wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 18:57:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fixes for NO_AES_192 and NO_AES_256. Added CI test. Fixed bad BUILD_ logic for ADH-AES256-GCM-SHA384.

Browse Source
This commit is contained in:
David Garske
2025-05-02 14:18:29 -07:00
parent e487685d7d
commit 0f4ce03c28
11 changed files with 139 additions and 81 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.github/workflows/os-check.yml vendored
View File

@ -42,6 +42,7 @@ jobs:
--enable-psk --enable-aesccm --enable-nullcipher CPPFLAGS=-DWOLFSSL_STATIC_RSA',
'--enable-ascon --enable-experimental',
'--enable-ascon CPPFLAGS=-DWOLFSSL_ASCON_UNROLL --enable-experimental',
'--enable-all CPPFLAGS=''-DNO_AES_192 -DNO_AES_256'' ',
]
name: make check
if: github.repository_owner == 'wolfssl'

4
src/quic.c
View File

@ -989,13 +989,17 @@ const WOLFSSL_EVP_CIPHER* wolfSSL_quic_get_aead(WOLFSSL* ssl)
switch (cipher->cipherSuite) {
#if !defined(NO_AES) && defined(HAVE_AESGCM)
#ifdef WOLFSSL_AES_128
case TLS_AES_128_GCM_SHA256:
evp_cipher = wolfSSL_EVP_aes_128_gcm();
break;
#endif
#ifdef WOLFSSL_AES_256
case TLS_AES_256_GCM_SHA384:
evp_cipher = wolfSSL_EVP_aes_256_gcm();
break;
#endif
#endif
#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
case TLS_CHACHA20_POLY1305_SHA256:
evp_cipher = wolfSSL_EVP_chacha20_poly1305();

13
src/ssl_crypto.c
View File

@ -2149,8 +2149,17 @@ int wolfSSL_CMAC_Init(WOLFSSL_CMAC_CTX* ctx, const void *key, size_t keySz,
ret = 0;
}
/* Only AES-CBC ciphers are supported. */
if ((ret == 1) && (cipher != EVP_AES_128_CBC) &&
(cipher != EVP_AES_192_CBC) && (cipher != EVP_AES_256_CBC)) {
if ((ret == 1)
#ifdef WOLFSSL_AES_128
&& (cipher != EVP_AES_128_CBC)
#endif
#ifdef WOLFSSL_AES_192
&& (cipher != EVP_AES_192_CBC)
#endif
#ifdef WOLFSSL_AES_256
&& (cipher != EVP_AES_256_CBC)
#endif
) {
WOLFSSL_MSG("wolfSSL_CMAC_Init: requested cipher is unsupported");
ret = 0;
}

