From 552f0cf8c5eab159c1ae9b03d7038ce17e797a98 Mon Sep 17 00:00:00 2001
From: bubbva <none@none>
Date: Sun, 3 Aug 2008 21:51:49 -0700
Subject: 6545046 pkcs11_softtoken doesn't properly strip pkcs7 padding
 Contributed by Derek Morr <derekmorr@psu.edu>

---
 usr/src/lib/pkcs11/pkcs11_softtoken/common/softDecryptUtil.c | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'usr/src/lib/pkcs11/pkcs11_softtoken/common')

diff --git a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDecryptUtil.c b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDecryptUtil.c
index 63bc9e10ed..7b912c68ce 100644
--- a/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDecryptUtil.c
+++ b/usr/src/lib/pkcs11/pkcs11_softtoken/common/softDecryptUtil.c
@@ -48,6 +48,7 @@ soft_remove_pkcs7_padding(CK_BYTE *pData, CK_ULONG padded_len,
 {
 
 	CK_BYTE  pad_value;
+	ulong_t i;
 
 	pad_value = pData[padded_len - 1];
 
@@ -56,6 +57,10 @@ soft_remove_pkcs7_padding(CK_BYTE *pData, CK_ULONG padded_len,
 	if ((pad_value == 0) || (pad_value > block_size))
 		return (CKR_ENCRYPTED_DATA_INVALID);
 
+	for (i = padded_len - pad_value; i < padded_len; i++)
+		if (pad_value != pData[i])
+			return (CKR_ENCRYPTED_DATA_INVALID);
+
 	*pulDataLen = padded_len - pad_value;
 	return (CKR_OK);
 }
-- 
cgit v1.2.3