diff --git a/ctaocrypt/benchmark/benchmark.c b/ctaocrypt/benchmark/benchmark.c index 9f19c5715..aa101fe2b 100644 --- a/ctaocrypt/benchmark/benchmark.c +++ b/ctaocrypt/benchmark/benchmark.c @@ -620,8 +620,13 @@ void bench_sha256(void) byte digest[SHA256_DIGEST_SIZE]; double start, total, persec; int i; + int ret; - InitSha256(&hash); + ret = InitSha256(&hash); + if (ret != 0) { + printf("InitSha256 failed, ret = %d\n", ret); + return; + } start = current_time(1); for(i = 0; i < numBlocks; i++) diff --git a/ctaocrypt/src/asn.c b/ctaocrypt/src/asn.c index ccb5e4864..cfff46b7f 100644 --- a/ctaocrypt/src/asn.c +++ b/ctaocrypt/src/asn.c @@ -2684,7 +2684,11 @@ static int ConfirmSignature(const byte* buf, word32 bufSz, case CTC_SHA256wECDSA: { Sha256 sha256; - InitSha256(&sha256); + ret = InitSha256(&sha256); + if (ret != 0) { + CYASSL_MSG("InitSha256 failed"); + return 0; /* not confirmed */ + } Sha256Update(&sha256, buf, bufSz); Sha256Final(&sha256, digest); typeH = SHA256h; @@ -4757,7 +4761,9 @@ static int MakeSignature(const byte* buffer, int sz, byte* sig, int sigSz, } else if (sigAlgoType == CTC_SHA256wRSA || sigAlgoType == CTC_SHA256wECDSA) { Sha256 sha256; - InitSha256(&sha256); + ret = InitSha256(&sha256); + if (ret != 0) + return ret; Sha256Update(&sha256, buffer, sz); Sha256Final(&sha256, digest); digestSz = SHA256_DIGEST_SIZE; diff --git a/ctaocrypt/src/error.c b/ctaocrypt/src/error.c index 16cb6beba..ae49c3536 100644 --- a/ctaocrypt/src/error.c +++ b/ctaocrypt/src/error.c @@ -347,6 +347,10 @@ void CTaoCryptErrorString(int error, char* buffer) XSTRNCPY(buffer, "PKCS#7 error: no matching recipient found", max); break; + case FIPS_NOT_ALLOWED_E: + XSTRNCPY(buffer, "FIPS mode not allowed error", max); + break; + default: XSTRNCPY(buffer, "unknown error number", max); diff --git a/ctaocrypt/src/hmac.c b/ctaocrypt/src/hmac.c index 0c2104ff4..bb6dce882 100644 --- a/ctaocrypt/src/hmac.c +++ b/ctaocrypt/src/hmac.c @@ -80,7 +80,7 @@ static int InitHmac(Hmac* hmac, int type) #ifndef NO_SHA256 case SHA256: - InitSha256(&hmac->hash.sha256); + ret = InitSha256(&hmac->hash.sha256); break; #endif diff --git a/ctaocrypt/src/pwdbased.c b/ctaocrypt/src/pwdbased.c index 57c5eddb5..72f5f1761 100644 --- a/ctaocrypt/src/pwdbased.c +++ b/ctaocrypt/src/pwdbased.c @@ -286,7 +286,9 @@ int PKCS12_PBKDF(byte* output, const byte* passwd, int passLen,const byte* salt, else if (hashType == SHA256) { Sha256 sha256; - InitSha256(&sha256); + ret = InitSha256(&sha256); + if (ret != 0) + break; Sha256Update(&sha256, buffer, totalLen); Sha256Final(&sha256, Ai); diff --git a/ctaocrypt/src/random.c b/ctaocrypt/src/random.c index 4406d6713..86a2143b8 100644 --- a/ctaocrypt/src/random.c +++ b/ctaocrypt/src/random.c @@ -103,7 +103,8 @@ static int Hash_df(RNG* rng, byte* out, word32 outSz, byte type, byte* inA, word for (i = 0, ctr = 1; i < len; i++, ctr++) { - InitSha256(&rng->sha); + if (InitSha256(&rng->sha) != 0) + return DBRG_ERROR; Sha256Update(&rng->sha, &ctr, sizeof(ctr)); Sha256Update(&rng->sha, (byte*)&bits, sizeof(bits)); /* churning V is the only string that doesn't have @@ -157,16 +158,17 @@ static INLINE void array_add_one(byte* data, word32 dataSz) } } -static void Hash_gen(RNG* rng, byte* out, word32 outSz, byte* V) +static int Hash_gen(RNG* rng, byte* out, word32 outSz, byte* V) { byte data[DBRG_SEED_LEN]; - int i; + int i, ret; int len = (outSz / SHA256_DIGEST_SIZE) + ((outSz % SHA256_DIGEST_SIZE) ? 1 : 0); XMEMCPY(data, V, sizeof(data)); for (i = 0; i < len; i++) { - InitSha256(&rng->sha); + ret = InitSha256(&rng->sha); + return ret; Sha256Update(&rng->sha, data, sizeof(data)); Sha256Final(&rng->sha, rng->digest); if (outSz > SHA256_DIGEST_SIZE) { @@ -180,6 +182,8 @@ static void Hash_gen(RNG* rng, byte* out, word32 outSz, byte* V) } } XMEMSET(data, 0, sizeof(data)); + + return 0; } @@ -209,8 +213,10 @@ static int Hash_DBRG_Generate(RNG* rng, byte* out, word32 outSz) if (rng->reseed_ctr != RESEED_MAX) { byte type = dbrgGenerateH; - Hash_gen(rng, out, outSz, rng->V); - InitSha256(&rng->sha); + if (Hash_gen(rng, out, outSz, rng->V) != 0) + return DBRG_ERROR; + if (InitSha256(&rng->sha) != 0) + return DBRG_ERROR; Sha256Update(&rng->sha, &type, sizeof(type)); Sha256Update(&rng->sha, rng->V, sizeof(rng->V)); Sha256Final(&rng->sha, rng->digest); diff --git a/ctaocrypt/src/sha256.c b/ctaocrypt/src/sha256.c index d42d137fc..292393995 100644 --- a/ctaocrypt/src/sha256.c +++ b/ctaocrypt/src/sha256.c @@ -36,6 +36,11 @@ #define Sha256Final Sha256Final_sw #endif +#ifdef HAVE_FIPS + /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */ + #define FIPS_NO_WRAPPERS +#endif + #include #ifdef NO_INLINE #include @@ -61,7 +66,7 @@ #endif /* min */ -void InitSha256(Sha256* sha256) +int InitSha256(Sha256* sha256) { #ifdef FREESCALE_MMCAU cau_sha256_initialize_output(sha256->digest); @@ -79,6 +84,8 @@ void InitSha256(Sha256* sha256) sha256->buffLen = 0; sha256->loLen = 0; sha256->hiLen = 0; + + return 0; } #ifndef FREESCALE_MMCAU @@ -158,7 +165,7 @@ static INLINE void AddLength(Sha256* sha256, word32 len) } -void Sha256Update(Sha256* sha256, const byte* data, word32 len) +int Sha256Update(Sha256* sha256, const byte* data, word32 len) { /* do block size increments */ byte* local = (byte*)sha256->buffer; @@ -181,10 +188,12 @@ void Sha256Update(Sha256* sha256, const byte* data, word32 len) sha256->buffLen = 0; } } + + return 0; } -void Sha256Final(Sha256* sha256, byte* hash) +int Sha256Final(Sha256* sha256, byte* hash) { byte* local = (byte*)sha256->buffer; @@ -232,7 +241,7 @@ void Sha256Final(Sha256* sha256, byte* hash) #endif XMEMCPY(hash, sha256->digest, SHA256_DIGEST_SIZE); - InitSha256(sha256); /* reset state */ + return InitSha256(sha256); /* reset state */ } diff --git a/ctaocrypt/test/test.c b/ctaocrypt/test/test.c index bc960651d..4b7f556f0 100644 --- a/ctaocrypt/test/test.c +++ b/ctaocrypt/test/test.c @@ -949,6 +949,7 @@ int sha256_test(void) testVector a, b; testVector test_sha[2]; + int ret; int times = sizeof(test_sha) / sizeof(struct testVector), i; a.input = "abc"; @@ -968,7 +969,9 @@ int sha256_test(void) test_sha[0] = a; test_sha[1] = b; - InitSha256(&sha); + ret = InitSha256(&sha); + if (ret != 0) + return -4003; for (i = 0; i < times; ++i) { Sha256Update(&sha, (byte*)test_sha[i].input,(word32)test_sha[i].inLen); diff --git a/cyassl/ctaocrypt/error-crypt.h b/cyassl/ctaocrypt/error-crypt.h index 2bf246e83..859c3451a 100644 --- a/cyassl/ctaocrypt/error-crypt.h +++ b/cyassl/ctaocrypt/error-crypt.h @@ -122,6 +122,7 @@ enum { PKCS7_OID_E = -195, /* PKCS#7, mismatched OID error */ PKCS7_RECIP_E = -196, /* PKCS#7, recipient error */ + FIPS_NOT_ALLOWED_E = -197, /* FIPS not allowed error */ MIN_CODE_E = -200 /* errors -101 - -199 */ }; diff --git a/cyassl/ctaocrypt/sha256.h b/cyassl/ctaocrypt/sha256.h index 7231cfafd..bcf540d12 100644 --- a/cyassl/ctaocrypt/sha256.h +++ b/cyassl/ctaocrypt/sha256.h @@ -61,11 +61,26 @@ typedef struct Sha256 { } Sha256; -CYASSL_API void InitSha256(Sha256*); -CYASSL_API void Sha256Update(Sha256*, const byte*, word32); -CYASSL_API void Sha256Final(Sha256*, byte*); +CYASSL_API int InitSha256(Sha256*); +CYASSL_API int Sha256Update(Sha256*, const byte*, word32); +CYASSL_API int Sha256Final(Sha256*, byte*); +#ifdef HAVE_FIPS + /* fips wrapper calls, user can call direct */ + CYASSL_API int InitSha256_fips(Sha256*); + CYASSL_API int Sha256Update_fips(Sha256*, const byte*, word32); + CYASSL_API int Sha256Final_fips(Sha256*, byte*); + #ifndef FIPS_NO_WRAPPERS + /* if not impl or fips.c impl wrapper force fips calls if fips build */ + #define InitSha256 InitSha256_fips + #define Sha256Update Sha256Update_fips + #define Sha256Final Sha256Final_fips + #endif /* FIPS_NO_WRAPPERS */ + +#endif /* HAVE_FIPS */ + + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/mcapi/crypto.c b/mcapi/crypto.c index b29005658..294a6401c 100644 --- a/mcapi/crypto.c +++ b/mcapi/crypto.c @@ -129,9 +129,7 @@ int CRYPT_SHA256_Initialize(CRYPT_SHA256_CTX* sha256) if (sha256 == NULL) return BAD_FUNC_ARG; - InitSha256((Sha256*)sha256); - - return 0; + return InitSha256((Sha256*)sha256); } diff --git a/mcapi/mcapi_test.c b/mcapi/mcapi_test.c index 27a89a55c..445b6ae58 100644 --- a/mcapi/mcapi_test.c +++ b/mcapi/mcapi_test.c @@ -272,11 +272,16 @@ static int check_sha256(void) { CRYPT_SHA256_CTX mcSha256; Sha256 defSha256; + int ret; byte mcDigest[CRYPT_SHA256_DIGEST_SIZE]; byte defDigest[SHA256_DIGEST_SIZE]; CRYPT_SHA256_Initialize(&mcSha256); - InitSha256(&defSha256); + ret = InitSha256(&defSha256); + if (ret != 0) { + printf("sha init default failed\n"); + return -1; + } CRYPT_SHA256_DataAdd(&mcSha256, ourData, OUR_DATA_SIZE); Sha256Update(&defSha256, ourData, OUR_DATA_SIZE); diff --git a/src/internal.c b/src/internal.c index e098d15bc..f92bf0a5f 100644 --- a/src/internal.c +++ b/src/internal.c @@ -1451,7 +1451,10 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx) #endif #endif #ifndef NO_SHA256 - InitSha256(&ssl->hashSha256); + ret = InitSha256(&ssl->hashSha256); + if (ret != 0) { + return ret; + } #endif #ifdef CYASSL_SHA384 InitSha384(&ssl->hashSha384); @@ -4441,7 +4444,7 @@ static INLINE void Sha256Rounds(int rounds, const byte* data, int sz) Sha256 sha256; int i; - InitSha256(&sha256); + InitSha256(&sha256); /* no error check on purpose, dummy round */ for (i = 0; i < rounds; i++) Sha256Update(&sha256, data, sz); @@ -7970,7 +7973,9 @@ static void PickHashSigAlgo(CYASSL* ssl, #endif #ifndef NO_SHA256 - InitSha256(&sha256); + ret = InitSha256(&sha256); + if (ret != 0) + return ret; Sha256Update(&sha256, ssl->arrays->clientRandom, RAN_LEN); Sha256Update(&sha256, ssl->arrays->serverRandom, RAN_LEN); Sha256Update(&sha256, messageVerify, verifySz); @@ -9018,7 +9023,9 @@ static void PickHashSigAlgo(CYASSL* ssl, #endif #ifndef NO_SHA256 - InitSha256(&sha256); + ret = InitSha256(&sha256); + if (ret != 0) + return ret; Sha256Update(&sha256, ssl->arrays->clientRandom, RAN_LEN); Sha256Update(&sha256, ssl->arrays->serverRandom, RAN_LEN); Sha256Update(&sha256, output + preSigIdx, preSigSz); @@ -9344,7 +9351,9 @@ static void PickHashSigAlgo(CYASSL* ssl, #endif #ifndef NO_SHA256 - InitSha256(&sha256); + ret = InitSha256(&sha256); + if (ret != 0) + return ret; Sha256Update(&sha256, ssl->arrays->clientRandom, RAN_LEN); Sha256Update(&sha256, ssl->arrays->serverRandom, RAN_LEN); Sha256Update(&sha256, output + preSigIdx, preSigSz); diff --git a/src/ssl.c b/src/ssl.c index 64208686e..cc87e9415 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -4467,7 +4467,11 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl) #endif if (IsAtLeastTLSv1_2(ssl)) { #ifndef NO_SHA256 - InitSha256(&ssl->hashSha256); + if ( (ssl->error = + InitSha256(&ssl->hashSha256)) != 0) { + CYASSL_ERROR(ssl->error); + return SSL_FATAL_ERROR; + } #endif #ifdef CYASSL_SHA384 InitSha384(&ssl->hashSha384); @@ -4741,7 +4745,11 @@ int CyaSSL_dtls_got_timeout(CYASSL* ssl) #endif if (IsAtLeastTLSv1_2(ssl)) { #ifndef NO_SHA256 - InitSha256(&ssl->hashSha256); + if ( (ssl->error = + InitSha256(&ssl->hashSha256)) != 0) { + CYASSL_ERROR(ssl->error); + return SSL_FATAL_ERROR; + } #endif #ifdef CYASSL_SHA384 InitSha384(&ssl->hashSha384); @@ -4945,10 +4953,13 @@ static INLINE word32 HashSession(const byte* sessionID, word32 len, int* error) { byte digest[SHA256_DIGEST_SIZE]; Sha256 sha256; + int ret; - (void)error; - - InitSha256(&sha256); + ret = InitSha256(&sha256); + if (ret != 0) { + *error = ret; + return 0; + } Sha256Update(&sha256, sessionID, len); Sha256Final(&sha256, digest); @@ -6525,7 +6536,7 @@ int CyaSSL_set_compression(CYASSL* ssl) (void)sizeof(sha_test); CYASSL_ENTER("SHA256_Init"); - InitSha256((Sha256*)sha256); + InitSha256((Sha256*)sha256); /* OpenSSL compat, no error */ } diff --git a/tests/hash.c b/tests/hash.c index 624bbcb36..a2354ebbd 100644 --- a/tests/hash.c +++ b/tests/hash.c @@ -361,6 +361,7 @@ int sha256_test(void) testVector a, b; testVector test_sha[2]; + int ret; int times = sizeof(test_sha) / sizeof(struct testVector), i; a.input = "abc"; @@ -380,7 +381,9 @@ int sha256_test(void) test_sha[0] = a; test_sha[1] = b; - InitSha256(&sha); + ret = InitSha256(&sha); + if (ret != 0) + return ret; for (i = 0; i < times; ++i) { Sha256Update(&sha, (byte*)test_sha[i].input,(word32)test_sha[i].inLen); diff --git a/testsuite/testsuite.c b/testsuite/testsuite.c index 909090718..de6507aea 100644 --- a/testsuite/testsuite.c +++ b/testsuite/testsuite.c @@ -307,12 +307,16 @@ void FreeTcpReady(tcp_ready* ready) void file_test(const char* file, byte* check) { FILE* f; - int i = 0, j; + int i = 0, j, ret; Sha256 sha256; byte buf[1024]; byte shasum[SHA256_DIGEST_SIZE]; - InitSha256(&sha256); + ret = InitSha256(&sha256); + if (ret != 0) { + printf("Can't InitSha256 %d\n", ret); + return; + } if( !( f = fopen( file, "rb" ) )) { printf("Can't open %s\n", file); return;