Skip to content

ASN PemToDer: remove padding when AES_CBC encrypted #4911

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
dgarske merged 1 commit into from
Mar 2, 2022
Merged

ASN PemToDer: remove padding when AES_CBC encrypted #4911

dgarske merged 1 commit into from
Mar 2, 2022

Conversation

@SparkiDev
Copy link
Contributor

@SparkiDev SparkiDev commented Mar 2, 2022

Description

Encrypted PEM with a block cipher has padding.
Remove padding.

Fixes zd#13803

Testing

POC with customer data.

Checklist

  • added tests
  • updated/added doxygen
  • updated appropriate READMEs
  • Updated manual and documentation

@SparkiDev SparkiDev self-assigned this Mar 2, 2022
embhorn
embhorn approved these changes Mar 2, 2022
View reviewed changes
Copy link
Member

@embhorn embhorn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Excellent, thanks Sean. Fix is also confirmed by customer.

dgarske
dgarske requested changes Mar 2, 2022
View reviewed changes
wolfcrypt/src/asn.c
#if !defined(NO_AES) && defined(HAVE_AES_CBC) && \
defined(HAVE_AES_DECRYPT)
if (info->cipherType == WC_CIPHER_AES_CBC) {
if (der->length > AES_BLOCK_SIZE) {
Copy link
Contributor

@dgarske dgarske Mar 2, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What if der->length is a multiple of AES_BLOCK_SIZE? Will there still be padding? If not this logic isn't right. Perhaps the check should be if ((der->length % AES_BLOCK_SIZE) != 0) {?

Copy link
Contributor Author

@SparkiDev SparkiDev Mar 2, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The check is to see whether there is enough bytes for at least one block - a padded block. Must have a full block of padding if the plaintext is a multiple of the block size - otherwise you don't know whether there is padding there or not.
The decryption will fail if the encrypted data isn't a multiple of the block size.

wolfcrypt/src/asn.c
if (info->cipherType == WC_CIPHER_AES_CBC) {
if (der->length > AES_BLOCK_SIZE) {
padVal = der->buffer[der->length-1];
if (padVal <= AES_BLOCK_SIZE) {
Copy link
Contributor

@dgarske dgarske Mar 2, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Then use if (padVal <= der->length)?

Copy link
Contributor Author

@SparkiDev SparkiDev Mar 2, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The padding value cannot be more than the block size if using PKCS #5/#7 padding.

@SparkiDev SparkiDev assigned dgarske and unassigned SparkiDev Mar 2, 2022
@dgarske dgarske merged commit 5d0614c into wolfSSL:master Mar 2, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dgarske dgarske dgarske approved these changes

@embhorn embhorn embhorn approved these changes

Assignees

@dgarske dgarske

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@SparkiDev @dgarske @embhorn