lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-08-07 06:42:56 +03:00
Code Activity

Update cipher and mac functions to abort on error

Browse Source 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
This commit is contained in:
Dave Rodgman
2021-06-23 11:38:39 +01:00
parent 647791da5b
commit 38e62aebc3
1 changed files with 56 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

80
library/psa_crypto.c
View File

@@ -2365,19 +2365,27 @@ psa_status_t psa_mac_sign_finish( psa_mac_operation_t *operation,
* unachievable MAC. */ * unachievable MAC. */
*mac_length = mac_size; *mac_length = mac_size;
if( operation->id == 0 ) if( operation->id == 0 ) {
return( PSA_ERROR_BAD_STATE ); status = PSA_ERROR_BAD_STATE;
goto cleanup;
}
if( ! operation->is_sign ) if( ! operation->is_sign ) {
return( PSA_ERROR_BAD_STATE ); status = PSA_ERROR_BAD_STATE;
goto cleanup;
}
/* Sanity check. This will guarantee that mac_size != 0 (and so mac != NULL) /* Sanity check. This will guarantee that mac_size != 0 (and so mac != NULL)
* once all the error checks are done. */ * once all the error checks are done. */
if( operation->mac_size == 0 ) if( operation->mac_size == 0 ) {
return( PSA_ERROR_BAD_STATE ); status = PSA_ERROR_BAD_STATE;
goto cleanup;
}
if( mac_size < operation->mac_size ) if( mac_size < operation->mac_size ) {
return( PSA_ERROR_BUFFER_TOO_SMALL ); status = PSA_ERROR_BUFFER_TOO_SMALL;
goto cleanup;
}
status = psa_driver_wrapper_mac_sign_finish( operation, status = psa_driver_wrapper_mac_sign_finish( operation,
mac, operation->mac_size, mac, operation->mac_size,
@@ -2399,6 +2407,7 @@ psa_status_t psa_mac_sign_finish( psa_mac_operation_t *operation,
memset( &mac[operation->mac_size], '!', memset( &mac[operation->mac_size], '!',
mac_size - operation->mac_size ); mac_size - operation->mac_size );
cleanup:
abort_status = psa_mac_abort( operation ); abort_status = psa_mac_abort( operation );
return( status == PSA_SUCCESS ? abort_status : status ); return( status == PSA_SUCCESS ? abort_status : status );
@@ -2411,11 +2420,15 @@ psa_status_t psa_mac_verify_finish( psa_mac_operation_t *operation,
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t abort_status = PSA_ERROR_CORRUPTION_DETECTED;
if( operation->id == 0 ) if( operation->id == 0 ) {
return( PSA_ERROR_BAD_STATE ); status = PSA_ERROR_BAD_STATE;
goto cleanup;
}
if( operation->is_sign ) if( operation->is_sign ) {
return( PSA_ERROR_BAD_STATE ); status = PSA_ERROR_BAD_STATE;
goto cleanup;
}
if( operation->mac_size != mac_length ) if( operation->mac_size != mac_length )
{ {
@@ -3257,12 +3270,14 @@ psa_status_t psa_cipher_generate_iv( psa_cipher_operation_t *operation,
if( operation->id == 0 ) if( operation->id == 0 )
{ {
return( PSA_ERROR_BAD_STATE ); status = PSA_ERROR_BAD_STATE;
goto exit;
} }
if( operation->iv_set || ! operation->iv_required ) if( operation->iv_set || ! operation->iv_required )
{ {
return( PSA_ERROR_BAD_STATE ); status = PSA_ERROR_BAD_STATE;
goto exit;
} }
if( iv_size < operation->default_iv_length ) if( iv_size < operation->default_iv_length )
@@ -3297,19 +3312,26 @@ psa_status_t psa_cipher_set_iv( psa_cipher_operation_t *operation,
{ {
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
if( operation->id == 0 ) if( operation->id == 0 ) {
return( PSA_ERROR_BAD_STATE ); status = PSA_ERROR_BAD_STATE;
goto exit;
}
if( operation->iv_set || ! operation->iv_required ) if( operation->iv_set || ! operation->iv_required ) {
return( PSA_ERROR_BAD_STATE ); status = PSA_ERROR_BAD_STATE;
goto exit;
}
if( iv_length > PSA_CIPHER_IV_MAX_SIZE ) if( iv_length > PSA_CIPHER_IV_MAX_SIZE ) {
return( PSA_ERROR_INVALID_ARGUMENT ); status = PSA_ERROR_INVALID_ARGUMENT;
goto exit;
}
status = psa_driver_wrapper_cipher_set_iv( operation, status = psa_driver_wrapper_cipher_set_iv( operation,
iv, iv,
iv_length ); iv_length );
exit:
if( status == PSA_SUCCESS ) if( status == PSA_SUCCESS )
operation->iv_set = 1; operation->iv_set = 1;
else else
@@ -3328,11 +3350,14 @@ psa_status_t psa_cipher_update( psa_cipher_operation_t *operation,
if( operation->id == 0 ) if( operation->id == 0 )
{ {
return( PSA_ERROR_BAD_STATE ); status = PSA_ERROR_BAD_STATE;
goto exit;
} }
if( operation->iv_required && ! operation->iv_set ) if( operation->iv_required && ! operation->iv_set )
{ {
return( PSA_ERROR_BAD_STATE ); status = PSA_ERROR_BAD_STATE;
goto exit;
} }
status = psa_driver_wrapper_cipher_update( operation, status = psa_driver_wrapper_cipher_update( operation,
@@ -3341,6 +3366,8 @@ psa_status_t psa_cipher_update( psa_cipher_operation_t *operation,
output, output,
output_size, output_size,
output_length ); output_length );
exit:
if( status != PSA_SUCCESS ) if( status != PSA_SUCCESS )
psa_cipher_abort( operation ); psa_cipher_abort( operation );
@@ -3356,17 +3383,22 @@ psa_status_t psa_cipher_finish( psa_cipher_operation_t *operation,
if( operation->id == 0 ) if( operation->id == 0 )
{ {
return( PSA_ERROR_BAD_STATE ); status = PSA_ERROR_BAD_STATE;
goto exit;
} }
if( operation->iv_required && ! operation->iv_set ) if( operation->iv_required && ! operation->iv_set )
{ {
return( PSA_ERROR_BAD_STATE ); status = PSA_ERROR_BAD_STATE;
goto exit;
} }
status = psa_driver_wrapper_cipher_finish( operation, status = psa_driver_wrapper_cipher_finish( operation,
output, output,
output_size, output_size,
output_length ); output_length );
exit:
if( status == PSA_SUCCESS ) if( status == PSA_SUCCESS )
return( psa_cipher_abort( operation ) ); return( psa_cipher_abort( operation ) );
else else