Cleanups for the ti-aes.c code to conform with coding standards.

2025-07-29 18:27:29 +02:00 · 2023-11-22 12:45:46 -08:00
parent 0c9555b29e
commit d17955f2d0
1 changed files with 320 additions and 286 deletions
--- a/wolfcrypt/src/port/ti/ti-aes.c
+++ b/wolfcrypt/src/port/ti/ti-aes.c
@ -26,10 +26,8 @@

 #include <wolfssl/wolfcrypt/settings.h>

-#ifndef NO_AES
+#if !defined(NO_AES) && defined(WOLFSSL_TI_CRYPT)

-
-#if defined(WOLFSSL_TI_CRYPT)
 #include <stdbool.h>
 #include <stdint.h>

@ -45,7 +43,14 @@
 #include "driverlib/rom_map.h"
 #include "driverlib/rom.h"

-static int  AesSetIV(Aes* aes, const byte* iv)
+#define AES_CFG_MODE_CTR_NOCTR (AES_CFG_MODE_CTR + 100)
+#define IS_ALIGN16(p) (((unsigned int)(p) & 0xf) == 0)
+#define ROUNDUP_16(n) ((n+15) & 0xfffffff0)
+#ifndef TI_BUFFSIZE
+#define TI_BUFFSIZE 1024
+#endif
+
+static int AesSetIV(Aes* aes, const byte* iv)
 {
    if (aes == NULL)
        return BAD_FUNC_ARG;
@ -58,196 +63,198 @@ static int  AesSetIV(Aes* aes, const byte* iv)
    return 0;
 }

-WOLFSSL_API int  wc_AesSetKey(Aes* aes, const byte* key, word32 len, const byte* iv,
-                          int dir)
+int wc_AesSetKey(Aes* aes, const byte* key, word32 len, const byte* iv, int dir)
 {
-    if(!wolfSSL_TI_CCMInit())return 1 ;
+    if (!wolfSSL_TI_CCMInit())
+        return 1;
    if ((aes == NULL) || (key == NULL) || (iv == NULL))
        return BAD_FUNC_ARG;
-    if(!((dir == AES_ENCRYPTION) || (dir == AES_DECRYPTION)))
+    if (!((dir == AES_ENCRYPTION) || (dir == AES_DECRYPTION)))
        return BAD_FUNC_ARG;

-    switch(len) {
-    case 16: aes->keylen = AES_CFG_KEY_SIZE_128BIT ; break ;
-    case 24: aes->keylen = AES_CFG_KEY_SIZE_192BIT ; break ;
-    case 32: aes->keylen = AES_CFG_KEY_SIZE_256BIT ; break ;
+    switch (len) {
+        case 16: aes->keylen = AES_CFG_KEY_SIZE_128BIT; break;
+        case 24: aes->keylen = AES_CFG_KEY_SIZE_192BIT; break;
+        case 32: aes->keylen = AES_CFG_KEY_SIZE_256BIT; break;
    default: return BAD_FUNC_ARG;
    }

-    XMEMCPY(aes->key, key, len) ;
-    #ifdef WOLFSSL_AES_COUNTER
+    XMEMCPY(aes->key, key, len);
+#ifdef WOLFSSL_AES_COUNTER
    aes->left = 0;
-    #endif /* WOLFSSL_AES_COUNTER */
+#endif
    return AesSetIV(aes, iv);
 }

-#define AES_CFG_MODE_CTR_NOCTR AES_CFG_MODE_CTR+100
-#define IS_ALIGN16(p) (((unsigned int)(p)&0xf) == 0)
-
-static int  AesAlign16(Aes* aes, byte* out, const byte* in, word32 sz, word32 dir, word32 mode)
+static int AesAlign16(Aes* aes, byte* out, const byte* in, word32 sz,
+    word32 dir, word32 mode)
 {
-    wolfSSL_TI_lockCCM() ;
+    /* Processed aligned chunk to HW AES */
+    wolfSSL_TI_lockCCM();
    ROM_AESReset(AES_BASE);
    ROM_AESConfigSet(AES_BASE, (aes->keylen | dir |
-                     (mode==AES_CFG_MODE_CTR_NOCTR ? AES_CFG_MODE_CTR : mode)));
+        (mode == AES_CFG_MODE_CTR_NOCTR ? AES_CFG_MODE_CTR : mode)));
    ROM_AESIVSet(AES_BASE, (uint32_t *)aes->reg);
    ROM_AESKey1Set(AES_BASE, (uint32_t *)aes->key, aes->keylen);
-    if((dir == AES_CFG_DIR_DECRYPT)&& (mode == AES_CFG_MODE_CBC))
+    if ((dir == AES_CFG_DIR_DECRYPT)&& (mode == AES_CFG_MODE_CBC)) {
        /* if input and output same will overwrite input iv */
        XMEMCPY(aes->tmp, in + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
+    }
    ROM_AESDataProcess(AES_BASE, (uint32_t *)in, (uint32_t *)out, sz);
-    wolfSSL_TI_unlockCCM() ;
+    wolfSSL_TI_unlockCCM();

    /* store iv for next call */
-    if(mode == AES_CFG_MODE_CBC){
-        if(dir == AES_CFG_DIR_ENCRYPT)
+    if (mode == AES_CFG_MODE_CBC){
+        if (dir == AES_CFG_DIR_ENCRYPT)
            XMEMCPY(aes->reg, out + sz - AES_BLOCK_SIZE, AES_BLOCK_SIZE);
        else
            XMEMCPY(aes->reg, aes->tmp, AES_BLOCK_SIZE);
    }

-    if(mode == AES_CFG_MODE_CTR) {
+    if (mode == AES_CFG_MODE_CTR) {
        do {
-            int i ;
+            int i;
            for (i = AES_BLOCK_SIZE - 1; i >= 0; i--) {
                 if (++((byte *)aes->reg)[i])
-                     break ;
+                     break;
            }
-            sz -= AES_BLOCK_SIZE ;
-        } while((int)sz > 0) ;
+            sz -= AES_BLOCK_SIZE;
+        } while ((int)sz > 0);
    }

-    return 0 ;
+    return 0;
 }

-static int  AesProcess(Aes* aes, byte* out, const byte* in, word32 sz, word32 dir, word32 mode)
+static int AesProcess(Aes* aes, byte* out, const byte* in, word32 sz,
+    word32 dir, word32 mode)
 {
-    const byte * in_p ; byte * out_p ;
-    word32 size ;
-    #define TI_BUFFSIZE 1024
-    byte buff[TI_BUFFSIZE] ;
+    const byte * in_p; byte * out_p;
+    word32 size;
+    byte buff[TI_BUFFSIZE];

    if ((aes == NULL) || (in == NULL) || (out == NULL))
        return BAD_FUNC_ARG;
-    if(sz % AES_BLOCK_SIZE)
+    if (sz % AES_BLOCK_SIZE)
        return BAD_FUNC_ARG;

-    while(sz > 0) {
-        size = sz ; in_p = in ; out_p = out ;
-        if(!IS_ALIGN16(in)){
-            size = sz>TI_BUFFSIZE ? TI_BUFFSIZE : sz ;
-            XMEMCPY(buff, in, size) ;
-            in_p = (const byte *)buff ;
+    while (sz > 0) {
+        size = sz; in_p = in; out_p = out;
+        if (!IS_ALIGN16(in)){
+            size = sz > TI_BUFFSIZE ? TI_BUFFSIZE : sz;
+            XMEMCPY(buff, in, size);
+            in_p = (const byte *)buff;
        }
-        if(!IS_ALIGN16(out)){
-            size = sz>TI_BUFFSIZE ? TI_BUFFSIZE : sz ;
-            out_p = buff ;
+        if (!IS_ALIGN16(out)){
+            size = sz > TI_BUFFSIZE ? TI_BUFFSIZE : sz;
+            out_p = buff;
        }

-        AesAlign16(aes, out_p, in_p, size, dir, mode) ;
+        AesAlign16(aes, out_p, in_p, size, dir, mode);

-        if(!IS_ALIGN16(out)){
-            XMEMCPY(out, buff, size) ;
+        if (!IS_ALIGN16(out)){
+            XMEMCPY(out, buff, size);
        }
-        sz -= size ; in += size ; out += size ;
+        sz -= size; in += size; out += size;
    }

-    return 0 ;
+    return 0;
 }

-WOLFSSL_API int  wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+int wc_AesCbcEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 {
-    return AesProcess(aes, out, in, sz, AES_CFG_DIR_ENCRYPT, AES_CFG_MODE_CBC) ;
+    return AesProcess(aes, out, in, sz, AES_CFG_DIR_ENCRYPT, AES_CFG_MODE_CBC);
 }

-WOLFSSL_API int  wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+int wc_AesCbcDecrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 {
-    return AesProcess(aes, out, in, sz, AES_CFG_DIR_DECRYPT, AES_CFG_MODE_CBC) ;
+    return AesProcess(aes, out, in, sz, AES_CFG_DIR_DECRYPT, AES_CFG_MODE_CBC);
 }

 #ifdef WOLFSSL_AES_COUNTER
-WOLFSSL_API int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
+int wc_AesCtrEncrypt(Aes* aes, byte* out, const byte* in, word32 sz)
 {
-            char out_block[AES_BLOCK_SIZE] ;
-            int odd ;
-            int even ;
-            char *tmp ; /* (char *)aes->tmp, for short */
-            int ret;
+    char out_block[AES_BLOCK_SIZE];
+    int odd;
+    int even;
+    char *tmp; /* (char *)aes->tmp, for short */
+    int ret;

