wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 18:57:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fixes for building without AES CBC and support for PKCS7 without AES CBC.

Browse Source
This commit is contained in:
David Garske
2021-08-17 10:47:19 -07:00
parent a9b8b6d3de
commit 89904ce82e
7 changed files with 158 additions and 111 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/ssl.c
View File

@ -33894,8 +33894,13 @@ int wolfSSL_CMAC_Init(WOLFSSL_CMAC_CTX* ctx, const void *key, size_t keyLen,
WOLFSSL_ENTER("wolfSSL_CMAC_Init");
if (ctx == NULL || cipher == NULL || (cipher != EVP_AES_128_CBC &&
cipher != EVP_AES_192_CBC && cipher != EVP_AES_256_CBC)) {
if (ctx == NULL || cipher == NULL
#ifdef HAVE_AES_CBC
|| (cipher != EVP_AES_128_CBC &&
cipher != EVP_AES_192_CBC &&
cipher != EVP_AES_256_CBC)
#endif
) {
ret = WOLFSSL_FAILURE;
}

82
tests/api.c
View File

@ -3733,9 +3733,8 @@ static int nonblocking_accept_read(void* args, WOLFSSL* ssl, SOCKET_T* sockfd)
#endif /* WOLFSSL_SESSION_EXPORT */
/* TODO: Expand and enable this when EVP_chacha20_poly1305 is supported */
#if defined(HAVE_SESSION_TICKET) && \
defined(HAVE_AESGCM) && \
defined(OPENSSL_EXTRA)
#if defined(HAVE_SESSION_TICKET) && defined(OPENSSL_EXTRA) && \
defined(HAVE_AES_CBC)
typedef struct openssl_key_ctx {
byte name[WOLFSSL_TICKET_NAME_SZ]; /* server name */
@ -3847,7 +3846,7 @@ static THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args)
#if defined(HAVE_SESSION_TICKET) && \
((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || defined(HAVE_AESGCM))
#if defined(OPENSSL_EXTRA) && defined(HAVE_AESGCM)
#if defined(OPENSSL_EXTRA) && defined(HAVE_AES_CBC)
OpenSSLTicketInit();
wolfSSL_CTX_set_tlsext_ticket_key_cb(ctx, myTicketEncCbOpenSSL);
#elif defined(WOLFSSL_NO_DEF_TICKET_ENC_CB)
@ -4039,7 +4038,7 @@ done:
#if defined(HAVE_SESSION_TICKET) && \
((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || defined(HAVE_AESGCM))
#if defined(OPENSSL_EXTRA) && defined(HAVE_AESGCM)
#if defined(OPENSSL_EXTRA) && defined(HAVE_AES_CBC)
OpenSSLTicketCleanup();
#elif defined(WOLFSSL_NO_DEF_TICKET_ENC_CB)
TicketCleanup();
@ -25535,7 +25534,8 @@ static void test_wc_PKCS7_VerifySignedData(void)
} /* END test_wc_PKCS7_VerifySignedData() */
#if defined(HAVE_PKCS7) && !defined(NO_AES) && !defined(NO_AES_256)
#if defined(HAVE_PKCS7) && !defined(NO_AES) && defined(HAVE_AES_CBC) && \
!defined(NO_AES_256)
static const byte defKey[] = {
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
@ -25634,7 +25634,7 @@ static int myCEKwrapFunc(PKCS7* pkcs7, byte* cek, word32 cekSz, byte* keyId,
(void)orginKeySz;
return ret;
}
#endif /* HAVE_PKCS7 && !NO_AES && !NO_AES_256 */
#endif /* HAVE_PKCS7 && !NO_AES && HAVE_AES_CBC && !NO_AES_256 */
/*
@ -25777,7 +25777,7 @@ static void test_wc_PKCS7_EncodeDecodeEnvelopedData (void)
{(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, DES3b, 0, 0,
rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz},
#endif /* NO_DES3 */
#ifndef NO_AES
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
#ifndef NO_AES_128
{(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES128CBCb,
0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz},
@ -25790,11 +25790,11 @@ static void test_wc_PKCS7_EncodeDecodeEnvelopedData (void)
{(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES256CBCb,
0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz},
#endif
#endif /* NO_AES */
#endif /* NO_AES && HAVE_AES_CBC */
#endif /* NO_RSA */
#if defined(HAVE_ECC)
#ifndef NO_AES
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
#if !defined(NO_SHA) && !defined(NO_AES_128)
{(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES128CBCb,
AES128_WRAP, dhSinglePass_stdDH_sha1kdf_scheme, eccCert,
@ -25810,7 +25810,7 @@ static void test_wc_PKCS7_EncodeDecodeEnvelopedData (void)
AES256_WRAP, dhSinglePass_stdDH_sha512kdf_scheme, eccCert,
eccCertSz, eccPrivKey, eccPrivKeySz},
#endif
#endif /* NO_AES */
#endif /* NO_AES && HAVE_AES_CBC*/
#endif /* END HAVE_ECC */
}; /* END pkcs7EnvelopedVector */
@ -25877,7 +25877,7 @@ static void test_wc_PKCS7_EncodeDecodeEnvelopedData (void)
AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output, 0, decoded,
(word32)sizeof(decoded)), BAD_FUNC_ARG);
/* Should get a return of BAD_FUNC_ARG with structure data. Order matters.*/
#if defined(HAVE_ECC) && !defined(NO_AES)
#if defined(HAVE_ECC) && !defined(NO_AES) && defined(HAVE_AES_CBC)
/* only a failure for KARI test cases */
tempWrd32 = pkcs7->singleCertSz;
pkcs7->singleCertSz = 0;
@ -25894,17 +25894,29 @@ static void test_wc_PKCS7_EncodeDecodeEnvelopedData (void)
tempWrd32 = pkcs7->privateKeySz;
pkcs7->privateKeySz = 0;
AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
(word32)sizeof(output), decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG);
(word32)sizeof(output), decoded, (word32)sizeof(decoded)),
#ifndef HAVE_AES_CBC
ASN_PARSE_E
#else
BAD_FUNC_ARG
#endif
);
pkcs7->privateKeySz = tempWrd32;
tmpBytePtr = pkcs7->privateKey;
pkcs7->privateKey = NULL;
AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
(word32)sizeof(output), decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG);
(word32)sizeof(output), decoded, (word32)sizeof(decoded)),
#ifndef HAVE_AES_CBC
ASN_PARSE_E
#else
BAD_FUNC_ARG
#endif
);
pkcs7->privateKey = tmpBytePtr;
wc_PKCS7_Free(pkcs7);
#if !defined(NO_AES) && !defined(NO_AES_256)
#if !defined(NO_AES) && defined(HAVE_AES_CBC) && !defined(NO_AES_256)
/* test of decrypt callback with KEKRI enveloped data */
{
int envelopedSz;
@ -26021,7 +26033,7 @@ static void test_wc_PKCS7_EncodeEncryptedData (void)
};
#endif
#ifndef NO_AES
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
#ifndef NO_AES_128
byte aes128Key[] = {
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
@ -26043,15 +26055,15 @@ static void test_wc_PKCS7_EncodeEncryptedData (void)
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08
};
#endif
#endif
#endif /* !NO_AES && HAVE_AES_CBC */
const pkcs7EncryptedVector testVectors[] =
{
#ifndef NO_DES3
{data, (word32)sizeof(data), DATA, DES3b, des3Key, sizeof(des3Key)},
{data, (word32)sizeof(data), DATA, DESb, desKey, sizeof(desKey)},
#endif /* NO_DES3 */
#ifndef NO_AES
#endif /* !NO_DES3 */
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
#ifndef NO_AES_128
{data, (word32)sizeof(data), DATA, AES128CBCb, aes128Key,
sizeof(aes128Key)},
@ -26067,7 +26079,7 @@ static void test_wc_PKCS7_EncodeEncryptedData (void)
sizeof(aes256Key)},
#endif
#endif /* NO_AES */
#endif /* !NO_AES && HAVE_AES_CBC */
};
testSz = sizeof(testVectors) / sizeof(pkcs7EncryptedVector);
@ -26477,11 +26489,13 @@ static void test_wc_PKCS7_BER(void)
static void test_PKCS7_signed_enveloped(void)
{
#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) \
&& !defined(NO_AES)
#if defined(HAVE_PKCS7) && !defined(NO_RSA) && !defined(NO_AES) && \
!defined(NO_FILESYSTEM)
XFILE f;
PKCS7* pkcs7;
#ifdef HAVE_AES_CBC
PKCS7* inner;
#endif
void* pt;
WC_RNG rng;
unsigned char key[FOURK_BUF/2];
@ -26493,8 +26507,10 @@ static void test_PKCS7_signed_enveloped(void)
unsigned char sig[FOURK_BUF * 2];
int sigSz = FOURK_BUF * 2;
#ifdef HAVE_AES_CBC
unsigned char decoded[FOURK_BUF];
int decodedSz = FOURK_BUF;
#endif
printf(testingFmt, "PKCS7_signed_enveloped");
@ -26525,6 +26541,7 @@ static void test_PKCS7_signed_enveloped(void)
wc_PKCS7_Free(pkcs7);
wc_FreeRng(&rng);
#ifdef HAVE_AES_CBC
/* create envelope */
AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0);
@ -26536,6 +26553,7 @@ static void test_PKCS7_signed_enveloped(void)
pkcs7->privateKeySz = keySz;
AssertIntGT((envSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, env, envSz)), 0);
wc_PKCS7_Free(pkcs7);
#endif
/* create bad signed enveloped data */
sigSz = FOURK_BUF * 2;
@ -26614,6 +26632,7 @@ static void test_PKCS7_signed_enveloped(void)
AssertIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, sigSz), 0);
AssertNotNull(pkcs7->content);
#ifdef HAVE_AES_CBC
/* check decode */
AssertNotNull(inner = wc_PKCS7_New(NULL, 0));
AssertIntEQ(wc_PKCS7_InitWithCert(inner, cert, certSz), 0);
@ -26622,8 +26641,10 @@ static void test_PKCS7_signed_enveloped(void)
AssertIntGT((decodedSz = wc_PKCS7_DecodeEnvelopedData(inner, pkcs7->content,
pkcs7->contentSz, decoded, decodedSz)), 0);
wc_PKCS7_Free(inner);
#endif
wc_PKCS7_Free(pkcs7);
#ifdef HAVE_AES_CBC
/* check cert set */
AssertNotNull(pkcs7 = wc_PKCS7_New(NULL, 0));
AssertIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0);
@ -26631,10 +26652,11 @@ static void test_PKCS7_signed_enveloped(void)
AssertNotNull(pkcs7->singleCert);
AssertIntNE(pkcs7->singleCertSz, 0);
wc_PKCS7_Free(pkcs7);
#endif
printf(resultFmt, passed);
#endif
#endif /* HAVE_PKCS7 && !NO_RSA && !NO_AES */
}
static void test_wc_PKCS7_NoDefaultSignedAttribs (void)
{
@ -34156,7 +34178,8 @@ static void test_wolfSSL_PKCS8_d2i(void)
file)), 0);
XFCLOSE(file);
#if defined(OPENSSL_ALL) && \
!defined(NO_BIO) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8)
!defined(NO_BIO) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8) && \
defined(HAVE_AES_CBC)
AssertNotNull(bio = BIO_new(BIO_s_mem()));
/* Write PKCS#8 PEM to BIO. */
AssertIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL,
@ -34174,7 +34197,7 @@ static void test_wolfSSL_PKCS8_d2i(void)
(void*)"yassl123"));
EVP_PKEY_free(evpPkey);
BIO_free(bio);
#endif /* OPENSSL_ALL && !NO_BIO && !NO_PWDBASED && HAVE_PKCS8 */
#endif /* OPENSSL_ALL && !NO_BIO && !NO_PWDBASED && HAVE_PKCS8 && HAVE_AES_CBC */
EVP_PKEY_free(pkey);
/* PKCS#8 encrypted EC key */
@ -34580,9 +34603,8 @@ static void test_wolfSSL_HMAC(void)
static void test_wolfSSL_CMAC(void)
{
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_CMAC)
int i = 0;
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_CMAC) && defined(HAVE_AES_CBC)
int i;
byte key[AES_128_KEY_SIZE];
CMAC_CTX* cmacCtx = NULL;
byte out[AES_BLOCK_SIZE];
@ -34590,7 +34612,7 @@ static void test_wolfSSL_CMAC(void)
printf(testingFmt, "test_wolfSSL_CMAC()");
for (; i < AES_128_KEY_SIZE; ++i) {
for (i=0; i < AES_128_KEY_SIZE; ++i) {
key[i] = i;
}
AssertNotNull(cmacCtx = CMAC_CTX_new());
@ -34606,7 +34628,7 @@ static void test_wolfSSL_CMAC(void)
CMAC_CTX_free(cmacCtx);
printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && WOLFSSL_CMAC */
#endif /* OPENSSL_EXTRA && WOLFSSL_CMAC && HAVE_AES_CBC */
}

15
wolfcrypt/src/ecc.c
View File

@ -11416,16 +11416,17 @@ int wc_ecc_encrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
switch (ctx->encAlgo) {
case ecAES_128_CBC:
{
#ifdef WOLFSSL_SMALL_STACK
#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
#ifdef WOLFSSL_SMALL_STACK
Aes *aes = (Aes *)XMALLOC(sizeof *aes, ctx->heap,
DYNAMIC_TYPE_AES);
if (aes == NULL) {
ret = MEMORY_E;
break;
}
#else
#else
Aes aes[1];
#endif
#endif
ret = wc_AesInit(aes, NULL, INVALID_DEVID);
if (ret == 0) {
ret = wc_AesSetKey(aes, encKey, KEY_SIZE_128, encIv,
@ -11439,14 +11440,14 @@ int wc_ecc_encrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
}
wc_AesFree(aes);
}
#ifdef WOLFSSL_SMALL_STACK
#ifdef WOLFSSL_SMALL_STACK
XFREE(aes, ctx->heap, DYNAMIC_TYPE_AES);
#endif
#else
ret = NOT_COMPILED_IN;
#endif
if (ret != 0)
break;
}
break;
default:
ret = BAD_FUNC_ARG;
break;

2
wolfcrypt/src/hmac.c
View File

@ -271,7 +271,7 @@ int _InitHmac(Hmac* hmac, int type, void* heap)
/* default to NULL heap hint or test value */
#ifdef WOLFSSL_HEAP_TEST
hmac->heap = (void)WOLFSSL_HEAP_TEST;
hmac->heap = (void*)WOLFSSL_HEAP_TEST;
#else
hmac->heap = heap;
#endif /* WOLFSSL_HEAP_TEST */

14
wolfcrypt/src/pkcs7.c
View File

@ -6707,7 +6707,7 @@ static int wc_PKCS7_EncryptContent(int encryptOID, byte* key, int keySz,
int ret;
#ifndef NO_AES
#ifdef WOLFSSL_SMALL_STACK
Aes *aes;
Aes* aes;
#else
Aes aes[1];
#endif
@ -6722,6 +6722,7 @@ static int wc_PKCS7_EncryptContent(int encryptOID, byte* key, int keySz,
switch (encryptOID) {
#ifndef NO_AES
#ifdef HAVE_AES_CBC
#ifdef WOLFSSL_AES_128
case AES128CBCb:
#endif
@ -6760,6 +6761,7 @@ static int wc_PKCS7_EncryptContent(int encryptOID, byte* key, int keySz,
XFREE(aes, NULL, DYNAMIC_TYPE_AES);
#endif
break;
#endif /* HAVE_AES_CBC */
#ifdef HAVE_AESGCM
#ifdef WOLFSSL_AES_128
case AES128GCMb:
@ -6828,7 +6830,7 @@ static int wc_PKCS7_EncryptContent(int encryptOID, byte* key, int keySz,
break;
#endif
#endif /* HAVE_AESCCM */
#endif /* NO_AES */
#endif /* !NO_AES */
#ifndef NO_DES3
case DESb:
if (keySz != DES_KEYLEN || ivSz != DES_BLOCK_SIZE)
@ -6852,7 +6854,7 @@ static int wc_PKCS7_EncryptContent(int encryptOID, byte* key, int keySz,
