LibCrypto: Allow CMS padding to span an entire block

This is in line with what the spec states, the previous implementation excluded the case where the original message's length is a multiple of block_size, which would lead to a full block of padding.
Author: https://github.com/alimpfard Commit: https://github.com/SerenityOS/serenity/commit/ea692338c2 Pull-request: https://github.com/SerenityOS/serenity/pull/23728 Reviewed-by: https://github.com/nico ✅
2024-11-26 09:30:24 +00:00 · 2024-03-26 15:04:25 +01:00 · 2024-03-26 15:04:25 +01:00 · ea692338c2 · 2024-07-17 01:21:02 +09:00
commit ea692338c2
parent d74059580c
1 changed files with 5 additions and 2 deletions
--- a/Userland/Libraries/LibCrypto/Cipher/Mode/Mode.h
+++ b/Userland/Libraries/LibCrypto/Cipher/Mode/Mode.h
@ -48,9 +48,12 @@ protected:
        auto size = data.size();
        switch (m_cipher.padding_mode()) {
        case PaddingMode::CMS: {
+            // rfc5652 Cryptographic Message Syntax (CMS):
+            //     the input shall be padded at the trailing end with k-(lth mod k) octets
+            //     all having value k-(lth mod k), where lth is the length of the input.
            auto maybe_padding_length = data[size - 1];
-            if (maybe_padding_length >= T::block_size()) {
-                // cannot be padding (the entire block cannot be padding)
+            if (maybe_padding_length > T::block_size()) {
+                // Invalid padding length (too long)
                return;
            }
            for (auto i = size - maybe_padding_length; i < size; ++i) {