From 6e72a299d783c0d8602595372e69b31a7f1bc9b1 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Thu, 9 Jan 2020 18:55:45 +0100 Subject: [PATCH] Don't undef HAVE_GETADDRINFO as it disables defines in projects using wolfSSL Change test_wolfssl_EVP_aes_gcm so that changing the tag will fail the authentication check --- src/ssl.c | 11 +++++++++++ src/wolfio.c | 5 +++-- tests/api.c | 45 +++++++++++++++++++++------------------------ wolfcrypt/src/asn.c | 6 +++++- wolfssl/wolfio.h | 6 +----- 5 files changed, 41 insertions(+), 32 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index ae55c77a6..7f5a5a609 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -40956,19 +40956,30 @@ int wolfSSL_CTX_get_ex_new_index(long idx, void* arg, void* a, void* b, void* wolfSSL_CRYPTO_get_ex_data(void * const* ex_data, int idx) { WOLFSSL_ENTER("wolfSSL_CTX_get_ex_data"); +#ifdef MAX_EX_DATA if(ex_data && idx < MAX_EX_DATA && idx >= 0) { return ex_data[idx]; } +#else + (void)ex_data; + (void)idx; +#endif return NULL; } int wolfSSL_CRYPTO_set_ex_data(void** ex_data, int idx, void *data) { WOLFSSL_ENTER("wolfSSL_CRYPTO_set_ex_data"); +#ifdef MAX_EX_DATA if (ex_data && idx < MAX_EX_DATA && idx >= 0) { ex_data[idx] = data; return WOLFSSL_SUCCESS; } +#else + (void)ex_data; + (void)idx; + (void)data; +#endif return WOLFSSL_FAILURE; } diff --git a/src/wolfio.c b/src/wolfio.c index e64d82284..f72ada6c3 100644 --- a/src/wolfio.c +++ b/src/wolfio.c @@ -770,7 +770,7 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec) int ret = 0; SOCKADDR_S addr; int sockaddr_len = sizeof(SOCKADDR_IN); -#ifdef HAVE_GETADDRINFO +#ifndef WOLF_C99 ADDRINFO hints; ADDRINFO* answer = NULL; char strPort[6]; @@ -785,7 +785,8 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec) printf("TCP Connect: %s:%d\n", ip, port); #endif -#ifdef HAVE_GETADDRINFO + /* use gethostbyname for c99 */ +#ifndef WOLF_C99 XMEMSET(&hints, 0, sizeof(hints)); hints.ai_family = AF_UNSPEC; hints.ai_socktype = SOCK_STREAM; diff --git a/tests/api.c b/tests/api.c index 107d8b802..7c1119144 100644 --- a/tests/api.c +++ b/tests/api.c @@ -29315,34 +29315,31 @@ static void test_wolfssl_EVP_aes_gcm(void) if (i == 0) { /* Default uses 96-bits IV length */ #ifdef WOLFSSL_AES_128 - AssertIntEQ(1, EVP_EncryptInit_ex(&de[i], EVP_aes_128_gcm(), NULL, key, iv)); + AssertIntEQ(1, EVP_DecryptInit_ex(&de, EVP_aes_128_gcm(), NULL, NULL, NULL)); #elif defined(WOLFSSL_AES_192) - AssertIntEQ(1, EVP_EncryptInit_ex(&de[i], EVP_aes_192_gcm(), NULL, key, iv)); + AssertIntEQ(1, EVP_DecryptInit_ex(&de, EVP_aes_192_gcm(), NULL, NULL, NULL)); #elif defined(WOLFSSL_AES_256) - AssertIntEQ(1, EVP_EncryptInit_ex(&de[i], EVP_aes_256_gcm(), NULL, key, iv)); + AssertIntEQ(1, EVP_DecryptInit_ex(&de, EVP_aes_256_gcm(), NULL, NULL, NULL)); #endif - } - else { -#ifdef WOLFSSL_AES_128 - AssertIntEQ(1, EVP_EncryptInit_ex(&de[i], EVP_aes_128_gcm(), NULL, NULL, NULL)); -#elif defined(WOLFSSL_AES_192) - AssertIntEQ(1, EVP_EncryptInit_ex(&de[i], EVP_aes_192_gcm(), NULL, NULL, NULL)); -#elif defined(WOLFSSL_AES_256) - AssertIntEQ(1, EVP_EncryptInit_ex(&de[i], EVP_aes_256_gcm(), NULL, NULL, NULL)); -#endif - /* non-default must to set the IV length first */ - AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL)); - AssertIntEQ(1, EVP_EncryptInit_ex(&de[i], NULL, NULL, key, iv)); + AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de, EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL)); + AssertIntEQ(1, EVP_DecryptInit_ex(&de, NULL, NULL, key, iv)); + AssertIntEQ(1, EVP_DecryptUpdate(&de, NULL, &len, aad, aadSz)); + AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de, EVP_CTRL_GCM_SET_TAG, AES_BLOCK_SIZE, tag)); + AssertIntEQ(1, EVP_DecryptUpdate(&de, decryptedtxt, &len, ciphertxt, ciphertxtSz)); + decryptedtxtSz = len; + AssertIntGT(EVP_DecryptFinal_ex(&de, decryptedtxt, &len), 0); + decryptedtxtSz += len; + AssertIntEQ(ciphertxtSz, decryptedtxtSz); + AssertIntEQ(0, XMEMCMP(plaintxt, decryptedtxt, decryptedtxtSz)); - } - AssertIntEQ(1, EVP_EncryptUpdate(&de[i], NULL, &len, aad, aadSz)); - AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_TAG, AES_BLOCK_SIZE, tag)); - AssertIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, ciphertxtSz)); - decryptedtxtSz = len; - AssertIntGT(EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len), 0); - decryptedtxtSz += len; - AssertIntEQ(ciphertxtSz, decryptedtxtSz); - AssertIntEQ(0, XMEMCMP(plaintxt, decryptedtxt, decryptedtxtSz)); + /* modify tag*/ + tag[AES_BLOCK_SIZE-1]+=0xBB; + AssertIntEQ(1, EVP_DecryptUpdate(&de, NULL, &len, aad, aadSz)); + AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de, EVP_CTRL_GCM_SET_TAG, AES_BLOCK_SIZE, tag)); + /* fail due to wrong tag */ + AssertIntEQ(0, EVP_DecryptUpdate(&de, decryptedtxt, &len, ciphertxt, ciphertxtSz)); + AssertIntGT(EVP_DecryptFinal_ex(&de, decryptedtxt, &len), 0); + AssertIntEQ(0, len); /* modify tag*/ tag[AES_BLOCK_SIZE-1]+=0xBB; diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index ac5403e42..b6082933a 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -10364,7 +10364,11 @@ int PemToDer(const unsigned char* buff, long longSz, int type, /* keyFormat is Key_Sum enum */ if (keyFormat) { #ifdef HAVE_ECC - *eccKey = (header == BEGIN_EC_PRIV || header == beginBuf) ? 1 : 0; + *eccKey = (header == BEGIN_EC_PRIV +#ifdef OPENSSL_EXTRA + || header == beginBuf +#endif + ) ? 1 : 0; #else *eccKey = 0; #endif diff --git a/wolfssl/wolfio.h b/wolfssl/wolfio.h index f6ca47c25..a101c31e0 100644 --- a/wolfssl/wolfio.h +++ b/wolfssl/wolfio.h @@ -328,11 +328,7 @@ #endif /* HAVE_SOCKADDR */ /* use gethostbyname for c99 */ - #ifdef WOLF_C99 - #undef HAVE_GETADDRINFO - #endif - - #ifdef HAVE_GETADDRINFO + #ifndef WOLF_C99 typedef struct addrinfo ADDRINFO; #endif #endif /* WOLFSSL_NO_SOCK */