From 2adc2616124e7b12b85c0b121fdde71b756c7470 Mon Sep 17 00:00:00 2001
From: Karel Miko <karel.miko@gmail.com>
Date: Mon, 15 Oct 2018 11:22:20 +0200
Subject: [PATCH 1/2] wycheproof failing PKCS7 depadding test

---
 tests/padding_test.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/tests/padding_test.c b/tests/padding_test.c
index c2371c685..1b5d60c36 100644
--- a/tests/padding_test.c
+++ b/tests/padding_test.c
@@ -194,6 +194,18 @@ int padding_test(void)
       }
    }
 
+   /* wycheproof failing test - https://github.com/libtom/libtomcrypt/pull/454 */
+   {
+      unsigned char data[] = { 0x47,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 };
+      unsigned long len = sizeof(data);
+      int err;
+
+      err = padding_depad(data, &len, (LTC_PAD_PKCS7 | 16));
+      if (err == CRYPT_OK) {
+         fprintf(stderr, "XXX-FIXME padding_depad should fail (err=%d len=%lu)\n", err, len);
+         /* return CRYPT_FAIL_TESTVECTOR; */
+      }
+   }
 
    return CRYPT_OK;
 }

From dee704d06310d779dad1ddc53637dca44e635a66 Mon Sep 17 00:00:00 2001
From: Karel Miko <karel.miko@gmail.com>
Date: Fri, 26 Oct 2018 19:46:18 +0200
Subject: [PATCH 2/2] padding_depad + PKCS7 - reject invalid pad 0

---
 src/misc/padding/padding_depad.c | 2 +-
 tests/padding_test.c             | 5 +----
 2 files changed, 2 insertions(+), 5 deletions(-)

diff --git a/src/misc/padding/padding_depad.c b/src/misc/padding/padding_depad.c
index e02077fd4..33353f964 100644
--- a/src/misc/padding/padding_depad.c
+++ b/src/misc/padding/padding_depad.c
@@ -36,7 +36,7 @@ int padding_depad(const unsigned char *data, unsigned long *length, unsigned lon
    if (type < LTC_PAD_ONE_AND_ZERO) {
       pad = data[padded_length - 1];
 
-      if (pad > padded_length) return CRYPT_INVALID_ARG;
+      if (pad > padded_length || pad == 0) return CRYPT_INVALID_ARG;
 
       unpadded_length = padded_length - pad;
    } else {
diff --git a/tests/padding_test.c b/tests/padding_test.c
index 1b5d60c36..a860f14b2 100644
--- a/tests/padding_test.c
+++ b/tests/padding_test.c
@@ -201,10 +201,7 @@ int padding_test(void)
       int err;
 
       err = padding_depad(data, &len, (LTC_PAD_PKCS7 | 16));
-      if (err == CRYPT_OK) {
-         fprintf(stderr, "XXX-FIXME padding_depad should fail (err=%d len=%lu)\n", err, len);
-         /* return CRYPT_FAIL_TESTVECTOR; */
-      }
+      if (err == CRYPT_OK) return CRYPT_FAIL_TESTVECTOR; /* should fail */
    }
 
    return CRYPT_OK;