feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge branch 'master' of github.com:cyassl/cyassl

Browse Source
This commit is contained in:
John Safranek
2014-03-19 21:31:15 -07:00
parent acfa8fb966 58885b36eb
commit 5c41acb6be
12 changed files with 194 additions and 66 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -30,6 +30,7 @@ tags
.tags* .tags*
cyassl-config cyassl-config
cyassl.sublime* cyassl.sublime*
fips.c
ctaocrypt/benchmark/benchmark ctaocrypt/benchmark/benchmark
ctaocrypt/test/testctaocrypt ctaocrypt/test/testctaocrypt
examples/client/client examples/client/client

19
configure.ac
View File

@ -1058,6 +1058,25 @@ fi
AM_CONDITIONAL([BUILD_RABBIT], [test "x$ENABLED_RABBIT" = "xyes"]) AM_CONDITIONAL([BUILD_RABBIT], [test "x$ENABLED_RABBIT" = "xyes"])
# FIPS
AC_ARG_ENABLE([fips],
[ --enable-fips Enable FIPS 140-2 (default: disabled)],
[ ENABLED_FIPS=$enableval ],
[ ENABLED_FIPS=no ]
)
if test "x$ENABLED_FIPS" = "xyes"
then
if test "$thread_ls_on" = "no"
then
AC_MSG_ERROR([FIPS requires Thread Local Storage])
fi
AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS"
fi
AM_CONDITIONAL([BUILD_FIPS], [test "x$ENABLED_FIPS" = "xyes"])
# Filesystem Build # Filesystem Build
AC_ARG_ENABLE([filesystem], AC_ARG_ENABLE([filesystem],
[ --enable-filesystem Enable Filesystem support (default: enabled)], [ --enable-filesystem Enable Filesystem support (default: enabled)],

41
ctaocrypt/benchmark/benchmark.c
View File

@ -274,13 +274,20 @@ void bench_aes(int show)
Aes enc; Aes enc;
double start, total, persec; double start, total, persec;
int i; int i;
int ret;
#ifdef HAVE_CAVIUM #ifdef HAVE_CAVIUM
if (AesInitCavium(&enc, CAVIUM_DEV_ID) != 0) if (AesInitCavium(&enc, CAVIUM_DEV_ID) != 0) {
printf("aes init cavium failed\n"); printf("aes init cavium failed\n");
return;
}
#endif #endif
AesSetKey(&enc, key, 16, iv, AES_ENCRYPTION); ret = AesSetKey(&enc, key, 16, iv, AES_ENCRYPTION);
if (ret != 0) {
printf("AesSetKey failed, ret = %d\n", ret);
return;
}
start = current_time(1); start = current_time(1);
for(i = 0; i < numBlocks; i++) for(i = 0; i < numBlocks; i++)
@ -295,7 +302,7 @@ void bench_aes(int show)
#endif #endif
if (show) if (show)
printf("AES %d %s took %5.3f seconds, %6.3f MB/s\n", numBlocks, printf("AES %d %s took %5.3f seconds, %7.3f MB/s\n", numBlocks,
blockType, total, persec); blockType, total, persec);
#ifdef HAVE_CAVIUM #ifdef HAVE_CAVIUM
AesFreeCavium(&enc); AesFreeCavium(&enc);
@ -332,7 +339,7 @@ void bench_aesgcm(void)
persec = persec / 1024; persec = persec / 1024;
#endif #endif
printf("AES-GCM %d %s took %5.3f seconds, %6.3f MB/s\n", numBlocks, printf("AES-GCM %d %s took %5.3f seconds, %7.3f MB/s\n", numBlocks,
blockType, total, persec); blockType, total, persec);
} }
#endif #endif
@ -358,7 +365,7 @@ void bench_aesctr(void)
persec = persec / 1024; persec = persec / 1024;
#endif #endif
printf("AES-CTR %d %s took %5.3f seconds, %6.3f MB/s\n", numBlocks, printf("AES-CTR %d %s took %5.3f seconds, %7.3f MB/s\n", numBlocks,
blockType, total, persec); blockType, total, persec);
} }
#endif #endif
@ -387,7 +394,7 @@ void bench_aesccm(void)
persec = persec / 1024; persec = persec / 1024;
#endif #endif
printf("AES-CCM %d %s took %5.3f seconds, %6.3f MB/s\n", numBlocks, printf("AES-CCM %d %s took %5.3f seconds, %7.3f MB/s\n", numBlocks,
blockType, total, persec); blockType, total, persec);
} }
#endif #endif
@ -414,7 +421,7 @@ void bench_camellia(void)
persec = persec / 1024; persec = persec / 1024;
#endif #endif
printf("Camellia %d %s took %5.3f seconds, %6.3f MB/s\n", numBlocks, printf("Camellia %d %s took %5.3f seconds, %7.3f MB/s\n", numBlocks,
blockType, total, persec); blockType, total, persec);
} }
#endif #endif
@ -445,7 +452,7 @@ void bench_des(void)
persec = persec / 1024; persec = persec / 1024;
#endif #endif
printf("3DES %d %s took %5.3f seconds, %6.3f MB/s\n", numBlocks, printf("3DES %d %s took %5.3f seconds, %7.3f MB/s\n", numBlocks,
blockType, total, persec); blockType, total, persec);
#ifdef HAVE_CAVIUM #ifdef HAVE_CAVIUM
Des3_FreeCavium(&enc); Des3_FreeCavium(&enc);
@ -479,7 +486,7 @@ void bench_arc4(void)
persec = persec / 1024; persec = persec / 1024;
#endif #endif
