| commit | 3d2dc0f8e5fae6d5c08e7355beae19e9bb0db99b | [log] [tgz] |
|---|---|---|
| author | Paul Bakker <p.j.bakker@polarssl.org> | Wed Feb 27 14:52:37 2013 +0100 |
| committer | Paul Bakker <p.j.bakker@polarssl.org> | Thu Feb 28 10:55:39 2013 +0100 |
| tree | 3864e7759980b645160cde116aab0ee203cb7753 | |
| parent | e47b34bdc8507b63758402f69e7623d11dfb6984 [diff] [blame] |
Corrected GCM counter incrementation to use only 32-bits instead of 128-bits Using 32-bits has the possibility to overwrite the IV in the first 12 bytes of the Y variable. Found by Yawning Angel
diff --git a/library/gcm.c b/library/gcm.c index c91598c..68b6611 100644 --- a/library/gcm.c +++ b/library/gcm.c
@@ -263,7 +263,7 @@ { use_len = ( length < 16 ) ? length : 16; - for( i = 16; i > 0; i-- ) + for( i = 16; i > 12; i-- ) if( ++y[i - 1] != 0 ) break;