crypto.pyx: adapt to strange requirements found in the openssl docs

https://www.openssl.org/docs/crypto/EVP_aes_256_cbc.html EVP_DecryptInit_ex(), EVP_DecryptUpdate() and EVP_DecryptFinal_ex() are the corresponding decryption operations. EVP_DecryptFinal() will return an error code if padding is enabled and the final block is not correctly formatted. The parameters and restrictions are identical to the encryption operations except that if padding is enabled the decrypted data buffer out passed to EVP_DecryptUpdate() should have sufficient room for (inl + cipher_block_size) bytes unless the cipher block size is 1 in which case inl bytes is sufficient. I doubt this is correct, but let's rather be defensive here.
2024-12-23 16:26:29 +00:00 · 2015-03-03 20:18:28 +01:00 · 2015-03-03 20:18:28 +01:00 · 1f4077d870
commit 1f4077d870
parent 550320535c
1 changed files with 4 additions and 1 deletions
--- a/attic/crypto.pyx
+++ b/attic/crypto.pyx
@ -152,7 +152,10 @@ cdef class AES:
        cdef int inl = len(data)
        cdef int ptl = 0
        cdef int outl = 0
-        cdef unsigned char *out = <unsigned char *>malloc(inl)
+        # note: modes that use padding, need up to one extra AES block (16b).
+        # This is what the openssl docs say. I am not sure this is correct,
+        # but OTOH it will not cause any harm if our buffer is a little bigger.
+        cdef unsigned char *out = <unsigned char *>malloc(inl+16)
        if not out:
            raise MemoryError
        try: