From ae948e2a07c5ffd03dd57f98d9b64ea1168cdc99 Mon Sep 17 00:00:00 2001 From: Juliusz Sosinowicz Date: Fri, 20 Dec 2019 16:23:41 +0100 Subject: [PATCH] Pass try-ciphers define EVP_CIPHER_CTX_set_iv as wolfSSL_EVP_CIPHER_CTX_set_iv add wolfSSL_GetLoggingCb functionality when compiling without enable-debug fix initialization vector handling of all cipher modes when using our EVP layer. The IV was incorrectly handled in initialization as well as not being updated after processing --- src/ssl.c | 89 ++++++++++++++++++++++++++++++++++------- wolfcrypt/src/logging.c | 4 ++ wolfssl/openssl/evp.h | 1 + 3 files changed, 80 insertions(+), 14 deletions(-) diff --git a/src/ssl.c b/src/ssl.c index ed045b6b9..e566455f4 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -16720,6 +16720,10 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) ctx->bufUsed = 0; ctx->lastUsed = 0; + if (!iv && ctx->ivSz) { + iv = ctx->iv; + } + #ifndef NO_AES #ifdef HAVE_AES_CBC #ifdef WOLFSSL_AES_128 @@ -16731,6 +16735,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) ctx->flags |= WOLFSSL_EVP_CIPH_CBC_MODE; ctx->keyLen = 16; ctx->block_size = AES_BLOCK_SIZE; + ctx->ivSz = AES_BLOCK_SIZE; if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (key) { @@ -16755,6 +16760,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) ctx->flags |= WOLFSSL_EVP_CIPH_CBC_MODE; ctx->keyLen = 24; ctx->block_size = AES_BLOCK_SIZE; + ctx->ivSz = AES_BLOCK_SIZE; if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (key) { @@ -16779,6 +16785,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) ctx->flags |= WOLFSSL_EVP_CIPH_CBC_MODE; ctx->keyLen = 32; ctx->block_size = AES_BLOCK_SIZE; + ctx->ivSz = AES_BLOCK_SIZE; if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (key) { @@ -16810,7 +16817,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) ctx->keyLen = 16; ctx->block_size = AES_BLOCK_SIZE; ctx->authTagSz = AES_BLOCK_SIZE; - ctx->ivSz = 12; /* set default IV length to 96 bits */ + ctx->ivSz = GCM_NONCE_MID_SZ; XMEMSET(ctx->authTag, 0, ctx->authTagSz); if (iv) @@ -16836,7 +16843,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) ctx->keyLen = 24; ctx->block_size = AES_BLOCK_SIZE; ctx->authTagSz = AES_BLOCK_SIZE; - ctx->ivSz = 12; /* set default IV length to 96 bits */ + ctx->ivSz = GCM_NONCE_MID_SZ; XMEMSET(ctx->authTag, 0, ctx->authTagSz); if (iv) @@ -16862,7 +16869,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) ctx->keyLen = 32; ctx->block_size = AES_BLOCK_SIZE; ctx->authTagSz = AES_BLOCK_SIZE; - ctx->ivSz = 12; /* set default IV length to 96 bits */ + ctx->ivSz = GCM_NONCE_MID_SZ; XMEMSET(ctx->authTag, 0, ctx->authTagSz); if (iv) @@ -16891,6 +16898,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) ctx->flags |= WOLFSSL_EVP_CIPH_CTR_MODE; ctx->keyLen = 16; ctx->block_size = NO_PADDING_BLOCK_SIZE; + ctx->ivSz = AES_BLOCK_SIZE; #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) ctx->cipher.aes.left = 0; #endif @@ -16918,6 +16926,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) ctx->flags |= WOLFSSL_EVP_CIPH_CTR_MODE; ctx->keyLen = 24; ctx->block_size = NO_PADDING_BLOCK_SIZE; + ctx->ivSz = AES_BLOCK_SIZE; #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) ctx->cipher.aes.left = 0; #endif @@ -16945,6 +16954,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) ctx->flags |= WOLFSSL_EVP_CIPH_CTR_MODE; ctx->keyLen = 32; ctx->block_size = NO_PADDING_BLOCK_SIZE; + ctx->ivSz = AES_BLOCK_SIZE; #if defined(WOLFSSL_AES_COUNTER) || defined(WOLFSSL_AES_CFB) ctx->cipher.aes.left = 0; #endif @@ -17032,6 +17042,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) ctx->flags |= WOLFSSL_EVP_CIPH_CBC_MODE; ctx->keyLen = 8; ctx->block_size = DES_BLOCK_SIZE; + ctx->ivSz = DES_BLOCK_SIZE; if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (key) { @@ -17073,6 +17084,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) ctx->flags |= WOLFSSL_EVP_CIPH_CBC_MODE; ctx->keyLen = 24; ctx->block_size = DES_BLOCK_SIZE; + ctx->ivSz = DES_BLOCK_SIZE; if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (key) { @@ -17130,6 +17142,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) ctx->flags |= WOLFSSL_EVP_CIPH_CBC_MODE; ctx->keyLen = IDEA_KEY_SIZE; ctx->block_size = 8; + ctx->ivSz = IDEA_BLOCK_SIZE; if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; if (key) { @@ -17151,6 +17164,12 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) ctx->keyLen = 0; ctx->block_size = 16; } + ctx->ivSz = wolfSSL_EVP_CIPHER_CTX_iv_length(ctx); + if (iv && iv != ctx->iv) { + if (wolfSSL_StoreExternalIV(ctx) != WOLFSSL_SUCCESS) { + return WOLFSSL_FAILURE; + } + } (void)ret; /* remove warning. If execution reaches this point, ret=0 */ return WOLFSSL_SUCCESS; } @@ -17197,20 +17216,21 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) int wolfSSL_EVP_CIPHER_CTX_set_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* iv, int ivLen) { + int expectedIvLen; + WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_set_iv_length"); - if (!ctx || !iv -#ifndef NO_AES - || ivLen != AES_BLOCK_SIZE -#elif !defined(NO_DES3) - || ivLen != DES_BLOCK_SIZE -#endif - ) { + if (!ctx || !iv || !ivLen) { return WOLFSSL_FAILURE; } - XMEMCPY(ctx->iv, iv, ivLen); - ctx->ivSz= ivLen; - return WOLFSSL_SUCCESS; + expectedIvLen = wolfSSL_EVP_CIPHER_CTX_iv_length(ctx); + + if (expectedIvLen == 0 || expectedIvLen != ivLen) { + WOLFSSL_MSG("Wrong ivLen value"); + return WOLFSSL_FAILURE; + } + + return wolfSSL_EVP_CipherInit(ctx, NULL, NULL, iv, -1); } #endif @@ -17310,12 +17330,14 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) #ifndef NO_DES3 case DES_CBC_TYPE : + WOLFSSL_MSG("DES CBC"); if (ctx->enc) wc_Des_CbcEncrypt(&ctx->cipher.des, dst, src, len); else wc_Des_CbcDecrypt(&ctx->cipher.des, dst, src, len); break; case DES_EDE3_CBC_TYPE : + WOLFSSL_MSG("DES3 CBC"); if (ctx->enc) ret = wc_Des3_CbcEncrypt(&ctx->cipher.des3, dst, src, len); else @@ -17323,9 +17345,11 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) break; #ifdef WOLFSSL_DES_ECB case DES_ECB_TYPE : + WOLFSSL_MSG("DES ECB"); ret = wc_Des_EcbEncrypt(&ctx->cipher.des, dst, src, len); break; case DES_EDE3_ECB_TYPE : + WOLFSSL_MSG("DES3 ECB"); ret = wc_Des3_EcbEncrypt(&ctx->cipher.des3, dst, src, len); break; #endif @@ -17333,12 +17357,14 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) #ifndef NO_RC4 case ARC4_TYPE : + WOLFSSL_MSG("ARC4"); wc_Arc4Process(&ctx->cipher.arc4, dst, src, len); break; #endif #ifdef HAVE_IDEA case IDEA_CBC_TYPE : + WOLFSSL_MSG("IDEA