[botan-devel] Possible Bug in PKCS#7 padding

Jack Lloyd lloyd at randombit.net
Mon Apr 23 13:46:38 EDT 2012


It will overwrite the entire value passed in but what is termed a
'block' in those functions is actually the padding block, not the
ciphertext block. Check the CBC and ECB implementations to see how
these functions are called.

-Jack

On Mon, Apr 23, 2012 at 05:25:30PM +0000, Tarik Guelzim wrote:
> Hello,
> 
> I have a question regarding this code in "
> src/filters/modes/mode_pad/mode_pad.cpp"
> 
> The for loop looks like it shouldn't start from '0' otherwise the entire
> block is erased with the "pad_value" value.
> 
> 
> 00022 /*00023 * Pad with PKCS #7 Method00024 */00025
> <http://botan.randombit.net/doxygen/classBotan_1_1PKCS7__Padding.html#affba3107036108263906e0e704c02143>
> void PKCS7_Padding::pad
> <http://botan.randombit.net/doxygen/classBotan_1_1PKCS7__Padding.html#affba3107036108263906e0e704c02143>(byte
> <http://botan.randombit.net/doxygen/namespaceBotan.html#a7d793989d801281df48c6b19616b8b84>
> block[], size_t size, size_t position) const00026    {00027    const
> size_t bytes_remaining = size - position;00028    const byte
> <http://botan.randombit.net/doxygen/namespaceBotan.html#a7d793989d801281df48c6b19616b8b84>
> pad_value = static_cast<byte
> <http://botan.randombit.net/doxygen/namespaceBotan.html#a7d793989d801281df48c6b19616b8b84>>(bytes_remaining);00029
> 00030    BOTAN_ASSERT_EQUAL
> <http://botan.randombit.net/doxygen/assert_8h.html#a8bba1994be04468a4293aa1c6d4a2860>(pad_value,
> bytes_remaining,00031                       "Overflow in
> PKCS7_Padding");00032 00033    for(size_t j = 0; j != size; ++j)00034
>      block[j] = pad_value;00035    }
> 
> 
> ---
> 
> *Tarik Guelzim*
> http://tarikguelzim.wordpress.com
> http://www.linkedin.com/in/tarikguelzim
> https://twitter.com/#!/tarikguelzim

> _______________________________________________
> botan-devel mailing list
> botan-devel at randombit.net
> http://lists.randombit.net/mailman/listinfo/botan-devel




More information about the botan-devel mailing list