feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

SHA256, SHA384 and SHA512 error propagation. Major impact on random functions with error propagation.

Browse Source
This commit is contained in:
Moisés Guimarães
2014-04-14 16:28:43 -03:00
parent 32e2d7016f
commit 8d8fca67c3
14 changed files with 259 additions and 128 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
ctaocrypt/src/asn.c
View File

@ -4621,6 +4621,8 @@ static int SetName(byte* output, CertName* name)
static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey, static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
RNG* rng, const byte* ntruKey, word16 ntruSz) RNG* rng, const byte* ntruKey, word16 ntruSz)
{ {
int ret;
(void)eccKey; (void)eccKey;
(void)ntruKey; (void)ntruKey;
(void)ntruSz; (void)ntruSz;
@ -4632,7 +4634,10 @@ static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey,
der->versionSz = SetMyVersion(cert->version, der->version, TRUE); der->versionSz = SetMyVersion(cert->version, der->version, TRUE);
/* serial number */ /* serial number */
RNG_GenerateBlock(rng, cert->serial, CTC_SERIAL_SIZE); ret = RNG_GenerateBlock(rng, cert->serial, CTC_SERIAL_SIZE);
if (ret != 0)
return ret;
cert->serial[0] = 0x01; /* ensure positive */ cert->serial[0] = 0x01; /* ensure positive */
der->serialSz = SetSerial(cert->serial, der->serial); der->serialSz = SetSerial(cert->serial, der->serial);
@ -6167,10 +6172,13 @@ int EncodeOcspRequest(OcspRequest* req)
if (InitRng(&rng) != 0) { if (InitRng(&rng) != 0) {
CYASSL_MSG("\tCannot initialize RNG. Skipping the OSCP Nonce."); CYASSL_MSG("\tCannot initialize RNG. Skipping the OSCP Nonce.");
} else { } else {
req->nonceSz = MAX_OCSP_NONCE_SZ; if (RNG_GenerateBlock(&rng, req->nonce, MAX_OCSP_NONCE_SZ) != 0)
RNG_GenerateBlock(&rng, req->nonce, req->nonceSz); CYASSL_MSG("\tCannot run RNG. Skipping the OSCP Nonce.");
extSz = SetOcspReqExtensions(MAX_OCSP_EXT_SZ, extArray, else {
req->nonceSz = MAX_OCSP_NONCE_SZ;
extSz = SetOcspReqExtensions(MAX_OCSP_EXT_SZ, extArray,
req->nonce, req->nonceSz); req->nonce, req->nonceSz);
}
} }
} }

15
ctaocrypt/src/dh.c
View File

@ -82,15 +82,22 @@ static word32 DiscreteLogWorkFactor(word32 n)
} }
static void GeneratePrivate(DhKey* key, RNG* rng, byte* priv, word32* privSz) static int GeneratePrivate(DhKey* key, RNG* rng, byte* priv, word32* privSz)
{ {
int ret;
word32 sz = mp_unsigned_bin_size(&key->p); word32 sz = mp_unsigned_bin_size(&key->p);
sz = min(sz, 2 * DiscreteLogWorkFactor(sz * CYASSL_BIT_SIZE) / sz = min(sz, 2 * DiscreteLogWorkFactor(sz * CYASSL_BIT_SIZE) /
CYASSL_BIT_SIZE + 1); CYASSL_BIT_SIZE + 1);
RNG_GenerateBlock(rng, priv, sz);
ret = RNG_GenerateBlock(rng, priv, sz);
if (ret != 0)
return ret;
priv[0] |= 0x0C; priv[0] |= 0x0C;
*privSz = sz; *privSz = sz;
return 0;
} }
@ -127,9 +134,9 @@ static int GeneratePublic(DhKey* key, const byte* priv, word32 privSz,
int DhGenerateKeyPair(DhKey* key, RNG* rng, byte* priv, word32* privSz, int DhGenerateKeyPair(DhKey* key, RNG* rng, byte* priv, word32* privSz,
byte* pub, word32* pubSz) byte* pub, word32* pubSz)
{ {
GeneratePrivate(key, rng, priv, privSz); int ret = GeneratePrivate(key, rng, priv, privSz);
return GeneratePublic(key, priv, *privSz, pub, pubSz);
return (ret != 0) ? ret : GeneratePublic(key, priv, *privSz, pub, pubSz);
} }
int DhAgree(DhKey* key, byte* agree, word32* agreeSz, const byte* priv, int DhAgree(DhKey* key, byte* agree, word32* agreeSz, const byte* priv,

15
ctaocrypt/src/dsa.c
View File

@ -83,22 +83,25 @@ void FreeDsaKey(DsaKey* key)
int DsaSign(const byte* digest, byte* out, DsaKey* key, RNG* rng) int DsaSign(const byte* digest, byte* out, DsaKey* key, RNG* rng)
{ {
mp_int k, kInv, r, s, H; mp_int k, kInv, r, s, H;
int ret = 0, sz; int ret, sz;
byte buffer[DSA_HALF_SIZE]; byte buffer[DSA_HALF_SIZE];
if (mp_init_multi(&k, &kInv, &r, &s, &H, 0) != MP_OKAY)
return MP_INIT_E;
sz = min(sizeof(buffer), mp_unsigned_bin_size(&key->q)); sz = min(sizeof(buffer), mp_unsigned_bin_size(&key->q));
/* generate k */ /* generate k */
RNG_GenerateBlock(rng, buffer, sz); ret = RNG_GenerateBlock(rng, buffer, sz);
if (ret != 0)
return ret;
buffer[0] |= 0x0C; buffer[0] |= 0x0C;
if (mp_init_multi(&k, &kInv, &r, &s, &H, 0) != MP_OKAY)
return MP_INIT_E;
if (mp_read_unsigned_bin(&k, buffer, sz) != MP_OKAY) if (mp_read_unsigned_bin(&k, buffer, sz) != MP_OKAY)
ret = MP_READ_E; ret = MP_READ_E;
if (mp_cmp_d(&k, 1) != MP_GT) if (ret == 0 && mp_cmp_d(&k, 1) != MP_GT)
ret = MP_CMP_E; ret = MP_CMP_E;
/* inverse k mod q */ /* inverse k mod q */

8
ctaocrypt/src/ecc.c
View File

@ -1333,7 +1333,10 @@ int ecc_make_key_ex(RNG* rng, ecc_key* key, const ecc_set_type* dp)
base = NULL; base = NULL;
/* make up random string */ /* make up random string */
RNG_GenerateBlock(rng, buf, keysize); err = RNG_GenerateBlock(rng, buf, keysize);
if (err != 0)
return err;
buf[0] |= 0x0c; buf[0] |= 0x0c;
/* setup the key variables */ /* setup the key variables */
@ -3634,9 +3637,8 @@ static int ecc_ctx_set_salt(ecEncCtx* ctx, int flags, RNG* rng)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
saltBuffer = (flags == REQ_RESP_CLIENT) ? ctx->clientSalt : ctx->serverSalt; saltBuffer = (flags == REQ_RESP_CLIENT) ? ctx->clientSalt : ctx->serverSalt;
RNG_GenerateBlock(rng, saltBuffer, EXCHANGE_SALT_SZ);
return 0; return RNG_GenerateBlock(rng, saltBuffer, EXCHANGE_SALT_SZ);
} }

17
ctaocrypt/src/pkcs7.c
View File

@ -980,8 +980,13 @@ int PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
verSz = SetMyVersion(0, ver, 0); verSz = SetMyVersion(0, ver, 0);
/* generate random content encryption key */ /* generate random content encryption key */
InitRng(&rng); ret = InitRng(&rng);
RNG_GenerateBlock(&rng, contentKeyPlain, blockKeySz); if (ret != 0)
return ret;
ret = RNG_GenerateBlock(&rng, contentKeyPlain, blockKeySz);
if (ret != 0)
return ret;
/* build RecipientInfo, only handle 1 for now */ /* build RecipientInfo, only handle 1 for now */
recipSz = CreateRecipientInfo(pkcs7->singleCert, pkcs7->singleCertSz, RSAk, recipSz = CreateRecipientInfo(pkcs7->singleCert, pkcs7->singleCertSz, RSAk,
@ -995,6 +1000,11 @@ int PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
} }
recipSetSz = SetSet(recipSz, recipSet); recipSetSz = SetSet(recipSz, recipSet);
/* generate IV for block cipher */
ret = RNG_GenerateBlock(&rng, tmpIv, DES_BLOCK_SIZE);
if (ret != 0)
return ret;
/* EncryptedContentInfo */ /* EncryptedContentInfo */
contentTypeSz = SetContentType(pkcs7->contentOID, contentType); contentTypeSz = SetContentType(pkcs7->contentOID, contentType);
if (contentTypeSz == 0) if (contentTypeSz == 0)
@ -1028,9 +1038,6 @@ int PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz)
return MEMORY_E; return MEMORY_E;
} }
/* generate IV for block cipher */
RNG_GenerateBlock(&rng, tmpIv, DES_BLOCK_SIZE);
/* put together IV OCTET STRING */ /* put together IV OCTET STRING */
ivOctetStringSz = SetOctetString(DES_BLOCK_SIZE, ivOctetString); ivOctetStringSz = SetOctetString(DES_BLOCK_SIZE, ivOctetString);

