New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
mbedtls_aes_alt: add setkey for decyption, validate input, fix data type and return type #2294
Conversation
Just merged it! |
a6dce0c
to
e9e6eb6
Compare
342e909
to
5571943
Compare
5571943
to
588fe29
Compare
(const uint8_t *)input, (uint8_t *)output, AES_BLOCK_LEN); | ||
int ret = crypto_encrypt_aes_ecb(ctx->crypto, ctx->key, ctx->keylen, | ||
(const uint8_t *)input, (uint8_t *)output, AES_BLOCK_LEN); | ||
if (ret == AES_BLOCK_LEN) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think return (ret == AES_BLOCK_LEN) ? 0 : -1;
would look a bit better in this case.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH; | ||
} | ||
|
||
int |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could this be static
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
I am under the impression that |
@@ -41,8 +42,8 @@ mbedtls_aes_free(mbedtls_aes_context *ctx) | |||
} | |||
|
|||
int |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
static
maybe?
588fe29
to
0152d3e
Compare
made a common function. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
The return (ret == AES_BLOCK_LEN ? 0 : -1);
looks a bit weird to me, because I am very used to return (ret == AES_BLOCK_LEN) ? 0 : -1;
, but given the low precedence of the ternary conditional it should be fine!
…x initialization and data types 1. add alt implementation mbedtls_aes_setkey_dec() to complete mbedtls dependency. 2. The mbedtls_cipher_update() in mbedtls invokes the ecb_func function (via function pointer) and expects 0 when encryption is successful. Returning the the length resutls in wrong interpretation of the result. Fix this. 3. The mbedtls_aes_context's keylen member should be unsigned int to be consistent with the datatype passed in, or else this results in overflow for AES_256_KEY_LEN (32). 4. Add checks to validate input. Signed-off-by: Naveen Kaje <naveen.kaje@juul.com>
0152d3e
to
ff27fda
Compare
done. |
Style check summaryNo suggestions at this time! |
Let #2175 merge and then merge the top change.