yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Verify input data lengths.

Browse source 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
This commit is contained in:
Mateusz Starzyk 2021-07-28 14:14:58 +02:00
parent 2d5652acee
commit 36d3b89c84
1 changed files with 38 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

37
library/ccm.c
View file

@ -100,7 +100,8 @@ void mbedtls_ccm_free( mbedtls_ccm_context *ctx )
#define CCM_STATE__CLEAR 0 #define CCM_STATE__CLEAR 0
#define CCM_STATE__STARTED (1 << 0) #define CCM_STATE__STARTED (1 << 0)
#define CCM_STATE__LENGHTS_SET (1 << 1) #define CCM_STATE__LENGHTS_SET (1 << 1)
#define CCM_STATE__ERROR (1 << 2) #define CCM_STATE__AUTH_DATA_FINISHED (1 << 2)
#define CCM_STATE__ERROR (1 << 4)
/* /*
* Encrypt or decrypt a partial block with CTR * Encrypt or decrypt a partial block with CTR
@ -266,13 +267,27 @@ int mbedtls_ccm_update_ad( mbedtls_ccm_context *ctx,
if( ctx->add_len > 0 && add_len > 0 ) if( ctx->add_len > 0 && add_len > 0 )
{ {
if( ctx->state & CCM_STATE__AUTH_DATA_FINISHED )
{
return ret;
}
if( ctx->processed == 0 ) if( ctx->processed == 0 )
{ {
if ( add_len > ctx->add_len )
{
return MBEDTLS_ERR_CCM_BAD_INPUT;
}
ctx->y[0] ^= (unsigned char)( ( ctx->add_len >> 8 ) & 0xFF ); ctx->y[0] ^= (unsigned char)( ( ctx->add_len >> 8 ) & 0xFF );
ctx->y[1] ^= (unsigned char)( ( ctx->add_len ) & 0xFF ); ctx->y[1] ^= (unsigned char)( ( ctx->add_len ) & 0xFF );
ctx->processed += 2; ctx->processed += 2;
} }
else if ( ctx->processed - 2 + add_len > ctx->add_len )
{
return MBEDTLS_ERR_CCM_BAD_INPUT;
}
while( add_len > 0 ) while( add_len > 0 )
{ {
@ -299,10 +314,13 @@ int mbedtls_ccm_update_ad( mbedtls_ccm_context *ctx,
} }
} }
} }
}
if( ctx->processed - 2 == ctx->add_len ) if( ctx->processed - 2 == ctx->add_len )
{
ctx->state |= CCM_STATE__AUTH_DATA_FINISHED;
ctx->processed = 0; // prepare for mbedtls_ccm_update() ctx->processed = 0; // prepare for mbedtls_ccm_update()
}
}
return (0); return (0);
} }
@ -321,6 +339,11 @@ int mbedtls_ccm_update( mbedtls_ccm_context *ctx,
return ret; return ret;
} }
if( ctx->processed + input_len > ctx->plaintext_len )
{
return MBEDTLS_ERR_CCM_BAD_INPUT;
}
if( output_size < input_len ) if( output_size < input_len )
return( MBEDTLS_ERR_CCM_BAD_INPUT ); return( MBEDTLS_ERR_CCM_BAD_INPUT );
*output_len = input_len; *output_len = input_len;
@ -402,6 +425,16 @@ int mbedtls_ccm_finish( mbedtls_ccm_context *ctx,
return ret; return ret;
} }
if( ctx->add_len > 0 && !( ctx->state & CCM_STATE__AUTH_DATA_FINISHED ) )
{
return ret;
}
if( ctx->plaintext_len > 0 && ctx->processed != ctx->plaintext_len )
{
return ret;
}
/* /*
* Authentication: reset counter and crypt/mask internal tag * Authentication: reset counter and crypt/mask internal tag
*/ */