feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #5205 from haydenroche5/evp_cipher_aes_gcm

Browse Source 
Fix another AES-GCM EVP control command issue.
This commit is contained in:
David Garske
2022-06-03 11:47:57 -07:00
committed by GitHub
parent debb598499 fb3c611275
commit 2af09a7151
2 changed files with 27 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
tests/api.c
View File

@ -45319,8 +45319,20 @@ static void test_evp_cipher_aes_gcm(void)
if (i == 0) { if (i == 0) {
AssertIntEQ(EVP_CipherInit(encCtx, EVP_aes_256_gcm(), key, NULL, 1), AssertIntEQ(EVP_CipherInit(encCtx, EVP_aes_256_gcm(), key, NULL, 1),
SSL_SUCCESS); SSL_SUCCESS);
/*
* The call to EVP_CipherInit below (with NULL key) should clear the
* gcmIvGenEnable flag set by EVP_CTRL_GCM_SET_IV_FIXED. As such, a
* subsequent EVP_CTRL_GCM_IV_GEN should fail. This matches OpenSSL
* behavior.
*/
AssertIntEQ(EVP_CIPHER_CTX_ctrl(encCtx, EVP_CTRL_GCM_SET_IV_FIXED, -1,
(void*)iv), SSL_SUCCESS);
AssertIntEQ(EVP_CipherInit(encCtx, NULL, NULL, iv, 1), AssertIntEQ(EVP_CipherInit(encCtx, NULL, NULL, iv, 1),
SSL_SUCCESS); SSL_SUCCESS);
AssertIntEQ(EVP_CIPHER_CTX_ctrl(encCtx, EVP_CTRL_GCM_IV_GEN, -1,
currentIv), SSL_FAILURE);
AssertIntEQ(EVP_CipherInit(decCtx, EVP_aes_256_gcm(), key, NULL, 0), AssertIntEQ(EVP_CipherInit(decCtx, EVP_aes_256_gcm(), key, NULL, 0),
SSL_SUCCESS); SSL_SUCCESS);
AssertIntEQ(EVP_CipherInit(decCtx, NULL, NULL, iv, 0), AssertIntEQ(EVP_CipherInit(decCtx, NULL, NULL, iv, 0),

24
wolfcrypt/src/evp.c
View File

@ -5702,6 +5702,12 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
{ {
int ret = WOLFSSL_SUCCESS; int ret = WOLFSSL_SUCCESS;
if (ctx->gcmAuthIn) {
XFREE(ctx->gcmAuthIn, NULL, DYNAMIC_TYPE_OPENSSL);
ctx->gcmAuthIn = NULL;
}
ctx->gcmAuthInSz = 0;
ctx->block_size = AES_BLOCK_SIZE; ctx->block_size = AES_BLOCK_SIZE;
ctx->authTagSz = AES_BLOCK_SIZE; ctx->authTagSz = AES_BLOCK_SIZE;
if (ctx->ivSz == 0) { if (ctx->ivSz == 0) {
@ -5766,6 +5772,15 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
} }
#endif /* WOLFSSL_AESGCM_STREAM */ #endif /* WOLFSSL_AESGCM_STREAM */
/*
* OpenSSL clears this flag, which permits subsequent use of
* EVP_CTRL_GCM_IV_GEN, when EVP_CipherInit is called with no key.
* If a key is provided, the flag retains its value.
*/
if (ret == WOLFSSL_SUCCESS && key == NULL) {
ctx->gcmIvGenEnable = 0;
}
return ret; return ret;
} }
@ -5912,15 +5927,6 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
iv = ctx->iv; iv = ctx->iv;
} }
#endif #endif
#ifdef HAVE_AESGCM
if (ctx->gcmAuthIn) {
XFREE(ctx->gcmAuthIn, NULL, DYNAMIC_TYPE_OPENSSL);
ctx->gcmAuthIn = NULL;
}
ctx->gcmAuthInSz = 0;
ctx->gcmIvGenEnable = 0;
ctx->gcmIncIv = 0;
#endif
#ifndef NO_AES #ifndef NO_AES
#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)