diff --git a/.gitignore b/.gitignore index 44ff8d102..4b3571f6a 100644 --- a/.gitignore +++ b/.gitignore @@ -30,6 +30,7 @@ tags .tags* cyassl-config cyassl.sublime* +fips.c ctaocrypt/benchmark/benchmark ctaocrypt/test/testctaocrypt examples/client/client diff --git a/configure.ac b/configure.ac index 46e52421e..634885ba2 100644 --- a/configure.ac +++ b/configure.ac @@ -1058,6 +1058,25 @@ fi AM_CONDITIONAL([BUILD_RABBIT], [test "x$ENABLED_RABBIT" = "xyes"]) +# FIPS +AC_ARG_ENABLE([fips], + [ --enable-fips Enable FIPS 140-2 (default: disabled)], + [ ENABLED_FIPS=$enableval ], + [ ENABLED_FIPS=no ] + ) + +if test "x$ENABLED_FIPS" = "xyes" +then + if test "$thread_ls_on" = "no" + then + AC_MSG_ERROR([FIPS requires Thread Local Storage]) + fi + AM_CFLAGS="$AM_CFLAGS -DHAVE_FIPS" +fi + +AM_CONDITIONAL([BUILD_FIPS], [test "x$ENABLED_FIPS" = "xyes"]) + + # Filesystem Build AC_ARG_ENABLE([filesystem], [ --enable-filesystem Enable Filesystem support (default: enabled)], diff --git a/ctaocrypt/benchmark/benchmark.c b/ctaocrypt/benchmark/benchmark.c index 8002986a7..734d5b4cb 100644 --- a/ctaocrypt/benchmark/benchmark.c +++ b/ctaocrypt/benchmark/benchmark.c @@ -274,13 +274,20 @@ void bench_aes(int show) Aes enc; double start, total, persec; int i; + int ret; #ifdef HAVE_CAVIUM - if (AesInitCavium(&enc, CAVIUM_DEV_ID) != 0) + if (AesInitCavium(&enc, CAVIUM_DEV_ID) != 0) { printf("aes init cavium failed\n"); + return; + } #endif - AesSetKey(&enc, key, 16, iv, AES_ENCRYPTION); + ret = AesSetKey(&enc, key, 16, iv, AES_ENCRYPTION); + if (ret != 0) { + printf("AesSetKey failed, ret = %d\n", ret); + return; + } start = current_time(1); for(i = 0; i < numBlocks; i++) @@ -295,7 +302,7 @@ void bench_aes(int show) #endif if (show) - printf("AES %d %s took %5.3f seconds, %6.3f MB/s\n", numBlocks, + printf("AES %d %s took %5.3f seconds, %7.3f MB/s\n", numBlocks, blockType, total, persec); #ifdef HAVE_CAVIUM AesFreeCavium(&enc); @@ -332,7 +339,7 @@ void bench_aesgcm(void) persec = persec / 1024; #endif - printf("AES-GCM %d %s took %5.3f seconds, %6.3f MB/s\n", numBlocks, + printf("AES-GCM %d %s took %5.3f seconds, %7.3f MB/s\n", numBlocks, blockType, total, persec); } #endif @@ -358,7 +365,7 @@ void bench_aesctr(void) persec = persec / 1024; #endif - printf("AES-CTR %d %s took %5.3f seconds, %6.3f MB/s\n", numBlocks, + printf("AES-CTR %d %s took %5.3f seconds, %7.3f MB/s\n", numBlocks, blockType, total, persec); } #endif @@ -387,7 +394,7 @@ void bench_aesccm(void) persec = persec / 1024; #endif - printf("AES-CCM %d %s took %5.3f seconds, %6.3f MB/s\n", numBlocks, + printf("AES-CCM %d %s took %5.3f seconds, %7.3f MB/s\n", numBlocks, blockType, total, persec); } #endif @@ -414,7 +421,7 @@ void bench_camellia(void) persec = persec / 1024; #endif - printf("Camellia %d %s took %5.3f seconds, %6.3f MB/s\n", numBlocks, + printf("Camellia %d %s took %5.3f seconds, %7.3f MB/s\n", numBlocks, blockType, total, persec); } #endif @@ -445,7 +452,7 @@ void bench_des(void) persec = persec / 1024; #endif - printf("3DES %d %s took %5.3f seconds, %6.3f MB/s\n", numBlocks, + printf("3DES %d %s took %5.3f seconds, %7.3f MB/s\n", numBlocks, blockType, total, persec); #ifdef HAVE_CAVIUM Des3_FreeCavium(&enc); @@ -479,7 +486,7 @@ void bench_arc4(void) persec = persec / 1024; #endif - printf("ARC4 %d %s took %5.3f seconds, %6.3f MB/s\n", numBlocks, + printf("ARC4 %d %s took %5.3f seconds, %7.3f MB/s\n", numBlocks, blockType, total, persec); #ifdef HAVE_CAVIUM Arc4FreeCavium(&enc); @@ -508,7 +515,7 @@ void bench_hc128(void) persec = persec / 1024; #endif - printf("HC128 %d %s took %5.3f seconds, %6.3f MB/s\n", numBlocks, + printf("HC128 %d %s took %5.3f seconds, %7.3f MB/s\n", numBlocks, blockType, total, persec); } #endif /* HAVE_HC128 */ @@ -534,7 +541,7 @@ void bench_rabbit(void) persec = persec / 1024; #endif - printf("RABBIT %d %s took %5.3f seconds, %6.3f MB/s\n", numBlocks, + printf("RABBIT %d %s took %5.3f seconds, %7.3f MB/s\n", numBlocks, blockType, total, persec); } #endif /* NO_RABBIT */ @@ -563,7 +570,7 @@ void bench_md5(void) persec = persec / 1024; #endif - printf("MD5 %d %s took %5.3f seconds, %6.3f MB/s\n", numBlocks, + printf("MD5 %d %s took %5.3f seconds, %7.3f MB/s\n", numBlocks, blockType, total, persec); } #endif /* NO_MD5 */ @@ -592,7 +599,7 @@ void bench_sha(void) persec = persec / 1024; #endif - printf("SHA %d %s took %5.3f seconds, %6.3f MB/s\n", numBlocks, + printf("SHA %d %s took %5.3f seconds, %7.3f MB/s\n", numBlocks, blockType, total, persec); } #endif /* NO_SHA */ @@ -621,7 +628,7 @@ void bench_sha256(void) persec = persec / 1024; #endif - printf("SHA-256 %d %s took %5.3f seconds, %6.3f MB/s\n", numBlocks, + printf("SHA-256 %d %s took %5.3f seconds, %7.3f MB/s\n", numBlocks, blockType, total, persec); } #endif @@ -649,7 +656,7 @@ void bench_sha512(void) persec = persec / 1024; #endif - printf("SHA-512 %d %s took %5.3f seconds, %6.3f MB/s\n", numBlocks, + printf("SHA-512 %d %s took %5.3f seconds, %7.3f MB/s\n", numBlocks, blockType, total, persec); } #endif @@ -677,7 +684,7 @@ void bench_ripemd(void) persec = persec / 1024; #endif - printf("RIPEMD %d %s took %5.3f seconds, %6.3f MB/s\n", numBlocks, + printf("RIPEMD %d %s took %5.3f seconds, %7.3f MB/s\n", numBlocks, blockType, total, persec); } #endif @@ -706,7 +713,7 @@ void bench_blake2(void) persec = persec / 1024; #endif - printf("BLAKE2b %d %s took %5.3f seconds, %6.3f MB/s\n", numBlocks, + printf("BLAKE2b %d %s took %5.3f seconds, %7.3f MB/s\n", numBlocks, blockType, total, persec); } #endif diff --git a/ctaocrypt/src/aes.c b/ctaocrypt/src/aes.c index 02a15690a..3fd6bd70c 100644 --- a/ctaocrypt/src/aes.c +++ b/ctaocrypt/src/aes.c @@ -27,6 +27,11 @@ #ifndef NO_AES +#ifdef HAVE_FIPS + /* set NO_WRAPPERS before headers, use direct internal f()s not wrappers */ + #define FIPS_NO_WRAPPERS +#endif + #include #include #include @@ -46,6 +51,7 @@ #endif + #ifdef HAVE_CAVIUM static int AesCaviumSetKey(Aes* aes, const byte* key, word32 length, const byte* iv); diff --git a/ctaocrypt/test/test.c b/ctaocrypt/test/test.c index 32765a2cd..0675d920e 100644 --- a/ctaocrypt/test/test.c +++ b/ctaocrypt/test/test.c @@ -1860,6 +1860,7 @@ int aes_test(void) byte cipher[AES_BLOCK_SIZE * 4]; byte plain [AES_BLOCK_SIZE * 4]; + int ret; #ifdef HAVE_CAVIUM if (AesInitCavium(&enc, CAVIUM_DEV_ID) != 0) @@ -1867,11 +1868,19 @@ int aes_test(void) if (AesInitCavium(&dec, CAVIUM_DEV_ID) != 0) return -20004; #endif - AesSetKey(&enc, key, AES_BLOCK_SIZE, iv, AES_ENCRYPTION); - AesSetKey(&dec, key, AES_BLOCK_SIZE, iv, AES_DECRYPTION); + ret = AesSetKey(&enc, key, AES_BLOCK_SIZE, iv, AES_ENCRYPTION); + if (ret != 0) + return -1001; + ret = AesSetKey(&dec, key, AES_BLOCK_SIZE, iv, AES_DECRYPTION); + if (ret != 0) + return -1002; - AesCbcEncrypt(&enc, cipher, msg, AES_BLOCK_SIZE); - AesCbcDecrypt(&dec, plain, cipher, AES_BLOCK_SIZE); + ret = AesCbcEncrypt(&enc, cipher, msg, AES_BLOCK_SIZE); + if (ret != 0) + return -1005; + ret = AesCbcDecrypt(&dec, plain, cipher, AES_BLOCK_SIZE); + if (ret != 0) + return -1006; if (memcmp(plain, msg, AES_BLOCK_SIZE)) return -60; @@ -1990,13 +1999,17 @@ int aes_test(void) }; XMEMSET(cipher, 0, AES_BLOCK_SIZE); - AesSetKey(&enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION); + ret = AesSetKey(&enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION); + if (ret != 0) + return -1003; AesEncryptDirect(&enc, cipher, niPlain); if (XMEMCMP(cipher, niCipher, AES_BLOCK_SIZE) != 0) return -20006; XMEMSET(plain, 0, AES_BLOCK_SIZE); - AesSetKey(&dec, niKey, sizeof(niKey), plain, AES_DECRYPTION); + ret = AesSetKey(&dec, niKey, sizeof(niKey), plain, AES_DECRYPTION); + if (ret != 0) + return -1004; AesDecryptDirect(&dec, plain, niCipher); if (XMEMCMP(plain, niPlain, AES_BLOCK_SIZE) != 0) return -20007; diff --git a/cyassl/ctaocrypt/aes.h b/cyassl/ctaocrypt/aes.h index b08e4e86a..371778b62 100644 --- a/cyassl/ctaocrypt/aes.h +++ b/cyassl/ctaocrypt/aes.h @@ -149,6 +149,25 @@ CYASSL_API int AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz, CYASSL_API void AesFreeCavium(Aes*); #endif + +#ifdef HAVE_FIPS + /* fips wrapper calls, user can call direct */ + CYASSL_API int AesSetKey_fips(Aes* aes, const byte* key, word32 len, + const byte* iv, int dir); + CYASSL_API int AesCbcEncrypt_fips(Aes* aes, byte* out, const byte* in, + word32 sz); + CYASSL_API int AesCbcDecrypt_fips(Aes* aes, byte* out, const byte* in, + word32 sz); + #ifndef FIPS_NO_WRAPPERS + /* if not internal or fips.c consumer force fips calls if fips build */ + #define AesSetKey AesSetKey_fips + #define AesCbcEncrypt AesCbcEncrypt_fips + #define AesCbcDecrypt AesCbcDecrypt_fips + #endif /* FIPS_NO_WRAPPERS */ + +#endif /* HAVE_FIPS */ + + #ifdef __cplusplus } /* extern "C" */ #endif diff --git a/cyassl/sniffer_error.h b/cyassl/sniffer_error.h index 586efcb7d..f8528668f 100644 --- a/cyassl/sniffer_error.h +++ b/cyassl/sniffer_error.h @@ -101,6 +101,7 @@ #define BAD_COMPRESSION_STR 67 #define BAD_DERIVE_STR 68 #define ACK_MISSED_STR 69 +#define BAD_DECRYPT 70 /* !!!! also add to msgTable in sniffer.c and .rc file !!!! */ diff --git a/cyassl/sniffer_error.rc b/cyassl/sniffer_error.rc index 6171f7849..516f7aa11 100644 --- a/cyassl/sniffer_error.rc +++ b/cyassl/sniffer_error.rc @@ -83,5 +83,6 @@ STRINGTABLE 67, "Bad Compression Type" 68, "Bad DeriveKeys Error" 69, "Saw ACK for Missing Packet Error" + 70, "Bad Decrypt Operation" } diff --git a/src/include.am b/src/include.am index e57f0f6fc..ce201cf2a 100644 --- a/src/include.am +++ b/src/include.am @@ -36,6 +36,10 @@ if BUILD_ASN src_libcyassl_la_SOURCES += ctaocrypt/src/asn.c endif +if BUILD_FIPS +src_libcyassl_la_SOURCES += ctaocrypt/src/fips.c +endif + if BUILD_CODING src_libcyassl_la_SOURCES += ctaocrypt/src/coding.c endif diff --git a/src/keys.c b/src/keys.c index 1f43600d7..2a54f09f3 100644 --- a/src/keys.c +++ b/src/keys.c @@ -1614,6 +1614,8 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, #ifdef BUILD_AES if (specs->bulk_cipher_algorithm == cyassl_aes) { + int aesRet = 0; + if (enc->aes == NULL) enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER); if (enc->aes == NULL) @@ -1635,20 +1637,28 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs, } #endif if (side == CYASSL_CLIENT_END) { - AesSetKey(enc->aes, keys->client_write_key, - specs->key_size, keys->client_write_IV, - AES_ENCRYPTION); - AesSetKey(dec->aes, keys->server_write_key, - specs->key_size, keys->server_write_IV, - AES_DECRYPTION); + aesRet = AesSetKey(enc->aes, keys->client_write_key, + specs->key_size, keys->client_write_IV, + AES_ENCRYPTION); + if (aesRet != 0) + return aesRet; + aesRet = AesSetKey(dec->aes, keys->server_write_key, + specs->key_size, keys->server_write_IV, + AES_DECRYPTION); + if (aesRet != 0) + return aesRet; } else { - AesSetKey(enc->aes, keys->server_write_key, - specs->key_size, keys->server_write_IV, - AES_ENCRYPTION); - AesSetKey(dec->aes, keys->client_write_key, - specs->key_size, keys->client_write_IV, - AES_DECRYPTION); + aesRet = AesSetKey(enc->aes, keys->server_write_key, + specs->key_size, keys->server_write_IV, + AES_ENCRYPTION); + if (aesRet != 0) + return aesRet; + aesRet = AesSetKey(dec->aes, keys->client_write_key, + specs->key_size, keys->client_write_IV, + AES_DECRYPTION); + if (aesRet != 0) + return aesRet; } enc->setup = 1; dec->setup = 1; diff --git a/src/sniffer.c b/src/sniffer.c index 4f6d7c21d..85c00093e 100644 --- a/src/sniffer.c +++ b/src/sniffer.c @@ -224,7 +224,8 @@ static const char* const msgTable[] = "Bad Finished Message Processing", "Bad Compression Type", "Bad DeriveKeys Error", - "Saw ACK for Missing Packet Error" + "Saw ACK for Missing Packet Error", + "Bad Decrypt Operation" }; @@ -1557,9 +1558,11 @@ static int DoHandShake(const byte* input, int* sslBytes, } -/* Decrypt input into plain output */ -static void Decrypt(SSL* ssl, byte* output, const byte* input, word32 sz) +/* Decrypt input into plain output, 0 on success */ +static int Decrypt(SSL* ssl, byte* output, const byte* input, word32 sz) { + int ret = 0; + switch (ssl->specs.bulk_cipher_algorithm) { #ifdef BUILD_ARC4 case cyassl_rc4: @@ -1575,7 +1578,7 @@ static void Decrypt(SSL* ssl, byte* output, const byte* input, word32 sz) #ifdef BUILD_AES case cyassl_aes: - AesCbcDecrypt(ssl->decrypt.aes, output, input, sz); + ret = AesCbcDecrypt(ssl->decrypt.aes, output, input, sz); break; #endif @@ -1599,18 +1602,25 @@ static void Decrypt(SSL* ssl, byte* output, const byte* input, word32 sz) default: Trace(BAD_DECRYPT_TYPE); + ret = -1; break; } + + return ret; } /* Decrypt input message into output, adjust output steam if needed */ static const byte* DecryptMessage(SSL* ssl, const byte* input, word32 sz, - byte* output) + byte* output, int* error) { int ivExtra = 0; - Decrypt(ssl, output, input, sz); + int ret = Decrypt(ssl, output, input, sz); + if (ret != 0) { + *error = ret; + return NULL; + } ssl->keys.encryptSz = sz; if (ssl->options.tls1_1 && ssl->specs.cipher_type == block) { output += ssl->specs.block_size; /* go past TLSv1.1 IV */ @@ -2320,6 +2330,7 @@ static int ProcessMessage(const byte* sslFrame, SnifferSession* session, RecordLayerHeader rh; int rhSize = 0; int ret; + int errCode = 0; int decoded = 0; /* bytes stored for user in data */ int notEnough; /* notEnough bytes yet flag */ SSL* ssl = (session->flags.side == CYASSL_SERVER_END) ? @@ -2372,7 +2383,11 @@ doMessage: return -1; } sslFrame = DecryptMessage(ssl, sslFrame, rhSize, - ssl->buffers.outputBuffer.buffer); + ssl->buffers.outputBuffer.buffer, &errCode); + if (errCode != 0) { + SetError(BAD_DECRYPT, error, session, FATAL_ERROR_STATE); + return -1; + } } switch ((enum ContentType)rh.type) { diff --git a/src/ssl.c b/src/ssl.c index 101082fec..12f3d2b9f 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -2018,6 +2018,7 @@ int CyaSSL_Init(void) XFREE(der.buffer, heap, dynamicType); return ret; } + ret = 0; /* back to good status */ if (XSTRNCMP(info.name, "DES-CBC", 7) == 0) { Des enc; @@ -2031,23 +2032,34 @@ int CyaSSL_Init(void) } else if (XSTRNCMP(info.name, "AES-128-CBC", 13) == 0) { Aes enc; - AesSetKey(&enc, key, AES_128_KEY_SIZE, info.iv, AES_DECRYPTION); - AesCbcDecrypt(&enc, der.buffer, der.buffer, der.length); + ret = AesSetKey(&enc, key, AES_128_KEY_SIZE, info.iv, + AES_DECRYPTION); + if (ret == 0) + ret = AesCbcDecrypt(&enc, der.buffer,der.buffer,der.length); } else if (XSTRNCMP(info.name, "AES-192-CBC", 13) == 0) { Aes enc; - AesSetKey(&enc, key, AES_192_KEY_SIZE, info.iv, AES_DECRYPTION); - AesCbcDecrypt(&enc, der.buffer, der.buffer, der.length); + ret = AesSetKey(&enc, key, AES_192_KEY_SIZE, info.iv, + AES_DECRYPTION); + if (ret == 0) + ret = AesCbcDecrypt(&enc, der.buffer,der.buffer,der.length); } else if (XSTRNCMP(info.name, "AES-256-CBC", 13) == 0) { Aes enc; - AesSetKey(&enc, key, AES_256_KEY_SIZE, info.iv, AES_DECRYPTION); - AesCbcDecrypt(&enc, der.buffer, der.buffer, der.length); + ret = AesSetKey(&enc, key, AES_256_KEY_SIZE, info.iv, + AES_DECRYPTION); + if (ret == 0) + ret = AesCbcDecrypt(&enc, der.buffer,der.buffer,der.length); } else { XFREE(der.buffer, heap, dynamicType); return SSL_BAD_FILE; } + + if (ret != 0) { + XFREE(der.buffer, heap, dynamicType); + return ret; + } } #endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */ @@ -6723,6 +6735,8 @@ int CyaSSL_set_compression(CYASSL* ssl) const CYASSL_EVP_CIPHER* type, byte* key, byte* iv, int enc) { + int ret = 0; + CYASSL_ENTER("CyaSSL_EVP_CipherInit"); if (ctx == NULL) { CYASSL_MSG("no ctx"); @@ -6741,9 +6755,12 @@ int CyaSSL_set_compression(CYASSL* ssl) ctx->keyLen = 16; if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; - if (key) - AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv, - ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION); + if (key) { + ret = AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv, + ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION); + if (ret != 0) + return ret; + } if (iv && key == NULL) AesSetIV(&ctx->cipher.aes, iv); } @@ -6754,9 +6771,12 @@ int CyaSSL_set_compression(CYASSL* ssl) ctx->keyLen = 24; if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; - if (key) - AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv, - ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION); + if (key) { + ret = AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv, + ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION); + if (ret != 0) + return ret; + } if (iv && key == NULL) AesSetIV(&ctx->cipher.aes, iv); } @@ -6767,9 +6787,12 @@ int CyaSSL_set_compression(CYASSL* ssl) ctx->keyLen = 32; if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; - if (key) - AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv, - ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION); + if (key) { + ret = AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv, + ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION); + if (ret != 0) + return ret; + } if (iv && key == NULL) AesSetIV(&ctx->cipher.aes, iv); } @@ -6781,9 +6804,12 @@ int CyaSSL_set_compression(CYASSL* ssl) ctx->keyLen = 16; if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; - if (key) - AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv, - AES_ENCRYPTION); + if (key) { + ret = AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv, + AES_ENCRYPTION); + if (ret != 0) + return ret; + } if (iv && key == NULL) AesSetIV(&ctx->cipher.aes, iv); } @@ -6794,9 +6820,12 @@ int CyaSSL_set_compression(CYASSL* ssl) ctx->keyLen = 24; if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; - if (key) - AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv, - AES_ENCRYPTION); + if (key) { + ret = AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv, + AES_ENCRYPTION); + if (ret != 0) + return ret; + } if (iv && key == NULL) AesSetIV(&ctx->cipher.aes, iv); } @@ -6807,9 +6836,12 @@ int CyaSSL_set_compression(CYASSL* ssl) ctx->keyLen = 32; if (enc == 0 || enc == 1) ctx->enc = enc ? 1 : 0; - if (key) - AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv, - AES_ENCRYPTION); + if (key) { + ret = AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv, + AES_ENCRYPTION); + if (ret != 0) + return ret; + } if (iv && key == NULL) AesSetIV(&ctx->cipher.aes, iv); }