wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-08-02 12:14:38 +02:00
Code Issues Packages Projects Releases Wiki Activity

move sanity check and remove silent truncation

Browse Source
This commit is contained in:
kaleb-himes
2016-10-06 15:01:16 -06:00
parent a630fda509
commit 05fcbb001a
1 changed files with 8 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
wolfcrypt/src/aes.c
View File

@@ -3425,8 +3425,6 @@ static void GHASH(Aes* aes, const byte* a, word32 aSz,
GMULT(x, h); GMULT(x, h);
/* Copy the result into s. */ /* Copy the result into s. */
if (sSz > AES_BLOCK_SIZE)
sSz = AES_BLOCK_SIZE;
XMEMCPY(s, x, sSz); XMEMCPY(s, x, sSz);
} }
@@ -3575,8 +3573,6 @@ static void GHASH(Aes* aes, const byte* a, word32 aSz,
GMULT(x, aes->M0); GMULT(x, aes->M0);
/* Copy the result into s. */ /* Copy the result into s. */
if (sSz > AES_BLOCK_SIZE)
sSz = AES_BLOCK_SIZE;
XMEMCPY(s, x, sSz); XMEMCPY(s, x, sSz);
} }
@@ -3701,8 +3697,6 @@ static void GHASH(Aes* aes, const byte* a, word32 aSz,
#ifdef LITTLE_ENDIAN_ORDER #ifdef LITTLE_ENDIAN_ORDER
ByteReverseWords64(x, x, AES_BLOCK_SIZE); ByteReverseWords64(x, x, AES_BLOCK_SIZE);
#endif #endif
if (sSz > AES_BLOCK_SIZE)
sSz = AES_BLOCK_SIZE;
XMEMCPY(s, x, sSz); XMEMCPY(s, x, sSz);
} }
@@ -3850,8 +3844,6 @@ static void GHASH(Aes* aes, const byte* a, word32 aSz,
#ifdef LITTLE_ENDIAN_ORDER #ifdef LITTLE_ENDIAN_ORDER
ByteReverseWords(x, x, AES_BLOCK_SIZE); ByteReverseWords(x, x, AES_BLOCK_SIZE);
#endif #endif
if (sSz > AES_BLOCK_SIZE)
sSz = AES_BLOCK_SIZE;
XMEMCPY(s, x, sSz); XMEMCPY(s, x, sSz);
} }
@@ -3872,6 +3864,10 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
byte *ctr ; byte *ctr ;
byte scratch[AES_BLOCK_SIZE]; byte scratch[AES_BLOCK_SIZE];
/* Sanity check for XMEMCPY in GHASH function and local xorbuf call */
if (authTagSz > AES_BLOCK_SIZE)
return BAD_FUNC_ARG;
#ifdef WOLFSSL_AESNI #ifdef WOLFSSL_AESNI
if (haveAESNI) { if (haveAESNI) {
AES_GCM_encrypt((void*)in, out, (void*)authIn, (void*)iv, authTag, AES_GCM_encrypt((void*)in, out, (void*)authIn, (void*)iv, authTag,
@@ -3922,8 +3918,6 @@ int wc_AesGcmEncrypt(Aes* aes, byte* out, const byte* in, word32 sz,
GHASH(aes, authIn, authInSz, out, sz, authTag, authTagSz); GHASH(aes, authIn, authInSz, out, sz, authTag, authTagSz);
wc_AesEncrypt(aes, initialCounter, scratch); wc_AesEncrypt(aes, initialCounter, scratch);
if (authTagSz > AES_BLOCK_SIZE)
authTagSz = AES_BLOCK_SIZE;
xorbuf(authTag, scratch, authTagSz); xorbuf(authTag, scratch, authTagSz);
return 0; return 0;
@@ -3945,6 +3939,10 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
byte *ctr ; byte *ctr ;
byte scratch[AES_BLOCK_SIZE]; byte scratch[AES_BLOCK_SIZE];
/* Sanity check for local ConstantCompare call */
if (authTagSz > AES_BLOCK_SIZE)
return BAD_FUNC_ARG;
#ifdef WOLFSSL_AESNI #ifdef WOLFSSL_AESNI
if (haveAESNI) { if (haveAESNI) {
if (AES_GCM_decrypt(in, out, authIn, iv, authTag, if (AES_GCM_decrypt(in, out, authIn, iv, authTag,