wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 20:24:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fixes for CMAC compatibility layer with AES CBC disabled. CMAC code cleanups. Fixes for "make check" with AES CBC disabled.

Browse Source
This commit is contained in:
David Garske
2021-08-18 11:30:18 -07:00
parent d1e027b6fa
commit c5f9e55567
8 changed files with 180 additions and 137 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
src/ssl.c
View File

@@ -33835,7 +33835,8 @@ const WOLFSSL_EVP_MD *wolfSSL_HMAC_CTX_get_md(const WOLFSSL_HMAC_CTX *ctx)
return wolfSSL_macType2EVP_md((enum wc_HashType)ctx->type); return wolfSSL_macType2EVP_md((enum wc_HashType)ctx->type);
} }
#if defined(WOLFSSL_CMAC) && defined(OPENSSL_EXTRA) #if defined(WOLFSSL_CMAC) && defined(OPENSSL_EXTRA) && \
defined(WOLFSSL_AES_DIRECT)
WOLFSSL_CMAC_CTX* wolfSSL_CMAC_CTX_new(void) WOLFSSL_CMAC_CTX* wolfSSL_CMAC_CTX_new(void)
{ {
WOLFSSL_CMAC_CTX* ctx = NULL; WOLFSSL_CMAC_CTX* ctx = NULL;
@@ -33894,13 +33895,10 @@ int wolfSSL_CMAC_Init(WOLFSSL_CMAC_CTX* ctx, const void *key, size_t keyLen,
WOLFSSL_ENTER("wolfSSL_CMAC_Init"); WOLFSSL_ENTER("wolfSSL_CMAC_Init");
if (ctx == NULL || cipher == NULL if (ctx == NULL || cipher == NULL || (
#ifdef HAVE_AES_CBC cipher != EVP_AES_128_CBC &&
|| (cipher != EVP_AES_128_CBC &&
cipher != EVP_AES_192_CBC && cipher != EVP_AES_192_CBC &&
cipher != EVP_AES_256_CBC) cipher != EVP_AES_256_CBC)) {
#endif
) {
ret = WOLFSSL_FAILURE; ret = WOLFSSL_FAILURE;
} }
@@ -33986,7 +33984,7 @@ int wolfSSL_CMAC_Final(WOLFSSL_CMAC_CTX* ctx, unsigned char* out,
return ret; return ret;
} }
#endif /* WOLFSSL_CMAC && OPENSSL_EXTRA */ #endif /* WOLFSSL_CMAC && OPENSSL_EXTRA && WOLFSSL_AES_DIRECT */
/* Free the dynamically allocated data. /* Free the dynamically allocated data.
* *
@@ -57256,9 +57254,8 @@ int wolfSSL_RAND_poll(void)
} }
switch (ctx->cipherType) { switch (ctx->cipherType) {
#ifndef NO_AES #ifndef NO_AES
#ifdef HAVE_AES_CBC #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
case AES_128_CBC_TYPE : case AES_128_CBC_TYPE :
case AES_192_CBC_TYPE : case AES_192_CBC_TYPE :
case AES_256_CBC_TYPE : case AES_256_CBC_TYPE :
@@ -57379,7 +57376,7 @@ int wolfSSL_RAND_poll(void)
switch (ctx->cipherType) { switch (ctx->cipherType) {
#ifndef NO_AES #ifndef NO_AES
#ifdef HAVE_AES_CBC #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
case AES_128_CBC_TYPE : case AES_128_CBC_TYPE :
case AES_192_CBC_TYPE : case AES_192_CBC_TYPE :
case AES_256_CBC_TYPE : case AES_256_CBC_TYPE :

79
tests/api.c
View File

@@ -3508,7 +3508,8 @@ static void test_wolfSSL_EVP_get_cipherbynid(void)
const WOLFSSL_EVP_CIPHER* c; const WOLFSSL_EVP_CIPHER* c;
c = wolfSSL_EVP_get_cipherbynid(419); c = wolfSSL_EVP_get_cipherbynid(419);
#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) #if (defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)) && \
defined(WOLFSSL_AES_128)
AssertNotNull(c); AssertNotNull(c);
AssertNotNull(strcmp("EVP_AES_128_CBC", c)); AssertNotNull(strcmp("EVP_AES_128_CBC", c));
#else #else
@@ -3516,7 +3517,8 @@ static void test_wolfSSL_EVP_get_cipherbynid(void)
#endif #endif
c = wolfSSL_EVP_get_cipherbynid(423); c = wolfSSL_EVP_get_cipherbynid(423);
#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_192) #if (defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)) && \
defined(WOLFSSL_AES_192)
AssertNotNull(c); AssertNotNull(c);
AssertNotNull(strcmp("EVP_AES_192_CBC", c)); AssertNotNull(strcmp("EVP_AES_192_CBC", c));
#else #else
@@ -3524,7 +3526,8 @@ static void test_wolfSSL_EVP_get_cipherbynid(void)
#endif #endif
c = wolfSSL_EVP_get_cipherbynid(427); c = wolfSSL_EVP_get_cipherbynid(427);
#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256) #if (defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)) && \
defined(WOLFSSL_AES_256)
AssertNotNull(c); AssertNotNull(c);
AssertNotNull(strcmp("EVP_AES_256_CBC", c)); AssertNotNull(strcmp("EVP_AES_256_CBC", c));
#else #else
@@ -6993,7 +6996,7 @@ static void test_wolfSSL_PKCS8(void)
static void test_wolfSSL_PKCS8_ED25519(void) static void test_wolfSSL_PKCS8_ED25519(void)
{ {
#if !defined(NO_ASN) && defined(HAVE_PKCS8) && \ #if !defined(NO_ASN) && defined(HAVE_PKCS8) && defined(HAVE_AES_CBC) && \
defined(WOLFSSL_ENCRYPTED_KEYS) && defined(HAVE_ED25519) && \ defined(WOLFSSL_ENCRYPTED_KEYS) && defined(HAVE_ED25519) && \
defined(HAVE_ED25519_KEY_IMPORT) defined(HAVE_ED25519_KEY_IMPORT)
const byte encPrivKey[] = \ const byte encPrivKey[] = \
@@ -7025,7 +7028,7 @@ static void test_wolfSSL_PKCS8_ED25519(void)
static void test_wolfSSL_PKCS8_ED448(void) static void test_wolfSSL_PKCS8_ED448(void)
{ {
#if !defined(NO_ASN) && defined(HAVE_PKCS8) && \ #if !defined(NO_ASN) && defined(HAVE_PKCS8) && defined(HAVE_AES_CBC) && \
defined(WOLFSSL_ENCRYPTED_KEYS) && defined(HAVE_ED448) && \ defined(WOLFSSL_ENCRYPTED_KEYS) && defined(HAVE_ED448) && \
defined(HAVE_ED448_KEY_IMPORT) defined(HAVE_ED448_KEY_IMPORT)
const byte encPrivKey[] = \ const byte encPrivKey[] = \
@@ -23168,8 +23171,8 @@ static int test_wc_ecc_encryptDecrypt (void)
{ {
int ret = 0; int ret = 0;
#if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && defined(WOLFSSL_AES_128) \ #if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG) && \
&& !defined(WC_NO_RNG) defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
ecc_key srvKey, cliKey, tmpKey; ecc_key srvKey, cliKey, tmpKey;
WC_RNG rng; WC_RNG rng;
const char* msg = "EccBlock Size 16"; const char* msg = "EccBlock Size 16";
@@ -25894,25 +25897,16 @@ static void test_wc_PKCS7_EncodeDecodeEnvelopedData (void)
tempWrd32 = pkcs7->privateKeySz; tempWrd32 = pkcs7->privateKeySz;
pkcs7->privateKeySz = 0; pkcs7->privateKeySz = 0;
i = wc_PKCS7_DecodeEnvelopedData(pkcs7, output, AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
(word32)sizeof(output), decoded, (word32)sizeof(decoded)); (word32)sizeof(output), decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG);
#ifndef HAVE_AES_CBC
AssertIntEQ(i, ASN_PARSE_E);
#else
AssertIntEQ(i, BAD_FUNC_ARG);
#endif
pkcs7->privateKeySz = tempWrd32; pkcs7->privateKeySz = tempWrd32;
tmpBytePtr = pkcs7->privateKey; tmpBytePtr = pkcs7->privateKey;
pkcs7->privateKey = NULL; pkcs7->privateKey = NULL;
i = wc_PKCS7_DecodeEnvelopedData(pkcs7, output, AssertIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output,
(word32)sizeof(output), decoded, (word32)sizeof(decoded)); (word32)sizeof(output), decoded, (word32)sizeof(decoded)), BAD_FUNC_ARG);
#ifndef HAVE_AES_CBC
AssertIntEQ(i, ASN_PARSE_E);
#else
AssertIntEQ(i, BAD_FUNC_ARG);
#endif
pkcs7->privateKey = tmpBytePtr; pkcs7->privateKey = tmpBytePtr;
wc_PKCS7_Free(pkcs7); wc_PKCS7_Free(pkcs7);
#if !defined(NO_AES) && defined(HAVE_AES_CBC) && !defined(NO_AES_256) #if !defined(NO_AES) && defined(HAVE_AES_CBC) && !defined(NO_AES_256)
@@ -34602,7 +34596,8 @@ static void test_wolfSSL_HMAC(void)
static void test_wolfSSL_CMAC(void) static void test_wolfSSL_CMAC(void)
{ {
#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_CMAC) && defined(HAVE_AES_CBC) #if defined(WOLFSSL_CMAC) && defined(OPENSSL_EXTRA) && \
defined(WOLFSSL_AES_DIRECT)
int i; int i;
byte key[AES_128_KEY_SIZE]; byte key[AES_128_KEY_SIZE];
CMAC_CTX* cmacCtx = NULL; CMAC_CTX* cmacCtx = NULL;
@@ -34627,7 +34622,7 @@ static void test_wolfSSL_CMAC(void)
CMAC_CTX_free(cmacCtx); CMAC_CTX_free(cmacCtx);
printf(resultFmt, passed); printf(resultFmt, passed);
#endif /* OPENSSL_EXTRA && WOLFSSL_CMAC && HAVE_AES_CBC */ #endif /* WOLFSSL_CMAC && OPENSSL_EXTRA && WOLFSSL_AES_DIRECT */
} }
@@ -40279,9 +40274,9 @@ static void test_wolfSSL_EVP_CIPHER_iv_length(void)
int enumArray[] = { int enumArray[] = {
#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
#ifdef HAVE_AES_CBC #ifdef WOLFSSL_AES_128
NID_aes_128_cbc, NID_aes_128_cbc,
#endif #endif
#ifdef WOLFSSL_AES_192 #ifdef WOLFSSL_AES_192
NID_aes_192_cbc, NID_aes_192_cbc,
@@ -40289,6 +40284,7 @@ static void test_wolfSSL_EVP_CIPHER_iv_length(void)
#ifdef WOLFSSL_AES_256 #ifdef WOLFSSL_AES_256
NID_aes_256_cbc, NID_aes_256_cbc,
#endif #endif
#endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */
#if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
#ifdef HAVE_AESGCM #ifdef HAVE_AESGCM
@@ -40322,8 +40318,10 @@ static void test_wolfSSL_EVP_CIPHER_iv_length(void)
NID_idea_cbc, NID_idea_cbc,
#endif #endif
}; };
int iv_lengths[] = { int iv_lengths[] = {
#ifdef HAVE_AES_CBC #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
#ifdef WOLFSSL_AES_128
AES_BLOCK_SIZE, AES_BLOCK_SIZE,
#endif #endif
#ifdef WOLFSSL_AES_192 #ifdef WOLFSSL_AES_192
@@ -40332,6 +40330,7 @@ static void test_wolfSSL_EVP_CIPHER_iv_length(void)
#ifdef WOLFSSL_AES_256 #ifdef WOLFSSL_AES_256
AES_BLOCK_SIZE, AES_BLOCK_SIZE,
#endif #endif
#endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */
#if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
#ifdef HAVE_AESGCM #ifdef HAVE_AESGCM
@@ -40370,8 +40369,8 @@ static void test_wolfSSL_EVP_CIPHER_iv_length(void)
enumlen = (sizeof(enumArray)/sizeof(int)); enumlen = (sizeof(enumArray)/sizeof(int));
for(i = 0; i < enumlen; i++) for(i = 0; i < enumlen; i++)
{ {
const EVP_CIPHER *c = wolfSSL_EVP_get_cipherbynid(enumArray[i]); const EVP_CIPHER *c = EVP_get_cipherbynid(enumArray[i]);
AssertIntEQ(wolfSSL_EVP_CIPHER_iv_length(c), iv_lengths[i]); AssertIntEQ(EVP_CIPHER_iv_length(c), iv_lengths[i]);
} }
printf(resultFmt, passed); printf(resultFmt, passed);
@@ -40551,7 +40550,7 @@ static void test_wolfSSL_EVP_PKEY_param_check(void)
} }
static void test_wolfSSL_EVP_BytesToKey(void) static void test_wolfSSL_EVP_BytesToKey(void)
{ {
#if defined(OPENSSL_ALL) && !defined(NO_DES3) #if defined(OPENSSL_ALL) && !defined(NO_AES) && defined(HAVE_AES_CBC)
byte key[AES_BLOCK_SIZE] = {0}; byte key[AES_BLOCK_SIZE] = {0};
byte iv[AES_BLOCK_SIZE] = {0}; byte iv[AES_BLOCK_SIZE] = {0};
int sz = 5; int sz = 5;
@@ -40567,20 +40566,20 @@ static void test_wolfSSL_EVP_BytesToKey(void)
type = wolfSSL_EVP_get_cipherbynid(NID_aes_128_cbc); type = wolfSSL_EVP_get_cipherbynid(NID_aes_128_cbc);
printf(testingFmt, "wolfSSL_EVP_BytesToKey"); printf(testingFmt, "EVP_BytesToKey");
/* Bad cases */ /* Bad cases */
AssertIntEQ(wolfSSL_EVP_BytesToKey(NULL, md, salt, data, sz, count, key, iv), AssertIntEQ(EVP_BytesToKey(NULL, md, salt, data, sz, count, key, iv),
0); 0);
AssertIntEQ(wolfSSL_EVP_BytesToKey(type, md, salt, NULL, sz, count, key, iv), AssertIntEQ(EVP_BytesToKey(type, md, salt, NULL, sz, count, key, iv),
16); 16);
md = "2"; md = "2";
AssertIntEQ(wolfSSL_EVP_BytesToKey(type, md, salt, data, sz, count, key, iv), AssertIntEQ(EVP_BytesToKey(type, md, salt, data, sz, count, key, iv),
WOLFSSL_FAILURE); WOLFSSL_FAILURE);
/* Good case */ /* Good case */
md = "SHA256"; md = "SHA256";
AssertIntEQ(wolfSSL_EVP_BytesToKey(type, md, salt, data, sz, count, key, iv), AssertIntEQ(EVP_BytesToKey(type, md, salt, data, sz, count, key, iv),
16); 16);
printf(resultFmt, passed); printf(resultFmt, passed);
@@ -43667,7 +43666,8 @@ static int test_tls13_apis(void)
#if defined(HAVE_PK_CALLBACKS) && (!defined(WOLFSSL_NO_TLS12) || \ #if defined(HAVE_PK_CALLBACKS) && (!defined(WOLFSSL_NO_TLS12) || \
!defined(NO_OLD_TLS)) !defined(NO_OLD_TLS))
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \ #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
!defined(NO_WOLFSSL_CLIENT) && !defined(NO_DH) && !defined(NO_AES) && \ !defined(NO_WOLFSSL_CLIENT) && !defined(NO_DH) && \
!defined(NO_AES) && defined(HAVE_AES_CBC) && \
defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(SINGLE_THREADED) defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(SINGLE_THREADED)
static int my_DhCallback(WOLFSSL* ssl, struct DhKey* key, static int my_DhCallback(WOLFSSL* ssl, struct DhKey* key,
const unsigned char* priv, unsigned int privSz, const unsigned char* priv, unsigned int privSz,
@@ -43687,11 +43687,11 @@ static int my_DhCallback(WOLFSSL* ssl, struct DhKey* key,
static void test_dh_ctx_setup(WOLFSSL_CTX* ctx) { static void test_dh_ctx_setup(WOLFSSL_CTX* ctx) {
wolfSSL_CTX_SetDhAgreeCb(ctx, my_DhCallback); wolfSSL_CTX_SetDhAgreeCb(ctx, my_DhCallback);
#ifdef WOLFSSL_AES_128 #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
AssertIntEQ(wolfSSL_CTX_set_cipher_list(ctx, "DHE-RSA-AES128-SHA256"), AssertIntEQ(wolfSSL_CTX_set_cipher_list(ctx, "DHE-RSA-AES128-SHA256"),
WOLFSSL_SUCCESS); WOLFSSL_SUCCESS);
#endif #endif
#ifdef WOLFSSL_AES_256 #if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256)
AssertIntEQ(wolfSSL_CTX_set_cipher_list(ctx, "DHE-RSA-AES256-SHA256"), AssertIntEQ(wolfSSL_CTX_set_cipher_list(ctx, "DHE-RSA-AES256-SHA256"),
WOLFSSL_SUCCESS); WOLFSSL_SUCCESS);
#endif #endif
@@ -43726,7 +43726,8 @@ static void test_dh_ssl_setup_fail(WOLFSSL* ssl)
static void test_DhCallbacks(void) static void test_DhCallbacks(void)
{ {
#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \ #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) && \
!defined(NO_WOLFSSL_CLIENT) && !defined(NO_DH) && !defined(NO_AES) && \ !defined(NO_WOLFSSL_CLIENT) && !defined(NO_DH) && \
!defined(NO_AES) && defined(HAVE_AES_CBC) && \
defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(SINGLE_THREADED) defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(SINGLE_THREADED)
WOLFSSL_CTX *ctx; WOLFSSL_CTX *ctx;
WOLFSSL *ssl; WOLFSSL *ssl;

99
wolfcrypt/src/cmac.c
View File

@@ -88,10 +88,10 @@ int wc_InitCmac_ex(Cmac* cmac, const byte* key, word32 keySz,
(void)unused; (void)unused;
(void)heap; (void)heap;
(void)devId;
if (cmac == NULL || keySz == 0 || type != WC_CMAC_AES) if (cmac == NULL || keySz == 0 || type != WC_CMAC_AES) {
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
}
XMEMSET(cmac, 0, sizeof(Cmac)); XMEMSET(cmac, 0, sizeof(Cmac));
@@ -106,10 +106,13 @@ int wc_InitCmac_ex(Cmac* cmac, const byte* key, word32 keySz,
return ret; return ret;
/* fall-through when unavailable */ /* fall-through when unavailable */
} }
#else
(void)devId;
#endif #endif
if (key == NULL) if (key == NULL) {
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
}
ret = wc_AesSetKey(&cmac->aes, key, keySz, NULL, AES_ENCRYPTION); ret = wc_AesSetKey(&cmac->aes, key, keySz, NULL, AES_ENCRYPTION);
if (ret == 0) { if (ret == 0) {
@@ -129,23 +132,22 @@ int wc_InitCmac(Cmac* cmac, const byte* key, word32 keySz,
int type, void* unused) int type, void* unused)
{ {
#ifdef WOLFSSL_QNX_CAAM #ifdef WOLFSSL_QNX_CAAM
return wc_InitCmac_ex(cmac, key, keySz, type, unused, NULL, int devId = WOLFSSL_CAAM_DEVID;
WOLFSSL_CAAM_DEVID);
#else #else
return wc_InitCmac_ex(cmac, key, keySz, type, unused, NULL, INVALID_DEVID); int devId = INVALID_DEVID;
#endif #endif
return wc_InitCmac_ex(cmac, key, keySz, type, unused, NULL, devId);
} }
int wc_CmacUpdate(Cmac* cmac, const byte* in, word32 inSz) int wc_CmacUpdate(Cmac* cmac, const byte* in, word32 inSz)
{ {
#ifdef WOLF_CRYPTO_CB int ret = 0;
int ret;
#endif
if ((cmac == NULL) || (in == NULL && inSz != 0)) if ((cmac == NULL) || (in == NULL && inSz != 0)) {
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
}
#ifdef WOLF_CRYPTO_CB #ifdef WOLF_CRYPTO_CB
if (cmac->devId != INVALID_DEVID) { if (cmac->devId != INVALID_DEVID) {
@@ -154,8 +156,10 @@ int wc_CmacUpdate(Cmac* cmac, const byte* in, word32 inSz)
if (ret != CRYPTOCB_UNAVAILABLE) if (ret != CRYPTOCB_UNAVAILABLE)
return ret; return ret;
/* fall-through when unavailable */ /* fall-through when unavailable */
ret = 0; /* reset error code */
} }
#endif #endif
while (inSz != 0) { while (inSz != 0) {
word32 add = min(inSz, AES_BLOCK_SIZE - cmac->bufferSz); word32 add = min(inSz, AES_BLOCK_SIZE - cmac->bufferSz);
XMEMCPY(&cmac->buffer[cmac->bufferSz], in, add); XMEMCPY(&cmac->buffer[cmac->bufferSz], in, add);
@@ -165,32 +169,30 @@ int wc_CmacUpdate(Cmac* cmac, const byte* in, word32 inSz)
inSz -= add; inSz -= add;
if (cmac->bufferSz == AES_BLOCK_SIZE && inSz != 0) { if (cmac->bufferSz == AES_BLOCK_SIZE && inSz != 0) {
if (cmac->totalSz != 0) if (cmac->totalSz != 0) {
xorbuf(cmac->buffer, cmac->digest, AES_BLOCK_SIZE); xorbuf(cmac->buffer, cmac->digest, AES_BLOCK_SIZE);
wc_AesEncryptDirect(&cmac->aes, }
cmac->digest, wc_AesEncryptDirect(&cmac->aes, cmac->digest, cmac->buffer);
cmac->buffer);
cmac->totalSz += AES_BLOCK_SIZE; cmac->totalSz += AES_BLOCK_SIZE;
cmac->bufferSz = 0; cmac->bufferSz = 0;
} }
} }
return 0; return ret;
} }
int wc_CmacFinal(Cmac* cmac, byte* out, word32* outSz) int wc_CmacFinal(Cmac* cmac, byte* out, word32* outSz)
{ {
#ifdef WOLF_CRYPTO_CB int ret = 0;
int ret;
#endif
const byte* subKey; const byte* subKey;
if (cmac == NULL || out == NULL || outSz == NULL) if (cmac == NULL || out == NULL || outSz == NULL) {
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
}
if (*outSz < WC_CMAC_TAG_MIN_SZ || *outSz > WC_CMAC_TAG_MAX_SZ) if (*outSz < WC_CMAC_TAG_MIN_SZ || *outSz > WC_CMAC_TAG_MAX_SZ) {
return BUFFER_E; return BUFFER_E;
}
#ifdef WOLF_CRYPTO_CB #ifdef WOLF_CRYPTO_CB
if (cmac->devId != INVALID_DEVID) { if (cmac->devId != INVALID_DEVID) {
@@ -198,6 +200,7 @@ int wc_CmacFinal(Cmac* cmac, byte* out, word32* outSz)
if (ret != CRYPTOCB_UNAVAILABLE) if (ret != CRYPTOCB_UNAVAILABLE)
return ret; return ret;
/* fall-through when unavailable */ /* fall-through when unavailable */
ret = 0; /* reset error code */
} }
#endif #endif
@@ -207,11 +210,12 @@ int wc_CmacFinal(Cmac* cmac, byte* out, word32* outSz)
else { else {
word32 remainder = AES_BLOCK_SIZE - cmac->bufferSz; word32 remainder = AES_BLOCK_SIZE - cmac->bufferSz;
if (remainder == 0) if (remainder == 0) {
remainder = AES_BLOCK_SIZE; remainder = AES_BLOCK_SIZE;
}
if (remainder > 1) if (remainder > 1) {
XMEMSET(cmac->buffer + AES_BLOCK_SIZE - remainder, 0, remainder); XMEMSET(cmac->buffer + AES_BLOCK_SIZE - remainder, 0, remainder);
}
cmac->buffer[AES_BLOCK_SIZE - remainder] = 0x80; cmac->buffer[AES_BLOCK_SIZE - remainder] = 0x80;
subKey = cmac->k2; subKey = cmac->k2;
} }
@@ -223,7 +227,7 @@ int wc_CmacFinal(Cmac* cmac, byte* out, word32* outSz)
ForceZero(cmac, sizeof(Cmac)); ForceZero(cmac, sizeof(Cmac));
return 0; return ret;
} }
@@ -231,39 +235,36 @@ int wc_AesCmacGenerate(byte* out, word32* outSz,
const byte* in, word32 inSz, const byte* in, word32 inSz,
const byte* key, word32 keySz) const byte* key, word32 keySz)
{ {
int ret;
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
Cmac *cmac; Cmac *cmac;
#else #else
Cmac cmac[1]; Cmac cmac[1];
#endif #endif
int ret;
if (out == NULL || (in == NULL && inSz > 0) || key == NULL || keySz == 0) if (out == NULL || (in == NULL && inSz > 0) || key == NULL || keySz == 0) {
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
}
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
if ((cmac = (Cmac *)XMALLOC(sizeof *cmac, NULL, if ((cmac = (Cmac *)XMALLOC(sizeof *cmac, NULL,
DYNAMIC_TYPE_CMAC)) == NULL) DYNAMIC_TYPE_CMAC)) == NULL) {
return MEMORY_E; return MEMORY_E;
}
#endif #endif
ret = wc_InitCmac(cmac, key, keySz, WC_CMAC_AES, NULL); ret = wc_InitCmac(cmac, key, keySz, WC_CMAC_AES, NULL);
if (ret != 0) if (ret == 0) {
goto out; ret = wc_CmacUpdate(cmac, in, inSz);
}
ret = wc_CmacUpdate(cmac, in, inSz); if (ret == 0) {
if (ret != 0) ret = wc_CmacFinal(cmac, out, outSz);
goto out; }
ret = wc_CmacFinal(cmac, out, outSz);
if (ret != 0)
goto out;
out:
#ifdef WOLFSSL_SMALL_STACK #ifdef WOLFSSL_SMALL_STACK
if (cmac) if (cmac) {
XFREE(cmac, NULL, DYNAMIC_TYPE_CMAC); XFREE(cmac, NULL, DYNAMIC_TYPE_CMAC);
}
#endif #endif
return ret; return ret;
@@ -274,24 +275,24 @@ int wc_AesCmacVerify(const byte* check, word32 checkSz,
const byte* in, word32 inSz, const byte* in, word32 inSz,
const byte* key, word32 keySz) const byte* key, word32 keySz)
{ {
int ret;
byte a[AES_BLOCK_SIZE]; byte a[AES_BLOCK_SIZE];
word32 aSz = sizeof(a); word32 aSz = sizeof(a);
int result;
int compareRet; int compareRet;
if (check == NULL || checkSz == 0 || (in == NULL && inSz != 0) || if (check == NULL || checkSz == 0 || (in == NULL && inSz != 0) ||
key == NULL || keySz == 0) key == NULL || keySz == 0) {
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
}
XMEMSET(a, 0, aSz); XMEMSET(a, 0, aSz);
result = wc_AesCmacGenerate(a, &aSz, in, inSz, key, keySz); ret = wc_AesCmacGenerate(a, &aSz, in, inSz, key, keySz);
compareRet = ConstantCompare(check, a, min(checkSz, aSz)); compareRet = ConstantCompare(check, a, min(checkSz, aSz));
if (result == 0) if (ret == 0)
result = compareRet ? 1 : 0; ret = compareRet ? 1 : 0;
return result; return ret;
} }

