From 706e228dada996c980a0462e0f4c4cc0aa1f4b98 Mon Sep 17 00:00:00 2001 From: Jou Ho <43765840+jouho@users.noreply.github.com> Date: Wed, 10 Jul 2024 16:43:30 -0700 Subject: [PATCH] Refactor: change init and destroy_key return type to S2N_RESULT in s2n_cipher struct (#4639) --- crypto/s2n_aead_cipher_aes_gcm.c | 22 ++++++++-------- crypto/s2n_aead_cipher_chacha20_poly1305.c | 26 +++++++++---------- crypto/s2n_cbc_cipher_3des.c | 10 +++---- crypto/s2n_cbc_cipher_aes.c | 10 +++---- crypto/s2n_cipher.h | 4 +-- crypto/s2n_composite_cipher_aes_sha.c | 10 +++---- crypto/s2n_stream_cipher_null.c | 8 +++--- crypto/s2n_stream_cipher_rc4.c | 10 +++---- tests/testlib/s2n_connection_test_utils.c | 4 +-- tests/unit/s2n_3des_test.c | 9 ++++--- tests/unit/s2n_aead_aes_test.c | 8 +++--- tests/unit/s2n_aead_chacha20_poly1305_test.c | 20 +++++++------- tests/unit/s2n_aes_test.c | 16 ++++++------ tests/unit/s2n_handshake_io_early_data_test.c | 4 +-- tests/unit/s2n_rc4_test.c | 8 +++--- tests/unit/s2n_record_size_test.c | 22 ++++++++-------- tests/unit/s2n_send_key_update_test.c | 4 +-- tests/unit/s2n_tls13_record_aead_test.c | 10 +++---- tls/s2n_crypto.c | 4 +-- tls/s2n_prf.c | 4 +-- tls/s2n_resume.c | 10 +++---- 21 files changed, 112 insertions(+), 111 deletions(-) diff --git a/crypto/s2n_aead_cipher_aes_gcm.c b/crypto/s2n_aead_cipher_aes_gcm.c index 132e5977bd8..7dcec62cf93 100644 --- a/crypto/s2n_aead_cipher_aes_gcm.c +++ b/crypto/s2n_aead_cipher_aes_gcm.c @@ -185,22 +185,22 @@ static S2N_RESULT s2n_aead_cipher_aes256_gcm_set_decryption_key_tls13(struct s2n return S2N_RESULT_OK; } -static int s2n_aead_cipher_aes_gcm_init(struct s2n_session_key *key) +static S2N_RESULT s2n_aead_cipher_aes_gcm_init(struct s2n_session_key *key) { - POSIX_ENSURE_REF(key); + RESULT_ENSURE_REF(key); EVP_AEAD_CTX_zero(key->evp_aead_ctx); - return S2N_SUCCESS; + return S2N_RESULT_OK; } -static int s2n_aead_cipher_aes_gcm_destroy_key(struct s2n_session_key *key) +static S2N_RESULT s2n_aead_cipher_aes_gcm_destroy_key(struct s2n_session_key *key) { - POSIX_ENSURE_REF(key); + RESULT_ENSURE_REF(key); EVP_AEAD_CTX_cleanup(key->evp_aead_ctx); - return S2N_SUCCESS; + return S2N_RESULT_OK; } #else /* Standard AES-GCM implementation */ @@ -357,18 +357,18 @@ static S2N_RESULT s2n_aead_cipher_aes256_gcm_set_decryption_key_tls13(struct s2n return S2N_RESULT_OK; } -static int s2n_aead_cipher_aes_gcm_init(struct s2n_session_key *key) +static S2N_RESULT s2n_aead_cipher_aes_gcm_init(struct s2n_session_key *key) { - s2n_evp_ctx_init(key->evp_cipher_ctx); + RESULT_EVP_CTX_INIT(key->evp_cipher_ctx); - return S2N_SUCCESS; + return S2N_RESULT_OK; } -static int s2n_aead_cipher_aes_gcm_destroy_key(struct s2n_session_key *key) +static S2N_RESULT s2n_aead_cipher_aes_gcm_destroy_key(struct s2n_session_key *key) { EVP_CIPHER_CTX_cleanup(key->evp_cipher_ctx); - return S2N_SUCCESS; + return S2N_RESULT_OK; } #endif diff --git a/crypto/s2n_aead_cipher_chacha20_poly1305.c b/crypto/s2n_aead_cipher_chacha20_poly1305.c index 2b3d99e56b8..942902cc336 100644 --- a/crypto/s2n_aead_cipher_chacha20_poly1305.c +++ b/crypto/s2n_aead_cipher_chacha20_poly1305.c @@ -143,18 +143,18 @@ static S2N_RESULT s2n_aead_chacha20_poly1305_set_decryption_key(struct s2n_sessi return S2N_RESULT_OK; } -static int s2n_aead_chacha20_poly1305_init(struct s2n_session_key *key) +static S2N_RESULT s2n_aead_chacha20_poly1305_init(struct s2n_session_key *key) { - s2n_evp_ctx_init(key->evp_cipher_ctx); + RESULT_EVP_CTX_INIT(key->evp_cipher_ctx); - return 0; + return S2N_RESULT_OK; } -static int s2n_aead_chacha20_poly1305_destroy_key(struct s2n_session_key *key) +static S2N_RESULT s2n_aead_chacha20_poly1305_destroy_key(struct s2n_session_key *key) { EVP_CIPHER_CTX_cleanup(key->evp_cipher_ctx); - return 0; + return S2N_RESULT_OK; } #elif defined(S2N_CHACHA20_POLY1305_AVAILABLE_BSSL_AWSLC) /* BoringSSL and AWS-LC implementation */ @@ -212,18 +212,18 @@ static S2N_RESULT s2n_aead_chacha20_poly1305_set_decryption_key(struct s2n_sessi return S2N_RESULT_OK; } -static int s2n_aead_chacha20_poly1305_init(struct s2n_session_key *key) +static S2N_RESULT s2n_aead_chacha20_poly1305_init(struct s2n_session_key *key) { EVP_AEAD_CTX_zero(key->evp_aead_ctx); - return 0; + return S2N_RESULT_OK; } -static int s2n_aead_chacha20_poly1305_destroy_key(struct s2n_session_key *key) +static S2N_RESULT s2n_aead_chacha20_poly1305_destroy_key(struct s2n_session_key *key) { EVP_AEAD_CTX_cleanup(key->evp_aead_ctx); - return 0; + return S2N_RESULT_OK; } #else /* No ChaCha20-Poly1305 implementation exists for chosen cryptographic provider (E.g