From de2f87878134b4f0b440727b083d9d31c2df623c Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Thu, 30 Mar 2023 18:30:23 +0200 Subject: [PATCH 1/3] Write next IV in wolfSSL_DES_ede3_cbc_encrypt --- src/ssl.c | 11 +++++++++++ wolfcrypt/test/test.c | 17 +++++++++++++---- 2 files changed, 24 insertions(+), 4 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 57a3b48d2..8761f0720 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -19840,6 +19840,9 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, WOLFSSL_ENTER("wolfSSL_DES_ede3_cbc_encrypt"); + if (sz <= 0) + return; + XMEMSET(key, 0, sizeof(key)); XMEMCPY(key, *ks1, DES_BLOCK_SIZE); XMEMCPY(&key[DES_BLOCK_SIZE], *ks2, DES_BLOCK_SIZE); @@ -19867,6 +19870,10 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, ret = wc_AsyncWait(ret, &des.asyncDev, WC_ASYNC_FLAG_NONE); #endif (void)ret; /* ignore return codes for processing */ + XMEMCPY(ivec, output+blk*DES_BLOCK_SIZE, DES_BLOCK_SIZE); + } + else { + XMEMCPY(ivec, output+(blk-1)*DES_BLOCK_SIZE, DES_BLOCK_SIZE); } } } @@ -19885,6 +19892,10 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, #endif (void)ret; /* ignore return codes for processing */ XMEMCPY(output+sz-lb_sz, lastblock, lb_sz); + XMEMCPY(ivec, input+sz-lb_sz, DES_BLOCK_SIZE); + } + else { + XMEMCPY(ivec, input+(blk-1)*DES_BLOCK_SIZE, DES_BLOCK_SIZE); } } } diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 5f80924e1..6fe6803a5 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -7427,6 +7427,9 @@ WOLFSSL_TEST_SUBROUTINE int des3_test(void) }; int ret; +#if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) + size_t i; +#endif ret = wc_Des3Init(&enc, HEAP_HINT, devId); @@ -7463,7 +7466,7 @@ WOLFSSL_TEST_SUBROUTINE int des3_test(void) #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) /* test the same vectors with using compatibility layer */ - { + for (i = 0; i < sizeof(vector); i += DES_BLOCK_SIZE){ DES_key_schedule ks1; DES_key_schedule ks2; DES_key_schedule ks3; @@ -7472,15 +7475,21 @@ WOLFSSL_TEST_SUBROUTINE int des3_test(void) XMEMCPY(ks1, key3, sizeof(DES_key_schedule)); XMEMCPY(ks2, key3 + 8, sizeof(DES_key_schedule)); XMEMCPY(ks3, key3 + 16, sizeof(DES_key_schedule)); - XMEMCPY(iv4, iv3, sizeof(DES_cblock)); XMEMSET(plain, 0, sizeof(plain)); XMEMSET(cipher, 0, sizeof(cipher)); - DES_ede3_cbc_encrypt(vector, cipher, sizeof(vector), &ks1, &ks2, &ks3, + /* Use i as the splitter */ + XMEMCPY(iv4, iv3, sizeof(DES_cblock)); + DES_ede3_cbc_encrypt(vector, cipher, i, &ks1, &ks2, &ks3, &iv4, DES_ENCRYPT); - DES_ede3_cbc_encrypt(cipher, plain, sizeof(cipher), &ks1, &ks2, &ks3, + DES_ede3_cbc_encrypt(vector + i, cipher + i, sizeof(vector) - i, &ks1, + &ks2, &ks3, &iv4, DES_ENCRYPT); + XMEMCPY(iv4, iv3, sizeof(DES_cblock)); + DES_ede3_cbc_encrypt(cipher, plain, i, &ks1, &ks2, &ks3, &iv4, DES_DECRYPT); + DES_ede3_cbc_encrypt(cipher + i, plain + i, sizeof(cipher) - i, &ks1, + &ks2, &ks3, &iv4, DES_DECRYPT); if (XMEMCMP(plain, vector, sizeof(plain))) return WC_TEST_RET_ENC_NC; From ffcc66bb53547317225e8ba5be34688232c05c01 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Fri, 31 Mar 2023 11:48:18 +0200 Subject: [PATCH 2/3] Add explicit casts --- wolfcrypt/test/test.