diff --git a/include/wolfprovider/internal.h b/include/wolfprovider/internal.h index 8296728..e659ecf 100644 --- a/include/wolfprovider/internal.h +++ b/include/wolfprovider/internal.h @@ -150,7 +150,7 @@ enum wc_HashType wp_nid_to_wc_hash_type(int nid); int wp_name_to_wc_mgf(OSSL_LIB_CTX* libCtx, const char* name, const char* propQ); int wp_mgf1_from_hash(int nid); -int wp_hash_copy(wc_HashAlg* src, wc_HashAlg* dst, enum wc_HashType hashType); +int wp_hash_copy(wc_HashAlg* src, wc_HashAlg* dst); int wp_cipher_from_params(const OSSL_PARAM params[], int* cipher, const char** cipherName); diff --git a/src/wp_ecdsa_sig.c b/src/wp_ecdsa_sig.c index 272b926..0797e57 100644 --- a/src/wp_ecdsa_sig.c +++ b/src/wp_ecdsa_sig.c @@ -51,8 +51,6 @@ typedef struct wp_EcdsaSigCtx { /** wolfSSL hash object. */ wc_HashAlg hash; - /** Hash algorithm to use on data to be signed. */ - enum wc_HashType hashType; /** Property query string. */ char* propQuery; @@ -140,8 +138,7 @@ static wp_EcdsaSigCtx* wp_ecdsa_dupctx(wp_EcdsaSigCtx* srcCtx) ok = 0; } - if (ok && (!wp_hash_copy(&srcCtx->hash, &dstCtx->hash, - srcCtx->hashType))) { + if (ok && (!wp_hash_copy(&srcCtx->hash, &dstCtx->hash))) { ok = 0; } if (ok && (!wp_ecc_up_ref(srcCtx->ecc))) { @@ -149,7 +146,6 @@ static wp_EcdsaSigCtx* wp_ecdsa_dupctx(wp_EcdsaSigCtx* srcCtx) } if (ok) { dstCtx->ecc = srcCtx->ecc; - dstCtx->hashType = srcCtx->hashType; dstCtx->op = srcCtx->op; XMEMCPY(dstCtx->mdName, srcCtx->mdName, sizeof(srcCtx->mdName)); } @@ -249,8 +245,8 @@ static int wp_ecdsa_sign(wp_EcdsaSigCtx *ctx, unsigned char *sig, *sigLen = wc_ecc_sig_size(wp_ecc_get_key(ctx->ecc)); } else { - if ((ctx->hashType != WC_HASH_TYPE_NONE) && - (tbsLen != (size_t)wc_HashGetDigestSize(ctx->hashType))) { + if ((ctx->hash.type != WC_HASH_TYPE_NONE) && + (tbsLen != (size_t)wc_HashGetDigestSize(ctx->hash.type))) { ok = 0; } else if ((ok = wp_ecc_check_usage(ctx->ecc))) { @@ -410,17 +406,17 @@ static int wp_ecdsa_setup_md(wp_EcdsaSigCtx *ctx, const char *mdName, if (mdName != NULL) { int rc; - ctx->hashType = wp_name_to_wc_hash_type(ctx->libCtx, mdName, mdProps); - if ((ctx->hashType == WC_HASH_TYPE_NONE) || - (ctx->hashType == WC_HASH_TYPE_MD5)) { + ctx->hash.type = wp_name_to_wc_hash_type(ctx->libCtx, mdName, mdProps); + if ((ctx->hash.type == WC_HASH_TYPE_NONE) || + (ctx->hash.type == WC_HASH_TYPE_MD5)) { ok = 0; } - if ((ctx->hashType == WC_HASH_TYPE_SHA) && (op == EVP_PKEY_OP_SIGN)) { + if ((ctx->hash.type == WC_HASH_TYPE_SHA) && (op == EVP_PKEY_OP_SIGN)) { ok = 0; } if (ok) { - rc = wc_HashInit_ex(&ctx->hash, ctx->hashType, NULL, INVALID_DEVID); + rc = wc_HashInit_ex(&ctx->hash, ctx->hash.type, NULL, INVALID_DEVID); if (rc != 0) { ok = 0; } @@ -475,7 +471,7 @@ static int wp_ecdsa_digest_signverify_update(wp_EcdsaSigCtx *ctx, const unsigned char *data, size_t dataLen) { int ok = 1; - int rc = wc_HashUpdate(&ctx->hash, ctx->hashType, data, (word32)dataLen); + int