-            tmp = (char *)aes->tmp ;
-            if(aes->left) {
-                if((aes->left + sz) >= AES_BLOCK_SIZE){
-                    odd = AES_BLOCK_SIZE - aes->left ;
-                } else {
-                    odd = sz ;
-                }
-                XMEMCPY(tmp+aes->left, in, odd) ;
-                if((odd+aes->left) == AES_BLOCK_SIZE){
-                    ret = AesProcess(aes, (byte *)out_block, (byte const *)tmp, AES_BLOCK_SIZE,
-                             AES_CFG_DIR_ENCRYPT, AES_CFG_MODE_CTR) ;
-                    if (ret != 0)
-                        return ret;
-                    XMEMCPY(out, out_block+aes->left, odd) ;
-                    aes->left = 0 ;
-                    XMEMSET(tmp, 0x0, AES_BLOCK_SIZE) ;
-                }
-                in += odd ;
-                out+= odd ;
-                sz -= odd ;
-            }
-            odd = sz % AES_BLOCK_SIZE ;  /* if there is tail flagment */
-            if(sz / AES_BLOCK_SIZE) {
-                even = (sz/AES_BLOCK_SIZE)*AES_BLOCK_SIZE ;
-                ret = AesProcess(aes, out, in, even, AES_CFG_DIR_ENCRYPT, AES_CFG_MODE_CTR);
-                if (ret != 0)
-                    return ret;
-                out += even ;
-                in  += even ;
-            }
-            if(odd) {
-                XMEMSET(tmp+aes->left, 0x0, AES_BLOCK_SIZE - aes->left) ;
-                XMEMCPY(tmp+aes->left, in, odd) ;
-                ret = AesProcess(aes, (byte *)out_block, (byte const *)tmp, AES_BLOCK_SIZE,
-                           AES_CFG_DIR_ENCRYPT,
-                           AES_CFG_MODE_CTR_NOCTR /* Counter mode without counting IV */
-                           );
-                if (ret != 0)
-                    return ret;
-                XMEMCPY(out, out_block+aes->left,odd) ;
-                aes->left += odd ;
-            }
-            return 0;
+    tmp = (char *)aes->tmp;
+    if (aes->left) {
+        if ((aes->left + sz) >= AES_BLOCK_SIZE){
+            odd = AES_BLOCK_SIZE - aes->left;
+        } else {
+            odd = sz;
+        }
+        XMEMCPY(tmp+aes->left, in, odd);
+        if ((odd+aes->left) == AES_BLOCK_SIZE){
+            ret = AesProcess(aes, (byte *)out_block, (byte const *)tmp, AES_BLOCK_SIZE,
+                        AES_CFG_DIR_ENCRYPT, AES_CFG_MODE_CTR);
+            if (ret != 0)
+                return ret;
+            XMEMCPY(out, out_block+aes->left, odd);
+            aes->left = 0;
+            XMEMSET(tmp, 0x0, AES_BLOCK_SIZE);
+        }
+        in += odd;
+        out+= odd;
+        sz -= odd;
+    }
+    odd = sz % AES_BLOCK_SIZE;  /* if there is tail fragment */
+    if (sz / AES_BLOCK_SIZE) {
+        even = (sz/AES_BLOCK_SIZE)*AES_BLOCK_SIZE;
+        ret = AesProcess(aes, out, in, even, AES_CFG_DIR_ENCRYPT, AES_CFG_MODE_CTR);
+        if (ret != 0)
+            return ret;
+        out += even;
+        in  += even;
+    }
+    if (odd) {
+        XMEMSET(tmp+aes->left, 0x0, AES_BLOCK_SIZE - aes->left);
+        XMEMCPY(tmp+aes->left, in, odd);
+        ret = AesProcess(aes, (byte *)out_block, (byte const *)tmp, AES_BLOCK_SIZE,
+                    AES_CFG_DIR_ENCRYPT,
+                    AES_CFG_MODE_CTR_NOCTR /* Counter mode without counting IV */
+                    );
+        if (ret != 0)
+            return ret;
+        XMEMCPY(out, out_block+aes->left,odd);
+        aes->left += odd;
+    }
+    return 0;
 }
-#endif
+#endif /* WOLFSSL_AES_COUNTER */

 /* AES-DIRECT */
 #if defined(WOLFSSL_AES_DIRECT)
-WOLFSSL_API int wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in)
+int wc_AesEncryptDirect(Aes* aes, byte* out, const byte* in)
 {
-    return AesProcess(aes, out, in, AES_BLOCK_SIZE, AES_CFG_DIR_ENCRYPT, AES_CFG_MODE_CBC) ;
+    return AesProcess(aes, out, in, AES_BLOCK_SIZE, AES_CFG_DIR_ENCRYPT,
+        AES_CFG_MODE_CBC);
 }
-WOLFSSL_API int wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in)
+int wc_AesDecryptDirect(Aes* aes, byte* out, const byte* in)
 {
-    return AesProcess(aes, out, in, AES_BLOCK_SIZE, AES_CFG_DIR_DECRYPT, AES_CFG_MODE_CBC) ;
+    return AesProcess(aes, out, in, AES_BLOCK_SIZE, AES_CFG_DIR_DECRYPT,
+        AES_CFG_MODE_CBC);
 }
-WOLFSSL_API int wc_AesSetKeyDirect(Aes* aes, const byte* key, word32 len,
-                                     const byte* iv, int dir)
+int wc_AesSetKeyDirect(Aes* aes, const byte* key, word32 len, const byte* iv,
+    int dir)
 {
-    return(wc_AesSetKey(aes, key, len, iv, dir)) ;
+    return wc_AesSetKey(aes, key, len, iv, dir);
 }
-#endif
+#endif /* WOLFSSL_AES_DIRECT */


 #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM)

-static int  AesAuthSetKey(Aes* aes, const byte* key, word32 keySz)
+static int AesAuthSetKey(Aes* aes, const byte* key, word32 keySz)
 {
    byte nonce[AES_BLOCK_SIZE];

    if ((aes == NULL) || (key == NULL))
-        return BAD_FUNC_ARG ;
+        return BAD_FUNC_ARG;
    if (!((keySz == 16) || (keySz == 24) || (keySz == 32)))
-        return BAD_FUNC_ARG ;
+        return BAD_FUNC_ARG;

    XMEMSET(nonce, 0, sizeof(nonce));
    return wc_AesSetKey(aes, key, keySz, nonce, AES_ENCRYPTION);
@ -255,166 +262,180 @@ static int  AesAuthSetKey(Aes* aes, const byte* key, word32 keySz)


 static int AesAuthArgCheck(Aes* aes, byte* out, const byte* in, word32 inSz,
-                              const byte* nonce, word32 nonceSz,
-                              const byte* authTag, word32 authTagSz,
-                              const byte* authIn, word32 authInSz, word32 *M,  word32 *L)
+    const byte* nonce, word32 nonceSz,
+    const byte* authTag, word32 authTagSz,
+    const byte* authIn, word32 authInSz, word32 *M, word32 *L)
 {
-    (void) authInSz ;
-    if((aes == NULL)||(nonce == NULL)||(authTag== NULL)||(authIn == NULL))
+    (void) authInSz;
+    if ((aes == NULL)||(nonce == NULL)||(authTag== NULL)||(authIn == NULL))
        return BAD_FUNC_ARG;
-    if((inSz != 0) && ((out == NULL)||(in == NULL)))
+    if ((inSz != 0) && ((out == NULL)||(in == NULL)))
        return BAD_FUNC_ARG;

    switch(authTagSz){
-    case  4:
-        *M = AES_CFG_CCM_M_4; break ;
+    case 4:
+        *M = AES_CFG_CCM_M_4; break;
    case 6:
-        *M = AES_CFG_CCM_M_6; break ;
+        *M = AES_CFG_CCM_M_6; break;
    case 8:
-        *M = AES_CFG_CCM_M_8; break ;
+        *M = AES_CFG_CCM_M_8; break;
    case 10:
-        *M = AES_CFG_CCM_M_10; break ;
+        *M = AES_CFG_CCM_M_10; break;
    case 12:
-        *M = AES_CFG_CCM_M_12; break ;
+        *M = AES_CFG_CCM_M_12; break;
    case 14:
-        *M = AES_CFG_CCM_M_14; break ;
+        *M = AES_CFG_CCM_M_14; break;
    case 16:
-        *M = AES_CFG_CCM_M_16; break ;
+        *M = AES_CFG_CCM_M_16; break;
    default:
-        return 1 ;
+        return 1;
    }

    switch(nonceSz){
    case 7:
-        *L = AES_CFG_CCM_L_8; break ;
+        *L = AES_CFG_CCM_L_8; break;
    case 8:
-        *L = AES_CFG_CCM_L_7; break ;
+        *L = AES_CFG_CCM_L_7; break;
    case 9:
-        *L = AES_CFG_CCM_L_6; break ;
+        *L = AES_CFG_CCM_L_6; break;
    case  10:
-        *L = AES_CFG_CCM_L_5; break ;
+        *L = AES_CFG_CCM_L_5; break;
    case 11:
-        *L = AES_CFG_CCM_L_4; break ;
+        *L = AES_CFG_CCM_L_4; break;
    case 12:
-        *L = AES_CFG_CCM_L_3; break ;
+        *L = AES_CFG_CCM_L_3; break;
    case 13:
-        *L = AES_CFG_CCM_L_2; break ;
+        *L = AES_CFG_CCM_L_2; break;
    case 14:
-        *L = AES_CFG_CCM_L_1; break ;
+        *L = AES_CFG_CCM_L_1; break;
    default:
        return 1;
    }
-    return 0 ;
+    return 0;
 }

-static void AesAuthSetIv(Aes *aes, const byte *nonce, word32 len, word32 L, int mode) {
-
-  if(mode == AES_CFG_MODE_CCM){
-    XMEMSET(aes->reg, 0, 16) ;
-    switch(L){
-    case AES_CFG_CCM_L_8:
-      aes->reg[0] = 0x7; break ;
-    case AES_CFG_CCM_L_7:
-      aes->reg[0] = 0x6; break ;
-    case AES_CFG_CCM_L_6:
-      aes->reg[0] = 0x5; break ;
-    case AES_CFG_CCM_L_5:
-      aes->reg[0] = 0x4; break ;
-    case AES_CFG_CCM_L_4:
-      aes->reg[0] = 0x3; break ;
-    case AES_CFG_CCM_L_3:
-      aes->reg[0] = 0x2; break ;
-    case AES_CFG_CCM_L_2:
-      aes->reg[0] = 0x1; break ;
-    case AES_CFG_CCM_L_1:
-      aes->reg[0] = 0x0; break ;
+static void AesAuthSetIv(Aes *aes, const byte *nonce, word32 len, word32 L,
+    int mode)
+{
+    if (mode == AES_CFG_MODE_CCM){
+        XMEMSET(aes->reg, 0, 16);
+        switch (L) {
+        case AES_CFG_CCM_L_8:
+            aes->reg[0] = 0x7; break;
+        case AES_CFG_CCM_L_7:
+            aes->reg[0] = 0x6; break;
+        case AES_CFG_CCM_L_6:
+            aes->reg[0] = 0x5; break;
+        case AES_CFG_CCM_L_5:
+            aes->reg[0] = 0x4; break;
+        case AES_CFG_CCM_L_4:
+            aes->reg[0] = 0x3; break;
+        case AES_CFG_CCM_L_3:
+            aes->reg[0] = 0x2; break;
+        case AES_CFG_CCM_L_2:
+            aes->reg[0] = 0x1; break;
+        case AES_CFG_CCM_L_1:
+            aes->reg[0] = 0x0; break;
+        }
+        XMEMCPY(((byte *)aes->reg)+1, nonce, len);
+    }
+    else {
+        byte *b = (byte *)aes->reg;
+        XMEMSET(aes->reg, 0, AES_BLOCK_SIZE);
+        XMEMCPY(aes->reg, nonce, len);
+        b[AES_BLOCK_SIZE-4] = 0;
+        b[AES_BLOCK_SIZE-3] = 0;
+        b[AES_BLOCK_SIZE-2] = 0;
+        b[AES_BLOCK_SIZE-1] = 1;
    }
-    XMEMCPY(((byte *)aes->reg)+1, nonce, len) ;
-  } else {
-    byte *b = (byte *)aes->reg ;
-    XMEMSET(aes->reg, 0, AES_BLOCK_SIZE);
-    XMEMCPY(aes->reg, nonce, len);
-    b[AES_BLOCK_SIZE-4] = 0 ;
-    b[AES_BLOCK_SIZE-3] = 0 ;
-    b[AES_BLOCK_SIZE-2] = 0 ;
-    b[AES_BLOCK_SIZE-1] = 1 ;
-  }
 }

-#define RoundUp16(n) ((n+15)&0xfffffff0)
-#define FREE_ALL \
-    if(in_save)    XFREE(in_save, NULL, DYNAMIC_TYPE_TMP_BUFFER);\
-    if(out_save)   XFREE(out_save, NULL, DYNAMIC_TYPE_TMP_BUFFER);\
-    if(authIn_save)XFREE(authIn_save, NULL, DYNAMIC_TYPE_TMP_BUFFER);\
-    if(nonce_save) XFREE(nonce_save, NULL, DYNAMIC_TYPE_TMP_BUFFER);
-
 static int AesAuthEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
                              const byte* nonce, word32 nonceSz,
                              byte* authTag, word32 authTagSz,
                              const byte* authIn, word32 authInSz, int mode)
 {
-    word32 M, L ;
-    byte *in_a,     *in_save ;
-    byte *out_a,    *out_save ;
-    byte *authIn_a, *authIn_save ;
-    byte *nonce_a,    *nonce_save ;
-    word32 tmpTag[4] ;
-    int ret ;
+    int ret;
+    word32 M, L;
+    byte *in_a,     *in_save = NULL;
+    byte *out_a,    *out_save = NULL;
+    byte *authIn_a, *authIn_save = NULL;
+    byte *nonce_a,  *nonce_save = NULL;
+    word32 tmpTag[4];

-    if(AesAuthArgCheck(aes, out, in, inSz, nonce, nonceSz, authTag, authTagSz, authIn, authInSz, &M, &L)
-       == BAD_FUNC_ARG)return BAD_FUNC_ARG ;
+    ret = AesAuthArgCheck(aes, out, in, inSz, nonce, nonceSz, authTag,
+        authTagSz, authIn, authInSz, &M, &L);
+    if (ret != 0) {
+        return ret;
+    }

    /* 16 byte padding */
-    in_save = NULL ; out_save = NULL ; authIn_save = NULL ; nonce_save = NULL ;
-    if((inSz%16)==0){
-        in_save = NULL ; in_a = (byte *)in ;
-        out_save = NULL ; out_a = out ;
-    } else {
-      if((in_save = XMALLOC(RoundUp16(inSz), NULL, DYNAMIC_TYPE_TMP_BUFFER)) == NULL){
-          FREE_ALL; return MEMORY_E ; }
-      in_a = in_save ; XMEMSET(in_a, 0, RoundUp16(inSz)) ; XMEMCPY(in_a, in, inSz) ;
+    in_save = NULL; out_save = NULL; authIn_save = NULL; nonce_save = NULL;
+    if (IS_ALIGN16(inSz)) {
+        in_save = NULL; in_a = (byte *)in;
+        out_save = NULL; out_a = out;
+    }
+    else {
+        in_save = XMALLOC(ROUNDUP_16(inSz), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        if (in_save == NULL) { ret = MEMORY_E; goto exit; }
+        in_a = in_save;
+        XMEMSET(in_a, 0, ROUNDUP_16(inSz));
+        XMEMCPY(in_a, in, inSz);

-      if((out_save = XMALLOC(RoundUp16(inSz), NULL, DYNAMIC_TYPE_TMP_BUFFER)) == NULL){
-          FREE_ALL; return MEMORY_E ; }
-      out_a = out_save ;
+        out_save = XMALLOC(ROUNDUP_16(inSz), NULL, DYNAMIC_TYPE_TMP_BUFFER)
+        if (out_save == NULL) { ret = MEMORY_E; goto exit; }
+        out_a = out_save;
    }

