🔧 Replace RSA related deprecated functions (#189)

kleinmrk · web-flow · commit 55aaf31ad852 · 2021-11-22T20:18:50.000-08:00
* RSA_size() --&gt; EVP_PKEY_size()

* getting rid of deprecated functions in rsa-pss signature creation

* getting rid of deprecated functions in rsa-pss signature verification

* generate_hash not used in pss
diff --git a/include/jwt-cpp/jwt.h b/include/jwt-cpp/jwt.h
@@ -185,7 +185,8 @@ namespace jwt {
 			verifyinit_failed,
 			verifyupdate_failed,
 			verifyfinal_failed,
-			get_key_failed
+			get_key_failed,
+			set_rsa_pss_saltlen_failed
 		};
 		/**
 		 * \brief Error category for verification errors
@@ -208,6 +209,8 @@ namespace jwt {
 						return "failed to verify signature: VerifyFinal failed";
 					case signature_verification_error::get_key_failed:
 						return "failed to verify signature: Could not get key";
+					case signature_verification_error::set_rsa_pss_saltlen_failed:
+						return "failed to verify signature: EVP_PKEY_CTX_set_rsa_pss_saltlen failed";
 					default: return "unknown signature verification error";
 					}
 				}
@@ -236,7 +239,8 @@ namespace jwt {
 			digestfinal_failed,
 			rsa_padding_failed,
 			rsa_private_encrypt_failed,
-			get_key_failed
+			get_key_failed,
+			set_rsa_pss_saltlen_failed,
 		};
 		/**
 		 * \brief Error category for signature generation errors
@@ -265,11 +269,13 @@ namespace jwt {
 					case signature_generation_error::digestfinal_failed:
 						return "failed to create signature: DigestFinal failed";
 					case signature_generation_error::rsa_padding_failed:
-						return "failed to create signature: RSA_padding_add_PKCS1_PSS failed";
+						return "failed to create signature: EVP_PKEY_CTX_set_rsa_padding failed";
 					case signature_generation_error::rsa_private_encrypt_failed:
 						return "failed to create signature: RSA_private_encrypt failed";
 					case signature_generation_error::get_key_failed:
 						return "failed to generate signature: Could not get key";
+					case signature_generation_error::set_rsa_pss_saltlen_failed:
+						return "failed to create signature: EVP_PKEY_CTX_set_rsa_pss_saltlen failed";
 					default: return "unknown signature generation error";
 					}
 				}
@@ -1308,31 +1314,48 @@ namespace jwt {
 			 */
 			std::string sign(const std::string& data, std::error_code& ec) const {
 				ec.clear();
-				auto hash = this->generate_hash(data, ec);
-				if (ec) return {};
-
-				std::unique_ptr<RSA, decltype(&RSA_free)> key(EVP_PKEY_get1_RSA(pkey.get()), RSA_free);
-				if (!key) {
-					ec = error::signature_generation_error::get_key_failed;
+#ifdef JWT_OPENSSL_1_0_0
+				std::unique_ptr<EVP_MD_CTX, decltype(&EVP_MD_CTX_destroy)> md_ctx(EVP_MD_CTX_create(),
+																				  &EVP_MD_CTX_destroy);
+#else
+				std::unique_ptr<EVP_MD_CTX, decltype(&EVP_MD_CTX_free)> md_ctx(EVP_MD_CTX_new(), EVP_MD_CTX_free);
+#endif
+				if (!md_ctx) {
+					ec = error::signature_generation_error::create_context_failed;
 					return {};
 				}
-				const int size = RSA_size(key.get());
-
-				std::string padded(size, 0x00);
-				if (RSA_padding_add_PKCS1_PSS(key.get(), (unsigned char*)padded.data(),
-											  reinterpret_cast<const unsigned char*>(hash.data()), md(),
-											  -1) == 0) { // NOLINT(google-readability-casting) requires `const_cast`
+				EVP_PKEY_CTX* ctx = nullptr;
+				if (EVP_DigestSignInit(md_ctx.get(), &ctx, md(), nullptr, pkey.get()) != 1) {
+					ec = error::signature_generation_error::signinit_failed;
+					return {};
+				}
+				if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PSS_PADDING) <= 0) {
 					ec = error::signature_generation_error::rsa_padding_failed;
 					return {};
 				}
+// wolfSSL does not require EVP_PKEY_CTX_set_rsa_pss_saltlen. The default behavior
+// sets the salt length to the hash length. Unlike OpenSSL which exposes this functionality.
+#ifndef LIBWOLFSSL_VERSION_HEX
+				if (EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, -1) <= 0) {
+					ec = error::signature_generation_error::set_rsa_pss_saltlen_failed;
+					return {};
+				}
+#endif
+				if (EVP_DigestUpdate(md_ctx.get(), data.data(), data.size()) != 1) {
+					ec = error::signature_generation_error::digestupdate_failed;
+					return {};
+				}
 
+				size_t size = EVP_PKEY_size(pkey.get());
 				std::string res(size, 0x00);
-				if (RSA_private_encrypt(size, reinterpret_cast<const unsigned char*>(padded.data()),
-										(unsigned char*)res.data(), key.get(), RSA_NO_PADDING) <
-					0) { // NOLINT(google-readability-casting) requires `const_cast`
-					ec = error::signature_generation_error::rsa_private_encrypt_failed;
+				if (EVP_DigestSignFinal(
+						md_ctx.get(),
+						(unsigned char*)res.data(), // NOLINT(google-readability-casting) requires `const_cast`
+						&size) <= 0) {
+					ec = error::signature_generation_error::signfinal_failed;
 					return {};
 				}
+
 				return res;
 			}
 
@@ -1344,28 +1367,41 @@ namespace jwt {
 			 */
 			void verify(const std::string& data, const std::string& signature, std::error_code& ec) const {
 				ec.clear();
-				auto hash = this->generate_hash(data, ec);
-				if (ec) return;
 
-				std::unique_ptr<RSA, decltype(&RSA_free)> key(EVP_PKEY_get1_RSA(pkey.get()), RSA_free);
-				if (!key) {
-					ec = error::signature_verification_error::get_key_failed;
+#ifdef JWT_OPENSSL_1_0_0
+				std::unique_ptr<EVP_MD_CTX, decltype(&EVP_MD_CTX_destroy)> md_ctx(EVP_MD_CTX_create(),
+																				  &EVP_MD_CTX_destroy);
+#else
+				std::unique_ptr<EVP_MD_CTX, decltype(&EVP_MD_CTX_free)> md_ctx(EVP_MD_CTX_new(), EVP_MD_CTX_free);
+#endif
+				if (!md_ctx) {
+					ec = error::signature_verification_error::create_context_failed;
 					return;
 				}
-				const int size = RSA_size(key.get());
-
-				std::string sig(size, 0x00);
-				if (RSA_public_decrypt(
-						static_cast<int>(signature.size()), reinterpret_cast<const unsigned char*>(signature.data()),
-						(unsigned char*)sig.data(), // NOLINT(google-readability-casting) requires `const_cast`
-						key.get(), RSA_NO_PADDING) == 0) {
-					ec = error::signature_verification_error::invalid_signature;
+				EVP_PKEY_CTX* ctx = nullptr;
+				if (EVP_DigestVerifyInit(md_ctx.get(), &ctx, md(), nullptr, pkey.get()) != 1) {
+					ec = error::signature_verification_error::verifyinit_failed;
+					return;
+				}
+				if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PSS_PADDING) <= 0) {
+					ec = error::signature_generation_error::rsa_padding_failed;
+					return;
+				}
+// wolfSSL does not require EVP_PKEY_CTX_set_rsa_pss_saltlen. The default behavior
+// sets the salt length to the hash length. Unlike OpenSSL which exposes this functionality.
+#ifndef LIBWOLFSSL_VERSION_HEX
+				if (EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, -1) <= 0) {
+					ec = error::signature_verification_error::set_rsa_pss_saltlen_failed;
+					return;
+				}
+#endif
+				if (EVP_DigestUpdate(md_ctx.get(), data.data(), data.size()) != 1) {
+					ec = error::signature_verification_error::verifyupdate_failed;
 					return;
 				}
 
