From 3b432eed9836601efa980f6fcf98d5bfbad085ad Mon Sep 17 00:00:00 2001 From: AnotherTest Date: Sun, 3 May 2020 07:14:57 +0430 Subject: LibCrypto: Correct RFC5246 un-padding behaviour The decrypted data is legally allowed to have any amount of padding, so long as it is block-aligned, we should not assume that padding bytes fall inside the same block, or that an entire block cannot be padding. Fixes #2072 --- Libraries/LibCrypto/Cipher/Mode/Mode.h | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) (limited to 'Libraries/LibCrypto/Cipher/Mode') diff --git a/Libraries/LibCrypto/Cipher/Mode/Mode.h b/Libraries/LibCrypto/Cipher/Mode/Mode.h index ee627a4e8b..cf54ea6d5f 100644 --- a/Libraries/LibCrypto/Cipher/Mode/Mode.h +++ b/Libraries/LibCrypto/Cipher/Mode/Mode.h @@ -79,11 +79,7 @@ protected: } case PaddingMode::RFC5246: { auto maybe_padding_length = data[size - 1]; - if (maybe_padding_length >= T::block_size() - 1) { - // cannot be padding (the entire block cannot be padding) - return; - } - // FIXME: If we want to constant-time operations, this loop should not stop + // FIXME: If we want constant-time operations, this loop should not stop for (auto i = size - maybe_padding_length - 1; i < size; ++i) { if (data[i] != maybe_padding_length) { // note that this is likely invalid padding -- cgit v1.2.3