127
ctaocrypt/src/random.c
View File

@ -105,18 +105,32 @@ static int Hash_df(RNG* rng, byte* out, word32 outSz, byte type, byte* inA, word
{ {
if (InitSha256(&rng->sha) != 0) if (InitSha256(&rng->sha) != 0)
return DBRG_ERROR; return DBRG_ERROR;
Sha256Update(&rng->sha, &ctr, sizeof(ctr));
Sha256Update(&rng->sha, (byte*)&bits, sizeof(bits)); if (Sha256Update(&rng->sha, &ctr, sizeof(ctr)) != 0)
/* churning V is the only string that doesn't have return DBRG_ERROR;
if (Sha256Update(&rng->sha, (byte*)&bits, sizeof(bits)) != 0)
return DBRG_ERROR;
/* churning V is the only string that doesn't have
* the type added */ * the type added */
if (type != dbrgInitV) if (type != dbrgInitV)
Sha256Update(&rng->sha, &type, sizeof(type)); if (Sha256Update(&rng->sha, &type, sizeof(type)) != 0)
Sha256Update(&rng->sha, inA, inASz); return DBRG_ERROR;
if (Sha256Update(&rng->sha, inA, inASz) != 0)
return DBRG_ERROR;
if (inB != NULL && inBSz > 0) if (inB != NULL && inBSz > 0)
Sha256Update(&rng->sha, inB, inBSz); if (Sha256Update(&rng->sha, inB, inBSz) != 0)
return DBRG_ERROR;
if (inC != NULL && inCSz > 0) if (inC != NULL && inCSz > 0)
Sha256Update(&rng->sha, inC, inCSz); if (Sha256Update(&rng->sha, inC, inCSz) != 0)
Sha256Final(&rng->sha, rng->digest); return DBRG_ERROR;
if (Sha256Final(&rng->sha, rng->digest) != 0)
return DBRG_ERROR;
if (outSz > SHA256_DIGEST_SIZE) { if (outSz > SHA256_DIGEST_SIZE) {
XMEMCPY(out, rng->digest, SHA256_DIGEST_SIZE); XMEMCPY(out, rng->digest, SHA256_DIGEST_SIZE);
@ -134,15 +148,22 @@ static int Hash_df(RNG* rng, byte* out, word32 outSz, byte type, byte* inA, word
static int Hash_DBRG_Reseed(RNG* rng, byte* entropy, word32 entropySz) static int Hash_DBRG_Reseed(RNG* rng, byte* entropy, word32 entropySz)
{ {
int ret;
byte seed[DBRG_SEED_LEN]; byte seed[DBRG_SEED_LEN];
Hash_df(rng, seed, sizeof(seed), dbrgInitV, rng->V, sizeof(rng->V), ret = Hash_df(rng, seed, sizeof(seed), dbrgInitV, rng->V, sizeof(rng->V),
entropy, entropySz, NULL, 0); entropy, entropySz, NULL, 0);
if (ret != 0)
return ret;
XMEMCPY(rng->V, seed, sizeof(rng->V)); XMEMCPY(rng->V, seed, sizeof(rng->V));
XMEMSET(seed, 0, sizeof(seed)); XMEMSET(seed, 0, sizeof(seed));
Hash_df(rng, rng->C, sizeof(rng->C), dbrgInitC, rng->V, sizeof(rng->V), ret = Hash_df(rng, rng->C, sizeof(rng->C), dbrgInitC, rng->V,
NULL, 0, NULL, 0); sizeof(rng->V), NULL, 0, NULL, 0);
if (ret != 0)
return ret;
rng->reseed_ctr = 1; rng->reseed_ctr = 1;
return 0; return 0;
} }
@ -168,9 +189,17 @@ static int Hash_gen(RNG* rng, byte* out, word32 outSz, byte* V)
XMEMCPY(data, V, sizeof(data)); XMEMCPY(data, V, sizeof(data));
for (i = 0; i < len; i++) { for (i = 0; i < len; i++) {
ret = InitSha256(&rng->sha); ret = InitSha256(&rng->sha);
if (ret != 0) return ret; if (ret != 0)
Sha256Update(&rng->sha, data, sizeof(data)); return ret;
Sha256Final(&rng->sha, rng->digest);
ret = Sha256Update(&rng->sha, data, sizeof(data));
if (ret != 0)
return ret;
ret = Sha256Final(&rng->sha, rng->digest);
if (ret != 0)
return ret;
if (outSz > SHA256_DIGEST_SIZE) { if (outSz > SHA256_DIGEST_SIZE) {
XMEMCPY(out, rng->digest, SHA256_DIGEST_SIZE); XMEMCPY(out, rng->digest, SHA256_DIGEST_SIZE);
outSz -= SHA256_DIGEST_SIZE; outSz -= SHA256_DIGEST_SIZE;
@ -217,9 +246,13 @@ static int Hash_DBRG_Generate(RNG* rng, byte* out, word32 outSz)
return DBRG_ERROR; return DBRG_ERROR;
if (InitSha256(&rng->sha) != 0) if (InitSha256(&rng->sha) != 0)
return DBRG_ERROR; return DBRG_ERROR;
Sha256Update(&rng->sha, &type, sizeof(type)); if (Sha256Update(&rng->sha, &type, sizeof(type)) != 0)
Sha256Update(&rng->sha, rng->V, sizeof(rng->V)); return DBRG_ERROR;
Sha256Final(&rng->sha, rng->digest); if (Sha256Update(&rng->sha, rng->V, sizeof(rng->V)) != 0)
return DBRG_ERROR;
if (Sha256Final(&rng->sha, rng->digest) != 0)
return DBRG_ERROR;
