fix github issue #174 , disable des3 with (else if) logic broken

2015-11-03 12:03:35 -08:00
parent 8d4d9ebe12
commit 5c9089651a
1 changed files with 17 additions and 21 deletions
--- a/src/ssl.c
+++ b/src/ssl.c
@ -2382,7 +2382,7 @@ int wolfSSL_Init(void)
 static int wolfssl_decrypt_buffer_key(buffer* der, byte* password,
                                      int passwordSz, EncryptedInfo* info)
 {
-    int ret;
+    int ret = SSL_BAD_FILE;

 #ifdef WOLFSSL_SMALL_STACK
    byte* key      = NULL;
@ -2434,7 +2434,7 @@ static int wolfssl_decrypt_buffer_key(buffer* der, byte* password,
                                        key, info->iv);
 #endif /* NO_DES3 */
 #ifndef NO_AES
-    else if (XSTRNCMP(info->name, EVP_AES_128_CBC, EVP_AES_SIZE) == 0)
+    if (XSTRNCMP(info->name, EVP_AES_128_CBC, EVP_AES_SIZE) == 0)
        ret = wc_AesCbcDecryptWithKey(der->buffer, der->buffer, der->length,
                                      key, AES_128_KEY_SIZE, info->iv);
    else if (XSTRNCMP(info->name, EVP_AES_192_CBC, EVP_AES_SIZE) == 0)
@ -2444,8 +2444,6 @@ static int wolfssl_decrypt_buffer_key(buffer* der, byte* password,
        ret = wc_AesCbcDecryptWithKey(der->buffer, der->buffer, der->length,
                                      key, AES_256_KEY_SIZE, info->iv);
 #endif /* NO_AES */
-    else
-        ret = SSL_BAD_FILE;

 #ifdef WOLFSSL_SMALL_STACK
    XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@ -2465,7 +2463,7 @@ static int wolfssl_decrypt_buffer_key(buffer* der, byte* password,
 static int wolfssl_encrypt_buffer_key(byte* der, word32 derSz, byte* password,
                                      int passwordSz, EncryptedInfo* info)
 {
-    int ret;
+    int ret = SSL_BAD_FILE;

 #ifdef WOLFSSL_SMALL_STACK
    byte* key      = NULL;
@ -2509,7 +2507,7 @@ static int wolfssl_encrypt_buffer_key(byte* der, word32 derSz, byte* password,
        ret = wc_Des3_CbcEncryptWithKey(der, der, derSz, key, info->iv);
 #endif /* NO_DES3 */
 #ifndef NO_AES
-    else if (XSTRNCMP(info->name, EVP_AES_128_CBC, EVP_AES_SIZE) == 0)
+    if (XSTRNCMP(info->name, EVP_AES_128_CBC, EVP_AES_SIZE) == 0)
        ret = wc_AesCbcEncryptWithKey(der, der, derSz,
                                      key, AES_128_KEY_SIZE, info->iv);
    else if (XSTRNCMP(info->name, EVP_AES_192_CBC, EVP_AES_SIZE) == 0)
@ -2519,8 +2517,6 @@ static int wolfssl_encrypt_buffer_key(byte* der, word32 derSz, byte* password,
        ret = wc_AesCbcEncryptWithKey(der, der, derSz,
                                      key, AES_256_KEY_SIZE, info->iv);
 #endif /* NO_AES */
-    else
-        ret = SSL_BAD_FILE;

 #ifdef WOLFSSL_SMALL_STACK
    XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@ -8332,17 +8328,15 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
    }


-    /* SSL_SUCCESS on ok */
+    /* return SSL_SUCCESS on ok, 0 on failure to match API compatibility */
    int  wolfSSL_EVP_CipherInit(WOLFSSL_EVP_CIPHER_CTX* ctx,
                               const WOLFSSL_EVP_CIPHER* type, byte* key,
                               byte* iv, int enc)
    {
-#if defined(NO_AES) && defined(NO_DES3) && !defined(HAVE_IDEA)
+        int ret = -1;  /* failure local, during function 0 means success
+                          because internal functions work that way */
        (void)iv;
        (void)enc;
-#else
-        int ret = 0;
-#endif

        WOLFSSL_ENTER("wolfSSL_EVP_CipherInit");
        if (ctx == NULL) {
@ -8475,7 +8469,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
 #endif /* NO_AES */

 #ifndef NO_DES3
-        else if (ctx->cipherType == DES_CBC_TYPE ||
+        if (ctx->cipherType == DES_CBC_TYPE ||
                 (type && XSTRNCMP(type, EVP_DES_CBC, EVP_DES_SIZE) == 0)) {
            WOLFSSL_MSG(EVP_DES_CBC);
            ctx->cipherType = DES_CBC_TYPE;
@ -8515,7 +8509,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
        }
 #endif /* NO_DES3 */
 #ifndef NO_RC4
-        else if (ctx->cipherType == ARC4_TYPE || (type &&
+        if (ctx->cipherType == ARC4_TYPE || (type &&
                                     XSTRNCMP(type, "ARC4", 4) == 0)) {
            WOLFSSL_MSG("ARC4");
            ctx->cipherType = ARC4_TYPE;
@ -8523,10 +8517,11 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
                ctx->keyLen = 16;  /* default to 128 */
            if (key)
                wc_Arc4SetKey(&ctx->cipher.arc4, key, ctx->keyLen);
+            ret = 0;  /* success */
        }
 #endif /* NO_RC4 */
 #ifdef HAVE_IDEA
-        else if (ctx->cipherType == IDEA_CBC_TYPE ||
+        if (ctx->cipherType == IDEA_CBC_TYPE ||
                 (type && XSTRNCMP(type, EVP_IDEA_CBC, EVP_IDEA_SIZE) == 0)) {
            WOLFSSL_MSG(EVP_IDEA_CBC);
            ctx->cipherType = IDEA_CBC_TYPE;
@ -8544,17 +8539,18 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
                wc_IdeaSetIV(&ctx->cipher.idea, iv);
        }
 #endif /* HAVE_IDEA */
-        else if (ctx->cipherType == NULL_CIPHER_TYPE || (type &&
+        if (ctx->cipherType == NULL_CIPHER_TYPE || (type &&
                                     XSTRNCMP(type, "NULL", 4) == 0)) {
            WOLFSSL_MSG("NULL cipher");
            ctx->cipherType = NULL_CIPHER_TYPE;
            ctx->keyLen = 0;
+            ret = 0;  /* success */
        }
+
+        if (ret == 0)
+            return SSL_SUCCESS;
        else
-            return 0;   /* failure */
-
-
-        return SSL_SUCCESS;
+            return 0;  /* overall failure */
    }