rc = wc_HashUpdate(&ctx->hash, ctx->hash.type, data, (word32)dataLen); if (rc != 0) { ok = 0; } @@ -533,7 +529,7 @@ static int wp_ecdsa_digest_sign_final(wp_EcdsaSigCtx *ctx, unsigned char *sig, ok = 0; } else if (sig != NULL) { - int rc = wc_HashFinal(&ctx->hash, ctx->hashType, digest); + int rc = wc_HashFinal(&ctx->hash, ctx->hash.type, digest); if (rc != 0) { ok = 0; } @@ -541,7 +537,7 @@ static int wp_ecdsa_digest_sign_final(wp_EcdsaSigCtx *ctx, unsigned char *sig, if (ok) { ok = wp_ecdsa_sign(ctx, sig, sigLen, sigSize, digest, - wc_HashGetDigestSize(ctx->hashType)); + wc_HashGetDigestSize(ctx->hash.type)); } WOLFPROV_LEAVE(WP_LOG_KE, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), ok); @@ -594,7 +590,7 @@ static int wp_ecdsa_digest_verify_final(wp_EcdsaSigCtx *ctx, unsigned char *sig, ok = 0; } else { - int rc = wc_HashFinal(&ctx->hash, ctx->hashType, digest); + int rc = wc_HashFinal(&ctx->hash, ctx->hash.type, digest); if (rc != 0) { ok = 0; } @@ -602,7 +598,7 @@ static int wp_ecdsa_digest_verify_final(wp_EcdsaSigCtx *ctx, unsigned char *sig, if (ok) { ok = wp_ecdsa_verify(ctx,sig, sigLen, digest, - wc_HashGetDigestSize(ctx->hashType)); + wc_HashGetDigestSize(ctx->hash.type)); } WOLFPROV_LEAVE(WP_LOG_KE, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), ok); diff --git a/src/wp_ecx_sig.c b/src/wp_ecx_sig.c index 7e4e9d0..40817c4 100644 --- a/src/wp_ecx_sig.c +++ b/src/wp_ecx_sig.c @@ -50,8 +50,6 @@ typedef struct wp_EcxSigCtx { /** wolfSSL hash object. */ wc_HashAlg hash; - /** Hash algorithm to use on data to be signed. */ - enum wc_HashType hashType; /** Property query string. */ char* propQuery; @@ -135,8 +133,7 @@ static wp_EcxSigCtx* wp_ecx_dupctx(wp_EcxSigCtx* srcCtx) ok = 0; } - if (ok && (!wp_hash_copy(&srcCtx->hash, &dstCtx->hash, - srcCtx->hashType))) { + if (ok && (!wp_hash_copy(&srcCtx->hash, &dstCtx->hash))) { ok = 0; } if (ok && (!wp_ecx_up_ref(srcCtx->ecx))) { @@ -144,7 +141,6 @@ static wp_EcxSigCtx* wp_ecx_dupctx(wp_EcxSigCtx* srcCtx) } if (ok) { dstCtx->ecx = srcCtx->ecx; - dstCtx->hashType = srcCtx->hashType; dstCtx->op = srcCtx->op; XMEMCPY(dstCtx->mdName, srcCtx->mdName, sizeof(srcCtx->mdName)); } diff --git a/src/wp_internal.c b/src/wp_internal.c index 7eb0c02..db1cab3 100644 --- a/src/wp_internal.c +++ b/src/wp_internal.c @@ -248,62 +248,62 @@ int wp_mgf1_from_hash(int nid) * @return 1 on success. * @return 0 on failure. */ -int wp_hash_copy(wc_HashAlg* src, wc_HashAlg* dst, enum wc_HashType hashType) +int wp_hash_copy(wc_HashAlg* src, wc_HashAlg* dst) { int ok = 1; int rc = 0; - switch (hashType) { + switch (src->type) { case WC_HASH_TYPE_MD5: #ifdef WP_HAVE_MD5 - rc = wc_Md5Copy(&src->md5, &dst->md5); + rc = wc_Md5Copy(&src->alg.md5, &dst->alg.md5); #else ok = 0; #endif break; case WC_HASH_TYPE_SHA: #ifdef WP_HAVE_SHA1 - rc = wc_ShaCopy(&src->sha, &dst->sha); + rc = wc_ShaCopy(&src->alg.sha, &dst->alg.sha); #else ok = 0; #endif break; case WC_HASH_TYPE_SHA224: #ifdef WP_HAVE_SHA224 - rc = wc_Sha224Copy(&src->sha224, &dst->sha224); + rc = wc_Sha224Copy(&src->alg.sha224, &dst->alg.sha224); #else ok = 0; #endif break; case WC_HASH_TYPE_SHA256: #ifdef WP_HAVE_SHA256 - rc = wc_Sha256Copy(&src->sha256, &dst->sha256); + rc = wc_Sha256Copy(&src->alg.sha256, &dst->alg.sha256); #else ok = 0; #endif break; case WC_HASH_TYPE_SHA384: #ifdef WP_HAVE_SHA384 - rc = wc_Sha384Copy(&src->sha384, &dst->sha384); + rc = wc_Sha384Copy(&src->alg.sha384, &dst->alg.sha384); #else ok = 0; #endif break; #ifdef WP_HAVE_SHA512 case WC_HASH_TYPE_SHA512: - rc = wc_Sha512Copy(&src->sha512, &dst->sha512); + rc = wc_Sha512Copy(&src->alg.sha512, &dst->alg.sha512); break; #if LIBWOLFSSL_VERSION_HEX >= 0x05000000 #if !defined(WOLFSSL_NOSHA512_224) && !defined(HAVE_FIPS) && \ !defined(SELF_TEST) case WC_HASH_TYPE_SHA512_224: - rc = wc_Sha512_224Copy(&src->sha512, &dst->sha512); + rc = wc_Sha512_224Copy(&src->alg.sha512, &dst->alg.sha512); break; #endif /* !WOLFSSL_NOSHA512_224 */ #if !defined(WOLFSSL_NOSHA512_256) && !defined(HAVE_FIPS) && \ !defined(SELF_TEST) case WC_HASH_TYPE_SHA512_256: - rc = wc_Sha512_256Copy(&src->sha512, &dst->sha512); + rc = wc_Sha512_256Copy(&src->alg.sha512, &dst->alg.sha512); break; #endif /* !WOLFSSL_NOSHA512_256 */ #endif /* LIBWOLFSSL_VERSION_HEX >= 0x05000000 */ @@ -316,16 +316,16 @@ int wp_hash_copy(wc_HashAlg* src, wc_HashAlg* dst, enum wc_HashType hashType) #endif /* WP_HAVE_SHA512 */ #ifdef WP_HAVE_SHA3 case WC_HASH_TYPE_SHA3_224: - rc = wc_Sha3_224_Copy(&src->sha3, &dst->sha3); + rc = wc_Sha3_224_Copy(&src->alg.sha3, &dst->alg.sha3); break; case WC_HASH_TYPE_SHA3_256: - rc = wc_Sha3_256_Copy(&src->sha3, &dst->sha3); + rc = wc_Sha3_256_Copy(&src->alg.sha3, &dst->alg.sha3); break; case WC_HASH_TYPE_SHA3_384: - rc = wc_Sha3_384_Copy(&src->sha3, &dst->sha3); + rc = wc_Sha3_384_Copy(&src->alg.sha3, &dst->alg.sha3); break; case WC_HASH_TYPE_SHA3_512: - rc = wc_Sha3_512_Copy(&src->sha3, &dst->sha3); + rc = wc_Sha3_512_Copy(&src->alg.sha3, &dst->alg.sha3); break; #else case WC_HASH_TYPE_SHA3_224: @@ -355,6 +355,8 @@ int wp_hash_copy(wc_HashAlg* src, wc_HashAlg* dst, enum wc_HashType hashType) } if (rc != 0) { ok = 0; + } else { + dst->type = src->type; } WOLFPROV_LEAVE(WP_LOG_PROVIDER, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), ok); diff --git a/src/wp_rsa_sig.c b/src/wp_rsa_sig.c index 5260109..6ef129b 100644 --- a/src/wp_rsa_sig.c +++ b/src/wp_rsa_sig.c @@ -80,8 +80,6 @@ typedef struct wp_RsaSigCtx { /** wolfSSL hash object. */ wc_HashAlg hash; - /** Hash algorithm to use on data to be signed. */ - enum wc_HashType hashType; /** Length of salt to use when padding mode is PSS. */ int saltLen; /** Minimum salt length when padding mode is PSS based on RSA key. */ @@ -136,8 +134,8 @@ static int wp_rsa_setup_md(wp_RsaSigCtx* ctx, const