Fix wrong length limit in GCM See for example page 8 of http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf The previous constant probably came from a typo as it was 2^26 - 2^5 instead of 2^36 - 2^5. Clearly the intention was to allow for a constant bigger than 2^32 as the ull suffix and cast to uint64_t show. fixes #362

commit: c05014459ed2d1d349d60aafb43c0e3cfc2c38ed [log] [tgz]
author: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Thu Dec 10 14:46:25 2015 +0100
committer: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Thu Dec 10 16:34:32 2015 +0100
tree: d4289d446653ea7926e31c7b45c085aacd67e1cd
parent: 1f4e08c979bee3f7d790f23c863b547487fbd2f7 [diff] [blame]
diff --git a/library/gcm.c b/library/gcm.c
index b537b02..83f2fd2 100644
--- a/library/gcm.c
+++ b/library/gcm.c

@@ -357,7 +357,7 @@
     /* Total length is restricted to 2^39 - 256 bits, ie 2^36 - 2^5 bytes
      * Also check for possible overflow */
     if( ctx->len + length < ctx->len ||
-        (uint64_t) ctx->len + length > 0x03FFFFE0ull )
+        (uint64_t) ctx->len + length > 0xFFFFFFFE0ull )
     {
         return( POLARSSL_ERR_GCM_BAD_INPUT );
     }
commit	c05014459ed2d1d349d60aafb43c0e3cfc2c38ed	[log] [tgz]
author	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Thu Dec 10 14:46:25 2015 +0100
committer	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Thu Dec 10 16:34:32 2015 +0100
tree	d4289d446653ea7926e31c7b45c085aacd67e1cd
parent	1f4e08c979bee3f7d790f23c863b547487fbd2f7 [diff] [blame]