From aff14091e0a888c51fcd6ed68ade028b3b87e31c Mon Sep 17 00:00:00 2001
From: Juliusz Sosinowicz <juliusz@wolfssl.com>
Date: Thu, 29 Oct 2020 12:13:35 +0100
Subject: [PATCH] AAD should be reset on Init call

---
 tests/api.c         | 23 -----------------------
 wolfcrypt/src/evp.c |  7 +++++++
 2 files changed, 7 insertions(+), 23 deletions(-)

diff --git a/tests/api.c b/tests/api.c
index 64d3a1821..6d064c537 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -36462,19 +36462,8 @@ static void test_wolfssl_EVP_aes_gcm_AAD_2_parts(void)
 
     AssertIntEQ(XMEMCMP(out1Part, out2Part, sizeof(out1Part)), 0);
     AssertIntEQ(XMEMCMP(outTag1Part, outTag2Part, sizeof(outTag1Part)), 0);
-
-    /* Test AAD re-use */
-    AssertIntEQ(EVP_EncryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL), 1);
-    AssertIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv), 1);
-    AssertIntEQ(EVP_EncryptUpdate(ctx, out1Part, &len, cleartext, sizeof(cleartext)), 1);
-    AssertIntEQ(EVP_EncryptFinal_ex(ctx, out1Part, &len), 1);
-    AssertIntEQ(len, sizeof(cleartext));
-    AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16, outTag1Part), 1);
     EVP_CIPHER_CTX_free(ctx);
 
-    AssertIntEQ(XMEMCMP(out1Part, out2Part, sizeof(out1Part)), 0);
-    AssertIntEQ(XMEMCMP(outTag1Part, outTag2Part, sizeof(outTag1Part)), 0);
-
     /* DECRYPT */
     /* Send AAD and data in 2 parts */
     AssertNotNull(ctx = EVP_CIPHER_CTX_new());
@@ -36491,18 +36480,6 @@ static void test_wolfssl_EVP_aes_gcm_AAD_2_parts(void)
 
     AssertIntEQ(XMEMCMP(decryptBuf, cleartext, len), 0);
 
-    /* Test AAD re-use */
-    AssertIntEQ(EVP_DecryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL), 1);
-    AssertIntEQ(EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv), 1);
-    AssertIntEQ(EVP_DecryptUpdate(ctx, decryptBuf, &len, out1Part, 1), 1);
-    AssertIntEQ(EVP_DecryptUpdate(ctx, decryptBuf, &len, out1Part + 1,
-                                  sizeof(cleartext) - 1), 1);
-    AssertIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16, outTag1Part), 1);
-    AssertIntEQ(EVP_DecryptFinal_ex(ctx, decryptBuf, &len), 1);
-    AssertIntEQ(len, sizeof(cleartext));
-
-    AssertIntEQ(XMEMCMP(decryptBuf, cleartext, len), 0);
-
     /* Test AAD re-use */
     EVP_CIPHER_CTX_free(ctx);
 
diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c
index 8477434e7..899e44ca2 100644
--- a/wolfcrypt/src/evp.c
+++ b/wolfcrypt/src/evp.c
@@ -4162,6 +4162,13 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
             iv = ctx->iv;
         }
 #endif
+#ifdef HAVE_AESGCM
+        if (ctx->gcmAuthIn) {
+            XFREE(ctx->gcmAuthIn, NULL, DYNAMIC_TYPE_OPENSSL);
+            ctx->gcmAuthIn = NULL;
+        }
+        ctx->gcmAuthInSz = 0;
+#endif
 
 #ifndef NO_AES
     #ifdef HAVE_AES_CBC