Skip to content

Commit

Permalink
Merge pull request #57 from bandi13/fixRSAOID
Browse files Browse the repository at this point in the history
Hardcode OID
  • Loading branch information
SparkiDev authored Dec 12, 2024
2 parents 4b118eb + 2985755 commit a578b6f
Show file tree
Hide file tree
Showing 8 changed files with 72 additions and 23 deletions.
11 changes: 11 additions & 0 deletions include/wolfprovider/internal.h
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,17 @@

#include "wp_params.h"

#ifndef AES_BLOCK_SIZE
#include <openssl/aes.h>
#ifndef AES_BLOCK_SIZE
#ifdef WC_NO_COMPAT_AES_BLOCK_SIZE
#define AES_BLOCK_SIZE WC_AES_BLOCK_SIZE
#else
#error AES_BLOCK_SIZE not defined when it should be
#endif
#endif
#endif

#ifndef WP_INTERNAL_H
#define WP_INTERNAL_H

Expand Down
6 changes: 3 additions & 3 deletions scripts/utils-wolfssl.sh
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
source ${SCRIPT_DIR}/utils-general.sh

WOLFSSL_GIT=${WOLFSSL_GIT:-"https://github.com/wolfSSL/wolfssl.git"}
WOLFSSL_TAG=${WOLFSSL_TAG:-"v5.7.2-stable"}
WOLFSSL_TAG=${WOLFSSL_TAG:-"v5.7.4-stable"}
WOLFSSL_SOURCE_DIR=${SCRIPT_DIR}/../wolfssl-source
WOLFSSL_INSTALL_DIR=${SCRIPT_DIR}/../wolfssl-install
WOLFSSL_ISFIPS=${WOLFSSL_ISFIPS:-0}
Expand Down Expand Up @@ -78,10 +78,10 @@ install_wolfssl() {
fi
if [ "$WOLFSSL_ISFIPS" = "1" ]; then
printf "with FIPS ... "
CONF_ARGS+=" --enable-fips=ready"
CONF_ARGS+=" --enable-fips=v5"
if [ ! -e "XXX-fips-test" ]; then
# Sometimes the system OpenSSL is different than the one we're using. So for the 'git' commands, we'll just use whatever the system comes with
LD_LIBRARY_PATH="" ./fips-check.sh keep nomakecheck fips-ready >>$LOG_FILE 2>&1
LD_LIBRARY_PATH="" ./fips-check.sh keep nomakecheck linuxv5 >>$LOG_FILE 2>&1
if [ $? != 0 ]; then
printf "ERROR checking out FIPS\n"
rm -rf ${WOLFSSL_INSTALL_DIR}
Expand Down
2 changes: 1 addition & 1 deletion src/wp_digests.c
Original file line number Diff line number Diff line change
Expand Up @@ -583,7 +583,7 @@ static int name##_final(CTX* ctx, unsigned char* out, size_t* outLen, \
ok = 0; \
} \
if (ok) { \
int rc = fin(&ctx->obj, out, ctx->outLen); \
int rc = fin(&ctx->obj, out, (word32)ctx->outLen); \
if (rc != 0) { \
ok = 0; \
} \
Expand Down
4 changes: 2 additions & 2 deletions src/wp_ecx_exch.c
Original file line number Diff line number Diff line change
Expand Up @@ -230,7 +230,7 @@ static int wp_x25519_derive(wp_EcxCtx* ctx, unsigned char* secret,
}
else if (ok) {
int rc;
word32 len = secSize;
word32 len = (word32)secSize;
int i;

rc = wc_curve25519_shared_secret(wp_ecx_get_key(ctx->key),
Expand Down Expand Up @@ -316,7 +316,7 @@ static int wp_x448_derive(wp_EcxCtx* ctx, unsigned char* secret,
}
else if (ok) {
int rc;
word32 len = secSize;
word32 len = (word32)secSize;

rc = wc_curve448_shared_secret(wp_ecx_get_key(ctx->key),
wp_ecx_get_key(ctx->peer), secret, &len);
Expand Down
16 changes: 8 additions & 8 deletions src/wp_ecx_kmgmt.c
Original file line number Diff line number Diff line change
Expand Up @@ -404,7 +404,7 @@ static int wp_ecx_set_params(wp_Ecx* ecx, const OSSL_PARAM params[])
ok = 0;
}
if (ok && (data != NULL)) {
int rc = (*ecx->data->importPub)(data, len, (void*)&ecx->key,
int rc = (*ecx->data->importPub)(data, (word32)len, (void*)&ecx->key,
ECX_LITTLE_ENDIAN);
if (rc != 0) {
ok = 0;
Expand Down Expand Up @@ -479,7 +479,7 @@ static int wp_ecx_get_params_enc_pub_key(wp_Ecx* ecx, OSSL_PARAM params[],

