mbedtls: fix possible false success in mbedtls_cipher_check_tag() #6381
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
We should report a error when the security check of the security tag was not made. In the other case false success is possible and is not observable by the software. Technically this could lead to a security flaw. Signed-off-by: Denis V. Lunev <dlunev@gmail.com>
…icated alg Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
| * MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, but at the time I write this our | ||
| * unit tests assume 0. */ | ||
| ret = 0; | ||
| /* Status to return on a non-authenticated algorithm. */ |
There was a problem hiding this comment.
While the removed text suggests using MBEDTLS_ERR_CIPHER_INVALID_CONTEXT or MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, the original PR uses MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE as recommended by Gilles in a comment
4 tasks
tom-cosgrove-arm
added
needs-review
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
tom-cosgrove-arm
force-pushed
the
pr2164
branch
from
1f7838b
to
51a0163
Compare
gilles-peskine-arm
removed
needs-review
|
FYI CI is failing |
daverodgman
added
the
priority-medium
…bedtls_cipher_mode_t Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
tom-cosgrove-arm
added
needs-review
daverodgman
reviewed
Nov 7, 2022
Comment on lines
2
to
4
| * Calling AEAD tag-specific functions for non-AEAD algorithms (which should not | ||
| be done - they are documented for use only by AES-GCM and ChaCha20+Poly1305) | ||
| now returns MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE instead of success (0). |
There was a problem hiding this comment.
Suggested change
| * Calling AEAD tag-specific functions for non-AEAD algorithms (which should not | |
| be done - they are documented for use only by AES-GCM and ChaCha20+Poly1305) | |
| now returns MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE instead of success (0). | |
| * Calling AEAD tag-specific functions for non-AEAD algorithms (which should | |
| not be done - they are documented for use only by AES-GCM and | |
| ChaCha20+Poly1305) now returns MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE | |
| instead of success (0). |
Fix line length
There was a problem hiding this comment.
I did wonder about this, but the slightly longer line length makes the right margin much less ragged (I'm sure TeX would approve!)
There was a problem hiding this comment.
Changes
* Calling AEAD tag-specific functions for non-AEAD algorithms (which should n
ot
be done - they are documented for use only by AES-GCM and ChaCha20+Poly1305
)
now returns MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE instead of success (0).
The margin may not be ragged, but having not split like this is not easy to read. Please privilege readability over aesthetics.
There was a problem hiding this comment.
which to my eye the first is definitely superior
The first is impossible on my system. What's currently in the file looks like what I posted above.
daverodgman
previously approved these changes
Nov 7, 2022
AndrzejKurek
previously approved these changes
Nov 16, 2022
|
There's still one issue to fix with the changelog. |
|
Does the ChangeLog absolutely need a maximum of 80 chars per line? Im my view it's much neater with the only very slightly longer lines, and we already have lines > 80 chars in that file. |
|
More than 80 characters per line won't break any automated system, but it's not neat. |
AndrzejKurek
added
needs-work
and removed
needs-review
|
here, this is the difference between and which to my eye the first is definitely superior |
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
tom-cosgrove-arm
dismissed stale reviews from AndrzejKurek and daverodgman
via
0f0b548
tom-cosgrove-arm
added
needs-review
|
CI previously passed; only a ChangeLog entry change; only OpenCI is failing with so "something weird happened" on OpenCI - same job on internal CI passes |
AndrzejKurek
approved these changes
Nov 18, 2022
daverodgman
approved these changes
Nov 24, 2022
tom-cosgrove-arm
added
approved
|
Internal CI has passed - failures are OpenCI |
tom-cosgrove-arm
added
historical-reviewing
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Originally this was PR #2164 - creating a new PR as that was based off user's
developmentbranchI've taken the commit in the original PR, fixed the conflict, and updated the tests to reflect the new return values in the "you shouldn't call these functions in this mode" cases.
This is not a bug fix - calling AEAD-specific functions on non-AEAD algorithms is misuse of the library - rather, this is a change of library behaviour to help badly-written calling code fail safe. Both the previous behaviour and this new behaviour comply with the documentation of these functions. Accordingly I don't think it needs a backport.
Original description:
We should report a error when the security check of the security
tag was not made. In the other case false success is possible and
is not observable by the software.
Technically this could lead to a security flaw.
Signed-off-by: Denis V. Lunev den@openvz.org
Gatekeeper checklist