Add alignment safety checks to we_aes_cbc_hmac.c

haydenroche5 · haydenroche5 · commit d0c0178ed303 · 2021-09-07T17:16:56.000-07:00
diff --git a/include/wolfengine/we_internal.h b/include/wolfengine/we_internal.h
@@ -220,6 +220,7 @@ extern EVP_PKEY_ASN1_METHOD *we_hmac_pkey_asn1_method;
 
 int we_init_hmac_pkey_meth(void);
 int we_init_hmac_pkey_asn1_meth(void);
+int we_hmac_update(Hmac*, const void*, size_t);
 
 #endif /* WE_HAVE_HMAC */
 
diff --git a/src/we_aes_cbc_hmac.c b/src/we_aes_cbc_hmac.c
@@ -183,9 +183,9 @@ static int we_aes_cbc_hmac_enc(we_AesCbcHmac* aes, unsigned char *out,
         /* MAC the handshake message/data. */
         WOLFENGINE_MSG(WE_LOG_CIPHER, "MAC handshake message/data: len = %d",
                        pLen - off);
-        rc = wc_HmacUpdate(&aes->hmac, in + off, pLen - off);
-        if (rc != 0) {
-            WOLFENGINE_ERROR_FUNC(WE_LOG_CIPHER, "wc_HmacUpdate", rc);
+        rc = we_hmac_update(&aes->hmac, in + off, pLen - off);
+        if (rc != 1) {
+            WOLFENGINE_ERROR_FUNC(WE_LOG_CIPHER, "we_hmac_update", rc);
             ret = -1;
         }
     }
@@ -308,9 +308,9 @@ static int we_aes_cbc_hmac_dec(we_AesCbcHmac* aes, unsigned char *out,
         /* MAC the record header. */
         WOLFENGINE_MSG(WE_LOG_CIPHER, "Generate MAC over record header: "
                        "len = %d", aes->pLen);
-        rc = wc_HmacUpdate(&aes->hmac, aes->tlsAAD, aes->pLen);
-        if (rc != 0) {
-            WOLFENGINE_ERROR_FUNC(WE_LOG_CIPHER, "wc_HmacUpdate", rc);
+        rc = we_hmac_update(&aes->hmac, aes->tlsAAD, aes->pLen);
+        if (rc != 1) {
+            WOLFENGINE_ERROR_FUNC(WE_LOG_CIPHER, "we_hmac_update", rc);
             ret = -1;
         }
     }
@@ -319,9 +319,9 @@ static int we_aes_cbc_hmac_dec(we_AesCbcHmac* aes, unsigned char *out,
         /* MAC the message/input. */
         WOLFENGINE_MSG(WE_LOG_CIPHER, "Generate MAC over message/input, "
                        "len = %d", ret);
-        rc = wc_HmacUpdate(&aes->hmac, out + off, ret);
-        if (rc != 0) {
-            WOLFENGINE_ERROR_FUNC(WE_LOG_CIPHER, "wc_HmacUpdate", rc);
+        rc = we_hmac_update(&aes->hmac, out + off, ret);
+        if (rc != 1) {
+            WOLFENGINE_ERROR_FUNC(WE_LOG_CIPHER, "we_hmac_update", rc);
             ret = -1;
         }
     }
@@ -478,10 +478,10 @@ static int we_aes_cbc_hmac_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg,
                             /* MAC the record header. */
                             WOLFENGINE_MSG(WE_LOG_CIPHER,
                                            "Updating MAC with record header");
-                            rc = wc_HmacUpdate(&aes->hmac, tls, arg);
-                            if (rc != 0) {
+                            rc = we_hmac_update(&aes->hmac, tls, arg);
+                            if (rc != 1) {
                                 WOLFENGINE_ERROR_FUNC(WE_LOG_CIPHER,
-                                                      "wc_HmacUpdate", rc);
+                                                      "we_hmac_update", rc);
                                 ret = -1;
                             }
                         }
diff --git a/src/we_mac.c b/src/we_mac.c
@@ -996,66 +996,32 @@ static int we_hmac_pkey_init(EVP_PKEY_CTX *ctx)
     return ret;
 }
 
-
 /**
- * Replacement update function for EVP_MD context.
+ * Update the HMAC hmac with dataSz bytes from data. If wolfEngine has been
+ * built with WE_ALIGNMENT_SAFETY, this function provides a fix for a potential
+ * alignment crash in the wolfCrypt FIPS 140-2 code.
  *
- * @param  ctx    [in]  EVP_MD context being used.
+ * @param  hmac   [in]  wolfCrypt HMAC data structure.
  * @param  data   [in]  Data to be passed to HMAC update.
  * @param  dataSz [in]  Size of data buffer to be passed to HMAC update.
  * @returns  1 on success and 0 on failure.
  */
-static int we_hmac_pkey_update(EVP_MD_CTX *ctx, const void *data, size_t dataSz)
-{
-    int ret = 1, rc = 0;
-    we_Mac *mac;
-    EVP_PKEY_CTX *pkeyCtx;
-
-    WOLFENGINE_ENTER(WE_LOG_MAC, "we_hmac_pkey_update");
-    WOLFENGINE_MSG_VERBOSE(WE_LOG_MAC, "ARGS [ctx = %p, data = %p, "
-                           "dataSz = %zu]", ctx, data, dataSz);
-
-    /* If this function is called with an input buffer length of 0, we need to
-     * return success immediately. This is how OpenSSL handles this scenario. */
-    if (dataSz == 0) {
-        WOLFENGINE_MSG(WE_LOG_MAC, "dataSz == 0, returning success.");
-        return 1;
-    }
-
-    /* Validate parameters. */
-    if ((ctx == NULL) || (data == NULL)) {
-        WOLFENGINE_ERROR_FUNC_NULL(WE_LOG_MAC,
-                                   "we_hmac_pkey_update, ctx: ", ctx);
-        WOLFENGINE_ERROR_FUNC_NULL(WE_LOG_MAC,
-                                   "we_hmac_pkey_update, data:", (void*)data);
-        ret = 0;
-    }
+int we_hmac_update(Hmac* hmac, const void *data, size_t dataSz) {
+    int ret = 1;
+    int rc;
 
-    if (ret == 1) {
-        /* Get PKEY context from digest context. */
-        pkeyCtx = EVP_MD_CTX_pkey_ctx(ctx);
-        if (pkeyCtx == NULL) {
-            ret = 0;
-        }
-    }
-    if (ret == 1) {
-        /* Retrieve the internal MAC object. */
-        mac = (we_Mac *)EVP_PKEY_CTX_get_data(pkeyCtx);
-        if (mac == NULL) {
-            WOLFENGINE_ERROR_FUNC_NULL(WE_LOG_MAC, "EVP_PKEY_CTX_get_data",
-                                       mac);
-            ret = 0;
-        }
-    }
+    WOLFENGINE_ENTER(WE_LOG_MAC, "we_hmac_update");
+    WOLFENGINE_MSG_VERBOSE(WE_LOG_MAC, "ARGS [hmac = %p, data = %p, "
+                           "dataSz = %zu]", hmac, data, dataSz);
 
 #ifdef WE_ALIGNMENT_SAFETY
     const word32 ALIGNMENT_REQ = 8;
     word32 add = 0;
     word32 internalBuffLen = 0;
     byte* tmp = NULL;
-    if (ret == 1 && (mac->state.hmac.macType == WC_HASH_TYPE_SHA384 ||
-        mac->state.hmac.macType == WC_HASH_TYPE_SHA512))  {
-        internalBuffLen = mac->state.hmac.hash.sha512.buffLen;
+    if (hmac->macType == WC_HASH_TYPE_SHA384 ||
+        hmac->macType == WC_HASH_TYPE_SHA512)  {
+        internalBuffLen = hmac->hash.sha512.buffLen;
         add = dataSz > (WC_SHA512_BLOCK_SIZE - internalBuffLen) ?
               (WC_SHA512_BLOCK_SIZE - internalBuffLen) : dataSz;
     }
@@ -1068,7 +1034,7 @@ static int we_hmac_pkey_update(EVP_MD_CTX *ctx, const void *data, size_t dataSz)
         /* Update the hash with "add" bytes of data, which will result in
          * an update with a full WC_SHA512_BLOCK_SIZE number of bytes with no
          * leftovers. */
-        rc = wc_HmacUpdate(&mac->state.hmac, (const byte*)data, add);
+        rc = wc_HmacUpdate(hmac, (const byte*)data, add);
         if (rc != 0) {
             WOLFENGINE_ERROR_FUNC(WE_LOG_MAC, "wc_HmacUpdate", rc);
             ret = 0;
@@ -1085,7 +1051,7 @@ static int we_hmac_pkey_update(EVP_MD_CTX *ctx, const void *data, size_t dataSz)
             /* Copy remaining data from the unaligned buffer to the aligned one
              * and update the hash. */
             XMEMCPY(tmp, (byte*)data + add, dataSz - add);
-            rc = wc_HmacUpdate(&mac->state.hmac, (const byte*)tmp,
+            rc = wc_HmacUpdate(hmac, (const byte*)tmp,
                      dataSz - add);
             if (rc != 0) {
                 WOLFENGINE_ERROR_FUNC(WE_LOG_MAC, "wc_HmacUpdate", rc);
@@ -1099,15 +1065,74 @@ static int we_hmac_pkey_update(EVP_MD_CTX *ctx, const void *data, size_t dataSz)
     }
     else
 #endif
-    if (ret == 1) {
+    {
         /* Update the wolfCrypt HMAC object with more data. */
-        rc = wc_HmacUpdate(&mac->state.hmac, (const byte*)data, (word32)dataSz);
+        rc = wc_HmacUpdate(hmac, (const byte*)data, (word32)dataSz);
         if (rc != 0) {
             WOLFENGINE_ERROR_FUNC(WE_LOG_MAC, "wc_HmacUpdate", rc);
             ret = 0;
         }
     }
 
+    WOLFENGINE_LEAVE(WE_LOG_MAC, "we_hmac_update", ret);
+
+    return ret;
+}
+
+/**
+ * Replacement update function for EVP_MD context.
+ *
+ * @param  ctx    [in]  EVP_MD context being used.
+ * @param  data   [in]  Data to be passed to HMAC update.
+ * @param  dataSz [in]  Size of data buffer to be passed to HMAC update.
+ * @returns  1 on success and 0 on failure.
+ */
+static int we_hmac_pkey_update(EVP_MD_CTX *ctx, const void *data, size_t dataSz)
+{
+    int ret = 1;
+    we_Mac *mac;
+    EVP_PKEY_CTX *pkeyCtx;
+
+    WOLFENGINE_ENTER(WE_LOG_MAC, "we_hmac_pkey_update");
+    WOLFENGINE_MSG_VERBOSE(WE_LOG_MAC, "ARGS [ctx = %p, data = %p, "
+                           "dataSz = %zu]", ctx, data, dataSz);
+
+    /* If this function is called with an input buffer length of 0, we need to
+     * return success immediately. This is how OpenSSL handles this scenario. */
+    if (dataSz == 0) {
+        WOLFENGINE_MSG(WE_LOG_MAC, "dataSz == 0, returning success.");
+        return 1;
+    }
+
+    /* Validate parameters. */
+    if ((ctx == NULL) || (data == NULL)) {
+        WOLFENGINE_ERROR_FUNC_NULL(WE_LOG_MAC,
+                                   "we_hmac_pkey_update, ctx: ", ctx);
+        WOLFENGINE_ERROR_FUNC_NULL(WE_LOG_MAC,
+                                   "we_hmac_pkey_update, data:", (void*)data);
+        ret = 0;
+    }
+
+    if (ret == 1) {
+        /* Get PKEY context from digest context. */
+        pkeyCtx = EVP_MD_CTX_pkey_ctx(ctx);
+        if (pkeyCtx == NULL) {
+            ret = 0;
+        }
+    }
+    if (ret == 1) {
+        /* Retrieve the internal MAC object. */
+        mac = (we_Mac *)EVP_PKEY_CTX_get_data(pkeyCtx);
+        if (mac == NULL) {
+            WOLFENGINE_ERROR_FUNC_NULL(WE_LOG_MAC, "EVP_PKEY_CTX_get_data",
+                                       mac);
+            ret = 0;
+        }
+    }
+    if (ret == 1) {
+        ret = we_hmac_update(&mac->state.hmac, data, dataSz);
+    }
+
     WOLFENGINE_LEAVE(WE_LOG_MAC, "we_hmac_pkey_update", ret);
 
     return ret;
