1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-27 13:27:35 +00:00

LibCrypto: Correct RFC5246 un-padding behaviour

The decrypted data is legally allowed to have any amount of padding, so
long as it is block-aligned, we should not assume that padding bytes
fall inside the same block, or that an entire block cannot be padding.

Fixes #2072
This commit is contained in:
AnotherTest 2020-05-03 07:14:57 +04:30 committed by Andreas Kling
parent 637ecdb415
commit 3b432eed98

View file

@ -79,11 +79,7 @@ protected:
}
case PaddingMode::RFC5246: {
auto maybe_padding_length = data[size - 1];
if (maybe_padding_length >= T::block_size() - 1) {
// cannot be padding (the entire block cannot be padding)
return;
}
// FIXME: If we want to constant-time operations, this loop should not stop
// FIXME: If we want constant-time operations, this loop should not stop
for (auto i = size - maybe_padding_length - 1; i < size; ++i) {
if (data[i] != maybe_padding_length) {
// note that this is likely invalid padding