oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

hcrypto: Fix EVP_CipherUpdate() bugs

Browse Source
This commit is contained in:
Nicolas Williams
2022-11-21 14:24:31 -06:00
committed by Jeffrey Altman
parent 47e6c68de8
commit 11846fcabb
1 changed files with 17 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
lib/hcrypto/evp.c
View File

@@ -857,14 +857,13 @@ EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, void *out, int *outlen,
*outlen = 0;
/**
* If there in no spare bytes in the left from last Update and the
* input length is on the block boundery, the EVP_CipherUpdate()
* function can take a shortcut (and preformance gain) and
* directly encrypt the data, otherwise we hav to fix it up and
* store extra it the EVP_CIPHER_CTX.
/*
* If there in no bytes left over from the last Update and the
* input length is on a block boundary, then we can take a
* shortcut (and preformance gain) and directly encrypt the
* data.
*/
if (ctx->buf_len == 0 && (inlen & ctx->block_mask) == 0) {
if (ctx->buf_len == 0 && inlen && (inlen & ctx->block_mask) == 0) {
ret = (*ctx->cipher->do_cipher)(ctx, out, in, inlen);
if (ret == 1)
*outlen = inlen;
@@ -873,21 +872,19 @@ EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, void *out, int *outlen,
return ret;
}
blocksize = EVP_CIPHER_CTX_block_size(ctx);
left = blocksize - ctx->buf_len;
assert(left > 0);
if (ctx->buf_len) {
/* if total buffer is smaller then input, store locally */
/* If we can't fill one block in the buffer, save the input there */
if (inlen < left) {
memcpy(ctx->buf + ctx->buf_len, in, inlen);
ctx->buf_len += inlen;
return 1;
}
/* fill in local buffer and encrypt */
/* Fill the buffer and encrypt */
memcpy(ctx->buf + ctx->buf_len, in, left);
ret = (*ctx->cipher->do_cipher)(ctx, out, ctx->buf, blocksize);
memset_s(ctx->buf, blocksize, 0, blocksize);
@@ -905,12 +902,16 @@ EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, void *out, int *outlen,
ctx->buf_len = (inlen & ctx->block_mask);
inlen &= ~ctx->block_mask;
if (inlen) {
/* Encrypt all the whole blocks of input that we have */
ret = (*ctx->cipher->do_cipher)(ctx, out, in, inlen);
if (ret != 1)
return ret;
}
*outlen += inlen;
/* Save the tail of the input, if any */
in = ((unsigned char *)in) + inlen;
memcpy(ctx->buf, in, ctx->buf_len);
}
@@ -969,7 +970,7 @@ EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, void *out, int *outlen)
* @param in in data to the operation.
* @param size length of data.
*
* @return 1 on success.
* @return bytes encrypted on success, zero on failure.
*/
int