From ed4be6ef40586d6da644d5a5a918bc749c39ca52 Mon Sep 17 00:00:00 2001 From: Jou Ho <43765840+jouho@users.noreply.github.com> Date: Wed, 10 Jul 2024 13:57:24 -0700 Subject: [PATCH] Refactor: change set/get_decryption_key return type to S2N_RESULT in s2n_cipher struct (#4638) --- crypto/s2n_aead_cipher_aes_gcm.c | 160 +++++++++--------- crypto/s2n_aead_cipher_chacha20_poly1305.c | 44 ++--- crypto/s2n_cbc_cipher_3des.c | 16 +- crypto/s2n_cbc_cipher_aes.c | 32 ++-- crypto/s2n_cipher.h | 4 +- crypto/s2n_composite_cipher_aes_sha.c | 48 +++--- crypto/s2n_stream_cipher_null.c | 4 +- crypto/s2n_stream_cipher_rc4.c | 16 +- tests/testlib/s2n_connection_test_utils.c | 4 +- tests/unit/s2n_3des_test.c | 4 +- tests/unit/s2n_aead_aes_test.c | 4 +- tests/unit/s2n_aead_chacha20_poly1305_test.c | 4 +- tests/unit/s2n_aes_sha_composite_test.c | 16 +- tests/unit/s2n_aes_test.c | 8 +- tests/unit/s2n_handshake_io_early_data_test.c | 4 +- tests/unit/s2n_rc4_test.c | 8 +- tests/unit/s2n_record_size_test.c | 20 +-- tests/unit/s2n_send_key_update_test.c | 8 +- .../s2n_tls13_key_schedule_rfc8448_test.c | 20 +-- tests/unit/s2n_tls13_record_aead_test.c | 12 +- tls/s2n_prf.c | 8 +- tls/s2n_resume.c | 6 +- tls/s2n_tls13_handshake.c | 4 +- tls/s2n_tls13_key_schedule.c | 4 +- 24 files changed, 229 insertions(+), 229 deletions(-) diff --git a/crypto/s2n_aead_cipher_aes_gcm.c b/crypto/s2n_aead_cipher_aes_gcm.c index 2d28473a443..132e5977bd8 100644 --- a/crypto/s2n_aead_cipher_aes_gcm.c +++ b/crypto/s2n_aead_cipher_aes_gcm.c @@ -89,100 +89,100 @@ static int s2n_aead_cipher_aes_gcm_decrypt(struct s2n_session_key *key, struct s return S2N_SUCCESS; } -static int s2n_aead_cipher_aes128_gcm_set_encryption_key(struct s2n_session_key *key, struct s2n_blob *in) +static S2N_RESULT s2n_aead_cipher_aes128_gcm_set_encryption_key(struct s2n_session_key *key, struct s2n_blob *in) { - POSIX_ENSURE_REF(key); - POSIX_ENSURE_REF(in); + RESULT_ENSURE_REF(key); + RESULT_ENSURE_REF(in); - POSIX_ENSURE_EQ(in->size, S2N_TLS_AES_128_GCM_KEY_LEN); + RESULT_ENSURE_EQ(in->size, S2N_TLS_AES_128_GCM_KEY_LEN); - POSIX_GUARD_OSSL(EVP_AEAD_CTX_init(key->evp_aead_ctx, EVP_aead_aes_128_gcm_tls12(), in->data, in->size, S2N_TLS_GCM_TAG_LEN, NULL), S2N_ERR_KEY_INIT); + RESULT_GUARD_OSSL(EVP_AEAD_CTX_init(key->evp_aead_ctx, EVP_aead_aes_128_gcm_tls12(), in->data, in->size, S2N_TLS_GCM_TAG_LEN, NULL), S2N_ERR_KEY_INIT); - return S2N_SUCCESS; + return S2N_RESULT_OK; } -static int s2n_aead_cipher_aes256_gcm_set_encryption_key(struct s2n_session_key *key, struct s2n_blob *in) +static S2N_RESULT s2n_aead_cipher_aes256_gcm_set_encryption_key(struct s2n_session_key *key, struct s2n_blob *in) { - POSIX_ENSURE_REF(key); - POSIX_ENSURE_REF(in); + RESULT_ENSURE_REF(key); + RESULT_ENSURE_REF(in); - POSIX_ENSURE_EQ(in->size, S2N_TLS_AES_256_GCM_KEY_LEN); + RESULT_ENSURE_EQ(in->size, S2N_TLS_AES_256_GCM_KEY_LEN); - POSIX_GUARD_OSSL(EVP_AEAD_CTX_init(key->evp_aead_ctx, EVP_aead_aes_256_gcm_tls12(), in->data, in->size, S2N_TLS_GCM_TAG_LEN, NULL), S2N_ERR_KEY_INIT); + RESULT_GUARD_OSSL(EVP_AEAD_CTX_init(key->evp_aead_ctx, EVP_aead_aes_256_gcm_tls12(), in->data, in->size, S2N_TLS_GCM_TAG_LEN, NULL), S2N_ERR_KEY_INIT); - return S2N_SUCCESS; + return S2N_RESULT_OK; } -static int s2n_aead_cipher_aes128_gcm_set_decryption_key(struct s2n_session_key *key, struct s2n_blob *in) +static S2N_RESULT s2n_aead_cipher_aes128_gcm_set_decryption_key(struct s2n_session_key *key, struct s2n_blob *in) { - POSIX_ENSURE_REF(key); - POSIX_ENSURE_REF(in); + RESULT_ENSURE_REF(key); + RESULT_ENSURE_REF(in); - POSIX_ENSURE_EQ(in->size, S2N_TLS_AES_128_GCM_KEY_LEN); + RESULT_ENSURE_EQ(in->size, S2N_TLS_AES_128_GCM_KEY_LEN); - POSIX_GUARD_OSSL(EVP_AEAD_CTX_init(key->evp_aead_ctx, EVP_aead_aes_128_gcm_tls12(), in->data, in->size, S2N_TLS_GCM_TAG_LEN, NULL), S2N_ERR_KEY_INIT); + RESULT_GUARD_OSSL(EVP_AEAD_CTX_init(key->evp_aead_ctx, EVP_aead_aes_128_gcm_tls12(), in->data, in->size, S2N_TLS_GCM_TAG_LEN, NULL), S2N_ERR_KEY_INIT); - return S2N_SUCCESS; + return S2N_RESULT_OK; } -static int s2n_aead_cipher_aes256_gcm_set_decryption_key(struct s2n_session_key *key, struct s2n_blob *in) +static S2N_RESULT s2n_aead_cipher_aes256_gcm_set_decryption_key(struct s2n_session_key *key, struct s2n_blob *in) { - POSIX_ENSURE_REF(key); - POSIX_ENSURE_REF(in); + RESULT_ENSURE_REF(key); + RESULT_ENSURE_REF(in); - POSIX_ENSURE_EQ(in->size, S2N_TLS_AES_256_GCM_KEY_LEN); + RESULT_ENSURE_EQ(in->size, S2N_TLS_AES_256_GCM_KEY_LEN); - POSIX_GUARD_OSSL(EVP_AEAD_CTX_init(key->evp_aead_ctx, EVP_aead_aes_256_gcm_tls12(), in->data, in->size, S2N_TLS_GCM_TAG_LEN, NULL), S2N_ERR_KEY_INIT); + RESULT_GUARD_OSSL(EVP_AEAD_CTX_init(key->evp_aead_ctx, EVP_aead_aes_256_gcm_tls12(), in->data, in->size, S2N_TLS_GCM_TAG_LEN, NULL), S2N_ERR_KEY_INIT); - return S2N_SUCCESS; + return S2N_RESULT_OK; } -static int s2n_aead_cipher_aes128_gcm_set_encryption_key_tls13(struct s2n_session_key *key, struct s2n_blob *in) +static S2N_RESULT s2n_aead_cipher_aes128_gcm_set_encryption_key_tls13(struct s2n_session_key *key, struct s2n_blob *in) { - POSIX_ENSURE_REF(key); - POSIX_ENSURE_REF(in); + RESULT_ENSURE_REF(key); + RESULT_ENSURE_REF(in); - POSIX_ENSURE_EQ(in->size, S2N_TLS_AES_128_GCM_KEY_LEN); + RESULT_ENSURE_EQ(in->size, S2N_TLS_AES_128_GCM_KEY_LEN); - POSIX_GUARD_OSSL(EVP_AEAD_CTX_init(key->evp_aead_ctx, EVP_aead_aes_128_gcm_tls13(), in->data, in->size, S2N_TLS_GCM_TAG_LEN, NULL), S2N_ERR_KEY_INIT); + RESULT_GUARD_OSSL(EVP_AEAD_CTX_init(key->evp_aead_ctx, EVP_aead_aes_128_gcm_tls13(), in->data, in->size, S2N_TLS_GCM_TAG_LEN, NULL), S2N_ERR_KEY_INIT); - return S2N_SUCCESS; + return S2N_RESULT_OK; } -static int s2n_aead_cipher_aes256_gcm_set_encryption_key_tls13(struct s2n_session_key *key, struct s2n_blob *in) +static S2N_RESULT s2n_aead_cipher_aes256_gcm_set_encryption_key_tls13(struct s2n_session_key *key, struct s2n_blob *in) { - POSIX_ENSURE_REF(key); - POSIX_ENSURE_REF(in); + RESULT_ENSURE_REF(key); + RESULT_ENSURE_REF(in); - POSIX_ENSURE_EQ(in->size, S2N_TLS_AES_256_GCM_KEY_LEN); + RESULT_ENSURE_EQ(in->size, S2N_TLS_AES_256_GCM_KEY_LEN); - POSIX_GUARD_OSSL(EVP_AEAD_CTX_init(key->evp_aead_ctx, EVP_aead_aes_256_gcm_tls13(), in->data, in->size, S2N_TLS_GCM_TAG_LEN, NULL), S2N_ERR_KEY_INIT); + RESULT_GUARD_OSSL(EVP_AEAD_CTX_init(key->evp_aead_ctx, EVP_aead_aes_256_gcm_tls13(), in->data, in->size, S2N_TLS_GCM_TAG_LEN, NULL), S2N_ERR_KEY_INIT); - return S2N_SUCCESS; + return S2N_RESULT_OK; } -static int s2n_aead_cipher_aes128_gcm_set_decryption_key_tls13(struct s2n_session_key *key, struct s2n_blob *in) +static S2N_RESULT s2n_aead_cipher_aes128_gcm_set_decryption_key_tls13(struct s2n_session_key *key, struct s2n_blob *in) { - POSIX_ENSURE_REF(key); - POSIX_ENSURE_REF(in); + RESULT_ENSURE_REF(key); + RESULT_ENSURE_REF(in); - POSIX_ENSURE_EQ(in->size, S2N_TLS_AES_128_GCM_KEY_LEN); + RESULT_ENSURE_EQ(in->size, S2N_TLS_AES_128_GCM_KEY_LEN); - POSIX_GUARD_OSSL(EVP_AEAD_CTX_init(key->evp_aead_ctx, EVP_aead_aes_128_gcm_tls13(), in->data, in->size, S2N_TLS_GCM_TAG_LEN, NULL), S2N_ERR_KEY_INIT); + RESULT_GUARD_OSSL(EVP_AEAD_CTX_init(key->evp_aead_ctx, EVP_aead_aes_128_gcm_tls13(), in->data, in->size, S2N_TLS_GCM_TAG_LEN, NULL), S2N_ERR_KEY_INIT); - return S2N_SUCCESS; + return S2N_RESULT_OK; } -static int s2n_aead_cipher_aes256_gcm_set_decryption_key_tls13(struct s2n_session_key *key, struct s2n_blob *in) +static S2N_RESULT s2n_aead_cipher_aes256_gcm_set_decryption_key_tls13(struct s2n_session_key *key, struct s2n_blob *in) { - POSIX_ENSURE_REF(key); - POSIX_ENSURE_REF(in); + RESULT_ENSURE_REF(key); + RESULT_ENSURE_REF(in); - POSIX_ENSURE_EQ(in->size, S2N_TLS_AES_256_GCM_KEY_LEN); + RESULT_ENSURE_EQ(in->size, S2N_TLS_AES_256_GCM_KEY_LEN); - POSIX_GUARD_OSSL(EVP_AEAD_CTX_init(key->evp_aead_ctx, EVP_aead_aes_256_gcm_tls13(), in->data, in->size, S2N_TLS_GCM_TAG_LEN, NULL), S2N_ERR_KEY_INIT); + RESULT_GUARD_OSSL(EVP_AEAD_CTX_init(key->evp_aead_ctx, EVP_aead_aes_256_gcm_tls13(), in->data, in->size, S2N_TLS_GCM_TAG_LEN, NULL), S2N_ERR_KEY_INIT); - return S2N_SUCCESS; + return S2N_RESULT_OK; } static int s2n_aead_cipher_aes_gcm_init(struct s2n_session_key *key) @@ -277,84 +277,84 @@ static int s2n_aead_cipher_aes_gcm_decrypt(struct s2n_session_key *key, struct s return S2N_SUCCESS; } -static int s2n_aead_cipher_aes128_gcm_set_encryption_key(struct s2n_session_key *key, struct s2n_blob *in) +static S2N_RESULT s2n_aead_cipher_aes128_gcm_set_encryption_key(struct s2n_session_key *key, struct s2n_blob *in) { - POSIX_ENSURE_EQ(in->size, S2N_TLS_AES_128_GCM_KEY_LEN); + RESULT_ENSURE_EQ(in->size, S2N_TLS_AES_128_GCM_KEY_LEN); - POSIX_GUARD_OSSL(EVP_EncryptInit_ex(key->evp_cipher_ctx, EVP_aes_128_gcm(), NULL, NULL, NULL), S2N_ERR_KEY_INIT); + RESULT_GUARD_OSSL(EVP_EncryptInit_ex(key->evp_cipher_ctx, EVP_aes_128_gcm(), NULL, NULL, NULL), S2N_ERR_KEY_INIT); EVP_CIPHER_CTX_ctrl(key->evp_cipher_ctx, EVP_CTRL_GCM_SET_IVLEN, S2N_TLS_GCM_IV_LEN, NULL); - POSIX_GUARD_OSSL(EVP_EncryptInit_ex(key->evp_cipher_ctx, NULL, NULL, in->data, NULL), S2N_ERR_KEY_INIT); + RESULT_GUARD_OSSL(EVP_EncryptInit_ex(key->evp_cipher_ctx, NULL, NULL, in->data, NULL), S2N_ERR_KEY_INIT); - return S2N_SUCCESS; + return S2N_RESULT_OK; } -static int s2n_aead_cipher_aes256_gcm_set_encryption_key(struct s2n_session_key *key, struct s2n_blob *in) +static S2N_RESULT s2n_aead_cipher_aes256_gcm_set_encryption_key(struct s2n_session_key *key, struct s2n_blob *in) { - POSIX_ENSURE_EQ(in->size, S2N_TLS_AES_256_GCM_KEY_LEN); + RESULT_ENSURE_EQ(in->size, S2N_TLS_AES_256_GCM_KEY_LEN); - POSIX_GUARD_OSSL(EVP_EncryptInit_ex(key->evp_cipher_ctx, EVP_aes_256_gcm(), NULL, NULL, NULL), S2N_ERR_KEY_INIT); + RESULT_GUARD_OSSL(EVP_EncryptInit_ex(key->evp_cipher_ctx, EVP_aes_256_gcm(), NULL, NULL, NULL), S2N_ERR_KEY_INIT); EVP_CIPHER_CTX_ctrl(key->evp_cipher_ctx, EVP_CTRL_GCM_SET_IVLEN, S2N_TLS_GCM_IV_LEN, NULL); - POSIX_GUARD_OSSL(EVP_EncryptInit_ex(key->evp_cipher_ctx, NULL, NULL, in->data, NULL), S2N_ERR_KEY_INIT); + RESULT_GUARD_OSSL(EVP_EncryptInit_ex(key->evp_cipher_ctx, NULL, NULL, in->data, NULL), S2N_ERR_KEY_INIT); - return S2N_SUCCESS; + return S2N_RESULT_OK; } -static int s2n_aead_cipher_aes128_gcm_set_decryption_key(struct s2n_session_key *key, struct s2n_blob *in) +static S2N_RESULT s2n_aead_cipher_aes128_gcm_set_decryption_key(struct s2n_session_key *key, struct s2n_blob *in) { - POSIX_ENSURE_EQ(in->size, S2N_TLS_AES_128_GCM_KEY_LEN); + RESULT_ENSURE_EQ(in->size, S2N_TLS_AES_128_GCM_KEY_LEN); - POSIX_GUARD_OSSL(EVP_DecryptInit_ex(key->evp_cipher_ctx, EVP_aes_128_gcm(), NULL, NULL, NULL), S2N_ERR_KEY_INIT); + RESULT_GUARD_OSSL(EVP_DecryptInit_ex(key->evp_cipher_ctx, EVP_aes_128_gcm(), NULL, NULL, NULL), S2N_ERR_KEY_INIT); EVP_CIPHER_CTX_ctrl(key->evp_cipher_ctx, EVP_CTRL_GCM_SET_IVLEN, S2N_TLS_GCM_IV_LEN, NULL); - POSIX_GUARD_OSSL(EVP_DecryptInit_ex(key->evp_cipher_ctx, NULL, NULL, in->data, NULL), S2N_ERR_KEY_INIT); + RESULT_GUARD_OSSL(EVP_DecryptInit_ex(key->evp_cipher_ctx, NULL, NULL, in->data, NULL), S2N_ERR_KEY_INIT); - return S2N_SUCCESS; + return S2N_RESULT_OK; } -static int s2n_aead_cipher_aes256_gcm_set_decryption_key(struct s2n_session_key *key, struct s2n_blob *in) +static S2N_RESULT s2n_aead_cipher_aes256_gcm_set_decryption_key(struct s2n_session_key *key, struct s2n_blob *in) { - POSIX_ENSURE_EQ(in->size, S2N_TLS_AES_256_GCM_KEY_LEN); + RESULT_ENSURE_EQ(in->size, S2N_TLS_AES_256_GCM_KEY_LEN); - POSIX_GUARD_OSSL(EVP_DecryptInit_ex(key->evp_cipher_ctx, EVP_aes_256_gcm(), NULL, NULL, NULL), S2N_ERR_KEY_INIT); + RESULT_GUARD_OSSL(EVP_DecryptInit_ex(key->evp_cipher_ctx, EVP_aes_256_gcm(), NULL, NULL, NULL), S2N_ERR_KEY_INIT); EVP_CIPHER_CTX_ctrl(key->evp_cipher_ctx, EVP_CTRL_GCM_SET_IVLEN, S2N_TLS_GCM_IV_LEN, NULL); - POSIX_GUARD_OSSL(EVP_DecryptInit_ex(key->evp_cipher_ctx, NULL, NULL, in->data, NULL), S2N_ERR_KEY_INIT); + RESULT_GUARD_OSSL(EVP_DecryptInit_ex(key->evp_cipher_ctx, NULL, NULL, in->data, NULL), S2N_ERR_KEY_INIT); - return S2N_SUCCESS; + return S2N_RESULT_OK; } -static int s2n_aead_cipher_aes128_gcm_set_encryption_key_tls13(struct s2n_session_key *key, struct s2n_blob *in) +static S2N_RESULT s2n_aead_cipher_aes128_gcm_set_encryption_key_tls13(struct s2n_session_key *key, struct s2n_blob *in) { - POSIX_GUARD(s2n_aead_cipher_aes128_gcm_set_encryption_key(key, in)); + RESULT_GUARD(s2n_aead_cipher_aes128_gcm_set_encryption_key(key, in)); - return S2N_SUCCESS; + return S2N_RESULT_OK; } -static int s2n_aead_cipher_aes256_gcm_set_encryption_key_tls13(struct s2n_session_key *key, struct s2n_blob *in) +static S2N_RESULT s2n_aead_cipher_aes256_gcm_set_encryption_key_tls13(struct s2n_session_key *key, struct s2n_blob *in) { - POSIX_GUARD(s2n_aead_cipher_aes256_gcm_set_encryption_key(key, in)); + RESULT_GUARD(s2n_aead_cipher_aes256_gcm_set_encryption_key(key, in)); - return S2N_SUCCESS; + return S2N_RESULT_OK; } -static int s2n_aead_cipher_aes128_gcm_set_decryption_key_tls13(struct s2n_session_key *key, struct s2n_blob *in) +static S2N_RESULT s2n_aead_cipher_aes128_gcm_set_decryption_key_tls13(struct s2n_session_key *key, struct s2n_blob *in) { - POSIX_GUARD(s2n_aead_cipher_aes128_gcm_set_decryption_key(key, in)); + RESULT_GUARD(s2n_aead_cipher_aes128_gcm_set_decryption_key(key, in)); - return S2N_SUCCESS; + return S2N_RESULT_OK; } -static int s2n_aead_cipher_aes256_gcm_set_decryption_key_tls13(struct s2n_session_key *key, struct s2n_blob *in) +static S2N_RESULT s2n_aead_cipher_aes256_gcm_set_decryption_key_tls13(struct s2n_session_key *key, struct s2n_blob *in) { - POSIX_GUARD(s2n_aead_cipher_aes256_gcm_set_decryption_key(key, in)); + RESULT_GUARD(s2n_aead_cipher_aes256_gcm_set_decryption_key(key, in)); - return S2N_SUCCESS; + return S2N_RESULT_OK; } static int s2n_aead_cipher_aes_gcm_init(struct s2n_session_key *key) diff --git a/crypto/s2n_aead_cipher_chacha20_poly1305.c b/crypto/s2n_aead_cipher_chacha20_poly1305.c index 55f12908f12..2b3d99e56b8 100644 --- a/crypto/s2n_aead_cipher_chacha20_poly1305.c +++ b/crypto/s2n_aead_cipher_chacha20_poly1305.c @@ -117,30 +117,30 @@ static int s2n_aead_chacha20_poly1305_decrypt(struct s2n_session_key *key, struc return 0; } -static int s2n_aead_chacha20_poly1305_set_encryption_key(struct s2n_session_key *key, struct s2n_blob *in) +static S2N_RESULT s2n_aead_chacha20_poly1305_set_encryption_key(struct s2n_session_key *key, struct s2n_blob *in) { - POSIX_ENSURE_EQ(in->size, S2N_TLS_CHACHA20_POLY1305_KEY_LEN); + RESULT_ENSURE_EQ(in->size, S2N_TLS_CHACHA20_POLY1305_KEY_LEN); - POSIX_GUARD_OSSL(EVP_EncryptInit_ex(key->evp_cipher_ctx, EVP_chacha20_poly1305(), NULL, NULL, NULL), S2N_ERR_KEY_INIT); + RESULT_GUARD_OSSL(EVP_EncryptInit_ex(key->evp_cipher_ctx, EVP_chacha20_poly1305(), NULL, NULL, NULL), S2N_ERR_KEY_INIT); EVP_CIPHER_CTX_ctrl(key->evp_cipher_ctx, EVP_CTRL_AEAD_SET_IVLEN, S2N_TLS_CHACHA20_POLY1305_IV_LEN, NULL); - POSIX_GUARD_OSSL(EVP_EncryptInit_ex(key->evp_cipher_ctx, NULL, NULL, in->data, NULL), S2N_ERR_KEY_INIT); + RESULT_GUARD_OSSL(EVP_EncryptInit_ex(key->evp_cipher_ctx, NULL, NULL, in->data, NULL), S2N_ERR_KEY_INIT); - return 0; + return S2N_RESULT_OK; } -static int s2n_aead_chacha20_poly1305_set_decryption_key(struct s2n_session_key *key, struct s2n_blob *in) +static S2N_RESULT s2n_aead_chacha20_poly1305_set_decryption_key(struct s2n_session_key *key, struct s2n_blob *in) { - POSIX_ENSURE_EQ(in->size, S2N_TLS_CHACHA20_POLY1305_KEY_LEN); + RESULT_ENSURE_EQ(in->size, S2N_TLS_CHACHA20_POLY1305_KEY_LEN); - POSIX_GUARD_OSSL(EVP_DecryptInit_ex(key->evp_cipher_ctx, EVP_chacha20_poly1305(), NULL, NULL, NULL), S2N_ERR_KEY_INIT); + RESULT_GUARD_OSSL(EVP_DecryptInit_ex(key->evp_cipher_ctx, EVP_chacha20_poly1305(), NULL, NULL, NULL), S2N_ERR_KEY_INIT); EVP_CIPHER_CTX_ctrl(key->evp_cipher_ctx, EVP_CTRL_AEAD_SET_IVLEN, S2N_TLS_CHACHA20_POLY1305_IV_LEN, NULL); - POSIX_GUARD_OSSL(EVP_DecryptInit_ex(key->evp_cipher_ctx, NULL, NULL, in->data, NULL), S2N_ERR_KEY_INIT); + RESULT_GUARD_OSSL(EVP_DecryptInit_ex(key->evp_cipher_ctx, NULL, NULL, in->data, NULL), S2N_ERR_KEY_INIT); - return 0; + return S2N_RESULT_OK; } static int s2n_aead_chacha20_poly1305_init(struct s2n_session_key *key) @@ -194,22 +194,22 @@ static int s2n_aead_chacha20_poly1305_decrypt(struct s2n_session_key *key, struc return 0; } -static int s2n_aead_chacha20_poly1305_set_encryption_key(struct s2n_session_key *key, struct s2n_blob *in) +static S2N_RESULT s2n_aead_chacha20_poly1305_set_encryption_key(struct s2n_session_key *key, struct s2n_blob *in) { - POSIX_ENSURE_EQ(in->size, S2N_TLS_CHACHA20_POLY1305_KEY_LEN); + RESULT_ENSURE_EQ(in->size, S2N_TLS_CHACHA20_POLY1305_KEY_LEN); - POSIX_GUARD_OSSL(EVP_AEAD_CTX_init(key->evp_aead_ctx, EVP_aead_chacha20_poly1305(), in->data, in->size, S2N_TLS_CHACHA20_POLY1305_TAG_LEN, NULL), S2N_ERR_KEY_INIT); + RESULT_GUARD_OSSL(EVP_AEAD_CTX_init(key->evp_aead_ctx, EVP_aead_chacha20_poly1305(), in->data, in->size, S2N_TLS_CHACHA20_POLY1305_TAG_LEN, NULL), S2N_ERR_KEY_INIT); - return 0; + return S2N_RESULT_OK; } -static int s2n_aead_chacha20_poly1305_set_decryption_key(struct s2n_session_key *key, struct s2n_blob *in) +static S2N_RESULT s2n_aead_chacha20_poly1305_set_decryption_key(struct s2n_session_key *key, struct s2n_blob *in) { - POSIX_ENSURE_EQ(in->size, S2N_TLS_CHACHA20_POLY1305_KEY_LEN); + RESULT_ENSURE_EQ(in->size, S2N_TLS_CHACHA20_POLY1305_KEY_LEN); - POSIX_GUARD_OSSL(EVP_AEAD_CTX_init(key->evp_aead_ctx, EVP_aead_chacha20_poly1305(), in->data, in->size, S2N_TLS_CHACHA20_POLY1305_TAG_LEN, NULL), S2N_ERR_KEY_INIT); + RESULT_GUARD_OSSL(EVP_AEAD_CTX_init(key->evp_aead_ctx, EVP_aead_chacha20_poly1305(), in->data, in->size, S2N_TLS_CHACHA20_POLY1305_TAG_LEN, NULL), S2N_ERR_KEY_INIT); - return 0; + return S2N_RESULT_OK; } static int s2n_aead_chacha20_poly1305_init(struct s2n_session_key *key) @@ -238,14 +238,14 @@ static int s2n_aead_chacha20_poly1305_decrypt(struct s2n_session_key *key, struc POSIX_BAIL(S2N_ERR_DECRYPT); } -static int s2n_aead_chacha20_poly1305_set_encryption_key(struct s2n_session_key *key, struct s2n_blob *in) +static S2N_RESULT s2n_aead_chacha20_poly1305_set_encryption_key(struct s2n_session_key *key, struct s2n_blob *in) { - POSIX_BAIL(S2N_ERR_KEY_INIT); + RESULT_BAIL(S2N_ERR_KEY_INIT); } -static int s2n_aead_chacha20_poly1305_set_decryption_key(struct s2n_session_key *key, struct s2n_blob *in) +static S2N_RESULT s2n_aead_chacha20_poly1305_set_decryption_key(struct s2n_session_key *key, struct s2n_blob *in) { - POSIX_BAIL(S2N_ERR_KEY_INIT); + RESULT_BAIL(S2N_ERR_KEY_INIT); } static int s2n_aead_chacha20_poly1305_init(struct s2n_session_key *key) diff --git a/crypto/s2n_cbc_cipher_3des.c b/crypto/s2n_cbc_cipher_3des.c index c2460efe9ab..6ae65607614 100644 --- a/crypto/s2n_cbc_cipher_3des.c +++ b/crypto/s2n_cbc_cipher_3des.c @@ -54,24 +54,24 @@ static int s2n_cbc_cipher_3des_decrypt(struct s2n_session_key *key, struct s2n_b return 0; } -static int s2n_cbc_cipher_3des_set_decryption_key(struct s2n_session_key *key, struct s2n_blob *in) +static S2N_RESULT s2n_cbc_cipher_3des_set_decryption_key(struct s2n_session_key *key, struct s2n_blob *in) { - POSIX_ENSURE_EQ(in->size, 192 / 8); + RESULT_ENSURE_EQ(in->size, 192 / 8); EVP_CIPHER_CTX_set_padding(key->evp_cipher_ctx, 0); - POSIX_GUARD_OSSL(EVP_DecryptInit_ex(key->evp_cipher_ctx, EVP_des_ede3_cbc(), NULL, in->data, NULL), S2N_ERR_KEY_INIT); + RESULT_GUARD_OSSL(EVP_DecryptInit_ex(key->evp_cipher_ctx, EVP_des_ede3_cbc(), NULL, in->data, NULL), S2N_ERR_KEY_INIT); - return 0; + return S2N_RESULT_OK; } -static int s2n_cbc_cipher_3des_set_encryption_key(struct s2n_session_key *key, struct s2n_blob *in) +static S2N_RESULT s2n_cbc_cipher_3des_set_encryption_key(struct s2n_session_key *key, struct s2n_blob *in) { - POSIX_ENSURE_EQ(in->size, 192 / 8); + RESULT_ENSURE_EQ(in->size, 192 / 8); EVP_CIPHER_CTX_set_padding(key->evp_cipher_ctx, 0); - POSIX_GUARD_OSSL(EVP_EncryptInit_ex(key->evp_cipher_ctx, EVP_des_ede3_cbc(), NULL, in->data, NULL), S2N_ERR_KEY_INIT); + RESULT_GUARD_OSSL(EVP_EncryptInit_ex(key->evp_cipher_ctx, EVP_des_ede3_cbc(), NULL, in->data, NULL), S2N_ERR_KEY_INIT); - return 0; + return S2N_RESULT_OK; } static int s2n_cbc_cipher_3des_init(struct s2n_session_key *key) diff --git a/crypto/s2n_cbc_cipher_aes.c b/crypto/s2n_cbc_cipher_aes.c index da09a118734..f422fb9a2c6 100644 --- a/crypto/s2n_cbc_cipher_aes.c +++ b/crypto/s2n_cbc_cipher_aes.c @@ -59,45 +59,45 @@ int s2n_cbc_cipher_aes_decrypt(struct s2n_session_key *key, struct s2n_blob *iv, return 0; } -int s2n_cbc_cipher_aes128_set_decryption_key(struct s2n_session_key *key, struct s2n_blob *in) +S2N_RESULT s2n_cbc_cipher_aes128_set_decryption_key(struct s2n_session_key *key, struct s2n_blob *in) { - POSIX_ENSURE_EQ(in->size, 128 / 8); + RESULT_ENSURE_EQ(in->size, 128 / 8); /* Always returns 1 */ EVP_CIPHER_CTX_set_padding(key->evp_cipher_ctx, 0); - POSIX_GUARD_OSSL(EVP_DecryptInit_ex(key->evp_cipher_ctx, EVP_aes_128_cbc(), NULL, in->data, NULL), S2N_ERR_KEY_INIT); + RESULT_GUARD_OSSL(EVP_DecryptInit_ex(key->evp_cipher_ctx, EVP_aes_128_cbc(), NULL, in->data, NULL), S2N_ERR_KEY_INIT); - return 0; + return S2N_RESULT_OK; } -static int s2n_cbc_cipher_aes128_set_encryption_key(struct s2n_session_key *key, struct s2n_blob *in) +static S2N_RESULT s2n_cbc_cipher_aes128_set_encryption_key(struct s2n_session_key *key, struct s2n_blob *in) { - POSIX_ENSURE_EQ(in->size, 128 / 8); + RESULT_ENSURE_EQ(in->size, 128 / 8); EVP_CIPHER_CTX_set_padding(key->evp_cipher_ctx, 0); - POSIX_GUARD_OSSL(EVP_EncryptInit_ex(key->evp_cipher_ctx, EVP_aes_128_cbc(), NULL, in->data, NULL), S2N_ERR_KEY_INIT); + RESULT_GUARD_OSSL(EVP_EncryptInit_ex(key->evp_cipher_ctx, EVP_aes_128_cbc(), NULL, in->data, NULL), S2N_ERR_KEY_INIT); - return 0; + return S2N_RESULT_OK; } -static int s2n_cbc_cipher_aes256_set_decryption_key(struct s2n_session_key *key, struct s2n_blob *in) +static S2N_RESULT s2n_cbc_cipher_aes256_set_decryption_key(struct s2n_session_key *key, struct s2n_blob *in) { - POSIX_ENSURE_EQ(in->size, 256 / 8); + RESULT_ENSURE_EQ(in->size, 256 / 8); EVP_CIPHER_CTX_set_padding(key->evp_cipher_ctx, 0); - POSIX_GUARD_OSSL(EVP_DecryptInit_ex(key->evp_cipher_ctx, EVP_aes_256_cbc(), NULL, in->data, NULL), S2N_ERR_KEY_INIT); + RESULT_GUARD_OSSL(EVP_DecryptInit_ex(key->evp_cipher_ctx, EVP_aes_256_cbc(), NULL, in->data, NULL), S2N_ERR_KEY_INIT); - return 0; + return