wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-30 18:57:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #4724 from embhorn/zd13462

Browse Source 
Improve param checks of enc
This commit is contained in:
John Safranek
2022-01-16 15:35:54 -08:00
committed by GitHub
parent 815527be6b f74831a7da
commit b68b14b499
3 changed files with 27 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
mcapi/mcapi_test.c
View File

@ -803,7 +803,7 @@ static int check_aescbc(void)
printf("mcapi aes-128 key set failed\n"); printf("mcapi aes-128 key set failed\n");
return -1; return -1;
} }
ret = wc_AesSetKey(&defAes, key, 16, iv, DES_DECRYPTION); ret = wc_AesSetKey(&defAes, key, 16, iv, AES_DECRYPTION);
if (ret != 0) { if (ret != 0) {
printf("default aes-128 key set failed\n"); printf("default aes-128 key set failed\n");
return -1; return -1;
@ -1148,7 +1148,7 @@ static int check_aesdirect(void)
printf("mcapi aes-128 key set failed\n"); printf("mcapi aes-128 key set failed\n");
return -1; return -1;
} }
ret = wc_AesSetKey(&defAes, key, 16, iv, DES_DECRYPTION); ret = wc_AesSetKey(&defAes, key, 16, iv, AES_DECRYPTION);
if (ret != 0) { if (ret != 0) {
printf("default aes-128 key set failed\n"); printf("default aes-128 key set failed\n");
return -1; return -1;

33
src/ssl.c
View File

@ -19826,7 +19826,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
lb_sz = length%DES_BLOCK_SIZE; lb_sz = length%DES_BLOCK_SIZE;
blk = length/DES_BLOCK_SIZE; blk = length/DES_BLOCK_SIZE;
if (enc){ if (enc == DES_ENCRYPT){
wc_Des_CbcEncrypt(&myDes, output, input, (word32)blk*DES_BLOCK_SIZE); wc_Des_CbcEncrypt(&myDes, output, input, (word32)blk*DES_BLOCK_SIZE);
if(lb_sz){ if(lb_sz){
XMEMSET(lastblock, 0, DES_BLOCK_SIZE); XMEMSET(lastblock, 0, DES_BLOCK_SIZE);
@ -19872,7 +19872,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
/* OpenSSL compat, no ret */ /* OpenSSL compat, no ret */
(void)wc_Des3Init(&des, NULL, INVALID_DEVID); (void)wc_Des3Init(&des, NULL, INVALID_DEVID);
if (enc) { if (enc == DES_ENCRYPT) {
if (wc_Des3_SetKey(&des, key, (const byte*)ivec, if (wc_Des3_SetKey(&des, key, (const byte*)ivec,
DES_ENCRYPTION) == 0) { DES_ENCRYPTION) == 0) {
ret = wc_Des3_CbcEncrypt(&des, output, input, (word32)blk*DES_BLOCK_SIZE); ret = wc_Des3_CbcEncrypt(&des, output, input, (word32)blk*DES_BLOCK_SIZE);
@ -19941,7 +19941,7 @@ size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
if (lb_sz) { if (lb_sz) {
idx += DES_BLOCK_SIZE - lb_sz; idx += DES_BLOCK_SIZE - lb_sz;
} }
if (enc){ if (enc == DES_ENCRYPT){
wc_Des_CbcEncrypt(&myDes, output, input, wc_Des_CbcEncrypt(&myDes, output, input,
(word32)blk * DES_BLOCK_SIZE); (word32)blk * DES_BLOCK_SIZE);
if (lb_sz){ if (lb_sz){