-    if((authInSz%16)==0){
-        authIn_save = NULL ; authIn_a = (byte *)authIn ;
-    } else {
-      if((authIn_save = XMALLOC(RoundUp16(authInSz), NULL, DYNAMIC_TYPE_TMP_BUFFER)) == NULL){
-          FREE_ALL; return MEMORY_E ; }
-      authIn_a = authIn_save ; XMEMSET(authIn_a, 0, RoundUp16(authInSz)) ; XMEMCPY(authIn_a, authIn, authInSz) ;
+    if (IS_ALIGN16(authInSz)) {
+        authIn_save = NULL; authIn_a = (byte *)authIn;
+    }
+    else {
+        authIn_save = XMALLOC(ROUNDUP_16(authInSz), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        if (authIn_save == NULL) { ret = MEMORY_E; goto exit; }
+
+        authIn_a = authIn_save;
+        XMEMSET(authIn_a, 0, ROUNDUP_16(authInSz));
+        XMEMCPY(authIn_a, authIn, authInSz);
    }

-    if((nonceSz%16)==0){
-        nonce_save = NULL ; nonce_a = (byte *)nonce ;
-    } else {
-      if((nonce_save = XMALLOC(RoundUp16(nonceSz), NULL, DYNAMIC_TYPE_TMP_BUFFER)) == NULL){
-          FREE_ALL; return MEMORY_E; }
-      nonce_a = nonce_save ; XMEMSET(nonce_a, 0, RoundUp16(nonceSz)) ; XMEMCPY(nonce_a, nonce, nonceSz) ;
+    if (IS_ALIGN16(nonceSz)) {
+        nonce_save = NULL;
+        nonce_a = (byte *)nonce;
+    }
+    else {
+        nonce_save = XMALLOC(ROUNDUP_16(nonceSz), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        if (nonce_save == NULL) { ret = MEMORY_E; goto exit; }
+
+        nonce_a = nonce_save;
+        XMEMSET(nonce_a, 0, ROUNDUP_16(nonceSz));
+        XMEMCPY(nonce_a, nonce, nonceSz);
    }

    /* do aes-ccm */
-    AesAuthSetIv(aes, nonce, nonceSz, L, mode) ;
+    AesAuthSetIv(aes, nonce, nonceSz, L, mode);
    ROM_AESReset(AES_BASE);
    ROM_AESConfigSet(AES_BASE, (aes->keylen | AES_CFG_DIR_ENCRYPT |
                                AES_CFG_CTR_WIDTH_128 |
-                                mode | ((mode== AES_CFG_MODE_CCM) ? (L | M) : 0 ))) ;
+                                mode | ((mode== AES_CFG_MODE_CCM) ? (L | M) : 0 )));
    ROM_AESIVSet(AES_BASE, aes->reg);
    ROM_AESKey1Set(AES_BASE, aes->key, aes->keylen);
    ret = ROM_AESDataProcessAuth(AES_BASE, (unsigned int*)in_a, (unsigned int *)out_a, inSz,
                           (unsigned int*)authIn_a, authInSz, (unsigned int *)tmpTag);
-    if(ret == false){
-        XMEMSET(out, 0, inSz) ;
-        XMEMSET(authTag, 0, authTagSz) ;
+    if (ret == false) {
+        XMEMSET(out, 0, inSz);
+        XMEMSET(authTag, 0, authTagSz);
    } else {
-        XMEMCPY(out, out_a, inSz) ;
-        XMEMCPY(authTag, tmpTag, authTagSz) ;
+        XMEMCPY(out, out_a, inSz);
+        XMEMCPY(authTag, tmpTag, authTagSz);
    }

-    FREE_ALL;
-    return 0 ;
+exit:
+    if (in_save)    XFREE(in_save, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (out_save)   XFREE(out_save, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (authIn_save)XFREE(authIn_save, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (nonce_save) XFREE(nonce_save, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    return 0;
 }

 static int AesAuthDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
@ -422,78 +443,97 @@ static int AesAuthDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
                              const byte* authTag, word32 authTagSz,
                              const byte* authIn, word32 authInSz, int mode)
 {
-    word32 M, L ;
-    byte *in_a,     *in_save ;
-    byte *out_a,    *out_save ;
-    byte *authIn_a, *authIn_save ;
-    byte *nonce_a,    *nonce_save ;
-    word32 tmpTag[4] ;
-    bool ret ;
+    int ret;
+    word32 M, L;
+    byte *in_a,     *in_save = NULL;
+    byte *out_a,    *out_save = NULL;
+    byte *authIn_a, *authIn_save = NULL;
+    byte *nonce_a,  *nonce_save = NULL;
+    word32 tmpTag[4];

-    if(AesAuthArgCheck(aes, out, in, inSz, nonce, nonceSz, authTag, authTagSz, authIn, authInSz, &M, &L)
-       == BAD_FUNC_ARG)return  BAD_FUNC_ARG ;
+
+    ret = AesAuthArgCheck(aes, out, in, inSz, nonce, nonceSz, authTag,
+        authTagSz, authIn, authInSz, &M, &L)
+    if (ret != 0) {
+        return ret;
+    }

