mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-01-28 00:35:21 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Improve state logic

Browse Source 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
This commit is contained in:
Paul Elliott 2021-05-21 17:41:41 +01:00
parent 6981fbcf10
commit 6eb959854b
1 changed files with 19 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
library/psa_crypto.c
View File

@ -3254,8 +3254,8 @@ psa_status_t psa_aead_encrypt_setup( psa_aead_operation_t *operation,
goto exit; goto exit;
} }
if( operation->nonce_set || operation->ad_started || if( operation->nonce_set || operation->lengths_set ||
operation->body_started ) operation->ad_started || operation->body_started )
{ {
status = PSA_ERROR_BAD_STATE; status = PSA_ERROR_BAD_STATE;
goto exit; goto exit;
@ -3316,9 +3316,8 @@ psa_status_t psa_aead_decrypt_setup( psa_aead_operation_t *operation,
goto exit; goto exit;
} }
if( operation->nonce_set || operation->ad_started || if( operation->nonce_set || operation->lengths_set ||
operation->ad_started || operation->body_started )
operation->body_started )
{ {
status = PSA_ERROR_BAD_STATE; status = PSA_ERROR_BAD_STATE;
goto exit; goto exit;
@ -3375,8 +3374,8 @@ psa_status_t psa_aead_generate_nonce( psa_aead_operation_t *operation,
goto exit; goto exit;
} }
if( operation->nonce_set || operation->ad_started || if( operation->nonce_set || operation->lengths_set ||
operation->body_started ) operation->ad_started || operation->body_started )
{ {
status = PSA_ERROR_BAD_STATE; status = PSA_ERROR_BAD_STATE;
goto exit; goto exit;
@ -3430,11 +3429,11 @@ psa_status_t psa_aead_set_nonce( psa_aead_operation_t *operation,
goto exit; goto exit;
} }
/* Not checking nonce size here as GCM spec allows almost abitrarily large /* Not checking nonce size here as GCM spec allows almost arbitrarily
* nonces. Please note that we do not generally recommend the usage of * large nonces. Please note that we do not generally recommend the usage
* nonces of greater length than PSA_AEAD_NONCE_MAX_SIZE, as large nonces * of nonces of greater length than PSA_AEAD_NONCE_MAX_SIZE, as large
* are hashed to a shorter size, which can then lead to collisions if you * nonces are hashed to a shorter size, which can then lead to collisions
encrypt a very large number of messages. */ * if you encrypt a very large number of messages.*/
status = psa_driver_wrapper_aead_set_nonce( operation, nonce, status = psa_driver_wrapper_aead_set_nonce( operation, nonce,
nonce_length ); nonce_length );
@ -3462,7 +3461,8 @@ psa_status_t psa_aead_set_lengths( psa_aead_operation_t *operation,
goto exit; goto exit;
} }
if( operation->lengths_set ) if( operation->lengths_set || operation->ad_started ||
operation->body_started)
{ {
status = PSA_ERROR_BAD_STATE; status = PSA_ERROR_BAD_STATE;
goto exit; goto exit;
@ -3497,7 +3497,7 @@ psa_status_t psa_aead_update_ad( psa_aead_operation_t *operation,
goto exit; goto exit;
} }
if( !operation->nonce_set ) if( !operation->nonce_set || operation->body_started )
{ {
status = PSA_ERROR_BAD_STATE; status = PSA_ERROR_BAD_STATE;
goto exit; goto exit;
@ -3505,7 +3505,7 @@ psa_status_t psa_aead_update_ad( psa_aead_operation_t *operation,
if( operation->lengths_set ) if( operation->lengths_set )
{ {
if ( operation->ad_remaining < input_length ) if( operation->ad_remaining < input_length )
{ {
status = PSA_ERROR_INVALID_ARGUMENT; status = PSA_ERROR_INVALID_ARGUMENT;
goto exit; goto exit;
@ -3546,7 +3546,7 @@ psa_status_t psa_aead_update( psa_aead_operation_t *operation,
goto exit; goto exit;
} }
if( !operation->nonce_set || !operation->ad_started ) if( !operation->nonce_set )
{ {
status = PSA_ERROR_BAD_STATE; status = PSA_ERROR_BAD_STATE;
goto exit; goto exit;
@ -3606,8 +3606,7 @@ psa_status_t psa_aead_finish( psa_aead_operation_t *operation,
goto exit; goto exit;
} }
if( !operation->nonce_set || !operation->ad_started || if( !operation->nonce_set )
!operation->body_started )
{ {
status = PSA_ERROR_BAD_STATE; status = PSA_ERROR_BAD_STATE;
goto exit; goto exit;
@ -3616,7 +3615,7 @@ psa_status_t psa_aead_finish( psa_aead_operation_t *operation,
if( operation->lengths_set && (operation->ad_remaining != 0 || if( operation->lengths_set && (operation->ad_remaining != 0 ||
operation->body_remaining != 0 ) ) operation->body_remaining != 0 ) )
{ {
status = PSA_ERROR_BAD_STATE; status = PSA_ERROR_INVALID_ARGUMENT;
goto exit; goto exit;
} }
@ -3651,8 +3650,7 @@ psa_status_t psa_aead_verify( psa_aead_operation_t *operation,
goto exit; goto exit;
} }
if( !operation->nonce_set || !operation->ad_started || if( !operation->nonce_set )
!operation->body_started )
{ {
status = PSA_ERROR_BAD_STATE; status = PSA_ERROR_BAD_STATE;
goto exit; goto exit;