From 3209531cca043c3e4269b3adf2057518b19e369b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=90=D1=80=D1=82=D1=91=D0=BC=20=D0=9F=D0=B0=D0=B2=D0=BB?= =?UTF-8?q?=D0=BE=D0=B2=20=5BArtyom=20Pavlov=5D?= Date: Fri, 30 Jan 2026 19:27:17 +0300 Subject: [PATCH 1/3] cipher: remove padded methods from BlockCipherEncrypt/Decrypt traits --- cipher/src/block.rs | 150 -------------------------------------------- 1 file changed, 150 deletions(-) diff --git a/cipher/src/block.rs b/cipher/src/block.rs index a184233a7..b44bd9b3f 100644 --- a/cipher/src/block.rs +++ b/cipher/src/block.rs @@ -81,90 +81,6 @@ pub trait BlockCipherEncrypt: BlockSizeUser + Sized { InOutBuf::new(in_blocks, out_blocks) .map(|blocks| self.encrypt_with_backend(BlocksCtx { blocks })) } - - /// Pad input and encrypt. Returns resulting ciphertext slice. - /// - /// Returns [`PadError`] if length of output buffer is not sufficient. - #[cfg(feature = "block-padding")] - #[inline] - fn encrypt_padded_inout<'out, P: Padding>( - &self, - data: InOutBufReserved<'_, 'out, u8>, - ) -> Result<&'out [u8], PadError> { - let mut buf = data.into_padded_blocks::()?; - self.encrypt_blocks_inout(buf.get_blocks()); - if let Some(block) = buf.get_tail_block() { - self.encrypt_block_inout(block); - } - Ok(buf.into_out()) - } - - /// Pad input and encrypt in-place. Returns resulting ciphertext slice. - /// - /// Returns [`PadError`] if length of output buffer is not sufficient. - #[cfg(feature = "block-padding")] - #[inline] - fn encrypt_padded<'a, P: Padding>( - &self, - buf: &'a mut [u8], - msg_len: usize, - ) -> Result<&'a [u8], PadError> { - let buf = InOutBufReserved::from_mut_slice(buf, msg_len).map_err(|_| PadError)?; - self.encrypt_padded_inout::

(buf) - } - - /// Pad input and encrypt buffer-to-buffer. Returns resulting ciphertext slice. - /// - /// Returns [`PadError`] if length of output buffer is not sufficient. - #[cfg(feature = "block-padding")] - #[inline] - fn encrypt_padded_b2b<'a, P: Padding>( - &self, - msg: &[u8], - out_buf: &'a mut [u8], - ) -> Result<&'a [u8], PadError> { - let buf = InOutBufReserved::from_slices(msg, out_buf).map_err(|_| PadError)?; - self.encrypt_padded_inout::

(buf) - } - - /// Pad `msg` with padding algorithm `P`, encrypt it into a newly allocated `Vec`, - /// and return the resulting ciphertext vector. - /// - /// # Panics - /// If `NoPadding` is used with a message size that is not a multiple of the cipher block size. - #[cfg(all(feature = "block-padding", feature = "alloc"))] - #[inline] - fn encrypt_padded_vec(&self, msg: &[u8]) -> Vec { - use block_padding::{NoPadding, ZeroPadding}; - use common::typenum::Unsigned; - use core::any::TypeId; - - let bs = Self::BlockSize::USIZE; - let msg_len = msg.len(); - - let pad_type_id = TypeId::of::

(); - let buf_blocks_len = if pad_type_id == TypeId::of::() { - if msg_len % bs != 0 { - panic!( - "NoPadding is used with a {msg_len}‑byte message, - which is not a multiple of the {bs}‑byte cipher block size" - ); - } - msg_len / bs - } else if pad_type_id == TypeId::of::() { - msg_len.div_ceil(bs) - } else { - 1 + msg_len / bs - }; - - let mut buf = vec![0; bs * buf_blocks_len]; - let res_len = self - .encrypt_padded_b2b::

