Padding

[randomlogin]

Hi! I'm not very proficient with js and didn't investigate this document too much, but it seems to me you have wrong usage of padding ('ece.js', line 145):

var padding = new Buffer(pad + 1);

here you initialize padding with some random bytes allocated for it, however in the specification it should be a length byte, then zero bytes.

A receiver MUST fail to decrypt if any padding octet other than the first is
non-zero, or a record has more padding than the record size can
accommodate.

So, it seems this implementation is contradicting with this document.

By the way, function encryptRecord is nowhere used with padding parameter, so it's always zero.

Sorry if I'm treating anything wrong.

[martinthomson]

Yes, that particular piece of code isn't hooked up, so I didn't discover that bug until I decided to use it.

I have a fix for this already. Unfortunately, it's currently sitting on a computer that I won't have access to for a while. I'll put a simple fix in for now.