From 3a8b08cdbf3b8357f70f9661eb869537c4245028 Mon Sep 17 00:00:00 2001 From: David Garske Date: Fri, 30 Mar 2018 11:24:28 -0700 Subject: [PATCH] Fix to move the hashType out of EncryptedInfo. Fix for parsing "DEC-Info: ". Fix for determining when to set and get ivSz. --- src/ssl.c | 5 +++-- wolfcrypt/src/asn.c | 25 ++++++++++++++----------- wolfcrypt/src/wc_encrypt.c | 8 ++++---- wolfssl/wolfcrypt/asn_public.h | 1 - wolfssl/wolfcrypt/wc_encrypt.h | 4 ++-- 5 files changed, 23 insertions(+), 20 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index c16c5f936..04ffea21a 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -4608,7 +4608,7 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, /* decrypt the key */ ret = wc_BufferKeyDecrypt(info, der->buffer, der->length, - (byte*)password, passwordSz); + (byte*)password, passwordSz, WC_MD5); } #ifdef WOLFSSL_SMALL_STACK @@ -11838,6 +11838,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) #endif XMEMSET(info, 0, sizeof(EncryptedInfo)); + info->ivSz = EVP_SALT_SIZE; ret = wolfSSL_EVP_get_hashinfo(md, &hashType, NULL); if (ret == 0) @@ -25101,7 +25102,7 @@ static int EncryptDerKey(byte *der, int *derSz, const EVP_CIPHER* cipher, (*derSz) += paddingSz; /* encrypt buffer */ - if (wc_BufferKeyEncrypt(info, der, *derSz, passwd, passwdSz) != 0) { + if (wc_BufferKeyEncrypt(info, der, *derSz, passwd, passwdSz, WC_MD5) != 0) { WOLFSSL_MSG("encrypt key failed"); #ifdef WOLFSSL_SMALL_STACK XFREE(info, NULL, DYNAMIC_TYPE_ENCRYPTEDINFO); diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 86c1b8d98..af206ff79 100755 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -7468,12 +7468,12 @@ int wc_EncryptedInfoGet(EncryptedInfo* info, const char* cipherInfo) if (XSTRNCMP(cipherInfo, kEncTypeDes, XSTRLEN(kEncTypeDes)) == 0) { info->cipherType = WC_CIPHER_DES; info->keySz = DES_KEY_SIZE; - info->ivSz = DES_IV_SIZE; + if (info->ivSz == 0) info->ivSz = DES_IV_SIZE; } else if (XSTRNCMP(cipherInfo, kEncTypeDes3, XSTRLEN(kEncTypeDes3)) == 0) { info->cipherType = WC_CIPHER_DES3; info->keySz = DES3_KEY_SIZE; - info->ivSz = DES_IV_SIZE; + if (info->ivSz == 0) info->ivSz = DES_IV_SIZE; } else #endif /* NO_DES3 */ @@ -7483,7 +7483,7 @@ int wc_EncryptedInfoGet(EncryptedInfo* info, const char* cipherInfo) if (XSTRNCMP(cipherInfo, kEncTypeAesCbc128, XSTRLEN(kEncTypeAesCbc128)) == 0) { info->cipherType = WC_CIPHER_AES_CBC; info->keySz = AES_128_KEY_SIZE; - info->ivSz = AES_IV_SIZE; + if (info->ivSz == 0) info->ivSz = AES_IV_SIZE; } else #endif @@ -7491,7 +7491,7 @@ int wc_EncryptedInfoGet(EncryptedInfo* info, const char* cipherInfo) if (XSTRNCMP(cipherInfo, kEncTypeAesCbc192, XSTRLEN(kEncTypeAesCbc192)) == 0) { info->cipherType = WC_CIPHER_AES_CBC; info->keySz = AES_192_KEY_SIZE; - info->ivSz = AES_IV_SIZE; + if (info->ivSz == 0) info->ivSz = AES_IV_SIZE; } else #endif @@ -7499,7 +7499,7 @@ int wc_EncryptedInfoGet(EncryptedInfo* info, const char* cipherInfo) if (XSTRNCMP(cipherInfo, kEncTypeAesCbc256, XSTRLEN(kEncTypeAesCbc256)) == 0) { info->cipherType = WC_CIPHER_AES_CBC; info->keySz = AES_256_KEY_SIZE; - info->ivSz = AES_IV_SIZE; + if (info->ivSz == 0) info->ivSz = AES_IV_SIZE; } else #endif @@ -7511,7 +7511,7 @@ int wc_EncryptedInfoGet(EncryptedInfo* info, const char* cipherInfo) return ret; } -static int wc_EncryptedInfo_Parse(EncryptedInfo* info, +static int wc_EncryptedInfoParse(EncryptedInfo* info, char** pBuffer, size_t bufSz) { int err = 0; @@ -7550,7 +7550,7 @@ static int wc_EncryptedInfo_Parse(EncryptedInfo* info, return BUFFER_E; /* skip dec-info and ": " */ - start += XSTRLEN(kDecInfoHeader) + 2; + start += XSTRLEN(kDecInfoHeader); if (start[0] == ':') start++; if (start[0] == ' ') @@ -7567,11 +7567,14 @@ static int wc_EncryptedInfo_Parse(EncryptedInfo* info, finishSz = (word32)(bufferEnd - finish); newline = XSTRNSTR(finish, "\r", min(finishSz, PEM_LINE_LEN)); + /* get cipher name */ if (NAME_SZ < (finish - start)) /* buffer size of info->name */ return BUFFER_E; if (XMEMCPY(info->name, start, finish - start) == NULL) return BUFFER_E; info->name[finish - start] = '\0'; /* null term */ + + /* get IV */ if (finishSz < sizeof(info->iv) + 1) return BUFFER_E; if (XMEMCPY(info->iv, finish + 1, sizeof(info->iv)) == NULL) @@ -7607,7 +7610,7 @@ static int wc_EncryptedInfo_Parse(EncryptedInfo* info, return err; } -static int wc_EncryptedInfo_Append(char* dest, char* cipherInfo) +static int wc_EncryptedInfoAppend(char* dest, char* cipherInfo) { if (cipherInfo != NULL) { size_t cipherInfoStrLen = XSTRLEN(cipherInfo); @@ -7686,7 +7689,7 @@ int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, word32 outSz, XSTRNCAT(footer, "\n", 2); #ifdef WOLFSSL_ENCRYPTED_KEYS - err = wc_EncryptedInfo_Append(header, (char*)cipher_info); + err = wc_EncryptedInfoAppend(header, (char*)cipher_info); if (err != 0) { #ifdef WOLFSSL_SMALL_STACK XFREE(header, NULL, DYNAMIC_TYPE_TMP_BUFFER); @@ -7908,7 +7911,7 @@ int PemToDer(const unsigned char* buff, long longSz, int type, #ifdef WOLFSSL_ENCRYPTED_KEYS if (info) { - ret = wc_EncryptedInfo_Parse(info, &headerEnd, bufferEnd - headerEnd); + ret = wc_EncryptedInfoParse(info, &headerEnd, bufferEnd - headerEnd); if (ret < 0) return ret; if (info->set) @@ -8006,7 +8009,7 @@ int PemToDer(const unsigned char* buff, long longSz, int type, /* decrypt the key */ else { ret = wc_BufferKeyDecrypt(info, der->buffer, der->length, - (byte*)password, passwordSz); + (byte*)password, passwordSz, WC_MD5); #ifdef WOLFSSL_SMALL_STACK XFREE(password, heap, DYNAMIC_TYPE_STRING); #endif diff --git a/wolfcrypt/src/wc_encrypt.c b/wolfcrypt/src/wc_encrypt.c index e57a27903..25897a5b9 100644 --- a/wolfcrypt/src/wc_encrypt.c +++ b/wolfcrypt/src/wc_encrypt.c @@ -239,7 +239,7 @@ int wc_Des3_CbcDecryptWithKey(byte* out, const byte* in, word32 sz, #ifdef WOLFSSL_ENCRYPTED_KEYS int wc_BufferKeyDecrypt(EncryptedInfo* info, byte* der, word32 derSz, - const byte* password, int passwordSz) + const byte* password, int passwordSz, int hashType) { int ret; #ifdef WOLFSSL_SMALL_STACK @@ -267,7 +267,7 @@ int wc_BufferKeyDecrypt(EncryptedInfo* info, byte* der, word32 derSz, #endif if ((ret = wc_PBKDF1(key, password, passwordSz, info->iv, info->ivSz, 1, - info->keySz, info->hashType)) != 0) { + info->keySz, hashType)) != 0) { #ifdef WOLFSSL_SMALL_STACK XFREE(key, NULL, DYNAMIC_TYPE_SYMETRIC_KEY); #endif @@ -295,7 +295,7 @@ int wc_BufferKeyDecrypt(EncryptedInfo* info, byte* der, word32 derSz, } int wc_BufferKeyEncrypt(EncryptedInfo* info, byte* der, word32 derSz, - const byte* password, int passwordSz) + const byte* password, int passwordSz, int hashType) { int ret; #ifdef WOLFSSL_SMALL_STACK @@ -319,7 +319,7 @@ int wc_BufferKeyEncrypt(EncryptedInfo* info, byte* der, word32 derSz, #endif /* WOLFSSL_SMALL_STACK */ if ((ret = wc_PBKDF1(key, password, passwordSz, info->iv, info->ivSz, 1, - info->keySz, info->hashType)) != 0) { + info->keySz, hashType)) != 0) { #ifdef WOLFSSL_SMALL_STACK XFREE(key, NULL, DYNAMIC_TYPE_SYMETRIC_KEY); #endif diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h index 69f2d7384..87d8f2947 100644 --- a/wolfssl/wolfcrypt/asn_public.h +++ b/wolfssl/wolfcrypt/asn_public.h @@ -142,7 +142,6 @@ typedef struct EncryptedInfo { long consumed; /* tracks PEM bytes consumed */ int cipherType; - int hashType; word32 keySz; word32 ivSz; /* salt or encrypted IV size */ diff --git a/wolfssl/wolfcrypt/wc_encrypt.h b/wolfssl/wolfcrypt/wc_encrypt.h index 3eab17b26..717ffc11b 100644 --- a/wolfssl/wolfcrypt/wc_encrypt.h +++ b/wolfssl/wolfcrypt/wc_encrypt.h @@ -98,9 +98,9 @@ WOLFSSL_API int wc_Des3_CbcDecryptWithKey(byte* out, #ifdef WOLFSSL_ENCRYPTED_KEYS struct EncryptedInfo; WOLFSSL_API int wc_BufferKeyDecrypt(struct EncryptedInfo* info, byte* der, word32 derSz, - const byte* password, int passwordSz); + const byte* password, int passwordSz, int hashType); WOLFSSL_API int wc_BufferKeyEncrypt(struct EncryptedInfo* info, byte* der, word32 derSz, - const byte* password, int passwordSz); + const byte* password, int passwordSz, int hashType); #endif /* WOLFSSL_ENCRYPTED_KEYS */ #ifdef __cplusplus