From 32e2d7016f3244b11d2f436893c5139d044a22a5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mois=C3=A9s=20Guimar=C3=A3es?= Date: Mon, 14 Apr 2014 10:36:17 -0300 Subject: [PATCH] SHA256, SHA384 and SHA512 error propagation. Major impact on Hmac functions with error propagation. --- ctaocrypt/src/ecc.c | 24 ++++-- ctaocrypt/src/hmac.c | 172 +++++++++++++++++++++++++++++---------- ctaocrypt/src/pwdbased.c | 23 ++++-- ctaocrypt/test/test.c | 60 ++++++++++---- cyassl/test.h | 24 ++++-- mcapi/mcapi_test.c | 48 +++++++++-- src/ssl.c | 19 +++-- tests/hash.c | 38 ++++++--- 8 files changed, 303 insertions(+), 105 deletions(-) diff --git a/ctaocrypt/src/ecc.c b/ctaocrypt/src/ecc.c index 7eede99e6..042c63123 100644 --- a/ctaocrypt/src/ecc.c +++ b/ctaocrypt/src/ecc.c @@ -3834,9 +3834,15 @@ int ecc_encrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg, ret = HmacSetKey(&hmac, SHA256, macKey, SHA256_DIGEST_SIZE); if (ret != 0) return ret; - HmacUpdate(&hmac, out, msgSz); - HmacUpdate(&hmac, ctx->macSalt, ctx->macSaltSz); - HmacFinal(&hmac, out+msgSz); + ret = HmacUpdate(&hmac, out, msgSz); + if (ret != 0) + return ret; + ret = HmacUpdate(&hmac, ctx->macSalt, ctx->macSaltSz); + if (ret != 0) + return ret; + ret = HmacFinal(&hmac, out+msgSz); + if (ret != 0) + return ret; } break; @@ -3939,9 +3945,15 @@ int ecc_decrypt(ecc_key* privKey, ecc_key* pubKey, const byte* msg, ret = HmacSetKey(&hmac, SHA256, macKey, SHA256_DIGEST_SIZE); if (ret != 0) return ret; - HmacUpdate(&hmac, msg, msgSz-digestSz); - HmacUpdate(&hmac, ctx->macSalt, ctx->macSaltSz); - HmacFinal(&hmac, verify); + ret = HmacUpdate(&hmac, msg, msgSz-digestSz); + if (ret != 0) + return ret; + ret = HmacUpdate(&hmac, ctx->macSalt, ctx->macSaltSz); + if (ret != 0) + return ret; + ret = HmacFinal(&hmac, verify); + if (ret != 0) + return ret; if (memcmp(verify, msg + msgSz - digestSz, digestSz) != 0) { return -1; diff --git a/ctaocrypt/src/hmac.c b/ctaocrypt/src/hmac.c index 4d3309bdd..9afae366d 100644 --- a/ctaocrypt/src/hmac.c +++ b/ctaocrypt/src/hmac.c @@ -172,8 +172,14 @@ int HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length) XMEMCPY(ip, key, length); } else { - Sha256Update(&hmac->hash.sha256, key, length); - Sha256Final(&hmac->hash.sha256, ip); + ret = Sha256Update(&hmac->hash.sha256, key, length); + if (ret != 0) + return ret; + + ret = Sha256Final(&hmac->hash.sha256, ip); + if (ret != 0) + return ret; + length = SHA256_DIGEST_SIZE; } } @@ -188,8 +194,14 @@ int HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length) XMEMCPY(ip, key, length); } else { - Sha384Update(&hmac->hash.sha384, key, length); - Sha384Final(&hmac->hash.sha384, ip); + ret = Sha384Update(&hmac->hash.sha384, key, length); + if (ret != 0) + return ret; + + ret = Sha384Final(&hmac->hash.sha384, ip); + if (ret != 0) + return ret; + length = SHA384_DIGEST_SIZE; } } @@ -204,8 +216,14 @@ int HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length) XMEMCPY(ip, key, length); } else { - Sha512Update(&hmac->hash.sha512, key, length); - Sha512Final(&hmac->hash.sha512, ip); + ret = Sha512Update(&hmac->hash.sha512, key, length); + if (ret != 0) + return ret; + + ret = Sha512Final(&hmac->hash.sha512, ip); + if (ret != 0) + return ret; + length = SHA512_DIGEST_SIZE; } } @@ -242,8 +260,10 @@ int HmacSetKey(Hmac* hmac, int type, const byte* key, word32 length) } -static void HmacKeyInnerHash(Hmac* hmac) +static int HmacKeyInnerHash(Hmac* hmac) { + int ret = 0; + switch (hmac->macType) { #ifndef NO_MD5 case MD5: @@ -259,22 +279,28 @@ static void HmacKeyInnerHash(Hmac* hmac) #ifndef NO_SHA256 case SHA256: - Sha256Update(&hmac->hash.sha256, + ret = Sha256Update(&hmac->hash.sha256, (byte*) hmac->ipad, SHA256_BLOCK_SIZE); + if (ret != 0) + return ret; break; #endif #ifdef CYASSL_SHA384 case SHA384: - Sha384Update(&hmac->hash.sha384, + ret = Sha384Update(&hmac->hash.sha384, (byte*) hmac->ipad, SHA384_BLOCK_SIZE); + if (ret != 0) + return ret; break; #endif #ifdef CYASSL_SHA512 case SHA512: - Sha512Update(&hmac->hash.sha512, + ret = Sha512Update(&hmac->hash.sha512, (byte*) hmac->ipad, SHA512_BLOCK_SIZE); + if (ret != 0) + return ret; break; #endif @@ -290,18 +316,25 @@ static void HmacKeyInnerHash(Hmac* hmac) } hmac->innerHashKeyed = 1; + + return ret; } int HmacUpdate(Hmac* hmac, const byte* msg, word32 length) { + int ret; + #ifdef HAVE_CAVIUM if (hmac->magic == CYASSL_HMAC_CAVIUM_MAGIC) return HmacCaviumUpdate(hmac, msg, length); #endif - if (!hmac->innerHashKeyed) - HmacKeyInnerHash(hmac); + if (!hmac->innerHashKeyed) { + ret = HmacKeyInnerHash(hmac); + if (ret != 0) + return ret; + } switch (hmac->macType) { #ifndef NO_MD5 @@ -318,19 +351,25 @@ int HmacUpdate(Hmac* hmac, const byte* msg, word32 length) #ifndef NO_SHA256 case SHA256: - Sha256Update(&hmac->hash.sha256, msg, length); + ret = Sha256Update(&hmac->hash.sha256, msg, length); + if (ret != 0) + return ret; break; #endif #ifdef CYASSL_SHA384 case SHA384: - Sha384Update(&hmac->hash.sha384, msg, length); + ret = Sha384Update(&hmac->hash.sha384, msg, length); + if (ret != 0) + return ret; break; #endif #ifdef CYASSL_SHA512 case SHA512: - Sha512Update(&hmac->hash.sha512, msg, length); + ret = Sha512Update(&hmac->hash.sha512, msg, length); + if (ret != 0) + return ret; break; #endif @@ -350,13 +389,18 @@ int HmacUpdate(Hmac* hmac, const byte* msg, word32 length) int HmacFinal(Hmac* hmac, byte* hash) { + int ret; + #ifdef HAVE_CAVIUM if (hmac->magic == CYASSL_HMAC_CAVIUM_MAGIC) return HmacCaviumFinal(hmac, hash); #endif - if (!hmac->innerHashKeyed) - HmacKeyInnerHash(hmac); + if (!hmac->innerHashKeyed) { + ret = HmacKeyInnerHash(hmac); + if (ret != 0) + return ret; + } switch (hmac->macType) { #ifndef NO_MD5 @@ -390,14 +434,23 @@ int HmacFinal(Hmac* hmac, byte* hash) #ifndef NO_SHA256 case SHA256: { - Sha256Final(&hmac->hash.sha256, (byte*) hmac->innerHash); + ret = Sha256Final(&hmac->hash.sha256, (byte*) hmac->innerHash); + if (ret != 0) + return ret; - Sha256Update(&hmac->hash.sha256, + ret = Sha256Update(&hmac->hash.sha256, (byte*) hmac->opad, SHA256_BLOCK_SIZE); - Sha256Update(&hmac->hash.sha256, - (byte*) hmac->innerHash, SHA256_DIGEST_SIZE); + if (ret != 0) + return ret; - Sha256Final(&hmac->hash.sha256, hash); + ret = Sha256Update(&hmac->hash.sha256, + (byte*) hmac->innerHash, SHA256_DIGEST_SIZE); + if (ret != 0) + return ret; + + ret = Sha256Final(&hmac->hash.sha256, hash); + if (ret != 0) + return ret; } break; #endif @@ -405,14 +458,23 @@ int HmacFinal(Hmac* hmac, byte* hash) #ifdef CYASSL_SHA384 case SHA384: { - Sha384Final(&hmac->hash.sha384, (byte*) hmac->innerHash); + ret = Sha384Final(&hmac->hash.sha384, (byte*) hmac->innerHash); + if (ret != 0) + return ret; - Sha384Update(&hmac->hash.sha384, + ret = Sha384Update(&hmac->hash.sha384, (byte*) hmac->opad, SHA384_BLOCK_SIZE); - Sha384Update(&hmac->hash.sha384, - (byte*) hmac->innerHash, SHA384_DIGEST_SIZE); + if (ret != 0) + return ret; - Sha384Final(&hmac->hash.sha384, hash); + ret = Sha384Update(&hmac->hash.sha384, + (byte*) hmac->innerHash, SHA384_DIGEST_SIZE); + if (ret != 0) + return ret; + + ret = Sha384Final(&hmac->hash.sha384, hash); + if (ret != 0) + return ret; } break; #endif @@ -420,14 +482,23 @@ int HmacFinal(Hmac* hmac, byte* hash) #ifdef CYASSL_SHA512 case SHA512: { - Sha512Final(&hmac->hash.sha512, (byte*) hmac->innerHash); + ret = Sha512Final(&hmac->hash.sha512, (byte*) hmac->innerHash); + if (ret != 0) + return ret; - Sha512Update(&hmac->hash.sha512, + ret = Sha512Update(&hmac->hash.sha512, (byte*) hmac->opad, SHA512_BLOCK_SIZE); - Sha512Update(&hmac->hash.sha512, - (byte*) hmac->innerHash, SHA512_DIGEST_SIZE); + if (ret != 0) + return ret; - Sha512Final(&hmac->hash.sha512, hash); + ret = Sha512Update(&hmac->hash.sha512, + (byte*) hmac->innerHash, SHA512_DIGEST_SIZE); + if (ret != 0) + return ret; + + ret = Sha512Final(&hmac->hash.sha512, hash); + if (ret != 0) + return ret; } break; #endif @@ -646,6 +717,7 @@ int HKDF(int type, const byte* inKey, word32 inKeySz, int hashSz = GetHashSizeByType(type); word32 outIdx = 0; byte n = 0x1; + int ret; if (hashSz < 0) return BAD_FUNC_ARG; @@ -657,23 +729,35 @@ int HKDF(int type, const byte* inKey, word32 inKeySz, saltSz = hashSz; } - if (HmacSetKey(&myHmac, type, localSalt, saltSz) != 0) - return BAD_FUNC_ARG; - - HmacUpdate(&myHmac, inKey, inKeySz); - HmacFinal(&myHmac, prk); + ret = HmacSetKey(&myHmac, type, localSalt, saltSz); + if (ret != 0) + return ret; + ret = HmacUpdate(&myHmac, inKey, inKeySz); + if (ret != 0) + return ret; + ret = HmacFinal(&myHmac, prk); + if (ret != 0) + return ret; while (outIdx < outSz) { int tmpSz = (n == 1) ? 0 : hashSz; word32 left = outSz - outIdx; - if (HmacSetKey(&myHmac, type, prk, hashSz) != 0) - return BAD_FUNC_ARG; - - HmacUpdate(&myHmac, tmp, tmpSz); - HmacUpdate(&myHmac, info, infoSz); - HmacUpdate(&myHmac, &n, 1); - HmacFinal(&myHmac, tmp); + ret = HmacSetKey(&myHmac, type, prk, hashSz); + if (ret != 0) + return ret; + ret = HmacUpdate(&myHmac, tmp, tmpSz); + if (ret != 0) + return ret; + ret = HmacUpdate(&myHmac, info, infoSz); + if (ret != 0) + return ret; + ret = HmacUpdate(&myHmac, &n, 1); + if (ret != 0) + return ret; + ret = HmacFinal(&myHmac, tmp); + if (ret != 0) + return ret; left = min(left, (word32)hashSz); XMEMCPY(out+outIdx, tmp, left); diff --git a/ctaocrypt/src/pwdbased.c b/ctaocrypt/src/pwdbased.c index 54359bec5..b9d3ba2a7 100644 --- a/ctaocrypt/src/pwdbased.c +++ b/ctaocrypt/src/pwdbased.c @@ -151,21 +151,34 @@ int PBKDF2(byte* output, const byte* passwd, int pLen, const byte* salt, while (kLen) { int currentLen; - HmacUpdate(&hmac, salt, sLen); + + ret = HmacUpdate(&hmac, salt, sLen); + if (ret != 0) + return ret; /* encode i */ for (j = 0; j < 4; j++) { byte b = (byte)(i >> ((3-j) * 8)); - HmacUpdate(&hmac, &b, 1); + + ret = HmacUpdate(&hmac, &b, 1); + if (ret != 0) + return ret; } - HmacFinal(&hmac, buffer); + + ret = HmacFinal(&hmac, buffer); + if (ret != 0) + return ret; currentLen = min(kLen, hLen); XMEMCPY(output, buffer, currentLen); for (j = 1; j < iterations; j++) { - HmacUpdate(&hmac, buffer, hLen); - HmacFinal(&hmac, buffer); + ret = HmacUpdate(&hmac, buffer, hLen); + if (ret != 0) + return ret; + ret = HmacFinal(&hmac, buffer); + if (ret != 0) + return ret; xorbuf(output, buffer, currentLen); } diff --git a/ctaocrypt/test/test.c b/ctaocrypt/test/test.c index a1f234cdc..bb5f18003 100644 --- a/ctaocrypt/test/test.c +++ b/ctaocrypt/test/test.c @@ -1149,10 +1149,14 @@ int hmac_md5_test(void) #endif ret = HmacSetKey(&hmac, MD5, (byte*)keys[i], (word32)strlen(keys[i])); if (ret != 0) - return -4011; - HmacUpdate(&hmac, (byte*)test_hmac[i].input, + return -4015; + ret = HmacUpdate(&hmac, (byte*)test_hmac[i].input, (word32)test_hmac[i].inLen); - HmacFinal(&hmac, hash); + if (ret != 0) + return -4016; + ret = HmacFinal(&hmac, hash); + if (ret != 0) + return -4017; if (memcmp(hash, test_hmac[i].output, MD5_DIGEST_SIZE) != 0) return -20 - i; @@ -1220,10 +1224,14 @@ int hmac_sha_test(void) #endif ret = HmacSetKey(&hmac, SHA, (byte*)keys[i], (word32)strlen(keys[i])); if (ret != 0) - return -4012; - HmacUpdate(&hmac, (byte*)test_hmac[i].input, + return -4018; + ret = HmacUpdate(&hmac, (byte*)test_hmac[i].input, (word32)test_hmac[i].inLen); - HmacFinal(&hmac, hash); + if (ret != 0) + return -4019; + ret = HmacFinal(&hmac, hash); + if (ret != 0) + return -4020; if (memcmp(hash, test_hmac[i].output, SHA_DIGEST_SIZE) != 0) return -20 - i; @@ -1295,10 +1303,14 @@ int hmac_sha256_test(void) #endif ret = HmacSetKey(&hmac, SHA256, (byte*)keys[i],(word32)strlen(keys[i])); if (ret != 0) - return -4013; - HmacUpdate(&hmac, (byte*)test_hmac[i].input, + return -4021; + ret = HmacUpdate(&hmac, (byte*)test_hmac[i].input, (word32)test_hmac[i].inLen); - HmacFinal(&hmac, hash); + if (ret != 0) + return -4022; + ret = HmacFinal(&hmac, hash); + if (ret != 0) + return -4023; if (memcmp(hash, test_hmac[i].output, SHA256_DIGEST_SIZE) != 0) return -20 - i; @@ -1371,10 +1383,14 @@ int hmac_blake2b_test(void) ret = HmacSetKey(&hmac, BLAKE2B_ID, (byte*)keys[i], (word32)strlen(keys[i])); if (ret != 0) - return -4014; - HmacUpdate(&hmac, (byte*)test_hmac[i].input, + return -4024; + ret = HmacUpdate(&hmac, (byte*)test_hmac[i].input, (word32)test_hmac[i].inLen); - HmacFinal(&hmac, hash); + if (ret != 0) + return -4025; + ret = HmacFinal(&hmac, hash); + if (ret != 0) + return -4026; if (memcmp(hash, test_hmac[i].output, BLAKE2B_256) != 0) return -20 - i; @@ -1443,10 +1459,14 @@ int hmac_sha384_test(void) for (i = 0; i < times; ++i) { ret = HmacSetKey(&hmac, SHA384, (byte*)keys[i],(word32)strlen(keys[i])); if (ret != 0) - return -4015; - HmacUpdate(&hmac, (byte*)test_hmac[i].input, + return -4027; + ret = HmacUpdate(&hmac, (byte*)test_hmac[i].input, (word32)test_hmac[i].inLen); - HmacFinal(&hmac, hash); + if (ret != 0) + return -4028; + ret = HmacFinal(&hmac, hash); + if (ret != 0) + return -4029; if (memcmp(hash, test_hmac[i].output, SHA384_DIGEST_SIZE) != 0) return -20 - i; @@ -1515,10 +1535,14 @@ int hmac_sha512_test(void) for (i = 0; i < times; ++i) { ret = HmacSetKey(&hmac, SHA512, (byte*)keys[i],(word32)strlen(keys[i])); if (ret != 0) - return -4016; - HmacUpdate(&hmac, (byte*)test_hmac[i].input, + return -4030; + ret = HmacUpdate(&hmac, (byte*)test_hmac[i].input, (word32)test_hmac[i].inLen); - HmacFinal(&hmac, hash); + if (ret != 0) + return -4031; + ret = HmacFinal(&hmac, hash); + if (ret != 0) + return -4032; if (memcmp(hash, test_hmac[i].output, SHA512_DIGEST_SIZE) != 0) return -20 - i; diff --git a/cyassl/test.h b/cyassl/test.h index dff9df896..64cc1171d 100644 --- a/cyassl/test.h +++ b/cyassl/test.h @@ -1345,9 +1345,15 @@ static INLINE int myMacEncryptCb(CYASSL* ssl, unsigned char* macOut, CyaSSL_GetMacSecret(ssl, macVerify), CyaSSL_GetHmacSize(ssl)); if (ret != 0) return ret; - HmacUpdate(&hmac, myInner, sizeof(myInner)); - HmacUpdate(&hmac, macIn, macInSz); - HmacFinal(&hmac, macOut); + ret = HmacUpdate(&hmac, myInner, sizeof(myInner)); + if (ret != 0) + return ret; + ret = HmacUpdate(&hmac, macIn, macInSz); + if (ret != 0) + return ret; + ret = HmacFinal(&hmac, macOut); + if (ret != 0) + return ret; /* encrypt setup on first time */ @@ -1454,9 +1460,15 @@ static INLINE int myDecryptVerifyCb(CYASSL* ssl, CyaSSL_GetMacSecret(ssl, macVerify), digestSz); if (ret != 0) return ret; - HmacUpdate(&hmac, myInner, sizeof(myInner)); - HmacUpdate(&hmac, decOut + ivExtra, macInSz); - HmacFinal(&hmac, verify); + ret = HmacUpdate(&hmac, myInner, sizeof(myInner)); + if (ret != 0) + return ret; + ret = HmacUpdate(&hmac, decOut + ivExtra, macInSz); + if (ret != 0) + return ret; + ret = HmacFinal(&hmac, verify); + if (ret != 0) + return ret; if (memcmp(verify, decOut + decSz - digestSz - pad - padByte, digestSz) != 0) { diff --git a/mcapi/mcapi_test.c b/mcapi/mcapi_test.c index 6be78909c..5610a650e 100644 --- a/mcapi/mcapi_test.c +++ b/mcapi/mcapi_test.c @@ -407,10 +407,18 @@ static int check_hmac(void) } CRYPT_HMAC_DataAdd(&mcHmac, ourData, OUR_DATA_SIZE); - HmacUpdate(&defHmac, ourData, OUR_DATA_SIZE); + ret = HmacUpdate(&defHmac, ourData, OUR_DATA_SIZE); + if (ret != 0) { + printf("hmac sha update default failed\n"); + return -1; + } CRYPT_HMAC_Finalize(&mcHmac, mcDigest); - HmacFinal(&defHmac, defDigest); + ret = HmacFinal(&defHmac, defDigest); + if (ret != 0) { + printf("hmac sha final default failed\n"); + return -1; + } if (memcmp(mcDigest, defDigest, CRYPT_SHA_DIGEST_SIZE) != 0) { printf("hmac sha final memcmp fialed\n"); @@ -427,10 +435,18 @@ static int check_hmac(void) } CRYPT_HMAC_DataAdd(&mcHmac, ourData, OUR_DATA_SIZE); - HmacUpdate(&defHmac, ourData, OUR_DATA_SIZE); + ret = HmacUpdate(&defHmac, ourData, OUR_DATA_SIZE); + if (ret != 0) { + printf("hmac sha256 update default failed\n"); + return -1; + } CRYPT_HMAC_Finalize(&mcHmac, mcDigest); - HmacFinal(&defHmac, defDigest); + ret = HmacFinal(&defHmac, defDigest); + if (ret != 0) { + printf("hmac sha256 final default failed\n"); + return -1; + } if (memcmp(mcDigest, defDigest, CRYPT_SHA256_DIGEST_SIZE) != 0) { printf("hmac sha256 final memcmp fialed\n"); @@ -447,10 +463,18 @@ static int check_hmac(void) } CRYPT_HMAC_DataAdd(&mcHmac, ourData, OUR_DATA_SIZE); - HmacUpdate(&defHmac, ourData, OUR_DATA_SIZE); + ret = HmacUpdate(&defHmac, ourData, OUR_DATA_SIZE); + if (ret != 0) { + printf("hmac sha384 update default failed\n"); + return -1; + } CRYPT_HMAC_Finalize(&mcHmac, mcDigest); - HmacFinal(&defHmac, defDigest); + ret = HmacFinal(&defHmac, defDigest); + if (ret != 0) { + printf("hmac sha384 final default failed\n"); + return -1; + } if (memcmp(mcDigest, defDigest, CRYPT_SHA384_DIGEST_SIZE) != 0) { printf("hmac sha384 final memcmp fialed\n"); @@ -467,10 +491,18 @@ static int check_hmac(void) } CRYPT_HMAC_DataAdd(&mcHmac, ourData, OUR_DATA_SIZE); - HmacUpdate(&defHmac, ourData, OUR_DATA_SIZE); + ret = HmacUpdate(&defHmac, ourData, OUR_DATA_SIZE); + if (ret != 0) { + printf("hmac sha512 update default failed\n"); + return -1; + } CRYPT_HMAC_Finalize(&mcHmac, mcDigest); - HmacFinal(&defHmac, defDigest); + ret = HmacFinal(&defHmac, defDigest); + if (ret != 0) { + printf("hmac sha512 final default failed\n"); + return -1; + } if (memcmp(mcDigest, defDigest, CRYPT_SHA512_DIGEST_SIZE) != 0) { printf("hmac sha512 final memcmp fialed\n"); diff --git a/src/ssl.c b/src/ssl.c index 370f7cb05..f736bc301 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -7342,28 +7342,31 @@ int CyaSSL_set_compression(CYASSL* ssl) unsigned char* md, unsigned int* md_len) { Hmac hmac; - int ret; CYASSL_ENTER("HMAC"); if (!md) return NULL; /* no static buffer support */ if (XSTRNCMP(evp_md, "MD5", 3) == 0) { - ret = HmacSetKey(&hmac, MD5, (const byte*)key, key_len); + if (HmacSetKey(&hmac, MD5, (const byte*)key, key_len) != 0) + return NULL; + if (md_len) *md_len = MD5_DIGEST_SIZE; } else if (XSTRNCMP(evp_md, "SHA", 3) == 0) { - ret = HmacSetKey(&hmac, SHA, (const byte*)key, key_len); + if (HmacSetKey(&hmac, SHA, (const byte*)key, key_len) != 0) + return NULL; + if (md_len) *md_len = SHA_DIGEST_SIZE; } else return NULL; - if (ret != 0) + if (HmacUpdate(&hmac, d, n) != 0) return NULL; - HmacUpdate(&hmac, d, n); - HmacFinal(&hmac, md); - + if (HmacFinal(&hmac, md) != 0) + return NULL; + return md; } @@ -10847,6 +10850,7 @@ static int initGlobalRNG = 0; if (ctx && data) { CYASSL_MSG("updating hmac"); HmacUpdate(&ctx->hmac, data, (word32)len); + /* OpenSSL compat, no error */ } } @@ -10859,6 +10863,7 @@ static int initGlobalRNG = 0; if (ctx && hash) { CYASSL_MSG("final hmac"); HmacFinal(&ctx->hmac, hash); + /* OpenSSL compat, no error */ if (len) { CYASSL_MSG("setting output len"); diff --git a/tests/hash.c b/tests/hash.c index 629c93e25..03bf4bcb0 100644 --- a/tests/hash.c +++ b/tests/hash.c @@ -611,9 +611,13 @@ int hmac_md5_test(void) ret = HmacSetKey(&hmac, MD5, (byte*)keys[i], (word32)strlen(keys[i])); if (ret != 0) return -4014; - HmacUpdate(&hmac, (byte*)test_hmac[i].input, + ret = HmacUpdate(&hmac, (byte*)test_hmac[i].input, (word32)test_hmac[i].inLen); - HmacFinal(&hmac, hash); + if (ret != 0) + return -4015; + ret = HmacFinal(&hmac, hash); + if (ret != 0) + return -4016; if (memcmp(hash, test_hmac[i].output, MD5_DIGEST_SIZE) != 0) return -20 - i; @@ -672,10 +676,14 @@ int hmac_sha_test(void) for (i = 0; i < times; ++i) { ret = HmacSetKey(&hmac, SHA, (byte*)keys[i], (word32)strlen(keys[i])); if (ret != 0) - return -4015; - HmacUpdate(&hmac, (byte*)test_hmac[i].input, + return -4017; + ret = HmacUpdate(&hmac, (byte*)test_hmac[i].input, (word32)test_hmac[i].inLen); - HmacFinal(&hmac, hash); + if (ret != 0) + return -4018; + ret = HmacFinal(&hmac, hash); + if (ret != 0) + return -4019; if (memcmp(hash, test_hmac[i].output, SHA_DIGEST_SIZE) != 0) return -20 - i; @@ -737,10 +745,14 @@ int hmac_sha256_test(void) for (i = 0; i < times; ++i) { ret = HmacSetKey(&hmac,SHA256, (byte*)keys[i], (word32)strlen(keys[i])); if (ret != 0) - return -4016; - HmacUpdate(&hmac, (byte*)test_hmac[i].input, + return -4020; + ret = HmacUpdate(&hmac, (byte*)test_hmac[i].input, (word32)test_hmac[i].inLen); - HmacFinal(&hmac, hash); + if (ret != 0) + return -4021; + ret = HmacFinal(&hmac, hash); + if (ret != 0) + return -4022; if (memcmp(hash, test_hmac[i].output, SHA256_DIGEST_SIZE) != 0) return -20 - i; @@ -806,10 +818,14 @@ int hmac_sha384_test(void) for (i = 0; i < times; ++i) { ret = HmacSetKey(&hmac,SHA384, (byte*)keys[i], (word32)strlen(keys[i])); if (ret != 0) - return -4017; - HmacUpdate(&hmac, (byte*)test_hmac[i].input, + return -4023; + ret = HmacUpdate(&hmac, (byte*)test_hmac[i].input, (word32)test_hmac[i].inLen); - HmacFinal(&hmac, hash); + if (ret != 0) + return -4024; + ret = HmacFinal(&hmac, hash); + if (ret != 0) + return -4025; if (memcmp(hash, test_hmac[i].output, SHA384_DIGEST_SIZE) != 0) return -20 - i;