings[] = { + RSA_PKCS1_PADDING, +#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && defined(WC_RSA_PSS) + RSA_PKCS1_PSS_PADDING, +#endif + }; + printf(testingFmt, "wolfSSL_EVP_MD_rsa_signing()"); @@ -26968,6 +26977,32 @@ static void test_wolfSSL_EVP_MD_rsa_signing(void) AssertIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, check, checkSz), 1); AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); + /* Check all signing padding types */ + for (i = 0; i < sizeof(paddings)/sizeof(int); i++) { + wolfSSL_EVP_MD_CTX_init(&mdCtx); + AssertIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, &keyCtx, + wolfSSL_EVP_sha256(), NULL, privKey), 1); + AssertIntEQ(wolfSSL_EVP_PKEY_CTX_set_rsa_padding(keyCtx, + paddings[i]), 1); + AssertIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData, + (unsigned int)XSTRLEN(testData)), 1); + AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1); + AssertIntEQ((int)checkSz, sz); + AssertIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1); + AssertIntEQ((int)checkSz,sz); + AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); + + wolfSSL_EVP_MD_CTX_init(&mdCtx); + AssertIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, &keyCtx, + wolfSSL_EVP_sha256(), NULL, pubKey), 1); + AssertIntEQ(wolfSSL_EVP_PKEY_CTX_set_rsa_padding(keyCtx, + paddings[i]), 1); + AssertIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData, + (unsigned int)XSTRLEN(testData)), 1); + AssertIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, check, checkSz), 1); + AssertIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); + } + wolfSSL_EVP_PKEY_free(pubKey); wolfSSL_EVP_PKEY_free(privKey); diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index ac1418068..a856e561e 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -2519,8 +2519,8 @@ int wolfSSL_EVP_DigestSignFinal(WOLFSSL_EVP_MD_CTX *ctx, unsigned char *sig, int nid = wolfSSL_EVP_MD_type(wolfSSL_EVP_MD_CTX_md(ctx)); if (nid < 0) break; - ret = wolfSSL_RSA_sign(nid, digest, hashLen, sig, &sigSz, - ctx->pctx->pkey->rsa); + ret = wolfSSL_RSA_sign_generic_padding(nid, digest, hashLen, + sig, &sigSz, ctx->pctx->pkey->rsa, 1, ctx->pctx->padding); if (ret >= 0) *siglen = sigSz; break; @@ -2614,9 +2614,9 @@ int wolfSSL_EVP_DigestVerifyFinal(WOLFSSL_EVP_MD_CTX *ctx, int nid = wolfSSL_EVP_MD_type(wolfSSL_EVP_MD_CTX_md(ctx)); if (nid < 0) return WOLFSSL_FAILURE; - return wolfSSL_RSA_verify(nid, digest, hashLen, sig, + return wolfSSL_RSA_verify_ex(nid, digest, hashLen, sig, (unsigned int)siglen, - ctx->pctx->pkey->rsa); + ctx->pctx->pkey->rsa, ctx->pctx->padding); } #endif /* NO_RSA */ diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index 64289a940..fab08cf84 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -1754,6 +1754,56 @@ int wc_RsaUnPad_ex(byte* pkcsBlock, word32 pkcsBlockLen, byte** out, return ret; } +int wc_hash2mgf(enum wc_HashType hType) +{ + switch (hType) { + case WC_HASH_TYPE_SHA: +#ifndef NO_SHA + return WC_MGF1SHA1; +#else + break; +#endif + case WC_HASH_TYPE_SHA224: +#ifdef WOLFSSL_SHA224 + return WC_MGF1SHA224; +#else + break; +#endif + case WC_HASH_TYPE_SHA256: +#ifndef NO_SHA256 + return WC_MGF1SHA256; +#else + break; +#endif + case WC_HASH_TYPE_SHA384: +#ifdef WOLFSSL_SHA384 + return WC_MGF1SHA384; +#else + break; +#endif + case WC_HASH_TYPE_SHA512: +#ifdef WOLFSSL_SHA512 + return WC_MGF1SHA512; +#else + break; +#endif + case WC_HASH_TYPE_NONE: + case WC_HASH_TYPE_MD2: + case WC_HASH_TYPE_MD4: + case WC_HASH_TYPE_MD5: + case WC_HASH_TYPE_MD5_SHA: + case WC_HASH_TYPE_SHA3_224: + case WC_HASH_TYPE_SHA3_256: + case WC_HASH_TYPE_SHA3_384: + case