fix calls to AesGcmDecrypt and AesCcmDecrypt
This commit is contained in:
John Safranek
parent
b59b3d7c36
commit
52503c713c
142
src/internal.c
142
src/internal.c
@ -4295,79 +4295,87 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input,
|
|||||||
|
|
||||||
#ifdef BUILD_AESGCM
|
#ifdef BUILD_AESGCM
|
||||||
case cyassl_aes_gcm:
|
case cyassl_aes_gcm:
|
||||||
{
|
if (AEAD_EXP_IV_SZ + ssl->specs.aead_mac_size > sz) {
|
||||||
byte additional[AES_BLOCK_SIZE];
|
return INCOMPLETE_DATA;
|
||||||
byte nonce[AEAD_NONCE_SZ];
|
}
|
||||||
|
else {
|
||||||
XMEMSET(additional, 0, AES_BLOCK_SIZE);
|
byte additional[AES_BLOCK_SIZE];
|
||||||
|
byte nonce[AEAD_NONCE_SZ];
|
||||||
/* sequence number field is 64-bits, we only use 32-bits */
|
|
||||||
c32toa(GetSEQIncrement(ssl, 1), additional + AEAD_SEQ_OFFSET);
|
XMEMSET(additional, 0, AES_BLOCK_SIZE);
|
||||||
|
|
||||||
additional[AEAD_TYPE_OFFSET] = ssl->curRL.type;
|
/* sequence number field is 64-bits, we only use 32-bits */
|
||||||
additional[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor;
|
c32toa(GetSEQIncrement(ssl, 1),
|
||||||
additional[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor;
|
additional + AEAD_SEQ_OFFSET);
|
||||||
|
|
||||||
c16toa(sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size,
|
additional[AEAD_TYPE_OFFSET] = ssl->curRL.type;
|
||||||
additional + AEAD_LEN_OFFSET);
|
additional[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor;
|
||||||
XMEMCPY(nonce, ssl->keys.aead_dec_imp_IV, AEAD_IMP_IV_SZ);
|
additional[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor;
|
||||||
XMEMCPY(nonce + AEAD_IMP_IV_SZ, input, AEAD_EXP_IV_SZ);
|
|
||||||
if (AesGcmDecrypt(ssl->decrypt.aes,
|
c16toa(sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size,
|
||||||
plain + AEAD_EXP_IV_SZ,
|
additional + AEAD_LEN_OFFSET);
|
||||||
input + AEAD_EXP_IV_SZ,
|
XMEMCPY(nonce, ssl->keys.aead_dec_imp_IV, AEAD_IMP_IV_SZ);
|
||||||
sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size,
|
XMEMCPY(nonce + AEAD_IMP_IV_SZ, input, AEAD_EXP_IV_SZ);
|
||||||
nonce, AEAD_NONCE_SZ,
|
if (AesGcmDecrypt(ssl->decrypt.aes,
|
||||||
input + sz - ssl->specs.aead_mac_size,
|
plain + AEAD_EXP_IV_SZ,
|
||||||
ssl->specs.aead_mac_size,
|
input + AEAD_EXP_IV_SZ,
|
||||||
additional, AEAD_AUTH_DATA_SZ) < 0) {
|
sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size,
|
||||||
SendAlert(ssl, alert_fatal, bad_record_mac);
|
nonce, AEAD_NONCE_SZ,
|
||||||
XMEMSET(nonce, 0, AEAD_NONCE_SZ);
|
input + sz - ssl->specs.aead_mac_size,
|
||||||
return VERIFY_MAC_ERROR;
|
ssl->specs.aead_mac_size,
|
||||||
|
additional, AEAD_AUTH_DATA_SZ) < 0) {
|
||||||
|
SendAlert(ssl, alert_fatal, bad_record_mac);
|
||||||
|
XMEMSET(nonce, 0, AEAD_NONCE_SZ);
|
||||||
|
return VERIFY_MAC_ERROR;
|
||||||
|
}
|
||||||
|
XMEMSET(nonce, 0, AEAD_NONCE_SZ);
|
||||||
|
break;
|
||||||
}
|
}
|
||||||
XMEMSET(nonce, 0, AEAD_NONCE_SZ);
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef HAVE_AESCCM
|
#ifdef HAVE_AESCCM
|