array_add(rng->V, sizeof(rng->V), rng->digest, sizeof(rng->digest)); array_add(rng->V, sizeof(rng->V), rng->digest, sizeof(rng->digest));
array_add(rng->V, sizeof(rng->V), rng->C, sizeof(rng->C)); array_add(rng->V, sizeof(rng->V), rng->C, sizeof(rng->C));
array_add(rng->V, sizeof(rng->V), array_add(rng->V, sizeof(rng->V),
@ -234,13 +267,24 @@ static int Hash_DBRG_Generate(RNG* rng, byte* out, word32 outSz)
} }
static void Hash_DBRG_Instantiate(RNG* rng, byte* seed, word32 seedSz) static int Hash_DBRG_Instantiate(RNG* rng, byte* seed, word32 seedSz)
{ {
int ret;
XMEMSET(rng, 0, sizeof(*rng)); XMEMSET(rng, 0, sizeof(*rng));
Hash_df(rng, rng->V, sizeof(rng->V), dbrgInitV, seed, seedSz, NULL, 0, NULL, 0); ret = Hash_df(rng, rng->V, sizeof(rng->V), dbrgInitV, seed, seedSz, NULL, 0,
Hash_df(rng, rng->C, sizeof(rng->C), dbrgInitC, rng->V, sizeof(rng->V), NULL, 0);
NULL, 0, NULL, 0); if (ret != 0)
return ret;
ret = Hash_df(rng, rng->C, sizeof(rng->C), dbrgInitC, rng->V,
sizeof(rng->V), NULL, 0, NULL, 0);
if (ret != 0)
return ret;
rng->reseed_ctr = 1; rng->reseed_ctr = 1;
return 0;
} }
@ -266,42 +310,43 @@ int InitRng(RNG* rng)
byte entropy[ENTROPY_SZ]; byte entropy[ENTROPY_SZ];
int ret = DBRG_ERROR; int ret = DBRG_ERROR;
if (GenerateSeed(&rng->seed, entropy, sizeof(entropy)) == 0) { if (GenerateSeed(&rng->seed, entropy, sizeof(entropy)) == 0)
Hash_DBRG_Instantiate(rng, entropy, sizeof(entropy)); ret = Hash_DBRG_Instantiate(rng, entropy, sizeof(entropy));
ret = DBRG_SUCCESS;
}
XMEMSET(entropy, 0, sizeof(entropy)); XMEMSET(entropy, 0, sizeof(entropy));
return ret; return ret;
} }
/* place a generated block in output */ /* place a generated block in output */
void RNG_GenerateBlock(RNG* rng, byte* output, word32 sz) int RNG_GenerateBlock(RNG* rng, byte* output, word32 sz)
{ {
int ret; int ret;
XMEMSET(output, 0, sz); XMEMSET(output, 0, sz);
ret = Hash_DBRG_Generate(rng, output, sz); ret = Hash_DBRG_Generate(rng, output, sz);
if (ret == DBRG_NEED_RESEED) { if (ret == DBRG_NEED_RESEED) {
byte entropy[ENTROPY_SZ]; byte entropy[ENTROPY_SZ];
ret = GenerateSeed(&rng->seed, entropy, sizeof(entropy)); ret = GenerateSeed(&rng->seed, entropy, sizeof(entropy));
if (ret == 0) { if (ret == 0) {
Hash_DBRG_Reseed(rng, entropy, sizeof(entropy)); ret = Hash_DBRG_Reseed(rng, entropy, sizeof(entropy));
ret = Hash_DBRG_Generate(rng, output, sz);
if (ret == 0)
ret = Hash_DBRG_Generate(rng, output, sz);
} }
else else
ret = DBRG_ERROR; ret = DBRG_ERROR;
XMEMSET(entropy, 0, sizeof(entropy)); XMEMSET(entropy, 0, sizeof(entropy));
} }
return ret;
} }
byte RNG_GenerateByte(RNG* rng) int RNG_GenerateByte(RNG* rng, byte* b)
{ {
byte b; return RNG_GenerateBlock(rng, b, 1);
RNG_GenerateBlock(rng, &b, 1);
return b;
} }
@ -327,7 +372,8 @@ int InitRng(RNG* rng)
if (ret == 0) { if (ret == 0) {
Arc4SetKey(&rng->cipher, key, sizeof(key)); Arc4SetKey(&rng->cipher, key, sizeof(key));
RNG_GenerateBlock(rng, junk, sizeof(junk)); /* rid initial state */
return RNG_GenerateBlock(rng, junk, sizeof(junk)); /*rid initial state*/
} }
return ret; return ret;
@ -338,7 +384,7 @@ int InitRng(RNG* rng)
#endif #endif
/* place a generated block in output */ /* place a generated block in output */
void RNG_GenerateBlock(RNG* rng, byte* output, word32 sz) int RNG_GenerateBlock(RNG* rng, byte* output, word32 sz)
{ {
#ifdef HAVE_CAVIUM #ifdef HAVE_CAVIUM
if (rng->magic == CYASSL_RNG_CAVIUM_MAGIC) if (rng->magic == CYASSL_RNG_CAVIUM_MAGIC)
@ -346,15 +392,14 @@ void RNG_GenerateBlock(RNG* rng, byte* output, word32 sz)
#endif #endif
XMEMSET(output, 0, sz); XMEMSET(output, 0, sz);
Arc4Process(&rng->cipher, output, output, sz); Arc4Process(&rng->cipher, output, output, sz);
return 0;
} }
byte RNG_GenerateByte(RNG* rng) int RNG_GenerateByte(RNG* rng, byte* b)
{ {
byte b; return RNG_GenerateBlock(rng, b, 1);
RNG_GenerateBlock(rng, &b, 1);
return b;
} }

26
ctaocrypt/src/rsa.c
View File

@ -124,10 +124,11 @@ int FreeRsaKey(RsaKey* key)
return 0; return 0;
} }
static void RsaPad(const byte* input, word32 inputLen, byte* pkcsBlock, static int RsaPad(const byte* input, word32 inputLen, byte* pkcsBlock,
word32 pkcsBlockLen, byte padValue, RNG* rng) word32 pkcsBlockLen, byte padValue, RNG* rng)
{ {
if (inputLen == 0) return; if (inputLen == 0)
return 0;
pkcsBlock[0] = 0x0; /* set first byte to zero and advance */ pkcsBlock[0] = 0x0; /* set first byte to zero and advance */
pkcsBlock++; pkcsBlockLen--; pkcsBlock++; pkcsBlockLen--;
@ -139,7 +140,10 @@ static void RsaPad(const byte* input, word32 inputLen, byte* pkcsBlock,
else { else {
/* pad with non-zero random bytes */ /* pad with non-zero random bytes */
word32 padLen = pkcsBlockLen - inputLen - 1, i; word32 padLen = pkcsBlockLen - inputLen - 1, i;
RNG_GenerateBlock(rng, &pkcsBlock[1], padLen); int ret = RNG_GenerateBlock(rng, &pkcsBlock[1], padLen);
if (ret != 0)
return ret;
/* remove zeros */ /* remove zeros */
for (i = 1; i < padLen; i++) for (i = 1; i < padLen; i++)
@ -148,6 +152,8 @@ static void RsaPad(const byte* input, word32 inputLen, byte* pkcsBlock,
pkcsBlock[pkcsBlockLen-inputLen-1] = 0; /* separator */ pkcsBlock[pkcsBlockLen-inputLen-1] = 0; /* separator */
XMEMCPY(pkcsBlock+pkcsBlockLen-inputLen, input, inputLen); XMEMCPY(pkcsBlock+pkcsBlockLen-inputLen, input, inputLen);
return 0;
} }
@ -297,7 +303,9 @@ int RsaPublicEncrypt(const byte* in, word32 inLen, byte* out, word32 outLen,
if (inLen > (word32)(sz - RSA_MIN_PAD_SZ)) if (inLen > (word32)(sz - RSA_MIN_PAD_SZ))
return RSA_BUFFER_E; return RSA_BUFFER_E;
RsaPad(in, inLen, out, sz, RSA_BLOCK_TYPE_2, rng); ret = RsaPad(in, inLen, out, sz, RSA_BLOCK_TYPE_2, rng);
if (ret != 0)
return ret;
if ((ret = RsaFunction(out, sz, out, &outLen, RSA_PUBLIC_ENCRYPT, key)) < 0) if ((ret = RsaFunction(out, sz, out, &outLen, RSA_PUBLIC_ENCRYPT, key)) < 0)
sz = ret; sz = ret;
@ -444,7 +452,9 @@ int RsaSSL_Sign(const byte* in, word32 inLen, byte* out, word32 outLen,
if (inLen > (word32)(sz - RSA_MIN_PAD_SZ)) if (inLen > (word32)(sz - RSA_MIN_PAD_SZ))
return RSA_BUFFER_E; return RSA_BUFFER_E;
RsaPad(in, inLen, out, sz, RSA_BLOCK_TYPE_1, rng); ret = RsaPad(in, inLen, out, sz, RSA_BLOCK_TYPE_1, rng);
if (ret != 0)
return ret;
if ((ret = RsaFunction(out, sz, out, &outLen, RSA_PRIVATE_ENCRYPT,key)) < 0) if ((ret = RsaFunction(out, sz, out, &outLen, RSA_PRIVATE_ENCRYPT,key)) < 0)
sz = ret; sz = ret;
@ -502,7 +512,11 @@ static int rand_prime(mp_int* N, int len, RNG* rng, void* heap)
fflush(stdout); fflush(stdout);
#endif #endif
/* generate value */ /* generate value */
RNG_GenerateBlock(rng, buf, len); err = RNG_GenerateBlock(rng, buf, len);
if (err != 0) {
XFREE(buf, heap, DYNAMIC_TYPE_RSA);
return err;
}
/* munge bits */ /* munge bits */
buf[0] |= 0x80 | 0x40; buf[0] |= 0x80 | 0x40;

36
ctaocrypt/test/test.c
View File

@ -2586,7 +2586,8 @@ int random_test(void)
ret = InitRng(&rng); ret = InitRng(&rng);
if (ret != 0) return -39; if (ret != 0) return -39;
RNG_GenerateBlock(&rng, block, sizeof(block)); ret = RNG_GenerateBlock(&rng, block, sizeof(block));
if (ret != 0) return -40;
return 0; return 0;
} }
@ -2600,21 +2601,14 @@ byte GetEntropy(ENTROPY_CMD cmd, byte* out)
{ {
static RNG rng; static RNG rng;
if (cmd == INIT) { if (cmd == INIT)
int ret = InitRng(&rng); return (InitRng(&rng) == 0) ? 1 : 0;
if (ret == 0)
return 1;
else
return 0;
}
if (out == NULL) if (out == NULL)
return 0; return 0;
if (cmd == GET_BYTE_OF_ENTROPY) { if (cmd == GET_BYTE_OF_ENTROPY)
RNG_GenerateBlock(&rng, out, 1); return (RNG_GenerateBlock(&rng, out, 1) == 0) ? 1 : 0;
return 1;
}
if (cmd == GET_NUM_BYTES_PER_BYTE_OF_ENTROPY) { if (cmd == GET_NUM_BYTES_PER_BYTE_OF_ENTROPY) {
*out = 1; *out = 1;
@ -4334,9 +4328,15 @@ int pkcs7signed_test(void)
fclose(file); fclose(file);
ret = InitRng(&rng); ret = InitRng(&rng);
if (ret != 0)
return -210;
senderNonce[0] = 0x04; senderNonce[0] = 0x04;
senderNonce[1] = PKCS7_NONCE_SZ; senderNonce[1] = PKCS7_NONCE_SZ;
RNG_GenerateBlock(&rng, &senderNonce[2], PKCS7_NONCE_SZ);
ret = RNG_GenerateBlock(&rng, &senderNonce[2], PKCS7_NONCE_SZ);
if (ret != 0)
return -211;
PKCS7_InitWithCert(&msg, certDer, certDerSz); PKCS7_InitWithCert(&msg, certDer, certDerSz);
msg.privateKey = keyDer; msg.privateKey = keyDer;
@ -4372,7 +4372,7 @@ int pkcs7signed_test(void)
free(keyDer); free(keyDer);
free(out); free(out);
PKCS7_Free(&msg); PKCS7_Free(&msg);
return -210; return -212;
} }
else else
outSz = ret; outSz = ret;
@ -4384,7 +4384,7 @@ int pkcs7signed_test(void)
free(keyDer); free(keyDer);
free(out); free(out);
PKCS7_Free(&msg); PKCS7_Free(&msg);
return -211; return -213;
} }
ret = (int)fwrite(out, 1, outSz, file); ret = (int)fwrite(out, 1, outSz, file);
fclose(file); fclose(file);
@ -4398,7 +4398,7 @@ int pkcs7signed_test(void)
free(keyDer); free(keyDer);
free(out); free(out);
PKCS7_Free(&msg); PKCS7_Free(&msg);
return -212; return -214;
} }
if (msg.singleCert == NULL || msg.singleCertSz == 0) { if (msg.singleCert == NULL || msg.singleCertSz == 0) {
@ -4406,7 +4406,7 @@ int pkcs7signed_test(void)
free(keyDer); free(keyDer);
free(out); free(out);
PKCS7_Free(&msg); PKCS7_Free(&msg);
return -213; return -215;
} }
file = fopen("./pkcs7cert.der", "wb"); file = fopen("./pkcs7cert.der", "wb");
@ -4415,7 +4415,7 @@ int pkcs7signed_test(void)
free(keyDer); free(keyDer);
free(out); free(out);
PKCS7_Free(&msg); PKCS7_Free(&msg);
return -214; return -216;
} }
ret = (int)fwrite(msg.singleCert, 1, msg.singleCertSz, file); ret = (int)fwrite(msg.singleCert, 1, msg.singleCertSz, file);
fclose(file); fclose(file);

4
cyassl/ctaocrypt/random.h
View File

@ -104,8 +104,8 @@ typedef struct RNG {
#endif #endif
CYASSL_API int InitRng(RNG*); CYASSL_API int InitRng(RNG*);
CYASSL_API void RNG_GenerateBlock(RNG*, byte*, word32 sz); CYASSL_API int RNG_GenerateBlock(RNG*, byte*, word32 sz);
CYASSL_API byte RNG_GenerateByte(RNG*); CYASSL_API int RNG_GenerateByte(RNG*, byte*);
#ifdef NO_RC4 #ifdef NO_RC4
CYASSL_API void FreeRng(RNG*); CYASSL_API void FreeRng(RNG*);

15
cyassl/test.h
View File

@ -1532,7 +1532,10 @@ static INLINE int myEccSign(CYASSL* ssl, const byte* in, word32 inSz,
(void)ssl; (void)ssl;
(void)ctx; (void)ctx;
InitRng(&rng); ret = InitRng(&rng);
if (ret != 0)
return ret;
ecc_init(&myKey); ecc_init(&myKey);
ret = EccPrivateKeyDecode(key, &idx, &myKey, keySz); ret = EccPrivateKeyDecode(key, &idx, &myKey, keySz);
@ -1579,7 +1582,10 @@ static INLINE int myRsaSign(CYASSL* ssl, const byte* in, word32 inSz,
(void)ssl; (void)ssl;
(void)ctx; (void)ctx;
InitRng(&rng); ret = InitRng(&rng);
if (ret != 0)
return ret;
InitRsaKey(&myKey, NULL); InitRsaKey(&myKey, NULL);
ret = RsaPrivateKeyDecode(key, &idx, &myKey, keySz); ret = RsaPrivateKeyDecode(key, &idx, &myKey, keySz);
@ -1630,7 +1636,10 @@ static INLINE int myRsaEnc(CYASSL* ssl, const byte* in, word32 inSz,
(void)ssl; (void)ssl;
(void)ctx; (void)ctx;
InitRng(&rng); ret = InitRng(&rng);
if (ret != 0)
return ret;
InitRsaKey(&myKey, NULL); InitRsaKey(&myKey, NULL);
ret = RsaPublicKeyDecode(key, &idx, &myKey, keySz); ret = RsaPublicKeyDecode(key, &idx, &myKey, keySz);