-				if (RSA_verify_PKCS1_PSS(key.get(), reinterpret_cast<const unsigned char*>(hash.data()), md(),
-										 reinterpret_cast<const unsigned char*>(sig.data()), -1) == 0) {
-					ec = error::signature_verification_error::invalid_signature;
+				if (EVP_DigestVerifyFinal(md_ctx.get(), (unsigned char*)signature.data(), signature.size()) <= 0) {
+					ec = error::signature_verification_error::verifyfinal_failed;
 					return;
 				}
 			}
@@ -1376,41 +1412,6 @@ namespace jwt {
 			std::string name() const { return alg_name; }
 
 		private:
-			/**
-			 * Hash the provided data using the hash function specified in constructor
-			 * \param data Data to hash
-			 * \return Hash of data
-			 */
-			std::string generate_hash(const std::string& data, std::error_code& ec) const {
-#ifdef JWT_OPENSSL_1_0_0
-				std::unique_ptr<EVP_MD_CTX, decltype(&EVP_MD_CTX_destroy)> ctx(EVP_MD_CTX_create(),
-																			   &EVP_MD_CTX_destroy);
-#else
-				std::unique_ptr<EVP_MD_CTX, decltype(&EVP_MD_CTX_free)> ctx(EVP_MD_CTX_new(), EVP_MD_CTX_free);
-#endif
-				if (!ctx) {
-					ec = error::signature_generation_error::create_context_failed;
-					return {};
-				}
-				if (EVP_DigestInit(ctx.get(), md()) == 0) {
-					ec = error::signature_generation_error::digestinit_failed;
-					return {};
-				}
-				if (EVP_DigestUpdate(ctx.get(), data.data(), data.size()) == 0) {
-					ec = error::signature_generation_error::digestupdate_failed;
-					return {};
-				}
-				unsigned int len = 0;
-				std::string res(EVP_MD_CTX_size(ctx.get()), '\0');
-				if (EVP_DigestFinal(ctx.get(), (unsigned char*)res.data(), &len) ==
-					0) { // NOLINT(google-readability-casting) requires `const_cast`
-					ec = error::signature_generation_error::digestfinal_failed;
-					return {};
-				}
-				res.resize(len);
-				return res;
-			}
-
 			/// OpenSSL structure containing keys
 			std::shared_ptr<EVP_PKEY> pkey;
 			/// Hash generator function
diff --git a/tests/HelperTest.cpp b/tests/HelperTest.cpp
@@ -59,14 +59,14 @@ TEST(HelperTest, ErrorCodeMessages) {
 	ASSERT_EQ(std::error_code(static_cast<jwt::error::ecdsa_error>(i)).message(),
 			  std::error_code(static_cast<jwt::error::ecdsa_error>(-1)).message());
 
-	for (i = 10; i < 16; i++) {
+	for (i = 10; i < 17; i++) {
 		ASSERT_NE(std::error_code(static_cast<jwt::error::signature_verification_error>(i)).message(),
 				  std::error_code(static_cast<jwt::error::signature_verification_error>(-1)).message());
 	}
 	ASSERT_EQ(std::error_code(static_cast<jwt::error::signature_verification_error>(i)).message(),
 			  std::error_code(static_cast<jwt::error::signature_verification_error>(-1)).message());
 
-	for (i = 10; i < 22; i++) {
+	for (i = 10; i < 23; i++) {
 		ASSERT_NE(std::error_code(static_cast<jwt::error::signature_generation_error>(i)).message(),
 				  std::error_code(static_cast<jwt::error::signature_generation_error>(-1)).message());
 	}
diff --git a/tests/OpenSSLErrorTest.cpp b/tests/OpenSSLErrorTest.cpp
@@ -43,6 +43,8 @@ static uint64_t fail_EVP_DigestSign = 0;
 static uint64_t fail_EVP_DigestVerifyInit = 0;
 static uint64_t fail_EVP_DigestVerify = 0;
 static uint64_t fail_EVP_PKEY_get1_EC_KEY = 0;
+static uint64_t fail_EVP_DigestSignFinal = 0;
+static uint64_t fail_EVP_DigestVerifyFinal = 0;
 
 BIO* BIO_new(const BIO_METHOD* type) {
 	static BIO* (*origMethod)(const BIO_METHOD*) = nullptr;
@@ -195,6 +197,17 @@ EVP_MD_CTX* EVP_MD_CTX_new(void) {
 		return origMethod();
 }
 
