fix aesccm when using m2crypto

Author: Ivan Nikolchev

tlslite/utils/aesccm.py

@@ -101,7 +101,12 @@ def seal(self, nonce, msg, aad):
 
         mac = self._cbcmac_calc(nonce, aad, msg)
         self._ctr.counter = s_0
-        auth_value = self._ctr.encrypt(mac)
+        if self.tagLength == 16:
+            auth_value = self._ctr.encrypt(mac)
+        else:
+            assert self.tagLength == 8
+            self._pad_with_zeroes(mac, 16)
+            auth_value = self._ctr.encrypt(mac)[:8]
         enc_msg = self._ctr.encrypt(msg)
 
         ciphertext = enc_msg + auth_value
@@ -127,7 +132,12 @@ def open(self, nonce, ciphertext, aad):
 
         # We decrypt the auth value
         self._ctr.counter = s_0
-        received_mac = self._ctr.decrypt(auth_value)
+        if self.tagLength == 16:
+            received_mac = self._ctr.decrypt(auth_value)
+        else:
+            assert self.tagLength == 8
+            self._pad_with_zeroes(auth_value, 16)
+            received_mac = self._ctr.decrypt(auth_value)[:8]
         msg = self._ctr.decrypt(ciphertext)
         msg = msg[:-self.tagLength]
         computed_mac = self._cbcmac_calc(nonce, aad, msg)

tlslite/utils/openssl_aes.py

@@ -25,10 +25,21 @@ def __init__(self, key, mode, IV):
             # IV argument/field names are a part of the interface
             # pylint: disable=invalid-name
             AES.__init__(self, key, mode, IV, "openssl")
-            self.IV, self._key = IV, key
+            self._IV, self._key = IV, key
             self._context = None
             self._encrypt = None
 
+        @property
+        def IV(self):
+            return self._IV
+
+        @IV.setter
+        def IV(self, iv):
+            if self._context is not None:
+                m2.cipher_ctx_free(self._context)
+            self._IV = iv
+            self._init_context()
+
         def _init_context(self, encrypt=True):
             if len(self._key) == 16:
                 cipherType = m2.aes_128_cbc()
@@ -37,7 +48,7 @@ def _init_context(self, encrypt=True):
             if len(self._key) == 32:
                 cipherType = m2.aes_256_cbc()
             self._context = m2.cipher_ctx_new()
-            m2.cipher_init(self._context, cipherType, self._key, self.IV,
+            m2.cipher_init(self._context, cipherType, self._key, self._IV,
                            int(encrypt))
             m2.cipher_set_padding(self._context, 0)
             self._encrypt = encrypt