yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-26 03:25:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

Check input lengths in GCM

Browse Source
This commit is contained in:
Manuel Pégourié-Gonnard 2014-06-18 11:29:30 +02:00 committed by Paul Bakker
parent 0bcc4e1df7
commit b46e6adb9c
1 changed files with 16 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
library/gcm.c
View File

@ -266,6 +266,13 @@ int gcm_starts( gcm_context *ctx,
const unsigned char *p; const unsigned char *p;
size_t use_len, olen = 0; size_t use_len, olen = 0;
/* IV and AD are limited to 2^64 bits, so 2^61 bytes */
if( ( (uint64_t) iv_len ) >> 61 != 0 ||
( (uint64_t) add_len ) >> 61 != 0 )
{
return( POLARSSL_ERR_GCM_BAD_INPUT );
}
memset( ctx->y, 0x00, sizeof(ctx->y) ); memset( ctx->y, 0x00, sizeof(ctx->y) );
memset( ctx->buf, 0x00, sizeof(ctx->buf) ); memset( ctx->buf, 0x00, sizeof(ctx->buf) );
@ -342,6 +349,14 @@ int gcm_update( gcm_context *ctx,
if( output > input && (size_t) ( output - input ) < length ) if( output > input && (size_t) ( output - input ) < length )
return( POLARSSL_ERR_GCM_BAD_INPUT ); return( POLARSSL_ERR_GCM_BAD_INPUT );
/* Total length is restricted to 2^39 - 256 bits, ie 2^36 - 2^5 bytes
* Also check for possible overflow */
if( ctx->len + length < ctx->len ||
(uint64_t) ctx->len + length > 0x03FFFFE0llu )
{
return( POLARSSL_ERR_GCM_BAD_INPUT );
}
ctx->len += length; ctx->len += length;
p = input; p = input;
@ -387,7 +402,7 @@ int gcm_finish( gcm_context *ctx,
uint64_t orig_len = ctx->len * 8; uint64_t orig_len = ctx->len * 8;
uint64_t orig_add_len = ctx->add_len * 8; uint64_t orig_add_len = ctx->add_len * 8;
if( tag_len > 16 ) if( tag_len > 16 || tag_len < 4 )
return( POLARSSL_ERR_GCM_BAD_INPUT ); return( POLARSSL_ERR_GCM_BAD_INPUT );
if( tag_len != 0 ) if( tag_len != 0 )