2 * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 #include <openssl/evp.h>
12 #include <openssl/err.h>
13 #include "ciphers_locl.h"
15 #include "internal/providercommonerr.h"
18 * Fills a single block of buffered data from the input, and returns the amount
19 * of data remaining in the input that is a multiple of the blocksize. The buffer
20 * is only filled if it already has some data in it, isn't full already or we
21 * don't have at least one block in the input.
23 * buf: a buffer of blocksize bytes
24 * buflen: contains the amount of data already in buf on entry. Updated with the
25 * amount of data in buf at the end. On entry *buflen must always be
26 * less than the blocksize
27 * blocksize: size of a block. Must be greater than 0 and a power of 2
28 * in: pointer to a pointer containing the input data
29 * inlen: amount of input data available
31 * On return buf is filled with as much data as possible up to a full block,
32 * *buflen is updated containing the amount of data in buf. *in is updated to
33 * the new location where input data should be read from, *inlen is updated with
34 * the remaining amount of data in *in. Returns the largest value <= *inlen
35 * which is a multiple of the blocksize.
37 size_t fillblock(unsigned char *buf, size_t *buflen, size_t blocksize,
38 const unsigned char **in, size_t *inlen)
40 size_t blockmask = ~(blocksize - 1);
42 assert(*buflen <= blocksize);
43 assert(blocksize > 0 && (blocksize & (blocksize - 1)) == 0);
45 if (*buflen != blocksize && (*buflen != 0 || *inlen < blocksize)) {
46 size_t bufremain = blocksize - *buflen;
48 if (*inlen < bufremain)
50 memcpy(buf + *buflen, *in, bufremain);
56 return *inlen & blockmask;
60 * Fills the buffer with trailing data from an encryption/decryption that didn't
61 * fit into a full block.
63 int trailingdata(unsigned char *buf, size_t *buflen, size_t blocksize,
64 const unsigned char **in, size_t *inlen)
69 if (*buflen + *inlen > blocksize) {
70 PROVerr(PROV_F_TRAILINGDATA, ERR_R_INTERNAL_ERROR);
74 memcpy(buf + *buflen, *in, *inlen);
81 /* Pad the final block for encryption */
82 void padblock(unsigned char *buf, size_t *buflen, size_t blocksize)
85 unsigned char pad = (unsigned char)(blocksize - *buflen);
87 for (i = *buflen; i < blocksize; i++)
91 int unpadblock(unsigned char *buf, size_t *buflen, size_t blocksize)
96 if(len != blocksize) {
97 PROVerr(PROV_F_UNPADBLOCK, ERR_R_INTERNAL_ERROR);
102 * The following assumes that the ciphertext has been authenticated.
103 * Otherwise it provides a padding oracle.
105 pad = buf[blocksize - 1];
106 if (pad == 0 || pad > blocksize) {
107 PROVerr(PROV_F_UNPADBLOCK, PROV_R_BAD_DECRYPT);
110 for (i = 0; i < pad; i++) {
111 if (buf[--len] != pad) {
112 PROVerr(PROV_F_UNPADBLOCK, PROV_R_BAD_DECRYPT);