diff options
| author | Vadim Sukhomlinov <sukhomlinov@google.com> | 2021-09-29 15:02:49 -0700 |
|---|---|---|
| committer | Commit Bot <commit-bot@chromium.org> | 2021-10-05 19:08:53 +0000 |
| commit | 9cd80daff9f6d9df08311a790a79632ab647a162 (patch) | |
| tree | f454c7c3b3e8b47f0dd7327fc7be7e9f9dd2181d /chip | |
| parent | d64c8e2803a570aa3181fe67f2fb0f3241789de1 (diff) | |
| download | chrome-ec-9cd80daff9f6d9df08311a790a79632ab647a162.tar.gz | |
cr50: Update AES public APIsfactory-ambassador-14265.B-cr50_stab
To support FIPS mode we need to block access to crypto in case of
errors.
1) Added check for FIPS errors into DCRYPTO_aes_init()
2) Return codes updated to enum dcrypto_result
3) Call sites updated to check for return codes
BUG=b:197893750
TEST=make BOARD=cr50 CRYPTO_TEST=1; test/tpm_test/tpmtest.py
Signed-off-by: Vadim Sukhomlinov <sukhomlinov@google.com>
Change-Id: Id614cc346fe22537e9208196bf1322221a253b0c
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/ec/+/3194985
Reviewed-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Reviewed-by: Andrey Pronin <apronin@chromium.org>
Commit-Queue: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Tested-by: Vadim Sukhomlinov <sukhomlinov@chromium.org>
Diffstat (limited to 'chip')
| -rw-r--r-- | chip/host/dcrypto/aes.c | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/chip/host/dcrypto/aes.c b/chip/host/dcrypto/aes.c index cc57168cbb..4556b4b5dd 100644 --- a/chip/host/dcrypto/aes.c +++ b/chip/host/dcrypto/aes.c @@ -10,16 +10,17 @@ #include "dcrypto.h" #include "registers.h" -int DCRYPTO_aes_ctr(uint8_t *out, const uint8_t *key, uint32_t key_bits, - const uint8_t *iv, const uint8_t *in, size_t in_len) +enum dcrypto_result DCRYPTO_aes_ctr(uint8_t *out, const uint8_t *key, + uint32_t key_bits, const uint8_t *iv, + const uint8_t *in, size_t in_len) { EVP_CIPHER_CTX *ctx; - int ret = 0; + enum dcrypto_result ret = DCRYPTO_FAIL; int out_len = 0; ctx = EVP_CIPHER_CTX_new(); if (!ctx) - return 0; + return DCRYPTO_FAIL; if (EVP_EncryptInit_ex(ctx, EVP_aes_256_ctr(), NULL, key, iv) != 1) goto cleanup; @@ -29,7 +30,7 @@ int DCRYPTO_aes_ctr(uint8_t *out, const uint8_t *key, uint32_t key_bits, if (EVP_EncryptFinal(ctx, out + out_len, &out_len) != 1) goto cleanup; - ret = 1; + ret = DCRYPTO_OK; cleanup: EVP_CIPHER_CTX_free(ctx); |