Return an error if asking for decrypt under BLOCK_CIPHER_NO_DECRYPT
If MBEDTLS_BLOCK_CIPHER_NO_DECRYPT is enabled, but decryption is
still requested in some incompatible modes, we return an error of
FEATURE_UNAVAILABLE as additional indication.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
diff --git a/library/aesni.c b/library/aesni.c
index 0c509ac..6c917da 100644
--- a/library/aesni.c
+++ b/library/aesni.c
@@ -93,7 +93,6 @@
++rk;
--nr;
-#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
if (mode == MBEDTLS_AES_ENCRYPT) {
while (nr != 0) {
state = _mm_aesenc_si128(state, *rk);
@@ -102,23 +101,17 @@
}
state = _mm_aesenclast_si128(state, *rk);
} else {
+#if !defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
while (nr != 0) {
state = _mm_aesdec_si128(state, *rk);
++rk;
--nr;
}
state = _mm_aesdeclast_si128(state, *rk);
- }
#else
- (void) mode;
- while (nr != 0) {
-
- state = _mm_aesenc_si128(state, *rk);
- ++rk;
- --nr;
+ return MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE;
+#endif
}
- state = _mm_aesenclast_si128(state, *rk);
-#endif /* !MBEDTLS_BLOCK_CIPHER_NO_DECRYPT */
memcpy(output, &state, 16);
return 0;
@@ -452,6 +445,12 @@
const unsigned char input[16],
unsigned char output[16])
{
+#if defined(MBEDTLS_BLOCK_CIPHER_NO_DECRYPT)
+ if (mode == MBEDTLS_AES_DECRYPT) {
+ return MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE;
+ }
+#endif
+
asm ("movdqu (%3), %%xmm0 \n\t" // load input
"movdqu (%1), %%xmm1 \n\t" // load round key 0
"pxor %%xmm1, %%xmm0 \n\t" // round 0