wc_Des3Free(&des3);
}
break;
#endif
#endif /* !NO_DES3 */
default:
WOLFSSL_MSG("Unsupported content cipher type");
return ALGO_ID_E;
@ -6901,6 +6903,7 @@ static int wc_PKCS7_DecryptContent(PKCS7* pkcs7, int encryptOID, byte* key,
switch (encryptOID) {
#ifndef NO_AES
#ifdef HAVE_AES_CBC
#ifdef WOLFSSL_AES_128
case AES128CBCb:
#endif
@ -6938,6 +6941,7 @@ static int wc_PKCS7_DecryptContent(PKCS7* pkcs7, int encryptOID, byte* key,
XFREE(aes, NULL, DYNAMIC_TYPE_AES);
#endif
break;
#endif /* HAVE_AES_CBC */
#ifdef HAVE_AESGCM
#ifdef WOLFSSL_AES_128
case AES128GCMb:
@ -7006,7 +7010,7 @@ static int wc_PKCS7_DecryptContent(PKCS7* pkcs7, int encryptOID, byte* key,
break;
#endif
#endif /* HAVE_AESCCM */
#endif /* NO_AES */
#endif /* !NO_AES */
#ifndef NO_DES3
case DESb:
if (keySz != DES_KEYLEN || ivSz != DES_BLOCK_SIZE)
@ -7030,7 +7034,7 @@ static int wc_PKCS7_DecryptContent(PKCS7* pkcs7, int encryptOID, byte* key,
}
break;
#endif
#endif /* !NO_DES3 */
default:
WOLFSSL_MSG("Unsupported content cipher type");
return ALGO_ID_E;

82
wolfcrypt/test/test.c
View File

@ -503,7 +503,7 @@ WOLFSSL_TEST_SUBROUTINE int scrypt_test(void);
#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM)
WOLFSSL_TEST_SUBROUTINE int pkcs7authenveloped_test(void);
#endif
#ifndef NO_AES
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
WOLFSSL_TEST_SUBROUTINE int pkcs7callback_test(byte* cert, word32 certSz, byte* key,
word32 keySz);
#endif
@ -7878,6 +7878,7 @@ static int aes_key_size_test(void)
ERROR_OUT(-5314, out);
#endif
#endif /* !WOLFSSL_CRYPTOCELL */
ret = 0; /* success */
out:
#ifdef WOLFSSL_SMALL_STACK
@ -8555,15 +8556,15 @@ WOLFSSL_TEST_SUBROUTINE int aes_test(void)
Aes enc[1];
#endif
byte cipher[AES_BLOCK_SIZE * 4];
#if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_DIRECT)
#ifdef HAVE_AES_DECRYPT
#ifdef WOLFSSL_SMALL_STACK
Aes *dec = (Aes *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES);
#else
Aes dec[1];
#endif
byte plain [AES_BLOCK_SIZE * 4];
#endif
#endif /* HAVE_AES_CBC || WOLFSSL_AES_COUNTER */
#endif /* HAVE_AES_DECRYPT */
#endif /* HAVE_AES_CBC || WOLFSSL_AES_COUNTER || WOLFSSL_AES_DIRECT */
int ret = 0;
#ifdef HAVE_AES_CBC
@ -9138,7 +9139,7 @@ WOLFSSL_TEST_SUBROUTINE int aes_test(void)
out:
#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER)
#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_DIRECT)
#ifdef WOLFSSL_SMALL_STACK
if (enc) {
if (ret != -5900) /* note this must match ERRROR_OUT() code
@ -9152,7 +9153,7 @@ WOLFSSL_TEST_SUBROUTINE int aes_test(void)
wc_AesFree(enc);
#endif
(void)cipher;
#if defined(HAVE_AES_DECRYPT) || defined(WOLFSSL_AES_COUNTER)
#ifdef HAVE_AES_DECRYPT
#ifdef WOLFSSL_SMALL_STACK
if (dec) {
if ((ret != -5900) && (ret != -5901))
@ -9167,8 +9168,8 @@ WOLFSSL_TEST_SUBROUTINE int aes_test(void)
wc_AesFree(dec);
#endif
(void)plain;
#endif
#endif
#endif /* HAVE_AES_DECRYPT */
#endif /* HAVE_AES_CBC || WOLFSSL_AES_COUNTER || WOLFSSL_AES_DIRECT */
return ret;
}
@ -23103,16 +23104,16 @@ static int ecc_test_cert_gen(WC_RNG* rng)
int ret;
#ifdef WOLFSSL_SMALL_STACK
Cert *myCert = (Cert *)XMALLOC(sizeof *myCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#ifdef WOLFSSL_TEST_CERT
#ifdef WOLFSSL_TEST_CERT
DecodedCert *decode = (DecodedCert *)XMALLOC(sizeof *decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#endif
#endif
ecc_key *caEccKey = (ecc_key *)XMALLOC(sizeof *caEccKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
ecc_key *certPubKey = (ecc_key *)XMALLOC(sizeof *certPubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
#else
Cert myCert[1];
#ifdef WOLFSSL_TEST_CERT
#ifdef WOLFSSL_TEST_CERT
DecodedCert decode[1];
#endif
#endif
ecc_key caEccKey[1];
ecc_key certPubKey[1];
#endif
@ -23130,9 +23131,9 @@ static int ecc_test_cert_gen(WC_RNG* rng)
#ifdef WOLFSSL_SMALL_STACK
if ((myCert == NULL)
#ifdef WOLFSSL_TEST_CERT
#ifdef WOLFSSL_TEST_CERT
|| (decode == NULL)
#endif
#endif
|| (caEccKey == NULL) || (certPubKey == NULL))
ERROR_OUT(MEMORY_E, exit);
#endif
@ -23242,7 +23243,7 @@ static int ecc_test_cert_gen(WC_RNG* rng)
#endif /* WOLFSSL_CERT_EXT */
#ifdef ENABLE_ECC384_CERT_GEN_TEST
#if defined(USE_CERT_BUFFERS_256)
#if defined(USE_CERT_BUFFERS_256)
ret = wc_SetIssuerBuffer(myCert, ca_ecc_cert_der_384,
sizeof_ca_ecc_cert_der_384);
#else
@ -23255,9 +23256,9 @@ static int ecc_test_cert_gen(WC_RNG* rng)
sizeof_ca_ecc_cert_der_256);
#else
ret = wc_SetIssuer(myCert, eccCaCertFile);
#ifdef ENABLE_ECC384_CERT_GEN_TEST
#ifdef ENABLE_ECC384_CERT_GEN_TEST
(void)eccCaCert384File;
#endif
#endif
#endif
#endif /* ENABLE_ECC384_CERT_GEN_TEST */
if (ret < 0) {
@ -23943,7 +23944,7 @@ WOLFSSL_TEST_SUBROUTINE int ecc_test(void)
goto done;
}
#elif defined(HAVE_ECC_KEY_IMPORT)
(void) ecc_test_make_pub;/* for compiler warning */
(void)ecc_test_make_pub; /* for compiler warning */
#endif
#ifdef WOLFSSL_CERT_GEN
ret = ecc_test_cert_gen(&rng);
@ -30545,7 +30546,7 @@ static int myOriDecryptCb(PKCS7* pkcs7, byte* oriType, word32 oriTypeSz,
}
#ifndef NO_AES
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
/* returns 0 on success */
static int myDecryptionFunc(PKCS7* pkcs7, int encryptOID, byte* iv, int ivSz,
byte* aad, word32 aadSz, byte* authTag, word32 authTagSz,
@ -30641,15 +30642,18 @@ static int myDecryptionFunc(PKCS7* pkcs7, int encryptOID, byte* iv, int ivSz,
}
switch (encryptOID) {
#ifdef WOLFSSL_AES_256
case AES256CBCb:
if ((keySz != 32 ) || (ivSz != AES_BLOCK_SIZE))
ERROR_OUT(BAD_FUNC_ARG, out);
break;
#endif
#ifdef WOLFSSL_AES_128
case AES128CBCb:
if ((keySz != 16 ) || (ivSz != AES_BLOCK_SIZE))
ERROR_OUT(BAD_FUNC_ARG, out);
break;
#endif
default:
printf("Unsupported content cipher type for example");
@ -30676,7 +30680,7 @@ static int myDecryptionFunc(PKCS7* pkcs7, int encryptOID, byte* iv, int ivSz,
(void)authTagSz;
return ret;
}
#endif /* NO_AES */
#endif /* !NO_AES && HAVE_AES_CBC */
#define PKCS7_BUF_SIZE 2048
@ -30704,14 +30708,15 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
0x72,0x6c,0x64
};
#if !defined(NO_AES) && defined(WOLFSSL_AES_256) && defined(HAVE_ECC) && \
defined(WOLFSSL_SHA512)
#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256) && \
defined(HAVE_ECC) && defined(WOLFSSL_SHA512)
byte optionalUkm[] = {