WC_HASH_TYPE_SHA3_512: + case WC_HASH_TYPE_BLAKE2B: + case WC_HASH_TYPE_BLAKE2S: + default: + break; + } + WOLFSSL_MSG("Unrecognized or unsupported hash function"); + return WC_MGF1NONE; +} #ifdef WC_RSA_NONBLOCK static int wc_RsaFunctionNonBlock(const byte* in, word32 inLen, byte* out, @@ -3228,11 +3278,18 @@ int wc_RsaSSL_VerifyInline(byte* in, word32 inLen, byte** out, RsaKey* key) int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out, word32 outLen, RsaKey* key) { - return wc_RsaSSL_Verify_ex(in, inLen, out, outLen, key , WC_RSA_PKCSV15_PAD); + return wc_RsaSSL_Verify_ex(in, inLen, out, outLen, key, WC_RSA_PKCSV15_PAD); } int wc_RsaSSL_Verify_ex(const byte* in, word32 inLen, byte* out, word32 outLen, RsaKey* key, int pad_type) +{ + return wc_RsaSSL_Verify_ex2(in, inLen, out, outLen, key, pad_type, + WC_HASH_TYPE_NONE); +} + +int wc_RsaSSL_Verify_ex2(const byte* in, word32 inLen, byte* out, word32 outLen, + RsaKey* key, int pad_type, enum wc_HashType hash) { WC_RNG* rng; @@ -3246,9 +3303,15 @@ int wc_RsaSSL_Verify_ex(const byte* in, word32 inLen, byte* out, word32 outLen, rng = NULL; #endif +#ifndef WOLFSSL_PSS_SALT_LEN_DISCOVER return RsaPrivateDecryptEx((byte*)in, inLen, out, outLen, NULL, key, RSA_PUBLIC_DECRYPT, RSA_BLOCK_TYPE_1, pad_type, - WC_HASH_TYPE_NONE, WC_MGF1NONE, NULL, 0, 0, rng); + hash, wc_hash2mgf(hash), NULL, 0, RSA_PSS_SALT_LEN_DEFAULT, rng); +#else + return RsaPrivateDecryptEx((byte*)in, inLen, out, outLen, NULL, key, + RSA_PUBLIC_DECRYPT, RSA_BLOCK_TYPE_1, pad_type, + hash, wc_hash2mgf(hash), NULL, 0, RSA_PSS_SALT_LEN_DISCOVER, rng); +#endif } #endif diff --git a/wolfssl/openssl/rsa.h b/wolfssl/openssl/rsa.h index 5445db196..af11c7bc3 100644 --- a/wolfssl/openssl/rsa.h +++ b/wolfssl/openssl/rsa.h @@ -117,9 +117,16 @@ WOLFSSL_API int wolfSSL_RSA_sign(int type, const unsigned char* m, WOLFSSL_API int wolfSSL_RSA_sign_ex(int type, const unsigned char* m, unsigned int mLen, unsigned char* sigRet, unsigned int* sigLen, WOLFSSL_RSA*, int); +WOLFSSL_API int wolfSSL_RSA_sign_generic_padding(int type, const unsigned char* m, + unsigned int mLen, unsigned char* sigRet, + unsigned int* sigLen, WOLFSSL_RSA*, int, int); WOLFSSL_API int wolfSSL_RSA_verify(int type, const unsigned char* m, unsigned int mLen, const unsigned char* sig, unsigned int sigLen, WOLFSSL_RSA*); +WOLFSSL_API int wolfSSL_RSA_verify_ex(int type, const unsigned char* m, + unsigned int mLen, const unsigned char* sig, + unsigned int sigLen, WOLFSSL_RSA* rsa, + int padding); WOLFSSL_API int wolfSSL_RSA_public_decrypt(int flen, const unsigned char* from, unsigned char* to, WOLFSSL_RSA*, int padding); WOLFSSL_API int wolfSSL_RSA_GenAdd(WOLFSSL_RSA*); diff --git a/wolfssl/wolfcrypt/rsa.h b/wolfssl/wolfcrypt/rsa.h index 8feee70d4..70a32e145 100644 --- a/wolfssl/wolfcrypt/rsa.h +++ b/wolfssl/wolfcrypt/rsa.h @@ -246,6 +246,9 @@ WOLFSSL_API int wc_RsaSSL_Verify(const byte* in, word32 inLen, byte* out, word32 outLen, RsaKey* key); WOLFSSL_API int wc_RsaSSL_Verify_ex(const byte* in, word32 inLen, byte* out, word32 outLen, RsaKey* key, int pad_type); +WOLFSSL_API int wc_RsaSSL_Verify_ex2(const byte* in, word32 inLen, byte* out, + word32 outLen, RsaKey* key, int pad_type, + enum wc_HashType hash); WOLFSSL_API int wc_RsaPSS_VerifyInline(byte* in, word32 inLen, byte** out, enum wc_HashType hash, int mgf, RsaKey* key); @@ -367,6 +370,8 @@ WOLFSSL_LOCAL int wc_RsaUnPad_ex(byte* pkcsBlock, word32 pkcsBlockLen, byte** ou int mgf, byte* optLabel, word32 labelLen, int saltLen, int bits, void* heap); +WOLFSSL_LOCAL int wc_hash2mgf(enum wc_HashType hType); + #endif /* HAVE_USER_RSA */ #ifdef __cplusplus