diff --git a/src/internal.c b/src/internal.c index 8c1efa770..ba1b0f34e 100644 --- a/src/internal.c +++ b/src/internal.c @@ -15658,8 +15658,8 @@ static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input, return ret; } -static WC_INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input, word16 sz, - int asyncOkay) +static WC_INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input, + word16 sz, int asyncOkay) { int ret = 0; @@ -15690,10 +15690,10 @@ static WC_INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input, word16 /* make sure auth iv and auth are allocated */ if (ssl->encrypt.additional == NULL) ssl->encrypt.additional = (byte*)XMALLOC(AEAD_AUTH_DATA_SZ, - ssl->heap, DYNAMIC_TYPE_AES_BUFFER); + ssl->heap, DYNAMIC_TYPE_AES_BUFFER); if (ssl->encrypt.nonce == NULL) ssl->encrypt.nonce = (byte*)XMALLOC(AESGCM_NONCE_SZ, - ssl->heap, DYNAMIC_TYPE_AES_BUFFER); + ssl->heap, DYNAMIC_TYPE_AES_BUFFER); if (ssl->encrypt.additional == NULL || ssl->encrypt.nonce == NULL) { return MEMORY_E; @@ -15899,6 +15899,7 @@ static WC_INLINE int DecryptDo(WOLFSSL* ssl, byte* plain, const byte* input, return ret; } +/* doAlert Generate alert on error (set to 0 for sniffer use cases) */ int DecryptTls(WOLFSSL* ssl, byte* plain, const byte* input, word16 sz, int doAlert) { @@ -15939,10 +15940,10 @@ int DecryptTls(WOLFSSL* ssl, byte* plain, const byte* input, /* make sure auth iv and auth are allocated */ if (ssl->decrypt.additional == NULL) ssl->decrypt.additional = (byte*)XMALLOC(AEAD_AUTH_DATA_SZ, - ssl->heap, DYNAMIC_TYPE_AES_BUFFER); + ssl->heap, DYNAMIC_TYPE_AES_BUFFER); if (ssl->decrypt.nonce == NULL) ssl->decrypt.nonce = (byte*)XMALLOC(AESGCM_NONCE_SZ, - ssl->heap, DYNAMIC_TYPE_AES_BUFFER); + ssl->heap, DYNAMIC_TYPE_AES_BUFFER); if (ssl->decrypt.additional == NULL || ssl->decrypt.nonce == NULL) { return MEMORY_E; diff --git a/src/sniffer.c b/src/sniffer.c index 4061543e3..d9fa0938a 100644 --- a/src/sniffer.c +++ b/src/sniffer.c @@ -4526,7 +4526,12 @@ static const byte* DecryptMessage(WOLFSSL* ssl, const byte* input, word32 sz, else #endif { + XMEMCPY(&ssl->curRL, rh, RECORD_HEADER_SZ); ret = DecryptTls(ssl, output, input, sz, 0); + if (ssl->specs.cipher_type == aead) { + /* DecryptTls places the output at offset of 8 for explicit IV */ + output += AESGCM_EXP_IV_SZ; + } } #ifdef WOLFSSL_ASYNC_CRYPT /* for async the symmetric operations are blocking */ @@ -6194,8 +6199,8 @@ int ssl_DecodePacketWithSessionInfoStoreData(const unsigned char* packet, int ssl_DecodePacketWithChain(void* vChain, word32 chainSz, byte** data, char* error) { - return ssl_DecodePacketInternal(vChain, chainSz, 1, data, NULL, NULL, - error, 0); + return ssl_DecodePacketInternal((const byte*)vChain, chainSz, 1, data, + NULL, NULL, error, 0); } #endif diff --git a/src/tls13.c b/src/tls13.c index de8a70794..8720845a9 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -2110,7 +2110,7 @@ static int Tls13IntegrityOnly_Decrypt(WOLFSSL* ssl, byte* output, * sz The length of the encrypted data plus authentication tag. * aad The additional authentication data. * aadSz The size of the addition authentication data. - * doAlert Generate alert on error (not for sniffer use cases) + * doAlert Generate alert on error (set to 0 for sniffer use cases) * returns 0 on success, otherwise failure. */ int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input, word16 sz,