lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-29 11:41:15 +03:00
Code Activity

Properly handle GCM's range of nonce sizes

Browse Source 
Add comment to the effect that we cannot really check nonce size as the
GCM spec allows almost arbitrarily large nonces. As a result of this,
change the operation nonce over to an allocated buffer to avoid overflow
situations.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
This commit is contained in:
Paul Elliott
2021-05-20 18:24:07 +01:00
parent ee4ffe0079
commit 1a98acac1c
4 changed files with 27 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
include/psa/crypto_builtin_primitives.h
View File

@ -135,7 +135,6 @@ typedef struct
unsigned int body_started : 1;
uint8_t tag_length;
uint8_t nonce_length;
/* Buffers for AD/data - only required until CCM gets proper multipart
support. */
@ -149,7 +148,8 @@ typedef struct
/* buffer to store Nonce - only required until CCM and GCM get proper
multipart support. */
uint8_t nonce[PSA_AEAD_NONCE_MAX_SIZE];
uint8_t *nonce;
size_t nonce_length;
union
{
@ -168,7 +168,7 @@ typedef struct
} mbedtls_psa_aead_operation_t;
#define MBEDTLS_PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, {0}, {0}}
#define MBEDTLS_PSA_AEAD_OPERATION_INIT {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, {0}}
/*
* BEYOND THIS POINT, TEST DRIVER DECLARATIONS ONLY.