wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 18:57:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fixes for building without AES CBC and support for PKCS7 without AES CBC.

Browse Source
This commit is contained in:
David Garske
2021-08-17 10:47:19 -07:00
parent a9b8b6d3de
commit 89904ce82e
7 changed files with 158 additions and 111 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/ssl.c
View File

@ -33894,8 +33894,13 @@ int wolfSSL_CMAC_Init(WOLFSSL_CMAC_CTX* ctx, const void *key, size_t keyLen,
WOLFSSL_ENTER("wolfSSL_CMAC_Init"); WOLFSSL_ENTER("wolfSSL_CMAC_Init");
if (ctx == NULL || cipher == NULL || (cipher != EVP_AES_128_CBC && if (ctx == NULL || cipher == NULL
cipher != EVP_AES_192_CBC && cipher != EVP_AES_256_CBC)) { #ifdef HAVE_AES_CBC
|| (cipher != EVP_AES_128_CBC &&
cipher != EVP_AES_192_CBC &&
cipher != EVP_AES_256_CBC)
#endif
) {
ret = WOLFSSL_FAILURE; ret = WOLFSSL_FAILURE;
} }

84
tests/api.c
View File

@ -3733,9 +3733,8 @@ static int nonblocking_accept_read(void* args, WOLFSSL* ssl, SOCKET_T* sockfd)
#endif /* WOLFSSL_SESSION_EXPORT */ #endif /* WOLFSSL_SESSION_EXPORT */
/* TODO: Expand and enable this when EVP_chacha20_poly1305 is supported */ /* TODO: Expand and enable this when EVP_chacha20_poly1305 is supported */
#if defined(HAVE_SESSION_TICKET) && \ #if defined(HAVE_SESSION_TICKET) && defined(OPENSSL_EXTRA) && \
defined(HAVE_AESGCM) && \ defined(HAVE_AES_CBC)
defined(OPENSSL_EXTRA)
typedef struct openssl_key_ctx { typedef struct openssl_key_ctx {
byte name[WOLFSSL_TICKET_NAME_SZ]; /* server name */ byte name[WOLFSSL_TICKET_NAME_SZ]; /* server name */
@ -3847,7 +3846,7 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args)
#if defined(HAVE_SESSION_TICKET) && \ #if defined(HAVE_SESSION_TICKET) && \
((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || defined(HAVE_AESGCM)) ((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || defined(HAVE_AESGCM))
#if defined(OPENSSL_EXTRA) && defined(HAVE_AESGCM) #if defined(OPENSSL_EXTRA) && defined(HAVE_AES_CBC)
OpenSSLTicketInit(); OpenSSLTicketInit();
wolfSSL_CTX_set_tlsext_ticket_key_cb(ctx, myTicketEncCbOpenSSL); wolfSSL_CTX_set_tlsext_ticket_key_cb(ctx, myTicketEncCbOpenSSL);
#elif defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) #elif defined(WOLFSSL_NO_DEF_TICKET_ENC_CB)
@ -4039,7 +4038,7 @@ done:
#if defined(HAVE_SESSION_TICKET) && \ #if defined(HAVE_SESSION_TICKET) && \
((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || defined(HAVE_AESGCM)) ((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || defined(HAVE_AESGCM))
#if defined(OPENSSL_EXTRA) && defined(HAVE_AESGCM) #if defined(OPENSSL_EXTRA) && defined(HAVE_AES_CBC)
OpenSSLTicketCleanup(); OpenSSLTicketCleanup();
#elif defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) #elif defined(WOLFSSL_NO_DEF_TICKET_ENC_CB)
TicketCleanup(); TicketCleanup();
@ -25535,7 +25534,8 @@ static void test_wc_PKCS7_VerifySignedData(void)
} /* END test_wc_PKCS7_VerifySignedData() */ } /* END test_wc_PKCS7_VerifySignedData() */
#if defined(HAVE_PKCS7) && !defined(NO_AES) && !defined(NO_AES_256) #if defined(HAVE_PKCS7) && !defined(NO_AES) && defined(HAVE_AES_CBC) && \
!defined(NO_AES_256)
static const byte defKey[] = { static const byte defKey[] = {
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
@ -25634,7 +25634,7 @@ static int myCEKwrapFunc(PKCS7* pkcs7, byte* cek, word32 cekSz, byte* keyId,
(void)orginKeySz; (void)orginKeySz;
return ret; return ret;
} }
#endif /* HAVE_PKCS7 && !NO_AES && !NO_AES_256 */ #endif /* HAVE_PKCS7 && !NO_AES && HAVE_AES_CBC && !NO_AES_256 */
/* /*
@ -25777,7 +25777,7 @@ static void test_wc_PKCS7_EncodeDecodeEnvelopedData (void)
{(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, DES3b, 0, 0, {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, DES3b, 0, 0,
rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz}, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz},
#endif /* NO_DES3 */ #endif /* NO_DES3 */
#ifndef NO_AES #if !defined(NO_AES) && defined(HAVE_AES_CBC)
#ifndef NO_AES_128 #ifndef NO_AES_128
{(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES128CBCb, {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES128CBCb,
0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz}, 0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz},
@ -25790,11 +25790,11 @@ static void test_wc_PKCS7_EncodeDecodeEnvelopedData (void)
{(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES256CBCb, {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES256CBCb,
0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz}, 0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz},
#endif #endif
#endif /* NO_AES */ #endif /* NO_AES && HAVE_AES_CBC */
#endif /* NO_RSA */ #endif /* NO_RSA */
#if defined(HAVE_ECC) #if defined(HAVE_ECC)
#ifndef NO_AES #if !defined(NO_AES) && defined(HAVE_AES_CBC)
#if !defined(NO_SHA) && !defined(NO_AES_128) #if !defined(NO_SHA) && !defined(NO_AES_128)
{(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES128CBCb, {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES128CBCb,
AES128_WRAP, dhSinglePass_stdDH_sha1kdf_scheme, eccCert, AES128_WRAP, dhSinglePass_stdDH_sha1kdf_scheme, eccCert,
@ -25810,7 +25810,7 @@ static void test_wc_PKCS7_EncodeDecodeEnvelopedData (void)
AES256_WRAP, dhSinglePass_stdDH_sha512kdf_scheme, eccCert, AES256_WRAP, dhSinglePass_stdDH_sha512kdf_scheme, eccCert,
eccCertSz, eccPrivKey, eccPrivKeySz}, eccCertSz, eccPrivKey, eccPrivKeySz},
#endif #endif
#endif /* NO_AES */ #endif /* NO_AES && HAVE_AES_CBC*/
#endif /* END HAVE_ECC */ #endif /* END HAVE_ECC */
}; /* END pkcs7EnvelopedVector */ }; /* END pkcs7EnvelopedVector */
@ -25877,7 +25877,7 @@ static void test_wc_PKCS7_EncodeDecodeEnvelopedData (void)
AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output, 0, decoded, AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output, 0, decoded,
(word32)sizeof(decoded)), BAD_FUNC_ARG); (word32)sizeof(decoded)), BAD_FUNC_ARG);
/* Should get a return of BAD_FUNC_ARG with structure data. Order matters.*/ /* Should get a return of BAD_FUNC_ARG with structure data. Order matters.*/
#if defined(HAVE_ECC) && !defined(NO_AES) #if defined(HAVE_ECC) && !defined(NO_AES) && defined(HAVE_AES_CBC)
/* only a failure for KARI test cases */ /* only a failure for KARI test cases */
tempWrd32 = pkcs7->singleCertSz; tempWrd32 = pkcs7->singleCertSz;
pkcs7->singleCertSz = 0; pkcs7->singleCertSz = 0;
@ -25894,17 +25894,29 @@ static void test_wc_PKCS7_EncodeDecodeEnvelopedData (void)
tempWrd32 = pkcs7->privateKeySz; tempWrd32 = pkcs7->privateKeySz;
pkcs7->privateKeySz = 0; pkcs7->privateKeySz = 0;
AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output, AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
(word32)sizeof(output), decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG); (word32)sizeof(output), decoded, (word32)sizeof(decoded)),
#ifndef HAVE_AES_CBC
ASN_PARSE_E
#else
BAD_FUNC_ARG
#endif
);
pkcs7->privateKeySz = tempWrd32; pkcs7->privateKeySz = tempWrd32;
tmpBytePtr = pkcs7->privateKey; tmpBytePtr = pkcs7->privateKey;
pkcs7->privateKey = NULL; pkcs7->privateKey = NULL;
AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output, AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
(word32)sizeof(output), decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG); (word32)sizeof(output), decoded, (word32)sizeof(decoded)),
#ifndef HAVE_AES_CBC
ASN_PARSE_E
#else
BAD_FUNC_ARG
#endif
);
pkcs7->privateKey = tmpBytePtr; pkcs7->privateKey = tmpBytePtr;
wc_PKCS7_Free(pkcs7); wc_PKCS7_Free(pkcs7);
#if !defined(NO_AES) && !defined(NO_AES_256) #if !defined(NO_AES) && defined(HAVE_AES_CBC) && !defined(NO_AES_256)
/* test of decrypt callback with KEKRI enveloped data */ /* test of decrypt callback with KEKRI enveloped data */
{ {
int envelopedSz; int envelopedSz;
@ -26021,7 +26033,7 @@ static void test_wc_PKCS7_EncodeEncryptedData (void)
}; };
#endif #endif
#ifndef NO_AES #if !defined(NO_AES) && defined(HAVE_AES_CBC)
#ifndef NO_AES_128 #ifndef NO_AES_128
byte aes128Key[] = { byte aes128Key[] = {
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
@ -26043,15 +26055,15 @@ static void test_wc_PKCS7_EncodeEncryptedData (void)
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
}; };
#endif #endif
#endif #endif /* !NO_AES && HAVE_AES_CBC */
const pkcs7EncryptedVector testVectors[] = const pkcs7EncryptedVector testVectors[] =
{ {
#ifndef NO_DES3 #ifndef NO_DES3
{data, (word32)sizeof(data), DATA, DES3b, des3Key, sizeof(des3Key)}, {data, (word32)sizeof(data), DATA, DES3b, des3Key, sizeof(des3Key)},
{data, (word32)sizeof(data), DATA, DESb, desKey, sizeof(desKey)}, {data, (word32)sizeof(data), DATA, DESb, desKey, sizeof(desKey)},
#endif /* NO_DES3 */ #endif /* !NO_DES3 */
#ifndef NO_AES #if !defined(NO_AES) && defined(HAVE_AES_CBC)
#ifndef NO_AES_128 #ifndef NO_AES_128
{data, (word32)sizeof(data), DATA, AES128CBCb, aes128Key, {data, (word32)sizeof(data), DATA, AES128CBCb, aes128Key,
sizeof(aes128Key)}, sizeof(aes128Key)},
@ -26067,7 +26079,7 @@ static void test_wc_PKCS7_EncodeEncryptedData (void)
sizeof(aes256Key)}, sizeof(aes256Key)},
#endif #endif
#endif /* NO_AES */ #endif /* !NO_AES && HAVE_AES_CBC */
}; };
testSz = sizeof(testVectors) / sizeof(pkcs7EncryptedVector); testSz = sizeof(testVectors) / sizeof(pkcs7EncryptedVector);
@ -26088,7 +26100,7 @@ static void test_wc_PKCS7_EncodeEncryptedData (void)
sizeof(encrypted)); sizeof(encrypted));
AssertIntGT(encryptedSz, 0); AssertIntGT(encryptedSz, 0);
/* Decode encryptedData */ /* Decode encryptedData */
decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz, decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, encryptedSz,
decoded, sizeof(decoded)); decoded, sizeof(decoded));
@ -26477,11 +26489,13 @@ static void test_wc_PKCS7_BER(void)
static void test_PKCS7_signed_enveloped(void) static void test_PKCS7_signed_enveloped(void)
{ {
#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) \ #if defined(HAVE_PKCS7) && !defined(NO_RSA) && !defined(NO_AES) && \
&& !defined(NO_AES) !defined(NO_FILESYSTEM)
XFILE f; XFILE f;
PKCS7* pkcs7; PKCS7* pkcs7;
#ifdef HAVE_AES_CBC
PKCS7* inner; PKCS7* inner;
#endif
void* pt; void* pt;
WC_RNG rng; WC_RNG rng;
unsigned char key[FOURK_BUF/2]; unsigned char key[FOURK_BUF/2];
@ -26493,8 +26507,10 @@ static void test_PKCS7_signed_enveloped(void)
unsigned char sig[FOURK_BUF * 2]; unsigned char sig[FOURK_BUF * 2];
int sigSz = FOURK_BUF * 2; int sigSz = FOURK_BUF * 2;
#ifdef HAVE_AES_CBC
unsigned char decoded[FOURK_BUF]; unsigned char decoded[FOURK_BUF];
int decodedSz = FOURK_BUF; int decodedSz = FOURK_BUF;
#endif
printf(testingFmt, "PKCS7_signed_enveloped"); printf(testingFmt, "PKCS7_signed_enveloped");
@ -26525,6 +26541,7 @@ static void test_PKCS7_signed_enveloped(void)
wc_PKCS7_Free(pkcs7); wc_PKCS7_Free(pkcs7);
wc_FreeRng(&rng); wc_FreeRng(&rng);
#ifdef HAVE_AES_CBC
/* create envelope */ /* create envelope */
AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0)); AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0); AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
@ -26536,6 +26553,7 @@ static void test_PKCS7_signed_enveloped(void)
pkcs7->privateKeySz = keySz; pkcs7->privateKeySz = keySz;
AssertIntGT((envSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, env, envSz)), 0); AssertIntGT((envSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, env, envSz)), 0);
wc_PKCS7_Free(pkcs7); wc_PKCS7_Free(pkcs7);
#endif
/* create bad signed enveloped data */ /* create bad signed enveloped data */
sigSz = FOURK_BUF * 2; sigSz = FOURK_BUF * 2;
@ -26614,6 +26632,7 @@ static void test_PKCS7_signed_enveloped(void)
AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, sigSz), 0); AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, sigSz), 0);
AssertNotNull(pkcs7->content); AssertNotNull(pkcs7->content);
#ifdef HAVE_AES_CBC
/* check decode */ /* check decode */
AssertNotNull(inner = wc_PKCS7_New(NULL, 0)); AssertNotNull(inner = wc_PKCS7_New(NULL, 0));
AssertIntEQ(wc_PKCS7_InitWithCert(inner, cert, certSz), 0); AssertIntEQ(wc_PKCS7_InitWithCert(inner, cert, certSz), 0);
@ -26622,8 +26641,10 @@ static void test_PKCS7_signed_enveloped(void)
AssertIntGT((decodedSz = wc_PKCS7_DecodeEnvelopedData(inner, pkcs7->content, AssertIntGT((decodedSz = wc_PKCS7_DecodeEnvelopedData(inner, pkcs7->content,
pkcs7->contentSz, decoded, decodedSz)), 0); pkcs7->contentSz, decoded, decodedSz)), 0);
wc_PKCS7_Free(inner); wc_PKCS7_Free(inner);
#endif
wc_PKCS7_Free(pkcs7); wc_PKCS7_Free(pkcs7);
#ifdef HAVE_AES_CBC
/* check cert set */ /* check cert set */
AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0)); AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
@ -26631,10 +26652,11 @@ static void test_PKCS7_signed_enveloped(void)
AssertNotNull(pkcs7->singleCert); AssertNotNull(pkcs7->singleCert);
AssertIntNE(pkcs7->singleCertSz, 0); AssertIntNE(pkcs7->singleCertSz, 0);
wc_PKCS7_Free(pkcs7); wc_PKCS7_Free(pkcs7);
#endif
printf(resultFmt, passed); printf(resultFmt, passed);
#endif #endif /* HAVE_PKCS7 && !NO_RSA && !NO_AES */
} }
static void test_wc_PKCS7_NoDefaultSignedAttribs (void) static void test_wc_PKCS7_NoDefaultSignedAttribs (void)
{ {
@ -34156,7 +34178,8 @@ static void test_wolfSSL_PKCS8_d2i(void)
file)), 0); file)), 0);
XFCLOSE(file); XFCLOSE(file);
#if defined(OPENSSL_ALL) && \ #if defined(OPENSSL_ALL) && \
!defined(NO_BIO) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8) !defined(NO_BIO) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8) && \
defined(HAVE_AES_CBC)
AssertNotNull(bio = BIO_new(BIO_s_mem())); AssertNotNull(bio = BIO_new(BIO_s_mem()));
/* Write PKCS#8 PEM to BIO. */ /* Write PKCS#8 PEM to BIO. */
AssertIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL, AssertIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL,
@ -34174,7 +34197,7 @@ static void test_wolfSSL_PKCS8_d2i(void)
(void*)"yassl123")); (void*)"yassl123"));
EVP_PKEY_free(evpPkey); EVP_PKEY_free(evpPkey);
BIO_free(bio); BIO_free(bio);
#endif /* OPENSSL_ALL && !NO_BIO && !NO_PWDBASED && HAVE_PKCS8 */ #endif /* OPENSSL_ALL && !NO_BIO && !NO_PWDBASED && HAVE_PKCS8 && HAVE_AES_CBC */
EVP_PKEY_free(pkey); EVP_PKEY_free(pkey);
/* PKCS#8 encrypted EC key */ /* PKCS#8 encrypted EC key */
@ -34580,9 +34603,8 @@ static void test_wolfSSL_HMAC(void)
static void test_wolfSSL_CMAC(void) static void test_wolfSSL_CMAC(void)
{ {
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_CMAC) #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_CMAC) && defined(HAVE_AES_CBC)
int i;
int i = 0;
byte key[AES_128_KEY_SIZE]; byte key[AES_128_KEY_SIZE];
CMAC_CTX* cmacCtx = NULL; CMAC_CTX* cmacCtx = NULL;
byte out[AES_BLOCK_SIZE]; byte out[AES_BLOCK_SIZE];
@ -34590,7 +34612,7 @@ static void test_wolfSSL_CMAC(void)
printf(testingFmt, "test_wolfSSL_CMAC()"); printf(testingFmt, "test_wolfSSL_CMAC()");
for (; i < AES_128_KEY_SIZE; ++i) { for (i=0; i < AES_128_KEY_SIZE; ++i) {
key[i] = i; key[i] = i;
} }
AssertNotNull(cmacCtx = CMAC_CTX_new()); AssertNotNull(cmacCtx = CMAC_CTX_new());
@ -34606,7 +34628,7 @@ static void test_wolfSSL_CMAC(void)
CMAC_CTX_free(cmacCtx); CMAC_CTX_free(cmacCtx);
printf(resultFmt, passed); printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && WOLFSSL_CMAC */ #endif /* OPENSSL_EXTRA && WOLFSSL_CMAC && HAVE_AES_CBC */
} }

63
wolfcrypt/src/ecc.c
View File

@ -11414,39 +11414,40 @@ int wc_ecc_encrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
#endif #endif
switch (ctx->encAlgo) { switch (ctx->encAlgo) {
case ecAES_128_CBC: case ecAES_128_CBC:
{ {
#ifdef WOLFSSL_SMALL_STACK #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
Aes *aes = (Aes *)XMALLOC(sizeof *aes, ctx->heap, #ifdef WOLFSSL_SMALL_STACK
DYNAMIC_TYPE_AES); Aes *aes = (Aes *)XMALLOC(sizeof *aes, ctx->heap,
if (aes == NULL) { DYNAMIC_TYPE_AES);
ret = MEMORY_E; if (aes == NULL) {
break; ret = MEMORY_E;
} break;
}
#else
Aes aes[1];
#endif
ret = wc_AesInit(aes, NULL, INVALID_DEVID);
if (ret == 0) {
ret = wc_AesSetKey(aes, encKey, KEY_SIZE_128, encIv,
AES_ENCRYPTION);
if (ret == 0) {
ret = wc_AesCbcEncrypt(aes, out, msg, msgSz);
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_AES)
ret = wc_AsyncWait(ret, &aes->asyncDev,
WC_ASYNC_FLAG_NONE);
#endif
}
wc_AesFree(aes);
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(aes, ctx->heap, DYNAMIC_TYPE_AES);
#endif
#else #else
Aes aes[1]; ret = NOT_COMPILED_IN;
#endif #endif
ret = wc_AesInit(aes, NULL, INVALID_DEVID); break;
if (ret == 0) { }
ret = wc_AesSetKey(aes, encKey, KEY_SIZE_128, encIv,
AES_ENCRYPTION);
if (ret == 0) {
ret = wc_AesCbcEncrypt(aes, out, msg, msgSz);
#if defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_AES)
ret = wc_AsyncWait(ret, &aes->asyncDev,
WC_ASYNC_FLAG_NONE);
#endif
}
wc_AesFree(aes);
}
#ifdef WOLFSSL_SMALL_STACK
XFREE(aes, ctx->heap, DYNAMIC_TYPE_AES);
#endif
if (ret != 0)
break;
}
break;
default: default:
ret = BAD_FUNC_ARG; ret = BAD_FUNC_ARG;
break; break;

2
wolfcrypt/src/hmac.c
View File

@ -271,7 +271,7 @@ int _InitHmac(Hmac* hmac, int type, void* heap)
/* default to NULL heap hint or test value */ /* default to NULL heap hint or test value */
#ifdef WOLFSSL_HEAP_TEST #ifdef WOLFSSL_HEAP_TEST
hmac->heap = (void)WOLFSSL_HEAP_TEST; hmac->heap = (void*)WOLFSSL_HEAP_TEST;
#else #else
hmac->heap = heap; hmac->heap = heap;
#endif /* WOLFSSL_HEAP_TEST */ #endif /* WOLFSSL_HEAP_TEST */

14
wolfcrypt/src/pkcs7.c
View File

@ -6707,7 +6707,7 @@ static int wc_PKCS7_EncryptContent(int encryptOID, byte* key, int keySz,
int ret; int ret;
#ifndef NO_AES #ifndef NO_AES
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
Aes *aes; Aes* aes;
#else #else
Aes aes[1]; Aes aes[1];
#endif #endif
@ -6722,6 +6722,7 @@ static int wc_PKCS7_EncryptContent(int encryptOID, byte* key, int keySz,
switch (encryptOID) { switch (encryptOID) {
#ifndef NO_AES #ifndef NO_AES
#ifdef HAVE_AES_CBC
#ifdef WOLFSSL_AES_128 #ifdef WOLFSSL_AES_128
case AES128CBCb: case AES128CBCb:
#endif #endif
@ -6760,6 +6761,7 @@ static int wc_PKCS7_EncryptContent(int encryptOID, byte* key, int keySz,
XFREE(aes, NULL, DYNAMIC_TYPE_AES); XFREE(aes, NULL, DYNAMIC_TYPE_AES);
#endif #endif
break; break;
#endif /* HAVE_AES_CBC */
#ifdef HAVE_AESGCM #ifdef HAVE_AESGCM
#ifdef WOLFSSL_AES_128 #ifdef WOLFSSL_AES_128
case AES128GCMb: case AES128GCMb:
@ -6828,7 +6830,7 @@ static int wc_PKCS7_EncryptContent(int encryptOID, byte* key, int keySz,
break; break;
#endif #endif
#endif /* HAVE_AESCCM */ #endif /* HAVE_AESCCM */
#endif /* NO_AES */ #endif /* !NO_AES */
#ifndef NO_DES3 #ifndef NO_DES3
case DESb: case DESb:
if (keySz != DES_KEYLEN || ivSz != DES_BLOCK_SIZE) if (keySz != DES_KEYLEN || ivSz != DES_BLOCK_SIZE)
@ -6852,7 +6854,7 @@ static int wc_PKCS7_EncryptContent(int encryptOID, byte* key, int keySz,
wc_Des3Free(&des3); wc_Des3Free(&des3);
} }
break; break;
#endif #endif /* !NO_DES3 */
default: default:
WOLFSSL_MSG("Unsupported content cipher type"); WOLFSSL_MSG("Unsupported content cipher type");
return ALGO_ID_E; return ALGO_ID_E;
@ -6901,6 +6903,7 @@ static int wc_PKCS7_DecryptContent(PKCS7* pkcs7, int encryptOID, byte* key,
switch (encryptOID) { switch (encryptOID) {
#ifndef NO_AES #ifndef NO_AES
#ifdef HAVE_AES_CBC
#ifdef WOLFSSL_AES_128 #ifdef WOLFSSL_AES_128
case AES128CBCb: case AES128CBCb:
#endif #endif
@ -6938,6 +6941,7 @@ static int wc_PKCS7_DecryptContent(PKCS7* pkcs7, int encryptOID, byte* key,
XFREE(aes, NULL, DYNAMIC_TYPE_AES); XFREE(aes, NULL, DYNAMIC_TYPE_AES);
#endif #endif
break; break;
#endif /* HAVE_AES_CBC */
#ifdef HAVE_AESGCM #ifdef HAVE_AESGCM
#ifdef WOLFSSL_AES_128 #ifdef WOLFSSL_AES_128
case AES128GCMb: case AES128GCMb:
@ -7006,7 +7010,7 @@ static int wc_PKCS7_DecryptContent(PKCS7* pkcs7, int encryptOID, byte* key,
break; break;
#endif #endif
#endif /* HAVE_AESCCM */ #endif /* HAVE_AESCCM */
#endif /* NO_AES */ #endif /* !NO_AES */
#ifndef NO_DES3 #ifndef NO_DES3
case DESb: case DESb:
if (keySz != DES_KEYLEN || ivSz != DES_BLOCK_SIZE) if (keySz != DES_KEYLEN || ivSz != DES_BLOCK_SIZE)
@ -7030,7 +7034,7 @@ static int wc_PKCS7_DecryptContent(PKCS7* pkcs7, int encryptOID, byte* key,
} }
break; break;
#endif #endif /* !NO_DES3 */
default: default:
WOLFSSL_MSG("Unsupported content cipher type"); WOLFSSL_MSG("Unsupported content cipher type");
return ALGO_ID_E; return ALGO_ID_E;

82
wolfcrypt/test/test.c
View File

@ -503,7 +503,7 @@ WOLFSSL_TEST_SUBROUTINE int scrypt_test(void);
#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM)
WOLFSSL_TEST_SUBROUTINE int pkcs7authenveloped_test(void); WOLFSSL_TEST_SUBROUTINE int pkcs7authenveloped_test(void);
#endif #endif
#ifndef NO_AES #if !defined(NO_AES) && defined(HAVE_AES_CBC)
WOLFSSL_TEST_SUBROUTINE int pkcs7callback_test(byte* cert, word32 certSz, byte* key, WOLFSSL_TEST_SUBROUTINE int pkcs7callback_test(byte* cert, word32 certSz, byte* key,
word32 keySz); word32 keySz);
#endif #endif
@ -7878,6 +7878,7 @@ static int aes_key_size_test(void)
ERROR_OUT(-5314, out); ERROR_OUT(-5314, out);
#endif #endif
#endif /* !WOLFSSL_CRYPTOCELL */ #endif /* !WOLFSSL_CRYPTOCELL */
ret = 0; /* success */
out: out:
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
@ -8555,15 +8556,15 @@ WOLFSSL_TEST_SUBROUTINE int aes_test(void)
Aes enc[1]; Aes enc[1];
#endif #endif
byte cipher[AES_BLOCK_SIZE * 4]; byte cipher[AES_BLOCK_SIZE * 4];
#if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_DIRECT) #ifdef HAVE_AES_DECRYPT
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
Aes *dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES); Aes *dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES);
#else #else
Aes dec[1]; Aes dec[1];
#endif #endif
byte plain [AES_BLOCK_SIZE * 4]; byte plain [AES_BLOCK_SIZE * 4];
#endif #endif /* HAVE_AES_DECRYPT */
#endif /* HAVE_AES_CBC || WOLFSSL_AES_COUNTER */ #endif /* HAVE_AES_CBC || WOLFSSL_AES_COUNTER || WOLFSSL_AES_DIRECT */
int ret = 0; int ret = 0;
#ifdef HAVE_AES_CBC #ifdef HAVE_AES_CBC
@ -9138,7 +9139,7 @@ WOLFSSL_TEST_SUBROUTINE int aes_test(void)
out: out:
#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER) #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_DIRECT)
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
if (enc) { if (enc) {
if (ret != -5900) /* note this must match ERRROR_OUT() code if (ret != -5900) /* note this must match ERRROR_OUT() code
@ -9152,7 +9153,7 @@ WOLFSSL_TEST_SUBROUTINE int aes_test(void)
wc_AesFree(enc); wc_AesFree(enc);
#endif #endif
(void)cipher; (void)cipher;
#if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER) #ifdef HAVE_AES_DECRYPT
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
if (dec) { if (dec) {
if ((ret != -5900) && (ret != -5901)) if ((ret != -5900) && (ret != -5901))
@ -9167,8 +9168,8 @@ WOLFSSL_TEST_SUBROUTINE int aes_test(void)
wc_AesFree(dec); wc_AesFree(dec);
#endif #endif
(void)plain; (void)plain;
#endif #endif /* HAVE_AES_DECRYPT */
#endif #endif /* HAVE_AES_CBC || WOLFSSL_AES_COUNTER || WOLFSSL_AES_DIRECT */
return ret; return ret;
} }
@ -23103,16 +23104,16 @@ static int ecc_test_cert_gen(WC_RNG* rng)
int ret; int ret;
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
Cert *myCert = (Cert *)XMALLOC(sizeof *myCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); Cert *myCert = (Cert *)XMALLOC(sizeof *myCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#ifdef WOLFSSL_TEST_CERT #ifdef WOLFSSL_TEST_CERT
DecodedCert *decode = (DecodedCert *)XMALLOC(sizeof *decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); DecodedCert *decode = (DecodedCert *)XMALLOC(sizeof *decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif #endif
ecc_key *caEccKey = (ecc_key *)XMALLOC(sizeof *caEccKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); ecc_key *caEccKey = (ecc_key *)XMALLOC(sizeof *caEccKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
ecc_key *certPubKey = (ecc_key *)XMALLOC(sizeof *certPubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); ecc_key *certPubKey = (ecc_key *)XMALLOC(sizeof *certPubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#else #else
Cert myCert[1]; Cert myCert[1];
#ifdef WOLFSSL_TEST_CERT #ifdef WOLFSSL_TEST_CERT
DecodedCert decode[1]; DecodedCert decode[1];
#endif #endif
ecc_key caEccKey[1]; ecc_key caEccKey[1];
ecc_key certPubKey[1]; ecc_key certPubKey[1];
#endif #endif
@ -23130,9 +23131,9 @@ static int ecc_test_cert_gen(WC_RNG* rng)
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
if ((myCert == NULL) if ((myCert == NULL)
#ifdef WOLFSSL_TEST_CERT #ifdef WOLFSSL_TEST_CERT
|| (decode == NULL) || (decode == NULL)
#endif #endif
|| (caEccKey == NULL) || (certPubKey == NULL)) || (caEccKey == NULL) || (certPubKey == NULL))
ERROR_OUT(MEMORY_E, exit); ERROR_OUT(MEMORY_E, exit);
#endif #endif
@ -23242,7 +23243,7 @@ static int ecc_test_cert_gen(WC_RNG* rng)
#endif /* WOLFSSL_CERT_EXT */ #endif /* WOLFSSL_CERT_EXT */
#ifdef ENABLE_ECC384_CERT_GEN_TEST #ifdef ENABLE_ECC384_CERT_GEN_TEST
#if defined(USE_CERT_BUFFERS_256) #if defined(USE_CERT_BUFFERS_256)
ret = wc_SetIssuerBuffer(myCert, ca_ecc_cert_der_384, ret = wc_SetIssuerBuffer(myCert, ca_ecc_cert_der_384,
sizeof_ca_ecc_cert_der_384); sizeof_ca_ecc_cert_der_384);
#else #else
@ -23255,9 +23256,9 @@ static int ecc_test_cert_gen(WC_RNG* rng)
sizeof_ca_ecc_cert_der_256); sizeof_ca_ecc_cert_der_256);
#else #else
ret = wc_SetIssuer(myCert, eccCaCertFile); ret = wc_SetIssuer(myCert, eccCaCertFile);
#ifdef ENABLE_ECC384_CERT_GEN_TEST #ifdef ENABLE_ECC384_CERT_GEN_TEST
(void)eccCaCert384File; (void)eccCaCert384File;
#endif #endif
#endif #endif
#endif /* ENABLE_ECC384_CERT_GEN_TEST */ #endif /* ENABLE_ECC384_CERT_GEN_TEST */
if (ret < 0) { if (ret < 0) {
@ -23943,7 +23944,7 @@ WOLFSSL_TEST_SUBROUTINE int ecc_test(void)
goto done; goto done;
} }
#elif defined(HAVE_ECC_KEY_IMPORT) #elif defined(HAVE_ECC_KEY_IMPORT)
(void) ecc_test_make_pub;/* for compiler warning */ (void)ecc_test_make_pub; /* for compiler warning */
#endif #endif
#ifdef WOLFSSL_CERT_GEN #ifdef WOLFSSL_CERT_GEN
ret = ecc_test_cert_gen(&rng); ret = ecc_test_cert_gen(&rng);
@ -30545,7 +30546,7 @@ static int myOriDecryptCb(PKCS7* pkcs7, byte* oriType, word32 oriTypeSz,
} }
#ifndef NO_AES #if !defined(NO_AES) && defined(HAVE_AES_CBC)
/* returns 0 on success */ /* returns 0 on success */
static int myDecryptionFunc(PKCS7* pkcs7, int encryptOID, byte* iv, int ivSz, static int myDecryptionFunc(PKCS7* pkcs7, int encryptOID, byte* iv, int ivSz,
byte* aad, word32 aadSz, byte* authTag, word32 authTagSz, byte* aad, word32 aadSz, byte* authTag, word32 authTagSz,
@ -30641,15 +30642,18 @@ static int myDecryptionFunc(PKCS7* pkcs7, int encryptOID, byte* iv, int ivSz,
} }
switch (encryptOID) { switch (encryptOID) {
#ifdef WOLFSSL_AES_256
case AES256CBCb: case AES256CBCb:
if ((keySz != 32 ) || (ivSz != AES_BLOCK_SIZE)) if ((keySz != 32 ) || (ivSz != AES_BLOCK_SIZE))
ERROR_OUT(BAD_FUNC_ARG, out); ERROR_OUT(BAD_FUNC_ARG, out);
break; break;
#endif
#ifdef WOLFSSL_AES_128
case AES128CBCb: case AES128CBCb:
if ((keySz != 16 ) || (ivSz != AES_BLOCK_SIZE)) if ((keySz != 16 ) || (ivSz != AES_BLOCK_SIZE))
ERROR_OUT(BAD_FUNC_ARG, out); ERROR_OUT(BAD_FUNC_ARG, out);
break; break;
#endif
default: default:
printf("Unsupported content cipher type for example"); printf("Unsupported content cipher type for example");
@ -30676,7 +30680,7 @@ static int myDecryptionFunc(PKCS7* pkcs7, int encryptOID, byte* iv, int ivSz,
(void)authTagSz; (void)authTagSz;
return ret; return ret;
} }
#endif /* NO_AES */ #endif /* !NO_AES && HAVE_AES_CBC */
#define PKCS7_BUF_SIZE 2048 #define PKCS7_BUF_SIZE 2048
@ -30704,14 +30708,15 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
0x72,0x6c,0x64 0x72,0x6c,0x64
}; };
#if !defined(NO_AES) && defined(WOLFSSL_AES_256) && defined(HAVE_ECC) && \ #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256) && \
defined(WOLFSSL_SHA512) defined(HAVE_ECC) && defined(WOLFSSL_SHA512)
byte optionalUkm[] = { byte optionalUkm[] = {
0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
}; };
#endif /* NO_AES */ #endif /* NO_AES */
#if !defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128) #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) && \
!defined(NO_SHA)
/* encryption key for kekri recipient types */ /* encryption key for kekri recipient types */
byte secretKey[] = { byte secretKey[] = {
0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
@ -30724,8 +30729,8 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
}; };
#endif #endif
#if !defined(NO_PWDBASED) && !defined(NO_AES) && \ #if !defined(NO_PWDBASED) && !defined(NO_SHA) && \
!defined(NO_SHA) && defined(WOLFSSL_AES_128) !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
#ifndef HAVE_FIPS #ifndef HAVE_FIPS
char password[] = "password"; /* NOTE: Password is too short for FIPS */ char password[] = "password"; /* NOTE: Password is too short for FIPS */
@ -30785,7 +30790,7 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
/* key agreement key encryption technique*/ /* key agreement key encryption technique*/
#ifdef HAVE_ECC #ifdef HAVE_ECC
#ifndef NO_AES #if !defined(NO_AES) && defined(HAVE_AES_CBC)
#if !defined(NO_SHA) && defined(WOLFSSL_AES_128) #if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
{data, (word32)sizeof(data), DATA, AES128CBCb, AES128_WRAP, {data, (word32)sizeof(data), DATA, AES128CBCb, AES128_WRAP,
dhSinglePass_stdDH_sha1kdf_scheme, eccCert, eccCertSz, eccPrivKey, dhSinglePass_stdDH_sha1kdf_scheme, eccCert, eccCertSz, eccPrivKey,
@ -30816,11 +30821,11 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
"pkcs7envelopedDataAES256CBC_ECDH_SHA512KDF_ukm.der"}, "pkcs7envelopedDataAES256CBC_ECDH_SHA512KDF_ukm.der"},
#endif /* WOLFSSL_SHA512 && WOLFSSL_AES_256 */ #endif /* WOLFSSL_SHA512 && WOLFSSL_AES_256 */
#endif /* NO_AES */ #endif /* !NO_AES && HAVE_AES_CBC */
#endif #endif
/* kekri (KEKRecipientInfo) recipient types */ /* kekri (KEKRecipientInfo) recipient types */
#ifndef NO_AES #if !defined(NO_AES) && defined(HAVE_AES_CBC)
#if !defined(NO_SHA) && defined(WOLFSSL_AES_128) #if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
{data, (word32)sizeof(data), DATA, AES128CBCb, AES128_WRAP, 0, {data, (word32)sizeof(data), DATA, AES128CBCb, AES128_WRAP, 0,
NULL, 0, NULL, 0, NULL, 0, 0, 0, secretKey, sizeof(secretKey), NULL, 0, NULL, 0, NULL, 0, 0, 0, secretKey, sizeof(secretKey),
@ -30828,10 +30833,10 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
"pkcs7envelopedDataAES128CBC_KEKRI.der"}, "pkcs7envelopedDataAES128CBC_KEKRI.der"},
#endif #endif
#endif #endif /* !NO_AES && HAVE_AES_CBC */
/* pwri (PasswordRecipientInfo) recipient types */ /* pwri (PasswordRecipientInfo) recipient types */
#if !defined(NO_PWDBASED) && !defined(NO_AES) #if !defined(NO_PWDBASED) && !defined(NO_AES) && defined(HAVE_AES_CBC)
#if !defined(NO_SHA) && defined(WOLFSSL_AES_128) #if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
{data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0, {data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0,
NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0,
@ -30841,7 +30846,7 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
#endif #endif
#endif #endif
#if !defined(NO_AES) && !defined(NO_AES_128) #if !defined(NO_AES) && defined(HAVE_AES_CBC) && !defined(NO_AES_128)
/* ori (OtherRecipientInfo) recipient types */ /* ori (OtherRecipientInfo) recipient types */
{data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0, NULL, 0, NULL, 0, {data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0, NULL, 0, NULL, 0,
NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0,
@ -31287,6 +31292,8 @@ static int pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
}; };
byte senderNonce[PKCS7_NONCE_SZ + 2]; byte senderNonce[PKCS7_NONCE_SZ + 2];
#ifdef HAVE_ECC #ifdef HAVE_ECC
#if !defined(NO_AES) && defined(HAVE_AESGCM)
#if !defined(NO_SHA256) && defined(WOLFSSL_AES_256)
WOLFSSL_SMALL_STACK_STATIC const byte senderNonceOid[] = WOLFSSL_SMALL_STACK_STATIC const byte senderNonceOid[] =
{ 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
0x09, 0x05 }; 0x09, 0x05 };
@ -31296,6 +31303,8 @@ static int pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
{ senderNonceOid, sizeof(senderNonceOid), senderNonce, { senderNonceOid, sizeof(senderNonceOid), senderNonce,
sizeof(senderNonce) } sizeof(senderNonce) }
}; };
#endif
#endif
#endif #endif
#if !defined(NO_AES) && defined(WOLFSSL_AES_256) && defined(HAVE_ECC) && \ #if !defined(NO_AES) && defined(WOLFSSL_AES_256) && defined(HAVE_ECC) && \
