Clean up EVP_EncryptFinal_ex()

This switches to the variable names used in other functions, adds a reminder to add a missing length check and uses memset for the padding. ok jsing
author: tb <> 2023-12-20 10:42:43 +0000
committer: tb <> 2023-12-20 10:42:43 +0000
commit: 16cf191fc78fae1e65f8058c4b77bfedc8ca84c7 (patch)
tree: 34c51a85e271875b6466d67939a2544b0865edcf /src
parent: 38c255f9516cd7b79d10dd04fc873963f3a881ff (diff)
download: openbsd-16cf191fc78fae1e65f8058c4b77bfedc8ca84c7.tar.gz
openbsd-16cf191fc78fae1e65f8058c4b77bfedc8ca84c7.tar.bz2
openbsd-16cf191fc78fae1e65f8058c4b77bfedc8ca84c7.zip
1 files changed, 13 insertions, 16 deletions
diff --git a/src/lib/libcrypto/evp/evp_enc.c b/src/lib/libcrypto/evp/evp_enc.c
index 16a993eb0d..b00150513c 100644
--- a/src/lib/libcrypto/evp/evp_enc.c
+++ b/src/lib/libcrypto/evp/evp_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_enc.c,v 1.64 2023/12/20 10:35:25 tb Exp $ */
+/* $OpenBSD: evp_enc.c,v 1.65 2023/12/20 10:42:43 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -382,38 +382,35 @@ EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
 int
 EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
 {
-        int n;
+        const int block_size = ctx->cipher->block_size;
-        unsigned int i, b, bl;
+        int buf_offset = ctx->buf_len;
+        int pad;
        *outl = 0;
        if ((ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) != 0)
                return evp_cipher(ctx, out, outl, NULL, 0);
-        b = ctx->cipher->block_size;
+        /* XXX - check that block_size > buf_offset. */
-        if (b > sizeof ctx->buf) {
+        if (block_size > sizeof(ctx->buf)) {
                EVPerror(EVP_R_BAD_BLOCK_LENGTH);
                return 0;
        }
-        if (b == 1) {
+        if (block_size == 1)
-                *outl = 0;
                return 1;
-        }
-        bl = ctx->buf_len;
+        if ((ctx->flags & EVP_CIPH_NO_PADDING) != 0) {
-        if (ctx->flags & EVP_CIPH_NO_PADDING) {
+                if (buf_offset != 0) {
-                if (bl) {
                        EVPerror(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
                        return 0;
                }
-                *outl = 0;
                return 1;
        }
-        n = b - bl;
+        pad = block_size - buf_offset;
-        for (i = bl; i < b; i++)
+        memset(&ctx->buf[buf_offset], pad, pad);
-                ctx->buf[i] = n;
-        return evp_cipher(ctx, out, outl, ctx->buf, b);
+        return evp_cipher(ctx, out, outl, ctx->buf, block_size);
 }
 int
author	tb <>	2023-12-20 10:42:43 +0000
committer	tb <>	2023-12-20 10:42:43 +0000
commit	16cf191fc78fae1e65f8058c4b77bfedc8ca84c7 (patch)
tree	34c51a85e271875b6466d67939a2544b0865edcf /src
parent	38c255f9516cd7b79d10dd04fc873963f3a881ff (diff)
download	openbsd-16cf191fc78fae1e65f8058c4b77bfedc8ca84c7.tar.gz openbsd-16cf191fc78fae1e65f8058c4b77bfedc8ca84c7.tar.bz2 openbsd-16cf191fc78fae1e65f8058c4b77bfedc8ca84c7.zip

diff --git a/src/lib/libcrypto/evp/evp_enc.c b/src/lib/libcrypto/evp/evp_enc.c index 16a993eb0d..b00150513c 100644 --- a/src/lib/libcrypto/evp/evp_enc.c +++ b/src/lib/libcrypto/evp/evp_enc.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: evp_enc.c,v 1.64 2023/12/20 10:35:25 tb Exp $ */	1	/* $OpenBSD: evp_enc.c,v 1.65 2023/12/20 10:42:43 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -382,38 +382,35 @@ EVP_EncryptFinal(EVP_CIPHER_CTX ctx, unsigned char out, int *outl)
382	int	382	int
383	EVP_EncryptFinal_ex(EVP_CIPHER_CTX ctx, unsigned char out, int *outl)	383	EVP_EncryptFinal_ex(EVP_CIPHER_CTX ctx, unsigned char out, int *outl)
384	{	384	{
385	int n;	385	const int block_size = ctx->cipher->block_size;
386	unsigned int i, b, bl;	386	int buf_offset = ctx->buf_len;
		387	int pad;
387		388
388	*outl = 0;	389	*outl = 0;
389		390
390	if ((ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) != 0)	391	if ((ctx->cipher->flags & EVP_CIPH_FLAG_CUSTOM_CIPHER) != 0)
391	return evp_cipher(ctx, out, outl, NULL, 0);	392	return evp_cipher(ctx, out, outl, NULL, 0);
392		393
393	b = ctx->cipher->block_size;	394	/* XXX - check that block_size > buf_offset. */
394	if (b > sizeof ctx->buf) {	395	if (block_size > sizeof(ctx->buf)) {
395	EVPerror(EVP_R_BAD_BLOCK_LENGTH);	396	EVPerror(EVP_R_BAD_BLOCK_LENGTH);
396	return 0;	397	return 0;
397	}	398	}
398	if (b == 1) {	399	if (block_size == 1)
399	*outl = 0;
400	return 1;	400	return 1;
401	}	401
402	bl = ctx->buf_len;	402	if ((ctx->flags & EVP_CIPH_NO_PADDING) != 0) {
403	if (ctx->flags & EVP_CIPH_NO_PADDING) {	403	if (buf_offset != 0) {
404	if (bl) {
405	EVPerror(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);	404	EVPerror(EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH);
406	return 0;	405	return 0;
407	}	406	}
408	*outl = 0;
409	return 1;	407	return 1;
410	}	408	}
411		409
412	n = b - bl;	410	pad = block_size - buf_offset;
413	for (i = bl; i < b; i++)	411	memset(&ctx->buf[buf_offset], pad, pad);
414	ctx->buf[i] = n;
415		412
416	return evp_cipher(ctx, out, outl, ctx->buf, b);	413	return evp_cipher(ctx, out, outl, ctx->buf, block_size);
417	}	414	}
418		415
419	int	416	int