diff --git a/ctaocrypt/benchmark/benchmark.c b/ctaocrypt/benchmark/benchmark.c index 734d5b4cb..f32bcfa38 100644 --- a/ctaocrypt/benchmark/benchmark.c +++ b/ctaocrypt/benchmark/benchmark.c @@ -432,13 +432,17 @@ void bench_des(void) { Des3 enc; double start, total, persec; - int i; + int i, ret; #ifdef HAVE_CAVIUM if (Des3_InitCavium(&enc, CAVIUM_DEV_ID) != 0) printf("des3 init cavium failed\n"); #endif - Des3_SetKey(&enc, key, iv, DES_ENCRYPTION); + ret = Des3_SetKey(&enc, key, iv, DES_ENCRYPTION); + if (ret != 0) { + printf("Des3_SetKey failed, ret = %d\n", ret); + return; + } start = current_time(1); for(i = 0; i < numBlocks; i++) diff --git a/ctaocrypt/src/aes.c b/ctaocrypt/src/aes.c index 3fd6bd70c..98780bd8f 100644 --- a/ctaocrypt/src/aes.c +++ b/ctaocrypt/src/aes.c @@ -55,9 +55,9 @@ #ifdef HAVE_CAVIUM static int AesCaviumSetKey(Aes* aes, const byte* key, word32 length, const byte* iv); - static void AesCaviumCbcEncrypt(Aes* aes, byte* out, const byte* in, + static int AesCaviumCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 length); - static void AesCaviumCbcDecrypt(Aes* aes, byte* out, const byte* in, + static int AesCaviumCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 length); #endif @@ -3421,8 +3421,8 @@ static int AesCaviumSetKey(Aes* aes, const byte* key, word32 length, } -static void AesCaviumCbcEncrypt(Aes* aes, byte* out, const byte* in, - word32 length) +static int AesCaviumCbcEncrypt(Aes* aes, byte* out, const byte* in, + word32 length) { word offset = 0; word32 requestId; @@ -3434,6 +3434,7 @@ static void AesCaviumCbcEncrypt(Aes* aes, byte* out, const byte* in, (byte*)aes->reg, (byte*)aes->key, &requestId, aes->devId) != 0) { CYASSL_MSG("Bad Cavium Aes Encrypt"); + return -1; } length -= CYASSL_MAX_16BIT; offset += CYASSL_MAX_16BIT; @@ -3446,13 +3447,15 @@ static void AesCaviumCbcEncrypt(Aes* aes, byte* out, const byte* in, (byte*)aes->reg, (byte*)aes->key, &requestId, aes->devId) != 0) { CYASSL_MSG("Bad Cavium Aes Encrypt"); + return -1; } XMEMCPY(aes->reg, out + offset+length - AES_BLOCK_SIZE, AES_BLOCK_SIZE); } + return 0; } -static void AesCaviumCbcDecrypt(Aes* aes, byte* out, const byte* in, - word32 length) +static int AesCaviumCbcDecrypt(Aes* aes, byte* out, const byte* in, + word32 length) { word32 requestId; word offset = 0; @@ -3465,6 +3468,7 @@ static void AesCaviumCbcDecrypt(Aes* aes, byte* out, const byte* in, (byte*)aes->reg, (byte*)aes->key, &requestId, aes->devId) != 0) { CYASSL_MSG("Bad Cavium Aes Decrypt"); + return -1; } length -= CYASSL_MAX_16BIT; offset += CYASSL_MAX_16BIT; @@ -3478,9 +3482,11 @@ static void AesCaviumCbcDecrypt(Aes* aes, byte* out, const byte* in, (byte*)aes->reg, (byte*)aes->key, &requestId, aes->devId) != 0) { CYASSL_MSG("Bad Cavium Aes Decrypt"); + return -1; } XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE); } + return 0; } #endif /* HAVE_CAVIUM */ diff --git a/ctaocrypt/src/asn.c b/ctaocrypt/src/asn.c index 410fef876..b492d2151 100644 --- a/ctaocrypt/src/asn.c +++ b/ctaocrypt/src/asn.c @@ -927,8 +927,12 @@ static int DecryptKey(const char* password, int passwordSz, byte* salt, if (version == PKCS5v2 || version == PKCS12) desIv = cbcIv; - Des3_SetKey(&dec, key, desIv, DES_DECRYPTION); - Des3_CbcDecrypt(&dec, input, input, length); + ret = Des3_SetKey(&dec, key, desIv, DES_DECRYPTION); + if (ret != 0) + return ret; + ret = Des3_CbcDecrypt(&dec, input, input, length); + if (ret != 0) + return ret; break; } #endif diff --git a/ctaocrypt/src/des3.c b/ctaocrypt/src/des3.c index ea6678bbf..09a120c1c 100644 --- a/ctaocrypt/src/des3.c +++ b/ctaocrypt/src/des3.c @@ -27,6 +27,11 @@ #ifndef NO_DES3 +#ifdef HAVE_FIPS + /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */ + #define FIPS_NO_WRAPPERS +#endif + #include #ifdef NO_INLINE @@ -37,10 +42,10 @@ #ifdef HAVE_CAVIUM - static void Des3_CaviumSetKey(Des3* des3, const byte* key, const byte* iv); - static void Des3_CaviumCbcEncrypt(Des3* des3, byte* out, const byte* in, + static int Des3_CaviumSetKey(Des3* des3, const byte* key, const byte* iv); + static int Des3_CaviumCbcEncrypt(Des3* des3, byte* out, const byte* in, word32 length); - static void Des3_CaviumCbcDecrypt(Des3* des3, byte* out, const byte* in, + static int Des3_CaviumCbcDecrypt(Des3* des3, byte* out, const byte* in, word32 length); #endif @@ -66,7 +71,7 @@ Des_SetIV(des, iv); } - void Des3_SetKey(Des3* des, const byte* key, const byte* iv, int dir) + int Des3_SetKey(Des3* des, const byte* key, const byte* iv, int dir) { word32 *dkey1 = des->key[0]; word32 *dkey2 = des->key[1]; @@ -80,7 +85,7 @@ ByteReverseWords(dkey2, dkey2, 8); ByteReverseWords(dkey3, dkey3, 8); - Des3_SetIV(des, iv); + return Des3_SetIV(des, iv); } void DesCrypt(Des* des, byte* out, const byte* in, word32 sz, @@ -253,14 +258,16 @@ } - void Des3_CbcEncrypt(Des3* des, byte* out, const byte* in, word32 sz) + int Des3_CbcEncrypt(Des3* des, byte* out, const byte* in, word32 sz) { Des3Crypt(des, out, in, sz, DES_ENCRYPTION); + return 0; } - void Des3_CbcDecrypt(Des3* des, byte* out, const byte* in, word32 sz) + int Des3_CbcDecrypt(Des3* des, byte* out, const byte* in, word32 sz) { Des3Crypt(des, out, in, sz, DES_DECRYPTION); + return 0; } @@ -361,14 +368,16 @@ void Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz) Des_Cbc(des, out, in, sz, SEC_DESC_DES_CBC_DECRYPT) ; } -void Des3_CbcEncrypt(Des3* des3, byte* out, const byte* in, word32 sz) +int Des3_CbcEncrypt(Des3* des3, byte* out, const byte* in, word32 sz) { Des_Cbc((Des *)des3, out, in, sz, SEC_DESC_DES3_CBC_ENCRYPT) ; + return 0; } -void Des3_CbcDecrypt(Des3* des3, byte* out, const byte* in, word32 sz) +int Des3_CbcDecrypt(Des3* des3, byte* out, const byte* in, word32 sz) { Des_Cbc((Des *)des3, out, in, sz, SEC_DESC_DES3_CBC_DECRYPT) ; + return 0; } @@ -393,7 +402,7 @@ void Des_SetKey(Des* des, const byte* key, const byte* iv, int dir) } -void Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir) +int Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir) { int i ; int status ; @@ -411,6 +420,7 @@ void Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir) for(i=0; iiv[i] = 0x0 ; } + return 0; } #elif defined FREESCALE_MMCAU @@ -444,9 +454,9 @@ void Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir) } } - void