Merge branch 'fix/esp_aes_return_values_v5.1' into 'release/v5.1'

fix(mbedtls): fix return values of esp-aes APIs (v5.1) See merge request espressif/esp-idf!24804
espressif · Jul 15, 2023 · b530d76 · b530d76
2 parents d84e6c3 + 34dccf8
commit b530d76
Show file tree

Hide file tree

Showing 3 changed files with 129 additions and 65 deletions.
diff --git a/components/mbedtls/port/aes/block/esp_aes.c b/components/mbedtls/port/aes/block/esp_aes.c
@@ -74,6 +74,10 @@ void esp_aes_release_hardware( void )
 /* Run a single 16 byte block of AES, using the hardware engine.
  *
  * Call only while holding esp_aes_acquire_hardware().
+ *
+ * The function esp_aes_block zeroises the output buffer in the case of following conditions:
+ * 1. If key is not written in the hardware
+ * 2. If the fault injection check failed
  */
 static int esp_aes_block(esp_aes_context *ctx, const void *input, void *output)
 {
@@ -87,7 +91,7 @@ static int esp_aes_block(esp_aes_context *ctx, const void *input, void *output)
        key write to hardware. Treat this as a fatal error and zero the output block.
     */
     if (ctx->key_in_hardware != ctx->key_bytes) {
-        bzero(output, 16);
+        mbedtls_platform_zeroize(output, 16);
         return MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH;
     }
     i0 = input_words[0];
@@ -149,7 +153,7 @@ int esp_internal_aes_encrypt(esp_aes_context *ctx,
                              const unsigned char input[16],
                              unsigned char output[16] )
 {
-    int r;
+    int r = -1;
 
     if (esp_aes_validate_input(ctx, input, output)) {
         return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
@@ -182,7 +186,7 @@ int esp_internal_aes_decrypt(esp_aes_context *ctx,
                              const unsigned char input[16],
                              unsigned char output[16] )
 {
-    int r;
+    int r = -1;
 
     if (esp_aes_validate_input(ctx, input, output)) {
         return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
@@ -208,7 +212,7 @@ int esp_aes_crypt_ecb(esp_aes_context *ctx,
                       const unsigned char input[16],
                       unsigned char output[16] )
 {
-    int r;
+    int r = -1;
 
     if (esp_aes_validate_input(ctx, input, output)) {
         return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
@@ -223,7 +227,6 @@ int esp_aes_crypt_ecb(esp_aes_context *ctx,
     ctx->key_in_hardware = aes_hal_setkey(ctx->key, ctx->key_bytes, mode);
     r = esp_aes_block(ctx, input, output);
     esp_aes_release_hardware();
-
     return r;
 }
 
@@ -238,6 +241,7 @@ int esp_aes_crypt_cbc(esp_aes_context *ctx,
                       const unsigned char *input,
                       unsigned char *output )
 {
+    int ret = -1;
     if (esp_aes_validate_input(ctx, input, output)) {
         return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
     }
@@ -268,7 +272,10 @@ int esp_aes_crypt_cbc(esp_aes_context *ctx,
     if ( mode == ESP_AES_DECRYPT ) {
         while ( length > 0 ) {
             memcpy(temp, input_words, 16);
-            esp_aes_block(ctx, input_words, output_words);
+            ret = esp_aes_block(ctx, input_words, output_words);
+            if (ret != 0) {
+                goto cleanup;
+            }
 
             output_words[0] = output_words[0] ^ iv_words[0];
             output_words[1] = output_words[1] ^ iv_words[1];
@@ -289,18 +296,23 @@ int esp_aes_crypt_cbc(esp_aes_context *ctx,
             output_words[2] = input_words[2] ^ iv_words[2];
             output_words[3] = input_words[3] ^ iv_words[3];
 
-            esp_aes_block(ctx, output_words, output_words);
+            ret = esp_aes_block(ctx, output_words, output_words);
+            if (ret != 0) {
+                goto cleanup;
+            }
+
             memcpy( iv_words, output_words, 16 );
 
             input_words  += 4;
             output_words += 4;
             length -= 16;
         }
     }
+    ret = 0;
 
