cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-11-04 04:32:24 -05:00
Code Issues Packages Projects Releases Wiki Activity

Corrected GCM counter incrementation to use only 32-bits instead of 128-bits

Browse Source 
Using 32-bits has the possibility to overwrite the IV in the first 12
bytes of the Y variable.

Found by Yawning Angel
This commit is contained in:
Paul Bakker 2013-02-27 14:52:37 +01:00
parent e47b34bdc8
commit 3d2dc0f8e5
2 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ChangeLog
View File

@ -3,6 +3,8 @@ PolarSSL ChangeLog
= Master
Bugfix
* Fixed memory leak in ssl_free() and ssl_reset() for active session
* Corrected GCM counter incrementation to use only 32-bits instead of
128-bits (found by Yawning Angel)
Security
* Removed further timing differences during SSL message decryption in

2
library/gcm.c
View File

@ -263,7 +263,7 @@ int gcm_crypt_and_tag( gcm_context *ctx,
{
use_len = ( length < 16 ) ? length : 16;
for( i = 16; i > 0; i-- )
for( i = 16; i > 12; i-- )
if( ++y[i - 1] != 0 )
break;