diff --git a/ChangeLog b/ChangeLog index 7f83767c1..06e9182d3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,9 +8,10 @@ Features Camellia, DES, 3-DES, RSA PKCS#1, XTEA, Diffie-Hellman and X509parse. -Major Changes +Changes * Error codes are not (necessarily) negative anymore. Keep - this is mind when writing code. + this is mind when checking for errors. + * RSA_RAW renamed to SIG_RSA_RAW for consistency. Bug fixes * Fixed HMAC-MD2 by modifying md2_starts(), so that the diff --git a/include/polarssl/rsa.h b/include/polarssl/rsa.h index c2cd1212c..c272cc7b4 100644 --- a/include/polarssl/rsa.h +++ b/include/polarssl/rsa.h @@ -36,11 +36,10 @@ /* * PKCS#1 constants */ -#define RSA_RAW 0 - -#define SIG_RSA_MD2 2 -#define SIG_RSA_MD4 3 -#define SIG_RSA_MD5 4 +#define SIG_RSA_RAW 0 +#define SIG_RSA_MD2 2 +#define SIG_RSA_MD4 3 +#define SIG_RSA_MD5 4 #define SIG_RSA_SHA1 5 #define SIG_RSA_SHA224 14 #define SIG_RSA_SHA256 11 @@ -282,8 +281,8 @@ int rsa_pkcs1_decrypt( rsa_context *ctx, * * \param ctx RSA context * \param mode RSA_PUBLIC or RSA_PRIVATE - * \param hash_id RSA_RAW, SIG_RSA_MD{2,4,5} or SIG_RSA_SHA{1,224,256,384,512} - * \param hashlen message digest length (for RSA_RAW only) + * \param hash_id SIG_RSA_RAW, SIG_RSA_MD{2,4,5} or SIG_RSA_SHA{1,224,256,384,512} + * \param hashlen message digest length (for SIG_RSA_RAW only) * \param hash buffer holding the message digest * \param sig buffer that will hold the ciphertext * @@ -305,8 +304,8 @@ int rsa_pkcs1_sign( rsa_context *ctx, * * \param ctx points to an RSA public key * \param mode RSA_PUBLIC or RSA_PRIVATE - * \param hash_id RSA_RAW, RSA_MD{2,4,5} or RSA_SHA{1,256} - * \param hashlen message digest length (for RSA_RAW only) + * \param hash_id SIG_RSA_RAW, RSA_MD{2,4,5} or RSA_SHA{1,256} + * \param hashlen message digest length (for SIG_RSA_RAW only) * \param hash buffer holding the message digest * \param sig buffer holding the ciphertext * diff --git a/library/rsa.c b/library/rsa.c index 94dbe4e36..924260bc5 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -406,7 +406,7 @@ int rsa_pkcs1_sign( rsa_context *ctx, switch( hash_id ) { - case RSA_RAW: + case SIG_RSA_RAW: nb_pad = olen - 3 - hashlen; break; @@ -458,7 +458,7 @@ int rsa_pkcs1_sign( rsa_context *ctx, switch( hash_id ) { - case RSA_RAW: + case SIG_RSA_RAW: memcpy( p, hash, hashlen ); break; @@ -606,7 +606,7 @@ int rsa_pkcs1_verify( rsa_context *ctx, return( POLARSSL_ERR_RSA_VERIFY_FAILED ); } - if( len == hashlen && hash_id == RSA_RAW ) + if( len == hashlen && hash_id == SIG_RSA_RAW ) { if( memcmp( p, hash, hashlen ) == 0 ) return( 0 ); diff --git a/library/ssl_cli.c b/library/ssl_cli.c index fe663e44c..809108163 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -411,7 +411,7 @@ static int ssl_parse_server_key_exchange( ssl_context *ssl ) SSL_DEBUG_BUF( 3, "parameters hash", hash, 36 ); if( ( ret = rsa_pkcs1_verify( &ssl->peer_cert->rsa, RSA_PUBLIC, - RSA_RAW, 36, hash, p ) ) != 0 ) + SIG_RSA_RAW, 36, hash, p ) ) != 0 ) { SSL_DEBUG_RET( 1, "rsa_pkcs1_verify", ret ); return( ret ); @@ -631,7 +631,7 @@ static int ssl_write_certificate_verify( ssl_context *ssl ) ssl->out_msg[4] = (unsigned char)( n >> 8 ); ssl->out_msg[5] = (unsigned char)( n ); - if( ( ret = rsa_pkcs1_sign( ssl->rsa_key, RSA_PRIVATE, RSA_RAW, + if( ( ret = rsa_pkcs1_sign( ssl->rsa_key, RSA_PRIVATE, SIG_RSA_RAW, 36, hash, ssl->out_msg + 6 ) ) != 0 ) { SSL_DEBUG_RET( 1, "rsa_pkcs1_sign", ret ); diff --git a/library/ssl_srv.c b/library/ssl_srv.c index c64c19737..078ee83f5 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -583,7 +583,7 @@ static int ssl_write_server_key_exchange( ssl_context *ssl ) ssl->out_msg[5 + n] = (unsigned char)( ssl->rsa_key->len ); ret = rsa_pkcs1_sign( ssl->rsa_key, RSA_PRIVATE, - RSA_RAW, 36, hash, ssl->out_msg + 6 + n ); + SIG_RSA_RAW, 36, hash, ssl->out_msg + 6 + n ); if( ret != 0 ) { SSL_DEBUG_RET( 1, "rsa_pkcs1_sign", ret ); @@ -806,7 +806,7 @@ static int ssl_parse_certificate_verify( ssl_context *ssl ) } ret = rsa_pkcs1_verify( &ssl->peer_cert->rsa, RSA_PUBLIC, - RSA_RAW, 36, hash, ssl->in_msg + 6 ); + SIG_RSA_RAW, 36, hash, ssl->in_msg + 6 ); if( ret != 0 ) { SSL_DEBUG_RET( 1, "rsa_pkcs1_verify", ret ); diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index ee392c4a0..065e84c0d 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -158,7 +158,7 @@ rsa_pkcs1_sign_raw:message_hex_string:hash_result_string:padding_mode:mod:radix_ msg_len = unhexify( message_str, {message_hex_string} ); hash_len = unhexify( hash_result, {hash_result_string} ); - TEST_ASSERT( rsa_pkcs1_sign( &ctx, RSA_PRIVATE, RSA_RAW, hash_len, hash_result, output ) == 0 ); + TEST_ASSERT( rsa_pkcs1_sign( &ctx, RSA_PRIVATE, SIG_RSA_RAW, hash_len, hash_result, output ) == 0 ); hexify( output_str, output, ctx.len ); @@ -190,7 +190,7 @@ rsa_pkcs1_verify_raw:message_hex_string:hash_result_string:padding_mode:mod:radi hash_len = unhexify( hash_result, {hash_result_string} ); unhexify( result_str, {result_hex_str} ); - TEST_ASSERT( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, RSA_RAW, hash_len, hash_result, result_str ) == {correct} ); + TEST_ASSERT( rsa_pkcs1_verify( &ctx, RSA_PUBLIC, SIG_RSA_RAW, hash_len, hash_result, result_str ) == {correct} ); } END_CASE