feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Change variable names to protect the innocent

Browse Source
This commit is contained in:
Andras Fekete
2023-01-04 10:16:41 -05:00
parent c21f5f3757
commit 0ec0c05eda
3 changed files with 103 additions and 103 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
tests/api.c
View File

@ -46081,7 +46081,7 @@ static int test_evp_cipher_aes_gcm(void)
/* /*
* The call to EVP_CipherInit below (with NULL key) should clear the * The call to EVP_CipherInit below (with NULL key) should clear the
* gcmIvGenEnable flag set by EVP_CTRL_GCM_SET_IV_FIXED. As such, a * gcmccmIvGenEnable flag set by EVP_CTRL_GCM_SET_IV_FIXED. As such, a
* subsequent EVP_CTRL_GCM_IV_GEN should fail. This matches OpenSSL * subsequent EVP_CTRL_GCM_IV_GEN should fail. This matches OpenSSL
* behavior. * behavior.
*/ */

192
wolfcrypt/src/evp.c
View File

@ -584,12 +584,12 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx,
static int wolfSSL_EVP_CipherUpdate_GCM_AAD(WOLFSSL_EVP_CIPHER_CTX *ctx, static int wolfSSL_EVP_CipherUpdate_GCM_AAD(WOLFSSL_EVP_CIPHER_CTX *ctx,
const unsigned char *in, int inl) { const unsigned char *in, int inl) {
if (in && inl > 0) { if (in && inl > 0) {
byte* tmp = (byte*)XREALLOC(ctx->gcmAuthIn, byte* tmp = (byte*)XREALLOC(ctx->gcmccmAuthIn,
ctx->gcmAuthInSz + inl, NULL, DYNAMIC_TYPE_OPENSSL); ctx->gcmccmAuthInSz + inl, NULL, DYNAMIC_TYPE_OPENSSL);
if (tmp) { if (tmp) {
ctx->gcmAuthIn = tmp; ctx->gcmccmAuthIn = tmp;
XMEMCPY(ctx->gcmAuthIn + ctx->gcmAuthInSz, in, inl); XMEMCPY(ctx->gcmccmAuthIn + ctx->gcmccmAuthInSz, in, inl);
ctx->gcmAuthInSz += inl; ctx->gcmccmAuthInSz += inl;
} }
else { else {
WOLFSSL_MSG("realloc error"); WOLFSSL_MSG("realloc error");
@ -612,13 +612,13 @@ static int wolfSSL_EVP_CipherUpdate_GCM(WOLFSSL_EVP_CIPHER_CTX *ctx,
/* Buffer input for one-shot API */ /* Buffer input for one-shot API */
if (inl > 0) { if (inl > 0) {
byte* tmp; byte* tmp;
tmp = (byte*)XREALLOC(ctx->gcmBuffer, tmp = (byte*)XREALLOC(ctx->gcmccmBuffer,
ctx->gcmBufferLen + inl, NULL, ctx->gcmccmBufferLen + inl, NULL,
DYNAMIC_TYPE_OPENSSL); DYNAMIC_TYPE_OPENSSL);
if (tmp) { if (tmp) {
XMEMCPY(tmp + ctx->gcmBufferLen, in, inl); XMEMCPY(tmp + ctx->gcmccmBufferLen, in, inl);
ctx->gcmBufferLen += inl; ctx->gcmccmBufferLen += inl;
ctx->gcmBuffer = tmp; ctx->gcmccmBuffer = tmp;
*outl = 0; *outl = 0;
} }
else { else {
@ -678,12 +678,12 @@ static int wolfSSL_EVP_CipherUpdate_GCM(WOLFSSL_EVP_CIPHER_CTX *ctx,
static int wolfSSL_EVP_CipherUpdate_CCM_AAD(WOLFSSL_EVP_CIPHER_CTX *ctx, static int wolfSSL_EVP_CipherUpdate_CCM_AAD(WOLFSSL_EVP_CIPHER_CTX *ctx,
const unsigned char *in, int inl) { const unsigned char *in, int inl) {
if (in && inl > 0) { if (in && inl > 0) {
byte* tmp = (byte*)XREALLOC(ctx->gcmAuthIn, byte* tmp = (byte*)XREALLOC(ctx->gcmccmAuthIn,
ctx->gcmAuthInSz + inl, NULL, DYNAMIC_TYPE_OPENSSL); ctx->gcmccmAuthInSz + inl, NULL, DYNAMIC_TYPE_OPENSSL);
if (tmp) { if (tmp) {
ctx->gcmAuthIn = tmp; ctx->gcmccmAuthIn = tmp;
XMEMCPY(ctx->gcmAuthIn + ctx->gcmAuthInSz, in, inl); XMEMCPY(ctx->gcmccmAuthIn + ctx->gcmccmAuthInSz, in, inl);
ctx->gcmAuthInSz += inl; ctx->gcmccmAuthInSz += inl;
} }
else { else {
WOLFSSL_MSG("realloc error"); WOLFSSL_MSG("realloc error");
@ -706,13 +706,13 @@ static int wolfSSL_EVP_CipherUpdate_CCM(WOLFSSL_EVP_CIPHER_CTX *ctx,
/* Buffer input for one-shot API */ /* Buffer input for one-shot API */
if (inl > 0) { if (inl > 0) {
byte* tmp; byte* tmp;
tmp = (byte*)XREALLOC(ctx->gcmBuffer, tmp = (byte*)XREALLOC(ctx->gcmccmBuffer,
ctx->gcmBufferLen + inl, NULL, ctx->gcmccmBufferLen + inl, NULL,
DYNAMIC_TYPE_OPENSSL); DYNAMIC_TYPE_OPENSSL);
if (tmp) { if (tmp) {
XMEMCPY(tmp + ctx->gcmBufferLen, in, inl); XMEMCPY(tmp + ctx->gcmccmBufferLen, in, inl);
ctx->gcmBufferLen += inl; ctx->gcmccmBufferLen += inl;
ctx->gcmBuffer = tmp; ctx->gcmccmBuffer = tmp;
*outl = 0; *outl = 0;
} }
else { else {
@ -968,36 +968,36 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out,
case AES_192_GCM_TYPE: case AES_192_GCM_TYPE:
case AES_256_GCM_TYPE: case AES_256_GCM_TYPE:
#ifndef WOLFSSL_AESGCM_STREAM #ifndef WOLFSSL_AESGCM_STREAM
if ((ctx->gcmBuffer && ctx->gcmBufferLen > 0) if ((ctx->gcmccmBuffer && ctx->gcmccmBufferLen > 0)
|| (ctx->gcmBufferLen == 0)) { || (ctx->gcmccmBufferLen == 0)) {
if (ctx->enc) if (ctx->enc)
ret = wc_AesGcmEncrypt(&ctx->cipher.aes, out, ret = wc_AesGcmEncrypt(&ctx->cipher.aes, out,
ctx->gcmBuffer, ctx->gcmBufferLen, ctx->gcmccmBuffer, ctx->gcmccmBufferLen,
ctx->iv, ctx->ivSz, ctx->authTag, ctx->authTagSz, ctx->iv, ctx->ivSz, ctx->authTag, ctx->authTagSz,
ctx->gcmAuthIn, ctx->gcmAuthInSz); ctx->gcmccmAuthIn, ctx->gcmccmAuthInSz);
else else
ret = wc_AesGcmDecrypt(&ctx->cipher.aes, out, ret = wc_AesGcmDecrypt(&ctx->cipher.aes, out,
ctx->gcmBuffer, ctx->gcmBufferLen, ctx->gcmccmBuffer, ctx->gcmccmBufferLen,
ctx->iv, ctx->ivSz, ctx->authTag, ctx->authTagSz, ctx->iv, ctx->ivSz, ctx->authTag, ctx->authTagSz,
ctx->gcmAuthIn, ctx->gcmAuthInSz); ctx->gcmccmAuthIn, ctx->gcmccmAuthInSz);
if (ret == 0) { if (ret == 0) {
ret = WOLFSSL_SUCCESS; ret = WOLFSSL_SUCCESS;
*outl = ctx->gcmBufferLen; *outl = ctx->gcmccmBufferLen;
} }
else { else {
ret = WOLFSSL_FAILURE; ret = WOLFSSL_FAILURE;
*outl = 0; *outl = 0;
} }
