fix AES-CCM tag size check on decryption

2020-04-29 15:15:54 -06:00 · 2020-04-29 15:15:54 -06:00 · 505fbed4df
commit 505fbed4df
parent b73e52f33f
3 changed files with 9 additions and 4 deletions
--- a/wolfcrypt/src/aes.c
+++ b/wolfcrypt/src/aes.c
@ -7305,10 +7305,7 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
        return BAD_FUNC_ARG;

    /* sanity check on tag size */
-    if (authTagSz != 4 && authTagSz != 6 && authTagSz != 8 &&
-            authTagSz != 10 && authTagSz != 12 && authTagSz != 14 &&
-            authTagSz != 16) {
-        WOLFSSL_MSG("Bad auth tag size AES-CCM");
+    if (wc_AesCcmCheckTagSize(authTagSz) != 0) {
        return BAD_FUNC_ARG;
    }

--- a/wolfcrypt/src/port/arm/armv8-aes.c
+++ b/wolfcrypt/src/port/arm/armv8-aes.c
@ -4510,6 +4510,10 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
            || authTag == NULL || nonceSz < 7 || nonceSz > 13)
        return BAD_FUNC_ARG;

+    if (wc_AesCcmCheckTagSize(authTagSz) != 0) {
+        return BAD_FUNC_ARG;
+    }
+
    o = out;
    oSz = inSz;
    XMEMCPY(B+1, nonce, nonceSz);
--- a/wolfcrypt/src/port/caam/caam_aes.c
+++ b/wolfcrypt/src/port/caam/caam_aes.c
@ -580,6 +580,10 @@ int  wc_AesCcmDecrypt(Aes* aes, byte* out,
        authTagSz > AES_BLOCK_SIZE)
        return BAD_FUNC_ARG;

+    if (wc_AesCcmCheckTagSize(authTagSz) != 0) {
+        return BAD_FUNC_ARG;
+    }
+
    if (wc_AesGetKeySize(aes, &keySz) != 0) {
         return BAD_FUNC_ARG;
    }