feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

configure.ac: add --enable-aescbc-length-checks and add it to --enable-all; api.c: fix expected error code in WOLFSSL_AES_CBC_LENGTH_CHECKS path of test_wc_AesCbcEncryptDecrypt(); aes.c: add explanatory comment on WOLFSSL_AES_CBC_LENGTH_CHECKS to top of file.

Browse Source
This commit is contained in:
Daniel Pouzzner
2021-03-26 14:04:25 -05:00
parent 5d9ee97530
commit 5f6b618e71
2 changed files with 21 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
configure.ac
View File

@@ -353,6 +353,7 @@ then
test "$enable_aesctr" = "" && enable_aesctr=yes test "$enable_aesctr" = "" && enable_aesctr=yes
test "$enable_aesofb" = "" && enable_aesofb=yes test "$enable_aesofb" = "" && enable_aesofb=yes
test "$enable_aescfb" = "" && enable_aescfb=yes test "$enable_aescfb" = "" && enable_aescfb=yes
test "$enable_aescbc_length_checks" = "" && enable_aescbc_length_checks=yes
test "$enable_camellia" = "" && enable_camellia=yes test "$enable_camellia" = "" && enable_camellia=yes
test "$enable_ripemd" = "" && enable_ripemd=yes test "$enable_ripemd" = "" && enable_ripemd=yes
test "$enable_sha512" = "" && enable_sha512=yes test "$enable_sha512" = "" && enable_sha512=yes
@@ -1288,6 +1289,18 @@ then
AM_CFLAGS="$AM_CFLAGS -DNO_AES_CBC" AM_CFLAGS="$AM_CFLAGS -DNO_AES_CBC"
fi fi
# AES-CBC length checks (checks that input lengths are multiples of block size)
AC_ARG_ENABLE([aescbc_length_checks],
[AS_HELP_STRING([--enable-aescbc-length-checks],[Enable AES-CBC length validity checks (default: disabled)])],
[ ENABLED_AESCBC_LENGTH_CHECKS=$enableval ],
[ ENABLED_AESCBC_LENGTH_CHECKS=no ]
)
if test "$ENABLED_AESCBC_LENGTH_CHECKS" = "yes"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_AES_CBC_LENGTH_CHECKS"
fi
# leanpsk and leantls don't need gcm # leanpsk and leantls don't need gcm
# AES-GCM # AES-GCM
@@ -6505,6 +6518,7 @@ echo " * ARC4: $ENABLED_ARC4"
echo " * AES: $ENABLED_AES" echo " * AES: $ENABLED_AES"
echo " * AES-NI: $ENABLED_AESNI" echo " * AES-NI: $ENABLED_AESNI"
echo " * AES-CBC: $ENABLED_AESCBC" echo " * AES-CBC: $ENABLED_AESCBC"
echo " * AES-CBC length checks: $ENABLED_AESCBC_LENGTH_CHECKS"
echo " * AES-GCM: $ENABLED_AESGCM" echo " * AES-GCM: $ENABLED_AESGCM"
echo " * AES-CCM: $ENABLED_AESCCM" echo " * AES-CCM: $ENABLED_AESCCM"
echo " * AES-CTR: $ENABLED_AESCTR" echo " * AES-CTR: $ENABLED_AESCTR"

9
tests/api.c
View File

@@ -19,6 +19,11 @@
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
*/ */
/* For AES-CBC, input lengths can optionally be validated to be a
* multiple of the block size, by defining WOLFSSL_AES_CBC_LENGTH_CHECKS,
* also available via the configure option --enable-aescbc-length-checks.
*/
/*----------------------------------------------------------------------------* /*----------------------------------------------------------------------------*
| Includes | Includes
@@ -13155,7 +13160,7 @@ static int test_wc_AesCbcEncryptDecrypt (void)
if (cbcE == 0) { if (cbcE == 0) {
cbcE = wc_AesCbcEncrypt(&aes, enc, vector, sizeof(vector) - 1); cbcE = wc_AesCbcEncrypt(&aes, enc, vector, sizeof(vector) - 1);
} }
if (cbcE == BAD_ALIGN_E) { if (cbcE == BAD_LENGTH_E) {
cbcE = 0; cbcE = 0;
} else { } else {
cbcE = WOLFSSL_FATAL_ERROR; cbcE = WOLFSSL_FATAL_ERROR;
@@ -13190,7 +13195,7 @@ static int test_wc_AesCbcEncryptDecrypt (void)
cbcD = wc_AesCbcDecrypt(&aes, dec, enc, AES_BLOCK_SIZE * 2 - 1); cbcD = wc_AesCbcDecrypt(&aes, dec, enc, AES_BLOCK_SIZE * 2 - 1);
} }
#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS #ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS
if (cbcD == BAD_ALIGN_E) { if (cbcD == BAD_LENGTH_E) {
cbcD = 0; cbcD = 0;
} else { } else {
cbcD = WOLFSSL_FATAL_ERROR; cbcD = WOLFSSL_FATAL_ERROR;