XFREE(ctx->gcmBuffer, NULL, DYNAMIC_TYPE_OPENSSL); XFREE(ctx->gcmccmBuffer, NULL, DYNAMIC_TYPE_OPENSSL);
ctx->gcmBuffer = NULL; ctx->gcmccmBuffer = NULL;
ctx->gcmBufferLen = 0; ctx->gcmccmBufferLen = 0;
if (ctx->gcmIncIv) { if (ctx->gcmccmIncIv) {
IncCtr((byte*)ctx->cipher.aes.reg, IncCtr((byte*)ctx->cipher.aes.reg,
ctx->cipher.aes.nonceSz); ctx->cipher.aes.nonceSz);
ctx->gcmIncIv = 0; ctx->gcmccmIncIv = 0;
} }
} }
else { else {
@ -1013,7 +1013,7 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out,
else { else {
ret = wc_AesGcmDecryptFinal(&ctx->cipher.aes, ctx->authTag, ret = wc_AesGcmDecryptFinal(&ctx->cipher.aes, ctx->authTag,
ctx->authTagSz); ctx->authTagSz);
if (ctx->gcmIncIv) { if (ctx->gcmccmIncIv) {
IncCtr((byte*)ctx->cipher.aes.reg, ctx->cipher.aes.nonceSz); IncCtr((byte*)ctx->cipher.aes.reg, ctx->cipher.aes.nonceSz);
} }
} }
@ -1034,8 +1034,8 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out,
} }
#endif /* WOLFSSL_AESGCM_STREAM */ #endif /* WOLFSSL_AESGCM_STREAM */
if (ret == WOLFSSL_SUCCESS) { if (ret == WOLFSSL_SUCCESS) {
if (ctx->gcmIncIv) { if (ctx->gcmccmIncIv) {
ctx->gcmIncIv = 0; ctx->gcmccmIncIv = 0;
} }
else { else {
/* Clear IV, since IV reuse is not recommended for AES GCM. */ /* Clear IV, since IV reuse is not recommended for AES GCM. */
@ -1054,36 +1054,36 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out,
case AES_192_CCM_TYPE: case AES_192_CCM_TYPE:
case AES_256_CCM_TYPE: case AES_256_CCM_TYPE:
#ifndef WOLFSSL_AESCCM_STREAM #ifndef WOLFSSL_AESCCM_STREAM
if ((ctx->gcmBuffer && ctx->gcmBufferLen > 0) if ((ctx->gcmccmBuffer && ctx->gcmccmBufferLen > 0)
|| (ctx->gcmBufferLen == 0)) { || (ctx->gcmccmBufferLen == 0)) {
if (ctx->enc) if (ctx->enc)
ret = wc_AesCcmEncrypt(&ctx->cipher.aes, out, ret = wc_AesCcmEncrypt(&ctx->cipher.aes, out,
ctx->gcmBuffer, ctx->gcmBufferLen, ctx->gcmccmBuffer, ctx->gcmccmBufferLen,
ctx->iv, ctx->ivSz, ctx->authTag, ctx->authTagSz, ctx->iv, ctx->ivSz, ctx->authTag, ctx->authTagSz,
ctx->gcmAuthIn, ctx->gcmAuthInSz); ctx->gcmccmAuthIn, ctx->gcmccmAuthInSz);
else else
ret = wc_AesCcmDecrypt(&ctx->cipher.aes, out, ret = wc_AesCcmDecrypt(&ctx->cipher.aes, out,
ctx->gcmBuffer, ctx->gcmBufferLen, ctx->gcmccmBuffer, ctx->gcmccmBufferLen,
ctx->iv, ctx->ivSz, ctx->authTag, ctx->authTagSz, ctx->iv, ctx->ivSz, ctx->authTag, ctx->authTagSz,
ctx->gcmAuthIn, ctx->gcmAuthInSz); ctx->gcmccmAuthIn, ctx->gcmccmAuthInSz);
if (ret == 0) { if (ret == 0) {
ret = WOLFSSL_SUCCESS; ret = WOLFSSL_SUCCESS;
*outl = ctx->gcmBufferLen; *outl = ctx->gcmccmBufferLen;
} }
else { else {
ret = WOLFSSL_FAILURE; ret = WOLFSSL_FAILURE;
*outl = 0; *outl = 0;
} }