@ -31783,11 +31792,11 @@ static int pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
wc_FreeRng(&rng); wc_FreeRng(&rng);
#if !defined(HAVE_ECC) || defined(NO_AES)
(void)eccCert; (void)eccCert;
(void)eccCertSz; (void)eccCertSz;
(void)eccPrivKey; (void)eccPrivKey;
(void)eccPrivKeySz; (void)eccPrivKeySz;
#if !defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128)
(void)secretKey; (void)secretKey;
(void)secretKeyId; (void)secretKeyId;
#endif #endif
@ -31898,7 +31907,8 @@ WOLFSSL_TEST_SUBROUTINE int pkcs7authenveloped_test(void)
} }
#endif /* HAVE_AESGCM || HAVE_AESCCM */ #endif /* HAVE_AESGCM || HAVE_AESCCM */
#ifndef NO_AES
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
static const byte p7DefKey[] = { static const byte p7DefKey[] = {
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
@ -32314,7 +32324,7 @@ WOLFSSL_TEST_SUBROUTINE int pkcs7callback_test(byte* cert, word32 certSz, byte*
return ret; return ret;
} }
#endif /* NO_AES */ #endif /* !NO_AES && HAVE_AES_CBC */
#ifndef NO_PKCS7_ENCRYPTED_DATA #ifndef NO_PKCS7_ENCRYPTED_DATA
@ -33917,7 +33927,7 @@ WOLFSSL_TEST_SUBROUTINE int pkcs7signed_test(void)
eccClientCertBuf, (word32)eccClientCertBufSz, eccClientCertBuf, (word32)eccClientCertBufSz,
eccClientPrivKeyBuf, (word32)eccClientPrivKeyBufSz); eccClientPrivKeyBuf, (word32)eccClientPrivKeyBufSz);
#ifndef NO_AES #if !defined(NO_AES) && defined(HAVE_AES_CBC)
if (ret >= 0) if (ret >= 0)
ret = pkcs7callback_test( ret = pkcs7callback_test(
rsaClientCertBuf, (word32)rsaClientCertBufSz, rsaClientCertBuf, (word32)rsaClientCertBufSz,

15
wolfssl/test.h
View File

@ -3053,7 +3053,7 @@ typedef struct AtomicDecCtx {
Aes aes; /* for aes example */ Aes aes; /* for aes example */
} AtomicDecCtx; } AtomicDecCtx;
#if !defined(NO_HMAC) && !defined(NO_AES) && defined(HAVE_AES_CBC)
static WC_INLINE int myMacEncryptCb(WOLFSSL* ssl, unsigned char* macOut, static WC_INLINE int myMacEncryptCb(WOLFSSL* ssl, unsigned char* macOut,
const unsigned char* macIn, unsigned int macInSz, int macContent, const unsigned char* macIn, unsigned int macInSz, int macContent,
int macVerify, unsigned char* encOut, const unsigned char* encIn, int macVerify, unsigned char* encOut, const unsigned char* encIn,
@ -3124,7 +3124,6 @@ static WC_INLINE int myMacEncryptCb(WOLFSSL* ssl, unsigned char* macOut,
return wc_AesCbcEncrypt(&encCtx->aes, encOut, encIn, encSz); return wc_AesCbcEncrypt(&encCtx->aes, encOut, encIn, encSz);
} }
static WC_INLINE int myDecryptVerifyCb(WOLFSSL* ssl, static WC_INLINE int myDecryptVerifyCb(WOLFSSL* ssl,
unsigned char* decOut, const unsigned char* decIn, unsigned char* decOut, const unsigned char* decIn,
unsigned int decSz, int macContent, int macVerify, unsigned int decSz, int macContent, int macVerify,
@ -3225,7 +3224,7 @@ static WC_INLINE int myDecryptVerifyCb(WOLFSSL* ssl,
return ret; return ret;
} }
#if defined(HAVE_ENCRYPT_THEN_MAC) #ifdef HAVE_ENCRYPT_THEN_MAC
static WC_INLINE int myEncryptMacCb(WOLFSSL* ssl, unsigned char* macOut, static WC_INLINE int myEncryptMacCb(WOLFSSL* ssl, unsigned char* macOut,
int content, int macVerify, unsigned char* encOut, int content, int macVerify, unsigned char* encOut,
@ -3379,7 +3378,8 @@ static WC_INLINE int myVerifyDecryptCb(WOLFSSL* ssl,
return 0; return 0;
} }
#endif #endif /* HAVE_ENCRYPT_THEN_MAC */
#endif /* !NO_HMAC && !NO_AES && HAVE_AES_CBC */
static WC_INLINE void SetupAtomicUser(WOLFSSL_CTX* ctx, WOLFSSL* ssl) static WC_INLINE void SetupAtomicUser(WOLFSSL_CTX* ctx, WOLFSSL* ssl)
@ -3399,18 +3399,23 @@ static WC_INLINE void SetupAtomicUser(WOLFSSL_CTX* ctx, WOLFSSL* ssl)
} }
XMEMSET(decCtx, 0, sizeof(AtomicDecCtx)); XMEMSET(decCtx, 0, sizeof(AtomicDecCtx));
#if !defined(NO_HMAC) && !defined(NO_AES) && defined(HAVE_AES_CBC)
wolfSSL_CTX_SetMacEncryptCb(ctx, myMacEncryptCb); wolfSSL_CTX_SetMacEncryptCb(ctx, myMacEncryptCb);
wolfSSL_SetMacEncryptCtx(ssl, encCtx); wolfSSL_SetMacEncryptCtx(ssl, encCtx);
wolfSSL_CTX_SetDecryptVerifyCb(ctx, myDecryptVerifyCb); wolfSSL_CTX_SetDecryptVerifyCb(ctx, myDecryptVerifyCb);
wolfSSL_SetDecryptVerifyCtx(ssl, decCtx); wolfSSL_SetDecryptVerifyCtx(ssl, decCtx);
#if defined(HAVE_ENCRYPT_THEN_MAC) #ifdef HAVE_ENCRYPT_THEN_MAC
wolfSSL_CTX_SetEncryptMacCb(ctx, myEncryptMacCb); wolfSSL_CTX_SetEncryptMacCb(ctx, myEncryptMacCb);
wolfSSL_SetEncryptMacCtx(ssl, encCtx); wolfSSL_SetEncryptMacCtx(ssl, encCtx);
wolfSSL_CTX_SetVerifyDecryptCb(ctx, myVerifyDecryptCb); wolfSSL_CTX_SetVerifyDecryptCb(ctx, myVerifyDecryptCb);
wolfSSL_SetVerifyDecryptCtx(ssl, decCtx); wolfSSL_SetVerifyDecryptCtx(ssl, decCtx);
#endif
#else
(void)ctx;
(void)ssl;
#endif #endif
} }