eden-emu/mbedtls
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Handle and return translated PSA errors in ssl_cookie.c

Browse source 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
This commit is contained in:
Neil Armstrong 2022-03-21 12:05:51 +01:00
parent 2d5e343c75
commit 79daea25db
1 changed files with 47 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

73
library/ssl_cookie.c
View file

@ -193,6 +193,7 @@ int mbedtls_ssl_cookie_write( void *p_ctx,
{ {
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
size_t sign_mac_length = 0; size_t sign_mac_length = 0;
#endif #endif
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -214,26 +215,33 @@ int mbedtls_ssl_cookie_write( void *p_ctx,
*p += 4; *p += 4;
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
if( psa_mac_sign_setup( &operation, ctx->psa_hmac, status = psa_mac_sign_setup( &operation, ctx->psa_hmac,
ctx->psa_hmac_alg ) != PSA_SUCCESS ) { ctx->psa_hmac_alg );
ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; if( status != PSA_SUCCESS )
{
ret = psa_ssl_status_to_mbedtls( status );
goto exit; goto exit;
} }
if( psa_mac_update( &operation, *p - 4, 4 ) != PSA_SUCCESS ) { status = psa_mac_update( &operation, *p - 4, 4 );
ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; if( status != PSA_SUCCESS )
{
ret = psa_ssl_status_to_mbedtls( status );
goto exit; goto exit;
} }
if( psa_mac_update( &operation, cli_id, status = psa_mac_update( &operation, cli_id, cli_id_len );
cli_id_len ) != PSA_SUCCESS ) { if( status != PSA_SUCCESS )
ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; {
ret = psa_ssl_status_to_mbedtls( status );
goto exit; goto exit;
} }
if( psa_mac_sign_finish( &operation, *p, COOKIE_MD_OUTLEN, status = psa_mac_sign_finish( &operation, *p, COOKIE_MD_OUTLEN,
&sign_mac_length ) != PSA_SUCCESS ) { &sign_mac_length );
ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; if( status != PSA_SUCCESS )
{
ret = psa_ssl_status_to_mbedtls( status );
goto exit; goto exit;
} }
@ -258,8 +266,9 @@ int mbedtls_ssl_cookie_write( void *p_ctx,
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
exit: exit:
if( psa_mac_abort( &operation ) != PSA_SUCCESS ) status = psa_mac_abort( &operation );
ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; if( status != PSA_SUCCESS )
ret = psa_ssl_status_to_mbedtls( status );
#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_USE_PSA_CRYPTO */
return( ret ); return( ret );
} }
@ -273,6 +282,7 @@ int mbedtls_ssl_cookie_check( void *p_ctx,
{ {
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT; psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
#else #else
unsigned char ref_hmac[COOKIE_HMAC_LEN]; unsigned char ref_hmac[COOKIE_HMAC_LEN];
unsigned char *p = ref_hmac; unsigned char *p = ref_hmac;
@ -288,28 +298,38 @@ int mbedtls_ssl_cookie_check( void *p_ctx,
return( -1 ); return( -1 );
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
if( psa_mac_verify_setup( &operation, ctx->psa_hmac, status = psa_mac_verify_setup( &operation, ctx->psa_hmac,
ctx->psa_hmac_alg ) != PSA_SUCCESS ) { ctx->psa_hmac_alg );
ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; if( status != PSA_SUCCESS )
{
ret = psa_ssl_status_to_mbedtls( status );
goto exit; goto exit;
} }
if( psa_mac_update( &operation, cookie, 4 ) != PSA_SUCCESS ) { status = psa_mac_update( &operation, cookie, 4 );
ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; if( status != PSA_SUCCESS )
{
ret = psa_ssl_status_to_mbedtls( status );
goto exit; goto exit;
} }
if( psa_mac_update( &operation, cli_id, status = psa_mac_update( &operation, cli_id,
cli_id_len ) != PSA_SUCCESS ) { cli_id_len );
ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; if( status != PSA_SUCCESS )
{
ret = psa_ssl_status_to_mbedtls( status );
goto exit; goto exit;
} }
if( psa_mac_verify_finish( &operation, cookie + 4, status = psa_mac_verify_finish( &operation, cookie + 4,
COOKIE_HMAC_LEN ) != PSA_SUCCESS ) { COOKIE_HMAC_LEN );
ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; if( status != PSA_SUCCESS )
{
ret = psa_ssl_status_to_mbedtls( status );
goto exit; goto exit;
} }
ret = 0;
#else #else
#if defined(MBEDTLS_THREADING_C) #if defined(MBEDTLS_THREADING_C)
if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 ) if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
@ -358,8 +378,9 @@ int mbedtls_ssl_cookie_check( void *p_ctx,
exit: exit:
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)
if( psa_mac_abort( &operation ) != PSA_SUCCESS ) status = psa_mac_abort( &operation );
ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR; if( status != PSA_SUCCESS )
ret = psa_ssl_status_to_mbedtls( status );
#else #else
mbedtls_platform_zeroize( ref_hmac, sizeof( ref_hmac ) ); mbedtls_platform_zeroize( ref_hmac, sizeof( ref_hmac ) );
#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_USE_PSA_CRYPTO */