Openssl 1.0.x) */ @@ -248,14 +248,14 @@ static S2N_RESULT s2n_aead_chacha20_poly1305_set_decryption_key(struct s2n_sessi RESULT_BAIL(S2N_ERR_KEY_INIT); } -static int s2n_aead_chacha20_poly1305_init(struct s2n_session_key *key) +static S2N_RESULT s2n_aead_chacha20_poly1305_init(struct s2n_session_key *key) { - POSIX_BAIL(S2N_ERR_KEY_INIT); + RESULT_BAIL(S2N_ERR_KEY_INIT); } -static int s2n_aead_chacha20_poly1305_destroy_key(struct s2n_session_key *key) +static S2N_RESULT s2n_aead_chacha20_poly1305_destroy_key(struct s2n_session_key *key) { - POSIX_BAIL(S2N_ERR_KEY_DESTROY); + RESULT_BAIL(S2N_ERR_KEY_DESTROY); } #endif diff --git a/crypto/s2n_cbc_cipher_3des.c b/crypto/s2n_cbc_cipher_3des.c index 6ae65607614..e29f28d5405 100644 --- a/crypto/s2n_cbc_cipher_3des.c +++ b/crypto/s2n_cbc_cipher_3des.c @@ -74,18 +74,18 @@ static S2N_RESULT s2n_cbc_cipher_3des_set_encryption_key(struct s2n_session_key return S2N_RESULT_OK; } -static int s2n_cbc_cipher_3des_init(struct s2n_session_key *key) +static S2N_RESULT s2n_cbc_cipher_3des_init(struct s2n_session_key *key) { - s2n_evp_ctx_init(key->evp_cipher_ctx); + RESULT_EVP_CTX_INIT(key->evp_cipher_ctx); - return 0; + return S2N_RESULT_OK; } -static int s2n_cbc_cipher_3des_destroy_key(struct s2n_session_key *key) +static S2N_RESULT s2n_cbc_cipher_3des_destroy_key(struct s2n_session_key *key) { EVP_CIPHER_CTX_cleanup(key->evp_cipher_ctx); - return 0; + return S2N_RESULT_OK; } const struct s2n_cipher s2n_3des = { diff --git a/crypto/s2n_cbc_cipher_aes.c b/crypto/s2n_cbc_cipher_aes.c index f422fb9a2c6..6ddfd0ef8ab 100644 --- a/crypto/s2n_cbc_cipher_aes.c +++ b/crypto/s2n_cbc_cipher_aes.c @@ -100,18 +100,18 @@ S2N_RESULT s2n_cbc_cipher_aes256_set_encryption_key(struct s2n_session_key *key, return S2N_RESULT_OK; } -static int s2n_cbc_cipher_aes_init(struct s2n_session_key *key) +static S2N_RESULT s2n_cbc_cipher_aes_init(struct s2n_session_key *key) { - s2n_evp_ctx_init(key->evp_cipher_ctx); + RESULT_EVP_CTX_INIT(key->evp_cipher_ctx); - return 0; + return S2N_RESULT_OK; } -static int s2n_cbc_cipher_aes_destroy_key(struct s2n_session_key *key) +static S2N_RESULT s2n_cbc_cipher_aes_destroy_key(struct s2n_session_key *key) { EVP_CIPHER_CTX_cleanup(key->evp_cipher_ctx); - return 0; + return S2N_RESULT_OK; } const struct s2n_cipher s2n_aes128 = { diff --git a/crypto/s2n_cipher.h b/crypto/s2n_cipher.h index f0dc1f6f27f..4dcc7a25106 100644 --- a/crypto/s2n_cipher.h +++ b/crypto/s2n_cipher.h @@ -83,10 +83,10 @@ struct s2n_cipher { } io; uint8_t key_material_size; uint8_t (*is_available)(void); - int (*init)(struct s2n_session_key *key); + S2N_RESULT (*init)(struct s2n_session_key *key); S2N_RESULT (*set_decryption_key)(struct s2n_session_key *key, struct s2n_blob *in); S2N_RESULT (*set_encryption_key)(struct s2n_session_key *key, struct s2n_blob *in); - int (*destroy_key)(struct s2n_session_key *key); + S2N_RESULT (*destroy_key)(struct s2n_session_key *key); S2N_RESULT (*set_ktls_info)(struct s2n_ktls_crypto_info_inputs *inputs, struct s2n_ktls_crypto_info *crypto_info); }; diff --git a/crypto/s2n_composite_cipher_aes_sha.c b/crypto/s2n_composite_cipher_aes_sha.c index befe394e75d..2c9a4547f39 100644 --- a/crypto/s2n_composite_cipher_aes_sha.c +++ b/crypto/s2n_composite_cipher_aes_sha.c @@ -287,18 +287,18 @@ static S2N_RESULT s2n_composite_cipher_aes256_sha256_set_decryption_key(struct s return S2N_RESULT_OK; } -static int s2n_composite_cipher_aes_sha_init(struct s2n_session_key *key) +static S2N_RESULT s2n_composite_cipher_aes_sha_init(struct s2n_session_key *key) { - s2n_evp_ctx_init(key->evp_cipher_ctx); + RESULT_EVP_CTX_INIT(key->evp_cipher_ctx); - return 0; + return S2N_RESULT_OK; } -static int s2n_composite_cipher_aes_sha_destroy_key(struct s2n_session_key *key) +static S2N_RESULT s2n_composite_cipher_aes_sha_destroy_key(struct s2n_session_key *key) { EVP_CIPHER_CTX_cleanup(key->evp_cipher_ctx); - return 0; + return S2N_RESULT_OK; } const struct s2n_cipher s2n_aes128_sha = { diff --git a/crypto/s2n_stream_cipher_null.c b/crypto/s2n_stream_cipher_null.c index 2383d073d10..d8d28007f18 100644 --- a/crypto/s2n_stream_cipher_null.c +++ b/crypto/s2n_stream_cipher_null.c @@ -38,14 +38,14 @@ static S2N_RESULT s2n_stream_cipher_null_get_key(struct s2n_session_key *key, st return S2N_RESULT_OK; } -static int s2n_stream_cipher_null_destroy_key(struct s2n_session_key *key) +static S2N_RESULT s2n_stream_cipher_null_destroy_key(struct s2n_session_key *key) { - return 0; + return S2N_RESULT_OK; } -static int s2n_stream_cipher_null_init(struct s2n_session_key *key) +static S2N_RESULT