From 4b90afa37b27c97bd84a5caa11b952d5648f6cc6 Mon Sep 17 00:00:00 2001 From: David Garske Date: Tue, 2 May 2023 18:10:25 -0700 Subject: [PATCH] Provide way to disable ASN but have `wc_RsaPublicKeyDecodeRaw`, which doesn't need ASN.1 parsing. --- configure.ac | 4 +- wolfcrypt/src/asn.c | 123 ++++++++++++++++++++++-------------------- wolfcrypt/test/test.c | 2 + 3 files changed, 69 insertions(+), 60 deletions(-) diff --git a/configure.ac b/configure.ac index 8ccf5b5f53..af51651f50 100644 --- a/configure.ac +++ b/configure.ac @@ -3990,7 +3990,7 @@ else fi if test "$ENABLED_RSA" = "yes" && test "$ENABLED_RSAVFY" = "no" && \ - test "$ENABLED_ASN" = "no" + test "$ENABLED_ASN" = "no" && test "$ENABLED_LOWRESOURCE" = "no" then AC_MSG_ERROR([please disable rsa if disabling asn.]) fi @@ -8457,7 +8457,7 @@ AM_CONDITIONAL([BUILD_SAKKE],[test "x$ENABLED_SAKKE" = "xyes" || test "x$ENABLED AM_CONDITIONAL([BUILD_MEMORY],[test "x$ENABLED_MEMORY" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_RSA],[test "x$ENABLED_RSA" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_DH],[test "x$ENABLED_DH" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"]) -AM_CONDITIONAL([BUILD_ASN],[test "x$ENABLED_ASN" != "xno" || test "x$ENABLED_USERSETTINGS" = "xyes"]) +AM_CONDITIONAL([BUILD_ASN],[test "x$ENABLED_ASN" != "xno" || test "x$ENABLED_RSA" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_AES],[test "x$ENABLED_AES" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_CODING],[test "x$ENABLED_CODING" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) AM_CONDITIONAL([BUILD_RC4],[test "x$ENABLED_ARC4" = "xyes" || test "x$ENABLED_USERSETTINGS" = "xyes"]) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 2ddcbb17d0..46ab68d0b6 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -96,12 +96,20 @@ ASN Options: * WC_ASN_HASH_SHA256: Force use of SHA2-256 for the internal hash ID calcs. */ +#include +#ifndef NO_RSA + #include + #if defined(WOLFSSL_XILINX_CRYPT) || defined(WOLFSSL_CRYPTOCELL) + extern int wc_InitRsaHw(RsaKey* key); + #endif +#endif + #ifndef NO_ASN + #include #include #include #include -#include #include #include #include @@ -168,13 +176,6 @@ ASN Options: #include #endif -#ifndef NO_RSA - #include -#if defined(WOLFSSL_XILINX_CRYPT) || defined(WOLFSSL_CRYPTOCELL) -extern int wc_InitRsaHw(RsaKey* key); -#endif -#endif - #ifndef NO_DSA #include #else @@ -9518,56 +9519,6 @@ int wc_RsaPublicKeyDecode(const byte* input, word32* inOutIdx, RsaKey* key, return ret; } - -/* import RSA public key elements (n, e) into RsaKey structure (key) */ -int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz, const byte* e, - word32 eSz, RsaKey* key) -{ - if (n == NULL || e == NULL || key == NULL) - return BAD_FUNC_ARG; - - key->type = RSA_PUBLIC; - - if (mp_init(&key->n) != MP_OKAY) - return MP_INIT_E; - - if (mp_read_unsigned_bin(&key->n, n, nSz) != 0) { - mp_clear(&key->n); - return ASN_GETINT_E; - } -#ifdef HAVE_WOLF_BIGINT - if ((int)nSz > 0 && wc_bigint_from_unsigned_bin(&key->n.raw, n, nSz) != 0) { - mp_clear(&key->n); - return ASN_GETINT_E; - } -#endif /* HAVE_WOLF_BIGINT */ - - if (mp_init(&key->e) != MP_OKAY) { - mp_clear(&key->n); - return MP_INIT_E; - } - - if (mp_read_unsigned_bin(&key->e, e, eSz) != 0) { - mp_clear(&key->n); - mp_clear(&key->e); - return ASN_GETINT_E; - } -#ifdef HAVE_WOLF_BIGINT - if ((int)eSz > 0 && wc_bigint_from_unsigned_bin(&key->e.raw, e, eSz) != 0) { - mp_clear(&key->n); - mp_clear(&key->e); - return ASN_GETINT_E; - } -#endif /* HAVE_WOLF_BIGINT */ - -#ifdef WOLFSSL_XILINX_CRYPT - if (wc_InitRsaHw(key) != 0) { - return BAD_STATE_E; - } -#endif - - return 0; -} #endif /* HAVE_USER_RSA */ #endif /* !NO_RSA */ @@ -37022,6 +36973,62 @@ int wc_MIME_free_hdrs(MimeHdr* head) #endif /* !NO_ASN */ +/* Functions that parse, but are not using ASN.1 */ +#if !defined(NO_RSA) && !defined(HAVE_USER_RSA) && \ + (!defined(NO_BIG_INT) || defined(WOLFSSL_SP_MATH)) +/* import RSA public key elements (n, e) into RsaKey structure (key) */ +/* this function does not use any ASN.1 parsing */ +int wc_RsaPublicKeyDecodeRaw(const byte* n, word32 nSz, const byte* e, + word32 eSz, RsaKey* key) +{ + if (n == NULL || e == NULL || key == NULL) + return BAD_FUNC_ARG; + + key->type = RSA_PUBLIC; + + if (mp_init(&key->n) != MP_OKAY) + return MP_INIT_E; + + if (mp_read_unsigned_bin(&key->n, n, nSz) != 0) { + mp_clear(&key->n); + return ASN_GETINT_E; + } +#ifdef HAVE_WOLF_BIGINT + if ((int)nSz > 0 && wc_bigint_from_unsigned_bin(&key->n.raw, n, nSz) != 0) { + mp_clear(&key->n); + return ASN_GETINT_E; + } +#endif /* HAVE_WOLF_BIGINT */ + + if (mp_init(&key->e) != MP_OKAY) { + mp_clear(&key->n); + return MP_INIT_E; + } + + if (mp_read_unsigned_bin(&key->e, e, eSz) != 0) { + mp_clear(&key->n); + mp_clear(&key->e); + return ASN_GETINT_E; + } +#ifdef HAVE_WOLF_BIGINT + if ((int)eSz > 0 && wc_bigint_from_unsigned_bin(&key->e.raw, e, eSz) != 0) { + mp_clear(&key->n); + mp_clear(&key->e); + return ASN_GETINT_E; + } +#endif /* HAVE_WOLF_BIGINT */ + +#ifdef WOLFSSL_XILINX_CRYPT + if (wc_InitRsaHw(key) != 0) { + return BAD_STATE_E; + } +#endif + + return 0; +} +#endif /* !NO_RSA && !HAVE_USER_RSA && (!NO_BIG_INT || WOLFSSL_SP_MATH) */ + + #ifdef WOLFSSL_SEP diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 3891e9d9d3..dcf2c727bf 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -13301,7 +13301,9 @@ static int random_rng_test(void) if (rng == NULL) return WC_TEST_RET_ENC_ERRNO; + #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB) rng->devId = devId; + #endif ret = _rng_test(rng, WC_TEST_RET_ENC_NC); wc_rng_free(rng);