Fix crypt_and_hash decrypt issue when used with stream cipher #7728
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
crypt_and_hash decryption fails when used with a stream cipher mode of operation due to the input not being multiple of block size, this only applies to block cipher modes and not stream ciphers.This change exempts CTR, CFB & OFB modes from this check. Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
waleed-elmelegy-arm
added
needs-review
programs/aes/crypt_and_hash.c
Outdated
| @@ -406,6 +406,9 @@ int main(int argc, char *argv[]) | |||
| * Check the file size. | |||
| */ | |||
| if (mbedtls_cipher_info_get_mode(cipher_info) != MBEDTLS_MODE_GCM && | |||
| mbedtls_cipher_info_get_mode(cipher_info) != MBEDTLS_MODE_CTR && | |||
| mbedtls_cipher_info_get_mode(cipher_info) != MBEDTLS_MODE_CFB && | |||
| mbedtls_cipher_info_get_mode(cipher_info) != MBEDTLS_MODE_OFB && | |||
There was a problem hiding this comment.
It seems there's quite a bit of duplication here. And while it's not main library code, so quality bar is a bit lower, it still might be better to use a local variable for the mode. And while doing that, how about locals for the results of mbedtls_md_get_size() and mbedtls_cipher_get_block_size()?
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
|
This looks good. Just needs a ChangeLog entry and, as it's a bug fix for an example program, a backport (if the example program is in the LTS and has the same bug!) |
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
davidhorstmann-arm
approved these changes
Jun 23, 2023
tom-cosgrove-arm
added
approved
|
While a couple of OpenCI jobs failed, the corresponding jobs succeeding on the Internal CI, so CI is green |
davidhorstmann-arm
removed
the
needs-backports
gilles-peskine-arm
added
needs-backports
daverodgman
removed
the
needs-backports
3 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
crypt_and_hash decryption fails when used with a stream cipher mode of operation due to the input not being multiple of block size, this only applies to block cipher modes and not stream ciphers.This change exempts CTR, CFB & OFB modes from this check.
Description
fixes #7417
crypt_and_hash decryption fails when used with a stream cipher mode of operation due to the input not being multiple of block size, this only applies to block cipher modes and not stream ciphers.This change exempts CTR, CFB & OFB modes from this check.
PR checklist
Please tick as appropriate and edit the reasons (e.g.: "backport: not needed because this is a new feature")