mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-07-29 11:41:15 +03:00
Merge pull request #4845 from mstarzyk-mobica/ecb-alt-ret-2.2x
Backport 2.2x: Catch failures of mbedtls_aes_crypt_ecb and its DES equivalents
This commit is contained in:
Gilles Peskine
GitHub
@ -903,7 +903,7 @@ void mbedtls_aes_encrypt( mbedtls_aes_context *ctx,
|
||||
const unsigned char input[16],
|
||||
unsigned char output[16] )
|
||||
{
|
||||
mbedtls_internal_aes_encrypt( ctx, input, output );
|
||||
MBEDTLS_IGNORE_RETURN( mbedtls_internal_aes_encrypt( ctx, input, output ) );
|
||||
}
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
@ -976,7 +976,7 @@ void mbedtls_aes_decrypt( mbedtls_aes_context *ctx,
|
||||
const unsigned char input[16],
|
||||
unsigned char output[16] )
|
||||
{
|
||||
mbedtls_internal_aes_decrypt( ctx, input, output );
|
||||
MBEDTLS_IGNORE_RETURN( mbedtls_internal_aes_decrypt( ctx, input, output ) );
|
||||
}
|
||||
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
|
||||
|
||||
@ -1029,6 +1029,7 @@ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
|
||||
unsigned char *output )
|
||||
{
|
||||
int i;
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
unsigned char temp[16];
|
||||
|
||||
AES_VALIDATE_RET( ctx != NULL );
|
||||
@ -1058,7 +1059,9 @@ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
|
||||
while( length > 0 )
|
||||
{
|
||||
memcpy( temp, input, 16 );
|
||||
mbedtls_aes_crypt_ecb( ctx, mode, input, output );
|
||||
ret = mbedtls_aes_crypt_ecb( ctx, mode, input, output );
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
|
||||
for( i = 0; i < 16; i++ )
|
||||
output[i] = (unsigned char)( output[i] ^ iv[i] );
|
||||
@ -1077,7 +1080,9 @@ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
|
||||
for( i = 0; i < 16; i++ )
|
||||
output[i] = (unsigned char)( input[i] ^ iv[i] );
|
||||
|
||||
mbedtls_aes_crypt_ecb( ctx, mode, output, output );
|
||||
ret = mbedtls_aes_crypt_ecb( ctx, mode, output, output );
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
memcpy( iv, output, 16 );
|
||||
|
||||
input += 16;
|
||||
@ -1085,8 +1090,10 @@ int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
|
||||
length -= 16;
|
||||
}
|
||||
}
|
||||
ret = 0;
|
||||
|
||||
return( 0 );
|
||||
exit:
|
||||
return( ret );
|
||||
}
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CBC */
|
||||
|
||||
@ -1240,6 +1247,7 @@ int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
|
||||
unsigned char *output )
|
||||
{
|
||||
int c;
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
size_t n;
|
||||
|
||||
AES_VALIDATE_RET( ctx != NULL );
|
||||
@ -1260,7 +1268,11 @@ int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
|
||||
while( length-- )
|
||||
{
|
||||
if( n == 0 )
|
||||
mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
|
||||
{
|
||||
ret = mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
}
|
||||
|
||||
c = *input++;
|
||||
*output++ = (unsigned char)( c ^ iv[n] );
|
||||
@ -1274,7 +1286,11 @@ int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
|
||||
while( length-- )
|
||||
{
|
||||
if( n == 0 )
|
||||
mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
|
||||
{
|
||||
ret = mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
}
|
||||
|
||||
iv[n] = *output++ = (unsigned char)( iv[n] ^ *input++ );
|
||||
|
||||
@ -1283,8 +1299,10 @@ int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
|
||||
}
|
||||
|
||||
*iv_off = n;
|
||||
ret = 0;
|
||||
|
||||
return( 0 );
|
||||
exit:
|
||||
return( ret );
|
||||
}
|
||||
|
||||
/*
|
||||
@ -1297,6 +1315,7 @@ int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
|
||||
const unsigned char *input,
|
||||
unsigned char *output )
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
unsigned char c;
|
||||
unsigned char ov[17];
|
||||
|
||||
@ -1309,7 +1328,9 @@ int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
|
||||
while( length-- )
|
||||
{
|
||||
memcpy( ov, iv, 16 );
|
||||
mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
|
||||
ret = mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, iv, iv );
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
|
||||
if( mode == MBEDTLS_AES_DECRYPT )
|
||||
ov[16] = *input;
|
||||
@ -1321,8 +1342,10 @@ int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
|
||||
|
||||
memcpy( iv, ov + 1, 16 );
|
||||
}
|
||||
ret = 0;
|
||||
|
||||
return( 0 );
|
||||
exit:
|
||||
return( ret );
|
||||
}
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CFB */
|
||||
|
||||
@ -1384,6 +1407,7 @@ int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
|
||||
unsigned char *output )
|
||||
{
|
||||
int c, i;
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
size_t n;
|
||||
|
||||
AES_VALIDATE_RET( ctx != NULL );
|
||||
@ -1401,7 +1425,9 @@ int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
|
||||
while( length-- )
|
||||
{
|
||||
if( n == 0 ) {
|
||||
mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, nonce_counter, stream_block );
|
||||
ret = mbedtls_aes_crypt_ecb( ctx, MBEDTLS_AES_ENCRYPT, nonce_counter, stream_block );
|
||||
if( ret != 0 )
|
||||
goto exit;
|
||||
|
||||
for( i = 16; i > 0; i-- )
|
||||
if( ++nonce_counter[i - 1] != 0 )
|
||||
@ -1414,8 +1440,10 @@ int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
|
||||
}
|
||||
|
||||
*nc_off = n;
|
||||
ret = 0;
|
||||
|
||||
return( 0 );
|
||||
exit:
|
||||
return( ret );
|
||||
}
|
||||
#endif /* MBEDTLS_CIPHER_MODE_CTR */
|
||||
|
||||
|
||||
Reference in New Issue
Block a user