mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-22 05:45:38 +01:00
Fix wrong length limit in GCM
See for example page 8 of http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf The previous constant probably came from a typo as it was 2^26 - 2^5 instead of 2^36 - 2^5. Clearly the intention was to allow for a constant bigger than 2^32 as the ull suffix and cast to uint64_t show. fixes #362
This commit is contained in:
parent
7f17155ac6
commit
1e07562da4
@ -1,5 +1,10 @@
|
||||
mbed TLS ChangeLog (Sorted per branch, date)
|
||||
|
||||
= mbed TLS 2.2.1 released 2015-12-xx
|
||||
|
||||
Bugfix
|
||||
* Fix over-restricive length limit in GCM. Found by Andreas-N. #362
|
||||
|
||||
= mbed TLS 2.2.0 released 2015-11-04
|
||||
|
||||
Security
|
||||
|
@ -362,7 +362,7 @@ int mbedtls_gcm_update( mbedtls_gcm_context *ctx,
|
||||
/* Total length is restricted to 2^39 - 256 bits, ie 2^36 - 2^5 bytes
|
||||
* Also check for possible overflow */
|
||||
if( ctx->len + length < ctx->len ||
|
||||
(uint64_t) ctx->len + length > 0x03FFFFE0ull )
|
||||
(uint64_t) ctx->len + length > 0xFFFFFFFE0ull )
|
||||
{
|
||||
return( MBEDTLS_ERR_GCM_BAD_INPUT );
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user