-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix crypt_and_hash decrypt issue when used with stream cipher #7728
Fix crypt_and_hash decrypt issue when used with stream cipher #7728
Conversation
crypt_and_hash decryption fails when used with a stream cipher mode of operation due to the input not being multiple of block size, this only applies to block cipher modes and not stream ciphers.This change exempts CTR, CFB & OFB modes from this check. Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
programs/aes/crypt_and_hash.c
Outdated
@@ -406,6 +406,9 @@ int main(int argc, char *argv[]) | |||
* Check the file size. | |||
*/ | |||
if (mbedtls_cipher_info_get_mode(cipher_info) != MBEDTLS_MODE_GCM && | |||
mbedtls_cipher_info_get_mode(cipher_info) != MBEDTLS_MODE_CTR && | |||
mbedtls_cipher_info_get_mode(cipher_info) != MBEDTLS_MODE_CFB && | |||
mbedtls_cipher_info_get_mode(cipher_info) != MBEDTLS_MODE_OFB && |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It seems there's quite a bit of duplication here. And while it's not main library code, so quality bar is a bit lower, it still might be better to use a local variable for the mode. And while doing that, how about locals for the results of mbedtls_md_get_size()
and mbedtls_cipher_get_block_size()
?
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
This looks good. Just needs a ChangeLog entry and, as it's a bug fix for an example program, a backport (if the example program is in the LTS and has the same bug!) |
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, thanks!
While a couple of OpenCI jobs failed, the corresponding jobs succeeding on the Internal CI, so CI is green |
crypt_and_hash decryption fails when used with a stream cipher mode of operation due to the input not being multiple of block size, this only applies to block cipher modes and not stream ciphers.This change exempts CTR, CFB & OFB modes from this check.
Description
fixes #7417
crypt_and_hash decryption fails when used with a stream cipher mode of operation due to the input not being multiple of block size, this only applies to block cipher modes and not stream ciphers.This change exempts CTR, CFB & OFB modes from this check.
PR checklist
Please tick as appropriate and edit the reasons (e.g.: "backport: not needed because this is a new feature")