Merge pull request #4760 from gilles-peskine-arm/ecb-alt-ret-3.0
Catch failures of mbedtls_aes_crypt_ecb and its DES equivalents
diff --git a/ChangeLog.d/check-return.txt b/ChangeLog.d/check-return.txt
new file mode 100644
index 0000000..045b180
--- /dev/null
+++ b/ChangeLog.d/check-return.txt
@@ -0,0 +1,17 @@
+Bugfix
+ * Failures of alternative implementations of AES or DES single-block
+ functions enabled with MBEDTLS_AES_ENCRYPT_ALT, MBEDTLS_AES_DECRYPT_ALT,
+ MBEDTLS_DES_CRYPT_ECB_ALT or MBEDTLS_DES3_CRYPT_ECB_ALT were ignored.
+ This does not concern the implementation provided with Mbed TLS,
+ where this function cannot fail, or full-module replacements with
+ MBEDTLS_AES_ALT or MBEDTLS_DES_ALT. Reported by Armelle Duboc in #1092.
+
+Features
+ * Warn if errors from certain functions are ignored. This is currently
+ supported on GCC-like compilers and on MSVC and can be configured through
+ the macro MBEDTLS_CHECK_RETURN. The warnings are always enabled
+ (where supported) for critical functions where ignoring the return
+ value is almost always a bug. Enable the new configuration option
+ MBEDTLS_CHECK_RETURN_WARNING to get warnings for other functions. This
+ is currently implemented in the AES and DES modules, and will be extended
+ to other modules in the future.
diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h
index 879c3f2..becbfae 100644
--- a/include/mbedtls/aes.h
+++ b/include/mbedtls/aes.h
@@ -42,6 +42,7 @@
#include "mbedtls/private_access.h"
#include "mbedtls/build_info.h"
+#include "mbedtls/platform_util.h"
#include <stddef.h>
#include <stdint.h>
@@ -163,6 +164,7 @@
* \return \c 0 on success.
* \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
*/
+MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
unsigned int keybits );
@@ -181,6 +183,7 @@
* \return \c 0 on success.
* \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
*/
+MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
unsigned int keybits );
@@ -201,6 +204,7 @@
* \return \c 0 on success.
* \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
*/
+MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_aes_xts_setkey_enc( mbedtls_aes_xts_context *ctx,
const unsigned char *key,
unsigned int keybits );
@@ -221,6 +225,7 @@
* \return \c 0 on success.
* \return #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
*/
+MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx,
const unsigned char *key,
unsigned int keybits );
@@ -249,6 +254,7 @@
* \return \c 0 on success.
*/
+MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx,
int mode,
const unsigned char input[16],
@@ -296,6 +302,7 @@
* \return #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
* on failure.
*/
+MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
int mode,
size_t length,
@@ -340,6 +347,7 @@
* smaller than an AES block in size (16 Bytes) or if \p
* length is larger than 2^20 blocks (16 MiB).
*/
+MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx,
int mode,
size_t length,
@@ -388,6 +396,7 @@
*
* \return \c 0 on success.
*/
+MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
int mode,
size_t length,
@@ -432,6 +441,7 @@
*
* \return \c 0 on success.
*/
+MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
int mode,
size_t length,
@@ -486,6 +496,7 @@
*
* \return \c 0 on success.
*/
+MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx,
size_t length,
size_t *iv_off,
@@ -572,6 +583,7 @@
*
* \return \c 0 on success.
*/
+MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
size_t length,
size_t *nc_off,
@@ -592,6 +604,7 @@
*
* \return \c 0 on success.
*/
+MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx,
const unsigned char input[16],
unsigned char output[16] );
@@ -607,6 +620,7 @@
*
* \return \c 0 on success.
*/
+MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
const unsigned char input[16],
unsigned char output[16] );
@@ -618,6 +632,7 @@
* \return \c 0 on success.
* \return \c 1 on failure.
*/
+MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_aes_self_test( int verbose );
#endif /* MBEDTLS_SELF_TEST */
diff --git a/include/mbedtls/des.h b/include/mbedtls/des.h
index 63a8e00..be74cb1 100644
--- a/include/mbedtls/des.h
+++ b/include/mbedtls/des.h
@@ -29,6 +29,7 @@
#include "mbedtls/private_access.h"
#include "mbedtls/build_info.h"
+#include "mbedtls/platform_util.h"
#include <stddef.h>
#include <stdint.h>
@@ -139,6 +140,7 @@
* security risk. We recommend considering stronger ciphers
* instead.
*/
+MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_des_key_check_key_parity( const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
/**
@@ -152,6 +154,7 @@
* security risk. We recommend considering stronger ciphers
* instead.
*/
+MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_des_key_check_weak( const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
/**
@@ -166,6 +169,7 @@
* security risk. We recommend considering stronger ciphers
* instead.
*/
+MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_des_setkey_enc( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
/**
@@ -180,6 +184,7 @@
* security risk. We recommend considering stronger ciphers
* instead.
*/
+MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_des_setkey_dec( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
/**
@@ -190,6 +195,7 @@
*
* \return 0
*/
+MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_des3_set2key_enc( mbedtls_des3_context *ctx,
const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] );
@@ -201,6 +207,7 @@
*
* \return 0
*/
+MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_des3_set2key_dec( mbedtls_des3_context *ctx,
const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] );
@@ -212,6 +219,7 @@
*
* \return 0
*/
+MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_des3_set3key_enc( mbedtls_des3_context *ctx,
const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] );
@@ -223,6 +231,7 @@
*
* \return 0
*/
+MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_des3_set3key_dec( mbedtls_des3_context *ctx,
const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] );
@@ -239,6 +248,7 @@
* security risk. We recommend considering stronger ciphers
* instead.
*/
+MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx,
const unsigned char input[8],
unsigned char output[8] );
@@ -266,6 +276,7 @@
* security risk. We recommend considering stronger ciphers
* instead.
*/
+MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx,
int mode,
size_t length,
@@ -283,6 +294,7 @@
*
* \return 0 if successful
*/
+MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx,
const unsigned char input[8],
unsigned char output[8] );
@@ -308,6 +320,7 @@
*
* \return 0 if successful, or MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH
*/
+MBEDTLS_CHECK_RETURN_TYPICAL
int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx,
int mode,
size_t length,
@@ -338,6 +351,7 @@
*
* \return 0 if successful, or 1 if the test failed
*/
+MBEDTLS_CHECK_RETURN_CRITICAL
int mbedtls_des_self_test( int verbose );
#endif /* MBEDTLS_SELF_TEST */
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index adc317d..4757aa6 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -521,6 +521,29 @@
//#define MBEDTLS_CAMELLIA_SMALL_MEMORY
/**
+ * \def MBEDTLS_CHECK_RETURN_WARNING
+ *
+ * If this macro is defined, emit a compile-time warning if application code
+ * calls a function without checking its return value, but the return value
+ * should generally be checked in portable applications.
+ *
+ * This is only supported on platforms where #MBEDTLS_CHECK_RETURN is
+ * implemented. Otherwise this option has no effect.
+ *
+ * Uncomment to get warnings on using fallible functions without checking
+ * their return value.
+ *
+ * \note This feature is a work in progress.
+ * Warnings will be added to more functions in the future.
+ *
+ * \note A few functions are considered critical, and ignoring the return
+ * value of these functions will trigger a warning even if this
+ * macro is not defined. To completely disable return value check
+ * warnings, define #MBEDTLS_CHECK_RETURN with an empty expansion.
+ */
+//#define MBEDTLS_CHECK_RETURN_WARNING
+
+/**
* \def MBEDTLS_CIPHER_MODE_CBC
*
* Enable Cipher Block Chaining mode (CBC) for symmetric ciphers.
@@ -3067,6 +3090,29 @@
//#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
//#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
+/** \def MBEDTLS_CHECK_RETURN
+ *
+ * This macro is used at the beginning of the declaration of a function
+ * to indicate that its return value should be checked. It should
+ * instruct the compiler to emit a warning or an error if the function
+ * is called without checking its return value.
+ *
+ * There is a default implementation for popular compilers in platform_util.h.
+ * You can override the default implementation by defining your own here.
+ *
+ * If the implementation here is empty, this will effectively disable the
+ * checking of functions' return values.
+ */
+//#define MBEDTLS_CHECK_RETURN __attribute__((__warn_unused_result__))
+
+/** \def MBEDTLS_IGNORE_RETURN
+ *
+ * This macro requires one argument, which should be a C function call.
+ * If that function call would cause a #MBEDTLS_CHECK_RETURN warning, this
+ * warning is suppressed.
