forked from wolfSSL/wolfssl
Don't undef HAVE_GETADDRINFO as it disables defines in projects using wolfSSL
Change test_wolfssl_EVP_aes_gcm so that changing the tag will fail the authentication check
This commit is contained in:
Juliusz Sosinowicz
11
src/ssl.c
11
src/ssl.c
@@ -40956,19 +40956,30 @@ int wolfSSL_CTX_get_ex_new_index(long idx, void* arg, void* a, void* b,
|
|||||||
void* wolfSSL_CRYPTO_get_ex_data(void * const* ex_data, int idx)
|
void* wolfSSL_CRYPTO_get_ex_data(void * const* ex_data, int idx)
|
||||||
{
|
{
|
||||||
WOLFSSL_ENTER("wolfSSL_CTX_get_ex_data");
|
WOLFSSL_ENTER("wolfSSL_CTX_get_ex_data");
|
||||||
|
#ifdef MAX_EX_DATA
|
||||||
if(ex_data && idx < MAX_EX_DATA && idx >= 0) {
|
if(ex_data && idx < MAX_EX_DATA && idx >= 0) {
|
||||||
return ex_data[idx];
|
return ex_data[idx];
|
||||||
}
|
}
|
||||||
|
#else
|
||||||
|
(void)ex_data;
|
||||||
|
(void)idx;
|
||||||
|
#endif
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
int wolfSSL_CRYPTO_set_ex_data(void** ex_data, int idx, void *data)
|
int wolfSSL_CRYPTO_set_ex_data(void** ex_data, int idx, void *data)
|
||||||
{
|
{
|
||||||
WOLFSSL_ENTER("wolfSSL_CRYPTO_set_ex_data");
|
WOLFSSL_ENTER("wolfSSL_CRYPTO_set_ex_data");
|
||||||
|
#ifdef MAX_EX_DATA
|
||||||
if (ex_data && idx < MAX_EX_DATA && idx >= 0) {
|
if (ex_data && idx < MAX_EX_DATA && idx >= 0) {
|
||||||
ex_data[idx] = data;
|
ex_data[idx] = data;
|
||||||
return WOLFSSL_SUCCESS;
|
return WOLFSSL_SUCCESS;
|
||||||
}
|
}
|
||||||
|
#else
|
||||||
|
(void)ex_data;
|
||||||
|
(void)idx;
|
||||||
|
(void)data;
|
||||||
|
#endif
|
||||||
return WOLFSSL_FAILURE;
|
return WOLFSSL_FAILURE;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -770,7 +770,7 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec)
|
|||||||
int ret = 0;
|
int ret = 0;
|
||||||
SOCKADDR_S addr;
|
SOCKADDR_S addr;
|
||||||
int sockaddr_len = sizeof(SOCKADDR_IN);
|
int sockaddr_len = sizeof(SOCKADDR_IN);
|
||||||
#ifdef HAVE_GETADDRINFO
|
#ifndef WOLF_C99
|
||||||
ADDRINFO hints;
|
ADDRINFO hints;
|
||||||
ADDRINFO* answer = NULL;
|
ADDRINFO* answer = NULL;
|
||||||
char strPort[6];
|
char strPort[6];
|
||||||
@@ -785,7 +785,8 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec)
|
|||||||
printf("TCP Connect: %s:%d\n", ip, port);
|
printf("TCP Connect: %s:%d\n", ip, port);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef HAVE_GETADDRINFO
|
/* use gethostbyname for c99 */
|
||||||
|
#ifndef WOLF_C99
|
||||||
XMEMSET(&hints, 0, sizeof(hints));
|
XMEMSET(&hints, 0, sizeof(hints));
|
||||||
hints.ai_family = AF_UNSPEC;
|
hints.ai_family = AF_UNSPEC;
|
||||||
hints.ai_socktype = SOCK_STREAM;
|
hints.ai_socktype = SOCK_STREAM;
|
||||||
|
|||||||
39
tests/api.c
39
tests/api.c
@@ -29315,35 +29315,32 @@ static void test_wolfssl_EVP_aes_gcm(void)
|
|||||||
if (i == 0) {
|
if (i == 0) {
|
||||||
/* Default uses 96-bits IV length */
|
/* Default uses 96-bits IV length */
|
||||||
#ifdef WOLFSSL_AES_128
|
#ifdef WOLFSSL_AES_128
|
||||||
AssertIntEQ(1, EVP_EncryptInit_ex(&de[i], EVP_aes_128_gcm(), NULL, key, iv));
|
AssertIntEQ(1, EVP_DecryptInit_ex(&de, EVP_aes_128_gcm(), NULL, NULL, NULL));
|
||||||
#elif defined(WOLFSSL_AES_192)
|
#elif defined(WOLFSSL_AES_192)
|
||||||
AssertIntEQ(1, EVP_EncryptInit_ex(&de[i], EVP_aes_192_gcm(), NULL, key, iv));
|
AssertIntEQ(1, EVP_DecryptInit_ex(&de, EVP_aes_192_gcm(), NULL, NULL, NULL));
|
||||||
#elif defined(WOLFSSL_AES_256)
|
#elif defined(WOLFSSL_AES_256)
|
||||||
AssertIntEQ(1, EVP_EncryptInit_ex(&de[i], EVP_aes_256_gcm(), NULL, key, iv));
|
AssertIntEQ(1, EVP_DecryptInit_ex(&de, EVP_aes_256_gcm(), NULL, NULL, NULL));
|
||||||
#endif
|
#endif
|
||||||
}
|
AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de, EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL));
|
||||||
else {
|
AssertIntEQ(1, EVP_DecryptInit_ex(&de, NULL, NULL, key, iv));
|
||||||
#ifdef WOLFSSL_AES_128
|
AssertIntEQ(1, EVP_DecryptUpdate(&de, NULL, &len, aad, aadSz));
|
||||||
AssertIntEQ(1, EVP_EncryptInit_ex(&de[i], EVP_aes_128_gcm(), NULL, NULL, NULL));
|
AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de, EVP_CTRL_GCM_SET_TAG, AES_BLOCK_SIZE, tag));
|
||||||
#elif defined(WOLFSSL_AES_192)
|
AssertIntEQ(1, EVP_DecryptUpdate(&de, decryptedtxt, &len, ciphertxt, ciphertxtSz));
|
||||||
AssertIntEQ(1, EVP_EncryptInit_ex(&de[i], EVP_aes_192_gcm(), NULL, NULL, NULL));
|
|
||||||
#elif defined(WOLFSSL_AES_256)
|
|
||||||
AssertIntEQ(1, EVP_EncryptInit_ex(&de[i], EVP_aes_256_gcm(), NULL, NULL, NULL));
|
|
||||||
#endif
|
|
||||||
/* non-default must to set the IV length first */
|
|
||||||
AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL));
|
|
||||||
AssertIntEQ(1, EVP_EncryptInit_ex(&de[i], NULL, NULL, key, iv));
|
|
||||||
|
|
||||||
}
|
|
||||||
AssertIntEQ(1, EVP_EncryptUpdate(&de[i], NULL, &len, aad, aadSz));
|
|
||||||
AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_TAG, AES_BLOCK_SIZE, tag));
|
|
||||||
AssertIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, ciphertxtSz));
|
|
||||||
decryptedtxtSz = len;
|
decryptedtxtSz = len;
|
||||||
AssertIntGT(EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len), 0);
|
AssertIntGT(EVP_DecryptFinal_ex(&de, decryptedtxt, &len), 0);
|
||||||
decryptedtxtSz += len;
|
decryptedtxtSz += len;
|
||||||
AssertIntEQ(ciphertxtSz, decryptedtxtSz);
|
AssertIntEQ(ciphertxtSz, decryptedtxtSz);
|
||||||
AssertIntEQ(0, XMEMCMP(plaintxt, decryptedtxt, decryptedtxtSz));
|
AssertIntEQ(0, XMEMCMP(plaintxt, decryptedtxt, decryptedtxtSz));
|
||||||
|
|
||||||
|
/* modify tag*/
|
||||||
|
tag[AES_BLOCK_SIZE-1]+=0xBB;
|
||||||
|
AssertIntEQ(1, EVP_DecryptUpdate(&de, NULL, &len, aad, aadSz));
|
||||||
|
AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de, EVP_CTRL_GCM_SET_TAG, AES_BLOCK_SIZE, tag));
|
||||||
|
/* fail due to wrong tag */
|
||||||
|
AssertIntEQ(0, EVP_DecryptUpdate(&de, decryptedtxt, &len, ciphertxt, ciphertxtSz));
|
||||||
|
AssertIntGT(EVP_DecryptFinal_ex(&de, decryptedtxt, &len), 0);
|
||||||
|
AssertIntEQ(0, len);
|
||||||
|
|
||||||
/* modify tag*/
|
/* modify tag*/
|
||||||
tag[AES_BLOCK_SIZE-1]+=0xBB;
|
tag[AES_BLOCK_SIZE-1]+=0xBB;
|
||||||
AssertIntEQ(1, EVP_EncryptUpdate(&de[i], NULL, &len, aad, aadSz));
|
AssertIntEQ(1, EVP_EncryptUpdate(&de[i], NULL, &len, aad, aadSz));
|
||||||
|
|||||||
@@ -10364,7 +10364,11 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
|
|||||||
/* keyFormat is Key_Sum enum */
|
/* keyFormat is Key_Sum enum */
|
||||||
if (keyFormat) {
|
if (keyFormat) {
|
||||||
#ifdef HAVE_ECC
|
#ifdef HAVE_ECC
|
||||||
*eccKey = (header == BEGIN_EC_PRIV || header == beginBuf) ? 1 : 0;
|
*eccKey = (header == BEGIN_EC_PRIV
|
||||||
|
#ifdef OPENSSL_EXTRA
|
||||||
|
|| header == beginBuf
|
||||||
|
#endif
|
||||||
|
) ? 1 : 0;
|
||||||
#else
|
#else
|
||||||
*eccKey = 0;
|
*eccKey = 0;
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
@@ -328,11 +328,7 @@
|
|||||||
#endif /* HAVE_SOCKADDR */
|
#endif /* HAVE_SOCKADDR */
|
||||||
|
|
||||||
/* use gethostbyname for c99 */
|
/* use gethostbyname for c99 */
|
||||||
#ifdef WOLF_C99
|
#ifndef WOLF_C99
|
||||||
#undef HAVE_GETADDRINFO
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#ifdef HAVE_GETADDRINFO
|
|
||||||
typedef struct addrinfo ADDRINFO;
|
typedef struct addrinfo ADDRINFO;
|
||||||
#endif
|
#endif
|
||||||
#endif /* WOLFSSL_NO_SOCK */
|
#endif /* WOLFSSL_NO_SOCK */
|
||||||
|
|||||||
Reference in New Issue
Block a user