DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

OpenSSL: Check EVP_MAC_update() return value more consistently

Browse source 
Check this in crypto_hash_update() to be more consistent and report any
error in crypto_hash_finish().

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2023-12-17 12:06:04 +02:00
parent a92694b001
commit 231d86ef91
1 changed files with 15 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
src/crypto/crypto_openssl.c
View file

@ -1313,6 +1313,7 @@ struct crypto_hash {
#else /* OpenSSL version >= 3.0 */ #else /* OpenSSL version >= 3.0 */
HMAC_CTX *ctx; HMAC_CTX *ctx;
#endif /* OpenSSL version >= 3.0 */ #endif /* OpenSSL version >= 3.0 */
bool failed;
}; };
@ -1425,9 +1426,11 @@ void crypto_hash_update(struct crypto_hash *ctx, const u8 *data, size_t len)
if (ctx == NULL) if (ctx == NULL)
return; return;
#if OPENSSL_VERSION_NUMBER >= 0x30000000L #if OPENSSL_VERSION_NUMBER >= 0x30000000L
EVP_MAC_update(ctx->ctx, data, len); if (!EVP_MAC_update(ctx->ctx, data, len))
ctx->failed = true;
#else /* OpenSSL version >= 3.0 */ #else /* OpenSSL version >= 3.0 */
HMAC_Update(ctx->ctx, data, len); if (!HMAC_Update(ctx->ctx, data, len))
ctx->failed = true;
#endif /* OpenSSL version >= 3.0 */ #endif /* OpenSSL version >= 3.0 */
} }
@ -1437,6 +1440,7 @@ int crypto_hash_finish(struct crypto_hash *ctx, u8 *mac, size_t *len)
#if OPENSSL_VERSION_NUMBER >= 0x30000000L #if OPENSSL_VERSION_NUMBER >= 0x30000000L
size_t mdlen; size_t mdlen;
int res; int res;
bool failed;
if (!ctx) if (!ctx)
return -2; return -2;
@ -1455,11 +1459,15 @@ int crypto_hash_finish(struct crypto_hash *ctx, u8 *mac, size_t *len)
} }
res = EVP_MAC_final(ctx->ctx, mac, &mdlen, mdlen); res = EVP_MAC_final(ctx->ctx, mac, &mdlen, mdlen);
EVP_MAC_CTX_free(ctx->ctx); EVP_MAC_CTX_free(ctx->ctx);
failed = ctx->failed;
bin_clear_free(ctx, sizeof(*ctx)); bin_clear_free(ctx, sizeof(*ctx));
if (TEST_FAIL()) if (TEST_FAIL())
return -1; return -1;
if (failed)
return -2;
if (res == 1) { if (res == 1) {
*len = mdlen; *len = mdlen;
return 0; return 0;
@ -1469,6 +1477,7 @@ int crypto_hash_finish(struct crypto_hash *ctx, u8 *mac, size_t *len)
#else /* OpenSSL version >= 3.0 */ #else /* OpenSSL version >= 3.0 */
unsigned int mdlen; unsigned int mdlen;
int res; int res;
bool failed;
if (ctx == NULL) if (ctx == NULL)
return -2; return -2;
@ -1482,11 +1491,15 @@ int crypto_hash_finish(struct crypto_hash *ctx, u8 *mac, size_t *len)
mdlen = *len; mdlen = *len;
res = HMAC_Final(ctx->ctx, mac, &mdlen); res = HMAC_Final(ctx->ctx, mac, &mdlen);
HMAC_CTX_free(ctx->ctx); HMAC_CTX_free(ctx->ctx);
failed = ctx->failed;
bin_clear_free(ctx, sizeof(*ctx)); bin_clear_free(ctx, sizeof(*ctx));
if (TEST_FAIL()) if (TEST_FAIL())
return -1; return -1;
if (failed)
return -2;
if (res == 1) { if (res == 1) {
*len = mdlen; *len = mdlen;
return 0; return 0;