forked from wolfSSL/wolfssl
fix github issue #174 , disable des3 with (else if) logic broken
This commit is contained in:
toddouska
38
src/ssl.c
38
src/ssl.c
@ -2382,7 +2382,7 @@ int wolfSSL_Init(void)
|
|||||||
static int wolfssl_decrypt_buffer_key(buffer* der, byte* password,
|
static int wolfssl_decrypt_buffer_key(buffer* der, byte* password,
|
||||||
int passwordSz, EncryptedInfo* info)
|
int passwordSz, EncryptedInfo* info)
|
||||||
{
|
{
|
||||||
int ret;
|
int ret = SSL_BAD_FILE;
|
||||||
|
|
||||||
#ifdef WOLFSSL_SMALL_STACK
|
#ifdef WOLFSSL_SMALL_STACK
|
||||||
byte* key = NULL;
|
byte* key = NULL;
|
||||||
@ -2434,7 +2434,7 @@ static int wolfssl_decrypt_buffer_key(buffer* der, byte* password,
|
|||||||
key, info->iv);
|
key, info->iv);
|
||||||
#endif /* NO_DES3 */
|
#endif /* NO_DES3 */
|
||||||
#ifndef NO_AES
|
#ifndef NO_AES
|
||||||
else if (XSTRNCMP(info->name, EVP_AES_128_CBC, EVP_AES_SIZE) == 0)
|
if (XSTRNCMP(info->name, EVP_AES_128_CBC, EVP_AES_SIZE) == 0)
|
||||||
ret = wc_AesCbcDecryptWithKey(der->buffer, der->buffer, der->length,
|
ret = wc_AesCbcDecryptWithKey(der->buffer, der->buffer, der->length,
|
||||||
key, AES_128_KEY_SIZE, info->iv);
|
key, AES_128_KEY_SIZE, info->iv);
|
||||||
else if (XSTRNCMP(info->name, EVP_AES_192_CBC, EVP_AES_SIZE) == 0)
|
else if (XSTRNCMP(info->name, EVP_AES_192_CBC, EVP_AES_SIZE) == 0)
|
||||||
@ -2444,8 +2444,6 @@ static int wolfssl_decrypt_buffer_key(buffer* der, byte* password,
|
|||||||
ret = wc_AesCbcDecryptWithKey(der->buffer, der->buffer, der->length,
|
ret = wc_AesCbcDecryptWithKey(der->buffer, der->buffer, der->length,
|
||||||
key, AES_256_KEY_SIZE, info->iv);
|
key, AES_256_KEY_SIZE, info->iv);
|
||||||
#endif /* NO_AES */
|
#endif /* NO_AES */
|
||||||
else
|
|
||||||
ret = SSL_BAD_FILE;
|
|
||||||
|
|
||||||
#ifdef WOLFSSL_SMALL_STACK
|
#ifdef WOLFSSL_SMALL_STACK
|
||||||
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
@ -2465,7 +2463,7 @@ static int wolfssl_decrypt_buffer_key(buffer* der, byte* password,
|
|||||||
static int wolfssl_encrypt_buffer_key(byte* der, word32 derSz, byte* password,
|
static int wolfssl_encrypt_buffer_key(byte* der, word32 derSz, byte* password,
|
||||||
int passwordSz, EncryptedInfo* info)
|
int passwordSz, EncryptedInfo* info)
|
||||||
{
|
{
|
||||||
int ret;
|
int ret = SSL_BAD_FILE;
|
||||||
|
|
||||||
#ifdef WOLFSSL_SMALL_STACK
|
#ifdef WOLFSSL_SMALL_STACK
|
||||||
byte* key = NULL;
|
byte* key = NULL;
|
||||||
@ -2509,7 +2507,7 @@ static int wolfssl_encrypt_buffer_key(byte* der, word32 derSz, byte* password,
