From 8c5d958a8b3005a8ea6efd77640fe7e8fd6ed64a Mon Sep 17 00:00:00 2001 From: toddouska Date: Mon, 24 Mar 2014 14:01:36 -0700 Subject: [PATCH] add Aes SetIV fips mode --- cyassl/ctaocrypt/aes.h | 2 ++ mcapi/crypto.c | 4 +--- src/ssl.c | 42 ++++++++++++++++++++++++++++++------------ 3 files changed, 33 insertions(+), 15 deletions(-) diff --git a/cyassl/ctaocrypt/aes.h b/cyassl/ctaocrypt/aes.h index 5c6323e08..0d06675ae 100644 --- a/cyassl/ctaocrypt/aes.h +++ b/cyassl/ctaocrypt/aes.h @@ -154,6 +154,7 @@ CYASSL_API int AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz, /* fips wrapper calls, user can call direct */ CYASSL_API int AesSetKey_fips(Aes* aes, const byte* key, word32 len, const byte* iv, int dir); + CYASSL_API int AesSetIV_fips(Aes* aes, const byte* iv); CYASSL_API int AesCbcEncrypt_fips(Aes* aes, byte* out, const byte* in, word32 sz); CYASSL_API int AesCbcDecrypt_fips(Aes* aes, byte* out, const byte* in, @@ -161,6 +162,7 @@ CYASSL_API int AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz, #ifndef FIPS_NO_WRAPPERS /* if not impl or fips.c impl wrapper force fips calls if fips build */ #define AesSetKey AesSetKey_fips + #define AesSetIV AesSetIV_fips #define AesCbcEncrypt AesCbcEncrypt_fips #define AesCbcDecrypt AesCbcDecrypt_fips #endif /* FIPS_NO_WRAPPERS */ diff --git a/mcapi/crypto.c b/mcapi/crypto.c index 46443bbec..1557ac93e 100644 --- a/mcapi/crypto.c +++ b/mcapi/crypto.c @@ -416,9 +416,7 @@ int CRYPT_AES_IvSet(CRYPT_AES_CTX* aes, const unsigned char* iv) if (aes == NULL || iv == NULL) return BAD_FUNC_ARG; - AesSetIV((Aes*)aes, iv); - - return 0; + return AesSetIV((Aes*)aes, iv); } diff --git a/src/ssl.c b/src/ssl.c index 0b29bb1d2..1db78f8e5 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -6765,8 +6765,11 @@ int CyaSSL_set_compression(CYASSL* ssl) if (ret != 0) return ret; } - if (iv && key == NULL) - AesSetIV(&ctx->cipher.aes, iv); + if (iv && key == NULL) { + ret = AesSetIV(&ctx->cipher.aes, iv); + if (ret != 0) + return ret; + } } else if (ctx->cipherType == AES_192_CBC_TYPE || (type && XSTRNCMP(type, "AES192-CBC", 10) == 0)) { @@ -6781,8 +6784,11 @@ int CyaSSL_set_compression(CYASSL* ssl) if (ret != 0) return ret; } - if (iv && key == NULL) - AesSetIV(&ctx->cipher.aes, iv); + if (iv && key == NULL) { + ret = AesSetIV(&ctx->cipher.aes, iv); + if (ret != 0) + return ret; + } } else if (ctx->cipherType == AES_256_CBC_TYPE || (type && XSTRNCMP(type, "AES256-CBC", 10) == 0)) { @@ -6797,8 +6803,11 @@ int CyaSSL_set_compression(CYASSL* ssl) if (ret != 0) return ret; } - if (iv && key == NULL) - AesSetIV(&ctx->cipher.aes, iv); + if (iv && key == NULL) { + ret = AesSetIV(&ctx->cipher.aes, iv); + if (ret != 0) + return ret; + } } #ifdef CYASSL_AES_COUNTER else if (ctx->cipherType == AES_128_CTR_TYPE || (type && @@ -6814,8 +6823,11 @@ int CyaSSL_set_compression(CYASSL* ssl) if (ret != 0) return ret; } - if (iv && key == NULL) - AesSetIV(&ctx->cipher.aes, iv); + if (iv && key == NULL) { + ret = AesSetIV(&ctx->cipher.aes, iv); + if (ret != 0) + return ret; + } } else if (ctx->cipherType == AES_192_CTR_TYPE || (type && XSTRNCMP(type, "AES192-CTR", 10) == 0)) { @@ -6830,8 +6842,11 @@ int CyaSSL_set_compression(CYASSL* ssl) if (ret != 0) return ret; } - if (iv && key == NULL) - AesSetIV(&ctx->cipher.aes, iv); + if (iv && key == NULL) { + ret = AesSetIV(&ctx->cipher.aes, iv); + if (ret != 0) + return ret; + } } else if (ctx->cipherType == AES_256_CTR_TYPE || (type && XSTRNCMP(type, "AES256-CTR", 10) == 0)) { @@ -6846,8 +6861,11 @@ int CyaSSL_set_compression(CYASSL* ssl) if (ret != 0) return ret; } - if (iv && key == NULL) - AesSetIV(&ctx->cipher.aes, iv); + if (iv && key == NULL) { + ret = AesSetIV(&ctx->cipher.aes, iv); + if (ret != 0) + return ret; + } } #endif /* CYASSL_AES_CTR */ else if (ctx->cipherType == DES_CBC_TYPE || (type &&