From 27450aca7d51adaac40978db276c61028e275280 Mon Sep 17 00:00:00 2001 From: toddouska Date: Fri, 2 Oct 2015 11:24:32 -0700 Subject: [PATCH 1/2] increment explicit iv and zero nonce even on GCM/CCM failure --- src/internal.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/src/internal.c b/src/internal.c index bda99c84a..9321a840e 100644 --- a/src/internal.c +++ b/src/internal.c @@ -5857,8 +5857,7 @@ static INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input, word16 sz) out + sz - ssl->specs.aead_mac_size, ssl->specs.aead_mac_size, additional, AEAD_AUTH_DATA_SZ); - if (ret == 0) - AeadIncrementExpIV(ssl); + AeadIncrementExpIV(ssl); ForceZero(nonce, AEAD_NONCE_SZ); } break; @@ -5902,8 +5901,6 @@ static INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input, word16 sz) out + sz - ssl->specs.aead_mac_size, ssl->specs.aead_mac_size, additional, AEAD_AUTH_DATA_SZ); - if (ret != 0) - return ret; AeadIncrementExpIV(ssl); ForceZero(nonce, AEAD_NONCE_SZ); } From ad51d4ba096a55ac09af8c81b85660a40db730ae Mon Sep 17 00:00:00 2001 From: toddouska Date: Mon, 28 Sep 2015 15:56:27 -0700 Subject: [PATCH 2/2] make sure fast invmod lowers result in too big case --- wolfcrypt/src/integer.c | 6 ++++++ wolfcrypt/src/tfm.c | 4 ++++ 2 files changed, 10 insertions(+) diff --git a/wolfcrypt/src/integer.c b/wolfcrypt/src/integer.c index 49b3fe195..fa967a6ef 100644 --- a/wolfcrypt/src/integer.c +++ b/wolfcrypt/src/integer.c @@ -989,6 +989,12 @@ top: goto LBL_ERR; } } + /* too big */ + while (mp_cmp_mag(&D, b) != MP_LT) { + if ((res = mp_sub(&D, b, &D)) != MP_OKAY) { + goto LBL_ERR; + } + } mp_exch (&D, c); c->sign = neg; res = MP_OKAY; diff --git a/wolfcrypt/src/tfm.c b/wolfcrypt/src/tfm.c index 18de2e6d3..6963ed022 100644 --- a/wolfcrypt/src/tfm.c +++ b/wolfcrypt/src/tfm.c @@ -950,6 +950,10 @@ top: while (D.sign == FP_NEG) { fp_add (&D, b, &D); } + /* too big */ + while (fp_cmp_mag(&D, b) != FP_LT) { + fp_sub(&D, b, &D); + } fp_copy (&D, c); c->sign = neg; return FP_OKAY;