Corrected GCM counter incrementation to use only 32-bits instead of 128-bits

Using 32-bits has the possibility to overwrite the IV in the first 12 bytes of the Y variable. Found by Yawning Angel
2026-02-19 08:43:02 +00:00 · 2013-02-27 14:52:37 +01:00
parent e47b34bdc8
commit 3d2dc0f8e5
2 changed files with 3 additions and 1 deletions
--- a/2
+++ b/2
@@ -3,6 +3,8 @@ PolarSSL ChangeLog
 = Master
 Bugfix
   * Fixed memory leak in ssl_free() and ssl_reset() for active session
+   * Corrected GCM counter incrementation to use only 32-bits instead of
+     128-bits (found by Yawning Angel)

 Security
   * Removed further timing differences during SSL message decryption in