[SERVER-55531] Reset plainBuffer before testing AES CBC decrypt with wrong key Created: 25/Mar/21 Updated: 29/Oct/23 Resolved: 26/Mar/21 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 5.0.0-rc0 |
| Type: | Bug | Priority: | Minor - P4 |
| Reporter: | Varun Ravichandran | Assignee: | Varun Ravichandran |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||
| Backwards Compatibility: | Fully Compatible | ||||
| Operating System: | ALL | ||||
| Sprint: | Security 2021-04-05 | ||||
| Participants: | |||||
| Linked BF Score: | 50 | ||||
| Description |
|
Right now, the AES-CBC unit test in `symmetric_crypto_test.cpp` does two things. First, it encrypts a plaintext string using the AES-CBC algorithm and a randomly generated key and checks that it can successfully decrypt that with the same key. Then, it generates a new key and attempts to decrypt the same ciphertext with that incorrect key. It expects that the decryption should either return an error or generate in an incorrect ciphertext. However, both of these checks use the same buffer to load in the decrypted data, which isn't reset in between. This buffer should be reset in order to ensure that the correctly-decrypted data isn't wrongly detected while decrypting with the wrong key. |
| Comments |
| Comment by Githook User [ 26/Mar/21 ] |
|
Author: {'name': 'Varun Ravichandran', 'email': 'varun.ravichandran@mongodb.com', 'username': 'varunravi98'}Message: |