@@ -821,22 +821,11 @@ WOLFSSL_LOCAL int wc_local_CmacUpdateAes(struct Cmac *cmac, const byte* in,
821821
822822#ifdef WOLFSSL_AES_EAX
823823
824- /* Because of the circular dependency between AES and CMAC, we need to prevent
825- * inclusion of AES EAX from CMAC to avoid a recursive inclusion */
826- #ifndef WOLF_CRYPT_CMAC_H
827- #include <wolfssl/wolfcrypt/cmac.h>
828- struct AesEax {
829- Aes aes ;
830- Cmac nonceCmac ;
831- Cmac aadCmac ;
832- Cmac ciphertextCmac ;
833- byte nonceCmacFinal [WC_AES_BLOCK_SIZE ];
834- byte aadCmacFinal [WC_AES_BLOCK_SIZE ];
835- byte ciphertextCmacFinal [WC_AES_BLOCK_SIZE ];
836- byte prefixBuf [WC_AES_BLOCK_SIZE ];
837- };
838- #endif /* !defined(WOLF_CRYPT_CMAC_H) */
824+ /* Note that struct AesEax is defined at the end of this file, to work around
825+ * circular dependency between AES and CMAC.
826+ */
839827
828+ struct AesEax ;
840829typedef struct AesEax AesEax ;
841830
842831/* One-shot API */
@@ -1120,3 +1109,23 @@ WOLFSSL_LOCAL void AES_XTS_decrypt_AARCH32(const byte* in, byte* out,
11201109
11211110#endif /* NO_AES */
11221111#endif /* WOLF_CRYPT_AES_H */
1112+
1113+ /* Because of the circular dependency between AES and CMAC, we need to define
1114+ * struct AesEax here, with careful gating.
1115+ */
1116+ #if defined(WOLFSSL_AES_EAX ) && !defined(WC_AES_INCLUDE_FOR_CMAC_H ) && \
1117+ !defined(WC_AESEAX_STRUCT_DEFINED )
1118+ #include <wolfssl/wolfcrypt/cmac.h>
1119+ struct AesEax {
1120+ Aes aes ;
1121+ Cmac nonceCmac ;
1122+ Cmac aadCmac ;
1123+ Cmac ciphertextCmac ;
1124+ byte nonceCmacFinal [WC_AES_BLOCK_SIZE ];
1125+ byte aadCmacFinal [WC_AES_BLOCK_SIZE ];
1126+ byte ciphertextCmacFinal [WC_AES_BLOCK_SIZE ];
1127+ byte prefixBuf [WC_AES_BLOCK_SIZE ];
1128+ };
1129+ #define WC_AESEAX_STRUCT_DEFINED
1130+ #endif /* WOLFSSL_AES_EAX && !WC_AES_INCLUDE_FOR_CMAC_H && */
1131+ /* !WC_AESEAX_STRUCT_DEFINED */
0 commit comments