Merge branch 'development' into development-restricted
diff --git a/ChangeLog b/ChangeLog
index 3f5e56f..4273dda 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -45,6 +45,10 @@
line arguments.
* New unit tests for timing. Improve the self-test to be more robust
when run on a heavily-loaded machine.
+ * Add alternative implementation support for CCM and CMAC (MBEDTLS_CCM_ALT,
+ MBEDTLS_CMAC_ALT). Submitted by Steve Cooreman, Silicon Labs.
+ * Add support for alternative implementations of GCM, selected by the
+ configuration flag MBEDTLS_GCM_ALT.
New deprecations
* Deprecate usage of RSA primitives with non-matching key-type
@@ -97,11 +101,14 @@
MilenkoMitrovic, #1104
* Fix mbedtls_timing_alarm(0) on Unix.
* Fix use of uninitialized memory in mbedtls_timing_get_timer when reset=1.
+ * Fix possible memory leaks in mbedtls_gcm_self_test().
+ * Added missing return code checks in mbedtls_aes_self_test().
Changes
* Extend cert_write example program by options to set the CRT version
and the message digest. Further, allow enabling/disabling of authority
identifier, subject identifier and basic constraints extensions.
+ * Only run AES-192 self-test if AES-192 is available. Fixes #963.
= mbed TLS 2.6.0 branch released 2017-08-10
diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h
index 1829f72..c8dd0f3 100644
--- a/include/mbedtls/aes.h
+++ b/include/mbedtls/aes.h
@@ -36,9 +36,13 @@
#define MBEDTLS_AES_ENCRYPT 1
#define MBEDTLS_AES_DECRYPT 0
+/* Error codes in range 0x0020-0x0022 */
#define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020 /**< Invalid key length. */
#define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH -0x0022 /**< Invalid data input length. */
+/* Error codes in range 0x0023-0x0023 */
+#define MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE -0x0023 /**< Feature not available, e.g. unsupported AES key size. */
+
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
!defined(inline) && !defined(__cplusplus)
#define inline __inline
diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h
index ef75839..579402f 100644
--- a/include/mbedtls/ccm.h
+++ b/include/mbedtls/ccm.h
@@ -28,6 +28,10 @@
#define MBEDTLS_ERR_CCM_BAD_INPUT -0x000D /**< Bad input parameters to function. */
#define MBEDTLS_ERR_CCM_AUTH_FAILED -0x000F /**< Authenticated decryption failed. */
+#if !defined(MBEDTLS_CCM_ALT)
+// Regular implementation
+//
+
#ifdef __cplusplus
extern "C" {
#endif
@@ -125,6 +129,18 @@
const unsigned char *input, unsigned char *output,
const unsigned char *tag, size_t tag_len );
+#ifdef __cplusplus
+}
+#endif
+
+#else /* !MBEDTLS_CCM_ALT */
+#include "ccm_alt.h"
+#endif /* !MBEDTLS_CCM_ALT */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
/**
* \brief Checkup routine
diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h
index 9a2b96b..4d3f2d2 100644
--- a/include/mbedtls/cmac.h
+++ b/include/mbedtls/cmac.h
@@ -39,6 +39,8 @@
#define MBEDTLS_CIPHER_BLKSIZE_MAX 8 /* longest used by CMAC is 3DES */
#endif
+#if !defined(MBEDTLS_CMAC_ALT)
+
/**
* CMAC context structure - Contains internal state information only
*/
@@ -154,6 +156,18 @@
unsigned char output[16] );
#endif /* MBEDTLS_AES_C */
+#ifdef __cplusplus
+}
+#endif
+
+#else /* !MBEDTLS_CMAC_ALT */
+#include "cmac_alt.h"
+#endif /* !MBEDTLS_CMAC_ALT */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
#if defined(MBEDTLS_SELF_TEST) && ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) )
/**
* \brief Checkup routine
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 69e997f..7c06815 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -266,7 +266,10 @@
//#define MBEDTLS_ARC4_ALT
//#define MBEDTLS_BLOWFISH_ALT
//#define MBEDTLS_CAMELLIA_ALT
+//#define MBEDTLS_CCM_ALT
+//#define MBEDTLS_CMAC_ALT
//#define MBEDTLS_DES_ALT
+//#define MBEDTLS_GCM_ALT
//#define MBEDTLS_XTEA_ALT
//#define MBEDTLS_MD2_ALT
//#define MBEDTLS_MD4_ALT
diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h
index d51bcde..4eb7b78 100644
--- a/include/mbedtls/error.h
+++ b/include/mbedtls/error.h
@@ -52,7 +52,7 @@
* GCM 2 0x0012-0x0014
* BLOWFISH 2 0x0016-0x0018
* THREADING 3 0x001A-0x001E
- * AES 2 0x0020-0x0022
+ * AES 2 0x0020-0x0022 0x0023-0x0023
* CAMELLIA 2 0x0024-0x0026
* XTEA 1 0x0028-0x0028
* BASE64 2 0x002A-0x002C
diff --git a/include/mbedtls/gcm.h b/include/mbedtls/gcm.h
index 1b77aae..8f3b565 100644
--- a/include/mbedtls/gcm.h
+++ b/include/mbedtls/gcm.h
@@ -33,6 +33,8 @@
#define MBEDTLS_ERR_GCM_AUTH_FAILED -0x0012 /**< Authenticated decryption failed. */
#define MBEDTLS_ERR_GCM_BAD_INPUT -0x0014 /**< Bad input parameters to function. */
+#if !defined(MBEDTLS_GCM_ALT)
+
#ifdef __cplusplus
extern "C" {
#endif
@@ -206,6 +208,18 @@
*/
void mbedtls_gcm_free( mbedtls_gcm_context *ctx );
+#ifdef __cplusplus
+}
+#endif
+
+#else /* !MBEDTLS_GCM_ALT */
+#include "gcm_alt.h"
+#endif /* !MBEDTLS_GCM_ALT */
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
/**
* \brief Checkup routine
*
@@ -217,4 +231,5 @@
}
#endif
+
#endif /* gcm.h */
diff --git a/library/aes.c b/library/aes.c
index 5860384..dba4a5f 100644
--- a/library/aes.c
+++ b/library/aes.c
@@ -1235,9 +1235,11 @@
*/
int mbedtls_aes_self_test( int verbose )
{
- int ret = 0, i, j, u, v;
+ int ret = 0, i, j, u, mode;
+ unsigned int keybits;
unsigned char key[32];
unsigned char buf[64];
+ const unsigned char *aes_tests;
#if defined(MBEDTLS_CIPHER_MODE_CBC) || defined(MBEDTLS_CIPHER_MODE_CFB)
unsigned char iv[16];
#endif
@@ -1263,45 +1265,52 @@
for( i = 0; i < 6; i++ )
{
u = i >> 1;
- v = i & 1;
+ keybits = 128 + u * 64;
+ mode = i & 1;
if( verbose != 0 )
- mbedtls_printf( " AES-ECB-%3d (%s): ", 128 + u * 64,
- ( v == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
+ mbedtls_printf( " AES-ECB-%3d (%s): ", keybits,
+ ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
memset( buf, 0, 16 );
- if( v == MBEDTLS_AES_DECRYPT )
+ if( mode == MBEDTLS_AES_DECRYPT )
{
- mbedtls_aes_setkey_dec( &ctx, key, 128 + u * 64 );
-
- for( j = 0; j < 10000; j++ )
- mbedtls_aes_crypt_ecb( &ctx, v, buf, buf );
-
- if( memcmp( buf, aes_test_ecb_dec[u], 16 ) != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
-
- ret = 1;
- goto exit;
- }
+ ret = mbedtls_aes_setkey_dec( &ctx, key, keybits );
+ aes_tests = aes_test_ecb_dec[u];
}
else
{
- mbedtls_aes_setkey_enc( &ctx, key, 128 + u * 64 );
+ ret = mbedtls_aes_setkey_enc( &ctx, key, keybits );
+ aes_tests = aes_test_ecb_enc[u];
+ }
- for( j = 0; j < 10000; j++ )
- mbedtls_aes_crypt_ecb( &ctx, v, buf, buf );
+ /*
+ * AES-192 is an optional feature that may be unavailable when
+ * there is an alternative underlying implementation i.e. when
+ * MBEDTLS_AES_ALT is defined.
+ */
+ if( ret == MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE && keybits == 192 )
+ {
+ mbedtls_printf( "skipped\n" );
+ continue;
+ }
+ else if( ret != 0 )
+ {
+ goto exit;
+ }
- if( memcmp( buf, aes_test_ecb_enc[u], 16 ) != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
-
- ret = 1;
+ for( j = 0; j < 10000; j++ )
+ {
+ ret = mbedtls_aes_crypt_ecb( &ctx, mode, buf, buf );
+ if( ret != 0 )
goto exit;
- }
+ }
+
+ if( memcmp( buf, aes_tests, 16 ) != 0 )
+ {
+ ret = 1;
+ goto exit;
}
if( verbose != 0 )
@@ -1318,55 +1327,64 @@
for( i = 0; i < 6; i++ )
{
u = i >> 1;
- v = i & 1;
+ keybits = 128 + u * 64;
+ mode = i & 1;
if( verbose != 0 )
- mbedtls_printf( " AES-CBC-%3d (%s): ", 128 + u * 64,
- ( v == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
+ mbedtls_printf( " AES-CBC-%3d (%s): ", keybits,
+ ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
memset( iv , 0, 16 );
memset( prv, 0, 16 );
memset( buf, 0, 16 );
- if( v == MBEDTLS_AES_DECRYPT )
+ if( mode == MBEDTLS_AES_DECRYPT )
{
- mbedtls_aes_setkey_dec( &ctx, key, 128 + u * 64 );
-
- for( j = 0; j < 10000; j++ )
- mbedtls_aes_crypt_cbc( &ctx, v, 16, iv, buf, buf );
-
- if( memcmp( buf, aes_test_cbc_dec[u], 16 ) != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
-
- ret = 1;
- goto exit;
- }
+ ret = mbedtls_aes_setkey_dec( &ctx, key, keybits );
+ aes_tests = aes_test_cbc_dec[u];
}
else
{
- mbedtls_aes_setkey_enc( &ctx, key, 128 + u * 64 );
+ ret = mbedtls_aes_setkey_enc( &ctx, key, keybits );
+ aes_tests = aes_test_cbc_enc[u];
+ }
- for( j = 0; j < 10000; j++ )
+ /*
+ * AES-192 is an optional feature that may be unavailable when
+ * there is an alternative underlying implementation i.e. when
+ * MBEDTLS_AES_ALT is defined.
+ */
+ if( ret == MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE && keybits == 192 )
+ {
+ mbedtls_printf( "skipped\n" );
+ continue;
+ }
+ else if( ret != 0 )
+ {
+ goto exit;
+ }
+
+ for( j = 0; j < 10000; j++ )
+ {
+ if( mode == MBEDTLS_AES_ENCRYPT )
{
unsigned char tmp[16];
- mbedtls_aes_crypt_cbc( &ctx, v, 16, iv, buf, buf );
-
memcpy( tmp, prv, 16 );
memcpy( prv, buf, 16 );
memcpy( buf, tmp, 16 );
}
- if( memcmp( prv, aes_test_cbc_enc[u], 16 ) != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
-
- ret = 1;
+ ret = mbedtls_aes_crypt_cbc( &ctx, mode, 16, iv, buf, buf );
+ if( ret != 0 )
goto exit;
- }
+
+ }
+
+ if( memcmp( buf, aes_tests, 16 ) != 0 )
+ {
+ ret = 1;
+ goto exit;
}
if( verbose != 0 )
@@ -1384,45 +1402,52 @@
for( i = 0; i < 6; i++ )
{
u = i >> 1;
- v = i & 1;
+ keybits = 128 + u * 64;
+ mode = i & 1;
if( verbose != 0 )
- mbedtls_printf( " AES-CFB128-%3d (%s): ", 128 + u * 64,
- ( v == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
+ mbedtls_printf( " AES-CFB128-%3d (%s): ", keybits,
+ ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
memcpy( iv, aes_test_cfb128_iv, 16 );
- memcpy( key, aes_test_cfb128_key[u], 16 + u * 8 );
+ memcpy( key, aes_test_cfb128_key[u], keybits / 8 );
offset = 0;
- mbedtls_aes_setkey_enc( &ctx, key, 128 + u * 64 );
+ ret = mbedtls_aes_setkey_enc( &ctx, key, keybits );
+ /*
+ * AES-192 is an optional feature that may be unavailable when
+ * there is an alternative underlying implementation i.e. when
+ * MBEDTLS_AES_ALT is defined.
+ */
+ if( ret == MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE && keybits == 192 )
+ {
+ mbedtls_printf( "skipped\n" );
+ continue;
+ }
+ else if( ret != 0 )
+ {
+ goto exit;
+ }
- if( v == MBEDTLS_AES_DECRYPT )
+ if( mode == MBEDTLS_AES_DECRYPT )
{
memcpy( buf, aes_test_cfb128_ct[u], 64 );
- mbedtls_aes_crypt_cfb128( &ctx, v, 64, &offset, iv, buf, buf );
-
- if( memcmp( buf, aes_test_cfb128_pt, 64 ) != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
-
- ret = 1;
- goto exit;
- }
+ aes_tests = aes_test_cfb128_pt;
}
else
{
memcpy( buf, aes_test_cfb128_pt, 64 );
- mbedtls_aes_crypt_cfb128( &ctx, v, 64, &offset, iv, buf, buf );
+ aes_tests = aes_test_cfb128_ct[u];
+ }
- if( memcmp( buf, aes_test_cfb128_ct[u], 64 ) != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
+ ret = mbedtls_aes_crypt_cfb128( &ctx, mode, 64, &offset, iv, buf, buf );
+ if( ret != 0 )
+ goto exit;
- ret = 1;
- goto exit;
- }
+ if( memcmp( buf, aes_tests, 64 ) != 0 )
+ {
+ ret = 1;
+ goto exit;
}
if( verbose != 0 )
@@ -1440,51 +1465,41 @@
for( i = 0; i < 6; i++ )
{
u = i >> 1;
- v = i & 1;
+ mode = i & 1;
if( verbose != 0 )
mbedtls_printf( " AES-CTR-128 (%s): ",
- ( v == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
+ ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" );
memcpy( nonce_counter, aes_test_ctr_nonce_counter[u], 16 );
memcpy( key, aes_test_ctr_key[u], 16 );
offset = 0;
- mbedtls_aes_setkey_enc( &ctx, key, 128 );
+ if( ( ret = mbedtls_aes_setkey_enc( &ctx, key, 128 ) ) != 0 )
+ goto exit;
- if( v == MBEDTLS_AES_DECRYPT )
+ len = aes_test_ctr_len[u];
+
+ if( mode == MBEDTLS_AES_DECRYPT )
{
- len = aes_test_ctr_len[u];
memcpy( buf, aes_test_ctr_ct[u], len );
-
- mbedtls_aes_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block,
- buf, buf );
-
- if( memcmp( buf, aes_test_ctr_pt[u], len ) != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
-
- ret = 1;
- goto exit;
- }
+ aes_tests = aes_test_ctr_pt[u];
}
else
{
- len = aes_test_ctr_len[u];
memcpy( buf, aes_test_ctr_pt[u], len );
+ aes_tests = aes_test_ctr_ct[u];
+ }
- mbedtls_aes_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block,
- buf, buf );
+ ret = mbedtls_aes_crypt_ctr( &ctx, len, &offset, nonce_counter,
+ stream_block, buf, buf );
+ if( ret != 0 )
+ goto exit;
- if( memcmp( buf, aes_test_ctr_ct[u], len ) != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
-
- ret = 1;
- goto exit;
- }
+ if( memcmp( buf, aes_tests, len ) != 0 )
+ {
+ ret = 1;
+ goto exit;
}
if( verbose != 0 )
@@ -1498,6 +1513,9 @@
ret = 0;
exit:
+ if( ret != 0 && verbose != 0 )
+ mbedtls_printf( "failed\n" );
+
mbedtls_aes_free( &ctx );
return( ret );
diff --git a/library/ccm.c b/library/ccm.c
index 13a8fd1..9101e5f 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -49,6 +49,8 @@
#endif /* MBEDTLS_PLATFORM_C */
#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
+#if !defined(MBEDTLS_CCM_ALT)
+
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
@@ -348,6 +350,7 @@
return( 0 );
}
+#endif /* !MBEDTLS_CCM_ALT */
#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
/*
diff --git a/library/cmac.c b/library/cmac.c
index 6df56aa..9dbff90 100644
--- a/library/cmac.c
+++ b/library/cmac.c
@@ -65,6 +65,8 @@
#endif /* MBEDTLS_SELF_TEST */
#endif /* MBEDTLS_PLATFORM_C */
+#if !defined(MBEDTLS_CMAC_ALT) || defined(MBEDTLS_SELF_TEST)
+
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
@@ -164,7 +166,9 @@
return( ret );
}
+#endif /* !defined(MBEDTLS_CMAC_ALT) || defined(MBEDTLS_SELF_TEST) */
+#if !defined(MBEDTLS_CMAC_ALT)
static void cmac_xor_block( unsigned char *output, const unsigned char *input1,
const unsigned char *input2,
const size_t block_size )
@@ -468,6 +472,8 @@
}
#endif /* MBEDTLS_AES_C */
+#endif /* !MBEDTLS_CMAC_ALT */
+
#if defined(MBEDTLS_SELF_TEST)
/*
* CMAC test data for SP800-38B
diff --git a/library/error.c b/library/error.c
index 23e4953..151ca4e 100644
--- a/library/error.c
+++ b/library/error.c
@@ -520,6 +520,8 @@
mbedtls_snprintf( buf, buflen, "AES - Invalid key length" );
if( use_ret == -(MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH) )
mbedtls_snprintf( buf, buflen, "AES - Invalid data input length" );
+ if( use_ret == -(MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE) )
+ mbedtls_snprintf( buf, buflen, "AES - Feature not available, e.g. unsupported AES key size" );
#endif /* MBEDTLS_AES_C */
#if defined(MBEDTLS_ASN1_PARSE_C)
diff --git a/library/gcm.c b/library/gcm.c
index fccb092..294a86d 100644
--- a/library/gcm.c
+++ b/library/gcm.c
@@ -46,6 +46,7 @@
#endif
#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
+#include "mbedtls/aes.h"
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
#else
@@ -54,6 +55,8 @@
#endif /* MBEDTLS_PLATFORM_C */
#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
+#if !defined(MBEDTLS_GCM_ALT)
+
/*
* 32-bit integer manipulation macros (big endian)
*/
@@ -508,6 +511,8 @@
mbedtls_zeroize( ctx, sizeof( mbedtls_gcm_context ) );
}
+#endif /* !MBEDTLS_GCM_ALT */
+
#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
/*
* AES-GCM test vectors from:
@@ -744,34 +749,48 @@
int i, j, ret;
mbedtls_cipher_id_t cipher = MBEDTLS_CIPHER_ID_AES;
- mbedtls_gcm_init( &ctx );
-
for( j = 0; j < 3; j++ )
{
int key_len = 128 + 64 * j;
for( i = 0; i < MAX_TESTS; i++ )
{
+ mbedtls_gcm_init( &ctx );
+
if( verbose != 0 )
mbedtls_printf( " AES-GCM-%3d #%d (%s): ",
- key_len, i, "enc" );
+ key_len, i, "enc" );
- mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]], key_len );
+ ret = mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]],
+ key_len );
+ /*
+ * AES-192 is an optional feature that may be unavailable when
+ * there is an alternative underlying implementation i.e. when
+ * MBEDTLS_AES_ALT is defined.
+ */
+ if( ret == MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE && key_len == 192 )
+ {
+ mbedtls_printf( "skipped\n" );
+ break;
+ }
+ else if( ret != 0 )
+ {
+ goto exit;
+ }
ret = mbedtls_gcm_crypt_and_tag( &ctx, MBEDTLS_GCM_ENCRYPT,
- pt_len[i],
- iv[iv_index[i]], iv_len[i],
- additional[add_index[i]], add_len[i],
- pt[pt_index[i]], buf, 16, tag_buf );
+ pt_len[i],
+ iv[iv_index[i]], iv_len[i],
+ additional[add_index[i]], add_len[i],
+ pt[pt_index[i]], buf, 16, tag_buf );
+ if( ret != 0 )
+ goto exit;
- if( ret != 0 ||
- memcmp( buf, ct[j * 6 + i], pt_len[i] ) != 0 ||
- memcmp( tag_buf, tag[j * 6 + i], 16 ) != 0 )
+ if ( memcmp( buf, ct[j * 6 + i], pt_len[i] ) != 0 ||
+ memcmp( tag_buf, tag[j * 6 + i], 16 ) != 0 )
{
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
-
- return( 1 );
+ ret = 1;
+ goto exit;
}
mbedtls_gcm_free( &ctx );
@@ -779,26 +798,31 @@
if( verbose != 0 )
mbedtls_printf( "passed\n" );
+ mbedtls_gcm_init( &ctx );
+
if( verbose != 0 )
mbedtls_printf( " AES-GCM-%3d #%d (%s): ",
- key_len, i, "dec" );
+ key_len, i, "dec" );
- mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]], key_len );
+ ret = mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]],
+ key_len );
+ if( ret != 0 )
+ goto exit;
ret = mbedtls_gcm_crypt_and_tag( &ctx, MBEDTLS_GCM_DECRYPT,
- pt_len[i],
- iv[iv_index[i]], iv_len[i],
- additional[add_index[i]], add_len[i],
- ct[j * 6 + i], buf, 16, tag_buf );
+ pt_len[i],
+ iv[iv_index[i]], iv_len[i],
+ additional[add_index[i]], add_len[i],
+ ct[j * 6 + i], buf, 16, tag_buf );
- if( ret != 0 ||
- memcmp( buf, pt[pt_index[i]], pt_len[i] ) != 0 ||
+ if( ret != 0 )
+ goto exit;
+
+ if( memcmp( buf, pt[pt_index[i]], pt_len[i] ) != 0 ||
memcmp( tag_buf, tag[j * 6 + i], 16 ) != 0 )
{
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
-
- return( 1 );
+ ret = 1;
+ goto exit;
}
mbedtls_gcm_free( &ctx );
@@ -806,66 +830,51 @@
if( verbose != 0 )
mbedtls_printf( "passed\n" );
+ mbedtls_gcm_init( &ctx );
+
if( verbose != 0 )
mbedtls_printf( " AES-GCM-%3d #%d split (%s): ",
- key_len, i, "enc" );
+ key_len, i, "enc" );
- mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]], key_len );
+ ret = mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]],
+ key_len );
+ if( ret != 0 )
+ goto exit;
ret = mbedtls_gcm_starts( &ctx, MBEDTLS_GCM_ENCRYPT,
- iv[iv_index[i]], iv_len[i],
- additional[add_index[i]], add_len[i] );
+ iv[iv_index[i]], iv_len[i],
+ additional[add_index[i]], add_len[i] );
if( ret != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
-
- return( 1 );
- }
+ goto exit;
if( pt_len[i] > 32 )
{
size_t rest_len = pt_len[i] - 32;
ret = mbedtls_gcm_update( &ctx, 32, pt[pt_index[i]], buf );
if( ret != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
-
- return( 1 );
- }
+ goto exit;
ret = mbedtls_gcm_update( &ctx, rest_len, pt[pt_index[i]] + 32,
buf + 32 );
if( ret != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
-
- return( 1 );
- }
+ goto exit;
}
else
{
ret = mbedtls_gcm_update( &ctx, pt_len[i], pt[pt_index[i]], buf );
if( ret != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
