LibCrypto: Correct RFC5246 un-padding behaviour

The decrypted data is legally allowed to have any amount of padding, so long as it is block-aligned, we should not assume that padding bytes fall inside the same block, or that an entire block cannot be padding. Fixes #2072
author: AnotherTest <ali.mpfard@gmail.com> 2020-05-03 07:14:57 +0430
committer: Andreas Kling <kling@serenityos.org> 2020-05-03 11:46:40 +0200
commit: 3b432eed9836601efa980f6fcf98d5bfbad085ad (patch)
tree: ccb8dc6a5db89ec0c6ec20f61d693869a62dcc69 /Libraries/LibCrypto/Cipher/Mode
parent: 637ecdb415e3d2f4e276e0f2d989f6bbed7a4177 (diff)
download: serenity-3b432eed9836601efa980f6fcf98d5bfbad085ad.zip
1 files changed, 1 insertions, 5 deletions
diff --git a/Libraries/LibCrypto/Cipher/Mode/Mode.h b/Libraries/LibCrypto/Cipher/Mode/Mode.h
index ee627a4e8b..cf54ea6d5f 100644
--- a/Libraries/LibCrypto/Cipher/Mode/Mode.h
+++ b/Libraries/LibCrypto/Cipher/Mode/Mode.h
@@ -79,11 +79,7 @@ protected:
         }
         case PaddingMode::RFC5246: {
             auto maybe_padding_length = data[size - 1];
-            if (maybe_padding_length >= T::block_size() - 1) {
-                // cannot be padding (the entire block cannot be padding)
-                return;
-            }
-            // FIXME: If we want to constant-time operations, this loop should not stop
+            // FIXME: If we want constant-time operations, this loop should not stop
             for (auto i = size - maybe_padding_length - 1; i < size; ++i) {
                 if (data[i] != maybe_padding_length) {
                     // note that this is likely invalid padding
author	AnotherTest <ali.mpfard@gmail.com>	2020-05-03 07:14:57 +0430
committer	Andreas Kling <kling@serenityos.org>	2020-05-03 11:46:40 +0200
commit	3b432eed9836601efa980f6fcf98d5bfbad085ad (patch)
tree	ccb8dc6a5db89ec0c6ec20f61d693869a62dcc69 /Libraries/LibCrypto/Cipher/Mode
parent	637ecdb415e3d2f4e276e0f2d989f6bbed7a4177 (diff)
download	serenity-3b432eed9836601efa980f6fcf98d5bfbad085ad.zip