mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-25 16:55:43 +01:00
Corrected GCM counter incrementation to use only 32-bits instead of 128-bits
Using 32-bits has the possibility to overwrite the IV in the first 12 bytes of the Y variable. Found by Yawning Angel
This commit is contained in:
parent
e47b34bdc8
commit
3d2dc0f8e5
@ -3,6 +3,8 @@ PolarSSL ChangeLog
|
||||
= Master
|
||||
Bugfix
|
||||
* Fixed memory leak in ssl_free() and ssl_reset() for active session
|
||||
* Corrected GCM counter incrementation to use only 32-bits instead of
|
||||
128-bits (found by Yawning Angel)
|
||||
|
||||
Security
|
||||
* Removed further timing differences during SSL message decryption in
|
||||
|
@ -263,7 +263,7 @@ int gcm_crypt_and_tag( gcm_context *ctx,
|
||||
{
|
||||
use_len = ( length < 16 ) ? length : 16;
|
||||
|
||||
for( i = 16; i > 0; i-- )
|
||||
for( i = 16; i > 12; i-- )
|
||||
if( ++y[i - 1] != 0 )
|
||||
break;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user