diff --git a/library/ccm.c b/library/ccm.c index 80a795fc1d..1247f8d377 100644 --- a/library/ccm.c +++ b/library/ccm.c @@ -118,7 +118,7 @@ static int mbedtls_ccm_crypt( mbedtls_ccm_context *ctx, if( ( ret = mbedtls_cipher_update( &ctx->cipher_ctx, ctx->ctr, 16, tmp_buf, &olen ) ) != 0 ) { - ctx->state |= CCM_STATE__ERROR; + ctx->state |= CCM_STATE__ERROR; mbedtls_platform_zeroize(tmp_buf, sizeof(tmp_buf)); return ret; } @@ -196,11 +196,6 @@ int mbedtls_ccm_starts( mbedtls_ccm_context *ctx, if( iv_len < 7 || iv_len > 13 ) return( MBEDTLS_ERR_CCM_BAD_INPUT ); - if( ctx->state & CCM_STATE__ERROR ) - { - mbedtls_ccm_clear_state(ctx); - } - ctx->mode = mode; ctx->q = 16 - 1 - (unsigned char) iv_len; @@ -247,11 +242,6 @@ int mbedtls_ccm_set_lengths( mbedtls_ccm_context *ctx, if( total_ad_len >= 0xFF00 ) return( MBEDTLS_ERR_CCM_BAD_INPUT ); - if( ctx->state & CCM_STATE__ERROR ) - { - mbedtls_ccm_clear_state(ctx); - } - ctx->plaintext_len = plaintext_len; ctx->add_len = total_ad_len; ctx->tag_len = tag_len; @@ -269,6 +259,11 @@ int mbedtls_ccm_update_ad( mbedtls_ccm_context *ctx, unsigned char i; size_t olen, use_len, offset; + if( ctx->state & CCM_STATE__ERROR ) + { + return ret; + } + if( ctx->add_len > 0 && add_len > 0) { if( ctx->processed == 0 ) @@ -321,6 +316,11 @@ int mbedtls_ccm_update( mbedtls_ccm_context *ctx, unsigned char i; size_t use_len, offset, olen; + if( ctx->state & CCM_STATE__ERROR ) + { + return ret; + } + if( output_size < input_len ) return( MBEDTLS_ERR_CCM_BAD_INPUT ); *output_len = input_len; @@ -397,6 +397,11 @@ int mbedtls_ccm_finish( mbedtls_ccm_context *ctx, int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; unsigned char i; + if( ctx->state & CCM_STATE__ERROR ) + { + return ret; + } + /* * Authentication: reset counter and crypt/mask internal tag */