feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Make several changes to support OpenSSH 8.5p1.

Browse Source 
- Permit more wolfSSL_EC_POINT_* functions for FIPS builds. This requires one
workaround in wolfSSL_EC_POINT_mul where wc_ecc_get_generator isn't available.
- Permit more AES-GCM code in EVP code for FIPS v2 builds. It's unclear why this
code wasn't already available.
- Add EVP_CIPHER_CTX_get_iv to the compatibility layer.
- Clear any existing AAD in the EVP_CIPHER_CTX for AES-GCM when we receive the
EVP_CTRL_GCM_IV_GEN control command. OpenSSL does this, and OpenSSH is relying
on this behavior to use AES-GCM correctly.
- Modify ecc_point_test in testwolfcrypt so that it doesn't fail when doing a
FIPS build with HAVE_COMP_KEY defined.
This commit is contained in:
Hayden Roche
2021-10-19 14:21:30 -07:00
parent e5caf5124c
commit 864f913454
4 changed files with 82 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
src/ssl.c
View File

@@ -37816,7 +37816,6 @@ int wolfSSL_EC_POINT_set_affine_coordinates_GFp(const WOLFSSL_EC_GROUP *group,
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ #if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(HAVE_SELFTEST) !defined(HAVE_SELFTEST)
#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
int wolfSSL_EC_POINT_add(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r, int wolfSSL_EC_POINT_add(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r,
const WOLFSSL_EC_POINT *p1, const WOLFSSL_EC_POINT *p1,
const WOLFSSL_EC_POINT *p2, WOLFSSL_BN_CTX *ctx) const WOLFSSL_EC_POINT *p2, WOLFSSL_BN_CTX *ctx)
@@ -37975,11 +37974,29 @@ int wolfSSL_EC_POINT_mul(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r,
if (n) { if (n) {
/* load generator */ /* load generator */
#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
if (wc_ecc_get_generator(result, group->curve_idx) if (wc_ecc_get_generator(result, group->curve_idx)
!= MP_OKAY) { != MP_OKAY) {
WOLFSSL_MSG("wc_ecc_get_generator error"); WOLFSSL_MSG("wc_ecc_get_generator error");
goto cleanup; goto cleanup;
} }
#else
/* wc_ecc_get_generator is not defined in the FIPS v2 module. */
if (mp_read_radix(result->x, ecc_sets[group->curve_idx].Gx, MP_RADIX_HEX)
!= MP_OKAY) {
WOLFSSL_MSG("mp_read_radix Gx error");
goto cleanup;
}
if (mp_read_radix(result->y, ecc_sets[group->curve_idx].Gy, MP_RADIX_HEX)
!= MP_OKAY) {
WOLFSSL_MSG("mp_read_radix Gy error");
goto cleanup;
}
if (mp_set(result->z, 1) != MP_OKAY) {
WOLFSSL_MSG("mp_set Gz error");
goto cleanup;
}
#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
} }
if (n && q && m) { if (n && q && m) {
@@ -38062,7 +38079,6 @@ cleanup:
wc_ecc_del_point(tmp); wc_ecc_del_point(tmp);
return ret; return ret;
} }
#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
#endif /* !defined(WOLFSSL_ATECC508A) && defined(ECC_SHAMIR) && #endif /* !defined(WOLFSSL_ATECC508A) && defined(ECC_SHAMIR) &&
* !defined(HAVE_SELFTEST) */ * !defined(HAVE_SELFTEST) */

71
wolfcrypt/src/evp.c
View File

@@ -4720,7 +4720,8 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
} }
} }
break; break;
#if !defined(_WIN32) && !defined(HAVE_FIPS) #if !defined(_WIN32) && (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
(HAVE_FIPS_VERSION >= 2)))
case EVP_CTRL_GCM_IV_GEN: case EVP_CTRL_GCM_IV_GEN:
if ((ctx->flags & WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER) == 0) if ((ctx->flags & WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER) == 0)
break; break;
@@ -4742,6 +4743,9 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
#endif /* WOLFSSL_AESGCM_STREAM */ #endif /* WOLFSSL_AESGCM_STREAM */
/* OpenSSL increments the IV. Not sure why */ /* OpenSSL increments the IV. Not sure why */
IncCtr(ctx->iv, ctx->ivSz); IncCtr(ctx->iv, ctx->ivSz);
/* Clear any leftover AAD. */
XMEMSET(ctx->gcmAuthIn, 0, ctx->gcmAuthInSz);
ctx->gcmAuthInSz = 0;
ret = WOLFSSL_SUCCESS; ret = WOLFSSL_SUCCESS;
break; break;
#endif #endif
@@ -4778,7 +4782,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
WOLFSSL_ENTER("EVP_CIPHER_CTX_cleanup"); WOLFSSL_ENTER("EVP_CIPHER_CTX_cleanup");
if (ctx) { if (ctx) {
#if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
#if defined(HAVE_AESGCM) && defined(WOLFSSL_AESGCM_STREAM) #if defined(HAVE_AESGCM) && defined(WOLFSSL_AESGCM_STREAM)
if ((ctx->cipherType == AES_128_GCM_TYPE) || if ((ctx->cipherType == AES_128_GCM_TYPE) ||
(ctx->cipherType == AES_192_GCM_TYPE) || (ctx->cipherType == AES_192_GCM_TYPE) ||
@@ -4786,7 +4790,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
wc_AesFree(&ctx->cipher.aes); wc_AesFree(&ctx->cipher.aes);
} }
#endif /* HAVE_AESGCM && WOLFSSL_AESGCM_STREAM */ #endif /* HAVE_AESGCM && WOLFSSL_AESGCM_STREAM */
#endif /* not FIPS or new FIPS */ #endif /* not FIPS or FIPS v2+ */
ctx->cipherType = WOLFSSL_EVP_CIPH_TYPE_INIT; /* not yet initialized */ ctx->cipherType = WOLFSSL_EVP_CIPH_TYPE_INIT; /* not yet initialized */
ctx->keyLen = 0; ctx->keyLen = 0;
#ifdef HAVE_AESGCM #ifdef HAVE_AESGCM
@@ -5035,7 +5039,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
#endif /* WOLFSSL_AES_256 */ #endif /* WOLFSSL_AES_256 */
#endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */ #endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */
#if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
#ifdef HAVE_AESGCM #ifdef HAVE_AESGCM
#ifdef WOLFSSL_AES_128 #ifdef WOLFSSL_AES_128
if (ctx->cipherType == AES_128_GCM_TYPE || if (ctx->cipherType == AES_128_GCM_TYPE ||
@@ -5146,7 +5150,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
} }
#endif /* WOLFSSL_AES_256 */ #endif /* WOLFSSL_AES_256 */
#endif /* HAVE_AESGCM */ #endif /* HAVE_AESGCM */
#endif /*!HAVE_FIPS && !HAVE_SELFTEST ||(HAVE_FIPS_VERSION && HAVE_FIPS_VERSION > 2)*/ #endif /* (!HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION >= 2 */
#ifdef WOLFSSL_AES_COUNTER #ifdef WOLFSSL_AES_COUNTER
#ifdef WOLFSSL_AES_128 #ifdef WOLFSSL_AES_128
if (ctx->cipherType == AES_128_CTR_TYPE || if (ctx->cipherType == AES_128_CTR_TYPE ||
@@ -5867,6 +5871,32 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
} }
#endif #endif
#if !defined(NO_AES) || !defined(NO_DES3) || defined(HAVE_IDEA)
/* returns WOLFSSL_SUCCESS on success, otherwise returns WOLFSSL_FAILURE */
int wolfSSL_EVP_CIPHER_CTX_get_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* iv,
int ivLen)
{
int expectedIvLen;
WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_get_iv");
if (ctx == NULL || iv == NULL || ivLen == 0) {
WOLFSSL_MSG("Bad parameter");
return WOLFSSL_FAILURE;
}
expectedIvLen = wolfSSL_EVP_CIPHER_CTX_iv_length(ctx);
if (expectedIvLen == 0 || expectedIvLen != ivLen) {
WOLFSSL_MSG("Wrong ivLen value");
return WOLFSSL_FAILURE;
}
XMEMCPY(iv, ctx->iv, ivLen);
return WOLFSSL_SUCCESS;
}
#endif /* !NO_AES || !NO_DES3 || HAVE_IDEA */
/* Return length on ok */ /* Return length on ok */
