aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlloyd <[email protected]>2013-04-11 16:03:29 +0000
committerlloyd <[email protected]>2013-04-11 16:03:29 +0000
commit3666479a1ef057cb61bfd0448133097993554594 (patch)
tree527e25b8435ed405f8eb6ccea810381577f93c1f
parentd176f7ab61005a99d630ef25056f4c8312900c44 (diff)
GCM garbled nonces after one message
-rw-r--r--src/aead/aead.h2
-rw-r--r--src/aead/gcm/gcm.cpp6
2 files changed, 4 insertions, 4 deletions
diff --git a/src/aead/aead.h b/src/aead/aead.h
index eb9e7ec7d..0aa50f348 100644
--- a/src/aead/aead.h
+++ b/src/aead/aead.h
@@ -48,7 +48,7 @@ class AEAD_Mode : public SymmetricAlgorithm
/**
* Set associated data that is not included in the ciphertext but
* that should be authenticated. Must be called after set_key
- * and before end_msg.
+ * and before finish.
*
* Unless reset by another call, the associated data is kept
* between messages. Thus, if the AD does not change, calling
diff --git a/src/aead/gcm/gcm.cpp b/src/aead/gcm/gcm.cpp
index 665fc4472..7563fc924 100644
--- a/src/aead/gcm/gcm.cpp
+++ b/src/aead/gcm/gcm.cpp
@@ -95,11 +95,11 @@ void ghash_finalize(const secure_vector<byte>& H,
GCM_Mode::GCM_Mode(BlockCipher* cipher, size_t tag_size) :
m_tag_size(tag_size),
m_cipher_name(cipher->name()),
- m_H(16), m_H_ad(16), m_mac(16),
+ m_H(BS), m_H_ad(BS), m_mac(BS), m_enc_y0(BS),
m_ad_len(0), m_text_len(0)
{
if(cipher->block_size() != BS)
- throw std::invalid_argument("OCB requires a 128 bit cipher so cannot be used with " +
+ throw std::invalid_argument("GCM requires a 128 bit cipher so cannot be used with " +
cipher->name());
m_ctr.reset(new CTR_BE(cipher)); // CTR_BE takes ownership of cipher
@@ -173,7 +173,7 @@ secure_vector<byte> GCM_Mode::start(const byte nonce[], size_t nonce_len)
m_ctr->set_iv(&y0[0], y0.size());
- m_enc_y0.resize(BS);
+ zeroise(m_enc_y0);
m_ctr->encipher(m_enc_y0);
m_text_len = 0;