diff --git a/src/ssl.c b/src/ssl.c index d9e19819b..cd7034c6d 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -10452,6 +10452,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) ret = wc_AesCbcDecrypt(&ctx->cipher.aes, dst, src, len); break; #endif /* HAVE_AES_CBC */ +#ifdef HAVE_AES_ECB case AES_128_ECB_TYPE : case AES_192_ECB_TYPE : case AES_256_ECB_TYPE : @@ -10461,6 +10462,7 @@ int wolfSSL_set_compression(WOLFSSL* ssl) else ret = wc_AesEcbDecrypt(&ctx->cipher.aes, dst, src, len); break; +#endif #ifdef WOLFSSL_AES_COUNTER case AES_128_CTR_TYPE : case AES_192_CTR_TYPE : diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 1169ac98a..9b3d0cc8f 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -19,6 +19,8 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +static unsigned char cipherType(const WOLFSSL_EVP_CIPHER *cipher); + WOLFSSL_API int wolfSSL_EVP_EncryptInit(WOLFSSL_EVP_CIPHER_CTX* ctx, const WOLFSSL_EVP_CIPHER* type, unsigned char* key, unsigned char* iv) @@ -62,6 +64,7 @@ WOLFSSL_API int wolfSSL_EVP_DigestInit_ex(WOLFSSL_EVP_MD_CTX* ctx, WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_block_size(const WOLFSSL_EVP_CIPHER_CTX *ctx) { + if(ctx == NULL)return BAD_FUNC_ARG; switch(ctx->cipherType){ #if !defined(NO_AES) && defined(HAVE_AES_CBC) @@ -136,6 +139,7 @@ static unsigned char cipherType(const WOLFSSL_EVP_CIPHER *cipher) WOLFSSL_API int wolfSSL_EVP_CIPHER_block_size(const WOLFSSL_EVP_CIPHER *cipher) { + if(cipher == NULL)return BAD_FUNC_ARG; switch(cipherType(cipher)){ #if !defined(NO_AES) && defined(HAVE_AES_CBC) case AES_128_CBC_TYPE: return 16; @@ -163,7 +167,7 @@ WOLFSSL_API int wolfSSL_EVP_CIPHER_block_size(const WOLFSSL_EVP_CIPHER *cipher) } } -WOLFSSL_API unsigned long WOLFSSL_CIPHER_mode(const WOLFSSL_EVP_CIPHER *cipher) +static unsigned long WOLFSSL_CIPHER_mode(const WOLFSSL_EVP_CIPHER *cipher) { switch(cipherType(cipher)){ #if !defined(NO_AES) && defined(HAVE_AES_CBC) @@ -197,18 +201,27 @@ WOLFSSL_API unsigned long WOLFSSL_CIPHER_mode(const WOLFSSL_EVP_CIPHER *cipher) } } +WOLFSSL_API unsigned long WOLFSSL_EVP_CIPHER_mode(const WOLFSSL_EVP_CIPHER *cipher) +{ + if(cipher == NULL)return BAD_FUNC_ARG; + return WOLFSSL_CIPHER_mode(cipher); +} + +WOLFSSL_API void wolfSSL_EVP_CIPHER_CTX_set_flags(WOLFSSL_EVP_CIPHER_CTX *ctx, int flags) +{ + ctx->flags = flags; +} + WOLFSSL_API unsigned long wolfSSL_EVP_CIPHER_flags(const WOLFSSL_EVP_CIPHER *cipher) { + if(cipher == NULL)return BAD_FUNC_ARG; return WOLFSSL_CIPHER_mode(cipher); } WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_set_padding(WOLFSSL_EVP_CIPHER_CTX *ctx, int padding) { - (void) ctx; - (void) padding; - /* + if(ctx == NULL)return BAD_FUNC_ARG; if(padding)ctx->flags &= ~WOLFSSL_EVP_CIPH_NO_PADDING; else ctx->flags |= WOLFSSL_EVP_CIPH_NO_PADDING; - */ - return 0; + return 1; } diff --git a/wolfcrypt/test/openssl_test_ex.c b/wolfcrypt/test/openssl_test_ex.c new file mode 100644 index 000000000..b0039cd66 --- /dev/null +++ b/wolfcrypt/test/openssl_test_ex.c @@ -0,0 +1,64 @@ + +#ifdef OPENSSL_EXTRA + +#define OPENSSL_TEST_ERROR -10000 + +static int openssl_test_ex(void) +{ + + /* Test: AES_encrypt/decrypt/set Key */ + + AES_KEY enc; +#ifdef HAVE_AES_DECRYPT + AES_KEY dec; +#endif + + byte cipher[AES_BLOCK_SIZE * 4]; + byte plain [AES_BLOCK_SIZE * 4]; + + int ret = 0; + +#ifdef HAVE_AES_CBC + const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */ + 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, + 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, + 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 + }; + + const byte verify[] = + { + 0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53, + 0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb + }; + + byte encKey[] = "0123456789abcdef "; /* align */ + byte decKey[] = "0123456789abcdef "; /* align */ + byte iv[] = "1234567890abcdef "; /* align */ + + + printf("openSSL extra test\n") ; + + ret = AES_set_encrypt_key(encKey, sizeof(encKey)*8, &enc); + if (ret != 0) + return OPENSSL_TEST_ERROR-1001; + +#ifdef HAVE_AES_DECRYPT + printf("test AES_decrypt\n"); + ret = AES_set_decrypt_Key(decKey, sizeof(decKey)*8, &dec); + if (ret != 0) + return OPENSSL_TEST_ERROR-1002; +#endif + + AES_encrypt(&enc, cipher, msg); + +#ifdef HAVE_AES_DECRYPT + AES_decrypt(&dec, plain, cipher); + if (XMEMCMP(plain, msg, AES_BLOCK_SIZE)) + return OPENSSL_TEST_ERROR--60; +#endif /* HAVE_AES_DECRYPT */ + + if (XMEMCMP(cipher, verify, AES_BLOCK_SIZE)) + return OPENSSL_TEST_ERROR--61; + + return 0; +} diff --git a/wolfssl/openssl/evp.h b/wolfssl/openssl/evp.h index 0da260aee..cfa6475d6 100644 --- a/wolfssl/openssl/evp.h +++ b/wolfssl/openssl/evp.h @@ -155,6 +155,7 @@ enum { typedef struct WOLFSSL_EVP_CIPHER_CTX { int keyLen; /* user may set for variable */ int block_size; + unsigned long flags; unsigned char enc; /* if encrypt side, then true */ unsigned char cipherType; #ifndef NO_AES @@ -258,7 +259,7 @@ WOLFSSL_API int wolfSSL_SetInternalIV(WOLFSSL_EVP_CIPHER_CTX* ctx); WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_block_size(const WOLFSSL_EVP_CIPHER_CTX *ctx); WOLFSSL_API int wolfSSL_EVP_CIPHER_block_size(const WOLFSSL_EVP_CIPHER *cipher); -WOLFSSL_API unsigned long WOLFSSL_CIPHER_mode(const WOLFSSL_EVP_CIPHER *cipher); +WOLFSSL_API unsigned long WOLFSSL_EVP_CIPHER_mode(const WOLFSSL_EVP_CIPHER *cipher); WOLFSSL_API unsigned long wolfSSL_EVP_CIPHER_flags(const WOLFSSL_EVP_CIPHER *cipher); WOLFSSL_API void wolfSSL_EVP_CIPHER_CTX_set_flags(WOLFSSL_EVP_CIPHER_CTX *ctx, int flags); WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_set_padding(WOLFSSL_EVP_CIPHER_CTX *c, int pad); @@ -272,6 +273,7 @@ WOLFSSL_API int wolfSSL_EVP_CIPHER_CTX_set_padding(WOLFSSL_EVP_CIPHER_CTX *c, i #define WOLFSSL_EVP_CIPH_CTR_MODE 0x5 #define WOLFSSL_EVP_CIPH_GCM_MODE 0x6 #define WOLFSSL_EVP_CIPH_CCM_MODE 0x7 +#define WOLFSSL_EVP_CIPH_NO_PADDING 0x100 #define wolfSSL_EVP_CIPHER_CTX_flags(c) wolfSSL_EVP_CIPHER_flags(WOLFSSL_EVP_CIPHER_CTX_cipher(c))