Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion TOPPERS/WolfSSLDemo/src/wolfDemo/wolf_client.c
Original file line number Diff line number Diff line change
Expand Up @@ -149,7 +149,7 @@ int wolfSSL_TLS_client(void *v_ctx, func_args *args)
}

if ((ssl = wolfSSL_new(ctx)) == NULL) {
printf("ERROR wolfSSL_new: %d\n", wolfSSL_get_error(ssl, 0));
printf("ERROR wolfSSL_new failed\n");
ret = -1;
goto exit_;
}
Expand Down
1 change: 1 addition & 0 deletions btle/ecies/ecc-client.c
Original file line number Diff line number Diff line change
Expand Up @@ -140,6 +140,7 @@ int main(int argc, char** argv)
ret = btle_recv(peerSalt, EXCHANGE_SALT_SZ, &type, devCtx);
if (ret <= 0) {
printf("btle_recv failed %d!\n", ret);
goto cleanup;
}
if (type != BTLE_PKT_TYPE_SALT) {
printf("btle_recv expected salt!\n");
Expand Down
13 changes: 9 additions & 4 deletions certgen/csr_cryptocb.c
Original file line number Diff line number Diff line change
Expand Up @@ -310,6 +310,8 @@ static int gen_csr(const char* arg1)
#endif
void* keyPtr = NULL;
WC_RNG rng;
int initRng = 0;
int initKey = 0;
Cert req;
byte der[LARGE_TEMP_SZ];
word32 derSz;
Expand Down Expand Up @@ -342,6 +344,7 @@ static int gen_csr(const char* arg1)
printf("RNG initialization failed: %d\n", ret);
goto exit;
}
initRng = 1;

/* setup test key */
#ifdef HAVE_ECC
Expand Down Expand Up @@ -394,6 +397,7 @@ static int gen_csr(const char* arg1)
printf("Key initialization failed: %d\n", ret);
goto exit;
}
initKey = 1;

/* decode public key */
#ifdef HAVE_ECC
Expand Down Expand Up @@ -467,18 +471,19 @@ static int gen_csr(const char* arg1)

exit:
#ifdef HAVE_ECC
if (type == ECC_TYPE)
if (type == ECC_TYPE && initKey)
wc_ecc_free(&ecKeyPub);
#endif
#ifndef NO_RSA
if (type == RSA_TYPE)
if (type == RSA_TYPE && initKey)
wc_FreeRsaKey(&rsaKeyPub);
#endif
#ifdef HAVE_ED25519
if (type == ED25519_TYPE)
if (type == ED25519_TYPE && initKey)
wc_ed25519_free(&edKeyPub);
#endif
wc_FreeRng(&rng);
if (initRng)
wc_FreeRng(&rng);

wolfCrypt_Cleanup();

Expand Down
12 changes: 10 additions & 2 deletions certgen/csr_sign.c
Original file line number Diff line number Diff line change
Expand Up @@ -179,11 +179,19 @@ static int do_csrsign(int argc, char** argv)
printf("Successfully read %d bytes from %s\n\n", pemSz, csrPemFile);

ret = wc_CertPemToDer(pemBuf, pemSz, derBuf, LARGE_TEMP_SZ, CERTREQ_TYPE);
if (ret >= 0) {
if (ret == ASN_NO_PEM_HEADER) {
memcpy(derBuf, pemBuf, pemSz);
memset(pemBuf, 0, LARGE_TEMP_SZ);
derSz = pemSz;
ret = 0;
printf("CSR Cert file detected as DER\n\n");
} else if (ret >= 0) {
derSz = ret;
ret = 0;
printf("Converted CSR Cert PEM to DER %d bytes\n", derSz);
} else {
goto exit;
}
printf("Converted CSR Cert PEM to DER %d bytes\n", derSz);

