cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-11-04 04:32:24 -05:00
Code Issues Packages Projects Releases Wiki Activity

Remove unnecessary backup of explicit IV in AEAD record decryption

Browse Source 
There is no need to hold back the explicit IV for AEAD ciphers.
This commit is contained in:
Hanno Becker 2019-07-10 11:44:13 +01:00
parent d96a652d80
commit 20016654c3
1 changed files with 1 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
library/ssl_tls.c
View File

@ -2686,12 +2686,9 @@ int mbedtls_ssl_decrypt_buf( mbedtls_ssl_context *ssl,
/* Because of the check above, we know that there are /* Because of the check above, we know that there are
* explicit_iv_len Bytes preceeding data, and taglen * explicit_iv_len Bytes preceeding data, and taglen
* bytes following data + data_len. This justifies * bytes following data + data_len. This justifies
* the memcpy, debug message and invocation of * the debug message and the invocation of
* mbedtls_cipher_auth_decrypt() below. */ * mbedtls_cipher_auth_decrypt() below. */
memcpy( transform->iv_dec + transform->fixed_ivlen,
data - explicit_iv_len, explicit_iv_len );
MBEDTLS_SSL_DEBUG_BUF( 4, "IV used", iv, transform->ivlen ); MBEDTLS_SSL_DEBUG_BUF( 4, "IV used", iv, transform->ivlen );
MBEDTLS_SSL_DEBUG_BUF( 4, "TAG used", data + rec->data_len, MBEDTLS_SSL_DEBUG_BUF( 4, "TAG used", data + rec->data_len,
transform->taglen ); transform->taglen );