You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi! I'm not very proficient with js and didn't investigate this document too much, but it seems to me you have wrong usage of padding ('ece.js', line 145):
var padding = new Buffer(pad + 1);
here you initialize padding with some random bytes allocated for it, however in the specification it should be a length byte, then zero bytes.
A receiver MUST fail to decrypt if any padding octet other than the first is
non-zero, or a record has more padding than the record size can
accommodate.
So, it seems this implementation is contradicting with this document.
By the way, function encryptRecord is nowhere used with padding parameter, so it's always zero.
Sorry if I'm treating anything wrong.
The text was updated successfully, but these errors were encountered:
Yes, that particular piece of code isn't hooked up, so I didn't discover that bug until I decided to use it.
I have a fix for this already. Unfortunately, it's currently sitting on a computer that I won't have access to for a while. I'll put a simple fix in for now.
Hi! I'm not very proficient with js and didn't investigate this document too much, but it seems to me you have wrong usage of padding ('ece.js', line 145):
here you initialize padding with some random bytes allocated for it, however in the specification it should be a length byte, then zero bytes.
So, it seems this implementation is contradicting with this document.
By the way, function
encryptRecord
is nowhere used with padding parameter, so it's always zero.Sorry if I'm treating anything wrong.
The text was updated successfully, but these errors were encountered: