-
Notifications
You must be signed in to change notification settings - Fork 153
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
aes-gcm: avoid exposing plaintext on tag verification failure
In #409, for whatever reason I moved the application of the keystream from after the tag check to before. This means the keystream is applied unilaterally, instead of only when tag verification is successful. Sadly, there was a TODO to test for this. A test has been added to ensure the buffer is unmodified on tag verification failure. It was red/green tested to ensure it caught the previous bug, and that the fix corrects it. This is being tracked as GHSA-423w-p2w9-r7vq (currently embargoed).
- Loading branch information
Showing
4 changed files
with
23 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters