When doing MBEDTLS_CIPHER_AES_128_CBC decryption with a zeroed key, output is set to a random number #9083
Labels
component-crypto
Crypto primitives and low-level interfaces
enhancement
priority-medium
Medium priority - this can be reviewed as time permits
size-xs
Estimated task size: extra small (a few hours at most)
Summary
Even thought
mbedtls
returns an error if there's invalid padding, the output parameter was being set instead of leaving it with zero. This check exists inopenssl
, so this makes the behavior closer between both libraries.mbedtls
:mbedtls/library/cipher.c
Line 852 in 489688c
openssl
:System information
Mbed TLS version (number or commit id): 3.6
Operating system and version: Linux
Configuration (if not default, please attach
mbedtls_config.h
): defaultCompiler and options (if you used a pre-built binary, please indicate how you obtained it): default
Additional environment information: N/A
Expected behavior
In case of error, output should contain zero.
Actual behavior
In case of error, output may contain some random number like
18446744073709551516
.Steps to reproduce
Trying to decrypt AES 128 CBR with a zeroed key and
MBEDTLS_PADDING_PKCS7
padding enabled.Additional information
Please see the related PR: #9082 (development), #9132 (3.6 backport).
The text was updated successfully, but these errors were encountered: