From: Marc-André Moreau Date: Tue, 13 Oct 2015 13:43:26 +0000 (-0400) Subject: libwinpr-crypto: fix error checking X-Git-Tag: 2.0.0-beta1+android10~411^2~1 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=6ab29da5761cdc720cf7e235a8e1ec24990ad3a2;p=platform%2Fupstream%2Ffreerdp.git libwinpr-crypto: fix error checking --- diff --git a/winpr/include/winpr/crypto.h b/winpr/include/winpr/crypto.h index de0b3c7..7754700 100644 --- a/winpr/include/winpr/crypto.h +++ b/winpr/include/winpr/crypto.h @@ -838,10 +838,10 @@ typedef union _WINPR_DIGEST_CTX WINPR_DIGEST_CTX; extern "C" { #endif -WINPR_API void winpr_Digest_Init(WINPR_DIGEST_CTX* ctx, int md); -WINPR_API void winpr_Digest_Update(WINPR_DIGEST_CTX* ctx, const BYTE* input, size_t ilen); -WINPR_API void winpr_Digest_Final(WINPR_DIGEST_CTX* ctx, BYTE* output); -WINPR_API void winpr_Digest(int md, const BYTE* input, size_t ilen, BYTE* output); +WINPR_API int winpr_Digest_Init(WINPR_DIGEST_CTX* ctx, int md); +WINPR_API int winpr_Digest_Update(WINPR_DIGEST_CTX* ctx, const BYTE* input, size_t ilen); +WINPR_API int winpr_Digest_Final(WINPR_DIGEST_CTX* ctx, BYTE* output); +WINPR_API int winpr_Digest(int md, const BYTE* input, size_t ilen, BYTE* output); #ifdef __cplusplus } @@ -1007,9 +1007,9 @@ typedef union _WINPR_CIPHER_CTX WINPR_CIPHER_CTX; extern "C" { #endif -WINPR_API void winpr_Cipher_Init(WINPR_CIPHER_CTX* ctx, int cipher, int op, const BYTE* key, const BYTE* iv); +WINPR_API int winpr_Cipher_Init(WINPR_CIPHER_CTX* ctx, int cipher, int op, const BYTE* key, const BYTE* iv); WINPR_API int winpr_Cipher_Update(WINPR_CIPHER_CTX* ctx, const BYTE* input, size_t ilen, BYTE* output, size_t* olen); -WINPR_API void winpr_Cipher_Final(WINPR_CIPHER_CTX* ctx, BYTE* output, size_t* olen); +WINPR_API int winpr_Cipher_Final(WINPR_CIPHER_CTX* ctx, BYTE* output, size_t* olen); #ifdef __cplusplus } diff --git a/winpr/libwinpr/crypto/cipher.c b/winpr/libwinpr/crypto/cipher.c index 29885ef..7eef590 100644 --- a/winpr/libwinpr/crypto/cipher.c +++ b/winpr/libwinpr/crypto/cipher.c @@ -57,10 +57,10 @@ int winpr_RC4_Update(WINPR_RC4_CTX* ctx, size_t length, const BYTE* input, BYTE* { #if defined(WITH_OPENSSL) RC4((RC4_KEY*) ctx, length, input, output); + return 0; #elif defined(WITH_MBEDTLS) && defined(MBEDTLS_ARC4_C) - mbedtls_arc4_crypt((mbedtls_arc4_context*) ctx, length, input, output); + return mbedtls_arc4_crypt((mbedtls_arc4_context*) ctx, length, input, output); #endif - return 0; } void winpr_RC4_Final(WINPR_RC4_CTX* ctx) @@ -97,29 +97,28 @@ const EVP_CIPHER* winpr_openssl_get_evp_cipher(int cipher) evp = EVP_enc_null(); break; -#ifndef OPENSSL_NO_AES case WINPR_CIPHER_AES_128_ECB: - evp = EVP_aes_128_ecb(); + evp = EVP_get_cipherbyname("aes-128-ecb"); break; case WINPR_CIPHER_AES_192_ECB: - evp = EVP_aes_192_ecb(); + evp = EVP_get_cipherbyname("aes-192-ecb"); break; case WINPR_CIPHER_AES_256_ECB: - evp = EVP_aes_256_ecb(); + evp = EVP_get_cipherbyname("aes-256-ecb"); break; case WINPR_CIPHER_AES_128_CBC: - evp = EVP_aes_128_cbc(); + evp = EVP_get_cipherbyname("aes-128-cbc"); break; case WINPR_CIPHER_AES_192_CBC: - evp = EVP_aes_192_cbc(); + evp = EVP_get_cipherbyname("aes-192-cbc"); break; case WINPR_CIPHER_AES_256_CBC: - evp = EVP_aes_256_cbc(); + evp = EVP_get_cipherbyname("aes-256-cbc"); break; case WINPR_CIPHER_AES_128_CFB128: @@ -169,9 +168,7 @@ const EVP_CIPHER* winpr_openssl_get_evp_cipher(int cipher) case WINPR_CIPHER_AES_256_CCM: evp = EVP_get_cipherbyname("aes-256-ccm"); break; -#endif -#ifndef OPENSSL_NO_CAMELLIA case WINPR_CIPHER_CAMELLIA_128_ECB: evp = EVP_get_cipherbyname("camellia-128-ecb"); break; @@ -209,53 +206,83 @@ const EVP_CIPHER* winpr_openssl_get_evp_cipher(int cipher) break; case WINPR_CIPHER_CAMELLIA_128_CTR: + evp = EVP_get_cipherbyname("camellia-128-ctr"); + break; + case WINPR_CIPHER_CAMELLIA_192_CTR: + evp = EVP_get_cipherbyname("camellia-192-ctr"); + break; + case WINPR_CIPHER_CAMELLIA_256_CTR: + evp = EVP_get_cipherbyname("camellia-256-ctr"); + break; + case WINPR_CIPHER_CAMELLIA_128_GCM: + evp = EVP_get_cipherbyname("camellia-128-gcm"); + break; + case WINPR_CIPHER_CAMELLIA_192_GCM: + evp = EVP_get_cipherbyname("camellia-192-gcm"); + break; + case WINPR_CIPHER_CAMELLIA_256_GCM: + evp = EVP_get_cipherbyname("camellia-256-gcm"); + break; + case WINPR_CIPHER_CAMELLIA_128_CCM: + evp = EVP_get_cipherbyname("camellia-128-ccm"); + break; + case WINPR_CIPHER_CAMELLIA_192_CCM: + evp = EVP_get_cipherbyname("camellia-192-gcm"); + break; + case WINPR_CIPHER_CAMELLIA_256_CCM: + evp = EVP_get_cipherbyname("camellia-256-gcm"); break; -#endif -#ifndef OPENSSL_NO_DES case WINPR_CIPHER_DES_ECB: - evp = EVP_des_ecb(); + evp = EVP_get_cipherbyname("des-ecb"); break; case WINPR_CIPHER_DES_CBC: - evp = EVP_des_cbc(); + evp = EVP_get_cipherbyname("des-cbc"); break; case WINPR_CIPHER_DES_EDE_ECB: - evp = EVP_des_ede_ecb(); + evp = EVP_get_cipherbyname("des-ede-ecb"); break; case WINPR_CIPHER_DES_EDE_CBC: - evp = EVP_des_ede_cbc(); + evp = EVP_get_cipherbyname("des-ede-cbc"); break; case WINPR_CIPHER_DES_EDE3_ECB: - evp = EVP_des_ede3_ecb(); + evp = EVP_get_cipherbyname("des-ede3-ecb"); break; case WINPR_CIPHER_DES_EDE3_CBC: - evp = EVP_des_ede3_cbc(); + evp = EVP_get_cipherbyname("des-ede3-cbc"); break; -#endif -#ifndef OPENSSL_NO_RC4 case WINPR_CIPHER_ARC4_128: - evp = EVP_rc4(); + evp = EVP_get_cipherbyname("rc4"); break; -#endif