printf("ARC4 %d %s took %5.3f seconds, %6.3f MB/s\n", numBlocks, printf("ARC4 %d %s took %5.3f seconds, %7.3f MB/s\n", numBlocks,
blockType, total, persec); blockType, total, persec);
#ifdef HAVE_CAVIUM #ifdef HAVE_CAVIUM
Arc4FreeCavium(&enc); Arc4FreeCavium(&enc);
@ -508,7 +515,7 @@ void bench_hc128(void)
persec = persec / 1024; persec = persec / 1024;
#endif #endif
printf("HC128 %d %s took %5.3f seconds, %6.3f MB/s\n", numBlocks, printf("HC128 %d %s took %5.3f seconds, %7.3f MB/s\n", numBlocks,
blockType, total, persec); blockType, total, persec);
} }
#endif /* HAVE_HC128 */ #endif /* HAVE_HC128 */
@ -534,7 +541,7 @@ void bench_rabbit(void)
persec = persec / 1024; persec = persec / 1024;
#endif #endif
printf("RABBIT %d %s took %5.3f seconds, %6.3f MB/s\n", numBlocks, printf("RABBIT %d %s took %5.3f seconds, %7.3f MB/s\n", numBlocks,
blockType, total, persec); blockType, total, persec);
} }
#endif /* NO_RABBIT */ #endif /* NO_RABBIT */
@ -563,7 +570,7 @@ void bench_md5(void)
persec = persec / 1024; persec = persec / 1024;
#endif #endif
printf("MD5 %d %s took %5.3f seconds, %6.3f MB/s\n", numBlocks, printf("MD5 %d %s took %5.3f seconds, %7.3f MB/s\n", numBlocks,
blockType, total, persec); blockType, total, persec);
} }
#endif /* NO_MD5 */ #endif /* NO_MD5 */
@ -592,7 +599,7 @@ void bench_sha(void)
persec = persec / 1024; persec = persec / 1024;
#endif #endif
printf("SHA %d %s took %5.3f seconds, %6.3f MB/s\n", numBlocks, printf("SHA %d %s took %5.3f seconds, %7.3f MB/s\n", numBlocks,
blockType, total, persec); blockType, total, persec);
} }
#endif /* NO_SHA */ #endif /* NO_SHA */
@ -621,7 +628,7 @@ void bench_sha256(void)
persec = persec / 1024; persec = persec / 1024;
#endif #endif
printf("SHA-256 %d %s took %5.3f seconds, %6.3f MB/s\n", numBlocks, printf("SHA-256 %d %s took %5.3f seconds, %7.3f MB/s\n", numBlocks,
blockType, total, persec); blockType, total, persec);
} }
#endif #endif
@ -649,7 +656,7 @@ void bench_sha512(void)
persec = persec / 1024; persec = persec / 1024;
#endif #endif
printf("SHA-512 %d %s took %5.3f seconds, %6.3f MB/s\n", numBlocks, printf("SHA-512 %d %s took %5.3f seconds, %7.3f MB/s\n", numBlocks,
blockType, total, persec); blockType, total, persec);
} }
#endif #endif
@ -677,7 +684,7 @@ void bench_ripemd(void)
persec = persec / 1024; persec = persec / 1024;
#endif #endif
printf("RIPEMD %d %s took %5.3f seconds, %6.3f MB/s\n", numBlocks, printf("RIPEMD %d %s took %5.3f seconds, %7.3f MB/s\n", numBlocks,
blockType, total, persec); blockType, total, persec);
} }
#endif #endif
@ -706,7 +713,7 @@ void bench_blake2(void)
persec = persec / 1024; persec = persec / 1024;
#endif #endif
printf("BLAKE2b %d %s took %5.3f seconds, %6.3f MB/s\n", numBlocks, printf("BLAKE2b %d %s took %5.3f seconds, %7.3f MB/s\n", numBlocks,
blockType, total, persec); blockType, total, persec);
} }
#endif #endif

6
ctaocrypt/src/aes.c
View File

@ -27,6 +27,11 @@
#ifndef NO_AES #ifndef NO_AES
#ifdef HAVE_FIPS
/* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */
#define FIPS_NO_WRAPPERS
#endif
#include <cyassl/ctaocrypt/aes.h> #include <cyassl/ctaocrypt/aes.h>
#include <cyassl/ctaocrypt/error.h> #include <cyassl/ctaocrypt/error.h>
#include <cyassl/ctaocrypt/logging.h> #include <cyassl/ctaocrypt/logging.h>
@ -46,6 +51,7 @@
#endif #endif
#ifdef HAVE_CAVIUM #ifdef HAVE_CAVIUM
static int AesCaviumSetKey(Aes* aes, const byte* key, word32 length, static int AesCaviumSetKey(Aes* aes, const byte* key, word32 length,
const byte* iv); const byte* iv);

25
ctaocrypt/test/test.c
View File

@ -1860,6 +1860,7 @@ int aes_test(void)
byte cipher[AES_BLOCK_SIZE * 4]; byte cipher[AES_BLOCK_SIZE * 4];
byte plain [AES_BLOCK_SIZE * 4]; byte plain [AES_BLOCK_SIZE * 4];
int ret;
#ifdef HAVE_CAVIUM #ifdef HAVE_CAVIUM
if (AesInitCavium(&enc, CAVIUM_DEV_ID) != 0) if (AesInitCavium(&enc, CAVIUM_DEV_ID) != 0)
@ -1867,11 +1868,19 @@ int aes_test(void)
if (AesInitCavium(&dec, CAVIUM_DEV_ID) != 0) if (AesInitCavium(&dec, CAVIUM_DEV_ID) != 0)
return -20004; return -20004;
#endif #endif
AesSetKey(&enc, key, AES_BLOCK_SIZE, iv, AES_ENCRYPTION); ret = AesSetKey(&enc, key, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
AesSetKey(&dec, key, AES_BLOCK_SIZE, iv, AES_DECRYPTION); if (ret != 0)
return -1001;
ret = AesSetKey(&dec, key, AES_BLOCK_SIZE, iv, AES_DECRYPTION);
if (ret != 0)
return -1002;
AesCbcEncrypt(&enc, cipher, msg, AES_BLOCK_SIZE); ret = AesCbcEncrypt(&enc, cipher, msg, AES_BLOCK_SIZE);
AesCbcDecrypt(&dec, plain, cipher, AES_BLOCK_SIZE); if (ret != 0)
return -1005;
ret = AesCbcDecrypt(&dec, plain, cipher, AES_BLOCK_SIZE);
if (ret != 0)
return -1006;
if (memcmp(plain, msg, AES_BLOCK_SIZE)) if (memcmp(plain, msg, AES_BLOCK_SIZE))
return -60; return -60;
@ -1990,13 +1999,17 @@ int aes_test(void)
}; };
XMEMSET(cipher, 0, AES_BLOCK_SIZE); XMEMSET(cipher, 0, AES_BLOCK_SIZE);
AesSetKey(&enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION); ret = AesSetKey(&enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION);
if (ret != 0)
return -1003;
AesEncryptDirect(&enc, cipher, niPlain); AesEncryptDirect(&enc, cipher, niPlain);
if (XMEMCMP(cipher, niCipher, AES_BLOCK_SIZE) != 0) if (XMEMCMP(cipher, niCipher, AES_BLOCK_SIZE) != 0)
return -20006; return -20006;
XMEMSET(plain, 0, AES_BLOCK_SIZE); XMEMSET(plain, 0, AES_BLOCK_SIZE);
AesSetKey(&dec, niKey, sizeof(niKey), plain, AES_DECRYPTION); ret = AesSetKey(&dec, niKey, sizeof(niKey), plain, AES_DECRYPTION);
if (ret != 0)
return -1004;
AesDecryptDirect(&dec, plain, niCipher); AesDecryptDirect(&dec, plain, niCipher);
if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0) if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0)
return -20007; return -20007;