0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07
};
#endif /* NO_AES */
#if !defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128)
#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) && \
!defined(NO_SHA)
/* encryption key for kekri recipient types */
byte secretKey[] = {
0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,
@ -30724,8 +30729,8 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
};
#endif
#if !defined(NO_PWDBASED) && !defined(NO_AES) && \
!defined(NO_SHA) && defined(WOLFSSL_AES_128)
#if !defined(NO_PWDBASED) && !defined(NO_SHA) && \
!defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
#ifndef HAVE_FIPS
char password[] = "password"; /* NOTE: Password is too short for FIPS */
@ -30785,7 +30790,7 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
/* key agreement key encryption technique*/
#ifdef HAVE_ECC
#ifndef NO_AES
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
#if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
{data, (word32)sizeof(data), DATA, AES128CBCb, AES128_WRAP,
dhSinglePass_stdDH_sha1kdf_scheme, eccCert, eccCertSz, eccPrivKey,
@ -30816,11 +30821,11 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
"pkcs7envelopedDataAES256CBC_ECDH_SHA512KDF_ukm.der"},
#endif /* WOLFSSL_SHA512 && WOLFSSL_AES_256 */
#endif /* NO_AES */
#endif /* !NO_AES && HAVE_AES_CBC */
#endif
/* kekri (KEKRecipientInfo) recipient types */
#ifndef NO_AES
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
#if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
{data, (word32)sizeof(data), DATA, AES128CBCb, AES128_WRAP, 0,
NULL, 0, NULL, 0, NULL, 0, 0, 0, secretKey, sizeof(secretKey),
@ -30828,10 +30833,10 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0,
"pkcs7envelopedDataAES128CBC_KEKRI.der"},
#endif
#endif
#endif /* !NO_AES && HAVE_AES_CBC */
/* pwri (PasswordRecipientInfo) recipient types */
#if !defined(NO_PWDBASED) && !defined(NO_AES)
#if !defined(NO_PWDBASED) && !defined(NO_AES) && defined(HAVE_AES_CBC)
#if !defined(NO_SHA) && defined(WOLFSSL_AES_128)
{data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0,
NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0,
@ -30841,7 +30846,7 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
#endif
#endif
#if !defined(NO_AES) && !defined(NO_AES_128)
#if !defined(NO_AES) && defined(HAVE_AES_CBC) && !defined(NO_AES_128)
/* ori (OtherRecipientInfo) recipient types */
{data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0, NULL, 0, NULL, 0,
NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0,
@ -31287,6 +31292,8 @@ static int pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
};
byte senderNonce[PKCS7_NONCE_SZ + 2];
#ifdef HAVE_ECC
#if !defined(NO_AES) && defined(HAVE_AESGCM)
#if !defined(NO_SHA256) && defined(WOLFSSL_AES_256)
WOLFSSL_SMALL_STACK_STATIC const byte senderNonceOid[] =
{ 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01,
0x09, 0x05 };
@ -31296,6 +31303,8 @@ static int pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
{ senderNonceOid, sizeof(senderNonceOid), senderNonce,
sizeof(senderNonce) }
};
#endif
#endif
#endif
