feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Make several changes to support OpenSSH 8.5p1.

Browse Source 
- Permit more wolfSSL_EC_POINT_* functions for FIPS builds. This requires one
workaround in wolfSSL_EC_POINT_mul where wc_ecc_get_generator isn't available.
- Permit more AES-GCM code in EVP code for FIPS v2 builds. It's unclear why this
code wasn't already available.
- Add EVP_CIPHER_CTX_get_iv to the compatibility layer.
- Clear any existing AAD in the EVP_CIPHER_CTX for AES-GCM when we receive the
EVP_CTRL_GCM_IV_GEN control command. OpenSSL does this, and OpenSSH is relying
on this behavior to use AES-GCM correctly.
- Modify ecc_point_test in testwolfcrypt so that it doesn't fail when doing a
FIPS build with HAVE_COMP_KEY defined.
This commit is contained in:
Hayden Roche
2021-10-19 14:21:30 -07:00
parent e5caf5124c
commit 864f913454
4 changed files with 82 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
src/ssl.c
View File

@ -37816,7 +37816,6 @@ int wolfSSL_EC_POINT_set_affine_coordinates_GFp(const WOLFSSL_EC_GROUP *group,
#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \
!defined(HAVE_SELFTEST)
#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
int wolfSSL_EC_POINT_add(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r,
const WOLFSSL_EC_POINT *p1,
const WOLFSSL_EC_POINT *p2, WOLFSSL_BN_CTX *ctx)
@ -37975,11 +37974,29 @@ int wolfSSL_EC_POINT_mul(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r,
if (n) {
/* load generator */
#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))
if (wc_ecc_get_generator(result, group->curve_idx)
!= MP_OKAY) {
WOLFSSL_MSG("wc_ecc_get_generator error");
goto cleanup;
}
#else
/* wc_ecc_get_generator is not defined in the FIPS v2 module. */
if (mp_read_radix(result->x, ecc_sets[group->curve_idx].Gx, MP_RADIX_HEX)
!= MP_OKAY) {
WOLFSSL_MSG("mp_read_radix Gx error");
goto cleanup;
}
if (mp_read_radix(result->y, ecc_sets[group->curve_idx].Gy, MP_RADIX_HEX)
!= MP_OKAY) {
WOLFSSL_MSG("mp_read_radix Gy error");
goto cleanup;
}
if (mp_set(result->z, 1) != MP_OKAY) {
WOLFSSL_MSG("mp_set Gz error");
goto cleanup;
}
#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
}
if (n && q && m) {
@ -38062,7 +38079,6 @@ cleanup:
wc_ecc_del_point(tmp);
return ret;
}
#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */
#endif /* !defined(WOLFSSL_ATECC508A) && defined(ECC_SHAMIR) &&
* !defined(HAVE_SELFTEST) */

