[thirdparty/openssl.git] / providers / common / ciphers / block.c

/*
 * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <assert.h>
#include "cipher_locl.h"
#include "internal/providercommonerr.h"

/*
 * Fills a single block of buffered data from the input, and returns the amount
 * of data remaining in the input that is a multiple of the blocksize. The buffer
 * is only filled if it already has some data in it, isn't full already or we
 * don't have at least one block in the input.
 *
 * buf: a buffer of blocksize bytes
 * buflen: contains the amount of data already in buf on entry. Updated with the
 *         amount of data in buf at the end. On entry *buflen must always be
 *         less than the blocksize
 * blocksize: size of a block. Must be greater than 0 and a power of 2
 * in: pointer to a pointer containing the input data
 * inlen: amount of input data available
 *
 * On return buf is filled with as much data as possible up to a full block,
 * *buflen is updated containing the amount of data in buf. *in is updated to
 * the new location where input data should be read from, *inlen is updated with
 * the remaining amount of data in *in. Returns the largest value <= *inlen
 * which is a multiple of the blocksize.
 */
size_t fillblock(unsigned char *buf, size_t *buflen, size_t blocksize,
                 const unsigned char **in, size_t *inlen)
{
    size_t blockmask = ~(blocksize - 1);

    assert(*buflen <= blocksize);
    assert(blocksize > 0 && (blocksize & (blocksize - 1)) == 0);

    if (*buflen != blocksize && (*buflen != 0 || *inlen < blocksize)) {
        size_t bufremain = blocksize - *buflen;

        if (*inlen < bufremain)
            bufremain = *inlen;
        memcpy(buf + *buflen, *in, bufremain);
        *in += bufremain;
        *inlen -= bufremain;
        *buflen += bufremain;
    }

    return *inlen & blockmask;
}

/*
 * Fills the buffer with trailing data from an encryption/decryption that didn't
 * fit into a full block.
 */
int trailingdata(unsigned char *buf, size_t *buflen, size_t blocksize,
                 const unsigned char **in, size_t *inlen)
{
    if (*inlen == 0)
        return 1;

    if (*buflen + *inlen > blocksize) {
        ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR);
        return 0;
    }

    memcpy(buf + *buflen, *in, *inlen);
    *buflen += *inlen;
    *inlen = 0;

    return 1;
}

/* Pad the final block for encryption */
void padblock(unsigned char *buf, size_t *buflen, size_t blocksize)
{
    size_t i;
    unsigned char pad = (unsigned char)(blocksize - *buflen);

    for (i = *buflen; i < blocksize; i++)
        buf[i] = pad;
}

int unpadblock(unsigned char *buf, size_t *buflen, size_t blocksize)
{
    size_t pad, i;
    size_t len = *buflen;

    if(len != blocksize) {
        ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR);
        return 0;
    }

    /*
     * The following assumes that the ciphertext has been authenticated.
     * Otherwise it provides a padding oracle.
     */
    pad = buf[blocksize - 1];
    if (pad == 0 || pad > blocksize) {
        ERR_raise(ERR_LIB_PROV, PROV_R_BAD_DECRYPT);
        return 0;
    }
    for (i = 0; i < pad; i++) {
        if (buf[--len] != pad) {
            ERR_raise(ERR_LIB_PROV, PROV_R_BAD_DECRYPT);
            return 0;
        }
    }
    *buflen = len;
    return 1;
}
Commit	Line	Data
aab26e6f MC	1	/*
	2	* Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
	3	*
	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
	8	*/
	9
aab26e6f	10	#include <assert.h>
e1178600	11	#include "cipher_locl.h"
4a42e264	12	#include "internal/providercommonerr.h"
aab26e6f MC	13
	14	/*
	15	* Fills a single block of buffered data from the input, and returns the amount
	16	* of data remaining in the input that is a multiple of the blocksize. The buffer
	17	* is only filled if it already has some data in it, isn't full already or we
	18	* don't have at least one block in the input.
	19	*
	20	* buf: a buffer of blocksize bytes
	21	* buflen: contains the amount of data already in buf on entry. Updated with the
	22	* amount of data in buf at the end. On entry *buflen must always be
	23	* less than the blocksize
	24	* blocksize: size of a block. Must be greater than 0 and a power of 2
	25	* in: pointer to a pointer containing the input data
	26	* inlen: amount of input data available
	27	*
	28	* On return buf is filled with as much data as possible up to a full block,
	29	* buflen is updated containing the amount of data in buf. in is updated to
	30	* the new location where input data should be read from, *inlen is updated with
	31	* the remaining amount of data in in. Returns the largest value <= inlen
	32	* which is a multiple of the blocksize.
	33	*/
	34	size_t fillblock(unsigned char buf, size_t buflen, size_t blocksize,
	35	const unsigned char *in, size_t inlen)
	36	{
	37	size_t blockmask = ~(blocksize - 1);
	38
	39	assert(*buflen <= blocksize);
	40	assert(blocksize > 0 && (blocksize & (blocksize - 1)) == 0);
	41
	42	if (buflen != blocksize && (buflen != 0 \|\| *inlen < blocksize)) {
	43	size_t bufremain = blocksize - *buflen;
	44
	45	if (*inlen < bufremain)
	46	bufremain = *inlen;
	47	memcpy(buf + buflen, in, bufremain);
	48	*in += bufremain;
	49	*inlen -= bufremain;
	50	*buflen += bufremain;
	51	}
	52
	53	return *inlen & blockmask;
	54	}
	55
	56	/*
	57	* Fills the buffer with trailing data from an encryption/decryption that didn't
	58	* fit into a full block.
	59	*/
	60	int trailingdata(unsigned char buf, size_t buflen, size_t blocksize,
	61	const unsigned char *in, size_t inlen)
	62	{
	63	if (*inlen == 0)
	64	return 1;
	65
6caf7f3a	66	if (buflen + inlen > blocksize) {
784883fc	67	ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR);
aab26e6f	68	return 0;
6caf7f3a	69	}
aab26e6f MC	70
	71	memcpy(buf + buflen, in, *inlen);
	72	buflen += inlen;
	73	*inlen = 0;
	74
	75	return 1;
	76	}
	77
	78	/* Pad the final block for encryption */
	79	void padblock(unsigned char buf, size_t buflen, size_t blocksize)
	80	{
	81	size_t i;
	82	unsigned char pad = (unsigned char)(blocksize - *buflen);
	83
	84	for (i = *buflen; i < blocksize; i++)
	85	buf[i] = pad;
	86	}
	87
	88	int unpadblock(unsigned char buf, size_t buflen, size_t blocksize)
	89	{
	90	size_t pad, i;
	91	size_t len = *buflen;
	92
6caf7f3a	93	if(len != blocksize) {
784883fc	94	ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR);
aab26e6f	95	return 0;
6caf7f3a	96	}
aab26e6f MC	97
	98	/*
	99	* The following assumes that the ciphertext has been authenticated.
	100	* Otherwise it provides a padding oracle.
	101	*/
	102	pad = buf[blocksize - 1];
	103	if (pad == 0 \|\| pad > blocksize) {
784883fc	104	ERR_raise(ERR_LIB_PROV, PROV_R_BAD_DECRYPT);
aab26e6f MC	105	return 0;
	106	}
	107	for (i = 0; i < pad; i++) {
	108	if (buf[--len] != pad) {
784883fc	109	ERR_raise(ERR_LIB_PROV, PROV_R_BAD_DECRYPT);
aab26e6f MC	110	return 0;
	111	}
	112	}
	113	*buflen = len;
	114	return 1;
	115	}