mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-26 20:05:38 +01:00
Merge branch 'mbedtls-1.3' into mbedtls-1.3-restricted
This commit is contained in:
commit
492d13dbcf
@ -81,6 +81,9 @@ Bugfix
|
|||||||
* Fix issue in RSA key generation program programs/x509/rsa_genkey
|
* Fix issue in RSA key generation program programs/x509/rsa_genkey
|
||||||
where the failure of CTR DRBG initialization lead to freeing an
|
where the failure of CTR DRBG initialization lead to freeing an
|
||||||
RSA context without proper initialization beforehand.
|
RSA context without proper initialization beforehand.
|
||||||
|
* Fix bug in cipher decryption with POLARSSL_PADDING_ONE_AND_ZEROS that
|
||||||
|
sometimes accepted invalid padding. (Not used in TLS.) Found and fixed
|
||||||
|
by Micha Kraus.
|
||||||
|
|
||||||
Changes
|
Changes
|
||||||
* Extend cert_write example program by options to set the CRT version
|
* Extend cert_write example program by options to set the CRT version
|
||||||
|
@ -500,14 +500,14 @@ static int get_one_and_zeros_padding( unsigned char *input, size_t input_len,
|
|||||||
if( NULL == input || NULL == data_len )
|
if( NULL == input || NULL == data_len )
|
||||||
return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
|
return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
|
||||||
|
|
||||||
bad = 0xFF;
|
bad = 0x80;
|
||||||
*data_len = 0;
|
*data_len = 0;
|
||||||
for( i = input_len; i > 0; i-- )
|
for( i = input_len; i > 0; i-- )
|
||||||
{
|
{
|
||||||
prev_done = done;
|
prev_done = done;
|
||||||
done |= ( input[i - 1] != 0 );
|
done |= ( input[i - 1] != 0 );
|
||||||
*data_len |= ( i - 1 ) * ( done != prev_done );
|
*data_len |= ( i - 1 ) * ( done != prev_done );
|
||||||
bad &= ( input[i-1] ^ 0x80 ) | ( done == prev_done );
|
bad ^= input[i - 1] * ( done != prev_done );
|
||||||
}
|
}
|
||||||
|
|
||||||
return( POLARSSL_ERR_CIPHER_INVALID_PADDING * ( bad != 0 ) );
|
return( POLARSSL_ERR_CIPHER_INVALID_PADDING * ( bad != 0 ) );
|
||||||
|
@ -184,6 +184,10 @@ Check one and zeros padding #7 (overlong)
|
|||||||
depends_on:POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS
|
depends_on:POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS
|
||||||
check_padding:POLARSSL_PADDING_ONE_AND_ZEROS:"0000000000":POLARSSL_ERR_CIPHER_INVALID_PADDING:4
|
check_padding:POLARSSL_PADDING_ONE_AND_ZEROS:"0000000000":POLARSSL_ERR_CIPHER_INVALID_PADDING:4
|
||||||
|
|
||||||
|
Check one and zeros padding #8 (last byte 0x80 | x)
|
||||||
|
depends_on:POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS
|
||||||
|
check_padding:POLARSSL_PADDING_ONE_AND_ZEROS:"0000000082":POLARSSL_ERR_CIPHER_INVALID_PADDING:4
|
||||||
|
|
||||||
Check zeros and len padding #1 (correct)
|
Check zeros and len padding #1 (correct)
|
||||||
depends_on:POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN
|
depends_on:POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN
|
||||||
check_padding:POLARSSL_PADDING_ZEROS_AND_LEN:"DABBAD0001":0:4
|
check_padding:POLARSSL_PADDING_ZEROS_AND_LEN:"DABBAD0001":0:4
|
||||||
|
Loading…
Reference in New Issue
Block a user