From 0ec0c05eda7baef91cd5c376457063ab1ca232d8 Mon Sep 17 00:00:00 2001 From: Andras Fekete Date: Wed, 4 Jan 2023 10:16:41 -0500 Subject: [PATCH] Change variable names to protect the innocent --- tests/api.c | 2 +- wolfcrypt/src/evp.c | 192 +++++++++++++++++++++--------------------- wolfssl/openssl/evp.h | 12 +-- 3 files changed, 103 insertions(+), 103 deletions(-) diff --git a/tests/api.c b/tests/api.c index a110de95b..3944c538b 100644 --- a/tests/api.c +++ b/tests/api.c @@ -46081,7 +46081,7 @@ static int test_evp_cipher_aes_gcm(void) /* * The call to EVP_CipherInit below (with NULL key) should clear the - * gcmIvGenEnable flag set by EVP_CTRL_GCM_SET_IV_FIXED. As such, a + * gcmccmIvGenEnable flag set by EVP_CTRL_GCM_SET_IV_FIXED. As such, a * subsequent EVP_CTRL_GCM_IV_GEN should fail. This matches OpenSSL * behavior. */ diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index c499ee54c..a7a7472e8 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -584,12 +584,12 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx, static int wolfSSL_EVP_CipherUpdate_GCM_AAD(WOLFSSL_EVP_CIPHER_CTX *ctx, const unsigned char *in, int inl) { if (in && inl > 0) { - byte* tmp = (byte*)XREALLOC(ctx->gcmAuthIn, - ctx->gcmAuthInSz + inl, NULL, DYNAMIC_TYPE_OPENSSL); + byte* tmp = (byte*)XREALLOC(ctx->gcmccmAuthIn, + ctx->gcmccmAuthInSz + inl, NULL, DYNAMIC_TYPE_OPENSSL); if (tmp) { - ctx->gcmAuthIn = tmp; - XMEMCPY(ctx->gcmAuthIn + ctx->gcmAuthInSz, in, inl); - ctx->gcmAuthInSz += inl; + ctx->gcmccmAuthIn = tmp; + XMEMCPY(ctx->gcmccmAuthIn + ctx->gcmccmAuthInSz, in, inl); + ctx->gcmccmAuthInSz += inl; } else { WOLFSSL_MSG("realloc error"); @@ -612,13 +612,13 @@ static int wolfSSL_EVP_CipherUpdate_GCM(WOLFSSL_EVP_CIPHER_CTX *ctx, /* Buffer input for one-shot API */ if (inl > 0) { byte* tmp; - tmp = (byte*)XREALLOC(ctx->gcmBuffer, - ctx->gcmBufferLen + inl, NULL, + tmp = (byte*)XREALLOC(ctx->gcmccmBuffer, + ctx->gcmccmBufferLen + inl, NULL, DYNAMIC_TYPE_OPENSSL); if (tmp) { - XMEMCPY(tmp + ctx->gcmBufferLen, in, inl); - ctx->gcmBufferLen += inl; - ctx->gcmBuffer = tmp; + XMEMCPY(tmp + ctx->gcmccmBufferLen, in, inl); + ctx->gcmccmBufferLen += inl; + ctx->gcmccmBuffer = tmp; *outl = 0; } else { @@ -678,12 +678,12 @@ static int wolfSSL_EVP_CipherUpdate_GCM(WOLFSSL_EVP_CIPHER_CTX *ctx, static int wolfSSL_EVP_CipherUpdate_CCM_AAD(WOLFSSL_EVP_CIPHER_CTX *ctx, const unsigned char *in, int inl) { if (in && inl > 0) { - byte* tmp = (byte*)XREALLOC(ctx->gcmAuthIn, - ctx->gcmAuthInSz + inl, NULL, DYNAMIC_TYPE_OPENSSL); + byte* tmp = (byte*)XREALLOC(ctx->gcmccmAuthIn, + ctx->gcmccmAuthInSz + inl, NULL, DYNAMIC_TYPE_OPENSSL); if (tmp) { - ctx->gcmAuthIn = tmp; - XMEMCPY(ctx->gcmAuthIn + ctx->gcmAuthInSz, in, inl); - ctx->gcmAuthInSz += inl; + ctx->gcmccmAuthIn = tmp; + XMEMCPY(ctx->gcmccmAuthIn + ctx->gcmccmAuthInSz, in, inl); + ctx->gcmccmAuthInSz += inl; } else { WOLFSSL_MSG("realloc error"); @@ -706,13 +706,13 @@ static int wolfSSL_EVP_CipherUpdate_CCM(WOLFSSL_EVP_CIPHER_CTX *ctx, /* Buffer input for one-shot API */ if (inl > 0) { byte* tmp; - tmp = (byte*)XREALLOC(ctx->gcmBuffer, - ctx->gcmBufferLen + inl, NULL, + tmp = (byte*)XREALLOC(ctx->gcmccmBuffer, + ctx->gcmccmBufferLen + inl, NULL, DYNAMIC_TYPE_OPENSSL); if (tmp) { - XMEMCPY(tmp + ctx->gcmBufferLen, in, inl); - ctx->gcmBufferLen += inl; - ctx->gcmBuffer = tmp; + XMEMCPY(tmp + ctx->gcmccmBufferLen, in, inl); + ctx->gcmccmBufferLen += inl; + ctx->gcmccmBuffer = tmp; *outl = 0; } else { @@ -968,36 +968,36 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out, case AES_192_GCM_TYPE: case AES_256_GCM_TYPE: #ifndef WOLFSSL_AESGCM_STREAM - if ((ctx->gcmBuffer && ctx->gcmBufferLen > 0) - || (ctx->gcmBufferLen == 0)) { + if ((ctx->gcmccmBuffer && ctx->gcmccmBufferLen > 0) + || (ctx->gcmccmBufferLen == 0)) { if (ctx->enc) ret = wc_AesGcmEncrypt(&ctx->cipher.aes, out, - ctx->gcmBuffer, ctx->gcmBufferLen, + ctx->gcmccmBuffer, ctx->gcmccmBufferLen, ctx->iv, ctx->ivSz, ctx->authTag, ctx->authTagSz, - ctx->gcmAuthIn, ctx->gcmAuthInSz); + ctx->gcmccmAuthIn, ctx->gcmccmAuthInSz); else ret = wc_AesGcmDecrypt(&ctx->cipher.aes, out, - ctx->gcmBuffer, ctx->gcmBufferLen, + ctx->gcmccmBuffer, ctx->gcmccmBufferLen, ctx->iv, ctx->ivSz, ctx->authTag, ctx->authTagSz, - ctx->gcmAuthIn, ctx->gcmAuthInSz); + ctx->gcmccmAuthIn, ctx->gcmccmAuthInSz); if (ret == 0) { ret = WOLFSSL_SUCCESS; - *outl = ctx->gcmBufferLen; + *outl = ctx->gcmccmBufferLen; } else { ret = WOLFSSL_FAILURE; *outl = 0; } - XFREE(ctx->gcmBuffer, NULL, DYNAMIC_TYPE_OPENSSL); - ctx->gcmBuffer = NULL; - ctx->gcmBufferLen = 0; + XFREE(ctx->gcmccmBuffer, NULL, DYNAMIC_TYPE_OPENSSL); + ctx->gcmccmBuffer = NULL; + ctx->gcmccmBufferLen = 0; - if (ctx->gcmIncIv) { + if (ctx->gcmccmIncIv) { IncCtr((byte*)ctx->cipher.aes.reg, ctx->cipher.aes.nonceSz); - ctx->gcmIncIv = 0; + ctx->gcmccmIncIv = 0; } } else { @@ -1013,7 +1013,7 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out, else { ret = wc_AesGcmDecryptFinal(&ctx->cipher.aes, ctx->authTag, ctx->authTagSz); - if (ctx->gcmIncIv) { + if (ctx->gcmccmIncIv) { IncCtr((byte*)ctx->cipher.aes.reg, ctx->cipher.aes.nonceSz); } } @@ -1034,8 +1034,8 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out, } #endif /* WOLFSSL_AESGCM_STREAM */ if (ret == WOLFSSL_SUCCESS) { - if (ctx->gcmIncIv) { - ctx->gcmIncIv = 0; + if (ctx->gcmccmIncIv) { + ctx->gcmccmIncIv = 0; } else { /* Clear IV, since IV reuse is not recommended for AES GCM. */ @@ -1054,36 +1054,36 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out, case AES_192_CCM_TYPE: case AES_256_CCM_TYPE: #ifndef WOLFSSL_AESCCM_STREAM - if ((ctx->gcmBuffer && ctx->gcmBufferLen > 0) - || (ctx->gcmBufferLen == 0)) { + if ((ctx->gcmccmBuffer && ctx->gcmccmBufferLen > 0) + || (ctx->gcmccmBufferLen == 0)) { if (ctx->enc) ret = wc_AesCcmEncrypt(&ctx->cipher.aes, out, - ctx->gcmBuffer, ctx->gcmBufferLen, + ctx->gcmccmBuffer, ctx->gcmccmBufferLen, ctx->iv, ctx->ivSz, ctx->authTag, ctx->authTagSz, - ctx->gcmAuthIn, ctx->gcmAuthInSz); + ctx->gcmccmAuthIn, ctx->gcmccmAuthInSz); else ret = wc_AesCcmDecrypt(&ctx->cipher.aes, out, - ctx->gcmBuffer, ctx->gcmBufferLen, + ctx->gcmccmBuffer, ctx->gcmccmBufferLen, ctx->iv, ctx->ivSz, ctx->authTag, ctx->authTagSz, - ctx->gcmAuthIn, ctx->gcmAuthInSz); + ctx->gcmccmAuthIn, ctx->gcmccmAuthInSz); if (ret == 0) { ret = WOLFSSL_SUCCESS; - *outl = ctx->gcmBufferLen; + *outl = ctx->gcmccmBufferLen; } else { ret = WOLFSSL_FAILURE; *outl = 0; } - XFREE(ctx->gcmBuffer, NULL, DYNAMIC_TYPE_OPENSSL); - ctx->gcmBuffer = NULL; - ctx->gcmBufferLen = 0; + XFREE(ctx->gcmccmBuffer, NULL, DYNAMIC_TYPE_OPENSSL); + ctx->gcmccmBuffer = NULL; + ctx->gcmccmBufferLen = 0; - if (ctx->gcmIncIv) { + if (ctx->gcmccmIncIv) { IncCtr((byte*)ctx->cipher.aes.reg, ctx->cipher.aes.nonceSz); - ctx->gcmIncIv = 0; + ctx->gcmccmIncIv = 0; } } else { @@ -1093,8 +1093,8 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out, ret = WOLFSSL_FAILURE; /* not supported */ #endif /* WOLFSSL_AESCCM_STREAM */ if (ret == WOLFSSL_SUCCESS) { - if (ctx->gcmIncIv) { - ctx->gcmIncIv = 0; + if (ctx->gcmccmIncIv) { + ctx->gcmccmIncIv = 0; } else { /* Clear IV, since IV reuse is not recommended for AES CCM. */ @@ -1199,7 +1199,7 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out, ctx->cipherType == AES_256_CCM_TYPE #endif ) { - tmp = ctx->gcmIvGenEnable; + tmp = ctx->gcmccmIvGenEnable; } #endif @@ -1220,7 +1220,7 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out, ctx->cipherType == AES_256_CCM_TYPE #endif ) { - ctx->gcmIvGenEnable = tmp; + ctx->gcmccmIvGenEnable = tmp; } #endif } @@ -5881,7 +5881,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) * command be issued before a EVP_CTRL_GCM_IV_GEN command. * This flag is used to enforce that. */ - ctx->gcmIvGenEnable = 1; + ctx->gcmccmIvGenEnable = 1; } #endif #endif /* !WC_NO_RNG */ @@ -5898,7 +5898,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) case EVP_CTRL_GCM_IV_GEN: if ((ctx->flags & WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER) == 0) break; - if (!ctx->gcmIvGenEnable) { + if (!ctx->gcmccmIvGenEnable) { WOLFSSL_MSG("Must use EVP_CTRL_AEAD_SET_IV_FIXED before " "EVP_CTRL_GCM_IV_GEN"); break; @@ -5926,7 +5926,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) * The gcmIncIV flag indicates that the IV should be incremented * after the next cipher operation. */ - ctx->gcmIncIv = 1; + ctx->gcmccmIncIv = 1; ret = WOLFSSL_SUCCESS; break; #endif /* HAVE_AESGCM && !