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 6fe6803a5..9be50774e 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -7481,15 +7481,15 @@ WOLFSSL_TEST_SUBROUTINE int des3_test(void) /* Use i as the splitter */ XMEMCPY(iv4, iv3, sizeof(DES_cblock)); - DES_ede3_cbc_encrypt(vector, cipher, i, &ks1, &ks2, &ks3, + DES_ede3_cbc_encrypt(vector, cipher, (long)i, &ks1, &ks2, &ks3, &iv4, DES_ENCRYPT); - DES_ede3_cbc_encrypt(vector + i, cipher + i, sizeof(vector) - i, &ks1, - &ks2, &ks3, &iv4, DES_ENCRYPT); + DES_ede3_cbc_encrypt(vector + i, cipher + i, (long)(sizeof(vector) - i), + &ks1, &ks2, &ks3, &iv4, DES_ENCRYPT); XMEMCPY(iv4, iv3, sizeof(DES_cblock)); - DES_ede3_cbc_encrypt(cipher, plain, i, &ks1, &ks2, &ks3, + DES_ede3_cbc_encrypt(cipher, plain, (long)i, &ks1, &ks2, &ks3, &iv4, DES_DECRYPT); - DES_ede3_cbc_encrypt(cipher + i, plain + i, sizeof(cipher) - i, &ks1, - &ks2, &ks3, &iv4, DES_DECRYPT); + DES_ede3_cbc_encrypt(cipher + i, plain + i, (long)(sizeof(cipher) - i), + &ks1, &ks2, &ks3, &iv4, DES_DECRYPT); if (XMEMCMP(plain, vector, sizeof(plain))) return WC_TEST_RET_ENC_NC; From 171c217ae53a0efcca87ef66e830b47b551ef05e Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Wed, 5 Apr 2023 15:50:51 +0200 Subject: [PATCH 3/3] Add in-place support for DES_ede3_cbc_encrypt --- src/ssl.c | 8 ++++---- wolfcrypt/test/test.c | 14 ++++++++++---- 2 files changed, 14 insertions(+), 8 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index 8761f0720..93137801f 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -19880,6 +19880,10 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, else { if (wc_Des3_SetKey(&des, key, (const byte*)ivec, DES_DECRYPTION) == 0) { + if(lb_sz) + XMEMCPY(ivec, input+sz-lb_sz, DES_BLOCK_SIZE); + else + XMEMCPY(ivec, input+(blk-1)*DES_BLOCK_SIZE, DES_BLOCK_SIZE); ret = wc_Des3_CbcDecrypt(&des, output, input, (word32)blk*DES_BLOCK_SIZE); #if defined(WOLFSSL_ASYNC_CRYPT) ret = wc_AsyncWait(ret, &des.asyncDev, WC_ASYNC_FLAG_NONE); @@ -19892,10 +19896,6 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, #endif (void)ret; /* ignore return codes for processing */ XMEMCPY(output+sz-lb_sz, lastblock, lb_sz); - XMEMCPY(ivec, input+sz-lb_sz, DES_BLOCK_SIZE); - } - else { - XMEMCPY(ivec, input+(blk-1)*DES_BLOCK_SIZE, DES_BLOCK_SIZE); } } } diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 9be50774e..1f2e3c81c 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -7471,6 +7471,7 @@ WOLFSSL_TEST_SUBROUTINE int des3_test(void) DES_key_schedule ks2; DES_key_schedule ks3; DES_cblock iv4; + byte tmp[sizeof(vector)]; XMEMCPY(ks1, key3, sizeof(DES_key_schedule)); XMEMCPY(ks2, key3 + 8, sizeof(DES_key_schedule)); @@ -7479,17 +7480,22 @@ WOLFSSL_TEST_SUBROUTINE int des3_test(void) XMEMSET(plain, 0, sizeof(plain)); XMEMSET(cipher, 0, sizeof(cipher)); + /* Test in-place encrypt/decrypt */ + XMEMCPY(tmp, vector, sizeof(vector)); + /* Use i as the splitter */ XMEMCPY(iv4, iv3, sizeof(DES_cblock)); - DES_ede3_cbc_encrypt(vector, cipher, (long)i, &ks1, &ks2, &ks3, + DES_ede3_cbc_encrypt(tmp, tmp, (long)i, &ks1, &ks2, &ks3, &iv4, DES_ENCRYPT); - DES_ede3_cbc_encrypt(vector + i, cipher + i, (long)(sizeof(vector) - i), + DES_ede3_cbc_encrypt(tmp + i, tmp + i, (long)(sizeof(vector) - i), &ks1, &ks2, &ks3, &iv4, DES_ENCRYPT); + XMEMCPY(cipher, tmp, sizeof(cipher)); XMEMCPY(iv4, iv3, sizeof(DES_cblock)); - DES_ede3_cbc_encrypt(cipher, plain, (long)i, &ks1, &ks2, &ks3, + DES_ede3_cbc_encrypt(tmp, tmp, (long)i, &ks1, &ks2, &ks3, &iv4, DES_DECRYPT); - DES_ede3_cbc_encrypt(cipher + i, plain + i, (long)(sizeof(cipher) - i), + DES_ede3_cbc_encrypt(tmp + i, tmp + i, (long)(sizeof(cipher) - i), &ks1, &ks2, &ks3, &iv4, DES_DECRYPT); + XMEMCPY(plain, tmp, sizeof(plain)); if (XMEMCMP(plain, vector, sizeof(plain))) return WC_TEST_RET_ENC_NC;