PKCS#11 CKM_AES_CBC_PAD decryption can fail

Review Request #2444 — Created Nov. 7, 2019 and submitted Nov. 8, 2019, 9:20 p.m.

Information
Owner:	jbk
Repository:	illumos-gate
Branch:
Bugs:	11825
Depends On:
Reviewers
Groups:	general
People:

Description

Invocation of C_Decrypt() on ciphertext encrypted with the CKM_AES_CBC_PAD mechanism can fail

Testing Done

crypto tests were updated to test for the scenarios that were encountered originally. Additional tests written to fix long standing CTR mode bugs (review soon to come) that cover a broader number of scenarios also confirm no issues after the fix.

Bugs:

+	11825

Ship it!

IPS changes look good, and I already reviewed the rest in-house for Joyent.

Change Summary:

cstyle fixes

Diff:

Revision 2 (+999 -194)

Show changes

	usr/src/common/crypto/modes/modes.h
	usr/src/lib/pkcs11/pkcs11_softtoken/common/softAESCrypt.c
	usr/src/pkg/manifests/system-test-cryptotest.mf
	usr/src/test/crypto-tests/tests/modes/aes/Makefile
	usr/src/test/crypto-tests/tests/modes/aes/cbc_pad/Makefile
	usr/src/test/crypto-tests/tests/modes/aes/cbc_pad/aes_cbc_pad.h
	usr/src/test/crypto-tests/tests/modes/aes/cbc_pad/aes_cbc_pad.c

Ship it!

```
Ship It!
```

Ship it!

```
Ship It!
```

You have a pending review.

Review Board 3.0.18

PKCS#11 CKM_AES_CBC_PAD decryption can fail

Bugs:

Change Summary:

Diff:

Status: Closed (submitted)