Check input lengths in GCM

commit: 4467fb750720c08d2fef78a5cfe1de146a1352c5 [log] [tgz]
author: Manuel Pégourié-Gonnard <mpg@elzevir.fr> Wed Jun 18 11:29:30 2014 +0200
committer: Paul Bakker <p.j.bakker@polarssl.org> Tue Jul 08 18:28:56 2014 +0200
tree: 8d54260de11f2d270ad4198e554475b4e0bf53e4
parent: 5bad6afd8c72b2c3a6574dff01ca5f8f2f04800a [diff]
diff --git a/library/gcm.c b/library/gcm.c
index e9c37fe..f1a43af 100644
--- a/library/gcm.c
+++ b/library/gcm.c

@@ -197,6 +197,15 @@
     uint64_t orig_len = length * 8;
     uint64_t orig_add_len = add_len * 8;
 
+    /* IV and AD are limited to 2^64 bits, so 2^61 bytes */
+    if( ( (uint64_t) iv_len  ) >> 61 != 0 ||
+        ( (uint64_t) add_len ) >> 61 != 0 ||
+        tag_len > 16 || tag_len < 4 ||
+        length > 0x03FFFFE0llu )
+    {
+        return( POLARSSL_ERR_GCM_BAD_INPUT );
+    }
+
     memset( y, 0x00, 16 );
     memset( work_buf, 0x00, 16 );
     memset( tag, 0x00, tag_len );
commit	4467fb750720c08d2fef78a5cfe1de146a1352c5	[log] [tgz]
author	Manuel Pégourié-Gonnard <mpg@elzevir.fr>	Wed Jun 18 11:29:30 2014 +0200
committer	Paul Bakker <p.j.bakker@polarssl.org>	Tue Jul 08 18:28:56 2014 +0200
tree	8d54260de11f2d270ad4198e554475b4e0bf53e4
parent	5bad6afd8c72b2c3a6574dff01ca5f8f2f04800a [diff]