From 98d45b90b02616621c36ea5f1eaea74a650e85aa Mon Sep 17 00:00:00 2001 From: Mateusz Starzyk Date: Wed, 23 Jun 2021 10:45:14 +0200 Subject: [PATCH 1/2] Add missing tag_len in ccm api. Function ccm_set_lengths requires tag_len argument for the B[0] calculation. Signed-off-by: Mateusz Starzyk --- include/mbedtls/ccm.h | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h index 98f56939d..4844d55c3 100644 --- a/include/mbedtls/ccm.h +++ b/include/mbedtls/ccm.h @@ -345,6 +345,9 @@ int mbedtls_ccm_starts( mbedtls_ccm_context *ctx, * \param plaintext_len The length in bytes of the plaintext to encrypt or * result of the decryption (thus not encompassing the * additional data that are not encrypted). + * \param tag_len The length of the tag to generate in Bytes: + * 4, 6, 8, 10, 12, 14 or 16. + * For CCM*, zero is also valid. * * \return \c 0 on success. * \return #MBEDTLS_ERR_CCM_BAD_INPUT on failure: @@ -353,7 +356,8 @@ int mbedtls_ccm_starts( mbedtls_ccm_context *ctx, */ int mbedtls_ccm_set_lengths( mbedtls_ccm_context *ctx, size_t total_ad_len, - size_t plaintext_len ); + size_t plaintext_len, + size_t tag_len ); /** * \brief This function feeds an input buffer as associated data From 82c48c992cf9c7810d50839761508dda4488a422 Mon Sep 17 00:00:00 2001 From: Mateusz Starzyk Date: Wed, 23 Jun 2021 12:39:40 +0200 Subject: [PATCH 2/2] Adjust tag_len documentation for the mbedtls_ccm_finish(). Signed-off-by: Mateusz Starzyk --- include/mbedtls/ccm.h | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h index 4844d55c3..9529e2f5d 100644 --- a/include/mbedtls/ccm.h +++ b/include/mbedtls/ccm.h @@ -477,9 +477,8 @@ int mbedtls_ccm_update( mbedtls_ccm_context *ctx, * \param tag The buffer for holding the tag. If \p tag_len is greater * than zero, this must be a writable buffer of at least \p * tag_len Bytes. - * \param tag_len The length of the tag to generate in Bytes: - * 4, 6, 8, 10, 12, 14 or 16. - * For CCM*, zero is also valid. + * \param tag_len The length of the tag. Must match the tag length passed to + * mbedtls_ccm_set_lengths() function. * * \return \c 0 on success. * \return #MBEDTLS_ERR_CCM_BAD_INPUT on failure: