Add tests for Fenrir fix validation

Author: JeremiahM37

test/test_aestag.c

@@ -1196,6 +1196,117 @@ int test_aes128_gcm_set_iv_inv(void *data)
                                     EVP_GCM_TLS_FIXED_IV_LEN, 12);
 }
 
+/******************************************************************************/
+
+/**
+ * Test GCM decrypt init with key only (NULL IV), then set IV via params.
+ * Without the F-175 fix, this would crash with a NULL pointer dereference
+ * under WOLFSSL_AESGCM_STREAM.
+ */
+static int test_gcm_key_then_iv_helper(OSSL_LIB_CTX *libCtx)
+{
+    int err;
+    EVP_CIPHER_CTX *encCtx = NULL;
+    EVP_CIPHER_CTX *decCtx = NULL;
+    EVP_CIPHER *cipher = NULL;
+    unsigned char key[16];
+    unsigned char iv[12];
+    unsigned char msg[] = "GCM key-then-iv test";
+    unsigned char aad[] = "additional data";
+    unsigned char enc[sizeof(msg) + 16];
+    unsigned char dec[sizeof(msg) + 16];
+    unsigned char tag[16];
+    int encLen = 0;
+    int decLen = 0;
+    int fLen = 0;
+
+    RAND_bytes(key, sizeof(key));
+    RAND_bytes(iv, sizeof(iv));
+
+    err = (cipher = EVP_CIPHER_fetch(libCtx, "AES-128-GCM", "")) == NULL;
+
+    /* Encrypt normally to produce ciphertext + tag */
+    if (err == 0) {
+        err = (encCtx = EVP_CIPHER_CTX_new()) == NULL;
+    }
+    if (err == 0) {
+        err = EVP_EncryptInit(encCtx, cipher, key, iv) != 1;
+    }
+    if (err == 0) {
+        err = EVP_EncryptUpdate(encCtx, NULL, &encLen, aad,
+            sizeof(aad)) != 1;
+    }
+    if (err == 0) {
+        err = EVP_EncryptUpdate(encCtx, enc, &encLen, msg,
+            sizeof(msg)) != 1;
+    }
+    if (err == 0) {
+        err = EVP_EncryptFinal_ex(encCtx, enc + encLen, &fLen) != 1;
+    }
+    if (err == 0) {
+        err = EVP_CIPHER_CTX_ctrl(encCtx, EVP_CTRL_AEAD_GET_TAG, sizeof(tag),
+            tag) != 1;
+    }
+    EVP_CIPHER_CTX_free(encCtx);
+
+    /* Decrypt with key-only init, then set IV separately */
+    if (err == 0) {
+        err = (decCtx = EVP_CIPHER_CTX_new()) == NULL;
+    }
+    if (err == 0) {
+        /* Init with key but NULL IV */
+        err = EVP_DecryptInit_ex(decCtx, cipher, NULL, key, NULL) != 1;
+    }
+    if (err == 0) {
+        /* Set IV via ctrl */
+        err = EVP_CIPHER_CTX_ctrl(decCtx, EVP_CTRL_AEAD_SET_IVLEN,
+            sizeof(iv), NULL) != 1;
+    }
+    if (err == 0) {
+        err = EVP_DecryptInit_ex(decCtx, NULL, NULL, NULL, iv) != 1;
+    }
+    if (err == 0) {
+        err = EVP_CIPHER_CTX_ctrl(decCtx, EVP_CTRL_AEAD_SET_TAG, sizeof(tag),
+            tag) != 1;
+    }
+    if (err == 0) {
+        err = EVP_DecryptUpdate(decCtx, NULL, &decLen, aad,
+            sizeof(aad)) != 1;
+    }
+    if (err == 0) {
+        err = EVP_DecryptUpdate(decCtx, dec, &decLen, enc, encLen) != 1;
+    }
+    if (err == 0) {
+        err = EVP_DecryptFinal_ex(decCtx, dec + decLen, &fLen) != 1;
+    }
+    if (err == 0) {
+        if (decLen != (int)sizeof(msg) ||
+            memcmp(dec, msg, sizeof(msg)) != 0) {
+            PRINT_ERR_MSG("GCM key-then-iv decrypt mismatch");
+            err = 1;
+        }
+    }
+
+    EVP_CIPHER_CTX_free(decCtx);
+    EVP_CIPHER_free(cipher);
+    return err;
+}
+
+int test_aes128_gcm_key_then_iv(void *data)
+{
+    int err;
+
+    (void)data;
+
+    PRINT_MSG("GCM key-then-iv with OpenSSL");
+    err = test_gcm_key_then_iv_helper(osslLibCtx);
+    if (err == 0) {
+        PRINT_MSG("GCM key-then-iv with wolfProvider");
+        err = test_gcm_key_then_iv_helper(wpLibCtx);
+    }
+    return err;
+}
+
 #endif /* WP_HAVE_AESGCM */
 
 /******************************************************************************/

test/test_cipher.c

@@ -1326,4 +1326,108 @@ int test_aes256_cbc_multiple(void *data)
 
     return err;
 }
+
+/******************************************************************************/
+
+/**
+ * Test AES-CBC encrypt/decrypt roundtrip with a large buffer processed in
+ * multiple update calls. Validates the chunked loop path in
+ * wp_aes_block_doit (F-1641).
+ */
+static int test_aes_cbc_large_update_helper(OSSL_LIB_CTX *libCtx)
+{
+    int err;
+    EVP_CIPHER_CTX *ctx = NULL;
+    EVP_CIPHER *cipher = NULL;
+    unsigned char key[32];
+    unsigned char iv[16];
+    unsigned char plain[8192];
+    unsigned char enc[8192 + 16];
+    unsigned char dec[8192 + 16];
+    int outLen;
+    int fLen;
+    int totalEnc = 0;
+    int totalDec = 0;
+    size_t i;
+
+    RAND_bytes(key, sizeof(key));
+    RAND_bytes(iv, sizeof(iv));
+    RAND_bytes(plain, sizeof(plain));
+
+    err = (cipher = EVP_CIPHER_fetch(libCtx, "AES-256-CBC", "")) == NULL;
+
+    /* Encrypt in 1024-byte chunks */
+    if (err == 0) {
+        err = (ctx = EVP_CIPHER_CTX_new()) == NULL;
+    }
+    if (err == 0) {
+        err = EVP_EncryptInit(ctx, cipher, key, iv) != 1;
+    }
+    if (err == 0) {
+        err = EVP_CIPHER_CTX_set_padding(ctx, 0) != 1;
+    }
+    for (i = 0; err == 0 && i < sizeof(plain); i += 1024) {
+        err = EVP_EncryptUpdate(ctx, enc + totalEnc, &outLen,
+            plain + i, 1024) != 1;
+        if (err == 0) {
+            totalEnc += outLen;
+        }
+    }
+    if (err == 0) {
+        err = EVP_EncryptFinal_ex(ctx, enc + totalEnc, &fLen) != 1;
+        totalEnc += fLen;
+    }
+    EVP_CIPHER_CTX_free(ctx);
+    ctx = NULL;
+
+    /* Decrypt in 1024-byte chunks */
+    if (err == 0) {
+        err = (ctx = EVP_CIPHER_CTX_new()) == NULL;
+    }
+    if (err == 0) {
+        err = EVP_DecryptInit(ctx, cipher, key, iv) != 1;
+    }
+    if (err == 0) {
+        err = EVP_CIPHER_CTX_set_padding(ctx, 0) != 1;
+    }
+    for (i = 0; err == 0 && (int)i < totalEnc; i += 1024) {
+        int chunk = (totalEnc - (int)i < 1024) ? totalEnc - (int)i : 1024;
+        err = EVP_DecryptUpdate(ctx, dec + totalDec, &outLen,
+            enc + i, chunk) != 1;
+        if (err == 0) {
+            totalDec += outLen;
+        }
+    }
+    if (err == 0) {
+        err = EVP_DecryptFinal_ex(ctx, dec + totalDec, &fLen) != 1;
+        totalDec += fLen;
+    }
+    if (err == 0) {
+        if (totalDec != (int)sizeof(plain) ||
+            memcmp(dec, plain, sizeof(plain)) != 0) {
+            PRINT_ERR_MSG("AES-CBC large update decrypt mismatch");
+            err = 1;
+        }
+    }
+
+    EVP_CIPHER_CTX_free(ctx);
+    EVP_CIPHER_free(cipher);
+    return err;
+}
+
+int test_aes_cbc_large_update(void *data)
+{
+    int err;
+
+    (void)data;
+
+    PRINT_MSG("AES-CBC large update with OpenSSL");
+    err = test_aes_cbc_large_update_helper(osslLibCtx);
+    if (err == 0) {
+        PRINT_MSG("AES-CBC large update with wolfProvider");
+        err = test_aes_cbc_large_update_helper(wpLibCtx);
+    }
+    return err;
+}
+
 #endif /* WP_HAVE_AESCBC */

test/test_cmac.c

@@ -257,5 +257,106 @@ int test_cmac_create(void *data)
     return ret;
 }
 
+/******************************************************************************/
+
+/**
+ * Test that CMAC produces consistent results when data is fed in many small
+ * updates vs. a single large update. Exercises the chunked update path
+ * (F-1640).
+ */
+static int test_cmac_multi_update_helper(OSSL_LIB_CTX *libCtx)
+{
+    int err;
+    EVP_MAC *emac = NULL;
+    EVP_MAC_CTX *ctx = NULL;
+    OSSL_PARAM params[3];
+    char cipher[] = "AES-256-CBC";
+    unsigned char key[32] = {
+        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
+    };
+    unsigned char data[2048];
+    unsigned char macOne[16];
+    unsigned char macMulti[16];
+    size_t macOneSz = sizeof(macOne);
+    size_t macMultiSz = sizeof(macMulti);
+    size_t i;
+
+    RAND_bytes(data, sizeof(data));
+
+    params[0] = OSSL_PARAM_construct_utf8_string(OSSL_MAC_PARAM_CIPHER,
+        cipher, 0);
+    params[1] = OSSL_PARAM_construct_octet_string(OSSL_MAC_PARAM_KEY,
+        (void *)key, sizeof(key));
+    params[2] = OSSL_PARAM_construct_end();
+
+    err = (emac = EVP_MAC_fetch(libCtx, "CMAC", NULL)) == NULL;
+
+    /* Single update */
+    if (err == 0) {
+        err = (ctx = EVP_MAC_CTX_new(emac)) == NULL;
+    }
+    if (err == 0) {
+        err = EVP_MAC_CTX_set_params(ctx, params) != 1;
+    }
+    if (err == 0) {
+        err = EVP_MAC_init(ctx, NULL, 0, NULL) != 1;
+    }
+    if (err == 0) {
+        err = EVP_MAC_update(ctx, data, sizeof(data)) != 1;
+    }
+    if (err == 0) {
+        err = EVP_MAC_final(ctx, macOne, &macOneSz, sizeof(macOne)) != 1;
+    }
+    EVP_MAC_CTX_free(ctx);
+    ctx = NULL;
+
+    /* Many small updates (16 bytes each — one AES block) */
+    if (err == 0) {
+        err = (ctx = EVP_MAC_CTX_new(emac)) == NULL;
+    }
+    if (err == 0) {
+        err = EVP_MAC_CTX_set_params(ctx, params) != 1;
+    }
+    if (err == 0) {
+        err = EVP_MAC_init(ctx, NULL, 0, NULL) != 1;
+    }
+    for (i = 0; err == 0 && i < sizeof(data); i += 16) {
+        err = EVP_MAC_update(ctx, data + i, 16) != 1;
+    }
+    if (err == 0) {
+        err = EVP_MAC_final(ctx, macMulti, &macMultiSz,
+            sizeof(macMulti)) != 1;
+    }
+    if (err == 0) {
+        if (macOneSz != macMultiSz ||
+            memcmp(macOne, macMulti, macOneSz) != 0) {
+            PRINT_ERR_MSG("Multi-update CMAC doesn't match single update");
+            err = 1;
+        }
+    }
+
+    EVP_MAC_CTX_free(ctx);
+    EVP_MAC_free(emac);
+    return err;
+}
+
+int test_cmac_multi_update(void *data)
+{
+    int err;
+
+    (void)data;
+
+    PRINT_MSG("CMAC multi-update with OpenSSL");
+    err = test_cmac_multi_update_helper(osslLibCtx);
+    if (err == 0) {
+        PRINT_MSG("CMAC multi-update with wolfProvider");
+        err = test_cmac_multi_update_helper(wpLibCtx);
+    }
+    return err;
+}
+
 #endif /* WP_HAVE_CMAC */