TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / a7d206fce64ed5489077ca2c07a8fe7d9c39888e^! / . / library / cipher.c
commita7d206fce64ed5489077ca2c07a8fe7d9c39888e[log] [tgz]
authorWaleed Elmelegy <waleed.elmelegy@arm.com>Thu Sep 07 17:54:46 2023 +0100
committerWaleed Elmelegy <waleed.elmelegy@arm.com>Tue Sep 12 13:39:36 2023 +0100
treeae544dbe59caa9a67098f72615a7dea8cabe5407
parent31d49cd57fb4edaa0af46ddb7a7ec94af84d4b0c [diff] [blame]
Check set_padding has been called in mbedtls_cipher_finish

Check set_padding has been called in mbedtls_cipher_finish
in modes that require padding.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>

diff --git a/library/cipher.c b/library/cipher.c
index de7f837..995d3d2 100644
--- a/library/cipher.c
+++ b/library/cipher.c

@@ -268,17 +268,6 @@
 
     ctx->cipher_info = cipher_info;
 
-#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
-    /*
-     * Ignore possible errors caused by a cipher mode that doesn't use padding
-     */
-#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
-    (void) mbedtls_cipher_set_padding_mode(ctx, MBEDTLS_PADDING_PKCS7);
-#else
-    (void) mbedtls_cipher_set_padding_mode(ctx, MBEDTLS_PADDING_NONE);
-#endif
-#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
-
     return 0;
 }
 
@@ -1027,6 +1016,16 @@
 
     *olen = 0;
 
+#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
+    /* CBC mode requires padding so we make sure a call to
+     * mbedtls_cipher_set_padding_mode has been done successfully. */
+    if (MBEDTLS_MODE_CBC == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode)) {
+        if (ctx->get_padding == NULL) {
+            return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
+        }
+    }
+#endif
+
     if (MBEDTLS_MODE_CFB == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode) ||
         MBEDTLS_MODE_OFB == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode) ||
         MBEDTLS_MODE_CTR == ((mbedtls_cipher_mode_t) ctx->cipher_info->mode) ||