||||||
case cyassl_aes_ccm:
|
case cyassl_aes_ccm:
|
||||||
{
|
if (AEAD_EXP_IV_SZ + ssl->specs.aead_mac_size > sz) {
|
||||||
byte additional[AES_BLOCK_SIZE];
|
return INCOMPLETE_DATA;
|
||||||
byte nonce[AEAD_NONCE_SZ];
|
}
|
||||||
|
else {
|
||||||
XMEMSET(additional, 0, AES_BLOCK_SIZE);
|
byte additional[AES_BLOCK_SIZE];
|
||||||
|
byte nonce[AEAD_NONCE_SZ];
|
||||||
/* sequence number field is 64-bits, we only use 32-bits */
|
|
||||||
c32toa(GetSEQIncrement(ssl, 1), additional + AEAD_SEQ_OFFSET);
|
XMEMSET(additional, 0, AES_BLOCK_SIZE);
|
||||||
|
|
||||||
#ifdef CYASSL_DTLS
|
/* sequence number field is 64-bits, we only use 32-bits */
|
||||||
if (ssl->options.dtls)
|
c32toa(GetSEQIncrement(ssl, 1),
|
||||||
c16toa(ssl->keys.dtls_state.curEpoch, additional);
|
additional + AEAD_SEQ_OFFSET);
|
||||||
#endif
|
|
||||||
|
#ifdef CYASSL_DTLS
|
||||||
additional[AEAD_TYPE_OFFSET] = ssl->curRL.type;
|
if (ssl->options.dtls)
|
||||||
additional[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor;
|
c16toa(ssl->keys.dtls_state.curEpoch, additional);
|
||||||
additional[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor;
|
#endif
|
||||||
|
|
||||||
c16toa(sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size,
|
additional[AEAD_TYPE_OFFSET] = ssl->curRL.type;
|
||||||
additional + AEAD_LEN_OFFSET);
|
additional[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor;
|
||||||
XMEMCPY(nonce, ssl->keys.aead_dec_imp_IV, AEAD_IMP_IV_SZ);
|
additional[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor;
|
||||||
XMEMCPY(nonce + AEAD_IMP_IV_SZ, input, AEAD_EXP_IV_SZ);
|
|
||||||
if (AesCcmDecrypt(ssl->decrypt.aes,
|
c16toa(sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size,
|
||||||
plain + AEAD_EXP_IV_SZ,
|
additional + AEAD_LEN_OFFSET);
|
||||||
input + AEAD_EXP_IV_SZ,
|
XMEMCPY(nonce, ssl->keys.aead_dec_imp_IV, AEAD_IMP_IV_SZ);
|
||||||
sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size,
|
XMEMCPY(nonce + AEAD_IMP_IV_SZ, input, AEAD_EXP_IV_SZ);
|
||||||
nonce, AEAD_NONCE_SZ,
|
if (AesCcmDecrypt(ssl->decrypt.aes,
|
||||||
input + sz - ssl->specs.aead_mac_size,
|
plain + AEAD_EXP_IV_SZ,
|
||||||
ssl->specs.aead_mac_size,
|
input + AEAD_EXP_IV_SZ,
|
||||||
additional, AEAD_AUTH_DATA_SZ) < 0) {
|
sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size,
|
||||||
SendAlert(ssl, alert_fatal, bad_record_mac);
|
nonce, AEAD_NONCE_SZ,
|
||||||
XMEMSET(nonce, 0, AEAD_NONCE_SZ);
|
input + sz - ssl->specs.aead_mac_size,
|
||||||
return VERIFY_MAC_ERROR;
|
ssl->specs.aead_mac_size,
|
||||||
|
additional, AEAD_AUTH_DATA_SZ) < 0) {
|
||||||
|
SendAlert(ssl, alert_fatal, bad_record_mac);
|
||||||
|
XMEMSET(nonce, 0, AEAD_NONCE_SZ);
|
||||||
|
return VERIFY_MAC_ERROR;
|
||||||
|
}
|
||||||
|
XMEMSET(nonce, 0, AEAD_NONCE_SZ);
|
||||||
|
break;
|
||||||
}
|
}
|
||||||
XMEMSET(nonce, 0, AEAD_NONCE_SZ);
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef HAVE_CAMELLIA
|
#ifdef HAVE_CAMELLIA
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user