Merge pull request #5205 from haydenroche5/evp_cipher_aes_gcm

Fix another AES-GCM EVP control command issue.
2022-06-03 11:47:57 -07:00
parent debb598499 fb3c611275
commit 2af09a7151
2 changed files with 27 additions and 9 deletions
--- a/tests/api.c
+++ b/tests/api.c
@ -45319,8 +45319,20 @@ static void test_evp_cipher_aes_gcm(void)
        if (i == 0) {
            AssertIntEQ(EVP_CipherInit(encCtx, EVP_aes_256_gcm(), key, NULL, 1),
                        SSL_SUCCESS);
+
+            /*
+             * The call to EVP_CipherInit below (with NULL key) should clear the
+             * gcmIvGenEnable flag set by EVP_CTRL_GCM_SET_IV_FIXED. As such, a
+             * subsequent EVP_CTRL_GCM_IV_GEN should fail. This matches OpenSSL
+             * behavior.
+             */
+            AssertIntEQ(EVP_CIPHER_CTX_ctrl(encCtx, EVP_CTRL_GCM_SET_IV_FIXED, -1,
+                    (void*)iv), SSL_SUCCESS);
            AssertIntEQ(EVP_CipherInit(encCtx, NULL, NULL, iv, 1),
                        SSL_SUCCESS);
+            AssertIntEQ(EVP_CIPHER_CTX_ctrl(encCtx, EVP_CTRL_GCM_IV_GEN, -1,
+                        currentIv), SSL_FAILURE);
+
            AssertIntEQ(EVP_CipherInit(decCtx, EVP_aes_256_gcm(), key, NULL, 0),
                        SSL_SUCCESS);
            AssertIntEQ(EVP_CipherInit(decCtx, NULL, NULL, iv, 0),
--- a/wolfcrypt/src/evp.c
+++ b/wolfcrypt/src/evp.c
@ -5702,6 +5702,12 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
    {
        int ret = WOLFSSL_SUCCESS;

+        if (ctx->gcmAuthIn) {
+            XFREE(ctx->gcmAuthIn, NULL, DYNAMIC_TYPE_OPENSSL);
+            ctx->gcmAuthIn = NULL;
+        }
+        ctx->gcmAuthInSz = 0;
+
        ctx->block_size = AES_BLOCK_SIZE;
        ctx->authTagSz = AES_BLOCK_SIZE;
        if (ctx->ivSz == 0) {
@ -5766,6 +5772,15 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
        }
    #endif /* WOLFSSL_AESGCM_STREAM */

+        /*
+         * OpenSSL clears this flag, which permits subsequent use of
+         * EVP_CTRL_GCM_IV_GEN, when EVP_CipherInit is called with no key.
+         * If a key is provided, the flag retains its value.
+         */
+        if (ret == WOLFSSL_SUCCESS && key == NULL) {
+            ctx->gcmIvGenEnable = 0;
+        }
+
        return ret;
    }

@ -5912,15 +5927,6 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
            iv = ctx->iv;
        }
 #endif
-#ifdef HAVE_AESGCM
-        if (ctx->gcmAuthIn) {
-            XFREE(ctx->gcmAuthIn, NULL, DYNAMIC_TYPE_OPENSSL);
-            ctx->gcmAuthIn = NULL;
-        }
-        ctx->gcmAuthInSz = 0;
-        ctx->gcmIvGenEnable = 0;
-        ctx->gcmIncIv = 0;
-#endif

 #ifndef NO_AES
    #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)