_WIN32 && !HAVE_SELFTEST && (!HAVE_FIPS || @@ -6019,18 +6019,18 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) #endif ctx->keyLen = 0; #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) - if (ctx->gcmBuffer) { - XFREE(ctx->gcmBuffer, NULL, DYNAMIC_TYPE_OPENSSL); - ctx->gcmBuffer = NULL; + if (ctx->gcmccmBuffer) { + XFREE(ctx->gcmccmBuffer, NULL, DYNAMIC_TYPE_OPENSSL); + ctx->gcmccmBuffer = NULL; } - ctx->gcmBufferLen = 0; - if (ctx->gcmAuthIn) { - XFREE(ctx->gcmAuthIn, NULL, DYNAMIC_TYPE_OPENSSL); - ctx->gcmAuthIn = NULL; + ctx->gcmccmBufferLen = 0; + if (ctx->gcmccmAuthIn) { + XFREE(ctx->gcmccmAuthIn, NULL, DYNAMIC_TYPE_OPENSSL); + ctx->gcmccmAuthIn = NULL; } - ctx->gcmAuthInSz = 0; - ctx->gcmIvGenEnable = 0; - ctx->gcmIncIv = 0; + ctx->gcmccmAuthInSz = 0; + ctx->gcmccmIvGenEnable = 0; + ctx->gcmccmIncIv = 0; #endif } @@ -6149,11 +6149,11 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) { int ret = WOLFSSL_SUCCESS; - if (ctx->gcmAuthIn) { - XFREE(ctx->gcmAuthIn, NULL, DYNAMIC_TYPE_OPENSSL); - ctx->gcmAuthIn = NULL; + if (ctx->gcmccmAuthIn) { + XFREE(ctx->gcmccmAuthIn, NULL, DYNAMIC_TYPE_OPENSSL); + ctx->gcmccmAuthIn = NULL; } - ctx->gcmAuthInSz = 0; + ctx->gcmccmAuthInSz = 0; ctx->block_size = AES_BLOCK_SIZE; ctx->authTagSz = AES_BLOCK_SIZE; @@ -6225,7 +6225,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) * If a key is provided, the flag retains its value. */ if (ret == WOLFSSL_SUCCESS && key == NULL) { - ctx->gcmIvGenEnable = 0; + ctx->gcmccmIvGenEnable = 0; } return ret; @@ -6245,19 +6245,19 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) if (ctx->enc) { ret = wc_AesGcmEncrypt(&ctx->cipher.aes, dst, src, len, ctx->iv, ctx->ivSz, ctx->authTag, - ctx->authTagSz, ctx->gcmAuthIn, - ctx->gcmAuthInSz); + ctx->authTagSz, ctx->gcmccmAuthIn, + ctx->gcmccmAuthInSz); } else { ret = wc_AesGcmDecrypt(&ctx->cipher.aes, dst, src, len, ctx->iv, ctx->ivSz, ctx->authTag, - ctx->authTagSz, ctx->gcmAuthIn, - ctx->gcmAuthInSz); + ctx->authTagSz, ctx->gcmccmAuthIn, + ctx->gcmccmAuthInSz); } - if (ctx->gcmIncIv) { + if (ctx->gcmccmIncIv) { IncCtr((byte*)ctx->cipher.aes.reg, ctx->cipher.aes.nonceSz); - ctx->gcmIncIv = 0; + ctx->gcmccmIncIv = 0; } } #else @@ -6306,7 +6306,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) /* Calculate authentication tag and compare. */ ret = wc_AesGcmDecryptFinal(&ctx->cipher.aes, ctx->authTag, ctx->authTagSz); - if (ctx->gcmIncIv) { + if (ctx->gcmccmIncIv) { IncCtr((byte*)ctx->cipher.aes.reg, ctx->cipher.aes.nonceSz); } @@ -6318,7 +6318,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) WOLFSSL_MSG("wc_AesGcmInit failed"); return WOLFSSL_FATAL_ERROR; } - ctx->gcmIncIv = 0; + ctx->gcmccmIncIv = 0; } #endif /* WOLFSSL_AESGCM_STREAM */ if (src == NULL) { @@ -6326,10 +6326,10 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) * Clear any leftover AAD on final (final is when src is * NULL). */ - if (ctx->gcmAuthIn != NULL) { - XMEMSET(ctx->gcmAuthIn, 0, ctx->gcmAuthInSz); + if (ctx->gcmccmAuthIn != NULL) { + XMEMSET(ctx->gcmccmAuthIn, 0, ctx->gcmccmAuthInSz); } - ctx->gcmAuthInSz = 0; + ctx->gcmccmAuthInSz = 0; } if (ret == 0) { ret = len; @@ -6349,11 +6349,11 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) { int ret = WOLFSSL_SUCCESS; - if (ctx->gcmAuthIn) { - XFREE(ctx->gcmAuthIn, NULL, DYNAMIC_TYPE_OPENSSL); - ctx->gcmAuthIn = NULL; + if (ctx->gcmccmAuthIn) { + XFREE(ctx->gcmccmAuthIn, NULL, DYNAMIC_TYPE_OPENSSL); + ctx->gcmccmAuthIn = NULL; } - ctx->gcmAuthInSz = 0; + ctx->gcmccmAuthInSz = 0; ctx->block_size = AES_BLOCK_SIZE; ctx->authTagSz = AES_BLOCK_SIZE; @@ -6425,7 +6425,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) * If a key is provided, the flag retains its value. */ if (ret == WOLFSSL_SUCCESS && key == NULL) { - ctx->gcmIvGenEnable = 0; + ctx->gcmccmIvGenEnable = 0; } return ret; @@ -6445,19 +6445,19 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) if (ctx->enc) { ret = wc_AesCcmEncrypt(&ctx->cipher.aes, dst, src, len, ctx->iv, ctx->ivSz, ctx->authTag, - ctx->authTagSz, ctx->gcmAuthIn, - ctx->gcmAuthInSz); + ctx->authTagSz, ctx->gcmccmAuthIn, + ctx->gcmccmAuthInSz); } else { ret = wc_AesCcmDecrypt(&ctx->cipher.aes, dst, src, len, ctx->iv, ctx->ivSz, ctx->authTag, - ctx->authTagSz, ctx->gcmAuthIn, - ctx->gcmAuthInSz); + ctx->authTagSz, ctx->gcmccmAuthIn, + ctx->gcmccmAuthInSz); } - if (ctx->gcmIncIv) { + if (ctx->gcmccmIncIv) { IncCtr((byte*)ctx->cipher.aes.reg, ctx->cipher.aes.nonceSz); - ctx->gcmIncIv = 0; + ctx->gcmccmIncIv = 0; } } #else @@ -6506,7 +6506,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) /* Calculate authentication tag and compare. */ ret = wc_AesCcmDecryptFinal(&ctx->cipher.aes, ctx->authTag, ctx->authTagSz); - if (ctx->gcmIncIv) { + if (ctx->gcmccmIncIv) { IncCtr((byte*)ctx->cipher.aes.reg, ctx->cipher.aes.nonceSz); } @@ -6518,7 +6518,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) WOLFSSL_MSG("wc_AesCcmInit failed"); return WOLFSSL_FATAL_ERROR; } - ctx->gcmIncIv = 0; + ctx->gcmccmIncIv = 0; } #endif /* WOLFSSL_AESCCM_STREAM */ if (src == NULL) { @@ -6526,10 +6526,10 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) * Clear any leftover AAD on final (final is when src is * NULL). */ - if (ctx->gcmAuthIn != NULL) { - XMEMSET(ctx->gcmAuthIn, 0, ctx->gcmAuthInSz); + if (ctx->gcmccmAuthIn != NULL) { + XMEMSET(ctx->gcmccmAuthIn, 0, ctx->gcmccmAuthInSz); } - ctx->gcmAuthInSz = 0; + ctx->gcmccmAuthInSz = 0; } if (ret == 0) { ret = len; diff --git a/wolfssl/openssl/evp.h b/wolfssl/openssl/evp.h index a7d35c6d1..1c1a54e6a 100644 --- a/wolfssl/openssl/evp.h +++ b/wolfssl/openssl/evp.h @@ -436,10 +436,10 @@ struct WOLFSSL_EVP_CIPHER_CTX { #define HAVE_WOLFSSL_EVP_CIPHER_CTX_IV int ivSz; #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) - byte* gcmBuffer; - int gcmBufferLen; - byte* gcmAuthIn; - int gcmAuthInSz; + byte* gcmccmBuffer; + int gcmccmBufferLen; + byte* gcmccmAuthIn; + int gcmccmAuthInSz; #endif #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) byte* key; /* used in partial Init()s */ @@ -453,8 +453,8 @@ struct WOLFSSL_EVP_CIPHER_CTX { int authTagSz; #endif #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) - byte gcmIvGenEnable:1; - byte gcmIncIv:1; + byte gcmccmIvGenEnable:1; + byte gcmccmIncIv:1; #endif #endif };