Skip to content

Commit 642c614

Browse files
committed
move definition of wc_local_AesGcmCheckTagSz from wolfcrypt/src/aes.c to wolfssl/wolfcrypt/aes.h to avoid portability and C++ namespace problems.
1 parent 262b0ed commit 642c614

2 files changed

Lines changed: 48 additions & 58 deletions

File tree

wolfcrypt/src/aes.c

Lines changed: 0 additions & 57 deletions
Original file line numberDiff line numberDiff line change
@@ -7995,63 +7995,6 @@ static WC_INLINE void IncCtr(byte* ctr, word32 ctrSz)
79957995

79967996
#endif
79977997

7998-
#if !defined(NO_INLINE) && defined(__GNUC__)
7999-
/* Inline for callers here in aes.c, but a callable local function for outside
8000-
* callers. Don't use WC_INLINE unconditionally, because we can't count on
8001-
* correct behavior beyond gcc/clang, and we don't want the the WC_MAYBE_UNUSED
8002-
* attribute in NO_INLINE builds.
8003-
*/
8004-
WC_INLINE
8005-
#endif
8006-
int wc_local_AesGcmCheckTagSz(word32 authTagSz) {
8007-
#ifdef WC_AES_GCM_ALLOW_NONSTANDARD_TAG_LENGTH
8008-
#ifdef HAVE_FIPS
8009-
#error WC_AES_GCM_ALLOW_NONSTANDARD_TAG_LENGTH not allowed with FIPS 140.
8010-
#endif
8011-
wc_static_assert(WOLFSSL_MIN_AUTH_TAG_SZ >= 4);
8012-
if ((authTagSz < WOLFSSL_MIN_AUTH_TAG_SZ) ||
8013-
(authTagSz > WC_AES_BLOCK_SIZE))
8014-
{
8015-
WOLFSSL_MSG("AES-GCM unsupported authTagSz");
8016-
return BAD_FUNC_ARG;
8017-
}
8018-
else
8019-
return 0;
8020-
#else
8021-
/* A switch is actually better for the optimizer than most hand-rolled
8022-
* equivalents, because it hands the compiler the exact value set and lets
8023-
* it pick the best lowering per WOLFSSL_MIN_AUTH_TAG_SZ configuration.
8024-
*/
8025-
switch (authTagSz) {
8026-
#if WOLFSSL_MIN_AUTH_TAG_SZ <= 4
8027-
case 4:
8028-
#endif
8029-
#if WOLFSSL_MIN_AUTH_TAG_SZ <= 8
8030-
case 8:
8031-
#endif
8032-
#if WOLFSSL_MIN_AUTH_TAG_SZ <= 12
8033-
case 12:
8034-
#endif
8035-
#if WOLFSSL_MIN_AUTH_TAG_SZ <= 13
8036-
case 13:
8037-
#endif
8038-
#if WOLFSSL_MIN_AUTH_TAG_SZ <= 14
8039-
case 14:
8040-
#endif
8041-
#if WOLFSSL_MIN_AUTH_TAG_SZ <= 15
8042-
case 15:
8043-
#endif
8044-
#if WOLFSSL_MIN_AUTH_TAG_SZ <= 16
8045-
case 16:
8046-
#endif
8047-
return 0;
8048-
default:
8049-
WOLFSSL_MSG("AES-GCM unsupported authTagSz");
8050-
return BAD_FUNC_ARG;
8051-
}
8052-
#endif
8053-
}
8054-
80557998
#if defined(WOLFSSL_RISCV_ASM)
80567999
/* implemented in wolfcrypt/src/port/risc-v/riscv-64-aes.c */
80578000

wolfssl/wolfcrypt/aes.h

Lines changed: 48 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -615,7 +615,54 @@ WOLFSSL_API int wc_AesEcbDecrypt(Aes* aes, byte* out,
615615
#endif
616616

617617
#ifdef HAVE_AESGCM
618-
WOLFSSL_LOCAL int wc_local_AesGcmCheckTagSz(word32 authTagSz);
618+
619+
static WC_INLINE int wc_local_AesGcmCheckTagSz(word32 authTagSz) {
620+
#ifdef WC_AES_GCM_ALLOW_NONSTANDARD_TAG_LENGTH
621+
#ifdef HAVE_FIPS
622+
#error WC_AES_GCM_ALLOW_NONSTANDARD_TAG_LENGTH not allowed with FIPS 140.
623+
#endif
624+
wc_static_assert(WOLFSSL_MIN_AUTH_TAG_SZ >= 4);
625+
if ((authTagSz < WOLFSSL_MIN_AUTH_TAG_SZ) ||
626+
(authTagSz > WC_AES_BLOCK_SIZE))
627+
{
628+
return BAD_FUNC_ARG;
629+
}
630+
else
631+
return 0;
632+
#else
633+
/* A switch is actually better for the optimizer than most hand-rolled
634+
* equivalents, because it hands the compiler the exact value set and lets
635+
* it pick the best lowering per WOLFSSL_MIN_AUTH_TAG_SZ configuration.
636+
*/
637+
switch (authTagSz) {
638+
#if WOLFSSL_MIN_AUTH_TAG_SZ <= 4
639+
case 4:
640+
#endif
641+
#if WOLFSSL_MIN_AUTH_TAG_SZ <= 8
642+
case 8:
643+
#endif
644+
#if WOLFSSL_MIN_AUTH_TAG_SZ <= 12
645+
case 12:
646+
#endif
647+
#if WOLFSSL_MIN_AUTH_TAG_SZ <= 13
648+
case 13:
649+
#endif
650+
#if WOLFSSL_MIN_AUTH_TAG_SZ <= 14
651+
case 14:
652+
#endif
653+
#if WOLFSSL_MIN_AUTH_TAG_SZ <= 15
654+
case 15:
655+
#endif
656+
#if WOLFSSL_MIN_AUTH_TAG_SZ <= 16
657+
case 16:
658+
#endif
659+
return 0;
660+
default:
661+
return BAD_FUNC_ARG;
662+
}
663+
#endif
664+
}
665+
619666
#ifdef WOLFSSL_XILINX_CRYPT
620667
WOLFSSL_API int wc_AesGcmSetKey_ex(Aes* aes, const byte* key, word32 len,
621668
word32 kup);

0 commit comments

Comments
 (0)