wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 04:04:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix sniffer with AES-GCM, add scratch authTag buffer

Browse Source
This commit is contained in:
Chris Conlon
2017-04-27 15:22:30 -06:00
parent 2deced22dc
commit b8917baa6a
1 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/sniffer.c
View File

@@ -2206,6 +2206,9 @@ static int Decrypt(SSL* ssl, byte* output, const byte* input, word32 sz)
case wolfssl_aes_gcm: case wolfssl_aes_gcm:
if (sz >= (word32)(AESGCM_EXP_IV_SZ + ssl->specs.aead_mac_size)) if (sz >= (word32)(AESGCM_EXP_IV_SZ + ssl->specs.aead_mac_size))
{ {
/* scratch buffer, sniffer ignores auth tag*/
byte authTag[WOLFSSL_MIN_AUTH_TAG_SZ];
byte nonce[AESGCM_NONCE_SZ]; byte nonce[AESGCM_NONCE_SZ];
XMEMCPY(nonce, ssl->keys.aead_dec_imp_IV, AESGCM_IMP_IV_SZ); XMEMCPY(nonce, ssl->keys.aead_dec_imp_IV, AESGCM_IMP_IV_SZ);
XMEMCPY(nonce + AESGCM_IMP_IV_SZ, input, AESGCM_EXP_IV_SZ); XMEMCPY(nonce + AESGCM_IMP_IV_SZ, input, AESGCM_EXP_IV_SZ);
@@ -2215,7 +2218,7 @@ static int Decrypt(SSL* ssl, byte* output, const byte* input, word32 sz)
input + AESGCM_EXP_IV_SZ, input + AESGCM_EXP_IV_SZ,
sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size, sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
nonce, AESGCM_NONCE_SZ, nonce, AESGCM_NONCE_SZ,
NULL, 0, authTag, sizeof(authTag),
NULL, 0) < 0) { NULL, 0) < 0) {
Trace(BAD_DECRYPT); Trace(BAD_DECRYPT);
ret = -1; ret = -1;