From d6cb6af31eee16d017891c3fb6c4033446594ad5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Sun, 3 Oct 2004 17:19:53 +0000
Subject: [PATCH] support padding as its done in CMS

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14283 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 lib/krb5/crypto.c | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/lib/krb5/crypto.c b/lib/krb5/crypto.c
index 9b3be1d2b..176b5dd11 100644
--- a/lib/krb5/crypto.c
+++ b/lib/krb5/crypto.c
@@ -70,6 +70,7 @@ struct krb5_crypto_data {
 #define F_PSEUDO	16	/* not a real protocol type */
 #define F_SPECIAL	32	/* backwards */
 #define F_DISABLED	64	/* enctype/checksum disabled */
+#define F_PADCMS	128	/* padding done like in CMS */
 
 struct salt_type {
     krb5_salttype type;
@@ -2885,7 +2886,7 @@ static struct encryption_type enctype_aes128_cbc_none = {
     &keytype_aes128,
     &checksum_none,
     NULL,
-    F_PSEUDO,
+    F_PSEUDO|F_PADCMS,
     AES_CBC_encrypt,
 };
 static unsigned aes_192_cbc_num[] = { 2, 16, 840, 1, 101, 3, 4, 1, 22 };
@@ -2900,7 +2901,7 @@ static struct encryption_type enctype_aes192_cbc_none = {
     &keytype_aes192,
     &checksum_none,
     NULL,
-    F_PSEUDO,
+    F_PSEUDO|F_PADCMS,
     AES_CBC_encrypt,
 };
 static unsigned aes_256_cbc_num[] = { 2, 16, 840, 1, 101, 3, 4, 1, 42 };
@@ -2915,7 +2916,7 @@ static struct encryption_type enctype_aes256_cbc_none = {
     &keytype_aes256,
     &checksum_none,
     NULL,
-    F_PSEUDO,
+    F_PSEUDO|F_PADCMS,
     AES_CBC_encrypt,
 };
 #endif /* ENABLE_AES */
@@ -3332,7 +3333,7 @@ encrypt_internal(krb5_context context,
 		 krb5_data *result,
 		 void *ivec)
 {
-    size_t sz, block_sz, checksum_sz;
+    size_t sz, block_sz, checksum_sz, padsize = 0;
     Checksum cksum;
     unsigned char *p, *q;
     krb5_error_code ret;
@@ -3342,6 +3343,11 @@ encrypt_internal(krb5_context context,
     
     sz = et->confoundersize + checksum_sz + len;
     block_sz = (sz + et->padsize - 1) &~ (et->padsize - 1); /* pad */
+    if (et->flags & F_PADCMS) {
+	padsize = et->padsize - (sz % et->padsize);
+	if (padsize == et->padsize)
+	    block_sz += et->padsize;
+    }
     p = calloc(1, block_sz);
     if(p == NULL) {
 	krb5_set_error_string(context, "malloc: out of memory");
@@ -3374,6 +3380,12 @@ encrypt_internal(krb5_context context,
     ret = _key_schedule(context, &crypto->key, crypto->params);
     if(ret)
 	goto fail;
+    if (et->flags & F_PADCMS) {
+	int i;
+	q = p + len;
+	for (i = 0; i < padsize; i++)
+	    q[i] = padsize;
+    }
 #ifdef CRYPTO_DEBUG
     krb5_crypto_debug(context, 1, block_sz, crypto->key.key);
 #endif