Merge pull request #3971 from randombit/fix/ffi_cipher_update_for_SIV…

…_CCM FIX: FFI botan_cipher_update() for SIV and CCM
randombit · Apr 5, 2024 · e07c6ca · e07c6ca
2 parents 218678c + 92a2c01
commit e07c6ca
Show file tree

Hide file tree

Showing 3 changed files with 347 additions and 8 deletions.
diff --git a/src/lib/ffi/ffi_cipher.cpp b/src/lib/ffi/ffi_cipher.cpp
@@ -190,18 +190,19 @@ int botan_cipher_update(botan_cipher_t cipher_obj,
       size_t taken = 0, written = 0;
 
       while(input_size >= ud && output_size >= ud) {
-         // FIXME we can use process here and avoid the copy
          copy_mem(mbuf.data(), input, ud);
-         cipher.update(mbuf);
+         const size_t bytes_produced = cipher.process(mbuf);
 
          input_size -= ud;
-         copy_mem(output, mbuf.data(), ud);
          input += ud;
          taken += ud;
 
-         output_size -= ud;
-         output += ud;
-         written += ud;
+         if(bytes_produced > 0) {
+            copy_mem(output, mbuf.data(), bytes_produced);
+            output_size -= bytes_produced;
+            output += bytes_produced;
+            written += bytes_produced;
+         }
       }
 
       *output_written = written;

diff --git a/src/scripts/test_python.py b/src/scripts/test_python.py
@@ -212,7 +212,10 @@ def test_hash(self):
 
     def test_cipher(self):
         for mode in ['AES-128/CTR-BE', 'Serpent/GCM', 'ChaCha20Poly1305', 'AES-128/CBC/PKCS7']:
-            enc = botan.SymmetricCipher(mode, encrypt=True)
+            try:
+                enc = botan.SymmetricCipher(mode, encrypt=True)
+            except botan.BotanException as e:
+                raise RuntimeError("Failed to create encrypting cipher for " + mode) from e
 
             if mode == 'AES-128/CTR-BE':
                 self.assertEqual(enc.algo_name(), 'CTR-BE(AES-128)')
@@ -252,7 +255,10 @@ def test_cipher(self):
 
             ct = enc.finish(pt)
 
-            dec = botan.SymmetricCipher(mode, encrypt=False)
+            try:
+                dec = botan.SymmetricCipher(mode, encrypt=False)
+            except botan.BotanException as e:
+                raise RuntimeError("Failed to create decrypting cipher for " + mode) from e
             dec.set_key(key)
             dec.start(iv)
             decrypted = dec.finish(ct)