Add output parameter to mbedtls_gcm_finish
Alternative implementations of GCM may delay the output of partial
blocks from mbedtls_gcm_update(). Add an output parameter to
mbedtls_gcm_finish() to allow such implementations to pass the final
partial block back to the caller. With the software implementation,
this final output is always empty.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
diff --git a/include/mbedtls/gcm.h b/include/mbedtls/gcm.h
index 8a26ebb..951ee00 100644
--- a/include/mbedtls/gcm.h
+++ b/include/mbedtls/gcm.h
@@ -282,13 +282,23 @@
* buffer of at least \p tag_len Bytes.
* \param tag_len The length of the tag to generate. This must be at least
* four.
+ * \param output The buffer for the final output.
+ * This must be a writable buffer of at least \p output_len
+ * bytes.
+ * With the built-in implementation, there is no final
+ * output and this can be \p NULL.
+ * Alternative implementations may return a partial block
+ * of output.
+ * \param output_len The size of the \p output buffer in bytes.
+ * With the built-in implementation, this can be \c 0.
+ * Alternative implementations may require a 15-byte buffer.
*
* \return \c 0 on success.
* \return #MBEDTLS_ERR_GCM_BAD_INPUT on failure.
*/
int mbedtls_gcm_finish( mbedtls_gcm_context *ctx,
- unsigned char *tag,
- size_t tag_len );
+ unsigned char *output, size_t output_len,
+ unsigned char *tag, size_t tag_len );
/**
* \brief This function clears a GCM context and the underlying