diff --git a/ctaocrypt/src/hmac.c b/ctaocrypt/src/hmac.c index f4ffd5541..ce4b5aedf 100644 --- a/ctaocrypt/src/hmac.c +++ b/ctaocrypt/src/hmac.c @@ -43,6 +43,11 @@ #endif +#ifdef HAVE_FIPS + /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */ + #define FIPS_NO_WRAPPERS +#endif + #include #include @@ -288,7 +293,7 @@ static void HmacKeyInnerHash(Hmac* hmac) } -void HmacUpdate(Hmac* hmac, const byte* msg, word32 length) +int HmacUpdate(Hmac* hmac, const byte* msg, word32 length) { #ifdef HAVE_CAVIUM if (hmac->magic == CYASSL_HMAC_CAVIUM_MAGIC) @@ -339,10 +344,11 @@ void HmacUpdate(Hmac* hmac, const byte* msg, word32 length) break; } + return 0; } -void HmacFinal(Hmac* hmac, byte* hash) +int HmacFinal(Hmac* hmac, byte* hash) { #ifdef HAVE_CAVIUM if (hmac->magic == CYASSL_HMAC_CAVIUM_MAGIC) @@ -445,6 +451,8 @@ void HmacFinal(Hmac* hmac, byte* hash) } hmac->innerHashKeyed = 0; + + return 0; } diff --git a/ctaocrypt/src/pwdbased.c b/ctaocrypt/src/pwdbased.c index b32fcd02c..a227661bb 100644 --- a/ctaocrypt/src/pwdbased.c +++ b/ctaocrypt/src/pwdbased.c @@ -122,7 +122,7 @@ int PBKDF2(byte* output, const byte* passwd, int pLen, const byte* salt, { word32 i = 1; int hLen; - int j; + int j, ret; Hmac hmac; byte buffer[MAX_DIGEST_SIZE]; @@ -145,7 +145,9 @@ int PBKDF2(byte* output, const byte* passwd, int pLen, const byte* salt, else return BAD_FUNC_ARG; - HmacSetKey(&hmac, hashType, passwd, pLen); + ret = HmacSetKey(&hmac, hashType, passwd, pLen); + if (ret != 0) + return ret; while (kLen) { int currentLen; diff --git a/ctaocrypt/test/test.c b/ctaocrypt/test/test.c index 734cdf868..b6b7d398b 100644 --- a/ctaocrypt/test/test.c +++ b/ctaocrypt/test/test.c @@ -1100,6 +1100,7 @@ int hmac_md5_test(void) testVector a, b, c; testVector test_hmac[3]; + int ret; int times = sizeof(test_hmac) / sizeof(testVector), i; a.input = "Hi There"; @@ -1134,7 +1135,9 @@ int hmac_md5_test(void) if (HmacInitCavium(&hmac, CAVIUM_DEV_ID) != 0) return -20009; #endif - HmacSetKey(&hmac, MD5, (byte*)keys[i], (word32)strlen(keys[i])); + ret = HmacSetKey(&hmac, MD5, (byte*)keys[i], (word32)strlen(keys[i])); + if (ret != 0) + return -4011; HmacUpdate(&hmac, (byte*)test_hmac[i].input, (word32)test_hmac[i].inLen); HmacFinal(&hmac, hash); @@ -1168,6 +1171,7 @@ int hmac_sha_test(void) testVector a, b, c; testVector test_hmac[3]; + int ret; int times = sizeof(test_hmac) / sizeof(testVector), i; a.input = "Hi There"; @@ -1202,7 +1206,9 @@ int hmac_sha_test(void) if (HmacInitCavium(&hmac, CAVIUM_DEV_ID) != 0) return -20010; #endif - HmacSetKey(&hmac, SHA, (byte*)keys[i], (word32)strlen(keys[i])); + ret = HmacSetKey(&hmac, SHA, (byte*)keys[i], (word32)strlen(keys[i])); + if (ret != 0) + return -4012; HmacUpdate(&hmac, (byte*)test_hmac[i].input, (word32)test_hmac[i].inLen); HmacFinal(&hmac, hash); @@ -1237,6 +1243,7 @@ int hmac_sha256_test(void) testVector a, b, c; testVector test_hmac[3]; + int ret; int times = sizeof(test_hmac) / sizeof(testVector), i; a.input = "Hi There"; @@ -1274,7 +1281,9 @@ int hmac_sha256_test(void) if (HmacInitCavium(&hmac, CAVIUM_DEV_ID) != 0) return -20011; #endif - HmacSetKey(&hmac, SHA256, (byte*)keys[i], (word32)strlen(keys[i])); + ret = HmacSetKey(&hmac, SHA256, (byte*)keys[i],(word32)strlen(keys[i])); + if (ret != 0) + return -4013; HmacUpdate(&hmac, (byte*)test_hmac[i].input, (word32)test_hmac[i].inLen); HmacFinal(&hmac, hash); @@ -1309,6 +1318,7 @@ int hmac_blake2b_test(void) testVector a, b, c; testVector test_hmac[3]; + int ret; int times = sizeof(test_hmac) / sizeof(testVector), i; a.input = "Hi There"; @@ -1346,7 +1356,10 @@ int hmac_blake2b_test(void) if (HmacInitCavium(&hmac, CAVIUM_DEV_ID) != 0) return -20011; #endif - HmacSetKey(&hmac, BLAKE2B_ID, (byte*)keys[i], (word32)strlen(keys[i])); + ret = HmacSetKey(&hmac, BLAKE2B_ID, (byte*)keys[i], + (word32)strlen(keys[i])); + if (ret != 0) + return -4014; HmacUpdate(&hmac, (byte*)test_hmac[i].input, (word32)test_hmac[i].inLen); HmacFinal(&hmac, hash); @@ -1381,6 +1394,7 @@ int hmac_sha384_test(void) testVector a, b, c; testVector test_hmac[3]; + int ret; int times = sizeof(test_hmac) / sizeof(testVector), i; a.input = "Hi There"; @@ -1415,7 +1429,9 @@ int hmac_sha384_test(void) test_hmac[2] = c; for (i = 0; i < times; ++i) { - HmacSetKey(&hmac, SHA384, (byte*)keys[i], (word32)strlen(keys[i])); + ret = HmacSetKey(&hmac, SHA384, (byte*)keys[i],(word32)strlen(keys[i])); + if (ret != 0) + return -4015; HmacUpdate(&hmac, (byte*)test_hmac[i].input, (word32)test_hmac[i].inLen); HmacFinal(&hmac, hash); @@ -1447,6 +1463,7 @@ int hmac_sha512_test(void) testVector a, b, c; testVector test_hmac[3]; + int ret; int times = sizeof(test_hmac) / sizeof(testVector), i; a.input = "Hi There"; @@ -1484,7 +1501,9 @@ int hmac_sha512_test(void) test_hmac[2] = c; for (i = 0; i < times; ++i) { - HmacSetKey(&hmac, SHA512, (byte*)keys[i], (word32)strlen(keys[i])); + ret = HmacSetKey(&hmac, SHA512, (byte*)keys[i],(word32)strlen(keys[i])); + if (ret != 0) + return -4016; HmacUpdate(&hmac, (byte*)test_hmac[i].input, (word32)test_hmac[i].inLen); HmacFinal(&hmac, hash); diff --git a/cyassl/ctaocrypt/hmac.h b/cyassl/ctaocrypt/hmac.h index 4666ade19..859ec7b68 100644 --- a/cyassl/ctaocrypt/hmac.h +++ b/cyassl/ctaocrypt/hmac.h @@ -151,9 +151,9 @@ typedef struct Hmac { /* does init */ -CYASSL_API int HmacSetKey(Hmac*, int type, const byte* key, word32 keySz); -CYASSL_API void HmacUpdate(Hmac*, const byte*, word32); -CYASSL_API void HmacFinal(Hmac*, byte*); +CYASSL_API int HmacSetKey(Hmac*, int type, const byte* key, word32 keySz); +CYASSL_API int HmacUpdate(Hmac*, const byte*, word32); +CYASSL_API int HmacFinal(Hmac*, byte*); #ifdef HAVE_CAVIUM CYASSL_API int HmacInitCavium(Hmac*, int); @@ -172,6 +172,23 @@ CYASSL_API int HKDF(int type, const byte* inKey, word32 inKeySz, #endif /* HAVE_HKDF */ + +#ifdef HAVE_FIPS + /* fips wrapper calls, user can call direct */ + CYASSL_API int HmacSetKey_fips(Hmac*, int type, const byte* key, + word32 keySz); + CYASSL_API int HmacUpdate_fips(Hmac*, const byte*, word32); + CYASSL_API int HmacFinal_fips(Hmac*, byte*); + #ifndef FIPS_NO_WRAPPERS + /* if not impl or fips.c impl wrapper force fips calls if fips build */ + #define HmacSetKey HmacSetKey_fips + #define HmacUpdate HmacUpdate_fips + #define HmacFinal HmacFinal_fips + #endif /* FIPS_NO_WRAPPERS */ + +#endif /* HAVE_FIPS */ + + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/cyassl/internal.h b/cyassl/internal.h index 0f4aa7e20..b426c5609 100644 --- a/cyassl/internal.h +++ b/cyassl/internal.h @@ -2072,7 +2072,7 @@ CYASSL_LOCAL void ShrinkOutputBuffer(CYASSL* ssl); CYASSL_LOCAL Signer* GetCAByName(void* cm, byte* hash); #endif #endif -CYASSL_LOCAL void BuildTlsFinished(CYASSL* ssl, Hashes* hashes, +CYASSL_LOCAL int BuildTlsFinished(CYASSL* ssl, Hashes* hashes, const byte* sender); CYASSL_LOCAL void FreeArrays(CYASSL* ssl, int keep); CYASSL_LOCAL int CheckAvailableSize(CYASSL *ssl, int size); diff --git a/cyassl/test.h b/cyassl/test.h index 77c6a0db8..dff9df896 100644 --- a/cyassl/test.h +++ b/cyassl/test.h @@ -1341,8 +1341,10 @@ static INLINE int myMacEncryptCb(CYASSL* ssl, unsigned char* macOut, /* hmac, not needed if aead mode */ CyaSSL_SetTlsHmacInner(ssl, myInner, macInSz, macContent, macVerify); - HmacSetKey(&hmac, CyaSSL_GetHmacType(ssl), + ret = HmacSetKey(&hmac, CyaSSL_GetHmacType(ssl), CyaSSL_GetMacSecret(ssl, macVerify), CyaSSL_GetHmacSize(ssl)); + if (ret != 0) + return ret; HmacUpdate(&hmac, myInner, sizeof(myInner)); HmacUpdate(&hmac, macIn, macInSz); HmacFinal(&hmac, macOut); @@ -1448,8 +1450,10 @@ static INLINE int myDecryptVerifyCb(CYASSL* ssl, CyaSSL_SetTlsHmacInner(ssl, myInner, macInSz, macContent, macVerify); - HmacSetKey(&hmac, CyaSSL_GetHmacType(ssl), + ret = HmacSetKey(&hmac, CyaSSL_GetHmacType(ssl), CyaSSL_GetMacSecret(ssl, macVerify), digestSz); + if (ret != 0) + return ret; HmacUpdate(&hmac, myInner, sizeof(myInner)); HmacUpdate(&hmac, decOut + ivExtra, macInSz); HmacFinal(&hmac, verify); diff --git a/mcapi/crypto.c b/mcapi/crypto.c index cc7d5bb3c..7b96f3884 100644 --- a/mcapi/crypto.c +++ b/mcapi/crypto.c @@ -233,9 +233,7 @@ int CRYPT_HMAC_SetKey(CRYPT_HMAC_CTX* hmac, int type, const unsigned char* key, return BAD_FUNC_ARG; /* bad hmac type */ } - HmacSetKey((Hmac*)hmac, type, key, sz); - - return 0; + return HmacSetKey((Hmac*)hmac, type, key, sz); } @@ -245,9 +243,7 @@ int CRYPT_HMAC_DataAdd(CRYPT_HMAC_CTX* hmac, const unsigned char* input, if (hmac == NULL || input == NULL) return BAD_FUNC_ARG; - HmacUpdate((Hmac*)hmac, input, sz); - - return 0; + return HmacUpdate((Hmac*)hmac, input, sz); } @@ -257,9 +253,7 @@ int CRYPT_HMAC_Finalize(CRYPT_HMAC_CTX* hmac, unsigned char* digest) if (hmac == NULL || digest == NULL) return BAD_FUNC_ARG; - HmacFinal((Hmac*)hmac, digest); - - return 0; + return HmacFinal((Hmac*)hmac, digest); } diff --git a/mcapi/mcapi_test.c b/mcapi/mcapi_test.c index 2aad4c222..5274e7b4b 100644 --- a/mcapi/mcapi_test.c +++ b/mcapi/mcapi_test.c @@ -368,6 +368,7 @@ static int check_hmac(void) { CRYPT_HMAC_CTX mcHmac; Hmac defHmac; + int ret; byte mcDigest[CRYPT_SHA512_DIGEST_SIZE]; byte defDigest[SHA512_DIGEST_SIZE]; @@ -375,7 +376,11 @@ static int check_hmac(void) /* SHA1 */ CRYPT_HMAC_SetKey(&mcHmac, CRYPT_HMAC_SHA, key, 4); - HmacSetKey(&defHmac, SHA, key, 4); + ret = HmacSetKey(&defHmac, SHA, key, 4); + if (ret != 0) { + printf("hmac sha setkey default failed\n"); + return -1; + } CRYPT_HMAC_DataAdd(&mcHmac, ourData, OUR_DATA_SIZE); HmacUpdate(&defHmac, ourData, OUR_DATA_SIZE); @@ -391,7 +396,11 @@ static int check_hmac(void) /* SHA-256 */ CRYPT_HMAC_SetKey(&mcHmac, CRYPT_HMAC_SHA256, key, 4); - HmacSetKey(&defHmac, SHA256, key, 4); + ret = HmacSetKey(&defHmac, SHA256, key, 4); + if (ret != 0) { + printf("hmac sha256 setkey default failed\n"); + return -1; + } CRYPT_HMAC_DataAdd(&mcHmac, ourData, OUR_DATA_SIZE); HmacUpdate(&defHmac, ourData, OUR_DATA_SIZE); @@ -407,7 +416,11 @@ static int check_hmac(void) /* SHA-384 */ CRYPT_HMAC_SetKey(&mcHmac, CRYPT_HMAC_SHA384, key, 4); - HmacSetKey(&defHmac, SHA384, key, 4); + ret = HmacSetKey(&defHmac, SHA384, key, 4); + if (ret != 0) { + printf("hmac sha384 setkey default failed\n"); + return -1; + } CRYPT_HMAC_DataAdd(&mcHmac, ourData, OUR_DATA_SIZE); HmacUpdate(&defHmac, ourData, OUR_DATA_SIZE); @@ -423,7 +436,11 @@ static int check_hmac(void) /* SHA-512 */ CRYPT_HMAC_SetKey(&mcHmac, CRYPT_HMAC_SHA512, key, 4); - HmacSetKey(&defHmac, SHA512, key, 4); + ret = HmacSetKey(&defHmac, SHA512, key, 4); + if (ret != 0) { + printf("hmac sha512 setkey default failed\n"); + return -1; + } CRYPT_HMAC_DataAdd(&mcHmac, ourData, OUR_DATA_SIZE); HmacUpdate(&defHmac, ourData, OUR_DATA_SIZE); diff --git a/src/internal.c b/src/internal.c index a746fbadb..3d16570b5 100644 --- a/src/internal.c +++ b/src/internal.c @@ -2947,7 +2947,7 @@ static void BuildSHA(CYASSL* ssl, Hashes* hashes, const byte* sender) #endif -static void BuildFinished(CYASSL* ssl, Hashes* hashes, const byte* sender) +static int BuildFinished(CYASSL* ssl, Hashes* hashes, const byte* sender) { /* store current states, building requires get_digest which resets state */ #ifndef NO_OLD_TLS @@ -2965,9 +2965,11 @@ static void BuildFinished(CYASSL* ssl, Hashes* hashes, const byte* sender) Sha384 sha384 = ssl->hashSha384; #endif + int ret = 0; + #ifndef NO_TLS if (ssl->options.tls) { - BuildTlsFinished(ssl, hashes, sender); + ret = BuildTlsFinished(ssl, hashes, sender); } #endif #ifndef NO_OLD_TLS @@ -2994,6 +2996,8 @@ static void BuildFinished(CYASSL* ssl, Hashes* hashes, const byte* sender) ssl->hashSha384 = sha384; #endif } + + return ret; } @@ -5211,10 +5215,12 @@ int ProcessReply(CYASSL* ssl) #endif if (ssl->options.resuming && ssl->options.side == CYASSL_CLIENT_END) - BuildFinished(ssl, &ssl->verifyHashes, server); + ret = BuildFinished(ssl, &ssl->verifyHashes, server); else if (!ssl->options.resuming && ssl->options.side == CYASSL_SERVER_END) - BuildFinished(ssl, &ssl->verifyHashes, client); + ret = BuildFinished(ssl, &ssl->verifyHashes, client); + if (ret != 0) + return ret; break; case application_data: @@ -5636,8 +5642,9 @@ int SendFinished(CYASSL* ssl) /* make finished hashes */ hashes = (Hashes*)&input[headerSz]; - BuildFinished(ssl, hashes, ssl->options.side == CYASSL_CLIENT_END ? client : - server); + ret = BuildFinished(ssl, hashes, + ssl->options.side == CYASSL_CLIENT_END ? client : server); + if (ret != 0) return ret; sendSz = BuildMessage(ssl, output, input, headerSz + finishedSz, handshake); @@ -5656,7 +5663,8 @@ int SendFinished(CYASSL* ssl) AddSession(ssl); /* just try */ #endif if (ssl->options.side == CYASSL_CLIENT_END) { - BuildFinished(ssl, &ssl->verifyHashes, server); + ret = BuildFinished(ssl, &ssl->verifyHashes, server); + if (ret != 0) return ret; } else { ssl->options.handShakeState = HANDSHAKE_DONE; @@ -5683,7 +5691,8 @@ int SendFinished(CYASSL* ssl) #endif } else { - BuildFinished(ssl, &ssl->verifyHashes, client); + ret = BuildFinished(ssl, &ssl->verifyHashes, client); + if (ret != 0) return ret; } } #ifdef CYASSL_DTLS diff --git a/src/ssl.c b/src/ssl.c index 559d0f8e9..a728fd891 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -7304,20 +7304,24 @@ int CyaSSL_set_compression(CYASSL* ssl) unsigned char* md, unsigned int* md_len) { Hmac hmac; + int ret; CYASSL_ENTER("HMAC"); - if (!md) return 0; /* no static buffer support */ + if (!md) return NULL; /* no static buffer support */ if (XSTRNCMP(evp_md, "MD5", 3) == 0) { - HmacSetKey(&hmac, MD5, (const byte*)key, key_len); + ret = HmacSetKey(&hmac, MD5, (const byte*)key, key_len); if (md_len) *md_len = MD5_DIGEST_SIZE; } else if (XSTRNCMP(evp_md, "SHA", 3) == 0) { - HmacSetKey(&hmac, SHA, (const byte*)key, key_len); + ret = HmacSetKey(&hmac, SHA, (const byte*)key, key_len); if (md_len) *md_len = SHA_DIGEST_SIZE; } else - return 0; + return NULL; + + if (ret != 0) + return NULL; HmacUpdate(&hmac, d, n); HmacFinal(&hmac, md); @@ -10778,6 +10782,7 @@ static int initGlobalRNG = 0; if (key && keylen) { CYASSL_MSG("keying hmac"); HmacSetKey(&ctx->hmac, ctx->type, (const byte*)key, (word32)keylen); + /* OpenSSL compat, no error */ } } diff --git a/src/tls.c b/src/tls.c index a4b5c742f..ffa37e8de 100644 --- a/src/tls.c +++ b/src/tls.c @@ -52,7 +52,7 @@ #endif /* compute p_hash for MD5, SHA-1, SHA-256, or SHA-384 for TLSv1 PRF */ -static void p_hash(byte* result, word32 resLen, const byte* secret, +static int p_hash(byte* result, word32 resLen, const byte* secret, word32 secLen, const byte* seed, word32 seedLen, int hash) { word32 len = PHASH_MAX_DIGEST_SIZE; @@ -61,6 +61,7 @@ static void p_hash(byte* result, word32 resLen, const byte* secret, word32 lastTime; word32 i; word32 idx = 0; + int ret; byte previous[PHASH_MAX_DIGEST_SIZE]; /* max size */ byte current[PHASH_MAX_DIGEST_SIZE]; /* max size */ @@ -107,7 +108,9 @@ static void p_hash(byte* result, word32 resLen, const byte* secret, if (lastLen) times += 1; lastTime = times - 1; - HmacSetKey(&hmac, hash, secret, secLen); + ret = HmacSetKey(&hmac, hash, secret, secLen); + if (ret != 0) + return ret; HmacUpdate(&hmac, seed, seedLen); /* A0 = seed */ HmacFinal(&hmac, previous); /* A1 */ @@ -128,6 +131,8 @@ static void p_hash(byte* result, word32 resLen, const byte* secret, XMEMSET(previous, 0, sizeof previous); XMEMSET(current, 0, sizeof current); XMEMSET(&hmac, 0, sizeof hmac); + + return 0; } @@ -145,9 +150,11 @@ static INLINE void get_xor(byte *digest, word32 digLen, byte* md5, byte* sha) /* compute TLSv1 PRF (pseudo random function using HMAC) */ -static void doPRF(byte* digest, word32 digLen, const byte* secret,word32 secLen, - const byte* label, word32 labLen, const byte* seed, word32 seedLen) +static int doPRF(byte* digest, word32 digLen, const byte* secret,word32 secLen, + const byte* label, word32 labLen, const byte* seed, + word32 seedLen) { + int ret; word32 half = (secLen + 1) / 2; byte md5_half[MAX_PRF_HALF]; /* half is real size */ @@ -157,11 +164,11 @@ static void doPRF(byte* digest, word32 digLen, const byte* secret,word32 secLen, byte sha_result[MAX_PRF_DIG]; /* digLen is real size */ if (half > MAX_PRF_HALF) - return; + return BUFFER_E; if (labLen + seedLen > MAX_PRF_LABSEED) - return; + return BUFFER_E; if (digLen > MAX_PRF_DIG) - return; + return BUFFER_E; XMEMSET(md5_result, 0, digLen); XMEMSET(sha_result, 0, digLen); @@ -172,11 +179,17 @@ static void doPRF(byte* digest, word32 digLen, const byte* secret,word32 secLen, XMEMCPY(labelSeed, label, labLen); XMEMCPY(labelSeed + labLen, seed, seedLen); - p_hash(md5_result, digLen, md5_half, half, labelSeed, labLen + seedLen, - md5_mac); - p_hash(sha_result, digLen, sha_half, half, labelSeed, labLen + seedLen, - sha_mac); + ret = p_hash(md5_result, digLen, md5_half, half, labelSeed, + labLen + seedLen, md5_mac); + if (ret != 0) + return ret; + ret = p_hash(sha_result, digLen, sha_half, half, labelSeed, + labLen + seedLen, sha_mac); + if (ret != 0) + return ret; get_xor(digest, digLen, md5_result, sha_result); + + return 0; } #endif @@ -184,15 +197,17 @@ static void doPRF(byte* digest, word32 digLen, const byte* secret,word32 secLen, /* Wrapper to call straight thru to p_hash in TSL 1.2 cases to remove stack use */ -static void PRF(byte* digest, word32 digLen, const byte* secret, word32 secLen, +static int PRF(byte* digest, word32 digLen, const byte* secret, word32 secLen, const byte* label, word32 labLen, const byte* seed, word32 seedLen, int useAtLeastSha256, int hash_type) { + int ret = 0; + if (useAtLeastSha256) { byte labelSeed[MAX_PRF_LABSEED]; /* labLen + seedLen is real size */ if (labLen + seedLen > MAX_PRF_LABSEED) - return; + return BUFFER_E; XMEMCPY(labelSeed, label, labLen); XMEMCPY(labelSeed + labLen, seed, seedLen); @@ -201,13 +216,17 @@ static void PRF(byte* digest, word32 digLen, const byte* secret, word32 secLen, * should use better. */ if (hash_type < sha256_mac) hash_type = sha256_mac; - p_hash(digest, digLen, secret, secLen, labelSeed, labLen + seedLen, - hash_type); + ret = p_hash(digest, digLen, secret, secLen, labelSeed, + labLen + seedLen, hash_type); } #ifndef NO_OLD_TLS - else - doPRF(digest, digLen, secret, secLen, label, labLen, seed, seedLen); + else { + ret = doPRF(digest, digLen, secret, secLen, label, labLen, seed, + seedLen); + } #endif + + return ret; } @@ -218,7 +237,7 @@ static void PRF(byte* digest, word32 digLen, const byte* secret, word32 secLen, #endif -void BuildTlsFinished(CYASSL* ssl, Hashes* hashes, const byte* sender) +int BuildTlsFinished(CYASSL* ssl, Hashes* hashes, const byte* sender) { const byte* side; byte handshake_hash[HSHASH_SZ]; @@ -249,9 +268,9 @@ void BuildTlsFinished(CYASSL* ssl, Hashes* hashes, const byte* sender) else side = tls_server; - PRF((byte*)hashes, TLS_FINISHED_SZ, ssl->arrays->masterSecret, SECRET_LEN, - side, FINISHED_LABEL_SZ, handshake_hash, hashSz, IsAtLeastTLSv1_2(ssl), - ssl->specs.mac_algorithm); + return PRF((byte*)hashes, TLS_FINISHED_SZ, ssl->arrays->masterSecret, + SECRET_LEN, side, FINISHED_LABEL_SZ, handshake_hash, hashSz, + IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm); } @@ -295,6 +314,7 @@ static const byte key_label [KEY_LABEL_SZ + 1] = "key expansion"; int DeriveTlsKeys(CYASSL* ssl) { + int ret; int length = 2 * ssl->specs.hash_size + 2 * ssl->specs.key_size + 2 * ssl->specs.iv_size; @@ -304,9 +324,11 @@ int DeriveTlsKeys(CYASSL* ssl) XMEMCPY(seed, ssl->arrays->serverRandom, RAN_LEN); XMEMCPY(&seed[RAN_LEN], ssl->arrays->clientRandom, RAN_LEN); - PRF(key_data, length, ssl->arrays->masterSecret, SECRET_LEN, key_label, - KEY_LABEL_SZ, seed, SEED_LEN, IsAtLeastTLSv1_2(ssl), - ssl->specs.mac_algorithm); + ret = PRF(key_data, length, ssl->arrays->masterSecret, SECRET_LEN, + key_label, KEY_LABEL_SZ, seed, SEED_LEN, IsAtLeastTLSv1_2(ssl), + ssl->specs.mac_algorithm); + if (ret != 0) + return ret; return StoreKeys(ssl, key_data); } @@ -314,15 +336,18 @@ int DeriveTlsKeys(CYASSL* ssl) int MakeTlsMasterSecret(CYASSL* ssl) { + int ret; byte seed[SEED_LEN]; XMEMCPY(seed, ssl->arrays->clientRandom, RAN_LEN); XMEMCPY(&seed[RAN_LEN], ssl->arrays->serverRandom, RAN_LEN); - PRF(ssl->arrays->masterSecret, SECRET_LEN, - ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz, - master_label, MASTER_LABEL_SZ, - seed, SEED_LEN, IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm); + ret = PRF(ssl->arrays->masterSecret, SECRET_LEN, + ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz, + master_label, MASTER_LABEL_SZ, + seed, SEED_LEN, IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm); + if (ret != 0) + return ret; #ifdef SHOW_SECRETS { @@ -352,12 +377,11 @@ int CyaSSL_make_eap_keys(CYASSL* ssl, void* msk, unsigned int len, XMEMCPY(seed, ssl->arrays->clientRandom, RAN_LEN); XMEMCPY(&seed[RAN_LEN], ssl->arrays->serverRandom, RAN_LEN); - PRF((byte*)msk, len, - ssl->arrays->masterSecret, SECRET_LEN, - (const byte *)label, (word32)strlen(label), - seed, SEED_LEN, IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm); + return PRF((byte*)msk, len, + ssl->arrays->masterSecret, SECRET_LEN, + (const byte *)label, (word32)strlen(label), + seed, SEED_LEN, IsAtLeastTLSv1_2(ssl), ssl->specs.mac_algorithm); - return 0; } @@ -502,12 +526,15 @@ int TLS_hmac(CYASSL* ssl, byte* digest, const byte* in, word32 sz, int content, int verify) { Hmac hmac; + int ret; byte myInner[CYASSL_TLS_HMAC_INNER_SZ]; CyaSSL_SetTlsHmacInner(ssl, myInner, sz, content, verify); - HmacSetKey(&hmac, CyaSSL_GetHmacType(ssl), CyaSSL_GetMacSecret(ssl, verify), - ssl->specs.hash_size); + ret = HmacSetKey(&hmac, CyaSSL_GetHmacType(ssl), + CyaSSL_GetMacSecret(ssl, verify), ssl->specs.hash_size); + if (ret != 0) + return ret; HmacUpdate(&hmac, myInner, sizeof(myInner)); HmacUpdate(&hmac, in, sz); /* content */ HmacFinal(&hmac, digest); diff --git a/tests/hash.c b/tests/hash.c index d392f81a4..ab4776d69 100644 --- a/tests/hash.c +++ b/tests/hash.c @@ -564,6 +564,7 @@ int hmac_md5_test(void) testVector a, b, c; testVector test_hmac[3]; + int ret; int times = sizeof(test_hmac) / sizeof(testVector), i; a.input = "Hi There"; @@ -592,7 +593,9 @@ int hmac_md5_test(void) test_hmac[2] = c; for (i = 0; i < times; ++i) { - HmacSetKey(&hmac, MD5, (byte*)keys[i], (word32)strlen(keys[i])); + ret = HmacSetKey(&hmac, MD5, (byte*)keys[i], (word32)strlen(keys[i])); + if (ret != 0) + return -4014; HmacUpdate(&hmac, (byte*)test_hmac[i].input, (word32)test_hmac[i].inLen); HmacFinal(&hmac, hash); @@ -623,6 +626,7 @@ int hmac_sha_test(void) testVector a, b, c; testVector test_hmac[3]; + int ret; int times = sizeof(test_hmac) / sizeof(testVector), i; a.input = "Hi There"; @@ -651,7 +655,9 @@ int hmac_sha_test(void) test_hmac[2] = c; for (i = 0; i < times; ++i) { - HmacSetKey(&hmac, SHA, (byte*)keys[i], (word32)strlen(keys[i])); + ret = HmacSetKey(&hmac, SHA, (byte*)keys[i], (word32)strlen(keys[i])); + if (ret != 0) + return -4015; HmacUpdate(&hmac, (byte*)test_hmac[i].input, (word32)test_hmac[i].inLen); HmacFinal(&hmac, hash); @@ -682,6 +688,7 @@ int hmac_sha256_test(void) testVector a, b, c; testVector test_hmac[3]; + int ret; int times = sizeof(test_hmac) / sizeof(testVector), i; a.input = "Hi There"; @@ -713,7 +720,9 @@ int hmac_sha256_test(void) test_hmac[2] = c; for (i = 0; i < times; ++i) { - HmacSetKey(&hmac, SHA256, (byte*)keys[i], (word32)strlen(keys[i])); + ret = HmacSetKey(&hmac,SHA256, (byte*)keys[i], (word32)strlen(keys[i])); + if (ret != 0) + return -4016; HmacUpdate(&hmac, (byte*)test_hmac[i].input, (word32)test_hmac[i].inLen); HmacFinal(&hmac, hash); @@ -745,6 +754,7 @@ int hmac_sha384_test(void) testVector a, b, c; testVector test_hmac[3]; + int ret; int times = sizeof(test_hmac) / sizeof(testVector), i; a.input = "Hi There"; @@ -779,7 +789,9 @@ int hmac_sha384_test(void) test_hmac[2] = c; for (i = 0; i < times; ++i) { - HmacSetKey(&hmac, SHA384, (byte*)keys[i], (word32)strlen(keys[i])); + ret = HmacSetKey(&hmac,SHA384, (byte*)keys[i], (word32)strlen(keys[i])); + if (ret != 0) + return -4017; HmacUpdate(&hmac, (byte*)test_hmac[i].input, (word32)test_hmac[i].inLen); HmacFinal(&hmac, hash);