p = OSSL_PARAM_locate(params, key);
if (p != NULL) {
word32 outLen = p->return_size;
word32 outLen = (word32)p->return_size;

if (p->data == NULL) {
outLen = ecx->data->len;
Expand Down Expand Up @@ -513,7 +513,7 @@ static int wp_ecx_get_params_priv_key(wp_Ecx* ecx, OSSL_PARAM params[])

p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_PRIV_KEY);
if (p != NULL) {
word32 outLen = p->return_size;
word32 outLen = (word32)p->return_size;

if (p->data == NULL) {
outLen = ecx->data->len;
Expand Down Expand Up @@ -869,7 +869,7 @@ static int wp_ecx_import(wp_Ecx* ecx, int selection, const OSSL_PARAM params[])
if (ok && (privData != NULL)) {
ecx->unclamped[0] = privData[0];
ecx->unclamped[1] = privData[len - 1];
rc = (*ecx->data->importPriv)(privData, len, (void*)&ecx->key,
rc = (*ecx->data->importPriv)(privData, (word32)len, (void*)&ecx->key,
ECX_LITTLE_ENDIAN);
if (rc != 0) {
ok = 0;
Expand All @@ -886,7 +886,7 @@ static int wp_ecx_import(wp_Ecx* ecx, int selection, const OSSL_PARAM params[])
ok = 0;
}
if (ok && (pubData != NULL)) {
rc = (*ecx->data->importPub)(pubData, len, (void*)&ecx->key,
rc = (*ecx->data->importPub)(pubData, (word32)len, (void*)&ecx->key,
ECX_LITTLE_ENDIAN);
if (rc != 0) {
ok = 0;
Expand Down Expand Up @@ -2034,7 +2034,7 @@ static int wp_ecx_encode(wp_EcxEncDecCtx* ctx, OSSL_CORE_BIO *cBio,
keyLen = derLen;
}
else if (ok && (ctx->encoding == WP_FORMAT_PEM)) {
rc = wc_DerToPemEx(derData, derLen, NULL, 0, cipherInfo, pemType);
rc = wc_DerToPemEx(derData, (word32)derLen, NULL, 0, cipherInfo, pemType);
if (rc <= 0) {
ok = 0;
}
Expand All @@ -2046,7 +2046,7 @@ static int wp_ecx_encode(wp_EcxEncDecCtx* ctx, OSSL_CORE_BIO *cBio,
}
}
if (ok) {
rc = wc_DerToPemEx(derData, derLen, pemData, pemLen, cipherInfo,
rc = wc_DerToPemEx(derData, (word32)derLen, pemData, (word32)pemLen, cipherInfo,
pemType);
if (rc <= 0) {
ok = 0;
Expand All @@ -2058,7 +2058,7 @@ static int wp_ecx_encode(wp_EcxEncDecCtx* ctx, OSSL_CORE_BIO *cBio,
}
}
if (ok) {
rc = BIO_write(out, keyData, keyLen);
rc = BIO_write(out, keyData, (int)keyLen);
if (rc <= 0) {
ok = 0;
}
Expand Down
16 changes: 8 additions & 8 deletions src/wp_ecx_sig.c
Original file line number Diff line number Diff line change
Expand Up @@ -362,7 +362,7 @@ static int wp_ed25519_digest_sign(wp_EcxSigCtx *ctx, unsigned char *sig,
if (sigSize == (size_t)-1) {
sigSize = *sigLen;
}
len = sigSize;
len = (word32)sigSize;

if (!ed25519->pubKeySet) {
unsigned char pubKey[ED25519_PUB_KEY_SIZE];
Expand All @@ -379,7 +379,7 @@ static int wp_ed25519_digest_sign(wp_EcxSigCtx *ctx, unsigned char *sig,
}
}
if (ok) {
rc = wc_ed25519_sign_msg(tbs, tbsLen, sig, &len, ed25519);
rc = wc_ed25519_sign_msg(tbs, (word32)tbsLen, sig, &len, ed25519);
if (rc != 0) {
ok = 0;
}
Expand Down Expand Up @@ -434,8 +434,8 @@ static int wp_ed25519_digest_verify(wp_EcxSigCtx *ctx, unsigned char *sig,
}
if (ok) {
int res;
int rc = wc_ed25519_verify_msg(sig, sigLen, tbs, tbsLen, &res,
wp_ecx_get_key(ctx->ecx));
int rc = wc_ed25519_verify_msg(sig, (word32)sigLen, tbs, (word32)tbsLen,
&res, wp_ecx_get_key(ctx->ecx));
if (rc != 0) {
ok = 0;
}
Expand Down Expand Up @@ -504,7 +504,7 @@ static int wp_ed448_digest_sign(wp_EcxSigCtx *ctx, unsigned char *sig,
if (sigSize == (size_t)-1) {
sigSize = *sigLen;
}
len = sigSize;
len = (word32)sigSize;

