eden-emu/mbedtls
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #5072 from mprse/issue_5065

Browse source 
Use switch statement instead if-else in psa_aead_check_nonce_length() and psa_aead_set_lengths(). Fixes #5065
This commit is contained in:
Gilles Peskine 2021-10-18 17:51:50 +02:00 committed by GitHub
commit bf21c07923
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 65 additions and 48 deletions
Download patch file Download diff file Expand all files Collapse all files

3
ChangeLog.d/issue5065.txt Normal file
View file

@ -0,0 +1,3 @@
Bugfix
* Fix compile-time or run-time errors in PSA
AEAD functions when ChachaPoly is disabled. Fixes #5065.

97
library/psa_crypto.c
View file

@ -3621,34 +3621,35 @@ static psa_status_t psa_aead_check_nonce_length( psa_algorithm_t alg,
{ {
psa_algorithm_t base_alg = psa_aead_get_base_algorithm( alg ); psa_algorithm_t base_alg = psa_aead_get_base_algorithm( alg );
#if defined(PSA_WANT_ALG_GCM) switch(base_alg)
if( base_alg == PSA_ALG_GCM )
{ {
/* Not checking max nonce size here as GCM spec allows almost #if defined(PSA_WANT_ALG_GCM)
* arbitrarily large nonces. Please note that we do not generally case PSA_ALG_GCM:
* recommend the usage of nonces of greater length than /* Not checking max nonce size here as GCM spec allows almost
* PSA_AEAD_NONCE_MAX_SIZE, as large nonces are hashed to a shorter * arbitrarily large nonces. Please note that we do not generally
* size, which can then lead to collisions if you encrypt a very * recommend the usage of nonces of greater length than
* large number of messages.*/ * PSA_AEAD_NONCE_MAX_SIZE, as large nonces are hashed to a shorter
if( nonce_length != 0 ) * size, which can then lead to collisions if you encrypt a very
return( PSA_SUCCESS ); * large number of messages.*/
} if( nonce_length != 0 )
return( PSA_SUCCESS );
break;
#endif /* PSA_WANT_ALG_GCM */ #endif /* PSA_WANT_ALG_GCM */
#if defined(PSA_WANT_ALG_CCM) #if defined(PSA_WANT_ALG_CCM)
if( base_alg == PSA_ALG_CCM ) case PSA_ALG_CCM:
{ if( nonce_length >= 7 && nonce_length <= 13 )
if( nonce_length >= 7 && nonce_length <= 13 ) return( PSA_SUCCESS );
return( PSA_SUCCESS ); break;
}
else
#endif /* PSA_WANT_ALG_CCM */ #endif /* PSA_WANT_ALG_CCM */
#if defined(PSA_WANT_ALG_CHACHA20_POLY1305) #if defined(PSA_WANT_ALG_CHACHA20_POLY1305)
if( base_alg == PSA_ALG_CHACHA20_POLY1305 ) case PSA_ALG_CHACHA20_POLY1305:
{ if( nonce_length == 12 )
if( nonce_length == 12 ) return( PSA_SUCCESS );
return( PSA_SUCCESS ); break;
}
#endif /* PSA_WANT_ALG_CHACHA20_POLY1305 */ #endif /* PSA_WANT_ALG_CHACHA20_POLY1305 */
default:
break;
}
return( PSA_ERROR_NOT_SUPPORTED ); return( PSA_ERROR_NOT_SUPPORTED );
} }
@ -3950,40 +3951,40 @@ psa_status_t psa_aead_set_lengths( psa_aead_operation_t *operation,
goto exit; goto exit;
} }
#if defined(PSA_WANT_ALG_GCM) switch(operation->alg)
if( operation->alg == PSA_ALG_GCM )
{ {
/* Lengths can only be too large for GCM if size_t is bigger than 32 #if defined(PSA_WANT_ALG_GCM)
* bits. Without the guard this code will generate warnings on 32bit case PSA_ALG_GCM:
* builds. */ /* Lengths can only be too large for GCM if size_t is bigger than 32
* bits. Without the guard this code will generate warnings on 32bit
* builds. */
#if SIZE_MAX > UINT32_MAX #if SIZE_MAX > UINT32_MAX
if( (( uint64_t ) ad_length ) >> 61 != 0 || if( (( uint64_t ) ad_length ) >> 61 != 0 ||
(( uint64_t ) plaintext_length ) > 0xFFFFFFFE0ull ) (( uint64_t ) plaintext_length ) > 0xFFFFFFFE0ull )
{ {
status = PSA_ERROR_INVALID_ARGUMENT; status = PSA_ERROR_INVALID_ARGUMENT;
goto exit; goto exit;
} }
#endif #endif
} break;
else
#endif /* PSA_WANT_ALG_GCM */ #endif /* PSA_WANT_ALG_GCM */
#if defined(PSA_WANT_ALG_CCM) #if defined(PSA_WANT_ALG_CCM)
if( operation->alg == PSA_ALG_CCM ) case PSA_ALG_CCM:
{ if( ad_length > 0xFF00 )
if( ad_length > 0xFF00 ) {
{ status = PSA_ERROR_INVALID_ARGUMENT;
status = PSA_ERROR_INVALID_ARGUMENT; goto exit;
goto exit; }
} break;
}
else
#endif /* PSA_WANT_ALG_CCM */ #endif /* PSA_WANT_ALG_CCM */
#if defined(PSA_WANT_ALG_CHACHA20_POLY1305) #if defined(PSA_WANT_ALG_CHACHA20_POLY1305)
if( operation->alg == PSA_ALG_CHACHA20_POLY1305 ) case PSA_ALG_CHACHA20_POLY1305:
{ /* No length restrictions for ChaChaPoly. */
/* No length restrictions for ChaChaPoly. */ break;
}
#endif /* PSA_WANT_ALG_CHACHA20_POLY1305 */ #endif /* PSA_WANT_ALG_CHACHA20_POLY1305 */
default:
break;
}
status = psa_driver_wrapper_aead_set_lengths( operation, ad_length, status = psa_driver_wrapper_aead_set_lengths( operation, ad_length,
plaintext_length ); plaintext_length );

13
tests/scripts/all.sh
View file

@ -1596,6 +1596,19 @@ component_test_psa_crypto_config_no_driver() {
make test make test
} }
component_test_psa_crypto_config_chachapoly_disabled() {
# full minus MBEDTLS_CHACHAPOLY_C without PSA_WANT_ALG_GCM and PSA_WANT_ALG_CHACHA20_POLY1305
msg "build: full minus MBEDTLS_CHACHAPOLY_C without PSA_WANT_ALG_GCM and PSA_WANT_ALG_CHACHA20_POLY1305"
scripts/config.py full
scripts/config.py unset MBEDTLS_CHACHAPOLY_C
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_GCM
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_CHACHA20_POLY1305
make CC=gcc CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS"
msg "test: full minus MBEDTLS_CHACHAPOLY_C without PSA_WANT_ALG_GCM and PSA_WANT_ALG_CHACHA20_POLY1305"
make test
}
# This should be renamed to test and updated once the accelerator ECDSA code is in place and ready to test. # This should be renamed to test and updated once the accelerator ECDSA code is in place and ready to test.
component_build_psa_accel_alg_ecdsa() { component_build_psa_accel_alg_ecdsa() {
# full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_ECDSA # full plus MBEDTLS_PSA_CRYPTO_CONFIG with PSA_WANT_ALG_ECDSA