34
wolfcrypt/src/evp.c
View File

@@ -47,7 +47,7 @@
#include <wolfssl/wolfcrypt/integer.h> #include <wolfssl/wolfcrypt/integer.h>
#ifndef NO_AES #ifndef NO_AES
#ifdef HAVE_AES_CBC #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
#ifdef WOLFSSL_AES_128 #ifdef WOLFSSL_AES_128
static const char EVP_AES_128_CBC[] = "AES-128-CBC"; static const char EVP_AES_128_CBC[] = "AES-128-CBC";
#endif #endif
@@ -57,7 +57,7 @@
#ifdef WOLFSSL_AES_256 #ifdef WOLFSSL_AES_256
static const char EVP_AES_256_CBC[] = "AES-256-CBC"; static const char EVP_AES_256_CBC[] = "AES-256-CBC";
#endif #endif
#endif /* HAVE_AES_CBC */ #endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */
#ifdef WOLFSSL_AES_OFB #ifdef WOLFSSL_AES_OFB
#ifdef WOLFSSL_AES_128 #ifdef WOLFSSL_AES_128
@@ -202,7 +202,7 @@ int wolfSSL_EVP_Cipher_key_length(const WOLFSSL_EVP_CIPHER* c)
switch (cipherType(c)) { switch (cipherType(c)) {
#if !defined(NO_AES) #if !defined(NO_AES)
#if defined(HAVE_AES_CBC) #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
case AES_128_CBC_TYPE: return 16; case AES_128_CBC_TYPE: return 16;
case AES_192_CBC_TYPE: return 24; case AES_192_CBC_TYPE: return 24;
case AES_256_CBC_TYPE: return 32; case AES_256_CBC_TYPE: return 32;
@@ -985,7 +985,7 @@ int wolfSSL_EVP_CIPHER_CTX_block_size(const WOLFSSL_EVP_CIPHER_CTX *ctx)
switch (ctx->cipherType) { switch (ctx->cipherType) {
#if !defined(NO_AES) || !defined(NO_DES3) #if !defined(NO_AES) || !defined(NO_DES3)
#if !defined(NO_AES) #if !defined(NO_AES)
#if defined(HAVE_AES_CBC) #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
case AES_128_CBC_TYPE: case AES_128_CBC_TYPE:
case AES_192_CBC_TYPE: case AES_192_CBC_TYPE:
case AES_256_CBC_TYPE: case AES_256_CBC_TYPE:
@@ -1054,7 +1054,7 @@ static unsigned int cipherType(const WOLFSSL_EVP_CIPHER *cipher)
#endif /* NO_DES3 && HAVE_AES_ECB */ #endif /* NO_DES3 && HAVE_AES_ECB */
#endif #endif
#if !defined(NO_AES) #if !defined(NO_AES)
#if defined(HAVE_AES_CBC) #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
#ifdef WOLFSSL_AES_128 #ifdef WOLFSSL_AES_128
else if (XSTRNCMP(cipher, EVP_AES_128_CBC, EVP_AES_SIZE) == 0) else if (XSTRNCMP(cipher, EVP_AES_128_CBC, EVP_AES_SIZE) == 0)
return AES_128_CBC_TYPE; return AES_128_CBC_TYPE;
@@ -1067,7 +1067,7 @@ static unsigned int cipherType(const WOLFSSL_EVP_CIPHER *cipher)
else if (XSTRNCMP(cipher, EVP_AES_256_CBC, EVP_AES_SIZE) == 0) else if (XSTRNCMP(cipher, EVP_AES_256_CBC, EVP_AES_SIZE) == 0)
return AES_256_CBC_TYPE; return AES_256_CBC_TYPE;
#endif #endif
#endif /* HAVE_AES_CBC */ #endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */
#if defined(HAVE_AESGCM) #if defined(HAVE_AESGCM)
#ifdef WOLFSSL_AES_128 #ifdef WOLFSSL_AES_128
else if (XSTRNCMP(cipher, EVP_AES_128_GCM, EVP_AES_SIZE) == 0) else if (XSTRNCMP(cipher, EVP_AES_128_GCM, EVP_AES_SIZE) == 0)
@@ -1186,7 +1186,7 @@ int wolfSSL_EVP_CIPHER_block_size(const WOLFSSL_EVP_CIPHER *cipher)
if (cipher == NULL) return BAD_FUNC_ARG; if (cipher == NULL) return BAD_FUNC_ARG;
switch (cipherType(cipher)) { switch (cipherType(cipher)) {
#if !defined(NO_AES) #if !defined(NO_AES)
#if defined(HAVE_AES_CBC) #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
case AES_128_CBC_TYPE: case AES_128_CBC_TYPE:
case AES_192_CBC_TYPE: case AES_192_CBC_TYPE:
case AES_256_CBC_TYPE: case AES_256_CBC_TYPE:
@@ -1255,7 +1255,7 @@ unsigned long WOLFSSL_CIPHER_mode(const WOLFSSL_EVP_CIPHER *cipher)
{ {
switch (cipherType(cipher)) { switch (cipherType(cipher)) {
#if !defined(NO_AES) #if !defined(NO_AES)
#if defined(HAVE_AES_CBC) #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
case AES_128_CBC_TYPE: case AES_128_CBC_TYPE:
case AES_192_CBC_TYPE: case AES_192_CBC_TYPE:
case AES_256_CBC_TYPE: case AES_256_CBC_TYPE:
@@ -1301,7 +1301,7 @@ unsigned long WOLFSSL_CIPHER_mode(const WOLFSSL_EVP_CIPHER *cipher)
case AES_192_ECB_TYPE: case AES_192_ECB_TYPE:
case AES_256_ECB_TYPE: case AES_256_ECB_TYPE:
return WOLFSSL_EVP_CIPH_ECB_MODE; return WOLFSSL_EVP_CIPH_ECB_MODE;
#endif /* NO_AES */ #endif /* !NO_AES */
#ifndef NO_DES3 #ifndef NO_DES3
case DES_CBC_TYPE: case DES_CBC_TYPE:
case DES_EDE3_CBC_TYPE: case DES_EDE3_CBC_TYPE:
@@ -3215,7 +3215,7 @@ static const struct cipher{
} cipher_tbl[] = { } cipher_tbl[] = {
#ifndef NO_AES #ifndef NO_AES
#ifdef HAVE_AES_CBC #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
#ifdef WOLFSSL_AES_128 #ifdef WOLFSSL_AES_128
{AES_128_CBC_TYPE, EVP_AES_128_CBC, NID_aes_128_cbc}, {AES_128_CBC_TYPE, EVP_AES_128_CBC, NID_aes_128_cbc},
#endif #endif
@@ -3479,7 +3479,7 @@ const WOLFSSL_EVP_CIPHER *wolfSSL_EVP_get_cipherbynid(int id)
switch(id) { switch(id) {
#ifndef NO_AES #ifndef NO_AES
#ifdef HAVE_AES_CBC #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
#ifdef WOLFSSL_AES_128 #ifdef WOLFSSL_AES_128
case NID_aes_128_cbc: case NID_aes_128_cbc:
return wolfSSL_EVP_aes_128_cbc(); return wolfSSL_EVP_aes_128_cbc();
@@ -4130,7 +4130,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
#ifndef NO_AES #ifndef NO_AES
#ifdef HAVE_AES_CBC #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
#ifdef WOLFSSL_AES_128 #ifdef WOLFSSL_AES_128
const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cbc(void) const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cbc(void)
{ {
@@ -4818,7 +4818,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
#endif #endif
#ifndef NO_AES #ifndef NO_AES
#ifdef HAVE_AES_CBC #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
#ifdef WOLFSSL_AES_128 #ifdef WOLFSSL_AES_128
if (ctx->cipherType == AES_128_CBC_TYPE || if (ctx->cipherType == AES_128_CBC_TYPE ||
(type && XSTRNCMP(type, EVP_AES_128_CBC, EVP_AES_SIZE) == 0)) { (type && XSTRNCMP(type, EVP_AES_128_CBC, EVP_AES_SIZE) == 0)) {
@@ -4898,7 +4898,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD* type)
} }
} }
#endif /* WOLFSSL_AES_256 */ #endif /* WOLFSSL_AES_256 */
#endif /* HAVE_AES_CBC */ #endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */
#if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
#ifdef HAVE_AESGCM #ifdef HAVE_AESGCM
@@ -7152,7 +7152,7 @@ int wolfSSL_EVP_CIPHER_CTX_iv_length(const WOLFSSL_EVP_CIPHER_CTX* ctx)
switch (ctx->cipherType) { switch (ctx->cipherType) {
#ifdef HAVE_AES_CBC #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
case AES_128_CBC_TYPE : case AES_128_CBC_TYPE :
case AES_192_CBC_TYPE : case AES_192_CBC_TYPE :
case AES_256_CBC_TYPE : case AES_256_CBC_TYPE :
@@ -7245,7 +7245,7 @@ int wolfSSL_EVP_CIPHER_iv_length(const WOLFSSL_EVP_CIPHER* cipher)
WOLFSSL_MSG("wolfSSL_EVP_CIPHER_iv_length"); WOLFSSL_MSG("wolfSSL_EVP_CIPHER_iv_length");
#ifndef NO_AES #ifndef NO_AES
#ifdef HAVE_AES_CBC #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)
#ifdef WOLFSSL_AES_128 #ifdef WOLFSSL_AES_128
if (XSTRNCMP(name, EVP_AES_128_CBC, XSTRLEN(EVP_AES_128_CBC)) == 0) if (XSTRNCMP(name, EVP_AES_128_CBC, XSTRLEN(EVP_AES_128_CBC)) == 0)
return AES_BLOCK_SIZE; return AES_BLOCK_SIZE;
@@ -7258,7 +7258,7 @@ int wolfSSL_EVP_CIPHER_iv_length(const WOLFSSL_EVP_CIPHER* cipher)
if (XSTRNCMP(name, EVP_AES_256_CBC, XSTRLEN(EVP_AES_256_CBC)) == 0) if (XSTRNCMP(name, EVP_AES_256_CBC, XSTRLEN(EVP_AES_256_CBC)) == 0)
return AES_BLOCK_SIZE; return AES_BLOCK_SIZE;
#endif #endif
#endif /* HAVE_AES_CBC */ #endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */
#if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \
(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))
#ifdef HAVE_AESGCM #ifdef HAVE_AESGCM

45
wolfcrypt/src/pkcs7.c
View File

@@ -643,23 +643,42 @@ static int wc_PKCS7_GetOIDBlockSize(int oid)
switch (oid) { switch (oid) {
#ifndef NO_AES #ifndef NO_AES
#ifdef WOLFSSL_AES_128 #ifdef WOLFSSL_AES_128
#ifdef HAVE_AES_CBC
case AES128CBCb: case AES128CBCb:
#endif
#ifdef HAVE_AESGCM
case AES128GCMb: case AES128GCMb:
#endif
#ifdef HAVE_AESCCM
case AES128CCMb: case AES128CCMb:
#endif
#endif #endif
#ifdef WOLFSSL_AES_192 #ifdef WOLFSSL_AES_192
#ifdef HAVE_AES_CBC
case AES192CBCb: case AES192CBCb:
#endif
#ifdef HAVE_AESGCM
case AES192GCMb: case AES192GCMb:
#endif
#ifdef HAVE_AESCCM
case AES192CCMb: case AES192CCMb:
#endif
#endif #endif
#ifdef WOLFSSL_AES_256 #ifdef WOLFSSL_AES_256
#ifdef HAVE_AES_CBC
case AES256CBCb: case AES256CBCb:
#endif
#ifdef HAVE_AESGCM
case AES256GCMb: case AES256GCMb:
#endif
#ifdef HAVE_AESCCM
case AES256CCMb: case AES256CCMb:
#endif
#endif #endif
blockSz = AES_BLOCK_SIZE; blockSz = AES_BLOCK_SIZE;
break; break;
#endif #endif /* !NO_AES */
#ifndef NO_DES3 #ifndef NO_DES3
case DESb: case DESb:
case DES3b: case DES3b:
@@ -683,35 +702,53 @@ static int wc_PKCS7_GetOIDKeySize(int oid)
switch (oid) { switch (oid) {
#ifndef NO_AES #ifndef NO_AES
#ifdef WOLFSSL_AES_128 #ifdef WOLFSSL_AES_128
#ifdef HAVE_AES_CBC
case AES128CBCb: case AES128CBCb:
#endif
#ifdef HAVE_AESGCM
case AES128GCMb: case AES128GCMb:
#endif
#ifdef HAVE_AESCCM
case AES128CCMb: case AES128CCMb:
#endif
case AES128_WRAP: case AES128_WRAP:
blockKeySz = 16; blockKeySz = 16;
break; break;
#endif #endif
#ifdef WOLFSSL_AES_192 #ifdef WOLFSSL_AES_192
#ifdef HAVE_AES_CBC
case AES192CBCb: case AES192CBCb:
#endif
#ifdef HAVE_AESGCM
case AES192GCMb: case AES192GCMb:
#endif
#ifdef HAVE_AESCCM
case AES192CCMb: case AES192CCMb:
#endif
case AES192_WRAP: case AES192_WRAP:
blockKeySz = 24; blockKeySz = 24;
break; break;
#endif #endif
#ifdef WOLFSSL_AES_256 #ifdef WOLFSSL_AES_256
#ifdef HAVE_AES_CBC
case AES256CBCb: case AES256CBCb:
#endif
#ifdef HAVE_AESGCM
case AES256GCMb: case AES256GCMb:
#endif
#ifdef HAVE_AESCCM
case AES256CCMb: case AES256CCMb:
#endif
case AES256_WRAP: case AES256_WRAP:
blockKeySz = 32; blockKeySz = 32;
break; break;
#endif #endif
#endif #endif /* !NO_AES */
#ifndef NO_DES3 #ifndef NO_DES3
case DESb: case DESb:
blockKeySz = DES_KEYLEN; blockKeySz = DES_KEYLEN;
break; break;
case DES3b: case DES3b:
blockKeySz = DES3_KEYLEN; blockKeySz = DES3_KEYLEN;
break; break;
@@ -7513,7 +7550,7 @@ int wc_PKCS7_AddRecipient_PWRI(PKCS7* pkcs7, byte* passwd, word32 pLen,
word32 kdfAlgoIdSeqSz, kdfAlgoIdSz; word32 kdfAlgoIdSeqSz, kdfAlgoIdSz;
word32 kdfParamsSeqSz, kdfSaltOctetStrSz, kdfIterationsSz; word32 kdfParamsSeqSz, kdfSaltOctetStrSz, kdfIterationsSz;
/* OPTIONAL: keyLength, not supported yet */ /* OPTIONAL: keyLength, not supported yet */
/* OPTIONAL: prf AlgorithIdentifier, not supported yet */ /* OPTIONAL: prf AlgorithmIdentifier, not supported yet */
/* KeyEncryptionAlgorithmIdentifier */ /* KeyEncryptionAlgorithmIdentifier */
byte keyEncAlgoIdSeq[MAX_SEQ_SZ]; byte keyEncAlgoIdSeq[MAX_SEQ_SZ];

37
wolfcrypt/test/test.c
View File

@@ -454,7 +454,8 @@ WOLFSSL_TEST_SUBROUTINE int pbkdf2_test(void);
WOLFSSL_TEST_SUBROUTINE int scrypt_test(void); WOLFSSL_TEST_SUBROUTINE int scrypt_test(void);
#ifdef HAVE_ECC #ifdef HAVE_ECC
WOLFSSL_TEST_SUBROUTINE int ecc_test(void); WOLFSSL_TEST_SUBROUTINE int ecc_test(void);
#ifdef HAVE_ECC_ENCRYPT #if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_AES_CBC) && \
defined(WOLFSSL_AES_128)
WOLFSSL_TEST_SUBROUTINE int ecc_encrypt_test(void); WOLFSSL_TEST_SUBROUTINE int ecc_encrypt_test(void);
#endif #endif
#if defined(USE_CERT_BUFFERS_256) && !defined(WOLFSSL_ATECC508A) && \ #if defined(USE_CERT_BUFFERS_256) && !defined(WOLFSSL_ATECC508A) && \
@@ -1215,7 +1216,8 @@ initDefaultName();
return err_sys("ECC test failed!\n", ret); return err_sys("ECC test failed!\n", ret);
else else
test_pass("ECC test passed!\n"); test_pass("ECC test passed!\n");
#if defined(HAVE_ECC_ENCRYPT) && defined(WOLFSSL_AES_128) #if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_AES_CBC) && \
defined(WOLFSSL_AES_128)
if ( (ret = ecc_encrypt_test()) != 0) if ( (ret = ecc_encrypt_test()) != 0)
return err_sys("ECC Enc test failed!\n", ret); return err_sys("ECC Enc test failed!\n", ret);
else else
@@ -23976,7 +23978,8 @@ done:
return ret; return ret;
} }
#if defined(HAVE_ECC_ENCRYPT) && defined(WOLFSSL_AES_128) #if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_AES_CBC) && \
defined(WOLFSSL_AES_128)
#if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256 #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256
static int ecc_encrypt_kat(WC_RNG *rng) static int ecc_encrypt_kat(WC_RNG *rng)
@@ -24431,7 +24434,7 @@ done:
return ret; return ret;
} }
#endif /* HAVE_ECC_ENCRYPT */ #endif /* HAVE_ECC_ENCRYPT && HAVE_AES_CBC && WOLFSSL_AES_128 */
#if defined(USE_CERT_BUFFERS_256) && !defined(WOLFSSL_ATECC508A) && \ #if defined(USE_CERT_BUFFERS_256) && !defined(WOLFSSL_ATECC508A) && \
!defined(WOLFSSL_ATECC608A) && !defined(NO_ECC256) && \ !defined(WOLFSSL_ATECC608A) && !defined(NO_ECC256) && \
@@ -24513,7 +24516,8 @@ WOLFSSL_TEST_SUBROUTINE int ecc_test_buffers(void)
#endif #endif
#endif /* !WC_NO_RNG */ #endif /* !WC_NO_RNG */
#if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_HKDF) #if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_HKDF) && \
defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
{ {
word32 y; word32 y;
/* test encrypt and decrypt if they're available */ /* test encrypt and decrypt if they're available */
@@ -30754,7 +30758,7 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
"pkcs7envelopedDataDES3.der"}, "pkcs7envelopedDataDES3.der"},
#endif #endif
#ifndef NO_AES #if !defined(NO_AES) && defined(HAVE_AES_CBC)
#ifdef WOLFSSL_AES_128 #ifdef WOLFSSL_AES_128
{data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0, rsaCert, rsaCertSz, {data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0, rsaCert, rsaCertSz,
rsaPrivKey, rsaPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, rsaPrivKey, rsaPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL,
@@ -30785,7 +30789,7 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0,
0, 0, 0, 0, "pkcs7envelopedDataAES256CBC_IANDS.der"}, 0, 0, 0, 0, "pkcs7envelopedDataAES256CBC_IANDS.der"},
#endif #endif
#endif /* NO_AES */ #endif /* !NO_AES && HAVE_AES_CBC */
#endif #endif
/* key agreement key encryption technique*/ /* key agreement key encryption technique*/
@@ -31328,7 +31332,7 @@ static int pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
#endif #endif
#if !defined(NO_PWDBASED) && !defined(NO_AES) && defined(HAVE_AESGCM) && \ #if !defined(NO_PWDBASED) && !defined(NO_AES) && defined(HAVE_AESGCM) && \
!defined(NO_SHA) && defined(WOLFSSL_AES_128) !defined(NO_SHA) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
#ifndef HAVE_FIPS #ifndef HAVE_FIPS
WOLFSSL_SMALL_STACK_STATIC const char password[] = "password"; WOLFSSL_SMALL_STACK_STATIC const char password[] = "password";
@@ -31501,7 +31505,7 @@ static int pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
/* pwri (PasswordRecipientInfo) recipient types */ /* pwri (PasswordRecipientInfo) recipient types */
#if !defined(NO_PWDBASED) && !defined(NO_AES) && defined(HAVE_AESGCM) #if !defined(NO_PWDBASED) && !defined(NO_AES) && defined(HAVE_AESGCM)
#if !defined(NO_SHA) && defined(WOLFSSL_AES_128) #if !defined(NO_SHA) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)
ADD_PKCS7_TEST_VEC( ADD_PKCS7_TEST_VEC(
{data, (word32)sizeof(data), DATA, AES128GCMb, 0, 0, {data, (word32)sizeof(data), DATA, AES128GCMb, 0, 0,
NULL, 0, NULL, 0, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, 0, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0,
@@ -32372,7 +32376,7 @@ WOLFSSL_TEST_SUBROUTINE int pkcs7encrypted_test(void)
}; };
#endif #endif
#ifndef NO_AES #if !defined(NO_AES) && defined(HAVE_AES_CBC)
#ifdef WOLFSSL_AES_128 #ifdef WOLFSSL_AES_128
byte aes128Key[] = { byte aes128Key[] = {
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
@@ -32440,7 +32444,7 @@ WOLFSSL_TEST_SUBROUTINE int pkcs7encrypted_test(void)
NULL, 0, "pkcs7encryptedDataDES.der"}, NULL, 0, "pkcs7encryptedDataDES.der"},
#endif /* NO_DES3 */ #endif /* NO_DES3 */
#ifndef NO_AES #if !defined(NO_AES) && defined(HAVE_AES_CBC)
#ifdef WOLFSSL_AES_128 #ifdef WOLFSSL_AES_128
{data, (word32)sizeof(data), DATA, AES128CBCb, aes128Key, {data, (word32)sizeof(data), DATA, AES128CBCb, aes128Key,
sizeof(aes128Key), NULL, 0, "pkcs7encryptedDataAES128CBC.der"}, sizeof(aes128Key), NULL, 0, "pkcs7encryptedDataAES128CBC.der"},
@@ -32469,7 +32473,7 @@ WOLFSSL_TEST_SUBROUTINE int pkcs7encrypted_test(void)
sizeof(aes256Key), NULL, 0, sizeof(aes256Key), NULL, 0,
"pkcs7encryptedDataAES256CBC_firmwarePkgData.der"}, "pkcs7encryptedDataAES256CBC_firmwarePkgData.der"},
#endif #endif
#endif /* NO_AES */ #endif /* !NO_AES && HAVE_AES_CBC */
}; };
encrypted = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); encrypted = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER);
@@ -33277,7 +33281,8 @@ static int pkcs7signed_run_SingleShotVectors(
0x72,0x6c,0x64 0x72,0x6c,0x64
}; };
#if defined(WOLFSSL_AES_256) && !defined(NO_PKCS7_ENCRYPTED_DATA) #if !defined(NO_PKCS7_ENCRYPTED_DATA) && \
defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256)
static byte aes256Key[] = { static byte aes256Key[] = {
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,
@@ -33330,7 +33335,8 @@ static int pkcs7signed_run_SingleShotVectors(
"pkcs7signedFirmwarePkgData_RSA_SHA256_with_ca_cert.der", 0, NULL, "pkcs7signedFirmwarePkgData_RSA_SHA256_with_ca_cert.der", 0, NULL,
0, 0, 0, 0, NULL, 0, NULL, 0, 0}, 0, 0, 0, 0, NULL, 0, NULL, 0, 0},
#if defined(WOLFSSL_AES_256) && !defined(NO_PKCS7_ENCRYPTED_DATA) #if !defined(NO_PKCS7_ENCRYPTED_DATA) && \
defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256)
/* Signed Encrypted FirmwarePkgData, RSA, SHA256, no attribs */ /* Signed Encrypted FirmwarePkgData, RSA, SHA256, no attribs */
{data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf, {data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf,
rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0,
@@ -33410,7 +33416,8 @@ static int pkcs7signed_run_SingleShotVectors(
"pkcs7signedFirmwarePkgData_ECDSA_SHA256_SKID.der", 0, NULL, "pkcs7signedFirmwarePkgData_ECDSA_SHA256_SKID.der", 0, NULL,
0, CMS_SKID, 0, 0, NULL, 0, NULL, 0, 0}, 0, CMS_SKID, 0, 0, NULL, 0, NULL, 0, 0},
#if defined(WOLFSSL_AES_256) && !defined(NO_PKCS7_ENCRYPTED_DATA) #if !defined(NO_PKCS7_ENCRYPTED_DATA) && \
defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256)
/* Signed Encrypted FirmwarePkgData, ECDSA, SHA256, no attribs */ /* Signed Encrypted FirmwarePkgData, ECDSA, SHA256, no attribs */
{data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf, {data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf,
eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0,

2
wolfssl/openssl/aes.h
View File

@@ -82,7 +82,7 @@ WOLFSSL_API void wolfSSL_AES_decrypt
#define AES_encrypt wolfSSL_AES_encrypt #define AES_encrypt wolfSSL_AES_encrypt
#define AES_decrypt wolfSSL_AES_decrypt #define AES_decrypt wolfSSL_AES_decrypt
#endif /* HAVE_AES_DIRECT */ #endif /* WOLFSSL_AES_DIRECT */
#ifndef AES_ENCRYPT #ifndef AES_ENCRYPT
#define AES_ENCRYPT AES_ENCRYPTION #define AES_ENCRYPT AES_ENCRYPTION

2
wolfssl/openssl/evp.h
View File

@@ -105,7 +105,7 @@ WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_ecb(void);
WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_ecb(void); WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_ecb(void);
WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_ecb(void); WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_ecb(void);
WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cbc(void); WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cbc(void);
#if !defined(NO_AES) && defined(HAVE_AES_CBC) #if !defined(NO_AES) && (defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT))
WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_cbc(void); WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_cbc(void);
WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_cbc(void); WOLFSSL_API const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_cbc(void);
#endif #endif