aboutsummaryrefslogtreecommitdiffstats
path: root/src/crypto
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2019-06-27 15:08:16 (GMT)
committerJouni Malinen <j@w1.fi>2019-07-09 13:38:32 (GMT)
commitfd7778b5ed5d8adb4b1203b735a5710e56ce614f (patch)
treea3db67fa98ac25856f64fe4c5aa29bbc5ab51ba4 /src/crypto
parent3ec65a8e38a0ad37bafe7dc9459a400db97cbaa4 (diff)
downloadhostap-fd7778b5ed5d8adb4b1203b735a5710e56ce614f.zip
hostap-fd7778b5ed5d8adb4b1203b735a5710e56ce614f.tar.gz
hostap-fd7778b5ed5d8adb4b1203b735a5710e56ce614f.tar.bz2
Return success/failure result from tls_prf_sha256()
The hash functions used within this function could fail in theory, so provide the result to the caller. Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'src/crypto')
-rw-r--r--src/crypto/sha256-tlsprf.c15
-rw-r--r--src/crypto/sha256.h6
2 files changed, 13 insertions, 8 deletions
diff --git a/src/crypto/sha256-tlsprf.c b/src/crypto/sha256-tlsprf.c
index 0528dad..9045cd3 100644
--- a/src/crypto/sha256-tlsprf.c
+++ b/src/crypto/sha256-tlsprf.c
@@ -26,8 +26,8 @@
* This function is used to derive new, cryptographically separate keys from a
* given key in TLS. This PRF is defined in RFC 2246, Chapter 5.
*/
-void tls_prf_sha256(const u8 *secret, size_t secret_len, const char *label,
- const u8 *seed, size_t seed_len, u8 *out, size_t outlen)
+int tls_prf_sha256(const u8 *secret, size_t secret_len, const char *label,
+ const u8 *seed, size_t seed_len, u8 *out, size_t outlen)
{
size_t clen;
u8 A[SHA256_MAC_LEN];
@@ -50,12 +50,15 @@ void tls_prf_sha256(const u8 *secret, size_t secret_len, const char *label,
* PRF(secret, label, seed) = P_SHA256(secret, label + seed)
*/
- hmac_sha256_vector(secret, secret_len, 2, &addr[1], &len[1], A);
+ if (hmac_sha256_vector(secret, secret_len, 2, &addr[1], &len[1], A) < 0)
+ return -1;
pos = 0;
while (pos < outlen) {
- hmac_sha256_vector(secret, secret_len, 3, addr, len, P);
- hmac_sha256(secret, secret_len, A, SHA256_MAC_LEN, A);
+ if (hmac_sha256_vector(secret, secret_len, 3, addr, len, P) <
+ 0 ||
+ hmac_sha256(secret, secret_len, A, SHA256_MAC_LEN, A) < 0)
+ return -1;
clen = outlen - pos;
if (clen > SHA256_MAC_LEN)
@@ -63,4 +66,6 @@ void tls_prf_sha256(const u8 *secret, size_t secret_len, const char *label,
os_memcpy(out + pos, P, clen);
pos += clen;
}
+
+ return 0;
}
diff --git a/src/crypto/sha256.h b/src/crypto/sha256.h
index 5219022..8054bbe 100644
--- a/src/crypto/sha256.h
+++ b/src/crypto/sha256.h
@@ -20,9 +20,9 @@ int sha256_prf(const u8 *key, size_t key_len, const char *label,
int sha256_prf_bits(const u8 *key, size_t key_len, const char *label,
const u8 *data, size_t data_len, u8 *buf,
size_t buf_len_bits);
-void tls_prf_sha256(const u8 *secret, size_t secret_len,
- const char *label, const u8 *seed, size_t seed_len,
- u8 *out, size_t outlen);
+int tls_prf_sha256(const u8 *secret, size_t secret_len,
+ const char *label, const u8 *seed, size_t seed_len,
+ u8 *out, size_t outlen);
int hmac_sha256_kdf(const u8 *secret, size_t secret_len,
const char *label, const u8 *seed, size_t seed_len,
u8 *out, size_t outlen);