bugfix: if the len of iv is not 96-bit, y0 can be calculated incorrectly
An initialization vector IV can have any number of bits between 1 and 2^64. So it should be filled to the lower 64-bit in the last step when computing ghash. Signed-off-by: openluopworld <luopengxq@gmail.com>
This commit is contained in:
openluopworld
parent
6c8183f0c9
commit
08fd463ee4
1 changed files with 1 additions and 2 deletions
|
|
@ -278,8 +278,7 @@ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
memset( work_buf, 0x00, 16 );
|
memset( work_buf, 0x00, 16 );
|
||||||
MBEDTLS_PUT_UINT32_BE( iv_len >> 29, work_buf, 8 );
|
MBEDTLS_PUT_UINT64_BE( iv_len * 8, work_buf, 8 );
|
||||||
MBEDTLS_PUT_UINT32_BE( iv_len << 3, work_buf, 12 );
|
|
||||||
|
|
||||||
p = iv;
|
p = iv;
|
||||||
while( iv_len > 0 )
|
while( iv_len > 0 )
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue