diff options
| author |  vnugent <public@vaughnnugent.com> | 2024-04-25 17:45:42 -0400 |
|---|---|---|
| committer | vnugent <public@vaughnnugent.com> | 2024-04-25 17:45:42 -0400 |
| commit | 6ff8bb11774c51fd341b7699a3938fd894995fbf (patch) | |
| tree | 823ef4f5397e7ed96a5198a83d0c3b3145b3d127 /src/crypto/nc-crypto.c | |
| parent | 7cb7a93de4f6f5e741bc5129e3d928e44f050930 (diff) | |
refactor: Finish support and testing for mbedtls
Diffstat (limited to 'src/crypto/nc-crypto.c')
| -rw-r--r-- | src/crypto/nc-crypto.c | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/src/crypto/nc-crypto.c b/src/crypto/nc-crypto.c index fb2c0da..587d59d 100644 --- a/src/crypto/nc-crypto.c +++ b/src/crypto/nc-crypto.c @@ -23,7 +23,7 @@ /* * Functions are not forced inline, just suggested. -* So unless it beomes a performance issue, I will leave +* So unless it becomes a performance issue, I will leave * most/all impl functions inline and let the compiler * decide. */ @@ -43,10 +43,12 @@ * * Macros are used to allow the preprocessor to select the correct implementation * or raise errors if no implementation is defined. +* +* Implementation functions can assume inputs have been checked/sanitized by the +* calling function, and should return CSTATUS_OK on success, CSTATUS_FAIL on failure. */ - /* * Prioritize embedded builds with mbedtls */ @@ -69,7 +71,8 @@ * memset 0 functions for each platform. */ #ifndef _IMPL_SECURE_ZERO_MEMSET - #if defined(__GNUC__) + /* only incude bzero if libc version greater than 2.25 */ + #if defined(__GLIBC__) && defined(__GLIBC_MINOR__) && __GLIBC__ >= 2 && __GLIBC_MINOR__ >= 25 /* * When using libc, we can use explicit_bzero * as secure memset implementation. @@ -77,6 +80,7 @@ * https://sourceware.org/glibc/manual/2.39/html_mono/libc.html#Erasing-Sensitive-Data */ #include <string.h> + extern void explicit_bzero(void* block, size_t len); #define _IMPL_SECURE_ZERO_MEMSET explicit_bzero #endif #endif @@ -161,6 +165,11 @@ * Internal function implementations that perform * basic checking and call the correct implementation * for the desired crypto impl. +* +* The following functions MUST be assumed to +* perform basic input validation. Since these apis are +* internal, debug asserts are used to ensure the +* function has been used correctly. */ void ncCryptoSecureZero(void* ptr, uint32_t size) @@ -223,6 +232,8 @@ cstatus_t ncCryptoSha256HkdfExpand(const cspan_t* prk, const cspan_t* info, span /* * RFC 5869: 2.3 * "length of output keying material in octets (<= 255 * HashLen)" + * + * important as the counter is 1 byte, so it cannot overflow */ if(okm->size > (uint32_t)(0xFFu * SHA256_DIGEST_SIZE)) |