commit 5d4c2a0fd04c3d6634e17846e3c9b005afc5549e
author Jaeden Amero <jaeden.amero@arm.com> Mon Jan 29 12:50:18 2018 +0000
committer Jaeden Amero <jaeden.amero@arm.com> Mon Jan 29 12:50:18 2018 +0000
tree 5dda41e9ebe01f2801c50fe3e951bae3b949b3f1
parent 34437442715a798e61dbfca742d19ba67f02d6c6
parent 0870c21fdd0a01bdbf1b9fef04e742cdbf322422

Merge remote-tracking branch 'upstream-public/pr/1289' into mbedtls-1.3

ChangeLog

diff --git a/ChangeLog b/ChangeLog
index 854e86c..af43a59 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -48,6 +48,9 @@
    * Fix issue in RSA key generation program programs/x509/rsa_genkey
      where the failure of CTR DRBG initialization lead to freeing an
      RSA context without proper initialization beforehand.
+   * Fix bug in cipher decryption with POLARSSL_PADDING_ONE_AND_ZEROS that
+     sometimes accepted invalid padding. (Not used in TLS.) Found and fixed
+     by Micha Kraus.
 
 Changes
    * Extend cert_write example program by options to set the CRT version

library/cipher.c

diff --git a/library/cipher.c b/library/cipher.c
index 7ea25cf..35c5184 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -500,14 +500,14 @@
     if( NULL == input || NULL == data_len )
         return( POLARSSL_ERR_CIPHER_BAD_INPUT_DATA );
 
-    bad = 0xFF;
+    bad = 0x80;
     *data_len = 0;
     for( i = input_len; i > 0; i-- )
     {
         prev_done = done;
-        done |= ( input[i-1] != 0 );
+        done |= ( input[i - 1] != 0 );
         *data_len |= ( i - 1 ) * ( done != prev_done );
-        bad &= ( input[i-1] ^ 0x80 ) | ( done == prev_done );
+        bad ^= input[i - 1] * ( done != prev_done );
     }
 
     return( POLARSSL_ERR_CIPHER_INVALID_PADDING * ( bad != 0 ) );

library/ssl_srv.c

diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 0f0369a..d141b05 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -1963,7 +1963,7 @@
     const ssl_ciphersuite_t *suite = NULL;
     const cipher_info_t *cipher = NULL;
 
-    if( ssl->session_negotiate->encrypt_then_mac == SSL_EXTENDED_MS_DISABLED ||
+    if( ssl->session_negotiate->encrypt_then_mac == SSL_ETM_DISABLED ||
         ssl->minor_ver == SSL_MINOR_VERSION_0 )
     {
         *olen = 0;

programs/test/benchmark.c

diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c
index 00abe52..d5eceef 100644
--- a/programs/test/benchmark.c
+++ b/programs/test/benchmark.c
@@ -135,15 +135,6 @@
                      ( hardclock() - tsc ) / ( jj * BUFSIZE ) );        \
 } while( 0 )
 
-#if defined(POLARSSL_ERROR_C)
-#define PRINT_ERROR                                                     \
-        polarssl_strerror( ret, ( char * )tmp, sizeof( tmp ) );         \
-        polarssl_printf( "FAILED: %s\n", tmp );
-#else
-#define PRINT_ERROR                                                     \
-        polarssl_printf( "FAILED: -0x%04x\n", -ret );
-#endif
-
 #if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C) && defined(POLARSSL_MEMORY_DEBUG)
 
 #define MEMORY_MEASURE_INIT                                             \

tests/CMakeLists.txt

diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index e0ac8b3..7793dd7 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -31,7 +31,7 @@
     include_directories(${CMAKE_CURRENT_SOURCE_DIR})
     add_executable(test_suite_${data_name} test_suite_${data_name}.c)
     target_link_libraries(test_suite_${data_name} ${libs})
-    add_test(${data_name}-suite test_suite_${data_name})
+    add_test(${data_name}-suite test_suite_${data_name} --verbose)
 endfunction(add_test_suite)
 
 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wno-unused-function")

tests/suites/test_suite_cipher.padding.data

diff --git a/tests/suites/test_suite_cipher.padding.data b/tests/suites/test_suite_cipher.padding.data
index 9b5f290..627c123 100644
--- a/tests/suites/test_suite_cipher.padding.data
+++ b/tests/suites/test_suite_cipher.padding.data
@@ -184,6 +184,10 @@
 depends_on:POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS
 check_padding:POLARSSL_PADDING_ONE_AND_ZEROS:"0000000000":POLARSSL_ERR_CIPHER_INVALID_PADDING:4
 
+Check one and zeros padding #8 (last byte 0x80 | x)
+depends_on:POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS
+check_padding:POLARSSL_PADDING_ONE_AND_ZEROS:"0000000082":POLARSSL_ERR_CIPHER_INVALID_PADDING:4
+
 Check zeros and len padding #1 (correct)
 depends_on:POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN
 check_padding:POLARSSL_PADDING_ZEROS_AND_LEN:"DABBAD0001":0:4