-
- return( 1 );
- }
+ goto exit;
}
ret = mbedtls_gcm_finish( &ctx, tag_buf, 16 );
- if( ret != 0 ||
- memcmp( buf, ct[j * 6 + i], pt_len[i] ) != 0 ||
+ if( ret != 0 )
+ goto exit;
+
+ if( memcmp( buf, ct[j * 6 + i], pt_len[i] ) != 0 ||
memcmp( tag_buf, tag[j * 6 + i], 16 ) != 0 )
{
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
-
- return( 1 );
+ ret = 1;
+ goto exit;
}
mbedtls_gcm_free( &ctx );
@@ -873,80 +882,75 @@
if( verbose != 0 )
mbedtls_printf( "passed\n" );
+ mbedtls_gcm_init( &ctx );
+
if( verbose != 0 )
mbedtls_printf( " AES-GCM-%3d #%d split (%s): ",
- key_len, i, "dec" );
+ key_len, i, "dec" );
- mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]], key_len );
+ ret = mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]],
+ key_len );
+ if( ret != 0 )
+ goto exit;
ret = mbedtls_gcm_starts( &ctx, MBEDTLS_GCM_DECRYPT,
iv[iv_index[i]], iv_len[i],
additional[add_index[i]], add_len[i] );
if( ret != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
-
- return( 1 );
- }
+ goto exit;
if( pt_len[i] > 32 )
{
size_t rest_len = pt_len[i] - 32;
ret = mbedtls_gcm_update( &ctx, 32, ct[j * 6 + i], buf );
if( ret != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
-
- return( 1 );
- }
+ goto exit;
ret = mbedtls_gcm_update( &ctx, rest_len, ct[j * 6 + i] + 32,
- buf + 32 );
+ buf + 32 );
if( ret != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
-
- return( 1 );
- }
+ goto exit;
}
else
{
- ret = mbedtls_gcm_update( &ctx, pt_len[i], ct[j * 6 + i], buf );
+ ret = mbedtls_gcm_update( &ctx, pt_len[i], ct[j * 6 + i],
+ buf );
if( ret != 0 )
- {
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
-
- return( 1 );
- }
+ goto exit;
}
ret = mbedtls_gcm_finish( &ctx, tag_buf, 16 );
- if( ret != 0 ||
- memcmp( buf, pt[pt_index[i]], pt_len[i] ) != 0 ||
+ if( ret != 0 )
+ goto exit;
+
+ if( memcmp( buf, pt[pt_index[i]], pt_len[i] ) != 0 ||
memcmp( tag_buf, tag[j * 6 + i], 16 ) != 0 )
{
- if( verbose != 0 )
- mbedtls_printf( "failed\n" );
-
- return( 1 );
+ ret = 1;
+ goto exit;
}
mbedtls_gcm_free( &ctx );
if( verbose != 0 )
mbedtls_printf( "passed\n" );
-
}
}
if( verbose != 0 )
mbedtls_printf( "\n" );
- return( 0 );
+ ret = 0;
+
+exit:
+ if( ret != 0 )
+ {
+ if( verbose != 0 )
+ mbedtls_printf( "failed\n" );
+ mbedtls_gcm_free( &ctx );
+ }
+
+ return( ret );
}
#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
diff --git a/library/version_features.c b/library/version_features.c
index 5cbe8ac..49bba11 100644
--- a/library/version_features.c
+++ b/library/version_features.c
@@ -96,9 +96,18 @@
#if defined(MBEDTLS_CAMELLIA_ALT)
"MBEDTLS_CAMELLIA_ALT",
#endif /* MBEDTLS_CAMELLIA_ALT */
+#if defined(MBEDTLS_CCM_ALT)
+ "MBEDTLS_CCM_ALT",
+#endif /* MBEDTLS_CCM_ALT */
+#if defined(MBEDTLS_CMAC_ALT)
+ "MBEDTLS_CMAC_ALT",
+#endif /* MBEDTLS_CMAC_ALT */
#if defined(MBEDTLS_DES_ALT)
"MBEDTLS_DES_ALT",
#endif /* MBEDTLS_DES_ALT */
+#if defined(MBEDTLS_GCM_ALT)
+ "MBEDTLS_GCM_ALT",
+#endif /* MBEDTLS_GCM_ALT */
#if defined(MBEDTLS_XTEA_ALT)
"MBEDTLS_XTEA_ALT",
#endif /* MBEDTLS_XTEA_ALT */