Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-47733

SymmetricEncryptorWindows shouldn't pad when update is called

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 4.2.9, 4.4.1, 4.7.0, 4.0.21
    • Component/s: Security
    • Labels:
      None
    • Backwards Compatibility:
      Fully Compatible
    • Operating System:
      ALL
    • Backport Requested:
      v4.4, v4.2, v4.0
    • Sprint:
      Security 2020-05-04, Security 2020-05-18, Security 2020-06-01, Security 2020-06-15, Security 2020-06-29
    • Linked BF Score:
      16

      Description

      Currently, the Windows BCryptEncrypt function is called with padding enabled every time SymmetricEncryptorWindows::update is called. This means that if it adds padding and then is called again, there is padding stuck in the middle of the encrypted buffer that won't be removed upon decryption.

      Instead, SymmetricEncryptorWindows should maintain its own buffer equal to one block width, and only flush it to BCryptEncrypt when it is full, with no padding. SymmetricEncryptorWindows::finalize will also be refactored to make one last call to BCryptEncrypt, to encrypt whatever is left in the buffer, with padding enabled.

        Attachments

          Activity

            People

            Assignee:
            adam.cooper Adam Cooper
            Reporter:
            adam.cooper Adam Cooper
            Participants:
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: