diff options
author | Shane Lontis <shane.lontis@oracle.com> | 2021-08-12 19:20:05 +1000 |
---|---|---|
committer | Pauli <pauli@openssl.org> | 2021-08-18 08:38:40 +1000 |
commit | 7daabe78a04902d3ae53af3e4a2acfdf6a1f1ec9 (patch) | |
tree | 59a97510c750defabc64e657938756085d0379dd /providers/implementations/ciphers | |
parent | 7f5a9399d27564a7136eed2df693755a3bec2cfc (diff) |
Change CTS CS3 (Kerberos) so that it accepts a 16 byte input block
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16286)
Diffstat (limited to 'providers/implementations/ciphers')
-rw-r--r-- | providers/implementations/ciphers/cipher_cts.c | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/providers/implementations/ciphers/cipher_cts.c b/providers/implementations/ciphers/cipher_cts.c index 3e880931c1..5732ae1990 100644 --- a/providers/implementations/ciphers/cipher_cts.c +++ b/providers/implementations/ciphers/cipher_cts.c @@ -195,9 +195,13 @@ static size_t cts128_cs3_encrypt(PROV_CIPHER_CTX *ctx, const unsigned char *in, aligned_16bytes tmp_in; size_t residue; - if (len <= CTS_BLOCK_SIZE) /* CS3 requires 2 blocks */ + if (len < CTS_BLOCK_SIZE) /* CS3 requires at least one block */ return 0; + /* If we only have one block then just process the aligned block */ + if (len == CTS_BLOCK_SIZE) + return ctx->hw->cipher(ctx, out, in, len) ? len : 0; + residue = len % CTS_BLOCK_SIZE; if (residue == 0) residue = CTS_BLOCK_SIZE; @@ -231,9 +235,13 @@ static size_t cts128_cs3_decrypt(PROV_CIPHER_CTX *ctx, const unsigned char *in, aligned_16bytes mid_iv, ct_mid, pt_last; size_t residue; - if (len <= CTS_BLOCK_SIZE) /* CS3 requires 2 blocks */ + if (len < CTS_BLOCK_SIZE) /* CS3 requires at least one block */ return 0; + /* If we only have one block then just process the aligned block */ + if (len == CTS_BLOCK_SIZE) + return ctx->hw->cipher(ctx, out, in, len) ? len : 0; + /* Process blocks at the start - but leave the last 2 blocks */ residue = len % CTS_BLOCK_SIZE; if (residue == 0) |