s2n_stream_cipher_null_init(struct s2n_session_key *key) { - return 0; + return S2N_RESULT_OK; } const struct s2n_cipher s2n_null_cipher = { diff --git a/crypto/s2n_stream_cipher_rc4.c b/crypto/s2n_stream_cipher_rc4.c index 2430f312d3f..d570097b6e8 100644 --- a/crypto/s2n_stream_cipher_rc4.c +++ b/crypto/s2n_stream_cipher_rc4.c @@ -87,18 +87,18 @@ static S2N_RESULT s2n_stream_cipher_rc4_set_decryption_key(struct s2n_session_ke return S2N_RESULT_OK; } -static int s2n_stream_cipher_rc4_init(struct s2n_session_key *key) +static S2N_RESULT s2n_stream_cipher_rc4_init(struct s2n_session_key *key) { - s2n_evp_ctx_init(key->evp_cipher_ctx); + RESULT_EVP_CTX_INIT(key->evp_cipher_ctx); - return 0; + return S2N_RESULT_OK; } -static int s2n_stream_cipher_rc4_destroy_key(struct s2n_session_key *key) +static S2N_RESULT s2n_stream_cipher_rc4_destroy_key(struct s2n_session_key *key) { EVP_CIPHER_CTX_cleanup(key->evp_cipher_ctx); - return 0; + return S2N_RESULT_OK; } const struct s2n_cipher s2n_rc4 = { diff --git a/tests/testlib/s2n_connection_test_utils.c b/tests/testlib/s2n_connection_test_utils.c index cd8661e91db..bc6c2db2283 100644 --- a/tests/testlib/s2n_connection_test_utils.c +++ b/tests/testlib/s2n_connection_test_utils.c @@ -296,13 +296,13 @@ S2N_RESULT s2n_connection_set_secrets(struct s2n_connection *conn) uint8_t client_key_bytes[S2N_TLS13_SECRET_MAX_LEN] = "client key"; struct s2n_blob client_key = { 0 }; RESULT_GUARD_POSIX(s2n_blob_init(&client_key, client_key_bytes, cipher->key_material_size)); - RESULT_GUARD_POSIX(cipher->init(&conn->secure->client_key)); + RESULT_GUARD(cipher->init(&conn->secure->client_key)); RESULT_GUARD(cipher->set_encryption_key(&conn->secure->client_key, &client_key)); uint8_t server_key_bytes[S2N_TLS13_SECRET_MAX_LEN] = "server key"; struct s2n_blob server_key = { 0 }; RESULT_GUARD_POSIX(s2n_blob_init(&server_key, server_key_bytes, cipher->key_material_size)); - RESULT_GUARD_POSIX(cipher->init(&conn->secure->server_key)); + RESULT_GUARD(cipher->init(&conn->secure->server_key)); RESULT_GUARD(cipher->set_encryption_key(&conn->secure->server_key, &server_key)); conn->client = conn->secure; diff --git a/tests/unit/s2n_3des_test.c b/tests/unit/s2n_3des_test.c index 6cf524e5475..2420f3e7354 100644 --- a/tests/unit/s2n_3des_test.c +++ b/tests/unit/s2n_3des_test.c @@ -50,10 +50,11 @@ int main(int argc, char **argv) /* test the 3des cipher with a SHA1 hash */ conn->secure->cipher_suite->record_alg = &s2n_record_alg_3des_sha; - EXPECT_SUCCESS(conn->secure->cipher_suite->record_alg->cipher->init(&conn->secure->server_key)); - EXPECT_SUCCESS(conn->secure->cipher_suite->record_alg->cipher->init(&conn->secure->client_key)); + EXPECT_OK(conn->secure->cipher_suite->record_alg->cipher->init(&conn->secure->server_key)); + EXPECT_OK(conn->secure->cipher_suite->record_alg->cipher->init(&conn->secure->client_key)); EXPECT_OK(conn->secure->cipher_suite->record_alg->cipher->set_encryption_key(&conn->secure->server_key, &des3)); EXPECT_OK(conn->secure->cipher_suite->record_alg->cipher->set_decryption_key(&conn->secure->client_key, &des3)); + EXPECT_SUCCESS(s2n_hmac_init(&conn->secure->client_record_mac, S2N_HMAC_SHA1, mac_key, sizeof(mac_key))); EXPECT_SUCCESS(s2n_hmac_init(&conn->secure->server_record_mac, S2N_HMAC_SHA1, mac_key, sizeof(mac_key))); conn->actual_protocol_version = S2N_TLS11; @@ -107,8 +108,8 @@ int main(int argc, char **argv) EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->in)); } - EXPECT_SUCCESS(conn->secure->cipher_suite->record_alg->cipher->destroy_key(&conn->secure->server_key)); - EXPECT_SUCCESS(conn->secure->cipher_suite->record_alg->cipher->destroy_key(&conn->secure->client_key)); + EXPECT_OK(conn->secure->cipher_suite->record_alg->cipher->destroy_key(&conn->secure->server_key)); + EXPECT_OK(conn->secure->cipher_suite->record_alg->cipher->destroy_key(&conn->secure->client_key)); EXPECT_SUCCESS(s2n_connection_free(conn)); END_TEST(); diff --git a/tests/unit/s2n_aead_aes_test.c b/tests/unit/s2n_aead_aes_test.c index bb005d3bf3f..388f98075aa 100644 --- a/tests/unit/s2n_aead_aes_test.c +++ b/tests/unit/s2n_aead_aes_test.c @@ -30,15 +30,15 @@ static int destroy_server_keys(struct s2n_connection *server_conn) { - POSIX_GUARD(server_conn->initial->cipher_suite->record_alg->cipher->destroy_key(&server_conn->initial->server_key)); - POSIX_GUARD(server_conn->initial->cipher_suite->record_alg->cipher->destroy_key(&server_conn->initial->client_key)); + POSIX_GUARD_RESULT(server_conn->initial->cipher_suite->record_alg->cipher->destroy_key(&server_conn->initial->server_key)); + POSIX_GUARD_RESULT(server_conn->initial->cipher_suite->record_alg->cipher->destroy_key(&server_conn->initial->client_key)); return 