1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
|
/*
* Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <string.h>
#include <openssl/evp.h>
#include <openssl/err.h>
#include "ciphers_locl.h"
#include <assert.h>
/*
* Fills a single block of buffered data from the input, and returns the amount
* of data remaining in the input that is a multiple of the blocksize. The buffer
* is only filled if it already has some data in it, isn't full already or we
* don't have at least one block in the input.
*
* buf: a buffer of blocksize bytes
* buflen: contains the amount of data already in buf on entry. Updated with the
* amount of data in buf at the end. On entry *buflen must always be
* less than the blocksize
* blocksize: size of a block. Must be greater than 0 and a power of 2
* in: pointer to a pointer containing the input data
* inlen: amount of input data available
*
* On return buf is filled with as much data as possible up to a full block,
* *buflen is updated containing the amount of data in buf. *in is updated to
* the new location where input data should be read from, *inlen is updated with
* the remaining amount of data in *in. Returns the largest value <= *inlen
* which is a multiple of the blocksize.
*/
size_t fillblock(unsigned char *buf, size_t *buflen, size_t blocksize,
const unsigned char **in, size_t *inlen)
{
size_t blockmask = ~(blocksize - 1);
assert(*buflen <= blocksize);
assert(blocksize > 0 && (blocksize & (blocksize - 1)) == 0);
if (*buflen != blocksize && (*buflen != 0 || *inlen < blocksize)) {
size_t bufremain = blocksize - *buflen;
if (*inlen < bufremain)
bufremain = *inlen;
memcpy(buf + *buflen, *in, bufremain);
*in += bufremain;
*inlen -= bufremain;
*buflen += bufremain;
}
return *inlen & blockmask;
}
/*
* Fills the buffer with trailing data from an encryption/decryption that didn't
* fit into a full block.
*/
int trailingdata(unsigned char *buf, size_t *buflen, size_t blocksize,
const unsigned char **in, size_t *inlen)
{
if (*inlen == 0)
return 1;
if (*buflen + *inlen > blocksize)
return 0;
memcpy(buf + *buflen, *in, *inlen);
*buflen += *inlen;
*inlen = 0;
return 1;
}
/* Pad the final block for encryption */
void padblock(unsigned char *buf, size_t *buflen, size_t blocksize)
{
size_t i;
unsigned char pad = (unsigned char)(blocksize - *buflen);
for (i = *buflen; i < blocksize; i++)
buf[i] = pad;
}
int unpadblock(unsigned char *buf, size_t *buflen, size_t blocksize)
{
size_t pad, i;
size_t len = *buflen;
if(len != blocksize)
return 0;
/*
* The following assumes that the ciphertext has been authenticated.
* Otherwise it provides a padding oracle.
*/
pad = buf[blocksize - 1];
if (pad == 0 || pad > blocksize) {
EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT);
return 0;
}
for (i = 0; i < pad; i++) {
if (buf[--len] != pad) {
EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT);
return 0;
}
}
*buflen = len;
return 1;
}
|
