Corrected GCM counter incrementation to use only 32-bits instead of 128-bits Using 32-bits has the possibility to overwrite the IV in the first 12 bytes of the Y variable. Found by Yawning Angel

commit: 3d2dc0f8e5fae6d5c08e7355beae19e9bb0db99b [log] [tgz]
author: Paul Bakker <p.j.bakker@polarssl.org> Wed Feb 27 14:52:37 2013 +0100
committer: Paul Bakker <p.j.bakker@polarssl.org> Thu Feb 28 10:55:39 2013 +0100
tree: 3864e7759980b645160cde116aab0ee203cb7753
parent: e47b34bdc8507b63758402f69e7623d11dfb6984 [diff] [blame]
diff --git a/ChangeLog b/ChangeLog
index 75989bb..a5fc141 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -3,6 +3,8 @@
 = Master
 Bugfix
    * Fixed memory leak in ssl_free() and ssl_reset() for active session
+   * Corrected GCM counter incrementation to use only 32-bits instead of
+     128-bits (found by Yawning Angel)
 
 Security
    * Removed further timing differences during SSL message decryption in
commit	3d2dc0f8e5fae6d5c08e7355beae19e9bb0db99b	[log] [tgz]
author	Paul Bakker <p.j.bakker@polarssl.org>	Wed Feb 27 14:52:37 2013 +0100
committer	Paul Bakker <p.j.bakker@polarssl.org>	Thu Feb 28 10:55:39 2013 +0100
tree	3864e7759980b645160cde116aab0ee203cb7753
parent	e47b34bdc8507b63758402f69e7623d11dfb6984 [diff] [blame]