From ea692338c2a595febe2ed4da4bf636ccfea2511b Mon Sep 17 00:00:00 2001 From: Ali Mohammad Pur Date: Tue, 26 Mar 2024 15:04:25 +0100 Subject: [PATCH] LibCrypto: Allow CMS padding to span an entire block This is in line with what the spec states, the previous implementation excluded the case where the original message's length is a multiple of block_size, which would lead to a full block of padding. --- Userland/Libraries/LibCrypto/Cipher/Mode/Mode.h | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/Userland/Libraries/LibCrypto/Cipher/Mode/Mode.h b/Userland/Libraries/LibCrypto/Cipher/Mode/Mode.h index c74a57fc1d0..8278942f6cf 100644 --- a/Userland/Libraries/LibCrypto/Cipher/Mode/Mode.h +++ b/Userland/Libraries/LibCrypto/Cipher/Mode/Mode.h @@ -48,9 +48,12 @@ protected: auto size = data.size(); switch (m_cipher.padding_mode()) { case PaddingMode::CMS: { + // rfc5652 Cryptographic Message Syntax (CMS): + // the input shall be padded at the trailing end with k-(lth mod k) octets + // all having value k-(lth mod k), where lth is the length of the input. auto maybe_padding_length = data[size - 1]; - if (maybe_padding_length >= T::block_size()) { - // cannot be padding (the entire block cannot be padding) + if (maybe_padding_length > T::block_size()) { + // Invalid padding length (too long) return; } for (auto i = size - maybe_padding_length; i < size; ++i) {