Des3_SetKey(Des3* des, const byte* key, const byte* iv, int dir) + int Des3_SetKey(Des3* des, const byte* key, const byte* iv, int dir) { - int i = 0; + int i = 0, ret = 0; byte* dkey1 = (byte*)des->key[0]; byte* dkey2 = (byte*)des->key[1]; byte* dkey3 = (byte*)des->key[2]; @@ -455,7 +465,9 @@ void Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir) XMEMCPY(dkey2, key + 8, 8); /* set key 2 */ XMEMCPY(dkey3, key + 16, 8); /* set key 3 */ - Des3_SetIV(des, iv); + ret = Des3_SetIV(des, iv); + if (ret != 0) + return ret; /* fix key parity if needed */ for (i = 0; i < 8; i++) @@ -466,6 +478,8 @@ void Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir) for (i = 0; i < 8; i++) dkey3[i] = ((dkey3[i] & 0xFE) | parityLookup[dkey3[i] >> 1]); + + return ret; } void Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz) @@ -528,7 +542,7 @@ void Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir) return; } - void Des3_CbcEncrypt(Des3* des, byte* out, const byte* in, word32 sz) + int Des3_CbcEncrypt(Des3* des, byte* out, const byte* in, word32 sz) { int i; int offset = 0; @@ -558,10 +572,10 @@ void Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir) XMEMCPY(iv, out + offset - DES_BLOCK_SIZE, DES_BLOCK_SIZE); } - return; + return 0; } - void Des3_CbcDecrypt(Des3* des, byte* out, const byte* in, word32 sz) + int Des3_CbcDecrypt(Des3* des, byte* out, const byte* in, word32 sz) { int i; int offset = 0; @@ -591,7 +605,7 @@ void Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir) offset += DES_BLOCK_SIZE; } - return; + return 0; } @@ -600,7 +614,7 @@ void Des3_SetKey(Des3* des3, const byte* key, const byte* iv, int dir) #include "../../cyassl/ctaocrypt/port/pic32/pic32mz-crypt.h" void Des_SetIV(Des* des, const byte* iv); -void Des3_SetIV(Des3* des, const byte* iv); +int Des3_SetIV(Des3* des, const byte* iv); void Des_SetKey(Des* des, const byte* key, const byte* iv, int dir) { @@ -613,7 +627,7 @@ void Des3_SetIV(Des3* des, const byte* iv); ByteReverseWords(dreg, dreg, 8); } - void Des3_SetKey(Des3* des, const byte* key, const byte* iv, int dir) + int Des3_SetKey(Des3* des, const byte* key, const byte* iv, int dir) { word32 *dkey1 = des->key[0]; word32 *dreg = des->reg ; @@ -623,6 +637,7 @@ void Des3_SetIV(Des3* des, const byte* iv); XMEMCPY(dreg, iv, 8); ByteReverseWords(dreg, dreg, 8) ; + return 0; } void DesCrypt(word32 *key, word32 *iv, byte* out, const byte* in, word32 sz, @@ -714,16 +729,18 @@ void Des3_SetIV(Des3* des, const byte* iv); PIC32_DECRYPTION, PIC32_ALGO_DES, PIC32_CRYPTOALGO_CBC); } - void Des3_CbcEncrypt(Des3* des, byte* out, const byte* in, word32 sz) + int Des3_CbcEncrypt(Des3* des, byte* out, const byte* in, word32 sz) { DesCrypt(des->key[0], des->reg, out, in, sz, PIC32_ENCRYPTION, PIC32_ALGO_TDES, PIC32_CRYPTOALGO_TCBC); + return 0; } - void Des3_CbcDecrypt(Des3* des, byte* out, const byte* in, word32 sz) + int Des3_CbcDecrypt(Des3* des, byte* out, const byte* in, word32 sz) { DesCrypt(des->key[0], des->reg, out, in, sz, PIC32_DECRYPTION, PIC32_ALGO_TDES, PIC32_CRYPTOALGO_TCBC); + return 0; } #else /* CTaoCrypt