From 88c4d624f80582d7b242912ce65c37cc8382f39c Mon Sep 17 00:00:00 2001 From: Mateusz Starzyk Date: Mon, 5 Jul 2021 17:09:16 +0200 Subject: [PATCH] Clear context state if previous operation failed. Signed-off-by: Mateusz Starzyk --- library/ccm.c | 32 +++++++++++++++++++++----------- 1 file changed, 21 insertions(+), 11 deletions(-) diff --git a/library/ccm.c b/library/ccm.c index a2ca98600c..34531a4162 100644 --- a/library/ccm.c +++ b/library/ccm.c @@ -122,7 +122,10 @@ void mbedtls_ccm_free( mbedtls_ccm_context *ctx ) ctx->y[i] ^= ctx->b[i]; \ \ if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctx->y, 16, ctx->y, &olen ) ) != 0 ) \ - return( ret ); + { \ + ctx->state |= CCM_STATE__ERROR; \ + return( ret ); \ + } \ /* * Encrypt or decrypt a partial block with CTR @@ -135,6 +138,7 @@ void mbedtls_ccm_free( mbedtls_ccm_context *ctx ) if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctx->ctr, \ 16, ctx->b, &olen ) ) != 0 ) \ { \ + ctx->state |= CCM_STATE__ERROR; \ return( ret ); \ } \ \ @@ -145,6 +149,7 @@ void mbedtls_ccm_free( mbedtls_ccm_context *ctx ) #define CCM_STATE__CLEAR 0 #define CCM_STATE__STARTED 0x0001 #define CCM_STATE__LENGHTS_SET 0x0002 +#define CCM_STATE__ERROR 0x0004 static void mbedtls_ccm_clear_state(mbedtls_ccm_context *ctx) { ctx->state = CCM_STATE__CLEAR; @@ -175,7 +180,10 @@ static int mbedtls_ccm_calculate_first_block(mbedtls_ccm_context *ctx) ctx->b[15-i] = (unsigned char)( len_left & 0xFF ); if( len_left > 0 ) + { + ctx->state |= CCM_STATE__ERROR; return( MBEDTLS_ERR_CCM_BAD_INPUT ); + } /* Start CBC-MAC with first block*/ UPDATE_CBC_MAC; @@ -188,12 +196,15 @@ int mbedtls_ccm_starts( mbedtls_ccm_context *ctx, const unsigned char *iv, size_t iv_len ) { - int ret; - /* Also implies q is within bounds */ if( iv_len < 7 || iv_len > 13 ) return( MBEDTLS_ERR_CCM_BAD_INPUT ); + if( ctx->state & CCM_STATE__ERROR ) + { + mbedtls_ccm_clear_state(ctx); + } + ctx->mode = mode; ctx->q = 16 - 1 - (unsigned char) iv_len; @@ -230,9 +241,7 @@ int mbedtls_ccm_starts( mbedtls_ccm_context *ctx, memcpy( ctx->b + 1, iv, iv_len ); ctx->state |= CCM_STATE__STARTED; - ret = mbedtls_ccm_calculate_first_block(ctx); - - return ret; + return mbedtls_ccm_calculate_first_block(ctx); } int mbedtls_ccm_set_lengths( mbedtls_ccm_context *ctx, @@ -240,8 +249,6 @@ int mbedtls_ccm_set_lengths( mbedtls_ccm_context *ctx, size_t plaintext_len, size_t tag_len ) { - int ret; - /* * Check length requirements: SP800-38C A.1 * Additional requirement: a < 2^16 - 2^8 to simplify the code. @@ -255,6 +262,11 @@ int mbedtls_ccm_set_lengths( mbedtls_ccm_context *ctx, if( total_ad_len >= 0xFF00 ) return( MBEDTLS_ERR_CCM_BAD_INPUT ); + if( ctx->state & CCM_STATE__ERROR ) + { + mbedtls_ccm_clear_state(ctx); + } + /* * First block B_0: * 0 .. 0 flags - set by: mbedtls_ccm_starts() and mbedtls_ccm_set_lenghts() @@ -273,9 +285,7 @@ int mbedtls_ccm_set_lengths( mbedtls_ccm_context *ctx, ctx->plaintext_len = plaintext_len; ctx->state |= CCM_STATE__LENGHTS_SET; - ret = mbedtls_ccm_calculate_first_block(ctx); - - return ret; + return mbedtls_ccm_calculate_first_block(ctx); } int mbedtls_ccm_update_ad( mbedtls_ccm_context *ctx,