0; } static int setup_server_keys(struct s2n_connection *server_conn, struct s2n_blob *key) { - POSIX_GUARD(server_conn->initial->cipher_suite->record_alg->cipher->init(&server_conn->initial->server_key)); - POSIX_GUARD(server_conn->initial->cipher_suite->record_alg->cipher->init(&server_conn->initial->client_key)); + POSIX_GUARD_RESULT(server_conn->initial->cipher_suite->record_alg->cipher->init(&server_conn->initial->server_key)); + POSIX_GUARD_RESULT(server_conn->initial->cipher_suite->record_alg->cipher->init(&server_conn->initial->client_key)); POSIX_GUARD_RESULT(server_conn->initial->cipher_suite->record_alg->cipher->set_encryption_key(&server_conn->initial->server_key, key)); POSIX_GUARD_RESULT(server_conn->initial->cipher_suite->record_alg->cipher->set_decryption_key(&server_conn->initial->client_key, key)); diff --git a/tests/unit/s2n_aead_chacha20_poly1305_test.c b/tests/unit/s2n_aead_chacha20_poly1305_test.c index bf51b835066..8b26a299f69 100644 --- a/tests/unit/s2n_aead_chacha20_poly1305_test.c +++ b/tests/unit/s2n_aead_chacha20_poly1305_test.c @@ -31,15 +31,15 @@ static int destroy_server_keys(struct s2n_connection *server_conn) { - POSIX_GUARD(server_conn->initial->cipher_suite->record_alg->cipher->destroy_key(&server_conn->initial->server_key)); - POSIX_GUARD(server_conn->initial->cipher_suite->record_alg->cipher->destroy_key(&server_conn->initial->client_key)); + POSIX_GUARD_RESULT(server_conn->initial->cipher_suite->record_alg->cipher->destroy_key(&server_conn->initial->server_key)); + POSIX_GUARD_RESULT(server_conn->initial->cipher_suite->record_alg->cipher->destroy_key(&server_conn->initial->client_key)); return 0; } static int setup_server_keys(struct s2n_connection *server_conn, struct s2n_blob *key) { - POSIX_GUARD(server_conn->initial->cipher_suite->record_alg->cipher->init(&server_conn->initial->server_key)); - POSIX_GUARD(server_conn->initial->cipher_suite->record_alg->cipher->init(&server_conn->initial->client_key)); + POSIX_GUARD_RESULT(server_conn->initial->cipher_suite->record_alg->cipher->init(&server_conn->initial->server_key)); + POSIX_GUARD_RESULT(server_conn->initial->cipher_suite->record_alg->cipher->init(&server_conn->initial->client_key)); POSIX_GUARD_RESULT(server_conn->initial->cipher_suite->record_alg->cipher->set_encryption_key(&server_conn->initial->server_key, key)); POSIX_GUARD_RESULT(server_conn->initial->cipher_suite->record_alg->cipher->set_decryption_key(&server_conn->initial->client_key, key)); @@ -182,8 +182,8 @@ int main(int argc, char **argv) EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->header_in)); EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->in)); - POSIX_GUARD(conn->initial->cipher_suite->record_alg->cipher->destroy_key(&conn->initial->server_key)); - POSIX_GUARD(conn->initial->cipher_suite->record_alg->cipher->destroy_key(&conn->initial->client_key)); + POSIX_GUARD_RESULT(conn->initial->cipher_suite->record_alg->cipher->destroy_key(&conn->initial->server_key)); + POSIX_GUARD_RESULT(conn->initial->cipher_suite->record_alg->cipher->destroy_key(&conn->initial->client_key)); /* Tamper with the TAG and ensure decryption fails */ for (size_t j = 0; j < S2N_TLS_CHACHA20_POLY1305_TAG_LEN; j++) { @@ -208,8 +208,8 @@ int main(int argc, char **argv) EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->header_in)); EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->in)); - POSIX_GUARD(conn->initial->cipher_suite->record_alg->cipher->destroy_key(&conn->initial->server_key)); - POSIX_GUARD(conn->initial->cipher_suite->record_alg->cipher->destroy_key(&conn->initial->client_key)); + POSIX_GUARD_RESULT(conn->initial->cipher_suite->record_alg->cipher->destroy_key(&conn->initial->server_key)); + POSIX_GUARD_RESULT(conn->initial->cipher_suite->record_alg->cipher->destroy_key(&conn->initial->client_key)); } /* Tamper with the encrypted payload in the ciphertext and ensure decryption fails */ @@ -235,8 +235,8 @@ int main(int argc, char **argv) EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->header_in)); EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->in)); - POSIX_GUARD(conn->initial->cipher_suite->record_alg->cipher->destroy_key(&conn->initial->server_key)); - POSIX_GUARD(conn->initial->cipher_suite->record_alg->cipher->destroy_key(&conn->initial->client_key)); + POSIX_GUARD_RESULT(conn->initial->cipher_suite->record_alg->cipher->destroy_key(&conn->initial->server_key)); + POSIX_GUARD_RESULT(conn->initial->cipher_suite->record_alg->cipher->destroy_key(&conn->initial->client_key)); } } diff --git a/tests/unit/s2n_aes_test.c b/tests/unit/s2n_aes_test.c index 068af94032b..9928958a190 100644 --- a/tests/unit/s2n_aes_test.c +++ b/tests/unit/s2n_aes_test.c @@ -53,8 +53,8 @@ int main(int argc, char **argv) /* test the AES128 cipher with a SHA1 hash */ conn->secure->cipher_suite->record_alg = &s2n_record_alg_aes128_sha; - EXPECT_SUCCESS(conn->secure->cipher_suite->record_alg->cipher->init(&conn->secure->server_key)); - EXPECT_SUCCESS(conn->secure->cipher_suite->record_alg->cipher->init(&conn->secure->client_key)); + EXPECT_OK(conn->secure->cipher_suite->record_alg->cipher->init(&conn->secure->server_key)); + EXPECT_OK(conn->secure->cipher_suite->record_alg->cipher->init(&conn->secure->client_key)); EXPECT_OK(conn->secure->cipher_suite->record_alg->cipher->set_encryption_key(&conn->secure->server_key, &aes128)); EXPECT_OK(conn->secure->cipher_suite->record_alg->cipher->set_decryption_key(&conn->secure->client_key, &aes128)); EXPECT_SUCCESS(s2n_hmac_init(&conn->secure->client_record_mac, S2N_HMAC_SHA1, mac_key, sizeof(mac_key))); @@ -110,8 +110,8 @@ int main(int argc, char **argv) EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->in)); } - EXPECT_SUCCESS(conn->secure->cipher_suite->record_alg->cipher->destroy_key(&conn->secure->server_key)); - EXPECT_SUCCESS(conn->secure->cipher_suite->record_alg->cipher->destroy_key(&conn->secure->client_key)); + EXPECT_OK(conn->secure->cipher_suite->record_alg->cipher->destroy_key(&conn->secure->server_key)); + EXPECT_OK(conn->secure->cipher_suite->record_alg->cipher->destroy_key(&conn->secure->client_key)); EXPECT_SUCCESS(s2n_connection_free(conn)); /* test the AES256 cipher with a SHA1 hash */ @@ -119,8 +119,8 @@ int main(int argc, char **argv) conn->server = conn->secure; conn->client = conn->secure; conn->secure->cipher_suite->record_alg = &s2n_record_alg_aes256_sha; - EXPECT_SUCCESS(conn->secure->cipher_suite->record_alg->cipher->init(&conn->secure->server_key)); - EXPECT_SUCCESS(conn->secure->cipher_suite->record_alg->cipher->init(&conn->secure->client_key)); + EXPECT_OK(conn->secure->cipher_suite->record_alg->cipher->init(&conn->secure->server_key)); + EXPECT_OK(conn->secure->cipher_suite->record_alg->cipher->init(&conn->secure->client_key)); EXPECT_OK(conn->secure->cipher_suite->record_alg->cipher->set_encryption_key(&conn->secure->server_key, &aes256)); EXPECT_OK(conn->secure->cipher_suite->record_alg->cipher->set_decryption_key(&conn->secure->client_key, &aes256)); EXPECT_SUCCESS(s2n_hmac_init(&conn->secure->client_record_mac, S2N_HMAC_SHA1, mac_key, sizeof(mac_key))); @@ -176,8 +176,8 @@ int main(int argc, char **argv) EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->in)); } - EXPECT_SUCCESS(conn->secure->cipher_suite->record_alg->cipher->destroy_key(&conn->secure->server_key)); - EXPECT_SUCCESS(conn->secure->cipher_suite->record_alg->cipher->destroy_key(&conn->secure->client_key)); + EXPECT_OK(conn->secure->cipher_suite->record_alg->cipher->destroy_key(&conn->secure->server_key)); + EXPECT_OK(conn->secure->cipher_suite->record_alg->cipher->destroy_key(&conn->secure->client_key)); EXPECT_SUCCESS(s2n_connection_free(conn)); END_TEST(); diff --git a/tests/unit/s2n_handshake_io_early_data_test.c b/tests/unit/s2n_handshake_io_early_data_test.c index 3529bbbabda..c874c1d0dc9 100644 --- a/tests/unit/s2n_handshake_io_early_data_test.c +++ b/tests/unit/s2n_handshake_io_early_data_test.c @@ -63,7 +63,7 @@ int main(int argc, char **argv) EXPECT_SUCCESS(s2n_connection_set_blinding(server_conn, S2N_SELF_SERVICE_BLINDING)); server_conn->secure->cipher_suite = test_cipher_suite; - POSIX_GUARD(server_conn->secure->cipher_suite->record_alg->cipher->init(&server_conn->secure->client_key)); + POSIX_GUARD_RESULT(server_conn->secure->cipher_suite->record_alg->cipher->init(&server_conn->secure->client_key)); POSIX_GUARD_RESULT(server_conn->secure->cipher_suite->record_alg->cipher->set_decryption_key(&server_conn->secure->client_key, &test_key)); server_conn->client = server_conn->secure; @@ -107,7 +107,7 @@ int main(int argc, char **argv) EXPECT_SUCCESS(s2n_connection_set_blinding(client_conn, S2N_SELF_SERVICE_BLINDING)); client_conn->secure->cipher_suite = test_cipher_suite; - POSIX_GUARD(client_conn->secure->cipher_suite->record_alg->cipher->init(&client_conn->secure->server_key)); + POSIX_GUARD_RESULT(client_conn->secure->cipher_suite->record_alg->cipher->init(&client_conn->secure->server_key)); POSIX_GUARD_RESULT(client_conn->secure->cipher_suite->record_alg->cipher->set_decryption_key(&client_conn->secure->server_key, &test_key)); client_conn->server = client_conn->secure; diff --git a/tests/unit/s2n_rc4_test.c b/tests/unit/s2n_rc4_test.c index d866acb2f6a..1b28569b313 100644 --- a/tests/unit/s2n_rc4_test.c +++ b/tests/unit/s2n_rc4_test.c @@ -68,8 +68,8 @@ int main(int argc, char **argv) /* test the RC4 cipher with a SHA1 hash */ conn->secure->cipher_suite->record_alg = &s2n_record_alg_rc4_sha; - EXPECT_SUCCESS(conn->secure->cipher_suite->record_alg->cipher->init(&conn->secure->server_key)); - EXPECT_SUCCESS(conn->secure->cipher_suite->record_alg->cipher->init(&conn->secure->client_key)); + EXPECT_OK(conn->secure->cipher_suite->record_alg->cipher->init(&conn->secure->server_key)); + EXPECT_OK(conn->secure->cipher_suite->record_alg->cipher->init(&conn->secure->client_key)); if (conn->secure->cipher_suite->record_alg->cipher->is_available()) { EXPECT_OK(conn->secure->cipher_suite->record_alg->cipher->set_decryption_key(&conn->secure->client_key, &key_iv)); EXPECT_OK(conn->secure->cipher_suite->record_alg->cipher->set_encryption_key(&conn->secure->server_key, &key_iv)); @@ -126,8 +126,8 @@ int main(int argc, char **argv) EXPECT_SUCCESS(s2n_stuffer_wipe(&conn->in)); } - EXPECT_SUCCESS(conn->secure->cipher_suite->record_alg->cipher->destroy_key(&conn->secure->server_key)); - EXPECT_SUCCESS(conn->secure->cipher_suite->record_alg->cipher->destroy_key(&conn->secure->client_key)); + EXPECT_OK(conn->secure->cipher_suite->record_alg->cipher->destroy_key(&conn->secure->server_key)); + EXPECT_OK(conn->secure->cipher_suite->record_alg->cipher->destroy_key(&conn->secure->client_key)); } else { EXPECT_ERROR_WITH_ERRNO(conn->secure->cipher_suite->record_alg->cipher->set_decryption_key(&conn->secure->client_key, &key_iv), S2N_ERR_KEY_INIT); EXPECT_ERROR_WITH_ERRNO(conn->secure->cipher_suite->record_alg->cipher->set_encryption_key(&conn->secure->server_key, &key_iv), S2N_ERR_KEY_INIT); diff --git a/tests/unit/s2n_record_size_test.c b/tests/unit/s2n_record_size_test.c index b41cff8171c..79fba0ef5cc 100644 --- a/tests/unit/s2n_record_size_test.c +++ b/tests/unit/s2n_record_size_test.c @@ -38,16 +38,16 @@ static int destroy_server_keys(struct s2n_connection *server_conn) { - POSIX_GUARD(server_conn->initial->cipher_suite->record_alg->cipher->destroy_key(&server_conn->initial->server_key)); - POSIX_GUARD(server_conn->initial->cipher_suite->record_alg->cipher->destroy_key(&server_conn->initial->client_key)); + POSIX_GUARD_RESULT(server_conn->initial->cipher_suite->record_alg->cipher->destroy_key(&server_conn->initial->server_key)); + POSIX_GUARD_RESULT(server_conn->initial->cipher_suite->record_alg->cipher->destroy_key(&server_conn->initial->client_key)); return S2N_SUCCESS; } static int setup_server_keys(struct s2n_connection *server_conn, struct s2n_blob *key) { - POSIX_GUARD(server_conn->initial->cipher_suite->record_alg->cipher->init(&server_conn->initial->server_key)); - POSIX_GUARD(server_conn->initial->cipher_suite->record_alg->cipher->init(&server_conn->initial->client_key)); + POSIX_GUARD_RESULT(server_conn->initial->cipher_suite->record_alg->cipher->init(&server_conn->initial->server_key)); + POSIX_GUARD_RESULT(server_conn->initial->cipher_suite->record_alg->cipher->init(&server_conn->initial->client_key)); POSIX_GUARD_RESULT(server_conn->initial->cipher_suite->record_alg->cipher->set_encryption_key(&server_conn->initial->server_key, key)); POSIX_GUARD_RESULT(server_conn->initial->cipher_suite->record_alg->cipher->set_decryption_key(&server_conn->initial->client_key, key)); @@ -82,8 +82,8 @@ int main(int argc, char **argv) /* test the AES128 cipher with a SHA1 hash */ conn->secure->cipher_suite->record_alg = &s2n_record_alg_aes128_sha; - EXPECT_SUCCESS(conn->secure->cipher_suite->record_alg->cipher->init(&conn->secure->server_key)); - EXPECT_SUCCESS(conn->secure->cipher_suite->record_alg->cipher->init(&conn->secure->client_key)); + EXPECT_OK(conn->secure->cipher_suite->record_alg->cipher->init(&conn->secure->server_key)); + EXPECT_OK(conn->secure->cipher_suite->record_alg->cipher->init(&conn->secure->client_key)); EXPECT_OK(conn->secure->cipher_suite->record_alg->cipher->set_encryption_key(&conn->secure->server_key, &aes128)); EXPECT_OK(conn->secure->cipher_suite->record_alg->cipher->set_decryption_key(&conn->secure->client_key, &aes128)); EXPECT_SUCCESS(s2n_hmac_init(&conn->secure->client_record_mac, S2N_HMAC_SHA1, mac_key, sizeof(mac_key))); @@ -116,8 +116,8 @@ int main(int argc, char **argv) /* Clean up */ conn->secure->cipher_suite->record_alg = &s2n_record_alg_null; /* restore mutated