-
Notifications
You must be signed in to change notification settings - Fork 792
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add cryptoCbSWFallback byte field #7079
base: master
Are you sure you want to change the base?
Conversation
sotware fallback was used, fix ssl using software fallback even when WOLF_CRYPTO_CB_ONLY_RSA or WOLF_CRYPTO_CB_ONLY_ECC are defined
710ab41
to
00f4820
Compare
@@ -9116,12 +9116,20 @@ static int check_cert_key(DerBuffer* cert, DerBuffer* key, void* heap, | |||
) { | |||
ret = wc_CryptoCb_RsaCheckPrivKey((RsaKey*)pkey, | |||
der->publicKey, der->pubKeySize); | |||
#ifndef WOLF_CRYPTO_CB_ONLY_RSA | |||
/* mark that fallback was used so the user can act accordingly */ | |||
((RsaKey*)pkey)->cryptoCbSWFallback = 1; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Don't you need to check the value of ret
to determine if fallback will be used?
} | ||
#endif | ||
#ifdef HAVE_ECC | ||
if (der->keyOID == ECDSAk) { | ||
ret = wc_CryptoCb_EccCheckPrivKey((ecc_key*)pkey, | ||
der->publicKey, der->pubKeySize); | ||
#ifndef WOLF_CRYPTO_CB_ONLY_ECC | ||
/* mark that fallback was used so the user can act accordingly */ | ||
((ecc_key*)pkey)->cryptoCbSWFallback = 1; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Don't you need to check the value of ret
to determine if fallback will be used?
if (ret == CRYPTOCB_UNAVAILABLE) | ||
if ( | ||
ret == CRYPTOCB_UNAVAILABLE | ||
#if !defined(NO_RSA) && defined(WOLF_CRYPTO_CB_ONLY_RSA) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Add indentation here, so its easier to read
@@ -5521,9 +5525,11 @@ static int _ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key, | |||
#ifndef WOLF_CRYPTO_CB_ONLY_ECC | |||
if (err != CRYPTOCB_UNAVAILABLE) | |||
return err; | |||
/* mark that fallback was used so the user can act accordingly */ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
else
not needed here
@@ -6554,9 +6560,11 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen, | |||
#ifndef WOLF_CRYPTO_CB_ONLY_ECC | |||
if (err != CRYPTOCB_UNAVAILABLE) | |||
return err; | |||
/* mark that fallback was used so the user can act accordingly */ | |||
else |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
else not needed
@@ -8280,9 +8288,11 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash, | |||
#ifndef WOLF_CRYPTO_CB_ONLY_ECC | |||
if (err != CRYPTOCB_UNAVAILABLE) | |||
return err; | |||
/* mark that fallback was used so the user can act accordingly */ | |||
else |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
else not needed
@@ -3127,9 +3127,11 @@ static int wc_RsaFunction_ex(const byte* in, word32 inLen, byte* out, | |||
#ifndef WOLF_CRYPTO_CB_ONLY_RSA | |||
if (ret != CRYPTOCB_UNAVAILABLE) | |||
return ret; | |||
/* mark that fallback was used so the user can act accordingly */ | |||
else |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
same. else not needed
@@ -4759,9 +4761,11 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng) | |||
#ifndef WOLF_CRYPTO_CB_ONLY_RSA | |||
if (err != CRYPTOCB_UNAVAILABLE) | |||
goto out; | |||
/* mark that fallback was used so the user can act accordingly */ | |||
else |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
same. else not needed
@@ -284,6 +284,7 @@ struct Aes { | |||
#ifdef WOLF_CRYPTO_CB | |||
int devId; | |||
void* devCtx; | |||
byte cryptoCbSWFallback; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please use bit-field byte cryptoCbSWFallback : 1;
. Maybe use diff name like cbUsedSw
?
Description
add cryptoCbSWFallback byte field to mark when sotware fallback was used, fix ssl using software fallback even when WOLF_CRYPTO_CB_ONLY_RSA or WOLF_CRYPTO_CB_ONLY_ECC are defined
Testing
Tested with internal cryptocb project
Checklist