bugfix: if the len of iv is not 96-bit, y0 can be calculated incorrectly An initialization vector IV can have any number of bits between 1 and 2^64. So it should be filled to the lower 64-bit in the last step when computing ghash. Signed-off-by: openluopworld <luopengxq@gmail.com>

commit: 08fd463ee45a0332f469a6de5acc977a50672999 [log] [tgz]
author: openluopworld <luopengxq@gmail.com> Sun Sep 19 11:18:04 2021 +0800
committer: openluopworld <luopengxq@gmail.com> Sun Sep 19 11:20:03 2021 +0800
tree: 6fc27cd01d06541a56c328090f5611807deece95
parent: 6c8183f0c92c953d421289d22b75de76c2ab5347 [diff] [blame]
diff --git a/library/gcm.c b/library/gcm.c
index 0810fd2..e1c1c7d 100644
--- a/library/gcm.c
+++ b/library/gcm.c

@@ -278,8 +278,7 @@
     else
     {
         memset( work_buf, 0x00, 16 );
-        MBEDTLS_PUT_UINT32_BE( iv_len >> 29, work_buf, 8  );
-        MBEDTLS_PUT_UINT32_BE( iv_len << 3,  work_buf, 12 );
+        MBEDTLS_PUT_UINT64_BE( iv_len * 8,  work_buf, 8 );
 
         p = iv;
         while( iv_len > 0 )
commit	08fd463ee45a0332f469a6de5acc977a50672999	[log] [tgz]
author	openluopworld <luopengxq@gmail.com>	Sun Sep 19 11:18:04 2021 +0800
committer	openluopworld <luopengxq@gmail.com>	Sun Sep 19 11:20:03 2021 +0800
tree	6fc27cd01d06541a56c328090f5611807deece95
parent	6c8183f0c92c953d421289d22b75de76c2ab5347 [diff] [blame]