mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-29 22:20:30 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

ssl_msg.c: add debug code for psa failures

Browse Source 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
This commit is contained in:
Przemyslaw Stekiel 2022-02-03 09:54:34 +01:00
parent d66387f8fa
commit 6b2eedd25f
1 changed files with 68 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

87
library/ssl_msg.c
View File

@ -775,10 +775,8 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
ssl_transform_aead_dynamic_iv_is_explicit( transform );
#if defined(MBEDTLS_USE_PSA_CRYPTO)
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
#else
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
#endif /* MBEDTLS_USE_PSA_CRYPTO */
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
/* Check that there's space for the authentication tag. */
if( post_avail < transform->taglen )
@ -840,7 +838,12 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
&rec->data_len );
if( status != PSA_SUCCESS )
return( psa_ssl_status_to_mbedtls( status ) );
{
ret = psa_ssl_status_to_mbedtls( status );
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_encrypt_buf", ret );
return( ret );
}
#else
if( ( ret = mbedtls_cipher_auth_encrypt_ext( &transform->cipher_ctx_enc,
iv, transform->ivlen,
@ -954,26 +957,45 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
transform->psa_key_enc, transform->psa_alg );
if( status != PSA_SUCCESS )
return( psa_ssl_status_to_mbedtls( status ) );
{
ret = psa_ssl_status_to_mbedtls( status );
MBEDTLS_SSL_DEBUG_RET( 1, "psa_aead_encrypt", ret );
return( ret );
}
status = psa_cipher_set_iv( &cipher_op, transform->iv_enc, transform->ivlen );
if( status != PSA_SUCCESS )
return( psa_ssl_status_to_mbedtls( status ) );
{
ret = psa_ssl_status_to_mbedtls( status );
MBEDTLS_SSL_DEBUG_RET( 1, "psa_aead_encrypt", ret );
return( ret );
}
status = psa_cipher_update( &cipher_op,
data, rec->data_len,
data, rec->data_len, &olen );
if( status != PSA_SUCCESS )
return( psa_ssl_status_to_mbedtls( status ) );
{
ret = psa_ssl_status_to_mbedtls( status );
MBEDTLS_SSL_DEBUG_RET( 1, "psa_aead_encrypt", ret );
return( ret );
}
status = psa_cipher_finish( &cipher_op,
data + olen, rec->data_len - olen,
&part_len );
if( status != PSA_SUCCESS )
return( psa_ssl_status_to_mbedtls( status ) );
{
ret = psa_ssl_status_to_mbedtls( status );
MBEDTLS_SSL_DEBUG_RET( 1, "psa_aead_encrypt", ret );
return( ret );
}
olen += part_len;
#else
@ -1081,12 +1103,14 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
mbedtls_record *rec )
{
size_t olen;
#if !defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_cipher_mode_t mode;
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
int ret;
#endif
#else
mbedtls_cipher_mode_t mode;
int ret;
#endif /* MBEDTLS_USE_PSA_CRYPTO */
int auth_done = 0;
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
size_t padlen = 0, correct = 1;
@ -1264,7 +1288,12 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
&olen );
if( status != PSA_SUCCESS )
return( psa_ssl_status_to_mbedtls( status ) );
{
ret = psa_ssl_status_to_mbedtls( status );
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_decrypt_buf", ret );
return( ret );
}
#else
if( ( ret = mbedtls_cipher_auth_decrypt_ext( &transform->cipher_ctx_dec,
iv, transform->ivlen,
@ -1451,26 +1480,46 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl,
transform->psa_key_dec, transform->psa_alg );
if( status != PSA_SUCCESS )
return( psa_ssl_status_to_mbedtls( status ) );
{
ret = psa_ssl_status_to_mbedtls( status );
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_decrypt_buf", ret );
return( ret );
}
status = psa_cipher_set_iv( &cipher_op, transform->iv_dec, transform->ivlen );
if( status != PSA_SUCCESS )
return( psa_ssl_status_to_mbedtls( status ) );
{
ret = psa_ssl_status_to_mbedtls( status );
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_decrypt_buf", ret );
return( ret );
}
status = psa_cipher_update( &cipher_op,
data, rec->data_len,
data, rec->data_len, &olen );
if( status != PSA_SUCCESS )
return( psa_ssl_status_to_mbedtls( status ) );
{
ret = psa_ssl_status_to_mbedtls( status );
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_decrypt_buf", ret );
return( ret );
}
status = psa_cipher_finish( &cipher_op,
data + olen, rec->data_len - olen,
&part_len );
if( status != PSA_SUCCESS )
return( psa_ssl_status_to_mbedtls( status ) );
{
ret = psa_ssl_status_to_mbedtls( status );
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_decrypt_buf", ret );
return( ret );
}
olen += part_len;
#else
@ -5066,7 +5115,7 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl )
}
else
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Unsupported psa_alg spotted in mbedtls_ssl_get_record_expansion()" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
#else