software implementation */ @@ -1029,7 +1046,7 @@ void Des_SetKey(Des* des, const byte* key, const byte* iv, int dir) } -void Des3_SetKey(Des3* des, const byte* key, const byte* iv, int dir) +int Des3_SetKey(Des3* des, const byte* key, const byte* iv, int dir) { #ifdef HAVE_CAVIUM if (des->magic == CYASSL_3DES_CAVIUM_MAGIC) @@ -1040,7 +1057,7 @@ void Des3_SetKey(Des3* des, const byte* key, const byte* iv, int dir) DesSetKey(key + 8, Reverse(dir), des->key[1]); DesSetKey(key + (dir == DES_DECRYPTION ? 0 : 16), dir, des->key[2]); - Des3_SetIV(des, iv); + return Des3_SetIV(des, iv); } @@ -1162,7 +1179,7 @@ void Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz) } -void Des3_CbcEncrypt(Des3* des, byte* out, const byte* in, word32 sz) +int Des3_CbcEncrypt(Des3* des, byte* out, const byte* in, word32 sz) { word32 blocks; @@ -1180,10 +1197,11 @@ void Des3_CbcEncrypt(Des3* des, byte* out, const byte* in, word32 sz) out += DES_BLOCK_SIZE; in += DES_BLOCK_SIZE; } + return 0; } -void Des3_CbcDecrypt(Des3* des, byte* out, const byte* in, word32 sz) +int Des3_CbcDecrypt(Des3* des, byte* out, const byte* in, word32 sz) { word32 blocks; @@ -1202,6 +1220,7 @@ void Des3_CbcDecrypt(Des3* des, byte* out, const byte* in, word32 sz) out += DES_BLOCK_SIZE; in += DES_BLOCK_SIZE; } + return 0; } #ifdef CYASSL_DES_ECB @@ -1232,12 +1251,14 @@ void Des_SetIV(Des* des, const byte* iv) } -void Des3_SetIV(Des3* des, const byte* iv) +int Des3_SetIV(Des3* des, const byte* iv) { if (des && iv) XMEMCPY(des->reg, iv, DES_BLOCK_SIZE); else if (des) XMEMSET(des->reg, 0, DES_BLOCK_SIZE); + + return 0; } @@ -1276,19 +1297,19 @@ void Des3_FreeCavium(Des3* des3) } -static void Des3_CaviumSetKey(Des3* des3, const byte* key, const byte* iv) +static int Des3_CaviumSetKey(Des3* des3, const byte* key, const byte* iv) { if (des3 == NULL) - return; + return -1; /* key[0] holds key, iv in reg */ XMEMCPY(des3->key[0], key, DES_BLOCK_SIZE*3); - Des3_SetIV(des3, iv); + return Des3_SetIV(des3, iv); } -static void Des3_CaviumCbcEncrypt(Des3* des3, byte* out, const byte* in, +static int Des3_CaviumCbcEncrypt(Des3* des3, byte* out, const byte* in, word32 length) { word offset = 0; @@ -1301,6 +1322,7 @@ static void Des3_CaviumCbcEncrypt(Des3* des3, byte* out, const byte* in, out + offset, (byte*)des3->reg, (byte*)des3->key[0], &requestId, des3->devId) != 0) { CYASSL_MSG("Bad Cavium 3DES Cbc Encrypt"); + return -1; } length -= CYASSL_MAX_16BIT; offset += CYASSL_MAX_16BIT; @@ -1314,13 +1336,15 @@ static void Des3_CaviumCbcEncrypt(Des3* des3, byte* out, const byte* in, out + offset, (byte*)des3->reg, (byte*)des3->key[0], &requestId, des3->devId) != 0) { CYASSL_MSG("Bad Cavium 3DES Cbc Encrypt"); + return -1; } XMEMCPY(des3->reg, out+offset+length - DES_BLOCK_SIZE, DES_BLOCK_SIZE); } + return 0; } -static void Des3_CaviumCbcDecrypt(Des3* des3, byte* out, const byte* in, - word32 length) +static int Des3_CaviumCbcDecrypt(Des3* des3, byte* out, const byte* in, + word32 length) { word32 requestId; word offset = 0; @@ -1333,6 +1357,7 @@ static void Des3_CaviumCbcDecrypt(Des3* des3, byte* out, const byte* in, (byte*)des3->reg, (byte*)des3->key[0], &requestId, des3->devId) != 0) { CYASSL_MSG("Bad Cavium 3Des Decrypt"); + return -1; } length -= CYASSL_MAX_16BIT; offset += CYASSL_MAX_16BIT; @@ -1346,9 +1371,11 @@ static void Des3_CaviumCbcDecrypt(Des3* des3, byte* out, const byte* in, (byte*)des3->reg, (byte*)des3->key[0], &requestId, des3->devId) != 0) { CYASSL_MSG("Bad Cavium 3Des Decrypt"); + return -1; } XMEMCPY(des3->reg, des3->tmp, DES_BLOCK_SIZE); } + return 0; } #endif /* HAVE_CAVIUM */ diff --git a/ctaocrypt/src/pkcs7.c b/ctaocrypt/src/pkcs7.c index d1f79eefb..de55e2b03 100644 --- a/ctaocrypt/src/pkcs7.c +++ b/ctaocrypt/src/pkcs7.c @@ -909,7 +909,7 @@ CYASSL_LOCAL int CreateRecipientInfo(const byte* cert, word32 certSz, /* build PKCS#7 envelopedData content type, return enveloped size */ int PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) { - int i, idx = 0; + int i, ret = 0, idx = 0; int totalSz = 0, padSz = 0, desOutSz = 0; int contentInfoSeqSz, outerContentTypeSz, outerContentSz; @@ -1040,8 +1040,15 @@ int PKCS7_EncodeEnvelopedData(PKCS7* pkcs7, byte* output, word32 outputSz) } else if (pkcs7->encryptOID == DES3b) { Des3 des3; - Des3_SetKey(&des3, contentKeyPlain, tmpIv, DES_ENCRYPTION); - Des3_CbcEncrypt(&des3, encryptedContent, plain, desOutSz); + ret = Des3_SetKey(&des3, contentKeyPlain, tmpIv, DES_ENCRYPTION); + if (ret == 0) + ret = Des3_CbcEncrypt(&des3, encryptedContent, plain, desOutSz); + if (ret != 0) { + XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (dynamicFlag) + XFREE(plain, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return ret; + } } encContentOctetSz = SetImplicit(ASN_OCTET_STRING, 0, @@ -1313,9 +1320,14 @@ CYASSL_API int PKCS7_DecodeEnvelopedData(PKCS7* pkcs7, byte* pkiMsg, encryptedContentSz); } else if (encOID == DES3b) { Des3 des; - Des3_SetKey(&des, decryptedKey, tmpIv, DES_DECRYPTION); - Des3_CbcDecrypt(&des, encryptedContent, encryptedContent, - encryptedContentSz); + ret = Des3_SetKey(&des, decryptedKey, tmpIv, DES_DECRYPTION); + if (ret == 0) + ret = Des3_CbcDecrypt(&des, encryptedContent, encryptedContent, + encryptedContentSz); + if (ret != 0) { + XFREE(encryptedContent, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return ret; + } } else { CYASSL_MSG("Unsupported content encryption OID type"); return ALGO_ID_E; diff --git a/ctaocrypt/test/test.c b/ctaocrypt/test/test.c index 0675d920e..17d7c6efd 100644 --- a/ctaocrypt/test/test.c +++ b/ctaocrypt/test/test.c @@ -1810,6 +1810,8 @@ int des3_test(void) 0x18,0x94,0x15,0x74,0x87,0x12,0x7d,0xb0 }; + int ret; + #ifdef HAVE_CAVIUM if (Des3_InitCavium(&enc, CAVIUM_DEV_ID) != 0) @@ -1817,16 +1819,24 @@ int des3_test(void) if (Des3_InitCavium(&dec, CAVIUM_DEV_ID) != 0) return -20006; #endif - Des3_SetKey(&enc, key3, iv3, DES_ENCRYPTION); - Des3_SetKey(&dec, key3, iv3, DES_DECRYPTION); - Des3_CbcEncrypt(&enc, cipher, vector, sizeof(vector)); - Des3_CbcDecrypt(&dec, plain, cipher, sizeof(cipher)); + ret = Des3_SetKey(&enc, key3, iv3, DES_ENCRYPTION); + if (ret != 0) + return -31; + ret = Des3_SetKey(&dec, key3, iv3, DES_DECRYPTION); + if (ret != 0) + return -32; + ret = Des3_CbcEncrypt(&enc, cipher, vector, sizeof(vector)); + if (ret != 0) + return -33; + ret = Des3_CbcDecrypt(&dec, plain, cipher, sizeof(cipher)); + if (ret != 0) + return -34; if (memcmp(plain, vector, sizeof(plain))) - return -33; + return -35; if (memcmp(cipher, verify3, sizeof(cipher))) - return -34; + return -36; #ifdef HAVE_CAVIUM Des3_FreeCavium(&enc); diff --git a/cyassl/ctaocrypt/des3.h b/cyassl/ctaocrypt/des3.h index fe931960e..eecdd6e39 100644 --- a/cyassl/ctaocrypt/des3.h +++ b/cyassl/ctaocrypt/des3.h @@ -96,10 +96,10 @@ CYASSL_API void Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz); CYASSL_API void Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz); CYASSL_API void Des_EcbEncrypt(Des* des, byte* out, const byte* in, word32 sz); -CYASSL_API void Des3_SetKey(Des3* des, const byte* key, const byte* iv,int dir); -CYASSL_API void Des3_SetIV(Des3* des, const byte* iv); -CYASSL_API void Des3_CbcEncrypt(Des3* des, byte* out, const byte* in,word32 sz); -CYASSL_API void Des3_CbcDecrypt(Des3* des, byte* out, const byte* in,word32 sz); +CYASSL_API int Des3_SetKey(Des3* des, const byte* key, const byte* iv,int dir); +CYASSL_API int Des3_SetIV(Des3* des, const byte* iv); +CYASSL_API int Des3_CbcEncrypt(Des3* des, byte* out, const byte* in,word32 sz); +CYASSL_API int Des3_CbcDecrypt(Des3* des, byte* out, const byte* in,word32 sz); #ifdef HAVE_CAVIUM @@ -108,6 +108,26 @@ CYASSL_API void Des3_CbcDecrypt(Des3* des, byte* out, const byte* in,word32 sz); #endif +#ifdef HAVE_FIPS + /* fips wrapper calls, user can call direct */ + CYASSL_API int Des3_SetKey_fips(Des3* des, const byte* key, const byte* iv, + int dir); + CYASSL_API int Des3_SetIV_fips(Des3* des, const byte* iv); + CYASSL_API int Des3_CbcEncrypt_fips(Des3* des, byte* out, const byte* in, + word32 sz); + CYASSL_API int Des3_CbcDecrypt_fips(Des3* des, byte* out, const byte* in, + word32 sz); + #ifndef FIPS_NO_WRAPPERS + /* if not impl or fips.c impl wrapper force fips calls if fips build */ + #define Des3_SetKey Des3_SetKey_fips + #define Des3_SetIV Des3_SetIV_fips + #define Des3_CbcEncrypt Des3_CbcEncrypt_fips + #define Des3_CbcDecrypt Des3_CbcDecrypt_fips + #endif /* FIPS_NO_WRAPPERS */ + +#endif /* HAVE_FIPS */ + + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/mcapi/crypto.c b/mcapi/crypto.c index 87893a96a..46443bbec 100644 --- a/mcapi/crypto.c +++ b/mcapi/crypto.c @@ -360,9 +360,7 @@ int CRYPT_TDES_KeySet(CRYPT_TDES_CTX* tdes, const unsigned char* key, if (tdes == NULL || key == NULL) return BAD_FUNC_ARG; - Des3_SetKey((Des3*)tdes, key, iv, dir); - - return 0; + return Des3_SetKey((Des3*)tdes, key, iv, dir); } @@ -372,9 +370,7 @@ int CRYPT_TDES_IvSet(CRYPT_TDES_CTX* tdes, const unsigned char* iv) if (tdes == NULL || iv == NULL) return BAD_FUNC_ARG; - Des3_SetIV((Des3*)tdes, iv); - - return 0; + return Des3_SetIV((Des3*)tdes, iv); } @@ -385,9 +381,7 @@ int CRYPT_TDES_CBC_Encrypt(CRYPT_TDES_CTX* tdes, unsigned char* out, if (tdes == NULL || out == NULL || in == NULL) return BAD_FUNC_ARG; - Des3_CbcEncrypt((Des3*)tdes, out, in, inSz); - - return 0; + return Des3_CbcEncrypt((Des3*)tdes, out, in, inSz); } @@ -398,9 +392,7 @@ int CRYPT_TDES_CBC_Decrypt(CRYPT_TDES_CTX* tdes, unsigned char* out, if (tdes == NULL || out == NULL || in == NULL) return BAD_FUNC_ARG; - Des3_CbcDecrypt((Des3*)tdes, out, in, inSz); - - return 0; + return Des3_CbcDecrypt((Des3*)tdes, out, in, inSz); } diff --git a/mcapi/mcapi_test.c b/mcapi/mcapi_test.c index 24e69174d..5f2a84ea3 100644 --- a/mcapi/mcapi_test.c +++ b/mcapi/mcapi_test.c @@ -592,14 +592,22 @@ static int check_des3(void) printf("mcapi tdes key set failed\n"); return -1; } - Des3_SetKey(&defDes3, key, iv, DES_ENCRYPTION); + ret = Des3_SetKey(&defDes3, key, iv, DES_ENCRYPTION); + if (ret != 0) { + printf("default des3 key set failed\n"); + return -1; + } ret = CRYPT_TDES_CBC_Encrypt(&mcDes3, out1, ourData, TDES_TEST_SIZE); if (ret != 0) { printf("mcapi tdes cbc encrypt failed\n"); return -1; } - Des3_CbcEncrypt(&defDes3, out2, ourData, TDES_TEST_SIZE); + ret = Des3_CbcEncrypt(&defDes3, out2, ourData, TDES_TEST_SIZE); + if (ret != 0) { + printf("mcapi default tdes cbc encrypt failed\n"); + return -1; + } if (memcmp(out1, out2, TDES_TEST_SIZE) != 0) { printf("mcapi tdes cbc encrypt cmp failed\n"); @@ -612,14 +620,22 @@ static int check_des3(void) printf("mcapi tdes key set failed\n"); return -1; } - Des3_SetKey(&defDes3, key, iv, DES_DECRYPTION); + ret = Des3_SetKey(&defDes3, key, iv, DES_DECRYPTION); + if (ret != 0) { + printf("default des3 key set failed\n"); + return -1; + } ret = CRYPT_TDES_CBC_Decrypt(&mcDes3, out2, out1, TDES_TEST_SIZE); if (ret != 0) { printf("mcapi tdes cbc decrypt failed\n"); return -1; } - Des3_CbcDecrypt(&defDes3, out1, out1, TDES_TEST_SIZE); + ret = Des3_CbcDecrypt(&defDes3, out1, out1, TDES_TEST_SIZE); + if (ret != 0) { + printf("mcapi default tdes cbc decrypt failed\n"); + return -1; + } if (memcmp(out1, out2, TDES_TEST_SIZE) != 0) { printf("mcapi tdes cbc decrypt cmp failed\n"); diff --git a/src/internal.c b/src/internal.c index e934928b8..f29aab589 100644 --- a/src/internal.c +++ b/src/internal.c @@ -4094,8 +4094,7 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word16 sz) #ifdef BUILD_DES3 case cyassl_triple_des: - Des3_CbcEncrypt(ssl->encrypt.des3, out, input, sz); - break; + return Des3_CbcEncrypt(ssl->encrypt.des3, out, input, sz); #endif #ifdef BUILD_AES @@ -4245,8 +4244,7 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input, #ifdef BUILD_DES3 case cyassl_triple_des: - Des3_CbcDecrypt(ssl->decrypt.des3, plain, input, sz); - break; + return Des3_CbcDecrypt(ssl->decrypt.des3, plain, input, sz); #endif #ifdef BUILD_AES diff --git a/src/keys.c b/src/keys.c index 2a54f09f3..b9c296c30 100644 --- a/src/keys.c +++ b/src/keys.c @@ -1575,6 +1575,8 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, #ifdef BUILD_DES3 if (specs->bulk_cipher_algorithm == cyassl_triple_des) { + int desRet = 0; + if (enc->des3 == NULL) enc->des3 = (Des3*)XMALLOC(sizeof(Des3), heap, DYNAMIC_TYPE_CIPHER); if (enc->des3 == NULL) @@ -1596,16 +1598,24 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, } #endif if (side == CYASSL_CLIENT_END) { - Des3_SetKey(enc->des3, keys->client_write_key, + desRet = Des3_SetKey(enc->des3, keys->client_write_key, keys->client_write_IV, DES_ENCRYPTION); - Des3_SetKey(dec->des3, keys->server_write_key, + if (desRet != 0) + return desRet; + desRet = Des3_SetKey(dec->des3, keys->server_write_key, keys->server_write_IV, DES_DECRYPTION); + if (desRet != 0) + return desRet; } else { - Des3_SetKey(enc->des3, keys->server_write_key, + desRet = Des3_SetKey(enc->des3, keys->server_write_key, keys->server_write_IV, DES_ENCRYPTION); - Des3_SetKey(dec->des3, keys->client_write_key, + if (desRet != 0) + return desRet; + desRet = Des3_SetKey(dec->des3, keys->client_write_key, keys->client_write_IV, DES_DECRYPTION); + if (desRet != 0) + return desRet; } enc->setup = 1; dec->setup = 1; diff --git a/src/sniffer.c b/src/sniffer.c index 85c00093e..da9f2c607 100644 --- a/src/sniffer.c +++ b/src/sniffer.c @@ -1572,7 +1572,7 @@ static int Decrypt(SSL* ssl, byte* output, const byte* input, word32 sz) #ifdef BUILD_DES3 case cyassl_triple_des: - Des3_CbcDecrypt(ssl->decrypt.des3, output, input, sz); + ret = Des3_CbcDecrypt(ssl->decrypt.des3, output, input, sz); break; #endif diff --git a/src/ssl.c b/src/ssl.c index 12f3d2b9f..0b29bb1d2 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -2027,8 +2027,12 @@ int CyaSSL_Init(void) } else if (XSTRNCMP(info.name, "DES-EDE3-CBC", 13) == 0) { Des3 enc; - Des3_SetKey(&enc, key, info.iv, DES_DECRYPTION); - Des3_CbcDecrypt(&enc, der.buffer, der.buffer, der.length); + ret = Des3_SetKey(&enc, key, info.iv, DES_DECRYPTION); + if (ret != 0) + return ret; + ret = Des3_CbcDecrypt(&enc, der.buffer, der.buffer, der.length); + if (ret != 0) + return ret; } else if (XSTRNCMP(info.name, "AES-128-CBC", 13) == 0) { Aes enc; @@ -6866,11 +6870,17 @@ int CyaSSL_set_compression(CYASSL* ssl) ctx->keyLen = 24; if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; - if (key) - Des3_SetKey(&ctx->cipher.des3, key, iv, + if (key) { + ret = Des3_SetKey(&ctx->cipher.des3, key, iv, ctx->enc ? DES_ENCRYPTION : DES_DECRYPTION); - if (iv && key == NULL) - Des3_SetIV(&ctx->cipher.des3, iv); + if (ret != 0) + return ret; + } + if (iv && key == NULL) { + ret = Des3_SetIV(&ctx->cipher.des3, iv); + if (ret != 0) + return ret; + } } else if (ctx->cipherType == ARC4_TYPE || (type && XSTRNCMP(type, "ARC4", 4) == 0)) { @@ -6967,9 +6977,9 @@ int CyaSSL_set_compression(CYASSL* ssl) case DES_EDE3_CBC_TYPE : if (ctx->enc) - Des3_CbcEncrypt(&ctx->cipher.des3, dst, src, len); + ret = Des3_CbcEncrypt(&ctx->cipher.des3, dst, src, len); else - Des3_CbcDecrypt(&ctx->cipher.des3, dst, src, len); + ret = Des3_CbcDecrypt(&ctx->cipher.des3, dst, src, len); break; case ARC4_TYPE : @@ -10842,7 +10852,7 @@ static int initGlobalRNG = 0; } if (doset) - Des3_SetIV(&ctx->cipher.des3, iv); + Des3_SetIV(&ctx->cipher.des3, iv); /* OpenSSL compat, no ret */ else memcpy(iv, &ctx->cipher.des3.reg, DES_BLOCK_SIZE); } @@ -10861,7 +10871,7 @@ static int initGlobalRNG = 0; } if (doset) - AesSetIV(&ctx->cipher.aes, iv); + AesSetIV(&ctx->cipher.aes, iv); /* OpenSSL compat, no ret */ else memcpy(iv, &ctx->cipher.aes.reg, AES_BLOCK_SIZE); }