Bug 193153

Summary:	[WebCrypto] AES-CBC should perform padding check after decryptions
Product:	WebKit	Reporter:	Jiewen Tan <jiewen_tan>
Component:	WebCore Misc.	Assignee:	Nobody <webkit-unassigned>
Status:	RESOLVED INVALID
Severity:	Normal	CC:	jiewen_tan
Priority:	P2
Version:	WebKit Nightly Build
Hardware:	Unspecified
OS:	Unspecified

Jiewen Tan

Reported 2019-01-04 12:19:44 PST

AES-CBC should perform padding check after decryptions as suggested by Decrypt Step 3.-5. of https://www.w3.org/TR/WebCryptoAPI/#aes-cbc-operations.

Attachments
Add attachment proposed patch, testcase, etc.

Jiewen Tan

Comment 1 2019-01-04 12:53:32 PST

Wait, I am wrong about this bug. I believe CommonCrypto handles all those steps for us. If there is a padding issue, it should inform us. Otherwise, we treat the results as the plaintext without padding.

Note You need to log in before you can comment on or make changes to this bug.