summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorWerner Koch <wk@gnupg.org>2016-03-23 12:47:30 +0100
committerWerner Koch <wk@gnupg.org>2016-03-23 12:47:30 +0100
commit7c9c82feecf94a455c66d9c38576f36c9c4b484c (patch)
tree86063050e2feb83846ea822b91c60cac32b8c406
parent6821e1bd94969106a70e3de17b86f6e6181f4e59 (diff)
downloadlibgcrypt-7c9c82feecf94a455c66d9c38576f36c9c4b484c.tar.gz
cipher: Check length of supplied tag in _gcry_cipher_poly1305_check_tag.
* cipher/cipher-poly1305.c (_gcry_cipher_poly1305_tag): Check that the provided tag length matches the actual tag length. -- Signed-off-by: Werner Koch <wk@gnupg.org>
-rw-r--r--cipher/cipher-poly1305.c18
1 files changed, 13 insertions, 5 deletions
diff --git a/cipher/cipher-poly1305.c b/cipher/cipher-poly1305.c
index fb817742..a2a74e8f 100644
--- a/cipher/cipher-poly1305.c
+++ b/cipher/cipher-poly1305.c
@@ -243,12 +243,20 @@ _gcry_cipher_poly1305_tag (gcry_cipher_hd_t c,
c->marks.tag = 1;
}
- if (check)
- return buf_eq_const(outbuf, c->u_iv.iv, POLY1305_TAGLEN) ?
- GPG_ERR_NO_ERROR : GPG_ERR_CHECKSUM;
+ if (!check)
+ {
+ memcpy (outbuf, c->u_iv.iv, POLY1305_TAGLEN);
+ }
+ else
+ {
+ /* OUTBUFLEN gives the length of the user supplied tag in OUTBUF
+ * and thus we need to compare its length first. */
+ if (outbuflen != POLY1305_TAGLEN
+ || !buf_eq_const (outbuf, c->u_iv.iv, POLY1305_TAGLEN))
+ return GPG_ERR_CHECKSUM;
+ }
- memcpy (outbuf, c->u_iv.iv, POLY1305_TAGLEN);
- return GPG_ERR_NO_ERROR;
+ return 0;
}