fix: remove extra block assumptions in mbedtls integration

shaka-project / shaka-packager

A media packaging and development framework for VOD and Live DASH and HLS applications, supporting Common Encryption for Widevine and other DRM Systems.

https://shaka-project.github.io/shaka-packager/

Other

1.9k stars 496 forks source link

fix: remove extra block assumptions in mbedtls integration #1323

Closed cosmin closed 4 months ago

cosmin commented 6 months ago

The current mbedtls integration was not working for some modes. See for example #1316 and also lots of failing integration tests.

For example in pattern encryptor it works on one block at a time so it cannot assume it's going to always get a buffer with a padding for an extra block.

From what I can tell when the padding mode is correctly set to MBEDTLS_PADDING_NONE there is no extra block being written to or required.

This passes all crypto unit tests and integration tests.

Closes #1316

joeyparrish commented 4 months ago

I want to check this with valgrind to make sure we're not overflowing any buffers, but then I will merge it.

joeyparrish commented 4 months ago

I see no buffer overflows. I caught some of my mistakes in mbedtls padding with the old system through valgrind, so I just wanted to double-check.

I did find some uninitialized values being used in branch decisions, though, so I'll follow-up with a PR to fix those.