#ifdef HAVE_DECODEDCERT
/* Code for parsing a CSR to a DecodedCert struct */
Expand Down
2 changes: 1 addition & 1 deletion certgen/custom_ext.c
Original file line number Diff line number Diff line change
Expand Up @@ -131,7 +131,7 @@ static int do_certgen(int argc, char** argv)
if (ret != 0) goto exit;
initNewKey = 1;

wc_MakeRsaKey(&newKey, 2048, WC_RSA_EXPONENT, &rng);
ret = wc_MakeRsaKey(&newKey, 2048, WC_RSA_EXPONENT, &rng);
if (ret != 0) goto exit;

printf("Successfully created new RSA key\n\n");
Expand Down
31 changes: 24 additions & 7 deletions crypto/aes/aesgcm-file-encrypt.c
Original file line number Diff line number Diff line change
Expand Up @@ -442,16 +442,27 @@ int decrypt_file_AesGCM(const char *in_file, const char *out_file,
}

if (ret == 0) {
/* The tag param is used to compare to the
/* The tag param is used to compare to the
calculated tag during decryption */
ret = wc_AesGcmDecryptFinal(&gcm, tag, AESGCM_TAG_SIZE);
if (ret != 0) {
/* Authentication failed. The unauthenticated plaintext
* written above must not be left readable on disk, so
* remove the partially written output file. */
fprintf(stderr,
"Authentication failed, removing unverified output file\n");
}
}
exit:
Comment thread
stenslae marked this conversation as resolved.
free(in_buf);
free(out_buf);
close(in_fd);
close(out_fd);

if (ret != 0) {
unlink(out_file);
}

printf("File decryption with AES GCM complete.\n");
return ret;
}
Expand Down Expand Up @@ -709,7 +720,8 @@ int decrypt_file(const char *in_file, const char *out_file, const char *key_str)
goto exit;
}
if (EVP_DecryptFinal_ex(ctx, out_buf, &out_len) != WOLFSSL_SUCCESS) {
perror("EVP_DecryptFinal_ex");
fprintf(stderr,
"Authentication failed, removing unverified output file\n");
ret = AES_GCM_AUTH_E;
goto exit;
}
Expand All @@ -722,10 +734,12 @@ int decrypt_file(const char *in_file, const char *out_file, const char *key_str)
if (ret == WOLFSSL_SUCCESS) {
ret = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG,
AES_IV_SIZE, tag_dec);
if (ret == WOLFSSL_SUCCESS &&
if (ret != WOLFSSL_SUCCESS ||
(memcmp(tag_enc, tag_dec, AESGCM_TAG_SIZE) != 0)) {
perror("TAG didn't match\n");
exit(EXIT_FAILURE);
fprintf(stderr,
"Authentication failed, removing unverified output file\n");
ret = -1;
goto exit;
}
}
printf("File decryption with EVP GCM complete.\n");
Expand All @@ -734,6 +748,9 @@ int decrypt_file(const char *in_file, const char *out_file, const char *key_str)
EVP_CIPHER_CTX_free(ctx);
close(in_fd);
close(out_fd);
if (ret != WOLFSSL_SUCCESS) {
unlink(out_file);
}
return ret;
}
#endif
Expand Down Expand Up @@ -776,11 +793,11 @@ text.bin", (file_sz/1024)+1, file_sz);
pclose(pipe);

#ifdef OPENSSL_EXTRA
const char *cmd_enc_evp ="./aesgcm-file-encrypt -e 256 -m 1 \
const char *cmd_enc_evp ="./aesgcm-file-encrypt -e 256 -m 2 \
-k 77CF00EC060192530B5D06B6B426799B \
-v 77CF00EC060192530B5D06B6B426799B \
-i text.bin -o text2cipher.evp.bin";
const char *cmd_dec_evp ="./aesgcm-file-encrypt -d 256 -m 1 \
const char *cmd_dec_evp ="./aesgcm-file-encrypt -d 256 -m 2 \
-k 77CF00EC060192530B5D06B6B426799B \
-i text2cipher.evp.bin -o text2cipher2text.evp.bin";
const char *cmd_diff_evp = "diff -q text.bin text2cipher2text.evp.bin";
Expand Down
43 changes: 36 additions & 7 deletions crypto/ascon/ascon-file-encrypt.c
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,10 @@
#include <wolfssl/wolfcrypt/random.h>
#include <wolfssl/wolfcrypt/pwdbased.h>

#ifndef HAVE_ASCON
#error "Please build wolfSSL with the --enable-ascon option"
#endif

#define ASCON_AEAD128_RATE 16
#define SALT_SIZE 8
#define AD_SIZE 32
Expand Down Expand Up @@ -304,6 +308,7 @@ int AsconDecrypt(wc_AsconCtx* ctx)
int chunk_read = BLOCK_SIZE;
int i = 0;
long j;
byte* decryptedBuf = NULL;

/* read the file header and extract salt, nonce, and tag */
if (fread(ctx->cipherText, 1, FILE_HEADER_SIZE, ctx->inFile) != FILE_HEADER_SIZE) {
Expand Down Expand Up @@ -353,36 +358,60 @@ int AsconDecrypt(wc_AsconCtx* ctx)
/* Start decrypting ciphertext */
ctx->inFileLength -= FILE_HEADER_SIZE;

/* Buffer the decrypted plaintext in memory instead of writing it
* to disk as it is produced: it is unauthenticated until
* DecryptFinal() verifies the tag below, so it must not be
* released to the output file before that check passes. */
decryptedBuf = (byte*)malloc(ctx->inFileLength > 0 ? ctx->inFileLength : 1);
if (decryptedBuf == NULL) {
printf("ERROR: Failed to allocate decrypted output buffer\n");
return ERROR;
}

for (j = 0; j <= ctx->inFileLength; j += BLOCK_SIZE) {
if (chunk_read > ctx->inFileLength - j) {
chunk_read = ctx->inFileLength - j;
}

if (fread(ctx->cipherText, 1, chunk_read, ctx->inFile) != chunk_read) {
printf("ERROR: Failed to read the appropriate amount\n");
memset(decryptedBuf, 0, ctx->inFileLength);
free(decryptedBuf);
return ERROR;
}

/* decrypts chunk read */
if (wc_AsconAEAD128_DecryptUpdate(ctx->ascon, ctx->plainText, ctx->cipherText, chunk_read) != SUCCESS) {
printf("Decrypt update failed.\n");
memset(decryptedBuf, 0, ctx->inFileLength);
free(decryptedBuf);
return ERROR;
}

/* write plaintext to output file */
if (fwrite(ctx->plainText, 1, chunk_read, ctx->outFile) != chunk_read) {
printf("ERROR: Failed to write the appropriate amount\n");
return ERROR;
}

memcpy(decryptedBuf + j, ctx->plainText, chunk_read);
}

/* Finalize decryption and verify tag */
/* Finalize decryption and verify tag before releasing any
* plaintext to disk. */
if (wc_AsconAEAD128_DecryptFinal(ctx->ascon, tag) != SUCCESS) {
printf("Decrypt final failed.\n");
memset(decryptedBuf, 0, ctx->inFileLength);
free(decryptedBuf);
return ERROR;
}

/* Tag verified: only now is it safe to write the plaintext out. */
if (fwrite(decryptedBuf, 1, ctx->inFileLength, ctx->outFile) !=
(size_t)ctx->inFileLength) {
printf("ERROR: Failed to write the appropriate amount\n");
memset(decryptedBuf, 0, ctx->inFileLength);
free(decryptedBuf);
return ERROR;
}

memset(decryptedBuf, 0, ctx->inFileLength);
free(decryptedBuf);

} else {
printf("Invalid length of input file\n");
return ERROR;
Expand Down
2 changes: 1 addition & 1 deletion dtls/server-dtls13.c
Original file line number Diff line number Diff line change
Expand Up @@ -152,7 +152,7 @@ int main(int argc, char** argv)

if (wolfSSL_set_fd(ssl, listenfd) != WOLFSSL_SUCCESS) {
fprintf(stderr, "wolfSSL_set_fd error.\n");
break;
goto cleanup;
}

if (wolfSSL_accept(ssl) != WOLFSSL_SUCCESS) {
Expand Down
1 change: 1 addition & 0 deletions hash/sha256-hash.c
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,7 @@ int main(int argc, char** argv)
if (ret != 0) {
printf("Failed to initialize sha structure\n");
fclose(inputStream);
return ret;
}

