protect against AES-CCM copy to smaller local buffer

2025-07-31 19:24:42 +02:00 · 2017-12-19 11:55:40 -07:00
parent 0d5a772348
commit 89e57f4159
1 changed files with 4 additions and 2 deletions
--- a/wolfcrypt/src/aes.c
+++ b/wolfcrypt/src/aes.c
@@ -7348,7 +7348,8 @@ int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,

    /* sanity check on arguments */
    if (aes == NULL || out == NULL || in == NULL || nonce == NULL
-            || authTag == NULL || nonceSz < 7 || nonceSz > 13)
+            || authTag == NULL || nonceSz < 7 || nonceSz > 13 ||
+            authTagSz > AES_BLOCK_SIZE)
        return BAD_FUNC_ARG;

    XMEMCPY(B+1, nonce, nonceSz);
@@ -7416,7 +7417,8 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,

    /* sanity check on arguments */
    if (aes == NULL || out == NULL || in == NULL || nonce == NULL
-            || authTag == NULL || nonceSz < 7 || nonceSz > 13)
+            || authTag == NULL || nonceSz < 7 || nonceSz > 13 ||
+            authTagSz > AES_BLOCK_SIZE)
        return BAD_FUNC_ARG;

    o = out;