Make additional fixes to the AES-GCM decrypt final code.

haydenroche5 · haydenroche5 · commit 61055b7ffed7 · 2021-11-01T12:36:21.000-07:00
- When deferring decryption to the "final" call, return 0, since no data was
decrypted. In the final call, return the length of decrypted data.
- Set tag length to 0 after decrypt final.

This fixes a problem with OpenVPN + wolfEngine.
diff --git a/src/we_aes_gcm.c b/src/we_aes_gcm.c
@@ -397,7 +397,6 @@ static int we_aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                 }
             }
             if (ret == 1) {
-
                 WOLFENGINE_MSG_VERBOSE(WE_LOG_CIPHER, "Encrypted %zu bytes "
                                        "(AES-GCM):", len);
                 WOLFENGINE_BUFFER(WE_LOG_CIPHER, out, (unsigned int)len);
@@ -427,6 +426,8 @@ static int we_aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
                     XMEMCPY(aes->decryptBuf, in, len);
                     aes->decryptBufLen = len;
                 }
+                /* No data decrypted, yet, so return 0. */
+                ret = 0;
             }
             else
         #endif
@@ -453,10 +454,7 @@ static int we_aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
         if (!aes->enc) {
             ret = we_aes_gcm_decrypt(aes, out, aes->decryptBuf,
                 aes->decryptBufLen);
-
-            OPENSSL_free(aes->decryptBuf);
-            aes->decryptBuf = NULL;
-            aes->decryptBufLen = 0;
+            aes->tagLen = 0;
         }
     #endif
 
@@ -470,6 +468,20 @@ static int we_aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
             }
         }
 
+    #ifdef WE_AES_GCM_DECRYPT_ON_FINAL
+        if (!aes->enc) {
+            if (ret != -1) {
+                /* Return the length of decryption now that we've actually
+                 * decrypted. */
+                ret = aes->decryptBufLen;
+            }
+
+            OPENSSL_free(aes->decryptBuf);
+            aes->decryptBuf = NULL;
+            aes->decryptBufLen = 0;
+        }
+    #endif
+
         if (aes->aad != NULL) {
             OPENSSL_free(aes->aad);
             aes->aad = NULL;
