WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #1918 from dgarske/async_rel_v3.15.5 

wolfSSL Async Release v3.15.5 Fixes
pull/1924/head
toddouska 2018-11-12 11:22:55 -08:00 committed by GitHub
parent 39506e61d1 ba8d1962c7
commit 254b0f665b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 147 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
examples/client/client.c
View File

@ -1310,7 +1310,9 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
int doSTARTTLS = 0;
char* starttlsProt = NULL;
int useVerifyCb = 0;
#ifdef HAVE_ECC
int useSupCurve = 0;
#endif
#ifdef WOLFSSL_TRUST_PEER_CERT
const char* trustCert = NULL;
@ -1410,7 +1412,9 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
(void)useX25519;
(void)helloRetry;
(void)onlyKeyShare;
#ifdef HAVE_ECC
(void)useSupCurve;
#endif
(void)loadCertKeyIntoSSLObj;
StackTrap();
@ -1557,10 +1561,12 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
printf("Verify should fail\n");
myVerifyFail = 1;
}
#ifdef HAVE_ECC
else if (XSTRNCMP(myoptarg, "useSupCurve", 11) == 0) {
printf("Test use supported curve\n");
useSupCurve = 1;
}
#endif
else if (XSTRNCMP(myoptarg, "loadSSL", 7) == 0) {
printf("Load cert/key into wolfSSL object\n");
loadCertKeyIntoSSLObj = 1;
@ -1785,9 +1791,11 @@ THREAD_RETURN WOLFSSL_THREAD client_test(void* args)
case 't' :
#ifdef HAVE_CURVE25519
useX25519 = 1;
#ifdef HAVE_ECC
useSupCurve = 1;
#if defined(WOLFSSL_TLS13) && defined(HAVE_ECC)
#ifdef WOLFSSL_TLS13
onlyKeyShare = 2;
#endif
#endif
#endif
break;

2
src/internal.c
View File

@ -1980,7 +1980,7 @@ void InitSuites(Suites* suites, ProtocolVersion pv, int keySz, word16 haveRSA,
#ifndef WOLFSSL_NO_TLS12
#ifndef NO_WOLFSSL_SERVER
#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_RSA)
if (side == WOLFSSL_SERVER_END && haveStaticECC) {
haveRSA = 0; /* can't do RSA with ECDSA key */
}

8
src/ssl.c
View File

@ -13179,6 +13179,9 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
ctx->lastUsed = 0;
ctx->flags = 0;
}
XMEMSET(&ctx->cipher, 0, sizeof(ctx->cipher));
#ifndef NO_AES
#ifdef HAVE_AES_CBC
#ifdef WOLFSSL_AES_128
@ -14251,6 +14254,10 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
XMEMCPY(&key[DES_BLOCK_SIZE * 2], *ks3, DES_BLOCK_SIZE);
lb_sz = sz%DES_BLOCK_SIZE;
blk = sz/DES_BLOCK_SIZE;
/* OpenSSL compat, no ret */
wc_Des3Init(&des, NULL, INVALID_DEVID);
if (enc) {
wc_Des3_SetKey(&des, key, (const byte*)ivec, DES_ENCRYPTION);
wc_Des3_CbcEncrypt(&des, output, input, (word32)blk*DES_BLOCK_SIZE);
@ -14269,6 +14276,7 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
XMEMCPY(output+sz-lb_sz, lastblock, lb_sz);
}
}
wc_Des3Free(&des);
}

