feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Fix dead code warnings in evpCipherBlock and wc_CryptKey

Browse Source
This commit is contained in:
Eric Blankenhorn
2022-08-03 08:08:00 -05:00
parent da422eb422
commit f713c75a73
2 changed files with 200 additions and 266 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
wolfcrypt/src/evp.c
View File

@ -542,17 +542,14 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx,
break;
#endif
default:
return WOLFSSL_FAILURE;
ret = WOLFSSL_FAILURE;
}
if (ret != 0)
return WOLFSSL_FAILURE; /* failure */
(void)in;
(void)inl;
(void)out;
return WOLFSSL_SUCCESS; /* success */
return (ret == 0) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
}
#if defined(HAVE_AESGCM)

459
wolfcrypt/src/wc_encrypt.c
View File

@ -395,7 +395,7 @@ int wc_CryptKey(const char* password, int passwordSz, byte* salt,
int derivedLen = 0;
int ret = 0;
#ifdef WOLFSSL_SMALL_STACK
byte* key;
byte* key = NULL;
#else
byte key[PKCS_MAX_KEY_SIZE];
#endif
@ -481,284 +481,221 @@ int wc_CryptKey(const char* password, int passwordSz, byte* salt,
default:
WOLFSSL_MSG("Unknown/Unsupported encrypt/decrypt id");
(void)shaOid;
return ALGO_ID_E;
ret = ALGO_ID_E;
}
#ifdef WOLFSSL_SMALL_STACK
key = (byte*)XMALLOC(PKCS_MAX_KEY_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (key == NULL)
return MEMORY_E;
#endif
#ifdef WOLFSSL_CHECK_MEM_ZERO
wc_MemZero_Add("wc_CryptKey key", key, PKCS_MAX_KEY_SIZE);
#endif
switch (version) {
#ifndef NO_HMAC
case PKCS5v2:
ret = wc_PBKDF2(key, (byte*)password, passwordSz,
salt, saltSz, iterations, derivedLen, typeH);
break;
#endif
#ifndef NO_SHA
case PKCS5:
ret = wc_PBKDF1(key, (byte*)password, passwordSz,
salt, saltSz, iterations, derivedLen, typeH);
break;
#endif
#ifdef HAVE_PKCS12
case PKCS12v1:
{
int i, idx = 0;
byte unicodePasswd[MAX_UNICODE_SZ];
if ( (passwordSz * 2 + 2) > (int)sizeof(unicodePasswd)) {
ForceZero(key, PKCS_MAX_KEY_SIZE);
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#elif defined(WOLFSSL_CHECK_MEM_ZERO)
wc_MemZero_Check(key, PKCS_MAX_KEY_SIZE);
#endif
return UNICODE_SIZE_E;
}
for (i = 0; i < passwordSz; i++) {
unicodePasswd[idx++] = 0x00;
unicodePasswd[idx++] = (byte)password[i];
}
/* add trailing NULL */
unicodePasswd[idx++] = 0x00;
unicodePasswd[idx++] = 0x00;
ret = wc_PKCS12_PBKDF(key, unicodePasswd, idx, salt, saltSz,
iterations, derivedLen, typeH, 1);
if (id != PBE_SHA1_RC4_128) {
ret += wc_PKCS12_PBKDF(cbcIv, unicodePasswd, idx, salt, saltSz,
iterations, 8, typeH, 2);
}
break;
#ifdef WOLFSSL_SMALL_STACK
if (ret == 0) {
key = (byte*)XMALLOC(PKCS_MAX_KEY_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
if (key == NULL)
ret = MEMORY_E;
}
#endif /* HAVE_PKCS12 */
default:
ForceZero(key, PKCS_MAX_KEY_SIZE);
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#elif defined(WOLFSSL_CHECK_MEM_ZERO)
wc_MemZero_Check(key, PKCS_MAX_KEY_SIZE);
#endif
WOLFSSL_MSG("Unknown/Unsupported PKCS version");
return ALGO_ID_E;
} /* switch (version) */
#endif
if (ret != 0) {
ForceZero(key, PKCS_MAX_KEY_SIZE);
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#elif defined(WOLFSSL_CHECK_MEM_ZERO)
wc_MemZero_Check(key, PKCS_MAX_KEY_SIZE);
#endif
return ret;
}
switch (id) {
#ifndef NO_DES3
#if !defined(NO_SHA) || !defined(NO_MD5)
case PBE_MD5_DES:
case PBE_SHA1_DES:
{
Des des;
byte* desIv = key + 8;
if (version == PKCS5v2 || version == PKCS12v1)
desIv = cbcIv;
if (enc) {
ret = wc_Des_SetKey(&des, key, desIv, DES_ENCRYPTION);
}
else {
ret = wc_Des_SetKey(&des, key, desIv, DES_DECRYPTION);
}
if (ret != 0) {
ForceZero(key, PKCS_MAX_KEY_SIZE);
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#elif defined(WOLFSSL_CHECK_MEM_ZERO)
wc_MemZero_Check(key, PKCS_MAX_KEY_SIZE);
#endif
return ret;
}
if (enc) {
wc_Des_CbcEncrypt(&des, input, input, length);
}
else {
wc_Des_CbcDecrypt(&des, input, input, length);
}
break;
}
#endif /* !NO_SHA || !NO_MD5 */
if (ret == 0) {
#ifdef WOLFSSL_CHECK_MEM_ZERO
wc_MemZero_Add("wc_CryptKey key", key, PKCS_MAX_KEY_SIZE);
#endif
switch (version) {
#ifndef NO_HMAC
case PKCS5v2:
ret = wc_PBKDF2(key, (byte*)password, passwordSz,
salt, saltSz, iterations, derivedLen, typeH);
break;
#endif
#ifndef NO_SHA
case PBE_SHA1_DES3:
{
Des3 des;
byte* desIv = key + 24;
case PKCS5:
ret = wc_PBKDF1(key, (byte*)password, passwordSz,
salt, saltSz, iterations, derivedLen, typeH);
break;
#endif
#ifdef HAVE_PKCS12
case PKCS12v1:
{
int i, idx = 0;
byte unicodePasswd[MAX_UNICODE_SZ];
if (version == PKCS5v2 || version == PKCS12v1)
desIv = cbcIv;
if ( (passwordSz * 2 + 2) > (int)sizeof(unicodePasswd)) {
ret = UNICODE_SIZE_E;
break;
}
ret = wc_Des3Init(&des, NULL, INVALID_DEVID);
if (ret != 0) {
ForceZero(key, PKCS_MAX_KEY_SIZE);
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#elif defined(WOLFSSL_CHECK_MEM_ZERO)
wc_MemZero_Check(key, PKCS_MAX_KEY_SIZE);
#endif
return ret;
}
if (enc) {
ret = wc_Des3_SetKey(&des, key, desIv, DES_ENCRYPTION);
}
else {
ret = wc_Des3_SetKey(&des, key, desIv, DES_DECRYPTION);
}
if (ret != 0) {
ForceZero(key, PKCS_MAX_KEY_SIZE);
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#elif defined(WOLFSSL_CHECK_MEM_ZERO)
wc_MemZero_Check(key, PKCS_MAX_KEY_SIZE);
#endif
wc_Des3Free(&des);
return ret;
}
if (enc) {
ret = wc_Des3_CbcEncrypt(&des, input, input, length);
}
else {
ret = wc_Des3_CbcDecrypt(&des, input, input, length);
}
wc_Des3Free(&des);
if (ret != 0) {
ForceZero(key, PKCS_MAX_KEY_SIZE);
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#elif defined(WOLFSSL_CHECK_MEM_ZERO)
wc_MemZero_Check(key, PKCS_MAX_KEY_SIZE);
#endif
return ret;
}
break;
}
#endif /* !NO_SHA */
#endif
#if !defined(NO_RC4) && !defined(NO_SHA)
case PBE_SHA1_RC4_128:
{
Arc4 dec;
for (i = 0; i < passwordSz; i++) {
unicodePasswd[idx++] = 0x00;
unicodePasswd[idx++] = (byte)password[i];
}
/* add trailing NULL */
unicodePasswd[idx++] = 0x00;
unicodePasswd[idx++] = 0x00;
wc_Arc4SetKey(&dec, key, derivedLen);
wc_Arc4Process(&dec, input, input, length);
break;
}
#endif
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
#ifdef WOLFSSL_AES_256
case PBE_AES256_CBC:
case PBE_AES128_CBC:
{
int free_aes;
ret = wc_PKCS12_PBKDF(key, unicodePasswd, idx, salt, saltSz,
iterations, derivedLen, typeH, 1);
if (id != PBE_SHA1_RC4_128) {
ret += wc_PKCS12_PBKDF(cbcIv, unicodePasswd, idx, salt,
saltSz, iterations, 8, typeH, 2);
}
break;
}
#endif /* HAVE_PKCS12 */
default:
WOLFSSL_MSG("Unknown/Unsupported PKCS version");
ret = ALGO_ID_E;
} /* switch (version) */
}
if (ret == 0) {
switch (id) {
#ifndef NO_DES3
#if !defined(NO_SHA) || !defined(NO_MD5)
case PBE_MD5_DES:
case PBE_SHA1_DES:
{
Des des;
byte* desIv = key + 8;
if (version == PKCS5v2 || version == PKCS12v1)
desIv = cbcIv;
#ifdef WOLFSSL_SMALL_STACK
Aes *aes;
aes = (Aes *)XMALLOC(sizeof *aes, NULL, DYNAMIC_TYPE_AES);
if (aes == NULL)
return MEMORY_E;
#else
Aes aes[1];
#endif
free_aes = 0;
ret = wc_AesInit(aes, NULL, INVALID_DEVID);
if (ret == 0) {
free_aes = 1;
if (enc) {
ret = wc_AesSetKey(aes, key, derivedLen, cbcIv,
AES_ENCRYPTION);
ret = wc_Des_SetKey(&des, key, desIv, DES_ENCRYPTION);
}
else {
ret = wc_AesSetKey(aes, key, derivedLen, cbcIv,
AES_DECRYPTION);
ret = wc_Des_SetKey(&des, key, desIv, DES_DECRYPTION);
}
if (ret == 0) {
if (enc) {
wc_Des_CbcEncrypt(&des, input, input, length);
}
else {
wc_Des_CbcDecrypt(&des, input, input, length);
}
}
break;
}
if (ret == 0) {
if (enc)
ret = wc_AesCbcEncrypt(aes, input, input, length);
else
ret = wc_AesCbcDecrypt(aes, input, input, length);
}
if (free_aes)
wc_AesFree(aes);
ForceZero(aes, sizeof(Aes));
#ifdef WOLFSSL_SMALL_STACK
XFREE(aes, NULL, DYNAMIC_TYPE_AES);
#endif
if (ret != 0) {
ForceZero(key, PKCS_MAX_KEY_SIZE);
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#elif defined(WOLFSSL_CHECK_MEM_ZERO)
wc_MemZero_Check(key, PKCS_MAX_KEY_SIZE);
#endif
return ret;
}
break;
}
#endif /* WOLFSSL_AES_256 */
#endif /* !NO_AES && HAVE_AES_CBC */
#ifdef WC_RC2
case PBE_SHA1_40RC2_CBC:
{
Rc2 rc2;
/* effective key size for RC2-40-CBC is 40 bits */
ret = wc_Rc2SetKey(&rc2, key, derivedLen, cbcIv, 40);
if (ret == 0) {
if (enc)
ret = wc_Rc2CbcEncrypt(&rc2, input, input, length);
else
ret = wc_Rc2CbcDecrypt(&rc2, input, input, length);
}
if (ret != 0) {
ForceZero(key, PKCS_MAX_KEY_SIZE);
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#elif defined(WOLFSSL_CHECK_MEM_ZERO)
wc_MemZero_Check(key, PKCS_MAX_KEY_SIZE);
#endif
return ret;
}
ForceZero(&rc2, sizeof(Rc2));
break;
}
#endif
#endif /* !NO_SHA || !NO_MD5 */
default:
ForceZero(key, PKCS_MAX_KEY_SIZE);
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#elif defined(WOLFSSL_CHECK_MEM_ZERO)
wc_MemZero_Check(key, PKCS_MAX_KEY_SIZE);
#endif
WOLFSSL_MSG("Unknown/Unsupported encrypt/decryption algorithm");
return ALGO_ID_E;
#ifndef NO_SHA
case PBE_SHA1_DES3:
{
Des3 des;
byte* desIv = key + 24;
if (version == PKCS5v2 || version == PKCS12v1)
desIv = cbcIv;
ret = wc_Des3Init(&des, NULL, INVALID_DEVID);
if (ret != 0) {
break;
}
if (enc) {
ret = wc_Des3_SetKey(&des, key, desIv, DES_ENCRYPTION);
}
else {
ret = wc_Des3_SetKey(&des, key, desIv, DES_DECRYPTION);
}
if (ret == 0) {
if (enc) {
ret = wc_Des3_CbcEncrypt(&des, input, input, length);
}
else {
ret = wc_Des3_CbcDecrypt(&des, input, input, length);
}
}
wc_Des3Free(&des);
break;
}
#endif /* !NO_SHA */
#endif
#if !defined(NO_RC4) && !defined(NO_SHA)
case PBE_SHA1_RC4_128:
{
Arc4 dec;
wc_Arc4SetKey(&dec, key, derivedLen);
wc_Arc4Process(&dec, input, input, length);
break;
}
#endif
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
#ifdef WOLFSSL_AES_256
case PBE_AES256_CBC:
case PBE_AES128_CBC:
{
int free_aes;
#ifdef WOLFSSL_SMALL_STACK
Aes *aes;
aes = (Aes *)XMALLOC(sizeof *aes, NULL, DYNAMIC_TYPE_AES);
if (aes == NULL) {
ret = MEMORY_E;
break;
}
#else
Aes aes[1];
#endif
free_aes = 0;
ret = wc_AesInit(aes, NULL, INVALID_DEVID);
if (ret == 0) {
free_aes = 1;
if (enc) {
ret = wc_AesSetKey(aes, key, derivedLen, cbcIv,
AES_ENCRYPTION);
}
else {
ret = wc_AesSetKey(aes, key, derivedLen, cbcIv,
AES_DECRYPTION);
}
}
if (ret == 0) {
if (enc)
ret = wc_AesCbcEncrypt(aes, input, input, length);
else
ret = wc_AesCbcDecrypt(aes, input, input, length);
}
if (free_aes)
wc_AesFree(aes);
ForceZero(aes, sizeof(Aes));
#ifdef WOLFSSL_SMALL_STACK
XFREE(aes, NULL, DYNAMIC_TYPE_AES);
#endif
break;
}
#endif /* WOLFSSL_AES_256 */
#endif /* !NO_AES && HAVE_AES_CBC */
#ifdef WC_RC2
case PBE_SHA1_40RC2_CBC:
{
Rc2 rc2;
/* effective key size for RC2-40-CBC is 40 bits */
ret = wc_Rc2SetKey(&rc2, key, derivedLen, cbcIv, 40);
if (ret == 0) {
if (enc)
ret = wc_Rc2CbcEncrypt(&rc2, input, input, length);
else
ret = wc_Rc2CbcDecrypt(&rc2, input, input, length);
}
if (ret == 0) {
ForceZero(&rc2, sizeof(Rc2));
}
break;
}
#endif
default:
WOLFSSL_MSG("Unknown/Unsupported encrypt/decryption algorithm");
ret = ALGO_ID_E;
}
}
ForceZero(key, PKCS_MAX_KEY_SIZE);
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#elif defined(WOLFSSL_CHECK_MEM_ZERO)
wc_MemZero_Check(key, PKCS_MAX_KEY_SIZE);
#endif
if (key != NULL) {
ForceZero(key, PKCS_MAX_KEY_SIZE);
#ifdef WOLFSSL_SMALL_STACK
XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
#elif defined(WOLFSSL_CHECK_MEM_ZERO)
wc_MemZero_Check(key, PKCS_MAX_KEY_SIZE);
#endif
}
return ret;
}