[SERVER-55531] Reset plainBuffer before testing AES CBC decrypt with wrong key Created: 25/Mar/21  Updated: 29/Oct/23  Resolved: 26/Mar/21

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 5.0.0-rc0

Type: Bug Priority: Minor - P4
Reporter: Varun Ravichandran Assignee: Varun Ravichandran
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Backwards Compatibility: Fully Compatible
Operating System: ALL
Sprint: Security 2021-04-05
Participants:
Linked BF Score: 50

 Description   

Right now, the AES-CBC unit test in `symmetric_crypto_test.cpp` does two things. First, it encrypts a plaintext string using the AES-CBC algorithm and a randomly generated key and checks that it can successfully decrypt that with the same key. Then, it generates a new key and attempts to decrypt the same ciphertext with that incorrect key. It expects that the decryption should either return an error or generate in an incorrect ciphertext. However, both of these checks use the same buffer to load in the decrypted data, which isn't reset in between. This buffer should be reset in order to ensure that the correctly-decrypted data isn't wrongly detected while decrypting with the wrong key. 



 Comments   
Comment by Githook User [ 26/Mar/21 ]

Author:

{'name': 'Varun Ravichandran', 'email': 'varun.ravichandran@mongodb.com', 'username': 'varunravi98'}

Message: SERVER-55531: Reset plainBuffer before testing AES CBC decrypt with wrong key
Branch: master
https://github.com/10gen/mongo-enterprise-modules/commit/876567e0f10610a492a8c9672e41ca2874ce6dc3

Generated at Thu Feb 08 05:36:43 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.