瀏覽代碼

Fix GCM counter reuse

GCM should error out after processing (2^32)-1 blocks / (2^39)-256 bits
Steffen Jaeckel 9 年之前
父節點
當前提交
7d418b34b3
共有 1 個文件被更改,包括 5 次插入0 次删除
  1. 5 0
      src/encauth/gcm/gcm_process.c

+ 5 - 0
src/encauth/gcm/gcm_process.c

@@ -49,6 +49,11 @@ int gcm_process(gcm_state *gcm,
       return err;
       return err;
    }
    }
 
 
+   /* 0xFFFFFFFE0 = ((2^39)-256)/8 */
+   if (gcm->pttotlen / 8 + (ulong64)gcm->buflen + (ulong64)ptlen >= CONST64(0xFFFFFFFE0)) {
+      return CRYPT_INVALID_ARG;
+   }
+
    /* in AAD mode? */
    /* in AAD mode? */
    if (gcm->mode == LTC_GCM_MODE_AAD) {
    if (gcm->mode == LTC_GCM_MODE_AAD) {
       /* let's process the AAD */
       /* let's process the AAD */