mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Removed previous change. Fixed it in the Sanity check instead.

Browse Source
This commit is contained in:
John Safranek 2014-04-08 17:00:21 -07:00
parent 52503c713c
commit 2c97d38c2c
1 changed files with 57 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/internal.c
View File

@ -4295,18 +4295,14 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input,
#ifdef BUILD_AESGCM #ifdef BUILD_AESGCM
case cyassl_aes_gcm: case cyassl_aes_gcm:
if (AEAD_EXP_IV_SZ + ssl->specs.aead_mac_size > sz) { {
return INCOMPLETE_DATA;
}
else {
byte additional[AES_BLOCK_SIZE]; byte additional[AES_BLOCK_SIZE];
byte nonce[AEAD_NONCE_SZ]; byte nonce[AEAD_NONCE_SZ];
XMEMSET(additional, 0, AES_BLOCK_SIZE); XMEMSET(additional, 0, AES_BLOCK_SIZE);
/* sequence number field is 64-bits, we only use 32-bits */ /* sequence number field is 64-bits, we only use 32-bits */
c32toa(GetSEQIncrement(ssl, 1), c32toa(GetSEQIncrement(ssl, 1), additional + AEAD_SEQ_OFFSET);
additional + AEAD_SEQ_OFFSET);
additional[AEAD_TYPE_OFFSET] = ssl->curRL.type; additional[AEAD_TYPE_OFFSET] = ssl->curRL.type;
additional[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor; additional[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor;
@ -4335,18 +4331,14 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input,
#ifdef HAVE_AESCCM #ifdef HAVE_AESCCM
case cyassl_aes_ccm: case cyassl_aes_ccm:
if (AEAD_EXP_IV_SZ + ssl->specs.aead_mac_size > sz) { {
return INCOMPLETE_DATA;
}
else {
byte additional[AES_BLOCK_SIZE]; byte additional[AES_BLOCK_SIZE];
byte nonce[AEAD_NONCE_SZ]; byte nonce[AEAD_NONCE_SZ];
XMEMSET(additional, 0, AES_BLOCK_SIZE); XMEMSET(additional, 0, AES_BLOCK_SIZE);
/* sequence number field is 64-bits, we only use 32-bits */ /* sequence number field is 64-bits, we only use 32-bits */
c32toa(GetSEQIncrement(ssl, 1), c32toa(GetSEQIncrement(ssl, 1), additional + AEAD_SEQ_OFFSET);
additional + AEAD_SEQ_OFFSET);
#ifdef CYASSL_DTLS #ifdef CYASSL_DTLS
if (ssl->options.dtls) if (ssl->options.dtls)
@ -4435,7 +4427,8 @@ static int SanityCheckCipherText(CYASSL* ssl, word32 encryptSz)
minLength += ssl->specs.block_size; /* explicit IV */ minLength += ssl->specs.block_size; /* explicit IV */
} }
else if (ssl->specs.cipher_type == aead) { else if (ssl->specs.cipher_type == aead) {
minLength = ssl->specs.block_size; /* explicit IV + implicit IV + CTR */ minLength = ssl->specs.aead_mac_size + AEAD_EXP_IV_SZ;
/* explicit IV + authTag size */
} }
if (encryptSz < minLength) { if (encryptSz < minLength) {