int wolfSSL_EVP_Cipher(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* dst, byte* src, int wolfSSL_EVP_Cipher(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* dst, byte* src,
word32 len) word32 len)
@@ -5874,15 +5904,24 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
int ret = 0; int ret = 0;
WOLFSSL_ENTER("wolfSSL_EVP_Cipher"); WOLFSSL_ENTER("wolfSSL_EVP_Cipher");
if (ctx == NULL || src == NULL || if (ctx == NULL) {
(dst == NULL &&
ctx->cipherType != AES_128_GCM_TYPE &&
ctx->cipherType != AES_192_GCM_TYPE &&
ctx->cipherType != AES_256_GCM_TYPE)) {
WOLFSSL_MSG("Bad function argument"); WOLFSSL_MSG("Bad function argument");
return WOLFSSL_FATAL_ERROR; return WOLFSSL_FATAL_ERROR;
} }
if (src == NULL || dst == NULL) {
if (src != NULL && dst == NULL &&
(ctx->cipherType == AES_128_GCM_TYPE ||
ctx->cipherType == AES_192_GCM_TYPE ||
ctx->cipherType == AES_256_GCM_TYPE)) {
WOLFSSL_MSG("Setting GCM AAD.");
}
else {
WOLFSSL_MSG("Bad function argument");
return WOLFSSL_FATAL_ERROR;
}
}
if (ctx->cipherType == 0xff) { if (ctx->cipherType == 0xff) {
WOLFSSL_MSG("no init"); WOLFSSL_MSG("no init");
return WOLFSSL_FATAL_ERROR; return WOLFSSL_FATAL_ERROR;
@@ -5976,6 +6015,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
case AES_256_GCM_TYPE : case AES_256_GCM_TYPE :
WOLFSSL_MSG("AES GCM"); WOLFSSL_MSG("AES GCM");
#ifndef WOLFSSL_AESGCM_STREAM #ifndef WOLFSSL_AESGCM_STREAM
/* No destination means only AAD. */
if (!dst) { if (!dst) {
ret = wolfSSL_EVP_CipherUpdate_GCM_AAD(ctx, src, len); ret = wolfSSL_EVP_CipherUpdate_GCM_AAD(ctx, src, len);
} }
@@ -6130,6 +6170,9 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
} }
if (ret < 0) { if (ret < 0) {
if (ret == AES_GCM_AUTH_E) {
WOLFSSL_MSG("wolfSSL_EVP_Cipher failure: bad AES-GCM tag.");
}
WOLFSSL_MSG("wolfSSL_EVP_Cipher failure"); WOLFSSL_MSG("wolfSSL_EVP_Cipher failure");
return WOLFSSL_FATAL_ERROR; return WOLFSSL_FATAL_ERROR;
} }
@@ -7341,7 +7384,7 @@ int wolfSSL_EVP_CIPHER_CTX_iv_length(const WOLFSSL_EVP_CIPHER_CTX* ctx)
return AES_BLOCK_SIZE; return AES_BLOCK_SIZE;
#endif #endif
#if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
#ifdef HAVE_AESGCM #ifdef HAVE_AESGCM
case AES_128_GCM_TYPE : case AES_128_GCM_TYPE :
case AES_192_GCM_TYPE : case AES_192_GCM_TYPE :
@@ -7349,7 +7392,7 @@ int wolfSSL_EVP_CIPHER_CTX_iv_length(const WOLFSSL_EVP_CIPHER_CTX* ctx)
WOLFSSL_MSG("AES GCM"); WOLFSSL_MSG("AES GCM");
return GCM_NONCE_MID_SZ; return GCM_NONCE_MID_SZ;
#endif #endif
#endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION > 2 */ #endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION >= 2 */
#ifdef WOLFSSL_AES_COUNTER #ifdef WOLFSSL_AES_COUNTER
case AES_128_CTR_TYPE : case AES_128_CTR_TYPE :
case AES_192_CTR_TYPE : case AES_192_CTR_TYPE :
@@ -7441,7 +7484,7 @@ int wolfSSL_EVP_CIPHER_iv_length(const WOLFSSL_EVP_CIPHER* cipher)
#endif #endif
#endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */ #endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */
#if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
#ifdef HAVE_AESGCM #ifdef HAVE_AESGCM
#ifdef WOLFSSL_AES_128 #ifdef WOLFSSL_AES_128
if (XSTRNCMP(name, EVP_AES_128_GCM, XSTRLEN(EVP_AES_128_GCM)) == 0) if (XSTRNCMP(name, EVP_AES_128_GCM, XSTRLEN(EVP_AES_128_GCM)) == 0)
@@ -7456,7 +7499,7 @@ int wolfSSL_EVP_CIPHER_iv_length(const WOLFSSL_EVP_CIPHER* cipher)
return GCM_NONCE_MID_SZ; return GCM_NONCE_MID_SZ;
#endif #endif
#endif /* HAVE_AESGCM */ #endif /* HAVE_AESGCM */
#endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION > 2 */ #endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION >= 2 */
#ifdef WOLFSSL_AES_COUNTER #ifdef WOLFSSL_AES_COUNTER
#ifdef WOLFSSL_AES_128 #ifdef WOLFSSL_AES_128
if (XSTRNCMP(name, EVP_AES_128_CTR, XSTRLEN(EVP_AES_128_CTR)) == 0) if (XSTRNCMP(name, EVP_AES_128_CTR, XSTRLEN(EVP_AES_128_CTR)) == 0)