125
tests/api.c
View File

@ -7400,7 +7400,7 @@ static int test_wolfSSL_EVP_CIPHER_CTX(void)
/* TODO: Expand and enable this when EVP_chacha20_poly1305 is supported */
#if defined(HAVE_SESSION_TICKET) && defined(OPENSSL_EXTRA) && \
defined(HAVE_AES_CBC)
defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256)
typedef struct openssl_key_ctx {
byte name[WOLFSSL_TICKET_NAME_SZ]; /* server name */
@ -7644,7 +7644,7 @@ int test_ssl_memio_setup(test_ssl_memio_ctx *ctx)
if (!ctx->s_cb.ticNoInit && (ctx->s_ctx != NULL)) {
#if defined(HAVE_SESSION_TICKET) && \
((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || defined(HAVE_AESGCM))
#if defined(OPENSSL_EXTRA) && defined(HAVE_AES_CBC)
#if defined(OPENSSL_EXTRA) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256)
OpenSSLTicketInit();
wolfSSL_CTX_set_tlsext_ticket_key_cb(ctx->s_ctx, myTicketEncCbOpenSSL);
#elif defined(WOLFSSL_NO_DEF_TICKET_ENC_CB)
@ -7898,7 +7898,7 @@ void test_ssl_memio_cleanup(test_ssl_memio_ctx* ctx)
if (!ctx->s_cb.ticNoInit) {
#if defined(HAVE_SESSION_TICKET) && \
((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || defined(HAVE_AESGCM))
#if defined(OPENSSL_EXTRA) && defined(HAVE_AES_CBC)
#if defined(OPENSSL_EXTRA) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256)
OpenSSLTicketCleanup();
#elif defined(WOLFSSL_NO_DEF_TICKET_ENC_CB)
TicketCleanup();
@ -8141,7 +8141,7 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args)
if (cbf == NULL || !cbf->ticNoInit) {
#if defined(HAVE_SESSION_TICKET) && \
((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || defined(HAVE_AESGCM))
#if defined(OPENSSL_EXTRA) && defined(HAVE_AES_CBC)
#if defined(OPENSSL_EXTRA) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256)
OpenSSLTicketInit();
wolfSSL_CTX_set_tlsext_ticket_key_cb(ctx, myTicketEncCbOpenSSL);
#elif defined(WOLFSSL_NO_DEF_TICKET_ENC_CB)
@ -8388,7 +8388,7 @@ done:
if (cbf == NULL || !cbf->ticNoInit) {
#if defined(HAVE_SESSION_TICKET) && \
((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || defined(HAVE_AESGCM))
#if defined(OPENSSL_EXTRA) && defined(HAVE_AES_CBC)
#if defined(OPENSSL_EXTRA) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256)
OpenSSLTicketCleanup();
#elif defined(WOLFSSL_NO_DEF_TICKET_ENC_CB)
TicketCleanup();
@ -13134,7 +13134,8 @@ static int test_wolfSSL_PKCS12(void)
#if defined(OPENSSL_EXTRA) && !defined(NO_DES3) && !defined(NO_FILESYSTEM) && \
!defined(NO_STDIO_FILESYSTEM) && !defined(NO_TLS) && \
!defined(NO_ASN) && !defined(NO_PWDBASED) && !defined(NO_RSA) && \
!defined(NO_SHA) && defined(HAVE_PKCS12) && !defined(NO_BIO)
!defined(NO_SHA) && defined(HAVE_PKCS12) && !defined(NO_BIO) && \
defined(WOLFSSL_AES_256)
byte buf[6000];
char file[] = "./certs/test-servercert.p12";
char order[] = "./certs/ecc-rsa-server.p12";
@ -13838,6 +13839,7 @@ static int test_wolfSSL_PKCS8_ED25519(void)
{
EXPECT_DECLS;
#if !defined(NO_ASN) && defined(HAVE_PKCS8) && defined(HAVE_AES_CBC) && \
defined(WOLFSSL_AES_256) && \
defined(WOLFSSL_ENCRYPTED_KEYS) && defined(HAVE_ED25519) && \
defined(HAVE_ED25519_KEY_IMPORT)
const byte encPrivKey[] = \
@ -13878,6 +13880,7 @@ static int test_wolfSSL_PKCS8_ED448(void)
{
EXPECT_DECLS;
#if !defined(NO_ASN) && defined(HAVE_PKCS8) && defined(HAVE_AES_CBC) && \
defined(WOLFSSL_AES_256) && \
defined(WOLFSSL_ENCRYPTED_KEYS) && defined(HAVE_ED448) && \
defined(HAVE_ED448_KEY_IMPORT)
const byte encPrivKey[] = \
@ -17109,7 +17112,7 @@ static int test_wc_PKCS7_VerifySignedData_ECC(void)
#if defined(HAVE_PKCS7) && !defined(NO_AES) && defined(HAVE_AES_CBC) && \
!defined(NO_AES_256)
defined(WOLFSSL_AES_256)
static const byte defKey[] = {
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
@ -17207,7 +17210,7 @@ static int myCEKwrapFunc(PKCS7* pkcs7, byte* cek, word32 cekSz, byte* keyId,
return BAD_KEYWRAP_ALG_E;
};
}
#endif /* HAVE_PKCS7 && !NO_AES && HAVE_AES_CBC && !NO_AES_256 */
#endif /* HAVE_PKCS7 && !NO_AES && HAVE_AES_CBC && WOLFSSL_AES_256 */
#if defined(HAVE_PKCS7) && defined(ASN_BER_TO_DER)
@ -17465,15 +17468,15 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz},
#endif /* NO_DES3 */
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
#ifndef NO_AES_128
#ifdef WOLFSSL_AES_128
{(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES128CBCb,
0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz},
#endif
#ifndef NO_AES_192
#ifdef WOLFSSL_AES_192
{(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES192CBCb,
0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz},
#endif
#ifndef NO_AES_256
#ifdef WOLFSSL_AES_256
{(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES256CBCb,
0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz},
#endif
@ -17482,17 +17485,17 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
#endif /* NO_RSA */
#if defined(HAVE_ECC)
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
#if !defined(NO_SHA) && !defined(NO_AES_128)
#if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
{(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA,
AES128CBCb, AES128_WRAP, dhSinglePass_stdDH_sha1kdf_scheme,
eccCert, eccCertSz, eccPrivKey, eccPrivKeySz},
#endif
#if !defined(NO_SHA256) && !defined(NO_AES_256)
#if !defined(NO_SHA256) && defined(WOLFSSL_AES_256)
{(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA,
AES256CBCb, AES256_WRAP, dhSinglePass_stdDH_sha256kdf_scheme,
eccCert, eccCertSz, eccPrivKey, eccPrivKeySz},
#endif
#if defined(WOLFSSL_SHA512) && !defined(NO_AES_256)
#if defined(WOLFSSL_SHA512) && defined(WOLFSSL_AES_256)
{(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA,
AES256CBCb, AES256_WRAP, dhSinglePass_stdDH_sha512kdf_scheme,
eccCert, eccCertSz, eccPrivKey, eccPrivKeySz},
@ -17715,7 +17718,7 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
wc_PKCS7_Free(pkcs7);
pkcs7 = NULL;
#if !defined(NO_AES) && defined(HAVE_AES_CBC) && !defined(NO_AES_256)
#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256)
/* test of decrypt callback with KEKRI enveloped data */
{
int envelopedSz = 0;
@ -17746,7 +17749,7 @@ static int test_wc_PKCS7_EncodeDecodeEnvelopedData(void)
wc_PKCS7_Free(pkcs7);
pkcs7 = NULL;
}
#endif /* !NO_AES && !NO_AES_256 */
#endif /* !NO_AES && WOLFSSL_AES_256 */
#ifndef NO_RSA
XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@ -17833,20 +17836,20 @@ static int test_wc_PKCS7_EncodeEncryptedData(void)
};
#endif
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
#ifndef NO_AES_128
#ifdef WOLFSSL_AES_128
byte aes128Key[] = {
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
};
#endif
#ifndef NO_AES_192
#ifdef WOLFSSL_AES_192
byte aes192Key[] = {
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
};
#endif
#ifndef NO_AES_256
#ifdef WOLFSSL_AES_256
byte aes256Key[] = {
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
@ -17863,17 +17866,17 @@ static int test_wc_PKCS7_EncodeEncryptedData(void)
{data, (word32)sizeof(data), DATA, DESb, desKey, sizeof(desKey)},
#endif /* !NO_DES3 */
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
#ifndef NO_AES_128
#ifdef WOLFSSL_AES_128
{data, (word32)sizeof(data), DATA, AES128CBCb, aes128Key,
sizeof(aes128Key)},
#endif
#ifndef NO_AES_192
#ifdef WOLFSSL_AES_192
{data, (word32)sizeof(data), DATA, AES192CBCb, aes192Key,
sizeof(aes192Key)},
#endif
#ifndef NO_AES_256
#ifdef WOLFSSL_AES_256
{data, (word32)sizeof(data), DATA, AES256CBCb, aes256Key,
sizeof(aes256Key)},
#endif
@ -18375,7 +18378,7 @@ static int test_wc_PKCS7_signed_enveloped(void)
{
EXPECT_DECLS;
#if defined(HAVE_PKCS7) && !defined(NO_RSA) && !defined(NO_AES) && \
!defined(NO_FILESYSTEM)
defined(WOLFSSL_AES_256) && !defined(NO_FILESYSTEM)
XFILE f = XBADFILE;
PKCS7* pkcs7 = NULL;
#ifdef HAVE_AES_CBC
@ -18437,7 +18440,7 @@ static int test_wc_PKCS7_signed_enveloped(void)
pkcs7 = NULL;
DoExpectIntEQ(wc_FreeRng(&rng), 0);
#ifdef HAVE_AES_CBC
#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256)
/* create envelope */
ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, (word32)certSz), 0);
@ -33026,7 +33029,7 @@ static int test_wolfSSL_PKCS8_d2i(void)
}
#if defined(OPENSSL_ALL) && \
!defined(NO_BIO) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8) && \
defined(HAVE_AES_CBC)
defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256)
ExpectNotNull(bio = BIO_new(BIO_s_mem()));
/* Write PKCS#8 PEM to BIO. */
ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL,
@ -33039,18 +33042,26 @@ static int test_wolfSSL_PKCS8_d2i(void)
BIO_free(bio);
bio = NULL;
ExpectNotNull(bio = BIO_new(BIO_s_mem()));
/* Write Encrypted PKCS#8 PEM to BIO. */
/* Write Encrypted PKCS#8 PEM to BIO (test write 0 then 379) */
bytes = 379;
ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, EVP_aes_256_cbc(),
NULL, 0, NoPasswordCallBack, (void*)"yassl123"), 0);
ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, EVP_aes_256_cbc(),
NULL, 0, PasswordCallBack, (void*)"yassl123"), bytes);
/* invalid cases to stderr */
#ifdef WOLFSSL_AES_128
ExpectIntEQ(PEM_write_PKCS8PrivateKey(stderr, pkey, EVP_aes_128_cbc(),
NULL, 0, PasswordCallBack, (void*)"yassl123"), bytes);