+ */
+//#define MBEDTLS_IGNORE_RETURN( result ) ((void) !(result))
+
/* PSA options */
/**
* Use HMAC_DRBG with the specified hash algorithm for HMAC_DRBG for the
diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h
index 1a0a135..36e3718 100644
--- a/include/mbedtls/platform_util.h
+++ b/include/mbedtls/platform_util.h
@@ -60,6 +60,95 @@
#endif /* MBEDTLS_DEPRECATED_WARNING */
#endif /* MBEDTLS_DEPRECATED_REMOVED */
+/* Implementation of the check-return facility.
+ * See the user documentation in mbedtls_config.h.
+ *
+ * Do not use this macro directly to annotate function: instead,
+ * use one of MBEDTLS_CHECK_RETURN_CRITICAL or MBEDTLS_CHECK_RETURN_TYPICAL
+ * depending on how important it is to check the return value.
+ */
+#if !defined(MBEDTLS_CHECK_RETURN)
+#if defined(__GNUC__)
+#define MBEDTLS_CHECK_RETURN __attribute__((__warn_unused_result__))
+#elif defined(_MSC_VER) && _MSC_VER >= 1700
+#include <sal.h>
+#define MBEDTLS_CHECK_RETURN _Check_return_
+#else
+#define MBEDTLS_CHECK_RETURN
+#endif
+#endif
+
+/** Critical-failure function
+ *
+ * This macro appearing at the beginning of the declaration of a function
+ * indicates that its return value should be checked in all applications.
+ * Omitting the check is very likely to indicate a bug in the application
+ * and will result in a compile-time warning if #MBEDTLS_CHECK_RETURN
+ * is implemented for the compiler in use.
+ *
+ * \note The use of this macro is a work in progress.
+ * This macro may be added to more functions in the future.
+ * Such an extension is not considered an API break, provided that
+ * there are near-unavoidable circumstances under which the function
+ * can fail. For example, signature/MAC/AEAD verification functions,
+ * and functions that require a random generator, are considered
+ * return-check-critical.
+ */
+#define MBEDTLS_CHECK_RETURN_CRITICAL MBEDTLS_CHECK_RETURN
+
+/** Ordinary-failure function
+ *
+ * This macro appearing at the beginning of the declaration of a function
+ * indicates that its return value should be generally be checked in portable
+ * applications. Omitting the check will result in a compile-time warning if
+ * #MBEDTLS_CHECK_RETURN is implemented for the compiler in use and
+ * #MBEDTLS_CHECK_RETURN_WARNING is enabled in the compile-time configuration.
+ *
+ * You can use #MBEDTLS_IGNORE_RETURN to explicitly ignore the return value
+ * of a function that is annotated with #MBEDTLS_CHECK_RETURN.
+ *
+ * \note The use of this macro is a work in progress.
+ * This macro will be added to more functions in the future.
+ * Eventually this should appear before most functions returning
+ * an error code (as \c int in the \c mbedtls_xxx API or
+ * as ::psa_status_t in the \c psa_xxx API).
+ */
+#if defined(MBEDTLS_CHECK_RETURN_WARNING)
+#define MBEDTLS_CHECK_RETURN_TYPICAL MBEDTLS_CHECK_RETURN
+#else
+#define MBEDTLS_CHECK_RETURN_TYPICAL
+#endif
+
+/** Benign-failure function
+ *
+ * This macro appearing at the beginning of the declaration of a function
+ * indicates that it is rarely useful to check its return value.
+ *
+ * This macro has an empty expansion. It exists for documentation purposes:
+ * a #MBEDTLS_CHECK_RETURN_OPTIONAL annotation indicates that the function
+ * has been analyzed for return-check usefuless, whereas the lack of
+ * an annotation indicates that the function has not been analyzed and its
+ * return-check usefulness is unknown.
+ */
+#define MBEDTLS_CHECK_RETURN_OPTIONAL
+
+/** \def MBEDTLS_IGNORE_RETURN
+ *
+ * Call this macro with one argument, a function call, to suppress a warning
+ * from #MBEDTLS_CHECK_RETURN due to that function call.
+ */
+#if !defined(MBEDTLS_IGNORE_RETURN)
+/* GCC doesn't silence the warning with just (void)(result).
+ * (void)!(result) is known to work up at least up to GCC 10, as well
+ * as with Clang and MSVC.
+ *
+ * https://gcc.gnu.org/onlinedocs/gcc-3.4.6/gcc/Non_002dbugs.html
+ * https://stackoverflow.com/questions/40576003/ignoring-warning-wunused-result
+ * https://gcc.gnu.org/bugzilla/show_bug.cgi?id=66425#c34
+ */
+#define MBEDTLS_IGNORE_RETURN(result) ( (void) !( result ) )
+#endif
+
/**
* \brief Securely zeroize a buffer
*
diff --git a/library/aes.c b/library/aes.c
index 8e3358c..4afc3c4 100644
--- a/library/aes.c
+++ b/library/aes.c
@@ -1011,6 +1011,7 @@
unsigned char *output )
{
int i;
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char temp[16];
AES_VALIDATE_RET( ctx != NULL );
@@ -1040,7 +1041,9 @@
while( length > 0 )
{
memcpy( temp, input, 16 );
- mbedtls_aes_crypt_ecb( ctx, mode, input, output );
+ ret = mbedtls_aes_crypt_ecb( ctx, mode, input, output );
+ if( ret != 0 )
+ goto exit;
for( i = 0; i < 16; i++ )
output[i] = (unsigned char)( output[i] ^ iv[i] );
@@ -1059,7 +1062,9 @@
for( i = 0; i < 16; i++ )
output[i] = (unsigned char)( input[i] ^ iv[i] );
- mbedtls_aes_crypt_ecb( ctx, mode, output, output );
+ ret = mbedtls_aes_crypt_ecb( ctx, mode, output, output );
+ if( ret != 0 )
+ goto exit;
memcpy( iv, output, 16 );
input += 16;
@@ -1067,8 +1072,10 @@
length -= 16;
}
}
+ ret = 0;
- return( 0 );
+exit:
+ return( ret );
}
#endif /* MBEDTLS_CIPHER_MODE_CBC */
@@ -1222,6 +1229,7 @@
unsigned char *output )
{
int c;
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t n;
AES_VALIDATE_RET( ctx != NULL );
@@ -1242,7 +1250,11 @@
while( length-- )
{
if( n == 0 )
- mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
+ {
+ ret = mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
+ if( ret != 0 )
+ goto exit;
+ }
c = *input++;
*output++ = (unsigned char)( c ^ iv[n] );
@@ -1256,7 +1268,11 @@
while( length-- )
{
if( n == 0 )
- mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
+ {
+ ret = mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
+ if( ret != 0 )
+ goto exit;
+ }
iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );
@@ -1265,8 +1281,10 @@
}
*iv_off = n;
+ ret = 0;
- return( 0 );
+exit:
+ return( ret );
}
/*
@@ -1279,6 +1297,7 @@
const unsigned char *input,
unsigned char *output )
{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char c;
unsigned char ov[17];
@@ -1291,7 +1310,9 @@
while( length-- )
{
memcpy( ov, iv, 16 );
- mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
+ ret = mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
+ if( ret != 0 )
+ goto exit;
if( mode == MBEDTLS_AES_DECRYPT )
ov[16] = *input;
@@ -1303,8 +1324,10 @@
memcpy( iv, ov + 1, 16 );
}
+ ret = 0;
- return( 0 );
+exit:
+ return( ret );
}
#endif /* MBEDTLS_CIPHER_MODE_CFB */
@@ -1366,6 +1389,7 @@
unsigned char *output )
{
int c, i;
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t n;
AES_VALIDATE_RET( ctx != NULL );
@@ -1383,7 +1407,9 @@
while( length-- )
{
if( n == 0 ) {
- mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, nonce_counter, stream_block );
+ ret = mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, nonce_counter, stream_block );
+ if( ret != 0 )
+ goto exit;
for( i = 16; i > 0; i-- )
if( ++nonce_counter[i - 1] != 0 )
@@ -1396,8 +1422,10 @@
}
*nc_off = n;