12
wolfcrypt/test/test.c
View File

@@ -22045,7 +22045,8 @@ static int ecc_point_test(void)
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 }; 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 };
#ifdef HAVE_COMP_KEY #if defined(HAVE_COMP_KEY) && (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
byte derComp0[] = { 0x02, /* = Compressed, y even */ byte derComp0[] = { 0x02, /* = Compressed, y even */
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
@@ -22215,21 +22216,19 @@ static int ecc_point_test(void)
goto done; goto done;
} }
#ifdef HAVE_COMP_KEY #if defined(HAVE_COMP_KEY) && (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
ret = wc_ecc_import_point_der(derComp0, sizeof(derComp0)*2-1, curve_idx, point3); ret = wc_ecc_import_point_der(derComp0, sizeof(derComp0)*2-1, curve_idx, point3);
if (ret != 0) { if (ret != 0) {
ret = -10026; ret = -10026;
goto done; goto done;
} }
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
ret = wc_ecc_import_point_der_ex(derComp0, sizeof(derComp0), curve_idx, point4, 0); ret = wc_ecc_import_point_der_ex(derComp0, sizeof(derComp0), curve_idx, point4, 0);
if (ret != 0) { if (ret != 0) {
ret = -10027; ret = -10027;
goto done; goto done;
} }
#endif
ret = wc_ecc_cmp_point(point3, point4); ret = wc_ecc_cmp_point(point3, point4);
if (ret != MP_EQ) { if (ret != MP_EQ) {
@@ -22243,14 +22242,11 @@ static int ecc_point_test(void)
goto done; goto done;
} }
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
ret = wc_ecc_import_point_der_ex(derComp1, sizeof(derComp1), curve_idx, point4, 0); ret = wc_ecc_import_point_der_ex(derComp1, sizeof(derComp1), curve_idx, point4, 0);
if (ret != 0) { if (ret != 0) {
ret = -10030; ret = -10030;
goto done; goto done;
} }
#endif
ret = wc_ecc_cmp_point(point3, point4); ret = wc_ecc_cmp_point(point3, point4);
if (ret != MP_EQ) { if (ret != MP_EQ) {

3
wolfssl/openssl/evp.h
View File

@@ -595,6 +595,8 @@ WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_set_iv_length(WOLFSSL_EVP_CIPHER_CTX* ct
int ivLen); int ivLen);
WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_set_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* iv, WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_set_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* iv,
int ivLen); int ivLen);
WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_get_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* iv,
int ivLen);
WOLFSSL_API int wolfSSL_EVP_Cipher(WOLFSSL_EVP_CIPHER_CTX* ctx, WOLFSSL_API int wolfSSL_EVP_Cipher(WOLFSSL_EVP_CIPHER_CTX* ctx,
unsigned char* dst, unsigned char* src, unsigned char* dst, unsigned char* src,
unsigned int len); unsigned int len);
@@ -977,6 +979,7 @@ typedef WOLFSSL_ASN1_PCTX ASN1_PCTX;
#define EVP_CIPHER_CTX_set_padding wolfSSL_EVP_CIPHER_CTX_set_padding #define EVP_CIPHER_CTX_set_padding wolfSSL_EVP_CIPHER_CTX_set_padding
#define EVP_CIPHER_CTX_flags wolfSSL_EVP_CIPHER_CTX_flags #define EVP_CIPHER_CTX_flags wolfSSL_EVP_CIPHER_CTX_flags
#define EVP_CIPHER_CTX_set_iv wolfSSL_EVP_CIPHER_CTX_set_iv #define EVP_CIPHER_CTX_set_iv wolfSSL_EVP_CIPHER_CTX_set_iv
#define EVP_CIPHER_CTX_get_iv wolfSSL_EVP_CIPHER_CTX_get_iv
#define EVP_add_digest wolfSSL_EVP_add_digest #define EVP_add_digest wolfSSL_EVP_add_digest
#define EVP_add_cipher wolfSSL_EVP_add_cipher #define EVP_add_cipher wolfSSL_EVP_add_cipher
#define EVP_cleanup wolfSSL_EVP_cleanup #define EVP_cleanup wolfSSL_EVP_cleanup