Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion TOPPERS/WolfSSLDemo/src/wolfDemo/wolf_client.c
Original file line number Diff line number Diff line change
Expand Up @@ -149,7 +149,7 @@ int wolfSSL_TLS_client(void *v_ctx, func_args *args)
}

if ((ssl = wolfSSL_new(ctx)) == NULL) {
printf("ERROR wolfSSL_new: %d\n", wolfSSL_get_error(ssl, 0));
printf("ERROR wolfSSL_new failed\n");
ret = -1;
goto exit_;
}
Expand Down
1 change: 1 addition & 0 deletions btle/ecies/ecc-client.c
Original file line number Diff line number Diff line change
Expand Up @@ -140,6 +140,7 @@ int main(int argc, char** argv)
ret = btle_recv(peerSalt, EXCHANGE_SALT_SZ, &type, devCtx);
if (ret <= 0) {
printf("btle_recv failed %d!\n", ret);
goto cleanup;
}
if (type != BTLE_PKT_TYPE_SALT) {
printf("btle_recv expected salt!\n");
Expand Down
11 changes: 11 additions & 0 deletions can-bus/common.c
Original file line number Diff line number Diff line change
Expand Up @@ -178,6 +178,11 @@ int setup_ssl(enum service_type type, WOLFSSL_CTX **new_ctx,
WOLFSSL* ssl = NULL;
char *receive_buffer = malloc(ISOTP_DEFAULT_BUFFER_SIZE);

if (!receive_buffer) {
fprintf(stderr, "Could not allocate receive buffer\n");
return -1;
}

if (type == SERVICE_TYPE_CLIENT) {
method = wolfTLSv1_3_client_method();
} else {
Expand All @@ -186,13 +191,15 @@ int setup_ssl(enum service_type type, WOLFSSL_CTX **new_ctx,

if (!method) {
fprintf(stderr, "Could not init wolfSSL method\n");
free(receive_buffer);
return -1;
}

ctx = wolfSSL_CTX_new(method);
if (!ctx) {
fprintf(stderr, "Could not init wolfSSL context\n");
close_ssl(NULL, NULL);
free(receive_buffer);
return -1;
}

Expand All @@ -209,6 +216,7 @@ int setup_ssl(enum service_type type, WOLFSSL_CTX **new_ctx,
fprintf(stderr, "ERROR: failed to load cert, "
"please check the file.\n");
close_ssl(ctx, NULL);
free(receive_buffer);
return -1;
}

Expand All @@ -218,6 +226,7 @@ int setup_ssl(enum service_type type, WOLFSSL_CTX **new_ctx,
fprintf(stderr, "ERROR: failed to load key file, "
"please check the file.\n");
close_ssl(ctx, NULL);
free(receive_buffer);
return -1;
}
}
Expand All @@ -226,6 +235,7 @@ int setup_ssl(enum service_type type, WOLFSSL_CTX **new_ctx,
if (!ssl) {
fprintf(stderr, "Could not init wolfSSL\n");
close_ssl(ctx, NULL);
free(receive_buffer);
return -1;
}

Expand All @@ -246,6 +256,7 @@ int setup_ssl(enum service_type type, WOLFSSL_CTX **new_ctx,
fprintf(stderr, "ERROR: failed to connect using wolfSSL: %d, %s\n",
err, wolfSSL_ERR_error_string(err, buffer));
close_ssl(ctx, ssl);
free(receive_buffer);
return -1;
}
*new_ctx = ctx;
Expand Down
13 changes: 9 additions & 4 deletions certgen/csr_cryptocb.c
Original file line number Diff line number Diff line change
Expand Up @@ -310,6 +310,8 @@ static int gen_csr(const char* arg1)
#endif
void* keyPtr = NULL;
WC_RNG rng;
int initRng = 0;
int initKey = 0;
Cert req;
byte der[LARGE_TEMP_SZ];
word32 derSz;
Expand Down Expand Up @@ -342,6 +344,7 @@ static int gen_csr(const char* arg1)
printf("RNG initialization failed: %d\n", ret);
goto exit;
}
initRng = 1;

/* setup test key */
#ifdef HAVE_ECC
Expand Down Expand Up @@ -394,6 +397,7 @@ static int gen_csr(const char* arg1)
printf("Key initialization failed: %d\n", ret);
goto exit;
}
initKey = 1;

/* decode public key */
#ifdef HAVE_ECC
Expand Down Expand Up @@ -467,18 +471,19 @@ static int gen_csr(const char* arg1)

exit:
#ifdef HAVE_ECC
if (type == ECC_TYPE)
if (type == ECC_TYPE && initKey)
wc_ecc_free(&ecKeyPub);
#endif
#ifndef NO_RSA
if (type == RSA_TYPE)
if (type == RSA_TYPE && initKey)
wc_FreeRsaKey(&rsaKeyPub);
#endif
#ifdef HAVE_ED25519
if (type == ED25519_TYPE)
if (type == ED25519_TYPE && initKey)
wc_ed25519_free(&edKeyPub);
#endif
wc_FreeRng(&rng);
if (initRng)
wc_FreeRng(&rng);

wolfCrypt_Cleanup();

Expand Down
12 changes: 10 additions & 2 deletions certgen/csr_sign.c
Original file line number Diff line number Diff line change
Expand Up @@ -179,11 +179,19 @@ static int do_csrsign(int argc, char** argv)
printf("Successfully read %d bytes from %s\n\n", pemSz, csrPemFile);

ret = wc_CertPemToDer(pemBuf, pemSz, derBuf, LARGE_TEMP_SZ, CERTREQ_TYPE);
if (ret >= 0) {
if (ret == ASN_NO_PEM_HEADER) {
memcpy(derBuf, pemBuf, pemSz);
memset(pemBuf, 0, LARGE_TEMP_SZ);
derSz = pemSz;
ret = 0;
printf("CSR Cert file detected as DER\n\n");
} else if (ret >= 0) {
derSz = ret;
ret = 0;
printf("Converted CSR Cert PEM to DER %d bytes\n", derSz);
} else {
goto exit;
}
printf("Converted CSR Cert PEM to DER %d bytes\n", derSz);

#ifdef HAVE_DECODEDCERT
/* Code for parsing a CSR to a DecodedCert struct */
Expand Down
2 changes: 1 addition & 1 deletion certgen/custom_ext.c
Original file line number Diff line number Diff line change
Expand Up @@ -131,7 +131,7 @@ static int do_certgen(int argc, char** argv)
if (ret != 0) goto exit;
initNewKey = 1;

wc_MakeRsaKey(&newKey, 2048, WC_RSA_EXPONENT, &rng);
ret = wc_MakeRsaKey(&newKey, 2048, WC_RSA_EXPONENT, &rng);
if (ret != 0) goto exit;

printf("Successfully created new RSA key\n\n");
Expand Down
35 changes: 27 additions & 8 deletions crypto/aes/aesgcm-file-encrypt.c
Original file line number Diff line number Diff line change
Expand Up @@ -442,9 +442,17 @@ int decrypt_file_AesGCM(const char *in_file, const char *out_file,
}

if (ret == 0) {
/* The tag param is used to compare to the
/* The tag param is used to compare to the
calculated tag during decryption */
ret = wc_AesGcmDecryptFinal(&gcm, tag, AESGCM_TAG_SIZE);
if (ret != 0) {
/* Authentication failed. The unauthenticated plaintext
* written above must not be left readable on disk, so
* remove the partially written output file. */
fprintf(stderr,
"Authentication failed, removing unverified output file\n");
unlink(out_file);
}
}
exit:
free(in_buf);
Expand Down Expand Up @@ -675,11 +683,13 @@ int decrypt_file(const char *in_file, const char *out_file, const char *key_str)
ctx = EVP_CIPHER_CTX_new();
if (ctx == NULL) {
perror("EVP_CIPHER_CTX_new");
ret = -1;
goto exit;
}
if (EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, key, iv) !=
WOLFSSL_SUCCESS) {
perror("EVP_DecryptInit_ex");
ret = -1;
goto exit;
}
while (1) {
Expand All @@ -689,7 +699,8 @@ int decrypt_file(const char *in_file, const char *out_file, const char *key_str)

if (EVP_DecryptUpdate(ctx, out_buf, &out_len, in_buf, in_len) !=
WOLFSSL_SUCCESS) {
perror("EVP_DecryptInit_ex");
perror("EVP_DecryptUpdate");
ret = -1;
goto exit;
}
if (write(out_fd, out_buf, out_len) != out_len) {
Expand All @@ -702,10 +713,13 @@ int decrypt_file(const char *in_file, const char *out_file, const char *key_str)
if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, AES_IV_SIZE, tag_enc)
!= WOLFSSL_SUCCESS) {
perror("EVP_CIPHER_CTX_ctrl");
ret = -1;
goto exit;
}
if (EVP_DecryptFinal_ex(ctx, out_buf, &out_len) != WOLFSSL_SUCCESS) {
perror("EVP_DecryptInit_ex");
fprintf(stderr,
"Authentication failed, removing unverified output file\n");
ret = -1;
goto exit;
}
if (write(out_fd, out_buf, out_len) != out_len) {
Expand All @@ -717,10 +731,12 @@ int decrypt_file(const char *in_file, const char *out_file, const char *key_str)
if (ret == WOLFSSL_SUCCESS) {
ret = EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG,
AES_IV_SIZE, tag_dec);
if (ret == WOLFSSL_SUCCESS &&
if (ret != WOLFSSL_SUCCESS ||
(memcmp(tag_enc, tag_dec, AESGCM_TAG_SIZE) != 0)) {
perror("TAG didn't match\n");
exit(EXIT_FAILURE);
fprintf(stderr,
"Authentication failed, removing unverified output file\n");
ret = -1;
goto exit;
}
}
printf("File decryption with EVP GCM complete.\n");
Expand All @@ -729,6 +745,9 @@ int decrypt_file(const char *in_file, const char *out_file, const char *key_str)
EVP_CIPHER_CTX_free(ctx);
close(in_fd);
close(out_fd);
if (ret != WOLFSSL_SUCCESS) {
unlink(out_file);
}
return ret;
}
#endif
Expand Down Expand Up @@ -771,11 +790,11 @@ text.bin", (file_sz/1024)+1, file_sz);
pclose(pipe);

#ifdef OPENSSL_EXTRA
const char *cmd_enc_evp ="./aesgcm-file-encrypt -e 256 -m 1 \
const char *cmd_enc_evp ="./aesgcm-file-encrypt -e 256 -m 2 \
-k 77CF00EC060192530B5D06B6B426799B \
-v 77CF00EC060192530B5D06B6B426799B \
-i text.bin -o text2cipher.evp.bin";
const char *cmd_dec_evp ="./aesgcm-file-encrypt -d 256 -m 1 \
const char *cmd_dec_evp ="./aesgcm-file-encrypt -d 256 -m 2 \
-k 77CF00EC060192530B5D06B6B426799B \
-i text2cipher.evp.bin -o text2cipher2text.evp.bin";
const char *cmd_diff_evp = "diff -q text.bin text2cipher2text.evp.bin";
Expand Down
43 changes: 36 additions & 7 deletions crypto/ascon/ascon-file-encrypt.c
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,10 @@
#include <wolfssl/wolfcrypt/random.h>
#include <wolfssl/wolfcrypt/pwdbased.h>

#ifndef HAVE_ASCON
#error "Please build wolfSSL with the --enable-ascon option"
#endif

#define ASCON_AEAD128_RATE 16
#define SALT_SIZE 8
#define AD_SIZE 32
Expand Down Expand Up @@ -304,6 +308,7 @@ int AsconDecrypt(wc_AsconCtx* ctx)
int chunk_read = BLOCK_SIZE;
int i = 0;
long j;
byte* decryptedBuf = NULL;