ExpectIntEQ(PEM_write_PKCS8PrivateKey(stderr, pkey, EVP_aes_128_cbc(),
(char*)"yassl123", 8, PasswordCallBack, NULL), bytes);
#endif
ExpectIntEQ(PEM_write_PKCS8PrivateKey(stderr, pkey, EVP_aes_256_cbc(),
NULL, 0, PasswordCallBack, (void*)"yassl123"), bytes);
ExpectIntEQ(PEM_write_PKCS8PrivateKey(stderr, pkey, EVP_aes_256_cbc(),
(char*)"yassl123", 8, PasswordCallBack, NULL), bytes);
/* read/decode private key with password */
ExpectNotNull(evpPkey = PEM_read_bio_PrivateKey(bio, NULL, PasswordCallBack,
(void*)"yassl123"));
EVP_PKEY_free(evpPkey);
@ -34570,6 +34581,7 @@ static int test_wolfSSL_CMAC(void)
ExpectNotNull(cmacCtx = CMAC_CTX_new());
ExpectNotNull(CMAC_CTX_get0_cipher_ctx(cmacCtx));
ExpectIntEQ(CMAC_Init(NULL, NULL, 0, NULL, NULL), 0);
#ifdef WOLFSSL_AES_192
ExpectIntEQ(CMAC_Init(NULL, key, AES_192_KEY_SIZE, EVP_aes_192_cbc(),
NULL), 0);
ExpectIntEQ(CMAC_Init(cmacCtx, NULL, AES_192_KEY_SIZE, EVP_aes_192_cbc(),
@ -34578,6 +34590,7 @@ static int test_wolfSSL_CMAC(void)
ExpectIntEQ(CMAC_Init(cmacCtx, key, AES_128_KEY_SIZE, EVP_aes_192_cbc(),
NULL), 0);
ExpectIntEQ(CMAC_Init(cmacCtx, key, AES_192_KEY_SIZE, NULL, NULL), 0);
#endif
#if defined(HAVE_AESGCM) && defined(WOLFSSL_AES_128)
/* Only AES-CBC supported. */
ExpectIntEQ(CMAC_Init(cmacCtx, key, AES_128_KEY_SIZE, EVP_aes_128_gcm(),
@ -34593,6 +34606,7 @@ static int test_wolfSSL_CMAC(void)
CMAC_CTX_free(cmacCtx);
/* Test AES-256-CBC */
#ifdef WOLFSSL_AES_256
cmacCtx = NULL;
ExpectNotNull(cmacCtx = CMAC_CTX_new());
ExpectIntEQ(CMAC_Init(cmacCtx, key, AES_256_KEY_SIZE, EVP_aes_256_cbc(),
@ -34600,8 +34614,10 @@ static int test_wolfSSL_CMAC(void)
ExpectIntEQ(CMAC_Update(cmacCtx, key, AES_128_KEY_SIZE), 1);
ExpectIntEQ(CMAC_Final(cmacCtx, out, NULL), 1);
CMAC_CTX_free(cmacCtx);
#endif
/* Test AES-192-CBC */
#ifdef WOLFSSL_AES_192
cmacCtx = NULL;
ExpectNotNull(cmacCtx = CMAC_CTX_new());
ExpectIntEQ(CMAC_Init(cmacCtx, key, AES_192_KEY_SIZE, EVP_aes_192_cbc(),
@ -34609,6 +34625,7 @@ static int test_wolfSSL_CMAC(void)
ExpectIntEQ(CMAC_Update(cmacCtx, key, AES_128_KEY_SIZE), 1);
ExpectIntEQ(CMAC_Final(cmacCtx, out, NULL), 1);
CMAC_CTX_free(cmacCtx);
#endif
cmacCtx = NULL;
ExpectNotNull(cmacCtx = CMAC_CTX_new());
@ -34897,8 +34914,8 @@ static int test_wolfSSL_DES_ede3_cbc_encrypt(void)
static int test_wolfSSL_AES_encrypt(void)
{
EXPECT_DECLS;
#if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AES_ECB) \
&& !defined(WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API)
#if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AES_ECB) && \
defined(WOLFSSL_AES_256) && !defined(WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API)
AES_KEY enc;
AES_KEY dec;
const byte msg[] = {
@ -34948,8 +34965,8 @@ static int test_wolfSSL_AES_encrypt(void)
static int test_wolfSSL_AES_ecb_encrypt(void)
{
EXPECT_DECLS;
#if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AES_ECB) \
&& !defined(WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API)
#if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AES_ECB) && \
defined(WOLFSSL_AES_256) && !defined(WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API)
AES_KEY aes;
const byte msg[] =
{
@ -35262,14 +35279,12 @@ static int test_wolfSSL_AES_cfb128_encrypt(void)
0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a
};
const byte exp[] = {
0x16, 0xc9, 0x90, 0x6c, 0x04, 0x0c, 0xd1, 0x2f,
0x84, 0x7b, 0x18, 0xed, 0xed, 0x6a, 0xb5, 0xfd
0x2c, 0x4e, 0xc4, 0x58, 0x4b, 0xf3, 0xb3, 0xad,
0xd0, 0xe6, 0xf1, 0x80, 0x43, 0x59, 0x54, 0x6b
};
const byte key[] = {
0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4
0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81
};
const byte ivData[] = {
0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
@ -35653,7 +35668,7 @@ static int test_wolfSSL_OBJ(void)
int boolRet;
EVP_PKEY *pkey = NULL;
const char *p12_f[] = {
#if !defined(NO_DES3) && !defined(NO_RSA)
#if !defined(NO_AES) && defined(WOLFSSL_AES_256) && !defined(NO_RSA)
"./certs/test-servercert.p12",
#endif
NULL};
@ -41455,19 +41470,25 @@ static int test_wolfSSL_EVP_CIPHER_CTX_key_length(void)
int nids[] = {
#ifdef HAVE_AES_CBC
NID_aes_128_cbc,
#ifdef WOLFSSL_AES_256
NID_aes_256_cbc,
#endif
#endif
#if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
#ifdef HAVE_AESGCM
NID_aes_128_gcm,
#ifdef WOLFSSL_AES_256
NID_aes_256_gcm,
#endif
#endif
#endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION > 2 */
#ifdef WOLFSSL_AES_COUNTER
NID_aes_128_ctr,
#ifdef WOLFSSL_AES_256
NID_aes_256_ctr,
#endif
#endif
#ifndef NO_DES3
NID_des_cbc,
NID_des_ede3_cbc,
@ -41476,19 +41497,25 @@ static int test_wolfSSL_EVP_CIPHER_CTX_key_length(void)
int key_lengths[] = {
#ifdef HAVE_AES_CBC
AES_128_KEY_SIZE,
#ifdef WOLFSSL_AES_256
AES_256_KEY_SIZE,
#endif
#endif
#if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
#ifdef HAVE_AESGCM
AES_128_KEY_SIZE,
#ifdef WOLFSSL_AES_256
AES_256_KEY_SIZE,
#endif
#endif
#endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION > 2 */
#ifdef WOLFSSL_AES_COUNTER
AES_128_KEY_SIZE,
#ifdef WOLFSSL_AES_256
AES_256_KEY_SIZE,
#endif
#endif
#ifndef NO_DES3
DES_KEY_SIZE,
DES3_KEY_SIZE,
@ -41613,7 +41640,7 @@ static int test_wolfSSL_EVP_md4(void)
static int test_wolfSSL_EVP_aes_256_gcm(void)
{
EXPECT_DECLS;
#ifdef HAVE_AESGCM
#if defined(HAVE_AESGCM) && defined(WOLFSSL_AES_256)
ExpectNotNull(wolfSSL_EVP_aes_256_gcm());
#endif
return EXPECT_RESULT();
@ -41622,7 +41649,7 @@ static int test_wolfSSL_EVP_aes_256_gcm(void)
static int test_wolfSSL_EVP_aes_192_gcm(void)
{
EXPECT_DECLS;
#ifdef HAVE_AESGCM
#if defined(HAVE_AESGCM) && defined(WOLFSSL_AES_192)
ExpectNotNull(wolfSSL_EVP_aes_192_gcm());
#endif
return EXPECT_RESULT();
@ -41631,7 +41658,7 @@ static int test_wolfSSL_EVP_aes_192_gcm(void)
static int test_wolfSSL_EVP_aes_256_ccm(void)
{
EXPECT_DECLS;
#ifdef HAVE_AESCCM
#if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_256)
ExpectNotNull(wolfSSL_EVP_aes_256_ccm());
#endif
return EXPECT_RESULT();
@ -41640,7 +41667,7 @@ static int test_wolfSSL_EVP_aes_256_ccm(void)
static int test_wolfSSL_EVP_aes_192_ccm(void)
{
EXPECT_DECLS;
#ifdef HAVE_AESCCM
#if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_192)
ExpectNotNull(wolfSSL_EVP_aes_192_ccm());
#endif
return EXPECT_RESULT();
@ -41649,7 +41676,7 @@ static int test_wolfSSL_EVP_aes_192_ccm(void)
static int test_wolfSSL_EVP_aes_128_ccm(void)
{
EXPECT_DECLS;
#ifdef HAVE_AESCCM
#if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128)
ExpectNotNull(wolfSSL_EVP_aes_128_ccm());
#endif
return EXPECT_RESULT();
@ -42198,7 +42225,7 @@ static int test_evp_cipher_aes_gcm(void)
EXPECT_DECLS;
#if defined(HAVE_AESGCM) && ((!defined(HAVE_FIPS) && \
!defined(HAVE_SELFTEST)) || (defined(HAVE_FIPS_VERSION) && \
(HAVE_FIPS_VERSION >= 2)))
(HAVE_FIPS_VERSION >= 2))) && defined(WOLFSSL_AES_256)
/*
* This test checks data at various points in the encrypt/decrypt process
* against known values produced using the same test with OpenSSL. This
@ -49682,7 +49709,7 @@ static int test_wolfssl_EVP_aes_gcm_zeroLen(void)
{
EXPECT_DECLS;
#if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AESGCM) && \
!defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
!defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) && defined(WOLFSSL_AES_256)
/* Zero length plain text */
byte key[] = {
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
@ -50035,7 +50062,7 @@ static int test_wolfssl_EVP_aes_ccm_zeroLen(void)
{
EXPECT_DECLS;
#if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AESCCM) && \
!defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
!defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) && defined(WOLFSSL_AES_256)
/* Zero length plain text */
byte key[] = {
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
@ -61694,7 +61721,7 @@ static int test_extra_alerts_wrong_cs(void)
#endif
#if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_NO_TLS12) && \
defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES)
defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_AES_256)
#define TEST_CS_DOWNGRADE_CLIENT "ECDHE-RSA-AES256-GCM-SHA384"
@ -64988,7 +65015,8 @@ static int test_dtls13_frag_ch_pq(void)
}
#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS) \
&& defined(WOLFSSL_DTLS_MTU) && defined(WOLFSSL_DTLS_CH_FRAG)
&& defined(WOLFSSL_DTLS_MTU) && defined(WOLFSSL_DTLS_CH_FRAG) && \
defined(WOLFSSL_AES_256)
static int test_dtls_frag_ch_count_records(byte* b, int len)
{
DtlsRecordLayerHeader* dtlsRH;
@ -65011,7 +65039,8 @@ static int test_dtls_frag_ch(void)
{
EXPECT_DECLS;
#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS13) \
&& defined(WOLFSSL_DTLS_MTU) && defined(WOLFSSL_DTLS_CH_FRAG)
&& defined(WOLFSSL_DTLS_MTU) && defined(WOLFSSL_DTLS_CH_FRAG) && \
defined(WOLFSSL_AES_256)
WOLFSSL_CTX *ctx_c = NULL;
WOLFSSL_CTX *ctx_s = NULL;
WOLFSSL *ssl_c = NULL;
@ -66758,7 +66787,7 @@ TEST_CASE testCases[] = {
/* AES cipher and GMAC. */
TEST_AES_DECLS,
#if defined(WOLFSSL_AES_EAX) && \
#if defined(WOLFSSL_AES_EAX) && defined(WOLFSSL_AES_256) && \
(!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
TEST_AES_EAX_DECLS,
#endif /* WOLFSSL_AES_EAX */

5
tests/api/test_aes.c
View File

@ -756,7 +756,8 @@ int test_wc_AesGcmMixedEncDecLongIV(void)
EXPECT_DECLS;
#if (!defined(HAVE_FIPS) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) && \
!defined(NO_AES) && defined(HAVE_AESGCM) && defined(WOLFSSL_AESGCM_STREAM)
!defined(NO_AES) && defined(HAVE_AESGCM) && defined(WOLFSSL_AES_256) && \
defined(WOLFSSL_AESGCM_STREAM)
const byte key[] = {
0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66,
@ -1419,7 +1420,7 @@ int test_wc_AesCcmEncryptDecrypt(void)
return EXPECT_RESULT();
} /* END test_wc_AesCcmEncryptDecrypt */
#if defined(WOLFSSL_AES_EAX) && \
#if defined(WOLFSSL_AES_EAX) && defined(WOLFSSL_AES_256) && \
(!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
/*******************************************************************************

4
tests/api/test_aes.h
View File

@ -35,7 +35,7 @@ int test_wc_AesGcmMixedEncDecLongIV(void);
int test_wc_AesGcmStream(void);
int test_wc_AesCcmSetKey(void);
int test_wc_AesCcmEncryptDecrypt(void);
#if defined(WOLFSSL_AES_EAX) && \
#if defined(WOLFSSL_AES_EAX) && defined(WOLFSSL_AES_256) && \
(!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
int test_wc_AesEaxVectors(void);
int test_wc_AesEaxEncryptAuth(void);
@ -58,7 +58,7 @@ int test_wc_GmacUpdate(void);
TEST_DECL_GROUP("aes", test_wc_AesCcmSetKey), \
TEST_DECL_GROUP("aes", test_wc_AesCcmEncryptDecrypt)
#if defined(WOLFSSL_AES_EAX) && \
#if defined(WOLFSSL_AES_EAX) && defined(WOLFSSL_AES_256) && \
(!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST)
#define TEST_AES_EAX_DECLS \
TEST_DECL_GROUP("aes-eax", test_wc_AesEaxVectors), \

2
tests/api/test_dtls.c
View File

@ -67,7 +67,9 @@ int test_dtls12_basic_connection_id(void)
#endif
#ifndef NO_PSK
"DHE-PSK-AES128-CBC-SHA256",
#ifdef WOQLFSSL_AES_256
"DHE-PSK-AES256-GCM-SHA384",
#endif
#ifdef HAVE_NULL_CIPHER
"DHE-PSK-NULL-SHA256",
#endif

2
tests/suites.c
View File

@ -1208,7 +1208,7 @@ int SuiteTest(int argc, char** argv)
}
XSTRLCPY(argv0[2], "", sizeof(argv0[2]));
#endif
#ifdef WOLFSSL_EXTRA_ALERTS
#if defined(WOLFSSL_EXTRA_ALERTS) && defined(WOLFSSL_AES_256)
/* failure tests */
args.argc = 3;
XSTRLCPY(argv0[1], "tests/test-dtls-fails-cipher.conf", sizeof(argv0[1]));