+ ret = 0;
- return( 0 );
+exit:
+ return( ret );
}
#endif /* MBEDTLS_CIPHER_MODE_CTR */
diff --git a/library/des.c b/library/des.c
index 7f90faa..91d22b5 100644
--- a/library/des.c
+++ b/library/des.c
@@ -28,6 +28,7 @@
#if defined(MBEDTLS_DES_C)
#include "mbedtls/des.h"
+#include "mbedtls/error.h"
#include "mbedtls/platform_util.h"
#include <string.h>
@@ -642,6 +643,7 @@
unsigned char *output )
{
int i;
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char temp[8];
if( length % 8 )
@@ -654,7 +656,9 @@
for( i = 0; i < 8; i++ )
output[i] = (unsigned char)( input[i] ^ iv[i] );
- mbedtls_des_crypt_ecb( ctx, output, output );
+ ret = mbedtls_des_crypt_ecb( ctx, output, output );
+ if( ret != 0 )
+ goto exit;
memcpy( iv, output, 8 );
input += 8;
@@ -667,7 +671,9 @@
while( length > 0 )
{
memcpy( temp, input, 8 );
- mbedtls_des_crypt_ecb( ctx, input, output );
+ ret = mbedtls_des_crypt_ecb( ctx, input, output );
+ if( ret != 0 )
+ goto exit;
for( i = 0; i < 8; i++ )
output[i] = (unsigned char)( output[i] ^ iv[i] );
@@ -679,8 +685,10 @@
length -= 8;
}
}
+ ret = 0;
- return( 0 );
+exit:
+ return( ret );
}
#endif /* MBEDTLS_CIPHER_MODE_CBC */
@@ -741,6 +749,7 @@
unsigned char *output )
{
int i;
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char temp[8];
if( length % 8 )
@@ -753,7 +762,9 @@
for( i = 0; i < 8; i++ )
output[i] = (unsigned char)( input[i] ^ iv[i] );
- mbedtls_des3_crypt_ecb( ctx, output, output );
+ ret = mbedtls_des3_crypt_ecb( ctx, output, output );
+ if( ret != 0 )
+ goto exit;
memcpy( iv, output, 8 );
input += 8;
@@ -766,7 +777,9 @@
while( length > 0 )
{
memcpy( temp, input, 8 );
- mbedtls_des3_crypt_ecb( ctx, input, output );
+ ret = mbedtls_des3_crypt_ecb( ctx, input, output );
+ if( ret != 0 )
+ goto exit;
for( i = 0; i < 8; i++ )
output[i] = (unsigned char)( output[i] ^ iv[i] );
@@ -778,8 +791,10 @@
length -= 8;
}
}
+ ret = 0;
- return( 0 );
+exit:
+ return( ret );
}
#endif /* MBEDTLS_CIPHER_MODE_CBC */
@@ -872,39 +887,43 @@
switch( i )
{
case 0:
- mbedtls_des_setkey_dec( &ctx, des3_test_keys );
+ ret = mbedtls_des_setkey_dec( &ctx, des3_test_keys );
break;
case 1:
- mbedtls_des_setkey_enc( &ctx, des3_test_keys );
+ ret = mbedtls_des_setkey_enc( &ctx, des3_test_keys );
break;
case 2:
- mbedtls_des3_set2key_dec( &ctx3, des3_test_keys );
+ ret = mbedtls_des3_set2key_dec( &ctx3, des3_test_keys );
break;
case 3:
- mbedtls_des3_set2key_enc( &ctx3, des3_test_keys );
+ ret = mbedtls_des3_set2key_enc( &ctx3, des3_test_keys );
break;
case 4:
- mbedtls_des3_set3key_dec( &ctx3, des3_test_keys );
+ ret = mbedtls_des3_set3key_dec( &ctx3, des3_test_keys );
break;
case 5:
- mbedtls_des3_set3key_enc( &ctx3, des3_test_keys );
+ ret = mbedtls_des3_set3key_enc( &ctx3, des3_test_keys );
break;
default:
return( 1 );
}
+ if( ret != 0 )
+ goto exit;
for( j = 0; j < 100; j++ )
{
if( u == 0 )
- mbedtls_des_crypt_ecb( &ctx, buf, buf );
+ ret = mbedtls_des_crypt_ecb( &ctx, buf, buf );
else
- mbedtls_des3_crypt_ecb( &ctx3, buf, buf );
+ ret = mbedtls_des3_crypt_ecb( &ctx3, buf, buf );
+ if( ret != 0 )
+ goto exit;
}
if( ( v == MBEDTLS_DES_DECRYPT &&
@@ -947,41 +966,45 @@
switch( i )
{
case 0:
- mbedtls_des_setkey_dec( &ctx, des3_test_keys );
+ ret = mbedtls_des_setkey_dec( &ctx, des3_test_keys );
break;
case 1:
- mbedtls_des_setkey_enc( &ctx, des3_test_keys );
+ ret = mbedtls_des_setkey_enc( &ctx, des3_test_keys );
break;
case 2:
- mbedtls_des3_set2key_dec( &ctx3, des3_test_keys );
+ ret = mbedtls_des3_set2key_dec( &ctx3, des3_test_keys );
break;
case 3:
- mbedtls_des3_set2key_enc( &ctx3, des3_test_keys );
+ ret = mbedtls_des3_set2key_enc( &ctx3, des3_test_keys );
break;
case 4:
- mbedtls_des3_set3key_dec( &ctx3, des3_test_keys );
+ ret = mbedtls_des3_set3key_dec( &ctx3, des3_test_keys );
break;
case 5:
- mbedtls_des3_set3key_enc( &ctx3, des3_test_keys );
+ ret = mbedtls_des3_set3key_enc( &ctx3, des3_test_keys );
break;
default:
return( 1 );
}
+ if( ret != 0 )
+ goto exit;
if( v == MBEDTLS_DES_DECRYPT )
{
for( j = 0; j < 100; j++ )
{
if( u == 0 )
- mbedtls_des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
+ ret = mbedtls_des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
else
- mbedtls_des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
+ ret = mbedtls_des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
+ if( ret != 0 )
+ goto exit;
}
}
else
@@ -991,9 +1014,11 @@
unsigned char tmp[8];
if( u == 0 )
- mbedtls_des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
+ ret = mbedtls_des_crypt_cbc( &ctx, v, 8, iv, buf, buf );
else
- mbedtls_des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
+ ret = mbedtls_des3_crypt_cbc( &ctx3, v, 8, iv, buf, buf );
+ if( ret != 0 )
+ goto exit;
memcpy( tmp, prv, 8 );
memcpy( prv, buf, 8 );
@@ -1027,6 +1052,8 @@
mbedtls_des_free( &ctx );
mbedtls_des3_free( &ctx3 );
+ if( ret != 0 )
+ ret = 1;
return( ret );
}
diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c
index eccb42a..d633e4d 100644
--- a/programs/pkey/dh_client.c
+++ b/programs/pkey/dh_client.c
@@ -270,7 +270,9 @@
mbedtls_printf( "...\n . Receiving and decrypting the ciphertext" );
fflush( stdout );
- mbedtls_aes_setkey_dec( &aes, buf, 256 );
+ ret = mbedtls_aes_setkey_dec( &aes, buf, 256 );
+ if( ret != 0 )
+ goto exit;
memset( buf, 0, sizeof( buf ) );
@@ -280,7 +282,9 @@
goto exit;
}
- mbedtls_aes_crypt_ecb( &aes, MBEDTLS_AES_DECRYPT, buf, buf );
+ ret = mbedtls_aes_crypt_ecb( &aes, MBEDTLS_AES_DECRYPT, buf, buf );
+ if( ret != 0 )
+ goto exit;
buf[16] = '\0';
mbedtls_printf( "\n . Plaintext is \"%s\"\n\n", (char *) buf );
diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c
index 0ddb85c..75713ff 100644
--- a/programs/pkey/dh_server.c
+++ b/programs/pkey/dh_server.c
@@ -290,9 +290,13 @@
mbedtls_printf( "...\n . Encrypting and sending the ciphertext" );
fflush( stdout );
- mbedtls_aes_setkey_enc( &aes, buf, 256 );
+ ret = mbedtls_aes_setkey_enc( &aes, buf, 256 );
+ if( ret != 0 )
+ goto exit;
memcpy( buf, PLAINTEXT, 16 );
- mbedtls_aes_crypt_ecb( &aes, MBEDTLS_AES_ENCRYPT, buf, buf );
+ ret = mbedtls_aes_crypt_ecb( &aes, MBEDTLS_AES_ENCRYPT, buf, buf );
+ if( ret != 0 )
+ goto exit;
if( ( ret = mbedtls_net_send( &client_fd, buf, 16 ) ) != 16 )
{
diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c
index 5985caf..d3faad9 100644
--- a/programs/test/benchmark.c
+++ b/programs/test/benchmark.c
@@ -674,7 +674,8 @@
{
mbedtls_des3_context des3;
mbedtls_des3_init( &des3 );
- mbedtls_des3_set3key_enc( &des3, tmp );
+ if( mbedtls_des3_set3key_enc( &des3, tmp ) != 0 )
+ mbedtls_exit( 1 );
TIME_AND_TSC( "3DES",
mbedtls_des3_crypt_cbc( &des3, MBEDTLS_DES_ENCRYPT, BUFSIZE, tmp, buf, buf ) );
mbedtls_des3_free( &des3 );
@@ -684,7 +685,8 @@
{
mbedtls_des_context des;
mbedtls_des_init( &des );
- mbedtls_des_setkey_enc( &des, tmp );
+ if( mbedtls_des_setkey_enc( &des, tmp ) != 0 )
+ mbedtls_exit( 1 );
TIME_AND_TSC( "DES",
mbedtls_des_crypt_cbc( &des, MBEDTLS_DES_ENCRYPT, BUFSIZE, tmp, buf, buf ) );
mbedtls_des_free( &des );
@@ -722,7 +724,7 @@
memset( buf, 0, sizeof( buf ) );
memset( tmp, 0, sizeof( tmp ) );
- mbedtls_aes_setkey_enc( &aes, tmp, keysize );
+ CHECK_AND_CONTINUE( mbedtls_aes_setkey_enc( &aes, tmp, keysize ) );
TIME_AND_TSC( title,
mbedtls_aes_crypt_cbc( &aes, MBEDTLS_AES_ENCRYPT, BUFSIZE, tmp, buf, buf ) );
@@ -743,7 +745,7 @@
memset( buf, 0, sizeof( buf ) );
memset( tmp, 0, sizeof( tmp ) );
- mbedtls_aes_xts_setkey_enc( &ctx, tmp, keysize * 2 );
+ CHECK_AND_CONTINUE( mbedtls_aes_xts_setkey_enc( &ctx, tmp, keysize * 2 ) );
TIME_AND_TSC( title,
mbedtls_aes_crypt_xts( &ctx, MBEDTLS_AES_ENCRYPT, BUFSIZE,
diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function
index 1892c25..52af8e0 100644
--- a/tests/suites/test_suite_aes.function
+++ b/tests/suites/test_suite_aes.function
@@ -67,7 +67,7 @@
mbedtls_aes_init( &ctx );
- mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 );
+ TEST_ASSERT( mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ) == 0 );
TEST_ASSERT( mbedtls_aes_crypt_cbc( &ctx, MBEDTLS_AES_ENCRYPT, src_str->len, iv_str->x, src_str->x, output ) == cbc_result );
if( cbc_result == 0 )
{
@@ -92,7 +92,7 @@
memset(output, 0x00, 100);
mbedtls_aes_init( &ctx );
- mbedtls_aes_setkey_dec( &ctx, key_str->x, key_str->len * 8 );
+ TEST_ASSERT( mbedtls_aes_setkey_dec( &ctx, key_str->x, key_str->len * 8 ) == 0 );
TEST_ASSERT( mbedtls_aes_crypt_cbc( &ctx, MBEDTLS_AES_DECRYPT, src_str->len, iv_str->x, src_str->x, output ) == cbc_result );
if( cbc_result == 0)
{
@@ -241,7 +241,7 @@
mbedtls_aes_init( &ctx );
- mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 );
+ TEST_ASSERT( mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ) == 0 );
TEST_ASSERT( mbedtls_aes_crypt_cfb128( &ctx, MBEDTLS_AES_ENCRYPT, 16, &iv_offset, iv_str->x, src_str->x, output ) == 0 );
TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 16, dst->len ) == 0 );
@@ -263,7 +263,7 @@
mbedtls_aes_init( &ctx );
- mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 );
+ TEST_ASSERT( mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ) == 0 );
TEST_ASSERT( mbedtls_aes_crypt_cfb128( &ctx, MBEDTLS_AES_DECRYPT, 16, &iv_offset, iv_str->x, src_str->x, output ) == 0 );
TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 16, dst->len ) == 0 );
@@ -284,7 +284,7 @@
mbedtls_aes_init( &ctx );
- mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 );
+ TEST_ASSERT( mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ) == 0 );
TEST_ASSERT( mbedtls_aes_crypt_cfb8( &ctx, MBEDTLS_AES_ENCRYPT, src_str->len, iv_str->x, src_str->x, output ) == 0 );
TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x,
@@ -306,7 +306,7 @@
mbedtls_aes_init( &ctx );
- mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 );
+ TEST_ASSERT( mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ) == 0 );
TEST_ASSERT( mbedtls_aes_crypt_cfb8( &ctx, MBEDTLS_AES_DECRYPT, src_str->len, iv_str->x, src_str->x, output ) == 0 );
TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x,
diff --git a/tests/suites/test_suite_des.function b/tests/suites/test_suite_des.function
index 5b24935..7256fb5 100644
--- a/tests/suites/test_suite_des.function
+++ b/tests/suites/test_suite_des.function
@@ -24,7 +24,7 @@
mbedtls_des_init( &ctx );
- mbedtls_des_setkey_enc( &ctx, key_str->x );
+ TEST_ASSERT( mbedtls_des_setkey_enc( &ctx, key_str->x ) == 0 );
TEST_ASSERT( mbedtls_des_crypt_ecb( &ctx, src_str->x, output ) == 0 );
TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 8, dst->len ) == 0 );
@@ -44,7 +44,7 @@
mbedtls_des_init( &ctx );
- mbedtls_des_setkey_dec( &ctx, key_str->x );
+ TEST_ASSERT( mbedtls_des_setkey_dec( &ctx, key_str->x ) == 0 );
TEST_ASSERT( mbedtls_des_crypt_ecb( &ctx, src_str->x, output ) == 0 );
TEST_ASSERT( mbedtls_test_hexcmp( output, dst->x, 8, dst->len ) == 0 );
@@ -65,7 +65,7 @@
mbedtls_des_init( &ctx );
- mbedtls_des_setkey_enc( &ctx, key_str->x );
+ TEST_ASSERT( mbedtls_des_setkey_enc( &ctx, key_str->x ) == 0 );
TEST_ASSERT( mbedtls_des_crypt_cbc( &ctx, MBEDTLS_DES_ENCRYPT, src_str->len, iv_str->x, src_str->x, output ) == cbc_result );
if( cbc_result == 0 )
{
@@ -91,7 +91,7 @@
mbedtls_des_init( &ctx );
- mbedtls_des_setkey_dec( &ctx, key_str->x );
+ TEST_ASSERT( mbedtls_des_setkey_dec( &ctx, key_str->x ) == 0 );
TEST_ASSERT( mbedtls_des_crypt_cbc( &ctx, MBEDTLS_DES_DECRYPT, src_str->len, iv_str->x, src_str->x, output ) == cbc_result );
if( cbc_result == 0 )
{
@@ -117,9 +117,9 @@
if( key_count == 2 )
- mbedtls_des3_set2key_enc( &ctx, key_str->x );
+ TEST_ASSERT( mbedtls_des3_set2key_enc( &ctx, key_str->x ) == 0 );
else if( key_count == 3 )
- mbedtls_des3_set3key_enc( &ctx, key_str->x );
+ TEST_ASSERT( mbedtls_des3_set3key_enc( &ctx, key_str->x ) == 0 );
else
TEST_ASSERT( 0 );
@@ -144,9 +144,9 @@
if( key_count == 2 )
- mbedtls_des3_set2key_dec( &ctx, key_str->x );
+ TEST_ASSERT( mbedtls_des3_set2key_dec( &ctx, key_str->x ) == 0 );
else if( key_count == 3 )
- mbedtls_des3_set3key_dec( &ctx, key_str->x );
+ TEST_ASSERT( mbedtls_des3_set3key_dec( &ctx, key_str->x ) == 0 );
else
TEST_ASSERT( 0 );
@@ -172,9 +172,9 @@
if( key_count == 2 )
- mbedtls_des3_set2key_enc( &ctx, key_str->x );
+ TEST_ASSERT( mbedtls_des3_set2key_enc( &ctx, key_str->x ) == 0 );
else if( key_count == 3 )
- mbedtls_des3_set3key_enc( &ctx, key_str->x );
+ TEST_ASSERT( mbedtls_des3_set3key_enc( &ctx, key_str->x ) == 0 );
else
TEST_ASSERT( 0 );
@@ -205,9 +205,9 @@
if( key_count == 2 )
- mbedtls_des3_set2key_dec( &ctx, key_str->x );
+ TEST_ASSERT( mbedtls_des3_set2key_dec( &ctx, key_str->x ) == 0 );
else if( key_count == 3 )
- mbedtls_des3_set3key_dec( &ctx, key_str->x );
+ TEST_ASSERT( mbedtls_des3_set3key_dec( &ctx, key_str->x ) == 0 );
else
TEST_ASSERT( 0 );