commit b8bd5937417eccc88a9a1e28c8722e7918e5a78b
author Manuel Pégourié-Gonnard <mpg@elzevir.fr> Thu Sep 05 13:38:15 2013 +0200
committer Manuel Pégourié-Gonnard <mpg@elzevir.fr> Thu Sep 05 17:06:10 2013 +0200
tree 4f2e135f682a0dee0b97b34d6964de4b08fb593b
parent 226d5da1fc6b21448a9d37bccafd0b7ba1445738

Restrict cipher_update() for GCM

library/cipher.c

diff --git a/library/cipher.c b/library/cipher.c
index 280124d..8d90a64 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -467,14 +467,21 @@
         return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
     }
 
+#if defined(POLARSSL_GCM_C)
+    if( ctx->cipher_info->mode == POLARSSL_MODE_GCM)
+    {
+        *olen = ilen;
+        return gcm_update( ctx->cipher_ctx, ilen, input, output );
+    }
+#endif
+
     if( input == output &&
        ( ctx->unprocessed_len != 0 || ilen % cipher_get_block_size( ctx ) ) )
     {
         return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
     }
 
-    if( ctx->cipher_info->mode == POLARSSL_MODE_CBC ||
-        ctx->cipher_info->mode == POLARSSL_MODE_GCM )
+    if( ctx->cipher_info->mode == POLARSSL_MODE_CBC )
     {
         /*
          * If there is not enough data for a full block, cache it.
@@ -501,18 +508,6 @@
             memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
                     copy_len );
 
-#if defined(POLARSSL_GCM_C)
-            if( ctx->cipher_info->mode == POLARSSL_MODE_GCM )
-            {
-                if( 0 != ( ret = gcm_update( ctx->cipher_ctx,
-                                cipher_get_block_size( ctx ),
-                                ctx->unprocessed_data, output ) ) )
-                {
-                    return ret;
-                }
-            }
-            else
-#endif
             if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
                     ctx->operation, cipher_get_block_size( ctx ), ctx->iv,
                     ctx->unprocessed_data, output ) ) )
@@ -549,17 +544,6 @@
          */
         if( ilen )
         {
-#if defined(POLARSSL_GCM_C)
-            if( ctx->cipher_info->mode == POLARSSL_MODE_GCM )
-            {
-                if( 0 != ( ret = gcm_update( ctx->cipher_ctx,
-                                             ilen, input, output ) ) )
-                {
-                    return ret;
-                }
-            }
-            else
-#endif
             if( 0 != ( ret = ctx->cipher_info->base->cbc_func( ctx->cipher_ctx,
                     ctx->operation, ilen, ctx->iv, input, output ) ) )
             {
@@ -790,27 +774,12 @@
 
     if( POLARSSL_MODE_CFB == ctx->cipher_info->mode ||
         POLARSSL_MODE_CTR == ctx->cipher_info->mode ||
+        POLARSSL_MODE_GCM == ctx->cipher_info->mode ||
         POLARSSL_MODE_STREAM == ctx->cipher_info->mode )
     {
         return 0;
     }
 
-#if defined(POLARSSL_GCM_C)
-    if( POLARSSL_MODE_GCM == ctx->cipher_info->mode )
-    {
-        if( 0 != ( ret = gcm_update( ctx->cipher_ctx,
-                        ctx->unprocessed_len, ctx->unprocessed_data,
-                        output ) ) )
-        {
-            return( ret );
-        }
-
-        *olen += ctx->unprocessed_len;
-
-        return( 0 );
-    }
-#endif
-
     if( POLARSSL_MODE_CBC == ctx->cipher_info->mode )
     {
         if( POLARSSL_ENCRYPT == ctx->operation )