aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlex Gaynor <alex.gaynor@gmail.com>2013-11-08 09:17:48 -0800
committerAlex Gaynor <alex.gaynor@gmail.com>2013-11-08 09:17:48 -0800
commit6b3be7f0078bd69f39b6666f7ea84040b7274e68 (patch)
tree368bce16073c2395c252df0f42285a24e652c158
parentab8719a903266fda3203bcdfbad7bd510c97c217 (diff)
downloadcryptography-6b3be7f0078bd69f39b6666f7ea84040b7274e68.tar.gz
cryptography-6b3be7f0078bd69f39b6666f7ea84040b7274e68.tar.bz2
cryptography-6b3be7f0078bd69f39b6666f7ea84040b7274e68.zip
More constant time, better
-rw-r--r--cryptography/hazmat/primitives/padding.py7
-rw-r--r--tests/hazmat/primitives/test_padding.py1
2 files changed, 2 insertions, 6 deletions
diff --git a/cryptography/hazmat/primitives/padding.py b/cryptography/hazmat/primitives/padding.py
index 23a6c032..34bdfd89 100644
--- a/cryptography/hazmat/primitives/padding.py
+++ b/cryptography/hazmat/primitives/padding.py
@@ -126,15 +126,10 @@ class _PKCS7UnpaddingContext(object):
if self._buffer is None:
raise ValueError("Context was already finalized")
- if not self._buffer:
- raise ValueError("Invalid padding bytes")
-
if len(self._buffer) != self.block_size // 8:
raise ValueError("Invalid padding bytes")
pad_size = six.indexbytes(self._buffer, -1)
- if pad_size > self.block_size // 8:
- raise ValueError("Invalid padding bytes")
mismatch = 0
for i in xrange(self.block_size // 8):
@@ -142,7 +137,7 @@ class _PKCS7UnpaddingContext(object):
b = six.indexbytes(self._buffer, self.block_size // 8 - 1 - i)
mismatch |= (mask & (pad_size ^ b))
- if mismatch != 0:
+ if mismatch != 0 or not (0 < pad_size <= self.block_size // 8):
raise ValueError("Invalid padding bytes")
res = self._buffer[:-pad_size]
diff --git a/tests/hazmat/primitives/test_padding.py b/tests/hazmat/primitives/test_padding.py
index 91d58439..6a2b6243 100644
--- a/tests/hazmat/primitives/test_padding.py
+++ b/tests/hazmat/primitives/test_padding.py
@@ -30,6 +30,7 @@ class TestPKCS7(object):
(128, b"111111111111111\x06"),
(128, b""),
(128, b"\x06" * 6),
+ (128, b"\x00" * 16),
])
def test_invalid_padding(self, size, padded):
unpadder = padding.PKCS7(size).unpadder()