@ -30590,7 +30590,7 @@ void wolfSSL_DES_ecb_encrypt(WOLFSSL_DES_cblock* desa,
WOLFSSL_MSG("wc_Des_SetKey return error."); WOLFSSL_MSG("wc_Des_SetKey return error.");
return; return;
} }
if (enc){ if (enc == DES_ENCRYPT){
if (wc_Des_EcbEncrypt(&myDes, (byte*) desb, (const byte*) desa, if (wc_Des_EcbEncrypt(&myDes, (byte*) desb, (const byte*) desa,
sizeof(WOLFSSL_DES_cblock)) != 0){ sizeof(WOLFSSL_DES_cblock)) != 0){
WOLFSSL_MSG("wc_Des_EcbEncrypt return error."); WOLFSSL_MSG("wc_Des_EcbEncrypt return error.");
@ -30714,7 +30714,7 @@ int wolfSSL_AES_set_encrypt_key(const unsigned char *key, const int bits,
} }
XMEMSET(aes, 0, sizeof(AES_KEY)); XMEMSET(aes, 0, sizeof(AES_KEY));
if (wc_AesSetKey((Aes*)aes, key, ((bits)/8), NULL, AES_ENCRYPTION) != 0) { if (wc_AesSetKey((Aes*)aes, key, ((bits)/8), NULL, AES_ENCRYPT) != 0) {
WOLFSSL_MSG("Error in setting AES key"); WOLFSSL_MSG("Error in setting AES key");
return -1; return -1;
} }
@ -30742,7 +30742,7 @@ int wolfSSL_AES_set_decrypt_key(const unsigned char *key, const int bits,
} }
XMEMSET(aes, 0, sizeof(AES_KEY)); XMEMSET(aes, 0, sizeof(AES_KEY));
if (wc_AesSetKey((Aes*)aes, key, ((bits)/8), NULL, AES_DECRYPTION) != 0) { if (wc_AesSetKey((Aes*)aes, key, ((bits)/8), NULL, AES_DECRYPT) != 0) {
WOLFSSL_MSG("Error in setting AES key"); WOLFSSL_MSG("Error in setting AES key");
return -1; return -1;
} }
@ -30797,7 +30797,7 @@ void wolfSSL_AES_ecb_encrypt(const unsigned char *in, unsigned char* out,
* len length of input buffer * len length of input buffer
* key AES structure to use with encryption/decryption * key AES structure to use with encryption/decryption
* iv iv to use with operation * iv iv to use with operation
* enc AES_ENCRPT for encryption and AES_DECRYPT for decryption * enc AES_ENCRYPT for encryption and AES_DECRYPT for decryption
*/ */
void wolfSSL_AES_cbc_encrypt(const unsigned char *in, unsigned char* out, void wolfSSL_AES_cbc_encrypt(const unsigned char *in, unsigned char* out,
size_t len, AES_KEY *key, unsigned char* iv, const int enc) size_t len, AES_KEY *key, unsigned char* iv, const int enc)
@ -30817,7 +30817,7 @@ void wolfSSL_AES_cbc_encrypt(const unsigned char *in, unsigned char* out,
return; return;
} }
if (enc) { if (enc == AES_ENCRYPT) {
if (wc_AesCbcEncrypt(aes, out, in, (word32)len) != 0) { if (wc_AesCbcEncrypt(aes, out, in, (word32)len) != 0) {
WOLFSSL_MSG("Error with AES CBC encrypt"); WOLFSSL_MSG("Error with AES CBC encrypt");
} }
@ -30843,7 +30843,7 @@ void wolfSSL_AES_cbc_encrypt(const unsigned char *in, unsigned char* out,
* key AES structure to use with encryption/decryption * key AES structure to use with encryption/decryption
* iv iv to use with operation * iv iv to use with operation
* num contains the amount of block used * num contains the amount of block used