+int EVP_DigestSignFinal(EVP_MD_CTX* ctx, unsigned char* sigret, size_t* siglen) {
+	static int (*origMethod)(EVP_MD_CTX * ctx, unsigned char* sigret, size_t* siglen) = nullptr;
+	if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "EVP_DigestSignFinal");
+	bool fail = fail_EVP_DigestSignFinal & 1;
+	fail_EVP_DigestSignFinal = fail_EVP_DigestSignFinal >> 1;
+	if (fail)
+		return 0;
+	else
+		return origMethod(ctx, sigret, siglen);
+}
+
 int EVP_DigestInit(EVP_MD_CTX* ctx, const EVP_MD* type) {
 	static int (*origMethod)(EVP_MD_CTX * ctx, const EVP_MD* type) = nullptr;
 	if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "EVP_DigestInit");
@@ -354,6 +367,17 @@ EC_KEY* EVP_PKEY_get1_EC_KEY(EVP_PKEY* pkey) {
 		return origMethod(pkey);
 }
 
+int EVP_DigestVerifyFinal(EVP_MD_CTX* ctx, const unsigned char* sigret, size_t siglen) {
+	static int (*origMethod)(EVP_MD_CTX * ctx, const unsigned char* sigret, size_t siglen) = nullptr;
+	if (origMethod == nullptr) origMethod = (decltype(origMethod))dlsym(RTLD_NEXT, "EVP_DigestVerifyFinal");
+	bool fail = fail_EVP_DigestVerifyFinal & 1;
+	fail_EVP_DigestVerifyFinal = fail_EVP_DigestVerifyFinal >> 1;
+	if (fail)
+		return 0;
+	else
+		return origMethod(ctx, sigret, siglen);
+}
+
 /**
  * =========== End of black magic ============
  */
@@ -728,11 +752,10 @@ TEST(OpenSSLErrorTest, PS256SignErrorCode) {
 	jwt::algorithm::ps256 alg{rsa_pub_key, rsa_priv_key};
 	std::vector<multitest_entry> mapping{
 		{&fail_EVP_MD_CTX_new, 1, jwt::error::signature_generation_error::create_context_failed},
-		{&fail_EVP_DigestInit, 1, jwt::error::signature_generation_error::digestinit_failed},
+		{&fail_EVP_DigestSignInit, 1, jwt::error::signature_generation_error::signinit_failed},
 		{&fail_EVP_DigestUpdate, 1, jwt::error::signature_generation_error::digestupdate_failed},
-		{&fail_EVP_DigestFinal, 1, jwt::error::signature_generation_error::digestfinal_failed},
-		{&fail_EVP_PKEY_get1_RSA, 1, jwt::error::signature_generation_error::get_key_failed}
-		//TODO: RSA_padding_add_PKCS1_PSS, RSA_private_encrypt
+		{&fail_EVP_DigestSignFinal, 1, jwt::error::signature_generation_error::signfinal_failed},
+		//TODO: EVP_PKEY_CTX_set_rsa_padding, EVP_PKEY_CTX_set_rsa_pss_saltlen
 	};
 
 	run_multitest(mapping, [&alg](std::error_code& ec) {
@@ -751,12 +774,10 @@ TEST(OpenSSLErrorTest, PS256VerifyErrorCode) {
 		"B59uW3x1QUCKYKgZeqZOoqIP1YgLwvEpPtXYutQCFr4eBKgV7vdtE0wgHR43ka16fi5L4SyaZv53NCg==";
 	signature = jwt::base::decode<jwt::alphabet::base64>(signature);
 	std::vector<multitest_entry> mapping{
-		{&fail_EVP_MD_CTX_new, 1, jwt::error::signature_generation_error::create_context_failed},
-		{&fail_EVP_DigestInit, 1, jwt::error::signature_generation_error::digestinit_failed},
-		{&fail_EVP_DigestUpdate, 1, jwt::error::signature_generation_error::digestupdate_failed},
-		{&fail_EVP_DigestFinal, 1, jwt::error::signature_generation_error::digestfinal_failed},
-		{&fail_EVP_PKEY_get1_RSA, 1, jwt::error::signature_verification_error::get_key_failed}
-		//TODO: RSA_public_decrypt
+		{&fail_EVP_MD_CTX_new, 1, jwt::error::signature_verification_error::create_context_failed},
+		{&fail_EVP_DigestVerifyInit, 1, jwt::error::signature_verification_error::verifyinit_failed},
+		{&fail_EVP_DigestUpdate, 1, jwt::error::signature_verification_error::verifyupdate_failed},
+		{&fail_EVP_DigestVerifyFinal, 1, jwt::error::signature_verification_error::verifyfinal_failed},
 	};
 
 	run_multitest(mapping, [&alg, &signature](std::error_code& ec) { alg.verify("testdata", signature, ec); });