S2N_RESULT_OK; } -int s2n_cbc_cipher_aes256_set_encryption_key(struct s2n_session_key *key, struct s2n_blob *in) +S2N_RESULT s2n_cbc_cipher_aes256_set_encryption_key(struct s2n_session_key *key, struct s2n_blob *in) { - POSIX_ENSURE_EQ(in->size, 256 / 8); + RESULT_ENSURE_EQ(in->size, 256 / 8); EVP_CIPHER_CTX_set_padding(key->evp_cipher_ctx, 0); - POSIX_GUARD_OSSL(EVP_EncryptInit_ex(key->evp_cipher_ctx, EVP_aes_256_cbc(), NULL, in->data, NULL), S2N_ERR_KEY_INIT); + RESULT_GUARD_OSSL(EVP_EncryptInit_ex(key->evp_cipher_ctx, EVP_aes_256_cbc(), NULL, in->data, NULL), S2N_ERR_KEY_INIT); - return 0; + return S2N_RESULT_OK; } static int s2n_cbc_cipher_aes_init(struct s2n_session_key *key) diff --git a/crypto/s2n_cipher.h b/crypto/s2n_cipher.h index 47c724ea637..f0dc1f6f27f 100644 --- a/crypto/s2n_cipher.h +++ b/crypto/s2n_cipher.h @@ -84,8 +84,8 @@ struct s2n_cipher { uint8_t key_material_size; uint8_t (*is_available)(void); int (*init)(struct s2n_session_key *key); - int (*set_decryption_key)(struct s2n_session_key *key, struct s2n_blob *in); - int (*set_encryption_key)(struct s2n_session_key *key, struct s2n_blob *in); + S2N_RESULT (*set_decryption_key)(struct s2n_session_key *key, struct s2n_blob *in); + S2N_RESULT (*set_encryption_key)(struct s2n_session_key *key, struct s2n_blob *in); int (*destroy_key)(struct s2n_session_key *key); S2N_RESULT (*set_ktls_info)(struct s2n_ktls_crypto_info_inputs *inputs, struct s2n_ktls_crypto_info *crypto_info); diff --git a/crypto/s2n_composite_cipher_aes_sha.c b/crypto/s2n_composite_cipher_aes_sha.c index 6db71912cef..befe394e75d 100644 --- a/crypto/s2n_composite_cipher_aes_sha.c +++ b/crypto/s2n_composite_cipher_aes_sha.c @@ -207,84 +207,84 @@ static int s2n_composite_cipher_aes_sha256_set_mac_write_key(struct s2n_session_ return 0; } -static int s2n_composite_cipher_aes128_sha_set_encryption_key(struct s2n_session_key *key, struct s2n_blob *in) +static S2N_RESULT s2n_composite_cipher_aes128_sha_set_encryption_key(struct s2n_session_key *key, struct s2n_blob *in) { - POSIX_ENSURE_EQ(in->size, 16); + RESULT_ENSURE_EQ(in->size, 16); EVP_CIPHER_CTX_set_padding(key->evp_cipher_ctx, 0); EVP_EncryptInit_ex(key->evp_cipher_ctx, s2n_evp_aes_128_cbc_hmac_sha1(), NULL, in->data, NULL); - return 0; + return S2N_RESULT_OK; } -static int s2n_composite_cipher_aes128_sha_set_decryption_key(struct s2n_session_key *key, struct s2n_blob *in) +static S2N_RESULT s2n_composite_cipher_aes128_sha_set_decryption_key(struct s2n_session_key *key, struct s2n_blob *in) { - POSIX_ENSURE_EQ(in->size, 16); + RESULT_ENSURE_EQ(in->size, 16); EVP_CIPHER_CTX_set_padding(key->evp_cipher_ctx, 0); EVP_DecryptInit_ex(key->evp_cipher_ctx, s2n_evp_aes_128_cbc_hmac_sha1(), NULL, in->data, NULL); - return 0; + return S2N_RESULT_OK; } -static int s2n_composite_cipher_aes256_sha_set_encryption_key(struct s2n_session_key *key, struct s2n_blob *in) +static S2N_RESULT s2n_composite_cipher_aes256_sha_set_encryption_key(struct s2n_session_key *key, struct s2n_blob *in) { - POSIX_ENSURE_EQ(in->size, 32); + RESULT_ENSURE_EQ(in->size, 32); EVP_CIPHER_CTX_set_padding(key->evp_cipher_ctx, 0); EVP_EncryptInit_ex(key->evp_cipher_ctx, s2n_evp_aes_256_cbc_hmac_sha1(), NULL, in->data, NULL); - return 0; + return S2N_RESULT_OK; } -static int s2n_composite_cipher_aes256_sha_set_decryption_key(struct s2n_session_key *key, struct s2n_blob *in) +static S2N_RESULT s2n_composite_cipher_aes256_sha_set_decryption_key(struct s2n_session_key *key, struct s2n_blob *in) { - POSIX_ENSURE_EQ(in->size, 32); + RESULT_ENSURE_EQ(in->size, 32); EVP_CIPHER_CTX_set_padding(key->evp_cipher_ctx, 0); EVP_DecryptInit_ex(key->evp_cipher_ctx, s2n_evp_aes_256_cbc_hmac_sha1(), NULL, in->data, NULL); - return 0; + return S2N_RESULT_OK; } -static int s2n_composite_cipher_aes128_sha256_set_encryption_key(struct s2n_session_key *key, struct s2n_blob *in) +static S2N_RESULT s2n_composite_cipher_aes128_sha256_set_encryption_key(struct s2n_session_key *key, struct s2n_blob *in) { - POSIX_ENSURE_EQ(in->size, 16); + RESULT_ENSURE_EQ(in->size, 16); EVP_CIPHER_CTX_set_padding(key->evp_cipher_ctx, 0); EVP_EncryptInit_ex(key->evp_cipher_ctx, s2n_evp_aes_128_cbc_hmac_sha256(), NULL, in->data, NULL); - return 0; + return S2N_RESULT_OK; } -static int s2n_composite_cipher_aes128_sha256_set_decryption_key(struct s2n_session_key *key, struct s2n_blob *in) +static S2N_RESULT s2n_composite_cipher_aes128_sha256_set_decryption_key(struct s2n_session_key *key, struct s2n_blob *in) { - POSIX_ENSURE_EQ(in->size, 16); + RESULT_ENSURE_EQ(in->size, 16); EVP_CIPHER_CTX_set_padding(key->evp_cipher_ctx, 0); EVP_DecryptInit_ex(key->evp_cipher_ctx, s2n_evp_aes_128_cbc_hmac_sha256(), NULL, in->data, NULL); - return 0; + return S2N_RESULT_OK; } -static int s2n_composite_cipher_aes256_sha256_set_encryption_key(struct s2n_session_key *key, struct s2n_blob *in) +static S2N_RESULT s2n_composite_cipher_aes256_sha256_set_encryption_key(struct s2n_session_key *key, struct s2n_blob *in) { - POSIX_ENSURE_EQ(in->size, 32); + RESULT_ENSURE_EQ(in->size, 32); EVP_CIPHER_CTX_set_padding(key->evp_cipher_ctx, 0); EVP_EncryptInit_ex(key->evp_cipher_ctx, s2n_evp_aes_256_cbc_hmac_sha256(), NULL, in->data, NULL); - return 0; + return S2N_RESULT_OK; } -static int s2n_composite_cipher_aes256_sha256_set_decryption_key(struct s2n_session_key *key, struct s2n_blob *in) +static S2N_RESULT s2n_composite_cipher_aes256_sha256_set_decryption_key(struct s2n_session_key *key, struct s2n_blob *in) { - POSIX_ENSURE_EQ(in->size, 32); + RESULT_ENSURE_EQ(in->size, 32); EVP_CIPHER_CTX_set_padding(key->evp_cipher_ctx, 0); EVP_DecryptInit_ex(key->evp_cipher_ctx, s2n_evp_aes_256_cbc_hmac_sha256(), NULL, in->data, NULL); - return 0; + return S2N_RESULT_OK; } static int s2n_composite_cipher_aes_sha_init(struct s2n_session_key *key) diff --git a/crypto/s2n_stream_cipher_null.c b/crypto/s2n_stream_cipher_null.c index 6550ed07cb9..2383d073d10 100644 --- a/crypto/s2n_stream_cipher_null.c +++ b/crypto/s2n_stream_cipher_null.c @@ -33,9 +33,9 @@ static int s2n_stream_cipher_null_endecrypt(struct s2n_session_key *key, struct return 0; } -static int s2n_stream_cipher_null_get_key(struct s2n_session_key *key, struct s2n_blob *in) +static S2N_RESULT s2n_stream_cipher_null_get_key(struct s2n_session_key *key, struct s2n_blob *in) { - return 0; + return S2N_RESULT_OK; } static int s2n_stream_cipher_null_destroy_key(struct s2n_session_key *key) diff --git a/crypto/s2n_stream_cipher_rc4.c b/crypto/s2n_stream_cipher_rc4.c index 30be7e6a432..2430f312d3f 100644 --- a/crypto/s2n_stream_cipher_rc4.c +++ b/crypto/s2n_stream_cipher_rc4.c @@ -71,20 +71,20 @@ static int s2n_stream_cipher_rc4_decrypt(struct s2n_session_key *key, struct s2n return 0; } -static int s2n_stream_cipher_rc4_set_encryption_key(struct s2n_session_key *key, struct s2n_blob *in) +static S2N_RESULT s2n_stream_cipher_rc4_set_encryption_key(struct s2n_session_key *key, struct s2n_blob *in) { - POSIX_ENSURE_EQ(in->size, 16); - POSIX_GUARD_OSSL(EVP_EncryptInit_ex(key->evp_cipher_ctx, s2n_evp_rc4(), NULL, in->data, NULL), S2N_ERR_KEY_INIT); + RESULT_ENSURE_EQ(in->size, 16); + RESULT_GUARD_OSSL(EVP_EncryptInit_ex(key->evp_cipher_ctx, s2n_evp_rc4(), NULL, in->data, NULL), S2N_ERR_KEY_INIT); - return S2N_SUCCESS; + return S2N_RESULT_OK; } -static int s2n_stream_cipher_rc4_set_decryption_key(struct s2n_session_key *key, struct s2n_blob *in) +static S2N_RESULT