From 1b90d4fad27df163800b9c99519973dafb04e82a Mon Sep 17 00:00:00 2001 From: Tim Weller Date: Wed, 7 Sep 2022 14:23:22 -0700 Subject: [PATCH] Configuration consistency fixes and addition of new config option to disable private key Add way to disable private keys in wolfcrypt (settings). Make RSA integer usage match structure configuration. --- wolfcrypt/src/asn.c | 4 +++- wolfssl/wolfcrypt/asn.h | 6 ++++++ wolfssl/wolfcrypt/settings.h | 13 ++++++------- 3 files changed, 15 insertions(+), 8 deletions(-) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 3e8aeb349..6cae38aa4 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -6309,14 +6309,16 @@ static int DecodeRsaPssParams(const byte* params, word32 sz, size_t rsaIntOffset[] = { OFFSETOF(RsaKey, n), OFFSETOF(RsaKey, e), -#if !defined(WOLFSSL_RSA_PUBLIC_ONLY) || defined(WOLFSSL_KEY_GEN) +#ifndef WOLFSSL_RSA_PUBLIC_ONLY OFFSETOF(RsaKey, d), OFFSETOF(RsaKey, p), OFFSETOF(RsaKey, q), +#if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || !defined(RSA_LOW_MEM) OFFSETOF(RsaKey, dP), OFFSETOF(RsaKey, dQ), OFFSETOF(RsaKey, u) #endif +#endif }; /* Get a number from the RSA key based on an index. diff --git a/wolfssl/wolfcrypt/asn.h b/wolfssl/wolfcrypt/asn.h index 0380cf2b1..b2a000751 100644 --- a/wolfssl/wolfcrypt/asn.h +++ b/wolfssl/wolfcrypt/asn.h @@ -878,7 +878,13 @@ enum Misc_ASN { #else KEYID_SIZE = WC_SHA_DIGEST_SIZE, #endif +#if !defined(WOLFSSL_RSA_PUBLIC_ONLY) && (defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || !defined(RSA_LOW_MEM)) RSA_INTS = 8, /* RSA ints in private key */ +#elif !defined(WOLFSSL_RSA_PUBLIC_ONLY) + RSA_INTS = 5, /* RSA ints in private key */ +#else + RSA_INTS = 2, /* RSA ints in private key */ +#endif DSA_PARAM_INTS = 3, /* DSA paramater ints */ RSA_PUB_INTS = 2, /* RSA ints in public key */ DSA_PUB_INTS = 4, /* DSA ints in public key */ diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h index 2a92b9178..31a185676 100644 --- a/wolfssl/wolfcrypt/settings.h +++ b/wolfssl/wolfcrypt/settings.h @@ -2752,15 +2752,14 @@ extern void uITRON4_free(void *p) ; /* Are we using an external private key store like: * PKCS11 / HSM / crypto callback / PK callback */ -#if !defined(WOLF_PRIVATE_KEY_ID) && \ - (defined(HAVE_PKCS11) || defined(HAVE_PK_CALLBACKS) || \ - defined(WOLF_CRYPTO_CB) || defined(WOLFSSL_KCAPI)) - /* Enables support for using wolfSSL_CTX_use_PrivateKey_Id and - * wolfSSL_CTX_use_PrivateKey_Label */ - #define WOLF_PRIVATE_KEY_ID +#if !defined(WOLF_PRIVATE_KEY_ID) && !defined(NO_WOLF_PRIVATE_KEY_ID) && \ + (defined(HAVE_PKCS11) || defined(HAVE_PK_CALLBACKS) || \ + defined(WOLF_CRYPTO_CB) || defined(WOLFSSL_KCAPI)) + /* Enables support for using wolfSSL_CTX_use_PrivateKey_Id and + * wolfSSL_CTX_use_PrivateKey_Label */ + #define WOLF_PRIVATE_KEY_ID #endif - /* With titan cache size there is too many sessions to fit with the default * multiplier of 8 */ #if defined(TITAN_SESSION_CACHE) && !defined(NO_SESSION_CACHE_REF)