diff --git a/components/mbedtls/port/aes/dma/esp_aes.c b/components/mbedtls/port/aes/dma/esp_aes.c index 893b0556db..b5e4befd38 100644 --- a/components/mbedtls/port/aes/dma/esp_aes.c +++ b/components/mbedtls/port/aes/dma/esp_aes.c @@ -991,6 +991,11 @@ int esp_aes_crypt_ctr(esp_aes_context *ctx, return -1; } + if (!stream_block) { + ESP_LOGE(TAG, "No stream supplied"); + return -1; + } + if (!nonce_counter) { ESP_LOGE(TAG, "No nonce supplied"); return -1; diff --git a/components/mbedtls/port/aes/esp_aes_gcm.c b/components/mbedtls/port/aes/esp_aes_gcm.c index 81a5bfebd6..3eac994f61 100644 --- a/components/mbedtls/port/aes/esp_aes_gcm.c +++ b/components/mbedtls/port/aes/esp_aes_gcm.c @@ -40,6 +40,7 @@ #include "esp_heap_caps.h" #include "soc/soc_memory_layout.h" +#include "mbedtls/error.h" #include #define ESP_PUT_BE64(a, val) \ @@ -257,6 +258,11 @@ int esp_aes_gcm_setkey( esp_gcm_context *ctx, const unsigned char *key, unsigned int keybits ) { +#if !SOC_AES_SUPPORT_AES_192 + if (keybits == 192) { + return MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED; + } +#endif if (keybits != 128 && keybits != 192 && keybits != 256) { return MBEDTLS_ERR_AES_INVALID_KEY_LENGTH; } @@ -471,6 +477,7 @@ int esp_aes_gcm_finish( esp_gcm_context *ctx, { size_t nc_off = 0; uint8_t len_block[AES_BLOCK_BYTES] = {0}; + uint8_t stream[AES_BLOCK_BYTES] = {0}; if ( tag_len > 16 || tag_len < 4 ) { return ( MBEDTLS_ERR_GCM_BAD_INPUT ); @@ -482,7 +489,7 @@ int esp_aes_gcm_finish( esp_gcm_context *ctx, esp_gcm_ghash(ctx, len_block, AES_BLOCK_BYTES, ctx->ghash); /* Tag T = GCTR(J0, ) where T is truncated to tag_len */ - esp_aes_crypt_ctr(&ctx->aes_ctx, tag_len, &nc_off, ctx->ori_j0, 0, ctx->ghash, tag); + esp_aes_crypt_ctr(&ctx->aes_ctx, tag_len, &nc_off, ctx->ori_j0, stream, ctx->ghash, tag); return 0; }