XFREE(ctx->gcmBuffer, NULL, DYNAMIC_TYPE_OPENSSL); XFREE(ctx->gcmccmBuffer, NULL, DYNAMIC_TYPE_OPENSSL);
ctx->gcmBuffer = NULL; ctx->gcmccmBuffer = NULL;
ctx->gcmBufferLen = 0; ctx->gcmccmBufferLen = 0;
if (ctx->gcmIncIv) { if (ctx->gcmccmIncIv) {
IncCtr((byte*)ctx->cipher.aes.reg, IncCtr((byte*)ctx->cipher.aes.reg,
ctx->cipher.aes.nonceSz); ctx->cipher.aes.nonceSz);
ctx->gcmIncIv = 0; ctx->gcmccmIncIv = 0;
} }
} }
else { else {
@ -1093,8 +1093,8 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out,
ret = WOLFSSL_FAILURE; /* not supported */ ret = WOLFSSL_FAILURE; /* not supported */
#endif /* WOLFSSL_AESCCM_STREAM */ #endif /* WOLFSSL_AESCCM_STREAM */
if (ret == WOLFSSL_SUCCESS) { if (ret == WOLFSSL_SUCCESS) {
if (ctx->gcmIncIv) { if (ctx->gcmccmIncIv) {
ctx->gcmIncIv = 0; ctx->gcmccmIncIv = 0;
} }
else { else {
/* Clear IV, since IV reuse is not recommended for AES CCM. */ /* Clear IV, since IV reuse is not recommended for AES CCM. */
@ -1199,7 +1199,7 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out,
ctx->cipherType == AES_256_CCM_TYPE ctx->cipherType == AES_256_CCM_TYPE
#endif #endif
) { ) {
tmp = ctx->gcmIvGenEnable; tmp = ctx->gcmccmIvGenEnable;
} }
#endif #endif
@ -1220,7 +1220,7 @@ int wolfSSL_EVP_CipherFinal(WOLFSSL_EVP_CIPHER_CTX *ctx, unsigned char *out,
ctx->cipherType == AES_256_CCM_TYPE ctx->cipherType == AES_256_CCM_TYPE
#endif #endif
) { ) {
ctx->gcmIvGenEnable = tmp; ctx->gcmccmIvGenEnable = tmp;
} }
#endif #endif
} }
@ -5881,7 +5881,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
* command be issued before a EVP_CTRL_GCM_IV_GEN command. * command be issued before a EVP_CTRL_GCM_IV_GEN command.
* This flag is used to enforce that. * This flag is used to enforce that.
*/ */
ctx->gcmIvGenEnable = 1; ctx->gcmccmIvGenEnable = 1;
} }
#endif #endif
#endif /* !WC_NO_RNG */ #endif /* !WC_NO_RNG */
@ -5898,7 +5898,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
case EVP_CTRL_GCM_IV_GEN: case EVP_CTRL_GCM_IV_GEN:
if ((ctx->flags & WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER) == 0) if ((ctx->flags & WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER) == 0)
break; break;
if (!ctx->gcmIvGenEnable) { if (!ctx->gcmccmIvGenEnable) {
WOLFSSL_MSG("Must use EVP_CTRL_AEAD_SET_IV_FIXED before " WOLFSSL_MSG("Must use EVP_CTRL_AEAD_SET_IV_FIXED before "
"EVP_CTRL_GCM_IV_GEN"); "EVP_CTRL_GCM_IV_GEN");
break; break;
@ -5926,7 +5926,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
* The gcmIncIV flag indicates that the IV should be incremented * The gcmIncIV flag indicates that the IV should be incremented
* after the next cipher operation. * after the next cipher operation.
