[SERVER-47733] SymmetricEncryptorWindows shouldn't pad when update is called Created: 23/Apr/20 Updated: 29/Oct/23 Resolved: 25/Jun/20 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | None |
| Fix Version/s: | 4.2.9, 4.4.1, 4.7.0, 4.0.21 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Adam Cooper (Inactive) | Assignee: | Adam Cooper (Inactive) |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||
| Operating System: | ALL | ||||||||
| Backport Requested: |
v4.4, v4.2, v4.0
|
||||||||
| Sprint: | Security 2020-05-04, Security 2020-05-18, Security 2020-06-01, Security 2020-06-15, Security 2020-06-29 | ||||||||
| Participants: | |||||||||
| Linked BF Score: | 16 | ||||||||
| Description |
|
Currently, the Windows BCryptEncrypt function is called with padding enabled every time SymmetricEncryptorWindows::update is called. This means that if it adds padding and then is called again, there is padding stuck in the middle of the encrypted buffer that won't be removed upon decryption. Instead, SymmetricEncryptorWindows should maintain its own buffer equal to one block width, and only flush it to BCryptEncrypt when it is full, with no padding. SymmetricEncryptorWindows::finalize will also be refactored to make one last call to BCryptEncrypt, to encrypt whatever is left in the buffer, with padding enabled. |
| Comments |
| Comment by Githook User [ 03/Sep/20 ] |
|
Author: {'name': 'Mark Benvenuto', 'email': 'mark.benvenuto@mongodb.com', 'username': 'markbenvenuto'}Message: |
| Comment by Githook User [ 28/Aug/20 ] |
|
Author: {'name': 'Adam Cooper', 'email': 'adam.cooper@mongodb.com', 'username': 'super-cooper'}Message: (cherry picked from commit 2f6e5d0f94c06fde943ed6a25a9b7ecf6f774ce5) |
| Comment by Githook User [ 28/Aug/20 ] |
|
Author: {'name': 'Adam Cooper', 'email': 'adam.cooper@mongodb'}Message: (cherry picked from commit b11222096cdbe34a5c479613a2a1fd268663f721) |
| Comment by Githook User [ 24/Aug/20 ] |
|
Author: {'name': 'Adam Cooper', 'email': 'adam.cooper@mongodb.com', 'username': 'super-cooper'}Message: (cherry picked from commit 2f6e5d0f94c06fde943ed6a25a9b7ecf6f774ce5) |
| Comment by Githook User [ 24/Aug/20 ] |
|
Author: {'name': 'Adam Cooper', 'email': 'adam.cooper@mongodb'}Message: (cherry picked from commit b11222096cdbe34a5c479613a2a1fd268663f721) |
| Comment by Githook User [ 14/Jul/20 ] |
|
Author: {'name': 'Adam Cooper', 'email': 'adam.cooper@mongodb.com', 'username': 'super-cooper'}Message: (cherry picked from commit 2f6e5d0f94c06fde943ed6a25a9b7ecf6f774ce5) |
| Comment by Githook User [ 14/Jul/20 ] |
|
Author: {'name': 'Adam Cooper', 'email': 'adam.cooper@mongodb'}Message: (cherry picked from commit b11222096cdbe34a5c479613a2a1fd268663f721) |
| Comment by Githook User [ 25/Jun/20 ] |
|
Author: {'name': 'Adam Cooper', 'email': 'adam.cooper@mongodb.com', 'username': 'super-cooper'}Message: |
| Comment by Githook User [ 25/Jun/20 ] |
|
Author: {'name': 'Adam Cooper', 'email': 'adam.cooper@mongodb'}Message: |