add cryptoCbSWFallback byte field #7079

jpbland1 · 2023-12-18T18:08:15Z

Description

add cryptoCbSWFallback byte field to mark when sotware fallback was used, fix ssl using software fallback even when WOLF_CRYPTO_CB_ONLY_RSA or WOLF_CRYPTO_CB_ONLY_ECC are defined

Testing

Tested with internal cryptocb project

Checklist

added tests
updated/added doxygen
updated appropriate READMEs
Updated manual and documentation

sotware fallback was used, fix ssl using software fallback even when WOLF_CRYPTO_CB_ONLY_RSA or WOLF_CRYPTO_CB_ONLY_ECC are defined

dgarske · 2024-01-16T23:35:03Z

src/ssl.c

@@ -9116,12 +9116,20 @@ static int check_cert_key(DerBuffer* cert, DerBuffer* key, void* heap,
 ) {
 ret = wc_CryptoCb_RsaCheckPrivKey((RsaKey*)pkey,
 der->publicKey, der->pubKeySize);
+ #ifndef WOLF_CRYPTO_CB_ONLY_RSA
+ /* mark that fallback was used so the user can act accordingly */
+ ((RsaKey*)pkey)->cryptoCbSWFallback = 1;


Don't you need to check the value of ret to determine if fallback will be used?

dgarske · 2024-01-16T23:35:31Z

src/ssl.c

 }
 #endif
 #ifdef HAVE_ECC
 if (der->keyOID == ECDSAk) {
 ret = wc_CryptoCb_EccCheckPrivKey((ecc_key*)pkey,
 der->publicKey, der->pubKeySize);
+ #ifndef WOLF_CRYPTO_CB_ONLY_ECC
+ /* mark that fallback was used so the user can act accordingly */
+ ((ecc_key*)pkey)->cryptoCbSWFallback = 1;


Don't you need to check the value of ret to determine if fallback will be used?

dgarske · 2024-01-16T23:35:57Z

src/ssl.c

- if (ret == CRYPTOCB_UNAVAILABLE)
+ if (
+ ret == CRYPTOCB_UNAVAILABLE
+#if !defined(NO_RSA) && defined(WOLF_CRYPTO_CB_ONLY_RSA)


Add indentation here, so its easier to read

dgarske · 2024-01-16T23:36:44Z

wolfcrypt/src/ecc.c

@@ -5521,9 +5525,11 @@ static int _ecc_make_key_ex(WC_RNG* rng, int keysize, ecc_key* key,
 #ifndef WOLF_CRYPTO_CB_ONLY_ECC
 if (err != CRYPTOCB_UNAVAILABLE)
 return err;
+ /* mark that fallback was used so the user can act accordingly */


else not needed here

dgarske · 2024-01-16T23:36:53Z

wolfcrypt/src/ecc.c

@@ -6554,9 +6560,11 @@ int wc_ecc_sign_hash(const byte* in, word32 inlen, byte* out, word32 *outlen,
 #ifndef WOLF_CRYPTO_CB_ONLY_ECC
 if (err != CRYPTOCB_UNAVAILABLE)
 return err;
+ /* mark that fallback was used so the user can act accordingly */
+ else


else not needed

dgarske · 2024-01-16T23:36:58Z

wolfcrypt/src/ecc.c

@@ -8280,9 +8288,11 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
 #ifndef WOLF_CRYPTO_CB_ONLY_ECC
 if (err != CRYPTOCB_UNAVAILABLE)
 return err;
+ /* mark that fallback was used so the user can act accordingly */
+ else


else not needed

dgarske · 2024-01-16T23:37:12Z

wolfcrypt/src/rsa.c

@@ -3127,9 +3127,11 @@ static int wc_RsaFunction_ex(const byte* in, word32 inLen, byte* out,
 #ifndef WOLF_CRYPTO_CB_ONLY_RSA
 if (ret != CRYPTOCB_UNAVAILABLE)
 return ret;
+ /* mark that fallback was used so the user can act accordingly */
+ else


same. else not needed

dgarske · 2024-01-16T23:37:16Z

wolfcrypt/src/rsa.c

@@ -4759,9 +4761,11 @@ int wc_MakeRsaKey(RsaKey* key, int size, long e, WC_RNG* rng)
 #ifndef WOLF_CRYPTO_CB_ONLY_RSA
 if (err != CRYPTOCB_UNAVAILABLE)
 goto out;
+ /* mark that fallback was used so the user can act accordingly */
+ else


same. else not needed

dgarske · 2024-01-16T23:38:51Z

wolfssl/wolfcrypt/aes.h

@@ -284,6 +284,7 @@ struct Aes {
 #ifdef WOLF_CRYPTO_CB
 int devId;
 void* devCtx;
+ byte cryptoCbSWFallback;


Please use bit-field byte cryptoCbSWFallback : 1;. Maybe use diff name like cbUsedSw?

jpbland1 marked this pull request as ready for review December 18, 2023 18:08

jpbland1 requested a review from dgarske December 18, 2023 18:08

jpbland1 assigned jpbland1, dgarske and wolfSSL-Bot and unassigned dgarske Dec 18, 2023

jpbland1 requested review from wolfSSL-Bot and removed request for dgarske December 18, 2023 18:16

add cryptoCbSWFallback byte field to mark when

00f4820

sotware fallback was used, fix ssl using software fallback even when WOLF_CRYPTO_CB_ONLY_RSA or WOLF_CRYPTO_CB_ONLY_ECC are defined

jpbland1 force-pushed the software-fallback-warning branch from 710ab41 to 00f4820 Compare December 28, 2023 18:13

dgarske requested changes Jan 16, 2024

View reviewed changes

dgarske unassigned wolfSSL-Bot Jan 16, 2024

dgarske removed the request for review from wolfSSL-Bot January 16, 2024 23:39

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

add cryptoCbSWFallback byte field #7079

add cryptoCbSWFallback byte field #7079

jpbland1 commented Dec 18, 2023

dgarske Jan 16, 2024

dgarske Jan 16, 2024

dgarske Jan 16, 2024

dgarske Jan 16, 2024

dgarske Jan 16, 2024

dgarske Jan 16, 2024

dgarske Jan 16, 2024

dgarske Jan 16, 2024

dgarske Jan 16, 2024

add cryptoCbSWFallback byte field #7079

Are you sure you want to change the base?

add cryptoCbSWFallback byte field #7079

Conversation

jpbland1 commented Dec 18, 2023

Description

Testing

Checklist

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment

Choose a reason for hiding this comment