mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-01-27 06:35:22 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

bugfix: if the len of iv is not 96-bit, ghash is used to compute y0.

Browse Source 
An initialization vector IV can have any number of bits between 1 and
2^64. So it should be filled to the lower 64-bit in the last step
when computing ghash.

Signed-off-by: openluopworld <luopengxq@gmail.com>
This commit is contained in:
openluopworld 2021-09-17 22:15:49 +08:00
parent 2beb5f302a
commit 6c8183f0c9
1 changed files with 2 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
library/gcm.c
View File

@ -254,7 +254,6 @@ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
size_t i;
const unsigned char *p;
size_t use_len, olen = 0;
size_t iv_bits;
GCM_VALIDATE_RET( ctx != NULL );
GCM_VALIDATE_RET( iv != NULL );
@ -279,9 +278,8 @@ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
else
{
memset( work_buf, 0x00, 16 );
iv_bits = iv_len << 3;
MBEDTLS_PUT_UINT32_BE( (iv_bits >> 32), work_buf, 8 );
MBEDTLS_PUT_UINT32_BE( iv_bits, work_buf, 12 );
MBEDTLS_PUT_UINT32_BE( iv_len >> 29, work_buf, 8 );
MBEDTLS_PUT_UINT32_BE( iv_len << 3, work_buf, 12 );
p = iv;
while( iv_len > 0 )