yuzu-mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-mirror/mbedtls.git synced 2025-12-06 07:12:32 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add back restriction on AD length of GCM

Browse source 
Fixes: bd513bb53d
Signed-off-by: Chien Wong <m@xv97.com>
This commit is contained in:
Chien Wong 2024-01-22 20:43:54 +08:00
parent 34c6e8a770
commit bf4b5ed7a4
No known key found for this signature in database
GPG key ID: 5CA58A39FA4122AD
1 changed files with 5 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
library/gcm.c
View file

@ -354,9 +354,12 @@ int mbedtls_gcm_update_ad(mbedtls_gcm_context *ctx,
{ {
const unsigned char *p; const unsigned char *p;
size_t use_len, offset; size_t use_len, offset;
uint64_t new_add_len;
/* IV is limited to 2^64 bits, so 2^61 bytes */ /* AD is limited to 2^64 bits, ie 2^61 bytes
if ((uint64_t) add_len >> 61 != 0) { * Also check for possible overflow */
new_add_len = ctx->add_len + add_len;
if (new_add_len < ctx->add_len || new_add_len >> 61 != 0) {
return MBEDTLS_ERR_GCM_BAD_INPUT; return MBEDTLS_ERR_GCM_BAD_INPUT;
} }