diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/crypto/impl/mbedtls.c | 10 | ||||
| -rw-r--r-- | src/crypto/impl/monocypher.c | 2 | ||||
| -rw-r--r-- | src/crypto/impl/openssl.c | 48 |
3 files changed, 31 insertions, 29 deletions
diff --git a/src/crypto/impl/mbedtls.c b/src/crypto/impl/mbedtls.c index 18eb9db..057e7b4 100644 --- a/src/crypto/impl/mbedtls.c +++ b/src/crypto/impl/mbedtls.c @@ -30,7 +30,7 @@ /* Inline errors on linux in header files on linux */ #ifndef inline -#define inline __inline + #define inline __inline #endif #include <mbedtls/md.h> @@ -41,7 +41,7 @@ #include <mbedtls/constant_time.h> #ifndef inline -#undef inline + #undef inline #endif @@ -73,7 +73,7 @@ _IMPLSTB const mbedtls_md_info_t* _mbed_sha256_alg(void) uint32_t dataLen ) { - _sizet_check(dataLen) + _overflow_check(dataLen) /* Counter always starts at 0 */ return mbedtls_chacha20_crypt( @@ -95,7 +95,7 @@ _IMPLSTB const mbedtls_md_info_t* _mbed_sha256_alg(void) _IMPLSTB cstatus_t _mbed_sha256_digest(const cspan_t* data, sha256_t digestOut32) { - _sizet_check(data->size) + _overflow_check(data->size) return mbedtls_sha256( data->data, @@ -114,7 +114,7 @@ _IMPLSTB const mbedtls_md_info_t* _mbed_sha256_alg(void) _IMPLSTB cstatus_t _mbed_sha256_hmac(const cspan_t* key, const cspan_t* data, sha256_t hmacOut32) { - _sizet_check(data->size) + _overflow_check(data->size) /* Keys should never be large enough for this to matter, but sanity check. */ DEBUG_ASSERT2(key->size < SIZE_MAX, "Expected key size to be less than SIZE_MAX") diff --git a/src/crypto/impl/monocypher.c b/src/crypto/impl/monocypher.c index b695d08..7c9faea 100644 --- a/src/crypto/impl/monocypher.c +++ b/src/crypto/impl/monocypher.c @@ -53,7 +53,7 @@ uint32_t dataLen ) { - _sizet_check(dataLen) + _overflow_check(dataLen) /* * Function returns the next counter value which is not diff --git a/src/crypto/impl/openssl.c b/src/crypto/impl/openssl.c index 90028e6..fd3b4e6 100644 --- a/src/crypto/impl/openssl.c +++ b/src/crypto/impl/openssl.c @@ -20,7 +20,6 @@ /* Setup openssl */ - #ifdef OPENSSL_CRYPTO_LIB #include "nc-util.h" @@ -34,7 +33,7 @@ _IMPLSTB void _ossl_secure_zero_memset(void* ptr, size_t size) { - _sizet_check(size) + _overflow_check(size) OPENSSL_cleanse(ptr, size); } @@ -48,7 +47,8 @@ { int result; - _sizet_check(size) + /* Size checks are required for platforms that have integer sizes under 32bit */ + _overflow_check(size) result = CRYPTO_memcmp(a, b, size); @@ -66,7 +66,7 @@ _IMPLSTB cstatus_t _ossl_sha256_digest(const cspan_t* data, sha256_t digestOut32) { - _sizet_check(data->size) + _overflow_check(data->size) _OSSL_FAIL(SHA256(data->data, data->size, digestOut32)) @@ -86,8 +86,8 @@ { unsigned int hmacLen; - _sizet_check(key->size) - _sizet_check(data->size) + _overflow_check(key->size) + _overflow_check(data->size) hmacLen = sizeof(sha256_t); @@ -104,7 +104,7 @@ ) /* digest length should match the actual digest size */ - _OSSL_FAIL(hmacLen != sizeof(sha256_t)) + DEBUG_ASSERT(hmacLen == sizeof(sha256_t)) return CSTATUS_OK; } @@ -122,23 +122,32 @@ { DEBUG_ASSERT(ctx != NULL) - _OSS_FAIL(HMAC_Update((HMAC_CTX*)ctx, data->data, data->size)) + _overflow_check(data->size) + + _OSSL_FAIL(EVP_DigestUpdate((EVP_MD_CTX*)ctx, data->data, data->size)) return CSTATUS_OK; } cstatus_t _ossl_hkdf_finish(void* ctx, sha256_t hmacOut32) { + unsigned int hmacSize; + DEBUG_ASSERT(ctx != NULL) - _OSSL_FAIL(HMAC_Final((HMAC_CTX*)ctx, hmacOut32, NULL)) + hmacSize = sizeof(sha256_t); + + _OSSL_FAIL(EVP_DigestFinal_ex((EVP_MD_CTX*)ctx, hmacOut32, &hmacSize)) + + /* When configured for sha256, should always be the same size in/out */ + DEBUG_ASSERT(hmacSize == sizeof(sha256_t)) return CSTATUS_OK; } - _IMPLSTB cstatus_t _ossl_fallback_hkdf_expand(const cspan_t* prk, const cspan_t* info, span_t* okm) + _IMPLSTB cstatus_t _ossl_sha256_hkdf_expand(const cspan_t* prk, const cspan_t* info, span_t* okm) { - HMAC_CTX* hmac; + EVP_MD_CTX* ctx; cstatus_t result; struct nc_hkdf_fn_cb_struct handler; @@ -147,28 +156,21 @@ * calls to the finish function without losing the context. */ - if ((hmac = HMAC_CTX_new()) == NULL) + if ((ctx = EVP_MD_CTX_create()) == NULL) { return CSTATUS_FAIL; } + _OSSL_FAIL(EVP_DigestInit_ex2(ctx, EVP_sha256(), NULL)) - _OSSL_FAIL( - HMAC_Init_ex( - hmac, - prk->data, - pkr->size, - EVP_sha256(), - NULL - ) - ) + _OSSL_FAIL(EVP_DigestUpdate(ctx, prk->data, prk->size)); handler.update = _ossl_hkdf_update; handler.finish = _ossl_hkdf_finish; - result = hkdfExpandProcess(&handler, hmac, info, okm); + result = hkdfExpandProcess(&handler, ctx, info, okm); - HMAC_CTX_free(hmac); + EVP_MD_CTX_destroy(ctx); return result; } |