|
 |
cae166 |
diff --git a/lib/freebl/cmac.c b/lib/freebl/cmac.c
|
|
|
cae166 |
--- a/lib/freebl/cmac.c
|
|
|
cae166 |
+++ b/lib/freebl/cmac.c
|
|
|
cae166 |
@@ -22,7 +22,7 @@
|
|
|
cae166 |
* add a new Context pointer to the cipher union with the correct type. */
|
|
|
cae166 |
CMACCipher cipherType;
|
|
|
cae166 |
union {
|
|
|
cae166 |
- AESContext aes;
|
|
|
cae166 |
+ AESContext *aes;
|
|
|
cae166 |
} cipher;
|
|
|
cae166 |
int blockSize;
|
|
|
cae166 |
|
|
|
cae166 |
@@ -62,7 +62,7 @@
|
|
|
cae166 |
{
|
|
|
cae166 |
if (ctx->cipherType == CMAC_AES) {
|
|
|
cae166 |
unsigned int tmpOutputLen;
|
|
|
cae166 |
- SECStatus rv = AES_Encrypt(&ctx->cipher.aes, output, &tmpOutputLen,
|
|
|
cae166 |
+ SECStatus rv = AES_Encrypt(ctx->cipher.aes, output, &tmpOutputLen,
|
|
|
cae166 |
ctx->blockSize, input, inputLen);
|
|
|
cae166 |
|
|
|
cae166 |
/* Assumption: AES_Encrypt (when in ECB mode) always returns an
|
|
|
cae166 |
@@ -156,8 +156,9 @@
|
|
|
cae166 |
|
|
|
cae166 |
ctx->blockSize = AES_BLOCK_SIZE;
|
|
|
cae166 |
ctx->cipherType = CMAC_AES;
|
|
|
cae166 |
- if (AES_InitContext(&ctx->cipher.aes, key, key_len, NULL, NSS_AES, 1,
|
|
|
cae166 |
- ctx->blockSize) != SECSuccess) {
|
|
|
cae166 |
+ ctx->cipher.aes = AES_CreateContext(key, NULL, NSS_AES, 1, key_len,
|
|
|
cae166 |
+ ctx->blockSize);
|
|
|
cae166 |
+ if (ctx->cipher.aes == NULL) {
|
|
|
cae166 |
return SECFailure;
|
|
|
cae166 |
}
|
|
|
cae166 |
|
|
|
cae166 |
@@ -308,8 +309,8 @@
|
|
|
cae166 |
return;
|
|
|
cae166 |
}
|
|
|
cae166 |
|
|
|
cae166 |
- if (ctx->cipherType == CMAC_AES) {
|
|
|
cae166 |
- AES_DestroyContext(&ctx->cipher.aes, PR_FALSE);
|
|
|
cae166 |
+ if (ctx->cipherType == CMAC_AES && ctx->cipher.aes != NULL) {
|
|
|
cae166 |
+ AES_DestroyContext(ctx->cipher.aes, PR_TRUE);
|
|
|
cae166 |
}
|
|
|
cae166 |
|
|
|
cae166 |
/* Destroy everything in the context. This includes sensitive data in
|
|
|
cae166 |
|