diff options
| author | Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com> | 2022-02-03 09:54:34 +0100 |
|---|---|---|
| committer | Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com> | 2022-02-03 14:55:14 +0100 |
| commit | 6b2eedd25f14b246491c5cb86a41150ad157bb02 (patch) | |
| tree | aab96d802f3c8777824da9e141abff1cb3ead69b | |
| parent | d66387f8fa3937dff5037c589d19c9846ccf5627 (diff) | |
| download | mbedtls-6b2eedd25f14b246491c5cb86a41150ad157bb02.zip mbedtls-6b2eedd25f14b246491c5cb86a41150ad157bb02.tar.gz mbedtls-6b2eedd25f14b246491c5cb86a41150ad157bb02.tar.bz2 | |
ssl_msg.c: add debug code for psa failures
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
| -rw-r--r-- | library/ssl_msg.c | 85 |
1 files changed, 67 insertions, 18 deletions
diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 0e8ce65..a0a3e44 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -775,10 +775,8 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, ssl_transform_aead_dynamic_iv_is_explicit( transform ); #if defined(MBEDTLS_USE_PSA_CRYPTO) psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED; -#else - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; #endif /* MBEDTLS_USE_PSA_CRYPTO */ - + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; /* Check that there's space for the authentication tag. */ if( post_avail < transform->taglen ) @@ -840,7 +838,12 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, &rec->data_len ); if( status != PSA_SUCCESS ) - return( psa_ssl_status_to_mbedtls( status ) ); + { + ret = psa_ssl_status_to_mbedtls( status ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_encrypt_buf", ret ); + return( ret ); + + } #else if( ( ret = mbedtls_cipher_auth_encrypt_ext( &transform->cipher_ctx_enc, iv, transform->ivlen, @@ -954,26 +957,45 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, transform->psa_key_enc, transform->psa_alg ); if( status != PSA_SUCCESS ) - return( psa_ssl_status_to_mbedtls( status ) ); + { + ret = psa_ssl_status_to_mbedtls( status ); + MBEDTLS_SSL_DEBUG_RET( 1, "psa_aead_encrypt", ret ); + return( ret ); + } status = psa_cipher_set_iv( &cipher_op, transform->iv_enc, transform->ivlen ); if( status != PSA_SUCCESS ) - return( psa_ssl_status_to_mbedtls( status ) ); + { + ret = psa_ssl_status_to_mbedtls( status ); + MBEDTLS_SSL_DEBUG_RET( 1, "psa_aead_encrypt", ret ); + return( ret ); + + } status = psa_cipher_update( &cipher_op, data, rec->data_len, data, rec->data_len, &olen ); if( status != PSA_SUCCESS ) - return( psa_ssl_status_to_mbedtls( status ) ); + { + ret = psa_ssl_status_to_mbedtls( status ); + MBEDTLS_SSL_DEBUG_RET( 1, "psa_aead_encrypt", ret ); + return( ret ); + + } status = psa_cipher_finish( &cipher_op, data + olen, rec->data_len - olen, &part_len ); if( status != PSA_SUCCESS ) - return( psa_ssl_status_to_mbedtls( status ) ); + { + ret = psa_ssl_status_to_mbedtls( status ); + MBEDTLS_SSL_DEBUG_RET( 1, "psa_aead_encrypt", ret ); + return( ret ); + + } olen += part_len; #else @@ -1081,12 +1103,14 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, mbedtls_record *rec ) { size_t olen; -#if !defined(MBEDTLS_USE_PSA_CRYPTO) +#if defined(MBEDTLS_USE_PSA_CRYPTO) + int ret; + +#else mbedtls_cipher_mode_t mode; -#endif /* MBEDTLS_USE_PSA_CRYPTO */ -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) int ret; -#endif +#endif /* MBEDTLS_USE_PSA_CRYPTO */ + int auth_done = 0; #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC) size_t padlen = 0, correct = 1; @@ -1264,7 +1288,12 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, &olen ); if( status != PSA_SUCCESS ) - return( psa_ssl_status_to_mbedtls( status ) ); + { + ret = psa_ssl_status_to_mbedtls( status ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_decrypt_buf", ret ); + return( ret ); + + } #else if( ( ret = mbedtls_cipher_auth_decrypt_ext( &transform->cipher_ctx_dec, iv, transform->ivlen, @@ -1451,26 +1480,46 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context const *ssl, transform->psa_key_dec, transform->psa_alg ); if( status != PSA_SUCCESS ) - return( psa_ssl_status_to_mbedtls( status ) ); + { + ret = psa_ssl_status_to_mbedtls( status ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_decrypt_buf", ret ); + return( ret ); + + } status = psa_cipher_set_iv( &cipher_op, transform->iv_dec, transform->ivlen ); if( status != PSA_SUCCESS ) - return( psa_ssl_status_to_mbedtls( status ) ); + { + ret = psa_ssl_status_to_mbedtls( status ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_decrypt_buf", ret ); + return( ret ); + + } status = psa_cipher_update( &cipher_op, data, rec->data_len, data, rec->data_len, &olen ); if( status != PSA_SUCCESS ) - return( psa_ssl_status_to_mbedtls( status ) ); + { + ret = psa_ssl_status_to_mbedtls( status ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_decrypt_buf", ret ); + return( ret ); + + } status = psa_cipher_finish( &cipher_op, data + olen, rec->data_len - olen, &part_len ); if( status != PSA_SUCCESS ) - return( psa_ssl_status_to_mbedtls( status ) ); + { + ret = psa_ssl_status_to_mbedtls( status ); + MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_decrypt_buf", ret ); + return( ret ); + + } olen += part_len; #else @@ -5066,7 +5115,7 @@ int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl ) } else { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); + MBEDTLS_SSL_DEBUG_MSG( 1, ( "Unsupported psa_alg spotted in mbedtls_ssl_get_record_expansion()" ) ); return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } #else |