wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-03 20:54:41 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix to move the hashType out of EncryptedInfo. Fix for parsing "DEC-Info: ". Fix for determining when to set and get ivSz.

Browse Source
This commit is contained in:
David Garske
2018-03-30 11:24:28 -07:00
parent c83e63853d
commit 3a8b08cdbf
5 changed files with 23 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/ssl.c
View File

@@ -4608,7 +4608,7 @@ int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
/* decrypt the key */ /* decrypt the key */
ret = wc_BufferKeyDecrypt(info, der->buffer, der->length, ret = wc_BufferKeyDecrypt(info, der->buffer, der->length,
(byte*)password, passwordSz); (byte*)password, passwordSz, WC_MD5);
} }
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
@@ -11838,6 +11838,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl)
#endif #endif
XMEMSET(info, 0, sizeof(EncryptedInfo)); XMEMSET(info, 0, sizeof(EncryptedInfo));
info->ivSz = EVP_SALT_SIZE;
ret = wolfSSL_EVP_get_hashinfo(md, &hashType, NULL); ret = wolfSSL_EVP_get_hashinfo(md, &hashType, NULL);
if (ret == 0) if (ret == 0)
@@ -25101,7 +25102,7 @@ static int EncryptDerKey(byte *der, int *derSz, const EVP_CIPHER* cipher,
(*derSz) += paddingSz; (*derSz) += paddingSz;
/* encrypt buffer */ /* encrypt buffer */
if (wc_BufferKeyEncrypt(info, der, *derSz, passwd, passwdSz) != 0) { if (wc_BufferKeyEncrypt(info, der, *derSz, passwd, passwdSz, WC_MD5) != 0) {
WOLFSSL_MSG("encrypt key failed"); WOLFSSL_MSG("encrypt key failed");
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(info, NULL, DYNAMIC_TYPE_ENCRYPTEDINFO); XFREE(info, NULL, DYNAMIC_TYPE_ENCRYPTEDINFO);

25
wolfcrypt/src/asn.c
View File

@@ -7468,12 +7468,12 @@ int wc_EncryptedInfoGet(EncryptedInfo* info, const char* cipherInfo)
if (XSTRNCMP(cipherInfo, kEncTypeDes, XSTRLEN(kEncTypeDes)) == 0) { if (XSTRNCMP(cipherInfo, kEncTypeDes, XSTRLEN(kEncTypeDes)) == 0) {
info->cipherType = WC_CIPHER_DES; info->cipherType = WC_CIPHER_DES;
info->keySz = DES_KEY_SIZE; info->keySz = DES_KEY_SIZE;
info->ivSz = DES_IV_SIZE; if (info->ivSz == 0) info->ivSz = DES_IV_SIZE;
} }
else if (XSTRNCMP(cipherInfo, kEncTypeDes3, XSTRLEN(kEncTypeDes3)) == 0) { else if (XSTRNCMP(cipherInfo, kEncTypeDes3, XSTRLEN(kEncTypeDes3)) == 0) {
info->cipherType = WC_CIPHER_DES3; info->cipherType = WC_CIPHER_DES3;
info->keySz = DES3_KEY_SIZE; info->keySz = DES3_KEY_SIZE;
info->ivSz = DES_IV_SIZE; if (info->ivSz == 0) info->ivSz = DES_IV_SIZE;
} }
else else
#endif /* NO_DES3 */ #endif /* NO_DES3 */
@@ -7483,7 +7483,7 @@ int wc_EncryptedInfoGet(EncryptedInfo* info, const char* cipherInfo)
if (XSTRNCMP(cipherInfo, kEncTypeAesCbc128, XSTRLEN(kEncTypeAesCbc128)) == 0) { if (XSTRNCMP(cipherInfo, kEncTypeAesCbc128, XSTRLEN(kEncTypeAesCbc128)) == 0) {
info->cipherType = WC_CIPHER_AES_CBC; info->cipherType = WC_CIPHER_AES_CBC;
info->keySz = AES_128_KEY_SIZE; info->keySz = AES_128_KEY_SIZE;
info->ivSz = AES_IV_SIZE; if (info->ivSz == 0) info->ivSz = AES_IV_SIZE;
} }
else else
#endif #endif
@@ -7491,7 +7491,7 @@ int wc_EncryptedInfoGet(EncryptedInfo* info, const char* cipherInfo)
if (XSTRNCMP(cipherInfo, kEncTypeAesCbc192, XSTRLEN(kEncTypeAesCbc192)) == 0) { if (XSTRNCMP(cipherInfo, kEncTypeAesCbc192, XSTRLEN(kEncTypeAesCbc192)) == 0) {
info->cipherType = WC_CIPHER_AES_CBC; info->cipherType = WC_CIPHER_AES_CBC;
info->keySz = AES_192_KEY_SIZE; info->keySz = AES_192_KEY_SIZE;
info->ivSz = AES_IV_SIZE; if (info->ivSz == 0) info->ivSz = AES_IV_SIZE;
} }
else else
#endif #endif
@@ -7499,7 +7499,7 @@ int wc_EncryptedInfoGet(EncryptedInfo* info, const char* cipherInfo)
if (XSTRNCMP(cipherInfo, kEncTypeAesCbc256, XSTRLEN(kEncTypeAesCbc256)) == 0) { if (XSTRNCMP(cipherInfo, kEncTypeAesCbc256, XSTRLEN(kEncTypeAesCbc256)) == 0) {
info->cipherType = WC_CIPHER_AES_CBC; info->cipherType = WC_CIPHER_AES_CBC;
info->keySz = AES_256_KEY_SIZE; info->keySz = AES_256_KEY_SIZE;
info->ivSz = AES_IV_SIZE; if (info->ivSz == 0) info->ivSz = AES_IV_SIZE;
} }
else else
#endif #endif
@@ -7511,7 +7511,7 @@ int wc_EncryptedInfoGet(EncryptedInfo* info, const char* cipherInfo)
return ret; return ret;
} }
static int wc_EncryptedInfo_Parse(EncryptedInfo* info, static int wc_EncryptedInfoParse(EncryptedInfo* info,
char** pBuffer, size_t bufSz) char** pBuffer, size_t bufSz)
{ {
int err = 0; int err = 0;
@@ -7550,7 +7550,7 @@ static int wc_EncryptedInfo_Parse(EncryptedInfo* info,
return BUFFER_E; return BUFFER_E;
/* skip dec-info and ": " */ /* skip dec-info and ": " */
start += XSTRLEN(kDecInfoHeader) + 2; start += XSTRLEN(kDecInfoHeader);
if (start[0] == ':') if (start[0] == ':')
start++; start++;
if (start[0] == ' ') if (start[0] == ' ')
@@ -7567,11 +7567,14 @@ static int wc_EncryptedInfo_Parse(EncryptedInfo* info,
finishSz = (word32)(bufferEnd - finish); finishSz = (word32)(bufferEnd - finish);
newline = XSTRNSTR(finish, "\r", min(finishSz, PEM_LINE_LEN)); newline = XSTRNSTR(finish, "\r", min(finishSz, PEM_LINE_LEN));
/* get cipher name */
if (NAME_SZ < (finish - start)) /* buffer size of info->name */ if (NAME_SZ < (finish - start)) /* buffer size of info->name */
return BUFFER_E; return BUFFER_E;
if (XMEMCPY(info->name, start, finish - start) == NULL) if (XMEMCPY(info->name, start, finish - start) == NULL)
return BUFFER_E; return BUFFER_E;
info->name[finish - start] = '\0'; /* null term */ info->name[finish - start] = '\0'; /* null term */
/* get IV */
if (finishSz < sizeof(info->iv) + 1) if (finishSz < sizeof(info->iv) + 1)
return BUFFER_E; return BUFFER_E;
if (XMEMCPY(info->iv, finish + 1, sizeof(info->iv)) == NULL) if (XMEMCPY(info->iv, finish + 1, sizeof(info->iv)) == NULL)
@@ -7607,7 +7610,7 @@ static int wc_EncryptedInfo_Parse(EncryptedInfo* info,
return err; return err;
} }
static int wc_EncryptedInfo_Append(char* dest, char* cipherInfo) static int wc_EncryptedInfoAppend(char* dest, char* cipherInfo)
{ {
if (cipherInfo != NULL) { if (cipherInfo != NULL) {
size_t cipherInfoStrLen = XSTRLEN(cipherInfo); size_t cipherInfoStrLen = XSTRLEN(cipherInfo);
@@ -7686,7 +7689,7 @@ int wc_DerToPemEx(const byte* der, word32 derSz, byte* output, word32 outSz,
XSTRNCAT(footer, "\n", 2); XSTRNCAT(footer, "\n", 2);
#ifdef WOLFSSL_ENCRYPTED_KEYS #ifdef WOLFSSL_ENCRYPTED_KEYS
err = wc_EncryptedInfo_Append(header, (char*)cipher_info); err = wc_EncryptedInfoAppend(header, (char*)cipher_info);
if (err != 0) { if (err != 0) {
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(header, NULL, DYNAMIC_TYPE_TMP_BUFFER); XFREE(header, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@@ -7908,7 +7911,7 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
#ifdef WOLFSSL_ENCRYPTED_KEYS #ifdef WOLFSSL_ENCRYPTED_KEYS
if (info) { if (info) {
ret = wc_EncryptedInfo_Parse(info, &headerEnd, bufferEnd - headerEnd); ret = wc_EncryptedInfoParse(info, &headerEnd, bufferEnd - headerEnd);
if (ret < 0) if (ret < 0)
return ret; return ret;
if (info->set) if (info->set)
@@ -8006,7 +8009,7 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
/* decrypt the key */ /* decrypt the key */
else { else {
ret = wc_BufferKeyDecrypt(info, der->buffer, der->length, ret = wc_BufferKeyDecrypt(info, der->buffer, der->length,
(byte*)password, passwordSz); (byte*)password, passwordSz, WC_MD5);
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(password, heap, DYNAMIC_TYPE_STRING); XFREE(password, heap, DYNAMIC_TYPE_STRING);
#endif #endif