+cleanup:
     esp_aes_release_hardware();
-
-    return 0;
+    return ret;
 }
 
 /*
@@ -314,6 +326,7 @@ int esp_aes_crypt_cfb128(esp_aes_context *ctx,
                          const unsigned char *input,
                          unsigned char *output )
 {
+    int ret = -1;
     if (esp_aes_validate_input(ctx, input, output)) {
         return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
     }
@@ -341,7 +354,10 @@ int esp_aes_crypt_cfb128(esp_aes_context *ctx,
     if ( mode == ESP_AES_DECRYPT ) {
         while ( length-- ) {
             if ( n == 0 ) {
-                esp_aes_block(ctx, iv, iv);
+                ret = esp_aes_block(ctx, iv, iv);
+                if (ret != 0) {
+                    goto cleanup;
+                }
             }
 
             c = *input++;
@@ -353,7 +369,10 @@ int esp_aes_crypt_cfb128(esp_aes_context *ctx,
     } else {
         while ( length-- ) {
             if ( n == 0 ) {
-                esp_aes_block(ctx, iv, iv);
+                ret = esp_aes_block(ctx, iv, iv);
+                if (ret != 0) {
+                    goto cleanup;
+                }
             }
 
             iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );
@@ -363,10 +382,11 @@ int esp_aes_crypt_cfb128(esp_aes_context *ctx,
     }
 
     *iv_off = n;
+    ret = 0;
 
+cleanup:
     esp_aes_release_hardware();
-
-    return 0;
+    return ret;
 }
 
 /*
@@ -379,6 +399,7 @@ int esp_aes_crypt_cfb8(esp_aes_context *ctx,
                        const unsigned char *input,
                        unsigned char *output )
 {
+    int ret = -1;
     unsigned char c;
     unsigned char ov[17];
 
@@ -402,7 +423,10 @@ int esp_aes_crypt_cfb8(esp_aes_context *ctx,
 
     while ( length-- ) {
         memcpy( ov, iv, 16 );
-        esp_aes_block(ctx, iv, iv);
+        ret = esp_aes_block(ctx, iv, iv);
+        if (ret != 0) {
+            goto cleanup;
+        }
 
         if ( mode == ESP_AES_DECRYPT ) {
             ov[16] = *input;
@@ -416,10 +440,11 @@ int esp_aes_crypt_cfb8(esp_aes_context *ctx,
 
         memcpy( iv, ov + 1, 16 );
     }
+    ret = 0;
 
+cleanup:
     esp_aes_release_hardware();
-
-    return 0;
+    return ret;
 }
 
 /*
@@ -433,7 +458,7 @@ int esp_aes_crypt_ctr(esp_aes_context *ctx,
                       const unsigned char *input,
                       unsigned char *output )
 {
-    int c, i;
+    int c, i, ret = -1;
 
     if (esp_aes_validate_input(ctx, input, output)) {
         return MBEDTLS_ERR_AES_BAD_INPUT_DATA;
@@ -466,7 +491,10 @@ int esp_aes_crypt_ctr(esp_aes_context *ctx,
 
     while ( length-- ) {
         if ( n == 0 ) {
-            esp_aes_block(ctx, nonce_counter, stream_block);
+            ret = esp_aes_block(ctx, nonce_counter, stream_block);
+            if (ret != 0) {
+                goto cleanup;
+            }
 
             for ( i = 16; i > 0; i-- ) {
                 if ( ++nonce_counter[i - 1] != 0 ) {
@@ -481,10 +509,11 @@ int esp_aes_crypt_ctr(esp_aes_context *ctx,
     }
 
     *nc_off = n;
+    ret = 0;
 
+cleanup:
     esp_aes_release_hardware();
-
-    return 0;
+    return ret;
 }
 
 /*
@@ -497,7 +526,7 @@ int esp_aes_crypt_ofb(esp_aes_context *ctx,
                       const unsigned char *input,
                       unsigned char *output )
 {
-    int ret = 0;
+    int ret = -1;
     size_t n;
 
     if (esp_aes_validate_input(ctx, input, output)) {
@@ -531,15 +560,20 @@ int esp_aes_crypt_ofb(esp_aes_context *ctx,
 
     while (length--) {
         if ( n == 0 ) {
-            esp_aes_block(ctx, iv, iv);
+            ret = esp_aes_block(ctx, iv, iv);
+            if (ret != 0) {
+                goto cleanup;
+            }
         }
         *output++ =  *input++ ^ iv[n];
 
         n = ( n + 1 ) & 0x0F;
     }
 
     *iv_off = n;
+    ret = 0;
 
+cleanup:
     esp_aes_release_hardware();
 
     return ( ret );