case WINPR_CIPHER_BLOWFISH_ECB: + evp = EVP_get_cipherbyname("blowfish-ecb"); + break; + case WINPR_CIPHER_BLOWFISH_CBC: + evp = EVP_get_cipherbyname("blowfish-cbc"); + break; + case WINPR_CIPHER_BLOWFISH_CFB64: + evp = EVP_get_cipherbyname("blowfish-cfb64"); + break; + case WINPR_CIPHER_BLOWFISH_CTR: + evp = EVP_get_cipherbyname("blowfish-ctr"); break; } @@ -469,15 +496,21 @@ mbedtls_cipher_type_t winpr_mbedtls_get_cipher_type(int cipher) } #endif -void winpr_Cipher_Init(WINPR_CIPHER_CTX* ctx, int cipher, int op, const BYTE* key, const BYTE* iv) +int winpr_Cipher_Init(WINPR_CIPHER_CTX* ctx, int cipher, int op, const BYTE* key, const BYTE* iv) { #if defined(WITH_OPENSSL) int operation; const EVP_CIPHER* evp; evp = winpr_openssl_get_evp_cipher(cipher); + + if (!evp) + return -1; + operation = (op == WINPR_ENCRYPT) ? 1 : 0; EVP_CIPHER_CTX_init((EVP_CIPHER_CTX*) ctx); - EVP_CipherInit_ex((EVP_CIPHER_CTX*) ctx, evp, NULL, key, iv, operation); + + if (EVP_CipherInit_ex((EVP_CIPHER_CTX*) ctx, evp, NULL, key, iv, operation) != 1) + return -1; #elif defined(WITH_MBEDTLS) int key_bitlen; mbedtls_operation_t operation; @@ -485,37 +518,57 @@ void winpr_Cipher_Init(WINPR_CIPHER_CTX* ctx, int cipher, int op, const BYTE* ke const mbedtls_cipher_info_t* cipher_info; cipher_type = winpr_mbedtls_get_cipher_type(cipher); cipher_info = mbedtls_cipher_info_from_type(cipher_type); + + if (!cipher_info) + return -1; + operation = (op == WINPR_ENCRYPT) ? MBEDTLS_ENCRYPT : MBEDTLS_DECRYPT; mbedtls_cipher_init((mbedtls_cipher_context_t*) ctx); - mbedtls_cipher_setup((mbedtls_cipher_context_t*) ctx, cipher_info); + + if (mbedtls_cipher_setup((mbedtls_cipher_context_t*) ctx, cipher_info) != 0) + return -1; + key_bitlen = mbedtls_cipher_get_key_bitlen((mbedtls_cipher_context_t*) ctx); - mbedtls_cipher_setkey((mbedtls_cipher_context_t*) ctx, key, key_bitlen, operation); + + if (mbedtls_cipher_setkey((mbedtls_cipher_context_t*) ctx, key, key_bitlen, operation) != 0) + return -1; #endif + return 0; } int winpr_Cipher_Update(WINPR_CIPHER_CTX* ctx, const BYTE* input, size_t ilen, BYTE* output, size_t* olen) { #if defined(WITH_OPENSSL) int outl = (int) *olen; - EVP_CipherUpdate((EVP_CIPHER_CTX*) ctx, output, &outl, input, ilen); + + if (EVP_CipherUpdate((EVP_CIPHER_CTX*) ctx, output, &outl, input, ilen) != 1) + return -1; + *olen = (size_t) outl; #elif defined(WITH_MBEDTLS) - mbedtls_cipher_update((mbedtls_cipher_context_t*) ctx, input, ilen, output, olen); + if (mbedtls_cipher_update((mbedtls_cipher_context_t*) ctx, input, ilen, output, olen) != 0) + return -1; #endif return 0; } -void winpr_Cipher_Final(WINPR_CIPHER_CTX* ctx, BYTE* output, size_t* olen) +int