*/ */
ctx->gcmIncIv = 1; ctx->gcmccmIncIv = 1;
ret = WOLFSSL_SUCCESS; ret = WOLFSSL_SUCCESS;
break; break;
#endif /* HAVE_AESGCM && !_WIN32 && !HAVE_SELFTEST && (!HAVE_FIPS || #endif /* HAVE_AESGCM && !_WIN32 && !HAVE_SELFTEST && (!HAVE_FIPS ||
@ -6019,18 +6019,18 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
#endif #endif
ctx->keyLen = 0; ctx->keyLen = 0;
#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM)
if (ctx->gcmBuffer) { if (ctx->gcmccmBuffer) {
XFREE(ctx->gcmBuffer, NULL, DYNAMIC_TYPE_OPENSSL); XFREE(ctx->gcmccmBuffer, NULL, DYNAMIC_TYPE_OPENSSL);
ctx->gcmBuffer = NULL; ctx->gcmccmBuffer = NULL;
} }
ctx->gcmBufferLen = 0; ctx->gcmccmBufferLen = 0;
if (ctx->gcmAuthIn) { if (ctx->gcmccmAuthIn) {
XFREE(ctx->gcmAuthIn, NULL, DYNAMIC_TYPE_OPENSSL); XFREE(ctx->gcmccmAuthIn, NULL, DYNAMIC_TYPE_OPENSSL);
ctx->gcmAuthIn = NULL; ctx->gcmccmAuthIn = NULL;
} }
ctx->gcmAuthInSz = 0; ctx->gcmccmAuthInSz = 0;
ctx->gcmIvGenEnable = 0; ctx->gcmccmIvGenEnable = 0;
ctx->gcmIncIv = 0; ctx->gcmccmIncIv = 0;
#endif #endif
} }
@ -6149,11 +6149,11 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
{ {
int ret = WOLFSSL_SUCCESS; int ret = WOLFSSL_SUCCESS;
if (ctx->gcmAuthIn) { if (ctx->gcmccmAuthIn) {
XFREE(ctx->gcmAuthIn, NULL, DYNAMIC_TYPE_OPENSSL); XFREE(ctx->gcmccmAuthIn, NULL, DYNAMIC_TYPE_OPENSSL);
ctx->gcmAuthIn = NULL; ctx->gcmccmAuthIn = NULL;
} }
ctx->gcmAuthInSz = 0; ctx->gcmccmAuthInSz = 0;
ctx->block_size = AES_BLOCK_SIZE; ctx->block_size = AES_BLOCK_SIZE;
ctx->authTagSz = AES_BLOCK_SIZE; ctx->authTagSz = AES_BLOCK_SIZE;
@ -6225,7 +6225,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
* If a key is provided, the flag retains its value. * If a key is provided, the flag retains its value.
*/ */
if (ret == WOLFSSL_SUCCESS && key == NULL) { if (ret == WOLFSSL_SUCCESS && key == NULL) {
ctx->gcmIvGenEnable = 0; ctx->gcmccmIvGenEnable = 0;
} }
return ret; return ret;
@ -6245,19 +6245,19 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
if (ctx->enc) { if (ctx->enc) {
ret = wc_AesGcmEncrypt(&ctx->cipher.aes, dst, src, ret = wc_AesGcmEncrypt(&ctx->cipher.aes, dst, src,
len, ctx->iv, ctx->ivSz, ctx->authTag, len, ctx->iv, ctx->ivSz, ctx->authTag,
ctx->authTagSz, ctx->gcmAuthIn, ctx->authTagSz, ctx->gcmccmAuthIn,
ctx->gcmAuthInSz); ctx->gcmccmAuthInSz);
} }
else { else {
ret = wc_AesGcmDecrypt(&ctx->cipher.aes, dst, src, ret = wc_AesGcmDecrypt(&ctx->cipher.aes, dst, src,
len, ctx->iv, ctx->ivSz, ctx->authTag, len, ctx->iv, ctx->ivSz, ctx->authTag,
ctx->authTagSz, ctx->gcmAuthIn, ctx->authTagSz, ctx->gcmccmAuthIn,
ctx->gcmAuthInSz); ctx->gcmccmAuthInSz);
} }
if (ctx->gcmIncIv) { if (ctx->gcmccmIncIv) {
IncCtr((byte*)ctx->cipher.aes.reg, IncCtr((byte*)ctx->cipher.aes.reg,
ctx->cipher.aes.nonceSz); ctx->cipher.aes.nonceSz);
ctx->gcmIncIv = 0; ctx->gcmccmIncIv = 0;
} }
} }
#else #else
@ -6306,7 +6306,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
/* Calculate authentication tag and compare. */ /* Calculate authentication tag and compare. */
ret = wc_AesGcmDecryptFinal(&ctx->cipher.aes, ret = wc_AesGcmDecryptFinal(&ctx->cipher.aes,
ctx->authTag, ctx->authTagSz); ctx->authTag, ctx->authTagSz);
if (ctx->gcmIncIv) { if (ctx->gcmccmIncIv) {
IncCtr((byte*)ctx->cipher.aes.reg, IncCtr((byte*)ctx->cipher.aes.reg,
ctx->cipher.aes.nonceSz); ctx->cipher.aes.nonceSz);
} }
@ -6318,7 +6318,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
WOLFSSL_MSG("wc_AesGcmInit failed"); WOLFSSL_MSG("wc_AesGcmInit failed");
return WOLFSSL_FATAL_ERROR; return WOLFSSL_FATAL_ERROR;
} }
ctx->gcmIncIv = 0; ctx->gcmccmIncIv = 0;
} }
#endif /* WOLFSSL_AESGCM_STREAM */ #endif /* WOLFSSL_AESGCM_STREAM */
if (src == NULL) { if (src == NULL) {
@ -6326,10 +6326,10 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
* Clear any leftover AAD on final (final is when src is * Clear any leftover AAD on final (final is when src is
* NULL). * NULL).
*/ */
if (ctx->gcmAuthIn != NULL) { if (ctx->gcmccmAuthIn != NULL) {
XMEMSET(ctx->gcmAuthIn, 0, ctx->gcmAuthInSz); XMEMSET(ctx->gcmccmAuthIn, 0, ctx->gcmccmAuthInSz);
} }
ctx->gcmAuthInSz = 0; ctx->gcmccmAuthInSz = 0;
} }
if (ret == 0) { if (ret == 0) {
ret = len; ret = len;
@ -6349,11 +6349,11 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
{ {
int ret = WOLFSSL_SUCCESS; int ret = WOLFSSL_SUCCESS;
if (ctx->gcmAuthIn) { if (ctx->gcmccmAuthIn) {
XFREE(ctx->gcmAuthIn, NULL, DYNAMIC_TYPE_OPENSSL); XFREE(ctx->gcmccmAuthIn, NULL, DYNAMIC_TYPE_OPENSSL);
ctx->gcmAuthIn = NULL; ctx->gcmccmAuthIn = NULL;
} }
ctx->gcmAuthInSz = 0; ctx->gcmccmAuthInSz = 0;
ctx->block_size = AES_BLOCK_SIZE; ctx->block_size = AES_BLOCK_SIZE;
ctx->authTagSz = AES_BLOCK_SIZE; ctx->authTagSz = AES_BLOCK_SIZE;
@ -6425,7 +6425,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
* If a key is provided, the flag retains its value. * If a key is provided, the flag retains its value.
