From f74831a7da3dd6f1d9799470f8c3839930d81668 Mon Sep 17 00:00:00 2001 From: Eric Blankenhorn Date: Wed, 5 Jan 2022 08:37:10 -0600 Subject: [PATCH] Improve param checks of enc --- mcapi/mcapi_test.c | 4 ++-- src/ssl.c | 33 +++++++++++++++++---------------- tests/api.c | 16 ++++++++-------- 3 files changed, 27 insertions(+), 26 deletions(-) diff --git a/mcapi/mcapi_test.c b/mcapi/mcapi_test.c index 63075cfd3..48be4306a 100644 --- a/mcapi/mcapi_test.c +++ b/mcapi/mcapi_test.c @@ -803,7 +803,7 @@ static int check_aescbc(void) printf("mcapi aes-128 key set failed\n"); return -1; } - ret = wc_AesSetKey(&defAes, key, 16, iv, DES_DECRYPTION); + ret = wc_AesSetKey(&defAes, key, 16, iv, AES_DECRYPTION); if (ret != 0) { printf("default aes-128 key set failed\n"); return -1; @@ -1148,7 +1148,7 @@ static int check_aesdirect(void) printf("mcapi aes-128 key set failed\n"); return -1; } - ret = wc_AesSetKey(&defAes, key, 16, iv, DES_DECRYPTION); + ret = wc_AesSetKey(&defAes, key, 16, iv, AES_DECRYPTION); if (ret != 0) { printf("default aes-128 key set failed\n"); return -1; diff --git a/src/ssl.c b/src/ssl.c index 3caf33f2c..270ead106 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -19801,7 +19801,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, lb_sz = length%DES_BLOCK_SIZE; blk = length/DES_BLOCK_SIZE; - if (enc){ + if (enc == DES_ENCRYPT){ wc_Des_CbcEncrypt(&myDes, output, input, (word32)blk*DES_BLOCK_SIZE); if(lb_sz){ XMEMSET(lastblock, 0, DES_BLOCK_SIZE); @@ -19847,7 +19847,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, /* OpenSSL compat, no ret */ (void)wc_Des3Init(&des, NULL, INVALID_DEVID); - if (enc) { + if (enc == DES_ENCRYPT) { if (wc_Des3_SetKey(&des, key, (const byte*)ivec, DES_ENCRYPTION) == 0) { ret = wc_Des3_CbcEncrypt(&des, output, input, (word32)blk*DES_BLOCK_SIZE); @@ -19916,7 +19916,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out, if (lb_sz) { idx += DES_BLOCK_SIZE - lb_sz; } - if (enc){ + if (enc == DES_ENCRYPT){ wc_Des_CbcEncrypt(&myDes, output, input, (word32)blk * DES_BLOCK_SIZE); if (lb_sz){ @@ -30562,7 +30562,7 @@ void wolfSSL_DES_ecb_encrypt(WOLFSSL_DES_cblock* desa, WOLFSSL_MSG("wc_Des_SetKey return error."); return; } - if (enc){ + if (enc == DES_ENCRYPT){ if (wc_Des_EcbEncrypt(&myDes, (byte*) desb, (const byte*) desa, sizeof(WOLFSSL_DES_cblock)) != 0){ WOLFSSL_MSG("wc_Des_EcbEncrypt return error."); @@ -30686,7 +30686,7 @@ int wolfSSL_AES_set_encrypt_key(const unsigned char *key, const int bits, } XMEMSET(aes, 0, sizeof(AES_KEY)); - if (wc_AesSetKey((Aes*)aes, key, ((bits)/8), NULL, AES_ENCRYPTION) != 0) { + if (wc_AesSetKey((Aes*)aes, key, ((bits)/8), NULL, AES_ENCRYPT) != 0) { WOLFSSL_MSG("Error in setting AES key"); return -1; } @@ -30714,7 +30714,7 @@ int wolfSSL_AES_set_decrypt_key(const unsigned char *key, const int bits, } XMEMSET(aes, 0, sizeof(AES_KEY)); - if (wc_AesSetKey((Aes*)aes, key, ((bits)/8), NULL, AES_DECRYPTION) != 0) { + if (wc_AesSetKey((Aes*)aes, key, ((bits)/8), NULL, AES_DECRYPT) != 0) { WOLFSSL_MSG("Error in setting AES key"); return -1; } @@ -30769,7 +30769,7 @@ void wolfSSL_AES_ecb_encrypt(const unsigned char *in, unsigned char* out, * len length of input buffer * key AES structure to use with encryption/decryption * iv iv to use with operation - * enc AES_ENCRPT for encryption and AES_DECRYPT for decryption + * enc AES_ENCRYPT for encryption and AES_DECRYPT for decryption */ void wolfSSL_AES_cbc_encrypt(const unsigned char *in, unsigned char* out, size_t len, AES_KEY *key, unsigned char* iv, const int enc) @@ -30789,7 +30789,7 @@ void wolfSSL_AES_cbc_encrypt(const unsigned char *in, unsigned char* out, return; } - if (enc) { + if (enc == AES_ENCRYPT) { if (wc_AesCbcEncrypt(aes, out, in, (word32)len) != 0) { WOLFSSL_MSG("Error with AES CBC encrypt"); } @@ -30815,7 +30815,7 @@ void wolfSSL_AES_cbc_encrypt(const unsigned char *in, unsigned char* out, * key AES structure to use with encryption/decryption * iv iv to use with operation * num contains the amount of block used - * enc AES_ENCRPT for encryption and AES_DECRYPT for decryption + * enc AES_ENCRYPT for encryption and AES_DECRYPT for decryption */ void wolfSSL_AES_cfb128_encrypt(const unsigned char *in, unsigned char* out, size_t len, AES_KEY *key, unsigned char* iv, int* num, @@ -30904,7 +30904,6 @@ int wolfSSL_AES_unwrap_key(AES_KEY *key, const unsigned char *iv, return ret < 0 ? WOLFSSL_FAILURE : ret; } #endif /* HAVE_AES_KEYWRAP && !HAVE_FIPS && !HAVE_SELFTEST */ -#endif /* NO_AES */ #ifdef HAVE_CTS /* @@ -30928,7 +30927,7 @@ size_t wolfSSL_CRYPTO_cts128_encrypt(const unsigned char *in, lastBlkLen = WOLFSSL_CTS128_BLOCK_SZ; /* Encrypt data up to last block */ - (*cbc)(in, out, len - lastBlkLen, key, iv, 1); + (*cbc)(in, out, len - lastBlkLen, key, iv, AES_ENCRYPT); /* Move to last block */ in += len - lastBlkLen; @@ -30940,7 +30939,7 @@ size_t wolfSSL_CRYPTO_cts128_encrypt(const unsigned char *in, /* RFC2040: Select the first Ln bytes of En-1 to create Cn */ XMEMCPY(out, out - WOLFSSL_CTS128_BLOCK_SZ, lastBlkLen); (*cbc)(lastBlk, out - WOLFSSL_CTS128_BLOCK_SZ, WOLFSSL_CTS128_BLOCK_SZ, - key, iv, 1); + key, iv, AES_ENCRYPT); return len; } @@ -30964,7 +30963,8 @@ size_t wolfSSL_CRYPTO_cts128_decrypt(const unsigned char *in, lastBlkLen = WOLFSSL_CTS128_BLOCK_SZ; /* Decrypt up to last two blocks */ - (*cbc)(in, out, len - lastBlkLen - WOLFSSL_CTS128_BLOCK_SZ, key, iv, 0); + (*cbc)(in, out, len - lastBlkLen - WOLFSSL_CTS128_BLOCK_SZ, key, iv, + AES_DECRYPTION); /* Move to last two blocks */ in += len - lastBlkLen - WOLFSSL_CTS128_BLOCK_SZ; @@ -30974,17 +30974,18 @@ size_t wolfSSL_CRYPTO_cts128_decrypt(const unsigned char *in, * Use 0 buffer as IV to do straight decryption. * This places the Cn-1 block at lastBlk */ XMEMSET(lastBlk, 0, WOLFSSL_CTS128_BLOCK_SZ); - (*cbc)(in, prevBlk, WOLFSSL_CTS128_BLOCK_SZ, key, lastBlk, 0); + (*cbc)(in, prevBlk, WOLFSSL_CTS128_BLOCK_SZ, key, lastBlk, AES_DECRYPT); /* RFC2040: Append the tail (BB minus Ln) bytes of Xn to Cn * to create En. */ XMEMCPY(prevBlk, in + WOLFSSL_CTS128_BLOCK_SZ, lastBlkLen); /* Cn and Cn-1 can now be decrypted */ - (*cbc)(prevBlk, out, WOLFSSL_CTS128_BLOCK_SZ, key, iv, 0); - (*cbc)(lastBlk, lastBlk, WOLFSSL_CTS128_BLOCK_SZ, key, iv, 0); + (*cbc)(prevBlk, out, WOLFSSL_CTS128_BLOCK_SZ, key, iv, AES_DECRYPT); + (*cbc)(lastBlk, lastBlk, WOLFSSL_CTS128_BLOCK_SZ, key, iv, AES_DECRYPT); XMEMCPY(out + WOLFSSL_CTS128_BLOCK_SZ, lastBlk, lastBlkLen); return