diff --git a/src/ssl.c b/src/ssl.c index 2c4a6706c..00f9ff081 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -37816,7 +37816,6 @@ int wolfSSL_EC_POINT_set_affine_coordinates_GFp(const WOLFSSL_EC_GROUP *group, #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ !defined(HAVE_SELFTEST) -#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) int wolfSSL_EC_POINT_add(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r, const WOLFSSL_EC_POINT *p1, const WOLFSSL_EC_POINT *p2, WOLFSSL_BN_CTX *ctx) @@ -37975,11 +37974,29 @@ int wolfSSL_EC_POINT_mul(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r, if (n) { /* load generator */ + #if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) if (wc_ecc_get_generator(result, group->curve_idx) != MP_OKAY) { WOLFSSL_MSG("wc_ecc_get_generator error"); goto cleanup; } + #else + /* wc_ecc_get_generator is not defined in the FIPS v2 module. */ + if (mp_read_radix(result->x, ecc_sets[group->curve_idx].Gx, MP_RADIX_HEX) + != MP_OKAY) { + WOLFSSL_MSG("mp_read_radix Gx error"); + goto cleanup; + } + if (mp_read_radix(result->y, ecc_sets[group->curve_idx].Gy, MP_RADIX_HEX) + != MP_OKAY) { + WOLFSSL_MSG("mp_read_radix Gy error"); + goto cleanup; + } + if (mp_set(result->z, 1) != MP_OKAY) { + WOLFSSL_MSG("mp_set Gz error"); + goto cleanup; + } + #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ } if (n && q && m) { @@ -38062,7 +38079,6 @@ cleanup: wc_ecc_del_point(tmp); return ret; } -#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ #endif /* !defined(WOLFSSL_ATECC508A) && defined(ECC_SHAMIR) && * !defined(HAVE_SELFTEST) */ diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 1d30b02ce..6c0706970 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -4720,7 +4720,8 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) } } break; -#if !defined(_WIN32) && !defined(HAVE_FIPS) +#if !defined(_WIN32) && (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \ + (HAVE_FIPS_VERSION >= 2))) case EVP_CTRL_GCM_IV_GEN: if ((ctx->flags & WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER) == 0) break; @@ -4742,6 +4743,9 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) #endif /* WOLFSSL_AESGCM_STREAM */ /* OpenSSL increments the IV. Not sure why */ IncCtr(ctx->iv, ctx->ivSz); + /* Clear any leftover AAD. */ + XMEMSET(ctx->gcmAuthIn, 0, ctx->gcmAuthInSz); + ctx->gcmAuthInSz = 0; ret = WOLFSSL_SUCCESS; break; #endif @@ -4778,7 +4782,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) WOLFSSL_ENTER("EVP_CIPHER_CTX_cleanup"); if (ctx) { #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ - (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)) #if defined(HAVE_AESGCM) && defined(WOLFSSL_AESGCM_STREAM) if ((ctx->cipherType == AES_128_GCM_TYPE) || (ctx->cipherType == AES_192_GCM_TYPE) || @@ -4786,7 +4790,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) wc_AesFree(&ctx->cipher.aes); } #endif /* HAVE_AESGCM && WOLFSSL_AESGCM_STREAM */ -#endif /* not FIPS or new FIPS */ +#endif /* not FIPS or FIPS v2+ */ ctx->cipherType = WOLFSSL_EVP_CIPH_TYPE_INIT; /* not yet initialized */ ctx->keyLen = 0; #ifdef HAVE_AESGCM @@ -5035,7 +5039,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) #endif /* WOLFSSL_AES_256 */ #endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */ #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ - (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)) #ifdef HAVE_AESGCM #ifdef WOLFSSL_AES_128 if (ctx->cipherType == AES_128_GCM_TYPE || @@ -5146,7 +5150,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) } #endif /* WOLFSSL_AES_256 */ #endif /* HAVE_AESGCM */ -#endif /*!HAVE_FIPS && !HAVE_SELFTEST ||(HAVE_FIPS_VERSION && HAVE_FIPS_VERSION > 2)*/ +#endif /* (!HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION >= 2 */ #ifdef WOLFSSL_AES_COUNTER #ifdef WOLFSSL_AES_128 if (ctx->cipherType == AES_128_CTR_TYPE || @@ -5867,6 +5871,32 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) } #endif +#if !defined(NO_AES) || !defined(NO_DES3) || defined(HAVE_IDEA) + /* returns WOLFSSL_SUCCESS on success, otherwise returns WOLFSSL_FAILURE */ + int wolfSSL_EVP_CIPHER_CTX_get_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* iv, + int ivLen) + { + int expectedIvLen; + + WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_get_iv"); + + if (ctx == NULL || iv == NULL || ivLen == 0) { + WOLFSSL_MSG("Bad parameter"); + return WOLFSSL_FAILURE; + } + + expectedIvLen = wolfSSL_EVP_CIPHER_CTX_iv_length(ctx); + if (expectedIvLen == 0 || expectedIvLen != ivLen) { + WOLFSSL_MSG("Wrong ivLen value"); + return WOLFSSL_FAILURE; + } + + XMEMCPY(iv, ctx->iv, ivLen); + + return WOLFSSL_SUCCESS; + } +#endif /* !NO_AES || !NO_DES3 || HAVE_IDEA */ + /* Return length on ok */ int wolfSSL_EVP_Cipher(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* dst, byte* src, word32 len) @@ -5874,15 +5904,24 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) int ret = 0; WOLFSSL_ENTER("wolfSSL_EVP_Cipher"); - if (ctx == NULL || src == NULL || - (dst == NULL && - ctx->cipherType != AES_128_GCM_TYPE && - ctx->cipherType != AES_192_GCM_TYPE && - ctx->cipherType != AES_256_GCM_TYPE)) { + if (ctx == NULL) { WOLFSSL_MSG("Bad function argument"); return WOLFSSL_FATAL_ERROR; } + if (src == NULL || dst == NULL) { + if (src != NULL && dst == NULL && + (ctx->cipherType == AES_128_GCM_TYPE || + ctx->cipherType == AES_192_GCM_TYPE || + ctx->cipherType == AES_256_GCM_TYPE)) { + WOLFSSL_MSG("Setting GCM AAD."); + } + else { + WOLFSSL_MSG("Bad function argument"); + return WOLFSSL_FATAL_ERROR; + } + } + if (ctx->cipherType == 0xff) { WOLFSSL_MSG("no init"); return WOLFSSL_FATAL_ERROR; @@ -5976,6 +6015,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) case AES_256_GCM_TYPE : WOLFSSL_MSG("AES GCM"); #ifndef WOLFSSL_AESGCM_STREAM + /* No destination means only AAD. */ if (!dst) { ret = wolfSSL_EVP_CipherUpdate_GCM_AAD(ctx, src, len); } @@ -6130,6 +6170,9 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type) } if (ret < 0) { + if (ret == AES_GCM_AUTH_E) { + WOLFSSL_MSG("wolfSSL_EVP_Cipher failure: bad AES-GCM tag."); + } WOLFSSL_MSG("wolfSSL_EVP_Cipher failure"); return WOLFSSL_FATAL_ERROR; } @@ -7341,7 +7384,7 @@ int wolfSSL_EVP_CIPHER_CTX_iv_length(const WOLFSSL_EVP_CIPHER_CTX* ctx) return AES_BLOCK_SIZE; #endif #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ - (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)) #ifdef HAVE_AESGCM case AES_128_GCM_TYPE : case AES_192_GCM_TYPE : @@ -7349,7 +7392,7 @@ int wolfSSL_EVP_CIPHER_CTX_iv_length(const WOLFSSL_EVP_CIPHER_CTX* ctx) WOLFSSL_MSG("AES GCM"); return GCM_NONCE_MID_SZ; #endif -#endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION > 2 */ +#endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION >= 2 */ #ifdef WOLFSSL_AES_COUNTER case AES_128_CTR_TYPE : case AES_192_CTR_TYPE : @@ -7441,7 +7484,7 @@ int wolfSSL_EVP_CIPHER_iv_length(const WOLFSSL_EVP_CIPHER* cipher) #endif #endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */ #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ - (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)) #ifdef HAVE_AESGCM #ifdef WOLFSSL_AES_128 if (XSTRNCMP(name, EVP_AES_128_GCM, XSTRLEN(EVP_AES_128_GCM)) == 0) @@ -7456,7 +7499,7 @@ int wolfSSL_EVP_CIPHER_iv_length(const WOLFSSL_EVP_CIPHER* cipher) return GCM_NONCE_MID_SZ; #endif #endif /* HAVE_AESGCM */ -#endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION > 2 */ +#endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION >= 2 */ #ifdef WOLFSSL_AES_COUNTER #ifdef WOLFSSL_AES_128 if (XSTRNCMP(name, EVP_AES_128_CTR, XSTRLEN(EVP_AES_128_CTR)) == 0) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 8324c11e1..bc7f7c4cc 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -22045,7 +22045,8 @@ static int ecc_point_test(void) 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 }; -#ifdef HAVE_COMP_KEY +#if defined(HAVE_COMP_KEY) && (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) byte derComp0[] = { 0x02, /* = Compressed, y even */ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, @@ -22215,21 +22216,19 @@ static int ecc_point_test(void) goto done; } -#ifdef HAVE_COMP_KEY +#if defined(HAVE_COMP_KEY) && (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) ret = wc_ecc_import_point_der(derComp0, sizeof(derComp0)*2-1, curve_idx, point3); if (ret != 0) { ret = -10026; goto done; } -#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) || \ - (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) ret = wc_ecc_import_point_der_ex(derComp0, sizeof(derComp0), curve_idx, point4, 0); if (ret != 0) { ret = -10027; goto done; } -#endif ret = wc_ecc_cmp_point(point3, point4); if (ret != MP_EQ) { @@ -22243,14 +22242,11 @@ static int ecc_point_test(void) goto done; } -#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) || \ - (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) ret = wc_ecc_import_point_der_ex(derComp1, sizeof(derComp1), curve_idx, point4, 0); if (ret != 0) { ret = -10030; goto done; } -#endif ret = wc_ecc_cmp_point(point3, point4); if (ret != MP_EQ) { diff --git a/wolfssl/openssl/evp.h b/wolfssl/openssl/evp.h index 2b5d99cde..112394f4b 100644 --- a/wolfssl/openssl/evp.h +++ b/wolfssl/openssl/evp.h @@ -595,6 +595,8 @@ WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_set_iv_length(WOLFSSL_EVP_CIPHER_CTX* ct int ivLen); WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_set_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* iv, int ivLen); +WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_get_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* iv, + int ivLen); WOLFSSL_API int wolfSSL_EVP_Cipher(WOLFSSL_EVP_CIPHER_CTX* ctx, unsigned char* dst, unsigned char* src, unsigned int len); @@ -977,6 +979,7 @@ typedef WOLFSSL_ASN1_PCTX ASN1_PCTX; #define EVP_CIPHER_CTX_set_padding wolfSSL_EVP_CIPHER_CTX_set_padding #define EVP_CIPHER_CTX_flags wolfSSL_EVP_CIPHER_CTX_flags #define EVP_CIPHER_CTX_set_iv wolfSSL_EVP_CIPHER_CTX_set_iv +#define EVP_CIPHER_CTX_get_iv wolfSSL_EVP_CIPHER_CTX_get_iv #define EVP_add_digest wolfSSL_EVP_add_digest #define EVP_add_cipher wolfSSL_EVP_add_cipher #define EVP_cleanup wolfSSL_EVP_cleanup