null cipher suite */ - EXPECT_SUCCESS(conn->secure->cipher_suite->record_alg->cipher->destroy_key(&conn->secure->server_key)); - EXPECT_SUCCESS(conn->secure->cipher_suite->record_alg->cipher->destroy_key(&conn->secure->client_key)); + EXPECT_OK(conn->secure->cipher_suite->record_alg->cipher->destroy_key(&conn->secure->server_key)); + EXPECT_OK(conn->secure->cipher_suite->record_alg->cipher->destroy_key(&conn->secure->client_key)); }; /* Test s2n_record_max_write_payload_size() have proper checks in place */ @@ -252,8 +252,8 @@ int main(int argc, char **argv) struct s2n_blob des3 = { 0 }; EXPECT_SUCCESS(s2n_blob_init(&des3, des3_key, sizeof(des3_key))); server_conn->server = server_conn->secure; - EXPECT_SUCCESS(server_conn->secure->cipher_suite->record_alg->cipher->init(&server_conn->secure->server_key)); - EXPECT_SUCCESS(server_conn->secure->cipher_suite->record_alg->cipher->init(&server_conn->secure->client_key)); + EXPECT_OK(server_conn->secure->cipher_suite->record_alg->cipher->init(&server_conn->secure->server_key)); + EXPECT_OK(server_conn->secure->cipher_suite->record_alg->cipher->init(&server_conn->secure->client_key)); EXPECT_OK(server_conn->secure->cipher_suite->record_alg->cipher->set_encryption_key(&server_conn->secure->server_key, &des3)); EXPECT_OK(server_conn->secure->cipher_suite->record_alg->cipher->set_decryption_key(&server_conn->secure->client_key, &des3)); EXPECT_SUCCESS(s2n_hmac_init(&server_conn->secure->server_record_mac, S2N_HMAC_SHA1, mac_key, sizeof(mac_key))); @@ -407,7 +407,7 @@ int main(int argc, char **argv) uint8_t *implicit_iv = server_conn->server->server_implicit_iv; /* init record algorithm */ - EXPECT_SUCCESS(cipher_suite->record_alg->cipher->init(session_key)); + EXPECT_OK(cipher_suite->record_alg->cipher->init(session_key)); S2N_BLOB_FROM_HEX(key, "0123456789abcdef0123456789abcdef"); EXPECT_OK(cipher_suite->record_alg->cipher->set_encryption_key(session_key, &key)); EXPECT_OK(cipher_suite->record_alg->cipher->set_decryption_key(session_key, &key)); diff --git a/tests/unit/s2n_send_key_update_test.c b/tests/unit/s2n_send_key_update_test.c index 97a3e8fbe9e..82435eafcec 100644 --- a/tests/unit/s2n_send_key_update_test.c +++ b/tests/unit/s2n_send_key_update_test.c @@ -50,8 +50,8 @@ static int s2n_test_init_encryption(struct s2n_connection *conn) uint8_t *client_implicit_iv = conn->client->client_implicit_iv; /* Initialize record algorithm */ - POSIX_GUARD(cipher_suite->record_alg->cipher->init(server_session_key)); - POSIX_GUARD(cipher_suite->record_alg->cipher->init(client_session_key)); + POSIX_GUARD_RESULT(cipher_suite->record_alg->cipher->init(server_session_key)); + POSIX_GUARD_RESULT(cipher_suite->record_alg->cipher->init(client_session_key)); POSIX_GUARD_RESULT(cipher_suite->record_alg->cipher->set_encryption_key(server_session_key, &key)); POSIX_GUARD_RESULT(cipher_suite->record_alg->cipher->set_encryption_key(client_session_key, &key)); POSIX_GUARD_RESULT(cipher_suite->record_alg->cipher->set_decryption_key(server_session_key, &key)); diff --git a/tests/unit/s2n_tls13_record_aead_test.c b/tests/unit/s2n_tls13_record_aead_test.c index 914c63bb613..afd1e9a24fd 100644 --- a/tests/unit/s2n_tls13_record_aead_test.c +++ b/tests/unit/s2n_tls13_record_aead_test.c @@ -136,7 +136,7 @@ int main(int argc, char **argv) conn->actual_protocol_version = S2N_TLS13; /* init record algorithm */ - EXPECT_SUCCESS(cipher_suite->record_alg->cipher->init(&session_key)); + EXPECT_OK(cipher_suite->record_alg->cipher->init(&session_key)); S2N_BLOB_FROM_HEX(key, "3fce516009c21727d0f2e4e86ee403bc"); EXPECT_OK(cipher_suite->record_alg->cipher->set_decryption_key(&session_key, &key)); @@ -222,7 +222,7 @@ int main(int argc, char **argv) uint8_t *implicit_iv = conn->server->server_implicit_iv; /* init record algorithm */ - EXPECT_SUCCESS(cipher_suite->record_alg->cipher->init(session_key)); + EXPECT_OK(cipher_suite->record_alg->cipher->init(session_key)); S2N_BLOB_FROM_HEX(key, "3fce516009c21727d0f2e4e86ee403bc"); EXPECT_OK(cipher_suite->record_alg->cipher->set_encryption_key(session_key, &key)); @@ -279,7 +279,7 @@ int main(int argc, char **argv) uint8_t *implicit_iv = conn->server->server_implicit_iv; /* init record algorithm */ - EXPECT_SUCCESS(cipher_suite->record_alg->cipher->init(session_key)); + EXPECT_OK(cipher_suite->record_alg->cipher->init(session_key)); S2N_BLOB_FROM_HEX(key, "3fce516009c21727d0f2e4e86ee403bc"); EXPECT_OK(cipher_suite->record_alg->cipher->set_encryption_key(session_key, &key)); EXPECT_OK(cipher_suite->record_alg->cipher->set_decryption_key(session_key, &key)); @@ -348,8 +348,8 @@ int main(int argc, char **argv) conn->client = conn->secure; /* init record algorithm */ - EXPECT_SUCCESS(cipher_suite->record_alg->cipher->init(&conn->secure->server_key)); - EXPECT_SUCCESS(cipher_suite->record_alg->cipher->init(&conn->secure->client_key)); + EXPECT_OK(cipher_suite->record_alg->cipher->init(&conn->secure->server_key)); + EXPECT_OK(cipher_suite->record_alg->cipher->init(&conn->secure->client_key)); S2N_BLOB_FROM_HEX(key, "3fce516009c21727d0f2e4e86ee403bc"); EXPECT_OK(cipher_suite->record_alg->cipher->set_encryption_key(&conn->secure->server_key, &key)); EXPECT_OK(cipher_suite->record_alg->cipher->set_decryption_key(&conn->secure->client_key, &key)); diff --git a/tls/s2n_crypto.c b/tls/s2n_crypto.c index e351b47f6ab..ea60e89a221 100644 --- a/tls/s2n_crypto.c +++ b/tls/s2n_crypto.c @@ -66,8 +66,8 @@ S2N_RESULT s2n_crypto_parameters_wipe(struct s2n_crypto_parameters *params) && params->cipher_suite->record_alg && params->cipher_suite->record_alg->cipher && params->cipher_suite->record_alg->cipher->destroy_key) { - RESULT_GUARD_POSIX(params->cipher_suite->record_alg->cipher->destroy_key(¶ms->client_key)); - RESULT_GUARD_POSIX(params->cipher_suite->record_alg->cipher->destroy_key(¶ms->server_key)); + RESULT_GUARD(params->cipher_suite->record_alg->cipher->destroy_key(¶ms->client_key)); + RESULT_GUARD(params->cipher_suite->record_alg->cipher->destroy_key(¶ms->server_key)); } *params = (struct s2n_crypto_parameters){ 0 }; diff --git a/tls/s2n_prf.c b/tls/s2n_prf.c index 6f676e4868c..b669501a4c8 100644 --- a/tls/s2n_prf.c +++ b/tls/s2n_prf.c @@ -1033,8 +1033,8 @@ int s2n_prf_key_expansion(struct s2n_connection *conn) POSIX_GUARD_RESULT(s2n_prf_generate_key_material(conn, &key_material)); POSIX_ENSURE(cipher_suite->available, S2N_ERR_PRF_INVALID_ALGORITHM); - POSIX_GUARD(cipher->init(&conn->secure->client_key)); - POSIX_GUARD(cipher->init(&conn->secure->server_key)); + POSIX_GUARD_RESULT(cipher->init(&conn->secure->client_key)); + POSIX_GUARD_RESULT(cipher->init(&conn->secure->server_key)); /* Seed the client MAC */ POSIX_GUARD(s2n_hmac_reset(&conn->secure->client_record_mac)); diff --git a/tls/s2n_resume.c b/tls/s2n_resume.c index 9f41de4fef6..d8014835aa3 100644 --- a/tls/s2n_resume.c +++ b/tls/s2n_resume.c @@ -796,7 +796,7 @@ int s2n_encrypt_session_ticket(struct s2n_connection *conn, struct s2n_stuffer * POSIX_GUARD(s2n_blob_init(&aes_key_blob, key->aes_key, S2N_AES256_KEY_LEN)); POSIX_GUARD(s2n_session_key_alloc(&aes_ticket_key)); - POSIX_GUARD(s2n_aes256_gcm.init(&aes_ticket_key)); + POSIX_GUARD_RESULT(s2n_aes256_gcm.init(&aes_ticket_key)); POSIX_GUARD_RESULT(s2n_aes256_gcm.set_encryption_key(&aes_ticket_key, &aes_key_blob)); POSIX_GUARD(s2n_stuffer_init(&aad, &aad_blob)); @@ -817,7 +817,7 @@ int s2n_encrypt_session_ticket(struct s2n_connection *conn, struct s2n_stuffer * POSIX_GUARD(s2n_aes256_gcm.io.aead.encrypt(&aes_ticket_key, &iv, &aad_blob, &state_blob, &state_blob)); - POSIX_GUARD(s2n_aes256_gcm.destroy_key(&aes_ticket_key)); + POSIX_GUARD_RESULT(s2n_aes256_gcm.destroy_key(&aes_ticket_key)); POSIX_GUARD(s2n_session_key_free(&aes_ticket_key)); return S2N_SUCCESS; @@ -851,7 +851,7 @@ int s2n_decrypt_session_ticket(struct s2n_connection *conn, struct s2n_stuffer * POSIX_GUARD(s2n_blob_init(&aes_key_blob, key->aes_key, S2N_AES256_KEY_LEN)); POSIX_GUARD(s2n_session_key_alloc(&aes_ticket_key)); - POSIX_GUARD(s2n_aes256_gcm.init(&aes_ticket_key)); + POSIX_GUARD_RESULT(s2n_aes256_gcm.init(&aes_ticket_key)); POSIX_GUARD_RESULT(s2n_aes256_gcm.set_decryption_key(&aes_ticket_key, &aes_key_blob)); POSIX_GUARD(s2n_stuffer_init(&aad, &aad_blob)); @@ -931,7 +931,7 @@ int s2n_decrypt_session_cache(struct s2n_connection *conn, struct s2n_stuffer *f POSIX_GUARD(s2n_blob_init(&aes_key_blob, key->aes_key, S2N_AES256_KEY_LEN)); POSIX_GUARD(s2n_session_key_alloc(&aes_ticket_key)); - POSIX_GUARD(s2n_aes256_gcm.init(&aes_ticket_key)); + POSIX_GUARD_RESULT(s2n_aes256_gcm.init(&aes_ticket_key)); POSIX_GUARD_RESULT(s2n_aes256_gcm.set_decryption_key(&aes_ticket_key, &aes_key_blob)); POSIX_GUARD(s2n_stuffer_init(&aad, &aad_blob)); @@ -941,7 +941,7 @@ int s2n_decrypt_session_cache(struct s2n_connection *conn, struct s2n_stuffer *f POSIX_GUARD(s2n_stuffer_read(from, &en_blob)); POSIX_GUARD(s2n_aes256_gcm.io.aead.decrypt(&aes_ticket_key, &iv, &aad_blob, &en_blob, &en_blob)); - POSIX_GUARD(s2n_aes256_gcm.destroy_key(&aes_ticket_key)); + POSIX_GUARD_RESULT(s2n_aes256_gcm.destroy_key(&aes_ticket_key)); POSIX_GUARD(s2n_session_key_free(&aes_ticket_key)); POSIX_GUARD(s2n_stuffer_init(&state, &state_blob));