diff options
| author | Terry Chia <terrycwk1994@gmail.com> | 2016-11-15 09:56:02 +0800 |
|---|---|---|
| committer | Paul Kehrer <paul.l.kehrer@gmail.com> | 2016-11-15 09:56:02 +0800 |
| commit | e9b87d5de47008ddf6fcc6e07deb662cbe376c64 (patch) | |
| tree | 162719213c18edc62d9d95b36a8073cbcf986d97 /src/_cffi_src/hazmat_src | |
| parent | 9977786b56294292fb7da9eabc0f3b94d638e8a7 (diff) | |
| download | cryptography-e9b87d5de47008ddf6fcc6e07deb662cbe376c64.tar.gz cryptography-e9b87d5de47008ddf6fcc6e07deb662cbe376c64.tar.bz2 cryptography-e9b87d5de47008ddf6fcc6e07deb662cbe376c64.zip | |
Raise padding block_size limit to what is allowed by the specs. (#3108)
* Raize padding block_size limit to what is allowed by the specs.
* Add tests for raising padding limits.
* Amend C code for padding check to use uint16_t instead of uint8_t.
* Fix test to work in Python 3.
* Fix typo.
* Fix another typo.
* Fix return type of the padding checks.
* Change hypothesis test on padding.
* Update comment.
Diffstat (limited to 'src/_cffi_src/hazmat_src')
| -rw-r--r-- | src/_cffi_src/hazmat_src/padding.c | 30 |
1 files changed, 16 insertions, 14 deletions
diff --git a/src/_cffi_src/hazmat_src/padding.c b/src/_cffi_src/hazmat_src/padding.c index 1a0c869d..a6e05dee 100644 --- a/src/_cffi_src/hazmat_src/padding.c +++ b/src/_cffi_src/hazmat_src/padding.c @@ -4,25 +4,25 @@ /* Returns the value of the input with the most-significant-bit copied to all of the bits. */ -static uint8_t Cryptography_DUPLICATE_MSB_TO_ALL(uint8_t a) { - return (1 - (a >> (sizeof(uint8_t) * 8 - 1))) - 1; +static uint16_t Cryptography_DUPLICATE_MSB_TO_ALL(uint16_t a) { + return (1 - (a >> (sizeof(uint16_t) * 8 - 1))) - 1; } -/* This returns 0xFF if a < b else 0x00, but does so in a constant time +/* This returns 0xFFFF if a < b else 0x0000, but does so in a constant time fashion */ -static uint8_t Cryptography_constant_time_lt(uint8_t a, uint8_t b) { +static uint16_t Cryptography_constant_time_lt(uint16_t a, uint16_t b) { a -= b; return Cryptography_DUPLICATE_MSB_TO_ALL(a); } uint8_t Cryptography_check_pkcs7_padding(const uint8_t *data, - uint8_t block_len) { - uint8_t i; - uint8_t pad_size = data[block_len - 1]; - uint8_t mismatch = 0; + uint16_t block_len) { + uint16_t i; + uint16_t pad_size = data[block_len - 1]; + uint16_t mismatch = 0; for (i = 0; i < block_len; i++) { unsigned int mask = Cryptography_constant_time_lt(i, pad_size); - uint8_t b = data[block_len - 1 - i]; + uint16_t b = data[block_len - 1 - i]; mismatch |= (mask & (pad_size ^ b)); } @@ -31,6 +31,7 @@ uint8_t Cryptography_check_pkcs7_padding(const uint8_t *data, mismatch |= Cryptography_constant_time_lt(block_len, pad_size); /* Make sure any bits set are copied to the lowest bit */ + mismatch |= mismatch >> 8; mismatch |= mismatch >> 4; mismatch |= mismatch >> 2; mismatch |= mismatch >> 1; @@ -39,14 +40,14 @@ uint8_t Cryptography_check_pkcs7_padding(const uint8_t *data, } uint8_t Cryptography_check_ansix923_padding(const uint8_t *data, - uint8_t block_len) { - uint8_t i; - uint8_t pad_size = data[block_len - 1]; - uint8_t mismatch = 0; + uint16_t block_len) { + uint16_t i; + uint16_t pad_size = data[block_len - 1]; + uint16_t mismatch = 0; /* Skip the first one with the pad size */ for (i = 1; i < block_len; i++) { unsigned int mask = Cryptography_constant_time_lt(i, pad_size); - uint8_t b = data[block_len - 1 - i]; + uint16_t b = data[block_len - 1 - i]; mismatch |= (mask & b); } @@ -55,6 +56,7 @@ uint8_t Cryptography_check_ansix923_padding(const uint8_t *data, mismatch |= Cryptography_constant_time_lt(block_len, pad_size); /* Make sure any bits set are copied to the lowest bit */ + mismatch |= mismatch >> 8; mismatch |= mismatch >> 4; mismatch |= mismatch >> 2; mismatch |= mismatch >> 1; |