From 944adb9f4f18386b8bf7fd151b9a871979196cea Mon Sep 17 00:00:00 2001 From: Andrzej Kurek Date: Fri, 30 Mar 2018 04:58:13 -0400 Subject: [PATCH] return plaintext data faster on unpadded decryption --- library/cipher.c | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/library/cipher.c b/library/cipher.c index b0e0d8716..cf82a8258 100644 --- a/library/cipher.c +++ b/library/cipher.c @@ -299,8 +299,10 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i /* * If there is not enough data for a full block, cache it. */ - if( ( ctx->operation == MBEDTLS_DECRYPT && + if( ( ctx->operation == MBEDTLS_DECRYPT && NULL != ctx->add_padding && ilen <= mbedtls_cipher_get_block_size( ctx ) - ctx->unprocessed_len ) || + ( ctx->operation == MBEDTLS_DECRYPT && NULL == ctx->add_padding && + ilen < mbedtls_cipher_get_block_size( ctx ) - ctx->unprocessed_len ) || ( ctx->operation == MBEDTLS_ENCRYPT && ilen < mbedtls_cipher_get_block_size( ctx ) - ctx->unprocessed_len ) ) { @@ -341,9 +343,17 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i */ if( 0 != ilen ) { + /* Encryption: only cache partial blocks + * Decryption w/ padding: always keep at least one whole block + * Decryption w/o padding: only cache partial blocks + */ copy_len = ilen % mbedtls_cipher_get_block_size( ctx ); - if( copy_len == 0 && ctx->operation == MBEDTLS_DECRYPT ) + if( copy_len == 0 && + ctx->operation == MBEDTLS_DECRYPT && + NULL != ctx->add_padding) + { copy_len = mbedtls_cipher_get_block_size( ctx ); + } memcpy( ctx->unprocessed_data, &( input[ilen - copy_len] ), copy_len );