mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2025-07-31 19:24:42 +02:00
AES-GCM: fixed the encryption/decryption bug
This commit is contained in:
John Safranek
@@ -2245,8 +2245,9 @@ static INLINE void Encrypt(CYASSL* ssl, byte* out, const byte* input, word32 sz)
|
||||
XMEMSET(additional, 0, 16);
|
||||
c32toa(GetSEQIncrement(ssl, 0), additional + 4);
|
||||
XMEMCPY(additional+8, input - 5, 5);
|
||||
c16toa(sz - 24, additional+11);
|
||||
AesGcmEncrypt(&ssl->encrypt.aes, out+8, input+8, sz-24,
|
||||
out + 8 + (sz - 24), 16, additional, 13);
|
||||
out + sz - 16, 16, additional, 13);
|
||||
}
|
||||
break;
|
||||
#endif
|
||||
@@ -2316,7 +2317,7 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input,
|
||||
additional[8] = ssl->curRL.type;
|
||||
additional[9] = ssl->curRL.version.major;
|
||||
additional[10] = ssl->curRL.version.minor;
|
||||
c16toa(sz, additional + 11);
|
||||
c16toa(sz-24, additional + 11);
|
||||
if (AesGcmDecrypt(&ssl->decrypt.aes, plain+8, input+8, sz-24,
|
||||
input + 8 + (sz - 24), 16, additional, 13) < 0) {
|
||||
SendAlert(ssl, alert_fatal, bad_record_mac);
|
||||
|
||||
10
src/keys.c
10
src/keys.c
@@ -1002,17 +1002,15 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
|
||||
/* TLS can call too */
|
||||
int StoreKeys(CYASSL* ssl, const byte* keyData)
|
||||
{
|
||||
int sz = ssl->specs.hash_size, i;
|
||||
int sz, i = 0;
|
||||
|
||||
if (ssl->specs.cipher_type != aead) {
|
||||
XMEMCPY(ssl->keys.client_write_MAC_secret, keyData, sz);
|
||||
i = sz;
|
||||
sz = ssl->specs.hash_size;
|
||||
XMEMCPY(ssl->keys.client_write_MAC_secret,&keyData[i], sz);
|
||||
i += sz;
|
||||
XMEMCPY(ssl->keys.server_write_MAC_secret,&keyData[i], sz);
|
||||
i += sz;
|
||||
}
|
||||
else {
|
||||
sz = 0;
|
||||
}
|
||||
|
||||
sz = ssl->specs.key_size;
|
||||
XMEMCPY(ssl->keys.client_write_key, &keyData[i], sz);
|
||||
|
||||
Reference in New Issue
Block a user