39
wolfcrypt/src/aes.c
View File

@ -233,11 +233,14 @@
#endif /* HAVE_AES_DECRYPT */
#endif /* HAVE_AESCCM && HAVE_FIPS_VERSION 2 */
int wc_AesInit(Aes* aes, void* h, int i)
int wc_AesInit(Aes* aes, void* h, int i)
{
(void)aes;
if (aes == NULL)
return BAD_FUNC_ARG;
(void)h;
(void)i;
/* FIPS doesn't support:
return AesInit(aes, h, i); */
return 0;
@ -9008,22 +9011,24 @@ int wc_Gmac(const byte* key, word32 keySz, byte* iv, word32 ivSz,
byte* authTag, word32 authTagSz, WC_RNG* rng)
{
Aes aes;
int ret = 0;
int ret;
if (key == NULL || iv == NULL || (authIn == NULL && authInSz != 0) ||
authTag == NULL || authTagSz == 0 || rng == NULL) {
ret = BAD_FUNC_ARG;
return BAD_FUNC_ARG;
}
if (ret == 0)
ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
if (ret == 0) {
ret = wc_AesGcmSetKey(&aes, key, keySz);
if (ret == 0)
ret = wc_AesGcmSetIV(&aes, ivSz, NULL, 0, rng);
if (ret == 0)
ret = wc_AesGcmEncrypt_ex(&aes, NULL, NULL, 0, iv, ivSz,
if (ret == 0)
ret = wc_AesGcmSetIV(&aes, ivSz, NULL, 0, rng);
if (ret == 0)
ret = wc_AesGcmEncrypt_ex(&aes, NULL, NULL, 0, iv, ivSz,
authTag, authTagSz, authIn, authInSz);
wc_AesFree(&aes);
wc_AesFree(&aes);
}
ForceZero(&aes, sizeof(aes));
return ret;
@ -9035,20 +9040,22 @@ int wc_GmacVerify(const byte* key, word32 keySz,
const byte* authTag, word32 authTagSz)
{
Aes aes;
int ret = 0;
int ret;
if (key == NULL || iv == NULL || (authIn == NULL && authInSz != 0) ||
authTag == NULL || authTagSz == 0 || authTagSz > AES_BLOCK_SIZE) {
ret = BAD_FUNC_ARG;
return BAD_FUNC_ARG;
}
if (ret == 0)
ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
if (ret == 0) {
ret = wc_AesGcmSetKey(&aes, key, keySz);
if (ret == 0)
ret = wc_AesGcmDecrypt(&aes, NULL, NULL, 0, iv, ivSz,
if (ret == 0)
ret = wc_AesGcmDecrypt(&aes, NULL, NULL, 0, iv, ivSz,
authTag, authTagSz, authIn, authInSz);
wc_AesFree(&aes);
wc_AesFree(&aes);
}
ForceZero(&aes, sizeof(aes));
return ret;

29
wolfcrypt/src/ecc.c
View File

@ -5165,10 +5165,10 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
r = key->r;
s = key->s;
#else
#ifndef WOLFSSL_SMALL_STACK
#ifndef WOLFSSL_SMALL_STACK
r = r_lcl;
s = s_lcl;
#else
#else
r = (mp_int*)XMALLOC(sizeof(mp_int), key->heap, DYNAMIC_TYPE_ECC);
if (r == NULL)
return MEMORY_E;
@ -5177,8 +5177,10 @@ int wc_ecc_verify_hash(const byte* sig, word32 siglen, const byte* hash,
XFREE(r, key->heap, DYNAMIC_TYPE_ECC);
return MEMORY_E;
}
#endif
#endif
#endif
XMEMSET(r, 0, sizeof(mp_int));
XMEMSET(s, 0, sizeof(mp_int));
#endif /* WOLFSSL_ASYNC_CRYPT */
switch(key->state) {
case ECC_STATE_NONE:
@ -8874,14 +8876,21 @@ int wc_ecc_encrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg,
case ecAES_128_CBC:
{
Aes aes;
ret = wc_AesSetKey(&aes, encKey, KEY_SIZE_128, encIv,
ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
if (ret == 0) {
ret = wc_AesSetKey(&aes, encKey, KEY_SIZE_128, encIv,
AES_ENCRYPTION);
if (ret == 0) {
ret = wc_AesCbcEncrypt(&aes, out, msg, msgSz);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes.asyncDev,
WC_ASYNC_FLAG_NONE);
#endif
}
wc_AesFree(&aes);
}
if (ret != 0)
break;
ret = wc_AesCbcEncrypt(&aes, out, msg, msgSz);
#if defined(WOLFSSL_ASYNC_CRYPT)
ret = wc_AsyncWait(ret, &aes.asyncDev, WC_ASYNC_FLAG_NONE);
#endif
break;
}
break;

92
wolfcrypt/src/pkcs7.c
View File

@ -5525,10 +5525,13 @@ static int wc_PKCS7_EncryptContent(int encryptOID, byte* key, int keySz,
(ivSz != AES_BLOCK_SIZE) )
return BAD_FUNC_ARG;
ret = wc_AesSetKey(&aes, key, keySz, iv, AES_ENCRYPTION);
if (ret == 0)
ret = wc_AesCbcEncrypt(&aes, out, in, inSz);
ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
if (ret == 0) {
ret = wc_AesSetKey(&aes, key, keySz, iv, AES_ENCRYPTION);
if (ret == 0)
ret = wc_AesCbcEncrypt(&aes, out, in, inSz);
wc_AesFree(&aes);
}
break;
#ifdef HAVE_AESGCM
#ifdef WOLFSSL_AES_128
@ -5545,10 +5548,14 @@ static int wc_PKCS7_EncryptContent(int encryptOID, byte* key, int keySz,
if (authTag == NULL)
return BAD_FUNC_ARG;
ret = wc_AesGcmSetKey(&aes, key, keySz);
if (ret == 0)
ret = wc_AesGcmEncrypt(&aes, out, in, inSz, iv, ivSz,
authTag, authTagSz, aad, aadSz);
ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
if (ret == 0) {
ret = wc_AesGcmSetKey(&aes, key, keySz);
if (ret == 0)
ret = wc_AesGcmEncrypt(&aes, out, in, inSz, iv, ivSz,
authTag, authTagSz, aad, aadSz);
wc_AesFree(&aes);
}
break;
#endif
#endif /* HAVE_AESGCM */
@ -5567,10 +5574,14 @@ static int wc_PKCS7_EncryptContent(int encryptOID, byte* key, int keySz,
if (authTag == NULL)
return BAD_FUNC_ARG;
ret = wc_AesCcmSetKey(&aes, key, keySz);
if (ret == 0)
ret = wc_AesCcmEncrypt(&aes, out, in, inSz, iv, ivSz,
authTag, authTagSz, aad, aadSz);
ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
if (ret == 0) {
ret = wc_AesCcmSetKey(&aes, key, keySz);
if (ret == 0)
ret = wc_AesCcmEncrypt(&aes, out, in, inSz, iv, ivSz,
authTag, authTagSz, aad, aadSz);
wc_AesFree(&aes);
}
break;
#endif
#endif /* HAVE_AESCCM */
@ -5590,10 +5601,13 @@ static int wc_PKCS7_EncryptContent(int encryptOID, byte* key, int keySz,
if (keySz != DES3_KEYLEN || ivSz != DES_BLOCK_SIZE)
return BAD_FUNC_ARG;
ret = wc_Des3_SetKey(&des3, key, iv, DES_ENCRYPTION);
if (ret == 0)
ret = wc_Des3_CbcEncrypt(&des3, out, in, inSz);
ret = wc_Des3Init(&des3, NULL, INVALID_DEVID);
if (ret == 0) {
ret = wc_Des3_SetKey(&des3, key, iv, DES_ENCRYPTION);
if (ret == 0)
ret = wc_Des3_CbcEncrypt(&des3, out, in, inSz);
wc_Des3Free(&des3);
}
break;
#endif
default:
@ -5652,11 +5666,13 @@ static int wc_PKCS7_DecryptContent(int encryptOID, byte* key, int keySz,
#endif
(ivSz != AES_BLOCK_SIZE) )
return BAD_FUNC_ARG;
ret = wc_AesSetKey(&aes, key, keySz, iv, AES_DECRYPTION);
if (ret == 0)
ret = wc_AesCbcDecrypt(&aes, out, in, inSz);
ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
if (ret == 0) {
ret = wc_AesSetKey(&aes, key, keySz, iv, AES_DECRYPTION);
if (ret == 0)
ret = wc_AesCbcDecrypt(&aes, out, in, inSz);
wc_AesFree(&aes);
}
break;
#ifdef HAVE_AESGCM
#ifdef WOLFSSL_AES_128
@ -5673,10 +5689,14 @@ static int wc_PKCS7_DecryptContent(int encryptOID, byte* key, int keySz,
if (authTag == NULL)
return BAD_FUNC_ARG;
ret = wc_AesGcmSetKey(&aes, key, keySz);
if (ret == 0)
ret = wc_AesGcmDecrypt(&aes, out, in, inSz, iv, ivSz,
authTag, authTagSz, aad, aadSz);
ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
if (ret == 0) {
ret = wc_AesGcmSetKey(&aes, key, keySz);
if (ret == 0)
ret = wc_AesGcmDecrypt(&aes, out, in, inSz, iv, ivSz,
authTag, authTagSz, aad, aadSz);
wc_AesFree(&aes);
}
break;
#endif
#endif /* HAVE_AESGCM */
@ -5695,10 +5715,14 @@ static int wc_PKCS7_DecryptContent(int encryptOID, byte* key, int keySz,
if (authTag == NULL)
return BAD_FUNC_ARG;
ret = wc_AesCcmSetKey(&aes, key, keySz);
if (ret == 0)
ret = wc_AesCcmDecrypt(&aes, out, in, inSz, iv, ivSz,
authTag, authTagSz, aad, aadSz);
ret = wc_AesInit(&aes, NULL, INVALID_DEVID);
if (ret == 0) {
ret = wc_AesCcmSetKey(&aes, key, keySz);
if (ret == 0)
ret = wc_AesCcmDecrypt(&aes, out, in, inSz, iv, ivSz,
authTag, authTagSz, aad, aadSz);
wc_AesFree(&aes);
}
break;
#endif
#endif /* HAVE_AESCCM */
@ -5717,9 +5741,13 @@ static int wc_PKCS7_DecryptContent(int encryptOID, byte* key, int keySz,
if (keySz != DES3_KEYLEN || ivSz != DES_BLOCK_SIZE)
return BAD_FUNC_ARG;
ret = wc_Des3_SetKey(&des3, key, iv, DES_DECRYPTION);
if (ret == 0)
ret = wc_Des3_CbcDecrypt(&des3, out, in, inSz);
ret = wc_Des3Init(&des3, NULL, INVALID_DEVID);
if (ret == 0) {
ret = wc_Des3_SetKey(&des3, key, iv, DES_DECRYPTION);
if (ret == 0)
ret = wc_Des3_CbcDecrypt(&des3, out, in, inSz);
wc_Des3Free(&des3);
}
break;
#endif

