feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Test Fixes

Browse Source 
1. AesGcmEncrypt_ex requires the RNG, remove function if RNG disabled.
2. Fix a couple function name changes in the example server.
3. Removed the old FIPS wrapping added to dh.h, was redundant.
4. Move include of random.h in the aes.h file.
5. Fix where ecc.c was being left out of old FIPS builds.
6. Exclude the AES-GCM internal IV test case when building without the RNG.
7. Fix api test where AES-GCM Encrypt was called with a too-long IV in old FIPS mode. Non-FIPS and new FIPS are allowed longer IVs.
This commit is contained in:
John Safranek
2018-03-06 16:45:44 -08:00
parent 13ff245166
commit 3685b7b176
8 changed files with 33 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
examples/server/server.c
View File

@@ -27,7 +27,7 @@
#include <wolfssl/wolfcrypt/settings.h>
#ifdef HAVE_ECC
#include <wolfssl/wolfcrypt/ecc.h> /* ecc_fp_free */
#include <wolfssl/wolfcrypt/ecc.h> /* wc_ecc_fp_free */
#endif
#if defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET)
@@ -1137,7 +1137,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
if (useAnon) {
#ifdef HAVE_ANON
SSL_CTX_allow_anon_cipher(ctx);
wolfSSL_CTX_allow_anon_cipher(ctx);
if (cipherList == NULL || (cipherList && useDefCipherList)) {
const char* defaultCipherList;
defaultCipherList = "ADH-AES256-GCM-SHA384:"
@@ -1179,7 +1179,7 @@ THREAD_RETURN WOLFSSL_THREAD server_test(void* args)
#ifdef HAVE_SNI
if (sniHostName)
if (SSL_CTX_UseSNI(ctx, WOLFSSL_SNI_HOST_NAME, sniHostName,
if (wolfSSL_CTX_UseSNI(ctx, WOLFSSL_SNI_HOST_NAME, sniHostName,
(word16) XSTRLEN(sniHostName)) != WOLFSSL_SUCCESS)
err_sys_ex(runWithErrors, "UseSNI failed");
#endif
@@ -1681,7 +1681,7 @@ exit:
#if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \
&& defined(HAVE_THREAD_LS)
ecc_fp_free(); /* free per thread cache */
wc_ecc_fp_free(); /* free per thread cache */
#endif
#ifdef WOLFSSL_TIRTOS

2
src/include.am
View File

@@ -326,7 +326,7 @@ if BUILD_SLOWMATH
src_libwolfssl_la_SOURCES += wolfcrypt/src/integer.c
endif
if !BUILD_FIPS
if !BUILD_FIPS_V2
if BUILD_ECC
src_libwolfssl_la_SOURCES += wolfcrypt/src/ecc.c
endif

9
tests/api.c
View File

@@ -8408,12 +8408,19 @@ static int test_wc_AesGcmEncryptDecrypt (void)
}
}
/* This case is now considered good. Long IVs are now allowed. */
/* This case is now considered good. Long IVs are now allowed.
* Except for the original FIPS release, it still has an upper
* bound on the IV length. */
#if !defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
if (gcmE == 0) {
gcmE = wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), longIV,
sizeof(longIV)/sizeof(byte), resultT, sizeof(resultT),
a, sizeof(a));
}
#else
(void)longIV;
#endif /* Old FIPS */
/* END wc_AesGcmEncrypt */
printf(resultFmt, gcmE == 0 ? passed : failed);

4
wolfcrypt/src/aes.c
View File

@@ -8016,6 +8016,8 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
#endif /* (WOLFSSL_XILINX_CRYPT) */
#ifndef WC_NO_RNG
int wc_AesGcmEncrypt_ex(Aes* aes, byte* out, const byte* in, word32 sz,
byte* iv, word32 ivSz, byte* authTag, word32 authTagSz,
const byte* authIn, word32 authInSz, WC_RNG* rng)
@@ -8039,6 +8041,8 @@ int wc_AesGcmEncrypt_ex(Aes* aes, byte* out, const byte* in, word32 sz,
return ret;
}
#endif /* WC_NO_RNG */
WOLFSSL_API int wc_GmacSetKey(Gmac* gmac, const byte* key, word32 len)
{

3
wolfcrypt/test/test.c
View File

@@ -6601,6 +6601,8 @@ int aesgcm_test(void)
#endif /* WOLFSSL_AES_256 */
/* Test encrypt with internally generated IV */
#if !defined(WC_NO_RNG) && \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
{
WC_RNG rng;
byte randIV[12];
@@ -6646,6 +6648,7 @@ int aesgcm_test(void)
return -8212;
wc_FreeRng(&rng);
}
#endif /* WC_NO_RNG && FIPSv2 */
wc_AesFree(&enc);

10
wolfssl/wolfcrypt/aes.h
View File

@@ -38,7 +38,7 @@
/* included for fips @wc_fips */
#if defined(HAVE_FIPS) && \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
#include <cyassl/ctaocrypt/aes.h>
#if defined(CYASSL_AES_COUNTER) && !defined(WOLFSSL_AES_COUNTER)
#define WOLFSSL_AES_COUNTER
@@ -62,6 +62,10 @@
#include "xsecure_aes.h"
#endif
#if defined(HAVE_AESGCM) && !defined(WC_NO_RNG)
#include <wolfssl/wolfcrypt/random.h>
#endif
#ifdef __cplusplus
extern "C" {
@@ -140,8 +144,6 @@ typedef struct XtsAes {
#endif
#ifdef HAVE_AESGCM
#include <wolfssl/wolfcrypt/random.h>
typedef struct Gmac {
Aes aes;
} Gmac;
@@ -215,12 +217,14 @@ WOLFSSL_API int wc_AesEcbDecrypt(Aes* aes, byte* out,
const byte* authTag, word32 authTagSz,
const byte* authIn, word32 authInSz);
#ifndef WC_NO_RNG
WOLFSSL_API int wc_AesGcmEncrypt_ex(Aes* aes, byte* out,
const byte* in, word32 sz,
byte* iv, word32 ivSz,
byte* authTag, word32 authTagSz,
const byte* authIn, word32 authInSz,
WC_RNG* rng);
#endif /* WC_NO_RNG */
WOLFSSL_API int wc_GmacSetKey(Gmac* gmac, const byte* key, word32 len);
WOLFSSL_API int wc_GmacUpdate(Gmac* gmac, const byte* iv, word32 ivSz,

5
wolfssl/wolfcrypt/dh.h
View File

@@ -42,10 +42,6 @@
extern "C" {
#endif
/* avoid redefinition of structs */
#if !defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
#ifdef WOLFSSL_ASYNC_CRYPT
#include <wolfssl/wolfcrypt/async.h>
#endif
@@ -65,7 +61,6 @@ typedef struct DhKey {
#endif
} DhKey;
#endif /* HAVE_FIPS */
#ifdef HAVE_FFDHE_2048
WOLFSSL_API const DhParams* wc_Dh_ffdhe2048_Get(void);

6
wolfssl/wolfcrypt/random.h
View File

@@ -35,6 +35,12 @@
#include <wolfssl/wolfcrypt/fips.h>
#endif /* HAVE_FIPS_VERSION >= 2 */
/* included for fips @wc_fips */
#if defined(HAVE_FIPS) && \
(!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
#include <cyassl/ctaocrypt/random.h>
#endif
#ifdef __cplusplus
extern "C" {
#endif