4
wolfcrypt/src/pkcs7.c
View File

@ -13106,11 +13106,9 @@ int wc_PKCS7_EncodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* output,
#ifdef HAVE_AESGCM
#ifdef WOLFSSL_AES_128
case AES128GCMb:
FALL_THROUGH;
#endif
#ifdef WOLFSSL_AES_192
case AES192GCMb:
FALL_THROUGH;
#endif
#ifdef WOLFSSL_AES_256
case AES256GCMb:
@ -13125,11 +13123,9 @@ int wc_PKCS7_EncodeAuthEnvelopedData(wc_PKCS7* pkcs7, byte* output,
#ifdef HAVE_AESCCM
#ifdef WOLFSSL_AES_128
case AES128CCMb:
FALL_THROUGH;
#endif
#ifdef WOLFSSL_AES_192
case AES192CCMb:
FALL_THROUGH;
#endif
#ifdef WOLFSSL_AES_256
case AES256CCMb:

39
wolfcrypt/test/test.c
View File

@ -620,7 +620,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sshkdf_test(void);
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t tls13_kdf_test(void);
#endif
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t x963kdf_test(void);
#if defined(HAVE_HPKE) && defined(HAVE_ECC) && defined(HAVE_AESGCM)
#if defined(HAVE_HPKE) && defined(HAVE_ECC) && defined(HAVE_AESGCM) && \
defined(WOLFSSL_AES_256)
WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hpke_test(void);
#endif
#ifdef WC_SRTP_KDF
@ -1934,7 +1935,8 @@ options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\
TEST_PASS("X963-KDF test passed!\n");
#endif
#if defined(HAVE_HPKE) && defined(HAVE_ECC) && defined(HAVE_AESGCM)
#if defined(HAVE_HPKE) && defined(HAVE_ECC) && defined(HAVE_AESGCM) && \
defined(WOLFSSL_AES_256)
PRIVATE_KEY_UNLOCK();
if ( (ret = hpke_test()) != 0)
TEST_FAIL("HPKE test failed!\n", ret);
@ -10135,6 +10137,7 @@ EVP_TEST_END:
if (XMEMCMP(plain + 6, plain1 + 6, WC_AES_BLOCK_SIZE))
ERROR_OUT(WC_TEST_RET_ENC_NC, out);
#endif /* HAVE_AES_DECRYPT */
#endif /* WOLFSSL_AES_256 */
out:
@ -10151,7 +10154,6 @@ EVP_TEST_END:
wc_AesFree(dec);
#endif
#endif
#endif /* WOLFSSL_AES_256 */
return ret;
}
@ -14158,10 +14160,14 @@ static wc_test_ret_t aes_ecb_test(Aes* enc, Aes* dec, byte* cipher, byte* plain)
/* keys padded to block size (16 bytes) */
WOLFSSL_SMALL_STACK_STATIC const byte key_128[] =
"0123456789abcdef ";
#ifdef WOLFSSL_AES_192
WOLFSSL_SMALL_STACK_STATIC const byte key_192[] =
"0123456789abcdef01234567 ";
#endif
#ifdef WOLFSSL_AES_256
WOLFSSL_SMALL_STACK_STATIC const byte key_256[] =
"0123456789abcdef0123456789abcdef ";
#endif
WOLFSSL_SMALL_STACK_STATIC const byte iv[] = "1234567890abcdef ";
WOLFSSL_SMALL_STACK_STATIC const byte msg[] = {
0x6e, 0x6f, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74,
@ -14171,15 +14177,17 @@ static wc_test_ret_t aes_ecb_test(Aes* enc, Aes* dec, byte* cipher, byte* plain)
0xd0, 0xc9, 0xd9, 0xc9, 0x40, 0xe8, 0x97, 0xb6,
0xc8, 0x8c, 0x33, 0x3b, 0xb5, 0x8f, 0x85, 0xd1
};
#ifdef WOLFSSL_AES_192
WOLFSSL_SMALL_STACK_STATIC const byte verify_ecb_192[WC_AES_BLOCK_SIZE] = {
0x06, 0x57, 0xee, 0x78, 0x3f, 0x96, 0x00, 0xb1,
0xec, 0x76, 0x94, 0x30, 0x29, 0xbe, 0x15, 0xab
};
#endif
#ifdef WOLFSSL_AES_256
WOLFSSL_SMALL_STACK_STATIC const byte verify_ecb_256[WC_AES_BLOCK_SIZE] = {
0xcd, 0xf2, 0x81, 0x3e, 0x73, 0x3e, 0xf7, 0x33,
0x3d, 0x18, 0xfd, 0x41, 0x85, 0x37, 0x04, 0x82
};
WOLFSSL_SMALL_STACK_STATIC const byte niKey[] = {
0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,
0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,
@ -14194,6 +14202,7 @@ static wc_test_ret_t aes_ecb_test(Aes* enc, Aes* dec, byte* cipher, byte* plain)
0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,
0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8
};
#endif
int i;
struct {
@ -14204,9 +14213,13 @@ static wc_test_ret_t aes_ecb_test(Aes* enc, Aes* dec, byte* cipher, byte* plain)
const byte* verify;
} testVec[] = {
{ key_128, 16, iv, msg, verify_ecb_128 },
#ifdef WOLFSSL_AES_192
{ key_192, 24, iv, msg, verify_ecb_192 },
#endif
#ifdef WOLFSSL_AES_256
{ key_256, 32, iv, msg, verify_ecb_256 },
{ niKey, 32, NULL, niPlain, niCipher }
#endif
};
#define AES_ECB_TEST_LEN (int)(sizeof(testVec) / sizeof(*testVec))
@ -14440,7 +14453,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_cbc_test(void)
}
#endif /* WOLFSSL_AES_128 */
#if defined(WOLFSSL_AESNI) && defined(HAVE_AES_DECRYPT)
#if defined(WOLFSSL_AESNI) && defined(HAVE_AES_DECRYPT) && \
defined(WOLFSSL_AES_256)
{
WOLFSSL_SMALL_STACK_STATIC const byte bigMsg[] = {
/* "All work and no play makes Jack a dull boy. " */
@ -14621,7 +14635,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_cbc_test(void)
if (ret != 0)
goto out;
}
#endif /* WOLFSSL_AESNI && HAVE_AES_DECRYPT */
#endif /* WOLFSSL_AESNI && HAVE_AES_DECRYPT && WOLFSSL_AES_256 */
/* Test of AES IV state with encrypt/decrypt */
#if defined(WOLFSSL_AES_128) && !defined(HAVE_RENESAS_SYNC)
@ -28776,7 +28790,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t x963kdf_test(void)
#if defined(HAVE_HPKE) && \
(defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)) && \
defined(HAVE_AESGCM)
defined(HAVE_AESGCM) && defined(WOLFSSL_AES_256)
static wc_test_ret_t hpke_test_single(Hpke* hpke)
{
@ -29091,7 +29105,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hpke_test(void)
return ret;
}
#endif /* HAVE_HPKE && HAVE_ECC && HAVE_AESGCM */
#endif /* HAVE_HPKE && HAVE_ECC && HAVE_AESGCM && WOLFSSL_AES_256 */
#if defined(WC_SRTP_KDF)
typedef struct Srtp_Kdf_Tv {
@ -52174,7 +52188,7 @@ static wc_test_ret_t pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
#endif
#endif
#if !defined(NO_AES) && defined(HAVE_AES_CBC) && !defined(NO_AES_128)
#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
/* ori (OtherRecipientInfo) recipient types */
ADD_PKCS7ENVELOPEDVECTOR(
data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0, NULL, 0, NULL, 0,
@ -53249,7 +53263,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7authenveloped_test(void)
#endif /* HAVE_AESGCM || HAVE_AESCCM */
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256)
static const byte p7DefKey[] = {
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
@ -53681,7 +53695,7 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7callback_test(byte* cert, word32 cert
return ret;
}
#endif /* !NO_AES && HAVE_AES_CBC */
#endif /* !NO_AES && HAVE_AES_CBC && WOLFSSL_AES_256 */
#ifndef NO_PKCS7_ENCRYPTED_DATA
@ -55284,7 +55298,8 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7signed_test(void)
eccClientCertBuf, (word32)eccClientCertBufSz,
eccClientPrivKeyBuf, (word32)eccClientPrivKeyBufSz);
#if !defined(NO_RSA) && !defined(NO_AES) && defined(HAVE_AES_CBC)
#if !defined(NO_RSA) && !defined(NO_AES) && defined(HAVE_AES_CBC) && \
defined(WOLFSSL_AES_256)
if (ret >= 0)
ret = pkcs7callback_test(
rsaClientCertBuf, (word32)rsaClientCertBufSz,

9
wolfssl/internal.h
View File

@ -532,12 +532,13 @@
#endif
#if defined(HAVE_ANON) && !defined(NO_TLS) && !defined(NO_DH) && \
!defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128)
#ifdef HAVE_AES_CBC
!defined(NO_AES)
#if !defined(NO_SHA) && defined(HAVE_AES_CBC) && \
defined(WOLFSSL_AES_128)
#define BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA
#endif
#if defined(WOLFSSL_SHA384) && defined(HAVE_AESGCM)
#if defined(WOLFSSL_SHA384) && defined(HAVE_AESGCM) && \
defined(WOLFSSL_AES_256)
#define BUILD_TLS_DH_anon_WITH_AES_256_GCM_SHA384
#endif
#endif