Modify AES-CTR to not reinit after being keyed

src/we_aes_ctr.c

@@ -34,6 +34,7 @@ typedef struct we_AesCtr
 {
     /* The wolfSSL AES data object. */
     Aes aes;
+    word32 inited;
 } we_AesCtr;
 
 
@@ -67,12 +68,14 @@ static int we_aes_ctr_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
         ret = 0;
     }
 
-    if (ret == 1) {
+    /* Do not reinitialize if already keyed, unless setting a new key */
+    if ((ret == 1) && (aes->inited == 0)) {
         rc = wc_AesInit(&aes->aes, NULL, INVALID_DEVID);
         if (rc != 0) {
             WOLFENGINE_ERROR_FUNC(WE_LOG_CIPHER, "wc_AesInit", rc);
             ret = 0;
         }
+        aes->inited = 1;
     }
     if ((ret == 1) && (key != NULL)) {
         if (tmpIv == NULL) {
@@ -94,7 +97,7 @@ static int we_aes_ctr_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
             ret = -1;
         }
         else {
-            /* 
+            /*
              * wc_AesSetIV should clear this field, but it doesn't in some
              * wolfSSL versions.
              */

test/test_cipher.c

@@ -599,7 +599,26 @@ int test_aes_ctr_leftover_data_regression(ENGINE *e, void *data)
         }
     }
 
-    /* Try the other way, now. Encrypt with wolfEngine, decrypt with wolfSSL. */
+    /* Try the other way, now. Encrypt with wolfEngine, decrypt with openSSL.
+     * The EVP_CIPHER_CTX remembers any engine it was loaded with, meaning we
+     * need to reset the ctxs before reuse or the decCtx will still pick up
+     * wolfEngine */
+    if (err == 0) {
+        if (encCtx != NULL)
+            EVP_CIPHER_CTX_free(encCtx);
+    }
+    if (err == 0) {
+        if (decCtx != NULL)
+            EVP_CIPHER_CTX_free(decCtx);
+    }
+
+    if (err == 0) {
+        err = (encCtx = EVP_CIPHER_CTX_new()) == NULL;
+    }
+    if (err == 0) {
+        err = (decCtx = EVP_CIPHER_CTX_new()) == NULL;
+    }
+
     if (err == 0) {
         err = EVP_CipherInit_ex(encCtx, EVP_aes_128_ctr(), e, key,
                                 NULL, -1) != 1;