From a8929ac54c843e43def74155a2986c63c7831353 Mon Sep 17 00:00:00 2001
From: Lukasz Pawelczyk <l.pawelczyk@samsung.com>
Date: Thu, 18 Jun 2020 17:53:32 +0200
Subject: [PATCH] Padding has to be set before update in case of decryption

When doing encrypt/seal padding can be set before finalize as was
before. But it appears that decrypt behaves differently. In that case
padding has to be set before update or the decryption will be
incorrect.

Change-Id: I86ede38d0d79d401329c25c656e5c6b4c92e02cb
---
 api/yaca/yaca_types.h | 8 ++++++--
 src/encrypt.c         | 3 ++-
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/api/yaca/yaca_types.h b/api/yaca/yaca_types.h
index a4ae309..65b758a 100644
--- a/api/yaca/yaca_types.h
+++ b/api/yaca/yaca_types.h
@@ -456,7 +456,9 @@ typedef enum {
 	 * Padding can be disabled using yaca_context_set_property() and
 	 * #YACA_PROPERTY_PADDING,#YACA_PADDING_NONE,
 	 * then the total length of data passed until *_finalize() MUST be a multiple of block size.
-	 * #YACA_PROPERTY_PADDING can be set at the latest before the *_finalize() call.
+	 * In case of encrypt/seal #YACA_PROPERTY_PADDING can be set at the
+	 * latest before the *_finalize() call. In case of decrypt/open
+	 * it can be set at the latest before the *_update() call.
 	 */
 	YACA_BCM_ECB,
 
@@ -475,7 +477,9 @@ typedef enum {
 	 * Padding can be disabled using yaca_context_set_property() and
 	 * #YACA_PROPERTY_PADDING, #YACA_PADDING_NONE,
 	 * then the total length of data passed until *_finalize() MUST be a multiple of block size.
-	 * #YACA_PROPERTY_PADDING can be set at the latest before the *_finalize() call.
+	 * In case of encrypt/seal #YACA_PROPERTY_PADDING can be set at the
+	 * latest before the *_finalize() call. In case of decrypt/open
+	 * it can be set at the latest before the *_update() call.
 	 */
 	YACA_BCM_CBC,
 
diff --git a/src/encrypt.c b/src/encrypt.c
index 82f5d77..9c6a1a2 100644
--- a/src/encrypt.c
+++ b/src/encrypt.c
@@ -808,7 +808,8 @@ static int set_encrypt_property(yaca_context_h ctx,
 			value_len != sizeof(yaca_padding_e) ||
 			(*(yaca_padding_e*)value != YACA_PADDING_NONE &&
 			*(yaca_padding_e*)value != YACA_PADDING_PKCS7) ||
-			c->state == ENC_CTX_FINALIZED)
+			((is_encryption_op(c->op_type)) && c->state == ENC_CTX_FINALIZED) ||
+			(!(is_encryption_op(c->op_type)) && c->state != ENC_CTX_INITIALIZED))
 			return YACA_ERROR_INVALID_PARAMETER;
 
 		int padding = *(yaca_padding_e*)value == YACA_PADDING_NONE ? 0 : 1;
-- 
2.7.4