forked from wolfSSL/wolfssl
fix AES-CCM tag size check on decryption
This commit is contained in:
Jacob Barthelmeh
@@ -7305,10 +7305,7 @@ int wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
|
|||||||
return BAD_FUNC_ARG;
|
return BAD_FUNC_ARG;
|
||||||
|
|
||||||
/* sanity check on tag size */
|
/* sanity check on tag size */
|
||||||
if (authTagSz != 4 && authTagSz != 6 && authTagSz != 8 &&
|
if (wc_AesCcmCheckTagSize(authTagSz) != 0) {
|
||||||
authTagSz != 10 && authTagSz != 12 && authTagSz != 14 &&
|
|
||||||
authTagSz != 16) {
|
|
||||||
WOLFSSL_MSG("Bad auth tag size AES-CCM");
|
|
||||||
return BAD_FUNC_ARG;
|
return BAD_FUNC_ARG;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -4510,6 +4510,10 @@ int wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
|
|||||||
|| authTag == NULL || nonceSz < 7 || nonceSz > 13)
|
|| authTag == NULL || nonceSz < 7 || nonceSz > 13)
|
||||||
return BAD_FUNC_ARG;
|
return BAD_FUNC_ARG;
|
||||||
|
|
||||||
|
if (wc_AesCcmCheckTagSize(authTagSz) != 0) {
|
||||||
|
return BAD_FUNC_ARG;
|
||||||
|
}
|
||||||
|
|
||||||
o = out;
|
o = out;
|
||||||
oSz = inSz;
|
oSz = inSz;
|
||||||
XMEMCPY(B+1, nonce, nonceSz);
|
XMEMCPY(B+1, nonce, nonceSz);
|
||||||
|
|||||||
@@ -580,6 +580,10 @@ int wc_AesCcmDecrypt(Aes* aes, byte* out,
|
|||||||
authTagSz > AES_BLOCK_SIZE)
|
authTagSz > AES_BLOCK_SIZE)
|
||||||
return BAD_FUNC_ARG;
|
return BAD_FUNC_ARG;
|
||||||
|
|
||||||
|
if (wc_AesCcmCheckTagSize(authTagSz) != 0) {
|
||||||
|
return BAD_FUNC_ARG;
|
||||||
|
}
|
||||||
|
|
||||||
if (wc_AesGetKeySize(aes, &keySz) != 0) {
|
if (wc_AesGetKeySize(aes, &keySz) != 0) {
|
||||||
return BAD_FUNC_ARG;
|
return BAD_FUNC_ARG;
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user