8
mcapi/crypto.c
View File

@ -301,9 +301,7 @@ int CRYPT_RNG_Get(CRYPT_RNG_CTX* rng, unsigned char* b)
if (rng == NULL || b == NULL) if (rng == NULL || b == NULL)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
*b = RNG_GenerateByte((RNG*)rng); return RNG_GenerateByte((RNG*)rng, (byte*)b);
return 0;
} }
@ -314,9 +312,7 @@ int CRYPT_RNG_BlockGenerate(CRYPT_RNG_CTX* rng, unsigned char* b,
if (rng == NULL || b == NULL) if (rng == NULL || b == NULL)
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
RNG_GenerateBlock((RNG*)rng, b, sz); return RNG_GenerateBlock((RNG*)rng, b, sz);
return 0;
} }

71
src/internal.c
View File

@ -156,21 +156,14 @@ static byte GetEntropy(ENTROPY_CMD cmd, byte* out)
/* TODO: add locking? */ /* TODO: add locking? */
static RNG rng; static RNG rng;
if (cmd == INIT) { if (cmd == INIT)
int ret = InitRng(&rng); return (InitRng(&rng) == 0) ? 1 : 0;
if (ret == 0)
return 1;
else
return 0;
}
if (out == NULL) if (out == NULL)
return 0; return 0;
if (cmd == GET_BYTE_OF_ENTROPY) { if (cmd == GET_BYTE_OF_ENTROPY)
RNG_GenerateBlock(&rng, out, 1); return (RNG_GenerateBlock(&rng, out, 1) == 0) ? 1 : 0;
return 1;
}
if (cmd == GET_NUM_BYTES_PER_BYTE_OF_ENTROPY) { if (cmd == GET_NUM_BYTES_PER_BYTE_OF_ENTROPY) {
*out = 1; *out = 1;
@ -5612,7 +5605,11 @@ static int BuildMessage(CYASSL* ssl, byte* output, const byte* input, int inSz,
if (ssl->options.tls1_1) { if (ssl->options.tls1_1) {
ivSz = blockSz; ivSz = blockSz;
sz += ivSz; sz += ivSz;
RNG_GenerateBlock(ssl->rng, iv, ivSz);
ret = RNG_GenerateBlock(ssl->rng, iv, ivSz);
if (ret != 0)
return ret;
} }
sz += 1; /* pad byte */ sz += 1; /* pad byte */
pad = (sz - headerSz) % blockSz; pad = (sz - headerSz) % blockSz;
@ -7544,7 +7541,9 @@ static void PickHashSigAlgo(CYASSL* ssl,
/* then random */ /* then random */
if (ssl->options.connectState == CONNECT_BEGIN) { if (ssl->options.connectState == CONNECT_BEGIN) {
RNG_GenerateBlock(ssl->rng, output + idx, RAN_LEN); ret = RNG_GenerateBlock(ssl->rng, output + idx, RAN_LEN);
if (ret != 0)
return ret;
/* store random */ /* store random */
XMEMCPY(ssl->arrays->clientRandom, output + idx, RAN_LEN); XMEMCPY(ssl->arrays->clientRandom, output + idx, RAN_LEN);
@ -8338,8 +8337,11 @@ static void PickHashSigAlgo(CYASSL* ssl,
switch (ssl->specs.kea) { switch (ssl->specs.kea) {
#ifndef NO_RSA #ifndef NO_RSA
case rsa_kea: case rsa_kea:
RNG_GenerateBlock(ssl->rng, ssl->arrays->preMasterSecret, ret = RNG_GenerateBlock(ssl->rng, ssl->arrays->preMasterSecret,
SECRET_LEN); SECRET_LEN);
if (ret != 0)
return ret;
ssl->arrays->preMasterSecret[0] = ssl->chVersion.major; ssl->arrays->preMasterSecret[0] = ssl->chVersion.major;
ssl->arrays->preMasterSecret[1] = ssl->chVersion.minor; ssl->arrays->preMasterSecret[1] = ssl->chVersion.minor;
ssl->arrays->preMasterSz = SECRET_LEN; ssl->arrays->preMasterSz = SECRET_LEN;
@ -8441,8 +8443,11 @@ static void PickHashSigAlgo(CYASSL* ssl,
'C', 'y', 'a', 'S', 'S', 'L', ' ', 'N', 'T', 'R', 'U' 'C', 'y', 'a', 'S', 'S', 'L', ' ', 'N', 'T', 'R', 'U'
}; };
RNG_GenerateBlock(ssl->rng, ssl->arrays->preMasterSecret, ret = RNG_GenerateBlock(ssl->rng,
SECRET_LEN); ssl->arrays->preMasterSecret, SECRET_LEN);
if (ret != 0)
return ret;
ssl->arrays->preMasterSz = SECRET_LEN; ssl->arrays->preMasterSz = SECRET_LEN;
if (ssl->peerNtruKeyPresent == 0) if (ssl->peerNtruKeyPresent == 0)
@ -8911,8 +8916,13 @@ static void PickHashSigAlgo(CYASSL* ssl,
output[idx++] = ssl->version.minor; output[idx++] = ssl->version.minor;
/* then random */ /* then random */
if (!ssl->options.resuming) if (!ssl->options.resuming) {
RNG_GenerateBlock(ssl->rng, ssl->arrays->serverRandom, RAN_LEN); ret = RNG_GenerateBlock(ssl->rng, ssl->arrays->serverRandom,
RAN_LEN);
if (ret != 0)
return ret;
}
XMEMCPY(output + idx, ssl->arrays->serverRandom, RAN_LEN); XMEMCPY(output + idx, ssl->arrays->serverRandom, RAN_LEN);
idx += RAN_LEN; idx += RAN_LEN;
@ -8927,8 +8937,13 @@ static void PickHashSigAlgo(CYASSL* ssl,
#endif #endif
/* then session id */ /* then session id */
output[idx++] = ID_LEN; output[idx++] = ID_LEN;
if (!ssl->options.resuming)
RNG_GenerateBlock(ssl->rng, ssl->arrays->sessionID, ID_LEN); if (!ssl->options.resuming) {
ret = RNG_GenerateBlock(ssl->rng, ssl->arrays->sessionID, ID_LEN);
if (ret != 0)
return ret;
}
XMEMCPY(output + idx, ssl->arrays->sessionID, ID_LEN); XMEMCPY(output + idx, ssl->arrays->sessionID, ID_LEN);
idx += ID_LEN; idx += ID_LEN;
@ -10401,7 +10416,12 @@ static void PickHashSigAlgo(CYASSL* ssl,
#ifdef SESSION_CERTS #ifdef SESSION_CERTS
ssl->session = *session; /* restore session certs. */ ssl->session = *session; /* restore session certs. */
#endif #endif
RNG_GenerateBlock(ssl->rng, ssl->arrays->serverRandom, RAN_LEN);
ret = RNG_GenerateBlock(ssl->rng, ssl->arrays->serverRandom,
RAN_LEN);
if (ret != 0)
return ret;
#ifdef NO_OLD_TLS #ifdef NO_OLD_TLS
ret = DeriveTlsKeys(ssl); ret = DeriveTlsKeys(ssl);
#else #else
@ -10678,7 +10698,12 @@ static void PickHashSigAlgo(CYASSL* ssl,
#ifdef SESSION_CERTS #ifdef SESSION_CERTS
ssl->session = *session; /* restore session certs. */ ssl->session = *session; /* restore session certs. */
#endif #endif
RNG_GenerateBlock(ssl->rng, ssl->arrays->serverRandom, RAN_LEN);
ret = RNG_GenerateBlock(ssl->rng, ssl->arrays->serverRandom,
RAN_LEN);
if (ret != 0)
return ret;
#ifdef NO_OLD_TLS #ifdef NO_OLD_TLS
ret = DeriveTlsKeys(ssl); ret = DeriveTlsKeys(ssl);
#else #else

