In The SSL Protocol Version 3.0, November 18, 1996, it states in Section
5.2.3.2 (CBC block cipher) that the GenericBlockCipher structure looks like
the following:
block-ciphered struct {
opaque content[SSLCompressed.length];
opaque MAC[CipherSpec.hash_size];
uint8 padding[GenericBlockCipher.padding_length];
uint8 padding_length;
} GenericBlockCipher;
The size of an instance of a GenericBlockCipher must be a multiple of the
block cipher's block length.
Therefore, it appears that the padding length, which seems to be ALWAYS
present, contributes to the padding. Which implies that if sizeof(content) +
sizeof(MAC) % block_length = 0, padding has to be 7 bytes long because of
the existence of padding_length. Is this correct?
This make the padding scheme similar (but not quite) to PKCS#5 where the
length is encoded in the padding (1-8). With the SSL scheme, the
sizeof(padding) is encoded in the always present padding_length and
therefore ranges from 0 to 7.
Is this correct?
+-------------------------------------------------------------------------+
| Administrative requests should be sent to [EMAIL PROTECTED] |
| List service provided by Open Software Associates, http://www.osa.com/ |
+-------------------------------------------------------------------------+
