lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-08-08 17:42:09 +03:00
Code Activity

Return an error if asking for decrypt under BLOCK_CIPHER_NO_DECRYPT

Browse Source 
If MBEDTLS_BLOCK_CIPHER_NO_DECRYPT is enabled, but decryption is
still requested in some incompatible modes, we return an error of
FEATURE_UNAVAILABLE as additional indication.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
This commit is contained in:
Yanray Wang
2023-11-02 11:54:39 +08:00
parent 956aa00202
commit 0d76b6ef76
6 changed files with 37 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
library/cipher.c
View File

@@ -319,6 +319,17 @@ int mbedtls_cipher_setkey(mbedtls_cipher_context_t *ctx,
if (ctx->cipher_info == NULL) {
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
}
#if defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
/* CBC, XTS, KW and KWP mode always need decryption, return an error to
* indicate those modes are not available under
* MBEDTLS_BLOCK_CIPHER_NO_DECRYPT. */
if (MBEDTLS_MODE_CBC == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode) ||
MBEDTLS_MODE_XTS == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode) ||
MBEDTLS_MODE_KW == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode) ||
MBEDTLS_MODE_KWP == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode)) {
return MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
}
#endif
#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_DEPRECATED_REMOVED)
if (ctx->psa_enabled == 1) {
@@ -402,12 +413,14 @@ int mbedtls_cipher_setkey(mbedtls_cipher_context_t *ctx,
return mbedtls_cipher_get_base(ctx->cipher_info)->setkey_dec_func(ctx->cipher_ctx, key,
ctx->key_bitlen);
}
#else
if (operation == MBEDTLS_ENCRYPT || operation == MBEDTLS_DECRYPT) {
return mbedtls_cipher_get_base(ctx->cipher_info)->setkey_enc_func(ctx->cipher_ctx, key,
ctx->key_bitlen);
}
#endif
return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
#else
return mbedtls_cipher_get_base(ctx->cipher_info)->setkey_enc_func(ctx->cipher_ctx, key,
ctx->key_bitlen);
#endif
}
int mbedtls_cipher_set_iv(mbedtls_cipher_context_t *ctx,