    /* 16 byte padding */
-    in_save = NULL ; out_save = NULL ; authIn_save = NULL ; nonce_save = NULL ;
-    if((inSz%16)==0){
-        in_save = NULL ; in_a = (byte *)in ;
-        out_save = NULL ; out_a = out ;
-    } else {
-      if((in_save = XMALLOC(RoundUp16(inSz), NULL, DYNAMIC_TYPE_TMP_BUFFER)) == NULL){
-          FREE_ALL; return MEMORY_E;}
-      in_a = in_save ; XMEMSET(in_a, 0, RoundUp16(inSz)) ; XMEMCPY(in_a, in, inSz) ;
+    in_save = NULL; out_save = NULL; authIn_save = NULL; nonce_save = NULL;
+    if (IS_ALIGN16(inSz)) {
+        in_save = NULL; in_a = (byte *)in;
+        out_save = NULL; out_a = out;
+    }
+    else {
+        in_save = XMALLOC(ROUNDUP_16(inSz), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        if (in_save == NULL) { ret = MEMORY_E; goto exit; }
+        in_a = in_save;
+        XMEMSET(in_a, 0, ROUNDUP_16(inSz));
+        XMEMCPY(in_a, in, inSz);

-      if((out_save = XMALLOC(RoundUp16(inSz), NULL, DYNAMIC_TYPE_TMP_BUFFER)) == NULL){
-          FREE_ALL; return MEMORY_E;}
-      out_a = out_save ;
+        out_save = XMALLOC(ROUNDUP_16(inSz), NULL, DYNAMIC_TYPE_TMP_BUFFER)
+        if (out_save == NULL) { ret = MEMORY_E; goto exit; }
+        out_a = out_save;
    }

-    if((authInSz%16)==0){
-        authIn_save = NULL ; authIn_a = (byte *)authIn ;
-    } else {
-      if((authIn_save = XMALLOC(RoundUp16(authInSz), NULL, DYNAMIC_TYPE_TMP_BUFFER)) == NULL){
-          FREE_ALL; return MEMORY_E; }
-      authIn_a = authIn_save ; XMEMSET(authIn_a, 0, RoundUp16(authInSz)) ; XMEMCPY(authIn_a, authIn, authInSz) ;
+    if (IS_ALIGN16(authInSz)) {
+        authIn_save = NULL; authIn_a = (byte *)authIn;
+    }
+    else {
+        authIn_save = XMALLOC(ROUNDUP_16(authInSz), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        if (authIn_save == NULL) { ret = MEMORY_E; goto exit; }
+
+        authIn_a = authIn_save;
+        XMEMSET(authIn_a, 0, ROUNDUP_16(authInSz));
+        XMEMCPY(authIn_a, authIn, authInSz);
    }

-    if((nonceSz%16)==0){
-        nonce_save = NULL ; nonce_a = (byte *)nonce ;
-    } else {
-      if((nonce_save = XMALLOC(RoundUp16(nonceSz), NULL, DYNAMIC_TYPE_TMP_BUFFER)) == NULL){
-          FREE_ALL; return MEMORY_E; }
-      nonce_a = nonce_save ; XMEMSET(nonce_a, 0, RoundUp16(nonceSz)) ; XMEMCPY(nonce_a, nonce, nonceSz) ;
+    if (IS_ALIGN16(nonceSz)) {
+        nonce_save = NULL; nonce_a = (byte *)nonce;
+    }
+    else {
+        nonce_save = XMALLOC(ROUNDUP_16(nonceSz), NULL, DYNAMIC_TYPE_TMP_BUFFER);
+        if (authIn_save == NULL) { ret = MEMORY_E; goto exit; }
+
+        nonce_a = nonce_save;
+        XMEMSET(nonce_a, 0, ROUNDUP_16(nonceSz));
+        XMEMCPY(nonce_a, nonce, nonceSz);
    }

    /* do aes-ccm */
-    AesAuthSetIv(aes, nonce, nonceSz, L, mode) ;
+    AesAuthSetIv(aes, nonce, nonceSz, L, mode);
    ROM_AESReset(AES_BASE);
    ROM_AESConfigSet(AES_BASE, (aes->keylen | AES_CFG_DIR_DECRYPT |
                                AES_CFG_CTR_WIDTH_128 |
-                                  mode | ((mode== AES_CFG_MODE_CCM) ? (L | M) : 0 ))) ;
+                                  mode | ((mode== AES_CFG_MODE_CCM) ? (L | M) : 0 )));
    ROM_AESIVSet(AES_BASE, aes->reg);
    ROM_AESKey1Set(AES_BASE, aes->key, aes->keylen);
    ret = ROM_AESDataProcessAuth(AES_BASE, (unsigned int*)in_a, (unsigned int *)out_a, inSz,
                           (unsigned int*)authIn_a, authInSz, (unsigned int *)tmpTag);
-    if((ret == false) || (XMEMCMP(authTag, tmpTag, authTagSz) != 0)){
-        XMEMSET(out, 0, inSz) ;
-        ret = false ;
+    if ((ret == false) || (XMEMCMP(authTag, tmpTag, authTagSz) != 0)){
+        XMEMSET(out, 0, inSz);
+        ret = false;
    } else {
-        XMEMCPY(out, out_a, inSz) ;
+        XMEMCPY(out, out_a, inSz);
    }

-    FREE_ALL ;
-    return ret==true ? 0 : 1 ;
-}
-#endif
+exit:
+    if (in_save)    XFREE(in_save, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (out_save)   XFREE(out_save, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (authIn_save)XFREE(authIn_save, NULL, DYNAMIC_TYPE_TMP_BUFFER);
+    if (nonce_save) XFREE(nonce_save, NULL, DYNAMIC_TYPE_TMP_BUFFER);

+    return ret==true ? 0 : 1;
+}
+#endif /* HAVE_AESGCM || HAVE_AESCCM */

 #ifdef HAVE_AESGCM
-WOLFSSL_API int  wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len)
+int wc_AesGcmSetKey(Aes* aes, const byte* key, word32 len)
 {
-    return AesAuthSetKey(aes, key, len) ;
+    return AesAuthSetKey(aes, key, len);
 }

-WOLFSSL_API int  wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
+int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
                              const byte* iv, word32 ivSz,
                              byte* authTag, word32 authTagSz,
                              const byte* authIn, word32 authInSz)
@ -502,58 +542,57 @@ WOLFSSL_API int  wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz
        return BAD_FUNC_ARG;
    }
    return AesAuthEncrypt(aes, out, in, sz, iv, ivSz, authTag, authTagSz,
-                              authIn, authInSz, AES_CFG_MODE_GCM_HY0CALC) ;
+                              authIn, authInSz, AES_CFG_MODE_GCM_HY0CALC);
 }
-WOLFSSL_API int  wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
+int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
                              const byte* iv, word32 ivSz,
                              const byte* authTag, word32 authTagSz,
                              const byte* authIn, word32 authInSz)
 {
    return AesAuthDecrypt(aes, out, in, sz, iv, ivSz, authTag, authTagSz,
-                              authIn, authInSz, AES_CFG_MODE_GCM_HY0CALC) ;
+                              authIn, authInSz, AES_CFG_MODE_GCM_HY0CALC);
 }

-WOLFSSL_API int wc_GmacSetKey(Gmac* gmac, const byte* key, word32 len)
+int wc_GmacSetKey(Gmac* gmac, const byte* key, word32 len)
 {
-      return AesAuthSetKey(&gmac->aes, key, len) ;
+    return AesAuthSetKey(&gmac->aes, key, len);
 }

-WOLFSSL_API int wc_GmacUpdate(Gmac* gmac, const byte* iv, word32 ivSz,
+int wc_GmacUpdate(Gmac* gmac, const byte* iv, word32 ivSz,
                              const byte* authIn, word32 authInSz,
                              byte* authTag, word32 authTagSz)
 {
    return AesAuthEncrypt(&gmac->aes, NULL, NULL, 0, iv, ivSz, authTag, authTagSz,
-                              authIn, authInSz, AES_CFG_MODE_GCM_HY0CALC) ;
+                              authIn, authInSz, AES_CFG_MODE_GCM_HY0CALC);
 }
-
 #endif /* HAVE_AESGCM */

 #ifdef HAVE_AESCCM
-WOLFSSL_API int wc_AesCcmSetKey(Aes* aes, const byte* key, word32 keySz)
+int wc_AesCcmSetKey(Aes* aes, const byte* key, word32 keySz)
 {
-    return AesAuthSetKey(aes, key, keySz) ;
+    return AesAuthSetKey(aes, key, keySz);
 }

-WOLFSSL_API int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
+int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
                              const byte* nonce, word32 nonceSz,
                              byte* authTag, word32 authTagSz,
                              const byte* authIn, word32 authInSz)
 {
    return AesAuthEncrypt(aes, out, in, inSz, nonce, nonceSz, authTag, authTagSz,
-                              authIn, authInSz, AES_CFG_MODE_CCM) ;
+                              authIn, authInSz, AES_CFG_MODE_CCM);
 }

-WOLFSSL_API int wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
+int wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
                              const byte* nonce, word32 nonceSz,
                              const byte* authTag, word32 authTagSz,
                              const byte* authIn, word32 authInSz)
 {
    return AesAuthDecrypt(aes, out, in, inSz, nonce, nonceSz, authTag, authTagSz,
-                              authIn, authInSz, AES_CFG_MODE_CCM) ;
+                              authIn, authInSz, AES_CFG_MODE_CCM);
 }
 #endif /* HAVE_AESCCM */

-WOLFSSL_API int wc_AesInit(Aes* aes, void* heap, int devId)
+int wc_AesInit(Aes* aes, void* heap, int devId)
 {
    if (aes == NULL)
        return BAD_FUNC_ARG;
@ -564,14 +603,9 @@ WOLFSSL_API int wc_AesInit(Aes* aes, void* heap, int devId)
    return 0;
 }

-WOLFSSL_API void wc_AesFree(Aes* aes)
+void wc_AesFree(Aes* aes)
 {
    (void)aes;
 }

-#endif /* WOLFSSL_TI_CRYPT */
-
-#endif /* NO_AES */
-
-
-
+#endif /* !NO_AES && WOLFSSL_TI_CRYPT */