fixup! [Pal/lib] Remove redundant functionality from crypto

Signed-off-by: Dmitrii Kuvaiskii <dmitrii.kuvaiskii@intel.com>
gramineproject · May 11, 2021 · 48fbae1 · 48fbae1
1 parent 5dd8788
commit 48fbae1
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 18 deletions.
diff --git a/Pal/lib/Makefile b/Pal/lib/Makefile
@@ -19,7 +19,7 @@ CFLAGS += \
 
 CRYPTO_PROVIDER ?= mbedtls
 
-# Select which crypto adapater you want to use here. This has to match the #define in crypto.h.
+# Select which crypto adapter you want to use here. This has to match the #define in crypto.h.
 ifeq ($(CRYPTO_PROVIDER),mbedtls)
 crypto_mbedtls_library_objs = \
 	crypto/mbedtls/library/aes.o \

diff --git a/Pal/src/host/Linux-SGX/tools/common/attestation.c b/Pal/src/host/Linux-SGX/tools/common/attestation.c
@@ -158,8 +158,8 @@ int verify_ias_report_extract_quote(const uint8_t* ias_report, size_t ias_report
 
     ret = mbedtls_base64_decode(/*dest=*/NULL, /*dlen=*/0, &ias_sig_size, ias_sig_b64,
                                 ias_sig_b64_size);
-    if (ret != 0) {
-        ERROR("Failed to base64-decode IAS signature\n");
+    if (ret != MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL) {
+        ERROR("Failed to get size for base64 decoding of IAS signature\n");
         goto out;
     }
 
@@ -172,8 +172,8 @@ int verify_ias_report_extract_quote(const uint8_t* ias_report, size_t ias_report
 
     ret = mbedtls_base64_decode(ias_sig, ias_sig_size, &ias_sig_size, ias_sig_b64,
                                 ias_sig_b64_size);
-    if (ret != 0) {
-        ERROR("Failed to base64-decode IAS signature\n");
+    if (ret < 0) {
+        ERROR("Failed to base64 decode IAS signature\n");
         goto out;
     }
 
@@ -272,8 +272,8 @@ int verify_ias_report_extract_quote(const uint8_t* ias_report, size_t ias_report
     size_t quote_size = 0;
     ret = mbedtls_base64_decode(/*dest=*/NULL, /*dlen=*/0, &quote_size, (uint8_t*)node->valuestring,
                                 strlen(node->valuestring));
-    if (ret != 0) {
-        ERROR("IAS report: failed to decode report quote\n");
+    if (ret != MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL) {
+        ERROR("IAS report: failed to get size for base64 decoding of report quote\n");
         goto out;
     }
 
@@ -286,7 +286,7 @@ int verify_ias_report_extract_quote(const uint8_t* ias_report, size_t ias_report
 
     ret = mbedtls_base64_decode(report_quote, quote_size, &quote_size, (uint8_t*)node->valuestring,
                                 strlen(node->valuestring));
-    if (ret != 0) {
+    if (ret < 0) {
         ERROR("IAS report: failed to decode report quote\n");
         goto out;
     }

diff --git a/Pal/src/host/Linux-SGX/tools/common/ias.c b/Pal/src/host/Linux-SGX/tools/common/ias.c
@@ -337,8 +337,8 @@ int ias_get_sigrl(struct ias_context_t* context, uint8_t gid[4], size_t* sigrl_s
     if (ias_resp->data) {
         ret = mbedtls_base64_decode(/*dst=*/NULL, /*dlen=*/0, sigrl_size, (uint8_t*)ias_resp->data,
                                     strlen(ias_resp->data));
-        if (ret < 0) {
-            ERROR("Failed to base64 decode SigRL\n");
+        if (ret != MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL) {
+            ERROR("Failed to get size for base64 decoding of SigRL\n");
             goto out;
         }
 
@@ -350,15 +350,10 @@ int ias_get_sigrl(struct ias_context_t* context, uint8_t gid[4], size_t* sigrl_s
 
         ret = mbedtls_base64_decode(*sigrl, *sigrl_size, sigrl_size, (uint8_t*)ias_resp->data,
                                     strlen(ias_resp->data));
-        if (ret < 0) {
+        if (ret < 0 || !*sigrl_size) {
             ERROR("Failed to base64 decode SigRL\n");
             goto out;
         }
-
-        if (!*sigrl_size) {
-            ERROR("Failed to base64-decode SigRL\n");
-            goto out;
-        }
     }
     ret = 0;
 
@@ -391,8 +386,8 @@ static int ias_send_request(struct ias_context_t* context, struct ias_request_re
 
     /* get needed base64 buffer size */
     ret = mbedtls_base64_encode(/*dest=*/NULL, /*dlen=*/0, &quote_b64_size, quote, quote_size);
-    if (ret < 0) {
-        ERROR("Failed to base64 encode the quote\n");
+    if (ret != MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL) {
+        ERROR("Failed to get size for base64 encoding of the quote\n");
         goto out;
     }