|
|||||||
ret = wc_Des3_CbcEncryptWithKey(der, der, derSz, key, info->iv);
|
ret = wc_Des3_CbcEncryptWithKey(der, der, derSz, key, info->iv);
|
||||||
#endif /* NO_DES3 */
|
#endif /* NO_DES3 */
|
||||||
#ifndef NO_AES
|
#ifndef NO_AES
|
||||||
else if (XSTRNCMP(info->name, EVP_AES_128_CBC, EVP_AES_SIZE) == 0)
|
if (XSTRNCMP(info->name, EVP_AES_128_CBC, EVP_AES_SIZE) == 0)
|
||||||
ret = wc_AesCbcEncryptWithKey(der, der, derSz,
|
ret = wc_AesCbcEncryptWithKey(der, der, derSz,
|
||||||
key, AES_128_KEY_SIZE, info->iv);
|
key, AES_128_KEY_SIZE, info->iv);
|
||||||
else if (XSTRNCMP(info->name, EVP_AES_192_CBC, EVP_AES_SIZE) == 0)
|
else if (XSTRNCMP(info->name, EVP_AES_192_CBC, EVP_AES_SIZE) == 0)
|
||||||
@ -2519,8 +2517,6 @@ static int wolfssl_encrypt_buffer_key(byte* der, word32 derSz, byte* password,
|
|||||||
ret = wc_AesCbcEncryptWithKey(der, der, derSz,
|
ret = wc_AesCbcEncryptWithKey(der, der, derSz,
|
||||||
key, AES_256_KEY_SIZE, info->iv);
|
key, AES_256_KEY_SIZE, info->iv);
|
||||||
#endif /* NO_AES */
|
#endif /* NO_AES */
|
||||||
else
|
|
||||||
ret = SSL_BAD_FILE;
|
|
||||||
|
|
||||||
#ifdef WOLFSSL_SMALL_STACK
|
#ifdef WOLFSSL_SMALL_STACK
|
||||||
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
||||||
@ -8332,17 +8328,15 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/* SSL_SUCCESS on ok */
|
/* return SSL_SUCCESS on ok, 0 on failure to match API compatibility */
|
||||||
int wolfSSL_EVP_CipherInit(WOLFSSL_EVP_CIPHER_CTX* ctx,
|
int wolfSSL_EVP_CipherInit(WOLFSSL_EVP_CIPHER_CTX* ctx,
|
||||||
const WOLFSSL_EVP_CIPHER* type, byte* key,
|
const WOLFSSL_EVP_CIPHER* type, byte* key,
|
||||||
byte* iv, int enc)
|
byte* iv, int enc)
|
||||||
{
|
{
|
||||||
#if defined(NO_AES) && defined(NO_DES3) && !defined(HAVE_IDEA)
|
int ret = -1; /* failure local, during function 0 means success
|
||||||
|
because internal functions work that way */
|
||||||
(void)iv;
|
(void)iv;
|
||||||
(void)enc;
|
(void)enc;
|
||||||
#else
|
|
||||||
int ret = 0;
|
|
||||||
#endif
|
|
||||||
|
|
||||||
WOLFSSL_ENTER("wolfSSL_EVP_CipherInit");
|
WOLFSSL_ENTER("wolfSSL_EVP_CipherInit");
|
||||||
if (ctx == NULL) {
|
if (ctx == NULL) {
|
||||||
@ -8475,7 +8469,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
|
|||||||
#endif /* NO_AES */
|
#endif /* NO_AES */
|
||||||
|
|
||||||
#ifndef NO_DES3
|
#ifndef NO_DES3
|
||||||
else if (ctx->cipherType == DES_CBC_TYPE ||
|
if (ctx->cipherType == DES_CBC_TYPE ||
|
||||||
(type && XSTRNCMP(type, EVP_DES_CBC, EVP_DES_SIZE) == 0)) {
|
(type && XSTRNCMP(type, EVP_DES_CBC, EVP_DES_SIZE) == 0)) {
|
||||||
WOLFSSL_MSG(EVP_DES_CBC);
|
WOLFSSL_MSG(EVP_DES_CBC);
|
||||||
ctx->cipherType = DES_CBC_TYPE;
|
ctx->cipherType = DES_CBC_TYPE;
|
||||||
@ -8515,7 +8509,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
|
|||||||
}
|
}
|
||||||
#endif /* NO_DES3 */
|
#endif /* NO_DES3 */
|
||||||
#ifndef NO_RC4
|
#ifndef NO_RC4
|
||||||
else if (ctx->cipherType == ARC4_TYPE || (type &&
|
if (ctx->cipherType == ARC4_TYPE || (type &&
|
||||||
XSTRNCMP(type, "ARC4", 4) == 0)) {
|
XSTRNCMP(type, "ARC4", 4) == 0)) {
|
||||||
WOLFSSL_MSG("ARC4");
|
WOLFSSL_MSG("ARC4");
|
||||||
ctx->cipherType = ARC4_TYPE;
|
ctx->cipherType = ARC4_TYPE;
|
||||||
@ -8523,10 +8517,11 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
|
|||||||
ctx->keyLen = 16; /* default to 128 */
|
ctx->keyLen = 16; /* default to 128 */
|
||||||
if (key)
|
if (key)
|
||||||
wc_Arc4SetKey(&ctx->cipher.arc4, key, ctx->keyLen);
|
wc_Arc4SetKey(&ctx->cipher.arc4, key, ctx->keyLen);
|
||||||
|
ret = 0; /* success */
|
||||||
}
|
}
|
||||||
#endif /* NO_RC4 */
|
#endif /* NO_RC4 */
|
||||||
#ifdef HAVE_IDEA
|
#ifdef HAVE_IDEA
|
||||||
else if (ctx->cipherType == IDEA_CBC_TYPE ||
|
if (ctx->cipherType == IDEA_CBC_TYPE ||
|
||||||
(type && XSTRNCMP(type, EVP_IDEA_CBC, EVP_IDEA_SIZE) == 0)) {
|
(type && XSTRNCMP(type, EVP_IDEA_CBC, EVP_IDEA_SIZE) == 0)) {
|
||||||
WOLFSSL_MSG(EVP_IDEA_CBC);
|
WOLFSSL_MSG(EVP_IDEA_CBC);
|
||||||
ctx->cipherType = IDEA_CBC_TYPE;
|
ctx->cipherType = IDEA_CBC_TYPE;
|
||||||
@ -8544,17 +8539,18 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
|
|||||||
wc_IdeaSetIV(&ctx->cipher.idea, iv);
|
wc_IdeaSetIV(&ctx->cipher.idea, iv);
|
||||||
}
|
}
|
||||||
#endif /* HAVE_IDEA */
|
#endif /* HAVE_IDEA */
|
||||||
else if (ctx->cipherType == NULL_CIPHER_TYPE || (type &&
|
if (ctx->cipherType == NULL_CIPHER_TYPE || (type &&
|
||||||
XSTRNCMP(type, "NULL", 4) == 0)) {
|
XSTRNCMP(type, "NULL", 4) == 0)) {
|
||||||
WOLFSSL_MSG("NULL cipher");
|
WOLFSSL_MSG("NULL cipher");
|
||||||
ctx->cipherType = NULL_CIPHER_TYPE;
|
ctx->cipherType = NULL_CIPHER_TYPE;
|
||||||
ctx->keyLen = 0;
|
ctx->keyLen = 0;
|
||||||
|
ret = 0; /* success */
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (ret == 0)
|
||||||
|
return SSL_SUCCESS;
|
||||||
else
|
else
|
||||||
return 0; /* failure */
|
return 0; /* overall failure */
|
||||||
|
|
||||||
|
|
||||||
return SSL_SUCCESS;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user