*/ */
if (ret == WOLFSSL_SUCCESS && key == NULL) { if (ret == WOLFSSL_SUCCESS && key == NULL) {
ctx->gcmIvGenEnable = 0; ctx->gcmccmIvGenEnable = 0;
} }
return ret; return ret;
@ -6445,19 +6445,19 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
if (ctx->enc) { if (ctx->enc) {
ret = wc_AesCcmEncrypt(&ctx->cipher.aes, dst, src, ret = wc_AesCcmEncrypt(&ctx->cipher.aes, dst, src,
len, ctx->iv, ctx->ivSz, ctx->authTag, len, ctx->iv, ctx->ivSz, ctx->authTag,
ctx->authTagSz, ctx->gcmAuthIn, ctx->authTagSz, ctx->gcmccmAuthIn,
ctx->gcmAuthInSz); ctx->gcmccmAuthInSz);
} }
else { else {
ret = wc_AesCcmDecrypt(&ctx->cipher.aes, dst, src, ret = wc_AesCcmDecrypt(&ctx->cipher.aes, dst, src,
len, ctx->iv, ctx->ivSz, ctx->authTag, len, ctx->iv, ctx->ivSz, ctx->authTag,
ctx->authTagSz, ctx->gcmAuthIn, ctx->authTagSz, ctx->gcmccmAuthIn,
ctx->gcmAuthInSz); ctx->gcmccmAuthInSz);
} }
if (ctx->gcmIncIv) { if (ctx->gcmccmIncIv) {
IncCtr((byte*)ctx->cipher.aes.reg, IncCtr((byte*)ctx->cipher.aes.reg,
ctx->cipher.aes.nonceSz); ctx->cipher.aes.nonceSz);
ctx->gcmIncIv = 0; ctx->gcmccmIncIv = 0;
} }
} }
#else #else
@ -6506,7 +6506,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
/* Calculate authentication tag and compare. */ /* Calculate authentication tag and compare. */
ret = wc_AesCcmDecryptFinal(&ctx->cipher.aes, ret = wc_AesCcmDecryptFinal(&ctx->cipher.aes,
ctx->authTag, ctx->authTagSz); ctx->authTag, ctx->authTagSz);
if (ctx->gcmIncIv) { if (ctx->gcmccmIncIv) {
IncCtr((byte*)ctx->cipher.aes.reg, IncCtr((byte*)ctx->cipher.aes.reg,
ctx->cipher.aes.nonceSz); ctx->cipher.aes.nonceSz);
} }
@ -6518,7 +6518,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
WOLFSSL_MSG("wc_AesCcmInit failed"); WOLFSSL_MSG("wc_AesCcmInit failed");
return WOLFSSL_FATAL_ERROR; return WOLFSSL_FATAL_ERROR;
} }
ctx->gcmIncIv = 0; ctx->gcmccmIncIv = 0;
} }
#endif /* WOLFSSL_AESCCM_STREAM */ #endif /* WOLFSSL_AESCCM_STREAM */
if (src == NULL) { if (src == NULL) {
@ -6526,10 +6526,10 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
* Clear any leftover AAD on final (final is when src is * Clear any leftover AAD on final (final is when src is
* NULL). * NULL).
*/ */
if (ctx->gcmAuthIn != NULL) { if (ctx->gcmccmAuthIn != NULL) {
XMEMSET(ctx->gcmAuthIn, 0, ctx->gcmAuthInSz); XMEMSET(ctx->gcmccmAuthIn, 0, ctx->gcmccmAuthInSz);
} }
ctx->gcmAuthInSz = 0; ctx->gcmccmAuthInSz = 0;
} }
if (ret == 0) { if (ret == 0) {
ret = len; ret = len;

12
wolfssl/openssl/evp.h
View File

@ -436,10 +436,10 @@ struct WOLFSSL_EVP_CIPHER_CTX {
#define HAVE_WOLFSSL_EVP_CIPHER_CTX_IV #define HAVE_WOLFSSL_EVP_CIPHER_CTX_IV
int ivSz; int ivSz;
#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM)
byte* gcmBuffer; byte* gcmccmBuffer;
int gcmBufferLen; int gcmccmBufferLen;
byte* gcmAuthIn; byte* gcmccmAuthIn;
int gcmAuthInSz; int gcmccmAuthInSz;
#endif #endif
#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
byte* key; /* used in partial Init()s */ byte* key; /* used in partial Init()s */
@ -453,8 +453,8 @@ struct WOLFSSL_EVP_CIPHER_CTX {
int authTagSz; int authTagSz;
#endif #endif
#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM)
byte gcmIvGenEnable:1; byte gcmccmIvGenEnable:1;
byte gcmIncIv:1; byte gcmccmIncIv:1;
#endif #endif
#endif #endif
}; };