7820a574f1
Declare all AES and DES functions that return int as needing to have their result checked, and do check the result in our code. A DES or AES block operation can fail in alternative implementations of mbedtls_internal_aes_encrypt() (under MBEDTLS_AES_ENCRYPT_ALT), mbedtls_internal_aes_decrypt() (under MBEDTLS_AES_DECRYPT_ALT), mbedtls_des_crypt_ecb() (under MBEDTLS_DES_CRYPT_ECB_ALT), mbedtls_des3_crypt_ecb() (under MBEDTLS_DES3_CRYPT_ECB_ALT). A failure can happen if the accelerator peripheral is in a bad state. Several block modes were not catching the error. This commit does the following code changes, grouped together to avoid having an intermediate commit where the build fails: * Add MBEDTLS_CHECK_RETURN to all functions returning int in aes.h and des.h. * Fix all places where this causes a GCC warning, indicating that our code was not properly checking the result of an AES operation: * In library code: on failure, goto exit and return ret. * In pkey programs: goto exit. * In the benchmark program: exit (not ideal since there's no error message, but it's what the code currently does for failures). * In test code: TEST_ASSERT. * Changelog entry. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com> |
||
---|---|---|
.. | ||
CMakeLists.txt | ||
dh_client.c | ||
dh_genprime.c | ||
dh_prime.txt | ||
dh_server.c | ||
ecdh_curve25519.c | ||
ecdsa.c | ||
gen_key.c | ||
key_app.c | ||
key_app_writer.c | ||
mpi_demo.c | ||
pk_decrypt.c | ||
pk_encrypt.c | ||
pk_sign.c | ||
pk_verify.c | ||
rsa_decrypt.c | ||
rsa_encrypt.c | ||
rsa_genkey.c | ||
rsa_priv.txt | ||
rsa_pub.txt | ||
rsa_sign.c | ||
rsa_sign_pss.c | ||
rsa_verify.c | ||
rsa_verify_pss.c |