17
src/keys.c
View File

@ -1900,18 +1900,21 @@ int DeriveKeys(CYASSL* ssl)
} }
static void CleanPreMaster(CYASSL* ssl) static int CleanPreMaster(CYASSL* ssl)
{ {
int i, sz = ssl->arrays->preMasterSz; int i, ret, sz = ssl->arrays->preMasterSz;
for (i = 0; i < sz; i++) for (i = 0; i < sz; i++)
ssl->arrays->preMasterSecret[i] = 0; ssl->arrays->preMasterSecret[i] = 0;
RNG_GenerateBlock(ssl->rng, ssl->arrays->preMasterSecret, sz); ret = RNG_GenerateBlock(ssl->rng, ssl->arrays->preMasterSecret, sz);
if (ret != 0)
return ret;
for (i = 0; i < sz; i++) for (i = 0; i < sz; i++)
ssl->arrays->preMasterSecret[i] = 0; ssl->arrays->preMasterSecret[i] = 0;
return 0;
} }
@ -1982,9 +1985,13 @@ static int MakeSslMasterSecret(CYASSL* ssl)
#endif #endif
ret = DeriveKeys(ssl); ret = DeriveKeys(ssl);
CleanPreMaster(ssl); if (ret != 0) {
/* always try to clean PreMaster */
CleanPreMaster(ssl);
return ret;
}
return ret; return CleanPreMaster(ssl);
} }
#endif #endif

12
src/ssl.c
View File

@ -9545,6 +9545,7 @@ static int initGlobalRNG = 0;
if (initGlobalRNG == 0) { if (initGlobalRNG == 0) {
if (InitRng(&globalRNG) < 0) { if (InitRng(&globalRNG) < 0) {
CYASSL_MSG("CyaSSL Init Global RNG failed"); CYASSL_MSG("CyaSSL Init Global RNG failed");
return 0;
} }
initGlobalRNG = 1; initGlobalRNG = 1;
} }
@ -9569,7 +9570,10 @@ static int initGlobalRNG = 0;
rng = &globalRNG; rng = &globalRNG;
} }
RNG_GenerateBlock(rng, buf, num); if (RNG_GenerateBlock(rng, buf, num) != 0) {
CYASSL_MSG("Bad RNG_GenerateBlock");
return 0;
}
return SSL_SUCCESS; return SSL_SUCCESS;
} }
@ -9864,7 +9868,11 @@ static int initGlobalRNG = 0;
rng = &globalRNG; rng = &globalRNG;
} }
RNG_GenerateBlock(rng, buff, len); if (RNG_GenerateBlock(rng, buff, len) != 0) {
CYASSL_MSG("Bad RNG_GenerateBlock");
return 0;
}
buff[0] |= 0x80 | 0x40; buff[0] |= 0x80 | 0x40;
buff[len-1] |= 0x01; buff[len-1] |= 0x01;