From 61bda8dbdf31cf9520570e5a1a0b21a2ac7e9e4a Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Mon, 15 Jun 2020 16:52:16 -0700
Subject: [PATCH 1/2] Improvements and cleanups to the sigtests. Updated the
 wolfsigtest.c to support three methods for loading RSA public keys. Added a
 `DEMO_RSA_VERIFY_ONLY` build option to show verify only. Added an example for
 using `wc_SignatureVerifyHash`.

---
 signature/sigtest/eccsiglentest.c |   2 +-
 signature/sigtest/opensigtest.c   |  23 ++-
 signature/sigtest/wolfsigtest.c   | 286 ++++++++++++++++++------------
 3 files changed, 185 insertions(+), 126 deletions(-)

diff --git a/signature/sigtest/eccsiglentest.c b/signature/sigtest/eccsiglentest.c
index 99aad094..db02f22a 100644
--- a/signature/sigtest/eccsiglentest.c
+++ b/signature/sigtest/eccsiglentest.c
@@ -66,7 +66,7 @@ int ecc_sign_verify_test(enum wc_HashType hash_type,
 {
     int ret;
     ecc_key eccKey;
-    RNG rng;
+    WC_RNG rng;
     byte* sigBuf = NULL;
     word32 sigLen;
     byte eccPubKeyBuf[ECC_BUFSIZE], eccPrivKeyBuf[ECC_BUFSIZE];
diff --git a/signature/sigtest/opensigtest.c b/signature/sigtest/opensigtest.c
index e8abc16c..2f8555d4 100644
--- a/signature/sigtest/opensigtest.c
+++ b/signature/sigtest/opensigtest.c
@@ -2,11 +2,11 @@
 #include <string.h>
 #include <stdint.h>
 
-#include <openssl/err.h>      // Error codes
-#include <openssl/evp.h>      // For crypto engine functions
-#include <openssl/pem.h>      // For PEM file access functions
-#include <openssl/rsa.h>      // For RSA functions
-#include <openssl/sha.h>      // For SHA-1 functions
+#include <openssl/err.h> /* Error codes */
+#include <openssl/evp.h> /* For crypto engine functions */
+#include <openssl/pem.h> /* For PEM file access functions */
+#include <openssl/rsa.h> /* For RSA functions */
+#include <openssl/sha.h> /* For SHA-1 functions */
 
 
 /* this is from ./certs/ca-key.pem */
@@ -47,7 +47,7 @@ const char* privPemKey = "-----BEGIN RSA PRIVATE KEY-----\n"
     "R3dAd0UYng3OeT9XMVYJSWe+lFhP9sSr4onj44rABVUsJMBKlwQnmg==\n"
     "-----END RSA PRIVATE KEY-----\n";
 
-uint8_t Digest_given[] = { //44 bytes
+uint8_t Digest_given[] = { /* 44 bytes */
     0x2C,0x05,0x16,0x39,0x9F,0x0C,0x02,0xD0,0xf9,0xba,0x90,0x37,0x0f,0xc1,0x4f,0xcc,
     0x31,0x4b,0x42,0x32,0x00,0x00,0x36,0x30,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x49,
     0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x21,0x00,0x3f,0x19
@@ -106,7 +106,7 @@ int SignVerify_OpenSSL(void)
       BIO * bio;
       if ( (bio = BIO_new_mem_buf((void*)privPemKey, -1)) != NULL )
       {
-         // Create input data (44 bytes)
+         /* Create input data (44 bytes) */
          print_buf("Digest Input Data:", Digest_given, DATA_BLOCK_LEN);
 
          rsa = PEM_read_bio_RSAPrivateKey(bio, &rsa, NULL, NULL);
@@ -117,17 +117,17 @@ int SignVerify_OpenSSL(void)
              printf("OpenSSL error: %s", buffer);
          }
 
-         // Create Digest (20 bytes)
+         /* Create Digest (20 bytes) */
          iRetval = EVP_Digest(&Digest_given[0], DATA_BLOCK_LEN, abDigest, NULL, EVP_sha1(), NULL);
          printf("Digest SHA1 result %d\n", iRetval);
          print_buf("Digest Output 20 Data:", abDigest, sizeof(abDigest));
 
-         // Sign hash (128 bytes)
+         /* Sign hash (128 bytes) */
          iRetval = RSA_sign(NID_sha1, abDigest, sizeof(abDigest), &signedData[0], &iSigLen, rsa);
          printf("RSA Sign result %d\n", iRetval);
          print_buf("OpenSSL Signed data results:", &signedData[0], iSigLen);
 
-         // Verify Signature
+         /* Verify Signature */
          iRetval = RSA_verify(NID_sha1, abDigest, sizeof(abDigest), &signedData[0], SIGNED_LEN, rsa);
          if(iRetval != 1)
          {
@@ -141,7 +141,7 @@ int SignVerify_OpenSSL(void)
          }
 #if 1
          if (iRetval == 0) {
-            // Verify Signature with "expected_signature_results"
+            /* Verify Signature with "expected_signature_results" */
             iRetval = RSA_verify(NID_sha1, abDigest, SHA1_HASH_LEN, &expected_signed_results[0], SIGNED_LEN, rsa);
             if(iRetval != 1)
             {
@@ -165,4 +165,3 @@ int main(int argc, char * argv[])
 {
    return SignVerify_OpenSSL();
 }
-
diff --git a/signature/sigtest/wolfsigtest.c b/signature/sigtest/wolfsigtest.c
index c1dae557..7dd19635 100644
--- a/signature/sigtest/wolfsigtest.c
+++ b/signature/sigtest/wolfsigtest.c
@@ -8,12 +8,10 @@
 #include <wolfssl/wolfcrypt/logging.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/asn.h>
-#include <wolfssl/ssl.h>
+#include "wolfssl/wolfcrypt/rsa.h"
 
-#include "wolfssl/wolfcrypt/rsa.h"      // For RSA functions
-
-/* wolfSSL must be build with WOLFSSL_CERT_EXT defined */
-#ifdef WOLFSSL_CERT_EXT
+/* Set this define to show RSA verify only */
+//#define DEMO_RSA_VERIFY_ONLY
 
 /* this is from ./certs/ca-key.pem */
 const char* pubPemKey  = "-----BEGIN PUBLIC KEY-----\n"
@@ -25,6 +23,30 @@ const char* pubPemKey  = "-----BEGIN PUBLIC KEY-----\n"
     "JtK3b7FaF9c4mQj+k1hv/sMTSQgWC6dNZwBSMWcjTpjtUUUduQTZC+zYKLNLve02\n"
     "eQIDAQAB\n"
     "-----END PUBLIC KEY-----\n";
+
+const byte pubKeyModulus[] = {
+    0x00, 0xbf, 0x0c, 0xca, 0x2d, 0x14, 0xb2, 0x1e, 0x84, 0x42, 0x5b, 0xcd, 0x38, 0x1f, 0x4a,
+    0xf2, 0x4d, 0x75, 0x10, 0xf1, 0xb6, 0x35, 0x9f, 0xdf, 0xca, 0x7d, 0x03, 0x98, 0xd3, 0xac,
+    0xde, 0x03, 0x66, 0xee, 0x2a, 0xf1, 0xd8, 0xb0, 0x7d, 0x6e, 0x07, 0x54, 0x0b, 0x10, 0x98,
+    0x21, 0x4d, 0x80, 0xcb, 0x12, 0x20, 0xe7, 0xcc, 0x4f, 0xde, 0x45, 0x7d, 0xc9, 0x72, 0x77,
+    0x32, 0xea, 0xca, 0x90, 0xbb, 0x69, 0x52, 0x10, 0x03, 0x2f, 0xa8, 0xf3, 0x95, 0xc5, 0xf1,
+    0x8b, 0x62, 0x56, 0x1b, 0xef, 0x67, 0x6f, 0xa4, 0x10, 0x41, 0x95, 0xad, 0x0a, 0x9b, 0xe3,
+    0xa5, 0xc0, 0xb0, 0xd2, 0x70, 0x76, 0x50, 0x30, 0x5b, 0xa8, 0xe8, 0x08, 0x2c, 0x7c, 0xed,
+    0xa7, 0xa2, 0x7a, 0x8d, 0x38, 0x29, 0x1c, 0xac, 0xc7, 0xed, 0xf2, 0x7c, 0x95, 0xb0, 0x95,
+    0x82, 0x7d, 0x49, 0x5c, 0x38, 0xcd, 0x77, 0x25, 0xef, 0xbd, 0x80, 0x75, 0x53, 0x94, 0x3c,
+    0x3d, 0xca, 0x63, 0x5b, 0x9f, 0x15, 0xb5, 0xd3, 0x1d, 0x13, 0x2f, 0x19, 0xd1, 0x3c, 0xdb,
+    0x76, 0x3a, 0xcc, 0xb8, 0x7d, 0xc9, 0xe5, 0xc2, 0xd7, 0xda, 0x40, 0x6f, 0xd8, 0x21, 0xdc,
+    0x73, 0x1b, 0x42, 0x2d, 0x53, 0x9c, 0xfe, 0x1a, 0xfc, 0x7d, 0xab, 0x7a, 0x36, 0x3f, 0x98,
+    0xde, 0x84, 0x7c, 0x05, 0x67, 0xce, 0x6a, 0x14, 0x38, 0x87, 0xa9, 0xf1, 0x8c, 0xb5, 0x68,
+    0xcb, 0x68, 0x7f, 0x71, 0x20, 0x2b, 0xf5, 0xa0, 0x63, 0xf5, 0x56, 0x2f, 0xa3, 0x26, 0xd2,
+    0xb7, 0x6f, 0xb1, 0x5a, 0x17, 0xd7, 0x38, 0x99, 0x08, 0xfe, 0x93, 0x58, 0x6f, 0xfe, 0xc3,
+    0x13, 0x49, 0x08, 0x16, 0x0b, 0xa7, 0x4d, 0x67, 0x00, 0x52, 0x31, 0x67, 0x23, 0x4e, 0x98,
+    0xed, 0x51, 0x45, 0x1d, 0xb9, 0x04, 0xd9, 0x0b, 0xec, 0xd8, 0x28, 0xb3, 0x4b, 0xbd, 0xed,
+    0x36, 0x79
+};
+const byte pubKeyExponent[] = { 0x01, 0x00, 0x01 };
+const long pubKeyExponentLong = 65537; /* 0x10001 */
+
 const char* privPemKey = "-----BEGIN RSA PRIVATE KEY-----\n"
     "MIIEpAIBAAKCAQEAvwzKLRSyHoRCW804H0ryTXUQ8bY1n9/KfQOY06zeA2buKvHY\n"
     "sH1uB1QLEJghTYDLEiDnzE/eRX3Jcncy6sqQu2lSEAMvqPOVxfGLYlYb72dvpBBB\n"
@@ -53,7 +75,7 @@ const char* privPemKey = "-----BEGIN RSA PRIVATE KEY-----\n"
     "R3dAd0UYng3OeT9XMVYJSWe+lFhP9sSr4onj44rABVUsJMBKlwQnmg==\n"
     "-----END RSA PRIVATE KEY-----\n";
 
-uint8_t Digest_given[] = { //44 bytes
+uint8_t Digest_given[] = { /* 44 bytes */
     0x2C,0x05,0x16,0x39,0x9F,0x0C,0x02,0xD0,0xf9,0xba,0x90,0x37,0x0f,0xc1,0x4f,0xcc,
     0x31,0x4b,0x42,0x32,0x00,0x00,0x36,0x30,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x49,
     0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x21,0x00,0x3f,0x19
@@ -101,129 +123,167 @@ static void print_buf(char *str, uint8_t *buf, int blen)
 
 int main(int argc, char** argv)
 {
-   int ret = 0;
-   RNG rng;
-   byte DER_buf[2048]; word32 DER_len = sizeof(DER_buf);
-   byte Sig_buf[SIGNED_LEN]; word32 Sig_len = sizeof(Sig_buf);
-   byte Hash_buf[SHA1_HASH_LEN]; word32 Hash_len = sizeof(Hash_buf);
-   byte Digest_buf[SHA1_HASH_LEN+DATA_BLOCK_LEN]; word32 Digest_len = sizeof(Digest_buf);
-   byte DigestVer_buf[SHA1_HASH_LEN+DATA_BLOCK_LEN]; word32 DigestVer_len = sizeof(DigestVer_buf);
-   word32 inOutIdx=0;
-   RsaKey rsakey;
-   byte pemPublic = 0;
-   enum wc_HashType hash_type = WC_HASH_TYPE_SHA;
-   enum wc_SignatureType sig_type = WC_SIGNATURE_TYPE_RSA_W_ENC;
+    int ret = 0;
+    WC_RNG rng;
+    byte DER_buf[2048]; word32 DER_len = 0;
+    byte Sig_buf[SIGNED_LEN]; word32 Sig_len = sizeof(Sig_buf);
+    byte Hash_buf[SHA1_HASH_LEN]; word32 Hash_len = sizeof(Hash_buf);
+    byte Digest_buf[SHA1_HASH_LEN+DATA_BLOCK_LEN]; word32 Digest_len = sizeof(Digest_buf);
+    byte DigestVer_buf[SHA1_HASH_LEN+DATA_BLOCK_LEN]; word32 DigestVer_len = sizeof(DigestVer_buf);
+    word32 inOutIdx=0;
+    RsaKey rsakey;
+    byte pemPublic = 0;
+    enum wc_HashType hash_type = WC_HASH_TYPE_SHA;
+    enum wc_SignatureType sig_type = WC_SIGNATURE_TYPE_RSA_W_ENC;
 
-   // Create input data (44 bytes)
-   print_buf("Digest Input Data:", Digest_given, DATA_BLOCK_LEN);
+    /* Create input data (44 bytes) */
+    print_buf("Digest Input Data:", Digest_given, DATA_BLOCK_LEN);
 
-   /* Init */
-   wc_InitRng(&rng);
+    /* Init */
+    wc_InitRng(&rng);
 
-   /* Init Rsa Key */
-   wc_InitRsaKey(&rsakey, NULL);
+    /* Init Rsa Key */
+    wc_InitRsaKey(&rsakey, NULL);
 
-   memset(DER_buf, 0, sizeof(DER_buf));
-   ret = wolfSSL_KeyPemToDer((const byte*)privPemKey, strlen(privPemKey), DER_buf, sizeof(DER_buf), NULL);
-   if (ret < 0) {
-       ret = wolfSSL_PubKeyPemToDer((const byte*)pubPemKey, strlen(pubPemKey), DER_buf, sizeof(DER_buf)); /* Needs WOLFSSL_CERT_EXT defined or --enable-certgen --enable-certext  */
-       pemPublic = 1;
-   }
-   printf("DER_len = %d DER_buf:\n", ret);
-   if (ret < 0) goto exit;
-   DER_len = ret;
-   print_buf("DER:", DER_buf, DER_len);
+    XMEMSET(DER_buf, 0, sizeof(DER_buf));
+    
+#ifndef DEMO_RSA_VERIFY_ONLY
+    ret = wc_KeyPemToDer((const byte*)privPemKey, strlen(privPemKey), 
+        DER_buf, sizeof(DER_buf), NULL);
+    if (ret < 0)
+#endif
+    {
+        pemPublic = 1;
 
-   // PEM key selection
-   if (!pemPublic) {
-       ret = wc_RsaPrivateKeyDecode(DER_buf, &inOutIdx, &rsakey, DER_len);
-   }
-   else {
-       ret = wc_RsaPublicKeyDecode(DER_buf, &inOutIdx, &rsakey, DER_len);
-   }
-   printf("decode %s key =%d\n", pemPublic ? "public" : "private", ret);
+#ifdef WOLFSSL_CERT_EXT
+        /* Needs WOLFSSL_CERT_EXT defined or --enable-certgen --enable-certext  */
+        ret = wc_PubKeyPemToDer((const byte*)pubPemKey, strlen(pubPemKey), 
+            DER_buf, sizeof(DER_buf));
+#else
+        ret = 0; /* NOT_COMPILED_IN */
+#endif
+    }
+    if (ret >= 0) {
+        DER_len = ret;
+    }
+    printf("Key Pem to Der ret %d\n", ret);
 
-   /* Get signature length and allocate buffer */
-   ret = wc_SignatureGetSize(sig_type, &rsakey, sizeof(rsakey));
-   printf("Sig Len: %d\n", ret);
-   if (ret < 0) goto exit;
-   Sig_len = ret;
+    if (ret < 0) goto exit;
+    if (DER_len > 0) {
+        printf("DER_len = %d DER_buf:\n", DER_len);
+        print_buf("DER:", DER_buf, DER_len);
+    }
 
-   /* Get Hash length */
-   ret = wc_HashGetDigestSize(hash_type);
-   printf("Hash Digest Len: %d\n", ret);
-   if (ret < 0) goto exit;
-   Hash_len = ret;
+    /* PEM key selection */
+    if (!pemPublic) {
+        ret = wc_RsaPrivateKeyDecode(DER_buf, &inOutIdx, &rsakey, DER_len);
+    }
+    else {
+        /* Three Examples for loading an RSA public key */
 
-   /* Hash digest with SHA1 */
-   ret = wc_Hash(hash_type, Digest_given, sizeof(Digest_given), Hash_buf, Hash_len);
-   printf("Digest SHA1 Hash: %d\n", ret);
-   if (ret < 0) goto exit;
-   print_buf("Digest Output 20 Data:", Hash_buf, Hash_len);
+        /* 1. Decode DER key */
+        if (DER_len > 0) {
+            ret = wc_RsaPublicKeyDecode(DER_buf, &inOutIdx, &rsakey, DER_len);
+        }
+        else {
+        #if 1
+            /* 2. Decode Raw: Example for loading RSA public key with modulus and exponenet only */
+            ret = wc_RsaPublicKeyDecodeRaw(pubKeyModulus, sizeof(pubKeyModulus), 
+                pubKeyExponent, sizeof(pubKeyExponent), &rsakey);
+        #else
+            /* 3. Manual Math: Manually setting with math API's */
+            ret = mp_set_int(&rsakey.e, pubKeyExponentLong);
+            if (ret == 0) {
+                ret = mp_read_unsigned_bin(&rsakey.n, pubKeyModulus, 
+                    sizeof(pubKeyModulus));
+            }
+        #endif
+        }
+    }
+    printf("decode %s key =%d\n", pemPublic ? "public" : "private", ret);
 
-   /* Add ASN digest info header */
-   ret = wc_EncodeSignature(Digest_buf, Hash_buf, Hash_len, SHAh);
-   printf("Digest Header: %d\n", ret);
-   if (ret <= 0) goto exit;
-   Digest_len = ret;
-   print_buf("Signed data results:", Digest_buf, Digest_len);
+    /* Get signature length and allocate buffer */
+    ret = wc_SignatureGetSize(sig_type, &rsakey, sizeof(rsakey));
+    printf("Sig Len: %d\n", ret);
+    if (ret < 0) goto exit;
+    Sig_len = ret;
 
-   if (!pemPublic) {
-       /* Perform hash and sign to create signature */
-       ret = wc_RsaSSL_Sign(Digest_buf, Digest_len, Sig_buf, Sig_len, &rsakey, &rng);
-       printf("RSA Sign Result: %d\n", ret);
-       if (ret < 0) goto exit;
-       Sig_len = ret;
+    /* Get Hash length */
+    ret = wc_HashGetDigestSize(hash_type);
+    printf("Hash Digest Len: %d\n", ret);
+    if (ret < 0) goto exit;
+    Hash_len = ret;
 
-       print_buf("RSA Sign Data:", Sig_buf, Sig_len);
+    /* Hash digest with SHA1 */
+    ret = wc_Hash(hash_type, Digest_given, sizeof(Digest_given), Hash_buf, Hash_len);
+    printf("Digest SHA1 Hash: %d\n", ret);
+    if (ret < 0) goto exit;
+    print_buf("Digest Output 20 Data:", Hash_buf, Hash_len);
 
-       ret = wc_SignatureGenerate(hash_type, sig_type, Digest_given, sizeof(Digest_given), Sig_buf, &Sig_len, &rsakey, sizeof(rsakey), &rng);
-       printf("Sig Generation: ret %d, Sig_len=%d\n", ret, Sig_len);
-       print_buf("Sign Data:", Sig_buf, Sig_len);
-   }
-   else {
-       /* Use digest for RSA verify */
-       ret = wc_RsaSSL_Verify(Sig_buf, Sig_len, DigestVer_buf, DigestVer_len, &rsakey);
-       if (ret != Digest_len || XMEMCMP(DigestVer_buf, Digest_buf, Digest_len) != 0) {
+    /* Add ASN digest info header */
+    ret = wc_EncodeSignature(Digest_buf, Hash_buf, Hash_len, SHAh);
+    printf("Digest Header: %d\n", ret);
+    if (ret <= 0) goto exit;
+    Digest_len = ret;
+    print_buf("Signed data results:", Digest_buf, Digest_len);
+
+    if (!pemPublic) {
+        /* Perform hash and sign to create signature */
+        ret = wc_RsaSSL_Sign(Digest_buf, Digest_len, Sig_buf, Sig_len, &rsakey, &rng);
+        printf("RSA Sign Result: %d\n", ret);
+        if (ret < 0) goto exit;
+        Sig_len = ret;
+
+        print_buf("RSA Sign Data:", Sig_buf, Sig_len);
+
+        ret = wc_SignatureGenerate(hash_type, sig_type, 
+            Digest_given, sizeof(Digest_given),
+            Sig_buf, &Sig_len,
+            &rsakey, sizeof(rsakey), &rng);
+        printf("Sig Generation: ret %d, Sig_len=%d\n", ret, Sig_len);
+        print_buf("Sign Data:", Sig_buf, Sig_len);
+
+        /* Verify against expected signature */
+        print_buf("Expected Signature:", expected_signed_results, sizeof(expected_signed_results));
+        if (XMEMCMP(Sig_buf, expected_signed_results, Sig_len) == 0) {
+            printf("Signatures match!\n");
+        }
+        else {
+            printf("Signature invalid!\n");
+        }
+    }
+    else {
+        /* Use digest for RSA verify */
+        ret = wc_RsaSSL_Verify(expected_signed_results, sizeof(expected_signed_results), 
+            DigestVer_buf, DigestVer_len, &rsakey);
+        if (ret != Digest_len || XMEMCMP(DigestVer_buf, Digest_buf, Digest_len) != 0) {
             printf("RSA Verify Failed! %d\n", ret);
-       }
-       else {
-           printf("RSA Verify Success!\n");
-           ret = 0;
-       }
-       print_buf("Ecpected Verify Data:", DigestVer_buf, DigestVer_len);
-       print_buf("RSA Verify Data:", Digest_buf, Digest_len);
+        }
+        else {
+            printf("RSA Verify Success!\n");
+            ret = 0;
+        }
+        print_buf("Expected Verify Data:", DigestVer_buf, DigestVer_len);
+        print_buf("RSA Verify Data:", Digest_buf, Digest_len);
 
-       if (ret == 0) {
-           ret = wc_SignatureVerify(hash_type, sig_type, Digest_given, sizeof(Digest_given), Sig_buf, Sig_len, &rsakey, sizeof(rsakey));
-           printf("Sig Verification: %s (%d)\n", (ret == wc_HashGetDigestSize(hash_type)) ? "Pass" : "Fail", ret);
-           print_buf("Sig Verify Data:", Digest_buf, Digest_len);
-       }
-   }
+        if (ret == 0) {
+            ret = wc_SignatureVerify(hash_type, sig_type, 
+                Digest_given, sizeof(Digest_given),
+                expected_signed_results, sizeof(expected_signed_results),
+                &rsakey, sizeof(rsakey));
+            printf("Sig Verify: %s (%d)\n", (ret == 0) ? "Pass" : "Fail", ret);
 
-   /* Verify against expected signature */
-   print_buf("Expected Signature:", expected_signed_results, sizeof(expected_signed_results));
-   if (memcmp(Sig_buf, expected_signed_results, Sig_len) == 0) {
-       printf("Signatures match!\n");
-   }
-   else {
-       printf("Signature invalid!\n");
-   }
+            /* Example for validating hash directly */
+            ret = wc_SignatureVerifyHash(hash_type, sig_type, 
+                Digest_buf, Digest_len,
+                expected_signed_results, sizeof(expected_signed_results),
+                &rsakey, sizeof(rsakey));
+            printf("Sig Verify Hash: %s (%d)\n", (ret == 0) ? "Pass" : "Fail", ret);
+        }
+    }
 
 exit:
-   wc_FreeRsaKey(&rsakey);
-   wc_FreeRng(&rng);
-   return 0;
-}
-
-#else
-
-int main(int argc, char** argv)
-{
-    (void)argc;
-    (void)argv;
-    printf("Error wolfSSL must be build with WOLFSSL_CERT_EXT enable ./configure --enable-certgen --enable-certext\n");
+    wc_FreeRsaKey(&rsakey);
+    wc_FreeRng(&rng);
     return 0;
 }
-
-#endif /* WOLFSSL_CERT_EXT */

From 4d3763952c2c181a32a9d5bc777fee1e14e2228f Mon Sep 17 00:00:00 2001
From: Eric Blankenhorn <eric@wolfssl.com>
Date: Tue, 16 Jun 2020 16:06:51 -0500
Subject: [PATCH 2/2] Fix make order and types with Linux

---
 signature/signature.c           | 4 ++--
 signature/sigtest/Makefile      | 6 +++---
 signature/sigtest/wolfsigtest.c | 8 ++++----
 3 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/signature/signature.c b/signature/signature.c
index b5a15a6b..3d8a09f2 100644
--- a/signature/signature.c
+++ b/signature/signature.c
@@ -57,7 +57,7 @@ int ecc_sign_verify_test(enum wc_HashType hash_type, enum wc_SignatureType sig_t
 {
     int ret;
     ecc_key eccKey;
-    RNG rng;
+    WC_RNG rng;
     byte* sigBuf = NULL;
     word32 sigLen;
     byte eccPubKeyBuf[ECC_BUFSIZE], eccPrivKeyBuf[ECC_BUFSIZE];
@@ -202,7 +202,7 @@ int rsa_sign_verify_test(enum wc_HashType hash_type, enum wc_SignatureType sig_t
 {
     int ret;
     RsaKey rsaKey;
-    RNG rng;
+    WC_RNG rng;
     byte *sigBuf = NULL;
     word32 sigLen;
 #ifdef WOLFSSL_KEY_GEN
diff --git a/signature/sigtest/Makefile b/signature/sigtest/Makefile
index 5deb3ad3..a97f8862 100644
--- a/signature/sigtest/Makefile
+++ b/signature/sigtest/Makefile
@@ -12,15 +12,15 @@ all:wolfsigtest opensigtest eccsiglentest
 