CBC"); if (ctx->enc) wc_IdeaCbcEncrypt(&ctx->cipher.idea, dst, src, len); else @@ -17346,6 +17372,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) break; #endif case NULL_CIPHER_TYPE : + WOLFSSL_MSG("NULL CIPHER"); XMEMCPY(dst, src, len); break; @@ -17360,6 +17387,10 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) return 0; /* failure */ } + if (wolfSSL_StoreExternalIV(ctx) != WOLFSSL_SUCCESS) { + return WOLFSSL_FAILURE; + } + WOLFSSL_MSG("wolfSSL_EVP_Cipher success"); return WOLFSSL_SUCCESS; /* success */ } @@ -17397,6 +17428,13 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) XMEMCPY(ctx->iv, &ctx->cipher.aes.reg, AES_BLOCK_SIZE); break; #endif /* HAVE_AESGCM */ +#ifdef HAVE_AES_ECB + case AES_128_ECB_TYPE : + case AES_192_ECB_TYPE : + case AES_256_ECB_TYPE : + WOLFSSL_MSG("AES ECB"); + break; +#endif #ifdef WOLFSSL_AES_COUNTER case AES_128_CTR_TYPE : case AES_192_CTR_TYPE : @@ -17419,6 +17457,14 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) XMEMCPY(ctx->iv, &ctx->cipher.des3.reg, DES_BLOCK_SIZE); break; #endif +#ifdef WOLFSSL_DES_ECB + case DES_ECB_TYPE : + WOLFSSL_MSG("DES ECB"); + break; + case DES_EDE3_ECB_TYPE : + WOLFSSL_MSG("DES3 ECB"); + break; +#endif #ifdef HAVE_IDEA case IDEA_CBC_TYPE : @@ -17473,6 +17519,13 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) XMEMCPY(&ctx->cipher.aes.reg, ctx->iv, AES_BLOCK_SIZE); break; #endif +#ifdef HAVE_AES_ECB + case AES_128_ECB_TYPE : + case AES_192_ECB_TYPE : + case AES_256_ECB_TYPE : + WOLFSSL_MSG("AES ECB"); + break; +#endif #ifdef WOLFSSL_AES_COUNTER case AES_128_CTR_TYPE : case AES_192_CTR_TYPE : @@ -17495,6 +17548,14 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md) XMEMCPY(&ctx->cipher.des3.reg, ctx->iv, DES_BLOCK_SIZE); break; #endif +#ifdef WOLFSSL_DES_ECB + case DES_ECB_TYPE : + WOLFSSL_MSG("DES ECB"); + break; + case DES_EDE3_ECB_TYPE : + WOLFSSL_MSG("DES3 ECB"); + break; +#endif #ifdef HAVE_IDEA case IDEA_CBC_TYPE : @@ -34695,7 +34756,7 @@ int wolfSSL_EC_POINT_is_at_infinity(const WOLFSSL_EC_GROUP *group, } ret = wc_ecc_point_is_at_infinity((ecc_point*)point->internal); - if (ret <= 0) { + if (ret < 0) { WOLFSSL_MSG("ecc_point_is_at_infinity failure"); return WOLFSSL_FAILURE; } diff --git a/wolfcrypt/src/logging.c b/wolfcrypt/src/logging.c index 70d53121b..6b6ab7512 100644 --- a/wolfcrypt/src/logging.c +++ b/wolfcrypt/src/logging.c @@ -140,7 +140,11 @@ int wolfSSL_SetLoggingCb(wolfSSL_Logging_cb f) /* allow this to be set to NULL, so logs can be redirected to default output */ wolfSSL_Logging_cb wolfSSL_GetLoggingCb(void) { +#ifdef DEBUG_WOLFSSL return log_function; +#else + return NULL; +#endif } diff --git a/wolfssl/openssl/evp.h b/wolfssl/openssl/evp.h index 1d564abd1..e34a50809 100644 --- a/wolfssl/openssl/evp.h +++ b/wolfssl/openssl/evp.h @@ -708,6 +708,7 @@ typedef WOLFSSL_EVP_CIPHER_CTX EVP_CIPHER_CTX; #define EVP_CIPHER_CTX_clear_flags wolfSSL_EVP_CIPHER_CTX_clear_flags #define EVP_CIPHER_CTX_set_padding wolfSSL_EVP_CIPHER_CTX_set_padding #define EVP_CIPHER_CTX_flags wolfSSL_EVP_CIPHER_CTX_flags +#define EVP_CIPHER_CTX_set_iv wolfSSL_EVP_CIPHER_CTX_set_iv #define EVP_add_digest wolfSSL_EVP_add_digest #define EVP_add_cipher wolfSSL_EVP_add_cipher #define EVP_cleanup wolfSSL_EVP_cleanup