char* mdName, (hashType == WC_HASH_TYPE_MD5)) { ok = 0; } - if (ok && (ctx->hashType != WC_HASH_TYPE_NONE) && - (hashType != ctx->hashType)) { + if (ok && (ctx->hash.type != WC_HASH_TYPE_NONE) && + (hashType != ctx->hash.type)) { ok = 0; } #ifdef HAVE_FIPS @@ -148,11 +146,11 @@ static int wp_rsa_setup_md(wp_RsaSigCtx* ctx, const char* mdName, (void)op; #endif if (ok) { - ctx->hashType = hashType; + ctx->hash.type = hashType; } if (ok) { - rc = wc_HashInit_ex(&ctx->hash, ctx->hashType, NULL, INVALID_DEVID); + rc = wc_HashInit_ex(&ctx->hash, ctx->hash.type, NULL, INVALID_DEVID); if (rc != 0) { ok = 0; } @@ -295,8 +293,8 @@ static wp_RsaSigCtx* wp_rsa_ctx_dup(wp_RsaSigCtx* srcCtx) ok = 0; } - if (ok && (srcCtx->hashType != WC_HASH_TYPE_NONE) && - (!wp_hash_copy(&srcCtx->hash, &dstCtx->hash, srcCtx->hashType))) { + if (ok && (srcCtx->hash.type != WC_HASH_TYPE_NONE) && + (!wp_hash_copy(&srcCtx->hash, &dstCtx->hash))) { ok = 0; } if (ok && (!wp_rsa_up_ref(srcCtx->rsa))) { @@ -304,7 +302,6 @@ static wp_RsaSigCtx* wp_rsa_ctx_dup(wp_RsaSigCtx* srcCtx) } if (ok) { dstCtx->rsa = srcCtx->rsa; - dstCtx->hashType = srcCtx->hashType; dstCtx->mgf = srcCtx->mgf; dstCtx->mgfSet = srcCtx->mgfSet; dstCtx->padMode = srcCtx->padMode; @@ -378,7 +375,7 @@ static int wp_rsa_check_pss_salt_len(wp_RsaSigCtx* ctx) int maxSaltLen; int bits = wp_rsa_get_bits(ctx->rsa); - maxSaltLen = ((bits + 7) / 8) - wc_HashGetDigestSize(ctx->hashType) - 2; + maxSaltLen = ((bits + 7) / 8) - wc_HashGetDigestSize(ctx->hash.type) - 2; if (((bits - 1) & 0x07) == 0) { maxSaltLen--; } @@ -518,8 +515,8 @@ static int wp_rsa_sign_pkcs1(wp_RsaSigCtx* ctx, unsigned char* sig, unsigned char* encodedDigest = NULL; int encodedDigestLen = 0; - if (ctx->hashType != WC_HASH_TYPE_NONE) { - if (tbsLen != (size_t)wc_HashGetDigestSize(ctx->hashType)) { + if (ctx->hash.type != WC_HASH_TYPE_NONE) { + if (tbsLen != (size_t)wc_HashGetDigestSize(ctx->hash.type)) { ok = 0; } if (ok) { @@ -530,7 +527,7 @@ static int wp_rsa_sign_pkcs1(wp_RsaSigCtx* ctx, unsigned char* sig, } if (ok) { encodedDigestLen = wc_EncodeSignature(encodedDigest, tbs, - (word32)tbsLen, wc_HashGetOID(ctx->hashType)); + (word32)tbsLen, wc_HashGetOID(ctx->hash.type)); if (encodedDigestLen <= 0) { ok = 0; } @@ -579,12 +576,12 @@ static int wp_rsa_sign_pss(wp_RsaSigCtx* ctx, unsigned char* sig, { int ok = 1; int rc; - int saltLen = wp_pss_salt_len_to_wc(ctx->saltLen, ctx->hashType, + int saltLen = wp_pss_salt_len_to_wc(ctx->saltLen, ctx->hash.type, wp_rsa_get_key(ctx->rsa), EVP_PKEY_OP_SIGN); PRIVATE_KEY_UNLOCK(); rc = wc_RsaPSS_Sign_ex(tbs, (word32)tbsLen, sig, (word32)sigSize, - ctx->hashType, ctx->mgf, saltLen, wp_rsa_get_key(ctx->rsa), + ctx->hash.type, ctx->mgf, saltLen, wp_rsa_get_key(ctx->rsa), &ctx->rng); PRIVATE_KEY_LOCK(); if (rc < 0) { @@ -748,7 +745,7 @@ static int wp_rsa_verify_pkcs1(wp_RsaSigCtx* ctx, const unsigned char* sig, } if (ok) { encodedDigestLen = wc_EncodeSignature(encodedDigest, tbs, - (word32)tbsLen, wc_HashGetOID(ctx->hashType)); + (word32)tbsLen, wc_HashGetOID(ctx->hash.type)); if (encodedDigestLen <= 0) { ok = 0; } @@ -789,15 +786,15 @@ static int wp_rsa_verify_pss(wp_RsaSigCtx* ctx, const unsigned char* sig, int rc; int saltLen; - if (ctx->hashType == WC_HASH_TYPE_NONE) { + if (ctx->hash.type == WC_HASH_TYPE_NONE) { ok = wp_rsa_setup_md(ctx, WP_RSA_DEFAULT_MD, NULL, EVP_PKEY_OP_VERIFY); } if (ok) { - saltLen = wp_pss_salt_len_to_wc(ctx->saltLen, ctx->hashType, + saltLen = wp_pss_salt_len_to_wc(ctx->saltLen, ctx->hash.type, wp_rsa_get_key(ctx->rsa), EVP_PKEY_OP_VERIFY); rc = wc_RsaPSS_Verify_ex((byte*)sig, (word32)sigLen, decryptedSig, - (word32)sigLen, ctx->hashType, ctx->mgf, saltLen, + (word32)sigLen, ctx->hash.type, ctx->mgf, saltLen, wp_rsa_get_key(ctx->rsa)); if (rc < 0) { ok = 0; @@ -805,7 +802,7 @@ static int wp_rsa_verify_pss(wp_RsaSigCtx* ctx, const unsigned char* sig, } if (ok) { rc = wc_RsaPSS_CheckPadding_ex(tbs, (word32)tbsLen, decryptedSig, rc, - ctx->hashType, saltLen, 0); + ctx->hash.type, saltLen, 0); if (rc != 0) { ok = 0; } @@ -990,7 +987,7 @@ static int wp_rsa_digest_signverify_update(wp_RsaSigCtx* ctx, const unsigned char* data, size_t dataLen) { int ok = 1; - int rc = wc_HashUpdate(&ctx->hash, ctx->hashType, data, (word32)dataLen); + int rc = wc_HashUpdate(&ctx->hash, ctx->hash.type, data, (word32)dataLen); if (rc != 0) { ok = 0; } @@ -1048,7 +1045,7 @@ static int wp_rsa_digest_sign_final(wp_RsaSigCtx* ctx, unsigned char* sig, ok = 0; } else if (sig != NULL) { - int rc = wc_HashFinal(&ctx->hash, ctx->hashType, digest); + int rc = wc_HashFinal(&ctx->hash, ctx->hash.type, digest); if (rc != 0) { ok = 0; } @@ -1056,7 +1053,7 @@ static int wp_rsa_digest_sign_final(wp_RsaSigCtx* ctx, unsigned char* sig, if (ok) { ok = wp_rsa_sign(ctx, sig, sigLen, sigSize, digest, - wc_HashGetDigestSize(ctx->hashType)); + wc_HashGetDigestSize(ctx->hash.type)); } WOLFPROV_LEAVE(WP_LOG_PK, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), ok); @@ -1109,7 +1106,7 @@ static int wp_rsa_digest_verify_final(wp_RsaSigCtx* ctx, unsigned char* sig, ok = 0; } else { - int rc = wc_HashFinal(&ctx->hash, ctx->hashType, digest); + int rc = wc_HashFinal(&ctx->hash, ctx->hash.type, digest); if (rc != 0) { ok = 0; } @@ -1117,7 +1114,7 @@ static int wp_rsa_digest_verify_final(wp_RsaSigCtx* ctx, unsigned char* sig, if (ok) { ok = wp_rsa_verify(ctx,sig, sigLen, digest, - wc_HashGetDigestSize(ctx->hashType)); + wc_HashGetDigestSize(ctx->hash.type)); } WOLFPROV_LEAVE(WP_LOG_PK, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), ok); @@ -1392,7 +1389,7 @@ static int wp_rsa_set_pad_mode(wp_RsaSigCtx* ctx, const OSSL_PARAM* p) } } else if (padMode == RSA_NO_PADDING) { - if (ctx->hashType != WC_HASH_TYPE_NONE) { + if (ctx->hash.type != WC_HASH_TYPE_NONE) { ok = 0; } }