len; } #endif /* HAVE_CTS */ +#endif /* NO_AES */ #ifndef NO_ASN_TIME #ifndef NO_BIO diff --git a/tests/api.c b/tests/api.c index d7461907e..75ce77419 100644 --- a/tests/api.c +++ b/tests/api.c @@ -42093,9 +42093,9 @@ static void test_wolfSSL_AES_cbc_encrypt(void) STRESS_T(pt128N, out, len, &aes, iv128tmp, 1, ct128, AES_BLOCK_SIZE, 0); STRESS_T(pt128, out, len, &aes, iv128N, 1, ct128, AES_BLOCK_SIZE, 0); - wolfSSL_AES_cbc_encrypt(pt128, outN, len, &aes, iv128tmp, 1); + wolfSSL_AES_cbc_encrypt(pt128, outN, len, &aes, iv128tmp, AES_ENCRYPT); AssertIntNE(XMEMCMP(out, ct128, AES_BLOCK_SIZE), 0); - wolfSSL_AES_cbc_encrypt(pt128, out, len, aesN, iv128tmp, 1); + wolfSSL_AES_cbc_encrypt(pt128, out, len, aesN, iv128tmp, AES_ENCRYPT); AssertIntNE(XMEMCMP(out, ct128, AES_BLOCK_SIZE), 0); STRESS_T(pt128, out, lenB, &aes, iv128tmp, 1, ct128, AES_BLOCK_SIZE, 0); @@ -42122,7 +42122,7 @@ static void test_wolfSSL_AES_cbc_encrypt(void) RESET_IV(iv128tmp, iv128); AssertIntEQ(wolfSSL_AES_set_encrypt_key(key128, sizeof(key128)*8, &aes), 0); - wolfSSL_AES_cbc_encrypt(pt128, out, len, &aes, iv128tmp, 1); + wolfSSL_AES_cbc_encrypt(pt128, out, len, &aes, iv128tmp, AES_ENCRYPT); AssertIntEQ(XMEMCMP(out, ct128, AES_BLOCK_SIZE), 0); printf(resultFmt, "passed"); @@ -42134,7 +42134,7 @@ static void test_wolfSSL_AES_cbc_encrypt(void) len = sizeof(ct128); AssertIntEQ(wolfSSL_AES_set_decrypt_key(key128, sizeof(key128)*8, &aes), 0); - wolfSSL_AES_cbc_encrypt(ct128, out, len, &aes, iv128tmp, 0); + wolfSSL_AES_cbc_encrypt(ct128, out, len, &aes, iv128tmp, AES_DECRYPT); AssertIntEQ(XMEMCMP(out, pt128, AES_BLOCK_SIZE), 0); printf(resultFmt, "passed"); @@ -42167,7 +42167,7 @@ static void test_wolfSSL_AES_cbc_encrypt(void) RESET_IV(iv192tmp, iv192); AssertIntEQ(wolfSSL_AES_set_encrypt_key(key192, sizeof(key192)*8, &aes), 0); - wolfSSL_AES_cbc_encrypt(pt192, out, len, &aes, iv192tmp, 1); + wolfSSL_AES_cbc_encrypt(pt192, out, len, &aes, iv192tmp, AES_ENCRYPT); AssertIntEQ(XMEMCMP(out, ct192, AES_BLOCK_SIZE), 0); printf(resultFmt, "passed"); @@ -42179,7 +42179,7 @@ static void test_wolfSSL_AES_cbc_encrypt(void) XMEMSET(out, 0, AES_BLOCK_SIZE); AssertIntEQ(wolfSSL_AES_set_decrypt_key(key192, sizeof(key192)*8, &aes), 0); - wolfSSL_AES_cbc_encrypt(ct192, out, len, &aes, iv192tmp, 0); + wolfSSL_AES_cbc_encrypt(ct192, out, len, &aes, iv192tmp, AES_DECRYPT); AssertIntEQ(XMEMCMP(out, pt192, AES_BLOCK_SIZE), 0); printf(resultFmt, "passed"); @@ -42212,7 +42212,7 @@ static void test_wolfSSL_AES_cbc_encrypt(void) RESET_IV(iv256tmp, iv256); AssertIntEQ(wolfSSL_AES_set_encrypt_key(key256, sizeof(key256)*8, &aes), 0); - wolfSSL_AES_cbc_encrypt(pt256, out, len, &aes, iv256tmp, 1); + wolfSSL_AES_cbc_encrypt(pt256, out, len, &aes, iv256tmp, AES_ENCRYPT); AssertIntEQ(XMEMCMP(out, ct256, AES_BLOCK_SIZE), 0); printf(resultFmt, "passed"); @@ -42224,7 +42224,7 @@ static void test_wolfSSL_AES_cbc_encrypt(void) XMEMSET(out, 0, AES_BLOCK_SIZE); AssertIntEQ(wolfSSL_AES_set_decrypt_key(key256, sizeof(key256)*8, &aes), 0); - wolfSSL_AES_cbc_encrypt(ct256, out, len, &aes, iv256tmp, 0); + wolfSSL_AES_cbc_encrypt(ct256, out, len, &aes, iv256tmp, AES_DECRYPT); AssertIntEQ(XMEMCMP(out, pt256, AES_BLOCK_SIZE), 0); printf(resultFmt, "passed");