Don't undef HAVE_GETADDRINFO as it disables defines in projects using wolfSSL

Change test_wolfssl_EVP_aes_gcm so that changing the tag will fail the authentication check
2025-08-01 03:34:39 +02:00 · 2020-01-09 18:55:45 +01:00
parent ab56d078a4
commit 6e72a299d7
5 changed files with 41 additions and 32 deletions
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -40956,19 +40956,30 @@ int wolfSSL_CTX_get_ex_new_index(long idx, void* arg, void* a, void* b,
 void* wolfSSL_CRYPTO_get_ex_data(void * const* ex_data, int idx)
 {
    WOLFSSL_ENTER("wolfSSL_CTX_get_ex_data");
+#ifdef MAX_EX_DATA
    if(ex_data && idx < MAX_EX_DATA && idx >= 0) {
        return ex_data[idx];
    }
+#else
+    (void)ex_data;
+    (void)idx;
+#endif
    return NULL;
 }

 int wolfSSL_CRYPTO_set_ex_data(void** ex_data, int idx, void *data)
 {
    WOLFSSL_ENTER("wolfSSL_CRYPTO_set_ex_data");
+#ifdef MAX_EX_DATA
    if (ex_data && idx < MAX_EX_DATA && idx >= 0) {
        ex_data[idx] = data;
        return WOLFSSL_SUCCESS;
    }
+#else
+    (void)ex_data;
+    (void)idx;
+    (void)data;
+#endif
    return WOLFSSL_FAILURE;
 }

--- a/src/wolfio.c
+++ b/src/wolfio.c
@@ -770,7 +770,7 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec)
    int ret = 0;
    SOCKADDR_S addr;
    int sockaddr_len = sizeof(SOCKADDR_IN);
-#ifdef HAVE_GETADDRINFO
+#ifndef WOLF_C99
    ADDRINFO hints;
    ADDRINFO* answer = NULL;
    char strPort[6];
@@ -785,7 +785,8 @@ int wolfIO_TcpConnect(SOCKET_T* sockfd, const char* ip, word16 port, int to_sec)
    printf("TCP Connect: %s:%d\n", ip, port);
 #endif

-#ifdef HAVE_GETADDRINFO
+    /* use gethostbyname for c99 */
+#ifndef WOLF_C99
    XMEMSET(&hints, 0, sizeof(hints));
    hints.ai_family = AF_UNSPEC;
    hints.ai_socktype = SOCK_STREAM;
--- a/tests/api.c
+++ b/tests/api.c
@@ -29315,34 +29315,31 @@ static void test_wolfssl_EVP_aes_gcm(void)
        if (i == 0) {
            /* Default uses 96-bits IV length */
 #ifdef WOLFSSL_AES_128
-            AssertIntEQ(1, EVP_EncryptInit_ex(&de[i], EVP_aes_128_gcm(), NULL, key, iv));
+    AssertIntEQ(1, EVP_DecryptInit_ex(&de, EVP_aes_128_gcm(), NULL, NULL, NULL));
 #elif defined(WOLFSSL_AES_192)
-        AssertIntEQ(1, EVP_EncryptInit_ex(&de[i], EVP_aes_192_gcm(), NULL, key, iv));
+    AssertIntEQ(1, EVP_DecryptInit_ex(&de, EVP_aes_192_gcm(), NULL, NULL, NULL));
 #elif defined(WOLFSSL_AES_256)
-        AssertIntEQ(1, EVP_EncryptInit_ex(&de[i], EVP_aes_256_gcm(), NULL, key, iv));
+    AssertIntEQ(1, EVP_DecryptInit_ex(&de, EVP_aes_256_gcm(), NULL, NULL, NULL));
 #endif
-        }
-        else {
-#ifdef WOLFSSL_AES_128
-            AssertIntEQ(1, EVP_EncryptInit_ex(&de[i], EVP_aes_128_gcm(), NULL, NULL, NULL));
-#elif defined(WOLFSSL_AES_192)
-            AssertIntEQ(1, EVP_EncryptInit_ex(&de[i], EVP_aes_192_gcm(), NULL, NULL, NULL));
-#elif defined(WOLFSSL_AES_256)
-            AssertIntEQ(1, EVP_EncryptInit_ex(&de[i], EVP_aes_256_gcm(), NULL, NULL, NULL));
-#endif
-            /* non-default must to set the IV length first */
-            AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL));
-            AssertIntEQ(1, EVP_EncryptInit_ex(&de[i], NULL, NULL, key, iv));
+    AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de, EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL));
+    AssertIntEQ(1, EVP_DecryptInit_ex(&de, NULL, NULL, key, iv));
+    AssertIntEQ(1, EVP_DecryptUpdate(&de, NULL, &len, aad, aadSz));
+    AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de, EVP_CTRL_GCM_SET_TAG, AES_BLOCK_SIZE, tag));
+    AssertIntEQ(1, EVP_DecryptUpdate(&de, decryptedtxt, &len, ciphertxt, ciphertxtSz));
+    decryptedtxtSz = len;
+    AssertIntGT(EVP_DecryptFinal_ex(&de, decryptedtxt, &len), 0);
+    decryptedtxtSz += len;
+    AssertIntEQ(ciphertxtSz, decryptedtxtSz);
+    AssertIntEQ(0, XMEMCMP(plaintxt, decryptedtxt, decryptedtxtSz));

