From 305a754de3588122b5ab12f84b9055e00a3bc2e8 Mon Sep 17 00:00:00 2001 From: David Garske Date: Mon, 3 Jun 2024 12:06:18 -0700 Subject: [PATCH] Improvements to RSA padding. Expose API's to support external pad/unpad. --- examples/async/include.am | 5 +++++ wolfcrypt/src/rsa.c | 38 ++++++++++++++++++++++---------------- wolfssl/wolfcrypt/rsa.h | 19 +++++++++---------- 3 files changed, 36 insertions(+), 26 deletions(-) diff --git a/examples/async/include.am b/examples/async/include.am index b8a6117503..5f189451ca 100644 --- a/examples/async/include.am +++ b/examples/async/include.am @@ -2,20 +2,25 @@ # All paths should be given relative to the root if BUILD_ASYNCCRYPT + noinst_HEADERS += examples/async/async_tls.h +if BUILD_EXAMPLE_CLIENTS noinst_PROGRAMS += examples/async/async_client examples_async_async_client_SOURCES = examples/async/async_client.c examples/async/async_tls.c examples_async_async_client_LDADD = src/libwolfssl@LIBSUFFIX@.la $(LIB_STATIC_ADD) examples_async_async_client_DEPENDENCIES = src/libwolfssl@LIBSUFFIX@.la examples_async_async_client_CFLAGS = $(AM_CFLAGS) +endif +if BUILD_EXAMPLE_SERVERS noinst_PROGRAMS += examples/async/async_server examples_async_async_server_SOURCES = examples/async/async_server.c examples/async/async_tls.c examples_async_async_server_LDADD = src/libwolfssl@LIBSUFFIX@.la $(LIB_STATIC_ADD) examples_async_async_server_DEPENDENCIES = src/libwolfssl@LIBSUFFIX@.la examples_async_async_server_CFLAGS = $(AM_CFLAGS) endif +endif dist_example_DATA+= examples/async/async_server.c dist_example_DATA+= examples/async/async_client.c diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index 99fb241d0f..04a39a32cc 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -129,19 +129,23 @@ enum { static void wc_RsaCleanup(RsaKey* key) { -#if !defined(WOLFSSL_RSA_VERIFY_INLINE) && !defined(WOLFSSL_NO_MALLOC) - if (key && key->data) { +#if !defined(WOLFSSL_NO_MALLOC) && (defined(WOLFSSL_ASYNC_CRYPT) || \ + (!defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_VERIFY_INLINE))) + if (key != NULL) { + #ifndef WOLFSSL_RSA_PUBLIC_ONLY + /* if private operation zero temp buffer */ + if ((key->data != NULL && key->dataLen > 0) && + (key->type == RSA_PRIVATE_DECRYPT || + key->type == RSA_PRIVATE_ENCRYPT)) { + ForceZero(key->data, key->dataLen); + } + #endif /* make sure any allocated memory is free'd */ if (key->dataIsAlloc) { - #ifndef WOLFSSL_RSA_PUBLIC_ONLY - if (key->type == RSA_PRIVATE_DECRYPT || - key->type == RSA_PRIVATE_ENCRYPT) { - ForceZero(key->data, key->dataLen); - } - #endif XFREE(key->data, key->heap, DYNAMIC_TYPE_WOLF_BIGINT); key->dataIsAlloc = 0; } + key->data = NULL; key->dataLen = 0; } @@ -163,10 +167,11 @@ int wc_InitRsaKey_ex(RsaKey* key, void* heap, int devId) key->type = RSA_TYPE_UNKNOWN; key->state = RSA_STATE_NONE; key->heap = heap; -#if !defined(WOLFSSL_RSA_VERIFY_INLINE) && !defined(WOLFSSL_NO_MALLOC) +#if !defined(WOLFSSL_NO_MALLOC) && (defined(WOLFSSL_ASYNC_CRYPT) || \ + (!defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_VERIFY_INLINE))) key->dataIsAlloc = 0; - key->data = NULL; #endif + key->data = NULL; key->dataLen = 0; #ifdef WC_RSA_BLINDING key->rng = NULL; @@ -3504,6 +3509,7 @@ static int RsaPrivateDecryptEx(const byte* in, word32 inLen, byte* out, break; } XMEMCPY(key->data, in, inLen); + key->dataLen = inLen; } else { key->dataIsAlloc = 0; @@ -3537,13 +3543,13 @@ static int RsaPrivateDecryptEx(const byte* in, word32 inLen, byte* out, case RSA_STATE_DECRYPT_UNPAD: #if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_VERIFY_INLINE) && \ !defined(WOLFSSL_NO_MALLOC) - ret = wc_RsaUnPad_ex(key->data, key->dataLen, &pad, pad_value, pad_type, - hash, mgf, label, labelSz, saltLen, - mp_count_bits(&key->n), key->heap); + ret = wc_RsaUnPad_ex(key->data, + key->dataLen, &pad, pad_value, pad_type, hash, mgf, + label, labelSz, saltLen, mp_count_bits(&key->n), key->heap); #else - ret = wc_RsaUnPad_ex(out, key->dataLen, &pad, pad_value, pad_type, hash, - mgf, label, labelSz, saltLen, - mp_count_bits(&key->n), key->heap); + ret = wc_RsaUnPad_ex(out, + key->dataLen, &pad, pad_value, pad_type, hash, mgf, label, + labelSz, saltLen, mp_count_bits(&key->n), key->heap); #endif if (rsa_type == RSA_PUBLIC_DECRYPT && ret > (int)outLen) { ret = RSA_BUFFER_E; diff --git a/wolfssl/wolfcrypt/rsa.h b/wolfssl/wolfcrypt/rsa.h index ae426db28c..f73974dea7 100644 --- a/wolfssl/wolfcrypt/rsa.h +++ b/wolfssl/wolfcrypt/rsa.h @@ -242,8 +242,8 @@ struct RsaKey { char label[RSA_MAX_LABEL_LEN]; int labelLen; #endif -#if defined(WOLFSSL_ASYNC_CRYPT) || !defined(WOLFSSL_RSA_VERIFY_INLINE) && \ - !defined(WOLFSSL_NO_MALLOC) +#if !defined(WOLFSSL_NO_MALLOC) && (defined(WOLFSSL_ASYNC_CRYPT) || \ + (!defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_VERIFY_INLINE))) byte dataIsAlloc; #endif #ifdef WC_RSA_NONBLOCK @@ -441,14 +441,13 @@ WOLFSSL_API int wc_RsaExportKey(RsaKey* key, int nlen, int* isPrime); #endif -WOLFSSL_LOCAL int wc_RsaPad_ex(const byte* input, word32 inputLen, byte* pkcsBlock, - word32 pkcsBlockLen, byte padValue, WC_RNG* rng, int padType, - enum wc_HashType hType, int mgf, byte* optLabel, word32 labelLen, - int saltLen, int bits, void* heap); -WOLFSSL_LOCAL int wc_RsaUnPad_ex(byte* pkcsBlock, word32 pkcsBlockLen, byte** out, - byte padValue, int padType, enum wc_HashType hType, - int mgf, byte* optLabel, word32 labelLen, int saltLen, - int bits, void* heap); +WOLFSSL_API int wc_RsaPad_ex(const byte* input, word32 inputLen, + byte* pkcsBlock, word32 pkcsBlockLen, byte padValue, + WC_RNG* rng, int padType, enum wc_HashType hType, int mgf, + byte* optLabel, word32 labelLen, int saltLen, int bits, void* heap); +WOLFSSL_API int wc_RsaUnPad_ex(byte* pkcsBlock, word32 pkcsBlockLen, + byte** out, byte padValue, int padType, enum wc_HashType hType, int mgf, + byte* optLabel, word32 labelLen, int saltLen, int bits, void* heap); WOLFSSL_LOCAL int wc_hash2mgf(enum wc_HashType hType); WOLFSSL_LOCAL int RsaFunctionCheckIn(const byte* in, word32 inLen, RsaKey* key,