/* read the file header and extract salt, nonce, and tag */
if (fread(ctx->cipherText, 1, FILE_HEADER_SIZE, ctx->inFile) != FILE_HEADER_SIZE) {
Expand Down Expand Up @@ -353,36 +358,60 @@ int AsconDecrypt(wc_AsconCtx* ctx)
/* Start decrypting ciphertext */
ctx->inFileLength -= FILE_HEADER_SIZE;

/* Buffer the decrypted plaintext in memory instead of writing it
* to disk as it is produced: it is unauthenticated until
* DecryptFinal() verifies the tag below, so it must not be
* released to the output file before that check passes. */
decryptedBuf = (byte*)malloc(ctx->inFileLength > 0 ? ctx->inFileLength : 1);
if (decryptedBuf == NULL) {
printf("ERROR: Failed to allocate decrypted output buffer\n");
return ERROR;
}

for (j = 0; j <= ctx->inFileLength; j += BLOCK_SIZE) {
if (chunk_read > ctx->inFileLength - j) {
chunk_read = ctx->inFileLength - j;
}

if (fread(ctx->cipherText, 1, chunk_read, ctx->inFile) != chunk_read) {
printf("ERROR: Failed to read the appropriate amount\n");
memset(decryptedBuf, 0, ctx->inFileLength);
free(decryptedBuf);
return ERROR;
}

/* decrypts chunk read */
if (wc_AsconAEAD128_DecryptUpdate(ctx->ascon, ctx->plainText, ctx->cipherText, chunk_read) != SUCCESS) {
printf("Decrypt update failed.\n");
memset(decryptedBuf, 0, ctx->inFileLength);
free(decryptedBuf);
return ERROR;
}

/* write plaintext to output file */
if (fwrite(ctx->plainText, 1, chunk_read, ctx->outFile) != chunk_read) {
printf("ERROR: Failed to write the appropriate amount\n");
return ERROR;
}

memcpy(decryptedBuf + j, ctx->plainText, chunk_read);
}

/* Finalize decryption and verify tag */
/* Finalize decryption and verify tag before releasing any
* plaintext to disk. */
if (wc_AsconAEAD128_DecryptFinal(ctx->ascon, tag) != SUCCESS) {
printf("Decrypt final failed.\n");
memset(decryptedBuf, 0, ctx->inFileLength);
free(decryptedBuf);
return ERROR;
}

/* Tag verified: only now is it safe to write the plaintext out. */
if (fwrite(decryptedBuf, 1, ctx->inFileLength, ctx->outFile) !=
(size_t)ctx->inFileLength) {
printf("ERROR: Failed to write the appropriate amount\n");
memset(decryptedBuf, 0, ctx->inFileLength);
free(decryptedBuf);
return ERROR;
}

memset(decryptedBuf, 0, ctx->inFileLength);
free(decryptedBuf);

} else {
printf("Invalid length of input file\n");
return ERROR;
Expand Down
9 changes: 8 additions & 1 deletion dtls/client-dtls-import.c
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,7 @@ int main(int argc, char** argv)
unsigned char* sessionBuf = NULL;
unsigned int sessionSz = 0;
int n;
int err_occurred = 0;

/* Program argument checking */
if (argc < 2 || argc > 3) {
Expand Down Expand Up @@ -149,6 +150,8 @@ int main(int argc, char** argv)
int err = wolfSSL_get_error(ssl, ret);
fprintf(stderr, "Error: wolfSSL_write failed: %d (%s)\n",
err, wolfSSL_ERR_reason_error_string(err));
ret = (ret != 0) ? ret : -1;
err_occurred = 1;
break;
}
printf("Sent: %s", sendLine);
Expand All @@ -164,14 +167,18 @@ int main(int argc, char** argv)
if (err != SSL_ERROR_WANT_READ) {
fprintf(stderr, "Error: wolfSSL_read failed: %d (%s)\n",
err, wolfSSL_ERR_reason_error_string(err));
ret = (n != 0) ? n : -1;
err_occurred = 1;
break;
}
}

printf("\nEnter message (or 'quit' to exit):\n");
}

ret = 0;
if (!err_occurred) {
ret = 0;
}

cleanup:
if (sessionBuf != NULL) free(sessionBuf);
Expand Down
Loading