commit bf4b5ed7a4e02358cb008bb43c20f5f3c309b7c1
author Chien Wong <m@xv97.com> Mon Jan 22 20:43:54 2024 +0800
committer Chien Wong <m@xv97.com> Mon Jan 22 20:43:54 2024 +0800
tree 5f748f90fe924a898d20a1d1568dcdaf5abd4c1d
parent 34c6e8a7702f6b16a02b5c9b2c3b0ada0c557a48

Add back restriction on AD length of GCM

Fixes: bd513bb53d80276431161e5a64a2ae61740c4e68
Signed-off-by: Chien Wong <m@xv97.com>

library/gcm.c

diff --git a/library/gcm.c b/library/gcm.c
index c677ca4..b31003f 100644
--- a/library/gcm.c
+++ b/library/gcm.c
@@ -354,9 +354,12 @@
 {
     const unsigned char *p;
     size_t use_len, offset;
+    uint64_t new_add_len;
 
-    /* IV is limited to 2^64 bits, so 2^61 bytes */
-    if ((uint64_t) add_len >> 61 != 0) {
+    /* AD is limited to 2^64 bits, ie 2^61 bytes
+     * Also check for possible overflow */
+    new_add_len = ctx->add_len + add_len;
+    if (new_add_len < ctx->add_len || new_add_len >> 61 != 0) {
         return MBEDTLS_ERR_GCM_BAD_INPUT;
     }