return plaintext data faster on unpadded decryption

This commit is contained in:
Andrzej Kurek 2018-03-30 04:58:13 -04:00
parent cbe731c653
commit 944adb9f4f

View file

@ -299,8 +299,10 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
/*
* If there is not enough data for a full block, cache it.
*/
if( ( ctx->operation == MBEDTLS_DECRYPT &&
if( ( ctx->operation == MBEDTLS_DECRYPT && NULL != ctx->add_padding &&
ilen <= mbedtls_cipher_get_block_size( ctx ) - ctx->unprocessed_len ) ||
( ctx->operation == MBEDTLS_DECRYPT && NULL == ctx->add_padding &&
ilen < mbedtls_cipher_get_block_size( ctx ) - ctx->unprocessed_len ) ||
( ctx->operation == MBEDTLS_ENCRYPT &&
ilen < mbedtls_cipher_get_block_size( ctx ) - ctx->unprocessed_len ) )
{
@ -341,9 +343,17 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
*/
if( 0 != ilen )
{
/* Encryption: only cache partial blocks
* Decryption w/ padding: always keep at least one whole block
* Decryption w/o padding: only cache partial blocks
*/
copy_len = ilen % mbedtls_cipher_get_block_size( ctx );
if( copy_len == 0 && ctx->operation == MBEDTLS_DECRYPT )
if( copy_len == 0 &&
ctx->operation == MBEDTLS_DECRYPT &&
NULL != ctx->add_padding)
{
copy_len = mbedtls_cipher_get_block_size( ctx );
}
memcpy( ctx->unprocessed_data, &( input[ilen - copy_len] ),
copy_len );