winpr_Cipher_Final(WINPR_CIPHER_CTX* ctx, BYTE* output, size_t* olen) { #if defined(WITH_OPENSSL) int outl = (int) *olen; - EVP_CipherFinal_ex((EVP_CIPHER_CTX*) ctx, output, &outl); + + if (EVP_CipherFinal_ex((EVP_CIPHER_CTX*) ctx, output, &outl) != 1) + return -1; + EVP_CIPHER_CTX_cleanup((EVP_CIPHER_CTX*) ctx); *olen = (size_t) outl; #elif defined(WITH_MBEDTLS) - mbedtls_cipher_finish((mbedtls_cipher_context_t*) ctx, output, olen); + if (mbedtls_cipher_finish((mbedtls_cipher_context_t*) ctx, output, olen) != 0) + return -1; + mbedtls_cipher_free((mbedtls_cipher_context_t*) ctx); #endif + return 0; } /** diff --git a/winpr/libwinpr/crypto/hash.c b/winpr/libwinpr/crypto/hash.c index a3b8139..90ef346 100644 --- a/winpr/libwinpr/crypto/hash.c +++ b/winpr/libwinpr/crypto/hash.c @@ -175,55 +175,41 @@ const EVP_MD* winpr_openssl_get_evp_md(int md) switch (md) { -#ifndef OPENSSL_NO_MD2 case WINPR_MD_MD2: - evp = EVP_md2(); + evp = EVP_get_digestbyname("md2"); break; -#endif -#ifndef OPENSSL_NO_MD4 case WINPR_MD_MD4: - evp = EVP_md4(); + evp = EVP_get_digestbyname("md4"); break; -#endif -#ifndef OPENSSL_NO_MD5 case WINPR_MD_MD5: - evp = EVP_md5(); + evp = EVP_get_digestbyname("md5"); break; -#endif -#ifndef OPENSSL_NO_SHA case WINPR_MD_SHA1: - evp = EVP_sha1(); + evp = EVP_get_digestbyname("sha1"); break; -#endif -#ifndef OPENSSL_NO_SHA256 case WINPR_MD_SHA224: - evp = EVP_sha224(); + evp = EVP_get_digestbyname("sha224"); break; case WINPR_MD_SHA256: - evp = EVP_sha256(); + evp = EVP_get_digestbyname("sha256"); break; -#endif -#ifndef OPENSSL_NO_SHA512 case WINPR_MD_SHA384: - evp = EVP_sha384(); + evp = EVP_get_digestbyname("sha384"); break; case WINPR_MD_SHA512: - evp = EVP_sha512(); + evp = EVP_get_digestbyname("sha512"); break; -#endif -#ifndef OPENSSL_NO_RIPEMD case WINPR_MD_RIPEMD160: evp = EVP_get_digestbyname("ripemd160"); break; -#endif } return evp; @@ -282,15 +268,29 @@ int winpr_HMAC_Init(WINPR_HMAC_CTX* ctx, int md, const BYTE* key, size_t keylen) { #if defined(WITH_OPENSSL) const EVP_MD* evp = winpr_openssl_get_evp_md(md); + + if (!evp) + return -1; + HMAC_CTX_init((HMAC_CTX*) ctx); - HMAC_Init_ex((HMAC_CTX*) ctx, key, keylen, evp, NULL); + + if (HMAC_Init_ex((HMAC_CTX*) ctx, key, keylen, evp, NULL) != 1) + return -1; #elif defined(WITH_MBEDTLS) const mbedtls_md_info_t* md_info; mbedtls_md_type_t md_type = winpr_mbedtls_get_md_type(md); md_info = mbedtls_md_info_from_type(md_type); + + if (!md_info) + return -1; + mbedtls_md_init((mbedtls_md_context_t*) ctx); - mbedtls_md_setup((mbedtls_md_context_t*) ctx, md_info, 1); - mbedtls_md_hmac_starts((mbedtls_md_context_t*) ctx, key, keylen); + + if (mbedtls_md_setup((mbedtls_md_context_t*) ctx, md_info, 1) != 0) + return -1; + + if (mbedtls_md_hmac_starts((mbedtls_md_context_t*) ctx, key, keylen) != 0) + return -1; #endif return 0; } @@ -298,9 +298,11 @@ int winpr_HMAC_Init(WINPR_HMAC_CTX* ctx, int md, const BYTE* key, size_t keylen) int winpr_HMAC_Update(WINPR_HMAC_CTX* ctx, const BYTE* input, size_t ilen) { #if defined(WITH_OPENSSL) - HMAC_Update((HMAC_CTX*) ctx, input, ilen); + if (HMAC_Update((HMAC_CTX*) ctx, input, ilen) != 1) + return -1; #elif defined(WITH_MBEDTLS) - mbedtls_md_hmac_update((mbedtls_md_context_t*) ctx, input, ilen); + if (mbedtls_md_hmac_update((mbedtls_md_context_t*) ctx, input, ilen) != 0) + return -1; #endif return 0; } @@ -308,10 +310,13 @@ int winpr_HMAC_Update(WINPR_HMAC_CTX* ctx, const BYTE* input, size_t ilen) int winpr_HMAC_Final(WINPR_HMAC_CTX* ctx, BYTE* output) { #if defined(WITH_OPENSSL) - HMAC_Final((HMAC_CTX*) ctx, output, NULL); + if (HMAC_Final((HMAC_CTX*) ctx, output, NULL) != 1) + return -1; HMAC_CTX_cleanup((HMAC_CTX*) ctx); #elif defined(WITH_MBEDTLS) - mbedtls_md_hmac_finish((mbedtls_md_context_t*) ctx, output); + if (mbedtls_md_hmac_finish((mbedtls_md_context_t*) ctx, output) != 0) + return -1; + mbedtls_md_free((mbedtls_md_context_t*) ctx); #endif return 0; @@ -320,9 +325,16 @@ int winpr_HMAC_Final(WINPR_HMAC_CTX* ctx, BYTE* output) int winpr_HMAC(int md, const BYTE* key, size_t keylen, const BYTE* input, size_t ilen, BYTE* output) { WINPR_HMAC_CTX ctx; - winpr_HMAC_Init(&ctx, md, key, keylen); - winpr_HMAC_Update(&ctx, input, ilen); - winpr_HMAC_Final(&ctx, output); + + if (winpr_HMAC_Init(&ctx, md, key, keylen) != 0) + return -1; + + if (winpr_HMAC_Update(&ctx, input, ilen) != 0) + return -1; + + if (winpr_HMAC_Final(&ctx, output) != 0) + return -1; + return 0; } @@ -330,45 +342,75 @@ int winpr_HMAC(int md, const BYTE* key, size_t keylen, const BYTE* input, size_t * Generic Digest API */ -void winpr_Digest_Init(WINPR_DIGEST_CTX* ctx, int md) +int winpr_Digest_Init(WINPR_DIGEST_CTX* ctx, int md) { #if defined(WITH_OPENSSL) const EVP_MD* evp = winpr_openssl_get_evp_md(md); + + if (!evp) + return -1; + EVP_MD_CTX_init((EVP_MD_CTX*) ctx); - EVP_DigestInit_ex((EVP_MD_CTX*) ctx, evp, NULL); + + if (EVP_DigestInit_ex((EVP_MD_CTX*) ctx, evp, NULL) != 1) + return -1; #elif defined(WITH_MBEDTLS) const mbedtls_md_info_t* md_info; mbedtls_md_type_t md_type = winpr_mbedtls_get_md_type(md); md_info = mbedtls_md_info_from_type(md_type); + + if (!md_info) + return -1; + mbedtls_md_init((mbedtls_md_context_t*) ctx); - mbedtls_md_setup((mbedtls_md_context_t*) ctx, md_info, 0); - mbedtls_md_starts((mbedtls_md_context_t*) ctx); + + if (mbedtls_md_setup((mbedtls_md_context_t*) ctx, md_info, 0) != 0) + return -1; + + if (mbedtls_md_starts((mbedtls_md_context_t*) ctx) != 0) + return -1; #endif + return 0; } -void winpr_Digest_Update(WINPR_DIGEST_CTX* ctx, const BYTE* input, size_t ilen) +int winpr_Digest_Update(WINPR_DIGEST_CTX* ctx, const BYTE* input, size_t ilen) { #if defined(WITH_OPENSSL) - EVP_DigestUpdate((EVP_MD_CTX*) ctx, input, ilen); + if (EVP_DigestUpdate((EVP_MD_CTX*) ctx, input, ilen) != 1) + return -1; #elif defined(WITH_MBEDTLS) - mbedtls_md_update((mbedtls_md_context_t*) ctx, input, ilen); + if (mbedtls_md_update((mbedtls_md_context_t*) ctx, input, ilen) != 0) + return -1; #endif + return 0; } -void winpr_Digest_Final(WINPR_DIGEST_CTX* ctx, BYTE* output) +int winpr_Digest_Final(WINPR_DIGEST_CTX* ctx, BYTE* output) { #if defined(WITH_OPENSSL) - EVP_DigestFinal_ex((EVP_MD_CTX*) ctx, output, NULL); + if (EVP_DigestFinal_ex((EVP_MD_CTX*) ctx, output, NULL) != 1) + return -1; #elif defined(WITH_MBEDTLS) - mbedtls_md_finish((mbedtls_md_context_t*) ctx, output); + if (mbedtls_md_finish((mbedtls_md_context_t*) ctx, output) != 0) + return -1; + mbedtls_md_free((mbedtls_md_context_t*) ctx); #endif + return 0; } -void winpr_Digest(int md, const BYTE* input, size_t ilen, BYTE* output) +int winpr_Digest(int md, const BYTE* input, size_t ilen, BYTE* output) { WINPR_DIGEST_CTX ctx; - winpr_Digest_Init(&ctx, md); - winpr_Digest_Update(&ctx, input, ilen); - winpr_Digest_Final(&ctx, output); + + if (winpr_Digest_Init(&ctx, md) != 0) + return -1; + + if (winpr_Digest_Update(&ctx, input, ilen) != 0) + return -1; + + if (winpr_Digest_Final(&ctx, output) != 0) + return -1; + + return 0; } diff --git a/winpr/libwinpr/crypto/rand.c b/winpr/libwinpr/crypto/rand.c index 8b8468b..a9ee3d3 100644 --- a/winpr/libwinpr/crypto/rand.c +++ b/winpr/libwinpr/crypto/rand.c @@ -38,11 +38,15 @@ int winpr_RAND(BYTE* output, size_t len) { #if defined(WITH_OPENSSL) - RAND_bytes(output, len); + if (RAND_bytes(output, len) != 1) + return -1; #elif defined(WITH_MBEDTLS) && defined(MBEDTLS_HAVEGE_C) mbedtls_havege_state hs; mbedtls_havege_init(&hs); - mbedtls_havege_random(&hs, output, len); + + if (mbedtls_havege_random(&hs, output, len) != 0) + return -1; + mbedtls_havege_free(&hs); #endif return 0; @@ -51,11 +55,15 @@ int winpr_RAND(BYTE* output, size_t len) int winpr_RAND_pseudo(BYTE* output, size_t len) { #if defined(WITH_OPENSSL) - RAND_pseudo_bytes(output, len); + if (RAND_pseudo_bytes(output, len) != 1) + return -1; #elif defined(WITH_MBEDTLS) && defined(MBEDTLS_HAVEGE_C) mbedtls_havege_state hs; mbedtls_havege_init(&hs); - mbedtls_havege_random(&hs, output, len); + + if (mbedtls_havege_random(&hs, output, len) != 0) + return -1; + mbedtls_havege_free(&hs); #endif return 0;