* enc AES_ENCRPT for encryption and AES_DECRYPT for decryption * enc AES_ENCRYPT for encryption and AES_DECRYPT for decryption
*/ */
void wolfSSL_AES_cfb128_encrypt(const unsigned char *in, unsigned char* out, void wolfSSL_AES_cfb128_encrypt(const unsigned char *in, unsigned char* out,
size_t len, AES_KEY *key, unsigned char* iv, int* num, size_t len, AES_KEY *key, unsigned char* iv, int* num,
@ -30932,7 +30932,6 @@ int wolfSSL_AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
return ret < 0 ? WOLFSSL_FAILURE : ret; return ret < 0 ? WOLFSSL_FAILURE : ret;
} }
#endif /* HAVE_AES_KEYWRAP && !HAVE_FIPS && !HAVE_SELFTEST */ #endif /* HAVE_AES_KEYWRAP && !HAVE_FIPS && !HAVE_SELFTEST */
#endif /* NO_AES */
#ifdef HAVE_CTS #ifdef HAVE_CTS
/* /*
@ -30956,7 +30955,7 @@ size_t wolfSSL_CRYPTO_cts128_encrypt(const unsigned char *in,
lastBlkLen = WOLFSSL_CTS128_BLOCK_SZ; lastBlkLen = WOLFSSL_CTS128_BLOCK_SZ;
/* Encrypt data up to last block */ /* Encrypt data up to last block */
(*cbc)(in, out, len - lastBlkLen, key, iv, 1); (*cbc)(in, out, len - lastBlkLen, key, iv, AES_ENCRYPT);
/* Move to last block */ /* Move to last block */
in += len - lastBlkLen; in += len - lastBlkLen;
@ -30968,7 +30967,7 @@ size_t wolfSSL_CRYPTO_cts128_encrypt(const unsigned char *in,
/* RFC2040: Select the first Ln bytes of En-1 to create Cn */ /* RFC2040: Select the first Ln bytes of En-1 to create Cn */
XMEMCPY(out, out - WOLFSSL_CTS128_BLOCK_SZ, lastBlkLen); XMEMCPY(out, out - WOLFSSL_CTS128_BLOCK_SZ, lastBlkLen);
(*cbc)(lastBlk, out - WOLFSSL_CTS128_BLOCK_SZ, WOLFSSL_CTS128_BLOCK_SZ, (*cbc)(lastBlk, out - WOLFSSL_CTS128_BLOCK_SZ, WOLFSSL_CTS128_BLOCK_SZ,
key, iv, 1); key, iv, AES_ENCRYPT);
return len; return len;
} }
@ -30992,7 +30991,8 @@ size_t wolfSSL_CRYPTO_cts128_decrypt(const unsigned char *in,
lastBlkLen = WOLFSSL_CTS128_BLOCK_SZ; lastBlkLen = WOLFSSL_CTS128_BLOCK_SZ;
/* Decrypt up to last two blocks */ /* Decrypt up to last two blocks */
(*cbc)(in, out, len - lastBlkLen - WOLFSSL_CTS128_BLOCK_SZ, key, iv, 0); (*cbc)(in, out, len - lastBlkLen - WOLFSSL_CTS128_BLOCK_SZ, key, iv,
AES_DECRYPTION);
/* Move to last two blocks */ /* Move to last two blocks */
in += len - lastBlkLen - WOLFSSL_CTS128_BLOCK_SZ; in += len - lastBlkLen - WOLFSSL_CTS128_BLOCK_SZ;
@ -31002,17 +31002,18 @@ size_t wolfSSL_CRYPTO_cts128_decrypt(const unsigned char *in,
* Use 0 buffer as IV to do straight decryption. * Use 0 buffer as IV to do straight decryption.
* This places the Cn-1 block at lastBlk */ * This places the Cn-1 block at lastBlk */
XMEMSET(lastBlk, 0, WOLFSSL_CTS128_BLOCK_SZ); XMEMSET(lastBlk, 0, WOLFSSL_CTS128_BLOCK_SZ);
(*cbc)(in, prevBlk, WOLFSSL_CTS128_BLOCK_SZ, key, lastBlk, 0); (*cbc)(in, prevBlk, WOLFSSL_CTS128_BLOCK_SZ, key, lastBlk, AES_DECRYPT);
/* RFC2040: Append the tail (BB minus Ln) bytes of Xn to Cn /* RFC2040: Append the tail (BB minus Ln) bytes of Xn to Cn
* to create En. */ * to create En. */
XMEMCPY(prevBlk, in + WOLFSSL_CTS128_BLOCK_SZ, lastBlkLen); XMEMCPY(prevBlk, in + WOLFSSL_CTS128_BLOCK_SZ, lastBlkLen);
/* Cn and Cn-1 can now be decrypted */ /* Cn and Cn-1 can now be decrypted */
(*cbc)(prevBlk, out, WOLFSSL_CTS128_BLOCK_SZ, key, iv, 0); (*cbc)(prevBlk, out, WOLFSSL_CTS128_BLOCK_SZ, key, iv, AES_DECRYPT);
(*cbc)(lastBlk, lastBlk, WOLFSSL_CTS128_BLOCK_SZ, key, iv, 0); (*cbc)(lastBlk, lastBlk, WOLFSSL_CTS128_BLOCK_SZ, key, iv, AES_DECRYPT);
XMEMCPY(out + WOLFSSL_CTS128_BLOCK_SZ, lastBlk, lastBlkLen); XMEMCPY(out + WOLFSSL_CTS128_BLOCK_SZ, lastBlk, lastBlkLen);
return len; return len;
} }
#endif /* HAVE_CTS */ #endif /* HAVE_CTS */
#endif /* NO_AES */
#ifndef NO_ASN_TIME #ifndef NO_ASN_TIME
#ifndef NO_BIO #ifndef NO_BIO

16
tests/api.c
View File

@ -42181,9 +42181,9 @@ static void test_wolfSSL_AES_cbc_encrypt(void)
STRESS_T(pt128N, out, len, &aes, iv128tmp, 1, ct128, AES_BLOCK_SIZE, 0); STRESS_T(pt128N, out, len, &aes, iv128tmp, 1, ct128, AES_BLOCK_SIZE, 0);
STRESS_T(pt128, out, len, &aes, iv128N, 1, ct128, AES_BLOCK_SIZE, 0); STRESS_T(pt128, out, len, &aes, iv128N, 1, ct128, AES_BLOCK_SIZE, 0);
wolfSSL_AES_cbc_encrypt(pt128, outN, len, &aes, iv128tmp, 1); wolfSSL_AES_cbc_encrypt(pt128, outN, len, &aes, iv128tmp, AES_ENCRYPT);
AssertIntNE(XMEMCMP(out, ct128, AES_BLOCK_SIZE), 0); AssertIntNE(XMEMCMP(out, ct128, AES_BLOCK_SIZE), 0);
wolfSSL_AES_cbc_encrypt(pt128, out, len, aesN, iv128tmp, 1); wolfSSL_AES_cbc_encrypt(pt128, out, len, aesN, iv128tmp, AES_ENCRYPT);
AssertIntNE(XMEMCMP(out, ct128, AES_BLOCK_SIZE), 0); AssertIntNE(XMEMCMP(out, ct128, AES_BLOCK_SIZE), 0);
STRESS_T(pt128, out, lenB, &aes, iv128tmp, 1, ct128, AES_BLOCK_SIZE, 0); STRESS_T(pt128, out, lenB, &aes, iv128tmp, 1, ct128, AES_BLOCK_SIZE, 0);
@ -42210,7 +42210,7 @@ static void test_wolfSSL_AES_cbc_encrypt(void)
RESET_IV(iv128tmp, iv128); RESET_IV(iv128tmp, iv128);
AssertIntEQ(wolfSSL_AES_set_encrypt_key(key128, sizeof(key128)*8, &aes), 0); AssertIntEQ(wolfSSL_AES_set_encrypt_key(key128, sizeof(key128)*8, &aes), 0);
wolfSSL_AES_cbc_encrypt(pt128, out, len, &aes, iv128tmp, 1); wolfSSL_AES_cbc_encrypt(pt128, out, len, &aes, iv128tmp, AES_ENCRYPT);
AssertIntEQ(XMEMCMP(out, ct128, AES_BLOCK_SIZE), 0); AssertIntEQ(XMEMCMP(out, ct128, AES_BLOCK_SIZE), 0);
printf(resultFmt, "passed"); printf(resultFmt, "passed");
@ -42222,7 +42222,7 @@ static void test_wolfSSL_AES_cbc_encrypt(void)
len = sizeof(ct128); len = sizeof(ct128);