71
wolfcrypt/src/evp.c
View File

@ -4720,7 +4720,8 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
}
}
break;
#if !defined(_WIN32) && !defined(HAVE_FIPS)
#if !defined(_WIN32) && (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
(HAVE_FIPS_VERSION >= 2)))
case EVP_CTRL_GCM_IV_GEN:
if ((ctx->flags & WOLFSSL_EVP_CIPH_FLAG_AEAD_CIPHER) == 0)
break;
@ -4742,6 +4743,9 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
#endif /* WOLFSSL_AESGCM_STREAM */
/* OpenSSL increments the IV. Not sure why */
IncCtr(ctx->iv, ctx->ivSz);
/* Clear any leftover AAD. */
XMEMSET(ctx->gcmAuthIn, 0, ctx->gcmAuthInSz);
ctx->gcmAuthInSz = 0;
ret = WOLFSSL_SUCCESS;
break;
#endif
@ -4778,7 +4782,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
WOLFSSL_ENTER("EVP_CIPHER_CTX_cleanup");
if (ctx) {
#if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
#if defined(HAVE_AESGCM) && defined(WOLFSSL_AESGCM_STREAM)
if ((ctx->cipherType == AES_128_GCM_TYPE) ||
(ctx->cipherType == AES_192_GCM_TYPE) ||
@ -4786,7 +4790,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
wc_AesFree(&ctx->cipher.aes);
}
#endif /* HAVE_AESGCM && WOLFSSL_AESGCM_STREAM */
#endif /* not FIPS or new FIPS */
#endif /* not FIPS or FIPS v2+ */
ctx->cipherType = WOLFSSL_EVP_CIPH_TYPE_INIT; /* not yet initialized */
ctx->keyLen = 0;
#ifdef HAVE_AESGCM
@ -5035,7 +5039,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
#endif /* WOLFSSL_AES_256 */
#endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */
#if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
#ifdef HAVE_AESGCM
#ifdef WOLFSSL_AES_128
if (ctx->cipherType == AES_128_GCM_TYPE ||
@ -5146,7 +5150,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
}
#endif /* WOLFSSL_AES_256 */
#endif /* HAVE_AESGCM */
#endif /*!HAVE_FIPS && !HAVE_SELFTEST ||(HAVE_FIPS_VERSION && HAVE_FIPS_VERSION > 2)*/
#endif /* (!HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION >= 2 */
#ifdef WOLFSSL_AES_COUNTER
#ifdef WOLFSSL_AES_128
if (ctx->cipherType == AES_128_CTR_TYPE ||
@ -5867,6 +5871,32 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
}
#endif
#if !defined(NO_AES) || !defined(NO_DES3) || defined(HAVE_IDEA)
/* returns WOLFSSL_SUCCESS on success, otherwise returns WOLFSSL_FAILURE */
int wolfSSL_EVP_CIPHER_CTX_get_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* iv,
int ivLen)
{
int expectedIvLen;
WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_get_iv");
if (ctx == NULL || iv == NULL || ivLen == 0) {
WOLFSSL_MSG("Bad parameter");
return WOLFSSL_FAILURE;
}
expectedIvLen = wolfSSL_EVP_CIPHER_CTX_iv_length(ctx);
if (expectedIvLen == 0 || expectedIvLen != ivLen) {
WOLFSSL_MSG("Wrong ivLen value");
return WOLFSSL_FAILURE;
}
XMEMCPY(iv, ctx->iv, ivLen);
return WOLFSSL_SUCCESS;
}
#endif /* !NO_AES || !NO_DES3 || HAVE_IDEA */
/* Return length on ok */
int wolfSSL_EVP_Cipher(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* dst, byte* src,
word32 len)
@ -5874,15 +5904,24 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
int ret = 0;
WOLFSSL_ENTER("wolfSSL_EVP_Cipher");
if (ctx == NULL || src == NULL ||
(dst == NULL &&
ctx->cipherType != AES_128_GCM_TYPE &&
ctx->cipherType != AES_192_GCM_TYPE &&
ctx->cipherType != AES_256_GCM_TYPE)) {
if (ctx == NULL) {
WOLFSSL_MSG("Bad function argument");
return WOLFSSL_FATAL_ERROR;
}
if (src == NULL || dst == NULL) {
if (src != NULL && dst == NULL &&
(ctx->cipherType == AES_128_GCM_TYPE ||
ctx->cipherType == AES_192_GCM_TYPE ||
ctx->cipherType == AES_256_GCM_TYPE)) {
WOLFSSL_MSG("Setting GCM AAD.");
}
else {
WOLFSSL_MSG("Bad function argument");
return WOLFSSL_FATAL_ERROR;
}
}
if (ctx->cipherType == 0xff) {
WOLFSSL_MSG("no init");
return WOLFSSL_FATAL_ERROR;
@ -5976,6 +6015,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
case AES_256_GCM_TYPE :
WOLFSSL_MSG("AES GCM");
#ifndef WOLFSSL_AESGCM_STREAM
/* No destination means only AAD. */
if (!dst) {
ret = wolfSSL_EVP_CipherUpdate_GCM_AAD(ctx, src, len);
}
@ -6130,6 +6170,9 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
}
if (ret < 0) {
if (ret == AES_GCM_AUTH_E) {
WOLFSSL_MSG("wolfSSL_EVP_Cipher failure: bad AES-GCM tag.");
}
WOLFSSL_MSG("wolfSSL_EVP_Cipher failure");
return WOLFSSL_FATAL_ERROR;
}
@ -7341,7 +7384,7 @@ int wolfSSL_EVP_CIPHER_CTX_iv_length(const WOLFSSL_EVP_CIPHER_CTX* ctx)
return AES_BLOCK_SIZE;
#endif
#if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
#ifdef HAVE_AESGCM
case AES_128_GCM_TYPE :
case AES_192_GCM_TYPE :
@ -7349,7 +7392,7 @@ int wolfSSL_EVP_CIPHER_CTX_iv_length(const WOLFSSL_EVP_CIPHER_CTX* ctx)
WOLFSSL_MSG("AES GCM");
return GCM_NONCE_MID_SZ;
#endif
#endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION > 2 */
#endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION >= 2 */
#ifdef WOLFSSL_AES_COUNTER
case AES_128_CTR_TYPE :
case AES_192_CTR_TYPE :
@ -7441,7 +7484,7 @@ int wolfSSL_EVP_CIPHER_iv_length(const WOLFSSL_EVP_CIPHER* cipher)
#endif
#endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */
#if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))
#ifdef HAVE_AESGCM
#ifdef WOLFSSL_AES_128
if (XSTRNCMP(name, EVP_AES_128_GCM, XSTRLEN(EVP_AES_128_GCM)) == 0)
@ -7456,7 +7499,7 @@ int wolfSSL_EVP_CIPHER_iv_length(const WOLFSSL_EVP_CIPHER* cipher)
return GCM_NONCE_MID_SZ;
#endif
#endif /* HAVE_AESGCM */
#endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION > 2 */
#endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION >= 2 */
#ifdef WOLFSSL_AES_COUNTER
#ifdef WOLFSSL_AES_128
if (XSTRNCMP(name, EVP_AES_128_CTR, XSTRLEN(EVP_AES_128_CTR)) == 0)

12
wolfcrypt/test/test.c
View File

@ -22045,7 +22045,8 @@ static int ecc_point_test(void)
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 };
#ifdef HAVE_COMP_KEY
#if defined(HAVE_COMP_KEY) && (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
byte derComp0[] = { 0x02, /* = Compressed, y even */
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
@ -22215,21 +22216,19 @@ static int ecc_point_test(void)
goto done;
}
#ifdef HAVE_COMP_KEY
#if defined(HAVE_COMP_KEY) && (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))
ret = wc_ecc_import_point_der(derComp0, sizeof(derComp0)*2-1, curve_idx, point3);
if (ret != 0) {
ret = -10026;
goto done;
}
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
ret = wc_ecc_import_point_der_ex(derComp0, sizeof(derComp0), curve_idx, point4, 0);
if (ret != 0) {
ret = -10027;
goto done;
}
#endif
ret = wc_ecc_cmp_point(point3, point4);
if (ret != MP_EQ) {
@ -22243,14 +22242,11 @@ static int ecc_point_test(void)
goto done;
}
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
ret = wc_ecc_import_point_der_ex(derComp1, sizeof(derComp1), curve_idx, point4, 0);
if (ret != 0) {
ret = -10030;
goto done;
}
#endif
ret = wc_ecc_cmp_point(point3, point4);
if (ret != MP_EQ) {

3
wolfssl/openssl/evp.h
View File

@ -595,6 +595,8 @@ WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_set_iv_length(WOLFSSL_EVP_CIPHER_CTX* ct
int ivLen);
WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_set_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* iv,
int ivLen);
WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_get_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* iv,
int ivLen);
WOLFSSL_API int wolfSSL_EVP_Cipher(WOLFSSL_EVP_CIPHER_CTX* ctx,
unsigned char* dst, unsigned char* src,
unsigned int len);
@ -977,6 +979,7 @@ typedef WOLFSSL_ASN1_PCTX ASN1_PCTX;
#define EVP_CIPHER_CTX_set_padding wolfSSL_EVP_CIPHER_CTX_set_padding
#define EVP_CIPHER_CTX_flags wolfSSL_EVP_CIPHER_CTX_flags
#define EVP_CIPHER_CTX_set_iv wolfSSL_EVP_CIPHER_CTX_set_iv
#define EVP_CIPHER_CTX_get_iv wolfSSL_EVP_CIPHER_CTX_get_iv
#define EVP_add_digest wolfSSL_EVP_add_digest
#define EVP_add_cipher wolfSSL_EVP_add_cipher
#define EVP_cleanup wolfSSL_EVP_cleanup