Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AES fixes #386

Merged
merged 2 commits into from
Jan 15, 2020
Merged

AES fixes #386

merged 2 commits into from
Jan 15, 2020

Conversation

t184256
Copy link
Collaborator

@t184256 t184256 commented Dec 18, 2019
edited by tomato42
Loading

Basically most of the #377, but for AES.

This change is Reviewable

tomato42
tomato42 previously approved these changes Dec 18, 2019
View reviewed changes
Copy link
Member

@tomato42 tomato42 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed 1 of 1 files at r1, 2 of 2 files at r2, 1 of 1 files at r3.
Reviewable status: :shipit: complete! all files reviewed, all discussions resolved

@tomato42
Copy link
Member

will need to be rebased on top of #387

@tomato42
Copy link
Member

tomato42 commented Jan 2, 2020

@t184256 ok #387 merged, the builds should be passing now

@t184256 t184256 force-pushed the aes-fixes branch 4 times, most recently from 4601cba to 44e7ed1 Compare January 13, 2020 15:28
@t184256
Copy link
Collaborator Author

t184256 commented Jan 14, 2020

Several pylint directive applications later, Travis is finally green now.

tomato42
tomato42 requested changes Jan 14, 2020
View reviewed changes
Copy link
Member

@tomato42 tomato42 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed 3 of 3 files at r4, 2 of 2 files at r5.
Reviewable status: all files reviewed, 3 unresolved discussions (waiting on @t184256)

tlslite/utils/openssl_aes.py, line 15 at r5 (raw file):

    class OpenSSL_AES(AES):
        # pylint disable=no-member

same here: why it's used, and it should be re-enabled

tlslite/utils/openssl_aes.py, line 17 at r5 (raw file):

        # pylint disable=no-member

        def __init__(self, key, mode, IV): # pylint: enable=invalid-name

why it's a line comment, not on a line of its own?

tlslite/utils/python_aes.py, line 19 at r4 (raw file):

class Python_AES(AES):
    def __init__(self, key, mode, IV):
        # pylint: disable=invalid-name
  1. comment explaining why ignoring it is fine
  2. after the offending variable was dealt with, it should be re-enabled

@tomato42 tomato42 added the maintenance issues related to project maintenance, CI, documentation, etc. label Jan 14, 2020
@t184256
Allow passing bytes to Python_AES
147f55a 
Python_AES makes a copy of plaintext and mutates it with item assignment.
Copying is currently done by slicing,
and this assumes a datatype that allows item assignment.
This commit replaces copying-by-slicing with copying by bytearray(...).
It also converts key and IV to bytearrays, so that passing an str works
on Python 2.
@t184256
Fix IV handling for AES, test consecutive calls
db757e2 
M2Crypto defaults to padding the ciphertext,
and the previous implementation danced around that awkwardly
by padding and unpadding ciphertext on decryption
and updating the IV manually.
`m2.cipher_set_padding(context, 0)`
allows to shoulder the IV handling back to where it belongs
and to get rid of unnecessary context reinitializations.
(Investigative work courtesy of @tomato42:
 tlsfuzzer#377 (review)).

This commit mirrors changes from tlsfuzzer#377, but for AES
and adds the same unit test as well.
t184256
t184256 commented Jan 15, 2020
View reviewed changes
Copy link
Collaborator Author

@t184256 t184256 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewable status: 0 of 3 files reviewed, 3 unresolved discussions (waiting on @tomato42)

tlslite/utils/openssl_aes.py, line 15 at r5 (raw file):

Previously, tomato42 (Hubert Kario) wrote…

same here: why it's used, and it should be re-enabled

added a comment, it has block scoping

tlslite/utils/openssl_aes.py, line 17 at r5 (raw file):

Previously, tomato42 (Hubert Kario) wrote…

why it's a line comment, not on a line of its own?

it was line-scoped, moved to block scoping to cover both argname and field. I think it's fine-grained enough with the block scope.

tlslite/utils/python_aes.py, line 19 at r4 (raw file):

Previously, tomato42 (Hubert Kario) wrote…
  1. comment explaining why ignoring it is fine
  2. after the offending variable was dealt with, it should be re-enabled

added a comment, it's block-scoped (and I don't think narrowing it further is worth the resulting pragma noise)

tomato42
tomato42 approved these changes Jan 15, 2020
View reviewed changes
Copy link
Member

@tomato42 tomato42 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed 3 of 3 files at r6, 2 of 2 files at r7.
Reviewable status: :shipit: complete! all files reviewed, all discussions resolved

@tomato42
Copy link
Member

looks good, thanks!

@tomato42 tomato42 merged commit 3aa55f4 into tlsfuzzer:master Jan 15, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tomato42 tomato42 tomato42 approved these changes

Assignees
No one assigned
Labels
maintenance issues related to project maintenance, CI, documentation, etc.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@t184256 @tomato42