Restrict cipher_update() for GCM
diff --git a/library/cipher.c b/library/cipher.c
index 280124d..8d90a64 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -467,14 +467,21 @@
return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
}
+#if defined(POLARSSL_GCM_C)
+ if( ctx->cipher_info->mode == POLARSSL_MODE_GCM)
+ {
+ *olen = ilen;
+ return gcm_update( ctx->cipher_ctx, ilen, input, output );
+ }
+#endif
+
if( input == output &&
( ctx->unprocessed_len != 0 || ilen % cipher_get_block_size( ctx ) ) )
{
return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
}
- if( ctx->cipher_info->mode == POLARSSL_MODE_CBC ||
- ctx->cipher_info->mode == POLARSSL_MODE_GCM )
+ if( ctx->cipher_info->mode == POLARSSL_MODE_CBC )
{
/*
* If there is not enough data for a full block, cache it.
@@ -501,18 +508,6 @@
memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
copy_len );
-#if defined(POLARSSL_GCM_C)
- if( ctx->cipher_info->mode == POLARSSL_MODE_GCM )
- {
- if( 0 != ( ret = gcm_update( ctx->cipher_ctx,
- cipher_get_block_size( ctx ),
- ctx->unprocessed_data, output ) ) )
- {
- return ret;
- }
- }
- else
-#endif
if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
ctx->operation, cipher_get_block_size( ctx ), ctx->iv,
ctx->unprocessed_data, output ) ) )
@@ -549,17 +544,6 @@
*/
if( ilen )
{
-#if defined(POLARSSL_GCM_C)
- if( ctx->cipher_info->mode == POLARSSL_MODE_GCM )
- {
- if( 0 != ( ret = gcm_update( ctx->cipher_ctx,
- ilen, input, output ) ) )
- {
- return ret;
- }
- }
- else
-#endif
if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
ctx->operation, ilen, ctx->iv, input, output ) ) )
{
@@ -790,27 +774,12 @@
if( POLARSSL_MODE_CFB == ctx->cipher_info->mode ||
POLARSSL_MODE_CTR == ctx->cipher_info->mode ||
+ POLARSSL_MODE_GCM == ctx->cipher_info->mode ||
POLARSSL_MODE_STREAM == ctx->cipher_info->mode )
{
return 0;
}
-#if defined(POLARSSL_GCM_C)
- if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
- {
- if( 0 != ( ret = gcm_update( ctx->cipher_ctx,
- ctx->unprocessed_len, ctx->unprocessed_data,
- output ) ) )
- {
- return( ret );
- }
-
- *olen += ctx->unprocessed_len;
-
- return( 0 );
- }
-#endif
-
if( POLARSSL_MODE_CBC == ctx->cipher_info->mode )
{
if( POLARSSL_ENCRYPT == ctx->operation )
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index cddaec6..7e7ddd7 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -690,16 +690,6 @@
}
break;
-#if defined(POLARSSL_GCM_C)
- case POLARSSL_CIPHER_AES_128_GCM:
- case POLARSSL_CIPHER_AES_256_GCM:
- gcm_init( (gcm_context *) transform->ctx_enc, key1,
- cipher_info->key_length );
- gcm_init( (gcm_context *) transform->ctx_dec, key2,
- cipher_info->key_length );
- break;
-#endif
-
case POLARSSL_CIPHER_NULL:
break;
@@ -1046,7 +1036,7 @@
*/
ssl->out_msglen += 16;
- gcm_crypt_and_tag( ssl->transform_out->cipher_ctx_enc->cipher_ctx,
+ gcm_crypt_and_tag( ssl->transform_out->cipher_ctx_enc.cipher_ctx,
GCM_ENCRYPT, enc_msglen,
ssl->transform_out->iv_enc, ssl->transform_out->ivlen,
add_data, 13,
@@ -1285,7 +1275,7 @@
ssl->transform_in->ivlen );
SSL_DEBUG_BUF( 4, "TAG used", dec_msg + dec_msglen, 16 );
- ret = gcm_auth_decrypt( ssl->transform_in->cipher_ctx_dec->cipher_ctx,
+ ret = gcm_auth_decrypt( ssl->transform_in->cipher_ctx_dec.cipher_ctx,
dec_msglen,
ssl->transform_in->iv_dec,
ssl->transform_in->ivlen,