Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-47733

SymmetricEncryptorWindows shouldn't pad when update is called

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 4.2.9, 4.4.1, 4.7.0, 4.0.21
    • Affects Version/s: None
    • Component/s: Security
    • Labels:
    • Fully Compatible
    • ALL
    • v4.4, v4.2, v4.0
    • Security 2020-05-04, Security 2020-05-18, Security 2020-06-01, Security 2020-06-15, Security 2020-06-29
    • 16

      Currently, the Windows BCryptEncrypt function is called with padding enabled every time SymmetricEncryptorWindows::update is called. This means that if it adds padding and then is called again, there is padding stuck in the middle of the encrypted buffer that won't be removed upon decryption.

      Instead, SymmetricEncryptorWindows should maintain its own buffer equal to one block width, and only flush it to BCryptEncrypt when it is full, with no padding. SymmetricEncryptorWindows::finalize will also be refactored to make one last call to BCryptEncrypt, to encrypt whatever is left in the buffer, with padding enabled.

            adam.cooper@mongodb.com Adam Cooper (Inactive)
            adam.cooper@mongodb.com Adam Cooper (Inactive)
            0 Vote for this issue
            1 Start watching this issue