fix sniffer with AES-GCM, add scratch authTag buffer

2017-04-27 15:22:30 -06:00 · 2017-04-27 15:22:30 -06:00 · b8917baa6a
commit b8917baa6a
parent 2deced22dc
1 changed files with 4 additions and 1 deletions
--- a/src/sniffer.c
+++ b/src/sniffer.c
@ -2206,6 +2206,9 @@ static int Decrypt(SSL* ssl, byte* output, const byte* input, word32 sz)
        case wolfssl_aes_gcm:
            if (sz >= (word32)(AESGCM_EXP_IV_SZ + ssl->specs.aead_mac_size))
            {
+                /* scratch buffer, sniffer ignores auth tag*/
+                byte authTag[WOLFSSL_MIN_AUTH_TAG_SZ];
+
                byte nonce[AESGCM_NONCE_SZ];
                XMEMCPY(nonce, ssl->keys.aead_dec_imp_IV, AESGCM_IMP_IV_SZ);
                XMEMCPY(nonce + AESGCM_IMP_IV_SZ, input, AESGCM_EXP_IV_SZ);
@ -2215,7 +2218,7 @@ static int Decrypt(SSL* ssl, byte* output, const byte* input, word32 sz)
                            input + AESGCM_EXP_IV_SZ,
                            sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
                            nonce, AESGCM_NONCE_SZ,
-                            NULL, 0,
+                            authTag, sizeof(authTag),
                            NULL, 0) < 0) {
                    Trace(BAD_DECRYPT);
                    ret = -1;