Return an error if asking for decrypt under BLOCK_CIPHER_NO_DECRYPT
If MBEDTLS_BLOCK_CIPHER_NO_DECRYPT is enabled, but decryption is
still requested in some incompatible modes, we return an error of
FEATURE_UNAVAILABLE as additional indication.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
diff --git a/library/aesce.c b/library/aesce.c
index 79c02e3..5883e6a 100644
--- a/library/aesce.c
+++ b/library/aesce.c
@@ -244,16 +244,15 @@
uint8x16_t block = vld1q_u8(&input[0]);
unsigned char *keys = (unsigned char *) (ctx->buf + ctx->rk_offset);
-#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
if (mode == MBEDTLS_AES_ENCRYPT) {
block = aesce_encrypt_block(block, keys, ctx->nr);
} else {
+#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
block = aesce_decrypt_block(block, keys, ctx->nr);
- }
#else
- (void) mode;
- block = aesce_encrypt_block(block, keys, ctx->nr);
-#endif /* !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */
+ return MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE;
+#endif
+ }
vst1q_u8(&output[0], block);
return 0;