From 121005001a8bbf3bd4d0ae74de93e449f27624ec Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Niels=20M=C3=B6ller?= <nisse@lysator.liu.se>
Date: Tue, 24 Aug 2004 20:36:16 +0200
Subject: [PATCH] (des_cbc_cksum): Pad input with NUL:s, if it's not an
 integral number of blocks.

Rev: src/nettle/des-compat.c:1.15
---
 des-compat.c | 21 +++++++++++++++------
 1 file changed, 15 insertions(+), 6 deletions(-)

diff --git a/des-compat.c b/des-compat.c
index 5c0bf3f3..1b8ae914 100644
--- a/des-compat.c
+++ b/des-compat.c
@@ -71,6 +71,10 @@ des_ecb3_encrypt(const_des_cblock *src, des_cblock *dst,
     (&keys, DES_BLOCK_SIZE, *dst, *src);
 }
 
+/* If input is not a integral number of blocks, the final block is
+   padded with zeros, no length field or anything like that. That's
+   pretty broken, since it means that "$100" and "$100\0" always have
+   the same checksum, but I think that's how it's supposed to work. */
 uint32_t
 des_cbc_cksum(const uint8_t *src, des_cblock *dst,
 	      long length, des_key_schedule ctx,
@@ -80,16 +84,21 @@ des_cbc_cksum(const uint8_t *src, des_cblock *dst,
    * work, in particular what it should return, and if iv can be
    * modified. */
   uint8_t block[DES_BLOCK_SIZE];
-  const uint8_t *p;
 
   memcpy(block, *iv, DES_BLOCK_SIZE);
-  
-  assert(!(length % DES_BLOCK_SIZE));
-  
-  for (p = src; length; length -= DES_BLOCK_SIZE, p += DES_BLOCK_SIZE)
+
+  while (length >= DES_BLOCK_SIZE)
     {
-      memxor(block, p, DES_BLOCK_SIZE);
+      memxor(block, src, DES_BLOCK_SIZE);
       nettle_des_encrypt(ctx, DES_BLOCK_SIZE, block, block);
+
+      src += DES_BLOCK_SIZE;
+      length -= DES_BLOCK_SIZE;	  
+    }
+  if (length > 0)
+    {
+      memxor(block, src, length);
+      nettle_des_encrypt(ctx, DES_BLOCK_SIZE, block, block);	  
     }
   memcpy(*dst, block, DES_BLOCK_SIZE);
 
-- 
GitLab