-        }
-        AssertIntEQ(1, EVP_EncryptUpdate(&de[i], NULL, &len, aad, aadSz));
-        AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_TAG, AES_BLOCK_SIZE, tag));
-        AssertIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, ciphertxtSz));
-        decryptedtxtSz = len;
-        AssertIntGT(EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len), 0);
-        decryptedtxtSz += len;
-        AssertIntEQ(ciphertxtSz, decryptedtxtSz);
-        AssertIntEQ(0, XMEMCMP(plaintxt, decryptedtxt, decryptedtxtSz));
+    /* modify tag*/
+    tag[AES_BLOCK_SIZE-1]+=0xBB;
+    AssertIntEQ(1, EVP_DecryptUpdate(&de, NULL, &len, aad, aadSz));
+    AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de, EVP_CTRL_GCM_SET_TAG, AES_BLOCK_SIZE, tag));
+    /* fail due to wrong tag */
+    AssertIntEQ(0, EVP_DecryptUpdate(&de, decryptedtxt, &len, ciphertxt, ciphertxtSz));
+    AssertIntGT(EVP_DecryptFinal_ex(&de, decryptedtxt, &len), 0);
+    AssertIntEQ(0, len);

        /* modify tag*/
        tag[AES_BLOCK_SIZE-1]+=0xBB;
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -10364,7 +10364,11 @@ int PemToDer(const unsigned char* buff, long longSz, int type,
        /* keyFormat is Key_Sum enum */
        if (keyFormat) {
        #ifdef HAVE_ECC
-            *eccKey = (header == BEGIN_EC_PRIV || header == beginBuf) ? 1 : 0;
+            *eccKey = (header == BEGIN_EC_PRIV
+#ifdef OPENSSL_EXTRA
+                    || header == beginBuf
+#endif
+                    ) ? 1 : 0;
        #else
            *eccKey = 0;
        #endif
--- a/wolfssl/wolfio.h
+++ b/wolfssl/wolfio.h
@@ -328,11 +328,7 @@
    #endif /* HAVE_SOCKADDR */

    /* use gethostbyname for c99 */
-    #ifdef WOLF_C99
-        #undef HAVE_GETADDRINFO
-    #endif
-
-    #ifdef HAVE_GETADDRINFO
+    #ifndef WOLF_C99
        typedef struct addrinfo         ADDRINFO;
    #endif
 #endif /* WOLFSSL_NO_SOCK */