Loading src/crypto/tls.cpp +13 −5 Original line number Diff line number Diff line Loading @@ -3432,8 +3432,11 @@ namespace netplus { } // GCM record payload: explicit_nonce(8) + ciphertext + tag(16) if (payload.size() < 8 + 16) throwSSL(NetException::Error, "GCM record too short"); if (payload.size() < 8 + 16) { NetException e; e[NetException::Error] << "tls: GCM record too short"; throw e; } const uint8_t* explicit_nonce = payload.data(); size_t ct_len = payload.size() - 8 - 16; Loading @@ -3459,8 +3462,11 @@ namespace netplus { uint8_t tag_copy[16]; std::memcpy(tag_copy, tag, 16); if (!aes_recv->aes_gcm_decrypt(nonce, aad, 13, ct, ct_len, tag_copy, plaintext.data())) throwSSL(NetException::Error, "GCM tag verification failed"); if (!aes_recv->aes_gcm_decrypt(nonce, aad, 13, ct, ct_len, tag_copy, plaintext.data())) { NetException e; e[NetException::Error] << "tls: GCM tag verification failed"; throw e; } recv_seq++; return plaintext; Loading Loading @@ -3491,7 +3497,9 @@ namespace netplus { const uint16_t ver = 0x0303; if (!aes) { throwSSL(NetException::Error, "sendTLS12RecordGCM: AES cipher not initialized"); NetException e; e[NetException::Error] << "tls: sendTLS12RecordGCM: AES cipher not initialized"; throw e; } // Build nonce: implicit_iv(4) || explicit_nonce(8) = 12 bytes Loading Loading
src/crypto/tls.cpp +13 −5 Original line number Diff line number Diff line Loading @@ -3432,8 +3432,11 @@ namespace netplus { } // GCM record payload: explicit_nonce(8) + ciphertext + tag(16) if (payload.size() < 8 + 16) throwSSL(NetException::Error, "GCM record too short"); if (payload.size() < 8 + 16) { NetException e; e[NetException::Error] << "tls: GCM record too short"; throw e; } const uint8_t* explicit_nonce = payload.data(); size_t ct_len = payload.size() - 8 - 16; Loading @@ -3459,8 +3462,11 @@ namespace netplus { uint8_t tag_copy[16]; std::memcpy(tag_copy, tag, 16); if (!aes_recv->aes_gcm_decrypt(nonce, aad, 13, ct, ct_len, tag_copy, plaintext.data())) throwSSL(NetException::Error, "GCM tag verification failed"); if (!aes_recv->aes_gcm_decrypt(nonce, aad, 13, ct, ct_len, tag_copy, plaintext.data())) { NetException e; e[NetException::Error] << "tls: GCM tag verification failed"; throw e; } recv_seq++; return plaintext; Loading Loading @@ -3491,7 +3497,9 @@ namespace netplus { const uint16_t ver = 0x0303; if (!aes) { throwSSL(NetException::Error, "sendTLS12RecordGCM: AES cipher not initialized"); NetException e; e[NetException::Error] << "tls: sendTLS12RecordGCM: AES cipher not initialized"; throw e; } // Build nonce: implicit_iv(4) || explicit_nonce(8) = 12 bytes Loading
