Describe the current behavior
AES decryption function takes the last byte of the plain text and if it is between 0x00 and 0x3F, it removes the corresponding number of bytes from the end of the plaintext (assumes it is the padding) otherwise is returns an error.
Describe the expected behavior
CBC and ECB modes use a padding scheme and the padding bytes can only take values between 0x01 and 0x10 (AES block size is 16 bytes). Further, the padding byte is repeated from the end of the message until the end of the block (or for one full block if the message length is divisible by 16 i.e. 0x10101010101010101010101010101010). For example 0xFFFFFFFFFFFFFFFFFFFFFF0505050505 is valid padding but 0xFFFFFFFFFFFFFFFFFFFFFF0000000005 is not, however, currently both are accepted as valid.
Describe the current behavior
AES decryption function takes the last byte of the plain text and if it is between 0x00 and 0x3F, it removes the corresponding number of bytes from the end of the plaintext (assumes it is the padding) otherwise is returns an error.
Describe the expected behavior
CBC and ECB modes use a padding scheme and the padding bytes can only take values between 0x01 and 0x10 (AES block size is 16 bytes). Further, the padding byte is repeated from the end of the message until the end of the block (or for one full block if the message length is divisible by 16 i.e. 0x10101010101010101010101010101010). For example 0xFFFFFFFFFFFFFFFFFFFFFF0505050505 is valid padding but 0xFFFFFFFFFFFFFFFFFFFFFF0000000005 is not, however, currently both are accepted as valid.