From 8587e164f0862f897027a7c7f57b30e78ea78e0f Mon Sep 17 00:00:00 2001
From: Andy Green <andy@warmcat.com>
Date: Tue, 22 Jan 2019 06:26:08 +0800
Subject: [PATCH] jwe: strip padding after rsa-aes

---
 lib/jose/jwe/enc/aescbc.c     | 2 +-
 lib/jose/jwe/jwe-rsa-aescbc.c | 7 +++++++
 lib/jose/jwe/jwe-rsa-aesgcm.c | 7 +++++++
 3 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/lib/jose/jwe/enc/aescbc.c b/lib/jose/jwe/enc/aescbc.c
index a08dc82ac..9cd517948 100644
--- a/lib/jose/jwe/enc/aescbc.c
+++ b/lib/jose/jwe/enc/aescbc.c
@@ -154,7 +154,7 @@ lws_jwe_encrypt_cbc_hs(struct lws_jwe *jwe, uint8_t *cek,
 
 int
 lws_jwe_auth_and_decrypt_cbc_hs(struct lws_jwe *jwe, uint8_t *enc_cek,
-					uint8_t *aad, int aad_len)
+				uint8_t *aad, int aad_len)
 {
 	int n, hlen = lws_genhmac_size(jwe->jose.enc_alg->hmac_type);
 	uint8_t digest[LWS_GENHASH_LARGEST];
diff --git a/lib/jose/jwe/jwe-rsa-aescbc.c b/lib/jose/jwe/jwe-rsa-aescbc.c
index 76be23206..a46df34be 100644
--- a/lib/jose/jwe/jwe-rsa-aescbc.c
+++ b/lib/jose/jwe/jwe-rsa-aescbc.c
@@ -178,5 +178,12 @@ lws_jwe_auth_and_decrypt_rsa_aes_cbc_hs(struct lws_jwe *jwe)
 		return -1;
 	}
 
+	/* strip padding */
+
+	n = jwe->jws.map.buf[LJWE_CTXT][jwe->jws.map.len[LJWE_CTXT] - 1];
+	if (n > 16)
+		return -1;
+	jwe->jws.map.len[LJWE_CTXT] -= n;
+
 	return jwe->jws.map.len[LJWE_CTXT];
 }
diff --git a/lib/jose/jwe/jwe-rsa-aesgcm.c b/lib/jose/jwe/jwe-rsa-aesgcm.c
index 8ac0ff3a9..aa9f64174 100644
--- a/lib/jose/jwe/jwe-rsa-aesgcm.c
+++ b/lib/jose/jwe/jwe-rsa-aesgcm.c
@@ -170,5 +170,12 @@ lws_jwe_auth_and_decrypt_rsa_aes_gcm(struct lws_jwe *jwe)
 		return -1;
 	}
 
+	/* strip padding */
+
+	n = jwe->jws.map.buf[LJWE_CTXT][jwe->jws.map.len[LJWE_CTXT] - 1];
+	if (n > 16)
+		return -1;
+	jwe->jws.map.len[LJWE_CTXT] -= n;
+
 	return jwe->jws.map.len[LJWE_CTXT];
 }