wolfSSL
diff --git a/‎debian/install-wolfprov.sh‎
Lines changed: 8 additions & 3 deletions b/‎debian/install-wolfprov.sh‎
Lines changed: 8 additions & 3 deletions
diff --git a/‎scripts/test-wp-cs.sh‎
Lines changed: 2 additions & 3 deletions b/‎scripts/test-wp-cs.sh‎
Lines changed: 2 additions & 3 deletions
diff --git a/‎src/wp_aes_aead.c‎
Lines changed: 81 additions & 68 deletions b/‎src/wp_aes_aead.c‎
Lines changed: 81 additions & 68 deletions
@@ -195,8 +195,14 @@ main() {
     work_dir=$(mktemp -d)
     printf "Working directory: $work_dir\n"
     pushd $work_dir 2>&1 > /dev/null
-    cp -r $REPO_ROOT .
-    cd $(basename $REPO_ROOT)
+    repo_name=$(basename "$REPO_ROOT")
+    if git clone --depth 1 "file://$REPO_ROOT" "$repo_name"; then
+        :
+    else
+        echo "Shallow clone failed, falling back to local clone"
+        git clone "$REPO_ROOT" "$repo_name"
+    fi
+    cd "$repo_name"
 
     wolfprov_build $fips_mode $debug_mode
     if [ $no_install -eq 0 ]; then
@@ -218,4 +224,3 @@ main() {
 
 # Run main function with all arguments
 main "$@"
-
 
@@ -284,9 +284,9 @@ openssl version -a || true
 if [ "${AM_BWRAPPED-}" != "yes" ]; then
     # Perform the build only if not in the bubble
     printf "Cleaning up previous builds\n"
-    ${SCRIPT_DIR}/build-wolfprovider.sh --clean --distclean
+    ${SCRIPT_DIR}/build-wolfprovider.sh --clean --distclean || exit 1
     printf "Building wolfProvider\n"
-    ${SCRIPT_DIR}/build-wolfprovider.sh
+    ${SCRIPT_DIR}/build-wolfprovider.sh || exit 1
 
     printf "OPENSSL_BIN: $OPENSSL_BIN\n"
     $OPENSSL_BIN version -a || true
@@ -321,4 +321,3 @@ else
     printf "$FAIL tests failed.\n"
     exit 1
 fi
-
@@ -666,8 +666,8 @@ static int wp_aead_set_ctx_params(wp_AeadCtx* ctx, const OSSL_PARAM params[])
             ok = wp_aead_set_param_tls1_iv_fixed(ctx, params);
         }
         else if (ok && (ctx->mode == EVP_CIPH_GCM_MODE) &&
-                 (XMEMCMP(params->key, OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED,
-                  sizeof(OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED)) == 0)) {
+                 (XMEMCMP(params->key, OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV,
+                  sizeof(OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV)) == 0)) {
             ok = wp_aead_set_param_tls1_iv_rand(ctx, params);
         }
 
@@ -925,7 +925,12 @@ static int wp_aesgcm_set_rand_iv(wp_AeadCtx *ctx, unsigned char *in,
         XMEMCPY(ctx->origIv, ctx->iv, ctx->ivLen);
 #endif
         XMEMCPY(ctx->iv + ctx->ivLen - inLen, in, inLen);
+#ifdef WOLFSSL_AESGCM_STREAM
+        /* Stream update initializes AES-GCM when IV state is buffered. */
+        ctx->ivState = IV_STATE_BUFFERED;
+#else
         ctx->ivState = IV_STATE_COPIED;
+#endif
     }
 
     WOLFPROV_LEAVE(WP_LOG_COMP_AES, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), ok);
@@ -997,69 +1002,72 @@ static int wp_aesgcm_tls_iv_set_fixed(wp_AeadCtx* ctx, unsigned char* iv,
 }
 
 /**
- * Initialize AES GCM cipher for encryption.
- *
- * Sets the parameters as well as key and IV/nonce.
+ * Initialize AES GCM key and IV/nonce state.
  *
  * @param [in, out] ctx     AEAD context object.
- * @param [in]      key     Private key to initialize with. May be NULL.
+ * @param [in]      key     Key to initialize with. May be NULL.
  * @param [in]      keyLen  Length of key in bytes.
  * @param [in]      iv      IV/nonce to initialize with. May be NULL.
  * @param [in]      ivLen   Length of IV/nonce in bytes.
- * @param [in]      params  Array of parameters and values.
+ * @param [in]      enc     1 for encryption, 0 for decryption.
  * @return  1 on success.
  * @return  0 on failure.
  */
-static int wp_aesgcm_einit(wp_AeadCtx* ctx, const unsigned char *key,
-    size_t keyLen, const unsigned char *iv, size_t ivLen,
-    const OSSL_PARAM params[])
+static int wp_aesgcm_init_key_iv(wp_AeadCtx* ctx, const unsigned char* key,
+    size_t keyLen, const unsigned char* iv, size_t ivLen, int enc)
 {
     Aes *aes = &ctx->aes;
     int ok = 1;
+    int rc;
 
-    WOLFPROV_ENTER(WP_LOG_COMP_AES, "wp_aesgcm_einit");
-
-    if (!wolfssl_prov_is_running()) {
-        ok = 0;
-    }
-    if (ok) {
-        WP_CHECK_FIPS_ALGO(WP_CAST_ALGO_AES);
-    }
 #ifdef WOLFSSL_AESGCM_STREAM
-    if (ok) {
-        int rc;
+    if (iv != NULL) {
+        if (ivLen == 0) {
+            ok = 0;
+        }
+        if (ok) {
+            XMEMCPY(ctx->iv, iv, ivLen);
+            ctx->ivState = IV_STATE_BUFFERED;
+            ctx->ivSet = 0;
+            ctx->ivLen = ivLen;
+        }
+    }
 
-        if (iv != NULL) {
-            if (ivLen == 0) {
+    if (ok && (key != NULL)) {
+        if ((iv == NULL) || (ivLen == 0)) {
+            rc = wc_AesGcmSetKey(aes, key, (word32)keyLen);
+            if (rc != 0) {
+                WOLFPROV_MSG_DEBUG_RETCODE(WP_LOG_LEVEL_DEBUG,
+                    "wc_AesGcmSetKey", rc);
                 ok = 0;
             }
-            if (ok) {
-                XMEMCPY(ctx->iv, iv, ivLen);
-                ctx->ivState = IV_STATE_BUFFERED;
-                ctx->ivSet = 0;
-                ctx->ivLen = ivLen;
-            }
         }
-        if ((ivLen == 0) && (key != NULL)) {
-            rc = wc_AesGcmSetKey(aes, key, (word32)keyLen);
+        else if (enc) {
+            rc = wc_AesGcmEncryptInit(aes, key, (word32)keyLen, iv,
+                (word32)ivLen);
             if (rc != 0) {
-                WOLFPROV_MSG_DEBUG_RETCODE(WP_LOG_LEVEL_DEBUG, "wc_AesGcmSetKey", rc);
+                WOLFPROV_MSG_DEBUG_RETCODE(WP_LOG_LEVEL_DEBUG,
+                    "wc_AesGcmEncryptInit", rc);
                 ok = 0;
             }
         }
-        else if (key != NULL) {
-            rc = wc_AesGcmEncryptInit(aes, key, (word32)keyLen, iv, (word32)ivLen);
+        else {
+            rc = wc_AesGcmDecryptInit(aes, key, (word32)keyLen, iv,
+                (word32)ivLen);
             if (rc != 0) {
-                WOLFPROV_MSG_DEBUG_RETCODE(WP_LOG_LEVEL_DEBUG, "wc_AesGcmEncryptInit", rc);
+                WOLFPROV_MSG_DEBUG_RETCODE(WP_LOG_LEVEL_DEBUG,
+                    "wc_AesGcmDecryptInit", rc);
                 ok = 0;
             }
         }
     }
 #else
-    if (ok && (key != NULL)) {
-        int rc = wc_AesGcmSetKey(aes, key, (word32)keyLen);
+    (void)enc;
+    if (key != NULL) {
+        rc = wc_AesGcmSetKey(aes, key, (word32)keyLen);
         if (rc != 0) {
-            WOLFPROV_MSG_DEBUG_RETCODE(WP_LOG_LEVEL_DEBUG, "wc_AesGcmSetKey", rc);
+            WOLFPROV_MSG_DEBUG_RETCODE(WP_LOG_LEVEL_DEBUG, "wc_AesGcmSetKey",
+                rc);
             ok = 0;
         }
     }
@@ -1074,6 +1082,41 @@ static int wp_aesgcm_einit(wp_AeadCtx* ctx, const unsigned char *key,
         }
     }
 #endif
+
+    return ok;
+}
+
+/**
+ * Initialize AES GCM cipher for encryption.
+ *
+ * Sets the parameters as well as key and IV/nonce.
+ *
+ * @param [in, out] ctx     AEAD context object.
+ * @param [in]      key     Private key to initialize with. May be NULL.
+ * @param [in]      keyLen  Length of key in bytes.
+ * @param [in]      iv      IV/nonce to initialize with. May be NULL.
+ * @param [in]      ivLen   Length of IV/nonce in bytes.
+ * @param [in]      params  Array of parameters and values.
+ * @return  1 on success.
+ * @return  0 on failure.
+ */
+static int wp_aesgcm_einit(wp_AeadCtx* ctx, const unsigned char *key,
+    size_t keyLen, const unsigned char *iv, size_t ivLen,
+    const OSSL_PARAM params[])
+{
+    int ok = 1;
+
+    WOLFPROV_ENTER(WP_LOG_COMP_AES, "wp_aesgcm_einit");
+
+    if (!wolfssl_prov_is_running()) {
+        ok = 0;
+    }
+    if (ok) {
+        WP_CHECK_FIPS_ALGO(WP_CAST_ALGO_AES);
+    }
+    if (ok) {
+        ok = wp_aesgcm_init_key_iv(ctx, key, keyLen, iv, ivLen, 1);
+    }
     if (ok) {
         ctx->enc = 1;
         ctx->keySet |= (key != NULL);
@@ -1103,7 +1146,6 @@ static int wp_aesgcm_dinit(wp_AeadCtx *ctx, const unsigned char *key,
     size_t keyLen, const unsigned char *iv, size_t ivLen,
     const OSSL_PARAM params[])
 {
-    Aes *aes = &ctx->aes;
     int ok = 1;
 
