From ae09fbe8a27bc70ce7c1ae7b06b1a7e088645d98 Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Mon, 24 Dec 2018 12:00:21 +0900 Subject: [PATCH 1/3] EVP_CipherInit: allow NULL iv for openSSL compatibility --- src/ssl.c | 43 ++++++++++++++++++++++++++++--------------- 1 file changed, 28 insertions(+), 15 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index d2d7e34d3..b84a635ee 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -13314,7 +13314,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) { WOLFSSL_ENTER("EVP_CIPHER_CTX_init"); if (ctx) { - ctx->cipherType = 0xff; /* no init */ + ctx->cipherType = WOLFSSL_EVP_CIPH_TYPE_INIT; /* not yet initialized */ ctx->keyLen = 0; ctx->enc = 1; /* start in encrypt mode */ } @@ -13326,13 +13326,26 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) { WOLFSSL_ENTER("EVP_CIPHER_CTX_cleanup"); if (ctx) { - ctx->cipherType = 0xff; /* no more init */ + ctx->cipherType = WOLFSSL_EVP_CIPH_TYPE_INIT; /* not yet initialized */ ctx->keyLen = 0; } return WOLFSSL_SUCCESS; } + static int AesSetKey(Aes* aes, const byte* key, word32 len, + const byte* iv, int dir) + { + int ret; + /* wc_AesSetKey clear aes.reg if iv == NULL. + Keep IV for openSSL compatibility */ + if(iv == NULL) + XMEMCPY((byte *)aes->tmp, (byte *)aes->reg, AES_BLOCK_SIZE); + ret = wc_AesSetKey(aes, key, len, iv, dir); + if(iv == NULL) + XMEMCPY((byte *)aes->reg, (byte *)aes->tmp, AES_BLOCK_SIZE); + return ret; + } /* return WOLFSSL_SUCCESS on ok, 0 on failure to match API compatibility */ int wolfSSL_EVP_CipherInit(WOLFSSL_EVP_CIPHER_CTX* ctx, @@ -13355,13 +13368,13 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) return 0; /* failure */ } if (ctx->cipherType == WOLFSSL_EVP_CIPH_TYPE_INIT){ + /* only first EVP_CipherInit invoke. ctx->cipherType is set below */ + XMEMSET(&ctx->cipher, 0, sizeof(ctx->cipher)); ctx->bufUsed = 0; ctx->lastUsed = 0; ctx->flags = 0; } - XMEMSET(&ctx->cipher, 0, sizeof(ctx->cipher)); - #ifndef NO_AES #ifdef HAVE_AES_CBC #ifdef WOLFSSL_AES_128 @@ -13376,8 +13389,8 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (key) { - ret = wc_AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv, - ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION); + ret = AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv, + ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION); if (ret != 0) return ret; } @@ -13400,7 +13413,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (key) { - ret = wc_AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv, + ret = AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv, ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION); if (ret != 0) return ret; @@ -13424,10 +13437,10 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (key) { - ret = wc_AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv, + ret = AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv, ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION); if (ret != 0){ - WOLFSSL_MSG("wc_AesSetKey() failed"); + WOLFSSL_MSG("AesSetKey() failed"); return ret; } } @@ -13454,7 +13467,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (key) { - ret = wc_AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv, + ret = AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv, AES_ENCRYPTION); if (ret != 0) return ret; @@ -13478,7 +13491,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (key) { - ret = wc_AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv, + ret = AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv, AES_ENCRYPTION); if (ret != 0) return ret; @@ -13502,7 +13515,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (key) { - ret = wc_AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv, + ret = AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv, AES_ENCRYPTION); if (ret != 0) return ret; @@ -13527,7 +13540,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (key) { - ret = wc_AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, NULL, + ret = AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, NULL, ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION); } if (ret != 0) @@ -13546,7 +13559,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (key) { - ret = wc_AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, NULL, + ret = AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, NULL, ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION); } if (ret != 0) @@ -13565,7 +13578,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (key) { - ret = wc_AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, NULL, + ret = AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, NULL, ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION); } if (ret != 0) From 0c828d14a066cd157508a4106179f3290dc0b19b Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Mon, 24 Dec 2018 17:27:41 +0900 Subject: [PATCH 2/3] Name conficted. filter out with NO_AES --- src/ssl.c | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index b84a635ee..da5e88b0c 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -13333,7 +13333,8 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) return WOLFSSL_SUCCESS; } - static int AesSetKey(Aes* aes, const byte* key, word32 len, +#ifndef NO_AES + static int AesSetKey_(Aes* aes, const byte* key, word32 len, const byte* iv, int dir) { int ret; @@ -13346,6 +13347,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) XMEMCPY((byte *)aes->reg, (byte *)aes->tmp, AES_BLOCK_SIZE); return ret; } +#endif /* return WOLFSSL_SUCCESS on ok, 0 on failure to match API compatibility */ int wolfSSL_EVP_CipherInit(WOLFSSL_EVP_CIPHER_CTX* ctx, @@ -13389,7 +13391,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (key) { - ret = AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv, + ret =AesSetKey_(&ctx->cipher.aes, key, ctx->keyLen, iv, ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION); if (ret != 0) return ret; @@ -13413,7 +13415,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (key) { - ret = AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv, + ret =AesSetKey_(&ctx->cipher.aes, key, ctx->keyLen, iv, ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION); if (ret != 0) return ret; @@ -13437,7 +13439,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (key) { - ret = AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv, + ret =AesSetKey_(&ctx->cipher.aes, key, ctx->keyLen, iv, ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION); if (ret != 0){ WOLFSSL_MSG("AesSetKey() failed"); @@ -13467,7 +13469,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (key) { - ret = AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv, + ret = AesSetKey_(&ctx->cipher.aes, key, ctx->keyLen, iv, AES_ENCRYPTION); if (ret != 0) return ret; @@ -13491,7 +13493,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (key) { - ret = AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv, + ret = AesSetKey_(&ctx->cipher.aes, key, ctx->keyLen, iv, AES_ENCRYPTION); if (ret != 0) return ret; @@ -13515,7 +13517,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (key) { - ret = AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv, + ret = AesSetKey_(&ctx->cipher.aes, key, ctx->keyLen, iv, AES_ENCRYPTION); if (ret != 0) return ret; @@ -13540,7 +13542,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (key) { - ret = AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, NULL, + ret = AesSetKey_(&ctx->cipher.aes, key, ctx->keyLen, NULL, ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION); } if (ret != 0) @@ -13559,7 +13561,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (key) { - ret = AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, NULL, + ret = AesSetKey_(&ctx->cipher.aes, key, ctx->keyLen, NULL, ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION); } if (ret != 0) @@ -13578,7 +13580,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (key) { - ret = AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, NULL, + ret = AesSetKey_(&ctx->cipher.aes, key, ctx->keyLen, NULL, ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION); } if (ret != 0) From f97696a54658ff7678371203d668f227f532388a Mon Sep 17 00:00:00 2001 From: Takashi Kojo Date: Wed, 26 Dec 2018 13:52:41 +0900 Subject: [PATCH 3/3] AesSetKey_ to AesSetKey_ex --- src/ssl.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index da5e88b0c..c02bedcdb 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -13334,7 +13334,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) } #ifndef NO_AES - static int AesSetKey_(Aes* aes, const byte* key, word32 len, + static int AesSetKey_ex(Aes* aes, const byte* key, word32 len, const byte* iv, int dir) { int ret; @@ -13391,7 +13391,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (key) { - ret =AesSetKey_(&ctx->cipher.aes, key, ctx->keyLen, iv, + ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION); if (ret != 0) return ret; @@ -13415,7 +13415,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (key) { - ret =AesSetKey_(&ctx->cipher.aes, key, ctx->keyLen, iv, + ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION); if (ret != 0) return ret; @@ -13439,7 +13439,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (key) { - ret =AesSetKey_(&ctx->cipher.aes, key, ctx->keyLen, iv, + ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION); if (ret != 0){ WOLFSSL_MSG("AesSetKey() failed"); @@ -13469,7 +13469,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (key) { - ret = AesSetKey_(&ctx->cipher.aes, key, ctx->keyLen, iv, + ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, AES_ENCRYPTION); if (ret != 0) return ret; @@ -13493,7 +13493,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (key) { - ret = AesSetKey_(&ctx->cipher.aes, key, ctx->keyLen, iv, + ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, AES_ENCRYPTION); if (ret != 0) return ret; @@ -13517,7 +13517,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (key) { - ret = AesSetKey_(&ctx->cipher.aes, key, ctx->keyLen, iv, + ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, iv, AES_ENCRYPTION); if (ret != 0) return ret; @@ -13542,7 +13542,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (key) { - ret = AesSetKey_(&ctx->cipher.aes, key, ctx->keyLen, NULL, + ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, NULL, ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION); } if (ret != 0) @@ -13561,7 +13561,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (key) { - ret = AesSetKey_(&ctx->cipher.aes, key, ctx->keyLen, NULL, + ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, NULL, ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION); } if (ret != 0) @@ -13580,7 +13580,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (key) { - ret = AesSetKey_(&ctx->cipher.aes, key, ctx->keyLen, NULL, + ret = AesSetKey_ex(&ctx->cipher.aes, key, ctx->keyLen, NULL, ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION); } if (ret != 0)