Rework and reword the guarantees on output_size

To simplify the documentation, and because there are only two realistic behaviors in practice, only allow two behaviors for multipart output: immediate output, or buffering of the last partial block. State some simple rules that applications can follow if they don't care about the details. Explicitly state how much output is needed for finish(). Only require the buffer size to be the size of the actual output, not the size of the potential output in the worst case. Rename the parameter from output_len to output_size since it's a buffer size and not necessarily the length of the data. No longer guarantee that the built-in implementation produces immediate output. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-18 22:31:53 +02:00 · 2021-05-18 22:31:53 +02:00 · b7bb0687f7
commit b7bb0687f7
parent d9380b5270
2 changed files with 30 additions and 27 deletions
--- a/library/gcm.c
+++ b/library/gcm.c
@ -488,7 +488,7 @@ int mbedtls_gcm_update( mbedtls_gcm_context *ctx,
 }

 int mbedtls_gcm_finish( mbedtls_gcm_context *ctx,
-                        unsigned char *output, size_t output_len,
+                        unsigned char *output, size_t output_size,
                        unsigned char *tag, size_t tag_len )
 {
    unsigned char work_buf[16];
@ -502,7 +502,7 @@ int mbedtls_gcm_finish( mbedtls_gcm_context *ctx,
    /* We never pass any output in finish(). The output parameter exists only
     * for the sake of alternative implementations. */
    (void) output;
-    (void) output_len;
+    (void) output_size;

    orig_len = ctx->len * 8;
    orig_add_len = ctx->add_len * 8;