mirror of
https://github.com/yuzu-emu/mbedtls
synced 2024-11-24 13:38:24 +00:00
Add optional parameter validation to the AES module
This adds additional and optional parameter validation to the AES module that can be used by enabling the MBEDTLS_CHECK_PARAMS config.h option.
This commit is contained in:
parent
b4868034dd
commit
5201e414aa
2 changed files with 38 additions and 8 deletions
|
@ -67,6 +67,26 @@
|
||||||
/* MBEDTLS_ERR_AES_HW_ACCEL_FAILED is deprecated and should not be used. */
|
/* MBEDTLS_ERR_AES_HW_ACCEL_FAILED is deprecated and should not be used. */
|
||||||
#define MBEDTLS_ERR_AES_HW_ACCEL_FAILED -0x0025 /**< AES hardware accelerator failed. */
|
#define MBEDTLS_ERR_AES_HW_ACCEL_FAILED -0x0025 /**< AES hardware accelerator failed. */
|
||||||
|
|
||||||
|
#if defined( MBEDTLS_CHECK_PARAMS )
|
||||||
|
#define MBEDTLS_AES_VALIDATE_RET( cond ) do{ if( !(cond) ) { \
|
||||||
|
MBEDTLS_PARAM_FAILED( #cond, \
|
||||||
|
__FILE__, \
|
||||||
|
__LINE__ ); \
|
||||||
|
return MBEDTLS_ERR_AES_BAD_INPUT_DATA;} \
|
||||||
|
} while(0);
|
||||||
|
|
||||||
|
#define MBEDTLS_AES_VALIDATE( cond ) do{ if( !(cond) ) { \
|
||||||
|
MBEDTLS_PARAM_FAILED( #cond, \
|
||||||
|
__FILE__, \
|
||||||
|
__LINE__ ); \
|
||||||
|
return; } \
|
||||||
|
} while(0);
|
||||||
|
#else
|
||||||
|
/* No validation of parameters will be performed */
|
||||||
|
#define MBEDTLS_AES_VALIDATE_RET( cond )
|
||||||
|
#define MBEDTLS_AES_VALIDATE( cond)
|
||||||
|
#endif
|
||||||
|
|
||||||
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
|
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
|
||||||
!defined(inline) && !defined(__cplusplus)
|
!defined(inline) && !defined(__cplusplus)
|
||||||
#define inline __inline
|
#define inline __inline
|
||||||
|
|
|
@ -511,6 +511,8 @@ static void aes_gen_tables( void )
|
||||||
|
|
||||||
void mbedtls_aes_init( mbedtls_aes_context *ctx )
|
void mbedtls_aes_init( mbedtls_aes_context *ctx )
|
||||||
{
|
{
|
||||||
|
MBEDTLS_AES_VALIDATE( ctx != NULL );
|
||||||
|
|
||||||
memset( ctx, 0, sizeof( mbedtls_aes_context ) );
|
memset( ctx, 0, sizeof( mbedtls_aes_context ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -525,12 +527,16 @@ void mbedtls_aes_free( mbedtls_aes_context *ctx )
|
||||||
#if defined(MBEDTLS_CIPHER_MODE_XTS)
|
#if defined(MBEDTLS_CIPHER_MODE_XTS)
|
||||||
void mbedtls_aes_xts_init( mbedtls_aes_xts_context *ctx )
|
void mbedtls_aes_xts_init( mbedtls_aes_xts_context *ctx )
|
||||||
{
|
{
|
||||||
|
MBEDTLS_AES_VALIDATE( ctx != NULL );
|
||||||
|
|
||||||
mbedtls_aes_init( &ctx->crypt );
|
mbedtls_aes_init( &ctx->crypt );
|
||||||
mbedtls_aes_init( &ctx->tweak );
|
mbedtls_aes_init( &ctx->tweak );
|
||||||
}
|
}
|
||||||
|
|
||||||
void mbedtls_aes_xts_free( mbedtls_aes_xts_context *ctx )
|
void mbedtls_aes_xts_free( mbedtls_aes_xts_context *ctx )
|
||||||
{
|
{
|
||||||
|
MBEDTLS_AES_VALIDATE( ctx != NULL );
|
||||||
|
|
||||||
mbedtls_aes_free( &ctx->crypt );
|
mbedtls_aes_free( &ctx->crypt );
|
||||||
mbedtls_aes_free( &ctx->tweak );
|
mbedtls_aes_free( &ctx->tweak );
|
||||||
}
|
}
|
||||||
|
@ -546,14 +552,7 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
|
||||||
unsigned int i;
|
unsigned int i;
|
||||||
uint32_t *RK;
|
uint32_t *RK;
|
||||||
|
|
||||||
#if !defined(MBEDTLS_AES_ROM_TABLES)
|
MBEDTLS_AES_VALIDATE_RET( ctx != NULL && key != NULL );
|
||||||
if( aes_init_done == 0 )
|
|
||||||
{
|
|
||||||
aes_gen_tables();
|
|
||||||
aes_init_done = 1;
|
|
||||||
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
switch( keybits )
|
switch( keybits )
|
||||||
{
|
{
|
||||||
|
@ -563,6 +562,15 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
|
||||||
default : return( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH );
|
default : return( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if !defined(MBEDTLS_AES_ROM_TABLES)
|
||||||
|
if( aes_init_done == 0 )
|
||||||
|
{
|
||||||
|
aes_gen_tables();
|
||||||
|
aes_init_done = 1;
|
||||||
|
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_PADLOCK_ALIGN16)
|
#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_PADLOCK_ALIGN16)
|
||||||
if( aes_padlock_ace == -1 )
|
if( aes_padlock_ace == -1 )
|
||||||
aes_padlock_ace = mbedtls_padlock_has_support( MBEDTLS_PADLOCK_ACE );
|
aes_padlock_ace = mbedtls_padlock_has_support( MBEDTLS_PADLOCK_ACE );
|
||||||
|
@ -662,6 +670,8 @@ int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
|
||||||
uint32_t *RK;
|
uint32_t *RK;
|
||||||
uint32_t *SK;
|
uint32_t *SK;
|
||||||
|
|
||||||
|
MBEDTLS_AES_VALIDATE_RET( ctx != NULL && key != NULL );
|
||||||
|
|
||||||
mbedtls_aes_init( &cty );
|
mbedtls_aes_init( &cty );
|
||||||
|
|
||||||
#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_PADLOCK_ALIGN16)
|
#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_PADLOCK_ALIGN16)
|
||||||
|
|
Loading…
Reference in a new issue