More constant time, better

author: Alex Gaynor <alex.gaynor@gmail.com> 2013-11-08 09:17:48 -0800
committer: Alex Gaynor <alex.gaynor@gmail.com> 2013-11-08 09:17:48 -0800
commit: 6b3be7f0078bd69f39b6666f7ea84040b7274e68 (patch)
tree: 368bce16073c2395c252df0f42285a24e652c158
parent: ab8719a903266fda3203bcdfbad7bd510c97c217 (diff)
download: cryptography-6b3be7f0078bd69f39b6666f7ea84040b7274e68.tar.gz
cryptography-6b3be7f0078bd69f39b6666f7ea84040b7274e68.tar.bz2
cryptography-6b3be7f0078bd69f39b6666f7ea84040b7274e68.zip
2 files changed, 2 insertions, 6 deletions
diff --git a/cryptography/hazmat/primitives/padding.py b/cryptography/hazmat/primitives/padding.py
index 23a6c032..34bdfd89 100644
--- a/cryptography/hazmat/primitives/padding.py
+++ b/cryptography/hazmat/primitives/padding.py
@@ -126,15 +126,10 @@ class _PKCS7UnpaddingContext(object):
         if self._buffer is None:
             raise ValueError("Context was already finalized")
 
-        if not self._buffer:
-            raise ValueError("Invalid padding bytes")
-
         if len(self._buffer) != self.block_size // 8:
             raise ValueError("Invalid padding bytes")
 
         pad_size = six.indexbytes(self._buffer, -1)
-        if pad_size > self.block_size // 8:
-            raise ValueError("Invalid padding bytes")
 
         mismatch = 0
         for i in xrange(self.block_size // 8):
@@ -142,7 +137,7 @@ class _PKCS7UnpaddingContext(object):
             b = six.indexbytes(self._buffer, self.block_size // 8 - 1 - i)
             mismatch |= (mask & (pad_size ^ b))
 
-        if mismatch != 0:
+        if mismatch != 0 or not (0 < pad_size <= self.block_size // 8):
             raise ValueError("Invalid padding bytes")
 
         res = self._buffer[:-pad_size]
diff --git a/tests/hazmat/primitives/test_padding.py b/tests/hazmat/primitives/test_padding.py
index 91d58439..6a2b6243 100644
--- a/tests/hazmat/primitives/test_padding.py
+++ b/tests/hazmat/primitives/test_padding.py
@@ -30,6 +30,7 @@ class TestPKCS7(object):
         (128, b"111111111111111\x06"),
         (128, b""),
         (128, b"\x06" * 6),
+        (128, b"\x00" * 16),
     ])
     def test_invalid_padding(self, size, padded):
         unpadder = padding.PKCS7(size).unpadder()
author	Alex Gaynor <alex.gaynor@gmail.com>	2013-11-08 09:17:48 -0800
committer	Alex Gaynor <alex.gaynor@gmail.com>	2013-11-08 09:17:48 -0800
commit	6b3be7f0078bd69f39b6666f7ea84040b7274e68 (patch)
tree	368bce16073c2395c252df0f42285a24e652c158
parent	ab8719a903266fda3203bcdfbad7bd510c97c217 (diff)
download	cryptography-6b3be7f0078bd69f39b6666f7ea84040b7274e68.tar.gz cryptography-6b3be7f0078bd69f39b6666f7ea84040b7274e68.tar.bz2 cryptography-6b3be7f0078bd69f39b6666f7ea84040b7274e68.zip