35
wolfcrypt/test/test.c
View File

@ -5081,6 +5081,14 @@ int des3_test(void)
};
#endif /* WOLFSSL_AES_256 */
if (wc_AesInit(&enc, HEAP_HINT, devId) != 0)
return -4750;
#ifdef HAVE_AES_DECRYPT
if (wc_AesInit(&dec, HEAP_HINT, devId) != 0)
return -4751;
#endif
#ifdef WOLFSSL_AES_128
/* 128 key tests */
ret = wc_AesSetKey(&enc, key1, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
@ -5238,14 +5246,12 @@ static int aes_key_size_test(void)
word32 keySize;
#endif
#ifdef WC_INITAES_H
ret = wc_InitAes_h(NULL, NULL);
ret = wc_AesInit(NULL, HEAP_HINT, devId);
if (ret != BAD_FUNC_ARG)
return -4800;
ret = wc_InitAes_h(&aes, NULL);
ret = wc_AesInit(&aes, HEAP_HINT, devId);
if (ret != 0)
return -4801;
#endif
#ifndef HAVE_FIPS
/* Parameter Validation testing. */
@ -5909,12 +5915,10 @@ int aes_test(void)
byte key[] = "0123456789abcdef "; /* align */
byte iv[] = "1234567890abcdef "; /* align */
#ifdef WOLFSSL_ASYNC_CRYPT
if (wc_AesInit(&enc, HEAP_HINT, devId) != 0)
return -5400;
if (wc_AesInit(&dec, HEAP_HINT, devId) != 0)
return -5401;
#endif
ret = wc_AesSetKey(&enc, key, AES_BLOCK_SIZE, iv, AES_ENCRYPTION);
if (ret != 0)
@ -6621,7 +6625,10 @@ Aes dec;
XMEMSET(resultP, 0, sizeof(resultP));
if (wc_AesInit(&enc, HEAP_HINT, devId) != 0) {
return -5700;
return -4700;
}
if (wc_AesInit(&dec, HEAP_HINT, devId) != 0) {
return -4700;
}
result = wc_AesGcmSetKey(&enc, key, keySz);
@ -9880,6 +9887,7 @@ static int rsa_pss_test(WC_RNG* rng, RsaKey* key)
ret = 0;
exit_rsa_pss:
FREE_VAR(sig, HEAP_HINT);
FREE_VAR(in, HEAP_HINT);
FREE_VAR(out, HEAP_HINT);
@ -11863,6 +11871,7 @@ int dh_test(void)
DhKey key;
DhKey key2;
WC_RNG rng;
int keyInit = 0;
#ifdef USE_CERT_BUFFERS_1024
XMEMCPY(tmp, dh_key_der_1024, (size_t)sizeof_dh_key_der_1024);
@ -11899,6 +11908,7 @@ int dh_test(void)
if (ret != 0) {
ERROR_OUT(-7103, done);
}
keyInit = 1;
ret = wc_InitDhKey_ex(&key2, HEAP_HINT, devId);
if (ret != 0) {
ERROR_OUT(-7104, done);
@ -11977,6 +11987,9 @@ int dh_test(void)
ret = dh_fips_generate_test(&rng);
wc_FreeDhKey(&key);
keyInit = 0;
#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \
!defined(WOLFSSL_OLD_PRIME_CHECK)
if (ret == 0) {
@ -11988,7 +12001,8 @@ int dh_test(void)
done:
wc_FreeDhKey(&key);
if (keyInit)
wc_FreeDhKey(&key);
wc_FreeDhKey(&key2);
wc_FreeRng(&rng);
@ -19343,6 +19357,11 @@ static int pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz,
} else {
/* KTRI or KARI recipient types */
ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId);
if (ret != 0) {
return -9321;
}
ret = wc_PKCS7_InitWithCert(pkcs7, testVectors[i].cert,
(word32)testVectors[i].certSz);
if (ret != 0) {