[Openstack-security] [Bug 1326474] Re: crypto/utils.py may use too much padding

Jeff Feng jhfeng1 at gmail.com
Thu Jun 5 17:26:35 UTC 2014


AES block size is 16 bytes. I don't understand why the padding size 
would > 16.
cipher.block_size should equal to 16.

- Jeff

On 6/5/2014 12:06 PM, Robert Clark wrote:
> In the case of 128 bit AES would this not send twice as much padding as
> needed or is the schema such that padding is always to the nearest 256 ?
>
>> -----Original Message-----
>> From: bounces at canonical.com [mailto:bounces at canonical.com] On
>> Behalf Of Robert Clark
>> Sent: 04 June 2014 23:11
>> To: Clark, Robert Graham
>> Subject: [Bug 1326474] Re: crypto/utils.py may use too much padding
>>
>> Thanks for the clarification guys, this makes sense to me, fwiw I did
>> ask
>> about this in the oslo room first and the suggestion was that I log a
>> bug to
>> get it double checked.
>>
>> Cheers
>> -Rob
>>
>> ** Changed in: oslo
>>         Status: New => Invalid
>>
>> --
>> You received this bug notification because you are subscribed to the bug
>> report.
>> https://bugs.launchpad.net/bugs/1326474
>>
>> Title:
>>    crypto/utils.py may use too much padding
>>
>> Status in Oslo - a Library of Common OpenStack Code:
>>    Invalid
>>
>> Bug description:
>>    I've been reviewing some of the crypto code available in OpenStack and
>>    noticed something interesting in the padding of
>>    common/crypto/utils.py.
>>
>>
>>    If the message length is the same as the cipher block size an entire
>> extra
>> block of padding is sent along with the message, I'm not sure if this is
>> desired behaviour (if it is, this bug is invalid) but it certainly
>> doesn't seem
>> quite right.
>>
>>    If the message length is ever the same as the boundary size ( % 256)
>>    then an entirely extra block of padding will be applied:
>>
>>    ---code---
>>       r = len(msg) % self.cipher.block_size
>>            padlen = self.cipher.block_size - r - 1
>>            msg += b'\x00' * padlen
>>            msg += bchr(padlen)
>>    ---/code---
>>
>>    So if our msg length is 256,512,,, then 'r' will be 0
>>    padlen will be 256-0-1 or 255
>>    msg gets 255 * b'\x00' added and then the number 255 tagged on the
>> end.
>>
>> To manage notifications about this bug go to:
>> https://bugs.launchpad.net/oslo/+bug/1326474/+subscriptions





More information about the Openstack-security mailing list