reject non-block-aligned CBC cipher input

This commit is contained in:
Jeremiah Mackey
2026-04-06 22:15:13 +00:00
parent 362eda5b25
commit a77e1ff5ac
3 changed files with 53 additions and 18 deletions
+7 -2
View File
@@ -64,8 +64,7 @@
#include <wolfcrypt/src/misc.c>
#endif
/* u32 must be 32bit word */
typedef unsigned int u32;
typedef word32 u32;
typedef unsigned char u8;
/* key constants */
@@ -1591,6 +1590,9 @@ int wc_CamelliaCbcEncrypt(wc_Camellia* cam, byte* out, const byte* in, word32 sz
if (cam == NULL || out == NULL || in == NULL) {
return BAD_FUNC_ARG;
}
if (sz % WC_CAMELLIA_BLOCK_SIZE != 0) {
return BAD_LENGTH_E;
}
blocks = sz / WC_CAMELLIA_BLOCK_SIZE;
while (blocks--) {
@@ -1613,6 +1615,9 @@ int wc_CamelliaCbcDecrypt(wc_Camellia* cam, byte* out, const byte* in, word32 sz
if (cam == NULL || out == NULL || in == NULL) {
return BAD_FUNC_ARG;
}
if (sz % WC_CAMELLIA_BLOCK_SIZE != 0) {
return BAD_LENGTH_E;
}
blocks = sz / WC_CAMELLIA_BLOCK_SIZE;
while (blocks--) {
+32 -14
View File
@@ -1234,49 +1234,49 @@
int wc_Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz)
{
word32 blocks = sz / DES_BLOCK_SIZE;
if (des == NULL || out == NULL || in == NULL)
return BAD_FUNC_ARG;
if (sz % DES_BLOCK_SIZE != 0)
return BAD_LENGTH_E;
return wc_Pic32DesCrypt(des->key, DES_KEYLEN, des->reg, DES_IVLEN,
out, in, (blocks * DES_BLOCK_SIZE),
out, in, sz,
PIC32_ENCRYPTION, PIC32_ALGO_DES, PIC32_CRYPTOALGO_CBC);
}
int wc_Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz)
{
word32 blocks = sz / DES_BLOCK_SIZE;
if (des == NULL || out == NULL || in == NULL)
return BAD_FUNC_ARG;
if (sz % DES_BLOCK_SIZE != 0)
return BAD_LENGTH_E;
return wc_Pic32DesCrypt(des->key, DES_KEYLEN, des->reg, DES_IVLEN,
out, in, (blocks * DES_BLOCK_SIZE),
out, in, sz,
PIC32_DECRYPTION, PIC32_ALGO_DES, PIC32_CRYPTOALGO_CBC);
}
int wc_Des3_CbcEncrypt(Des3* des, byte* out, const byte* in, word32 sz)
{
word32 blocks = sz / DES_BLOCK_SIZE;
if (des == NULL || out == NULL || in == NULL)
return BAD_FUNC_ARG;
if (sz % DES_BLOCK_SIZE != 0)
return BAD_LENGTH_E;
return wc_Pic32DesCrypt(des->key[0], DES3_KEYLEN, des->reg, DES3_IVLEN,
out, in, (blocks * DES_BLOCK_SIZE),
out, in, sz,
PIC32_ENCRYPTION, PIC32_ALGO_TDES, PIC32_CRYPTOALGO_TCBC);
}
int wc_Des3_CbcDecrypt(Des3* des, byte* out, const byte* in, word32 sz)
{
word32 blocks = sz / DES_BLOCK_SIZE;
if (des == NULL || out == NULL || in == NULL)
return BAD_FUNC_ARG;
if (sz % DES_BLOCK_SIZE != 0)
return BAD_LENGTH_E;
return wc_Pic32DesCrypt(des->key[0], DES3_KEYLEN, des->reg, DES3_IVLEN,
out, in, (blocks * DES_BLOCK_SIZE),
out, in, sz,
PIC32_DECRYPTION, PIC32_ALGO_TDES, PIC32_CRYPTOALGO_TCBC);
}
@@ -1734,12 +1734,17 @@
int wc_Des_CbcEncrypt(Des* des, byte* out, const byte* in, word32 sz)
{
word32 blocks = sz / DES_BLOCK_SIZE;
word32 blocks;
if (des == NULL || out == NULL || in == NULL) {
return BAD_FUNC_ARG;
}
if (sz % DES_BLOCK_SIZE != 0) {
return BAD_LENGTH_E;
}
blocks = sz / DES_BLOCK_SIZE;
while (blocks--) {
xorbuf((byte*)des->reg, in, DES_BLOCK_SIZE);
DesProcessBlock(des, (byte*)des->reg, (byte*)des->reg);
@@ -1753,12 +1758,17 @@
int wc_Des_CbcDecrypt(Des* des, byte* out, const byte* in, word32 sz)
{
word32 blocks = sz / DES_BLOCK_SIZE;
word32 blocks;
if (des == NULL || out == NULL || in == NULL) {
return BAD_FUNC_ARG;
}
if (sz % DES_BLOCK_SIZE != 0) {
return BAD_LENGTH_E;
}
blocks = sz / DES_BLOCK_SIZE;
while (blocks--) {
XMEMCPY(des->tmp, in, DES_BLOCK_SIZE);
DesProcessBlock(des, (byte*)des->tmp, out);
@@ -1809,6 +1819,10 @@
}
#endif /* WOLFSSL_ASYNC_CRYPT */
if (sz % DES_BLOCK_SIZE != 0) {
return BAD_LENGTH_E;
}
blocks = sz / DES_BLOCK_SIZE;
while (blocks--) {
xorbuf((byte*)des->reg, in, DES_BLOCK_SIZE);
@@ -1860,6 +1874,10 @@
}
#endif /* WOLFSSL_ASYNC_CRYPT */
if (sz % DES_BLOCK_SIZE != 0) {
return BAD_LENGTH_E;
}
blocks = sz / DES_BLOCK_SIZE;
while (blocks--) {
XMEMCPY(des->tmp, in, DES_BLOCK_SIZE);
+14 -2
View File
@@ -279,7 +279,7 @@ int wc_Rc2EcbDecrypt(Rc2* rc2, byte* out, const byte* in, word32 sz)
int wc_Rc2CbcEncrypt(Rc2* rc2, byte* out, const byte* in, word32 sz)
{
int ret;
word32 blocks = (sz / RC2_BLOCK_SIZE);
word32 blocks;
if (rc2 == NULL || out == NULL || in == NULL) {
return BAD_FUNC_ARG;
@@ -289,6 +289,12 @@ int wc_Rc2CbcEncrypt(Rc2* rc2, byte* out, const byte* in, word32 sz)
return 0;
}
if (sz % RC2_BLOCK_SIZE != 0) {
return BAD_LENGTH_E;
}
blocks = sz / RC2_BLOCK_SIZE;
while (blocks--) {
xorbuf((byte*)rc2->reg, in, RC2_BLOCK_SIZE);
ret = wc_Rc2EcbEncrypt(rc2, (byte*)rc2->reg, (byte*)rc2->reg,
@@ -308,7 +314,7 @@ int wc_Rc2CbcEncrypt(Rc2* rc2, byte* out, const byte* in, word32 sz)
int wc_Rc2CbcDecrypt(Rc2* rc2, byte* out, const byte* in, word32 sz)
{
int ret;
word32 blocks = (sz / RC2_BLOCK_SIZE);
word32 blocks;
if (rc2 == NULL || out == NULL || in == NULL) {
return BAD_FUNC_ARG;
@@ -318,6 +324,12 @@ int wc_Rc2CbcDecrypt(Rc2* rc2, byte* out, const byte* in, word32 sz)
return 0;
}
if (sz % RC2_BLOCK_SIZE != 0) {
return BAD_LENGTH_E;
}
blocks = sz / RC2_BLOCK_SIZE;
while (blocks--) {
XMEMCPY(rc2->tmp, in, RC2_BLOCK_SIZE);
ret = wc_Rc2EcbDecrypt(rc2, out, (byte*)rc2->tmp, RC2_BLOCK_SIZE);