#if !defined(NO_AES) && defined(WOLFSSL_AES_256) && defined(HAVE_ECC) && \
@ -31783,11 +31792,11 @@ static int pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
wc_FreeRng(&rng);
#if !defined(HAVE_ECC) || defined(NO_AES)
(void)eccCert;
(void)eccCertSz;
(void)eccPrivKey;
(void)eccPrivKeySz;
#if !defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128)
(void)secretKey;
(void)secretKeyId;
#endif
@ -31898,7 +31907,8 @@ WOLFSSL_TEST_SUBROUTINE int pkcs7authenveloped_test(void)
}
#endif /* HAVE_AESGCM || HAVE_AESCCM */
#ifndef NO_AES
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
static const byte p7DefKey[] = {
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
@ -32314,7 +32324,7 @@ WOLFSSL_TEST_SUBROUTINE int pkcs7callback_test(byte* cert, word32 certSz, byte*
return ret;
}
#endif /* NO_AES */
#endif /* !NO_AES && HAVE_AES_CBC */
#ifndef NO_PKCS7_ENCRYPTED_DATA
@ -33917,7 +33927,7 @@ WOLFSSL_TEST_SUBROUTINE int pkcs7signed_test(void)
eccClientCertBuf, (word32)eccClientCertBufSz,
eccClientPrivKeyBuf, (word32)eccClientPrivKeyBufSz);
#ifndef NO_AES
#if !defined(NO_AES) && defined(HAVE_AES_CBC)
if (ret >= 0)
ret = pkcs7callback_test(
rsaClientCertBuf, (word32)rsaClientCertBufSz,

15
wolfssl/test.h
View File

@ -3053,7 +3053,7 @@ typedef struct AtomicDecCtx {
Aes aes; /* for aes example */
} AtomicDecCtx;
#if !defined(NO_HMAC) && !defined(NO_AES) && defined(HAVE_AES_CBC)
static WC_INLINE int myMacEncryptCb(WOLFSSL* ssl, unsigned char* macOut,
const unsigned char* macIn, unsigned int macInSz, int macContent,
int macVerify, unsigned char* encOut, const unsigned char* encIn,
@ -3124,7 +3124,6 @@ static WC_INLINE int myMacEncryptCb(WOLFSSL* ssl, unsigned char* macOut,
return wc_AesCbcEncrypt(&encCtx->aes, encOut, encIn, encSz);
}
static WC_INLINE int myDecryptVerifyCb(WOLFSSL* ssl,
unsigned char* decOut, const unsigned char* decIn,
unsigned int decSz, int macContent, int macVerify,
@ -3225,7 +3224,7 @@ static WC_INLINE int myDecryptVerifyCb(WOLFSSL* ssl,
return ret;
}
#if defined(HAVE_ENCRYPT_THEN_MAC)
#ifdef HAVE_ENCRYPT_THEN_MAC
static WC_INLINE int myEncryptMacCb(WOLFSSL* ssl, unsigned char* macOut,
int content, int macVerify, unsigned char* encOut,
@ -3379,7 +3378,8 @@ static WC_INLINE int myVerifyDecryptCb(WOLFSSL* ssl,
return 0;
}
#endif
#endif /* HAVE_ENCRYPT_THEN_MAC */
#endif /* !NO_HMAC && !NO_AES && HAVE_AES_CBC */
static WC_INLINE void SetupAtomicUser(WOLFSSL_CTX* ctx, WOLFSSL* ssl)
@ -3399,18 +3399,23 @@ static WC_INLINE void SetupAtomicUser(WOLFSSL_CTX* ctx, WOLFSSL* ssl)
}
XMEMSET(decCtx, 0, sizeof(AtomicDecCtx));
#if !defined(NO_HMAC) && !defined(NO_AES) && defined(HAVE_AES_CBC)
wolfSSL_CTX_SetMacEncryptCb(ctx, myMacEncryptCb);
wolfSSL_SetMacEncryptCtx(ssl, encCtx);
wolfSSL_CTX_SetDecryptVerifyCb(ctx, myDecryptVerifyCb);
wolfSSL_SetDecryptVerifyCtx(ssl, decCtx);
#if defined(HAVE_ENCRYPT_THEN_MAC)
#ifdef HAVE_ENCRYPT_THEN_MAC
wolfSSL_CTX_SetEncryptMacCb(ctx, myEncryptMacCb);
wolfSSL_SetEncryptMacCtx(ssl, encCtx);
wolfSSL_CTX_SetVerifyDecryptCb(ctx, myVerifyDecryptCb);
wolfSSL_SetVerifyDecryptCtx(ssl, decCtx);
#endif
#else
(void)ctx;
(void)ssl;
#endif
}