feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #4826 from haydenroche5/evp_aes_gcm_iv_bug

Browse Source 
Fix IV length bug in EVP AES-GCM code.
This commit is contained in:
David Garske
2022-02-04 10:38:02 -08:00
committed by GitHub
parent d1ca8fc673 b850cc89b0
commit 327e35fc25
1 changed files with 19 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
wolfcrypt/src/evp.c
View File

@@ -5095,7 +5095,9 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
ctx->keyLen = 16; ctx->keyLen = 16;
ctx->block_size = AES_BLOCK_SIZE; ctx->block_size = AES_BLOCK_SIZE;
ctx->authTagSz = AES_BLOCK_SIZE; ctx->authTagSz = AES_BLOCK_SIZE;
if (ctx->ivSz == 0) {
ctx->ivSz = GCM_NONCE_MID_SZ; ctx->ivSz = GCM_NONCE_MID_SZ;
}
#ifndef WOLFSSL_AESGCM_STREAM #ifndef WOLFSSL_AESGCM_STREAM
if (key && wc_AesGcmSetKey(&ctx->cipher.aes, key, ctx->keyLen)) { if (key && wc_AesGcmSetKey(&ctx->cipher.aes, key, ctx->keyLen)) {
@@ -5103,7 +5105,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
} }
#endif /* !WOLFSSL_AESGCM_STREAM */ #endif /* !WOLFSSL_AESGCM_STREAM */
if (iv && wc_AesGcmSetExtIV(&ctx->cipher.aes, iv, GCM_NONCE_MID_SZ)) { if (iv && wc_AesGcmSetExtIV(&ctx->cipher.aes, iv, ctx->ivSz)) {
WOLFSSL_MSG("wc_AesGcmSetExtIV() failed"); WOLFSSL_MSG("wc_AesGcmSetExtIV() failed");
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
} }
@@ -5111,7 +5113,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
/* Initialize with key and IV if available. */ /* Initialize with key and IV if available. */
if (wc_AesGcmInit(&ctx->cipher.aes, key, if (wc_AesGcmInit(&ctx->cipher.aes, key,
(key == NULL) ? 0 : ctx->keyLen, iv, (key == NULL) ? 0 : ctx->keyLen, iv,
(iv == NULL) ? 0 : GCM_NONCE_MID_SZ) != 0) { (iv == NULL) ? 0 : ctx->ivSz) != 0) {
WOLFSSL_MSG("wc_AesGcmInit() failed"); WOLFSSL_MSG("wc_AesGcmInit() failed");
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
} }
@@ -5131,7 +5133,9 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
ctx->keyLen = 24; ctx->keyLen = 24;
ctx->block_size = AES_BLOCK_SIZE; ctx->block_size = AES_BLOCK_SIZE;
ctx->authTagSz = AES_BLOCK_SIZE; ctx->authTagSz = AES_BLOCK_SIZE;
if (ctx->ivSz == 0) {
ctx->ivSz = GCM_NONCE_MID_SZ; ctx->ivSz = GCM_NONCE_MID_SZ;
}
#ifndef WOLFSSL_AESGCM_STREAM #ifndef WOLFSSL_AESGCM_STREAM
if (key && wc_AesGcmSetKey(&ctx->cipher.aes, key, ctx->keyLen)) { if (key && wc_AesGcmSetKey(&ctx->cipher.aes, key, ctx->keyLen)) {
@@ -5139,7 +5143,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
} }
#endif /* !WOLFSSL_AESGCM_STREAM */ #endif /* !WOLFSSL_AESGCM_STREAM */
if (iv && wc_AesGcmSetExtIV(&ctx->cipher.aes, iv, GCM_NONCE_MID_SZ)) { if (iv && wc_AesGcmSetExtIV(&ctx->cipher.aes, iv, ctx->ivSz)) {
WOLFSSL_MSG("wc_AesGcmSetExtIV() failed"); WOLFSSL_MSG("wc_AesGcmSetExtIV() failed");
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
} }
@@ -5147,7 +5151,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
/* Initialize with key and IV if available. */ /* Initialize with key and IV if available. */
if (wc_AesGcmInit(&ctx->cipher.aes, key, if (wc_AesGcmInit(&ctx->cipher.aes, key,
(key == NULL) ? 0 : ctx->keyLen, iv, (key == NULL) ? 0 : ctx->keyLen, iv,
(iv == NULL) ? 0 : GCM_NONCE_MID_SZ) != 0) { (iv == NULL) ? 0 : ctx->ivSz) != 0) {
WOLFSSL_MSG("wc_AesGcmInit() failed"); WOLFSSL_MSG("wc_AesGcmInit() failed");
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
} }
@@ -5167,7 +5171,9 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
ctx->keyLen = 32; ctx->keyLen = 32;
ctx->block_size = AES_BLOCK_SIZE; ctx->block_size = AES_BLOCK_SIZE;
ctx->authTagSz = AES_BLOCK_SIZE; ctx->authTagSz = AES_BLOCK_SIZE;
if (ctx->ivSz == 0) {
ctx->ivSz = GCM_NONCE_MID_SZ; ctx->ivSz = GCM_NONCE_MID_SZ;
}
#ifndef WOLFSSL_AESGCM_STREAM #ifndef WOLFSSL_AESGCM_STREAM
if (key && wc_AesGcmSetKey(&ctx->cipher.aes, key, ctx->keyLen)) { if (key && wc_AesGcmSetKey(&ctx->cipher.aes, key, ctx->keyLen)) {
@@ -5175,7 +5181,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
} }
#endif /* !WOLFSSL_AESGCM_STREAM */ #endif /* !WOLFSSL_AESGCM_STREAM */
if (iv && wc_AesGcmSetExtIV(&ctx->cipher.aes, iv, GCM_NONCE_MID_SZ)) { if (iv && wc_AesGcmSetExtIV(&ctx->cipher.aes, iv, ctx->ivSz)) {
WOLFSSL_MSG("wc_AesGcmSetExtIV() failed"); WOLFSSL_MSG("wc_AesGcmSetExtIV() failed");
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
} }
@@ -5183,7 +5189,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
/* Initialize with key and IV if available. */ /* Initialize with key and IV if available. */
if (wc_AesGcmInit(&ctx->cipher.aes, if (wc_AesGcmInit(&ctx->cipher.aes,
key, (key == NULL) ? 0 : ctx->keyLen, key, (key == NULL) ? 0 : ctx->keyLen,
iv, (iv == NULL) ? 0 : GCM_NONCE_MID_SZ) != 0) { iv, (iv == NULL) ? 0 : ctx->ivSz) != 0) {
WOLFSSL_MSG("wc_AesGcmInit() failed"); WOLFSSL_MSG("wc_AesGcmInit() failed");
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
} }
@@ -5874,7 +5880,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
{ {
int expectedIvLen; int expectedIvLen;
WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_set_iv_length"); WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_set_iv");
if (!ctx || !iv || !ivLen) { if (!ctx || !iv || !ivLen) {
return WOLFSSL_FAILURE; return WOLFSSL_FAILURE;
} }
@@ -7420,6 +7426,9 @@ int wolfSSL_EVP_CIPHER_CTX_iv_length(const WOLFSSL_EVP_CIPHER_CTX* ctx)
case AES_192_GCM_TYPE : case AES_192_GCM_TYPE :
case AES_256_GCM_TYPE : case AES_256_GCM_TYPE :
WOLFSSL_MSG("AES GCM"); WOLFSSL_MSG("AES GCM");
if (ctx->ivSz != 0) {
return ctx->ivSz;
}
return GCM_NONCE_MID_SZ; return GCM_NONCE_MID_SZ;
#endif #endif
#endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION >= 2 */ #endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION >= 2 */