 opensigtest:CFLAGS+=$(OPENSSL_FLAGS)
 opensigtest:opensigtest.o
-	$(CC) -o $@ $(LIBS) $(OPENSSL_LIB) $^ $(CFLAGS)
+	$(CC) -o $@ $(LIBS) $^ $(CFLAGS) $(OPENSSL_LIB) 
 
 wolfsigtest:CFLAGS+=$(WOLFSSL_FLAGS)
 wolfsigtest:wolfsigtest.o
-	$(CC) -o $@ $(LIBS) $(WOLFSSL_LIB) $^ $(CFLAGS)
+	$(CC) -o $@ $(LIBS) $^ $(CFLAGS) $(WOLFSSL_LIB) 
 
 eccsiglentest:CFLAGS+=$(WOLFSSL_FLAGS)
 eccsiglentest:eccsiglentest.o
-	$(CC) -o $@ $(LIBS) $(WOLFSSL_LIB) $^ $(CFLAGS)
+	$(CC) -o $@ $(LIBS) $^ $(CFLAGS) $(WOLFSSL_LIB)
 
 .PHONY: clean all
 
diff --git a/signature/sigtest/wolfsigtest.c b/signature/sigtest/wolfsigtest.c
index 7dd19635..4055f2f8 100644
--- a/signature/sigtest/wolfsigtest.c
+++ b/signature/sigtest/wolfsigtest.c
@@ -8,7 +8,7 @@
 #include <wolfssl/wolfcrypt/logging.h>
 #include <wolfssl/wolfcrypt/error-crypt.h>
 #include <wolfssl/wolfcrypt/asn.h>
-#include "wolfssl/wolfcrypt/rsa.h"
+#include <wolfssl/wolfcrypt/rsa.h>
 
 /* Set this define to show RSA verify only */
 //#define DEMO_RSA_VERIFY_ONLY
@@ -75,13 +75,13 @@ const char* privPemKey = "-----BEGIN RSA PRIVATE KEY-----\n"
     "R3dAd0UYng3OeT9XMVYJSWe+lFhP9sSr4onj44rABVUsJMBKlwQnmg==\n"
     "-----END RSA PRIVATE KEY-----\n";
 
-uint8_t Digest_given[] = { /* 44 bytes */
+byte Digest_given[] = { /* 44 bytes */
     0x2C,0x05,0x16,0x39,0x9F,0x0C,0x02,0xD0,0xf9,0xba,0x90,0x37,0x0f,0xc1,0x4f,0xcc,
     0x31,0x4b,0x42,0x32,0x00,0x00,0x36,0x30,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x49,
     0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x21,0x00,0x3f,0x19
 };
 
-uint8_t expected_signed_results[] = {
+byte expected_signed_results[] = {
     0x15,0xEB,0xE3,0x5A,0xA7,0x82,0x97,0x7C,0x3E,0x6D,0x3E,0x30,0xFB,0x3D,0x01,0x2C,
     0x71,0x3A,0x47,0x84,0x2B,0xB4,0x99,0x35,0xA3,0x2E,0x91,0xE4,0xF0,0x77,0x29,0x8A,
     0x63,0x51,0x33,0xB0,0x4F,0xBE,0x92,0xDB,0x17,0x3B,0xD6,0x3E,0x45,0x06,0x4E,0xAB,
@@ -104,7 +104,7 @@ uint8_t expected_signed_results[] = {
 #define DATA_BLOCK_LEN 44
 #define SIGNED_LEN     256
 
-static void print_buf(char *str, uint8_t *buf, int blen)
+static void print_buf(char *str, byte *buf, int blen)
 {
    int i, j;