mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-01-31 00:32:50 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add back restriction on AD length of GCM

Browse Source 
Fixes: bd513bb53d80276431161e5a64a2ae61740c4e68
Signed-off-by: Chien Wong <m@xv97.com>
This commit is contained in:
Chien Wong 2024-01-22 20:43:54 +08:00
parent 34c6e8a770
commit bf4b5ed7a4
No known key found for this signature in database
GPG Key ID: 5CA58A39FA4122AD
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
library/gcm.c
View File

@ -354,9 +354,12 @@ int mbedtls_gcm_update_ad(mbedtls_gcm_context *ctx,
{
const unsigned char *p;
size_t use_len, offset;
uint64_t new_add_len;
/* IV is limited to 2^64 bits, so 2^61 bytes */
if ((uint64_t) add_len >> 61 != 0) {
/* AD is limited to 2^64 bits, ie 2^61 bytes
* Also check for possible overflow */
new_add_len = ctx->add_len + add_len;
if (new_add_len < ctx->add_len || new_add_len >> 61 != 0) {
return MBEDTLS_ERR_GCM_BAD_INPUT;
}