| Subject: | CCM encryption without aad is incorrect |
if you don't specify alternate data ( which is probably the most common
case )
the encryption result is incorrect.
the problem is in the function _format_associated_data:
it says now:
if ($a_len == 0) {
$payload = '';
}
and then goes on encoding the payload anyway as 16 NUL bytes.
while what should happen is this:
if ($a_len == 0) {
return '';
}
see rfc3610, where it says:
Show quoted text
>> If l(a)>0 (as indicated by the Adata field), then one or more blocks
>> of authentication data are added.
( and not >=0, as the current code does )