mirror of https://github.com/wolfSSL/wolfssl
Added epoch to sequence number for AES-GCM with DTLS encrypt/decrypt.
This commit is contained in:
parent
6e5f800555
commit
4a511fe36d
|
@ -4202,8 +4202,10 @@ static INLINE int Encrypt(CYASSL* ssl, byte* out, const byte* input, word16 sz)
|
||||||
/* Store the type, version. Unfortunately, they are in
|
/* Store the type, version. Unfortunately, they are in
|
||||||
* the input buffer ahead of the plaintext. */
|
* the input buffer ahead of the plaintext. */
|
||||||
#ifdef CYASSL_DTLS
|
#ifdef CYASSL_DTLS
|
||||||
if (ssl->options.dtls)
|
if (ssl->options.dtls) {
|
||||||
|
c16toa(ssl->keys.dtls_epoch, additional);
|
||||||
additionalSrc -= DTLS_HANDSHAKE_EXTRA;
|
additionalSrc -= DTLS_HANDSHAKE_EXTRA;
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
XMEMCPY(additional + AEAD_TYPE_OFFSET, additionalSrc, 3);
|
XMEMCPY(additional + AEAD_TYPE_OFFSET, additionalSrc, 3);
|
||||||
|
|
||||||
|
@ -4346,7 +4348,12 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input,
|
||||||
|
|
||||||
/* sequence number field is 64-bits, we only use 32-bits */
|
/* sequence number field is 64-bits, we only use 32-bits */
|
||||||
c32toa(GetSEQIncrement(ssl, 1), additional + AEAD_SEQ_OFFSET);
|
c32toa(GetSEQIncrement(ssl, 1), additional + AEAD_SEQ_OFFSET);
|
||||||
|
|
||||||
|
#ifdef CYASSL_DTLS
|
||||||
|
if (ssl->options.dtls)
|
||||||
|
c16toa(ssl->keys.dtls_state.curEpoch, additional);
|
||||||
|
#endif
|
||||||
|
|
||||||
additional[AEAD_TYPE_OFFSET] = ssl->curRL.type;
|
additional[AEAD_TYPE_OFFSET] = ssl->curRL.type;
|
||||||
additional[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor;
|
additional[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor;
|
||||||
additional[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor;
|
additional[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor;
|
||||||
|
|
Loading…
Reference in New Issue