wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 04:04:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

Removed previous change. Fixed it in the Sanity check instead.

Browse Source
This commit is contained in:
John Safranek
2014-04-08 17:00:21 -07:00
parent 52503c713c
commit 2c97d38c2c
1 changed files with 57 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

121
src/internal.c
View File

@@ -4295,87 +4295,79 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input,
#ifdef BUILD_AESGCM #ifdef BUILD_AESGCM
case cyassl_aes_gcm: case cyassl_aes_gcm:
if (AEAD_EXP_IV_SZ + ssl->specs.aead_mac_size > sz) { {
return INCOMPLETE_DATA; byte additional[AES_BLOCK_SIZE];
} byte nonce[AEAD_NONCE_SZ];
else {
byte additional[AES_BLOCK_SIZE];
byte nonce[AEAD_NONCE_SZ];
XMEMSET(additional, 0, AES_BLOCK_SIZE); XMEMSET(additional, 0, AES_BLOCK_SIZE);
/* sequence number field is 64-bits, we only use 32-bits */ /* sequence number field is 64-bits, we only use 32-bits */
c32toa(GetSEQIncrement(ssl, 1), c32toa(GetSEQIncrement(ssl, 1), additional + AEAD_SEQ_OFFSET);
additional + AEAD_SEQ_OFFSET);
additional[AEAD_TYPE_OFFSET] = ssl->curRL.type;
additional[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor;
additional[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor;
additional[AEAD_TYPE_OFFSET] = ssl->curRL.type; c16toa(sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size,
additional[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor; additional + AEAD_LEN_OFFSET);
additional[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor; XMEMCPY(nonce, ssl->keys.aead_dec_imp_IV, AEAD_IMP_IV_SZ);
XMEMCPY(nonce + AEAD_IMP_IV_SZ, input, AEAD_EXP_IV_SZ);
c16toa(sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size, if (AesGcmDecrypt(ssl->decrypt.aes,
additional + AEAD_LEN_OFFSET); plain + AEAD_EXP_IV_SZ,
XMEMCPY(nonce, ssl->keys.aead_dec_imp_IV, AEAD_IMP_IV_SZ); input + AEAD_EXP_IV_SZ,
XMEMCPY(nonce + AEAD_IMP_IV_SZ, input, AEAD_EXP_IV_SZ);
if (AesGcmDecrypt(ssl->decrypt.aes,
plain + AEAD_EXP_IV_SZ,
input + AEAD_EXP_IV_SZ,
sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size, sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size,
nonce, AEAD_NONCE_SZ, nonce, AEAD_NONCE_SZ,
input + sz - ssl->specs.aead_mac_size, input + sz - ssl->specs.aead_mac_size,
ssl->specs.aead_mac_size, ssl->specs.aead_mac_size,
additional, AEAD_AUTH_DATA_SZ) < 0) { additional, AEAD_AUTH_DATA_SZ) < 0) {
SendAlert(ssl, alert_fatal, bad_record_mac); SendAlert(ssl, alert_fatal, bad_record_mac);
XMEMSET(nonce, 0, AEAD_NONCE_SZ);
return VERIFY_MAC_ERROR;
}
XMEMSET(nonce, 0, AEAD_NONCE_SZ); XMEMSET(nonce, 0, AEAD_NONCE_SZ);
break; return VERIFY_MAC_ERROR;
} }
XMEMSET(nonce, 0, AEAD_NONCE_SZ);
break;
}
#endif #endif
#ifdef HAVE_AESCCM #ifdef HAVE_AESCCM
case cyassl_aes_ccm: case cyassl_aes_ccm:
if (AEAD_EXP_IV_SZ + ssl->specs.aead_mac_size > sz) { {
return INCOMPLETE_DATA; byte additional[AES_BLOCK_SIZE];
} byte nonce[AEAD_NONCE_SZ];
else {
byte additional[AES_BLOCK_SIZE];
byte nonce[AEAD_NONCE_SZ];
XMEMSET(additional, 0, AES_BLOCK_SIZE); XMEMSET(additional, 0, AES_BLOCK_SIZE);
/* sequence number field is 64-bits, we only use 32-bits */ /* sequence number field is 64-bits, we only use 32-bits */
c32toa(GetSEQIncrement(ssl, 1), c32toa(GetSEQIncrement(ssl, 1), additional + AEAD_SEQ_OFFSET);
additional + AEAD_SEQ_OFFSET);
#ifdef CYASSL_DTLS #ifdef CYASSL_DTLS
if (ssl->options.dtls) if (ssl->options.dtls)
c16toa(ssl->keys.dtls_state.curEpoch, additional); c16toa(ssl->keys.dtls_state.curEpoch, additional);
#endif #endif
additional[AEAD_TYPE_OFFSET] = ssl->curRL.type; additional[AEAD_TYPE_OFFSET] = ssl->curRL.type;
additional[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor; additional[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor;
additional[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor; additional[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor;
c16toa(sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size, c16toa(sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size,
additional + AEAD_LEN_OFFSET); additional + AEAD_LEN_OFFSET);
XMEMCPY(nonce, ssl->keys.aead_dec_imp_IV, AEAD_IMP_IV_SZ); XMEMCPY(nonce, ssl->keys.aead_dec_imp_IV, AEAD_IMP_IV_SZ);
XMEMCPY(nonce + AEAD_IMP_IV_SZ, input, AEAD_EXP_IV_SZ); XMEMCPY(nonce + AEAD_IMP_IV_SZ, input, AEAD_EXP_IV_SZ);
if (AesCcmDecrypt(ssl->decrypt.aes, if (AesCcmDecrypt(ssl->decrypt.aes,
plain + AEAD_EXP_IV_SZ, plain + AEAD_EXP_IV_SZ,
input + AEAD_EXP_IV_SZ, input + AEAD_EXP_IV_SZ,
sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size, sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size,
nonce, AEAD_NONCE_SZ, nonce, AEAD_NONCE_SZ,
input + sz - ssl->specs.aead_mac_size, input + sz - ssl->specs.aead_mac_size,
ssl->specs.aead_mac_size, ssl->specs.aead_mac_size,
additional, AEAD_AUTH_DATA_SZ) < 0) { additional, AEAD_AUTH_DATA_SZ) < 0) {
SendAlert(ssl, alert_fatal, bad_record_mac); SendAlert(ssl, alert_fatal, bad_record_mac);
XMEMSET(nonce, 0, AEAD_NONCE_SZ);
return VERIFY_MAC_ERROR;
}
XMEMSET(nonce, 0, AEAD_NONCE_SZ); XMEMSET(nonce, 0, AEAD_NONCE_SZ);
break; return VERIFY_MAC_ERROR;
} }
XMEMSET(nonce, 0, AEAD_NONCE_SZ);
break;
}
#endif #endif
#ifdef HAVE_CAMELLIA #ifdef HAVE_CAMELLIA
@@ -4435,7 +4427,8 @@ static int SanityCheckCipherText(CYASSL* ssl, word32 encryptSz)
minLength += ssl->specs.block_size; /* explicit IV */ minLength += ssl->specs.block_size; /* explicit IV */
} }
else if (ssl->specs.cipher_type == aead) { else if (ssl->specs.cipher_type == aead) {
minLength = ssl->specs.block_size; /* explicit IV + implicit IV + CTR */ minLength = ssl->specs.aead_mac_size + AEAD_EXP_IV_SZ;
/* explicit IV + authTag size */
} }
if (encryptSz < minLength) { if (encryptSz < minLength) {