From 6f328a919454e1458a0eeda5c7a6ec32f95fe41f Mon Sep 17 00:00:00 2001
From: Love Hornquist Astrand <lha@h5l.org>
Date: Wed, 22 Sep 2010 14:41:17 -0700
Subject: [PATCH] add padding support via hx509_crypto_set_padding

---
 lib/hx509/crypto.c             | 24 ++++++++++++++++++++----
 lib/hx509/hx509.h              |  5 +++++
 lib/hx509/libhx509-exports.def |  1 +
 lib/hx509/version-script.map   |  1 +
 4 files changed, 27 insertions(+), 4 deletions(-)

diff --git a/lib/hx509/crypto.c b/lib/hx509/crypto.c
index 25daa2c00..6e4dc98bb 100644
--- a/lib/hx509/crypto.c
+++ b/lib/hx509/crypto.c
@@ -2016,7 +2016,11 @@ struct hx509cipher {
 struct hx509_crypto_data {
     char *name;
     int flags;
-#define ALLOW_WEAK 1
+#define ALLOW_WEAK 	1
+
+#define PADDING_NONE	2
+#define PADDING_PKCS7	4
+#define PADDING_FLAGS	(2|4)
     const struct hx509cipher *cipher;
     const EVP_CIPHER *c;
     heim_octet_string key;
@@ -2302,6 +2306,7 @@ hx509_crypto_init(hx509_context context,
 	return ENOMEM;
     }
 
+    (*crypto)->flags = PADDING_PKCS7;
     (*crypto)->cipher = cipher;
     (*crypto)->c = (*cipher->evp_func)();
 
@@ -2342,9 +2347,20 @@ hx509_crypto_set_key_name(hx509_crypto crypto, const char *name)
 }
 
 void
-hx509_crypto_allow_weak(hx509_crypto crypto)
+hx509_crypto_set_padding(hx509_crypto crypto, int padding_type)
 {
-    crypto->flags |= ALLOW_WEAK;
+    switch (padding_type) {
+    case HX509_CRYPTO_PADDING_PKCS7:
+	crypto->flags &= ~PADDING_FLAGS;
+	crypto->flags |= PADDING_PKCS7;
+	break;
+    case HX509_CRYPTO_PADDING_NONE:
+	crypto->flags &= ~PADDING_FLAGS;
+	crypto->flags |= PADDING_NONE;
+	break;
+    default:
+	_hx509_abort("Invalid padding");
+    }
 }
 
 int
@@ -2560,7 +2576,7 @@ hx509_crypto_decrypt(hx509_crypto crypto,
     }
     EVP_CIPHER_CTX_cleanup(&evp);
 
-    if (EVP_CIPHER_block_size(crypto->c) > 1) {
+    if ((crypto->flags & PADDING_PKCS7) && EVP_CIPHER_block_size(crypto->c) > 1) {
 	int padsize;
 	unsigned char *p;
 	int j, bsize = EVP_CIPHER_block_size(crypto->c);
diff --git a/lib/hx509/hx509.h b/lib/hx509/hx509.h
index fa4aa8134..b6eeac9d1 100644
--- a/lib/hx509/hx509.h
+++ b/lib/hx509/hx509.h
@@ -71,6 +71,11 @@ enum {
     HX509_VALIDATE_F_VERBOSE = 2
 };
 
+enum {
+    HX509_CRYPTO_PADDING_PKCS7 = 0,
+    HX509_CRYPTO_PADDING_NONE = 1
+};
+
 struct hx509_cert_attribute_data {
     heim_oid oid;
     heim_octet_string data;
diff --git a/lib/hx509/libhx509-exports.def b/lib/hx509/libhx509-exports.def
index 6d7492d3d..9f221a078 100644
--- a/lib/hx509/libhx509-exports.def
+++ b/lib/hx509/libhx509-exports.def
@@ -127,6 +127,7 @@ EXPORTS
 	hx509_crypto_select
 	hx509_crypto_set_key_data
 	hx509_crypto_set_key_name
+	hx509_crypto_set_padding
 	hx509_crypto_set_params
 	hx509_crypto_set_random_key
 	hx509_env_add
diff --git a/lib/hx509/version-script.map b/lib/hx509/version-script.map
index 5aaccd4f2..c0666d81c 100644
--- a/lib/hx509/version-script.map
+++ b/lib/hx509/version-script.map
@@ -133,6 +133,7 @@ HEIMDAL_X509_1.2 {
 		hx509_crypto_select;
 		hx509_crypto_set_key_data;
 		hx509_crypto_set_key_name;
+		hx509_crypto_set_padding;
 		hx509_crypto_set_params;
 		hx509_crypto_set_random_key;
 		hx509_env_add;