AssertIntEQ(wolfSSL_AES_set_decrypt_key(key128, sizeof(key128)*8, &aes), 0); AssertIntEQ(wolfSSL_AES_set_decrypt_key(key128, sizeof(key128)*8, &aes), 0);
wolfSSL_AES_cbc_encrypt(ct128, out, len, &aes, iv128tmp, 0); wolfSSL_AES_cbc_encrypt(ct128, out, len, &aes, iv128tmp, AES_DECRYPT);
AssertIntEQ(XMEMCMP(out, pt128, AES_BLOCK_SIZE), 0); AssertIntEQ(XMEMCMP(out, pt128, AES_BLOCK_SIZE), 0);
printf(resultFmt, "passed"); printf(resultFmt, "passed");
@ -42255,7 +42255,7 @@ static void test_wolfSSL_AES_cbc_encrypt(void)
RESET_IV(iv192tmp, iv192); RESET_IV(iv192tmp, iv192);
AssertIntEQ(wolfSSL_AES_set_encrypt_key(key192, sizeof(key192)*8, &aes), 0); AssertIntEQ(wolfSSL_AES_set_encrypt_key(key192, sizeof(key192)*8, &aes), 0);
wolfSSL_AES_cbc_encrypt(pt192, out, len, &aes, iv192tmp, 1); wolfSSL_AES_cbc_encrypt(pt192, out, len, &aes, iv192tmp, AES_ENCRYPT);
AssertIntEQ(XMEMCMP(out, ct192, AES_BLOCK_SIZE), 0); AssertIntEQ(XMEMCMP(out, ct192, AES_BLOCK_SIZE), 0);
printf(resultFmt, "passed"); printf(resultFmt, "passed");
@ -42267,7 +42267,7 @@ static void test_wolfSSL_AES_cbc_encrypt(void)
XMEMSET(out, 0, AES_BLOCK_SIZE); XMEMSET(out, 0, AES_BLOCK_SIZE);
AssertIntEQ(wolfSSL_AES_set_decrypt_key(key192, sizeof(key192)*8, &aes), 0); AssertIntEQ(wolfSSL_AES_set_decrypt_key(key192, sizeof(key192)*8, &aes), 0);
wolfSSL_AES_cbc_encrypt(ct192, out, len, &aes, iv192tmp, 0); wolfSSL_AES_cbc_encrypt(ct192, out, len, &aes, iv192tmp, AES_DECRYPT);
AssertIntEQ(XMEMCMP(out, pt192, AES_BLOCK_SIZE), 0); AssertIntEQ(XMEMCMP(out, pt192, AES_BLOCK_SIZE), 0);
printf(resultFmt, "passed"); printf(resultFmt, "passed");
@ -42300,7 +42300,7 @@ static void test_wolfSSL_AES_cbc_encrypt(void)
RESET_IV(iv256tmp, iv256); RESET_IV(iv256tmp, iv256);
AssertIntEQ(wolfSSL_AES_set_encrypt_key(key256, sizeof(key256)*8, &aes), 0); AssertIntEQ(wolfSSL_AES_set_encrypt_key(key256, sizeof(key256)*8, &aes), 0);
wolfSSL_AES_cbc_encrypt(pt256, out, len, &aes, iv256tmp, 1); wolfSSL_AES_cbc_encrypt(pt256, out, len, &aes, iv256tmp, AES_ENCRYPT);
AssertIntEQ(XMEMCMP(out, ct256, AES_BLOCK_SIZE), 0); AssertIntEQ(XMEMCMP(out, ct256, AES_BLOCK_SIZE), 0);
printf(resultFmt, "passed"); printf(resultFmt, "passed");
@ -42312,7 +42312,7 @@ static void test_wolfSSL_AES_cbc_encrypt(void)
XMEMSET(out, 0, AES_BLOCK_SIZE); XMEMSET(out, 0, AES_BLOCK_SIZE);
AssertIntEQ(wolfSSL_AES_set_decrypt_key(key256, sizeof(key256)*8, &aes), 0); AssertIntEQ(wolfSSL_AES_set_decrypt_key(key256, sizeof(key256)*8, &aes), 0);
wolfSSL_AES_cbc_encrypt(ct256, out, len, &aes, iv256tmp, 0); wolfSSL_AES_cbc_encrypt(ct256, out, len, &aes, iv256tmp, AES_DECRYPT);
AssertIntEQ(XMEMCMP(out, pt256, AES_BLOCK_SIZE), 0); AssertIntEQ(XMEMCMP(out, pt256, AES_BLOCK_SIZE), 0);
printf(resultFmt, "passed"); printf(resultFmt, "passed");