FIX: review comments

Author: reneme

src/lib/modes/aead/siv/siv.h

@@ -125,6 +125,7 @@ class BOTAN_TEST_API SIV_Decryption final : public SIV_Mode {
       }
 
       size_t bytes_needed_for_finalization(size_t final_input_length) const override {
+         BOTAN_ARG_CHECK(final_input_length >= tag_size(), "Sufficient input");
          return msg_buf().size() + final_input_length;
       }
 

src/lib/modes/cbc/cbc.h

@@ -28,6 +28,7 @@ class CBC_Mode : public Cipher_Mode {
       size_t ideal_granularity() const final;
 
       size_t bytes_needed_for_finalization(size_t final_input_length) const final {
+         BOTAN_ARG_CHECK(final_input_length >= minimum_final_size(), "Sufficient input");
          return output_length(final_input_length);
       }
 

src/lib/modes/cipher_mode.cpp

@@ -7,6 +7,7 @@
 
 #include <botan/cipher_mode.h>
 
+#include <botan/internal/fmt.h>
 #include <botan/internal/parsing.h>
 #include <botan/internal/scan_name.h>
 #include <botan/internal/stream_mode.h>
@@ -177,4 +178,14 @@ std::vector<std::string> Cipher_Mode::providers(std::string_view algo_spec) {
    return providers;
 }
 
+size_t Cipher_Mode::calculate_final_input_bytes(size_t final_block_length, size_t offset) const {
+   if(offset > final_block_length) {
+      throw Invalid_Argument(Botan::fmt("invalid offset in finalization of {}", name()));
+   }
+
+   const size_t final_input_bytes = final_block_length - offset;
+   BOTAN_DEBUG_ASSERT(final_input_bytes >= minimum_final_size());
+   return final_input_bytes;
+}
+
 }  // namespace Botan

src/lib/modes/cipher_mode.h

@@ -203,15 +203,7 @@ class BOTAN_PUBLIC_API(2, 0) Cipher_Mode : public SymmetricAlgorithm {
       */
       template <concepts::resizable_byte_buffer T>
       void finish(T& final_block, size_t offset = 0) {
-         if(offset > final_block.size()) {
-            throw Invalid_Argument("invalid offset");
-         }
-
-         const auto final_input_bytes = final_block.size() - offset;
-         if(final_input_bytes < minimum_final_size()) {
-            throw Invalid_Argument("final input message is too small");
-         }
-
+         const auto final_input_bytes = calculate_final_input_bytes(final_block.size(), offset);
          const auto final_buffer_bytes = bytes_needed_for_finalization(final_input_bytes);
 
          // Make room for additional overhead to be produced during finalization
@@ -303,6 +295,9 @@ class BOTAN_PUBLIC_API(2, 0) Cipher_Mode : public SymmetricAlgorithm {
       * might also return "sse2", "avx2", "openssl", or some other arbitrary string.
       */
       virtual std::string provider() const { return "base"; }
+
+   private:
+      size_t calculate_final_input_bytes(size_t final_block_length, size_t offset) const;
 };
 
 /**

src/lib/modes/xts/xts.cpp

@@ -77,7 +77,7 @@ size_t XTS_Mode::output_length(size_t input_length) const {
 }
 
 size_t XTS_Mode::bytes_needed_for_finalization(size_t final_input_length) const {
-   BOTAN_ASSERT_NOMSG(final_input_length >= minimum_final_size());
+   BOTAN_ARG_CHECK(final_input_length >= minimum_final_size(), "Sufficient input");
    return final_input_length;
 }
 

src/lib/prov/commoncrypto/commoncrypto_mode.cpp

@@ -157,6 +157,7 @@ size_t CommonCrypto_Cipher_Mode::minimum_final_size() const {
 
 size_t CommonCrypto_Cipher_Mode::bytes_needed_for_finalization(size_t final_input_length) const {
    assert_key_material_set();
+   BOTAN_ARG_CHECK(final_input_length >= minimum_final_size(), "Sufficient input");
    const auto expected_output_length = CCCryptorGetOutputLength(m_cipher, final_input_length, true);
 
    // Ensure that the finalization sees all input bytes or is large enough to