From c252dba8f68aa32580cf2f194ff798cb80c5366c Mon Sep 17 00:00:00 2001
From: Hao Cheng <haocheng888@hotmail.com>
Date: Thu, 28 Feb 2019 15:51:32 -0500
Subject: [PATCH] Support padding engines

Some crypto engines (e.g. PKCS7) always do padding (i.e. even input is aligned with block size, additional block is added to output of encryption). Make changes to support these engines
---
 ff1/ff1.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/ff1/ff1.go b/ff1/ff1.go
index c34c9c8..0374afb 100644
--- a/ff1/ff1.go
+++ b/ff1/ff1.go
@@ -599,7 +599,11 @@ func (c Cipher) ciph(input []byte) ([]byte, error) {
 		return nil, errors.New("length of ciph input must be multiple of 16")
 	}
 
-	c.cbcEncryptor.CryptBlocks(input, input)
+	// Some crypto engines (e.g. PKCS7) always do padding (i.e. additional block is added), we need output buffer one block bigger
+	ciphertext := make([]byte, len(input)+blockSize)
+	c.cbcEncryptor.CryptBlocks(ciphertext, input)
+	// This FF1 implementation is update buffer in-place, copy result back to input
+	copy(input, ciphertext[:len(input)])
 
 	// Reset IV to 0
 	c.cbcEncryptor.(cbcMode).SetIV(ivZero)