(msg, &mut buf) - .expect("`buf` has enough space for encryption") - .len(); - buf.truncate(res_len); - buf - } } /// Decrypt-only functionality for block ciphers. @@ -218,72 +134,6 @@ pub trait BlockCipherDecrypt: BlockSizeUser { InOutBuf::new(in_blocks, out_blocks) .map(|blocks| self.decrypt_with_backend(BlocksCtx { blocks })) } - - /// Decrypt input and unpad it. Returns resulting plaintext slice. - /// - /// Returns [`block_padding::Error`] if padding is malformed or if input length is - /// not multiple of `Self::BlockSize`. - #[cfg(feature = "block-padding")] - #[inline] - fn decrypt_padded_inout<'out, P: Padding>( - &self, - data: InOutBuf<'_, 'out, u8>, - ) -> Result<&'out [u8], block_padding::Error> { - let (mut blocks, tail) = data.into_chunks(); - if !tail.is_empty() { - return Err(block_padding::Error); - } - self.decrypt_blocks_inout(blocks.reborrow()); - P::unpad_blocks::(blocks.into_out()) - } - - /// Decrypt input and unpad it in-place. Returns resulting plaintext slice. - /// - /// Returns [`block_padding::Error`] if padding is malformed or if input length is - /// not multiple of `Self::BlockSize`. - #[cfg(feature = "block-padding")] - #[inline] - fn decrypt_padded<'a, P: Padding>( - &self, - buf: &'a mut [u8], - ) -> Result<&'a [u8], block_padding::Error> { - self.decrypt_padded_inout::

(buf.into()) - } - - /// Decrypt input and unpad it buffer-to-buffer. Returns resulting - /// plaintext slice. - /// - /// Returns [`block_padding::Error`] if padding is malformed or if input length is - /// not multiple of `Self::BlockSize`. - #[cfg(feature = "block-padding")] - #[inline] - fn decrypt_padded_b2b<'a, P: Padding>( - &self, - in_buf: &[u8], - out_buf: &'a mut [u8], - ) -> Result<&'a [u8], block_padding::Error> { - if out_buf.len() < in_buf.len() { - return Err(block_padding::Error); - } - let n = in_buf.len(); - // note: `new` always returns `Ok` here - let buf = InOutBuf::new(in_buf, &mut out_buf[..n]).map_err(|_| block_padding::Error)?; - self.decrypt_padded_inout::

(buf) - } - - /// Decrypt input and unpad it in a newly allocated Vec. Returns resulting - /// plaintext `Vec`. - /// - /// Returns [`block_padding::Error`] if padding is malformed or if input length is - /// not multiple of `Self::BlockSize`. - #[cfg(all(feature = "block-padding", feature = "alloc"))] - #[inline] - fn decrypt_padded_vec(&self, buf: &[u8]) -> Result, block_padding::Error> { - let mut out = vec![0; buf.len()]; - let len = self.decrypt_padded_b2b::

(buf, &mut out)?.len(); - out.truncate(len); - Ok(out) - } } impl BlockCipherEncrypt for &Alg { From 0f16d0c6a5072507226995a02b9aea548fd82533 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=90=D1=80=D1=82=D1=91=D0=BC=20=D0=9F=D0=B0=D0=B2=D0=BB?= =?UTF-8?q?=D0=BE=D0=B2=20=5BArtyom=20Pavlov=5D?= Date: Fri, 30 Jan 2026 19:39:15 +0300 Subject: [PATCH 2/3] Update changelog --- cipher/CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/cipher/CHANGELOG.md b/cipher/CHANGELOG.md index a9c211993..34c6b1b7e 100644 --- a/cipher/CHANGELOG.md +++ b/cipher/CHANGELOG.md @@ -13,9 +13,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Fixed - Seeking implementation in the stream cipher wrapper ([#2052]) +### Removed +- `BlockCipherEncrypt::encrypt_padded*` and `BlockCipherDecrypt::decrypt_padded*` methods ([#2245]) + [#1759]: https://github.com/RustCrypto/traits/pull/1759 [#2052]: https://github.com/RustCrypto/traits/pull/2052 [#2237]: https://github.com/RustCrypto/traits/pull/2237 +[#2245]: https://github.com/RustCrypto/traits/pull/2245 ## 0.4.4 (2022-03-09) ### Changed From 6163439831318bac5bf116d75c36efe8d1b55f74 Mon Sep 17 00:00:00 2001 From: Artyom Pavlov Date: Sat, 31 Jan 2026 00:25:31 +0300 Subject: [PATCH 3/3] Tweak changelog entry --- cipher/CHANGELOG.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/cipher/CHANGELOG.md b/cipher/CHANGELOG.md index 34c6b1b7e..1efe36504 100644 --- a/cipher/CHANGELOG.md +++ b/cipher/CHANGELOG.md @@ -14,7 +14,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 - Seeking implementation in the stream cipher wrapper ([#2052]) ### Removed -- `BlockCipherEncrypt::encrypt_padded*` and `BlockCipherDecrypt::decrypt_padded*` methods ([#2245]) +- `BlockCipherEncrypt::encrypt_padded*` and `BlockCipherDecrypt::decrypt_padded*` methods. + Users of the ECB mode should use the `ecb-mode` crate instead. ([#2245]) [#1759]: https://github.com/RustCrypto/traits/pull/1759 [#2052]: https://github.com/RustCrypto/traits/pull/2052