Key derivation test now uses an indirect way to test generator validity
as the direct way previously used isn't compatible with the PSA IPC
implementation. Additional bad path test for the generator added
to check basic bad-path scenarios.
Correct a typo in an AES XTS implementation comment where the relevant
NIST standard was incorrectly referred to as NIST 80-38E instead of NIST
800-38E.
It is inaccurate to call a data unit a "sector". A disk sector is a
common use case for the data unit, but there exist other types of data
units that are not sectors.
snprintf was only added in Visual Studio 2015. This adds support
for building using Visual Studio versions prior to 2015.
This implementation of snprintf has been taken from platform.c
In /crypto/.gitignore, list files that are generated by a build done
under /crypto/. In the outer /.gitignore, list files under /crypto/
only if they are created by the export process.
This commit slightly refines both lists and adds some build products
to /crypto/.gitignore.
This commit changes the behavior of the record decryption routine
`ssl_decrypt_buf()` in the following situation:
1. A CBC ciphersuite with Encrypt-then-MAC is used.
2. A record with valid MAC but invalid CBC padding is received.
In this situation, the previous code would not raise and error but
instead forward the decrypted packet, including the wrong padding,
to the user.
This commit changes this behavior to return the error
MBEDTLS_ERR_SSL_INVALID_MAC instead.
While erroneous, the previous behavior does not constitute a
security flaw since it can only happen for properly authenticated
records, that is, if the peer makes a mistake while preparing the
padded plaintext.
Wipe the whole MAC intermediate buffer, not just the requested MAC
size. With truncated MAC algorithms, the requested MAC size may be
smaller than what is written to the intermediate buffer.
Add comments noting that the maximum length of a MAC must fit in
PSA_ALG_MAC_TRUNCATION_MASK. Add a unit test that verifies that the
maximum MAC size fits.
