return plaintext data faster on unpadded decryption

This commit is contained in:
Andrzej Kurek 2018-03-30 04:58:13 -04:00
parent cbe731c653
commit 944adb9f4f

View file

@ -299,8 +299,10 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
/* /*
* If there is not enough data for a full block, cache it. * If there is not enough data for a full block, cache it.
*/ */
if( ( ctx->operation == MBEDTLS_DECRYPT && if( ( ctx->operation == MBEDTLS_DECRYPT && NULL != ctx->add_padding &&
ilen <= mbedtls_cipher_get_block_size( ctx ) - ctx->unprocessed_len ) || ilen <= mbedtls_cipher_get_block_size( ctx ) - ctx->unprocessed_len ) ||
( ctx->operation == MBEDTLS_DECRYPT && NULL == ctx->add_padding &&
ilen < mbedtls_cipher_get_block_size( ctx ) - ctx->unprocessed_len ) ||
( ctx->operation == MBEDTLS_ENCRYPT && ( ctx->operation == MBEDTLS_ENCRYPT &&
ilen < mbedtls_cipher_get_block_size( ctx ) - ctx->unprocessed_len ) ) ilen < mbedtls_cipher_get_block_size( ctx ) - ctx->unprocessed_len ) )
{ {
@ -341,9 +343,17 @@ int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *i
*/ */
if( 0 != ilen ) if( 0 != ilen )
{ {
/* Encryption: only cache partial blocks
* Decryption w/ padding: always keep at least one whole block
* Decryption w/o padding: only cache partial blocks
*/
copy_len = ilen % mbedtls_cipher_get_block_size( ctx ); copy_len = ilen % mbedtls_cipher_get_block_size( ctx );
if( copy_len == 0 && ctx->operation == MBEDTLS_DECRYPT ) if( copy_len == 0 &&
ctx->operation == MBEDTLS_DECRYPT &&
NULL != ctx->add_padding)
{
copy_len = mbedtls_cipher_get_block_size( ctx ); copy_len = mbedtls_cipher_get_block_size( ctx );
}
memcpy( ctx->unprocessed_data, &( input[ilen - copy_len] ), memcpy( ctx->unprocessed_data, &( input[ilen - copy_len] ),
copy_len ); copy_len );