From f78adc5d9070bd2f6991d4385499c0addccc1472 Mon Sep 17 00:00:00 2001 From: Micha Kraus Date: Sat, 23 Dec 2017 23:40:08 +0100 Subject: [PATCH 1/2] fix bug in get_one_and_zeros_padding() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit add test case (“0000000082”) which fails with the old implementation. --- library/cipher.c | 6 +++--- tests/suites/test_suite_cipher.padding.data | 4 ++++ 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/library/cipher.c b/library/cipher.c index 7ea25cfc2..35c518496 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -500,14 +500,14 @@ static int get_one_and_zeros_padding( unsigned char *input, size_t input_len, if( NULL == input || NULL == data_len ) return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA ); - bad = 0xFF; + bad = 0x80; *data_len = 0; for( i = input_len; i > 0; i-- ) { prev_done = done; - done |= ( input[i-1] != 0 ); + done |= ( input[i - 1] != 0 ); *data_len |= ( i - 1 ) * ( done != prev_done ); - bad &= ( input[i-1] ^ 0x80 ) | ( done == prev_done ); + bad ^= input[i - 1] * ( done != prev_done ); } return( POLARSSL_ERR_CIPHER_INVALID_PADDING * ( bad != 0 ) ); diff --git a/tests/suites/test_suite_cipher.padding.data b/tests/suites/test_suite_cipher.padding.data index 9b5f290dd..627c12394 100644 --- a/tests/suites/test_suite_cipher.padding.data +++ b/tests/suites/test_suite_cipher.padding.data @@ -184,6 +184,10 @@ Check one and zeros padding #7 (overlong) depends_on:POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS check_padding:POLARSSL_PADDING_ONE_AND_ZEROS:"0000000000":POLARSSL_ERR_CIPHER_INVALID_PADDING:4 +Check one and zeros padding #8 (last byte 0x80 | x) +depends_on:POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS +check_padding:POLARSSL_PADDING_ONE_AND_ZEROS:"0000000082":POLARSSL_ERR_CIPHER_INVALID_PADDING:4 + Check zeros and len padding #1 (correct) depends_on:POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN check_padding:POLARSSL_PADDING_ZEROS_AND_LEN:"DABBAD0001":0:4 From 1446b8cbcbe6a47326410d9a17bc9292f2a2ad47 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 18 Jan 2018 00:04:08 +0100 Subject: [PATCH 2/2] Add ChangeLog entry --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index 854e86c85..af43a594c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -48,6 +48,9 @@ Bugfix * Fix issue in RSA key generation program programs/x509/rsa_genkey where the failure of CTR DRBG initialization lead to freeing an RSA context without proper initialization beforehand. + * Fix bug in cipher decryption with POLARSSL_PADDING_ONE_AND_ZEROS that + sometimes accepted invalid padding. (Not used in TLS.) Found and fixed + by Micha Kraus. Changes * Extend cert_write example program by options to set the CRT version