From 3e997ac54d2e9c1954f9abc8875b2850cd344be5 Mon Sep 17 00:00:00 2001
From: Richard Aas <richard@db.org>
Date: Mon, 13 Apr 2015 06:48:49 +0000
Subject: [PATCH] aes/hmac: apple crypto fixes

---
 src/aes/apple/aes.c   | 5 +++++
 src/hmac/apple/hmac.c | 8 ++++----
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/src/aes/apple/aes.c b/src/aes/apple/aes.c
index 82b198d..bcd35fb 100644
--- a/src/aes/apple/aes.c
+++ b/src/aes/apple/aes.c
@@ -83,6 +83,11 @@ void aes_set_iv(struct aes *st, const uint8_t iv[AES_BLOCK_SIZE])
 		return;
 
 	/* we must reset the state when updating IV */
+	if (st->cryptor) {
+		CCCryptorRelease(st->cryptor);
+		st->cryptor = NULL;
+	}
+
 	status = CCCryptorCreateWithMode(kCCEncrypt, kCCModeCTR,
 					 kCCAlgorithmAES, ccNoPadding,
 					 iv, st->key, st->key_bytes,
diff --git a/src/hmac/apple/hmac.c b/src/hmac/apple/hmac.c
index f4cbc94..fb38f69 100644
--- a/src/hmac/apple/hmac.c
+++ b/src/hmac/apple/hmac.c
@@ -12,9 +12,11 @@
 #include <re_hmac.h>
 
 
+enum { KEY_SIZE = 20 };
+
 struct hmac {
 	CCHmacContext ctx;
-	uint8_t key[20];
+	uint8_t key[KEY_SIZE];
 	size_t key_len;
 };
 
@@ -32,7 +34,7 @@ int hmac_create(struct hmac **hmacp, enum hmac_hash hash,
 {
 	struct hmac *hmac;
 
-	if (!hmacp || !key || !key_len)
+	if (!hmacp || !key || !key_len || key_len > KEY_SIZE)
 		return EINVAL;
 
 	if (hash != HMAC_HASH_SHA1)
@@ -45,8 +47,6 @@ int hmac_create(struct hmac **hmacp, enum hmac_hash hash,
 	memcpy(hmac->key, key, key_len);
 	hmac->key_len = key_len;
 
-	CCHmacInit(&hmac->ctx, kCCHmacAlgSHA1, key, key_len);
-
 	*hmacp = hmac;
 
 	return 0;