19
cyassl/ctaocrypt/aes.h
View File

@ -149,6 +149,25 @@ CYASSL_API int AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
CYASSL_API void AesFreeCavium(Aes*); CYASSL_API void AesFreeCavium(Aes*);
#endif #endif
#ifdef HAVE_FIPS
/* fips wrapper calls, user can call direct */
CYASSL_API int AesSetKey_fips(Aes* aes, const byte* key, word32 len,
const byte* iv, int dir);
CYASSL_API int AesCbcEncrypt_fips(Aes* aes, byte* out, const byte* in,
word32 sz);
CYASSL_API int AesCbcDecrypt_fips(Aes* aes, byte* out, const byte* in,
word32 sz);
#ifndef FIPS_NO_WRAPPERS
/* if not internal or fips.c consumer force fips calls if fips build */
#define AesSetKey AesSetKey_fips
#define AesCbcEncrypt AesCbcEncrypt_fips
#define AesCbcDecrypt AesCbcDecrypt_fips
#endif /* FIPS_NO_WRAPPERS */
#endif /* HAVE_FIPS */
#ifdef __cplusplus #ifdef __cplusplus
} /* extern "C" */ } /* extern "C" */
#endif #endif

1
cyassl/sniffer_error.h
View File

@ -101,6 +101,7 @@
#define BAD_COMPRESSION_STR 67 #define BAD_COMPRESSION_STR 67
#define BAD_DERIVE_STR 68 #define BAD_DERIVE_STR 68
#define ACK_MISSED_STR 69 #define ACK_MISSED_STR 69
#define BAD_DECRYPT 70
/* !!!! also add to msgTable in sniffer.c and .rc file !!!! */ /* !!!! also add to msgTable in sniffer.c and .rc file !!!! */

1
cyassl/sniffer_error.rc
View File

@ -83,5 +83,6 @@ STRINGTABLE
67, "Bad Compression Type" 67, "Bad Compression Type"
68, "Bad DeriveKeys Error" 68, "Bad DeriveKeys Error"
69, "Saw ACK for Missing Packet Error" 69, "Saw ACK for Missing Packet Error"
70, "Bad Decrypt Operation"
} }

4
src/include.am
View File

@ -36,6 +36,10 @@ if BUILD_ASN
src_libcyassl_la_SOURCES += ctaocrypt/src/asn.c src_libcyassl_la_SOURCES += ctaocrypt/src/asn.c
endif endif
if BUILD_FIPS
src_libcyassl_la_SOURCES += ctaocrypt/src/fips.c
endif
if BUILD_CODING if BUILD_CODING
src_libcyassl_la_SOURCES += ctaocrypt/src/coding.c src_libcyassl_la_SOURCES += ctaocrypt/src/coding.c
endif endif

34
src/keys.c
View File

@ -1614,6 +1614,8 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
#ifdef BUILD_AES #ifdef BUILD_AES
if (specs->bulk_cipher_algorithm == cyassl_aes) { if (specs->bulk_cipher_algorithm == cyassl_aes) {
int aesRet = 0;
if (enc->aes == NULL) if (enc->aes == NULL)
enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER); enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
if (enc->aes == NULL) if (enc->aes == NULL)
@ -1635,20 +1637,28 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
} }
#endif #endif
if (side == CYASSL_CLIENT_END) { if (side == CYASSL_CLIENT_END) {
AesSetKey(enc->aes, keys->client_write_key, aesRet = AesSetKey(enc->aes, keys->client_write_key,
specs->key_size, keys->client_write_IV, specs->key_size, keys->client_write_IV,
AES_ENCRYPTION); AES_ENCRYPTION);
AesSetKey(dec->aes, keys->server_write_key, if (aesRet != 0)
specs->key_size, keys->server_write_IV, return aesRet;
AES_DECRYPTION); aesRet = AesSetKey(dec->aes, keys->server_write_key,
specs->key_size, keys->server_write_IV,
AES_DECRYPTION);
if (aesRet != 0)
return aesRet;
} }
else { else {
AesSetKey(enc->aes, keys->server_write_key, aesRet = AesSetKey(enc->aes, keys->server_write_key,
specs->key_size, keys->server_write_IV, specs->key_size, keys->server_write_IV,
AES_ENCRYPTION); AES_ENCRYPTION);
AesSetKey(dec->aes, keys->client_write_key, if (aesRet != 0)
specs->key_size, keys->client_write_IV, return aesRet;
AES_DECRYPTION); aesRet = AesSetKey(dec->aes, keys->client_write_key,
specs->key_size, keys->client_write_IV,
AES_DECRYPTION);
if (aesRet != 0)
return aesRet;
} }
enc->setup = 1; enc->setup = 1;
dec->setup = 1; dec->setup = 1;

29
src/sniffer.c
View File

@ -224,7 +224,8 @@ static const char* const msgTable[] =
"Bad Finished Message Processing", "Bad Finished Message Processing",
"Bad Compression Type", "Bad Compression Type",
"Bad DeriveKeys Error", "Bad DeriveKeys Error",
"Saw ACK for Missing Packet Error" "Saw ACK for Missing Packet Error",
"Bad Decrypt Operation"
}; };
@ -1557,9 +1558,11 @@ static int DoHandShake(const byte* input, int* sslBytes,
} }
/* Decrypt input into plain output */ /* Decrypt input into plain output, 0 on success */
static void Decrypt(SSL* ssl, byte* output, const byte* input, word32 sz) static int Decrypt(SSL* ssl, byte* output, const byte* input, word32 sz)
{ {
int ret = 0;
switch (ssl->specs.bulk_cipher_algorithm) { switch (ssl->specs.bulk_cipher_algorithm) {
#ifdef BUILD_ARC4 #ifdef BUILD_ARC4
case cyassl_rc4: case cyassl_rc4:
@ -1575,7 +1578,7 @@ static void Decrypt(SSL* ssl, byte* output, const byte* input, word32 sz)
#ifdef BUILD_AES #ifdef BUILD_AES
case cyassl_aes: case cyassl_aes:
AesCbcDecrypt(ssl->decrypt.aes, output, input, sz); ret = AesCbcDecrypt(ssl->decrypt.aes, output, input, sz);
break; break;
#endif #endif
@ -1599,18 +1602,25 @@ static void Decrypt(SSL* ssl, byte* output, const byte* input, word32 sz)
default: default:
Trace(BAD_DECRYPT_TYPE); Trace(BAD_DECRYPT_TYPE);
ret = -1;
break; break;
} }
return ret;
} }
/* Decrypt input message into output, adjust output steam if needed */ /* Decrypt input message into output, adjust output steam if needed */
static const byte* DecryptMessage(SSL* ssl, const byte* input, word32 sz, static const byte* DecryptMessage(SSL* ssl, const byte* input, word32 sz,
byte* output) byte* output, int* error)
{ {
int ivExtra = 0; int ivExtra = 0;
Decrypt(ssl, output, input, sz); int ret = Decrypt(ssl, output, input, sz);
if (ret != 0) {
*error = ret;
return NULL;
}
ssl->keys.encryptSz = sz; ssl->keys.encryptSz = sz;
if (ssl->options.tls1_1 && ssl->specs.cipher_type == block) { if (ssl->options.tls1_1 && ssl->specs.cipher_type == block) {
output += ssl->specs.block_size; /* go past TLSv1.1 IV */ output += ssl->specs.block_size; /* go past TLSv1.1 IV */
@ -2320,6 +2330,7 @@ static int ProcessMessage(const byte* sslFrame, SnifferSession* session,
RecordLayerHeader rh; RecordLayerHeader rh;
int rhSize = 0; int rhSize = 0;
int ret; int ret;
int errCode = 0;
int decoded = 0; /* bytes stored for user in data */ int decoded = 0; /* bytes stored for user in data */
int notEnough; /* notEnough bytes yet flag */ int notEnough; /* notEnough bytes yet flag */
SSL* ssl = (session->flags.side == CYASSL_SERVER_END) ? SSL* ssl = (session->flags.side == CYASSL_SERVER_END) ?
@ -2372,7 +2383,11 @@ doMessage:
return -1; return -1;
} }
sslFrame = DecryptMessage(ssl, sslFrame, rhSize, sslFrame = DecryptMessage(ssl, sslFrame, rhSize,
ssl->buffers.outputBuffer.buffer); ssl->buffers.outputBuffer.buffer, &errCode);
if (errCode != 0) {
SetError(BAD_DECRYPT, error, session, FATAL_ERROR_STATE);
return -1;
}
} }
switch ((enum ContentType)rh.type) { switch ((enum ContentType)rh.type) {

80
src/ssl.c
View File

@ -2018,6 +2018,7 @@ int CyaSSL_Init(void)
XFREE(der.buffer, heap, dynamicType); XFREE(der.buffer, heap, dynamicType);
return ret; return ret;
} }
ret = 0; /* back to good status */
if (XSTRNCMP(info.name, "DES-CBC", 7) == 0) { if (XSTRNCMP(info.name, "DES-CBC", 7) == 0) {
Des enc; Des enc;
@ -2031,23 +2032,34 @@ int CyaSSL_Init(void)
} }
else if (XSTRNCMP(info.name, "AES-128-CBC", 13) == 0) { else if (XSTRNCMP(info.name, "AES-128-CBC", 13) == 0) {
Aes enc; Aes enc;
AesSetKey(&enc, key, AES_128_KEY_SIZE, info.iv, AES_DECRYPTION); ret = AesSetKey(&enc, key, AES_128_KEY_SIZE, info.iv,
AesCbcDecrypt(&enc, der.buffer, der.buffer, der.length); AES_DECRYPTION);
if (ret == 0)
ret = AesCbcDecrypt(&enc, der.buffer,der.buffer,der.length);
} }
else if (XSTRNCMP(info.name, "AES-192-CBC", 13) == 0) { else if (XSTRNCMP(info.name, "AES-192-CBC", 13) == 0) {
Aes enc; Aes enc;
AesSetKey(&enc, key, AES_192_KEY_SIZE, info.iv, AES_DECRYPTION); ret = AesSetKey(&enc, key, AES_192_KEY_SIZE, info.iv,
AesCbcDecrypt(&enc, der.buffer, der.buffer, der.length); AES_DECRYPTION);
if (ret == 0)
ret = AesCbcDecrypt(&enc, der.buffer,der.buffer,der.length);
} }
else if (XSTRNCMP(info.name, "AES-256-CBC", 13) == 0) { else if (XSTRNCMP(info.name, "AES-256-CBC", 13) == 0) {
Aes enc; Aes enc;
AesSetKey(&enc, key, AES_256_KEY_SIZE, info.iv, AES_DECRYPTION); ret = AesSetKey(&enc, key, AES_256_KEY_SIZE, info.iv,
AesCbcDecrypt(&enc, der.buffer, der.buffer, der.length); AES_DECRYPTION);
if (ret == 0)
ret = AesCbcDecrypt(&enc, der.buffer,der.buffer,der.length);
} }
else { else {
XFREE(der.buffer, heap, dynamicType); XFREE(der.buffer, heap, dynamicType);
return SSL_BAD_FILE; return SSL_BAD_FILE;
} }
if (ret != 0) {
XFREE(der.buffer, heap, dynamicType);
return ret;
}
} }
#endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */ #endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */
@ -6723,6 +6735,8 @@ int CyaSSL_set_compression(CYASSL* ssl)
const CYASSL_EVP_CIPHER* type, byte* key, const CYASSL_EVP_CIPHER* type, byte* key,
byte* iv, int enc) byte* iv, int enc)
{ {
int ret = 0;
CYASSL_ENTER("CyaSSL_EVP_CipherInit"); CYASSL_ENTER("CyaSSL_EVP_CipherInit");
if (ctx == NULL) { if (ctx == NULL) {
CYASSL_MSG("no ctx"); CYASSL_MSG("no ctx");
@ -6741,9 +6755,12 @@ int CyaSSL_set_compression(CYASSL* ssl)
ctx->keyLen = 16; ctx->keyLen = 16;
if (enc == 0 || enc == 1) if (enc == 0 || enc == 1)
ctx->enc = enc ? 1 : 0; ctx->enc = enc ? 1 : 0;
if (key) if (key) {
AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv, ret = AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION); ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION);
if (ret != 0)
return ret;
}
if (iv && key == NULL) if (iv && key == NULL)
AesSetIV(&ctx->cipher.aes, iv); AesSetIV(&ctx->cipher.aes, iv);
} }
@ -6754,9 +6771,12 @@ int CyaSSL_set_compression(CYASSL* ssl)
ctx->keyLen = 24; ctx->keyLen = 24;
if (enc == 0 || enc == 1) if (enc == 0 || enc == 1)
ctx->enc = enc ? 1 : 0; ctx->enc = enc ? 1 : 0;
if (key) if (key) {
AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv, ret = AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION); ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION);
if (ret != 0)
return ret;
}
if (iv && key == NULL) if (iv && key == NULL)
AesSetIV(&ctx->cipher.aes, iv); AesSetIV(&ctx->cipher.aes, iv);
} }
@ -6767,9 +6787,12 @@ int CyaSSL_set_compression(CYASSL* ssl)
ctx->keyLen = 32; ctx->keyLen = 32;
if (enc == 0 || enc == 1) if (enc == 0 || enc == 1)
ctx->enc = enc ? 1 : 0; ctx->enc = enc ? 1 : 0;
if (key) if (key) {
AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv, ret = AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION); ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION);
if (ret != 0)
return ret;
}
if (iv && key == NULL) if (iv && key == NULL)
AesSetIV(&ctx->cipher.aes, iv); AesSetIV(&ctx->cipher.aes, iv);
} }
@ -6781,9 +6804,12 @@ int CyaSSL_set_compression(CYASSL* ssl)
ctx->keyLen = 16; ctx->keyLen = 16;
if (enc == 0 || enc == 1) if (enc == 0 || enc == 1)
ctx->enc = enc ? 1 : 0; ctx->enc = enc ? 1 : 0;
if (key) if (key) {
AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv, ret = AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
AES_ENCRYPTION); AES_ENCRYPTION);
if (ret != 0)
return ret;
}
if (iv && key == NULL) if (iv && key == NULL)
AesSetIV(&ctx->cipher.aes, iv); AesSetIV(&ctx->cipher.aes, iv);
} }
@ -6794,9 +6820,12 @@ int CyaSSL_set_compression(CYASSL* ssl)
ctx->keyLen = 24; ctx->keyLen = 24;
if (enc == 0 || enc == 1) if (enc == 0 || enc == 1)
ctx->enc = enc ? 1 : 0; ctx->enc = enc ? 1 : 0;
if (key) if (key) {
AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv, ret = AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
AES_ENCRYPTION); AES_ENCRYPTION);
if (ret != 0)
return ret;
}
if (iv && key == NULL) if (iv && key == NULL)
AesSetIV(&ctx->cipher.aes, iv); AesSetIV(&ctx->cipher.aes, iv);
} }
@ -6807,9 +6836,12 @@ int CyaSSL_set_compression(CYASSL* ssl)
ctx->keyLen = 32; ctx->keyLen = 32;
if (enc == 0 || enc == 1) if (enc == 0 || enc == 1)
ctx->enc = enc ? 1 : 0; ctx->enc = enc ? 1 : 0;
if (key) if (key) {
AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv, ret = AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
AES_ENCRYPTION); AES_ENCRYPTION);
if (ret != 0)
return ret;
}
if (iv && key == NULL) if (iv && key == NULL)
AesSetIV(&ctx->cipher.aes, iv); AesSetIV(&ctx->cipher.aes, iv);
} }