/* Loop reading a block at a time, finishing with any excess */
Expand Down
1 change: 1 addition & 0 deletions hash/sha3-256-hash.c
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,7 @@ int main(int argc, char** argv)
if (ret != 0) {
printf("Failed to initialize sha structure\n");
fclose(inputStream);
return ret;
}

/* Loop reading a block at a time, finishing with any excess */
Expand Down
1 change: 1 addition & 0 deletions hash/sha512-hash.c
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,7 @@ int main(int argc, char** argv)
if (ret != 0) {
printf("Failed to initialize sha structure\n");
fclose(inputStream);
return ret;
}

/* Loop reading a block at a time, finishing with any excess */
Expand Down
29 changes: 27 additions & 2 deletions pk/ecc/ecc_keys.c
Original file line number Diff line number Diff line change
Expand Up @@ -51,19 +51,33 @@ int main()
FILE* derFile;
size_t sz;

wc_InitRng(&rng);
wc_ecc_init(&key);
ret = wc_InitRng(&rng);
if (ret != 0) {
printf("error %d initializing rng\n", ret);
return ret;
}

ret = wc_ecc_init(&key);
if (ret != 0) {
printf("error %d initializing ecc key\n", ret);
wc_FreeRng(&rng);
return ret;
}

ret = wc_ecc_make_key_ex(&rng, ECC_CURVE_SZ, &key, ECC_CURVE_ID);
if (ret != 0) {
printf("error %d making ecc key\n", ret);
wc_ecc_free(&key);
wc_FreeRng(&rng);
return ret;
}

/* write private key */
ret = wc_EccKeyToDer(&key, der, sizeof(der));
if (ret < 0) {
printf("error %d in ecc to der\n", ret);
wc_ecc_free(&key);
wc_FreeRng(&rng);
return ret;
}
sz = ret;
Expand All @@ -72,6 +86,8 @@ int main()
derFile = fopen("ecc-key.der", "w");
if (!derFile) {
printf("error loading file\n");
wc_ecc_free(&key);
wc_FreeRng(&rng);
return -1;
}

Expand All @@ -84,6 +100,7 @@ int main()
derFile = fopen("ecc-key.der", "rb");
if (!derFile) {
printf("error reading from file\n");
wc_FreeRng(&rng);
return -1;
}
sz = fread(buf, 1, sizeof(buf), derFile);
Expand All @@ -95,6 +112,8 @@ int main()
idx = 0;
if (wc_EccPrivateKeyDecode(buf, &idx, &key, (word32)sz) != 0) {
printf("error decoding private key\n");
wc_ecc_free(&key);
wc_FreeRng(&rng);
return -1;
}
wc_ecc_free(&key);
Expand All @@ -113,6 +132,8 @@ int main()
ret = wc_ecc_make_key_ex(&rng, ECC_CURVE_SZ, &key, ECC_CURVE_ID);
if (ret != 0) {
printf("error %d making ecc key\n", ret);
wc_ecc_free(&key);
wc_FreeRng(&rng);
return ret;
}

Expand All @@ -121,13 +142,17 @@ int main()
sz = sizeof(buf);
if (wc_ecc_export_x963(&key, buf, (word32*)&sz) != 0) {
printf("error exporting public ecc key\n");
wc_ecc_free(&key);
wc_FreeRng(&rng);
return -1;
}

printf("storing public key into ecc-public.x963 (%d bytes)\n", (int)sz);
derFile = fopen("ecc-public.x963", "w"); /* reused the derFile pointer */
if (!derFile) {
printf("error loading file\n");
wc_ecc_free(&key);
wc_FreeRng(&rng);
return -1;
}
fwrite(buf, 1, sz, derFile);
Expand Down
Loading