8
wolfcrypt/src/wc_encrypt.c
View File

@@ -239,7 +239,7 @@ int wc_Des3_CbcDecryptWithKey(byte* out, const byte* in, word32 sz,
#ifdef WOLFSSL_ENCRYPTED_KEYS #ifdef WOLFSSL_ENCRYPTED_KEYS
int wc_BufferKeyDecrypt(EncryptedInfo* info, byte* der, word32 derSz, int wc_BufferKeyDecrypt(EncryptedInfo* info, byte* der, word32 derSz,
const byte* password, int passwordSz) const byte* password, int passwordSz, int hashType)
{ {
int ret; int ret;
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
@@ -267,7 +267,7 @@ int wc_BufferKeyDecrypt(EncryptedInfo* info, byte* der, word32 derSz,
#endif #endif
if ((ret = wc_PBKDF1(key, password, passwordSz, info->iv, info->ivSz, 1, if ((ret = wc_PBKDF1(key, password, passwordSz, info->iv, info->ivSz, 1,
info->keySz, info->hashType)) != 0) { info->keySz, hashType)) != 0) {
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(key, NULL, DYNAMIC_TYPE_SYMETRIC_KEY); XFREE(key, NULL, DYNAMIC_TYPE_SYMETRIC_KEY);
#endif #endif
@@ -295,7 +295,7 @@ int wc_BufferKeyDecrypt(EncryptedInfo* info, byte* der, word32 derSz,
} }
int wc_BufferKeyEncrypt(EncryptedInfo* info, byte* der, word32 derSz, int wc_BufferKeyEncrypt(EncryptedInfo* info, byte* der, word32 derSz,
const byte* password, int passwordSz) const byte* password, int passwordSz, int hashType)
{ {
int ret; int ret;
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
@@ -319,7 +319,7 @@ int wc_BufferKeyEncrypt(EncryptedInfo* info, byte* der, word32 derSz,
#endif /* WOLFSSL_SMALL_STACK */ #endif /* WOLFSSL_SMALL_STACK */
if ((ret = wc_PBKDF1(key, password, passwordSz, info->iv, info->ivSz, 1, if ((ret = wc_PBKDF1(key, password, passwordSz, info->iv, info->ivSz, 1,
info->keySz, info->hashType)) != 0) { info->keySz, hashType)) != 0) {
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
XFREE(key, NULL, DYNAMIC_TYPE_SYMETRIC_KEY); XFREE(key, NULL, DYNAMIC_TYPE_SYMETRIC_KEY);
#endif #endif

1
wolfssl/wolfcrypt/asn_public.h
View File

@@ -142,7 +142,6 @@ typedef struct EncryptedInfo {
long consumed; /* tracks PEM bytes consumed */ long consumed; /* tracks PEM bytes consumed */
int cipherType; int cipherType;
int hashType;
word32 keySz; word32 keySz;
word32 ivSz; /* salt or encrypted IV size */ word32 ivSz; /* salt or encrypted IV size */

4
wolfssl/wolfcrypt/wc_encrypt.h
View File

@@ -98,9 +98,9 @@ WOLFSSL_API int wc_Des3_CbcDecryptWithKey(byte* out,
#ifdef WOLFSSL_ENCRYPTED_KEYS #ifdef WOLFSSL_ENCRYPTED_KEYS
struct EncryptedInfo; struct EncryptedInfo;
WOLFSSL_API int wc_BufferKeyDecrypt(struct EncryptedInfo* info, byte* der, word32 derSz, WOLFSSL_API int wc_BufferKeyDecrypt(struct EncryptedInfo* info, byte* der, word32 derSz,
const byte* password, int passwordSz); const byte* password, int passwordSz, int hashType);
WOLFSSL_API int wc_BufferKeyEncrypt(struct EncryptedInfo* info, byte* der, word32 derSz, WOLFSSL_API int wc_BufferKeyEncrypt(struct EncryptedInfo* info, byte* der, word32 derSz,
const byte* password, int passwordSz); const byte* password, int passwordSz, int hashType);
#endif /* WOLFSSL_ENCRYPTED_KEYS */ #endif /* WOLFSSL_ENCRYPTED_KEYS */
#ifdef __cplusplus #ifdef __cplusplus