if (!ed448->pubKeySet) {
unsigned char pubKey[ED448_PUB_KEY_SIZE];
Expand All @@ -521,7 +521,7 @@ static int wp_ed448_digest_sign(wp_EcxSigCtx *ctx, unsigned char *sig,
}
}
if (ok) {
rc = wc_ed448_sign_msg(tbs, tbsLen, sig, &len,
rc = wc_ed448_sign_msg(tbs, (word32)tbsLen, sig, &len,
(ed448_key*)wp_ecx_get_key(ctx->ecx), NULL, 0);
if (rc != 0) {
ok = 0;
Expand Down Expand Up @@ -582,8 +582,8 @@ static int wp_ed448_digest_verify(wp_EcxSigCtx *ctx, unsigned char *sig,
}
if (ok) {
int res;
int rc = wc_ed448_verify_msg(sig, sigLen, tbs, tbsLen, &res,
wp_ecx_get_key(ctx->ecx), NULL, 0);
int rc = wc_ed448_verify_msg(sig, (word32)sigLen, tbs, (word32)tbsLen,
&res, wp_ecx_get_key(ctx->ecx), NULL, 0);
if (rc != 0) {
ok = 0;
}
Expand Down
8 changes: 7 additions & 1 deletion src/wp_rsa_sig.c
Original file line number Diff line number Diff line change
Expand Up @@ -1247,7 +1247,13 @@ static int wp_rsa_get_alg_id(wp_RsaSigCtx* ctx, OSSL_PARAM* p)
/* TODO: implement */
(void)ctx;
(void)p;
return 0;
const byte sha256WithRSAEncryptionOid[] = {0x30, 0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x04, 0x10};
int ok = 1;

if (ok && (!OSSL_PARAM_set_octet_string(p, sha256WithRSAEncryptionOid, sizeof(sha256WithRSAEncryptionOid)))) {
ok = 0;
}
return ok;
}

/**
Expand Down
32 changes: 32 additions & 0 deletions src/wp_wolfprov.c
Original file line number Diff line number Diff line change
Expand Up @@ -1123,6 +1123,34 @@ static const OSSL_DISPATCH wolfprov_dispatch_table[] = {
{ 0, NULL }
};

#ifdef HAVE_FIPS
#include <wolfssl/wolfcrypt/fips_test.h>

static void wp_fipsCb(int ok, int err, const char* hash)
{
(void)ok;
(void)err;
(void)hash;
WOLFPROVIDER_MSG(WE_LOG_PROVIDER,
"in my Fips callback, ok = %d, err = %d\n", ok, err);
WOLFPROVIDER_MSG(WE_LOG_PROVIDER,
"message = %s\n", wc_GetErrorString(err));
WOLFPROVIDER_MSG(WE_LOG_PROVIDER,
"hash = %s\n", hash);

#ifdef WC_NO_ERR_TRACE
if (err == WC_NO_ERR_TRACE(IN_CORE_FIPS_E)) {
#else
if (err == IN_CORE_FIPS_E) {
#endif
WOLFPROVIDER_MSG(WE_LOG_PROVIDER,
"In core integrity hash check failure, copy above hash\n");
WOLFPROVIDER_MSG(WE_LOG_PROVIDER,
"into verifyCore[] in fips_test.c and rebuild\n");
}
}
#endif

/*
* Initializes the wolfSSL provider.
*
Expand All @@ -1144,6 +1172,10 @@ int wolfssl_provider_init(const OSSL_CORE_HANDLE* handle,
wolfSSL_SetLoggingPrefix("wolfSSL");
#endif

#ifdef HAVE_FIPS
wolfCrypt_SetCb_fips(wp_fipsCb);
#endif

for (; in->function_id != 0; in++) {
switch (in->function_id) {
case OSSL_FUNC_CORE_GETTABLE_PARAMS:
Expand Down

0 comments on commit a578b6f

Please sign in to comment.