From 96b7b193d7e15a09bc9c8f09755feac53cdc17e2 Mon Sep 17 00:00:00 2001 From: Guido Vranken Date: Mon, 7 Jun 2021 03:34:44 +0200 Subject: [PATCH] Check return value in BLAKE2 key init functions If built with smallstack, allocations in `blake2s_update` and `blake2b_update` may fail, so the error must be propagated. --- wolfcrypt/src/blake2b.c | 11 +++++------ wolfcrypt/src/blake2s.c | 13 ++++++------- 2 files changed, 11 insertions(+), 13 deletions(-) diff --git a/wolfcrypt/src/blake2b.c b/wolfcrypt/src/blake2b.c index 24f54cfd7..90ab9861f 100644 --- a/wolfcrypt/src/blake2b.c +++ b/wolfcrypt/src/blake2b.c @@ -152,6 +152,7 @@ int blake2b_init( blake2b_state *S, const byte outlen ) int blake2b_init_key( blake2b_state *S, const byte outlen, const void *key, const byte keylen ) { + int ret = 0; blake2b_param P[1]; if ( ( !outlen ) || ( outlen > BLAKE2B_OUTBYTES ) ) return BAD_FUNC_ARG; @@ -178,10 +179,8 @@ int blake2b_init_key( blake2b_state *S, const byte outlen, const void *key, P->depth = 1; #endif - { - int ret = blake2b_init_param( S, P ); - if ( ret < 0 ) return ret; - } + ret = blake2b_init_param( S, P ); + if ( ret < 0 ) return ret; { #ifdef WOLFSSL_SMALL_STACK @@ -196,7 +195,7 @@ int blake2b_init_key( blake2b_state *S, const byte outlen, const void *key, XMEMSET( block, 0, BLAKE2B_BLOCKBYTES ); XMEMCPY( block, key, keylen ); - blake2b_update( S, block, BLAKE2B_BLOCKBYTES ); + ret = blake2b_update( S, block, BLAKE2B_BLOCKBYTES ); secure_zero_memory( block, BLAKE2B_BLOCKBYTES ); /* Burn the key from */ /* memory */ @@ -204,7 +203,7 @@ int blake2b_init_key( blake2b_state *S, const byte outlen, const void *key, XFREE(block, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif } - return 0; + return ret; } static WC_INLINE int blake2b_compress( diff --git a/wolfcrypt/src/blake2s.c b/wolfcrypt/src/blake2s.c index 30ae6c038..e1086c4dd 100644 --- a/wolfcrypt/src/blake2s.c +++ b/wolfcrypt/src/blake2s.c @@ -148,6 +148,7 @@ int blake2s_init( blake2s_state *S, const byte outlen ) int blake2s_init_key( blake2s_state *S, const byte outlen, const void *key, const byte keylen ) { + int ret = 0; blake2s_param P[1]; if ( ( !outlen ) || ( outlen > BLAKE2S_OUTBYTES ) ) return BAD_FUNC_ARG; @@ -174,11 +175,9 @@ int blake2s_init_key( blake2s_state *S, const byte outlen, const void *key, P->depth = 1; #endif - { - int ret = blake2s_init_param( S, P ); - if (ret < 0) - return ret; - } + ret = blake2s_init_param( S, P ); + if (ret < 0) + return ret; { #ifdef WOLFSSL_SMALL_STACK @@ -193,7 +192,7 @@ int blake2s_init_key( blake2s_state *S, const byte outlen, const void *key, XMEMSET( block, 0, BLAKE2S_BLOCKBYTES ); XMEMCPY( block, key, keylen ); - blake2s_update( S, block, BLAKE2S_BLOCKBYTES ); + ret = blake2s_update( S, block, BLAKE2S_BLOCKBYTES ); secure_zero_memory( block, BLAKE2S_BLOCKBYTES ); /* Burn the key from */ /* memory */ @@ -201,7 +200,7 @@ int blake2s_init_key( blake2s_state *S, const byte outlen, const void *key, XFREE(block, NULL, DYNAMIC_TYPE_TMP_BUFFER); #endif } - return 0; + return ret; } static WC_INLINE int blake2s_compress(