s2n_stream_cipher_rc4_set_decryption_key(struct s2n_session_key *key, struct s2n_blob *in) { - POSIX_ENSURE_EQ(in->size, 16); - POSIX_GUARD_OSSL(EVP_DecryptInit_ex(key->evp_cipher_ctx, s2n_evp_rc4(), NULL, in->data, NULL), S2N_ERR_KEY_INIT); + RESULT_ENSURE_EQ(in->size, 16); + RESULT_GUARD_OSSL(EVP_DecryptInit_ex(key->evp_cipher_ctx, s2n_evp_rc4(), NULL, in->data, NULL), S2N_ERR_KEY_INIT); - return S2N_SUCCESS; + return S2N_RESULT_OK; } static int s2n_stream_cipher_rc4_init(struct s2n_session_key *key) diff --git a/tests/testlib/s2n_connection_test_utils.c b/tests/testlib/s2n_connection_test_utils.c index 1da0b61e10c..cd8661e91db 100644 --- a/tests/testlib/s2n_connection_test_utils.c +++ b/tests/testlib/s2n_connection_test_utils.c @@ -297,13 +297,13 @@ S2N_RESULT s2n_connection_set_secrets(struct s2n_connection *conn) struct s2n_blob client_key = { 0 }; RESULT_GUARD_POSIX(s2n_blob_init(&client_key, client_key_bytes, cipher->key_material_size)); RESULT_GUARD_POSIX(cipher->init(&conn->secure->client_key)); - RESULT_GUARD_POSIX(cipher->set_encryption_key(&conn->secure->client_key, &client_key)); + RESULT_GUARD(cipher->set_encryption_key(&conn->secure->client_key, &client_key)); uint8_t server_key_bytes[S2N_TLS13_SECRET_MAX_LEN] = "server key"; struct s2n_blob server_key = { 0 }; RESULT_GUARD_POSIX(s2n_blob_init(&server_key, server_key_bytes, cipher->key_material_size)); RESULT_GUARD_POSIX(cipher->init(&conn->secure->server_key)); - RESULT_GUARD_POSIX(cipher->set_encryption_key(&conn->secure->server_key, &server_key)); + RESULT_GUARD(cipher->set_encryption_key(&conn->secure->server_key, &server_key)); conn->client = conn->secure; conn->server = conn->secure; diff --git a/tests/unit/s2n_3des_test.c b/tests/unit/s2n_3des_test.c index a7ccca4c904..6cf524e5475 100644 --- a/tests/unit/s2n_3des_test.c +++ b/tests/unit/s2n_3des_test.c @@ -52,8 +52,8 @@ int main(int argc, char **argv) conn->secure->cipher_suite->record_alg = &s2n_record_alg_3des_sha; EXPECT_SUCCESS(conn->secure->cipher_suite->record_alg->cipher->init(&conn->secure->server_key)); EXPECT_SUCCESS(conn->secure->cipher_suite->record_alg->cipher->init(&conn->secure->client_key)); - EXPECT_SUCCESS(conn->secure->cipher_suite->record_alg->cipher->set_encryption_key(&conn->secure->server_key, &des3)); - EXPECT_SUCCESS(conn->secure->cipher_suite->record_alg->cipher->set_decryption_key(&conn->secure->client_key, &des3)); + EXPECT_OK(conn->secure->cipher_suite->record_alg->cipher->set_encryption_key(&conn->secure->server_key, &des3)); + EXPECT_OK(conn->secure->cipher_suite->record_alg->cipher->set_decryption_key(&conn->secure->client_key, &des3)); EXPECT_SUCCESS(s2n_hmac_init(&conn->secure->client_record_mac, S2N_HMAC_SHA1, mac_key, sizeof(mac_key))); EXPECT_SUCCESS(s2n_hmac_init(&conn->secure->server_record_mac, S2N_HMAC_SHA1, mac_key, sizeof(mac_key))); conn->actual_protocol_version = S2N_TLS11; diff --git a/tests/unit/s2n_aead_aes_test.c b/tests/unit/s2n_aead_aes_test.c index ad2347f9a2d..bb005d3bf3f 100644 --- a/tests/unit/s2n_aead_aes_test.c +++ b/tests/unit/s2n_aead_aes_test.c @@ -39,8 +39,8 @@ static int setup_server_keys(struct s2n_connection *server_conn, struct s2n_blob { POSIX_GUARD(server_conn->initial->cipher_suite->record_alg->cipher->init(&server_conn->initial->server_key)); POSIX_GUARD(server_conn->initial->cipher_suite->record_alg->cipher->init(&server_conn->initial->client_key)); - POSIX_GUARD(server_conn->initial->cipher_suite->record_alg->cipher->set_encryption_key(&server_conn->initial->server_key, key)); - POSIX_GUARD(server_conn->initial->cipher_suite->record_alg->cipher->set_decryption_key(&server_conn->initial->client_key, key)); + POSIX_GUARD_RESULT(server_conn->initial->cipher_suite->record_alg->cipher->set_encryption_key(&server_conn->initial->server_key, key)); + POSIX_GUARD_RESULT(server_conn->initial->cipher_suite->record_alg->cipher->set_decryption_key(&server_conn->initial->client_key, key)); return 0; } diff --git a/tests/unit/s2n_aead_chacha20_poly1305_test.c b/tests/unit/s2n_aead_chacha20_poly1305_test.c index 5f4aaf667cc..bf51b835066 100644 --- a/tests/unit/s2n_aead_chacha20_poly1305_test.c +++ b/tests/unit/s2n_aead_chacha20_poly1305_test.c @@ -40,8 +40,8 @@ static int setup_server_keys(struct s2n_connection *server_conn, struct s2n_blob { POSIX_GUARD(server_conn->initial->cipher_suite->record_alg->cipher->init(&server_conn->initial->server_key)); POSIX_GUARD(server_conn->initial->cipher_suite->record_alg->cipher->init(&server_conn->initial->client_key)); - POSIX_GUARD(server_conn->initial->cipher_suite->record_alg->cipher->set_encryption_key(&server_conn->initial->server_key, key)); - POSIX_GUARD(server_conn->initial->cipher_suite->record_alg->cipher->set_decryption_key(&server_conn->initial->client_key, key)); + POSIX_GUARD_RESULT(server_conn->initial->cipher_suite->record_alg->cipher->set_encryption_key(&server_conn->initial->server_key, key)); + POSIX_GUARD_RESULT(server_conn->initial->cipher_suite->record_alg->cipher->set_decryption_key(&server_conn->initial->client_key, key)); return 0; } diff --git a/tests/unit/s2n_aes_sha_composite_test.c b/tests/unit/s2n_aes_sha_composite_test.c index a8b8d5b6aaf..8e9aa720d18 100644 --- a/tests/unit/s2n_aes_sha_composite_test.c +++ b/tests/unit/s2n_aes_sha_composite_test.c @@ -97,8 +97,8 @@ int main(int argc, char **argv) EXPECT_SUCCESS(s2n_connection_wipe(conn)); - EXPECT_SUCCESS(conn->initial->cipher_suite->record_alg->cipher->set_encryption_key(&conn->initial->server_key, &aes128)); - EXPECT_SUCCESS(conn->initial->cipher_suite->record_alg->cipher->set_decryption_key(&conn->initial->client_key, &aes128)); + EXPECT_OK(conn->initial->cipher_suite->record_alg->cipher->set_encryption_key(&conn->initial->server_key, &aes128)); + EXPECT_OK(conn->initial->cipher_suite->record_alg->cipher->set_decryption_key(&conn->initial->client_key, &aes128)); EXPECT_SUCCESS(conn->initial->cipher_suite->record_alg->cipher->io.comp.set_mac_write_key(&conn->initial->server_key, mac_key_sha, sizeof(mac_key_sha))); EXPECT_SUCCESS(conn->initial->cipher_suite->record_alg->cipher->io.comp.set_mac_write_key(&conn->initial->client_key, mac_key_sha, sizeof(mac_key_sha))); @@ -173,8 +173,8 @@ int main(int argc, char **argv) EXPECT_SUCCESS(s2n_connection_wipe(conn)); - EXPECT_SUCCESS(conn->initial->cipher_suite->record_alg->cipher->set_encryption_key(&conn->initial->server_key, &aes256)); - EXPECT_SUCCESS(conn->initial->cipher_suite->record_alg->cipher->set_decryption_key(&conn->initial->client_key, &aes256)); + EXPECT_OK(conn->initial->cipher_suite->record_alg->cipher->set_encryption_key(&conn->initial->server_key, &aes256)); + EXPECT_OK(conn->initial->cipher_suite->record_alg->cipher->set_decryption_key(&conn->initial->client_key, &aes256)); EXPECT_SUCCESS(conn->initial->cipher_suite->record_alg->cipher->io.comp.set_mac_write_key(&conn->initial->server_key, mac_key_sha, sizeof(mac_key_sha))); EXPECT_SUCCESS(conn->initial->cipher_suite->record_alg->cipher->io.comp.set_mac_write_key(&conn->initial->client_key, mac_key_sha, sizeof(mac_key_sha))); @@ -249,8 +249,8 @@ int main(int argc, char **argv) EXPECT_SUCCESS(s2n_connection_wipe(conn)); - EXPECT_SUCCESS(conn->initial->cipher_suite->record_alg->cipher->set_encryption_key(&conn->initial->server_key, &aes128)); - EXPECT_SUCCESS(conn->initial->cipher_suite->record_alg->cipher->set_decryption_key(&conn->initial->client_key, &aes128)); + EXPECT_OK(conn->initial->cipher_suite->record_alg->cipher->set_encryption_key(&conn->initial->server_key, &aes128)); + EXPECT_OK(conn->initial->cipher_suite->record_alg->cipher->set_decryption_key(&conn->initial->client_key, &aes128)); EXPECT_SUCCESS(conn->initial->cipher_suite->record_alg->cipher->io.comp.set_mac_write_key(&conn->initial->server_key, mac_key_sha256, sizeof(mac_key_sha256))); EXPECT_SUCCESS(conn->initial->cipher_suite->record_alg->cipher->io.comp.set_mac_write_key(&conn->initial->client_key, mac_key_sha256, sizeof(mac_key_sha256))); @@ -325,8 +325,8 @@ int main(int argc, char **argv) EXPECT_SUCCESS(s2n_connection_wipe(conn)); - EXPECT_SUCCESS(conn->initial->cipher_suite->record_alg->cipher->set_encryption_key(&conn->initial->server_key, &aes256)); - EXPECT_SUCCESS(conn->initial->cipher_suite->record_alg->cipher->set_decryption_key(&conn->initial->client_key, &aes256)); + EXPECT_OK(conn->initial->cipher_suite->record_alg->cipher->set_encryption_key(&conn->initial->server_key, &aes256)); + EXPECT_OK(conn->initial->cipher_suite->record_alg->cipher->set_decryption_key(&conn->initial->client_key, &aes256)); EXPECT_SUCCESS(conn->initial->cipher_suite->record_alg->cipher->io.comp.set_mac_write_key(&conn->initial->server_key, mac_key_sha256, sizeof(mac_key_sha256))); EXPECT_SUCCESS(conn->initial->cipher_suite->record_alg->cipher->io.comp.set_mac_write_key(&conn->initial->client_key, mac_key_sha256, sizeof(mac_key_sha256))); diff --git a/tests/unit/s2n_aes_test.c b/tests/unit/s2n_aes_test.c index 9585fdf5de7..068af94032b 100644 --- a/tests/unit/s2n_aes_test.c +++ b/tests/unit/s2n_aes_test.c @@ -55,8 +55,8 @@ int main(int argc, char **argv) conn->secure->cipher_suite->record_alg = &s2n_record_alg_aes128_sha; EXPECT_SUCCESS(conn->secure->cipher_suite->record_alg->cipher->init(&conn->secure->server_key)); EXPECT_SUCCESS(conn->secure->cipher_suite->record_alg->cipher->init(&conn->secure->client_key)); - EXPECT_SUCCESS(conn->secure->cipher_suite->record_alg->cipher->set_encryption_key(&conn->secure->server_key, &aes128)); - EXPECT_SUCCESS(conn->secure->cipher_suite->record_alg->cipher->set_decryption_key(&conn->secure->client_key, &aes128)); + EXPECT_OK(conn->secure->cipher_suite->record_alg->cipher->set_encryption_key(&conn->secure->server_key, &aes128)); + EXPECT_OK(conn->secure->cipher_suite->record_alg->cipher->set_decryption_key(&conn->secure->client_key, &aes128)); EXPECT_SUCCESS(s2n_hmac_init(&conn->secure->client_record_mac, S2N_HMAC_SHA1, mac_key, sizeof(mac_key))); EXPECT_SUCCESS(s2n_hmac_init(&conn->secure->server_record_mac, S2N_HMAC_SHA1, mac_key, sizeof(mac_key))); conn->actual_protocol_version = S2N_TLS11; @@ -121,8 +121,8 @@ int main(int argc, char **argv) conn->secure->cipher_suite->record_alg = &s2n_record_alg_aes256_sha; EXPECT_SUCCESS(conn->secure->cipher_suite->record_alg->cipher->init(&conn->secure->server_key)); EXPECT_SUCCESS(conn->secure->cipher_suite->record_alg->cipher->init(&conn->secure->client_key)); - EXPECT_SUCCESS(conn->secure->cipher_suite->record_alg->cipher->set_encryption_key(&conn->secure->server_key, &aes256)); - EXPECT_SUCCESS(conn->secure->cipher_suite->record_alg->cipher->set_decryption_key(&conn->secure->client_key, &aes256)); + EXPECT_OK(conn->secure->cipher_suite->record_alg->cipher->set_encryption_key(&conn->secure->server_key, &aes256)); + EXPECT_OK(conn->secure->cipher_suite->record_alg->cipher->set_decryption_key(&conn->secure->client_key, &aes256)); EXPECT_SUCCESS(s2n_hmac_init(&conn->secure->client_record_mac, S2N_HMAC_SHA1, mac_key, sizeof(mac_key))); EXPECT_SUCCESS(s2n_hmac_init(&conn->secure->server_record_mac, S2N_HMAC_SHA1, mac_key, sizeof(mac_key))); conn->actual_protocol_version = S2N_TLS11; diff --git a/tests/unit/s2n_handshake_io_early_data_test.c b/tests/unit/s2n_handshake_io_early_data_test.c index 9bcc95c0997..3529bbbabda 100644 --- a/tests/unit/s2n_handshake_io_early_data_test.c +++ b/tests/unit/s2n_handshake_io_early_data_test.c @@ -64,7 +64,7 @@ int main(int argc, char **argv) server_conn->secure->cipher_suite = test_cipher_suite; POSIX_GUARD(server_conn->secure->cipher_suite->record_alg->cipher->init(&server_conn->secure->client_key)); - POSIX_GUARD(server_conn->secure->cipher_suite->record_alg->cipher->set_decryption_key(&server_conn->secure->client_key, &test_key)); + POSIX_GUARD_RESULT(server_conn->secure->cipher_suite->record_alg->cipher->set_decryption_key(&server_conn->secure->client_key, &test_key)); server_conn->client = server_conn->secure; DEFER_CLEANUP(struct s2n_stuffer io_stuffer = { 0 }, s2n_stuffer_free); @@ -108,7 +108,7 @@ int main(int argc, char **argv) client_conn->secure->cipher_suite = test_cipher_suite; POSIX_GUARD(client_conn->secure->cipher_suite->record_alg->cipher->init(&client_conn->secure->server_key)); - POSIX_GUARD(client_conn->secure->cipher_suite->record_alg->cipher->set_decryption_key(&client_conn->secure->server_key, &test_key)); + POSIX_GUARD_RESULT(client_conn->secure->cipher_suite->record_alg->cipher->set_decryption_key(&client_conn->secure->server_key, &test_key)); client_conn->server = client_conn->secure; DEFER_CLEANUP(struct s2n_stuffer io_stuffer = { 0 }, s2n_stuffer_free); diff --git a/tests/unit/s2n_rc4_test.c b/tests/unit/s2n_rc4_test.c index a1d42238ab9..d866acb2f6a 100644 --- a/tests/unit/s2n_rc4_test.c +++ b/tests/unit/s2n_rc4_test.c @@ -71,8 +71,8 @@ int main(int argc, char **argv) EXPECT_SUCCESS(conn->secure->cipher_suite->record_alg->cipher->init(&conn->secure->server_key)); EXPECT_SUCCESS(conn->secure->cipher_suite->record_alg->cipher->init(&conn->secure->client_key)); if (conn->secure->cipher_suite->record_alg->cipher->is_available()) { - EXPECT_SUCCESS(conn->secure->cipher_suite->record_alg->cipher->set_decryption_key(&conn->secure->client_key, &key_iv)); - EXPECT_SUCCESS(conn->secure->cipher_suite->record_alg->cipher->set_encryption_key(&conn->secure->server_key, &key_iv)); + EXPECT_OK(conn->secure->cipher_suite->record_alg->cipher->set_decryption_key(&conn->secure->client_key, &key_iv)); + EXPECT_OK(conn->secure->cipher_suite->record_alg->cipher->set_encryption_key(&conn->secure->server_key, &key_iv)); EXPECT_SUCCESS(s2n_hmac_init(&conn->secure->client_record_mac, S2N_HMAC_SHA1, mac_key, sizeof(mac_key))); EXPECT_SUCCESS(s2n_hmac_init(&conn->secure->server_record_mac, S2N_HMAC_SHA1, mac_key, sizeof(mac_key))); conn->actual_protocol_version = S2N_TLS11; @@ -129,8 +129,8 @@ int main(int argc, char **argv) EXPECT_SUCCESS(conn->secure->cipher_suite->record_alg->cipher->destroy_key(&conn->secure->server_key)); EXPECT_SUCCESS(conn->secure->cipher_suite->record_alg->cipher->destroy_key(&conn->secure->client_key)); } else { - EXPECT_FAILURE(conn->secure->cipher_suite->record_alg->cipher->set_decryption_key(&conn->secure->client_key, &key_iv)); - EXPECT_FAILURE(conn->secure->cipher_suite->record_alg->cipher->set_encryption_key(&conn->secure->server_key, &key_iv)); + EXPECT_ERROR_WITH_ERRNO(conn->secure->cipher_suite->record_alg->cipher->set_decryption_key(&conn->secure->client_key, &key_iv), S2N_ERR_KEY_INIT); + EXPECT_ERROR_WITH_ERRNO(conn->secure->cipher_suite->record_alg->cipher->set_encryption_key(&conn->secure->server_key, &key_iv), S2N_ERR_KEY_INIT); } EXPECT_SUCCESS(s2n_connection_free(conn)); END_TEST(); diff --git a/tests/unit/s2n_record_size_test.c b/tests/unit/s2n_record_size_test.c index cd144809cd7..b41cff8171c 100644 --- a/tests/unit/s2n_record_size_test.c +++ b/tests/unit/s2n_record_size_test.c @@ -48,8 +48,8 @@ static int setup_server_keys(struct s2n_connection *server_conn, struct s2n_blob { POSIX_GUARD(server_conn->initial->cipher_suite->record_alg->cipher->init(&server_conn->initial->server_key)); POSIX_GUARD(server_conn->initial->cipher_suite->record_alg->cipher->init(&server_conn->initial->client_key)); - POSIX_GUARD(server_conn->initial->cipher_suite->record_alg->cipher->set_encryption_key(&server_conn->initial->server_key, key)); - POSIX_GUARD(server_conn->initial->cipher_suite->record_alg->cipher->set_decryption_key(&server_conn->initial->client_key, key)); + POSIX_GUARD_RESULT(server_conn->initial->cipher_suite->record_alg->cipher->set_encryption_key(&server_conn->initial->server_key, key)); + POSIX_GUARD_RESULT(server_conn->initial->cipher_suite->record_alg->cipher->set_decryption_key(&server_conn->initial->client_key, key)); return S2N_SUCCESS; } @@ -84,8 +84,8 @@ int main(int argc, char **argv) conn->secure->cipher_suite->record_alg = &s2n_record_alg_aes128_sha; EXPECT_SUCCESS(conn->secure->cipher_suite->record_alg->cipher->init(&conn->secure->server_key)); EXPECT_SUCCESS(conn->secure->cipher_suite->record_alg->cipher->init(&conn->secure->client_key)); - EXPECT_SUCCESS(conn->secure->cipher_suite->record_alg->cipher->set_encryption_key(&conn->secure->server_key, &aes128)); - EXPECT_SUCCESS(conn->secure->cipher_suite->record_alg->cipher->set_decryption_key(&conn->secure->client_key, &aes128)); + EXPECT_OK(conn->secure->cipher_suite->record_alg->cipher->set_encryption_key(&conn->secure->server_key, &aes128)); + EXPECT_OK(conn->secure->cipher_suite->record_alg->cipher->set_decryption_key(&conn->secure->client_key, &aes128)); EXPECT_SUCCESS(s2n_hmac_init(&conn->secure->client_record_mac, S2N_HMAC_SHA1, mac_key, sizeof(mac_key))); EXPECT_SUCCESS(s2n_hmac_init(&conn->secure->server_record_mac, S2N_HMAC_SHA1, mac_key, sizeof(mac_key))); conn->actual_protocol_version = S2N_TLS11; @@ -254,8 +254,8 @@ int main(int argc, char **argv) server_conn->server = server_conn->secure; EXPECT_SUCCESS(server_conn->secure->cipher_suite->record_alg->cipher->init(&server_conn->secure->server_key)); EXPECT_SUCCESS(server_conn->secure->cipher_suite->record_alg->cipher->init(&server_conn->secure->client_key)); - EXPECT_SUCCESS(server_conn->secure->cipher_suite->record_alg->cipher->set_encryption_key(&server_conn->secure->server_key, &des3)); - EXPECT_SUCCESS(server_conn->secure->cipher_suite->record_alg->cipher->set_decryption_key(&server_conn->secure->client_key, &des3)); + EXPECT_OK(server_conn->secure->cipher_suite->record_alg->cipher->set_encryption_key(&server_conn->secure->server_key, &des3)); + EXPECT_OK(server_conn->secure->cipher_suite->record_alg->cipher->set_decryption_key(&server_conn->secure->client_key, &des3)); EXPECT_SUCCESS(s2n_hmac_init(&server_conn->secure->server_record_mac, S2N_HMAC_SHA1, mac_key, sizeof(mac_key))); EXPECT_OK(s2n_record_min_write_payload_size(server_conn, &size)); @@ -370,8 +370,8 @@ int main(int argc, char **argv) server_conn->initial->cipher_suite->record_alg = &s2n_record_alg_aes128_sha_composite; server_conn->actual_protocol_version = S2N_TLS11; uint8_t mac_key_sha[20] = "server key shaserve"; - EXPECT_SUCCESS(server_conn->initial->cipher_suite->record_alg->cipher->set_encryption_key(&server_conn->initial->server_key, &aes128)); - EXPECT_SUCCESS(server_conn->initial->cipher_suite->record_alg->cipher->set_decryption_key(&server_conn->initial->client_key, &aes128)); + EXPECT_OK(server_conn->initial->cipher_suite->record_alg->cipher->set_encryption_key(&server_conn->initial->server_key, &aes128)); + EXPECT_OK(server_conn->initial->cipher_suite->record_alg->cipher->set_decryption_key(&server_conn->initial->client_key, &aes128)); EXPECT_SUCCESS(server_conn->initial->cipher_suite->record_alg->cipher->io.comp.set_mac_write_key(&server_conn->initial->server_key, mac_key_sha, sizeof(mac_key_sha))); EXPECT_SUCCESS(server_conn->initial->cipher_suite->record_alg->cipher->io.comp.set_mac_write_key(&server_conn->initial->client_key, mac_key_sha, sizeof(mac_key_sha))); @@ -409,8 +409,8 @@ int main(int argc, char **argv) /* init record algorithm */ EXPECT_SUCCESS(cipher_suite->record_alg->cipher->init(session_key)); S2N_BLOB_FROM_HEX(key, "0123456789abcdef0123456789abcdef"); - EXPECT_SUCCESS(cipher_suite->record_alg->cipher->set_encryption_key(session_key, &key)); - EXPECT_SUCCESS(cipher_suite->record_alg->cipher->set_decryption_key(session_key, &key)); + EXPECT_OK(cipher_suite->record_alg->cipher->set_encryption_key(session_key, &key)); + EXPECT_OK(cipher_suite->record_alg->cipher->set_decryption_key(session_key, &key)); S2N_BLOB_FROM_HEX(iv, "0123456789abcdef01234567"); diff --git a/tests/unit/s2n_send_key_update_test.c b/tests/unit/s2n_send_key_update_test.c index 436356e52ca..97a3e8fbe9e 100644 --- a/tests/unit/s2n_send_key_update_test.c +++ b/tests/unit/s2n_send_key_update_test.c @@ -52,10 +52,10 @@ static int s2n_test_init_encryption(struct s2n_connection *conn) /* Initialize record algorithm */ POSIX_GUARD(cipher_suite->record_alg->cipher->init(server_session_key)); POSIX_GUARD(cipher_suite->record_alg->cipher->init(client_session_key)); - POSIX_GUARD(cipher_suite->record_alg->cipher->set_encryption_key(server_session_key, &key)); - POSIX_GUARD(cipher_suite->record_alg->cipher->set_encryption_key(client_session_key, &key)); - POSIX_GUARD(cipher_suite->record_alg->cipher->set_decryption_key(server_session_key, &key)); - POSIX_GUARD(cipher_suite->record_alg->cipher->set_decryption_key(client_session_key, &key)); + POSIX_GUARD_RESULT(cipher_suite->record_alg->cipher->set_encryption_key(server_session_key, &key)); + POSIX_GUARD_RESULT(cipher_suite->record_alg->cipher->set_encryption_key(client_session_key, &key)); + POSIX_GUARD_RESULT(cipher_suite->record_alg->cipher->set_decryption_key(server_session_key, &key)); + POSIX_GUARD_RESULT(cipher_suite->record_alg->cipher->set_decryption_key(client_session_key, &key)); /* Initialized secrets */ POSIX_CHECKED_MEMCPY(conn->secrets.version.tls13.server_app_secret, application_secret.data, application_secret.size); diff --git a/tests/unit/s2n_tls13_key_schedule_rfc8448_test.c b/tests/unit/s2n_tls13_key_schedule_rfc8448_test.c index 065dc1092fb..34e03aed097 100644 --- a/tests/unit/s2n_tls13_key_schedule_rfc8448_test.c +++ b/tests/unit/s2n_tls13_key_schedule_rfc8448_test.c @@ -25,21 +25,21 @@ const s2n_mode modes[] = { S2N_SERVER, S2N_CLIENT }; static uint8_t test_send_key[S2N_TLS_AES_256_GCM_KEY_LEN] = { 0 }; -static int s2n_test_set_send_key(struct s2n_session_key *key, struct s2n_blob *in) +static S2N_RESULT s2n_test_set_send_key(struct s2n_session_key *key, struct s2n_blob *in) { - POSIX_ENSURE_REF(key); - POSIX_ENSURE_REF(in); - POSIX_CHECKED_MEMCPY(test_send_key, in->data, in->size); - return S2N_SUCCESS; + RESULT_ENSURE_REF(key); + RESULT_ENSURE_REF(in); + RESULT_CHECKED_MEMCPY(test_send_key, in->data, in->size); + return S2N_RESULT_OK; } static uint8_t test_recv_key[S2N_TLS_AES_256_GCM_KEY_LEN] = { 0 }; -static int s2n_test_set_recv_key(struct s2n_session_key *key, struct s2n_blob *in) +static S2N_RESULT s2n_test_set_recv_key(struct s2n_session_key *key, struct s2n_blob *in) { - POSIX_ENSURE_REF(key); - POSIX_ENSURE_REF(in); - POSIX_CHECKED_MEMCPY(test_recv_key, in->data, in->size); - return S2N_SUCCESS; + RESULT_ENSURE_REF(key); + RESULT_ENSURE_REF(in); + RESULT_CHECKED_MEMCPY(test_recv_key, in->data, in->size); + return S2N_RESULT_OK; } #define EXPECT_IVS_EQUAL(conn, iv, iv_mode) \ diff --git a/tests/unit/s2n_tls13_record_aead_test.c b/tests/unit/s2n_tls13_record_aead_test.c index 572cff43bbf..914c63bb613 100644 --- a/tests/unit/s2n_tls13_record_aead_test.c +++ b/tests/unit/s2n_tls13_record_aead_test.c @@ -138,7 +138,7 @@ int main(int argc, char **argv) /* init record algorithm */ EXPECT_SUCCESS(cipher_suite->record_alg->cipher->init(&session_key)); S2N_BLOB_FROM_HEX(key, "3fce516009c21727d0f2e4e86ee403bc"); - EXPECT_SUCCESS(cipher_suite->record_alg->cipher->set_decryption_key(&session_key, &key)); + EXPECT_OK(cipher_suite->record_alg->cipher->set_decryption_key(&session_key, &key)); /* write protected record to conn in for testing */ S2N_BLOB_FROM_HEX(protected_record, protected_record_hex); @@ -224,7 +224,7 @@ int main(int argc, char **argv) /* init record algorithm */ EXPECT_SUCCESS(cipher_suite->record_alg->cipher->init(session_key)); S2N_BLOB_FROM_HEX(key, "3fce516009c21727d0f2e4e86ee403bc"); - EXPECT_SUCCESS(cipher_suite->record_alg->cipher->set_encryption_key(session_key, &key)); + EXPECT_OK(cipher_suite->record_alg->cipher->set_encryption_key(session_key, &key)); S2N_BLOB_FROM_HEX(protected_record, protected_record_hex); @@ -281,8 +281,8 @@ int main(int argc, char **argv) /* init record algorithm */ EXPECT_SUCCESS(cipher_suite->record_alg->cipher->init(session_key)); S2N_BLOB_FROM_HEX(key, "3fce516009c21727d0f2e4e86ee403bc"); - EXPECT_SUCCESS(cipher_suite->record_alg->cipher->set_encryption_key(session_key, &key)); - EXPECT_SUCCESS(cipher_suite->record_alg->cipher->set_decryption_key(session_key, &key)); + EXPECT_OK(cipher_suite->record_alg->cipher->set_encryption_key(session_key, &key)); + EXPECT_OK(cipher_suite->record_alg->cipher->set_decryption_key(session_key, &key)); S2N_BLOB_FROM_HEX(iv, "5d313eb2671276ee13000b30"); @@ -351,8 +351,8 @@ int main(int argc, char **argv) EXPECT_SUCCESS(cipher_suite->record_alg->cipher->init(&conn->secure->server_key)); EXPECT_SUCCESS(cipher_suite->record_alg->cipher->init(&conn->secure->client_key)); S2N_BLOB_FROM_HEX(key, "3fce516009c21727d0f2e4e86ee403bc"); - EXPECT_SUCCESS(cipher_suite->record_alg->cipher->set_encryption_key(&conn->secure->server_key, &key)); - EXPECT_SUCCESS(cipher_suite->record_alg->cipher->set_decryption_key(&conn->secure->client_key, &key)); + EXPECT_OK(cipher_suite->record_alg->cipher->set_encryption_key(&conn->secure->server_key, &key)); + EXPECT_OK(cipher_suite->record_alg->cipher->set_decryption_key(&conn->secure->client_key, &key)); S2N_BLOB_FROM_HEX(protected_record, protected_record_hex); S2N_BLOB_FROM_HEX(iv, "5d313eb2671276ee13000b30"); diff --git a/tls/s2n_prf.c b/tls/s2n_prf.c index 8ae6602d61f..6f676e4868c 100644 --- a/tls/s2n_prf.c +++ b/tls/s2n_prf.c @@ -967,9 +967,9 @@ static int s2n_prf_make_client_key(struct s2n_connection *conn, struct s2n_key_m POSIX_ENSURE_REF(cipher->set_decryption_key); if (conn->mode == S2N_CLIENT) { - POSIX_GUARD(cipher->set_encryption_key(&conn->secure->client_key, &key_material->client_key)); + POSIX_GUARD_RESULT(cipher->set_encryption_key(&conn->secure->client_key, &key_material->client_key)); } else { - POSIX_GUARD(cipher->set_decryption_key(&conn->secure->client_key, &key_material->client_key)); + POSIX_GUARD_RESULT(cipher->set_decryption_key(&conn->secure->client_key, &key_material->client_key)); } return 0; @@ -987,9 +987,9 @@ static int s2n_prf_make_server_key(struct s2n_connection *conn, struct s2n_key_m POSIX_ENSURE_REF(cipher->set_decryption_key); if (conn->mode == S2N_SERVER) { - POSIX_GUARD(cipher->set_encryption_key(&conn->secure->server_key, &key_material->server_key)); + POSIX_GUARD_RESULT(cipher->set_encryption_key(&conn->secure->server_key, &key_material->server_key)); } else { - POSIX_GUARD(cipher->set_decryption_key(&conn->secure->server_key, &key_material->server_key)); + POSIX_GUARD_RESULT(cipher->set_decryption_key(&conn->secure->server_key, &key_material->server_key)); } return 0; diff --git a/tls/s2n_resume.c b/tls/s2n_resume.c index 2c4ae497e60..9f41de4fef6 100644 --- a/tls/s2n_resume.c +++ b/tls/s2n_resume.c @@ -797,7 +797,7 @@ int s2n_encrypt_session_ticket(struct s2n_connection *conn, struct s2n_stuffer * POSIX_GUARD(s2n_blob_init(&aes_key_blob, key->aes_key, S2N_AES256_KEY_LEN)); POSIX_GUARD(s2n_session_key_alloc(&aes_ticket_key)); POSIX_GUARD(s2n_aes256_gcm.init(&aes_ticket_key)); - POSIX_GUARD(s2n_aes256_gcm.set_encryption_key(&aes_ticket_key, &aes_key_blob)); + POSIX_GUARD_RESULT(s2n_aes256_gcm.set_encryption_key(&aes_ticket_key, &aes_key_blob)); POSIX_GUARD(s2n_stuffer_init(&aad, &aad_blob)); POSIX_GUARD(s2n_stuffer_write_bytes(&aad, key->implicit_aad, S2N_TICKET_AAD_IMPLICIT_LEN)); @@ -852,7 +852,7 @@ int s2n_decrypt_session_ticket(struct s2n_connection *conn, struct s2n_stuffer * POSIX_GUARD(s2n_blob_init(&aes_key_blob, key->aes_key, S2N_AES256_KEY_LEN)); POSIX_GUARD(s2n_session_key_alloc(&aes_ticket_key)); POSIX_GUARD(s2n_aes256_gcm.init(&aes_ticket_key)); - POSIX_GUARD(s2n_aes256_gcm.set_decryption_key(&aes_ticket_key, &aes_key_blob)); + POSIX_GUARD_RESULT(s2n_aes256_gcm.set_decryption_key(&aes_ticket_key, &aes_key_blob)); POSIX_GUARD(s2n_stuffer_init(&aad, &aad_blob)); POSIX_GUARD(s2n_stuffer_write_bytes(&aad, key->implicit_aad, S2N_TICKET_AAD_IMPLICIT_LEN)); @@ -932,7 +932,7 @@ int s2n_decrypt_session_cache(struct s2n_connection *conn, struct s2n_stuffer *f POSIX_GUARD(s2n_blob_init(&aes_key_blob, key->aes_key, S2N_AES256_KEY_LEN)); POSIX_GUARD(s2n_session_key_alloc(&aes_ticket_key)); POSIX_GUARD(s2n_aes256_gcm.init(&aes_ticket_key)); - POSIX_GUARD(s2n_aes256_gcm.set_decryption_key(&aes_ticket_key, &aes_key_blob)); + POSIX_GUARD_RESULT(s2n_aes256_gcm.set_decryption_key(&aes_ticket_key, &aes_key_blob)); POSIX_GUARD(s2n_stuffer_init(&aad, &aad_blob)); POSIX_GUARD(s2n_stuffer_write_bytes(&aad, key->implicit_aad, S2N_TICKET_AAD_IMPLICIT_LEN)); diff --git a/tls/s2n_tls13_handshake.c b/tls/s2n_tls13_handshake.c index e22c4902426..27069ba9263 100644 --- a/tls/s2n_tls13_handshake.c +++ b/tls/s2n_tls13_handshake.c @@ -185,10 +185,10 @@ int s2n_update_application_traffic_keys(struct s2n_connection *conn, s2n_mode mo uint8_t *count = NULL; POSIX_GUARD(s2n_tls13_derive_traffic_keys(&keys, &app_secret_update, &app_key, &app_iv)); if (status == RECEIVING) { - POSIX_GUARD(conn->secure->cipher_suite->record_alg->cipher->set_decryption_key(old_key, &app_key)); + POSIX_GUARD_RESULT(conn->secure->cipher_suite->record_alg->cipher->set_decryption_key(old_key, &app_key)); count = &conn->recv_key_updated; } else { - POSIX_GUARD(conn->secure->cipher_suite->record_alg->cipher->set_encryption_key(old_key, &app_key)); + POSIX_GUARD_RESULT(conn->secure->cipher_suite->record_alg->cipher->set_encryption_key(old_key, &app_key)); count = &conn->send_key_updated; } diff --git a/tls/s2n_tls13_key_schedule.c b/tls/s2n_tls13_key_schedule.c index 3062e60ff5d..b1691e7b133 100644 --- a/tls/s2n_tls13_key_schedule.c +++ b/tls/s2n_tls13_key_schedule.c @@ -150,9 +150,9 @@ S2N_RESULT s2n_tls13_key_schedule_set_key(struct s2n_connection *conn, s2n_extra bool is_sending_secret = (mode == conn->mode); if (is_sending_secret) { - RESULT_GUARD_POSIX(cipher->set_encryption_key(session_key, &key)); + RESULT_GUARD(cipher->set_encryption_key(session_key, &key)); } else { - RESULT_GUARD_POSIX(cipher->set_decryption_key(session_key, &key)); + RESULT_GUARD(cipher->set_decryption_key(session_key, &key)); } /**