lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-01-06 11:41:12 +03:00
Code Activity

Ignore plaintext length for CCM*-no-tag.

Browse Source 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
This commit is contained in:
Mateusz Starzyk
2021-10-13 13:37:30 +02:00
parent e23bba04ee
commit bb2ced33dd
2 changed files with 22 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
library/ccm.c
View File

@@ -150,9 +150,20 @@ static int ccm_calculate_first_block_if_ready(mbedtls_ccm_context *ctx)
if( !(ctx->state & CCM_STATE__STARTED) || !(ctx->state & CCM_STATE__LENGHTS_SET) )
return 0;
if( ctx->tag_len == 0 && \
( ctx->mode == MBEDTLS_CCM_ENCRYPT || ctx->mode == MBEDTLS_CCM_DECRYPT ) )
return( MBEDTLS_ERR_CCM_BAD_INPUT );
/* CCM expects non-empty tag.
* CCM* allows empty tag. For CCM* without tag, ignore plaintext length.
*/
if( ctx->tag_len == 0 )
{
if( ctx->mode == MBEDTLS_CCM_STAR_ENCRYPT || ctx->mode == MBEDTLS_CCM_STAR_DECRYPT )
{
ctx->plaintext_len = 0;
}
else
{
return( MBEDTLS_ERR_CCM_BAD_INPUT );
}
}
/*
* First block:
@@ -342,7 +353,10 @@ int mbedtls_ccm_update( mbedtls_ccm_context *ctx,
return MBEDTLS_ERR_CCM_BAD_INPUT;
}
if( ctx->processed + input_len > ctx->plaintext_len )
/* Check against plaintext length only if performing operation with
* authentication
*/
if( ctx->tag_len != 0 && ctx->processed + input_len > ctx->plaintext_len )
{
return MBEDTLS_ERR_CCM_BAD_INPUT;
}