forked from wolfSSL/wolfssl
mac compare in chacha-poly AEAD and remove unneeded null check
This commit is contained in:
Jacob Barthelmeh
@@ -217,6 +217,7 @@ static INLINE void c16toa(word16 u16, byte* c)
|
|||||||
c[1] = u16 & 0xff;
|
c[1] = u16 & 0xff;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static int ConstantCompare(const byte* a, const byte* b, int length);
|
||||||
|
|
||||||
#if !defined(NO_OLD_TLS) || defined(HAVE_CHACHA) || defined(HAVE_AESCCM) \
|
#if !defined(NO_OLD_TLS) || defined(HAVE_CHACHA) || defined(HAVE_AESCCM) \
|
||||||
|| defined(HAVE_AESGCM)
|
|| defined(HAVE_AESGCM)
|
||||||
@@ -5532,7 +5533,6 @@ static int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input,
|
|||||||
byte nonce[AEAD_NONCE_SZ];
|
byte nonce[AEAD_NONCE_SZ];
|
||||||
byte tag[POLY1305_AUTH_SZ];
|
byte tag[POLY1305_AUTH_SZ];
|
||||||
byte cipher[CHACHA20_256_KEY_SIZE]; /* generated key for mac */
|
byte cipher[CHACHA20_256_KEY_SIZE]; /* generated key for mac */
|
||||||
int i;
|
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
|
|
||||||
XMEMSET(tag, 0, sizeof(tag));
|
XMEMSET(tag, 0, sizeof(tag));
|
||||||
@@ -5541,6 +5541,7 @@ static int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input,
|
|||||||
XMEMSET(additional, 0, CHACHA20_BLOCK_SIZE);
|
XMEMSET(additional, 0, CHACHA20_BLOCK_SIZE);
|
||||||
|
|
||||||
#ifdef CHACHA_AEAD_TEST
|
#ifdef CHACHA_AEAD_TEST
|
||||||
|
int i;
|
||||||
printf("input before decrypt :\n");
|
printf("input before decrypt :\n");
|
||||||
for (i = 0; i < sz; i++) {
|
for (i = 0; i < sz; i++) {
|
||||||
printf("%02x", input[i]);
|
printf("%02x", input[i]);
|
||||||
@@ -5597,13 +5598,8 @@ static int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input,
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* check mac sent along with packet */
|
/* check mac sent along with packet */
|
||||||
ret = 0;
|
if (ConstantCompare(input + sz - ssl->specs.aead_mac_size, tag,
|
||||||
for (i = 0; i < ssl->specs.aead_mac_size; i++) {
|
ssl->specs.aead_mac_size) != 0) {
|
||||||
if ((input + sz - ssl->specs.aead_mac_size)[i] != tag[i])
|
|
||||||
ret = 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (ret == 1) {
|
|
||||||
WOLFSSL_MSG("Mac did not match");
|
WOLFSSL_MSG("Mac did not match");
|
||||||
SendAlert(ssl, alert_fatal, bad_record_mac);
|
SendAlert(ssl, alert_fatal, bad_record_mac);
|
||||||
ForceZero(nonce, AEAD_NONCE_SZ);
|
ForceZero(nonce, AEAD_NONCE_SZ);
|
||||||
|
|||||||
@@ -150,9 +150,6 @@ int wc_ecc25519_shared_secret(ecc25519_key* private_key, ecc25519_key* public_ke
|
|||||||
outlen == NULL)
|
outlen == NULL)
|
||||||
return BAD_FUNC_ARG;
|
return BAD_FUNC_ARG;
|
||||||
|
|
||||||
if (private_key->k.point == NULL || public_key->p.point == NULL)
|
|
||||||
return BAD_FUNC_ARG;
|
|
||||||
|
|
||||||
/* avoid implementation fingerprinting */
|
/* avoid implementation fingerprinting */
|
||||||
if (public_key->p.point[0] > 0x7F)
|
if (public_key->p.point[0] > 0x7F)
|
||||||
return ECC_BAD_ARG_E;
|
return ECC_BAD_ARG_E;
|
||||||
|
|||||||
Reference in New Issue
Block a user