     WOLFPROV_ENTER(WP_LOG_COMP_AES, "wp_aesgcm_dinit");
@@ -1114,38 +1156,9 @@ static int wp_aesgcm_dinit(wp_AeadCtx *ctx, const unsigned char *key,
     if (ok) {
         WP_CHECK_FIPS_ALGO(WP_CAST_ALGO_AES);
     }
-#ifdef WOLFSSL_AESGCM_STREAM
-    if (ok && key != NULL) {
-        int rc = wc_AesGcmDecryptInit(aes, key, (word32)keyLen, iv, (word32)ivLen);
-        if (rc != 0) {
-            WOLFPROV_MSG_DEBUG_RETCODE(WP_LOG_LEVEL_DEBUG, "wc_AesGcmDecryptInit", rc);
-            ok = 0;
-        }
-    }
     if (ok) {
-        XMEMCPY(ctx->iv, iv, ivLen);
-        ctx->ivState = IV_STATE_BUFFERED;
-        ctx->ivSet = 0;
-    }
-#else
-    if (ok && (key != NULL)) {
-        int rc = wc_AesGcmSetKey(aes, key, (word32)keyLen);
-        if (rc != 0) {
-            WOLFPROV_MSG_DEBUG_RETCODE(WP_LOG_LEVEL_DEBUG, "wc_AesGcmSetKey", rc);
-            ok = 0;
-        }
-    }
-    if (ok && (iv != NULL)) {
-        if (ivLen != ctx->ivLen) {
-            ok = 0;
-        }
-        if (ok) {
-            XMEMCPY(ctx->iv, iv, ivLen);
-            ctx->ivState = IV_STATE_BUFFERED;
-            ctx->ivSet = 0;
-        }
+        ok = wp_aesgcm_init_key_iv(ctx, key, keyLen, iv, ivLen, 0);
     }
-#endif
     if (ok) {
         ctx->enc = 0;
         ctx->keySet |= (key != NULL);